Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Can't boot in safe mode after removing malware


  • This topic is locked This topic is locked
28 replies to this topic

#1 jstacer

jstacer

  • Members
  • 122 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Blue Grass, IA USA
  • Local time:05:59 AM

Posted 24 October 2010 - 02:18 PM

I get BSOD when I attempt to boot into safe mode, but can boot into normal mode win xp. Stop code 0x0000000A

DDS (Ver_10-10-21.02) - FAT32x86
Run by John Stacer at 13:54:51.26 on Sun 10/24/2010
Internet Explorer: 8.0.6001.18702 BrowserJavaVersion: 1.6.0_21
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.1279.769 [GMT -5:00]

AV: McAfee Anti-Virus and Anti-Spyware *On-access scanning enabled* (Updated) {84B5EE75-6421-4CDE-A33A-DD43BA9FAD83}
FW: McAfee Firewall *enabled* {94894B63-8C7F-4050-BDA4-813CA00DA3E8}

============== Running Processes ===============

D:\WINDOWS\system32\svchost -k DcomLaunch
SVCHOST.EXE
D:\WINDOWS\System32\svchost.exe -k netsvcs
D:\Program Files\Ahead\InCD\InCDsrv.exe
D:\WINDOWS\system32\svchost.exe -k WudfServiceGroup
SVCHOST.EXE
SVCHOST.EXE
D:\WINDOWS\system32\spoolsv.exe
SVCHOST.EXE
D:\WINDOWS\Explorer.EXE
D:\Program Files\Common Files\Acronis\Schedule2\schedul2.exe
D:\Program Files\Bonjour\mDNSResponder.exe
D:\WINDOWS\system32\cisvc.exe
D:\Program Files\Java\jre6\bin\jqs.exe
D:\WINDOWS\system32\LxrJD31s.exe
D:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe
D:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
D:\WINDOWS\system32\mfevtps.exe
D:\WINDOWS\system32\nvsvc32.exe
D:\WINDOWS\System32\snmp.exe
D:\WINDOWS\System32\svchost.exe -k imgsvc
C:\Program Files\Acronis\TrueImageHome\TrueImageMonitor.exe
D:\Program Files\Common Files\Java\Java Update\jusched.exe
D:\Program Files\SmarThru Office\LegacyLauncher.exe
D:\Program Files\SmarThru Office\BackUpSvr.exe
D:\Program Files\SanDisk\Sansa Updater\SansaDispatch.exe
D:\WINDOWS\system32\DllHost.exe
D:\WINDOWS\system32\rundll32.exe
D:\Program Files\McAfee.com\Agent\mcagent.exe
D:\Program Files\Common Files\McAfee\SystemCore\mcshield.exe
D:\Program Files\Common Files\Acronis\Schedule2\schedhlp.exe
D:\Program Files\Common Files\McAfee\SystemCore\mfefire.exe
D:\Program Files\Canon\CAL\CALMAIN.exe
D:\Program Files\IC\Card Reader Driver v1.9e2\Disk_Monitor.exe
D:\WINDOWS\Dell\PanelMgr\SSMMgr.exe
C:\Program Files\Acronis\TrueImageHome\TimounterMonitor.exe
D:\WINDOWS\twain_32\DELL\DELL1235\Scan2Pc.exe
D:\WINDOWS\system32\ctfmon.exe
D:\WINDOWS\System32\svchost.exe -k HTTPFilter
D:\WINDOWS\system32\cidaemon.exe
D:\WINDOWS\system32\cidaemon.exe
D:\Program Files\Microsoft Office\OFFICE11\WINWORD.EXE
D:\Program Files\Mozilla Firefox\firefox.exe
D:\Program Files\Mozilla Firefox\plugin-container.exe
D:\Documents and Settings\John Stacer\Desktop\dds.scr

============== Pseudo HJT Report ===============

uStart Page = hxxp://www.google.com/
uInternet Settings,ProxyServer = http=127.0.0.1:29775
uInternet Settings,ProxyOverride = <local>
BHO: Adobe PDF Reader Link Helper: {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - d:\program files\common files\adobe\acrobat\activex\AcroIEHelper.dll
BHO: scriptproxy: {7db2d5a0-7241-4e79-b68d-6309f01c5231} - d:\program files\common files\mcafee\systemcore\ScriptSn.20101019231325.dll
BHO: Java™ Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - d:\program files\java\jre6\bin\jp2ssv.dll
BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - d:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
TB: {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - No File
EB: {32683183-48a0-441b-a342-7c2a440a9478} - No File
uRun: [ctfmon.exe] d:\windows\system32\ctfmon.exe
mRun: [TrueImageMonitor.exe] c:\program files\acronis\trueimagehome\TrueImageMonitor.exe
mRun: [SunJavaUpdateSched] "d:\program files\common files\java\java update\jusched.exe"
mRun: [STO Launcher Service] d:\program files\smarthru office\LegacyLauncher.exe /run
mRun: [STO Backup Service] d:\program files\smarthru office\BackUpSvr.exe
mRun: [SansaDispatch] d:\program files\sandisk\sansa updater\SansaDispatch.exe
mRun: [QuickTime Task] "d:\program files\quicktime\qttask.exe" -atboottime
mRun: [nwiz] nwiz.exe /install
mRun: [NvCplDaemon] RUNDLL32.EXE d:\windows\system32\NvCpl.dll,NvStartup
mRun: [nssjaeee] d:\documents and settings\john stacer\local settings\application data\ucmupkrgw\dubgvgsuqiw.exe
mRun: [mcui_exe] "d:\program files\mcafee.com\agent\mcagent.exe" /runkey
mRun: [Disk Monitor] d:\program files\ic\card reader driver v1.9e2\Disk_Monitor.exe
mRun: [Dell PanelMgr] d:\windows\dell\panelmgr\SSMMgr.exe /autorun
mRun: [AcronisTimounterMonitor] c:\program files\acronis\trueimagehome\TimounterMonitor.exe
mRun: [Acronis Scheduler2 Service] "d:\program files\common files\acronis\schedule2\schedhlp.exe"
mRun: [1235cn Scan2PC] "d:\windows\twain_32\dell\dell1235\Scan2Pc.exe"
StartupFolder: d:\docume~1\alluse~1\startm~1\programs\startup\adober~1.lnk - d:\program files\adobe\acrobat 7.0\reader\reader_sl.exe
IE: Capture Selection - d:\program files\smarthru office\WebCapture.dll2.htm
IE: E&xport to Microsoft Excel - d:\progra~1\micros~2\office11\EXCEL.EXE/3000
IE: Save as HTML - d:\program files\smarthru office\WebCapture.dll1.htm
IE: Save Selected Text - d:\program files\smarthru office\WebCapture.dll.htm
IE: Web Capture - d:\program files\smarthru office\WebCapture.dll
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - d:\program files\messenger\msmsgs.exe
IE: {7F9DB11C-E358-4ca6-A83D-ACC663939424} - {9999A076-A9E2-4C99-8A2B-632FC9429223} - d:\program files\bonjour\ExplorerPlugin.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - d:\progra~1\micros~2\office11\REFIEBAR.DLL
Trusted Zone: aol.com\free
DPF: {17492023-C23A-453E-A040-C7C580BBF700} - hxxp://download.microsoft.com/download/E/5/6/E5611B10-0D6D-4117-8430-A67417AA88CD/LegitCheckControl.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_21-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_21-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_21-windows-i586.cab
DPF: {CE28D5D2-60CF-4C7D-9FE8-0F47A3308078}
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload.macromedia.com/pub/shockwave/cabs/flash/swflash.cab
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - d:\windows\system32\WPDShServiceObj.dll
LSA: Authentication Packages = msv1_0 relog_ap

================= FIREFOX ===================

FF - ProfilePath - d:\docume~1\johnst~1\applic~1\mozilla\firefox\profiles\e6ettdpo.default\
FF - prefs.js: browser.search.selectedEngine - Secure Search
FF - prefs.js: browser.startup.homepage - hxxp://www.google.com/
FF - prefs.js: keyword.URL - hxxp://search.yahoo.com/search?fr=mcafee&p=
FF - prefs.js: network.proxy.type - 0
FF - plugin: c:\program files\quicktime\plugins\npqtplugin.dll
FF - plugin: c:\program files\quicktime\plugins\npqtplugin2.dll
FF - plugin: c:\program files\quicktime\plugins\npqtplugin3.dll
FF - plugin: d:\documents and settings\john stacer\application data\mozilla\plugins\npgoogletalk.dll
FF - plugin: d:\documents and settings\john stacer\application data\mozilla\plugins\npgtpo3dautoplugin.dll
FF - plugin: d:\documents and settings\john stacer\local settings\application data\google\update\1.2.183.39\npGoogleOneClick8.dll
FF - plugin: d:\program files\google\google earth\plugin\npgeplugin.dll
FF - plugin: d:\program files\google\update\1.2.183.29\npGoogleOneClick8.dll
FF - plugin: d:\program files\google\update\1.2.183.39\npGoogleOneClick8.dll
FF - plugin: d:\program files\java\jre6\bin\new_plugin\npdeployJava1.dll
FF - plugin: d:\program files\mozilla firefox\plugins\npViewpoint_03000F10.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - d:\windows\microsoft.net\framework\v3.5\windows presentation foundation\dotnetassistantextension\
FF - HiddenExtension: Java Console: No Registry Reference - d:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0002-ABCDEFFEDCBA}
FF - HiddenExtension: Java Console: No Registry Reference - d:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA}
FF - HiddenExtension: Java Console: No Registry Reference - d:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA}
FF - HiddenExtension: Java Console: No Registry Reference - d:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA}
FF - HiddenExtension: Java Console: No Registry Reference - d:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0001-ABCDEFFEDCBA}
FF - HiddenExtension: Java Console: No Registry Reference - d:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0012-ABCDEFFEDCBA}
FF - HiddenExtension: Java Console: No Registry Reference - d:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA}
FF - HiddenExtension: Java Console: No Registry Reference - d:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}

---- FIREFOX POLICIES ----
FF - user.js: yahoo.homepage.dontask - trued:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbaam7a8h", true);
d:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgberp4a5d4ar", true);

============= SERVICES / DRIVERS ===============

R0 mfehidk;McAfee Inc. mfehidk;d:\windows\system32\drivers\mfehidk.sys [2010-10-19 386712]
R1 mfetdi2k;McAfee Inc. mfetdi2k;d:\windows\system32\drivers\mfetdi2k.sys [2010-10-19 84072]
R2 McMPFSvc;McAfee Personal Firewall Service;"d:\program files\common files\mcafee\mcsvchost\McSvHost.exe" /McCoreSvc [2010-10-19 271480]
R2 McNaiAnn;McAfee VirusScan Announcer;"d:\program files\common files\mcafee\mcsvchost\McSvHost.exe" /McCoreSvc [2010-10-19 271480]
R2 McProxy;McAfee Proxy Service;"d:\program files\common files\mcafee\mcsvchost\McSvHost.exe" /McCoreSvc [2010-10-19 271480]
R2 McShield;McShield;d:\program files\common files\mcafee\systemcore\mcshield.exe [2010-10-19 171168]
R2 mfefire;McAfee Firewall Core Service;d:\program files\common files\mcafee\systemcore\mfefire.exe [2010-10-19 188136]
R2 mfevtp;McAfee Validation Trust Protection Service;d:\windows\system32\mfevtps.exe [2010-10-19 141792]
R3 cfwids;McAfee Inc. cfwids;d:\windows\system32\drivers\cfwids.sys [2010-10-19 55840]
R3 mfeavfk;McAfee Inc. mfeavfk;d:\windows\system32\drivers\mfeavfk.sys [2010-10-19 152992]
R3 mfebopk;McAfee Inc. mfebopk;d:\windows\system32\drivers\mfebopk.sys [2010-10-19 52104]
R3 mfefirek;McAfee Inc. mfefirek;d:\windows\system32\drivers\mfefirek.sys [2010-10-19 312904]
R3 mfendiskmp;mfendiskmp;d:\windows\system32\drivers\mfendisk.sys [2010-10-19 88544]
R3 P1130VID;Creative WebCam NX Pro;d:\windows\system32\drivers\P1130Vid.sys [2009-2-15 90357]
S2 gupdate;Google Update Service (gupdate);d:\program files\google\update\GoogleUpdate.exe [2010-8-21 136176]
S3 iteio;iteio;d:\windows\system32\drivers\Iteio.sys [2005-8-21 3680]
S3 mfendisk;McAfee Core NDIS Intermediate Filter;d:\windows\system32\drivers\mfendisk.sys [2010-10-19 88544]
S3 mferkdet;McAfee Inc. mferkdet;d:\windows\system32\drivers\mferkdet.sys [2010-10-19 84264]
S3 Vsp;Vsp;d:\windows\system32\drivers\VSP.sys [2004-11-23 3351]
S4 TivoBeacon2;TiVo Beacon Service;d:\program files\tivo\desktop\TiVoBeacon.exe [2010-5-17 1104656]

=============== Created Last 30 ================

2010-10-20 04:13:26 24376 ----a-w- d:\program files\mozilla firefox\components\Scriptff.dll
2010-10-20 04:13:25 9344 ----a-w- d:\windows\system32\drivers\mfeclnk.sys
2010-10-20 04:13:11 141792 ----a-w- d:\windows\system32\mfevtps.exe
2010-10-20 04:13:09 95600 ----a-w- d:\windows\system32\drivers\mfeapfk.sys
2010-10-20 04:13:09 88544 ----a-w- d:\windows\system32\drivers\mfendisk.sys
2010-10-20 04:13:09 84264 ----a-w- d:\windows\system32\drivers\mferkdet.sys
2010-10-20 04:13:09 84072 ----a-w- d:\windows\system32\drivers\mfetdi2k.sys
2010-10-20 04:13:09 55840 ----a-w- d:\windows\system32\drivers\cfwids.sys
2010-10-20 04:13:09 52104 ----a-w- d:\windows\system32\drivers\mfebopk.sys
2010-10-20 04:13:09 386712 ----a-w- d:\windows\system32\drivers\mfehidk.sys
2010-10-20 04:13:09 312904 ----a-w- d:\windows\system32\drivers\mfefirek.sys
2010-10-20 04:13:09 152992 ----a-w- d:\windows\system32\drivers\mfeavfk.sys
2010-10-19 23:55:08 -------- d-----w- d:\program files\Loaris
2010-10-19 16:49:54 116224 ----a-w- d:\windows\system32\dllcache\xrxwiadr.dll
2010-10-19 16:49:53 23040 ----a-w- d:\windows\system32\dllcache\xrxwbtmp.dll
2010-10-19 16:49:52 18944 ----a-w- d:\windows\system32\dllcache\xrxscnui.dll
2010-10-19 16:49:51 4608 ----a-w- d:\windows\system32\dllcache\xrxflnch.exe
2010-10-19 16:49:51 27648 ----a-w- d:\windows\system32\dllcache\xrxftplt.exe
2010-10-19 16:49:31 99865 ----a-w- d:\windows\system32\dllcache\xlog.exe
2010-10-19 16:49:30 16970 ----a-w- d:\windows\system32\dllcache\xem336n5.sys
2010-10-19 16:49:28 19455 ----a-w- d:\windows\system32\dllcache\wvchntxx.sys
2010-10-19 16:49:22 12063 ----a-w- d:\windows\system32\dllcache\wsiintxx.sys
2010-10-19 16:49:20 8192 ----a-w- d:\windows\system32\dllcache\wshirda.dll
2010-10-19 16:49:00 8832 ----a-w- d:\windows\system32\dllcache\wmiacpi.sys
2010-10-19 16:47:58 26112 ----a-w- d:\windows\system32\dllcache\usbser.sys
2010-10-19 16:46:59 94293 ----a-w- d:\windows\system32\dllcache\sxports.dll
2010-10-19 16:45:51 18400 ----a-w- d:\windows\system32\dllcache\sgsmld.sys
2010-10-19 16:44:52 19584 ----a-w- d:\windows\system32\dllcache\rasirda.sys
2010-10-19 16:43:59 3328 ----a-w- d:\windows\system32\dllcache\pciide.sys
2010-10-19 16:42:59 52255 ----a-w- d:\windows\system32\dllcache\n1000nt5.sys
2010-10-19 16:41:59 6528 ----a-w- d:\windows\system32\dllcache\miniqic.sys
2010-10-19 16:40:55 14592 ----a-w- d:\windows\system32\dllcache\kbdhid.sys
2010-10-19 16:39:50 372824 ----a-w- d:\windows\system32\dllcache\iconf32.dll
2010-10-19 16:38:58 2688 ----a-w- d:\windows\system32\dllcache\hidswvd.sys
2010-10-19 16:37:58 347550 ----a-w- d:\windows\system32\dllcache\es56tpi.sys
2010-10-19 16:36:59 614429 ----a-w- d:\windows\system32\dllcache\digiview.exe
2010-10-19 16:35:59 248064 ----a-w- d:\windows\system32\dllcache\cl546xm.sys
2010-10-19 16:34:41 13824 ----a-w- d:\windows\system32\dllcache\bulltlp3.sys
2010-10-19 16:33:59 23552 ----a-w- d:\windows\system32\dllcache\atixbar.sys
2010-10-19 16:32:59 38400 ----a-w- d:\windows\system32\dllcache\8514a.dll
2010-10-19 16:32:58 48128 ----a-w- d:\windows\system32\dllcache\61883.sys
2010-10-19 16:32:57 148352 ----a-w- d:\windows\system32\dllcache\3dfxvsm.sys
2010-10-19 16:32:57 12288 ----a-w- d:\windows\system32\dllcache\4mmdat.sys
2010-10-19 16:32:56 689216 ----a-w- d:\windows\system32\dllcache\3dfxvs.dll
2010-10-19 16:32:55 762780 ----a-w- d:\windows\system32\dllcache\3cwmcru.sys
2010-10-19 16:32:54 11264 ----a-w- d:\windows\system32\dllcache\1394vdbg.sys
2010-10-19 16:32:53 53376 ----a-w- d:\windows\system32\dllcache\1394bus.sys
2010-10-19 16:31:40 66048 ----a-w- d:\windows\system32\dllcache\s3legacy.dll
2010-10-19 16:30:16 5632 ----a-w- d:\windows\system32\wbem\snmp\smimsgif.dll
2010-10-19 16:30:16 5632 ----a-w- d:\windows\system32\wbem\snmp\smierrsy.dll
2010-10-19 16:30:16 5632 ----a-w- d:\windows\system32\dllcache\smimsgif.dll
2010-10-19 16:30:16 5632 ----a-w- d:\windows\system32\dllcache\smierrsy.dll
2010-10-19 16:30:16 15872 ----a-w- d:\windows\system32\wbem\snmp\smierrsm.dll
2010-10-19 16:30:16 15872 ----a-w- d:\windows\system32\dllcache\smierrsm.dll
2010-10-19 16:30:16 10240 ----a-w- d:\windows\system32\wbem\snmpstup.dll
2010-10-19 16:30:16 10240 ----a-w- d:\windows\system32\dllcache\snmpstup.dll
2010-10-19 03:29:59 -------- d-----w- d:\program files\common files\McAfee
2010-10-19 03:29:57 -------- d-----w- d:\program files\McAfee.com
2010-10-19 03:29:35 -------- d-----w- d:\program files\McAfee
2010-10-15 18:18:57 348 ----a-w- d:\docume~1\johnst~1\applic~1\jsfhjjsd.bat
2010-10-08 18:35:58 -------- d-----w- d:\docume~1\alluse~1\applic~1\TiVo
2010-10-08 18:35:57 -------- d-----w- d:\program files\TiVo
2010-10-08 18:27:45 -------- d-----w- d:\docume~1\johnst~1\locals~1\applic~1\PCHealth
2010-09-29 01:22:32 423656 ----a-w- d:\windows\system32\deployJava1.dll
2010-09-29 01:22:32 423656 ----a-w- d:\program files\mozilla firefox\plugins\npdeployJava1.dll

==================== Find3M ====================

2010-09-18 17:23:26 974848 ----a-w- d:\windows\system32\mfc42u.dll
2010-09-18 06:53:26 974848 ----a-w- d:\windows\system32\mfc42.dll
2010-09-18 06:53:26 954368 ----a-w- d:\windows\system32\mfc40.dll
2010-09-18 06:53:26 953856 ----a-w- d:\windows\system32\mfc40u.dll
2010-09-10 05:58:08 916480 ----a-w- d:\windows\system32\wininet.dll
2010-09-10 05:58:06 43520 ----a-w- d:\windows\system32\licmgr10.dll
2010-09-10 05:58:06 1469440 ------w- d:\windows\system32\inetcpl.cpl
2010-09-01 11:51:14 285824 ----a-w- d:\windows\system32\atmfd.dll
2010-08-31 13:42:52 1852800 ----a-w- d:\windows\system32\win32k.sys
2010-08-27 08:02:30 119808 ----a-w- d:\windows\system32\t2embed.dll
2010-08-27 05:57:44 99840 ----a-w- d:\windows\system32\srvsvc.dll
2010-08-26 12:52:46 5120 ----a-w- d:\windows\system32\xpsp4res.dll
2010-08-23 16:12:04 617472 ----a-w- d:\windows\system32\comctl32.dll
2010-08-17 13:17:06 58880 ----a-w- d:\windows\system32\spoolsv.exe
2010-08-16 08:45:00 590848 ----a-w- d:\windows\system32\rpcrt4.dll

============= FINISH: 13:56:35.67 ===============

Attached Files

  • Attached File  ark.txt   77.52KB   2 downloads


BC AdBot (Login to Remove)

 


#2 myrti

myrti

    Sillyberry


  • Malware Study Hall Admin
  • 33,772 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:At home
  • Local time:01:59 PM

Posted 02 November 2010 - 05:07 AM

Hello and welcome to Bleeping Computer

We apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help. No one is ignored here.

If you have since resolved the original problem you were having, we would appreciate you letting us know. If not please perform the following steps below so we can have a look at the current condition of your machine.

Please include a clear description of the problems you're having, along with any steps you may have performed so far.

Please refrain from running tools or applying updates other than those we suggest while we are cleaning up your computer. The reason for this is so we know what is going on with the machine at any time. Some programs can interfere with others and hamper the recovery process.

Even if you have already provided information about your PC, we need a new log to see what has changed since you originally posted your problem.
We need to create an OTL Report
  • Please download OTL from one of the following mirrors:
  • Save it to your desktop.
  • Double click on the Posted Image icon on your desktop.
  • Click the "Scan All Users" checkbox.
  • In the custom scan box paste the following:
    msconfig
    safebootminimal
    activex
    drivers32
    netsvcs
    %SYSTEMDRIVE%\*.exe
    /md5start
    hlp.dat
    /md5stop
    %systemroot%\*. /mp /s
    %systemroot%\system32\*.dll /lockedfiles
    %systemroot%\Tasks\*.job /lockedfiles
    %systemroot%\system32\drivers\*.sys /lockedfiles
    %systemroot%\System32\config\*.sav
    %systemroot%\system32\drivers\*.sys /90
  • Push the Posted Image button.
  • Two reports will open, copy and paste them in a reply here:
    • OTL.txt <-- Will be opened
    • Extra.txt<--Will be minimized

In the upper right hand corner of the topic you will see a button called Options. If you click on this in the drop-down menu you can choose Track this topic. I suggest you do this and select Immediate E-Mail notification and click on Proceed. This way you will be advised when we respond to your topic and facilitate the cleaning of your machine.

After 5 days if a topic is not replied to we assume it has been abandoned and it is closed.

regards myrti

is that a bird?  a plane? nooo it's the flying blueberry!

If I have been helping you and haven't replied in 2 days, feel free to shoot me a PM! Please don't send help request via PM, unless I am already helping you. Use the forums!

 

Follow BleepingComputer on: Facebook | Twitter | Google+


#3 jstacer

jstacer
  • Topic Starter

  • Members
  • 122 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Blue Grass, IA USA
  • Local time:05:59 AM

Posted 02 November 2010 - 11:36 AM

Still cannot boot in safe mode after cleaning off malware with MBAM and attempts to restore safeboot portion of registry. Here are OTL.txt and extras.txt:

OTL logfile created on: 11/2/2010 10:52:43 AM - Run 1
OTL by OldTimer - Version 3.2.17.2 Folder = D:\Documents and Settings\John Stacer\Desktop
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

1.00 Gb Total Physical Memory | 1.00 Gb Available Physical Memory | 57.00% Memory free
4.00 Gb Paging File | 3.00 Gb Available in Paging File | 86.00% Paging File free
Paging file location(s): [Binary data over 100 bytes]

%SystemDrive% = D: | %SystemRoot% = D:\WINDOWS | %ProgramFiles% = D:\Program Files
Drive C: | 79.99 Gb Total Space | 38.31 Gb Free Space | 47.90% Space Free | Partition Type: FAT32
Drive D: | 69.03 Gb Total Space | 51.44 Gb Free Space | 74.52% Space Free | Partition Type: FAT32
Drive G: | 21.63 Gb Total Space | 14.34 Gb Free Space | 66.30% Space Free | Partition Type: FAT32
Drive H: | 15.61 Gb Total Space | 9.35 Gb Free Space | 59.91% Space Free | Partition Type: FAT32

Computer Name: SOYO | User Name: John Stacer | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2010/11/02 10:51:08 | 000,576,000 | ---- | M] (OldTimer Tools) -- D:\Documents and Settings\John Stacer\Desktop\OTL.exe
PRC - [2010/10/02 21:56:40 | 000,014,808 | ---- | M] (Mozilla Corporation) -- D:\Program Files\Mozilla Firefox\plugin-container.exe
PRC - [2010/10/02 21:56:36 | 000,910,296 | ---- | M] (Mozilla Corporation) -- D:\Program Files\Mozilla Firefox\firefox.exe
PRC - [2010/09/10 21:59:12 | 001,193,848 | ---- | M] (McAfee, Inc.) -- D:\Program Files\McAfee.com\Agent\mcagent.exe
PRC - [2010/08/24 14:57:38 | 000,188,136 | ---- | M] (McAfee, Inc.) -- D:\Program Files\Common Files\McAfee\SystemCore\mfefire.exe
PRC - [2010/08/24 14:57:38 | 000,171,168 | ---- | M] (McAfee, Inc.) -- D:\Program Files\Common Files\McAfee\SystemCore\mcshield.exe
PRC - [2010/08/24 14:57:38 | 000,141,792 | ---- | M] (McAfee, Inc.) -- D:\WINDOWS\system32\mfevtps.exe
PRC - [2010/03/10 10:14:44 | 000,271,480 | ---- | M] (McAfee, Inc.) -- D:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe
PRC - [2009/06/10 04:02:50 | 000,904,840 | ---- | M] (Acronis) -- C:\Program Files\Acronis\TrueImageHome\TimounterMonitor.exe
PRC - [2009/06/10 03:57:40 | 000,136,472 | ---- | M] (Acronis) -- D:\Program Files\Common Files\Acronis\Schedule2\schedhlp.exe
PRC - [2009/06/10 03:57:36 | 000,431,384 | ---- | M] (Acronis) -- D:\Program Files\Common Files\Acronis\Schedule2\schedul2.exe
PRC - [2009/06/10 03:55:30 | 001,326,080 | ---- | M] (Acronis) -- C:\Program Files\Acronis\TrueImageHome\TrueImageMonitor.exe
PRC - [2008/11/12 19:43:54 | 000,541,936 | ---- | M] () -- D:\WINDOWS\Dell\PanelMgr\SSMMgr.exe
PRC - [2008/10/30 13:05:50 | 000,331,776 | ---- | M] () -- D:\Program Files\SmarThru Office\LegacyLauncher.exe
PRC - [2008/10/30 12:57:36 | 000,192,512 | ---- | M] () -- D:\Program Files\SmarThru Office\BackUpSvr.exe
PRC - [2008/09/26 13:54:26 | 000,495,616 | R--- | M] () -- D:\WINDOWS\twain_32\DELL\DELL1235\Scan2Pc.exe
PRC - [2008/04/13 19:12:20 | 001,033,728 | ---- | M] (Microsoft Corporation) -- D:\WINDOWS\explorer.exe
PRC - [2007/10/22 12:52:54 | 000,075,584 | ---- | M] (SanDisk Corporation) -- D:\Program Files\SanDisk\Sansa Updater\SansaDispatch.exe
PRC - [2007/01/31 14:55:42 | 000,096,370 | ---- | M] (Canon Inc.) -- D:\Program Files\Canon\CAL\CALMAIN.exe
PRC - [2006/11/17 14:56:32 | 000,071,168 | ---- | M] () -- D:\WINDOWS\system32\LxrJD31s.exe
PRC - [2004/07/16 14:48:42 | 001,163,378 | ---- | M] (Ahead Software AG) -- D:\Program Files\Ahead\InCD\InCDsrv.exe
PRC - [2003/06/18 04:57:40 | 000,466,944 | ---- | M] (Neodio Corp.) -- D:\Program Files\IC\Card Reader Driver v1.9e2\Disk_Monitor.exe


========== Modules (SafeList) ==========

MOD - [2010/11/02 10:51:08 | 000,576,000 | ---- | M] (OldTimer Tools) -- D:\Documents and Settings\John Stacer\Desktop\OTL.exe
MOD - [2010/08/23 11:12:02 | 001,054,208 | ---- | M] (Microsoft Corporation) -- D:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.6028_x-ww_61e65202\comctl32.dll
MOD - [2006/10/22 12:22:00 | 001,470,464 | ---- | M] () -- D:\WINDOWS\system32\nview.dll
MOD - [2006/10/22 12:22:00 | 000,081,920 | ---- | M] (NVIDIA Corporation) -- D:\WINDOWS\system32\nvwddi.dll


========== Win32 Services (SafeList) ==========

SRV - File not found [On_Demand | Stopped] -- D:\Program Files\Common Files\supportsoft\bin\ssrc.exe -- (SupportSoft RemoteAssist)
SRV - File not found [Disabled | Stopped] -- D:\WINDOWS\System32\hidserv.dll -- (HidServ)
SRV - File not found [Auto | Stopped] -- D:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe -- (CLTNetCnService)
SRV - [2010/08/24 14:57:38 | 000,188,136 | ---- | M] (McAfee, Inc.) [Auto | Running] -- D:\Program Files\Common Files\McAfee\SystemCore\mfefire.exe -- (mfefire)
SRV - [2010/08/24 14:57:38 | 000,171,168 | ---- | M] () [Unknown | Running] -- D:\Program Files\Common Files\McAfee\SystemCore\\mcshield.exe -- (McShield)
SRV - [2010/08/24 14:57:38 | 000,141,792 | ---- | M] (McAfee, Inc.) [Unknown | Running] -- D:\WINDOWS\system32\mfevtps.exe -- (mfevtp)
SRV - [2010/05/17 17:10:06 | 001,104,656 | ---- | M] (TiVo Inc.) [Disabled | Stopped] -- D:\Program Files\TiVo\Desktop\TiVoBeacon.exe -- (TivoBeacon2)
SRV - [2010/04/15 09:45:10 | 000,364,216 | ---- | M] (McAfee, Inc.) [On_Demand | Stopped] -- D:\Program Files\McAfee\VirusScan\mcods.exe -- (McODS)
SRV - [2010/03/10 10:14:44 | 000,271,480 | ---- | M] (McAfee, Inc.) [Auto | Running] -- D:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe -- (McProxy)
SRV - [2010/03/10 10:14:44 | 000,271,480 | ---- | M] (McAfee, Inc.) [Auto | Running] -- D:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe -- (McNASvc)
SRV - [2010/03/10 10:14:44 | 000,271,480 | ---- | M] (McAfee, Inc.) [Auto | Running] -- D:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe -- (McNaiAnn)
SRV - [2010/03/10 10:14:44 | 000,271,480 | ---- | M] (McAfee, Inc.) [Auto | Running] -- D:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe -- (mcmscsvc)
SRV - [2010/03/10 10:14:44 | 000,271,480 | ---- | M] (McAfee, Inc.) [Auto | Running] -- D:\Program Files\Common Files\Mcafee\McSvcHost\McSvHost.exe -- (McMPFSvc)
SRV - [2010/03/10 10:14:44 | 000,271,480 | ---- | M] (McAfee, Inc.) [Auto | Running] -- D:\Program Files\Common Files\Mcafee\McSvcHost\McSvHost.exe -- (McAfee SiteAdvisor Service)
SRV - [2009/06/10 03:57:36 | 000,431,384 | ---- | M] (Acronis) [Auto | Running] -- D:\Program Files\Common Files\Acronis\Schedule2\schedul2.exe -- (AcrSch2Svc)
SRV - [2007/01/31 14:55:42 | 000,096,370 | ---- | M] (Canon Inc.) [Auto | Running] -- D:\Program Files\Canon\CAL\CALMAIN.exe -- (CCALib8)
SRV - [2006/11/17 14:56:32 | 000,071,168 | ---- | M] () [Auto | Running] -- D:\WINDOWS\System32\LxrJD31s.exe -- (LxrJD31s)
SRV - [2004/07/16 14:48:42 | 001,163,378 | ---- | M] (Ahead Software AG) [Auto | Stopped] -- D:\Program Files\Ahead\InCD\InCDsrv.exe -- (InCDsrvR) InCD Helper (read only)
SRV - [2004/07/16 14:48:42 | 001,163,378 | ---- | M] (Ahead Software AG) [Auto | Running] -- D:\Program Files\Ahead\InCD\InCDsrv.exe -- (InCDsrv)
SRV - [2000/02/10 11:16:08 | 000,352,256 | ---- | M] ( Iomega Corporation) [Auto | Stopped] -- D:\WINDOWS\System32\IomegaAccess.exe -- (IomegaAccess)
SRV - [2000/02/10 11:04:34 | 000,356,352 | ---- | M] (Iomega Corporation) [Auto | Stopped] -- D:\WINDOWS\System32\ZipToA.exe -- (ZipToA)


========== Driver Services (SafeList) ==========

DRV - [2010/08/24 14:57:38 | 000,386,712 | ---- | M] (McAfee, Inc.) [Kernel | Boot | Running] -- D:\WINDOWS\system32\drivers\mfehidk.sys -- (mfehidk)
DRV - [2010/08/24 14:57:38 | 000,312,904 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Running] -- D:\WINDOWS\system32\drivers\mfefirek.sys -- (mfefirek)
DRV - [2010/08/24 14:57:38 | 000,152,992 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Running] -- D:\WINDOWS\system32\drivers\mfeavfk.sys -- (mfeavfk)
DRV - [2010/08/24 14:57:38 | 000,095,600 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Running] -- D:\WINDOWS\system32\drivers\mfeapfk.sys -- (mfeapfk)
DRV - [2010/08/24 14:57:38 | 000,088,544 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Running] -- D:\WINDOWS\system32\drivers\mfendisk.sys -- (mfendiskmp)
DRV - [2010/08/24 14:57:38 | 000,088,544 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Stopped] -- D:\WINDOWS\system32\drivers\mfendisk.sys -- (mfendisk)
DRV - [2010/08/24 14:57:38 | 000,084,264 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Stopped] -- D:\WINDOWS\system32\drivers\mferkdet.sys -- (mferkdet)
DRV - [2010/08/24 14:57:38 | 000,084,072 | ---- | M] (McAfee, Inc.) [Kernel | System | Running] -- D:\WINDOWS\system32\drivers\mfetdi2k.sys -- (mfetdi2k)
DRV - [2010/08/24 14:57:38 | 000,055,840 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Running] -- D:\WINDOWS\system32\drivers\cfwids.sys -- (cfwids)
DRV - [2010/08/24 14:57:38 | 000,052,104 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Running] -- D:\WINDOWS\system32\drivers\mfebopk.sys -- (mfebopk)
DRV - [2010/02/04 21:01:02 | 000,441,760 | ---- | M] (Acronis) [Kernel | Boot | Running] -- D:\WINDOWS\system32\DRIVERS\timntr.sys -- (timounter)
DRV - [2010/02/04 21:01:02 | 000,044,384 | ---- | M] (Acronis) [File_System | Auto | Running] -- D:\WINDOWS\system32\drivers\tifsfilt.sys -- (tifsfilter)
DRV - [2010/02/04 21:00:48 | 000,132,480 | ---- | M] (Acronis) [Kernel | Boot | Running] -- D:\WINDOWS\system32\DRIVERS\snapman.sys -- (snapman)
DRV - [2010/02/04 21:00:18 | 000,368,480 | ---- | M] (Acronis) [Kernel | Boot | Running] -- D:\WINDOWS\system32\DRIVERS\tdrpman.sys -- (tdrpman)
DRV - [2008/08/20 05:05:10 | 000,041,984 | ---- | M] (Samsung Electronics Co., Ltd.) [Kernel | Auto | Running] -- D:\WINDOWS\system32\drivers\DgivEcp.sys -- (DgiVecp)
DRV - [2008/04/13 13:40:32 | 000,005,376 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- D:\WINDOWS\System32\DRIVERS\viaide.sy@ -- (ViaIde)
DRV - [2006/11/17 14:56:32 | 000,069,824 | ---- | M] () [Kernel | Auto | Running] -- D:\WINDOWS\system32\drivers\LxrJD31d.sys -- (LxrJD31d)
DRV - [2006/10/22 12:22:00 | 003,994,624 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- D:\WINDOWS\system32\drivers\nv4_mini.sys -- (nv)
DRV - [2004/07/16 14:53:54 | 000,028,672 | ---- | M] (Ahead Software AG) [Kernel | System | Running] -- D:\WINDOWS\system32\drivers\InCDpass.sys -- (InCDPass)
DRV - [2004/07/16 14:53:14 | 000,092,672 | ---- | M] (Ahead Software AG) [File_System | Disabled | Running] -- D:\WINDOWS\System32\drivers\InCDfs.sys -- (InCDfs)
DRV - [2004/07/16 07:54:02 | 000,027,648 | ---- | M] (Ahead Software AG) [Kernel | System | Running] -- D:\WINDOWS\System32\drivers\InCDrm.sys -- (incdrm)
DRV - [2003/10/19 21:39:56 | 000,073,856 | R--- | M] (VIA Technologies, Inc.) [Kernel | On_Demand | Running] -- D:\WINDOWS\system32\drivers\viaudio.sys -- (VIAudio) VIA AC'97 Audio Controller (WDM)
DRV - [2003/07/02 04:42:00 | 000,027,904 | ---- | M] (VIA Technologies, Inc.) [Kernel | Boot | Running] -- D:\WINDOWS\system32\DRIVERS\viaagp1.sys -- (viaagp1)
DRV - [2003/05/07 19:00:00 | 000,090,357 | R--- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Running] -- D:\WINDOWS\system32\drivers\P1130Vid.sys -- (P1130VID)
DRV - [2003/05/02 18:52:18 | 000,033,920 | ---- | M] (Alcor Micro Corp.) [Kernel | On_Demand | Stopped] -- D:\WINDOWS\system32\drivers\sunkfilt.sys -- (SunkFilt)
DRV - [2001/12/17 02:13:58 | 000,003,351 | ---- | M] () [Kernel | On_Demand | Stopped] -- D:\WINDOWS\system32\drivers\VSP.sys -- (Vsp)
DRV - [1999/08/30 19:49:56 | 000,003,680 | ---- | M] () [Kernel | On_Demand | Stopped] -- D:\WINDOWS\system32\drivers\Iteio.sys -- (iteio)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========



IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = <local>
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyServer" = http=127.0.0.1:29775

IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = <local>
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyServer" = http=127.0.0.1:29775

IE - HKU\S-1-5-19\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-20\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-21-1004336348-651377827-682003330-1003\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com/
IE - HKU\S-1-5-21-1004336348-651377827-682003330-1003\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-21-1004336348-651377827-682003330-1003\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = <local>
IE - HKU\S-1-5-21-1004336348-651377827-682003330-1003\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyServer" = http=127.0.0.1:29775

========== FireFox ==========

FF - prefs.js..browser.search.defaultenginename: "Secure Search"
FF - prefs.js..browser.search.selectedEngine: "Secure Search"
FF - prefs.js..browser.startup.homepage: "http://www.google.com/"
FF - prefs.js..extensions.enabledItems: jqs@sun.com:1.0
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}:6.0.21
FF - prefs.js..keyword.URL: "http://search.yahoo.com/search?fr=mcafee&p="
FF - prefs.js..network.proxy.type: 0


FF - HKLM\software\mozilla\Firefox\extensions\\{B7082FAA-CB62-4872-9106-E42DD88EDE45}: D:\Program Files\McAfee\SiteAdvisor [2010/10/26 13:35:00 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.10\extensions\\Components: D:\Program Files\Mozilla Firefox\components [2004/11/27 16:29:00 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.10\extensions\\Plugins: D:\Program Files\Mozilla Firefox\plugins [2004/11/27 16:29:00 | 000,000,000 | ---D | M]

[2008/09/01 15:30:38 | 000,000,000 | ---D | M] -- D:\Documents and Settings\John Stacer\Application Data\Mozilla\Extensions
[2005/03/25 22:41:04 | 000,000,000 | ---D | M] -- D:\Documents and Settings\John Stacer\Application Data\Mozilla\2rbl9hjs.Default User\extensions
[2005/03/25 22:41:06 | 000,000,000 | ---D | M] (Firefox (default)) -- D:\Documents and Settings\John Stacer\Application Data\Mozilla\2rbl9hjs.Default User\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
[2004/11/27 16:29:24 | 000,000,000 | ---D | M] -- D:\Documents and Settings\John Stacer\Application Data\Mozilla\Firefox\Profiles\e6ettdpo.default\extensions
[2010/07/01 21:58:26 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- D:\Documents and Settings\John Stacer\Application Data\Mozilla\Firefox\Profiles\e6ettdpo.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2009/07/08 08:58:16 | 000,000,000 | ---D | M] -- D:\Documents and Settings\John Stacer\Application Data\Mozilla\Sunbird\Profiles\qmcvzqsu.default\extensions
[2004/11/27 16:29:40 | 000,000,000 | ---D | M] -- D:\Program Files\Mozilla Firefox\extensions
[2010/09/28 20:22:34 | 000,000,000 | ---D | M] (Java Console) -- D:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}
[2010/08/24 14:57:38 | 000,024,376 | ---- | M] (McAfee, Inc.) -- D:\Program Files\Mozilla Firefox\components\Scriptff.dll
[2006/05/06 22:56:00 | 000,176,176 | ---- | M] () -- D:\Program Files\Mozilla Firefox\plugins\npViewpoint_03000F10.dll
[2007/02/07 14:05:14 | 000,319,488 | ---- | M] ( ) -- D:\Program Files\Mozilla Firefox\plugins\npsnapfish.dll
[2010/07/17 05:00:04 | 000,423,656 | ---- | M] (Sun Microsystems, Inc.) -- D:\Program Files\Mozilla Firefox\plugins\npdeployJava1.dll
[2010/10/26 14:25:12 | 000,002,024 | ---- | M] () -- D:\Program Files\Mozilla Firefox\searchplugins\McSiteAdvisor.xml

O1 HOSTS File: ([2003/03/31 12:00:00 | 000,000,734 | ---- | M]) - D:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (Adobe PDF Reader Link Helper) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - D:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
O2 - BHO: (scriptproxy) - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - D:\Program Files\Common Files\McAfee\SystemCore\ScriptSn.20101019231325.dll (McAfee, Inc.)
O2 - BHO: (McAfee SiteAdvisor BHO) - {B164E929-A1B6-4A06-B104-2CD0E90A88FF} - d:\Program Files\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)
O3 - HKLM\..\Toolbar: (McAfee SiteAdvisor Toolbar) - {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - d:\Program Files\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)
O3 - HKU\S-1-5-21-1004336348-651377827-682003330-1003\..\Toolbar\ShellBrowser: (no name) - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - No CLSID value found.
O3 - HKU\S-1-5-21-1004336348-651377827-682003330-1003\..\Toolbar\WebBrowser: (no name) - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - No CLSID value found.
O4 - HKLM..\Run: [1235cn Scan2PC] D:\WINDOWS\twain_32\DELL\DELL1235\Scan2Pc.exe ()
O4 - HKLM..\Run: [Acronis Scheduler2 Service] D:\Program Files\Common Files\Acronis\Schedule2\schedhlp.exe (Acronis)
O4 - HKLM..\Run: [AcronisTimounterMonitor] C:\Program Files\Acronis\TrueImageHome\TimounterMonitor.exe (Acronis)
O4 - HKLM..\Run: [Dell PanelMgr] D:\WINDOWS\Dell\PanelMgr\SSMMgr.exe ()
O4 - HKLM..\Run: [Disk Monitor] D:\Program Files\IC\Card Reader Driver v1.9e2\Disk_Monitor.exe (Neodio Corp.)
O4 - HKLM..\Run: [mcui_exe] D:\Program Files\McAfee.com\Agent\mcagent.exe (McAfee, Inc.)
O4 - HKLM..\Run: [nssjaeee] D:\Documents and Settings\John Stacer\Local Settings\Application Data\ucmupkrgw\dubgvgsuqiw.exe File not found
O4 - HKLM..\Run: [NvCplDaemon] D:\WINDOWS\System32\NvCpl.DLL (NVIDIA Corporation)
O4 - HKLM..\Run: [nwiz] D:\WINDOWS\System32\nwiz.exe ()
O4 - HKLM..\Run: [QuickTime Task] D:\Program Files\QuickTime\qttask.exe File not found
O4 - HKLM..\Run: [SansaDispatch] D:\Program Files\SanDisk\Sansa Updater\SansaDispatch.exe (SanDisk Corporation)
O4 - HKLM..\Run: [STO Backup Service] D:\Program Files\SmarThru Office\BackUpSvr.exe ()
O4 - HKLM..\Run: [STO Launcher Service] D:\Program Files\SmarThru Office\LegacyLauncher.exe ()
O4 - HKLM..\Run: [TrueImageMonitor.exe] C:\Program Files\Acronis\TrueImageHome\TrueImageMonitor.exe (Acronis)
O4 - Startup: D:\Documents and Settings\All Users\Start Menu\Programs\Startup\Adobe Reader Speed Launch.lnk = D:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe File not found
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Low Rights present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-21-1004336348-651377827-682003330-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O8 - Extra context menu item: Capture Selection - D:\Program Files\SmarThru Office\WEBCapture.dll2.htm ()
O8 - Extra context menu item: Save as HTML - D:\Program Files\SmarThru Office\WEBCapture.dll1.htm ()
O8 - Extra context menu item: Save Selected Text - D:\Program Files\SmarThru Office\WEBCapture.dll.htm ()
O8 - Extra context menu item: Web Capture - D:\Program Files\SmarThru Office\WebCapture.dll ()
O9 - Extra Button: Bonjour - {7F9DB11C-E358-4ca6-A83D-ACC663939424} - D:\Program Files\Bonjour\ExplorerPlugin.dll (Apple Inc.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - D:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O15 - HKU\S-1-5-21-1004336348-651377827-682003330-1003\..Trusted Domains: aol.com ([free] http in Trusted sites)
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} http://download.microsoft.com/download/E/5/6/E5611B10-0D6D-4117-8430-A67417AA88CD/LegitCheckControl.cab (Windows Genuine Advantage Validation Tool)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_21-windows-i586.cab (Java Plug-in 1.6.0_21)
O16 - DPF: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_21-windows-i586.cab (Java Plug-in 1.6.0_21)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_21-windows-i586.cab (Java Plug-in 1.6.0_21)
O16 - DPF: {CE28D5D2-60CF-4C7D-9FE8-0F47A3308078} Reg Error: Value error. (ActiveDataInfo Class)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload.macromedia.com/pub/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.0.1
O18 - Protocol\Handler\dssrequest {5513F07E-936B-4E52-9B00-067394E91CC5} - d:\Program Files\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)
O18 - Protocol\Handler\sacore {5513F07E-936B-4E52-9B00-067394E91CC5} - d:\Program Files\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - D:\WINDOWS\explorer.exe (Microsoft Corporation)
O24 - Desktop WallPaper: D:\Documents and Settings\John Stacer\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O24 - Desktop BackupWallPaper: D:\Documents and Settings\John Stacer\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O30 - LSA: Authentication Packages - (relog_ap) - D:\WINDOWS\System32\relog_ap.dll (Acronis)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2005/08/26 22:01:06 | 000,000,055 | ---- | M] () - C:\AUTOEXEC.BAT -- [ FAT32 ]
O32 - AutoRun File - [2005/08/26 22:01:06 | 000,000,055 | ---- | M] () - G:\AUTOEXEC.BAT -- [ FAT32 ]
O33 - MountPoints2\{0de4074d-3c9e-11d9-b80f-806d6172696f}\Shell - "" = AutoRun
O33 - MountPoints2\{0de4074d-3c9e-11d9-b80f-806d6172696f}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{0de4074d-3c9e-11d9-b80f-806d6172696f}\Shell\AutoRun\command - "" = E:\Cdstart.exe -- File not found
O33 - MountPoints2\{3638def4-6397-11df-9e54-00502ca5c6c3}\Shell\AutoRun\command - "" = I:\Setup_FlipShare.exe -- File not found
O33 - MountPoints2\{3638def4-6397-11df-9e54-00502ca5c6c3}\Shell\Setup FlipShare\command - "" = I:\Setup_FlipShare.exe -- File not found
O33 - MountPoints2\{faccdda2-767d-11db-883d-00502ca5c6c3}\Shell\AutoRun\command - "" = K:\JDSecure\Windows\JDSecure31.exe -- File not found
O33 - MountPoints2\{faccdda3-767d-11db-883d-00502ca5c6c3}\Shell\AutoRun\command - "" = K:\JDSecure\Windows\JDSecure31.exe -- File not found
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

MsConfig - State: "system.ini" - 0
MsConfig - State: "win.ini" - 0
MsConfig - State: "bootini" - 0
MsConfig - State: "services" - 0
MsConfig - State: "startup" - 0

SafeBootMin: Base - Driver Group
SafeBootMin: Boot Bus Extender - Driver Group
SafeBootMin: Boot file system - Driver Group
SafeBootMin: File system - Driver Group
SafeBootMin: Filter - Driver Group
SafeBootMin: mcmscsvc - D:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe (McAfee, Inc.)
SafeBootMin: MCODS - D:\Program Files\McAfee\VirusScan\mcods.exe (McAfee, Inc.)
SafeBootMin: PCI Configuration - Driver Group
SafeBootMin: PNP Filter - Driver Group
SafeBootMin: Primary disk - Driver Group
SafeBootMin: SCSI Class - Driver Group
SafeBootMin: sermouse.sys - Driver
SafeBootMin: System Bus Extender - Driver Group
SafeBootMin: vds - Service
SafeBootMin: vga.sys - Driver
SafeBootMin: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers
SafeBootMin: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive
SafeBootMin: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive
SafeBootMin: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller
SafeBootMin: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc
SafeBootMin: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard
SafeBootMin: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse
SafeBootMin: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters
SafeBootMin: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter
SafeBootMin: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System
SafeBootMin: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive
SafeBootMin: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy
SafeBootMin: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume
SafeBootMin: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices

ActiveX: {08B0E5C0-4FCB-11CF-AAA5-00401C608500} - Java (Sun)
ActiveX: {10072CEC-8CC1-11D1-986E-00A0C955B42F} - Vector Graphics Rendering (VML)
ActiveX: {166B1BCA-3F9C-11CF-8075-444553540000} - Macromedia Shockwave Director 10.1
ActiveX: {2179C5D3-EBFF-11CF-B6FD-00AA00B4E220} - NetShow
ActiveX: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Microsoft Windows Media Player 6.4
ActiveX: {233C1507-6A77-46A4-9443-F871F945D258} - Macromedia Shockwave Director 10.1.1
ActiveX: {283807B5-2C60-11D0-A31D-00AA00B92C03} - DirectAnimation
ActiveX: {2A202491-F00D-11cf-87CC-0020AFEECF20} - Macromedia Shockwave Director 10.1.1
ActiveX: {2A3320D6-C805-4280-B423-B665BDE33D8F} - Microsoft .NET Framework 1.1 Security Update (KB979906)
ActiveX: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll
ActiveX: {2F6EFCE6-10DF-49F9-9E64-9AE3775B2588} - Microsoft .NET Framework 1.1 Security Update (KB2416447)
ActiveX: {36f8ec70-c29a-11d1-b5c7-0000f8051515} - Dynamic HTML Data Binding for Java
ActiveX: {3af36230-a269-11d1-b5bf-0000f8051515} - Offline Browsing Pack
ActiveX: {3bf42070-b3b1-11d1-b5c5-0000f8051515} - Uniscribe
ActiveX: {3e7bb08a-a7a3-4692-8eac-ac5e7895755b} - KB834707
ActiveX: {411EDCF7-755D-414E-A74B-3DCD6583F589} - Microsoft .NET Framework 1.1 Service Pack 1 (KB867460)
ActiveX: {4278c270-a269-11d1-b5bf-0000f8051515} - Advanced Authoring
ActiveX: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles%\Outlook Express\setup50.exe" /APP:OE /CALLER:WINNT /user /install
ActiveX: {44BBA842-CC51-11CF-AAFA-00AA00B6015B} - rundll32.exe advpack.dll,LaunchINFSection D:\WINDOWS\INF\msnetmtg.inf,NetMtg.Install.PerUser.NT
ActiveX: {44BBA848-CC51-11CF-AAFA-00AA00B6015C} - DirectShow
ActiveX: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx
ActiveX: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer Help
ActiveX: {4f216970-c90c-11d1-b5c7-0000f8051515} - DirectAnimation Java Classes
ActiveX: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.8
ActiveX: {5056b317-8d4c-43ee-8543-b9d1e234b8f4} - Security Update for Windows XP (KB923789)
ActiveX: {5945c046-1e7d-11d1-bc44-00c04fd912be} - rundll32.exe advpack.dll,LaunchINFSection D:\WINDOWS\INF\msmsgs.inf,BLC.QuietInstall.PerUser
ActiveX: {5A8D6EE0-3E18-11D0-821E-444553540000} - ICW
ActiveX: {5f3c70b3-ac2f-432c-8f9c-1624df61f54f} - Microsoft Data Access Components KB870669
ActiveX: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools
ActiveX: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsing Enhancements
ActiveX: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - Microsoft Windows Media Player
ActiveX: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - MSN Site Access
ActiveX: {73FA19D0-2D75-11D2-995D-00C04F98BBC9} - Web Folders
ActiveX: {7790769C-0471-11d2-AF11-00C04FA35D02} - "%ProgramFiles%\Outlook Express\setup50.exe" /APP:WAB /CALLER:WINNT /user /install
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4383} - D:\WINDOWS\system32\ie4uinit.exe -BaseSettings
ActiveX: {89B4C1CD-B018-4511-B0A1-5476DBF70820} - d:\WINDOWS\system32\Rundll32.exe d:\WINDOWS\system32\mscories.dll,Install
ActiveX: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML Data Binding
ActiveX: {C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F} - .NET Framework
ActiveX: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer Core Fonts
ActiveX: {CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1} - .NET Framework
ActiveX: {CC2A9BA0-3BDD-11D0-821E-444553540000} - Task Scheduler
ActiveX: {CDD7975E-60F8-41d5-8149-19E51D6F71D0} - Windows Movie Maker v2.1
ActiveX: {D27CDB6E-AE6D-11cf-96B8-444553540000} - Macromedia Shockwave Flash
ActiveX: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML Help
ActiveX: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface
ActiveX: {EF289A85-8E57-408d-BE47-73B55609861A} - RootsUpdate
ActiveX: {f5173cf0-1dfb-4978-8e50-a90169ee7ca9} - Q823353
ActiveX: <{12d0ed0d-0ee0-4f90-8827-78cefb8f4988} - D:\WINDOWS\system32\ieudinit.exe
ActiveX: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - D:\WINDOWS\inf\unregmp2.exe /ShowWMP
ActiveX: >{26923b43-4d38-484f-9b9e-de460746276c} - D:\WINDOWS\system32\ie4uinit.exe -UserIconConfig
ActiveX: >{60B49E34-C7CC-11D0-8953-00A0C90347FF} - "D:\WINDOWS\system32\rundll32.exe" "D:\WINDOWS\system32\iedkcs32.dll",BrandIEActiveSetup SIGNUP
ActiveX: >{60B49E34-C7CC-11D0-8953-00A0C90347FF}MICROS - RunDLL32 IEDKCS32.DLL,BrandIE4 SIGNUP
ActiveX: >{881dd1c5-3dcf-431b-b061-f3f88e8be88a} - %systemroot%\system32\shmgrate.exe OCInstallUserConfigOE

Drivers32: msacm.l3acm - D:\WINDOWS\system32\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
Drivers32: msacm.sl_anet - D:\WINDOWS\System32\sl_anet.acm (Sipro Lab Telecom Inc.)
Drivers32: msacm.trspch - D:\WINDOWS\System32\tssoft32.acm (DSP GROUP, INC.)
Drivers32: MSVideo8 - D:\WINDOWS\System32\vfwwdm32.dll (Microsoft Corporation)
Drivers32: vidc.cvid - D:\WINDOWS\System32\iccvid.dll (Radius Inc.)
Drivers32: vidc.iv31 - D:\WINDOWS\System32\ir32_32.dll ()
Drivers32: vidc.iv32 - D:\WINDOWS\System32\ir32_32.dll ()
Drivers32: VIDC.WMV3 - D:\WINDOWS\System32\wmv9vcm.dll (Microsoft Corporation)

NetSvcs: 6to4 - File not found
NetSvcs: HidServ - D:\WINDOWS\System32\hidserv.dll File not found
NetSvcs: Ias - File not found
NetSvcs: Iprip - File not found
NetSvcs: Irmon - File not found
NetSvcs: NWCWorkstation - File not found
NetSvcs: Nwsapagent - File not found
NetSvcs: WmdmPmSp - File not found

========== Files/Folders - Created Within 30 Days ==========

[2010/11/02 10:51:07 | 000,576,000 | ---- | C] (OldTimer Tools) -- D:\Documents and Settings\John Stacer\Desktop\OTL.exe
[2010/10/24 14:00:09 | 000,000,000 | ---D | C] -- D:\Documents and Settings\John Stacer\Desktop\gmer
[2010/10/20 18:47:09 | 000,000,000 | -HSD | C] -- D:\WINDOWS\CSC
[2010/10/20 08:46:23 | 000,000,000 | ---D | C] -- D:\Documents and Settings\John Stacer\Desktop\UndeletableSafebootKey_V0_0_0_1
[2010/10/19 23:13:25 | 000,009,344 | ---- | C] (McAfee, Inc.) -- D:\WINDOWS\System32\drivers\mfeclnk.sys
[2010/10/19 23:13:11 | 000,141,792 | ---- | C] (McAfee, Inc.) -- D:\WINDOWS\System32\mfevtps.exe
[2010/10/19 23:13:09 | 000,386,712 | ---- | C] (McAfee, Inc.) -- D:\WINDOWS\System32\drivers\mfehidk.sys
[2010/10/19 23:13:09 | 000,312,904 | ---- | C] (McAfee, Inc.) -- D:\WINDOWS\System32\drivers\mfefirek.sys
[2010/10/19 23:13:09 | 000,152,992 | ---- | C] (McAfee, Inc.) -- D:\WINDOWS\System32\drivers\mfeavfk.sys
[2010/10/19 23:13:09 | 000,095,600 | ---- | C] (McAfee, Inc.) -- D:\WINDOWS\System32\drivers\mfeapfk.sys
[2010/10/19 23:13:09 | 000,088,544 | ---- | C] (McAfee, Inc.) -- D:\WINDOWS\System32\drivers\mfendisk.sys
[2010/10/19 23:13:09 | 000,084,264 | ---- | C] (McAfee, Inc.) -- D:\WINDOWS\System32\drivers\mferkdet.sys
[2010/10/19 23:13:09 | 000,084,072 | ---- | C] (McAfee, Inc.) -- D:\WINDOWS\System32\drivers\mfetdi2k.sys
[2010/10/19 23:13:09 | 000,055,840 | ---- | C] (McAfee, Inc.) -- D:\WINDOWS\System32\drivers\cfwids.sys
[2010/10/19 23:13:09 | 000,052,104 | ---- | C] (McAfee, Inc.) -- D:\WINDOWS\System32\drivers\mfebopk.sys
[2010/10/19 18:55:56 | 021,224,403 | ---- | C] (Loaris, Inc. ) -- D:\Documents and Settings\John Stacer\Desktop\loaristrojanremover(2).exe
[2010/10/19 18:55:08 | 000,000,000 | ---D | C] -- D:\Program Files\Loaris
[2010/10/19 11:49:54 | 000,116,224 | ---- | C] (Xerox) -- D:\WINDOWS\System32\dllcache\xrxwiadr.dll
[2010/10/19 11:49:53 | 000,023,040 | ---- | C] (Xerox Corporation) -- D:\WINDOWS\System32\dllcache\xrxwbtmp.dll
[2010/10/19 11:49:51 | 000,004,608 | ---- | C] (Microsoft Corporation) -- D:\WINDOWS\System32\dllcache\xrxflnch.exe
[2010/10/19 11:49:31 | 000,099,865 | ---- | C] (Eicon Technology) -- D:\WINDOWS\System32\dllcache\xlog.exe
[2010/10/19 11:49:30 | 000,016,970 | ---- | C] (US Robotics MCD (Megahertz)) -- D:\WINDOWS\System32\dllcache\xem336n5.sys
[2010/10/19 11:49:28 | 000,019,455 | ---- | C] (Intel® Corporation) -- D:\WINDOWS\System32\dllcache\wvchntxx.sys
[2010/10/19 11:49:22 | 000,012,063 | ---- | C] (Intel® Corporation) -- D:\WINDOWS\System32\dllcache\wsiintxx.sys
[2010/10/19 11:49:20 | 000,008,192 | ---- | C] (Microsoft Corporation) -- D:\WINDOWS\System32\dllcache\wshirda.dll
[2010/10/19 11:49:00 | 000,008,832 | ---- | C] (Microsoft Corporation) -- D:\WINDOWS\System32\dllcache\wmiacpi.sys
[2010/10/19 11:48:56 | 000,154,624 | ---- | C] (Lucent Technologies) -- D:\WINDOWS\System32\dllcache\wlluc48.sys
[2010/10/19 11:48:55 | 000,034,890 | ---- | C] (Raytheon Corp.) -- D:\WINDOWS\System32\dllcache\wlandrv2.sys
[2010/10/19 11:48:46 | 000,771,581 | ---- | C] (Rockwell) -- D:\WINDOWS\System32\dllcache\winacisa.sys
[2010/10/19 11:48:43 | 000,087,040 | ---- | C] (Microsoft Corporation) -- D:\WINDOWS\System32\dllcache\wiafbdrv.dll
[2010/10/19 11:48:43 | 000,053,760 | ---- | C] (Microsoft Corporation) -- D:\WINDOWS\System32\dllcache\wiamsmud.dll
[2010/10/19 11:48:39 | 000,701,386 | ---- | C] (3Com Corporation) -- D:\WINDOWS\System32\dllcache\wdhaalba.sys
[2010/10/19 11:48:38 | 000,023,615 | ---- | C] (Intel® Corporation) -- D:\WINDOWS\System32\dllcache\wch7xxnt.sys
[2010/10/19 11:48:36 | 000,035,871 | ---- | C] (Winbond Electronics Corp.) -- D:\WINDOWS\System32\dllcache\wbfirdma.sys
[2010/10/19 11:48:36 | 000,031,744 | ---- | C] (Microsoft Corporation) -- D:\WINDOWS\System32\dllcache\wceusbsh.sys
[2010/10/19 11:48:32 | 000,033,599 | ---- | C] (Intel® Corporation) -- D:\WINDOWS\System32\dllcache\watv04nt.sys
[2010/10/19 11:48:31 | 000,019,551 | ---- | C] (Intel® Corporation) -- D:\WINDOWS\System32\dllcache\watv02nt.sys
[2010/10/19 11:48:30 | 000,029,311 | ---- | C] (Intel® Corporation) -- D:\WINDOWS\System32\dllcache\watv01nt.sys
[2010/10/19 11:48:27 | 000,011,775 | ---- | C] (Intel® Corporation) -- D:\WINDOWS\System32\dllcache\wadv05nt.sys
[2010/10/19 11:48:25 | 000,012,127 | ---- | C] (Intel® Corporation) -- D:\WINDOWS\System32\dllcache\wadv02nt.sys
[2010/10/19 11:48:24 | 000,012,415 | ---- | C] (Intel® Corporation) -- D:\WINDOWS\System32\dllcache\wadv01nt.sys
[2010/10/19 11:48:23 | 000,016,925 | ---- | C] (Winbond Electronics Corporation) -- D:\WINDOWS\System32\dllcache\w940nd.sys
[2010/10/19 11:48:22 | 000,019,016 | ---- | C] (Winbond Electronics Corporation) -- D:\WINDOWS\System32\dllcache\w926nd.sys
[2010/10/19 11:48:21 | 000,019,528 | ---- | C] (Winbond Electronics Corporation) -- D:\WINDOWS\System32\dllcache\w840nd.sys
[2010/10/19 11:48:17 | 000,064,605 | ---- | C] (PCtel, Inc.) -- D:\WINDOWS\System32\dllcache\vvoice.sys
[2010/10/19 11:48:16 | 000,397,502 | ---- | C] (PCtel, Inc.) -- D:\WINDOWS\System32\dllcache\vpctcom.sys
[2010/10/19 11:48:14 | 000,604,253 | ---- | C] (PCTEL, INC.) -- D:\WINDOWS\System32\dllcache\vmodem.sys
[2010/10/19 11:48:13 | 000,249,402 | ---- | C] (Xircom) -- D:\WINDOWS\System32\dllcache\vinwm.sys
[2010/10/19 11:48:12 | 000,024,576 | ---- | C] (VIA Technologies, Inc.) -- D:\WINDOWS\System32\dllcache\viairda.sys
[2010/10/19 11:48:06 | 000,687,999 | ---- | C] (U.S. Robotics Corporation) -- D:\WINDOWS\System32\dllcache\usrwdxjs.sys
[2010/10/19 11:48:05 | 000,765,884 | ---- | C] (U.S. Robotics, Inc.) -- D:\WINDOWS\System32\dllcache\usrti.sys
[2010/10/19 11:48:04 | 000,113,762 | ---- | C] (U.S. Robotics Corporation) -- D:\WINDOWS\System32\dllcache\usrpda.sys
[2010/10/19 11:48:03 | 000,007,556 | ---- | C] (U.S. Robotics Corporation) -- D:\WINDOWS\System32\dllcache\usroslba.sys
[2010/10/19 11:48:02 | 000,224,802 | ---- | C] (U.S. Robotics Corporation) -- D:\WINDOWS\System32\dllcache\usr1807a.sys
[2010/10/19 11:48:01 | 000,794,399 | ---- | C] (U.S. Robotics, Inc.) -- D:\WINDOWS\System32\dllcache\usr1806v.sys
[2010/10/19 11:48:01 | 000,793,598 | ---- | C] (U.S. Robotics, Inc.) -- D:\WINDOWS\System32\dllcache\usr1806.sys
[2010/10/19 11:48:00 | 000,794,654 | ---- | C] (U.S. Robotics, Inc.) -- D:\WINDOWS\System32\dllcache\usr1801.sys
[2010/10/19 11:47:58 | 000,026,112 | ---- | C] (Microsoft Corporation) -- D:\WINDOWS\System32\dllcache\usbser.sys
[2010/10/19 11:47:56 | 000,025,856 | ---- | C] (Microsoft Corporation) -- D:\WINDOWS\System32\dllcache\usbprint.sys
[2010/10/19 11:47:55 | 000,017,152 | ---- | C] (Microsoft Corporation) -- D:\WINDOWS\System32\dllcache\usbohci.sys
[2010/10/19 11:47:53 | 000,032,128 | ---- | C] (Microsoft Corporation) -- D:\WINDOWS\System32\dllcache\usbccgp.sys
[2010/10/19 11:47:51 | 000,060,032 | ---- | C] (Microsoft Corporation) -- D:\WINDOWS\System32\dllcache\usbaudio.sys
[2010/10/19 11:47:50 | 000,032,384 | ---- | C] (KLSI USA, Inc.) -- D:\WINDOWS\System32\dllcache\usb101et.sys
[2010/10/19 11:47:46 | 000,094,720 | ---- | C] (Microsoft Corporation) -- D:\WINDOWS\System32\dllcache\umaxud32.dll
[2010/10/19 11:47:45 | 000,028,160 | ---- | C] (Microsoft Corporation) -- D:\WINDOWS\System32\dllcache\umaxu40.dll
[2010/10/19 11:47:45 | 000,026,624 | ---- | C] (Microsoft Corporation) -- D:\WINDOWS\System32\dllcache\umaxu22.dll
[2010/10/19 11:47:44 | 000,069,632 | ---- | C] (Microsoft Corporation) -- D:\WINDOWS\System32\dllcache\umaxu12.dll
[2010/10/19 11:47:44 | 000,050,688 | ---- | C] (UMAX DATA SYSTEMS INC.) -- D:\WINDOWS\System32\dllcache\umaxscan.dll
[2010/10/19 11:47:43 | 000,050,176 | ---- | C] (Microsoft Corporation) -- D:\WINDOWS\System32\dllcache\umaxp60.dll
[2010/10/19 11:47:43 | 000,022,912 | ---- | C] (Microsoft Corporation) -- D:\WINDOWS\System32\dllcache\umaxpcls.sys
[2010/10/19 11:47:42 | 000,047,616 | ---- | C] (Microsoft Corporation) -- D:\WINDOWS\System32\dllcache\umaxcam.dll
[2010/10/19 11:47:41 | 000,211,968 | ---- | C] (UMAX Data Systems Inc.) -- D:\WINDOWS\System32\dllcache\um54scan.dll
[2010/10/19 11:47:40 | 000,216,064 | ---- | C] (UMAX Data Systems Inc.) -- D:\WINDOWS\System32\dllcache\um34scan.dll
[2010/10/19 11:47:40 | 000,036,736 | ---- | C] (Promise Technology, Inc.) -- D:\WINDOWS\System32\dllcache\ultra.sys
[2010/10/19 11:47:38 | 000,011,520 | ---- | C] (IBM Corporation) -- D:\WINDOWS\System32\dllcache\twotrack.sys
[2010/10/19 11:47:33 | 000,525,568 | ---- | C] (Trident Microsystems Inc.) -- D:\WINDOWS\System32\dllcache\tridxp.dll
[2010/10/19 11:47:33 | 000,166,784 | ---- | C] (Trident Microsystems Inc.) -- D:\WINDOWS\System32\dllcache\tridxpm.sys
[2010/10/19 11:47:32 | 000,440,576 | ---- | C] (Trident Microsystems Inc.) -- D:\WINDOWS\System32\dllcache\tridkb.dll
[2010/10/19 11:47:32 | 000,159,232 | ---- | C] (Trident Microsystems Inc.) -- D:\WINDOWS\System32\dllcache\tridkbm.sys
[2010/10/19 11:47:31 | 000,315,520 | ---- | C] (Trident Microsystems Inc.) -- D:\WINDOWS\System32\dllcache\trid3d.dll
[2010/10/19 11:47:31 | 000,222,336 | ---- | C] (Trident Microsystems Inc.) -- D:\WINDOWS\System32\dllcache\trid3dm.sys
[2010/10/19 11:47:30 | 000,034,375 | ---- | C] (Intel Corporation) -- D:\WINDOWS\System32\dllcache\tpro4.sys
[2010/10/19 11:47:29 | 000,042,496 | ---- | C] (IBM Corporation) -- D:\WINDOWS\System32\dllcache\tp4res.dll
[2010/10/19 11:47:28 | 000,082,944 | ---- | C] (IBM Corporation) -- D:\WINDOWS\System32\dllcache\tp4mon.exe
[2010/10/19 11:47:27 | 000,031,744 | ---- | C] (IBM Corporation) -- D:\WINDOWS\System32\dllcache\tp4.dll
[2010/10/19 11:47:25 | 000,230,912 | ---- | C] (Toshiba Corporation) -- D:\WINDOWS\System32\dllcache\tosdvd03.sys
[2010/10/19 11:47:25 | 000,004,992 | ---- | C] (Microsoft Corporation) -- D:\WINDOWS\System32\dllcache\toside.sys
[2010/10/19 11:47:24 | 000,241,664 | ---- | C] (Toshiba Corporation) -- D:\WINDOWS\System32\dllcache\tosdvd02.sys
[2010/10/19 11:47:23 | 000,028,232 | ---- | C] (TOSHIBA Corporation) -- D:\WINDOWS\System32\dllcache\tos4mo.sys
[2010/10/19 11:47:21 | 000,123,995 | ---- | C] (Tiger Jet Network) -- D:\WINDOWS\System32\dllcache\tjisdn.sys
[2010/10/19 11:47:17 | 000,138,528 | ---- | C] (Trident Microsystems Inc.) -- D:\WINDOWS\System32\dllcache\tgiulnt5.sys
[2010/10/19 11:47:17 | 000,081,408 | ---- | C] (Trident Microsystems Inc.) -- D:\WINDOWS\System32\dllcache\tgiul50.dll
[2010/10/19 11:47:15 | 000,149,376 | ---- | C] (M-Systems) -- D:\WINDOWS\System32\dllcache\tffsport.sys
[2010/10/19 11:47:13 | 000,017,129 | ---- | C] (TDK Corporation) -- D:\WINDOWS\System32\dllcache\tdkcd31.sys
[2010/10/19 11:47:12 | 000,037,961 | ---- | C] (TDK Corporation) -- D:\WINDOWS\System32\dllcache\tdk100b.sys
[2010/10/19 11:47:09 | 000,030,464 | ---- | C] (Toshiba Corporation) -- D:\WINDOWS\System32\dllcache\tbatm155.sys
[2010/10/19 11:47:07 | 000,007,040 | ---- | C] (Microsoft Corporation) -- D:\WINDOWS\System32\dllcache\tandqic.sys
[2010/10/19 11:47:06 | 000,172,768 | ---- | C] (Number Nine Visual Technology) -- D:\WINDOWS\System32\dllcache\t2r4disp.dll
[2010/10/19 11:47:06 | 000,036,640 | ---- | C] (Number Nine Visual Technology Corp.) -- D:\WINDOWS\System32\dllcache\t2r4mini.sys
[2010/10/19 11:47:02 | 000,032,640 | ---- | C] (LSI Logic) -- D:\WINDOWS\System32\dllcache\symc8xx.sys
[2010/10/19 11:47:01 | 000,016,256 | ---- | C] (Symbios Logic Inc.) -- D:\WINDOWS\System32\dllcache\symc810.sys
[2010/10/19 11:47:00 | 000,030,688 | ---- | C] (LSI Logic) -- D:\WINDOWS\System32\dllcache\sym_u3.sys
[2010/10/19 11:47:00 | 000,028,384 | ---- | C] (LSI Logic) -- D:\WINDOWS\System32\dllcache\sym_hi.sys
[2010/10/19 11:46:59 | 000,094,293 | ---- | C] (Perle Systems Ltd. ) -- D:\WINDOWS\System32\dllcache\sxports.dll
[2010/10/19 11:46:58 | 000,103,936 | ---- | C] (Perle Systems Ltd. ) -- D:\WINDOWS\System32\dllcache\sx.sys
[2010/10/19 11:46:58 | 000,003,968 | ---- | C] (Microsoft Corporation) -- D:\WINDOWS\System32\dllcache\swusbflt.sys
[2010/10/19 11:46:57 | 000,010,240 | ---- | C] (Microsoft Corporation) -- D:\WINDOWS\System32\dllcache\swpidflt.dll
[2010/10/19 11:46:57 | 000,010,240 | ---- | C] (Microsoft Corporation) -- D:\WINDOWS\System32\dllcache\swpdflt2.dll
[2010/10/19 11:46:56 | 000,053,760 | ---- | C] (Microsoft Corporation) -- D:\WINDOWS\System32\dllcache\sw_wheel.dll
[2010/10/19 11:46:56 | 000,041,472 | ---- | C] (Microsoft Corporation) -- D:\WINDOWS\System32\dllcache\sw_effct.dll
[2010/10/19 11:46:53 | 000,155,648 | ---- | C] (Stallion Technologies) -- D:\WINDOWS\System32\dllcache\stlnprop.dll
[2010/10/19 11:46:52 | 000,285,760 | ---- | C] (Stallion Technologies) -- D:\WINDOWS\System32\dllcache\stlnata.sys
[2010/10/19 11:46:52 | 000,053,248 | ---- | C] (Stallion Technologies) -- D:\WINDOWS\System32\dllcache\stlncoin.dll
[2010/10/19 11:46:50 | 000,016,896 | ---- | C] (SCM Microsystems, Inc.) -- D:\WINDOWS\System32\dllcache\stcusb.sys
[2010/10/19 11:46:46 | 000,048,736 | ---- | C] (3Com) -- D:\WINDOWS\System32\dllcache\srwlnd5.sys
[2010/10/19 11:46:45 | 000,099,328 | ---- | C] (Microsoft Corporation) -- D:\WINDOWS\System32\dllcache\srusd.dll
[2010/10/19 11:46:42 | 000,024,660 | ---- | C] (Perle Systems Ltd.) -- D:\WINDOWS\System32\dllcache\spxupchk.dll
[2010/10/19 11:46:38 | 000,106,584 | ---- | C] (Perle Systems Ltd.) -- D:\WINDOWS\System32\dllcache\spdports.dll
[2010/10/19 11:46:38 | 000,061,824 | ---- | C] (Perle Systems Ltd.) -- D:\WINDOWS\System32\dllcache\speed.sys
[2010/10/19 11:46:37 | 000,019,072 | ---- | C] (Adaptec, Inc.) -- D:\WINDOWS\System32\dllcache\sparrow.sys
[2010/10/19 11:46:36 | 000,007,552 | ---- | C] (Sony Corporation) -- D:\WINDOWS\System32\dllcache\sonypvu1.sys
[2010/10/19 11:46:35 | 000,037,040 | ---- | C] (Sony Corporation) -- D:\WINDOWS\System32\dllcache\sonypi.sys
[2010/10/19 11:46:34 | 000,114,688 | ---- | C] (Sony Corporation) -- D:\WINDOWS\System32\dllcache\sonypi.dll
[2010/10/19 11:46:34 | 000,020,752 | ---- | C] (Sony Corporation) -- D:\WINDOWS\System32\dllcache\sonync.sys
[2010/10/19 11:46:33 | 000,009,600 | ---- | C] (Microsoft Corporation) -- D:\WINDOWS\System32\dllcache\sonymc.sys
[2010/10/19 11:46:32 | 000,007,552 | ---- | C] (Microsoft Corporation) -- D:\WINDOWS\System32\dllcache\sonyait.sys
[2010/10/19 11:46:30 | 000,007,040 | ---- | C] (Microsoft Corporation) -- D:\WINDOWS\System32\dllcache\snyaitmc.sys
[2010/10/19 11:46:25 | 000,058,368 | ---- | C] (Silicon Motion Inc.) -- D:\WINDOWS\System32\dllcache\smiminib.sys
[2010/10/19 11:46:24 | 000,147,200 | ---- | C] (Silicon Motion Inc.) -- D:\WINDOWS\System32\dllcache\smidispb.dll
[2010/10/19 11:46:23 | 000,025,034 | ---- | C] (SMC Networks, Inc.) -- D:\WINDOWS\System32\dllcache\smcpwr2n.sys
[2010/10/19 11:46:22 | 000,035,913 | ---- | C] (SMC) -- D:\WINDOWS\System32\dllcache\smcirda.sys
[2010/10/19 11:46:22 | 000,024,576 | ---- | C] (SMC Networks, Inc.) -- D:\WINDOWS\System32\dllcache\smc8000n.sys
[2010/10/19 11:46:21 | 000,006,784 | ---- | C] (Microsoft Corporation) -- D:\WINDOWS\System32\dllcache\smbhc.sys
[2010/10/19 11:46:20 | 000,006,912 | ---- | C] (Microsoft Corporation) -- D:\WINDOWS\System32\dllcache\smbclass.sys
[2010/10/19 11:46:19 | 000,016,000 | ---- | C] (Microsoft Corporation) -- D:\WINDOWS\System32\dllcache\smbbatt.sys
[2010/10/19 11:46:18 | 000,045,568 | ---- | C] (Microsoft Corporation) -- D:\WINDOWS\System32\dllcache\smb3w.dll
[2010/10/19 11:46:17 | 000,033,792 | ---- | C] (Microsoft Corporation) -- D:\WINDOWS\System32\dllcache\smb0w.dll
[2010/10/19 11:46:16 | 000,028,672 | ---- | C] (Microsoft Corporation) -- D:\WINDOWS\System32\dllcache\sma0w.dll
[2010/10/19 11:46:14 | 000,028,160 | ---- | C] (Microsoft Corporation) -- D:\WINDOWS\System32\dllcache\sm91w.dll
[2010/10/19 11:46:07 | 000,063,547 | ---- | C] (Symbol Technologies) -- D:\WINDOWS\System32\dllcache\sla30nd5.sys
[2010/10/19 11:46:06 | 000,091,294 | ---- | C] (SysKonnect, a business unit of Schneider & Koch & Co. Datensysteme GmbH.) -- D:\WINDOWS\System32\dllcache\skfpwin.sys
[2010/10/19 11:46:05 | 000,157,696 | ---- | C] (Silicon Integrated Systems Corporation) -- D:\WINDOWS\System32\dllcache\sisv256.dll
[2010/10/19 11:46:05 | 000,094,698 | ---- | C] (SysKonnect GmbH.) -- D:\WINDOWS\System32\dllcache\sk98xwin.sys
[2010/10/19 11:46:04 | 000,050,432 | ---- | C] (Silicon Integrated Systems Corporation) -- D:\WINDOWS\System32\dllcache\sisv.sys
[2010/10/19 11:46:03 | 000,032,768 | ---- | C] (SiS Corporation) -- D:\WINDOWS\System32\dllcache\sisnic.sys
[2010/10/19 11:46:02 | 000,238,592 | ---- | C] (Silicon Integrated Systems Corporation) -- D:\WINDOWS\System32\dllcache\sisgrv.dll
[2010/10/19 11:46:02 | 000,104,064 | ---- | C] (Silicon Integrated Systems Corporation) -- D:\WINDOWS\System32\dllcache\sisgrp.sys
[2010/10/19 11:46:01 | 000,150,144 | ---- | C] (Silicon Integrated Systems Corporation) -- D:\WINDOWS\System32\dllcache\sis6306v.dll
[2010/10/19 11:46:01 | 000,068,608 | ---- | C] (Silicon Integrated Systems Corporation) -- D:\WINDOWS\System32\dllcache\sis6306p.sys
[2010/10/19 11:46:00 | 000,252,032 | ---- | C] (Silicon Integrated Systems Corporation) -- D:\WINDOWS\System32\dllcache\sis300iv.dll
[2010/10/19 11:46:00 | 000,101,760 | ---- | C] (Silicon Integrated Systems Corporation) -- D:\WINDOWS\System32\dllcache\sis300ip.sys
[2010/10/19 11:45:51 | 000,161,568 | ---- | C] (Micro Systemation) -- D:\WINDOWS\System32\dllcache\sgsmusb.sys
[2010/10/19 11:45:51 | 000,018,400 | ---- | C] (Micro Systemation) -- D:\WINDOWS\System32\dllcache\sgsmld.sys
[2010/10/19 11:45:50 | 000,098,080 | ---- | C] (Trident Microsystems Inc.) -- D:\WINDOWS\System32\dllcache\sgiulnt5.sys
[2010/10/19 11:45:49 | 000,386,560 | ---- | C] (Trident Microsystems Inc.) -- D:\WINDOWS\System32\dllcache\sgiul50.dll
[2010/10/19 11:45:49 | 000,036,480 | ---- | C] (Creative Technology Ltd.) -- D:\WINDOWS\System32\dllcache\sfmanm.sys
[2010/10/19 11:45:45 | 000,017,664 | ---- | C] (Microsoft Corporation) -- D:\WINDOWS\System32\dllcache\sermouse.sys
[2010/10/19 11:45:45 | 000,006,784 | ---- | C] (Microsoft Corporation) -- D:\WINDOWS\System32\dllcache\serscan.sys
[2010/10/19 11:45:42 | 000,006,912 | ---- | C] (Microsoft Corporation) -- D:\WINDOWS\System32\dllcache\seaddsmc.sys
[2010/10/19 11:45:40 | 000,011,520 | ---- | C] (Microsoft Corporation) -- D:\WINDOWS\System32\dllcache\scsiscan.sys
[2010/10/19 11:45:39 | 000,011,648 | ---- | C] (Microsoft Corporation) -- D:\WINDOWS\System32\dllcache\scsiprnt.sys
[2010/10/19 11:45:37 | 000,017,280 | ---- | C] (SCM Microsystems) -- D:\WINDOWS\System32\dllcache\scr111.sys
[2010/10/19 11:45:37 | 000,016,640 | ---- | C] (Microsoft Corporation) -- D:\WINDOWS\System32\dllcache\scmstcs.sys
[2010/10/19 11:45:35 | 000,023,936 | ---- | C] (OMNIKEY AG) -- D:\WINDOWS\System32\dllcache\sccmusbm.sys
[2010/10/19 11:45:35 | 000,023,936 | ---- | C] (OMNIKEY AG) -- D:\WINDOWS\System32\dllcache\sccmn50m.sys
[2010/10/19 11:45:33 | 000,043,904 | ---- | C] (Microsoft Corporation) -- D:\WINDOWS\System32\dllcache\sbp2port.sys
[2010/10/19 11:45:32 | 000,495,616 | ---- | C] (Creative Technology Ltd.) -- D:\WINDOWS\System32\dllcache\sblfx.dll
[2010/10/19 11:45:30 | 000,075,392 | ---- | C] (S3 Graphics, Inc.) -- D:\WINDOWS\System32\dllcache\s3savmxm.sys
[2010/10/19 11:45:29 | 000,245,632 | ---- | C] (S3 Graphics, Inc.) -- D:\WINDOWS\System32\dllcache\s3savmx.dll
[2010/10/19 11:45:29 | 000,077,824 | ---- | C] (S3 Incorporated) -- D:\WINDOWS\System32\dllcache\s3sav4m.sys
[2010/10/19 11:45:28 | 000,198,400 | ---- | C] (S3 Incorporated) -- D:\WINDOWS\System32\dllcache\s3sav4.dll
[2010/10/19 11:45:28 | 000,061,504 | ---- | C] (S3 Incorporated) -- D:\WINDOWS\System32\dllcache\s3sav3dm.sys
[2010/10/19 11:45:27 | 000,179,264 | ---- | C] (S3 Incorporated) -- D:\WINDOWS\System32\dllcache\s3sav3d.dll
[2010/10/19 11:45:26 | 000,210,496 | ---- | C] (S3 Incorporated) -- D:\WINDOWS\System32\dllcache\s3mvirge.dll
[2010/10/19 11:45:26 | 000,062,496 | ---- | C] (S3 Incorporated) -- D:\WINDOWS\System32\dllcache\s3mtrio.dll
[2010/10/19 11:45:25 | 000,182,272 | ---- | C] (S3 Incorporated) -- D:\WINDOWS\System32\dllcache\s3mt3d.dll
[2010/10/19 11:45:25 | 000,041,216 | ---- | C] (S3 Incorporated) -- D:\WINDOWS\System32\dllcache\s3mt3d.sys
[2010/10/19 11:45:24 | 000,166,720 | ---- | C] (S3 Incorporated) -- D:\WINDOWS\System32\dllcache\s3m.sys
[2010/10/19 11:45:24 | 000,065,664 | ---- | C] (Microsoft Corporation) -- D:\WINDOWS\System32\dllcache\s3legacy.sys
[2010/10/19 11:45:22 | 000,082,432 | ---- | C] (Ricoh Co., Ltd.) -- D:\WINDOWS\System32\dllcache\rwia450.dll
[2010/10/19 11:45:22 | 000,079,872 | ---- | C] (Ricoh Co., Ltd.) -- D:\WINDOWS\System32\dllcache\rwia430.dll
[2010/10/19 11:45:20 | 000,029,696 | ---- | C] (Ricoh Co., Ltd.) -- D:\WINDOWS\System32\dllcache\rw450ext.dll
[2010/10/19 11:45:18 | 000,027,648 | ---- | C] (Ricoh Co., Ltd.) -- D:\WINDOWS\System32\dllcache\rw430ext.dll
[2010/10/19 11:45:15 | 000,020,992 | ---- | C] (Realtek Semiconductor Corporation) -- D:\WINDOWS\System32\dllcache\rtl8139.sys
[2010/10/19 11:45:15 | 000,019,017 | ---- | C] (Realtek Semiconductor Corporation) -- D:\WINDOWS\System32\dllcache\rtl8029.sys
[2010/10/19 11:45:14 | 000,030,720 | ---- | C] (Conexant Systems Inc.) -- D:\WINDOWS\System32\dllcache\rthwcls.sys
[2010/10/19 11:45:11 | 000,009,216 | ---- | C] (Brother Industries, Ltd.) -- D:\WINDOWS\System32\dllcache\rsmgrstr.dll
[2010/10/19 11:45:09 | 000,003,840 | ---- | C] (Conexant Systems Inc.) -- D:\WINDOWS\System32\dllcache\rpfun.sys
[2010/10/19 11:45:06 | 000,079,104 | ---- | C] (Comtrol Corporation) -- D:\WINDOWS\System32\dllcache\rocket.sys
[2010/10/19 11:45:04 | 000,037,563 | ---- | C] (RadioLAN) -- D:\WINDOWS\System32\dllcache\rlnet5.sys
[2010/10/19 11:45:03 | 000,086,097 | ---- | C] (Xircom) -- D:\WINDOWS\System32\dllcache\reslog32.dll
[2010/10/19 11:44:52 | 000,019,584 | ---- | C] (Microsoft Corporation) -- D:\WINDOWS\System32\dllcache\rasirda.sys
[2010/10/19 11:44:49 | 000,899,146 | ---- | C] (Xircom, Inc.) -- D:\WINDOWS\System32\dllcache\r2mdkxga.sys
[2010/10/19 11:44:49 | 000,714,762 | ---- | C] (Xircom, Inc.) -- D:\WINDOWS\System32\dllcache\r2mdmkxx.sys
[2010/10/19 11:44:48 | 000,041,472 | ---- | C] (Microsoft Corporation) -- D:\WINDOWS\System32\dllcache\qvusd.dll
[2010/10/19 11:44:47 | 000,003,328 | ---- | C] (Microsoft Corporation) -- D:\WINDOWS\System32\dllcache\qv2kux.sys
[2010/10/19 11:44:43 | 000,049,024 | ---- | C] (QLogic Corporation) -- D:\WINDOWS\System32\dllcache\ql1280.sys
[2010/10/19 11:44:42 | 000,045,312 | ---- | C] (QLogic Corporation) -- D:\WINDOWS\System32\dllcache\ql12160.sys
[2010/10/19 11:44:42 | 000,040,448 | ---- | C] (Microsoft Corporation) -- D:\WINDOWS\System32\dllcache\ql1240.sys
[2010/10/19 11:44:41 | 000,033,152 | ---- | C] (Microsoft Corporation) -- D:\WINDOWS\System32\dllcache\ql10wnt.sys
[2010/10/19 11:44:40 | 000,040,320 | ---- | C] (QLogic Corporation) -- D:\WINDOWS\System32\dllcache\ql1080.sys
[2010/10/19 11:44:39 | 000,006,016 | ---- | C] (Microsoft Corporation) -- D:\WINDOWS\System32\dllcache\qic157.sys
[2010/10/19 11:44:37 | 000,130,942 | ---- | C] (PCTEL, INC.) -- D:\WINDOWS\System32\dllcache\ptserlv.sys
[2010/10/19 11:44:36 | 000,128,286 | ---- | C] (PCTEL, INC.) -- D:\WINDOWS\System32\dllcache\ptserli.sys
[2010/10/19 11:44:36 | 000,112,574 | ---- | C] (PCTEL, INC.) -- D:\WINDOWS\System32\dllcache\ptserlp.sys
[2010/10/19 11:44:35 | 000,159,232 | ---- | C] (Microsoft Corporation) -- D:\WINDOWS\System32\dllcache\ptpusd.dll
[2010/10/19 11:44:34 | 000,005,632 | ---- | C] (Microsoft Corporation) -- D:\WINDOWS\System32\dllcache\ptpusb.dll
[2010/10/19 11:44:32 | 000,035,328 | ---- | C] (Microsoft Corporation) -- D:\WINDOWS\System32\dllcache\psisload.dll
[2010/10/19 11:44:30 | 000,016,128 | ---- | C] (SCM Microsystems, Inc.) -- D:\WINDOWS\System32\dllcache\pscr.sys
[2010/10/19 11:44:25 | 000,017,664 | ---- | C] (Microsoft Corporation) -- D:\WINDOWS\System32\dllcache\ppa3.sys
[2010/10/19 11:44:24 | 000,017,792 | ---- | C] (Microsoft Corporation) -- D:\WINDOWS\System32\dllcache\ppa.sys
[2010/10/19 11:44:23 | 000,008,832 | ---- | C] (Microsoft Corporation) -- D:\WINDOWS\System32\dllcache\powerfil.sys
[2010/10/19 11:44:22 | 000,007,168 | ---- | C] (Microsoft Corporation) -- D:\WINDOWS\System32\dllcache\pnrmc.sys
[2010/10/19 11:44:15 | 000,121,344 | ---- | C] (Microsoft Corporation) -- D:\WINDOWS\System32\dllcache\phvfwext.dll
[2010/10/19 11:44:14 | 000,092,416 | ---- | C] (Microsoft Corporation) -- D:\WINDOWS\System32\dllcache\phildec.sys
[2010/10/19 11:44:14 | 000,019,840 | ---- | C] (Microsoft Corporation) -- D:\WINDOWS\System32\dllcache\philtune.sys
[2010/10/19 11:44:13 | 000,173,696 | ---- | C] (Microsoft Corporation) -- D:\WINDOWS\System32\dllcache\philcam2.sys
[2010/10/19 11:44:13 | 000,075,776 | ---- | C] (Microsoft Corporation) -- D:\WINDOWS\System32\dllcache\philcam1.sys
[2010/10/19 11:44:12 | 000,105,984 | ---- | C] (Microsoft Corporation) -- D:\WINDOWS\System32\dllcache\phdsext.ax
[2010/10/19 11:44:12 | 000,016,384 | ---- | C] (Microsoft Corporation) -- D:\WINDOWS\System32\dllcache\philcam1.dll
[2010/10/19 11:44:10 | 000,259,328 | ---- | C] (Microsoft Corp., 3Dlabs Inc. Ltd.) -- D:\WINDOWS\System32\dllcache\perm3dd.dll
[2010/10/19 11:44:09 | 000,028,032 | ---- | C] (Microsoft Corp., 3Dlabs Inc. Ltd.) -- D:\WINDOWS\System32\dllcache\perm3.sys
[2010/10/19 11:44:08 | 000,211,584 | ---- | C] (Microsoft Corp., 3Dlabs Inc. Ltd.) -- D:\WINDOWS\System32\dllcache\perm2dll.dll
[2010/10/19 11:44:07 | 000,027,904 | ---- | C] (Microsoft Corp., 3Dlabs Inc. Ltd.) -- D:\WINDOWS\System32\dllcache\perm2.sys
[2010/10/19 11:44:06 | 000,005,504 | ---- | C] (Microsoft Corporation) -- D:\WINDOWS\System32\dllcache\perc2hib.sys
[2010/10/19 11:44:05 | 000,027,296 | ---- | C] (Microsoft Corporation) -- D:\WINDOWS\System32\dllcache\perc2.sys
[2010/10/19 11:44:03 | 000,169,984 | ---- | C] (Cisco Systems) -- D:\WINDOWS\System32\dllcache\pcx500.sys
[2010/10/19 11:44:03 | 000,086,016 | ---- | C] (PCtel, Inc.) -- D:\WINDOWS\System32\dllcache\pctspk.exe
[2010/10/19 11:44:02 | 000,035,328 | ---- | C] (AMD Inc.) -- D:\WINDOWS\System32\dllcache\pcntpci5.sys
[2010/10/19 11:44:02 | 000,029,769 | ---- | C] (AMD Inc.) -- D:\WINDOWS\System32\dllcache\pcntn5m.sys
[2010/10/19 11:44:01 | 000,030,282 | ---- | C] (AMD Inc.) -- D:\WINDOWS\System32\dllcache\pcntn5hl.sys
[2010/10/19 11:44:00 | 000,026,153 | ---- | C] (Linksys) -- D:\WINDOWS\System32\dllcache\pcmlm56.sys
[2010/10/19 11:43:59 | 000,003,328 | ---- | C] (Microsoft Corporation) -- D:\WINDOWS\System32\dllcache\pciide.sys
[2010/10/19 11:43:58 | 000,029,502 | ---- | C] (Marconi Communications, Inc.) -- D:\WINDOWS\System32\dllcache\pca200e.sys
[2010/10/19 11:43:57 | 000,030,495 | ---- | C] (Linksys) -- D:\WINDOWS\System32\dllcache\pc100nds.sys
[2010/10/19 11:43:51 | 000,044,544 | ---- | C] (Microsoft Corporation) -- D:\WINDOWS\System32\dllcache\ovui2.dll
[2010/10/19 11:43:51 | 000,041,984 | ---- | C] (Microsoft Corporation) -- D:\WINDOWS\System32\dllcache\ovui2rc.dll
[2010/10/19 11:43:50 | 000,039,424 | ---- | C] (Microsoft Corporation) -- D:\WINDOWS\System32\dllcache\ovcoms.exe
[2010/10/19 11:43:50 | 000,025,216 | ---- | C] (Microsoft Corporation) -- D:\WINDOWS\System32\dllcache\ovsound2.sys
[2010/10/19 11:43:49 | 000,351,616 | ---- | C] (Microsoft Corporation) -- D:\WINDOWS\System32\dllcache\ovcodek2.sys
[2010/10/19 11:43:49 | 000,020,480 | ---- | C] (Microsoft Corporation) -- D:\WINDOWS\System32\dllcache\ovcomc.dll
[2010/10/19 11:43:48 | 000,116,736 | ---- | C] (Microsoft Corporation) -- D:\WINDOWS\System32\dllcache\ovcodec2.dll
[2010/10/19 11:43:48 | 000,031,872 | ---- | C] (Microsoft Corporation) -- D:\WINDOWS\System32\dllcache\ovce.sys
[2010/10/19 11:43:47 | 000,048,000 | ---- | C] (Microsoft Corporation) -- D:\WINDOWS\System32\dllcache\ovcam2.sys
[2010/10/19 11:43:47 | 000,028,032 | ---- | C] (Microsoft Corporation) -- D:\WINDOWS\System32\dllcache\ovcd.sys
[2010/10/19 11:43:46 | 000,054,186 | ---- | C] (Ositech Communications, Inc.) -- D:\WINDOWS\System32\dllcache\otcsercb.sys
[2010/10/19 11:43:46 | 000,025,088 | ---- | C] (Microsoft Corporation) -- D:\WINDOWS\System32\dllcache\ovca.sys
[2010/10/19 11:43:45 | 000,043,689 | ---- | C] (Ositech Communications, Inc.) -- D:\WINDOWS\System32\dllcache\otceth5.sys
[2010/10/19 11:43:45 | 000,027,209 | ---- | C] (Ositech Communications, Inc.) -- D:\WINDOWS\System32\dllcache\otc06x5.sys
[2010/10/19 11:43:44 | 000,054,528 | ---- | C] (Yamaha Corp.) -- D:\WINDOWS\System32\dllcache\opl3sax.sys
[2010/10/19 11:43:39 | 000,061,696 | ---- | C] (Microsoft Corporation) -- D:\WINDOWS\System32\dllcache\ohci1394.sys
[2010/10/19 11:43:33 | 000,198,144 | ---- | C] (NVIDIA Corporation) -- D:\WINDOWS\System32\dllcache\nv3.sys
[2010/10/19 11:43:32 | 000,123,776 | ---- | C] (NVIDIA Corporation) -- D:\WINDOWS\System32\dllcache\nv3.dll
[2010/10/19 11:43:25 | 000,051,552 | ---- | C] (Kensington Technology Group) -- D:\WINDOWS\System32\dllcache\ntgrip.sys
[2010/10/19 11:43:23 | 000,009,344 | ---- | C] (Microsoft Corporation) -- D:\WINDOWS\System32\dllcache\ntapm.sys
[2010/10/19 11:43:22 | 000,007,552 | ---- | C] (Microsoft Corporation) -- D:\WINDOWS\System32\dllcache\nsmmc.sys
[2010/10/19 11:43:21 | 000,028,672 | ---- | C] (National Semiconductor Corporation) -- D:\WINDOWS\System32\dllcache\nscirda.sys
[2010/10/19 11:43:18 | 000,087,040 | ---- | C] (NeoMagic Corporation) -- D:\WINDOWS\System32\dllcache\nm6wdm.sys
[2010/10/19 11:43:17 | 000,126,080 | ---- | C] (NeoMagic Corporation) -- D:\WINDOWS\System32\dllcache\nm5a2wdm.sys
[2010/10/19 11:43:15 | 000,032,840 | ---- | C] (NETGEAR Corporation.) -- D:\WINDOWS\System32\dllcache\ngrpci.sys
[2010/10/19 11:43:13 | 000,132,695 | ---- | C] (802.11b) -- D:\WINDOWS\System32\dllcache\netwlan5.sys
[2010/10/19 11:43:10 | 000,065,278 | ---- | C] (Compaq Computer Corporation) -- D:\WINDOWS\System32\dllcache\netflx3.sys
[2010/10/19 11:43:08 | 000,060,480 | ---- | C] (NeoMagic Corporation) -- D:\WINDOWS\System32\dllcache\neo20xx.dll
[2010/10/19 11:43:08 | 000,039,264 | ---- | C] (NeoMagic Corporation) -- D:\WINDOWS\System32\dllcache\neo20xx.sys
[2010/10/19 11:43:07 | 000,015,872 | ---- | C] (Microsoft Corporation) -- D:\WINDOWS\System32\dllcache\ne2000.sys
[2010/10/19 11:43:03 | 000,091,488 | ---- | C] (Number Nine Visual Technology Corp.) -- D:\WINDOWS\System32\dllcache\n9i3disp.dll
[2010/10/19 11:43:02 | 000,033,088 | ---- | C] (Number Nine Visual Technology Corp.) -- D:\WINDOWS\System32\dllcache\n9i128v2.sys
[2010/10/19 11:43:02 | 000,027,936 | ---- | C] (Number Nine Visual Technology Corp.) -- D:\WINDOWS\System32\dllcache\n9i3d.sys
[2010/10/19 11:43:01 | 000,059,104 | ---- | C] (Number Nine Visual Technology Corp.) -- D:\WINDOWS\System32\dllcache\n9i128v2.dll
[2010/10/19 11:43:01 | 000,013,664 | ---- | C] (Number Nine Visual Technology Corp.) -- D:\WINDOWS\System32\dllcache\n9i128.sys
[2010/10/19 11:43:00 | 000,128,000 | ---- | C] (Compaq Computer Corporation) -- D:\WINDOWS\System32\dllcache\n100325.sys
[2010/10/19 11:43:00 | 000,035,392 | ---- | C] (Number Nine Visual Technology Corp.) -- D:\WINDOWS\System32\dllcache\n9i128.dll
[2010/10/19 11:42:59 | 000,052,255 | ---- | C] (Compaq Computer Corporation) -- D:\WINDOWS\System32\dllcache\n1000nt5.sys
[2010/10/19 11:42:58 | 000,075,520 | ---- | C] (Moxa Technologies Co., Ltd.) -- D:\WINDOWS\System32\dllcache\mxport.sys
[2010/10/19 11:42:58 | 000,007,168 | ---- | C] (Moxa Technologies Co., Ltd) -- D:\WINDOWS\System32\dllcache\mxport.dll
[2010/10/19 11:42:57 | 000,019,968 | ---- | C] (Moxa Technologies Co., Ltd) -- D:\WINDOWS\System32\dllcache\mxicfg.dll
[2010/10/19 11:42:57 | 000,019,968 | ---- | C] (Macronix International Co., Ltd. ) -- D:\WINDOWS\System32\dllcache\mxnic.sys
[2010/10/19 11:42:56 | 000,021,888 | ---- | C] (Moxa Technologies Co., Ltd.) -- D:\WINDOWS\System32\dllcache\mxcard.sys
[2010/10/19 11:42:54 | 000,103,296 | ---- | C] (Matrox Graphics Inc) -- D:\WINDOWS\System32\dllcache\mtxvideo.sys
[2010/10/19 11:42:43 | 000,049,024 | ---- | C] (Microsoft Corporation) -- D:\WINDOWS\System32\dllcache\mstape.sys
[2010/10/19 11:42:40 | 000,012,416 | ---- | C] (Microsoft Corporation) -- D:\WINDOWS\System32\dllcache\msriffwv.sys
[2010/10/19 11:42:34 | 000,002,944 | ---- | C] (Microsoft Corporation) -- D:\WINDOWS\System32\dllcache\msmpu401.sys
[2010/10/19 11:42:33 | 000,022,016 | ---- | C] (Microsoft Corporation) -- D:\WINDOWS\System32\dllcache\msircomm.sys
[2010/10/19 11:42:24 | 000,035,200 | ---- | C] (Microsoft Corporation) -- D:\WINDOWS\System32\dllcache\msgame.sys
[2010/10/19 11:42:23 | 000,006,016 | ---- | C] (Microsoft Corporation) -- D:\WINDOWS\System32\dllcache\msfsio.sys
[2010/10/19 11:42:21 | 000,051,200 | ---- | C] (Microsoft Corporation) -- D:\WINDOWS\System32\dllcache\msdv.sys
[2010/10/19 11:42:15 | 000,017,280 | ---- | C] (American Megatrends Inc.) -- D:\WINDOWS\System32\dllcache\mraid35x.sys
[2010/10/19 11:42:08 | 000,015,232 | ---- | C] (Microsoft Corporation) -- D:\WINDOWS\System32\dllcache\mpe.sys
[2010/10/19 11:42:04 | 000,016,128 | ---- | C] (Microsoft Corporation) -- D:\WINDOWS\System32\dllcache\modemcsa.sys
[2010/10/19 11:41:59 | 000,006,528 | ---- | C] (Microsoft Corporation) -- D:\WINDOWS\System32\dllcache\miniqic.sys
[2010/10/19 11:41:56 | 000,320,384 | ---- | C] (Matrox Graphics Inc.) -- D:\WINDOWS\System32\dllcache\mgaum.sys
[2010/10/19 11:41:55 | 000,235,648 | ---- | C] (Matrox Graphics Inc.) -- D:\WINDOWS\System32\dllcache\mgaud.dll
[2010/10/19 11:41:53 | 000,047,616 | ---- | C] (Microsoft Corporation) -- D:\WINDOWS\System32\dllcache\memgrp.dll
[2010/10/19 11:41:53 | 000,026,112 | ---- | C] (Sony Corporation) -- D:\WINDOWS\System32\dllcache\memstpci.sys
[2010/10/19 11:41:52 | 000,008,320 | ---- | C] (Microsoft Corporation) -- D:\WINDOWS\System32\dllcache\memcard.sys
[2010/10/19 11:41:49 | 000,164,586 | ---- | C] (Madge Networks Ltd) -- D:\WINDOWS\System32\dllcache\mdgndis5.sys
[2010/10/19 11:41:46 | 000,007,424 | ---- | C] (Microsoft Corporation) -- D:\WINDOWS\System32\dllcache\mammoth.sys
[2010/10/19 11:41:44 | 000,058,880 | ---- | C] (Microsoft Corporation) -- D:\WINDOWS\System32\dllcache\m3092dc.dll
[2010/10/19 11:41:44 | 000,048,768 | ---- | C] (ESS Technology, Inc.) -- D:\WINDOWS\System32\dllcache\maestro.sys
[2010/10/19 11:41:43 | 000,058,368 | ---- | C] (Microsoft Corporation) -- D:\WINDOWS\System32\dllcache\m3091dc.dll
[2010/10/19 11:41:42 | 000,022,848 | ---- | C] (Logitech Inc.) -- D:\WINDOWS\System32\dllcache\lwusbhid.sys
[2010/10/19 11:41:41 | 000,020,864 | ---- | C] (Logitech Inc.) -- D:\WINDOWS\System32\dllcache\lwadihid.sys
[2010/10/19 11:41:40 | 000,797,500 | ---- | C] (LT) -- D:\WINDOWS\System32\dllcache\ltsmt.sys
[2010/10/19 11:41:39 | 000,802,683 | ---- | C] (Lucent Technologies) -- D:\WINDOWS\System32\dllcache\ltsm.sys
[2010/10/19 11:41:38 | 000,420,992 | ---- | C] (LT) -- D:\WINDOWS\System32\dllcache\ltmdmntt.sys
[2010/10/19 11:41:38 | 000,007,040 | ---- | C] (Microsoft Corporation) -- D:\WINDOWS\System32\dllcache\ltotape.sys
[2010/10/19 11:41:37 | 000,576,746 | ---- | C] (LT) -- D:\WINDOWS\System32\dllcache\ltmdmntl.sys
[2010/10/19 11:41:36 | 000,606,684 | ---- | C] (LT) -- D:\WINDOWS\System32\dllcache\ltmdmnt.sys
[2010/10/19 11:41:35 | 000,727,786 | ---- | C] (Xircom, Inc.) -- D:\WINDOWS\System32\dllcache\ltck000c.sys
[2010/10/19 11:41:33 | 000,004,992 | ---- | C] (Microsoft Corporation) -- D:\WINDOWS\System32\dllcache\loop.sys
[2010/10/19 11:41:28 | 000,070,730 | ---- | C] (Linksys Group, Inc.) -- D:\WINDOWS\System32\dllcache\lne100tx.sys
[2010/10/19 11:41:28 | 000,020,573 | ---- | C] (The Linksts Group ) -- D:\WINDOWS\System32\dllcache\lne100.sys
[2010/10/19 11:41:27 | 000,025,065 | ---- | C] (D-Link) -- D:\WINDOWS\System32\dllcache\lmndis3.sys
[2010/10/19 11:41:26 | 000,015,744 | ---- | C] (Litronic Industries) -- D:\WINDOWS\System32\dllcache\lit220p.sys
[2010/10/19 11:41:24 | 000,034,688 | ---- | C] (Toshiba Corp.) -- D:\WINDOWS\System32\dllcache\lbrtfdc.sys
[2010/10/19 11:41:24 | 000,026,442 | ---- | C] (SMSC) -- D:\WINDOWS\System32\dllcache\lanepic5.sys
[2010/10/19 11:41:23 | 000,019,016 | ---- | C] (Kingston Technology Company ) -- D:\WINDOWS\System32\dllcache\ktc111.sys
[2010/10/19 11:41:20 | 000,037,376 | ---- | C] (Microsoft Corporation) -- D:\WINDOWS\System32\dllcache\kousd.dll
[2010/10/19 11:41:17 | 000,253,952 | ---- | C] (Microsoft Corporation) -- D:\WINDOWS\System32\dllcache\kdsusd.dll
[2010/10/19 11:41:16 | 000,048,640 | ---- | C] (Microsoft Corporation) -- D:\WINDOWS\System32\dllcache\kdsui.dll
[2010/10/19 11:41:02 | 000,008,192 | ---- | C] (Microsoft Corporation) -- D:\WINDOWS\System32\dllcache\kbdkor.dll
[2010/10/19 11:41:01 | 000,008,704 | ---- | C] (Microsoft Corporation) -- D:\WINDOWS\System32\dllcache\kbdjpn.dll
[2010/10/19 11:40:55 | 000,014,592 | ---- | C] (Microsoft Corporation) -- D:\WINDOWS\System32\dllcache\kbdhid.sys
[2010/10/19 11:40:44 | 000,006,144 | ---- | C] (Microsoft Corporation) -- D:\WINDOWS\System32\dllcache\kbd106.dll
[2010/10/19 11:40:43 | 000,006,144 | ---- | C] (Microsoft Corporation) -- D:\WINDOWS\System32\dllcache\kbd101c.dll
[2010/10/19 11:40:43 | 000,005,632 | ---- | C] (Microsoft Corporation) -- D:\WINDOWS\System32\dllcache\kbd103.dll
[2010/10/19 11:40:42 | 000,006,144 | ---- | C] (Microsoft Corporation) -- D:\WINDOWS\System32\dllcache\kbd101b.dll
[2010/10/19 11:40:37 | 000,026,624 | ---- | C] (SigmaTel, Inc.) -- D:\WINDOWS\System32\dllcache\irstusb.sys
[2010/10/19 11:40:36 | 000,028,160 | ---- | C] (Microsoft Corporation) -- D:\WINDOWS\System32\dllcache\irmon.dll
[2010/10/19 11:40:36 | 000,018,688 | ---- | C] (Microsoft Corporation) -- D:\WINDOWS\System32\dllcache\irsir.sys
[2010/10/19 11:40:35 | 000,023,552 | ---- | C] (MKNet Corporation) -- D:\WINDOWS\System32\dllcache\irmk7.sys
[2010/10/19 11:40:34 | 000,151,552 | ---- | C] (Microsoft Corporation) -- D:\WINDOWS\System32\dllcache\irftp.exe
[2010/10/19 11:40:34 | 000,088,192 | ---- | C] (Microsoft Corporation) -- D:\WINDOWS\System32\dllcache\irda.sys
[2010/10/19 11:40:26 | 000,090,200 | ---- | C] (Perle Systems Ltd. ) -- D:\WINDOWS\System32\dllcache\io8ports.dll
[2010/10/19 11:40:26 | 000,045,632 | ---- | C] (Interphase ® Corporation a Windows ® 2000 DDK Driver Provider) -- D:\WINDOWS\System32\dllcache\ip5515.sys
[2010/10/19 11:40:25 | 000,038,784 | ---- | C] (Perle Systems Ltd. ) -- D:\WINDOWS\System32\dllcache\io8.sys
[2010/10/19 11:40:24 | 000,005,504 | ---- | C] (Microsoft Corporation) -- D:\WINDOWS\System32\dllcache\intelide.sys
[2010/10/19 11:40:23 | 000,016,000 | ---- | C] (Microsoft Corporation) -- D:\WINDOWS\System32\dllcache\ini910u.sys
[2010/10/19 11:40:23 | 000,013,056 | ---- | C] (Microsoft Corporation) -- D:\WINDOWS\System32\dllcache\inport.sys
[2010/10/19 11:39:50 | 000,372,824 | ---- | C] (Xircom) -- D:\WINDOWS\System32\dllcache\iconf32.dll
[2010/10/19 11:39:49 | 000,100,992 | ---- | C] (Microsoft Corporation) -- D:\WINDOWS\System32\dllcache\icam5usb.sys
[2010/10/19 11:39:48 | 000,045,056 | ---- | C] (Microsoft Corporation) -- D:\WINDOWS\System32\dllcache\icam5com.dll
[2010/10/19 11:39:48 | 000,020,480 | ---- | C] (Microsoft Corporation) -- D:\WINDOWS\System32\dllcache\icam5ext.dll
[2010/10/19 11:39:47 | 000,154,496 | ---- | C] (Microsoft Corporation) -- D:\WINDOWS\System32\dllcache\icam4usb.sys
[2010/10/19 11:39:47 | 000,061,952 | ---- | C] (Microsoft Corporation) -- D:\WINDOWS\System32\dllcache\icam4ext.dll
[2010/10/19 11:39:46 | 000,091,136 | ---- | C] (Microsoft Corporation) -- D:\WINDOWS\System32\dllcache\icam4com.dll
[2010/10/19 11:39:46 | 000,026,624 | ---- | C] (Microsoft Corporation) -- D:\WINDOWS\System32\dllcache\icam3ext.dll
[2010/10/19 11:39:45 | 000,141,056 | ---- | C] (Microsoft Corporation) -- D:\WINDOWS\System32\dllcache\icam3.sys
[2010/10/19 11:39:44 | 000,109,085 | ---- | C] (IBM Corporation) -- D:\WINDOWS\System32\dllcache\ibmtrp.sys
[2010/10/19 11:39:44 | 000,038,528 | ---- | C] (Microsoft Corporation) -- D:\WINDOWS\System32\dllcache\ibmvcap.sys
[2010/10/19 11:39:43 | 000,100,936 | ---- | C] (IBM Corporation) -- D:\WINDOWS\System32\dllcache\ibmtok.sys
[2010/10/19 11:39:43 | 000,009,216 | ---- | C] (IBM Corporation) -- D:\WINDOWS\System32\dllcache\ibmsgnet.dll
[2010/10/19 11:39:42 | 000,028,700 | ---- | C] (IBM Corp.) -- D:\WINDOWS\System32\dllcache\ibmexmp.sys
[2010/10/19 11:39:39 | 000,161,020 | ---- | C] (Intel® Corporation) -- D:\WINDOWS\System32\dllcache\i81xnt5.sys
[2010/10/19 11:39:38 | 000,702,845 | ---- | C] (Intel® Corporation) -- D:\WINDOWS\System32\dllcache\i81xdnt5.dll
[2010/10/19 11:39:38 | 000,058,592 | ---- | C] (Intel Corporation) -- D:\WINDOWS\System32\dllcache\i740nt5.sys
[2010/10/19 11:39:37 | 000,353,184 | ---- | C] (Intel Corporation) -- D:\WINDOWS\System32\dllcache\i740dnt5.dll
[2010/10/19 11:39:36 | 000,018,560 | ---- | C] (Microsoft Corporation) -- D:\WINDOWS\System32\dllcache\i2omp.sys
[2010/10/19 11:39:36 | 000,008,576 | ---- | C] (Microsoft Corporation) -- D:\WINDOWS\System32\dllcache\i2omgmt.sys
[2010/10/19 11:39:17 | 000,488,383 | ---- | C] (Conexant) -- D:\WINDOWS\System32\dllcache\hsf_v124.sys
[2010/10/19 11:39:16 | 000,073,279 | ---- | C] (Conexant) -- D:\WINDOWS\System32\dllcache\hsf_spkp.sys
[2010/10/19 11:39:16 | 000,050,751 | ---- | C] (Conexant) -- D:\WINDOWS\System32\dllcache\hsf_tone.sys
[2010/10/19 11:39:15 | 000,044,863 | ---- | C] (Conexant) -- D:\WINDOWS\System32\dllcache\hsf_soar.sys
[2010/10/19 11:39:14 | 000,542,879 | ---- | C] (Conexant) -- D:\WINDOWS\System32\dllcache\hsf_msft.sys
[2010/10/19 11:39:14 | 000,057,471 | ---- | C] (Conexant) -- D:\WINDOWS\System32\dllcache\hsf_samp.sys
[2010/10/19 11:39:13 | 000,391,199 | ---- | C] (Conexant) -- D:\WINDOWS\System32\dllcache\hsf_k56k.sys
[2010/10/19 11:39:13 | 000,009,759 | ---- | C] (Conexant) -- D:\WINDOWS\System32\dllcache\hsf_inst.dll
[2010/10/19 11:39:12 | 000,199,711 | ---- | C] (Conexant) -- D:\WINDOWS\System32\dllcache\hsf_faxx.sys
[2010/10/19 11:39:12 | 000,115,807 | ---- | C] (Conexant) -- D:\WINDOWS\System32\dllcache\hsf_fsks.sys
[2010/10/19 11:39:11 | 000,289,887 | ---- | C] (Conexant) -- D:\WINDOWS\System32\dllcache\hsf_fall.sys
[2010/10/19 11:39:11 | 000,067,167 | ---- | C] (Conexant) -- D:\WINDOWS\System32\dllcache\hsf_bsc2.sys
[2010/10/19 11:39:10 | 000,150,239 | ---- | C] (Conexant) -- D:\WINDOWS\System32\dllcache\hsf_amos.sys
[2010/10/19 11:39:09 | 000,019,456 | ---- | C] (Microsoft Corporation) -- D:\WINDOWS\System32\dllcache\hr1w.dll
[2010/10/19 11:39:08 | 000,013,312 | ---- | C] (Microsoft Corporation) -- D:\WINDOWS\System32\dllcache\hpsjmcro.dll
[2010/10/19 11:39:08 | 000,005,760 | ---- | C] (Microsoft Corporation) -- D:\WINDOWS\System32\dllcache\hpt4qic.sys
[2010/10/19 11:39:07 | 000,324,608 | ---- | C] (Microsoft Corporation) -- D:\WINDOWS\System32\dllcache\hpojwia.dll
[2010/10/19 11:39:07 | 000,025,952 | ---- | C] (Microsoft Corporation) -- D:\WINDOWS\System32\dllcache\hpn.sys
[2010/10/19 11:39:06 | 000,068,608 | ---- | C] (Avisioin) -- D:\WINDOWS\System32\dllcache\hpgt53tk.dll
[2010/10/19 11:39:06 | 000,032,768 | ---- | C] (Microsoft Corporation) -- D:\WINDOWS\System32\dllcache\hpgtmcro.dll
[2010/10/19 11:39:05 | 000,031,232 | ---- | C] (Microsoft Corporation) -- D:\WINDOWS\System32\dllcache\hpgt42tk.dll
[2010/10/19 11:39:04 | 000,126,976 | ---- | C] (Hewlett Packard) -- D:\WINDOWS\System32\dllcache\hpgt34tk.dll
[2010/10/19 11:39:03 | 000,048,128 | ---- | C] (Microsoft Corporation) -- D:\WINDOWS\System32\dllcache\hpgt33tk.dll
[2010/10/19 11:39:02 | 000,123,392 | ---- | C] (Microsoft Corporation) -- D:\WINDOWS\System32\dllcache\hpgt21tk.dll
[2010/10/19 11:39:01 | 000,119,296 | ---- | C] (Microsoft Corporation) -- D:\WINDOWS\System32\dllcache\hpdigwia.dll
[2010/10/19 11:38:58 | 000,021,504 | ---- | C] (Microsoft Corporation) -- D:\WINDOWS\System32\dllcache\hidserv.dll
[2010/10/19 11:38:58 | 000,002,688 | ---- | C] (Microsoft Corporation) -- D:\WINDOWS\System32\dllcache\hidswvd.sys
[2010/10/19 11:38:57 | 000,008,576 | ---- | C] (Microsoft Corporation) -- D:\WINDOWS\System32\dllcache\hidgame.sys
[2010/10/19 11:38:56 | 000,020,352 | ---- | C] (Microsoft Corporation) -- D:\WINDOWS\System32\dllcache\hidbatt.sys
[2010/10/19 11:38:53 | 000,907,456 | ---- | C] (Conexant) -- D:\WINDOWS\System32\dllcache\hcf_msft.sys
[2010/10/19 11:38:50 | 000,028,288 | ---- | C] (Gemplus) -- D:\WINDOWS\System32\dllcache\grserial.sys
[2010/10/19 11:38:49 | 000,082,304 | ---- | C] (Gemplus) -- D:\WINDOWS\System32\dllcache\grclass.sys
[2010/10/19 11:38:48 | 000,017,408 | ---- | C] (Gemplus) -- D:\WINDOWS\System32\dllcache\gpr400.sys
[2010/10/19 11:38:45 | 000,059,136 | ---- | C] (Microsoft Corporation) -- D:\WINDOWS\System32\dllcache\gckernel.sys
[2010/10/19 11:38:44 | 000,010,624 | ---- | C] (Microsoft Corporation) -- D:\WINDOWS\System32\dllcache\gameenum.sys
[2010/10/19 11:38:43 | 000,322,432 | ---- | C] (Matrox Graphics Inc.) -- D:\WINDOWS\System32\dllcache\g400m.sys
[2010/10/19 11:38:42 | 001,733,120 | ---- | C] (Matrox Graphics Inc.) -- D:\WINDOWS\System32\dllcache\g400d.dll
[2010/10/19 11:38:42 | 000,320,384 | ---- | C] (Matrox Graphics Inc.) -- D:\WINDOWS\System32\dllcache\g200m.sys
[2010/10/19 11:38:41 | 000,470,144 | ---- | C] (Matrox Graphics Inc.) -- D:\WINDOWS\System32\dllcache\g200d.dll
[2010/10/19 11:38:40 | 000,454,912 | ---- | C] (AVM GmbH) -- D:\WINDOWS\System32\dllcache\fxusbase.sys
[2010/10/19 11:38:31 | 000,092,160 | ---- | C] (Microsoft Corporation) -- D:\WINDOWS\System32\dllcache\fuusd.dll
[2010/10/19 11:38:30 | 000,455,296 | ---- | C] (AVM GmbH) -- D:\WINDOWS\System32\dllcache\fusbbase.sys
[2010/10/19 11:38:29 | 000,455,680 | ---- | C] (AVM GmbH) -- D:\WINDOWS\System32\dllcache\fus2base.sys
[2010/10/19 11:38:24 | 000,442,240 | ---- | C] (AVM GmbH) -- D:\WINDOWS\System32\dllcache\fpnpbase.sys
[2010/10/19 11:38:23 | 000,441,728 | ---- | C] (AVM GmbH) -- D:\WINDOWS\System32\dllcache\fpcmbase.sys
[2010/10/19 11:38:22 | 000,444,416 | ---- | C] (AVM GmbH) -- D:\WINDOWS\System32\dllcache\fpcibase.sys
[2010/10/19 11:38:21 | 000,034,173 | ---- | C] (Marconi Communications, Inc.) -- D:\WINDOWS\System32\dllcache\forehe.sys
[2010/10/19 11:38:19 | 000,071,680 | ---- | C] (Microsoft Corporation) -- D:\WINDOWS\System32\dllcache\fnfilter.dll
[2010/10/19 11:38:15 | 000,022,090 | ---- | C] (3Com Corporation) -- D:\WINDOWS\System32\dllcache\fem556n5.sys
[2010/10/19 11:38:13 | 000,024,618 | ---- | C] (NETGEAR) -- D:\WINDOWS\System32\dllcache\fa410nd5.sys
[2010/10/19 11:38:12 | 000,016,074 | ---- | C] (NETGEAR Corp.) -- D:\WINDOWS\System32\dllcache\fa312nd5.sys
[2010/10/19 11:38:11 | 000,011,850 | ---- | C] (FUJITSU LIMITED) -- D:\WINDOWS\System32\dllcache\f3ab18xj.sys
[2010/10/19 11:38:10 | 000,012,362 | ---- | C] (FUJITSU LIMITED) -- D:\WINDOWS\System32\dllcache\f3ab18xi.sys
[2010/10/19 11:38:08 | 000,016,998 | ---- | C] (Intel Corporation) -- D:\WINDOWS\System32\dllcache\ex10.sys
[2010/10/19 11:38:08 | 000,007,040 | ---- | C] (Microsoft Corporation) -- D:\WINDOWS\System32\dllcache\exabyte2.sys
[2010/10/19 11:38:04 | 000,045,568 | ---- | C] (SEIKO EPSON CORP.) -- D:\WINDOWS\System32\dllcache\esunib.dll
[2010/10/19 11:38:04 | 000,045,568 | ---- | C] (SEIKO EPSON CORP.) -- D:\WINDOWS\System32\dllcache\esuni.dll
[2010/10/19 11:38:03 | 000,034,816 | ---- | C] (SEIKO EPSON CORP.) -- D:\WINDOWS\System32\dllcache\esuimg.dll
[2010/10/19 11:38:01 | 000,137,088 | ---- | C] (ESS Technology, Inc.) -- D:\WINDOWS\System32\dllcache\essm2e.sys
[2010/10/19 11:38:01 | 000,043,008 | ---- | C] (SEIKO EPSON CORP.) -- D:\WINDOWS\System32\dllcache\esucm.dll
[2010/10/19 11:38:00 | 000,063,360 | ---- | C] (ESS Technology, Inc.) -- D:\WINDOWS\System32\dllcache\ess.sys
[2010/10/19 11:37:58 | 000,347,550 | ---- | C] (ESS Technology, Inc.) -- D:\WINDOWS\System32\dllcache\es56tpi.sys
[2010/10/19 11:37:57 | 000,594,238 | ---- | C] (ESS Technology, Inc.) -- D:\WINDOWS\System32\dllcache\es56hpi.sys
[2010/10/19 11:37:56 | 000,595,647 | ---- | C] (ESS Technology, Inc.) -- D:\WINDOWS\System32\dllcache\es56cvmp.sys
[2010/10/19 11:37:56 | 000,174,464 | ---- | C] (ESS Technology, Inc.) -- D:\WINDOWS\System32\dllcache\es198x.sys
[2010/10/19 11:37:55 | 000,072,192 | ---- | C] (ESS Technology Inc.) -- D:\WINDOWS\System32\dllcache\es1969.sys
[2010/10/19 11:37:55 | 000,040,704 | ---- | C] (Creative Technology Ltd.) -- D:\WINDOWS\System32\dllcache\es1371mp.sys
[2010/10/19 11:37:54 | 000,037,120 | ---- | C] (Creative Technology Ltd.) -- D:\WINDOWS\System32\dllcache\es1370mp.sys
[2010/10/19 11:37:53 | 000,061,952 | ---- | C] (Equinox Systems Inc.) -- D:\WINDOWS\System32\dllcache\eqnloop.exe
[2010/10/19 11:37:53 | 000,051,200 | ---- | C] (Equinox Systems Inc.) -- D:\WINDOWS\System32\dllcache\eqnlogr.exe
[2010/10/19 11:37:52 | 000,053,248 | ---- | C] (Equinox Systems Inc.) -- D:\WINDOWS\System32\dllcache\eqndiag.exe
[2010/10/19 11:37:51 | 000,629,952 | ---- | C] (Equinox Systems Inc.) -- D:\WINDOWS\System32\dllcache\eqn.sys
[2010/10/19 11:37:51 | 000,114,944 | ---- | C] (Microsoft Corporation) -- D:\WINDOWS\System32\dllcache\epstw2k.sys
[2010/10/19 11:37:50 | 000,144,896 | ---- | C] (Microsoft Corporation) -- D:\WINDOWS\System32\dllcache\epcfw2k.sys
[2010/10/19 11:37:50 | 000,018,503 | ---- | C] (Intel Corporation) -- D:\WINDOWS\System32\dllcache\epro4.sys
[2010/10/19 11:37:49 | 000,006,400 | ---- | C] (Microsoft Corporation) -- D:\WINDOWS\System32\dllcache\enum1394.sys
[2010/10/19 11:37:48 | 000,283,904 | ---- | C] (Creative Technology Ltd.) -- D:\WINDOWS\System32\dllcache\emu10k1m.sys
[2010/10/19 11:37:47 | 000,019,996 | ---- | C] (3Com Corporation) -- D:\WINDOWS\System32\dllcache\em556n4.sys
[2010/10/19 11:37:46 | 000,025,159 | ---- | C] (3Com Corporation) -- D:\WINDOWS\System32\dllcache\elnk3.sys
[2010/10/19 11:37:45 | 000,171,520 | ---- | C] (3Com Corporation) -- D:\WINDOWS\System32\dllcache\el99xn51.sys
[2010/10/19 11:37:45 | 000,007,296 | ---- | C] (Microsoft Corporation) -- D:\WINDOWS\System32\dllcache\elmsmc.sys
[2010/10/19 11:37:44 | 000,455,199 | ---- | C] (3Com Corporation.) -- D:\WINDOWS\System32\dllcache\el985n51.sys
[2010/10/19 11:37:44 | 000,070,174 | ---- | C] (3Com Corporation) -- D:\WINDOWS\System32\dllcache\el98xn5.sys
[2010/10/19 11:37:43 | 000,153,631 | ---- | C] (3Com Corporation) -- D:\WINDOWS\System32\dllcache\el90xnd5.sys
[2010/10/19 11:37:43 | 000,066,591 | ---- | C] (3Com Corporation) -- D:\WINDOWS\System32\dllcache\el90xbc5.sys
[2010/10/19 11:37:42 | 000,241,206 | ---- | C] (3Com Corporation) -- D:\WINDOWS\System32\dllcache\el656se5.sys
[2010/10/19 11:37:41 | 000,077,386 | ---- | C] (3Com Corporation) -- D:\WINDOWS\System32\dllcache\el656nd5.sys
[2010/10/19 11:37:40 | 000,634,134 | ---- | C] (3Com Corporation) -- D:\WINDOWS\System32\dllcache\el656ct5.sys
[2010/10/19 11:37:40 | 000,069,194 | ---- | C] (3Com Corporation) -- D:\WINDOWS\System32\dllcache\el656cd5.sys
[2010/10/19 11:37:39 | 000,026,141 | ---- | C] (3Com Corporation) -- D:\WINDOWS\System32\dllcache\el589nd5.sys
[2010/10/19 11:37:38 | 000,069,692 | ---- | C] (3Com Corporation) -- D:\WINDOWS\System32\dllcache\el575nd5.sys
[2010/10/19 11:37:38 | 000,024,653 | ---- | C] (3Com Corporation) -- D:\WINDOWS\System32\dllcache\el574nd4.sys
[2010/10/19 11:37:37 | 000,055,999 | ---- | C] (3Com Corporation) -- D:\WINDOWS\System32\dllcache\el556nd5.sys
[2010/10/19 11:37:36 | 000,044,103 | ---- | C] (3Com Corporation) -- D:\WINDOWS\System32\dllcache\el515.sys
[2010/10/19 11:37:30 | 000,117,760 | ---- | C] (Intel Corporation) -- D:\WINDOWS\System32\dllcache\e100b325.sys
[2010/10/19 11:37:30 | 000,019,594 | ---- | C] (Intel Corporation) -- D:\WINDOWS\System32\dllcache\e100isa4.sys
[2010/10/19 11:37:29 | 000,050,719 | ---- | C] (Intel Corporation) -- D:\WINDOWS\System32\dllcache\e1000nt5.sys
[2010/10/19 11:37:23 | 000,020,992 | ---- | C] (Microsoft Corporation) -- D:\WINDOWS\System32\dllcache\dshowext.ax
[2010/10/19 11:37:22 | 000,334,208 | ---- | C] (Yamaha Corp.) -- D:\WINDOWS\System32\dllcache\ds1wdm.sys
[2010/10/19 11:37:19 | 000,020,192 | ---- | C] (Microsoft Corporation) -- D:\WINDOWS\System32\dllcache\dpti2o.sys
[2010/10/19 11:37:17 | 000,028,062 | ---- | C] (National Semiconductor Coproration) -- D:\WINDOWS\System32\dllcache\dp83820.sys
[2010/10/19 11:37:16 | 000,023,808 | ---- | C] (Microsoft Corporation) -- D:\WINDOWS\System32\dllcache\dot4usb.sys
[2010/10/19 11:37:16 | 000,008,704 | ---- | C] (Microsoft Corporation) -- D:\WINDOWS\System32\dllcache\dot4scan.sys
[2010/10/19 11:37:15 | 000,012,928 | ---- | C] (Microsoft Corporation) -- D:\WINDOWS\System32\dllcache\dot4prt.sys
[2010/10/19 11:37:14 | 000,206,976 | ---- | C] (Microsoft Corporation) -- D:\WINDOWS\System32\dllcache\dot4.sys
[2010/10/19 11:37:08 | 000,029,696 | ---- | C] (CNet Technology, Inc. ) -- D:\WINDOWS\System32\dllcache\dm9pci5.sys
[2010/10/19 11:37:07 | 000,026,698 | ---- | C] (D-Link Corporation) -- D:\WINDOWS\System32\dllcache\dlh5xnd5.sys
[2010/10/19 11:37:07 | 000,008,320 | ---- | C] (Microsoft Corporation) -- D:\WINDOWS\System32\dllcache\dlttape.sys
[2010/10/19 11:37:06 | 000,952,007 | ---- | C] (Eicon Technology) -- D:\WINDOWS\System32\dllcache\diwan.sys
[2010/10/19 11:37:04 | 000,236,060 | ---- | C] (Eicon Technology) -- D:\WINDOWS\System32\dllcache\ditrace.exe
[2010/10/19 11:37:03 | 000,038,985 | ---- | C] (Eicon Technology) -- D:\WINDOWS\System32\dllcache\disrvsu.dll
[2010/10/19 11:37:03 | 000,031,305 | ---- | C] (Eicon Technology) -- D:\WINDOWS\System32\dllcache\disrvpp.dll
[2010/10/19 11:37:02 | 000,006,729 | ---- | C] (Eicon Technology) -- D:\WINDOWS\System32\dllcache\disrvci.dll
[2010/10/19 11:37:00 | 000,091,305 | ---- | C] (Eicon Technology) -- D:\WINDOWS\System32\dllcache\dimaint.sys
[2010/10/19 11:36:59 | 000,614,429 | ---- | C] (Digi International Inc.) -- D:\WINDOWS\System32\dllcache\digiview.exe
[2010/10/19 11:36:59 | 000,042,432 | ---- | C] (Digi International, Inc.) -- D:\WINDOWS\System32\dllcache\digirlpt.sys
[2010/10/19 11:36:58 | 000,110,621 | ---- | C] (Digi International, Inc.) -- D:\WINDOWS\System32\dllcache\digirlpt.dll
[2010/10/19 11:36:58 | 000,021,606 | ---- | C] (Digi International Inc.) -- D:\WINDOWS\System32\dllcache\digiisdn.sys
[2010/10/19 11:36:57 | 000,102,484 | ---- | C] (Digi International Inc.) -- D:\WINDOWS\System32\dllcache\digiinf.dll
[2010/10/19 11:36:57 | 000,041,046 | ---- | C] (Digi International Inc.) -- D:\WINDOWS\System32\dllcache\digiisdn.dll
[2010/10/19 11:36:56 | 000,159,828 | ---- | C] (Digi International Inc.) -- D:\WINDOWS\System32\dllcache\digihlc.dll
[2010/10/19 11:36:55 | 000,229,462 | ---- | C] (Digi International Inc.) -- D:\WINDOWS\System32\dllcache\digifwrk.dll
[2010/10/19 11:36:55 | 000,090,525 | ---- | C] (Digi International Inc.) -- D:\WINDOWS\System32\dllcache\digifep5.sys
[2010/10/19 11:36:54 | 000,131,156 | ---- | C] (Digi International Inc.) -- D:\WINDOWS\System32\dllcache\digidbp.dll
[2010/10/19 11:36:54 | 000,103,044 | ---- | C] (Digi International Inc.) -- D:\WINDOWS\System32\dllcache\digidxb.sys
[2010/10/19 11:36:53 | 000,037,735 | ---- | C] (Digi International Inc.) -- D:\WINDOWS\System32\dllcache\digiasyn.sys
[2010/10/19 11:36:52 | 000,065,622 | ---- | C] (Digi International Inc.) -- D:\WINDOWS\System32\dllcache\digiasyn.dll
[2010/10/19 11:36:50 | 000,419,357 | ---- | C] (Digi International) -- D:\WINDOWS\System32\dllcache\dgconfig.dll
[2010/10/19 11:36:49 | 000,029,531 | ---- | C] (Digi International Inc.) -- D:\WINDOWS\System32\dllcache\dgapci.sys
[2010/10/19 11:36:48 | 000,024,649 | ---- | C] (D-Link) -- D:\WINDOWS\System32\dllcache\dfe650d.sys
[2010/10/19 11:36:47 | 000,024,648 | ---- | C] (D-Link) -- D:\WINDOWS\System32\dllcache\dfe650.sys
[2010/10/19 11:36:46 | 000,256,512 | ---- | C] (Creative Technology Ltd.) -- D:\WINDOWS\System32\dllcache\devcon32.dll
[2010/10/19 11:36:46 | 000,024,064 | ---- | C] (Creative Technology Ltd.) -- D:\WINDOWS\System32\dllcache\devldr32.exe
[2010/10/19 11:36:44 | 000,020,928 | ---- | C] (Digital Networks, LLC) -- D:\WINDOWS\System32\dllcache\defpa.sys
[2010/10/19 11:36:43 | 000,007,424 | ---- | C] (Microsoft Corporation) -- D:\WINDOWS\System32\dllcache\ddsmc.sys
[2010/10/19 11:36:42 | 000,110,592 | ---- | C] (Microsoft Corporation) -- D:\WINDOWS\System32\dllcache\dc260usd.dll
[2010/10/19 11:36:41 | 000,086,016 | ---- | C] (Microsoft Corporation) -- D:\WINDOWS\System32\dllcache\dc240usd.dll
[2010/10/19 11:36:41 | 000,063,208 | ---- | C] (Intel Corporation.) -- D:\WINDOWS\System32\dllcache\dc21x4.sys
[2010/10/19 11:36:40 | 000,080,896 | ---- | C] (Microsoft Corporation) -- D:\WINDOWS\System32\dllcache\dc210usd.dll
[2010/10/19 11:36:39 | 000,025,600 | ---- | C] (Microsoft Corporation) -- D:\WINDOWS\System32\dllcache\dc210_32.dll
[2010/10/19 11:36:37 | 000,014,720 | ---- | C] (Microsoft Corporation) -- D:\WINDOWS\System32\dllcache\dac960nt.sys
[2010/10/19 11:36:36 | 000,179,584 | ---- | C] (Mylex Corporation) -- D:\WINDOWS\System32\dllcache\dac2w2k.sys
[2010/10/19 11:36:33 | 000,117,760 | ---- | C] (Intel Corporation) -- D:\WINDOWS\System32\dllcache\d100ib5.sys
[2010/10/19 11:36:33 | 000,027,648 | ---- | C] (Microsoft Corporation) -- D:\WINDOWS\System32\dllcache\cyzports.dll
[2010/10/19 11:36:32 | 000,049,792 | ---- | C] (Microsoft Corporation) -- D:\WINDOWS\System32\dllcache\cyzport.sys
[2010/10/19 11:36:32 | 000,027,136 | ---- | C] (Microsoft Corporation) -- D:\WINDOWS\System32\dllcache\cyzcoins.dll
[2010/10/19 11:36:31 | 000,027,648 | ---- | C] (Microsoft Corporation) -- D:\WINDOWS\System32\dllcache\cyyports.dll
[2010/10/19 11:36:30 | 000,050,176 | ---- | C] (Microsoft Corporation) -- D:\WINDOWS\System32\dllcache\cyyport.sys
[2010/10/19 11:36:30 | 000,028,672 | ---- | C] (Microsoft Corporation) -- D:\WINDOWS\System32\dllcache\cyycoins.dll
[2010/10/19 11:36:29 | 000,014,848 | ---- | C] (Microsoft Corporation) -- D:\WINDOWS\System32\dllcache\cyclom-y.sys
[2010/10/19 11:36:28 | 000,048,640 | ---- | C] (Crystal Semiconductor Corp.) -- D:\WINDOWS\System32\dllcache\cwrwdm.sys
[2010/10/19 11:36:28 | 000,017,152 | ---- | C] (Microsoft Corporation) -- D:\WINDOWS\System32\dllcache\cyclad-z.sys
[2010/10/19 11:36:27 | 000,111,872 | ---- | C] (Crystal Semiconductor Corp.) -- D:\WINDOWS\System32\dllcache\cwcspud.sys
[2010/10/19 11:36:27 | 000,093,952 | ---- | C] (Crystal Semiconductor Corp.) -- D:\WINDOWS\System32\dllcache\cwcwdm.sys
[2010/10/19 11:36:26 | 000,072,832 | ---- | C] (Crystal Semiconductor Corp.) -- D:\WINDOWS\System32\dllcache\cwbwdm.sys
[2010/10/19 11:36:26 | 000,003,584 | ---- | C] (Crystal Semiconductor Corp.) -- D:\WINDOWS\System32\dllcache\cwcosnt5.sys
[2010/10/19 11:36:25 | 000,003,072 | ---- | C] (Crystal Semiconductor Corp.) -- D:\WINDOWS\System32\dllcache\cwbmidi.sys
[2010/10/19 11:36:24 | 000,003,072 | ---- | C] (Crystal Semiconductor Corp.) -- D:\WINDOWS\System32\dllcache\cwbase.sys
[2010/10/19 11:36:23 | 000,249,856 | ---- | C] (Comtrol® Corporation) -- D:\WINDOWS\System32\dllcache\ctmasetp.dll
[2010/10/19 11:36:23 | 000,004,096 | ---- | C] (Creative Technology Ltd.) -- D:\WINDOWS\System32\dllcache\ctwdm32.dll
[2010/10/19 11:36:22 | 000,096,256 | ---- | C] (Copyright © Creative Technology Ltd. 1994-2001) -- D:\WINDOWS\System32\dllcache\ctlsb16.sys
[2010/10/19 11:36:21 | 000,006,912 | ---- | C] (Creative Technology Ltd.) -- D:\WINDOWS\System32\dllcache\ctlfacem.sys
[2010/10/19 11:36:21 | 000,003,712 | ---- | C] (Creative Technology Ltd.) -- D:\WINDOWS\System32\dllcache\ctljystk.sys
[2010/10/19 11:36:19 | 000,175,104 | ---- | C] (Microsoft Corporation) -- D:\WINDOWS\System32\dllcache\csamsp.dll
[2010/10/19 11:36:18 | 000,042,112 | ---- | C] (Conexant Systems Inc.) -- D:\WINDOWS\System32\dllcache\crtaud.sys
[2010/10/19 11:36:17 | 000,216,064 | ---- | C] (COMPAQ Inc.) -- D:\WINDOWS\System32\dllcache\cpscan.dll
[2010/10/19 11:36:15 | 000,060,970 | ---- | C] (Compaq Computer Corp.) -- D:\WINDOWS\System32\dllcache\cpqtrnd5.sys
[2010/10/19 11:36:15 | 000,021,533 | ---- | C] (Compaq Computer Corporation) -- D:\WINDOWS\System32\dllcache\cpqndis5.sys
[2010/10/19 11:36:14 | 000,014,976 | ---- | C] (Microsoft Corporation) -- D:\WINDOWS\System32\dllcache\cpqarray.sys
[2010/10/19 11:36:07 | 000,010,240 | ---- | C] (Microsoft Corporation) -- D:\WINDOWS\System32\dllcache\compbatt.sys
[2010/10/19 11:36:05 | 000,044,032 | ---- | C] (Microsoft Corporation) -- D:\WINDOWS\System32\dllcache\cnusd.dll
[2010/10/19 11:36:05 | 000,039,936 | ---- | C] (Conexant Systems, Inc.) -- D:\WINDOWS\System32\dllcache\cnxt1803.sys
[2010/10/19 11:36:02 | 000,006,656 | ---- | C] (CMD Technology, Inc.) -- D:\WINDOWS\System32\dllcache\cmdide.sys
[2010/10/19 11:36:01 | 000,020,736 | ---- | C] (OMNIKEY AG) -- D:\WINDOWS\System32\dllcache\cmbp0wdm.sys
[2010/10/19 11:36:00 | 000,013,952 | ---- | C] (Microsoft Corporation) -- D:\WINDOWS\System32\dllcache\cmbatt.sys
[2010/10/19 11:35:59 | 000,248,064 | ---- | C] (Microsoft Corporation) -- D:\WINDOWS\System32\dllcache\cl546xm.sys
[2010/10/19 11:35:58 | 000,170,880 | ---- | C] (Microsoft Corporation) -- D:\WINDOWS\System32\dllcache\cl546x.dll
[2010/10/19 11:35:57 | 000,111,232 | ---- | C] (Microsoft Corporation) -- D:\WINDOWS\System32\dllcache\cl5465.dll
[2010/10/19 11:35:57 | 000,045,696 | ---- | C] (Microsoft Corporation) -- D:\WINDOWS\System32\dllcache\cirrus.sys
[2010/10/19 11:35:56 | 000,091,264 | ---- | C] (Microsoft Corporation) -- D:\WINDOWS\System32\dllcache\cirrus.dll
[2010/10/19 11:35:53 | 000,272,640 | ---- | C] (RAVISENT Technologies Inc.) -- D:\WINDOWS\System32\dllcache\cinemclc.sys
[2010/10/19 11:35:52 | 000,980,034 | ---- | C] (Xircom) -- D:\WINDOWS\System32\dllcache\cicap.sys
[2010/10/19 11:35:44 | 000,008,192 | ---- | C] (Microsoft Corporation) -- D:\WINDOWS\System32\dllcache\changer.sys
[2010/10/19 11:35:41 | 000,049,182 | ---- | C] (Xircom, Inc.) -- D:\WINDOWS\System32\dllcache\cem56n5.sys
[2010/10/19 11:35:41 | 000,022,044 | ---- | C] (Xircom, Inc.) -- D:\WINDOWS\System32\dllcache\cem33n5.sys
[2010/10/19 11:35:40 | 000,022,044 | ---- | C] (Xircom, Inc.) -- D:\WINDOWS\System32\dllcache\cem28n5.sys
[2010/10/19 11:35:39 | 000,027,164 | ---- | C] (Xircom, Inc.) -- D:\WINDOWS\System32\dllcache\ce3n5.sys
[2010/10/19 11:35:39 | 000,021,530 | ---- | C] (Xircom, Inc.) -- D:\WINDOWS\System32\dllcache\ce2n5.sys
[2010/10/19 11:35:37 | 000,007,680 | ---- | C] (Microsoft Corporation) -- D:\WINDOWS\System32\dllcache\cd20xrnt.sys
[2010/10/19 11:35:35 | 000,714,698 | ---- | C] (Xircom, Inc.) -- D:\WINDOWS\System32\dllcache\cbmdmkxx.sys
[2010/10/19 11:35:34 | 000,046,108 | ---- | C] (Xircom, Inc.) -- D:\WINDOWS\System32\dllcache\cben5.sys
[2010/10/19 11:35:34 | 000,039,680 | ---- | C] (Silicom Ltd.) -- D:\WINDOWS\System32\dllcache\cb325.sys
[2010/10/19 11:35:33 | 000,037,916 | ---- | C] (Fast Ethernet Controller Provider) -- D:\WINDOWS\System32\dllcache\cb102.sys
[2010/10/19 11:35:32 | 000,032,256 | ---- | C] (Eicon Technology Corporation) -- D:\WINDOWS\System32\dllcache\diapi2NT.dll
[2010/10/19 11:35:31 | 000,164,923 | ---- | C] (Eicon Technology) -- D:\WINDOWS\System32\dllcache\diapi2.sys
[2010/10/19 11:35:29 | 000,121,856 | ---- | C] (Microsoft Corporation) -- D:\WINDOWS\System32\dllcache\camext30.dll
[2010/10/19 11:35:28 | 000,236,032 | ---- | C] (Microsoft Corporation) -- D:\WINDOWS\System32\dllcache\camext20.dll
[2010/10/19 11:35:28 | 000,116,736 | ---- | C] (Microsoft Corporation) -- D:\WINDOWS\System32\dllcache\camext30.ax
[2010/10/19 11:35:27 | 000,244,224 | ---- | C] (Microsoft Corporation) -- D:\WINDOWS\System32\dllcache\camext20.ax
[2010/10/19 11:35:26 | 000,074,240 | ---- | C] (Microsoft Corporation) -- D:\WINDOWS\System32\dllcache\camexo20.dll
[2010/10/19 11:35:25 | 000,171,264 | ---- | C] (Microsoft Corporation) -- D:\WINDOWS\System32\dllcache\camdrv30.sys
[2010/10/19 11:35:25 | 000,073,216 | ---- | C] (Microsoft Corporation) -- D:\WINDOWS\System32\dllcache\camexo20.ax
[2010/10/19 11:35:24 | 000,223,232 | ---- | C] (Microsoft Corporation) -- D:\WINDOWS\System32\dllcache\camdrv21.sys
[2010/10/19 11:35:23 | 000,314,752 | ---- | C] (Microsoft Corporation) -- D:\WINDOWS\System32\dllcache\camdro21.sys
[2010/10/19 11:34:41 | 000,013,824 | ---- | C] (Microsoft Corporation) -- D:\WINDOWS\System32\dllcache\bulltlp3.sys
[2010/10/19 11:34:39 | 000,031,529 | ---- | C] (BreezeCOM) -- D:\WINDOWS\System32\dllcache\brzwlan.sys
[2010/10/19 11:34:39 | 000,010,368 | ---- | C] (Brother Industries Ltd.) -- D:\WINDOWS\System32\dllcache\brusbscn.sys
[2010/10/19 11:34:38 | 000,011,008 | ---- | C] (Brother Industries Ltd.) -- D:\WINDOWS\System32\dllcache\brusbmdm.sys
[2010/10/19 11:34:37 | 000,060,416 | ---- | C] (Brother Industries Ltd.) -- D:\WINDOWS\System32\dllcache\brserwdm.sys
[2010/10/19 11:34:36 | 000,009,728 | ---- | C] (Brother Industries, Ltd.) -- D:\WINDOWS\System32\dllcache\brserif.dll
[2010/10/19 11:34:36 | 000,005,120 | ---- | C] (Brother Industries,Ltd.) -- D:\WINDOWS\System32\dllcache\brscnrsm.dll
[2010/10/19 11:34:35 | 000,039,552 | ---- | C] (Brother Industries Ltd.) -- D:\WINDOWS\System32\dllcache\brparwdm.sys
[2010/10/19 11:34:33 | 000,003,168 | ---- | C] (Brother Industries Ltd.) -- D:\WINDOWS\System32\dllcache\brparimg.sys
[2010/10/19 11:34:32 | 000,041,472 | ---- | C] (Brother Industries, Ltd.) -- D:\WINDOWS\System32\dllcache\brmfusb.dll
[2010/10/19 11:34:31 | 000,032,256 | ---- | C] (Brother Industries, Ltd.) -- D:\WINDOWS\System32\dllcache\brmfrsmg.exe
[2010/10/19 11:34:30 | 000,029,696 | ---- | C] (Brother Industries, Ltd.) -- D:\WINDOWS\System32\dllcache\brmflpt.dll
[2010/10/19 11:34:29 | 000,081,408 | ---- | C] (Microsoft Corporation) -- D:\WINDOWS\System32\dllcache\brmfcwia.dll
[2010/10/19 11:34:29 | 000,015,360 | ---- | C] (Brother Industries, Ltd.) -- D:\WINDOWS\System32\dllcache\brmfbidi.dll
[2010/10/19 11:34:28 | 000,003,968 | ---- | C] (Brother Industries, Ltd.) -- D:\WINDOWS\System32\dllcache\brfiltup.sys
[2010/10/19 11:34:27 | 000,012,160 | ---- | C] (Brother Industries, Ltd.) -- D:\WINDOWS\System32\dllcache\brfiltlo.sys
[2010/10/19 11:34:26 | 000,002,944 | ---- | C] (Brother Industries Ltd.) -- D:\WINDOWS\System32\dllcache\brfilt.sys
[2010/10/19 11:34:25 | 000,012,800 | ---- | C] (Brother Industries, Ltd.) -- D:\WINDOWS\System32\dllcache\brevif.dll
[2010/10/19 11:34:25 | 000,009,728 | ---- | C] (Brother Industries Ltd.) -- D:\WINDOWS\System32\dllcache\brcoinst.dll
[2010/10/19 11:34:24 | 000,019,456 | ---- | C] (Brother Industries, Ltd.) -- D:\WINDOWS\System32\dllcache\brbidiif.dll
[2010/10/19 11:34:21 | 000,102,400 | ---- | C] (Microsoft Corporation) -- D:\WINDOWS\System32\dllcache\binlsvc.dll
[2010/10/19 11:34:20 | 000,011,776 | ---- | C] (Microsoft Corporation) -- D:\WINDOWS\System32\dllcache\bdasup.sys
[2010/10/19 11:34:19 | 000,018,432 | ---- | C] (Microsoft Corporation) -- D:\WINDOWS\System32\dllcache\bdaplgin.ax
[2010/10/19 11:34:18 | 000,871,388 | ---- | C] (BCM) -- D:\WINDOWS\System32\dllcache\bcmdm.sys
[2010/10/19 11:34:17 | 000,054,271 | ---- | C] (Broadcom Corporation) -- D:\WINDOWS\System32\dllcache\bcm42xx5.sys
[2010/10/19 11:34:17 | 000,026,568 | ---- | C] (Broadcom Corporation) -- D:\WINDOWS\System32\dllcache\bcm4e5.sys
[2010/10/19 11:34:16 | 000,066,557 | ---- | C] (Broadcom Corporation) -- D:\WINDOWS\System32\dllcache\bcm42u.sys
[2010/10/19 11:34:14 | 000,014,208 | ---- | C] (Microsoft Corporation) -- D:\WINDOWS\System32\dllcache\battc.sys
[2010/10/19 11:34:13 | 000,342,336 | ---- | C] (3Dfx Interactive, Inc.) -- D:\WINDOWS\System32\dllcache\banshee.dll
[2010/10/19 11:34:13 | 000,036,128 | ---- | C] (3Dfx Interactive, Inc.) -- D:\WINDOWS\System32\dllcache\banshee.sys
[2010/10/19 11:34:12 | 000,096,640 | ---- | C] (Broadcom Corporation) -- D:\WINDOWS\System32\dllcache\b57xp32.sys
[2010/10/19 11:34:11 | 000,089,952 | ---- | C] (AVM GmbH) -- D:\WINDOWS\System32\dllcache\b1cbase.sys
[2010/10/19 11:34:11 | 000,036,992 | ---- | C] (Aztech Systems Ltd) -- D:\WINDOWS\System32\dllcache\aztw2320.sys
[2010/10/19 11:34:10 | 000,037,568 | ---- | C] (AVM GmbH) -- D:\WINDOWS\System32\dllcache\avmwan.sys
[2010/10/19 11:34:08 | 000,144,384 | ---- | C] (AVM GmbH) -- D:\WINDOWS\System32\dllcache\avmenum.dll
[2010/10/19 11:34:07 | 000,087,552 | ---- | C] (AVM GmbH) -- D:\WINDOWS\System32\dllcache\avmcoxp.dll
[2010/10/19 11:34:06 | 000,013,696 | ---- | C] (Microsoft Corporation) -- D:\WINDOWS\System32\dllcache\avcstrm.sys
[2010/10/19 11:34:05 | 000,036,096 | ---- | C] (Microsoft Corporation) -- D:\WINDOWS\System32\dllcache\avcaudio.sys
[2010/10/19 11:34:04 | 000,038,912 | ---- | C] (Microsoft Corporation) -- D:\WINDOWS\System32\dllcache\avc.sys
[2010/10/19 11:33:53 | 000,104,832 | ---- | C] (ATI Technologies Inc.) -- D:\WINDOWS\System32\dllcache\atiraged.dll
[2010/10/19 11:33:53 | 000,070,528 | ---- | C] (ATI Technologies Inc.) -- D:\WINDOWS\System32\dllcache\atiragem.sys
[2010/10/19 11:33:50 | 000,281,600 | ---- | C] (ATI Technologies Inc.) -- D:\WINDOWS\System32\dllcache\atimtai.sys
[2010/10/19 11:33:50 | 000,075,136 | ---- | C] (ATI Technologies Inc.) -- D:\WINDOWS\System32\dllcache\atimpae.sys
[2010/10/19 11:33:49 | 000,289,664 | ---- | C] (ATI Technologies Inc.) -- D:\WINDOWS\System32\dllcache\atimpab.sys
[2010/10/19 11:33:48 | 000,037,376 | ---- | C] (Microsoft Corporation) -- D:\WINDOWS\System32\dllcache\atievxx.exe
[2010/10/19 11:33:47 | 000,268,160 | ---- | C] (ATI Technologies Inc.) -- D:\WINDOWS\System32\dllcache\atidvai.dll
[2010/10/19 11:33:47 | 000,137,216 | ---- | C] (ATI Technologies Inc.) -- D:\WINDOWS\System32\dllcache\atidrae.dll
[2010/10/19 11:33:46 | 000,382,592 | ---- | C] (ATI Technologies Inc.) -- D:\WINDOWS\System32\dllcache\atidrab.dll
[2010/10/19 11:33:42 | 000,077,568 | ---- | C] (ATI Technologies, Inc.) -- D:\WINDOWS\System32\dllcache\ati.sys
[2010/10/19 11:33:41 | 000,096,128 | ---- | C] (Microsoft Corporation) -- D:\WINDOWS\System32\dllcache\ati.dll
[2010/10/19 11:33:38 | 000,097,354 | ---- | C] (Bay Networks, Inc.) -- D:\WINDOWS\System32\dllcache\aspndis3.sys
[2010/10/19 11:33:36 | 000,022,400 | ---- | C] (Microsoft Corporation) -- D:\WINDOWS\System32\dllcache\asc3350p.sys
[2010/10/19 11:33:36 | 000,014,848 | ---- | C] (Advanced System Products, Inc.) -- D:\WINDOWS\System32\dllcache\asc3550.sys
[2010/10/19 11:33:35 | 000,026,496 | ---- | C] (Advanced System Products, Inc.) -- D:\WINDOWS\System32\dllcache\asc.sys
[2010/10/19 11:33:32 | 000,006,272 | ---- | C] (Microsoft Corporation) -- D:\WINDOWS\System32\dllcache\apmbatt.sys
[2010/10/19 11:33:31 | 000,036,224 | ---- | C] (ADMtek Incorporated.) -- D:\WINDOWS\System32\dllcache\an983.sys
[2010/10/19 11:33:31 | 000,012,032 | ---- | C] (Microsoft Corporation) -- D:\WINDOWS\System32\dllcache\amsint.sys
[2010/10/19 11:33:30 | 000,016,969 | ---- | C] (AmbiCom, Inc.) -- D:\WINDOWS\System32\dllcache\amb8002.sys
[2010/10/19 11:33:29 | 000,005,248 | ---- | C] (Acer Laboratories Inc.) -- D:\WINDOWS\System32\dllcache\aliide.sys
[2010/10/19 11:33:28 | 000,026,624 | ---- | C] (Acer Laboratories Inc.) -- D:\WINDOWS\System32\dllcache\alifir.sys
[2010/10/19 11:33:27 | 000,056,960 | ---- | C] (Microsoft Corporation) -- D:\WINDOWS\System32\dllcache\aic78xx.sys
[2010/10/19 11:33:27 | 000,027,678 | ---- | C] (Acer Laboratories Inc.) -- D:\WINDOWS\System32\dllcache\ali5261.sys
[2010/10/19 11:33:25 | 000,055,168 | ---- | C] (Microsoft Corporation) -- D:\WINDOWS\System32\dllcache\aic78u2.sys
[2010/10/19 11:33:25 | 000,012,800 | ---- | C] (Microsoft Corporation) -- D:\WINDOWS\System32\dllcache\aha154x.sys
[2010/10/19 11:33:18 | 000,024,576 | ---- | C] (Microsoft Corporation) -- D:\WINDOWS\System32\dllcache\agcgauge.ax
[2010/10/19 11:33:14 | 000,101,888 | ---- | C] (Microsoft Corporation) -- D:\WINDOWS\System32\dllcache\adpu160m.sys
[2010/10/19 11:33:14 | 000,046,112 | ---- | C] (Adaptec, Inc ) -- D:\WINDOWS\System32\dllcache\adptsf50.sys
[2010/10/19 11:33:12 | 000,010,880 | ---- | C] (Aureal, Inc.) -- D:\WINDOWS\System32\dllcache\admjoy.sys
[2010/10/19 11:33:11 | 000,747,392 | ---- | C] (Aureal, Inc.) -- D:\WINDOWS\System32\dllcache\adm8830.sys
[2010/10/19 11:33:10 | 000,584,448 | ---- | C] (Aureal, Inc.) -- D:\WINDOWS\System32\dllcache\adm8810.sys
[2010/10/19 11:33:10 | 000,553,984 | ---- | C] (Aureal, Inc.) -- D:\WINDOWS\System32\dllcache\adm8820.sys
[2010/10/19 11:33:09 | 000,020,160 | ---- | C] (ADMtek Incorporated) -- D:\WINDOWS\System32\dllcache\adm8511.sys
[2010/10/19 11:33:08 | 000,007,424 | ---- | C] (Microsoft Corporation) -- D:\WINDOWS\System32\dllcache\adicvls.sys
[2010/10/19 11:33:07 | 000,061,440 | ---- | C] (Color Flatbed Scanner) -- D:\WINDOWS\System32\dllcache\acerscad.dll
[2010/10/19 11:33:06 | 000,084,480 | ---- | C] (VIA Technologies, Inc.) -- D:\WINDOWS\System32\dllcache\ac97via.sys
[2010/10/19 11:33:05 | 000,297,728 | ---- | C] (Silicon Integrated Systems Corp.) -- D:\WINDOWS\System32\dllcache\ac97sis.sys
[2010/10/19 11:33:04 | 000,096,256 | ---- | C] (Intel Corporation) -- D:\WINDOWS\System32\dllcache\ac97intc.sys
[2010/10/19 11:33:03 | 000,231,552 | ---- | C] (Acer Laboratories Inc.) -- D:\WINDOWS\System32\dllcache\ac97ali.sys
[2010/10/19 11:33:02 | 000,023,552 | ---- | C] (Microsoft Corporation) -- D:\WINDOWS\System32\dllcache\abp480n5.sys
[2010/10/19 11:33:01 | 000,462,848 | ---- | C] (Aureal Inc.) -- D:\WINDOWS\System32\dllcache\a3dapi.dll
[2010/10/19 11:33:00 | 000,098,304 | ---- | C] (Aureal Semiconductor) -- D:\WINDOWS\System32\dllcache\a3d.dll
[2010/10/19 11:32:59 | 000,038,400 | ---- | C] (Microsoft Corporation) -- D:\WINDOWS\System32\dllcache\8514a.dll
[2010/10/19 11:32:58 | 000,048,128 | ---- | C] (Microsoft Corporation) -- D:\WINDOWS\System32\dllcache\61883.sys
[2010/10/19 11:32:57 | 000,148,352 | ---- | C] (3dfx Interactive, Inc.) -- D:\WINDOWS\System32\dllcache\3dfxvsm.sys
[2010/10/19 11:32:57 | 000,012,288 | ---- | C] (Microsoft Corporation) -- D:\WINDOWS\System32\dllcache\4mmdat.sys
[2010/10/19 11:32:56 | 000,689,216 | ---- | C] (3dfx Interactive, Inc.) -- D:\WINDOWS\System32\dllcache\3dfxvs.dll
[2010/10/19 11:32:55 | 000,762,780 | ---- | C] (3Com, Inc.) -- D:\WINDOWS\System32\dllcache\3cwmcru.sys
[2010/10/19 11:32:54 | 000,011,264 | ---- | C] (Microsoft Corporation) -- D:\WINDOWS\System32\dllcache\1394vdbg.sys
[2010/10/19 11:32:53 | 000,053,376 | ---- | C] (Microsoft Corporation) -- D:\WINDOWS\System32\dllcache\1394bus.sys
[2010/10/19 11:31:40 | 000,066,048 | ---- | C] (Microsoft Corporation) -- D:\WINDOWS\System32\dllcache\s3legacy.dll
[2010/10/19 11:30:16 | 000,015,872 | ---- | C] (Microsoft Corporation) -- D:\WINDOWS\System32\dllcache\smierrsm.dll
[2010/10/19 11:30:16 | 000,010,240 | ---- | C] (Microsoft Corporation) -- D:\WINDOWS\System32\dllcache\snmpstup.dll
[2010/10/19 11:30:16 | 000,005,632 | ---- | C] (Microsoft Corporation) -- D:\WINDOWS\System32\dllcache\smimsgif.dll
[2010/10/19 11:30:16 | 000,005,632 | ---- | C] (Microsoft Corporation) -- D:\WINDOWS\System32\dllcache\smierrsy.dll
[2010/10/18 22:29:59 | 000,000,000 | ---D | C] -- D:\Program Files\Common Files\McAfee
[2010/10/18 22:29:57 | 000,000,000 | ---D | C] -- D:\Program Files\McAfee.com
[2010/10/18 22:29:35 | 000,000,000 | ---D | C] -- D:\Program Files\McAfee
[2010/10/18 11:12:23 | 019,534,507 | ---- | C] (Loaris, Inc. ) -- D:\Documents and Settings\John Stacer\Desktop\loaristrojanremover.exe
[2010/10/18 11:12:13 | 000,288,654 | ---- | C] ( ) -- D:\Documents and Settings\John Stacer\Desktop\safe.exe
[2010/10/18 11:12:07 | 006,153,352 | ---- | C] (Malwarebytes Corporation ) -- D:\Documents and Settings\John Stacer\Desktop\msetup.exe
[2010/10/08 15:41:42 | 000,005,376 | ---- | C] (Microsoft Corporation) -- D:\WINDOWS\System32\drivers\viaide.sy@
[2010/10/08 13:35:58 | 000,000,000 | ---D | C] -- D:\Documents and Settings\All Users\Application Data\TiVo
[2010/10/08 13:35:58 | 000,000,000 | ---D | C] -- c:\Documents and Settings\John Stacer\My Documents\My TiVo Recordings for Portables
[2010/10/08 13:35:57 | 000,000,000 | ---D | C] -- D:\Program Files\TiVo
[2010/10/08 13:27:45 | 000,000,000 | ---D | C] -- D:\Documents and Settings\John Stacer\Local Settings\Application Data\PCHealth
[4 D:\WINDOWS\*.tmp files -> D:\WINDOWS\*.tmp -> ]
[3 D:\WINDOWS\System32\*.tmp files -> D:\WINDOWS\System32\*.tmp -> ]
[1 c:\Documents and Settings\John Stacer\My Documents\*.tmp files -> c:\Documents and Settings\John Stacer\My Documents\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2010/11/02 10:51:08 | 000,576,000 | ---- | M] (OldTimer Tools) -- D:\Documents and Settings\John Stacer\Desktop\OTL.exe
[2010/11/02 10:42:58 | 000,087,970 | ---- | M] () -- D:\WINDOWS\System32\nvapps.xml
[2010/11/02 10:42:52 | 000,001,374 | ---- | M] () -- D:\WINDOWS\System32\wpa.dbl
[2010/11/02 10:42:48 | 000,000,892 | ---- | M] () -- D:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job
[2010/11/02 10:42:34 | 000,001,535 | ---- | M] () -- D:\Documents and Settings\All Users\Desktop\McAfee AntiVirus Plus.lnk
[2010/11/02 10:42:18 | 000,000,402 | ---- | M] () -- D:\WINDOWS\tasks\At22.job
[2010/11/02 10:42:18 | 000,000,402 | ---- | M] () -- D:\WINDOWS\tasks\At21.job
[2010/11/02 10:42:18 | 000,000,402 | ---- | M] () -- D:\WINDOWS\tasks\At20.job
[2010/11/02 10:42:16 | 000,002,048 | --S- | M] () -- D:\WINDOWS\bootstat.dat
[2010/11/02 10:42:12 | 1341,706,240 | -HS- | M] () -- D:\hiberfil.sys
[2010/10/28 22:39:16 | 000,000,896 | ---- | M] () -- D:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job
[2010/10/28 19:12:10 | 000,000,402 | ---- | M] () -- D:\WINDOWS\tasks\At19.job
[2010/10/28 19:12:10 | 000,000,402 | ---- | M] () -- D:\WINDOWS\tasks\At17.job
[2010/10/28 19:10:14 | 000,000,950 | ---- | M] () -- D:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-1004336348-651377827-682003330-1003Core1cb6d876926a446.job
[2010/10/27 02:12:02 | 000,000,402 | ---- | M] () -- D:\WINDOWS\tasks\At5.job
[2010/10/27 01:12:02 | 000,000,402 | ---- | M] () -- D:\WINDOWS\tasks\At2.job
[2010/10/27 00:12:02 | 000,000,402 | ---- | M] () -- D:\WINDOWS\tasks\At3.job
[2010/10/26 23:12:02 | 000,000,402 | ---- | M] () -- D:\WINDOWS\tasks\At23.job
[2010/10/26 19:12:02 | 000,000,402 | ---- | M] () -- D:\WINDOWS\tasks\At18.job
[2010/10/26 16:12:02 | 000,000,402 | ---- | M] () -- D:\WINDOWS\tasks\At15.job
[2010/10/26 15:12:02 | 000,000,402 | ---- | M] () -- D:\WINDOWS\tasks\At24.job
[2010/10/26 14:12:02 | 000,000,402 | ---- | M] () -- D:\WINDOWS\tasks\At16.job
[2010/10/24 13:59:42 | 000,286,404 | ---- | M] () -- D:\Documents and Settings\John Stacer\Desktop\gmer.zip
[2010/10/24 13:48:22 | 000,000,000 | ---- | M] () -- D:\Documents and Settings\John Stacer\defogger_reenable
[2010/10/24 13:47:34 | 000,545,280 | ---- | M] () -- D:\Documents and Settings\John Stacer\Desktop\dds.scr
[2010/10/24 13:45:04 | 000,050,477 | ---- | M] () -- D:\Documents and Settings\John Stacer\Desktop\Defogger.exe
[2010/10/24 10:32:16 | 000,013,247 | ---- | M] () -- D:\Documents and Settings\John Stacer\Desktop\6-9.rtf
[2010/10/24 10:12:02 | 000,000,402 | ---- | M] () -- D:\WINDOWS\tasks\At11.job
[2010/10/20 13:12:04 | 000,000,402 | ---- | M] () -- D:\WINDOWS\tasks\At14.job
[2010/10/20 12:12:02 | 000,000,402 | ---- | M] () -- D:\WINDOWS\tasks\At13.job
[2010/10/20 11:01:40 | 000,001,316 | ---- | M] () -- D:\WINDOWS\System32\wpa.bak
[2010/10/20 09:12:34 | 000,000,402 | ---- | M] () -- D:\WINDOWS\tasks\At10.job
[2010/10/20 08:45:38 | 000,036,142 | ---- | M] () -- D:\Documents and Settings\John Stacer\Desktop\UndeletableSafebootKey_V0_0_0_1.zip
[2010/10/20 08:27:12 | 000,006,377 | ---- | M] () -- D:\Documents and Settings\John Stacer\Desktop\SafeBoot.zip
[2010/10/20 08:12:04 | 000,000,402 | ---- | M] () -- D:\WINDOWS\tasks\At9.job
[2010/10/20 07:12:02 | 000,000,402 | ---- | M] () -- D:\WINDOWS\tasks\At8.job
[2010/10/20 06:12:02 | 000,000,402 | ---- | M] () -- D:\WINDOWS\tasks\At7.job
[2010/10/20 05:12:02 | 000,000,402 | ---- | M] () -- D:\WINDOWS\tasks\At6.job
[2010/10/20 04:12:02 | 000,000,402 | ---- | M] () -- D:\WINDOWS\tasks\At4.job
[2010/10/20 03:12:02 | 000,000,402 | ---- | M] () -- D:\WINDOWS\tasks\At1.job
[2010/10/19 18:56:58 | 021,224,403 | ---- | M] (Loaris, Inc. ) -- D:\Documents and Settings\John Stacer\Desktop\loaristrojanremover(2).exe
[2010/10/19 11:53:58 | 000,000,402 | ---- | M] () -- D:\WINDOWS\tasks\At12.job
[2010/10/19 11:30:20 | 000,462,188 | ---- | M] () -- D:\WINDOWS\System32\perfh009.dat
[2010/10/19 11:30:20 | 000,079,758 | ---- | M] () -- D:\WINDOWS\System32\perfc009.dat
[2010/10/18 22:09:28 | 000,524,912 | ---- | M] () -- D:\WINDOWS\System32\FNTCACHE.DAT
[2010/10/18 15:49:34 | 000,001,393 | ---- | M] () -- D:\WINDOWS\imsins.BAK
[2010/10/18 15:46:56 | 000,000,193 | ---- | M] () -- D:\WINDOWS\System32\MRT.INI
[2010/10/18 15:32:54 | 000,000,134 | ---- | M] () -- D:\Documents and Settings\John Stacer\Desktop\hostsperm.bat
[2010/10/18 10:14:34 | 000,000,281 | ---- | M] () -- D:\Documents and Settings\John Stacer\Desktop\Shortcut (2) to iExplore.exe.lnk
[2010/10/16 18:37:24 | 000,000,202 | ---- | M] () -- D:\WINDOWS\NeroDigital.ini
[2010/10/15 13:22:46 | 000,000,664 | ---- | M] () -- D:\WINDOWS\System32\d3d9caps.dat
[2010/10/15 13:18:58 | 000,000,348 | ---- | M] () -- D:\Documents and Settings\John Stacer\Application Data\jsfhjjsd.bat
[2010/10/11 10:43:00 | 000,000,472 | ---- | M] () -- D:\WINDOWS\tasks\Ad-Aware Update (Weekly).job
[2010/10/08 13:36:08 | 000,000,645 | ---- | M] () -- D:\Documents and Settings\All Users\Desktop\TiVo Desktop.lnk
[2010/10/06 23:46:28 | 004,305,468 | ---- | M] () -- D:\Documents and Settings\John Stacer\Desktop\MN_SMCWGBR14-N.pdf
[4 D:\WINDOWS\*.tmp files -> D:\WINDOWS\*.tmp -> ]
[3 D:\WINDOWS\System32\*.tmp files -> D:\WINDOWS\System32\*.tmp -> ]
[1 c:\Documents and Settings\John Stacer\My Documents\*.tmp files -> c:\Documents and Settings\John Stacer\My Documents\*.tmp -> ]

========== Files Created - No Company Name ==========

[2010/10/24 13:59:45 | 000,286,404 | ---- | C] () -- D:\Documents and Settings\John Stacer\Desktop\gmer.zip
[2010/10/24 13:48:20 | 000,000,000 | ---- | C] () -- D:\Documents and Settings\John Stacer\defogger_reenable
[2010/10/24 13:47:34 | 000,545,280 | ---- | C] () -- D:\Documents and Settings\John Stacer\Desktop\dds.scr
[2010/10/24 13:45:05 | 000,050,477 | ---- | C] () -- D:\Documents and Settings\John Stacer\Desktop\Defogger.exe
[2010/10/24 10:32:15 | 000,013,247 | ---- | C] () -- D:\Documents and Settings\John Stacer\Desktop\6-9.rtf
[2010/10/20 18:35:35 | 000,001,663 | ---- | C] () -- D:\Documents and Settings\All Users\Start Menu\Programs\Startup\Adobe Reader Speed Launch.lnk
[2010/10/20 08:45:40 | 000,036,142 | ---- | C] () -- D:\Documents and Settings\John Stacer\Desktop\UndeletableSafebootKey_V0_0_0_1.zip
[2010/10/20 08:37:48 | 000,027,144 | ---- | C] () -- D:\Documents and Settings\John Stacer\Desktop\SafeBoot-for-Windows-XP-SP3.reg
[2010/10/20 08:27:15 | 000,006,377 | ---- | C] () -- D:\Documents and Settings\John Stacer\Desktop\SafeBoot.zip
[2010/10/20 08:25:51 | 000,001,535 | ---- | C] () -- D:\Documents and Settings\All Users\Desktop\McAfee AntiVirus Plus.lnk
[2010/10/19 11:49:52 | 000,018,944 | ---- | C] () -- D:\WINDOWS\System32\dllcache\xrxscnui.dll
[2010/10/19 11:49:51 | 000,027,648 | ---- | C] () -- D:\WINDOWS\System32\dllcache\xrxftplt.exe
[2010/10/19 11:44:32 | 000,033,280 | ---- | C] () -- D:\WINDOWS\System32\dllcache\psisrndr.ax
[2010/10/19 11:44:31 | 000,363,520 | ---- | C] () -- D:\WINDOWS\System32\dllcache\psisdecd.dll
[2010/10/19 11:42:22 | 000,056,832 | ---- | C] () -- D:\WINDOWS\System32\dllcache\msdvbnp.ax
[2010/10/19 11:39:05 | 000,165,888 | ---- | C] () -- D:\WINDOWS\System32\dllcache\hpgt53.dll
[2010/10/19 11:39:04 | 000,093,696 | ---- | C] () -- D:\WINDOWS\System32\dllcache\hpgt42.dll
[2010/10/19 11:39:03 | 000,101,376 | ---- | C] () -- D:\WINDOWS\System32\dllcache\hpgt34.dll
[2010/10/19 11:39:02 | 000,089,088 | ---- | C] () -- D:\WINDOWS\System32\dllcache\hpgt33.dll
[2010/10/19 11:39:01 | 000,083,968 | ---- | C] () -- D:\WINDOWS\System32\dllcache\hpgt21.dll
[2010/10/19 11:37:05 | 000,037,962 | ---- | C] () -- D:\WINDOWS\System32\dllcache\divaprop.dll
[2010/10/19 11:37:05 | 000,029,768 | ---- | C] () -- D:\WINDOWS\System32\dllcache\divasu.dll
[2010/10/19 11:37:04 | 000,006,216 | ---- | C] () -- D:\WINDOWS\System32\dllcache\divaci.dll
[2010/10/19 11:33:59 | 000,023,552 | ---- | C] () -- D:\WINDOWS\System32\dllcache\atixbar.sys
[2010/10/19 11:33:58 | 000,026,624 | ---- | C] () -- D:\WINDOWS\System32\dllcache\ativxbar.sys
[2010/10/19 11:33:58 | 000,019,456 | ---- | C] () -- D:\WINDOWS\System32\dllcache\ativttxx.sys
[2010/10/19 11:33:57 | 000,009,472 | ---- | C] () -- D:\WINDOWS\System32\dllcache\ativmdcd.sys
[2010/10/19 11:33:56 | 000,017,152 | ---- | C] () -- D:\WINDOWS\System32\dllcache\atitvsnd.sys
[2010/10/19 11:33:55 | 000,026,880 | ---- | C] () -- D:\WINDOWS\System32\dllcache\atirtsnd.sys
[2010/10/19 11:33:55 | 000,017,152 | ---- | C] () -- D:\WINDOWS\System32\dllcache\atitunep.sys
[2010/10/19 11:33:54 | 000,049,920 | ---- | C] () -- D:\WINDOWS\System32\dllcache\atirtcap.sys
[2010/10/19 11:33:52 | 000,010,240 | ---- | C] () -- D:\WINDOWS\System32\dllcache\atipcxxx.sys
[2010/10/19 11:33:45 | 000,046,464 | ---- | C] () -- D:\WINDOWS\System32\dllcache\atibt829.sys
[2010/10/19 11:30:16 | 000,049,275 | ---- | C] () -- D:\WINDOWS\System32\wfospf.mib
[2010/10/19 11:30:16 | 000,038,608 | ---- | C] () -- D:\WINDOWS\System32\nipx.mib
[2010/10/19 11:30:16 | 000,026,236 | ---- | C] () -- D:\WINDOWS\System32\wins.mib
[2010/10/19 11:30:16 | 000,004,332 | ---- | C] () -- D:\WINDOWS\System32\smi.mib
[2010/10/19 11:30:15 | 000,107,882 | ---- | C] () -- D:\WINDOWS\System32\mib_ii.mib
[2010/10/19 11:30:15 | 000,048,593 | ---- | C] () -- D:\WINDOWS\System32\hostmib.mib
[2010/10/19 11:30:15 | 000,034,317 | ---- | C] () -- D:\WINDOWS\System32\msiprip2.mib
[2010/10/19 11:30:15 | 000,030,448 | ---- | C] () -- D:\WINDOWS\System32\mcastmib.mib
[2010/10/19 11:30:15 | 000,026,100 | ---- | C] () -- D:\WINDOWS\System32\lmmib2.mib
[2010/10/19 11:30:15 | 000,021,386 | ---- | C] () -- D:\WINDOWS\System32\mipx.mib
[2010/10/19 11:30:15 | 000,020,079 | ---- | C] () -- D:\WINDOWS\System32\http.mib
[2010/10/19 11:30:15 | 000,015,799 | ---- | C] () -- D:\WINDOWS\System32\ipforwd.mib
[2010/10/19 11:30:15 | 000,013,767 | ---- | C] () -- D:\WINDOWS\System32\msipbtp.mib
[2010/10/19 11:30:15 | 000,010,313 | ---- | C] () -- D:\WINDOWS\System32\mripsap.mib
[2010/10/19 11:30:15 | 000,006,179 | ---- | C] () -- D:\WINDOWS\System32\ftp.mib
[2010/10/19 11:30:15 | 000,004,597 | ---- | C] () -- D:\WINDOWS\System32\dhcp.mib
[2010/10/19 11:30:15 | 000,000,698 | ---- | C] () -- D:\WINDOWS\System32\inetsrv.mib
[2010/10/19 11:30:15 | 000,000,581 | ---- | C] () -- D:\WINDOWS\System32\msft.mib
[2010/10/19 11:30:14 | 000,016,617 | ---- | C] () -- D:\WINDOWS\System32\authserv.mib
[2010/10/19 11:30:14 | 000,015,597 | ---- | C] () -- D:\WINDOWS\System32\accserv.mib
[2010/10/18 15:46:54 | 000,000,193 | ---- | C] () -- D:\WINDOWS\System32\MRT.INI
[2010/10/18 15:33:00 | 000,000,134 | ---- | C] () -- D:\Documents and Settings\John Stacer\Desktop\hostsperm.bat
[2010/10/18 10:14:33 | 000,000,281 | ---- | C] () -- D:\Documents and Settings\John Stacer\Desktop\Shortcut (2) to iExplore.exe.lnk
[2010/10/16 18:11:06 | 000,000,950 | ---- | C] () -- D:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-1004336348-651377827-682003330-1003Core1cb6d876926a446.job
[2010/10/15 13:19:02 | 000,000,402 | ---- | C] () -- D:\WINDOWS\tasks\At24.job
[2010/10/15 13:19:02 | 000,000,402 | ---- | C] () -- D:\WINDOWS\tasks\At23.job
[2010/10/15 13:19:02 | 000,000,402 | ---- | C] () -- D:\WINDOWS\tasks\At22.job
[2010/10/15 13:19:02 | 000,000,402 | ---- | C] () -- D:\WINDOWS\tasks\At21.job
[2010/10/15 13:19:02 | 000,000,402 | ---- | C] () -- D:\WINDOWS\tasks\At20.job
[2010/10/15 13:19:02 | 000,000,402 | ---- | C] () -- D:\WINDOWS\tasks\At19.job
[2010/10/15 13:19:01 | 000,000,402 | ---- | C] () -- D:\WINDOWS\tasks\At18.job
[2010/10/15 13:19:01 | 000,000,402 | ---- | C] () -- D:\WINDOWS\tasks\At17.job
[2010/10/15 13:19:01 | 000,000,402 | ---- | C] () -- D:\WINDOWS\tasks\At16.job
[2010/10/15 13:19:01 | 000,000,402 | ---- | C] () -- D:\WINDOWS\tasks\At15.job
[2010/10/15 13:19:01 | 000,000,402 | ---- | C] () -- D:\WINDOWS\tasks\At14.job
[2010/10/15 13:19:00 | 000,000,402 | ---- | C] () -- D:\WINDOWS\tasks\At9.job
[2010/10/15 13:19:00 | 000,000,402 | ---- | C] () -- D:\WINDOWS\tasks\At8.job
[2010/10/15 13:19:00 | 000,000,402 | ---- | C] () -- D:\WINDOWS\tasks\At7.job
[2010/10/15 13:19:00 | 000,000,402 | ---- | C] () -- D:\WINDOWS\tasks\At13.job
[2010/10/15 13:19:00 | 000,000,402 | ---- | C] () -- D:\WINDOWS\tasks\At12.job
[2010/10/15 13:19:00 | 000,000,402 | ---- | C] () -- D:\WINDOWS\tasks\At11.job
[2010/10/15 13:19:00 | 000,000,402 | ---- | C] () -- D:\WINDOWS\tasks\At10.job
[2010/10/15 13:18:59 | 000,000,402 | ---- | C] () -- D:\WINDOWS\tasks\At6.job
[2010/10/15 13:18:59 | 000,000,402 | ---- | C] () -- D:\WINDOWS\tasks\At5.job
[2010/10/15 13:18:59 | 000,000,402 | ---- | C] () -- D:\WINDOWS\tasks\At4.job
[2010/10/15 13:18:58 | 000,000,402 | ---- | C] () -- D:\WINDOWS\tasks\At3.job
[2010/10/15 13:18:58 | 000,000,402 | ---- | C] () -- D:\WINDOWS\tasks\At2.job
[2010/10/15 13:18:58 | 000,000,402 | ---- | C] () -- D:\WINDOWS\tasks\At1.job
[2010/10/15 13:18:57 | 000,000,348 | ---- | C] () -- D:\Documents and Settings\John Stacer\Application Data\jsfhjjsd.bat
[2010/10/08 13:36:07 | 000,000,645 | ---- | C] () -- D:\Documents and Settings\All Users\Desktop\TiVo Desktop.lnk
[2010/10/06 23:46:06 | 004,305,468 | ---- | C] () -- D:\Documents and Settings\John Stacer\Desktop\MN_SMCWGBR14-N.pdf
[2010/03/07 21:34:46 | 000,484,352 | ---- | C] () -- D:\WINDOWS\System32\lame_enc.dll
[2010/03/06 22:12:08 | 000,008,858 | -HS- | C] () -- D:\Documents and Settings\John Stacer\Local Settings\Application Data\3b4272touB
[2010/03/05 21:00:42 | 000,380,928 | ---- | C] () -- D:\WINDOWS\System32\psCamDat.dll
[2010/03/03 12:27:43 | 000,000,000 | ---- | C] () -- D:\WINDOWS\OpPrintServer.INI
[2010/02/20 09:47:50 | 000,000,460 | ---- | C] () -- D:\WINDOWS\CDPlayer.ini
[2009/12/11 12:12:49 | 000,172,032 | R--- | C] () -- D:\WINDOWS\System32\SecSNMP.dll
[2009/12/11 12:11:24 | 000,126,976 | ---- | C] () -- D:\WINDOWS\System32\STOFaxPort.dll
[2009/12/11 12:11:04 | 000,000,124 | ---- | C] () -- D:\WINDOWS\Readiris.ini
[2009/12/11 12:10:54 | 000,023,040 | ---- | C] () -- D:\WINDOWS\System32\irisco32.dll
[2009/12/11 12:09:04 | 000,950,585 | ---- | C] () -- D:\WINDOWS\System32\libiconv-2.dll
[2009/12/11 12:04:58 | 000,143,872 | ---- | C] () -- D:\WINDOWS\System32\SaXPWIA.dll
[2009/12/11 12:04:58 | 000,139,776 | ---- | C] () -- D:\WINDOWS\System32\SaXPEH.dll
[2009/12/11 12:04:58 | 000,138,240 | ---- | C] () -- D:\WINDOWS\System32\SaXPUIEx.dll
[2009/12/11 12:04:58 | 000,116,736 | ---- | C] () -- D:\WINDOWS\System32\SaXPIPH.dll
[2009/12/11 12:04:58 | 000,087,552 | ---- | C] () -- D:\WINDOWS\System32\SaXPSTI.dll
[2009/12/11 12:04:37 | 000,026,624 | ---- | C] () -- D:\WINDOWS\System32\sdt1cl3.dll
[2009/08/03 15:07:42 | 000,403,816 | ---- | C] () -- D:\WINDOWS\System32\OGACheckControl.dll
[2009/01/07 20:31:28 | 000,000,011 | ---- | C] () -- D:\WINDOWS\wanpatan.ini
[2008/01/28 13:35:45 | 000,120,200 | ---- | C] () -- D:\WINDOWS\System32\DLLDEV32i.dll
[2008/01/28 13:35:45 | 000,005,937 | ---- | C] () -- D:\WINDOWS\mgxoschk.ini
[2007/05/29 22:16:26 | 000,000,000 | ---- | C] () -- D:\WINDOWS\iPlayer.INI
[2007/04/25 17:47:09 | 000,005,850 | ---- | C] () -- D:\WINDOWS\WinInit.ini.backup
[2006/12/06 20:12:17 | 000,000,028 | ---- | C] () -- D:\WINDOWS\qfnonl.ini
[2006/12/06 20:10:55 | 000,000,028 | ---- | C] () -- D:\WINDOWS\ICOA.INI
[2006/12/06 20:10:48 | 000,000,000 | ---- | C] () -- D:\WINDOWS\QFN.ini
[2006/12/06 20:10:48 | 000,000,000 | ---- | C] () -- D:\WINDOWS\QDQICK.ini
[2006/12/06 20:03:26 | 000,000,781 | ---- | C] () -- D:\WINDOWS\QUICKEN.INI
[2006/12/06 20:03:24 | 000,000,185 | ---- | C] () -- D:\WINDOWS\intuprof.ini
[2006/11/17 14:56:35 | 000,000,000 | ---- | C] () -- D:\WINDOWS\JDSecure31.INI
[2006/11/17 14:56:31 | 000,249,856 | ---- | C] () -- D:\WINDOWS\System32\LxrJD31.dll
[2006/11/17 14:56:31 | 000,069,824 | ---- | C] () -- D:\WINDOWS\System32\drivers\LxrJD31d.sys
[2006/11/17 14:56:31 | 000,061,440 | ---- | C] () -- D:\WINDOWS\System32\LxrJD20Sat.dll
[2006/10/22 12:22:00 | 000,581,632 | ---- | C] () -- D:\WINDOWS\System32\nvhwvid.dll
[2006/10/22 12:22:00 | 000,212,992 | ---- | C] () -- D:\WINDOWS\System32\nvapi.dll
[2005/12/29 18:25:30 | 000,000,154 | ---- | C] () -- D:\WINDOWS\cncscore.ini
[2005/08/21 12:11:55 | 000,003,680 | ---- | C] () -- D:\WINDOWS\System32\drivers\Iteio.sys
[2005/07/08 15:58:55 | 000,000,202 | ---- | C] () -- D:\WINDOWS\NeroDigital.ini
[2005/06/25 19:14:30 | 000,004,744 | ---- | C] () -- D:\WINDOWS\7thLevel.ini
[2005/06/21 15:12:33 | 000,000,000 | ---- | C] () -- D:\WINDOWS\SETUP32.INI
[2005/06/21 14:05:53 | 000,000,021 | ---- | C] () -- D:\WINDOWS\PZMSTART.INI
[2005/03/23 19:34:30 | 000,002,886 | ---- | C] () -- D:\WINDOWS\MGX.INI
[2005/03/23 19:34:30 | 000,000,649 | ---- | C] () -- D:\WINDOWS\DS41.INI
[2005/03/23 19:28:16 | 000,001,026 | ---- | C] () -- D:\WINDOWS\MAGIC.INI
[2005/03/13 18:54:21 | 000,000,046 | ---- | C] () -- D:\WINDOWS\QTW.INI
[2005/03/13 18:54:16 | 000,210,944 | ---- | C] () -- D:\WINDOWS\System32\MSVCRT10.DLL
[2005/03/13 18:54:16 | 000,000,116 | ---- | C] () -- D:\WINDOWS\KPCMS.INI
[2005/01/27 20:06:10 | 000,000,134 | ---- | C] () -- D:\Documents and Settings\John Stacer\Local Settings\Application Data\fusioncache.dat
[2005/01/27 17:50:19 | 000,000,488 | ---- | C] () -- D:\WINDOWS\ODBC.INI
[2005/01/20 18:07:11 | 000,000,000 | ---- | C] () -- D:\WINDOWS\OPPRIN~1.INI
[2005/01/11 14:34:13 | 000,019,456 | ---- | C] () -- D:\Documents and Settings\John Stacer\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2004/11/26 17:12:21 | 000,005,828 | ---- | C] () -- D:\WINDOWS\WinInit.ini
[2004/11/26 16:42:28 | 001,470,464 | ---- | C] () -- D:\WINDOWS\System32\nview.dll
[2004/11/26 16:08:54 | 000,237,568 | ---- | C] () -- D:\WINDOWS\System32\glut32.dll
[2004/11/23 11:45:07 | 000,003,351 | ---- | C] () -- D:\WINDOWS\System32\drivers\VSP.sys
[2004/11/23 10:59:18 | 000,000,051 | ---- | C] () -- D:\WINDOWS\System32\EAL32.INI
[2004/11/23 10:45:21 | 000,098,304 | ---- | C] () -- D:\WINDOWS\System32\Ssgk2pnp.dll
[2004/11/23 10:25:22 | 000,025,438 | ---- | C] () -- D:\WINDOWS\System32\LANPRESS.DLL
[2004/11/22 15:55:33 | 000,004,161 | ---- | C] () -- D:\WINDOWS\ODBCINST.INI
[2004/10/29 16:50:00 | 001,662,976 | ---- | C] () -- D:\WINDOWS\System32\nvwdmcpl.dll
[2004/10/29 16:50:00 | 001,019,904 | ---- | C] () -- D:\WINDOWS\System32\nvwimg.dll
[2004/10/29 16:50:00 | 000,466,944 | ---- | C] () -- D:\WINDOWS\System32\nvshell.dll
[2004/10/29 16:50:00 | 000,286,720 | ---- | C] () -- D:\WINDOWS\System32\nvnt4cpl.dll
[2004/09/17 17:37:42 | 000,069,632 | ---- | C] () -- D:\WINDOWS\System32\vuins32.dll
[2003/01/07 15:05:08 | 000,002,695 | ---- | C] () -- D:\WINDOWS\System32\OUTLPERF.INI
[2002/12/23 07:00:55 | 000,282,112 | ---- | C] () -- D:\WINDOWS\System32\CNCS232.DLL

========== Custom Scans ==========


< %SYSTEMDRIVE%\*.exe >


< %systemroot%\*. /mp /s >

< %systemroot%\system32\*.dll /lockedfiles >
[2009/03/08 04:31:44 | 000,348,160 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- D:\WINDOWS\system32\dxtmsft.dll
[2009/03/08 04:31:38 | 000,216,064 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- D:\WINDOWS\system32\dxtrans.dll
[2008/04/13 19:11:50 | 000,069,120 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- D:\WINDOWS\system32\ciodm.dll
[3 D:\WINDOWS\system32\*.tmp files -> D:\WINDOWS\system32\*.tmp -> ]

< %systemroot%\Tasks\*.job /lockedfiles >

< %systemroot%\system32\drivers\*.sys /lockedfiles >

< %systemroot%\System32\config\*.sav >
[2004/11/22 15:54:08 | 000,401,408 | ---- | M] () -- D:\WINDOWS\system32\config\system.sav
[2004/11/22 15:54:08 | 000,626,688 | ---- | M] () -- D:\WINDOWS\system32\config\software.sav
[2004/11/22 15:54:08 | 000,094,208 | ---- | M] () -- D:\WINDOWS\system32\config\default.sav

< %systemroot%\system32\drivers\*.sys /90 >
[2010/08/26 08:39:50 | 000,357,248 | ---- | M] (Microsoft Corporation) -- D:\WINDOWS\system32\drivers\srv.sys
[2010/08/24 14:57:38 | 000,084,072 | ---- | M] (McAfee, Inc.) -- D:\WINDOWS\system32\drivers\mfetdi2k.sys
[2010/08/24 14:57:38 | 000,386,712 | ---- | M] (McAfee, Inc.) -- D:\WINDOWS\system32\drivers\mfehidk.sys
[2010/08/24 14:57:38 | 000,152,992 | ---- | M] (McAfee, Inc.) -- D:\WINDOWS\system32\drivers\mfeavfk.sys
[2010/08/24 14:57:38 | 000,095,600 | ---- | M] (McAfee, Inc.) -- D:\WINDOWS\system32\drivers\mfeapfk.sys
[2010/08/24 14:57:38 | 000,052,104 | ---- | M] (McAfee, Inc.) -- D:\WINDOWS\system32\drivers\mfebopk.sys
[2010/08/24 14:57:38 | 000,084,264 | ---- | M] (McAfee, Inc.) -- D:\WINDOWS\system32\drivers\mferkdet.sys
[2010/08/24 14:57:38 | 000,009,344 | ---- | M] (McAfee, Inc.) -- D:\WINDOWS\system32\drivers\mfeclnk.sys
[2010/08/24 14:57:38 | 000,312,904 | ---- | M] (McAfee, Inc.) -- D:\WINDOWS\system32\drivers\mfefirek.sys
[2010/08/24 14:57:38 | 000,088,544 | ---- | M] (McAfee, Inc.) -- D:\WINDOWS\system32\drivers\mfendisk.sys
[2010/08/24 14:57:38 | 000,055,840 | ---- | M] (McAfee, Inc.) -- D:\WINDOWS\system32\drivers\cfwids.sys

< End of report >



OTL Extras logfile created on: 11/2/2010 10:52:43 AM - Run 1
OTL by OldTimer - Version 3.2.17.2 Folder = D:\Documents and Settings\John Stacer\Desktop
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

1.00 Gb Total Physical Memory | 1.00 Gb Available Physical Memory | 57.00% Memory free
4.00 Gb Paging File | 3.00 Gb Available in Paging File | 86.00% Paging File free
Paging file location(s): [Binary data over 100 bytes]

%SystemDrive% = D: | %SystemRoot% = D:\WINDOWS | %ProgramFiles% = D:\Program Files
Drive C: | 79.99 Gb Total Space | 38.31 Gb Free Space | 47.90% Space Free | Partition Type: FAT32
Drive D: | 69.03 Gb Total Space | 51.44 Gb Free Space | 74.52% Space Free | Partition Type: FAT32
Drive G: | 21.63 Gb Total Space | 14.34 Gb Free Space | 66.30% Space Free | Partition Type: FAT32
Drive H: | 15.61 Gb Total Space | 9.35 Gb Free Space | 59.91% Space Free | Partition Type: FAT32

Computer Name: SOYO | User Name: John Stacer | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Extra Registry (SafeList) ==========


========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- D:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
htmlfile [edit] -- Reg Error: Key error.
http [open] -- "D:\Program Files\Mozilla Firefox\firefox.exe" -requestPending -osint -url "%1" (Mozilla Corporation)
https [open] -- "D:\Program Files\Mozilla Firefox\firefox.exe" -requestPending -osint -url "%1" (Mozilla Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation)
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"AntiVirusOverride" = 0
"FirewallOverride" = 0
"UpdatesDisableNotify" = 0
"AntiVirusDisableNotify" = 0
"FirewallDisableNotify" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
"DisableMonitoring" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]
"DisableMonitoring" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]
"DisableMonitoring" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]
"DisableMonitoring" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]
"DisableMonitoring" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]

========== System Restore Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"DisableSR" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Sr]
"Start" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SrService]
"Start" = 2

========== Firewall Settings ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 1
"EnableFirewall" = 0
"DoNotAllowExceptions" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\List]
"139:TCP" = 139:TCP:*:Enabled:@xpsp2res.dll,-22004
"445:TCP" = 445:TCP:*:Enabled:@xpsp2res.dll,-22005
"137:UDP" = 137:UDP:*:Enabled:@xpsp2res.dll,-22001
"138:UDP" = 138:UDP:*:Enabled:@xpsp2res.dll,-22002
"1900:UDP" = 1900:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22007
"2869:TCP" = 2869:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22008

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 0
"DoNotAllowExceptions" = 0
"DisableNotifications" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
"1900:UDP" = 1900:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22007
"2869:TCP" = 2869:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22008
"139:TCP" = 139:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22004
"445:TCP" = 445:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22005
"137:UDP" = 137:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22001
"138:UDP" = 138:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22002
"5353:UDP" = 5353:UDP:LocalSubNet:Enabled:mDNS-SD/Bonjour
"7288:TCP" = 7288:TCP:LocalSubNet:Enabled:TiVo HME Host: Port %d

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
"D:\Program Files\Qwest\QuickConnect\QuickConnect.exe" = D:\Program Files\Qwest\QuickConnect\QuickConnect.exe:*:Enabled:QuickConnect -- File not found

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"D:\Program Files\Microsoft Office\Templates\OFFICE11\FRONTPG.EXE" = D:\Program Files\Microsoft Office\Templates\OFFICE11\FRONTPG.EXE:*:Enabled:Microsoft Office FrontPage -- File not found
"D:\Quake2\QUAKE2.EXE" = D:\Quake2\QUAKE2.EXE:*:Enabled:QUAKE2 -- File not found
"D:\WINDOWS\System32\dplaysvr.exe" = D:\WINDOWS\System32\dplaysvr.exe:*:Enabled:Microsoft DirectPlay Helper -- (Microsoft Corporation)
"C:\Program Files\Battleship\Bs.exe" = C:\Program Files\Battleship\Bs.exe:*:Enabled:Bs -- File not found
"C:\Program Files\Battleship\BShip.Exe" = C:\Program Files\Battleship\BShip.Exe:*:Enabled:BShip -- File not found
"D:\Program Files\Qwest\QuickConnect\QuickConnect.exe" = D:\Program Files\Qwest\QuickConnect\QuickConnect.exe:*:Enabled:QuickConnect -- File not found
"D:\Documents and Settings\John Stacer\Local Settings\Application Data\Google\Google Talk Plugin\googletalkplugin.dll" = D:\Documents and Settings\John Stacer\Local Settings\Application Data\Google\Google Talk Plugin\googletalkplugin.dll:*:Enabled:Google Talk Plugin -- (Google)
"D:\Documents and Settings\John Stacer\Local Settings\Application Data\Google\Google Talk Plugin\googletalkplugin.exe" = D:\Documents and Settings\John Stacer\Local Settings\Application Data\Google\Google Talk Plugin\googletalkplugin.exe:*:Enabled:Google Talk Plugin -- (Google)
"D:\WINDOWS\System32\dpvsetup.exe" = D:\WINDOWS\System32\dpvsetup.exe:*:Enabled:Microsoft DirectPlay Voice Test -- (Microsoft Corporation)
"D:\Program Files\Common Files\McAfee\MNA\McNASvc.exe" = D:\Program Files\Common Files\McAfee\MNA\McNASvc.exe:*:Enabled:McAfee Network Agent -- File not found
"D:\WINDOWS\twain_32\Dell\DELL1235\Scan2Pc.exe" = D:\WINDOWS\twain_32\Dell\DELL1235\Scan2Pc.exe:*:Enabled:Scan2PC.exe -- ()
"D:\WINDOWS\twain_32\Dell\DELL1235\Sscan2io.exe" = D:\WINDOWS\twain_32\Dell\DELL1235\Sscan2io.exe:*:Enabled:Sscan2io.exe -- ()
"D:\WINDOWS\twain_32\Dell\ScanMgr.exe" = D:\WINDOWS\twain_32\Dell\ScanMgr.exe:*:Enabled:ScanMgr.exe -- (Dell)
"C:\Program Files\TiVo\Desktop\TiVoTransfer.exe" = C:\Program Files\TiVo\Desktop\TiVoTransfer.exe:LocalSubNet:Enabled:TiVo Transfer Service -- File not found
"C:\Program Files\TiVo\Desktop\TiVoServer.exe" = C:\Program Files\TiVo\Desktop\TiVoServer.exe:LocalSubNet:Enabled:TiVo Server Service -- File not found
"C:\Program Files\TiVo\Desktop\TiVoDesktop.exe" = C:\Program Files\TiVo\Desktop\TiVoDesktop.exe:LocalSubNet:Enabled:TiVo Desktop User Interface -- File not found
"C:\Program Files\TiVo\Desktop\curl.exe" = C:\Program Files\TiVo\Desktop\curl.exe:LocalSubNet:Enabled:TiVo Curl Service -- File not found
"C:\Program Files\TiVo\Desktop\TiVoBeacon.exe" = C:\Program Files\TiVo\Desktop\TiVoBeacon.exe:LocalSubNet:Enabled:TiVo Beacon Service -- File not found


========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{07287123-B8AC-41CE-8346-3D777245C35B}" = Bonjour
"{14D08502-FEE4-40E5-90D3-8A967A1D8BA2}" = Readiris Pro 10
"{171E6C1E-B5FC-11DF-B115-005056C00008}" = Google Earth Plug-in
"{216AB108-2AE1-4130-B3D5-20B2C4C80F8F}" = QuickTime
"{26A24AE4-039D-4CA4-87B4-2F83216012FF}" = Java™ 6 Update 21
"{3248F0A8-6813-11D6-A77B-00B0D0150000}" = J2SE Runtime Environment 5.0
"{3248F0A8-6813-11D6-A77B-00B0D0150010}" = J2SE Runtime Environment 5.0 Update 1
"{3248F0A8-6813-11D6-A77B-00B0D0150020}" = J2SE Runtime Environment 5.0 Update 2
"{3248F0A8-6813-11D6-A77B-00B0D0150040}" = J2SE Runtime Environment 5.0 Update 4
"{3248F0A8-6813-11D6-A77B-00B0D0150060}" = J2SE Runtime Environment 5.0 Update 6
"{3248F0A8-6813-11D6-A77B-00B0D0150090}" = J2SE Runtime Environment 5.0 Update 9
"{3248F0A8-6813-11D6-A77B-00B0D0150100}" = J2SE Runtime Environment 5.0 Update 10
"{3248F0A8-6813-11D6-A77B-00B0D0150110}" = J2SE Runtime Environment 5.0 Update 11
"{3248F0A8-6813-11D6-A77B-00B0D0160010}" = Java™ SE Runtime Environment 6 Update 1
"{3248F0A8-6813-11D6-A77B-00B0D0160020}" = Java™ 6 Update 2
"{3248F0A8-6813-11D6-A77B-00B0D0160030}" = Java™ 6 Update 3
"{3248F0A8-6813-11D6-A77B-00B0D0160050}" = Java™ 6 Update 5
"{3248F0A8-6813-11D6-A77B-00B0D0160070}" = Java™ 6 Update 7
"{350C97B0-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP
"{4998FF95-709A-430A-B104-92A009ABB848}" = QuickConnect
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4B66765B-8596-4698-A208-E23D11D84AA7}" = Canon Camera WIA Driver
"{4E839090-3B68-436A-B3CF-A2A08C38DD26}" = TiVo Desktop 2.8.1
"{58F58158-8DFE-31DA-AC1F-7E5D89A0F74F}" = Google Talk Plugin
"{63569CE9-FA00-469C-AF5C-E5D4D93ACF91}" = Windows Genuine Advantage v1.3.0254.0
"{6956856F-B6B3-4BE0-BA0B-8F495BE32033}" = Apple Software Update
"{69FDFBB6-351D-4B8C-89D8-867DC9D0A2A4}" = Windows Media Player Firefox Plugin
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{865A0E85-D67B-4151-9E5D-232BCBEBBACC}" = Xara Xtreme 3.2
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{90110409-6000-11D3-8CFE-0150048383C9}" = Microsoft Office Professional Edition 2003
"{90120000-0020-0409-0000-0000000FF1CE}" = Compatibility Pack for the 2007 Office system
"{9518F764-C54D-47B2-9E73-154B21E79FD2}" = RAW Image Task 1.0
"{9692FD03-6662-4E62-B08C-30DFF51651E1}" = Actiontec Gateway
"{9BC1E722-AE07-46A3-B7A6-556DBE18E22A}" = SmarThru Office
"{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}" = Microsoft .NET Framework 3.0 Service Pack 2
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{AC76BA86-7AD7-1033-7B44-A81300000003}" = Adobe Reader 8.1.4
"{B2544A03-10D0-4E5E-BA69-0362FFC20D18}" = OGA Notifier 2.0.0048.0
"{BCE72AED-3332-4863-9567-C5DCB9052CA2}" = Netflix Movie Viewer
"{BEF56F2D-56ED-4176-BF72-7B68D4A3B98D}" = Canon PhotoRecord
"{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}" = Microsoft .NET Framework 2.0 Service Pack 2
"{C43E4B9C-14C8-4EB0-998B-85211B6EDD61}" = Acronis True Image WD Edition
"{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{D9044DCB-F8F9-4A81-9B06-ACAC1A59B261}" = QuickConnect
"{E0D6AC6F-406C-4064-BE03-C783E27EE84F}" = CRW-600 Driver
"{E2D7E05E-C8C7-45F4-8D89-D6696075E0B7}" = Sansa Updater
"{F333A33D-125C-32A2-8DCE-5C5D14231E27}" = Visual C++ 2008 x86 Runtime - (v9.0.30729)
"{F333A33D-125C-32A2-8DCE-5C5D14231E27}.vc_x86runtime_30729_01" = Visual C++ 2008 x86 Runtime - v9.0.30729.01
"{FCE65C4E-B0E8-4FBD-AD16-EDCBE6CD591F}" = HighMAT Extension to Microsoft Windows XP CD Writing Wizard
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"Adobe Photoshop v3.0" = Adobe Photoshop v3.0
"Amazon MP3 Downloader" = Amazon MP3 Downloader 1.0.9
"CAL" = Canon Camera Access Library
"CameraWindowDC" = Canon Utilities CameraWindow DC
"CameraWindowDVC5" = Canon Utilities CameraWindow DC_DV 5 for ZoomBrowser EX
"CameraWindowDVC6" = Canon Utilities CameraWindow DC_DV 6 for ZoomBrowser EX
"CameraWindowLauncher" = Canon Utilities CameraWindow
"Canon Digital Camera USB WIA Driver" = Canon Digital Camera USB WIA Driver
"Canon MOV Decoder" = Canon MOV Decoder
"Canon MOV Encoder" = Canon MOV Encoder
"Canon Utilities RAW Image Converter" = Canon Utilities RAW Image Converter
"CCleaner" = CCleaner
"Creative PC-CAM Center" =
"Creative PD1130" = Creative WebCam NX Pro Driver (1.00.06.0512)
"CSCLIB" = Canon Camera Support Core Library
"Daniusoft MP3 WAV Converter_is1" = Daniusoft MP3 WAV Converter(Build 2.3.1.0)
"Dell 1235cn Color Laser MFP" = Dell 1235cn Color Laser MFP
"EPSON Printer and Utilities" = EPSON Printer Software
"Free Mp3 Wma Converter_is1" = Free Mp3 Wma Converter V 1.9
"IC Card Reader Driver" = IC Card Reader Driver v1.9e2
"IDNMitigationAPIs" = Microsoft Internationalized Domain Names Mitigation APIs
"ie7" = Windows Internet Explorer 7
"ie8" = Windows Internet Explorer 8
"InCD!UninstallKey" = InCD
"InstallShield_{4B66765B-8596-4698-A208-E23D11D84AA7}" = Canon Camera WIA Driver 6.2.5
"InstallShield_{9518F764-C54D-47B2-9E73-154B21E79FD2}" = Canon RAW Image Task for ZoomBrowser EX
"InstallShield_{E0D6AC6F-406C-4064-BE03-C783E27EE84F}" = CRW-600 Driver
"InterActual Player" = InterActual Player
"IomegaWare" = IomegaWare
"IrfanView" = IrfanView (remove only)
"JDSecure" = JD Secure 3.1
"Macromedia Shockwave Player" = Macromedia Shockwave Player
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware
"MediaMonkey_is1" = MediaMonkey 2.5
"Microsoft .NET Framework 1.1 (1033)" = Microsoft .NET Framework 1.1
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Microsoft Automap Trip Planner" = Microsoft Automap Trip Planner (Requires CD-ROM)
"MovieEditTask" = Canon MovieEdit Task for ZoomBrowser EX
"Mozilla Firefox (3.6.10)" = Mozilla Firefox (3.6.10)
"MRW!UninstallKey" = InCD Reader
"MSC" = McAfee AntiVirus Plus
"MSCompPackV1" = Microsoft Compression Client Pack 1.0 for Windows XP
"MyCamera" = Canon Utilities MyCamera
"MyCameraDC" = Canon Utilities MyCamera DC
"Nero - Burning Rom!UninstallKey" = Nero OEM
"NeroVision!UninstallKey" = NeroVision Express 2
"NLSDownlevelMapping" = Microsoft National Language Support Downlevel APIs
"NMPUninstallKey" = Nero Media Player
"NVIDIA Drivers" = NVIDIA Drivers
"PhotoStitch" = Canon Utilities PhotoStitch
"Quicken Basic 2000" = Quicken Basic 2000
"RealPlayer 6.0" = RealPlayer
"RealVNC_is1" = VNC Free Edition 4.1.3
"RemoteCapture" = Canon Utilities RemoteCapture 1.4
"RemoteCaptureDC" = Canon Utilities RemoteCapture DC
"RemoteCaptureTask" = Canon Utilities RemoteCapture Task for ZoomBrowser EX
"RSX2DeinstKey" = Intel RSX 3D
"Samsung ML-4500 Series" = Samsung ML-4500 Series Driver
"ShockwaveFlash" = Adobe Flash Player 9 ActiveX
"SmarThru Office PC Fax" = SmarThru Office PC Fax
"SMC Barricade Print Server Monitor" = SMC Barricade Print Server Monitor
"SOYO HW Monitor" = SOYO HW Monitor
"SystemRequirementsLab" = System Requirements Lab
"Ultimate Doom for Windows 95" = Ultimate Doom for Windows 95
"VDMSound" = VDMSound
"VN_VUIns_Rhine_VIA" = VIA Rhine-Family Fast-Ethernet Adapter
"VSP_UNINST" = VIA Sound Player
"Windows Media Format Runtime" = Windows Media Format 11 runtime
"Windows Media Player" = Windows Media Player 11
"Windows XP Service Pack" = Windows XP Service Pack 3
"WMFDist11" = Windows Media Format 11 runtime
"wmp11" = Windows Media Player 11
"WMV9_VCM" = Microsoft Windows Media Video 9 VCM
"Wudf01000" = Microsoft User-Mode Driver Framework Feature Pack 1.0
"ZoomBrowser EX" = Canon Utilities ZoomBrowser EX
"ZoomBrowser EX Memory Card Utility" = Canon ZoomBrowser EX Memory Card Utility

========== Last 10 Event Log Errors ==========

[ Application Events ]
Error - 10/19/2010 11:47:11 AM | Computer Name = SOYO | Source = crypt32 | ID = 131080
Description = Failed auto update retrieval of third-party root list sequence number
from: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootseq.txt>
with error: This network connection does not exist.

Error - 10/26/2010 2:26:23 PM | Computer Name = SOYO | Source = crypt32 | ID = 131080
Description = Failed auto update retrieval of third-party root list sequence number
from: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootseq.txt>
with error: This operation returned because the timeout period expired.

Error - 10/26/2010 2:26:39 PM | Computer Name = SOYO | Source = crypt32 | ID = 131080
Description = Failed auto update retrieval of third-party root list sequence number
from: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootseq.txt>
with error: This operation returned because the timeout period expired.

Error - 10/26/2010 2:26:39 PM | Computer Name = SOYO | Source = crypt32 | ID = 131080
Description = Failed auto update retrieval of third-party root list sequence number
from: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootseq.txt>
with error: The specified server cannot perform the requested operation.

Error - 10/26/2010 2:26:39 PM | Computer Name = SOYO | Source = crypt32 | ID = 131080
Description = Failed auto update retrieval of third-party root list sequence number
from: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootseq.txt>
with error: The specified server cannot perform the requested operation.

Error - 10/26/2010 2:26:40 PM | Computer Name = SOYO | Source = crypt32 | ID = 131080
Description = Failed auto update retrieval of third-party root list sequence number
from: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootseq.txt>
with error: The specified server cannot perform the requested operation.

Error - 10/26/2010 2:26:40 PM | Computer Name = SOYO | Source = crypt32 | ID = 131080
Description = Failed auto update retrieval of third-party root list sequence number
from: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootseq.txt>
with error: The specified server cannot perform the requested operation.

Error - 10/26/2010 2:26:41 PM | Computer Name = SOYO | Source = crypt32 | ID = 131080
Description = Failed auto update retrieval of third-party root list sequence number
from: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootseq.txt>
with error: The specified server cannot perform the requested operation.

Error - 10/26/2010 2:28:44 PM | Computer Name = SOYO | Source = crypt32 | ID = 131080
Description = Failed auto update retrieval of third-party root list sequence number
from: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootseq.txt>
with error: This operation returned because the timeout period expired.

Error - 10/26/2010 2:28:46 PM | Computer Name = SOYO | Source = crypt32 | ID = 131080
Description = Failed auto update retrieval of third-party root list sequence number
from: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootseq.txt>
with error: The specified server cannot perform the requested operation.

[ System Events ]
Error - 10/20/2010 7:56:19 PM | Computer Name = SOYO | Source = BROWSER | ID = 8032
Description = The browser service has failed to retrieve the backup list too many
times on transport \Device\NetBT_Tcpip_{1530C1AE-F1F2-4BCA-AE9E-125A73D306C7}. The
backup browser is stopping.

Error - 10/24/2010 11:04:04 AM | Computer Name = SOYO | Source = DCOM | ID = 10010
Description = The server {209500FC-6B45-4693-8871-6296C4843751} did not register
with DCOM within the required timeout.

Error - 10/24/2010 2:42:40 PM | Computer Name = SOYO | Source = BROWSER | ID = 8032
Description = The browser service has failed to retrieve the backup list too many
times on transport \Device\NetBT_Tcpip_{1530C1AE-F1F2-4BCA-AE9E-125A73D306C7}. The
backup browser is stopping.

Error - 10/26/2010 2:26:18 PM | Computer Name = SOYO | Source = Service Control Manager | ID = 7022
Description = The McAfee VirusScan Announcer service hung on starting.

Error - 10/26/2010 2:29:00 PM | Computer Name = SOYO | Source = BROWSER | ID = 8032
Description = The browser service has failed to retrieve the backup list too many
times on transport \Device\NetBT_Tcpip_{1530C1AE-F1F2-4BCA-AE9E-125A73D306C7}. The
backup browser is stopping.

Error - 10/26/2010 2:29:18 PM | Computer Name = SOYO | Source = DCOM | ID = 10010
Description = The server {209500FC-6B45-4693-8871-6296C4843751} did not register
with DCOM within the required timeout.

Error - 10/28/2010 6:12:48 PM | Computer Name = SOYO | Source = BROWSER | ID = 8032
Description = The browser service has failed to retrieve the backup list too many
times on transport \Device\NetBT_Tcpip_{1530C1AE-F1F2-4BCA-AE9E-125A73D306C7}. The
backup browser is stopping.

Error - 10/28/2010 6:18:37 PM | Computer Name = SOYO | Source = DCOM | ID = 10010
Description = The server {211EBA3A-EA5A-496B-A021-5C6BEB365E4C} did not register
with DCOM within the required timeout.

Error - 10/28/2010 6:20:37 PM | Computer Name = SOYO | Source = DCOM | ID = 10010
Description = The server {211EBA3A-EA5A-496B-A021-5C6BEB365E4C} did not register
with DCOM within the required timeout.

Error - 10/28/2010 8:16:06 PM | Computer Name = SOYO | Source = BROWSER | ID = 8032
Description = The browser service has failed to retrieve the backup list too many
times on transport \Device\NetBT_Tcpip_{1530C1AE-F1F2-4BCA-AE9E-125A73D306C7}. The
backup browser is stopping.


< End of report >

#4 myrti

myrti

    Sillyberry


  • Malware Study Hall Admin
  • 33,772 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:At home
  • Local time:01:59 PM

Posted 03 November 2010 - 08:22 AM

Hi,

you have been infected by a nasty rootkit. It is a backdoor trojan.

This allows hackers to remotely control your computer, steal critical system information and download and execute files.

I would counsel you to disconnect this PC from the Internet immediately. If you do any banking or other financial transactions on the PC or if it should contain any other sensitive information, please get to a known clean computer and change all passwords where applicable, and it would be wise to contact those same financial institutions to apprise them of your situation.

Though the trojan has been identified and can be killed, because of it's backdoor functionality, your PC is very likely compromised and there is no way to be sure your computer can ever again be trusted. Many experts in the security community believe that once infected with this type of trojan, the best course of action would be a reformat and reinstall of the OS. Please read these for more information:

How Do I Handle Possible Identify Theft, Internet Fraud and CC Fraud?
When Should I Format, How Should I Reinstall

We can still clean this machine but I can't guarantee that it will be 100% secure afterwards. Let me know what you decide to do.


If you decide to clean, then please run ComboFix and post the log in your next reply:

Please download ComboFix from one of these locations:

Link 2
Link 3

* IMPORTANT !!! Save ComboFix.exe to your Desktop
  • Temporarily disable isable your AntiVirus and AntiSpyware applications. They may otherwise interfere with our tools
    Usually this can be done via a right click on the System Tray icon, check this tutorial for disabling the most common security programs: Link

  • Double click on ComboFix.exe & follow the prompts.
  • As part of it's process, ComboFix will check to see if the Microsoft Windows Recovery Console is installed. With malware infections being as they are today, it's strongly recommended to have this pre-installed on your machine before doing any malware removal. It will allow you to boot up into a special recovery/repair mode that will allow us to more easily help you should your computer have a problem after an attempted removal of malware.
  • Follow the prompts to allow ComboFix to download and install the Microsoft Windows Recovery Console, and when prompted, agree to the End-User License Agreement to install the Microsoft Windows Recovery Console.
**Please note: If the Microsoft Windows Recovery Console is already installed, ComboFix will continue it's malware removal procedures.

Posted Image


Once the Microsoft Windows Recovery Console is installed using ComboFix, you should see the following message:

Posted Image


Click on Yes, to continue scanning for malware.

When finished, it will produce a log for you. Please include the C:\ComboFix.txt in your next reply.

This tool is not a toy and not for everyday use.
ComboFix SHOULD NOT be used unless requested by a forum helper


If you need help, see this link:
http://www.bleepingcomputer.com/combofix/how-to-use-combofix

regards myrti

is that a bird?  a plane? nooo it's the flying blueberry!

If I have been helping you and haven't replied in 2 days, feel free to shoot me a PM! Please don't send help request via PM, unless I am already helping you. Use the forums!

 

Follow BleepingComputer on: Facebook | Twitter | Google+


#5 jstacer

jstacer
  • Topic Starter

  • Members
  • 122 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Blue Grass, IA USA
  • Local time:05:59 AM

Posted 03 November 2010 - 02:19 PM

ComboFix 10-11-02.06 - John Stacer 11/03/2010 14:08:36.1.1 - FAT32x86
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.1279.827 [GMT -5:00]
Running from: d:\documents and settings\John Stacer\Desktop\ComboFix.exe
AV: McAfee Anti-Virus and Anti-Spyware *On-access scanning disabled* (Updated) {84B5EE75-6421-4CDE-A33A-DD43BA9FAD83}
FW: McAfee Firewall *enabled* {94894B63-8C7F-4050-BDA4-813CA00DA3E8}
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

d:\documents and settings\John Stacer\GoToAssistDownloadHelper.exe
d:\documents and settings\John Stacer\Local Settings\Temporary Internet Files\67Y4K3b2M.jpg
d:\documents and settings\John Stacer\Local Settings\Temporary Internet Files\B7xklaNxa.jpg
d:\documents and settings\John Stacer\Local Settings\Temporary Internet Files\pXxJn8m1.jpg
d:\documents and settings\John Stacer\Local Settings\Temporary Internet Files\XABb7.jpg
d:\documents and settings\John Stacer\System
d:\documents and settings\John Stacer\System\win_qs8.jqx
d:\windows\desktop
d:\windows\Tasks\At1.job
d:\windows\Tasks\At10.job
d:\windows\Tasks\At11.job
d:\windows\Tasks\At12.job
d:\windows\Tasks\At13.job
d:\windows\Tasks\At14.job
d:\windows\Tasks\At15.job
d:\windows\Tasks\At16.job
d:\windows\Tasks\At17.job
d:\windows\Tasks\At18.job
d:\windows\Tasks\At19.job
d:\windows\Tasks\At2.job
d:\windows\Tasks\At20.job
d:\windows\Tasks\At21.job
d:\windows\Tasks\At22.job
d:\windows\Tasks\At23.job
d:\windows\Tasks\At24.job
d:\windows\Tasks\At3.job
d:\windows\Tasks\At4.job
d:\windows\Tasks\At5.job
d:\windows\Tasks\At6.job
d:\windows\Tasks\At7.job
d:\windows\Tasks\At8.job
d:\windows\Tasks\At9.job

.
((((((((((((((((((((((((( Files Created from 2010-10-03 to 2010-11-03 )))))))))))))))))))))))))))))))
.

2010-10-20 23:43 . 2010-10-20 23:44 -------- d-----w- d:\documents and settings\Administrator\Local Settings\Application Data\S2PC
2010-10-20 23:43 . 2010-10-20 23:44 -------- d-----w- d:\documents and settings\Administrator\Application Data\Samsung
2010-10-20 23:43 . 2010-10-20 23:43 -------- d-sh--w- d:\documents and settings\Administrator\IETldCache
2010-10-20 23:34 . 2010-10-20 23:34 -------- d-----w- d:\documents and settings\cilles
2010-10-20 04:13 . 2010-08-24 19:57 24376 ----a-w- d:\program files\Mozilla Firefox\components\Scriptff.dll
2010-10-20 04:13 . 2010-08-24 19:57 9344 ----a-w- d:\windows\system32\drivers\mfeclnk.sys
2010-10-20 04:13 . 2010-08-24 19:57 141792 ----a-w- d:\windows\system32\mfevtps.exe
2010-10-20 04:13 . 2010-08-24 19:57 95600 ----a-w- d:\windows\system32\drivers\mfeapfk.sys
2010-10-20 04:13 . 2010-08-24 19:57 88544 ----a-w- d:\windows\system32\drivers\mfendisk.sys
2010-10-20 04:13 . 2010-08-24 19:57 84264 ----a-w- d:\windows\system32\drivers\mferkdet.sys
2010-10-20 04:13 . 2010-08-24 19:57 84072 ----a-w- d:\windows\system32\drivers\mfetdi2k.sys
2010-10-20 04:13 . 2010-08-24 19:57 55840 ----a-w- d:\windows\system32\drivers\cfwids.sys
2010-10-20 04:13 . 2010-08-24 19:57 52104 ----a-w- d:\windows\system32\drivers\mfebopk.sys
2010-10-20 04:13 . 2010-08-24 19:57 386712 ----a-w- d:\windows\system32\drivers\mfehidk.sys
2010-10-20 04:13 . 2010-08-24 19:57 312904 ----a-w- d:\windows\system32\drivers\mfefirek.sys
2010-10-20 04:13 . 2010-08-24 19:57 152992 ----a-w- d:\windows\system32\drivers\mfeavfk.sys
2010-10-19 23:55 . 2010-10-19 23:55 -------- d-----w- d:\program files\Loaris
2010-10-19 16:49 . 2008-04-14 00:12 116224 ----a-w- d:\windows\system32\dllcache\xrxwiadr.dll
2010-10-19 16:49 . 2001-08-18 03:36 23040 ----a-w- d:\windows\system32\dllcache\xrxwbtmp.dll
2010-10-19 16:49 . 2008-04-14 00:12 18944 ----a-w- d:\windows\system32\dllcache\xrxscnui.dll
2010-10-19 16:49 . 2001-08-18 03:37 4608 ----a-w- d:\windows\system32\dllcache\xrxflnch.exe
2010-10-19 16:49 . 2001-08-18 03:37 27648 ----a-w- d:\windows\system32\dllcache\xrxftplt.exe
2010-10-19 16:49 . 2001-08-18 03:37 99865 ----a-w- d:\windows\system32\dllcache\xlog.exe
2010-10-19 16:49 . 2001-08-17 17:11 16970 ----a-w- d:\windows\system32\dllcache\xem336n5.sys
2010-10-19 16:49 . 2004-08-04 04:29 19455 ----a-w- d:\windows\system32\dllcache\wvchntxx.sys
2010-10-19 16:49 . 2004-08-04 04:29 12063 ----a-w- d:\windows\system32\dllcache\wsiintxx.sys
2010-10-19 16:49 . 2008-04-14 00:12 8192 ----a-w- d:\windows\system32\dllcache\wshirda.dll
2010-10-19 16:49 . 2008-04-13 18:36 8832 ----a-w- d:\windows\system32\dllcache\wmiacpi.sys
2010-10-19 16:47 . 2008-04-13 18:45 26112 ----a-w- d:\windows\system32\dllcache\usbser.sys
2010-10-19 16:46 . 2001-08-18 03:36 94293 ----a-w- d:\windows\system32\dllcache\sxports.dll
2010-10-19 16:45 . 2001-07-21 19:29 18400 ----a-w- d:\windows\system32\dllcache\sgsmld.sys
2010-10-19 16:44 . 2001-08-17 18:51 19584 ----a-w- d:\windows\system32\dllcache\rasirda.sys
2010-10-19 16:43 . 2001-08-17 18:51 3328 ----a-w- d:\windows\system32\dllcache\pciide.sys
2010-10-19 16:42 . 2001-08-17 17:11 52255 ----a-w- d:\windows\system32\dllcache\n1000nt5.sys
2010-10-19 16:41 . 2001-08-17 18:52 6528 ----a-w- d:\windows\system32\dllcache\miniqic.sys
2010-10-19 16:40 . 2008-04-13 18:39 14592 ----a-w- d:\windows\system32\dllcache\kbdhid.sys
2010-10-19 16:39 . 2001-08-18 03:36 372824 ----a-w- d:\windows\system32\dllcache\iconf32.dll
2010-10-19 16:38 . 2008-04-14 00:11 21504 ----a-w- d:\windows\system32\dllcache\hidserv.dll
2010-10-19 16:37 . 2001-08-17 18:28 347550 ----a-w- d:\windows\system32\dllcache\es56tpi.sys
2010-10-19 16:36 . 2001-08-18 03:36 614429 ----a-w- d:\windows\system32\dllcache\digiview.exe
2010-10-19 16:35 . 2001-08-17 18:57 248064 ----a-w- d:\windows\system32\dllcache\cl546xm.sys
2010-10-19 16:34 . 2001-08-17 18:51 13824 ----a-w- d:\windows\system32\dllcache\bulltlp3.sys
2010-10-19 16:33 . 2001-08-17 17:49 23552 ----a-w- d:\windows\system32\dllcache\atixbar.sys
2010-10-19 16:32 . 2001-08-17 19:55 38400 ----a-w- d:\windows\system32\dllcache\8514a.dll
2010-10-19 16:32 . 2008-04-13 18:46 48128 ----a-w- d:\windows\system32\dllcache\61883.sys
2010-10-19 16:32 . 2008-04-13 18:40 12288 ----a-w- d:\windows\system32\dllcache\4mmdat.sys
2010-10-19 16:32 . 2001-08-17 17:48 148352 ----a-w- d:\windows\system32\dllcache\3dfxvsm.sys
2010-10-19 16:32 . 2001-08-17 19:55 689216 ----a-w- d:\windows\system32\dllcache\3dfxvs.dll
2010-10-19 16:32 . 2001-08-17 18:28 762780 ----a-w- d:\windows\system32\dllcache\3cwmcru.sys
2010-10-19 16:32 . 2001-08-17 19:06 11264 ----a-w- d:\windows\system32\dllcache\1394vdbg.sys
2010-10-19 16:32 . 2008-04-13 18:46 53376 ----a-w- d:\windows\system32\dllcache\1394bus.sys
2010-10-19 16:31 . 2001-08-17 19:56 66048 ----a-w- d:\windows\system32\dllcache\s3legacy.dll
2010-10-19 16:30 . 2003-03-31 12:00 5632 ----a-w- d:\windows\system32\wbem\snmp\smimsgif.dll
2010-10-19 16:30 . 2003-03-31 12:00 5632 ----a-w- d:\windows\system32\wbem\snmp\smierrsy.dll
2010-10-19 16:30 . 2003-03-31 12:00 5632 ----a-w- d:\windows\system32\dllcache\smimsgif.dll
2010-10-19 16:30 . 2003-03-31 12:00 5632 ----a-w- d:\windows\system32\dllcache\smierrsy.dll
2010-10-19 16:30 . 2003-03-31 12:00 15872 ----a-w- d:\windows\system32\wbem\snmp\smierrsm.dll
2010-10-19 16:30 . 2003-03-31 12:00 15872 ----a-w- d:\windows\system32\dllcache\smierrsm.dll
2010-10-19 16:30 . 2003-03-31 12:00 10240 ----a-w- d:\windows\system32\wbem\snmpstup.dll
2010-10-19 16:30 . 2003-03-31 12:00 10240 ----a-w- d:\windows\system32\dllcache\snmpstup.dll
2010-10-19 03:29 . 2010-10-19 03:30 -------- d-----w- d:\program files\Common Files\McAfee
2010-10-19 03:29 . 2010-10-19 03:29 -------- d-----w- d:\program files\McAfee
2010-10-15 18:18 . 2010-10-15 18:18 348 ----a-w- d:\documents and settings\John Stacer\Application Data\jsfhjjsd.bat
2010-10-08 18:35 . 2010-10-08 18:36 -------- d-----w- d:\documents and settings\All Users\Application Data\TiVo
2010-10-08 18:35 . 2010-10-08 18:35 -------- d-----w- d:\program files\TiVo
2010-10-08 18:27 . 2010-10-08 18:27 -------- d-----w- d:\documents and settings\John Stacer\Local Settings\Application Data\PCHealth

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-09-18 17:23 . 2004-11-22 20:43 974848 ----a-w- d:\windows\system32\mfc42u.dll
2010-09-18 06:53 . 2004-11-22 20:43 974848 ----a-w- d:\windows\system32\mfc42.dll
2010-09-18 06:53 . 2004-11-22 20:43 954368 ----a-w- d:\windows\system32\mfc40.dll
2010-09-18 06:53 . 2004-11-22 20:43 953856 ----a-w- d:\windows\system32\mfc40u.dll
2010-09-10 05:58 . 2004-08-24 01:32 916480 ----a-w- d:\windows\system32\wininet.dll
2010-09-10 05:58 . 2004-11-22 20:43 43520 ----a-w- d:\windows\system32\licmgr10.dll
2010-09-10 05:58 . 2004-11-22 20:43 1469440 ------w- d:\windows\system32\inetcpl.cpl
2010-09-01 11:51 . 2004-11-22 20:41 285824 ----a-w- d:\windows\system32\atmfd.dll
2010-08-31 13:42 . 2004-11-22 20:45 1852800 ----a-w- d:\windows\system32\win32k.sys
2010-08-27 08:02 . 2004-11-22 20:45 119808 ----a-w- d:\windows\system32\t2embed.dll
2010-08-27 05:57 . 2004-11-22 20:45 99840 ----a-w- d:\windows\system32\srvsvc.dll
2010-08-26 13:39 . 2004-11-22 20:45 357248 ----a-w- d:\windows\system32\drivers\srv.sys
2010-08-26 12:52 . 2009-04-15 21:20 5120 ----a-w- d:\windows\system32\xpsp4res.dll
2010-08-23 16:12 . 2004-11-22 20:42 617472 ----a-w- d:\windows\system32\comctl32.dll
2010-08-17 13:17 . 2004-11-22 20:45 58880 ----a-w- d:\windows\system32\spoolsv.exe
2010-08-16 08:45 . 2004-11-23 02:07 590848 ----a-w- d:\windows\system32\rpcrt4.dll
2010-08-24 19:57 . 2010-10-20 04:13 24376 ----a-w- d:\program files\mozilla firefox\components\Scriptff.dll
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"TrueImageMonitor.exe"="c:\program files\Acronis\TrueImageHome\TrueImageMonitor.exe" [2009-06-10 1326080]
"SunJavaUpdateSched"="d:\program files\Common Files\Java\Java Update\jusched.exe" [2010-05-14 248552]
"STO Launcher Service"="d:\program files\SmarThru Office\LegacyLauncher.exe" [2008-10-30 331776]
"STO Backup Service"="d:\program files\SmarThru Office\BackUpSvr.exe" [2008-10-30 192512]
"SansaDispatch"="d:\program files\SanDisk\Sansa Updater\SansaDispatch.exe" [2007-10-22 75584]
"nwiz"="nwiz.exe" [2006-10-22 1622016]
"NvCplDaemon"="d:\windows\system32\NvCpl.dll" [2006-10-22 7700480]
"mcui_exe"="d:\program files\McAfee.com\Agent\mcagent.exe" [2010-09-11 1193848]
"Disk Monitor"="d:\program files\IC\Card Reader Driver v1.9e2\Disk_Monitor.exe" [2003-06-18 466944]
"Dell PanelMgr"="d:\windows\Dell\PanelMgr\SSMMgr.exe" [2008-11-13 541936]
"AcronisTimounterMonitor"="c:\program files\Acronis\TrueImageHome\TimounterMonitor.exe" [2009-06-10 904840]
"Acronis Scheduler2 Service"="d:\program files\Common Files\Acronis\Schedule2\schedhlp.exe" [2009-06-10 136472]
"1235cn Scan2PC"="d:\windows\twain_32\DELL\DELL1235\Scan2Pc.exe" [2008-09-26 495616]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\mcmscsvc]
@=""

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS]
@=""

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeAntiVirus]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeFirewall]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)
"DisableNotifications"= 1 (0x1)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"d:\\WINDOWS\\system32\\sessmgr.exe"=
"d:\\Program Files\\Microsoft Office\\OFFICE11\\MSPUB.EXE"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"d:\\WINDOWS\\System32\\dplaysvr.exe"=
"%windir%\\system32\\sessmgr.exe"=
"d:\\Documents and Settings\\John Stacer\\Local Settings\\Application Data\\Google\\Google Talk Plugin\\googletalkplugin.dll"=
"d:\\Documents and Settings\\John Stacer\\Local Settings\\Application Data\\Google\\Google Talk Plugin\\googletalkplugin.exe"=
"d:\\WINDOWS\\System32\\dpvsetup.exe"=
"d:\\WINDOWS\\twain_32\\Dell\\DELL1235\\Scan2Pc.exe"=
"d:\\WINDOWS\\twain_32\\Dell\\DELL1235\\Sscan2io.exe"=
"d:\\WINDOWS\\twain_32\\Dell\\ScanMgr.exe"=
"d:\\Program Files\\Bonjour\\mDNSResponder.exe"=

R1 mfetdi2k;McAfee Inc. mfetdi2k;d:\windows\system32\drivers\mfetdi2k.sys [10/19/2010 11:13 PM 84072]
R2 McAfee SiteAdvisor Service;McAfee SiteAdvisor Service;"d:\program files\Common Files\Mcafee\McSvcHost\McSvHost.exe" /McCoreSvc [10/19/2010 11:12 PM 271480]
R2 McMPFSvc;McAfee Personal Firewall Service;"d:\program files\Common Files\Mcafee\McSvcHost\McSvHost.exe" /McCoreSvc [10/19/2010 11:12 PM 271480]
R2 McNaiAnn;McAfee VirusScan Announcer;"d:\program files\Common Files\McAfee\McSvcHost\McSvHost.exe" /McCoreSvc [10/19/2010 11:12 PM 271480]
R2 mfefire;McAfee Firewall Core Service;d:\program files\Common Files\McAfee\SystemCore\mfefire.exe [10/19/2010 11:13 PM 188136]
R2 mfevtp;McAfee Validation Trust Protection Service;d:\windows\system32\mfevtps.exe [10/19/2010 11:13 PM 141792]
R3 cfwids;McAfee Inc. cfwids;d:\windows\system32\drivers\cfwids.sys [10/19/2010 11:13 PM 55840]
R3 mfefirek;McAfee Inc. mfefirek;d:\windows\system32\drivers\mfefirek.sys [10/19/2010 11:13 PM 312904]
R3 mfendiskmp;mfendiskmp;d:\windows\system32\drivers\mfendisk.sys [10/19/2010 11:13 PM 88544]
R3 P1130VID;Creative WebCam NX Pro;d:\windows\system32\drivers\P1130Vid.sys [2/15/2009 10:40 AM 90357]
S2 gupdate;Google Update Service (gupdate);d:\program files\Google\Update\GoogleUpdate.exe [8/21/2010 10:28 PM 136176]
S3 iteio;iteio;d:\windows\system32\drivers\Iteio.sys [8/21/2005 12:11 PM 3680]
S3 mfendisk;McAfee Core NDIS Intermediate Filter;d:\windows\system32\drivers\mfendisk.sys [10/19/2010 11:13 PM 88544]
S3 mferkdet;McAfee Inc. mferkdet;d:\windows\system32\drivers\mferkdet.sys [10/19/2010 11:13 PM 84264]
S3 Vsp;Vsp;d:\windows\system32\drivers\VSP.sys [11/23/2004 11:45 AM 3351]
S4 TivoBeacon2;TiVo Beacon Service;d:\program files\TiVo\Desktop\TiVoBeacon.exe [5/17/2010 5:10 PM 1104656]

--- Other Services/Drivers In Memory ---

*Deregistered* - mfeavfk01
.
Contents of the 'Scheduled Tasks' folder

2010-11-03 d:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- d:\program files\Google\Update\GoogleUpdate.exe [2010-08-22 22:36]

2010-11-03 d:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- d:\program files\Google\Update\GoogleUpdate.exe [2010-08-22 22:36]

2010-11-03 d:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1004336348-651377827-682003330-1003Core1cb6d876926a446.job
- d:\documents and settings\John Stacer\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2009-02-15 15:31]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.google.com/
uInternet Settings,ProxyServer = http=127.0.0.1:29775
uInternet Settings,ProxyOverride = <local>
IE: Capture Selection - d:\program files\SmarThru Office\WebCapture.dll2.htm
IE: E&xport to Microsoft Excel - d:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
IE: Save as HTML - d:\program files\SmarThru Office\WebCapture.dll1.htm
IE: Save Selected Text - d:\program files\SmarThru Office\WebCapture.dll.htm
IE: Web Capture - d:\program files\SmarThru Office\WebCapture.dll
Trusted Zone: aol.com\free
FF - ProfilePath - d:\documents and settings\John Stacer\Application Data\Mozilla\Firefox\Profiles\e6ettdpo.default\
FF - prefs.js: browser.search.selectedEngine - Secure Search
FF - prefs.js: browser.startup.homepage - hxxp://www.google.com/
FF - prefs.js: keyword.URL - hxxp://search.yahoo.com/search?fr=mcafee&p=
FF - prefs.js: network.proxy.type - 0
FF - plugin: c:\program files\QuickTime\Plugins\npqtplugin.dll
FF - plugin: c:\program files\QuickTime\Plugins\npqtplugin2.dll
FF - plugin: c:\program files\QuickTime\Plugins\npqtplugin3.dll
FF - plugin: d:\documents and settings\John Stacer\Application Data\Mozilla\plugins\npgoogletalk.dll
FF - plugin: d:\documents and settings\John Stacer\Application Data\Mozilla\plugins\npgtpo3dautoplugin.dll
FF - plugin: d:\documents and settings\John Stacer\Local Settings\Application Data\Google\Update\1.2.183.39\npGoogleOneClick8.dll
FF - plugin: d:\program files\Google\Google Earth\plugin\npgeplugin.dll
FF - plugin: d:\program files\Google\Update\1.2.183.39\npGoogleOneClick8.dll
FF - plugin: d:\program files\Java\jre6\bin\new_plugin\npdeployJava1.dll
FF - plugin: d:\program files\Mozilla Firefox\plugins\np-mswmp.dll
FF - plugin: d:\program files\Mozilla Firefox\plugins\npViewpoint_03000F10.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - d:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\

---- FIREFOX POLICIES ----
FF - user.js: yahoo.homepage.dontask - trued:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbaam7a8h", true);
d:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--fiqz9s", true); // Traditional
d:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--fiqs8s", true); // Simplified
d:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--j6w193g", true);
d:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgberp4a5d4ar", true);
d:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgberp4a5d4a87g", true);
d:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbqly7c0a67fbc", true);
d:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbqly7cvafr", true);
d:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--kpry57d", true); // Traditional
d:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--kprw13d", true); // Simplified
d:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled", false);
.
- - - - ORPHANS REMOVED - - - -

HKLM-Run-QuickTime Task - d:\program files\QuickTime\qttask.exe
HKLM-Run-nssjaeee - d:\documents and settings\John Stacer\Local Settings\Application Data\ucmupkrgw\dubgvgsuqiw.exe
AddRemove-Microsoft Automap Trip Planner - F:\setup.exe
AddRemove-ShockwaveFlash - d:\windows\system32\Macromed\Flash\FlashUtil9b.exe



**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-11-03 14:14
Windows 5.1.2600 Service Pack 3 FAT NTAPI

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************

[HKEY_LOCAL_MACHINE\System\ControlSet002\Services\ViaIde]
"ImagePath"="System32\DRIVERS\viaide.sy@"
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'lsass.exe'(1240)
d:\windows\system32\relog_ap.dll
.
Completion time: 2010-11-03 14:16:35
ComboFix-quarantined-files.txt 2010-11-03 19:16

Pre-Run: 54,964,060,160 bytes free
Post-Run: 55,500,505,088 bytes free

WindowsXP-KB310994-SP2-Pro-BootDisk-ENU.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(2)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
UnsupportedDebug="do not select this" /debug
multi(0)disk(0)rdisk(0)partition(2)\WINDOWS="Microsoft Windows XP Professional" /fastdetect /NoExecute=OptIn
C:\="Microsoft Windows 98"

- - End Of File - - B5184A209111E1501B15FF1D6AF42B2B

#6 myrti

myrti

    Sillyberry


  • Malware Study Hall Admin
  • 33,772 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:At home
  • Local time:01:59 PM

Posted 04 November 2010 - 02:31 AM

Hi,

can you please go here: d:\documents and settings\John Stacer\Application Data\Mozilla\Firefox\Profiles\e6ettdpo.default\

and zip and attach the following file to your next post: user.js

Please make sure that you can view all hidden files. Instructions on how to do this can be found here:

How to see hidden files in Windows

regards myrti

is that a bird?  a plane? nooo it's the flying blueberry!

If I have been helping you and haven't replied in 2 days, feel free to shoot me a PM! Please don't send help request via PM, unless I am already helping you. Use the forums!

 

Follow BleepingComputer on: Facebook | Twitter | Google+


#7 jstacer

jstacer
  • Topic Starter

  • Members
  • 122 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Blue Grass, IA USA
  • Local time:05:59 AM

Posted 04 November 2010 - 11:32 AM

I pasted below the contents of user.js. There is also a user.js.bak that contains the same text. I couldn't figure out how to attach the file as you requested.

user_pref("yahoo.homepage.dontask", true);

#8 myrti

myrti

    Sillyberry


  • Malware Study Hall Admin
  • 33,772 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:At home
  • Local time:01:59 PM

Posted 05 November 2010 - 03:51 AM

Hi,

I actually need the file.
Scroll all the way down to the bottom and click on the use full editor underneath the Fast Reply to get to the reply page. There locate the Attachments section underneath the field in which you type your reply. Click on Browse. Locate the file you want to upload and click OK. Once done click Attach This File.

This should attach the file to your next reply.

regards myrti

is that a bird?  a plane? nooo it's the flying blueberry!

If I have been helping you and haven't replied in 2 days, feel free to shoot me a PM! Please don't send help request via PM, unless I am already helping you. Use the forums!

 

Follow BleepingComputer on: Facebook | Twitter | Google+


#9 jstacer

jstacer
  • Topic Starter

  • Members
  • 122 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Blue Grass, IA USA
  • Local time:05:59 AM

Posted 05 November 2010 - 09:30 AM

The full editor let me choose a file to upload but got this error message:

Error You aren't permitted to upload this kind of file

How do I proceed?

#10 myrti

myrti

    Sillyberry


  • Malware Study Hall Admin
  • 33,772 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:At home
  • Local time:01:59 PM

Posted 07 November 2010 - 11:24 AM

Hi,

please try to zip the file and attach it.

regards myrti

is that a bird?  a plane? nooo it's the flying blueberry!

If I have been helping you and haven't replied in 2 days, feel free to shoot me a PM! Please don't send help request via PM, unless I am already helping you. Use the forums!

 

Follow BleepingComputer on: Facebook | Twitter | Google+


#11 jstacer

jstacer
  • Topic Starter

  • Members
  • 122 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Blue Grass, IA USA
  • Local time:05:59 AM

Posted 08 November 2010 - 01:16 PM

I finally figured out how to zip a file...

Attached Files

  • Attached File  user.zip   154bytes   1 downloads


#12 myrti

myrti

    Sillyberry


  • Malware Study Hall Admin
  • 33,772 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:At home
  • Local time:01:59 PM

Posted 09 November 2010 - 02:08 AM

Hi,

oh sorry. I wasn't aware that was the issue. Let me know if there is a certain part you don't understand. I thought the problem was the uploading.

Please run the following script next with ComboFix:
1. Close any open browsers.

2. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

3. Open notepad and copy/paste the text in the quotebox below into it:

DDS::
uInternet Settings,ProxyServer = http=127.0.0.1:29775

File::
d:\documents and settings\John Stacer\Application Data\jsfhjjsd.bat


Save this as CFScript.txt, in the same location as ComboFix.exe


Posted Image

Refering to the picture above, drag CFScript into ComboFix.exe

When finished, it shall produce a log for you at C:\ComboFix.txt which I will require in your next reply.

regards myrti

is that a bird?  a plane? nooo it's the flying blueberry!

If I have been helping you and haven't replied in 2 days, feel free to shoot me a PM! Please don't send help request via PM, unless I am already helping you. Use the forums!

 

Follow BleepingComputer on: Facebook | Twitter | Google+


#13 jstacer

jstacer
  • Topic Starter

  • Members
  • 122 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Blue Grass, IA USA
  • Local time:05:59 AM

Posted 09 November 2010 - 01:14 PM

Attached is combofix.txt

Attached Files



#14 myrti

myrti

    Sillyberry


  • Malware Study Hall Admin
  • 33,772 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:At home
  • Local time:01:59 PM

Posted 10 November 2010 - 04:31 AM

Hi,

this is looking good. How is the PC doing?

regards myrti

is that a bird?  a plane? nooo it's the flying blueberry!

If I have been helping you and haven't replied in 2 days, feel free to shoot me a PM! Please don't send help request via PM, unless I am already helping you. Use the forums!

 

Follow BleepingComputer on: Facebook | Twitter | Google+


#15 jstacer

jstacer
  • Topic Starter

  • Members
  • 122 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Blue Grass, IA USA
  • Local time:05:59 AM

Posted 10 November 2010 - 10:57 AM

Everything seems OK except I still cannot boot into safe mode.

I get BSOD when I attempt to boot into safe mode, but can boot into normal mode win xp. Stop code 0x0000000A

It always hangs at driver loading MUP




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users