Jump to content


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.

Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

PC Hijacked & Need Help Removing/Eradicating


  • This topic is locked This topic is locked
53 replies to this topic

#16 CelestialAura

CelestialAura
  • Topic Starter

  • Members
  • 55 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Walnut, CA
  • Local time:07:05 PM

Posted 02 January 2012 - 12:57 PM

Also, FYI & wanted to be sure you had seen, when I first started having issues several weeks ago, & had started attempting scans & fixes, etc... prior to posting on here, I had to run RKill in order to get most scans to run, & then was losing OS functionality & had run CF, I had finally at that point gotten some scans to run successfully & they had quarantined a few things... I had posted those quarantine results in previous posts in this thread, & wanted to be sure you were aware.

Another FYI, when in the height of things being unaccessable, I was trying to log into wireless router to check logs, & had not been able to log in or access. I just thought of this, & logged in, & have a very interesting intrusion detection log from router. Usually, there is never much, if anything at all, in the log, but I now find today, NUMEROUS attack entries, & in one case, within the past week or two, 58000+ packets in ip spoof attempt... I can provide log if this will better help you to troubleshoot my issues...

Thank you for your help & support ;)

BC AdBot (Login to Remove)

 


#17 CelestialAura

CelestialAura
  • Topic Starter

  • Members
  • 55 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Walnut, CA
  • Local time:07:05 PM

Posted 02 January 2012 - 01:15 PM

Ok, also, I had noticed this on a scan a couple few weeks ago... I am preparing to download & run CF, & went to security center to disable the only running & installed firewall on system (have previously uninstalled all AV & Firewall, & have just been using Windows Firewall past couple weeks). So I disable Windows Firewall, & look to verify that it shows disabled on the Security Center status dialog page, & it shows Firewall "on", & states that Outpost Firewall Pro is currently on... Outpost is not listed in Program Install/Uninstall list, & I thought I had eradicated just about every file associated with it long ago, although there may still be registry remnants... I use CCleaner, & haven't had anything come up re: obsolete OF reg. entries, etc... Please advise... Thank you ~

#18 m0le

m0le

    Can U Dig It?


  • Malware Response Instructor
  • 33,660 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:London, UK
  • Local time:04:05 AM

Posted 02 January 2012 - 02:06 PM

Sounds like remnants only can be left from OutPost so it won't affect Combofix to any problematic degree.

Run Combofix as is. :)
[If I have helped you fix your PC then please donate. Thanks
jetian6yw.jpg
m0le is a proud member of UNITE

#19 CelestialAura

CelestialAura
  • Topic Starter

  • Members
  • 55 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Walnut, CA
  • Local time:07:05 PM

Posted 02 January 2012 - 03:32 PM

Ok, so this whole process took appox. 50-60 minutes. During CF scan, approx. stage 4-6, I had what appeared to be Windows error dialog pop up stating, "PEV.exe" encountered an error & needed to close. I didn't click ok yet, & at this point I noticed CF to be at stage 5-6. I waited a couple, & it didn't seem like CF may be progressing still, so I clicked on the "more info" on error link, & obtained info on the file that would be included in error report. At this point, I noticed that CF had advanced to stage 6a, so I went ahead & clicked "ok" to exit the error dialog, & CF proceeded. Here is the CF log, please let me know if you want the error log I received as well...

ComboFix 12-01-02.01 - Owner 01/02/2012 13:42:55.4.1 - x86
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.254.127 [GMT -6:00]
Running from: c:\documents and settings\Owner\Desktop\comfix.exe
FW: Outpost Firewall Pro *Enabled* {8A20CA2A-9E02-4A64-923B-0A38208EB7FD}
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\documents and settings\Owner\Application Data\EurekaLog
c:\documents and settings\Owner\WINDOWS
c:\windows\system32\SET109.tmp
c:\windows\system32\SET10A.tmp
c:\windows\system32\SET10B.tmp
.
.
((((((((((((((((((((((((( Files Created from 2011-12-02 to 2012-01-02 )))))))))))))))))))))))))))))))
.
.
2011-12-25 17:13 . 2011-12-25 17:13 -------- d-----w- c:\program files\Microsoft Silverlight
2011-12-25 03:01 . 2011-11-12 17:18 18560 ----a-w- c:\windows\system32\drivers\FlyUsb.sys
2011-12-25 03:00 . 2011-12-25 03:00 -------- d-----w- c:\program files\DIFX
2011-12-25 02:55 . 2011-12-25 02:55 -------- d-----w- c:\documents and settings\All Users\Application Data\Leapfrog
2011-12-25 02:55 . 2011-12-25 02:59 -------- d-----w- c:\program files\LeapFrog
2011-12-22 18:41 . 2011-12-22 18:43 -------- d-----w- c:\program files\QuickTime
2011-12-22 18:41 . 2011-12-22 18:41 -------- d-----w- c:\documents and settings\All Users\Application Data\Apple Computer
2011-12-22 18:38 . 2011-12-22 18:38 -------- d-----w- c:\program files\Common Files\Apple
2011-12-22 18:37 . 2011-12-22 18:37 -------- d-----w- c:\program files\Apple Software Update
2011-12-22 18:37 . 2011-12-22 18:37 -------- d-----w- c:\documents and settings\All Users\Application Data\Apple
2011-12-17 21:03 . 2011-12-17 21:03 -------- d-----w- c:\documents and settings\Owner\Local Settings\Application Data\Temp
2011-12-16 13:31 . 2011-12-16 13:31 -------- d-----w- c:\documents and settings\Owner\Local Settings\Application Data\cache
2011-12-16 13:25 . 2011-12-16 13:25 -------- d-----w- c:\program files\VTech
2011-12-16 13:25 . 2011-12-16 13:25 -------- d-----w- c:\documents and settings\All Users\Application Data\VTech
2011-12-13 19:51 . 2011-12-26 16:39 -------- d-----w- C:\3590F75ABA9E485486C100C1A9D4FF06ZZZ..Z.....ZZZZZ
2011-12-13 17:30 . 2011-12-08 11:59 252991 ----a-w- c:\windows\system32\FHSetup.exe
2011-12-13 04:31 . 2010-03-08 10:10 9216 ----a-w- c:\windows\system32\ffnd.exe
2011-12-12 03:50 . 2011-12-12 03:50 -------- d-----w- c:\documents and settings\Owner\Application Data\SUPERAntiSpyware.com
2011-12-12 03:48 . 2011-12-12 03:50 -------- d-----w- c:\program files\SUPERAntiSpyware
2011-12-12 02:23 . 2011-12-12 02:23 -------- d-----w- c:\program files\ESET
2011-12-11 15:15 . 2011-12-13 01:08 -------- d-----w- c:\documents and settings\Owner\Application Data\FreeFixer
2011-12-11 15:15 . 2011-12-11 15:15 -------- d-----w- c:\documents and settings\Owner\Local Settings\Application Data\FreeFixer
2011-12-11 15:15 . 2011-12-11 15:15 -------- d-----w- c:\program files\FreeFixer
2011-12-11 01:38 . 2011-12-11 01:38 -------- d-----w- c:\windows\system32\wbem\Repository
2011-12-11 01:36 . 2011-12-11 01:36 -------- d-----w- c:\documents and settings\Owner\Application Data\WinPatrol
2011-12-10 01:11 . 2011-12-10 01:11 -------- d-----w- C:\ComFix
2011-12-08 20:28 . 2011-12-08 20:28 -------- d-----w- c:\documents and settings\Owner\Local Settings\Application Data\Secunia PSI
2011-12-08 20:27 . 2011-12-08 20:27 -------- d-----w- c:\program files\Secunia
2011-12-08 00:31 . 2001-08-17 18:12 18503 -c--a-w- c:\windows\system32\dllcache\epro4.sys
2011-12-08 00:30 . 2001-08-17 18:10 55999 -c--a-w- c:\windows\system32\dllcache\el556nd5.sys
2011-12-08 00:30 . 2001-08-17 18:10 44103 -c--a-w- c:\windows\system32\dllcache\el515.sys
2011-12-08 00:30 . 2001-08-17 18:12 19594 -c--a-w- c:\windows\system32\dllcache\e100isa4.sys
2011-12-08 00:30 . 2001-08-17 18:12 117760 -c--a-w- c:\windows\system32\dllcache\e100b325.sys
2011-12-08 00:30 . 2001-08-17 18:12 50719 -c--a-w- c:\windows\system32\dllcache\e1000nt5.sys
2011-12-08 00:30 . 2001-08-17 18:20 334208 -c--a-w- c:\windows\system32\dllcache\ds1wdm.sys
2011-12-08 00:30 . 2001-08-17 20:07 20192 -c--a-w- c:\windows\system32\dllcache\dpti2o.sys
2011-12-08 00:28 . 2001-08-17 18:14 21606 -c--a-w- c:\windows\system32\dllcache\digiisdn.sys
2011-12-08 00:27 . 2001-08-17 19:52 14720 -c--a-w- c:\windows\system32\dllcache\dac960nt.sys
2011-12-08 00:26 . 2001-08-17 18:19 42112 -c--a-w- c:\windows\system32\dllcache\crtaud.sys
2011-12-08 00:25 . 2001-08-17 20:02 272640 -c--a-w- c:\windows\system32\dllcache\cinemclc.sys
2011-12-08 00:25 . 2001-08-17 18:13 980034 -c--a-w- c:\windows\system32\dllcache\cicap.sys
2011-12-08 00:25 . 2008-04-13 19:40 8192 -c--a-w- c:\windows\system32\dllcache\changer.sys
2011-12-08 00:25 . 2001-08-17 18:13 49182 -c--a-w- c:\windows\system32\dllcache\cem56n5.sys
2011-12-08 00:25 . 2001-08-17 18:13 22044 -c--a-w- c:\windows\system32\dllcache\cem33n5.sys
2011-12-08 00:25 . 2001-08-17 18:13 22044 -c--a-w- c:\windows\system32\dllcache\cem28n5.sys
2011-12-08 00:25 . 2001-08-17 18:13 27164 -c--a-w- c:\windows\system32\dllcache\ce3n5.sys
2011-12-08 00:25 . 2001-08-17 18:13 21530 -c--a-w- c:\windows\system32\dllcache\ce2n5.sys
2011-12-08 00:25 . 2001-08-17 19:52 7680 -c--a-w- c:\windows\system32\dllcache\cd20xrnt.sys
2011-12-08 00:25 . 2008-04-13 19:46 17024 -c--a-w- c:\windows\system32\dllcache\ccdecode.sys
2011-12-08 00:24 . 2001-08-17 19:28 714698 -c--a-w- c:\windows\system32\dllcache\cbmdmkxx.sys
2011-12-08 00:24 . 2001-08-17 18:13 46108 -c--a-w- c:\windows\system32\dllcache\cben5.sys
2011-12-08 00:24 . 2001-08-17 18:12 39680 -c--a-w- c:\windows\system32\dllcache\cb325.sys
2011-12-08 00:24 . 2001-08-17 18:12 37916 -c--a-w- c:\windows\system32\dllcache\cb102.sys
2011-12-08 00:24 . 2001-08-18 04:36 32256 -c--a-w- c:\windows\system32\dllcache\diapi2NT.dll
2011-12-08 00:24 . 2001-08-17 18:13 164923 -c--a-w- c:\windows\system32\dllcache\diapi2.sys
2011-12-08 00:24 . 2008-04-14 01:11 121856 -c--a-w- c:\windows\system32\dllcache\camext30.dll
2011-12-08 00:23 . 2001-08-18 04:36 236032 -c--a-w- c:\windows\system32\dllcache\camext20.dll
2011-12-08 00:23 . 2001-08-18 04:36 74240 -c--a-w- c:\windows\system32\dllcache\camexo20.dll
2011-12-08 00:23 . 2001-08-17 20:04 171264 -c--a-w- c:\windows\system32\dllcache\camdrv30.sys
2011-12-08 00:23 . 2001-08-17 20:04 223232 -c--a-w- c:\windows\system32\dllcache\camdrv21.sys
2011-12-08 00:23 . 2001-08-17 20:05 314752 -c--a-w- c:\windows\system32\dllcache\camdro21.sys
2011-12-08 00:21 . 2001-08-17 19:28 871388 -c--a-w- c:\windows\system32\dllcache\bcmdm.sys
2011-12-08 00:20 . 2001-08-17 18:49 9472 -c--a-w- c:\windows\system32\dllcache\ativmdcd.sys
2011-12-08 00:19 . 2001-08-17 18:12 97354 -c--a-w- c:\windows\system32\dllcache\aspndis3.sys
2011-12-08 00:10 . 2001-08-17 20:07 101888 -c--a-w- c:\windows\system32\dllcache\adpu160m.sys
2011-12-08 00:10 . 2001-08-17 18:11 46112 -c--a-w- c:\windows\system32\dllcache\adptsf50.sys
2011-12-08 00:10 . 2004-08-04 04:32 10880 -c--a-w- c:\windows\system32\dllcache\admjoy.sys
2011-12-08 00:10 . 2001-08-17 18:19 747392 -c--a-w- c:\windows\system32\dllcache\adm8830.sys
2011-12-08 00:10 . 2001-08-17 18:19 553984 -c--a-w- c:\windows\system32\dllcache\adm8820.sys
2011-12-08 00:10 . 2001-08-17 18:19 584448 -c--a-w- c:\windows\system32\dllcache\adm8810.sys
2011-12-08 00:10 . 2001-08-17 18:11 20160 -c--a-w- c:\windows\system32\dllcache\adm8511.sys
2011-12-08 00:10 . 2001-08-17 19:53 7424 -c--a-w- c:\windows\system32\dllcache\adicvls.sys
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-12-04 03:37 . 2011-11-24 01:02 129536 ----a-w- c:\windows\system32\WFXSVC.EXE
2011-11-24 01:01 . 2005-12-01 05:46 41 -c--a-w- c:\windows\WFXDEL.BAT
2011-11-23 13:25 . 2004-08-12 14:09 1859584 ----a-w- c:\windows\system32\win32k.sys
2011-11-16 20:26 . 2011-11-16 20:26 414368 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2011-11-10 11:54 . 2010-12-05 23:59 472808 -c--a-w- c:\windows\system32\deployJava1.dll
2011-11-10 09:27 . 2011-11-16 19:45 73728 ----a-w- c:\windows\system32\javacpl.cpl
2011-11-04 19:20 . 2004-08-12 14:09 916992 ----a-w- c:\windows\system32\wininet.dll
2011-11-04 19:20 . 2004-08-12 13:59 43520 ----a-w- c:\windows\system32\licmgr10.dll
2011-11-04 19:20 . 2004-08-12 13:58 1469440 ----a-w- c:\windows\system32\inetcpl.cpl
2011-11-04 11:23 . 2004-08-12 13:57 385024 ----a-w- c:\windows\system32\html.iec
2011-11-01 16:07 . 2004-08-12 14:02 1288704 ----a-w- c:\windows\system32\ole32.dll
2011-10-28 05:31 . 2004-08-12 13:56 33280 ----a-w- c:\windows\system32\csrsrv.dll
2011-10-25 13:33 . 2004-08-12 14:02 2192768 ----a-w- c:\windows\system32\ntoskrnl.exe
2011-10-25 12:52 . 2004-08-03 22:59 2069376 ----a-w- c:\windows\system32\ntkrnlpa.exe
2011-10-24 20:29 . 2011-10-24 20:29 94208 ----a-w- c:\windows\system32\QuickTimeVR.qtx
2011-10-24 20:29 . 2011-10-24 20:29 69632 ----a-w- c:\windows\system32\QuickTime.qts
2011-10-18 11:13 . 2004-08-12 13:57 186880 ----a-w- c:\windows\system32\encdec.dll
2011-10-10 14:22 . 2005-11-30 17:03 692736 ----a-w- c:\windows\system32\inetcomm.dll
2011-11-22 21:17 . 2011-11-22 21:17 134104 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll
2004-08-12 14:07 94784 -csha-w- c:\windows\twain.dll
2008-04-14 00:12 50688 -csha-w- c:\windows\twain_32.dll
2008-04-14 00:12 413696 --sh--w- c:\windows\system32\msvcp60.dll
2008-04-14 00:12 11776 -csha-w- c:\windows\system32\regsvr32.exe
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer]
"NoSMMyPictures"= 0 (0x0)
"NoStartMenuMyMusic"= 0 (0x0)
"NoRecentDocsNetHood"= 0 (0x0)
"NoSimpleStartMenu"= 0 (0x0)
.
[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{A213B520-C6C2-11d0-AF9D-008029E1027E}"= "c:\program files\Symantec\WinFax\WfxSeh32.Dll" [1998-07-27 38400]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "c:\program files\SUPERAntiSpyware\SASSEH.DLL" [2011-07-19 113024]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
2011-05-04 17:54 551296 ----a-w- c:\program files\SUPERAntiSpyware\SASWINLO.DLL
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\!SASCORE]
@=""
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe ARM]
2011-06-06 18:55 937920 ----a-w- c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AgentMonitor]
2011-11-30 09:26 393640 ----a-w- c:\program files\VTech\DownloadManager\System\AgentMonitor.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\APSDaemon]
2011-09-27 13:22 59240 ----a-w- c:\program files\Common Files\Apple\Apple Application Support\APSDaemon.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Monitor]
2011-11-12 18:04 268640 ----a-w- c:\program files\LeapFrog\LeapFrog Connect\Monitor.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
2011-10-24 20:28 421888 ----a-w- c:\program files\QuickTime\QTTask.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
2011-06-09 19:06 254696 ----a-w- c:\program files\Common Files\Java\Java Update\jusched.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"wampmysqld"=3 (0x3)
"wampapache"=3 (0x3)
"FOVSMEK"=3 (0x3)
"Cleaner_Validator"=3 (0x3)
"a2AntiMalware"=3 (0x3)
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-]
"HPDJ Taskbar Utility"=c:\windows\system32\spool\drivers\w32x86\3\hpztsb06.exe
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"c:\\WINDOWS\\system32\\sessmgr.exe"=
"c:\\Program Files\\Macromedia\\Fireworks MX\\Fireworks.exe"=
"c:\\Program Files\\Common Files\\Apple\\Apple Application Support\\WebKit2WebProcess.exe"=
"c:\\Program Files\\VTech\\DownloadManager\\System\\AgentMonitor.exe"=
"c:\\Program Files\\LeapFrog\\LeapFrog Connect\\LeapFrogConnect.exe"=
.
R1 A2DDA;A2 Direct Disk Access Support Driver;c:\program files\Emsisoft Anti-Malware\a2ddax86.sys [12/12/2011 8:24 AM 17904]
R1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\sasdifsv.sys [7/22/2011 10:27 AM 12880]
R1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL.SYS [7/12/2011 3:55 PM 67664]
S3 a2acc;a2acc;c:\program files\Emsisoft Anti-Malware\a2accx86.sys [12/12/2011 8:24 AM 51632]
S3 FlyUsb;FLY Fusion;c:\windows\system32\drivers\FlyUsb.sys [12/24/2011 9:01 PM 18560]
S3 MBAMSwissArmy;MBAMSwissArmy;\??\c:\windows\system32\drivers\mbamswissarmy.sys --> c:\windows\system32\drivers\mbamswissarmy.sys [?]
S3 MEMSWEEP2;MEMSWEEP2; [x]
S3 motccgp;Motorola USB Composite Device Driver;c:\windows\system32\drivers\motccgp.sys [5/9/2011 11:27 AM 20352]
S3 motccgpfl;MotCcgpFlService;c:\windows\system32\drivers\motccgpfl.sys [5/9/2011 11:27 AM 8320]
S3 MotDev;Motorola Inc. USB Device;c:\windows\system32\DRIVERS\motodrv.sys --> c:\windows\system32\DRIVERS\motodrv.sys [?]
S3 PSI;PSI;c:\windows\system32\drivers\psi_mf.sys [9/1/2010 2:30 AM 15544]
S3 RkPavproc1;RkPavproc1; [x]
S3 tap0801;TAP-Win32 Adapter V8;c:\windows\system32\drivers\tap0801.sys [10/1/2006 6:37 AM 26624]
S3 TfNetMon;TfNetMon; [x]
S3 USB-100;Linksys EtherFast 10/100 Compact USB Network Adapter;c:\windows\system32\drivers\USB100M.SYS [12/19/2005 4:35 AM 27519]
.
--- Other Services/Drivers In Memory ---
.
*Deregistered* - uphcleanhlp
.
Contents of the 'Scheduled Tasks' folder
.
2011-12-22 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2011-06-01 23:57]
.
.
------- Supplementary Scan -------
.
uStart Page = https://encrypted.google.com/
mWindow Title =
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office10\EXCEL.EXE/3000
Trusted Zone: microsoft.com\windows
Trusted Zone: microsoft.com\www
TCP: Interfaces\{B70A2246-82AB-4804-A98E-20EC58CEF7EB}: NameServer = 192.168.11.1,64.233.207.8
FF - ProfilePath - c:\documents and settings\Owner\Application Data\Mozilla\Firefox\Profiles\3inhmwru.default\
FF - prefs.js: browser.startup.homepage - hxxps://encrypted.google.com/
FF - prefs.js: keyword.URL - hxxps://www.google.com/search?ie=UTF-8&oe=utf-8&q=
FF - prefs.js: keyword.enabled - false
FF - prefs.js: network.proxy.type - 4
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2012-01-02 14:02
Windows 5.1.2600 Service Pack 3 NTFS
.
scanning hidden processes ...
.
scanning hidden autostart entries ...
.
scanning hidden files ...
.
scan completed successfully
hidden files: 0
.
**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_USERS\S-1-5-21-1547161642-2000478354-725345543-1003\Software\Policies\Microsoft\SystemCertificates\AddressBook*]
@Allowed: (Read) (S-1-5-21-1547161642-2000478354-725345543-1003)
@Allowed: (Read) (S-1-5-21-1547161642-2000478354-725345543-1003)
@Allowed: (Read) (RestrictedCode)
@Allowed: (Read) (RestrictedCode)
.
[HKEY_LOCAL_MACHINE\software\Microsoft\DbgagD\1*]
"value"="?\04\03\14\0e!\14?"
.
--------------------- DLLs Loaded Under Running Processes ---------------------
.
- - - - - - - > 'winlogon.exe'(640)
c:\program files\SUPERAntiSpyware\SASWINLO.DLL
c:\windows\system32\WININET.dll
.
Completion time: 2012-01-02 14:20:00
ComboFix-quarantined-files.txt 2012-01-02 20:19
.
Pre-Run: 24,742,596,608 bytes free
Post-Run: 24,815,673,344 bytes free
.
- - End Of File - - 01C7296D4BD1A1014EC20EEEDC5AE340

#20 m0le

m0le

    Can U Dig It?


  • Malware Response Instructor
  • 33,660 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:London, UK
  • Local time:04:05 AM

Posted 02 January 2012 - 08:10 PM

This is ZeroAccess and the mentioned files need to go. I have only found one file like this so far but am using OTL to delete any files which have the same pattern. Please run OTL as shown

Open OTL

Under the Custom Scans/Fixes box at the bottom, paste in the following

:Files
C:\359*ZZZ..Z.....ZZZZZ
:reg
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\exefile\shell\open\command]
""=""%1" %*"

Then click the Run Fix button at the top

Let the program run unhindered.

When done it will say "Fix Complete press ok to open the log"
Please post that log in your next reply. Note: If a file or folder cannot be moved immediately you may be asked to reboot the machine to finish the move process. If you are asked to reboot the machine choose Yes. In this case, after the reboot, open Notepad (Start->All Programs->Accessories->Notepad), click File->Open, in the File Name box enter *.log and press the Enter key, navigate to the C:\_OTL\MovedFiles folder, and open the newest .log file present, and copy/paste the contents of that document back here in your next post.


Please run Gmer again and post the log.
[If I have helped you fix your PC then please donate. Thanks
jetian6yw.jpg
m0le is a proud member of UNITE

#21 CelestialAura

CelestialAura
  • Topic Starter

  • Members
  • 55 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Walnut, CA
  • Local time:07:05 PM

Posted 02 January 2012 - 10:19 PM

Here you are:

========== FILES ==========
C:\3590F75ABA9E485486C100C1A9D4FF06ZZZ..Z.....ZZZZZ\ZZZZZZZZZZZ....Z folder moved successfully.
C:\3590F75ABA9E485486C100C1A9D4FF06ZZZ..Z.....ZZZZZ\ZZZZZZZZZZ...ZZZ folder moved successfully.
C:\3590F75ABA9E485486C100C1A9D4FF06ZZZ..Z.....ZZZZZ\ZZZZZZZZZ..ZZ..Z folder moved successfully.
C:\3590F75ABA9E485486C100C1A9D4FF06ZZZ..Z.....ZZZZZ\ZZZZZZZZZ.....ZZ folder moved successfully.
C:\3590F75ABA9E485486C100C1A9D4FF06ZZZ..Z.....ZZZZZ\ZZZZZZZZ..ZZ..ZZ folder moved successfully.
C:\3590F75ABA9E485486C100C1A9D4FF06ZZZ..Z.....ZZZZZ\ZZZZZZZ.ZZ.Z.ZZZ folder moved successfully.
C:\3590F75ABA9E485486C100C1A9D4FF06ZZZ..Z.....ZZZZZ\ZZZZZZZ.Z..ZZZ.Z folder moved successfully.
C:\3590F75ABA9E485486C100C1A9D4FF06ZZZ..Z.....ZZZZZ\ZZZZZZZ....Z...Z folder moved successfully.
C:\3590F75ABA9E485486C100C1A9D4FF06ZZZ..Z.....ZZZZZ\ZZZZZZ.ZZZZZZ.ZZ folder moved successfully.
C:\3590F75ABA9E485486C100C1A9D4FF06ZZZ..Z.....ZZZZZ\ZZZZZZ.ZZZ.....Z folder moved successfully.
C:\3590F75ABA9E485486C100C1A9D4FF06ZZZ..Z.....ZZZZZ\ZZZZZZ.Z.Z.ZZ..Z folder moved successfully.
C:\3590F75ABA9E485486C100C1A9D4FF06ZZZ..Z.....ZZZZZ\ZZZZZZ.Z..ZZZ..Z folder moved successfully.
C:\3590F75ABA9E485486C100C1A9D4FF06ZZZ..Z.....ZZZZZ\ZZZZZZ.Z...ZZZ.Z folder moved successfully.
C:\3590F75ABA9E485486C100C1A9D4FF06ZZZ..Z.....ZZZZZ\ZZZZZZ..ZZ.....Z folder moved successfully.
C:\3590F75ABA9E485486C100C1A9D4FF06ZZZ..Z.....ZZZZZ\ZZZZZZ..Z.ZZ...Z folder moved successfully.
C:\3590F75ABA9E485486C100C1A9D4FF06ZZZ..Z.....ZZZZZ\ZZZZZZ..Z..ZZZ.Z folder moved successfully.
C:\3590F75ABA9E485486C100C1A9D4FF06ZZZ..Z.....ZZZZZ\ZZZZZ.Z.Z.Z.ZZZZ folder moved successfully.
C:\3590F75ABA9E485486C100C1A9D4FF06ZZZ..Z.....ZZZZZ\ZZZZZ.Z...Z.Z..Z folder moved successfully.
C:\3590F75ABA9E485486C100C1A9D4FF06ZZZ..Z.....ZZZZZ\ZZZZZ..ZZZZZZZ.Z folder moved successfully.
C:\3590F75ABA9E485486C100C1A9D4FF06ZZZ..Z.....ZZZZZ\ZZZZZ..Z..ZZZ.ZZ folder moved successfully.
C:\3590F75ABA9E485486C100C1A9D4FF06ZZZ..Z.....ZZZZZ\ZZZZZ....ZZ..Z.Z folder moved successfully.
C:\3590F75ABA9E485486C100C1A9D4FF06ZZZ..Z.....ZZZZZ\ZZZZZ.....Z..Z.Z folder moved successfully.
C:\3590F75ABA9E485486C100C1A9D4FF06ZZZ..Z.....ZZZZZ\ZZZZ.ZZZZ..ZZZZZ folder moved successfully.
C:\3590F75ABA9E485486C100C1A9D4FF06ZZZ..Z.....ZZZZZ\ZZZZ.ZZ.ZZZ....Z folder moved successfully.
C:\3590F75ABA9E485486C100C1A9D4FF06ZZZ..Z.....ZZZZZ\ZZZZ.ZZ.ZZ..ZZ.Z folder moved successfully.
C:\3590F75ABA9E485486C100C1A9D4FF06ZZZ..Z.....ZZZZZ\ZZZZ.ZZ.Z.ZZZZ.Z folder moved successfully.
C:\3590F75ABA9E485486C100C1A9D4FF06ZZZ..Z.....ZZZZZ\ZZZZ.ZZ.Z.Z..Z.Z folder moved successfully.
C:\3590F75ABA9E485486C100C1A9D4FF06ZZZ..Z.....ZZZZZ\ZZZZ.ZZ...ZZZ.ZZ folder moved successfully.
C:\3590F75ABA9E485486C100C1A9D4FF06ZZZ..Z.....ZZZZZ\ZZZZ.ZZ...ZZ.ZZZ folder moved successfully.
C:\3590F75ABA9E485486C100C1A9D4FF06ZZZ..Z.....ZZZZZ\ZZZZ.Z.ZZZZ.ZZZZ folder moved successfully.
C:\3590F75ABA9E485486C100C1A9D4FF06ZZZ..Z.....ZZZZZ\ZZZZ.Z.ZZZ.Z..ZZ folder moved successfully.
C:\3590F75ABA9E485486C100C1A9D4FF06ZZZ..Z.....ZZZZZ\ZZZZ.Z.ZZZ..Z.ZZ folder moved successfully.
C:\3590F75ABA9E485486C100C1A9D4FF06ZZZ..Z.....ZZZZZ\ZZZZ.Z.Z..ZZZZZZ folder moved successfully.
C:\3590F75ABA9E485486C100C1A9D4FF06ZZZ..Z.....ZZZZZ\ZZZZ.Z.Z..Z..Z.Z folder moved successfully.
C:\3590F75ABA9E485486C100C1A9D4FF06ZZZ..Z.....ZZZZZ\ZZZZ.Z..ZZ.Z.ZZZ folder moved successfully.
C:\3590F75ABA9E485486C100C1A9D4FF06ZZZ..Z.....ZZZZZ\ZZZZ..ZZ..ZZ.ZZZ folder moved successfully.
C:\3590F75ABA9E485486C100C1A9D4FF06ZZZ..Z.....ZZZZZ\ZZZZ..Z.Z.Z..Z.Z folder moved successfully.
C:\3590F75ABA9E485486C100C1A9D4FF06ZZZ..Z.....ZZZZZ\ZZZZ..Z........Z folder moved successfully.
C:\3590F75ABA9E485486C100C1A9D4FF06ZZZ..Z.....ZZZZZ\ZZZZ...Z..Z..Z.Z folder moved successfully.
C:\3590F75ABA9E485486C100C1A9D4FF06ZZZ..Z.....ZZZZZ\ZZZZ...Z....ZZZZ folder moved successfully.
C:\3590F75ABA9E485486C100C1A9D4FF06ZZZ..Z.....ZZZZZ\ZZZZ.....Z.....Z folder moved successfully.
C:\3590F75ABA9E485486C100C1A9D4FF06ZZZ..Z.....ZZZZZ\ZZZ.ZZZZZ.ZZ...Z folder moved successfully.
C:\3590F75ABA9E485486C100C1A9D4FF06ZZZ..Z.....ZZZZZ\ZZZ.ZZZZZ..ZZZZZ folder moved successfully.
C:\3590F75ABA9E485486C100C1A9D4FF06ZZZ..Z.....ZZZZZ\ZZZ.ZZZ.ZZ...ZZZ folder moved successfully.
C:\3590F75ABA9E485486C100C1A9D4FF06ZZZ..Z.....ZZZZZ\ZZZ.ZZZ.Z.ZZ...Z folder moved successfully.
C:\3590F75ABA9E485486C100C1A9D4FF06ZZZ..Z.....ZZZZZ\ZZZ.ZZ.Z.ZZZ...Z folder moved successfully.
C:\3590F75ABA9E485486C100C1A9D4FF06ZZZ..Z.....ZZZZZ\ZZZ.ZZ.Z..Z...ZZ folder moved successfully.
C:\3590F75ABA9E485486C100C1A9D4FF06ZZZ..Z.....ZZZZZ\ZZZ.ZZ..ZZZ..ZZZ folder moved successfully.
C:\3590F75ABA9E485486C100C1A9D4FF06ZZZ..Z.....ZZZZZ\ZZZ.ZZ..Z.Z....Z folder moved successfully.
C:\3590F75ABA9E485486C100C1A9D4FF06ZZZ..Z.....ZZZZZ\ZZZ.ZZ...Z.Z..ZZ folder moved successfully.
C:\3590F75ABA9E485486C100C1A9D4FF06ZZZ..Z.....ZZZZZ\ZZZ.ZZ.....ZZ.ZZ folder moved successfully.
C:\3590F75ABA9E485486C100C1A9D4FF06ZZZ..Z.....ZZZZZ\ZZZ.Z.ZZZZ...Z.Z folder moved successfully.
C:\3590F75ABA9E485486C100C1A9D4FF06ZZZ..Z.....ZZZZZ\ZZZ.Z.ZZ.Z....ZZ folder moved successfully.
C:\3590F75ABA9E485486C100C1A9D4FF06ZZZ..Z.....ZZZZZ\ZZZ.Z.ZZ..ZZ..ZZ folder moved successfully.
C:\3590F75ABA9E485486C100C1A9D4FF06ZZZ..Z.....ZZZZZ\ZZZ.Z.Z.Z.ZZZ.ZZ folder moved successfully.
C:\3590F75ABA9E485486C100C1A9D4FF06ZZZ..Z.....ZZZZZ\ZZZ.Z.Z..Z....ZZ folder moved successfully.
C:\3590F75ABA9E485486C100C1A9D4FF06ZZZ..Z.....ZZZZZ\ZZZ.Z..ZZZZ.Z..Z folder moved successfully.
C:\3590F75ABA9E485486C100C1A9D4FF06ZZZ..Z.....ZZZZZ\ZZZ.Z..ZZ...ZZZZ folder moved successfully.
C:\3590F75ABA9E485486C100C1A9D4FF06ZZZ..Z.....ZZZZZ\ZZZ.Z..Z..Z...ZZ folder moved successfully.
C:\3590F75ABA9E485486C100C1A9D4FF06ZZZ..Z.....ZZZZZ\ZZZ.Z...ZZ..ZZZZ folder moved successfully.
C:\3590F75ABA9E485486C100C1A9D4FF06ZZZ..Z.....ZZZZZ\ZZZ.Z...ZZ....ZZ folder moved successfully.
C:\3590F75ABA9E485486C100C1A9D4FF06ZZZ..Z.....ZZZZZ\ZZZ.Z...Z.ZZZZ.Z folder moved successfully.
C:\3590F75ABA9E485486C100C1A9D4FF06ZZZ..Z.....ZZZZZ\ZZZ.Z...Z....ZZZ folder moved successfully.
C:\3590F75ABA9E485486C100C1A9D4FF06ZZZ..Z.....ZZZZZ\ZZZ.Z....Z..Z..Z folder moved successfully.
C:\3590F75ABA9E485486C100C1A9D4FF06ZZZ..Z.....ZZZZZ\ZZZ.Z....Z...Z.Z folder moved successfully.
C:\3590F75ABA9E485486C100C1A9D4FF06ZZZ..Z.....ZZZZZ\ZZZ.Z.......ZZ.Z folder moved successfully.
C:\3590F75ABA9E485486C100C1A9D4FF06ZZZ..Z.....ZZZZZ\ZZZ..ZZZZZ.ZZ.ZZ folder moved successfully.
C:\3590F75ABA9E485486C100C1A9D4FF06ZZZ..Z.....ZZZZZ\ZZZ..ZZZZ.Z.ZZZZ folder moved successfully.
C:\3590F75ABA9E485486C100C1A9D4FF06ZZZ..Z.....ZZZZZ\ZZZ..ZZZZ...ZZ.Z folder moved successfully.
C:\3590F75ABA9E485486C100C1A9D4FF06ZZZ..Z.....ZZZZZ\ZZZ..ZZ..ZZZZ.ZZ folder moved successfully.
C:\3590F75ABA9E485486C100C1A9D4FF06ZZZ..Z.....ZZZZZ\ZZZ..ZZ..Z.....Z folder moved successfully.
C:\3590F75ABA9E485486C100C1A9D4FF06ZZZ..Z.....ZZZZZ\ZZZ..Z.ZZZZ..Z.Z folder moved successfully.
C:\3590F75ABA9E485486C100C1A9D4FF06ZZZ..Z.....ZZZZZ\ZZZ..Z..ZZ..Z.ZZ folder moved successfully.
C:\3590F75ABA9E485486C100C1A9D4FF06ZZZ..Z.....ZZZZZ\ZZZ..Z..Z.Z...ZZ folder moved successfully.
C:\3590F75ABA9E485486C100C1A9D4FF06ZZZ..Z.....ZZZZZ\ZZZ..Z..Z......Z folder moved successfully.
C:\3590F75ABA9E485486C100C1A9D4FF06ZZZ..Z.....ZZZZZ\ZZZ...ZZZ.ZZZZZZ folder moved successfully.
C:\3590F75ABA9E485486C100C1A9D4FF06ZZZ..Z.....ZZZZZ\ZZZ...ZZ.ZZ.Z..Z folder moved successfully.
C:\3590F75ABA9E485486C100C1A9D4FF06ZZZ..Z.....ZZZZZ\ZZZ...Z.Z..Z.Z.Z folder moved successfully.
C:\3590F75ABA9E485486C100C1A9D4FF06ZZZ..Z.....ZZZZZ\ZZZ...Z.Z....Z.Z folder moved successfully.
C:\3590F75ABA9E485486C100C1A9D4FF06ZZZ..Z.....ZZZZZ\ZZZ...Z..ZZZZZZZ folder moved successfully.
C:\3590F75ABA9E485486C100C1A9D4FF06ZZZ..Z.....ZZZZZ\ZZZ...Z..ZZZ.Z.Z folder moved successfully.
C:\3590F75ABA9E485486C100C1A9D4FF06ZZZ..Z.....ZZZZZ\ZZZ...Z...Z.ZZZZ folder moved successfully.
C:\3590F75ABA9E485486C100C1A9D4FF06ZZZ..Z.....ZZZZZ\ZZZ...Z...Z.ZZ.Z folder moved successfully.
C:\3590F75ABA9E485486C100C1A9D4FF06ZZZ..Z.....ZZZZZ\ZZZ....ZZZZ.ZZZZ folder moved successfully.
C:\3590F75ABA9E485486C100C1A9D4FF06ZZZ..Z.....ZZZZZ\ZZZ....Z.Z.Z..ZZ folder moved successfully.
C:\3590F75ABA9E485486C100C1A9D4FF06ZZZ..Z.....ZZZZZ\ZZZ....Z..ZZ.ZZZ folder moved successfully.
C:\3590F75ABA9E485486C100C1A9D4FF06ZZZ..Z.....ZZZZZ\ZZZ.....ZZZ.Z.ZZ folder moved successfully.
C:\3590F75ABA9E485486C100C1A9D4FF06ZZZ..Z.....ZZZZZ\ZZZ.....Z......Z folder moved successfully.
C:\3590F75ABA9E485486C100C1A9D4FF06ZZZ..Z.....ZZZZZ\ZZZ........Z.ZZZ folder moved successfully.
C:\3590F75ABA9E485486C100C1A9D4FF06ZZZ..Z.....ZZZZZ\ZZ.ZZZZ.ZZZ.ZZ.Z folder moved successfully.
C:\3590F75ABA9E485486C100C1A9D4FF06ZZZ..Z.....ZZZZZ\ZZ.ZZZ.ZZZ...Z.Z folder moved successfully.
C:\3590F75ABA9E485486C100C1A9D4FF06ZZZ..Z.....ZZZZZ\ZZ.ZZZ.Z....Z..Z folder moved successfully.
C:\3590F75ABA9E485486C100C1A9D4FF06ZZZ..Z.....ZZZZZ\ZZ.ZZZ..Z.ZZ.ZZZ folder moved successfully.
C:\3590F75ABA9E485486C100C1A9D4FF06ZZZ..Z.....ZZZZZ\ZZ.ZZZ...Z.ZZZZZ folder moved successfully.
C:\3590F75ABA9E485486C100C1A9D4FF06ZZZ..Z.....ZZZZZ\ZZ.ZZZ....Z...ZZ folder moved successfully.
C:\3590F75ABA9E485486C100C1A9D4FF06ZZZ..Z.....ZZZZZ\ZZ.ZZ.ZZZZ.Z..ZZ folder moved successfully.
C:\3590F75ABA9E485486C100C1A9D4FF06ZZZ..Z.....ZZZZZ\ZZ.ZZ.ZZZ.ZZZZZZ folder moved successfully.
C:\3590F75ABA9E485486C100C1A9D4FF06ZZZ..Z.....ZZZZZ\ZZ.ZZ.ZZZ..Z.ZZZ folder moved successfully.
C:\3590F75ABA9E485486C100C1A9D4FF06ZZZ..Z.....ZZZZZ\ZZ.ZZ.ZZ.ZZZ...Z folder moved successfully.
C:\3590F75ABA9E485486C100C1A9D4FF06ZZZ..Z.....ZZZZZ\ZZ.ZZ.Z.Z.ZZ.ZZZ folder moved successfully.
C:\3590F75ABA9E485486C100C1A9D4FF06ZZZ..Z.....ZZZZZ\ZZ.ZZ.Z.Z...Z..Z folder moved successfully.
C:\3590F75ABA9E485486C100C1A9D4FF06ZZZ..Z.....ZZZZZ\ZZ.ZZ.Z.....ZZ.Z folder moved successfully.
C:\3590F75ABA9E485486C100C1A9D4FF06ZZZ..Z.....ZZZZZ\ZZ.ZZ..ZZ.ZZ.Z.Z folder moved successfully.
C:\3590F75ABA9E485486C100C1A9D4FF06ZZZ..Z.....ZZZZZ\ZZ.ZZ..ZZ....Z.Z folder moved successfully.
C:\3590F75ABA9E485486C100C1A9D4FF06ZZZ..Z.....ZZZZZ\ZZ.ZZ...ZZZZ..ZZ folder moved successfully.
C:\3590F75ABA9E485486C100C1A9D4FF06ZZZ..Z.....ZZZZZ\ZZ.ZZ...ZZZ...ZZ folder moved successfully.
C:\3590F75ABA9E485486C100C1A9D4FF06ZZZ..Z.....ZZZZZ\ZZ.ZZ...ZZ..Z..Z folder moved successfully.
C:\3590F75ABA9E485486C100C1A9D4FF06ZZZ..Z.....ZZZZZ\ZZ.ZZ...ZZ.....Z folder moved successfully.
C:\3590F75ABA9E485486C100C1A9D4FF06ZZZ..Z.....ZZZZZ\ZZ.ZZ....ZZZZZZZ folder moved successfully.
C:\3590F75ABA9E485486C100C1A9D4FF06ZZZ..Z.....ZZZZZ\ZZ.ZZ.....Z.ZZ.Z folder moved successfully.
C:\3590F75ABA9E485486C100C1A9D4FF06ZZZ..Z.....ZZZZZ\ZZ.Z.ZZZZZZZZ..Z folder moved successfully.
C:\3590F75ABA9E485486C100C1A9D4FF06ZZZ..Z.....ZZZZZ\ZZ.Z.ZZZZ.ZZ.Z.Z folder moved successfully.
C:\3590F75ABA9E485486C100C1A9D4FF06ZZZ..Z.....ZZZZZ\ZZ.Z.ZZZ.Z..Z..Z folder moved successfully.
C:\3590F75ABA9E485486C100C1A9D4FF06ZZZ..Z.....ZZZZZ\ZZ.Z.ZZ.ZZZZZZZZ folder moved successfully.
C:\3590F75ABA9E485486C100C1A9D4FF06ZZZ..Z.....ZZZZZ\ZZ.Z.ZZ.ZZ.Z.ZZZ folder moved successfully.
C:\3590F75ABA9E485486C100C1A9D4FF06ZZZ..Z.....ZZZZZ\ZZ.Z.ZZ.ZZ...Z.Z folder moved successfully.
C:\3590F75ABA9E485486C100C1A9D4FF06ZZZ..Z.....ZZZZZ\ZZ.Z.ZZ..ZZZ...Z folder moved successfully.
C:\3590F75ABA9E485486C100C1A9D4FF06ZZZ..Z.....ZZZZZ\ZZ.Z.ZZ..Z.Z..ZZ folder moved successfully.
C:\3590F75ABA9E485486C100C1A9D4FF06ZZZ..Z.....ZZZZZ\ZZ.Z.ZZ...Z.Z.ZZ folder moved successfully.
C:\3590F75ABA9E485486C100C1A9D4FF06ZZZ..Z.....ZZZZZ\ZZ.Z.Z.ZZZZ.ZZ.Z folder moved successfully.
C:\3590F75ABA9E485486C100C1A9D4FF06ZZZ..Z.....ZZZZZ\ZZ.Z.Z.ZZ..Z.ZZZ folder moved successfully.
C:\3590F75ABA9E485486C100C1A9D4FF06ZZZ..Z.....ZZZZZ\ZZ.Z.Z.Z.ZZZZ.ZZ folder moved successfully.
C:\3590F75ABA9E485486C100C1A9D4FF06ZZZ..Z.....ZZZZZ\ZZ.Z.Z.Z..Z..ZZZ folder moved successfully.
C:\3590F75ABA9E485486C100C1A9D4FF06ZZZ..Z.....ZZZZZ\ZZ.Z.Z.Z...Z..ZZ folder moved successfully.
C:\3590F75ABA9E485486C100C1A9D4FF06ZZZ..Z.....ZZZZZ\ZZ.Z.Z..Z.ZZZ.ZZ folder moved successfully.
C:\3590F75ABA9E485486C100C1A9D4FF06ZZZ..Z.....ZZZZZ\ZZ.Z.Z...ZZZZZ.Z folder moved successfully.
C:\3590F75ABA9E485486C100C1A9D4FF06ZZZ..Z.....ZZZZZ\ZZ.Z.Z.....ZZ.ZZ folder moved successfully.
C:\3590F75ABA9E485486C100C1A9D4FF06ZZZ..Z.....ZZZZZ\ZZ.Z..ZZZZ.Z.Z.Z folder moved successfully.
C:\3590F75ABA9E485486C100C1A9D4FF06ZZZ..Z.....ZZZZZ\ZZ.Z..ZZ.ZZZ...Z folder moved successfully.
C:\3590F75ABA9E485486C100C1A9D4FF06ZZZ..Z.....ZZZZZ\ZZ.Z..Z.ZZ.Z.ZZZ folder moved successfully.
C:\3590F75ABA9E485486C100C1A9D4FF06ZZZ..Z.....ZZZZZ\ZZ.Z...Z.Z.ZZ.ZZ folder moved successfully.
C:\3590F75ABA9E485486C100C1A9D4FF06ZZZ..Z.....ZZZZZ\ZZ.Z...Z.....ZZZ folder moved successfully.
C:\3590F75ABA9E485486C100C1A9D4FF06ZZZ..Z.....ZZZZZ\ZZ.Z........ZZZZ folder moved successfully.
C:\3590F75ABA9E485486C100C1A9D4FF06ZZZ..Z.....ZZZZZ\ZZ..ZZZZZZZ.ZZ.Z folder moved successfully.
C:\3590F75ABA9E485486C100C1A9D4FF06ZZZ..Z.....ZZZZZ\ZZ..ZZZZZZZ..Z.Z folder moved successfully.
C:\3590F75ABA9E485486C100C1A9D4FF06ZZZ..Z.....ZZZZZ\ZZ..ZZZZZ.....ZZ folder moved successfully.
C:\3590F75ABA9E485486C100C1A9D4FF06ZZZ..Z.....ZZZZZ\ZZ..ZZZZ.ZZ.ZZ.Z folder moved successfully.
C:\3590F75ABA9E485486C100C1A9D4FF06ZZZ..Z.....ZZZZZ\ZZ..ZZZZ..ZZ...Z folder moved successfully.
C:\3590F75ABA9E485486C100C1A9D4FF06ZZZ..Z.....ZZZZZ\ZZ..ZZZ.ZZ.ZZZ.Z folder moved successfully.
C:\3590F75ABA9E485486C100C1A9D4FF06ZZZ..Z.....ZZZZZ\ZZ..ZZZ....ZZ.ZZ folder moved successfully.
C:\3590F75ABA9E485486C100C1A9D4FF06ZZZ..Z.....ZZZZZ\ZZ..ZZ.ZZZ.....Z folder moved successfully.
C:\3590F75ABA9E485486C100C1A9D4FF06ZZZ..Z.....ZZZZZ\ZZ..ZZ.ZZ..ZZZZZ folder moved successfully.
C:\3590F75ABA9E485486C100C1A9D4FF06ZZZ..Z.....ZZZZZ\ZZ..ZZ.Z..Z..ZZZ folder moved successfully.
C:\3590F75ABA9E485486C100C1A9D4FF06ZZZ..Z.....ZZZZZ\ZZ..ZZ.Z...ZZZZZ folder moved successfully.
C:\3590F75ABA9E485486C100C1A9D4FF06ZZZ..Z.....ZZZZZ\ZZ..ZZ..ZZZ.Z..Z folder moved successfully.
C:\3590F75ABA9E485486C100C1A9D4FF06ZZZ..Z.....ZZZZZ\ZZ..ZZ..Z.Z.ZZZZ folder moved successfully.
C:\3590F75ABA9E485486C100C1A9D4FF06ZZZ..Z.....ZZZZZ\ZZ..ZZ...Z....ZZ folder moved successfully.
C:\3590F75ABA9E485486C100C1A9D4FF06ZZZ..Z.....ZZZZZ\ZZ..ZZ....Z.Z.ZZ folder moved successfully.
C:\3590F75ABA9E485486C100C1A9D4FF06ZZZ..Z.....ZZZZZ\ZZ..ZZ......ZZ.Z folder moved successfully.
C:\3590F75ABA9E485486C100C1A9D4FF06ZZZ..Z.....ZZZZZ\ZZ..Z.ZZ.Z..ZZ.Z folder moved successfully.
C:\3590F75ABA9E485486C100C1A9D4FF06ZZZ..Z.....ZZZZZ\ZZ..Z.Z.ZZZZZZ.Z folder moved successfully.
C:\3590F75ABA9E485486C100C1A9D4FF06ZZZ..Z.....ZZZZZ\ZZ..Z.Z.ZZZ..Z.Z folder moved successfully.
C:\3590F75ABA9E485486C100C1A9D4FF06ZZZ..Z.....ZZZZZ\ZZ..Z.Z...ZZZ.ZZ folder moved successfully.
C:\3590F75ABA9E485486C100C1A9D4FF06ZZZ..Z.....ZZZZZ\ZZ..Z.Z...Z.Z..Z folder moved successfully.
C:\3590F75ABA9E485486C100C1A9D4FF06ZZZ..Z.....ZZZZZ\ZZ..Z.Z.....Z.ZZ folder moved successfully.
C:\3590F75ABA9E485486C100C1A9D4FF06ZZZ..Z.....ZZZZZ\ZZ..Z..ZZZZ.ZZ.Z folder moved successfully.
C:\3590F75ABA9E485486C100C1A9D4FF06ZZZ..Z.....ZZZZZ\ZZ..Z..ZZZ.Z..ZZ folder moved successfully.
C:\3590F75ABA9E485486C100C1A9D4FF06ZZZ..Z.....ZZZZZ\ZZ..Z..ZZ.ZZZZZZ folder moved successfully.
C:\3590F75ABA9E485486C100C1A9D4FF06ZZZ..Z.....ZZZZZ\ZZ..Z..Z.ZZZZZZZ folder moved successfully.
C:\3590F75ABA9E485486C100C1A9D4FF06ZZZ..Z.....ZZZZZ\ZZ..Z..Z..Z..ZZZ folder moved successfully.
C:\3590F75ABA9E485486C100C1A9D4FF06ZZZ..Z.....ZZZZZ\ZZ..Z...ZZZ.Z.ZZ folder moved successfully.
C:\3590F75ABA9E485486C100C1A9D4FF06ZZZ..Z.....ZZZZZ\ZZ..Z...ZZ.ZZZZZ folder moved successfully.
C:\3590F75ABA9E485486C100C1A9D4FF06ZZZ..Z.....ZZZZZ\ZZ..Z...ZZ.ZZ..Z folder moved successfully.
C:\3590F75ABA9E485486C100C1A9D4FF06ZZZ..Z.....ZZZZZ\ZZ..Z....ZZZZ..Z folder moved successfully.
C:\3590F75ABA9E485486C100C1A9D4FF06ZZZ..Z.....ZZZZZ\ZZ..Z....Z.Z.ZZZ folder moved successfully.
C:\3590F75ABA9E485486C100C1A9D4FF06ZZZ..Z.....ZZZZZ\ZZ...ZZZZ..Z..ZZ folder moved successfully.
C:\3590F75ABA9E485486C100C1A9D4FF06ZZZ..Z.....ZZZZZ\ZZ...ZZZ.ZZZZ..Z folder moved successfully.
C:\3590F75ABA9E485486C100C1A9D4FF06ZZZ..Z.....ZZZZZ\ZZ...ZZZ......ZZ folder moved successfully.
C:\3590F75ABA9E485486C100C1A9D4FF06ZZZ..Z.....ZZZZZ\ZZ...ZZ...Z...ZZ folder moved successfully.
C:\3590F75ABA9E485486C100C1A9D4FF06ZZZ..Z.....ZZZZZ\ZZ...Z.ZZ.Z.ZZ.Z folder moved successfully.
C:\3590F75ABA9E485486C100C1A9D4FF06ZZZ..Z.....ZZZZZ\ZZ...Z.ZZ.....ZZ folder moved successfully.
C:\3590F75ABA9E485486C100C1A9D4FF06ZZZ..Z.....ZZZZZ\ZZ...Z.Z.Z.ZZZZZ folder moved successfully.
C:\3590F75ABA9E485486C100C1A9D4FF06ZZZ..Z.....ZZZZZ\ZZ...Z.Z.Z.....Z folder moved successfully.
C:\3590F75ABA9E485486C100C1A9D4FF06ZZZ..Z.....ZZZZZ\ZZ....ZZZZZ.ZZZZ folder moved successfully.
C:\3590F75ABA9E485486C100C1A9D4FF06ZZZ..Z.....ZZZZZ\ZZ....ZZZ.ZZ...Z folder moved successfully.
C:\3590F75ABA9E485486C100C1A9D4FF06ZZZ..Z.....ZZZZZ\ZZ....ZZZ..ZZZ.Z folder moved successfully.
C:\3590F75ABA9E485486C100C1A9D4FF06ZZZ..Z.....ZZZZZ\ZZ....ZZ.Z..ZZ.Z folder moved successfully.
C:\3590F75ABA9E485486C100C1A9D4FF06ZZZ..Z.....ZZZZZ\ZZ....ZZ...ZZ..Z folder moved successfully.
C:\3590F75ABA9E485486C100C1A9D4FF06ZZZ..Z.....ZZZZZ\ZZ....Z.Z..Z.ZZZ folder moved successfully.
C:\3590F75ABA9E485486C100C1A9D4FF06ZZZ..Z.....ZZZZZ\ZZ....Z...ZZ..ZZ folder moved successfully.
C:\3590F75ABA9E485486C100C1A9D4FF06ZZZ..Z.....ZZZZZ\ZZ....Z...ZZ...Z folder moved successfully.
C:\3590F75ABA9E485486C100C1A9D4FF06ZZZ..Z.....ZZZZZ\ZZ.....ZZZ.Z.ZZZ folder moved successfully.
C:\3590F75ABA9E485486C100C1A9D4FF06ZZZ..Z.....ZZZZZ\ZZ.....ZZ.Z.Z..Z folder moved successfully.
C:\3590F75ABA9E485486C100C1A9D4FF06ZZZ..Z.....ZZZZZ\ZZ......ZZZZZZZZ folder moved successfully.
C:\3590F75ABA9E485486C100C1A9D4FF06ZZZ..Z.....ZZZZZ\Z.ZZZZZ.ZZZ....Z folder moved successfully.
C:\3590F75ABA9E485486C100C1A9D4FF06ZZZ..Z.....ZZZZZ\Z.ZZZZZ.ZZ...Z.Z folder moved successfully.
C:\3590F75ABA9E485486C100C1A9D4FF06ZZZ..Z.....ZZZZZ\Z.ZZZZZ.Z..Z...Z folder moved successfully.
C:\3590F75ABA9E485486C100C1A9D4FF06ZZZ..Z.....ZZZZZ\Z.ZZZZZ..Z..ZZZZ folder moved successfully.
C:\3590F75ABA9E485486C100C1A9D4FF06ZZZ..Z.....ZZZZZ\Z.ZZZZ.ZZZ..ZZ.Z folder moved successfully.
C:\3590F75ABA9E485486C100C1A9D4FF06ZZZ..Z.....ZZZZZ\Z.ZZZZ.ZZ.Z.ZZ.Z folder moved successfully.
C:\3590F75ABA9E485486C100C1A9D4FF06ZZZ..Z.....ZZZZZ\Z.ZZZZ.ZZ..Z..ZZ folder moved successfully.
C:\3590F75ABA9E485486C100C1A9D4FF06ZZZ..Z.....ZZZZZ\Z.ZZZZ.Z.....ZZZ folder moved successfully.
C:\3590F75ABA9E485486C100C1A9D4FF06ZZZ..Z.....ZZZZZ\Z.ZZZZ..ZZZ.Z..Z folder moved successfully.
C:\3590F75ABA9E485486C100C1A9D4FF06ZZZ..Z.....ZZZZZ\Z.ZZZZ.....Z.ZZZ folder moved successfully.
C:\3590F75ABA9E485486C100C1A9D4FF06ZZZ..Z.....ZZZZZ\Z.ZZZ.ZZZZ.Z.Z.Z folder moved successfully.
C:\3590F75ABA9E485486C100C1A9D4FF06ZZZ..Z.....ZZZZZ\Z.ZZZ.ZZZZ..Z..Z folder moved successfully.
C:\3590F75ABA9E485486C100C1A9D4FF06ZZZ..Z.....ZZZZZ\Z.ZZZ.ZZZZ...ZZZ folder moved successfully.
C:\3590F75ABA9E485486C100C1A9D4FF06ZZZ..Z.....ZZZZZ\Z.ZZZ.ZZZ..Z.Z.Z folder moved successfully.
C:\3590F75ABA9E485486C100C1A9D4FF06ZZZ..Z.....ZZZZZ\Z.ZZZ.ZZZ...Z.ZZ folder moved successfully.
C:\3590F75ABA9E485486C100C1A9D4FF06ZZZ..Z.....ZZZZZ\Z.ZZZ.Z.ZZZZ.Z.Z folder moved successfully.
C:\3590F75ABA9E485486C100C1A9D4FF06ZZZ..Z.....ZZZZZ\Z.ZZZ.Z.Z.....ZZ folder moved successfully.
C:\3590F75ABA9E485486C100C1A9D4FF06ZZZ..Z.....ZZZZZ\Z.ZZZ.Z...ZZZ.ZZ folder moved successfully.
C:\3590F75ABA9E485486C100C1A9D4FF06ZZZ..Z.....ZZZZZ\Z.ZZZ.Z....ZZZZZ folder moved successfully.
C:\3590F75ABA9E485486C100C1A9D4FF06ZZZ..Z.....ZZZZZ\Z.ZZZ..Z.ZZ..ZZZ folder moved successfully.
C:\3590F75ABA9E485486C100C1A9D4FF06ZZZ..Z.....ZZZZZ\Z.ZZZ....Z.....Z folder moved successfully.
C:\3590F75ABA9E485486C100C1A9D4FF06ZZZ..Z.....ZZZZZ\Z.ZZZ.........ZZ folder moved successfully.
C:\3590F75ABA9E485486C100C1A9D4FF06ZZZ..Z.....ZZZZZ\Z.ZZ.ZZZZ.ZZ..ZZ folder moved successfully.
C:\3590F75ABA9E485486C100C1A9D4FF06ZZZ..Z.....ZZZZZ\Z.ZZ.ZZZ.Z.ZZZZZ folder moved successfully.
C:\3590F75ABA9E485486C100C1A9D4FF06ZZZ..Z.....ZZZZZ\Z.ZZ.ZZZ.Z.ZZZ.Z folder moved successfully.
C:\3590F75ABA9E485486C100C1A9D4FF06ZZZ..Z.....ZZZZZ\Z.ZZ.ZZZ.Z.Z.Z.Z folder moved successfully.
C:\3590F75ABA9E485486C100C1A9D4FF06ZZZ..Z.....ZZZZZ\Z.ZZ.ZZZ.Z..ZZZZ folder moved successfully.
C:\3590F75ABA9E485486C100C1A9D4FF06ZZZ..Z.....ZZZZZ\Z.ZZ.ZZZ.Z..Z.ZZ folder moved successfully.
C:\3590F75ABA9E485486C100C1A9D4FF06ZZZ..Z.....ZZZZZ\Z.ZZ.ZZZ...ZZZ.Z folder moved successfully.
C:\3590F75ABA9E485486C100C1A9D4FF06ZZZ..Z.....ZZZZZ\Z.ZZ.ZZ.ZZ.....Z folder moved successfully.
C:\3590F75ABA9E485486C100C1A9D4FF06ZZZ..Z.....ZZZZZ\Z.ZZ.ZZ.Z.ZZZ..Z folder moved successfully.
C:\3590F75ABA9E485486C100C1A9D4FF06ZZZ..Z.....ZZZZZ\Z.ZZ.ZZ..ZZ.Z.ZZ folder moved successfully.
C:\3590F75ABA9E485486C100C1A9D4FF06ZZZ..Z.....ZZZZZ\Z.ZZ.Z.Z.ZZZ.ZZZ folder moved successfully.
C:\3590F75ABA9E485486C100C1A9D4FF06ZZZ..Z.....ZZZZZ\Z.ZZ.Z.Z.ZZ.Z.ZZ folder moved successfully.
C:\3590F75ABA9E485486C100C1A9D4FF06ZZZ..Z.....ZZZZZ\Z.ZZ.Z.Z..ZZZZZZ folder moved successfully.
C:\3590F75ABA9E485486C100C1A9D4FF06ZZZ..Z.....ZZZZZ\Z.ZZ.Z.Z....Z..Z folder moved successfully.
C:\3590F75ABA9E485486C100C1A9D4FF06ZZZ..Z.....ZZZZZ\Z.ZZ.Z..Z.ZZZZZZ folder moved successfully.
C:\3590F75ABA9E485486C100C1A9D4FF06ZZZ..Z.....ZZZZZ\Z.ZZ.Z..Z.ZZ..ZZ folder moved successfully.
C:\3590F75ABA9E485486C100C1A9D4FF06ZZZ..Z.....ZZZZZ\Z.ZZ..ZZZZZ....Z folder moved successfully.
C:\3590F75ABA9E485486C100C1A9D4FF06ZZZ..Z.....ZZZZZ\Z.ZZ..Z.Z..Z.Z.Z folder moved successfully.
C:\3590F75ABA9E485486C100C1A9D4FF06ZZZ..Z.....ZZZZZ\Z.ZZ..Z.......ZZ folder moved successfully.
C:\3590F75ABA9E485486C100C1A9D4FF06ZZZ..Z.....ZZZZZ\Z.ZZ...ZZ.Z.ZZ.Z folder moved successfully.
C:\3590F75ABA9E485486C100C1A9D4FF06ZZZ..Z.....ZZZZZ\Z.ZZ...Z.......Z folder moved successfully.
C:\3590F75ABA9E485486C100C1A9D4FF06ZZZ..Z.....ZZZZZ\Z.ZZ....Z.ZZZZZZ folder moved successfully.
C:\3590F75ABA9E485486C100C1A9D4FF06ZZZ..Z.....ZZZZZ\Z.ZZ....Z...Z..Z folder moved successfully.
C:\3590F75ABA9E485486C100C1A9D4FF06ZZZ..Z.....ZZZZZ\Z.ZZ.......Z...Z folder moved successfully.
C:\3590F75ABA9E485486C100C1A9D4FF06ZZZ..Z.....ZZZZZ\Z.Z.ZZZZZZZ....Z folder moved successfully.
C:\3590F75ABA9E485486C100C1A9D4FF06ZZZ..Z.....ZZZZZ\Z.Z.ZZZZZ.Z.ZZ.Z folder moved successfully.
C:\3590F75ABA9E485486C100C1A9D4FF06ZZZ..Z.....ZZZZZ\Z.Z.ZZZZZ.Z.Z..Z folder moved successfully.
C:\3590F75ABA9E485486C100C1A9D4FF06ZZZ..Z.....ZZZZZ\Z.Z.ZZZZ.ZZ..Z.Z folder moved successfully.
C:\3590F75ABA9E485486C100C1A9D4FF06ZZZ..Z.....ZZZZZ\Z.Z.ZZZZ.Z..Z..Z folder moved successfully.
C:\3590F75ABA9E485486C100C1A9D4FF06ZZZ..Z.....ZZZZZ\Z.Z.ZZZZ..Z..Z.Z folder moved successfully.
C:\3590F75ABA9E485486C100C1A9D4FF06ZZZ..Z.....ZZZZZ\Z.Z.ZZZZ....ZZZZ folder moved successfully.
C:\3590F75ABA9E485486C100C1A9D4FF06ZZZ..Z.....ZZZZZ\Z.Z.ZZZ..Z....ZZ folder moved successfully.
C:\3590F75ABA9E485486C100C1A9D4FF06ZZZ..Z.....ZZZZZ\Z.Z.ZZ.ZZZ.Z.ZZZ folder moved successfully.
C:\3590F75ABA9E485486C100C1A9D4FF06ZZZ..Z.....ZZZZZ\Z.Z.ZZ.ZZ.ZZ.ZZZ folder moved successfully.
C:\3590F75ABA9E485486C100C1A9D4FF06ZZZ..Z.....ZZZZZ\Z.Z.ZZ.Z..ZZZZ.Z folder moved successfully.
C:\3590F75ABA9E485486C100C1A9D4FF06ZZZ..Z.....ZZZZZ\Z.Z.ZZ..ZZZ...ZZ folder moved successfully.
C:\3590F75ABA9E485486C100C1A9D4FF06ZZZ..Z.....ZZZZZ\Z.Z.ZZ...ZZ...ZZ folder moved successfully.
C:\3590F75ABA9E485486C100C1A9D4FF06ZZZ..Z.....ZZZZZ\Z.Z.Z.Z.ZZZZZZ.Z folder moved successfully.
C:\3590F75ABA9E485486C100C1A9D4FF06ZZZ..Z.....ZZZZZ\Z.Z.Z.Z.Z.Z...ZZ folder moved successfully.
C:\3590F75ABA9E485486C100C1A9D4FF06ZZZ..Z.....ZZZZZ\Z.Z.Z.Z.Z...ZZ.Z folder moved successfully.
C:\3590F75ABA9E485486C100C1A9D4FF06ZZZ..Z.....ZZZZZ\Z.Z.Z.Z....Z...Z folder moved successfully.
C:\3590F75ABA9E485486C100C1A9D4FF06ZZZ..Z.....ZZZZZ\Z.Z.Z..ZZ..ZZ..Z folder moved successfully.
C:\3590F75ABA9E485486C100C1A9D4FF06ZZZ..Z.....ZZZZZ\Z.Z.Z..Z.Z...Z.Z folder moved successfully.
C:\3590F75ABA9E485486C100C1A9D4FF06ZZZ..Z.....ZZZZZ\Z.Z.Z....ZZ.Z.ZZ folder moved successfully.
C:\3590F75ABA9E485486C100C1A9D4FF06ZZZ..Z.....ZZZZZ\Z.Z.Z.....ZZZ..Z folder moved successfully.
C:\3590F75ABA9E485486C100C1A9D4FF06ZZZ..Z.....ZZZZZ\Z.Z.Z.....ZZ.Z.Z folder moved successfully.
C:\3590F75ABA9E485486C100C1A9D4FF06ZZZ..Z.....ZZZZZ\Z.Z.Z..........Z folder moved successfully.
C:\3590F75ABA9E485486C100C1A9D4FF06ZZZ..Z.....ZZZZZ\Z.Z..ZZZZZ..Z..Z folder moved successfully.
C:\3590F75ABA9E485486C100C1A9D4FF06ZZZ..Z.....ZZZZZ\Z.Z..ZZZZ..Z...Z folder moved successfully.
C:\3590F75ABA9E485486C100C1A9D4FF06ZZZ..Z.....ZZZZZ\Z.Z..ZZZ.ZZ.ZZZZ folder moved successfully.
C:\3590F75ABA9E485486C100C1A9D4FF06ZZZ..Z.....ZZZZZ\Z.Z..ZZ.ZZZ...ZZ folder moved successfully.
C:\3590F75ABA9E485486C100C1A9D4FF06ZZZ..Z.....ZZZZZ\Z.Z..ZZ.Z.ZZZZZZ folder moved successfully.
C:\3590F75ABA9E485486C100C1A9D4FF06ZZZ..Z.....ZZZZZ\Z.Z..ZZ...Z.Z..Z folder moved successfully.
C:\3590F75ABA9E485486C100C1A9D4FF06ZZZ..Z.....ZZZZZ\Z.Z..ZZ.....Z..Z folder moved successfully.
C:\3590F75ABA9E485486C100C1A9D4FF06ZZZ..Z.....ZZZZZ\Z.Z..Z.Z.Z...ZZZ folder moved successfully.
C:\3590F75ABA9E485486C100C1A9D4FF06ZZZ..Z.....ZZZZZ\Z.Z..Z.Z..ZZ..ZZ folder moved successfully.
C:\3590F75ABA9E485486C100C1A9D4FF06ZZZ..Z.....ZZZZZ\Z.Z..Z..ZZZZZZ.Z folder moved successfully.
C:\3590F75ABA9E485486C100C1A9D4FF06ZZZ..Z.....ZZZZZ\Z.Z..Z..Z.ZZ.ZZZ folder moved successfully.
C:\3590F75ABA9E485486C100C1A9D4FF06ZZZ..Z.....ZZZZZ\Z.Z...ZZZ..ZZ.ZZ folder moved successfully.
C:\3590F75ABA9E485486C100C1A9D4FF06ZZZ..Z.....ZZZZZ\Z.Z...ZZZ...ZZZZ folder moved successfully.
C:\3590F75ABA9E485486C100C1A9D4FF06ZZZ..Z.....ZZZZZ\Z.Z...ZZ.....ZZZ folder moved successfully.
C:\3590F75ABA9E485486C100C1A9D4FF06ZZZ..Z.....ZZZZZ\Z.Z...Z.Z...ZZ.Z folder moved successfully.
C:\3590F75ABA9E485486C100C1A9D4FF06ZZZ..Z.....ZZZZZ\Z.Z...Z...Z...ZZ folder moved successfully.
C:\3590F75ABA9E485486C100C1A9D4FF06ZZZ..Z.....ZZZZZ\Z.Z....ZZZZ...ZZ folder moved successfully.
C:\3590F75ABA9E485486C100C1A9D4FF06ZZZ..Z.....ZZZZZ\Z.Z....ZZZ.ZZZ.Z folder moved successfully.
C:\3590F75ABA9E485486C100C1A9D4FF06ZZZ..Z.....ZZZZZ\Z.Z....ZZ.ZZZ..Z folder moved successfully.
C:\3590F75ABA9E485486C100C1A9D4FF06ZZZ..Z.....ZZZZZ\Z.Z.....ZZ..Z.ZZ folder moved successfully.
C:\3590F75ABA9E485486C100C1A9D4FF06ZZZ..Z.....ZZZZZ\Z.Z.....Z..Z.ZZZ folder moved successfully.
C:\3590F75ABA9E485486C100C1A9D4FF06ZZZ..Z.....ZZZZZ\Z.Z......ZZ.ZZZZ folder moved successfully.
C:\3590F75ABA9E485486C100C1A9D4FF06ZZZ..Z.....ZZZZZ\Z.Z.......ZZZ..Z folder moved successfully.
C:\3590F75ABA9E485486C100C1A9D4FF06ZZZ..Z.....ZZZZZ\Z.Z.......Z..Z.Z folder moved successfully.
C:\3590F75ABA9E485486C100C1A9D4FF06ZZZ..Z.....ZZZZZ\Z..ZZZZZZZ..ZZ.Z folder moved successfully.
C:\3590F75ABA9E485486C100C1A9D4FF06ZZZ..Z.....ZZZZZ\Z..ZZZZ.Z..ZZ.ZZ folder moved successfully.
C:\3590F75ABA9E485486C100C1A9D4FF06ZZZ..Z.....ZZZZZ\Z..ZZZ.Z..ZZ...Z folder moved successfully.
C:\3590F75ABA9E485486C100C1A9D4FF06ZZZ..Z.....ZZZZZ\Z..ZZZ.Z..Z.Z..Z folder moved successfully.
C:\3590F75ABA9E485486C100C1A9D4FF06ZZZ..Z.....ZZZZZ\Z..ZZZ..Z.ZZ.Z.Z folder moved successfully.
C:\3590F75ABA9E485486C100C1A9D4FF06ZZZ..Z.....ZZZZZ\Z..ZZZ..Z.Z...ZZ folder moved successfully.
C:\3590F75ABA9E485486C100C1A9D4FF06ZZZ..Z.....ZZZZZ\Z..ZZ.ZZ..Z.Z..Z folder moved successfully.
C:\3590F75ABA9E485486C100C1A9D4FF06ZZZ..Z.....ZZZZZ\Z..ZZ.ZZ..Z....Z folder moved successfully.
C:\3590F75ABA9E485486C100C1A9D4FF06ZZZ..Z.....ZZZZZ\Z..ZZ...ZZZ..ZZZ folder moved successfully.
C:\3590F75ABA9E485486C100C1A9D4FF06ZZZ..Z.....ZZZZZ\Z..ZZ...Z.ZZ..ZZ folder moved successfully.
C:\3590F75ABA9E485486C100C1A9D4FF06ZZZ..Z.....ZZZZZ\Z..ZZ....Z.ZZ.ZZ folder moved successfully.
C:\3590F75ABA9E485486C100C1A9D4FF06ZZZ..Z.....ZZZZZ\Z..ZZ.....ZZ..ZZ folder moved successfully.
C:\3590F75ABA9E485486C100C1A9D4FF06ZZZ..Z.....ZZZZZ\Z..Z.ZZZZZZZZ.ZZ folder moved successfully.
C:\3590F75ABA9E485486C100C1A9D4FF06ZZZ..Z.....ZZZZZ\Z..Z.ZZZZZZ.Z.ZZ folder moved successfully.
C:\3590F75ABA9E485486C100C1A9D4FF06ZZZ..Z.....ZZZZZ\Z..Z.ZZ.ZZZZZZ.Z folder moved successfully.
C:\3590F75ABA9E485486C100C1A9D4FF06ZZZ..Z.....ZZZZZ\Z..Z.ZZ.ZZ.ZZZZZ folder moved successfully.
C:\3590F75ABA9E485486C100C1A9D4FF06ZZZ..Z.....ZZZZZ\Z..Z.ZZ.ZZ....ZZ folder moved successfully.
C:\3590F75ABA9E485486C100C1A9D4FF06ZZZ..Z.....ZZZZZ\Z..Z.ZZ.Z.ZZ.ZZZ folder moved successfully.
C:\3590F75ABA9E485486C100C1A9D4FF06ZZZ..Z.....ZZZZZ\Z..Z.ZZ.Z...Z.ZZ folder moved successfully.
C:\3590F75ABA9E485486C100C1A9D4FF06ZZZ..Z.....ZZZZZ\Z..Z.ZZ..Z.Z...Z folder moved successfully.
C:\3590F75ABA9E485486C100C1A9D4FF06ZZZ..Z.....ZZZZZ\Z..Z.Z..Z..Z.ZZZ folder moved successfully.
C:\3590F75ABA9E485486C100C1A9D4FF06ZZZ..Z.....ZZZZZ\Z..Z..ZZZ...ZZ.Z folder moved successfully.
C:\3590F75ABA9E485486C100C1A9D4FF06ZZZ..Z.....ZZZZZ\Z..Z..ZZ..Z.Z..Z folder moved successfully.
C:\3590F75ABA9E485486C100C1A9D4FF06ZZZ..Z.....ZZZZZ\Z..Z..Z.Z..Z...Z folder moved successfully.
C:\3590F75ABA9E485486C100C1A9D4FF06ZZZ..Z.....ZZZZZ\Z..Z....ZZ..Z.ZZ folder moved successfully.
C:\3590F75ABA9E485486C100C1A9D4FF06ZZZ..Z.....ZZZZZ\Z..Z....Z.ZZZZ.Z folder moved successfully.
C:\3590F75ABA9E485486C100C1A9D4FF06ZZZ..Z.....ZZZZZ\Z...ZZZZZZZ...ZZ folder moved successfully.
C:\3590F75ABA9E485486C100C1A9D4FF06ZZZ..Z.....ZZZZZ\Z...ZZZZZ.Z.Z..Z folder moved successfully.
C:\3590F75ABA9E485486C100C1A9D4FF06ZZZ..Z.....ZZZZZ\Z...ZZZZ.ZZ.ZZ.Z folder moved successfully.
C:\3590F75ABA9E485486C100C1A9D4FF06ZZZ..Z.....ZZZZZ\Z...ZZZZ..ZZ...Z folder moved successfully.
C:\3590F75ABA9E485486C100C1A9D4FF06ZZZ..Z.....ZZZZZ\Z...ZZZ.ZZZZZZ.Z folder moved successfully.
C:\3590F75ABA9E485486C100C1A9D4FF06ZZZ..Z.....ZZZZZ\Z...ZZZ.ZZ...ZZZ folder moved successfully.
C:\3590F75ABA9E485486C100C1A9D4FF06ZZZ..Z.....ZZZZZ\Z...ZZZ.Z..ZZZZZ folder moved successfully.
C:\3590F75ABA9E485486C100C1A9D4FF06ZZZ..Z.....ZZZZZ\Z...ZZZ..ZZ.Z..Z folder moved successfully.
C:\3590F75ABA9E485486C100C1A9D4FF06ZZZ..Z.....ZZZZZ\Z...ZZ.ZZZZZ..ZZ folder moved successfully.
C:\3590F75ABA9E485486C100C1A9D4FF06ZZZ..Z.....ZZZZZ\Z...ZZ.ZZZ..ZZ.Z folder moved successfully.
C:\3590F75ABA9E485486C100C1A9D4FF06ZZZ..Z.....ZZZZZ\Z...ZZ.ZZ.Z...ZZ folder moved successfully.
C:\3590F75ABA9E485486C100C1A9D4FF06ZZZ..Z.....ZZZZZ\Z...ZZ..Z...ZZ.Z folder moved successfully.
C:\3590F75ABA9E485486C100C1A9D4FF06ZZZ..Z.....ZZZZZ\Z...Z.ZZ..ZZ..ZZ folder moved successfully.
C:\3590F75ABA9E485486C100C1A9D4FF06ZZZ..Z.....ZZZZZ\Z...Z.Z.Z...Z..Z folder moved successfully.
C:\3590F75ABA9E485486C100C1A9D4FF06ZZZ..Z.....ZZZZZ\Z...Z..ZZ..ZZ.ZZ folder moved successfully.
C:\3590F75ABA9E485486C100C1A9D4FF06ZZZ..Z.....ZZZZZ\Z...Z..ZZ...Z..Z folder moved successfully.
C:\3590F75ABA9E485486C100C1A9D4FF06ZZZ..Z.....ZZZZZ\Z...Z..Z.ZZ.Z.ZZ folder moved successfully.
C:\3590F75ABA9E485486C100C1A9D4FF06ZZZ..Z.....ZZZZZ\Z...Z..Z.ZZ...ZZ folder moved successfully.
C:\3590F75ABA9E485486C100C1A9D4FF06ZZZ..Z.....ZZZZZ\Z...Z...Z.Z..ZZZ folder moved successfully.
C:\3590F75ABA9E485486C100C1A9D4FF06ZZZ..Z.....ZZZZZ\Z...Z....Z.Z.ZZZ folder moved successfully.
C:\3590F75ABA9E485486C100C1A9D4FF06ZZZ..Z.....ZZZZZ\Z...Z....Z..Z.ZZ folder moved successfully.
C:\3590F75ABA9E485486C100C1A9D4FF06ZZZ..Z.....ZZZZZ\Z...Z.....ZZ.Z.Z folder moved successfully.
C:\3590F75ABA9E485486C100C1A9D4FF06ZZZ..Z.....ZZZZZ\Z...Z..........Z folder moved successfully.
C:\3590F75ABA9E485486C100C1A9D4FF06ZZZ..Z.....ZZZZZ\Z....ZZZ.ZZZZZZZ folder moved successfully.
C:\3590F75ABA9E485486C100C1A9D4FF06ZZZ..Z.....ZZZZZ\Z....ZZZ.Z.....Z folder moved successfully.
C:\3590F75ABA9E485486C100C1A9D4FF06ZZZ..Z.....ZZZZZ\Z....ZZ.ZZZZ.ZZZ folder moved successfully.
C:\3590F75ABA9E485486C100C1A9D4FF06ZZZ..Z.....ZZZZZ\Z....ZZ.Z.ZZ.Z.Z folder moved successfully.
C:\3590F75ABA9E485486C100C1A9D4FF06ZZZ..Z.....ZZZZZ\Z....ZZ.Z.Z.Z..Z folder moved successfully.
C:\3590F75ABA9E485486C100C1A9D4FF06ZZZ..Z.....ZZZZZ\Z....ZZ.Z.Z..Z.Z folder moved successfully.
C:\3590F75ABA9E485486C100C1A9D4FF06ZZZ..Z.....ZZZZZ\Z....ZZ....Z...Z folder moved successfully.
C:\3590F75ABA9E485486C100C1A9D4FF06ZZZ..Z.....ZZZZZ\Z....Z.ZZZZZ.Z.Z folder moved successfully.
C:\3590F75ABA9E485486C100C1A9D4FF06ZZZ..Z.....ZZZZZ\Z....Z.ZZZZZ..ZZ folder moved successfully.
C:\3590F75ABA9E485486C100C1A9D4FF06ZZZ..Z.....ZZZZZ\Z....Z.ZZ.ZZZZ.Z folder moved successfully.
C:\3590F75ABA9E485486C100C1A9D4FF06ZZZ..Z.....ZZZZZ\Z....Z.ZZ.Z...ZZ folder moved successfully.
C:\3590F75ABA9E485486C100C1A9D4FF06ZZZ..Z.....ZZZZZ\Z....Z.Z..ZZZ..Z folder moved successfully.
C:\3590F75ABA9E485486C100C1A9D4FF06ZZZ..Z.....ZZZZZ\Z....Z.Z....ZZZZ folder moved successfully.
C:\3590F75ABA9E485486C100C1A9D4FF06ZZZ..Z.....ZZZZZ\Z....Z..ZZZ.ZZ.Z folder moved successfully.
C:\3590F75ABA9E485486C100C1A9D4FF06ZZZ..Z.....ZZZZZ\Z....Z...Z....ZZ folder moved successfully.
C:\3590F75ABA9E485486C100C1A9D4FF06ZZZ..Z.....ZZZZZ\Z.....ZZ.Z.ZZZ.Z folder moved successfully.
C:\3590F75ABA9E485486C100C1A9D4FF06ZZZ..Z.....ZZZZZ\Z.....ZZ..Z.ZZZZ folder moved successfully.
C:\3590F75ABA9E485486C100C1A9D4FF06ZZZ..Z.....ZZZZZ\Z.....Z.Z..ZZZZZ folder moved successfully.
C:\3590F75ABA9E485486C100C1A9D4FF06ZZZ..Z.....ZZZZZ\Z.....Z..Z..Z.ZZ folder moved successfully.
C:\3590F75ABA9E485486C100C1A9D4FF06ZZZ..Z.....ZZZZZ\Z......ZZ.Z..ZZZ folder moved successfully.
C:\3590F75ABA9E485486C100C1A9D4FF06ZZZ..Z.....ZZZZZ\Z......ZZ.....ZZ folder moved successfully.
C:\3590F75ABA9E485486C100C1A9D4FF06ZZZ..Z.....ZZZZZ\Z......Z....ZZZZ folder moved successfully.
C:\3590F75ABA9E485486C100C1A9D4FF06ZZZ..Z.....ZZZZZ\Z......Z......ZZ folder moved successfully.
C:\3590F75ABA9E485486C100C1A9D4FF06ZZZ..Z.....ZZZZZ folder moved successfully.
========== REGISTRY ==========
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\exefile\shell\open\command\\""|""%1" %*" /E : value set successfully!

OTL by OldTimer - Version 3.2.31.0 log created on 01022012_211513


Will run GMER again now...

#22 CelestialAura

CelestialAura
  • Topic Starter

  • Members
  • 55 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Walnut, CA
  • Local time:07:05 PM

Posted 03 January 2012 - 11:34 AM

GMER 1.0.15.15641 - http://www.gmer.net
Rootkit scan 2012-01-03 08:54:48
Windows 5.1.2600 Service Pack 3 Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-3 HDS722540VLAT20 rev.V31OA69A
Running: q4mjubgf.exe; Driver: C:\DOCUME~1\Owner\LOCALS~1\Temp\pflyypog.sys


---- System - GMER 1.0.15 ----

SSDT \??\C:\WINDOWS\system32\Drivers\uphcleanhlp.sys ZwUnloadKey [0xF03876D0]

Code \??\C:\DOCUME~1\Owner\LOCALS~1\Temp\catchme.sys pIofCallDriver

---- Kernel code sections - GMER 1.0.15 ----

init C:\WINDOWS\system32\DRIVERS\mohfilt.sys entry point in "init" section [0xF962D720]
init C:\WINDOWS\system32\drivers\senfilt.sys entry point in "init" section [0xF8C97F80]
? C:\WINDOWS\system32\Drivers\uphcleanhlp.sys The system cannot find the file specified. !
? C:\WINDOWS\system32\Drivers\PROCEXP113.SYS The system cannot find the file specified. !
? C:\DOCUME~1\Owner\LOCALS~1\Temp\catchme.sys The system cannot find the file specified. !

---- Devices - GMER 1.0.15 ----

Device \FileSystem\Fs_Rec \FileSystem\UdfsCdRomRecognizer tfsnifs.sys (Drive Letter Access Component/Sonic Solutions)
Device \FileSystem\Fs_Rec \FileSystem\FatCdRomRecognizer tfsnifs.sys (Drive Letter Access Component/Sonic Solutions)
Device \FileSystem\Fs_Rec \FileSystem\CdfsRecognizer tfsnifs.sys (Drive Letter Access Component/Sonic Solutions)
Device \FileSystem\Fs_Rec \FileSystem\FatDiskRecognizer tfsnifs.sys (Drive Letter Access Component/Sonic Solutions)
Device \FileSystem\Fs_Rec \FileSystem\UdfsDiskRecognizer tfsnifs.sys (Drive Letter Access Component/Sonic Solutions)
Device \FileSystem\Cdfs \Cdfs tfsnifs.sys (Drive Letter Access Component/Sonic Solutions)

---- EOF - GMER 1.0.15 ----

#23 CelestialAura

CelestialAura
  • Topic Starter

  • Members
  • 55 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Walnut, CA
  • Local time:07:05 PM

Posted 03 January 2012 - 03:16 PM

PC is starting to freak out... physical memory being chomped up...crazy mouse behavior

#24 m0le

m0le

    Can U Dig It?


  • Malware Response Instructor
  • 33,660 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:London, UK
  • Local time:04:05 AM

Posted 03 January 2012 - 06:33 PM

Please rerun aswMBR and post the log.
[If I have helped you fix your PC then please donate. Thanks
jetian6yw.jpg
m0le is a proud member of UNITE

#25 CelestialAura

CelestialAura
  • Topic Starter

  • Members
  • 55 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Walnut, CA
  • Local time:07:05 PM

Posted 03 January 2012 - 11:41 PM

aswMBR version 0.9.9.1124 Copyright© 2011 AVAST Software
Run date: 2012-01-03 19:02:52
-----------------------------
19:02:52.109 OS Version: Windows 5.1.2600 Service Pack 3
19:02:52.109 Number of processors: 1 586 0x209
19:02:52.109 ComputerName: ATYOURSOS UserName: Owner
19:02:54.812 Initialize success
19:06:42.828 AVAST engine defs: 12010301
19:06:53.734 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-3
19:06:53.734 Disk 0 Vendor: HDS722540VLAT20 V31OA69A Size: 38146MB BusType: 3
19:06:53.765 Disk 0 MBR read successfully
19:06:53.781 Disk 0 MBR scan
19:06:56.187 Disk 0 Windows XP default MBR code
19:06:56.203 Disk 0 Partition 1 80 (A) 07 HPFS/NTFS NTFS 38138 MB offset 63
19:06:58.359 Disk 0 scanning sectors +78108030
19:06:59.265 Disk 0 scanning C:\WINDOWS\system32\drivers
19:08:08.390 Service scanning
19:08:17.062 Modules scanning
19:08:51.093 Module: C:\WINDOWS\system32\dla\tfsndres.sys **SUSPICIOUS**
19:08:54.765 Disk 0 trace - called modules:
19:08:54.781 ntoskrnl.exe CLASSPNP.SYS disk.sys atapi.sys hal.dll pciide.sys
19:08:55.343 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0x81f1e030]
19:08:55.343 3 CLASSPNP.SYS[f92a2fd7] -> nt!IofCallDriver -> \Device\Ide\IdeDeviceP0T0L0-3[0x81f5d218]
19:08:58.078 AVAST engine scan C:\
22:10:45.093 Scan finished successfully

I also did get OTL to run, what I did was unchecked Reg Registry, so it doesn't include scan from reg registry, which is where it was locking up on the Winsock2 key... & I set it to check for 60 days of files instead of the std. 30, as I started having noticeable issues around second to last week of November. I had it checked for LOP & Purity, & minimal output, & everything else were default. I'll post that here as well, in case it can shed some light... I have started to read up on this stealthy nasty..ZeroAccess. Do you believe this is something I can recover from? I've read that it's even possible for reinfection, even if you are to wipe & install fresh & clean... Just curious what we're dealing with here~ I was on a major mission to eradicate whatever it was, just before posting on here the second week of Dec., so you will see that once I had started losing OS stability & decided as last resort to do Rkill & CF, I had started to download all the possible tools I might need, while I had pc in operating condition again, so that once I was able to get help on here, just in case PC got to point where I couldn't access internet, etc.. I'd already have 'em on machine. I had started to run a bunch of those scans. I do have some things quarantined which should still be quarantined. I should have attached those in previous posts near beginning, but I'll re-post those as well so you can see what those are.

#26 CelestialAura

CelestialAura
  • Topic Starter

  • Members
  • 55 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Walnut, CA
  • Local time:07:05 PM

Posted 03 January 2012 - 11:54 PM

This was from AdsSpy on 12-15, it had in fact shown the files you had me delete via OTL, & showed something else as well. It was a full scan, ignoring safe files:

C:\3590F75ABA9E485486C100C1A9D4FF06ZZZ..Z.....ZZZZZ\Z..Z....ZZ..Z.ZZ : 1 (512 bytes)
C:\3590F75ABA9E485486C100C1A9D4FF06ZZZ..Z.....ZZZZZ\Z..Z.ZZ.Z.ZZ.ZZZ : 1 (504 bytes)
C:\3590F75ABA9E485486C100C1A9D4FF06ZZZ..Z.....ZZZZZ\Z..ZZ.....ZZ..ZZ : 1 (512 bytes)
C:\3590F75ABA9E485486C100C1A9D4FF06ZZZ..Z.....ZZZZZ\Z..ZZ.ZZ..Z....Z : 1 (512 bytes)
C:\3590F75ABA9E485486C100C1A9D4FF06ZZZ..Z.....ZZZZZ\Z.Z...Z.Z...ZZ.Z : 1 (512 bytes)
C:\3590F75ABA9E485486C100C1A9D4FF06ZZZ..Z.....ZZZZZ\Z.Z.Z..ZZ..ZZ..Z : 1 (512 bytes)
C:\3590F75ABA9E485486C100C1A9D4FF06ZZZ..Z.....ZZZZZ\Z.Z.Z.Z.Z...ZZ.Z : 1 (512 bytes)
C:\3590F75ABA9E485486C100C1A9D4FF06ZZZ..Z.....ZZZZZ\Z.Z.Z.Z.ZZZZZZ.Z : 1 (512 bytes)
C:\3590F75ABA9E485486C100C1A9D4FF06ZZZ..Z.....ZZZZZ\Z.Z.ZZ.Z..ZZZZ.Z : 1 (512 bytes)
C:\3590F75ABA9E485486C100C1A9D4FF06ZZZ..Z.....ZZZZZ\Z.Z.ZZZZ....ZZZZ : 1 (504 bytes)
C:\3590F75ABA9E485486C100C1A9D4FF06ZZZ..Z.....ZZZZZ\Z.Z.ZZZZZ.Z.ZZ.Z : 1 (512 bytes)
C:\3590F75ABA9E485486C100C1A9D4FF06ZZZ..Z.....ZZZZZ\Z.ZZ.Z..Z.ZZZZZZ : 1 (512 bytes)
C:\3590F75ABA9E485486C100C1A9D4FF06ZZZ..Z.....ZZZZZ\Z.ZZ.ZZZ.Z..Z.ZZ : 1 (512 bytes)
C:\3590F75ABA9E485486C100C1A9D4FF06ZZZ..Z.....ZZZZZ\Z.ZZZ....Z.....Z : 1 (512 bytes)
C:\3590F75ABA9E485486C100C1A9D4FF06ZZZ..Z.....ZZZZZ\Z.ZZZ..Z.ZZ..ZZZ : 1 (504 bytes)
C:\3590F75ABA9E485486C100C1A9D4FF06ZZZ..Z.....ZZZZZ\Z.ZZZ.Z....ZZZZZ : 1 (512 bytes)
C:\3590F75ABA9E485486C100C1A9D4FF06ZZZ..Z.....ZZZZZ\Z.ZZZZ.ZZ.Z.ZZ.Z : 1 (512 bytes)
C:\3590F75ABA9E485486C100C1A9D4FF06ZZZ..Z.....ZZZZZ\ZZ......ZZZZZZZZ : 1 (504 bytes)
C:\3590F75ABA9E485486C100C1A9D4FF06ZZZ..Z.....ZZZZZ\ZZ...Z.ZZ.....ZZ : 1 (512 bytes)
C:\3590F75ABA9E485486C100C1A9D4FF06ZZZ..Z.....ZZZZZ\ZZ..Z...ZZ.ZZZZZ : 1 (512 bytes)
C:\3590F75ABA9E485486C100C1A9D4FF06ZZZ..Z.....ZZZZZ\ZZ..ZZ....Z.Z.ZZ : 1 (512 bytes)
C:\3590F75ABA9E485486C100C1A9D4FF06ZZZ..Z.....ZZZZZ\ZZ..ZZ..Z.Z.ZZZZ : 1 (504 bytes)
C:\3590F75ABA9E485486C100C1A9D4FF06ZZZ..Z.....ZZZZZ\ZZ..ZZZZZZZ..Z.Z : 1 (512 bytes)
C:\3590F75ABA9E485486C100C1A9D4FF06ZZZ..Z.....ZZZZZ\ZZ.Z..Z.ZZ.Z.ZZZ : 1 (504 bytes)
C:\3590F75ABA9E485486C100C1A9D4FF06ZZZ..Z.....ZZZZZ\ZZ.Z.Z..Z.ZZZ.ZZ : 1 (512 bytes)
C:\3590F75ABA9E485486C100C1A9D4FF06ZZZ..Z.....ZZZZZ\ZZ.Z.Z.Z.ZZZZ.ZZ : 1 (512 bytes)
C:\3590F75ABA9E485486C100C1A9D4FF06ZZZ..Z.....ZZZZZ\ZZ.Z.Z.ZZZZ.ZZ.Z : 1 (512 bytes)
C:\3590F75ABA9E485486C100C1A9D4FF06ZZZ..Z.....ZZZZZ\ZZ.Z.ZZ..Z.Z..ZZ : 1 (512 bytes)
C:\3590F75ABA9E485486C100C1A9D4FF06ZZZ..Z.....ZZZZZ\ZZ.Z.ZZ.ZZ...Z.Z : 1 (512 bytes)
C:\3590F75ABA9E485486C100C1A9D4FF06ZZZ..Z.....ZZZZZ\ZZ.Z.ZZ.ZZZZZZZZ : 1 (512 bytes)
C:\3590F75ABA9E485486C100C1A9D4FF06ZZZ..Z.....ZZZZZ\ZZ.ZZ..ZZ.ZZ.Z.Z : 1 (512 bytes)
C:\3590F75ABA9E485486C100C1A9D4FF06ZZZ..Z.....ZZZZZ\ZZ.ZZ.ZZZ..Z.ZZZ : 1 (504 bytes)
C:\3590F75ABA9E485486C100C1A9D4FF06ZZZ..Z.....ZZZZZ\ZZ.ZZ.ZZZ.ZZZZZZ : 1 (504 bytes)
C:\3590F75ABA9E485486C100C1A9D4FF06ZZZ..Z.....ZZZZZ\ZZ.ZZZ..Z.ZZ.ZZZ : 1 (504 bytes)
C:\3590F75ABA9E485486C100C1A9D4FF06ZZZ..Z.....ZZZZZ\ZZ.ZZZ.Z....Z..Z : 1 (512 bytes)
C:\3590F75ABA9E485486C100C1A9D4FF06ZZZ..Z.....ZZZZZ\ZZZ.....Z......Z : 1 (512 bytes)
C:\3590F75ABA9E485486C100C1A9D4FF06ZZZ..Z.....ZZZZZ\ZZZ...Z...Z.ZZ.Z : 1 (512 bytes)
C:\3590F75ABA9E485486C100C1A9D4FF06ZZZ..Z.....ZZZZZ\ZZZ...Z...Z.ZZZZ : 1 (504 bytes)
C:\3590F75ABA9E485486C100C1A9D4FF06ZZZ..Z.....ZZZZZ\ZZZ.Z.......ZZ.Z : 1 (512 bytes)
C:\3590F75ABA9E485486C100C1A9D4FF06ZZZ..Z.....ZZZZZ\ZZZ.ZZ.Z..Z...ZZ : 1 (512 bytes)
C:\3590F75ABA9E485486C100C1A9D4FF06ZZZ..Z.....ZZZZZ\ZZZZ.Z.Z..Z..Z.Z : 1 (512 bytes)
C:\3590F75ABA9E485486C100C1A9D4FF06ZZZ..Z.....ZZZZZ\ZZZZ.ZZ.Z.Z..Z.Z : 1 (512 bytes)
C:\3590F75ABA9E485486C100C1A9D4FF06ZZZ..Z.....ZZZZZ\ZZZZ.ZZ.ZZ..ZZ.Z : 1 (512 bytes)
C:\3590F75ABA9E485486C100C1A9D4FF06ZZZ..Z.....ZZZZZ\ZZZZZZ..ZZ.....Z : 1 (512 bytes)
C:\3590F75ABA9E485486C100C1A9D4FF06ZZZ..Z.....ZZZZZ\ZZZZZZZZZZZ....Z : 1 (512 bytes)
C:\Documents and Settings\Owner\Documents\Emails\recent : ****@[email protected] (4 bytes)
C:\Documents and Settings\Owner\Documents\Emails\recent :****@pop.gmail.com.dat (4 bytes)
C:\Documents and Settings\The Administrator\Favorites\Links\Suggested Sites.url : favicon (894 bytes)
C:\WINDOWS\Cursors\arrow_n.cur : NEDTA.DAT (6144 bytes)

Please note, in the Docs & Settings folders mentioned, I altered the folder info in this log info posted so to not post the actual names of the folders I have on system. I also asterisked out my actual email address mentioned in the two mentioned email addresses listed.

#27 CelestialAura

CelestialAura
  • Topic Starter

  • Members
  • 55 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Walnut, CA
  • Local time:07:05 PM

Posted 04 January 2012 - 12:10 AM

When I first started having issues, I was running Avira Antivirus, & was having error issues, wasn't loading, starting service(s) & couldn't get it to update defs. After I got pc in running order, & before uninstalling Avira, I had finally gotten it to download defs & was able to pull a scan. This is from 12-10:

Avira Free Antivirus
Report file date: Saturday, December 10, 2011 00:25

Scanning for 3552762 virus strains and unwanted programs.

The program is running as an unrestricted full version.
Online services are available:

Licensee : Avira AntiVir Personal - Free Antivirus
Serial number : 0000149996-ADJIE-0000001
Platform : Windows XP
Windows version : (Service Pack 3) [5.1.2600]
Boot mode : Normally booted
Username : Owner
Computer name : ATYOURSOS

Version information:
BUILD.DAT : 12.0.0.849 41825 Bytes 9/23/2011 20:19:00
AVSCAN.EXE : 12.1.0.17 490448 Bytes 9/24/2011 00:04:46
AVSCAN.DLL : 12.1.0.17 54224 Bytes 9/23/2011 19:34:56
LUKE.DLL : 12.1.0.17 68304 Bytes 9/23/2011 18:55:16
AVSCPLR.DLL : 12.1.0.21 99536 Bytes 12/10/2011 05:11:20
AVREG.DLL : 12.1.0.27 227536 Bytes 12/10/2011 05:11:19
VBASE000.VDF : 7.10.0.0 19875328 Bytes 11/6/2009 02:18:34
VBASE001.VDF : 7.11.0.0 13342208 Bytes 12/14/2010 17:07:39
VBASE002.VDF : 7.11.3.0 1950720 Bytes 2/9/2011 23:08:51
VBASE003.VDF : 7.11.5.225 1980416 Bytes 4/7/2011 18:00:55
VBASE004.VDF : 7.11.8.178 2354176 Bytes 5/31/2011 18:18:22
VBASE005.VDF : 7.11.10.251 1788416 Bytes 7/7/2011 20:12:53
VBASE006.VDF : 7.11.13.60 6411776 Bytes 8/16/2011 15:26:09
VBASE007.VDF : 7.11.15.106 2389504 Bytes 10/5/2011 05:10:43
VBASE008.VDF : 7.11.18.32 2132992 Bytes 11/24/2011 05:10:49
VBASE009.VDF : 7.11.18.33 2048 Bytes 11/24/2011 05:10:49
VBASE010.VDF : 7.11.18.34 2048 Bytes 11/24/2011 05:10:49
VBASE011.VDF : 7.11.18.35 2048 Bytes 11/24/2011 05:10:50
VBASE012.VDF : 7.11.18.36 2048 Bytes 11/24/2011 05:10:50
VBASE013.VDF : 7.11.18.89 204800 Bytes 11/28/2011 05:10:51
VBASE014.VDF : 7.11.18.145 143872 Bytes 12/1/2011 05:10:52
VBASE015.VDF : 7.11.18.180 173056 Bytes 12/2/2011 05:10:53
VBASE016.VDF : 7.11.18.208 164864 Bytes 12/5/2011 05:10:54
VBASE017.VDF : 7.11.18.239 177152 Bytes 12/6/2011 05:10:55
VBASE018.VDF : 7.11.19.36 171520 Bytes 12/9/2011 05:10:56
VBASE019.VDF : 7.11.19.37 2048 Bytes 12/9/2011 05:10:56
VBASE020.VDF : 7.11.19.38 2048 Bytes 12/9/2011 05:10:57
VBASE021.VDF : 7.11.19.39 2048 Bytes 12/9/2011 05:10:57
VBASE022.VDF : 7.11.19.40 2048 Bytes 12/9/2011 05:10:57
VBASE023.VDF : 7.11.19.41 2048 Bytes 12/9/2011 05:10:58
VBASE024.VDF : 7.11.19.42 2048 Bytes 12/9/2011 05:10:58
VBASE025.VDF : 7.11.19.43 2048 Bytes 12/9/2011 05:10:58
VBASE026.VDF : 7.11.19.44 2048 Bytes 12/9/2011 05:10:59
VBASE027.VDF : 7.11.19.45 2048 Bytes 12/9/2011 05:10:59
VBASE028.VDF : 7.11.19.46 2048 Bytes 12/9/2011 05:10:59
VBASE029.VDF : 7.11.19.47 2048 Bytes 12/9/2011 05:11:00
VBASE030.VDF : 7.11.19.48 2048 Bytes 12/9/2011 05:11:00
VBASE031.VDF : 7.11.19.57 46592 Bytes 12/9/2011 05:11:00
Engineversion : 8.2.6.134
AEVDF.DLL : 8.1.2.2 106868 Bytes 12/10/2011 05:11:17
AESCRIPT.DLL : 8.1.3.90 491899 Bytes 12/10/2011 05:11:16
AESCN.DLL : 8.1.7.2 127349 Bytes 9/2/2011 05:46:02
AESBX.DLL : 8.2.4.5 434549 Bytes 12/10/2011 05:11:18
AERDL.DLL : 8.1.9.15 639348 Bytes 9/9/2011 05:16:06
AEPACK.DLL : 8.2.14.5 741751 Bytes 12/10/2011 05:11:15
AEOFFICE.DLL : 8.1.2.21 201084 Bytes 12/10/2011 05:11:13
AEHEUR.DLL : 8.1.3.6 3895670 Bytes 12/10/2011 05:11:12
AEHELP.DLL : 8.1.18.0 254327 Bytes 12/10/2011 05:11:06
AEGEN.DLL : 8.1.5.17 405877 Bytes 12/10/2011 05:11:05
AEEMU.DLL : 8.1.3.0 393589 Bytes 9/2/2011 05:46:01
AECORE.DLL : 8.1.24.0 196983 Bytes 12/10/2011 05:11:04
AEBB.DLL : 8.1.1.0 53618 Bytes 9/2/2011 05:46:01
AVWINLL.DLL : 12.1.0.17 27344 Bytes 9/23/2011 18:13:18
AVPREF.DLL : 12.1.0.17 51920 Bytes 9/23/2011 17:53:57
AVREP.DLL : 12.1.0.17 179408 Bytes 9/23/2011 17:55:01
AVARKT.DLL : 12.1.0.17 223184 Bytes 9/23/2011 17:25:26
AVEVTLOG.DLL : 12.1.0.17 169168 Bytes 9/23/2011 17:34:37
SQLITE3.DLL : 3.7.0.0 398288 Bytes 9/16/2011 08:05:58
AVSMTP.DLL : 12.1.0.17 62928 Bytes 9/23/2011 18:03:47
NETNT.DLL : 12.1.0.17 17104 Bytes 9/23/2011 18:58:06
RCIMAGE.DLL : 12.1.0.17 4450000 Bytes 9/23/2011 19:37:25
RCTEXT.DLL : 12.1.0.16 96208 Bytes 9/23/2011 19:37:24

Configuration settings for the scan:
Jobname.............................: Complete system scan
Configuration file..................: c:\program files\avira\antivir desktop\sysscan.avp
Logging.............................: default
Primary action......................: ignore
Secondary action....................: ignore
Scan master boot sector.............: on
Scan boot sector....................: on
Boot sectors........................: C:,
Process scan........................: on
Extended process scan...............: on
Scan registry.......................: on
Integrity checking of system files..: off
Scan all files......................: All files
Scan archives.......................: on
Recursion depth.....................: 20
Smart extensions....................: on
Macro heuristic.....................: on
File heuristic......................: extended
Deviating risk categories...........: +APPL,+JOKE,+PCK,+PFS,+SPR,

Start of the scan: Saturday, December 10, 2011 00:25

Starting master boot sector scan:
Master boot sector HD0
[INFO] No virus was found!

Start scanning boot sectors:
Boot sector 'C:\'
[INFO] No virus was found!

The scan of running processes will be started
Scan process 'avwsc.exe' - '38' Module(s) have been scanned
Scan process 'avscan.exe' - '70' Module(s) have been scanned
Scan process 'mmc.exe' - '75' Module(s) have been scanned
Scan process 'dllhost.exe' - '60' Module(s) have been scanned
Scan process 'dllhost.exe' - '45' Module(s) have been scanned
Scan process 'vssvc.exe' - '48' Module(s) have been scanned
Scan process 'taskmgr.exe' - '30' Module(s) have been scanned
Scan process 'avshadow.exe' - '26' Module(s) have been scanned
Scan process 'avguard.exe' - '63' Module(s) have been scanned
Scan process 'avcenter.exe' - '105' Module(s) have been scanned
Scan process 'avgnt.exe' - '64' Module(s) have been scanned
Scan process 'OAhlp.exe' - '49' Module(s) have been scanned
Scan process 'psi_tray.exe' - '38' Module(s) have been scanned
Scan process 'oaui.exe' - '49' Module(s) have been scanned
Scan process 'svchost.exe' - '36' Module(s) have been scanned
Scan process 'uphclean.exe' - '9' Module(s) have been scanned
Scan process 'svchost.exe' - '41' Module(s) have been scanned
Scan process 'Explorer.EXE' - '104' Module(s) have been scanned
Scan process 'PSIA.exe' - '62' Module(s) have been scanned
Scan process 'sched.exe' - '36' Module(s) have been scanned
Scan process 'spoolsv.exe' - '58' Module(s) have been scanned
Scan process 'oasrv.exe' - '58' Module(s) have been scanned
Scan process 'OAcat.exe' - '25' Module(s) have been scanned
Scan process 'svchost.exe' - '32' Module(s) have been scanned
Scan process 'svchost.exe' - '30' Module(s) have been scanned
Scan process 'svchost.exe' - '155' Module(s) have been scanned
Scan process 'svchost.exe' - '38' Module(s) have been scanned
Scan process 'svchost.exe' - '33' Module(s) have been scanned
Scan process 'lsass.exe' - '51' Module(s) have been scanned
Scan process 'services.exe' - '27' Module(s) have been scanned
Scan process 'winlogon.exe' - '66' Module(s) have been scanned
Scan process 'csrss.exe' - '12' Module(s) have been scanned
Scan process 'smss.exe' - '2' Module(s) have been scanned

Starting to scan executable files (registry).
The registry was scanned ( '4102' files ).


Starting the file scan:

Begin scan in 'C:\'
Catched Exception in function <SCAN_Search> - Object <C:\2784d0d9ed344d453ad03b2e6255aabd\SetupEngine.dll>
ACCESS_VIOLATION
EAX = 8B55FF8B EBX = 031CEF6C
ECX = 7FFDA000 EDX = 0046D080
ESI = 07511FA0 EDI = 00000000
EIP = 00411F92 EBP = 031CD93C
ESP = 031CD938 Flg = 00010286
CS = 00000023 SS = 0000001B
Catched Exception in function <SCAN_Search> - Object <C:\2784d0d9ed344d453ad03b2e6255aabd\SetupUi.dll>
ACCESS_VIOLATION
EAX = 8B55FF8B EBX = 031CEF6C
ECX = 7FFDA000 EDX = 0046D080
ESI = 07511DC8 EDI = 00000000
EIP = 00411F92 EBP = 031CD93C
ESP = 031CD938 Flg = 00010286
CS = 00000023 SS = 0000001B

#28 CelestialAura

CelestialAura
  • Topic Starter

  • Members
  • 55 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Walnut, CA
  • Local time:07:05 PM

Posted 04 January 2012 - 12:22 AM

Files which were quarantined via Antimalware, which once quarantined, somehow were "un-quarantined" (?) a few minutes later, according to log...(I only have a screen shot of log showing un-quarantined action, so this text log only shows the files quarantined, but it was the same files that somehow got "un-quarantined", so not sure if these still reside on system or not? This log was from 12-12-11:

Emsisoft Anti-Malware v. 6.0.0.49
© 2003-2011 Emsisoft - www.emsisoft.com

ID Object
0 Value: hkey_local_machine\software\classes\clsid\{42c9ccda-4485-47b8-a9e5-e8006de9e100}\inprocserver32 --> threadingmodel Trace.Registry.net spy pro 4.6!E1
1 Value: hkey_classes_root\clsid\{1dd35ae6-8472-4151-ac2d-96b2ad3f7f82}\inprocserver32 --> threadingmodel Trace.Registry.net spy pro 4.6!E1
2 Value: hkey_classes_root\clsid\{42c9ccda-4485-47b8-a9e5-e8006de9e100}\inprocserver32 --> threadingmodel Trace.Registry.net spy pro 4.6!E1
3 Value: hkey_local_machine\software\classes\clsid\{1dd35ae6-8472-4151-ac2d-96b2ad3f7f82}\inprocserver32 --> threadingmodel Trace.Registry.net spy pro 4.6!E1
4 Value: hkey_classes_root\clsid\{29e269fc-2f9b-4bcd-8975-fff13240c4d5}\inprocserver32 --> threadingmodel Trace.Registry.net spy pro 4.6!E1
5 Value: hkey_local_machine\software\classes\clsid\{65e67583-931c-4039-b3df-385256eea001}\inprocserver32 --> threadingmodel Trace.Registry.net spy pro 4.6!E1
6 Value: hkey_classes_root\clsid\{65e67583-931c-4039-b3df-385256eea001}\inprocserver32 --> threadingmodel Trace.Registry.net spy pro 4.6!E1
7 Value: hkey_local_machine\software\classes\clsid\{281ad869-b22b-4249-b1a1-aa6be0012ae5}\inprocserver32 --> threadingmodel Trace.Registry.net spy pro 4.6!E1
8 Value: hkey_classes_root\clsid\{281ad869-b22b-4249-b1a1-aa6be0012ae5}\inprocserver32 --> threadingmodel Trace.Registry.net spy pro 4.6!E1
9 Value: hkey_local_machine\software\classes\clsid\{29e269fc-2f9b-4bcd-8975-fff13240c4d5}\inprocserver32 --> threadingmodel Trace.Registry.net spy pro 4.6!E1

#29 CelestialAura

CelestialAura
  • Topic Starter

  • Members
  • 55 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Walnut, CA
  • Local time:07:05 PM

Posted 04 January 2012 - 01:09 AM

This was a MWBAM log, which had indicated issues, but I don't believe I took any action, as I was mostly just running scans, & if possible, quarantining, rather than fixing, until I got an educated eval, since it dealt w/reg.

Malwarebytes' Anti-Malware 1.51.2.1300
www.malwarebytes.org

Database version: 8375

Windows 5.1.2600 Service Pack 3
Internet Explorer 8.0.6001.18702

12/15/2011 10:09:11 AM
mbam-log-2011-12-15 (10-08-40).txt

Scan type: Full scan (C:\|)
Objects scanned: 226418
Time elapsed: 2 hour(s), 12 minute(s), 24 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 3
Registry Data Items Infected: 3
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Associations\bak_XMLLookup (Hijacker.XMLLookup) -> Value: bak_XMLLookup -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Associations\bak_Application (Hijacker.Application) -> Value: bak_Application -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Associations\bak_intl (Hijacker.intl) -> Value: bak_intl -> No action taken.

Registry Data Items Infected:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Associations\XMLLookup (Hijacker.XMLLookup) -> Bad: (http://www.helpmeopen.com/?n=app&l=%04x&ext=%s) Good: (http://shell.windows.com/fileassoc/fileassoc.asp?LangID=%04x&Ext=%s) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Associations\Application (Hijacker.Application) -> Bad: (http://www.helpmeopen.com/?n=app&l=%04x&ext=%s) Good: (http://shell.windows.com/fileassoc/%04x/xml/redir.asp?Ext=%s) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Associations\intl (Hijacker.intl) -> Bad: (http://www.helpmeopen.com/?n=app&l=%04x&ext=%s) Good: (http://shell.windows.com/fileassoc/fileassoc.asp?LangID=%04x&Ext=%s) -> No action taken.

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)

#30 CelestialAura

CelestialAura
  • Topic Starter

  • Members
  • 55 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Walnut, CA
  • Local time:07:05 PM

Posted 04 January 2012 - 01:14 AM

Here is the OTL I just was able to run today, as mentioned, that I opted not to scan Reg. Registry, where it kept hanging on the Winsock2 key...

OTL logfile created on: 1/3/2012 6:35:26 PM - Run 1
OTL by OldTimer - Version 3.2.31.0 Folder = C:\Documents and Settings\Owner\Desktop
Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

254.00 Mb Total Physical Memory | 139.32 Mb Available Physical Memory | 54.85% Memory free
628.96 Mb Paging File | 468.51 Mb Available in Paging File | 74.49% Paging File free
Paging file location(s): C:\pagefile.sys 388 888 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 37.24 Gb Total Space | 23.22 Gb Free Space | 62.34% Space Free | Partition Type: NTFS

Computer Name: ATYOURSOS | User Name: Owner | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 60 Days

========== Processes (SafeList) ==========

PRC - C:\Documents and Settings\Owner\Desktop\OTL.exe (OldTimer Tools)
PRC - C:\WINDOWS\explorer.exe (Microsoft Corporation)
PRC - C:\Program Files\UPHClean\uphclean.exe (Microsoft Corporation)


========== Modules (No Company Name) ==========

MOD - C:\Program Files\Auslogics\Auslogics Disk Defrag\ausshellext.dll ()
MOD - C:\WINDOWS\system32\CNQL3203.DLL ()
MOD - C:\WINDOWS\system32\spool\prtprocs\w32x86\WFXPNT40.DLL ()


========== Win32 Services (SafeList) ==========

SRV - (HidServ) -- File not found
SRV - (AppMgmt) -- File not found
SRV - (a2AntiMalware) -- C:\Program Files\Emsisoft Anti-Malware\a2service.exe (Emsi Software GmbH)
SRV - (wfxsvc) -- C:\WINDOWS\system32\WFXSVC.EXE (Symantec Corporation)
SRV - (LeapFrog Connect Device Service) -- C:\Program Files\LeapFrog\LeapFrog Connect\CommandService.exe (LeapFrog Enterprises, Inc.)
SRV - (Secunia PSI Agent) -- C:\Program Files\Secunia\PSI\PSIA.exe (Secunia)
SRV - (!SASCORE) -- C:\Program Files\SUPERAntiSpyware\SASCORE.EXE (SUPERAntiSpyware.com)
SRV - (MotoHelper) -- C:\Program Files\Motorola\MotoHelper\MotoHelperService.exe ()
SRV - (C-DillaCdaC11BA) -- C:\WINDOWS\system32\drivers\CDAC11BA.EXE (C-Dilla Ltd)
SRV - (UPHClean) -- C:\Program Files\UPHClean\uphclean.exe (Microsoft Corporation)


========== Driver Services (SafeList) ==========

DRV - (FlyUsb) -- C:\WINDOWS\system32\drivers\FlyUsb.sys (LeapFrog)
DRV - (a2acc) -- C:\Program Files\Emsisoft Anti-Malware\a2accx86.sys (Emsi Software GmbH)
DRV - (SASDIFSV) -- C:\Program Files\SUPERAntiSpyware\sasdifsv.sys (SUPERAdBlocker.com and SUPERAntiSpyware.com)
DRV - (SASKUTIL) -- C:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS (SUPERAdBlocker.com and SUPERAntiSpyware.com)
DRV - (A2DDA) -- C:\Program Files\Emsisoft Anti-Malware\a2ddax86.sys (Emsi Software GmbH)
DRV - (motccgp) -- C:\WINDOWS\system32\drivers\motccgp.sys (Motorola)
DRV - (motmodem) -- C:\WINDOWS\system32\drivers\motmodem.sys (Motorola)
DRV - (PSI) -- C:\WINDOWS\system32\drivers\psi_mf.sys (Secunia)
DRV - (motccgpfl) -- C:\WINDOWS\system32\drivers\motccgpfl.sys (Motorola)
DRV - (MotoSwitchService) -- C:\WINDOWS\system32\drivers\motswch.sys (Motorola)
DRV - (tap0801) -- C:\WINDOWS\system32\drivers\tap0801.sys (The OpenVPN Project)
DRV - (IntelC52) -- C:\WINDOWS\system32\drivers\IntelC52.sys (Intel Corporation)
DRV - (CdaC15BA) -- C:\WINDOWS\system32\drivers\CDAC15BA.SYS ()
DRV - (BUFADPT) -- C:\WINDOWS\system32\BUFADPT.SYS (BUFFALO INC.)
DRV - (IntelC51) -- C:\WINDOWS\system32\drivers\IntelC51.sys (Intel Corporation)
DRV - (IntelC53) -- C:\WINDOWS\system32\drivers\IntelC53.sys (Intel Corporation)
DRV - (mohfilt) -- C:\WINDOWS\system32\drivers\mohfilt.sys (Intel Corporation)
DRV - (PCANDIS5) -- C:\WINDOWS\system32\PCANDIS5.SYS (Printing Communications Assoc., Inc. (PCAUSA))
DRV - (senfilt) -- C:\WINDOWS\system32\drivers\senfilt.sys (Creative Technology Ltd.)
DRV - (bvrp_pci) -- C:\WINDOWS\system32\drivers\bvrp_pci.sys ()
DRV - (bcm4sbxp) -- C:\WINDOWS\system32\drivers\bcm4sbxp.sys (Broadcom Corporation)
DRV - (PfModNT) -- C:\WINDOWS\system32\drivers\PFMODNT.SYS (Creative Technology Ltd.)
DRV - (USB-100) -- C:\WINDOWS\system32\drivers\USB100M.SYS (Linksys)


========== Files/Folders - Created Within 60 Days ==========

[2012/01/03 13:31:00 | 000,000,000 | RH-D | C] -- C:\Documents and Settings\Owner\Recent
[2012/01/02 21:15:13 | 000,000,000 | ---D | C] -- C:\_OTL
[2012/01/02 15:43:43 | 000,000,000 | -HSD | C] -- C:\RECYCLER
[2012/01/02 14:20:07 | 000,000,000 | ---D | C] -- C:\WINDOWS\temp
[2012/01/02 13:23:07 | 000,060,416 | ---- | C] (NirSoft) -- C:\WINDOWS\NIRCMD.exe
[2012/01/02 13:23:05 | 000,518,144 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWREG.exe
[2012/01/02 13:23:04 | 000,406,528 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWSC.exe
[2012/01/02 13:23:04 | 000,212,480 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWXCACLS.exe
[2012/01/02 13:21:46 | 000,000,000 | ---D | C] -- C:\Qoobox
[2012/01/02 13:14:37 | 004,360,898 | R--- | C] (Swearware) -- C:\Documents and Settings\Owner\Desktop\comfix.exe
[2012/01/01 21:44:00 | 000,584,192 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Owner\Desktop\OTL.exe
[2011/12/25 11:14:11 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Microsoft Silverlight
[2011/12/25 11:13:18 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft Silverlight
[2011/12/24 21:01:24 | 000,018,560 | ---- | C] (LeapFrog) -- C:\WINDOWS\System32\drivers\FlyUsb.sys
[2011/12/24 21:00:24 | 000,000,000 | ---D | C] -- C:\Program Files\DIFX
[2011/12/24 20:59:50 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\LeapFrog Connect
[2011/12/24 20:55:37 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Leapfrog
[2011/12/24 20:55:36 | 000,000,000 | ---D | C] -- C:\Program Files\LeapFrog
[2011/12/23 23:05:47 | 000,157,472 | ---- | C] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\javaws.exe
[2011/12/23 23:05:47 | 000,149,280 | ---- | C] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\javaw.exe
[2011/12/23 23:05:47 | 000,149,280 | ---- | C] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\java.exe
[2011/12/22 12:42:49 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\QuickTime
[2011/12/22 12:41:44 | 000,000,000 | ---D | C] -- C:\Program Files\QuickTime
[2011/12/22 12:41:22 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Apple Computer
[2011/12/22 12:38:37 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Apple
[2011/12/22 12:37:09 | 000,000,000 | ---D | C] -- C:\Program Files\Apple Software Update
[2011/12/22 12:37:07 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Apple
[2011/12/17 15:03:51 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Owner\Local Settings\Application Data\Temp
[2011/12/17 12:16:55 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Owner\Moonchild's Documents\TaxACT 2011
[2011/12/17 12:16:33 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Owner\Start Menu\Programs\2nd Story Software
[2011/12/16 07:31:08 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Owner\Local Settings\Application Data\cache
[2011/12/16 07:29:40 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\VTech
[2011/12/16 07:25:44 | 000,000,000 | ---D | C] -- C:\Program Files\VTech
[2011/12/16 07:25:44 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\VTech
[2011/12/12 22:58:15 | 000,607,260 | R--- | C] (Swearware) -- C:\Documents and Settings\Owner\Desktop\dds.scr
[2011/12/12 22:31:40 | 000,009,216 | ---- | C] (Kephyr) -- C:\WINDOWS\System32\ffnd.exe
[2011/12/12 08:26:52 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Emsisoft Anti-Malware
[2011/12/11 21:50:17 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Owner\Application Data\SUPERAntiSpyware.com
[2011/12/11 21:49:36 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\SUPERAntiSpyware
[2011/12/11 21:48:59 | 000,000,000 | ---D | C] -- C:\Program Files\SUPERAntiSpyware
[2011/12/11 20:23:23 | 000,000,000 | ---D | C] -- C:\Program Files\ESET
[2011/12/11 14:39:34 | 001,577,776 | ---- | C] (Kaspersky Lab ZAO) -- C:\Documents and Settings\Owner\Desktop\tdsskiller.exe
[2011/12/11 10:31:49 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\HijackThis
[2011/12/11 10:31:48 | 000,396,288 | ---- | C] (Trend Micro Inc.) -- C:\Documents and Settings\Owner\Desktop\HijackThis.exe
[2011/12/11 09:15:33 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Owner\Local Settings\Application Data\FreeFixer
[2011/12/11 09:15:33 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Owner\Application Data\FreeFixer
[2011/12/11 09:15:20 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Owner\Start Menu\Programs\FreeFixer
[2011/12/11 09:15:19 | 000,000,000 | ---D | C] -- C:\Program Files\FreeFixer
[2011/12/10 19:37:30 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Sophos
[2011/12/10 19:36:21 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Owner\Application Data\WinPatrol
[2011/12/09 19:11:09 | 000,000,000 | ---D | C] -- C:\ComFix
[2011/12/08 16:34:26 | 000,000,000 | RHSD | C] -- C:\cmdcons
[2011/12/08 16:27:32 | 000,000,000 | ---D | C] -- C:\WINDOWS\ERDNT
[2011/12/08 14:28:32 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Owner\Local Settings\Application Data\Secunia PSI
[2011/12/08 14:27:38 | 000,000,000 | ---D | C] -- C:\Program Files\Secunia
[2011/12/07 19:10:20 | 000,028,672 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\sma0w.dll
[2011/12/07 19:10:01 | 000,011,136 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\slip.sys
[2011/12/07 19:09:56 | 000,063,547 | ---- | C] (Symbol Technologies) -- C:\WINDOWS\System32\dllcache\sla30nd5.sys
[2011/12/07 19:09:51 | 000,091,294 | ---- | C] (SysKonnect, a business unit of Schneider & Koch & Co. Datensysteme GmbH.) -- C:\WINDOWS\System32\dllcache\skfpwin.sys
[2011/12/07 19:09:46 | 000,094,698 | ---- | C] (SysKonnect GmbH.) -- C:\WINDOWS\System32\dllcache\sk98xwin.sys
[2011/12/07 19:09:42 | 000,157,696 | ---- | C] (Silicon Integrated Systems Corporation) -- C:\WINDOWS\System32\dllcache\sisv256.dll
[2011/12/07 19:09:37 | 000,050,432 | ---- | C] (Silicon Integrated Systems Corporation) -- C:\WINDOWS\System32\dllcache\sisv.sys
[2011/12/07 19:09:12 | 000,032,768 | ---- | C] (SiS Corporation) -- C:\WINDOWS\System32\dllcache\sisnic.sys
[2011/12/07 19:09:07 | 000,238,592 | ---- | C] (Silicon Integrated Systems Corporation) -- C:\WINDOWS\System32\dllcache\sisgrv.dll
[2011/12/07 19:09:02 | 000,104,064 | ---- | C] (Silicon Integrated Systems Corporation) -- C:\WINDOWS\System32\dllcache\sisgrp.sys
[2011/12/07 19:08:57 | 000,150,144 | ---- | C] (Silicon Integrated Systems Corporation) -- C:\WINDOWS\System32\dllcache\sis6306v.dll
[2011/12/07 19:08:52 | 000,068,608 | ---- | C] (Silicon Integrated Systems Corporation) -- C:\WINDOWS\System32\dllcache\sis6306p.sys
[2011/12/07 19:08:48 | 000,252,032 | ---- | C] (Silicon Integrated Systems Corporation) -- C:\WINDOWS\System32\dllcache\sis300iv.dll
[2011/12/07 19:08:43 | 000,101,760 | ---- | C] (Silicon Integrated Systems Corporation) -- C:\WINDOWS\System32\dllcache\sis300ip.sys
[2011/12/07 19:08:01 | 000,161,568 | ---- | C] (Micro Systemation) -- C:\WINDOWS\System32\dllcache\sgsmusb.sys
[2011/12/07 19:07:56 | 000,018,400 | ---- | C] (Micro Systemation) -- C:\WINDOWS\System32\dllcache\sgsmld.sys
[2011/12/07 19:07:52 | 000,098,080 | ---- | C] (Trident Microsystems Inc.) -- C:\WINDOWS\System32\dllcache\sgiulnt5.sys
[2011/12/07 19:07:47 | 000,386,560 | ---- | C] (Trident Microsystems Inc.) -- C:\WINDOWS\System32\dllcache\sgiul50.dll
[2011/12/07 19:07:42 | 000,036,480 | ---- | C] (Creative Technology Ltd.) -- C:\WINDOWS\System32\dllcache\sfmanm.sys
[2011/12/07 19:07:24 | 000,006,912 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\seaddsmc.sys
[2011/12/07 19:07:21 | 000,011,520 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\scsiscan.sys
[2011/12/07 19:07:16 | 000,011,648 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\scsiprnt.sys
[2011/12/07 19:07:08 | 000,017,280 | ---- | C] (SCM Microsystems) -- C:\WINDOWS\System32\dllcache\scr111.sys
[2011/12/07 19:07:03 | 000,016,640 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\scmstcs.sys
[2011/12/07 19:06:57 | 000,023,936 | ---- | C] (OMNIKEY AG) -- C:\WINDOWS\System32\dllcache\sccmusbm.sys
[2011/12/07 19:06:52 | 000,023,936 | ---- | C] (OMNIKEY AG) -- C:\WINDOWS\System32\dllcache\sccmn50m.sys
[2011/12/07 19:06:48 | 000,043,904 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\sbp2port.sys
[2011/12/07 19:06:43 | 000,495,616 | ---- | C] (Creative Technology Ltd.) -- C:\WINDOWS\System32\dllcache\sblfx.dll
[2011/12/07 19:06:30 | 000,075,392 | ---- | C] (S3 Graphics, Inc.) -- C:\WINDOWS\System32\dllcache\s3savmxm.sys
[2011/12/07 19:06:25 | 000,245,632 | ---- | C] (S3 Graphics, Inc.) -- C:\WINDOWS\System32\dllcache\s3savmx.dll
[2011/12/07 19:06:21 | 000,077,824 | ---- | C] (S3 Incorporated) -- C:\WINDOWS\System32\dllcache\s3sav4m.sys
[2011/12/07 19:06:16 | 000,198,400 | ---- | C] (S3 Incorporated) -- C:\WINDOWS\System32\dllcache\s3sav4.dll
[2011/12/07 19:06:12 | 000,061,504 | ---- | C] (S3 Incorporated) -- C:\WINDOWS\System32\dllcache\s3sav3dm.sys
[2011/12/07 19:06:07 | 000,179,264 | ---- | C] (S3 Incorporated) -- C:\WINDOWS\System32\dllcache\s3sav3d.dll
[2011/12/07 19:06:03 | 000,210,496 | ---- | C] (S3 Incorporated) -- C:\WINDOWS\System32\dllcache\s3mvirge.dll
[2011/12/07 19:05:58 | 000,062,496 | ---- | C] (S3 Incorporated) -- C:\WINDOWS\System32\dllcache\s3mtrio.dll
[2011/12/07 19:05:54 | 000,041,216 | ---- | C] (S3 Incorporated) -- C:\WINDOWS\System32\dllcache\s3mt3d.sys
[2011/12/07 19:05:49 | 000,182,272 | ---- | C] (S3 Incorporated) -- C:\WINDOWS\System32\dllcache\s3mt3d.dll
[2011/12/07 19:05:44 | 000,166,720 | ---- | C] (S3 Incorporated) -- C:\WINDOWS\System32\dllcache\s3m.sys
[2011/12/07 19:05:40 | 000,065,664 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\s3legacy.sys
[2011/12/07 19:05:33 | 000,082,432 | ---- | C] (Ricoh Co., Ltd.) -- C:\WINDOWS\System32\dllcache\rwia450.dll
[2011/12/07 19:05:28 | 000,079,872 | ---- | C] (Ricoh Co., Ltd.) -- C:\WINDOWS\System32\dllcache\rwia430.dll
[2011/12/07 19:05:25 | 000,029,696 | ---- | C] (Ricoh Co., Ltd.) -- C:\WINDOWS\System32\dllcache\rw450ext.dll
[2011/12/07 19:05:23 | 000,027,648 | ---- | C] (Ricoh Co., Ltd.) -- C:\WINDOWS\System32\dllcache\rw430ext.dll
[2011/12/07 19:05:16 | 000,020,992 | ---- | C] (Realtek Semiconductor Corporation) -- C:\WINDOWS\System32\dllcache\rtl8139.sys
[2011/12/07 19:05:11 | 000,019,017 | ---- | C] (Realtek Semiconductor Corporation) -- C:\WINDOWS\System32\dllcache\rtl8029.sys
[2011/12/07 19:05:07 | 000,030,720 | ---- | C] (Conexant Systems Inc.) -- C:\WINDOWS\System32\dllcache\rthwcls.sys
[2011/12/07 19:04:58 | 000,009,216 | ---- | C] (Brother Industries, Ltd.) -- C:\WINDOWS\System32\dllcache\rsmgrstr.dll
[2011/12/07 19:04:52 | 000,003,840 | ---- | C] (Conexant Systems Inc.) -- C:\WINDOWS\System32\dllcache\rpfun.sys
[2011/12/07 19:04:42 | 000,079,104 | ---- | C] (Comtrol Corporation) -- C:\WINDOWS\System32\dllcache\rocket.sys
[2011/12/07 19:04:35 | 000,037,563 | ---- | C] (RadioLAN) -- C:\WINDOWS\System32\dllcache\rlnet5.sys
[2011/12/07 19:04:28 | 000,086,097 | ---- | C] (Xircom) -- C:\WINDOWS\System32\dllcache\reslog32.dll
[2011/12/07 19:04:03 | 000,019,584 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\rasirda.sys
[2011/12/07 19:03:55 | 000,714,762 | ---- | C] (Xircom, Inc.) -- C:\WINDOWS\System32\dllcache\r2mdmkxx.sys
[2011/12/07 19:03:50 | 000,899,146 | ---- | C] (Xircom, Inc.) -- C:\WINDOWS\System32\dllcache\r2mdkxga.sys
[2011/12/07 19:03:44 | 000,041,472 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\qvusd.dll
[2011/12/07 19:03:39 | 000,003,328 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\qv2kux.sys
[2011/12/07 19:03:23 | 000,049,024 | ---- | C] (QLogic Corporation) -- C:\WINDOWS\System32\dllcache\ql1280.sys
[2011/12/07 19:03:19 | 000,040,448 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\ql1240.sys
[2011/12/07 19:03:14 | 000,045,312 | ---- | C] (QLogic Corporation) -- C:\WINDOWS\System32\dllcache\ql12160.sys
[2011/12/07 19:03:10 | 000,033,152 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\ql10wnt.sys
[2011/12/07 19:03:05 | 000,040,320 | ---- | C] (QLogic Corporation) -- C:\WINDOWS\System32\dllcache\ql1080.sys
[2011/12/07 19:03:04 | 000,006,016 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\qic157.sys
[2011/12/07 19:02:53 | 000,130,942 | ---- | C] (PCTEL, INC.) -- C:\WINDOWS\System32\dllcache\ptserlv.sys
[2011/12/07 19:02:48 | 000,112,574 | ---- | C] (PCTEL, INC.) -- C:\WINDOWS\System32\dllcache\ptserlp.sys
[2011/12/07 19:02:44 | 000,128,286 | ---- | C] (PCTEL, INC.) -- C:\WINDOWS\System32\dllcache\ptserli.sys
[2011/12/07 19:02:42 | 000,159,232 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\ptpusd.dll
[2011/12/07 19:02:38 | 000,005,632 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\ptpusb.dll
[2011/12/07 19:02:31 | 000,035,328 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\psisload.dll
[2011/12/07 19:02:24 | 000,016,128 | ---- | C] (SCM Microsystems, Inc.) -- C:\WINDOWS\System32\dllcache\pscr.sys
[2011/12/07 19:02:15 | 000,017,664 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\ppa3.sys
[2011/12/07 19:02:11 | 000,017,792 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\ppa.sys
[2011/12/07 19:02:09 | 000,008,832 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\powerfil.sys
[2011/12/07 19:02:02 | 000,007,168 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\pnrmc.sys
[2011/12/07 19:01:45 | 000,121,344 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\phvfwext.dll
[2011/12/07 19:01:39 | 000,019,840 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\philtune.sys
[2011/12/07 19:01:35 | 000,092,416 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\phildec.sys
[2011/12/07 19:01:30 | 000,173,696 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\philcam2.sys
[2011/12/07 19:01:26 | 000,075,776 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\philcam1.sys
[2011/12/07 19:01:22 | 000,016,384 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\philcam1.dll
[2011/12/07 19:01:17 | 000,105,984 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\phdsext.ax
[2011/12/07 19:01:16 | 000,259,328 | ---- | C] (Microsoft Corp., 3Dlabs Inc. Ltd.) -- C:\WINDOWS\System32\dllcache\perm3dd.dll
[2011/12/07 19:01:14 | 000,028,032 | ---- | C] (Microsoft Corp., 3Dlabs Inc. Ltd.) -- C:\WINDOWS\System32\dllcache\perm3.sys
[2011/12/07 19:01:13 | 000,211,584 | ---- | C] (Microsoft Corp., 3Dlabs Inc. Ltd.) -- C:\WINDOWS\System32\dllcache\perm2dll.dll
[2011/12/07 19:01:11 | 000,027,904 | ---- | C] (Microsoft Corp., 3Dlabs Inc. Ltd.) -- C:\WINDOWS\System32\dllcache\perm2.sys
[2011/12/07 19:01:05 | 000,005,504 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\perc2hib.sys
[2011/12/07 19:01:01 | 000,027,296 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\perc2.sys
[2011/12/07 19:00:57 | 000,169,984 | ---- | C] (Cisco Systems) -- C:\WINDOWS\System32\dllcache\pcx500.sys
[2011/12/07 19:00:53 | 000,086,016 | ---- | C] (PCtel, Inc.) -- C:\WINDOWS\System32\dllcache\pctspk.exe
[2011/12/07 19:00:49 | 000,035,328 | ---- | C] (AMD Inc.) -- C:\WINDOWS\System32\dllcache\pcntpci5.sys
[2011/12/07 19:00:44 | 000,029,769 | ---- | C] (AMD Inc.) -- C:\WINDOWS\System32\dllcache\pcntn5m.sys
[2011/12/07 19:00:40 | 000,030,282 | ---- | C] (AMD Inc.) -- C:\WINDOWS\System32\dllcache\pcntn5hl.sys
[2011/12/07 19:00:35 | 000,026,153 | ---- | C] (Linksys) -- C:\WINDOWS\System32\dllcache\pcmlm56.sys
[2011/12/07 19:00:32 | 000,029,502 | ---- | C] (Marconi Communications, Inc.) -- C:\WINDOWS\System32\dllcache\pca200e.sys
[2011/12/07 19:00:27 | 000,030,495 | ---- | C] (Linksys) -- C:\WINDOWS\System32\dllcache\pc100nds.sys
[2011/12/07 19:00:12 | 000,041,984 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\ovui2rc.dll
[2011/12/07 19:00:08 | 000,044,544 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\ovui2.dll
[2011/12/07 19:00:04 | 000,025,216 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\ovsound2.sys
[2011/12/07 18:59:59 | 000,039,424 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\ovcoms.exe
[2011/12/07 18:59:55 | 000,020,480 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\ovcomc.dll
[2011/12/07 18:59:51 | 000,351,616 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\ovcodek2.sys
[2011/12/07 18:59:47 | 000,116,736 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\ovcodec2.dll
[2011/12/07 18:59:43 | 000,031,872 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\ovce.sys
[2011/12/07 18:59:39 | 000,028,032 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\ovcd.sys
[2011/12/07 18:59:34 | 000,048,000 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\ovcam2.sys
[2011/12/07 18:59:30 | 000,025,088 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\ovca.sys
[2011/12/07 18:59:25 | 000,054,186 | ---- | C] (Ositech Communications, Inc.) -- C:\WINDOWS\System32\dllcache\otcsercb.sys
[2011/12/07 18:59:20 | 000,043,689 | ---- | C] (Ositech Communications, Inc.) -- C:\WINDOWS\System32\dllcache\otceth5.sys
[2011/12/07 18:59:16 | 000,027,209 | ---- | C] (Ositech Communications, Inc.) -- C:\WINDOWS\System32\dllcache\otc06x5.sys
[2011/12/07 18:59:10 | 000,054,528 | ---- | C] (Yamaha Corp.) -- C:\WINDOWS\System32\dllcache\opl3sax.sys
[2011/12/07 18:58:53 | 000,061,696 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\ohci1394.sys
[2011/12/07 18:58:29 | 000,198,144 | ---- | C] (NVIDIA Corporation) -- C:\WINDOWS\System32\dllcache\nv3.sys
[2011/12/07 18:58:25 | 000,123,776 | ---- | C] (NVIDIA Corporation) -- C:\WINDOWS\System32\dllcache\nv3.dll
[2011/12/07 18:57:58 | 000,051,552 | ---- | C] (Kensington Technology Group) -- C:\WINDOWS\System32\dllcache\ntgrip.sys
[2011/12/07 18:57:50 | 000,009,344 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\ntapm.sys
[2011/12/07 18:57:45 | 000,007,552 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\nsmmc.sys
[2011/12/07 18:57:44 | 000,028,672 | ---- | C] (National Semiconductor Corporation) -- C:\WINDOWS\System32\dllcache\nscirda.sys
[2011/12/07 18:57:32 | 000,087,040 | ---- | C] (NeoMagic Corporation) -- C:\WINDOWS\System32\dllcache\nm6wdm.sys
[2011/12/07 18:57:28 | 000,126,080 | ---- | C] (NeoMagic Corporation) -- C:\WINDOWS\System32\dllcache\nm5a2wdm.sys
[2011/12/07 18:57:13 | 000,032,840 | ---- | C] (NETGEAR Corporation.) -- C:\WINDOWS\System32\dllcache\ngrpci.sys
[2011/12/07 18:57:11 | 000,132,695 | ---- | C] (802.11b) -- C:\WINDOWS\System32\dllcache\netwlan5.sys
[2011/12/07 18:56:58 | 000,065,278 | ---- | C] (Compaq Computer Corporation) -- C:\WINDOWS\System32\dllcache\netflx3.sys
[2011/12/07 18:56:51 | 000,039,264 | ---- | C] (NeoMagic Corporation) -- C:\WINDOWS\System32\dllcache\neo20xx.sys
[2011/12/07 18:56:47 | 000,060,480 | ---- | C] (NeoMagic Corporation) -- C:\WINDOWS\System32\dllcache\neo20xx.dll
[2011/12/07 18:56:42 | 000,015,872 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\ne2000.sys
[2011/12/07 18:56:39 | 000,010,880 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\ndisip.sys
[2011/12/07 18:56:16 | 000,085,248 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\nabtsfec.sys
[2011/12/07 18:56:12 | 000,091,488 | ---- | C] (Number Nine Visual Technology Corp.) -- C:\WINDOWS\System32\dllcache\n9i3disp.dll
[2011/12/07 18:56:07 | 000,027,936 | ---- | C] (Number Nine Visual Technology Corp.) -- C:\WINDOWS\System32\dllcache\n9i3d.sys
[2011/12/07 18:56:03 | 000,033,088 | ---- | C] (Number Nine Visual Technology Corp.) -- C:\WINDOWS\System32\dllcache\n9i128v2.sys
[2011/12/07 18:55:59 | 000,059,104 | ---- | C] (Number Nine Visual Technology Corp.) -- C:\WINDOWS\System32\dllcache\n9i128v2.dll
[2011/12/07 18:55:55 | 000,013,664 | ---- | C] (Number Nine Visual Technology Corp.) -- C:\WINDOWS\System32\dllcache\n9i128.sys
[2011/12/07 18:55:51 | 000,035,392 | ---- | C] (Number Nine Visual Technology Corp.) -- C:\WINDOWS\System32\dllcache\n9i128.dll
[2011/12/07 18:55:46 | 000,128,000 | ---- | C] (Compaq Computer Corporation) -- C:\WINDOWS\System32\dllcache\n100325.sys
[2011/12/07 18:55:42 | 000,052,255 | ---- | C] (Compaq Computer Corporation) -- C:\WINDOWS\System32\dllcache\n1000nt5.sys
[2011/12/07 18:55:37 | 000,075,520 | ---- | C] (Moxa Technologies Co., Ltd.) -- C:\WINDOWS\System32\dllcache\mxport.sys
[2011/12/07 18:55:33 | 000,007,168 | ---- | C] (Moxa Technologies Co., Ltd) -- C:\WINDOWS\System32\dllcache\mxport.dll
[2011/12/07 18:55:29 | 000,019,968 | ---- | C] (Macronix International Co., Ltd. ) -- C:\WINDOWS\System32\dllcache\mxnic.sys
[2011/12/07 18:55:24 | 000,019,968 | ---- | C] (Moxa Technologies Co., Ltd) -- C:\WINDOWS\System32\dllcache\mxicfg.dll
[2011/12/07 18:55:19 | 000,021,888 | ---- | C] (Moxa Technologies Co., Ltd.) -- C:\WINDOWS\System32\dllcache\mxcard.sys
[2011/12/07 18:53:37 | 000,103,296 | ---- | C] (Matrox Graphics Inc) -- C:\WINDOWS\System32\dllcache\mtxvideo.sys
[2011/12/07 18:52:55 | 000,005,504 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\mstee.sys
[2011/12/07 18:52:53 | 000,049,024 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\mstape.sys
[2011/12/07 18:52:41 | 000,012,416 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\msriffwv.sys
[2011/12/07 18:50:35 | 000,002,944 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\msmpu401.sys
[2011/12/07 18:50:18 | 000,022,016 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\msircomm.sys
[2011/12/07 18:49:29 | 000,035,200 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\msgame.sys
[2011/12/07 18:49:23 | 000,006,016 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\msfsio.sys
[2011/12/07 18:49:20 | 000,051,200 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\msdv.sys
[2011/12/07 18:48:58 | 000,017,280 | ---- | C] (American Megatrends Inc.) -- C:\WINDOWS\System32\dllcache\mraid35x.sys
[2011/12/07 18:48:52 | 000,015,232 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\mpe.sys
[2011/12/07 18:48:20 | 000,006,528 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\miniqic.sys
[2011/12/07 18:48:07 | 000,320,384 | ---- | C] (Matrox Graphics Inc.) -- C:\WINDOWS\System32\dllcache\mgaum.sys
[2011/12/07 18:48:03 | 000,235,648 | ---- | C] (Matrox Graphics Inc.) -- C:\WINDOWS\System32\dllcache\mgaud.dll
[2011/12/07 18:47:59 | 000,026,112 | ---- | C] (Sony Corporation) -- C:\WINDOWS\System32\dllcache\memstpci.sys
[2011/12/07 18:47:55 | 000,047,616 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\memgrp.dll
[2011/12/07 18:47:51 | 000,008,320 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\memcard.sys
[2011/12/07 18:47:45 | 000,164,586 | ---- | C] (Madge Networks Ltd) -- C:\WINDOWS\System32\dllcache\mdgndis5.sys
[2011/12/07 18:47:35 | 000,007,424 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\mammoth.sys
[2011/12/07 18:47:28 | 000,048,768 | ---- | C] (ESS Technology, Inc.) -- C:\WINDOWS\System32\dllcache\maestro.sys
[2011/12/07 18:47:24 | 000,058,880 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\m3092dc.dll
[2011/12/07 18:47:17 | 000,058,368 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\m3091dc.dll
[2011/12/07 18:47:12 | 000,022,848 | ---- | C] (Logitech Inc.) -- C:\WINDOWS\System32\dllcache\lwusbhid.sys
[2011/12/07 18:47:11 | 000,020,864 | ---- | C] (Logitech Inc.) -- C:\WINDOWS\System32\dllcache\lwadihid.sys
[2011/12/07 18:47:00 | 000,797,500 | ---- | C] (LT) -- C:\WINDOWS\System32\dllcache\ltsmt.sys
[2011/12/07 18:46:56 | 000,802,683 | ---- | C] (Lucent Technologies) -- C:\WINDOWS\System32\dllcache\ltsm.sys
[2011/12/07 18:46:55 | 000,007,040 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\ltotape.sys
[2011/12/07 18:46:54 | 000,420,992 | ---- | C] (LT) -- C:\WINDOWS\System32\dllcache\ltmdmntt.sys
[2011/12/07 18:46:49 | 000,576,746 | ---- | C] (LT) -- C:\WINDOWS\System32\dllcache\ltmdmntl.sys
[2011/12/07 18:46:48 | 000,606,684 | ---- | C] (LT) -- C:\WINDOWS\System32\dllcache\ltmdmnt.sys
[2011/12/07 18:46:44 | 000,727,786 | ---- | C] (Xircom, Inc.) -- C:\WINDOWS\System32\dllcache\ltck000c.sys
[2011/12/07 18:46:37 | 000,004,992 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\loop.sys
[2011/12/07 18:46:27 | 000,070,730 | ---- | C] (Linksys Group, Inc.) -- C:\WINDOWS\System32\dllcache\lne100tx.sys
[2011/12/07 18:46:23 | 000,020,573 | ---- | C] (The Linksts Group ) -- C:\WINDOWS\System32\dllcache\lne100.sys
[2011/12/07 18:46:18 | 000,025,065 | ---- | C] (D-Link) -- C:\WINDOWS\System32\dllcache\lmndis3.sys
[2011/12/07 18:46:13 | 000,015,744 | ---- | C] (Litronic Industries) -- C:\WINDOWS\System32\dllcache\lit220p.sys
[2011/12/07 18:46:10 | 000,034,688 | ---- | C] (Toshiba Corp.) -- C:\WINDOWS\System32\dllcache\lbrtfdc.sys
[2011/12/07 18:46:06 | 000,026,442 | ---- | C] (SMSC) -- C:\WINDOWS\System32\dllcache\lanepic5.sys
[2011/12/07 18:46:01 | 000,019,016 | ---- | C] (Kingston Technology Company ) -- C:\WINDOWS\System32\dllcache\ktc111.sys
[2011/12/07 18:46:00 | 000,043,008 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\ksxbar.ax
[2011/12/07 18:45:59 | 000,091,136 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kswdmcap.ax
[2011/12/07 18:45:57 | 000,061,952 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kstvtune.ax
[2011/12/07 18:45:49 | 000,037,376 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kousd.dll
[2011/12/07 18:45:41 | 000,253,952 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kdsusd.dll
[2011/12/07 18:45:40 | 000,048,640 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kdsui.dll
[2011/12/07 18:45:12 | 000,008,192 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kbdkor.dll
[2011/12/07 18:45:08 | 000,008,704 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kbdjpn.dll
[2011/12/07 18:44:40 | 000,006,144 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kbd106.dll
[2011/12/07 18:44:37 | 000,005,632 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kbd103.dll
[2011/12/07 18:44:33 | 000,006,144 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kbd101c.dll
[2011/12/07 18:44:29 | 000,006,144 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kbd101b.dll
[2011/12/07 18:44:18 | 000,026,624 | ---- | C] (SigmaTel, Inc.) -- C:\WINDOWS\System32\dllcache\irstusb.sys
[2011/12/07 18:44:14 | 000,018,688 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\irsir.sys
[2011/12/07 18:44:12 | 000,028,160 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\irmon.dll
[2011/12/07 18:44:09 | 000,023,552 | ---- | C] (MKNet Corporation) -- C:\WINDOWS\System32\dllcache\irmk7.sys
[2011/12/07 18:44:08 | 000,151,552 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\irftp.exe
[2011/12/07 18:44:07 | 000,088,192 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\irda.sys
[2011/12/07 18:43:54 | 000,016,384 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\ipsink.ax
[2011/12/07 18:43:43 | 000,045,632 | ---- | C] (Interphase ® Corporation a Windows ® 2000 DDK Driver Provider) -- C:\WINDOWS\System32\dllcache\ip5515.sys
[2011/12/07 18:43:39 | 000,090,200 | ---- | C] (Perle Systems Ltd. ) -- C:\WINDOWS\System32\dllcache\io8ports.dll
[2011/12/07 18:43:35 | 000,038,784 | ---- | C] (Perle Systems Ltd. ) -- C:\WINDOWS\System32\dllcache\io8.sys
[2011/12/07 18:43:30 | 000,013,056 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\inport.sys
[2011/12/07 18:43:25 | 000,016,000 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\ini910u.sys
[2011/12/07 18:42:19 | 000,372,824 | ---- | C] (Xircom) -- C:\WINDOWS\System32\dllcache\iconf32.dll
[2011/12/07 18:42:14 | 000,100,992 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\icam5usb.sys
[2011/12/07 18:42:11 | 000,020,480 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\icam5ext.dll
[2011/12/07 18:42:07 | 000,045,056 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\icam5com.dll
[2011/12/07 18:42:03 | 000,154,496 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\icam4usb.sys
[2011/12/07 18:42:00 | 000,061,952 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\icam4ext.dll
[2011/12/07 18:41:56 | 000,091,136 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\icam4com.dll
[2011/12/07 18:41:52 | 000,026,624 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\icam3ext.dll
[2011/12/07 18:41:48 | 000,141,056 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\icam3.sys
[2011/12/07 18:41:45 | 000,038,528 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\ibmvcap.sys
[2011/12/07 18:41:41 | 000,109,085 | ---- | C] (IBM Corporation) -- C:\WINDOWS\System32\dllcache\ibmtrp.sys
[2011/12/07 18:41:37 | 000,100,936 | ---- | C] (IBM Corporation) -- C:\WINDOWS\System32\dllcache\ibmtok.sys
[2011/12/07 18:41:34 | 000,009,216 | ---- | C] (IBM Corporation) -- C:\WINDOWS\System32\dllcache\ibmsgnet.dll
[2011/12/07 18:41:30 | 000,028,700 | ---- | C] (IBM Corp.) -- C:\WINDOWS\System32\dllcache\ibmexmp.sys
[2011/12/07 18:41:25 | 000,161,020 | ---- | C] (Intel® Corporation) -- C:\WINDOWS\System32\dllcache\i81xnt5.sys
[2011/12/07 18:41:24 | 000,702,845 | ---- | C] (Intel® Corporation) -- C:\WINDOWS\System32\dllcache\i81xdnt5.dll
[2011/12/07 18:41:20 | 000,058,592 | ---- | C] (Intel Corporation) -- C:\WINDOWS\System32\dllcache\i740nt5.sys
[2011/12/07 18:39:47 | 000,353,184 | ---- | C] (Intel Corporation) -- C:\WINDOWS\System32\dllcache\i740dnt5.dll
[2011/12/07 18:39:45 | 000,018,560 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\i2omp.sys
[2011/12/07 18:39:35 | 000,008,576 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\i2omgmt.sys
[2011/12/07 18:37:41 | 000,488,383 | ---- | C] (Conexant) -- C:\WINDOWS\System32\dllcache\hsf_v124.sys
[2011/12/07 18:37:38 | 000,050,751 | ---- | C] (Conexant) -- C:\WINDOWS\System32\dllcache\hsf_tone.sys
[2011/12/07 18:37:34 | 000,073,279 | ---- | C] (Conexant) -- C:\WINDOWS\System32\dllcache\hsf_spkp.sys
[2011/12/07 18:37:30 | 000,044,863 | ---- | C] (Conexant) -- C:\WINDOWS\System32\dllcache\hsf_soar.sys
[2011/12/07 18:37:27 | 000,057,471 | ---- | C] (Conexant) -- C:\WINDOWS\System32\dllcache\hsf_samp.sys
[2011/12/07 18:37:23 | 000,542,879 | ---- | C] (Conexant) -- C:\WINDOWS\System32\dllcache\hsf_msft.sys
[2011/12/07 18:37:19 | 000,391,199 | ---- | C] (Conexant) -- C:\WINDOWS\System32\dllcache\hsf_k56k.sys
[2011/12/07 18:37:16 | 000,009,759 | ---- | C] (Conexant) -- C:\WINDOWS\System32\dllcache\hsf_inst.dll
[2011/12/07 18:37:12 | 000,115,807 | ---- | C] (Conexant) -- C:\WINDOWS\System32\dllcache\hsf_fsks.sys
[2011/12/07 18:37:08 | 000,199,711 | ---- | C] (Conexant) -- C:\WINDOWS\System32\dllcache\hsf_faxx.sys
[2011/12/07 18:37:05 | 000,289,887 | ---- | C] (Conexant) -- C:\WINDOWS\System32\dllcache\hsf_fall.sys
[2011/12/07 18:37:01 | 000,067,167 | ---- | C] (Conexant) -- C:\WINDOWS\System32\dllcache\hsf_bsc2.sys
[2011/12/07 18:36:57 | 000,150,239 | ---- | C] (Conexant) -- C:\WINDOWS\System32\dllcache\hsf_amos.sys
[2011/12/07 18:36:48 | 000,019,456 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\hr1w.dll
[2011/12/07 18:36:44 | 000,005,760 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\hpt4qic.sys
[2011/12/07 18:36:41 | 000,013,312 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\hpsjmcro.dll
[2011/12/07 18:36:37 | 000,324,608 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\hpojwia.dll
[2011/12/07 18:36:34 | 000,025,952 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\hpn.sys
[2011/12/07 18:36:30 | 000,032,768 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\hpgtmcro.dll
[2011/12/07 18:36:27 | 000,068,608 | ---- | C] (Avisioin) -- C:\WINDOWS\System32\dllcache\hpgt53tk.dll
[2011/12/07 18:36:20 | 000,031,232 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\hpgt42tk.dll
[2011/12/07 18:36:13 | 000,126,976 | ---- | C] (Hewlett Packard) -- C:\WINDOWS\System32\dllcache\hpgt34tk.dll
[2011/12/07 18:36:07 | 000,048,128 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\hpgt33tk.dll
[2011/12/07 18:36:00 | 000,123,392 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\hpgt21tk.dll
[2011/12/07 18:35:40 | 000,021,504 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\hidserv.dll
[2011/12/07 18:35:40 | 000,002,688 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\hidswvd.sys
[2011/12/07 18:35:36 | 000,008,576 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\hidgame.sys
[2011/12/07 18:35:33 | 000,020,352 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\hidbatt.sys
[2011/12/07 18:35:22 | 000,907,456 | ---- | C] (Conexant) -- C:\WINDOWS\System32\dllcache\hcf_msft.sys
[2011/12/07 18:35:16 | 000,028,288 | ---- | C] (Gemplus) -- C:\WINDOWS\System32\dllcache\grserial.sys
[2011/12/07 18:35:12 | 000,082,304 | ---- | C] (Gemplus) -- C:\WINDOWS\System32\dllcache\grclass.sys
[2011/12/07 18:35:09 | 000,017,408 | ---- | C] (Gemplus) -- C:\WINDOWS\System32\dllcache\gpr400.sys
[2011/12/07 18:34:58 | 000,059,136 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\gckernel.sys
[2011/12/07 18:34:56 | 000,010,624 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\gameenum.sys
[2011/12/07 18:34:53 | 000,322,432 | ---- | C] (Matrox Graphics Inc.) -- C:\WINDOWS\System32\dllcache\g400m.sys
[2011/12/07 18:34:49 | 001,733,120 | ---- | C] (Matrox Graphics Inc.) -- C:\WINDOWS\System32\dllcache\g400d.dll
[2011/12/07 18:34:46 | 000,320,384 | ---- | C] (Matrox Graphics Inc.) -- C:\WINDOWS\System32\dllcache\g200m.sys
[2011/12/07 18:34:43 | 000,470,144 | ---- | C] (Matrox Graphics Inc.) -- C:\WINDOWS\System32\dllcache\g200d.dll
[2011/12/07 18:34:40 | 000,454,912 | ---- | C] (AVM GmbH) -- C:\WINDOWS\System32\dllcache\fxusbase.sys
[2011/12/07 18:34:16 | 000,092,160 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\fuusd.dll
[2011/12/07 18:34:13 | 000,455,296 | ---- | C] (AVM GmbH) -- C:\WINDOWS\System32\dllcache\fusbbase.sys
[2011/12/07 18:34:09 | 000,455,680 | ---- | C] (AVM GmbH) -- C:\WINDOWS\System32\dllcache\fus2base.sys
[2011/12/07 18:34:01 | 000,442,240 | ---- | C] (AVM GmbH) -- C:\WINDOWS\System32\dllcache\fpnpbase.sys
[2011/12/07 18:33:57 | 000,441,728 | ---- | C] (AVM GmbH) -- C:\WINDOWS\System32\dllcache\fpcmbase.sys
[2011/12/07 18:33:54 | 000,444,416 | ---- | C] (AVM GmbH) -- C:\WINDOWS\System32\dllcache\fpcibase.sys
[2011/12/07 18:33:49 | 000,034,173 | ---- | C] (Marconi Communications, Inc.) -- C:\WINDOWS\System32\dllcache\forehe.sys
[2011/12/07 18:33:36 | 000,027,165 | ---- | C] (VIA Technologies, Inc. ) -- C:\WINDOWS\System32\dllcache\fetnd5.sys
[2011/12/07 18:33:27 | 000,022,090 | ---- | C] (3Com Corporation) -- C:\WINDOWS\System32\dllcache\fem556n5.sys
[2011/12/07 18:33:21 | 000,024,618 | ---- | C] (NETGEAR) -- C:\WINDOWS\System32\dllcache\fa410nd5.sys
[2011/12/07 18:33:18 | 000,016,074 | ---- | C] (NETGEAR Corp.) -- C:\WINDOWS\System32\dllcache\fa312nd5.sys
[2011/12/07 18:33:14 | 000,011,850 | ---- | C] (FUJITSU LIMITED) -- C:\WINDOWS\System32\dllcache\f3ab18xj.sys
[2011/12/07 18:33:11 | 000,012,362 | ---- | C] (FUJITSU LIMITED) -- C:\WINDOWS\System32\dllcache\f3ab18xi.sys
[2011/12/07 18:33:06 | 000,007,040 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\exabyte2.sys
[2011/12/07 18:33:03 | 000,016,998 | ---- | C] (Intel Corporation) -- C:\WINDOWS\System32\dllcache\ex10.sys
[2011/12/07 18:32:54 | 000,045,568 | ---- | C] (SEIKO EPSON CORP.) -- C:\WINDOWS\System32\dllcache\esunib.dll
[2011/12/07 18:32:52 | 000,045,568 | ---- | C] (SEIKO EPSON CORP.) -- C:\WINDOWS\System32\dllcache\esuni.dll
[2011/12/07 18:32:48 | 000,034,816 | ---- | C] (SEIKO EPSON CORP.) -- C:\WINDOWS\System32\dllcache\esuimg.dll
[2011/12/07 18:32:44 | 000,043,008 | ---- | C] (SEIKO EPSON CORP.) -- C:\WINDOWS\System32\dllcache\esucm.dll
[2011/12/07 18:32:43 | 000,137,088 | ---- | C] (ESS Technology, Inc.) -- C:\WINDOWS\System32\dllcache\essm2e.sys
[2011/12/07 18:32:40 | 000,063,360 | ---- | C] (ESS Technology, Inc.) -- C:\WINDOWS\System32\dllcache\ess.sys
[2011/12/07 18:32:34 | 000,347,550 | ---- | C] (ESS Technology, Inc.) -- C:\WINDOWS\System32\dllcache\es56tpi.sys
[2011/12/07 18:32:31 | 000,594,238 | ---- | C] (ESS Technology, Inc.) -- C:\WINDOWS\System32\dllcache\es56hpi.sys
[2011/12/07 18:32:28 | 000,595,647 | ---- | C] (ESS Technology, Inc.) -- C:\WINDOWS\System32\dllcache\es56cvmp.sys
[2011/12/07 18:32:25 | 000,174,464 | ---- | C] (ESS Technology, Inc.) -- C:\WINDOWS\System32\dllcache\es198x.sys
[2011/12/07 18:32:22 | 000,072,192 | ---- | C] (ESS Technology Inc.) -- C:\WINDOWS\System32\dllcache\es1969.sys
[2011/12/07 18:32:19 | 000,040,704 | ---- | C] (Creative Technology Ltd.) -- C:\WINDOWS\System32\dllcache\es1371mp.sys
[2011/12/07 18:32:17 | 000,037,120 | ---- | C] (Creative Technology Ltd.) -- C:\WINDOWS\System32\dllcache\es1370mp.sys
[2011/12/07 18:32:13 | 000,061,952 | ---- | C] (Equinox Systems Inc.) -- C:\WINDOWS\System32\dllcache\eqnloop.exe
[2011/12/07 18:32:10 | 000,051,200 | ---- | C] (Equinox Systems Inc.) -- C:\WINDOWS\System32\dllcache\eqnlogr.exe
[2011/12/07 18:32:07 | 000,053,248 | ---- | C] (Equinox Systems Inc.) -- C:\WINDOWS\System32\dllcache\eqndiag.exe
[2011/12/07 18:32:04 | 000,629,952 | ---- | C] (Equinox Systems Inc.) -- C:\WINDOWS\System32\dllcache\eqn.sys
[2011/12/07 18:32:01 | 000,114,944 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\epstw2k.sys
[2011/12/07 18:31:45 | 000,018,503 | ---- | C] (Intel Corporation) -- C:\WINDOWS\System32\dllcache\epro4.sys
[2011/12/07 18:31:43 | 000,144,896 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\epcfw2k.sys
[2011/12/07 18:31:40 | 000,006,400 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\enum1394.sys
[2011/12/07 18:31:37 | 000,283,904 | ---- | C] (Creative Technology Ltd.) -- C:\WINDOWS\System32\dllcache\emu10k1m.sys
[2011/12/07 18:31:30 | 000,019,996 | ---- | C] (3Com Corporation) -- C:\WINDOWS\System32\dllcache\em556n4.sys
[2011/12/07 18:31:27 | 000,025,159 | ---- | C] (3Com Corporation) -- C:\WINDOWS\System32\dllcache\elnk3.sys
[2011/12/07 18:31:25 | 000,007,296 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\elmsmc.sys
[2011/12/07 18:31:23 | 000,171,520 | ---- | C] (3Com Corporation) -- C:\WINDOWS\System32\dllcache\el99xn51.sys
[2011/12/07 18:31:21 | 000,070,174 | ---- | C] (3Com Corporation) -- C:\WINDOWS\System32\dllcache\el98xn5.sys
[2011/12/07 18:31:19 | 000,455,199 | ---- | C] (3Com Corporation.) -- C:\WINDOWS\System32\dllcache\el985n51.sys
[2011/12/07 18:31:16 | 000,153,631 | ---- | C] (3Com Corporation) -- C:\WINDOWS\System32\dllcache\el90xnd5.sys
[2011/12/07 18:31:14 | 000,066,591 | ---- | C] (3Com Corporation) -- C:\WINDOWS\System32\dllcache\el90xbc5.sys
[2011/12/07 18:31:12 | 000,241,206 | ---- | C] (3Com Corporation) -- C:\WINDOWS\System32\dllcache\el656se5.sys
[2011/12/07 18:31:10 | 000,077,386 | ---- | C] (3Com Corporation) -- C:\WINDOWS\System32\dllcache\el656nd5.sys
[2011/12/07 18:31:08 | 000,634,134 | ---- | C] (3Com Corporation) -- C:\WINDOWS\System32\dllcache\el656ct5.sys
[2011/12/07 18:31:06 | 000,069,194 | ---- | C] (3Com Corporation) -- C:\WINDOWS\System32\dllcache\el656cd5.sys
[2011/12/07 18:31:04 | 000,026,141 | ---- | C] (3Com Corporation) -- C:\WINDOWS\System32\dllcache\el589nd5.sys
[2011/12/07 18:31:02 | 000,069,692 | ---- | C] (3Com Corporation) -- C:\WINDOWS\System32\dllcache\el575nd5.sys
[2011/12/07 18:31:00 | 000,024,653 | ---- | C] (3Com Corporation) -- C:\WINDOWS\System32\dllcache\el574nd4.sys
[2011/12/07 18:30:57 | 000,055,999 | ---- | C] (3Com Corporation) -- C:\WINDOWS\System32\dllcache\el556nd5.sys
[2011/12/07 18:30:55 | 000,044,103 | ---- | C] (3Com Corporation) -- C:\WINDOWS\System32\dllcache\el515.sys
[2011/12/07 18:30:48 | 000,019,594 | ---- | C] (Intel Corporation) -- C:\WINDOWS\System32\dllcache\e100isa4.sys
[2011/12/07 18:30:46 | 000,117,760 | ---- | C] (Intel Corporation) -- C:\WINDOWS\System32\dllcache\e100b325.sys
[2011/12/07 18:30:43 | 000,050,719 | ---- | C] (Intel Corporation) -- C:\WINDOWS\System32\dllcache\e1000nt5.sys
[2011/12/07 18:30:18 | 000,020,992 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\dshowext.ax
[2011/12/07 18:30:15 | 000,334,208 | ---- | C] (Yamaha Corp.) -- C:\WINDOWS\System32\dllcache\ds1wdm.sys
[2011/12/07 18:30:06 | 000,020,192 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\dpti2o.sys
[2011/12/07 18:29:59 | 000,028,062 | ---- | C] (National Semiconductor Coproration) -- C:\WINDOWS\System32\dllcache\dp83820.sys
[2011/12/07 18:29:57 | 000,023,808 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\dot4usb.sys
[2011/12/07 18:29:55 | 000,008,704 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\dot4scan.sys
[2011/12/07 18:29:53 | 000,012,928 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\dot4prt.sys
[2011/12/07 18:29:52 | 000,206,976 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\dot4.sys
[2011/12/07 18:29:34 | 000,029,696 | ---- | C] (CNet Technology, Inc. ) -- C:\WINDOWS\System32\dllcache\dm9pci5.sys
[2011/12/07 18:29:33 | 000,008,320 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\dlttape.sys
[2011/12/07 18:29:31 | 000,026,698 | ---- | C] (D-Link Corporation) -- C:\WINDOWS\System32\dllcache\dlh5xnd5.sys
[2011/12/07 18:29:28 | 000,952,007 | ---- | C] (Eicon Technology) -- C:\WINDOWS\System32\dllcache\diwan.sys
[2011/12/07 18:29:21 | 000,236,060 | ---- | C] (Eicon Technology) -- C:\WINDOWS\System32\dllcache\ditrace.exe
[2011/12/07 18:29:19 | 000,038,985 | ---- | C] (Eicon Technology) -- C:\WINDOWS\System32\dllcache\disrvsu.dll
[2011/12/07 18:29:17 | 000,031,305 | ---- | C] (Eicon Technology) -- C:\WINDOWS\System32\dllcache\disrvpp.dll
[2011/12/07 18:29:15 | 000,006,729 | ---- | C] (Eicon Technology) -- C:\WINDOWS\System32\dllcache\disrvci.dll
[2011/12/07 18:29:07 | 000,091,305 | ---- | C] (Eicon Technology) -- C:\WINDOWS\System32\dllcache\dimaint.sys
[2011/12/07 18:29:05 | 000,614,429 | ---- | C] (Digi International Inc.) -- C:\WINDOWS\System32\dllcache\digiview.exe
[2011/12/07 18:29:03 | 000,042,432 | ---- | C] (Digi International, Inc.) -- C:\WINDOWS\System32\dllcache\digirlpt.sys
[2011/12/07 18:29:01 | 000,110,621 | ---- | C] (Digi International, Inc.) -- C:\WINDOWS\System32\dllcache\digirlpt.dll
[2011/12/07 18:28:59 | 000,021,606 | ---- | C] (Digi International Inc.) -- C:\WINDOWS\System32\dllcache\digiisdn.sys
[2011/12/07 18:28:57 | 000,041,046 | ---- | C] (Digi International Inc.) -- C:\WINDOWS\System32\dllcache\digiisdn.dll
[2011/12/07 18:28:55 | 000,102,484 | ---- | C] (Digi International Inc.) -- C:\WINDOWS\System32\dllcache\digiinf.dll
[2011/12/07 18:28:53 | 000,159,828 | ---- | C] (Digi International Inc.) -- C:\WINDOWS\System32\dllcache\digihlc.dll
[2011/12/07 18:28:51 | 000,229,462 | ---- | C] (Digi International Inc.) -- C:\WINDOWS\System32\dllcache\digifwrk.dll
[2011/12/07 18:28:49 | 000,090,525 | ---- | C] (Digi International Inc.) -- C:\WINDOWS\System32\dllcache\digifep5.sys
[2011/12/07 18:28:47 | 000,103,044 | ---- | C] (Digi International Inc.) -- C:\WINDOWS\System32\dllcache\digidxb.sys
[2011/12/07 18:28:45 | 000,131,156 | ---- | C] (Digi International Inc.) -- C:\WINDOWS\System32\dllcache\digidbp.dll
[2011/12/07 18:28:43 | 000,037,735 | ---- | C] (Digi International Inc.) -- C:\WINDOWS\System32\dllcache\digiasyn.sys
[2011/12/07 18:28:42 | 000,065,622 | ---- | C] (Digi International Inc.) -- C:\WINDOWS\System32\dllcache\digiasyn.dll
[2011/12/07 18:28:33 | 000,419,357 | ---- | C] (Digi International) -- C:\WINDOWS\System32\dllcache\dgconfig.dll
[2011/12/07 18:28:31 | 000,029,531 | ---- | C] (Digi International Inc.) -- C:\WINDOWS\System32\dllcache\dgapci.sys
[2011/12/07 18:28:27 | 000,024,649 | ---- | C] (D-Link) -- C:\WINDOWS\System32\dllcache\dfe650d.sys
[2011/12/07 18:28:25 | 000,024,648 | ---- | C] (D-Link) -- C:\WINDOWS\System32\dllcache\dfe650.sys
[2011/12/07 18:28:23 | 000,024,064 | ---- | C] (Creative Technology Ltd.) -- C:\WINDOWS\System32\dllcache\devldr32.exe
[2011/12/07 18:28:21 | 000,256,512 | ---- | C] (Creative Technology Ltd.) -- C:\WINDOWS\System32\dllcache\devcon32.dll
[2011/12/07 18:28:18 | 000,020,928 | ---- | C] (Digital Networks, LLC) -- C:\WINDOWS\System32\dllcache\defpa.sys
[2011/12/07 18:28:15 | 000,007,424 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\ddsmc.sys
[2011/12/07 18:28:11 | 000,110,592 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\dc260usd.dll
[2011/12/07 18:28:09 | 000,086,016 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\dc240usd.dll
[2011/12/07 18:28:08 | 000,063,208 | ---- | C] (Intel Corporation.) -- C:\WINDOWS\System32\dllcache\dc21x4.sys
[2011/12/07 18:28:06 | 000,080,896 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\dc210usd.dll
[2011/12/07 18:28:03 | 000,025,600 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\dc210_32.dll
[2011/12/07 18:27:54 | 000,014,720 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\dac960nt.sys
[2011/12/07 18:27:52 | 000,179,584 | ---- | C] (Mylex Corporation) -- C:\WINDOWS\System32\dllcache\dac2w2k.sys
[2011/12/07 18:27:39 | 000,117,760 | ---- | C] (Intel Corporation) -- C:\WINDOWS\System32\dllcache\d100ib5.sys
[2011/12/07 18:27:38 | 000,027,648 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\cyzports.dll
[2011/12/07 18:27:36 | 000,049,792 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\cyzport.sys
[2011/12/07 18:27:34 | 000,027,136 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\cyzcoins.dll
[2011/12/07 18:27:32 | 000,027,648 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\cyyports.dll
[2011/12/07 18:27:31 | 000,050,176 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\cyyport.sys
[2011/12/07 18:27:29 | 000,028,672 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\cyycoins.dll
[2011/12/07 18:27:27 | 000,014,848 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\cyclom-y.sys
[2011/12/07 18:27:25 | 000,017,152 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\cyclad-z.sys
[2011/12/07 18:27:24 | 000,048,640 | ---- | C] (Crystal Semiconductor Corp.) -- C:\WINDOWS\System32\dllcache\cwrwdm.sys
[2011/12/07 18:27:22 | 000,093,952 | ---- | C] (Crystal Semiconductor Corp.) -- C:\WINDOWS\System32\dllcache\cwcwdm.sys
[2011/12/07 18:27:21 | 000,111,872 | ---- | C] (Crystal Semiconductor Corp.) -- C:\WINDOWS\System32\dllcache\cwcspud.sys
[2011/12/07 18:27:19 | 000,003,584 | ---- | C] (Crystal Semiconductor Corp.) -- C:\WINDOWS\System32\dllcache\cwcosnt5.sys
[2011/12/07 18:27:17 | 000,072,832 | ---- | C] (Crystal Semiconductor Corp.) -- C:\WINDOWS\System32\dllcache\cwbwdm.sys
[2011/12/07 18:27:15 | 000,003,072 | ---- | C] (Crystal Semiconductor Corp.) -- C:\WINDOWS\System32\dllcache\cwbmidi.sys
[2011/12/07 18:27:14 | 000,003,072 | ---- | C] (Crystal Semiconductor Corp.) -- C:\WINDOWS\System32\dllcache\cwbase.sys
[2011/12/07 18:27:11 | 000,004,096 | ---- | C] (Creative Technology Ltd.) -- C:\WINDOWS\System32\dllcache\ctwdm32.dll
[2011/12/07 18:27:10 | 000,249,856 | ---- | C] (ComtrolŪ Corporation) -- C:\WINDOWS\System32\dllcache\ctmasetp.dll
[2011/12/07 18:27:09 | 000,096,256 | ---- | C] (Copyright © Creative Technology Ltd. 1994-2001) -- C:\WINDOWS\System32\dllcache\ctlsb16.sys
[2011/12/07 18:27:07 | 000,003,712 | ---- | C] (Creative Technology Ltd.) -- C:\WINDOWS\System32\dllcache\ctljystk.sys
[2011/12/07 18:27:05 | 000,006,912 | ---- | C] (Creative Technology Ltd.) -- C:\WINDOWS\System32\dllcache\ctlfacem.sys
[2011/12/07 18:27:01 | 000,175,104 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\csamsp.dll
[2011/12/07 18:26:58 | 000,042,112 | ---- | C] (Conexant Systems Inc.) -- C:\WINDOWS\System32\dllcache\crtaud.sys
[2011/12/07 18:26:56 | 000,216,064 | ---- | C] (COMPAQ Inc.) -- C:\WINDOWS\System32\dllcache\cpscan.dll
[2011/12/07 18:26:53 | 000,060,970 | ---- | C] (Compaq Computer Corp.) -- C:\WINDOWS\System32\dllcache\cpqtrnd5.sys
[2011/12/07 18:26:51 | 000,021,533 | ---- | C] (Compaq Computer Corporation) -- C:\WINDOWS\System32\dllcache\cpqndis5.sys
[2011/12/07 18:26:49 | 000,014,976 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\cpqarray.sys
[2011/12/07 18:26:34 | 000,010,240 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\compbatt.sys
[2011/12/07 18:26:30 | 000,039,936 | ---- | C] (Conexant Systems, Inc.) -- C:\WINDOWS\System32\dllcache\cnxt1803.sys
[2011/12/07 18:26:28 | 000,044,032 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\cnusd.dll
[2011/12/07 18:26:20 | 000,006,656 | ---- | C] (CMD Technology, Inc.) -- C:\WINDOWS\System32\dllcache\cmdide.sys
[2011/12/07 18:26:17 | 000,020,736 | ---- | C] (OMNIKEY AG) -- C:\WINDOWS\System32\dllcache\cmbp0wdm.sys
[2011/12/07 18:26:16 | 000,013,952 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\cmbatt.sys
[2011/12/07 18:26:12 | 000,248,064 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\cl546xm.sys
[2011/12/07 18:26:11 | 000,170,880 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\cl546x.dll
[2011/12/07 18:26:09 | 000,111,232 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\cl5465.dll
[2011/12/07 18:26:08 | 000,045,696 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\cirrus.sys
[2011/12/07 18:26:06 | 000,091,264 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\cirrus.dll
[2011/12/07 18:25:59 | 000,272,640 | ---- | C] (RAVISENT Technologies Inc.) -- C:\WINDOWS\System32\dllcache\cinemclc.sys
[2011/12/07 18:25:54 | 000,980,034 | ---- | C] (Xircom) -- C:\WINDOWS\System32\dllcache\cicap.sys
[2011/12/07 18:25:32 | 000,008,192 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\changer.sys
[2011/12/07 18:25:23 | 000,049,182 | ---- | C] (Xircom, Inc.) -- C:\WINDOWS\System32\dllcache\cem56n5.sys
[2011/12/07 18:25:22 | 000,022,044 | ---- | C] (Xircom, Inc.) -- C:\WINDOWS\System32\dllcache\cem33n5.sys
[2011/12/07 18:25:21 | 000,022,044 | ---- | C] (Xircom, Inc.) -- C:\WINDOWS\System32\dllcache\cem28n5.sys
[2011/12/07 18:25:20 | 000,027,164 | ---- | C] (Xircom, Inc.) -- C:\WINDOWS\System32\dllcache\ce3n5.sys
[2011/12/07 18:25:18 | 000,021,530 | ---- | C] (Xircom, Inc.) -- C:\WINDOWS\System32\dllcache\ce2n5.sys
[2011/12/07 18:25:08 | 000,007,680 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\cd20xrnt.sys
[2011/12/07 18:25:01 | 000,017,024 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\ccdecode.sys
[2011/12/07 18:24:58 | 000,714,698 | ---- | C] (Xircom, Inc.) -- C:\WINDOWS\System32\dllcache\cbmdmkxx.sys
[2011/12/07 18:24:54 | 000,046,108 | ---- | C] (Xircom, Inc.) -- C:\WINDOWS\System32\dllcache\cben5.sys
[2011/12/07 18:24:52 | 000,039,680 | ---- | C] (Silicom Ltd.) -- C:\WINDOWS\System32\dllcache\cb325.sys
[2011/12/07 18:24:49 | 000,037,916 | ---- | C] (Fast Ethernet Controller Provider) -- C:\WINDOWS\System32\dllcache\cb102.sys
[2011/12/07 18:24:40 | 000,032,256 | ---- | C] (Eicon Technology Corporation) -- C:\WINDOWS\System32\dllcache\diapi2NT.dll
[2011/12/07 18:24:24 | 000,164,923 | ---- | C] (Eicon Technology) -- C:\WINDOWS\System32\dllcache\diapi2.sys
[2011/12/07 18:24:03 | 000,121,856 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\camext30.dll
[2011/12/07 18:24:01 | 000,116,736 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\camext30.ax
[2011/12/07 18:23:59 | 000,236,032 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\camext20.dll
[2011/12/07 18:23:57 | 000,244,224 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\camext20.ax
[2011/12/07 18:23:55 | 000,074,240 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\camexo20.dll
[2011/12/07 18:23:53 | 000,073,216 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\camexo20.ax
[2011/12/07 18:23:51 | 000,171,264 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\camdrv30.sys
[2011/12/07 18:23:50 | 000,223,232 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\camdrv21.sys
[2011/12/07 18:23:43 | 000,314,752 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\camdro21.sys
[2011/12/07 18:22:41 | 000,013,824 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\bulltlp3.sys
[2011/12/07 18:22:36 | 000,031,529 | ---- | C] (BreezeCOM) -- C:\WINDOWS\System32\dllcache\brzwlan.sys
[2011/12/07 18:22:35 | 000,010,368 | ---- | C] (Brother Industries Ltd.) -- C:\WINDOWS\System32\dllcache\brusbscn.sys
[2011/12/07 18:22:33 | 000,011,008 | ---- | C] (Brother Industries Ltd.) -- C:\WINDOWS\System32\dllcache\brusbmdm.sys
[2011/12/07 18:22:32 | 000,060,416 | ---- | C] (Brother Industries Ltd.) -- C:\WINDOWS\System32\dllcache\brserwdm.sys
[2011/12/07 18:22:31 | 000,009,728 | ---- | C] (Brother Industries, Ltd.) -- C:\WINDOWS\System32\dllcache\brserif.dll
[2011/12/07 18:22:30 | 000,005,120 | ---- | C] (Brother Industries,Ltd.) -- C:\WINDOWS\System32\dllcache\brscnrsm.dll
[2011/12/07 18:22:28 | 000,039,552 | ---- | C] (Brother Industries Ltd.) -- C:\WINDOWS\System32\dllcache\brparwdm.sys
[2011/12/07 18:22:27 | 000,003,168 | ---- | C] (Brother Industries Ltd.) -- C:\WINDOWS\System32\dllcache\brparimg.sys
[2011/12/07 18:22:23 | 000,041,472 | ---- | C] (Brother Industries, Ltd.) -- C:\WINDOWS\System32\dllcache\brmfusb.dll
[2011/12/07 18:22:22 | 000,032,256 | ---- | C] (Brother Industries, Ltd.) -- C:\WINDOWS\System32\dllcache\brmfrsmg.exe
[2011/12/07 18:22:21 | 000,029,696 | ---- | C] (Brother Industries, Ltd.) -- C:\WINDOWS\System32\dllcache\brmflpt.dll
[2011/12/07 18:22:19 | 000,081,408 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\brmfcwia.dll
[2011/12/07 18:22:18 | 000,015,360 | ---- | C] (Brother Industries, Ltd.) -- C:\WINDOWS\System32\dllcache\brmfbidi.dll
[2011/12/07 18:22:16 | 000,003,968 | ---- | C] (Brother Industries, Ltd.) -- C:\WINDOWS\System32\dllcache\brfiltup.sys
[2011/12/07 18:22:14 | 000,012,160 | ---- | C] (Brother Industries, Ltd.) -- C:\WINDOWS\System32\dllcache\brfiltlo.sys
[2011/12/07 18:22:13 | 000,002,944 | ---- | C] (Brother Industries Ltd.) -- C:\WINDOWS\System32\dllcache\brfilt.sys
[2011/12/07 18:22:12 | 000,012,800 | ---- | C] (Brother Industries, Ltd.) -- C:\WINDOWS\System32\dllcache\brevif.dll
[2011/12/07 18:22:10 | 000,009,728 | ---- | C] (Brother Industries Ltd.) -- C:\WINDOWS\System32\dllcache\brcoinst.dll
[2011/12/07 18:22:09 | 000,019,456 | ---- | C] (Brother Industries, Ltd.) -- C:\WINDOWS\System32\dllcache\brbidiif.dll
[2011/12/07 18:22:02 | 000,102,400 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\binlsvc.dll
[2011/12/07 18:22:00 | 000,011,776 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\bdasup.sys
[2011/12/07 18:21:58 | 000,018,432 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\bdaplgin.ax
[2011/12/07 18:21:57 | 000,871,388 | ---- | C] (BCM) -- C:\WINDOWS\System32\dllcache\bcmdm.sys
[2011/12/07 18:21:56 | 000,026,568 | ---- | C] (Broadcom Corporation) -- C:\WINDOWS\System32\dllcache\bcm4e5.sys
[2011/12/07 18:21:55 | 000,054,271 | ---- | C] (Broadcom Corporation) -- C:\WINDOWS\System32\dllcache\bcm42xx5.sys
[2011/12/07 18:21:54 | 000,066,557 | ---- | C] (Broadcom Corporation) -- C:\WINDOWS\System32\dllcache\bcm42u.sys
[2011/12/07 18:21:48 | 000,014,208 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\battc.sys
[2011/12/07 18:21:46 | 000,036,128 | ---- | C] (3Dfx Interactive, Inc.) -- C:\WINDOWS\System32\dllcache\banshee.sys
[2011/12/07 18:21:45 | 000,342,336 | ---- | C] (3Dfx Interactive, Inc.) -- C:\WINDOWS\System32\dllcache\banshee.dll
[2011/12/07 18:21:43 | 000,096,640 | ---- | C] (Broadcom Corporation) -- C:\WINDOWS\System32\dllcache\b57xp32.sys
[2011/12/07 18:21:41 | 000,089,952 | ---- | C] (AVM GmbH) -- C:\WINDOWS\System32\dllcache\b1cbase.sys
[2011/12/07 18:21:40 | 000,036,992 | ---- | C] (Aztech Systems Ltd) -- C:\WINDOWS\System32\dllcache\aztw2320.sys
[2011/12/07 18:21:38 | 000,037,568 | ---- | C] (AVM GmbH) -- C:\WINDOWS\System32\dllcache\avmwan.sys
[2011/12/07 18:21:36 | 000,144,384 | ---- | C] (AVM GmbH) -- C:\WINDOWS\System32\dllcache\avmenum.dll
[2011/12/07 18:21:35 | 000,087,552 | ---- | C] (AVM GmbH) -- C:\WINDOWS\System32\dllcache\avmcoxp.dll
[2011/12/07 18:21:32 | 000,013,696 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\avcstrm.sys
[2011/12/07 18:21:31 | 000,036,096 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\avcaudio.sys
[2011/12/07 18:21:29 | 000,038,912 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\avc.sys
[2011/12/07 18:20:51 | 000,070,528 | ---- | C] (ATI Technologies Inc.) -- C:\WINDOWS\System32\dllcache\atiragem.sys
[2011/12/07 18:20:50 | 000,104,832 | ---- | C] (ATI Technologies Inc.) -- C:\WINDOWS\System32\dllcache\atiraged.dll
[2011/12/07 18:20:41 | 000,281,600 | ---- | C] (ATI Technologies Inc.) -- C:\WINDOWS\System32\dllcache\atimtai.sys
[2011/12/07 18:20:40 | 000,075,136 | ---- | C] (ATI Technologies Inc.) -- C:\WINDOWS\System32\dllcache\atimpae.sys
[2011/12/07 18:20:38 | 000,289,664 | ---- | C] (ATI Technologies Inc.) -- C:\WINDOWS\System32\dllcache\atimpab.sys
[2011/12/07 18:20:37 | 000,037,376 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\atievxx.exe
[2011/12/07 18:20:32 | 000,268,160 | ---- | C] (ATI Technologies Inc.) -- C:\WINDOWS\System32\dllcache\atidvai.dll
[2011/12/07 18:20:31 | 000,137,216 | ---- | C] (ATI Technologies Inc.) -- C:\WINDOWS\System32\dllcache\atidrae.dll
[2011/12/07 18:20:29 | 000,382,592 | ---- | C] (ATI Technologies Inc.) -- C:\WINDOWS\System32\dllcache\atidrab.dll
[2011/12/07 18:20:04 | 000,077,568 | ---- | C] (ATI Technologies, Inc.) -- C:\WINDOWS\System32\dllcache\ati.sys
[2011/12/07 18:20:02 | 000,096,128 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\ati.dll
[2011/12/07 18:19:59 | 000,097,354 | ---- | C] (Bay Networks, Inc.) -- C:\WINDOWS\System32\dllcache\aspndis3.sys
[2011/12/07 18:19:54 | 000,014,848 | ---- | C] (Advanced System Products, Inc.) -- C:\WINDOWS\System32\dllcache\asc3550.sys
[2011/12/07 18:19:53 | 000,022,400 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\asc3350p.sys
[2011/12/07 18:19:52 | 000,026,496 | ---- | C] (Advanced System Products, Inc.) -- C:\WINDOWS\System32\dllcache\asc.sys
[2011/12/07 18:19:44 | 000,006,272 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\apmbatt.sys
[2011/12/07 18:19:42 | 000,036,224 | ---- | C] (ADMtek Incorporated.) -- C:\WINDOWS\System32\dllcache\an983.sys
[2011/12/07 18:19:40 | 000,012,032 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\amsint.sys
[2011/12/07 18:19:35 | 000,016,969 | ---- | C] (AmbiCom, Inc.) -- C:\WINDOWS\System32\dllcache\amb8002.sys
[2011/12/07 18:19:31 | 000,005,248 | ---- | C] (Acer Laboratories Inc.) -- C:\WINDOWS\System32\dllcache\aliide.sys
[2011/12/07 18:19:30 | 000,026,624 | ---- | C] (Acer Laboratories Inc.) -- C:\WINDOWS\System32\dllcache\alifir.sys
[2011/12/07 18:19:29 | 000,027,678 | ---- | C] (Acer Laboratories Inc.) -- C:\WINDOWS\System32\dllcache\ali5261.sys
[2011/12/07 18:19:27 | 000,056,960 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\aic78xx.sys
[2011/12/07 18:19:26 | 000,055,168 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\aic78u2.sys
[2011/12/07 18:19:25 | 000,012,800 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\aha154x.sys
[2011/12/07 18:18:51 | 000,024,576 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\agcgauge.ax
[2011/12/07 18:10:12 | 000,101,888 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\adpu160m.sys
[2011/12/07 18:10:11 | 000,046,112 | ---- | C] (Adaptec, Inc ) -- C:\WINDOWS\System32\dllcache\adptsf50.sys
[2011/12/07 18:10:09 | 000,010,880 | ---- | C] (Aureal, Inc.) -- C:\WINDOWS\System32\dllcache\admjoy.sys
[2011/12/07 18:10:08 | 000,747,392 | ---- | C] (Aureal, Inc.) -- C:\WINDOWS\System32\dllcache\adm8830.sys
[2011/12/07 18:10:07 | 000,553,984 | ---- | C] (Aureal, Inc.) -- C:\WINDOWS\System32\dllcache\adm8820.sys
[2011/12/07 18:10:06 | 000,584,448 | ---- | C] (Aureal, Inc.) -- C:\WINDOWS\System32\dllcache\adm8810.sys
[2011/12/07 18:10:05 | 000,020,160 | ---- | C] (ADMtek Incorporated) -- C:\WINDOWS\System32\dllcache\adm8511.sys
[2011/12/07 18:10:04 | 000,007,424 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\adicvls.sys
[2011/12/07 18:09:59 | 000,061,440 | ---- | C] (Color Flatbed Scanner) -- C:\WINDOWS\System32\dllcache\acerscad.dll
[2011/12/07 18:09:57 | 000,084,480 | ---- | C] (VIA Technologies, Inc.) -- C:\WINDOWS\System32\dllcache\ac97via.sys
[2011/12/07 18:09:56 | 000,297,728 | ---- | C] (Silicon Integrated Systems Corp.) -- C:\WINDOWS\System32\dllcache\ac97sis.sys
[2011/12/07 18:09:55 | 000,096,256 | ---- | C] (Intel Corporation) -- C:\WINDOWS\System32\dllcache\ac97intc.sys
[2011/12/07 18:09:54 | 000,231,552 | ---- | C] (Acer Laboratories Inc.) -- C:\WINDOWS\System32\dllcache\ac97ali.sys
[2011/12/07 18:09:54 | 000,023,552 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\abp480n5.sys
[2011/12/07 18:09:53 | 000,462,848 | ---- | C] (Aureal Inc.) -- C:\WINDOWS\System32\dllcache\a3dapi.dll
[2011/12/07 18:09:52 | 000,098,304 | ---- | C] (Aureal Semiconductor) -- C:\WINDOWS\System32\dllcache\a3d.dll
[2011/12/07 18:09:51 | 000,038,400 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\8514a.dll
[2011/12/07 18:09:49 | 000,048,128 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\61883.sys
[2011/12/07 18:09:49 | 000,012,288 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\4mmdat.sys
[2011/12/07 18:09:48 | 000,148,352 | ---- | C] (3dfx Interactive, Inc.) -- C:\WINDOWS\System32\dllcache\3dfxvsm.sys
[2011/12/07 18:09:47 | 000,689,216 | ---- | C] (3dfx Interactive, Inc.) -- C:\WINDOWS\System32\dllcache\3dfxvs.dll
[2011/12/07 18:09:45 | 000,762,780 | ---- | C] (3Com, Inc.) -- C:\WINDOWS\System32\dllcache\3cwmcru.sys
[2011/12/07 18:09:43 | 000,011,264 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\1394vdbg.sys
[2011/12/07 18:09:42 | 000,053,376 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\1394bus.sys
[2011/12/07 18:06:19 | 000,066,048 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\s3legacy.dll
[2011/12/01 23:48:30 | 000,000,000 | ---D | C] -- C:\Program Files\rksupport
[2011/12/01 23:35:52 | 000,000,000 | ---D | C] -- C:\TEMP
[2011/12/01 13:39:22 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft
[2011/11/28 18:40:13 | 000,000,000 | ---D | C] -- C:\Program Files\Sophos
[2011/11/28 16:34:36 | 000,000,000 | ---D | C] -- C:\2784d0d9ed344d453ad03b2e6255aabd
[2011/11/23 19:02:23 | 000,144,384 | ---- | C] (Symantec Corporation) -- C:\WINDOWS\System32\DCCMSP32.DLL
[2011/11/23 19:02:22 | 000,104,960 | ---- | C] (Symantec Corporation) -- C:\WINDOWS\System32\DCCEXT32.DLL
[2011/11/23 19:02:17 | 000,132,608 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\WFXMNTHQ.DLL
[2011/11/23 19:02:17 | 000,131,072 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\WFXMNT40.DLL
[2011/11/23 19:02:17 | 000,129,536 | ---- | C] (Symantec Corporation) -- C:\WINDOWS\System32\WFXSVC.EXE
[2011/11/23 19:02:17 | 000,043,008 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\WFXSNT40.EXE
[2011/11/23 19:02:15 | 000,229,888 | ---- | C] (Seagate Software, Information Management Group, Inc.) -- C:\WINDOWS\System32\Crpaig32.dll
[2011/11/23 19:02:14 | 005,350,912 | ---- | C] (Seagate Software, Inc.) -- C:\WINDOWS\System32\Crpe32.dll
[2011/11/23 19:01:49 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Novell Shared
[2011/11/16 14:26:08 | 000,414,368 | ---- | C] (Adobe Systems Incorporated) -- C:\WINDOWS\System32\FlashPlayerCPLApp.cpl
[2011/11/16 13:48:27 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Java
[2011/11/16 13:45:02 | 000,073,728 | ---- | C] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\javacpl.cpl
[4 C:\WINDOWS\System32\dllcache\*.tmp files -> C:\WINDOWS\System32\dllcache\*.tmp -> ]
[4 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[2 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]

========== Files - Modified Within 60 Days ==========

[2012/01/03 13:36:50 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2012/01/02 14:02:28 | 000,000,027 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts
[2012/01/02 13:14:41 | 004,360,898 | R--- | M] (Swearware) -- C:\Documents and Settings\Owner\Desktop\comfix.exe
[2012/01/02 09:16:23 | 000,080,384 | ---- | M] () -- C:\Documents and Settings\Owner\Desktop\MBRCheck.exe
[2012/01/01 21:44:28 | 000,584,192 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Owner\Desktop\OTL.exe
[2011/12/31 22:51:22 | 000,513,949 | ---- | M] () -- C:\Documents and Settings\Owner\clipdat2.rdf
[2011/12/30 14:40:31 | 000,283,403 | ---- | M] () -- C:\WINDOWS\System32\Adobe PDF Printer
[2011/12/30 14:18:28 | 000,000,061 | ---- | M] () -- C:\WINDOWS\TaxACT11.ini
[2011/12/30 09:28:55 | 000,000,057 | ---- | M] () -- C:\WINDOWS\TaxACT08.ini
[2011/12/30 09:23:03 | 000,000,048 | ---- | M] () -- C:\WINDOWS\TaxACT10.ini
[2011/12/27 12:03:41 | 000,233,576 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2011/12/24 21:03:53 | 000,482,632 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2011/12/24 21:03:53 | 000,080,278 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2011/12/24 21:01:05 | 000,000,651 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\LeapFrog Connect.lnk
[2011/12/24 00:01:53 | 000,001,393 | ---- | M] () -- C:\WINDOWS\imsins.BAK
[2011/12/23 00:46:48 | 000,000,579 | ---- | M] () -- C:\Documents and Settings\Owner\Local Settings\Application Data\cookies.ini
[2011/12/22 12:37:35 | 000,000,284 | ---- | M] () -- C:\WINDOWS\tasks\AppleSoftwareUpdate.job
[2011/12/17 14:57:58 | 000,001,734 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Adobe Reader X.lnk
[2011/12/17 12:16:33 | 000,001,548 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\TaxACT 2011.lnk
[2011/12/16 07:29:40 | 000,000,848 | ---- | M] () -- C:\Documents and Settings\Owner\Desktop\Learning Lodge Navigator.lnk
[2011/12/13 19:52:17 | 000,001,017 | ---- | M] () -- C:\Documents and Settings\Owner\Desktop\Shortcut to ssantimalquarantinelogactions.rtf.lnk
[2011/12/13 19:36:52 | 000,000,664 | ---- | M] () -- C:\Documents and Settings\Owner\Desktop\Shortcut to 4 Bleepin.lnk
[2011/12/13 16:36:25 | 000,000,000 | ---- | M] () -- C:\Documents and Settings\Owner\defogger_reenable
[2011/12/13 16:24:59 | 000,001,028 | ---- | M] () -- C:\Documents and Settings\Owner\Desktop\Shortcut to q4mjubgf.exe.lnk
[2011/12/13 16:21:26 | 000,000,462 | ---- | M] () -- C:\Documents and Settings\Owner\Desktop\Shortcut to Downloads.lnk
[2011/12/13 12:07:47 | 000,032,256 | ---- | M] () -- C:\Documents and Settings\Owner\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2011/12/13 08:39:28 | 000,050,477 | ---- | M] () -- C:\Documents and Settings\Owner\Desktop\Defogger.exe
[2011/12/12 22:58:22 | 000,607,260 | R--- | M] (Swearware) -- C:\Documents and Settings\Owner\Desktop\dds.scr
[2011/12/12 09:16:34 | 084,126,048 | ---- | M] () -- C:\Documents and Settings\Owner\Desktop\9p54jp26.exe
[2011/12/11 14:39:35 | 001,577,776 | ---- | M] (Kaspersky Lab ZAO) -- C:\Documents and Settings\Owner\Desktop\tdsskiller.exe
[2011/12/11 10:31:48 | 000,396,288 | ---- | M] (Trend Micro Inc.) -- C:\Documents and Settings\Owner\Desktop\HijackThis.exe
[2011/12/11 10:07:28 | 001,008,120 | ---- | M] () -- C:\Documents and Settings\Owner\Desktop\rkill.com
[2011/12/11 07:15:59 | 000,002,206 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2011/12/08 16:34:43 | 000,000,328 | RHS- | M] () -- C:\boot.ini
[2011/12/08 05:59:08 | 000,252,991 | ---- | M] () -- C:\WINDOWS\System32\FHSetup.exe
[2011/12/03 23:17:01 | 000,000,572 | ---- | M] () -- C:\Documents and Settings\Owner\Moonchild's Documents\spider.sav
[2011/12/03 21:37:06 | 000,129,536 | ---- | M] (Symantec Corporation) -- C:\WINDOWS\System32\WFXSVC.EXE
[2011/11/29 16:23:37 | 000,000,250 | ---- | M] () -- C:\WINDOWS\WINFAX.INI
[2011/11/27 18:09:00 | 000,000,638 | ---- | M] () -- C:\Documents and Settings\Owner\Desktop\Shortcut to timedate.cpl.lnk
[2011/11/23 19:32:34 | 000,000,000 | ---- | M] () -- C:\WINDOWS\WTNSETUP.INI
[2011/11/23 19:26:51 | 000,001,705 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\WinFax Drag & Drop Depot.LNK
[2011/11/23 19:26:50 | 000,000,831 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\WinFax PRO Message Manager.LNK
[2011/11/23 19:01:49 | 000,000,041 | ---- | M] () -- C:\WINDOWS\WFXDEL.BAT
[2011/11/23 18:54:26 | 006,716,310 | ---- | M] () -- C:\WINDOWS\System32\MTRCMQTBBT
[2011/11/23 07:25:32 | 001,859,584 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\win32k.sys
[2011/11/23 07:25:32 | 001,859,584 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\win32k.sys
[2011/11/19 11:45:08 | 000,000,694 | ---- | M] () -- C:\Documents and Settings\Owner\Application Data\Microsoft\Internet Explorer\Quick Launch\CCleaner.lnk
[2011/11/17 08:49:46 | 000,376,621 | ---- | M] () -- C:\Documents and Settings\Owner\Moonchild's Documents\Kane%20County%20Docket%20VOP%2011-16-11.rtf_1.odt
[2011/11/16 14:26:08 | 000,414,368 | ---- | M] (Adobe Systems Incorporated) -- C:\WINDOWS\System32\FlashPlayerCPLApp.cpl
[2011/11/12 11:18:20 | 000,018,560 | ---- | M] (LeapFrog) -- C:\WINDOWS\System32\drivers\FlyUsb.sys
[2011/11/10 05:54:28 | 000,157,472 | ---- | M] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\javaws.exe
[2011/11/10 05:54:28 | 000,149,280 | ---- | M] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\javaw.exe
[2011/11/10 05:54:26 | 000,149,280 | ---- | M] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\java.exe
[2011/11/10 05:54:13 | 000,472,808 | ---- | M] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\deployJava1.dll
[2011/11/10 03:27:10 | 000,073,728 | ---- | M] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\javacpl.cpl
[4 C:\WINDOWS\System32\dllcache\*.tmp files -> C:\WINDOWS\System32\dllcache\*.tmp -> ]
[4 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[2 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]

========== Files Created - No Company Name ==========

[2012/01/02 13:23:07 | 000,208,896 | ---- | C] () -- C:\WINDOWS\MBR.exe
[2012/01/02 13:23:06 | 000,256,000 | ---- | C] () -- C:\WINDOWS\PEV.exe
[2012/01/02 13:23:05 | 000,098,816 | ---- | C] () -- C:\WINDOWS\sed.exe
[2012/01/02 13:23:05 | 000,080,412 | ---- | C] () -- C:\WINDOWS\grep.exe
[2012/01/02 13:23:05 | 000,068,096 | ---- | C] () -- C:\WINDOWS\zip.exe
[2012/01/02 09:16:12 | 000,080,384 | ---- | C] () -- C:\Documents and Settings\Owner\Desktop\MBRCheck.exe
[2011/12/31 22:51:17 | 000,513,949 | ---- | C] () -- C:\Documents and Settings\Owner\clipdat2.rdf
[2011/12/27 12:03:41 | 000,233,576 | ---- | C] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2011/12/24 21:01:05 | 000,000,651 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\LeapFrog Connect.lnk
[2011/12/23 23:42:27 | 000,001,393 | ---- | C] () -- C:\WINDOWS\imsins.BAK
[2011/12/22 12:37:30 | 000,000,284 | ---- | C] () -- C:\WINDOWS\tasks\AppleSoftwareUpdate.job
[2011/12/22 12:37:12 | 000,001,830 | ---- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Apple Software Update.lnk
[2011/12/20 19:21:18 | 000,013,492 | ---- | C] () -- C:\WINDOWS\System32\defprtr2.ppd
[2011/12/20 18:43:59 | 000,283,403 | ---- | C] () -- C:\WINDOWS\System32\Adobe PDF Printer
[2011/12/17 14:57:57 | 000,001,734 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Adobe Reader X.lnk
[2011/12/17 12:16:33 | 000,001,548 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\TaxACT 2011.lnk
[2011/12/17 12:16:33 | 000,000,061 | ---- | C] () -- C:\WINDOWS\TaxACT11.ini
[2011/12/16 07:31:27 | 000,000,579 | ---- | C] () -- C:\Documents and Settings\Owner\Local Settings\Application Data\cookies.ini
[2011/12/16 07:29:39 | 000,000,848 | ---- | C] () -- C:\Documents and Settings\Owner\Desktop\Learning Lodge Navigator.lnk
[2011/12/13 19:52:17 | 000,001,017 | ---- | C] () -- C:\Documents and Settings\Owner\Desktop\Shortcut to ssantimalquarantinelogactions.rtf.lnk
[2011/12/13 19:36:52 | 000,000,664 | ---- | C] () -- C:\Documents and Settings\Owner\Desktop\Shortcut to 4 Bleepin.lnk
[2011/12/13 16:36:25 | 000,000,000 | ---- | C] () -- C:\Documents and Settings\Owner\defogger_reenable
[2011/12/13 16:24:59 | 000,001,028 | ---- | C] () -- C:\Documents and Settings\Owner\Desktop\Shortcut to q4mjubgf.exe.lnk
[2011/12/13 16:21:26 | 000,000,462 | ---- | C] () -- C:\Documents and Settings\Owner\Desktop\Shortcut to Downloads.lnk
[2011/12/13 11:30:00 | 000,252,991 | ---- | C] () -- C:\WINDOWS\System32\FHSetup.exe
[2011/12/13 08:39:27 | 000,050,477 | ---- | C] () -- C:\Documents and Settings\Owner\Desktop\Defogger.exe
[2011/12/12 09:12:14 | 084,126,048 | ---- | C] () -- C:\Documents and Settings\Owner\Desktop\9p54jp26.exe
[2011/12/11 10:07:26 | 001,008,120 | ---- | C] () -- C:\Documents and Settings\Owner\Desktop\rkill.com
[2011/12/08 16:34:43 | 000,000,211 | ---- | C] () -- C:\Boot.bak
[2011/12/08 16:34:34 | 000,260,272 | RHS- | C] () -- C:\cmldr
[2011/12/08 14:28:07 | 000,000,716 | ---- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Secunia PSI.lnk
[2011/12/07 19:10:12 | 000,028,160 | ---- | C] () -- C:\WINDOWS\System32\dllcache\sm91w.dll
[2011/12/07 19:02:35 | 000,033,280 | ---- | C] () -- C:\WINDOWS\System32\dllcache\psisrndr.ax
[2011/12/07 19:02:28 | 000,363,520 | ---- | C] () -- C:\WINDOWS\System32\dllcache\psisdecd.dll
[2011/12/07 18:49:22 | 000,056,832 | ---- | C] () -- C:\WINDOWS\System32\dllcache\msdvbnp.ax
[2011/12/07 18:36:24 | 000,165,888 | ---- | C] () -- C:\WINDOWS\System32\dllcache\hpgt53.dll
[2011/12/07 18:36:17 | 000,093,696 | ---- | C] () -- C:\WINDOWS\System32\dllcache\hpgt42.dll
[2011/12/07 18:36:10 | 000,101,376 | ---- | C] () -- C:\WINDOWS\System32\dllcache\hpgt34.dll
[2011/12/07 18:36:03 | 000,089,088 | ---- | C] () -- C:\WINDOWS\System32\dllcache\hpgt33.dll
[2011/12/07 18:35:49 | 000,083,968 | ---- | C] () -- C:\WINDOWS\System32\dllcache\hpgt21.dll
[2011/12/07 18:29:27 | 000,029,768 | ---- | C] () -- C:\WINDOWS\System32\dllcache\divasu.dll
[2011/12/07 18:29:25 | 000,037,962 | ---- | C] () -- C:\WINDOWS\System32\dllcache\divaprop.dll
[2011/12/07 18:29:23 | 000,006,216 | ---- | C] () -- C:\WINDOWS\System32\dllcache\divaci.dll
[2011/12/07 18:21:05 | 000,023,552 | ---- | C] () -- C:\WINDOWS\System32\dllcache\atixbar.sys
[2011/12/07 18:21:04 | 000,026,624 | ---- | C] () -- C:\WINDOWS\System32\dllcache\ativxbar.sys
[2011/12/07 18:21:00 | 000,019,456 | ---- | C] () -- C:\WINDOWS\System32\dllcache\ativttxx.sys
[2011/12/07 18:20:58 | 000,009,472 | ---- | C] () -- C:\WINDOWS\System32\dllcache\ativmdcd.sys
[2011/12/07 18:20:56 | 000,017,152 | ---- | C] () -- C:\WINDOWS\System32\dllcache\atitvsnd.sys
[2011/12/07 18:20:55 | 000,017,152 | ---- | C] () -- C:\WINDOWS\System32\dllcache\atitunep.sys
[2011/12/07 18:20:54 | 000,026,880 | ---- | C] () -- C:\WINDOWS\System32\dllcache\atirtsnd.sys
[2011/12/07 18:20:52 | 000,049,920 | ---- | C] () -- C:\WINDOWS\System32\dllcache\atirtcap.sys
[2011/12/07 18:20:48 | 000,010,240 | ---- | C] () -- C:\WINDOWS\System32\dllcache\atipcxxx.sys
[2011/12/07 18:20:27 | 000,046,464 | ---- | C] () -- C:\WINDOWS\System32\dllcache\atibt829.sys
[2011/12/01 13:39:24 | 000,001,876 | ---- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Promqry.lnk
[2011/11/27 18:09:00 | 000,000,638 | ---- | C] () -- C:\Documents and Settings\Owner\Desktop\Shortcut to timedate.cpl.lnk
[2011/11/23 19:32:34 | 000,000,000 | ---- | C] () -- C:\WINDOWS\WTNSETUP.INI
[2011/11/23 19:26:51 | 000,001,705 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\WinFax Drag & Drop Depot.LNK
[2011/11/23 19:26:50 | 000,000,831 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\WinFax PRO Message Manager.LNK
[2011/11/23 19:02:23 | 000,037,888 | ---- | C] () -- C:\WINDOWS\System32\DCCWFP32.DLL
[2011/11/23 19:02:18 | 000,000,250 | ---- | C] () -- C:\WINDOWS\WINFAX.INI
[2011/11/23 19:02:17 | 000,010,138 | ---- | C] () -- C:\WINDOWS\System32\MONITOR.INF
[2011/11/23 19:02:13 | 000,017,920 | ---- | C] () -- C:\WINDOWS\System32\IMPLODE.DLL
[2011/11/23 18:51:11 | 006,716,310 | ---- | C] () -- C:\WINDOWS\System32\MTRCMQTBBT
[2011/11/19 11:45:08 | 000,000,694 | ---- | C] () -- C:\Documents and Settings\Owner\Application Data\Microsoft\Internet Explorer\Quick Launch\CCleaner.lnk
[2011/11/17 08:52:24 | 000,376,621 | ---- | C] () -- C:\Documents and Settings\Owner\Moonchild's Documents\Kane%20County%20Docket%20VOP%2011-16-11.rtf_1.odt
[2011/04/26 18:54:01 | 000,005,082 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\ojobkspa.ako
[2011/04/20 19:58:55 | 000,002,528 | ---- | C] () -- C:\Documents and Settings\Owner\Application Data\$_hpcst$.hpc
[2011/03/30 22:06:27 | 000,666,624 | ---- | C] () -- C:\WINDOWS\is-1PSJA.exe
[2011/03/27 13:39:20 | 000,767,952 | ---- | C] () -- C:\WINDOWS\BDTSupport.dll0300.old
[2011/03/25 12:17:30 | 000,132,496 | ---- | C] () -- C:\Documents and Settings\LocalService\Local Settings\Application Data\FontCache3.0.0.0.dat
[2011/03/23 19:11:38 | 000,216,646 | ---- | C] () -- C:\Documents and Settings\LocalService\Local Settings\Application Data\WPFFontCache_v0400-System.dat
[2011/03/11 13:46:31 | 000,434,176 | ---- | C] () -- C:\WINDOWS\System32\CNQL3203.DLL
[2011/02/07 11:22:51 | 000,000,048 | ---- | C] () -- C:\WINDOWS\TaxACT10.ini
[2010/12/06 22:28:50 | 000,001,252 | ---- | C] () -- C:\WINDOWS\System32\tsdigsgn.dat
[2010/03/17 13:47:26 | 000,000,075 | ---- | C] () -- C:\WINDOWS\TaxACT09.ini
[2009/02/02 16:42:16 | 000,000,057 | ---- | C] () -- C:\WINDOWS\TaxACT08.ini
[2008/04/24 09:40:50 | 000,037,027 | ---- | C] () -- C:\WINDOWS\atmoUn.exe
[2008/02/02 13:54:01 | 000,000,103 | ---- | C] () -- C:\WINDOWS\TaxACT02.ini
[2008/02/01 12:33:29 | 000,000,074 | ---- | C] () -- C:\WINDOWS\TaxACT07.ini
[2007/10/06 10:54:02 | 000,262,144 | ---- | C] () -- C:\WINDOWS\System32\default_user_class.dat
[2007/09/30 20:13:38 | 000,000,085 | ---- | C] () -- C:\WINDOWS\ACTExG.INI
[2007/06/11 07:48:16 | 000,039,949 | ---- | C] () -- C:\WINDOWS\php.ini
[2007/02/09 09:06:01 | 000,675,840 | ---- | C] () -- C:\WINDOWS\is-BRE32.exe
[2007/01/03 13:11:22 | 000,032,256 | ---- | C] () -- C:\Documents and Settings\Owner\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2006/12/29 15:43:13 | 000,000,110 | ---- | C] () -- C:\WINDOWS\TaxACT06.ini
[2006/12/10 11:57:44 | 000,000,138 | ---- | C] () -- C:\WINDOWS\wininit.ini
[2006/12/07 14:47:02 | 000,000,142 | ---- | C] () -- C:\WINDOWS\fantasy2.ini
[2006/12/07 14:38:36 | 000,100,864 | ---- | C] () -- C:\WINDOWS\System32\Dc50ip32.dll
[2006/12/07 14:38:35 | 000,065,864 | ---- | C] () -- C:\WINDOWS\System32\Digita.sys
[2006/12/07 14:38:35 | 000,007,808 | ---- | C] () -- C:\WINDOWS\System32\dc240u.sys
[2006/12/07 14:38:30 | 000,153,088 | ---- | C] () -- C:\WINDOWS\System32\SoyWeb.dll
[2006/12/07 14:38:30 | 000,020,480 | ---- | C] () -- C:\WINDOWS\System32\ImgLibLead.dll
[2006/12/07 14:15:41 | 000,036,864 | ---- | C] () -- C:\WINDOWS\System32\hpcoinst.dll
[2006/11/27 15:09:12 | 000,001,047 | ---- | C] () -- C:\WINDOWS\pi2000.ini
[2006/11/27 15:09:12 | 000,000,472 | ---- | C] () -- C:\WINDOWS\pmontage.ini
[2006/09/21 23:49:44 | 000,039,951 | ---- | C] () -- C:\WINDOWS\php_old.ini
[2006/03/15 14:24:32 | 000,023,292 | ---- | C] () -- C:\WINDOWS\UN800114.INI
[2006/03/02 06:43:03 | 000,050,451 | ---- | C] () -- C:\WINDOWS\CSTBox.INI
[2006/02/11 09:28:39 | 000,000,165 | ---- | C] () -- C:\WINDOWS\TaxACT03.ini
[2006/01/21 09:21:38 | 000,107,132 | ---- | C] () -- C:\WINDOWS\UninstallThunderbird.exe
[2006/01/10 19:03:58 | 000,008,864 | ---- | C] () -- C:\WINDOWS\System32\drivers\CDAC15BA.SYS
[2006/01/01 18:24:43 | 000,000,128 | ---- | C] () -- C:\WINDOWS\TaxACT05.ini
[2005/12/21 06:36:04 | 000,107,132 | ---- | C] () -- C:\WINDOWS\UninstallFirefox.exe
[2005/12/12 10:07:38 | 000,000,099 | ---- | C] () -- C:\WINDOWS\Quicken.ini
[2005/11/30 21:17:24 | 000,000,055 | ---- | C] () -- C:\WINDOWS\LiveUpdate.INI
[2005/11/30 21:11:06 | 000,000,148 | ---- | C] () -- C:\WINDOWS\ACTEx.ini
[2005/11/30 19:10:32 | 000,000,000 | R--- | C] () -- C:\WINDOWS\System32\drivers\DVEMODEM.DAT
[2005/11/30 19:10:03 | 000,004,272 | R--- | C] () -- C:\WINDOWS\System32\drivers\bvrp_pci.sys
[2005/11/30 18:50:58 | 000,684,032 | ---- | C] () -- C:\WINDOWS\libeay32.dll
[2005/11/30 18:50:58 | 000,155,648 | ---- | C] () -- C:\WINDOWS\ssleay32.dll
[2005/11/30 14:40:03 | 000,000,000 | ---- | C] () -- C:\WINDOWS\nsreg.dat
[2005/11/30 14:39:04 | 000,011,607 | ---- | C] () -- C:\WINDOWS\mozver.dat
[2005/11/30 13:20:15 | 000,000,543 | ---- | C] () -- C:\WINDOWS\ODBC.INI
[2005/11/30 11:12:51 | 000,000,444 | ---- | C] () -- C:\WINDOWS\System32\d3d8caps.dat
[2005/11/30 11:09:25 | 000,002,048 | --S- | C] () -- C:\WINDOWS\bootstat.dat
[2005/11/30 11:03:17 | 000,021,640 | ---- | C] () -- C:\WINDOWS\System32\emptyregdb.dat
[2005/11/30 04:52:19 | 000,004,161 | ---- | C] () -- C:\WINDOWS\ODBCINST.INI
[2004/09/22 12:47:00 | 000,000,000 | ---- | C] () -- C:\WINDOWS\System32\px.ini
[2004/08/12 08:11:42 | 000,004,627 | ---- | C] () -- C:\WINDOWS\System32\oembios.dat
[2004/08/12 08:11:41 | 013,107,200 | ---- | C] () -- C:\WINDOWS\System32\oembios.bin
[2004/08/12 08:04:52 | 000,004,569 | ---- | C] () -- C:\WINDOWS\System32\secupd.dat
[2004/08/12 08:03:21 | 000,272,128 | ---- | C] () -- C:\WINDOWS\System32\perfi009.dat
[2004/08/12 08:03:20 | 000,482,632 | ---- | C] () -- C:\WINDOWS\System32\perfh009.dat
[2004/08/12 08:03:20 | 000,028,626 | ---- | C] () -- C:\WINDOWS\System32\perfd009.dat
[2004/08/12 08:03:19 | 000,080,278 | ---- | C] () -- C:\WINDOWS\System32\perfc009.dat
[2004/08/12 08:02:25 | 000,000,741 | ---- | C] () -- C:\WINDOWS\System32\noise.dat
[2004/08/12 07:59:52 | 000,673,088 | ---- | C] () -- C:\WINDOWS\System32\mlang.dat
[2004/08/12 07:59:46 | 000,046,258 | ---- | C] () -- C:\WINDOWS\System32\mib.bin
[2004/08/12 07:57:10 | 000,218,003 | ---- | C] () -- C:\WINDOWS\System32\dssec.dat
[2004/08/12 07:56:48 | 000,001,804 | ---- | C] () -- C:\WINDOWS\System32\dcache.bin
[1997/11/17 19:31:04 | 000,003,219 | ---- | C] () -- C:\WINDOWS\System32\mmc.ini

========== LOP Check ==========

[2011/02/28 10:50:00 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\AddressGrabber Standard 2010
[2006/12/22 14:28:10 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Avery
[2011/12/24 20:55:37 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Leapfrog
[2011/03/28 16:12:00 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Motorola
[2007/05/16 07:40:53 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\OrbNetworks
[2011/08/13 10:52:26 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Panda Security
[2008/04/22 09:18:45 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\SupportSoft
[2008/04/24 09:40:42 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Viewpoint
[2011/12/16 07:25:44 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\VTech
[2011/08/10 07:59:18 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\Auslogics
[2011/04/25 16:13:50 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\Azureus
[2011/12/11 11:29:00 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\BitZipper
[2011/12/24 08:38:11 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\Canon
[2011/12/12 19:08:18 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\FreeFixer
[2006/08/14 07:53:45 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\Leadertech
[2011/04/26 18:54:31 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\MOVAVI
[2011/03/11 09:50:40 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\OpenOffice.org
[2011/03/27 19:54:05 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\PCTools
[2010/03/19 18:19:58 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\Thunderbird
[2010/06/08 16:53:10 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\Trillian
[2008/08/11 22:13:31 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\Wal-Mart Digital Photo Viewer
[2010/12/07 14:43:59 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\Windows Search
[2011/12/10 19:36:22 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\WinPatrol

========== Purity Check ==========



========== Alternate Data Streams ==========

@Alternate Data Stream - 88 bytes -> C:\WINDOWS\System32\WFXSVC.EXE:SummaryInformation
@Alternate Data Stream - 88 bytes -> C:\WINDOWS\System32\mobsync.exe:SummaryInformation
@Alternate Data Stream - 88 bytes -> C:\WINDOWS\System32\drivers\etc\hosts.bak:SummaryInformation
@Alternate Data Stream - 88 bytes -> C:\WINDOWS\System32\chkdsk.exe:SummaryInformation

< End of report >




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users