Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Hijacked please help


  • This topic is locked This topic is locked
15 replies to this topic

#1 jasonisme1977

jasonisme1977

  • Members
  • 8 posts
  • OFFLINE
  •  
  • Local time:12:52 AM

Posted 19 July 2010 - 10:56 AM

My browser does what it wants, superantispyware says it is clean, trend micro tells me im clean, i have removed what i found, but im still hijacked.

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 11:33:11, on 7/19/2010
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.5730.0013)
Boot mode: Normal

Running processes:
C:\WINNT\System32\smss.exe
C:\WINNT\system32\winlogon.exe
C:\WINNT\system32\services.exe
C:\WINNT\system32\lsass.exe
C:\WINNT\system32\svchost.exe
C:\WINNT\System32\svchost.exe
C:\Program Files\Windows SteadyState\SCTSvc.exe
C:\WINNT\System32\svchost.exe
C:\WINNT\System32\svchost.exe
C:\WINNT\system32\spoolsv.exe
C:\Program Files\McAfee\VirusScan Enterprise\EngineServer.exe
C:\Program Files\McAfee\Common Framework\FrameworkService.exe
C:\Program Files\McAfee\VirusScan Enterprise\VsTskMgr.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\WINNT\system32\mfevtps.exe
C:\WINNT\SYSTEM32\SPOOL\DRIVERS\W32X86\3\HPZipm12.exe
C:\WINNT\system32\r_server.exe
C:\WINNT\system32\userdump.exe
C:\Program Files\McAfee\VirusScan Enterprise\Mcshield.exe
C:\WINNT\Explorer.EXE
C:\WINNT\system32\ICO.EXE
C:\Program Files\B Gone\B Gone.exe
C:\WINNT\system32\FSRremoS.EXE
C:\WINNT\system32\igfxtray.exe
C:\WINNT\system32\hkcmd.exe
C:\WINNT\system32\igfxpers.exe
C:\Program Files\Windows SteadyState\Bubble.exe
C:\Program Files\McAfee\Common Framework\udaterui.exe
C:\WINNT\system32\Pelmiced.exe
C:\WINNT\system32\wbem\unsecapp.exe
C:\WINNT\system32\NWTRAY.EXE
C:\WINNT\system32\ctfmon.exe
C:\Program Files\PhoTags Express\Photags AutoDetect.exe
C:\Program Files\McAfee\Common Framework\McTray.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Documents and Settings\Administrator\Desktop\HousecallLauncher.exe
C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\7zS1.tmp\setup.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Documents and Settings\Administrator\Desktop\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.hvcc.edu/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
O2 - BHO: Internet Explorer Plugin - {0098EFCC-12D6-4B0C-B566-E133F6B4941B} - dfmcd21.dll (file missing)
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: scriptproxy - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - C:\Program Files\McAfee\VirusScan Enterprise\scriptsn.dll
O4 - HKLM\..\Run: [Mouse Suite 98 Daemon] ICO.EXE
O4 - HKLM\..\Run: [Tweak UI] RUNDLL32.EXE TWEAKUI.CPL,TweakMeUp
O4 - HKLM\..\Run: [B Gone] C:\Program Files\B Gone\B Gone.exe
O4 - HKLM\..\Run: [igfxtray] C:\WINNT\system32\igfxtray.exe
O4 - HKLM\..\Run: [igfxhkcmd] C:\WINNT\system32\hkcmd.exe
O4 - HKLM\..\Run: [igfxpers] C:\WINNT\system32\igfxpers.exe
O4 - HKLM\..\Run: [Bubble] C:\Program Files\Windows SteadyState\Bubble.exe
O4 - HKLM\..\Run: [Logoff] C:\Program Files\Windows SteadyState\SCTUINotify.exe
O4 - HKLM\..\Run: [McAfeeUpdaterUI] "C:\Program Files\McAfee\Common Framework\udaterui.exe" /StartedFromRunKey
O4 - HKLM\..\Run: [ShStatEXE] "C:\Program Files\McAfee\VirusScan Enterprise\SHSTAT.EXE" /STANDALONE
O4 - HKLM\..\Run: [NWTRAY] NWTRAY.EXE
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINNT\system32\ctfmon.exe
O4 - HKUS\S-1-5-19\..\RunOnce: [tscuninstall] %systemroot%\system32\tscupgrd.exe (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\RunOnce: [tscuninstall] %systemroot%\system32\tscupgrd.exe (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [Hkemojoqoziy] rundll32.exe "C:\WINNT\pclgap32.dll",Startup (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\RunOnce: [tscuninstall] %systemroot%\system32\tscupgrd.exe (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [Hkemojoqoziy] rundll32.exe "C:\WINNT\pclgap32.dll",Startup (User 'Default user')
O4 - HKUS\.DEFAULT\..\RunOnce: [tscuninstall] %systemroot%\system32\tscupgrd.exe (User 'Default user')
O4 - Global Startup: Photags AutoDetect.lnk = C:\Program Files\PhoTags Express\Photags AutoDetect.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O8 - Extra context menu item: Google Sidewiki... - res://C:\Program Files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_60D6097707281E79.dll/cmsidewiki.html
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINNT\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINNT\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - (file missing)
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - (file missing)
O10 - Unknown file in Winsock LSP: c:\winnt\system32\nwprovau.dll
O15 - Trusted Zone: http://*.mcafee.com
O16 - DPF: {05CA9FB0-3E3E-4B36-BF41-0E3A5CAA8CD8} (Office Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=58813
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/...b?1158261108468
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdat...b?1158261168343
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: Domain = hvcc.edu
O17 - HKLM\Software\..\Telephony: DomainName = hvcc.edu
O17 - HKLM\System\CCS\Services\Tcpip\..\{CCC75BA1-74E9-4D53-A5C2-E8AD273078BD}: NameServer = 151.103.16.30,151.103.16.43
O17 - HKLM\System\CS1\Services\Tcpip\Parameters: Domain = hvcc.edu
O17 - HKLM\System\CS2\Services\Tcpip\Parameters: Domain = hvcc.edu
O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.DLL
O22 - SharedTaskScheduler: Browseui preloader - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINNT\system32\browseui.dll
O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINNT\system32\browseui.dll
O23 - Service: Client Update Service for Novell (cusrvc) - Novell, Inc. - C:\WINNT\system32\cusrvc.exe
O23 - Service: MaxBackServiceInt - Unknown owner - C:\Program Files\Maxtor\Maxtor Backup\MaxBackServiceInt.exe (file missing)
O23 - Service: McAfee Engine Service (McAfeeEngineService) - McAfee, Inc. - C:\Program Files\McAfee\VirusScan Enterprise\EngineServer.exe
O23 - Service: McAfee Framework Service (McAfeeFramework) - McAfee, Inc. - C:\Program Files\McAfee\Common Framework\FrameworkService.exe
O23 - Service: McAfee McShield (McShield) - McAfee, Inc. - C:\Program Files\McAfee\VirusScan Enterprise\Mcshield.exe
O23 - Service: McAfee Task Manager (McTaskManager) - McAfee, Inc. - C:\Program Files\McAfee\VirusScan Enterprise\VsTskMgr.exe
O23 - Service: McAfee Validation Trust Protection Service (mfevtp) - McAfee, Inc. - C:\WINNT\system32\mfevtps.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINNT\SYSTEM32\SPOOL\DRIVERS\W32X86\3\HPZipm12.exe
O23 - Service: Remote Administrator Service (r_server) - Unknown owner - C:\WINNT\system32\r_server.exe

--
End of file - 7957 bytes



HELP

BC AdBot (Login to Remove)

 


#2 jasonisme1977

jasonisme1977
  • Topic Starter

  • Members
  • 8 posts
  • OFFLINE
  •  
  • Local time:12:52 AM

Posted 21 July 2010 - 08:58 AM

I could use some help here. I have removed spyware with, superantispyware, malwarebytes, spybots, trend micro house call, eset online scanner, mcafee. Each program picked up something different. But my browser still will not go to the sites i want it to. I have uninstalled and reinstalled IE.

EDIT: Please be patient. There are over 370 unanswered topics in this forum at present and the current average wait time to receive help is 6 days. ~BP

Edited by Budapest, 21 July 2010 - 05:57 PM.


#3 myrti

myrti

    Sillyberry


  • Malware Study Hall Admin
  • 33,771 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:At home
  • Local time:06:52 AM

Posted 25 July 2010 - 01:44 PM

Hello and welcome to Bleeping Computer

We apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help. No one is ignored here.

If you have since resolved the original problem you were having, we would appreciate you letting us know. If not please perform the following steps below so we can have a look at the current condition of your machine.

Please include a clear description of the problems you're having, along with any steps you may have performed so far.

Please refrain from running tools or applying updates other than those we suggest while we are cleaning up your computer. The reason for this is so we know what is going on with the machine at any time. Some programs can interfere with others and hamper the recovery process.

Even if you have already provided information about your PC, we need a new log to see what has changed since you originally posted your problem.
We need to create an OTL Report
  1. Please download OTL from one of the following mirrors:
  2. Save it to your desktop.
  3. Double click on the icon on your desktop.
  4. Click the "Scan All Users" checkbox.
  5. In the custom scan box paste the following:
    CODE
    msconfig
    safebootminimal
    activex
    drivers32
    netsvcs
    %SYSTEMDRIVE%\*.exe
    /md5start
    eventlog.dll
    scecli.dll
    netlogon.dll
    cngaudit.dll
    sceclt.dll
    ntelogon.dll
    logevent.dll
    iaStor.sys
    nvstor.sys
    atapi.sys
    IdeChnDr.sys
    viasraid.sys
    AGP440.sys
    vaxscsi.sys
    nvatabus.sys
    viamraid.sys
    nvata.sys
    nvgts.sys
    iastorv.sys
    ViPrt.sys
    eNetHook.dll
    ahcix86.sys
    KR10N.sys
    nvstor32.sys
    ahcix86s.sys
    nvrd32.sys
    symmpi.sys
    adp3132.sys
    mv61xx.sys
    nvraid.sys
    /md5stop
    %systemroot%\*. /mp /s
    %systemroot%\system32\*.dll /lockedfiles
    %systemroot%\Tasks\*.job /lockedfiles
    %systemroot%\system32\drivers\*.sys /lockedfiles
    %systemroot%\System32\config\*.sav
    %systemroot%\system32\drivers\*.sys /90
  6. Push the button.
  7. Two reports will open, copy and paste them in a reply here:
    • OTL.txt <-- Will be opened
    • Extra.txt<--Will be minimized

In the upper right hand corner of the topic you will see a button called Options. If you click on this in the drop-down menu you can choose Track this topic. I suggest you do this and select Immediate E-Mail notification and click on Proceed. This way you will be advised when we respond to your topic and facilitate the cleaning of your machine.

After 5 days if a topic is not replied to we assume it has been abandoned and it is closed.

regards myrti

is that a bird?  a plane? nooo it's the flying blueberry!

If I have been helping you and haven't replied in 2 days, feel free to shoot me a PM! Please don't send help request via PM, unless I am already helping you. Use the forums!

 

Follow BleepingComputer on: Facebook | Twitter | Google+


#4 jasonisme1977

jasonisme1977
  • Topic Starter

  • Members
  • 8 posts
  • OFFLINE
  •  
  • Local time:12:52 AM

Posted 26 July 2010 - 08:39 AM

OTL Extras logfile created on: 7/26/2010 09:19:14 - Run 1
OTL by OldTimer - Version 3.2.9.1 Folder = C:\!!SB2010
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

502.00 Mb Total Physical Memory | 32.00 Mb Available Physical Memory | 6.00% Memory free
1.00 Gb Paging File | 0.00 Gb Available in Paging File | 15.00% Paging File free
Paging file location(s): c:\pagefile.sys 756 1512 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINNT | %ProgramFiles% = C:\Program Files
Drive C: | 74.53 Gb Total Space | 47.92 Gb Free Space | 64.30% Space Free | Partition Type: NTFS
D: Drive not present or media not loaded
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: A33500-505422
Current User Name: Administrator
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: All users
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
Output = Standard

========== Extra Registry (SafeList) ==========


========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]

[HKEY_USERS\.DEFAULT\SOFTWARE\Classes\<extension>]
.exe [@ = secfile] -- C:\WINNT\TEMP\AUTMGR32.EXE File not found

[HKEY_USERS\S-1-5-18\SOFTWARE\Classes\<extension>]
.exe [@ = secfile] -- C:\WINNT\TEMP\AUTMGR32.EXE File not found

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
htmlfile [edit] -- "C:\Program Files\Microsoft Office\Office12\msohtmed.exe" %1 (Microsoft Corporation)
htmlfile [print] -- "C:\Program Files\Microsoft Office\Office12\msohtmed.exe" /p %1 (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- %1
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation)
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"FirstRunDisabled" = 1
"AntiVirusDisableNotify" = 0
"FirewallDisableNotify" = 0
"UpdatesDisableNotify" = 0
"AntiVirusOverride" = 0
"FirewallOverride" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\List]
"139:TCP" = 139:TCP:*:Enabled:@xpsp2res.dll,-22004
"445:TCP" = 445:TCP:*:Enabled:@xpsp2res.dll,-22005
"137:UDP" = 137:UDP:*:Enabled:@xpsp2res.dll,-22001
"138:UDP" = 138:UDP:*:Enabled:@xpsp2res.dll,-22002

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1
"DoNotAllowExceptions" = 0
"DisableNotifications" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
"139:TCP" = 139:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22004
"445:TCP" = 445:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22005
"137:UDP" = 137:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22001
"138:UDP" = 138:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22002
"4899:TCP" = 4899:TCP:*:Enabled:radll

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"C:\Windows\Raddl\R_server.exe" = C:\Windows\Raddl\R_server.exe:*:Enabled:R_server -- File not found
"C:\Program Files\Microsoft Office\Office12\OUTLOOK.EXE" = C:\Program Files\Microsoft Office\Office12\OUTLOOK.EXE:*:Enabled:Microsoft Office Outlook -- (Microsoft Corporation)
"C:\Program Files\McAfee\Common Framework\FrameworkService.exe" = C:\Program Files\McAfee\Common Framework\FrameworkService.exe:*:Enabled:McAfee Framework Service -- (McAfee, Inc.)
"C:\WINNT\system32\mmc.exe" = C:\WINNT\system32\mmc.exe:*:Enabled:Microsoft Management Console -- (Microsoft Corporation)


========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{147BCE03-C0F1-4C9F-8157-6A89B6D2D973}" = McAfee VirusScan Enterprise
"{2B10CE30-4316-11D0-86A0-00C0F003261B}" = EPISUITE SDK
"{350C97B0-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP
"{4B1B6A0A-400F-4C08-8B2F-C5BF8084837A}" = Application Stub
"{709D46DF-40A0-11D4-BCB3-00C04FB15B31}" = EPISUITE Classic 5.5 for Windows
"{8A708DD8-A5E6-11D4-A706-000629E95E20}" = Intel® Graphics Media Accelerator Driver
"{8AD0E001-BA8F-11D2-804E-00C04FB15C9B}" = DAO 3.50
"{8F1A20DC-251D-47B0-91B7-DCA2523EE6C9}" = McAfee Virtual Technician
"{90110409-6000-11D3-8CFE-0150048383C9}" = Microsoft Office Professional Edition 2003
"{90120000-0010-0409-0000-0000000FF1CE}" = Microsoft Software Update for Web Folders (English) 12
"{90120000-0011-0000-0000-0000000FF1CE}" = Microsoft Office Professional Plus 2007
"{90120000-0011-0000-0000-0000000FF1CE}_PROPLUS_{0B36C6D6-F5D8-4EAF-BF94-4376A230AD5B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0011-0000-0000-0000000FF1CE}_PROPLUS_{3D019598-7B59-447A-80AE-815B703B84FF}" = Security Update for Microsoft Office system 2007 (972581)
"{90120000-0015-0409-0000-0000000FF1CE}" = Microsoft Office Access MUI (English) 2007
"{90120000-0015-0409-0000-0000000FF1CE}_PROPLUS_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0016-0409-0000-0000000FF1CE}" = Microsoft Office Excel MUI (English) 2007
"{90120000-0016-0409-0000-0000000FF1CE}_PROPLUS_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0018-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (English) 2007
"{90120000-0018-0409-0000-0000000FF1CE}_PROPLUS_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0019-0409-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (English) 2007
"{90120000-0019-0409-0000-0000000FF1CE}_PROPLUS_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001A-0409-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (English) 2007
"{90120000-001A-0409-0000-0000000FF1CE}_PROPLUS_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001B-0409-0000-0000000FF1CE}" = Microsoft Office Word MUI (English) 2007
"{90120000-001B-0409-0000-0000000FF1CE}_PROPLUS_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
"{90120000-001F-0409-0000-0000000FF1CE}_PROPLUS_{ABDDE972-355B-4AF1-89A8-DA50B7B5C045}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
"{90120000-001F-040C-0000-0000000FF1CE}_PROPLUS_{F580DDD5-8D37-4998-968E-EBB76BB86787}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2007
"{90120000-001F-0C0A-0000-0000000FF1CE}_PROPLUS_{187308AB-5FA7-4F14-9AB9-D290383A10D9}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-0020-0409-0000-0000000FF1CE}" = Compatibility Pack for the 2007 Office system
"{90120000-002C-0409-0000-0000000FF1CE}" = Microsoft Office Proofing (English) 2007
"{90120000-0044-0409-0000-0000000FF1CE}" = Microsoft Office InfoPath MUI (English) 2007
"{90120000-0044-0409-0000-0000000FF1CE}_PROPLUS_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-006E-0409-0000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 2007
"{90120000-006E-0409-0000-0000000FF1CE}_PROPLUS_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0115-0409-0000-0000000FF1CE}" = Microsoft Office Shared Setup Metadata MUI (English) 2007
"{90120000-0115-0409-0000-0000000FF1CE}_PROPLUS_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0117-0409-0000-0000000FF1CE}" = Microsoft Office Access Setup Metadata MUI (English) 2007
"{90120000-0117-0409-0000-0000000FF1CE}_PROPLUS_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{9B427732-573E-4E78-B6FA-AC3E5A218BA2}" = NMAS Client
"{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}" = Microsoft .NET Framework 3.0 Service Pack 2
"{AA951B10-7089-4D60-B288-516E641F48E6}" = McAfee Agent
"{AB67580-257C-45FF-B8F4-C8C30682091A}_is1" = SIW version 2009-09-09
"{AC76BA86-7AD7-1033-7B44-A70800000002}" = Adobe Reader 7.0.8
"{B2544A03-10D0-4E5E-BA69-0362FFC20D18}" = OGA Notifier 2.0.0048.0
"{B4092C6D-E886-4CB2-BA68-FE5A88D31DE6}_is1" = Spybot - Search & Destroy
"{B9A5A789-D491-49FB-958C-BFEC2C11BB1D}" = NMAS Challenge Response Method
"{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}" = Microsoft .NET Framework 2.0 Service Pack 2
"{C9E4932C-8417-4E4C-A0E3-EE534810AB4D}" = ClearType Tuning Control Panel Applet
"{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1
"{CDDCBBF1-2703-46BC-938B-BCC81A1EEAAA}" = SUPERAntiSpyware
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{D3880A64-6112-47b7-8BFE-70EEA07B43E0}" = Windows SteadyState
"{F02DBC5D-33E3-45E9-B0F8-B7745229ED1C}" = NICI (Shared) U.S./Worldwide (128 bit) (2.7.4-1)
"{F333A33D-125C-32A2-8DCE-5C5D14231E27}" = Visual C++ 2008 x86 Runtime - (v9.0.30729)
"{F333A33D-125C-32A2-8DCE-5C5D14231E27}.vc_x86runtime_30729_01" = Visual C++ 2008 x86 Runtime - v9.0.30729.01
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"AdobeESD" = Adobe Download Manager 2.0 (Remove Only)
"B Gone_is1" = B Gone
"CCleaner" = CCleaner
"CodeStuff Starter" = CodeStuff Starter
"DIME3500" = DIME3500
"Dimera 2000_3500" = Dimera 2000_3500
"ESET Online Scanner" = ESET Online Scanner v3
"HP Install Network Printer Wizard" = HP Install Network Printer Wizard
"IDNMitigationAPIs" = Microsoft Internationalized Domain Names Mitigation APIs
"ie7" = Windows Internet Explorer 7
"ie8" = Windows Internet Explorer 8
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware
"McAfee Anti-Spyware Enterprise Module" = McAfee AntiSpyware Enterprise Module
"Microsoft .NET Framework 1.1 (1033)" = Microsoft .NET Framework 1.1
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"MouseSuite98" = Mouse Suite
"NLSDownlevelMapping" = Microsoft National Language Support Downlevel APIs
"PhoTagsExpress" = PhoTags Express
"PROPLUS" = Microsoft Office Professional Plus 2007
"Radmin Viewer 3.0" = Radmin Viewer 3.0
"Recuva" = Recuva (remove only)
"Remote Administrator v2.0" = Remote Administrator v2.0
"Revo Uninstaller" = Revo Uninstaller 1.89
"SpywareBlaster_is1" = SpywareBlaster 4.3
"Tweak UI 2.10" = Tweak UI
"TweakNow PowerPack 2010_is1" = TweakNow PowerPack 2010
"VFP 6.0 Runtime - Setup" = VFP 6.0 Runtime - Setup
"Windows XP Service Pack" = Windows XP Service Pack 3

========== Last 10 Event Log Errors ==========

[ Application Events ]
Error - 7/25/2010 19:10:03 | Computer Name = A33500-505422 | Source = crypt32 | ID = 131083
Description = Failed extract of third-party root list from auto update cab at: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab>
with error: A required certificate is not within its validity period when verifying
against the current system clock or the timestamp in the signed file.

Error - 7/25/2010 19:10:03 | Computer Name = A33500-505422 | Source = crypt32 | ID = 131080
Description = Failed auto update retrieval of third-party root list sequence number
from: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootseq.txt>
with error: The connection with the server was terminated abnormally

Error - 7/25/2010 23:20:14 | Computer Name = A33500-505422 | Source = crypt32 | ID = 131083
Description = Failed extract of third-party root list from auto update cab at: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab>
with error: A required certificate is not within its validity period when verifying
against the current system clock or the timestamp in the signed file.

Error - 7/25/2010 23:20:14 | Computer Name = A33500-505422 | Source = crypt32 | ID = 131080
Description = Failed auto update retrieval of third-party root list sequence number
from: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootseq.txt>
with error: The connection with the server was terminated abnormally

Error - 7/26/2010 03:30:23 | Computer Name = A33500-505422 | Source = crypt32 | ID = 131083
Description = Failed extract of third-party root list from auto update cab at: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab>
with error: A required certificate is not within its validity period when verifying
against the current system clock or the timestamp in the signed file.

Error - 7/26/2010 03:30:24 | Computer Name = A33500-505422 | Source = crypt32 | ID = 131080
Description = Failed auto update retrieval of third-party root list sequence number
from: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootseq.txt>
with error: The connection with the server was terminated abnormally

Error - 7/26/2010 03:40:25 | Computer Name = A33500-505422 | Source = crypt32 | ID = 131083
Description = Failed extract of third-party root list from auto update cab at: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab>
with error: A required certificate is not within its validity period when verifying
against the current system clock or the timestamp in the signed file.

Error - 7/26/2010 03:40:25 | Computer Name = A33500-505422 | Source = crypt32 | ID = 131080
Description = Failed auto update retrieval of third-party root list sequence number
from: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootseq.txt>
with error: This network connection does not exist.

Error - 7/26/2010 07:50:35 | Computer Name = A33500-505422 | Source = crypt32 | ID = 131083
Description = Failed extract of third-party root list from auto update cab at: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab>
with error: A required certificate is not within its validity period when verifying
against the current system clock or the timestamp in the signed file.

Error - 7/26/2010 07:50:35 | Computer Name = A33500-505422 | Source = crypt32 | ID = 131080
Description = Failed auto update retrieval of third-party root list sequence number
from: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootseq.txt>
with error: The connection with the server was terminated abnormally

[ OSession Events ]
Error - 10/23/2009 12:06:30 | Computer Name = A33500-505422 | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 8, Application Name: Microsoft Office Publisher, Application Version:
12.0.6501.5000, Microsoft Office Version: 12.0.6215.1000. This session lasted 283
seconds with 60 seconds of active time. This session ended with a crash.

Error - 1/25/2010 12:33:27 | Computer Name = A33500-505422 | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 0, Application Name: Microsoft Office Word, Application Version:
12.0.6504.5000, Microsoft Office Version: 12.0.6425.1000. This session lasted 565
seconds with 240 seconds of active time. This session ended with a crash.

[ System Events ]
Error - 7/23/2010 08:20:34 | Computer Name = A33500-505422 | Source = Service Control Manager | ID = 7023
Description = The Automatic Updates service terminated with the following error:
%%126

Error - 7/23/2010 08:20:50 | Computer Name = A33500-505422 | Source = Service Control Manager | ID = 7026
Description = The following boot-start or system-start driver(s) failed to load:
Lbd

Error - 7/26/2010 09:09:35 | Computer Name = A33500-505422 | Source = Service Control Manager | ID = 7009
Description = Timeout (30000 milliseconds) waiting for the IMAPI CD-Burning COM
Service service to connect.

Error - 7/26/2010 09:09:35 | Computer Name = A33500-505422 | Source = Service Control Manager | ID = 7000
Description = The IMAPI CD-Burning COM Service service failed to start due to the
following error: %%1053

Error - 7/26/2010 09:10:53 | Computer Name = A33500-505422 | Source = DCOM | ID = 10010
Description = The server {73E709EA-5D93-4B2E-BBB0-99B7938DA9E4} did not register
with DCOM within the required timeout.

Error - 7/26/2010 09:11:36 | Computer Name = A33500-505422 | Source = DCOM | ID = 10010
Description = The server {73E709EA-5D93-4B2E-BBB0-99B7938DA9E4} did not register
with DCOM within the required timeout.

Error - 7/26/2010 09:12:10 | Computer Name = A33500-505422 | Source = DCOM | ID = 10010
Description = The server {73E709EA-5D93-4B2E-BBB0-99B7938DA9E4} did not register
with DCOM within the required timeout.

Error - 7/26/2010 09:12:40 | Computer Name = A33500-505422 | Source = DCOM | ID = 10010
Description = The server {73E709EA-5D93-4B2E-BBB0-99B7938DA9E4} did not register
with DCOM within the required timeout.

Error - 7/26/2010 09:13:11 | Computer Name = A33500-505422 | Source = DCOM | ID = 10010
Description = The server {73E709EA-5D93-4B2E-BBB0-99B7938DA9E4} did not register
with DCOM within the required timeout.

Error - 7/26/2010 09:13:41 | Computer Name = A33500-505422 | Source = DCOM | ID = 10010
Description = The server {73E709EA-5D93-4B2E-BBB0-99B7938DA9E4} did not register
with DCOM within the required timeout.


< End of report >















OTL logfile created on: 7/26/2010 09:19:14 - Run 1
OTL by OldTimer - Version 3.2.9.1 Folder = C:\!!SB2010
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

502.00 Mb Total Physical Memory | 32.00 Mb Available Physical Memory | 6.00% Memory free
1.00 Gb Paging File | 0.00 Gb Available in Paging File | 15.00% Paging File free
Paging file location(s): c:\pagefile.sys 756 1512 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINNT | %ProgramFiles% = C:\Program Files
Drive C: | 74.53 Gb Total Space | 47.92 Gb Free Space | 64.30% Space Free | Partition Type: NTFS
D: Drive not present or media not loaded
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: A33500-505422
Current User Name: Administrator
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: All users
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
Output = Standard

========== Processes (SafeList) ==========

PRC - [2010/07/26 09:09:56 | 000,574,976 | ---- | M] (OldTimer Tools) -- C:\!!SB2010\OTL.exe
PRC - [2010/03/25 20:07:00 | 000,147,472 | ---- | M] (McAfee, Inc.) -- C:\Program Files\McAfee\VirusScan Enterprise\Mcshield.exe
PRC - [2010/03/25 20:07:00 | 000,124,224 | ---- | M] (McAfee, Inc.) -- C:\Program Files\McAfee\VirusScan Enterprise\shstat.exe
PRC - [2010/03/25 20:07:00 | 000,070,728 | ---- | M] (McAfee, Inc.) -- C:\WINNT\system32\mfevtps.exe
PRC - [2010/03/25 20:07:00 | 000,066,880 | ---- | M] (McAfee, Inc.) -- C:\Program Files\McAfee\VirusScan Enterprise\VsTskMgr.exe
PRC - [2010/03/25 20:07:00 | 000,027,960 | ---- | M] (McAfee, Inc.) -- C:\Program Files\McAfee\VirusScan Enterprise\mfeann.exe
PRC - [2010/03/25 20:07:00 | 000,022,816 | ---- | M] (McAfee, Inc.) -- C:\Program Files\McAfee\VirusScan Enterprise\EngineServer.exe
PRC - [2009/08/25 16:00:00 | 000,226,624 | ---- | M] (McAfee, Inc.) -- C:\Program Files\McAfee\Common Framework\naPrdMgr.exe
PRC - [2009/08/25 16:00:00 | 000,136,512 | ---- | M] (McAfee, Inc.) -- C:\Program Files\McAfee\Common Framework\UdaterUI.exe
PRC - [2009/08/25 16:00:00 | 000,103,744 | ---- | M] (McAfee, Inc.) -- C:\Program Files\McAfee\Common Framework\FrameworkService.exe
PRC - [2009/08/25 16:00:00 | 000,091,456 | ---- | M] (McAfee, Inc.) -- C:\Program Files\McAfee\Common Framework\McTray.exe
PRC - [2009/04/17 03:35:18 | 000,408,424 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft Office\Office12\WINWORD.EXE
PRC - [2008/05/30 14:41:28 | 000,182,288 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Windows SteadyState\Bubble.exe
PRC - [2008/05/30 14:41:28 | 000,115,728 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Windows SteadyState\SCTSvc.exe
PRC - [2008/04/13 20:12:35 | 000,774,144 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Windows Media Player\setup_wm.exe
PRC - [2008/04/13 20:12:19 | 001,033,728 | ---- | M] (Microsoft Corporation) -- C:\WINNT\explorer.exe
PRC - [2005/10/12 12:24:36 | 000,221,184 | ---- | M] (Ur I.T. Mate Group) -- C:\Program Files\B Gone\B Gone.exe
PRC - [2005/03/01 04:17:55 | 000,364,544 | ---- | M] () -- C:\Program Files\PhoTags Express\Photags AutoDetect.exe
PRC - [2003/11/20 14:08:14 | 000,057,344 | ---- | M] (Primax Electronics Ltd.) -- C:\WINNT\system32\ico.exe
PRC - [2003/11/06 19:24:32 | 000,131,072 | ---- | M] (Primax Electronics Ltd.) -- C:\WINNT\system32\PELMICED.EXE
PRC - [2003/11/06 15:51:32 | 000,020,480 | ---- | M] () -- C:\WINNT\system32\FSRremoS.EXE
PRC - [2002/03/12 11:37:28 | 000,028,672 | ---- | M] (Novell, Inc.) -- C:\WINNT\system32\nwtray.exe
PRC - [2000/07/23 11:37:39 | 000,184,320 | ---- | M] () -- C:\WINNT\system32\r_server.exe
PRC - [1999/10/05 13:39:04 | 000,068,384 | ---- | M] (Microsoft) -- C:\WINNT\system32\userdump.exe


========== Modules (SafeList) ==========

MOD - [2010/07/26 09:09:56 | 000,574,976 | ---- | M] (OldTimer Tools) -- C:\!!SB2010\OTL.exe
MOD - [2008/04/13 20:10:20 | 000,110,592 | ---- | M] (Microsoft Corporation) -- C:\WINNT\system32\msscript.ocx
MOD - [2003/11/11 14:00:32 | 000,081,920 | ---- | M] (Primax Electronics Ltd.) -- C:\WINNT\system32\PELHOOKS.DLL
MOD - [2003/09/17 10:16:32 | 000,126,976 | ---- | M] (Primax Electronics Ltd.) -- C:\WINNT\system32\PELSCRLL.DLL
MOD - [2001/02/13 12:12:02 | 000,036,864 | ---- | M] (Primax Electronics Ltd.) -- C:\WINNT\system32\PELCOMM.DLL


========== Win32 Services (SafeList) ==========

SRV - File not found [Auto | Stopped] -- C:\WINDOWS\system32\wuauserv.dll -- (wuauserv)
SRV - File not found [Auto | Stopped] -- C:\ComboFix\PEV.cfx -- (PEVSystemStart)
SRV - File not found [Auto | Stopped] -- C:\Program Files\Maxtor\Maxtor Backup\MaxBackServiceInt.exe -- (MaxBackServiceInt)
SRV - File not found [Auto | Stopped] -- C:\WINNT\System32\hidserv.dll -- (HidServ)
SRV - [2010/03/25 20:07:00 | 000,147,472 | ---- | M] (McAfee, Inc.) [Unknown | Running] -- C:\Program Files\McAfee\VirusScan Enterprise\Mcshield.exe -- (McShield)
SRV - [2010/03/25 20:07:00 | 000,070,728 | ---- | M] (McAfee, Inc.) [Unknown | Running] -- C:\WINNT\system32\mfevtps.exe -- (mfevtp)
SRV - [2010/03/25 20:07:00 | 000,066,880 | ---- | M] (McAfee, Inc.) [Unknown | Running] -- C:\Program Files\McAfee\VirusScan Enterprise\VsTskMgr.exe -- (McTaskManager)
SRV - [2010/03/25 20:07:00 | 000,022,816 | ---- | M] (McAfee, Inc.) [Unknown | Running] -- C:\Program Files\McAfee\VirusScan Enterprise\EngineServer.exe -- (McAfeeEngineService)
SRV - [2009/08/25 16:00:00 | 000,103,744 | ---- | M] (McAfee, Inc.) [Unknown | Running] -- C:\Program Files\McAfee\Common Framework\FrameworkService.exe -- (McAfeeFramework)
SRV - [2008/08/04 15:59:00 | 000,053,339 | ---- | M] (Novell, Inc.) [On_Demand | Stopped] -- C:\WINNT\system32\cusrvc.exe -- (cusrvc)
SRV - [2008/05/30 14:41:28 | 000,115,728 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Windows SteadyState\SCTSvc.exe -- (Windows SteadyState)
SRV - [2008/04/13 20:12:38 | 000,050,176 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\WINNT\system32\utilman.exe -- (UtilMan)
SRV - [2000/07/23 11:37:39 | 000,184,320 | ---- | M] () [Auto | Running] -- C:\WINNT\System32\r_server.exe -- (r_server)
SRV - [1999/10/05 13:39:04 | 000,068,384 | ---- | M] (Microsoft) [Auto | Running] -- C:\WINNT\system32\userdump.exe -- (udmpsvc)


========== Driver Services (SafeList) ==========

DRV - File not found [Kernel | System | Stopped] -- C:\Program Files\SUPERAntiSpyware\SABKUTIL.sys -- (SABKUTIL)
DRV - File not found [Kernel | Disabled | Stopped] -- C:\WINNT\System32\DRIVERS\parallel.sys -- (Parallel)
DRV - File not found [File_System | Boot | Stopped] -- C:\WINNT\System32\DRIVERS\Lbd.sys -- (Lbd)
DRV - [2010/05/10 14:41:30 | 000,067,656 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Running] -- C:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS -- (SASKUTIL)
DRV - [2010/03/25 20:07:00 | 000,343,920 | ---- | M] (McAfee, Inc.) [Kernel | Boot | Running] -- C:\WINNT\system32\drivers\mfehidk.sys -- (mfehidk)
DRV - [2010/03/25 20:07:00 | 000,091,832 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Running] -- C:\WINNT\system32\drivers\mfeavfk.sys -- (mfeavfk)
DRV - [2010/03/25 20:07:00 | 000,075,704 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Running] -- C:\WINNT\system32\drivers\mfeapfk.sys -- (mfeapfk)
DRV - [2010/03/25 20:07:00 | 000,066,600 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINNT\system32\drivers\mferkdet.sys -- (mferkdet)
DRV - [2010/03/25 20:07:00 | 000,064,208 | ---- | M] (McAfee, Inc.) [Kernel | System | Running] -- C:\WINNT\system32\drivers\mfetdik.sys -- (mfetdik)
DRV - [2010/03/25 20:07:00 | 000,043,288 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Running] -- C:\WINNT\system32\drivers\mfebopk.sys -- (mfebopk)
DRV - [2010/02/17 14:25:48 | 000,012,872 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Running] -- C:\Program Files\SUPERAntiSpyware\sasdifsv.sys -- (SASDIFSV)
DRV - [2008/08/28 15:00:14 | 000,553,216 | ---- | M] (Novell, Inc.) [File_System | Auto | Running] -- C:\WINNT\system32\NetWare\nwfs.sys -- (NetwareWorkstation)
DRV - [2008/08/04 17:17:14 | 000,185,216 | ---- | M] (Novell, Inc.) [File_System | Auto | Running] -- C:\WINNT\system32\NetWare\srvloc.sys -- (SRVLOC)
DRV - [2008/08/04 17:06:32 | 000,058,496 | ---- | M] (Novell, Inc.) [File_System | Auto | Running] -- C:\WINNT\system32\NetWare\nwsipx32.sys -- (NWSIPX32)
DRV - [2008/07/21 14:45:20 | 000,017,664 | ---- | M] (Novell, Inc.) [Kernel | Boot | Running] -- C:\WINNT\system32\NetWare\nwfilter.sys -- (NWFILTER)
DRV - [2008/07/21 13:47:04 | 000,029,440 | ---- | M] (Novell, Inc.) [Kernel | Auto | Running] -- C:\WINNT\system32\NetWare\resmgr.sys -- (RESMGR)
DRV - [2008/07/21 13:39:20 | 000,045,824 | ---- | M] (Novell, Inc.) [File_System | On_Demand | Running] -- C:\WINNT\system32\NetWare\nwdns.sys -- (NWDNS)
DRV - [2008/07/02 06:05:32 | 000,089,328 | ---- | M] (Microsoft Corporation) [File_System | Boot | Running] -- C:\WINNT\System32\drivers\MUP.NEW -- (Mup)
DRV - [2008/04/13 14:56:06 | 000,088,320 | ---- | M] (Microsoft Corporation) [Kernel | Auto | Running] -- C:\WINNT\system32\drivers\nwlnkipx.sys -- (NwlnkIpx)
DRV - [2008/04/13 14:46:22 | 000,015,232 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\WINNT\system32\drivers\mpe.sys -- (MPE)
DRV - [2008/04/04 15:32:46 | 000,020,208 | ---- | M] (Novell, Inc.) [File_System | On_Demand | Running] -- C:\WINNT\system32\NetWare\nwslp.sys -- (NWSLP)
DRV - [2008/01/08 10:27:32 | 000,038,603 | ---- | M] (Novell, Inc.) [Kernel | Boot | Running] -- C:\WINNT\system32\drivers\nicm.sys -- (NICM)
DRV - [2006/09/15 14:03:24 | 000,058,000 | ---- | M] (Roxio) [Kernel | System | Running] -- C:\WINNT\System32\drivers\cdr4_2K.sys -- (Cdr4_2K)
DRV - [2006/09/15 14:03:24 | 000,023,420 | ---- | M] (Roxio) [Kernel | System | Running] -- C:\WINNT\System32\drivers\cdralw2k.sys -- (Cdralw2k)
DRV - [2006/05/10 15:00:16 | 000,156,160 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Running] -- C:\WINNT\system32\drivers\b57xp32.sys -- (b57w2k)
DRV - [2006/02/28 08:00:00 | 000,063,232 | ---- | M] (Microsoft Corporation) [Kernel | Auto | Running] -- C:\WINNT\system32\drivers\nwlnknb.sys -- (NwlnkNb)
DRV - [2006/02/28 08:00:00 | 000,055,936 | ---- | M] (Microsoft Corporation) [Kernel | Auto | Running] -- C:\WINNT\system32\drivers\nwlnkspx.sys -- (NwlnkSpx)
DRV - [2005/11/22 10:51:22 | 000,018,353 | ---- | M] (Novell, Inc.) [File_System | On_Demand | Running] -- C:\WINNT\system32\NetWare\nwdhcp.sys -- (NWDHCP)
DRV - [2005/10/12 13:12:18 | 000,009,297 | ---- | M] (Novell, Inc.) [File_System | On_Demand | Running] -- C:\WINNT\system32\NetWare\nwhost.sys -- (NWHOST)
DRV - [2005/10/12 13:11:32 | 000,006,128 | ---- | M] (Novell, Inc.) [File_System | On_Demand | Running] -- C:\WINNT\system32\NetWare\nwsns.sys -- (NWSNS) Novell Simple Naming Services (NWSNS)
DRV - [2005/10/09 21:35:28 | 000,017,792 | ---- | M] (Winbond Electronics Corp.) [Kernel | On_Demand | Running] -- C:\WINNT\system32\drivers\tpm.sys -- (TPM)
DRV - [2005/04/06 15:05:24 | 000,015,360 | ---- | M] (Maxtor Corp.) [Kernel | On_Demand | Stopped] -- C:\WINNT\system32\drivers\mxopswd.sys -- (MXOPSWD)
DRV - [2003/06/19 12:05:04 | 000,049,776 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\WINNT\system32\drivers\usbhub20.sys -- (usbhub20)
DRV - [2003/02/26 14:51:18 | 000,023,232 | ---- | M] () [File_System | On_Demand | Running] -- C:\WINNT\system32\NetWare\nwsap.sys -- (NWSAP)
DRV - [2003/02/11 13:25:14 | 000,009,216 | ---- | M] (Primax Electronics Ltd.) [Kernel | On_Demand | Running] -- C:\WINNT\system32\drivers\pelusblf.sys -- (pelusblf)
DRV - [2003/01/10 13:55:32 | 000,016,384 | ---- | M] (Primax Electronics Ltd.) [Kernel | On_Demand | Running] -- C:\WINNT\system32\drivers\PELMOUSE.SYS -- (pelmouse)
DRV - [2002/07/26 11:37:32 | 000,021,132 | ---- | M] (Number Five Software) [Kernel | Auto | Running] -- C:\WINNT\system32\drivers\N5LPT.sys -- (N5LPT.sys)
DRV - [2001/07/11 14:55:54 | 000,011,296 | ---- | M] () [Kernel | Auto | Running] -- C:\WINNT\System32\drivers\MARXDEV3.SYS -- (MarxDev3)
DRV - [2001/07/11 14:55:54 | 000,011,296 | ---- | M] () [Kernel | Auto | Running] -- C:\WINNT\System32\drivers\MARXDEV2.SYS -- (MarxDev2)
DRV - [2001/07/11 14:55:54 | 000,011,296 | ---- | M] () [Kernel | Auto | Running] -- C:\WINNT\System32\drivers\MARXDEV1.SYS -- (MarxDev1)
DRV - [1999/10/05 13:39:04 | 000,058,448 | ---- | M] (Microsoft) [Kernel | On_Demand | Running] -- C:\WINNT\system32\drivers\userdump.sys -- (udmpdrvr)
DRV - [1998/06/14 17:32:24 | 000,065,792 | ---- | M] () [Kernel | System | Running] -- C:\WINNT\System32\drivers\Dsc2par.sys -- (DSC2PAR)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\WINNT\system32\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Search_URL = http://www.google.com/ie


IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-19\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-20\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-21-776561741-527237240-839522115-500\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\WINNT\system32\blank.htm
IE - HKU\S-1-5-21-776561741-527237240-839522115-500\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.google.com
IE - HKU\S-1-5-21-776561741-527237240-839522115-500\SOFTWARE\Microsoft\Internet Explorer\Main,SearchMigratedDefaultName = Google
IE - HKU\S-1-5-21-776561741-527237240-839522115-500\SOFTWARE\Microsoft\Internet Explorer\Main,SearchMigratedDefaultURL = http://www.google.com/search?q={searchTerm...tf8&oe=utf8
IE - HKU\S-1-5-21-776561741-527237240-839522115-500\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.fbi.gov/cyberinvest/cyberhome.htm
IE - HKU\S-1-5-21-776561741-527237240-839522115-500\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Restore = https://www.hvcc.edu/
IE - HKU\S-1-5-21-776561741-527237240-839522115-500\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.google.com/ie
IE - HKU\S-1-5-21-776561741-527237240-839522115-500\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

FF - HKLM\software\mozilla\Mozilla Thunderbird 1.5.0.7\Extensions\\Components: C:\Program Files\Mozilla Thunderbird\components\ [2008/08/28 11:50:31 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Thunderbird 1.5.0.7\Extensions\\Plugins: C:\Program Files\Mozilla Thunderbird\plugins\ [2009/05/02 03:02:09 | 000,000,000 | ---D | M]

[2010/03/25 20:07:00 | 000,023,864 | ---- | M] (McAfee, Inc.) -- C:\Program Files\Mozilla Firefox\components\Scriptff.dll
[2004/11/12 23:36:20 | 000,005,120 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files\Mozilla Firefox\plugins\NPAdbESD.dll
[2006/11/09 16:20:40 | 002,111,096 | ---- | M] () -- C:\Program Files\Mozilla Firefox\plugins\NPSWF32.dll

O1 HOSTS File: ([2010/07/21 08:21:07 | 000,414,692 | R--- | M]) - C:\WINNT\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: 127.0.0.1 www.007guard.com
O1 - Hosts: 127.0.0.1 007guard.com
O1 - Hosts: 127.0.0.1 008i.com
O1 - Hosts: 127.0.0.1 www.008k.com
O1 - Hosts: 127.0.0.1 008k.com
O1 - Hosts: 127.0.0.1 www.00hq.com
O1 - Hosts: 127.0.0.1 00hq.com
O1 - Hosts: 127.0.0.1 010402.com
O1 - Hosts: 127.0.0.1 www.032439.com
O1 - Hosts: 127.0.0.1 032439.com
O1 - Hosts: 127.0.0.1 www.0scan.com
O1 - Hosts: 127.0.0.1 0scan.com
O1 - Hosts: 127.0.0.1 1000gratisproben.com
O1 - Hosts: 127.0.0.1 www.1000gratisproben.com
O1 - Hosts: 127.0.0.1 1001namen.com
O1 - Hosts: 127.0.0.1 www.1001namen.com
O1 - Hosts: 127.0.0.1 100888290cs.com
O1 - Hosts: 127.0.0.1 www.100888290cs.com
O1 - Hosts: 127.0.0.1 www.100sexlinks.com
O1 - Hosts: 127.0.0.1 100sexlinks.com
O1 - Hosts: 127.0.0.1 10sek.com
O1 - Hosts: 127.0.0.1 www.10sek.com
O1 - Hosts: 127.0.0.1 www.1-2005-search.com
O1 - Hosts: 127.0.0.1 1-2005-search.com
O1 - Hosts: 14321 more lines...
O2 - BHO: (Adobe PDF Reader Link Helper) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
O2 - BHO: (Spybot-S&D IE Protection) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O2 - BHO: (scriptproxy) - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - C:\Program Files\McAfee\VirusScan Enterprise\scriptsn.dll (McAfee, Inc.)
O3 - HKU\S-1-5-21-776561741-527237240-839522115-500\..\Toolbar\WebBrowser: (no name) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No CLSID value found.
O4 - HKLM..\Run: [B Gone] C:\Program Files\B Gone\B Gone.exe (Ur I.T. Mate Group)
O4 - HKLM..\Run: [Bubble] C:\Program Files\Windows SteadyState\Bubble.exe (Microsoft Corporation)
O4 - HKLM..\Run: [Logoff] C:\Program Files\Windows SteadyState\SCTUINotify.exe (Microsoft Corporation)
O4 - HKLM..\Run: [McAfeeUpdaterUI] C:\Program Files\McAfee\Common Framework\udaterui.exe (McAfee, Inc.)
O4 - HKLM..\Run: [Mouse Suite 98 Daemon] C:\WINNT\System32\ico.exe (Primax Electronics Ltd.)
O4 - HKLM..\Run: [NWTRAY] C:\WINNT\System32\nwtray.exe (Novell, Inc.)
O4 - HKLM..\Run: [rcuaewrc] C:\Documents and Settings\NetworkService\Local Settings\Application Data\urvaygvjt\ficorohtssd.exe File not found
O4 - HKLM..\Run: [ShStatEXE] C:\Program Files\McAfee\VirusScan Enterprise\SHSTAT.EXE (McAfee, Inc.)
O4 - HKLM..\Run: [Tweak UI] C:\WINNT\System32\TWEAKUI.CPL (Microsoft Corporation)
O4 - HKU\.DEFAULT..\Run: [rcuaewrc] C:\Documents and Settings\NetworkService\Local Settings\Application Data\urvaygvjt\ficorohtssd.exe File not found
O4 - HKU\S-1-5-18..\Run: [rcuaewrc] C:\Documents and Settings\NetworkService\Local Settings\Application Data\urvaygvjt\ficorohtssd.exe File not found
O4 - HKU\S-1-5-21-776561741-527237240-839522115-500..\Run: [MSMSGS] C:\Program Files\Messenger\msmsgs.exe File not found
O4 - HKU\S-1-5-21-776561741-527237240-839522115-500..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe File not found
O4 - HKU\.DEFAULT..\RunOnce: [tscuninstall] C:\WINNT\system32\tscupgrd.exe (Microsoft Corporation)
O4 - HKU\S-1-5-18..\RunOnce: [tscuninstall] C:\WINNT\system32\tscupgrd.exe (Microsoft Corporation)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Photags AutoDetect.lnk = C:\Program Files\PhoTags Express\Photags AutoDetect.exe ()
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoControlPanel = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: HideFastUserSwitching = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: CompatibleRUPSecurity = 1
O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O7 - HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-21-776561741-527237240-839522115-500\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O7 - HKU\S-1-5-21-776561741-527237240-839522115-500\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKU\S-1-5-21-776561741-527237240-839522115-500\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O8 - Extra context menu item: E&xport to Microsoft Excel - C:\Program Files\Microsoft Office\Office12\EXCEL.EXE (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\WINNT\system32\NetWare\nwws2nds.dll (Novell, Inc.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000005 [] - C:\WINNT\system32\NetWare\nwws2sap.dll (Novell, Inc.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000006 [] - C:\WINNT\system32\NetWare\nwws2slp.dll (Novell, Inc.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\WINNT\system32\nwprovau.dll (Microsoft Corporation)
O15 - HKU\S-1-5-21-776561741-527237240-839522115-500\..Trusted Domains: internet ([]about in Trusted sites)
O15 - HKU\S-1-5-21-776561741-527237240-839522115-500\..Trusted Domains: mcafee.com ([]http in Trusted sites)
O15 - HKU\S-1-5-21-776561741-527237240-839522115-500\..Trusted Domains: mcafee.com ([]https in Trusted sites)
O16 - DPF: {05CA9FB0-3E3E-4B36-BF41-0E3A5CAA8CD8} http://go.microsoft.com/fwlink/?linkid=58813 (Office Genuine Advantage Validation Tool)
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} http://update.microsoft.com/windowsupdate/...b?1158261108468 (WUWebControl Class)
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} http://update.microsoft.com/microsoftupdat...b?1158261168343 (MUWebControl Class)
O16 - DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} http://download.eset.com/special/eos/OnlineScanner.cab (OnlineScanner Control)
O16 - DPF: {C7DB51B4-BCF7-4923-8874-7F1A0DC92277} http://office.microsoft.com/officeupdate/content/opuc4.cab (Office Update Installation Engine)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload.macromedia.com/pub/shock...ash/swflash.cab (Shockwave Flash Object)
O16 - DPF: DirectAnimation Java Classes file://C:\WINNT\Java\classes\dajava.cab (Reg Error: Key error.)
O16 - DPF: Microsoft XML Parser for Java Reg Error: Value error. (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: Domain = hvcc.edu
O18 - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Program Files\Common Files\Microsoft Shared\Help\hxds.dll (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINNT\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: GinaDLL - (NWGINA.DLL) - C:\WINNT\System32\nwgina.dll (Novell, Inc.)
O20 - Winlogon\Notify\!SASWinLogon: DllName - C:\Program Files\SUPERAntiSpyware\SASWINLO.DLL - C:\Program Files\SUPERAntiSpyware\SASWINLO.DLL (SUPERAntiSpyware.com)
O20 - Winlogon\Notify\igfxcui: DllName - igfxdev.dll - C:\WINNT\System32\igfxdev.dll (Intel Corporation)
O20 - Winlogon\Notify\wzcnotif: DllName - wzcdlg.dll - C:\WINNT\System32\wzcdlg.dll (Microsoft Corporation)
O24 - Desktop BackupWallPaper: C:\!!!SpyBots-Staff\Logo's\800 x 600 IBM Americas Map.bmp
O28 - HKLM ShellExecuteHooks: {5AE067D3-9AFB-48E0-853A-EBB7F4A000DA} - C:\Program Files\SUPERAntiSpyware\SASSEH.DLL (SuperAdBlocker.com)
O30 - LSA: Authentication Packages - (nwv1_0) - C:\WINNT\System32\nwv1_0.dll (Novell, Inc.)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2006/09/13 16:26:54 | 000,000,000 | -H-- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O33 - MountPoints2\E\Shell - "" = AutoRun
O33 - MountPoints2\E\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\E\Shell\AutoRun\command - "" = E:\LaunchU3.exe -- File not found
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O36 - AppCertDlls: dosk1SVR - (C:\WINNT\system32\calcdosx.dll) - C:\WINNT\System32\calcdosx.dll File not found
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKU\.DEFAULT\...exe [@ = secfile] -- "C:\WINNT\TEMP\AUTMGR32.EXE" /START "%1" %* File not found
O37 - HKU\S-1-5-18\...exe [@ = secfile] -- "C:\WINNT\TEMP\AUTMGR32.EXE" /START "%1" %* File not found

MsConfig - StartUpReg: Synchronization Manager - hkey= - key= - File not found
MsConfig - State: "system.ini" - 0
MsConfig - State: "win.ini" - 0
MsConfig - State: "bootini" - 0
MsConfig - State: "services" - 0
MsConfig - State: "startup" - 2

SafeBootMin: Base - Driver Group
SafeBootMin: Boot Bus Extender - Driver Group
SafeBootMin: Boot file system - Driver Group
SafeBootMin: File system - Driver Group
SafeBootMin: Filter - Driver Group
SafeBootMin: McAfeeEngineService - C:\Program Files\McAfee\VirusScan Enterprise\EngineServer.exe (McAfee, Inc.)
SafeBootMin: PCI Configuration - Driver Group
SafeBootMin: PEVSystemStart - C:\ComboFix\PEV.cfx File not found
SafeBootMin: PNP Filter - Driver Group
SafeBootMin: Primary disk - Driver Group
SafeBootMin: procexp90.Sys - Driver
SafeBootMin: SCSI Class - Driver Group
SafeBootMin: sermouse.sys - Driver
SafeBootMin: sglfb.sys - Driver
SafeBootMin: System Bus Extender - Driver Group
SafeBootMin: tga.sys - File not found
SafeBootMin: vds - Service
SafeBootMin: vga.sys - Driver
SafeBootMin: Windows SteadyState - C:\Program Files\Windows SteadyState\SCTSvc.exe (Microsoft Corporation)
SafeBootMin: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers
SafeBootMin: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive
SafeBootMin: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive
SafeBootMin: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller
SafeBootMin: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc
SafeBootMin: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard
SafeBootMin: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse
SafeBootMin: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters
SafeBootMin: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter
SafeBootMin: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System
SafeBootMin: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive
SafeBootMin: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy
SafeBootMin: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume
SafeBootMin: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices

ActiveX: {08a00762-7c1e-42c2-87f0-ca3600045cd7} - KB941202
ActiveX: {08B0E5C0-4FCB-11CF-AAA5-00401C608500} - Microsoft VM
ActiveX: {08B0E5C0-4FCB-11CF-AAA5-00401C608555} - Internet Explorer Classes for Java
ActiveX: {0fde1f56-0d59-4fd7-9624-e3df6b419d0e} - Internet Explorer ReadMe
ActiveX: {0fde1f56-0d59-4fd7-9624-e3df6b419d0f} - IEEX
ActiveX: {10072CEC-8CC1-11D1-986E-00A0C955B42F} - Vector Graphics Rendering (VML)
ActiveX: {110e3a85-a9d6-4220-a14a-d39588fa4763} - KB947864
ActiveX: {1d52d05a-f63b-496e-80ff-2f46fd261fd4} - KB956390
ActiveX: {2179C5D3-EBFF-11CF-B6FD-00AA00B4E220} - NetShow
ActiveX: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Microsoft Windows Media Player 6.4
ActiveX: {28023b22-f71e-43e8-8ea4-de315462878d} - KB933566
ActiveX: {283807B5-2C60-11D0-A31D-00AA00B92C03} - DirectAnimation
ActiveX: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll
ActiveX: {36f8ec70-c29a-11d1-b5c7-0000f8051515} - Dynamic HTML Data Binding for Java
ActiveX: {3af36230-a269-11d1-b5bf-0000f8051515} - Offline Browsing Pack
ActiveX: {3bf42070-b3b1-11d1-b5c5-0000f8051515} - Uniscribe
ActiveX: {3c0d61fe-1db3-4d0b-8477-3cb53eab9469} - KB951066
ActiveX: {411EDCF7-755D-414E-A74B-3DCD6583F589} - Microsoft .NET Framework 1.1 Service Pack 1 (KB867460)
ActiveX: {4278c270-a269-11d1-b5bf-0000f8051515} - Advanced Authoring
ActiveX: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles%\Outlook Express\setup50.exe" /APP:OE /CALLER:WINNT /user /install
ActiveX: {44BBA842-CC51-11CF-AAFA-00AA00B6015B} - rundll32.exe advpack.dll,LaunchINFSection C:\WINNT\INF\msnetmtg.inf,NetMtg.Install.PerUser.NT
ActiveX: {44BBA848-CC51-11CF-AAFA-00AA00B6015C} - DirectShow
ActiveX: {44BBA855-CC51-11CF-AAFA-00AA00B6015C} - Microsoft DirectX
ActiveX: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx
ActiveX: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer Help
ActiveX: {4d64f3ba-f112-4efe-a02e-96680859937c} - KB918899
ActiveX: {4f216970-c90c-11d1-b5c7-0000f8051515} - DirectAnimation Java Classes
ActiveX: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.7
ActiveX: {5945c046-1e7d-11d1-bc44-00c04fd912be} - rundll32.exe advpack.dll,LaunchINFSection C:\WINNT\INF\msmsgs.inf,BLC.QuietInstall.PerUser
ActiveX: {5A8D6EE0-3E18-11D0-821E-444553540000} - ICW
ActiveX: {5f3c70b3-ac2f-432c-8f9c-1624df61f54f} - Microsoft Data Access Components KB870669
ActiveX: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools
ActiveX: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsing Enhancements
ActiveX: {685e3910-1f77-49b9-9434-50bcd95c51ab} - KB905495
ActiveX: {6A5110B5-E14B-4268-A065-EF89FF33C325} - regsvr32.exe /s /n /i:"S 2 true 3 true 4 true 5 true 6 true 7 true" initpki.dll
ActiveX: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - Microsoft Windows Media Player
ActiveX: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - MSN Site Access
ActiveX: {706b15de-aa6d-4c4f-8699-1b0a991228b7} - KB939653
ActiveX: {7131646D-CD3C-40F4-97B9-CD9E4E6262EF} - .NET Framework
ActiveX: {73fa19d0-2d75-11d2-995d-00c04f98bbc9} - Web Folders
ActiveX: {7790769C-0471-11d2-AF11-00C04FA35D02} - "%ProgramFiles%\Outlook Express\setup50.exe" /APP:WAB /CALLER:WINNT /user /install
ActiveX: {77D30FCF-771E-4EF4-9DCD-69056CA0B517} - rundll32 dfmcd21.dll,laspi
ActiveX: {7d16667b-0ff7-4c6b-9fcf-775578e89cc2} - KB922760
ActiveX: {80b81c71-14cd-41c3-9e8c-08b9e06d02ef} - KB960714
ActiveX: {83ACCF02-DFA1-4555-AAF2-529EC15ACE27} - Microsoft .NET Framework 1.1 Hotfix (KB947742)
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4383} - C:\WINNT\system32\ie4uinit.exe -BaseSettings
ActiveX: {89B4C1CD-B018-4511-B0A1-5476DBF70820} - c:\WINNT\system32\Rundll32.exe c:\WINNT\system32\mscories.dll,Install
ActiveX: {8b15971b-5355-4c82-8c07-7e181ea07608} - rundll32.exe advpack.dll,LaunchINFSection C:\WINNT\INF\fxsocm.inf,Fax.Install.PerUser
ActiveX: {90b0bef8-22d6-40a8-92c8-155434fc112f} - KB938127
ActiveX: {9311e53c-4c8c-4b8f-aa80-6b16de179d70} - KB925454
ActiveX: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML Data Binding
ActiveX: {94de52c8-2d59-4f1b-883e-79663d2d9a8c} - Fax Provider
ActiveX: {95177e6d-aaa9-44d1-bebd-b380bce3be79} - KB937143
ActiveX: {9EF0045A-CDD9-438e-95E6-02B9AFEC8E11} - %SystemRoot%\system32\updcrl.exe -e -u %SystemRoot%\system32\verisignpub1.crl
ActiveX: {A00BF2EB-56EE-4fde-B5EA-6A8FA425B2A5} - W2KAppComp
ActiveX: {a5653fdf-8d3a-451b-937f-6c7534804953} - KB923694
ActiveX: {a99b636e-f3ca-4adc-bcde-a4b451cd65d4} - KB942615
ActiveX: {abd13515-07e0-476a-9b25-211dbe6d1c21} - KB928090
ActiveX: {B508B3F1-A24A-32C0-B310-85786919EF28} - .NET Framework
ActiveX: {C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F} - .NET Framework
ActiveX: {c1f0071f-505e-40bc-babe-3240af80b5cf} - KB950759
ActiveX: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer Core Fonts
ActiveX: {CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1} - .NET Framework
ActiveX: {CC2A9BA0-3BDD-11D0-821E-444553540000} - Task Scheduler
ActiveX: {CDD7975E-60F8-41d5-8149-19E51D6F71D0} - Windows Movie Maker v2.1
ActiveX: {D27CDB6E-AE6D-11CF-96B8-444553540000} - Adobe Flash Player
ActiveX: {da53c936-c804-4f62-a1d2-6cf6d1591b66} - KB948881
ActiveX: {DAA94A2A-2A8D-4D3B-9DB8-56FBECED082D} - Microsoft .NET Framework 1.1 Security Update (KB953297)
ActiveX: {dd772a76-bef3-44d7-8b39-502c8504c1f1} - KB925486
ActiveX: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML Help
ActiveX: {e41091c0-06d5-474f-836e-dd190348ea18} - KB958215
ActiveX: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface
ActiveX: {eb6ab742-eb17-446b-8ce7-dff2bc7cbf93} - KB931768
ActiveX: {ee714f0a-76c6-4126-a55e-1e43c11884a7} - KB944533
ActiveX: {EF289A85-8E57-408d-BE47-73B55609861A} - RootsUpdate
ActiveX: {f156e5b2-f52e-4094-800c-e7392fe62314} - KB938464
ActiveX: {f15ee071-deb7-4cbb-951f-431c98338d8e} - KB911567
ActiveX: {f4de1058-dafc-4d16-b294-6ea1125bf3d3} - KB929969
ActiveX: {fd4aedf6-1163-4f9c-bbf2-11aec5b873b0} - KB953838
ActiveX: <{12d0ed0d-0ee0-4f90-8827-78cefb8f4988} - C:\WINNT\system32\ieudinit.exe
ActiveX: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - C:\WINNT\inf\unregmp2.exe /ShowWMP
ActiveX: >{26923b43-4d38-484f-9b9e-de460746276c} - C:\WINNT\system32\ie4uinit.exe -UserIconConfig
ActiveX: >{60B49E34-C7CC-11D0-8953-00A0C90347FF} - "C:\WINNT\system32\rundll32.exe" "C:\WINNT\system32\iedkcs32.dll",BrandIEActiveSetup SIGNUP
ActiveX: >{60B49E34-C7CC-11D0-8953-00A0C90347FF}MICROS - RunDLL32 IEDKCS32.DLL,BrandIE4 SIGNUP
ActiveX: >{881dd1c5-3dcf-431b-b061-f3f88e8be88a} - %systemroot%\system32\shmgrate.exe OCInstallUserConfigOE
ActiveX: Microsoft Base Smart Card Crypto Provider Package -

Drivers32: aux - C:\WINNT\System32\mmdrv.dll (Microsoft Corporation)
Drivers32: aux1 - File not found
Drivers32: aux2 - File not found
Drivers32: aux3 - File not found
Drivers32: aux4 - File not found
Drivers32: aux5 - File not found
Drivers32: aux6 - File not found
Drivers32: aux7 - File not found
Drivers32: aux8 - File not found
Drivers32: aux9 - File not found
Drivers32: midi1 - File not found
Drivers32: midi2 - File not found
Drivers32: midi3 - File not found
Drivers32: midi4 - File not found
Drivers32: midi5 - File not found
Drivers32: midi6 - File not found
Drivers32: midi7 - File not found
Drivers32: midi8 - File not found
Drivers32: midi9 - File not found
Drivers32: mixer1 - File not found
Drivers32: mixer2 - File not found
Drivers32: mixer3 - File not found
Drivers32: mixer4 - File not found
Drivers32: mixer5 - File not found
Drivers32: mixer6 - File not found
Drivers32: mixer7 - File not found
Drivers32: mixer8 - File not found
Drivers32: mixer9 - File not found
Drivers32: msacm.iac2 - C:\WINNT\system32\iac25_32.ax (Intel Corporation)
Drivers32: msacm.l3acm - C:\WINNT\system32\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
Drivers32: msacm.lhacm - C:\WINNT\System32\lhacm.acm (Microsoft Corporation)
Drivers32: msacm.sl_anet - C:\WINNT\System32\sl_anet.acm (Sipro Lab Telecom Inc.)
Drivers32: msacm.trspch - C:\WINNT\System32\tssoft32.acm (DSP GROUP, INC.)
Drivers32: vidc.cvid - C:\WINNT\System32\iccvid.dll (Radius Inc.)
Drivers32: vidc.iv31 - C:\WINNT\System32\ir32_32.dll ()
Drivers32: vidc.iv32 - C:\WINNT\System32\ir32_32.dll ()
Drivers32: vidc.iv41 - C:\WINNT\System32\ir41_32.ax (Intel Corporation)
Drivers32: vidc.iv50 - C:\WINNT\System32\ir50_32.dll (Intel Corporation)
Drivers32: wave1 - File not found
Drivers32: wave2 - File not found
Drivers32: wave3 - File not found
Drivers32: wave4 - File not found
Drivers32: wave5 - File not found
Drivers32: wave6 - File not found
Drivers32: wave7 - File not found
Drivers32: wave8 - File not found
Drivers32: wave9 - File not found

NetSvcs: 6to4 - File not found
NetSvcs: HidServ - C:\WINNT\System32\hidserv.dll File not found
NetSvcs: Ias - File not found
NetSvcs: Iprip - File not found
NetSvcs: Irmon - File not found
NetSvcs: NWCWorkstation - File not found
NetSvcs: Nwsapagent - File not found
NetSvcs: WmdmPmSp - File not found
NetSvcs: wuauserv - C:\WINDOWS\system32\wuauserv.dll File not found

========== Files/Folders - Created Within 30 Days ==========

[2010/07/23 16:00:14 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NetworkService\Local Settings\Application Data\urvaygvjt
[2010/07/21 15:14:00 | 000,000,000 | -HSD | C] -- C:\Documents and Settings\Administrator\IECompatCache
[2010/07/21 15:11:13 | 000,000,000 | -HSD | C] -- C:\Documents and Settings\Administrator\IETldCache
[2010/07/21 14:49:12 | 000,000,000 | -H-D | C] -- C:\WINNT\ie8
[2010/07/21 13:48:04 | 000,000,000 | RH-D | C] -- C:\Documents and Settings\Administrator\Recent
[2010/07/21 10:23:35 | 000,000,000 | --SD | C] -- C:\ComboFix
[2010/07/21 10:08:12 | 000,212,480 | ---- | C] (SteelWerX) -- C:\WINNT\SWXCACLS.exe
[2010/07/21 10:08:12 | 000,161,792 | ---- | C] (SteelWerX) -- C:\WINNT\SWREG.exe
[2010/07/21 10:08:12 | 000,136,704 | ---- | C] (SteelWerX) -- C:\WINNT\SWSC.exe
[2010/07/21 10:08:12 | 000,031,232 | ---- | C] (NirSoft) -- C:\WINNT\NIRCMD.exe
[2010/07/21 10:07:55 | 000,000,000 | ---D | C] -- C:\WINNT\ERDNT
[2010/07/21 10:06:27 | 000,000,000 | ---D | C] -- C:\Qoobox
[2010/07/20 15:18:37 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Desktop\backups
[2010/07/19 15:04:25 | 000,000,000 | ---D | C] -- C:\Program Files\FiveStarInteractive
[2010/07/19 15:01:52 | 000,000,000 | ---D | C] -- C:\Program Files\ESET
[2010/07/19 11:32:12 | 000,388,608 | ---- | C] (Trend Micro Inc.) -- C:\Documents and Settings\Administrator\Desktop\HijackThis.exe
[2010/07/19 11:31:19 | 001,870,800 | ---- | C] (Trend Micro Inc.) -- C:\Documents and Settings\Administrator\Desktop\HousecallLauncher.exe
[2010/07/16 14:57:41 | 000,000,000 | -H-D | C] -- C:\WINNT\ie7
[2010/07/16 13:53:27 | 000,000,000 | ---D | C] -- C:\Program Files\VS Revo Group
[2010/07/12 12:35:51 | 000,000,000 | ---D | C] -- C:\WINNT\System\nls
[2010/07/12 12:35:35 | 000,000,000 | ---D | C] -- C:\WINNT\System32\NetWare
[2010/07/12 12:35:34 | 000,000,000 | ---D | C] -- C:\Program Files\CUAgent
[2010/07/12 10:17:18 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\SUPERAntiSpyware.com
[2010/07/12 10:17:10 | 000,000,000 | ---D | C] -- C:\Program Files\SUPERAntiSpyware
[2010/07/09 00:18:00 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NetworkService\Application Data\AdobeUM
[2010/07/06 09:22:29 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NetworkService\Local Settings\Application Data\odvmnqakb
[2010/07/01 17:53:32 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NetworkService\Local Settings\Application Data\Adobe
[2010/06/29 15:17:50 | 000,266,360 | ---- | C] (Microsoft Corporation) -- C:\WINNT\System32\TweakUI.exe
[2010/06/27 00:47:42 | 000,000,000 | ---D | C] -- C:\Documents and Settings\LocalService\Local Settings\Application Data\Adobe
[7 C:\WINNT\*.tmp files -> C:\WINNT\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2010/07/26 09:16:36 | 007,864,320 | -H-- | M] () -- C:\Documents and Settings\Administrator\NTUSER.DAT
[2010/07/26 09:09:12 | 000,002,206 | ---- | M] () -- C:\WINNT\System32\wpa.dbl
[2010/07/25 08:14:01 | 000,000,183 | ---- | M] () -- C:\WINNT\hpbafd.ini
[2010/07/23 10:50:16 | 000,000,278 | -HS- | M] () -- C:\Documents and Settings\Administrator\ntuser.ini
[2010/07/23 08:20:14 | 000,000,006 | -H-- | M] () -- C:\WINNT\tasks\SA.DAT
[2010/07/23 08:20:11 | 000,002,048 | --S- | M] () -- C:\WINNT\bootstat.dat
[2010/07/23 08:20:10 | 526,962,688 | -HS- | M] () -- C:\hiberfil.sys
[2010/07/22 10:56:00 | 000,000,472 | ---- | M] () -- C:\WINNT\tasks\Ad-Aware Update (Weekly).job
[2010/07/21 15:11:32 | 000,000,821 | ---- | M] () -- C:\Documents and Settings\Administrator\Application Data\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser.lnk
[2010/07/21 08:21:07 | 000,414,692 | R--- | M] () -- C:\WINNT\System32\drivers\etc\hosts
[2010/07/20 14:59:53 | 000,000,688 | ---- | M] () -- C:\Documents and Settings\Administrator\Desktop\CCleaner.lnk
[2010/07/20 08:33:17 | 000,412,092 | R--- | M] () -- C:\WINNT\System32\drivers\etc\hosts.20100721-082107.backup
[2010/07/20 08:16:39 | 000,000,957 | ---- | M] () -- C:\Documents and Settings\Administrator\Application Data\Microsoft\Internet Explorer\Quick Launch\Spybot - Search & Destroy.lnk
[2010/07/20 08:16:39 | 000,000,939 | ---- | M] () -- C:\Documents and Settings\Administrator\Desktop\Spybot - Search & Destroy.lnk
[2010/07/20 08:00:08 | 000,285,312 | ---- | M] () -- C:\WINNT\System32\FNTCACHE.DAT
[2010/07/19 15:17:16 | 000,070,792 | ---- | M] () -- C:\Documents and Settings\Administrator\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
[2010/07/19 11:32:21 | 000,388,608 | ---- | M] (Trend Micro Inc.) -- C:\Documents and Settings\Administrator\Desktop\HijackThis.exe
[2010/07/19 11:31:42 | 000,000,036 | ---- | M] () -- C:\Documents and Settings\Administrator\Local Settings\Application Data\housecall.guid.cache
[2010/07/19 11:31:37 | 001,870,800 | ---- | M] (Trend Micro Inc.) -- C:\Documents and Settings\Administrator\Desktop\HousecallLauncher.exe
[2010/07/16 14:19:42 | 000,532,552 | ---- | M] () -- C:\WINNT\System32\PerfStringBackup.INI
[2010/07/16 14:19:42 | 000,449,424 | ---- | M] () -- C:\WINNT\System32\perfh009.dat
[2010/07/16 14:19:42 | 000,073,830 | ---- | M] () -- C:\WINNT\System32\perfc009.dat
[2010/07/16 13:53:31 | 000,000,923 | ---- | M] () -- C:\Documents and Settings\Administrator\Desktop\Revo Uninstaller.lnk
[2010/07/13 15:13:10 | 000,009,058 | ---- | M] () -- C:\WINNT\System32\jsc
[2010/07/13 15:13:08 | 000,071,680 | ---- | M] () -- C:\WINNT\System32\klgd.bmp
[2010/07/12 13:00:53 | 000,000,584 | ---- | M] () -- C:\Documents and Settings\Administrator\Desktop\Shortcut to loginw32.lnk
[2010/07/12 12:59:40 | 000,000,572 | ---- | M] () -- C:\Documents and Settings\Administrator\Desktop\Shortcut to nwtray.lnk
[2010/07/12 12:36:04 | 000,000,504 | ---- | M] () -- C:\WINNT\System32\AUTOEXEC.NT
[2010/07/12 12:35:56 | 000,000,246 | ---- | M] () -- C:\WINNT\system.ini
[2010/07/12 10:17:14 | 000,001,684 | ---- | M] () -- C:\Documents and Settings\Administrator\Desktop\SUPERAntiSpyware Free Edition.lnk
[2010/07/12 10:16:28 | 000,001,237 | ---- | M] () -- C:\Documents and Settings\Administrator\Desktop\!!SB2010.lnk
[2010/06/30 12:07:00 | 000,000,855 | ---- | M] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Photags AutoDetect.lnk
[2010/06/30 11:44:35 | 000,001,595 | ---- | M] () -- C:\Documents and Settings\Administrator\Desktop\Launch Auto Detect (2).lnk
[2010/06/29 09:47:41 | 000,004,223 | ---- | M] () -- C:\Documents and Settings\Administrator\Desktop\Kathy Hansen virus log file 6.29.2010
[2010/06/27 01:07:06 | 000,001,453 | ---- | M] () -- C:\nudetube.com.lnk
[2010/06/27 01:07:06 | 000,001,449 | ---- | M] () -- C:\youporn.com.lnk
[2010/06/27 01:07:01 | 000,001,457 | ---- | M] () -- C:\pornotube.com.lnk
[7 C:\WINNT\*.tmp files -> C:\WINNT\*.tmp -> ]

========== Files Created - No Company Name ==========

[2010/07/21 10:08:12 | 000,256,512 | ---- | C] () -- C:\WINNT\PEV.exe
[2010/07/21 10:08:12 | 000,098,816 | ---- | C] () -- C:\WINNT\sed.exe
[2010/07/21 10:08:12 | 000,080,412 | ---- | C] () -- C:\WINNT\grep.exe
[2010/07/21 10:08:12 | 000,077,312 | ---- | C] () -- C:\WINNT\MBR.exe
[2010/07/21 10:08:12 | 000,068,096 | ---- | C] () -- C:\WINNT\zip.exe
[2010/07/19 11:31:42 | 000,000,036 | ---- | C] () -- C:\Documents and Settings\Administrator\Local Settings\Application Data\housecall.guid.cache
[2010/07/16 14:19:37 | 000,000,821 | ---- | C] () -- C:\Documents and Settings\Administrator\Application Data\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser.lnk
[2010/07/16 13:53:31 | 000,000,923 | ---- | C] () -- C:\Documents and Settings\Administrator\Desktop\Revo Uninstaller.lnk
[2010/07/13 15:13:10 | 000,009,058 | ---- | C] () -- C:\WINNT\System32\jsc
[2010/07/13 15:13:08 | 000,071,680 | ---- | C] () -- C:\WINNT\System32\klgd.bmp
[2010/07/12 13:00:53 | 000,000,584 | ---- | C] () -- C:\Documents and Settings\Administrator\Desktop\Shortcut to loginw32.lnk
[2010/07/12 12:59:40 | 000,000,572 | ---- | C] () -- C:\Documents and Settings\Administrator\Desktop\Shortcut to nwtray.lnk
[2010/07/12 10:17:14 | 000,001,684 | ---- | C] () -- C:\Documents and Settings\Administrator\Desktop\SUPERAntiSpyware Free Edition.lnk
[2010/07/12 10:15:30 | 000,001,237 | ---- | C] () -- C:\Documents and Settings\Administrator\Desktop\!!SB2010.lnk
[2010/06/30 12:06:55 | 000,000,855 | ---- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Photags AutoDetect.lnk
[2010/06/30 11:44:35 | 000,001,595 | ---- | C] () -- C:\Documents and Settings\Administrator\Desktop\Launch Auto Detect (2).lnk
[2010/06/29 15:17:50 | 000,160,217 | ---- | C] () -- C:\WINNT\System32\PowerToysLicense.rtf
[2010/06/29 09:47:41 | 000,004,223 | ---- | C] () -- C:\Documents and Settings\Administrator\Desktop\Kathy Hansen virus log file 6.29.2010
[2010/06/27 01:07:06 | 000,001,453 | ---- | C] () -- C:\nudetube.com.lnk
[2010/06/27 01:07:06 | 000,001,449 | ---- | C] () -- C:\youporn.com.lnk
[2010/06/27 01:06:56 | 000,001,457 | ---- | C] () -- C:\pornotube.com.lnk
[2009/08/03 15:07:42 | 000,403,816 | ---- | C] () -- C:\WINNT\System32\OGACheckControl.dll
[2009/04/22 15:30:22 | 000,363,520 | ---- | C] () -- C:\WINNT\System32\psisdecd.dll
[2009/04/22 09:14:16 | 000,001,793 | ---- | C] () -- C:\WINNT\System32\fxsperf.ini
[2008/09/01 01:02:51 | 000,024,576 | ---- | C] () -- C:\WINNT\System32\FSRremoC.DLL
[2008/08/27 11:23:52 | 000,262,227 | ---- | C] () -- C:\WINNT\System32\nwshlxnt.dll
[2008/08/13 10:10:20 | 000,225,356 | ---- | C] () -- C:\WINNT\System32\lgnwnt32.dll
[2008/06/20 13:49:53 | 000,000,184 | ---- | C] () -- C:\WINNT\_delis43.ini
[2007/02/12 18:43:54 | 000,065,619 | ---- | C] () -- C:\WINNT\System32\setupw2k.dll
[2007/01/19 15:23:27 | 000,000,039 | ---- | C] () -- C:\WINNT\Pt.dll
[2006/11/27 11:55:52 | 000,000,180 | ---- | C] () -- C:\WINNT\dsxxxx.ini
[2006/11/26 17:41:56 | 000,065,792 | ---- | C] () -- C:\WINNT\System32\drivers\Dsc2par.sys
[2006/09/28 10:59:05 | 000,118,784 | ---- | C] () -- C:\WINNT\System32\Lfkodak.dll
[2006/09/28 10:59:04 | 000,338,944 | ---- | C] () -- C:\WINNT\System32\lffpx7.dll
[2006/09/28 10:59:04 | 000,145,408 | ---- | C] () -- C:\WINNT\System32\Bclw32.dll
[2006/09/26 10:26:00 | 000,025,600 | ---- | C] () -- C:\WINNT\System32\CBNDLL.DLL
[2006/09/26 10:26:00 | 000,015,408 | ---- | C] () -- C:\WINNT\System32\CB560WIN.DLL
[2006/09/26 10:26:00 | 000,011,296 | ---- | C] () -- C:\WINNT\System32\drivers\MARXDEV3.SYS
[2006/09/26 10:26:00 | 000,011,296 | ---- | C] () -- C:\WINNT\System32\drivers\MARXDEV2.SYS
[2006/09/26 10:26:00 | 000,011,296 | ---- | C] () -- C:\WINNT\System32\drivers\MARXDEV1.SYS
[2006/09/26 10:26:00 | 000,010,240 | ---- | C] () -- C:\WINNT\System32\CBNVDD.DLL
[2006/09/25 15:18:42 | 000,001,056 | ---- | C] () -- C:\WINNT\ODBC.INI
[2006/09/25 10:35:20 | 000,054,424 | ---- | C] () -- C:\WINNT\System32\dime3500.drv
[2006/09/21 13:36:53 | 000,000,044 | ---- | C] () -- C:\WINNT\hpmnwun.ini
[2006/09/21 13:32:02 | 000,000,000 | ---- | C] () -- C:\WINNT\HPMProp.INI
[2006/09/21 13:31:36 | 000,094,274 | ---- | C] () -- C:\WINNT\System32\HPBHEALR.DLL
[2006/09/21 12:42:26 | 000,003,399 | ---- | C] () -- C:\WINNT\System32\hptcpmon.ini
[2006/09/21 12:42:26 | 000,002,237 | ---- | C] () -- C:\WINNT\System32\AddPort.ini
[2006/09/21 12:42:26 | 000,000,183 | ---- | C] () -- C:\WINNT\hpbafd.ini
[2006/03/27 13:08:34 | 000,040,960 | ---- | C] () -- C:\WINNT\System32\nwslog32.dll
[2000/07/09 23:10:05 | 000,090,112 | ---- | C] () -- C:\WINNT\System32\AdmDll.dll
[2000/01/20 09:15:14 | 000,051,200 | ---- | C] () -- C:\WINNT\System32\lgncon32.dll
[1999/12/07 08:00:00 | 000,176,400 | ---- | C] () -- C:\WINNT\System32\qcut.dll
[1999/09/25 06:36:24 | 000,088,816 | ---- | C] () -- C:\WINNT\System32\drivers\lvcam.sys
[1999/09/25 06:36:22 | 000,017,424 | ---- | C] () -- C:\WINNT\System32\drivers\lvsound.sys
[1999/01/11 04:37:36 | 000,002,757 | ---- | C] () -- C:\WINNT\System32\rdrstats.ini
[1997/07/11 01:00:00 | 000,022,016 | ---- | C] () -- C:\WINNT\System32\ODBCSTF.DLL
[1997/07/11 00:00:00 | 000,022,016 | ---- | C] () -- C:\WINNT\System32\DOCOBJ.DLL
[1996/05/14 09:50:22 | 000,192,512 | ---- | C] () -- C:\WINNT\System32\prtwin32.dll
[1995/08/22 08:36:12 | 000,192,512 | ---- | C] () -- C:\WINNT\System32\nwpsrv32.dll

========== Custom Scans ==========


< %SYSTEMDRIVE%\*.exe >


< MD5 for: AGP440.SYS >
[2006/02/28 08:00:00 | 018,738,937 | ---- | M] () .cab file -- C:\WINNT\Driver Cache\i386\sp2.cab:AGP440.sys
[2009/04/22 15:25:35 | 023,852,652 | ---- | M] () .cab file -- C:\WINNT\Driver Cache\i386\sp3.cab:AGP440.sys
[2009/04/22 15:25:35 | 023,852,652 | ---- | M] () .cab file -- C:\WINNT\ServicePackFiles\i386\sp3.cab:AGP440.sys
[2008/04/13 14:36:38 | 000,042,368 | ---- | M] (Microsoft Corporation) MD5=08FD04AA961BDC77FB983F328334E3D7 -- C:\WINNT\ServicePackFiles\i386\agp440.sys
[2008/04/13 14:36:38 | 000,042,368 | ---- | M] (Microsoft Corporation) MD5=08FD04AA961BDC77FB983F328334E3D7 -- C:\WINNT\system32\drivers\agp440.sys
[2006/02/28 08:00:00 | 000,042,368 | ---- | M] (Microsoft Corporation) MD5=2C428FA0C3E3A01ED93C9B2A27D8D4BB -- C:\WINNT\$NtServicePackUninstall$\agp440.sys

< MD5 for: ATAPI.SYS >
[2006/02/28 08:00:00 | 018,738,937 | ---- | M] () .cab file -- C:\WINNT\Driver Cache\i386\sp2.cab:atapi.sys
[2009/04/22 15:25:35 | 023,852,652 | ---- | M] () .cab file -- C:\WINNT\Driver Cache\i386\sp3.cab:atapi.sys
[2009/04/22 15:25:35 | 023,852,652 | ---- | M] () .cab file -- C:\WINNT\ServicePackFiles\i386\sp3.cab:atapi.sys
[2008/04/13 14:40:30 | 000,096,512 | ---- | M] (Microsoft Corporation) MD5=9F3A2F5AA6875C72BF062C712CFA2674 -- C:\WINNT\ServicePackFiles\i386\atapi.sys
[2008/04/13 14:40:30 | 000,096,512 | ---- | M] (Microsoft Corporation) MD5=9F3A2F5AA6875C72BF062C712CFA2674 -- C:\WINNT\system32\drivers\atapi.sys
[2006/02/28 08:00:00 | 000,095,360 | ---- | M] (Microsoft Corporation) MD5=CDFE4411A69C224BD1D11B2DA92DAC51 -- C:\WINNT\$NtServicePackUninstall$\atapi.sys

< MD5 for: EVENTLOG.DLL >
[2003/06/19 12:05:04 | 000,047,888 | ---- | M] (Microsoft Corporation) MD5=5738D5804F61A1D30D86FA24DEE56E0C -- C:\WINNT\$NtUpdateRollupPackUninstall$\eventlog.dll
[2008/04/13 20:11:53 | 000,056,320 | ---- | M] (Microsoft Corporation) MD5=6D4FEB43EE538FC5428CC7F0565AA656 -- C:\WINNT\ServicePackFiles\i386\eventlog.dll
[2008/04/13 20:11:53 | 000,056,320 | ---- | M] (Microsoft Corporation) MD5=6D4FEB43EE538FC5428CC7F0565AA656 -- C:\WINNT\system32\eventlog.dll
[2006/02/28 08:00:00 | 000,055,808 | ---- | M] (Microsoft Corporation) MD5=82B24CB70E5944E6E34662205A2A5B78 -- C:\WINNT\$NtServicePackUninstall$\eventlog.dll

< MD5 for: NETLOGON.DLL >
[2003/06/19 12:05:04 | 000,371,984 | ---- | M] (Microsoft Corporation) MD5=11B91C26925F56F577089FF88AA0BEC0 -- C:\WINNT\$NtUpdateRollupPackUninstall$\netlogon.dll
[2008/04/13 20:12:01 | 000,407,040 | ---- | M] (Microsoft Corporation) MD5=1B7F071C51B77C272875C3A23E1E4550 -- C:\WINNT\ServicePackFiles\i386\netlogon.dll
[2008/04/13 20:12:01 | 000,407,040 | ---- | M] (Microsoft Corporation) MD5=1B7F071C51B77C272875C3A23E1E4550 -- C:\WINNT\system32\netlogon.dll
[2006/02/28 08:00:00 | 000,407,040 | ---- | M] (Microsoft Corporation) MD5=96353FCECBA774BB8DA74A1C6507015A -- C:\WINNT\$NtServicePackUninstall$\netlogon.dll

< MD5 for: SCECLI.DLL >
[2006/02/28 08:00:00 | 000,180,224 | ---- | M] (Microsoft Corporation) MD5=0F78E27F563F2AAF74B91A49E2ABF19A -- C:\WINNT\$NtServicePackUninstall$\scecli.dll
[2008/04/13 20:12:05 | 000,181,248 | ---- | M] (Microsoft Corporation) MD5=A86BB5E61BF3E39B62AB4C7E7085A084 -- C:\WINNT\ServicePackFiles\i386\scecli.dll
[2008/04/13 20:12:05 | 000,181,248 | ---- | M] (Microsoft Corporation) MD5=A86BB5E61BF3E39B62AB4C7E7085A084 -- C:\WINNT\system32\scecli.dll
[2003/06/19 12:05:04 | 000,114,448 | ---- | M] (Microsoft Corporation) MD5=FF11B32A906D75CD96957B66E318DAD0 -- C:\WINNT\$NtUpdateRollupPackUninstall$\scecli.dll

< %systemroot%\*. /mp /s >

< %systemroot%\system32\*.dll /lockedfiles >
[2009/03/08 04:31:44 | 000,348,160 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\WINNT\system32\dxtmsft.dll
[2009/03/08 04:31:38 | 000,216,064 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\WINNT\system32\dxtrans.dll
[2009/03/08 04:31:56 | 000,183,808 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\WINNT\system32\iepeers.dll

< %systemroot%\Tasks\*.job /lockedfiles >

< %systemroot%\system32\drivers\*.sys /lockedfiles >

< %systemroot%\System32\config\*.sav >
[2009/04/21 13:26:16 | 003,407,872 | ---- | M] () -- C:\WINNT\system32\config\default.sav
[2009/04/21 17:12:16 | 000,028,672 | ---- | M] () -- C:\WINNT\system32\config\security.sav
[2009/04/21 13:26:16 | 027,262,976 | ---- | M] () -- C:\WINNT\system32\config\software.sav
[2009/04/21 13:26:17 | 004,718,592 | ---- | M] () -- C:\WINNT\system32\config\system.sav

< %systemroot%\system32\drivers\*.sys /90 >
[2010/04/29 15:39:26 | 000,020,952 | ---- | M] (Malwarebytes Corporation) -- C:\WINNT\system32\drivers\mbam.sys
[2010/04/29 15:39:38 | 000,038,224 | ---- | M] (Malwarebytes Corporation) -- C:\WINNT\system32\drivers\mbamswissarmy.sys

========== Alternate Data Streams ==========

@Alternate Data Stream - 118 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:5C321E34
< End of report >







#5 myrti

myrti

    Sillyberry


  • Malware Study Hall Admin
  • 33,771 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:At home
  • Local time:06:52 AM

Posted 26 July 2010 - 09:08 AM

Hi,

Run OTL
  • Under the Custom Scans/Fixes box at the bottom, paste in the following
    CODE
    :otl
    O4 - HKU\.DEFAULT..\Run: [rcuaewrc] C:\Documents and Settings\NetworkService\Local Settings\Application Data\urvaygvjt\ficorohtssd.exe File not found
    O4 - HKU\S-1-5-18..\Run: [rcuaewrc] C:\Documents and Settings\NetworkService\Local Settings\Application Data\urvaygvjt\ficorohtssd.exe File not found
    O4 - HKLM..\Run: [rcuaewrc] C:\Documents and Settings\NetworkService\Local Settings\Application Data\urvaygvjt\ficorohtssd.exe File not found
    O36 - AppCertDlls: dosk1SVR - (C:\WINNT\system32\calcdosx.dll) - C:\WINNT\System32\calcdosx.dll File not found
    [2010/07/23 16:00:14 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NetworkService\Local Settings\Application Data\urvaygvjt
    :files
    C:\Windows\tasks\at*.job
    :commands
    [emptytemp]
  • Then click the Run Fix button at the top
  • Let the program run unhindered, when done it will say "Fix Complete press ok to open the log"
  • Please post that log in your next reply.

    Note: If a file or folder cannot be moved immediately you may be asked to reboot the machine to finish the move process.
    If you are asked to reboot the machine choose Yes. In this case, after the reboot, open Notepad (Start->All Programs->Accessories->Notepad), click File->Open, in the File Name box enter *.log and press the Enter key, navigate to the C:\_OTL\MovedFiles folder, and open the newest .log file present, and copy/paste the contents of that document back here in your next post.
================================Follow up scan=================================
  • Double click on OTL to run it. Make sure all other windows are closed and to let it run uninterrupted.
  • When the window appears, underneath Output at the top change it to Minimal Output.
  • Under the Standard Registry box change it to All.
  • Click the Run Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long.
    • When the scan completes, it will open one notepad window. OTL.Txt a This is saved in the same location as OTL.
    • Please copy (Edit->Select All, Edit->Copy) the contents of this file and post it with your next reply.

You have a remote admin process running on your PC, are you aware of this? Also one of the core files for windows update seems to be missing is this on purpose?

Please also run a scan with gmer:
Please download GMER from one of the following locations and save it to your desktop:
  • Main Mirror
    This version will download a randomly named file (Recommended)
  • Zipped Mirror
    This version will download a zip file you will need to extract first. If you use this mirror, please extract the zip file to your desktop.
  • Disconnect from the Internet and close all running programs.
  • Temporarily disable any real-time active protection so your security programs will not conflict with gmer's driver.
  • Double-click on the randomly named GMER file (i.e. n7gmo46c.exe) and allow the gmer.sys driver to load if asked.
  • Note: If you downloaded the zipped version, extract the file to its own folder such as C:\gmer and then double-click on gmer.exe.


  • GMER will open to the Rootkit/Malware tab and perform an automatic quick scan when first run. (do not use the computer while the scan is in progress)
  • If you receive a WARNING!!! about rootkit activity and are asked to fully scan your system...click NO.
  • Now click the Scan button. If you see a rootkit warning window, click OK.
  • When the scan is finished, click the Save... button to save the scan results to your Desktop. Save the file as gmer.log.
  • Click the Copy button and paste the results into your next reply.
  • Exit GMER and re-enable all active protection when done.
-- If you encounter any problems, try running GMER in Safe Mode.

regards myrti

is that a bird?  a plane? nooo it's the flying blueberry!

If I have been helping you and haven't replied in 2 days, feel free to shoot me a PM! Please don't send help request via PM, unless I am already helping you. Use the forums!

 

Follow BleepingComputer on: Facebook | Twitter | Google+


#6 jasonisme1977

jasonisme1977
  • Topic Starter

  • Members
  • 8 posts
  • OFFLINE
  •  
  • Local time:12:52 AM

Posted 26 July 2010 - 10:42 AM

Here are the results. Yes i do have remote admin installed , this is how i connect remotely. And you mentioned something about missing files for windows updates, i have no idea what happened there. I think it was virus related


All processes killed
========== OTL ==========
Registry value HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run\\rcuaewrc deleted successfully.
Registry value HKEY_USERS\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Run\\rcuaewrc not found.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\rcuaewrc deleted successfully.
Registry value HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session Manager\AppCertDlls\\dosk1SVR:C:\WINNT\system32\calcdosx.dll deleted successfully.
C:\Documents and Settings\NetworkService\Local Settings\Application Data\urvaygvjt folder moved successfully.
========== FILES ==========
File\Folder C:\Windows\tasks\at*.job not found.
========== COMMANDS ==========

[EMPTYTEMP]

User: Administrator
->Temp folder emptied: 36163 bytes
->Temporary Internet Files folder emptied: 946055 bytes
->Flash cache emptied: 1091 bytes

User: albrec
->Temp folder emptied: 2715413 bytes
->Temporary Internet Files folder emptied: 15129484 bytes
->Flash cache emptied: 1992 bytes

User: albrecep
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 1336 bytes

User: All Users

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 33170 bytes

User: idsystem
->Temp folder emptied: 181234 bytes
->Temporary Internet Files folder emptied: 507457 bytes
->Flash cache emptied: 434 bytes

User: LocalService
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 11915406 bytes
->Flash cache emptied: 11681 bytes

User: NetworkService
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 418933167 bytes
->Flash cache emptied: 65711 bytes

User: test
->Temporary Internet Files folder emptied: 23541336 bytes

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 2235584 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32\dllcache .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 1989515 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temp folder emptied: 10936686 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temporary Internet Files folder emptied: 33170 bytes
RecycleBin emptied: 0 bytes

Total Files Cleaned = 467.00 mb


OTL by OldTimer - Version 3.2.9.1 log created on 07262010_102201

Files\Folders moved on Reboot...

Registry entries deleted on Reboot...



Here is the second scan with minimal output


OTL logfile created on: 7/26/2010 10:43:47 - Run 2
OTL by OldTimer - Version 3.2.9.1 Folder = C:\!!SB2010
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

502.00 Mb Total Physical Memory | 179.00 Mb Available Physical Memory | 36.00% Memory free
1.00 Gb Paging File | 1.00 Gb Available in Paging File | 73.00% Paging File free
Paging file location(s): c:\pagefile.sys 756 1512 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINNT | %ProgramFiles% = C:\Program Files
Drive C: | 74.53 Gb Total Space | 48.51 Gb Free Space | 65.09% Space Free | Partition Type: NTFS
D: Drive not present or media not loaded
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: A33500-505422
Current User Name: Administrator
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: Current user
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
Output = Minimal

========== Processes (SafeList) ==========

PRC - C:\!!SB2010\OTL.exe (OldTimer Tools)
PRC - C:\Program Files\McAfee\VirusScan Enterprise\Mcshield.exe (McAfee, Inc.)
PRC - C:\Program Files\McAfee\VirusScan Enterprise\shstat.exe (McAfee, Inc.)
PRC - C:\WINNT\system32\mfevtps.exe (McAfee, Inc.)
PRC - C:\Program Files\McAfee\VirusScan Enterprise\VsTskMgr.exe (McAfee, Inc.)
PRC - C:\Program Files\McAfee\VirusScan Enterprise\mfeann.exe (McAfee, Inc.)
PRC - C:\Program Files\McAfee\VirusScan Enterprise\EngineServer.exe (McAfee, Inc.)
PRC - C:\Program Files\McAfee\Common Framework\naPrdMgr.exe (McAfee, Inc.)
PRC - C:\Program Files\McAfee\Common Framework\UdaterUI.exe (McAfee, Inc.)
PRC - C:\Program Files\McAfee\Common Framework\FrameworkService.exe (McAfee, Inc.)
PRC - C:\Program Files\McAfee\Common Framework\McTray.exe (McAfee, Inc.)
PRC - C:\Program Files\Windows SteadyState\Bubble.exe (Microsoft Corporation)
PRC - C:\Program Files\Windows SteadyState\SCTSvc.exe (Microsoft Corporation)
PRC - C:\WINNT\explorer.exe (Microsoft Corporation)
PRC - C:\Program Files\B Gone\B Gone.exe (Ur I.T. Mate Group)
PRC - C:\Program Files\PhoTags Express\Photags AutoDetect.exe ()
PRC - C:\WINNT\system32\ico.exe (Primax Electronics Ltd.)
PRC - C:\WINNT\system32\PELMICED.EXE (Primax Electronics Ltd.)
PRC - C:\WINNT\system32\FSRremoS.EXE ()
PRC - C:\WINNT\system32\nwtray.exe (Novell, Inc.)
PRC - C:\WINNT\system32\r_server.exe ()
PRC - C:\WINNT\system32\userdump.exe (Microsoft)


========== Modules (SafeList) ==========

MOD - C:\!!SB2010\OTL.exe (OldTimer Tools)
MOD - C:\WINNT\system32\msscript.ocx (Microsoft Corporation)


========== Win32 Services (SafeList) ==========

SRV - (wuauserv) -- C:\WINDOWS\system32\wuauserv.dll File not found
SRV - (PEVSystemStart) -- C:\ComboFix\PEV.cfx File not found
SRV - (MaxBackServiceInt) -- C:\Program Files\Maxtor\Maxtor Backup\MaxBackServiceInt.exe File not found
SRV - (HidServ) -- C:\WINNT\System32\hidserv.dll File not found
SRV - (McShield) -- C:\Program Files\McAfee\VirusScan Enterprise\Mcshield.exe (McAfee, Inc.)
SRV - (mfevtp) -- C:\WINNT\system32\mfevtps.exe (McAfee, Inc.)
SRV - (McTaskManager) -- C:\Program Files\McAfee\VirusScan Enterprise\VsTskMgr.exe (McAfee, Inc.)
SRV - (McAfeeEngineService) -- C:\Program Files\McAfee\VirusScan Enterprise\EngineServer.exe (McAfee, Inc.)
SRV - (McAfeeFramework) -- C:\Program Files\McAfee\Common Framework\FrameworkService.exe (McAfee, Inc.)
SRV - (cusrvc) -- C:\WINNT\system32\cusrvc.exe (Novell, Inc.)
SRV - (Windows SteadyState) -- C:\Program Files\Windows SteadyState\SCTSvc.exe (Microsoft Corporation)
SRV - (UtilMan) -- C:\WINNT\system32\utilman.exe (Microsoft Corporation)
SRV - (r_server) -- C:\WINNT\System32\r_server.exe ()
SRV - (udmpsvc) -- C:\WINNT\system32\userdump.exe (Microsoft)


========== Driver Services (SafeList) ==========

DRV - (SABKUTIL) -- C:\Program Files\SUPERAntiSpyware\SABKUTIL.sys File not found
DRV - (Parallel) -- C:\WINNT\System32\DRIVERS\parallel.sys File not found
DRV - (Lbd) -- C:\WINNT\System32\DRIVERS\Lbd.sys File not found
DRV - (SASKUTIL) -- C:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS (SUPERAdBlocker.com and SUPERAntiSpyware.com)
DRV - (mfehidk) -- C:\WINNT\system32\drivers\mfehidk.sys (McAfee, Inc.)
DRV - (mfeavfk) -- C:\WINNT\system32\drivers\mfeavfk.sys (McAfee, Inc.)
DRV - (mfeapfk) -- C:\WINNT\system32\drivers\mfeapfk.sys (McAfee, Inc.)
DRV - (mferkdet) -- C:\WINNT\system32\drivers\mferkdet.sys (McAfee, Inc.)
DRV - (mfetdik) -- C:\WINNT\system32\drivers\mfetdik.sys (McAfee, Inc.)
DRV - (mfebopk) -- C:\WINNT\system32\drivers\mfebopk.sys (McAfee, Inc.)
DRV - (SASDIFSV) -- C:\Program Files\SUPERAntiSpyware\sasdifsv.sys (SUPERAdBlocker.com and SUPERAntiSpyware.com)
DRV - (NetwareWorkstation) -- C:\WINNT\system32\NetWare\nwfs.sys (Novell, Inc.)
DRV - (SRVLOC) -- C:\WINNT\system32\NetWare\srvloc.sys (Novell, Inc.)
DRV - (NWSIPX32) -- C:\WINNT\system32\NetWare\nwsipx32.sys (Novell, Inc.)
DRV - (NWFILTER) -- C:\WINNT\system32\NetWare\nwfilter.sys (Novell, Inc.)
DRV - (RESMGR) -- C:\WINNT\system32\NetWare\resmgr.sys (Novell, Inc.)
DRV - (NWDNS) -- C:\WINNT\system32\NetWare\nwdns.sys (Novell, Inc.)
DRV - (Mup) -- C:\WINNT\System32\drivers\MUP.NEW (Microsoft Corporation)
DRV - (NwlnkIpx) -- C:\WINNT\system32\drivers\nwlnkipx.sys (Microsoft Corporation)
DRV - (MPE) -- C:\WINNT\system32\drivers\mpe.sys (Microsoft Corporation)
DRV - (NWSLP) -- C:\WINNT\system32\NetWare\nwslp.sys (Novell, Inc.)
DRV - (NICM) -- C:\WINNT\system32\drivers\nicm.sys (Novell, Inc.)
DRV - (Cdr4_2K) -- C:\WINNT\System32\drivers\cdr4_2K.sys (Roxio)
DRV - (Cdralw2k) -- C:\WINNT\System32\drivers\cdralw2k.sys (Roxio)
DRV - (b57w2k) -- C:\WINNT\system32\drivers\b57xp32.sys (Broadcom Corporation)
DRV - (NwlnkNb) -- C:\WINNT\system32\drivers\nwlnknb.sys (Microsoft Corporation)
DRV - (NwlnkSpx) -- C:\WINNT\system32\drivers\nwlnkspx.sys (Microsoft Corporation)
DRV - (NWDHCP) -- C:\WINNT\system32\NetWare\nwdhcp.sys (Novell, Inc.)
DRV - (NWHOST) -- C:\WINNT\system32\NetWare\nwhost.sys (Novell, Inc.)
DRV - (NWSNS) Novell Simple Naming Services (NWSNS) -- C:\WINNT\system32\NetWare\nwsns.sys (Novell, Inc.)
DRV - (TPM) -- C:\WINNT\system32\drivers\tpm.sys (Winbond Electronics Corp.)
DRV - (MXOPSWD) -- C:\WINNT\system32\drivers\mxopswd.sys (Maxtor Corp.)
DRV - (usbhub20) -- C:\WINNT\system32\drivers\usbhub20.sys (Microsoft Corporation)
DRV - (NWSAP) -- C:\WINNT\system32\NetWare\nwsap.sys ()
DRV - (pelusblf) -- C:\WINNT\system32\drivers\pelusblf.sys (Primax Electronics Ltd.)
DRV - (pelmouse) -- C:\WINNT\system32\drivers\PELMOUSE.SYS (Primax Electronics Ltd.)
DRV - (N5LPT.sys) -- C:\WINNT\system32\drivers\N5LPT.sys (Number Five Software)
DRV - (MarxDev3) -- C:\WINNT\System32\drivers\MARXDEV3.SYS ()
DRV - (MarxDev2) -- C:\WINNT\System32\drivers\MARXDEV2.SYS ()
DRV - (MarxDev1) -- C:\WINNT\System32\drivers\MARXDEV1.SYS ()
DRV - (udmpdrvr) -- C:\WINNT\system32\drivers\userdump.sys (Microsoft)
DRV - (DSC2PAR) -- C:\WINNT\System32\drivers\Dsc2par.sys ()


========== Standard Registry (All) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = [binary data]
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Extensions Off Page = about:NoAdd-ons
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\WINNT\system32\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Security Risk Page = about:SecurityRisk
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,CustomizeSearch = http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchcust.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Search_URL = http://www.google.com/ie
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchasst.htm

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\WINNT\system32\blank.htm
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.google.com
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchMigratedDefaultName = Google
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchMigratedDefaultURL = http://www.google.com/search?q={searchTerm...tf8&oe=utf8
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.fbi.gov/cyberinvest/cyberhome.htm
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Restore = https://www.hvcc.edu/
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.google.com/ie
IE - HKCU\..\URLSearchHook: {CFBFAE00-17A6-11D0-99CB-00C04FD64497} - C:\WINNT\system32\ieframe.dll (Microsoft Corporation)
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

FF - HKLM\software\mozilla\Firefox\Extensions\\{20a82645-c095-46ed-80e3-08825760534b}: c:\WINNT\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\ [2009/09/02 03:00:42 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Thunderbird 1.5.0.7\Extensions\\Components: C:\Program Files\Mozilla Thunderbird\components\ [2008/08/28 11:50:31 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Thunderbird 1.5.0.7\Extensions\\Plugins: C:\Program Files\Mozilla Thunderbird\plugins\ [2009/05/02 03:02:09 | 000,000,000 | ---D | M]

[2010/03/25 20:07:00 | 000,023,864 | ---- | M] (McAfee, Inc.) -- C:\Program Files\Mozilla Firefox\components\Scriptff.dll
[2004/11/12 23:36:20 | 000,005,120 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files\Mozilla Firefox\plugins\NPAdbESD.dll
[2006/08/07 10:32:12 | 001,376,560 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Mozilla Firefox\plugins\npLegitCheckPlugin.dll
[2007/03/22 19:23:30 | 000,017,248 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Mozilla Firefox\plugins\NPOFFICE.DLL
[2006/05/16 21:40:18 | 000,077,824 | ---- | M] (Adobe Systems Inc.) -- C:\Program Files\Mozilla Firefox\plugins\nppdf32.dll
[2006/11/09 16:20:40 | 002,111,096 | ---- | M] () -- C:\Program Files\Mozilla Firefox\plugins\NPSWF32.dll

O1 HOSTS File: ([2010/07/21 08:21:07 | 000,414,692 | R--- | M]) - C:\WINNT\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: 127.0.0.1 www.007guard.com
O1 - Hosts: 127.0.0.1 007guard.com
O1 - Hosts: 127.0.0.1 008i.com
O1 - Hosts: 127.0.0.1 www.008k.com
O1 - Hosts: 127.0.0.1 008k.com
O1 - Hosts: 127.0.0.1 www.00hq.com
O1 - Hosts: 127.0.0.1 00hq.com
O1 - Hosts: 127.0.0.1 010402.com
O1 - Hosts: 127.0.0.1 www.032439.com
O1 - Hosts: 127.0.0.1 032439.com
O1 - Hosts: 127.0.0.1 www.0scan.com
O1 - Hosts: 127.0.0.1 0scan.com
O1 - Hosts: 127.0.0.1 1000gratisproben.com
O1 - Hosts: 127.0.0.1 www.1000gratisproben.com
O1 - Hosts: 127.0.0.1 1001namen.com
O1 - Hosts: 127.0.0.1 www.1001namen.com
O1 - Hosts: 127.0.0.1 100888290cs.com
O1 - Hosts: 127.0.0.1 www.100888290cs.com
O1 - Hosts: 127.0.0.1 www.100sexlinks.com
O1 - Hosts: 127.0.0.1 100sexlinks.com
O1 - Hosts: 127.0.0.1 10sek.com
O1 - Hosts: 127.0.0.1 www.10sek.com
O1 - Hosts: 127.0.0.1 www.1-2005-search.com
O1 - Hosts: 127.0.0.1 1-2005-search.com
O1 - Hosts: 14321 more lines...
O2 - BHO: (Adobe PDF Reader Link Helper) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
O2 - BHO: (Spybot-S&D IE Protection) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O2 - BHO: (scriptproxy) - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - C:\Program Files\McAfee\VirusScan Enterprise\scriptsn.dll (McAfee, Inc.)
O3 - HKCU\..\Toolbar\ShellBrowser: (&Address) - {01E04581-4EEE-11D0-BFE9-00AA005B4383} - C:\WINNT\system32\browseui.dll (Microsoft Corporation)
O3 - HKCU\..\Toolbar\ShellBrowser: (&Links) - {0E5CBF21-D15F-11D0-8301-00AA005B4383} - C:\WINNT\system32\shell32.dll (Microsoft Corporation)
O3 - HKCU\..\Toolbar\WebBrowser: (&Address) - {01E04581-4EEE-11D0-BFE9-00AA005B4383} - C:\WINNT\system32\browseui.dll (Microsoft Corporation)
O3 - HKCU\..\Toolbar\WebBrowser: (&Links) - {0E5CBF21-D15F-11D0-8301-00AA005B4383} - C:\WINNT\system32\shell32.dll (Microsoft Corporation)
O4 - HKLM..\Run: [B Gone] C:\Program Files\B Gone\B Gone.exe (Ur I.T. Mate Group)
O4 - HKLM..\Run: [Bubble] C:\Program Files\Windows SteadyState\Bubble.exe (Microsoft Corporation)
O4 - HKLM..\Run: [igfxhkcmd] C:\WINNT\system32\hkcmd.exe (Intel Corporation)
O4 - HKLM..\Run: [igfxpers] C:\WINNT\system32\igfxpers.exe (Intel Corporation)
O4 - HKLM..\Run: [igfxtray] C:\WINNT\system32\igfxtray.exe (Intel Corporation)
O4 - HKLM..\Run: [Logoff] C:\Program Files\Windows SteadyState\SCTUINotify.exe (Microsoft Corporation)
O4 - HKLM..\Run: [McAfeeUpdaterUI] C:\Program Files\McAfee\Common Framework\udaterui.exe (McAfee, Inc.)
O4 - HKLM..\Run: [Mouse Suite 98 Daemon] C:\WINNT\System32\ico.exe (Primax Electronics Ltd.)
O4 - HKLM..\Run: [NWTRAY] C:\WINNT\System32\nwtray.exe (Novell, Inc.)
O4 - HKLM..\Run: [ShStatEXE] C:\Program Files\McAfee\VirusScan Enterprise\SHSTAT.EXE (McAfee, Inc.)
O4 - HKLM..\Run: [Tweak UI] C:\WINNT\System32\TWEAKUI.CPL (Microsoft Corporation)
O4 - HKCU..\Run: [ctfmon.exe] C:\WINNT\system32\ctfmon.exe (Microsoft Corporation)
O4 - HKCU..\Run: [MSMSGS] C:\Program Files\Messenger\msmsgs.exe File not found
O4 - HKCU..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe File not found
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Photags AutoDetect.lnk = C:\Program Files\PhoTags Express\Photags AutoDetect.exe ()
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoControlPanel = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoFolderOptions = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: dontdisplaylastusername = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticecaption =
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticetext =
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: shutdownwithoutlogon = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: undockwithoutlogon = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: HideFastUserSwitching = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DisableTaskMgr = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: CompatibleRUPSecurity = 1
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: disableregistrytools = 0
O8 - Extra context menu item: E&xport to Microsoft Excel - C:\Program Files\Microsoft Office\Office12\EXCEL.EXE (Microsoft Corporation)
O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\Program Files\Microsoft Office\OFFICE11\REFIEBAR.DLL (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O9 - Extra 'Tools' menuitem : @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINNT\network diagnostic\xpnetdiag.exe (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000001 [] - C:\WINNT\system32\mswsock.dll (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000002 [] - C:\WINNT\system32\winrnr.dll (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000003 [] - C:\WINNT\system32\mswsock.dll (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\WINNT\system32\NetWare\nwws2nds.dll (Novell, Inc.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000005 [] - C:\WINNT\system32\NetWare\nwws2sap.dll (Novell, Inc.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000006 [] - C:\WINNT\system32\NetWare\nwws2slp.dll (Novell, Inc.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\WINNT\system32\nwprovau.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - C:\WINNT\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000002 - C:\WINNT\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000003 - C:\WINNT\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000004 - C:\WINNT\system32\rsvpsp.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000005 - C:\WINNT\system32\rsvpsp.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000006 - C:\WINNT\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000007 - C:\WINNT\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000008 - C:\WINNT\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000009 - C:\WINNT\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000010 - C:\WINNT\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000011 - C:\WINNT\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000012 - C:\WINNT\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000013 - C:\WINNT\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000014 - C:\WINNT\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000015 - C:\WINNT\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000016 - C:\WINNT\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000017 - C:\WINNT\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000018 - C:\WINNT\system32\mswsock.dll (Microsoft Corporation)
O15 - HKCU\..Trusted Domains: internet ([]about in Trusted sites)
O15 - HKCU\..Trusted Domains: mcafee.com ([]http in Trusted sites)
O15 - HKCU\..Trusted Domains: mcafee.com ([]https in Trusted sites)
O16 - DPF: {05CA9FB0-3E3E-4B36-BF41-0E3A5CAA8CD8} http://go.microsoft.com/fwlink/?linkid=58813 (Office Genuine Advantage Validation Tool)
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} http://update.microsoft.com/windowsupdate/...b?1158261108468 (WUWebControl Class)
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} http://update.microsoft.com/microsoftupdat...b?1158261168343 (MUWebControl Class)
O16 - DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} http://download.eset.com/special/eos/OnlineScanner.cab (OnlineScanner Control)
O16 - DPF: {C7DB51B4-BCF7-4923-8874-7F1A0DC92277} http://office.microsoft.com/officeupdate/content/opuc4.cab (Office Update Installation Engine)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload.macromedia.com/pub/shock...ash/swflash.cab (Shockwave Flash Object)
O16 - DPF: DirectAnimation Java Classes file://C:\WINNT\Java\classes\dajava.cab (Reg Error: Key error.)
O16 - DPF: Microsoft XML Parser for Java Reg Error: Value error. (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: Domain = hvcc.edu
O18 - Protocol\Handler\about {3050F406-98B5-11CF-BB82-00AA00BDCE0B} - C:\WINNT\system32\mshtml.dll (Microsoft Corporation)
O18 - Protocol\Handler\cdl {3dd53d40-7b8b-11D0-b013-00aa0059ce02} - C:\WINNT\system32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\dvd {12D51199-0DB5-46FE-A120-47A3D7D937CC} - C:\WINNT\system32\msvidctl.dll (Microsoft Corporation)
O18 - Protocol\Handler\file {79eac9e7-baf9-11ce-8c82-00aa004ba90b} - C:\WINNT\system32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\ftp {79eac9e3-baf9-11ce-8c82-00aa004ba90b} - C:\WINNT\system32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\gopher {79eac9e4-baf9-11ce-8c82-00aa004ba90b} - C:\WINNT\system32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\http {79eac9e2-baf9-11ce-8c82-00aa004ba90b} - C:\WINNT\system32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\http\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\http\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\https {79eac9e5-baf9-11ce-8c82-00aa004ba90b} - C:\WINNT\system32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\https\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\https\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\ipp - No CLSID value found
O18 - Protocol\Handler\ipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\its {9D148291-B9C8-11D0-A4CC-0000F80149F6} - C:\WINNT\system32\itss.dll (Microsoft Corporation)
O18 - Protocol\Handler\javascript {3050F3B2-98B5-11CF-BB82-00AA00BDCE0B} - C:\WINNT\system32\mshtml.dll (Microsoft Corporation)
O18 - Protocol\Handler\local {79eac9e7-baf9-11ce-8c82-00aa004ba90b} - C:\WINNT\system32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\mailto {3050f3DA-98B5-11CF-BB82-00AA00BDCE0B} - C:\WINNT\system32\mshtml.dll (Microsoft Corporation)
O18 - Protocol\Handler\mhtml {05300401-BCBC-11d0-85E3-00C04FD85AB4} - C:\WINNT\system32\inetcomm.dll (Microsoft Corporation)
O18 - Protocol\Handler\mk {79eac9e6-baf9-11ce-8c82-00aa004ba90b} - C:\WINNT\system32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp - No CLSID value found
O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Program Files\Common Files\Microsoft Shared\Help\hxds.dll (Microsoft Corporation)
O18 - Protocol\Handler\ms-its {9D148291-B9C8-11D0-A4CC-0000F80149F6} - C:\WINNT\system32\itss.dll (Microsoft Corporation)
O18 - Protocol\Handler\mso-offdap {3D9F03FA-7A94-11D3-BE81-0050048385D1} - C:\Program Files\Common Files\Microsoft Shared\Web Components\10\OWC10.DLL (Microsoft Corporation)
O18 - Protocol\Handler\mso-offdap11 {32505114-5902-49B2-880A-1F7738E5A384} - C:\Program Files\Common Files\Microsoft Shared\Web Components\11\OWC11.DLL (Microsoft Corporation)
O18 - Protocol\Handler\res {3050F3BC-98B5-11CF-BB82-00AA00BDCE0B} - C:\WINNT\system32\mshtml.dll (Microsoft Corporation)
O18 - Protocol\Handler\sysimage {76E67A63-06E9-11D2-A840-006008059382} - C:\WINNT\system32\mshtml.dll (Microsoft Corporation)
O18 - Protocol\Handler\tv {CBD30858-AF45-11D2-B6D6-00C04FBBDE6E} - C:\WINNT\system32\msvidctl.dll (Microsoft Corporation)
O18 - Protocol\Handler\vbscript {3050F3B2-98B5-11CF-BB82-00AA00BDCE0B} - C:\WINNT\system32\mshtml.dll (Microsoft Corporation)
O18 - Protocol\Handler\wia {13F3EA8B-91D7-4F0A-AD76-D2853AC8BECE} - C:\WINNT\system32\wiascr.dll (Microsoft Corporation)
O18 - Protocol\Filter\application/octet-stream {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - C:\WINNT\System32\mscoree.dll (Microsoft Corporation)
O18 - Protocol\Filter\application/x-complus {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - C:\WINNT\System32\mscoree.dll (Microsoft Corporation)
O18 - Protocol\Filter\application/x-msdownload {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - C:\WINNT\System32\mscoree.dll (Microsoft Corporation)
O18 - Protocol\Filter\Class Install Handler {32B533BB-EDAE-11d0-BD5A-00AA00B92AF1} - C:\WINNT\system32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Filter\deflate {8f6b0360-b80d-11d0-a9b3-006097942311} - C:\WINNT\system32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Filter\gzip {8f6b0360-b80d-11d0-a9b3-006097942311} - C:\WINNT\system32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Filter\lzdhtml {8f6b0360-b80d-11d0-a9b3-006097942311} - C:\WINNT\system32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Filter\text/webviewhtml {733AC4CB-F1A4-11d0-B951-00A0C90312E1} - C:\WINNT\system32\shell32.dll (Microsoft Corporation)
O18 - Protocol\Filter\text/xml {807553E5-5146-11D5-A672-00B0D022E945} - C:\Program Files\Common Files\Microsoft Shared\OFFICE11\MSOXMLMF.DLL (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINNT\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\WINNT\system32\userinit.exe) - C:\WINNT\system32\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: GinaDLL - (NWGINA.DLL) - C:\WINNT\System32\nwgina.dll (Novell, Inc.)
O20 - HKLM Winlogon: UIHost - (logonui.exe) - C:\WINNT\System32\logonui.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (rundll32 shell32) - C:\WINNT\System32\shell32.dll (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (Control_RunDLL "sysdm.cpl") - C:\WINNT\System32\sysdm.cpl (Microsoft Corporation)
O20 - Winlogon\Notify\!SASWinLogon: DllName - C:\Program Files\SUPERAntiSpyware\SASWINLO.DLL - C:\Program Files\SUPERAntiSpyware\SASWINLO.DLL (SUPERAntiSpyware.com)
O20 - Winlogon\Notify\crypt32chain: DllName - crypt32.dll - C:\WINNT\System32\crypt32.dll (Microsoft Corporation)
O20 - Winlogon\Notify\cryptnet: DllName - cryptnet.dll - C:\WINNT\System32\cryptnet.dll (Microsoft Corporation)
O20 - Winlogon\Notify\cscdll: DllName - cscdll.dll - C:\WINNT\System32\cscdll.dll (Microsoft Corporation)
O20 - Winlogon\Notify\dimsntfy: DllName - %SystemRoot%\System32\dimsntfy.dll - C:\WINNT\system32\dimsntfy.dll (Microsoft Corporation)
O20 - Winlogon\Notify\igfxcui: DllName - igfxdev.dll - C:\WINNT\System32\igfxdev.dll (Intel Corporation)
O20 - Winlogon\Notify\ScCertProp: DllName - wlnotify.dll - C:\WINNT\System32\wlnotify.dll (Microsoft Corporation)
O20 - Winlogon\Notify\Schedule: DllName - wlnotify.dll - C:\WINNT\System32\wlnotify.dll (Microsoft Corporation)
O20 - Winlogon\Notify\sclgntfy: DllName - sclgntfy.dll - C:\WINNT\System32\sclgntfy.dll (Microsoft Corporation)
O20 - Winlogon\Notify\SensLogn: DllName - WlNotify.dll - C:\WINNT\System32\wlnotify.dll (Microsoft Corporation)
O20 - Winlogon\Notify\termsrv: DllName - wlnotify.dll - C:\WINNT\System32\wlnotify.dll (Microsoft Corporation)
O20 - Winlogon\Notify\WgaLogon: DllName - WgaLogon.dll - C:\WINNT\System32\WgaLogon.dll (Microsoft Corporation)
O20 - Winlogon\Notify\wlballoon: DllName - wlnotify.dll - C:\WINNT\System32\wlnotify.dll (Microsoft Corporation)
O20 - Winlogon\Notify\wzcnotif: DllName - wzcdlg.dll - C:\WINNT\System32\wzcdlg.dll (Microsoft Corporation)
O21 - SSODL: CDBurn - {fbeb8a05-beee-4442-804e-409d6c4515e9} - C:\WINNT\system32\shell32.dll (Microsoft Corporation)
O21 - SSODL: PostBootReminder - {7849596a-48ea-486e-8937-a2a3009f31a9} - C:\WINNT\system32\shell32.dll (Microsoft Corporation)
O21 - SSODL: SysTray - {35CEC8A3-2BE6-11D2-8773-92E220524153} - C:\WINNT\system32\stobject.dll (Microsoft Corporation)
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - C:\WINNT\system32\webcheck.dll (Microsoft Corporation)
O22 - SharedTaskScheduler: {438755C2-A8BA-11D1-B96B-00A0C90312E1} - Browseui preloader - C:\WINNT\system32\browseui.dll (Microsoft Corporation)
O22 - SharedTaskScheduler: {8C7461EF-2B13-11d2-BE35-3078302C2030} - Component Categories cache daemon - C:\WINNT\system32\browseui.dll (Microsoft Corporation)
O24 - Desktop Components:0 (My Current Home Page) - About:Home
O24 - Desktop BackupWallPaper: C:\!!!SpyBots-Staff\Logo's\800 x 600 IBM Americas Map.bmp
O28 - HKLM ShellExecuteHooks: {5AE067D3-9AFB-48E0-853A-EBB7F4A000DA} - C:\Program Files\SUPERAntiSpyware\SASSEH.DLL (SuperAdBlocker.com)
O28 - HKLM ShellExecuteHooks: {AEB6717E-7E19-11d0-97EE-00C04FD91972} - C:\WINNT\System32\shell32.dll (Microsoft Corporation)
O29 - HKLM SecurityProviders - (msapsspc.dll) - C:\WINNT\System32\msapsspc.dll (Microsoft Corporation)
O29 - HKLM SecurityProviders - (schannel.dll) - C:\WINNT\System32\schannel.dll (Microsoft Corporation)
O29 - HKLM SecurityProviders - (digest.dll) - C:\WINNT\System32\digest.dll (Microsoft Corporation)
O29 - HKLM SecurityProviders - (msnsspc.dll) - C:\WINNT\System32\msnsspc.dll (Microsoft Corporation)
O30 - LSA: Authentication Packages - (msv1_0) - C:\WINNT\System32\msv1_0.dll (Microsoft Corporation)
O30 - LSA: Authentication Packages - (nwv1_0) - C:\WINNT\System32\nwv1_0.dll (Novell, Inc.)
O30 - LSA: Security Packages - (kerberos) - C:\WINNT\System32\kerberos.dll (Microsoft Corporation)
O30 - LSA: Security Packages - (msv1_0) - C:\WINNT\System32\msv1_0.dll (Microsoft Corporation)
O30 - LSA: Security Packages - (schannel) - C:\WINNT\System32\schannel.dll (Microsoft Corporation)
O30 - LSA: Security Packages - (wdigest) - C:\WINNT\System32\wdigest.dll (Microsoft Corporation)
O31 - SafeBoot: AlternateShell - cmd.exe
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2006/09/13 16:26:54 | 000,000,000 | -H-- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O33 - MountPoints2\E\Shell - "" = AutoRun
O33 - MountPoints2\E\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\E\Shell\AutoRun\command - "" = E:\LaunchU3.exe -- File not found
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

========== Files/Folders - Created Within 30 Days ==========

[2010/07/26 10:22:01 | 000,000,000 | ---D | C] -- C:\_OTL
[2010/07/26 10:17:58 | 000,000,000 | -HSD | C] -- C:\Documents and Settings\Administrator\PrivacIE
[2010/07/26 09:58:20 | 000,000,000 | --SD | C] -- C:\ComboFix
[2010/07/26 09:49:37 | 000,000,000 | RH-D | C] -- C:\Documents and Settings\Administrator\Recent
[2010/07/21 15:14:00 | 000,000,000 | -HSD | C] -- C:\Documents and Settings\Administrator\IECompatCache
[2010/07/21 15:11:13 | 000,000,000 | -HSD | C] -- C:\Documents and Settings\Administrator\IETldCache
[2010/07/21 14:49:12 | 000,000,000 | -H-D | C] -- C:\WINNT\ie8
[2010/07/21 10:08:12 | 000,212,480 | ---- | C] (SteelWerX) -- C:\WINNT\SWXCACLS.exe
[2010/07/21 10:08:12 | 000,161,792 | ---- | C] (SteelWerX) -- C:\WINNT\SWREG.exe
[2010/07/21 10:08:12 | 000,136,704 | ---- | C] (SteelWerX) -- C:\WINNT\SWSC.exe
[2010/07/21 10:08:12 | 000,031,232 | ---- | C] (NirSoft) -- C:\WINNT\NIRCMD.exe
[2010/07/21 10:07:55 | 000,000,000 | ---D | C] -- C:\WINNT\ERDNT
[2010/07/21 10:06:27 | 000,000,000 | ---D | C] -- C:\Qoobox
[2010/07/20 15:18:37 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Desktop\backups
[2010/07/19 15:04:25 | 000,000,000 | ---D | C] -- C:\Program Files\FiveStarInteractive
[2010/07/19 15:01:52 | 000,000,000 | ---D | C] -- C:\Program Files\ESET
[2010/07/19 11:32:12 | 000,388,608 | ---- | C] (Trend Micro Inc.) -- C:\Documents and Settings\Administrator\Desktop\HijackThis.exe
[2010/07/19 11:31:19 | 001,870,800 | ---- | C] (Trend Micro Inc.) -- C:\Documents and Settings\Administrator\Desktop\HousecallLauncher.exe
[2010/07/16 14:57:41 | 000,000,000 | -H-D | C] -- C:\WINNT\ie7
[2010/07/16 13:53:27 | 000,000,000 | ---D | C] -- C:\Program Files\VS Revo Group
[2010/07/12 12:35:51 | 000,000,000 | ---D | C] -- C:\WINNT\System\nls
[2010/07/12 12:35:35 | 000,000,000 | ---D | C] -- C:\WINNT\System32\NetWare
[2010/07/12 12:35:34 | 000,000,000 | ---D | C] -- C:\Program Files\CUAgent
[2010/07/12 10:17:18 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\SUPERAntiSpyware.com
[2010/07/12 10:17:10 | 000,000,000 | ---D | C] -- C:\Program Files\SUPERAntiSpyware
[2010/07/09 00:18:00 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NetworkService\Application Data\AdobeUM
[2010/07/06 09:22:29 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NetworkService\Local Settings\Application Data\odvmnqakb
[2010/07/01 17:53:32 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NetworkService\Local Settings\Application Data\Adobe
[2010/06/29 15:17:50 | 000,266,360 | ---- | C] (Microsoft Corporation) -- C:\WINNT\System32\TweakUI.exe
[2010/06/27 00:47:42 | 000,000,000 | ---D | C] -- C:\Documents and Settings\LocalService\Local Settings\Application Data\Adobe

========== Files - Modified Within 30 Days ==========

[2010/07/26 10:44:40 | 000,293,376 | ---- | M] () -- C:\Documents and Settings\Administrator\Desktop\1treb2bp.exe
[2010/07/26 10:32:55 | 007,864,320 | -H-- | M] () -- C:\Documents and Settings\Administrator\NTUSER.DAT
[2010/07/26 10:30:39 | 000,002,206 | ---- | M] () -- C:\WINNT\System32\wpa.dbl
[2010/07/26 10:25:45 | 000,000,006 | -H-- | M] () -- C:\WINNT\tasks\SA.DAT
[2010/07/26 10:25:42 | 000,002,048 | --S- | M] () -- C:\WINNT\bootstat.dat
[2010/07/26 10:25:41 | 526,962,688 | -HS- | M] () -- C:\hiberfil.sys
[2010/07/26 10:25:11 | 000,000,278 | -HS- | M] () -- C:\Documents and Settings\Administrator\ntuser.ini
[2010/07/25 08:14:01 | 000,000,183 | ---- | M] () -- C:\WINNT\hpbafd.ini
[2010/07/22 10:56:00 | 000,000,472 | ---- | M] () -- C:\WINNT\tasks\Ad-Aware Update (Weekly).job
[2010/07/21 15:11:32 | 000,000,821 | ---- | M] () -- C:\Documents and Settings\Administrator\Application Data\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser.lnk
[2010/07/21 08:21:07 | 000,414,692 | R--- | M] () -- C:\WINNT\System32\drivers\etc\hosts
[2010/07/20 14:59:53 | 000,000,688 | ---- | M] () -- C:\Documents and Settings\Administrator\Desktop\CCleaner.lnk
[2010/07/20 08:33:17 | 000,412,092 | R--- | M] () -- C:\WINNT\System32\drivers\etc\hosts.20100721-082107.backup
[2010/07/20 08:16:39 | 000,000,957 | ---- | M] () -- C:\Documents and Settings\Administrator\Application Data\Microsoft\Internet Explorer\Quick Launch\Spybot - Search & Destroy.lnk
[2010/07/20 08:16:39 | 000,000,939 | ---- | M] () -- C:\Documents and Settings\Administrator\Desktop\Spybot - Search & Destroy.lnk
[2010/07/20 08:00:08 | 000,285,312 | ---- | M] () -- C:\WINNT\System32\FNTCACHE.DAT
[2010/07/19 15:17:16 | 000,070,792 | ---- | M] () -- C:\Documents and Settings\Administrator\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
[2010/07/19 11:32:21 | 000,388,608 | ---- | M] (Trend Micro Inc.) -- C:\Documents and Settings\Administrator\Desktop\HijackThis.exe
[2010/07/19 11:31:42 | 000,000,036 | ---- | M] () -- C:\Documents and Settings\Administrator\Local Settings\Application Data\housecall.guid.cache
[2010/07/19 11:31:37 | 001,870,800 | ---- | M] (Trend Micro Inc.) -- C:\Documents and Settings\Administrator\Desktop\HousecallLauncher.exe
[2010/07/16 14:19:42 | 000,532,552 | ---- | M] () -- C:\WINNT\System32\PerfStringBackup.INI
[2010/07/16 14:19:42 | 000,449,424 | ---- | M] () -- C:\WINNT\System32\perfh009.dat
[2010/07/16 14:19:42 | 000,073,830 | ---- | M] () -- C:\WINNT\System32\perfc009.dat
[2010/07/16 13:53:31 | 000,000,923 | ---- | M] () -- C:\Documents and Settings\Administrator\Desktop\Revo Uninstaller.lnk
[2010/07/13 15:13:10 | 000,009,058 | ---- | M] () -- C:\WINNT\System32\jsc
[2010/07/13 15:13:08 | 000,071,680 | ---- | M] () -- C:\WINNT\System32\klgd.bmp
[2010/07/12 13:00:53 | 000,000,584 | ---- | M] () -- C:\Documents and Settings\Administrator\Desktop\Shortcut to loginw32.lnk
[2010/07/12 12:59:40 | 000,000,572 | ---- | M] () -- C:\Documents and Settings\Administrator\Desktop\Shortcut to nwtray.lnk
[2010/07/12 12:36:04 | 000,000,504 | ---- | M] () -- C:\WINNT\System32\AUTOEXEC.NT
[2010/07/12 12:35:56 | 000,000,246 | ---- | M] () -- C:\WINNT\system.ini
[2010/07/12 10:17:14 | 000,001,684 | ---- | M] () -- C:\Documents and Settings\Administrator\Desktop\SUPERAntiSpyware Free Edition.lnk
[2010/07/12 10:16:28 | 000,001,237 | ---- | M] () -- C:\Documents and Settings\Administrator\Desktop\!!SB2010.lnk
[2010/06/30 12:07:00 | 000,000,855 | ---- | M] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Photags AutoDetect.lnk
[2010/06/30 11:44:35 | 000,001,595 | ---- | M] () -- C:\Documents and Settings\Administrator\Desktop\Launch Auto Detect (2).lnk
[2010/06/29 09:47:41 | 000,004,223 | ---- | M] () -- C:\Documents and Settings\Administrator\Desktop\Kathy Hansen virus log file 6.29.2010
[2010/06/27 01:07:06 | 000,001,453 | ---- | M] () -- C:\nudetube.com.lnk
[2010/06/27 01:07:06 | 000,001,449 | ---- | M] () -- C:\youporn.com.lnk
[2010/06/27 01:07:01 | 000,001,457 | ---- | M] () -- C:\pornotube.com.lnk

========== Files Created - No Company Name ==========

[2010/07/26 10:44:37 | 000,293,376 | ---- | C] () -- C:\Documents and Settings\Administrator\Desktop\1treb2bp.exe
[2010/07/21 10:08:12 | 000,256,512 | ---- | C] () -- C:\WINNT\PEV.exe
[2010/07/21 10:08:12 | 000,098,816 | ---- | C] () -- C:\WINNT\sed.exe
[2010/07/21 10:08:12 | 000,080,412 | ---- | C] () -- C:\WINNT\grep.exe
[2010/07/21 10:08:12 | 000,077,312 | ---- | C] () -- C:\WINNT\MBR.exe
[2010/07/21 10:08:12 | 000,068,096 | ---- | C] () -- C:\WINNT\zip.exe
[2010/07/19 11:31:42 | 000,000,036 | ---- | C] () -- C:\Documents and Settings\Administrator\Local Settings\Application Data\housecall.guid.cache
[2010/07/16 14:19:37 | 000,000,821 | ---- | C] () -- C:\Documents and Settings\Administrator\Application Data\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser.lnk
[2010/07/16 13:53:31 | 000,000,923 | ---- | C] () -- C:\Documents and Settings\Administrator\Desktop\Revo Uninstaller.lnk
[2010/07/13 15:13:10 | 000,009,058 | ---- | C] () -- C:\WINNT\System32\jsc
[2010/07/13 15:13:08 | 000,071,680 | ---- | C] () -- C:\WINNT\System32\klgd.bmp
[2010/07/12 13:00:53 | 000,000,584 | ---- | C] () -- C:\Documents and Settings\Administrator\Desktop\Shortcut to loginw32.lnk
[2010/07/12 12:59:40 | 000,000,572 | ---- | C] () -- C:\Documents and Settings\Administrator\Desktop\Shortcut to nwtray.lnk
[2010/07/12 10:17:14 | 000,001,684 | ---- | C] () -- C:\Documents and Settings\Administrator\Desktop\SUPERAntiSpyware Free Edition.lnk
[2010/07/12 10:15:30 | 000,001,237 | ---- | C] () -- C:\Documents and Settings\Administrator\Desktop\!!SB2010.lnk
[2010/06/30 12:06:55 | 000,000,855 | ---- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Photags AutoDetect.lnk
[2010/06/30 11:44:35 | 000,001,595 | ---- | C] () -- C:\Documents and Settings\Administrator\Desktop\Launch Auto Detect (2).lnk
[2010/06/29 15:17:50 | 000,160,217 | ---- | C] () -- C:\WINNT\System32\PowerToysLicense.rtf
[2010/06/29 09:47:41 | 000,004,223 | ---- | C] () -- C:\Documents and Settings\Administrator\Desktop\Kathy Hansen virus log file 6.29.2010
[2010/06/27 01:07:06 | 000,001,453 | ---- | C] () -- C:\nudetube.com.lnk
[2010/06/27 01:07:06 | 000,001,449 | ---- | C] () -- C:\youporn.com.lnk
[2010/06/27 01:06:56 | 000,001,457 | ---- | C] () -- C:\pornotube.com.lnk
[2009/08/03 15:07:42 | 000,403,816 | ---- | C] () -- C:\WINNT\System32\OGACheckControl.dll
[2009/04/22 15:30:22 | 000,363,520 | ---- | C] () -- C:\WINNT\System32\psisdecd.dll
[2009/04/22 09:14:16 | 000,001,793 | ---- | C] () -- C:\WINNT\System32\fxsperf.ini
[2008/09/01 01:02:51 | 000,024,576 | ---- | C] () -- C:\WINNT\System32\FSRremoC.DLL
[2008/08/27 11:23:52 | 000,262,227 | ---- | C] () -- C:\WINNT\System32\nwshlxnt.dll
[2008/08/13 10:10:20 | 000,225,356 | ---- | C] () -- C:\WINNT\System32\lgnwnt32.dll
[2008/06/20 13:49:53 | 000,000,184 | ---- | C] () -- C:\WINNT\_delis43.ini
[2007/02/12 18:43:54 | 000,065,619 | ---- | C] () -- C:\WINNT\System32\setupw2k.dll
[2007/01/19 15:23:27 | 000,000,039 | ---- | C] () -- C:\WINNT\Pt.dll
[2006/11/27 11:55:52 | 000,000,180 | ---- | C] () -- C:\WINNT\dsxxxx.ini
[2006/11/26 17:41:56 | 000,065,792 | ---- | C] () -- C:\WINNT\System32\drivers\Dsc2par.sys
[2006/09/28 10:59:05 | 000,118,784 | ---- | C] () -- C:\WINNT\System32\Lfkodak.dll
[2006/09/28 10:59:04 | 000,338,944 | ---- | C] () -- C:\WINNT\System32\lffpx7.dll
[2006/09/28 10:59:04 | 000,145,408 | ---- | C] () -- C:\WINNT\System32\Bclw32.dll
[2006/09/26 10:26:00 | 000,025,600 | ---- | C] () -- C:\WINNT\System32\CBNDLL.DLL
[2006/09/26 10:26:00 | 000,015,408 | ---- | C] () -- C:\WINNT\System32\CB560WIN.DLL
[2006/09/26 10:26:00 | 000,011,296 | ---- | C] () -- C:\WINNT\System32\drivers\MARXDEV3.SYS
[2006/09/26 10:26:00 | 000,011,296 | ---- | C] () -- C:\WINNT\System32\drivers\MARXDEV2.SYS
[2006/09/26 10:26:00 | 000,011,296 | ---- | C] () -- C:\WINNT\System32\drivers\MARXDEV1.SYS
[2006/09/26 10:26:00 | 000,010,240 | ---- | C] () -- C:\WINNT\System32\CBNVDD.DLL
[2006/09/25 15:18:42 | 000,001,056 | ---- | C] () -- C:\WINNT\ODBC.INI
[2006/09/25 10:35:20 | 000,054,424 | ---- | C] () -- C:\WINNT\System32\dime3500.drv
[2006/09/21 13:36:53 | 000,000,044 | ---- | C] () -- C:\WINNT\hpmnwun.ini
[2006/09/21 13:32:02 | 000,000,000 | ---- | C] () -- C:\WINNT\HPMProp.INI
[2006/09/21 13:31:36 | 000,094,274 | ---- | C] () -- C:\WINNT\System32\HPBHEALR.DLL
[2006/09/21 12:42:26 | 000,003,399 | ---- | C] () -- C:\WINNT\System32\hptcpmon.ini
[2006/09/21 12:42:26 | 000,002,237 | ---- | C] () -- C:\WINNT\System32\AddPort.ini
[2006/09/21 12:42:26 | 000,000,183 | ---- | C] () -- C:\WINNT\hpbafd.ini
[2006/03/27 13:08:34 | 000,040,960 | ---- | C] () -- C:\WINNT\System32\nwslog32.dll
[2000/07/09 23:10:05 | 000,090,112 | ---- | C] () -- C:\WINNT\System32\AdmDll.dll
[2000/01/20 09:15:14 | 000,051,200 | ---- | C] () -- C:\WINNT\System32\lgncon32.dll
[1999/12/07 08:00:00 | 000,176,400 | ---- | C] () -- C:\WINNT\System32\qcut.dll
[1999/09/25 06:36:24 | 000,088,816 | ---- | C] () -- C:\WINNT\System32\drivers\lvcam.sys
[1999/09/25 06:36:22 | 000,017,424 | ---- | C] () -- C:\WINNT\System32\drivers\lvsound.sys
[1999/01/11 04:37:36 | 000,002,757 | ---- | C] () -- C:\WINNT\System32\rdrstats.ini
[1997/07/11 01:00:00 | 000,022,016 | ---- | C] () -- C:\WINNT\System32\ODBCSTF.DLL
[1997/07/11 00:00:00 | 000,022,016 | ---- | C] () -- C:\WINNT\System32\DOCOBJ.DLL
[1996/05/14 09:50:22 | 000,192,512 | ---- | C] () -- C:\WINNT\System32\prtwin32.dll
[1995/08/22 08:36:12 | 000,192,512 | ---- | C] () -- C:\WINNT\System32\nwpsrv32.dll

========== Alternate Data Streams ==========

@Alternate Data Stream - 118 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:5C321E34
< End of report >

Edited by jasonisme1977, 26 July 2010 - 10:46 AM.


#7 myrti

myrti

    Sillyberry


  • Malware Study Hall Admin
  • 33,771 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:At home
  • Local time:06:52 AM

Posted 26 July 2010 - 01:04 PM

Hi,

do you have your windows CD handy? We could restore the files.

regards myrti

is that a bird?  a plane? nooo it's the flying blueberry!

If I have been helping you and haven't replied in 2 days, feel free to shoot me a PM! Please don't send help request via PM, unless I am already helping you. Use the forums!

 

Follow BleepingComputer on: Facebook | Twitter | Google+


#8 jasonisme1977

jasonisme1977
  • Topic Starter

  • Members
  • 8 posts
  • OFFLINE
  •  
  • Local time:12:52 AM

Posted 26 July 2010 - 01:17 PM


Yes i have my cd. It seems like me Internet Explore better, i have to use it some more. But i can get to norton and mcafee web sites that were hijacked before.










QUOTE(myrti @ Jul 26 2010, 02:04 PM) View Post
Hi,

do you have your windows CD handy? We could restore the files.

regards myrti



#9 myrti

myrti

    Sillyberry


  • Malware Study Hall Admin
  • 33,771 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:At home
  • Local time:06:52 AM

Posted 26 July 2010 - 04:32 PM

Hi,

ok, then please run sfc:
  • click on Start
  • select run
  • enter cmd and hit enter
  • a black window will open.
  • please enter the following text into that window and hit enter:
    sfc /scannow
  • a window will open. Start the scan.
If you do not have the run-command in your Start menu:
Please right click on your taskbar, select Properties, select the Start Menu tab, click on Customize and tick the Display Run checkbox and click OK.


Afterwards please post new logs from OTL.

regards myrti

is that a bird?  a plane? nooo it's the flying blueberry!

If I have been helping you and haven't replied in 2 days, feel free to shoot me a PM! Please don't send help request via PM, unless I am already helping you. Use the forums!

 

Follow BleepingComputer on: Facebook | Twitter | Google+


#10 jasonisme1977

jasonisme1977
  • Topic Starter

  • Members
  • 8 posts
  • OFFLINE
  •  
  • Local time:12:52 AM

Posted 27 July 2010 - 09:12 AM

I will try that step shortly , i am still having hijack issues, if i create a new user account, the Internet Explorer is still hijacked. And the account we have been working with (administrator) is still hijacked, it redirects me when i go to alot of sites, i thought it was better , but that was only temporary. When i load a the new account i get the error
dfmcd21.dll cannot be loaded. Looks like it is spyware related.

Edited by jasonisme1977, 27 July 2010 - 09:38 AM.


#11 myrti

myrti

    Sillyberry


  • Malware Study Hall Admin
  • 33,771 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:At home
  • Local time:06:52 AM

Posted 27 July 2010 - 12:17 PM

Hi,

please run a scan with ComboFix instead then:
Please download ComboFix from one of these locations:

Link 1
Link 2

* IMPORTANT !!! Save ComboFix.exe to your Desktop
  • Temporarily disable isable your AntiVirus and AntiSpyware applications. They may otherwise interfere with our tools
    Usually this can be done via a right click on the System Tray icon, check this tutorial for disabling the most common security programs: Link

  • Double click on ComboFix.exe & follow the prompts.
  • As part of it's process, ComboFix will check to see if the Microsoft Windows Recovery Console is installed. With malware infections being as they are today, it's strongly recommended to have this pre-installed on your machine before doing any malware removal. It will allow you to boot up into a special recovery/repair mode that will allow us to more easily help you should your computer have a problem after an attempted removal of malware.
  • Follow the prompts to allow ComboFix to download and install the Microsoft Windows Recovery Console, and when prompted, agree to the End-User License Agreement to install the Microsoft Windows Recovery Console.
**Please note: If the Microsoft Windows Recovery Console is already installed, ComboFix will continue it's malware removal procedures.



Once the Microsoft Windows Recovery Console is installed using ComboFix, you should see the following message:



Click on Yes, to continue scanning for malware.

When finished, it will produce a log for you. Please include the C:\ComboFix.txt in your next reply.

This tool is not a toy and not for everyday use.
ComboFix SHOULD NOT be used unless requested by a forum helper


If you need help, see this link:
http://www.bleepingcomputer.com/combofix/how-to-use-combofix

regards myrti

is that a bird?  a plane? nooo it's the flying blueberry!

If I have been helping you and haven't replied in 2 days, feel free to shoot me a PM! Please don't send help request via PM, unless I am already helping you. Use the forums!

 

Follow BleepingComputer on: Facebook | Twitter | Google+


#12 jasonisme1977

jasonisme1977
  • Topic Starter

  • Members
  • 8 posts
  • OFFLINE
  •  
  • Local time:12:52 AM

Posted 28 July 2010 - 02:51 PM


I will still need some help with the windows updates, i still need to run sfc /scannow ,

















java script:ShowHide('qr_open','qr_closed');




ComboFix 10-07-27.05 - administrator 07/28/2010 14:41:49.1.2 - x86 NETWORK
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.502.352 [GMT -4:00]
Running from: c:\!!sb2010\ComboFix.exe
AV: VirusScan Enterprise + AntiSpyware Enterprise *On-access scanning enabled* (Updated) {918A2B0B-2C60-4016-A4AB-E868DEABF7F0}

WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\desktop.ini
c:\program files\Common Files\Uninstall
c:\program files\PAV
c:\winnt\system32\AdmDll.dll
c:\winnt\system32\klgd.bmp
c:\winnt\Web\default.htt

Infected copy of c:\winnt\system32\drivers\isapnp.sys was found and disinfected
Restored copy from - Kitty had a snack tongue.gif
.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------\Service_IAS


((((((((((((((((((((((((( Files Created from 2010-06-28 to 2010-07-28 )))))))))))))))))))))))))))))))
.

2010-07-28 16:16 . 2006-02-28 12:00 471102 -c--a-w- c:\winnt\system32\dllcache\imskdic.dll
2010-07-28 16:15 . 2006-02-28 12:00 59904 -c--a-w- c:\winnt\system32\dllcache\imkrinst.exe
2010-07-28 16:10 . 2006-02-28 12:00 45109 -c--a-w- c:\winnt\system32\dllcache\imjpuex.exe
2010-07-28 16:09 . 2006-02-28 12:00 57398 -c--a-w- c:\winnt\system32\dllcache\imjpdadm.exe
2010-07-28 16:07 . 2006-02-28 12:00 311359 -c--a-w- c:\winnt\system32\dllcache\imepadsv.exe
2010-07-28 16:04 . 2006-02-28 12:00 102463 -c--a-w- c:\winnt\system32\dllcache\imepadsm.dll
2010-07-28 16:02 . 2006-02-28 12:00 44032 -c--a-w- c:\winnt\system32\dllcache\imekrmig.exe
2010-07-28 15:57 . 2006-02-28 12:00 10129408 -c--a-w- c:\winnt\system32\dllcache\hwxkor.dll
2010-07-28 15:54 . 2006-02-28 12:00 10096640 -c--a-w- c:\winnt\system32\dllcache\hwxcht.dll
2010-07-28 15:51 . 2001-08-18 02:36 13312 -c--a-w- c:\winnt\system32\dllcache\hpsjmcro.dll
2010-07-28 15:49 . 2006-02-28 12:00 36864 -c--a-w- c:\winnt\system32\dllcache\hanjadic.dll
2010-07-28 15:44 . 2008-04-13 18:40 28288 -c--a-w- c:\winnt\system32\dllcache\grserial.sys
2010-07-28 15:44 . 2001-08-17 17:51 82304 -c--a-w- c:\winnt\system32\dllcache\grclass.sys
2010-07-28 15:44 . 2001-08-17 17:51 17408 -c--a-w- c:\winnt\system32\dllcache\gpr400.sys
2010-07-28 15:44 . 2008-04-13 18:45 59136 -c--a-w- c:\winnt\system32\dllcache\gckernel.sys
2010-07-28 15:44 . 2008-04-13 18:45 10624 -c--a-w- c:\winnt\system32\dllcache\gameenum.sys
2010-07-28 15:44 . 2001-08-17 16:49 322432 -c--a-w- c:\winnt\system32\dllcache\g400m.sys
2010-07-28 15:44 . 2001-08-17 18:56 1733120 -c--a-w- c:\winnt\system32\dllcache\g400d.dll
2010-07-28 15:44 . 2001-08-17 16:49 320384 -c--a-w- c:\winnt\system32\dllcache\g200m.sys
2010-07-28 15:44 . 2001-08-17 18:56 470144 -c--a-w- c:\winnt\system32\dllcache\g200d.dll
2010-07-28 15:44 . 2001-08-17 16:15 454912 -c--a-w- c:\winnt\system32\dllcache\fxusbase.sys
2010-07-28 15:42 . 2001-08-17 17:28 594238 -c--a-w- c:\winnt\system32\dllcache\es56hpi.sys
2010-07-28 15:41 . 2001-08-17 16:12 117760 -c--a-w- c:\winnt\system32\dllcache\e100b325.sys
2010-07-28 15:40 . 2001-08-17 16:17 90525 -c--a-w- c:\winnt\system32\dllcache\digifep5.sys
2010-07-28 15:39 . 2001-08-17 16:19 72832 -c--a-w- c:\winnt\system32\dllcache\cwbwdm.sys
2010-07-28 15:38 . 2006-02-28 12:00 838144 -c--a-w- c:\winnt\system32\dllcache\chtbrkr.dll
2010-07-28 15:34 . 2006-02-28 12:00 1677824 -c--a-w- c:\winnt\system32\dllcache\chsbrkr.dll
2010-07-28 15:31 . 2008-04-13 18:40 8192 -c--a-w- c:\winnt\system32\dllcache\changer.sys
2010-07-28 15:31 . 2001-08-17 16:13 49182 -c--a-w- c:\winnt\system32\dllcache\cem56n5.sys
2010-07-28 15:31 . 2001-08-17 16:13 22044 -c--a-w- c:\winnt\system32\dllcache\cem33n5.sys
2010-07-28 15:31 . 2001-08-17 16:13 22044 -c--a-w- c:\winnt\system32\dllcache\cem28n5.sys
2010-07-28 15:31 . 2001-08-17 16:13 27164 -c--a-w- c:\winnt\system32\dllcache\ce3n5.sys
2010-07-28 15:31 . 2001-08-17 16:13 21530 -c--a-w- c:\winnt\system32\dllcache\ce2n5.sys
2010-07-28 15:31 . 2001-08-17 17:52 7680 -c--a-w- c:\winnt\system32\dllcache\cd20xrnt.sys
2010-07-28 15:31 . 2001-08-17 17:28 714698 -c--a-w- c:\winnt\system32\dllcache\cbmdmkxx.sys
2010-07-28 15:31 . 2001-08-17 16:13 46108 -c--a-w- c:\winnt\system32\dllcache\cben5.sys
2010-07-28 15:29 . 2001-08-17 16:11 26568 -c--a-w- c:\winnt\system32\dllcache\bcm4e5.sys
2010-07-28 15:28 . 2001-08-17 18:55 689216 -c--a-w- c:\winnt\system32\dllcache\3dfxvs.dll
2010-07-28 15:28 . 2001-08-17 17:28 762780 -c--a-w- c:\winnt\system32\dllcache\3cwmcru.sys
2010-07-28 15:28 . 2008-04-13 18:46 53376 -c--a-w- c:\winnt\system32\dllcache\1394bus.sys
2010-07-28 15:28 . 2001-08-17 18:06 11264 -c--a-w- c:\winnt\system32\dllcache\1394vdbg.sys
2010-07-28 15:28 . 2001-08-17 18:56 66048 -c--a-w- c:\winnt\system32\dllcache\s3legacy.dll
2010-07-27 15:02 . 2010-07-27 15:02 -------- d-----w- C:\!KillBox
2010-07-27 14:50 . 2010-07-27 14:50 -------- d-----w- c:\documents and settings\NetworkService\Local Settings\Application Data\lyaanhtea
2010-07-27 13:27 . 2010-07-27 13:27 -------- d-sh--w- c:\documents and settings\albrec\PrivacIE
2010-07-27 13:14 . 2010-07-27 13:14 -------- d-sh--w- c:\documents and settings\albrec\IECompatCache
2010-07-27 12:58 . 2010-07-27 12:58 -------- d-sh--w- c:\documents and settings\albrec\IETldCache
2010-07-26 14:57 . 2010-07-26 14:57 -------- d-----w- C:\spoolerlogs
2010-07-26 14:22 . 2010-07-26 14:22 -------- d-----w- C:\_OTL
2010-07-26 14:17 . 2010-07-26 14:17 -------- d-sh--w- c:\documents and settings\Administrator\PrivacIE
2010-07-25 19:35 . 2010-07-25 19:35 -------- d-sh--w- c:\documents and settings\NetworkService\PrivacIE
2010-07-21 19:14 . 2010-07-21 19:14 -------- d-sh--w- c:\documents and settings\Administrator\IECompatCache
2010-07-21 19:11 . 2010-07-21 19:11 -------- d-sh--w- c:\documents and settings\Administrator\IETldCache
2010-07-21 19:05 . 2010-07-21 19:05 -------- d-sh--w- c:\documents and settings\NetworkService\IETldCache
2010-07-21 18:49 . 2010-07-21 18:52 -------- dc-h--w- c:\winnt\ie8
2010-07-19 19:04 . 2010-07-19 19:04 -------- d-----w- c:\program files\FiveStarInteractive
2010-07-19 19:01 . 2010-07-19 19:01 -------- d-----w- c:\program files\ESET
2010-07-16 17:53 . 2010-07-16 17:53 -------- d-----w- c:\program files\VS Revo Group
2010-07-13 12:15 . 2010-07-13 12:15 63488 ----a-w- c:\documents and settings\albrec\Application Data\SUPERAntiSpyware.com\SUPERAntiSpyware\SDDLLS\SD10006.dll
2010-07-13 12:15 . 2010-07-13 12:15 52224 ----a-w- c:\documents and settings\albrec\Application Data\SUPERAntiSpyware.com\SUPERAntiSpyware\SDDLLS\SD10005.dll
2010-07-13 12:15 . 2010-07-13 12:15 117760 ----a-w- c:\documents and settings\albrec\Application Data\SUPERAntiSpyware.com\SUPERAntiSpyware\SDDLLS\UIREPAIR.DLL
2010-07-13 12:15 . 2010-07-13 12:15 -------- d-----w- c:\documents and settings\albrec\Application Data\SUPERAntiSpyware.com
2010-07-12 16:35 . 2010-07-12 16:35 -------- d-----w- c:\winnt\system\nls
2010-07-12 16:35 . 2010-07-12 16:35 -------- d-----w- c:\winnt\system32\NetWare
2010-07-12 16:35 . 2010-07-12 16:35 -------- d-----w- c:\program files\CUAgent
2010-07-12 14:17 . 2010-07-12 14:17 -------- d-----w- c:\documents and settings\All Users\Application Data\SUPERAntiSpyware.com
2010-07-12 14:17 . 2010-07-12 14:17 -------- d-----w- c:\program files\SUPERAntiSpyware
2010-07-09 04:18 . 2010-07-09 04:18 -------- d-----w- c:\documents and settings\NetworkService\Application Data\AdobeUM
2010-07-06 13:22 . 2010-07-06 13:22 -------- d-----w- c:\documents and settings\NetworkService\Local Settings\Application Data\odvmnqakb
2010-07-01 21:53 . 2010-07-09 04:17 -------- d-----w- c:\documents and settings\NetworkService\Local Settings\Application Data\Adobe
2010-06-29 19:19 . 2010-06-30 13:16 -------- d-----w- c:\documents and settings\albrec\Local Settings\Application Data\Adobe
2010-06-29 19:17 . 2003-06-25 20:05 266360 ----a-w- c:\winnt\system32\TweakUI.exe
2010-06-29 19:11 . 2010-06-29 19:11 71256 ----a-w- c:\documents and settings\albrec\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2010-06-29 19:11 . 2010-06-29 19:11 -------- d-----w- c:\documents and settings\albrec\Application Data\TweakNow PowerPack 2010
2010-06-29 18:53 . 2010-07-15 16:26 -------- d-----w- c:\documents and settings\idsystem\DigitalPhoto
2010-06-29 18:47 . 2010-06-29 18:47 71256 ----a-w- c:\documents and settings\idsystem\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2010-06-29 18:47 . 2010-06-29 18:47 -------- d-----w- c:\documents and settings\idsystem\Application Data\TweakNow PowerPack 2010

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-07-21 17:48 . 2006-09-15 17:43 -------- d---a-w- c:\documents and settings\All Users\Application Data\Spybot - Search & Destroy
2010-07-21 17:47 . 2008-06-21 02:02 -------- d---a-w- c:\documents and settings\All Users\Application Data\TEMP
2010-07-21 17:34 . 2006-09-15 16:24 -------- d---a-w- c:\program files\SpywareBlaster
2010-07-20 18:59 . 2006-09-15 16:10 -------- d---a-w- c:\program files\CCleaner
2010-07-20 13:15 . 2006-09-15 17:43 -------- d---a-w- c:\program files\Spybot - Search & Destroy
2010-07-19 19:17 . 2008-08-19 00:38 70792 ----a-w- c:\documents and settings\Administrator\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2010-07-15 13:46 . 2010-07-17 05:17 8530 ----a-w- c:\winnt\PCHEALTH\helpctr\Config\Cache\Professional_32_1033.dat
2010-07-12 14:18 . 2010-06-09 15:10 63488 ----a-w- c:\documents and settings\Administrator\Application Data\SUPERAntiSpyware.com\SUPERAntiSpyware\SDDLLS\SD10006.dll
2010-07-12 14:18 . 2010-06-09 15:10 117760 ----a-w- c:\documents and settings\Administrator\Application Data\SUPERAntiSpyware.com\SUPERAntiSpyware\SDDLLS\UIREPAIR.DLL
2010-06-28 22:10 . 2010-06-23 12:13 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2010-06-23 12:13 . 2010-06-23 12:13 -------- d-----w- c:\documents and settings\Administrator\Application Data\Malwarebytes
2010-06-23 12:13 . 2010-06-23 12:13 -------- d-----w- c:\documents and settings\All Users\Application Data\Malwarebytes
2010-06-19 03:28 . 2010-01-28 03:00 232448 ----a-w- c:\documents and settings\LocalService\Local Settings\Application Data\FontCache3.0.0.0.dat
2010-06-09 15:10 . 2010-06-09 15:10 52224 ----a-w- c:\documents and settings\Administrator\Application Data\SUPERAntiSpyware.com\SUPERAntiSpyware\SDDLLS\SD10005.dll
2010-06-09 15:09 . 2010-06-09 15:09 -------- d-----w- c:\documents and settings\Administrator\Application Data\SUPERAntiSpyware.com
2010-06-09 14:13 . 2010-06-09 14:13 -------- d-----w- c:\documents and settings\Administrator\Application Data\TweakNow PowerPack Professional
2010-06-09 14:13 . 2008-09-01 03:14 -------- d-----w- c:\program files\B Gone
2010-06-09 13:55 . 2010-06-09 13:53 -------- d-----w- c:\program files\TweakNow PowerPack 2010
2010-06-09 13:53 . 2010-06-09 13:53 -------- d-----w- c:\documents and settings\Administrator\Application Data\TweakNow PowerPack 2010
2010-06-09 12:37 . 2010-01-20 18:46 -------- d-----w- c:\program files\TweakNow PowerPack 2009
2010-06-08 14:26 . 2010-06-08 14:26 -------- d-----w- c:\documents and settings\All Users\Application Data\McAfee
2010-06-08 14:26 . 2010-06-08 14:26 -------- d-----w- c:\program files\McAfee
2010-06-08 14:26 . 2010-06-08 14:26 -------- d-----w- c:\program files\Common Files\McAfee
2010-06-08 14:19 . 2010-06-08 14:19 -------- d-----w- c:\documents and settings\Administrator\Application Data\McAfee
2010-04-29 19:39 . 2010-06-23 12:13 38224 ----a-w- c:\winnt\system32\drivers\mbamswissarmy.sys
2010-04-29 19:39 . 2010-06-23 12:13 20952 ----a-w- c:\winnt\system32\drivers\mbam.sys
2006-09-13 20:26 . 2006-09-13 20:26 21952 ---ha-w- c:\program files\folder.htt
2010-03-26 00:07 . 2010-06-08 14:27 23864 ----a-w- c:\program files\mozilla firefox\components\Scriptff.dll
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Mouse Suite 98 Daemon"="ICO.EXE" [2003-11-20 57344]
"Tweak UI"="TWEAKUI.CPL" [2000-06-18 106544]
"B Gone"="c:\program files\B Gone\B Gone.exe" [2005-10-12 221184]
"igfxtray"="c:\winnt\system32\igfxtray.exe" [2006-02-07 94208]
"igfxhkcmd"="c:\winnt\system32\hkcmd.exe" [2006-02-07 77824]
"igfxpers"="c:\winnt\system32\igfxpers.exe" [2006-02-07 118784]
"Bubble"="c:\program files\Windows SteadyState\Bubble.exe" [2008-05-30 182288]
"Logoff"="c:\program files\Windows SteadyState\SCTUINotify.exe" [2008-05-30 163856]
"McAfeeUpdaterUI"="c:\program files\McAfee\Common Framework\udaterui.exe" [2009-08-25 136512]
"ShStatEXE"="c:\program files\McAfee\VirusScan Enterprise\SHSTAT.EXE" [2010-03-26 124224]
"NWTRAY"="NWTRAY.EXE" [2002-03-12 28672]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"tscuninstall"="c:\winnt\system32\tscupgrd.exe" [2006-02-28 44544]

c:\documents and settings\All Users\Start Menu\Programs\Startup\
Photags AutoDetect.lnk - c:\program files\PhoTags Express\Photags AutoDetect.exe [2008-6-20 364544]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"HideFastUserSwitching"= 1 (0x1)
"CompatibleRUPSecurity"= 1 (0x1)

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "c:\program files\SUPERAntiSpyware\SASSEH.DLL" [2008-05-13 77824]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
2009-09-03 22:21 548352 ----a-w- c:\program files\SUPERAntiSpyware\SASWINLO.DLL

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Authentication Packages REG_MULTI_SZ msv1_0 nwv1_0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\McAfeeEngineService]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Windows SteadyState]
@="Service"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Synchronization Manager]
2008-04-14 00:12 143360 ----a-w- c:\winnt\system32\mobsync.exe

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"=
"c:\\Program Files\\McAfee\\Common Framework\\FrameworkService.exe"=
"c:\\WINNT\\system32\\mmc.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"4899:TCP"= 4899:TCP:radll

R2 McAfeeEngineService;McAfee Engine Service;c:\program files\McAfee\VirusScan Enterprise\EngineServer.exe [3/25/2010 20:07 22816]
S0 Lbd;Lbd;c:\winnt\system32\DRIVERS\Lbd.sys --> c:\winnt\system32\DRIVERS\Lbd.sys [?]
S1 DSC2PAR;DSC2PAR;c:\winnt\system32\drivers\Dsc2par.sys [11/26/2006 17:41 65792]
S1 SABKUTIL;SABKUTIL;\??\c:\program files\SUPERAntiSpyware\SABKUTIL.sys --> c:\program files\SUPERAntiSpyware\SABKUTIL.sys [?]
S1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\sasdifsv.sys [2/17/2010 14:25 12872]
S1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL.SYS [5/10/2010 14:41 67656]
S2 MarxDev1;MarxDev1;c:\winnt\system32\drivers\MARXDEV1.SYS [9/26/2006 10:26 11296]
S2 MarxDev2;MarxDev2;c:\winnt\system32\drivers\MARXDEV2.SYS [9/26/2006 10:26 11296]
S2 MarxDev3;MarxDev3;c:\winnt\system32\drivers\MARXDEV3.SYS [9/26/2006 10:26 11296]
S2 mfevtp;McAfee Validation Trust Protection Service;c:\winnt\system32\mfevtps.exe [6/8/2010 10:27 70728]
S2 N5LPT.sys;N5 Print Device;c:\winnt\system32\drivers\N5LPT.sys [9/15/2006 13:35 21132]
S2 r_server;Remote Administrator Service;c:\winnt\system32\r_server.exe [7/9/2000 23:10 184320]
S3 mferkdet;McAfee Inc. mferkdet;c:\winnt\system32\drivers\mferkdet.sys [6/8/2010 10:27 66600]
S3 udmpdrvr;User Mode Process Dump Driver;c:\winnt\system32\drivers\userdump.sys [9/18/2006 15:26 58448]
S3 usbhub20;USB 2.0 Root Hub Support;c:\winnt\system32\drivers\usbhub20.sys [9/14/2006 11:59 49776]
.
Contents of the 'Scheduled Tasks' folder

2010-07-28 c:\winnt\Tasks\User_Feed_Synchronization-{47A8ACDA-C0F2-40D5-B35B-0AE431E8707E}.job
- c:\winnt\system32\msfeedssync.exe [2007-08-13 08:31]

2010-07-28 c:\winnt\Tasks\User_Feed_Synchronization-{EE968B08-25B7-4FEB-B4C0-59E939CF5A99}.job
- c:\winnt\system32\msfeedssync.exe [2007-08-13 08:31]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.fbi.gov/cyberinvest/cyberhome.htm
uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8
uSearchAssistant = hxxp://www.google.com/ie
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
Trusted Zone: internet
Trusted Zone: mcafee.com
TCP: {CCC75BA1-74E9-4D53-A5C2-E8AD273078BD} = 151.103.16.30,151.103.16.43
DPF: DirectAnimation Java Classes - file://c:\winnt\Java\classes\dajava.cab
DPF: Microsoft XML Parser for Java
.
- - - - ORPHANS REMOVED - - - -

HKCU-Run-swg - c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
HKLM-Run-ybporkbo - c:\documents and settings\Administrator\Local Settings\Application Data\fktselldq\knapvgttssd.exe
HKU-Default-Run-ybporkbo - c:\documents and settings\Administrator\Local Settings\Application Data\fktselldq\knapvgttssd.exe
SafeBoot-sglfb.sys
SafeBoot-tga.sys
ActiveSetup-{77D30FCF-771E-4EF4-9DCD-69056CA0B517} - dfmcd21.dll
AddRemove-VFP 6.0 Runtime - Setup - c:\windows\SYSTEM\Uninst.isu



**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-07-28 14:53
Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------

[HKEY_USERS\S-1-5-21-776561741-527237240-839522115-500\Software\Microsoft\Internet Explorer\User Preferences]
@Denied: (2) (Administrator)
"88D7D0879DAB32E14DE5B3A805A34F98AFF34F5977"=hex:01,00,00,00,d0,8c,9d,df,01,15,
d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,b4,9c,32,33,d9,7a,7c,41,8c,71,9f,\
"2D53CFFC5C1A3DD2E97B7979AC2A92BD59BC839E81"=hex:01,00,00,00,d0,8c,9d,df,01,15,
d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,b4,9c,32,33,d9,7a,7c,41,8c,71,9f,\

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{BDC4B624-C7D8-FCCE-06DE-FDD054D03D25}\Control*]
"InProc32"="1253638897"
"gedw"="2131492864"
"gedh"="30091166"
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'winlogon.exe'(252)
c:\program files\SUPERAntiSpyware\SASWINLO.DLL
c:\winnt\system32\OneX.DLL
c:\winnt\system32\eappprxy.dll

- - - - - - - > 'explorer.exe'(1112)
c:\winnt\system32\ieframe.dll
c:\winnt\system32\OneX.DLL
c:\winnt\system32\eappprxy.dll
c:\winnt\system32\NETWIN32.DLL
.
------------------------ Other Running Processes ------------------------
.
c:\program files\Windows SteadyState\SCTSvc.exe
.
**************************************************************************
.
Completion time: 2010-07-28 14:59:14 - machine was rebooted
ComboFix-quarantined-files.txt 2010-07-28 18:59

Pre-Run: 52,645,040,128 bytes free
Post-Run: 52,529,676,288 bytes free

- - End Of File - - 812DC132AAAEEDB351C6E502AAC027CA


#13 myrti

myrti

    Sillyberry


  • Malware Study Hall Admin
  • 33,771 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:At home
  • Local time:06:52 AM

Posted 28 July 2010 - 03:29 PM

Hi,

this is looking promising. After running ComboFix do you have any improvement with your PC?

regards myrti

is that a bird?  a plane? nooo it's the flying blueberry!

If I have been helping you and haven't replied in 2 days, feel free to shoot me a PM! Please don't send help request via PM, unless I am already helping you. Use the forums!

 

Follow BleepingComputer on: Facebook | Twitter | Google+


#14 jasonisme1977

jasonisme1977
  • Topic Starter

  • Members
  • 8 posts
  • OFFLINE
  •  
  • Local time:12:52 AM

Posted 29 July 2010 - 01:26 PM

Here is the otl scan after i did the sfc with my windows disc in the drive , my windows updates is back to normal. I will now try the browser and see if there is any hijacking still going on. You have been a great help thank you so much.


OTL logfile created on: 7/29/2010 14:12:25 - Run 4
OTL by OldTimer - Version 3.2.9.1 Folder = C:\!!SB2010
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

502.00 Mb Total Physical Memory | 180.00 Mb Available Physical Memory | 36.00% Memory free
1.00 Gb Paging File | 1.00 Gb Available in Paging File | 74.00% Paging File free
Paging file location(s): c:\pagefile.sys 756 1512 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINNT | %ProgramFiles% = C:\Program Files
Drive C: | 74.53 Gb Total Space | 48.06 Gb Free Space | 64.48% Space Free | Partition Type: NTFS
Drive D: | 586.62 Mb Total Space | 0.00 Mb Free Space | 0.00% Space Free | Partition Type: CDFS
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: A33500-505422
Current User Name: Administrator
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: Current user
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
Output = Standard

========== Processes (SafeList) ==========

PRC - [2010/07/26 09:09:56 | 000,574,976 | ---- | M] (OldTimer Tools) -- C:\!!SB2010\OTL.exe
PRC - [2010/03/25 20:07:00 | 000,147,472 | ---- | M] (McAfee, Inc.) -- C:\Program Files\McAfee\VirusScan Enterprise\Mcshield.exe
PRC - [2010/03/25 20:07:00 | 000,124,224 | ---- | M] (McAfee, Inc.) -- C:\Program Files\McAfee\VirusScan Enterprise\shstat.exe
PRC - [2010/03/25 20:07:00 | 000,070,728 | ---- | M] (McAfee, Inc.) -- C:\WINNT\system32\mfevtps.exe
PRC - [2010/03/25 20:07:00 | 000,066,880 | ---- | M] (McAfee, Inc.) -- C:\Program Files\McAfee\VirusScan Enterprise\VsTskMgr.exe
PRC - [2010/03/25 20:07:00 | 000,027,960 | ---- | M] (McAfee, Inc.) -- C:\Program Files\McAfee\VirusScan Enterprise\mfeann.exe
PRC - [2010/03/25 20:07:00 | 000,022,816 | ---- | M] (McAfee, Inc.) -- C:\Program Files\McAfee\VirusScan Enterprise\EngineServer.exe
PRC - [2009/08/25 16:00:00 | 000,226,624 | ---- | M] (McAfee, Inc.) -- C:\Program Files\McAfee\Common Framework\naPrdMgr.exe
PRC - [2009/08/25 16:00:00 | 000,136,512 | ---- | M] (McAfee, Inc.) -- C:\Program Files\McAfee\Common Framework\UdaterUI.exe
PRC - [2009/08/25 16:00:00 | 000,103,744 | ---- | M] (McAfee, Inc.) -- C:\Program Files\McAfee\Common Framework\FrameworkService.exe
PRC - [2009/08/25 16:00:00 | 000,091,456 | ---- | M] (McAfee, Inc.) -- C:\Program Files\McAfee\Common Framework\McTray.exe
PRC - [2008/05/30 14:41:28 | 000,182,288 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Windows SteadyState\Bubble.exe
PRC - [2008/05/30 14:41:28 | 000,115,728 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Windows SteadyState\SCTSvc.exe
PRC - [2008/04/13 20:12:19 | 001,033,728 | ---- | M] (Microsoft Corporation) -- C:\WINNT\explorer.exe
PRC - [2008/04/13 20:12:14 | 000,389,120 | ---- | M] (Microsoft Corporation) -- C:\WINNT\system32\cmd.exe
PRC - [2005/10/12 12:24:36 | 000,221,184 | ---- | M] (Ur I.T. Mate Group) -- C:\Program Files\B Gone\B Gone.exe
PRC - [2005/03/01 04:17:55 | 000,364,544 | ---- | M] () -- C:\Program Files\PhoTags Express\Photags AutoDetect.exe
PRC - [2003/11/20 14:08:14 | 000,057,344 | ---- | M] (Primax Electronics Ltd.) -- C:\WINNT\system32\ico.exe
PRC - [2003/11/06 15:51:32 | 000,020,480 | ---- | M] () -- C:\WINNT\system32\FSRremoS.EXE
PRC - [2002/03/12 11:37:28 | 000,028,672 | ---- | M] (Novell, Inc.) -- C:\WINNT\system32\nwtray.exe
PRC - [1999/10/05 13:39:04 | 000,068,384 | ---- | M] (Microsoft) -- C:\WINNT\system32\userdump.exe


========== Modules (SafeList) ==========

MOD - [2010/07/26 09:09:56 | 000,574,976 | ---- | M] (OldTimer Tools) -- C:\!!SB2010\OTL.exe
MOD - [2008/04/13 20:10:20 | 000,110,592 | ---- | M] (Microsoft Corporation) -- C:\WINNT\system32\msscript.ocx


========== Win32 Services (SafeList) ==========

SRV - File not found [Auto | Stopped] -- C:\WINDOWS\system32\wuauserv.dll -- (wuauserv)
SRV - File not found [Auto | Stopped] -- C:\Program Files\Maxtor\Maxtor Backup\MaxBackServiceInt.exe -- (MaxBackServiceInt)
SRV - File not found [Auto | Stopped] -- C:\WINNT\System32\hidserv.dll -- (HidServ)
SRV - [2010/03/25 20:07:00 | 000,147,472 | ---- | M] (McAfee, Inc.) [Unknown | Running] -- C:\Program Files\McAfee\VirusScan Enterprise\Mcshield.exe -- (McShield)
SRV - [2010/03/25 20:07:00 | 000,070,728 | ---- | M] (McAfee, Inc.) [Unknown | Running] -- C:\WINNT\system32\mfevtps.exe -- (mfevtp)
SRV - [2010/03/25 20:07:00 | 000,066,880 | ---- | M] (McAfee, Inc.) [Unknown | Running] -- C:\Program Files\McAfee\VirusScan Enterprise\VsTskMgr.exe -- (McTaskManager)
SRV - [2010/03/25 20:07:00 | 000,022,816 | ---- | M] (McAfee, Inc.) [Unknown | Running] -- C:\Program Files\McAfee\VirusScan Enterprise\EngineServer.exe -- (McAfeeEngineService)
SRV - [2009/08/25 16:00:00 | 000,103,744 | ---- | M] (McAfee, Inc.) [Unknown | Running] -- C:\Program Files\McAfee\Common Framework\FrameworkService.exe -- (McAfeeFramework)
SRV - [2008/08/04 15:59:00 | 000,053,339 | ---- | M] (Novell, Inc.) [On_Demand | Stopped] -- C:\WINNT\system32\cusrvc.exe -- (cusrvc)
SRV - [2008/05/30 14:41:28 | 000,115,728 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Windows SteadyState\SCTSvc.exe -- (Windows SteadyState)
SRV - [2008/04/13 20:12:38 | 000,050,176 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\WINNT\system32\utilman.exe -- (UtilMan)
SRV - [2000/07/23 11:37:39 | 000,184,320 | ---- | M] () [Auto | Stopped] -- C:\WINNT\System32\r_server.exe -- (r_server)
SRV - [1999/10/05 13:39:04 | 000,068,384 | ---- | M] (Microsoft) [Auto | Running] -- C:\WINNT\system32\userdump.exe -- (udmpsvc)


========== Driver Services (SafeList) ==========

DRV - File not found [Kernel | System | Stopped] -- C:\Program Files\SUPERAntiSpyware\SABKUTIL.sys -- (SABKUTIL)
DRV - File not found [Kernel | Disabled | Stopped] -- C:\WINNT\System32\DRIVERS\parallel.sys -- (Parallel)
DRV - File not found [File_System | Boot | Stopped] -- C:\WINNT\System32\DRIVERS\Lbd.sys -- (Lbd)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\ComboFix\catchme.sys -- (catchme)
DRV - [2010/05/10 14:41:30 | 000,067,656 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Running] -- C:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS -- (SASKUTIL)
DRV - [2010/03/25 20:07:00 | 000,343,920 | ---- | M] (McAfee, Inc.) [Kernel | Boot | Running] -- C:\WINNT\system32\drivers\mfehidk.sys -- (mfehidk)
DRV - [2010/03/25 20:07:00 | 000,091,832 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Running] -- C:\WINNT\system32\drivers\mfeavfk.sys -- (mfeavfk)
DRV - [2010/03/25 20:07:00 | 000,075,704 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Running] -- C:\WINNT\system32\drivers\mfeapfk.sys -- (mfeapfk)
DRV - [2010/03/25 20:07:00 | 000,066,600 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINNT\system32\drivers\mferkdet.sys -- (mferkdet)
DRV - [2010/03/25 20:07:00 | 000,064,208 | ---- | M] (McAfee, Inc.) [Kernel | System | Running] -- C:\WINNT\system32\drivers\mfetdik.sys -- (mfetdik)
DRV - [2010/03/25 20:07:00 | 000,043,288 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Running] -- C:\WINNT\system32\drivers\mfebopk.sys -- (mfebopk)
DRV - [2010/02/17 14:25:48 | 000,012,872 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Running] -- C:\Program Files\SUPERAntiSpyware\sasdifsv.sys -- (SASDIFSV)
DRV - [2008/08/28 15:00:14 | 000,553,216 | ---- | M] (Novell, Inc.) [File_System | Auto | Running] -- C:\WINNT\system32\NetWare\nwfs.sys -- (NetwareWorkstation)
DRV - [2008/08/04 17:17:14 | 000,185,216 | ---- | M] (Novell, Inc.) [File_System | Auto | Running] -- C:\WINNT\system32\NetWare\srvloc.sys -- (SRVLOC)
DRV - [2008/08/04 17:06:32 | 000,058,496 | ---- | M] (Novell, Inc.) [File_System | Auto | Running] -- C:\WINNT\system32\NetWare\nwsipx32.sys -- (NWSIPX32)
DRV - [2008/07/21 14:45:20 | 000,017,664 | ---- | M] (Novell, Inc.) [Kernel | Boot | Running] -- C:\WINNT\system32\NetWare\nwfilter.sys -- (NWFILTER)
DRV - [2008/07/21 13:47:04 | 000,029,440 | ---- | M] (Novell, Inc.) [Kernel | Auto | Running] -- C:\WINNT\system32\NetWare\resmgr.sys -- (RESMGR)
DRV - [2008/07/21 13:39:20 | 000,045,824 | ---- | M] (Novell, Inc.) [File_System | On_Demand | Running] -- C:\WINNT\system32\NetWare\nwdns.sys -- (NWDNS)
DRV - [2008/07/02 06:05:32 | 000,089,328 | ---- | M] (Microsoft Corporation) [File_System | Boot | Running] -- C:\WINNT\System32\drivers\MUP.NEW -- (Mup)
DRV - [2008/04/13 14:56:06 | 000,088,320 | ---- | M] (Microsoft Corporation) [Kernel | Auto | Running] -- C:\WINNT\system32\drivers\nwlnkipx.sys -- (NwlnkIpx)
DRV - [2008/04/13 14:46:22 | 000,015,232 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\WINNT\system32\drivers\mpe.sys -- (MPE)
DRV - [2008/04/04 15:32:46 | 000,020,208 | ---- | M] (Novell, Inc.) [File_System | On_Demand | Running] -- C:\WINNT\system32\NetWare\nwslp.sys -- (NWSLP)
DRV - [2008/01/08 10:27:32 | 000,038,603 | ---- | M] (Novell, Inc.) [Kernel | Boot | Running] -- C:\WINNT\system32\drivers\nicm.sys -- (NICM)
DRV - [2006/09/15 14:03:24 | 000,058,000 | ---- | M] (Roxio) [Kernel | System | Running] -- C:\WINNT\System32\drivers\cdr4_2K.sys -- (Cdr4_2K)
DRV - [2006/09/15 14:03:24 | 000,023,420 | ---- | M] (Roxio) [Kernel | System | Running] -- C:\WINNT\System32\drivers\cdralw2k.sys -- (Cdralw2k)
DRV - [2006/05/10 15:00:16 | 000,156,160 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Running] -- C:\WINNT\system32\drivers\b57xp32.sys -- (b57w2k)
DRV - [2006/02/28 08:00:00 | 000,063,232 | ---- | M] (Microsoft Corporation) [Kernel | Auto | Running] -- C:\WINNT\system32\drivers\nwlnknb.sys -- (NwlnkNb)
DRV - [2006/02/28 08:00:00 | 000,055,936 | ---- | M] (Microsoft Corporation) [Kernel | Auto | Running] -- C:\WINNT\system32\drivers\nwlnkspx.sys -- (NwlnkSpx)
DRV - [2005/11/22 10:51:22 | 000,018,353 | ---- | M] (Novell, Inc.) [File_System | On_Demand | Running] -- C:\WINNT\system32\NetWare\nwdhcp.sys -- (NWDHCP)
DRV - [2005/10/12 13:12:18 | 000,009,297 | ---- | M] (Novell, Inc.) [File_System | On_Demand | Running] -- C:\WINNT\system32\NetWare\nwhost.sys -- (NWHOST)
DRV - [2005/10/12 13:11:32 | 000,006,128 | ---- | M] (Novell, Inc.) [File_System | On_Demand | Running] -- C:\WINNT\system32\NetWare\nwsns.sys -- (NWSNS) Novell Simple Naming Services (NWSNS)
DRV - [2005/10/09 21:35:28 | 000,017,792 | ---- | M] (Winbond Electronics Corp.) [Kernel | On_Demand | Running] -- C:\WINNT\system32\drivers\tpm.sys -- (TPM)
DRV - [2005/04/06 15:05:24 | 000,015,360 | ---- | M] (Maxtor Corp.) [Kernel | On_Demand | Stopped] -- C:\WINNT\system32\drivers\mxopswd.sys -- (MXOPSWD)
DRV - [2003/06/19 12:05:04 | 000,049,776 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\WINNT\system32\drivers\usbhub20.sys -- (usbhub20)
DRV - [2003/02/26 14:51:18 | 000,023,232 | ---- | M] () [File_System | On_Demand | Running] -- C:\WINNT\system32\NetWare\nwsap.sys -- (NWSAP)
DRV - [2003/02/11 13:25:14 | 000,009,216 | ---- | M] (Primax Electronics Ltd.) [Kernel | On_Demand | Stopped] -- C:\WINNT\system32\drivers\pelusblf.sys -- (pelusblf)
DRV - [2003/01/10 13:55:32 | 000,016,384 | ---- | M] (Primax Electronics Ltd.) [Kernel | On_Demand | Stopped] -- C:\WINNT\system32\drivers\PELMOUSE.SYS -- (pelmouse)
DRV - [2002/07/26 11:37:32 | 000,021,132 | ---- | M] (Number Five Software) [Kernel | Auto | Running] -- C:\WINNT\system32\drivers\N5LPT.sys -- (N5LPT.sys)
DRV - [2001/07/11 14:55:54 | 000,011,296 | ---- | M] () [Kernel | Auto | Running] -- C:\WINNT\System32\drivers\MARXDEV3.SYS -- (MarxDev3)
DRV - [2001/07/11 14:55:54 | 000,011,296 | ---- | M] () [Kernel | Auto | Running] -- C:\WINNT\System32\drivers\MARXDEV2.SYS -- (MarxDev2)
DRV - [2001/07/11 14:55:54 | 000,011,296 | ---- | M] () [Kernel | Auto | Running] -- C:\WINNT\System32\drivers\MARXDEV1.SYS -- (MarxDev1)
DRV - [1999/10/05 13:39:04 | 000,058,448 | ---- | M] (Microsoft) [Kernel | On_Demand | Running] -- C:\WINNT\system32\drivers\userdump.sys -- (udmpdrvr)
DRV - [1998/06/14 17:32:24 | 000,065,792 | ---- | M] () [Kernel | System | Running] -- C:\WINNT\System32\drivers\Dsc2par.sys -- (DSC2PAR)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\WINNT\system32\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Search_URL = http://www.google.com/ie

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\WINNT\system32\blank.htm
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchMigratedDefaultName = Google
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchMigratedDefaultURL = http://www.google.com/search?q={searchTerm...tf8&oe=utf8
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.fbi.gov/cyberinvest/cyberhome.htm
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Restore = https://www.hvcc.edu/
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.google.com/ie
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

FF - HKLM\software\mozilla\Mozilla Thunderbird 1.5.0.7\Extensions\\Components: C:\Program Files\Mozilla Thunderbird\components\ [2008/08/28 11:50:31 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Thunderbird 1.5.0.7\Extensions\\Plugins: C:\Program Files\Mozilla Thunderbird\plugins\ [2009/05/02 03:02:09 | 000,000,000 | ---D | M]

[2010/03/25 20:07:00 | 000,023,864 | ---- | M] (McAfee, Inc.) -- C:\Program Files\Mozilla Firefox\components\Scriptff.dll
[2004/11/12 23:36:20 | 000,005,120 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files\Mozilla Firefox\plugins\NPAdbESD.dll
[2006/11/09 16:20:40 | 002,111,096 | ---- | M] () -- C:\Program Files\Mozilla Firefox\plugins\NPSWF32.dll

O1 HOSTS File: ([2010/07/28 14:53:38 | 000,000,027 | ---- | M]) - C:\WINNT\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (Adobe PDF Reader Link Helper) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
O2 - BHO: (Spybot-S&D IE Protection) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O2 - BHO: (scriptproxy) - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - C:\Program Files\McAfee\VirusScan Enterprise\scriptsn.dll (McAfee, Inc.)
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No CLSID value found.
O4 - HKLM..\Run: [B Gone] C:\Program Files\B Gone\B Gone.exe (Ur I.T. Mate Group)
O4 - HKLM..\Run: [Bubble] C:\Program Files\Windows SteadyState\Bubble.exe (Microsoft Corporation)
O4 - HKLM..\Run: [Logoff] C:\Program Files\Windows SteadyState\SCTUINotify.exe (Microsoft Corporation)
O4 - HKLM..\Run: [McAfeeUpdaterUI] C:\Program Files\McAfee\Common Framework\udaterui.exe (McAfee, Inc.)
O4 - HKLM..\Run: [Mouse Suite 98 Daemon] C:\WINNT\System32\ico.exe (Primax Electronics Ltd.)
O4 - HKLM..\Run: [NWTRAY] C:\WINNT\System32\nwtray.exe (Novell, Inc.)
O4 - HKLM..\Run: [ShStatEXE] C:\Program Files\McAfee\VirusScan Enterprise\SHSTAT.EXE (McAfee, Inc.)
O4 - HKLM..\Run: [Tweak UI] C:\WINNT\System32\TWEAKUI.CPL (Microsoft Corporation)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Photags AutoDetect.lnk = C:\Program Files\PhoTags Express\Photags AutoDetect.exe ()
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: HideFastUserSwitching = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: CompatibleRUPSecurity = 1
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O8 - Extra context menu item: E&xport to Microsoft Excel - C:\Program Files\Microsoft Office\Office12\EXCEL.EXE (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\WINNT\system32\NetWare\nwws2nds.dll (Novell, Inc.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000005 [] - C:\WINNT\system32\NetWare\nwws2sap.dll (Novell, Inc.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000006 [] - C:\WINNT\system32\NetWare\nwws2slp.dll (Novell, Inc.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\WINNT\system32\nwprovau.dll (Microsoft Corporation)
O15 - HKCU\..Trusted Domains: internet ([]about in Trusted sites)
O15 - HKCU\..Trusted Domains: mcafee.com ([]http in Trusted sites)
O15 - HKCU\..Trusted Domains: mcafee.com ([]https in Trusted sites)
O16 - DPF: {05CA9FB0-3E3E-4B36-BF41-0E3A5CAA8CD8} http://go.microsoft.com/fwlink/?linkid=58813 (Office Genuine Advantage Validation Tool)
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} http://update.microsoft.com/windowsupdate/...b?1158261108468 (WUWebControl Class)
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} http://update.microsoft.com/microsoftupdat...b?1158261168343 (MUWebControl Class)
O16 - DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} http://download.eset.com/special/eos/OnlineScanner.cab (OnlineScanner Control)
O16 - DPF: {C7DB51B4-BCF7-4923-8874-7F1A0DC92277} http://office.microsoft.com/officeupdate/content/opuc4.cab (Office Update Installation Engine)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload.macromedia.com/pub/shock...ash/swflash.cab (Shockwave Flash Object)
O16 - DPF: DirectAnimation Java Classes file://C:\WINNT\Java\classes\dajava.cab (Reg Error: Key error.)
O16 - DPF: Microsoft XML Parser for Java Reg Error: Value error. (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: Domain = hvcc.edu
O18 - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Program Files\Common Files\Microsoft Shared\Help\hxds.dll (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINNT\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: GinaDLL - (NWGINA.DLL) - C:\WINNT\System32\nwgina.dll (Novell, Inc.)
O20 - Winlogon\Notify\!SASWinLogon: DllName - C:\Program Files\SUPERAntiSpyware\SASWINLO.DLL - C:\Program Files\SUPERAntiSpyware\SASWINLO.DLL (SUPERAntiSpyware.com)
O20 - Winlogon\Notify\igfxcui: DllName - igfxdev.dll - C:\WINNT\System32\igfxdev.dll (Intel Corporation)
O20 - Winlogon\Notify\wzcnotif: DllName - wzcdlg.dll - C:\WINNT\System32\wzcdlg.dll (Microsoft Corporation)
O24 - Desktop BackupWallPaper: C:\!!!SpyBots-Staff\Logo's\800 x 600 IBM Americas Map.bmp
O28 - HKLM ShellExecuteHooks: {5AE067D3-9AFB-48E0-853A-EBB7F4A000DA} - C:\Program Files\SUPERAntiSpyware\SASSEH.DLL (SuperAdBlocker.com)
O30 - LSA: Authentication Packages - (nwv1_0) - C:\WINNT\System32\nwv1_0.dll (Novell, Inc.)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2006/09/13 16:26:54 | 000,000,000 | -H-- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O32 - AutoRun File - [2006/02/28 08:00:00 | 000,000,110 | R--- | M] () - D:\AUTORUN.INF -- [ CDFS ]
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

========== Files/Folders - Created Within 30 Days ==========

[2010/07/29 14:09:33 | 000,116,224 | ---- | C] (Xerox) -- C:\WINNT\System32\dllcache\xrxwiadr.dll
[2010/07/29 14:09:23 | 000,023,040 | ---- | C] (Xerox Corporation) -- C:\WINNT\System32\dllcache\xrxwbtmp.dll
[2010/07/29 14:09:12 | 000,004,608 | ---- | C] (Microsoft Corporation) -- C:\WINNT\System32\dllcache\xrxflnch.exe
[2010/07/29 14:09:01 | 000,099,865 | ---- | C] (Eicon Technology) -- C:\WINNT\System32\dllcache\xlog.exe
[2010/07/29 14:05:33 | 000,016,970 | ---- | C] (US Robotics MCD (Megahertz)) -- C:\WINNT\System32\dllcache\xem336n5.sys
[2010/07/29 14:05:31 | 000,019,455 | ---- | C] (Intel® Corporation) -- C:\WINNT\System32\dllcache\wvchntxx.sys
[2010/07/29 14:05:28 | 000,012,063 | ---- | C] (Intel® Corporation) -- C:\WINNT\System32\dllcache\wsiintxx.sys
[2010/07/29 14:05:26 | 000,008,192 | ---- | C] (Microsoft Corporation) -- C:\WINNT\System32\dllcache\wshirda.dll
[2010/07/29 14:05:14 | 000,008,832 | ---- | C] (Microsoft Corporation) -- C:\WINNT\System32\dllcache\wmiacpi.sys
[2010/07/29 14:05:11 | 000,154,624 | ---- | C] (Lucent Technologies) -- C:\WINNT\System32\dllcache\wlluc48.sys
[2010/07/29 14:05:07 | 000,034,890 | ---- | C] (Raytheon Corp.) -- C:\WINNT\System32\dllcache\wlandrv2.sys
[2010/07/29 14:04:59 | 000,771,581 | ---- | C] (Rockwell) -- C:\WINNT\System32\dllcache\winacisa.sys
[2010/07/29 14:04:54 | 000,053,760 | ---- | C] (Microsoft Corporation) -- C:\WINNT\System32\dllcache\wiamsmud.dll
[2010/07/29 14:04:50 | 000,087,040 | ---- | C] (Microsoft Corporation) -- C:\WINNT\System32\dllcache\wiafbdrv.dll
[2010/07/29 13:59:24 | 000,031,232 | ---- | C] (Microsoft Corporation) -- C:\WINNT\System32\dllcache\weitekp9.sys
[2010/07/29 13:49:35 | 000,041,600 | ---- | C] (Microsoft Corporation) -- C:\WINNT\System32\dllcache\weitekp9.dll
[2010/07/29 13:45:06 | 000,701,386 | ---- | C] (3Com Corporation) -- C:\WINNT\System32\dllcache\wdhaalba.sys
[2010/07/29 13:45:05 | 000,023,615 | ---- | C] (Intel® Corporation) -- C:\WINNT\System32\dllcache\wch7xxnt.sys
[2010/07/29 13:45:04 | 000,031,744 | ---- | C] (Microsoft Corporation) -- C:\WINNT\System32\dllcache\wceusbsh.sys
[2010/07/29 13:45:00 | 000,035,871 | ---- | C] (Winbond Electronics Corp.) -- C:\WINNT\System32\dllcache\wbfirdma.sys
[2010/07/29 13:44:57 | 000,033,599 | ---- | C] (Intel® Corporation) -- C:\WINNT\System32\dllcache\watv04nt.sys
[2010/07/29 13:44:56 | 000,019,551 | ---- | C] (Intel® Corporation) -- C:\WINNT\System32\dllcache\watv02nt.sys
[2010/07/29 13:44:55 | 000,029,311 | ---- | C] (Intel® Corporation) -- C:\WINNT\System32\dllcache\watv01nt.sys
[2010/07/29 13:39:35 | 000,009,216 | ---- | C] (Microsoft Corporation) -- C:\WINNT\System32\dllcache\wamps51.dll
[2010/07/29 13:35:25 | 000,011,775 | ---- | C] (Intel® Corporation) -- C:\WINNT\System32\dllcache\wadv05nt.sys
[2010/07/29 13:35:24 | 000,012,127 | ---- | C] (Intel® Corporation) -- C:\WINNT\System32\dllcache\wadv02nt.sys
[2010/07/29 13:35:22 | 000,012,415 | ---- | C] (Intel® Corporation) -- C:\WINNT\System32\dllcache\wadv01nt.sys
[2010/07/29 13:35:18 | 000,016,925 | ---- | C] (Winbond Electronics Corporation) -- C:\WINNT\System32\dllcache\w940nd.sys
[2010/07/29 13:35:15 | 000,019,016 | ---- | C] (Winbond Electronics Corporation) -- C:\WINNT\System32\dllcache\w926nd.sys
[2010/07/29 13:35:11 | 000,019,528 | ---- | C] (Winbond Electronics Corporation) -- C:\WINNT\System32\dllcache\w840nd.sys
[2010/07/29 13:31:18 | 000,005,632 | ---- | C] (Microsoft Corporation) -- C:\WINNT\System32\dllcache\w3svapi.dll
[2010/07/29 13:30:25 | 000,073,728 | ---- | C] (Microsoft Corporation) -- C:\WINNT\System32\dllcache\w3ext.dll
[2010/07/29 13:24:31 | 000,004,608 | ---- | C] (Microsoft Corporation) -- C:\WINNT\System32\dllcache\w3ctrs51.dll
[2010/07/29 13:23:37 | 000,048,256 | ---- | C] (Microsoft Corporation) -- C:\WINNT\System32\dllcache\w32.dll
[2010/07/29 13:21:34 | 000,064,605 | ---- | C] (PCtel, Inc.) -- C:\WINNT\System32\dllcache\vvoice.sys
[2010/07/29 13:21:30 | 000,397,502 | ---- | C] (PCtel, Inc.) -- C:\WINNT\System32\dllcache\vpctcom.sys
[2010/07/29 13:21:26 | 000,604,253 | ---- | C] (PCTEL, INC.) -- C:\WINNT\System32\dllcache\vmodem.sys
[2010/07/29 13:21:22 | 000,249,402 | ---- | C] (Xircom) -- C:\WINNT\System32\dllcache\vinwm.sys
[2010/07/29 13:21:18 | 000,024,576 | ---- | C] (VIA Technologies, Inc.) -- C:\WINNT\System32\dllcache\viairda.sys
[2010/07/29 13:21:17 | 000,005,376 | ---- | C] (Microsoft Corporation) -- C:\WINNT\System32\dllcache\viaide.sys
[2010/07/29 13:21:15 | 000,053,760 | ---- | C] (Microsoft Corporation) -- C:\WINNT\System32\dllcache\vfwwdm32.dll
[2010/07/29 13:21:11 | 000,687,999 | ---- | C] (U.S. Robotics Corporation) -- C:\WINNT\System32\dllcache\usrwdxjs.sys
[2010/07/29 13:21:07 | 000,765,884 | ---- | C] (U.S. Robotics, Inc.) -- C:\WINNT\System32\dllcache\usrti.sys
[2010/07/29 13:21:03 | 000,113,762 | ---- | C] (U.S. Robotics Corporation) -- C:\WINNT\System32\dllcache\usrpda.sys
[2010/07/29 13:21:00 | 000,007,556 | ---- | C] (U.S. Robotics Corporation) -- C:\WINNT\System32\dllcache\usroslba.sys
[2010/07/29 13:20:56 | 000,224,802 | ---- | C] (U.S. Robotics Corporation) -- C:\WINNT\System32\dllcache\usr1807a.sys
[2010/07/29 13:20:52 | 000,794,399 | ---- | C] (U.S. Robotics, Inc.) -- C:\WINNT\System32\dllcache\usr1806v.sys
[2010/07/29 13:20:48 | 000,793,598 | ---- | C] (U.S. Robotics, Inc.) -- C:\WINNT\System32\dllcache\usr1806.sys
[2010/07/29 13:20:45 | 000,794,654 | ---- | C] (U.S. Robotics, Inc.) -- C:\WINNT\System32\dllcache\usr1801.sys
[2010/07/29 13:20:43 | 000,026,112 | ---- | C] (Microsoft Corporation) -- C:\WINNT\System32\dllcache\usbser.sys
[2010/07/29 13:20:42 | 000,015,104 | ---- | C] (Microsoft Corporation) -- C:\WINNT\System32\dllcache\usbscan.sys
[2010/07/29 13:20:41 | 000,025,856 | ---- | C] (Microsoft Corporation) -- C:\WINNT\System32\dllcache\usbprint.sys
[2010/07/29 13:20:38 | 000,017,152 | ---- | C] (Microsoft Corporation) -- C:\WINNT\System32\dllcache\usbohci.sys
[2010/07/29 13:20:37 | 000,032,128 | ---- | C] (Microsoft Corporation) -- C:\WINNT\System32\dllcache\usbccgp.sys
[2010/07/29 13:20:35 | 000,060,032 | ---- | C] (Microsoft Corporation) -- C:\WINNT\System32\dllcache\usbaudio.sys
[2010/07/29 13:20:33 | 000,032,384 | ---- | C] (KLSI USA, Inc.) -- C:\WINNT\System32\dllcache\usb101et.sys
[2010/07/29 13:20:26 | 000,094,720 | ---- | C] (Microsoft Corporation) -- C:\WINNT\System32\dllcache\umaxud32.dll
[2010/07/29 13:20:23 | 000,028,160 | ---- | C] (Microsoft Corporation) -- C:\WINNT\System32\dllcache\umaxu40.dll
[2010/07/29 13:20:19 | 000,026,624 | ---- | C] (Microsoft Corporation) -- C:\WINNT\System32\dllcache\umaxu22.dll
[2010/07/29 13:20:16 | 000,069,632 | ---- | C] (Microsoft Corporation) -- C:\WINNT\System32\dllcache\umaxu12.dll
[2010/07/29 13:20:13 | 000,050,688 | ---- | C] (UMAX DATA SYSTEMS INC.) -- C:\WINNT\System32\dllcache\umaxscan.dll
[2010/07/29 13:20:10 | 000,022,912 | ---- | C] (Microsoft Corporation) -- C:\WINNT\System32\dllcache\umaxpcls.sys
[2010/07/29 13:20:06 | 000,050,176 | ---- | C] (Microsoft Corporation) -- C:\WINNT\System32\dllcache\umaxp60.dll
[2010/07/29 13:20:03 | 000,047,616 | ---- | C] (Microsoft Corporation) -- C:\WINNT\System32\dllcache\umaxcam.dll
[2010/07/29 13:20:00 | 000,211,968 | ---- | C] (UMAX Data Systems Inc.) -- C:\WINNT\System32\dllcache\um54scan.dll
[2010/07/29 13:19:56 | 000,216,064 | ---- | C] (UMAX Data Systems Inc.) -- C:\WINNT\System32\dllcache\um34scan.dll
[2010/07/29 13:19:53 | 000,036,736 | ---- | C] (Promise Technology, Inc.) -- C:\WINNT\System32\dllcache\ultra.sys
[2010/07/29 13:19:49 | 000,011,520 | ---- | C] (IBM Corporation) -- C:\WINNT\System32\dllcache\twotrack.sys
[2010/07/29 13:15:38 | 000,014,336 | ---- | C] (Microsoft Corporation) -- C:\WINNT\System32\dllcache\tsprof.exe
[2010/07/29 13:12:03 | 000,166,784 | ---- | C] (Trident Microsystems Inc.) -- C:\WINNT\System32\dllcache\tridxpm.sys
[2010/07/29 13:11:59 | 000,525,568 | ---- | C] (Trident Microsystems Inc.) -- C:\WINNT\System32\dllcache\tridxp.dll
[2010/07/29 13:11:56 | 000,159,232 | ---- | C] (Trident Microsystems Inc.) -- C:\WINNT\System32\dllcache\tridkbm.sys
[2010/07/29 13:11:52 | 000,440,576 | ---- | C] (Trident Microsystems Inc.) -- C:\WINNT\System32\dllcache\tridkb.dll
[2010/07/29 13:11:49 | 000,222,336 | ---- | C] (Trident Microsystems Inc.) -- C:\WINNT\System32\dllcache\trid3dm.sys
[2010/07/29 13:11:45 | 000,315,520 | ---- | C] (Trident Microsystems Inc.) -- C:\WINNT\System32\dllcache\trid3d.dll
[2010/07/29 13:11:41 | 000,034,375 | ---- | C] (Intel Corporation) -- C:\WINNT\System32\dllcache\tpro4.sys
[2010/07/29 13:11:38 | 000,042,496 | ---- | C] (IBM Corporation) -- C:\WINNT\System32\dllcache\tp4res.dll
[2010/07/29 13:11:37 | 000,082,944 | ---- | C] (IBM Corporation) -- C:\WINNT\System32\dllcache\tp4mon.exe
[2010/07/29 13:11:33 | 000,031,744 | ---- | C] (IBM Corporation) -- C:\WINNT\System32\dllcache\tp4.dll
[2010/07/29 13:11:29 | 000,004,992 | ---- | C] (Microsoft Corporation) -- C:\WINNT\System32\dllcache\toside.sys
[2010/07/29 13:11:26 | 000,230,912 | ---- | C] (Toshiba Corporation) -- C:\WINNT\System32\dllcache\tosdvd03.sys
[2010/07/29 13:11:22 | 000,241,664 | ---- | C] (Toshiba Corporation) -- C:\WINNT\System32\dllcache\tosdvd02.sys
[2010/07/29 13:11:18 | 000,028,232 | ---- | C] (TOSHIBA Corporation) -- C:\WINNT\System32\dllcache\tos4mo.sys
[2010/07/29 13:11:13 | 000,123,995 | ---- | C] (Tiger Jet Network) -- C:\WINNT\System32\dllcache\tjisdn.sys
[2010/07/29 13:06:28 | 000,185,344 | ---- | C] (Microsoft Corporation) -- C:\WINNT\System32\dllcache\thawbrkr.dll
[2010/07/29 13:02:53 | 000,138,528 | ---- | C] (Trident Microsystems Inc.) -- C:\WINNT\System32\dllcache\tgiulnt5.sys
[2010/07/29 13:02:49 | 000,081,408 | ---- | C] (Trident Microsystems Inc.) -- C:\WINNT\System32\dllcache\tgiul50.dll
[2010/07/29 13:02:48 | 000,149,376 | ---- | C] (M-Systems) -- C:\WINNT\System32\dllcache\tffsport.sys
[2010/07/29 12:57:17 | 000,019,464 | ---- | C] (Microsoft Corporation) -- C:\WINNT\System32\dllcache\tdspx.sys
[2010/07/29 12:52:31 | 000,017,129 | ---- | C] (TDK Corporation) -- C:\WINNT\System32\dllcache\tdkcd31.sys
[2010/07/29 12:52:27 | 000,037,961 | ---- | C] (TDK Corporation) -- C:\WINNT\System32\dllcache\tdk100b.sys
[2010/07/29 12:51:53 | 000,021,896 | ---- | C] (Microsoft Corporation) -- C:\WINNT\System32\dllcache\tdipx.sys
[2010/07/29 12:43:33 | 000,013,192 | ---- | C] (Microsoft Corporation) -- C:\WINNT\System32\dllcache\tdasync.sys
[2010/07/29 12:38:50 | 000,030,464 | ---- | C] (Toshiba Corporation) -- C:\WINNT\System32\dllcache\tbatm155.sys
[2010/07/29 12:38:34 | 000,007,040 | ---- | C] (Microsoft Corporation) -- C:\WINNT\System32\dllcache\tandqic.sys
[2010/07/29 12:38:15 | 000,036,640 | ---- | C] (Number Nine Visual Technology Corp.) -- C:\WINNT\System32\dllcache\t2r4mini.sys
[2010/07/29 12:38:02 | 000,172,768 | ---- | C] (Number Nine Visual Technology) -- C:\WINNT\System32\dllcache\t2r4disp.dll
[2010/07/29 12:37:53 | 000,032,640 | ---- | C] (LSI Logic) -- C:\WINNT\System32\dllcache\symc8xx.sys
[2010/07/29 12:37:49 | 000,016,256 | ---- | C] (Symbios Logic Inc.) -- C:\WINNT\System32\dllcache\symc810.sys
[2010/07/29 12:37:44 | 000,030,688 | ---- | C] (LSI Logic) -- C:\WINNT\System32\dllcache\sym_u3.sys
[2010/07/29 12:37:40 | 000,028,384 | ---- | C] (LSI Logic) -- C:\WINNT\System32\dllcache\sym_hi.sys
[2010/07/29 12:37:34 | 000,094,293 | ---- | C] (Perle Systems Ltd. ) -- C:\WINNT\System32\dllcache\sxports.dll
[2010/07/29 12:37:30 | 000,103,936 | ---- | C] (Perle Systems Ltd. ) -- C:\WINNT\System32\dllcache\sx.sys
[2010/07/29 12:37:25 | 000,003,968 | ---- | C] (Microsoft Corporation) -- C:\WINNT\System32\dllcache\swusbflt.sys
[2010/07/29 12:37:21 | 000,010,240 | ---- | C] (Microsoft Corporation) -- C:\WINNT\System32\dllcache\swpidflt.dll
[2010/07/29 12:37:16 | 000,010,240 | ---- | C] (Microsoft Corporation) -- C:\WINNT\System32\dllcache\swpdflt2.dll
[2010/07/29 12:37:12 | 000,053,760 | ---- | C] (Microsoft Corporation) -- C:\WINNT\System32\dllcache\sw_wheel.dll
[2010/07/29 12:37:07 | 000,041,472 | ---- | C] (Microsoft Corporation) -- C:\WINNT\System32\dllcache\sw_effct.dll
[2010/07/29 12:37:00 | 000,155,648 | ---- | C] (Stallion Technologies) -- C:\WINNT\System32\dllcache\stlnprop.dll
[2010/07/29 12:36:55 | 000,053,248 | ---- | C] (Stallion Technologies) -- C:\WINNT\System32\dllcache\stlncoin.dll
[2010/07/29 12:36:51 | 000,285,760 | ---- | C] (Stallion Technologies) -- C:\WINNT\System32\dllcache\stlnata.sys
[2010/07/29 12:36:36 | 000,016,896 | ---- | C] (SCM Microsystems, Inc.) -- C:\WINNT\System32\dllcache\stcusb.sys
[2010/07/29 12:32:40 | 000,016,896 | ---- | C] (Microsoft Corporation) -- C:\WINNT\System32\dllcache\status.dll
[2010/07/29 12:32:15 | 000,048,736 | ---- | C] (3Com) -- C:\WINNT\System32\dllcache\srwlnd5.sys
[2010/07/29 12:31:42 | 000,101,376 | ---- | C] (Microsoft Corporation) -- C:\WINNT\System32\dllcache\srusbusd.dll
[2010/07/29 12:29:27 | 000,024,660 | ---- | C] (Perle Systems Ltd.) -- C:\WINNT\System32\dllcache\spxupchk.dll
[2010/07/29 12:29:15 | 000,061,824 | ---- | C] (Perle Systems Ltd.) -- C:\WINNT\System32\dllcache\speed.sys
[2010/07/29 12:29:02 | 000,106,584 | ---- | C] (Perle Systems Ltd.) -- C:\WINNT\System32\dllcache\spdports.dll
[2010/07/29 12:28:56 | 000,019,072 | ---- | C] (Adaptec, Inc.) -- C:\WINNT\System32\dllcache\sparrow.sys
[2010/07/29 12:28:52 | 000,007,552 | ---- | C] (Sony Corporation) -- C:\WINNT\System32\dllcache\sonypvu1.sys
[2010/07/29 12:28:48 | 000,037,040 | ---- | C] (Sony Corporation) -- C:\WINNT\System32\dllcache\sonypi.sys
[2010/07/29 12:28:44 | 000,114,688 | ---- | C] (Sony Corporation) -- C:\WINNT\System32\dllcache\sonypi.dll
[2010/07/29 12:28:41 | 000,020,752 | ---- | C] (Sony Corporation) -- C:\WINNT\System32\dllcache\sonync.sys
[2010/07/29 12:28:37 | 000,009,600 | ---- | C] (Microsoft Corporation) -- C:\WINNT\System32\dllcache\sonymc.sys
[2010/07/29 12:28:36 | 000,007,552 | ---- | C] (Microsoft Corporation) -- C:\WINNT\System32\dllcache\sonyait.sys
[2010/07/29 12:28:02 | 000,143,422 | ---- | C] (Microsoft Corporation) -- C:\WINNT\System32\dllcache\softkey.dll
[2010/07/29 12:25:09 | 000,007,040 | ---- | C] (Microsoft Corporation) -- C:\WINNT\System32\dllcache\snyaitmc.sys
[2010/07/29 12:25:00 | 000,058,368 | ---- | C] (Silicon Motion Inc.) -- C:\WINNT\System32\dllcache\smiminib.sys
[2010/07/29 12:24:56 | 000,147,200 | ---- | C] (Silicon Motion Inc.) -- C:\WINNT\System32\dllcache\smidispb.dll
[2010/07/29 12:24:53 | 000,025,034 | ---- | C] (SMC Networks, Inc.) -- C:\WINNT\System32\dllcache\smcpwr2n.sys
[2010/07/29 12:24:49 | 000,035,913 | ---- | C] (SMC) -- C:\WINNT\System32\dllcache\smcirda.sys
[2010/07/29 12:24:46 | 000,024,576 | ---- | C] (SMC Networks, Inc.) -- C:\WINNT\System32\dllcache\smc8000n.sys
[2010/07/29 12:24:43 | 000,006,784 | ---- | C] (Microsoft Corporation) -- C:\WINNT\System32\dllcache\smbhc.sys
[2010/07/29 12:24:42 | 000,006,912 | ---- | C] (Microsoft Corporation) -- C:\WINNT\System32\dllcache\smbclass.sys
[2010/07/29 12:24:41 | 000,016,000 | ---- | C] (Microsoft Corporation) -- C:\WINNT\System32\dllcache\smbbatt.sys
[2010/07/29 12:24:37 | 000,045,568 | ---- | C] (Microsoft Corporation) -- C:\WINNT\System32\dllcache\smb3w.dll
[2010/07/29 12:24:34 | 000,033,792 | ---- | C] (Microsoft Corporation) -- C:\WINNT\System32\dllcache\smb0w.dll
[2010/07/29 12:24:30 | 000,028,672 | ---- | C] (Microsoft Corporation) -- C:\WINNT\System32\dllcache\sma0w.dll
[2010/07/29 12:24:26 | 000,028,160 | ---- | C] (Microsoft Corporation) -- C:\WINNT\System32\dllcache\sm91w.dll
[2010/07/29 12:24:21 | 000,063,547 | ---- | C] (Symbol Technologies) -- C:\WINNT\System32\dllcache\sla30nd5.sys
[2010/07/29 12:24:18 | 000,091,294 | ---- | C] (SysKonnect, a business unit of Schneider & Koch & Co. Datensysteme GmbH.) -- C:\WINNT\System32\dllcache\skfpwin.sys
[2010/07/29 12:24:15 | 000,094,698 | ---- | C] (SysKonnect GmbH.) -- C:\WINNT\System32\dllcache\sk98xwin.sys
[2010/07/29 12:24:12 | 000,157,696 | ---- | C] (Silicon Integrated Systems Corporation) -- C:\WINNT\System32\dllcache\sisv256.dll
[2010/07/29 12:24:09 | 000,050,432 | ---- | C] (Silicon Integrated Systems Corporation) -- C:\WINNT\System32\dllcache\sisv.sys
[2010/07/29 12:24:08 | 000,032,768 | ---- | C] (SiS Corporation) -- C:\WINNT\System32\dllcache\sisnic.sys
[2010/07/29 12:24:04 | 000,238,592 | ---- | C] (Silicon Integrated Systems Corporation) -- C:\WINNT\System32\dllcache\sisgrv.dll
[2010/07/29 12:24:01 | 000,104,064 | ---- | C] (Silicon Integrated Systems Corporation) -- C:\WINNT\System32\dllcache\sisgrp.sys
[2010/07/29 12:23:58 | 000,150,144 | ---- | C] (Silicon Integrated Systems Corporation) -- C:\WINNT\System32\dllcache\sis6306v.dll
[2010/07/29 12:23:54 | 000,068,608 | ---- | C] (Silicon Integrated Systems Corporation) -- C:\WINNT\System32\dllcache\sis6306p.sys
[2010/07/29 12:23:51 | 000,252,032 | ---- | C] (Silicon Integrated Systems Corporation) -- C:\WINNT\System32\dllcache\sis300iv.dll
[2010/07/29 12:23:48 | 000,101,760 | ---- | C] (Silicon Integrated Systems Corporation) -- C:\WINNT\System32\dllcache\sis300ip.sys
[2010/07/29 12:23:40 | 000,161,568 | ---- | C] (Micro Systemation) -- C:\WINNT\System32\dllcache\sgsmusb.sys
[2010/07/29 12:23:37 | 000,018,400 | ---- | C] (Micro Systemation) -- C:\WINNT\System32\dllcache\sgsmld.sys
[2010/07/29 12:23:33 | 000,098,080 | ---- | C] (Trident Microsystems Inc.) -- C:\WINNT\System32\dllcache\sgiulnt5.sys
[2010/07/29 12:23:30 | 000,386,560 | ---- | C] (Trident Microsystems Inc.) -- C:\WINNT\System32\dllcache\sgiul50.dll
[2010/07/29 12:23:27 | 000,036,480 | ---- | C] (Creative Technology Ltd.) -- C:\WINNT\System32\dllcache\sfmanm.sys
[2010/07/29 12:23:22 | 000,017,664 | ---- | C] (Microsoft Corporation) -- C:\WINNT\System32\dllcache\sermouse.sys
[2010/07/29 12:23:18 | 000,006,912 | ---- | C] (Microsoft Corporation) -- C:\WINNT\System32\dllcache\seaddsmc.sys
[2010/07/29 12:23:16 | 000,011,520 | ---- | C] (Microsoft Corporation) -- C:\WINNT\System32\dllcache\scsiscan.sys
[2010/07/29 12:23:13 | 000,011,648 | ---- | C] (Microsoft Corporation) -- C:\WINNT\System32\dllcache\scsiprnt.sys
[2010/07/29 12:23:09 | 000,017,280 | ---- | C] (SCM Microsystems) -- C:\WINNT\System32\dllcache\scr111.sys
[2010/07/29 12:23:06 | 000,016,640 | ---- | C] (Microsoft Corporation) -- C:\WINNT\System32\dllcache\scmstcs.sys
[2010/07/29 12:23:03 | 000,023,936 | ---- | C] (OMNIKEY AG) -- C:\WINNT\System32\dllcache\sccmusbm.sys
[2010/07/29 12:22:59 | 000,023,936 | ---- | C] (OMNIKEY AG) -- C:\WINNT\System32\dllcache\sccmn50m.sys
[2010/07/29 12:22:58 | 000,043,904 | ---- | C] (Microsoft Corporation) -- C:\WINNT\System32\dllcache\sbp2port.sys
[2010/07/29 12:22:55 | 000,495,616 | ---- | C] (Creative Technology Ltd.) -- C:\WINNT\System32\dllcache\sblfx.dll
[2010/07/29 12:22:51 | 000,075,392 | ---- | C] (S3 Graphics, Inc.) -- C:\WINNT\System32\dllcache\s3savmxm.sys
[2010/07/29 12:22:47 | 000,245,632 | ---- | C] (S3 Graphics, Inc.) -- C:\WINNT\System32\dllcache\s3savmx.dll
[2010/07/29 12:22:44 | 000,077,824 | ---- | C] (S3 Incorporated) -- C:\WINNT\System32\dllcache\s3sav4m.sys
[2010/07/29 12:22:41 | 000,198,400 | ---- | C] (S3 Incorporated) -- C:\WINNT\System32\dllcache\s3sav4.dll
[2010/07/29 12:22:38 | 000,061,504 | ---- | C] (S3 Incorporated) -- C:\WINNT\System32\dllcache\s3sav3dm.sys
[2010/07/29 12:22:35 | 000,179,264 | ---- | C] (S3 Incorporated) -- C:\WINNT\System32\dllcache\s3sav3d.dll
[2010/07/29 12:22:32 | 000,210,496 | ---- | C] (S3 Incorporated) -- C:\WINNT\System32\dllcache\s3mvirge.dll
[2010/07/29 12:22:29 | 000,062,496 | ---- | C] (S3 Incorporated) -- C:\WINNT\System32\dllcache\s3mtrio.dll
[2010/07/29 12:22:26 | 000,041,216 | ---- | C] (S3 Incorporated) -- C:\WINNT\System32\dllcache\s3mt3d.sys
[2010/07/29 12:22:23 | 000,182,272 | ---- | C] (S3 Incorporated) -- C:\WINNT\System32\dllcache\s3mt3d.dll
[2010/07/29 12:22:20 | 000,166,720 | ---- | C] (S3 Incorporated) -- C:\WINNT\System32\dllcache\s3m.sys
[2010/07/29 12:22:16 | 000,065,664 | ---- | C] (Microsoft Corporation) -- C:\WINNT\System32\dllcache\s3legacy.sys
[2010/07/29 12:22:13 | 000,082,432 | ---- | C] (Ricoh Co., Ltd.) -- C:\WINNT\System32\dllcache\rwia450.dll
[2010/07/29 12:22:10 | 000,079,872 | ---- | C] (Ricoh Co., Ltd.) -- C:\WINNT\System32\dllcache\rwia430.dll
[2010/07/29 12:22:08 | 000,029,696 | ---- | C] (Ricoh Co., Ltd.) -- C:\WINNT\System32\dllcache\rw450ext.dll
[2010/07/29 12:22:07 | 000,027,648 | ---- | C] (Ricoh Co., Ltd.) -- C:\WINNT\System32\dllcache\rw430ext.dll
[2010/07/29 12:22:05 | 000,020,992 | ---- | C] (Realtek Semiconductor Corporation) -- C:\WINNT\System32\dllcache\rtl8139.sys
[2010/07/29 12:22:02 | 000,019,017 | ---- | C] (Realtek Semiconductor Corporation) -- C:\WINNT\System32\dllcache\rtl8029.sys
[2010/07/29 12:21:59 | 000,030,720 | ---- | C] (Conexant Systems Inc.) -- C:\WINNT\System32\dllcache\rthwcls.sys
[2010/07/29 12:21:54 | 000,009,216 | ---- | C] (Brother Industries, Ltd.) -- C:\WINNT\System32\dllcache\rsmgrstr.dll
[2010/07/29 12:21:51 | 000,003,840 | ---- | C] (Conexant Systems Inc.) -- C:\WINNT\System32\dllcache\rpfun.sys
[2010/07/29 12:21:48 | 000,079,104 | ---- | C] (Comtrol Corporation) -- C:\WINNT\System32\dllcache\rocket.sys
[2010/07/29 12:21:44 | 000,037,563 | ---- | C] (RadioLAN) -- C:\WINNT\System32\dllcache\rlnet5.sys
[2010/07/29 12:21:41 | 000,086,097 | ---- | C] (Xircom) -- C:\WINNT\System32\dllcache\reslog32.dll
[2010/07/29 12:21:32 | 000,019,584 | ---- | C] (Microsoft Corporation) -- C:\WINNT\System32\dllcache\rasirda.sys
[2010/07/29 12:21:28 | 000,714,762 | ---- | C] (Xircom, Inc.) -- C:\WINNT\System32\dllcache\r2mdmkxx.sys
[2010/07/29 12:21:24 | 000,899,146 | ---- | C] (Xircom, Inc.) -- C:\WINNT\System32\dllcache\r2mdkxga.sys
[2010/07/29 12:21:21 | 000,041,472 | ---- | C] (Microsoft Corporation) -- C:\WINNT\System32\dllcache\qvusd.dll
[2010/07/29 12:21:18 | 000,003,328 | ---- | C] (Microsoft Corporation) -- C:\WINNT\System32\dllcache\qv2kux.sys
[2010/07/29 12:21:12 | 000,049,024 | ---- | C] (QLogic Corporation) -- C:\WINNT\System32\dllcache\ql1280.sys
[2010/07/29 12:21:09 | 000,040,448 | ---- | C] (Microsoft Corporation) -- C:\WINNT\System32\dllcache\ql1240.sys
[2010/07/29 12:21:06 | 000,045,312 | ---- | C] (QLogic Corporation) -- C:\WINNT\System32\dllcache\ql12160.sys
[2010/07/29 12:21:03 | 000,033,152 | ---- | C] (Microsoft Corporation) -- C:\WINNT\System32\dllcache\ql10wnt.sys
[2010/07/29 12:21:00 | 000,040,320 | ---- | C] (QLogic Corporation) -- C:\WINNT\System32\dllcache\ql1080.sys
[2010/07/29 12:20:59 | 000,006,016 | ---- | C] (Microsoft Corporation) -- C:\WINNT\System32\dllcache\qic157.sys
[2010/07/29 12:20:55 | 000,130,942 | ---- | C] (PCTEL, INC.) -- C:\WINNT\System32\dllcache\ptserlv.sys
[2010/07/29 12:20:52 | 000,112,574 | ---- | C] (PCTEL, INC.) -- C:\WINNT\System32\dllcache\ptserlp.sys
[2010/07/29 12:20:49 | 000,128,286 | ---- | C] (PCTEL, INC.) -- C:\WINNT\System32\dllcache\ptserli.sys
[2010/07/29 12:20:48 | 000,159,232 | ---- | C] (Microsoft Corporation) -- C:\WINNT\System32\dllcache\ptpusd.dll
[2010/07/29 12:20:45 | 000,005,632 | ---- | C] (Microsoft Corporation) -- C:\WINNT\System32\dllcache\ptpusb.dll
[2010/07/29 12:20:42 | 000,035,328 | ---- | C] (Microsoft Corporation) -- C:\WINNT\System32\dllcache\psisload.dll
[2010/07/29 12:20:38 | 000,016,128 | ---- | C] (SCM Microsystems, Inc.) -- C:\WINNT\System32\dllcache\pscr.sys
[2010/07/29 12:20:35 | 000,017,664 | ---- | C] (Microsoft Corporation) -- C:\WINNT\System32\dllcache\ppa3.sys
[2010/07/29 12:20:32 | 000,017,792 | ---- | C] (Microsoft Corporation) -- C:\WINNT\System32\dllcache\ppa.sys
[2010/07/29 12:20:31 | 000,008,832 | ---- | C] (Microsoft Corporation) -- C:\WINNT\System32\dllcache\powerfil.sys
[2010/07/29 12:20:28 | 000,007,168 | ---- | C] (Microsoft Corporation) -- C:\WINNT\System32\dllcache\pnrmc.sys
[2010/07/29 12:20:21 | 000,121,344 | ---- | C] (Microsoft Corporation) -- C:\WINNT\System32\dllcache\phvfwext.dll
[2010/07/29 12:20:17 | 000,019,840 | ---- | C] (Microsoft Corporation) -- C:\WINNT\System32\dllcache\philtune.sys
[2010/07/29 12:20:14 | 000,092,416 | ---- | C] (Microsoft Corporation) -- C:\WINNT\System32\dllcache\phildec.sys
[2010/07/29 12:20:11 | 000,173,696 | ---- | C] (Microsoft Corporation) -- C:\WINNT\System32\dllcache\philcam2.sys
[2010/07/29 12:20:08 | 000,075,776 | ---- | C] (Microsoft Corporation) -- C:\WINNT\System32\dllcache\philcam1.sys
[2010/07/29 12:20:05 | 000,016,384 | ---- | C] (Microsoft Corporation) -- C:\WINNT\System32\dllcache\philcam1.dll
[2010/07/29 12:20:02 | 000,105,984 | ---- | C] (Microsoft Corporation) -- C:\WINNT\System32\dllcache\phdsext.ax
[2010/07/29 12:20:01 | 000,259,328 | ---- | C] (Microsoft Corp., 3Dlabs Inc. Ltd.) -- C:\WINNT\System32\dllcache\perm3dd.dll
[2010/07/29 12:20:00 | 000,028,032 | ---- | C] (Microsoft Corp., 3Dlabs Inc. Ltd.) -- C:\WINNT\System32\dllcache\perm3.sys
[2010/07/29 12:19:59 | 000,211,584 | ---- | C] (Microsoft Corp., 3Dlabs Inc. Ltd.) -- C:\WINNT\System32\dllcache\perm2dll.dll
[2010/07/29 12:19:58 | 000,027,904 | ---- | C] (Microsoft Corp., 3Dlabs Inc. Ltd.) -- C:\WINNT\System32\dllcache\perm2.sys
[2010/07/29 12:19:54 | 000,005,504 | ---- | C] (Microsoft Corporation) -- C:\WINNT\System32\dllcache\perc2hib.sys
[2010/07/29 12:19:51 | 000,027,296 | ---- | C] (Microsoft Corporation) -- C:\WINNT\System32\dllcache\perc2.sys
[2010/07/29 12:19:50 | 000,169,984 | ---- | C] (Cisco Systems) -- C:\WINNT\System32\dllcache\pcx500.sys
[2010/07/29 12:19:47 | 000,086,016 | ---- | C] (PCtel, Inc.) -- C:\WINNT\System32\dllcache\pctspk.exe
[2010/07/29 12:19:44 | 000,035,328 | ---- | C] (AMD Inc.) -- C:\WINNT\System32\dllcache\pcntpci5.sys
[2010/07/29 12:19:41 | 000,029,769 | ---- | C] (AMD Inc.) -- C:\WINNT\System32\dllcache\pcntn5m.sys
[2010/07/29 12:19:38 | 000,030,282 | ---- | C] (AMD Inc.) -- C:\WINNT\System32\dllcache\pcntn5hl.sys
[2010/07/29 12:19:35 | 000,026,153 | ---- | C] (Linksys) -- C:\WINNT\System32\dllcache\pcmlm56.sys
[2010/07/29 12:19:34 | 000,029,502 | ---- | C] (Marconi Communications, Inc.) -- C:\WINNT\System32\dllcache\pca200e.sys
[2010/07/29 12:19:31 | 000,030,495 | ---- | C] (Linksys) -- C:\WINNT\System32\dllcache\pc100nds.sys
[2010/07/29 12:13:25 | 000,031,744 | ---- | C] (Microsoft Corporation) -- C:\WINNT\System32\dllcache\pagecnt.dll
[2010/07/29 12:03:41 | 000,014,336 | ---- | C] (Microsoft Corporation) -- C:\WINNT\System32\dllcache\padrs412.dll
[2010/07/29 11:53:58 | 000,036,927 | ---- | C] (Microsoft Corporation) -- C:\WINNT\System32\dllcache\padrs411.dll
[2010/07/29 11:50:16 | 000,041,984 | ---- | C] (Microsoft Corporation) -- C:\WINNT\System32\dllcache\ovui2rc.dll
[2010/07/29 11:50:13 | 000,044,544 | ---- | C] (Microsoft Corporation) -- C:\WINNT\System32\dllcache\ovui2.dll
[2010/07/29 11:50:10 | 000,025,216 | ---- | C] (Microsoft Corporation) -- C:\WINNT\System32\dllcache\ovsound2.sys
[2010/07/29 11:50:07 | 000,039,424 | ---- | C] (Microsoft Corporation) -- C:\WINNT\System32\dllcache\ovcoms.exe
[2010/07/29 11:50:04 | 000,020,480 | ---- | C] (Microsoft Corporation) -- C:\WINNT\System32\dllcache\ovcomc.dll
[2010/07/29 11:50:01 | 000,351,616 | ---- | C] (Microsoft Corporation) -- C:\WINNT\System32\dllcache\ovcodek2.sys
[2010/07/29 11:49:58 | 000,116,736 | ---- | C] (Microsoft Corporation) -- C:\WINNT\System32\dllcache\ovcodec2.dll
[2010/07/29 11:49:55 | 000,031,872 | ---- | C] (Microsoft Corporation) -- C:\WINNT\System32\dllcache\ovce.sys
[2010/07/29 11:49:52 | 000,028,032 | ---- | C] (Microsoft Corporation) -- C:\WINNT\System32\dllcache\ovcd.sys
[2010/07/29 11:49:49 | 000,048,000 | ---- | C] (Microsoft Corporation) -- C:\WINNT\System32\dllcache\ovcam2.sys
[2010/07/29 11:49:46 | 000,025,088 | ---- | C] (Microsoft Corporation) -- C:\WINNT\System32\dllcache\ovca.sys
[2010/07/29 11:49:43 | 000,054,186 | ---- | C] (Ositech Communications, Inc.) -- C:\WINNT\System32\dllcache\otcsercb.sys
[2010/07/29 11:49:40 | 000,043,689 | ---- | C] (Ositech Communications, Inc.) -- C:\WINNT\System32\dllcache\otceth5.sys
[2010/07/29 11:49:36 | 000,027,209 | ---- | C] (Ositech Communications, Inc.) -- C:\WINNT\System32\dllcache\otc06x5.sys
[2010/07/29 11:49:33 | 000,054,528 | ---- | C] (Yamaha Corp.) -- C:\WINNT\System32\dllcache\opl3sax.sys
[2010/07/29 11:49:30 | 000,061,696 | ---- | C] (Microsoft Corporation) -- C:\WINNT\System32\dllcache\ohci1394.sys
[2010/07/29 11:49:24 | 000,198,144 | ---- | C] (NVIDIA Corporation) -- C:\WINNT\System32\dllcache\nv3.sys
[2010/07/29 11:49:21 | 000,123,776 | ---- | C] (NVIDIA Corporation) -- C:\WINNT\System32\dllcache\nv3.dll
[2010/07/29 11:49:10 | 000,051,552 | ---- | C] (Kensington Technology Group) -- C:\WINNT\System32\dllcache\ntgrip.sys
[2010/07/29 11:49:02 | 000,009,344 | ---- | C] (Microsoft Corporation) -- C:\WINNT\System32\dllcache\ntapm.sys
[2010/07/29 11:48:56 | 000,007,552 | ---- | C] (Microsoft Corporation) -- C:\WINNT\System32\dllcache\nsmmc.sys
[2010/07/29 11:48:55 | 000,028,672 | ---- | C] (National Semiconductor Corporation) -- C:\WINNT\System32\dllcache\nscirda.sys
[2010/07/29 11:48:50 | 000,087,040 | ---- | C] (NeoMagic Corporation) -- C:\WINNT\System32\dllcache\nm6wdm.sys
[2010/07/29 11:48:47 | 000,126,080 | ---- | C] (NeoMagic Corporation) -- C:\WINNT\System32\dllcache\nm5a2wdm.sys
[2010/07/29 11:48:43 | 000,032,840 | ---- | C] (NETGEAR Corporation.) -- C:\WINNT\System32\dllcache\ngrpci.sys
[2010/07/29 11:48:42 | 000,132,695 | ---- | C] (802.11b) -- C:\WINNT\System32\dllcache\netwlan5.sys
[2010/07/29 11:48:38 | 000,065,278 | ---- | C] (Compaq Computer Corporation) -- C:\WINNT\System32\dllcache\netflx3.sys
[2010/07/29 11:48:35 | 000,039,264 | ---- | C] (NeoMagic Corporation) -- C:\WINNT\System32\dllcache\neo20xx.sys
[2010/07/29 11:48:32 | 000,060,480 | ---- | C] (NeoMagic Corporation) -- C:\WINNT\System32\dllcache\neo20xx.dll
[2010/07/29 11:48:30 | 000,015,872 | ---- | C] (Microsoft Corporation) -- C:\WINNT\System32\dllcache\ne2000.sys
[2010/07/29 11:48:26 | 000,091,488 | ---- | C] (Number Nine Visual Technology Corp.) -- C:\WINNT\System32\dllcache\n9i3disp.dll
[2010/07/29 11:48:23 | 000,027,936 | ---- | C] (Number Nine Visual Technology Corp.) -- C:\WINNT\System32\dllcache\n9i3d.sys
[2010/07/29 11:48:21 | 000,033,088 | ---- | C] (Number Nine Visual Technology Corp.) -- C:\WINNT\System32\dllcache\n9i128v2.sys
[2010/07/29 11:48:18 | 000,059,104 | ---- | C] (Number Nine Visual Technology Corp.) -- C:\WINNT\System32\dllcache\n9i128v2.dll
[2010/07/29 11:48:15 | 000,013,664 | ---- | C] (Number Nine Visual Technology Corp.) -- C:\WINNT\System32\dllcache\n9i128.sys
[2010/07/29 11:48:13 | 000,035,392 | ---- | C] (Number Nine Visual Technology Corp.) -- C:\WINNT\System32\dllcache\n9i128.dll
[2010/07/29 11:48:10 | 000,128,000 | ---- | C] (Compaq Computer Corporation) -- C:\WINNT\System32\dllcache\n100325.sys
[2010/07/29 11:48:07 | 000,052,255 | ---- | C] (Compaq Computer Corporation) -- C:\WINNT\System32\dllcache\n1000nt5.sys
[2010/07/29 11:48:04 | 000,075,520 | ---- | C] (Moxa Technologies Co., Ltd.) -- C:\WINNT\System32\dllcache\mxport.sys
[2010/07/29 11:48:02 | 000,007,168 | ---- | C] (Moxa Technologies Co., Ltd) -- C:\WINNT\System32\dllcache\mxport.dll
[2010/07/29 11:47:59 | 000,019,968 | ---- | C] (Macronix International Co., Ltd. ) -- C:\WINNT\System32\dllcache\mxnic.sys
[2010/07/29 11:47:56 | 000,019,968 | ---- | C] (Moxa Technologies Co., Ltd) -- C:\WINNT\System32\dllcache\mxicfg.dll
[2010/07/29 11:47:53 | 000,021,888 | ---- | C] (Moxa Technologies Co., Ltd.) -- C:\WINNT\System32\dllcache\mxcard.sys
[2010/07/29 11:45:32 | 000,229,439 | ---- | C] (Microsoft Corporation) -- C:\WINNT\System32\dllcache\multibox.dll
[2010/07/29 11:45:10 | 000,103,296 | ---- | C] (Matrox Graphics Inc) -- C:\WINNT\System32\dllcache\mtxvideo.sys
[2010/07/29 11:45:04 | 000,049,024 | ---- | C] (Microsoft Corporation) -- C:\WINNT\System32\dllcache\mstape.sys
[2010/07/29 11:45:01 | 000,012,416 | ---- | C] (Microsoft Corporation) -- C:\WINNT\System32\dllcache\msriffwv.sys
[2010/07/29 11:44:55 | 000,002,944 | ---- | C] (Microsoft Corporation) -- C:\WINNT\System32\dllcache\msmpu401.sys
[2010/07/29 11:42:35 | 001,875,968 | ---- | C] (Microsoft Corporation) -- C:\WINNT\System32\dllcache\msir3jp.lex
[2010/07/29 11:41:41 | 000,098,304 | ---- | C] (Microsoft Corporation) -- C:\WINNT\System32\dllcache\msir3jp.dll
[2010/07/29 11:38:45 | 000,035,200 | ---- | C] (Microsoft Corporation) -- C:\WINNT\System32\dllcache\msgame.sys
[2010/07/29 11:38:41 | 000,006,016 | ---- | C] (Microsoft Corporation) -- C:\WINNT\System32\dllcache\msfsio.sys
[2010/07/29 11:38:35 | 000,017,280 | ---- | C] (American Megatrends Inc.) -- C:\WINNT\System32\dllcache\mraid35x.sys
[2010/07/29 11:38:26 | 000,016,128 | ---- | C] (Microsoft Corporation) -- C:\WINNT\System32\dllcache\modemcsa.sys
[2010/07/29 11:38:20 | 000,006,528 | ---- | C] (Microsoft Corporation) -- C:\WINNT\System32\dllcache\miniqic.sys
[2010/07/29 11:38:08 | 000,320,384 | ---- | C] (Matrox Graphics Inc.) -- C:\WINNT\System32\dllcache\mgaum.sys
[2010/07/29 11:38:01 | 000,235,648 | ---- | C] (Matrox Graphics Inc.) -- C:\WINNT\System32\dllcache\mgaud.dll
[2010/07/29 11:37:58 | 000,026,112 | ---- | C] (Sony Corporation) -- C:\WINNT\System32\dllcache\memstpci.sys
[2010/07/29 11:37:55 | 000,047,616 | ---- | C] (Microsoft Corporation) -- C:\WINNT\System32\dllcache\memgrp.dll
[2010/07/29 11:37:53 | 000,008,320 | ---- | C] (Microsoft Corporation) -- C:\WINNT\System32\dllcache\memcard.sys
[2010/07/29 11:37:49 | 000,164,586 | ---- | C] (Madge Networks Ltd) -- C:\WINNT\System32\dllcache\mdgndis5.sys
[2010/07/29 11:37:45 | 000,007,424 | ---- | C] (Microsoft Corporation) -- C:\WINNT\System32\dllcache\mammoth.sys
[2010/07/29 11:37:41 | 000,048,768 | ---- | C] (ESS Technology, Inc.) -- C:\WINNT\System32\dllcache\maestro.sys
[2010/07/29 11:37:39 | 000,058,880 | ---- | C] (Microsoft Corporation) -- C:\WINNT\System32\dllcache\m3092dc.dll
[2010/07/29 11:37:36 | 000,058,368 | ---- | C] (Microsoft Corporation) -- C:\WINNT\System32\dllcache\m3091dc.dll
[2010/07/29 11:37:33 | 000,022,848 | ---- | C] (Logitech Inc.) -- C:\WINNT\System32\dllcache\lwusbhid.sys
[2010/07/29 11:37:33 | 000,020,864 | ---- | C] (Logitech Inc.) -- C:\WINNT\System32\dllcache\lwadihid.sys
[2010/07/29 11:37:30 | 000,797,500 | ---- | C] (LT) -- C:\WINNT\System32\dllcache\ltsmt.sys
[2010/07/29 11:37:28 | 000,802,683 | ---- | C] (Lucent Technologies) -- C:\WINNT\System32\dllcache\ltsm.sys
[2010/07/29 11:37:27 | 000,420,992 | ---- | C] (LT) -- C:\WINNT\System32\dllcache\ltmdmntt.sys
[2010/07/29 11:37:27 | 000,007,040 | ---- | C] (Microsoft Corporation) -- C:\WINNT\System32\dllcache\ltotape.sys
[2010/07/29 11:37:24 | 000,606,684 | ---- | C] (LT) -- C:\WINNT\System32\dllcache\ltmdmnt.sys
[2010/07/29 11:37:24 | 000,576,746 | ---- | C] (LT) -- C:\WINNT\System32\dllcache\ltmdmntl.sys
[2010/07/29 11:37:21 | 000,727,786 | ---- | C] (Xircom, Inc.) -- C:\WINNT\System32\dllcache\ltck000c.sys
[2010/07/29 11:37:18 | 000,004,992 | ---- | C] (Microsoft Corporation) -- C:\WINNT\System32\dllcache\loop.sys
[2010/07/29 11:37:14 | 000,070,730 | ---- | C] (Linksys Group, Inc.) -- C:\WINNT\System32\dllcache\lne100tx.sys
[2010/07/29 11:37:12 | 000,020,573 | ---- | C] (The Linksts Group ) -- C:\WINNT\System32\dllcache\lne100.sys
[2010/07/29 11:37:09 | 000,025,065 | ---- | C] (D-Link) -- C:\WINNT\System32\dllcache\lmndis3.sys
[2010/07/29 11:37:07 | 000,015,744 | ---- | C] (Litronic Industries) -- C:\WINNT\System32\dllcache\lit220p.sys
[2010/07/29 11:37:06 | 000,034,688 | ---- | C] (Toshiba Corp.) -- C:\WINNT\System32\dllcache\lbrtfdc.sys
[2010/07/29 11:37:03 | 000,026,442 | ---- | C] (SMSC) -- C:\WINNT\System32\dllcache\lanepic5.sys
[2010/07/29 11:37:00 | 000,019,016 | ---- | C] (Kingston Technology Company ) -- C:\WINNT\System32\dllcache\ktc111.sys
[2010/07/29 11:36:57 | 000,037,376 | ---- | C] (Microsoft Corporation) -- C:\WINNT\System32\dllcache\kousd.dll
[2010/07/29 11:33:42 | 000,070,656 | ---- | C] (Microsoft Corporation) -- C:\WINNT\System32\dllcache\korwbrkr.dll
[2010/07/29 11:31:34 | 000,253,952 | ---- | C] (Microsoft Corporation) -- C:\WINNT\System32\dllcache\kdsusd.dll
[2010/07/29 11:31:34 | 000,048,640 | ---- | C] (Microsoft Corporation) -- C:\WINNT\System32\dllcache\kdsui.dll
[2010/07/29 11:31:24 | 000,008,192 | ---- | C] (Microsoft Corporation) -- C:\WINNT\System32\dllcache\kbdkor.dll
[2010/07/29 11:31:22 | 000,008,704 | ---- | C] (Microsoft Corporation) -- C:\WINNT\System32\dllcache\kbdjpn.dll
[2010/07/29 11:31:14 | 000,006,144 | ---- | C] (Microsoft Corporation) -- C:\WINNT\System32\dllcache\kbd106.dll
[2010/07/29 11:31:12 | 000,005,632 | ---- | C] (Microsoft Corporation) -- C:\WINNT\System32\dllcache\kbd103.dll
[2010/07/29 11:31:09 | 000,006,144 | ---- | C] (Microsoft Corporation) -- C:\WINNT\System32\dllcache\kbd101c.dll
[2010/07/29 11:31:07 | 000,006,144 | ---- | C] (Microsoft Corporation) -- C:\WINNT\System32\dllcache\kbd101b.dll
[2010/07/29 11:31:02 | 000,026,624 | ---- | C] (SigmaTel, Inc.) -- C:\WINNT\System32\dllcache\irstusb.sys
[2010/07/29 11:31:00 | 000,018,688 | ---- | C] (Microsoft Corporation) -- C:\WINNT\System32\dllcache\irsir.sys
[2010/07/29 11:30:59 | 000,028,160 | ---- | C] (Microsoft Corporation) -- C:\WINNT\System32\dllcache\irmon.dll
[2010/07/29 11:30:57 | 000,023,552 | ---- | C] (MKNet Corporation) -- C:\WINNT\System32\dllcache\irmk7.sys
[2010/07/29 11:30:56 | 000,151,552 | ---- | C] (Microsoft Corporation) -- C:\WINNT\System32\dllcache\irftp.exe
[2010/07/29 11:30:56 | 000,088,192 | ---- | C] (Microsoft Corporation) -- C:\WINNT\System32\dllcache\irda.sys
[2010/07/29 11:30:52 | 000,045,632 | ---- | C] (Interphase ® Corporation a Windows ® 2000 DDK Driver Provider) -- C:\WINNT\System32\dllcache\ip5515.sys
[2010/07/29 11:30:49 | 000,090,200 | ---- | C] (Perle Systems Ltd. ) -- C:\WINNT\System32\dllcache\io8ports.dll
[2010/07/29 11:30:47 | 000,038,784 | ---- | C] (Perle Systems Ltd. ) -- C:\WINNT\System32\dllcache\io8.sys
[2010/07/29 11:30:44 | 000,013,056 | ---- | C] (Microsoft Corporation) -- C:\WINNT\System32\dllcache\inport.sys
[2010/07/29 11:30:42 | 000,016,000 | ---- | C] (Microsoft Corporation) -- C:\WINNT\System32\dllcache\ini910u.sys
[2010/07/29 11:28:20 | 000,471,102 | ---- | C] (Microsoft Corporation) -- C:\WINNT\System32\dllcache\imskdic.dll
[2010/07/29 11:27:26 | 000,059,904 | ---- | C] (Microsoft Corporation) -- C:\WINNT\System32\dllcache\imkrinst.exe
[2010/07/29 11:22:13 | 000,045,109 | ---- | C] (Microsoft Corporation) -- C:\WINNT\System32\dllcache\imjpuex.exe
[2010/07/29 11:21:17 | 000,057,398 | ---- | C] (Microsoft Corporation) -- C:\WINNT\System32\dllcache\imjpdadm.exe
[2010/07/29 11:18:49 | 000,311,359 | ---- | C] (Microsoft Corporation) -- C:\WINNT\System32\dllcache\imepadsv.exe
[2010/07/29 11:16:15 | 000,102,463 | ---- | C] (Microsoft Corporation) -- C:\WINNT\System32\dllcache\imepadsm.dll
[2010/07/29 11:13:42 | 000,044,032 | ---- | C] (Microsoft Corporation) -- C:\WINNT\System32\dllcache\imekrmig.exe
[2010/07/29 11:09:06 | 010,129,408 | ---- | C] (Microsoft Corporation) -- C:\WINNT\System32\dllcache\hwxkor.dll
[2010/07/29 11:06:16 | 010,096,640 | ---- | C] (Microsoft Corporation) -- C:\WINNT\System32\dllcache\hwxcht.dll
[2010/07/29 11:00:32 | 000,036,864 | ---- | C] (Microsoft Corporation) -- C:\WINNT\System32\dllcache\hanjadic.dll
[2010/07/29 10:48:52 | 000,838,144 | ---- | C] (Microsoft Corporation) -- C:\WINNT\System32\dllcache\chtbrkr.dll
[2010/07/29 10:46:10 | 001,677,824 | ---- | C] (Microsoft Corporation) -- C:\WINNT\System32\dllcache\chsbrkr.dll
[2010/07/29 10:41:00 | 000,000,000 | ---D | C] -- C:\WINNT\LastGood
[2010/07/28 14:59:16 | 000,000,000 | ---D | C] -- C:\WINNT\temp
[2010/07/28 11:58:59 | 000,372,824 | ---- | C] (Xircom) -- C:\WINNT\System32\dllcache\iconf32.dll
[2010/07/28 11:58:57 | 000,100,992 | ---- | C] (Microsoft Corporation) -- C:\WINNT\System32\dllcache\icam5usb.sys
[2010/07/28 11:58:54 | 000,020,480 | ---- | C] (Microsoft Corporation) -- C:\WINNT\System32\dllcache\icam5ext.dll
[2010/07/28 11:58:52 | 000,045,056 | ---- | C] (Microsoft Corporation) -- C:\WINNT\System32\dllcache\icam5com.dll
[2010/07/28 11:58:49 | 000,154,496 | ---- | C] (Microsoft Corporation) -- C:\WINNT\System32\dllcache\icam4usb.sys
[2010/07/28 11:58:47 | 000,061,952 | ---- | C] (Microsoft Corporation) -- C:\WINNT\System32\dllcache\icam4ext.dll
[2010/07/28 11:58:44 | 000,091,136 | ---- | C] (Microsoft Corporation) -- C:\WINNT\System32\dllcache\icam4com.dll
[2010/07/28 11:58:42 | 000,026,624 | ---- | C] (Microsoft Corporation) -- C:\WINNT\System32\dllcache\icam3ext.dll
[2010/07/28 11:58:39 | 000,141,056 | ---- | C] (Microsoft Corporation) -- C:\WINNT\System32\dllcache\icam3.sys
[2010/07/28 11:58:36 | 000,038,528 | ---- | C] (Microsoft Corporation) -- C:\WINNT\System32\dllcache\ibmvcap.sys
[2010/07/28 11:58:34 | 000,109,085 | ---- | C] (IBM Corporation) -- C:\WINNT\System32\dllcache\ibmtrp.sys
[2010/07/28 11:58:31 | 000,100,936 | ---- | C] (IBM Corporation) -- C:\WINNT\System32\dllcache\ibmtok.sys
[2010/07/28 11:58:28 | 000,009,216 | ---- | C] (IBM Corporation) -- C:\WINNT\System32\dllcache\ibmsgnet.dll
[2010/07/28 11:58:24 | 000,028,700 | ---- | C] (IBM Corp.) -- C:\WINNT\System32\dllcache\ibmexmp.sys
[2010/07/28 11:58:22 | 000,161,020 | ---- | C] (Intel® Corporation) -- C:\WINNT\System32\dllcache\i81xnt5.sys
[2010/07/28 11:58:21 | 000,702,845 | ---- | C] (Intel® Corporation) -- C:\WINNT\System32\dllcache\i81xdnt5.dll
[2010/07/28 11:58:18 | 000,058,592 | ---- | C] (Intel Corporation) -- C:\WINNT\System32\dllcache\i740nt5.sys
[2010/07/28 11:58:13 | 000,353,184 | ---- | C] (Intel Corporation) -- C:\WINNT\System32\dllcache\i740dnt5.dll
[2010/07/28 11:58:12 | 000,018,560 | ---- | C] (Microsoft Corporation) -- C:\WINNT\System32\dllcache\i2omp.sys
[2010/07/28 11:58:11 | 000,008,576 | ---- | C] (Microsoft Corporation) -- C:\WINNT\System32\dllcache\i2omgmt.sys
[2010/07/28 11:52:36 | 000,488,383 | ---- | C] (Conexant) -- C:\WINNT\System32\dllcache\hsf_v124.sys
[2010/07/28 11:52:34 | 000,050,751 | ---- | C] (Conexant) -- C:\WINNT\System32\dllcache\hsf_tone.sys
[2010/07/28 11:52:31 | 000,073,279 | ---- | C] (Conexant) -- C:\WINNT\System32\dllcache\hsf_spkp.sys
[2010/07/28 11:52:29 | 000,044,863 | ---- | C] (Conexant) -- C:\WINNT\System32\dllcache\hsf_soar.sys
[2010/07/28 11:52:26 | 000,057,471 | ---- | C] (Conexant) -- C:\WINNT\System32\dllcache\hsf_samp.sys
[2010/07/28 11:52:24 | 000,542,879 | ---- | C] (Conexant) -- C:\WINNT\System32\dllcache\hsf_msft.sys
[2010/07/28 11:52:21 | 000,391,199 | ---- | C] (Conexant) -- C:\WINNT\System32\dllcache\hsf_k56k.sys
[2010/07/28 11:52:19 | 000,009,759 | ---- | C] (Conexant) -- C:\WINNT\System32\dllcache\hsf_inst.dll
[2010/07/28 11:52:17 | 000,115,807 | ---- | C] (Conexant) -- C:\WINNT\System32\dllcache\hsf_fsks.sys
[2010/07/28 11:52:14 | 000,199,711 | ---- | C] (Conexant) -- C:\WINNT\System32\dllcache\hsf_faxx.sys
[2010/07/28 11:52:12 | 000,289,887 | ---- | C] (Conexant) -- C:\WINNT\System32\dllcache\hsf_fall.sys
[2010/07/28 11:52:09 | 000,067,167 | ---- | C] (Conexant) -- C:\WINNT\System32\dllcache\hsf_bsc2.sys
[2010/07/28 11:52:07 | 000,150,239 | ---- | C] (Conexant) -- C:\WINNT\System32\dllcache\hsf_amos.sys
[2010/07/28 11:52:04 | 000,019,456 | ---- | C] (Microsoft Corporation) -- C:\WINNT\System32\dllcache\hr1w.dll
[2010/07/28 11:52:01 | 000,005,760 | ---- | C] (Microsoft Corporation) -- C:\WINNT\System32\dllcache\hpt4qic.sys
[2010/07/28 11:51:59 | 000,013,312 | ---- | C] (Microsoft Corporation) -- C:\WINNT\System32\dllcache\hpsjmcro.dll
[2010/07/28 11:51:57 | 000,324,608 | ---- | C] (Microsoft Corporation) -- C:\WINNT\System32\dllcache\hpojwia.dll
[2010/07/28 11:51:54 | 000,025,952 | ---- | C] (Microsoft Corporation) -- C:\WINNT\System32\dllcache\hpn.sys
[2010/07/28 11:51:52 | 000,032,768 | ---- | C] (Microsoft Corporation) -- C:\WINNT\System32\dllcache\hpgtmcro.dll
[2010/07/28 11:51:50 | 000,068,608 | ---- | C] (Avisioin) -- C:\WINNT\System32\dllcache\hpgt53tk.dll
[2010/07/28 11:51:45 | 000,031,232 | ---- | C] (Microsoft Corporation) -- C:\WINNT\System32\dllcache\hpgt42tk.dll
[2010/07/28 11:51:38 | 000,126,976 | ---- | C] (Hewlett Packard) -- C:\WINNT\System32\dllcache\hpgt34tk.dll
[2010/07/28 11:51:31 | 000,048,128 | ---- | C] (Microsoft Corporation) -- C:\WINNT\System32\dllcache\hpgt33tk.dll
[2010/07/28 11:51:26 | 000,123,392 | ---- | C] (Microsoft Corporation) -- C:\WINNT\System32\dllcache\hpgt21tk.dll
[2010/07/28 11:51:22 | 000,119,296 | ---- | C] (Microsoft Corporation) -- C:\WINNT\System32\dllcache\hpdigwia.dll
[2010/07/28 11:51:19 | 000,021,504 | ---- | C] (Microsoft Corporation) -- C:\WINNT\System32\dllcache\hidserv.dll
[2010/07/28 11:51:19 | 000,002,688 | ---- | C] (Microsoft Corporation) -- C:\WINNT\System32\dllcache\hidswvd.sys
[2010/07/28 11:51:17 | 000,008,576 | ---- | C] (Microsoft Corporation) -- C:\WINNT\System32\dllcache\hidgame.sys
[2010/07/28 11:51:16 | 000,020,352 | ---- | C] (Microsoft Corporation) -- C:\WINNT\System32\dllcache\hidbatt.sys
[2010/07/28 11:51:14 | 000,907,456 | ---- | C] (Conexant) -- C:\WINNT\System32\dllcache\hcf_msft.sys
[2010/07/28 11:44:20 | 000,028,288 | ---- | C] (Gemplus) -- C:\WINNT\System32\dllcache\grserial.sys
[2010/07/28 11:44:17 | 000,082,304 | ---- | C] (Gemplus) -- C:\WINNT\System32\dllcache\grclass.sys
[2010/07/28 11:44:15 | 000,017,408 | ---- | C] (Gemplus) -- C:\WINNT\System32\dllcache\gpr400.sys
[2010/07/28 11:44:13 | 000,059,136 | ---- | C] (Microsoft Corporation) -- C:\WINNT\System32\dllcache\gckernel.sys
[2010/07/28 11:44:12 | 000,010,624 | ---- | C] (Microsoft Corporation) -- C:\WINNT\System32\dllcache\gameenum.sys
[2010/07/28 11:44:10 | 000,322,432 | ---- | C] (Matrox Graphics Inc.) -- C:\WINNT\System32\dllcache\g400m.sys
[2010/07/28 11:44:08 | 001,733,120 | ---- | C] (Matrox Graphics Inc.) -- C:\WINNT\System32\dllcache\g400d.dll
[2010/07/28 11:44:06 | 000,320,384 | ---- | C] (Matrox Graphics Inc.) -- C:\WINNT\System32\dllcache\g200m.sys
[2010/07/28 11:44:03 | 000,470,144 | ---- | C] (Matrox Graphics Inc.) -- C:\WINNT\System32\dllcache\g200d.dll
[2010/07/28 11:44:01 | 000,454,912 | ---- | C] (AVM GmbH) -- C:\WINNT\System32\dllcache\fxusbase.sys
[2010/07/28 11:43:57 | 000,092,160 | ---- | C] (Microsoft Corporation) -- C:\WINNT\System32\dllcache\fuusd.dll
[2010/07/28 11:43:54 | 000,455,296 | ---- | C] (AVM GmbH) -- C:\WINNT\System32\dllcache\fusbbase.sys
[2010/07/28 11:43:52 | 000,455,680 | ---- | C] (AVM GmbH) -- C:\WINNT\System32\dllcache\fus2base.sys
[2010/07/28 11:43:47 | 000,442,240 | ---- | C] (AVM GmbH) -- C:\WINNT\System32\dllcache\fpnpbase.sys
[2010/07/28 11:43:45 | 000,441,728 | ---- | C] (AVM GmbH) -- C:\WINNT\System32\dllcache\fpcmbase.sys
[2010/07/28 11:43:43 | 000,444,416 | ---- | C] (AVM GmbH) -- C:\WINNT\System32\dllcache\fpcibase.sys
[2010/07/28 11:43:42 | 000,034,173 | ---- | C] (Marconi Communications, Inc.) -- C:\WINNT\System32\dllcache\forehe.sys
[2010/07/28 11:43:38 | 000,027,165 | ---- | C] (VIA Technologies, Inc. ) -- C:\WINNT\System32\dllcache\fetnd5.sys
[2010/07/28 11:43:31 | 000,022,090 | ---- | C] (3Com Corporation) -- C:\WINNT\System32\dllcache\fem556n5.sys
[2010/07/28 11:43:28 | 000,024,618 | ---- | C] (NETGEAR) -- C:\WINNT\System32\dllcache\fa410nd5.sys
[2010/07/28 11:43:26 | 000,016,074 | ---- | C] (NETGEAR Corp.) -- C:\WINNT\System32\dllcache\fa312nd5.sys
[2010/07/28 11:43:24 | 000,011,850 | ---- | C] (FUJITSU LIMITED) -- C:\WINNT\System32\dllcache\f3ab18xj.sys
[2010/07/28 11:43:22 | 000,012,362 | ---- | C] (FUJITSU LIMITED) -- C:\WINNT\System32\dllcache\f3ab18xi.sys
[2010/07/28 11:43:19 | 000,007,040 | ---- | C] (Microsoft Corporation) -- C:\WINNT\System32\dllcache\exabyte2.sys
[2010/07/28 11:43:17 | 000,016,998 | ---- | C] (Intel Corporation) -- C:\WINNT\System32\dllcache\ex10.sys
[2010/07/28 11:43:13 | 000,045,568 | ---- | C] (SEIKO EPSON CORP.) -- C:\WINNT\System32\dllcache\esunib.dll
[2010/07/28 11:43:11 | 000,045,568 | ---- | C] (SEIKO EPSON CORP.) -- C:\WINNT\System32\dllcache\esuni.dll
[2010/07/28 11:43:08 | 000,034,816 | ---- | C] (SEIKO EPSON CORP.) -- C:\WINNT\System32\dllcache\esuimg.dll
[2010/07/28 11:43:05 | 000,137,088 | ---- | C] (ESS Technology, Inc.) -- C:\WINNT\System32\dllcache\essm2e.sys
[2010/07/28 11:43:05 | 000,043,008 | ---- | C] (SEIKO EPSON CORP.) -- C:\WINNT\System32\dllcache\esucm.dll
[2010/07/28 11:43:03 | 000,063,360 | ---- | C] (ESS Technology, Inc.) -- C:\WINNT\System32\dllcache\ess.sys
[2010/07/28 11:43:00 | 000,347,550 | ---- | C] (ESS Technology, Inc.) -- C:\WINNT\System32\dllcache\es56tpi.sys
[2010/07/28 11:42:58 | 000,594,238 | ---- | C] (ESS Technology, Inc.) -- C:\WINNT\System32\dllcache\es56hpi.sys
[2010/07/28 11:42:56 | 000,595,647 | ---- | C] (ESS Technology, Inc.) -- C:\WINNT\System32\dllcache\es56cvmp.sys
[2010/07/28 11:42:54 | 000,174,464 | ---- | C] (ESS Technology, Inc.) -- C:\WINNT\System32\dllcache\es198x.sys
[2010/07/28 11:42:52 | 000,072,192 | ---- | C] (ESS Technology Inc.) -- C:\WINNT\System32\dllcache\es1969.sys
[2010/07/28 11:42:50 | 000,040,704 | ---- | C] (Creative Technology Ltd.) -- C:\WINNT\System32\dllcache\es1371mp.sys
[2010/07/28 11:42:48 | 000,037,120 | ---- | C] (Creative Technology Ltd.) -- C:\WINNT\System32\dllcache\es1370mp.sys
[2010/07/28 11:42:46 | 000,061,952 | ---- | C] (Equinox Systems Inc.) -- C:\WINNT\System32\dllcache\eqnloop.exe
[2010/07/28 11:42:44 | 000,051,200 | ---- | C] (Equinox Systems Inc.) -- C:\WINNT\System32\dllcache\eqnlogr.exe
[2010/07/28 11:42:42 | 000,053,248 | ---- | C] (Equinox Systems Inc.) -- C:\WINNT\System32\dllcache\eqndiag.exe
[2010/07/28 11:42:40 | 000,629,952 | ---- | C] (Equinox Systems Inc.) -- C:\WINNT\System32\dllcache\eqn.sys
[2010/07/28 11:42:38 | 000,114,944 | ---- | C] (Microsoft Corporation) -- C:\WINNT\System32\dllcache\epstw2k.sys
[2010/07/28 11:42:35 | 000,018,503 | ---- | C] (Intel Corporation) -- C:\WINNT\System32\dllcache\epro4.sys
[2010/07/28 11:42:34 | 000,144,896 | ---- | C] (Microsoft Corporation) -- C:\WINNT\System32\dllcache\epcfw2k.sys
[2010/07/28 11:42:32 | 000,006,400 | ---- | C] (Microsoft Corporation) -- C:\WINNT\System32\dllcache\enum1394.sys
[2010/07/28 11:42:31 | 000,283,904 | ---- | C] (Creative Technology Ltd.) -- C:\WINNT\System32\dllcache\emu10k1m.sys
[2010/07/28 11:42:26 | 000,019,996 | ---- | C] (3Com Corporation) -- C:\WINNT\System32\dllcache\em556n4.sys
[2010/07/28 11:42:25 | 000,025,159 | ---- | C] (3Com Corporation) -- C:\WINNT\System32\dllcache\elnk3.sys
[2010/07/28 11:42:23 | 000,007,296 | ---- | C] (Microsoft Corporation) -- C:\WINNT\System32\dllcache\elmsmc.sys
[2010/07/28 11:42:22 | 000,171,520 | ---- | C] (3Com Corporation) -- C:\WINNT\System32\dllcache\el99xn51.sys
[2010/07/28 11:42:20 | 000,070,174 | ---- | C] (3Com Corporation) -- C:\WINNT\System32\dllcache\el98xn5.sys
[2010/07/28 11:42:19 | 000,455,199 | ---- | C] (3Com Corporation.) -- C:\WINNT\System32\dllcache\el985n51.sys
[2010/07/28 11:42:17 | 000,153,631 | ---- | C] (3Com Corporation) -- C:\WINNT\System32\dllcache\el90xnd5.sys
[2010/07/28 11:42:16 | 000,066,591 | ---- | C] (3Com Corporation) -- C:\WINNT\System32\dllcache\el90xbc5.sys
[2010/07/28 11:42:15 | 000,241,206 | ---- | C] (3Com Corporation) -- C:\WINNT\System32\dllcache\el656se5.sys
[2010/07/28 11:42:13 | 000,077,386 | ---- | C] (3Com Corporation) -- C:\WINNT\System32\dllcache\el656nd5.sys
[2010/07/28 11:42:12 | 000,634,134 | ---- | C] (3Com Corporation) -- C:\WINNT\System32\dllcache\el656ct5.sys
[2010/07/28 11:42:10 | 000,069,194 | ---- | C] (3Com Corporation) -- C:\WINNT\System32\dllcache\el656cd5.sys
[2010/07/28 11:42:09 | 000,026,141 | ---- | C] (3Com Corporation) -- C:\WINNT\System32\dllcache\el589nd5.sys
[2010/07/28 11:42:08 | 000,069,692 | ---- | C] (3Com Corporation) -- C:\WINNT\System32\dllcache\el575nd5.sys
[2010/07/28 11:42:06 | 000,024,653 | ---- | C] (3Com Corporation) -- C:\WINNT\System32\dllcache\el574nd4.sys
[2010/07/28 11:42:05 | 000,055,999 | ---- | C] (3Com Corporation) -- C:\WINNT\System32\dllcache\el556nd5.sys
[2010/07/28 11:42:03 | 000,044,103 | ---- | C] (3Com Corporation) -- C:\WINNT\System32\dllcache\el515.sys
[2010/07/28 11:42:01 | 000,019,594 | ---- | C] (Intel Corporation) -- C:\WINNT\System32\dllcache\e100isa4.sys
[2010/07/28 11:41:59 | 000,117,760 | ---- | C] (Intel Corporation) -- C:\WINNT\System32\dllcache\e100b325.sys
[2010/07/28 11:41:58 | 000,050,719 | ---- | C] (Intel Corporation) -- C:\WINNT\System32\dllcache\e1000nt5.sys
[2010/07/28 11:41:54 | 000,020,992 | ---- | C] (Microsoft Corporation) -- C:\WINNT\System32\dllcache\dshowext.ax
[2010/07/28 11:41:52 | 000,334,208 | ---- | C] (Yamaha Corp.) -- C:\WINNT\System32\dllcache\ds1wdm.sys
[2010/07/28 11:41:49 | 000,020,192 | ---- | C] (Microsoft Corporation) -- C:\WINNT\System32\dllcache\dpti2o.sys
[2010/07/28 11:41:46 | 000,028,062 | ---- | C] (National Semiconductor Coproration) -- C:\WINNT\System32\dllcache\dp83820.sys
[2010/07/28 11:41:44 | 000,023,808 | ---- | C] (Microsoft Corporation) -- C:\WINNT\System32\dllcache\dot4usb.sys
[2010/07/28 11:41:42 | 000,008,704 | ---- | C] (Microsoft Corporation) -- C:\WINNT\System32\dllcache\dot4scan.sys
[2010/07/28 11:41:40 | 000,012,928 | ---- | C] (Microsoft Corporation) -- C:\WINNT\System32\dllcache\dot4prt.sys
[2010/07/28 11:41:39 | 000,206,976 | ---- | C] (Microsoft Corporation) -- C:\WINNT\System32\dllcache\dot4.sys
[2010/07/28 11:41:32 | 000,029,696 | ---- | C] (CNet Technology, Inc. ) -- C:\WINNT\System32\dllcache\dm9pci5.sys
[2010/07/28 11:41:31 | 000,008,320 | ---- | C] (Microsoft Corporation) -- C:\WINNT\System32\dllcache\dlttape.sys
[2010/07/28 11:41:29 | 000,026,698 | ---- | C] (D-Link Corporation) -- C:\WINNT\System32\dllcache\dlh5xnd5.sys
[2010/07/28 11:41:27 | 000,952,007 | ---- | C] (Eicon Technology) -- C:\WINNT\System32\dllcache\diwan.sys
[2010/07/28 11:41:21 | 000,236,060 | ---- | C] (Eicon Technology) -- C:\WINNT\System32\dllcache\ditrace.exe
[2010/07/28 11:41:19 | 000,038,985 | ---- | C] (Eicon Technology) -- C:\WINNT\System32\dllcache\disrvsu.dll
[2010/07/28 11:41:17 | 000,031,305 | ---- | C] (Eicon Technology) -- C:\WINNT\System32\dllcache\disrvpp.dll
[2010/07/28 11:41:16 | 000,006,729 | ---- | C] (Eicon Technology) -- C:\WINNT\System32\dllcache\disrvci.dll
[2010/07/28 11:41:13 | 000,091,305 | ---- | C] (Eicon Technology) -- C:\WINNT\System32\dllcache\dimaint.sys
[2010/07/28 11:41:12 | 000,614,429 | ---- | C] (Digi International Inc.) -- C:\WINNT\System32\dllcache\digiview.exe
[2010/07/28 11:41:10 | 000,042,432 | ---- | C] (Digi International, Inc.) -- C:\WINNT\System32\dllcache\digirlpt.sys
[2010/07/28 11:41:08 | 000,110,621 | ---- | C] (Digi International, Inc.) -- C:\WINNT\System32\dllcache\digirlpt.dll
[2010/07/28 11:41:07 | 000,021,606 | ---- | C] (Digi International Inc.) -- C:\WINNT\System32\dllcache\digiisdn.sys
[2010/07/28 11:41:05 | 000,041,046 | ---- | C] (Digi International Inc.) -- C:\WINNT\System32\dllcache\digiisdn.dll
[2010/07/28 11:41:03 | 000,102,484 | ---- | C] (Digi International Inc.) -- C:\WINNT\System32\dllcache\digiinf.dll
[2010/07/28 11:41:01 | 000,159,828 | ---- | C] (Digi International Inc.) -- C:\WINNT\System32\dllcache\digihlc.dll
[2010/07/28 11:41:00 | 000,229,462 | ---- | C] (Digi International Inc.) -- C:\WINNT\System32\dllcache\digifwrk.dll
[2010/07/28 11:40:58 | 000,090,525 | ---- | C] (Digi International Inc.) -- C:\WINNT\System32\dllcache\digifep5.sys
[2010/07/28 11:40:56 | 000,103,044 | ---- | C] (Digi International Inc.) -- C:\WINNT\System32\dllcache\digidxb.sys
[2010/07/28 11:40:54 | 000,131,156 | ---- | C] (Digi International Inc.) -- C:\WINNT\System32\dllcache\digidbp.dll
[2010/07/28 11:40:53 | 000,037,735 | ---- | C] (Digi International Inc.) -- C:\WINNT\System32\dllcache\digiasyn.sys
[2010/07/28 11:40:51 | 000,065,622 | ---- | C] (Digi International Inc.) -- C:\WINNT\System32\dllcache\digiasyn.dll
[2010/07/28 11:40:48 | 000,419,357 | ---- | C] (Digi International) -- C:\WINNT\System32\dllcache\dgconfig.dll
[2010/07/28 11:40:46 | 000,029,531 | ---- | C] (Digi International Inc.) -- C:\WINNT\System32\dllcache\dgapci.sys
[2010/07/28 11:40:44 | 000,024,649 | ---- | C] (D-Link) -- C:\WINNT\System32\dllcache\dfe650d.sys
[2010/07/28 11:40:42 | 000,024,648 | ---- | C] (D-Link) -- C:\WINNT\System32\dllcache\dfe650.sys
[2010/07/28 11:40:41 | 000,024,064 | ---- | C] (Creative Technology Ltd.) -- C:\WINNT\System32\dllcache\devldr32.exe
[2010/07/28 11:40:39 | 000,256,512 | ---- | C] (Creative Technology Ltd.) -- C:\WINNT\System32\dllcache\devcon32.dll
[2010/07/28 11:40:38 | 000,020,928 | ---- | C] (Digital Networks, LLC) -- C:\WINNT\System32\dllcache\defpa.sys
[2010/07/28 11:40:36 | 000,007,424 | ---- | C] (Microsoft Corporation) -- C:\WINNT\System32\dllcache\ddsmc.sys
[2010/07/28 11:40:34 | 000,110,592 | ---- | C] (Microsoft Corporation) -- C:\WINNT\System32\dllcache\dc260usd.dll
[2010/07/28 11:40:32 | 000,086,016 | ---- | C] (Microsoft Corporation) -- C:\WINNT\System32\dllcache\dc240usd.dll
[2010/07/28 11:40:30 | 000,063,208 | ---- | C] (Intel Corporation.) -- C:\WINNT\System32\dllcache\dc21x4.sys
[2010/07/28 11:40:29 | 000,080,896 | ---- | C] (Microsoft Corporation) -- C:\WINNT\System32\dllcache\dc210usd.dll
[2010/07/28 11:40:27 | 000,025,600 | ---- | C] (Microsoft Corporation) -- C:\WINNT\System32\dllcache\dc210_32.dll
[2010/07/28 11:40:23 | 000,014,720 | ---- | C] (Microsoft Corporation) -- C:\WINNT\System32\dllcache\dac960nt.sys
[2010/07/28 11:40:22 | 000,179,584 | ---- | C] (Mylex Corporation) -- C:\WINNT\System32\dllcache\dac2w2k.sys
[2010/07/28 11:40:18 | 000,117,760 | ---- | C] (Intel Corporation) -- C:\WINNT\System32\dllcache\d100ib5.sys
[2010/07/28 11:40:17 | 000,027,648 | ---- | C] (Microsoft Corporation) -- C:\WINNT\System32\dllcache\cyzports.dll
[2010/07/28 11:40:16 | 000,049,792 | ---- | C] (Microsoft Corporation) -- C:\WINNT\System32\dllcache\cyzport.sys
[2010/07/28 11:40:14 | 000,027,136 | ---- | C] (Microsoft Corporation) -- C:\WINNT\System32\dllcache\cyzcoins.dll
[2010/07/28 11:40:13 | 000,027,648 | ---- | C] (Microsoft Corporation) -- C:\WINNT\System32\dllcache\cyyports.dll
[2010/07/28 11:40:11 | 000,050,176 | ---- | C] (Microsoft Corporation) -- C:\WINNT\System32\dllcache\cyyport.sys
[2010/07/28 11:40:09 | 000,028,672 | ---- | C] (Microsoft Corporation) -- C:\WINNT\System32\dllcache\cyycoins.dll
[2010/07/28 11:40:08 | 000,014,848 | ---- | C] (Microsoft Corporation) -- C:\WINNT\System32\dllcache\cyclom-y.sys
[2010/07/28 11:40:06 | 000,017,152 | ---- | C] (Microsoft Corporation) -- C:\WINNT\System32\dllcache\cyclad-z.sys
[2010/07/28 11:40:05 | 000,048,640 | ---- | C] (Crystal Semiconductor Corp.) -- C:\WINNT\System32\dllcache\cwrwdm.sys
[2010/07/28 11:40:03 | 000,093,952 | ---- | C] (Crystal Semiconductor Corp.) -- C:\WINNT\System32\dllcache\cwcwdm.sys
[2010/07/28 11:40:01 | 000,111,872 | ---- | C] (Crystal Semiconductor Corp.) -- C:\WINNT\System32\dllcache\cwcspud.sys
[2010/07/28 11:40:00 | 000,003,584 | ---- | C] (Crystal Semiconductor Corp.) -- C:\WINNT\System32\dllcache\cwcosnt5.sys
[2010/07/28 11:39:58 | 000,072,832 | ---- | C] (Crystal Semiconductor Corp.) -- C:\WINNT\System32\dllcache\cwbwdm.sys
[2010/07/28 11:39:56 | 000,003,072 | ---- | C] (Crystal Semiconductor Corp.) -- C:\WINNT\System32\dllcache\cwbmidi.sys
[2010/07/28 11:39:55 | 000,003,072 | ---- | C] (Crystal Semiconductor Corp.) -- C:\WINNT\System32\dllcache\cwbase.sys
[2010/07/28 11:39:53 | 000,004,096 | ---- | C] (Creative Technology Ltd.) -- C:\WINNT\System32\dllcache\ctwdm32.dll
[2010/07/28 11:39:51 | 000,249,856 | ---- | C] (ComtrolŪ Corporation) -- C:\WINNT\System32\dllcache\ctmasetp.dll
[2010/07/28 11:39:50 | 000,096,256 | ---- | C] (Copyright © Creative Technology Ltd. 1994-2001) -- C:\WINNT\System32\dllcache\ctlsb16.sys
[2010/07/28 11:39:48 | 000,003,712 | ---- | C] (Creative Technology Ltd.) -- C:\WINNT\System32\dllcache\ctljystk.sys
[2010/07/28 11:39:46 | 000,006,912 | ---- | C] (Creative Technology Ltd.) -- C:\WINNT\System32\dllcache\ctlfacem.sys
[2010/07/28 11:39:43 | 000,175,104 | ---- | C] (Microsoft Corporation) -- C:\WINNT\System32\dllcache\csamsp.dll
[2010/07/28 11:39:41 | 000,042,112 | ---- | C] (Conexant Systems Inc.) -- C:\WINNT\System32\dllcache\crtaud.sys
[2010/07/28 11:39:39 | 000,216,064 | ---- | C] (COMPAQ Inc.) -- C:\WINNT\System32\dllcache\cpscan.dll
[2010/07/28 11:39:37 | 000,060,970 | ---- | C] (Compaq Computer Corp.) -- C:\WINNT\System32\dllcache\cpqtrnd5.sys
[2010/07/28 11:39:35 | 000,021,533 | ---- | C] (Compaq Computer Corporation) -- C:\WINNT\System32\dllcache\cpqndis5.sys
[2010/07/28 11:39:32 | 000,014,976 | ---- | C] (Microsoft Corporation) -- C:\WINNT\System32\dllcache\cpqarray.sys
[2010/07/28 11:39:26 | 000,010,240 | ---- | C] (Microsoft Corporation) -- C:\WINNT\System32\dllcache\compbatt.sys
[2010/07/28 11:39:23 | 000,039,936 | ---- | C] (Conexant Systems, Inc.) -- C:\WINNT\System32\dllcache\cnxt1803.sys
[2010/07/28 11:39:19 | 000,006,656 | ---- | C] (CMD Technology, Inc.) -- C:\WINNT\System32\dllcache\cmdide.sys
[2010/07/28 11:39:18 | 000,020,736 | ---- | C] (OMNIKEY AG) -- C:\WINNT\System32\dllcache\cmbp0wdm.sys
[2010/07/28 11:39:17 | 000,013,952 | ---- | C] (Microsoft Corporation) -- C:\WINNT\System32\dllcache\cmbatt.sys
[2010/07/28 11:39:15 | 000,248,064 | ---- | C] (Microsoft Corporation) -- C:\WINNT\System32\dllcache\cl546xm.sys
[2010/07/28 11:39:14 | 000,170,880 | ---- | C] (Microsoft Corporation) -- C:\WINNT\System32\dllcache\cl546x.dll
[2010/07/28 11:39:13 | 000,111,232 | ---- | C] (Microsoft Corporation) -- C:\WINNT\System32\dllcache\cl5465.dll
[2010/07/28 11:39:12 | 000,045,696 | ---- | C] (Microsoft Corporation) -- C:\WINNT\System32\dllcache\cirrus.sys
[2010/07/28 11:39:10 | 000,091,264 | ---- | C] (Microsoft Corporation) -- C:\WINNT\System32\dllcache\cirrus.dll
[2010/07/28 11:39:07 | 000,272,640 | ---- | C] (RAVISENT Technologies Inc.) -- C:\WINNT\System32\dllcache\cinemclc.sys
[2010/07/28 11:39:04 | 000,980,034 | ---- | C] (Xircom) -- C:\WINNT\System32\dllcache\cicap.sys
[2010/07/28 11:31:08 | 000,008,192 | ---- | C] (Microsoft Corporation) -- C:\WINNT\System32\dllcache\changer.sys
[2010/07/28 11:31:06 | 000,049,182 | ---- | C] (Xircom, Inc.) -- C:\WINNT\System32\dllcache\cem56n5.sys
[2010/07/28 11:31:05 | 000,022,044 | ---- | C] (Xircom, Inc.) -- C:\WINNT\System32\dllcache\cem33n5.sys
[2010/07/28 11:31:05 | 000,022,044 | ---- | C] (Xircom, Inc.) -- C:\WINNT\System32\dllcache\cem28n5.sys
[2010/07/28 11:31:04 | 000,027,164 | ---- | C] (Xircom, Inc.) -- C:\WINNT\System32\dllcache\ce3n5.sys
[2010/07/28 11:31:03 | 000,021,530 | ---- | C] (Xircom, Inc.) -- C:\WINNT\System32\dllcache\ce2n5.sys
[2010/07/28 11:31:02 | 000,007,680 | ---- | C] (Microsoft Corporation) -- C:\WINNT\System32\dllcache\cd20xrnt.sys
[2010/07/28 11:31:01 | 000,714,698 | ---- | C] (Xircom, Inc.) -- C:\WINNT\System32\dllcache\cbmdmkxx.sys
[2010/07/28 11:31:00 | 000,046,108 | ---- | C] (Xircom, Inc.) -- C:\WINNT\System32\dllcache\cben5.sys
[2010/07/28 11:30:59 | 000,039,680 | ---- | C] (Silicom Ltd.) -- C:\WINNT\System32\dllcache\cb325.sys
[2010/07/28 11:30:58 | 000,037,916 | ---- | C] (Fast Ethernet Controller Provider) -- C:\WINNT\System32\dllcache\cb102.sys
[2010/07/28 11:30:56 | 000,032,256 | ---- | C] (Eicon Technology Corporation) -- C:\WINNT\System32\dllcache\diapi2NT.dll
[2010/07/28 11:30:55 | 000,164,923 | ---- | C] (Eicon Technology) -- C:\WINNT\System32\dllcache\diapi2.sys
[2010/07/28 11:30:54 | 000,121,856 | ---- | C] (Microsoft Corporation) -- C:\WINNT\System32\dllcache\camext30.dll
[2010/07/28 11:30:53 | 000,116,736 | ---- | C] (Microsoft Corporation) -- C:\WINNT\System32\dllcache\camext30.ax
[2010/07/28 11:30:52 | 000,236,032 | ---- | C] (Microsoft Corporation) -- C:\WINNT\System32\dllcache\camext20.dll
[2010/07/28 11:30:51 | 000,244,224 | ---- | C] (Microsoft Corporation) -- C:\WINNT\System32\dllcache\camext20.ax
[2010/07/28 11:30:50 | 000,074,240 | ---- | C] (Microsoft Corporation) -- C:\WINNT\System32\dllcache\camexo20.dll
[2010/07/28 11:30:50 | 000,073,216 | ---- | C] (Microsoft Corporation) -- C:\WINNT\System32\dllcache\camexo20.ax
[2010/07/28 11:30:49 | 000,171,264 | ---- | C] (Microsoft Corporation) -- C:\WINNT\System32\dllcache\camdrv30.sys
[2010/07/28 11:30:48 | 000,223,232 | ---- | C] (Microsoft Corporation) -- C:\WINNT\System32\dllcache\camdrv21.sys
[2010/07/28 11:30:47 | 000,314,752 | ---- | C] (Microsoft Corporation) -- C:\WINNT\System32\dllcache\camdro21.sys
[2010/07/28 11:30:20 | 000,013,824 | ---- | C] (Microsoft Corporation) -- C:\WINNT\System32\dllcache\bulltlp3.sys
[2010/07/28 11:30:18 | 000,031,529 | ---- | C] (BreezeCOM) -- C:\WINNT\System32\dllcache\brzwlan.sys
[2010/07/28 11:30:17 | 000,011,008 | ---- | C] (Brother Industries Ltd.) -- C:\WINNT\System32\dllcache\brusbmdm.sys
[2010/07/28 11:30:17 | 000,010,368 | ---- | C] (Brother Industries Ltd.) -- C:\WINNT\System32\dllcache\brusbscn.sys
[2010/07/28 11:30:16 | 000,060,416 | ---- | C] (Brother Industries Ltd.) -- C:\WINNT\System32\dllcache\brserwdm.sys
[2010/07/28 11:30:15 | 000,009,728 | ---- | C] (Brother Industries, Ltd.) -- C:\WINNT\System32\dllcache\brserif.dll
[2010/07/28 11:30:14 | 000,005,120 | ---- | C] (Brother Industries,Ltd.) -- C:\WINNT\System32\dllcache\brscnrsm.dll
[2010/07/28 11:30:13 | 000,039,552 | ---- | C] (Brother Industries Ltd.) -- C:\WINNT\System32\dllcache\brparwdm.sys
[2010/07/28 11:30:13 | 000,003,168 | ---- | C] (Brother Industries Ltd.) -- C:\WINNT\System32\dllcache\brparimg.sys
[2010/07/28 11:30:11 | 000,041,472 | ---- | C] (Brother Industries, Ltd.) -- C:\WINNT\System32\dllcache\brmfusb.dll
[2010/07/28 11:30:10 | 000,032,256 | ---- | C] (Brother Industries, Ltd.) -- C:\WINNT\System32\dllcache\brmfrsmg.exe
[2010/07/28 11:30:10 | 000,029,696 | ---- | C] (Brother Industries, Ltd.) -- C:\WINNT\System32\dllcache\brmflpt.dll
[2010/07/28 11:30:09 | 000,081,408 | ---- | C] (Microsoft Corporation) -- C:\WINNT\System32\dllcache\brmfcwia.dll
[2010/07/28 11:30:07 | 000,015,360 | ---- | C] (Brother Industries, Ltd.) -- C:\WINNT\System32\dllcache\brmfbidi.dll
[2010/07/28 11:30:07 | 000,003,968 | ---- | C] (Brother Industries, Ltd.) -- C:\WINNT\System32\dllcache\brfiltup.sys
[2010/07/28 11:30:06 | 000,012,160 | ---- | C] (Brother Industries, Ltd.) -- C:\WINNT\System32\dllcache\brfiltlo.sys
[2010/07/28 11:30:05 | 000,012,800 | ---- | C] (Brother Industries, Ltd.) -- C:\WINNT\System32\dllcache\brevif.dll
[2010/07/28 11:30:05 | 000,002,944 | ---- | C] (Brother Industries Ltd.) -- C:\WINNT\System32\dllcache\brfilt.sys
[2010/07/28 11:30:04 | 000,009,728 | ---- | C] (Brother Industries Ltd.) -- C:\WINNT\System32\dllcache\brcoinst.dll
[2010/07/28 11:30:03 | 000,019,456 | ---- | C] (Brother Industries, Ltd.) -- C:\WINNT\System32\dllcache\brbidiif.dll
[2010/07/28 11:30:01 | 000,102,400 | ---- | C] (Microsoft Corporation) -- C:\WINNT\System32\dllcache\binlsvc.dll
[2010/07/28 11:30:00 | 000,871,388 | ---- | C] (BCM) -- C:\WINNT\System32\dllcache\bcmdm.sys
[2010/07/28 11:29:59 | 000,026,568 | ---- | C] (Broadcom Corporation) -- C:\WINNT\System32\dllcache\bcm4e5.sys
[2010/07/28 11:29:58 | 000,066,557 | ---- | C] (Broadcom Corporation) -- C:\WINNT\System32\dllcache\bcm42u.sys
[2010/07/28 11:29:58 | 000,054,271 | ---- | C] (Broadcom Corporation) -- C:\WINNT\System32\dllcache\bcm42xx5.sys
[2010/07/28 11:29:57 | 000,014,208 | ---- | C] (Microsoft Corporation) -- C:\WINNT\System32\dllcache\battc.sys
[2010/07/28 11:29:56 | 000,036,128 | ---- | C] (3Dfx Interactive, Inc.) -- C:\WINNT\System32\dllcache\banshee.sys
[2010/07/28 11:29:55 | 000,342,336 | ---- | C] (3Dfx Interactive, Inc.) -- C:\WINNT\System32\dllcache\banshee.dll
[2010/07/28 11:29:54 | 000,089,952 | ---- | C] (AVM GmbH) -- C:\WINNT\System32\dllcache\b1cbase.sys
[2010/07/28 11:29:54 | 000,036,992 | ---- | C] (Aztech Systems Ltd) -- C:\WINNT\System32\dllcache\aztw2320.sys
[2010/07/28 11:29:52 | 000,144,384 | ---- | C] (AVM GmbH) -- C:\WINNT\System32\dllcache\avmenum.dll
[2010/07/28 11:29:52 | 000,037,568 | ---- | C] (AVM GmbH) -- C:\WINNT\System32\dllcache\avmwan.sys
[2010/07/28 11:29:51 | 000,087,552 | ---- | C] (AVM GmbH) -- C:\WINNT\System32\dllcache\avmcoxp.dll
[2010/07/28 11:29:50 | 000,013,696 | ---- | C] (Microsoft Corporation) -- C:\WINNT\System32\dllcache\avcstrm.sys
[2010/07/28 11:29:49 | 000,036,096 | ---- | C] (Microsoft Corporation) -- C:\WINNT\System32\dllcache\avcaudio.sys
[2010/07/28 11:29:48 | 000,038,912 | ---- | C] (Microsoft Corporation) -- C:\WINNT\System32\dllcache\avc.sys
[2010/07/28 11:29:40 | 000,070,528 | ---- | C] (ATI Technologies Inc.) -- C:\WINNT\System32\dllcache\atiragem.sys
[2010/07/28 11:29:39 | 000,104,832 | ---- | C] (ATI Technologies Inc.) -- C:\WINNT\System32\dllcache\atiraged.dll
[2010/07/28 11:29:38 | 000,281,600 | ---- | C] (ATI Technologies Inc.) -- C:\WINNT\System32\dllcache\atimtai.sys
[2010/07/28 11:29:37 | 000,289,664 | ---- | C] (ATI Technologies Inc.) -- C:\WINNT\System32\dllcache\atimpab.sys
[2010/07/28 11:29:37 | 000,075,136 | ---- | C] (ATI Technologies Inc.) -- C:\WINNT\System32\dllcache\atimpae.sys
[2010/07/28 11:29:36 | 000,037,376 | ---- | C] (Microsoft Corporation) -- C:\WINNT\System32\dllcache\atievxx.exe
[2010/07/28 11:29:35 | 000,268,160 | ---- | C] (ATI Technologies Inc.) -- C:\WINNT\System32\dllcache\atidvai.dll
[2010/07/28 11:29:34 | 000,382,592 | ---- | C] (ATI Technologies Inc.) -- C:\WINNT\System32\dllcache\atidrab.dll
[2010/07/28 11:29:34 | 000,137,216 | ---- | C] (ATI Technologies Inc.) -- C:\WINNT\System32\dllcache\atidrae.dll
[2010/07/28 11:29:31 | 000,096,128 | ---- | C] (Microsoft Corporation) -- C:\WINNT\System32\dllcache\ati.dll
[2010/07/28 11:29:31 | 000,077,568 | ---- | C] (ATI Technologies, Inc.) -- C:\WINNT\System32\dllcache\ati.sys
[2010/07/28 11:29:29 | 000,097,354 | ---- | C] (Bay Networks, Inc.) -- C:\WINNT\System32\dllcache\aspndis3.sys
[2010/07/28 11:29:28 | 000,014,848 | ---- | C] (Advanced System Products, Inc.) -- C:\WINNT\System32\dllcache\asc3550.sys
[2010/07/28 11:29:27 | 000,026,496 | ---- | C] (Advanced System Products, Inc.) -- C:\WINNT\System32\dllcache\asc.sys
[2010/07/28 11:29:27 | 000,022,400 | ---- | C] (Microsoft Corporation) -- C:\WINNT\System32\dllcache\asc3350p.sys
[2010/07/28 11:29:24 | 000,036,224 | ---- | C] (ADMtek Incorporated.) -- C:\WINNT\System32\dllcache\an983.sys
[2010/07/28 11:29:24 | 000,006,272 | ---- | C] (Microsoft Corporation) -- C:\WINNT\System32\dllcache\apmbatt.sys
[2010/07/28 11:29:23 | 000,012,032 | ---- | C] (Microsoft Corporation) -- C:\WINNT\System32\dllcache\amsint.sys
[2010/07/28 11:29:22 | 000,016,969 | ---- | C] (AmbiCom, Inc.) -- C:\WINNT\System32\dllcache\amb8002.sys
[2010/07/28 11:29:21 | 000,026,624 | ---- | C] (Acer Laboratories Inc.) -- C:\WINNT\System32\dllcache\alifir.sys
[2010/07/28 11:29:21 | 000,005,248 | ---- | C] (Acer Laboratories Inc.) -- C:\WINNT\System32\dllcache\aliide.sys
[2010/07/28 11:29:20 | 000,027,678 | ---- | C] (Acer Laboratories Inc.) -- C:\WINNT\System32\dllcache\ali5261.sys
[2010/07/28 11:29:19 | 000,056,960 | ---- | C] (Microsoft Corporation) -- C:\WINNT\System32\dllcache\aic78xx.sys
[2010/07/28 11:29:19 | 000,055,168 | ---- | C] (Microsoft Corporation) -- C:\WINNT\System32\dllcache\aic78u2.sys
[2010/07/28 11:29:18 | 000,012,800 | ---- | C] (Microsoft Corporation) -- C:\WINNT\System32\dllcache\aha154x.sys
[2010/07/28 11:29:14 | 000,024,576 | ---- | C] (Microsoft Corporation) -- C:\WINNT\System32\dllcache\agcgauge.ax
[2010/07/28 11:29:11 | 000,101,888 | ---- | C] (Microsoft Corporation) -- C:\WINNT\System32\dllcache\adpu160m.sys
[2010/07/28 11:29:11 | 000,046,112 | ---- | C] (Adaptec, Inc ) -- C:\WINNT\System32\dllcache\adptsf50.sys
[2010/07/28 11:29:10 | 000,010,880 | ---- | C] (Aureal, Inc.) -- C:\WINNT\System32\dllcache\admjoy.sys
[2010/07/28 11:29:09 | 000,747,392 | ---- | C] (Aureal, Inc.) -- C:\WINNT\System32\dllcache\adm8830.sys
[2010/07/28 11:29:08 | 000,584,448 | ---- | C] (Aureal, Inc.) -- C:\WINNT\System32\dllcache\adm8810.sys
[2010/07/28 11:29:08 | 000,553,984 | ---- | C] (Aureal, Inc.) -- C:\WINNT\System32\dllcache\adm8820.sys
[2010/07/28 11:29:07 | 000,020,160 | ---- | C] (ADMtek Incorporated) -- C:\WINNT\System32\dllcache\adm8511.sys
[2010/07/28 11:29:06 | 000,007,424 | ---- | C] (Microsoft Corporation) -- C:\WINNT\System32\dllcache\adicvls.sys
[2010/07/28 11:29:05 | 000,084,480 | ---- | C] (VIA Technologies, Inc.) -- C:\WINNT\System32\dllcache\ac97via.sys
[2010/07/28 11:29:05 | 000,061,440 | ---- | C] (Color Flatbed Scanner) -- C:\WINNT\System32\dllcache\acerscad.dll
[2010/07/28 11:29:04 | 000,297,728 | ---- | C] (Silicon Integrated Systems Corp.) -- C:\WINNT\System32\dllcache\ac97sis.sys
[2010/07/28 11:29:03 | 000,231,552 | ---- | C] (Acer Laboratories Inc.) -- C:\WINNT\System32\dllcache\ac97ali.sys
[2010/07/28 11:29:03 | 000,096,256 | ---- | C] (Intel Corporation) -- C:\WINNT\System32\dllcache\ac97intc.sys
[2010/07/28 11:29:03 | 000,023,552 | ---- | C] (Microsoft Corporation) -- C:\WINNT\System32\dllcache\abp480n5.sys
[2010/07/28 11:29:02 | 000,462,848 | ---- | C] (Aureal Inc.) -- C:\WINNT\System32\dllcache\a3dapi.dll
[2010/07/28 11:29:01 | 000,048,128 | ---- | C] (Microsoft Corporation) -- C:\WINNT\System32\dllcache\61883.sys
[2010/07/28 11:29:01 | 000,038,400 | ---- | C] (Microsoft Corporation) -- C:\WINNT\System32\dllcache\8514a.dll
[2010/07/28 11:29:01 | 000,012,288 | ---- | C] (Microsoft Corporation) -- C:\WINNT\System32\dllcache\4mmdat.sys
[2010/07/28 11:29:00 | 000,148,352 | ---- | C] (3dfx Interactive, Inc.) -- C:\WINNT\System32\dllcache\3dfxvsm.sys
[2010/07/28 11:28:59 | 000,762,780 | ---- | C] (3Com, Inc.) -- C:\WINNT\System32\dllcache\3cwmcru.sys
[2010/07/28 11:28:59 | 000,689,216 | ---- | C] (3dfx Interactive, Inc.) -- C:\WINNT\System32\dllcache\3dfxvs.dll
[2010/07/28 11:28:58 | 000,053,376 | ---- | C] (Microsoft Corporation) -- C:\WINNT\System32\dllcache\1394bus.sys
[2010/07/28 11:28:58 | 000,011,264 | ---- | C] (Microsoft Corporation) -- C:\WINNT\System32\dllcache\1394vdbg.sys
[2010/07/28 11:28:34 | 000,066,048 | ---- | C] (Microsoft Corporation) -- C:\WINNT\System32\dllcache\s3legacy.dll
[2010/07/27 11:02:56 | 000,000,000 | ---D | C] -- C:\!KillBox
[2010/07/27 10:50:19 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NetworkService\Local Settings\Application Data\lyaanhtea
[2010/07/26 11:17:25 | 000,000,000 | RH-D | C] -- C:\Documents and Settings\Administrator\Recent
[2010/07/26 10:57:58 | 000,000,000 | ---D | C] -- C:\spoolerlogs
[2010/07/26 10:22:01 | 000,000,000 | ---D | C] -- C:\_OTL
[2010/07/26 10:17:58 | 000,000,000 | -HSD | C] -- C:\Documents and Settings\Administrator\PrivacIE
[2010/07/21 15:14:00 | 000,000,000 | -HSD | C] -- C:\Documents and Settings\Administrator\IECompatCache
[2010/07/21 15:11:13 | 000,000,000 | -HSD | C] -- C:\Documents and Settings\Administrator\IETldCache
[2010/07/21 14:49:12 | 000,000,000 | -H-D | C] -- C:\WINNT\ie8
[2010/07/21 10:08:12 | 000,212,480 | ---- | C] (SteelWerX) -- C:\WINNT\SWXCACLS.exe
[2010/07/21 10:08:12 | 000,161,792 | ---- | C] (SteelWerX) -- C:\WINNT\SWREG.exe
[2010/07/21 10:08:12 | 000,136,704 | ---- | C] (SteelWerX) -- C:\WINNT\SWSC.exe
[2010/07/21 10:08:12 | 000,031,232 | ---- | C] (NirSoft) -- C:\WINNT\NIRCMD.exe
[2010/07/21 10:07:55 | 000,000,000 | ---D | C] -- C:\WINNT\ERDNT
[2010/07/21 10:06:27 | 000,000,000 | ---D | C] -- C:\Qoobox
[2010/07/20 15:18:37 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Desktop\backups
[2010/07/19 15:04:25 | 000,000,000 | ---D | C] -- C:\Program Files\FiveStarInteractive
[2010/07/19 15:01:52 | 000,000,000 | ---D | C] -- C:\Program Files\ESET
[2010/07/19 11:32:12 | 000,388,608 | ---- | C] (Trend Micro Inc.) -- C:\Documents and Settings\Administrator\Desktop\HijackThis.exe
[2010/07/19 11:31:19 | 001,870,800 | ---- | C] (Trend Micro Inc.) -- C:\Documents and Settings\Administrator\Desktop\HousecallLauncher.exe
[2010/07/16 14:57:41 | 000,000,000 | -H-D | C] -- C:\WINNT\ie7
[2010/07/16 13:53:27 | 000,000,000 | ---D | C] -- C:\Program Files\VS Revo Group
[2010/07/12 12:35:51 | 000,000,000 | ---D | C] -- C:\WINNT\System\nls
[2010/07/12 12:35:35 | 000,000,000 | ---D | C] -- C:\WINNT\System32\NetWare
[2010/07/12 12:35:34 | 000,000,000 | ---D | C] -- C:\Program Files\CUAgent
[2010/07/12 10:17:18 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\SUPERAntiSpyware.com
[2010/07/12 10:17:10 | 000,000,000 | ---D | C] -- C:\Program Files\SUPERAntiSpyware
[2010/07/09 00:18:00 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NetworkService\Application Data\AdobeUM
[2010/07/06 09:22:29 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NetworkService\Local Settings\Application Data\odvmnqakb
[2010/07/01 17:53:32 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NetworkService\Local Settings\Application Data\Adobe
[2010/06/29 15:17:50 | 000,266,360 | ---- | C] (Microsoft Corporation) -- C:\WINNT\System32\TweakUI.exe
[618 C:\WINNT\System32\dllcache\*.tmp files -> C:\WINNT\System32\dllcache\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2010/07/29 14:20:00 | 000,000,420 | -H-- | M] () -- C:\WINNT\tasks\User_Feed_Synchronization-{EE968B08-25B7-4FEB-B4C0-59E939CF5A99}.job
[2010/07/29 14:20:00 | 000,000,416 | -H-- | M] () -- C:\WINNT\tasks\User_Feed_Synchronization-{47A8ACDA-C0F2-40D5-B35B-0AE431E8707E}.job
[2010/07/29 12:37:05 | 000,000,180 | ---- | M] () -- C:\WINNT\hpbafd.ini
[2010/07/29 10:39:50 | 000,002,206 | ---- | M] () -- C:\WINNT\System32\wpa.dbl
[2010/07/29 10:39:14 | 000,000,006 | -H-- | M] () -- C:\WINNT\tasks\SA.DAT
[2010/07/29 10:39:12 | 526,962,688 | -HS- | M] () -- C:\hiberfil.sys
[2010/07/29 10:39:12 | 000,002,048 | --S- | M] () -- C:\WINNT\bootstat.dat
[2010/07/28 15:01:21 | 008,912,896 | -H-- | M] () -- C:\Documents and Settings\Administrator\NTUSER.DAT
[2010/07/28 15:01:21 | 000,000,278 | -HS- | M] () -- C:\Documents and Settings\Administrator\ntuser.ini
[2010/07/28 15:01:18 | 003,712,656 | -H-- | M] () -- C:\Documents and Settings\Administrator\Local Settings\Application Data\IconCache.db
[2010/07/28 14:53:46 | 000,000,246 | ---- | M] () -- C:\WINNT\system.ini
[2010/07/28 14:53:38 | 000,000,027 | ---- | M] () -- C:\WINNT\System32\drivers\etc\hosts
[2010/07/28 12:50:48 | 000,001,917 | ---- | M] () -- C:\WINNT\imsins.BAK
[2010/07/26 10:44:40 | 000,293,376 | ---- | M] () -- C:\Documents and Settings\Administrator\Desktop\1treb2bp.exe
[2010/07/21 15:11:32 | 000,000,821 | ---- | M] () -- C:\Documents and Settings\Administrator\Application Data\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser.lnk
[2010/07/20 14:59:53 | 000,000,688 | ---- | M] () -- C:\Documents and Settings\Administrator\Desktop\CCleaner.lnk
[2010/07/20 08:33:17 | 000,412,092 | R--- | M] () -- C:\WINNT\System32\drivers\etc\hosts.20100721-082107.backup
[2010/07/20 08:16:39 | 000,000,957 | ---- | M] () -- C:\Documents and Settings\Administrator\Application Data\Microsoft\Internet Explorer\Quick Launch\Spybot - Search & Destroy.lnk
[2010/07/20 08:16:39 | 000,000,939 | ---- | M] () -- C:\Documents and Settings\Administrator\Desktop\Spybot - Search & Destroy.lnk
[2010/07/20 08:00:08 | 000,285,312 | ---- | M] () -- C:\WINNT\System32\FNTCACHE.DAT
[2010/07/19 15:17:16 | 000,070,792 | ---- | M] () -- C:\Documents and Settings\Administrator\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
[2010/07/19 11:32:21 | 000,388,608 | ---- | M] (Trend Micro Inc.) -- C:\Documents and Settings\Administrator\Desktop\HijackThis.exe
[2010/07/19 11:31:42 | 000,000,036 | ---- | M] () -- C:\Documents and Settings\Administrator\Local Settings\Application Data\housecall.guid.cache
[2010/07/19 11:31:37 | 001,870,800 | ---- | M] (Trend Micro Inc.) -- C:\Documents and Settings\Administrator\Desktop\HousecallLauncher.exe
[2010/07/16 14:19:42 | 000,532,552 | ---- | M] () -- C:\WINNT\System32\PerfStringBackup.INI
[2010/07/16 14:19:42 | 000,449,424 | ---- | M] () -- C:\WINNT\System32\perfh009.dat
[2010/07/16 14:19:42 | 000,073,830 | ---- | M] () -- C:\WINNT\System32\perfc009.dat
[2010/07/16 13:53:31 | 000,000,923 | ---- | M] () -- C:\Documents and Settings\Administrator\Desktop\Revo Uninstaller.lnk
[2010/07/13 15:13:10 | 000,009,058 | ---- | M] () -- C:\WINNT\System32\jsc
[2010/07/12 13:00:53 | 000,000,584 | ---- | M] () -- C:\Documents and Settings\Administrator\Desktop\Shortcut to loginw32.lnk
[2010/07/12 12:59:40 | 000,000,572 | ---- | M] () -- C:\Documents and Settings\Administrator\Desktop\Shortcut to nwtray.lnk
[2010/07/12 12:36:04 | 000,000,504 | ---- | M] () -- C:\WINNT\System32\AUTOEXEC.NT
[2010/07/12 10:17:14 | 000,001,684 | ---- | M] () -- C:\Documents and Settings\Administrator\Desktop\SUPERAntiSpyware Free Edition.lnk
[2010/07/12 10:16:28 | 000,001,237 | ---- | M] () -- C:\Documents and Settings\Administrator\Desktop\!!SB2010.lnk
[2010/06/30 12:07:00 | 000,000,855 | ---- | M] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Photags AutoDetect.lnk
[2010/06/30 11:44:35 | 000,001,595 | ---- | M] () -- C:\Documents and Settings\Administrator\Desktop\Launch Auto Detect (2).lnk
[618 C:\WINNT\System32\dllcache\*.tmp files -> C:\WINNT\System32\dllcache\*.tmp -> ]

========== Files Created - No Company Name ==========

[2010/07/29 14:09:20 | 000,018,944 | ---- | C] () -- C:\WINNT\System32\dllcache\xrxscnui.dll
[2010/07/29 14:09:16 | 000,027,648 | ---- | C] () -- C:\WINNT\System32\dllcache\xrxftplt.exe
[2010/07/29 14:08:27 | 000,028,288 | ---- | C] () -- C:\WINNT\System32\dllcache\xjis.nls
[2010/07/29 11:34:36 | 001,158,818 | ---- | C] () -- C:\WINNT\System32\dllcache\korwbrkr.lex
[2010/07/29 11:12:47 | 000,134,339 | ---- | C] () -- C:\WINNT\System32\dllcache\imekr.lex
[2010/07/29 10:57:53 | 000,108,827 | ---- | C] () -- C:\WINNT\System32\dllcache\hanja.lex
[2010/07/28 15:03:02 | 526,962,688 | -HS- | C] () -- C:\hiberfil.sys
[2010/07/28 12:50:34 | 000,001,917 | ---- | C] () -- C:\WINNT\imsins.BAK
[2010/07/28 11:51:47 | 000,165,888 | ---- | C] () -- C:\WINNT\System32\dllcache\hpgt53.dll
[2010/07/28 11:51:41 | 000,093,696 | ---- | C] () -- C:\WINNT\System32\dllcache\hpgt42.dll
[2010/07/28 11:51:34 | 000,101,376 | ---- | C] () -- C:\WINNT\System32\dllcache\hpgt34.dll
[2010/07/28 11:51:29 | 000,089,088 | ---- | C] () -- C:\WINNT\System32\dllcache\hpgt33.dll
[2010/07/28 11:51:24 | 000,083,968 | ---- | C] () -- C:\WINNT\System32\dllcache\hpgt21.dll
[2010/07/28 11:41:26 | 000,029,768 | ---- | C] () -- C:\WINNT\System32\dllcache\divasu.dll
[2010/07/28 11:41:24 | 000,037,962 | ---- | C] () -- C:\WINNT\System32\dllcache\divaprop.dll
[2010/07/28 11:41:22 | 000,006,216 | ---- | C] () -- C:\WINNT\System32\dllcache\divaci.dll
[2010/07/28 11:29:45 | 000,026,624 | ---- | C] () -- C:\WINNT\System32\dllcache\ativxbar.sys
[2010/07/28 11:29:45 | 000,023,552 | ---- | C] () -- C:\WINNT\System32\dllcache\atixbar.sys
[2010/07/28 11:29:44 | 000,019,456 | ---- | C] () -- C:\WINNT\System32\dllcache\ativttxx.sys
[2010/07/28 11:29:43 | 000,017,152 | ---- | C] () -- C:\WINNT\System32\dllcache\atitvsnd.sys
[2010/07/28 11:29:43 | 000,009,472 | ---- | C] () -- C:\WINNT\System32\dllcache\ativmdcd.sys
[2010/07/28 11:29:42 | 000,017,152 | ---- | C] () -- C:\WINNT\System32\dllcache\atitunep.sys
[2010/07/28 11:29:41 | 000,049,920 | ---- | C] () -- C:\WINNT\System32\dllcache\atirtcap.sys
[2010/07/28 11:29:41 | 000,026,880 | ---- | C] () -- C:\WINNT\System32\dllcache\atirtsnd.sys
[2010/07/28 11:29:39 | 000,010,240 | ---- | C] () -- C:\WINNT\System32\dllcache\atipcxxx.sys
[2010/07/28 11:29:33 | 000,046,464 | ---- | C] () -- C:\WINNT\System32\dllcache\atibt829.sys
[2010/07/27 10:02:40 | 000,000,416 | -H-- | C] () -- C:\WINNT\tasks\User_Feed_Synchronization-{47A8ACDA-C0F2-40D5-B35B-0AE431E8707E}.job
[2010/07/27 09:14:21 | 000,000,420 | -H-- | C] () -- C:\WINNT\tasks\User_Feed_Synchronization-{EE968B08-25B7-4FEB-B4C0-59E939CF5A99}.job
[2010/07/26 10:44:37 | 000,293,376 | ---- | C] () -- C:\Documents and Settings\Administrator\Desktop\1treb2bp.exe
[2010/07/21 10:08:12 | 000,256,512 | ---- | C] () -- C:\WINNT\PEV.exe
[2010/07/21 10:08:12 | 000,098,816 | ---- | C] () -- C:\WINNT\sed.exe
[2010/07/21 10:08:12 | 000,080,412 | ---- | C] () -- C:\WINNT\grep.exe
[2010/07/21 10:08:12 | 000,077,312 | ---- | C] () -- C:\WINNT\MBR.exe
[2010/07/21 10:08:12 | 000,068,096 | ---- | C] () -- C:\WINNT\zip.exe
[2010/07/19 11:31:42 | 000,000,036 | ---- | C] () -- C:\Documents and Settings\Administrator\Local Settings\Application Data\housecall.guid.cache
[2010/07/16 14:19:37 | 000,000,821 | ---- | C] () -- C:\Documents and Settings\Administrator\Application Data\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser.lnk
[2010/07/16 13:53:31 | 000,000,923 | ---- | C] () -- C:\Documents and Settings\Administrator\Desktop\Revo Uninstaller.lnk
[2010/07/13 15:13:10 | 000,009,058 | ---- | C] () -- C:\WINNT\System32\jsc
[2010/07/12 13:00:53 | 000,000,584 | ---- | C] () -- C:\Documents and Settings\Administrator\Desktop\Shortcut to loginw32.lnk
[2010/07/12 12:59:40 | 000,000,572 | ---- | C] () -- C:\Documents and Settings\Administrator\Desktop\Shortcut to nwtray.lnk
[2010/07/12 10:17:14 | 000,001,684 | ---- | C] () -- C:\Documents and Settings\Administrator\Desktop\SUPERAntiSpyware Free Edition.lnk
[2010/07/12 10:15:30 | 000,001,237 | ---- | C] () -- C:\Documents and Settings\Administrator\Desktop\!!SB2010.lnk
[2010/06/30 12:06:55 | 000,000,855 | ---- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Photags AutoDetect.lnk
[2010/06/30 11:44:35 | 000,001,595 | ---- | C] () -- C:\Documents and Settings\Administrator\Desktop\Launch Auto Detect (2).lnk
[2010/06/29 15:17:50 | 000,160,217 | ---- | C] () -- C:\WINNT\System32\PowerToysLicense.rtf
[2009/08/03 15:07:42 | 000,403,816 | ---- | C] () -- C:\WINNT\System32\OGACheckControl.dll
[2009/04/22 15:30:22 | 000,363,520 | ---- | C] () -- C:\WINNT\System32\psisdecd.dll
[2009/04/22 09:14:16 | 000,001,793 | ---- | C] () -- C:\WINNT\System32\fxsperf.ini
[2008/09/01 01:02:51 | 000,024,576 | ---- | C] () -- C:\WINNT\System32\FSRremoC.DLL
[2008/08/27 11:23:52 | 000,262,227 | ---- | C] () -- C:\WINNT\System32\nwshlxnt.dll
[2008/08/13 10:10:20 | 000,225,356 | ---- | C] () -- C:\WINNT\System32\lgnwnt32.dll
[2008/06/20 13:49:53 | 000,000,184 | ---- | C] () -- C:\WINNT\_delis43.ini
[2007/02/12 18:43:54 | 000,065,619 | ---- | C] () -- C:\WINNT\System32\setupw2k.dll
[2007/01/19 15:23:27 | 000,000,039 | ---- | C] () -- C:\WINNT\Pt.dll
[2006/11/27 11:55:52 | 000,000,180 | ---- | C] () -- C:\WINNT\dsxxxx.ini
[2006/11/26 17:41:56 | 000,065,792 | ---- | C] () -- C:\WINNT\System32\drivers\Dsc2par.sys
[2006/09/28 10:59:05 | 000,118,784 | ---- | C] () -- C:\WINNT\System32\Lfkodak.dll
[2006/09/28 10:59:04 | 000,338,944 | ---- | C] () -- C:\WINNT\System32\lffpx7.dll
[2006/09/28 10:59:04 | 000,145,408 | ---- | C] () -- C:\WINNT\System32\Bclw32.dll
[2006/09/26 10:26:00 | 000,025,600 | ---- | C] () -- C:\WINNT\System32\CBNDLL.DLL
[2006/09/26 10:26:00 | 000,015,408 | ---- | C] () -- C:\WINNT\System32\CB560WIN.DLL
[2006/09/26 10:26:00 | 000,011,296 | ---- | C] () -- C:\WINNT\System32\drivers\MARXDEV3.SYS
[2006/09/26 10:26:00 | 000,011,296 | ---- | C] () -- C:\WINNT\System32\drivers\MARXDEV2.SYS
[2006/09/26 10:26:00 | 000,011,296 | ---- | C] () -- C:\WINNT\System32\drivers\MARXDEV1.SYS
[2006/09/26 10:26:00 | 000,010,240 | ---- | C] () -- C:\WINNT\System32\CBNVDD.DLL
[2006/09/25 15:18:42 | 000,001,056 | ---- | C] () -- C:\WINNT\ODBC.INI
[2006/09/25 10:35:20 | 000,054,424 | ---- | C] () -- C:\WINNT\System32\dime3500.drv
[2006/09/21 13:36:53 | 000,000,044 | ---- | C] () -- C:\WINNT\hpmnwun.ini
[2006/09/21 13:32:02 | 000,000,000 | ---- | C] () -- C:\WINNT\HPMProp.INI
[2006/09/21 13:31:36 | 000,094,274 | ---- | C] () -- C:\WINNT\System32\HPBHEALR.DLL
[2006/09/21 12:42:26 | 000,003,399 | ---- | C] () -- C:\WINNT\System32\hptcpmon.ini
[2006/09/21 12:42:26 | 000,002,237 | ---- | C] () -- C:\WINNT\System32\AddPort.ini
[2006/09/21 12:42:26 | 000,000,180 | ---- | C] () -- C:\WINNT\hpbafd.ini
[2006/03/27 13:08:34 | 000,040,960 | ---- | C] () -- C:\WINNT\System32\nwslog32.dll
[2000/01/20 09:15:14 | 000,051,200 | ---- | C] () -- C:\WINNT\System32\lgncon32.dll
[1999/12/07 08:00:00 | 000,176,400 | ---- | C] () -- C:\WINNT\System32\qcut.dll
[1999/09/25 06:36:24 | 000,088,816 | ---- | C] () -- C:\WINNT\System32\drivers\lvcam.sys
[1999/09/25 06:36:22 | 000,017,424 | ---- | C] () -- C:\WINNT\System32\drivers\lvsound.sys
[1999/01/11 04:37:36 | 000,002,757 | ---- | C] () -- C:\WINNT\System32\rdrstats.ini
[1997/07/11 01:00:00 | 000,022,016 | ---- | C] () -- C:\WINNT\System32\ODBCSTF.DLL
[1997/07/11 00:00:00 | 000,022,016 | ---- | C] () -- C:\WINNT\System32\DOCOBJ.DLL
[1996/05/14 09:50:22 | 000,192,512 | ---- | C] () -- C:\WINNT\System32\prtwin32.dll
[1995/08/22 08:36:12 | 000,192,512 | ---- | C] () -- C:\WINNT\System32\nwpsrv32.dll

========== Alternate Data Streams ==========

@Alternate Data Stream - 118 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:5C321E34
< End of report >


#15 myrti

myrti

    Sillyberry


  • Malware Study Hall Admin
  • 33,771 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:At home
  • Local time:06:52 AM

Posted 29 July 2010 - 02:08 PM

Hi,

the log is looking good. Please let me know how the browsers behave.

regards myrti

is that a bird?  a plane? nooo it's the flying blueberry!

If I have been helping you and haven't replied in 2 days, feel free to shoot me a PM! Please don't send help request via PM, unless I am already helping you. Use the forums!

 

Follow BleepingComputer on: Facebook | Twitter | Google+





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users