Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Infected with type of worm/trojans/viruses


  • This topic is locked This topic is locked
6 replies to this topic

#1 seanf951

seanf951

  • Members
  • 3 posts
  • OFFLINE
  •  
  • Local time:01:38 AM

Posted 30 April 2009 - 06:17 PM

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 4:12:46 PM, on 4/30/2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Avira\AntiVir Desktop\avgnt.exe
C:\Program Files\AIM\aim.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Uniblue\SpyEraser\SpyEraser.exe
C:\Program Files\IObit\Advanced SystemCare 3\AWC.exe
C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
C:\Program Files\Logitech\SetPoint\SetPoint.exe
C:\Program Files\Common Files\Logishrd\KHAL2\KHALMNPR.EXE
C:\WINDOWS\system32\spoolsv.exe
c:\program files\common files\logishrd\lvmvfm\LVPrcSrv.exe
C:\Program Files\Avira\AntiVir Desktop\sched.exe
C:\Program Files\Google\Update\GoogleUpdate.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\WINDOWS\eHome\ehRecvr.exe
C:\WINDOWS\eHome\ehSched.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\PnkBstrA.exe
C:\Program Files\Common Files\New Boundary\PrismXL\PRISMXL.SYS
C:\Program Files\Viewpoint\Common\ViewpointService.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\dllhost.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\iTunes\iTunes.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://red.clientapps.yahoo.com/customize/.../search/ie.html
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R3 - URLSearchHook: AOLTBSearch Class - {EA756889-2338-43DB-8F07-D1CA6FB9C90D} - (no file)
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)
R3 - URLSearchHook: (no name) - {F4F10C1D-87C7-404A-B4B3-000000000000} - (no file)
O2 - BHO: EpsonToolBandKicker Class - {E99421FB-68DD-40F0-B4AC-B7027CAE2F1A} - C:\Program Files\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)
O3 - Toolbar: AIM Toolbar - {DE9C389F-3316-41A7-809B-AA305ED9D922} - (no file)
O3 - Toolbar: Easy Photo Print - {9421DD08-935F-4701-A9CA-22DF90AC4EA6} - C:\Program Files\Epson Software\Easy Photo Print\EPTBL.dll
O3 - Toolbar: EPSON Web-To-Page - {EE5D279F-081B-4404-994D-C6B60AAEBA6D} - C:\Program Files\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [Kernel and Hardware Abstraction Layer] KHALMNPR.EXE
O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir Desktop\avgnt.exe" /min
O4 - HKCU\..\Run: [AIM] C:\Program Files\AIM\aim.exe -cnetwait.odl
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [Uniblue SpyEraser] "C:\Program Files\Uniblue\SpyEraser\SpyEraser.exe" -m
O4 - HKCU\..\Run: [Advanced SystemCare 3] "C:\Program Files\IObit\Advanced SystemCare 3\AWC.exe" /startup
O4 - Global Startup: Logitech Desktop Messenger.lnk = C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
O4 - Global Startup: Logitech SetPoint.lnk = C:\Program Files\Logitech\SetPoint\SetPoint.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra button: AIM Toolbar - {3369AF0D-62E9-4bda-8103-B4C75499B578} - C:\WINDOWS\system32\shdocvw.dll
O9 - Extra button: AT&T Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\PROGRA~1\Yahoo!\Common\yiesrvc.dll
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe
O9 - Extra button: PartyCasino - {B4B52284-A248-4c51-9F7C-F0A0C67FCC9D} - C:\WINDOWS\system32\shdocvw.dll
O9 - Extra 'Tools' menuitem: PartyCasino - {B4B52284-A248-4c51-9F7C-F0A0C67FCC9D} - C:\WINDOWS\system32\shdocvw.dll
O9 - Extra button: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\WINDOWS\system32\shdocvw.dll
O9 - Extra 'Tools' menuitem: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\WINDOWS\system32\shdocvw.dll
O9 - Extra button: (no name) - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - (no file)
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O15 - Trusted Zone: *.antimalwareguard.com (HKLM)
O15 - Trusted Zone: *.gomyhit.com (HKLM)
O16 - DPF: {231B1C6E-F934-42A2-92B6-C2FEFEC24276} (yucsetreg Class) - C:\Program Files\Yahoo!\common\yucconfig.dll
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (Installation Support) - C:\Program Files\Yahoo!\Common\Yinsthelper20073151.dll
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.microsoft.com/microsoftu...b?1190600503156
O16 - DPF: {97770E5B-2028-48AC-B4DA-1F991376D2B6} - http://download.copysafe.net/plugins5/inst...rs/Copysafe.cab
O16 - DPF: {D18F962A-3722-4B59-B08D-28BB9EB2281E} - http://photos.yahoo.com/ocx/us/yexplorer1_9us.cab
O16 - DPF: {E5ABEB00-B357-4884-9949-77B2C71A7EE3} (BoardCtl Class) - http://www.intel.com/design/motherbd/boardid/BoardID.cab
O18 - Protocol: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll
O20 - AppInit_DLLs: karna.dat nltesh.dll
O20 - Winlogon Notify: geBQJDwV - geBQJDwV.dll (file missing)
O23 - Service: Lavasoft Ad-Aware Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
O23 - Service: Avira AntiVir Scheduler (AntiVirSchedulerService) - Avira GmbH - C:\Program Files\Avira\AntiVir Desktop\sched.exe
O23 - Service: Avira AntiVir Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir Desktop\avguard.exe
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: Google Update Service (gupdate1c9c61114ee7d8c) (gupdate1c9c61114ee7d8c) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Logitech Bluetooth Service (LBTServ) - Logitech, Inc. - C:\Program Files\Common Files\LogiShrd\Bluetooth\LBTServ.exe
O23 - Service: Process Monitor (LVPrcSrv) - Logitech Inc. - c:\program files\common files\logishrd\lvmvfm\LVPrcSrv.exe
O23 - Service: LVSrvLauncher - Logitech Inc. - C:\Program Files\Common Files\LogiShrd\SrvLnch\SrvLnch.exe
O23 - Service: nProtect GameGuard Service (npggsvc) - Unknown owner - C:\WINDOWS\system32\GameMon.des.exe (file missing)
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: PnkBstrA - Unknown owner - C:\WINDOWS\system32\PnkBstrA.exe
O23 - Service: PrismXL - New Boundary Technologies, Inc. - C:\Program Files\Common Files\New Boundary\PrismXL\PRISMXL.SYS
O23 - Service: Viewpoint Manager Service - Viewpoint Corporation - C:\Program Files\Viewpoint\Common\ViewpointService.exe
O23 - Service: YPCService - Yahoo! Inc. - C:\WINDOWS\system32\YPCSER~1.EXE

--
End of file - 9336 bytes

BC AdBot (Login to Remove)

 


#2 Buckeye_Sam

Buckeye_Sam

    Malware Expert


  • Members
  • 17,382 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Pickerington, Ohio
  • Local time:01:38 AM

Posted 01 May 2009 - 11:33 AM

Hello! :thumbup2:
My name is Sam and I will be helping you.

In order to see what's going on with your computer I will ask for you to post various logs from the tools that we will use to resolve your issue. Please also share with me any information about how your computer is reacting and behaving each step of the way as we work through this process.


We need to create an OTListIt2 Report
  • Please download OTListIt2 from here
  • Save it to your desktop.
  • Double click on the icon on your desktop.
  • Click the "Scan All Users" checkbox.
  • Push the "Run Scan" button.
  • The scan should take just a few minutes.
  • Copy the log that opens up and paste it back here in your next reply.



=============


The next log will show us any hidden files that are present.

Download GMER from here:
  • Unzip it to the desktop.
  • Open the program and click on the Rootkit tab.
  • Make sure all the boxes on the right of the screen are checked, EXCEPT for ‘Show All’.
  • Click on Scan.
  • When the scan has run click Copy and paste the results (if any) into this thread.

Posted Image If I have helped you in any way, please consider a donation to help me continue the fight against malware.


Failing to respond back to the person that is giving up their own time to help you not only is insensitive and disrespectful, but it guarantees that you will never receive help from me again. Please thank your helpers and there will always be help here when you need it!


========================================================

#3 seanf951

seanf951
  • Topic Starter

  • Members
  • 3 posts
  • OFFLINE
  •  
  • Local time:01:38 AM

Posted 03 May 2009 - 12:37 AM

ok here is the first log


OTListIt logfile created on: 5/1/2009 11:45:54 AM - Run 1
OTListIt2 by OldTimer - Version 2.0.15.2 Folder = C:\Documents and Settings\Owner\Desktop
Windows XP Media Center Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

2.00 Gb Total Physical Memory | 2.00 Gb Available Physical Memory | 100.00% Memory free
4.00 Gb Paging File | 4.00 Gb Available in Paging File | 100.00% Paging File free
Paging file location(s): C:\pagefile.sys 4100 4100 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 228.71 Gb Total Space | 186.56 Gb Free Space | 81.57% Space Free | Partition Type: NTFS
Drive D: | 4.16 Gb Total Space | 0.98 Gb Free Space | 23.54% Space Free | Partition Type: FAT32
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: FILIPI
Current User Name: Owner
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: All users
Output = Standard
File Age = 30 Days
Company Name Whitelist: On

========== Processes (SafeList) ==========

PRC - [2008/04/13 17:12:19 | 01,033,728 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\Explorer.EXE
PRC - [2008/09/02 00:29:26 | 00,611,664 | ---- | M] (Lavasoft) -- C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
PRC - [2009/02/15 18:31:54 | 00,091,440 | ---- | M] (Logitech Inc.) -- C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
PRC - [2008/05/02 03:44:08 | 00,805,392 | ---- | M] (Logitech, Inc.) -- C:\Program Files\Logitech\SetPoint\SetPoint.exe
PRC - [2008/05/02 03:40:56 | 00,076,304 | ---- | M] (Logitech, Inc.) -- C:\Program Files\Common Files\Logishrd\KHAL2\KHALMNPR.EXE
PRC - [2007/02/06 17:45:26 | 00,109,344 | ---- | M] (Logitech Inc.) -- c:\program files\common files\logishrd\lvmvfm\LVPrcSrv.exe
PRC - [2009/04/27 13:56:00 | 00,108,289 | ---- | M] (Avira GmbH) -- C:\Program Files\Avira\AntiVir Desktop\sched.exe
PRC - [2009/04/25 18:48:19 | 00,133,104 | ---- | M] (Google Inc.) -- C:\Program Files\Google\Update\GoogleUpdate.exe
PRC - [2009/03/06 00:04:30 | 00,132,424 | ---- | M] (Apple Inc.) -- C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
PRC - [2008/12/12 11:17:38 | 00,238,888 | ---- | M] (Apple Inc.) -- C:\Program Files\Bonjour\mDNSResponder.exe
PRC - [2004/09/28 02:33:52 | 00,195,584 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\eHome\ehRecvr.exe
PRC - [2004/08/10 11:04:42 | 00,102,912 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\eHome\ehSched.exe
PRC - [2007/06/29 00:43:00 | 00,155,716 | ---- | M] (NVIDIA Corporation) -- C:\WINDOWS\system32\nvsvc32.exe
PRC - [2007/09/26 22:02:52 | 00,066,872 | ---- | M] () -- C:\WINDOWS\system32\PnkBstrA.exe
PRC - [2004/01/01 13:56:55 | 00,172,032 | ---- | M] (New Boundary Technologies, Inc.) -- C:\Program Files\Common Files\New Boundary\PrismXL\PRISMXL.SYS
PRC - [2007/01/04 14:38:08 | 00,024,652 | ---- | M] (Viewpoint Corporation) -- C:\Program Files\Viewpoint\Common\ViewpointService.exe
PRC - [2009/03/02 12:10:30 | 00,185,089 | ---- | M] (Avira GmbH) -- C:\Program Files\Avira\AntiVir Desktop\avguard.exe
PRC - [2009/04/27 22:54:23 | 00,307,704 | ---- | M] (Mozilla Corporation) -- C:\Program Files\Mozilla Firefox\firefox.exe
PRC - [2009/04/02 16:10:58 | 13,646,632 | ---- | M] (Apple Inc.) -- C:\Program Files\iTunes\iTunes.exe
PRC - [2009/04/02 16:10:56 | 00,656,168 | ---- | M] (Apple Inc.) -- C:\Program Files\iPod\bin\iPodService.exe
PRC - [2009/05/01 11:44:56 | 00,501,248 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Owner\Desktop\OTListIt2.exe

========== Win32 Services (SafeList) ==========

SRV - [2008/09/02 00:29:26 | 00,611,664 | ---- | M] (Lavasoft) -- C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe -- (aawservice [Auto | Running])
SRV - [2009/04/27 13:56:00 | 00,108,289 | ---- | M] (Avira GmbH) -- C:\Program Files\Avira\AntiVir Desktop\sched.exe -- (AntiVirSchedulerService [Auto | Running])
SRV - [2009/03/02 12:10:30 | 00,185,089 | ---- | M] (Avira GmbH) -- C:\Program Files\Avira\AntiVir Desktop\avguard.exe -- (AntiVirService [On_Demand | Running])
SRV - [2009/03/06 00:04:30 | 00,132,424 | ---- | M] (Apple Inc.) -- C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe -- (Apple Mobile Device [Auto | Running])
SRV - [2008/07/25 11:16:40 | 00,034,312 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe -- (aspnet_state [On_Demand | Stopped])
SRV - [2008/12/12 11:17:38 | 00,238,888 | ---- | M] (Apple Inc.) -- C:\Program Files\Bonjour\mDNSResponder.exe -- (Bonjour Service [Auto | Running])
SRV - [2008/07/25 11:17:02 | 00,069,632 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32 [On_Demand | Stopped])
SRV - [2004/09/28 02:33:52 | 00,195,584 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\eHome\ehRecvr.exe -- (ehRecvr [Auto | Running])
SRV - [2004/08/10 11:04:42 | 00,102,912 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\eHome\ehSched.exe -- (ehSched [Auto | Running])
SRV - [2008/01/07 01:31:28 | 00,654,848 | ---- | M] (Macrovision Europe Ltd.) -- C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe -- (FLEXnet Licensing Service [On_Demand | Stopped])
SRV - [2008/07/29 21:10:04 | 00,046,104 | ---- | M] (Microsoft Corporation) -- c:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe -- (FontCache3.0.0.0 [On_Demand | Stopped])
SRV - [2009/04/25 18:48:19 | 00,133,104 | ---- | M] (Google Inc.) -- C:\Program Files\Google\Update\GoogleUpdate.exe -- (gupdate1c9c61114ee7d8c [Auto | Stopped])
SRV - [2008/04/13 17:12:02 | 00,038,400 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\PCHealth\HelpCtr\Binaries\pchsvc.dll -- (helpsvc [On_Demand | Stopped])
SRV - [2005/04/04 01:41:10 | 00,069,632 | ---- | M] (Macrovision Corporation) -- C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe -- (IDriverT [On_Demand | Stopped])
SRV - [2008/07/29 19:24:50 | 00,881,664 | ---- | M] (Microsoft Corporation) -- c:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe -- (idsvc [Unknown | Stopped])
SRV - [2009/04/02 16:10:56 | 00,656,168 | ---- | M] (Apple Inc.) -- C:\Program Files\iPod\bin\iPodService.exe -- (iPod Service [On_Demand | Running])
SRV - [2008/05/02 03:42:06 | 00,121,360 | ---- | M] (Logitech, Inc.) -- C:\Program Files\Common Files\LogiShrd\Bluetooth\LBTServ.exe -- (LBTServ [On_Demand | Stopped])
SRV - [2007/02/06 17:45:26 | 00,109,344 | ---- | M] (Logitech Inc.) -- c:\program files\common files\logishrd\lvmvfm\LVPrcSrv.exe -- (LVPrcSrv [Auto | Running])
SRV - [2007/02/06 17:47:12 | 00,105,248 | ---- | M] (Logitech Inc.) -- C:\Program Files\Common Files\LogiShrd\SrvLnch\SrvLnch.exe -- (LVSrvLauncher [Auto | Stopped])
SRV - [2004/08/10 11:11:50 | 00,085,504 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\mhn.dll -- (MHN [On_Demand | Stopped])
SRV - [2008/07/29 19:16:38 | 00,132,096 | ---- | M] (Microsoft Corporation) -- c:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe -- (NetTcpPortSharing [Disabled | Stopped])
SRV - [2009/03/16 15:48:00 | 02,849,757 | ---- | M] (INCA Internet Co., Ltd.) -- C:\WINDOWS\system32\GameMon.des -- (npggsvc [On_Demand | Stopped])
SRV - [2007/06/29 00:43:00 | 00,155,716 | ---- | M] (NVIDIA Corporation) -- C:\WINDOWS\system32\nvsvc32.exe -- (NVSvc [Auto | Running])
SRV - [2007/09/26 22:02:52 | 00,066,872 | ---- | M] () -- C:\WINDOWS\system32\PnkBstrA.exe -- (PnkBstrA [Auto | Running])
SRV - [2004/01/01 13:56:55 | 00,172,032 | ---- | M] (New Boundary Technologies, Inc.) -- C:\Program Files\Common Files\New Boundary\PrismXL\PRISMXL.SYS -- (PrismXL [Auto | Running])
SRV - [2005/01/28 13:44:28 | 00,038,912 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\wdfmgr.exe -- (UMWdf [On_Demand | Stopped])
SRV - [2007/01/04 14:38:08 | 00,024,652 | ---- | M] (Viewpoint Corporation) -- C:\Program Files\Viewpoint\Common\ViewpointService.exe -- (Viewpoint Manager Service [Auto | Running])
SRV - [2007/10/25 15:27:54 | 00,266,240 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Windows Live\installer\WLSetupSvc.exe -- (WLSetupSvc [On_Demand | Stopped])
SRV - [2003/05/19 16:07:38 | 00,086,016 | ---- | M] (Yahoo! Inc.) -- C:\WINDOWS\system32\YPcservice.exe -- (YPCService [On_Demand | Stopped])

========== Driver Services (SafeList) ==========

DRV - [2008/04/29 11:20:00 | 00,015,648 | ---- | M] (Lavasoft AB) -- C:\WINDOWS\system32\drivers\NSDriver.sys -- (Ad-Watch Connect Filter [On_Demand | Stopped])
DRV - [2001/08/17 20:51:56 | 00,005,248 | ---- | M] (Acer Laboratories Inc.) -- C:\WINDOWS\system32\DRIVERS\aliide.sys -- (AliIde [Boot | Running])
DRV - [2008/04/13 11:36:39 | 00,043,008 | ---- | M] (Advanced Micro Devices, Inc.) -- C:\WINDOWS\system32\DRIVERS\amdagp.sys -- (amdagp [Boot | Running])
DRV - [2001/08/17 20:52:00 | 00,026,496 | ---- | M] (Advanced System Products, Inc.) -- C:\WINDOWS\system32\DRIVERS\asc.sys -- (asc [Boot | Running])
DRV - [2001/08/17 20:51:58 | 00,014,848 | ---- | M] (Advanced System Products, Inc.) -- C:\WINDOWS\system32\DRIVERS\asc3550.sys -- (asc3550 [Boot | Running])
DRV - [2002/07/17 08:05:10 | 00,016,512 | ---- | M] (Adaptec) -- C:\WINDOWS\System32\DRIVERS\ASPI32.sys -- (ASPI [On_Demand | Stopped])
DRV - [2009/02/13 11:35:05 | 00,011,608 | ---- | M] (Avira GmbH) -- C:\Program Files\Avira\AntiVir Desktop\avgio.sys -- (avgio [System | Running])
DRV - [2009/04/27 13:56:00 | 00,055,640 | ---- | M] (Avira GmbH) -- C:\WINDOWS\system32\DRIVERS\avgntflt.sys -- (avgntflt [Auto | Running])
DRV - [2009/04/27 13:56:00 | 00,096,104 | ---- | M] (Avira GmbH) -- C:\WINDOWS\system32\DRIVERS\avipbb.sys -- (avipbb [System | Running])
DRV - [2005/04/05 16:38:32 | 00,132,352 | ---- | M] (Broadcom Corporation) -- C:\WINDOWS\system32\DRIVERS\b57xp32.sys -- (b57w2k [On_Demand | Running])
DRV - [2006/10/18 03:00:00 | 00,002,432 | ---- | M] (Sonic Solutions) -- C:\WINDOWS\System32\drivers\cdr4_xp.sys -- (Cdr4_xp [System | Running])
DRV - [2006/10/18 03:00:00 | 00,002,560 | ---- | M] (Sonic Solutions) -- C:\WINDOWS\System32\drivers\cdralw2k.sys -- (Cdralw2k [System | Running])
DRV - [2001/08/17 20:51:54 | 00,006,656 | ---- | M] (CMD Technology, Inc.) -- C:\WINDOWS\system32\DRIVERS\cmdide.sys -- (CmdIde [Boot | Running])
DRV - [2001/08/17 20:52:16 | 00,179,584 | ---- | M] (Mylex Corporation) -- C:\WINDOWS\system32\DRIVERS\dac2w2k.sys -- (dac2w2k [Boot | Running])
DRV - [2009/03/19 16:32:48 | 00,023,400 | ---- | M] (GEAR Software Inc.) -- C:\WINDOWS\system32\DRIVERS\GEARAspiWDM.sys -- (GEARAspiWDM [On_Demand | Running])
DRV - [2008/04/13 09:36:05 | 00,144,384 | ---- | M] (Windows ® Server 2003 DDK provider) -- C:\WINDOWS\system32\DRIVERS\HDAudBus.sys -- (HDAudBus [On_Demand | Running])
DRV - [2005/07/22 11:01:10 | 00,231,168 | ---- | M] (Conexant Systems, Inc.) -- C:\WINDOWS\system32\DRIVERS\HSFHWBS2.sys -- (HSFHWBS2 [On_Demand | Running])
DRV - [2004/06/17 15:55:04 | 01,041,536 | ---- | M] (Conexant Systems, Inc.) -- C:\WINDOWS\system32\DRIVERS\HSF_DP.sys -- (HSF_DP [On_Demand | Stopped])
DRV - [2005/07/22 11:02:12 | 01,035,008 | ---- | M] (Conexant Systems, Inc.) -- C:\WINDOWS\system32\DRIVERS\HSF_DPV.sys -- (HSF_DPV [On_Demand | Running])
DRV - [2008/02/29 04:12:48 | 00,020,240 | ---- | M] (Logitech, Inc.) -- C:\WINDOWS\system32\DRIVERS\L8042Kbd.sys -- (L8042Kbd [On_Demand | Stopped])
DRV - [2008/02/29 04:13:16 | 00,035,344 | ---- | M] (Logitech, Inc.) -- C:\WINDOWS\system32\DRIVERS\LHidFilt.Sys -- (LHidFilt [On_Demand | Running])
DRV - [2008/02/29 04:13:24 | 00,036,880 | ---- | M] (Logitech, Inc.) -- C:\WINDOWS\system32\DRIVERS\LMouFilt.Sys -- (LMouFilt [On_Demand | Running])
DRV - [2007/02/06 17:42:40 | 01,691,808 | ---- | M] () -- C:\WINDOWS\system32\DRIVERS\LVcKap.sys -- (LVcKap [On_Demand | Stopped])
DRV - [2007/02/06 17:44:36 | 01,964,064 | ---- | M] (Logitech Inc.) -- C:\WINDOWS\system32\DRIVERS\LVMVDrv.sys -- (LVMVDrv [On_Demand | Stopped])
DRV - [2007/02/06 17:45:04 | 00,025,632 | ---- | M] () -- C:\WINDOWS\system32\DRIVERS\LVPr2Mon.sys -- (LVPr2Mon [On_Demand | Running])
DRV - [2007/07/19 00:44:02 | 00,041,752 | ---- | M] (Logitech Inc.) -- C:\WINDOWS\system32\drivers\LVUSBSta.sys -- (LVUSBSta [On_Demand | Running])
DRV - [2005/10/05 15:57:08 | 00,012,544 | ---- | M] (Conexant) -- C:\WINDOWS\system32\DRIVERS\mdmxsdk.sys -- (mdmxsdk [Auto | Running])
DRV - [2001/08/17 20:52:12 | 00,017,280 | ---- | M] (American Megatrends Inc.) -- C:\WINDOWS\system32\DRIVERS\mraid35x.sys -- (mraid35x [Boot | Running])
DRV - [2001/08/17 13:49:32 | 00,019,968 | ---- | M] (Macronix International Co., Ltd. ) -- C:\WINDOWS\system32\DRIVERS\mxnic.sys -- (mxnic [On_Demand | Stopped])
DRV - [2008/07/22 11:43:58 | 00,027,136 | ---- | M] (NCH Swift Sound) -- C:\WINDOWS\system32\drivers\nchssvad.sys -- (NCHSSVAD [On_Demand | Stopped])
DRV - [2007/06/29 00:43:00 | 06,807,328 | ---- | M] (NVIDIA Corporation) -- C:\WINDOWS\system32\DRIVERS\nv4_mini.sys -- (nv [On_Demand | Running])
DRV - [2007/10/01 17:20:40 | 00,032,160 | ---- | M] (PCTEL Inc.) -- C:\WINDOWS\system32\PCTINDIS5.SYS -- (PCTINDIS5 [On_Demand | Stopped])
DRV - [2007/07/19 00:39:16 | 00,013,848 | ---- | M] (Logitech Inc.) -- C:\WINDOWS\system32\DRIVERS\lv302af.sys -- (pepifilter [On_Demand | Stopped])
DRV - [2007/07/19 00:39:16 | 01,278,104 | ---- | M] (Logitech Inc.) -- C:\WINDOWS\system32\DRIVERS\LV302V32.SYS -- (PID_PEPI [On_Demand | Stopped])
DRV - [2004/08/10 12:00:00 | 00,017,792 | ---- | M] (Parallel Technologies, Inc.) -- C:\WINDOWS\system32\DRIVERS\ptilink.sys -- (Ptilink [On_Demand | Running])
DRV - [2006/10/18 03:00:00 | 00,036,624 | ---- | M] (Sonic Solutions) -- C:\WINDOWS\System32\Drivers\PxHelp20.sys -- (PxHelp20 [Boot | Running])
DRV - [2001/08/17 20:52:20 | 00,040,320 | ---- | M] (QLogic Corporation) -- C:\WINDOWS\system32\DRIVERS\ql1080.sys -- (ql1080 [Boot | Running])
DRV - [2001/08/17 20:52:20 | 00,045,312 | ---- | M] (QLogic Corporation) -- C:\WINDOWS\system32\DRIVERS\ql12160.sys -- (ql12160 [Boot | Running])
DRV - [2001/08/17 20:52:18 | 00,049,024 | ---- | M] (QLogic Corporation) -- C:\WINDOWS\system32\DRIVERS\ql1280.sys -- (ql1280 [Boot | Running])
DRV - [2007/11/13 03:25:53 | 00,020,480 | ---- | M] (Macrovision Corporation, Macrovision Europe Limited, and Macrovision Japan and Asia K.K.) -- C:\WINDOWS\system32\DRIVERS\secdrv.sys -- (Secdrv [Auto | Running])
DRV - [2005/04/04 09:01:34 | 00,035,712 | ---- | M] (Sonic Focus, Inc) -- C:\WINDOWS\system32\drivers\sfng32.sys -- (sfng32 [On_Demand | Running])
DRV - [2008/04/13 11:36:39 | 00,040,960 | ---- | M] (Silicon Integrated Systems Corporation) -- C:\WINDOWS\system32\DRIVERS\sisagp.sys -- (sisagp [Boot | Running])
DRV - [2001/08/17 21:07:44 | 00,019,072 | ---- | M] (Adaptec, Inc.) -- C:\WINDOWS\system32\DRIVERS\sparrow.sys -- (Sparrow [Boot | Running])
DRV - [2007/12/12 02:47:25 | 00,685,816 | ---- | M] () -- C:\WINDOWS\System32\Drivers\sptd.sys -- (sptd [Boot | Running])
DRV - [2007/07/26 09:25:12 | 00,039,808 | R--- | M] () -- C:\WINDOWS\system32\drivers\srs_sscfilter_i386.sys -- (SRS_SSCFilter [On_Demand | Stopped])
DRV - [2009/02/13 11:50:02 | 00,028,376 | ---- | M] (Avira GmbH) -- C:\WINDOWS\system32\DRIVERS\ssmdrv.sys -- (ssmdrv [System | Running])
DRV - [2005/04/27 11:45:08 | 00,300,672 | ---- | M] (SigmaTel, Inc.) -- C:\WINDOWS\system32\drivers\sthda.sys -- (STHDA [On_Demand | Running])
DRV - [2004/11/15 18:41:54 | 00,036,804 | ---- | M] (Alcor Micro Corp.) -- C:\WINDOWS\System32\Drivers\sunkfilt.sys -- (SunkFilt [On_Demand | Running])
DRV - [2001/08/17 21:07:34 | 00,016,256 | ---- | M] (Symbios Logic Inc.) -- C:\WINDOWS\system32\DRIVERS\symc810.sys -- (symc810 [Boot | Running])
DRV - [2001/08/17 21:07:36 | 00,032,640 | ---- | M] (LSI Logic) -- C:\WINDOWS\system32\DRIVERS\symc8xx.sys -- (symc8xx [Boot | Running])
DRV - [2001/08/17 21:07:40 | 00,028,384 | ---- | M] (LSI Logic) -- C:\WINDOWS\system32\DRIVERS\sym_hi.sys -- (sym_hi [Boot | Running])
DRV - [2001/08/17 21:07:42 | 00,030,688 | ---- | M] (LSI Logic) -- C:\WINDOWS\system32\DRIVERS\sym_u3.sys -- (sym_u3 [Boot | Running])
DRV - [2001/08/17 20:52:22 | 00,036,736 | ---- | M] (Promise Technology, Inc.) -- C:\WINDOWS\system32\DRIVERS\ultra.sys -- (ultra [Boot | Running])
DRV - [2007/09/06 13:28:16 | 00,030,336 | ---- | M] (Apple, Inc.) -- C:\WINDOWS\System32\Drivers\usbaapl.sys -- (USBAAPL [On_Demand | Stopped])
DRV - [2008/04/13 11:45:12 | 00,060,032 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\usbaudio.sys -- (usbaudio [On_Demand | Stopped])
DRV - [2008/04/13 11:56:49 | 00,012,800 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\DRIVERS\usb8023x.sys -- (usb_rndisx [On_Demand | Stopped])
DRV - [2008/04/13 12:45:38 | 00,031,744 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\DRIVERS\wceusbsh.sys -- (wceusbsh [System | Stopped])
DRV - [2005/07/22 11:01:00 | 00,717,952 | ---- | M] (Conexant Systems, Inc.) -- C:\WINDOWS\system32\DRIVERS\HSF_CNXT.sys -- (winachsf [On_Demand | Running])
DRV - [2003/08/10 20:48:04 | 00,177,664 | R--- | M] (2wire) -- C:\WINDOWS\system32\DRIVERS\wltwo51b.sys -- (wltwo51b [On_Demand | Stopped])

========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = [binary data]
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Extensions Off Page = about:NoAdd-ons
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Security Risk Page = about:SecurityRisk
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,CustomizeSearch = http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchcust.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,CustomSearch = http://red.clientapps.yahoo.com/customize/.../search/ie.html
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Search_URL = http://www.google.com/ie
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.google.com
IE - URLSearchHook: {EA756889-2338-43DB-8F07-D1CA6FB9C90D} - Reg Error: Key error. File not found


IE - HKU\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.google.com
IE - HKU\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://att.yahoo.com
IE - URLSearchHook: {54EB34EA-E6BE-4CFD-9F4F-C4A0C2EAFA22} - Reg Error: Key error. File not found
IE - URLSearchHook: {EF99BD32-C1FB-11D2-892F-0090271D4F88} - Reg Error: Key error. File not found
IE - HKU\.DEFAULT\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.google.com
IE - HKU\S-1-5-18\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://att.yahoo.com
IE - URLSearchHook: {54EB34EA-E6BE-4CFD-9F4F-C4A0C2EAFA22} - Reg Error: Key error. File not found
IE - URLSearchHook: {EF99BD32-C1FB-11D2-892F-0090271D4F88} - Reg Error: Key error. File not found
IE - HKU\S-1-5-18\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0



IE - HKU\S-1-5-21-2225661657-2604730474-3965483411-1006\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.google.com
IE - HKU\S-1-5-21-2225661657-2604730474-3965483411-1006\SOFTWARE\Microsoft\Internet Explorer\Main,SearchMigratedDefaultName = Google
IE - HKU\S-1-5-21-2225661657-2604730474-3965483411-1006\SOFTWARE\Microsoft\Internet Explorer\Main,SearchMigratedDefaultURL = http://www.google.com/search?q={searchTerm...tf8&oe=utf8
IE - HKU\S-1-5-21-2225661657-2604730474-3965483411-1006\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com/
IE - HKU\S-1-5-21-2225661657-2604730474-3965483411-1006\SOFTWARE\Microsoft\Internet Explorer\Search,AutoSearch = http://ie.search.msn.com/{SUB_RFC1766}/src...autosearch.aspx
IE - HKU\S-1-5-21-2225661657-2604730474-3965483411-1006\SOFTWARE\Microsoft\Internet Explorer\Search,CustomizeSearch = http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchcust.htm
IE - HKU\S-1-5-21-2225661657-2604730474-3965483411-1006\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.google.com
IE - URLSearchHook: {EA756889-2338-43DB-8F07-D1CA6FB9C90D} - Reg Error: Key error. File not found
IE - URLSearchHook: {EF99BD32-C1FB-11D2-892F-0090271D4F88} - Reg Error: Key error. File not found
IE - URLSearchHook: {F4F10C1D-87C7-404A-B4B3-000000000000} - Reg Error: Key error. File not found
IE - HKU\S-1-5-21-2225661657-2604730474-3965483411-1006\S-1-5-21-2225661657-2604730474-3965483411-1006\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-21-2225661657-2604730474-3965483411-1006\S-1-5-21-2225661657-2604730474-3965483411-1006\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

========== FireFox ==========

FF - prefs.js..browser.search.selectedEngine: "MySpace.com"
FF - prefs.js..browser.search.useDBForOrder: true
FF - prefs.js..browser.startup.homepage: "www.google.com"
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA}:6.0.03
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA}:6.0.07
FF - prefs.js..extensions.enabledItems: {E1FA113A-83D8-4BFD-BE7D-E4A3247EE16E}:1.0
FF - prefs.js..extensions.enabledItems: {20a82645-c095-46ed-80e3-08825760534b}:1.0
FF - prefs.js..extensions.enabledItems: {972ce4c6-7e08-4474-a285-3208198ce6fd}:3.0.10
FF - prefs.js..keyword.URL: "http://searchservice.myspace.com/index.cfm?fuseaction=sitesearch.results&type=Web&orig=IMC-FF&qry="

FF - HKLM\software\mozilla\Firefox\Extensions\\{20a82645-c095-46ed-80e3-08825760534b}: C:\WINDOWS\MICROSOFT.NET\FRAMEWORK\V3.5\WINDOWS PRESENTATION FOUNDATION\DOTNETASSISTANTEXTENSION\ [2009/04/28 22:42:03 | 00,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.0.8\extensions\\Components: C:\PROGRAM FILES\MOZILLA FIREFOX\COMPONENTS [2009/04/29 20:24:06 | 00,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.0.8\extensions\\Plugins: C:\PROGRAM FILES\MOZILLA FIREFOX\PLUGINS [2009/04/27 22:54:28 | 00,000,000 | ---D | M]

[2009/01/04 22:49:08 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\mozilla\Extensions
[2009/01/04 22:49:08 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\mozilla\Extensions\{ec8030f7-c20a-464f-9b0e-13a3a9e97384}
[2009/03/02 00:44:08 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\mozilla\Firefox\Profiles\jciix2z6.default\extensions
[2009/04/14 22:18:00 | 00,001,595 | ---- | M] () -- C:\Documents and Settings\Owner\Application Data\Mozilla\FireFox\Profiles\jciix2z6.default\searchplugins\amazondotcom.xml
[2009/04/14 22:18:00 | 00,001,595 | ---- | M] () -- C:\Documents and Settings\Owner\Application Data\Mozilla\FireFox\Profiles\jciix2z6.default\searchplugins\ebay.xml
[2009/04/01 12:25:00 | 00,002,158 | ---- | M] () -- C:\Documents and Settings\Owner\Application Data\Mozilla\FireFox\Profiles\jciix2z6.default\searchplugins\MySpace.xml
[2009/03/01 23:45:41 | 00,008,181 | ---- | M] () -- C:\Documents and Settings\Owner\Application Data\Mozilla\FireFox\Profiles\jciix2z6.default\searchplugins\oneriot-search.xml
[2009/04/30 08:33:06 | 00,000,000 | ---D | M] -- C:\Program Files\mozilla firefox\extensions
[2009/04/27 22:54:28 | 00,000,000 | ---D | M] -- C:\Program Files\mozilla firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
[2008/12/30 23:13:33 | 00,000,000 | ---D | M] -- C:\Program Files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA}
[2009/04/11 21:56:55 | 00,000,000 | ---D | M] -- C:\Program Files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA}
[2009/04/25 15:22:31 | 00,000,000 | ---D | M] -- C:\Program Files\mozilla firefox\extensions\{E1FA113A-83D8-4BFD-BE7D-E4A3247EE16E}
[2009/04/27 22:54:23 | 00,023,032 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browserdirprovider.dll
[2009/04/27 22:54:23 | 00,134,648 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\brwsrcmp.dll
[2008/07/02 09:31:38 | 00,002,193 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\answers.xml
[2008/07/02 09:31:38 | 00,001,534 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\creativecommons.xml
[2008/07/02 09:31:38 | 00,001,706 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\google.xml
[2008/07/02 09:31:38 | 00,001,178 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\wikipedia.xml
[2008/07/02 09:31:38 | 00,000,792 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\yahoo.xml

O1 HOSTS File: (306428 bytes) - C:\WINDOWS\System32\drivers\etc\Hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: 127.0.0.1 www.007guard.com
O1 - Hosts: 127.0.0.1 007guard.com
O1 - Hosts: 127.0.0.1 008i.com
O1 - Hosts: 127.0.0.1 www.008k.com
O1 - Hosts: 127.0.0.1 008k.com
O1 - Hosts: 127.0.0.1 www.00hq.com
O1 - Hosts: 127.0.0.1 00hq.com
O1 - Hosts: 127.0.0.1 010402.com
O1 - Hosts: 127.0.0.1 www.032439.com
O1 - Hosts: 127.0.0.1 032439.com
O1 - Hosts: 127.0.0.1 www.100888290cs.com
O1 - Hosts: 127.0.0.1 100888290cs.com
O1 - Hosts: 127.0.0.1 www.100sexlinks.com
O1 - Hosts: 127.0.0.1 100sexlinks.com
O1 - Hosts: 127.0.0.1 www.10sek.com
O1 - Hosts: 127.0.0.1 10sek.com
O1 - Hosts: 127.0.0.1 www.123topsearch.com
O1 - Hosts: 127.0.0.1 123topsearch.com
O1 - Hosts: 127.0.0.1 www.132.com
O1 - Hosts: 127.0.0.1 132.com
O1 - Hosts: 127.0.0.1 www.136136.net
O1 - Hosts: 127.0.0.1 136136.net
O1 - Hosts: 127.0.0.1 www.163ns.com
O1 - Hosts: 127.0.0.1 163ns.com
O1 - Hosts: 10551 more lines...
O2 - BHO: (EpsonToolBandKicker Class) - {E99421FB-68DD-40F0-B4AC-B7027CAE2F1A} - C:\Program Files\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll (SEIKO EPSON CORPORATION)
O3 - HKLM\..\Toolbar: (Easy Photo Print) - {9421DD08-935F-4701-A9CA-22DF90AC4EA6} - C:\Program Files\Epson Software\Easy Photo Print\EPTBL.dll (SEIKO EPSON CORPORATION / CyCom Technology Corp.)
O3 - HKLM\..\Toolbar: (AIM Toolbar) - {DE9C389F-3316-41A7-809B-AA305ED9D922} - Reg Error: Key error. File not found
O3 - HKLM\..\Toolbar: (EPSON Web-To-Page) - {EE5D279F-081B-4404-994D-C6B60AAEBA6D} - C:\Program Files\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll (SEIKO EPSON CORPORATION)
O3 - HKLM\..\Toolbar: (Yahoo! Toolbar) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - Reg Error: Key error. File not found
O3 - HKLM\..\Toolbar: (no name) - SITEguard - Reg Error: Key error. File not found
O3 - HKU\.DEFAULT\..\Toolbar\WebBrowser: (no name) - {0B53EAC3-8D69-4B9E-9B19-A37C9A5676A7} - Reg Error: Key error. File not found
O3 - HKU\.DEFAULT\..\Toolbar\WebBrowser: (no name) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - Reg Error: Key error. File not found
O3 - HKU\.DEFAULT\..\Toolbar\WebBrowser: (no name) - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - Reg Error: Key error. File not found
O3 - HKU\.DEFAULT\..\Toolbar\WebBrowser: (no name) - {4982D40A-C53B-4615-B15B-B5B5E98D167C} - Reg Error: Key error. File not found
O3 - HKU\.DEFAULT\..\Toolbar\WebBrowser: (no name) - {DE9C389F-3316-41A7-809B-AA305ED9D922} - Reg Error: Key error. File not found
O3 - HKU\.DEFAULT\..\Toolbar\WebBrowser: (no name) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - Reg Error: Key error. File not found
O3 - HKU\S-1-5-18\..\Toolbar\WebBrowser: (no name) - {0B53EAC3-8D69-4B9E-9B19-A37C9A5676A7} - Reg Error: Key error. File not found
O3 - HKU\S-1-5-18\..\Toolbar\WebBrowser: (no name) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - Reg Error: Key error. File not found
O3 - HKU\S-1-5-18\..\Toolbar\WebBrowser: (no name) - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - Reg Error: Key error. File not found
O3 - HKU\S-1-5-18\..\Toolbar\WebBrowser: (no name) - {4982D40A-C53B-4615-B15B-B5B5E98D167C} - Reg Error: Key error. File not found
O3 - HKU\S-1-5-18\..\Toolbar\WebBrowser: (no name) - {DE9C389F-3316-41A7-809B-AA305ED9D922} - Reg Error: Key error. File not found
O3 - HKU\S-1-5-18\..\Toolbar\WebBrowser: (no name) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - Reg Error: Key error. File not found
O3 - HKU\S-1-5-21-2225661657-2604730474-3965483411-1006\..\Toolbar\WebBrowser: (no name) - {EE5D279F-081B-4404-994D-C6B60AAEBA6D} - C:\Program Files\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll (SEIKO EPSON CORPORATION)
O4 - HKLM..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup (NVIDIA Corporation)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Logitech Desktop Messenger.lnk = C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe (Logitech Inc.)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Logitech SetPoint.lnk = C:\Program Files\Logitech\SetPoint\SetPoint.exe (Logitech, Inc.)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\control panel present
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Infodelivery present
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: LinkResolveIgnoreLinkInfo = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoResolveSearch = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: dontdisplaylastusername = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticecaption =
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticetext =
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: shutdownwithoutlogon = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: undockwithoutlogon = 1
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: CDRAutoRun = 0
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoSetActiveDesktop = 1
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 0
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoFolderOptions = 0
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DisableTaskMgr = 0
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DisableRegistryTools = 0
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: CDRAutoRun = 0
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoSetActiveDesktop = 1
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 0
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoFolderOptions = 0
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DisableTaskMgr = 0
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DisableRegistryTools = 0
O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 149
O7 - HKU\S-1-5-21-2225661657-2604730474-3965483411-1006\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 0
O7 - HKU\S-1-5-21-2225661657-2604730474-3965483411-1006\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoRecentDocsMenu = 01 00 00 00 [binary data]
O7 - HKU\S-1-5-21-2225661657-2604730474-3965483411-1006\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 181
O7 - HKU\S-1-5-21-2225661657-2604730474-3965483411-1006\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoRecentDocsNetHood = 1
O7 - HKU\S-1-5-21-2225661657-2604730474-3965483411-1006\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: LinkResolveIgnoreLinkInfo = 0
O7 - HKU\S-1-5-21-2225661657-2604730474-3965483411-1006\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoFolderOptions = 0
O7 - HKU\S-1-5-21-2225661657-2604730474-3965483411-1006\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 0
O7 - HKU\S-1-5-21-2225661657-2604730474-3965483411-1006\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: NoDispScrSavPage = 0
O7 - HKU\S-1-5-21-2225661657-2604730474-3965483411-1006\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DisableRegedit = 0
O7 - HKU\S-1-5-21-2225661657-2604730474-3965483411-1006\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DisableTaskMgr = 0
O8 - Extra context menu item: &AIM Search - Reg Error: Value error. File not found
O8 - Extra context menu item: E&xport to Microsoft Excel - Reg Error: Value error. File not found
O9 - Extra 'Tools' menuitem : Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\npjpi160_07.dll (Sun Microsystems, Inc.)
O9 - Extra Button: AIM Toolbar - {3369AF0D-62E9-4bda-8103-B4C75499B578} - Reg Error: Key error. File not found
O9 - Extra Button: AT&T Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll (Yahoo! Inc.)
O9 - Extra Button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe (America Online, Inc.)
O9 - Extra Button: PartyCasino - {B4B52284-A248-4c51-9F7C-F0A0C67FCC9D} - Reg Error: Value error. File not found
O9 - Extra 'Tools' menuitem : PartyCasino - {B4B52284-A248-4c51-9F7C-F0A0C67FCC9D} - Reg Error: Value error. File not found
O9 - Extra Button: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - Reg Error: Value error. File not found
O9 - Extra 'Tools' menuitem : PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - Reg Error: Value error. File not found
O9 - Extra 'Tools' menuitem : @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe (Microsoft Corporation)
O9 - Extra Button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [mdnsNSP] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O15 - HKLM\..Trusted Domains: gomyhit.com ([]* in Trusted sites)
O15 - HKLM\..Trusted Domains: 49 domain(s) and sub-domain(s) not assigned to a zone.
O15 - HKU\.DEFAULT\..Trusted Domains: 48 domain(s) and sub-domain(s) not assigned to a zone.
O15 - HKU\S-1-5-18\..Trusted Domains: 48 domain(s) and sub-domain(s) not assigned to a zone.
O15 - HKU\S-1-5-21-2225661657-2604730474-3965483411-1006\..Trusted Domains: 48 domain(s) and sub-domain(s) not assigned to a zone.
O16 - DPF: {231B1C6E-F934-42A2-92B6-C2FEFEC24276} C:\Program Files\Yahoo!\common\yucconfig.dll (yucsetreg Class)
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} C:\Program Files\Yahoo!\Common\Yinsthelper20073151.dll (Installation Support)
O16 - DPF: {5ED80217-570B-4DA9-BF44-BE107C0EC166} http://cdn.scan.onecare.live.com/resource/...lscbase5483.cab (Windows Live Safety Center Base Module)
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} http://www.update.microsoft.com/microsoftu...b?1190600503156 (MUWebControl Class)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_07)
O16 - DPF: {97770E5B-2028-48AC-B4DA-1F991376D2B6} http://download.copysafe.net/plugins5/inst...rs/Copysafe.cab (Reg Error: Value error.)
O16 - DPF: {A17E30C4-A9BA-11D4-8673-60DB54C10000} http://download.yahoo.com/dl/installs/ymail/ymmapi.dll (Yahoo! MailTo)
O16 - DPF: {B9191F79-5613-4C76-AA2A-398534BB8999} http://download.yahoo.com/dl/installs/yab_af.cab (Reg Error: Value error.)
O16 - DPF: {CAFEEFAC-0015-0000-0002-ABCDEFFEDCBA} http://java.sun.com/update/1.5.0/jinstall-...indows-i586.cab (Java Plug-in 1.5.0_02)
O16 - DPF: {CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_03)
O16 - DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_07)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_07)
O16 - DPF: {D18F962A-3722-4B59-B08D-28BB9EB2281E} http://photos.yahoo.com/ocx/us/yexplorer1_9us.cab (Reg Error: Value error.)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://download.macromedia.com/pub/shockwa...ash/swflash.cab (Shockwave Flash Object)
O16 - DPF: {E5ABEB00-B357-4884-9949-77B2C71A7EE3} http://www.intel.com/design/motherbd/boardid/BoardID.cab (BoardCtl Class)
O18 - Protocol\Handler\bwfile-8876480 {9462A756-7B47-47BC-8C80-C34B9B80B32B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll (Logitech Inc.)
O18 - Protocol\Handler\http\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\http\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\https\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\https\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\ipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation)
O20 - AppInit_DLLs: (karna.dat) - File not found
O20 - AppInit_DLLs: (nltesh.dll) - File not found
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\Explorer.exe (Microsoft Corporation)
O20 - Winlogon\Notify\geBQJDwV: DllName - geBQJDwV.dll - File not found
O20 - Winlogon\Notify\LBTWlgn: DllName - c:\program files\common files\logishrd\bluetooth\LBTWlgn.dll - c:\program files\common files\logishrd\bluetooth\LBTWlgn.dll (Logitech, Inc.)
O24 - Desktop Components:0 (My Current Home Page) - About:Home
O29 - HKLM SecurityProviders - (mcenspc.dll) - File not found
O30 - LSA: Authentication Packages - (C:\WINDOWS\system32\geBsqpmN) - File not found
O31 - SafeBoot: AlternateShell - cmd.exe
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2004/09/13 12:15:24 | 00,000,053 | -HS- | M] () - D:\Autorun.inf -- [ FAT32 ]
O33 - MountPoints2\D\Shell - "" = AutoRun
O33 - MountPoints2\D\Shell\AutoRun - "" = Auto&Play
O34 - HKLM BootExecute: (autocheck) - File not found
O34 - HKLM BootExecute: (autochk) - C:\WINDOWS\System32\autochk.exe (Microsoft Corporation)
O34 - HKLM BootExecute: (*) - File not found
O34 - HKLM BootExecute: (lsdelete) - C:\WINDOWS\System32\lsdelete.exe ()

========== Files/Folders - Created Within 30 Days ==========

[3 C:\WINDOWS\*.tmp files]
[2009/05/01 11:45:08 | 00,286,208 | ---- | C] () -- C:\Documents and Settings\Owner\Desktop\9wj0tj6z.exe
[2009/05/01 11:44:51 | 00,501,248 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Owner\Desktop\OTListIt2.exe
[2009/05/01 11:35:31 | 32,168,67328 | -HS- | C] () -- C:\hiberfil.sys
[2009/04/30 22:11:33 | 00,000,376 | ---- | C] () -- C:\WINDOWS\tasks\AWC AutoSweep.job
[2009/04/30 22:11:25 | 00,000,388 | ---- | C] () -- C:\WINDOWS\tasks\AWC Update.job
[2009/04/30 19:19:08 | 00,000,000 | ---D | C] -- C:\Program Files\Windows Live Safety Center
[2009/04/30 16:05:26 | 00,001,740 | ---- | C] () -- C:\Documents and Settings\Owner\Desktop\HijackThis.lnk
[2009/04/30 16:05:26 | 00,000,000 | ---D | C] -- C:\Program Files\Trend Micro
[2009/04/29 08:00:11 | 01,089,593 | ---- | C] () -- C:\WINDOWS\System32\dllcache\ntprint.cat
[2009/04/29 01:10:26 | 00,000,338 | ---- | C] () -- C:\WINDOWS\tasks\Uniblue SpyEraser.job
[2009/04/29 00:33:39 | 00,020,232 | ---- | C] () -- C:\WINDOWS\System32\AntiSpyNative64.exe
[2009/04/29 00:33:39 | 00,016,648 | ---- | C] () -- C:\WINDOWS\System32\AntiSpyNative32.exe
[2009/04/28 22:50:49 | 00,000,076 | -HS- | C] () -- C:\Documents and Settings\Owner\My Documents\desktop.ini
[2009/04/28 22:50:49 | 00,000,000 | -H-D | C] -- C:\Program Files\Uninstall Information
[2009/04/28 22:49:02 | 00,000,000 | ---D | C] -- C:\WINDOWS\ie8updates
[2009/04/28 22:48:47 | 00,105,984 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\iecompat.dll
[2009/04/28 22:47:31 | 00,000,000 | -H-D | C] -- C:\WINDOWS\ie8
[2009/04/28 22:45:49 | 24,921,544 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\MRT.exe
[2009/04/28 22:43:21 | 00,000,000 | -HSD | C] -- C:\Config.Msi
[2009/04/28 22:41:26 | 00,000,000 | ---D | C] -- C:\WINDOWS\System32\XPSViewer
[2009/04/28 22:41:22 | 00,000,000 | ---D | C] -- C:\Program Files\MSBuild
[2009/04/28 22:41:14 | 00,000,000 | ---D | C] -- C:\Program Files\Reference Assemblies
[2009/04/28 22:40:52 | 01,676,288 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\xpssvcs.dll
[2009/04/28 22:40:52 | 01,676,288 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\xpssvcs.dll
[2009/04/28 22:40:52 | 00,597,504 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\printfilterpipelinesvc.exe
[2009/04/28 22:40:52 | 00,575,488 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\xpsshhdr.dll
[2009/04/28 22:40:52 | 00,575,488 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\xpsshhdr.dll
[2009/04/28 22:40:52 | 00,117,760 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\prntvpt.dll
[2009/04/28 22:40:52 | 00,089,088 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\filterpipelineprintproc.dll
[2009/04/28 22:40:52 | 00,000,000 | ---D | C] -- C:\b301244d68bd026ceea9f277
[2009/04/27 20:40:08 | 00,000,383 | -HS- | C] () -- C:\WINDOWS\System32\wiwifezi.exe
[2009/04/27 20:04:49 | 00,012,800 | -HS- | C] () -- C:\Documents and Settings\Owner\My Documents\Thumbs.db
[2009/04/25 22:58:10 | 00,116,224 | ---- | C] (Xerox) -- C:\WINDOWS\System32\dllcache\xrxwiadr.dll
[2009/04/25 22:58:07 | 00,023,040 | ---- | C] (Xerox Corporation) -- C:\WINDOWS\System32\dllcache\xrxwbtmp.dll
[2009/04/25 22:58:05 | 00,018,944 | ---- | C] () -- C:\WINDOWS\System32\dllcache\xrxscnui.dll
[2009/04/25 22:58:02 | 00,027,648 | ---- | C] () -- C:\WINDOWS\System32\dllcache\xrxftplt.exe
[2009/04/25 22:57:58 | 00,004,608 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\xrxflnch.exe
[2009/04/25 22:57:49 | 00,099,865 | ---- | C] (Eicon Technology) -- C:\WINDOWS\System32\dllcache\xlog.exe
[2009/04/25 22:57:48 | 00,028,288 | ---- | C] () -- C:\WINDOWS\System32\dllcache\xjis.nls
[2009/04/25 22:57:44 | 00,016,970 | ---- | C] (US Robotics MCD (Megahertz)) -- C:\WINDOWS\System32\dllcache\xem336n5.sys
[2009/04/25 22:57:40 | 00,008,192 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\wshirda.dll
[2009/04/25 22:57:17 | 00,008,832 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\wmiacpi.sys
[2009/04/25 22:57:15 | 00,154,624 | ---- | C] (Lucent Technologies) -- C:\WINDOWS\System32\dllcache\wlluc48.sys
[2009/04/25 22:57:11 | 00,034,890 | ---- | C] (Raytheon Corp.) -- C:\WINDOWS\System32\dllcache\wlandrv2.sys
[2009/04/25 22:57:05 | 00,771,581 | ---- | C] (Rockwell) -- C:\WINDOWS\System32\dllcache\winacisa.sys
[2009/04/25 22:57:01 | 00,053,760 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\wiamsmud.dll
[2009/04/25 22:56:57 | 00,087,040 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\wiafbdrv.dll
[2009/04/25 22:56:57 | 00,041,600 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\weitekp9.dll
[2009/04/25 22:56:57 | 00,031,232 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\weitekp9.sys
[2009/04/25 22:56:48 | 00,035,871 | ---- | C] (Winbond Electronics Corp.) -- C:\WINDOWS\System32\dllcache\wbfirdma.sys
[2009/04/25 22:56:44 | 00,009,216 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\wamps51.dll
[2009/04/25 22:56:37 | 00,016,925 | ---- | C] (Winbond Electronics Corporation) -- C:\WINDOWS\System32\dllcache\w940nd.sys
[2009/04/25 22:56:33 | 00,019,016 | ---- | C] (Winbond Electronics Corporation) -- C:\WINDOWS\System32\dllcache\w926nd.sys
[2009/04/25 22:56:30 | 00,019,528 | ---- | C] (Winbond Electronics Corporation) -- C:\WINDOWS\System32\dllcache\w840nd.sys
[2009/04/25 22:56:29 | 00,073,728 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\w3ext.dll
[2009/04/25 22:56:29 | 00,048,256 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\w32.dll
[2009/04/25 22:56:29 | 00,005,632 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\w3svapi.dll
[2009/04/25 22:56:29 | 00,004,608 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\w3ctrs51.dll
[2009/04/25 22:56:25 | 00,064,605 | ---- | C] (PCtel, Inc.) -- C:\WINDOWS\System32\dllcache\vvoice.sys
[2009/04/25 22:56:21 | 00,397,502 | ---- | C] (PCtel, Inc.) -- C:\WINDOWS\System32\dllcache\vpctcom.sys
[2009/04/25 22:56:17 | 00,604,253 | ---- | C] (PCTEL, INC.) -- C:\WINDOWS\System32\dllcache\vmodem.sys
[2009/04/25 22:56:13 | 00,249,402 | ---- | C] (Xircom) -- C:\WINDOWS\System32\dllcache\vinwm.sys
[2009/04/25 22:56:05 | 00,687,999 | ---- | C] (U.S. Robotics Corporation) -- C:\WINDOWS\System32\dllcache\usrwdxjs.sys
[2009/04/25 22:56:02 | 00,765,884 | ---- | C] (U.S. Robotics, Inc.) -- C:\WINDOWS\System32\dllcache\usrti.sys
[2009/04/25 22:55:58 | 00,113,762 | ---- | C] (U.S. Robotics Corporation) -- C:\WINDOWS\System32\dllcache\usrpda.sys
[2009/04/25 22:55:54 | 00,007,556 | ---- | C] (U.S. Robotics Corporation) -- C:\WINDOWS\System32\dllcache\usroslba.sys
[2009/04/25 22:55:51 | 00,224,802 | ---- | C] (U.S. Robotics Corporation) -- C:\WINDOWS\System32\dllcache\usr1807a.sys
[2009/04/25 22:55:47 | 00,794,399 | ---- | C] (U.S. Robotics, Inc.) -- C:\WINDOWS\System32\dllcache\usr1806v.sys
[2009/04/25 22:55:43 | 00,793,598 | ---- | C] (U.S. Robotics, Inc.) -- C:\WINDOWS\System32\dllcache\usr1806.sys
[2009/04/25 22:55:40 | 00,794,654 | ---- | C] (U.S. Robotics, Inc.) -- C:\WINDOWS\System32\dllcache\usr1801.sys
[2009/04/25 22:55:38 | 00,026,112 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\usbser.sys
[2009/04/25 22:55:37 | 00,017,152 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\usbohci.sys
[2009/04/25 22:55:36 | 00,032,384 | ---- | C] (KLSI USA, Inc.) -- C:\WINDOWS\System32\dllcache\usb101et.sys
[2009/04/25 22:55:32 | 00,094,720 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\umaxud32.dll
[2009/04/25 22:55:28 | 00,028,160 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\umaxu40.dll
[2009/04/25 22:55:25 | 00,026,624 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\umaxu22.dll
[2009/04/25 22:55:21 | 00,069,632 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\umaxu12.dll
[2009/04/25 22:55:17 | 00,050,688 | ---- | C] (UMAX DATA SYSTEMS INC.) -- C:\WINDOWS\System32\dllcache\umaxscan.dll
[2009/04/25 22:55:14 | 00,022,912 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\umaxpcls.sys
[2009/04/25 22:55:10 | 00,050,176 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\umaxp60.dll
[2009/04/25 22:55:07 | 00,047,616 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\umaxcam.dll
[2009/04/25 22:55:03 | 00,211,968 | ---- | C] (UMAX Data Systems Inc.) -- C:\WINDOWS\System32\dllcache\um54scan.dll
[2009/04/25 22:54:59 | 00,216,064 | ---- | C] (UMAX Data Systems Inc.) -- C:\WINDOWS\System32\dllcache\um34scan.dll
[2009/04/25 22:54:55 | 00,014,336 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\tsprof.exe
[2009/04/25 22:54:51 | 00,166,784 | ---- | C] (Trident Microsystems Inc.) -- C:\WINDOWS\System32\dllcache\tridxpm.sys
[2009/04/25 22:54:48 | 00,525,568 | ---- | C] (Trident Microsystems Inc.) -- C:\WINDOWS\System32\dllcache\tridxp.dll
[2009/04/25 22:54:44 | 00,159,232 | ---- | C] (Trident Microsystems Inc.) -- C:\WINDOWS\System32\dllcache\tridkbm.sys
[2009/04/25 22:54:40 | 00,440,576 | ---- | C] (Trident Microsystems Inc.) -- C:\WINDOWS\System32\dllcache\tridkb.dll
[2009/04/25 22:54:37 | 00,222,336 | ---- | C] (Trident Microsystems Inc.) -- C:\WINDOWS\System32\dllcache\trid3dm.sys
[2009/04/25 22:54:33 | 00,315,520 | ---- | C] (Trident Microsystems Inc.) -- C:\WINDOWS\System32\dllcache\trid3d.dll
[2009/04/25 22:54:07 | 00,123,995 | ---- | C] (Tiger Jet Network) -- C:\WINDOWS\System32\dllcache\tjisdn.sys
[2009/04/25 22:54:06 | 00,185,344 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\thawbrkr.dll
[2009/04/25 22:54:02 | 00,138,528 | ---- | C] (Trident Microsystems Inc.) -- C:\WINDOWS\System32\dllcache\tgiulnt5.sys
[2009/04/25 22:53:59 | 00,081,408 | ---- | C] (Trident Microsystems Inc.) -- C:\WINDOWS\System32\dllcache\tgiul50.dll
[2009/04/25 22:53:58 | 00,149,376 | ---- | C] (M-Systems) -- C:\WINDOWS\System32\dllcache\tffsport.sys
[2009/04/25 22:53:57 | 00,019,464 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\tdspx.sys
[2009/04/25 22:53:54 | 00,017,129 | ---- | C] (TDK Corporation) -- C:\WINDOWS\System32\dllcache\tdkcd31.sys
[2009/04/25 22:53:50 | 00,037,961 | ---- | C] (TDK Corporation) -- C:\WINDOWS\System32\dllcache\tdk100b.sys
[2009/04/25 22:53:50 | 00,021,896 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\tdipx.sys
[2009/04/25 22:53:50 | 00,013,192 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\tdasync.sys
[2009/04/25 22:53:43 | 00,007,040 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\tandqic.sys
[2009/04/25 22:53:39 | 00,036,640 | ---- | C] (Number Nine Visual Technology Corp.) -- C:\WINDOWS\System32\dllcache\t2r4mini.sys
[2009/04/25 22:53:36 | 00,172,768 | ---- | C] (Number Nine Visual Technology) -- C:\WINDOWS\System32\dllcache\t2r4disp.dll
[2009/04/25 22:53:32 | 00,094,293 | ---- | C] (Perle Systems Ltd. ) -- C:\WINDOWS\System32\dllcache\sxports.dll
[2009/04/25 22:53:28 | 00,103,936 | ---- | C] (Perle Systems Ltd. ) -- C:\WINDOWS\System32\dllcache\sx.sys
[2009/04/25 22:53:25 | 00,003,968 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\swusbflt.sys
[2009/04/25 22:53:22 | 00,010,240 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\swpidflt.dll
[2009/04/25 22:53:18 | 00,010,240 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\swpdflt2.dll
[2009/04/25 22:53:15 | 00,053,760 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\sw_wheel.dll
[2009/04/25 22:53:12 | 00,041,472 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\sw_effct.dll
[2009/04/25 22:53:08 | 00,155,648 | ---- | C] (Stallion Technologies) -- C:\WINDOWS\System32\dllcache\stlnprop.dll
[2009/04/25 22:53:04 | 00,053,248 | ---- | C] (Stallion Technologies) -- C:\WINDOWS\System32\dllcache\stlncoin.dll
[2009/04/25 22:53:01 | 00,285,760 | ---- | C] (Stallion Technologies) -- C:\WINDOWS\System32\dllcache\stlnata.sys
[2009/04/25 22:52:58 | 00,016,896 | ---- | C] (SCM Microsystems, Inc.) -- C:\WINDOWS\System32\dllcache\stcusb.sys
[2009/04/25 22:52:57 | 00,016,896 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\status.dll
[2009/04/25 22:52:53 | 00,048,736 | ---- | C] (3Com) -- C:\WINDOWS\System32\dllcache\srwlnd5.sys
[2009/04/25 22:52:50 | 00,101,376 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\srusbusd.dll
[2009/04/25 22:52:50 | 00,099,328 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\srusd.dll
[2009/04/25 22:52:46 | 00,024,660 | ---- | C] (Perle Systems Ltd.) -- C:\WINDOWS\System32\dllcache\spxupchk.dll
[2009/04/25 22:52:42 | 00,061,824 | ---- | C] (Perle Systems Ltd.) -- C:\WINDOWS\System32\dllcache\speed.sys
[2009/04/25 22:52:39 | 00,106,584 | ---- | C] (Perle Systems Ltd.) -- C:\WINDOWS\System32\dllcache\spdports.dll
[2009/04/25 22:52:22 | 00,009,600 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\sonymc.sys
[2009/04/25 22:52:21 | 00,143,422 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\softkey.dll
[2009/04/25 22:52:21 | 00,007,552 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\sonyait.sys
[2009/04/25 22:52:18 | 00,007,040 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\snyaitmc.sys
[2009/04/25 22:52:17 | 00,010,240 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\snmpstup.dll
[2009/04/25 22:52:17 | 00,007,168 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\EXCH_snprfdll.dll
[2009/04/25 22:52:15 | 00,012,288 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\EXCH_smtpctrs.dll
[2009/04/25 22:52:15 | 00,005,632 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\smimsgif.dll
[2009/04/25 22:52:12 | 00,058,368 | ---- | C] (Silicon Motion Inc.) -- C:\WINDOWS\System32\dllcache\smiminib.sys
[2009/04/25 22:52:11 | 00,015,872 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\smierrsm.dll
[2009/04/25 22:52:11 | 00,005,632 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\smierrsy.dll
[2009/04/25 22:52:08 | 00,147,200 | ---- | C] (Silicon Motion Inc.) -- C:\WINDOWS\System32\dllcache\smidispb.dll
[2009/04/25 22:52:04 | 00,025,034 | ---- | C] (SMC Networks, Inc.) -- C:\WINDOWS\System32\dllcache\smcpwr2n.sys
[2009/04/25 22:52:01 | 00,035,913 | ---- | C] (SMC) -- C:\WINDOWS\System32\dllcache\smcirda.sys
[2009/04/25 22:51:58 | 00,024,576 | ---- | C] (SMC Networks, Inc.) -- C:\WINDOWS\System32\dllcache\smc8000n.sys
[2009/04/25 22:51:55 | 00,006,784 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\smbhc.sys
[2009/04/25 22:51:54 | 00,006,912 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\smbclass.sys
[2009/04/25 22:51:53 | 00,016,000 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\smbbatt.sys
[2009/04/25 22:51:52 | 00,031,744 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\smb6w.dll
[2009/04/25 22:51:49 | 00,045,568 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\smb3w.dll
[2009/04/25 22:51:46 | 00,033,792 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\smb0w.dll
[2009/04/25 22:51:46 | 00,031,744 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\sma3w.dll
[2009/04/25 22:51:42 | 00,038,912 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\sm9aw.dll
[2009/04/25 22:51:42 | 00,028,672 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\sma0w.dll
[2009/04/25 22:51:42 | 00,026,624 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\sm93w.dll
[2009/04/25 22:51:42 | 00,026,624 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\sm92w.dll
[2009/04/25 22:51:39 | 00,028,160 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\sm91w.dll
[2009/04/25 22:51:38 | 00,029,184 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\sm8cw.dll
[2009/04/25 22:51:38 | 00,026,112 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\sm90w.dll
[2009/04/25 22:51:38 | 00,026,112 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\sm8dw.dll
[2009/04/25 22:51:38 | 00,026,112 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\sm8aw.dll
[2009/04/25 22:51:37 | 00,030,208 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\sm87w.dll
[2009/04/25 22:51:37 | 00,030,208 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\sm81w.dll
[2009/04/25 22:51:37 | 00,026,112 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\sm89w.dll
[2009/04/25 22:51:37 | 00,025,088 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\sm59w.dll
[2009/04/25 22:51:35 | 00,063,547 | ---- | C] (Symbol Technologies) -- C:\WINDOWS\System32\dllcache\sla30nd5.sys
[2009/04/25 22:51:32 | 00,091,294 | ---- | C] (SysKonnect, a business unit of Schneider & Koch & Co. Datensysteme GmbH.) -- C:\WINDOWS\System32\dllcache\skfpwin.sys
[2009/04/25 22:51:29 | 00,094,698 | ---- | C] (SysKonnect GmbH.) -- C:\WINDOWS\System32\dllcache\sk98xwin.sys
[2009/04/25 22:51:21 | 00,032,768 | ---- | C] (SiS Corporation) -- C:\WINDOWS\System32\dllcache\sisnic.sys
[2009/04/25 22:51:01 | 00,018,944 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\simptcp.dll
[2009/04/25 22:50:56 | 00,161,568 | ---- | C] (Micro Systemation) -- C:\WINDOWS\System32\dllcache\sgsmusb.sys
[2009/04/25 22:50:53 | 00,018,400 | ---- | C] (Micro Systemation) -- C:\WINDOWS\System32\dllcache\sgsmld.sys
[2009/04/25 22:50:50 | 00,098,080 | ---- | C] (Trident Microsystems Inc.) -- C:\WINDOWS\System32\dllcache\sgiulnt5.sys
[2009/04/25 22:50:47 | 00,386,560 | ---- | C] (Trident Microsystems Inc.) -- C:\WINDOWS\System32\dllcache\sgiul50.dll
[2009/04/25 22:50:40 | 00,006,784 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\serscan.sys
[2009/04/25 22:50:37 | 00,026,112 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\EXCH_seos.dll
[2009/04/25 22:50:37 | 00,017,664 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\sermouse.sys
[2009/04/25 22:50:33 | 00,006,912 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\seaddsmc.sys
[2009/04/25 22:50:32 | 00,011,520 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\scsiscan.sys
[2009/04/25 22:50:29 | 00,057,856 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\EXCH_scripto.dll
[2009/04/25 22:50:29 | 00,011,648 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\scsiprnt.sys
[2009/04/25 22:50:25 | 00,017,280 | ---- | C] (SCM Microsystems) -- C:\WINDOWS\System32\dllcache\scr111.sys
[2009/04/25 22:50:22 | 00,016,640 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\scmstcs.sys
[2009/04/25 22:50:19 | 00,023,936 | ---- | C] (OMNIKEY AG) -- C:\WINDOWS\System32\dllcache\sccmusbm.sys
[2009/04/25 22:50:16 | 00,023,936 | ---- | C] (OMNIKEY AG) -- C:\WINDOWS\System32\dllcache\sccmn50m.sys
[2009/04/25 22:50:14 | 00,043,904 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\sbp2port.sys
[2009/04/25 22:50:01 | 00,077,824 | ---- | C] (S3 Incorporated) -- C:\WINDOWS\System32\dllcache\s3sav4m.sys
[2009/04/25 22:49:57 | 00,198,400 | ---- | C] (S3 Incorporated) -- C:\WINDOWS\System32\dllcache\s3sav4.dll
[2009/04/25 22:49:54 | 00,061,504 | ---- | C] (S3 Incorporated) -- C:\WINDOWS\System32\dllcache\s3sav3dm.sys
[2009/04/25 22:49:51 | 00,179,264 | ---- | C] (S3 Incorporated) -- C:\WINDOWS\System32\dllcache\s3sav3d.dll
[2009/04/25 22:49:48 | 00,210,496 | ---- | C] (S3 Incorporated) -- C:\WINDOWS\System32\dllcache\s3mvirge.dll
[2009/04/25 22:49:45 | 00,062,496 | ---- | C] (S3 Incorporated) -- C:\WINDOWS\System32\dllcache\s3mtrio.dll
[2009/04/25 22:49:42 | 00,041,216 | ---- | C] (S3 Incorporated) -- C:\WINDOWS\System32\dllcache\s3mt3d.sys
[2009/04/25 22:49:39 | 00,182,272 | ---- | C] (S3 Incorporated) -- C:\WINDOWS\System32\dllcache\s3mt3d.dll
[2009/04/25 22:49:35 | 00,166,720 | ---- | C] (S3 Incorporated) -- C:\WINDOWS\System32\dllcache\s3m.sys
[2009/04/25 22:49:32 | 00,065,664 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\s3legacy.sys
[2009/04/25 22:49:29 | 00,082,432 | ---- | C] (Ricoh Co., Ltd.) -- C:\WINDOWS\System32\dllcache\rwia450.dll
[2009/04/25 22:49:26 | 00,079,872 | ---- | C] (Ricoh Co., Ltd.) -- C:\WINDOWS\System32\dllcache\rwia430.dll
[2009/04/25 22:49:26 | 00,079,872 | ---- | C] (Ricoh Co., Ltd.) -- C:\WINDOWS\System32\dllcache\rwia330.dll
[2009/04/25 22:49:25 | 00,079,872 | ---- | C] (Ricoh Co., Ltd.) -- C:\WINDOWS\System32\dllcache\rwia001.dll
[2009/04/25 22:49:25 | 00,029,696 | ---- | C] (Ricoh Co., Ltd.) -- C:\WINDOWS\System32\dllcache\rw450ext.dll
[2009/04/25 22:49:24 | 00,027,648 | ---- | C] (Ricoh Co., Ltd.) -- C:\WINDOWS\System32\dllcache\rw430ext.dll
[2009/04/25 22:49:22 | 00,020,992 | ---- | C] (Realtek Semiconductor Corporation) -- C:\WINDOWS\System32\dllcache\rtl8139.sys
[2009/04/25 22:49:19 | 00,019,017 | ---- | C] (Realtek Semiconductor Corporation) -- C:\WINDOWS\System32\dllcache\rtl8029.sys
[2009/04/25 22:49:12 | 00,009,216 | ---- | C] (Brother Industries, Ltd.) -- C:\WINDOWS\System32\dllcache\rsmgrstr.dll
[2009/04/25 22:49:07 | 00,079,104 | ---- | C] (Comtrol Corporation) -- C:\WINDOWS\System32\dllcache\rocket.sys
[2009/04/25 22:49:04 | 00,037,563 | ---- | C] (RadioLAN) -- C:\WINDOWS\System32\dllcache\rlnet5.sys
[2009/04/25 22:49:01 | 00,086,097 | ---- | C] (Xircom) -- C:\WINDOWS\System32\dllcache\reslog32.dll
[2009/04/25 22:49:00 | 00,023,040 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\EXCH_regtrace.exe
[2009/04/25 22:49:00 | 00,014,848 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\register.exe
[2009/04/25 22:48:56 | 00,019,584 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\rasirda.sys
[2009/04/25 22:48:52 | 00,714,762 | ---- | C] (Xircom, Inc.) -- C:\WINDOWS\System32\dllcache\r2mdmkxx.sys
[2009/04/25 22:48:49 | 00,899,146 | ---- | C] (Xircom, Inc.) -- C:\WINDOWS\System32\dllcache\r2mdkxga.sys
[2009/04/25 22:48:46 | 00,041,472 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\qvusd.dll
[2009/04/25 22:48:43 | 00,016,384 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\quser.exe
[2009/04/25 22:48:43 | 00,003,328 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\qv2kux.sys
[2009/04/25 22:48:42 | 00,009,728 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\query.exe
[2009/04/25 22:48:41 | 00,006,016 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\qic157.sys
[2009/04/25 22:48:37 | 00,130,942 | ---- | C] (PCTEL, INC.) -- C:\WINDOWS\System32\dllcache\ptserlv.sys
[2009/04/25 22:48:34 | 00,112,574 | ---- | C] (PCTEL, INC.) -- C:\WINDOWS\System32\dllcache\ptserlp.sys
[2009/04/25 22:48:31 | 00,128,286 | ---- | C] (PCTEL, INC.) -- C:\WINDOWS\System32\dllcache\ptserli.sys
[2009/04/25 22:48:30 | 00,159,232 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\ptpusd.dll
[2009/04/25 22:48:27 | 00,005,632 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\ptpusb.dll
[2009/04/25 22:48:24 | 00,035,328 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\psisload.dll
[2009/04/25 22:48:20 | 00,016,128 | ---- | C] (SCM Microsystems, Inc.) -- C:\WINDOWS\System32\dllcache\pscr.sys
[2009/04/25 22:48:19 | 00,083,748 | ---- | C] () -- C:\WINDOWS\System32\dllcache\prcp.nls
[2009/04/25 22:48:19 | 00,083,748 | ---- | C] () -- C:\WINDOWS\System32\dllcache\prc.nls
[2009/04/25 22:48:18 | 00,017,664 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\ppa3.sys
[2009/04/25 22:48:15 | 00,017,792 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\ppa.sys
[2009/04/25 22:48:14 | 00,008,832 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\powerfil.sys
[2009/04/25 22:48:11 | 00,131,584 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\pmxviceo.dll
[2009/04/25 22:48:11 | 00,011,264 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\pmxmcro.dll
[2009/04/25 22:48:11 | 00,007,168 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\pnrmc.sys
[2009/04/25 22:48:10 | 00,006,144 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\pmxgl.dll
[2009/04/25 22:48:06 | 00,121,344 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\phvfwext.dll
[2009/04/25 22:48:03 | 00,019,840 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\philtune.sys
[2009/04/25 22:48:00 | 00,092,416 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\phildec.sys
[2009/04/25 22:47:57 | 00,173,696 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\philcam2.sys
[2009/04/25 22:47:54 | 00,075,776 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\philcam1.sys
[2009/04/25 22:47:51 | 00,016,384 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\philcam1.dll
[2009/04/25 22:47:47 | 00,105,984 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\phdsext.ax
[2009/04/25 22:47:47 | 00,020,992 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\permchk.dll
[2009/04/25 22:47:46 | 00,259,328 | ---- | C] (Microsoft Corp., 3Dlabs Inc. Ltd.) -- C:\WINDOWS\System32\dllcache\perm3dd.dll
[2009/04/25 22:47:45 | 00,211,584 | ---- | C] (Microsoft Corp., 3Dlabs Inc. Ltd.) -- C:\WINDOWS\System32\dllcache\perm2dll.dll
[2009/04/25 22:47:45 | 00,028,032 | ---- | C] (Microsoft Corp., 3Dlabs Inc. Ltd.) -- C:\WINDOWS\System32\dllcache\perm3.sys
[2009/04/25 22:47:44 | 00,027,904 | ---- | C] (Microsoft Corp., 3Dlabs Inc. Ltd.) -- C:\WINDOWS\System32\dllcache\perm2.sys
[2009/04/25 22:47:43 | 00,169,984 | ---- | C] (Cisco Systems) -- C:\WINDOWS\System32\dllcache\pcx500.sys
[2009/04/25 22:47:39 | 00,086,016 | ---- | C] (PCtel, Inc.) -- C:\WINDOWS\System32\dllcache\pctspk.exe
[2009/04/25 22:47:36 | 00,035,328 | ---- | C] (AMD Inc.) -- C:\WINDOWS\System32\dllcache\pcntpci5.sys
[2009/04/25 22:47:33 | 00,029,769 | ---- | C] (AMD Inc.) -- C:\WINDOWS\System32\dllcache\pcntn5m.sys
[2009/04/25 22:47:30 | 00,030,282 | ---- | C] (AMD Inc.) -- C:\WINDOWS\System32\dllcache\pcntn5hl.sys
[2009/04/25 22:47:27 | 00,026,153 | ---- | C] (Linksys) -- C:\WINDOWS\System32\dllcache\pcmlm56.sys
[2009/04/25 22:47:26 | 00,029,502 | ---- | C] (Marconi Communications, Inc.) -- C:\WINDOWS\System32\dllcache\pca200e.sys
[2009/04/25 22:47:23 | 00,031,744 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\pagecnt.dll
[2009/04/25 22:47:23 | 00,030,495 | ---- | C] (Linksys) -- C:\WINDOWS\System32\dllcache\pc100nds.sys
[2009/04/25 22:47:22 | 00,036,927 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\padrs411.dll
[2009/04/25 22:47:22 | 00,014,336 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\padrs412.dll
[2009/04/25 22:47:19 | 00,041,984 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\ovui2rc.dll
[2009/04/25 22:47:16 | 00,044,544 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\ovui2.dll
[2009/04/25 22:47:13 | 00,025,216 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\ovsound2.sys
[2009/04/25 22:47:10 | 00,039,424 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\ovcoms.exe
[2009/04/25 22:47:06 | 00,020,480 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\ovcomc.dll
[2009/04/25 22:47:03 | 00,351,616 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\ovcodek2.sys
[2009/04/25 22:47:00 | 00,116,736 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\ovcodec2.dll
[2009/04/25 22:46:57 | 00,031,872 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\ovce.sys
[2009/04/25 22:46:54 | 00,028,032 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\ovcd.sys
[2009/04/25 22:46:51 | 00,048,000 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\ovcam2.sys
[2009/04/25 22:46:48 | 00,025,088 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\ovca.sys
[2009/04/25 22:46:45 | 00,054,186 | ---- | C] (Ositech Communications, Inc.) -- C:\WINDOWS\System32\dllcache\otcsercb.sys
[2009/04/25 22:46:42 | 00,043,689 | ---- | C] (Ositech Communications, Inc.) -- C:\WINDOWS\System32\dllcache\otceth5.sys
[2009/04/25 22:46:39 | 00,027,209 | ---- | C] (Ositech Communications, Inc.) -- C:\WINDOWS\System32\dllcache\otc06x5.sys
[2009/04/25 22:46:36 | 00,054,528 | ---- | C] (Yamaha Corp.) -- C:\WINDOWS\System32\dllcache\opl3sax.sys
[2009/04/25 22:46:24 | 00,051,552 | ---- | C] (Kensington Technology Group) -- C:\WINDOWS\System32\dllcache\ntgrip.sys
[2009/04/25 22:46:24 | 00,038,912 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\EXCH_ntfsdrv.dll
[2009/04/25 22:46:20 | 00,009,344 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\ntapm.sys
[2009/04/25 22:46:17 | 00,007,552 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\nsmmc.sys
[2009/04/25 22:46:09 | 00,087,040 | ---- | C] (NeoMagic Corporation) -- C:\WINDOWS\System32\dllcache\nm6wdm.sys
[2009/04/25 22:46:06 | 00,126,080 | ---- | C] (NeoMagic Corporation) -- C:\WINDOWS\System32\dllcache\nm5a2wdm.sys
[2009/04/25 22:46:03 | 00,053,248 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\nextlink.dll
[2009/04/25 22:46:03 | 00,032,840 | ---- | C] (NETGEAR Corporation.) -- C:\WINDOWS\System32\dllcache\ngrpci.sys
[2009/04/25 22:46:02 | 00,132,695 | ---- | C] (802.11b) -- C:\WINDOWS\System32\dllcache\netwlan5.sys
[2009/04/25 22:45:59 | 00,065,278 | ---- | C] (Compaq Computer Corporation) -- C:\WINDOWS\System32\dllcache\netflx3.sys
[2009/04/25 22:45:55 | 00,039,264 | ---- | C] (NeoMagic Corporation) -- C:\WINDOWS\System32\dllcache\neo20xx.sys
[2009/04/25 22:45:53 | 00,060,480 | ---- | C] (NeoMagic Corporation) -- C:\WINDOWS\System32\dllcache\neo20xx.dll
[2009/04/25 22:45:50 | 00,015,872 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\ne2000.sys
[2009/04/25 22:45:46 | 00,091,488 | ---- | C] (Number Nine Visual Technology Corp.) -- C:\WINDOWS\System32\dllcache\n9i3disp.dll
[2009/04/25 22:45:43 | 00,027,936 | ---- | C] (Number Nine Visual Technology Corp.) -- C:\WINDOWS\System32\dllcache\n9i3d.sys
[2009/04/25 22:45:41 | 00,033,088 | ---- | C] (Number Nine Visual Technology Corp.) -- C:\WINDOWS\System32\dllcache\n9i128v2.sys
[2009/04/25 22:45:38 | 00,059,104 | ---- | C] (Number Nine Visual Technology Corp.) -- C:\WINDOWS\System32\dllcache\n9i128v2.dll
[2009/04/25 22:45:35 | 00,013,664 | ---- | C] (Number Nine Visual Technology Corp.) -- C:\WINDOWS\System32\dllcache\n9i128.sys
[2009/04/25 22:45:32 | 00,035,392 | ---- | C] (Number Nine Visual Technology Corp.) -- C:\WINDOWS\System32\dllcache\n9i128.dll
[2009/04/25 22:45:29 | 00,128,000 | ---- | C] (Compaq Computer Corporation) -- C:\WINDOWS\System32\dllcache\n100325.sys
[2009/04/25 22:45:26 | 00,052,255 | ---- | C] (Compaq Computer Corporation) -- C:\WINDOWS\System32\dllcache\n1000nt5.sys
[2009/04/25 22:45:23 | 00,075,520 | ---- | C] (Moxa Technologies Co., Ltd.) -- C:\WINDOWS\System32\dllcache\mxport.sys
[2009/04/25 22:45:20 | 00,007,168 | ---- | C] (Moxa Technologies Co., Ltd) -- C:\WINDOWS\System32\dllcache\mxport.dll
[2009/04/25 22:45:17 | 00,019,968 | ---- | C] (Moxa Technologies Co., Ltd) -- C:\WINDOWS\System32\dllcache\mxicfg.dll
[2009/04/25 22:45:15 | 00,021,888 | ---- | C] (Moxa Technologies Co., Ltd.) -- C:\WINDOWS\System32\dllcache\mxcard.sys
[2009/04/25 22:45:14 | 00,229,439 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\multibox.dll
[2009/04/25 22:45:11 | 00,103,296 | ---- | C] (Matrox Graphics Inc) -- C:\WINDOWS\System32\dllcache\mtxvideo.sys
[2009/04/25 22:45:08 | 00,049,024 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\mstape.sys
[2009/04/25 22:45:05 | 00,012,416 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\msriffwv.sys
[2009/04/25 22:45:01 | 00,002,944 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\msmpu401.sys
[2009/04/25 22:45:00 | 01,875,968 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\msir3jp.lex
[2009/04/25 22:45:00 | 00,098,304 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\msir3jp.dll
[2009/04/25 22:45:00 | 00,022,016 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\msircomm.sys
[2009/04/25 22:44:55 | 00,035,200 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\msgame.sys
[2009/04/25 22:44:52 | 00,051,200 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\msdv.sys
[2009/04/25 22:44:52 | 00,006,016 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\msfsio.sys
[2009/04/25 22:44:48 | 00,015,232 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\mpe.sys
[2009/04/25 22:44:45 | 00,016,128 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\modemcsa.sys
[2009/04/25 22:44:41 | 00,034,304 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\migisol.exe
[2009/04/25 22:44:41 | 00,006,528 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\miniqic.sys
[2009/04/25 22:44:35 | 00,092,416 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\mga.sys
[2009/04/25 22:44:34 | 00,092,032 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\mga.dll
[2009/04/25 22:44:31 | 00,047,616 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\memgrp.dll
[2009/04/25 22:44:28 | 00,026,624 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\mdsync.dll
[2009/04/25 22:44:28 | 00,008,320 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\memcard.sys
[2009/04/25 22:44:25 | 00,164,586 | ---- | C] (Madge Networks Ltd) -- C:\WINDOWS\System32\dllcache\mdgndis5.sys
[2009/04/25 22:44:21 | 00,065,536 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\EXCH_mailmsg.dll
[2009/04/25 22:44:21 | 00,007,424 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\mammoth.sys
[2009/04/25 22:44:15 | 00,058,880 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\m3092dc.dll
[2009/04/25 22:44:13 | 00,058,368 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\m3091dc.dll
[2009/04/25 22:44:07 | 00,797,500 | ---- | C] (LT) -- C:\WINDOWS\System32\dllcache\ltsmt.sys
[2009/04/25 22:44:04 | 00,802,683 | ---- | C] (Lucent Technologies) -- C:\WINDOWS\System32\dllcache\ltsm.sys
[2009/04/25 22:44:03 | 00,420,992 | ---- | C] (LT) -- C:\WINDOWS\System32\dllcache\ltmdmntt.sys
[2009/04/25 22:44:03 | 00,007,040 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\ltotape.sys
[2009/04/25 22:44:00 | 00,606,684 | ---- | C] (LT) -- C:\WINDOWS\System32\dllcache\ltmdmnt.sys
[2009/04/25 22:44:00 | 00,576,746 | ---- | C] (LT) -- C:\WINDOWS\System32\dllcache\ltmdmntl.sys
[2009/04/25 22:43:57 | 00,727,786 | ---- | C] (Xircom, Inc.) -- C:\WINDOWS\System32\dllcache\ltck000c.sys
[2009/04/25 22:43:54 | 00,022,016 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\logscrpt.dll
[2009/04/25 22:43:54 | 00,004,992 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\loop.sys
[2009/04/25 22:43:51 | 00,070,730 | ---- | C] (Linksys Group, Inc.) -- C:\WINDOWS\System32\dllcache\lne100tx.sys
[2009/04/25 22:43:48 | 00,020,573 | ---- | C] (The Linksts Group ) -- C:\WINDOWS\System32\dllcache\lne100.sys
[2009/04/25 22:43:45 | 00,025,065 | ---- | C] (D-Link) -- C:\WINDOWS\System32\dllcache\lmndis3.sys
[2009/04/25 22:43:43 | 00,015,744 | ---- | C] (Litronic Industries) -- C:\WINDOWS\System32\dllcache\lit220p.sys
[2009/04/25 22:43:40 | 00,026,442 | ---- | C] (SMSC) -- C:\WINDOWS\System32\dllcache\lanepic5.sys
[2009/04/25 22:43:37 | 00,047,066 | ---- | C] () -- C:\WINDOWS\System32\dllcache\ksc.nls
[2009/04/25 22:43:37 | 00,019,016 | ---- | C] (Kingston Technology Company ) -- C:\WINDOWS\System32\dllcache\ktc111.sys
[2009/04/25 22:43:34 | 01,158,818 | ---- | C] () -- C:\WINDOWS\System32\dllcache\korwbrkr.lex
[2009/04/25 22:43:34 | 00,037,376 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kousd.dll
[2009/04/25 22:43:33 | 00,253,952 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kdsusd.dll
[2009/04/25 22:43:33 | 00,070,656 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\korwbrkr.dll
[2009/04/25 22:43:32 | 00,048,640 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kdsui.dll
[2009/04/25 22:43:31 | 00,005,632 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kbdusa.dll
[2009/04/25 22:43:29 | 00,009,216 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kbdnecat.dll
[2009/04/25 22:43:29 | 00,007,680 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kbdnecnt.dll
[2009/04/25 22:43:29 | 00,007,168 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kbdnec95.dll
[2009/04/25 22:43:26 | 00,008,192 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kbdkor.dll
[2009/04/25 22:43:23 | 00,008,704 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kbdjpn.dll
[2009/04/25 22:43:17 | 00,006,144 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kbd106.dll
[2009/04/25 22:43:14 | 00,005,632 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kbd103.dll
[2009/04/25 22:43:12 | 00,006,144 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kbd101c.dll
[2009/04/25 22:43:09 | 00,006,144 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kbd101b.dll
[2009/04/25 22:43:09 | 00,006,144 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kbd101a.dll
[2009/04/25 22:43:08 | 00,018,432 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\jupiw.dll
[2009/04/25 22:43:08 | 00,009,216 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\iwrps.dll
[2009/04/25 22:43:07 | 00,007,168 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\isapips.dll
[2009/04/25 22:43:03 | 00,018,688 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\irsir.sys
[2009/04/25 22:43:02 | 00,028,160 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\irmon.dll
[2009/04/25 22:43:00 | 00,023,552 | ---- | C] (MKNet Corporation) -- C:\WINDOWS\System32\dllcache\irmk7.sys
[2009/04/25 22:42:59 | 00,151,552 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\irftp.exe
[2009/04/25 22:42:59 | 00,088,192 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\irda.sys
[2009/04/25 22:42:55 | 00,045,632 | ---- | C] (Interphase ® Corporation a Windows ® 2000 DDK Driver Provider) -- C:\WINDOWS\System32\dllcache\ip5515.sys
[2009/04/25 22:42:53 | 00,090,200 | ---- | C] (Perle Systems Ltd. ) -- C:\WINDOWS\System32\dllcache\io8ports.dll
[2009/04/25 22:42:50 | 00,038,784 | ---- | C] (Perle Systems Ltd. ) -- C:\WINDOWS\System32\dllcache\io8.sys
[2009/04/25 22:42:47 | 00,013,056 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\inport.sys
[2009/04/25 22:42:47 | 00,008,704 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\infoctrs.dll
[2009/04/25 22:42:46 | 00,471,102 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\imskdic.dll
[2009/04/25 22:42:45 | 00,059,904 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\imkrinst.exe
[2009/04/25 22:42:44 | 00,045,109 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\imjpuex.exe
[2009/04/25 22:42:43 | 00,057,398 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\imjpdadm.exe
[2009/04/25 22:42:42 | 00,311,359 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\imepadsv.exe
[2009/04/25 22:42:42 | 00,102,463 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\imepadsm.dll
[2009/04/25 22:42:41 | 00,134,339 | ---- | C] () -- C:\WINDOWS\System32\dllcache\imekr.lex
[2009/04/25 22:42:41 | 00,044,032 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\imekrmig.exe
[2009/04/25 22:42:40 | 00,019,456 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\iiscrmap.dll
[2009/04/25 22:42:40 | 00,006,656 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\iissync.exe
[2009/04/25 22:42:40 | 00,003,584 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\iismui.dll
[2009/04/25 22:42:39 | 00,060,928 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\iisclex4.dll
[2009/04/25 22:42:36 | 00,372,824 | ---- | C] (Xircom) -- C:\WINDOWS\System32\dllcache\iconf32.dll
[2009/04/25 22:42:33 | 00,100,992 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\icam5usb.sys
[2009/04/25 22:42:31 | 00,020,480 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\icam5ext.dll
[2009/04/25 22:42:28 | 00,045,056 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\icam5com.dll
[2009/04/25 22:42:26 | 00,154,496 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\icam4usb.sys
[2009/04/25 22:42:23 | 00,061,952 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\icam4ext.dll
[2009/04/25 22:42:21 | 00,091,136 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\icam4com.dll
[2009/04/25 22:42:18 | 00,026,624 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\icam3ext.dll
[2009/04/25 22:42:16 | 00,141,056 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\icam3.sys
[2009/04/25 22:42:13 | 00,038,528 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\ibmvcap.sys
[2009/04/25 22:41:56 | 10,129,408 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\hwxkor.dll
[2009/04/25 22:41:54 | 10,096,640 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\hwxcht.dll
[2009/04/25 22:41:19 | 00,019,456 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\hr1w.dll
[2009/04/25 22:41:17 | 00,005,760 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\hpt4qic.sys
[2009/04/25 22:41:14 | 00,013,312 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\hpsjmcro.dll
[2009/04/25 22:41:12 | 00,324,608 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\hpojwia.dll
[2009/04/25 22:41:10 | 00,032,768 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\hpgtmcro.dll
[2009/04/25 22:41:07 | 00,068,608 | ---- | C] (Avisioin) -- C:\WINDOWS\System32\dllcache\hpgt53tk.dll
[2009/04/25 22:41:05 | 00,165,888 | ---- | C] () -- C:\WINDOWS\System32\dllcache\hpgt53.dll
[2009/04/25 22:41:03 | 00,031,232 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\hpgt42tk.dll
[2009/04/25 22:41:00 | 00,093,696 | ---- | C] () -- C:\WINDOWS\System32\dllcache\hpgt42.dll
[2009/04/25 22:40:58 | 00,126,976 | ---- | C] (Hewlett Packard) -- C:\WINDOWS\System32\dllcache\hpgt34tk.dll
[2009/04/25 22:40:56 | 00,101,376 | ---- | C] () -- C:\WINDOWS\System32\dllcache\hpgt34.dll
[2009/04/25 22:40:53 | 00,048,128 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\hpgt33tk.dll
[2009/04/25 22:40:51 | 00,089,088 | ---- | C] () -- C:\WINDOWS\System32\dllcache\hpgt33.dll
[2009/04/25 22:40:49 | 00,123,392 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\hpgt21tk.dll
[2009/04/25 22:40:47 | 00,083,968 | ---- | C] () -- C:\WINDOWS\System32\dllcache\hpgt21.dll
[2009/04/25 22:40:44 | 00,119,296 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\hpdigwia.dll
[2009/04/25 22:40:42 | 00,002,688 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\hidswvd.sys
[2009/04/25 22:40:40 | 00,008,576 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\hidgame.sys
[2009/04/25 22:40:39 | 00,020,352 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\hidbatt.sys
[2009/04/25 22:40:36 | 00,108,827 | ---- | C] () -- C:\WINDOWS\System32\dllcache\hanja.lex
[2009/04/25 22:40:36 | 00,036,864 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\hanjadic.dll
[2009/04/25 22:40:36 | 00,028,288 | ---- | C] (Gemplus) -- C:\WINDOWS\System32\dllcache\grserial.sys
[2009/04/25 22:40:34 | 00,082,304 | ---- | C] (Gemplus) -- C:\WINDOWS\System32\dllcache\grclass.sys
[2009/04/25 22:40:31 | 00,059,136 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\gckernel.sys
[2009/04/25 22:40:31 | 00,017,408 | ---- | C] (Gemplus) -- C:\WINDOWS\System32\dllcache\gpr400.sys
[2009/04/25 22:40:30 | 00,010,624 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\gameenum.sys
[2009/04/25 22:40:20 | 00,454,912 | ---- | C] (AVM GmbH) -- C:\WINDOWS\System32\dllcache\fxusbase.sys
[2009/04/25 22:40:19 | 00,031,744 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\fxsroute.dll
[2009/04/25 22:40:19 | 00,011,264 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\fxssend.exe
[2009/04/25 22:40:16 | 00,132,608 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\fxsclntr.dll
[2009/04/25 22:40:16 | 00,111,104 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\fxscfgwz.dll
[2009/04/25 22:40:14 | 00,092,160 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\fuusd.dll
[2009/04/25 22:40:12 | 00,455,296 | ---- | C] (AVM GmbH) -- C:\WINDOWS\System32\dllcache\fusbbase.sys
[2009/04/25 22:40:10 | 00,455,680 | ---- | C] (AVM GmbH) -- C:\WINDOWS\System32\dllcache\fus2base.sys
[2009/04/25 22:40:09 | 00,007,680 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\ftpctrs2.dll
[2009/04/25 22:40:09 | 00,006,144 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\ftlx041e.dll
[2009/04/25 22:40:07 | 00,442,240 | ---- | C] (AVM GmbH) -- C:\WINDOWS\System32\dllcache\fpnpbase.sys
[2009/04/25 22:40:05 | 00,441,728 | ---- | C] (AVM GmbH) -- C:\WINDOWS\System32\dllcache\fpcmbase.sys
[2009/04/25 22:40:03 | 00,444,416 | ---- | C] (AVM GmbH) -- C:\WINDOWS\System32\dllcache\fpcibase.sys
[2009/04/25 22:40:02 | 00,034,173 | ---- | C] (Marconi Communications, Inc.) -- C:\WINDOWS\System32\dllcache\forehe.sys
[2009/04/25 22:40:00 | 00,071,680 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\fnfilter.dll
[2009/04/25 22:40:00 | 00,014,848 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\flattemp.exe
[2009/04/25 22:39:52 | 00,043,520 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\EXCH_fcachdll.dll
[2009/04/25 22:39:50 | 00,024,618 | ---- | C] (NETGEAR) -- C:\WINDOWS\System32\dllcache\fa410nd5.sys
[2009/04/25 22:39:46 | 00,011,850 | ---- | C] (FUJITSU LIMITED) -- C:\WINDOWS\System32\dllcache\f3ab18xj.sys
[2009/04/25 22:39:44 | 00,012,362 | ---- | C] (FUJITSU LIMITED) -- C:\WINDOWS\System32\dllcache\f3ab18xi.sys
[2009/04/25 22:39:42 | 00,007,040 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\exabyte2.sys
[2009/04/25 22:39:39 | 00,045,056 | ---- | C] (SEIKO EPSON CORP.) -- C:\WINDOWS\System32\dllcache\esunid.dll
[2009/04/25 22:39:39 | 00,025,856 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\et4000.sys
[2009/04/25 22:39:37 | 00,045,568 | ---- | C] (SEIKO EPSON CORP.) -- C:\WINDOWS\System32\dllcache\esunib.dll
[2009/04/25 22:39:35 | 00,057,856 | ---- | C] (SEIKO EPSON CORP.) -- C:\WINDOWS\System32\dllcache\esuimgd.dll
[2009/04/25 22:39:35 | 00,045,568 | ---- | C] (SEIKO EPSON CORP.) -- C:\WINDOWS\System32\dllcache\esuni.dll
[2009/04/25 22:39:33 | 00,034,816 | ---- | C] (SEIKO EPSON CORP.) -- C:\WINDOWS\System32\dllcache\esuimg.dll
[2009/04/25 22:39:33 | 00,031,744 | ---- | C] (SEIKO EPSON CORP.) -- C:\WINDOWS\System32\dllcache\esucmd.dll
[2009/04/25 22:39:31 | 00,043,008 | ---- | C] (SEIKO EPSON CORP.) -- C:\WINDOWS\System32\dllcache\esucm.dll
[2009/04/25 22:39:20 | 00,072,192 | ---- | C] (ESS Technology Inc.) -- C:\WINDOWS\System32\dllcache\es1969.sys
[2009/04/25 22:39:07 | 00,114,944 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\epstw2k.sys
[2009/04/25 22:39:04 | 00,144,896 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\epcfw2k.sys
[2009/04/25 22:38:56 | 00,007,296 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\elmsmc.sys
[2009/04/25 22:38:37 | 00,514,587 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\edb500.dll
[2009/04/25 22:38:32 | 00,020,992 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\dshowext.ax
[2009/04/25 22:38:31 | 00,334,208 | ---- | C] (Yamaha Corp.) -- C:\WINDOWS\System32\dllcache\ds1wdm.sys
[2009/04/25 22:38:29 | 00,028,062 | ---- | C] (National Semiconductor Coproration) -- C:\WINDOWS\System32\dllcache\dp83820.sys
[2009/04/25 22:38:28 | 00,023,808 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\dot4usb.sys
[2009/04/25 22:38:27 | 00,008,704 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\dot4scan.sys
[2009/04/25 22:38:26 | 00,012,928 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\dot4prt.sys
[2009/04/25 22:38:25 | 00,206,976 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\dot4.sys
[2009/04/25 22:38:23 | 00,029,696 | ---- | C] (CNet Technology, Inc. ) -- C:\WINDOWS\System32\dllcache\dm9pci5.sys
[2009/04/25 22:38:23 | 00,008,320 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\dlttape.sys
[2009/04/25 22:38:22 | 00,026,698 | ---- | C] (D-Link Corporation) -- C:\WINDOWS\System32\dllcache\dlh5xnd5.sys
[2009/04/25 22:38:20 | 00,952,007 | ---- | C] (Eicon Technology) -- C:\WINDOWS\System32\dllcache\diwan.sys
[2009/04/25 22:38:19 | 00,029,768 | ---- | C] () -- C:\WINDOWS\System32\dllcache\divasu.dll
[2009/04/25 22:38:18 | 00,037,962 | ---- | C] () -- C:\WINDOWS\System32\dllcache\divaprop.dll
[2009/04/25 22:38:17 | 00,006,216 | ---- | C] () -- C:\WINDOWS\System32\dllcache\divaci.dll
[2009/04/25 22:38:16 | 00,236,060 | ---- | C] (Eicon Technology) -- C:\WINDOWS\System32\dllcache\ditrace.exe
[2009/04/25 22:38:15 | 00,038,985 | ---- | C] (Eicon Technology) -- C:\WINDOWS\System32\dllcache\disrvsu.dll
[2009/04/25 22:38:14 | 00,031,305 | ---- | C] (Eicon Technology) -- C:\WINDOWS\System32\dllcache\disrvpp.dll
[2009/04/25 22:38:12 | 00,006,729 | ---- | C] (Eicon Technology) -- C:\WINDOWS\System32\dllcache\disrvci.dll
[2009/04/25 22:38:11 | 00,091,305 | ---- | C] (Eicon Technology) -- C:\WINDOWS\System32\dllcache\dimaint.sys
[2009/04/25 22:37:53 | 00,024,649 | ---- | C] (D-Link) -- C:\WINDOWS\System32\dllcache\dfe650d.sys
[2009/04/25 22:37:52 | 00,024,648 | ---- | C] (D-Link) -- C:\WINDOWS\System32\dllcache\dfe650.sys
[2009/04/25 22:37:48 | 00,020,928 | ---- | C] (Digital Networks, LLC) -- C:\WINDOWS\System32\dllcache\defpa.sys
[2009/04/25 22:37:47 | 00,007,424 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\ddsmc.sys
[2009/04/25 22:37:46 | 00,110,592 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\dc260usd.dll
[2009/04/25 22:37:45 | 00,086,016 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\dc240usd.dll
[2009/04/25 22:37:43 | 00,080,896 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\dc210usd.dll
[2009/04/25 22:37:41 | 00,025,600 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\dc210_32.dll
[2009/04/25 22:37:38 | 00,027,648 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\cyzports.dll
[2009/04/25 22:37:37 | 00,049,792 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\cyzport.sys
[2009/04/25 22:37:36 | 00,027,136 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\cyzcoins.dll
[2009/04/25 22:37:35 | 00,027,648 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\cyyports.dll
[2009/04/25 22:37:34 | 00,050,176 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\cyyport.sys
[2009/04/25 22:37:33 | 00,028,672 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\cyycoins.dll
[2009/04/25 22:37:32 | 00,014,848 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\cyclom-y.sys
[2009/04/25 22:37:31 | 00,017,152 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\cyclad-z.sys
[2009/04/25 22:37:30 | 00,048,640 | ---- | C] (Crystal Semiconductor Corp.) -- C:\WINDOWS\System32\dllcache\cwrwdm.sys
[2009/04/25 22:37:29 | 00,093,952 | ---- | C] (Crystal Semiconductor Corp.) -- C:\WINDOWS\System32\dllcache\cwcwdm.sys
[2009/04/25 22:37:28 | 00,111,872 | ---- | C] (Crystal Semiconductor Corp.) -- C:\WINDOWS\System32\dllcache\cwcspud.sys
[2009/04/25 22:37:27 | 00,003,584 | ---- | C] (Crystal Semiconductor Corp.) -- C:\WINDOWS\System32\dllcache\cwcosnt5.sys
[2009/04/25 22:37:26 | 00,072,832 | ---- | C] (Crystal Semiconductor Corp.) -- C:\WINDOWS\System32\dllcache\cwbwdm.sys
[2009/04/25 22:37:25 | 00,003,072 | ---- | C] (Crystal Semiconductor Corp.) -- C:\WINDOWS\System32\dllcache\cwbmidi.sys
[2009/04/25 22:37:24 | 00,003,072 | ---- | C] (Crystal Semiconductor Corp.) -- C:\WINDOWS\System32\dllcache\cwbase.sys
[2009/04/25 22:37:22 | 00,249,856 | ---- | C] (Comtrol® Corporation) -- C:\WINDOWS\System32\dllcache\ctmasetp.dll
[2009/04/25 22:37:18 | 00,175,104 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\csamsp.dll
[2009/04/25 22:37:16 | 00,216,064 | ---- | C] (COMPAQ Inc.) -- C:\WINDOWS\System32\dllcache\cpscan.dll
[2009/04/25 22:37:16 | 00,018,944 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\cprofile.exe
[2009/04/25 22:37:15 | 00,060,970 | ---- | C] (Compaq Computer Corp.) -- C:\WINDOWS\System32\dllcache\cpqtrnd5.sys
[2009/04/25 22:37:14 | 00,021,533 | ---- | C] (Compaq Computer Corporation) -- C:\WINDOWS\System32\dllcache\cpqndis5.sys
[2009/04/25 22:37:13 | 00,056,320 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\convlog.exe
[2009/04/25 22:37:13 | 00,033,792 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\controt.dll
[2009/04/25 22:37:13 | 00,020,480 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\counters.dll
[2009/04/25 22:37:12 | 00,010,240 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\compbatt.sys
[2009/04/25 22:37:10 | 00,044,032 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\cnusd.dll
[2009/04/25 22:37:08 | 00,020,736 | ---- | C] (OMNIKEY AG) -- C:\WINDOWS\System32\dllcache\cmbp0wdm.sys
[2009/04/25 22:37:08 | 00,013,952 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\cmbatt.sys
[2009/04/25 22:37:07 | 00,248,064 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\cl546xm.sys
[2009/04/25 22:37:06 | 00,170,880 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\cl546x.dll
[2009/04/25 22:37:06 | 00,111,232 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\cl5465.dll
[2009/04/25 22:37:05 | 00,045,696 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\cirrus.sys
[2009/04/25 22:37:04 | 00,091,264 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\cirrus.dll
[2009/04/25 22:37:03 | 00,272,640 | ---- | C] (RAVISENT Technologies Inc.) -- C:\WINDOWS\System32\dllcache\cinemclc.sys
[2009/04/25 22:37:02 | 00,980,034 | ---- | C] (Xircom) -- C:\WINDOWS\System32\dllcache\cicap.sys
[2009/04/25 22:37:01 | 01,677,824 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\chsbrkr.dll
[2009/04/25 22:37:01 | 00,838,144 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\chtbrkr.dll
[2009/04/25 22:37:00 | 00,015,872 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\chgport.exe
[2009/04/25 22:37:00 | 00,014,336 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\chgusr.exe
[2009/04/25 22:37:00 | 00,013,312 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\chglogon.exe
[2009/04/25 22:37:00 | 00,008,192 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\changer.sys
[2009/04/25 22:36:59 | 00,009,728 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\change.exe
[2009/04/25 22:36:58 | 00,049,182 | ---- | C] (Xircom, Inc.) -- C:\WINDOWS\System32\dllcache\cem56n5.sys
[2009/04/25 22:36:58 | 00,022,044 | ---- | C] (Xircom, Inc.) -- C:\WINDOWS\System32\dllcache\cem33n5.sys
[2009/04/25 22:36:57 | 00,022,044 | ---- | C] (Xircom, Inc.) -- C:\WINDOWS\System32\dllcache\cem28n5.sys
[2009/04/25 22:36:56 | 00,027,164 | ---- | C] (Xircom, Inc.) -- C:\WINDOWS\System32\dllcache\ce3n5.sys
[2009/04/25 22:36:56 | 00,021,530 | ---- | C] (Xircom, Inc.) -- C:\WINDOWS\System32\dllcache\ce2n5.sys
[2009/04/25 22:36:55 | 00,714,698 | ---- | C] (Xircom, Inc.) -- C:\WINDOWS\System32\dllcache\cbmdmkxx.sys
[2009/04/25 22:36:54 | 00,046,108 | ---- | C] (Xircom, Inc.) -- C:\WINDOWS\System32\dllcache\cben5.sys
[2009/04/25 22:36:53 | 00,039,680 | ---- | C] (Silicom Ltd.) -- C:\WINDOWS\System32\dllcache\cb325.sys
[2009/04/25 22:36:53 | 00,037,916 | ---- | C] (Fast Ethernet Controller Provider) -- C:\WINDOWS\System32\dllcache\cb102.sys
[2009/04/25 22:36:51 | 00,032,256 | ---- | C] (Eicon Technology Corporation) -- C:\WINDOWS\System32\dllcache\diapi2NT.dll
[2009/04/25 22:36:50 | 00,164,923 | ---- | C] (Eicon Technology) -- C:\WINDOWS\System32\dllcache\diapi2.sys
[2009/04/25 22:36:50 | 00,121,856 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\camext30.dll
[2009/04/25 22:36:50 | 00,054,528 | ---- | C] (Philips Semiconductors GmbH) -- C:\WINDOWS\System32\dllcache\cap7146.sys
[2009/04/25 22:36:49 | 00,116,736 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\camext30.ax
[2009/04/25 22:36:48 | 00,244,224 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\camext20.ax
[2009/04/25 22:36:48 | 00,236,032 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\camext20.dll
[2009/04/25 22:36:47 | 00,074,240 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\camexo20.dll
[2009/04/25 22:36:46 | 00,171,264 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\camdrv30.sys
[2009/04/25 22:36:46 | 00,073,216 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\camexo20.ax
[2009/04/25 22:36:45 | 00,223,232 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\camdrv21.sys
[2009/04/25 22:36:44 | 00,314,752 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\camdro21.sys
[2009/04/25 22:36:44 | 00,010,752 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\c_iscii.dll
[2009/04/25 22:36:44 | 00,006,656 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\c_is2022.dll
[2009/04/25 22:36:43 | 00,066,594 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_864.nls
[2009/04/25 22:36:43 | 00,066,594 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_862.nls
[2009/04/25 22:36:43 | 00,066,082 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_870.nls
[2009/04/25 22:36:42 | 00,066,594 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_858.nls
[2009/04/25 22:36:42 | 00,066,594 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_720.nls
[2009/04/25 22:36:42 | 00,066,082 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_708.nls
[2009/04/25 22:36:41 | 00,066,082 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_28596.nls
[2009/04/25 22:36:41 | 00,066,082 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_21027.nls
[2009/04/25 22:36:41 | 00,066,082 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_21025.nls
[2009/04/25 22:36:40 | 00,180,770 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_20932.nls
[2009/04/25 22:36:40 | 00,177,698 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_20949.nls
[2009/04/25 22:36:40 | 00,173,602 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_20936.nls
[2009/04/25 22:36:40 | 00,066,082 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_20924.nls
[2009/04/25 22:36:39 | 00,066,082 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_20880.nls
[2009/04/25 22:36:39 | 00,066,082 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_20871.nls
[2009/04/25 22:36:39 | 00,066,082 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_20838.nls
[2009/04/25 22:36:39 | 00,066,082 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_20833.nls
[2009/04/25 22:36:38 | 00,066,082 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_20424.nls
[2009/04/25 22:36:38 | 00,066,082 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_20423.nls
[2009/04/25 22:36:38 | 00,066,082 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_20420.nls
[2009/04/25 22:36:37 | 00,066,082 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_20297.nls
[2009/04/25 22:36:37 | 00,066,082 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_20290.nls
[2009/04/25 22:36:37 | 00,066,082 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_20285.nls
[2009/04/25 22:36:37 | 00,066,082 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_20284.nls
[2009/04/25 22:36:36 | 00,066,082 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_20280.nls
[2009/04/25 22:36:36 | 00,066,082 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_20278.nls
[2009/04/25 22:36:36 | 00,066,082 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_20277.nls
[2009/04/25 22:36:36 | 00,066,082 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_20273.nls
[2009/04/25 22:36:35 | 00,066,082 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_20269.nls
[2009/04/25 22:36:35 | 00,066,082 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_20108.nls
[2009/04/25 22:36:35 | 00,066,082 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_20107.nls
[2009/04/25 22:36:35 | 00,066,082 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_20106.nls
[2009/04/25 22:36:34 | 00,187,938 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_20005.nls
[2009/04/25 22:36:34 | 00,180,258 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_20004.nls
[2009/04/25 22:36:34 | 00,066,082 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_20105.nls
[2009/04/25 22:36:33 | 00,186,402 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_20001.nls
[2009/04/25 22:36:33 | 00,185,378 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_20003.nls
[2009/04/25 22:36:33 | 00,180,258 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_20000.nls
[2009/04/25 22:36:33 | 00,173,602 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_20002.nls
[2009/04/25 22:36:32 | 00,189,986 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_1361.nls
[2009/04/25 22:36:32 | 00,066,082 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_1149.nls
[2009/04/25 22:36:32 | 00,066,082 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_1148.nls
[2009/04/25 22:36:32 | 00,066,082 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_1147.nls
[2009/04/25 22:36:31 | 00,066,082 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_1146.nls
[2009/04/25 22:36:31 | 00,066,082 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_1145.nls
[2009/04/25 22:36:31 | 00,066,082 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_1144.nls
[2009/04/25 22:36:30 | 00,066,082 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_1143.nls
[2009/04/25 22:36:30 | 00,066,082 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_1142.nls
[2009/04/25 22:36:30 | 00,066,082 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_1141.nls
[2009/04/25 22:36:30 | 00,066,082 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_1140.nls
[2009/04/25 22:36:29 | 00,173,602 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_10008.nls
[2009/04/25 22:36:29 | 00,066,082 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_1047.nls
[2009/04/25 22:36:29 | 00,066,082 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_10021.nls
[2009/04/25 22:36:28 | 00,195,618 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_10002.nls
[2009/04/25 22:36:28 | 00,177,698 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_10003.nls
[2009/04/25 22:36:28 | 00,066,082 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_10005.nls
[2009/04/25 22:36:28 | 00,066,082 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_10004.nls
[2009/04/25 22:36:27 | 00,162,850 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_10001.nls
[2009/04/25 22:36:27 | 00,013,824 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\bulltlp3.sys
[2009/04/25 22:36:26 | 00,031,529 | ---- | C] (BreezeCOM) -- C:\WINDOWS\System32\dllcache\brzwlan.sys
[2009/04/25 22:36:25 | 00,011,008 | ---- | C] (Brother Industries Ltd.) -- C:\WINDOWS\System32\dllcache\brusbmdm.sys
[2009/04/25 22:36:25 | 00,010,368 | ---- | C] (Brother Industries Ltd.) -- C:\WINDOWS\System32\dllcache\brusbscn.sys
[2009/04/25 22:36:24 | 00,060,416 | ---- | C] (Brother Industries Ltd.) -- C:\WINDOWS\System32\dllcache\brserwdm.sys
[2009/04/25 22:36:24 | 00,009,728 | ---- | C] (Brother Industries, Ltd.) -- C:\WINDOWS\System32\dllcache\brserif.dll
[2009/04/25 22:36:23 | 00,005,120 | ---- | C] (Brother Industries,Ltd.) -- C:\WINDOWS\System32\dllcache\brscnrsm.dll
[2009/04/25 22:36:22 | 00,039,552 | ---- | C] (Brother Industries Ltd.) -- C:\WINDOWS\System32\dllcache\brparwdm.sys
[2009/04/25 22:36:21 | 00,045,568 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\browscap.dll
[2009/04/25 22:36:21 | 00,041,472 | ---- | C] (Brother Industries, Ltd.) -- C:\WINDOWS\System32\dllcache\brmfusb.dll
[2009/04/25 22:36:21 | 00,003,168 | ---- | C] (Brother Industries Ltd.) -- C:\WINDOWS\System32\dllcache\brparimg.sys
[2009/04/25 22:36:20 | 00,032,256 | ---- | C] (Brother Industries, Ltd.) -- C:\WINDOWS\System32\dllcache\brmfrsmg.exe
[2009/04/25 22:36:19 | 00,081,408 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\brmfcwia.dll
[2009/04/25 22:36:19 | 00,029,696 | ---- | C] (Brother Industries, Ltd.) -- C:\WINDOWS\System32\dllcache\brmflpt.dll
[2009/04/25 22:36:18 | 00,015,360 | ---- | C] (Brother Industries, Ltd.) -- C:\WINDOWS\System32\dllcache\brmfbidi.dll
[2009/04/25 22:36:18 | 00,003,968 | ---- | C] (Brother Industries, Ltd.) -- C:\WINDOWS\System32\dllcache\brfiltup.sys
[2009/04/25 22:36:17 | 00,012,160 | ---- | C] (Brother Industries, Ltd.) -- C:\WINDOWS\System32\dllcache\brfiltlo.sys
[2009/04/25 22:36:17 | 00,002,944 | ---- | C] (Brother Industries Ltd.) -- C:\WINDOWS\System32\dllcache\brfilt.sys
[2009/04/25 22:36:16 | 00,012,800 | ---- | C] (Brother Industries, Ltd.) -- C:\WINDOWS\System32\dllcache\brevif.dll
[2009/04/25 22:36:15 | 00,019,456 | ---- | C] (Brother Industries, Ltd.) -- C:\WINDOWS\System32\dllcache\brbidiif.dll
[2009/04/25 22:36:15 | 00,009,728 | ---- | C] (Brother Industries Ltd.) -- C:\WINDOWS\System32\dllcache\brcoinst.dll
[2009/04/25 22:36:14 | 00,102,400 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\binlsvc.dll
[2009/04/25 22:36:14 | 00,082,172 | ---- | C] () -- C:\WINDOWS\System32\dllcache\bopomofo.nls
[2009/04/25 22:36:13 | 00,066,728 | ---- | C] () -- C:\WINDOWS\System32\dllcache\big5.nls
[2009/04/25 22:36:13 | 00,018,432 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\bdaplgin.ax
[2009/04/25 22:36:13 | 00,011,776 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\bdasup.sys
[2009/04/25 22:36:12 | 00,871,388 | ---- | C] (BCM) -- C:\WINDOWS\System32\dllcache\bcmdm.sys
[2009/04/25 22:36:10 | 00,036,128 | ---- | C] (3Dfx Interactive, Inc.) -- C:\WINDOWS\System32\dllcache\banshee.sys
[2009/04/25 22:36:10 | 00,014,208 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\battc.sys
[2009/04/25 22:36:09 | 00,342,336 | ---- | C] (3Dfx Interactive, Inc.) -- C:\WINDOWS\System32\dllcache\banshee.dll
[2009/04/25 22:36:08 | 00,089,952 | ---- | C] (AVM GmbH) -- C:\WINDOWS\System32\dllcache\b1cbase.sys
[2009/04/25 22:36:08 | 00,036,992 | ---- | C] (Aztech Systems Ltd) -- C:\WINDOWS\System32\dllcache\aztw2320.sys
[2009/04/25 22:36:07 | 00,144,384 | ---- | C] (AVM GmbH) -- C:\WINDOWS\System32\dllcache\avmenum.dll
[2009/04/25 22:36:07 | 00,037,568 | ---- | C] (AVM GmbH) -- C:\WINDOWS\System32\dllcache\avmwan.sys
[2009/04/25 22:36:06 | 00,087,552 | ---- | C] (AVM GmbH) -- C:\WINDOWS\System32\dllcache\avmcoxp.dll
[2009/04/25 22:36:06 | 00,013,696 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\avcstrm.sys
[2009/04/25 22:36:05 | 00,038,912 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\avc.sys
[2009/04/25 22:36:05 | 00,036,096 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\avcaudio.sys
[2009/04/25 22:36:04 | 00,023,552 | ---- | C] () -- C:\WINDOWS\System32\dllcache\atixbar.sys
[2009/04/25 22:36:04 | 00,009,216 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\authfilt.dll
[2009/04/25 22:36:03 | 00,026,624 | ---- | C] () -- C:\WINDOWS\System32\dllcache\ativxbar.sys
[2009/04/25 22:36:03 | 00,019,456 | ---- | C] () -- C:\WINDOWS\System32\dllcache\ativttxx.sys
[2009/04/25 22:36:02 | 00,017,152 | ---- | C] () -- C:\WINDOWS\System32\dllcache\atitvsnd.sys
[2009/04/25 22:36:02 | 00,009,472 | ---- | C] () -- C:\WINDOWS\System32\dllcache\ativmdcd.sys
[2009/04/25 22:36:01 | 00,026,880 | ---- | C] () -- C:\WINDOWS\System32\dllcache\atirtsnd.sys
[2009/04/25 22:36:01 | 00,017,152 | ---- | C] () -- C:\WINDOWS\System32\dllcache\atitunep.sys
[2009/04/25 22:36:00 | 00,049,920 | ---- | C] () -- C:\WINDOWS\System32\dllcache\atirtcap.sys
[2009/04/25 22:35:59 | 00,010,240 | ---- | C] () -- C:\WINDOWS\System32\dllcache\atipcxxx.sys
[2009/04/25 22:35:57 | 00,037,376 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\atievxx.exe
[2009/04/25 22:35:55 | 00,046,464 | ---- | C] () -- C:\WINDOWS\System32\dllcache\atibt829.sys
[2009/04/25 22:35:54 | 00,077,568 | ---- | C] (ATI Technologies, Inc.) -- C:\WINDOWS\System32\dllcache\ati.sys
[2009/04/25 22:35:53 | 00,096,128 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\ati.dll
[2009/04/25 22:35:53 | 00,029,184 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\asptxn.dll
[2009/04/25 22:35:53 | 00,010,240 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\aspperf.dll
[2009/04/25 22:35:52 | 00,097,354 | ---- | C] (Bay Networks, Inc.) -- C:\WINDOWS\System32\dllcache\aspndis3.sys
[2009/04/25 22:35:51 | 00,045,056 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\EXCH_aqadmin.dll
[2009/04/25 22:35:51 | 00,006,272 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\apmbatt.sys
[2009/04/25 22:35:50 | 00,016,969 | ---- | C] (AmbiCom, Inc.) -- C:\WINDOWS\System32\dllcache\amb8002.sys
[2009/04/25 22:35:47 | 00,024,576 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\agcgauge.ax
[2009/04/25 22:35:46 | 00,049,664 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\adrot.dll
[2009/04/25 22:35:46 | 00,005,632 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\EXCH_adsiisex.dll
[2009/04/25 22:35:45 | 00,046,112 | ---- | C] (Adaptec, Inc ) -- C:\WINDOWS\System32\dllcache\adptsf50.sys
[2009/04/25 22:35:45 | 00,010,880 | ---- | C] (Aureal, Inc.) -- C:\WINDOWS\System32\dllcache\admjoy.sys
[2009/04/25 22:35:45 | 00,006,144 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\admxprox.dll
[2009/04/25 22:35:44 | 00,747,392 | ---- | C] (Aureal, Inc.) -- C:\WINDOWS\System32\dllcache\adm8830.sys
[2009/04/25 22:35:44 | 00,553,984 | ---- | C] (Aureal, Inc.) -- C:\WINDOWS\System32\dllcache\adm8820.sys
[2009/04/25 22:35:43 | 00,584,448 | ---- | C] (Aureal, Inc.) -- C:\WINDOWS\System32\dllcache\adm8810.sys
[2009/04/25 22:35:43 | 00,020,160 | ---- | C] (ADMtek Incorporated) -- C:\WINDOWS\System32\dllcache\adm8511.sys
[2009/04/25 22:35:43 | 00,007,424 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\adicvls.sys
[2009/04/25 22:35:42 | 00,061,440 | ---- | C] (Color Flatbed Scanner) -- C:\WINDOWS\System32\dllcache\acerscad.dll
[2009/04/25 22:35:41 | 00,297,728 | ---- | C] (Silicon Integrated Systems Corp.) -- C:\WINDOWS\System32\dllcache\ac97sis.sys
[2009/04/25 22:35:40 | 00,462,848 | ---- | C] (Aureal Inc.) -- C:\WINDOWS\System32\dllcache\a3dapi.dll
[2009/04/25 22:35:40 | 00,098,304 | ---- | C] (Aureal Semiconductor) -- C:\WINDOWS\System32\dllcache\a3d.dll
[2009/04/25 22:35:39 | 00,148,352 | ---- | C] (3dfx Interactive, Inc.) -- C:\WINDOWS\System32\dllcache\3dfxvsm.sys
[2009/04/25 22:35:39 | 00,048,128 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\61883.sys
[2009/04/25 22:35:39 | 00,038,400 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\8514a.dll
[2009/04/25 22:35:39 | 00,012,288 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\4mmdat.sys
[2009/04/25 22:35:38 | 00,762,780 | ---- | C] (3Com, Inc.) -- C:\WINDOWS\System32\dllcache\3cwmcru.sys
[2009/04/25 22:35:38 | 00,689,216 | ---- | C] (3dfx Interactive, Inc.) -- C:\WINDOWS\System32\dllcache\3dfxvs.dll
[2009/04/25 22:35:38 | 00,011,264 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\1394vdbg.sys
[2009/04/25 22:34:44 | 00,049,212 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\fp4awebs.dll
[2009/04/25 22:34:43 | 00,184,435 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\fp4amsft.dll
[2009/04/25 22:34:43 | 00,082,035 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\fp4anscp.dll
[2009/04/25 18:49:19 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Owner\Application Data\Google
[2009/04/25 18:48:50 | 00,001,842 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Google Earth.lnk
[2009/04/25 18:48:23 | 00,000,880 | ---- | C] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachine.job
[2009/04/25 18:47:51 | 00,000,000 | ---D | C] -- C:\Program Files\Google
[2009/04/25 18:30:51 | 00,213,182 | ---- | C] () -- C:\Documents and Settings\Owner\My Documents\myspace pic.jpg
[2009/04/20 22:45:01 | 02,849,757 | ---- | C] (INCA Internet Co., Ltd.) -- C:\WINDOWS\System32\GameMon.des
[2009/04/20 20:44:10 | 00,001,415 | ---- | C] () -- C:\Documents and Settings\Owner\Desktop\Gunbound Revolution.lnk
[2009/04/20 20:24:07 | 00,001,441 | ---- | C] () -- C:\Documents and Settings\Owner\Desktop\i j j i.lnk
[2009/04/20 20:23:57 | 00,000,000 | ---D | C] -- C:\ijji
[2009/04/20 20:23:35 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\IJJIGame
[2009/04/20 01:40:02 | 00,096,104 | ---- | C] (Avira GmbH) -- C:\WINDOWS\System32\drivers\avipbb.sys
[2009/04/20 01:40:02 | 00,055,640 | ---- | C] (Avira GmbH) -- C:\WINDOWS\System32\drivers\avgntflt.sys
[2009/04/20 01:40:02 | 00,045,416 | ---- | C] (Avira GmbH) -- C:\WINDOWS\System32\drivers\avgntdd.sys
[2009/04/20 01:40:02 | 00,022,360 | ---- | C] (Avira GmbH) -- C:\WINDOWS\System32\drivers\avgntmgr.sys
[2009/04/20 01:40:01 | 00,028,376 | ---- | C] (Avira GmbH) -- C:\WINDOWS\System32\drivers\ssmdrv.sys
[2009/04/20 01:39:59 | 00,000,000 | ---D | C] -- C:\Program Files\Avira
[2009/04/20 01:39:59 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Avira
[2009/04/19 01:13:15 | 00,000,000 | ---D | C] -- C:\Program Files\IObit
[2009/04/19 01:13:15 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Owner\Application Data\IObit
[2009/04/19 01:02:38 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Owner\My Documents\PhotoPerfect
[2009/04/19 01:01:59 | 00,000,000 | ---D | C] -- C:\Program Files\Defraggler
[2009/04/16 18:00:49 | 00,000,000 | ---D | C] -- C:\Program Files\MySpace
[2009/04/16 16:02:17 | 00,000,000 | ---D | C] -- C:\Program Files\AVG
[2009/04/15 15:42:39 | 00,002,560 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\xpsp4res.dll
[2009/04/12 11:59:09 | 00,025,687 | ---- | C] () -- C:\Documents and Settings\Owner\My Documents\hookah.jpg
[2009/04/11 21:59:27 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Owner\Application Data\OpenOffice.org
[2009/04/11 21:58:00 | 00,000,905 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\OpenOffice.org 3.0.lnk
[2009/04/11 21:57:16 | 00,000,000 | ---D | C] -- C:\Program Files\JRE
[2009/04/11 21:57:11 | 00,000,000 | ---D | C] -- C:\Program Files\OpenOffice.org 3
[2009/04/10 00:22:43 | 00,002,137 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\iTunes.lnk
[2009/04/10 00:22:24 | 00,000,000 | ---D | C] -- C:\Program Files\iPod
[2009/04/10 00:22:21 | 00,000,000 | ---D | C] -- C:\Program Files\iTunes
[2009/04/10 00:22:21 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\{8CD7F5AF-ECFA-4793-BF40-D8F42DBFF906}
[2009/04/08 00:46:41 | 00,000,000 | ---D | C] -- C:\Program Files\Panda Security
[2009/04/07 02:23:40 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Digsby
[2009/04/07 02:23:03 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Owner\My Documents\Digsby Logs
[2009/04/07 02:21:55 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Owner\Application Data\Digsby
[2009/04/07 02:17:06 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Owner\Application Data\com.ebay.sandimas.public-beta.AA1EEF5552BF52051F68E7EAF27E23FA6449A65C.1
[2009/04/07 02:16:59 | 00,000,000 | ---D | C] -- C:\Program Files\Common Files\Adobe AIR
[2009/04/07 01:51:06 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Owner\My Documents\Downloads
[2009/04/07 01:29:51 | 00,000,438 | ---- | C] () -- C:\WINDOWS\tasks\RegCure Program Check.job
[2009/04/07 01:29:50 | 00,000,372 | ---- | C] () -- C:\WINDOWS\tasks\RegCure.job
[2009/04/07 01:29:46 | 00,000,000 | ---D | C] -- C:\Program Files\RegCure
[2009/04/01 21:58:12 | 00,414,144 | ---- | C] () -- C:\WINDOWS\System32\UACtfyektyd.db
[2009/01/05 19:59:05 | 00,000,120 | -HS- | C] () -- C:\WINDOWS\System32\nyhbjcli.ini
[2008/12/28 00:43:05 | 00,000,097 | ---- | C] () -- C:\WINDOWS\System32\PICSDK.ini
[2008/12/28 00:41:57 | 00,000,044 | ---- | C] () -- C:\WINDOWS\EPNX100.ini
[2008/09/03 23:01:20 | 00,009,728 | ---- | C] () -- C:\WINDOWS\System32\BASSMOD.dll
[2008/07/24 19:22:30 | 00,000,002 | ---- | C] () -- C:\WINDOWS\msoffice.ini
[2008/07/15 17:08:35 | 00,000,027 | ---- | C] () -- C:\WINDOWS\lang.ini
[2008/07/14 19:15:46 | 00,047,360 | R--- | C] () -- C:\WINDOWS\System32\drivers\Surroundhp_kern_i386.sys
[2008/07/14 19:15:46 | 00,047,104 | R--- | C] () -- C:\WINDOWS\System32\drivers\tshd4_kern_i386.sys
[2008/07/14 19:15:46 | 00,042,112 | R--- | C] () -- C:\WINDOWS\System32\drivers\csiidecoder_kern_i386.sys
[2008/07/14 19:15:46 | 00,039,808 | R--- | C] () -- C:\WINDOWS\System32\drivers\SRS_SSCFilter_i386.sys
[2008/04/07 02:43:59 | 00,003,690 | ---- | C] () -- C:\WINDOWS\jdspd24.ini
[2008/02/21 16:10:29 | 00,015,872 | ---- | C] () -- C:\WINDOWS\System32\InsDrvZD64.DLL
[2008/02/21 16:10:28 | 00,028,672 | ---- | C] () -- C:\WINDOWS\System32\InsDrvZD.dll
[2007/12/12 02:47:25 | 00,685,816 | ---- | C] () -- C:\WINDOWS\System32\drivers\sptd.sys
[2007/09/26 22:03:04 | 00,022,328 | ---- | C] () -- C:\WINDOWS\System32\drivers\PnkBstrK.sys
[2007/09/25 16:43:34 | 00,000,049 | ---- | C] () -- C:\WINDOWS\NeroDigital.ini
[2007/09/24 21:28:32 | 00,058,163 | ---- | C] () -- C:\WINDOWS\System32\lvcoinst.ini
[2007/04/12 20:44:00 | 01,703,936 | ---- | C] () -- C:\WINDOWS\System32\nvwdmcpl.dll
[2007/04/12 20:44:00 | 01,474,560 | ---- | C] () -- C:\WINDOWS\System32\nview.dll
[2007/04/12 20:44:00 | 01,019,904 | ---- | C] () -- C:\WINDOWS\System32\nvwimg.dll
[2007/04/12 20:44:00 | 00,466,944 | ---- | C] () -- C:\WINDOWS\System32\nvshell.dll
[2007/04/12 20:44:00 | 00,286,720 | ---- | C] () -- C:\WINDOWS\System32\nvnt4cpl.dll
[2007/02/06 17:45:04 | 00,025,632 | ---- | C] () -- C:\WINDOWS\System32\drivers\LVPr2Mon.sys
[2007/02/06 17:42:40 | 01,691,808 | ---- | C] () -- C:\WINDOWS\System32\drivers\Lvckap.sys
[2005/04/13 12:02:03 | 00,000,061 | ---- | C] () -- C:\WINDOWS\smscfg.ini
[2005/04/13 09:57:05 | 00,001,218 | ---- | C] () -- C:\WINDOWS\System32\oeminfo.ini
[2005/04/13 09:57:05 | 00,000,465 | ---- | C] () -- C:\WINDOWS\System32\emver.ini
[2005/04/13 09:56:11 | 00,000,486 | ---- | C] () -- C:\WINDOWS\win.ini
[2005/04/13 09:56:08 | 00,000,227 | ---- | C] () -- C:\WINDOWS\system.ini
[2004/01/01 14:29:09 | 00,065,536 | ---- | C] () -- C:\WINDOWS\System32\YCRWin32.dll
[2004/01/01 13:58:17 | 00,532,544 | ---- | C] () -- C:\WINDOWS\PIC.dll
[2004/01/01 13:58:17 | 00,024,576 | ---- | C] () -- C:\WINDOWS\HKNTDLL.dll
[2004/01/01 13:55:21 | 00,000,376 | ---- | C] () -- C:\WINDOWS\ODBC.INI
[2003/07/14 12:30:28 | 00,197,120 | ---- | C] () -- C:\WINDOWS\patchw32.dll

========== Files - Modified Within 30 Days ==========

[3 C:\WINDOWS\*.tmp files]
[2009/05/01 11:45:08 | 00,286,208 | ---- | M] () -- C:\Documents and Settings\Owner\Desktop\9wj0tj6z.exe
[2009/05/01 11:44:56 | 00,501,248 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Owner\Desktop\OTListIt2.exe
[2009/05/01 11:37:46 | 00,002,137 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\iTunes.lnk
[2009/05/01 11:36:01 | 00,000,376 | ---- | M] () -- C:\WINDOWS\tasks\AWC AutoSweep.job
[2009/05/01 11:35:56 | 00,000,880 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachine.job
[2009/05/01 11:35:56 | 00,000,438 | ---- | M] () -- C:\WINDOWS\tasks\RegCure Program Check.job
[2009/05/01 11:35:52 | 00,000,006 | -H-- | M] () -- C:\WINDOWS\tasks\SA.DAT
[2009/05/01 11:35:36 | 00,000,062 | -HS- | M] () -- C:\Documents and Settings\Owner\Local Settings\desktop.ini
[2009/05/01 11:35:33 | 00,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2009/05/01 11:35:31 | 32,168,67328 | -HS- | M] () -- C:\hiberfil.sys
[2009/04/30 22:23:43 | 00,000,310 | ---- | M] () -- C:\WINDOWS\tasks\bmbmnonc.job
[2009/04/30 22:21:26 | 00,000,486 | ---- | M] () -- C:\WINDOWS\win.ini
[2009/04/30 22:21:26 | 00,000,227 | ---- | M] () -- C:\WINDOWS\system.ini
[2009/04/30 22:21:26 | 00,000,220 | RHS- | M] () -- C:\boot.ini
[2009/04/30 22:11:26 | 00,000,388 | ---- | M] () -- C:\WINDOWS\tasks\AWC Update.job
[2009/04/30 22:04:30 | 00,306,428 | R--- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts
[2009/04/30 16:05:26 | 00,001,740 | ---- | M] () -- C:\Documents and Settings\Owner\Desktop\HijackThis.lnk
[2009/04/29 01:10:26 | 00,000,338 | ---- | M] () -- C:\WINDOWS\tasks\Uniblue SpyEraser.job
[2009/04/28 22:50:49 | 00,000,076 | -HS- | M] () -- C:\Documents and Settings\Owner\My Documents\desktop.ini
[2009/04/28 22:50:39 | 01,514,176 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2009/04/28 22:44:15 | 00,505,058 | ---- | M] () -- C:\WINDOWS\System32\PerfStringBackup.INI
[2009/04/28 22:44:15 | 00,444,028 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2009/04/28 22:44:15 | 00,071,904 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2009/04/28 22:30:17 | 00,001,170 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2009/04/28 10:56:07 | 00,011,168 | -H-- | M] () -- C:\WINDOWS\System32\wipeviro
[2009/04/27 20:40:08 | 00,000,383 | -HS- | M] () -- C:\WINDOWS\System32\wiwifezi.exe
[2009/04/27 20:04:54 | 00,012,800 | -HS- | M] () -- C:\Documents and Settings\Owner\My Documents\Thumbs.db
[2009/04/27 13:56:00 | 00,096,104 | ---- | M] (Avira GmbH) -- C:\WINDOWS\System32\drivers\avipbb.sys
[2009/04/27 13:56:00 | 00,055,640 | ---- | M] (Avira GmbH) -- C:\WINDOWS\System32\drivers\avgntflt.sys
[2009/04/26 09:46:23 | 00,000,372 | ---- | M] () -- C:\WINDOWS\tasks\RegCure.job
[2009/04/25 18:48:50 | 00,001,842 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Google Earth.lnk
[2009/04/25 18:44:34 | 00,213,182 | ---- | M] () -- C:\Documents and Settings\Owner\My Documents\myspace pic.jpg
[2009/04/24 22:12:13 | 00,001,441 | ---- | M] () -- C:\Documents and Settings\Owner\Desktop\i j j i.lnk
[2009/04/24 14:48:33 | 00,002,279 | ---- | M] () -- C:\Documents and Settings\Owner\Desktop\RapidShare Search Engine.lnk
[2009/04/24 11:10:00 | 00,000,284 | ---- | M] () -- C:\WINDOWS\tasks\AppleSoftwareUpdate.job
[2009/04/20 20:44:10 | 00,001,415 | ---- | M] () -- C:\Documents and Settings\Owner\Desktop\Gunbound Revolution.lnk
[2009/04/12 11:59:10 | 00,025,687 | ---- | M] () -- C:\Documents and Settings\Owner\My Documents\hookah.jpg
[2009/04/11 21:58:00 | 00,000,905 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\OpenOffice.org 3.0.lnk
[2009/04/06 15:32:54 | 00,038,496 | ---- | M] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys
[2009/04/06 15:32:46 | 00,015,504 | ---- | M] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
[2009/04/06 07:57:26 | 24,921,544 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\MRT.exe
[2009/04/02 00:43:25 | 00,304,968 | R--- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts.20090430-220430.backup
[2009/04/01 21:58:13 | 00,414,144 | ---- | M] () -- C:\WINDOWS\System32\UACtfyektyd.db

========== Alternate Data Streams ==========

@Alternate Data Stream - 150 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:CD060F93
@Alternate Data Stream - 121 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:A5B56640
@Alternate Data Stream - 118 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:5BB923A2
@Alternate Data Stream - 105 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:A9662AE0
< End of report >









here is the second

GMER 1.0.15.14972 - http://www.gmer.net
Rootkit scan 2009-05-02 22:36:28
Windows 5.1.2600 Service Pack 3


---- System - GMER 1.0.15 ----

Code 8ACE0178 ZwEnumerateKey
Code 8ACE0140 ZwFlushInstructionCache
Code 8ACE027E IofCallDriver
Code 8ACE02B6 IofCompleteRequest

---- Kernel code sections - GMER 1.0.15 ----

.text ntkrnlpa.exe!IofCallDriver 804EF1A6 5 Bytes JMP 8ACE0283
.text ntkrnlpa.exe!IofCompleteRequest 804EF236 5 Bytes JMP 8ACE02BB
PAGE ntkrnlpa.exe!ZwFlushInstructionCache 805B6812 5 Bytes JMP 8ACE0144
PAGE ntkrnlpa.exe!ZwEnumerateKey 80623FF0 4 Bytes JMP 8ACE017C
? C:\WINDOWS\system32\drivers\sptd.sys The process cannot access the file because it is being used by another process.
.text USBPORT.SYS!DllUnload B8B088AC 5 Bytes JMP 8ADF71C8

---- Kernel IAT/EAT - GMER 1.0.15 ----

IAT atapi.sys[HAL.dll!READ_PORT_UCHAR] [B9EBEAD4] sptd.sys
IAT atapi.sys[HAL.dll!READ_PORT_BUFFER_USHORT] [B9EBEC1A] sptd.sys
IAT atapi.sys[HAL.dll!READ_PORT_USHORT] [B9EBEB9C] sptd.sys
IAT atapi.sys[HAL.dll!WRITE_PORT_BUFFER_USHORT] [B9EBF748] sptd.sys
IAT atapi.sys[HAL.dll!WRITE_PORT_UCHAR] [B9EBF61E] sptd.sys

---- User IAT/EAT - GMER 1.0.15 ----

IAT C:\WINDOWS\Explorer.EXE[1684] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtCreateFile] [02592EC0] C:\Program Files\Common Files\Logishrd\LVMVFM\LVPrcInj.dll (Camera Helper Library./Logitech Inc.)
IAT C:\WINDOWS\Explorer.EXE[1684] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtDeviceIoControlFile] [02592C30] C:\Program Files\Common Files\Logishrd\LVMVFM\LVPrcInj.dll (Camera Helper Library./Logitech Inc.)
IAT C:\WINDOWS\Explorer.EXE[1684] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtClose] [02592C90] C:\Program Files\Common Files\Logishrd\LVMVFM\LVPrcInj.dll (Camera Helper Library./Logitech Inc.)
IAT C:\WINDOWS\Explorer.EXE[1684] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtDuplicateObject] [02592C60] C:\Program Files\Common Files\Logishrd\LVMVFM\LVPrcInj.dll (Camera Helper Library./Logitech Inc.)
IAT C:\Documents and Settings\Owner\Desktop\9wj0tj6z.exe[1836] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtCreateFile] [00802EC0] C:\Program Files\Common Files\Logishrd\LVMVFM\LVPrcInj.dll (Camera Helper Library./Logitech Inc.)
IAT C:\Documents and Settings\Owner\Desktop\9wj0tj6z.exe[1836] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtDeviceIoControlFile] [00802C30] C:\Program Files\Common Files\Logishrd\LVMVFM\LVPrcInj.dll (Camera Helper Library./Logitech Inc.)
IAT C:\Documents and Settings\Owner\Desktop\9wj0tj6z.exe[1836] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtClose] [00802C90] C:\Program Files\Common Files\Logishrd\LVMVFM\LVPrcInj.dll (Camera Helper Library./Logitech Inc.)
IAT C:\Documents and Settings\Owner\Desktop\9wj0tj6z.exe[1836] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtDuplicateObject] [00802C60] C:\Program Files\Common Files\Logishrd\LVMVFM\LVPrcInj.dll (Camera Helper Library./Logitech Inc.)
IAT C:\Program Files\Mozilla Firefox\firefox.exe[1960] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtCreateFile] [00B12EC0] C:\Program Files\Common Files\Logishrd\LVMVFM\LVPrcInj.dll (Camera Helper Library./Logitech Inc.)
IAT C:\Program Files\Mozilla Firefox\firefox.exe[1960] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtDeviceIoControlFile] [00B12C30] C:\Program Files\Common Files\Logishrd\LVMVFM\LVPrcInj.dll (Camera Helper Library./Logitech Inc.)
IAT C:\Program Files\Mozilla Firefox\firefox.exe[1960] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtClose] [00B12C90] C:\Program Files\Common Files\Logishrd\LVMVFM\LVPrcInj.dll (Camera Helper Library./Logitech Inc.)
IAT C:\Program Files\Mozilla Firefox\firefox.exe[1960] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtDuplicateObject] [00B12C60] C:\Program Files\Common Files\Logishrd\LVMVFM\LVPrcInj.dll (Camera Helper Library./Logitech Inc.)
IAT C:\Program Files\iTunes\iTunes.exe[2244] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtCreateFile] [046F2EC0] C:\Program Files\Common Files\Logishrd\LVMVFM\LVPrcInj.dll (Camera Helper Library./Logitech Inc.)
IAT C:\Program Files\iTunes\iTunes.exe[2244] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtDeviceIoControlFile] [046F2C30] C:\Program Files\Common Files\Logishrd\LVMVFM\LVPrcInj.dll (Camera Helper Library./Logitech Inc.)
IAT C:\Program Files\iTunes\iTunes.exe[2244] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtClose] [046F2C90] C:\Program Files\Common Files\Logishrd\LVMVFM\LVPrcInj.dll (Camera Helper Library./Logitech Inc.)
IAT C:\Program Files\iTunes\iTunes.exe[2244] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtDuplicateObject] [046F2C60] C:\Program Files\Common Files\Logishrd\LVMVFM\LVPrcInj.dll (Camera Helper Library./Logitech Inc.)
IAT C:\Program Files\Avira\AntiVir Desktop\avguard.exe[4028] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtCreateFile] [003E2EC0] C:\Program Files\Common Files\Logishrd\LVMVFM\LVPrcInj.dll (Camera Helper Library./Logitech Inc.)
IAT C:\Program Files\Avira\AntiVir Desktop\avguard.exe[4028] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtDeviceIoControlFile] [003E2C30] C:\Program Files\Common Files\Logishrd\LVMVFM\LVPrcInj.dll (Camera Helper Library./Logitech Inc.)
IAT C:\Program Files\Avira\AntiVir Desktop\avguard.exe[4028] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtClose] [003E2C90] C:\Program Files\Common Files\Logishrd\LVMVFM\LVPrcInj.dll (Camera Helper Library./Logitech Inc.)
IAT C:\Program Files\Avira\AntiVir Desktop\avguard.exe[4028] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtDuplicateObject] [003E2C60] C:\Program Files\Common Files\Logishrd\LVMVFM\LVPrcInj.dll (Camera Helper Library./Logitech Inc.)

---- Devices - GMER 1.0.15 ----

Device \FileSystem\Ntfs \Ntfs 8B0371E8
Device \FileSystem\Fastfat \FatCdrom 8A740790
Device \Driver\USBSTOR \Device\0000009c 8A96C790
Device \Driver\usbuhci \Device\USBPDO-0 8AEA81E8
Device \Driver\dmio \Device\DmControl\DmIoDaemon 8B04F1E8
Device \Driver\dmio \Device\DmControl\DmConfig 8B04F1E8
Device \Driver\dmio \Device\DmControl\DmPnP 8B04F1E8
Device \Driver\dmio \Device\DmControl\DmInfo 8B04F1E8
Device \Driver\usbuhci \Device\USBPDO-1 8AEA81E8
Device \Driver\usbuhci \Device\USBPDO-2 8AEA81E8
Device \Driver\usbuhci \Device\USBPDO-3 8AEA81E8
Device \Driver\USBSTOR \Device\000000a0 8A96C790
Device \Driver\usbehci \Device\USBPDO-4 8ADFA790
Device \Driver\USBSTOR \Device\000000a1 8A96C790
Device \Driver\NetBT \Device\NetBT_Tcpip_{35779C7B-6B76-48A9-A17B-4F23E88FEA25} 8AD161E8
Device \Driver\USBSTOR \Device\000000a2 8A96C790
Device \Driver\Ftdisk \Device\HarddiskVolume1 8B0C21E8
Device \Driver\USBSTOR \Device\000000a3 8A96C790
Device \Driver\Ftdisk \Device\HarddiskVolume2 8B0C21E8
Device \Driver\NetBT \Device\NetBt_Wins_Export 8AD161E8
Device \Driver\NetBT \Device\NetbiosSmb 8AD161E8
Device \Driver\usbuhci \Device\USBFDO-0 8AEA81E8
Device \Driver\usbuhci \Device\USBFDO-1 8AEA81E8
Device \FileSystem\MRxSmb \Device\LanmanDatagramReceiver 8A936790
Device \Driver\usbuhci \Device\USBFDO-2 8AEA81E8
Device \FileSystem\MRxSmb \Device\LanmanRedirector 8A936790
Device \Driver\usbuhci \Device\USBFDO-3 8AEA81E8
Device \Driver\usbehci \Device\USBFDO-4 8ADFA790
Device \Driver\Ftdisk \Device\FtControl 8B0C21E8
Device \FileSystem\Fastfat \Fat 8A740790

AttachedDevice \FileSystem\Fastfat \Fat fltmgr.sys (Microsoft Filesystem Filter Manager/Microsoft Corporation)

Device \FileSystem\Cdfs \Cdfs 8AE7F1E8

---- Services - GMER 1.0.15 ----

Service C:\WINDOWS\system32\drivers\ovfsthxxsnpupht.sys (*** hidden *** ) [SYSTEM] ovfsthxeqgvpjkd <-- ROOTKIT !!!
Service system32\drivers\TDSSserv.sys (*** hidden *** ) [SYSTEM] TDSSserv <-- ROOTKIT !!!

---- Registry - GMER 1.0.15 ----

Reg HKLM\SYSTEM\ControlSet002\Services\TDSSserv@start 1
Reg HKLM\SYSTEM\ControlSet002\Services\TDSSserv@type 1
Reg HKLM\SYSTEM\ControlSet002\Services\TDSSserv@imagepath \systemroot\system32\drivers\TDSSserv.sys
Reg HKLM\SYSTEM\ControlSet003\Services\TDSSserv@start 1
Reg HKLM\SYSTEM\ControlSet003\Services\TDSSserv@type 1
Reg HKLM\SYSTEM\ControlSet003\Services\TDSSserv@imagepath \systemroot\system32\drivers\TDSSserv.sys
Reg HKLM\SYSTEM\ControlSet004\Services\TDSSserv@start 1
Reg HKLM\SYSTEM\ControlSet004\Services\TDSSserv@type 1
Reg HKLM\SYSTEM\ControlSet004\Services\TDSSserv@imagepath \systemroot\system32\drivers\TDSSserv.sys
Reg HKLM\SYSTEM\ControlSet004\Services\UACd.sys@start 1
Reg HKLM\SYSTEM\ControlSet004\Services\UACd.sys@type 1
Reg HKLM\SYSTEM\ControlSet004\Services\UACd.sys@imagepath \systemroot\system32\drivers\UACwyrdopqd.sys
Reg HKLM\SYSTEM\ControlSet004\Services\UACd.sys@group file system
Reg HKLM\SYSTEM\ControlSet004\Services\UACd.sys\modules
Reg HKLM\SYSTEM\ControlSet004\Services\UACd.sys\modules@UACd \\?\globalroot\systemroot\system32\drivers\UACwyrdopqd.sys
Reg HKLM\SYSTEM\ControlSet004\Services\UACd.sys\modules@UACc \\?\globalroot\systemroot\system32\UACklyxwmdn.dll
Reg HKLM\SYSTEM\ControlSet004\Services\UACd.sys\modules@uacsr \\?\globalroot\systemroot\system32\UACmxeugiwj.dat
Reg HKLM\SYSTEM\ControlSet004\Services\UACd.sys\modules@uaclog \\?\globalroot\systemroot\system32\UACbgrmtjla.dll
Reg HKLM\SYSTEM\ControlSet004\Services\UACd.sys\modules@uacmask \\?\globalroot\systemroot\system32\UACpodxdkrc.dll
Reg HKLM\SYSTEM\ControlSet004\Services\UACd.sys\modules@uacserf \\?\globalroot\systemroot\system32\UACnljaqlvi.dll
Reg HKLM\SYSTEM\ControlSet004\Services\UACd.sys\modules@uacmal \\?\globalroot\systemroot\system32\UACtfyektyd.db
Reg HKLM\SYSTEM\ControlSet004\Services\UACd.sys\modules@uacrem \\?\globalroot\systemroot\system32\UACdxuhtnig.dll
Reg HKLM\SYSTEM\ControlSet004\Services\UACd.sys\modules@uacbbr \\?\globalroot\systemroot\system32\UAChdiodgxu.dll
Reg HKLM\SYSTEM\ControlSet004\Services\UACd.sys\modules@UACproc \\?\globalroot\systemroot\system32\UACcnrvpavp.log
Reg HKLM\SYSTEM\ControlSet004\Services\UACd.sys\modules@uacurls \\?\globalroot\systemroot\system32\UACxsgocsxo.log
Reg HKLM\SYSTEM\ControlSet004\Services\UACd.sys\modules@uacerrors \\?\globalroot\systemroot\system32\UACpqpotlnf.log
Reg HKLM\SYSTEM\ControlSet005\Services\TDSSserv@start 1
Reg HKLM\SYSTEM\ControlSet005\Services\TDSSserv@type 1
Reg HKLM\SYSTEM\ControlSet005\Services\TDSSserv@imagepath \systemroot\system32\drivers\TDSSserv.sys
Reg HKLM\SYSTEM\ControlSet006\Services\TDSSserv@start 1
Reg HKLM\SYSTEM\ControlSet006\Services\TDSSserv@type 1
Reg HKLM\SYSTEM\ControlSet006\Services\TDSSserv@imagepath \systemroot\system32\drivers\TDSSserv.sys
Reg HKLM\SYSTEM\CurrentControlSet\Services\ovfsthxeqgvpjkd
Reg HKLM\SYSTEM\CurrentControlSet\Services\ovfsthxeqgvpjkd@start 1
Reg HKLM\SYSTEM\CurrentControlSet\Services\ovfsthxeqgvpjkd@type 1
Reg HKLM\SYSTEM\CurrentControlSet\Services\ovfsthxeqgvpjkd@group file system
Reg HKLM\SYSTEM\CurrentControlSet\Services\ovfsthxeqgvpjkd@imagepath \systemroot\system32\drivers\ovfsthxxsnpupht.sys
Reg HKLM\SYSTEM\CurrentControlSet\Services\ovfsthxeqgvpjkd@inst 0
Reg HKLM\SYSTEM\CurrentControlSet\Services\ovfsthxeqgvpjkd\main
Reg HKLM\SYSTEM\CurrentControlSet\Services\ovfsthxeqgvpjkd\main@ver rlf210409
Reg HKLM\SYSTEM\CurrentControlSet\Services\ovfsthxeqgvpjkd\main@cid 01
Reg HKLM\SYSTEM\CurrentControlSet\Services\ovfsthxeqgvpjkd\main@bid 2294301487-2225661657-2604730474-3965483411
Reg HKLM\SYSTEM\CurrentControlSet\Services\ovfsthxeqgvpjkd\main@aid 303380
Reg HKLM\SYSTEM\CurrentControlSet\Services\ovfsthxeqgvpjkd\main@sid 22
Reg HKLM\SYSTEM\CurrentControlSet\Services\ovfsthxeqgvpjkd\main@feed 0x22 0x64 0x78 0x36 ...
Reg HKLM\SYSTEM\CurrentControlSet\Services\ovfsthxeqgvpjkd\main@cmddelay 28801
Reg HKLM\SYSTEM\CurrentControlSet\Services\ovfsthxeqgvpjkd\main@logoffset 555012
Reg HKLM\SYSTEM\CurrentControlSet\Services\ovfsthxeqgvpjkd\main\delete
Reg HKLM\SYSTEM\CurrentControlSet\Services\ovfsthxeqgvpjkd\main\ff
Reg HKLM\SYSTEM\CurrentControlSet\Services\ovfsthxeqgvpjkd\main\ff@extension \\?\C:\Program Files\Mozilla Firefox\extensions\{E1FA113A-83D8-4BFD-BE7D-E4A3247EE16E}
Reg HKLM\SYSTEM\CurrentControlSet\Services\ovfsthxeqgvpjkd\main\ff@version 1
Reg HKLM\SYSTEM\CurrentControlSet\Services\ovfsthxeqgvpjkd\main\injector
Reg HKLM\SYSTEM\CurrentControlSet\Services\ovfsthxeqgvpjkd\main\injector@iexplore.exe ovfsthxwi.dll
Reg HKLM\SYSTEM\CurrentControlSet\Services\ovfsthxeqgvpjkd\main\injector@explorer.exe ovfsthxff.dll
Reg HKLM\SYSTEM\CurrentControlSet\Services\ovfsthxeqgvpjkd\main\tasks
Reg HKLM\SYSTEM\CurrentControlSet\Services\ovfsthxeqgvpjkd\main\tasks\0000000001
Reg HKLM\SYSTEM\CurrentControlSet\Services\ovfsthxeqgvpjkd\main\tasks\0000000001@fn (null)
Reg HKLM\SYSTEM\CurrentControlSet\Services\ovfsthxeqgvpjkd\main\tasks\0000000001@url http://212.117.188.102/~i571/lmppcsetup.exe
Reg HKLM\SYSTEM\CurrentControlSet\Services\ovfsthxeqgvpjkd\main\tasks\0000000001@timeout 900
Reg HKLM\SYSTEM\CurrentControlSet\Services\ovfsthxeqgvpjkd\main\tasks\0000000001@type 0
Reg HKLM\SYSTEM\CurrentControlSet\Services\ovfsthxeqgvpjkd\main\tasks\0000000001@count 9
Reg HKLM\SYSTEM\CurrentControlSet\Services\ovfsthxeqgvpjkd\modules
Reg HKLM\SYSTEM\CurrentControlSet\Services\ovfsthxeqgvpjkd\modules@ovfsthx.sys \systemroot\system32\drivers\ovfsthxxsnpupht.sys
Reg HKLM\SYSTEM\CurrentControlSet\Services\ovfsthxeqgvpjkd\modules@ovfsthx.dll \systemroot\system32\ovfsthxqavpkltq.dll
Reg HKLM\SYSTEM\CurrentControlSet\Services\ovfsthxeqgvpjkd\modules@ovfsthxlog.dat \systemroot\system32\ovfsthxukodvwua.dat
Reg HKLM\SYSTEM\CurrentControlSet\Services\ovfsthxeqgvpjkd\modules@ovfsthxwi.dll \systemroot\system32\ovfsthxcroroeup.dll
Reg HKLM\SYSTEM\CurrentControlSet\Services\ovfsthxeqgvpjkd\modules@ovfsthxff.dll \systemroot\system32\ovfsthxjwlsuuko.dll
Reg HKLM\SYSTEM\CurrentControlSet\Services\ovfsthxeqgvpjkd\modules@ovfsthx.dat \systemroot\system32\ovfsthxnkacvlbn.dat
Reg HKLM\SYSTEM\CurrentControlSet\Services\TDSSserv@start 1
Reg HKLM\SYSTEM\CurrentControlSet\Services\TDSSserv@type 1
Reg HKLM\SYSTEM\CurrentControlSet\Services\TDSSserv@imagepath \systemroot\system32\drivers\TDSSserv.sys
Reg HKLM\SYSTEM\ControlSet008\Services\ovfsthxeqgvpjkd
Reg HKLM\SYSTEM\ControlSet008\Services\ovfsthxeqgvpjkd@start 1
Reg HKLM\SYSTEM\ControlSet008\Services\ovfsthxeqgvpjkd@type 1
Reg HKLM\SYSTEM\ControlSet008\Services\ovfsthxeqgvpjkd@group file system
Reg HKLM\SYSTEM\ControlSet008\Services\ovfsthxeqgvpjkd@imagepath \systemroot\system32\drivers\ovfsthxxsnpupht.sys
Reg HKLM\SYSTEM\ControlSet008\Services\ovfsthxeqgvpjkd@inst 0
Reg HKLM\SYSTEM\ControlSet008\Services\ovfsthxeqgvpjkd\main
Reg HKLM\SYSTEM\ControlSet008\Services\ovfsthxeqgvpjkd\main@ver rlf210409
Reg HKLM\SYSTEM\ControlSet008\Services\ovfsthxeqgvpjkd\main@cid 01
Reg HKLM\SYSTEM\ControlSet008\Services\ovfsthxeqgvpjkd\main@bid 2294301487-2225661657-2604730474-3965483411
Reg HKLM\SYSTEM\ControlSet008\Services\ovfsthxeqgvpjkd\main@aid 303380
Reg HKLM\SYSTEM\ControlSet008\Services\ovfsthxeqgvpjkd\main@sid 22
Reg HKLM\SYSTEM\ControlSet008\Services\ovfsthxeqgvpjkd\main@feed 0x22 0x64 0x78 0x36 ...
Reg HKLM\SYSTEM\ControlSet008\Services\ovfsthxeqgvpjkd\main@cmddelay 28801
Reg HKLM\SYSTEM\ControlSet008\Services\ovfsthxeqgvpjkd\main\delete
Reg HKLM\SYSTEM\ControlSet008\Services\ovfsthxeqgvpjkd\main\ff
Reg HKLM\SYSTEM\ControlSet008\Services\ovfsthxeqgvpjkd\main\ff@extension \\?\C:\Program Files\Mozilla Firefox\extensions\{E1FA113A-83D8-4BFD-BE7D-E4A3247EE16E}
Reg HKLM\SYSTEM\ControlSet008\Services\ovfsthxeqgvpjkd\main\ff@version 1
Reg HKLM\SYSTEM\ControlSet008\Services\ovfsthxeqgvpjkd\main\injector
Reg HKLM\SYSTEM\ControlSet008\Services\ovfsthxeqgvpjkd\main\injector@iexplore.exe ovfsthxwi.dll
Reg HKLM\SYSTEM\ControlSet008\Services\ovfsthxeqgvpjkd\main\injector@explorer.exe ovfsthxff.dll
Reg HKLM\SYSTEM\ControlSet008\Services\ovfsthxeqgvpjkd\main\tasks
Reg HKLM\SYSTEM\ControlSet008\Services\ovfsthxeqgvpjkd\modules
Reg HKLM\SYSTEM\ControlSet008\Services\ovfsthxeqgvpjkd\modules@ovfsthx.sys \systemroot\system32\drivers\ovfsthxxsnpupht.sys
Reg HKLM\SYSTEM\ControlSet008\Services\ovfsthxeqgvpjkd\modules@ovfsthx.dll \systemroot\system32\ovfsthxqavpkltq.dll
Reg HKLM\SYSTEM\ControlSet008\Services\ovfsthxeqgvpjkd\modules@ovfsthxlog.dat \systemroot\system32\ovfsthxukodvwua.dat
Reg HKLM\SYSTEM\ControlSet008\Services\ovfsthxeqgvpjkd\modules@ovfsthxwi.dll \systemroot\system32\ovfsthxcroroeup.dll
Reg HKLM\SYSTEM\ControlSet008\Services\ovfsthxeqgvpjkd\modules@ovfsthxff.dll \systemroot\system32\ovfsthxjwlsuuko.dll
Reg HKLM\SYSTEM\ControlSet008\Services\ovfsthxeqgvpjkd\modules@ovfsthx.dat \systemroot\system32\ovfsthxnkacvlbn.dat
Reg HKLM\SYSTEM\ControlSet008\Services\TDSSserv@start 1
Reg HKLM\SYSTEM\ControlSet008\Services\TDSSserv@type 1
Reg HKLM\SYSTEM\ControlSet008\Services\TDSSserv@imagepath \systemroot\system32\drivers\TDSSserv.sys

---- EOF - GMER 1.0.15 ----

#4 Buckeye_Sam

Buckeye_Sam

    Malware Expert


  • Members
  • 17,382 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Pickerington, Ohio
  • Local time:01:38 AM

Posted 03 May 2009 - 10:55 AM

Please download ComboFix from one of these locations:

Link 1
Link 2
Link 3

Important!
You should NOT use Combofix unless you have been instructed to do so by a Malware Removal Expert.
It is intended by its creator to be used under the guidance and supervision of an Malware Removal Expert, not for private use.
Using this tool incorrectly could lead to disastrous problems with your operating system such as preventing it from ever starting again.



Make sure that you save ComboFix.exe to your Desktop
  • Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools

  • Double click on ComboFix.exe & follow the prompts.

  • As part of it's process, ComboFix will check to see if the Microsoft Windows Recovery Console is installed. With malware infections being as they are today, it's strongly recommended to have this pre-installed on your machine before doing any malware removal. It will allow you to boot up into a special recovery/repair mode that will allow us to more easily help you should your computer have a problem after an attempted removal of malware.

  • Follow the prompts to allow ComboFix to download and install the Microsoft Windows Recovery Console, and when prompted, agree to the End-User License Agreement to install the Microsoft Windows Recovery Console.
**Please note: If the Microsoft Windows Recovery Console is already installed, ComboFix will continue it's malware removal procedures.


Posted Image


Once the Microsoft Windows Recovery Console is installed using ComboFix, you should see the following message:

Posted Image


Click on Yes, to continue scanning for malware.

When finished, it shall produce a log for you. Please include the C:\ComboFix.txt in your next reply.
Posted Image If I have helped you in any way, please consider a donation to help me continue the fight against malware.


Failing to respond back to the person that is giving up their own time to help you not only is insensitive and disrespectful, but it guarantees that you will never receive help from me again. Please thank your helpers and there will always be help here when you need it!


========================================================

#5 seanf951

seanf951
  • Topic Starter

  • Members
  • 3 posts
  • OFFLINE
  •  
  • Local time:01:38 AM

Posted 03 May 2009 - 12:47 PM

ComboFix 09-05-02.4 - Owner 05/03/2009 10:38.1 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.3068.2681 [GMT -7:00]
Running from: c:\documents and settings\Owner\Desktop\ComboFix.exe
AV: AntiVir Desktop *On-access scanning enabled* (Updated)
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\windows\system32\drivers\TDSSserv.sys
c:\windows\system32\lmppcsetup.exe
c:\windows\system32\nyhbjcli.ini
c:\windows\system32\wiwifezi.exe
D:\Autorun.inf

.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------\Service_TDSSSERV
-------\Legacy_TDSSSERV


((((((((((((((((((((((((( Files Created from 2009-04-03 to 2009-05-03 )))))))))))))))))))))))))))))))
.

2009-05-01 05:05 . 2009-05-01 05:05 -------- d-sh--w c:\documents and settings\Owner\IECompatCache
2009-05-01 02:19 . 2009-05-01 02:20 -------- d-----w c:\program files\Windows Live Safety Center
2009-04-30 23:05 . 2009-04-30 23:05 -------- d-----w c:\program files\Trend Micro
2009-04-29 07:33 . 2008-12-22 15:23 16648 ----a-w c:\windows\system32\AntiSpyNative32.exe
2009-04-29 07:33 . 2008-12-22 15:23 20232 ----a-w c:\windows\system32\AntiSpyNative64.exe
2009-04-29 05:55 . 2009-04-29 05:55 -------- d-sh--w c:\documents and settings\LocalService\IETldCache
2009-04-29 05:53 . 2009-04-29 05:53 -------- d-sh--w c:\documents and settings\Owner\PrivacIE
2009-04-29 05:51 . 2009-04-29 05:51 -------- d-sh--w c:\windows\system32\config\systemprofile\IETldCache
2009-04-29 05:50 . 2009-04-29 05:50 -------- d-sh--w c:\documents and settings\Owner\IETldCache
2009-04-29 05:49 . 2009-04-29 05:49 -------- d-----w c:\windows\ie8updates
2009-04-29 05:48 . 2009-02-28 04:55 105984 -c----w c:\windows\system32\dllcache\iecompat.dll
2009-04-29 05:47 . 2009-04-29 05:48 -------- dc-h--w c:\windows\ie8
2009-04-29 05:41 . 2009-04-29 05:41 -------- d-----w c:\windows\system32\XPSViewer
2009-04-29 05:41 . 2009-04-29 05:41 -------- d-----w c:\program files\MSBuild
2009-04-29 05:41 . 2009-04-29 05:41 -------- d-----w c:\program files\Reference Assemblies
2009-04-29 05:40 . 2008-07-06 12:06 117760 ------w c:\windows\system32\prntvpt.dll
2009-04-29 05:40 . 2008-07-06 12:06 89088 -c----w c:\windows\system32\dllcache\filterpipelineprintproc.dll
2009-04-29 05:40 . 2008-07-06 10:50 597504 -c----w c:\windows\system32\dllcache\printfilterpipelinesvc.exe
2009-04-29 05:40 . 2008-07-06 12:06 575488 -c----w c:\windows\system32\dllcache\xpsshhdr.dll
2009-04-29 05:40 . 2008-07-06 12:06 575488 ------w c:\windows\system32\xpsshhdr.dll
2009-04-29 05:40 . 2008-07-06 12:06 1676288 -c----w c:\windows\system32\dllcache\xpssvcs.dll
2009-04-29 05:40 . 2008-07-06 12:06 1676288 ------w c:\windows\system32\xpssvcs.dll
2009-04-29 05:40 . 2009-04-29 05:41 -------- d-----w C:\b301244d68bd026ceea9f277
2009-04-26 05:58 . 2008-04-14 00:12 116224 -c--a-w c:\windows\system32\dllcache\xrxwiadr.dll
2009-04-26 05:58 . 2001-08-18 05:36 23040 -c--a-w c:\windows\system32\dllcache\xrxwbtmp.dll
2009-04-26 05:58 . 2008-04-14 00:12 18944 -c--a-w c:\windows\system32\dllcache\xrxscnui.dll
2009-04-26 05:58 . 2001-08-18 05:37 27648 -c--a-w c:\windows\system32\dllcache\xrxftplt.exe
2009-04-26 05:57 . 2001-08-18 05:37 4608 -c--a-w c:\windows\system32\dllcache\xrxflnch.exe
2009-04-26 05:57 . 2001-08-18 05:37 99865 -c--a-w c:\windows\system32\dllcache\xlog.exe
2009-04-26 05:57 . 2001-08-17 19:11 16970 -c--a-w c:\windows\system32\dllcache\xem336n5.sys
2009-04-26 05:57 . 2004-08-04 05:29 19455 -c--a-w c:\windows\system32\dllcache\wvchntxx.sys
2009-04-26 05:57 . 2004-08-04 05:29 12063 -c--a-w c:\windows\system32\dllcache\wsiintxx.sys
2009-04-26 05:57 . 2008-04-14 00:12 8192 -c--a-w c:\windows\system32\dllcache\wshirda.dll
2009-04-26 05:57 . 2008-04-13 18:36 8832 -c--a-w c:\windows\system32\dllcache\wmiacpi.sys
2009-04-26 05:57 . 2004-08-04 05:31 154624 -c--a-w c:\windows\system32\dllcache\wlluc48.sys
2009-04-26 05:57 . 2001-08-17 19:12 34890 -c--a-w c:\windows\system32\dllcache\wlandrv2.sys
2009-04-26 05:57 . 2001-08-17 20:28 771581 -c--a-w c:\windows\system32\dllcache\winacisa.sys
2009-04-26 05:57 . 2001-08-18 05:36 53760 -c--a-w c:\windows\system32\dllcache\wiamsmud.dll
2009-04-26 05:55 . 2001-08-17 20:28 113762 -c--a-w c:\windows\system32\dllcache\usrpda.sys
2009-04-26 05:54 . 2001-08-18 05:36 216064 -c--a-w c:\windows\system32\dllcache\um34scan.dll
2009-04-26 05:53 . 2001-08-17 21:56 81408 -c--a-w c:\windows\system32\dllcache\tgiul50.dll
2009-04-26 05:52 . 2001-08-17 20:51 16896 -c--a-w c:\windows\system32\dllcache\stcusb.sys
2009-04-26 05:51 . 2001-08-17 19:12 24576 -c--a-w c:\windows\system32\dllcache\smc8000n.sys
2009-04-26 05:50 . 2001-07-21 21:29 161568 -c--a-w c:\windows\system32\dllcache\sgsmusb.sys
2009-04-26 05:49 . 2001-08-17 21:56 198400 -c--a-w c:\windows\system32\dllcache\s3sav4.dll
2009-04-26 05:48 . 2001-08-17 20:51 19584 -c--a-w c:\windows\system32\dllcache\rasirda.sys
2009-04-26 05:47 . 2001-08-17 21:04 173696 -c--a-w c:\windows\system32\dllcache\philcam2.sys
2009-04-26 05:46 . 2001-08-17 21:05 31872 -c--a-w c:\windows\system32\dllcache\ovce.sys
2009-04-26 05:45 . 2001-08-17 19:11 65278 -c--a-w c:\windows\system32\dllcache\netflx3.sys
2009-04-26 05:44 . 2001-08-17 21:02 35200 -c--a-w c:\windows\system32\dllcache\msgame.sys
2009-04-26 05:43 . 2001-08-17 20:28 727786 -c--a-w c:\windows\system32\dllcache\ltck000c.sys
2009-04-26 05:42 . 2008-04-14 00:12 151552 -c--a-w c:\windows\system32\dllcache\irftp.exe
2009-04-26 05:41 . 2001-08-17 21:56 353184 -c--a-w c:\windows\system32\dllcache\i740dnt5.dll
2009-04-26 05:40 . 2001-08-18 05:36 126976 -c--a-w c:\windows\system32\dllcache\hpgt34tk.dll
2009-04-26 05:39 . 2001-08-17 19:13 27165 -c--a-w c:\windows\system32\dllcache\fetnd5.sys
2009-04-26 05:38 . 2001-08-17 19:10 19996 -c--a-w c:\windows\system32\dllcache\em556n4.sys
2009-04-26 05:37 . 2001-08-18 05:36 131156 -c--a-w c:\windows\system32\dllcache\digidbp.dll
2009-04-26 05:36 . 2004-08-10 19:00 9728 -c--a-w c:\windows\system32\dllcache\change.exe
2009-04-26 05:35 . 2001-08-17 21:56 104832 -c--a-w c:\windows\system32\dllcache\atiraged.dll
2009-04-26 05:34 . 2003-03-24 23:52 49212 -c--a-w c:\windows\system32\dllcache\fp4awebs.dll
2009-04-26 05:34 . 2003-03-24 23:52 82035 -c--a-w c:\windows\system32\dllcache\fp4anscp.dll
2009-04-26 05:34 . 2004-05-13 07:39 184435 -c--a-w c:\windows\system32\dllcache\fp4amsft.dll
2009-04-26 02:56 . 2009-04-26 02:56 -------- d-----w c:\documents and settings\NetworkService\Local Settings\Application Data\Google
2009-04-26 01:47 . 2009-04-26 02:55 -------- d-----w c:\program files\Google
2009-04-21 03:23 . 2009-04-21 03:23 -------- d-----w C:\ijji
2009-04-21 03:23 . 2009-04-21 03:23 -------- d-----w c:\documents and settings\All Users\Application Data\IJJIGame
2009-04-20 08:40 . 2009-04-27 20:56 55640 ----a-w c:\windows\system32\drivers\avgntflt.sys
2009-04-20 08:39 . 2009-04-20 08:39 -------- d-----w c:\documents and settings\All Users\Application Data\Avira
2009-04-20 08:39 . 2009-04-20 08:39 -------- d-----w c:\program files\Avira
2009-04-19 08:13 . 2009-04-20 09:03 -------- d-----w c:\documents and settings\Owner\Application Data\IObit
2009-04-19 08:13 . 2009-04-19 08:13 -------- d-----w c:\program files\IObit
2009-04-19 08:01 . 2009-04-26 06:03 -------- d-----w c:\program files\Defraggler
2009-04-17 01:00 . 2009-04-20 08:30 -------- d-----w c:\program files\MySpace
2009-04-16 23:02 . 2009-04-16 23:02 -------- d-----w c:\program files\AVG
2009-04-15 22:42 . 2008-05-03 11:55 2560 ------w c:\windows\system32\xpsp4res.dll
2009-04-12 04:59 . 2009-04-12 04:59 -------- d-----w c:\documents and settings\Owner\Application Data\OpenOffice.org
2009-04-12 04:57 . 2009-04-12 04:57 -------- d-----w c:\program files\JRE
2009-04-12 04:57 . 2009-04-12 04:57 -------- d-----w c:\program files\OpenOffice.org 3
2009-04-11 02:36 . 2009-04-11 02:36 -------- d-----w c:\documents and settings\Owner\Local Settings\Application Data\Evernote
2009-04-10 07:22 . 2009-04-10 07:22 -------- d-----w c:\program files\iPod
2009-04-10 07:22 . 2009-04-10 07:22 -------- d-----w c:\documents and settings\All Users\Application Data\{8CD7F5AF-ECFA-4793-BF40-D8F42DBFF906}
2009-04-10 07:22 . 2009-04-19 07:22 -------- d-----w c:\program files\iTunes
2009-04-08 07:46 . 2009-04-12 04:50 -------- d-----w c:\program files\Panda Security
2009-04-07 09:23 . 2009-04-07 09:23 -------- d-----w c:\documents and settings\All Users\Application Data\Digsby
2009-04-07 09:21 . 2009-04-07 09:23 -------- d-----w c:\documents and settings\Owner\Application Data\Digsby
2009-04-07 09:21 . 2009-04-07 09:28 -------- d-----w c:\documents and settings\Owner\Local Settings\Application Data\Digsby
2009-04-07 09:17 . 2009-04-07 09:17 -------- d-----w c:\documents and settings\Owner\Application Data\com.ebay.sandimas.public-beta.AA1EEF5552BF52051F68E7EAF27E23FA6449A65C.1
2009-04-07 09:16 . 2009-04-07 09:16 -------- d-----w c:\program files\Common Files\Adobe AIR
2009-04-07 08:29 . 2009-04-20 08:58 -------- d-----w c:\program files\RegCure
2009-04-07 08:09 . 2009-04-07 08:26 -------- d-----w c:\documents and settings\Owner\Local Settings\Application Data\Eraser

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-05-03 17:42 . 2009-05-01 05:11 376 ----a-w c:\windows\Tasks\AWC AutoSweep.job
2009-05-03 17:42 . 2009-04-26 01:48 880 ----a-w c:\windows\Tasks\GoogleUpdateTaskMachine.job
2009-05-03 17:42 . 2009-04-07 08:29 438 ----a-w c:\windows\Tasks\RegCure Program Check.job
2009-05-03 17:42 . 2005-04-13 17:26 6 ---ha-w c:\windows\Tasks\SA.DAT
2009-05-03 17:37 . 2009-01-06 02:53 310 ----a-w c:\windows\Tasks\bmbmnonc.job
2009-05-03 17:27 . 2009-04-07 08:29 372 ----a-w c:\windows\Tasks\RegCure.job
2009-05-03 17:05 . 2009-05-01 05:11 388 ----a-w c:\windows\Tasks\AWC Update.job
2009-04-29 08:10 . 2009-04-29 08:10 338 ----a-w c:\windows\Tasks\Uniblue SpyEraser.job
2009-04-29 07:29 . 2008-09-09 23:36 -------- d-----w c:\program files\Uniblue
2009-04-29 05:52 . 2007-09-24 03:20 61360 ----a-w c:\documents and settings\Owner\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2009-04-24 18:10 . 2007-10-04 21:48 284 ----a-w c:\windows\Tasks\AppleSoftwareUpdate.job
2009-04-20 08:58 . 2009-01-15 09:44 -------- d-----w c:\program files\FrostWire
2009-04-20 08:58 . 2008-11-13 09:43 -------- d-----w c:\program files\PartyGaming
2009-04-20 08:58 . 2008-11-10 10:57 -------- d-----w c:\program files\Wise Registry Cleaner 3
2009-04-20 08:58 . 2008-05-16 06:23 -------- d-----w c:\program files\LimeWire
2009-04-20 08:58 . 2008-02-21 23:34 -------- d-----w c:\program files\2Wire Wireless Manager
2009-04-20 08:58 . 2008-01-20 07:09 -------- d-----w c:\program files\AIM
2009-04-20 08:58 . 2007-09-26 02:36 -------- d-----w c:\program files\Steam
2009-04-20 08:58 . 2004-01-01 20:59 -------- d-----w c:\program files\MSN Encarta Plus
2009-04-20 08:58 . 2004-01-01 20:45 -------- d-----w c:\program files\Microsoft Picture It! 10
2009-04-20 08:58 . 2004-01-01 20:42 -------- d-----w c:\program files\Microsoft Works
2009-04-12 04:56 . 2005-04-13 17:41 -------- d-----w c:\program files\Java
2009-04-12 04:49 . 2004-01-01 20:45 -------- d--h--w c:\program files\InstallShield Installation Information
2009-04-10 07:22 . 2007-10-04 21:47 -------- d-----w c:\program files\Common Files\Apple
2009-04-07 05:39 . 2008-09-22 23:13 -------- d-----w c:\program files\Malwarebytes' Anti-Malware
2009-04-07 05:37 . 2008-12-25 21:30 -------- d-----w c:\program files\CCleaner
2009-04-06 22:32 . 2008-09-22 23:13 38496 ----a-w c:\windows\system32\drivers\mbamswissarmy.sys
2009-04-06 22:32 . 2008-09-22 23:13 15504 ----a-w c:\windows\system32\drivers\mbam.sys
2009-04-02 07:42 . 2008-07-25 04:52 -------- d-----w c:\program files\Spybot - Search & Destroy
2009-03-27 20:30 . 2009-03-27 20:30 -------- d-----w c:\program files\Tipard Studio
2009-03-19 23:32 . 2009-01-24 20:47 23400 ----a-w c:\windows\system32\drivers\GEARAspiWDM.sys
2009-03-12 07:00 . 2008-01-07 08:41 -------- d-----w c:\program files\Bonjour
2009-03-09 23:22 . 2009-02-24 04:38 -------- d-----w c:\program files\XP Repair Pro 2007
2009-03-08 11:34 . 2005-04-13 16:56 914944 ----a-w c:\windows\system32\wininet.dll
2009-03-08 11:34 . 2005-04-13 16:55 43008 ----a-w c:\windows\system32\licmgr10.dll
2009-03-08 11:33 . 2005-04-13 16:55 18944 ----a-w c:\windows\system32\corpol.dll
2009-03-08 11:33 . 2005-04-13 16:56 420352 ----a-w c:\windows\system32\vbscript.dll
2009-03-08 11:32 . 2005-04-13 16:55 72704 ----a-w c:\windows\system32\admparse.dll
2009-03-08 11:32 . 2005-04-13 16:55 71680 ----a-w c:\windows\system32\iesetup.dll
2009-03-08 11:31 . 2005-04-13 16:55 34816 ----a-w c:\windows\system32\imgutil.dll
2009-03-08 11:31 . 2005-04-13 16:55 48128 ----a-w c:\windows\system32\mshtmler.dll
2009-03-08 11:31 . 2005-04-13 16:55 45568 ----a-w c:\windows\system32\mshta.exe
2009-03-08 11:22 . 2005-04-13 16:55 156160 ----a-w c:\windows\system32\msls31.dll
2009-03-07 04:21 . 2005-04-13 17:18 86811 ----a-w c:\windows\pchealth\helpctr\OfflineCache\index.dat
2009-03-07 04:19 . 2008-05-16 08:23 -------- d-----w c:\program files\NCH Swift Sound
2009-03-07 04:19 . 2008-09-02 07:24 -------- d-----w c:\program files\Common Files\Wise Installation Wizard
2009-03-07 04:19 . 2008-02-19 01:39 -------- d-----w c:\program files\Common Files\Nikon
2009-03-06 14:22 . 2005-04-13 16:55 284160 ----a-w c:\windows\system32\pdh.dll
2009-02-16 01:31 . 2009-02-16 01:31 130208 ------r c:\windows\bwUnin-8.1.1.87-8876480SL.exe
2009-02-09 12:10 . 2008-09-10 06:05 729088 ----a-w c:\windows\system32\lsasrv.dll
2009-02-09 12:10 . 2008-09-10 06:05 617472 ----a-w c:\windows\system32\advapi32.dll
2009-02-09 12:10 . 2008-09-10 06:05 714752 ----a-w c:\windows\system32\ntdll.dll
2009-02-09 12:10 . 2005-04-13 16:56 401408 ----a-w c:\windows\system32\rpcss.dll
2009-02-09 11:13 . 2008-09-10 06:05 1846784 ----a-w c:\windows\system32\win32k.sys
2009-02-06 11:11 . 2008-09-10 06:05 110592 ----a-w c:\windows\system32\services.exe
2009-02-06 11:06 . 2008-09-10 06:05 2145280 ----a-w c:\windows\system32\ntoskrnl.exe
2009-02-06 10:39 . 2005-04-13 16:56 35328 ----a-w c:\windows\system32\sc.exe
2009-02-06 10:32 . 2008-09-10 06:05 2023936 ----a-w c:\windows\system32\ntkrnlpa.exe
2009-02-06 03:02 . 2008-02-19 01:40 0 ---h--w c:\documents and settings\All Users\Application Data\PKP_DLdu.DAT
2009-02-03 19:59 . 2005-04-13 16:56 56832 ----a-w c:\windows\system32\secur32.dll
2008-11-14 10:27 . 2008-11-14 10:27 12877 ----a-w c:\program files\Common Files\wigomeq.inf
2008-11-14 10:27 . 2008-11-14 10:27 12472 ----a-w c:\program files\Common Files\aqifyfuwyf.dat
2008-11-14 10:27 . 2008-11-14 10:27 11257 ----a-w c:\program files\Common Files\tywevumi.bin
2008-11-14 10:27 . 2008-11-14 10:27 16177 ----a-w c:\program files\Common Files\sosiky.com
2008-11-14 10:27 . 2008-11-14 10:27 13645 ----a-w c:\program files\Common Files\jedupyjadi.dl
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2008-04-14 15360]
"AIM"="c:\program files\AIM\aim.exe" [2006-08-01 67112]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2007-06-29 8466432]

c:\documents and settings\All Users\Start Menu\Programs\Startup\
Logitech Desktop Messenger.lnk - c:\program files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe [2009-2-15 91440]
Logitech SetPoint.lnk - c:\program files\Logitech\SetPoint\SetPoint.exe [2009-2-15 805392]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\system]
"DisableRegedit"= 0 (0x0)

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
"NoRecentDocsNetHood"= 1 (0x1)

[HKEY_USERS\.default\software\microsoft\windows\currentversion\policies\explorer]
"NoSetActiveDesktop"= 1 (0x1)

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\LBTWlgn]
2008-05-02 10:42 72208 ----a-w c:\program files\common files\logishrd\bluetooth\LBTWLgn.dll

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WdfLoadGroup]
@=""

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^BigFix.lnk]
backup=c:\windows\pss\BigFix.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Logitech Desktop Messenger.lnk]
backup=c:\windows\pss\Logitech Desktop Messenger.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^ymetray.lnk]
backup=c:\windows\pss\ymetray.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^Owner^Start Menu^Programs^Startup^FrostWire On Startup.lnk]
backup=c:\windows\pss\FrostWire On Startup.lnkStartup

[HKLM\~\startupfolder\C:^Documents and Settings^Owner^Start Menu^Programs^Startup^LimeWire On Startup.lnk]
backup=c:\windows\pss\LimeWire On Startup.lnkStartup

[HKLM\~\startupfolder\C:^Documents and Settings^Owner^Start Menu^Programs^Startup^Nikon Monitor.lnk]
backup=c:\windows\pss\Nikon Monitor.lnkStartup

[HKLM\~\startupfolder\C:^Documents and Settings^Owner^Start Menu^Programs^Startup^OpenOffice.org 3.0.lnk]
backup=c:\windows\pss\OpenOffice.org 3.0.lnkStartup
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Aim6
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AOL Spyware Protection
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BitTorrent DNA
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ccApp
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Eraser
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MsnMsgr
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MySpaceIM
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Skype
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SRS Audio Sandbox
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\XPRepairPro2007

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"BITS"=3 (0x3)

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-disabled]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe"
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" -atboottime

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\PROGRA~1\\Yahoo!\\MESSEN~1\\yserver.exe"=
"c:\\Program Files\\Yahoo!\\Messenger\\YahooMessenger.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\Messenger\\msmsgs.exe"=
"c:\\Program Files\\AIM\\aim.exe"=
"c:\\WINDOWS\\system32\\ftp.exe"=
"c:\\Program Files\\FrostWire\\FrostWire.exe"=
"c:\\Program Files\\Logitech\\Desktop Messenger\\8876480\\Program\\LogitechDesktopMessenger.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=
"c:\\Program Files\\Mozilla Firefox\\firefox.exe"=
"c:\\ijji\\ENGLISH\\u_gbound.exe"=
"c:\\ijji\\ENGLISH\\Gunbound Revolution\\GunBound.gme"=

R1 SABKUTIL;SABKUTIL; [x]
R2 gupdate1c9c61114ee7d8c;Google Update Service (gupdate1c9c61114ee7d8c);c:\program files\Google\Update\GoogleUpdate.exe [2009-04-26 133104]
R3 ASPI;Advanced SCSI Programming Interface Driver;c:\windows\System32\DRIVERS\ASPI32.sys [2002-07-17 16512]
R3 npggsvc;nProtect GameGuard Service;c:\windows\system32\GameMon.des [2009-03-16 2849757]
S2 AntiVirSchedulerService;Avira AntiVir Scheduler;c:\program files\Avira\AntiVir Desktop\sched.exe [2009-04-27 108289]
S2 Viewpoint Manager Service;Viewpoint Manager Service;c:\program files\Viewpoint\Common\ViewpointService.exe [2007-01-04 24652]


[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\D]
\Shell\AutoRun\command - c:\windows\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL Info.exe folder.htt 480 480

[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\>{60B49E34-C7CC-11D0-8953-00A0C90347FF}]
"c:\windows\system32\rundll32.exe" "c:\windows\system32\iedkcs32.dll",BrandIEActiveSetup SIGNUP
.
Contents of the 'Scheduled Tasks' folder

2009-04-24 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 19:34]

2009-05-03 c:\windows\Tasks\AWC AutoSweep.job
- c:\program files\IObit\Advanced SystemCare 3\AutoSweep.exe [2009-04-30 22:35]

2009-05-03 c:\windows\Tasks\AWC Update.job
- c:\program files\IObit\Advanced SystemCare 3\IObitUpdate.exe [2009-04-30 17:15]

2009-05-03 c:\windows\Tasks\GoogleUpdateTaskMachine.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-04-26 01:48]

2004-01-01 c:\windows\Tasks\ISP signup reminder 1.job
- c:\windows\system32\OOBE\oobebaln.exe [2005-04-13 00:12]

2004-01-01 c:\windows\Tasks\ISP signup reminder 2.job
- c:\windows\system32\OOBE\oobebaln.exe [2005-04-13 00:12]

2004-01-01 c:\windows\Tasks\ISP signup reminder 3.job
- c:\windows\system32\OOBE\oobebaln.exe [2005-04-13 00:12]

2009-05-03 c:\windows\Tasks\RegCure Program Check.job
- c:\program files\RegCure\RegCure.exe [2008-12-29 23:20]

2009-05-03 c:\windows\Tasks\RegCure.job
- c:\program files\RegCure\RegCure.exe [2008-12-29 23:20]

2009-04-29 c:\windows\Tasks\Uniblue SpyEraser.job
- c:\program files\Uniblue\SpyEraser\SpyEraser.exe [2008-09-09 15:23]
.
- - - - ORPHANS REMOVED - - - -

Toolbar-SITEguard - (no file)
Notify-geBQJDwV - geBQJDwV.dll


.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.google.com/
uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8
mSearch Bar = hxxp://red.clientapps.yahoo.com/customize/ie/defaults/sb/sbcydsl/*http://www.yahoo.com/search/ie.html
uInternet Settings,ProxyOverride = *.local
IE: &AIM Search
IE: E&xport to Microsoft Excel
IE: {{B4B52284-A248-4c51-9F7C-F0A0C67FCC9D}
Trusted Zone: gomyhit.com
Handler: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - c:\program files\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll
DPF: {97770E5B-2028-48AC-B4DA-1F991376D2B6} - hxxp://download.copysafe.net/plugins5/installers/Copysafe.cab
DPF: {E5ABEB00-B357-4884-9949-77B2C71A7EE3} - hxxp://www.intel.com/design/motherbd/boardid/BoardID.cab
FF - ProfilePath - c:\documents and settings\Owner\Application Data\Mozilla\Firefox\Profiles\jciix2z6.default\
FF - prefs.js: browser.search.selectedEngine - MySpace.com
FF - prefs.js: browser.startup.homepage - www.google.com
FF - prefs.js: keyword.URL - hxxp://searchservice.myspace.com/index.cfm?fuseaction=sitesearch.results&type=Web&orig=IMC-FF&qry=
FF - plugin: c:\program files\Google\Update\1.2.141.5\npGoogleOneClick7.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\np-mswmp.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npijjiCHPlugin.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npijjiFFPlugin1.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npqtplugin8.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npViewpoint.dll
FF - plugin: c:\program files\QuickTime\Plugins\npqtplugin8.dll
FF - plugin: c:\program files\Viewpoint\Viewpoint Experience Technology\npViewpoint.dll
.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-05-03 10:42
Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...


c:\docume~1\Owner\LOCALS~1\Temp\~DF7522.tmp 16384 bytes
c:\docume~1\Owner\LOCALS~1\Temp\~DF85B7.tmp 16384 bytes
c:\windows\system32\ovfsthxnkacvlbn.dat 43 bytes

scan completed successfully
hidden files: 3

**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------

[HKEY_USERS\S-1-5-21-2225661657-2604730474-3965483411-1006\Software\Microsoft\Windows\CurrentVersion\Explorer\CLSID]
@Denied: (Full) (LocalSystem)
@SACL=
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'winlogon.exe'(784)
c:\program files\common files\logishrd\bluetooth\LBTWlgn.dll
c:\program files\common files\logishrd\bluetooth\LBTServ.dll

- - - - - - - > 'explorer.exe'(7088)
c:\program files\Common Files\Logishrd\LVMVFM\LVPrcInj.dll
c:\program files\Logitech\SetPoint\lgscroll.dll
c:\windows\system32\ieframe.dll
c:\windows\system32\OneX.DLL
c:\windows\system32\eappprxy.dll
c:\windows\system32\webcheck.dll
.
------------------------ Other Running Processes ------------------------
.
c:\program files\Lavasoft\Ad-Aware\aawservice.exe
c:\program files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe
c:\program files\Common Files\LogiShrd\KHAL2\KHALMNPR.exe
c:\program files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
c:\program files\Bonjour\mDNSResponder.exe
c:\windows\ehome\ehRecvr.exe
c:\windows\ehome\ehSched.exe
c:\windows\system32\nvsvc32.exe
c:\windows\system32\PnkBstrA.exe
c:\program files\Common Files\New Boundary\PrismXL\PRISMXL.SYS
c:\windows\system32\dllhost.exe
c:\windows\system32\wscntfy.exe
.
**************************************************************************
.
Completion time: 2009-05-03 10:45 - machine was rebooted
ComboFix-quarantined-files.txt 2009-05-03 17:45

Pre-Run: 200,168,984,576 bytes free
Post-Run: 200,139,976,704 bytes free

WindowsXP-KB310994-SP2-Pro-BootDisk-ENU.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Windows XP Media Center Edition" /noexecute=optin /fastdetect /noguiboot

Current=7 Default=7 Failed=4 LastKnownGood=8 Sets=1,2,3,4,5,6,7,8
374 --- E O F --- 2009-04-29 15:06

#6 Buckeye_Sam

Buckeye_Sam

    Malware Expert


  • Members
  • 17,382 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Pickerington, Ohio
  • Local time:01:38 AM

Posted 04 May 2009 - 08:23 AM

Copy and paste ALL the following text in the Quote box below into Notepad.
Click on File(in the menu at the top)>Save as../Save as Type: 'All Files' /File name: CFScript to your desktop.

Driver::
ovfsthxeqgvpjkd
UACd.sys

File::
C:\WINDOWS\system32\drivers\ovfsthxxsnpupht.sys
c:\program files\Common Files\wigomeq.inf
c:\program files\Common Files\aqifyfuwyf.dat
c:\program files\Common Files\tywevumi.bin
c:\program files\Common Files\sosiky.com
c:\program files\Common Files\jedupyjadi.dl
c:\windows\system32\ovfsthxnkacvlbn.dat

Registry::
[-HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\D]
Prior to running Combofix.exe you should disable your antivirus program.

Now drag then drop the CFScript file onto ComboFix.exe as seen in the image below.

Posted Image

This will start ComboFix again.
After reboot, (in case it asks to reboot), post the contents of Combofix.txt in your next reply.


=================


Please download Malwarebytes Anti-Malware and save it to your desktop.
alternate download link 1
alternate download link 2
If you have a previous version of MBAM, remove it via Add/Remove Programs and download a fresh copy.
  • Make sure you are connected to the Internet.
  • Double-click on mbam-setup.exe to install the application.
  • When the installation begins, follow the prompts and do not make any changes to default settings.
  • When installation has finished, make sure you leave both of these checked:
    • Update Malwarebytes' Anti-Malware
    • Launch Malwarebytes' Anti-Malware
  • Then click Finish.
MBAM will automatically start and you will be asked to update the program before performing a scan.
  • If an update is found, the program will automatically update itself.
  • Press the OK button to close that box and continue.
  • If you encounter any problems while downloading the updates, manually download them from here and just double-click on mbam-rules.exe to install. Alternatively, you can update through MBAM's interface from a clean computer, copy the definitions (rules.ref) located in C:\Documents and Settings\All Users\Application Data\Malwarebytes\Malwarebytes' Anti-Malware from that system to a usb stick or CD and then copy it to the infected machine.
On the Scanner tab:
  • Make sure the "Perform Quick Scan" option is selected.
  • Then click on the Scan button.
  • If asked to select the drives to scan, leave all the drives selected and click on the Start Scan button.
  • The scan will begin and "Scan in progress" will show at the top. It may take some time to complete so please be patient.
  • When the scan is finished, a message box will say "The scan completed successfully. Click 'Show Results' to display all objects found".
  • Click OK to close the message box and continue with the removal process.
Back at the main Scanner screen:
  • Click on the Show Results button to see a list of any malware that was found.
  • Make sure that everything is checked, and click Remove Selected.
  • When removal is completed, a log report will open in Notepad.
  • The log is automatically saved and can be viewed by clicking the Logs tab in MBAM.
  • Copy and paste the contents of that report in your next reply and exit MBAM.
Note: If MBAM encounters a file that is difficult to remove, you may be asked to reboot your computer so it can proceed with the disinfection process. Regardless if prompted to restart the computer or not, please do so immediately. Failure to reboot normally (not into safe mode) will prevent MBAM from removing all the malware. MBAM may "make changes to your registry" as part of its disinfection routine. If using other security programs that detect registry changes (ie Spybot's Teatimer), they may interfere or alert you after scanning with MBAM. Please temporarily disable such programs or permit them to allow the changes.
Posted Image If I have helped you in any way, please consider a donation to help me continue the fight against malware.


Failing to respond back to the person that is giving up their own time to help you not only is insensitive and disrespectful, but it guarantees that you will never receive help from me again. Please thank your helpers and there will always be help here when you need it!


========================================================

#7 Buckeye_Sam

Buckeye_Sam

    Malware Expert


  • Members
  • 17,382 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Pickerington, Ohio
  • Local time:01:38 AM

Posted 25 May 2009 - 10:07 AM

Unfortunately there has been no response. :thumbup2:
This thread will now be closed.
Posted Image If I have helped you in any way, please consider a donation to help me continue the fight against malware.


Failing to respond back to the person that is giving up their own time to help you not only is insensitive and disrespectful, but it guarantees that you will never receive help from me again. Please thank your helpers and there will always be help here when you need it!


========================================================




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users