Javascript Disabled Detected

You currently have javascript disabled. Several functions may not work. Please re-enable javascript to access full functionality.

Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.

Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Latest News: New LamePyre macOS Malware Sends Screenshots to Attacker

Featured Deal: Get 91% off The ReactJS Programming Bootcamp Deal

0xC5 Blue Screen crash - spooldr.sys?

Started by prh129 , May 15 2009 08:58 PM

This topic is locked

17 replies to this topic

#1 prh129

Members
11 posts
OFFLINE

Local time:05:49 AM

Posted 15 May 2009 - 08:58 PM

Early this week I started getting BSOD crashes on my Wondows XP desktop. I had not installed any new hardware or software. I allowed the PC to send the crash report to Microsoft and it linked me to a Microsoft topic that said I may have spooldr.sys malware. I googled this and installed 4 programs to check for problems - SuperAntiSpyware, Malwarebytes Anti-Malware, Combo Fix and MGtools. The SuperAntiSpyware found some infected files and removed them then Anti_Malware found some more infected files and removed them. After running combo fix and MGtools, I turned off Restore Points and got a Stop 0x0000008E crash. I rebooted and turned restore points back on and things seemed to be fine. I had done a System Restore earlier in the week and McAfee seemed to be acting weird so I uninstalled it and ran the McAfee program to clean up after the removal as McAfee recommends then reinstalled McAfee. McAfee now seems to be running OK but I got another C5 crash late today while surfing the web. After looking at your site, I found that my windows firewall had been turned off so that is back on. I ran the Superspyware and Anti Malware checks and they both came up clean. I'm concerned that I have not completely cleaned up this problem. Please review the logs and let me know what you recommend. Thanks - Peter

DDS (Ver_09-05-14.01) - NTFSx86
Run by Peter at 20:59:06.43 on Fri 05/15/2009
Internet Explorer: 8.0.6001.18702 BrowserJavaVersion: 1.6.0_13
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.1022.428 [GMT -4:00]

AV: McAfee VirusScan *On-access scanning enabled* (Updated) {84B5EE75-6421-4CDE-A33A-DD43BA9FAD83}
FW: McAfee Personal Firewall *enabled* {94894B63-8C7F-4050-BDA4-813CA00DA3E8}

============== Running Processes ===============

C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
svchost.exe
svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
svchost.exe
C:\Program Files\Adobe\Photoshop Elements 6.0\PhotoshopElementsFileAgent.exe
C:\WINDOWS\system32\bgsvcgen.exe
C:\WINDOWS\eHome\ehRecvr.exe
C:\WINDOWS\eHome\ehSched.exe
C:\Program Files\Intel\Intel Matrix Storage Manager\Iaantmon.exe
C:\WINDOWS\ehome\ehtray.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\WINDOWS\stsystra.exe
C:\Program Files\Intel\Intel Matrix Storage Manager\Iaanotif.exe
C:\Program Files\Roxio\Drag-to-Disc\DrgToDsc.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\Program Files\McAfee.com\Agent\mcagent.exe
C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Common Files\InstallShield\UpdateService\isuspm.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\Logitech\SetPoint\SetPoint.exe
c:\PROGRA~1\COMMON~1\mcafee\mna\mcnasvc.exe
C:\Program Files\Common Files\Logishrd\KHAL2\KHALMNPR.EXE
c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe
C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe
C:\Program Files\McAfee\MPF\MPFSrv.exe
C:\Program Files\CDBurnerXP\NMSAccessU.exe
C:\Program Files\Dell Support Center\bin\sprtsvc.exe
svchost.exe
C:\WINDOWS\system32\svchost.exe -k imgsvc
C:\Program Files\Intel\IntelDH\Intel® Quick Resume Technology\ELService.exe
C:\Program Files\Canon\CAL\CALMAIN.exe
C:\Program Files\internet explorer\iexplore.exe
C:\WINDOWS\system32\dllhost.exe
C:\Program Files\internet explorer\iexplore.exe
C:\WINDOWS\System32\svchost.exe -k HTTPFilter
C:\WINDOWS\eHome\ehmsas.exe
C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe
C:\Program Files\internet explorer\iexplore.exe
C:\install\dds.scr

============== Pseudo HJT Report ===============

uStart Page = hxxp://www.google.com/ig/dell?hl=en&client=dell-usuk-rel&channel=us&ibd=1070904
uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8
uInternet Connection Wizard,ShellNext = hxxp://www.google.com/ig/dell?hl=en&client=dell-usuk-rel&channel=us&ibd=1070904
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
BHO: Adobe PDF Reader Link Helper: {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelper.dll
BHO: Spybot-S&D IE Protection: {53707962-6f74-2d53-2644-206d7942484f} - c:\progra~1\spybot~1\SDHelper.dll
BHO: scriptproxy: {7db2d5a0-7241-4e79-b68d-6309f01c5231} - c:\program files\mcafee\virusscan\scriptsn.dll
BHO: Google Toolbar Helper: {aa58ed58-01dd-4d91-8333-cf10577473f7} - c:\program files\google\google toolbar\GoogleToolbar.dll
BHO: Google Toolbar Notifier BHO: {af69de43-7d58-4638-b6fa-ce66b5ad205d} - c:\program files\google\googletoolbarnotifier\5.1.1309.3572\swg.dll
BHO: Google Dictionary Compression sdch: {c84d72fe-e17d-4195-bb24-76c02e2e7c4e} - c:\program files\google\google toolbar\component\fastsearch_A8904FB862BD9564.dll
BHO: CBrowserHelperObject Object: {ca6319c0-31b7-401e-a518-a07c3db8f777} - c:\program files\bae\BAE.dll
BHO: Java™ Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
TB: Google Toolbar: {2318c2b1-4965-11d4-9b18-009027a5cd4f} - c:\program files\google\google toolbar\GoogleToolbar.dll
EB: Real.com: {fe54fa40-d68c-11d2-98fa-00c0f0318afe} - c:\windows\system32\Shdocvw.dll
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
uRun: [EPSON Stylus Photo R380 Series] c:\windows\system32\spool\drivers\w32x86\3\e_fatiboa.exe /fu "c:\windows\temp\E_S247.tmp" /EF "HKCU"
uRun: [ISUSPM] "c:\program files\common files\installshield\updateservice\isuspm.exe" -scheduler
uRun: [swg] c:\program files\google\googletoolbarnotifier\GoogleToolbarNotifier.exe
uRun: [MSMSGS] "c:\program files\messenger\msmsgs.exe" /background
mRun: [ehTray] c:\windows\ehome\ehtray.exe
mRun: [SigmatelSysTrayApp] stsystra.exe
mRun: [IAAnotif] c:\program files\intel\intel matrix storage manager\Iaanotif.exe
mRun: [ATIPTA] "c:\program files\ati technologies\ati control panel\atiptaxx.exe"
mRun: [ISUSPM Startup] "c:\program files\common files\installshield\updateservice\isuspm.exe" -startup
mRun: [ISUSScheduler] "c:\program files\common files\installshield\updateservice\issch.exe" -start
mRun: [RoxioDragToDisc] "c:\program files\roxio\drag-to-disc\DrgToDsc.exe"
mRun: [Kernel and Hardware Abstraction Layer] KHALMNPR.EXE
mRun: [SunJavaUpdateSched] "c:\program files\java\jre6\bin\jusched.exe"
mRun: [mcagent_exe] c:\program files\mcafee.com\agent\mcagent.exe /runkey
mRun: [dellsupportcenter] "c:\program files\dell support center\bin\sprtcmd.exe" /P dellsupportcenter
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\logite~1.lnk - c:\program files\logitech\setpoint\SetPoint.exe
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
IE: {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - {FE54FA40-D68C-11d2-98FA-00C0F0318AFE} - c:\windows\system32\Shdocvw.dll
IE: {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - {53707962-6F74-2D53-2644-206D7942484F} - c:\progra~1\spybot~1\SDHelper.dll
Trusted Zone: musicmatch.com\online
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_13-windows-i586.cab
DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} - hxxp://fpdownload.macromedia.com/get/flashplayer/current/ultrashim.cab
DPF: {CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_13-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_13-windows-i586.cab
DPF: {CF40ACC5-E1BB-4AFF-AC72-04C2F616BCA7} - hxxp://www.adobe.com/products/acrobat/nos/gp.cab
DPF: {FFBB3F3B-0A5A-4106-BE53-DFE1E2340CB1} - hxxp://dlm.tools.akamai.com/dlmanager/versions/activex/dlm-activex-2.2.2.1.cab
Notify: !SASWinLogon - c:\program files\superantispyware\SASWINLO.dll
Notify: LBTWlgn - c:\program files\common files\logishrd\bluetooth\LBTWlgn.dll
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll
SEH: SABShellExecuteHook Class: {5ae067d3-9afb-48e0-853a-ebb7f4a000da} - c:\program files\superantispyware\SASSEH.DLL

================= FIREFOX ===================

FF - ProfilePath - c:\docume~1\peterh~1\applic~1\mozilla\firefox\profiles\13w6tz3f.default\
FF - plugin: c:\program files\viewpoint\viewpoint experience technology\npViewpoint.dll

============= SERVICES / DRIVERS ===============

R1 mfehidk;McAfee Inc. mfehidk;c:\windows\system32\drivers\mfehidk.sys [2009-5-14 201320]
R1 SASDIFSV;SASDIFSV;c:\program files\superantispyware\sasdifsv.sys [2009-4-28 9968]
R1 SASKUTIL;SASKUTIL;c:\program files\superantispyware\SASKUTIL.SYS [2009-4-28 72944]
R2 AdobeActiveFileMonitor6.0;Adobe Active File Monitor V6;c:\program files\adobe\photoshop elements 6.0\PhotoshopElementsFileAgent.exe [2007-9-11 124832]
R2 LBeepKE;LBeepKE;c:\windows\system32\drivers\LBeepKE.sys [2009-2-27 10384]
R2 McProxy;McAfee Proxy Service;c:\progra~1\common~1\mcafee\mcproxy\mcproxy.exe [2009-5-14 359248]
R2 McrdSvc;Media Center Extender Service;c:\windows\ehome\mcrdsvc.exe [2005-8-5 99328]
R2 McShield;McAfee Real-time Scanner;c:\progra~1\mcafee\viruss~1\mcshield.exe [2009-5-14 144704]
R3 BENDER;Pinnacle DV/AV Capture;c:\windows\system32\drivers\bender.sys [2008-12-20 203264]
R3 McSysmon;McAfee SystemGuards;c:\progra~1\mcafee\viruss~1\mcsysmon.exe [2009-5-14 695624]
R3 mfeavfk;McAfee Inc. mfeavfk;c:\windows\system32\drivers\mfeavfk.sys [2009-5-14 79304]
R3 mfebopk;McAfee Inc. mfebopk;c:\windows\system32\drivers\mfebopk.sys [2009-5-14 35240]
R3 mfesmfk;McAfee Inc. mfesmfk;c:\windows\system32\drivers\mfesmfk.sys [2009-5-14 40488]
S3 mferkdk;McAfee Inc. mferkdk;c:\windows\system32\drivers\mferkdk.sys [2009-5-14 33832]
S3 SASENUM;SASENUM;c:\program files\superantispyware\SASENUM.SYS [2009-4-28 7408]

=============== Created Last 30 ================

2009-05-14 23:46 <DIR> --d----- c:\program files\common files\AnswerWorks 5.0
2009-05-14 23:45 3,523,872 a------- c:\windows\system32\cdintf300.dll
2009-05-14 23:45 1,848,608 a------- c:\windows\system32\acXMLParser.dll
2009-05-14 23:44 <DIR> --d----- c:\program files\Quicken
2009-05-14 23:26 67,536 a------- C:\MGlogs.zip
2009-05-14 21:52 7,087 a------- c:\windows\system32\Config.MPF
2009-05-14 21:52 143,360 a------- c:\windows\system32\dunzip32.dll
2009-05-14 21:50 33,832 a------- c:\windows\system32\drivers\mferkdk.sys
2009-05-14 21:50 201,320 a------- c:\windows\system32\drivers\mfehidk.sys
2009-05-14 21:50 79,304 a------- c:\windows\system32\drivers\mfeavfk.sys
2009-05-14 21:50 40,488 a------- c:\windows\system32\drivers\mfesmfk.sys
2009-05-14 21:50 35,240 a------- c:\windows\system32\drivers\mfebopk.sys
2009-05-14 21:49 113,952 a------- c:\windows\system32\drivers\Mpfp.sys
2009-05-14 21:49 <DIR> --d----- c:\program files\McAfee.com
2009-05-14 21:49 <DIR> --d----- c:\program files\common files\McAfee
2009-05-14 21:49 <DIR> --d----- c:\program files\McAfee
2009-05-14 21:24 <DIR> --d----- c:\windows\pss
2009-05-14 08:59 110,908 a------- C:\MGlogs1.zip
2009-05-14 08:47 <DIR> a-dshr-- C:\cmdcons
2009-05-14 08:16 161,792 a------- c:\windows\SWREG.exe
2009-05-14 08:16 98,816 a------- c:\windows\sed.exe
2009-05-14 00:21 <DIR> --d----- c:\docume~1\peterh~1\applic~1\Malwarebytes
2009-05-14 00:21 15,504 a------- c:\windows\system32\drivers\mbam.sys
2009-05-14 00:21 38,496 a------- c:\windows\system32\drivers\mbamswissarmy.sys
2009-05-14 00:21 <DIR> --d----- c:\docume~1\alluse~1\applic~1\Malwarebytes
2009-05-14 00:21 <DIR> --d----- c:\program files\Malwarebytes' Anti-Malware
2009-05-13 22:02 <DIR> --d----- c:\docume~1\alluse~1\applic~1\SUPERAntiSpyware.com
2009-05-13 22:02 <DIR> --d----- c:\program files\SUPERAntiSpyware
2009-05-13 22:02 <DIR> --d----- c:\docume~1\peterh~1\applic~1\SUPERAntiSpyware.com
2009-05-13 22:02 <DIR> --d----- c:\program files\common files\Wise Installation Wizard
2009-05-12 23:42 <DIR> --dsh--- c:\documents and settings\peter \PrivacIE
2009-05-12 23:04 <DIR> --dsh--- c:\documents and settings\peter \IETldCache
2009-05-12 22:53 <DIR> --d----- c:\windows\ie8updates
2009-05-12 22:53 102,400 -------- c:\windows\system32\dllcache\iecompat.dll
2009-05-12 22:52 <DIR> -cd-h--- c:\windows\ie8
2009-05-12 21:40 <DIR> --d----- c:\windows\ServicePackFiles
2009-05-12 19:08 <DIR> --d----- C:\cabfb7a15b87b278266d2a
2009-05-11 21:13 <DIR> --d----- c:\program files\McAfee(2).com
2009-05-11 21:13 <DIR> --d----- c:\program files\common files\McAfee(2)
2009-05-11 21:13 <DIR> --d----- c:\program files\McAfee(2)
2009-05-10 22:39 <DIR> --d----- C:\q_back
2009-05-10 21:03 <DIR> --d----- c:\program files\Resource Kit
2009-05-10 20:32 4,720 a------- c:\windows\system32\PerfStringBackup.TMP
2009-05-09 11:56 1,089,593 -------- c:\windows\system32\dllcache\ntprint.cat
2009-05-09 11:56 284,160 -------- c:\windows\system32\dllcache\pdh.dll
2009-05-09 11:56 473,600 -------- c:\windows\system32\dllcache\fastprox.dll
2009-05-09 11:56 401,408 -------- c:\windows\system32\dllcache\rpcss.dll
2009-05-09 11:56 227,840 -------- c:\windows\system32\dllcache\wmiprvse.exe
2009-05-09 11:56 110,592 -------- c:\windows\system32\dllcache\services.exe
2009-05-09 11:56 35,328 -------- c:\windows\system32\dllcache\sc.exe
2009-05-09 11:56 729,088 -------- c:\windows\system32\dllcache\lsasrv.dll
2009-05-09 11:56 453,120 -------- c:\windows\system32\dllcache\wmiprvsd.dll
2009-05-09 11:56 714,752 -------- c:\windows\system32\dllcache\ntdll.dll
2009-05-09 11:56 617,472 -------- c:\windows\system32\dllcache\advapi32.dll
2009-05-09 11:55 2,560 -------- c:\windows\system32\xpsp4res.dll
2009-05-09 11:55 1,203,922 -------- c:\windows\system32\dllcache\sysmain.sdb
2009-05-09 11:55 215,552 -------- c:\windows\system32\dllcache\wordpad.exe
2009-04-24 08:59 <DIR> --d----- C:\CHADD

==================== Find3M ====================

2009-05-12 21:53 88,983 a------- c:\windows\pchealth\helpctr\offlinecache\index.dat
2009-05-04 18:46 15,960 a--sh--- c:\windows\system32\KGyGaAvL.sys
2009-03-21 10:18 986,112 a------- c:\windows\system32\kernel32(2)(2).dll
2009-03-21 10:06 989,696 -------- c:\windows\system32\dllcache\kernel32.dll
2009-03-09 05:19 410,984 a------- c:\windows\system32\deploytk.dll
2009-03-08 14:09 638,816 a------- c:\windows\system32\dllcache\iexplore.exe
2009-03-08 14:09 391,536 a------- c:\windows\system32\dllcache\iedkcs32.dll
2009-03-08 04:41 5,937,152 a------- c:\windows\system32\dllcache\mshtml.dll
2009-03-08 04:39 11,063,808 a------- c:\windows\system32\dllcache\ieframe.dll
2009-03-08 04:34 914,944 a------- c:\windows\system32\wininet.dll
2009-03-08 04:34 914,944 a------- c:\windows\system32\dllcache\wininet.dll
2009-03-08 04:34 1,206,784 a------- c:\windows\system32\dllcache\urlmon.dll
2009-03-08 04:34 236,544 a------- c:\windows\system32\dllcache\webcheck.dll
2009-03-08 04:34 43,008 a------- c:\windows\system32\licmgr10.dll
2009-03-08 04:34 43,008 a------- c:\windows\system32\dllcache\licmgr10.dll
2009-03-08 04:34 105,984 a------- c:\windows\system32\dllcache\url.dll
2009-03-08 04:34 193,536 a------- c:\windows\system32\dllcache\msrating.dll
2009-03-08 04:34 109,568 a------- c:\windows\system32\dllcache\occache.dll
2009-03-08 04:33 759,296 a------- c:\windows\system32\dllcache\VGX.dll
2009-03-08 04:33 18,944 a------- c:\windows\system32\corpol.dll
2009-03-08 04:33 18,944 -------- c:\windows\system32\dllcache\corpol.dll
2009-03-08 04:33 25,600 a------- c:\windows\system32\dllcache\jsproxy.dll
2009-03-08 04:33 726,528 a------- c:\windows\system32\dllcache\jscript.dll
2009-03-08 04:33 229,376 a------- c:\windows\system32\dllcache\ieaksie.dll
2009-03-08 04:33 420,352 a------- c:\windows\system32\vbscript.dll
2009-03-08 04:33 420,352 a------- c:\windows\system32\dllcache\vbscript.dll
2009-03-08 04:33 125,952 a------- c:\windows\system32\dllcache\ieakeng.dll
2009-03-08 04:32 72,704 a------- c:\windows\system32\dllcache\admparse.dll
2009-03-08 04:32 72,704 a------- c:\windows\system32\admparse.dll
2009-03-08 04:32 173,056 a------- c:\windows\system32\dllcache\ie4uinit.exe
2009-03-08 04:32 163,840 a------- c:\windows\system32\dllcache\ieakui.dll
2009-03-08 04:32 71,680 a------- c:\windows\system32\iesetup.dll
2009-03-08 04:32 71,680 a------- c:\windows\system32\dllcache\iesetup.dll
2009-03-08 04:32 55,808 a------- c:\windows\system32\dllcache\iernonce.dll
2009-03-08 04:32 128,512 a------- c:\windows\system32\dllcache\advpack.dll
2009-03-08 04:32 94,720 a------- c:\windows\system32\dllcache\inseng.dll
2009-03-08 04:32 594,432 a------- c:\windows\system32\dllcache\msfeeds.dll
2009-03-08 04:32 1,985,024 a------- c:\windows\system32\dllcache\iertutil.dll
2009-03-08 04:32 611,840 a------- c:\windows\system32\dllcache\mstime.dll
2009-03-08 04:24 68,608 a------- c:\windows\system32\dllcache\hmmapi.dll
2009-03-08 04:22 156,160 a------- c:\windows\system32\msls31.dll
2009-03-08 04:22 156,160 a------- c:\windows\system32\dllcache\msls31.dll
2009-03-08 04:11 445,952 a------- c:\windows\system32\dllcache\ieapfltr.dll
2009-03-06 10:22 284,160 a------- c:\windows\system32\pdh.dll
2009-03-02 20:18 826,368 a------- c:\windows\system32\wininet(2)(2).dll
2009-02-20 14:09 1,160,192 a------- c:\windows\system32\urlmon(2)(2).dll
2009-02-20 14:09 105,984 a------- c:\windows\system32\url(2)(2).dll
2009-02-20 14:09 268,288 a------- c:\windows\system32\iertutil(2)(2).dll
2009-02-20 14:09 133,120 a------- c:\windows\system32\dllcache\extmgr.dll
2009-02-20 06:20 13,824 -------- c:\windows\system32\dllcache\ieudinit.exe
2009-02-19 00:27 84,496 a------- c:\windows\system32\KemXML.dll
2009-02-19 00:27 117,264 a------- c:\windows\system32\KemWnd.dll
2009-02-19 00:27 145,936 a------- c:\windows\system32\KemUtil.dll
2009-02-19 00:27 170,512 a------- c:\windows\system32\kemutb.dll
2009-02-19 00:26 301,656 a------- c:\windows\system32\BtCoreIf.dll
2009-02-03 00:53 832 a------- c:\docume~1\peterh~1\applic~1\wklnhst.dat
2007-09-04 23:51 0 a---h--- c:\docume~1\alluse~1\applic~1\gwseh.dat
2008-08-05 17:04 32,768 a--sh--- c:\windows\system32\config\systemprofile\local settings\history\history.ie5\mshist012008080520080806\index.dat

============= FINISH: 21:00:11.48 ===============

Attached Files

Attach.zip 5.15KB 0 downloads

BC AdBot (Login to Remove)

BleepingComputer.com
Register to remove ads

#2 Orange Blossom

OBleepin Investigator

Moderator
37,111 posts
OFFLINE

Gender:Not Telling
Location:Bloomington, IN
Local time:04:49 AM

Posted 30 May 2009 - 01:18 PM

Hello and welcome to Bleeping Computer

We apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help.

If you have since resolved the original problem you were having, we would appreciate you letting us know. If not please perform the following steps below so we can have a look at the current condition of your machine.

If you have not done so, include a clear description of the problems you're having, along with any steps you may have performed so far.

Upon completing the steps below another staff member will review and take the steps necessary with you to get your machine back in working order clean and free of malware.

If you have already posted a DDS log, please do so again, as your situation may have changed.
Use the 'Add Reply' and add the new log to this thread.

Thanks and again sorry for the delay.

We need to see some information about what is happening in your machine. Please perform the following scan:

Download DDS by sUBs from one of the following links. Save it to your desktop.
- DDS.scr
- DDS.pif
Double click on the DDS icon, allow it to run.
A small box will open, with an explanation about the tool. No input is needed, the scan is running.
Notepad will open with the results, click no to the Optional_Scan
Follow the instructions that pop up for posting the results.
Close the program window, and delete the program from your desktop.

Please note: You may have to disable any script protection running if the scan fails to run. After downloading the tool, disconnect from the internet and disable all antivirus protection. Run the scan, enable your A/V and reconnect to the internet. You can find information on A/V control HERE

Orange Blossom :thumbup2:

Help us help you. If HelpBot replies, you MUST follow step 1 in its reply so we know you need help.

Orange Blossom

An ounce of prevention is worth a pound of cure

SpywareBlaster, WinPatrol Plus, ESET Internet Security, NoScript Firefox ext.

#3 prh129

Topic Starter

Members
11 posts
OFFLINE

Local time:05:49 AM

Posted 03 June 2009 - 09:31 AM

Yes I am still having problems so I will generate the logs you requested and post them this evening.

This is the background info: the computer began crashing with the blue screen STOP 0x000000C5 code a few weeks ago. McAfee began to report it was not protecting the PC.
I installed SuperAntiSpyware and AntiMalware which found some infected files and cleaned them. I removed and reinstalled McAfee and got that back up and running and got my windows firewall on which had been turned off. Antimalware scans were running clean and the PC was not blue screen crashing but the PC would just hang at various times - the mouse pointer moved but that was about it. If I brought up the task manager, it showed the CPU usage at 0.
I started Antimalware this morning and it found some infected files but I had to leave before it finished so I will update later.

#4 prh129

Topic Starter

Members
11 posts
OFFLINE

Local time:05:49 AM

Posted 03 June 2009 - 08:35 PM

AntiMalware had detcted 3 infected files this morning but it looks like the scan never finished as I don't see a log from it. Someone probably restarted the compter so I don't know what happened. I ran a new AntiMalware scan when I got home and it found nothing.

The problem with the computer is that it hangs up where the mouse pointer moves but programs do not respond and/or I get a blue screen crash usually with a STOP 0x000000C5 code.

I ran the DDS scan as you requested and the results are below. Thanks in advance for your help.

DDS (Ver_09-05-14.01) - NTFSx86
Run by Peter H at 21:13:37.78 on Wed 06/03/2009
Internet Explorer: 8.0.6001.18702 BrowserJavaVersion: 1.6.0_13
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.1022.516 [GMT -4:00]

AV: McAfee VirusScan *On-access scanning disabled* (Updated) {84B5EE75-6421-4CDE-A33A-DD43BA9FAD83}
FW: McAfee Personal Firewall *enabled* {94894B63-8C7F-4050-BDA4-813CA00DA3E8}

============== Running Processes ===============

C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
svchost.exe
svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\ehome\ehtray.exe
C:\Program Files\Roxio\Drag-to-Disc\DrgToDsc.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\Program Files\McAfee.com\Agent\mcagent.exe
C:\Program Files\Adobe\Photoshop Elements 6.0\apdproxy.exe
svchost.exe
C:\WINDOWS\stsystra.exe
C:\Program Files\Intel\Intel Matrix Storage Manager\Iaanotif.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Common Files\InstallShield\UpdateService\isuspm.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\Adobe\Photoshop Elements 6.0\PhotoshopElementsFileAgent.exe
C:\WINDOWS\eHome\ehRecvr.exe
C:\Program Files\Logitech\SetPoint\SetPoint.exe
C:\WINDOWS\eHome\ehSched.exe
C:\Program Files\Intel\Intel Matrix Storage Manager\Iaantmon.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
c:\PROGRA~1\COMMON~1\mcafee\mna\mcnasvc.exe
C:\Program Files\Common Files\Logishrd\KHAL2\KHALMNPR.EXE
c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe
C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe
C:\Program Files\McAfee\MPF\MPFSrv.exe
svchost.exe
C:\WINDOWS\system32\svchost.exe -k imgsvc
C:\Program Files\Intel\IntelDH\Intel® Quick Resume Technology\ELService.exe
C:\Program Files\Canon\CAL\CALMAIN.exe
C:\WINDOWS\system32\dllhost.exe
C:\WINDOWS\eHome\ehmsas.exe
C:\WINDOWS\System32\svchost.exe -k HTTPFilter
C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe
c:\PROGRA~1\mcafee\msc\mcshell.exe
c:\PROGRA~1\mcafee\msc\mcuimgr.exe
c:\PROGRA~1\mcafee.com\agent\mcupdate.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Documents and Settings\Peter H\Desktop\dds.scr

============== Pseudo HJT Report ===============

uStart Page = hxxp://www.google.com/ig/dell?hl=en&client=dell-usuk-rel&channel=us&ibd=1070904
uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8
uInternet Connection Wizard,ShellNext = hxxp://www.google.com/ig/dell?hl=en&client=dell-usuk-rel&channel=us&ibd=1070904
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
BHO: Adobe PDF Reader Link Helper: {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelper.dll
BHO: Spybot-S&D IE Protection: {53707962-6f74-2d53-2644-206d7942484f} - c:\progra~1\spybot~1\SDHelper.dll
BHO: scriptproxy: {7db2d5a0-7241-4e79-b68d-6309f01c5231} - c:\program files\mcafee\virusscan\scriptsn.dll
BHO: CBrowserHelperObject Object: {ca6319c0-31b7-401e-a518-a07c3db8f777} - c:\program files\bae\BAE.dll
BHO: Java™ Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
EB: Real.com: {fe54fa40-d68c-11d2-98fa-00c0f0318afe} - c:\windows\system32\Shdocvw.dll
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
uRun: [EPSON Stylus Photo R380 Series] c:\windows\system32\spool\drivers\w32x86\3\e_fatiboa.exe /fu "c:\windows\temp\E_S247.tmp" /EF "HKCU"
uRun: [ISUSPM] "c:\program files\common files\installshield\updateservice\isuspm.exe" -scheduler
uRun: [MSMSGS] "c:\program files\messenger\msmsgs.exe" /background
mRun: [ehTray] c:\windows\ehome\ehtray.exe
mRun: [ATIPTA] "c:\program files\ati technologies\ati control panel\atiptaxx.exe"
mRun: [ISUSPM Startup] "c:\program files\common files\installshield\updateservice\isuspm.exe" -startup
mRun: [ISUSScheduler] "c:\program files\common files\installshield\updateservice\issch.exe" -start
mRun: [RoxioDragToDisc] "c:\program files\roxio\drag-to-disc\DrgToDsc.exe"
mRun: [Kernel and Hardware Abstraction Layer] KHALMNPR.EXE
mRun: [SunJavaUpdateSched] "c:\program files\java\jre6\bin\jusched.exe"
mRun: [mcagent_exe] c:\program files\mcafee.com\agent\mcagent.exe /runkey
mRun: [dellsupportcenter] "c:\program files\dell support center\bin\sprtcmd.exe" /P dellsupportcenter
mRun: [QuickTime Task] "c:\program files\quicktime\qttask.exe" -atboottime
mRun: [Adobe Photo Downloader] "c:\program files\adobe\photoshop elements 6.0\apdproxy.exe"
mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 8.0\reader\Reader_sl.exe"
mRun: [ATICCC] "c:\program files\ati technologies\ati.ace\CLIStart.exe"
mRun: [SigmatelSysTrayApp] stsystra.exe
mRun: [IAAnotif] c:\program files\intel\intel matrix storage manager\Iaanotif.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\logite~1.lnk - c:\program files\logitech\setpoint\SetPoint.exe
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
IE: {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - {FE54FA40-D68C-11d2-98FA-00C0F0318AFE} - c:\windows\system32\Shdocvw.dll
IE: {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - {53707962-6F74-2D53-2644-206D7942484F} - c:\progra~1\spybot~1\SDHelper.dll
Trusted Zone: musicmatch.com\online
DPF: {17492023-C23A-453E-A040-C7C580BBF700} - hxxp://download.microsoft.com/download/C/0/C/C0CBBA88-A6F2-48D9-9B0E-1719D1177202/LegitCheckControl.cab
DPF: {5ED80217-570B-4DA9-BF44-BE107C0EC166} - hxxp://cdn.scan.onecare.live.com/resource/download/scanner/wlscbase5483.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_13-windows-i586.cab
DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} - hxxp://fpdownload.macromedia.com/get/flashplayer/current/ultrashim.cab
DPF: {CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_13-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_13-windows-i586.cab
DPF: {CF40ACC5-E1BB-4AFF-AC72-04C2F616BCA7} - hxxp://www.adobe.com/products/acrobat/nos/gp.cab
DPF: {FFBB3F3B-0A5A-4106-BE53-DFE1E2340CB1} - hxxp://dlm.tools.akamai.com/dlmanager/versions/activex/dlm-activex-2.2.2.1.cab
Notify: !SASWinLogon - c:\program files\superantispyware\SASWINLO.dll
Notify: LBTWlgn - c:\program files\common files\logishrd\bluetooth\LBTWlgn.dll
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll
SEH: {5AE067D3-9AFB-48E0-853A-EBB7F4A000DA} - No File
LSA: Notification Packages = scecli

================= FIREFOX ===================

FF - ProfilePath - c:\docume~1\peterh~1\applic~1\mozilla\firefox\profiles\13w6tz3f.default\
FF - plugin: c:\program files\viewpoint\viewpoint experience technology\npViewpoint.dll

============= SERVICES / DRIVERS ===============

R1 mfehidk;McAfee Inc. mfehidk;c:\windows\system32\drivers\mfehidk.sys [2009-5-14 201320]
R1 SASDIFSV;SASDIFSV;c:\program files\superantispyware\sasdifsv.sys [2009-4-28 9968]
R1 SASKUTIL;SASKUTIL;c:\program files\superantispyware\SASKUTIL.SYS [2009-4-28 72944]
R2 AdobeActiveFileMonitor6.0;Adobe Active File Monitor V6;c:\program files\adobe\photoshop elements 6.0\PhotoshopElementsFileAgent.exe [2007-9-11 124832]
R2 LBeepKE;LBeepKE;c:\windows\system32\drivers\LBeepKE.sys [2009-2-27 10384]
R2 McProxy;McAfee Proxy Service;c:\progra~1\common~1\mcafee\mcproxy\mcproxy.exe [2009-5-14 359248]
R2 McrdSvc;Media Center Extender Service;c:\windows\ehome\mcrdsvc.exe [2005-8-5 99328]
R2 McShield;McAfee Real-time Scanner;c:\progra~1\mcafee\viruss~1\mcshield.exe [2009-5-14 144704]
R3 BENDER;Pinnacle DV/AV Capture;c:\windows\system32\drivers\bender.sys [2008-12-20 203264]
R3 McSysmon;McAfee SystemGuards;c:\progra~1\mcafee\viruss~1\mcsysmon.exe [2009-5-14 695624]
R3 mfeavfk;McAfee Inc. mfeavfk;c:\windows\system32\drivers\mfeavfk.sys [2009-5-14 79304]
R3 mfebopk;McAfee Inc. mfebopk;c:\windows\system32\drivers\mfebopk.sys [2009-5-14 35240]
R3 mfesmfk;McAfee Inc. mfesmfk;c:\windows\system32\drivers\mfesmfk.sys [2009-5-14 40488]
S3 HIYT;HIYT;c:\docume~1\peterh~1\locals~1\temp\HIYT.exe [2009-6-3 375680]
S3 LPMN;LPMN;c:\docume~1\peterh~1\locals~1\temp\LPMN.exe [2009-6-3 420736]
S3 mferkdk;McAfee Inc. mferkdk;c:\windows\system32\drivers\mferkdk.sys [2009-5-14 33832]
S3 SASENUM;SASENUM;c:\program files\superantispyware\SASENUM.SYS [2009-4-28 7408]

=============== Created Last 30 ================

2009-06-02 21:48 0 a------- c:\windows\exctrlst.INI
2009-05-29 18:59 4,255 -------- c:\windows\system32\drivers\adv01nt5.dll
2009-05-29 18:57 19,569 a------- c:\windows\000001_.tmp
2009-05-29 12:36 5 a------- c:\windows\system32\drivers\DELL_XPS_Dell DXP051 .MRK
2009-05-29 12:36 5 a------- c:\windows\system32\drivers\1028_DELL_XPS_Dell DXP051 .MRK
2009-05-29 12:09 <DIR> --d----- C:\dell_update
2009-05-29 11:23 <DIR> -cd-h--- c:\docume~1\alluse~1\applic~1\{5A76C6B3-3FA8-46D0-AA81-62C3805E38BC}
2009-05-29 08:48 54,156 a---h--- c:\windows\QTFont.qfn
2009-05-29 08:48 1,409 a------- c:\windows\QTFont.for
2009-05-29 07:47 <DIR> --d----- c:\docume~1\peterh~1\applic~1\System Tweaker
2009-05-29 01:07 520,192 -------- c:\windows\system32\ati2sgag.exe
2009-05-29 01:06 3,107,788 a------- c:\windows\system32\ativvaxx.dat
2009-05-29 01:06 3,107,788 a------- c:\windows\system32\ativva5x.dat
2009-05-29 01:06 972,072 a------- c:\windows\system32\ativva6x.dat
2009-05-29 01:06 2,096 a------- c:\windows\system32\drivers\ativdkxx.vp
2009-05-29 01:06 8,097,792 a------- c:\windows\system32\atioglx2.dll
2009-05-29 01:06 50,176 a------- c:\windows\system32\atiok3x2.dll
2009-05-29 01:06 11,557 a------- c:\windows\atiogl.xml
2009-05-29 01:06 339,968 a------- c:\windows\system32\ATIDEMGX.dll
2009-05-29 00:34 <DIR> --d----- c:\program files\Uniblue
2009-05-29 00:05 <DIR> --d----- c:\docume~1\peterh~1\applic~1\Uniblue
2009-05-29 00:05 <DIR> --d----- c:\docume~1\alluse~1\applic~1\DriverScanner
2009-05-27 15:21 221,184 a------- c:\windows\system32\dllcache\wmpns.dll
2009-05-27 15:08 226,816 a------- c:\windows\system32\dllcache\npdrmv2.dll
2009-05-27 14:52 364,544 a------- c:\windows\system32\dllcache\npdsplay.dll
2009-05-27 14:52 10,240 a------- c:\windows\system32\dllcache\npwmsdrm.dll
2009-05-27 14:52 4,639 a------- c:\windows\system32\dllcache\mplayer2.exe
2009-05-27 10:47 2,903,310,336 a------- C:\WinLite.iso
2009-05-27 08:56 <DIR> --d----- c:\program files\nLite
2009-05-26 09:09 <DIR> --d----- c:\temp\ap
2009-05-24 09:24 198,144 a------- c:\windows\system32\dllcache\OLD9C5.tmp
2009-05-24 09:24 123,776 a------- c:\windows\system32\dllcache\OLD9C1.tmp
2009-05-22 23:42 <DIR> --d----- C:\XP
2009-05-22 23:19 <DIR> --d----- C:\SP3
2009-05-22 21:49 116,224 a------- c:\windows\system32\dllcache\xrxwiadr.dll
2009-05-22 21:49 23,040 a------- c:\windows\system32\dllcache\xrxwbtmp.dll
2009-05-22 21:49 18,944 a------- c:\windows\system32\dllcache\xrxscnui.dll
2009-05-22 21:49 27,648 a------- c:\windows\system32\dllcache\xrxftplt.exe
2009-05-22 21:49 4,608 a------- c:\windows\system32\dllcache\xrxflnch.exe
2009-05-22 21:48 99,865 a------- c:\windows\system32\dllcache\xlog.exe
2009-05-22 21:48 28,288 a------- c:\windows\system32\dllcache\xjis.nls
2009-05-22 21:48 16,970 a------- c:\windows\system32\dllcache\xem336n5.sys
2009-05-22 21:48 19,455 a------- c:\windows\system32\dllcache\wvchntxx.sys
2009-05-22 21:48 12,063 a------- c:\windows\system32\dllcache\wsiintxx.sys
2009-05-22 21:48 8,192 a------- c:\windows\system32\dllcache\wshirda.dll
2009-05-22 21:45 8,832 a------- c:\windows\system32\dllcache\wmiacpi.sys
2009-05-22 21:45 154,624 a------- c:\windows\system32\dllcache\wlluc48.sys
2009-05-22 21:45 34,890 a------- c:\windows\system32\dllcache\wlandrv2.sys
2009-05-22 21:45 771,581 a------- c:\windows\system32\dllcache\winacisa.sys
2009-05-22 21:45 53,760 a------- c:\windows\system32\dllcache\wiamsmud.dll
2009-05-22 21:45 87,040 a------- c:\windows\system32\dllcache\wiafbdrv.dll
2009-05-22 21:45 41,600 a------- c:\windows\system32\dllcache\weitekp9.dll
2009-05-22 21:45 31,232 a------- c:\windows\system32\dllcache\weitekp9.sys
2009-05-22 21:45 701,386 a------- c:\windows\system32\dllcache\wdhaalba.sys
2009-05-22 21:45 23,615 a------- c:\windows\system32\dllcache\wch7xxnt.sys
2009-05-22 21:45 31,744 a------- c:\windows\system32\dllcache\wceusbsh.sys
2009-05-22 21:43 7,556 a------- c:\windows\system32\dllcache\usroslba.sys
2009-05-22 21:42 211,968 a------- c:\windows\system32\dllcache\um54scan.dll
2009-05-22 21:41 123,995 a------- c:\windows\system32\dllcache\tjisdn.sys
2009-05-22 21:40 53,760 a------- c:\windows\system32\dllcache\sw_wheel.dll
2009-05-22 21:39 9,600 a------- c:\windows\system32\dllcache\sonymc.sys
2009-05-22 21:38 94,698 a------- c:\windows\system32\dllcache\sk98xwin.sys
2009-05-22 21:37 6,912 a------- c:\windows\system32\dllcache\seaddsmc.sys
2009-05-22 21:36 182,272 a------- c:\windows\system32\dllcache\s3mt3d.dll
2009-05-22 21:35 899,146 a------- c:\windows\system32\dllcache\r2mdkxga.sys
2009-05-22 21:34 92,416 a------- c:\windows\system32\dllcache\phildec.sys
2009-05-22 21:33 351,616 a------- c:\windows\system32\dllcache\ovcodek2.sys
2009-05-22 21:31 87,040 a------- c:\windows\system32\dllcache\nm6wdm.sys
2009-05-22 21:31 126,080 a------- c:\windows\system32\dllcache\nm5a2wdm.sys
2009-05-22 21:31 32,840 a------- c:\windows\system32\dllcache\ngrpci.sys
2009-05-22 21:31 53,248 a------- c:\windows\system32\dllcache\nextlink.dll
2009-05-22 21:31 132,695 a------- c:\windows\system32\dllcache\netwlan5.sys
2009-05-22 21:31 65,278 a------- c:\windows\system32\dllcache\netflx3.sys
2009-05-22 21:31 39,264 a------- c:\windows\system32\dllcache\neo20xx.sys
2009-05-22 21:31 60,480 a------- c:\windows\system32\dllcache\neo20xx.dll
2009-05-22 21:31 15,872 a------- c:\windows\system32\dllcache\ne2000.sys
2009-05-22 21:31 91,488 a------- c:\windows\system32\dllcache\n9i3disp.dll
2009-05-22 21:31 27,936 a------- c:\windows\system32\dllcache\n9i3d.sys
2009-05-22 21:31 33,088 a------- c:\windows\system32\dllcache\n9i128v2.sys
2009-05-22 21:31 59,104 a------- c:\windows\system32\dllcache\n9i128v2.dll
2009-05-22 21:29 15,232 a------- c:\windows\system32\dllcache\mpe.sys
2009-05-22 21:28 576,746 a------- c:\windows\system32\dllcache\ltmdmntl.sys
2009-05-22 21:27 6,144 a------- c:\windows\system32\dllcache\kbd106.dll
2009-05-22 21:26 100,992 a------- c:\windows\system32\dllcache\icam5usb.sys
2009-05-22 21:25 542,879 a------- c:\windows\system32\dllcache\hsf_msft.sys
2009-05-22 21:24 119,296 a------- c:\windows\system32\dllcache\hpdigwia.dll
2009-05-22 21:23 22,090 a------- c:\windows\system32\dllcache\fem556n5.sys
2009-05-22 21:22 283,904 a------- c:\windows\system32\dllcache\emu10k1m.sys
2009-05-22 21:21 236,060 a------- c:\windows\system32\dllcache\ditrace.exe
2009-05-22 21:20 72,832 a------- c:\windows\system32\dllcache\cwbwdm.sys
2009-05-22 21:19 314,752 a------- c:\windows\system32\dllcache\camdro21.sys
2009-05-22 21:18 17,152 a------- c:\windows\system32\dllcache\atitvsnd.sys
2009-05-22 20:45 6,144 a------- c:\windows\system32\dllcache\kbdth3.dll
2009-05-22 20:44 <DIR> --d----- C:\old
2009-05-21 09:09 7,168 a------- c:\windows\system32\dllcache\wamregps.dll
2009-05-21 09:09 66,048 a------- c:\windows\system32\dllcache\s3legacy.dll
2009-05-21 09:09 19,968 a------- c:\windows\system32\dllcache\inetsloc.dll
2009-05-21 09:09 7,680 a------- c:\windows\system32\dllcache\inetmgr.exe
2009-05-21 09:09 169,984 a------- c:\windows\system32\dllcache\iisui.dll
2009-05-21 09:09 14,336 a------- c:\windows\system32\dllcache\iisreset.exe
2009-05-21 09:09 5,632 a------- c:\windows\system32\dllcache\iisrstap.dll
2009-05-21 09:09 6,144 a------- c:\windows\system32\dllcache\ftpsapi2.dll
2009-05-21 09:09 94,720 a------- c:\windows\system32\dllcache\certmap.ocx
2009-05-19 00:08 <DIR> --d----- c:\windows\system32\wbem\Repository
2009-05-14 23:46 <DIR> --d----- c:\program files\common files\AnswerWorks 5.0
2009-05-14 23:45 3,523,872 a------- c:\windows\system32\cdintf300.dll
2009-05-14 23:45 1,848,608 a------- c:\windows\system32\acXMLParser.dll
2009-05-14 23:44 <DIR> --d----- c:\program files\Quicken
2009-05-14 23:26 67,536 a------- C:\MGlogs.zip
2009-05-14 21:52 11,241 a------- c:\windows\system32\Config.MPF
2009-05-14 21:52 143,360 a------- c:\windows\system32\dunzip32.dll
2009-05-14 21:50 33,832 a------- c:\windows\system32\drivers\mferkdk.sys
2009-05-14 21:50 201,320 a------- c:\windows\system32\drivers\mfehidk.sys
2009-05-14 21:50 79,304 a------- c:\windows\system32\drivers\mfeavfk.sys
2009-05-14 21:50 40,488 a------- c:\windows\system32\drivers\mfesmfk.sys
2009-05-14 21:50 35,240 a------- c:\windows\system32\drivers\mfebopk.sys
2009-05-14 21:49 113,952 a------- c:\windows\system32\drivers\Mpfp.sys
2009-05-14 21:49 <DIR> --d----- c:\program files\McAfee.com
2009-05-14 21:49 <DIR> --d----- c:\program files\common files\McAfee
2009-05-14 21:49 <DIR> --d----- c:\program files\McAfee
2009-05-14 21:24 <DIR> --d----- c:\windows\pss
2009-05-14 08:59 110,908 a------- C:\MGlogs1.zip
2009-05-14 08:47 <DIR> a-dshr-- C:\cmdcons
2009-05-14 08:16 161,792 a------- c:\windows\SWREG.exe
2009-05-14 08:16 98,816 a------- c:\windows\sed.exe
2009-05-14 00:21 <DIR> --d----- c:\docume~1\peterh~1\applic~1\Malwarebytes
2009-05-14 00:21 15,504 a------- c:\windows\system32\drivers\mbam.sys
2009-05-14 00:21 38,496 a------- c:\windows\system32\drivers\mbamswissarmy.sys
2009-05-14 00:21 <DIR> --d----- c:\docume~1\alluse~1\applic~1\Malwarebytes
2009-05-14 00:21 <DIR> --d----- c:\program files\Malwarebytes' Anti-Malware
2009-05-13 22:02 <DIR> --d----- c:\docume~1\alluse~1\applic~1\SUPERAntiSpyware.com
2009-05-13 22:02 <DIR> --d----- c:\program files\SUPERAntiSpyware
2009-05-13 22:02 <DIR> --d----- c:\docume~1\peterh~1\applic~1\SUPERAntiSpyware.com
2009-05-13 22:02 <DIR> --d----- c:\program files\common files\Wise Installation Wizard
2009-05-12 23:42 <DIR> --dsh--- c:\documents and settings\peter H\PrivacIE
2009-05-12 23:04 <DIR> --dsh--- c:\documents and settings\peter H\IETldCache
2009-05-12 22:53 <DIR> --d----- c:\windows\ie8updates
2009-05-12 22:53 102,400 -------- c:\windows\system32\dllcache\iecompat.dll
2009-05-12 22:52 <DIR> -cd-h--- c:\windows\ie8
2009-05-12 21:40 <DIR> --d----- c:\windows\ServicePackFiles
2009-05-12 21:31 24,576 a------- c:\windows\system32\SET1371.tmp
2009-05-12 21:31 177,152 a------- c:\windows\system32\SET1412.tmp
2009-05-12 21:31 351,232 a------- c:\windows\system32\SET159D.tmp
2009-05-12 21:31 75,776 a------- c:\windows\system32\SET1548.tmp
2009-05-12 21:31 15,872 a------- c:\windows\system32\SET158B.tmp
2009-05-12 21:31 438,784 a------- c:\windows\system32\SET15D6.tmp
2009-05-12 21:31 81,408 a------- c:\windows\system32\SET15BC.tmp
2009-05-12 21:31 6,656 a------- c:\windows\system32\SET15CC.tmp
2009-05-12 21:29 194,048 a------- c:\windows\system32\SET1260.tmp
2009-05-12 21:28 59,904 a------- c:\windows\system32\SET14DD.tmp
2009-05-11 21:13 <DIR> --d----- c:\program files\McAfee(2).com
2009-05-11 21:13 <DIR> --d----- c:\program files\common files\McAfee(2)
2009-05-11 21:13 <DIR> --d----- c:\program files\McAfee(2)
2009-05-10 22:39 <DIR> --d----- C:\q_back
2009-05-10 21:03 <DIR> --d----- c:\program files\Resource Kit
2009-05-10 20:32 4,720 a------- c:\windows\system32\PerfStringBackup.TMP
2009-05-09 11:55 2,560 -------- c:\windows\system32\xpsp4res.dll

==================== Find3M ====================

2009-06-02 08:40 15,960 a--sh--- c:\windows\system32\KGyGaAvL.sys
2009-05-29 10:43 88,983 a------- c:\windows\pchealth\helpctr\offlinecache\index.dat
2009-03-21 10:18 986,112 a------- c:\windows\system32\kernel32(2)(2).dll
2009-03-21 10:06 989,696 a------- c:\windows\system32\dllcache\kernel32.dll
2009-03-09 05:19 410,984 a------- c:\windows\system32\deploytk.dll
2009-03-08 14:09 638,816 a------- c:\windows\system32\dllcache\iexplore.exe
2009-03-08 14:09 391,536 a------- c:\windows\system32\dllcache\iedkcs32.dll
2009-03-08 04:41 5,937,152 a------- c:\windows\system32\dllcache\mshtml.dll
2009-03-08 04:39 11,063,808 a------- c:\windows\system32\dllcache\ieframe.dll
2009-03-08 04:34 914,944 a------- c:\windows\system32\wininet.dll
2009-03-08 04:34 914,944 a------- c:\windows\system32\dllcache\wininet.dll
2009-03-08 04:34 1,206,784 a------- c:\windows\system32\dllcache\urlmon.dll
2009-03-08 04:34 236,544 a------- c:\windows\system32\dllcache\webcheck.dll
2009-03-08 04:34 43,008 a------- c:\windows\system32\licmgr10.dll
2009-03-08 04:34 43,008 a------- c:\windows\system32\dllcache\licmgr10.dll
2009-03-08 04:34 105,984 a------- c:\windows\system32\dllcache\url.dll
2009-03-08 04:34 193,536 a------- c:\windows\system32\dllcache\msrating.dll
2009-03-08 04:34 109,568 a------- c:\windows\system32\dllcache\occache.dll
2009-03-08 04:33 759,296 a------- c:\windows\system32\dllcache\vgx.dll
2009-03-08 04:33 25,600 a------- c:\windows\system32\dllcache\jsproxy.dll
2009-03-08 04:33 229,376 a------- c:\windows\system32\dllcache\ieaksie.dll
2009-03-08 04:33 420,352 -------- c:\windows\system32\vbscript.dll
2009-03-08 04:33 125,952 a------- c:\windows\system32\dllcache\ieakeng.dll
2009-03-08 04:32 72,704 a------- c:\windows\system32\dllcache\admparse.dll
2009-03-08 04:32 72,704 a------- c:\windows\system32\admparse.dll
2009-03-08 04:32 173,056 a------- c:\windows\system32\dllcache\ie4uinit.exe
2009-03-08 04:32 163,840 a------- c:\windows\system32\dllcache\ieakui.dll
2009-03-08 04:32 71,680 a------- c:\windows\system32\iesetup.dll
2009-03-08 04:32 71,680 a------- c:\windows\system32\dllcache\iesetup.dll
2009-03-08 04:32 55,808 a------- c:\windows\system32\dllcache\iernonce.dll
2009-03-08 04:32 128,512 a------- c:\windows\system32\dllcache\advpack.dll
2009-03-08 04:32 94,720 a------- c:\windows\system32\dllcache\inseng.dll
2009-03-08 04:32 594,432 a------- c:\windows\system32\dllcache\msfeeds.dll
2009-03-08 04:32 1,985,024 a------- c:\windows\system32\dllcache\iertutil.dll
2009-03-08 04:32 611,840 a------- c:\windows\system32\dllcache\mstime.dll
2009-03-08 04:24 68,608 a------- c:\windows\system32\dllcache\hmmapi.dll
2009-03-08 04:22 156,160 a------- c:\windows\system32\msls31.dll
2009-03-08 04:22 156,160 a------- c:\windows\system32\dllcache\msls31.dll
2009-03-08 04:11 445,952 a------- c:\windows\system32\dllcache\ieapfltr.dll
2009-03-06 10:22 284,160 a------- c:\windows\system32\dllcache\pdh.dll
2009-03-06 10:22 284,160 -------- c:\windows\system32\pdh.dll
2009-02-03 00:53 832 a------- c:\docume~1\peterh~1\applic~1\wklnhst.dat
2007-09-04 23:51 0 a---h--- c:\docume~1\alluse~1\applic~1\gwseh.dat
2008-08-05 17:04 32,768 a--sh--- c:\windows\system32\config\systemprofile\local settings\history\history.ie5\mshist012008080520080806\index.dat

============= FINISH: 21:14:03.18 ===============

Attached Files

Attach.zip 6.23KB 1 downloads

#5 m0le

Can U Dig It?

Malware Response Team
34,527 posts
OFFLINE

Gender:Male
Location:London, UK
Local time:09:49 AM

Posted 04 June 2009 - 12:33 PM

Hi prh129,

Welcome to Bleeping Computer. My name is m0le and I will be helping you with your log.

Please subscribe to this topic, if you haven't already.
Please avoid installing/uninstalling or updating any programs and attempting any unsupervised fixes or scans. This can make helping you impossible.
Please reply to this post so I know you are there.

The forum is busy and we need to have replies as soon as possible. If I haven't had a reply after 3 days I will bump the topic and if you do not reply by the following day then I will close the topic.

Thanks :thumbup2:

Now, to the problem. You certainly have some malware in the logs so let's first run two more scanners to see what else may be hiding.

We need to scan for Rootkits with GMER

Please download GMER from one of the following locations, and save it to your desktop:
- Main Mirror
  This version will download a randomly named file (Recommended)
- Zip Mirror
  This version will download a zip file you will need to extract first. If you use this mirror, please extract the zip file to your desktop.
Close any and all open programs, as this process may crash your computer.
Double click or on your desktop.
Allow the gmer.sys driver to load if asked.
You may see this window. If you do, click No.
Click on and wait for the scan to finish.
If you see a rootkit warning window, click OK.
Push and save the logfile to your desktop.
Copy and Paste the contents of that file in your next post.

Then

Download and Run OTViewit

Please download OTViewIt by OldTimer.
Save it to your desktop.
Double click on the icon on your desktop.
Click the "Scan All Users" checkbox.
Push the button.
Two reports will open, copy and paste them in a reply here:
OTViewIt.txt <-- Will be opened
Extra.txt <-- Will be minimized

m0le is a proud member of UNITE

#6 prh129

Topic Starter

Members
11 posts
OFFLINE

Local time:05:49 AM

Posted 04 June 2009 - 10:51 PM

Hello m0le,

I am here. I have subscribed to this topic as you asked. I downloaded the GMER file and it did crash my PC. Is it OK to run the scan in safe mode? Thanks for your help.

Peter

#7 m0le

Can U Dig It?

Malware Response Team
34,527 posts
OFFLINE

Gender:Male
Location:London, UK
Local time:09:49 AM

Posted 05 June 2009 - 03:10 AM

Let's try another rootkit scanner

Please download Rooter.exe and save it to your desktop

Double-click it to start the tool. If you are using Vista, please right-click and choose Run As Administrator...
Alow it to run when you get a Security Warning
A black Command Windows will open saying: "Please Wait..."
It will now begin to scan, please be paitent. The scan should not take more than 2 minutes
A Notepad file containing the report will open soon. It can also be found at %systemdrive%\Rooter.txt
Please post the contents of that log in your next reply

Then please run the OTViewIt instructions as posted previously.

m0le is a proud member of UNITE

#8 prh129

Topic Starter

Members
11 posts
OFFLINE

Local time:05:49 AM

Posted 05 June 2009 - 08:08 AM

Here is the report from rooter.exe. When I run OTViewIt I get an Access Violation dialog box at 7C9249CB in module ntdll.dll. Read of address 0000000C. I click OK and the scan still says Scanning Application Event Logs but after 20 minutes it looks like there is no activity. Is the scan still running and should I keep waiting?

Microsoft Windows XP Professional (5.1.2600) Service Pack 3

A:\ [Removable] (Total:0 Mo/Free:0 Mo)
C:\ [Fixed] - NTFS - (Total:147769 Mo/Free:2930 Mo)
D:\ [CD-Rom] (Total:0 Mo/Free:0 Mo)
E:\ [CD-Rom] (Total:0 Mo/Free:0 Mo)
F:\ [Fixed] - NTFS - (Total:305242 Mo/Free:812 Mo)
G:\ [Removable] (Total:0 Mo/Free:0 Mo)
H:\ [Removable] (Total:0 Mo/Free:0 Mo)
I:\ [Removable] (Total:0 Mo/Free:0 Mo)
J:\ [Removable] (Total:0 Mo/Free:0 Mo)

Fri 06/05/2009| 8:05

----------------------\\ Processes..

--Locked-- [System Process]
---------- System
---------- \SystemRoot\System32\smss.exe
---------- \??\C:\WINDOWS\system32\csrss.exe
---------- \??\C:\WINDOWS\system32\winlogon.exe
---------- C:\WINDOWS\system32\services.exe
---------- C:\WINDOWS\system32\lsass.exe
---------- C:\WINDOWS\system32\Ati2evxx.exe
---------- C:\WINDOWS\system32\svchost.exe
---------- C:\WINDOWS\system32\svchost.exe
---------- C:\WINDOWS\System32\svchost.exe
---------- C:\WINDOWS\system32\svchost.exe
---------- C:\WINDOWS\system32\svchost.exe
---------- C:\WINDOWS\system32\spoolsv.exe
---------- C:\WINDOWS\Explorer.EXE
---------- C:\WINDOWS\system32\svchost.exe
---------- C:\Program Files\Adobe\Photoshop Elements 6.0\PhotoshopElementsFileAgent.exe
---------- C:\WINDOWS\eHome\ehRecvr.exe
---------- C:\WINDOWS\eHome\ehSched.exe
---------- C:\Program Files\Intel\Intel Matrix Storage Manager\Iaantmon.exe
---------- C:\Program Files\Java\jre6\bin\jqs.exe
---------- C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
---------- C:\WINDOWS\ehome\ehtray.exe
---------- c:\PROGRA~1\COMMON~1\mcafee\mna\mcnasvc.exe
---------- c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe
---------- C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe
---------- C:\Program Files\Roxio\Drag-to-Disc\DrgToDsc.exe
---------- C:\Program Files\Java\jre6\bin\jusched.exe
---------- C:\Program Files\McAfee.com\Agent\mcagent.exe
---------- C:\Program Files\Dell Support Center\bin\sprtcmd.exe
---------- C:\Program Files\Adobe\Photoshop Elements 6.0\apdproxy.exe
---------- C:\WINDOWS\stsystra.exe
---------- C:\Program Files\Intel\Intel Matrix Storage Manager\Iaanotif.exe
---------- C:\WINDOWS\system32\ctfmon.exe
---------- C:\Program Files\Common Files\InstallShield\UpdateService\isuspm.exe
---------- C:\Program Files\Messenger\msmsgs.exe
---------- C:\Program Files\Logitech\SetPoint\SetPoint.exe
---------- C:\Program Files\McAfee\MPF\MPFSrv.exe
---------- C:\WINDOWS\system32\svchost.exe
---------- C:\WINDOWS\system32\svchost.exe
---------- C:\WINDOWS\ehome\mcrdsvc.exe
---------- C:\Program Files\Intel\IntelDH\Intel® Quick Resume Technology\ELService.exe
---------- C:\Program Files\Canon\CAL\CALMAIN.exe
---------- C:\Program Files\Common Files\Logishrd\KHAL2\KHALMNPR.EXE
---------- C:\WINDOWS\system32\dllhost.exe
---------- C:\WINDOWS\System32\alg.exe
---------- C:\WINDOWS\System32\svchost.exe
---------- C:\WINDOWS\eHome\ehmsas.exe
---------- C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe
---------- C:\WINDOWS\system32\wbem\wmiprvse.exe
---------- C:\PROGRA~1\McAfee\VIRUSS~1\mcods.exe
---------- c:\PROGRA~1\mcafee\VIRUSS~1\mcvsshld.exe
---------- C:\WINDOWS\system32\cmd.exe
---------- C:\Rooter$\RK.exe

----------------------\\ Search..

----------------------\\ ROOTKIT !!

1 - "C:\Rooter$\Rooter_1.txt" - Fri 06/05/2009| 8:07

----------------------\\ Scan completed at 8:07

#9 prh129

Topic Starter

Members
11 posts
OFFLINE

Local time:05:49 AM

Posted 05 June 2009 - 08:09 AM

In case it is helpful, when I loaded the GMER program in normal mode it did list some stuff (see below). The safe scan took over 3 hours and didn't seem to find as much as it was in normal mode before it crashed.

GMER 1.0.15.14972 - http://www.gmer.net
Rootkit scan 2009-06-04 23:52:42
Windows 5.1.2600 Service Pack 3

---- System - GMER 1.0.15 ----

Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwCreateFile [0xEC3069AA]
Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwCreateKey [0xEC306A41]
Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwCreateProcess [0xEC306958]
Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwCreateProcessEx [0xEC30696C]
Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwDeleteKey [0xEC306A55]
Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwDeleteValueKey [0xEC306A81]
Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwEnumerateKey [0xEC306AEF]
Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwEnumerateValueKey [0xEC306AD9]
Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwMapViewOfSection [0xEC3069EA]
Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwNotifyChangeKey [0xEC306B1B]
Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwOpenKey [0xEC306A2D]
Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwOpenProcess [0xEC306930]
Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwOpenThread [0xEC306944]
Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwProtectVirtualMemory [0xEC3069BE]
Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwQueryKey [0xEC306B57]
Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwQueryMultipleValueKey [0xEC306AC3]
Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwQueryValueKey [0xEC306AAD]
Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwRenameKey [0xEC306A6B]
Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwReplaceKey [0xEC306B43]
Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwRestoreKey [0xEC306B2F]
Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwSetContextThread [0xEC306996]
Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwSetInformationProcess [0xEC306982]
Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwSetValueKey [0xEC306A97]
Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwTerminateProcess [0xEC306A19]
Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwUnloadKey [0xEC306B05]
Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwUnmapViewOfSection [0xEC306A00]
Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwYieldExecution [0xEC3069D4]
Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) NtCreateFile
Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) NtMapViewOfSection
Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) NtOpenProcess
Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) NtOpenThread
Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) NtSetInformationProcess

---- Devices - GMER 1.0.15 ----

AttachedDevice \FileSystem\Ntfs \Ntfs mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.)
AttachedDevice \Driver\Tcpip \Device\Ip Mpfp.sys (McAfee Personal Firewall Plus Driver/McAfee, Inc.)
AttachedDevice \Driver\Tcpip \Device\Tcp Mpfp.sys (McAfee Personal Firewall Plus Driver/McAfee, Inc.)
AttachedDevice \Driver\Tcpip \Device\Udp Mpfp.sys (McAfee Personal Firewall Plus Driver/McAfee, Inc.)
AttachedDevice \Driver\Tcpip \Device\RawIp Mpfp.sys (McAfee Personal Firewall Plus Driver/McAfee, Inc.)

---- Threads - GMER 1.0.15 ----

Thread System [4:2016] 8425BA50
Thread System [4:4060] 84248157
Thread System [4:3480] 84279AC7
Thread System [4:2328] 8424B0E9

---- EOF - GMER 1.0.15 ----

#10 prh129

Topic Starter

Members
11 posts
OFFLINE

Local time:05:49 AM

Posted 05 June 2009 - 08:18 AM

There is a report from OTViewIt so I will rerun that and let it go. Here is the report I had: (I

OTViewIt logfile created on: 6/5/2009 8:42:52 AM - Run 2
OTViewIt by OldTimer - Version 1.0.21.0 Folder = C:\Documents and Settings\Peter

H\Desktop
Windows XP Media Center Edition Service Pack 3 (Version = 5.1.2600) - Type =

NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

1022.09 Mb Total Physical Memory | 314.16 Mb Available Physical Memory | 30.74% Memory

free
2.40 Gb Paging File | 1.89 Gb Available in Paging File | 78.55% Paging File free
Paging file location(s): C:\pagefile.sys 1536 3072;

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 144.31 Gb Total Space | 14.86 Gb Free Space | 10.30% Space Free | Partition

Type: NTFS
D: Drive not present or media not loaded
E: Drive not present or media not loaded
Drive F: | 298.09 Gb Total Space | 280.79 Gb Free Space | 94.20% Space Free | Partition

Type: NTFS
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: D50SYBB1
Current User Name: Peter H
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: All users
Whitelist: On
File Age = 30 Days

========== Processes ==========

[2007/06/13 15:15:40 | 00,483,328 | ---- | M] (ATI Technologies Inc.) --

C:\WINDOWS\system32\ati2evxx.exe
[2007/09/11 00:45:04 | 00,124,832 | ---- | M] () -- C:\Program Files\Adobe\Photoshop

Elements 6.0\PhotoshopElementsFileAgent.exe
[2006/10/09 16:16:56 | 00,237,568 | ---- | M] (Microsoft Corporation) --

C:\WINDOWS\ehome\ehrecvr.exe
[2005/08/05 14:56:32 | 00,102,912 | ---- | M] (Microsoft Corporation) --

C:\WINDOWS\ehome\ehSched.exe
[2006/07/06 07:14:30 | 00,090,112 | ---- | M] (Intel Corporation) -- C:\Program

Files\Intel\Intel Matrix Storage Manager\IAANTmon.exe
[2009/03/09 05:19:15 | 00,152,984 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program

Files\Java\jre6\bin\jqs.exe
[2008/01/09 15:50:22 | 00,767,976 | ---- | M] (McAfee, Inc.) -- C:\Program

Files\McAfee\MSC\mcmscsvc.exe
[2005/09/29 15:01:14 | 00,067,584 | ---- | M] (Microsoft Corporation) --

C:\WINDOWS\ehome\ehtray.exe
[2008/01/25 01:38:12 | 02,458,128 | ---- | M] (McAfee, Inc.) -- c:\Program Files\Common

Files\McAfee\MNA\McNASvc.exe
[2007/08/15 12:36:04 | 00,359,248 | ---- | M] (McAfee, Inc.) -- c:\Program Files\Common

Files\McAfee\McProxy\McProxy.exe
[2007/07/24 12:02:14 | 00,144,704 | ---- | M] (McAfee, Inc.) -- C:\Program

Files\McAfee\VirusScan\Mcshield.exe
[2006/11/15 10:05:00 | 01,121,016 | ---- | M] (Roxio) -- C:\Program

Files\Roxio\Drag-to-Disc\DrgToDsc.exe
[2009/03/09 05:19:17 | 00,148,888 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program

Files\Java\jre6\bin\jusched.exe
[2007/11/01 18:12:38 | 00,582,992 | ---- | M] (McAfee, Inc.) -- C:\Program

Files\McAfee.com\Agent\mcagent.exe
[2008/08/13 18:32:40 | 00,206,064 | ---- | M] (SupportSoft, Inc.) -- C:\Program

Files\Dell Support Center\bin\sprtcmd.exe
[2007/09/11 00:43:54 | 00,067,488 | ---- | M] (Adobe Systems Incorporated) -- C:\Program

Files\Adobe\Photoshop Elements 6.0\apdproxy.exe
[2005/03/22 17:20:44 | 00,339,968 | ---- | M] (SigmaTel, Inc.) --

C:\WINDOWS\stsystra.exe
[2006/07/06 07:15:00 | 00,151,552 | ---- | M] (Intel Corporation) -- C:\Program

Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe
[2006/09/11 05:40:32 | 00,218,032 | ---- | M] (Macrovision Corporation) -- C:\Program

Files\Common Files\InstallShield\UpdateService\ISUSPM.exe
[2008/04/13 20:12:28 | 01,695,232 | ---- | M] (Microsoft Corporation) -- C:\Program

Files\Messenger\msmsgs.exe
[2009/02/19 00:33:08 | 00,809,488 | ---- | M] (Logitech, Inc.) -- C:\Program

Files\Logitech\SetPoint\SetPoint.exe
[2007/07/18 12:54:42 | 00,856,864 | ---- | M] (McAfee, Inc.) -- C:\Program

Files\McAfee\MPF\MpfSrv.exe
[2005/08/05 14:27:08 | 00,099,328 | ---- | M] (Microsoft Corporation) --

C:\WINDOWS\ehome\mcrdsvc.exe
[2005/12/12 10:52:32 | 00,180,224 | ---- | M] (Intel Corporation) -- C:\Program

Files\Intel\IntelDH\Intel® Quick Resume Technology\ELService.exe
[2006/03/30 09:15:44 | 00,096,341 | ---- | M] (Canon Inc.) -- C:\Program

Files\Canon\CAL\CALMAIN.exe
[2009/02/19 00:28:52 | 00,076,304 | ---- | M] (Logitech, Inc.) -- C:\Program

Files\Common Files\Logishrd\KHAL2\KHALMNPR.exe
[2005/08/05 14:56:28 | 00,046,592 | ---- | M] (Microsoft Corporation) --

C:\WINDOWS\ehome\ehmsas.exe
[2007/12/05 10:04:10 | 00,695,624 | ---- | M] (McAfee, Inc.) -- C:\Program

Files\McAfee\VirusScan\mcsysmon.exe
[2007/11/07 09:35:40 | 00,378,184 | ---- | M] (McAfee, Inc.) -- C:\Program

Files\McAfee\VirusScan\mcods.exe
[2007/11/07 09:35:40 | 00,361,800 | ---- | M] (McAfee, Inc.) -- c:\Program

Files\McAfee\VirusScan\mcvsshld.exe
[2009/06/05 08:08:28 | 00,422,912 | ---- | M] (OldTimer Tools) -- C:\Documents and

Settings\Peter H\Desktop\OTViewIt.exe
[2007/11/01 22:32:00 | 00,866,640 | ---- | M] (McAfee, Inc.) -- C:\Program

Files\McAfee\MSC\mcshell.exe

========== (O23) Win32 Services ==========

[2007/09/11 00:45:04 | 00,124,832 | ---- | M] () -- C:\Program Files\Adobe\Photoshop

Elements 6.0\PhotoshopElementsFileAgent.exe -- (AdobeActiveFileMonitor6.0 [Auto |

Running])
[2008/07/25 12:16:40 | 00,034,312 | ---- | M] (Microsoft Corporation) --

C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe -- (aspnet_state

[On_Demand | Stopped])
[2007/06/13 15:15:40 | 00,483,328 | ---- | M] (ATI Technologies Inc.) --

C:\WINDOWS\system32\ati2evxx.exe -- (Ati HotKey Poller [Auto | Running])
[2007/06/13 14:29:00 | 00,520,192 | ---- | M] () -- C:\WINDOWS\system32\ati2sgag.exe --

(ATI Smart [Auto | Stopped])
[2005/04/30 17:02:26 | 00,086,016 | ---- | M] (B.H.A Corporation) --

C:\WINDOWS\system32\bgsvcgen.exe -- (bgsvcgen [Disabled | Stopped])
[2006/03/30 09:15:44 | 00,096,341 | ---- | M] (Canon Inc.) -- C:\Program

Files\Canon\CAL\CALMAIN.exe -- (CCALib8 [Auto | Running])
[2008/07/25 12:17:02 | 00,069,632 | ---- | M] (Microsoft Corporation) --

C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe --

(clr_optimization_v2.0.50727_32 [On_Demand | Stopped])
[2007/03/07 15:47:46 | 00,076,848 | ---- | M] () -- C:\Program

Files\DellSupport\brkrsvc.exe -- (DSBrokerService [Disabled | Stopped])
[2006/10/09 16:16:56 | 00,237,568 | ---- | M] (Microsoft Corporation) --

C:\WINDOWS\ehome\ehrecvr.exe -- (ehRecvr [Auto | Running])
[2005/08/05 14:56:32 | 00,102,912 | ---- | M] (Microsoft Corporation) --

C:\WINDOWS\ehome\ehSched.exe -- (ehSched [Auto | Running])
[2005/12/12 10:52:32 | 00,180,224 | ---- | M] (Intel Corporation) -- C:\Program

Files\Intel\IntelDH\Intel® Quick Resume Technology\ELService.exe -- (ELService [Auto |

Running])
[2007/10/10 21:28:51 | 00,654,848 | ---- | M] (Macrovision Europe Ltd.) -- C:\Program

Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe --

(FLEXnet Licensing Service [On_Demand | Stopped])
[2008/07/29 22:10:04 | 00,046,104 | ---- | M] (Microsoft Corporation) --

c:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe --

(FontCache3.0.0.0 [On_Demand | Stopped])
[2009/06/03 19:30:17 | 00,375,680 | ---- | M] (Sysinternals - www.sysinternals.com) --

C:\Documents and Settings\Peter H\Local Settings\temp\HIYT.exe -- (HIYT [On_Demand |

Stopped])
[2006/07/06 07:14:30 | 00,090,112 | ---- | M] (Intel Corporation) -- C:\Program

Files\Intel\Intel Matrix Storage Manager\IAANTmon.exe -- (IAANTMON [Auto | Running])
[2004/10/22 04:24:18 | 00,073,728 | ---- | M] (Macrovision Corporation) -- C:\Program

Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe -- (IDriverT

[Disabled | Stopped])
[2008/07/29 20:24:50 | 00,881,664 | ---- | M] (Microsoft Corporation) --

C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe --

(idsvc [Unknown | Stopped])
[2009/03/09 05:19:15 | 00,152,984 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program

Files\Java\jre6\bin\jqs.exe -- (JavaQuickStarterService [Auto | Running])
[2009/02/19 00:30:20 | 00,121,360 | ---- | M] (Logitech, Inc.) -- C:\Program

Files\Common Files\Logishrd\Bluetooth\LBTServ.exe -- (LBTServ [Disabled | Stopped])
[2009/06/03 20:39:33 | 00,420,736 | ---- | M] (Sysinternals - www.sysinternals.com) --

C:\Documents and Settings\Peter H\Local Settings\temp\LPMN.exe -- (LPMN [On_Demand |

Stopped])
[2008/01/09 15:50:22 | 00,767,976 | ---- | M] (McAfee, Inc.) -- C:\Program

Files\McAfee\MSC\mcmscsvc.exe -- (mcmscsvc [Auto | Running])
[2008/01/25 01:38:12 | 02,458,128 | ---- | M] (McAfee, Inc.) -- c:\Program Files\Common

Files\McAfee\MNA\McNASvc.exe -- (McNASvc [Auto | Running])
[2007/11/07 09:35:40 | 00,378,184 | ---- | M] (McAfee, Inc.) -- C:\Program

Files\McAfee\VirusScan\mcods.exe -- (McODS [On_Demand | Running])
[2007/08/15 12:36:04 | 00,359,248 | ---- | M] (McAfee, Inc.) -- c:\Program Files\Common

Files\McAfee\McProxy\McProxy.exe -- (McProxy [Auto | Running])
[2005/08/05 14:27:08 | 00,099,328 | ---- | M] (Microsoft Corporation) --

C:\WINDOWS\ehome\mcrdsvc.exe -- (McrdSvc [Auto | Running])
[2007/07/24 12:02:14 | 00,144,704 | ---- | M] (McAfee, Inc.) -- C:\Program

Files\McAfee\VirusScan\Mcshield.exe -- (McShield [Unknown | Running])
[2007/12/05 10:04:10 | 00,695,624 | ---- | M] (McAfee, Inc.) -- C:\Program

Files\McAfee\VirusScan\mcsysmon.exe -- (McSysmon [On_Demand | Running])
[2007/07/18 12:54:42 | 00,856,864 | ---- | M] (McAfee, Inc.) -- C:\Program

Files\McAfee\MPF\MpfSrv.exe -- (MpfService [Auto | Running])
[2004/11/19 12:26:40 | 00,147,456 | ---- | M] (Intel® Corporation) -- C:\Program

Files\Intel\PROSetWired\NCS\Sync\NetSvc.exe -- (NetSvc [On_Demand | Stopped])
[2008/07/29 20:16:38 | 00,132,096 | ---- | M] (Microsoft Corporation) --

C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe

-- (NetTcpPortSharing [Disabled | Stopped])
[2007/05/04 09:27:00 | 00,071,360 | ---- | M] () -- C:\Program

Files\CDBurnerXP\NMSAccessU.exe -- (NMSAccessU [Disabled | Stopped])
[2003/07/28 12:28:22 | 00,089,136 | ---- | M] (Microsoft Corporation) -- C:\Program

Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE -- (ose [Disabled | Stopped])
[2006/12/13 23:17:26 | 00,057,344 | ---- | M] (Sonic Solutions) -- C:\Program

Files\Roxio\Digital Home 9\RoxioUPnPRenderer9.exe -- (Roxio UPnP Renderer 9 [On_Demand |

Stopped])
[2006/12/13 23:17:02 | 00,294,912 | ---- | M] (Sonic Solutions) -- C:\Program

Files\Roxio\Digital Home 9\RoxioUpnpService9.exe -- (Roxio Upnp Server 9 [Auto |

Stopped])
[2007/01/16 13:44:48 | 00,880,640 | ---- | M] (Sonic Solutions) -- C:\Program

Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxMediaDB9.exe -- (RoxMediaDB9 [On_Demand

| Stopped])
[2008/08/13 18:32:40 | 00,201,968 | ---- | M] (SupportSoft, Inc.) -- C:\Program

Files\Dell Support Center\bin\sprtsvc.exe -- (sprtsvc_dellsupportcenter [Disabled |

Stopped])
[2007/01/15 09:05:30 | 00,073,728 | ---- | M] (MicroVision Development, Inc.) --

C:\Program Files\Common Files\SureThing Shared\stllssvr.exe -- (stllssvr [Disabled |

Stopped])
[2006/10/18 20:05:24 | 00,913,408 | ---- | M] (Microsoft Corporation) -- C:\Program

Files\Windows Media Player\wmpnetwk.exe -- (WMPNetworkSvc [Disabled | Stopped])

========== Driver Services ==========

[2008/04/14 00:16:22 | 00,048,128 | ---- | M] (Microsoft Corporation) --

C:\WINDOWS\system32\drivers\61883.sys -- (61883 [On_Demand | Stopped])
[2005/02/23 14:58:56 | 00,011,776 | ---- | M] (Arcsoft, Inc.) --

C:\WINDOWS\system32\drivers\afc.sys -- (Afc [On_Demand | Running])
[2001/08/17 14:51:56 | 00,005,248 | ---- | M] (Acer Laboratories Inc.) --

C:\WINDOWS\system32\drivers\aliide.sys -- (AliIde [Disabled | Stopped])
[2008/04/14 00:06:40 | 00,043,008 | ---- | M] (Advanced Micro Devices, Inc.) --

C:\WINDOWS\system32\drivers\amdagp.sys -- (amdagp [Disabled | Stopped])
[2001/08/17 14:52:00 | 00,026,496 | ---- | M] (Advanced System Products, Inc.) --

C:\WINDOWS\system32\drivers\asc.sys -- (asc [Disabled | Stopped])
[2001/08/17 14:51:58 | 00,014,848 | ---- | M] (Advanced System Products, Inc.) --

C:\WINDOWS\system32\drivers\asc3550.sys -- (asc3550 [Disabled | Stopped])
[2007/09/04 23:49:04 | 00,008,552 | ---- | M] (Windows ® 2000 DDK provider) --

C:\WINDOWS\System32\drivers\asctrm.sys -- (ASCTRM [Auto | Running])
[2007/06/13 15:24:14 | 02,155,520 | ---- | M] (ATI Technologies Inc.) --

C:\WINDOWS\system32\drivers\ati2mtag.sys -- (ati2mtag [On_Demand | Running])
[2008/04/14 00:16:22 | 00,038,912 | ---- | M] (Microsoft Corporation) --

C:\WINDOWS\system32\drivers\avc.sys -- (Avc [On_Demand | Stopped])
[2006/12/04 11:36:10 | 00,203,264 | ---- | M] (Pinnacle Systems) --

C:\WINDOWS\system32\drivers\bender.sys -- (BENDER [On_Demand | Running])
[2005/05/11 00:33:12 | 00,032,256 | ---- | M] (B.H.A Corporation) --

C:\WINDOWS\System32\drivers\cdrbsdrv.sys -- (cdrbsdrv [System | Running])
[2001/08/17 14:51:54 | 00,006,656 | ---- | M] (CMD Technology, Inc.) --

C:\WINDOWS\system32\drivers\cmdide.sys -- (CmdIde [Disabled | Stopped])
[2001/08/17 14:52:16 | 00,179,584 | ---- | M] (Mylex Corporation) --

C:\WINDOWS\system32\drivers\dac2w2k.sys -- (dac2w2k [Disabled | Stopped])
[2006/11/01 09:59:10 | 00,035,064 | ---- | M] (Roxio) --

C:\WINDOWS\system32\DLA\DLABMFSM.SYS -- (DLABMFSM [Auto | Running])
[2006/11/01 09:59:04 | 00,032,472 | ---- | M] (Roxio) --

C:\WINDOWS\system32\DLA\DLABOIOM.SYS -- (DLABOIOM [Auto | Running])
[2006/09/15 10:45:24 | 00,012,920 | ---- | M] (Roxio) --

C:\WINDOWS\system32\drivers\DLACDBHM.SYS -- (DLACDBHM [System | Running])
[2006/11/01 09:59:36 | 00,009,400 | ---- | M] (Roxio) --

C:\WINDOWS\system32\DLA\DLADResM.SYS -- (DLADResM [Auto | Running])
[2006/11/01 09:59:02 | 00,104,760 | ---- | M] (Roxio) --

C:\WINDOWS\system32\DLA\DLAIFS_M.SYS -- (DLAIFS_M [Auto | Running])
[2006/11/01 09:59:06 | 00,026,744 | ---- | M] (Roxio) --

C:\WINDOWS\system32\DLA\DLAOPIOM.SYS -- (DLAOPIOM [Auto | Running])
[2006/11/01 09:59:02 | 00,014,520 | ---- | M] (Roxio) --

C:\WINDOWS\system32\DLA\DLAPoolM.SYS -- (DLAPoolM [Auto | Running])
[2006/09/15 10:45:22 | 00,028,184 | ---- | M] (Roxio) --

C:\WINDOWS\system32\drivers\DLARTL_M.SYS -- (DLARTL_M [System | Running])
[2006/11/01 09:59:10 | 00,094,648 | ---- | M] (Roxio) --

C:\WINDOWS\system32\DLA\DLAUDFAM.SYS -- (DLAUDFAM [Auto | Running])
[2006/11/01 09:59:08 | 00,098,104 | ---- | M] (Roxio) --

C:\WINDOWS\system32\DLA\DLAUDF_M.SYS -- (DLAUDF_M [Auto | Running])
[2006/10/25 09:22:22 | 00,099,816 | ---- | M] (Sonic Solutions) --

C:\WINDOWS\system32\drivers\DRVMCDB.SYS -- (DRVMCDB [Boot | Running])
[2006/09/15 10:42:52 | 00,051,768 | ---- | M] (Roxio) --

C:\WINDOWS\system32\drivers\DRVNDDM.SYS -- (DRVNDDM [Auto | Running])
[2006/10/05 16:07:28 | 00,004,736 | ---- | M] (Gteko Ltd.) -- C:\Program

Files\DellSupport\GTAction\triggers\DSproct.sys -- (DSproct [On_Demand | Stopped])
[2007/02/25 12:10:48 | 00,005,376 | --S- | M] (Gteko Ltd.) --

C:\WINDOWS\system32\drivers\dsunidrv.sys -- (dsunidrv [Auto | Running])
[2001/08/17 13:12:10 | 00,117,760 | ---- | M] (Intel Corporation) --

C:\WINDOWS\system32\drivers\e100b325.sys -- (E100B [On_Demand | Stopped])
[2005/08/25 13:05:24 | 00,176,128 | ---- | M] (Intel Corporation) --

C:\WINDOWS\system32\drivers\e1e5132.sys -- (e1express [On_Demand | Running])
[2005/12/12 10:52:32 | 00,007,808 | ---- | M] (Intel Corporation) --

C:\WINDOWS\system32\drivers\ELacpi.sys -- (ELacpi [On_Demand | Running])
[2005/12/12 10:52:34 | 00,010,112 | ---- | M] (Intel Corporation) --

C:\WINDOWS\system32\drivers\ELhid.sys -- (ELhid [System | Running])
[2005/12/12 10:52:34 | 00,006,912 | ---- | M] (Intel Corporation) --

C:\WINDOWS\system32\drivers\ELkbd.sys -- (ELkbd [System | Running])
[2005/12/12 10:52:34 | 00,007,040 | ---- | M] (Intel Corporation) --

C:\WINDOWS\system32\drivers\ELmon.sys -- (ELmon [System | Running])
[2005/12/12 10:52:34 | 00,006,400 | ---- | M] (Intel Corporation) --

C:\WINDOWS\system32\drivers\ELmou.sys -- (ELmou [System | Running])
[2008/04/13 22:06:06 | 00,144,384 | ---- | M] (Windows ® Server 2003 DDK provider) --

C:\WINDOWS\system32\drivers\hdaudbus.sys -- (HDAudBus [On_Demand | Running])
[2003/11/17 15:59:20 | 00,212,224 | ---- | M] (Conexant Systems, Inc.) --

C:\WINDOWS\system32\drivers\HSFHWBS2.sys -- (HSFHWBS2 [On_Demand | Running])
[2003/11/17 15:56:26 | 01,042,432 | ---- | M] (Conexant Systems, Inc.) --

C:\WINDOWS\system32\drivers\HSF_DP.sys -- (HSF_DP [On_Demand | Running])
[2006/07/06 06:59:42 | 00,246,784 | ---- | M] (Intel Corporation) --

C:\WINDOWS\system32\drivers\iaStor.sys -- (iaStor [Boot | Running])
[2008/04/14 00:09:50 | 00,014,592 | ---- | M] (Microsoft Corporation) --

C:\WINDOWS\system32\drivers\kbdhid.sys -- (kbdhid [System | Running])
[2008/09/26 10:52:00 | 00,010,384 | ---- | M] (Logitech, Inc.) --

C:\WINDOWS\system32\drivers\LBeepKE.sys -- (LBeepKE [Auto | Running])
[2008/12/18 23:43:40 | 00,035,472 | ---- | M] (Logitech, Inc.) --

C:\WINDOWS\system32\drivers\LHidFilt.Sys -- (LHidFilt [On_Demand | Running])
[2008/12/18 23:43:48 | 00,037,392 | ---- | M] (Logitech, Inc.) --

C:\WINDOWS\system32\drivers\LMouFilt.Sys -- (LMouFilt [On_Demand | Running])
[2007/01/04 11:07:00 | 00,171,520 | ---- | M] (Pinnacle Systems GmbH) --

C:\WINDOWS\system32\drivers\MarvinBus.sys -- (MarvinBus [On_Demand | Running])
[2003/04/09 12:48:08 | 00,011,043 | ---- | M] (Conexant) --

C:\WINDOWS\system32\drivers\mdmxsdk.sys -- (mdmxsdk [Auto | Running])
[2007/11/22 06:44:08 | 00,079,304 | ---- | M] (McAfee, Inc.) --

C:\WINDOWS\system32\drivers\mfeavfk.sys -- (mfeavfk [On_Demand | Running])
[2007/11/22 06:44:08 | 00,035,240 | ---- | M] (McAfee, Inc.) --

C:\WINDOWS\system32\drivers\mfebopk.sys -- (mfebopk [On_Demand | Running])
[2007/11/22 06:44:08 | 00,201,320 | ---- | M] (McAfee, Inc.) --

C:\WINDOWS\system32\drivers\mfehidk.sys -- (mfehidk [System | Running])
[2007/11/22 06:44:04 | 00,033,832 | ---- | M] (McAfee, Inc.) --

C:\WINDOWS\system32\drivers\mferkdk.sys -- (mferkdk [On_Demand | Running])
[2007/12/02 12:51:42 | 00,040,488 | ---- | M] (McAfee, Inc.) --

C:\WINDOWS\system32\drivers\mfesmfk.sys -- (mfesmfk [On_Demand | Running])
[2001/08/17 14:57:38 | 00,016,128 | ---- | M] (Microsoft Corporation) --

C:\WINDOWS\system32\drivers\MODEMCSA.sys -- (MODEMCSA [On_Demand | Running])
[2007/07/13 06:20:24 | 00,113,952 | ---- | M] (McAfee, Inc.) --

C:\WINDOWS\system32\drivers\Mpfp.sys -- (MPFP [System | Running])
[2001/08/17 14:52:12 | 00,017,280 | ---- | M] (American Megatrends Inc.) --

C:\WINDOWS\system32\drivers\mraid35x.sys -- (mraid35x [Disabled | Stopped])
[2008/04/14 00:16:10 | 00,051,200 | ---- | M] (Microsoft Corporation) --

C:\WINDOWS\system32\drivers\msdv.sys -- (MSDV [On_Demand | Stopped])
[2007/09/17 21:48:56 | 00,098,176 | ---- | M] (Microsoft Corporation) --

C:\WINDOWS\system32\drivers\NBF.SYS -- (Nbf [Auto | Running])
[2004/08/03 23:29:56 | 01,897,408 | ---- | M] (NVIDIA Corporation) --

C:\WINDOWS\system32\drivers\nv4_mini.sys -- (nv [On_Demand | Stopped])
[2002/03/19 11:29:16 | 00,014,165 | ---- | M] (Pinnacle Systems GmbH) --

C:\WINDOWS\system32\drivers\Pclepci.sys -- (PCLEPCI [System | Running])
[2004/08/10 06:00:00 | 00,017,792 | ---- | M] (Parallel Technologies, Inc.) --

C:\WINDOWS\system32\drivers\ptilink.sys -- (Ptilink [On_Demand | Running])
[2007/10/10 21:25:17 | 00,043,528 | ---- | M] (Sonic Solutions) --

C:\WINDOWS\system32\drivers\pxhelp20.sys -- (PxHelp20 [Boot | Running])
[2001/08/17 14:52:20 | 00,040,320 | ---- | M] (QLogic Corporation) --

C:\WINDOWS\system32\drivers\ql1080.sys -- (ql1080 [Disabled | Stopped])
[2001/08/17 14:52:20 | 00,045,312 | ---- | M] (QLogic Corporation) --

C:\WINDOWS\system32\drivers\ql12160.sys -- (ql12160 [Disabled | Stopped])
[2001/08/17 14:52:18 | 00,049,024 | ---- | M] (QLogic Corporation) --

C:\WINDOWS\system32\drivers\ql1280.sys -- (ql1280 [Disabled | Stopped])
[2006/12/02 13:19:30 | 00,050,688 | ---- | M] (Sonic Solutions) --

C:\WINDOWS\system32\drivers\RxFilter.sys -- (RxFilter [Disabled | Stopped])
[2009/04/28 11:33:42 | 00,009,968 | ---- | M] (SUPERAdBlocker.com and

SUPERAntiSpyware.com) -- C:\Program Files\SUPERAntiSpyware\sasdifsv.sys -- (SASDIFSV

[System | Running])
[2009/04/28 11:33:44 | 00,007,408 | R--- | M] ( SUPERAdBlocker.com and

SUPERAntiSpyware.com) -- C:\Program Files\SUPERAntiSpyware\SASENUM.SYS -- (SASENUM

[On_Demand | Stopped])
[2009/04/28 11:33:40 | 00,072,944 | ---- | M] (SUPERAdBlocker.com and

SUPERAntiSpyware.com) -- C:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS -- (SASKUTIL

[System | Running])
[2007/11/13 06:25:53 | 00,020,480 | ---- | M] (Macrovision Corporation, Macrovision

Europe Limited, and Macrovision Japan and Asia K.K.) --

C:\WINDOWS\system32\drivers\secdrv.sys -- (Secdrv [On_Demand | Stopped])
[2008/04/14 00:06:40 | 00,040,960 | ---- | M] (Silicon Integrated Systems Corporation)

-- C:\WINDOWS\system32\drivers\sisagp.sys -- (sisagp [Disabled | Stopped])
[2001/08/17 15:07:44 | 00,019,072 | ---- | M] (Adaptec, Inc.) --

C:\WINDOWS\system32\drivers\sparrow.sys -- (Sparrow [Disabled | Stopped])
[2005/11/16 15:36:00 | 01,047,816 | ---- | M] (SigmaTel, Inc.) --

C:\WINDOWS\system32\drivers\sthda.sys -- (STHDA [On_Demand | Running])
[2001/08/17 15:07:34 | 00,016,256 | ---- | M] (Symbios Logic Inc.) --

C:\WINDOWS\system32\drivers\symc810.sys -- (symc810 [Disabled | Stopped])
[2001/08/17 15:07:36 | 00,032,640 | ---- | M] (LSI Logic) --

C:\WINDOWS\system32\drivers\symc8xx.sys -- (symc8xx [Disabled | Stopped])
[2001/08/17 15:07:40 | 00,028,384 | ---- | M] (LSI Logic) --

C:\WINDOWS\system32\drivers\sym_hi.sys -- (sym_hi [Disabled | Stopped])
[2001/08/17 15:07:42 | 00,030,688 | ---- | M] (LSI Logic) --

C:\WINDOWS\system32\drivers\sym_u3.sys -- (sym_u3 [Disabled | Stopped])
[2001/08/17 14:52:22 | 00,036,736 | ---- | M] (Promise Technology, Inc.) --

C:\WINDOWS\system32\drivers\ultra.sys -- (ultra [Disabled | Stopped])
[2008/04/14 00:26:50 | 00,012,800 | ---- | M] (Microsoft Corporation) --

C:\WINDOWS\system32\drivers\usb8023.sys -- (USB_RNDIS [On_Demand | Running])
[2006/11/02 08:22:54 | 00,492,000 | ---- | M] (Microsoft Corporation) --

C:\WINDOWS\system32\drivers\wdf01000.sys -- (Wdf01000 [On_Demand | Running])
[2003/11/17 15:58:02 | 00,680,704 | ---- | M] (Conexant Systems, Inc.) --

C:\WINDOWS\system32\drivers\HSF_CNXT.sys -- (winachsf [On_Demand | Running])

========== (R ) Internet Explorer ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Main]
"Default_Page_URL"=http://go.microsoft.com/fwlink/?LinkId=69157
"Default_Search_URL"=http://go.microsoft.com/fwlink/?LinkId=54896
"Default_Secondary_Page_URL"=
"Extensions Off Page"=about:NoAdd-ons
"Search Page"=http://go.microsoft.com/fwlink/?LinkId=54896
"Security Risk Page"=about:SecurityRisk
"Start Page"=http://go.microsoft.com/fwlink/?LinkId=69157

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Search]
"CustomizeSearch"=http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchcust.htm
"Default_Page_URL"=www.google.com/ig/dell?hl=en&client=dell-usuk-rel&channel=us&ibd=1070

904
"Default_Search_URL"=http://www.google.com/ie
"SearchAssistant"=http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchasst.htm
"Start Page"=www.google.com/ig/dell?hl=en&client=dell-usuk-rel&channel=us&ibd=1070904

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main]
"Page_Transitions"=
"Search Page"=http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
"SearchMigratedDefaultName"=Google
"SearchMigratedDefaultURL"=http://www.google.com/search?q={searchTerms}&sourceid=ie7&rls

=com.microsoft:en-US&ie=utf8&oe=utf8
"Start

Page"=http://www.google.com/ig/dell?hl=en&client=dell-usuk-rel&channel=us&ibd=1070904

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchURL]
""=http://www.google.com/search?q=%s

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
"{CFBFAE00-17A6-11D0-99CB-00C04FD64497}" (HKLM) -- C:\WINDOWS\system32\ieframe.dll

(Microsoft Corporation)

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings]
"ProxyEnable" = 0

[HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\Main]
"Default_Page_URL"=www.google.com/ig/dell?hl=en&client=dell-usuk-rel&channel=us&ibd=1070

904
"Search Page"=http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
"Start Page"=http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=msnhome

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings]
"ProxyEnable" = 0

[HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Internet Explorer\Main]
"Default_Page_URL"=www.google.com/ig/dell?hl=en&client=dell-usuk-rel&channel=us&ibd=1070

904
"Search Page"=http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
"Start Page"=http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=msnhome

[HKEY_USERS\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings]
"ProxyEnable" = 0

[HKEY_USERS\S-1-5-19\SOFTWARE\Microsoft\Internet Explorer\Main]

[HKEY_USERS\S-1-5-20\SOFTWARE\Microsoft\Internet Explorer\Main]

[HKEY_USERS\S-1-5-21-4162479796-1755148357-1841968330-1005\SOFTWARE\Microsoft\Internet

Explorer\Main]
"Page_Transitions"=
"Search Page"=http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
"SearchMigratedDefaultName"=Google
"SearchMigratedDefaultURL"=http://www.google.com/search?q={searchTerms}&sourceid=ie7&rls

=com.microsoft:en-US&ie=utf8&oe=utf8
"Start

Page"=http://www.google.com/ig/dell?hl=en&client=dell-usuk-rel&channel=us&ibd=1070904

[HKEY_USERS\S-1-5-21-4162479796-1755148357-1841968330-1005\Software\Microsoft\Internet

Explorer\SearchURL]
""=http://www.google.com/search?q=%s

[HKEY_USERS\S-1-5-21-4162479796-1755148357-1841968330-1005\Software\Microsoft\Internet

Explorer\URLSearchHooks]
"{CFBFAE00-17A6-11D0-99CB-00C04FD64497}" (HKLM) -- C:\WINDOWS\system32\ieframe.dll

(Microsoft Corporation)

[HKEY_USERS\S-1-5-21-4162479796-1755148357-1841968330-1005\Software\Microsoft\Windows\Cu

rrentVersion\Internet Settings]
"ProxyEnable" = 0

========== (O1) Hosts File ==========

HOSTS File = (27 bytes) - C:\WINDOWS\System32\drivers\etc\Hosts
First 25 entries...
127.0.0.1 localhost

========== (O2) BHO's ==========

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper

Objects\]
{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} (HKLM) -- C:\Program Files\Common

Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
{53707962-6F74-2D53-2644-206D7942484F} (HKLM) -- C:\Program Files\Spybot - Search &

Destroy\SDHelper.dll (Safer Networking Limited)
{7DB2D5A0-7241-4E79-B68D-6309F01C5231} (HKLM) -- C:\Program

Files\McAfee\VirusScan\scriptsn.dll (McAfee, Inc.)
{CA6319C0-31B7-401E-A518-A07C3DB8F777} (HKLM) -- C:\Program Files\BAE\BAE.dll (Dell

Inc.)
{DBC80044-A445-435b-BC74-9C25C1C588A9} (HKLM) -- C:\Program

Files\Java\jre6\bin\jp2ssv.dll (Sun Microsystems, Inc.)
{E7E6F031-17CE-4C07-BC86-EABFE594F69C} (HKLM) -- C:\Program

Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll (Sun Microsystems, Inc.)

========== (O4) Run Keys ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Adobe Photo Downloader"="C:\Program Files\Adobe\Photoshop Elements 6.0\apdproxy.exe"

(Adobe Systems Incorporated)
"Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"

(Adobe Systems Incorporated)
"ATICCC"="C:\Program Files\ATI Technologies\ATI.ACE\CLIStart.exe" ()
"ATIPTA"="C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe" (ATI

Technologies, Inc.)
"dellsupportcenter"="C:\Program Files\Dell Support Center\bin\sprtcmd.exe" /P

dellsupportcenter (SupportSoft, Inc.)
"ehTray"=C:\WINDOWS\ehome\ehtray.exe (Microsoft Corporation)
"IAAnotif"=C:\Program Files\Intel\Intel Matrix Storage Manager\Iaanotif.exe (Intel

Corporation)
"ISUSPM Startup"="C:\Program Files\Common Files\InstallShield\UpdateService\isuspm.exe"

-startup (Macrovision Corporation)
"ISUSScheduler"="C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe"

-start (Macrovision Corporation)
"Kernel and Hardware Abstraction Layer"=KHALMNPR.EXE (Logitech, Inc.)
"mcagent_exe"=C:\Program Files\McAfee.com\Agent\mcagent.exe /runkey (McAfee, Inc.)
"QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" -atboottime (Apple Inc.)
"RoxioDragToDisc"="C:\Program Files\Roxio\Drag-to-Disc\DrgToDsc.exe" (Roxio)
"SigmatelSysTrayApp"=stsystra.exe (SigmaTel, Inc.)
"SunJavaUpdateSched"="C:\Program Files\Java\jre6\bin\jusched.exe" (Sun Microsystems,

Inc.)

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"EPSON Stylus Photo R380

Series"=C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIBOA.EXE /FU

"C:\WINDOWS\TEMP\E_S247.tmp" /EF "HKCU" (SEIKO EPSON CORPORATION)
"ISUSPM"="C:\Program Files\Common Files\InstallShield\UpdateService\isuspm.exe"

-scheduler (Macrovision Corporation)
"MSMSGS"="C:\Program Files\Messenger\msmsgs.exe" /background (Microsoft Corporation)

[HKEY_USERS\S-1-5-21-4162479796-1755148357-1841968330-1005\SOFTWARE\Microsoft\Windows\Cu

rrentVersion\Run]
"EPSON Stylus Photo R380

Series"=C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIBOA.EXE /FU

"C:\WINDOWS\TEMP\E_S247.tmp" /EF "HKCU" (SEIKO EPSON CORPORATION)
"ISUSPM"="C:\Program Files\Common Files\InstallShield\UpdateService\isuspm.exe"

-scheduler (Macrovision Corporation)
"MSMSGS"="C:\Program Files\Messenger\msmsgs.exe" /background (Microsoft Corporation)

========== (O4) Startup Folders ==========

[2009/02/19 00:33:08 | 00,809,488 | ---- | M] (Logitech, Inc.) -- C:\Documents and

Settings\All Users\Start Menu\Programs\Startup\Logitech SetPoint.lnk = C:\Program

Files\Logitech\SetPoint\SetPoint.exe

========== (O6 & O7) Current Version Policies ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer]
"HonorAutoRunSetting"=1
"NoDriveAutoRun"=67108863
"NoDriveTypeAutoRun"=323
"NoDrives"=0
"NoCDBurning"=1
"BackupNoCDBurning"=0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System]
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1
"InstallVisualStyle"=C:\WINDOWS\Resources\Themes\Royale\Royale.mss -- File not found
"InstallTheme"=C:\WINDOWS\Resources\Themes\Royale.the -- File not found

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer]
"NoDriveTypeAutoRun"=323
"NoDriveAutoRun"=67108863
"NoDrives"=0

[HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer]
"NoDriveTypeAutoRun"=323
"NoDriveAutoRun"=67108863

[HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer]
"NoDriveTypeAutoRun"=323
"NoDriveAutoRun"=67108863

[HKEY_USERS\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer]
"NoDriveTypeAutoRun"=145

[HKEY_USERS\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer]
"NoDriveTypeAutoRun"=145

[HKEY_USERS\S-1-5-21-4162479796-1755148357-1841968330-1005\SOFTWARE\Microsoft\Windows\Cu

rrentVersion\policies\Explorer]
"NoDriveTypeAutoRun"=323
"NoDriveAutoRun"=67108863
"NoDrives"=0

========== (O9) IE Extensions ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extensions\]
{DFB852A3-47F8-48C4-A200-58CAB36FD2A2}: Menu: Spybot - Search & Destroy Configuration --

%ProgramFiles%\Spybot - Search & Destroy\SDHelper.dll [2009/01/26 15:31:02 | 01,879,896

| ---- | M] (Safer Networking Limited)
{e2e2dd38-d088-4134-82b7-f2ba38496583}: Menu: @xpsp3res.dll,-20001 --

%SystemRoot%\network diagnostic\xpnetdiag.exe [2008/04/14 00:23:34 | 00,558,080 | ---- |

M] (Microsoft Corporation)
{FB5F1910-F110-11d2-BB9E-00C04F795683}: Button: Messenger --

%ProgramFiles%\Messenger\msmsgs.exe [2008/04/13 20:12:28 | 01,695,232 | ---- | M]

(Microsoft Corporation)
{FB5F1910-F110-11d2-BB9E-00C04F795683}: Menu: Windows Messenger --

%ProgramFiles%\Messenger\msmsgs.exe [2008/04/13 20:12:28 | 01,695,232 | ---- | M]

(Microsoft Corporation)

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Extensions\]
CmdMapping\\{08B0E5C0-4FCB-11CF-AAA5-00401C608501} [HKLM] -> [Reg Error: Value does

not exist or could not be read.] -> File not found
CmdMapping\\{FB5F1910-F110-11d2-BB9E-00C04F795683} [HKLM] ->

%ProgramFiles%\Messenger\msmsgs.exe [Messenger] -> [2008/04/13 20:12:28 | 01,695,232 |

---- | M] (Microsoft Corporation)

[HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\Extensions\]
CmdMapping\\{08B0E5C0-4FCB-11CF-AAA5-00401C608501} [HKLM] -> [Reg Error: Value does

not exist or could not be read.] -> File not found
CmdMapping\\{FB5F1910-F110-11d2-BB9E-00C04F795683} [HKLM] ->

%ProgramFiles%\Messenger\msmsgs.exe [Messenger] -> [2008/04/13 20:12:28 | 01,695,232 |

---- | M] (Microsoft Corporation)

[HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Internet Explorer\Extensions\]
CmdMapping\\{08B0E5C0-4FCB-11CF-AAA5-00401C608501} [HKLM] -> [Reg Error: Value does

not exist or could not be read.] -> File not found
CmdMapping\\{FB5F1910-F110-11d2-BB9E-00C04F795683} [HKLM] ->

%ProgramFiles%\Messenger\msmsgs.exe [Messenger] -> [2008/04/13 20:12:28 | 01,695,232 |

---- | M] (Microsoft Corporation)

[HKEY_USERS\S-1-5-21-4162479796-1755148357-1841968330-1005\SOFTWARE\Microsoft\Internet

Explorer\Extensions\]
CmdMapping\\{08B0E5C0-4FCB-11CF-AAA5-00401C608501} [HKLM] -> [Reg Error: Value does

not exist or could not be read.] -> File not found
CmdMapping\\{FB5F1910-F110-11d2-BB9E-00C04F795683} [HKLM] ->

%ProgramFiles%\Messenger\msmsgs.exe [Messenger] -> [2008/04/13 20:12:28 | 01,695,232 |

---- | M] (Microsoft Corporation)

========== (O12) Internet Explorer Plugins ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Plugins\]
PluginsPage: "" = http://activex.microsoft.com/controls/find...=%s&mime=%s
PluginsPageFriendlyName: "" = Microsoft ActiveX Gallery

========== (O13) Default Prefixes ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\URL\DefaultPrefix]
""=http://

========== (O15) Trusted Sites ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet

Settings\ZoneMap\Domains\]
musicmatch.com\online: https in Computer
2 domain(s) and sub-domain(s) not assigned to a zone.

========== (O16) DPF ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\]
{17492023-C23A-453E-A040-C7C580BBF700}:

http://download.microsoft.com/download/C/0...D1177202/LegitC

heckControl.cab -- Windows Genuine Advantage Validation Tool
{5ED80217-570B-4DA9-BF44-BE107C0EC166}:

http://cdn.scan.onecare.live.com/resource/...lscbase5483.cab -- Windows

Live Safety Center Base Module
{8AD9C840-044E-11D1-B3E9-00805F499D93}:

http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab -- Java Plug-in

1.6.0_13
{8FFBE65D-2C9C-4669-84BD-5829DC0B603C}:

http://fpdownload.macromedia.com/get/flash...t/ultrashim.cab -- Reg Error: Key

does not exist or could not be opened.
{CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA}:

http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab -- Java Plug-in

1.6.0_13
{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA}:

http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab -- Java Plug-in

1.6.0_13
{CF40ACC5-E1BB-4AFF-AC72-04C2F616BCA7}: http://www.adobe.com/products/acrobat/nos/gp.cab

-- get_atlcom Class
{FFBB3F3B-0A5A-4106-BE53-DFE1E2340CB1}:

http://dlm.tools.akamai.com/dlmanager/vers...vex-2.2.2.1.cab --

DownloadManager Control

========== (O17) DNS Name Servers ==========

{0902C854-60C7-4BE6-8F65-CEDEBAEE2F6C} (Servers: | Description: Motorola SURFboard

SB5120 USB Cable Modem)
{72B86CED-B1D8-4282-AB55-9C69BB8DEA9A} (Servers: | Description: Motorola SURFboard

SB5120 USB Cable Modem)
{77419F32-9B64-4D4D-A7AB-11753E4A5689} (Servers: | Description: 1394 Net Adapter)
{9238EC63-A833-4F30-992F-3E9F7E05A5A3} (Servers: | Description: )
{AC92A9FE-559B-4B8C-BE64-5CDD8D2063D3} (Servers: | Description: Intel® PRO/1000 PL

Network Connection)
{BBAE2A10-6959-4EAB-9B20-26F597D60EA2} (Servers: | Description: )
{C3BF6101-11DF-471E-9B1A-BB4342AEC2E8} (Servers: | Description: 1394 Net Adapter)

========== (O20) Winlogon Notify Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\]
!SASWinLogon: "DllName" = C:\Program Files\SUPERAntiSpyware\SASWINLO.dll -- C:\Program

Files\SUPERAntiSpyware\SASWINLO.dll (SUPERAntiSpyware.com)
LBTWlgn: "DllName" = c:\program files\common files\logishrd\bluetooth\LBTWlgn.dll --

c:\Program Files\Common Files\Logishrd\Bluetooth\LBTWLgn.dll (Logitech, Inc.)

========== Shell Execute Hooks ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks

]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}" (HKLM) -- Reg Error: Key does not exist or

could not be opened. File not found

========== Safeboot Options ==========

"AlternateShell"=cmd.exe

========== CDRom AutoRun Settings ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom]
"AutoRun" = 1

========== Autorun Files on Drives ==========

AUTOEXEC.BAT [SET PATH=C:\Program Files\Pinnacle\Shared Files\;C:\Program

Files\Pinnacle\Shared Files\Filter | ]
[2009/02/22 18:42:14 | 00,000,096 | ---- | M] () -- C:\AUTOEXEC.BAT -- [ NTFS ]

========== MountPoints2 ==========

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{361a

c05d-0e0d-11da-9aa9-806d6172696f}\Shell]
""=AutoRun

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{361a

c05d-0e0d-11da-9aa9-806d6172696f}\Shell\AutoRun]
""=Auto&Play

========== Files/Folders - Created Within 30 Days ==========

[4 C:\WINDOWS\*.tmp files]
[2009/06/05 08:08:18 | 00,422,912 | ---- | C] (OldTimer Tools) -- C:\Documents and

Settings\Peter H\Desktop\OTViewIt.exe
[2009/06/05 08:05:52 | 00,000,000 | ---D | C] -- C:\Rooter$
[2009/06/05 08:05:15 | 00,267,612 | ---- | C] () -- C:\Documents and Settings\Peter

H\Desktop\Rooter.exe
[2009/06/05 07:58:57 | 10,718,12608 | -HS- | C] () -- C:\hiberfil.sys
[2009/06/04 23:49:38 | 00,286,208 | ---- | C] () -- C:\Documents and Settings\Peter

H\Desktop\98rzrqgi.exe
[2009/06/04 21:11:37 | 00,046,592 | ---- | C] () -- C:\Documents and Settings\Peter H\My

Documents\mole_response1.doc
[2009/06/03 21:21:05 | 00,006,380 | ---- | C] () -- C:\Documents and Settings\Peter

H\Desktop\Attach.zip
[2009/06/03 21:02:08 | 00,096,256 | ---- | C] () -- C:\Documents and Settings\Peter H\My

Documents\rootkit_reveal1.doc
[2009/06/02 21:48:44 | 00,000,000 | ---- | C] () -- C:\WINDOWS\exctrlst.INI
[2009/06/01 20:18:19 | 00,219,648 | ---- | C] () -- C:\Documents and Settings\Peter H\My

Documents\loadperf_error.doc
[2009/05/31 09:10:05 | 00,000,000 | -HSD | C] -- C:\WINDOWS\CSC
[2009/05/30 22:14:44 | 00,000,000 | ---D | C] -- C:\Program Files\Windows Live Safety

Center
[2009/05/29 20:55:46 | 00,025,761 | ---- | C] () -- C:\WINDOWS\System32\PERFH009.DAT
[2009/05/29 20:55:46 | 00,004,931 | ---- | C] () -- C:\WINDOWS\System32\PERFC009.DAT
[2009/05/29 20:48:51 | 00,000,642 | ---- | C] () -- C:\Documents and Settings\Peter H\My

Documents\cc_20090529_2048.reg
[2009/05/29 20:40:45 | 00,037,376 | ---- | C] () -- C:\Documents and Settings\Peter H\My

Documents\Manual steps to back up the registry in Windows Vista or in Windows XP.doc
[2009/05/29 19:28:56 | 00,044,032 | ---- | C] () -- C:\Documents and Settings\Peter H\My

Documents\What Are Event Logst.doc
[2009/05/29 19:16:19 | 00,000,000 | ---D | C] -- C:\WINDOWS\Prefetch
[2009/05/29 19:02:24 | 00,079,872 | ---- | C] (Microsoft Corporation) --

C:\WINDOWS\System32\dllcache\msxml6r.dll
[2009/05/29 19:02:18 | 00,010,752 | ---- | C] (Microsoft Corporation) --

C:\WINDOWS\System32\smtpapi.dll
[2009/05/29 19:02:18 | 00,009,728 | ---- | C] (Microsoft Corporation) --

C:\WINDOWS\System32\rwnh.dll
[2009/05/29 19:02:18 | 00,009,728 | ---- | C] (Microsoft Corporation) --

C:\WINDOWS\System32\comsdupd.exe
[2009/05/29 19:02:16 | 00,136,192 | ---- | C] (Microsoft Corporation) --

C:\WINDOWS\System32\aaclient.dll
[2009/05/29 19:02:15 | 00,650,752 | ---- | C] (Microsoft Corporation) --

C:\WINDOWS\System32\dot3ui.dll
[2009/05/29 19:02:15 | 00,233,472 | ---- | C] (Microsoft Corporation) --

C:\WINDOWS\System32\azroles.dll
[2009/05/29 19:02:15 | 00,184,832 | ---- | C] (Microsoft Corporation) --

C:\WINDOWS\System32\eapp3hst.dll
[2009/05/29 19:02:15 | 00,132,096 | ---- | C] (Microsoft Corporation) --

C:\WINDOWS\System32\dot3svc.dll
[2009/05/29 19:02:15 | 00,094,208 | ---- | C] (Microsoft Corporation) --

C:\WINDOWS\System32\eappgnui.dll
[2009/05/29 19:02:15 | 00,057,856 | ---- | C] (Microsoft Corporation) --

C:\WINDOWS\System32\dot3cfg.dll
[2009/05/29 19:02:15 | 00,056,320 | ---- | C] (Microsoft Corporation) --

C:\WINDOWS\System32\dot3msm.dll
[2009/05/29 19:02:15 | 00,048,640 | ---- | C] (Microsoft Corporation) --

C:\WINDOWS\System32\dhcpqec.dll
[2009/05/29 19:02:15 | 00,039,936 | ---- | C] (Microsoft Corporation) --

C:\WINDOWS\System32\dot3gpclnt.dll
[2009/05/29 19:02:15 | 00,039,936 | ---- | C] (Microsoft Corporation) --

C:\WINDOWS\System32\dimsroam.dll
[2009/05/29 19:02:15 | 00,012,800 | ---- | C] (Microsoft Corporation) --

C:\WINDOWS\System32\credssp.dll
[2009/05/29 19:02:15 | 00,007,168 | ---- | C] (Microsoft Corporation) --

C:\WINDOWS\System32\bitsprx4.dll
[2009/05/29 19:02:14 | 00,180,224 | ---- | C] (Microsoft Corporation) --

C:\WINDOWS\System32\eapphost.dll
[2009/05/29 19:02:14 | 00,059,392 | ---- | C] (Microsoft Corporation) --

C:\WINDOWS\System32\eapqec.dll
[2009/05/29 19:02:14 | 00,033,792 | ---- | C] (Microsoft Corporation) --

C:\WINDOWS\System32\eapsvc.dll
[2009/05/29 19:02:14 | 00,006,144 | ---- | C] (Microsoft Corporation) --

C:\WINDOWS\System32\kbdbhc.dll
[2009/05/29 19:02:13 | 00,397,312 | ---- | C] (Microsoft Corporation) --

C:\WINDOWS\System32\mmcex.dll
[2009/05/29 19:02:13 | 00,193,024 | ---- | C] (Microsoft Corporation) --

C:\WINDOWS\System32\napmontr.dll
[2009/05/29 19:02:13 | 00,184,320 | ---- | C] (Microsoft Corporation) --

C:\WINDOWS\System32\microsoft.managementconsole.dll
[2009/05/29 19:02:13 | 00,155,136 | ---- | C] (Microsoft Corporation) --

C:\WINDOWS\System32\mssha.dll
[2009/05/29 19:02:13 | 00,106,496 | ---- | C] (Microsoft Corporation) --

C:\WINDOWS\System32\mmcfxcommon.dll
[2009/05/29 19:02:13 | 00,076,800 | ---- | C] (Microsoft Corporation) --

C:\WINDOWS\System32\msshavmsg.dll
[2009/05/29 19:02:13 | 00,061,440 | ---- | C] (Microsoft Corporation) --

C:\WINDOWS\System32\kmsvc.dll
[2009/05/29 19:02:13 | 00,037,376 | ---- | C] (Microsoft Corporation) --

C:\WINDOWS\System32\l2gpstore.dll
[2009/05/29 19:02:13 | 00,033,792 | ---- | C] (Microsoft Corporation) --

C:\WINDOWS\System32\mmcperf.exe
[2009/05/29 19:02:13 | 00,030,208 | ---- | C] (Microsoft Corporation) --

C:\WINDOWS\System32\napipsec.dll
[2009/05/29 19:02:13 | 00,006,144 | ---- | C] (Microsoft Corporation) --

C:\WINDOWS\System32\kbdpash.dll
[2009/05/29 19:02:13 | 00,006,144 | ---- | C] (Microsoft Corporation) --

C:\WINDOWS\System32\kbdnepr.dll
[2009/05/29 19:02:13 | 00,006,144 | ---- | C] (Microsoft Corporation) --

C:\WINDOWS\System32\kbdiultn.dll
[2009/05/29 19:02:12 | 00,291,328 | ---- | C] (Microsoft Corporation) --

C:\WINDOWS\System32\qagentrt.dll
[2009/05/29 19:02:12 | 00,290,304 | ---- | C] (Microsoft Corporation) --

C:\WINDOWS\System32\rhttpaa.dll
[2009/05/29 19:02:12 | 00,176,640 | ---- | C] (Microsoft Corporation) --

C:\WINDOWS\System32\napstat.exe
[2009/05/29 19:02:12 | 00,150,528 | ---- | C] (Microsoft Corporation) --

C:\WINDOWS\System32\qagent.dll
[2009/05/29 19:02:12 | 00,062,464 | ---- | C] (Microsoft Corporation) --

C:\WINDOWS\System32\qcliprov.dll
[2009/05/29 19:02:11 | 00,069,120 | ---- | C] (Microsoft Corporation) --

C:\WINDOWS\System32\wlanapi.dll
[2009/05/29 19:02:11 | 00,053,248 | ---- | C] (Microsoft Corporation) --

C:\WINDOWS\System32\tsgqec.dll
[2009/05/29 19:02:11 | 00,050,688 | ---- | C] (Microsoft Corporation) --

C:\WINDOWS\System32\tspkg.dll
[2009/05/29 19:02:11 | 00,032,768 | ---- | C] (Microsoft Corporation) --

C:\WINDOWS\System32\setupn.exe
[2009/05/29 18:59:29 | 00,129,045 | ---- | C] () --

C:\WINDOWS\System32\drivers\cxthsfs2.cty
[2009/05/29 18:59:29 | 00,064,352 | ---- | C] () --

C:\WINDOWS\System32\drivers\ativmc20.cod
[2009/05/29 18:59:29 | 00,046,464 | ---- | C] (Microsoft Corporation) --

C:\WINDOWS\System32\drivers\gagp30kx.sys
[2009/05/29 18:59:29 | 00,037,888 | ---- | C] (Microsoft Corporation) --

C:\WINDOWS\System32\drivers\bthmodem.sys
[2009/05/29 18:59:29 | 00,025,600 | ---- | C] (Microsoft Corporation) --

C:\WINDOWS\System32\drivers\hidbth.sys
[2009/05/29 18:59:29 | 00,018,944 | ---- | C] (Microsoft Corporation) --

C:\WINDOWS\System32\drivers\bthusb.sys
[2009/05/29 18:59:29 | 00,017,024 | ---- | C] (Microsoft Corporation) --

C:\WINDOWS\System32\drivers\bthenum.sys
[2009/05/29 18:59:28 | 00,067,866 | ---- | C] () --

C:\WINDOWS\System32\drivers\netwlan5.img
[2009/05/29 18:59:28 | 00,059,136 | ---- | C] (Microsoft Corporation) --

C:\WINDOWS\System32\drivers\rfcomm.sys
[2009/05/29 18:59:28 | 00,030,592 | ---- | C] (Microsoft Corporation) --

C:\WINDOWS\System32\drivers\rndismpx.sys
[2009/05/29 18:59:27 | 00,121,984 | ---- | C] (Microsoft Corporation) --

C:\WINDOWS\System32\drivers\usbvideo.sys
[2009/05/29 18:59:27 | 00,044,672 | ---- | C] (Microsoft Corporation) --

C:\WINDOWS\System32\drivers\uagp35.sys
[2009/05/29 18:59:27 | 00,012,800 | ---- | C] (Microsoft Corporation) --

C:\WINDOWS\System32\drivers\usb8023x.sys
[2009/05/29 18:59:27 | 00,010,240 | ---- | C] (Microsoft Corporation) --

C:\WINDOWS\System32\drivers\sffp_mmc.sys
[2009/05/29 18:59:27 | 00,005,888 | ---- | C] (Microsoft Corporation) --

C:\WINDOWS\System32\drivers\smbali.sys
[2009/05/29 18:59:26 | 00,014,208 | ---- | C] (Microsoft Corporation) --

C:\WINDOWS\System32\drivers\wacompen.sys
[2009/05/29 18:36:28 | 00,044,544 | ---- | C] () -- C:\Documents and Settings\Peter H\My

Documents\Description of Windows XP and Windows Server 2003 System File Checker.doc
[2009/05/29 12:36:57 | 00,000,005 | ---- | C] () --

C:\WINDOWS\System32\drivers\DELL_XPS_Dell DXP051 .MRK
[2009/05/29 12:36:57 | 00,000,005 | ---- | C] () --

C:\WINDOWS\System32\drivers\1028_DELL_XPS_Dell DXP051 .MRK
[2009/05/29 12:09:01 | 00,000,000 | ---D | C] -- C:\dell_update
[2009/05/29 11:24:35 | 00,000,842 | ---- | C] () -- C:\Documents and Settings\All

Users\Desktop\DriverScanner.lnk
[2009/05/29 11:23:47 | 00,000,000 | -H-D | C] -- C:\Documents and Settings\All

Users\Application Data\{5A76C6B3-3FA8-46D0-AA81-62C3805E38BC}
[2009/05/29 11:20:47 | 00,029,184 | ---- | C] () -- C:\Documents and Settings\Peter H\My

Documents\ConnAPI.doc
[2009/05/29 08:48:55 | 00,054,156 | -H-- | C] () -- C:\WINDOWS\QTFont.qfn
[2009/05/29 08:48:55 | 00,001,409 | ---- | C] () -- C:\WINDOWS\QTFont.for
[2009/05/29 07:49:40 | 00,057,960 | ---- | C] () -- C:\Documents and Settings\Peter H\My

Documents\cc_20090529_0749.reg
[2009/05/29 07:47:31 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Peter

H\Application Data\System Tweaker
[2009/05/29 01:21:53 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Peter H\Local

Settings\Application Data\ATI
[2009/05/29 01:21:53 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Peter

H\Application Data\ATI
[2009/05/29 01:07:15 | 00,520,192 | ---- | C] () -- C:\WINDOWS\System32\ati2sgag.exe
[2009/05/29 01:06:10 | 03,107,788 | ---- | C] () -- C:\WINDOWS\System32\ativvaxx.dat
[2009/05/29 01:06:10 | 03,107,788 | ---- | C] () -- C:\WINDOWS\System32\ativva5x.dat
[2009/05/29 01:06:10 | 00,972,072 | ---- | C] () -- C:\WINDOWS\System32\ativva6x.dat
[2009/05/29 01:06:10 | 00,002,096 | ---- | C] () --

C:\WINDOWS\System32\drivers\ativdkxx.vp
[2009/05/29 01:06:09 | 00,011,557 | ---- | C] () -- C:\WINDOWS\atiogl.xml
[2009/05/29 00:34:07 | 00,000,774 | ---- | C] () -- C:\Documents and Settings\Peter

H\Desktop\System Tweaker.lnk
[2009/05/29 00:34:04 | 00,000,000 | ---D | C] -- C:\Program Files\Uniblue
[2009/05/29 00:05:33 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Peter

H\Application Data\Uniblue
[2009/05/29 00:05:33 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All

Users\Application Data\DriverScanner
[2009/05/28 23:13:08 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Peter H\Local

Settings\Application Data\Dell
[2009/05/28 21:34:29 | 00,030,515 | ---- | C] () -- C:\Documents and Settings\Peter H\My

Documents\NTE725.pdf
[2009/05/27 23:58:52 | 00,111,616 | ---- | C] () -- C:\Documents and Settings\Peter H\My

Documents\windows_crash.doc
[2009/05/27 15:21:55 | 00,221,184 | ---- | C] (Microsoft Corporation) --

C:\WINDOWS\System32\dllcache\wmpns.dll
[2009/05/27 15:08:15 | 00,226,816 | ---- | C] (Microsoft Corporation) --

C:\WINDOWS\System32\dllcache\npdrmv2.dll
[2009/05/27 14:52:47 | 00,364,544 | ---- | C] (Microsoft Corporation (written by Digital

Renaissance Inc.)) -- C:\WINDOWS\System32\dllcache\npdsplay.dll
[2009/05/27 14:52:47 | 00,010,240 | ---- | C] (Microsoft Corporation) --

C:\WINDOWS\System32\dllcache\npwmsdrm.dll
[2009/05/27 14:52:40 | 00,004,639 | ---- | C] (Microsoft Corporation) --

C:\WINDOWS\System32\dllcache\mplayer2.exe
[2009/05/27 10:47:40 | 29,033,10336 | ---- | C] () -- C:\WinLite.iso
[2009/05/27 08:56:12 | 00,000,000 | ---D | C] -- C:\Program Files\nLite
[2009/05/27 08:30:56 | 01,699,840 | ---- | C] () -- C:\Documents and Settings\Peter H\My

Documents\NLITE_DOC.doc
[2009/05/27 08:30:56 | 00,025,600 | ---- | C] () -- C:\Documents and Settings\Peter H\My

Documents\SP3_CDPROBLEM.doc
[2009/05/23 23:18:27 | 00,056,320 | ---- | C] () -- C:\Documents and Settings\Peter H\My

Documents\How to Slipstream Windows XP Service Pack 3 to Create an Integrated XP Setup

Disk with SP 3.doc
[2009/05/23 15:52:05 | 00,000,298 | ---- | C] () -- C:\Documents and Settings\Peter H\My

Documents\xp.ROXIO
[2009/05/23 14:00:59 | 02,028,369 | ---- | C] () -- C:\Documents and Settings\Peter H\My

Documents\rc4558.pdf
[2009/05/23 11:18:00 | 00,051,419 | ---- | C] () -- C:\Documents and Settings\Peter H\My

Documents\n09_party7.pdf
[2009/05/23 11:16:49 | 00,237,568 | ---- | C] () -- C:\Documents and Settings\Peter H\My

Documents\n09_party_rsvp4.pra
[2009/05/22 23:19:48 | 00,000,000 | ---D | C] -- C:\SP3
[2009/05/22 23:18:25 | 00,067,584 | ---- | C] () -- C:\Documents and Settings\Peter H\My

Documents\Build an XP SP3 Recovery Disc.doc
[2009/05/22 21:58:55 | 00,068,096 | ---- | C] () -- C:\Documents and Settings\Peter H\My

Documents\sfc_workaround.doc
[2009/05/22 21:49:17 | 00,116,224 | ---- | C] (Xerox) --

C:\WINDOWS\System32\dllcache\xrxwiadr.dll
[2009/05/22 21:49:13 | 00,023,040 | ---- | C] (Xerox Corporation) --

C:\WINDOWS\System32\dllcache\xrxwbtmp.dll
[2009/05/22 21:49:12 | 00,018,944 | ---- | C] () --

C:\WINDOWS\System32\dllcache\xrxscnui.dll
[2009/05/22 21:49:08 | 00,027,648 | ---- | C] () --

C:\WINDOWS\System32\dllcache\xrxftplt.exe
[2009/05/22 21:49:04 | 00,004,608 | ---- | C] (Microsoft Corporation) --

C:\WINDOWS\System32\dllcache\xrxflnch.exe
[2009/05/22 21:48:46 | 00,099,865 | ---- | C] (Eicon Technology) --

C:\WINDOWS\System32\dllcache\xlog.exe
[2009/05/22 21:48:42 | 00,016,970 | ---- | C] (US Robotics MCD (Megahertz)) --

C:\WINDOWS\System32\dllcache\xem336n5.sys
[2009/05/22 21:48:35 | 00,008,192 | ---- | C] (Microsoft Corporation) --

C:\WINDOWS\System32\dllcache\wshirda.dll
[2009/05/22 21:45:35 | 00,008,832 | ---- | C] (Microsoft Corporation) --

C:\WINDOWS\System32\dllcache\wmiacpi.sys
[2009/05/22 21:45:33 | 00,154,624 | ---- | C] (Lucent Technologies) --

C:\WINDOWS\System32\dllcache\wlluc48.sys
[2009/05/22 21:45:29 | 00,034,890 | ---- | C] (Raytheon Corp.) --

C:\WINDOWS\System32\dllcache\wlandrv2.sys
[2009/05/22 21:45:20 | 00,771,581 | ---- | C] (Rockwell) --

C:\WINDOWS\System32\dllcache\winacisa.sys
[2009/05/22 21:45:15 | 00,053,760 | ---- | C] (Microsoft Corporation) --

C:\WINDOWS\System32\dllcache\wiamsmud.dll
[2009/05/22 21:45:11 | 00,087,040 | ---- | C] (Microsoft Corporation) --

C:\WINDOWS\System32\dllcache\wiafbdrv.dll
[2009/05/22 21:45:10 | 00,041,600 | ---- | C] (Microsoft Corporation) --

C:\WINDOWS\System32\dllcache\weitekp9.dll
[2009/05/22 21:45:10 | 00,031,232 | ---- | C] (Microsoft Corporation) --

C:\WINDOWS\System32\dllcache\weitekp9.sys
[2009/05/22 21:45:03 | 00,031,744 | ---- | C] (Microsoft Corporation) --

C:\WINDOWS\System32\dllcache\wceusbsh.sys
[2009/05/22 21:44:59 | 00,035,871 | ---- | C] (Winbond Electronics Corp.) --

C:\WINDOWS\System32\dllcache\wbfirdma.sys
[2009/05/22 21:44:53 | 00,009,216 | ---- | C] (Microsoft Corporation) --

C:\WINDOWS\System32\dllcache\wamps51.dll
[2009/05/22 21:44:45 | 00,016,925 | ---- | C] (Winbond Electronics Corporation) --

C:\WINDOWS\System32\dllcache\w940nd.sys
[2009/05/22 21:44:41 | 00,019,016 | ---- | C] (Winbond Electronics Corporation) --

C:\WINDOWS\System32\dllcache\w926nd.sys
[2009/05/22 21:44:37 | 00,019,528 | ---- | C] (Winbond Electronics Corporation) --

C:\WINDOWS\System32\dllcache\w840nd.sys
[2009/05/22 21:44:37 | 00,005,632 | ---- | C] (Microsoft Corporation) --

C:\WINDOWS\System32\dllcache\w3svapi.dll
[2009/05/22 21:44:36 | 00,073,728 | ---- | C] (Microsoft Corporation) --

C:\WINDOWS\System32\dllcache\w3ext.dll
[2009/05/22 21:44:36 | 00,004,608 | ---- | C] (Microsoft Corporation) --

C:\WINDOWS\System32\dllcache\w3ctrs51.dll
[2009/05/22 21:44:35 | 00,048,256 | ---- | C] (Microsoft Corporation) --

C:\WINDOWS\System32\dllcache\w32.dll
[2009/05/22 21:44:31 | 00,064,605 | ---- | C] (PCtel, Inc.) --

C:\WINDOWS\System32\dllcache\vvoice.sys
[2009/05/22 21:44:27 | 00,397,502 | ---- | C] (PCtel, Inc.) --

C:\WINDOWS\System32\dllcache\vpctcom.sys
[2009/05/22 21:44:22 | 00,604,253 | ---- | C] (PCTEL, INC.) --

C:\WINDOWS\System32\dllcache\vmodem.sys
[2009/05/22 21:44:18 | 00,249,402 | ---- | C] (Xircom) --

C:\WINDOWS\System32\dllcache\vinwm.sys
[2009/05/22 21:44:08 | 00,687,999 | ---- | C] (U.S. Robotics Corporation) --

C:\WINDOWS\System32\dllcache\usrwdxjs.sys
[2009/05/22 21:44:04 | 00,765,884 | ---- | C] (U.S. Robotics, Inc.) --

C:\WINDOWS\System32\dllcache\usrti.sys
[2009/05/22 21:44:00 | 00,113,762 | ---- | C] (U.S. Robotics Corporation) --

C:\WINDOWS\System32\dllcache\usrpda.sys
[2009/05/22 21:43:56 | 00,007,556 | ---- | C] (U.S. Robotics Corporation) --

C:\WINDOWS\System32\dllcache\usroslba.sys
[2009/05/22 21:43:52 | 00,224,802 | ---- | C] (U.S. Robotics Corporation) --

C:\WINDOWS\System32\dllcache\usr1807a.sys
[2009/05/22 21:43:48 | 00,794,399 | ---- | C] (U.S. Robotics, Inc.) --

C:\WINDOWS\System32\dllcache\usr1806v.sys
[2009/05/22 21:43:44 | 00,793,598 | ---- | C] (U.S. Robotics, Inc.) --

C:\WINDOWS\System32\dllcache\usr1806.sys
[2009/05/22 21:43:40 | 00,794,654 | ---- | C] (U.S. Robotics, Inc.) --

C:\WINDOWS\System32\dllcache\usr1801.sys
[2009/05/22 21:43:38 | 00,026,112 | ---- | C] (Microsoft Corporation) --

C:\WINDOWS\System32\dllcache\usbser.sys
[2009/05/22 21:43:36 | 00,017,152 | ---- | C] (Microsoft Corporation) --

C:\WINDOWS\System32\dllcache\usbohci.sys
[2009/05/22 21:43:34 | 00,060,032 | ---- | C] (Microsoft Corporation) --

C:\WINDOWS\System32\dllcache\usbaudio.sys
[2009/05/22 21:43:33 | 00,032,384 | ---- | C] (KLSI USA, Inc.) --

C:\WINDOWS\System32\dllcache\usb101et.sys
[2009/05/22 21:43:27 | 00,094,720 | ---- | C] (Microsoft Corporation) --

C:\WINDOWS\System32\dllcache\umaxud32.dll
[2009/05/22 21:43:24 | 00,028,160 | ---- | C] (Microsoft Corporation) --

C:\WINDOWS\System32\dllcache\umaxu40.dll
[2009/05/22 21:43:20 | 00,026,624 | ---- | C] (Microsoft Corporation) --

C:\WINDOWS\System32\dllcache\umaxu22.dll
[2009/05/22 21:43:16 | 00,069,632 | ---- | C] (Microsoft Corporation) --

C:\WINDOWS\System32\dllcache\umaxu12.dll
[2009/05/22 21:43:12 | 00,050,688 | ---- | C] (UMAX DATA SYSTEMS INC.) --

C:\WINDOWS\System32\dllcache\umaxscan.dll
[2009/05/22 21:43:09 | 00,022,912 | ---- | C] (Microsoft Corporation) --

C:\WINDOWS\System32\dllcache\umaxpcls.sys
[2009/05/22 21:43:05 | 00,050,176 | ---- | C] (Microsoft Corporation) --

C:\WINDOWS\System32\dllcache\umaxp60.dll
[2009/05/22 21:43:01 | 00,047,616 | ---- | C] (Microsoft Corporation) --

C:\WINDOWS\System32\dllcache\umaxcam.dll
[2009/05/22 21:42:58 | 00,211,968 | ---- | C] (UMAX Data Systems Inc.) --

C:\WINDOWS\System32\dllcache\um54scan.dll
[2009/05/22 21:42:54 | 00,216,064 | ---- | C] (UMAX Data Systems Inc.) --

C:\WINDOWS\System32\dllcache\um34scan.dll
[2009/05/22 21:42:49 | 00,014,336 | ---- | C] (Microsoft Corporation) --

C:\WINDOWS\System32\dllcache\tsprof.exe
[2009/05/22 21:42:43 | 00,166,784 | ---- | C] (Trident Microsystems Inc.) --

C:\WINDOWS\System32\dllcache\tridxpm.sys
[2009/05/22 21:42:40 | 00,525,568 | ---- | C] (Trident Microsystems Inc.) --

C:\WINDOWS\System32\dllcache\tridxp.dll
[2009/05/22 21:42:36 | 00,159,232 | ---- | C] (Trident Microsystems Inc.) --

C:\WINDOWS\System32\dllcache\tridkbm.sys
[2009/05/22 21:42:32 | 00,440,576 | ---- | C] (Trident Microsystems Inc.) --

C:\WINDOWS\System32\dllcache\tridkb.dll
[2009/05/22 21:42:28 | 00,222,336 | ---- | C] (Trident Microsystems Inc.) --

C:\WINDOWS\System32\dllcache\trid3dm.sys
[2009/05/22 21:42:25 | 00,315,520 | ---- | C] (Trident Microsystems Inc.) --

C:\WINDOWS\System32\dllcache\trid3d.dll
[2009/05/22 21:41:56 | 00,123,995 | ---- | C] (Tiger Jet Network) --

C:\WINDOWS\System32\dllcache\tjisdn.sys
[2009/05/22 21:41:54 | 00,185,344 | ---- | C] (Microsoft Corporation) --

C:\WINDOWS\System32\dllcache\thawbrkr.dll
[2009/05/22 21:41:51 | 00,138,528 | ---- | C] (Trident Microsystems Inc.) --

C:\WINDOWS\System32\dllcache\tgiulnt5.sys
[2009/05/22 21:41:47 | 00,081,408 | ---- | C] (Trident Microsystems Inc.) --

C:\WINDOWS\System32\dllcache\tgiul50.dll
[2009/05/22 21:41:46 | 00,149,376 | ---- | C] (M-Systems) --

C:\WINDOWS\System32\dllcache\tffsport.sys
[2009/05/22 21:41:45 | 00,019,464 | ---- | C] (Microsoft Corporation) --

C:\WINDOWS\System32\dllcache\tdspx.sys
[2009/05/22 21:41:41 | 00,017,129 | ---- | C] (TDK Corporation) --

C:\WINDOWS\System32\dllcache\tdkcd31.sys
[2009/05/22 21:41:38 | 00,037,961 | ---- | C] (TDK Corporation) --

C:\WINDOWS\System32\dllcache\tdk100b.sys
[2009/05/22 21:41:37 | 00,021,896 | ---- | C] (Microsoft Corporation) --

C:\WINDOWS\System32\dllcache\tdipx.sys
[2009/05/22 21:41:37 | 00,013,192 | ---- | C] (Microsoft Corporation) --

C:\WINDOWS\System32\dllcache\tdasync.sys
[2009/05/22 21:41:28 | 00,007,040 | ---- | C] (Microsoft Corporation) --

C:\WINDOWS\System32\dllcache\tandqic.sys
[2009/05/22 21:41:25 | 00,036,640 | ---- | C] (Number Nine Visual Technology Corp.) --

C:\WINDOWS\System32\dllcache\t2r4mini.sys
[2009/05/22 21:41:21 | 00,172,768 | ---- | C] (Number Nine Visual Technology) --

C:\WINDOWS\System32\dllcache\t2r4disp.dll
[2009/05/22 21:41:14 | 00,094,293 | ---- | C] (Perle Systems Ltd. ) --

C:\WINDOWS\System32\dllcache\sxports.dll
[2009/05/22 21:41:11 | 00,103,936 | ---- | C] (Perle Systems Ltd. ) --

C:\WINDOWS\System32\dllcache\sx.sys
[2009/05/22 21:41:07 | 00,003,968 | ---- | C] (Microsoft Corporation) --

C:\WINDOWS\System32\dllcache\swusbflt.sys
[2009/05/22 21:41:04 | 00,010,240 | ---- | C] (Microsoft Corporation) --

C:\WINDOWS\System32\dllcache\swpidflt.dll
[2009/05/22 21:41:01 | 00,010,240 | ---- | C] (Microsoft Corporation) --

C:\WINDOWS\System32\dllcache\swpdflt2.dll
[2009/05/22 21:40:57 | 00,053,760 | ---- | C] (Microsoft Corporation) --

C:\WINDOWS\System32\dllcache\sw_wheel.dll
[2009/05/22 21:40:54 | 00,041,472 | ---- | C] (Microsoft Corporation) --

C:\WINDOWS\System32\dllcache\sw_effct.dll
[2009/05/22 21:40:49 | 00,155,648 | ---- | C] (Stallion Technologies) --

C:\WINDOWS\System32\dllcache\stlnprop.dll
[2009/05/22 21:40:46 | 00,053,248 | ---- | C] (Stallion Technologies) --

C:\WINDOWS\System32\dllcache\stlncoin.dll
[2009/05/22 21:40:42 | 00,285,760 | ---- | C] (Stallion Technologies) --

C:\WINDOWS\System32\dllcache\stlnata.sys
[2009/05/22 21:40:38 | 00,016,896 | ---- | C] (SCM Microsystems, Inc.) --

C:\WINDOWS\System32\dllcache\stcusb.sys
[2009/05/22 21:40:38 | 00,016,896 | ---- | C] (Microsoft Corporation) --

C:\WINDOWS\System32\dllcache\status.dll
[2009/05/22 21:40:33 | 00,048,736 | ---- | C] (3Com) --

C:\WINDOWS\System32\dllcache\srwlnd5.sys
[2009/05/22 21:40:29 | 00,101,376 | ---- | C] (Microsoft Corporation) --

C:\WINDOWS\System32\dllcache\srusbusd.dll
[2009/05/22 21:40:29 | 00,099,328 | ---- | C] (Microsoft Corporation) --

C:\WINDOWS\System32\dllcache\srusd.dll
[2009/05/22 21:40:24 | 00,024,660 | ---- | C] (Perle Systems Ltd.) --

C:\WINDOWS\System32\dllcache\spxupchk.dll
[2009/05/22 21:40:19 | 00,061,824 | ---- | C] (Perle Systems Ltd.) --

C:\WINDOWS\System32\dllcache\speed.sys
[2009/05/22 21:40:16 | 00,106,584 | ---- | C] (Perle Systems Ltd.) --

C:\WINDOWS\System32\dllcache\spdports.dll
[2009/05/22 21:39:58 | 00,009,600 | ---- | C] (Microsoft Corporation) --

C:\WINDOWS\System32\dllcache\sonymc.sys
[2009/05/22 21:39:57 | 00,143,422 | ---- | C] (Microsoft Corporation) --

C:\WINDOWS\System32\dllcache\softkey.dll
[2009/05/22 21:39:57 | 00,007,552 | ---- | C] (Microsoft Corporation) --

C:\WINDOWS\System32\dllcache\sonyait.sys
[2009/05/22 21:39:53 | 00,007,168 | ---- | C] (Microsoft Corporation) --

C:\WINDOWS\System32\dllcache\EXCH_snprfdll.dll
[2009/05/22 21:39:53 | 00,007,040 | ---- | C] (Microsoft Corporation) --

C:\WINDOWS\System32\dllcache\snyaitmc.sys
[2009/05/22 21:39:52 | 00,010,240 | ---- | C] (Microsoft Corporation) --

C:\WINDOWS\System32\dllcache\snmpstup.dll
[2009/05/22 21:39:49 | 00,012,288 | ---- | C] (Microsoft Corporation) --

C:\WINDOWS\System32\dllcache\EXCH_smtpctrs.dll
[2009/05/22 21:39:49 | 00,005,632 | ---- | C] (Microsoft Corporation) --

C:\WINDOWS\System32\dllcache\smimsgif.dll
[2009/05/22 21:39:45 | 00,058,368 | ---- | C] (Silicon Motion Inc.) --

C:\WINDOWS\System32\dllcache\smiminib.sys
[2009/05/22 21:39:45 | 00,015,872 | ---- | C] (Microsoft Corporation) --

C:\WINDOWS\System32\dllcache\smierrsm.dll
[2009/05/22 21:39:45 | 00,005,632 | ---- | C] (Microsoft Corporation) --

C:\WINDOWS\System32\dllcache\smierrsy.dll
[2009/05/22 21:39:41 | 00,147,200 | ---- | C] (Silicon Motion Inc.) --

C:\WINDOWS\System32\dllcache\smidispb.dll
[2009/05/22 21:39:38 | 00,025,034 | ---- | C] (SMC Networks, Inc.) --

C:\WINDOWS\System32\dllcache\smcpwr2n.sys
[2009/05/22 21:39:34 | 00,035,913 | ---- | C] (SMC) --

C:\WINDOWS\System32\dllcache\smcirda.sys
[2009/05/22 21:39:31 | 00,024,576 | ---- | C] (SMC Networks, Inc.) --

C:\WINDOWS\System32\dllcache\smc8000n.sys
[2009/05/22 21:39:27 | 00,006,784 | ---- | C] (Microsoft Corporation) --

C:\WINDOWS\System32\dllcache\smbhc.sys
[2009/05/22 21:39:26 | 00,006,912 | ---- | C] (Microsoft Corporation) --

C:\WINDOWS\System32\dllcache\smbclass.sys
[2009/05/22 21:39:25 | 00,031,744 | ---- | C] (Microsoft Corporation) --

C:\WINDOWS\System32\dllcache\smb6w.dll
[2009/05/22 21:39:25 | 00,016,000 | ---- | C] (Microsoft Corporation) --

C:\WINDOWS\System32\dllcache\smbbatt.sys
[2009/05/22 21:39:21 | 00,045,568 | ---- | C] (Microsoft Corporation) --

C:\WINDOWS\System32\dllcache\smb3w.dll
[2009/05/22 21:39:18 | 00,033,792 | ---- | C] (Microsoft Corporation) --

C:\WINDOWS\System32\dllcache\smb0w.dll
[2009/05/22 21:39:18 | 00,031,744 | ---- | C] (Microsoft Corporation) --

C:\WINDOWS\System32\dllcache\sma3w.dll
[2009/05/22 21:39:14 | 00,038,912 | ---- | C] (Microsoft Corporation) --

C:\WINDOWS\System32\dllcache\sm9aw.dll
[2009/05/22 21:39:14 | 00,028,672 | ---- | C] (Microsoft Corporation) --

C:\WINDOWS\System32\dllcache\sma0w.dll
[2009/05/22 21:39:14 | 00,026,624 | ---- | C] (Microsoft Corporation) --

C:\WINDOWS\System32\dllcache\sm93w.dll
[2009/05/22 21:39:13 | 00,026,624 | ---- | C] (Microsoft Corporation) --

C:\WINDOWS\System32\dllcache\sm92w.dll
[2009/05/22 21:39:10 | 00,028,160 | ---- | C] (Microsoft Corporation) --

C:\WINDOWS\System32\dllcache\sm91w.dll
[2009/05/22 21:39:10 | 00,026,112 | ---- | C] (Microsoft Corporation) --

C:\WINDOWS\System32\dllcache\sm90w.dll
[2009/05/22 21:39:09 | 00,029,184 | ---- | C] (Microsoft Corporation) --

C:\WINDOWS\System32\dllcache\sm8cw.dll
[2009/05/22 21:39:09 | 00,026,112 | ---- | C] (Microsoft Corporation) --

C:\WINDOWS\System32\dllcache\sm8dw.dll
[2009/05/22 21:39:09 | 00,026,112 | ---- | C] (Microsoft Corporation) --

C:\WINDOWS\System32\dllcache\sm8aw.dll
[2009/05/22 21:39:08 | 00,030,208 | ---- | C] (Microsoft Corporation) --

C:\WINDOWS\System32\dllcache\sm87w.dll
[2009/05/22 21:39:08 | 00,030,208 | ---- | C] (Microsoft Corporation) --

C:\WINDOWS\System32\dllcache\sm81w.dll
[2009/05/22 21:39:08 | 00,026,112 | ---- | C] (Microsoft Corporation) --

C:\WINDOWS\System32\dllcache\sm89w.dll
[2009/05/22 21:39:07 | 00,025,088 | ---- | C] (Microsoft Corporation) --

C:\WINDOWS\System32\dllcache\sm59w.dll
[2009/05/22 21:39:05 | 00,063,547 | ---- | C] (Symbol Technologies) --

C:\WINDOWS\System32\dllcache\sla30nd5.sys
[2009/05/22 21:39:02 | 00,091,294 | ---- | C] (SysKonnect, a business unit of Schneider

& Koch & Co. Datensysteme GmbH.) -- C:\WINDOWS\System32\dllcache\skfpwin.sys
[2009/05/22 21:38:58 | 00,094,698 | ---- | C] (SysKonnect GmbH.) --

C:\WINDOWS\System32\dllcache\sk98xwin.sys
[2009/05/22 21:38:50 | 00,032,768 | ---- | C] (SiS Corporation) --

C:\WINDOWS\System32\dllcache\sisnic.sys
[2009/05/22 21:38:30 | 00,018,944 | ---- | C] (Microsoft Corporation) --

C:\WINDOWS\System32\dllcache\simptcp.dll
[2009/05/22 21:38:23 | 00,161,568 | ---- | C] (Micro Systemation) --

C:\WINDOWS\System32\dllcache\sgsmusb.sys
[2009/05/22 21:38:19 | 00,018,400 | ---- | C] (Micro Systemation) --

C:\WINDOWS\System32\dllcache\sgsmld.sys
[2009/05/22 21:38:16 | 00,098,080 | ---- | C] (Trident Microsystems Inc.) --

C:\WINDOWS\System32\dllcache\sgiulnt5.sys
[2009/05/22 21:38:13 | 00,386,560 | ---- | C] (Trident Microsystems Inc.) --

C:\WINDOWS\System32\dllcache\sgiul50.dll
[2009/05/22 21:38:05 | 00,006,784 | ---- | C] (Microsoft Corporation) --

C:\WINDOWS\System32\dllcache\serscan.sys
[2009/05/22 21:38:01 | 00,026,112 | ---- | C] (Microsoft Corporation) --

C:\WINDOWS\System32\dllcache\EXCH_seos.dll
[2009/05/22 21:38:01 | 00,017,664 | ---- | C] (Microsoft Corporation) --

C:\WINDOWS\System32\dllcache\sermouse.sys
[2009/05/22 21:37:56 | 00,006,912 | ---- | C] (Microsoft Corporation) --

C:\WINDOWS\System32\dllcache\seaddsmc.sys
[2009/05/22 21:37:55 | 00,011,520 | ---- | C] (Microsoft Corporation) --

C:\WINDOWS\System32\dllcache\scsiscan.sys
[2009/05/22 21:37:52 | 00,011,648 | ---- | C] (Microsoft Corporation) --

C:\WINDOWS\System32\dllcache\scsiprnt.sys
[2009/05/22 21:37:51 | 00,057,856 | ---- | C] (Microsoft Corporation) --

C:\WINDOWS\System32\dllcache\EXCH_scripto.dll
[2009/05/22 21:37:48 | 00,017,280 | ---- | C] (SCM Microsystems) --

C:\WINDOWS\System32\dllcache\scr111.sys
[2009/05/22 21:37:44 | 00,016,640 | ---- | C] (Microsoft Corporation) --

C:\WINDOWS\System32\dllcache\scmstcs.sys
[2009/05/22 21:37:40 | 00,023,936 | ---- | C] (OMNIKEY AG) --

C:\WINDOWS\System32\dllcache\sccmusbm.sys
[2009/05/22 21:37:37 | 00,023,936 | ---- | C] (OMNIKEY AG) --

C:\WINDOWS\System32\dllcache\sccmn50m.sys
[2009/05/22 21:37:35 | 00,043,904 | ---- | C] (Microsoft Corporation) --

C:\WINDOWS\System32\dllcache\sbp2port.sys
[2009/05/22 21:37:21 | 00,077,824 | ---- | C] (S3 Incorporated) --

C:\WINDOWS\System32\dllcache\s3sav4m.sys
[2009/05/22 21:37:18 | 00,198,400 | ---- | C] (S3 Incorporated) --

C:\WINDOWS\System32\dllcache\s3sav4.dll
[2009/05/22 21:37:15 | 00,061,504 | ---- | C] (S3 Incorporated) --

C:\WINDOWS\System32\dllcache\s3sav3dm.sys
[2009/05/22 21:37:12 | 00,179,264 | ---- | C] (S3 Incorporated) --

C:\WINDOWS\System32\dllcache\s3sav3d.dll
[2009/05/22 21:37:08 | 00,210,496 | ---- | C] (S3 Incorporated) --

C:\WINDOWS\System32\dllcache\s3mvirge.dll
[2009/05/22 21:37:05 | 00,062,496 | ---- | C] (S3 Incorporated) --

C:\WINDOWS\System32\dllcache\s3mtrio.dll
[2009/05/22 21:37:02 | 00,041,216 | ---- | C] (S3 Incorporated) --

C:\WINDOWS\System32\dllcache\s3mt3d.sys
[2009/05/22 21:36:59 | 00,182,272 | ---- | C] (S3 Incorporated) --

C:\WINDOWS\System32\dllcache\s3mt3d.dll
[2009/05/22 21:36:55 | 00,166,720 | ---- | C] (S3 Incorporated) --

C:\WINDOWS\System32\dllcache\s3m.sys
[2009/05/22 21:36:52 | 00,065,664 | ---- | C] (Microsoft Corporation) --

C:\WINDOWS\System32\dllcache\s3legacy.sys
[2009/05/22 21:36:48 | 00,082,432 | ---- | C] (Ricoh Co., Ltd.) --

C:\WINDOWS\System32\dllcache\rwia450.dll
[2009/05/22 21:36:45 | 00,079,872 | ---- | C] (Ricoh Co., Ltd.) --

C:\WINDOWS\System32\dllcache\rwia430.dll
[2009/05/22 21:36:45 | 00,079,872 | ---- | C] (Ricoh Co., Ltd.) --

C:\WINDOWS\System32\dllcache\rwia330.dll
[2009/05/22 21:36:44 | 00,079,872 | ---- | C] (Ricoh Co., Ltd.) --

C:\WINDOWS\System32\dllcache\rwia001.dll
[2009/05/22 21:36:43 | 00,029,696 | ---- | C] (Ricoh Co., Ltd.) --

C:\WINDOWS\System32\dllcache\rw450ext.dll
[2009/05/22 21:36:42 | 00,027,648 | ---- | C] (Ricoh Co., Ltd.) --

C:\WINDOWS\System32\dllcache\rw430ext.dll
[2009/05/22 21:36:39 | 00,020,992 | ---- | C] (Realtek Semiconductor Corporation) --

C:\WINDOWS\System32\dllcache\rtl8139.sys
[2009/05/22 21:36:36 | 00,019,017 | ---- | C] (Realtek Semiconductor Corporation) --

C:\WINDOWS\System32\dllcache\rtl8029.sys
[2009/05/22 21:36:28 | 00,009,216 | ---- | C] (Brother Industries, Ltd.) --

C:\WINDOWS\System32\dllcache\rsmgrstr.dll
[2009/05/22 21:36:22 | 00,079,104 | ---- | C] (Comtrol Corporation) --

C:\WINDOWS\System32\dllcache\rocket.sys
[2009/05/22 21:36:18 | 00,037,563 | ---- | C] (RadioLAN) --

C:\WINDOWS\System32\dllcache\rlnet5.sys
[2009/05/22 21:36:14 | 00,086,097 | ---- | C] (Xircom) --

C:\WINDOWS\System32\dllcache\reslog32.dll
[2009/05/22 21:36:13 | 00,023,040 | ---- | C] (Microsoft Corporation) --

C:\WINDOWS\System32\dllcache\EXCH_regtrace.exe
[2009/05/22 21:36:12 | 00,014,848 | ---- | C] (Microsoft Corporation) --

C:\WINDOWS\System32\dllcache\register.exe
[2009/05/22 21:36:05 | 00,019,584 | ---- | C] (Microsoft Corporation) --

C:\WINDOWS\System32\dllcache\rasirda.sys
[2009/05/22 21:36:00 | 00,714,762 | ---- | C] (Xircom, Inc.) --

C:\WINDOWS\System32\dllcache\r2mdmkxx.sys
[2009/05/22 21:35:57 | 00,899,146 | ---- | C] (Xircom, Inc.) --

C:\WINDOWS\System32\dllcache\r2mdkxga.sys
[2009/05/22 21:35:54 | 00,041,472 | ---- | C] (Microsoft Corporation) --

C:\WINDOWS\System32\dllcache\qvusd.dll
[2009/05/22 21:35:50 | 00,016,384 | ---- | C] (Microsoft Corporation) --

C:\WINDOWS\System32\dllcache\quser.exe
[2009/05/22 21:35:50 | 00,003,328 | ---- | C] (Microsoft Corporation) --

C:\WINDOWS\System32\dllcache\qv2kux.sys
[2009/05/22 21:35:49 | 00,009,728 | ---- | C] (Microsoft Corporation) --

C:\WINDOWS\System32\dllcache\query.exe
[2009/05/22 21:35:47 | 00,006,016 | ---- | C] (Microsoft Corporation) --

C:\WINDOWS\System32\dllcache\qic157.sys
[2009/05/22 21:35:42 | 00,130,942 | ---- | C] (PCTEL, INC.) --

C:\WINDOWS\System32\dllcache\ptserlv.sys
[2009/05/22 21:35:39 | 00,112,574 | ---- | C] (PCTEL, INC.) --

C:\WINDOWS\System32\dllcache\ptserlp.sys
[2009/05/22 21:35:36 | 00,128,286 | ---- | C] (PCTEL, INC.) --

C:\WINDOWS\System32\dllcache\ptserli.sys
[2009/05/22 21:35:35 | 00,159,232 | ---- | C] (Microsoft Corporation) --

C:\WINDOWS\System32\dllcache\ptpusd.dll
[2009/05/22 21:35:31 | 00,005,632 | ---- | C] (Microsoft Corporation) --

C:\WINDOWS\System32\dllcache\ptpusb.dll
[2009/05/22 21:35:28 | 00,035,328 | ---- | C] (Microsoft Corporation) --

C:\WINDOWS\System32\dllcache\psisload.dll
[2009/05/22 21:35:24 | 00,016,128 | ---- | C] (SCM Microsystems, Inc.) --

C:\WINDOWS\System32\dllcache\pscr.sys
[2009/05/22 21:35:21 | 00,017,664 | ---- | C] (Microsoft Corporation) --

C:\WINDOWS\System32\dllcache\ppa3.sys
[2009/05/22 21:35:18 | 00,017,792 | ---- | C] (Microsoft Corporation) --

C:\WINDOWS\System32\dllcache\ppa.sys
[2009/05/22 21:35:17 | 00,008,832 | ---- | C] (Microsoft Corporation) --

C:\WINDOWS\System32\dllcache\powerfil.sys
[2009/05/22 21:35:13 | 00,007,168 | ---- | C] (Microsoft Corporation) --

C:\WINDOWS\System32\dllcache\pnrmc.sys
[2009/05/22 21:35:12 | 00,131,584 | ---- | C] (Microsoft Corporation) --

C:\WINDOWS\System32\dllcache\pmxviceo.dll
[2009/05/22 21:35:12 | 00,011,264 | ---- | C] (Microsoft Corporation) --

C:\WINDOWS\System32\dllcache\pmxmcro.dll
[2009/05/22 21:35:12 | 00,006,144 | ---- | C] (Microsoft Corporation) --

C:\WINDOWS\System32\dllcache\pmxgl.dll
[2009/05/22 21:35:06 | 00,121,344 | ---- | C] (Microsoft Corporation) --

C:\WINDOWS\System32\dllcache\phvfwext.dll
[2009/05/22 21:35:03 | 00,019,840 | ---- | C] (Microsoft Corporation) --

C:\WINDOWS\System32\dllcache\philtune.sys
[2009/05/22 21:34:59 | 00,092,416 | ---- | C] (Microsoft Corporation) --

C:\WINDOWS\System32\dllcache\phildec.sys
[2009/05/22 21:34:56 | 00,173,696 | ---- | C] (Microsoft Corporation) --

C:\WINDOWS\System32\dllcache\philcam2.sys
[2009/05/22 21:34:53 | 00,075,776 | ---- | C] (Microsoft Corporation) --

C:\WINDOWS\System32\dllcache\philcam1.sys
[2009/05/22 21:34:50 | 00,016,384 | ---- | C] (Microsoft Corporation) --

C:\WINDOWS\System32\dllcache\philcam1.dll
[2009/05/22 21:34:47 | 00,105,984 | ---- | C] (Microsoft Corporation) --

C:\WINDOWS\System32\dllcache\phdsext.ax
[2009/05/22 21:34:46 | 00,020,992 | ---- | C] (Microsoft Corporation) --

C:\WINDOWS\System32\dllcache\permchk.dll
[2009/05/22 21:34:45 | 00,259,328 | ---- | C] (Microsoft Corp., 3Dlabs Inc. Ltd.) --

C:\WINDOWS\System32\dllcache\perm3dd.dll
[2009/05/22 21:34:44 | 00,028,032 | ---- | C] (Microsoft Corp., 3Dlabs Inc. Ltd.) --

C:\WINDOWS\System32\dllcache\perm3.sys
[2009/05/22 21:34:43 | 00,211,584 | ---- | C] (Microsoft Corp., 3Dlabs Inc. Ltd.) --

C:\WINDOWS\System32\dllcache\perm2dll.dll
[2009/05/22 21:34:42 | 00,027,904 | ---- | C] (Microsoft Corp., 3Dlabs Inc. Ltd.) --

C:\WINDOWS\System32\dllcache\perm2.sys
[2009/05/22 21:34:40 | 00,169,984 | ---- | C] (Cisco Systems) --

C:\WINDOWS\System32\dllcache\pcx500.sys
[2009/05/22 21:34:37 | 00,086,016 | ---- | C] (PCtel, Inc.) --

C:\WINDOWS\System32\dllcache\pctspk.exe
[2009/05/22 21:34:34 | 00,035,328 | ---- | C] (AMD Inc.) --

C:\WINDOWS\System32\dllcache\pcntpci5.sys
[2009/05/22 21:34:31 | 00,029,769 | ---- | C] (AMD Inc.) --

C:\WINDOWS\System32\dllcache\pcntn5m.sys
[2009/05/22 21:34:27 | 00,030,282 | ---- | C] (AMD Inc.) --

C:\WINDOWS\System32\dllcache\pcntn5hl.sys
[2009/05/22 21:34:24 | 00,026,153 | ---- | C] (Linksys) --

C:\WINDOWS\System32\dllcache\pcmlm56.sys
[2009/05/22 21:34:22 | 00,029,502 | ---- | C] (Marconi Communications, Inc.) --

C:\WINDOWS\System32\dllcache\pca200e.sys
[2009/05/22 21:34:19 | 00,030,495 | ---- | C] (Linksys) --

C:\WINDOWS\System32\dllcache\pc100nds.sys
[2009/05/22 21:34:18 | 00,031,744 | ---- | C] (Microsoft Corporation) --

C:\WINDOWS\System32\dllcache\pagecnt.dll
[2009/05/22 21:34:18 | 00,014,336 | ---- | C] (Microsoft Corporation) --

C:\WINDOWS\System32\dllcache\padrs412.dll
[2009/05/22 21:34:17 | 00,036,927 | ---- | C] (Microsoft Corporation) --

C:\WINDOWS\System32\dllcache\padrs411.dll
[2009/05/22 21:34:13 | 00,041,984 | ---- | C] (Microsoft Corporation) --

C:\WINDOWS\System32\dllcache\ovui2rc.dll
[2009/05/22 21:34:10 | 00,044,544 | ---- | C] (Microsoft Corporation) --

C:\WINDOWS\System32\dllcache\ovui2.dll
[2009/05/22 21:34:07 | 00,025,216 | ---- | C] (Microsoft Corporation) --

C:\WINDOWS\System32\dllcache\ovsound2.sys
[2009/05/22 21:34:03 | 00,039,424 | ---- | C] (Microsoft Corporation) --

C:\WINDOWS\System32\dllcache\ovcoms.exe
[2009/05/22 21:34:00 | 00,020,480 | ---- | C] (Microsoft Corporation) --

C:\WINDOWS\System32\dllcache\ovcomc.dll
[2009/05/22 21:33:57 | 00,351,616 | ---- | C] (Microsoft Corporation) --

C:\WINDOWS\System32\dllcache\ovcodek2.sys
[2009/05/22 21:33:54 | 00,116,736 | ---- | C] (Microsoft Corporation) --

C:\WINDOWS\System32\dllcache\ovcodec2.dll
[2009/05/22 21:33:51 | 00,031,872 | ---- | C] (Microsoft Corporation) --

C:\WINDOWS\System32\dllcache\ovce.sys
[2009/05/22 21:33:48 | 00,028,032 | ---- | C] (Microsoft Corporation) --

C:\WINDOWS\System32\dllcache\ovcd.sys
[2009/05/22 21:33:45 | 00,048,000 | ---- | C] (Microsoft Corporation) --

C:\WINDOWS\System32\dllcache\ovcam2.sys
[2009/05/22 21:33:41 | 00,025,088 | ---- | C] (Microsoft Corporation) --

C:\WINDOWS\System32\dllcache\ovca.sys
[2009/05/22 21:33:38 | 00,054,186 | ---- | C] (Ositech Communications, Inc.) --

C:\WINDOWS\System32\dllcache\otcsercb.sys
[2009/05/22 21:33:35 | 00,043,689 | ---- | C] (Ositech Communications, Inc.) --

C:\WINDOWS\System32\dllcache\otceth5.sys
[2009/05/22 21:33:32 | 00,027,209 | ---- | C] (Ositech Communications, Inc.) --

C:\WINDOWS\System32\dllcache\otc06x5.sys
[2009/05/22 21:33:28 | 00,054,528 | ---- | C] (Yamaha Corp.) --

C:\WINDOWS\System32\dllcache\opl3sax.sys
[2009/05/22 21:33:11 | 00,051,552 | ---- | C] (Kensington Technology Group) --

C:\WINDOWS\System32\dllcache\ntgrip.sys
[2009/05/22 21:33:11 | 00,038,912 | ---- | C] (Microsoft Corporation) --

C:\WINDOWS\System32\dllcache\EXCH_ntfsdrv.dll
[2009/05/22 21:33:07 | 00,009,344 | ---- | C] (Microsoft Corporation) --

C:\WINDOWS\System32\dllcache\ntapm.sys
[2009/05/22 21:33:04 | 00,007,552 | ---- | C] (Microsoft Corporation) --

C:\WINDOWS\System32\dllcache\nsmmc.sys
[2009/05/22 21:31:38 | 00,087,040 | ---- | C] (NeoMagic Corporation) --

C:\WINDOWS\System32\dllcache\nm6wdm.sys
[2009/05/22 21:31:35 | 00,126,080 | ---- | C] (NeoMagic Corporation) --

C:\WINDOWS\System32\dllcache\nm5a2wdm.sys
[2009/05/22 21:31:32 | 00,032,840 | ---- | C] (NETGEAR Corporation.) --

C:\WINDOWS\System32\dllcache\ngrpci.sys
[2009/05/22 21:31:31 | 00,053,248 | ---- | C] (Microsoft Corporation) --

C:\WINDOWS\System32\dllcache\nextlink.dll
[2009/05/22 21:31:30 | 00,132,695 | ---- | C] (802.11b) --

C:\WINDOWS\System32\dllcache\netwlan5.sys
[2009/05/22 21:31:26 | 00,065,278 | ---- | C] (Compaq Computer Corporation) --

C:\WINDOWS\System32\dllcache\netflx3.sys
[2009/05/22 21:31:22 | 00,039,264 | ---- | C] (NeoMagic Corporation) --

C:\WINDOWS\System32\dllcache\neo20xx.sys
[2009/05/22 21:31:19 | 00,060,480 | ---- | C] (NeoMagic Corporation) --

C:\WINDOWS\System32\dllcache\neo20xx.dll
[2009/05/22 21:31:16 | 00,015,872 | ---- | C] (Microsoft Corporation) --

C:\WINDOWS\System32\dllcache\ne2000.sys
[2009/05/22 21:31:11 | 00,091,488 | ---- | C] (Number Nine Visual Technology Corp.) --

C:\WINDOWS\System32\dllcache\n9i3disp.dll
[2009/05/22 21:31:08 | 00,027,936 | ---- | C] (Number Nine Visual Technology Corp.) --

C:\WINDOWS\System32\dllcache\n9i3d.sys
[2009/05/22 21:31:05 | 00,033,088 | ---- | C] (Number Nine Visual Technology Corp.) --

C:\WINDOWS\System32\dllcache\n9i128v2.sys
[2009/05/22 21:31:01 | 00,059,104 | ---- | C] (Number Nine Visual Technology Corp.) --

C:\WINDOWS\System32\dllcache\n9i128v2.dll
[2009/05/22 21:30:58 | 00,013,664 | ---- | C] (Number Nine Visual Technology Corp.) --

C:\WINDOWS\System32\dllcache\n9i128.sys
[2009/05/22 21:30:55 | 00,035,392 | ---- | C] (Number Nine Visual Technology Corp.) --

C:\WINDOWS\System32\dllcache\n9i128.dll
[2009/05/22 21:30:52 | 00,128,000 | ---- | C] (Compaq Computer Corporation) --

C:\WINDOWS\System32\dllcache\n100325.sys
[2009/05/22 21:30:49 | 00,052,255 | ---- | C] (Compaq Computer Corporation) --

C:\WINDOWS\System32\dllcache\n1000nt5.sys
[2009/05/22 21:30:46 | 00,075,520 | ---- | C] (Moxa Technologies Co., Ltd.) --

C:\WINDOWS\System32\dllcache\mxport.sys
[2009/05/22 21:30:43 | 00,007,168 | ---- | C] (Moxa Technologies Co., Ltd) --

C:\WINDOWS\System32\dllcache\mxport.dll
[2009/05/22 21:30:40 | 00,019,968 | ---- | C] (Macronix International Co., Ltd.

) -- C:\WINDOWS\System32\dllcache\mxnic.sys
[2009/05/22 21:30:37 | 00,019,968 | ---- | C] (Moxa Technologies Co., Ltd) --

C:\WINDOWS\System32\dllcache\mxicfg.dll
[2009/05/22 21:30:34 | 00,021,888 | ---- | C] (Moxa Technologies Co., Ltd.) --

C:\WINDOWS\System32\dllcache\mxcard.sys
[2009/05/22 21:30:33 | 00,229,439 | ---- | C] (Microsoft Corporation) --

C:\WINDOWS\System32\dllcache\multibox.dll
[2009/05/22 21:30:30 | 00,103,296 | ---- | C] (Matrox Graphics Inc) --

C:\WINDOWS\System32\dllcache\mtxvideo.sys
[2009/05/22 21:30:23 | 00,049,024 | ---- | C] (Microsoft Corporation) --

C:\WINDOWS\System32\dllcache\mstape.sys
[2009/05/22 21:30:19 | 00,012,416 | ---- | C] (Microsoft Corporation) --

C:\WINDOWS\System32\dllcache\msriffwv.sys
[2009/05/22 21:30:13 | 00,002,944 | ---- | C] (Microsoft Corporation) --

C:\WINDOWS\System32\dllcache\msmpu401.sys
[2009/05/22 21:30:12 | 00,022,016 | ---- | C] (Microsoft Corporation) --

C:\WINDOWS\System32\dllcache\msircomm.sys
[2009/05/22 21:30:11 | 01,875,968 | ---- | C] (Microsoft Corporation) --

C:\WINDOWS\System32\dllcache\msir3jp.lex
[2009/05/22 21:30:11 | 00,098,304 | ---- | C] (Microsoft Corporation) --

C:\WINDOWS\System32\dllcache\msir3jp.dll
[2009/05/22 21:30:04 | 00,035,200 | ---- | C] (Microsoft Corporation) --

C:\WINDOWS\System32\dllcache\msgame.sys
[2009/05/22 21:30:01 | 00,006,016 | ---- | C] (Microsoft Corporation) --

C:\WINDOWS\System32\dllcache\msfsio.sys
[2009/05/22 21:29:53 | 00,015,232 | ---- | C] (Microsoft Corporation) --

C:\WINDOWS\System32\dllcache\mpe.sys
[2009/05/22 21:29:45 | 00,006,528 | ---- | C] (Microsoft Corporation) --

C:\WINDOWS\System32\dllcache\miniqic.sys
[2009/05/22 21:29:44 | 00,034,304 | ---- | C] (Microsoft Corporation) --

C:\WINDOWS\System32\dllcache\migisol.exe
[2009/05/22 21:29:37 | 00,092,416 | ---- | C] (Microsoft Corporation) --

C:\WINDOWS\System32\dllcache\mga.sys
[2009/05/22 21:29:37 | 00,092,032 | ---- | C] (Microsoft Corporation) --

C:\WINDOWS\System32\dllcache\mga.dll
[2009/05/22 21:29:33 | 00,047,616 | ---- | C] (Microsoft Corporation) --

C:\WINDOWS\System32\dllcache\memgrp.dll
[2009/05/22 21:29:30 | 00,008,320 | ---- | C] (Microsoft Corporation) --

C:\WINDOWS\System32\dllcache\memcard.sys
[2009/05/22 21:29:29 | 00,026,624 | ---- | C] (Microsoft Corporation) --

C:\WINDOWS\System32\dllcache\mdsync.dll
[2009/05/22 21:29:26 | 00,164,586 | ---- | C] (Madge Networks Ltd) --

C:\WINDOWS\System32\dllcache\mdgndis5.sys
[2009/05/22 21:29:21 | 00,065,536 | ---- | C] (Microsoft Corporation) --

C:\WINDOWS\System32\dllcache\EXCH_mailmsg.dll
[2009/05/22 21:29:21 | 00,007,424 | ---- | C] (Microsoft Corporation) --

C:\WINDOWS\System32\dllcache\mammoth.sys
[2009/05/22 21:29:15 | 00,058,880 | ---- | C] (Microsoft Corporation) --

C:\WINDOWS\System32\dllcache\m3092dc.dll
[2009/05/22 21:29:12 | 00,058,368 | ---- | C] (Microsoft Corporation) --

C:\WINDOWS\System32\dllcache\m3091dc.dll
[2009/05/22 21:29:05 | 00,797,500 | ---- | C] (LT) --

C:\WINDOWS\System32\dllcache\ltsmt.sys
[2009/05/22 21:29:02 | 00,802,683 | ---- | C] (Lucent Technologies) --

C:\WINDOWS\System32\dllcache\ltsm.sys
[2009/05/22 21:29:01 | 00,420,992 | ---- | C] (LT) --

C:\WINDOWS\System32\dllcache\ltmdmntt.sys
[2009/05/22 21:29:01 | 00,007,040 | ---- | C] (Microsoft Corporation) --

C:\WINDOWS\System32\dllcache\ltotape.sys
[2009/05/22 21:28:58 | 00,576,746 | ---- | C] (LT) --

C:\WINDOWS\System32\dllcache\ltmdmntl.sys
[2009/05/22 21:28:57 | 00,606,684 | ---- | C] (LT) --

C:\WINDOWS\System32\dllcache\ltmdmnt.sys
[2009/05/22 21:28:54 | 00,727,786 | ---- | C] (Xircom, Inc.) --

C:\WINDOWS\System32\dllcache\ltck000c.sys
[2009/05/22 21:28:50 | 00,022,016 | ---- | C] (Microsoft Corporation) --

C:\WINDOWS\System32\dllcache\logscrpt.dll
[2009/05/22 21:28:50 | 00,004,992 | ---- | C] (Microsoft Corporation) --

C:\WINDOWS\System32\dllcache\loop.sys
[2009/05/22 21:28:45 | 00,070,730 | ---- | C] (Linksys Group, Inc.) --

C:\WINDOWS\System32\dllcache\lne100tx.sys
[2009/05/22 21:28:43 | 00,020,573 | ---- | C] (The Linksts Group ) --

C:\WINDOWS\System32\dllcache\lne100.sys
[2009/05/22 21:28:40 | 00,025,065 | ---- | C] (D-Link) --

C:\WINDOWS\System32\dllcache\lmndis3.sys
[2009/05/22 21:28:37 | 00,015,744 | ---- | C] (Litronic Industries) --

C:\WINDOWS\System32\dllcache\lit220p.sys
[2009/05/22 21:28:33 | 00,026,442 | ---- | C] (SMSC) --

C:\WINDOWS\System32\dllcache\lanepic5.sys
[2009/05/22 21:28:30 | 00,019,016 | ---- | C] (Kingston Technology Company

) --

C:\WINDOWS\System32\dllcache\ktc111.sys
[2009/05/22 21:28:26 | 00,037,376 | ---- | C] (Microsoft Corporation) --

C:\WINDOWS\System32\dllcache\kousd.dll
[2009/05/22 21:28:25 | 01,158,818 | ---- | C] () --

C:\WINDOWS\System32\dllcache\korwbrkr.lex
[2009/05/22 21:28:25 | 00,070,656 | ---- | C] (Microsoft Corporation) --

C:\WINDOWS\System32\dllcache\korwbrkr.dll
[2009/05/22 21:28:24 | 00,253,952 | ---- | C] (Microsoft Corporation) --

C:\WINDOWS\System32\dllcache\kdsusd.dll
[2009/05/22 21:28:23 | 00,048,640 | ---- | C] (Microsoft Corporation) --

C:\WINDOWS\System32\dllcache\kdsui.dll
[2009/05/22 21:28:22 | 00,005,632 | ---- | C] (Microsoft Corporation) --

C:\WINDOWS\System32\dllcache\kbdusa.dll
[2009/05/22 21:28:17 | 00,009,216 | ---- | C] (Microsoft Corporation) --

C:\WINDOWS\System32\dllcache\kbdnecat.dll
[2009/05/22 21:28:17 | 00,007,680 | ---- | C] (Microsoft Corporation) --

C:\WINDOWS\System32\dllcache\kbdnecnt.dll
[2009/05/22 21:28:17 | 00,007,168 | ---- | C] (Microsoft Corporation) --

C:\WINDOWS\System32\dllcache\kbdnec95.dll
[2009/05/22 21:28:12 | 00,008,192 | ---- | C] (Microsoft Corporation) --

C:\WINDOWS\System32\dllcache\kbdkor.dll
[2009/05/22 21:28:10 | 00,008,704 | ---- | C] (Microsoft Corporation) --

C:\WINDOWS\System32\dllcache\kbdjpn.dll
[2009/05/22 21:27:58 | 00,006,144 | ---- | C] (Microsoft Corporation) --

C:\WINDOWS\System32\dllcache\kbd106.dll
[2009/05/22 21:27:56 | 00,005,632 | ---- | C] (Microsoft Corporation) --

C:\WINDOWS\System32\dllcache\kbd103.dll
[2009/05/22 21:27:53 | 00,006,144 | ---- | C] (Microsoft Corporation) --

C:\WINDOWS\System32\dllcache\kbd101c.dll
[2009/05/22 21:27:50 | 00,006,144 | ---- | C] (Microsoft Corporation) --

C:\WINDOWS\System32\dllcache\kbd101b.dll
[2009/05/22 21:27:50 | 00,006,144 | ---- | C] (Microsoft Corporation) --

C:\WINDOWS\System32\dllcache\kbd101a.dll
[2009/05/22 21:27:49 | 00,018,432 | ---- | C] (Microsoft Corporation) --

C:\WINDOWS\System32\dllcache\jupiw.dll
[2009/05/22 21:27:48 | 00,009,216 | ---- | C] (Microsoft Corporation) --

C:\WINDOWS\System32\dllcache\iwrps.dll
[2009/05/22 21:27:47 | 00,007,168 | ---- | C] (Microsoft Corporation) --

C:\WINDOWS\System32\dllcache\isapips.dll
[2009/05/22 21:27:42 | 00,018,688 | ---- | C] (Microsoft Corporation) --

C:\WINDOWS\System32\dllcache\irsir.sys
[2009/05/22 21:27:41 | 00,028,160 | ---- | C] (Microsoft Corporation) --

C:\WINDOWS\System32\dllcache\irmon.dll
[2009/05/22 21:27:39 | 00,023,552 | ---- | C] (MKNet Corporation) --

C:\WINDOWS\System32\dllcache\irmk7.sys
[2009/05/22 21:27:38 | 00,151,552 | ---- | C] (Microsoft Corporation) --

C:\WINDOWS\System32\dllcache\irftp.exe
[2009/05/22 21:27:37 | 00,088,192 | ---- | C] (Microsoft Corporation) --

C:\WINDOWS\System32\dllcache\irda.sys
[2009/05/22 21:27:31 | 00,045,632 | ---- | C] (Interphase ® Corporation a Windows ®

2000 DDK Driver Provider) -- C:\WINDOWS\System32\dllcache\ip5515.sys
[2009/05/22 21:27:28 | 00,090,200 | ---- | C] (Perle Systems Ltd. ) --

C:\WINDOWS\System32\dllcache\io8ports.dll
[2009/05/22 21:27:26 | 00,038,784 | ---- | C] (Perle Systems Ltd. ) --

C:\WINDOWS\System32\dllcache\io8.sys
[2009/05/22 21:27:23 | 00,013,056 | ---- | C] (Microsoft Corporation) --

C:\WINDOWS\System32\dllcache\inport.sys
[2009/05/22 21:27:22 | 00,008,704 | ---- | C] (Microsoft Corporation) --

C:\WINDOWS\System32\dllcache\infoctrs.dll
[2009/05/22 21:27:19 | 00,471,102 | ---- | C] (Microsoft Corporation) --

C:\WINDOWS\System32\dllcache\imskdic.dll
[2009/05/22 21:27:18 | 00,059,904 | ---- | C] (Microsoft Corporation) --

C:\WINDOWS\System32\dllcache\imkrinst.exe
[2009/05/22 21:27:17 | 00,045,109 | ---- | C] (Microsoft Corporation) --

C:\WINDOWS\System32\dllcache\imjpuex.exe
[2009/05/22 21:27:15 | 00,057,398 | ---- | C] (Microsoft Corporation) --

C:\WINDOWS\System32\dllcache\imjpdadm.exe
[2009/05/22 21:27:13 | 00,311,359 | ---- | C] (Microsoft Corporation) --

C:\WINDOWS\System32\dllcache\imepadsv.exe
[2009/05/22 21:27:13 | 00,102,463 | ---- | C] (Microsoft Corporation) --

C:\WINDOWS\System32\dllcache\imepadsm.dll
[2009/05/22 21:27:12 | 00,044,032 | ---- | C] (Microsoft Corporation) --

C:\WINDOWS\System32\dllcache\imekrmig.exe
[2009/05/22 21:27:11 | 00,134,339 | ---- | C] () --

C:\WINDOWS\System32\dllcache\imekr.lex
[2009/05/22 21:27:10 | 00,006,656 | ---- | C] (Microsoft Corporation) --

C:\WINDOWS\System32\dllcache\iissync.exe
[2009/05/22 21:27:10 | 00,003,584 | ---- | C] (Microsoft Corporation) --

C:\WINDOWS\System32\dllcache\iismui.dll
[2009/05/22 21:27:09 | 00,060,928 | ---- | C] (Microsoft Corporation) --

C:\WINDOWS\System32\dllcache\iisclex4.dll
[2009/05/22 21:27:09 | 00,019,456 | ---- | C] (Microsoft Corporation) --

C:\WINDOWS\System32\dllcache\iiscrmap.dll
[2009/05/22 21:27:02 | 00,372,824 | ---- | C] (Xircom) --

C:\WINDOWS\System32\dllcache\iconf32.dll
[2009/05/22 21:26:59 | 00,100,992 | ---- | C] (Microsoft Corporation) --

C:\WINDOWS\System32\dllcache\icam5usb.sys
[2009/05/22 21:26:56 | 00,020,480 | ---- | C] (Microsoft Corporation) --

C:\WINDOWS\System32\dllcache\icam5ext.dll
[2009/05/22 21:26:53 | 00,045,056 | ---- | C] (Microsoft Corporation) --

C:\WINDOWS\System32\dllcache\icam5com.dll
[2009/05/22 21:26:51 | 00,154,496 | ---- | C] (Microsoft Corporation) --

C:\WINDOWS\System32\dllcache\icam4usb.sys
[2009/05/22 21:26:48 | 00,061,952 | ---- | C] (Microsoft Corporation) --

C:\WINDOWS\System32\dllcache\icam4ext.dll
[2009/05/22 21:26:45 | 00,091,136 | ---- | C] (Microsoft Corporation) --

C:\WINDOWS\System32\dllcache\icam4com.dll
[2009/05/22 21:26:43 | 00,026,624 | ---- | C] (Microsoft Corporation) --

C:\WINDOWS\System32\dllcache\icam3ext.dll
[2009/05/22 21:26:40 | 00,141,056 | ---- | C] (Microsoft Corporation) --

C:\WINDOWS\System32\dllcache\icam3.sys
[2009/05/22 21:26:37 | 00,038,528 | ---- | C] (Microsoft Corporation) --

C:\WINDOWS\System32\dllcache\ibmvcap.sys
[2009/05/22 21:26:17 | 10,129,408 | ---- | C] (Microsoft Corporation) --

C:\WINDOWS\System32\dllcache\hwxkor.dll
[2009/05/22 21:26:15 | 10,096,640 | ---- | C] (Microsoft Corporation) --

C:\WINDOWS\System32\dllcache\hwxcht.dll
[2009/05/22 21:25:36 | 00,019,456 | ---- | C] (Microsoft Corporation) --

C:\WINDOWS\System32\dllcache\hr1w.dll
[2009/05/22 21:24:55 | 00,002,688 | ---- | C] (Microsoft Corporation) --

C:\WINDOWS\System32\dllcache\hidswvd.sys
[2009/05/22 21:24:53 | 00,008,576 | ---- | C] (Microsoft Corporation) --

C:\WINDOWS\System32\dllcache\hidgame.sys
[2009/05/22 21:24:52 | 00,020,352 | ---- | C] (Microsoft Corporation) --

C:\WINDOWS\System32\dllcache\hidbatt.sys
[2009/05/22 21:24:48 | 00,108,827 | ---- | C] () --

C:\WINDOWS\System32\dllcache\hanja.lex
[2009/05/22 21:24:48 | 00,036,864 | ---- | C] (Microsoft Corporation) --

C:\WINDOWS\System32\dllcache\hanjadic.dll
[2009/05/22 21:24:47 | 00,028,288 | ---- | C] (Gemplus) --

C:\WINDOWS\System32\dllcache\grserial.sys
[2009/05/22 21:24:44 | 00,082,304 | ---- | C] (Gemplus) --

C:\WINDOWS\System32\dllcache\grclass.sys
[2009/05/22 21:24:42 | 00,017,408 | ---- | C] (Gemplus) --

C:\WINDOWS\System32\dllcache\gpr400.sys
[2009/05/22 21:24:40 | 00,059,136 | ---- | C] (Microsoft Corporation) --

C:\WINDOWS\System32\dllcache\gckernel.sys
[2009/05/22 21:24:40 | 00,010,624 | ---- | C] (Microsoft Corporation) --

C:\WINDOWS\System32\dllcache\gameenum.sys
[2009/05/22 21:24:29 | 00,454,912 | ---- | C] (AVM GmbH) --

C:\WINDOWS\System32\dllcache\fxusbase.sys
[2009/05/22 21:24:24 | 00,092,160 | ---- | C] (Microsoft Corporation) --

C:\WINDOWS\System32\dllcache\fuusd.dll
[2009/05/22 21:24:22 | 00,455,296 | ---- | C] (AVM GmbH) --

C:\WINDOWS\System32\dllcache\fusbbase.sys
[2009/05/22 21:24:20 | 00,455,680 | ---- | C] (AVM GmbH) --

C:\WINDOWS\System32\dllcache\fus2base.sys
[2009/05/22 21:24:19 | 00,007,680 | ---- | C] (Microsoft Corporation) --

C:\WINDOWS\System32\dllcache\ftpctrs2.dll
[2009/05/22 21:24:19 | 00,006,144 | ---- | C] (Microsoft Corporation) --

C:\WINDOWS\System32\dllcache\ftlx041e.dll
[2009/05/22 21:24:15 | 00,442,240 | ---- | C] (AVM GmbH) --

C:\WINDOWS\System32\dllcache\fpnpbase.sys
[2009/05/22 21:24:13 | 00,441,728 | ---- | C] (AVM GmbH) --

C:\WINDOWS\System32\dllcache\fpcmbase.sys
[2009/05/22 21:24:11 | 00,444,416 | ---- | C] (AVM GmbH) --

C:\WINDOWS\System32\dllcache\fpcibase.sys
[2009/05/22 21:24:10 | 00,034,173 | ---- | C] (Marconi Communications, Inc.) --

C:\WINDOWS\System32\dllcache\forehe.sys
[2009/05/22 21:24:07 | 00,071,680 | ---- | C] (Microsoft Corporation) --

C:\WINDOWS\System32\dllcache\fnfilter.dll
[2009/05/22 21:24:07 | 00,014,848 | ---- | C] (Microsoft Corporation) --

C:\WINDOWS\System32\dllcache\flattemp.exe
[2009/05/22 21:23:57 | 00,043,520 | ---- | C] (Microsoft Corporation) --

C:\WINDOWS\System32\dllcache\EXCH_fcachdll.dll
[2009/05/22 21:23:54 | 00,024,618 | ---- | C] (NETGEAR) --

C:\WINDOWS\System32\dllcache\fa410nd5.sys
[2009/05/22 21:23:50 | 00,011,850 | ---- | C] (FUJITSU LIMITED) --

C:\WINDOWS\System32\dllcache\f3ab18xj.sys
[2009/05/22 21:23:48 | 00,012,362 | ---- | C] (FUJITSU LIMITED) --

C:\WINDOWS\System32\dllcache\f3ab18xi.sys
[2009/05/22 21:23:45 | 00,007,040 | ---- | C] (Microsoft Corporation) --

C:\WINDOWS\System32\dllcache\exabyte2.sys
[2009/05/22 21:23:41 | 00,045,056 | ---- | C] (SEIKO EPSON CORP.) --

C:\WINDOWS\System32\dllcache\esunid.dll
[2009/05/22 21:23:41 | 00,025,856 | ---- | C] (Microsoft Corporation) --

C:\WINDOWS\System32\dllcache\et4000.sys
[2009/05/22 21:23:39 | 00,045,568 | ---- | C] (SEIKO EPSON CORP.) --

C:\WINDOWS\System32\dllcache\esunib.dll
[2009/05/22 21:23:37 | 00,045,568 | ---- | C] (SEIKO EPSON CORP.) --

C:\WINDOWS\System32\dllcache\esuni.dll
[2009/05/22 21:23:36 | 00,057,856 | ---- | C] (SEIKO EPSON CORP.) --

C:\WINDOWS\System32\dllcache\esuimgd.dll
[2009/05/22 21:23:34 | 00,034,816 | ---- | C] (SEIKO EPSON CORP.) --

C:\WINDOWS\System32\dllcache\esuimg.dll
[2009/05/22 21:23:34 | 00,031,744 | ---- | C] (SEIKO EPSON CORP.) --

C:\WINDOWS\System32\dllcache\esucmd.dll
[2009/05/22 21:23:32 | 00,043,008 | ---- | C] (SEIKO EPSON CORP.) --

C:\WINDOWS\System32\dllcache\esucm.dll
[2009/05/22 21:23:19 | 00,072,192 | ---- | C] (ESS Technology Inc.) --

C:\WINDOWS\System32\dllcache\es1969.sys
[2009/05/22 21:23:04 | 00,114,944 | ---- | C] (Microsoft Corporation) --

C:\WINDOWS\System32\dllcache\epstw2k.sys
[2009/05/22 21:23:01 | 00,144,896 | ---- | C] (Microsoft Corporation) --

C:\WINDOWS\System32\dllcache\epcfw2k.sys
[2009/05/22 21:22:52 | 00,007,296 | ---- | C] (Microsoft Corporation) --

C:\WINDOWS\System32\dllcache\elmsmc.sys
[2009/05/22 21:22:31 | 00,514,587 | ---- | C] (Microsoft Corporation) --

C:\WINDOWS\System32\dllcache\edb500.dll
[2009/05/22 21:22:23 | 00,020,992 | ---- | C] (Microsoft Corporation) --

C:\WINDOWS\System32\dllcache\dshowext.ax
[2009/05/22 21:22:22 | 00,334,208 | ---- | C] (Yamaha Corp.) --

C:\WINDOWS\System32\dllcache\ds1wdm.sys
[2009/05/22 21:22:17 | 00,028,062 | ---- | C] (National Semiconductor Coproration) --

C:\WINDOWS\System32\dllcache\dp83820.sys
[2009/05/22 21:22:16 | 00,023,808 | ---- | C] (Microsoft Corporation) --

C:\WINDOWS\System32\dllcache\dot4usb.sys
[2009/05/22 21:22:15 | 00,008,704 | ---- | C] (Microsoft Corporation) --

C:\WINDOWS\System32\dllcache\dot4scan.sys
[2009/05/22 21:22:13 | 00,206,976 | ---- | C] (Microsoft Corporation) --

C:\WINDOWS\System32\dllcache\dot4.sys
[2009/05/22 21:22:13 | 00,012,928 | ---- | C] (Microsoft Corporation) --

C:\WINDOWS\System32\dllcache\dot4prt.sys
[2009/05/22 21:22:08 | 00,029,696 | ---- | C] (CNet Technology, Inc.

) -- C:\WINDOWS\System32\dllcache\dm9pci5.sys
[2009/05/22 21:22:07 | 00,008,320 | ---- | C] (Microsoft Corporation) --

C:\WINDOWS\System32\dllcache\dlttape.sys
[2009/05/22 21:22:06 | 00,026,698 | ---- | C] (D-Link Corporation) --

C:\WINDOWS\System32\dllcache\dlh5xnd5.sys
[2009/05/22 21:22:05 | 00,952,007 | ---- | C] (Eicon Technology) --

C:\WINDOWS\System32\dllcache\diwan.sys
[2009/05/22 21:22:03 | 00,029,768 | ---- | C] () --

C:\WINDOWS\System32\dllcache\divasu.dll
[2009/05/22 21:22:02 | 00,037,962 | ---- | C] () --

C:\WINDOWS\System32\dllcache\divaprop.dll
[2009/05/22 21:22:01 | 00,006,216 | ---- | C] () --

C:\WINDOWS\System32\dllcache\divaci.dll
[2009/05/22 21:21:59 | 00,236,060 | ---- | C] (Eicon Technology) --

C:\WINDOWS\System32\dllcache\ditrace.exe
[2009/05/22 21:21:58 | 00,038,985 | ---- | C] (Eicon Technology) --

C:\WINDOWS\System32\dllcache\disrvsu.dll
[2009/05/22 21:21:57 | 00,031,305 | ---- | C] (Eicon Technology) --

C:\WINDOWS\System32\dllcache\disrvpp.dll
[2009/05/22 21:21:56 | 00,006,729 | ---- | C] (Eicon Technology) --

C:\WINDOWS\System32\dllcache\disrvci.dll
[2009/05/22 21:21:53 | 00,091,305 | ---- | C] (Eicon Technology) --

C:\WINDOWS\System32\dllcache\dimaint.sys
[2009/05/22 21:21:31 | 00,024,649 | ---- | C] (D-Link) --

C:\WINDOWS\System32\dllcache\dfe650d.sys
[2009/05/22 21:21:30 | 00,024,648 | ---- | C] (D-Link) --

C:\WINDOWS\System32\dllcache\dfe650.sys
[2009/05/22 21:21:26 | 00,020,928 | ---- | C] (Digital Networks, LLC) --

C:\WINDOWS\System32\dllcache\defpa.sys
[2009/05/22 21:21:24 | 00,007,424 | ---- | C] (Microsoft Corporation) --

C:\WINDOWS\System32\dllcache\ddsmc.sys
[2009/05/22 21:21:22 | 00,110,592 | ---- | C] (Microsoft Corporation) --

C:\WINDOWS\System32\dllcache\dc260usd.dll
[2009/05/22 21:21:21 | 00,086,016 | ---- | C] (Microsoft Corporation) --

C:\WINDOWS\System32\dllcache\dc240usd.dll
[2009/05/22 21:21:19 | 00,080,896 | ---- | C] (Microsoft Corporation) --

C:\WINDOWS\System32\dllcache\dc210usd.dll
[2009/05/22 21:21:17 | 00,025,600 | ---- | C] (Microsoft Corporation) --

C:\WINDOWS\System32\dllcache\dc210_32.dll
[2009/05/22 21:21:12 | 00,027,648 | ---- | C] (Microsoft Corporation) --

C:\WINDOWS\System32\dllcache\cyzports.dll
[2009/05/22 21:21:11 | 00,049,792 | ---- | C] (Microsoft Corporation) --

C:\WINDOWS\System32\dllcache\cyzport.sys
[2009/05/22 21:21:10 | 00,027,136 | ---- | C] (Microsoft Corporation) --

C:\WINDOWS\System32\dllcache\cyzcoins.dll
[2009/05/22 21:21:09 | 00,027,648 | ---- | C] (Microsoft Corporation) --

C:\WINDOWS\System32\dllcache\cyyports.dll
[2009/05/22 21:21:08 | 00,050,176 | ---- | C] (Microsoft Corporation) --

C:\WINDOWS\System32\dllcache\cyyport.sys
[2009/05/22 21:21:06 | 00,028,672 | ---- | C] (Microsoft Corporation) --

C:\WINDOWS\System32\dllcache\cyycoins.dll
[2009/05/22 21:21:05 | 00,014,848 | ---- | C] (Microsoft Corporation) --

C:\WINDOWS\System32\dllcache\cyclom-y.sys
[2009/05/22 21:21:04 | 00,017,152 | ---- | C] (Microsoft Corporation) --

C:\WINDOWS\System32\dllcache\cyclad-z.sys
[2009/05/22 21:21:03 | 00,048,640 | ---- | C] (Crystal Semiconductor Corp.) --

C:\WINDOWS\System32\dllcache\cwrwdm.sys
[2009/05/22 21:21:02 | 00,093,952 | ---- | C] (Crystal Semiconductor Corp.) --

C:\WINDOWS\System32\dllcache\cwcwdm.sys
[2009/05/22 21:21:01 | 00,111,872 | ---- | C] (Crystal Semiconductor Corp.) --

C:\WINDOWS\System32\dllcache\cwcspud.sys
[2009/05/22 21:21:00 | 00,003,584 | ---- | C] (Crystal Semiconductor Corp.) --

C:\WINDOWS\System32\dllcache\cwcosnt5.sys
[2009/05/22 21:20:58 | 00,072,832 | ---- | C] (Crystal Semiconductor Corp.) --

C:\WINDOWS\System32\dllcache\cwbwdm.sys
[2009/05/22 21:20:57 | 00,003,072 | ---- | C] (Crystal Semiconductor Corp.) --

C:\WINDOWS\System32\dllcache\cwbmidi.sys
[2009/05/22 21:20:56 | 00,003,072 | ---- | C] (Crystal Semiconductor Corp.) --

C:\WINDOWS\System32\dllcache\cwbase.sys
[2009/05/22 21:20:54 | 00,249,856 | ---- | C] (Comtrol® Corporation) --

C:\WINDOWS\System32\dllcache\ctmasetp.dll
[2009/05/22 21:20:49 | 00,175,104 | ---- | C] (Microsoft Corporation) --

C:\WINDOWS\System32\dllcache\csamsp.dll
[2009/05/22 21:20:46 | 00,216,064 | ---- | C] (COMPAQ Inc.) --

C:\WINDOWS\System32\dllcache\cpscan.dll
[2009/05/22 21:20:45 | 00,018,944 | ---- | C] (Microsoft Corporation) --

C:\WINDOWS\System32\dllcache\cprofile.exe
[2009/05/22 21:20:44 | 00,060,970 | ---- | C] (Compaq Computer Corp.) --

C:\WINDOWS\System32\dllcache\cpqtrnd5.sys
[2009/05/22 21:20:43 | 00,021,533 | ---- | C] (Compaq Computer Corporation) --

C:\WINDOWS\System32\dllcache\cpqndis5.sys
[2009/05/22 21:20:42 | 00,056,320 | ---- | C] (Microsoft Corporation) --

C:\WINDOWS\System32\dllcache\convlog.exe
[2009/05/22 21:20:42 | 00,020,480 | ---- | C] (Microsoft Corporation) --

C:\WINDOWS\System32\dllcache\counters.dll
[2009/05/22 21:20:41 | 00,033,792 | ---- | C] (Microsoft Corporation) --

C:\WINDOWS\System32\dllcache\controt.dll
[2009/05/22 21:20:39 | 00,010,240 | ---- | C] (Microsoft Corporation) --

C:\WINDOWS\System32\dllcache\compbatt.sys
[2009/05/22 21:20:36 | 00,044,032 | ---- | C] (Microsoft Corporation) --

C:\WINDOWS\System32\dllcache\cnusd.dll
[2009/05/22 21:20:33 | 00,020,736 | ---- | C] (OMNIKEY AG) --

C:\WINDOWS\System32\dllcache\cmbp0wdm.sys
[2009/05/22 21:20:32 | 00,013,952 | ---- | C] (Microsoft Corporation) --

C:\WINDOWS\System32\dllcache\cmbatt.sys
[2009/05/22 21:20:31 | 00,248,064 | ---- | C] (Microsoft Corporation) --

C:\WINDOWS\System32\dllcache\cl546xm.sys
[2009/05/22 21:20:30 | 00,170,880 | ---- | C] (Microsoft Corporation) --

C:\WINDOWS\System32\dllcache\cl546x.dll
[2009/05/22 21:20:29 | 00,111,232 | ---- | C] (Microsoft Corporation) --

C:\WINDOWS\System32\dllcache\cl5465.dll
[2009/05/22 21:20:28 | 00,045,696 | ---- | C] (Microsoft Corporation) --

C:\WINDOWS\System32\dllcache\cirrus.sys
[2009/05/22 21:20:27 | 00,091,264 | ---- | C] (Microsoft Corporation) --

C:\WINDOWS\System32\dllcache\cirrus.dll
[2009/05/22 21:20:25 | 00,272,640 | ---- | C] (RAVISENT Technologies Inc.) --

C:\WINDOWS\System32\dllcache\cinemclc.sys
[2009/05/22 21:20:24 | 00,980,034 | ---- | C] (Xircom) --

C:\WINDOWS\System32\dllcache\cicap.sys
[2009/05/22 21:20:22 | 01,677,824 | ---- | C] (Microsoft Corporation) --

C:\WINDOWS\System32\dllcache\chsbrkr.dll
[2009/05/22 21:20:22 | 00,838,144 | ---- | C] (Microsoft Corporation) --

C:\WINDOWS\System32\dllcache\chtbrkr.dll
[2009/05/22 21:20:21 | 00,015,872 | ---- | C] (Microsoft Corporation) --

C:\WINDOWS\System32\dllcache\chgport.exe
[2009/05/22 21:20:21 | 00,014,336 | ---- | C] (Microsoft Corporation) --

C:\WINDOWS\System32\dllcache\chgusr.exe
[2009/05/22 21:20:20 | 00,013,312 | ---- | C] (Microsoft Corporation) --

C:\WINDOWS\System32\dllcache\chglogon.exe
[2009/05/22 21:20:19 | 00,009,728 | ---- | C] (Microsoft Corporation) --

C:\WINDOWS\System32\dllcache\change.exe
[2009/05/22 21:20:19 | 00,008,192 | ---- | C] (Microsoft Corporation) --

C:\WINDOWS\System32\dllcache\changer.sys
[2009/05/22 21:20:17 | 00,049,182 | ---- | C] (Xircom, Inc.) --

C:\WINDOWS\System32\dllcache\cem56n5.sys
[2009/05/22 21:20:16 | 00,022,044 | ---- | C] (Xircom, Inc.) --

C:\WINDOWS\System32\dllcache\cem33n5.sys
[2009/05/22 21:20:16 | 00,022,044 | ---- | C] (Xircom, Inc.) --

C:\WINDOWS\System32\dllcache\cem28n5.sys
[2009/05/22 21:20:15 | 00,027,164 | ---- | C] (Xircom, Inc.) --

C:\WINDOWS\System32\dllcache\ce3n5.sys
[2009/05/22 21:20:14 | 00,021,530 | ---- | C] (Xircom, Inc.) --

C:\WINDOWS\System32\dllcache\ce2n5.sys
[2009/05/22 21:20:12 | 00,714,698 | ---- | C] (Xircom, Inc.) --

C:\WINDOWS\System32\dllcache\cbmdmkxx.sys
[2009/05/22 21:20:11 | 00,046,108 | ---- | C] (Xircom, Inc.) --

C:\WINDOWS\System32\dllcache\cben5.sys
[2009/05/22 21:20:10 | 00,039,680 | ---- | C] (Silicom Ltd.) --

C:\WINDOWS\System32\dllcache\cb325.sys
[2009/05/22 21:20:09 | 00,037,916 | ---- | C] (Fast Ethernet Controller Provider) --

C:\WINDOWS\System32\dllcache\cb102.sys
[2009/05/22 21:20:07 | 00,032,256 | ---- | C] (Eicon Technology Corporation) --

C:\WINDOWS\System32\dllcache\diapi2NT.dll
[2009/05/22 21:20:06 | 00,164,923 | ---- | C] (Eicon Technology) --

C:\WINDOWS\System32\dllcache\diapi2.sys
[2009/05/22 21:20:06 | 00,054,528 | ---- | C] (Philips Semiconductors GmbH) --

C:\WINDOWS\System32\dllcache\cap7146.sys
[2009/05/22 21:20:05 | 00,121,856 | ---- | C] (Microsoft Corporation) --

C:\WINDOWS\System32\dllcache\camext30.dll
[2009/05/22 21:20:04 | 00,116,736 | ---- | C] (Microsoft Corporation) --

C:\WINDOWS\System32\dllcache\camext30.ax
[2009/05/22 21:20:03 | 00,244,224 | ---- | C] (Microsoft Corporation) --

C:\WINDOWS\System32\dllcache\camext20.ax
[2009/05/22 21:20:03 | 00,236,032 | ---- | C] (Microsoft Corporation) --

C:\WINDOWS\System32\dllcache\camext20.dll
[2009/05/22 21:20:02 | 00,074,240 | ---- | C] (Microsoft Corporation) --

C:\WINDOWS\System32\dllcache\camexo20.dll
[2009/05/22 21:20:01 | 00,073,216 | ---- | C] (Microsoft Corporation) --

C:\WINDOWS\System32\dllcache\camexo20.ax
[2009/05/22 21:20:00 | 00,223,232 | ---- | C] (Microsoft Corporation) --

C:\WINDOWS\System32\dllcache\camdrv21.sys
[2009/05/22 21:20:00 | 00,171,264 | ---- | C] (Microsoft Corporation) --

C:\WINDOWS\System32\dllcache\camdrv30.sys
[2009/05/22 21:19:59 | 00,314,752 | ---- | C] (Microsoft Corporation) --

C:\WINDOWS\System32\dllcache\camdro21.sys
[2009/05/22 21:19:58 | 00,010,752 | ---- | C] (Microsoft Corporation) --

C:\WINDOWS\System32\dllcache\c_iscii.dll
[2009/05/22 21:19:57 | 00,006,656 | ---- | C] (Microsoft Corporation) --

C:\WINDOWS\System32\dllcache\c_is2022.dll
[2009/05/22 21:19:34 | 00,013,824 | ---- | C] (Microsoft Corporation) --

C:\WINDOWS\System32\dllcache\bulltlp3.sys
[2009/05/22 21:19:32 | 00,031,529 | ---- | C] (BreezeCOM) --

C:\WINDOWS\System32\dllcache\brzwlan.sys
[2009/05/22 21:19:31 | 00,010,368 | ---- | C] (Brother Industries Ltd.) --

C:\WINDOWS\System32\dllcache\brusbscn.sys
[2009/05/22 21:19:30 | 00,060,416 | ---- | C] (Brother Industries Ltd.) --

C:\WINDOWS\System32\dllcache\brserwdm.sys
[2009/05/22 21:19:30 | 00,011,008 | ---- | C] (Brother Industries Ltd.) --

C:\WINDOWS\System32\dllcache\brusbmdm.sys
[2009/05/22 21:19:29 | 00,009,728 | ---- | C] (Brother Industries, Ltd.) --

C:\WINDOWS\System32\dllcache\brserif.dll
[2009/05/22 21:19:28 | 00,005,120 | ---- | C] (Brother Industries,Ltd.) --

C:\WINDOWS\System32\dllcache\brscnrsm.dll
[2009/05/22 21:19:27 | 00,039,552 | ---- | C] (Brother Industries Ltd.) --

C:\WINDOWS\System32\dllcache\brparwdm.sys
[2009/05/22 21:19:27 | 00,003,168 | ---- | C] (Brother Industries Ltd.) --

C:\WINDOWS\System32\dllcache\brparimg.sys
[2009/05/22 21:19:26 | 00,045,568 | ---- | C] (Microsoft Corporation) --

C:\WINDOWS\System32\dllcache\browscap.dll
[2009/05/22 21:19:25 | 00,041,472 | ---- | C] (Brother Industries, Ltd.) --

C:\WINDOWS\System32\dllcache\brmfusb.dll
[2009/05/22 21:19:24 | 00,032,256 | ---- | C] (Brother Industries, Ltd.) --

C:\WINDOWS\System32\dllcache\brmfrsmg.exe
[2009/05/22 21:19:24 | 00,029,696 | ---- | C] (Brother Industries, Ltd.) --

C:\WINDOWS\System32\dllcache\brmflpt.dll
[2009/05/22 21:19:23 | 00,081,408 | ---- | C] (Microsoft Corporation) --

C:\WINDOWS\System32\dllcache\brmfcwia.dll
[2009/05/22 21:19:22 | 00,015,360 | ---- | C] (Brother Industries, Ltd.) --

C:\WINDOWS\System32\dllcache\brmfbidi.dll
[2009/05/22 21:19:21 | 00,012,160 | ---- | C] (Brother Industries, Ltd.) --

C:\WINDOWS\System32\dllcache\brfiltlo.sys
[2009/05/22 21:19:21 | 00,003,968 | ---- | C] (Brother Industries, Ltd.) --

C:\WINDOWS\System32\dllcache\brfiltup.sys
[2009/05/22 21:19:20 | 00,002,944 | ---- | C] (Brother Industries Ltd.) --

C:\WINDOWS\System32\dllcache\brfilt.sys
[2009/05/22 21:19:19 | 00,012,800 | ---- | C] (Brother Industries, Ltd.) --

C:\WINDOWS\System32\dllcache\brevif.dll
[2009/05/22 21:19:18 | 00,019,456 | ---- | C] (Brother Industries, Ltd.) --

C:\WINDOWS\System32\dllcache\brbidiif.dll
[2009/05/22 21:19:18 | 00,009,728 | ---- | C] (Brother Industries Ltd.) --

C:\WINDOWS\System32\dllcache\brcoinst.dll
[2009/05/22 21:19:16 | 00,102,400 | ---- | C] (Microsoft Corporation) --

C:\WINDOWS\System32\dllcache\binlsvc.dll
[2009/05/22 21:19:15 | 00,018,432 | ---- | C] (Microsoft Corporation) --

C:\WINDOWS\System32\dllcache\bdaplgin.ax
[2009/05/22 21:19:15 | 00,011,776 | ---- | C] (Microsoft Corporation) --

C:\WINDOWS\System32\dllcache\bdasup.sys
[2009/05/22 21:19:14 | 00,871,388 | ---- | C] (BCM) --

C:\WINDOWS\System32\dllcache\bcmdm.sys
[2009/05/22 21:19:11 | 00,014,208 | ---- | C] (Microsoft Corporation) --

C:\WINDOWS\System32\dllcache\battc.sys
[2009/05/22 21:19:10 | 00,342,336 | ---- | C] (3Dfx Interactive, Inc.) --

C:\WINDOWS\System32\dllcache\banshee.dll
[2009/05/22 21:19:10 | 00,036,128 | ---- | C] (3Dfx Interactive, Inc.) --

C:\WINDOWS\System32\dllcache\banshee.sys
[2009/05/22 21:19:08 | 00,089,952 | ---- | C] (AVM GmbH) --

C:\WINDOWS\System32\dllcache\b1cbase.sys
[2009/05/22 21:19:08 | 00,036,992 | ---- | C] (Aztech Systems Ltd) --

C:\WINDOWS\System32\dllcache\aztw2320.sys
[2009/05/22 21:19:07 | 00,037,568 | ---- | C] (AVM GmbH) --

C:\WINDOWS\System32\dllcache\avmwan.sys
[2009/05/22 21:19:06 | 00,144,384 | ---- | C] (AVM GmbH) --

C:\WINDOWS\System32\dllcache\avmenum.dll
[2009/05/22 21:19:06 | 00,087,552 | ---- | C] (AVM GmbH) --

C:\WINDOWS\System32\dllcache\avmcoxp.dll
[2009/05/22 21:19:05 | 00,013,696 | ---- | C] (Microsoft Corporation) --

C:\WINDOWS\System32\dllcache\avcstrm.sys
[2009/05/22 21:19:04 | 00,036,096 | ---- | C] (Microsoft Corporation) --

C:\WINDOWS\System32\dllcache\avcaudio.sys
[2009/05/22 21:19:03 | 00,009,216 | ---- | C] (Microsoft Corporation) --

C:\WINDOWS\System32\dllcache\authfilt.dll
[2009/05/22 21:19:01 | 00,026,624 | ---- | C] () --

C:\WINDOWS\System32\dllcache\ativxbar.sys
[2009/05/22 21:19:01 | 00,023,552 | ---- | C] () --

C:\WINDOWS\System32\dllcache\atixbar.sys
[2009/05/22 21:19:00 | 00,019,456 | ---- | C] () --

C:\WINDOWS\System32\dllcache\ativttxx.sys
[2009/05/22 21:18:59 | 00,017,152 | ---- | C] () --

C:\WINDOWS\System32\dllcache\atitvsnd.sys
[2009/05/22 21:18:59 | 00,009,472 | ---- | C] () --

C:\WINDOWS\System32\dllcache\ativmdcd.sys
[2009/05/22 21:18:58 | 00,017,152 | ---- | C] () --

C:\WINDOWS\System32\dllcache\atitunep.sys
[2009/05/22 21:18:57 | 00,049,920 | ---- | C] () --

C:\WINDOWS\System32\dllcache\atirtcap.sys
[2009/05/22 21:18:57 | 00,026,880 | ---- | C] () --

C:\WINDOWS\System32\dllcache\atirtsnd.sys
[2009/05/22 21:18:55 | 00,010,240 | ---- | C] () --

C:\WINDOWS\System32\dllcache\atipcxxx.sys
[2009/05/22 21:18:52 | 00,037,376 | ---- | C] (Microsoft Corporation) --

C:\WINDOWS\System32\dllcache\atievxx.exe
[2009/05/22 21:18:50 | 00,046,464 | ---- | C] () --

C:\WINDOWS\System32\dllcache\atibt829.sys
[2009/05/22 21:18:47 | 00,096,128 | ---- | C] (Microsoft Corporation) --

C:\WINDOWS\System32\dllcache\ati.dll
[2009/05/22 21:18:47 | 00,077,568 | ---- | C] (ATI Technologies, Inc.) --

C:\WINDOWS\System32\dllcache\ati.sys
[2009/05/22 21:18:46 | 00,029,184 | ---- | C] (Microsoft Corporation) --

C:\WINDOWS\System32\dllcache\asptxn.dll
[2009/05/22 21:18:46 | 00,010,240 | ---- | C] (Microsoft Corporation) --

C:\WINDOWS\System32\dllcache\aspperf.dll
[2009/05/22 21:18:45 | 00,097,354 | ---- | C] (Bay Networks, Inc.) --

C:\WINDOWS\System32\dllcache\aspndis3.sys
[2009/05/22 21:18:43 | 00,045,056 | ---- | C] (Microsoft Corporation) --

C:\WINDOWS\System32\dllcache\EXCH_aqadmin.dll
[2009/05/22 21:18:42 | 00,006,272 | ---- | C] (Microsoft Corporation) --

C:\WINDOWS\System32\dllcache\apmbatt.sys
[2009/05/22 21:18:41 | 00,016,969 | ---- | C] (AmbiCom, Inc.) --

C:\WINDOWS\System32\dllcache\amb8002.sys
[2009/05/22 21:18:34 | 00,024,576 | ---- | C] (Microsoft Corporation) --

C:\WINDOWS\System32\dllcache\agcgauge.ax
[2009/05/22 21:18:33 | 00,005,632 | ---- | C] (Microsoft Corporation) --

C:\WINDOWS\System32\dllcache\EXCH_adsiisex.dll
[2009/05/22 21:18:32 | 00,049,664 | ---- | C] (Microsoft Corporation) --

C:\WINDOWS\System32\dllcache\adrot.dll
[2009/05/22 21:18:32 | 00,046,112 | ---- | C] (Adaptec, Inc ) --

C:\WINDOWS\System32\dllcache\adptsf50.sys
[2009/05/22 21:18:31 | 00,010,880 | ---- | C] (Aureal, Inc.) --

C:\WINDOWS\System32\dllcache\admjoy.sys
[2009/05/22 21:18:31 | 00,006,144 | ---- | C] (Microsoft Corporation) --

C:\WINDOWS\System32\dllcache\admxprox.dll
[2009/05/22 21:18:30 | 00,747,392 | ---- | C] (Aureal, Inc.) --

C:\WINDOWS\System32\dllcache\adm8830.sys
[2009/05/22 21:18:29 | 00,584,448 | ---- | C] (Aureal, Inc.) --

C:\WINDOWS\System32\dllcache\adm8810.sys
[2009/05/22 21:18:29 | 00,553,984 | ---- | C] (Aureal, Inc.) --

C:\WINDOWS\System32\dllcache\adm8820.sys
[2009/05/22 21:18:28 | 00,020,160 | ---- | C] (ADMtek Incorporated) --

C:\WINDOWS\System32\dllcache\adm8511.sys
[2009/05/22 21:18:28 | 00,007,424 | ---- | C] (Microsoft Corporation) --

C:\WINDOWS\System32\dllcache\adicvls.sys
[2009/05/22 21:18:27 | 00,061,440 | ---- | C] (Color Flatbed Scanner) --

C:\WINDOWS\System32\dllcache\acerscad.dll
[2009/05/22 21:18:26 | 00,297,728 | ---- | C] (Silicon Integrated Systems Corp.) --

C:\WINDOWS\System32\dllcache\ac97sis.sys
[2009/05/22 21:18:24 | 00,462,848 | ---- | C] (Aureal Inc.) --

C:\WINDOWS\System32\dllcache\a3dapi.dll
[2009/05/22 21:18:24 | 00,098,304 | ---- | C] (Aureal Semiconductor) --

C:\WINDOWS\System32\dllcache\a3d.dll
[2009/05/22 21:18:23 | 00,038,400 | ---- | C] (Microsoft Corporation) --

C:\WINDOWS\System32\dllcache\8514a.dll
[2009/05/22 21:18:23 | 00,012,288 | ---- | C] (Microsoft Corporation) --

C:\WINDOWS\System32\dllcache\4mmdat.sys
[2009/05/22 21:18:22 | 00,689,216 | ---- | C] (3dfx Interactive, Inc.) --

C:\WINDOWS\System32\dllcache\3dfxvs.dll
[2009/05/22 21:18:22 | 00,148,352 | ---- | C] (3dfx Interactive, Inc.) --

C:\WINDOWS\System32\dllcache\3dfxvsm.sys
[2009/05/22 21:18:21 | 00,762,780 | ---- | C] (3Com, Inc.) --

C:\WINDOWS\System32\dllcache\3cwmcru.sys
[2009/05/22 21:18:21 | 00,011,264 | ---- | C] (Microsoft Corporation) --

C:\WINDOWS\System32\dllcache\1394vdbg.sys
[2009/05/22 20:45:54 | 00,006,144 | ---- | C] (Microsoft Corporation) --

C:\WINDOWS\System32\dllcache\kbdth3.dll
[2009/05/22 20:45:54 | 00,006,144 | ---- | C] (Microsoft Corporation) --

C:\WINDOWS\System32\dllcache\kbdth2.dll
[2009/05/22 20:45:54 | 00,005,632 | ---- | C] (Microsoft Corporation) --

C:\WINDOWS\System32\dllcache\kbdvntc.dll
[2009/05/22 20:45:54 | 00,005,632 | ---- | C] (Microsoft Corporation) --

C:\WINDOWS\System32\dllcache\kbdurdu.dll
[2009/05/22 20:45:54 | 00,005,632 | ---- | C] (Microsoft Corporation) --

C:\WINDOWS\System32\dllcache\kbdth1.dll
[2009/05/22 20:45:54 | 00,005,632 | ---- | C] (Microsoft Corporation) --

C:\WINDOWS\System32\dllcache\kbdth0.dll
[2009/05/22 20:45:54 | 00,005,632 | ---- | C] (Microsoft Corporation) --

C:\WINDOWS\System32\dllcache\kbdsyr2.dll
[2009/05/22 20:45:54 | 00,005,632 | ---- | C] (Microsoft Corporation) --

C:\WINDOWS\System32\dllcache\kbdsyr1.dll
[2009/05/22 20:45:52 | 00,006,144 | ---- | C] (Microsoft Corporation) --

C:\WINDOWS\System32\dllcache\kbdinpun.dll
[2009/05/22 20:45:52 | 00,005,632 | ---- | C] (Microsoft Corporation) --

C:\WINDOWS\System32\dllcache\kbdintel.dll
[2009/05/22 20:45:52 | 00,005,632 | ---- | C] (Microsoft Corporation) --

C:\WINDOWS\System32\dllcache\kbdintam.dll
[2009/05/22 20:45:52 | 00,005,632 | ---- | C] (Microsoft Corporation) --

C:\WINDOWS\System32\dllcache\kbdinmar.dll
[2009/05/22 20:45:52 | 00,005,632 | ---- | C] (Microsoft Corporation) --

C:\WINDOWS\System32\dllcache\kbdinkan.dll
[2009/05/22 20:45:52 | 00,005,632 | ---- | C] (Microsoft Corporation) --

C:\WINDOWS\System32\dllcache\kbdinhin.dll
[2009/05/22 20:45:52 | 00,005,632 | ---- | C] (Microsoft Corporation) --

C:\WINDOWS\System32\dllcache\kbdinguj.dll
[2009/05/22 20:45:52 | 00,005,632 | ---- | C] (Microsoft Corporation) --

C:\WINDOWS\System32\dllcache\kbdindev.dll
[2009/05/22 20:45:52 | 00,005,632 | ---- | C] (Microsoft Corporation) --

C:\WINDOWS\System32\dllcache\kbdheb.dll
[2009/05/22 20:45:52 | 00,005,120 | ---- | C] (Microsoft Corporation) --

C:\WINDOWS\System32\dllcache\kbdgeo.dll
[2009/05/22 20:45:51 | 00,005,632 | ---- | C] (Microsoft Corporation) --

C:\WINDOWS\System32\dllcache\kbdfa.dll
[2009/05/22 20:45:51 | 00,005,632 | ---- | C] (Microsoft Corporation) --

C:\WINDOWS\System32\dllcache\kbddiv2.dll
[2009/05/22 20:45:51 | 00,005,632 | ---- | C] (Microsoft Corporation) --

C:\WINDOWS\System32\dllcache\kbddiv1.dll
[2009/05/22 20:45:51 | 00,005,632 | ---- | C] (Microsoft Corporation) --

C:\WINDOWS\System32\dllcache\kbda3.dll
[2009/05/22 20:45:51 | 00,005,632 | ---- | C] (Microsoft Corporation) --

C:\WINDOWS\System32\dllcache\kbda2.dll
[2009/05/22 20:45:51 | 00,005,120 | ---- | C] (Microsoft Corporation) --

C:\WINDOWS\System32\dllcache\kbdarmw.dll
[2009/05/22 20:45:51 | 00,005,120 | ---- | C] (Microsoft Corporation) --

C:\WINDOWS\System32\dllcache\kbdarme.dll
[2009/05/22 20:45:50 | 00,005,632 | ---- | C] (Microsoft Corporation) --

C:\WINDOWS\System32\dllcache\kbda1.dll
[2009/05/22 20:45:11 | 00,000,000 | ---D | C] -- C:\I386
[2009/05/22 20:44:25 | 00,000,000 | ---D | C] -- C:\old
[2009/05/21 09:09:56 | 00,007,168 | ---- | C] (Microsoft Corporation) --

C:\WINDOWS\System32\dllcache\wamregps.dll
[2009/05/21 09:09:48 | 00,066,048 | ---- | C] (Microsoft Corporation) --

C:\WINDOWS\System32\dllcache\s3legacy.dll
[2009/05/21 09:09:40 | 00,019,968 | ---- | C] (Microsoft Corporation) --

C:\WINDOWS\System32\dllcache\inetsloc.dll
[2009/05/21 09:09:40 | 00,007,680 | ---- | C] (Microsoft Corporation) --

C:\WINDOWS\System32\dllcache\inetmgr.exe
[2009/05/21 09:09:39 | 00,169,984 | ---- | C] (Microsoft Corporation) --

C:\WINDOWS\System32\dllcache\iisui.dll
[2009/05/21 09:09:38 | 00,014,336 | ---- | C] (Microsoft Corporation) --

C:\WINDOWS\System32\dllcache\iisreset.exe
[2009/05/21 09:09:38 | 00,005,632 | ---- | C] (Microsoft Corporation) --

C:\WINDOWS\System32\dllcache\iisrstap.dll
[2009/05/21 09:09:37 | 00,006,144 | ---- | C] (Microsoft Corporation) --

C:\WINDOWS\System32\dllcache\ftpsapi2.dll
[2009/05/21 09:09:29 | 00,094,720 | ---- | C] (Microsoft Corporation) --

C:\WINDOWS\System32\dllcache\certmap.ocx
[2009/05/21 09:05:32 | 00,051,200 | ---- | C] () -- C:\Documents and Settings\Peter H\My

Documents\Scannow SFC.doc
[2009/05/21 09:02:10 | 00,001,602 | ---- | C] () -- C:\Documents and Settings\All

Users\Desktop\Mozilla Firefox.lnk
[2009/05/20 22:11:20 | 00,303,104 | ---- | C] () -- C:\Documents and Settings\Peter H\My

Documents\n09_party_rsvp2b.pra
[2009/05/20 21:55:59 | 00,051,843 | ---- | C] () -- C:\Documents and Settings\Peter H\My

Documents\n09_party6.pdf
[2009/05/20 21:38:30 | 00,237,568 | ---- | C] () -- C:\Documents and Settings\Peter H\My

Documents\n09_party_rsvp3.pra
[2009/05/20 01:19:15 | 00,001,729 | ---- | C] () -- C:\Documents and Settings\All

Users\Desktop\Adobe Reader 8.lnk
[2009/05/20 01:13:36 | 00,000,844 | ---- | C] () -- C:\Documents and Settings\All

Users\Desktop\Adobe Photoshop Elements 6.0.lnk
[2009/05/19 21:34:47 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Peter H\My

Documents\music_job
[2009/05/19 21:33:50 | 00,026,112 | ---- | C] () -- C:\Documents and Settings\Peter H\My

Documents\sets_052409.doc
[2009/05/18 22:34:23 | 00,182,272 | ---- | C] () -- C:\Documents and Settings\Peter H\My

Documents\driver_verify.doc
[2009/05/15 21:55:09 | 00,005,277 | ---- | C] () -- C:\Documents and Settings\Peter

H\Desktop\Attach_old.zip
[2009/05/14 23:46:02 | 00,000,000 | ---D | C] -- C:\Program Files\Common

Files\AnswerWorks 5.0
[2009/05/14 23:45:47 | 03,523,872 | ---- | C] (Amyuni Technologies
http://www.amyuni.com) -- C:\WINDOWS\System32\cdintf300.dll
[2009/05/14 23:45:47 | 01,848,608 | ---- | C] (Apache Software Foundation) --

C:\WINDOWS\System32\acXMLParser.dll
[2009/05/14 23:45:46 | 00,001,577 | ---- | C] () -- C:\Documents and Settings\All

Users\Desktop\Quicken Deluxe 2009.lnk
[2009/05/14 23:44:26 | 00,000,000 | ---D | C] -- C:\Program Files\Quicken
[2009/05/14 23:30:40 | 00,000,000 | -HSD | C] -- C:\RECYCLER
[2009/05/14 23:26:58 | 00,067,536 | ---- | C] () -- C:\MGlogs.zip
[2009/05/14 21:52:57 | 00,011,241 | ---- | C] () -- C:\WINDOWS\System32\Config.MPF
[2009/05/14 21:52:53 | 00,000,671 | ---- | C] () -- C:\Documents and Settings\All

Users\Desktop\McAfee Security Center.lnk
[2009/05/14 21:52:44 | 00,143,360 | ---- | C] (Inner Media, Inc.) --

C:\WINDOWS\System32\dunzip32.dll
[2009/05/14 21:50:02 | 00,033,832 | ---- | C] (McAfee, Inc.) --

C:\WINDOWS\System32\drivers\mferkdk.sys
[2009/05/14 21:50:00 | 00,201,320 | ---- | C] (McAfee, Inc.) --

C:\WINDOWS\System32\drivers\mfehidk.sys
[2009/05/14 21:50:00 | 00,079,304 | ---- | C] (McAfee, Inc.) --

C:\WINDOWS\System32\drivers\mfeavfk.sys
[2009/05/14 21:50:00 | 00,040,488 | ---- | C] (McAfee, Inc.) --

C:\WINDOWS\System32\drivers\mfesmfk.sys
[2009/05/14 21:50:00 | 00,035,240 | ---- | C] (McAfee, Inc.) --

C:\WINDOWS\System32\drivers\mfebopk.sys
[2009/05/14 21:49:58 | 00,113,952 | ---- | C] (McAfee, Inc.) --

C:\WINDOWS\System32\drivers\Mpfp.sys
[2009/05/14 21:49:49 | 00,000,352 | ---- | C] () -- C:\WINDOWS\tasks\McDefragTask.job
[2009/05/14 21:49:48 | 00,000,344 | ---- | C] () -- C:\WINDOWS\tasks\McQcTask.job
[2009/05/14 21:49:42 | 00,000,000 | ---D | C] -- C:\Program Files\McAfee.com
[2009/05/14 21:49:38 | 00,000,000 | ---D | C] -- C:\Program Files\Common Files\McAfee
[2009/05/14 21:49:32 | 00,000,000 | ---D | C] -- C:\Program Files\McAfee
[2009/05/14 21:24:00 | 00,000,000 | ---D | C] -- C:\WINDOWS\pss
[2009/05/14 21:23:13 | 00,028,672 | ---- | C] () -- C:\Documents and Settings\Peter H\My

Documents\Stop Programs When Windows Starts.doc
[2009/05/14 21:14:34 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All

Users\Application Data\McAfee
[2009/05/14 21:01:06 | 00,036,352 | ---- | C] () -- C:\Documents and Settings\Peter H\My

Documents\McAfee Removal tool.doc
[2009/05/14 08:59:44 | 00,110,908 | ---- | C] () -- C:\MGlogs1.zip
[2009/05/14 08:47:09 | 00,000,209 | ---- | C] () -- C:\Boot.bak
[2009/05/14 08:47:08 | 00,260,272 | ---- | C] () -- C:\cmldr
[2009/05/14 08:47:05 | 00,000,000 | RHSD | C] -- C:\cmdcons
[2009/05/14 08:20:08 | 00,000,000 | ---D | C] -- C:\WINDOWS\temp
[2009/05/14 08:16:07 | 00,212,480 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWXCACLS.exe
[2009/05/14 08:16:07 | 00,161,792 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWREG.exe
[2009/05/14 08:16:07 | 00,136,704 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWSC.exe
[2009/05/14 08:16:07 | 00,118,272 | ---- | C] () -- C:\WINDOWS\vFind.exe
[2009/05/14 08:16:07 | 00,098,816 | ---- | C] () -- C:\WINDOWS\sed.exe
[2009/05/14 08:16:07 | 00,080,412 | ---- | C] () -- C:\WINDOWS\grep.exe
[2009/05/14 08:16:07 | 00,068,096 | ---- | C] () -- C:\WINDOWS\zip.exe
[2009/05/14 08:16:07 | 00,031,232 | ---- | C] (NirSoft) -- C:\WINDOWS\NIRCMD.exe
[2009/05/14 08:16:04 | 00,000,000 | ---D | C] -- C:\WINDOWS\ERDNT
[2009/05/14 08:15:54 | 00,000,000 | ---D | C] -- C:\Qoobox
[2009/05/14 00:21:08 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Peter

H\Application Data\Malwarebytes
[2009/05/14 00:21:06 | 00,015,504 | ---- | C] (Malwarebytes Corporation) --

C:\WINDOWS\System32\drivers\mbam.sys
[2009/05/14 00:21:06 | 00,000,696 | ---- | C] () -- C:\Documents and Settings\All

Users\Desktop\Malwarebytes' Anti-Malware.lnk
[2009/05/14 00:21:03 | 00,038,496 | ---- | C] (Malwarebytes Corporation) --

C:\WINDOWS\System32\drivers\mbamswissarmy.sys
[2009/05/14 00:21:02 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All

Users\Application Data\Malwarebytes
[2009/05/14 00:21:01 | 00,000,000 | ---D | C] -- C:\Program Files\Malwarebytes'

Anti-Malware
[2009/05/13 22:02:59 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All

Users\Application Data\SUPERAntiSpyware.com
[2009/05/13 22:02:52 | 00,000,780 | ---- | C] () -- C:\Documents and Settings\All

Users\Desktop\SUPERAntiSpyware Free Edition.lnk
[2009/05/13 22:02:46 | 00,000,000 | ---D | C] -- C:\Program Files\SUPERAntiSpyware
[2009/05/13 22:02:46 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Peter

H\Application Data\SUPERAntiSpyware.com
[2009/05/13 22:02:06 | 00,000,000 | ---D | C] -- C:\Program Files\Common Files\Wise

Installation Wizard
[2009/05/13 22:00:10 | 00,037,376 | ---- | C] () -- C:\Documents and Settings\Peter H\My

Documents\mgtools.doc
[2009/05/13 21:57:52 | 00,635,392 | ---- | C] () -- C:\Documents and Settings\Peter H\My

Documents\combo_fix.doc
[2009/05/13 21:56:03 | 00,022,528 | ---- | C] () -- C:\Documents and Settings\Peter H\My

Documents\Malwarebytes Anti.doc
[2009/05/13 21:54:57 | 00,048,640 | ---- | C] () -- C:\Documents and Settings\Peter H\My

Documents\Windows XP Cleaning Procedure.doc
[2009/05/13 21:53:51 | 00,030,208 | ---- | C] () -- C:\Documents and Settings\Peter H\My

Documents\superspyware.doc
[2009/05/13 21:15:51 | 00,001,734 | ---- | C] () -- C:\Documents and Settings\Peter

H\Desktop\HijackThis.lnk
[2009/05/13 21:09:27 | 00,021,504 | ---- | C] () -- C:\Documents and Settings\Peter H\My

Documents\remove_spooldr.doc
[2009/05/13 20:10:22 | 00,095,232 | ---- | C] () -- C:\Documents and Settings\Peter H\My

Documents\Windows Memory Diagnostic Users Guide.doc
[2009/05/12 22:53:55 | 00,000,000 | ---D | C] -- C:\WINDOWS\ie8updates
[2009/05/12 22:53:44 | 00,102,400 | ---- | C] (Microsoft Corporation) --

C:\WINDOWS\System32\dllcache\iecompat.dll
[2009/05/12 22:52:28 | 00,000,000 | -H-D | C] -- C:\WINDOWS\ie8
[2009/05/12 21:40:19 | 00,000,000 | ---D | C] -- C:\WINDOWS\ServicePackFiles
[2009/05/12 21:30:52 | 00,044,928 | ---- | C] (Microsoft Corporation) --

C:\WINDOWS\System32\drivers\agpcpq.sys
[2009/05/12 21:30:52 | 00,042,752 | ---- | C] (Microsoft Corporation) --

C:\WINDOWS\System32\drivers\alim1541.sys
[2009/05/12 21:30:52 | 00,042,368 | ---- | C] (Microsoft Corporation) --

C:\WINDOWS\System32\drivers\agp440.sys
[2009/05/12 21:30:52 | 00,037,760 | ---- | C] (Microsoft Corporation) --

C:\WINDOWS\System32\drivers\amdk7.sys
[2009/05/12 21:30:52 | 00,036,352 | ---- | C] (Microsoft Corporation) --

C:\WINDOWS\System32\drivers\intelppm.sys
[2009/05/12 21:30:51 | 00,409,088 | ---- | C] (Microsoft Corporation) --

C:\WINDOWS\System32\qmgr.dll
[2009/05/12 21:30:51 | 00,079,232 | ---- | C] (Microsoft Corporation) --

C:\WINDOWS\System32\drivers\sdbus.sys
[2009/05/12 21:30:51 | 00,042,240 | ---- | C] (Microsoft Corporation) --

C:\WINDOWS\System32\drivers\viaagp.sys
[2009/05/12 21:30:51 | 00,036,608 | ---- | C] (Microsoft Corporation) --

C:\WINDOWS\System32\drivers\ip6fw.sys
[2009/05/12 21:30:51 | 00,015,488 | ---- | C] (Microsoft Corporation) --

C:\WINDOWS\System32\drivers\mssmbios.sys
[2009/05/12 21:30:51 | 00,012,288 | ---- | C] (Microsoft Corporation) --

C:\WINDOWS\System32\drivers\tunmp.sys
[2009/05/12 21:30:51 | 00,011,904 | ---- | C] (Microsoft Corporation) --

C:\WINDOWS\System32\drivers\sffdisk.sys
[2009/05/12 21:30:51 | 00,011,008 | ---- | C] (Microsoft Corporation) --

C:\WINDOWS\System32\drivers\sffp_sd.sys
[2009/05/12 21:30:50 | 02,897,920 | ---- | C] (Microsoft Corporation) --

C:\WINDOWS\System32\xpsp2res.dll
[2009/05/12 21:30:40 | 00,264,832 | ---- | C] (Microsoft Corporation) --

C:\WINDOWS\System32\drivers\http.sys
[2009/05/12 21:30:40 | 00,030,208 | ---- | C] (Microsoft Corporation) --

C:\WINDOWS\System32\drivers\usbehci.sys
[2009/05/12 21:30:40 | 00,019,200 | ---- | C] (Microsoft Corporation) --

C:\WINDOWS\System32\drivers\hidir.sys
[2009/05/12 21:30:38 | 00,081,920 | ---- | C] (Microsoft Corporation) --

C:\WINDOWS\System32\ieencode.dll
[2009/05/12 21:30:37 | 00,129,792 | ---- | C] (Microsoft Corporation) --

C:\WINDOWS\System32\drivers\fltmgr.sys
[2009/05/12 21:30:19 | 02,145,280 | ---- | C] (Microsoft Corporation) --

C:\WINDOWS\System32\dllcache\ntkrnlmp.exe
[2009/05/12 21:30:19 | 02,066,048 | ---- | C] (Microsoft Corporation) --

C:\WINDOWS\System32\dllcache\ntkrnlpa.exe
[2009/05/12 21:30:18 | 02,189,056 | ---- | C] (Microsoft Corporation) --

C:\WINDOWS\System32\dllcache\ntoskrnl.exe
[2009/05/12 21:30:18 | 02,023,936 | ---- | C] (Microsoft Corporation) --

C:\WINDOWS\System32\dllcache\ntkrpamp.exe
[2009/05/12 21:29:43 | 00,147,968 | ---- | C] (Microsoft Corporation) --

C:\WINDOWS\System32\dllcache\dnsapi.dll
[2009/05/12 21:29:37 | 00,286,720 | ---- | C] (Microsoft Corporation) --

C:\WINDOWS\System32\dllcache\gdi32.dll
[2009/05/12 21:29:35 | 00,691,712 | ---- | C] (Microsoft Corporation) --

C:\WINDOWS\System32\dllcache\inetcomm.dll
[2009/05/12 21:29:20 | 00,245,248 | ---- | C] (Microsoft Corporation) --

C:\WINDOWS\System32\dllcache\mswsock.dll
[2009/05/12 21:29:18 | 00,337,408 | ---- | C] (Microsoft Corporation) --

C:\WINDOWS\System32\dllcache\netapi32.dll
[2009/05/12 21:29:01 | 01,288,192 | ---- | C] () --

C:\WINDOWS\System32\dllcache\quartz.dll
[2009/05/12 21:28:39 | 00,617,472 | ---- | C] (Microsoft Corporation) --

C:\WINDOWS\System32\comctl32.dll
[2009/05/12 21:28:39 | 00,617,472 | ---- | C] (Microsoft Corporation) --

C:\WINDOWS\System32\advapi32.dll
[2009/05/12 21:28:39 | 00,602,624 | ---- | C] (Microsoft Corporation) --

C:\WINDOWS\System32\autoconv.exe
[2009/05/12 21:28:39 | 00,588,800 | ---- | C] (Microsoft Corporation) --

C:\WINDOWS\System32\autochk.exe
[2009/05/12 21:28:39 | 00,389,120 | ---- | C] (Microsoft Corporation) --

C:\WINDOWS\System32\cmd.exe
[2009/05/12 21:28:39 | 00,019,968 | ---- | C] (Microsoft Corporation) --

C:\WINDOWS\System32\cacls.exe
[2009/05/12 21:28:38 | 00,989,696 | ---- | C] (Microsoft Corporation) --

C:\WINDOWS\System32\kernel32.dll
[2009/05/12 21:28:38 | 00,729,088 | ---- | C] (Microsoft Corporation) --

C:\WINDOWS\System32\lsasrv.dll
[2009/05/12 21:28:38 | 00,343,040 | ---- | C] (Microsoft Corporation) --

C:\WINDOWS\System32\localspl.dll
[2009/05/12 21:28:38 | 00,276,992 | ---- | C] (Microsoft Corporation) --

C:\WINDOWS\System32\comdlg32.dll
[2009/05/12 21:28:38 | 00,144,384 | ---- | C] (Microsoft Corporation) --

C:\WINDOWS\System32\imagehlp.dll
[2009/05/12 21:28:38 | 00,135,168 | ---- | C] (Microsoft Corporation) --

C:\WINDOWS\System32\desk.cpl
[2009/05/12 21:28:38 | 00,126,976 | ---- | C] (Microsoft Corporation) --

C:\WINDOWS\System32\dhcpcsvc.dll
[2009/05/12 21:28:38 | 00,075,264 | ---- | C] (Microsoft Corporation) --

C:\WINDOWS\System32\locator.exe
[2009/05/12 21:28:38 | 00,042,496 | ---- | C] (Microsoft Corporation) --

C:\WINDOWS\System32\ftp.exe
[2009/05/12 21:28:38 | 00,033,792 | ---- | C] (Microsoft Corporation) --

C:\WINDOWS\System32\msgsvc.dll
[2009/05/12 21:28:38 | 00,032,256 | ---- | C] (Microsoft Corporation) --

C:\WINDOWS\System32\csrsrv.dll
[2009/05/12 21:28:38 | 00,029,696 | ---- | C] (Microsoft Corporation) --

C:\WINDOWS\System32\format.com
[2009/05/12 21:28:38 | 00,014,848 | ---- | C] (Microsoft Corporation) --

C:\WINDOWS\System32\mgmtapi.dll
[2009/05/12 21:28:38 | 00,013,824 | ---- | C] (Microsoft Corporation) --

C:\WINDOWS\System32\lmhsvc.dll
[2009/05/12 21:28:37 | 00,714,752 | ---- | C] (Microsoft Corporation) --

C:\WINDOWS\System32\ntdll.dll
[2009/05/12 21:28:37 | 00,560,640 | ---- | C] (Microsoft Corporation) --

C:\WINDOWS\System32\printui.dll
[2009/05/12 21:28:37 | 00,551,936 | ---- | C] (Microsoft Corporation) --

C:\WINDOWS\System32\oleaut32.dll
[2009/05/12 21:28:37 | 00,420,864 | ---- | C] (Microsoft Corporation) --

C:\WINDOWS\System32\ntvdm.exe
[2009/05/12 21:28:37 | 00,237,056 | ---- | C] (Microsoft Corporation) --

C:\WINDOWS\System32\rasapi32.dll
[2009/05/12 21:28:37 | 00,142,336 | ---- | C] (Microsoft Corporation) --

C:\WINDOWS\System32\nwprovau.dll
[2009/05/12 21:28:37 | 00,132,608 | ---- | C] (Microsoft Corporation) --

C:\WINDOWS\System32\msv1_0.dll
[2009/05/12 21:28:37 | 00,091,136 | ---- | C] (Microsoft Corporation) --

C:\WINDOWS\System32\ntprint.dll
[2009/05/12 21:28:37 | 00,088,576 | ---- | C] (Microsoft Corporation) --

C:\WINDOWS\System32\rasauto.dll
[2009/05/12 21:28:37 | 00,076,800 | ---- | C] (Microsoft Corporation) --

C:\WINDOWS\System32\nslookup.exe
[2009/05/12 21:28:37 | 00,039,936 | ---- | C] (Microsoft Corporation) --

C:\WINDOWS\System32\perfctrs.dll
[2009/05/12 21:28:37 | 00,037,376 | ---- | C] (Microsoft Corporation) --

C:\WINDOWS\System32\olecnv32.dll
[2009/05/12 21:28:37 | 00,008,192 | ---- | C] (Microsoft Corporation) --

C:\WINDOWS\System32\ntlsapi.dll
[2009/05/12 21:28:36 | 00,985,088 | ---- | C] (Microsoft Corporation) --

C:\WINDOWS\System32\setupapi.dll
[2009/05/12 21:28:36 | 00,658,432 | ---- | C] (Microsoft Corporation) --

C:\WINDOWS\System32\rasdlg.dll
[2009/05/12 21:28:36 | 00,415,744 | ---- | C] (Microsoft Corporation) --

C:\WINDOWS\System32\samsrv.dll
[2009/05/12 21:28:36 | 00,144,896 | ---- | C] (Microsoft Corporation) --

C:\WINDOWS\System32\schannel.dll
[2009/05/12 21:28:36 | 00,141,312 | ---- | C] (Microsoft Corporation) --

C:\WINDOWS\System32\sessmgr.exe
[2009/05/12 21:28:36 | 00,110,592 | ---- | C] (Microsoft Corporation) --

C:\WINDOWS\System32\services.exe
[2009/05/12 21:28:36 | 00,095,744 | ---- | C] (Microsoft Corporation) --

C:\WINDOWS\System32\scardsvr.exe
[2009/05/12 21:28:36 | 00,064,000 | ---- | C] (Microsoft Corporation) --

C:\WINDOWS\System32\samlib.dll
[2009/05/12 21:28:36 | 00,061,440 | ---- | C] (Microsoft Corporation) --

C:\WINDOWS\System32\rasman.dll
[2009/05/12 21:28:36 | 00,058,368 | ---- | C] (Microsoft Corporation) --

C:\WINDOWS\System32\rastapi.dll
[2009/05/12 21:28:36 | 00,039,936 | ---- | C] (Microsoft Corporation) --

C:\WINDOWS\System32\rshx32.dll
[2009/05/12 21:28:36 | 00,013,312 | ---- | C] (Microsoft Corporation) --

C:\WINDOWS\System32\savedump.exe
[2009/05/12 21:28:35 | 01,846,784 | ---- | C] (Microsoft Corporation) --

C:\WINDOWS\System32\win32k.sys
[2009/05/12 21:28:35 | 01,846,784 | ---- | C] (Microsoft Corporation) --

C:\WINDOWS\System32\dllcache\win32k.sys
[2009/05/12 21:28:35 | 00,990,208 | ---- | C] (Microsoft Corporation) --

C:\WINDOWS\System32\syssetup.dll
[2009/05/12 21:28:35 | 00,316,416 | ---- | C] (Microsoft Corporation) --

C:\WINDOWS\System32\untfs.dll
[2009/05/12 21:28:35 | 00,300,544 | ---- | C] (Microsoft Corporation) --

C:\WINDOWS\System32\sysdm.cpl
[2009/05/12 21:28:35 | 00,275,456 | ---- | C] (Microsoft Corporation) --

C:\WINDOWS\System32\ulib.dll
[2009/05/12 21:28:35 | 00,102,400 | ---- | C] (Microsoft Corporation) --

C:\WINDOWS\System32\win32spl.dll
[2009/05/12 21:28:35 | 00,096,768 | ---- | C] (Microsoft Corporation) --

C:\WINDOWS\System32\srvsvc.dll
[2009/05/12 21:28:35 | 00,050,688 | ---- | C] (Microsoft Corporation) --

C:\WINDOWS\System32\smss.exe
[2009/05/12 21:28:35 | 00,045,568 | ---- | C] (Microsoft Corporation) --

C:\WINDOWS\System32\tcpmonui.dll
[2009/05/12 21:28:35 | 00,026,112 | ---- | C] (Microsoft Corporation) --

C:\WINDOWS\System32\userinit.exe
[2009/05/12 21:28:34 | 00,187,776 | ---- | C] (Microsoft Corporation) --

C:\WINDOWS\System32\drivers\acpi.sys
[2009/05/12 21:28:34 | 00,146,432 | ---- | C] (Microsoft Corporation) --

C:\WINDOWS\System32\winspool.drv
[2009/05/12 21:28:34 | 00,142,592 | ---- | C] (Microsoft Corporation) --

C:\WINDOWS\System32\drivers\aec.sys
[2009/05/12 21:28:34 | 00,138,496 | ---- | C] (Microsoft Corporation) --

C:\WINDOWS\System32\drivers\afd.sys
[2009/05/12 21:28:34 | 00,138,496 | ---- | C] (Microsoft Corporation) --

C:\WINDOWS\System32\dllcache\afd.sys
[2009/05/12 21:28:34 | 00,132,096 | ---- | C] (Microsoft Corporation) --

C:\WINDOWS\System32\wkssvc.dll
[2009/05/12 21:28:34 | 00,095,360 | ---- | C] (Microsoft Corporation) --

C:\WINDOWS\System32\drivers\atapi.sys
[2009/05/12 21:28:34 | 00,071,552 | ---- | C] (Microsoft Corporation) --

C:\WINDOWS\System32\drivers\bridge.sys
[2009/05/12 21:28:34 | 00,063,744 | ---- | C] (Microsoft Corporation) --

C:\WINDOWS\System32\drivers\cdfs.sys
[2009/05/12 21:28:34 | 00,062,976 | ---- | C] (Microsoft Corporation) --

C:\WINDOWS\System32\drivers\cdrom.sys
[2009/05/12 21:28:34 | 00,060,800 | ---- | C] (Microsoft Corporation) --

C:\WINDOWS\System32\drivers\arp1394.sys
[2009/05/12 21:28:34 | 00,059,904 | ---- | C] (Microsoft Corporation) --

C:\WINDOWS\System32\drivers\atmarpc.sys
[2009/05/12 21:28:34 | 00,055,808 | ---- | C] (Microsoft Corporation) --

C:\WINDOWS\System32\drivers\atmlane.sys
[2009/05/12 21:28:34 | 00,053,376 | ---- | C] (Microsoft Corporation) --

C:\WINDOWS\System32\drivers\1394bus.sys
[2009/05/12 21:28:34 | 00,049,536 | ---- | C] (Microsoft Corporation) --

C:\WINDOWS\System32\drivers\classpnp.sys
[2009/05/12 21:28:34 | 00,048,128 | ---- | C] (Microsoft Corporation) --

C:\WINDOWS\System32\drivers\61883.sys
[2009/05/12 21:28:34 | 00,038,912 | ---- | C] (Microsoft Corporation) --

C:\WINDOWS\System32\drivers\avc.sys
[2009/05/12 21:28:34 | 00,037,376 | ---- | C] (Microsoft Corporation) --

C:\WINDOWS\System32\drivers\amdk6.sys
[2009/05/12 21:28:34 | 00,036,736 | ---- | C] (Microsoft Corporation) --

C:\WINDOWS\System32\drivers\crusoe.sys
[2009/05/12 21:28:34 | 00,017,024 | ---- | C] (Microsoft Corporation) --

C:\WINDOWS\System32\drivers\ccdecode.sys
[2009/05/12 21:28:34 | 00,014,336 | ---- | C] (Microsoft Corporation) --

C:\WINDOWS\System32\drivers\asyncmac.sys
[2009/05/12 21:28:33 | 00,799,744 | ---- | C] (Microsoft Corp., Veritas Software) --

C:\WINDOWS\System32\drivers\dmboot.sys
[2009/05/12 21:28:33 | 00,153,344 | ---- | C] (Microsoft Corp., Veritas Software) --

C:\WINDOWS\System32\drivers\dmio.sys
[2009/05/12 21:28:33 | 00,143,744 | ---- | C] (Microsoft Corporation) --

C:\WINDOWS\System32\drivers\fastfat.sys
[2009/05/12 21:28:33 | 00,071,168 | ---- | C] (Microsoft Corporation) --

C:\WINDOWS\System32\drivers\dxg.sys
[2009/05/12 21:28:33 | 00,060,288 | ---- | C] (Microsoft Corporation) --

C:\WINDOWS\System32\drivers\drmk.sys
[2009/05/12 21:28:33 | 00,052,864 | ---- | C] (Microsoft Corporation) --

C:\WINDOWS\System32\drivers\dmusic.sys
[2009/05/12 21:28:33 | 00,052,480 | ---- | C] (Microsoft Corporation) --

C:\WINDOWS\System32\drivers\i8042prt.sys
[2009/05/12 21:28:33 | 00,044,544 | ---- | C] (Microsoft Corporation) --

C:\WINDOWS\System32\drivers\fips.sys
[2009/05/12 21:28:33 | 00,036,864 | ---- | C] (Microsoft Corporation) --

C:\WINDOWS\System32\drivers\hidclass.sys
[2009/05/12 21:28:33 | 00,036,352 | ---- | C] (Microsoft Corporation) --

C:\WINDOWS\System32\drivers\disk.sys
[2009/05/12 21:28:33 | 00,027,392 | ---- | C] (Microsoft Corporation) --

C:\WINDOWS\System32\drivers\fdc.sys
[2009/05/12 21:28:33 | 00,024,960 | ---- | C] (Microsoft Corporation) --

C:\WINDOWS\System32\drivers\hidparse.sys
[2009/05/12 21:28:33 | 00,020,480 | ---- | C] (Microsoft Corporation) --

C:\WINDOWS\System32\drivers\flpydisk.sys
[2009/05/12 21:28:33 | 00,018,560 | ---- | C] (Microsoft Corporation) --

C:\WINDOWS\System32\drivers\i2omp.sys
[2009/05/12 21:28:33 | 00,014,208 | ---- | C] (Microsoft Corporation) --

C:\WINDOWS\System32\drivers\diskdump.sys
[2009/05/12 21:28:33 | 00,010,368 | ---- | C] (Microsoft Corporation) --

C:\WINDOWS\System32\drivers\hidusb.sys
[2009/05/12 21:28:33 | 00,008,576 | ---- | C] (Microsoft Corporation) --

C:\WINDOWS\System32\drivers\i2omgmt.sys
[2009/05/12 21:28:33 | 00,002,944 | ---- | C] (Microsoft Corporation) --

C:\WINDOWS\System32\drivers\drmkaud.sys
[2009/05/12 21:28:32 | 00,152,832 | ---- | C] (Microsoft Corporation) --

C:\WINDOWS\System32\drivers\ipnat.sys
[2009/05/12 21:28:32 | 00,075,264 | ---- | C] (Microsoft Corporation) --

C:\WINDOWS\System32\drivers\ipsec.sys
[2009/05/12 21:28:32 | 00,042,112 | ---- | C] (Microsoft Corporation) --

C:\WINDOWS\System32\drivers\imapi.sys
[2009/05/12 21:28:32 | 00,035,840 | ---- | C] (Microsoft Corporation) --

C:\WINDOWS\System32\drivers\isapnp.sys
[2009/05/12 21:28:32 | 00,024,576 | ---- | C] (Microsoft Corporation) --

C:\WINDOWS\System32\drivers\kbdclass.sys
[2009/05/12 21:28:32 | 00,020,864 | ---- | C] (Microsoft Corporation) --

C:\WINDOWS\System32\drivers\ipinip.sys
[2009/05/12 21:28:32 | 00,014,592 | ---- | C] (Microsoft Corporation) --

C:\WINDOWS\System32\drivers\kbdhid.sys
[2009/05/12 21:28:32 | 00,011,264 | ---- | C] (Microsoft Corporation) --

C:\WINDOWS\System32\drivers\irenum.sys
[2009/05/12 21:28:32 | 00,005,504 | ---- | C] (Microsoft Corporation) --

C:\WINDOWS\System32\drivers\intelide.sys
[2009/05/12 21:28:31 | 00,172,416 | ---- | C] (Microsoft Corporation) --

C:\WINDOWS\System32\drivers\kmixer.sys
[2009/05/12 21:28:31 | 00,140,928 | ---- | C] (Microsoft Corporation) --

C:\WINDOWS\System32\drivers\ks.sys
[2009/05/12 21:28:31 | 00,092,288 | ---- | C] (Microsoft Corporation) --

C:\WINDOWS\System32\drivers\ksecdd.sys
[2009/05/12 21:28:31 | 00,063,744 | ---- | C] (Microsoft Corporation) --

C:\WINDOWS\System32\drivers\mf.sys
[2009/05/12 21:28:31 | 00,042,368 | ---- | C] (Microsoft Corporation) --

C:\WINDOWS\System32\drivers\mountmgr.sys
[2009/05/12 21:28:31 | 00,030,080 | ---- | C] (Microsoft Corporation) --

C:\WINDOWS\System32\drivers\modem.sys
[2009/05/12 21:28:31 | 00,023,040 | ---- | C] (Microsoft Corporation) --

C:\WINDOWS\System32\drivers\mouclass.sys
[2009/05/12 21:28:30 | 00,455,296 | ---- | C] (Microsoft Corporation) --

C:\WINDOWS\System32\drivers\mrxsmb.sys
[2009/05/12 21:28:30 | 00,455,296 | ---- | C] (Microsoft Corporation) --

C:\WINDOWS\System32\dllcache\mrxsmb.sys
[2009/05/12 21:28:30 | 00,180,608 | ---- | C] (Microsoft Corporation) --

C:\WINDOWS\System32\drivers\mrxdav.sys
[2009/05/12 21:28:30 | 00,051,200 | ---- | C] (Microsoft Corporation) --

C:\WINDOWS\System32\drivers\msdv.sys
[2009/05/12 21:28:30 | 00,035,072 | ---- | C] (Microsoft Corporation) --

C:\WINDOWS\System32\drivers\msgpc.sys
[2009/05/12 21:28:30 | 00,019,072 | ---- | C] (Microsoft Corporation) --

C:\WINDOWS\System32\drivers\msfs.sys
[2009/05/12 21:28:30 | 00,007,552 | ---- | C] (Microsoft Corporation) --

C:\WINDOWS\System32\drivers\mskssrv.sys
[2009/05/12 21:28:29 | 00,182,656 | ---- | C] (Microsoft Corporation) --

C:\WINDOWS\System32\drivers\ndis.sys
[2009/05/12 21:28:29 | 00,162,816 | ---- | C] (Microsoft Corporation) --

C:\WINDOWS\System32\drivers\netbt.sys
[2009/05/12 21:28:29 | 00,105,344 | ---- | C] (Microsoft Corporation) --

C:\WINDOWS\System32\drivers\mup.sys
[2009/05/12 21:28:29 | 00,091,520 | ---- | C] (Microsoft Corporation) --

C:\WINDOWS\System32\drivers\ndiswan.sys
[2009/05/12 21:28:29 | 00,085,376 | ---- | C] (Microsoft Corporation) --

C:\WINDOWS\System32\drivers\nabtsfec.sys
[2009/05/12 21:28:29 | 00,061,824 | ---- | C] (Microsoft Corporation) --

C:\WINDOWS\System32\drivers\nic1394.sys
[2009/05/12 21:28:29 | 00,040,576 | ---- | C] (Microsoft Corporation) --

C:\WINDOWS\System32\drivers\ndproxy.sys
[2009/05/12 21:28:29 | 00,040,320 | ---- | C] (Microsoft Corporation) --

C:\WINDOWS\System32\drivers\nmnt.sys
[2009/05/12 21:28:29 | 00,034,688 | ---- | C] (Microsoft Corporation) --

C:\WINDOWS\System32\drivers\netbios.sys
[2009/05/12 21:28:29 | 00,030,848 | ---- | C] (Microsoft Corporation) --

C:\WINDOWS\System32\drivers\npfs.sys
[2009/05/12 21:28:29 | 00,014,592 | ---- | C] (Microsoft Corporation) --

C:\WINDOWS\System32\drivers\ndisuio.sys
[2009/05/12 21:28:29 | 00,010,880 | ---- | C] (Microsoft Corporation) --

C:\WINDOWS\System32\drivers\ndisip.sys
[2009/05/12 21:28:29 | 00,010,112 | ---- | C] (Microsoft Corporation) --

C:\WINDOWS\System32\drivers\ndistapi.sys
[2009/05/12 21:28:29 | 00,005,504 | ---- | C] (Microsoft Corporation) --

C:\WINDOWS\System32\drivers\mstee.sys
[2009/05/12 21:28:29 | 00,005,376 | ---- | C] (Microsoft Corporation) --

C:\WINDOWS\System32\drivers\mspclock.sys
[2009/05/12 21:28:29 | 00,004,992 | ---- | C] (Microsoft Corporation) --

C:\WINDOWS\System32\drivers\mspqm.sys
[2009/05/12 21:28:28 | 00,574,976 | ---- | C] (Microsoft Corporation) --

C:\WINDOWS\System32\drivers\ntfs.sys
[2009/05/12 21:28:28 | 00,175,744 | ---- | C] (Microsoft Corporation) --

C:\WINDOWS\System32\drivers\rdbss.sys
[2009/05/12 21:28:28 | 00,136,960 | ---- | C] (Microsoft Corporation) --

C:\WINDOWS\System32\drivers\portcls.sys
[2009/05/12 21:28:28 | 00,120,192 | ---- | C] (Microsoft Corporation) --

C:\WINDOWS\System32\drivers\pcmcia.sys
[2009/05/12 21:28:28 | 00,088,320 | ---- | C] (Microsoft Corporation) --

C:\WINDOWS\System32\drivers\nwlnkipx.sys
[2009/05/12 21:28:28 | 00,080,128 | ---- | C] (Microsoft Corporation) --

C:\WINDOWS\System32\drivers\parport.sys
[2009/05/12 21:28:28 | 00,069,120 | ---- | C] (Microsoft Corporation) --

C:\WINDOWS\System32\drivers\psched.sys
[2009/05/12 21:28:28 | 00,068,224 | ---- | C] (Microsoft Corporation) --

C:\WINDOWS\System32\drivers\pci.sys
[2009/05/12 21:28:28 | 00,061,696 | ---- | C] (Microsoft Corporation) --

C:\WINDOWS\System32\drivers\ohci1394.sys
[2009/05/12 21:28:28 | 00,051,328 | ---- | C] (Microsoft Corporation) --

C:\WINDOWS\System32\drivers\rasl2tp.sys
[2009/05/12 21:28:28 | 00,048,384 | ---- | C] (Microsoft Corporation) --

C:\WINDOWS\System32\drivers\raspptp.sys
[2009/05/12 21:28:28 | 00,042,752 | ---- | C] (Microsoft Corporation) --

C:\WINDOWS\System32\drivers\p3.sys
[2009/05/12 21:28:28 | 00,041,472 | ---- | C] (Microsoft Corporation) --

C:\WINDOWS\System32\drivers\raspppoe.sys
[2009/05/12 21:28:28 | 00,035,840 | ---- | C] (Microsoft Corporation) --

C:\WINDOWS\System32\drivers\processr.sys
[2009/05/12 21:28:28 | 00,025,088 | ---- | C] (Microsoft Corporation) --

C:\WINDOWS\System32\drivers\pciidex.sys
[2009/05/12 21:28:28 | 00,019,712 | ---- | C] (Microsoft Corporation) --

C:\WINDOWS\System32\drivers\partmgr.sys
[2009/05/12 21:28:27 | 00,203,136 | ---- | C] (Microsoft Corporation) --

C:\WINDOWS\System32\drivers\rmcast.sys
[2009/05/12 21:28:27 | 00,203,136 | ---- | C] (Microsoft Corporation) --

C:\WINDOWS\System32\dllcache\rmcast.sys
[2009/05/12 21:28:27 | 00,196,864 | ---- | C] (Microsoft Corporation) --

C:\WINDOWS\System32\drivers\rdpdr.sys
[2009/05/12 21:28:27 | 00,139,656 | ---- | C] (Microsoft Corporation) --

C:\WINDOWS\System32\drivers\rdpwd.sys
[2009/05/12 21:28:27 | 00,057,600 | ---- | C] (Microsoft Corporation) --

C:\WINDOWS\System32\drivers\redbook.sys
[2009/05/12 21:28:26 | 00,361,600 | ---- | C] (Microsoft Corporation) --

C:\WINDOWS\System32\drivers\tcpip.sys
[2009/05/12 21:28:26 | 00,361,600 | ---- | C] (Microsoft Corporation) --

C:\WINDOWS\System32\dllcache\tcpip.sys
[2009/05/12 21:28:26 | 00,333,952 | ---- | C] (Microsoft Corporation) --

C:\WINDOWS\System32\drivers\srv.sys
[2009/05/12 21:28:26 | 00,333,952 | ---- | C] (Microsoft Corporation) --

C:\WINDOWS\System32\dllcache\srv.sys
[2009/05/12 21:28:26 | 00,096,384 | ---- | C] (Microsoft Corporation) --

C:\WINDOWS\System32\drivers\scsiport.sys
[2009/05/12 21:28:26 | 00,073,472 | ---- | C] (Microsoft Corporation) --

C:\WINDOWS\System32\drivers\sr.sys
[2009/05/12 21:28:26 | 00,064,512 | ---- | C] (Microsoft Corporation) --

C:\WINDOWS\System32\drivers\serial.sys
[2009/05/12 21:28:26 | 00,060,800 | ---- | C] (Microsoft Corporation) --

C:\WINDOWS\System32\drivers\sysaudio.sys
[2009/05/12 21:28:26 | 00,056,576 | ---- | C] (Microsoft Corporation) --

C:\WINDOWS\System32\drivers\swmidi.sys
[2009/05/12 21:28:26 | 00,048,640 | ---- | C] (Microsoft Corporation) --

C:\WINDOWS\System32\drivers\stream.sys
[2009/05/12 21:28:26 | 00,030,592 | ---- | C] (Microsoft Corporation) --

C:\WINDOWS\System32\drivers\rndismp.sys
[2009/05/12 21:28:26 | 00,025,344 | ---- | C] (Microsoft Corporation) --

C:\WINDOWS\System32\drivers\sonydcam.sys
[2009/05/12 21:28:26 | 00,015,744 | ---- | C] (Microsoft Corporation) --

C:\WINDOWS\System32\drivers\serenum.sys
[2009/05/12 21:28:26 | 00,015,360 | ---- | C] (Microsoft Corporation) --

C:\WINDOWS\System32\drivers\streamip.sys
[2009/05/12 21:28:26 | 00,014,976 | ---- | C] (Microsoft Corporation) --

C:\WINDOWS\System32\drivers\tape.sys
[2009/05/12 21:28:26 | 00,011,392 | ---- | C] (Microsoft Corporation) --

C:\WINDOWS\System32\drivers\sfloppy.sys
[2009/05/12 21:28:26 | 00,011,136 | ---- | C] (Microsoft Corporation) --

C:\WINDOWS\System32\drivers\slip.sys
[2009/05/12 21:28:26 | 00,006,272 | ---- | C] (Microsoft Corporation) --

C:\WINDOWS\System32\drivers\splitter.sys
[2009/05/12 21:28:26 | 00,004,352 | ---- | C] (Microsoft Corporation) --

C:\WINDOWS\System32\drivers\swenum.sys
[2009/05/12 21:28:25 | 00,384,768 | ---- | C] (Microsoft Corporation) --

C:\WINDOWS\System32\drivers\update.sys
[2009/05/12 21:28:25 | 00,225,856 | ---- | C] (Microsoft Corporation) --

C:\WINDOWS\System32\drivers\tcpip6.sys
[2009/05/12 21:28:25 | 00,225,856 | ---- | C] (Microsoft Corporation) --

C:\WINDOWS\System32\dllcache\tcpip6.sys
[2009/05/12 21:28:25 | 00,143,104 | ---- | C] (Microsoft Corporation) --

C:\WINDOWS\System32\drivers\usbport.sys
[2009/05/12 21:28:25 | 00,066,048 | ---- | C] (Microsoft Corporation) --

C:\WINDOWS\System32\drivers\udfs.sys
[2009/05/12 21:28:25 | 00,057,600 | ---- | C] (Microsoft Corporation) --

C:\WINDOWS\System32\drivers\usbhub.sys
[2009/05/12 21:28:25 | 00,040,840 | ---- | C] (Microsoft Corporation) --

C:\WINDOWS\System32\drivers\termdd.sys
[2009/05/12 21:28:25 | 00,032,128 | ---- | C] (Microsoft Corporation) --

C:\WINDOWS\System32\drivers\usbccgp.sys
[2009/05/12 21:28:25 | 00,026,368 | ---- | C] (Microsoft Corporation) --

C:\WINDOWS\System32\drivers\usbstor.sys
[2009/05/12 21:28:25 | 00,025,856 | ---- | C] (Microsoft Corporation) --

C:\WINDOWS\System32\drivers\usbprint.sys
[2009/05/12 21:28:25 | 00,025,728 | ---- | C] (Microsoft Corporation) --

C:\WINDOWS\System32\drivers\usbcamd2.sys
[2009/05/12 21:28:25 | 00,025,600 | ---- | C] (Microsoft Corporation) --

C:\WINDOWS\System32\drivers\usbcamd.sys
[2009/05/12 21:28:25 | 00,021,896 | ---- | C] (Microsoft Corporation) --

C:\WINDOWS\System32\drivers\tdtcp.sys
[2009/05/12 21:28:25 | 00,020,992 | ---- | C] (Microsoft Corporation) --

C:\WINDOWS\System32\drivers\vga.sys
[2009/05/12 21:28:25 | 00,020,480 | ---- | C] (Microsoft Corporation) --

C:\WINDOWS\System32\drivers\usbuhci.sys
[2009/05/12 21:28:25 | 00,019,072 | ---- | C] (Microsoft Corporation) --

C:\WINDOWS\System32\drivers\tdi.sys
[2009/05/12 21:28:25 | 00,015,872 | ---- | C] (Microsoft Corporation) --

C:\WINDOWS\System32\drivers\usbintel.sys
[2009/05/12 21:28:25 | 00,015,104 | ---- | C] (Microsoft Corporation) --

C:\WINDOWS\System32\drivers\usbscan.sys
[2009/05/12 21:28:25 | 00,012,800 | ---- | C] (Microsoft Corporation) --

C:\WINDOWS\System32\drivers\usb8023.sys
[2009/05/12 21:28:25 | 00,012,040 | ---- | C] (Microsoft Corporation) --

C:\WINDOWS\System32\drivers\tdpipe.sys
[2009/05/12 21:28:24 | 02,145,280 | ---- | C] (Microsoft Corporation) --

C:\WINDOWS\System32\ntoskrnl.exe
[2009/05/12 21:28:24 | 02,023,936 | ---- | C] (Microsoft Corporation) --

C:\WINDOWS\System32\ntkrnlpa.exe
[2009/05/12 21:28:24 | 00,134,400 | ---- | C] (Microsoft Corporation) --

C:\WINDOWS\System32\HAL.DLL
[2009/05/12 21:28:24 | 00,083,072 | ---- | C] (Microsoft Corporation) --

C:\WINDOWS\System32\drivers\wdmaud.sys
[2009/05/12 21:28:24 | 00,081,664 | ---- | C] (Microsoft Corporation) --

C:\WINDOWS\System32\drivers\videoprt.sys
[2009/05/12 21:28:24 | 00,052,352 | ---- | C] (Microsoft Corporation) --

C:\WINDOWS\System32\drivers\volsnap.sys
[2009/05/12 21:28:24 | 00,034,560 | ---- | C] (Microsoft Corporation) --

C:\WINDOWS\System32\drivers\wanarp.sys
[2009/05/12 21:28:24 | 00,019,328 | ---- | C] (Microsoft Corporation) --

C:\WINDOWS\System32\drivers\wstcodec.sys
[2009/05/12 21:28:24 | 00,005,376 | ---- | C] (Microsoft Corporation) --

C:\WINDOWS\System32\drivers\viaide.sys
[2009/05/12 21:28:00 | 00,000,000 | -H-D | C] -- C:\WINDOWS\$NtServicePackUninstall$
[2009/05/12 20:33:17 | 00,034,374 | ---- | C] () -- C:\Documents and Settings\Peter H\My

Documents\cc_20090512_2033.reg
[2009/05/12 19:07:15 | 00,000,000 | ---D | C] -- C:\Config.Msi
[2009/05/11 22:03:00 | 00,080,817 | ---- | C] () -- C:\Documents and Settings\Peter H\My

Documents\cc_20090511_2202.reg
[2009/05/11 21:13:49 | 00,000,000 | ---D | C] -- C:\Program Files\McAfee(2).com
[2009/05/11 21:13:43 | 00,000,000 | ---D | C] -- C:\Program Files\Common Files\McAfee(2)
[2009/05/11 21:13:36 | 00,000,000 | ---D | C] -- C:\Program Files\McAfee(2)
[2009/05/11 08:35:42 | 00,131,072 | ---- | C] () -- C:\Documents and Settings\Peter H\My

Documents\device_driver.doc
[2009/05/10 21:03:53 | 00,000,000 | ---D | C] -- C:\Program Files\Resource Kit
[2009/05/10 20:27:14 | 00,397,552 | ---- | C] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2009/05/09 11:55:19 | 00,002,560 | ---- | C] (Microsoft Corporation) --

C:\WINDOWS\System32\xpsp4res.dll
[2009/05/08 23:58:58 | 00,000,000 | ---D | C] -- C:\WINDOWS\Minidump
[2009/05/08 20:57:10 | 00,148,914 | ---- | C] () -- C:\Documents and Settings\Peter H\My

Documents\08_6_10_rehoboth_affidavit.pdf
[2009/05/08 11:57:36 | 00,065,145 | ---- | C] () -- C:\Documents and Settings\Peter H\My

Documents\n09_party5.pdf
[2009/05/08 11:56:40 | 00,296,960 | ---- | C] () -- C:\Documents and Settings\Peter H\My

Documents\n09_party_rsvp2.pra

========== Files - Modified Within 30 Days ==========

[255 C:\WINDOWS\System32\*.tmp files]
[4 C:\WINDOWS\*.tmp files]
[2009/06/05 08:08:28 | 00,422,912 | ---- | M] (OldTimer Tools) -- C:\Documents and

Settings\Peter H\Desktop\OTViewIt.exe
[2009/06/05 08:05:17 | 00,267,612 | ---- | M] () -- C:\Documents and Settings\Peter

H\Desktop\Rooter.exe
[2009/06/05 08:00:13 | 00,011,241 | ---- | M] () -- C:\WINDOWS\System32\Config.MPF
[2009/06/05 08:00:08 | 00,000,374 | ---- | M] () --

C:\WINDOWS\System32\drivers\etc\hosts.ics
[2009/06/05 07:59:06 | 00,000,006 | -H-- | M] () -- C:\WINDOWS\tasks\SA.DAT
[2009/06/05 07:59:03 | 00,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2009/06/05 07:58:57 | 10,718,12608 | -HS- | M] () -- C:\hiberfil.sys
[2009/06/04 23:49:47 | 00,286,208 | ---- | M] () -- C:\Documents and Settings\Peter

H\Desktop\98rzrqgi.exe
[2009/06/04 21:11:37 | 00,046,592 | ---- | M] () -- C:\Documents and Settings\Peter H\My

Documents\mole_response1.doc
[2009/06/03 21:21:05 | 00,006,380 | ---- | M] () -- C:\Documents and Settings\Peter

H\Desktop\Attach.zip
[2009/06/03 21:02:09 | 00,096,256 | ---- | M] () -- C:\Documents and Settings\Peter H\My

Documents\rootkit_reveal1.doc
[2009/06/03 13:32:01 | 00,000,284 | ---- | M] () --

C:\WINDOWS\tasks\AppleSoftwareUpdate.job
[2009/06/02 22:29:31 | 00,000,740 | ---- | M] () -- C:\Documents and Settings\Peter

H\Desktop\Eusing Free Registry Cleaner.lnk
[2009/06/02 21:57:34 | 00,088,576 | ---- | M] () -- C:\Documents and Settings\Peter

H\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2009/06/02 21:50:43 | 00,000,349 | ---- | M] () -- C:\Documents and Settings\All

Users\Documents\PCLECHAL.INI
[2009/06/02 21:48:44 | 00,000,000 | ---- | M] () -- C:\WINDOWS\exctrlst.INI
[2009/06/02 21:34:21 | 00,002,206 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2009/06/02 08:40:28 | 00,015,960 | -HS- | M] () -- C:\WINDOWS\System32\KGyGaAvL.sys
[2009/06/02 08:40:27 | 00,000,088 | RHS- | M] () -- C:\WINDOWS\System32\0E4B4E5CD8.sys
[2009/06/01 23:52:59 | 00,219,648 | ---- | M] () -- C:\Documents and Settings\Peter H\My

Documents\loadperf_error.doc
[2009/06/01 01:00:45 | 00,000,344 | ---- | M] () -- C:\WINDOWS\tasks\McQcTask.job
[2009/06/01 00:12:44 | 00,054,156 | -H-- | M] () -- C:\WINDOWS\QTFont.qfn
[2009/05/29 20:48:55 | 00,000,642 | ---- | M] () -- C:\Documents and Settings\Peter H\My

Documents\cc_20090529_2048.reg
[2009/05/29 20:41:10 | 00,037,376 | ---- | M] () -- C:\Documents and Settings\Peter H\My

Documents\Manual steps to back up the registry in Windows Vista or in Windows XP.doc
[2009/05/29 19:28:57 | 00,044,032 | ---- | M] () -- C:\Documents and Settings\Peter H\My

Documents\What Are Event Logst.doc
[2009/05/29 19:23:59 | 00,397,552 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2009/05/29 18:59:10 | 00,250,048 | RHS- | M] () -- C:\ntldr
[2009/05/29 18:36:28 | 00,044,544 | ---- | M] () -- C:\Documents and Settings\Peter H\My

Documents\Description of Windows XP and Windows Server 2003 System File Checker.doc
[2009/05/29 12:36:57 | 00,000,005 | ---- | M] () --

C:\WINDOWS\System32\drivers\DELL_XPS_Dell DXP051 .MRK
[2009/05/29 12:36:57 | 00,000,005 | ---- | M] () --

C:\WINDOWS\System32\drivers\1028_DELL_XPS_Dell DXP051 .MRK
[2009/05/29 11:24:35 | 00,000,842 | ---- | M] () -- C:\Documents and Settings\All

Users\Desktop\DriverScanner.lnk
[2009/05/29 11:20:48 | 00,029,184 | ---- | M] () -- C:\Documents and Settings\Peter H\My

Documents\ConnAPI.doc
[2009/05/29 10:19:12 | 00,002,415 | ---- | M] () -- C:\Documents and Settings\All

Users\Desktop\Dell Support Center.lnk
[2009/05/29 08:48:55 | 00,001,409 | ---- | M] () -- C:\WINDOWS\QTFont.for
[2009/05/29 07:49:52 | 00,057,960 | ---- | M] () -- C:\Documents and Settings\Peter H\My

Documents\cc_20090529_0749.reg
[2009/05/29 00:34:07 | 00,000,774 | ---- | M] () -- C:\Documents and Settings\Peter

H\Desktop\System Tweaker.lnk
[2009/05/28 21:34:29 | 00,030,515 | ---- | M] () -- C:\Documents and Settings\Peter H\My

Documents\NTE725.pdf
[2009/05/28 00:01:49 | 00,111,616 | ---- | M] () -- C:\Documents and Settings\Peter H\My

Documents\windows_crash.doc
[2009/05/27 10:53:58 | 29,033,10336 | ---- | M] () -- C:\WinLite.iso
[2009/05/26 16:24:52 | 01,699,840 | ---- | M] () -- C:\Documents and Settings\Peter H\My

Documents\NLITE_DOC.doc
[2009/05/26 16:07:34 | 00,025,600 | ---- | M] () -- C:\Documents and Settings\Peter H\My

Documents\SP3_CDPROBLEM.doc
[2009/05/23 23:18:27 | 00,056,320 | ---- | M] () -- C:\Documents and Settings\Peter H\My

Documents\How to Slipstream Windows XP Service Pack 3 to Create an Integrated XP Setup

Disk with SP 3.doc
[2009/05/23 18:35:22 | 00,002,583 | ---- | M] () -- C:\Documents and Settings\All

Users\Desktop\Print Artist Platinum.lnk
[2009/05/23 15:52:38 | 00,000,298 | ---- | M] () -- C:\Documents and Settings\Peter H\My

Documents\xp.ROXIO
[2009/05/23 14:01:00 | 02,028,369 | ---- | M] () -- C:\Documents and Settings\Peter H\My

Documents\rc4558.pdf
[2009/05/23 11:18:00 | 00,051,419 | ---- | M] () -- C:\Documents and Settings\Peter H\My

Documents\n09_party7.pdf
[2009/05/23 11:16:49 | 00,237,568 | ---- | M] () -- C:\Documents and Settings\Peter H\My

Documents\n09_party_rsvp4.pra
[2009/05/22 23:19:03 | 00,067,584 | ---- | M] () -- C:\Documents and Settings\Peter H\My

Documents\Build an XP SP3 Recovery Disc.doc
[2009/05/22 21:58:56 | 00,068,096 | ---- | M] () -- C:\Documents and Settings\Peter H\My

Documents\sfc_workaround.doc
[2009/05/21 09:08:38 | 00,051,200 | ---- | M] () -- C:\Documents and Settings\Peter H\My

Documents\Scannow SFC.doc
[2009/05/21 09:02:10 | 00,001,602 | ---- | M] () -- C:\Documents and Settings\All

Users\Desktop\Mozilla Firefox.lnk
[2009/05/20 22:11:21 | 00,303,104 | ---- | M] () -- C:\Documents and Settings\Peter H\My

Documents\n09_party_rsvp2b.pra
[2009/05/20 21:57:32 | 00,051,843 | ---- | M] () -- C:\Documents and Settings\Peter H\My

Documents\n09_party6.pdf
[2009/05/20 21:57:24 | 00,237,568 | ---- | M] () -- C:\Documents and Settings\Peter H\My

Documents\n09_party_rsvp3.pra
[2009/05/20 01:19:15 | 00,001,729 | ---- | M] () -- C:\Documents and Settings\All

Users\Desktop\Adobe Reader 8.lnk
[2009/05/20 01:13:36 | 00,000,844 | ---- | M] () -- C:\Documents and Settings\All

Users\Desktop\Adobe Photoshop Elements 6.0.lnk
[2009/05/20 01:08:00 | 00,004,161 | ---- | M] () -- C:\WINDOWS\ODBCINST.INI
[2009/05/20 00:38:46 | 00,000,559 | ---- | M] () -- C:\WINDOWS\win.ini
[2009/05/20 00:38:46 | 00,000,279 | RHS- | M] () -- C:\boot.ini
[2009/05/20 00:38:46 | 00,000,264 | ---- | M] () -- C:\WINDOWS\system.ini
[2009/05/19 21:33:51 | 00,026,112 | ---- | M] () -- C:\Documents and Settings\Peter H\My

Documents\sets_052409.doc
[2009/05/18 22:34:24 | 00,182,272 | ---- | M] () -- C:\Documents and Settings\Peter H\My

Documents\driver_verify.doc
[2009/05/15 21:55:09 | 00,005,277 | ---- | M] () -- C:\Documents and Settings\Peter

H\Desktop\Attach_old.zip
[2009/05/14 23:47:52 | 00,000,165 | ---- | M] () -- C:\WINDOWS\QUICKEN.INI
[2009/05/14 23:45:46 | 00,001,577 | ---- | M] () -- C:\Documents and Settings\All

Users\Desktop\Quicken Deluxe 2009.lnk
[2009/05/14 23:27:26 | 00,067,536 | ---- | M] () -- C:\MGlogs.zip
[2009/05/14 23:25:38 | 00,110,908 | ---- | M] () -- C:\MGlogs1.zip
[2009/05/14 21:52:53 | 00,000,671 | ---- | M] () -- C:\Documents and Settings\All

Users\Desktop\McAfee Security Center.lnk
[2009/05/14 21:49:50 | 00,000,352 | ---- | M] () -- C:\WINDOWS\tasks\McDefragTask.job
[2009/05/14 21:23:28 | 00,028,672 | ---- | M] () -- C:\Documents and Settings\Peter H\My

Documents\Stop Programs When Windows Starts.doc
[2009/05/14 21:01:06 | 00,036,352 | ---- | M] () -- C:\Documents and Settings\Peter H\My

Documents\McAfee Removal tool.doc
[2009/05/14 08:32:54 | 00,000,027 | ---- | M] () --

C:\WINDOWS\System32\drivers\etc\hosts
[2009/05/14 00:21:06 | 00,000,696 | ---- | M] () -- C:\Documents and Settings\All

Users\Desktop\Malwarebytes' Anti-Malware.lnk
[2009/05/13 22:02:52 | 00,000,780 | ---- | M] () -- C:\Documents and Settings\All

Users\Desktop\SUPERAntiSpyware Free Edition.lnk
[2009/05/13 22:00:10 | 00,037,376 | ---- | M] () -- C:\Documents and Settings\Peter H\My

Documents\mgtools.doc
[2009/05/13 21:57:52 | 00,635,392 | ---- | M] () -- C:\Documents and Settings\Peter H\My

Documents\combo_fix.doc
[2009/05/13 21:56:03 | 00,022,528 | ---- | M] () -- C:\Documents and Settings\Peter H\My

Documents\Malwarebytes Anti.doc
[2009/05/13 21:54:57 | 00,048,640 | ---- | M] () -- C:\Documents and Settings\Peter H\My

Documents\Windows XP Cleaning Procedure.doc
[2009/05/13 21:53:51 | 00,030,208 | ---- | M] () -- C:\Documents and Settings\Peter H\My

Documents\superspyware.doc
[2009/05/13 21:15:51 | 00,001,734 | ---- | M] () -- C:\Documents and Settings\Peter

H\Desktop\HijackThis.lnk
[2009/05/13 21:09:27 | 00,021,504 | ---- | M] () -- C:\Documents and Settings\Peter H\My

Documents\remove_spooldr.doc
[2009/05/13 20:10:23 | 00,095,232 | ---- | M] () -- C:\Documents and Settings\Peter H\My

Documents\Windows Memory Diagnostic Users Guide.doc
[2009/05/13 12:36:15 | 00,118,272 | ---- | M] () -- C:\WINDOWS\vFind.exe
[2009/05/12 23:04:46 | 00,000,082 | -HS- | M] () -- C:\Documents and Settings\Peter H\My

Documents\desktop.ini
[2009/05/12 20:33:24 | 00,034,374 | ---- | M] () -- C:\Documents and Settings\Peter H\My

Documents\cc_20090512_2033.reg
[2009/05/11 22:03:44 | 00,080,817 | ---- | M] () -- C:\Documents and Settings\Peter H\My

Documents\cc_20090511_2202.reg
[2009/05/11 09:25:56 | 00,131,072 | ---- | M] () -- C:\Documents and Settings\Peter H\My

Documents\device_driver.doc
[2009/05/08 22:43:26 | 00,008,704 | ---- | M] () -- C:\Documents and Settings\Peter

H\Application Data\dvd.bmk
[2009/05/08 20:57:10 | 00,148,914 | ---- | M] () -- C:\Documents and Settings\Peter H\My

Documents\08_6_10_rehoboth_affidavit.pdf
[2009/05/08 11:57:36 | 00,065,145 | ---- | M] () -- C:\Documents and Settings\Peter H\My

Documents\n09_party5.pdf
[2009/05/08 11:56:41 | 00,296,960 | ---- | M] () -- C:\Documents and Settings\Peter H\My

Documents\n09_party_rsvp2.pra
[2009/05/08 11:54:45 | 00,294,400 | ---- | M] () -- C:\Documents and Settings\Peter H\My

Documents\n09_party_rsvp1.pra
[2009/05/07 00:16:30 | 24,699,336 | ---- | M] (Microsoft Corporation) --

C:\WINDOWS\System32\MRT.exe
< End of report >

#11 m0le

Can U Dig It?

Malware Response Team
34,527 posts
OFFLINE

Gender:Male
Location:London, UK
Local time:09:49 AM

Posted 05 June 2009 - 12:39 PM

Hi prh129,

Please make sure you disable ALL of your Antivirus/Antispyware/Firewall prior to our fix.. Please visit HERE if you don't know how.. Please re-enable them after performing all steps given..

We need to backup your registry as we will be making changes there.

Please use the following link and scroll down to ERUNT and download it.
http://aumha.org/freeware/freeware.php
For version with the Installer:
Use the setup program to install ERUNT on your computer
For the zipped version:
Unzip all the files into a folder of your choice.

Click Erunt.exe to backup your registry to the folder of your choice.

Note: to restore your registry, go to the folder and start ERDNT.exe

We need to execute an OTMoveIt3 script

Please download OTMoveIt3 by OldTimer and save it to your desktop.
Double click (or if your PC is running Vista, right-click and select Run As Adminstrator) the icon on your desktop.

Paste the following code under the Posted Image

area. Do not include the word "Code".

:Files
C:\Documents and Settings\Peter H\Local Settings\temp\HIYT.exe
C:\Documents and Settings\Peter H\Local Settings\temp\LPMN.exe
C:\WINDOWS\exctrlst.INI

Push the large button.
OTMI3 may ask to reboot the machine. Please do so if asked.
Copy/Paste the contents under the line here in your next reply.
If you are unable to copy/paste from this window (as will be the case if the machine was rebooted), open Notepad (Start then All Programs then Accessories then Notepad), click File then Open, in the File Name box enter *.log and press the Enter key, navigate to the C:\_OTMoveIt\MovedFiles folder, and open the newest .log file present, and copy/paste the contents of that document back here in your next post.

Please post a new DDS log too.

Thanks :thumbup2:

m0le is a proud member of UNITE

#12 prh129

Topic Starter

Members
11 posts
OFFLINE

Local time:05:49 AM

Posted 05 June 2009 - 11:23 PM

I backed up the registry using ERUNT, disconnected the cable modem and turned off anti virus spyware and firewall protections in McAfee, and ran the OTMoveIt program followed by a DDS scan - here are the results. Thanks Peter

Results of OTMoveIt:
C:\Documents and Settings\Peter H\Local Settings\temp\HIYT.exe moved successfully.
C:\Documents and Settings\Peter H\Local Settings\temp\LPMN.exe moved successfully.
C:\WINDOWS\exctrlst.INI moved successfully.

OTMoveIt3 by OldTimer - Version 1.0.11.0 log created on 06062009_000228

DDS.txt log

DDS (Ver_09-05-14.01) - NTFSx86
Run by Peter H at 0:11:39.79 on Sat 06/06/2009
Internet Explorer: 8.0.6001.18702 BrowserJavaVersion: 1.6.0_13
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.1022.557 [GMT -4:00]

AV: McAfee VirusScan *On-access scanning enabled* (Updated)

{84B5EE75-6421-4CDE-A33A-DD43BA9FAD83}
FW: McAfee Personal Firewall *enabled* {94894B63-8C7F-4050-BDA4-813CA00DA3E8}

============== Running Processes ===============

C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
svchost.exe
svchost.exe
C:\WINDOWS\system32\spoolsv.exe
svchost.exe
C:\Program Files\Adobe\Photoshop Elements 6.0\PhotoshopElementsFileAgent.exe
C:\WINDOWS\eHome\ehRecvr.exe
C:\WINDOWS\eHome\ehSched.exe
C:\Program Files\Intel\Intel Matrix Storage Manager\Iaantmon.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
c:\PROGRA~1\COMMON~1\mcafee\mna\mcnasvc.exe
c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe
C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe
C:\Program Files\McAfee\MPF\MPFSrv.exe
svchost.exe
C:\WINDOWS\system32\svchost.exe -k imgsvc
C:\Program Files\Intel\IntelDH\Intel® Quick Resume Technology\ELService.exe
C:\Program Files\Canon\CAL\CALMAIN.exe
C:\WINDOWS\system32\dllhost.exe
C:\WINDOWS\System32\svchost.exe -k HTTPFilter
c:\PROGRA~1\mcafee.com\agent\mcagent.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\ehome\ehtray.exe
C:\Program Files\Roxio\Drag-to-Disc\DrgToDsc.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\WINDOWS\eHome\ehmsas.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Adobe\Photoshop Elements 6.0\apdproxy.exe
C:\WINDOWS\stsystra.exe
C:\Program Files\Intel\Intel Matrix Storage Manager\Iaanotif.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Common Files\InstallShield\UpdateService\isuspm.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\Logitech\SetPoint\SetPoint.exe
C:\Program Files\Common Files\Logishrd\KHAL2\KHALMNPR.EXE
C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe
c:\PROGRA~1\mcafee\msc\mcshell.exe
c:\PROGRA~1\mcafee\msc\mcuimgr.exe
C:\Documents and Settings\Peter H\Desktop\dds.scr

============== Pseudo HJT Report ===============

uStart Page =

hxxp://www.google.com/ig/dell?hl=en&client=dell-usuk-rel&channel=us&ibd=1070904
uSearchMigratedDefaultURL =

hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf

8&oe=utf8
uInternet Connection Wizard,ShellNext =

hxxp://www.google.com/ig/dell?hl=en&client=dell-usuk-rel&channel=us&ibd=1070904
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
BHO: Adobe PDF Reader Link Helper: {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - c:\program

files\common files\adobe\acrobat\activex\AcroIEHelper.dll
BHO: Spybot-S&D IE Protection: {53707962-6f74-2d53-2644-206d7942484f} -

c:\progra~1\spybot~1\SDHelper.dll
BHO: scriptproxy: {7db2d5a0-7241-4e79-b68d-6309f01c5231} - c:\program

files\mcafee\virusscan\scriptsn.dll
BHO: CBrowserHelperObject Object: {ca6319c0-31b7-401e-a518-a07c3db8f777} - c:\program

files\bae\BAE.dll
BHO: Java™ Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program

files\java\jre6\bin\jp2ssv.dll
BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program

files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
EB: Real.com: {fe54fa40-d68c-11d2-98fa-00c0f0318afe} - c:\windows\system32\Shdocvw.dll
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
uRun: [EPSON Stylus Photo R380 Series]

c:\windows\system32\spool\drivers\w32x86\3\e_fatiboa.exe /fu

"c:\windows\temp\E_S247.tmp" /EF "HKCU"
uRun: [ISUSPM] "c:\program files\common files\installshield\updateservice\isuspm.exe"

-scheduler
uRun: [MSMSGS] "c:\program files\messenger\msmsgs.exe" /background
mRun: [ehTray] c:\windows\ehome\ehtray.exe
mRun: [ATIPTA] "c:\program files\ati technologies\ati control panel\atiptaxx.exe"
mRun: [ISUSPM Startup] "c:\program files\common

files\installshield\updateservice\isuspm.exe" -startup
mRun: [ISUSScheduler] "c:\program files\common

files\installshield\updateservice\issch.exe" -start
mRun: [RoxioDragToDisc] "c:\program files\roxio\drag-to-disc\DrgToDsc.exe"
mRun: [Kernel and Hardware Abstraction Layer] KHALMNPR.EXE
mRun: [SunJavaUpdateSched] "c:\program files\java\jre6\bin\jusched.exe"
mRun: [mcagent_exe] c:\program files\mcafee.com\agent\mcagent.exe /runkey
mRun: [dellsupportcenter] "c:\program files\dell support center\bin\sprtcmd.exe" /P

dellsupportcenter
mRun: [QuickTime Task] "c:\program files\quicktime\qttask.exe" -atboottime
mRun: [Adobe Photo Downloader] "c:\program files\adobe\photoshop elements

6.0\apdproxy.exe"
mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader

8.0\reader\Reader_sl.exe"
mRun: [ATICCC] "c:\program files\ati technologies\ati.ace\CLIStart.exe"
mRun: [SigmatelSysTrayApp] stsystra.exe
mRun: [IAAnotif] c:\program files\intel\intel matrix storage manager\Iaanotif.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\logite~1.lnk - c:\program

files\logitech\setpoint\SetPoint.exe
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
IE: {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - {FE54FA40-D68C-11d2-98FA-00C0F0318AFE} -

c:\windows\system32\Shdocvw.dll
IE: {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - {53707962-6F74-2D53-2644-206D7942484F} -

c:\progra~1\spybot~1\SDHelper.dll
Trusted Zone: musicmatch.com\online
DPF: {17492023-C23A-453E-A040-C7C580BBF700} -

hxxp://download.microsoft.com/download/C/0/C/C0CBBA88-A6F2-48D9-9B0E-1719D1177202/LegitC

heckControl.cab
DPF: {5ED80217-570B-4DA9-BF44-BE107C0EC166} -

hxxp://cdn.scan.onecare.live.com/resource/download/scanner/wlscbase5483.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} -

hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_13-windows-i586.cab
DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} -

hxxp://fpdownload.macromedia.com/get/flashplayer/current/ultrashim.cab
DPF: {CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA} -

hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_13-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} -

hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_13-windows-i586.cab
DPF: {CF40ACC5-E1BB-4AFF-AC72-04C2F616BCA7} -

hxxp://www.adobe.com/products/acrobat/nos/gp.cab
DPF: {FFBB3F3B-0A5A-4106-BE53-DFE1E2340CB1} -

hxxp://dlm.tools.akamai.com/dlmanager/versions/activex/dlm-activex-2.2.2.1.cab
Notify: !SASWinLogon - c:\program files\superantispyware\SASWINLO.dll
Notify: LBTWlgn - c:\program files\common files\logishrd\bluetooth\LBTWlgn.dll
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} -

c:\windows\system32\WPDShServiceObj.dll
SEH: {5AE067D3-9AFB-48E0-853A-EBB7F4A000DA} - No File
LSA: Notification Packages = scecli

================= FIREFOX ===================

FF - ProfilePath -

c:\docume~1\peterh~1\applic~1\mozilla\firefox\profiles\13w6tz3f.default\
FF - plugin: c:\program files\viewpoint\viewpoint experience technology\npViewpoint.dll

============= SERVICES / DRIVERS ===============

R1 mfehidk;McAfee Inc. mfehidk;c:\windows\system32\drivers\mfehidk.sys [2009-5-14

201320]
R1 SASDIFSV;SASDIFSV;c:\program files\superantispyware\sasdifsv.sys [2009-4-28 9968]
R1 SASKUTIL;SASKUTIL;c:\program files\superantispyware\SASKUTIL.SYS [2009-4-28 72944]
R2 AdobeActiveFileMonitor6.0;Adobe Active File Monitor V6;c:\program

files\adobe\photoshop elements 6.0\PhotoshopElementsFileAgent.exe [2007-9-11 124832]
R2 LBeepKE;LBeepKE;c:\windows\system32\drivers\LBeepKE.sys [2009-2-27 10384]
R2 McProxy;McAfee Proxy Service;c:\progra~1\common~1\mcafee\mcproxy\mcproxy.exe

[2009-5-14 359248]
R2 McrdSvc;Media Center Extender Service;c:\windows\ehome\mcrdsvc.exe [2005-8-5 99328]
R2 McShield;McAfee Real-time Scanner;c:\progra~1\mcafee\viruss~1\mcshield.exe [2009-5-14

144704]
R3 BENDER;Pinnacle DV/AV Capture;c:\windows\system32\drivers\bender.sys [2008-12-20

203264]
R3 McSysmon;McAfee SystemGuards;c:\progra~1\mcafee\viruss~1\mcsysmon.exe [2009-5-14

695624]
R3 mfeavfk;McAfee Inc. mfeavfk;c:\windows\system32\drivers\mfeavfk.sys [2009-5-14 79304]
R3 mfebopk;McAfee Inc. mfebopk;c:\windows\system32\drivers\mfebopk.sys [2009-5-14 35240]
R3 mfesmfk;McAfee Inc. mfesmfk;c:\windows\system32\drivers\mfesmfk.sys [2009-5-14 40488]
S3 HIYT;HIYT;c:\docume~1\peterh~1\locals~1\temp\hiyt.exe -->

c:\docume~1\peterh~1\locals~1\temp\HIYT.exe [?]
S3 LPMN;LPMN;c:\docume~1\peterh~1\locals~1\temp\lpmn.exe -->

c:\docume~1\peterh~1\locals~1\temp\LPMN.exe [?]
S3 mferkdk;McAfee Inc. mferkdk;c:\windows\system32\drivers\mferkdk.sys [2009-5-14 33832]
S3 SASENUM;SASENUM;c:\program files\superantispyware\SASENUM.SYS [2009-4-28 7408]

=============== Created Last 30 ================

2009-06-06 00:02 <DIR> --d----- C:\_OTMoveIt
2009-06-05 08:05 <DIR> --d----- C:\Rooter$
2009-05-29 18:59 4,255 -------- c:\windows\system32\drivers\adv01nt5.dll
2009-05-29 18:57 19,569 a------- c:\windows\000001_.tmp
2009-05-29 12:36 5 a-------

c:\windows\system32\drivers\DELL_XPS_Dell DXP051 .MRK
2009-05-29 12:36 5 a-------

c:\windows\system32\drivers\1028_DELL_XPS_Dell DXP051 .MRK
2009-05-29 12:09 <DIR> --d----- C:\dell_update
2009-05-29 11:23 <DIR> -cd-h---

c:\docume~1\alluse~1\applic~1\{5A76C6B3-3FA8-46D0-AA81-62C3805E38BC}
2009-05-29 08:48 54,156 a---h--- c:\windows\QTFont.qfn
2009-05-29 08:48 1,409 a------- c:\windows\QTFont.for
2009-05-29 07:47 <DIR> --d----- c:\docume~1\peterh~1\applic~1\System

Tweaker
2009-05-29 01:07 520,192 -------- c:\windows\system32\ati2sgag.exe
2009-05-29 01:06 3,107,788 a------- c:\windows\system32\ativvaxx.dat
2009-05-29 01:06 3,107,788 a------- c:\windows\system32\ativva5x.dat
2009-05-29 01:06 972,072 a------- c:\windows\system32\ativva6x.dat
2009-05-29 01:06 2,096 a------- c:\windows\system32\drivers\ativdkxx.vp
2009-05-29 01:06 8,097,792 a------- c:\windows\system32\atioglx2.dll
2009-05-29 01:06 50,176 a------- c:\windows\system32\atiok3x2.dll
2009-05-29 01:06 11,557 a------- c:\windows\atiogl.xml
2009-05-29 01:06 339,968 a------- c:\windows\system32\ATIDEMGX.dll
2009-05-29 00:34 <DIR> --d----- c:\program files\Uniblue
2009-05-29 00:05 <DIR> --d----- c:\docume~1\peterh~1\applic~1\Uniblue
2009-05-29 00:05 <DIR> --d-----

c:\docume~1\alluse~1\applic~1\DriverScanner
2009-05-27 15:21 221,184 a------- c:\windows\system32\dllcache\wmpns.dll
2009-05-27 15:08 226,816 a------- c:\windows\system32\dllcache\npdrmv2.dll
2009-05-27 14:52 364,544 a-------

c:\windows\system32\dllcache\npdsplay.dll
2009-05-27 14:52 10,240 a-------

c:\windows\system32\dllcache\npwmsdrm.dll
2009-05-27 14:52 4,639 a-------

c:\windows\system32\dllcache\mplayer2.exe
2009-05-27 10:47 2,903,310,336 a------- C:\WinLite.iso
2009-05-27 08:56 <DIR> --d----- c:\program files\nLite
2009-05-26 09:09 <DIR> --d----- c:\temp\ap
2009-05-24 09:24 198,144 a------- c:\windows\system32\dllcache\OLD9C5.tmp
2009-05-24 09:24 123,776 a------- c:\windows\system32\dllcache\OLD9C1.tmp
2009-05-22 23:19 <DIR> --d----- C:\SP3
2009-05-22 21:49 116,224 a-------

c:\windows\system32\dllcache\xrxwiadr.dll
2009-05-22 21:49 23,040 a-------

c:\windows\system32\dllcache\xrxwbtmp.dll
2009-05-22 21:49 18,944 a-------

c:\windows\system32\dllcache\xrxscnui.dll
2009-05-22 21:49 27,648 a-------

c:\windows\system32\dllcache\xrxftplt.exe
2009-05-22 21:49 4,608 a-------

c:\windows\system32\dllcache\xrxflnch.exe
2009-05-22 21:48 99,865 a------- c:\windows\system32\dllcache\xlog.exe
2009-05-22 21:48 28,288 a------- c:\windows\system32\dllcache\xjis.nls
2009-05-22 21:48 16,970 a-------

c:\windows\system32\dllcache\xem336n5.sys
2009-05-22 21:48 19,455 a-------

c:\windows\system32\dllcache\wvchntxx.sys
2009-05-22 21:48 12,063 a-------

c:\windows\system32\dllcache\wsiintxx.sys
2009-05-22 21:48 8,192 a------- c:\windows\system32\dllcache\wshirda.dll
2009-05-22 21:45 8,832 a------- c:\windows\system32\dllcache\wmiacpi.sys
2009-05-22 21:45 154,624 a------- c:\windows\system32\dllcache\wlluc48.sys
2009-05-22 21:45 34,890 a-------

c:\windows\system32\dllcache\wlandrv2.sys
2009-05-22 21:45 771,581 a-------

c:\windows\system32\dllcache\winacisa.sys
2009-05-22 21:45 53,760 a-------

c:\windows\system32\dllcache\wiamsmud.dll
2009-05-22 21:45 87,040 a-------

c:\windows\system32\dllcache\wiafbdrv.dll
2009-05-22 21:45 41,600 a-------

c:\windows\system32\dllcache\weitekp9.dll
2009-05-22 21:45 31,232 a-------

c:\windows\system32\dllcache\weitekp9.sys
2009-05-22 21:45 701,386 a-------

c:\windows\system32\dllcache\wdhaalba.sys
2009-05-22 21:45 23,615 a-------

c:\windows\system32\dllcache\wch7xxnt.sys
2009-05-22 21:45 31,744 a-------

c:\windows\system32\dllcache\wceusbsh.sys
2009-05-22 21:43 7,556 a-------

c:\windows\system32\dllcache\usroslba.sys
2009-05-22 21:42 211,968 a-------

c:\windows\system32\dllcache\um54scan.dll
2009-05-22 21:41 123,995 a------- c:\windows\system32\dllcache\tjisdn.sys
2009-05-22 21:40 53,760 a-------

c:\windows\system32\dllcache\sw_wheel.dll
2009-05-22 21:39 9,600 a------- c:\windows\system32\dllcache\sonymc.sys
2009-05-22 21:38 94,698 a-------

c:\windows\system32\dllcache\sk98xwin.sys
2009-05-22 21:37 6,912 a-------

c:\windows\system32\dllcache\seaddsmc.sys
2009-05-22 21:36 182,272 a------- c:\windows\system32\dllcache\s3mt3d.dll
2009-05-22 21:35 899,146 a-------

c:\windows\system32\dllcache\r2mdkxga.sys
2009-05-22 21:34 92,416 a------- c:\windows\system32\dllcache\phildec.sys
2009-05-22 21:33 351,616 a-------

c:\windows\system32\dllcache\ovcodek2.sys
2009-05-22 21:31 87,040 a------- c:\windows\system32\dllcache\nm6wdm.sys
2009-05-22 21:31 126,080 a-------

c:\windows\system32\dllcache\nm5a2wdm.sys
2009-05-22 21:31 32,840 a------- c:\windows\system32\dllcache\ngrpci.sys
2009-05-22 21:31 53,248 a-------

c:\windows\system32\dllcache\nextlink.dll
2009-05-22 21:31 132,695 a-------

c:\windows\system32\dllcache\netwlan5.sys
2009-05-22 21:31 65,278 a------- c:\windows\system32\dllcache\netflx3.sys
2009-05-22 21:31 39,264 a------- c:\windows\system32\dllcache\neo20xx.sys
2009-05-22 21:31 60,480 a------- c:\windows\system32\dllcache\neo20xx.dll
2009-05-22 21:31 15,872 a------- c:\windows\system32\dllcache\ne2000.sys
2009-05-22 21:31 91,488 a-------

c:\windows\system32\dllcache\n9i3disp.dll
2009-05-22 21:31 27,936 a------- c:\windows\system32\dllcache\n9i3d.sys
2009-05-22 21:31 33,088 a-------

c:\windows\system32\dllcache\n9i128v2.sys
2009-05-22 21:31 59,104 a-------

c:\windows\system32\dllcache\n9i128v2.dll
2009-05-22 21:29 15,232 a------- c:\windows\system32\dllcache\mpe.sys
2009-05-22 21:28 576,746 a-------

c:\windows\system32\dllcache\ltmdmntl.sys
2009-05-22 21:27 6,144 a------- c:\windows\system32\dllcache\kbd106.dll
2009-05-22 21:26 100,992 a-------

c:\windows\system32\dllcache\icam5usb.sys
2009-05-22 21:25 542,879 a-------

c:\windows\system32\dllcache\hsf_msft.sys
2009-05-22 21:24 119,296 a-------

c:\windows\system32\dllcache\hpdigwia.dll
2009-05-22 21:23 22,090 a-------

c:\windows\system32\dllcache\fem556n5.sys
2009-05-22 21:22 283,904 a-------

c:\windows\system32\dllcache\emu10k1m.sys
2009-05-22 21:21 236,060 a------- c:\windows\system32\dllcache\ditrace.exe
2009-05-22 21:20 72,832 a------- c:\windows\system32\dllcache\cwbwdm.sys
2009-05-22 21:19 314,752 a-------

c:\windows\system32\dllcache\camdro21.sys
2009-05-22 21:18 17,152 a-------

c:\windows\system32\dllcache\atitvsnd.sys
2009-05-22 20:45 6,144 a------- c:\windows\system32\dllcache\kbdth3.dll
2009-05-22 20:44 <DIR> --d----- C:\old
2009-05-21 09:09 7,168 a-------

c:\windows\system32\dllcache\wamregps.dll
2009-05-21 09:09 66,048 a-------

c:\windows\system32\dllcache\s3legacy.dll
2009-05-21 09:09 19,968 a-------

c:\windows\system32\dllcache\inetsloc.dll
2009-05-21 09:09 7,680 a------- c:\windows\system32\dllcache\inetmgr.exe
2009-05-21 09:09 169,984 a------- c:\windows\system32\dllcache\iisui.dll
2009-05-21 09:09 14,336 a-------

c:\windows\system32\dllcache\iisreset.exe
2009-05-21 09:09 5,632 a-------

c:\windows\system32\dllcache\iisrstap.dll
2009-05-21 09:09 6,144 a-------

c:\windows\system32\dllcache\ftpsapi2.dll
2009-05-21 09:09 94,720 a------- c:\windows\system32\dllcache\certmap.ocx
2009-05-19 00:08 <DIR> --d----- c:\windows\system32\wbem\Repository
2009-05-14 23:46 <DIR> --d----- c:\program files\common

files\AnswerWorks 5.0
2009-05-14 23:45 3,523,872 a-------

c:\windows\system32\cdintf300.dll
2009-05-14 23:45 1,848,608 a-------

c:\windows\system32\acXMLParser.dll
2009-05-14 23:44 <DIR> --d----- c:\program files\Quicken
2009-05-14 23:26 67,536 a------- C:\MGlogs.zip
2009-05-14 21:52 11,241 a------- c:\windows\system32\Config.MPF
2009-05-14 21:52 143,360 a------- c:\windows\system32\dunzip32.dll
2009-05-14 21:50 33,832 a------- c:\windows\system32\drivers\mferkdk.sys
2009-05-14 21:50 201,320 a------- c:\windows\system32\drivers\mfehidk.sys
2009-05-14 21:50 79,304 a------- c:\windows\system32\drivers\mfeavfk.sys
2009-05-14 21:50 40,488 a------- c:\windows\system32\drivers\mfesmfk.sys
2009-05-14 21:50 35,240 a------- c:\windows\system32\drivers\mfebopk.sys
2009-05-14 21:49 113,952 a------- c:\windows\system32\drivers\Mpfp.sys
2009-05-14 21:49 <DIR> --d----- c:\program files\McAfee.com
2009-05-14 21:49 <DIR> --d----- c:\program files\common files\McAfee
2009-05-14 21:49 <DIR> --d----- c:\program files\McAfee
2009-05-14 21:24 <DIR> --d----- c:\windows\pss
2009-05-14 08:59 110,908 a------- C:\MGlogs1.zip
2009-05-14 08:47 <DIR> a-dshr-- C:\cmdcons
2009-05-14 08:16 161,792 a------- c:\windows\SWREG.exe
2009-05-14 08:16 98,816 a------- c:\windows\sed.exe
2009-05-14 00:21 <DIR> --d-----

c:\docume~1\peterh~1\applic~1\Malwarebytes
2009-05-14 00:21 15,504 a------- c:\windows\system32\drivers\mbam.sys
2009-05-14 00:21 38,496 a-------

c:\windows\system32\drivers\mbamswissarmy.sys
2009-05-14 00:21 <DIR> --d-----

c:\docume~1\alluse~1\applic~1\Malwarebytes
2009-05-14 00:21 <DIR> --d----- c:\program files\Malwarebytes'

Anti-Malware
2009-05-13 22:02 <DIR> --d-----

c:\docume~1\alluse~1\applic~1\SUPERAntiSpyware.com
2009-05-13 22:02 <DIR> --d----- c:\program files\SUPERAntiSpyware
2009-05-13 22:02 <DIR> --d-----

c:\docume~1\peterh~1\applic~1\SUPERAntiSpyware.com
2009-05-13 22:02 <DIR> --d----- c:\program files\common files\Wise

Installation Wizard
2009-05-12 23:42 <DIR> --dsh--- c:\documents and settings\peter

H\PrivacIE
2009-05-12 23:04 <DIR> --dsh--- c:\documents and settings\peter

H\IETldCache
2009-05-12 22:53 <DIR> --d----- c:\windows\ie8updates
2009-05-12 22:53 102,400 --------

c:\windows\system32\dllcache\iecompat.dll
2009-05-12 22:52 <DIR> -cd-h--- c:\windows\ie8
2009-05-12 21:40 <DIR> --d----- c:\windows\ServicePackFiles
2009-05-12 21:31 24,576 a------- c:\windows\system32\SET1371.tmp
2009-05-12 21:31 177,152 a------- c:\windows\system32\SET1412.tmp
2009-05-12 21:31 351,232 a------- c:\windows\system32\SET159D.tmp
2009-05-12 21:31 75,776 a------- c:\windows\system32\SET1548.tmp
2009-05-12 21:31 15,872 a------- c:\windows\system32\SET158B.tmp
2009-05-12 21:31 438,784 a------- c:\windows\system32\SET15D6.tmp
2009-05-12 21:31 81,408 a------- c:\windows\system32\SET15BC.tmp
2009-05-12 21:31 6,656 a------- c:\windows\system32\SET15CC.tmp
2009-05-12 21:29 194,048 a------- c:\windows\system32\SET1260.tmp
2009-05-12 21:28 59,904 a------- c:\windows\system32\SET14DD.tmp
2009-05-11 21:13 <DIR> --d----- c:\program files\McAfee(2).com
2009-05-11 21:13 <DIR> --d----- c:\program files\common files\McAfee(2)
2009-05-11 21:13 <DIR> --d----- c:\program files\McAfee(2)
2009-05-10 21:03 <DIR> --d----- c:\program files\Resource Kit
2009-05-10 20:32 4,720 a------- c:\windows\system32\PerfStringBackup.TMP
2009-05-09 11:55 2,560 -------- c:\windows\system32\xpsp4res.dll

==================== Find3M ====================

2009-06-02 08:40 15,960 a--sh--- c:\windows\system32\KGyGaAvL.sys
2009-05-29 10:43 88,983 a-------

c:\windows\pchealth\helpctr\offlinecache\index.dat
2009-03-21 10:18 986,112 a------- c:\windows\system32\kernel32(2)(2).dll
2009-03-21 10:06 989,696 a-------

c:\windows\system32\dllcache\kernel32.dll
2009-03-09 05:19 410,984 a------- c:\windows\system32\deploytk.dll
2009-03-08 14:09 638,816 a-------

c:\windows\system32\dllcache\iexplore.exe
2009-03-08 14:09 391,536 a-------

c:\windows\system32\dllcache\iedkcs32.dll
2009-03-08 04:41 5,937,152 a-------

c:\windows\system32\dllcache\mshtml.dll
2009-03-08 04:39 11,063,808 a-------

c:\windows\system32\dllcache\ieframe.dll
2009-03-08 04:34 914,944 a------- c:\windows\system32\wininet.dll
2009-03-08 04:34 914,944 a------- c:\windows\system32\dllcache\wininet.dll
2009-03-08 04:34 1,206,784 a-------

c:\windows\system32\dllcache\urlmon.dll
2009-03-08 04:34 236,544 a-------

c:\windows\system32\dllcache\webcheck.dll
2009-03-08 04:34 43,008 a------- c:\windows\system32\licmgr10.dll
2009-03-08 04:34 43,008 a-------

c:\windows\system32\dllcache\licmgr10.dll
2009-03-08 04:34 105,984 a------- c:\windows\system32\dllcache\url.dll
2009-03-08 04:34 193,536 a-------

c:\windows\system32\dllcache\msrating.dll
2009-03-08 04:34 109,568 a------- c:\windows\system32\dllcache\occache.dll
2009-03-08 04:33 759,296 a------- c:\windows\system32\dllcache\vgx.dll
2009-03-08 04:33 25,600 a------- c:\windows\system32\dllcache\jsproxy.dll
2009-03-08 04:33 229,376 a------- c:\windows\system32\dllcache\ieaksie.dll
2009-03-08 04:33 420,352 -------- c:\windows\system32\vbscript.dll
2009-03-08 04:33 125,952 a------- c:\windows\system32\dllcache\ieakeng.dll
2009-03-08 04:32 72,704 a-------

c:\windows\system32\dllcache\admparse.dll
2009-03-08 04:32 72,704 a------- c:\windows\system32\admparse.dll
2009-03-08 04:32 173,056 a-------

c:\windows\system32\dllcache\ie4uinit.exe
2009-03-08 04:32 163,840 a------- c:\windows\system32\dllcache\ieakui.dll
2009-03-08 04:32 71,680 a------- c:\windows\system32\iesetup.dll
2009-03-08 04:32 71,680 a------- c:\windows\system32\dllcache\iesetup.dll
2009-03-08 04:32 55,808 a-------

c:\windows\system32\dllcache\iernonce.dll
2009-03-08 04:32 128,512 a------- c:\windows\system32\dllcache\advpack.dll
2009-03-08 04:32 94,720 a------- c:\windows\system32\dllcache\inseng.dll
2009-03-08 04:32 594,432 a------- c:\windows\system32\dllcache\msfeeds.dll
2009-03-08 04:32 1,985,024 a-------

c:\windows\system32\dllcache\iertutil.dll
2009-03-08 04:32 611,840 a------- c:\windows\system32\dllcache\mstime.dll
2009-03-08 04:24 68,608 a------- c:\windows\system32\dllcache\hmmapi.dll
2009-03-08 04:22 156,160 a------- c:\windows\system32\msls31.dll
2009-03-08 04:22 156,160 a------- c:\windows\system32\dllcache\msls31.dll
2009-03-08 04:11 445,952 a-------

c:\windows\system32\dllcache\ieapfltr.dll
2009-02-03 00:53 832 a-------

c:\docume~1\peterh~1\applic~1\wklnhst.dat
2007-09-04 23:51 0 a---h--- c:\docume~1\alluse~1\applic~1\gwseh.dat
2008-08-05 17:04 32,768 a--sh---

c:\windows\system32\config\systemprofile\local

settings\history\history.ie5\mshist012008080520080806\index.dat

============= FINISH: 0:12:27.29 ===============

Attached Files

Attach.zip 5.39KB 0 downloads

#13 m0le

Can U Dig It?

Malware Response Team
34,527 posts
OFFLINE

Gender:Male
Location:London, UK
Local time:09:49 AM

Posted 06 June 2009 - 04:28 AM

Hi prh129,

We need to run that again but with a new script.

Please make sure you disable ALL of your Antivirus/Antispyware/Firewall prior to our fix.. Please visit HERE if you don't know how.. Please re-enable them after performing all steps given..

We need to backup your registry as we will be making changes there.

Please use the following link and scroll down to ERUNT and download it.
http://aumha.org/freeware/freeware.php
For version with the Installer:
Use the setup program to install ERUNT on your computer
For the zipped version:
Unzip all the files into a folder of your choice.

Click Erunt.exe to backup your registry to the folder of your choice.

Note: to restore your registry, go to the folder and start ERDNT.exe

We need to execute an OTMoveIt3 script

Please download OTMoveIt3 by OldTimer and save it to your desktop.
Double click (or if your PC is running Vista, right-click and select Run As Adminstrator) the icon on your desktop.

Paste the following code under the Posted Image

area. Do not include the word "Code".

:Services
HIYT
LPMN
:Files
C:\Documents and Settings\Peter H\Local Settings\temp\HIYT.exe
C:\Documents and Settings\Peter H\Local Settings\temp\LPMN.exe

Push the large button.
OTMI3 may ask to reboot the machine. Please do so if asked.
Copy/Paste the contents under the line here in your next reply.
If you are unable to copy/paste from this window (as will be the case if the machine was rebooted), open Notepad (Start then All Programs then Accessories then Notepad), click File then Open, in the File Name box enter *.log and press the Enter key, navigate to the C:\_OTMoveIt\MovedFiles folder, and open the newest .log file present, and copy/paste the contents of that document back here in your next post.

Then

Please download Malwarebytes Anti-Malware and save it to your desktop.

Make sure you are connected to the Internet.
Double-click on mbam-setup.exe to install the application or, if you are using Vista, right-click and select Run As Administrator on mbam-setup.exe to install the application.
When the installation begins, follow the prompts and do not make any changes to default settings.
When installation has finished, make sure you leave both of these checked:
- Update Malwarebytes' Anti-Malware
- Launch Malwarebytes' Anti-Malware
Then click Finish.
MBAM will automatically start and you will be asked to update the program before performing a scan. If an update is found, the program will automatically update itself. Press the OK button to close that box and continue. If you encounter any problems while downloading the updates, manually download them from here and just double-click on mbam-rules.exe to install.
On the Scanner tab:
- Make sure the "Perform Full Scan" option is selected.
- Then click on the Scan button.
If asked to select the drives to scan, leave all the drives selected and click on the Start Scan button.
The scan will begin and "Scan in progress" will show at the top. It may take some time to complete so please be patient.
When the scan is finished, a message box will say "The scan completed successfully. Click 'Show Results' to display all objects found".
Click OK to close the message box and continue with the removal process.
Back at the main Scanner screen, click on the Show Results button to see a list of any malware that was found.
Make sure that everything is checked, and click Remove Selected.
When removal is completed, a log report will open in Notepad.
The log is automatically saved and can be viewed by clicking the Logs tab in MBAM.
Copy and paste the contents of that report in your next reply and exit MBAM.

Note: If MBAM encounters a file that is difficult to remove, you may be asked to reboot your computer so it can proceed with the disinfection process. Regardless if prompted to restart the computer or not, please do so immediately. Failure to reboot normally (not into safe mode) will prevent MBAM from removing all the malware. MBAM may make changes to your registry as part of its disinfection routine. If you're using other security programs that detect registry changes, they may alert you after scanning with MBAM. Please permit the program to allow the changes.

Can you also tell me how the PC is running after these two runs.

Thanks :thumbup2:

m0le is a proud member of UNITE

#14 prh129

Topic Starter

Members
11 posts
OFFLINE

Local time:05:49 AM

Posted 06 June 2009 - 01:03 PM

The AntiMalware scan came up clean. I will run the PC today and report back how it goes. Thanks again for your help.

Peter

OTMoveIt log:

========== SERVICES/DRIVERS ==========

Service\Driver HIYT deleted successfully.

Service\Driver LPMN deleted successfully.

========== FILES ==========
File/Folder C:\Documents and Settings\Peter H\Local Settings\temp\HIYT.exe not found.
File/Folder C:\Documents and Settings\Peter H\Local Settings\temp\LPMN.exe not found.

OTMoveIt3 by OldTimer - Version 1.0.11.0 log created on 06062009_112109

AntiMalware log:

Malwarebytes' Anti-Malware 1.37
Database version: 2237
Windows 5.1.2600 Service Pack 3

6/6/2009 1:18:53 PM
mbam-log-2009-06-06 (13-18-53).txt

Scan type: Full Scan (C:\|F:\|)
Objects scanned: 329275
Time elapsed: 1 hour(s), 39 minute(s), 11 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)