Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Patched user32.dll, W32/Mariofev.worm


  • This topic is locked This topic is locked
11 replies to this topic

#1 1fletch

1fletch

  • Members
  • 6 posts
  • OFFLINE
  •  
  • Local time:09:31 AM

Posted 29 December 2008 - 08:13 AM

Hi, this is the first time I've posted here and I hope someone can help.

I have a Dell Dimension 5000 running Windows XP (Version 2002, Service Pack 3) with McAfee Security Center.

As best I can remember this is the sequence of events.

I believe the problem was first noticed on 12/12/08 - Internet Explorer and Outlook closed and the PC froze. After rebooting, the taskbar icon showing the broadband connection had disappeared and a McAfee virus scan identified a potentially unwanted program 'Patched user32' - the option to remove was selected.

Since then the PC intermittently runs slowly, applications close for no reason and the taskbar/Start button occasionally stops responding altogether. The McAfee virus scan has repeatedly reported the 'patched user32' and each time the remove option has been selected.

Yesterday (28/12/08), after looking at the McAfee website and with a bit of assistance from a friend, the following files were thought to be the problem and deleted:
c:\windows\system32\...
zser32.tmp
zmpyrik
eop.e
r33.es
v1.e2
zed.pa
kj.je
c:\windows\system32\drivers\...
atmapi
although we were unable to delete c:\windows\system32\nvaux32.dll

McAfee Security Center then reported the W32/Mariofev.worm and removed it, this also removed the nvaux32.dll.

However, we were unable to replace the user32.dll with an uninfected one because the XP CD I have can only be used to reinstall the operating system and is not for reinstallation of programs or drivers (seems a bit strange, am I missing something). Also we haven't done anything to the Registry.

A McAfee virus scan today (29/12/08) was clean, but the PC although better is still running slowly at times, the taskbar/Start button has stopped responding a couple of times (requiring a reboot) and the taskbar icon showing the broadband connection is still missing.

Here's hoping I haven't done too much damage and that you can help.


DDS (Version 1.1.0) - NTFSx86
Run by Dave at 11:36:26.18 on 29/12/2008
Internet Explorer: 7.0.5730.11 BrowserJavaVersion: 1.6.0_07
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.1022.548 [GMT 0:00]

AV: McAfee VirusScan *On-access scanning enabled* (Updated)
FW: McAfee Personal Firewall *enabled*

============== Running Processes ===============

C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost -k DcomLaunch
C:\WINDOWS\system32\svchost -k rpcss
C:\WINDOWS\System32\svchost.exe -k netsvcs
C:\WINDOWS\system32\svchost.exe -k NetworkService
C:\WINDOWS\system32\svchost.exe -k LocalService
c:\windows\explorer.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Analog Devices\Core\smax4pnp.exe
C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe
C:\Program Files\Intel\Modem Event Monitor\IntelMEM.exe
C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe
C:\PROGRA~1\COMMON~1\AOL\AOLSPY~1\AOLSP Scheduler.exe
C:\WINDOWS\system32\dla\tfswctrl.exe
C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S4I0F2.EXE
C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\McAfee.com\Agent\mcagent.exe
C:\Program Files\QuickTime\QTTask.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\DellSupport\DSAgnt.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\McAfee\McAfee QuickClean\Plguni.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\PROGRA~1\COMMON~1\AOL\ACS\AOLacsd.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
c:\program files\common files\mcafee\mna\mcnasvc.exe
c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe
C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe
C:\Program Files\McAfee\MPF\MPFSrv.exe
C:\Program Files\blueyonder IST\bin\mpbtn.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\McAfee\MSK\MskSrver.exe
C:\Program Files\Dell Support Center\bin\sprtsvc.exe
C:\WINDOWS\system32\svchost.exe -k imgsvc
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\System32\alg.exe
C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Documents and Settings\Dave\Desktop\dds.scr
C:\WINDOWS\system32\wbem\wmiprvse.exe

============== Pseudo HJT Report ===============

uStart Page = hxxp://www.virginmedia.com/
uSearch Page = hxxp://www.google.com
uDefault_Page_URL = hxxp://www.dell.co.uk/myway
uWindow Title = Internet Explorer Provided by blueyonder
uSearch Bar = hxxp://www.google.com/ie
uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8
uInternet Connection Wizard,ShellNext = hxxp://www.blueyonder.co.uk/
uInternet Settings,ProxyOverride = 127.0.0.1;*.local
uSearchAssistant = hxxp://www.google.com/ie
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
mSearchAssistant = hxxp://www.google.com/ie
mWinlogon: Shell=c:\windows\explorer.exe
mWinlogon: Userinit=c:\windows\system32\userinit.exe
BHO: Adobe PDF Reader Link Helper: {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - c:\program files\adobe\acrobat 7.0\activex\AcroIEHelper.dll
BHO: RealPlayer Download and Record Plugin for Internet Explorer: {3049c3e9-b461-4bc5-8870-4c09146192ca} - c:\program files\real\realplayer\rpbrowserrecordplugin.dll
BHO: DriveLetterAccess: {5ca3d70e-1895-11cf-8e15-001234567890} - c:\windows\system32\dla\tfswshx.dll
BHO: SSVHelper Class: {761497bb-d6f0-462c-b6eb-d4daf1d92d43} - c:\program files\java\jre1.6.0_07\bin\ssv.dll
BHO: scriptproxy: {7db2d5a0-7241-4e79-b68d-6309f01c5231} - c:\program files\mcafee\virusscan\scriptsn.dll
BHO: Google Toolbar Helper: {aa58ed58-01dd-4d91-8333-cf10577473f7} - c:\program files\google\googletoolbar4.dll
BHO: Google Toolbar Notifier BHO: {af69de43-7d58-4638-b6fa-ce66b5ad205d} - c:\program files\google\googletoolbarnotifier\3.1.807.1746\swg.dll
TB: &Google: {2318c2b1-4965-11d4-9b18-009027a5cd4f} - c:\program files\google\googletoolbar4.dll
uRun: [DellSupport] "c:\program files\dellsupport\DSAgnt.exe" /startup
uRun: [MSMSGS] "c:\program files\messenger\msmsgs.exe" /background
uRun: [McAfee QuickClean Imonitor] c:\program files\mcafee\mcafee quickclean\Plguni.exe /START
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
uRun: [swg] c:\program files\google\googletoolbarnotifier\GoogleToolbarNotifier.exe
uRun: [DellSupportCenter] "c:\program files\dell support center\bin\sprtcmd.exe" /P DellSupportCenter
mRun: [SoundMAXPnP] c:\program files\analog devices\core\smax4pnp.exe
mRun: [SunJavaUpdateSched] "c:\program files\java\jre1.6.0_07\bin\jusched.exe"
mRun: [<NO NAME>]
mRun: [ATIPTA] c:\program files\ati technologies\ati control panel\atiptaxx.exe
mRun: [IntelMeM] c:\program files\intel\modem event monitor\IntelMEM.exe
mRun: [DVDLauncher] "c:\program files\cyberlink\powerdvd\DVDLauncher.exe"
mRun: [AOL Spyware Protection] "c:\progra~1\common~1\aol\aolspy~1\AOLSP Scheduler.exe"
mRun: [UpdateManager] "c:\program files\common files\sonic\update manager\sgtray.exe" /r
mRun: [dla] c:\windows\system32\dla\tfswctrl.exe
mRun: [EPSON Stylus Photo R300 Series] c:\windows\system32\spool\drivers\w32x86\3\E_S4I0F2.EXE /P30 "EPSON Stylus Photo R300 Series" /O6 "USB001" /M "Stylus Photo R300"
mRun: [Adobe Photo Downloader] "c:\program files\adobe\photoshop album starter edition\3.0\apps\apdproxy.exe"
mRun: [dscactivate] "c:\program files\dell support center\gs_agent\custom\dsca.exe"
mRun: [TkBellExe] "c:\program files\common files\real\update_ob\realsched.exe" -osboot
mRun: [DellSupportCenter] "c:\program files\dell support center\bin\sprtcmd.exe" /P DellSupportCenter
mRun: [mcagent_exe] c:\program files\mcafee.com\agent\mcagent.exe /runkey
mRun: [AppleSyncNotifier] c:\program files\common files\apple\mobile device support\bin\AppleSyncNotifier.exe
mRun: [QuickTime Task] "c:\program files\quicktime\QTTask.exe" -atboottime
mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe"
dRun: [CTFMON.EXE] c:\windows\system32\CTFMON.EXE
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\adober~1.lnk - c:\program files\adobe\acrobat 7.0\reader\reader_sl.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\aol90t~1.lnk - c:\program files\aol 9.0\aoltray.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\blueyo~1.lnk - c:\program files\blueyonder ist\bin\matcli.exe
IE: E&xport to Microsoft Excel - c:\progra~1\micros~3\office11\EXCEL.EXE/3000
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
IE: {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBC} - c:\program files\java\jre1.6.0_07\bin\ssv.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~3\office11\REFIEBAR.DLL
IE: {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - {FE54FA40-D68C-11d2-98FA-00C0F0318AFE} - c:\windows\system32\Shdocvw.dll
Filter: application/x-internet-signup - {A173B69A-1F9B-4823-9FDA-412F641E65D6} - c:\program files\tiscali\tiscali internet\dlls\tiscalifilter.dll
Handler: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\progra~1\mcafee\sitead~1\McIEPlg.dll
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll

================= FIREFOX ===================

FF - ProfilePath - c:\docume~1\dave\applic~1\mozilla\firefox\profiles\77kkv9t1.default\
FF - prefs.js: browser.search.defaulturl - hxxp://www.google.com/search?lr=&ie=UTF-8&oe=UTF-8&q=
FF - prefs.js: browser.search.selectedEngine - Google
FF - component: c:\program files\mcafee\siteadvisor\components\McFFPlg.dll
FF - component: c:\program files\mozilla firefox\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}\components\googletoolbar.dll
FF - component: c:\program files\mozilla firefox\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}\components\metrics.dll
FF - component: c:\program files\mozilla firefox\extensions\talkback@mozilla.org\components\qfaservices.dll
FF - component: c:\program files\real\realplayer\browserrecord\components\nprpbrowserrecordplugin.dll

ATTENTION: FIREFOX POLICES IS IN FORCE
FF - user.js: dom.disable_open_during_load - true // Popupblocker control handled by McAfee Privacy Service

============= SERVICES / DRIVERS ===============

R1 mfehidk;McAfee Inc. mfehidk;c:\windows\system32\drivers\mfehidk.sys [2007-3-26 201320]
R2 McProxy;McAfee Proxy Service;c:\progra~1\common~1\mcafee\mcproxy\mcproxy.exe [2007-3-26 359248]
R2 McShield;McAfee Real-time Scanner;c:\progra~1\mcafee\viruss~1\mcshield.exe [2007-3-26 144704]
R3 McSysmon;McAfee SystemGuards;c:\progra~1\mcafee\viruss~1\mcsysmon.exe [2007-3-26 695624]
R3 mfeavfk;McAfee Inc. mfeavfk;c:\windows\system32\drivers\mfeavfk.sys [2007-3-26 79304]
R3 mfebopk;McAfee Inc. mfebopk;c:\windows\system32\drivers\mfebopk.sys [2007-3-26 35240]
R3 mfesmfk;McAfee Inc. mfesmfk;c:\windows\system32\drivers\mfesmfk.sys [2007-3-26 40488]
S2 McAfee SiteAdvisor Service;McAfee SiteAdvisor Service; []
S3 mferkdk;McAfee Inc. mferkdk;c:\windows\system32\drivers\mferkdk.sys [2007-3-26 33832]

=============== Created Last 30 ================

2008-12-28 20:39 116,224 a------- c:\windows\system32\dllcache\xrxwiadr.dll
2008-12-28 20:39 23,040 a------- c:\windows\system32\dllcache\xrxwbtmp.dll
2008-12-28 20:39 18,944 a------- c:\windows\system32\dllcache\xrxscnui.dll
2008-12-28 20:37 35,871 a------- c:\windows\system32\dllcache\wbfirdma.sys
2008-12-28 20:36 224,802 a------- c:\windows\system32\dllcache\usr1807a.sys
2008-12-28 20:35 14,336 a------- c:\windows\system32\dllcache\tsprof.exe
2008-12-28 20:34 17,129 a------- c:\windows\system32\dllcache\tdkcd31.sys
2008-12-28 20:33 48,736 a------- c:\windows\system32\dllcache\srwlnd5.sys
2008-12-28 20:32 6,784 a------- c:\windows\system32\dllcache\smbhc.sys
2008-12-28 20:31 18,400 a------- c:\windows\system32\dllcache\sgsmld.sys
2008-12-28 20:30 61,504 a------- c:\windows\system32\dllcache\s3sav3dm.sys
2008-12-28 20:29 19,584 a------- c:\windows\system32\dllcache\rasirda.sys
2008-12-28 20:28 92,416 a------- c:\windows\system32\dllcache\phildec.sys
2008-12-28 20:27 116,736 a------- c:\windows\system32\dllcache\ovcodec2.dll
2008-12-28 20:26 65,278 a------- c:\windows\system32\dllcache\netflx3.sys
2008-12-28 20:25 5,504 a------- c:\windows\system32\dllcache\mstee.sys
2008-12-28 20:24 58,368 a------- c:\windows\system32\dllcache\m3091dc.dll
2008-12-28 20:23 6,144 a------- c:\windows\system32\dllcache\kbd106.dll
2008-12-28 20:22 154,496 a------- c:\windows\system32\dllcache\icam4usb.sys
2008-12-28 20:21 289,887 a------- c:\windows\system32\dllcache\hsf_fall.sys
2008-12-28 20:20 1,733,120 a------- c:\windows\system32\dllcache\g400d.dll
2008-12-28 20:19 347,550 a------- c:\windows\system32\dllcache\es56tpi.sys
2008-12-28 20:18 334,208 a------- c:\windows\system32\dllcache\ds1wdm.sys
2008-12-28 20:17 25,600 a------- c:\windows\system32\dllcache\dc210_32.dll
2008-12-28 20:16 714,698 a------- c:\windows\system32\dllcache\cbmdmkxx.sys
2008-12-28 20:15 38,912 a------- c:\windows\system32\dllcache\avc.sys
2008-12-07 10:03 <DIR> --d----- c:\program files\iPod
2008-12-07 10:03 <DIR> --d----- c:\program files\iTunes
2008-12-07 10:03 <DIR> --d----- c:\docume~1\alluse~1\applic~1\{3276BE95_AF08_429F_A64F_CA64CB79BCF6}

==================== Find3M ====================

2008-12-13 06:40 3,593,216 a------- c:\windows\system32\dllcache\mshtml.dll
2008-12-12 19:32 578,560 a------- c:\windows\system32\user32.dll
2008-12-12 19:32 578,560 a------- c:\windows\system32\dllcache\user32.dll
2008-10-24 11:21 455,296 a------- c:\windows\system32\dllcache\mrxsmb.sys
2008-10-23 12:36 286,720 a------- c:\windows\system32\gdi32.dll
2008-10-23 12:36 286,720 a------- c:\windows\system32\dllcache\gdi32.dll
2008-10-16 14:13 1,809,944 a------- c:\windows\system32\dllcache\wuaueng.dll
2008-10-16 14:13 202,776 a------- c:\windows\system32\dllcache\wuweb.dll
2008-10-16 14:12 323,608 a------- c:\windows\system32\dllcache\wucltui.dll
2008-10-16 14:12 561,688 a------- c:\windows\system32\dllcache\wuapi.dll
2008-10-16 14:09 92,696 a------- c:\windows\system32\dllcache\cdm.dll
2008-10-16 14:09 51,224 a------- c:\windows\system32\dllcache\wuauclt.exe
2008-10-16 14:08 34,328 a------- c:\windows\system32\dllcache\wups.dll
2008-10-16 13:11 70,656 a------- c:\windows\system32\dllcache\ie4uinit.exe
2008-10-16 13:11 13,824 -------- c:\windows\system32\dllcache\ieudinit.exe
2008-10-15 16:34 337,408 a------- c:\windows\system32\dllcache\netapi32.dll
2008-10-15 07:06 633,632 a------- c:\windows\system32\dllcache\iexplore.exe
2008-10-15 07:04 161,792 a------- c:\windows\system32\dllcache\ieakui.dll
2008-10-03 10:02 247,326 a------- c:\windows\system32\strmdll.dll
2008-10-03 10:02 247,326 a------- c:\windows\system32\dllcache\strmdll.dll
2008-03-06 17:42 32 a----r-- c:\documents and settings\all users\hash.dat
2007-11-19 19:18 18,600 a------- c:\documents and settings\dave\rxgrpttq.exe
2007-11-19 19:18 18,600 a------- c:\documents and settings\dave\zxtjzswn.exe
2007-11-19 12:04 18,600 a------- c:\documents and settings\dave\vutgkhkv.exe
2006-10-30 19:56 32,179 ---sh--- c:\program files\common files\Yazzle1461OinUninstaller.exe
2005-11-28 19:49 774,144 a------- c:\program files\RngInterstitial.dll
2008-09-25 08:06 32,768 a--sh--- c:\windows\system32\config\systemprofile\local settings\history\history.ie5\mshist012008092520080926\index.dat

============= FINISH: 11:37:38.34 ===============

Attached Files



BC AdBot (Login to Remove)

 


#2 KoanYorel

KoanYorel

    Bleepin' Conundrum


  • Staff Emeritus
  • 19,461 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:65 miles due East of the &quot;Logic Free Zone&quot;, in Md, USA
  • Local time:05:31 AM

Posted 09 January 2009 - 03:34 PM

Hello and welcome to Bleeping Computer

We apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help.

If you have since resolved the original problem you were having, we would appreciate you letting us know. If not please perform the following steps below so we can have a look at the current condition of your machine. If you have not done so, include a description of your problem, along with any steps you may have performed so far.

Upon completing the steps below a staff member will review and take the steps necessary with you to get your machine back in working order clean and free of malware.


Thanks and again sorry for the delay.

We need to see some information about what is happening in your machine. Please perform the following scan:
  • Download DDS by sUBs from one of the following links. Save it to your desktop.
  • Double click on the DDS icon, allow it to run.
  • A small box will open, with an explaination about the tool. No input is needed, the scan is running.
  • Notepad will open with the results, click no to the Optional_Scan
  • Follow the instructions that pop up for posting the results.
  • Close the program window, and delete the program from your desktop.
Please note: You may have to disable any script protection running if the scan fails to run. After downloading the tool, disconnect from the internet and disable all antivirus protection. Run the scan, enable your A/V and reconnect to the internet. Information on A/V control HERE

This may seem repetitive, but we need to see the current status of your system.
Please Hold on it may take us a day or so to get back with you.

R,
K
The only easy day was yesterday.

...some do, some don't; some will, some won't (WR)

#3 1fletch

1fletch
  • Topic Starter

  • Members
  • 6 posts
  • OFFLINE
  •  
  • Local time:09:31 AM

Posted 10 January 2009 - 09:20 AM

Thanks for responding, one other thing I didn't mention previously is that the DVD-RW drive(E) occasionally opens or part opens for no reason.

Here are the results from the DDS scan:

DDS (Ver_09-01-07.01) - NTFSx86
Run by Dave at 14:04:02.65 on 10/01/2009
Internet Explorer: 7.0.5730.11 BrowserJavaVersion: 1.6.0_07
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.1022.569 [GMT 0:00]

AV: McAfee VirusScan *On-access scanning enabled* (Updated)
FW: McAfee Personal Firewall *enabled*

============== Running Processes ===============

C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost -k DcomLaunch
C:\WINDOWS\system32\svchost -k rpcss
C:\WINDOWS\System32\svchost.exe -k netsvcs
C:\WINDOWS\system32\svchost.exe -k NetworkService
C:\WINDOWS\system32\svchost.exe -k LocalService
c:\windows\explorer.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Analog Devices\Core\smax4pnp.exe
C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe
C:\Program Files\Intel\Modem Event Monitor\IntelMEM.exe
C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe
C:\PROGRA~1\COMMON~1\AOL\AOLSPY~1\AOLSP Scheduler.exe
C:\WINDOWS\system32\dla\tfswctrl.exe
C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S4I0F2.EXE
C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\McAfee.com\Agent\mcagent.exe
C:\Program Files\QuickTime\QTTask.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\DellSupport\DSAgnt.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\McAfee\McAfee QuickClean\Plguni.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\blueyonder IST\bin\mpbtn.exe
C:\PROGRA~1\COMMON~1\AOL\ACS\AOLacsd.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
c:\program files\common files\mcafee\mna\mcnasvc.exe
c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe
C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe
C:\Program Files\McAfee\MPF\MPFSrv.exe
C:\Program Files\McAfee\MSK\MskSrver.exe
C:\Program Files\Dell Support Center\bin\sprtsvc.exe
C:\WINDOWS\system32\svchost.exe -k imgsvc
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\System32\alg.exe
C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Java\jre1.6.0_07\bin\jucheck.exe
C:\Documents and Settings\Dave\Desktop\dds.com
C:\WINDOWS\system32\wbem\wmiprvse.exe

============== Pseudo HJT Report ===============

uStart Page = hxxp://www.virginmedia.com/
uSearch Page = hxxp://www.google.com
uDefault_Page_URL = hxxp://www.dell.co.uk/myway
uWindow Title = Internet Explorer Provided by blueyonder
uSearch Bar = hxxp://www.google.com/ie
uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8
uInternet Connection Wizard,ShellNext = hxxp://www.blueyonder.co.uk/
uInternet Settings,ProxyOverride = 127.0.0.1;*.local
uSearchAssistant = hxxp://www.google.com/ie
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
mSearchAssistant = hxxp://www.google.com/ie
mWinlogon: Shell=c:\windows\explorer.exe
mWinlogon: Userinit=c:\windows\system32\userinit.exe
BHO: Adobe PDF Reader Link Helper: {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - c:\program files\adobe\acrobat 7.0\activex\AcroIEHelper.dll
BHO: RealPlayer Download and Record Plugin for Internet Explorer: {3049c3e9-b461-4bc5-8870-4c09146192ca} - c:\program files\real\realplayer\rpbrowserrecordplugin.dll
BHO: DriveLetterAccess: {5ca3d70e-1895-11cf-8e15-001234567890} - c:\windows\system32\dla\tfswshx.dll
BHO: SSVHelper Class: {761497bb-d6f0-462c-b6eb-d4daf1d92d43} - c:\program files\java\jre1.6.0_07\bin\ssv.dll
BHO: scriptproxy: {7db2d5a0-7241-4e79-b68d-6309f01c5231} - c:\program files\mcafee\virusscan\scriptsn.dll
BHO: Google Toolbar Helper: {aa58ed58-01dd-4d91-8333-cf10577473f7} - c:\program files\google\googletoolbar4.dll
BHO: Google Toolbar Notifier BHO: {af69de43-7d58-4638-b6fa-ce66b5ad205d} - c:\program files\google\googletoolbarnotifier\3.1.807.1746\swg.dll
TB: &Google: {2318c2b1-4965-11d4-9b18-009027a5cd4f} - c:\program files\google\googletoolbar4.dll
EB: Real.com: {fe54fa40-d68c-11d2-98fa-00c0f0318afe} - c:\windows\system32\Shdocvw.dll
uRun: [DellSupport] "c:\program files\dellsupport\DSAgnt.exe" /startup
uRun: [MSMSGS] "c:\program files\messenger\msmsgs.exe" /background
uRun: [McAfee QuickClean Imonitor] c:\program files\mcafee\mcafee quickclean\Plguni.exe /START
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
uRun: [swg] c:\program files\google\googletoolbarnotifier\GoogleToolbarNotifier.exe
uRun: [DellSupportCenter] "c:\program files\dell support center\bin\sprtcmd.exe" /P DellSupportCenter
mRun: [SoundMAXPnP] c:\program files\analog devices\core\smax4pnp.exe
mRun: [SunJavaUpdateSched] "c:\program files\java\jre1.6.0_07\bin\jusched.exe"
mRun: [<NO NAME>]
mRun: [ATIPTA] c:\program files\ati technologies\ati control panel\atiptaxx.exe
mRun: [IntelMeM] c:\program files\intel\modem event monitor\IntelMEM.exe
mRun: [DVDLauncher] "c:\program files\cyberlink\powerdvd\DVDLauncher.exe"
mRun: [AOL Spyware Protection] "c:\progra~1\common~1\aol\aolspy~1\AOLSP Scheduler.exe"
mRun: [UpdateManager] "c:\program files\common files\sonic\update manager\sgtray.exe" /r
mRun: [dla] c:\windows\system32\dla\tfswctrl.exe
mRun: [EPSON Stylus Photo R300 Series] c:\windows\system32\spool\drivers\w32x86\3\E_S4I0F2.EXE /P30 "EPSON Stylus Photo R300 Series" /O6 "USB001" /M "Stylus Photo R300"
mRun: [Adobe Photo Downloader] "c:\program files\adobe\photoshop album starter edition\3.0\apps\apdproxy.exe"
mRun: [dscactivate] "c:\program files\dell support center\gs_agent\custom\dsca.exe"
mRun: [TkBellExe] "c:\program files\common files\real\update_ob\realsched.exe" -osboot
mRun: [DellSupportCenter] "c:\program files\dell support center\bin\sprtcmd.exe" /P DellSupportCenter
mRun: [mcagent_exe] c:\program files\mcafee.com\agent\mcagent.exe /runkey
mRun: [AppleSyncNotifier] c:\program files\common files\apple\mobile device support\bin\AppleSyncNotifier.exe
mRun: [QuickTime Task] "c:\program files\quicktime\QTTask.exe" -atboottime
mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe"
dRun: [CTFMON.EXE] c:\windows\system32\CTFMON.EXE
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\adober~1.lnk - c:\program files\adobe\acrobat 7.0\reader\reader_sl.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\aol90t~1.lnk - c:\program files\aol 9.0\aoltray.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\blueyo~1.lnk - c:\program files\blueyonder ist\bin\matcli.exe
IE: E&xport to Microsoft Excel - c:\progra~1\micros~3\office11\EXCEL.EXE/3000
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
IE: {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBC} - c:\program files\java\jre1.6.0_07\bin\ssv.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~3\office11\REFIEBAR.DLL
IE: {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - {FE54FA40-D68C-11d2-98FA-00C0F0318AFE} - c:\windows\system32\Shdocvw.dll
Filter: application/x-internet-signup - {A173B69A-1F9B-4823-9FDA-412F641E65D6} - c:\program files\tiscali\tiscali internet\dlls\tiscalifilter.dll
Handler: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\progra~1\mcafee\sitead~1\McIEPlg.dll
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll

================= FIREFOX ===================

FF - ProfilePath - c:\docume~1\dave\applic~1\mozilla\firefox\profiles\77kkv9t1.default\
FF - prefs.js: browser.search.defaulturl - hxxp://www.google.com/search?lr=&ie=UTF-8&oe=UTF-8&q=
FF - prefs.js: browser.search.selectedEngine - Google
FF - component: c:\program files\mcafee\siteadvisor\components\McFFPlg.dll
FF - component: c:\program files\mozilla firefox\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}\components\googletoolbar.dll
FF - component: c:\program files\mozilla firefox\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}\components\metrics.dll
FF - component: c:\program files\mozilla firefox\extensions\talkback@mozilla.org\components\qfaservices.dll
FF - component: c:\program files\real\realplayer\browserrecord\components\nprpbrowserrecordplugin.dll

---- FIREFOX POLICIES ----
FF - user.js: dom.disable_open_during_load - true // Popupblocker control handled by McAfee Privacy Service

============= SERVICES / DRIVERS ===============

R1 mfehidk;McAfee Inc. mfehidk;c:\windows\system32\drivers\mfehidk.sys [2007-3-26 201320]
R3 McSysmon;McAfee SystemGuards;c:\progra~1\mcafee\viruss~1\mcsysmon.exe [2007-3-26 695624]
R3 mfeavfk;McAfee Inc. mfeavfk;c:\windows\system32\drivers\mfeavfk.sys [2007-3-26 79304]
R3 mfebopk;McAfee Inc. mfebopk;c:\windows\system32\drivers\mfebopk.sys [2007-3-26 35240]
R3 mfesmfk;McAfee Inc. mfesmfk;c:\windows\system32\drivers\mfesmfk.sys [2007-3-26 40488]
R4 McProxy;McAfee Proxy Service;c:\progra~1\common~1\mcafee\mcproxy\mcproxy.exe [2007-3-26 359248]
R4 McShield;McAfee Real-time Scanner;c:\progra~1\mcafee\viruss~1\mcshield.exe [2007-3-26 144704]
S3 mferkdk;McAfee Inc. mferkdk;c:\windows\system32\drivers\mferkdk.sys [2007-3-26 33832]
S4 McAfee SiteAdvisor Service;McAfee SiteAdvisor Service; [x]

=============== Created Last 30 ================

2008-12-28 20:39 116,224 a------- c:\windows\system32\dllcache\xrxwiadr.dll
2008-12-28 20:39 23,040 a------- c:\windows\system32\dllcache\xrxwbtmp.dll
2008-12-28 20:39 18,944 a------- c:\windows\system32\dllcache\xrxscnui.dll
2008-12-28 20:37 35,871 a------- c:\windows\system32\dllcache\wbfirdma.sys
2008-12-28 20:36 224,802 a------- c:\windows\system32\dllcache\usr1807a.sys
2008-12-28 20:35 14,336 a------- c:\windows\system32\dllcache\tsprof.exe
2008-12-28 20:34 17,129 a------- c:\windows\system32\dllcache\tdkcd31.sys
2008-12-28 20:33 48,736 a------- c:\windows\system32\dllcache\srwlnd5.sys
2008-12-28 20:32 6,784 a------- c:\windows\system32\dllcache\smbhc.sys
2008-12-28 20:31 18,400 a------- c:\windows\system32\dllcache\sgsmld.sys
2008-12-28 20:30 61,504 a------- c:\windows\system32\dllcache\s3sav3dm.sys
2008-12-28 20:29 19,584 a------- c:\windows\system32\dllcache\rasirda.sys
2008-12-28 20:28 92,416 a------- c:\windows\system32\dllcache\phildec.sys
2008-12-28 20:27 116,736 a------- c:\windows\system32\dllcache\ovcodec2.dll
2008-12-28 20:26 65,278 a------- c:\windows\system32\dllcache\netflx3.sys
2008-12-28 20:25 5,504 a------- c:\windows\system32\dllcache\mstee.sys
2008-12-28 20:24 58,368 a------- c:\windows\system32\dllcache\m3091dc.dll
2008-12-28 20:23 6,144 a------- c:\windows\system32\dllcache\kbd106.dll
2008-12-28 20:22 154,496 a------- c:\windows\system32\dllcache\icam4usb.sys
2008-12-28 20:21 289,887 a------- c:\windows\system32\dllcache\hsf_fall.sys
2008-12-28 20:20 1,733,120 a------- c:\windows\system32\dllcache\g400d.dll
2008-12-28 20:19 347,550 a------- c:\windows\system32\dllcache\es56tpi.sys
2008-12-28 20:18 334,208 a------- c:\windows\system32\dllcache\ds1wdm.sys
2008-12-28 20:17 25,600 a------- c:\windows\system32\dllcache\dc210_32.dll
2008-12-28 20:16 714,698 a------- c:\windows\system32\dllcache\cbmdmkxx.sys
2008-12-28 20:15 38,912 a------- c:\windows\system32\dllcache\avc.sys

==================== Find3M ====================

2008-12-13 06:40 3,593,216 a------- c:\windows\system32\dllcache\mshtml.dll
2008-12-12 19:32 578,560 a------- c:\windows\system32\user32.dll
2008-12-12 19:32 578,560 a------- c:\windows\system32\dllcache\user32.dll
2008-10-24 11:21 455,296 a------- c:\windows\system32\dllcache\mrxsmb.sys
2008-10-23 12:36 286,720 a------- c:\windows\system32\gdi32.dll
2008-10-23 12:36 286,720 a------- c:\windows\system32\dllcache\gdi32.dll
2008-10-16 14:13 1,809,944 a------- c:\windows\system32\dllcache\wuaueng.dll
2008-10-16 14:13 202,776 a------- c:\windows\system32\dllcache\wuweb.dll
2008-10-16 14:12 323,608 a------- c:\windows\system32\dllcache\wucltui.dll
2008-10-16 14:12 561,688 a------- c:\windows\system32\dllcache\wuapi.dll
2008-10-16 14:09 92,696 a------- c:\windows\system32\dllcache\cdm.dll
2008-10-16 14:09 51,224 a------- c:\windows\system32\dllcache\wuauclt.exe
2008-10-16 14:08 34,328 a------- c:\windows\system32\dllcache\wups.dll
2008-10-16 13:11 70,656 a------- c:\windows\system32\dllcache\ie4uinit.exe
2008-10-16 13:11 13,824 -------- c:\windows\system32\dllcache\ieudinit.exe
2008-10-15 16:34 337,408 a------- c:\windows\system32\dllcache\netapi32.dll
2008-10-15 07:06 633,632 a------- c:\windows\system32\dllcache\iexplore.exe
2008-10-15 07:04 161,792 a------- c:\windows\system32\dllcache\ieakui.dll
2008-03-06 17:42 32 a----r-- c:\documents and settings\all users\hash.dat
2007-11-19 19:18 18,600 a------- c:\documents and settings\dave\rxgrpttq.exe
2007-11-19 19:18 18,600 a------- c:\documents and settings\dave\zxtjzswn.exe
2007-11-19 12:04 18,600 a------- c:\documents and settings\dave\vutgkhkv.exe
2006-10-30 19:56 32,179 ---sh--- c:\program files\common files\Yazzle1461OinUninstaller.exe
2005-11-28 19:49 774,144 a------- c:\program files\RngInterstitial.dll
2008-09-25 08:06 32,768 a--sh--- c:\windows\system32\config\systemprofile\local settings\history\history.ie5\mshist012008092520080926\index.dat

============= FINISH: 14:04:55.07 ===============

Attached Files



#4 Billy O'Neal

Billy O'Neal

    Visual C++ STL Maintainer


  • Malware Response Team
  • 12,304 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Redmond, Washington
  • Local time:02:31 AM

Posted 11 January 2009 - 10:23 PM

Hello, 1fletch
:thumbsup: to BleepingComputer.com

My name is Billy O'Neal and I will be helping you. (Billy or Bill is fine, if you like.)
Please give me some time to look over your computer's log(s).
Please take note of the following:
  • In the meantime, please refrain from making any changes to your computer.
  • Also, even if things appear to be running better, there is no guarantee that everything is finished. Please continue to check this forum post in order to ensure we get your system completely clean. We do not want to clean you part-way up, only to have the system re-infect itself. :)
  • If you do not understand any step(s) provided, please do not hesitate to ask before continuing. I would much rather clarify instructions or explain them differently than have something important broken.
  • Finally, please reply using the Posted Image button in the lower left hand corner of your screen.
We need to execute an OTMoveIt3 script
  • Please download OTMoveIt3 by OldTimer and save it to your desktop.
  • Double click the Posted Image icon on your desktop.
  • Paste the following code under the Posted Image area. Do not include the word "Code".
    :files
    c:\documents and settings\all users\hash.dat
    c:\documents and settings\dave\rxgrpttq.exe
    c:\documents and settings\dave\zxtjzswn.exe
    c:\documents and settings\dave\vutgkhkv.exe
    c:\program files\common files\Yazzle1461OinUninstaller.exe
    c:\program files\RngInterstitial.dll
  • Push the large Posted Image button.
  • OTMI3 may ask to reboot the machine. Please do so if asked.
  • Copy/Paste the contents under the Posted Image line here in your next reply.
  • If you are unable to copy/paste from this window (as will be the case if the machine was rebooted), open Notepad (Start->All Programs->Accessories->Notepad), click File->Open, in the File Name box enter *.log and press the Enter key, navigate to the C:\_OTMoveIt\MovedFiles folder, and open the newest .log file present, and copy/paste the contents of that document back here in your next post.
We need to create an OTViewIt Report
  • Please download OTViewIt by OldTimer.
  • Save it to your desktop.
  • Double click on the Posted Image icon on your desktop.
  • Click the "Scan All Users" checkbox.
  • Push the Posted Image button.
  • Two reports will open, copy and paste them in a reply here:
  • OTViewIt.txt <-- Will be opened
  • Extra.txt <-- Will be minimized
I would like us to use ESET (NOD32)'s Online Scanner
  • Please go to ESET OnlineScan (NOD32)
  • You will then see the Terms of Use, tick the check-box infront of YES, I accept the Terms of Use
  • Now click Start
  • Should you face a Security Warning that asks if you want to install and run a file called "OnlineScanner.cab", click Yes
  • Click Start
    • Note: (the Onlinescanner will now prepare itself for running on your pc)
  • To do a full-scan, tick: "Remove found threats" and "Scan potentially unwanted applications"
  • Press Scan
  • The Onlinescan will now start and scan your pc (this could take a while)
  • When the scan has finished, it will show a screen with two tabs "overview" and "details" and the option to get information or buy software, just close the window
  • Click Start >> Run... >> type: C:\Program Files\EsetOnlineScanner\log.txt
  • The Scanresults will now open in Notepad
  • Click into the text area, right-click and chose "select all" (or use <Control>+A)
  • Right-click again and chose "Copy" (or <Control>+C)
  • Close/Exit Notepad
  • Navigate to this thread and post your log along with anything else requested from us, by right-clicking and "paste" (or ctrl+v) in the text area of the reply post you just created.
Note: For Vista Users: Eset is compatible but Internet Explorer must be run as Administrator. To do this, right-click on the IE icon in the Start Menu or Quick Launch Bar on the Taskbar and select "Run as Administrator" from the context menu.)

In your next reply, please include the following:
  • OTMoveIt3's Log
  • OTViewIt.txt
  • Extra.txt
  • ESET OnlineScan's Log

BillyIII
Twitter - My statements do not establish the official position of Microsoft Corporation, and are my own personal opinion. (But you already knew that, right?)
Posted Image

#5 1fletch

1fletch
  • Topic Starter

  • Members
  • 6 posts
  • OFFLINE
  •  
  • Local time:09:31 AM

Posted 12 January 2009 - 05:20 PM

Hello Billy,

I've successfully run the OTMoveIt3 script and the OTViewIt scan (results below). Although while running the OTViewIt scan McAfee reported the following:

McAfee has automatically blocked and removed a Trojan.
About this Trojan
Detected: Generic PWS.y (Trojan), Generic PWS.y (Trojan), Generic PWS.y (Trojan), Generic PWS.y (Trojan), Generic PWS.y (Trojan), Generic PWS.y (Trojan)
Location: C:\WINDOWS\SYSTEM32\pciwieax.dll
Trojans appear as legitimate programs but can damage valuable files, disrupt performance, and allow unauthorized access to your computer.

I've tried the ESET OnlineScan twice and each time it failed to produce C:\Program Files\EsetOnlineScanner\log.txt. I didn't see the first scan finish, but the second one was scanning the C:\WINDOWS\SYSTEM32 folder when it stopped and closed Internet Explorer. At the same time McAfee reported and removed Generic PWS.y (Trojan) again. Should I run this scan again? I guess the same thing will probably happen.


OTMoveIt3 results

========== FILES ==========
c:\documents and settings\all users\hash.dat moved successfully.
c:\documents and settings\dave\rxgrpttq.exe moved successfully.
c:\documents and settings\dave\zxtjzswn.exe moved successfully.
c:\documents and settings\dave\vutgkhkv.exe moved successfully.
c:\program files\common files\Yazzle1461OinUninstaller.exe moved successfully.
DllUnregisterServer procedure not found in c:\program files\RngInterstitial.dll
c:\program files\RngInterstitial.dll NOT unregistered.
c:\program files\RngInterstitial.dll moved successfully.

OTMoveIt3 by OldTimer - Version 1.0.8.0 log created on 01122009_173248


OTViewIt logfile created on: 12/01/2009 17:37:32 - Run
OTViewIt by OldTimer - Version 1.0.21.0 Folder = C:\Documents and Settings\Dave\Desktop
Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 7.0.5730.11)
Locale: 00000809 | Country: United Kingdom | Language: ENG | Date Format: dd/MM/yyyy

1022.07 Mb Total Physical Memory | 607.77 Mb Available Physical Memory | 59.46% Memory free
2.41 Gb Paging File | 2.08 Gb Available in Paging File | 86.57% Paging File free
Paging file location(s): C:\pagefile.sys 1536 3072;

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 146.21 Gb Total Space | 115.30 Gb Free Space | 78.86% Space Free | Partition Type: NTFS
D: Drive not present or media not loaded
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: DELL
Current User Name: Dave
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: All users
Whitelist: On
File Age = 30 Days

========== Processes ==========

[2004/08/25 13:26:56 | 00,389,120 | ---- | M] () -- C:\WINDOWS\SYSTEM32\ati2evxx.exe
[2004/10/14 15:42:54 | 01,404,928 | ---- | M] (Analog Devices, Inc.) -- C:\Program Files\Analog Devices\Core\smax4pnp.exe
[2008/06/10 03:27:04 | 00,144,784 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe
[2003/09/03 20:12:44 | 00,221,184 | ---- | M] (Intel Corporation) -- C:\Program Files\Intel\Modem Event Monitor\IntelMEM.exe
[2004/10/12 16:54:30 | 00,057,344 | ---- | M] (CyberLink Corp.) -- C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe
[2004/02/16 14:04:36 | 00,147,456 | ---- | M] (AOL Spyware Protection) -- C:\Program Files\Common Files\AOL\AOL Spyware Protection\AOLSP Scheduler.exe
[2004/12/06 01:05:00 | 00,127,035 | ---- | M] (Sonic Solutions) -- C:\WINDOWS\SYSTEM32\dla\tfswctrl.exe
[2003/09/11 03:00:00 | 00,099,840 | ---- | M] (SEIKO EPSON CORPORATION) -- C:\WINDOWS\SYSTEM32\SPOOL\DRIVERS\W32X86\3\E_S4I0F2.EXE
[2005/06/06 22:46:24 | 00,057,344 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe
[2008/04/27 13:56:42 | 00,185,896 | ---- | M] (RealNetworks, Inc.) -- C:\Program Files\Common Files\Real\Update_OB\realsched.exe
[2008/08/13 17:32:40 | 00,206,064 | ---- | M] (SupportSoft, Inc.) -- C:\Program Files\Dell Support Center\bin\sprtcmd.exe
[2007/11/01 18:12:38 | 00,582,992 | ---- | M] (McAfee, Inc.) -- C:\Program Files\McAfee.com\Agent\mcagent.exe
[2008/11/04 10:30:50 | 00,413,696 | ---- | M] (Apple Inc.) -- C:\Program Files\QuickTime\QTTask.exe
[2008/11/20 13:20:54 | 00,290,088 | ---- | M] (Apple Inc.) -- C:\Program Files\iTunes\iTunesHelper.exe
[2007/03/15 10:09:36 | 00,460,784 | ---- | M] (Gteko Ltd.) -- C:\Program Files\DellSupport\DSAgnt.exe
[2008/04/14 00:12:28 | 01,695,232 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Messenger\msmsgs.exe
[2005/12/01 06:01:00 | 00,110,592 | ---- | M] (McAfee, Inc.) -- C:\Program Files\McAfee\McAfee QuickClean\PlgUni.exe
[2007/07/05 20:09:27 | 00,068,856 | ---- | M] (Google Inc.) -- C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
[2008/10/15 07:06:26 | 00,633,632 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Internet Explorer\iexplore.exe
[2004/02/25 10:55:34 | 01,123,440 | ---- | M] (America Online, Inc.) -- C:\Program Files\Common Files\AOL\ACS\AOLacsd.exe
[2008/11/07 14:28:16 | 00,132,424 | ---- | M] (Apple Inc.) -- C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
[2008/08/29 09:18:44 | 00,238,888 | ---- | M] (Apple Inc.) -- C:\Program Files\Bonjour\mDNSResponder.exe
[2008/01/09 15:50:22 | 00,767,976 | ---- | M] (McAfee, Inc.) -- C:\Program Files\McAfee\MSC\mcmscsvc.exe
[2008/01/25 00:38:12 | 02,458,128 | ---- | M] (McAfee, Inc.) -- c:\Program Files\Common Files\McAfee\MNA\McNASvc.exe
[2007/08/15 11:36:04 | 00,359,248 | ---- | M] (McAfee, Inc.) -- c:\Program Files\Common Files\McAfee\McProxy\McProxy.exe
[2007/07/24 11:02:14 | 00,144,704 | ---- | M] (McAfee, Inc.) -- C:\Program Files\McAfee\VirusScan\Mcshield.exe
[2007/07/18 14:54:42 | 00,856,864 | ---- | M] (McAfee, Inc.) -- C:\Program Files\McAfee\MPF\MpfSrv.exe
[2007/11/26 09:46:14 | 00,023,880 | ---- | M] (McAfee, Inc.) -- C:\Program Files\McAfee\MSK\msksrver.exe
[2008/08/13 17:32:40 | 00,201,968 | ---- | M] (SupportSoft, Inc.) -- C:\Program Files\Dell Support Center\bin\sprtsvc.exe
[2008/11/20 13:20:44 | 00,536,872 | ---- | M] (Apple Inc.) -- C:\Program Files\iPod\bin\iPodService.exe
[2003/07/15 08:22:52 | 00,172,032 | ---- | M] (Motive Communications, Inc.) -- C:\Program Files\blueyonder IST\bin\mpbtn.exe
[2007/12/05 09:04:10 | 00,695,624 | ---- | M] (McAfee, Inc.) -- C:\Program Files\McAfee\VirusScan\mcsysmon.exe
[2008/10/15 07:06:26 | 00,633,632 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Internet Explorer\iexplore.exe
[2008/06/10 03:27:03 | 00,329,104 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Java\jre1.6.0_07\bin\jucheck.exe
[2009/01/12 17:31:10 | 00,348,160 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Dave\Desktop\OTMoveIt3.exe
[2009/01/12 17:36:34 | 00,422,912 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Dave\Desktop\OTViewIt.exe

========== (O23) Win32 Services ==========

[2004/02/25 10:55:34 | 01,123,440 | ---- | M] (America Online, Inc.) -- C:\Program Files\Common Files\AOL\ACS\AOLacsd.exe -- (AOL ACS [Auto | Running])
[2008/11/07 14:28:16 | 00,132,424 | ---- | M] (Apple Inc.) -- C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe -- (Apple Mobile Device [Auto | Running])
[2004/07/15 01:49:26 | 00,032,768 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\aspnet_state.exe -- (aspnet_state [On_Demand | Stopped])
[2004/08/25 13:26:56 | 00,389,120 | ---- | M] () -- C:\WINDOWS\SYSTEM32\ati2evxx.exe -- (Ati HotKey Poller [Auto | Running])
[2008/08/29 09:18:44 | 00,238,888 | ---- | M] (Apple Inc.) -- C:\Program Files\Bonjour\mDNSResponder.exe -- (Bonjour Service [Auto | Running])
[2007/03/07 14:47:46 | 00,076,848 | ---- | M] () -- C:\Program Files\DellSupport\brkrsvc.exe -- (DSBrokerService [On_Demand | Stopped])
[2007/02/02 17:00:54 | 00,138,168 | ---- | M] (Google) -- C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe -- (gusvc [On_Demand | Stopped])
[2005/11/14 00:06:04 | 00,069,632 | ---- | M] (Macrovision Corporation) -- C:\Program Files\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe -- (IDriverT [On_Demand | Stopped])
[2008/11/20 13:20:44 | 00,536,872 | ---- | M] (Apple Inc.) -- C:\Program Files\iPod\bin\iPodService.exe -- (iPod Service [On_Demand | Running])
File not found -- -- (McAfee SiteAdvisor Service [Auto | Stopped])
[2008/01/09 15:50:22 | 00,767,976 | ---- | M] (McAfee, Inc.) -- C:\Program Files\McAfee\MSC\mcmscsvc.exe -- (mcmscsvc [Auto | Running])
[2008/01/25 00:38:12 | 02,458,128 | ---- | M] (McAfee, Inc.) -- c:\Program Files\Common Files\McAfee\MNA\McNASvc.exe -- (McNASvc [Auto | Running])
[2007/11/07 08:35:40 | 00,378,184 | ---- | M] (McAfee, Inc.) -- C:\Program Files\McAfee\VirusScan\mcods.exe -- (McODS [On_Demand | Stopped])
[2007/08/15 11:36:04 | 00,359,248 | ---- | M] (McAfee, Inc.) -- c:\Program Files\Common Files\McAfee\McProxy\McProxy.exe -- (McProxy [Auto | Running])
[2007/07/24 11:02:14 | 00,144,704 | ---- | M] (McAfee, Inc.) -- C:\Program Files\McAfee\VirusScan\Mcshield.exe -- (McShield [Unknown | Running])
[2007/12/05 09:04:10 | 00,695,624 | ---- | M] (McAfee, Inc.) -- C:\Program Files\McAfee\VirusScan\mcsysmon.exe -- (McSysmon [On_Demand | Running])
[2007/07/18 14:54:42 | 00,856,864 | ---- | M] (McAfee, Inc.) -- C:\Program Files\McAfee\MPF\MpfSrv.exe -- (MpfService [Auto | Running])
[2007/11/26 09:46:14 | 00,023,880 | ---- | M] (McAfee, Inc.) -- C:\Program Files\McAfee\MSK\msksrver.exe -- (MSK80Service [Auto | Running])
[2003/07/28 11:28:22 | 00,089,136 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE -- (ose [On_Demand | Stopped])
[2008/08/13 17:32:40 | 00,201,968 | ---- | M] (SupportSoft, Inc.) -- C:\Program Files\Dell Support Center\bin\sprtsvc.exe -- (sprtsvc_dellsupportcenter [Auto | Running])
[2006/10/18 20:05:24 | 00,913,408 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Windows Media Player\wmpnetwk.exe -- (WMPNetworkSvc [On_Demand | Stopped])

========== Driver Services ==========

[2001/08/17 13:51:56 | 00,005,248 | ---- | M] (Acer Laboratories Inc.) -- C:\WINDOWS\SYSTEM32\DRIVERS\ALIIDE.SYS -- (AliIde [Boot | Running])
[2008/04/13 18:36:39 | 00,043,008 | ---- | M] (Advanced Micro Devices, Inc.) -- C:\WINDOWS\SYSTEM32\DRIVERS\amdagp.sys -- (amdagp [Boot | Running])
[2001/08/17 13:52:00 | 00,026,496 | ---- | M] (Advanced System Products, Inc.) -- C:\WINDOWS\SYSTEM32\DRIVERS\ASC.SYS -- (asc [Boot | Running])
[2001/08/17 13:51:58 | 00,014,848 | ---- | M] (Advanced System Products, Inc.) -- C:\WINDOWS\SYSTEM32\DRIVERS\ASC3550.SYS -- (asc3550 [Boot | Running])
[2004/08/25 13:28:46 | 00,787,456 | ---- | M] (ATI Technologies Inc.) -- C:\WINDOWS\SYSTEM32\DRIVERS\ati2mtag.sys -- (ati2mtag [On_Demand | Running])
[2003/09/26 10:41:10 | 00,044,032 | ---- | M] (Broadcom Corporation) -- C:\WINDOWS\SYSTEM32\DRIVERS\bcm4sbxp.sys -- (bcm4sbxp [On_Demand | Running])
[2001/08/17 13:51:54 | 00,006,656 | ---- | M] (CMD Technology, Inc.) -- C:\WINDOWS\SYSTEM32\DRIVERS\CMDIDE.SYS -- (CmdIde [Boot | Running])
[2001/08/17 13:52:16 | 00,179,584 | ---- | M] (Mylex Corporation) -- C:\WINDOWS\SYSTEM32\DRIVERS\DAC2W2K.SYS -- (dac2w2k [Boot | Running])
[2004/12/01 03:22:00 | 00,087,488 | ---- | M] (Sonic Solutions) -- C:\WINDOWS\SYSTEM32\DRIVERS\drvmcdb.sys -- (drvmcdb [Boot | Running])
[2004/11/23 02:56:00 | 00,040,480 | ---- | M] (Sonic Solutions) -- C:\WINDOWS\SYSTEM32\DRIVERS\drvnddm.sys -- (drvnddm [Auto | Running])
[2006/10/05 15:07:28 | 00,004,736 | ---- | M] (Gteko Ltd.) -- C:\Program Files\DellSupport\GTAction\triggers\DSproct.sys -- (DSproct [On_Demand | Running])
[2007/02/25 11:10:48 | 00,005,376 | --S- | M] (Gteko Ltd.) -- C:\WINDOWS\SYSTEM32\DRIVERS\dsunidrv.sys -- (dsunidrv [Auto | Running])
[2001/08/17 12:12:10 | 00,117,760 | ---- | M] (Intel Corporation) -- C:\WINDOWS\SYSTEM32\DRIVERS\E100B325.SYS -- (E100B [On_Demand | Stopped])
[2008/04/17 12:12:54 | 00,015,464 | ---- | M] (GEAR Software Inc.) -- C:\WINDOWS\SYSTEM32\DRIVERS\GEARAspiWDM.sys -- (GEARAspiWDM [On_Demand | Running])
[2004/03/05 22:14:42 | 01,233,525 | ---- | M] (Intel Corporation) -- C:\WINDOWS\SYSTEM32\DRIVERS\IntelC51.sys -- (IntelC51 [On_Demand | Running])
[2004/03/05 22:15:34 | 00,647,929 | ---- | M] (Intel Corporation) -- C:\WINDOWS\SYSTEM32\DRIVERS\IntelC52.sys -- (IntelC52 [On_Demand | Running])
[2004/06/15 22:52:40 | 00,061,157 | ---- | M] (Intel Corporation) -- C:\WINDOWS\SYSTEM32\DRIVERS\IntelC53.sys -- (IntelC53 [On_Demand | Running])
[2008/04/13 18:39:48 | 00,014,592 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\SYSTEM32\DRIVERS\kbdhid.sys -- (kbdhid [System | Running])
[2007/11/22 05:44:08 | 00,079,304 | ---- | M] (McAfee, Inc.) -- C:\WINDOWS\SYSTEM32\DRIVERS\mfeavfk.sys -- (mfeavfk [On_Demand | Running])
[2007/11/22 05:44:08 | 00,035,240 | ---- | M] (McAfee, Inc.) -- C:\WINDOWS\SYSTEM32\DRIVERS\mfebopk.sys -- (mfebopk [On_Demand | Running])
[2007/11/22 05:44:08 | 00,201,320 | ---- | M] (McAfee, Inc.) -- C:\WINDOWS\SYSTEM32\DRIVERS\mfehidk.sys -- (mfehidk [System | Running])
[2007/11/22 05:44:04 | 00,033,832 | ---- | M] (McAfee, Inc.) -- C:\WINDOWS\SYSTEM32\DRIVERS\mferkdk.sys -- (mferkdk [On_Demand | Stopped])
[2007/12/02 11:51:42 | 00,040,488 | ---- | M] (McAfee, Inc.) -- C:\WINDOWS\SYSTEM32\DRIVERS\mfesmfk.sys -- (mfesmfk [On_Demand | Running])
[2001/08/17 13:57:38 | 00,016,128 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\SYSTEM32\DRIVERS\MODEMCSA.sys -- (MODEMCSA [On_Demand | Running])
[2004/03/05 22:13:38 | 00,037,048 | ---- | M] (Intel Corporation) -- C:\WINDOWS\SYSTEM32\DRIVERS\mohfilt.sys -- (mohfilt [On_Demand | Running])
[2007/07/13 05:20:24 | 00,113,952 | ---- | M] (McAfee, Inc.) -- C:\WINDOWS\SYSTEM32\DRIVERS\Mpfp.sys -- (MPFP [System | Running])
[2001/08/17 13:52:12 | 00,017,280 | ---- | M] (American Megatrends Inc.) -- C:\WINDOWS\SYSTEM32\DRIVERS\MRAID35X.SYS -- (mraid35x [Boot | Running])
[2004/08/03 22:29:56 | 01,897,408 | ---- | M] (NVIDIA Corporation) -- C:\WINDOWS\SYSTEM32\DRIVERS\NV4_MINI.SYS -- (nv [On_Demand | Stopped])
[2002/11/08 13:45:06 | 00,017,217 | ---- | M] (Dell Computer Corporation) -- C:\WINDOWS\SYSTEM32\DRIVERS\omci.sys -- (omci [System | Running])
[2004/08/04 05:00:00 | 00,017,792 | ---- | M] (Parallel Technologies, Inc.) -- C:\WINDOWS\SYSTEM32\DRIVERS\PTILINK.SYS -- (Ptilink [On_Demand | Running])
[2004/08/02 02:03:00 | 00,020,576 | ---- | M] (Sonic Solutions) -- C:\WINDOWS\SYSTEM32\DRIVERS\pxhelp20.sys -- (PxHelp20 [Boot | Running])
[2001/08/17 13:52:20 | 00,040,320 | ---- | M] (QLogic Corporation) -- C:\WINDOWS\SYSTEM32\DRIVERS\QL1080.SYS -- (ql1080 [Boot | Running])
[2001/08/17 13:52:20 | 00,045,312 | ---- | M] (QLogic Corporation) -- C:\WINDOWS\SYSTEM32\DRIVERS\QL12160.SYS -- (ql12160 [Boot | Running])
[2001/08/17 13:52:18 | 00,049,024 | ---- | M] (QLogic Corporation) -- C:\WINDOWS\SYSTEM32\DRIVERS\QL1280.SYS -- (ql1280 [Boot | Running])
[2007/11/13 10:25:53 | 00,020,480 | ---- | M] (Macrovision Corporation, Macrovision Europe Limited, and Macrovision Japan and Asia K.K.) -- C:\WINDOWS\SYSTEM32\DRIVERS\secdrv.sys -- (Secdrv [On_Demand | Stopped])
[2004/09/17 10:02:54 | 00,732,928 | ---- | M] (Creative Technology Ltd.) -- C:\WINDOWS\SYSTEM32\DRIVERS\senfilt.sys -- (senfilt [On_Demand | Running])
[2008/04/13 18:36:39 | 00,040,960 | ---- | M] (Silicon Integrated Systems Corporation) -- C:\WINDOWS\SYSTEM32\DRIVERS\sisagp.sys -- (sisagp [Boot | Running])
[2004/10/29 14:14:44 | 00,260,096 | ---- | M] (Analog Devices, Inc.) -- C:\WINDOWS\SYSTEM32\DRIVERS\smwdm.sys -- (smwdm [On_Demand | Running])
[2001/08/17 14:07:44 | 00,019,072 | ---- | M] (Adaptec, Inc.) -- C:\WINDOWS\SYSTEM32\DRIVERS\SPARROW.SYS -- (Sparrow [Boot | Running])
[2004/07/14 11:29:04 | 00,005,627 | ---- | M] (Sonic Solutions) -- C:\WINDOWS\SYSTEM32\DRIVERS\sscdbhk5.sys -- (sscdbhk5 [System | Running])
[2004/07/14 11:28:50 | 00,023,545 | ---- | M] (Sonic Solutions) -- C:\WINDOWS\SYSTEM32\DRIVERS\ssrtln.sys -- (ssrtln [System | Running])
[2001/08/17 14:07:34 | 00,016,256 | ---- | M] (Symbios Logic Inc.) -- C:\WINDOWS\SYSTEM32\DRIVERS\SYMC810.SYS -- (symc810 [Boot | Running])
[2001/08/17 14:07:36 | 00,032,640 | ---- | M] (LSI Logic) -- C:\WINDOWS\SYSTEM32\DRIVERS\SYMC8XX.SYS -- (symc8xx [Boot | Running])
[2001/08/17 14:07:40 | 00,028,384 | ---- | M] (LSI Logic) -- C:\WINDOWS\SYSTEM32\DRIVERS\SYM_HI.SYS -- (sym_hi [Boot | Running])
[2001/08/17 14:07:42 | 00,030,688 | ---- | M] (LSI Logic) -- C:\WINDOWS\SYSTEM32\DRIVERS\SYM_U3.SYS -- (sym_u3 [Boot | Running])
[2004/12/06 01:05:00 | 00,025,883 | ---- | M] (Sonic Solutions) -- C:\WINDOWS\SYSTEM32\dla\tfsnboio.sys -- (tfsnboio [Auto | Running])
[2004/12/06 01:05:00 | 00,034,843 | ---- | M] (Sonic Solutions) -- C:\WINDOWS\SYSTEM32\dla\tfsncofs.sys -- (tfsncofs [Auto | Running])
[2004/12/06 01:05:00 | 00,004,123 | ---- | M] (Sonic Solutions) -- C:\WINDOWS\SYSTEM32\dla\tfsndrct.sys -- (tfsndrct [Auto | Running])
[2004/12/06 01:05:00 | 00,002,239 | ---- | M] (Sonic Solutions) -- C:\WINDOWS\SYSTEM32\dla\tfsndres.sys -- (tfsndres [Auto | Running])
[2004/12/06 01:05:00 | 00,086,586 | ---- | M] (Sonic Solutions) -- C:\WINDOWS\SYSTEM32\dla\tfsnifs.sys -- (tfsnifs [Auto | Running])
[2004/12/06 01:05:00 | 00,015,227 | ---- | M] (Sonic Solutions) -- C:\WINDOWS\SYSTEM32\dla\tfsnopio.sys -- (tfsnopio [Auto | Running])
[2004/12/06 01:05:00 | 00,006,363 | ---- | M] (Sonic Solutions) -- C:\WINDOWS\SYSTEM32\dla\tfsnpool.sys -- (tfsnpool [Auto | Running])
[2004/12/06 01:05:00 | 00,098,714 | ---- | M] (Sonic Solutions) -- C:\WINDOWS\SYSTEM32\dla\tfsnudf.sys -- (tfsnudf [Auto | Running])
[2004/12/06 01:05:00 | 00,100,603 | ---- | M] (Sonic Solutions) -- C:\WINDOWS\SYSTEM32\dla\tfsnudfa.sys -- (tfsnudfa [Auto | Running])
[2001/08/17 13:52:22 | 00,036,736 | ---- | M] (Promise Technology, Inc.) -- C:\WINDOWS\SYSTEM32\DRIVERS\ULTRA.SYS -- (ultra [Boot | Running])
[2008/10/01 12:01:28 | 00,032,000 | ---- | M] (Apple, Inc.) -- C:\WINDOWS\SYSTEM32\DRIVERS\usbaapl.sys -- (USBAAPL [On_Demand | Stopped])
[2003/01/10 16:13:04 | 00,033,588 | ---- | M] (America Online, Inc.) -- C:\WINDOWS\SYSTEM32\DRIVERS\wanatw4.sys -- (wanatw [On_Demand | Running])
[2004/08/04 05:00:00 | 00,012,032 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\SYSTEM32\DRIVERS\WS2IFSL.SYS -- (WS2IFSL [System | Running])

========== (R ) Internet Explorer ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Main]
"Default_Page_URL"=http://go.microsoft.com/fwlink/?LinkId=69157
"Default_Search_URL"=http://go.microsoft.com/fwlink/?LinkId=54896
"Default_Secondary_Page_URL"=
"Extensions Off Page"=about:NoAdd-ons
"Local Page"=%SystemRoot%\system32\blank.htm
"Search Page"=http://go.microsoft.com/fwlink/?LinkId=54896
"Security Risk Page"=about:SecurityRisk
"Start Page"=http://go.microsoft.com/fwlink/?LinkId=69157

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Search]
"CustomizeSearch"=http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchcust.htm
"Default_Search_URL"=http://www.google.com/ie
"SearchAssistant"=http://www.google.com/ie

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main]
"Default_Page_URL"=http://www.dell.co.uk/myway
"Local Page"=C:\WINDOWS\system32\blank.htm
"Search Page"=http://www.google.com
"SearchMigratedDefaultName"=Google
"SearchMigratedDefaultURL"=http://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8
"Start Page"=http://www.virginmedia.com/

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Search]
"SearchAssistant"=http://www.google.com/ie

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchURL]
""=http://www.google.com/search?q=%s

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
"{CFBFAE00-17A6-11D0-99CB-00C04FD64497}" (HKLM) -- C:\WINDOWS\SYSTEM32\ieframe.dll (Microsoft Corporation)

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings]
"ProxyEnable" = 0
"ProxyOverride" = 127.0.0.1;*.local

[HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\Main]
"Default_Page_URL"=http://www.dell.co.uk/myway
"First Home Page"=http://www.dell.co.uk/myway
"Start Page"=http://www.dell.co.uk/myway

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings]
"ProxyEnable" = 0
"ProxyOverride" = 127.0.0.1

[HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Internet Explorer\Main]
"Default_Page_URL"=http://www.dell.co.uk/myway
"First Home Page"=http://www.dell.co.uk/myway
"Start Page"=http://www.dell.co.uk/myway

[HKEY_USERS\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings]
"ProxyEnable" = 0
"ProxyOverride" = 127.0.0.1

[HKEY_USERS\S-1-5-19\SOFTWARE\Microsoft\Internet Explorer\Main]

[HKEY_USERS\S-1-5-20\SOFTWARE\Microsoft\Internet Explorer\Main]

[HKEY_USERS\S-1-5-21-546102094-4041544526-257801300-1006\SOFTWARE\Microsoft\Internet Explorer\Main]
"Default_Page_URL"=http://www.dell.co.uk/myway
"Local Page"=C:\WINDOWS\system32\blank.htm
"Search Page"=http://www.google.com
"SearchMigratedDefaultName"=Google
"SearchMigratedDefaultURL"=http://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8
"Start Page"=http://www.virginmedia.com/

[HKEY_USERS\S-1-5-21-546102094-4041544526-257801300-1006\SOFTWARE\Microsoft\Internet Explorer\Search]
"SearchAssistant"=http://www.google.com/ie

[HKEY_USERS\S-1-5-21-546102094-4041544526-257801300-1006\Software\Microsoft\Internet Explorer\SearchURL]
""=http://www.google.com/search?q=%s

[HKEY_USERS\S-1-5-21-546102094-4041544526-257801300-1006\Software\Microsoft\Internet Explorer\URLSearchHooks]
"{CFBFAE00-17A6-11D0-99CB-00C04FD64497}" (HKLM) -- C:\WINDOWS\SYSTEM32\ieframe.dll (Microsoft Corporation)

[HKEY_USERS\S-1-5-21-546102094-4041544526-257801300-1006\Software\Microsoft\Windows\CurrentVersion\Internet Settings]
"ProxyEnable" = 0
"ProxyOverride" = 127.0.0.1;*.local

========== (O1) Hosts File ==========

HOSTS File = (734 bytes) - C:\WINDOWS\System32\drivers\etc\Hosts
First 25 entries...
127.0.0.1 localhost

========== (O2) BHO's ==========

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\]
{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} (HKLM) -- C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll File not found
{3049C3E9-B461-4BC5-8870-4C09146192CA} (HKLM) -- C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll (RealPlayer)
{5CA3D70E-1895-11CF-8E15-001234567890} (HKLM) -- C:\WINDOWS\SYSTEM32\dla\tfswshx.dll (Sonic Solutions)
{761497BB-D6F0-462C-B6EB-D4DAF1D92D43} (HKLM) -- C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll (Sun Microsystems, Inc.)
{7DB2D5A0-7241-4E79-B68D-6309F01C5231} (HKLM) -- C:\Program Files\McAfee\VirusScan\scriptsn.dll (McAfee, Inc.)
{AA58ED58-01DD-4d91-8333-CF10577473F7} (HKLM) -- c:\Program Files\Google\GoogleToolbar4.dll (Google Inc.)
{AF69DE43-7D58-4638-B6FA-CE66B5AD205D} (HKLM) -- C:\Program Files\Google\GoogleToolbarNotifier\3.1.807.1746\swg.dll (Google Inc.)

========== (O3) Toolbars ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\ToolBar]
"{2318C2B1-4965-11d4-9B18-009027A5CD4F}" (HKLM) -- c:\Program Files\Google\GoogleToolbar4.dll (Google Inc.)

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser]
"{2318C2B1-4965-11D4-9B18-009027A5CD4F}" (HKLM) -- c:\Program Files\Google\GoogleToolbar4.dll (Google Inc.)

[HKEY_USERS\S-1-5-21-546102094-4041544526-257801300-1006\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser]
"{2318C2B1-4965-11D4-9B18-009027A5CD4F}" (HKLM) -- c:\Program Files\Google\GoogleToolbar4.dll (Google Inc.)

========== (O4) Run Keys ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
""= File not found
"Adobe Photo Downloader"="C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe" (Adobe Systems Incorporated)
"AOL Spyware Protection"="C:\PROGRA~1\COMMON~1\AOL\AOLSPY~1\AOLSP Scheduler.exe" (AOL Spyware Protection)
"AppleSyncNotifier"=C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe (Apple Inc.)
"ATIPTA"=C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe (ATI Technologies, Inc.)
"DellSupportCenter"="C:\Program Files\Dell Support Center\bin\sprtcmd.exe" /P DellSupportCenter (SupportSoft, Inc.)
"dla"=C:\WINDOWS\system32\dla\tfswctrl.exe (Sonic Solutions)
"dscactivate"="C:\Program Files\Dell Support Center\gs_agent\custom\dsca.exe" ( )
"DVDLauncher"="C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe" (CyberLink Corp.)
"EPSON Stylus Photo R300 Series"=C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S4I0F2.EXE /P30 "EPSON Stylus Photo R300 Series" /O6 "USB001" /M "Stylus Photo R300" (SEIKO EPSON CORPORATION)
"IntelMeM"=C:\Program Files\Intel\Modem Event Monitor\IntelMEM.exe (Intel Corporation)
"iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" (Apple Inc.)
"mcagent_exe"=C:\Program Files\McAfee.com\Agent\mcagent.exe /runkey (McAfee, Inc.)
"QuickTime Task"="C:\Program Files\QuickTime\QTTask.exe" -atboottime (Apple Inc.)
"SoundMAXPnP"=C:\Program Files\Analog Devices\Core\smax4pnp.exe (Analog Devices, Inc.)
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe" (Sun Microsystems, Inc.)
"TkBellExe"="C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot (RealNetworks, Inc.)
"UpdateManager"="C:\Program Files\Common Files\Sonic\Update Manager\sgtray.exe" /r (Sonic Solutions)

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"DellSupport"="C:\Program Files\DellSupport\DSAgnt.exe" /startup (Gteko Ltd.)
"DellSupportCenter"="C:\Program Files\Dell Support Center\bin\sprtcmd.exe" /P DellSupportCenter (SupportSoft, Inc.)
"McAfee QuickClean Imonitor"=C:\Program Files\McAfee\McAfee QuickClean\Plguni.exe /START (McAfee, Inc.)
"MSMSGS"="C:\Program Files\Messenger\msmsgs.exe" /background (Microsoft Corporation)
"swg"=C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe (Google Inc.)

[HKEY_USERS\S-1-5-21-546102094-4041544526-257801300-1006\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"DellSupport"="C:\Program Files\DellSupport\DSAgnt.exe" /startup (Gteko Ltd.)
"DellSupportCenter"="C:\Program Files\Dell Support Center\bin\sprtcmd.exe" /P DellSupportCenter (SupportSoft, Inc.)
"McAfee QuickClean Imonitor"=C:\Program Files\McAfee\McAfee QuickClean\Plguni.exe /START (McAfee, Inc.)
"MSMSGS"="C:\Program Files\Messenger\msmsgs.exe" /background (Microsoft Corporation)
"swg"=C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe (Google Inc.)

========== (O4) Startup Folders ==========

[2008/04/23 02:38:16 | 00,029,696 | ---- | M] (Adobe Systems Incorporated) -- C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
[2004/03/18 06:56:36 | 00,156,784 | -H-- | M] (America Online, Inc.) -- C:\Documents and Settings\All Users\Start Menu\Programs\Startup\AOL 9.0 Tray Icon.lnk = C:\Program Files\AOL 9.0\aoltray.exe
[2002/08/06 10:07:38 | 00,204,800 | ---- | M] (Motive Communications, Inc.) -- C:\Documents and Settings\All Users\Start Menu\Programs\Startup\blueyonder Instant Support Tool.lnk = C:\Program Files\blueyonder IST\bin\matcli.exe

========== (O6 & O7) Current Version Policies ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System]
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer]
"NoDriveTypeAutoRun"=145

[HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer]
"NoDriveTypeAutoRun"=145

[HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer]
"NoDriveTypeAutoRun"=145

[HKEY_USERS\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer]
"NoDriveTypeAutoRun"=145

[HKEY_USERS\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer]
"NoDriveTypeAutoRun"=145

[HKEY_USERS\S-1-5-21-546102094-4041544526-257801300-1006\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer]
"NoDriveTypeAutoRun"=145

========== (O8) IE Context Menu Extensions ==========

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\MenuExt\]
E&xport to Microsoft Excel: C:\Program Files\Microsoft Office\OFFICE11\EXCEL.EXE [2004/05/19 00:58:38 | 10,080,960 | ---- | M] (Microsoft Corporation)

[HKEY_USERS\S-1-5-21-546102094-4041544526-257801300-1006\Software\Microsoft\Internet Explorer\MenuExt\]
E&xport to Microsoft Excel: C:\Program Files\Microsoft Office\OFFICE11\EXCEL.EXE [2004/05/19 00:58:38 | 10,080,960 | ---- | M] (Microsoft Corporation)

========== (O9) IE Extensions ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extensions\]
{08B0E5C0-4FCB-11CF-AAA5-00401C608501}: Menu: Sun Java Console -- %ProgramFiles%\Java\jre1.6.0_07\bin\npjpi160_07.dll [2008/06/10 03:27:02 | 00,132,496 | ---- | M] (Sun Microsystems, Inc.)
{92780B25-18CC-41C8-B9BE-3C9C571A8263}: Button: Research -- %ProgramFiles%\Microsoft Office\OFFICE11\REFIEBAR.DLL [2003/07/14 21:57:08 | 00,040,512 | ---- | M] (Microsoft Corporation)
{e2e2dd38-d088-4134-82b7-f2ba38496583}: Menu: @xpsp3res.dll,-20001 -- %SystemRoot%\network diagnostic\xpnetdiag.exe [2008/04/13 18:53:32 | 00,558,080 | ---- | M] (Microsoft Corporation)
{FB5F1910-F110-11d2-BB9E-00C04F795683}: Button: Messenger -- %ProgramFiles%\Messenger\msmsgs.exe [2008/04/14 00:12:28 | 01,695,232 | ---- | M] (Microsoft Corporation)
{FB5F1910-F110-11d2-BB9E-00C04F795683}: Menu: Windows Messenger -- %ProgramFiles%\Messenger\msmsgs.exe [2008/04/14 00:12:28 | 01,695,232 | ---- | M] (Microsoft Corporation)

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Extensions\]
CmdMapping\\{08B0E5C0-4FCB-11CF-AAA5-00401C608501} [HKLM] -> %SystemRoot%\SYSTEM32\msjava.dll [Web Browser Applet Control] -> [2003/02/28 17:26:26 | 00,947,472 | ---- | M] (Microsoft Corporation)
CmdMapping\\{39FD89BF-D3F1-45b6-BB56-3582CCF489E1} [HKLM] -> [Reg Error: Key does not exist or could not be opened.] -> File not found
CmdMapping\\{92780B25-18CC-41C8-B9BE-3C9C571A8263} [HKLM] -> %ProgramFiles%\Microsoft Office\OFFICE11\REFIEBAR.DLL [Research] -> [2003/07/14 21:57:08 | 00,040,512 | ---- | M] (Microsoft Corporation)
CmdMapping\\{e2e2dd38-d088-4134-82b7-f2ba38496583} [HKLM] -> %SystemRoot%\network diagnostic\xpnetdiag.exe [@xpsp3res.dll,-20001] -> [2008/04/13 18:53:32 | 00,558,080 | ---- | M] (Microsoft Corporation)
CmdMapping\\{FB5F1910-F110-11d2-BB9E-00C04F795683} [HKLM] -> %ProgramFiles%\Messenger\msmsgs.exe [Messenger] -> [2008/04/14 00:12:28 | 01,695,232 | ---- | M] (Microsoft Corporation)

[HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\Extensions\]
CmdMapping\\{08B0E5C0-4FCB-11CF-AAA5-00401C608501} [HKLM] -> %SystemRoot%\SYSTEM32\msjava.dll [Web Browser Applet Control] -> [2003/02/28 17:26:26 | 00,947,472 | ---- | M] (Microsoft Corporation)
CmdMapping\\{FB5F1910-F110-11d2-BB9E-00C04F795683} [HKLM] -> %ProgramFiles%\Messenger\msmsgs.exe [Messenger] -> [2008/04/14 00:12:28 | 01,695,232 | ---- | M] (Microsoft Corporation)

[HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Internet Explorer\Extensions\]
CmdMapping\\{08B0E5C0-4FCB-11CF-AAA5-00401C608501} [HKLM] -> %SystemRoot%\SYSTEM32\msjava.dll [Web Browser Applet Control] -> [2003/02/28 17:26:26 | 00,947,472 | ---- | M] (Microsoft Corporation)
CmdMapping\\{FB5F1910-F110-11d2-BB9E-00C04F795683} [HKLM] -> %ProgramFiles%\Messenger\msmsgs.exe [Messenger] -> [2008/04/14 00:12:28 | 01,695,232 | ---- | M] (Microsoft Corporation)

[HKEY_USERS\S-1-5-21-546102094-4041544526-257801300-1006\SOFTWARE\Microsoft\Internet Explorer\Extensions\]
CmdMapping\\{08B0E5C0-4FCB-11CF-AAA5-00401C608501} [HKLM] -> %SystemRoot%\SYSTEM32\msjava.dll [Web Browser Applet Control] -> [2003/02/28 17:26:26 | 00,947,472 | ---- | M] (Microsoft Corporation)
CmdMapping\\{39FD89BF-D3F1-45b6-BB56-3582CCF489E1} [HKLM] -> [Reg Error: Key does not exist or could not be opened.] -> File not found
CmdMapping\\{92780B25-18CC-41C8-B9BE-3C9C571A8263} [HKLM] -> %ProgramFiles%\Microsoft Office\OFFICE11\REFIEBAR.DLL [Research] -> [2003/07/14 21:57:08 | 00,040,512 | ---- | M] (Microsoft Corporation)
CmdMapping\\{e2e2dd38-d088-4134-82b7-f2ba38496583} [HKLM] -> %SystemRoot%\network diagnostic\xpnetdiag.exe [@xpsp3res.dll,-20001] -> [2008/04/13 18:53:32 | 00,558,080 | ---- | M] (Microsoft Corporation)
CmdMapping\\{FB5F1910-F110-11d2-BB9E-00C04F795683} [HKLM] -> %ProgramFiles%\Messenger\msmsgs.exe [Messenger] -> [2008/04/14 00:12:28 | 01,695,232 | ---- | M] (Microsoft Corporation)

========== (O12) Internet Explorer Plugins ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Plugins\]
PluginsPage: "" = http://activex.microsoft.com/controls/find...=%s&mime=%s
PluginsPageFriendlyName: "" = Microsoft ActiveX Gallery

========== (O13) Default Prefixes ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\URL\DefaultPrefix]
""=http://

========== (O15) Trusted Sites ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\]
1 domain(s) and sub-domain(s) not assigned to a zone.

========== (O16) DPF ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\]
{17492023-C23A-453E-A040-C7C580BBF700}: http://download.microsoft.com/download/5/B...heckControl.cab -- Windows Genuine Advantage Validation Tool
{8AD9C840-044E-11D1-B3E9-00805F499D93}: http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab -- Java Plug-in 1.6.0_07
{8FFBE65D-2C9C-4669-84BD-5829DC0B603C}: http://fpdownload.macromedia.com/get/flash...t/ultrashim.cab -- Reg Error: Key does not exist or could not be opened.
{BCC0FF27-31D9-4614-A68E-C18E1ADA4389}: http://download.mcafee.com/molbin/shared/m...,23/mcgdmgr.cab -- DwnldGroupMgr Class
{CAFEEFAC-0014-0002-0003-ABCDEFFEDCBA}: http://java.sun.com/products/plugin/autodl...indows-i586.cab -- Java Plug-in 1.4.2_03
{CAFEEFAC-0015-0000-0002-ABCDEFFEDCBA}: http://java.sun.com/update/1.5.0/jinstall-...indows-i586.cab -- Java Plug-in 1.5.0_02
{CAFEEFAC-0015-0000-0004-ABCDEFFEDCBA}: http://java.sun.com/update/1.5.0/jinstall-...indows-i586.cab -- Java Plug-in 1.5.0_04
{CAFEEFAC-0015-0000-0006-ABCDEFFEDCBA}: http://java.sun.com/update/1.5.0/jinstall-...indows-i586.cab -- Java Plug-in 1.5.0_06
{CAFEEFAC-0015-0000-0010-ABCDEFFEDCBA}: http://java.sun.com/update/1.5.0/jinstall-...indows-i586.cab -- Java Plug-in 1.5.0_10
{CAFEEFAC-0015-0000-0011-ABCDEFFEDCBA}: http://java.sun.com/update/1.5.0/jinstall-...indows-i586.cab -- Java Plug-in 1.5.0_11
{CAFEEFAC-0016-0000-0001-ABCDEFFEDCBA}: http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab -- Java Plug-in 1.6.0_01
{CAFEEFAC-0016-0000-0002-ABCDEFFEDCBA}: http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab -- Java Plug-in 1.6.0_02
{CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA}: http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab -- Java Plug-in 1.6.0_03
{CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA}: http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab -- Java Plug-in 1.6.0_05
{CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA}: http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab -- Java Plug-in 1.6.0_07
{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA}: http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab -- Java Plug-in 1.6.0_07
Microsoft XML Parser for Java: file://C:\WINDOWS\Java\classes\xmldso.cab -- Reg Error: Key does not exist or could not be opened.

========== (O17) DNS Name Servers ==========

{0F2F5BAD-6424-4618-8661-8A7818E1ECEF} (Servers: | Description: 1394 Net Adapter)
{1DFDECB1-2443-4C03-A683-C042A1144962} (Servers: | Description: Broadcom 440x 10/100 Integrated Controller)

========== (O21) SSODL Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
"SysTray"={35CEC8A3-2BE6-11D2-8773-92E220524153} (HKLM) -- C:\WINDOWS\SYSTEM32\pciwieax.dll ()

========== Safeboot Options ==========

"AlternateShell"=cmd.exe

========== CDRom AutoRun Settings ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom]
"AutoRun" = 1

========== Autorun Files on Drives ==========

AUTOEXEC.BAT []
[2004/08/10 13:04:08 | 00,000,000 | ---- | M] () -- C:\AUTOEXEC.BAT -- [ NTFS ]

========== Files/Folders - Created Within 30 Days ==========

[2009/01/12 17:36:29 | 00,422,912 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Dave\Desktop\OTViewIt.exe
[2009/01/12 17:32:48 | 00,000,000 | ---D | C] -- C:\_OTMoveIt
[2009/01/12 17:31:05 | 00,348,160 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Dave\Desktop\OTMoveIt3.exe
[2008/12/28 20:39:07 | 00,116,224 | ---- | C] (Xerox) -- C:\WINDOWS\System32\dllcache\xrxwiadr.dll
[2008/12/28 20:39:03 | 00,023,040 | ---- | C] (Xerox Corporation) -- C:\WINDOWS\System32\dllcache\xrxwbtmp.dll
[2008/12/28 20:39:02 | 00,018,944 | ---- | C] () -- C:\WINDOWS\System32\dllcache\xrxscnui.dll
[2008/12/28 20:38:58 | 00,027,648 | ---- | C] () -- C:\WINDOWS\System32\dllcache\xrxftplt.exe
[2008/12/28 20:38:55 | 00,004,608 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\xrxflnch.exe
[2008/12/28 20:38:50 | 00,099,865 | ---- | C] (Eicon Technology) -- C:\WINDOWS\System32\dllcache\xlog.exe
[2008/12/28 20:38:46 | 00,016,970 | ---- | C] (US Robotics MCD (Megahertz)) -- C:\WINDOWS\System32\dllcache\xem336n5.sys
[2008/12/28 20:38:41 | 00,019,200 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\wstcodec.sys
[2008/12/28 20:38:39 | 00,008,192 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\wshirda.dll
[2008/12/28 20:38:29 | 00,008,832 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\wmiacpi.sys
[2008/12/28 20:38:27 | 00,154,624 | ---- | C] (Lucent Technologies) -- C:\WINDOWS\System32\dllcache\wlluc48.sys
[2008/12/28 20:38:23 | 00,034,890 | ---- | C] (Raytheon Corp.) -- C:\WINDOWS\System32\dllcache\wlandrv2.sys
[2008/12/28 20:38:16 | 00,771,581 | ---- | C] (Rockwell) -- C:\WINDOWS\System32\dllcache\winacisa.sys
[2008/12/28 20:38:11 | 00,053,760 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\wiamsmud.dll
[2008/12/28 20:38:08 | 00,087,040 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\wiafbdrv.dll
[2008/12/28 20:38:07 | 00,041,600 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\weitekp9.dll
[2008/12/28 20:38:07 | 00,031,232 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\weitekp9.sys
[2008/12/28 20:38:01 | 00,031,744 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\wceusbsh.sys
[2008/12/28 20:37:57 | 00,035,871 | ---- | C] (Winbond Electronics Corp.) -- C:\WINDOWS\System32\dllcache\wbfirdma.sys
[2008/12/28 20:37:45 | 00,016,925 | ---- | C] (Winbond Electronics Corporation) -- C:\WINDOWS\System32\dllcache\w940nd.sys
[2008/12/28 20:37:41 | 00,019,016 | ---- | C] (Winbond Electronics Corporation) -- C:\WINDOWS\System32\dllcache\w926nd.sys
[2008/12/28 20:37:38 | 00,019,528 | ---- | C] (Winbond Electronics Corporation) -- C:\WINDOWS\System32\dllcache\w840nd.sys
[2008/12/28 20:37:37 | 00,048,256 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\w32.dll
[2008/12/28 20:37:34 | 00,064,605 | ---- | C] (PCtel, Inc.) -- C:\WINDOWS\System32\dllcache\vvoice.sys
[2008/12/28 20:37:30 | 00,397,502 | ---- | C] (PCtel, Inc.) -- C:\WINDOWS\System32\dllcache\vpctcom.sys
[2008/12/28 20:37:26 | 00,604,253 | ---- | C] (PCTEL, INC.) -- C:\WINDOWS\System32\dllcache\vmodem.sys
[2008/12/28 20:37:22 | 00,249,402 | ---- | C] (Xircom) -- C:\WINDOWS\System32\dllcache\vinwm.sys
[2008/12/28 20:37:17 | 00,053,760 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\vfwwdm32.dll
[2008/12/28 20:37:12 | 00,687,999 | ---- | C] (U.S. Robotics Corporation) -- C:\WINDOWS\System32\dllcache\usrwdxjs.sys
[2008/12/28 20:37:08 | 00,765,884 | ---- | C] (U.S. Robotics, Inc.) -- C:\WINDOWS\System32\dllcache\usrti.sys
[2008/12/28 20:37:05 | 00,113,762 | ---- | C] (U.S. Robotics Corporation) -- C:\WINDOWS\System32\dllcache\usrpda.sys
[2008/12/28 20:37:01 | 00,007,556 | ---- | C] (U.S. Robotics Corporation) -- C:\WINDOWS\System32\dllcache\usroslba.sys
[2008/12/28 20:36:57 | 00,224,802 | ---- | C] (U.S. Robotics Corporation) -- C:\WINDOWS\System32\dllcache\usr1807a.sys
[2008/12/28 20:36:54 | 00,794,399 | ---- | C] (U.S. Robotics, Inc.) -- C:\WINDOWS\System32\dllcache\usr1806v.sys
[2008/12/28 20:36:50 | 00,793,598 | ---- | C] (U.S. Robotics, Inc.) -- C:\WINDOWS\System32\dllcache\usr1806.sys
[2008/12/28 20:36:46 | 00,794,654 | ---- | C] (U.S. Robotics, Inc.) -- C:\WINDOWS\System32\dllcache\usr1801.sys
[2008/12/28 20:36:44 | 00,026,112 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\usbser.sys
[2008/12/28 20:36:42 | 00,017,152 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\usbohci.sys
[2008/12/28 20:36:41 | 00,060,032 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\usbaudio.sys
[2008/12/28 20:36:39 | 00,032,384 | ---- | C] (KLSI USA, Inc.) -- C:\WINDOWS\System32\dllcache\usb101et.sys
[2008/12/28 20:36:34 | 00,094,720 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\umaxud32.dll
[2008/12/28 20:36:31 | 00,028,160 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\umaxu40.dll
[2008/12/28 20:36:27 | 00,026,624 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\umaxu22.dll
[2008/12/28 20:36:24 | 00,069,632 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\umaxu12.dll
[2008/12/28 20:36:21 | 00,050,688 | ---- | C] (UMAX DATA SYSTEMS INC.) -- C:\WINDOWS\System32\dllcache\umaxscan.dll
[2008/12/28 20:36:17 | 00,022,912 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\umaxpcls.sys
[2008/12/28 20:36:14 | 00,050,176 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\umaxp60.dll
[2008/12/28 20:36:11 | 00,047,616 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\umaxcam.dll
[2008/12/28 20:36:07 | 00,211,968 | ---- | C] (UMAX Data Systems Inc.) -- C:\WINDOWS\System32\dllcache\um54scan.dll
[2008/12/28 20:36:04 | 00,216,064 | ---- | C] (UMAX Data Systems Inc.) -- C:\WINDOWS\System32\dllcache\um34scan.dll
[2008/12/28 20:35:59 | 00,014,336 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\tsprof.exe
[2008/12/28 20:35:55 | 00,166,784 | ---- | C] (Trident Microsystems Inc.) -- C:\WINDOWS\System32\dllcache\tridxpm.sys
[2008/12/28 20:35:51 | 00,525,568 | ---- | C] (Trident Microsystems Inc.) -- C:\WINDOWS\System32\dllcache\tridxp.dll
[2008/12/28 20:35:48 | 00,159,232 | ---- | C] (Trident Microsystems Inc.) -- C:\WINDOWS\System32\dllcache\tridkbm.sys
[2008/12/28 20:35:45 | 00,440,576 | ---- | C] (Trident Microsystems Inc.) -- C:\WINDOWS\System32\dllcache\tridkb.dll
[2008/12/28 20:35:41 | 00,222,336 | ---- | C] (Trident Microsystems Inc.) -- C:\WINDOWS\System32\dllcache\trid3dm.sys
[2008/12/28 20:35:38 | 00,315,520 | ---- | C] (Trident Microsystems Inc.) -- C:\WINDOWS\System32\dllcache\trid3d.dll
[2008/12/28 20:35:12 | 00,123,995 | ---- | C] (Tiger Jet Network) -- C:\WINDOWS\System32\dllcache\tjisdn.sys
[2008/12/28 20:35:10 | 00,185,344 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\thawbrkr.dll
[2008/12/28 20:35:07 | 00,138,528 | ---- | C] (Trident Microsystems Inc.) -- C:\WINDOWS\System32\dllcache\tgiulnt5.sys
[2008/12/28 20:35:04 | 00,081,408 | ---- | C] (Trident Microsystems Inc.) -- C:\WINDOWS\System32\dllcache\tgiul50.dll
[2008/12/28 20:35:02 | 00,149,376 | ---- | C] (M-Systems) -- C:\WINDOWS\System32\dllcache\tffsport.sys
[2008/12/28 20:35:02 | 00,019,464 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\tdspx.sys
[2008/12/28 20:34:58 | 00,017,129 | ---- | C] (TDK Corporation) -- C:\WINDOWS\System32\dllcache\tdkcd31.sys
[2008/12/28 20:34:55 | 00,037,961 | ---- | C] (TDK Corporation) -- C:\WINDOWS\System32\dllcache\tdk100b.sys
[2008/12/28 20:34:55 | 00,021,896 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\tdipx.sys
[2008/12/28 20:34:54 | 00,013,192 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\tdasync.sys
[2008/12/28 20:34:47 | 00,007,040 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\tandqic.sys
[2008/12/28 20:34:44 | 00,036,640 | ---- | C] (Number Nine Visual Technology Corp.) -- C:\WINDOWS\System32\dllcache\t2r4mini.sys
[2008/12/28 20:34:41 | 00,172,768 | ---- | C] (Number Nine Visual Technology) -- C:\WINDOWS\System32\dllcache\t2r4disp.dll
[2008/12/28 20:34:36 | 00,094,293 | ---- | C] (Perle Systems Ltd. ) -- C:\WINDOWS\System32\dllcache\sxports.dll
[2008/12/28 20:34:32 | 00,103,936 | ---- | C] (Perle Systems Ltd. ) -- C:\WINDOWS\System32\dllcache\sx.sys
[2008/12/28 20:34:29 | 00,003,968 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\swusbflt.sys
[2008/12/28 20:34:26 | 00,010,240 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\swpidflt.dll
[2008/12/28 20:34:23 | 00,010,240 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\swpdflt2.dll
[2008/12/28 20:34:20 | 00,053,760 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\sw_wheel.dll
[2008/12/28 20:34:17 | 00,041,472 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\sw_effct.dll
[2008/12/28 20:34:15 | 00,015,232 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\streamip.sys
[2008/12/28 20:34:12 | 00,155,648 | ---- | C] (Stallion Technologies) -- C:\WINDOWS\System32\dllcache\stlnprop.dll
[2008/12/28 20:34:09 | 00,053,248 | ---- | C] (Stallion Technologies) -- C:\WINDOWS\System32\dllcache\stlncoin.dll
[2008/12/28 20:34:06 | 00,285,760 | ---- | C] (Stallion Technologies) -- C:\WINDOWS\System32\dllcache\stlnata.sys
[2008/12/28 20:34:02 | 00,016,896 | ---- | C] (SCM Microsystems, Inc.) -- C:\WINDOWS\System32\dllcache\stcusb.sys
[2008/12/28 20:33:58 | 00,048,736 | ---- | C] (3Com) -- C:\WINDOWS\System32\dllcache\srwlnd5.sys
[2008/12/28 20:33:55 | 00,099,328 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\srusd.dll
[2008/12/28 20:33:54 | 00,101,376 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\srusbusd.dll
[2008/12/28 20:33:50 | 00,024,660 | ---- | C] (Perle Systems Ltd.) -- C:\WINDOWS\System32\dllcache\spxupchk.dll
[2008/12/28 20:33:46 | 00,061,824 | ---- | C] (Perle Systems Ltd.) -- C:\WINDOWS\System32\dllcache\speed.sys
[2008/12/28 20:33:43 | 00,106,584 | ---- | C] (Perle Systems Ltd.) -- C:\WINDOWS\System32\dllcache\spdports.dll
[2008/12/28 20:33:27 | 00,009,600 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\sonymc.sys
[2008/12/28 20:33:26 | 00,007,552 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\sonyait.sys
[2008/12/28 20:33:25 | 00,143,422 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\softkey.dll
[2008/12/28 20:33:22 | 00,007,168 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\EXCH_snprfdll.dll
[2008/12/28 20:33:22 | 00,007,040 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\snyaitmc.sys
[2008/12/28 20:33:21 | 00,010,240 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\snmpstup.dll
[2008/12/28 20:33:19 | 00,012,288 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\EXCH_smtpctrs.dll
[2008/12/28 20:33:18 | 00,005,632 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\smimsgif.dll
[2008/12/28 20:33:15 | 00,058,368 | ---- | C] (Silicon Motion Inc.) -- C:\WINDOWS\System32\dllcache\smiminib.sys
[2008/12/28 20:33:15 | 00,005,632 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\smierrsy.dll
[2008/12/28 20:33:14 | 00,015,872 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\smierrsm.dll
[2008/12/28 20:33:11 | 00,147,200 | ---- | C] (Silicon Motion Inc.) -- C:\WINDOWS\System32\dllcache\smidispb.dll
[2008/12/28 20:33:08 | 00,025,034 | ---- | C] (SMC Networks, Inc.) -- C:\WINDOWS\System32\dllcache\smcpwr2n.sys
[2008/12/28 20:33:05 | 00,035,913 | ---- | C] (SMC) -- C:\WINDOWS\System32\dllcache\smcirda.sys
[2008/12/28 20:33:02 | 00,024,576 | ---- | C] (SMC Networks, Inc.) -- C:\WINDOWS\System32\dllcache\smc8000n.sys
[2008/12/28 20:32:59 | 00,006,784 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\smbhc.sys
[2008/12/28 20:32:58 | 00,006,912 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\smbclass.sys
[2008/12/28 20:32:57 | 00,016,000 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\smbbatt.sys
[2008/12/28 20:32:56 | 00,031,744 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\smb6w.dll
[2008/12/28 20:32:53 | 00,045,568 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\smb3w.dll
[2008/12/28 20:32:50 | 00,033,792 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\smb0w.dll
[2008/12/28 20:32:50 | 00,031,744 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\sma3w.dll
[2008/12/28 20:32:47 | 00,038,912 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\sm9aw.dll
[2008/12/28 20:32:47 | 00,028,672 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\sma0w.dll
[2008/12/28 20:32:46 | 00,026,624 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\sm93w.dll
[2008/12/28 20:32:46 | 00,026,624 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\sm92w.dll
[2008/12/28 20:32:43 | 00,028,160 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\sm91w.dll
[2008/12/28 20:32:43 | 00,026,112 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\sm90w.dll
[2008/12/28 20:32:42 | 00,029,184 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\sm8cw.dll
[2008/12/28 20:32:42 | 00,026,112 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\sm8dw.dll
[2008/12/28 20:32:42 | 00,026,112 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\sm8aw.dll
[2008/12/28 20:32:42 | 00,026,112 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\sm89w.dll
[2008/12/28 20:32:41 | 00,030,208 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\sm87w.dll
[2008/12/28 20:32:41 | 00,030,208 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\sm81w.dll
[2008/12/28 20:32:41 | 00,025,088 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\sm59w.dll
[2008/12/28 20:32:39 | 00,011,136 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\slip.sys
[2008/12/28 20:32:38 | 00,063,547 | ---- | C] (Symbol Technologies) -- C:\WINDOWS\System32\dllcache\sla30nd5.sys
[2008/12/28 20:32:35 | 00,091,294 | ---- | C] (SysKonnect, a business unit of Schneider & Koch & Co. Datensysteme GmbH.) -- C:\WINDOWS\System32\dllcache\skfpwin.sys
[2008/12/28 20:32:32 | 00,094,698 | ---- | C] (SysKonnect GmbH.) -- C:\WINDOWS\System32\dllcache\sk98xwin.sys
[2008/12/28 20:32:24 | 00,032,768 | ---- | C] (SiS Corporation) -- C:\WINDOWS\System32\dllcache\sisnic.sys
[2008/12/28 20:32:06 | 00,018,944 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\simptcp.dll
[2008/12/28 20:32:00 | 00,161,568 | ---- | C] (Micro Systemation) -- C:\WINDOWS\System32\dllcache\sgsmusb.sys
[2008/12/28 20:31:57 | 00,018,400 | ---- | C] (Micro Systemation) -- C:\WINDOWS\System32\dllcache\sgsmld.sys
[2008/12/28 20:31:54 | 00,098,080 | ---- | C] (Trident Microsystems Inc.) -- C:\WINDOWS\System32\dllcache\sgiulnt5.sys
[2008/12/28 20:31:51 | 00,386,560 | ---- | C] (Trident Microsystems Inc.) -- C:\WINDOWS\System32\dllcache\sgiul50.dll
[2008/12/28 20:31:44 | 00,006,784 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\serscan.sys
[2008/12/28 20:31:41 | 00,017,664 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\sermouse.sys
[2008/12/28 20:31:40 | 00,026,112 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\EXCH_seos.dll
[2008/12/28 20:31:37 | 00,006,912 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\seaddsmc.sys
[2008/12/28 20:31:35 | 00,011,520 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\scsiscan.sys
[2008/12/28 20:31:32 | 00,057,856 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\EXCH_scripto.dll
[2008/12/28 20:31:32 | 00,011,648 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\scsiprnt.sys
[2008/12/28 20:31:28 | 00,017,280 | ---- | C] (SCM Microsystems) -- C:\WINDOWS\System32\dllcache\scr111.sys
[2008/12/28 20:31:26 | 00,016,640 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\scmstcs.sys
[2008/12/28 20:31:22 | 00,023,936 | ---- | C] (OMNIKEY AG) -- C:\WINDOWS\System32\dllcache\sccmusbm.sys
[2008/12/28 20:31:19 | 00,023,936 | ---- | C] (OMNIKEY AG) -- C:\WINDOWS\System32\dllcache\sccmn50m.sys
[2008/12/28 20:31:17 | 00,043,904 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\sbp2port.sys
[2008/12/28 20:31:05 | 00,077,824 | ---- | C] (S3 Incorporated) -- C:\WINDOWS\System32\dllcache\s3sav4m.sys
[2008/12/28 20:31:02 | 00,198,400 | ---- | C] (S3 Incorporated) -- C:\WINDOWS\System32\dllcache\s3sav4.dll
[2008/12/28 20:30:59 | 00,061,504 | ---- | C] (S3 Incorporated) -- C:\WINDOWS\System32\dllcache\s3sav3dm.sys
[2008/12/28 20:30:56 | 00,179,264 | ---- | C] (S3 Incorporated) -- C:\WINDOWS\System32\dllcache\s3sav3d.dll
[2008/12/28 20:30:53 | 00,210,496 | ---- | C] (S3 Incorporated) -- C:\WINDOWS\System32\dllcache\s3mvirge.dll
[2008/12/28 20:30:50 | 00,062,496 | ---- | C] (S3 Incorporated) -- C:\WINDOWS\System32\dllcache\s3mtrio.dll
[2008/12/28 20:30:47 | 00,041,216 | ---- | C] (S3 Incorporated) -- C:\WINDOWS\System32\dllcache\s3mt3d.sys
[2008/12/28 20:30:44 | 00,182,272 | ---- | C] (S3 Incorporated) -- C:\WINDOWS\System32\dllcache\s3mt3d.dll
[2008/12/28 20:30:41 | 00,166,720 | ---- | C] (S3 Incorporated) -- C:\WINDOWS\System32\dllcache\s3m.sys
[2008/12/28 20:30:38 | 00,065,664 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\s3legacy.sys
[2008/12/28 20:30:35 | 00,082,432 | ---- | C] (Ricoh Co., Ltd.) -- C:\WINDOWS\System32\dllcache\rwia450.dll
[2008/12/28 20:30:32 | 00,079,872 | ---- | C] (Ricoh Co., Ltd.) -- C:\WINDOWS\System32\dllcache\rwia430.dll
[2008/12/28 20:30:31 | 00,079,872 | ---- | C] (Ricoh Co., Ltd.) -- C:\WINDOWS\System32\dllcache\rwia330.dll
[2008/12/28 20:30:31 | 00,079,872 | ---- | C] (Ricoh Co., Ltd.) -- C:\WINDOWS\System32\dllcache\rwia001.dll
[2008/12/28 20:30:30 | 00,029,696 | ---- | C] (Ricoh Co., Ltd.) -- C:\WINDOWS\System32\dllcache\rw450ext.dll
[2008/12/28 20:30:29 | 00,027,648 | ---- | C] (Ricoh Co., Ltd.) -- C:\WINDOWS\System32\dllcache\rw430ext.dll
[2008/12/28 20:30:27 | 00,020,992 | ---- | C] (Realtek Semiconductor Corporation) -- C:\WINDOWS\System32\dllcache\rtl8139.sys
[2008/12/28 20:30:24 | 00,019,017 | ---- | C] (Realtek Semiconductor Corporation) -- C:\WINDOWS\System32\dllcache\rtl8029.sys
[2008/12/28 20:30:17 | 00,009,216 | ---- | C] (Brother Industries, Ltd.) -- C:\WINDOWS\System32\dllcache\rsmgrstr.dll
[2008/12/28 20:30:12 | 00,079,104 | ---- | C] (Comtrol Corporation) -- C:\WINDOWS\System32\dllcache\rocket.sys
[2008/12/28 20:30:09 | 00,037,563 | ---- | C] (RadioLAN) -- C:\WINDOWS\System32\dllcache\rlnet5.sys
[2008/12/28 20:30:05 | 00,086,097 | ---- | C] (Xircom) -- C:\WINDOWS\System32\dllcache\reslog32.dll
[2008/12/28 20:30:04 | 00,023,040 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\EXCH_regtrace.exe
[2008/12/28 20:30:04 | 00,014,848 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\register.exe
[2008/12/28 20:29:58 | 00,019,584 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\rasirda.sys
[2008/12/28 20:29:54 | 00,714,762 | ---- | C] (Xircom, Inc.) -- C:\WINDOWS\System32\dllcache\r2mdmkxx.sys
[2008/12/28 20:29:51 | 00,899,146 | ---- | C] (Xircom, Inc.) -- C:\WINDOWS\System32\dllcache\r2mdkxga.sys
[2008/12/28 20:29:48 | 00,041,472 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\qvusd.dll
[2008/12/28 20:29:45 | 00,003,328 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\qv2kux.sys
[2008/12/28 20:29:44 | 00,016,384 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\quser.exe
[2008/12/28 20:29:44 | 00,009,728 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\query.exe
[2008/12/28 20:29:42 | 00,006,016 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\qic157.sys
[2008/12/28 20:29:38 | 00,130,942 | ---- | C] (PCTEL, INC.) -- C:\WINDOWS\System32\dllcache\ptserlv.sys
[2008/12/28 20:29:35 | 00,112,574 | ---- | C] (PCTEL, INC.) -- C:\WINDOWS\System32\dllcache\ptserlp.sys
[2008/12/28 20:29:32 | 00,128,286 | ---- | C] (PCTEL, INC.) -- C:\WINDOWS\System32\dllcache\ptserli.sys
[2008/12/28 20:29:31 | 00,159,232 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\ptpusd.dll
[2008/12/28 20:29:28 | 00,005,632 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\ptpusb.dll
[2008/12/28 20:29:27 | 00,033,280 | ---- | C] () -- C:\WINDOWS\System32\dllcache\psisrndr.ax
[2008/12/28 20:29:24 | 00,035,328 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\psisload.dll
[2008/12/28 20:29:23 | 00,363,520 | ---- | C] () -- C:\WINDOWS\System32\dllcache\psisdecd.dll
[2008/12/28 20:29:20 | 00,016,128 | ---- | C] (SCM Microsystems, Inc.) -- C:\WINDOWS\System32\dllcache\pscr.sys
[2008/12/28 20:29:17 | 00,017,664 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\ppa3.sys
[2008/12/28 20:29:14 | 00,017,792 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\ppa.sys
[2008/12/28 20:29:13 | 00,008,832 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\powerfil.sys
[2008/12/28 20:29:10 | 00,007,168 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\pnrmc.sys
[2008/12/28 20:29:09 | 00,131,584 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\pmxviceo.dll
[2008/12/28 20:29:09 | 00,011,264 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\pmxmcro.dll
[2008/12/28 20:29:09 | 00,006,144 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\pmxgl.dll
[2008/12/28 20:29:04 | 00,121,344 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\phvfwext.dll
[2008/12/28 20:29:01 | 00,019,840 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\philtune.sys
[2008/12/28 20:28:58 | 00,092,416 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\phildec.sys
[2008/12/28 20:28:55 | 00,173,696 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\philcam2.sys
[2008/12/28 20:28:52 | 00,075,776 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\philcam1.sys
[2008/12/28 20:28:49 | 00,016,384 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\philcam1.dll
[2008/12/28 20:28:46 | 00,105,984 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\phdsext.ax
[2008/12/28 20:28:45 | 00,259,328 | ---- | C] (Microsoft Corp., 3Dlabs Inc. Ltd.) -- C:\WINDOWS\System32\dllcache\perm3dd.dll
[2008/12/28 20:28:44 | 00,028,032 | ---- | C] (Microsoft Corp., 3Dlabs Inc. Ltd.) -- C:\WINDOWS\System32\dllcache\perm3.sys
[2008/12/28 20:28:43 | 00,211,584 | ---- | C] (Microsoft Corp., 3Dlabs Inc. Ltd.) -- C:\WINDOWS\System32\dllcache\perm2dll.dll
[2008/12/28 20:28:42 | 00,027,904 | ---- | C] (Microsoft Corp., 3Dlabs Inc. Ltd.) -- C:\WINDOWS\System32\dllcache\perm2.sys
[2008/12/28 20:28:41 | 00,169,984 | ---- | C] (Cisco Systems) -- C:\WINDOWS\System32\dllcache\pcx500.sys
[2008/12/28 20:28:38 | 00,086,016 | ---- | C] (PCtel, Inc.) -- C:\WINDOWS\System32\dllcache\pctspk.exe
[2008/12/28 20:28:35 | 00,035,328 | ---- | C] (AMD Inc.) -- C:\WINDOWS\System32\dllcache\pcntpci5.sys
[2008/12/28 20:28:32 | 00,029,769 | ---- | C] (AMD Inc.) -- C:\WINDOWS\System32\dllcache\pcntn5m.sys
[2008/12/28 20:28:29 | 00,030,282 | ---- | C] (AMD Inc.) -- C:\WINDOWS\System32\dllcache\pcntn5hl.sys
[2008/12/28 20:28:26 | 00,026,153 | ---- | C] (Linksys) -- C:\WINDOWS\System32\dllcache\pcmlm56.sys
[2008/12/28 20:28:25 | 00,029,502 | ---- | C] (Marconi Communications, Inc.) -- C:\WINDOWS\System32\dllcache\pca200e.sys
[2008/12/28 20:28:22 | 00,030,495 | ---- | C] (Linksys) -- C:\WINDOWS\System32\dllcache\pc100nds.sys
[2008/12/28 20:28:21 | 00,014,336 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\padrs412.dll
[2008/12/28 20:28:20 | 00,036,927 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\padrs411.dll
[2008/12/28 20:28:17 | 00,041,984 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\ovui2rc.dll
[2008/12/28 20:28:14 | 00,044,544 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\ovui2.dll
[2008/12/28 20:28:11 | 00,025,216 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\ovsound2.sys
[2008/12/28 20:28:08 | 00,039,424 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\ovcoms.exe
[2008/12/28 20:28:05 | 00,020,480 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\ovcomc.dll
[2008/12/28 20:28:02 | 00,351,616 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\ovcodek2.sys
[2008/12/28 20:27:59 | 00,116,736 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\ovcodec2.dll
[2008/12/28 20:27:56 | 00,031,872 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\ovce.sys
[2008/12/28 20:27:54 | 00,028,032 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\ovcd.sys
[2008/12/28 20:27:51 | 00,048,000 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\ovcam2.sys
[2008/12/28 20:27:48 | 00,025,088 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\ovca.sys
[2008/12/28 20:27:45 | 00,054,186 | ---- | C] (Ositech Communications, Inc.) -- C:\WINDOWS\System32\dllcache\otcsercb.sys
[2008/12/28 20:27:42 | 00,043,689 | ---- | C] (Ositech Communications, Inc.) -- C:\WINDOWS\System32\dllcache\otceth5.sys
[2008/12/28 20:27:39 | 00,027,209 | ---- | C] (Ositech Communications, Inc.) -- C:\WINDOWS\System32\dllcache\otc06x5.sys
[2008/12/28 20:27:36 | 00,054,528 | ---- | C] (Yamaha Corp.) -- C:\WINDOWS\System32\dllcache\opl3sax.sys
[2008/12/28 20:27:18 | 00,051,552 | ---- | C] (Kensington Technology Group) -- C:\WINDOWS\System32\dllcache\ntgrip.sys
[2008/12/28 20:27:18 | 00,038,912 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\EXCH_ntfsdrv.dll
[2008/12/28 20:27:15 | 00,009,344 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\ntapm.sys
[2008/12/28 20:27:12 | 00,007,552 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\nsmmc.sys
[2008/12/28 20:27:07 | 00,087,040 | ---- | C] (NeoMagic Corporation) -- C:\WINDOWS\System32\dllcache\nm6wdm.sys
[2008/12/28 20:27:04 | 00,126,080 | ---- | C] (NeoMagic Corporation) -- C:\WINDOWS\System32\dllcache\nm5a2wdm.sys
[2008/12/28 20:27:01 | 00,032,840 | ---- | C] (NETGEAR Corporation.) -- C:\WINDOWS\System32\dllcache\ngrpci.sys
[2008/12/28 20:27:00 | 00,132,695 | ---- | C] (802.11b) -- C:\WINDOWS\System32\dllcache\netwlan5.sys
[2008/12/28 20:26:56 | 00,065,278 | ---- | C] (Compaq Computer Corporation) -- C:\WINDOWS\System32\dllcache\netflx3.sys
[2008/12/28 20:26:52 | 00,039,264 | ---- | C] (NeoMagic Corporation) -- C:\WINDOWS\System32\dllcache\neo20xx.sys
[2008/12/28 20:26:50 | 00,060,480 | ---- | C] (NeoMagic Corporation) -- C:\WINDOWS\System32\dllcache\neo20xx.dll
[2008/12/28 20:26:47 | 00,015,872 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\ne2000.sys
[2008/12/28 20:26:46 | 00,010,880 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\ndisip.sys
[2008/12/28 20:26:44 | 00,085,248 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\nabtsfec.sys
[2008/12/28 20:26:41 | 00,091,488 | ---- | C] (Number Nine Visual Technology Corp.) -- C:\WINDOWS\System32\dllcache\n9i3disp.dll
[2008/12/28 20:26:39 | 00,027,936 | ---- | C] (Number Nine Visual Technology Corp.) -- C:\WINDOWS\System32\dllcache\n9i3d.sys
[2008/12/28 20:26:36 | 00,033,088 | ---- | C] (Number Nine Visual Technology Corp.) -- C:\WINDOWS\System32\dllcache\n9i128v2.sys
[2008/12/28 20:26:33 | 00,059,104 | ---- | C] (Number Nine Visual Technology Corp.) -- C:\WINDOWS\System32\dllcache\n9i128v2.dll
[2008/12/28 20:26:30 | 00,013,664 | ---- | C] (Number Nine Visual Technology Corp.) -- C:\WINDOWS\System32\dllcache\n9i128.sys
[2008/12/28 20:26:28 | 00,035,392 | ---- | C] (Number Nine Visual Technology Corp.) -- C:\WINDOWS\System32\dllcache\n9i128.dll
[2008/12/28 20:26:25 | 00,128,000 | ---- | C] (Compaq Computer Corporation) -- C:\WINDOWS\System32\dllcache\n100325.sys
[2008/12/28 20:26:22 | 00,052,255 | ---- | C] (Compaq Computer Corporation) -- C:\WINDOWS\System32\dllcache\n1000nt5.sys
[2008/12/28 20:26:19 | 00,075,520 | ---- | C] (Moxa Technologies Co., Ltd.) -- C:\WINDOWS\System32\dllcache\mxport.sys
[2008/12/28 20:26:16 | 00,007,168 | ---- | C] (Moxa Technologies Co., Ltd) -- C:\WINDOWS\System32\dllcache\mxport.dll
[2008/12/28 20:26:13 | 00,019,968 | ---- | C] (Macronix International Co., Ltd. ) -- C:\WINDOWS\System32\dllcache\mxnic.sys
[2008/12/28 20:26:10 | 00,019,968 | ---- | C] (Moxa Technologies Co., Ltd) -- C:\WINDOWS\System32\dllcache\mxicfg.dll
[2008/12/28 20:26:08 | 00,021,888 | ---- | C] (Moxa Technologies Co., Ltd.) -- C:\WINDOWS\System32\dllcache\mxcard.sys
[2008/12/28 20:26:07 | 00,229,439 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\multibox.dll
[2008/12/28 20:26:04 | 00,103,296 | ---- | C] (Matrox Graphics Inc) -- C:\WINDOWS\System32\dllcache\mtxvideo.sys
[2008/12/28 20:25:59 | 00,005,504 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\mstee.sys
[2008/12/28 20:25:58 | 00,049,024 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\mstape.sys
[2008/12/28 20:25:55 | 00,012,416 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\msriffwv.sys
[2008/12/28 20:25:49 | 00,002,944 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\msmpu401.sys
[2008/12/28 20:25:48 | 00,022,016 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\msircomm.sys
[2008/12/28 20:25:47 | 01,875,968 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\msir3jp.lex
[2008/12/28 20:25:47 | 00,098,304 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\msir3jp.dll
[2008/12/28 20:25:41 | 00,035,200 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\msgame.sys
[2008/12/28 20:25:38 | 00,006,016 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\msfsio.sys
[2008/12/28 20:25:37 | 00,056,832 | ---- | C] () -- C:\WINDOWS\System32\dllcache\msdvbnp.ax
[2008/12/28 20:25:37 | 00,051,200 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\msdv.sys
[2008/12/28 20:25:32 | 00,015,232 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\mpe.sys
[2008/12/28 20:25:26 | 00,006,528 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\miniqic.sys
[2008/12/28 20:25:25 | 00,034,304 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\migisol.exe
[2008/12/28 20:25:19 | 00,092,416 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\mga.sys
[2008/12/28 20:25:19 | 00,092,032 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\mga.dll
[2008/12/28 20:25:15 | 00,047,616 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\memgrp.dll
[2008/12/28 20:25:13 | 00,008,320 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\memcard.sys
[2008/12/28 20:25:10 | 00,164,586 | ---- | C] (Madge Networks Ltd) -- C:\WINDOWS\System32\dllcache\mdgndis5.sys
[2008/12/28 20:25:06 | 00,065,536 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\EXCH_mailmsg.dll
[2008/12/28 20:25:06 | 00,007,424 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\mammoth.sys
[2008/12/28 20:25:00 | 00,058,880 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\m3092dc.dll
[2008/12/28 20:24:58 | 00,058,368 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\m3091dc.dll
[2008/12/28 20:24:51 | 00,797,500 | ---- | C] (LT) -- C:\WINDOWS\System32\dllcache\ltsmt.sys
[2008/12/28 20:24:48 | 00,802,683 | ---- | C] (Lucent Technologies) -- C:\WINDOWS\System32\dllcache\ltsm.sys
[2008/12/28 20:24:48 | 00,007,040 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\ltotape.sys
[2008/12/28 20:24:47 | 00,420,992 | ---- | C] (LT) -- C:\WINDOWS\System32\dllcache\ltmdmntt.sys
[2008/12/28 20:24:45 | 00,576,746 | ---- | C] (LT) -- C:\WINDOWS\System32\dllcache\ltmdmntl.sys
[2008/12/28 20:24:44 | 00,606,684 | ---- | C] (LT) -- C:\WINDOWS\System32\dllcache\ltmdmnt.sys
[2008/12/28 20:24:42 | 00,727,786 | ---- | C] (Xircom, Inc.) -- C:\WINDOWS\System32\dllcache\ltck000c.sys
[2008/12/28 20:24:38 | 00,004,992 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\loop.sys
[2008/12/28 20:24:34 | 00,070,730 | ---- | C] (Linksys Group, Inc.) -- C:\WINDOWS\System32\dllcache\lne100tx.sys
[2008/12/28 20:24:32 | 00,020,573 | ---- | C] (The Linksts Group ) -- C:\WINDOWS\System32\dllcache\lne100.sys
[2008/12/28 20:24:29 | 00,025,065 | ---- | C] (D-Link) -- C:\WINDOWS\System32\dllcache\lmndis3.sys
[2008/12/28 20:24:27 | 00,015,744 | ---- | C] (Litronic Industries) -- C:\WINDOWS\System32\dllcache\lit220p.sys
[2008/12/28 20:24:23 | 00,026,442 | ---- | C] (SMSC) -- C:\WINDOWS\System32\dllcache\lanepic5.sys
[2008/12/28 20:24:20 | 00,043,008 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\ksxbar.ax
[2008/12/28 20:24:20 | 00,019,016 | ---- | C] (Kingston Technology Company ) -- C:\WINDOWS\System32\dllcache\ktc111.sys
[2008/12/28 20:24:19 | 00,091,136 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kswdmcap.ax
[2008/12/28 20:24:19 | 00,061,952 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kstvtune.ax
[2008/12/28 20:24:16 | 00,037,376 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kousd.dll
[2008/12/28 20:24:15 | 01,158,818 | ---- | C] () -- C:\WINDOWS\System32\dllcache\korwbrkr.lex
[2008/12/28 20:24:15 | 00,070,656 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\korwbrkr.dll
[2008/12/28 20:24:14 | 00,253,952 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kdsusd.dll
[2008/12/28 20:24:13 | 00,048,640 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kdsui.dll
[2008/12/28 20:24:13 | 00,005,632 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kbdusa.dll
[2008/12/28 20:24:09 | 00,009,216 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kbdnecat.dll
[2008/12/28 20:24:09 | 00,007,680 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kbdnecnt.dll
[2008/12/28 20:24:09 | 00,007,168 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kbdnec95.dll
[2008/12/28 20:24:05 | 00,008,192 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kbdkor.dll
[2008/12/28 20:24:03 | 00,008,704 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kbdjpn.dll
[2008/12/28 20:23:54 | 00,006,144 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kbd106.dll
[2008/12/28 20:23:51 | 00,005,632 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kbd103.dll
[2008/12/28 20:23:49 | 00,006,144 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kbd101c.dll
[2008/12/28 20:23:47 | 00,006,144 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kbd101b.dll
[2008/12/28 20:23:46 | 00,018,432 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\jupiw.dll
[2008/12/28 20:23:46 | 00,006,144 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kbd101a.dll
[2008/12/28 20:23:40 | 00,018,688 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\irsir.sys
[2008/12/28 20:23:39 | 00,028,160 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\irmon.dll
[2008/12/28 20:23:37 | 00,151,552 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\irftp.exe
[2008/12/28 20:23:37 | 00,023,552 | ---- | C] (MKNet Corporation) -- C:\WINDOWS\System32\dllcache\irmk7.sys
[2008/12/28 20:23:36 | 00,088,192 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\irda.sys
[2008/12/28 20:23:35 | 00,016,384 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\ipsink.ax
[2008/12/28 20:23:31 | 00,045,632 | ---- | C] (Interphase ® Corporation a Windows ® 2000 DDK Driver Provider) -- C:\WINDOWS\System32\dllcache\ip5515.sys
[2008/12/28 20:23:28 | 00,090,200 | ---- | C] (Perle Systems Ltd. ) -- C:\WINDOWS\System32\dllcache\io8ports.dll
[2008/12/28 20:23:26 | 00,038,784 | ---- | C] (Perle Systems Ltd. ) -- C:\WINDOWS\System32\dllcache\io8.sys
[2008/12/28 20:23:23 | 00,013,056 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\inport.sys
[2008/12/28 20:23:21 | 00,471,102 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\imskdic.dll
[2008/12/28 20:23:20 | 00,059,904 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\imkrinst.exe
[2008/12/28 20:23:19 | 00,045,109 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\imjpuex.exe
[2008/12/28 20:23:17 | 00,057,398 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\imjpdadm.exe
[2008/12/28 20:23:15 | 00,311,359 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\imepadsv.exe
[2008/12/28 20:23:15 | 00,102,463 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\imepadsm.dll
[2008/12/28 20:23:15 | 00,044,032 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\imekrmig.exe
[2008/12/28 20:23:14 | 00,134,339 | ---- | C] () -- C:\WINDOWS\System32\dllcache\imekr.lex
[2008/12/28 20:23:07 | 00,372,824 | ---- | C] (Xircom) -- C:\WINDOWS\System32\dllcache\iconf32.dll
[2008/12/28 20:23:05 | 00,100,992 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\icam5usb.sys
[2008/12/28 20:23:02 | 00,020,480 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\icam5ext.dll
[2008/12/28 20:23:00 | 00,045,056 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\icam5com.dll
[2008/12/28 20:22:58 | 00,154,496 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\icam4usb.sys
[2008/12/28 20:22:55 | 00,061,952 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\icam4ext.dll
[2008/12/28 20:22:53 | 00,091,136 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\icam4com.dll
[2008/12/28 20:22:50 | 00,026,624 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\icam3ext.dll
[2008/12/28 20:22:48 | 00,141,056 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\icam3.sys
[2008/12/28 20:22:45 | 00,038,528 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\ibmvcap.sys
[2008/12/28 20:22:28 | 10,129,408 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\hwxkor.dll
[2008/12/28 20:22:26 | 10,096,640 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\hwxcht.dll
[2008/12/28 20:21:52 | 00,019,456 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\hr1w.dll
[2008/12/28 20:21:15 | 00,002,688 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\hidswvd.sys
[2008/12/28 20:21:13 | 00,008,576 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\hidgame.sys
[2008/12/28 20:21:12 | 00,020,352 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\hidbatt.sys
[2008/12/28 20:21:09 | 00,108,827 | ---- | C] () -- C:\WINDOWS\System32\dllcache\hanja.lex
[2008/12/28 20:21:09 | 00,036,864 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\hanjadic.dll
[2008/12/28 20:21:08 | 00,028,288 | ---- | C] (Gemplus) -- C:\WINDOWS\System32\dllcache\grserial.sys
[2008/12/28 20:21:06 | 00,082,304 | ---- | C] (Gemplus) -- C:\WINDOWS\System32\dllcache\grclass.sys
[2008/12/28 20:21:04 | 00,017,408 | ---- | C] (Gemplus) -- C:\WINDOWS\System32\dllcache\gpr400.sys
[2008/12/28 20:21:02 | 00,059,136 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\gckernel.sys
[2008/12/28 20:21:02 | 00,010,624 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\gameenum.sys
[2008/12/28 20:20:52 | 00,454,912 | ---- | C] (AVM GmbH) -- C:\WINDOWS\System32\dllcache\fxusbase.sys
[2008/12/28 20:20:48 | 00,092,160 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\fuusd.dll
[2008/12/28 20:20:46 | 00,455,296 | ---- | C] (AVM GmbH) -- C:\WINDOWS\System32\dllcache\fusbbase.sys
[2008/12/28 20:20:44 | 00,455,680 | ---- | C] (AVM GmbH) -- C:\WINDOWS\System32\dllcache\fus2base.sys
[2008/12/28 20:20:44 | 00,006,144 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\ftlx041e.dll
[2008/12/28 20:20:41 | 00,442,240 | ---- | C] (AVM GmbH) -- C:\WINDOWS\System32\dllcache\fpnpbase.sys
[2008/12/28 20:20:39 | 00,441,728 | ---- | C] (AVM GmbH) -- C:\WINDOWS\System32\dllcache\fpcmbase.sys
[2008/12/28 20:20:37 | 00,444,416 | ---- | C] (AVM GmbH) -- C:\WINDOWS\System32\dllcache\fpcibase.sys
[2008/12/28 20:20:36 | 00,034,173 | ---- | C] (Marconi Communications, Inc.) -- C:\WINDOWS\System32\dllcache\forehe.sys
[2008/12/28 20:20:33 | 00,071,680 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\fnfilter.dll
[2008/12/28 20:20:33 | 00,014,848 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\flattemp.exe
[2008/12/28 20:20:24 | 00,043,520 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\EXCH_fcachdll.dll
[2008/12/28 20:20:22 | 00,024,618 | ---- | C] (NETGEAR) -- C:\WINDOWS\System32\dllcache\fa410nd5.sys
[2008/12/28 20:20:18 | 00,011,850 | ---- | C] (FUJITSU LIMITED) -- C:\WINDOWS\System32\dllcache\f3ab18xj.sys
[2008/12/28 20:20:16 | 00,012,362 | ---- | C] (FUJITSU LIMITED) -- C:\WINDOWS\System32\dllcache\f3ab18xi.sys
[2008/12/28 20:20:14 | 00,007,040 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\exabyte2.sys
[2008/12/28 20:20:11 | 00,025,856 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\et4000.sys
[2008/12/28 20:20:10 | 00,045,056 | ---- | C] (SEIKO EPSON CORP.) -- C:\WINDOWS\System32\dllcache\esunid.dll
[2008/12/28 20:20:08 | 00,045,568 | ---- | C] (SEIKO EPSON CORP.) -- C:\WINDOWS\System32\dllcache\esunib.dll
[2008/12/28 20:20:07 | 00,045,568 | ---- | C] (SEIKO EPSON CORP.) -- C:\WINDOWS\System32\dllcache\esuni.dll
[2008/12/28 20:20:06 | 00,057,856 | ---- | C] (SEIKO EPSON CORP.) -- C:\WINDOWS\System32\dllcache\esuimgd.dll
[2008/12/28 20:20:05 | 00,034,816 | ---- | C] (SEIKO EPSON CORP.) -- C:\WINDOWS\System32\dllcache\esuimg.dll
[2008/12/28 20:20:04 | 00,031,744 | ---- | C] (SEIKO EPSON CORP.) -- C:\WINDOWS\System32\dllcache\esucmd.dll
[2008/12/28 20:20:02 | 00,043,008 | ---- | C] (SEIKO EPSON CORP.) -- C:\WINDOWS\System32\dllcache\esucm.dll
[2008/12/28 20:19:51 | 00,072,192 | ---- | C] (ESS Technology Inc.) -- C:\WINDOWS\System32\dllcache\es1969.sys
[2008/12/28 20:19:37 | 00,114,944 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\epstw2k.sys
[2008/12/28 20:19:34 | 00,144,896 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\epcfw2k.sys
[2008/12/28 20:19:26 | 00,007,296 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\elmsmc.sys
[2008/12/28 20:19:07 | 00,514,587 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\edb500.dll
[2008/12/28 20:19:01 | 00,020,992 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\dshowext.ax
[2008/12/28 20:18:59 | 00,334,208 | ---- | C] (Yamaha Corp.) -- C:\WINDOWS\System32\dllcache\ds1wdm.sys
[2008/12/28 20:18:56 | 00,028,062 | ---- | C] (National Semiconductor Coproration) -- C:\WINDOWS\System32\dllcache\dp83820.sys
[2008/12/28 20:18:55 | 00,023,808 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\dot4usb.sys
[2008/12/28 20:18:54 | 00,008,704 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\dot4scan.sys
[2008/12/28 20:18:53 | 00,012,928 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\dot4prt.sys
[2008/12/28 20:18:52 | 00,206,976 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\dot4.sys
[2008/12/28 20:18:46 | 00,029,696 | ---- | C] (CNet Technology, Inc. ) -- C:\WINDOWS\System32\dllcache\dm9pci5.sys
[2008/12/28 20:18:45 | 00,008,320 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\dlttape.sys
[2008/12/28 20:18:44 | 00,026,698 | ---- | C] (D-Link Corporation) -- C:\WINDOWS\System32\dllcache\dlh5xnd5.sys
[2008/12/28 20:18:43 | 00,952,007 | ---- | C] (Eicon Technology) -- C:\WINDOWS\System32\dllcache\diwan.sys
[2008/12/28 20:18:42 | 00,029,768 | ---- | C] () -- C:\WINDOWS\System32\dllcache\divasu.dll
[2008/12/28 20:18:40 | 00,037,962 | ---- | C] () -- C:\WINDOWS\System32\dllcache\divaprop.dll
[2008/12/28 20:18:39 | 00,006,216 | ---- | C] () -- C:\WINDOWS\System32\dllcache\divaci.dll
[2008/12/28 20:18:38 | 00,236,060 | ---- | C] (Eicon Technology) -- C:\WINDOWS\System32\dllcache\ditrace.exe
[2008/12/28 20:18:37 | 00,038,985 | ---- | C] (Eicon Technology) -- C:\WINDOWS\System32\dllcache\disrvsu.dll
[2008/12/28 20:18:36 | 00,031,305 | ---- | C] (Eicon Technology) -- C:\WINDOWS\System32\dllcache\disrvpp.dll
[2008/12/28 20:18:35 | 00,006,729 | ---- | C] (Eicon Technology) -- C:\WINDOWS\System32\dllcache\disrvci.dll
[2008/12/28 20:18:31 | 00,091,305 | ---- | C] (Eicon Technology) -- C:\WINDOWS\System32\dllcache\dimaint.sys
[2008/12/28 20:18:11 | 00,024,649 | ---- | C] (D-Link) -- C:\WINDOWS\System32\dllcache\dfe650d.sys
[2008/12/28 20:18:10 | 00,024,648 | ---- | C] (D-Link) -- C:\WINDOWS\System32\dllcache\dfe650.sys
[2008/12/28 20:18:06 | 00,020,928 | ---- | C] (Digital Networks, LLC) -- C:\WINDOWS\System32\dllcache\defpa.sys
[2008/12/28 20:18:05 | 00,007,424 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\ddsmc.sys
[2008/12/28 20:18:04 | 00,110,592 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\dc260usd.dll
[2008/12/28 20:18:03 | 00,086,016 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\dc240usd.dll
[2008/12/28 20:18:00 | 00,080,896 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\dc210usd.dll
[2008/12/28 20:17:59 | 00,025,600 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\dc210_32.dll
[2008/12/28 20:17:53 | 00,027,648 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\cyzports.dll
[2008/12/28 20:17:52 | 00,049,792 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\cyzport.sys
[2008/12/28 20:17:51 | 00,027,136 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\cyzcoins.dll
[2008/12/28 20:17:50 | 00,027,648 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\cyyports.dll
[2008/12/28 20:17:48 | 00,050,176 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\cyyport.sys
[2008/12/28 20:17:47 | 00,028,672 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\cyycoins.dll
[2008/12/28 20:17:46 | 00,014,848 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\cyclom-y.sys
[2008/12/28 20:17:45 | 00,048,640 | ---- | C] (Crystal Semiconductor Corp.) -- C:\WINDOWS\System32\dllcache\cwrwdm.sys
[2008/12/28 20:17:45 | 00,017,152 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\cyclad-z.sys
[2008/12/28 20:17:43 | 00,093,952 | ---- | C] (Crystal Semiconductor Corp.) -- C:\WINDOWS\System32\dllcache\cwcwdm.sys
[2008/12/28 20:17:42 | 00,111,872 | ---- | C] (Crystal Semiconductor Corp.) -- C:\WINDOWS\System32\dllcache\cwcspud.sys
[2008/12/28 20:17:41 | 00,003,584 | ---- | C] (Crystal Semiconductor Corp.) -- C:\WINDOWS\System32\dllcache\cwcosnt5.sys
[2008/12/28 20:17:40 | 00,072,832 | ---- | C] (Crystal Semiconductor Corp.) -- C:\WINDOWS\System32\dllcache\cwbwdm.sys
[2008/12/28 20:17:39 | 00,003,072 | ---- | C] (Crystal Semiconductor Corp.) -- C:\WINDOWS\System32\dllcache\cwbmidi.sys
[2008/12/28 20:17:37 | 00,003,072 | ---- | C] (Crystal Semiconductor Corp.) -- C:\WINDOWS\System32\dllcache\cwbase.sys
[2008/12/28 20:17:35 | 00,249,856 | ---- | C] (Comtrol® Corporation) -- C:\WINDOWS\System32\dllcache\ctmasetp.dll
[2008/12/28 20:17:30 | 00,175,104 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\csamsp.dll
[2008/12/28 20:17:28 | 00,216,064 | ---- | C] (COMPAQ Inc.) -- C:\WINDOWS\System32\dllcache\cpscan.dll
[2008/12/28 20:17:27 | 00,018,944 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\cprofile.exe
[2008/12/28 20:17:26 | 00,060,970 | ---- | C] (Compaq Computer Corp.) -- C:\WINDOWS\System32\dllcache\cpqtrnd5.sys
[2008/12/28 20:17:25 | 00,021,533 | ---- | C] (Compaq Computer Corporation) -- C:\WINDOWS\System32\dllcache\cpqndis5.sys
[2008/12/28 20:17:23 | 00,010,240 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\compbatt.sys
[2008/12/28 20:17:20 | 00,044,032 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\cnusd.dll
[2008/12/28 20:17:18 | 00,020,736 | ---- | C] (OMNIKEY AG) -- C:\WINDOWS\System32\dllcache\cmbp0wdm.sys
[2008/12/28 20:17:18 | 00,013,952 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\cmbatt.sys
[2008/12/28 20:17:16 | 00,248,064 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\cl546xm.sys
[2008/12/28 20:17:16 | 00,170,880 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\cl546x.dll
[2008/12/28 20:17:15 | 00,111,232 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\cl5465.dll
[2008/12/28 20:17:14 | 00,045,696 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\cirrus.sys
[2008/12/28 20:17:13 | 00,091,264 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\cirrus.dll
[2008/12/28 20:17:11 | 00,272,640 | ---- | C] (RAVISENT Technologies Inc.) -- C:\WINDOWS\System32\dllcache\cinemclc.sys
[2008/12/28 20:17:10 | 00,980,034 | ---- | C] (Xircom) -- C:\WINDOWS\System32\dllcache\cicap.sys
[2008/12/28 20:17:09 | 00,838,144 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\chtbrkr.dll
[2008/12/28 20:17:08 | 01,677,824 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\chsbrkr.dll
[2008/12/28 20:17:07 | 00,015,872 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\chgport.exe
[2008/12/28 20:17:07 | 00,014,336 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\chgusr.exe
[2008/12/28 20:17:07 | 00,013,312 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\chglogon.exe
[2008/12/28 20:17:06 | 00,009,728 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\change.exe
[2008/12/28 20:17:06 | 00,008,192 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\changer.sys
[2008/12/28 20:17:04 | 00,049,182 | ---- | C] (Xircom, Inc.) -- C:\WINDOWS\System32\dllcache\cem56n5.sys
[2008/12/28 20:17:04 | 00,022,044 | ---- | C] (Xircom, Inc.) -- C:\WINDOWS\System32\dllcache\cem33n5.sys
[2008/12/28 20:17:03 | 00,022,044 | ---- | C] (Xircom, Inc.) -- C:\WINDOWS\System32\dllcache\cem28n5.sys
[2008/12/28 20:17:02 | 00,027,164 | ---- | C] (Xircom, Inc.) -- C:\WINDOWS\System32\dllcache\ce3n5.sys
[2008/12/28 20:17:01 | 00,021,530 | ---- | C] (Xircom, Inc.) -- C:\WINDOWS\System32\dllcache\ce2n5.sys
[2008/12/28 20:17:00 | 00,017,024 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\ccdecode.sys
[2008/12/28 20:16:59 | 00,714,698 | ---- | C] (Xircom, Inc.) -- C:\WINDOWS\System32\dllcache\cbmdmkxx.sys
[2008/12/28 20:16:58 | 00,046,108 | ---- | C] (Xircom, Inc.) -- C:\WINDOWS\System32\dllcache\cben5.sys
[2008/12/28 20:16:57 | 00,039,680 | ---- | C] (Silicom Ltd.) -- C:\WINDOWS\System32\dllcache\cb325.sys
[2008/12/28 20:16:57 | 00,037,916 | ---- | C] (Fast Ethernet Controller Provider) -- C:\WINDOWS\System32\dllcache\cb102.sys
[2008/12/28 20:16:55 | 00,032,256 | ---- | C] (Eicon Technology Corporation) -- C:\WINDOWS\System32\dllcache\diapi2NT.dll
[2008/12/28 20:16:54 | 00,164,923 | ---- | C] (Eicon Technology) -- C:\WINDOWS\System32\dllcache\diapi2.sys
[2008/12/28 20:16:53 | 00,121,856 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\camext30.dll
[2008/12/28 20:16:53 | 00,054,528 | ---- | C] (Philips Semiconductors GmbH) -- C:\WINDOWS\System32\dllcache\cap7146.sys
[2008/12/28 20:16:52 | 00,236,032 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\camext20.dll
[2008/12/28 20:16:52 | 00,116,736 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\camext30.ax
[2008/12/28 20:16:51 | 00,244,224 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\camext20.ax
[2008/12/28 20:16:50 | 00,074,240 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\camexo20.dll
[2008/12/28 20:16:49 | 00,171,264 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\camdrv30.sys
[2008/12/28 20:16:49 | 00,073,216 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\camexo20.ax
[2008/12/28 20:16:48 | 00,223,232 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\camdrv21.sys
[2008/12/28 20:16:47 | 00,314,752 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\camdro21.sys
[2008/12/28 20:16:47 | 00,010,752 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\c_iscii.dll
[2008/12/28 20:16:46 | 00,006,656 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\c_is2022.dll
[2008/12/28 20:16:26 | 00,013,824 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\bulltlp3.sys
[2008/12/28 20:16:25 | 00,031,529 | ---- | C] (BreezeCOM) -- C:\WINDOWS\System32\dllcache\brzwlan.sys
[2008/12/28 20:16:24 | 00,010,368 | ---- | C] (Brother Industries Ltd.) -- C:\WINDOWS\System32\dllcache\brusbscn.sys
[2008/12/28 20:16:23 | 00,060,416 | ---- | C] (Brother Industries Ltd.) -- C:\WINDOWS\System32\dllcache\brserwdm.sys
[2008/12/28 20:16:23 | 00,011,008 | ---- | C] (Brother Industries Ltd.) -- C:\WINDOWS\System32\dllcache\brusbmdm.sys
[2008/12/28 20:16:22 | 00,009,728 | ---- | C] (Brother Industries, Ltd.) -- C:\WINDOWS\System32\dllcache\brserif.dll
[2008/12/28 20:16:21 | 00,005,120 | ---- | C] (Brother Industries,Ltd.) -- C:\WINDOWS\System32\dllcache\brscnrsm.dll
[2008/12/28 20:16:20 | 00,039,552 | ---- | C] (Brother Industries Ltd.) -- C:\WINDOWS\System32\dllcache\brparwdm.sys
[2008/12/28 20:16:20 | 00,003,168 | ---- | C] (Brother Industries Ltd.) -- C:\WINDOWS\System32\dllcache\brparimg.sys
[2008/12/28 20:16:19 | 00,041,472 | ---- | C] (Brother Industries, Ltd.) -- C:\WINDOWS\System32\dllcache\brmfusb.dll
[2008/12/28 20:16:18 | 00,032,256 | ---- | C] (Brother Industries, Ltd.) -- C:\WINDOWS\System32\dllcache\brmfrsmg.exe
[2008/12/28 20:16:17 | 00,081,408 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\brmfcwia.dll
[2008/12/28 20:16:17 | 00,029,696 | ---- | C] (Brother Industries, Ltd.) -- C:\WINDOWS\System32\dllcache\brmflpt.dll
[2008/12/28 20:16:16 | 00,015,360 | ---- | C] (Brother Industries, Ltd.) -- C:\WINDOWS\System32\dllcache\brmfbidi.dll
[2008/12/28 20:16:15 | 00,012,160 | ---- | C] (Brother Industries, Ltd.) -- C:\WINDOWS\System32\dllcache\brfiltlo.sys
[2008/12/28 20:16:15 | 00,003,968 | ---- | C] (Brother Industries, Ltd.) -- C:\WINDOWS\System32\dllcache\brfiltup.sys
[2008/12/28 20:16:14 | 00,002,944 | ---- | C] (Brother Industries Ltd.) -- C:\WINDOWS\System32\dllcache\brfilt.sys
[2008/12/28 20:16:13 | 00,012,800 | ---- | C] (Brother Industries, Ltd.) -- C:\WINDOWS\System32\dllcache\brevif.dll
[2008/12/28 20:16:13 | 00,009,728 | ---- | C] (Brother Industries Ltd.) -- C:\WINDOWS\System32\dllcache\brcoinst.dll
[2008/12/28 20:16:12 | 00,019,456 | ---- | C] (Brother Industries, Ltd.) -- C:\WINDOWS\System32\dllcache\brbidiif.dll
[2008/12/28 20:16:11 | 00,102,400 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\binlsvc.dll
[2008/12/28 20:16:10 | 00,011,776 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\bdasup.sys
[2008/12/28 20:16:09 | 00,871,388 | ---- | C] (BCM) -- C:\WINDOWS\System32\dllcache\bcmdm.sys
[2008/12/28 20:16:09 | 00,018,432 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\bdaplgin.ax
[2008/12/28 20:16:06 | 00,014,208 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\battc.sys
[2008/12/28 20:16:05 | 00,342,336 | ---- | C] (3Dfx Interactive, Inc.) -- C:\WINDOWS\System32\dllcache\banshee.dll
[2008/12/28 20:16:05 | 00,036,128 | ---- | C] (3Dfx Interactive, Inc.) -- C:\WINDOWS\System32\dllcache\banshee.sys
[2008/12/28 20:16:04 | 00,089,952 | ---- | C] (AVM GmbH) -- C:\WINDOWS\System32\dllcache\b1cbase.sys
[2008/12/28 20:16:03 | 00,036,992 | ---- | C] (Aztech Systems Ltd) -- C:\WINDOWS\System32\dllcache\aztw2320.sys
[2008/12/28 20:16:02 | 00,144,384 | ---- | C] (AVM GmbH) -- C:\WINDOWS\System32\dllcache\avmenum.dll
[2008/12/28 20:16:02 | 00,037,568 | ---- | C] (AVM GmbH) -- C:\WINDOWS\System32\dllcache\avmwan.sys
[2008/12/28 20:16:01 | 00,087,552 | ---- | C] (AVM GmbH) -- C:\WINDOWS\System32\dllcache\avmcoxp.dll
[2008/12/28 20:16:00 | 00,036,096 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\avcaudio.sys
[2008/12/28 20:16:00 | 00,013,696 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\avcstrm.sys
[2008/12/28 20:15:59 | 00,038,912 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\avc.sys
[2008/12/28 20:15:57 | 00,023,552 | ---- | C] () -- C:\WINDOWS\System32\dllcache\atixbar.sys
[2008/12/28 20:15:56 | 00,026,624 | ---- | C] () -- C:\WINDOWS\System32\dllcache\ativxbar.sys
[2008/12/28 20:15:55 | 00,019,456 | ---- | C] () -- C:\WINDOWS\System32\dllcache\ativttxx.sys
[2008/12/28 20:15:55 | 00,009,472 | ---- | C] () -- C:\WINDOWS\System32\dllcache\ativmdcd.sys
[2008/12/28 20:15:54 | 00,017,152 | ---- | C] () -- C:\WINDOWS\System32\dllcache\atitvsnd.sys
[2008/12/28 20:15:54 | 00,017,152 | ---- | C] () -- C:\WINDOWS\System32\dllcache\atitunep.sys
[2008/12/28 20:15:53 | 00,026,880 | ---- | C] () -- C:\WINDOWS\System32\dllcache\atirtsnd.sys
[2008/12/28 20:15:52 | 00,049,920 | ---- | C] () -- C:\WINDOWS\System32\dllcache\atirtcap.sys
[2008/12/28 20:15:51 | 00,010,240 | ---- | C] () -- C:\WINDOWS\System32\dllcache\atipcxxx.sys
[2008/12/28 20:15:48 | 00,037,376 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\atievxx.exe
[2008/12/28 20:15:46 | 00,046,464 | ---- | C] () -- C:\WINDOWS\System32\dllcache\atibt829.sys
[2008/12/28 20:15:44 | 00,077,568 | ---- | C] (ATI Technologies, Inc.) -- C:\WINDOWS\System32\dllcache\ati.sys
[2008/12/28 20:15:43 | 00,096,128 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\ati.dll
[2008/12/28 20:15:42 | 00,097,354 | ---- | C] (Bay Networks, Inc.) -- C:\WINDOWS\System32\dllcache\aspndis3.sys
[2008/12/28 20:15:41 | 00,045,056 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\EXCH_aqadmin.dll
[2008/12/28 20:15:40 | 00,006,272 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\apmbatt.sys
[2008/12/28 20:15:39 | 00,016,969 | ---- | C] (AmbiCom, Inc.) -- C:\WINDOWS\System32\dllcache\amb8002.sys
[2008/12/28 20:15:33 | 00,024,576 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\agcgauge.ax
[2008/12/28 20:15:32 | 00,005,632 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\EXCH_adsiisex.dll
[2008/12/28 20:15:31 | 00,046,112 | ---- | C] (Adaptec, Inc ) -- C:\WINDOWS\System32\dllcache\adptsf50.sys
[2008/12/28 20:15:31 | 00,010,880 | ---- | C] (Aureal, Inc.) -- C:\WINDOWS\System32\dllcache\admjoy.sys
[2008/12/28 20:15:30 | 00,747,392 | ---- | C] (Aureal, Inc.) -- C:\WINDOWS\System32\dllcache\adm8830.sys
[2008/12/28 20:15:30 | 00,553,984 | ---- | C] (Aureal, Inc.) -- C:\WINDOWS\System32\dllcache\adm8820.sys
[2008/12/28 20:15:29 | 00,584,448 | ---- | C] (Aureal, Inc.) -- C:\WINDOWS\System32\dllcache\adm8810.sys
[2008/12/28 20:15:29 | 00,020,160 | ---- | C] (ADMtek Incorporated) -- C:\WINDOWS\System32\dllcache\adm8511.sys
[2008/12/28 20:15:29 | 00,007,424 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\adicvls.sys
[2008/12/28 20:15:27 | 00,061,440 | ---- | C] (Color Flatbed Scanner) -- C:\WINDOWS\System32\dllcache\acerscad.dll
[2008/12/28 20:15:26 | 00,297,728 | ---- | C] (Silicon Integrated Systems Corp.) -- C:\WINDOWS\System32\dllcache\ac97sis.sys
[2008/12/28 20:15:25 | 00,462,848 | ---- | C] (Aureal Inc.) -- C:\WINDOWS\System32\dllcache\a3dapi.dll
[2008/12/28 20:15:24 | 00,098,304 | ---- | C] (Aureal Semiconductor) -- C:\WINDOWS\System32\dllcache\a3d.dll
[2008/12/28 20:15:24 | 00,038,400 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\8514a.dll
[2008/12/28 20:15:23 | 00,148,352 | ---- | C] (3dfx Interactive, Inc.) -- C:\WINDOWS\System32\dllcache\3dfxvsm.sys
[2008/12/28 20:15:23 | 00,048,128 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\61883.sys
[2008/12/28 20:15:23 | 00,012,288 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\4mmdat.sys
[2008/12/28 20:15:22 | 00,762,780 | ---- | C] (3Com, Inc.) -- C:\WINDOWS\System32\dllcache\3cwmcru.sys
[2008/12/28 20:15:22 | 00,689,216 | ---- | C] (3dfx Interactive, Inc.) -- C:\WINDOWS\System32\dllcache\3dfxvs.dll
[2008/12/28 20:15:21 | 00,011,264 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\1394vdbg.sys
[2008/12/28 20:15:04 | 00,066,048 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\s3legacy.dll
[2008/12/28 18:38:10 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Dave\My Documents\Stuff to backup
[2008/12/28 18:36:13 | 00,033,792 | -HS- | C] () -- C:\Documents and Settings\Dave\My Documents\Thumbs.db
@Alternate Data Stream - 0 bytes -> C:\Documents and Settings\Dave\My Documents\Thumbs.db:encryptable
[2008/12/28 17:10:24 | 00,040,448 | ---- | C] () -- C:\Documents and Settings\Dave\Desktop\Overview.doc

========== Files - Modified Within 30 Days ==========

[1 C:\WINDOWS\System32\*.tmp files]
[1 C:\WINDOWS\*.tmp files]
[2009/01/12 17:36:34 | 00,422,912 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Dave\Desktop\OTViewIt.exe
[2009/01/12 17:31:10 | 00,348,160 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Dave\Desktop\OTMoveIt3.exe
[2009/01/12 17:24:41 | 00,002,206 | ---- | M] () -- C:\WINDOWS\System32\WPA.DBL
[2009/01/12 17:24:39 | 00,019,768 | ---- | M] () -- C:\WINDOWS\System32\Config.MPF
[2009/01/12 17:23:46 | 00,000,006 | -H-- | M] () -- C:\WINDOWS\tasks\SA.DAT
[2009/01/12 17:23:30 | 00,002,048 | --S- | M] () -- C:\WINDOWS\BOOTSTAT.DAT
[2009/01/12 17:23:28 | 10,717,96224 | -HS- | M] () -- C:\hiberfil.sys
[2009/01/12 17:22:08 | 04,812,390 | -H-- | M] () -- C:\Documents and Settings\Dave\Local Settings\Application Data\IconCache.db
[2009/01/10 09:09:07 | 00,000,714 | ---- | M] () -- C:\Documents and Settings\Dave\Desktop\Shortcut to Barclaycard.lnk
[2009/01/01 20:20:02 | 00,000,016 | ---- | M] () -- C:\WINDOWS\popcinfo.dat
[2008/12/29 11:42:03 | 00,000,284 | ---- | M] () -- C:\WINDOWS\tasks\AppleSoftwareUpdate.job
[2008/12/28 20:40:03 | 00,040,448 | ---- | M] () -- C:\Documents and Settings\Dave\Desktop\Overview.doc
[2008/12/28 18:36:19 | 00,033,792 | -HS- | M] () -- C:\Documents and Settings\Dave\My Documents\Thumbs.db
@Alternate Data Stream - 0 bytes -> C:\Documents and Settings\Dave\My Documents\Thumbs.db:encryptable
[2008/12/28 15:01:45 | 00,007,168 | ---- | M] () -- C:\Documents and Settings\Dave\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2008/12/21 11:32:32 | 00,002,137 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\iTunes.lnk
[2008/12/17 23:00:26 | 00,001,393 | ---- | M] () -- C:\WINDOWS\imsins.BAK
[2008/12/15 19:24:52 | 00,002,407 | ---- | M] () -- C:\Documents and Settings\Dave\My Documents\ZoomBrowser EX.lnk
< End of report >


OTViewIt Extras logfile created on: 12/01/2009 17:37:32 - Run
OTViewIt by OldTimer - Version 1.0.21.0 Folder = C:\Documents and Settings\Dave\Desktop
Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 7.0.5730.11)
Locale: 00000809 | Country: United Kingdom | Language: ENG | Date Format: dd/MM/yyyy

1022.07 Mb Total Physical Memory | 607.77 Mb Available Physical Memory | 59.46% Memory free
2.41 Gb Paging File | 2.08 Gb Available in Paging File | 86.57% Paging File free
Paging file location(s): C:\pagefile.sys 1536 3072;

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 146.21 Gb Total Space | 115.30 Gb Free Space | 78.86% Space Free | Partition Type: NTFS
D: Drive not present or media not loaded
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: DELL
Current User Name: Dave
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: All users
Whitelist: On
File Age = 30 Days

========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"FirstRunDisabled"=1
"AntiVirusDisableNotify"=1
"FirewallDisableNotify"=1
"UpdatesDisableNotify"=0
"AntiVirusOverride"=0
"FirewallOverride"=0
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]
"DisableMonitoring"=1
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]
"DisableMonitoring"=1
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile
"EnableFirewall"=1
"DoNotAllowExceptions"=0
"DisableNotifications"=0
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts]

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
[2008/04/14 00:12:34 | 00,141,312 | ---- | M] (Microsoft Corporation) -- %windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019
[2008/04/13 18:53:32 | 00,558,080 | ---- | M] (Microsoft Corporation) -- %windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
[2008/04/14 00:12:34 | 00,141,312 | ---- | M] (Microsoft Corporation) -- %windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019
[2008/04/13 18:53:32 | 00,558,080 | ---- | M] (Microsoft Corporation) -- %windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000
[2008/01/25 00:38:12 | 02,458,128 | ---- | M] (McAfee, Inc.) -- C:\Program Files\Common Files\McAfee\MNA\McNASvc.exe:*:Enabled:McAfee Network Agent
[2008/08/29 09:18:44 | 00,238,888 | ---- | M] (Apple Inc.) -- C:\Program Files\Bonjour\mDNSResponder.exe:*:Enabled:Bonjour
[2008/11/20 13:20:48 | 14,294,824 | ---- | M] (Apple Inc.) -- C:\Program Files\iTunes\iTunes.exe:*:Enabled:iTunes

========== (O10) Winsock2 Catalogs ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\WinSock2\Parameters\]
NameSpace_Catalog5\Catalog_Entries\000000000004 [mdnsNSP] -- C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)

========== (O18) Protocol Handlers ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\]
ipp: [HKLM - No CLSID value]

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\] - Protocol Handlers
[2003/07/11 01:25:22 | 00,842,816 | ---- | M] (Microsoft Corporation) C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL ipp\0x00000001:{E1D2BF42-A96B-11d1-9C6B-0000F875AC61} (HKLM) [HKLM - MSDAMON.BINDER]

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\]
msdaipp: [HKLM - No CLSID value]

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\] - Protocol Handlers
[2003/07/11 01:25:22 | 00,842,816 | ---- | M] (Microsoft Corporation) C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL msdaipp\0x00000001:{E1D2BF42-A96B-11d1-9C6B-0000F875AC61} (HKLM) [HKLM - MSDAMON.BINDER]

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\] - Protocol Handlers
[2003/07/11 01:25:22 | 00,842,816 | ---- | M] (Microsoft Corporation) C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL msdaipp\oledb:{E1D2BF40-A96B-11d1-9C6B-0000F875AC61} (HKLM) [HKLM - MSDAIPP.BINDER]

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\]
[2004/04/23 07:30:54 | 07,334,592 | ---- | M] (Microsoft Corporation) C:\Program Files\Common Files\Microsoft Shared\Web Components\10\OWC10.DLL (mso-offdap:{3D9F03FA-7A94-11D3-BE81-0050048385D1} (HKLM) [Data Page Pluggable Protocol mso-offdap Handler])

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\]
[2004/03/23 02:58:01 | 08,140,480 | ---- | M] (Microsoft Corporation) C:\Program Files\Common Files\Microsoft Shared\Web Components\11\OWC11.DLL (mso-offdap11:{32505114-5902-49B2-880A-1F7738E5A384} (HKLM) [Data Page Plugable Protocal mso-offdap11 Handler])

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\]
[2008/09/30 13:05:24 | 00,145,424 | ---- | M] () c:\Program Files\McAfee\SiteAdvisor\McIEPlg.dll (sacore:{5513F07E-936B-4E52-9B00-067394E91CC5} (HKLM) [McAfee SACore Protocol Handler])

========== (O18) Protocol Filters ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Filter\] - Protocol Filters
[2004/07/01 09:32:38 | 00,073,728 | ---- | M] () C:\Program Files\Tiscali\Tiscali Internet\dlls\tiscalifilter.dll application/x-internet-signup:{A173B69A-1F9B-4823-9FDA-412F641E65D6} (HKLM) [INSMimeFilterPP Class]

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Filter\] - Protocol Filters
[2003/07/14 21:45:12 | 00,039,488 | ---- | M] (Microsoft Corporation) C:\Program Files\Common Files\Microsoft Shared\OFFICE11\MSOXMLMF.DLL text/xml:{807553E5-5146-11D5-A672-00B0D022E945} (HKLM) [Reg Error: Value does not exist or could not be read.]

========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{0878E100-C0BB-41E8-B4C6-C486B61FDA7B}"=Canon PhotoRecord
"{09DA4F91-2A09-4232-AB8C-6BC740096DE3}"=Sonic Update Manager
"{0BEDBD4E-2D34-47B5-9973-57E62B29307C}"=ATI Control Panel
"{109D28C7-FB38-483A-9C91-001CB59E2699}"=EPSON CardMonitor
"{1206EF92-2E83-4859-ACCB-2048C3CB7DA6}"=Sonic DLA
"{176A258F-9113-4339-987B-81295B8044D4}"=Get into French
"{21657574-BD54-48A2-9450-EB03B2C7FC29}"=Sonic MyDVD
"{218BBBE3-FE63-4BB2-81A8-7435575A84FA}"=PhotoStitch
"{2318C2B1-4965-11d4-9B18-009027A5CD4F}"=Google Toolbar for Internet Explorer
"{23B59B9F-C360-11D7-875B-0090CC005647}"=PIF DESIGNER2.1
"{23B59ED4-C360-11D7-875B-0090CC005647}"=EPSON PRINT Image Framer Tool2.1
"{2604C0F9-BFD3-4BA0-9EB5-22537C648F03}"=MobileMe Control Panel
"{28291BD5-92D2-4685-82DC-CCA925C53CCA}"=RemoteCapture Task 1.1
"{2A6282FF-B75B-463F-90F5-0A43732F690D}"=Broadcom Management Programs
"{2CB511DF-AD50-4087-8934-8ACE54DE4FC1}"=BT Openworld Dell Signup
"{2F81FBFC-9A37-431F-9050-14B55485DF5A}"=Internet Library
"{318AB667-3230-41B5-A617-CB3BF748D371}"=iTunes
"{3248F0A8-6813-11D6-A77B-00B0D0150020}"=J2SE Runtime Environment 5.0 Update 2
"{3248F0A8-6813-11D6-A77B-00B0D0150040}"=J2SE Runtime Environment 5.0 Update 4
"{3248F0A8-6813-11D6-A77B-00B0D0150060}"=J2SE Runtime Environment 5.0 Update 6
"{3248F0A8-6813-11D6-A77B-00B0D0150100}"=J2SE Runtime Environment 5.0 Update 10
"{3248F0A8-6813-11D6-A77B-00B0D0150110}"=J2SE Runtime Environment 5.0 Update 11
"{3248F0A8-6813-11D6-A77B-00B0D0160010}"=Java™ SE Runtime Environment 6 Update 1
"{3248F0A8-6813-11D6-A77B-00B0D0160020}"=Java™ 6 Update 2
"{3248F0A8-6813-11D6-A77B-00B0D0160030}"=Java™ 6 Update 3
"{3248F0A8-6813-11D6-A77B-00B0D0160050}"=Java™ 6 Update 5
"{3248F0A8-6813-11D6-A77B-00B0D0160070}"=Java™ 6 Update 7
"{350C97B0-3D7C-4EE8-BAA9-00BCB3D54227}"=WebFldrs XP
"{35BDEFF1-A610-4956-A00D-15453C116395}"=Internet Explorer Default Page
"{3DE5E7D4-7B88-403C-A3FD-2017A8240C5B}"=Google Earth
"{3F92ABBB-6BBF-11D5-B229-002078017FBF}"=Modem On Hold
"{45EF4EE3-F591-4B74-A477-0CAE12934CE7}"=RAW Image Task 1.2
"{4BDFD2CE-6329-42E4-9801-9B3D1F10D79B}"=Adobe® Photoshop® Album Starter Edition 3.0
"{4C96958A-6562-4143-B820-FF4890D3B734}"=Camera Window DVC
"{58B2B6D3-E5FF-4D16-87AC-52CC5717C7C6}"=Tiscali Internet
"{5905F42D-3F5F-4916-ADA6-94A3646AEE76}"=Dell Driver Reset Tool
"{625BD732-ACDF-4552-BF22-98EBB413B6F3}"=McAfee Shredder
"{65F5B7AF-3363-11D7-BB6B-00018021113F}"=EPSON PhotoQuicker3.5
"{6774F0CF-C7DD-4CB4-BCB2-11C3E08BBA03}"=McAfee Shredder
"{6811CAA0-BF12-11D4-9EA1-0050BAE317E1}"=PowerDVD 5.3
"{6956856F-B6B3-4BE0-BA0B-8F495BE32033}"=Apple Software Update
"{7148F0A8-6813-11D6-A77B-00B0D0142030}"=Java 2 Runtime Environment, SE v1.4.2_03
"{74F7662C-B1DB-489E-A8AC-07A06B24978B}"=Dell System Restore
"{764D06D8-D8DE-411E-A1C8-D9E9380F8A84}"=Microsoft Works 7.0
"{7A0EFAFB-AC4B-4B88-8C6B-6731BE88DB68}"=Modem Event Monitor
"{7EFA5E6F-74F7-4AFB-8AEA-AA790BD3A76D}"=DellSupport
"{7F142D56-3326-11D5-B229-002078017FBF}"=Modem Helper
"{81A34902-9D0B-4920-A25C-4CDC5D14B328}"=Jasc Paint Shop Pro 8 Dell Edition
"{8A25392D-C5D2-4E79-A2BD-C15DDC5B0959}"=Bonjour
"{8AF1E098-1A5C-4336-BBE2-D047ABB401ED}"=MovieEdit Task
"{8B43D18F-DC74-4D44-814E-9BD3420B8E44}"=McAfee QuickClean 6.1
"{91110409-6000-11D3-8CFE-0150048383C9}"=Microsoft Office Professional Edition 2003
"{91203BD3-6C3E-472F-ADBD-F60FDC7C4010}"=Camera Window DS
"{91F1A0D6-23AD-49FE-8D4E-379485652214}"=Camera Support Core Library
"{9541FED0-327F-4DF0-8B96-EF57EF622F19}"=Sonic RecordNow!
"{AC0EE5B0-A8FB-4D0A-AF03-2EDC518F841B}"=Dell Media Experience
"{AC76BA86-7AD7-1033-7B44-A71000000002}"=Adobe Reader 7.1.0
"{C1D76D7A-F3BB-47EA-A746-5B1E2FFC1DF2}"=Canon ZoomBrowser EX
"{C48817E7-AA05-4151-A99D-1E1E550CE801}"=EPSON PhotoStarter3.1
"{C7281207-4AA4-425E-B57A-0E9EF8445635}"=Camera Window MC
"{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}"=Microsoft .NET Framework 1.1
"{CC000127-5E5D-4A1C-90CB-EEAAAC1E3AC0}"=Jasc Paint Shop Photo Album
"{CDE4CC8B-134B-421E-943C-90799E56F664}"=Dell Media Experience Update
"{E3BFEE55-39E2-4BE0-B966-89FE583822C1}"=Dell Support Center (Support Software)
"{EBAE381B-60A6-4863-AA9F-FCAB755BC9E5}"=ScanToWeb
"{EC4455AB-F155-4CC1-A4C5-88F3777F9886}"=Apple Mobile Device Support
"{F958CA02-BB40-4007-894B-258729456EE4}"=QuickTime
"{FF477885-5EA8-40D0-ADF3-D4C1B86FAEA4}"=EPSON Print CD
"Adobe Flash Player ActiveX"=Adobe Flash Player ActiveX
"America Online uk"=AOL UK (Choose which version to remove)
"AOL Connectivity Services"=AOL Connectivity Services
"AOL Spyware Protection"=AOL Spyware Protection
"AOL YGP Screensaver"=AOL You've Got Pictures Screensaver
"AOLCoach uk"=AOL Coach Version 1.0(Build:20040201.2 uk)
"ATI Display Driver"=ATI Display Driver
"AXIS Media Control Embedded"=AXIS Media Control Embedded
"blueyonder.MCCInstall"=blueyonder Instant Support Tool
"Bookworm Adventures Deluxe 1.0"=Bookworm Adventures Deluxe 1.0
"EPSON Printer and Utilities"=EPSON Printer Software
"ESPR300 Reference Guide"=ESPR300 Reference Guide
"ESPR300 Software Guide"=ESPR300 Software Guide
"ESPR300 Standalone Guide"=ESPR300 Standalone Guide
"IDNMitigationAPIs"=Microsoft Internationalized Domain Names Mitigation APIs
"ie7"=Windows Internet Explorer 7
"InstallShield_{218BBBE3-FE63-4BB2-81A8-7435575A84FA}"=Canon Utilities PhotoStitch 3.1
"InstallShield_{28291BD5-92D2-4685-82DC-CCA925C53CCA}"=Canon RemoteCapture Task for ZoomBrowser EX
"InstallShield_{2A6282FF-B75B-463F-90F5-0A43732F690D}"=Broadcom Management Programs
"InstallShield_{2F81FBFC-9A37-431F-9050-14B55485DF5A}"=Canon Internet Library for ZoomBrowser EX
"InstallShield_{45EF4EE3-F591-4B74-A477-0CAE12934CE7}"=Canon RAW Image Task for ZoomBrowser EX
"InstallShield_{4C96958A-6562-4143-B820-FF4890D3B734}"=Canon Camera Window DVC for ZoomBrowser EX
"InstallShield_{8AF1E098-1A5C-4336-BBE2-D047ABB401ED}"=Canon MovieEdit Task for ZoomBrowser EX
"InstallShield_{91203BD3-6C3E-472F-ADBD-F60FDC7C4010}"=Canon Camera Window DS for ZoomBrowser EX
"InstallShield_{91F1A0D6-23AD-49FE-8D4E-379485652214}"=Canon Camera Support Core Library
"InstallShield_{C7281207-4AA4-425E-B57A-0E9EF8445635}"=Canon Camera Window for ZoomBrowser EX
"Intel® 537EP V9x DF PCI Modem"=Intel® 537EP V9x DF PCI Modem
"Microsoft .NET Framework 1.1 (1033)"=Microsoft .NET Framework 1.1
"Mozilla Firefox (2.0)"=Mozilla Firefox (2.0)
"MSC"=McAfee SecurityCenter
"MSCompPackV1"=Microsoft Compression Client Pack 1.0 for Windows XP
"NLSDownlevelMapping"=Microsoft National Language Support Downlevel APIs
"PhotoParade.exe"=PhotoParade Player
"RealArcade 1.2"=RealArcade
"RealPlayer 6.0"=RealPlayer
"StreetPlugin"=Learn2 Player (Uninstall Only)
"ViewpointMediaPlayer"=Viewpoint Media Player
"Windows Media Format Runtime"=Windows Media Format 11 runtime
"Windows Media Player"=Windows Media Player 11
"Windows XP Service Pack"=Windows XP Service Pack 3
"WMFDist11"=Windows Media Format 11 runtime
"wmp11"=Windows Media Player 11
"Wudf01000"=Microsoft User-Mode Driver Framework Feature Pack 1.0
"Yazzle1461Oin"=MediaTickets by OIN

========== HKEY_CURRENT_USER Uninstall List ==========

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Puzzle Pirates"=Puzzle Pirates

========== HKEY_USERS Uninstall List ==========

[HKEY_USERS\S-1-5-21-546102094-4041544526-257801300-1006\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Puzzle Pirates"=Puzzle Pirates

========== Last 10 Event Log Errors ==========

[ System Events ]
Error - 12/01/2009 13:21:43 | Computer Name = DELL | Source = DCOM | ID = 10005
Description = DCOM got error "%3" attempting to start the service McAfee SiteAdvisor
Service with arguments "" in order to run the server: {5A90F5EE-16B8-4C2A-81B3-FD5329BA477C}

Error - 12/01/2009 13:21:44 | Computer Name = DELL | Source = Service Control Manager | ID = 7000
Description = The McAfee SiteAdvisor Service service failed to start due to the
following error: %%3

Error - 12/01/2009 13:23:38 | Computer Name = DELL | Source = Disk | ID = 262151
Description = The device, \Device\Harddisk0\D, has a bad block.

Error - 12/01/2009 13:23:38 | Computer Name = DELL | Source = Disk | ID = 262151
Description = The device, \Device\Harddisk0\D, has a bad block.

Error - 12/01/2009 13:23:38 | Computer Name = DELL | Source = Disk | ID = 262151
Description = The device, \Device\Harddisk0\D, has a bad block.

Error - 12/01/2009 13:23:39 | Computer Name = DELL | Source = Disk | ID = 262151
Description = The device, \Device\Harddisk0\D, has a bad block.

Error - 12/01/2009 13:23:41 | Computer Name = DELL | Source = Disk | ID = 262151
Description = The device, \Device\Harddisk0\D, has a bad block.

Error - 12/01/2009 13:23:43 | Computer Name = DELL | Source = Disk | ID = 262151
Description = The device, \Device\Harddisk0\D, has a bad block.

Error - 12/01/2009 13:23:45 | Computer Name = DELL | Source = Disk | ID = 262151
Description = The device, \Device\Harddisk0\D, has a bad block.

Error - 12/01/2009 13:23:57 | Computer Name = DELL | Source = Service Control Manager | ID = 7000
Description = The McAfee SiteAdvisor Service service failed to start due to the
following error: %%3


< End of report >


Thanks
Dave

#6 Billy O'Neal

Billy O'Neal

    Visual C++ STL Maintainer


  • Malware Response Team
  • 12,304 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Redmond, Washington
  • Local time:02:31 AM

Posted 12 January 2009 - 06:10 PM

Hello, 1fletch
Before we begin, you should save these instructions in Notepad to your desktop, or print them, for easy reference. Much of our fix will be done in Safe mode, and you will be unable to access this thread at that time. If you have questions at any point, or are unsure of the instructions, feel free to post here and ask for clarification before proceeding.
We'll use this instead of ESET.

We need to run a system scan with Dr. Web CureIt
  • Please download DrWeb-CureIt & save it to your desktop.
    DO NOT perform a scan yet.
  • Reboot your computer in "SAFE MODE" using the F8 method. To do this, restart your computer and after hearing your computer beep once during startup (but before the Windows icon appears) press the F8 key repeatedly. A menu will appear with several options. Use the arrow keys to navigate and select the option to run Windows in "Safe Mode". Do not select "Safe Mode with Networking" or "Safe Mode with Command Prompt".
  • Double-click on drweb-cureit.exe to start the program. An "Express Scan of your PC" notice will appear.
  • Under "Start the Express Scan Now", Click "OK" to start. This is a short scan that will scan the files currently running in memory and when something is found, click the Yes button when it asks you if you want to cure it.
  • Once the short scan has finished, Click Options > Change settings
  • Choose the "Scan tab" and UNcheck "Heuristic analysis"
  • Back at the main window, click "Complete Scan"
  • Then click the "Start/Stop Scanning" button (green arrow on the right) and the scan will start.
  • When done, a message will be displayed at the bottom advising if any viruses were found.
  • Click "Yes to all" if it asks if you want to cure/move the file.
  • When the scan has finished, look if you can see the icon next to the files found. If so, click it, then click the next icon right below and select "Move incurable".
    (This will move it to the C:\Documents and Settings\userprofile\DoctorWeb\Quarantine folder if it can't be cured)
  • Next, in the Dr.Web CureIt menu on top, click file and choose save report list.
  • Save the DrWeb.csv report to your desktop.
  • Exit Dr.Web Cureit when done.
  • Important! Reboot your computer because it could be possible that files in use will be moved/deleted during reboot.
  • After reboot, post the contents of the log from Dr.Web in your next reply. (You can use Notepad to open the DrWeb.cvs report)
Your Java is out of date. Older versions have vulnerabilities that malicious sites can use to exploit and infect your system. Please follow these steps to remove older version Java components and update:
  • Download the latest version of Java Runtime Environment (JRE) Version 6 and save it to your desktop.
  • Scroll down to where it says "Java Runtime Environment (JRE)6 Update 11...allows end-users to run Java applications".
  • Click the "Download" button to the right.
  • Select your Platform: "Windows" (OR if you are on a x64 system, "Windows x64")
  • Select your Language: "Multi-Language".
  • Read the License Agreement, and then check the box that says: "Accept License Agreement".
  • Click Continue and the page will refresh.
  • Click on the link to download Windows Offline Installation and save the file to your desktop.
  • Close any programs you may have running - especially your web browser.
  • Go to Start > Settings > Control Panel, double-click on Add/Remove Programs (Or "Uninstall a Program" on Vista) and remove all older versions of Java.
  • Check (highlight) any item with Java Runtime Environment (JRE or J2SE) in the name.
  • Click the Remove or Change/Remove button.
  • Follow the onscreen instructions for the Java uninstaller.
  • Repeat as many times as necessary to remove each Java version.
  • Reboot your computer once all Java components are removed.
  • Then from your desktop double-click on jre-6u10-windows-i586-p.exe (Or jre-6u10-windows-x64.exe for x64 systems)
  • Follow the on screen instructions to install the latest Java version.
In your next reply, please include the following:
  • Dr.Web's Log

BillyIII
Twitter - My statements do not establish the official position of Microsoft Corporation, and are my own personal opinion. (But you already knew that, right?)
Posted Image

#7 1fletch

1fletch
  • Topic Starter

  • Members
  • 6 posts
  • OFFLINE
  •  
  • Local time:09:31 AM

Posted 13 January 2009 - 11:29 AM

Hello Billy,

Here are the results from the DrWeb scan:

Short Scan - Nothing found

Complete Scan
Tiscali Inet.exe;C:\Program Files\Tiscali\Tiscali Internet;Trojan.Swizzor.based;Deleted.;
A0000207.dll;C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP5;Trojan.Warx.origin;Incurable.Moved.;
A0000233.exe;C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP5;Trojan.Swizzor.based;Deleted.;

I've also updated the version of Java as suggested.

Thanks
Dave

#8 Billy O'Neal

Billy O'Neal

    Visual C++ STL Maintainer


  • Malware Response Team
  • 12,304 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Redmond, Washington
  • Local time:02:31 AM

Posted 13 January 2009 - 08:32 PM

Hello, 1fletch
Looks good. How are things running? Do you have any more problems?

BillyIII
Twitter - My statements do not establish the official position of Microsoft Corporation, and are my own personal opinion. (But you already knew that, right?)
Posted Image

#9 1fletch

1fletch
  • Topic Starter

  • Members
  • 6 posts
  • OFFLINE
  •  
  • Local time:09:31 AM

Posted 14 January 2009 - 11:44 AM

Hello Billy,

The PC seems much better now, I've rerun the DrWeb and McAfee scans - both were clean.

However, the taskbar icon showing the broadband connection is still missing and the DVD-RW drive(E) opens or part opens on start-up, is unable to read any CD/DVDs and doesn't respond very well when I try to open/close it.

Thanks
Dave

#10 Billy O'Neal

Billy O'Neal

    Visual C++ STL Maintainer


  • Malware Response Team
  • 12,304 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Redmond, Washington
  • Local time:02:31 AM

Posted 14 January 2009 - 04:47 PM

Hello, 1fletch

However, the taskbar icon showing the broadband connection is still missing

By default, windows displays no such icon. I'm not sure how to put one there.

DVD-RW drive(E) opens or part opens on start-up, is unable to read any CD/DVDs and doesn't respond very well when I try to open/close it.

That sounds like a hardware problem with the drive itself.

You may wish to ask for help from the General WinXP forum over here:
http://www.bleepingcomputer.com/forums/f/56/windows-xp-home-and-professional/

Congratulations! You now appear clean! :thumbsup:

Are things running okay? Do you have any more questions?

System Still Slow?
You may wish to try StartupLite. Simply download this tool to your desktop and run it. It will explain any optional auto-start programs on your system, and offer the option to stop these programs from starting at startup. This will result in fewer programs running when you boot your system, and should improve preformance.
If that does not work, you can try the steps mentioned in Slow Computer/browser? Check Here First; It May Not Be Malware


We Need to Clean Up Our Mess
  • Please reopen Posted Image on your desktop.
  • Push the large "Cleanup" button
  • Allow your system to reboot
Reset System Restore
Windows' "System Restore" feature can cause malware files to be cached and retained by your system. Resetting System Restore will clean these files from your system, and will allow you to use System Restore without fear of reinfection.
  • Go to Start > Programs > Accessories > System Tools and click "System Restore".
  • Choose the radio button marked "Create a Restore Point" on the first screen then click "Next". Give the R.P. a name then click "Create". The new point will be stamped with the current date and time. Keep a log of this so you can find it easily should you need to use System Restore.
  • Then go to Start > Run and type: Cleanmgr
  • Click "OK".
  • Click the "More Options" Tab.
  • Click "Clean Up" in the System Restore section to remove all previous restore points except the newly created one.
Note: You should only do this once, not on a regular basis!
You will not be able to restore computer to any earlier than today!

Recommendations
Below are some recommendations to lower your chances of (re)infection.
  • Install Spyware Blaster and update it regularly
    If you wish, the commercial version provides automatic updating.
  • Install the MVPs hosts file, and update it regularly
    You can use the HostMan host file manager to do this automaticly if you wish.
    For more information on the hosts file, and what it can do for you, you can view the Tutorial on the Hosts file
  • Install an Anti-Spyware program, and update it regularly
    Malware Byte's Anti Malware is an excellent Anti-Spyware scanner. It's scan times are usually under ten minutes, and has excellent detection and removal rates.
    SUPERAntiSpyware is another good scanner with high detection and removal rates.
    Both programs are free for non commercial home use but provide a resident and do not nag if you purchase the paid versions.
  • Keep Windows (and your other Microsoft software) up to date!
    I cannot stress how important this is enough. Often holes are found in Internet Explorer or Windows itself that require patching. Sometimes these holes will allow an attacker unrestricted access to your computer.

    If you are using Windows XP or earlier
    Visit the Microsoft Update Website and follow the on screen instructions to setup Microsoft Update. Also follow the instructions to update your system. Please REBOOT and repeat this process until there are no more updates to install!!

    If you are using Windows Vista
    • Click the "Start Menu" (or Windows Orb)
    • Click "All Programs"
    • Click "Windows Update"
    • On the left, choose "Change Settings"
    • Ensure that the checkbox "Use Microsoft Update" at the bottom of the window is checked.
    • Press OK and accept the UAC prompt.
      Note: You shouldn't need to check this checkbox every single time you update, only the first time.
    • Click "Check for Updates" in the upper left corner.
    • Follow the instructions to install the latest updates.
    • Reboot and repeat the "Check for Updates" until there are no more critical updates to install
  • Keep your other software up to date as well
    Software does not need to be made by Microsoft to be insecure. You can use the Secunia Online Software occasionally to help you check for out of date software on your machine.
  • Stay up to date!
    The MOST IMPORTANT part of any security setup is keeping the software up to date. Malware writers release new variants every single day. If your software updates don't keep up, then the malware will always be one step ahead. Not a good thing :).
BillyIII
Twitter - My statements do not establish the official position of Microsoft Corporation, and are my own personal opinion. (But you already knew that, right?)
Posted Image

#11 1fletch

1fletch
  • Topic Starter

  • Members
  • 6 posts
  • OFFLINE
  •  
  • Local time:09:31 AM

Posted 16 January 2009 - 03:34 PM

Billy,

Thanks for your help and recommendations, things are much better now.

Dave

#12 Billy O'Neal

Billy O'Neal

    Visual C++ STL Maintainer


  • Malware Response Team
  • 12,304 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Redmond, Washington
  • Local time:02:31 AM

Posted 16 January 2009 - 03:40 PM

Hello, 1fletch
Since this issue appears resolved, this topic has been closed.

If you need this topic reopened, please send me or another moderator a PM.

Everyone else please begin a new topic.

BillyIII
Twitter - My statements do not establish the official position of Microsoft Corporation, and are my own personal opinion. (But you already knew that, right?)
Posted Image




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users