Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Thinkpoint residue


  • This topic is locked This topic is locked
25 replies to this topic

#1 Buzzkill

Buzzkill

  • Members
  • 13 posts
  • OFFLINE
  •  
  • Local time:10:18 PM

Posted 26 October 2010 - 07:44 PM

Hi everyone,

I picked up the thinkpoint virus the other day and though I was able to get past it there seems to be some residual fallout, namely a nasty browser redirect that I just can't find. I've run malwarebytes, spybot, avira and nothing picks up any virus but when I attempt to google anything related to viruses or virus removal....BING....redirected to shopping links. Enclosed is my hijackthis log...i hope smarter people than I can spot the offending bug.

Thanks (hopefully)


Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 7:42:48 PM, on 10/26/2010
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16981)
Boot mode: Normal

Running processes:
C:\WINNT\System32\smss.exe
C:\WINNT\system32\winlogon.exe
C:\WINNT\system32\services.exe
C:\WINNT\system32\lsass.exe
C:\WINNT\system32\Ati2evxx.exe
C:\WINNT\system32\svchost.exe
C:\WINNT\System32\svchost.exe
C:\WINNT\system32\spoolsv.exe
C:\Program Files\Avira\AntiVir Desktop\sched.exe
C:\WINNT\system32\Ati2evxx.exe
C:\WINNT\Explorer.EXE
C:\Program Files\Java\jre6\bin\jusched.exe
C:\WINNT\SOUNDMAN.EXE
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Google\Gmail Notifier\gnotify.exe
C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
C:\Program Files\ATT-SST\McciTrayApp.exe
C:\Program Files\Avira\AntiVir Desktop\avgnt.exe
C:\WINNT\system32\ctfmon.exe
C:\Program Files\FinePixViewer\QuickDCF.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\Program Files\Avira\AntiVir Desktop\avguard.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Avira\AntiVir Desktop\avshadow.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Common Files\Motive\McciCMService.exe
C:\WINNT\system32\slserv.exe
C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe
C:\WINNT\system32\svchost.exe
C:\WINNT\system32\mspmspsv.exe
C:\Program Files\HP\Digital Imaging\Product Assistant\bin\hprblog.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\WINNT\system32\wbem\wmiapsrv.exe
C:\WINNT\system32\wuauclt.exe
C:\WINNT\system32\wuauclt.exe
C:\WINNT\system32\wuauclt.exe
C:\WINNT\System32\mshta.exe
C:\Program Files\Trend Micro\HiJackThis\HiJackThis.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\WINNT\system32\wuauclt.exe
C:\WINNT\system32\wuauclt.exe
C:\DOCUME~1\Doug1\LOCALS~2\Temp\fsonlinescanner.exe
C:\Program Files\Mozilla Firefox\plugin-container.exe
C:\WINNT\System32\mshta.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://my.juno.com/s/search?r=minisearch
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://my.juno.com/s/search?r=minisearch
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://att.net/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://my.juno.com/s/search?r=minisearch
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://my.juno.com/s/search?r=minisearch
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://my.juno.com/s/search?r=minisearch
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://my.juno.com/s/search?r=minisearch
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
O2 - BHO: &Yahoo! Toolbar Helper - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: AT&&T Toolbar - {4E7BD74F-2B8D-469E-94BE-FD60BB9AAE29} - C:\PROGRA~1\ATTTOO~1\ATTTOO~1.DLL
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: (no name) - {57A70350-87D9-4EA2-B3AC-C1C1B5296035} - (no file)
O2 - BHO: Java™ Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O2 - BHO: SingleInstance Class - {FDAD4DA1-61A2-4FD8-9C17-86F7AC245081} - C:\Program Files\Yahoo!\Companion\Installs\cpn\YTSingleInstance.dll
O2 - BHO: (no name) - {FDD3B846-8D59-4ffb-8758-209B6AD74ACC} - C:\Program Files\Microsoft Money\System\mnyviewer.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O3 - Toolbar: AT&&T Toolbar - {4E7BD74F-2B8D-469E-94BE-FD60BB9AAE29} - C:\PROGRA~1\ATTTOO~1\ATTTOO~1.DLL
O4 - HKLM\..\Run: [Synchronization Manager] mobsync.exe /logon
O4 - HKLM\..\Run: [ATIPTA] "C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKLM\..\Run: [ATICCC] "C:\Program Files\ATI Technologies\ATI.ACE\CLIStart.exe"
O4 - HKLM\..\Run: [REGSHAVE] C:\Program Files\REGSHAVE\REGSHAVE.EXE /AUTORUN
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [{0228e555-4f9c-4e35-a3ec-b109a192b4c2}] C:\Program Files\Google\Gmail Notifier\gnotify.exe
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [ATT-SST_McciTrayApp] "C:\Program Files\ATT-SST\McciTrayApp.exe"
O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir Desktop\avgnt.exe" /min
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINNT\system32\ctfmon.exe
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKUS\S-1-5-19\..\RunOnce: [^SetupICWDesktop] C:\Program Files\Internet Explorer\Connection Wizard\icwconn1.exe /desktop (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\RunOnce: [tscuninstall] %systemroot%\system32\tscupgrd.exe (User 'LOCAL SERVICE')
O4 - H

Edited by Buzzkill, 26 October 2010 - 07:46 PM.


BC AdBot (Login to Remove)

 


#2 myrti

myrti

    Sillyberry


  • Malware Study Hall Admin
  • 33,784 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:At home
  • Local time:05:18 AM

Posted 05 November 2010 - 08:09 AM

Hello and welcome to Bleeping Computer

We apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help. No one is ignored here.

If you have since resolved the original problem you were having, we would appreciate you letting us know. If not please perform the following steps below so we can have a look at the current condition of your machine.

Please include a clear description of the problems you're having, along with any steps you may have performed so far.

Please refrain from running tools or applying updates other than those we suggest while we are cleaning up your computer. The reason for this is so we know what is going on with the machine at any time. Some programs can interfere with others and hamper the recovery process.

Even if you have already provided information about your PC, we need a new log to see what has changed since you originally posted your problem.
We need to create an OTL Report
  • Please download OTL from one of the following mirrors:
  • Save it to your desktop.
  • Double click on the Posted Image icon on your desktop.
  • Click the "Scan All Users" checkbox.
  • In the custom scan box paste the following:
    msconfig
    safebootminimal
    activex
    drivers32
    netsvcs
    %SYSTEMDRIVE%\*.exe
    /md5start
    hlp.dat
    winlogon.exe
    wininit.exe
    explorer.exe
    /md5stop
    %systemroot%\*. /mp /s
    %systemroot%\system32\*.dll /lockedfiles
    %systemroot%\Tasks\*.job /lockedfiles
    %systemroot%\system32\drivers\*.sys /lockedfiles
    %systemroot%\System32\config\*.sav
    %systemroot%\system32\drivers\*.sys /90
  • Push the Posted Image button.
  • Two reports will open, copy and paste them in a reply here:
    • OTL.txt <-- Will be opened
    • Extra.txt<--Will be minimized

In the upper right hand corner of the topic you will see a button called Options. If you click on this in the drop-down menu you can choose Track this topic. I suggest you do this and select Immediate E-Mail notification and click on Proceed. This way you will be advised when we respond to your topic and facilitate the cleaning of your machine.

After 5 days if a topic is not replied to we assume it has been abandoned and it is closed.

regards myrti

is that a bird?  a plane? nooo it's the flying blueberry!

If I have been helping you and haven't replied in 2 days, feel free to shoot me a PM! Please don't send help request via PM, unless I am already helping you. Use the forums!

animinionsmalltext.gif

Follow BleepingComputer on: Facebook | Twitter | Google+


#3 Buzzkill

Buzzkill
  • Topic Starter

  • Members
  • 13 posts
  • OFFLINE
  •  
  • Local time:10:18 PM

Posted 06 November 2010 - 10:03 AM

Thank You Myrti. Here are the logs you requested:

msconfig
safebootminimal
activex
drivers32
netsvcs
%SYSTEMDRIVE%\*.exe
/md5start
hlp.dat
winlogon.exe
wininit.exe
explorer.exe
/md5stop
%systemroot%\*. /mp /s
%systemroot%\system32\*.dll /lockedfiles
%systemroot%\Tasks\*.job /lockedfiles
%systemroot%\system32\drivers\*.sys /lockedfiles
%systemroot%\System32\config\*.sav
%systemroot%\system32\drivers\*.sys /90


OTL Extras logfile created on: 11/6/2010 9:39:00 AM - Run 1
OTL by OldTimer - Version 3.2.17.3 Folder = C:\Documents and Settings\Doug1\Desktop
Windows XP Professional Edition Service Pack 2 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 7.0.5730.13)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

1,023.00 Mb Total Physical Memory | 530.00 Mb Available Physical Memory | 52.00% Memory free
4.00 Gb Paging File | 3.00 Gb Available in Paging File | 88.00% Paging File free
Paging file location(s): C:\pagefile.sys 3072 3072 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINNT | %ProgramFiles% = C:\Program Files
Drive C: | 74.52 Gb Total Space | 18.79 Gb Free Space | 25.22% Space Free | Partition Type: NTFS
Drive D: | 1.97 Gb Total Space | 0.00 Gb Free Space | 0.00% Space Free | Partition Type: UDF

Computer Name: 1031_STUDIOS | User Name: Doug1 | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Extra Registry (SafeList) ==========


========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.js [@ = JSFile] -- C:\Program Files\Macromedia\Dreamweaver 4\Dreamweaver.exe (Macromedia, Inc.)

[HKEY_USERS\S-1-5-21-1202660629-963894560-682003330-1000\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
jsfile [open] -- "C:\Program Files\Macromedia\Dreamweaver 4\Dreamweaver.exe" "%1" (Macromedia, Inc.)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- %1
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation)
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [FinePix] -- "C:\Program Files\FinePixViewer\FinePixViewer.exe" "%1" (FUJI PHOTO FILM CO.,LTD.)
Directory [FinePixPrint] -- "C:\Program Files\FinePixViewer\FinePixViewer.exe" /p "%1" (FUJI PHOTO FILM CO.,LTD.)
Directory [Winamp.Bookmark] -- "C:\Program Files\Winamp\winamp.exe" /BOOKMARK "%1" (Nullsoft, Inc.)
Directory [Winamp.Enqueue] -- "C:\Program Files\Winamp\winamp.exe" /ADD "%1" (Nullsoft, Inc.)
Directory [Winamp.Play] -- "C:\Program Files\Winamp\winamp.exe" "%1" (Nullsoft, Inc.)
Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"FirstRunDisabled" = 1
"AntiVirusDisableNotify" = 0
"FirewallDisableNotify" = 0
"UpdatesDisableNotify" = 0
"AntiVirusOverride" = 0
"FirewallOverride" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]

========== System Restore Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows NT\SystemRestore]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"DisableSR" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Sr]
"Start" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SrService]
"Start" = 2

========== Firewall Settings ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\List]
"139:TCP" = 139:TCP:*:Enabled:@xpsp2res.dll,-22004
"445:TCP" = 445:TCP:*:Enabled:@xpsp2res.dll,-22005
"137:UDP" = 137:UDP:*:Enabled:@xpsp2res.dll,-22001
"138:UDP" = 138:UDP:*:Enabled:@xpsp2res.dll,-22002
"1723:TCP" = 1723:TCP:*:Enabled:@xpsp2res.dll,-22015
"1701:UDP" = 1701:UDP:*:Enabled:@xpsp2res.dll,-22016
"500:UDP" = 500:UDP:*:Enabled:@xpsp2res.dll,-22017

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1
"DoNotAllowExceptions" = 0
"DisableNotifications" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
"139:TCP" = 139:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22004
"445:TCP" = 445:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22005
"137:UDP" = 137:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22001
"138:UDP" = 138:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22002
"1723:TCP" = 1723:TCP:*:Enabled:@xpsp2res.dll,-22015
"1701:UDP" = 1701:UDP:*:Enabled:@xpsp2res.dll,-22016
"500:UDP" = 500:UDP:*:Enabled:@xpsp2res.dll,-22017

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"C:\Program Files\Winmx\WinMX.exe" = C:\Program Files\Winmx\WinMX.exe:*:Enabled:WinMX Application -- (Frontcode Technologies)
"C:\Program Files\iTunes\iTunes.exe" = C:\Program Files\iTunes\iTunes.exe:*:Enabled:iTunes -- (Apple Inc.)
"C:\WINNT\system32\mmc.exe" = C:\WINNT\system32\mmc.exe:*:Enabled:Microsoft Management Console -- (Microsoft Corporation)
"C:\Program Files\HP\Digital Imaging\bin\hpofxm08.exe" = C:\Program Files\HP\Digital Imaging\bin\hpofxm08.exe:*:Enabled:hpofxm08.exe -- (Hewlett-Packard Co.)
"C:\Program Files\HP\Digital Imaging\bin\hposfx08.exe" = C:\Program Files\HP\Digital Imaging\bin\hposfx08.exe:*:Enabled:hposfx08.exe -- (Hewlett-Packard Co.)
"C:\Program Files\HP\Digital Imaging\bin\hposid01.exe" = C:\Program Files\HP\Digital Imaging\bin\hposid01.exe:*:Enabled:hposid01.exe -- (Hewlett-Packard Co.)
"C:\Program Files\HP\Digital Imaging\bin\hpqCopy.exe" = C:\Program Files\HP\Digital Imaging\bin\hpqCopy.exe:*:Enabled:hpqcopy.exe -- (Hewlett-Packard Co.)
"C:\Program Files\HP\Digital Imaging\bin\hpfccopy.exe" = C:\Program Files\HP\Digital Imaging\bin\hpfccopy.exe:*:Enabled:hpfccopy.exe -- (Hewlett-Packard)
"C:\Program Files\HP\Digital Imaging\bin\hpzwiz01.exe" = C:\Program Files\HP\Digital Imaging\bin\hpzwiz01.exe:*:Enabled:hpzwiz01.exe -- (Hewlett-Packard Co.)
"C:\Program Files\HP\Digital Imaging\Unload\HpqPhUnl.exe" = C:\Program Files\HP\Digital Imaging\Unload\HpqPhUnl.exe:*:Enabled:hpqphunl.exe -- ()
"C:\Program Files\HP\Digital Imaging\Unload\HpqDIA.exe" = C:\Program Files\HP\Digital Imaging\Unload\HpqDIA.exe:*:Enabled:hpqdia.exe -- ( )
"C:\Program Files\HP\Digital Imaging\bin\hpoews01.exe" = C:\Program Files\HP\Digital Imaging\bin\hpoews01.exe:*:Enabled:hpoews01.exe -- (Hewlett-Packard Co.)
"C:\Program Files\Macromedia\Dreamweaver 4\Dreamweaver.exe" = C:\Program Files\Macromedia\Dreamweaver 4\Dreamweaver.exe:*:Enabled:Dreamweaver -- (Macromedia, Inc.)
"C:\Program Files\Symantec\pcAnywhere\WINAW32.EXE" = C:\Program Files\Symantec\pcAnywhere\WINAW32.EXE:*:Enabled:pcAnywhere Main Program -- (Symantec Corporation)
"C:\Program Files\Symantec\pcAnywhere\AWHOST32.EXE" = C:\Program Files\Symantec\pcAnywhere\AWHOST32.EXE:*:Enabled:pcAnywhere Host Service -- (Symantec Corporation)
"C:\Program Files\Symantec\pcAnywhere\awrem32.exe" = C:\Program Files\Symantec\pcAnywhere\awrem32.exe:*:Enabled:pcAnywhere Remote Service -- (Symantec Corporation)
"C:\Program Files\Winamp\winamp.exe" = C:\Program Files\Winamp\winamp.exe:*:Enabled:Winamp -- (Nullsoft, Inc.)


========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{0228e555-4f9c-4e35-a3ec-b109a192b4c2}" = Google Gmail Notifier
"{0611BD4E-4FE4-4a62-B0C0-18A4CC463428}" = CP_Package_Variety1
"{07287123-B8AC-41CE-8346-3D777245C35B}" = Bonjour
"{09984AEC-6B9F-4ca7-B78D-CB44D4771DA3}" = Destinations
"{0B33B738-AD79-4E32-90C5-E67BFB10BBFF}" = AiO_Scan
"{0BEDBD4E-2D34-47B5-9973-57E62B29307C}" = ATI Control Panel
"{121634B0-2F4B-11D3-ADA3-00C04F52DD52}" = Windows Installer Clean Up
"{1451DE6B-ABE1-4F62-BE9A-B363A17588A2}" = QuickTime
"{15EE79F4-4ED1-4267-9B0F-351009325D7D}" = HP Software Update
"{18D10072035C4515918F7E37EAFAACFC}" = AutoUpdate
"{1C139D7D-9FEA-468d-A9C8-2A6E3BDE564A}" = CP_Package_Variety3
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{24ED4D80-8294-11D5-96CD-0040266301AD}" = FinePixViewer Ver.4.2
"{26A24AE4-039D-4CA4-87B4-2F83216022FF}" = Java™ 6 Update 22
"{2ADE2157-7A5E-122C-B51D-EB8A01B15943}" = DeepBurner v1.9.0.228
"{2CADCEAB-D5DA-44D6-B5FC-7DEE87AB3C0C}" = Unload
"{2DFF31F9-7893-4922-AF66-C9A1EB4EBB31}" = Rhapsody Player Engine
"{2F151B50-B434-4838-B51D-70442EBA093E}" = OpenMG Secure Module 4.1.00
"{30C19FF2-7FBA-4d09-B9DE-1659977F64F6}" = TrayApp
"{350C97B0-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP
"{3EA9D975-BFDC-4E8E-B88B-0446FBC8CA66}" = ATI HydraVision
"{3FA365DF-2D68-45ED-8F83-8C8A33E65143}" = Apple Application Support
"{4286E640-B5FB-11DF-AC4B-005056C00008}" = Google Earth
"{45A66726-69BC-466B-A7A4-12FCBA4883D7}" = HiJackThis
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{54E3707F-808E-4fd4-95C9-15D1AB077E5D}" = NewCopy
"{56F8AFC3-FA98-4ff1-9673-8A026CBF85BE}" = WebReg
"{5B79CFD1-6845-4158-9D7D-6BE89DF2C135}" = HP PSC & OfficeJet 5.3.B
"{63569CE9-FA00-469C-AF5C-E5D4D93ACF91}" = Windows Genuine Advantage v1.3.0254.0
"{65248369-7CB9-43A9-82C8-C438AE04DED4}" = 1500
"{66E6CE0C-5A1E-430C-B40A-0C90FF1804A8}" = eSupportQFolder
"{6956856F-B6B3-4BE0-BA0B-8F495BE32033}" = Apple Software Update
"{6BB6627C-694F-4FDC-A3E5-C7F4BED4C724}" = DocProc
"{7850A6D2-CBEA-4728-9877-F1BEDEA9F619}" = AiOSoftware
"{7989FC0E-85EC-4C8D-AD5C-3FD1398261A7}" = ATI Catalyst Control Center
"{7B63B2922B174135AFC0E1377DD81EC2}" = DivX
"{7C9B95B7-B598-4398-B30F-7F6827192E6C}" = ProductContext
"{7F373956-6960-11D5-BAE5-00E0188E010B}" = FUJIFILM USB Driver
"{81E06318-EEB9-4D55-8CD5-7AC9148D5E66}" = 1500_Help
"{8777AC6D-89F9-4793-8266-DE406F343E89}" = QFolder
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8ADFC4160D694100B5B8A22DE9DCABD9}" = DivX Player
"{8EF1122E-E90C-4EE9-AB0C-7FDE2BA42C26}" = Musicmatch® Jukebox
"{90280409-6000-11D3-8CFE-0050048383C9}" = Microsoft Office XP Professional with FrontPage
"{923A7F5A-1E8C-4FBE-8DF6-85940A60A79F}" = Readme
"{934E9442-D305-4ACF-AD87-A6C11D677CB9}" = ImageMixer VCD2 for FinePix
"{98E8A2EF-4EAE-43B8-A172-74842B764777}" = InterVideo WinDVD 4
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{A195B13E-A5E3-4BAF-A995-7F70F445CD06}" = ScannerCopy
"{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}" = Microsoft .NET Framework 3.0 Service Pack 2
"{A5BA14E0-7384-11D4-BAE7-00409631A2C8}" = Macromedia Extension Manager
"{A6FDF86A-F541-4E7B-AEA0-8849A2A700D5}" = iTunes
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{AADEA55D-C834-4BCB-98A3-4B8D1C18F4EE}" = Apple Mobile Device Support
"{AB5D51AE-EBC3-438D-872C-705C7C2084B0}" = DeviceManagementQFolder
"{ABDA9912-5D00-11D4-BAE7-9367CA097955}" = Macromedia Dreamweaver 4
"{AC76BA86-7AD7-1033-7B44-A70000000000}" = Adobe Reader 7.0
"{B194272D-1F92-46DF-99EB-8D5CE91CB4EC}" = Adobe AIR
"{B824B5C9-849F-4b9e-9EA7-6FD8CD8116DA}" = CP_Package_Variety2
"{B9242864-2841-4ADE-86E0-8F90F91B04DD}" = Logitech Gaming Software
"{B996AE66-10DB-4ac5-B151-E8B4BFBC42FC}" = BufferChm
"{C05E8183-866A-11D3-97DF-0000F8D8F2E9}" = Symantec pcAnywhere
"{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}" = Microsoft .NET Framework 2.0 Service Pack 2
"{C3ABE126-2BB2-4246-BFE1-6797679B3579}" = LG USB Modem Driver
"{C4466935-88FD-4357-8A59-F641CECD897F}" = Sonic Foundry ACID Music 3.0f
"{C506A18C-1469-4678-B094-F4EC9DAE6DB7}" = Scan
"{c9920352-04e6-469d-bab8-e2b9c7c75415}.sdb" = Microsoft Automated Troubleshooting Services Shim
"{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1
"{CBA30674-A242-4531-82B5-586B31F90E04}" = 1500Trb
"{CE24344F-DFD8-40C8-8FD8-C9740B5F25AC}" = Fax
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{CF5193F7-6B37-11D5-B7D2-00AA00A204F1}" = Microsoft Money 2002 System Pack
"{D680C913-5955-469D-9D88-C1940F7506D6}" = RAW FILE CONVERTER LE
"{D792A069-B96B-40BA-BCB4-E5651A6E5926}" = Far Cry (Patch 1)
"{E2883E8F-472F-4fb0-9522-AC9BF37916A7}" = Adobe Download Manager
"{E3F90083-80D4-4b5a-87C7-E97E12F5516D}" = HPProductAssistant
"{E7298FD5-1386-11D5-8D6C-0050DAD32D95}" = Microsoft Money 2002
"{EA103B64-C0E4-4C0E-A506-751590E1653D}" = SolutionCenter
"{F4C2E5F5-2970-45f4-ABD3-C180C4D961C4}" = Status
"{FE64AE29-0883-4C70-8388-DC026019C900}" = HP Image Zone Express
"Activision_AsteroidsUninstallKey" = Asteroids
"Adobe Acrobat 5.0" = Adobe Acrobat 5.0
"Adobe AIR" = Adobe AIR
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"Adobe Premiere 6.0" = Adobe Premiere 6.0
"Advanced SystemCare 3_is1" = Advanced SystemCare 3
"All ATI Software" = ATI - Software Uninstall Utility
"ATI Display Driver" = ATI Display Driver
"ATT-HSI" = ATT-HSI
"ATT-SST" = AT&T Service & Support Tool
"ATTToolbar" = AT&T Toolbar
"Audacity_is1" = Audacity 1.2.6
"Avira AntiVir Desktop" = Avira AntiVir Personal - Free Antivirus
"CCleaner" = CCleaner
"Corel Applications" = Corel Applications
"DVD Decrypter" = DVD Decrypter (Remove Only)
"HP Imaging Device Functions" = HP Imaging Device Functions 5.3
"HP Solution Center & Imaging Support Tools" = HP Solution Center & Imaging Support Tools 5.3
"IDNMitigationAPIs" = Microsoft Internationalized Domain Names Mitigation APIs
"ie7" = Windows Internet Explorer 7
"InstallShield_{2F151B50-B434-4838-B51D-70442EBA093E}" = OpenMG Secure Module 4.1.00
"InstallShield_{C21D5524-A970-42FA-AC8A-59B8C7CDCA31}" = QuickTime
"jZip" = jZip
"LiveReg" = LiveReg (Symantec Corporation)
"LiveUpdate1.6" = LiveUpdate 1.6 (Symantec Corporation)
"LucasArts' Jedi Knight" = LucasArts' Jedi Knight
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware
"Microsoft .NET Framework 1.1 (1033)" = Microsoft .NET Framework 1.1
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Mozilla Firefox (3.6.12)" = Mozilla Firefox (3.6.12)
"MWASPI" = MicroStaff WINASPI
"NLSDownlevelMapping" = Microsoft National Language Support Downlevel APIs
"OpenMG HotFix4.1-05-13-31-01" = OpenMG Limited Patch 4.1-05-13-31-01
"Q903235" = Internet Explorer Q903235
"WIC" = Windows Imaging Component
"Winamp" = Winamp
"Windows Media Format Runtime" = Windows Media Format Runtime
"Windows Media Player" = Windows Media Player 10
"Winmx Community 1" = Winmx Community 1
"WinRAR archiver" = WinRAR archiver

========== HKEY_USERS Uninstall List ==========

[HKEY_USERS\S-1-5-21-1202660629-963894560-682003330-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Winamp Detect" = Winamp Detector Plug-in
"Yahoo! BrowserPlus" = Yahoo! BrowserPlus 2.9.8

========== Last 10 Event Log Errors ==========

[ Application Events ]
Error - 11/1/2010 8:32:49 PM | Computer Name = 1031_STUDIOS | Source = VSS | ID = 5013
Description = Volume Shadow Copy Service error: Shadow Copy writer RemovableStorageManager
called routine OpenNtmsSessionW which failed with status 0x80080005 (converted
to 0x800423f4).

Error - 11/1/2010 10:38:49 PM | Computer Name = 1031_STUDIOS | Source = VSS | ID = 5013
Description = Volume Shadow Copy Service error: Shadow Copy writer RemovableStorageManager
called routine OpenNtmsSessionW which failed with status 0x80080005 (converted
to 0x800423f4).

Error - 11/3/2010 2:49:19 PM | Computer Name = 1031_STUDIOS | Source = VSS | ID = 5013
Description = Volume Shadow Copy Service error: Shadow Copy writer RemovableStorageManager
called routine OpenNtmsSessionW which failed with status 0x80080005 (converted
to 0x800423f4).

Error - 11/3/2010 3:06:26 PM | Computer Name = 1031_STUDIOS | Source = VSS | ID = 5013
Description = Volume Shadow Copy Service error: Shadow Copy writer RemovableStorageManager
called routine OpenNtmsSessionW which failed with status 0x80080005 (converted
to 0x800423f4).

Error - 11/3/2010 4:07:38 PM | Computer Name = 1031_STUDIOS | Source = VSS | ID = 5013
Description = Volume Shadow Copy Service error: Shadow Copy writer RemovableStorageManager
called routine OpenNtmsSessionW which failed with status 0x80080005 (converted
to 0x800423f4).

Error - 11/3/2010 4:21:24 PM | Computer Name = 1031_STUDIOS | Source = VSS | ID = 5013
Description = Volume Shadow Copy Service error: Shadow Copy writer RemovableStorageManager
called routine OpenNtmsSessionW which failed with status 0x80080005 (converted
to 0x800423f4).

Error - 11/3/2010 9:42:41 PM | Computer Name = 1031_STUDIOS | Source = VSS | ID = 5013
Description = Volume Shadow Copy Service error: Shadow Copy writer RemovableStorageManager
called routine OpenNtmsSessionW which failed with status 0x80080005 (converted
to 0x800423f4).

Error - 11/3/2010 10:00:27 PM | Computer Name = 1031_STUDIOS | Source = VSS | ID = 5013
Description = Volume Shadow Copy Service error: Shadow Copy writer RemovableStorageManager
called routine OpenNtmsSessionW which failed with status 0x80080005 (converted
to 0x800423f4).

Error - 11/3/2010 11:03:21 PM | Computer Name = 1031_STUDIOS | Source = VSS | ID = 5013
Description = Volume Shadow Copy Service error: Shadow Copy writer RemovableStorageManager
called routine OpenNtmsSessionW which failed with status 0x80080005 (converted
to 0x800423f4).

Error - 11/3/2010 11:16:47 PM | Computer Name = 1031_STUDIOS | Source = VSS | ID = 5013
Description = Volume Shadow Copy Service error: Shadow Copy writer RemovableStorageManager
called routine OpenNtmsSessionW which failed with status 0x80080005 (converted
to 0x800423f4).

[ System Events ]
Error - 11/3/2010 9:58:53 PM | Computer Name = 1031_STUDIOS | Source = DCOM | ID = 10010
Description = The server {D61A27C6-8F53-11D0-BFA0-00A024151983} did not register
with DCOM within the required timeout.

Error - 11/3/2010 9:59:24 PM | Computer Name = 1031_STUDIOS | Source = DCOM | ID = 10010
Description = The server {D61A27C6-8F53-11D0-BFA0-00A024151983} did not register
with DCOM within the required timeout.

Error - 11/3/2010 9:59:55 PM | Computer Name = 1031_STUDIOS | Source = DCOM | ID = 10010
Description = The server {D61A27C6-8F53-11D0-BFA0-00A024151983} did not register
with DCOM within the required timeout.

Error - 11/3/2010 10:00:26 PM | Computer Name = 1031_STUDIOS | Source = DCOM | ID = 10010
Description = The server {D61A27C6-8F53-11D0-BFA0-00A024151983} did not register
with DCOM within the required timeout.

Error - 11/4/2010 10:06:21 AM | Computer Name = 1031_STUDIOS | Source = Service Control Manager | ID = 7023
Description = The Human Interface Device Access service terminated with the following
error: %%126

Error - 11/4/2010 5:22:59 PM | Computer Name = 1031_STUDIOS | Source = Dhcp | ID = 1002
Description = The IP address lease 192.168.1.64 for the Network Card with network
address 000C767ED444 has been denied by the DHCP server 0.0.0.0 (The DHCP Server
sent a DHCPNACK message).

Error - 11/4/2010 5:23:03 PM | Computer Name = 1031_STUDIOS | Source = Service Control Manager | ID = 7023
Description = The Human Interface Device Access service terminated with the following
error: %%126

Error - 11/4/2010 7:38:17 PM | Computer Name = 1031_STUDIOS | Source = Service Control Manager | ID = 7023
Description = The Human Interface Device Access service terminated with the following
error: %%126

Error - 11/5/2010 12:50:15 PM | Computer Name = 1031_STUDIOS | Source = Service Control Manager | ID = 7023
Description = The Human Interface Device Access service terminated with the following
error: %%126

Error - 11/6/2010 10:09:19 AM | Computer Name = 1031_STUDIOS | Source = Service Control Manager | ID = 7023
Description = The Human Interface Device Access service terminated with the following
error: %%126


< End of report >

#4 Buzzkill

Buzzkill
  • Topic Starter

  • Members
  • 13 posts
  • OFFLINE
  •  
  • Local time:10:18 PM

Posted 06 November 2010 - 11:54 AM

if this helps, the remaining symptoms are:

programs unable to connect to internet (error message - [cannot find http:// XXXXXXXXXX])
IE icon doesn't connect, it creates an IE shortcut
Search won't open
webmail icon won't work (parameter isn't correct)
system restore won't work
all ports timeout during scan

#5 myrti

myrti

    Sillyberry


  • Malware Study Hall Admin
  • 33,784 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:At home
  • Local time:05:18 AM

Posted 08 November 2010 - 05:47 AM

Hi,

the first part you copied is the script I asked you to run, not the otl.txt. Could you please run it again and post said log.

Please also run a scan with Rootkit Unhooker:
Please download Rootkit Unhooker and save it to your Desktop
  • Double-click on RKUnhookerLE to run it
  • Click the Report tab, then click Scan
  • Check Drivers, Stealth, and uncheck the rest
  • Click OK
  • Wait until it's finished and then go to File > Save Report
  • Save the report to your Desktop
Copy the entire contents of the report and paste it in a reply here.

Note** you may get this warning it is ok, just ignore

"Rootkit Unhooker has detected a parasite inside itself!
It is recommended to remove parasite, okay?"

is that a bird?  a plane? nooo it's the flying blueberry!

If I have been helping you and haven't replied in 2 days, feel free to shoot me a PM! Please don't send help request via PM, unless I am already helping you. Use the forums!

animinionsmalltext.gif

Follow BleepingComputer on: Facebook | Twitter | Google+


#6 Buzzkill

Buzzkill
  • Topic Starter

  • Members
  • 13 posts
  • OFFLINE
  •  
  • Local time:10:18 PM

Posted 08 November 2010 - 10:52 AM

OK, here's the file named otl.txt. i hope it's what you are looking for.

OTL logfile created on: 11/8/2010 9:33:52 AM - Run 2
OTL by OldTimer - Version 3.2.17.3 Folder = C:\Documents and Settings\Doug1\Desktop
Windows XP Professional Edition Service Pack 2 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 7.0.5730.13)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

1,023.00 Mb Total Physical Memory | 464.00 Mb Available Physical Memory | 45.00% Memory free
4.00 Gb Paging File | 3.00 Gb Available in Paging File | 87.00% Paging File free
Paging file location(s): C:\pagefile.sys 3072 3072 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINNT | %ProgramFiles% = C:\Program Files
Drive C: | 74.52 Gb Total Space | 18.54 Gb Free Space | 24.88% Space Free | Partition Type: NTFS
Drive D: | 1.97 Gb Total Space | 0.00 Gb Free Space | 0.00% Space Free | Partition Type: UDF

Computer Name: 1031_STUDIOS | User Name: Doug1 | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2010/11/06 08:37:24 | 000,575,488 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Doug1\Desktop\OTL.exe
PRC - [2010/11/03 09:32:59 | 000,135,336 | ---- | M] (Avira GmbH) -- C:\Program Files\Avira\AntiVir Desktop\sched.exe
PRC - [2010/11/03 09:32:58 | 000,281,768 | ---- | M] (Avira GmbH) -- C:\Program Files\Avira\AntiVir Desktop\avgnt.exe
PRC - [2010/11/03 09:32:58 | 000,267,944 | ---- | M] (Avira GmbH) -- C:\Program Files\Avira\AntiVir Desktop\avguard.exe
PRC - [2010/10/31 21:41:30 | 000,912,344 | ---- | M] (Mozilla Corporation) -- C:\Program Files\Mozilla Firefox\firefox.exe
PRC - [2010/07/27 04:15:50 | 001,573,888 | ---- | M] (Alcatel-Lucent) -- C:\Program Files\ATT-SST\McciTrayApp.exe
PRC - [2010/01/14 20:11:00 | 000,076,968 | ---- | M] (Avira GmbH) -- C:\Program Files\Avira\AntiVir Desktop\avshadow.exe
PRC - [2009/03/05 15:07:20 | 002,260,480 | RHS- | M] (Safer-Networking Ltd.) -- C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
PRC - [2005/07/15 15:48:33 | 000,479,232 | ---- | M] (Google Inc.) -- C:\Program Files\Google\Gmail Notifier\gnotify.exe
PRC - [2004/08/04 06:00:00 | 001,032,192 | ---- | M] (Microsoft Corporation) -- C:\WINNT\explorer.exe
PRC - [2004/01/08 15:41:40 | 000,073,796 | ---- | M] (Smart Link) -- C:\WINNT\system32\slserv.exe
PRC - [2003/08/15 01:34:50 | 000,057,344 | R--- | M] (Realtek Semiconductor Corp.) -- C:\WINNT\SOUNDMAN.EXE
PRC - [2003/07/10 05:34:10 | 000,241,664 | ---- | M] (FUJI PHOTO FILM CO., LTD.) -- C:\Program Files\FinePixViewer\QuickDCF.exe


========== Modules (SafeList) ==========

MOD - [2010/11/06 08:37:24 | 000,575,488 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Doug1\Desktop\OTL.exe
MOD - [2004/08/04 06:00:00 | 001,050,624 | ---- | M] (Microsoft Corporation) -- C:\WINNT\winsxs\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.2180_x-ww_a84f1ff9\comctl32.dll


========== Win32 Services (SafeList) ==========

SRV - File not found [Auto | Stopped] -- C:\WINNT\System32\hidserv.dll -- (HidServ)
SRV - [2010/11/03 09:32:59 | 000,135,336 | ---- | M] (Avira GmbH) [Auto | Running] -- C:\Program Files\Avira\AntiVir Desktop\sched.exe -- (AntiVirSchedulerService)
SRV - [2010/11/03 09:32:58 | 000,267,944 | ---- | M] (Avira GmbH) [Auto | Running] -- C:\Program Files\Avira\AntiVir Desktop\avguard.exe -- (AntiVirService)
SRV - [2010/09/01 14:52:56 | 000,066,112 | ---- | M] (NOS Microsystems Ltd.) [On_Demand | Stopped] -- C:\Program Files\NOS\bin\getPlus_Helper_3004.dll -- (nosGetPlusHelper) getPlus®
SRV - [2006/10/04 02:48:37 | 000,050,176 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\WINNT\system32\utilman.exe -- (UtilMan)
SRV - [2005/01/26 17:30:04 | 000,053,337 | ---- | M] (Sony Corporation) [On_Demand | Stopped] -- C:\Program Files\Common Files\Sony Shared\AVLib\MSCSPTISRV.exe -- (MSCSPTISRV)
SRV - [2005/01/26 17:25:34 | 000,053,337 | ---- | M] (Sony Corporation) [On_Demand | Stopped] -- C:\Program Files\Common Files\Sony Shared\AVLib\PACSPTISVR.exe -- (PACSPTISVR)
SRV - [2005/01/26 17:20:14 | 000,069,718 | ---- | M] (Sony Corporation) [On_Demand | Stopped] -- C:\Program Files\Common Files\Sony Shared\AVLib\SPTISRV.exe -- (SPTISRV)
SRV - [2004/09/29 12:14:36 | 000,069,632 | ---- | M] (HP) [Auto | Stopped] -- C:\WINNT\system32\HPZipm12.exe -- (Pml Driver HPZ12)
SRV - [2004/01/08 15:41:40 | 000,073,796 | ---- | M] (Smart Link) [Auto | Running] -- C:\WINNT\System32\slserv.exe -- (SLService)
SRV - [2002/02/15 12:51:00 | 000,114,749 | ---- | M] (Symantec Corporation) [On_Demand | Stopped] -- C:\Program Files\Symantec\pcAnywhere\AWHOST32.EXE -- (awhost32)


========== Driver Services (SafeList) ==========

DRV - File not found [Kernel | On_Demand | Stopped] -- D:\NTGLM7X.sys -- (SetupNTGLM7X)
DRV - File not found [Kernel | Disabled | Stopped] -- C:\WINNT\System32\DRIVERS\parallel.sys -- (Parallel)
DRV - File not found [Kernel | On_Demand | Stopped] -- D:\NTACCESS.sys -- (NTACCESS)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\PROGRA~1\COMMON~1\Motive\MRENDIS5.SYS -- (MRENDIS5)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\PROGRA~1\COMMON~1\Motive\MREMPR5.SYS -- (MREMPR5)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\DOCUME~1\Doug1\LOCALS~1\Temp\kbeepm.sys -- (kbeepm)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\WINNT\System32\DRIVERS\HIDSwvd.sys -- (HIDSwvd)
DRV - File not found [Kernel | On_Demand | Stopped] -- D:\INSTALL\GMSIPCI.SYS -- (GMSIPCI)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\WINNT\System32\DRIVERS\GcKernel.sys -- (GcKernel)
DRV - [2010/11/03 09:32:59 | 000,126,856 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\WINNT\system32\drivers\avipbb.sys -- (avipbb)
DRV - [2010/11/03 09:32:59 | 000,060,936 | ---- | M] (Avira GmbH) [File_System | Auto | Running] -- C:\WINNT\system32\drivers\avgntflt.sys -- (avgntflt)
DRV - [2010/11/01 20:45:56 | 000,012,552 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\WINNT\system32\drivers\hddirect.sys -- (HDDirect)
DRV - [2010/07/27 03:47:30 | 000,020,096 | ---- | M] (Printing Communications Assoc., Inc. (PCAUSA)) [Kernel | On_Demand | Running] -- C:\Program Files\Common Files\Motive\MRESP50.sys -- (MRESP50)
DRV - [2010/07/27 03:47:10 | 000,021,248 | ---- | M] (Printing Communications Assoc., Inc. (PCAUSA)) [Kernel | On_Demand | Stopped] -- C:\Program Files\Common Files\Motive\MREMP50.sys -- (MREMP50)
DRV - [2010/01/21 00:59:58 | 000,020,864 | ---- | M] (LG Electronics Inc.) [Kernel | On_Demand | Stopped] -- C:\WINNT\system32\drivers\lgusbdiag.sys -- (UsbDiag)
DRV - [2010/01/21 00:59:58 | 000,019,840 | ---- | M] (LG Electronics Inc.) [Kernel | On_Demand | Stopped] -- C:\WINNT\system32\drivers\lgusbgps.sys -- (UsbGps)
DRV - [2010/01/21 00:59:56 | 000,024,960 | ---- | M] (LG Electronics Inc.) [Kernel | On_Demand | Stopped] -- C:\WINNT\system32\drivers\lgusbmodem.sys -- (USBModem)
DRV - [2010/01/21 00:59:56 | 000,013,056 | ---- | M] (LG Electronics Inc.) [Kernel | On_Demand | Stopped] -- C:\WINNT\system32\drivers\lgusbbus.sys -- (usbbus)
DRV - [2009/05/11 10:49:19 | 000,011,608 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Program Files\Avira\AntiVir Desktop\avgio.sys -- (avgio)
DRV - [2009/05/11 08:12:49 | 000,028,520 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\WINNT\system32\drivers\ssmdrv.sys -- (ssmdrv)
DRV - [2007/03/07 17:51:00 | 000,009,464 | ---- | M] (Sonic Solutions) [Kernel | System | Running] -- C:\WINNT\System32\drivers\cdralw2k.sys -- (Cdralw2k)
DRV - [2007/03/07 17:51:00 | 000,009,336 | ---- | M] (Sonic Solutions) [Kernel | System | Running] -- C:\WINNT\System32\drivers\cdr4_2k.sys -- (Cdr4_2K)
DRV - [2005/07/07 06:00:32 | 000,173,568 | R--- | M] (Saitek) [Kernel | On_Demand | Stopped] -- C:\WINNT\system32\drivers\SaiH040B.sys -- (SaiH040B)
DRV - [2005/07/07 06:00:32 | 000,026,496 | R--- | M] (Saitek) [Kernel | On_Demand | Stopped] -- C:\WINNT\system32\drivers\SaiU040B.sys -- (SaiU040B)
DRV - [2004/08/25 14:28:46 | 000,787,456 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Running] -- C:\WINNT\system32\drivers\ati2mtag.sys -- (ati2mtag)
DRV - [2004/08/04 06:00:00 | 000,015,360 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\WINNT\system32\drivers\mpe.sys -- (MPE)
DRV - [2004/08/03 23:07:56 | 000,059,264 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\WINNT\system32\drivers\usbaudio.sys -- (usbaudio) USB Audio Driver (WDM)
DRV - [2004/04/14 13:08:00 | 000,044,064 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Running] -- C:\WINNT\system32\drivers\WmXlCore.sys -- (WmXlCore)
DRV - [2004/04/14 13:08:00 | 000,021,280 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Stopped] -- C:\WINNT\system32\drivers\WmFilter.sys -- (WmFilter)
DRV - [2004/04/14 13:08:00 | 000,010,144 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Running] -- C:\WINNT\system32\drivers\WmBEnum.sys -- (WmBEnum)
DRV - [2004/04/14 13:08:00 | 000,005,600 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Stopped] -- C:\WINNT\system32\drivers\WmVirHid.sys -- (WmVirHid)
DRV - [2004/04/01 07:56:00 | 000,404,990 | ---- | M] (Smart Link) [Kernel | On_Demand | Running] -- C:\WINNT\system32\drivers\slntamr.sys -- (Slntamr)
DRV - [2004/04/01 07:56:00 | 000,126,686 | ---- | M] (Smart Link) [Kernel | On_Demand | Running] -- C:\WINNT\system32\drivers\mtlmnt5.sys -- (Mtlmnt5)
DRV - [2004/02/12 03:09:40 | 000,057,968 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Stopped] -- C:\Program Files\Symantec\SYMEVENT.SYS -- (SymEvent)
DRV - [2004/01/28 15:37:46 | 000,180,360 | ---- | M] (Smart Link) [Kernel | On_Demand | Stopped] -- C:\WINNT\system32\drivers\ntmtlfax.sys -- (NtMtlFax)
DRV - [2004/01/28 15:26:28 | 000,095,424 | ---- | M] (Smart Link) [Kernel | On_Demand | Stopped] -- C:\WINNT\system32\drivers\slnthal.sys -- (SlNtHal)
DRV - [2004/01/28 14:46:22 | 001,309,184 | ---- | M] (Smart Link) [Kernel | On_Demand | Stopped] -- C:\WINNT\system32\drivers\mtlstrm.sys -- (Mtlstrm)
DRV - [2004/01/28 14:20:44 | 000,013,240 | ---- | M] (Smart Link) [Kernel | On_Demand | Running] -- C:\WINNT\system32\drivers\slwdmsup.sys -- (SlWdmSup)
DRV - [2004/01/14 18:47:58 | 000,004,480 | ---- | M] (Sony Corporation) [Kernel | On_Demand | Stopped] -- C:\WINNT\system32\drivers\SonyUSBF.sys -- (SONYFILT)
DRV - [2004/01/13 15:03:30 | 000,013,776 | ---- | M] (Smart Link) [Kernel | Boot | Running] -- C:\WINNT\system32\DRIVERS\RecAgent.sys -- (RecAgent)
DRV - [2003/11/26 18:42:06 | 000,028,442 | ---- | M] (Sony Corporation) [Kernel | Boot | Running] -- C:\WINNT\system32\DRIVERS\SonySDK2.sys -- (SonySDK2)
DRV - [2003/08/21 02:31:52 | 000,462,940 | R--- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Running] -- C:\WINNT\system32\drivers\ALCXWDM.SYS -- (ALCXWDM) Service for Realtek AC97 Audio (WDM)
DRV - [2003/08/14 09:16:38 | 000,404,736 | R--- | M] (Sensaura Ltd) [Kernel | On_Demand | Running] -- C:\WINNT\system32\drivers\ALCXSENS.SYS -- (ALCXSENS)
DRV - [2003/06/19 13:05:04 | 000,049,776 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\WINNT\system32\drivers\usbhub20.sys -- (usbhub20)
DRV - [2003/04/10 12:42:56 | 000,048,384 | ---- | M] (Saitek) [Kernel | On_Demand | Stopped] -- C:\WINNT\system32\drivers\SaiNtHid.sys -- (SaiNtHid)
DRV - [2003/04/10 12:42:32 | 000,019,200 | ---- | M] (Saitek) [Kernel | On_Demand | Stopped] -- C:\WINNT\system32\drivers\saintsub.sys -- (SaiNtSub)
DRV - [2002/10/03 19:53:08 | 000,049,399 | R--- | M] (Realtek Semiconductor Corporation ) [Kernel | On_Demand | Running] -- C:\WINNT\system32\drivers\R8139n5.sys -- (rtl8139)
DRV - [2002/02/11 12:51:00 | 000,033,496 | ---- | M] (Symantec Corporation) [Kernel | Disabled | Stopped] -- C:\WINNT\system32\drivers\AW_HOST5.sys -- (AW_HOST)
DRV - [2001/11/09 04:58:22 | 000,017,648 | R--- | M] (MCCI) [Kernel | On_Demand | Stopped] -- C:\WINNT\system32\drivers\pc22nd5.sys -- (pc22nd5) Toshiba PCX2200 USB Cable Modem networking driver (NDIS)
DRV - [2001/11/09 04:58:14 | 000,069,744 | R--- | M] (MCCI) [Kernel | On_Demand | Stopped] -- C:\WINNT\system32\drivers\pc22unic.sys -- (pc22unic)
DRV - [2001/10/09 12:50:00 | 000,014,944 | ---- | M] (Symantec Corporation) [Kernel | Boot | Running] -- C:\WINNT\System32\drivers\GERNUWA.SYS -- (Gernuwa)
DRV - [2001/08/17 13:28:02 | 000,907,456 | ---- | M] (Conexant) [Kernel | On_Demand | Stopped] -- C:\WINNT\system32\drivers\HCF_MSFT.sys -- (HCF_MSFT)
DRV - [2000/09/11 12:50:00 | 000,010,816 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\WINNT\System32\Drivers\awlegacy.sys -- (awlegacy)
DRV - [2000/03/29 17:11:20 | 000,008,096 | ---- | M] (MicroStaff Co.,Ltd.) [Kernel | Auto | Running] -- C:\WINNT\System32\drivers\MASPINT.SYS -- (MASPINT)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\WINNT\system32\blank.htm
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchMigratedDefaultName = Google
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchMigratedDefaultURL = http://www.google.com/search?q={searchTerms}
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

========== FireFox ==========

FF - prefs.js..browser.startup.homepage: "http://en-US.start3.mozilla.com/firefox?client=firefox-a&rls=org.mozilla:en-US:official"
FF - prefs.js..extensions.enabledItems: en-US@dictionaries.addons.mozilla.org:5.0.1
FF - prefs.js..extensions.enabledItems: {888d99e7-e8b5-46a3-851e-1ec45da1e644}:4.0.0
FF - prefs.js..extensions.enabledItems: {E2883E8F-472F-4fb0-9522-AC9BF37916A7}:1.6.2.91
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}:6.0.22
FF - prefs.js..extensions.enabledItems: jqs@sun.com:1.0
FF - prefs.js..network.proxy.no_proxies_on: "*.local"


FF - HKLM\software\mozilla\Mozilla Firefox 3.6.12\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2010/11/06 09:14:59 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.12\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2010/11/01 15:45:37 | 000,000,000 | ---D | M]

[2010/04/08 10:04:47 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Doug1\Application Data\Mozilla\Extensions
[2010/11/07 21:41:19 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Doug1\Application Data\Mozilla\Firefox\Profiles\l6nqpar3.default\extensions
[2010/10/28 21:56:03 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Documents and Settings\Doug1\Application Data\Mozilla\Firefox\Profiles\l6nqpar3.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}(2)
[2010/07/18 12:36:17 | 000,000,000 | ---D | M] (ReloadEvery) -- C:\Documents and Settings\Doug1\Application Data\Mozilla\Firefox\Profiles\l6nqpar3.default\extensions\{888d99e7-e8b5-46a3-851e-1ec45da1e644}
[2010/05/28 08:36:40 | 000,000,000 | ---D | M] (ReloadEvery) -- C:\Documents and Settings\Doug1\Application Data\Mozilla\Firefox\Profiles\l6nqpar3.default\extensions\{888d99e7-e8b5-46a3-851e-1ec45da1e644}(2)
[2010/09/10 09:57:37 | 000,000,000 | ---D | M] (Adobe DLM (powered by getPlus®)) -- C:\Documents and Settings\Doug1\Application Data\Mozilla\Firefox\Profiles\l6nqpar3.default\extensions\{E2883E8F-472F-4fb0-9522-AC9BF37916A7}
[2010/05/10 20:28:05 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Doug1\Application Data\Mozilla\Firefox\Profiles\l6nqpar3.default\extensions\en-US@dictionaries.addons.mozilla(2).org
[2010/09/22 07:47:08 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Doug1\Application Data\Mozilla\Firefox\Profiles\l6nqpar3.default\extensions\en-US@dictionaries.addons.mozilla.org
[2010/11/07 21:41:19 | 000,000,000 | ---D | M] -- C:\Program Files\Mozilla Firefox\extensions
[2010/10/31 12:01:12 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}
[2010/10/28 22:26:26 | 000,472,808 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Mozilla Firefox\plugins\npdeployJava1.dll
[2010/01/30 22:15:48 | 000,064,000 | ---- | M] (Nullsoft, Inc.) -- C:\Program Files\Mozilla Firefox\plugins\npwachk.dll

O1 HOSTS File: ([2010/08/17 14:51:54 | 000,416,619 | ---- | M]) - C:\WINNT\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: 127.0.0.1 www.007guard.com
O1 - Hosts: 127.0.0.1 007guard.com
O1 - Hosts: 127.0.0.1 008i.com
O1 - Hosts: 127.0.0.1 www.008k.com
O1 - Hosts: 127.0.0.1 008k.com
O1 - Hosts: 127.0.0.1 www.00hq.com
O1 - Hosts: 127.0.0.1 00hq.com
O1 - Hosts: 127.0.0.1 010402.com
O1 - Hosts: 127.0.0.1 www.032439.com
O1 - Hosts: 127.0.0.1 032439.com
O1 - Hosts: 127.0.0.1 www.0scan.com
O1 - Hosts: 127.0.0.1 0scan.com
O1 - Hosts: 127.0.0.1 1000gratisproben.com
O1 - Hosts: 127.0.0.1 www.1000gratisproben.com
O1 - Hosts: 127.0.0.1 1001namen.com
O1 - Hosts: 127.0.0.1 www.1001namen.com
O1 - Hosts: 127.0.0.1 100888290cs.com
O1 - Hosts: 127.0.0.1 www.100888290cs.com
O1 - Hosts: 127.0.0.1 www.100sexlinks.com
O1 - Hosts: 127.0.0.1 100sexlinks.com
O1 - Hosts: 127.0.0.1 10sek.com
O1 - Hosts: 127.0.0.1 www.10sek.com
O1 - Hosts: 127.0.0.1 www.1-2005-search.com
O1 - Hosts: 127.0.0.1 1-2005-search.com
O1 - Hosts: 14381 more lines...
O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - No CLSID value found.
O2 - BHO: (AcroIEHlprObj Class) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
O2 - BHO: (AT&&T Toolbar) - {4E7BD74F-2B8D-469E-94BE-FD60BB9AAE29} - C:\Program Files\ATTToolbar\ATTToolbar.dll (AT&T)
O2 - BHO: (Spybot-S&D IE Protection) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O2 - BHO: (no name) - {57A70350-87D9-4EA2-B3AC-C1C1B5296035} - No CLSID value found.
O2 - BHO: (no name) - {FDD3B846-8D59-4ffb-8758-209B6AD74ACC} - C:\Program Files\Microsoft Money\System\mnyviewer.dll (Microsoft Corporation)
O3 - HKLM\..\Toolbar: (AT&&T Toolbar) - {4E7BD74F-2B8D-469E-94BE-FD60BB9AAE29} - C:\Program Files\ATTToolbar\ATTToolbar.dll (AT&T)
O3 - HKCU\..\Toolbar\ShellBrowser: (no name) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (AT&&T Toolbar) - {4E7BD74F-2B8D-469E-94BE-FD60BB9AAE29} - C:\Program Files\ATTToolbar\ATTToolbar.dll (AT&T)
O4 - HKLM..\Run: [{0228e555-4f9c-4e35-a3ec-b109a192b4c2}] C:\Program Files\Google\Gmail Notifier\gnotify.exe (Google Inc.)
O4 - HKLM..\Run: [ATICCC] C:\Program Files\ATI Technologies\ATI.ACE\CLIStart.exe ()
O4 - HKLM..\Run: [ATT-SST_McciTrayApp] C:\Program Files\ATT-SST\McciTrayApp.exe (Alcatel-Lucent)
O4 - HKLM..\Run: [avgnt] C:\Program Files\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH)
O4 - HKLM..\Run: [REGSHAVE] C:\Program Files\REGSHAVE\REGSHAVE.EXE (FUJI PHOTO FILM CO., LTD.)
O4 - HKLM..\Run: [SoundMan] C:\WINNT\SOUNDMAN.EXE (Realtek Semiconductor Corp.)
O4 - HKCU..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe (Safer-Networking Ltd.)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe (Adobe Systems Incorporated)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Exif Launcher.lnk = C:\Program Files\FinePixViewer\QuickDCF.exe (FUJI PHOTO FILM CO., LTD.)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Infodelivery present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: LinkResolveIgnoreLinkInfo = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoResolveSearch = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: CDRAutoRun = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: LinkResolveIgnoreLinkInfo = 0
O9 - Extra 'Tools' menuitem : Spybot - Search && Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O9 - Extra Button: MoneySide - {E023F504-0C5A-4750-A1E7-A9046DEA8A21} - C:\Program Files\Microsoft Money\System\mnyviewer.dll (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O15 - HKCU\..Trusted Domains: motive.com ([patttbc.att] https in Trusted sites)
O16 - DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} http://www.apple.com/qtactivex/qtplugin.cab (QuickTime Object)
O16 - DPF: {39B0684F-D7BF-4743-B050-FDC3F48F7E3B} http://www.fileplanet.com/fpdlmgr/cabs/FPDC_2.1.2.76.cab (Reg Error: Value error.)
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} http://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1263239764281 (WUWebControl Class)
O16 - DPF: {6F15128C-E66A-490C-B848-5000B5ABEEAC} https://h20436.www2.hp.com/ediags/dex/secure/HPDEXAXO.cab (HP Download Manager)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab (Java Plug-in 1.6.0_22)
O16 - DPF: {9F1C11AA-197B-4942-BA54-47A8489BB47F} http://v4.windowsupdate.microsoft.com/CAB/x86/unicode/iuctl.CAB?38022.6555671296 (Reg Error: Value error.)
O16 - DPF: {A3256902-51FA-45A0-8A97-FC1143C169D9} http://support.microsoft.com/mats/DiagWebControl.cab (Diagnostics ActiveX WebControl)
O16 - DPF: {A9F8D9EC-3D0A-4A60-BD82-FBD64BAD370D} http://h20264.www2.hp.com/ediags/dd/install/HPDriverDiagnosticsxp2k.cab (Reg Error: Value error.)
O16 - DPF: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab (Java Plug-in 1.6.0_22)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab (Java Plug-in 1.6.0_22)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object)
O16 - DPF: DirectAnimation Java Classes file://C:\WINNT\Java\classes\dajava.cab (Reg Error: Key error.)
O16 - DPF: Microsoft XML Parser for Java file://C:\WINNT\Java\classes\xmldso.cab (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.254
O18 - Protocol\Handler\vnd.ms.radio {3DA2AA3B-3D96-11D2-9BD2-204C4F4F5020} - C:\WINNT\system32\msdxm.ocx ()
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINNT\explorer.exe (Microsoft Corporation)
O20 - Winlogon\Notify\AtiExtEvent: DllName - Ati2evxx.dll - C:\WINNT\System32\ati2evxx.dll ()
O20 - Winlogon\Notify\NavLogon: DllName - C:\WINNT\system32\NavLogon.dll - C:\WINNT\system32\NavLogon.dll ()
O20 - Winlogon\Notify\PCANotify: DllName - PCANotify.dll - C:\WINNT\System32\PCANotify.dll (Symantec Corporation)
O20 - Winlogon\Notify\wzcnotif: DllName - wzcdlg.dll - C:\WINNT\System32\wzcdlg.dll (Microsoft Corporation)
O24 - Desktop WallPaper: C:\Documents and Settings\Doug1\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O24 - Desktop BackupWallPaper: C:\Documents and Settings\Doug1\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2010/01/03 11:51:29 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

MsConfig - Services: "MDM"
MsConfig - StartUpFolder: C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Adobe Gamma Loader.exe.lnk - C:\PROGRA~1\COMMON~1\Adobe\CALIBR~1\ADOBEG~1.EXE - File not found
MsConfig - StartUpFolder: C:^Documents and Settings^All Users^Start Menu^Programs^Startup^ATI CATALYST System Tray.lnk - C:\Program Files\ATI Technologies\ATI.ACE\CLI.exe - (ATI Technologies Inc.)
MsConfig - StartUpFolder: C:^Documents and Settings^All Users^Start Menu^Programs^Startup^InterVideo WinCinema Manager.lnk - C:\Program Files\InterVideo\Common\Bin\WinCinemaMgr.exe - ()
MsConfig - StartUpFolder: C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Microsoft Office.lnk - C:\Program Files\Microsoft Office\Office10\OSA.EXE - (Microsoft Corporation)
MsConfig - StartUpReg: Ahoa - hkey= - key= - C:\Documents and Settings\Doug1\Application Data\fѕhpl.exe File not found
MsConfig - StartUpReg: ATICCC - hkey= - key= - C:\Program Files\ATI Technologies\ATI.ACE\cli.exe (ATI Technologies Inc.)
MsConfig - StartUpReg: ATIPTA - hkey= - key= - C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe (ATI Technologies, Inc.)
MsConfig - StartUpReg: Daemon14 - hkey= - key= - C:\PROGRA~1\MI948F~1\GAMECO~1\STRATE~1\daemon14.exe File not found
MsConfig - StartUpReg: MoneyAgent - hkey= - key= - C:\Program Files\Microsoft Money\System\Money Express.exe (Microsoft Corporation)
MsConfig - StartUpReg: MoneyStartUp10.0 - hkey= - key= - C:\Program Files\Microsoft Money\System\Activation.exe (Microsoft Corporation)
MsConfig - StartUpReg: MsnMsgr - hkey= - key= - C:\Program Files\MSN Messenger\MsnMsgr.Exe File not found
MsConfig - StartUpReg: NeroCheck - hkey= - key= - File not found
MsConfig - StartUpReg: P2P Networking - hkey= - key= - File not found
MsConfig - StartUpReg: QuickTime Task - hkey= - key= - C:\Program Files\QuickTime\qttask.exe (Apple Inc.)
MsConfig - StartUpReg: SoundMan - hkey= - key= - C:\WINNT\SOUNDMAN.EXE (Realtek Semiconductor Corp.)
MsConfig - StartUpReg: Steam - hkey= - key= - File not found
MsConfig - StartUpReg: Swapper - hkey= - key= - C:\Program Files\Revolutionary Stuff\Swapper.NET\Swapper.exe File not found
MsConfig - StartUpReg: TkBellExe - hkey= - key= - C:\Program Files\Common Files\Real\Update_OB\realsched.exe File not found
MsConfig - StartUpReg: Uthc - hkey= - key= - File not found
MsConfig - State: "system.ini" - 0
MsConfig - State: "win.ini" - 0
MsConfig - State: "bootini" - 0
MsConfig - State: "services" - 2
MsConfig - State: "startup" - 2

SafeBootMin: Base - Driver Group
SafeBootMin: Boot Bus Extender - Driver Group
SafeBootMin: Boot file system - Driver Group
SafeBootMin: File system - Driver Group
SafeBootMin: Filter - Driver Group
SafeBootMin: HDDirect - C:\WINNT\system32\drivers\hddirect.sys ()
SafeBootMin: HDDirect.sys - C:\WINNT\system32\drivers\hddirect.sys ()
SafeBootMin: PCI Configuration - Driver Group
SafeBootMin: PNP Filter - Driver Group
SafeBootMin: Primary disk - Driver Group
SafeBootMin: SCSI Class - Driver Group
SafeBootMin: sermouse.sys - Driver
SafeBootMin: sglfb.sys - Driver
SafeBootMin: System Bus Extender - Driver Group
SafeBootMin: tga.sys - File not found
SafeBootMin: vga.sys - Driver
SafeBootMin: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers
SafeBootMin: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive
SafeBootMin: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive
SafeBootMin: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller
SafeBootMin: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc
SafeBootMin: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard
SafeBootMin: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse
SafeBootMin: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters
SafeBootMin: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter
SafeBootMin: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System
SafeBootMin: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive
SafeBootMin: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume
SafeBootMin: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices

ActiveX: {02f78298-8af6-495c-9ecb-b6ae68678186} - KB867282
ActiveX: {04d6265d-6b5d-41c3-9e7c-48be15919643} - KB890923
ActiveX: {08B0E5C0-4FCB-11CF-AAA5-00401C608500} - Microsoft VM
ActiveX: {08B0E5C0-4FCB-11CF-AAA5-00401C608555} - Internet Explorer Classes for Java
ActiveX: {0fde1f56-0d59-4fd7-9624-e3df6b419d0e} - Internet Explorer ReadMe
ActiveX: {0fde1f56-0d59-4fd7-9624-e3df6b419d0f} - IEEX
ActiveX: {10072CEC-8CC1-11D1-986E-00A0C955B42F} - Vector Graphics Rendering (VML)
ActiveX: {16f41c69-09f5-41d2-8cd8-3c08c47bc8a8} - Background copy queue manager
ActiveX: {1b0357b8-e3fb-4918-915c-a8eb232c273e} - KB973354
ActiveX: {1d939273-21ce-4e7f-be14-490866ec66c2} - KB976325
ActiveX: {1F328542-A57F-4B24-844A-4984487EF03D} - Microsoft .NET Framework 1.1 Security Update (KB971108)
ActiveX: {2179C5D3-EBFF-11CF-B6FD-00AA00B4E220} - NetShow
ActiveX: {2298d453-bcae-4519-bf33-1cbf3faf1524} - Q867801
ActiveX: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Microsoft Windows Media Player 6.4
ActiveX: {2337076a-dd0c-43a6-8d85-54070578a42f} - KB912812
ActiveX: {28023b22-f71e-43e8-8ea4-de315462878d} - KB933566
ActiveX: {283807B5-2C60-11D0-A31D-00AA00B92C03} - DirectAnimation
ActiveX: {28FD0F82-4A73-4453-84A6-2F4F62702A3F} - Background copy downloader
ActiveX: {2A3320D6-C805-4280-B423-B665BDE33D8F} - Microsoft .NET Framework 1.1 Security Update (KB979906)
ActiveX: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll
ActiveX: {2cc9d512-6db6-4f1c-8979-9a41fae88de0} - Q837009
ActiveX: {36f8ec70-c29a-11d1-b5c7-0000f8051515} - Dynamic HTML Data Binding for Java
ActiveX: {3af36230-a269-11d1-b5bf-0000f8051515} - Offline Browsing Pack
ActiveX: {3bf42070-b3b1-11d1-b5c5-0000f8051515} - Uniscribe
ActiveX: {3e7bb08a-a7a3-4692-8eac-ac5e7895755b} - KB834707
ActiveX: {411EDCF7-755D-414E-A74B-3DCD6583F589} - Microsoft .NET Framework 1.1 Service Pack 1 (KB867460)
ActiveX: {4278c270-a269-11d1-b5bf-0000f8051515} - Advanced Authoring
ActiveX: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles%\Outlook Express\setup50.exe" /APP:OE /CALLER:WINNT /user /install
ActiveX: {44BBA842-CC51-11CF-AAFA-00AA00B6015B} - rundll32.exe advpack.dll,LaunchINFSection C:\WINNT\INF\msnetmtg.inf,NetMtg.Install.PerUser.NT
ActiveX: {44BBA848-CC51-11CF-AAFA-00AA00B6015C} - DirectShow
ActiveX: {44BBA855-CC51-11CF-AAFA-00AA00B6015C} - Microsoft DirectX
ActiveX: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx
ActiveX: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer Help
ActiveX: {4d64f3ba-f112-4efe-a02e-96680859937c} - KB918899
ActiveX: {4f216970-c90c-11d1-b5c7-0000f8051515} - DirectAnimation Java Classes
ActiveX: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.6
ActiveX: {5945c046-1e7d-11d1-bc44-00c04fd912be} - rundll32.exe advpack.dll,LaunchINFSection C:\WINNT\INF\msmsgs.inf,BLC.QuietInstall.PerUser
ActiveX: {5A8D6EE0-3E18-11D0-821E-444553540000} - ICW
ActiveX: {5c9ff2bf-938d-47fe-85d9-9dbab4f65018} - KB897715
ActiveX: {5f3c70b3-ac2f-432c-8f9c-1624df61f54f} - Microsoft Data Access Components KB870669
ActiveX: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools
ActiveX: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsing Enhancements
ActiveX: {685e3910-1f77-49b9-9434-50bcd95c51ab} - KB905495
ActiveX: {689e5762-8d75-4346-90cf-bc1902c32d63} - KB896688
ActiveX: {6A5110B5-E14B-4268-A065-EF89FF33C325} - regsvr32.exe /s /n /i:"S 2 true 3 true 4 true 5 true 6 true 7 true" initpki.dll
ActiveX: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - Microsoft Windows Media Player
ActiveX: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - MSN Site Access
ActiveX: {7131646D-CD3C-40F4-97B9-CD9E4E6262EF} - .NET Framework
ActiveX: {73fa19d0-2d75-11d2-995d-00c04f98bbc9} - Web Folders
ActiveX: {7790769C-0471-11d2-AF11-00C04FA35D02} - "%ProgramFiles%\Outlook Express\setup50.exe" /APP:WAB /CALLER:WINNT /user /install
ActiveX: {795d0712-722c-43ec-906a-fc5e678eada9} - Q831167
ActiveX: {79844cfb-ac65-4e10-a06a-c974234f40d0} - KB883939
ActiveX: {82ced0ff-a00d-4405-ba5f-ef4699159333} - KB896727
ActiveX: {839117ee-2132-4bae-a56a-42b50204c9b9} - KB889293
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4383} - C:\WINNT\system32\ie4uinit.exe -BaseSettings
ActiveX: {89B4C1CD-B018-4511-B0A1-5476DBF70820} - c:\WINNT\system32\Rundll32.exe c:\WINNT\system32\mscories.dll,Install
ActiveX: {8ade8c02-8da6-4ec1-a9ee-ec00ff73ce98} - Internet Explorer Q903235
ActiveX: {8b15971b-5355-4c82-8c07-7e181ea07608} - rundll32.exe advpack.dll,LaunchINFSection C:\WINNT\INF\fxsocm.inf,Fax.UnInstall.PerUser
ActiveX: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML Data Binding
ActiveX: {94de52c8-2d59-4f1b-883e-79663d2d9a8c} - rundll32.exe C:\WINNT\system32\Setup\FxsOcm.dll,XP_UninstallProvider
ActiveX: {9EF0045A-CDD9-438e-95E6-02B9AFEC8E11} - %SystemRoot%\System32\updcrl.exe -e -u %SystemRoot%\System32\verisignpub1.crl
ActiveX: {A00BF2EB-56EE-4fde-B5EA-6A8FA425B2A5} - W2KAppComp
ActiveX: {A17E30C4-A9BA-11D4-8673-60DB54C10000} - Reg Error: Value error.
ActiveX: {a5653fdf-8d3a-451b-937f-6c7534804953} - KB923694
ActiveX: {AA218328-0EA8-4D70-8972-E987A9190FF4} - Reg Error: Value error.
ActiveX: {ACC563BC-4266-43f0-B6ED-9D38C4202C7E} -
ActiveX: {ae594d5e-dd07-4e54-8252-daa5aebbd4ec} - KB905915
ActiveX: {b6609c7e-4ad5-4b8b-9da5-9edbc50f7592} - KB958869
ActiveX: {C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F} - .NET Framework
ActiveX: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer Core Fonts
ActiveX: {CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1} - .NET Framework
ActiveX: {CC2A9BA0-3BDD-11D0-821E-444553540000} - Task Scheduler
ActiveX: {CDD7975E-60F8-41d5-8149-19E51D6F71D0} - Windows Movie Maker v2.1
ActiveX: {D27CDB6E-AE6D-11cf-96B8-444553540000} - Adobe Flash Player
ActiveX: {dc0d5f50-5f0b-46bf-8683-93ac61c67001} - Q833989
ActiveX: {dd772a76-bef3-44d7-8b39-502c8504c1f1} - KB925486
ActiveX: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML Help
ActiveX: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface
ActiveX: {eddbec60-89cb-44ef-8291-0850fd28ff6a} - Q832894
ActiveX: {EF289A85-8E57-408d-BE47-73B55609861A} - RootsUpdate
ActiveX: {f15ee071-deb7-4cbb-951f-431c98338d8e} - KB911567
ActiveX: {f4de1058-dafc-4d16-b294-6ea1125bf3d3} - KB929969
ActiveX: {f5173cf0-1dfb-4978-8e50-a90169ee7ca9} - Q823353
ActiveX: {f54910c7-a2f3-4ca4-81b2-4a43a5e2680a} - KB916281
ActiveX: {F5776D81-AE53-4935-8E84-B0B283D8BCEF} - Q330994
ActiveX: <{12d0ed0d-0ee0-4f90-8827-78cefb8f4988} - C:\WINNT\system32\ieudinit.exe
ActiveX: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - C:\WINNT\inf\unregmp2.exe /ShowWMP
ActiveX: >{26923b43-4d38-484f-9b9e-de460746276c} - C:\WINNT\system32\ie4uinit.exe -UserIconConfig
ActiveX: >{60B49E34-C7CC-11D0-8953-00A0C90347FF} - RunDLL32 IEDKCS32.DLL,BrandIE4 SIGNUP
ActiveX: >{60B49E34-C7CC-11D0-8953-00A0C90347FF}MICROS - RunDLL32 IEDKCS32.DLL,BrandIE4 SIGNUP
ActiveX: >{881dd1c5-3dcf-431b-b061-f3f88e8be88a} - %systemroot%\system32\shmgrate.exe OCInstallUserConfigOE

Drivers32: aux - C:\WINNT\System32\mmdrv.dll (Microsoft Corporation)
Drivers32: msacm.iac2 - C:\WINNT\system32\iac25_32.ax (Intel Corporation)
Drivers32: msacm.l3acm - C:\WINNT\System32\l3codecp.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
Drivers32: msacm.lhacm - C:\WINNT\System32\lhacm.acm (Microsoft Corporation)
Drivers32: msacm.sl_anet - C:\WINNT\System32\sl_anet.acm (Sipro Lab Telecom Inc.)
Drivers32: msacm.trspch - C:\WINNT\System32\tssoft32.acm (DSP GROUP, INC.)
Drivers32: msacm.voxacm160 - C:\WINNT\System32\vct3216.acm (Voxware, Inc.)
Drivers32: vidc.cvid - C:\WINNT\System32\iccvid.dll (Radius Inc.)
Drivers32: vidc.DIVX - C:\WINNT\System32\DivX.dll (DivXNetworks)
Drivers32: vidc.iv31 - C:\WINNT\System32\ir32_32.dll ()
Drivers32: vidc.iv32 - C:\WINNT\System32\ir32_32.dll ()
Drivers32: vidc.iv41 - C:\WINNT\System32\ir41_32.ax (Intel Corporation)
Drivers32: vidc.iv50 - C:\WINNT\System32\ir50_32.dll (Intel Corporation)
Drivers32: vidc.VP60 - C:\WINNT\System32\vp6vfw.dll (EA.com/On2.com)
Drivers32: vidc.VP61 - C:\WINNT\System32\vp6vfw.dll (EA.com/On2.com)
Drivers32: vidc.VP62 - C:\WINNT\System32\vp6vfw.dll (EA.com/On2.com)
Drivers32: vidc.yv12 - C:\WINNT\System32\DivX.dll (DivXNetworks)
Drivers32: vidc.yvu9 - C:\WINNT\System32\iyvu9_32.dll ()
Drivers32: wave2 - C:\WINNT\System32\serwvdrv.dll (Microsoft Corporation)
Drivers32: wave3 - C:\WINNT\System32\serwvdrv.dll (Microsoft Corporation)

NetSvcs: 6to4 - File not found
NetSvcs: HidServ - C:\WINNT\System32\hidserv.dll File not found
NetSvcs: Ias - File not found
NetSvcs: Iprip - File not found
NetSvcs: Irmon - File not found
NetSvcs: NWCWorkstation - File not found
NetSvcs: Nwsapagent - File not found
NetSvcs: WmdmPmSp - File not found

========== Files/Folders - Created Within 30 Days ==========

[2010/11/06 10:09:48 | 016,409,960 | ---- | C] (Safer Networking Limited ) -- C:\Program Files\spybotsd162.exe
[2010/11/06 09:25:49 | 001,327,752 | ---- | C] (Mxpie.com ) -- C:\Program Files\Winmx 3.54.exe
[2010/11/06 08:37:20 | 000,575,488 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Doug1\Desktop\OTL.exe
[2010/11/03 11:11:14 | 000,000,000 | RH-D | C] -- C:\Documents and Settings\Doug1\Recent
[2010/11/02 00:01:27 | 000,116,224 | ---- | C] (Xerox) -- C:\WINNT\System32\dllcache\xrxwiadr.dll
[2010/11/02 00:01:23 | 000,023,040 | ---- | C] (Xerox Corporation) -- C:\WINNT\System32\dllcache\xrxwbtmp.dll
[2010/11/02 00:01:12 | 000,004,608 | ---- | C] (Microsoft Corporation) -- C:\WINNT\System32\dllcache\xrxflnch.exe
[2010/11/02 00:00:53 | 000,099,865 | ---- | C] (Eicon Technology) -- C:\WINNT\System32\dllcache\xlog.exe
[2010/11/02 00:00:49 | 000,016,970 | ---- | C] (US Robotics MCD (Megahertz)) -- C:\WINNT\System32\dllcache\xem336n5.sys
[2010/11/02 00:00:47 | 000,019,455 | ---- | C] (Intel® Corporation) -- C:\WINNT\System32\dllcache\wvchntxx.sys
[2010/11/02 00:00:44 | 000,012,063 | ---- | C] (Intel® Corporation) -- C:\WINNT\System32\dllcache\wsiintxx.sys
[2010/11/02 00:00:44 | 000,008,192 | ---- | C] (Microsoft Corporation) -- C:\WINNT\System32\dllcache\wshirda.dll
[2010/11/02 00:00:30 | 000,008,832 | ---- | C] (Microsoft Corporation) -- C:\WINNT\System32\dllcache\wmiacpi.sys
[2010/11/02 00:00:28 | 000,154,624 | ---- | C] (Lucent Technologies) -- C:\WINNT\System32\dllcache\wlluc48.sys
[2010/11/02 00:00:24 | 000,034,890 | ---- | C] (Raytheon Corp.) -- C:\WINNT\System32\dllcache\wlandrv2.sys
[2010/11/02 00:00:16 | 000,771,581 | ---- | C] (Rockwell) -- C:\WINNT\System32\dllcache\winacisa.sys
[2010/11/02 00:00:11 | 000,053,760 | ---- | C] (Microsoft Corporation) -- C:\WINNT\System32\dllcache\wiamsmud.dll
[2010/11/02 00:00:07 | 000,087,040 | ---- | C] (Microsoft Corporation) -- C:\WINNT\System32\dllcache\wiafbdrv.dll
[2010/11/02 00:00:02 | 000,701,386 | ---- | C] (3Com Corporation) -- C:\WINNT\System32\dllcache\wdhaalba.sys
[2010/11/02 00:00:01 | 000,031,744 | ---- | C] (Microsoft Corporation) -- C:\WINNT\System32\dllcache\wceusbsh.sys
[2010/11/02 00:00:01 | 000,023,615 | ---- | C] (Intel® Corporation) -- C:\WINNT\System32\dllcache\wch7xxnt.sys
[2010/11/01 23:59:58 | 000,035,871 | ---- | C] (Winbond Electronics Corp.) -- C:\WINNT\System32\dllcache\wbfirdma.sys
[2010/11/01 23:59:55 | 000,025,471 | ---- | C] (Intel® Corporation) -- C:\WINNT\System32\dllcache\watv10nt.sys
[2010/11/01 23:59:54 | 000,033,599 | ---- | C] (Intel® Corporation) -- C:\WINNT\System32\dllcache\watv04nt.sys
[2010/11/01 23:59:54 | 000,022,271 | ---- | C] (Intel® Corporation) -- C:\WINNT\System32\dllcache\watv06nt.sys
[2010/11/01 23:59:53 | 000,019,551 | ---- | C] (Intel® Corporation) -- C:\WINNT\System32\dllcache\watv02nt.sys
[2010/11/01 23:59:52 | 000,029,311 | ---- | C] (Intel® Corporation) -- C:\WINNT\System32\dllcache\watv01nt.sys
[2010/11/01 23:59:49 | 000,011,935 | ---- | C] (Intel® Corporation) -- C:\WINNT\System32\dllcache\wadv11nt.sys
[2010/11/01 23:59:49 | 000,011,871 | ---- | C] (Intel® Corporation) -- C:\WINNT\System32\dllcache\wadv09nt.sys
[2010/11/01 23:59:49 | 000,011,295 | ---- | C] (Intel® Corporation) -- C:\WINNT\System32\dllcache\wadv08nt.sys
[2010/11/01 23:59:48 | 000,011,807 | ---- | C] (Intel® Corporation) -- C:\WINNT\System32\dllcache\wadv07nt.sys
[2010/11/01 23:59:47 | 000,012,127 | ---- | C] (Intel® Corporation) -- C:\WINNT\System32\dllcache\wadv02nt.sys
[2010/11/01 23:59:47 | 000,011,775 | ---- | C] (Intel® Corporation) -- C:\WINNT\System32\dllcache\wadv05nt.sys
[2010/11/01 23:59:46 | 000,012,415 | ---- | C] (Intel® Corporation) -- C:\WINNT\System32\dllcache\wadv01nt.sys
[2010/11/01 23:59:45 | 000,013,568 | ---- | C] (Microsoft Corporation) -- C:\WINNT\System32\dllcache\wacompen.sys
[2010/11/01 23:59:41 | 000,016,925 | ---- | C] (Winbond Electronics Corporation) -- C:\WINNT\System32\dllcache\w940nd.sys
[2010/11/01 23:59:37 | 000,019,016 | ---- | C] (Winbond Electronics Corporation) -- C:\WINNT\System32\dllcache\w926nd.sys
[2010/11/01 23:59:34 | 000,019,528 | ---- | C] (Winbond Electronics Corporation) -- C:\WINNT\System32\dllcache\w840nd.sys
[2010/11/01 23:59:25 | 000,064,605 | ---- | C] (PCtel, Inc.) -- C:\WINNT\System32\dllcache\vvoice.sys
[2010/11/01 23:59:19 | 000,397,502 | ---- | C] (PCtel, Inc.) -- C:\WINNT\System32\dllcache\vpctcom.sys
[2010/11/01 23:59:12 | 000,604,253 | ---- | C] (PCTEL, INC.) -- C:\WINNT\System32\dllcache\vmodem.sys
[2010/11/01 23:59:06 | 000,249,402 | ---- | C] (Xircom) -- C:\WINNT\System32\dllcache\vinwm.sys
[2010/11/01 23:59:05 | 000,028,672 | ---- | C] (Microsoft Corporation) -- C:\WINNT\System32\dllcache\vidcap.ax
[2010/11/01 23:59:00 | 000,024,576 | ---- | C] (VIA Technologies, Inc.) -- C:\WINNT\System32\dllcache\viairda.sys
[2010/11/01 23:58:58 | 000,005,376 | ---- | C] (Microsoft Corporation) -- C:\WINNT\System32\dllcache\viaide.sys
[2010/11/01 23:58:57 | 000,053,760 | ---- | C] (Microsoft Corporation) -- C:\WINNT\System32\dllcache\vfwwdm32.dll
[2010/11/01 23:58:55 | 000,011,325 | ---- | C] (Intel® Corporation) -- C:\WINNT\System32\dllcache\vchnt5.dll
[2010/11/01 23:58:48 | 000,687,999 | ---- | C] (U.S. Robotics Corporation) -- C:\WINNT\System32\dllcache\usrwdxjs.sys
[2010/11/01 23:58:43 | 000,765,884 | ---- | C] (U.S. Robotics, Inc.) -- C:\WINNT\System32\dllcache\usrti.sys
[2010/11/01 23:58:35 | 000,113,762 | ---- | C] (U.S. Robotics Corporation) -- C:\WINNT\System32\dllcache\usrpda.sys
[2010/11/01 23:58:28 | 000,007,556 | ---- | C] (U.S. Robotics Corporation) -- C:\WINNT\System32\dllcache\usroslba.sys
[2010/11/01 23:58:20 | 000,224,802 | ---- | C] (U.S. Robotics Corporation) -- C:\WINNT\System32\dllcache\usr1807a.sys
[2010/11/01 23:58:12 | 000,794,399 | ---- | C] (U.S. Robotics, Inc.) -- C:\WINNT\System32\dllcache\usr1806v.sys
[2010/11/01 23:58:05 | 000,793,598 | ---- | C] (U.S. Robotics, Inc.) -- C:\WINNT\System32\dllcache\usr1806.sys
[2010/11/01 23:57:57 | 000,794,654 | ---- | C] (U.S. Robotics, Inc.) -- C:\WINNT\System32\dllcache\usr1801.sys
[2010/11/01 23:57:55 | 000,078,464 | ---- | C] (Microsoft Corporation) -- C:\WINNT\System32\dllcache\usbvideo.sys
[2010/11/01 23:57:54 | 000,025,600 | ---- | C] (Microsoft Corporation) -- C:\WINNT\System32\dllcache\usbser.sys
[2010/11/01 23:57:51 | 000,012,672 | ---- | C] (Microsoft Corporation) -- C:\WINNT\System32\dllcache\usb8023x.sys
[2010/11/01 23:57:50 | 000,032,384 | ---- | C] (KLSI USA, Inc.) -- C:\WINNT\System32\dllcache\usb101et.sys
[2010/11/01 23:57:39 | 000,094,720 | ---- | C] (Microsoft Corporation) -- C:\WINNT\System32\dllcache\umaxud32.dll
[2010/11/01 23:57:34 | 000,028,160 | ---- | C] (Microsoft Corporation) -- C:\WINNT\System32\dllcache\umaxu40.dll
[2010/11/01 23:57:30 | 000,026,624 | ---- | C] (Microsoft Corporation) -- C:\WINNT\System32\dllcache\umaxu22.dll
[2010/11/01 23:57:25 | 000,069,632 | ---- | C] (Microsoft Corporation) -- C:\WINNT\System32\dllcache\umaxu12.dll
[2010/11/01 23:57:21 | 000,050,688 | ---- | C] (UMAX DATA SYSTEMS INC.) -- C:\WINNT\System32\dllcache\umaxscan.dll
[2010/11/01 23:57:16 | 000,022,912 | ---- | C] (Microsoft Corporation) -- C:\WINNT\System32\dllcache\umaxpcls.sys
[2010/11/01 23:57:12 | 000,050,176 | ---- | C] (Microsoft Corporation) -- C:\WINNT\System32\dllcache\umaxp60.dll
[2010/11/01 23:57:08 | 000,047,616 | ---- | C] (Microsoft Corporation) -- C:\WINNT\System32\dllcache\umaxcam.dll
[2010/11/01 23:57:03 | 000,211,968 | ---- | C] (UMAX Data Systems Inc.) -- C:\WINNT\System32\dllcache\um54scan.dll
[2010/11/01 23:56:59 | 000,216,064 | ---- | C] (UMAX Data Systems Inc.) -- C:\WINNT\System32\dllcache\um34scan.dll
[2010/11/01 23:56:55 | 000,036,736 | ---- | C] (Promise Technology, Inc.) -- C:\WINNT\System32\dllcache\ultra.sys
[2010/11/01 23:56:46 | 000,011,520 | ---- | C] (IBM Corporation) -- C:\WINNT\System32\dllcache\twotrack.sys
[2010/11/01 23:56:30 | 000,166,784 | ---- | C] (Trident Microsystems Inc.) -- C:\WINNT\System32\dllcache\tridxpm.sys
[2010/11/01 23:56:26 | 000,525,568 | ---- | C] (Trident Microsystems Inc.) -- C:\WINNT\System32\dllcache\tridxp.dll
[2010/11/01 23:56:22 | 000,159,232 | ---- | C] (Trident Microsystems Inc.) -- C:\WINNT\System32\dllcache\tridkbm.sys
[2010/11/01 23:56:18 | 000,440,576 | ---- | C] (Trident Microsystems Inc.) -- C:\WINNT\System32\dllcache\tridkb.dll
[2010/11/01 23:56:14 | 000,222,336 | ---- | C] (Trident Microsystems Inc.) -- C:\WINNT\System32\dllcache\trid3dm.sys
[2010/11/01 23:56:10 | 000,315,520 | ---- | C] (Trident Microsystems Inc.) -- C:\WINNT\System32\dllcache\trid3d.dll
[2010/11/01 23:56:04 | 000,034,375 | ---- | C] (Intel Corporation) -- C:\WINNT\System32\dllcache\tpro4.sys
[2010/11/01 23:56:00 | 000,042,496 | ---- | C] (IBM Corporation) -- C:\WINNT\System32\dllcache\tp4res.dll
[2010/11/01 23:55:59 | 000,082,432 | ---- | C] (IBM Corporation) -- C:\WINNT\System32\dllcache\tp4mon.exe
[2010/11/01 23:55:55 | 000,031,744 | ---- | C] (IBM Corporation) -- C:\WINNT\System32\dllcache\tp4.dll
[2010/11/01 23:55:46 | 000,004,992 | ---- | C] (Microsoft Corporation) -- C:\WINNT\System32\dllcache\toside.sys
[2010/11/01 23:55:42 | 000,230,912 | ---- | C] (Toshiba Corporation) -- C:\WINNT\System32\dllcache\tosdvd03.sys
[2010/11/01 23:55:39 | 000,241,664 | ---- | C] (Toshiba Corporation) -- C:\WINNT\System32\dllcache\tosdvd02.sys
[2010/11/01 23:55:34 | 000,028,232 | ---- | C] (TOSHIBA Corporation) -- C:\WINNT\System32\dllcache\tos4mo.sys
[2010/11/01 23:55:28 | 000,123,995 | ---- | C] (Tiger Jet Network) -- C:\WINNT\System32\dllcache\tjisdn.sys
[2010/11/01 23:55:22 | 000,138,528 | ---- | C] (Trident Microsystems Inc.) -- C:\WINNT\System32\dllcache\tgiulnt5.sys
[2010/11/01 23:55:18 | 000,081,408 | ---- | C] (Trident Microsystems Inc.) -- C:\WINNT\System32\dllcache\tgiul50.dll
[2010/11/01 23:55:17 | 000,149,376 | ---- | C] (M-Systems) -- C:\WINNT\System32\dllcache\tffsport.sys
[2010/11/01 23:55:12 | 000,017,129 | ---- | C] (TDK Corporation) -- C:\WINNT\System32\dllcache\tdkcd31.sys
[2010/11/01 23:55:09 | 000,037,961 | ---- | C] (TDK Corporation) -- C:\WINNT\System32\dllcache\tdk100b.sys
[2010/11/01 23:55:01 | 000,030,464 | ---- | C] (Toshiba Corporation) -- C:\WINNT\System32\dllcache\tbatm155.sys
[2010/11/01 23:54:57 | 000,007,040 | ---- | C] (Microsoft Corporation) -- C:\WINNT\System32\dllcache\tandqic.sys
[2010/11/01 23:54:53 | 000,036,640 | ---- | C] (Number Nine Visual Technology Corp.) -- C:\WINNT\System32\dllcache\t2r4mini.sys
[2010/11/01 23:54:50 | 000,172,768 | ---- | C] (Number Nine Visual Technology) -- C:\WINNT\System32\dllcache\t2r4disp.dll
[2010/11/01 23:54:45 | 000,032,640 | ---- | C] (LSI Logic) -- C:\WINNT\System32\dllcache\symc8xx.sys
[2010/11/01 23:54:42 | 000,016,256 | ---- | C] (Symbios Logic Inc.) -- C:\WINNT\System32\dllcache\symc810.sys
[2010/11/01 23:54:39 | 000,030,688 | ---- | C] (LSI Logic) -- C:\WINNT\System32\dllcache\sym_u3.sys
[2010/11/01 23:54:36 | 000,028,384 | ---- | C] (LSI Logic) -- C:\WINNT\System32\dllcache\sym_hi.sys
[2010/11/01 23:54:32 | 000,094,293 | ---- | C] (Perle Systems Ltd. ) -- C:\WINNT\System32\dllcache\sxports.dll
[2010/11/01 23:54:28 | 000,103,936 | ---- | C] (Perle Systems Ltd. ) -- C:\WINNT\System32\dllcache\sx.sys
[2010/11/01 23:54:24 | 000,003,968 | ---- | C] (Microsoft Corporation) -- C:\WINNT\System32\dllcache\swusbflt.sys
[2010/11/01 23:54:19 | 000,010,240 | ---- | C] (Microsoft Corporation) -- C:\WINNT\System32\dllcache\swpidflt.dll
[2010/11/01 23:54:14 | 000,010,240 | ---- | C] (Microsoft Corporation) -- C:\WINNT\System32\dllcache\swpdflt2.dll
[2010/11/01 23:54:09 | 000,053,760 | ---- | C] (Microsoft Corporation) -- C:\WINNT\System32\dllcache\sw_wheel.dll
[2010/11/01 23:54:05 | 000,041,472 | ---- | C] (Microsoft Corporation) -- C:\WINNT\System32\dllcache\sw_effct.dll
[2010/11/01 23:53:58 | 000,155,648 | ---- | C] (Stallion Technologies) -- C:\WINNT\System32\dllcache\stlnprop.dll
[2010/11/01 23:53:53 | 000,053,248 | ---- | C] (Stallion Technologies) -- C:\WINNT\System32\dllcache\stlncoin.dll
[2010/11/01 23:53:48 | 000,285,760 | ---- | C] (Stallion Technologies) -- C:\WINNT\System32\dllcache\stlnata.sys
[2010/11/01 23:53:42 | 000,016,896 | ---- | C] (SCM Microsystems, Inc.) -- C:\WINNT\System32\dllcache\stcusb.sys
[2010/11/01 23:53:34 | 000,048,736 | ---- | C] (3Com) -- C:\WINNT\System32\dllcache\srwlnd5.sys
[2010/11/01 23:53:29 | 000,099,328 | ---- | C] (Microsoft Corporation) -- C:\WINNT\System32\dllcache\srusd.dll
[2010/11/01 23:53:20 | 000,024,660 | ---- | C] (Perle Systems Ltd.) -- C:\WINNT\System32\dllcache\spxupchk.dll
[2010/11/01 23:53:12 | 000,061,824 | ---- | C] (Perle Systems Ltd.) -- C:\WINNT\System32\dllcache\speed.sys
[2010/11/01 23:53:08 | 000,106,584 | ---- | C] (Perle Systems Ltd.) -- C:\WINNT\System32\dllcache\spdports.dll
[2010/11/01 23:53:03 | 000,019,072 | ---- | C] (Adaptec, Inc.) -- C:\WINNT\System32\dllcache\sparrow.sys
[2010/11/01 23:52:58 | 000,007,552 | ---- | C] (Sony Corporation) -- C:\WINNT\System32\dllcache\sonypvu1.sys
[2010/11/01 23:52:53 | 000,037,040 | ---- | C] (Sony Corporation) -- C:\WINNT\System32\dllcache\sonypi.sys
[2010/11/01 23:52:48 | 000,114,688 | ---- | C] (Sony Corporation) -- C:\WINNT\System32\dllcache\sonypi.dll
[2010/11/01 23:52:44 | 000,020,752 | ---- | C] (Sony Corporation) -- C:\WINNT\System32\dllcache\sonync.sys
[2010/11/01 23:52:41 | 000,009,600 | ---- | C] (Microsoft Corporation) -- C:\WINNT\System32\dllcache\sonymc.sys
[2010/11/01 23:52:40 | 000,007,552 | ---- | C] (Microsoft Corporation) -- C:\WINNT\System32\dllcache\sonyait.sys
[2010/11/01 23:52:35 | 000,007,040 | ---- | C] (Microsoft Corporation) -- C:\WINNT\System32\dllcache\snyaitmc.sys
[2010/11/01 23:52:27 | 000,058,368 | ---- | C] (Silicon Motion Inc.) -- C:\WINNT\System32\dllcache\smiminib.sys
[2010/11/01 23:52:23 | 000,147,200 | ---- | C] (Silicon Motion Inc.) -- C:\WINNT\System32\dllcache\smidispb.dll
[2010/11/01 23:52:19 | 000,025,034 | ---- | C] (SMC Networks, Inc.) -- C:\WINNT\System32\dllcache\smcpwr2n.sys
[2010/11/01 23:52:16 | 000,035,913 | ---- | C] (SMC) -- C:\WINNT\System32\dllcache\smcirda.sys
[2010/11/01 23:52:13 | 000,024,576 | ---- | C] (SMC Networks, Inc.) -- C:\WINNT\System32\dllcache\smc8000n.sys
[2010/11/01 23:52:09 | 000,006,784 | ---- | C] (Microsoft Corporation) -- C:\WINNT\System32\dllcache\smbhc.sys
[2010/11/01 23:52:08 | 000,016,128 | ---- | C] (Microsoft Corporation) -- C:\WINNT\System32\dllcache\smbbatt.sys
[2010/11/01 23:52:08 | 000,006,912 | ---- | C] (Microsoft Corporation) -- C:\WINNT\System32\dllcache\smbclass.sys
[2010/11/01 23:52:07 | 000,006,016 | ---- | C] (Microsoft Corporation) -- C:\WINNT\System32\dllcache\smbali.sys
[2010/11/01 23:52:03 | 000,045,568 | ---- | C] (Microsoft Corporation) -- C:\WINNT\System32\dllcache\smb3w.dll
[2010/11/01 23:52:00 | 000,033,792 | ---- | C] (Microsoft Corporation) -- C:\WINNT\System32\dllcache\smb0w.dll
[2010/11/01 23:51:56 | 000,028,672 | ---- | C] (Microsoft Corporation) -- C:\WINNT\System32\dllcache\sma0w.dll
[2010/11/01 23:51:51 | 000,028,160 | ---- | C] (Microsoft Corporation) -- C:\WINNT\System32\dllcache\sm91w.dll
[2010/11/01 23:51:38 | 000,129,535 | ---- | C] (Smart Link) -- C:\WINNT\System32\dllcache\slnt7554.sys
[2010/11/01 23:51:33 | 000,063,547 | ---- | C] (Symbol Technologies) -- C:\WINNT\System32\dllcache\sla30nd5.sys
[2010/11/01 23:51:30 | 000,091,294 | ---- | C] (SysKonnect, a business unit of Schneider & Koch & Co. Datensysteme GmbH.) -- C:\WINNT\System32\dllcache\skfpwin.sys
[2010/11/01 23:51:26 | 000,094,698 | ---- | C] (SysKonnect GmbH.) -- C:\WINNT\System32\dllcache\sk98xwin.sys
[2010/11/01 23:51:22 | 000,157,696 | ---- | C] (Silicon Integrated Systems Corporation) -- C:\WINNT\System32\dllcache\sisv256.dll
[2010/11/01 23:51:19 | 000,050,432 | ---- | C] (Silicon Integrated Systems Corporation) -- C:\WINNT\System32\dllcache\sisv.sys
[2010/11/01 23:51:18 | 000,032,768 | ---- | C] (SiS Corporation) -- C:\WINNT\System32\dllcache\sisnic.sys
[2010/11/01 23:51:14 | 000,238,592 | ---- | C] (Silicon Integrated Systems Corporation) -- C:\WINNT\System32\dllcache\sisgrv.dll
[2010/11/01 23:51:11 | 000,104,064 | ---- | C] (Silicon Integrated Systems Corporation) -- C:\WINNT\System32\dllcache\sisgrp.sys
[2010/11/01 23:51:08 | 000,150,144 | ---- | C] (Silicon Integrated Systems Corporation) -- C:\WINNT\System32\dllcache\sis6306v.dll
[2010/11/01 23:51:05 | 000,068,608 | ---- | C] (Silicon Integrated Systems Corporation) -- C:\WINNT\System32\dllcache\sis6306p.sys
[2010/11/01 23:51:02 | 000,252,032 | ---- | C] (Silicon Integrated Systems Corporation) -- C:\WINNT\System32\dllcache\sis300iv.dll
[2010/11/01 23:50:59 | 000,101,760 | ---- | C] (Silicon Integrated Systems Corporation) -- C:\WINNT\System32\dllcache\sis300ip.sys
[2010/11/01 23:50:57 | 000,003,901 | ---- | C] (Intel® Corporation) -- C:\WINNT\System32\dllcache\siint5.dll
[2010/11/01 23:50:48 | 000,161,568 | ---- | C] (Micro Systemation) -- C:\WINNT\System32\dllcache\sgsmusb.sys
[2010/11/01 23:50:45 | 000,018,400 | ---- | C] (Micro Systemation) -- C:\WINNT\System32\dllcache\sgsmld.sys
[2010/11/01 23:50:42 | 000,098,080 | ---- | C] (Trident Microsystems Inc.) -- C:\WINNT\System32\dllcache\sgiulnt5.sys
[2010/11/01 23:50:39 | 000,386,560 | ---- | C] (Trident Microsystems Inc.) -- C:\WINNT\System32\dllcache\sgiul50.dll
[2010/11/01 23:50:36 | 000,036,480 | ---- | C] (Creative Technology Ltd.) -- C:\WINNT\System32\dllcache\sfmanm.sys
[2010/11/01 23:50:32 | 000,006,784 | ---- | C] (Microsoft Corporation) -- C:\WINNT\System32\dllcache\serscan.sys
[2010/11/01 23:50:29 | 000,017,664 | ---- | C] (Microsoft Corporation) -- C:\WINNT\System32\dllcache\sermouse.sys
[2010/11/01 23:50:24 | 000,006,912 | ---- | C] (Microsoft Corporation) -- C:\WINNT\System32\dllcache\seaddsmc.sys
[2010/11/01 23:50:20 | 000,010,880 | ---- | C] (Microsoft Corporation) -- C:\WINNT\System32\dllcache\scsiscan.sys
[2010/11/01 23:50:17 | 000,011,648 | ---- | C] (Microsoft Corporation) -- C:\WINNT\System32\dllcache\scsiprnt.sys
[2010/11/01 23:50:12 | 000,017,280 | ---- | C] (SCM Microsystems) -- C:\WINNT\System32\dllcache\scr111.sys
[2010/11/01 23:50:09 | 000,016,640 | ---- | C] (Microsoft Corporation) -- C:\WINNT\System32\dllcache\scmstcs.sys
[2010/11/01 23:50:05 | 000,023,936 | ---- | C] (OMNIKEY AG) -- C:\WINNT\System32\dllcache\sccmusbm.sys
[2010/11/01 23:50:02 | 000,023,936 | ---- | C] (OMNIKEY AG) -- C:\WINNT\System32\dllcache\sccmn50m.sys
[2010/11/01 23:50:01 | 000,043,136 | ---- | C] (Microsoft Corporation) -- C:\WINNT\System32\dllcache\sbp2port.sys
[2010/11/01 23:49:58 | 000,495,616 | ---- | C] (Creative Technology Ltd.) -- C:\WINNT\System32\dllcache\sblfx.dll
[2010/11/01 23:49:54 | 000,075,392 | ---- | C] (S3 Graphics, Inc.) -- C:\WINNT\System32\dllcache\s3savmxm.sys
[2010/11/01 23:49:51 | 000,245,632 | ---- | C] (S3 Graphics, Inc.) -- C:\WINNT\System32\dllcache\s3savmx.dll
[2010/11/01 23:49:48 | 000,077,824 | ---- | C] (S3 Incorporated) -- C:\WINNT\System32\dllcache\s3sav4m.sys
[2010/11/01 23:49:44 | 000,198,400 | ---- | C] (S3 Incorporated) -- C:\WINNT\System32\dllcache\s3sav4.dll
[2010/11/01 23:49:42 | 000,061,504 | ---- | C] (S3 Incorporated) -- C:\WINNT\System32\dllcache\s3sav3dm.sys
[2010/11/01 23:49:39 | 000,179,264 | ---- | C] (S3 Incorporated) -- C:\WINNT\System32\dllcache\s3sav3d.dll
[2010/11/01 23:49:36 | 000,210,496 | ---- | C] (S3 Incorporated) -- C:\WINNT\System32\dllcache\s3mvirge.dll
[2010/11/01 23:49:33 | 000,062,496 | ---- | C] (S3 Incorporated) -- C:\WINNT\System32\dllcache\s3mtrio.dll
[2010/11/01 23:49:30 | 000,041,216 | ---- | C] (S3 Incorporated) -- C:\WINNT\System32\dllcache\s3mt3d.sys
[2010/11/01 23:49:27 | 000,182,272 | ---- | C] (S3 Incorporated) -- C:\WINNT\System32\dllcache\s3mt3d.dll
[2010/11/01 23:49:24 | 000,166,720 | ---- | C] (S3 Incorporated) -- C:\WINNT\System32\dllcache\s3m.sys
[2010/11/01 23:49:21 | 000,065,664 | ---- | C] (Microsoft Corporation) -- C:\WINNT\System32\dllcache\s3legacy.sys
[2010/11/01 23:49:20 | 000,166,912 | ---- | C] (S3 Graphics, Inc.) -- C:\WINNT\System32\dllcache\s3gnbm.sys
[2010/11/01 23:49:19 | 000,397,056 | ---- | C] (S3 Graphics, Inc.) -- C:\WINNT\System32\dllcache\s3gnb.dll
[2010/11/01 23:49:16 | 000,082,432 | ---- | C] (Ricoh Co., Ltd.) -- C:\WINNT\System32\dllcache\rwia450.dll
[2010/11/01 23:49:13 | 000,079,872 | ---- | C] (Ricoh Co., Ltd.) -- C:\WINNT\System32\dllcache\rwia430.dll
[2010/11/01 23:49:09 | 000,026,624 | ---- | C] (Ricoh Co., Ltd.) -- C:\WINNT\System32\dllcache\rw450ext.dll
[2010/11/01 23:49:06 | 000,024,576 | ---- | C] (Ricoh Co., Ltd.) -- C:\WINNT\System32\dllcache\rw430ext.dll
[2010/11/01 23:49:04 | 000,020,992 | ---- | C] (Realtek Semiconductor Corporation) -- C:\WINNT\System32\dllcache\rtl8139.sys
[2010/11/01 23:49:01 | 000,019,017 | ---- | C] (Realtek Semiconductor Corporation) -- C:\WINNT\System32\dllcache\rtl8029.sys
[2010/11/01 23:48:58 | 000,030,720 | ---- | C] (Conexant Systems Inc.) -- C:\WINNT\System32\dllcache\rthwcls.sys
[2010/11/01 23:48:54 | 000,009,216 | ---- | C] (Brother Industries, Ltd.) -- C:\WINNT\System32\dllcache\rsmgrstr.dll
[2010/11/01 23:48:50 | 000,003,840 | ---- | C] (Conexant Systems Inc.) -- C:\WINNT\System32\dllcache\rpfun.sys
[2010/11/01 23:48:47 | 000,079,104 | ---- | C] (Comtrol Corporation) -- C:\WINNT\System32\dllcache\rocket.sys
[2010/11/01 23:48:46 | 000,030,080 | ---- | C] (Microsoft Corporation) -- C:\WINNT\System32\dllcache\rndismpx.sys
[2010/11/01 23:48:43 | 000,037,563 | ---- | C] (RadioLAN) -- C:\WINNT\System32\dllcache\rlnet5.sys
[2010/11/01 23:48:41 | 000,059,648 | ---- | C] (Microsoft Corporation) -- C:\WINNT\System32\dllcache\rfcomm.sys
[2010/11/01 23:48:38 | 000,086,097 | ---- | C] (Xircom) -- C:\WINNT\System32\dllcache\reslog32.dll
[2010/11/01 23:48:26 | 000,019,584 | ---- | C] (Microsoft Corporation) -- C:\WINNT\System32\dllcache\rasirda.sys
[2010/11/01 23:48:21 | 000,714,762 | ---- | C] (Xircom, Inc.) -- C:\WINNT\System32\dllcache\r2mdmkxx.sys
[2010/11/01 23:48:18 | 000,899,146 | ---- | C] (Xircom, Inc.) -- C:\WINNT\System32\dllcache\r2mdkxga.sys
[2010/11/01 23:48:15 | 000,041,472 | ---- | C] (Microsoft Corporation) -- C:\WINNT\System32\dllcache\qvusd.dll
[2010/11/01 23:48:12 | 000,003,328 | ---- | C] (Microsoft Corporation) -- C:\WINNT\System32\dllcache\qv2kux.sys
[2010/11/01 23:48:07 | 000,049,024 | ---- | C] (QLogic Corporation) -- C:\WINNT\System32\dllcache\ql1280.sys
[2010/11/01 23:48:04 | 000,040,448 | ---- | C] (Microsoft Corporation) -- C:\WINNT\System32\dllcache\ql1240.sys
[2010/11/01 23:48:01 | 000,045,312 | ---- | C] (QLogic Corporation) -- C:\WINNT\System32\dllcache\ql12160.sys
[2010/11/01 23:47:58 | 000,033,152 | ---- | C] (Microsoft Corporation) -- C:\WINNT\System32\dllcache\ql10wnt.sys
[2010/11/01 23:47:55 | 000,040,320 | ---- | C] (QLogic Corporation) -- C:\WINNT\System32\dllcache\ql1080.sys
[2010/11/01 23:47:54 | 000,006,016 | ---- | C] (Microsoft Corporation) -- C:\WINNT\System32\dllcache\qic157.sys
[2010/11/01 23:47:48 | 000,130,942 | ---- | C] (PCTEL, INC.) -- C:\WINNT\System32\dllcache\ptserlv.sys
[2010/11/01 23:47:45 | 000,112,574 | ---- | C] (PCTEL, INC.) -- C:\WINNT\System32\dllcache\ptserlp.sys
[2010/11/01 23:47:42 | 000,128,286 | ---- | C] (PCTEL, INC.) -- C:\WINNT\System32\dllcache\ptserli.sys
[2010/11/01 23:47:41 | 000,159,232 | ---- | C] (Microsoft Corporation) -- C:\WINNT\System32\dllcache\ptpusd.dll
[2010/11/01 23:47:38 | 000,005,632 | ---- | C] (Microsoft Corporation) -- C:\WINNT\System32\dllcache\ptpusb.dll
[2010/11/01 23:47:35 | 000,035,328 | ---- | C] (Microsoft Corporation) -- C:\WINNT\System32\dllcache\psisload.dll
[2010/11/01 23:47:32 | 000,016,128 | ---- | C] (SCM Microsystems, Inc.) -- C:\WINNT\System32\dllcache\pscr.sys
[2010/11/01 23:47:29 | 000,017,664 | ---- | C] (Microsoft Corporation) -- C:\WINNT\System32\dllcache\ppa3.sys
[2010/11/01 23:47:26 | 000,017,792 | ---- | C] (Microsoft Corporation) -- C:\WINNT\System32\dllcache\ppa.sys
[2010/11/01 23:47:23 | 000,007,552 | ---- | C] (Microsoft Corporation) -- C:\WINNT\System32\dllcache\powerfil.sys
[2010/11/01 23:47:19 | 000,007,168 | ---- | C] (Microsoft Corporation) -- C:\WINNT\System32\dllcache\pnrmc.sys
[2010/11/01 23:47:17 | 000,068,608 | ---- | C] (Microsoft Corporation) -- C:\WINNT\System32\dllcache\plugin.ocx
[2010/11/01 23:47:11 | 000,121,344 | ---- | C] (Microsoft Corporation) -- C:\WINNT\System32\dllcache\phvfwext.dll
[2010/11/01 23:47:08 | 000,019,840 | ---- | C] (Microsoft Corporation) -- C:\WINNT\System32\dllcache\philtune.sys
[2010/11/01 23:47:05 | 000,092,416 | ---- | C] (Microsoft Corporation) -- C:\WINNT\System32\dllcache\phildec.sys
[2010/11/01 23:47:02 | 000,173,696 | ---- | C] (Microsoft Corporation) -- C:\WINNT\System32\dllcache\philcam2.sys
[2010/11/01 23:46:59 | 000,075,776 | ---- | C] (Microsoft Corporation) -- C:\WINNT\System32\dllcache\philcam1.sys
[2010/11/01 23:46:56 | 000,016,384 | ---- | C] (Microsoft Corporation) -- C:\WINNT\System32\dllcache\philcam1.dll
[2010/11/01 23:46:53 | 000,105,984 | ---- | C] (Microsoft Corporation) -- C:\WINNT\System32\dllcache\phdsext.ax
[2010/11/01 23:46:51 | 000,259,328 | ---- | C] (Microsoft Corp., 3Dlabs Inc. Ltd.) -- C:\WINNT\System32\dllcache\perm3dd.dll
[2010/11/01 23:46:50 | 000,028,032 | ---- | C] (Microsoft Corp., 3Dlabs Inc. Ltd.) -- C:\WINNT\System32\dllcache\perm3.sys
[2010/11/01 23:46:49 | 000,211,712 | ---- | C] (Microsoft Corp., 3Dlabs Inc. Ltd.) -- C:\WINNT\System32\dllcache\perm2dll.dll
[2010/11/01 23:46:49 | 000,027,904 | ---- | C] (Microsoft Corp., 3Dlabs Inc. Ltd.) -- C:\WINNT\System32\dllcache\perm2.sys
[2010/11/01 23:46:41 | 000,005,504 | ---- | C] (Microsoft Corporation) -- C:\WINNT\System32\dllcache\perc2hib.sys
[2010/11/01 23:46:38 | 000,027,296 | ---- | C] (Microsoft Corporation) -- C:\WINNT\System32\dllcache\perc2.sys
[2010/11/01 23:46:36 | 000,169,984 | ---- | C] (Cisco Systems) -- C:\WINNT\System32\dllcache\pcx500.sys
[2010/11/01 23:46:33 | 000,086,016 | ---- | C] (PCtel, Inc.) -- C:\WINNT\System32\dllcache\pctspk.exe
[2010/11/01 23:46:30 | 000,035,328 | ---- | C] (AMD Inc.) -- C:\WINNT\System32\dllcache\pcntpci5.sys
[2010/11/01 23:46:26 | 000,029,769 | ---- | C] (AMD Inc.) -- C:\WINNT\System32\dllcache\pcntn5m.sys
[2010/11/01 23:46:23 | 000,030,282 | ---- | C] (AMD Inc.) -- C:\WINNT\System32\dllcache\pcntn5hl.sys
[2010/11/01 23:46:20 | 000,026,153 | ---- | C] (Linksys) -- C:\WINNT\System32\dllcache\pcmlm56.sys
[2010/11/01 23:46:18 | 000,029,502 | ---- | C] (Marconi Communications, Inc.) -- C:\WINNT\System32\dllcache\pca200e.sys
[2010/11/01 23:46:15 | 000,030,495 | ---- | C] (Linksys) -- C:\WINNT\System32\dllcache\pc100nds.sys
[2010/11/01 23:46:01 | 000,041,984 | ---- | C] (Microsoft Corporation) -- C:\WINNT\System32\dllcache\ovui2rc.dll
[2010/11/01 23:45:58 | 000,044,544 | ---- | C] (Microsoft Corporation) -- C:\WINNT\System32\dllcache\ovui2.dll
[2010/11/01 23:45:55 | 000,025,216 | ---- | C] (Microsoft Corporation) -- C:\WINNT\System32\dllcache\ovsound2.sys
[2010/11/01 23:45:52 | 000,039,424 | ---- | C] (Microsoft Corporation) -- C:\WINNT\System32\dllcache\ovcoms.exe
[2010/11/01 23:45:49 | 000,020,480 | ---- | C] (Microsoft Corporation) -- C:\WINNT\System32\dllcache\ovcomc.dll
[2010/11/01 23:45:46 | 000,351,616 | ---- | C] (Microsoft Corporation) -- C:\WINNT\System32\dllcache\ovcodek2.sys
[2010/11/01 23:45:43 | 000,116,736 | ---- | C] (Microsoft Corporation) -- C:\WINNT\System32\dllcache\ovcodec2.dll
[2010/11/01 23:45:40 | 000,031,872 | ---- | C] (Microsoft Corporation) -- C:\WINNT\System32\dllcache\ovce.sys
[2010/11/01 23:45:37 | 000,028,032 | ---- | C] (Microsoft Corporation) -- C:\WINNT\System32\dllcache\ovcd.sys
[2010/11/01 23:45:34 | 000,048,000 | ---- | C] (Microsoft Corporation) -- C:\WINNT\System32\dllcache\ovcam2.sys
[2010/11/01 23:45:31 | 000,025,088 | ---- | C] (Microsoft Corporation) -- C:\WINNT\System32\dllcache\ovca.sys
[2010/11/01 23:45:28 | 000,054,186 | ---- | C] (Ositech Communications, Inc.) -- C:\WINNT\System32\dllcache\otcsercb.sys
[2010/11/01 23:45:26 | 000,043,689 | ---- | C] (Ositech Communications, Inc.) -- C:\WINNT\System32\dllcache\otceth5.sys
[2010/11/01 23:45:23 | 000,027,209 | ---- | C] (Ositech Communications, Inc.) -- C:\WINNT\System32\dllcache\otc06x5.sys
[2010/11/01 23:45:19 | 000,054,528 | ---- | C] (Yamaha Corp.) -- C:\WINNT\System32\dllcache\opl3sax.sys
[2010/11/01 23:45:16 | 000,061,056 | ---- | C] (Microsoft Corporation) -- C:\WINNT\System32\dllcache\ohci1394.sys
[2010/11/01 23:45:12 | 004,274,816 | ---- | C] (NVIDIA Corporation) -- C:\WINNT\System32\dllcache\nv4_disp.dll
[2010/11/01 23:45:12 | 001,897,408 | ---- | C] (NVIDIA Corporation) -- C:\WINNT\System32\dllcache\nv4_mini.sys
[2010/11/01 23:45:09 | 000,198,144 | ---- | C] (NVIDIA Corporation) -- C:\WINNT\System32\dllcache\nv3.sys
[2010/11/01 23:45:06 | 000,123,776 | ---- | C] (NVIDIA Corporation) -- C:\WINNT\System32\dllcache\nv3.dll
[2010/11/01 23:44:59 | 000,051,552 | ---- | C] (Kensington Technology Group) -- C:\WINNT\System32\dllcache\ntgrip.sys
[2010/11/01 23:44:55 | 000,009,344 | ---- | C] (Microsoft Corporation) -- C:\WINNT\System32\dllcache\ntapm.sys
[2010/11/01 23:44:52 | 000,007,552 | ---- | C] (Microsoft Corporation) -- C:\WINNT\System32\dllcache\nsmmc.sys
[2010/11/01 23:44:50 | 000,028,672 | ---- | C] (National Semiconductor Corporation) -- C:\WINNT\System32\dllcache\nscirda.sys
[2010/11/01 23:44:45 | 000,087,040 | ---- | C] (NeoMagic Corporation) -- C:\WINNT\System32\dllcache\nm6wdm.sys
[2010/11/01 23:44:43 | 000,126,080 | ---- | C] (NeoMagic Corporation) -- C:\WINNT\System32\dllcache\nm5a2wdm.sys
[2010/11/01 23:44:39 | 000,032,840 | ---- | C] (NETGEAR Corporation.) -- C:\WINNT\System32\dllcache\ngrpci.sys
[2010/11/01 23:44:36 | 000,132,695 | ---- | C] (802.11b) -- C:\WINNT\System32\dllcache\netwlan5.sys
[2010/11/01 23:44:31 | 000,065,278 | ---- | C] (Compaq Computer Corporation) -- C:\WINNT\System32\dllcache\netflx3.sys
[2010/11/01 23:44:27 | 000,039,264 | ---- | C] (NeoMagic Corporation) -- C:\WINNT\System32\dllcache\neo20xx.sys
[2010/11/01 23:44:24 | 000,060,480 | ---- | C] (NeoMagic Corporation) -- C:\WINNT\System32\dllcache\neo20xx.dll
[2010/11/01 23:44:22 | 000,015,872 | ---- | C] (Microsoft Corporation) -- C:\WINNT\System32\dllcache\ne2000.sys
[2010/11/01 23:44:16 | 000,091,488 | ---- | C] (Number Nine Visual Technology Corp.) -- C:\WINNT\System32\dllcache\n9i3disp.dll
[2010/11/01 23:44:14 | 000,027,936 | ---- | C] (Number Nine Visual Technology Corp.) -- C:\WINNT\System32\dllcache\n9i3d.sys
[2010/11/01 23:44:11 | 000,033,088 | ---- | C] (Number Nine Visual Technology Corp.) -- C:\WINNT\System32\dllcache\n9i128v2.sys
[2010/11/01 23:44:08 | 000,059,104 | ---- | C] (Number Nine Visual Technology Corp.) -- C:\WINNT\System32\dllcache\n9i128v2.dll
[2010/11/01 23:44:06 | 000,013,664 | ---- | C] (Number Nine Visual Technology Corp.) -- C:\WINNT\System32\dllcache\n9i128.sys
[2010/11/01 23:44:03 | 000,035,392 | ---- | C] (Number Nine Visual Technology Corp.) -- C:\WINNT\System32\dllcache\n9i128.dll
[2010/11/01 23:44:00 | 000,128,000 | ---- | C] (Compaq Computer Corporation) -- C:\WINNT\System32\dllcache\n100325.sys
[2010/11/01 23:43:57 | 000,052,255 | ---- | C] (Compaq Computer Corporation) -- C:\WINNT\System32\dllcache\n1000nt5.sys
[2010/11/01 23:43:55 | 000,075,520 | ---- | C] (Moxa Technologies Co., Ltd.) -- C:\WINNT\System32\dllcache\mxport.sys
[2010/11/01 23:43:52 | 000,007,168 | ---- | C] (Moxa Technologies Co., Ltd) -- C:\WINNT\System32\dllcache\mxport.dll
[2010/11/01 23:43:49 | 000,019,968 | ---- | C] (Macronix International Co., Ltd. ) -- C:\WINNT\System32\dllcache\mxnic.sys
[2010/11/01 23:43:46 | 000,019,968 | ---- | C] (Moxa Technologies Co., Ltd) -- C:\WINNT\System32\dllcache\mxicfg.dll
[2010/11/01 23:43:44 | 000,021,888 | ---- | C] (Moxa Technologies Co., Ltd.) -- C:\WINNT\System32\dllcache\mxcard.sys
[2010/11/01 23:43:43 | 000,012,672 | ---- | C] (Microsoft Corporation) -- C:\WINNT\System32\dllcache\mutohpen.sys
[2010/11/01 23:43:39 | 000,103,296 | ---- | C] (Matrox Graphics Inc) -- C:\WINNT\System32\dllcache\mtxvideo.sys
[2010/11/01 23:43:38 | 001,737,856 | ---- | C] (Matrox Graphics Inc.) -- C:\WINNT\System32\dllcache\mtxparhd.dll
[2010/11/01 23:43:38 | 000,452,736 | ---- | C] (Matrox Graphics Inc.) -- C:\WINNT\System32\dllcache\mtxparhm.sys
[2010/11/01 23:43:27 | 000,049,024 | ---- | C] (Microsoft Corporation) -- C:\WINNT\System32\dllcache\mstape.sys
[2010/11/01 23:43:22 | 000,012,416 | ---- | C] (Microsoft Corporation) -- C:\WINNT\System32\dllcache\msriffwv.sys
[2010/11/01 23:43:08 | 000,002,944 | ---- | C] (Microsoft Corporation) -- C:\WINNT\System32\dllcache\msmpu401.sys
[2010/11/01 23:42:57 | 000,035,200 | ---- | C] (Microsoft Corporation) -- C:\WINNT\System32\dllcache\msgame.sys
[2010/11/01 23:42:54 | 000,006,016 | ---- | C] (Microsoft Corporation) -- C:\WINNT\System32\dllcache\msfsio.sys
[2010/11/01 23:42:47 | 000,017,280 | ---- | C] (American Megatrends Inc.) -- C:\WINNT\System32\dllcache\mraid35x.sys
[2010/11/01 23:42:34 | 000,006,528 | ---- | C] (Microsoft Corporation) -- C:\WINNT\System32\dllcache\miniqic.sys
[2010/11/01 23:42:28 | 000,320,384 | ---- | C] (Matrox Graphics Inc.) -- C:\WINNT\System32\dllcache\mgaum.sys
[2010/11/01 23:42:26 | 000,235,648 | ---- | C] (Matrox Graphics Inc.) -- C:\WINNT\System32\dllcache\mgaud.dll
[2010/11/01 23:42:24 | 000,026,112 | ---- | C] (Sony Corporation) -- C:\WINNT\System32\dllcache\memstpci.sys
[2010/11/01 23:42:22 | 000,047,616 | ---- | C] (Microsoft Corporation) -- C:\WINNT\System32\dllcache\memgrp.dll
[2010/11/01 23:42:19 | 000,008,320 | ---- | C] (Microsoft Corporation) -- C:\WINNT\System32\dllcache\memcard.sys
[2010/11/01 23:42:15 | 000,164,586 | ---- | C] (Madge Networks Ltd) -- C:\WINNT\System32\dllcache\mdgndis5.sys
[2010/11/01 23:42:11 | 000,007,424 | ---- | C] (Microsoft Corporation) -- C:\WINNT\System32\dllcache\mammoth.sys
[2010/11/01 23:42:06 | 000,048,768 | ---- | C] (ESS Technology, Inc.) -- C:\WINNT\System32\dllcache\maestro.sys
[2010/11/01 23:42:03 | 000,058,880 | ---- | C] (Microsoft Corporation) -- C:\WINNT\System32\dllcache\m3092dc.dll
[2010/11/01 23:42:01 | 000,058,368 | ---- | C] (Microsoft Corporation) -- C:\WINNT\System32\dllcache\m3091dc.dll
[2010/11/01 23:41:58 | 000,022,848 | ---- | C] (Logitech Inc.) -- C:\WINNT\System32\dllcache\lwusbhid.sys
[2010/11/01 23:41:57 | 000,020,864 | ---- | C] (Logitech Inc.) -- C:\WINNT\System32\dllcache\lwadihid.sys
[2010/11/01 23:41:54 | 000,797,500 | ---- | C] (LT) -- C:\WINNT\System32\dllcache\ltsmt.sys
[2010/11/01 23:41:52 | 000,802,683 | ---- | C] (Lucent Technologies) -- C:\WINNT\System32\dllcache\ltsm.sys
[2010/11/01 23:41:51 | 000,007,040 | ---- | C] (Microsoft Corporation) -- C:\WINNT\System32\dllcache\ltotape.sys
[2010/11/01 23:41:50 | 000,420,992 | ---- | C] (LT) -- C:\WINNT\System32\dllcache\ltmdmntt.sys
[2010/11/01 23:41:48 | 000,606,684 | ---- | C] (LT) -- C:\WINNT\System32\dllcache\ltmdmnt.sys
[2010/11/01 23:41:48 | 000,576,746 | ---- | C] (LT) -- C:\WINNT\System32\dllcache\ltmdmntl.sys
[2010/11/01 23:41:45 | 000,727,786 | ---- | C] (Xircom, Inc.) -- C:\WINNT\System32\dllcache\ltck000c.sys
[2010/11/01 23:41:42 | 000,004,992 | ---- | C] (Microsoft Corporation) -- C:\WINNT\System32\dllcache\loop.sys
[2010/11/01 23:41:37 | 000,070,730 | ---- | C] (Linksys Group, Inc.) -- C:\WINNT\System32\dllcache\lne100tx.sys
[2010/11/01 23:41:34 | 000,020,573 | ---- | C] (The Linksts Group ) -- C:\WINNT\System32\dllcache\lne100.sys
[2010/11/01 23:41:31 | 000,025,065 | ---- | C] (D-Link) -- C:\WINNT\System32\dllcache\lmndis3.sys
[2010/11/01 23:41:29 | 000,015,744 | ---- | C] (Litronic Industries) -- C:\WINNT\System32\dllcache\lit220p.sys
[2010/11/01 23:41:27 | 000,034,688 | ---- | C] (Toshiba Corp.) -- C:\WINNT\System32\dllcache\lbrtfdc.sys
[2010/11/01 23:41:25 | 000,026,442 | ---- | C] (SMSC) -- C:\WINNT\System32\dllcache\lanepic5.sys
[2010/11/01 23:41:22 | 000,019,016 | ---- | C] (Kingston Technology Company ) -- C:\WINNT\System32\dllcache\ktc111.sys
[2010/11/01 23:41:18 | 000,037,376 | ---- | C] (Microsoft Corporation) -- C:\WINNT\System32\dllcache\kousd.dll
[2010/11/01 23:41:14 | 000,242,176 | ---- | C] (Microsoft Corporation) -- C:\WINNT\System32\dllcache\kdsusd.dll
[2010/11/01 23:41:12 | 000,045,568 | ---- | C] (Microsoft Corporation) -- C:\WINNT\System32\dllcache\kdsui.dll
[2010/11/01 23:41:01 | 000,008,192 | ---- | C] (Microsoft Corporation) -- C:\WINNT\System32\dllcache\kbdkor.dll
[2010/11/01 23:40:58 | 000,008,704 | ---- | C] (Microsoft Corporation) -- C:\WINNT\System32\dllcache\kbdjpn.dll
[2010/11/01 23:40:46 | 000,006,144 | ---- | C] (Microsoft Corporation) -- C:\WINNT\System32\dllcache\kbd106.dll
[2010/11/01 23:40:44 | 000,005,632 | ---- | C] (Microsoft Corporation) -- C:\WINNT\System32\dllcache\kbd103.dll
[2010/11/01 23:40:41 | 000,006,144 | ---- | C] (Microsoft Corporation) -- C:\WINNT\System32\dllcache\kbd101c.dll
[2010/11/01 23:40:39 | 000,006,144 | ---- | C] (Microsoft Corporation) -- C:\WINNT\System32\dllcache\kbd101b.dll
[2010/11/01 23:40:32 | 000,026,624 | ---- | C] (SigmaTel, Inc.) -- C:\WINNT\System32\dllcache\irstusb.sys
[2010/11/01 23:40:30 | 000,018,688 | ---- | C] (Microsoft Corporation) -- C:\WINNT\System32\dllcache\irsir.sys
[2010/11/01 23:40:29 | 000,027,136 | ---- | C] (Microsoft Corporation) -- C:\WINNT\System32\dllcache\irmon.dll
[2010/11/01 23:40:27 | 000,152,576 | ---- | C] (Microsoft Corporation) -- C:\WINNT\System32\dllcache\irftp.exe
[2010/11/01 23:40:27 | 000,023,552 | ---- | C] (MKNet Corporation) -- C:\WINNT\System32\dllcache\irmk7.sys
[2010/11/01 23:40:26 | 000,087,424 | ---- | C] (Microsoft Corporation) -- C:\WINNT\System32\dllcache\irda.sys
[2010/11/01 23:40:25 | 000,040,832 | ---- | C] (Microsoft Corporation) -- C:\WINNT\System32\dllcache\irbus.sys
[2010/11/01 23:40:20 | 000,045,632 | ---- | C] (Interphase ® Corporation a Windows ® 2000 DDK Driver Provider) -- C:\WINNT\System32\dllcache\ip5515.sys
[2010/11/01 23:40:17 | 000,090,200 | ---- | C] (Perle Systems Ltd. ) -- C:\WINNT\System32\dllcache\io8ports.dll
[2010/11/01 23:40:15 | 000,038,784 | ---- | C] (Perle Systems Ltd. ) -- C:\WINNT\System32\dllcache\io8.sys
[2010/11/01 23:40:12 | 000,013,056 | ---- | C] (Microsoft Corporation) -- C:\WINNT\System32\dllcache\inport.sys
[2010/11/01 23:40:09 | 000,016,000 | ---- | C] (Microsoft Corporation) -- C:\WINNT\System32\dllcache\ini910u.sys
[2010/11/01 23:39:42 | 000,372,824 | ---- | C] (Xircom) -- C:\WINNT\System32\dllcache\iconf32.dll
[2010/11/01 23:39:39 | 000,100,992 | ---- | C] (Microsoft Corporation) -- C:\WINNT\System32\dllcache\icam5usb.sys
[2010/11/01 23:39:37 | 000,020,480 | ---- | C] (Microsoft Corporation) -- C:\WINNT\System32\dllcache\icam5ext.dll
[2010/11/01 23:39:34 | 000,045,056 | ---- | C] (Microsoft Corporation) -- C:\WINNT\System32\dllcache\icam5com.dll
[2010/11/01 23:39:32 | 000,154,496 | ---- | C] (Microsoft Corporation) -- C:\WINNT\System32\dllcache\icam4usb.sys
[2010/11/01 23:39:30 | 000,061,952 | ---- | C] (Microsoft Corporation) -- C:\WINNT\System32\dllcache\icam4ext.dll
[2010/11/01 23:39:27 | 000,091,136 | ---- | C] (Microsoft Corporation) -- C:\WINNT\System32\dllcache\icam4com.dll
[2010/11/01 23:39:25 | 000,026,624 | ---- | C] (Microsoft Corporation) -- C:\WINNT\System32\dllcache\icam3ext.dll
[2010/11/01 23:39:22 | 000,141,056 | ---- | C] (Microsoft Corporation) -- C:\WINNT\System32\dllcache\icam3.sys
[2010/11/01 23:39:20 | 000,038,528 | ---- | C] (Microsoft Corporation) -- C:\WINNT\System32\dllcache\ibmvcap.sys
[2010/11/01 23:39:18 | 000,109,085 | ---- | C] (IBM Corporation) -- C:\WINNT\System32\dllcache\ibmtrp.sys
[2010/11/01 23:39:15 | 000,100,936 | ---- | C] (IBM Corporation) -- C:\WINNT\System32\dllcache\ibmtok.sys
[2010/11/01 23:39:13 | 000,009,216 | ---- | C] (IBM Corporation) -- C:\WINNT\System32\dllcache\ibmsgnet.dll
[2010/11/01 23:39:11 | 000,028,700 | ---- | C] (IBM Corp.) -- C:\WINNT\System32\dllcache\ibmexmp.sys
[2010/11/01 23:39:09 | 000,161,020 | ---- | C] (Intel® Corporation) -- C:\WINNT\System32\dllcache\i81xnt5.sys
[2010/11/01 23:39:08 | 000,702,845 | ---- | C] (Intel® Corporation) -- C:\WINNT\System32\dllcache\i81xdnt5.dll
[2010/11/01 23:39:06 | 000,058,592 | ---- | C] (Intel Corporation) -- C:\WINNT\System32\dllcache\i740nt5.sys
[2010/11/01 23:39:04 | 000,353,184 | ---- | C] (Intel Corporation) -- C:\WINNT\System32\dllcache\i740dnt5.dll
[2010/11/01 23:39:03 | 000,018,560 | ---- | C] (Microsoft Corporation) -- C:\WINNT\System32\dllcache\i2omp.sys
[2010/11/01 23:39:02 | 000,008,192 | ---- | C] (Microsoft Corporation) -- C:\WINNT\System32\dllcache\i2omgmt.sys
[2010/11/01 23:38:44 | 001,041,536 | ---- | C] (Conexant Systems, Inc.) -- C:\WINNT\System32\dllcache\hsfdpsp2.sys
[2010/11/01 23:38:43 | 000,685,056 | ---- | C] (Conexant Systems, Inc.) -- C:\WINNT\System32\dllcache\hsfcxts2.sys
[2010/11/01 23:38:42 | 000,032,285 | ---- | C] (Conexant Systems, Inc.) -- C:\WINNT\System32\dllcache\hsfcisp2.dll
[2010/11/01 23:38:41 | 000,220,032 | ---- | C] (Conexant Systems, Inc.) -- C:\WINNT\System32\dllcache\hsfbs2s2.sys
[2010/11/01 23:38:39 | 000,488,383 | ---- | C] (Conexant) -- C:\WINNT\System32\dllcache\hsf_v124.sys
[2010/11/01 23:38:36 | 000,050,751 | ---- | C] (Conexant) -- C:\WINNT\System32\dllcache\hsf_tone.sys
[2010/11/01 23:38:34 | 000,073,279 | ---- | C] (Conexant) -- C:\WINNT\System32\dllcache\hsf_spkp.sys
[2010/11/01 23:38:32 | 000,044,863 | ---- | C] (Conexant) -- C:\WINNT\System32\dllcache\hsf_soar.sys
[2010/11/01 23:38:29 | 000,057,471 | ---- | C] (Conexant) -- C:\WINNT\System32\dllcache\hsf_samp.sys
[2010/11/01 23:38:27 | 000,542,879 | ---- | C] (Conexant) -- C:\WINNT\System32\dllcache\hsf_msft.sys
[2010/11/01 23:38:25 | 000,391,199 | ---- | C] (Conexant) -- C:\WINNT\System32\dllcache\hsf_k56k.sys
[2010/11/01 23:38:22 | 000,009,759 | ---- | C] (Conexant) -- C:\WINNT\System32\dllcache\hsf_inst.dll
[2010/11/01 23:38:20 | 000,115,807 | ---- | C] (Conexant) -- C:\WINNT\System32\dllcache\hsf_fsks.sys
[2010/11/01 23:38:18 | 000,199,711 | ---- | C] (Conexant) -- C:\WINNT\System32\dllcache\hsf_faxx.sys
[2010/11/01 23:38:15 | 000,289,887 | ---- | C] (Conexant) -- C:\WINNT\System32\dllcache\hsf_fall.sys
[2010/11/01 23:38:13 | 000,067,167 | ---- | C] (Conexant) -- C:\WINNT\System32\dllcache\hsf_bsc2.sys
[2010/11/01 23:38:11 | 000,150,239 | ---- | C] (Conexant) -- C:\WINNT\System32\dllcache\hsf_amos.sys
[2010/11/01 23:38:08 | 000,019,456 | ---- | C] (Microsoft Corporation) -- C:\WINNT\System32\dllcache\hr1w.dll
[2010/11/01 23:38:06 | 000,005,760 | ---- | C] (Microsoft Corporation) -- C:\WINNT\System32\dllcache\hpt4qic.sys
[2010/11/01 23:38:03 | 000,013,312 | ---- | C] (Microsoft Corporation) -- C:\WINNT\System32\dllcache\hpsjmcro.dll
[2010/11/01 23:38:01 | 000,324,608 | ---- | C] (Microsoft Corporation) -- C:\WINNT\System32\dllcache\hpojwia.dll
[2010/11/01 23:37:59 | 000,025,952 | ---- | C] (Microsoft Corporation) -- C:\WINNT\System32\dllcache\hpn.sys
[2010/11/01 23:37:57 | 000,032,768 | ---- | C] (Microsoft Corporation) -- C:\WINNT\System32\dllcache\hpgtmcro.dll
[2010/11/01 23:37:55 | 000,068,608 | ---- | C] (Avisioin) -- C:\WINNT\System32\dllcache\hpgt53tk.dll
[2010/11/01 23:37:50 | 000,031,232 | ---- | C] (Microsoft Corporation) -- C:\WINNT\System32\dllcache\hpgt42tk.dll
[2010/11/01 23:37:46 | 000,126,976 | ---- | C] (Hewlett Packard) -- C:\WINNT\System32\dllcache\hpgt34tk.dll
[2010/11/01 23:37:42 | 000,048,128 | ---- | C] (Microsoft Corporation) -- C:\WINNT\System32\dllcache\hpgt33tk.dll
[2010/11/01 23:37:37 | 000,123,392 | ---- | C] (Microsoft Corporation) -- C:\WINNT\System32\dllcache\hpgt21tk.dll
[2010/11/01 23:37:33 | 000,119,296 | ---- | C] (Microsoft Corporation) -- C:\WINNT\System32\dllcache\hpdigwia.dll
[2010/11/01 23:37:29 | 000,002,688 | ---- | C] (Microsoft Corporation) -- C:\WINNT\System32\dllcache\hidswvd.sys
[2010/11/01 23:37:28 | 000,021,504 | ---- | C] (Microsoft Corporation) -- C:\WINNT\System32\dllcache\hidserv.dll
[2010/11/01 23:37:28 | 000,015,104 | ---- | C] (Microsoft Corporation) -- C:\WINNT\System32\dllcache\hidir.sys
[2010/11/01 23:37:26 | 000,008,576 | ---- | C] (Microsoft Corporation) -- C:\WINNT\System32\dllcache\hidgame.sys
[2010/11/01 23:37:25 | 000,025,600 | ---- | C] (Microsoft Corporation) -- C:\WINNT\System32\dllcache\hidbth.sys
[2010/11/01 23:37:23 | 000,019,200 | ---- | C] (Microsoft Corporation) -- C:\WINNT\System32\dllcache\hidbatt.sys
[2010/11/01 23:37:19 | 000,028,288 | ---- | C] (Gemplus) -- C:\WINNT\System32\dllcache\grserial.sys
[2010/11/01 23:37:17 | 000,082,304 | ---- | C] (Gemplus) -- C:\WINNT\System32\dllcache\grclass.sys
[2010/11/01 23:37:15 | 000,017,408 | ---- | C] (Gemplus) -- C:\WINNT\System32\dllcache\gpr400.sys
[2010/11/01 23:37:12 | 000,059,136 | ---- | C] (Microsoft Corporation) -- C:\WINNT\System32\dllcache\gckernel.sys
[2010/11/01 23:37:12 | 000,010,624 | ---- | C] (Microsoft Corporation) -- C:\WINNT\System32\dllcache\gameenum.sys
[2010/11/01 23:37:10 | 000,322,432 | ---- | C] (Matrox Graphics Inc.) -- C:\WINNT\System32\dllcache\g400m.sys
[2010/11/01 23:37:08 | 001,733,120 | ---- | C] (Matrox Graphics Inc.) -- C:\WINNT\System32\dllcache\g400d.dll
[2010/11/01 23:37:06 | 000,320,384 | ---- | C] (Matrox Graphics Inc.) -- C:\WINNT\System32\dllcache\g200m.sys
[2010/11/01 23:37:04 | 000,470,144 | ---- | C] (Matrox Graphics Inc.) -- C:\WINNT\System32\dllcache\g200d.dll
[2010/11/01 23:37:02 | 000,454,912 | ---- | C] (AVM GmbH) -- C:\WINNT\System32\dllcache\fxusbase.sys
[2010/11/01 23:36:53 | 000,092,160 | ---- | C] (Microsoft Corporation) -- C:\WINNT\System32\dllcache\fuusd.dll
[2010/11/01 23:36:51 | 000,455,296 | ---- | C] (AVM GmbH) -- C:\WINNT\System32\dllcache\fusbbase.sys
[2010/11/01 23:36:49 | 000,455,680 | ---- | C] (AVM GmbH) -- C:\WINNT\System32\dllcache\fus2base.sys
[2010/11/01 23:36:44 | 000,442,240 | ---- | C] (AVM GmbH) -- C:\WINNT\System32\dllcache\fpnpbase.sys
[2010/11/01 23:36:41 | 000,441,728 | ---- | C] (AVM GmbH) -- C:\WINNT\System32\dllcache\fpcmbase.sys
[2010/11/01 23:36:39 | 000,444,416 | ---- | C] (AVM GmbH) -- C:\WINNT\System32\dllcache\fpcibase.sys
[2010/11/01 23:36:38 | 000,034,173 | ---- | C] (Marconi Communications, Inc.) -- C:\WINNT\System32\dllcache\forehe.sys
[2010/11/01 23:36:35 | 000,071,680 | ---- | C] (Microsoft Corporation) -- C:\WINNT\System32\dllcache\fnfilter.dll
[2010/11/01 23:36:32 | 000,027,165 | ---- | C] (VIA Technologies, Inc. ) -- C:\WINNT\System32\dllcache\fetnd5.sys
[2010/11/01 23:36:27 | 000,022,090 | ---- | C] (3Com Corporation) -- C:\WINNT\System32\dllcache\fem556n5.sys
[2010/11/01 23:36:24 | 000,024,618 | ---- | C] (NETGEAR) -- C:\WINNT\System32\dllcache\fa410nd5.sys
[2010/11/01 23:36:22 | 000,016,074 | ---- | C] (NETGEAR Corp.) -- C:\WINNT\System32\dllcache\fa312nd5.sys
[2010/11/01 23:36:20 | 000,011,850 | ---- | C] (FUJITSU LIMITED) -- C:\WINNT\System32\dllcache\f3ab18xj.sys
[2010/11/01 23:36:18 | 000,012,362 | ---- | C] (FUJITSU LIMITED) -- C:\WINNT\System32\dllcache\f3ab18xi.sys
[2010/11/01 23:36:15 | 000,007,040 | ---- | C] (Microsoft Corporation) -- C:\WINNT\System32\dllcache\exabyte2.sys
[2010/11/01 23:36:14 | 000,016,998 | ---- | C] (Intel Corporation) -- C:\WINNT\System32\dllcache\ex10.sys
[2010/11/01 23:36:09 | 000,045,568 | ---- | C] (SEIKO EPSON CORP.) -- C:\WINNT\System32\dllcache\esunib.dll
[2010/11/01 23:36:07 | 000,045,568 | ---- | C] (SEIKO EPSON CORP.) -- C:\WINNT\System32\dllcache\esuni.dll
[2010/11/01 23:36:05 | 000,034,816 | ---- | C] (SEIKO EPSON CORP.) -- C:\WINNT\System32\dllcache\esuimg.dll
[2010/11/01 23:35:59 | 000,043,008 | ---- | C] (SEIKO EPSON CORP.) -- C:\WINNT\System32\dllcache\esucm.dll
[2010/11/01 23:35:58 | 000,137,088 | ---- | C] (ESS Technology, Inc.) -- C:\WINNT\System32\dllcache\essm2e.sys
[2010/11/01 23:35:57 | 000,063,360 | ---- | C] (ESS Technology, Inc.) -- C:\WINNT\System32\dllcache\ess.sys
[2010/11/01 23:35:54 | 000,347,550 | ---- | C] (ESS Technology, Inc.) -- C:\WINNT\System32\dllcache\es56tpi.sys
[2010/11/01 23:35:52 | 000,594,238 | ---- | C] (ESS Technology, Inc.) -- C:\WINNT\System32\dllcache\es56hpi.sys
[2010/11/01 23:35:51 | 000,595,647 | ---- | C] (ESS Technology, Inc.) -- C:\WINNT\System32\dllcache\es56cvmp.sys
[2010/11/01 23:35:49 | 000,174,464 | ---- | C] (ESS Technology, Inc.) -- C:\WINNT\System32\dllcache\es198x.sys
[2010/11/01 23:35:47 | 000,072,192 | ---- | C] (ESS Technology Inc.) -- C:\WINNT\System32\dllcache\es1969.sys
[2010/11/01 23:35:45 | 000,040,704 | ---- | C] (Creative Technology Ltd.) -- C:\WINNT\System32\dllcache\es1371mp.sys
[2010/11/01 23:35:44 | 000,037,120 | ---- | C] (Creative Technology Ltd.) -- C:\WINNT\System32\dllcache\es1370mp.sys
[2010/11/01 23:35:42 | 000,061,952 | ---- | C] (Equinox Systems Inc.) -- C:\WINNT\System32\dllcache\eqnloop.exe
[2010/11/01 23:35:40 | 000,051,200 | ---- | C] (Equinox Systems Inc.) -- C:\WINNT\System32\dllcache\eqnlogr.exe
[2010/11/01 23:35:38 | 000,053,248 | ---- | C] (Equinox Systems Inc.) -- C:\WINNT\System32\dllcache\eqndiag.exe
[2010/11/01 23:35:36 | 000,629,952 | ---- | C] (Equinox Systems Inc.) -- C:\WINNT\System32\dllcache\eqn.sys
[2010/11/01 23:35:35 | 000,114,944 | ---- | C] (Microsoft Corporation) -- C:\WINNT\System32\dllcache\epstw2k.sys
[2010/11/01 23:35:33 | 000,018,503 | ---- | C] (Intel Corporation) -- C:\WINNT\System32\dllcache\epro4.sys
[2010/11/01 23:35:32 | 000,144,896 | ---- | C] (Microsoft Corporation) -- C:\WINNT\System32\dllcache\epcfw2k.sys
[2010/11/01 23:35:31 | 000,006,400 | ---- | C] (Microsoft Corporation) -- C:\WINNT\System32\dllcache\enum1394.sys
[2010/11/01 23:35:29 | 000,283,904 | ---- | C] (Creative Technology Ltd.) -- C:\WINNT\System32\dllcache\emu10k1m.sys
[2010/11/01 23:35:25 | 000,019,996 | ---- | C] (3Com Corporation) -- C:\WINNT\System32\dllcache\em556n4.sys
[2010/11/01 23:35:24 | 000,025,159 | ---- | C] (3Com Corporation) -- C:\WINNT\System32\dllcache\elnk3.sys
[2010/11/01 23:35:23 | 000,007,296 | ---- | C] (Microsoft Corporation) -- C:\WINNT\System32\dllcache\elmsmc.sys
[2010/11/01 23:35:22 | 000,171,520 | ---- | C] (3Com Corporation) -- C:\WINNT\System32\dllcache\el99xn51.sys
[2010/11/01 23:35:20 | 000,070,174 | ---- | C] (3Com Corporation) -- C:\WINNT\System32\dllcache\el98xn5.sys
[2010/11/01 23:35:19 | 000,455,199 | ---- | C] (3Com Corporation.) -- C:\WINNT\System32\dllcache\el985n51.sys
[2010/11/01 23:35:18 | 000,153,631 | ---- | C] (3Com Corporation) -- C:\WINNT\System32\dllcache\el90xnd5.sys
[2010/11/01 23:35:17 | 000,066,591 | ---- | C] (3Com Corporation) -- C:\WINNT\System32\dllcache\el90xbc5.sys
[2010/11/01 23:35:16 | 000,241,206 | ---- | C] (3Com Corporation) -- C:\WINNT\System32\dllcache\el656se5.sys
[2010/11/01 23:35:14 | 000,077,386 | ---- | C] (3Com Corporation) -- C:\WINNT\System32\dllcache\el656nd5.sys
[2010/11/01 23:35:13 | 000,634,134 | ---- | C] (3Com Corporation) -- C:\WINNT\System32\dllcache\el656ct5.sys
[2010/11/01 23:35:12 | 000,069,194 | ---- | C] (3Com Corporation) -- C:\WINNT\System32\dllcache\el656cd5.sys
[2010/11/01 23:35:11 | 000,026,141 | ---- | C] (3Com Corporation) -- C:\WINNT\System32\dllcache\el589nd5.sys
[2010/11/01 23:35:09 | 000,069,692 | ---- | C] (3Com Corporation) -- C:\WINNT\System32\dllcache\el575nd5.sys
[2010/11/01 23:35:08 | 000,024,653 | ---- | C] (3Com Corporation) -- C:\WINNT\System32\dllcache\el574nd4.sys
[2010/11/01 23:35:07 | 000,055,999 | ---- | C] (3Com Corporation) -- C:\WINNT\System32\dllcache\el556nd5.sys
[2010/11/01 23:35:06 | 000,044,103 | ---- | C] (3Com Corporation) -- C:\WINNT\System32\dllcache\el515.sys
[2010/11/01 23:35:04 | 000,019,594 | ---- | C] (Intel Corporation) -- C:\WINNT\System32\dllcache\e100isa4.sys
[2010/11/01 23:35:03 | 000,117,760 | ---- | C] (Intel Corporation) -- C:\WINNT\System32\dllcache\e100b325.sys
[2010/11/01 23:35:02 | 000,050,719 | ---- | C] (Intel Corporation) -- C:\WINNT\System32\dllcache\e1000nt5.sys
[2010/11/01 23:34:57 | 000,020,992 | ---- | C] (Microsoft Corporation) -- C:\WINNT\System32\dllcache\dshowext.ax
[2010/11/01 23:34:56 | 000,334,208 | ---- | C] (Yamaha Corp.) -- C:\WINNT\System32\dllcache\ds1wdm.sys
[2010/11/01 23:34:53 | 000,020,192 | ---- | C] (Microsoft Corporation) -- C:\WINNT\System32\dllcache\dpti2o.sys
[2010/11/01 23:34:50 | 000,028,062 | ---- | C] (National Semiconductor Coproration) -- C:\WINNT\System32\dllcache\dp83820.sys
[2010/11/01 23:34:49 | 000,023,808 | ---- | C] (Microsoft Corporation) -- C:\WINNT\System32\dllcache\dot4usb.sys
[2010/11/01 23:34:48 | 000,008,704 | ---- | C] (Microsoft Corporation) -- C:\WINNT\System32\dllcache\dot4scan.sys
[2010/11/01 23:34:47 | 000,207,360 | ---- | C] (Microsoft Corporation) -- C:\WINNT\System32\dllcache\dot4.sys
[2010/11/01 23:34:47 | 000,012,928 | ---- | C] (Microsoft Corporation) -- C:\WINNT\System32\dllcache\dot4prt.sys
[2010/11/01 23:34:42 | 000,029,696 | ---- | C] (CNet Technology, Inc. ) -- C:\WINNT\System32\dllcache\dm9pci5.sys
[2010/11/01 23:34:41 | 000,008,320 | ---- | C] (Microsoft Corporation) -- C:\WINNT\System32\dllcache\dlttape.sys
[2010/11/01 23:34:40 | 000,026,698 | ---- | C] (D-Link Corporation) -- C:\WINNT\System32\dllcache\dlh5xnd5.sys
[2010/11/01 23:34:39 | 000,952,007 | ---- | C] (Eicon Technology) -- C:\WINNT\System32\dllcache\diwan.sys
[2010/11/01 23:34:35 | 000,236,060 | ---- | C] (Eicon Technology) -- C:\WINNT\System32\dllcache\ditrace.exe
[2010/11/01 23:34:33 | 000,038,985 | ---- | C] (Eicon Technology) -- C:\WINNT\System32\dllcache\disrvsu.dll
[2010/11/01 23:34:32 | 000,031,305 | ---- | C] (Eicon Technology) -- C:\WINNT\System32\dllcache\disrvpp.dll
[2010/11/01 23:34:31 | 000,006,729 | ---- | C] (Eicon Technology) -- C:\WINNT\System32\dllcache\disrvci.dll
[2010/11/01 23:34:29 | 000,091,305 | ---- | C] (Eicon Technology) -- C:\WINNT\System32\dllcache\dimaint.sys
[2010/11/01 23:34:28 | 000,614,429 | ---- | C] (Digi International Inc.) -- C:\WINNT\System32\dllcache\digiview.exe
[2010/11/01 23:34:27 | 000,042,432 | ---- | C] (Digi International, Inc.) -- C:\WINNT\System32\dllcache\digirlpt.sys
[2010/11/01 23:34:26 | 000,110,621 | ---- | C] (Digi International, Inc.) -- C:\WINNT\System32\dllcache\digirlpt.dll
[2010/11/01 23:34:25 | 000,021,606 | ---- | C] (Digi International Inc.) -- C:\WINNT\System32\dllcache\digiisdn.sys
[2010/11/01 23:34:24 | 000,041,046 | ---- | C] (Digi International Inc.) -- C:\WINNT\System32\dllcache\digiisdn.dll
[2010/11/01 23:34:23 | 000,102,484 | ---- | C] (Digi International Inc.) -- C:\WINNT\System32\dllcache\digiinf.dll
[2010/11/01 23:34:22 | 000,159,828 | ---- | C] (Digi International Inc.) -- C:\WINNT\System32\dllcache\digihlc.dll
[2010/11/01 23:34:20 | 000,229,462 | ---- | C] (Digi International Inc.) -- C:\WINNT\System32\dllcache\digifwrk.dll
[2010/11/01 23:34:19 | 000,090,525 | ---- | C] (Digi International Inc.) -- C:\WINNT\System32\dllcache\digifep5.sys
[2010/11/01 23:34:18 | 000,103,044 | ---- | C] (Digi International Inc.) -- C:\WINNT\System32\dllcache\digidxb.sys
[2010/11/01 23:34:17 | 000,131,156 | ---- | C] (Digi International Inc.) -- C:\WINNT\System32\dllcache\digidbp.dll
[2010/11/01 23:34:16 | 000,037,735 | ---- | C] (Digi International Inc.) -- C:\WINNT\System32\dllcache\digiasyn.sys
[2010/11/01 23:34:15 | 000,065,622 | ---- | C] (Digi International Inc.) -- C:\WINNT\System32\dllcache\digiasyn.dll
[2010/11/01 23:34:12 | 000,419,357 | ---- | C] (Digi International) -- C:\WINNT\System32\dllcache\dgconfig.dll
[2010/11/01 23:34:11 | 000,029,531 | ---- | C] (Digi International Inc.) -- C:\WINNT\System32\dllcache\dgapci.sys
[2010/11/01 23:34:10 | 000,024,649 | ---- | C] (D-Link) -- C:\WINNT\System32\dllcache\dfe650d.sys
[2010/11/01 23:34:09 | 000,024,648 | ---- | C] (D-Link) -- C:\WINNT\System32\dllcache\dfe650.sys
[2010/11/01 23:34:07 | 000,024,064 | ---- | C] (Creative Technology Ltd.) -- C:\WINNT\System32\dllcache\devldr32.exe
[2010/11/01 23:34:06 | 000,256,512 | ---- | C] (Creative Technology Ltd.) -- C:\WINNT\System32\dllcache\devcon32.dll
[2010/11/01 23:34:04 | 000,020,928 | ---- | C] (Digital Networks, LLC) -- C:\WINNT\System32\dllcache\defpa.sys
[2010/11/01 23:34:03 | 000,007,424 | ---- | C] (Microsoft Corporation) -- C:\WINNT\System32\dllcache\ddsmc.sys
[2010/11/01 23:34:01 | 000,110,592 | ---- | C] (Microsoft Corporation) -- C:\WINNT\System32\dllcache\dc260usd.dll
[2010/11/01 23:33:59 | 000,086,016 | ---- | C] (Microsoft Corporation) -- C:\WINNT\System32\dllcache\dc240usd.dll
[2010/11/01 23:33:58 | 000,063,208 | ---- | C] (Intel Corporation.) -- C:\WINNT\System32\dllcache\dc21x4.sys
[2010/11/01 23:33:57 | 000,080,896 | ---- | C] (Microsoft Corporation) -- C:\WINNT\System32\dllcache\dc210usd.dll
[2010/11/01 23:33:56 | 000,025,600 | ---- | C] (Microsoft Corporation) -- C:\WINNT\System32\dllcache\dc210_32.dll
[2010/11/01 23:33:52 | 000,014,720 | ---- | C] (Microsoft Corporation) -- C:\WINNT\System32\dllcache\dac960nt.sys
[2010/11/01 23:33:51 | 000,179,584 | ---- | C] (Mylex Corporation) -- C:\WINNT\System32\dllcache\dac2w2k.sys
[2010/11/01 23:33:48 | 000,117,760 | ---- | C] (Intel Corporation) -- C:\WINNT\System32\dllcache\d100ib5.sys
[2010/11/01 23:33:47 | 000,027,648 | ---- | C] (Microsoft Corporation) -- C:\WINNT\System32\dllcache\cyzports.dll
[2010/11/01 23:33:46 | 000,049,792 | ---- | C] (Microsoft Corporation) -- C:\WINNT\System32\dllcache\cyzport.sys
[2010/11/01 23:33:45 | 000,027,136 | ---- | C] (Microsoft Corporation) -- C:\WINNT\System32\dllcache\cyzcoins.dll
[2010/11/01 23:33:44 | 000,027,648 | ---- | C] (Microsoft Corporation) -- C:\WINNT\System32\dllcache\cyyports.dll
[2010/11/01 23:33:43 | 000,050,176 | ---- | C] (Microsoft Corporation) -- C:\WINNT\System32\dllcache\cyyport.sys
[2010/11/01 23:33:42 | 000,028,672 | ---- | C] (Microsoft Corporation) -- C:\WINNT\System32\dllcache\cyycoins.dll
[2010/11/01 23:33:41 | 000,014,848 | ---- | C] (Microsoft Corporation) -- C:\WINNT\System32\dllcache\cyclom-y.sys
[2010/11/01 23:33:40 | 000,048,640 | ---- | C] (Crystal Semiconductor Corp.) -- C:\WINNT\System32\dllcache\cwrwdm.sys
[2010/11/01 23:33:40 | 000,017,152 | ---- | C] (Microsoft Corporation) -- C:\WINNT\System32\dllcache\cyclad-z.sys
[2010/11/01 23:33:39 | 000,093,952 | ---- | C] (Crystal Semiconductor Corp.) -- C:\WINNT\System32\dllcache\cwcwdm.sys
[2010/11/01 23:33:38 | 000,111,872 | ---- | C] (Crystal Semiconductor Corp.) -- C:\WINNT\System32\dllcache\cwcspud.sys
[2010/11/01 23:33:37 | 000,003,584 | ---- | C] (Crystal Semiconductor Corp.) -- C:\WINNT\System32\dllcache\cwcosnt5.sys
[2010/11/01 23:33:36 | 000,072,832 | ---- | C] (Crystal Semiconductor Corp.) -- C:\WINNT\System32\dllcache\cwbwdm.sys
[2010/11/01 23:33:35 | 000,003,072 | ---- | C] (Crystal Semiconductor Corp.) -- C:\WINNT\System32\dllcache\cwbmidi.sys
[2010/11/01 23:33:34 | 000,003,072 | ---- | C] (Crystal Semiconductor Corp.) -- C:\WINNT\System32\dllcache\cwbase.sys
[2010/11/01 23:33:33 | 000,004,096 | ---- | C] (Creative Technology Ltd.) -- C:\WINNT\System32\dllcache\ctwdm32.dll
[2010/11/01 23:33:32 | 000,249,856 | ---- | C] (Comtrol® Corporation) -- C:\WINNT\System32\dllcache\ctmasetp.dll
[2010/11/01 23:33:31 | 000,096,256 | ---- | C] (Copyright © Creative Technology Ltd. 1994-2001) -- C:\WINNT\System32\dllcache\ctlsb16.sys
[2010/11/01 23:33:30 | 000,003,712 | ---- | C] (Creative Technology Ltd.) -- C:\WINNT\System32\dllcache\ctljystk.sys
[2010/11/01 23:33:29 | 000,006,912 | ---- | C] (Creative Technology Ltd.) -- C:\WINNT\System32\dllcache\ctlfacem.sys
[2010/11/01 23:33:27 | 000,042,112 | ---- | C] (Conexant Systems Inc.) -- C:\WINNT\System32\dllcache\crtaud.sys
[2010/11/01 23:33:26 | 000,216,064 | ---- | C] (COMPAQ Inc.) -- C:\WINNT\System32\dllcache\cpscan.dll
[2010/11/01 23:33:25 | 000,060,970 | ---- | C] (Compaq Computer Corp.) -- C:\WINNT\System32\dllcache\cpqtrnd5.sys
[2010/11/01 23:33:24 | 000,021,533 | ---- | C] (Compaq Computer Corporation) -- C:\WINNT\System32\dllcache\cpqndis5.sys
[2010/11/01 23:33:23 | 000,014,976 | ---- | C] (Microsoft Corporation) -- C:\WINNT\System32\dllcache\cpqarray.sys
[2010/11/01 23:33:17 | 000,009,344 | ---- | C] (Microsoft Corporation) -- C:\WINNT\System32\dllcache\compbatt.sys
[2010/11/01 23:33:14 | 000,039,936 | ---- | C] (Conexant Systems, Inc.) -- C:\WINNT\System32\dllcache\cnxt1803.sys
[2010/11/01 23:33:13 | 000,044,032 | ---- | C] (Microsoft Corporation) -- C:\WINNT\System32\dllcache\cnusd.dll
[2010/11/01 23:33:11 | 000,006,656 | ---- | C] (CMD Technology, Inc.) -- C:\WINNT\System32\dllcache\cmdide.sys
[2010/11/01 23:33:10 | 000,020,736 | ---- | C] (OMNIKEY AG) -- C:\WINNT\System32\dllcache\cmbp0wdm.sys
[2010/11/01 23:33:09 | 000,014,080 | ---- | C] (Microsoft Corporation) -- C:\WINNT\System32\dllcache\cmbatt.sys
[2010/11/01 23:33:08 | 000,248,064 | ---- | C] (Microsoft Corporation) -- C:\WINNT\System32\dllcache\cl546xm.sys
[2010/11/01 23:33:07 | 000,170,880 | ---- | C] (Microsoft Corporation) -- C:\WINNT\System32\dllcache\cl546x.dll
[2010/11/01 23:33:06 | 000,111,232 | ---- | C] (Microsoft Corporation) -- C:\WINNT\System32\dllcache\cl5465.dll
[2010/11/01 23:33:06 | 000,045,696 | ---- | C] (Microsoft Corporation) -- C:\WINNT\System32\dllcache\cirrus.sys
[2010/11/01 23:33:05 | 000,091,264 | ---- | C] (Microsoft Corporation) -- C:\WINNT\System32\dllcache\cirrus.dll
[2010/11/01 23:33:03 | 000,272,640 | ---- | C] (RAVISENT Technologies Inc.) -- C:\WINNT\System32\dllcache\cinemclc.sys
[2010/11/01 23:33:02 | 000,980,034 | ---- | C] (Xircom) -- C:\WINNT\System32\dllcache\cicap.sys
[2010/11/01 23:32:57 | 000,008,192 | ---- | C] (Microsoft Corporation) -- C:\WINNT\System32\dllcache\changer.sys
[2010/11/01 23:32:55 | 000,015,423 | ---- | C] (Intel® Corporation) -- C:\WINNT\System32\dllcache\ch7xxnt5.dll
[2010/11/01 23:32:54 | 000,049,182 | ---- | C] (Xircom, Inc.) -- C:\WINNT\System32\dllcache\cem56n5.sys
[2010/11/01 23:32:53 | 000,022,044 | ---- | C] (Xircom, Inc.) -- C:\WINNT\System32\dllcache\cem33n5.sys
[2010/11/01 23:32:53 | 000,022,044 | ---- | C] (Xircom, Inc.) -- C:\WINNT\System32\dllcache\cem28n5.sys
[2010/11/01 23:32:52 | 000,027,164 | ---- | C] (Xircom, Inc.) -- C:\WINNT\System32\dllcache\ce3n5.sys
[2010/11/01 23:32:51 | 000,021,530 | ---- | C] (Xircom, Inc.) -- C:\WINNT\System32\dllcache\ce2n5.sys
[2010/11/01 23:32:50 | 000,007,680 | ---- | C] (Microsoft Corporation) -- C:\WINNT\System32\dllcache\cd20xrnt.sys
[2010/11/01 23:32:49 | 000,714,698 | ---- | C] (Xircom, Inc.) -- C:\WINNT\System32\dllcache\cbmdmkxx.sys
[2010/11/01 23:32:48 | 000,046,108 | ---- | C] (Xircom, Inc.) -- C:\WINNT\System32\dllcache\cben5.sys
[2010/11/01 23:32:47 | 000,039,680 | ---- | C] (Silicom Ltd.) -- C:\WINNT\System32\dllcache\cb325.sys
[2010/11/01 23:32:47 | 000,037,916 | ---- | C] (Fast Ethernet Controller Provider) -- C:\WINNT\System32\dllcache\cb102.sys
[2010/11/01 23:32:45 | 000,032,256 | ---- | C] (Eicon Technology Corporation) -- C:\WINNT\System32\dllcache\diapi2NT.dll
[2010/11/01 23:32:44 | 000,164,923 | ---- | C] (Eicon Technology) -- C:\WINNT\System32\dllcache\diapi2.sys
[2010/11/01 23:32:43 | 000,119,296 | ---- | C] (Microsoft Corporation) -- C:\WINNT\System32\dllcache\camext30.dll
[2010/11/01 23:32:42 | 000,116,736 | ---- | C] (Microsoft Corporation) -- C:\WINNT\System32\dllcache\camext30.ax
[2010/11/01 23:32:41 | 000,236,032 | ---- | C] (Microsoft Corporation) -- C:\WINNT\System32\dllcache\camext20.dll
[2010/11/01 23:32:40 | 000,244,224 | ---- | C] (Microsoft Corporation) -- C:\WINNT\System32\dllcache\camext20.ax
[2010/11/01 23:32:40 | 000,074,240 | ---- | C] (Microsoft Corporation) -- C:\WINNT\System32\dllcache\camexo20.dll
[2010/11/01 23:32:39 | 000,171,264 | ---- | C] (Microsoft Corporation) -- C:\WINNT\System32\dllcache\camdrv30.sys
[2010/11/01 23:32:39 | 000,073,216 | ---- | C] (Microsoft Corporation) -- C:\WINNT\System32\dllcache\camexo20.ax
[2010/11/01 23:32:38 | 000,223,232 | ---- | C] (Microsoft Corporation) -- C:\WINNT\System32\dllcache\camdrv21.sys
[2010/11/01 23:32:37 | 000,314,752 | ---- | C] (Microsoft Corporation) -- C:\WINNT\System32\dllcache\camdro21.sys
[2010/11/01 23:32:16 | 000,013,824 | ---- | C] (Microsoft Corporation) -- C:\WINNT\System32\dllcache\bulltlp3.sys
[2010/11/01 23:32:15 | 000,035,456 | ---- | C] (Microsoft Corporation) -- C:\WINNT\System32\dllcache\bthprint.sys
[2010/11/01 23:32:15 | 000,018,944 | ---- | C] (Microsoft Corporation) -- C:\WINNT\System32\dllcache\bthusb.sys
[2010/11/01 23:32:14 | 000,100,992 | ---- | C] (Microsoft Corporation) -- C:\WINNT\System32\dllcache\bthpan.sys
[2010/11/01 23:32:14 | 000,038,016 | ---- | C] (Microsoft Corporation) -- C:\WINNT\System32\dllcache\bthmodem.sys
[2010/11/01 23:32:13 | 000,017,024 | ---- | C] (Microsoft Corporation) -- C:\WINNT\System32\dllcache\bthenum.sys
[2010/11/01 23:32:12 | 000,031,529 | ---- | C] (BreezeCOM) -- C:\WINNT\System32\dllcache\brzwlan.sys
[2010/11/01 23:32:12 | 000,010,368 | ---- | C] (Brother Industries Ltd.) -- C:\WINNT\System32\dllcache\brusbscn.sys
[2010/11/01 23:32:11 | 000,011,008 | ---- | C] (Brother Industries Ltd.) -- C:\WINNT\System32\dllcache\brusbmdm.sys
[2010/11/01 23:32:10 | 000,060,416 | ---- | C] (Brother Industries Ltd.) -- C:\WINNT\System32\dllcache\brserwdm.sys
[2010/11/01 23:32:10 | 000,009,728 | ---- | C] (Brother Industries, Ltd.) -- C:\WINNT\System32\dllcache\brserif.dll
[2010/11/01 23:32:09 | 000,005,120 | ---- | C] (Brother Industries,Ltd.) -- C:\WINNT\System32\dllcache\brscnrsm.dll
[2010/11/01 23:32:08 | 000,039,552 | ---- | C] (Brother Industries Ltd.) -- C:\WINNT\System32\dllcache\brparwdm.sys
[2010/11/01 23:32:08 | 000,003,168 | ---- | C] (Brother Industries Ltd.) -- C:\WINNT\System32\dllcache\brparimg.sys
[2010/11/01 23:32:05 | 000,041,472 | ---- | C] (Brother Industries, Ltd.) -- C:\WINNT\System32\dllcache\brmfusb.dll
[2010/11/01 23:32:05 | 000,032,256 | ---- | C] (Brother Industries, Ltd.) -- C:\WINNT\System32\dllcache\brmfrsmg.exe
[2010/11/01 23:32:04 | 000,029,696 | ---- | C] (Brother Industries, Ltd.) -- C:\WINNT\System32\dllcache\brmflpt.dll
[2010/11/01 23:32:03 | 000,081,408 | ---- | C] (Microsoft Corporation) -- C:\WINNT\System32\dllcache\brmfcwia.dll
[2010/11/01 23:32:03 | 000,015,360 | ---- | C] (Brother Industries, Ltd.) -- C:\WINNT\System32\dllcache\brmfbidi.dll
[2010/11/01 23:32:02 | 000,012,160 | ---- | C] (Brother Industries, Ltd.) -- C:\WINNT\System32\dllcache\brfiltlo.sys
[2010/11/01 23:32:02 | 000,003,968 | ---- | C] (Brother Industries, Ltd.) -- C:\WINNT\System32\dllcache\brfiltup.sys
[2010/11/01 23:32:01 | 000,012,800 | ---- | C] (Brother Industries, Ltd.) -- C:\WINNT\System32\dllcache\brevif.dll
[2010/11/01 23:32:01 | 000,002,944 | ---- | C] (Brother Industries Ltd.) -- C:\WINNT\System32\dllcache\brfilt.sys
[2010/11/01 23:32:00 | 000,009,728 | ---- | C] (Brother Industries Ltd.) -- C:\WINNT\System32\dllcache\brcoinst.dll
[2010/11/01 23:31:59 | 000,019,456 | ---- | C] (Brother Industries, Ltd.) -- C:\WINNT\System32\dllcache\brbidiif.dll
[2010/11/01 23:31:57 | 000,102,400 | ---- | C] (Microsoft Corporation) -- C:\WINNT\System32\dllcache\binlsvc.dll
[2010/11/01 23:31:56 | 000,871,388 | ---- | C] (BCM) -- C:\WINNT\System32\dllcache\bcmdm.sys
[2010/11/01 23:31:56 | 000,026,568 | ---- | C] (Broadcom Corporation) -- C:\WINNT\System32\dllcache\bcm4e5.sys
[2010/11/01 23:31:55 | 000,066,557 | ---- | C] (Broadcom Corporation) -- C:\WINNT\System32\dllcache\bcm42u.sys
[2010/11/01 23:31:55 | 000,054,271 | ---- | C] (Broadcom Corporation) -- C:\WINNT\System32\dllcache\bcm42xx5.sys
[2010/11/01 23:31:54 | 000,014,080 | ---- | C] (Microsoft Corporation) -- C:\WINNT\System32\dllcache\battc.sys
[2010/11/01 23:31:53 | 000,342,336 | ---- | C] (3Dfx Interactive, Inc.) -- C:\WINNT\System32\dllcache\banshee.dll
[2010/11/01 23:31:53 | 000,036,128 | ---- | C] (3Dfx Interactive, Inc.) -- C:\WINNT\System32\dllcache\banshee.sys
[2010/11/01 23:31:52 | 000,096,640 | ---- | C] (Broadcom Corporation) -- C:\WINNT\System32\dllcache\b57xp32.sys
[2010/11/01 23:31:52 | 000,089,952 | ---- | C] (AVM GmbH) -- C:\WINNT\System32\dllcache\b1cbase.sys
[2010/11/01 23:31:51 | 000,036,992 | ---- | C] (Aztech Systems Ltd) -- C:\WINNT\System32\dllcache\aztw2320.sys
[2010/11/01 23:31:50 | 000,037,568 | ---- | C] (AVM GmbH) -- C:\WINNT\System32\dllcache\avmwan.sys
[2010/11/01 23:31:49 | 000,144,384 | ---- | C] (AVM GmbH) -- C:\WINNT\System32\dllcache\avmenum.dll
[2010/11/01 23:31:49 | 000,087,552 | ---- | C] (AVM GmbH) -- C:\WINNT\System32\dllcache\avmcoxp.dll
[2010/11/01 23:31:48 | 000,013,696 | ---- | C] (Microsoft Corporation) -- C:\WINNT\System32\dllcache\avcstrm.sys
[2010/11/01 23:31:47 | 000,036,096 | ---- | C] (Microsoft Corporation) -- C:\WINNT\System32\dllcache\avcaudio.sys
[2010/11/01 23:31:46 | 000,038,912 | ---- | C] (Microsoft Corporation) -- C:\WINNT\System32\dllcache\avc.sys
[2010/11/01 23:31:43 | 000,017,279 | ---- | C] (Intel® Corporation) -- C:\WINNT\System32\dllcache\atv10nt5.dll
[2010/11/01 23:31:43 | 000,014,143 | ---- | C] (Intel® Corporation) -- C:\WINNT\System32\dllcache\atv06nt5.dll
[2010/11/01 23:31:42 | 000,025,471 | ---- | C] (Intel® Corporation) -- C:\WINNT\System32\dllcache\atv04nt5.dll
[2010/11/01 23:31:41 | 000,011,359 | ---- | C] (Intel® Corporation) -- C:\WINNT\System32\dllcache\atv02nt5.dll
[2010/11/01 23:31:40 | 000,021,183 | ---- | C] (Intel® Corporation) -- C:\WINNT\System32\dllcache\atv01nt5.dll
[2010/11/01 23:31:36 | 000,032,768 | ---- | C] (ATI Technologies Inc.) -- C:\WINNT\System32\dllcache\ativtmxx.dll
[2010/11/01 23:31:35 | 000,023,040 | ---- | C] (ATI Technologies Inc.) -- C:\WINNT\System32\dllcache\ativmvxx.ax
[2010/11/01 23:31:34 | 000,009,728 | ---- | C] (ATI Technologies Inc.) -- C:\WINNT\System32\dllcache\ativdaxx.ax
[2010/11/01 23:31:32 | 000,104,832 | ---- | C] (ATI Technologies Inc.) -- C:\WINNT\System32\dllcache\atiraged.dll
[2010/11/01 23:31:32 | 000,070,528 | ---- | C] (ATI Technologies Inc.) -- C:\WINNT\System32\dllcache\atiragem.sys
[2010/11/01 23:31:31 | 000,063,488 | ---- | C] (ATI Technologies Inc.) -- C:\WINNT\System32\dllcache\atinxsxx.sys
[2010/11/01 23:31:30 | 000,031,744 | ---- | C] (ATI Technologies Inc.) -- C:\WINNT\System32\dllcache\atinxbxx.sys
[2010/11/01 23:31:29 | 000,073,216 | ---- | C] (ATI Technologies Inc.) -- C:\WINNT\System32\dllcache\atintuxx.sys
[2010/11/01 23:31:28 | 000,013,824 | ---- | C] (ATI Technologies Inc.) -- C:\WINNT\System32\dllcache\atinttxx.sys
[2010/11/01 23:31:27 | 000,028,672 | ---- | C] (ATI Technologies Inc.) -- C:\WINNT\System32\dllcache\atinsnxx.sys
[2010/11/01 23:31:26 | 000,104,960 | ---- | C] (ATI Technologies Inc.) -- C:\WINNT\System32\dllcache\atinrvxx.sys
[2010/11/01 23:31:26 | 000,052,224 | ---- | C] (ATI Technologies Inc.) -- C:\WINNT\System32\dllcache\atinraxx.sys
[2010/11/01 23:31:26 | 000,014,336 | ---- | C] (ATI Technologies Inc.) -- C:\WINNT\System32\dllcache\atinpdxx.sys
[2010/11/01 23:31:25 | 000,057,856 | ---- | C] (ATI Technologies Inc.) -- C:\WINNT\System32\dllcache\atinbtxx.sys
[2010/11/01 23:31:25 | 000,013,824 | ---- | C] (ATI Technologies Inc.) -- C:\WINNT\System32\dllcache\atinmdxx.sys
[2010/11/01 23:31:24 | 000,281,600 | ---- | C] (ATI Technologies Inc.) -- C:\WINNT\System32\dllcache\atimtai.sys
[2010/11/01 23:31:24 | 000,075,136 | ---- | C] (ATI Technologies Inc.) -- C:\WINNT\System32\dllcache\atimpae.sys
[2010/11/01 23:31:23 | 000,289,664 | ---- | C] (ATI Technologies Inc.) -- C:\WINNT\System32\dllcache\atimpab.sys
[2010/11/01 23:31:23 | 000,037,376 | ---- | C] (Microsoft Corporation) -- C:\WINNT\System32\dllcache\atievxx.exe
[2010/11/01 23:31:22 | 000,268,160 | ---- | C] (ATI Technologies Inc.) -- C:\WINNT\System32\dllcache\atidvai.dll
[2010/11/01 23:31:22 | 000,137,216 | ---- | C] (ATI Technologies Inc.) -- C:\WINNT\System32\dllcache\atidrae.dll
[2010/11/01 23:31:21 | 000,382,592 | ---- | C] (ATI Technologies Inc.) -- C:\WINNT\System32\dllcache\atidrab.dll
[2010/11/01 23:31:20 | 000,327,040 | ---- | C] (ATI Technologies Inc.) -- C:\WINNT\System32\dllcache\ati2mtaa.sys
[2010/11/01 23:31:19 | 000,377,984 | ---- | C] (ATI Technologies Inc.) -- C:\WINNT\System32\dllcache\ati2dvaa.dll
[2010/11/01 23:31:18 | 000,034,735 | ---- | C] (ATI Technologies Inc.) -- C:\WINNT\System32\dllcache\ati1xsxx.sys
[2010/11/01 23:31:18 | 000,029,455 | ---- | C] (ATI Technologies Inc.) -- C:\WINNT\System32\dllcache\ati1xbxx.sys
[2010/11/01 23:31:17 | 000,036,463 | ---- | C] (ATI Technologies Inc.) -- C:\WINNT\System32\dllcache\ati1tuxx.sys
[2010/11/01 23:31:16 | 000,026,367 | ---- | C] (ATI Technologies Inc.) -- C:\WINNT\System32\dllcache\ati1snxx.sys
[2010/11/01 23:31:16 | 000,021,343 | ---- | C] (ATI Technologies Inc.) -- C:\WINNT\System32\dllcache\ati1ttxx.sys
[2010/11/01 23:31:15 | 000,063,663 | ---- | C] (ATI Technologies Inc.) -- C:\WINNT\System32\dllcache\ati1rvxx.sys
[2010/11/01 23:31:15 | 000,030,671 | ---- | C] (ATI Technologies Inc.) -- C:\WINNT\System32\dllcache\ati1raxx.sys
[2010/11/01 23:31:14 | 000,012,047 | ---- | C] (ATI Technologies Inc.) -- C:\WINNT\System32\dllcache\ati1pdxx.sys
[2010/11/01 23:31:14 | 000,011,615 | ---- | C] (ATI Technologies Inc.) -- C:\WINNT\System32\dllcache\ati1mdxx.sys
[2010/11/01 23:31:13 | 000,077,568 | ---- | C] (ATI Technologies, Inc.) -- C:\WINNT\System32\dllcache\ati.sys
[2010/11/01 23:31:13 | 000,056,623 | ---- | C] (ATI Technologies Inc.) -- C:\WINNT\System32\dllcache\ati1btxx.sys
[2010/11/01 23:31:12 | 000,096,128 | ---- | C] (Microsoft Corporation) -- C:\WINNT\System32\dllcache\ati.dll
[2010/11/01 23:31:10 | 000,097,354 | ---- | C] (Bay Networks, Inc.) -- C:\WINNT\System32\dllcache\aspndis3.sys
[2010/11/01 23:31:09 | 000,022,400 | ---- | C] (Microsoft Corporation) -- C:\WINNT\System32\dllcache\asc3350p.sys
[2010/11/01 23:31:09 | 000,014,848 | ---- | C] (Advanced System Products, Inc.) -- C:\WINNT\System32\dllcache\asc3550.sys
[2010/11/01 23:31:08 | 000,026,496 | ---- | C] (Advanced System Products, Inc.) -- C:\WINNT\System32\dllcache\asc.sys
[2010/11/01 23:31:06 | 000,006,272 | ---- | C] (Microsoft Corporation) -- C:\WINNT\System32\dllcache\apmbatt.sys
[2010/11/01 23:31:05 | 000,036,224 | ---- | C] (ADMtek Incorporated.) -- C:\WINNT\System32\dllcache\an983.sys
[2010/11/01 23:31:04 | 000,016,969 | ---- | C] (AmbiCom, Inc.) -- C:\WINNT\System32\dllcache\amb8002.sys
[2010/11/01 23:31:04 | 000,012,032 | ---- | C] (Microsoft Corporation) -- C:\WINNT\System32\dllcache\amsint.sys
[2010/11/01 23:31:03 | 000,026,624 | ---- | C] (Acer Laboratories Inc.) -- C:\WINNT\System32\dllcache\alifir.sys
[2010/11/01 23:31:03 | 000,005,248 | ---- | C] (Acer Laboratories Inc.) -- C:\WINNT\System32\dllcache\aliide.sys
[2010/11/01 23:31:02 | 000,056,960 | ---- | C] (Microsoft Corporation) -- C:\WINNT\System32\dllcache\aic78xx.sys
[2010/11/01 23:31:02 | 000,027,678 | ---- | C] (Acer Laboratories Inc.) -- C:\WINNT\System32\dllcache\ali5261.sys
[2010/11/01 23:31:01 | 000,055,168 | ---- | C] (Microsoft Corporation) -- C:\WINNT\System32\dllcache\aic78u2.sys
[2010/11/01 23:31:01 | 000,012,800 | ---- | C] (Microsoft Corporation) -- C:\WINNT\System32\dllcache\aha154x.sys
[2010/11/01 23:30:55 | 000,024,576 | ---- | C] (Microsoft Corporation) -- C:\WINNT\System32\dllcache\agcgauge.ax
[2010/11/01 23:30:53 | 000,003,775 | ---- | C] (Intel® Corporation) -- C:\WINNT\System32\dllcache\adv11nt5.dll
[2010/11/01 23:30:53 | 000,003,711 | ---- | C] (Intel® Corporation) -- C:\WINNT\System32\dllcache\adv09nt5.dll
[2010/11/01 23:30:52 | 000,003,135 | ---- | C] (Intel® Corporation) -- C:\WINNT\System32\dllcache\adv08nt5.dll
[2010/11/01 23:30:51 | 000,003,647 | ---- | C] (Intel® Corporation) -- C:\WINNT\System32\dllcache\adv07nt5.dll
[2010/11/01 23:30:50 | 000,003,967 | ---- | C] (Intel® Corporation) -- C:\WINNT\System32\dllcache\adv02nt5.dll
[2010/11/01 23:30:50 | 000,003,615 | ---- | C] (Intel® Corporation) -- C:\WINNT\System32\dllcache\adv05nt5.dll
[2010/11/01 23:30:49 | 000,004,255 | ---- | C] (Intel® Corporation) -- C:\WINNT\System32\dllcache\adv01nt5.dll
[2010/11/01 23:30:47 | 000,101,888 | ---- | C] (Microsoft Corporation) -- C:\WINNT\System32\dllcache\adpu160m.sys
[2010/11/01 23:30:46 | 000,046,112 | ---- | C] (Adaptec, Inc ) -- C:\WINNT\System32\dllcache\adptsf50.sys
[2010/11/01 23:30:45 | 000,010,880 | ---- | C] (Aureal, Inc.) -- C:\WINNT\System32\dllcache\admjoy.sys
[2010/11/01 23:30:43 | 000,747,392 | ---- | C] (Aureal, Inc.) -- C:\WINNT\System32\dllcache\adm8830.sys
[2010/11/01 23:30:43 | 000,584,448 | ---- | C] (Aureal, Inc.) -- C:\WINNT\System32\dllcache\adm8810.sys
[2010/11/01 23:30:43 | 000,553,984 | ---- | C] (Aureal, Inc.) -- C:\WINNT\System32\dllcache\adm8820.sys
[2010/11/01 23:30:42 | 000,020,160 | ---- | C] (ADMtek Incorporated) -- C:\WINNT\System32\dllcache\adm8511.sys
[2010/11/01 23:30:42 | 000,007,424 | ---- | C] (Microsoft Corporation) -- C:\WINNT\System32\dllcache\adicvls.sys
[2010/11/01 23:30:40 | 000,061,440 | ---- | C] (Color Flatbed Scanner) -- C:\WINNT\System32\dllcache\acerscad.dll
[2010/11/01 23:30:39 | 000,297,728 | ---- | C] (Silicon Integrated Systems Corp.) -- C:\WINNT\System32\dllcache\ac97sis.sys
[2010/11/01 23:30:39 | 000,084,480 | ---- | C] (VIA Technologies, Inc.) -- C:\WINNT\System32\dllcache\ac97via.sys
[2010/11/01 23:30:38 | 000,096,256 | ---- | C] (Intel Corporation) -- C:\WINNT\System32\dllcache\ac97intc.sys
[2010/11/01 23:30:37 | 000,231,552 | ---- | C] (Acer Laboratories Inc.) -- C:\WINNT\System32\dllcache\ac97ali.sys
[2010/11/01 23:30:37 | 000,023,552 | ---- | C] (Microsoft Corporation) -- C:\WINNT\System32\dllcache\abp480n5.sys
[2010/11/01 23:30:36 | 000,462,848 | ---- | C] (Aureal Inc.) -- C:\WINNT\System32\dllcache\a3dapi.dll
[2010/11/01 23:30:36 | 000,038,400 | ---- | C] (Microsoft Corporation) -- C:\WINNT\System32\dllcache\8514a.dll
[2010/11/01 23:30:35 | 000,048,128 | ---- | C] (Microsoft Corporation) -- C:\WINNT\System32\dllcache\61883.sys
[2010/11/01 23:30:34 | 000,148,352 | ---- | C] (3dfx Interactive, Inc.) -- C:\WINNT\System32\dllcache\3dfxvsm.sys
[2010/11/01 23:30:34 | 000,012,288 | ---- | C] (Microsoft Corporation) -- C:\WINNT\System32\dllcache\4mmdat.sys
[2010/11/01 23:30:33 | 000,762,780 | ---- | C] (3Com, Inc.) -- C:\WINNT\System32\dllcache\3cwmcru.sys
[2010/11/01 23:30:33 | 000,689,216 | ---- | C] (3dfx Interactive, Inc.) -- C:\WINNT\System32\dllcache\3dfxvs.dll
[2010/11/01 23:30:32 | 000,053,248 | ---- | C] (Microsoft Corporation) -- C:\WINNT\System32\dllcache\1394bus.sys
[2010/11/01 23:30:32 | 000,011,264 | ---- | C] (Microsoft Corporation) -- C:\WINNT\System32\dllcache\1394vdbg.sys
[2010/11/01 23:30:02 | 000,066,048 | ---- | C] (Microsoft Corporation) -- C:\WINNT\System32\dllcache\s3legacy.dll
[2010/11/01 17:02:55 | 016,883,056 | ---- | C] (Microsoft Corporation) -- C:\Program Files\IE8-WindowsXP-x86-ENU.exe
[2010/11/01 16:59:31 | 013,063,352 | ---- | C] (Microsoft Corporation) -- C:\Program Files\mssefullinstall-x86fre-en-us-xp.exe
[2010/11/01 15:45:37 | 000,000,000 | ---D | C] -- C:\Program Files\Winamp Detect
[2010/11/01 15:45:22 | 000,009,072 | ---- | C] (Sonic Solutions) -- C:\WINNT\System32\drivers\cdr4_xp.sys
[2010/11/01 15:45:18 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Doug1\Application Data\Winamp
[2010/11/01 15:42:22 | 011,285,608 | ---- | C] (Nullsoft, Inc.) -- C:\Program Files\winamp5581_full_emusic-7plus_en-us.exe
[2010/10/31 12:05:05 | 000,000,000 | ---D | C] -- C:\Program Files\MSXML 4.0
[2010/10/31 12:01:24 | 000,000,000 | ---D | C] -- C:\Documents and Settings\LocalService\Application Data\Avira
[2010/10/31 12:00:24 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Doug1\Application Data\Avira
[2010/10/30 13:54:44 | 002,181,376 | ---- | C] (Microsoft Corporation) -- C:\WINNT\System32\dllcache\ntoskrnl.exe
[2010/10/30 13:54:43 | 002,058,368 | ---- | C] (Microsoft Corporation) -- C:\WINNT\System32\dllcache\ntkrnlpa.exe
[2010/10/30 13:53:25 | 000,524,317 | ---- | C] (Eastman Software, Inc., A Kodak Business) -- C:\WINNT\System32\dllcache\kodakimg.exe
[2010/10/30 13:53:25 | 000,448,029 | ---- | C] (Eastman Software, Inc., A Kodak Business) -- C:\WINNT\System32\dllcache\oieng400.dll
[2010/10/30 13:53:25 | 000,073,245 | ---- | C] (Eastman Software, Inc., A Kodak Business) -- C:\WINNT\System32\dllcache\kodakprv.exe
[2010/10/30 13:53:25 | 000,038,941 | ---- | C] (Eastman Software, Inc., A Kodak Business) -- C:\WINNT\System32\dllcache\jpeg2x32.dll
[2010/10/30 13:53:25 | 000,033,307 | ---- | C] (Eastman Software, Inc., A Kodak Business) -- C:\WINNT\System32\dllcache\tifflt.dll
[2010/10/30 13:49:54 | 000,272,128 | ---- | C] (Microsoft Corporation) -- C:\WINNT\System32\dllcache\bthport.sys
[2010/10/28 22:26:54 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Java
[2010/10/28 22:26:42 | 000,073,728 | ---- | C] (Sun Microsystems, Inc.) -- C:\WINNT\System32\javacpl.cpl
[2010/10/28 22:26:41 | 000,472,808 | ---- | C] (Sun Microsystems, Inc.) -- C:\WINNT\System32\deployJava1.dll
[2010/10/28 22:26:41 | 000,153,376 | ---- | C] (Sun Microsystems, Inc.) -- C:\WINNT\System32\javaws.exe
[2010/10/28 22:26:41 | 000,145,184 | ---- | C] (Sun Microsystems, Inc.) -- C:\WINNT\System32\javaw.exe
[2010/10/28 22:26:41 | 000,145,184 | ---- | C] (Sun Microsystems, Inc.) -- C:\WINNT\System32\java.exe
[2010/10/28 22:23:13 | 000,874,272 | ---- | C] (Sun Microsystems, Inc.) -- C:\Program Files\jxpiinstall.exe
[2010/10/28 22:07:46 | 001,317,464 | ---- | C] (Kaspersky Lab ZAO) -- C:\Program Files\tdsskiller.exe
[2010/10/28 22:01:25 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Avira
[2010/10/28 22:01:24 | 000,000,000 | ---D | C] -- C:\Program Files\Avira
[2010/10/28 21:54:49 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2010/10/28 20:23:25 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\McAfee
[2010/10/28 20:16:10 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Office Genuine Advantage
[2010/10/28 17:00:25 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft CAPICOM 2.1.0.2
[2010/10/28 16:52:11 | 000,000,000 | ---D | C] -- C:\WINNT\System32\zh-TW
[2010/10/28 16:52:11 | 000,000,000 | ---D | C] -- C:\WINNT\System32\zh-HK
[2010/10/28 16:52:11 | 000,000,000 | ---D | C] -- C:\WINNT\System32\tr-TR
[2010/10/28 16:52:11 | 000,000,000 | ---D | C] -- C:\WINNT\System32\sv-SE
[2010/10/28 16:52:11 | 000,000,000 | ---D | C] -- C:\WINNT\System32\pt-BR
[2010/10/28 16:52:11 | 000,000,000 | ---D | C] -- C:\WINNT\System32\nl-NL
[2010/10/28 16:52:11 | 000,000,000 | ---D | C] -- C:\WINNT\System32\nb-NO
[2010/10/28 16:52:11 | 000,000,000 | ---D | C] -- C:\WINNT\System32\ko-KR
[2010/10/28 16:52:11 | 000,000,000 | ---D | C] -- C:\WINNT\System32\it-IT
[2010/10/28 16:52:11 | 000,000,000 | ---D | C] -- C:\WINNT\System32\he-IL
[2010/10/28 16:52:11 | 000,000,000 | ---D | C] -- C:\WINNT\System32\fr-FR
[2010/10/28 16:52:11 | 000,000,000 | ---D | C] -- C:\WINNT\System32\fi-FI
[2010/10/28 16:52:11 | 000,000,000 | ---D | C] -- C:\WINNT\System32\es-ES
[2010/10/28 16:52:11 | 000,000,000 | ---D | C] -- C:\WINNT\System32\el-GR
[2010/10/28 16:52:11 | 000,000,000 | ---D | C] -- C:\WINNT\System32\de-DE
[2010/10/28 16:52:10 | 000,000,000 | ---D | C] -- C:\WINNT\System32\da-DK
[2010/10/28 16:52:10 | 000,000,000 | ---D | C] -- C:\WINNT\System32\ar-SA
[2010/10/28 16:24:25 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Sun
[2010/10/28 16:24:20 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Java(2)
[2010/10/28 08:49:07 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Doug1\Local Settings\Application Data\AVG Security Toolbar
[2010/10/28 08:43:35 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Common Files
[2010/10/28 08:41:12 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\AVG10
[2010/10/28 08:41:12 | 000,000,000 | ---D | C] -- C:\WINNT\System32\drivers\AVG
[2010/10/28 07:40:11 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\MFAData
[2010/10/27 07:54:53 | 000,000,000 | ---D | C] -- C:\Documents and Settings\LocalService\Application Data\Sun
[2010/10/26 09:49:30 | 000,000,000 | ---D | C] -- C:\Documents and Settings\LocalService\Local Settings\Application Data\Adobe
[2010/10/25 23:08:12 | 001,137,360 | ---- | C] (F-Secure Corporation) -- C:\Program Files\fsbl.exe
[2010/10/25 15:08:05 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NetworkService\Local Settings\Application Data\Adobe
[2010/10/24 20:02:29 | 000,000,000 | ---D | C] -- C:\Program Files\Trend Micro
[2010/10/24 11:53:35 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Doug1\Application Data\Malwarebytes
[2010/10/24 11:45:10 | 000,038,224 | ---- | C] (Malwarebytes Corporation) -- C:\WINNT\System32\drivers\mbamswissarmy.sys
[2010/10/24 11:45:09 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Malwarebytes
[2010/10/24 11:45:08 | 000,020,952 | ---- | C] (Malwarebytes Corporation) -- C:\WINNT\System32\drivers\mbam.sys
[2010/10/24 11:43:01 | 006,153,352 | ---- | C] (Malwarebytes Corporation ) -- C:\Program Files\mbam-setup-1.46.exe
[2010/10/24 10:25:30 | 011,701,704 | ---- | C] (Microsoft Corporation) -- C:\Program Files\windows-kb890830-v3.12.exe
[2010/10/24 07:48:45 | 000,000,000 | ---D | C] -- C:\Program Files\ComPlus Applications
[2010/10/23 22:38:37 | 000,000,000 | ---D | C] -- C:\Documents and Settings\LocalService\Application Data\ATTTOOLBAR
[2010/10/21 21:01:46 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NetworkService\Application Data\Adobe
[2010/10/10 17:29:29 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Doug1\Local Settings\Application Data\Identities
[2010/10/10 17:18:17 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Doug1\Desktop\Lou
[2010/10/10 17:08:41 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Doug1\My Documents\Business
[2010/10/10 16:39:08 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Doug1\My Documents\User Manuals
[2010/10/02 14:27:12 | 000,251,840 | ---- | C] (LG Electronics) -- C:\Program Files\B2CAppSetup.exe
[2010/09/20 10:21:33 | 003,427,248 | ---- | C] (Piriform Ltd) -- C:\Program Files\ccsetup235.exe
[2010/08/10 16:02:54 | 008,573,648 | ---- | C] (Mozilla) -- C:\Program Files\Firefox Setup 3.6.8.exe
[2010/08/10 13:41:47 | 012,754,672 | ---- | C] (Microsoft Corporation) -- C:\Program Files\MP10Setup.exe
[2010/08/09 08:52:09 | 006,259,064 | ---- | C] (Microsoft Corporation) -- C:\Program Files\Silverlight.exe
[2010/03/14 11:24:22 | 000,569,696 | ---- | C] (Google Inc.) -- C:\Program Files\googleupdatesetup.exe
[2010/02/08 17:22:32 | 001,254,952 | ---- | C] (IObit ) -- C:\Program Files\gamebooster.exe
[2010/02/08 16:59:00 | 009,537,816 | ---- | C] (IObit ) -- C:\Program Files\asc-setup.exe
[2010/02/08 15:48:44 | 001,045,936 | ---- | C] (Driver Whiz ) -- C:\Program Files\Driverwhiz.exe
[2010/01/28 15:06:15 | 005,234,424 | ---- | C] (Discordia Limited.) -- C:\Program Files\jZipV1.exe
[2007/08/09 18:02:36 | 099,609,242 | ---- | C] (Macrovision Corporation) -- C:\Program Files\BF2142_Update_1.25.exe.part
[2006/08/02 15:40:43 | 000,151,552 | ---- | C] ( ) -- C:\WINNT\System32\ATIDEMGR.dll
[2006/06/07 01:44:40 | 036,435,440 | ---- | C] (ATI Technologies Inc.) -- C:\Program Files\6-2_xp-2k_dd_ccc_wdm_enu_30152.exe
[6 C:\WINNT\*.tmp files -> C:\WINNT\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2010/11/08 09:34:00 | 000,000,402 | ---- | M] () -- C:\WINNT\tasks\At10.job
[2010/11/08 09:26:01 | 000,000,884 | ---- | M] () -- C:\WINNT\tasks\GoogleUpdateTaskMachineUA.job
[2010/11/08 09:13:13 | 000,000,880 | ---- | M] () -- C:\WINNT\tasks\GoogleUpdateTaskMachineCore.job
[2010/11/08 09:13:12 | 000,013,646 | ---- | M] () -- C:\WINNT\System32\wpa.dbl
[2010/11/08 09:13:12 | 000,000,254 | ---- | M] () -- C:\WINNT\tasks\WGASetup.job
[2010/11/08 09:13:12 | 000,000,232 | ---- | M] () -- C:\WINNT\tasks\OGALogon.job
[2010/11/08 09:12:59 | 000,000,402 | ---- | M] () -- C:\WINNT\tasks\At9.job
[2010/11/08 09:12:59 | 000,000,402 | ---- | M] () -- C:\WINNT\tasks\At8.job
[2010/11/08 09:12:59 | 000,000,402 | ---- | M] () -- C:\WINNT\tasks\At24.job
[2010/11/08 09:12:59 | 000,000,402 | ---- | M] () -- C:\WINNT\tasks\At23.job
[2010/11/08 09:12:59 | 000,000,402 | ---- | M] () -- C:\WINNT\tasks\At22.job
[2010/11/08 09:12:59 | 000,000,402 | ---- | M] () -- C:\WINNT\tasks\At20.job
[2010/11/08 09:12:59 | 000,000,402 | ---- | M] () -- C:\WINNT\tasks\At19.job
[2010/11/08 09:12:59 | 000,000,402 | ---- | M] () -- C:\WINNT\tasks\At18.job
[2010/11/08 09:12:59 | 000,000,402 | ---- | M] () -- C:\WINNT\tasks\At17.job
[2010/11/08 09:12:59 | 000,000,402 | ---- | M] () -- C:\WINNT\tasks\At16.job
[2010/11/08 09:12:59 | 000,000,402 | ---- | M] () -- C:\WINNT\tasks\At15.job
[2010/11/08 09:12:59 | 000,000,402 | ---- | M] () -- C:\WINNT\tasks\At14.job
[2010/11/08 09:12:59 | 000,000,402 | ---- | M] () -- C:\WINNT\tasks\At12.job
[2010/11/08 09:12:57 | 000,002,048 | --S- | M] () -- C:\WINNT\bootstat.dat
[2010/11/07 10:19:07 | 000,502,508 | ---- | M] () -- C:\WINNT\System32\perfh009.dat
[2010/11/07 10:19:07 | 000,096,466 | ---- | M] () -- C:\WINNT\System32\perfc009.dat
[2010/11/07 10:17:33 | 000,000,402 | ---- | M] () -- C:\WINNT\tasks\At21.job
[2010/11/07 10:17:33 | 000,000,402 | ---- | M] () -- C:\WINNT\tasks\At1.job
[2010/11/06 10:11:40 | 016,409,960 | ---- | M] (Safer Networking Limited ) -- C:\Program Files\spybotsd162.exe
[2010/11/06 09:26:28 | 000,000,638 | ---- | M] () -- C:\Documents and Settings\Doug1\Desktop\Winmx.lnk
[2010/11/06 09:25:55 | 001,327,752 | ---- | M] (Mxpie.com ) -- C:\Program Files\Winmx 3.54.exe
[2010/11/06 08:37:24 | 000,575,488 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Doug1\Desktop\OTL.exe
[2010/11/04 17:16:46 | 000,002,133 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\iTunes.lnk
[2010/11/03 09:32:59 | 000,126,856 | ---- | M] (Avira GmbH) -- C:\WINNT\System32\drivers\avipbb.sys
[2010/11/03 09:32:59 | 000,060,936 | ---- | M] (Avira GmbH) -- C:\WINNT\System32\drivers\avgntflt.sys
[2010/11/01 21:25:36 | 000,002,447 | ---- | M] () -- C:\Documents and Settings\Doug1\Desktop\HiJackThis.lnk
[2010/11/01 21:24:01 | 002,957,532 | ---- | M] () -- C:\Program Files\asc.exe
[2010/11/01 20:45:56 | 000,012,552 | ---- | M] () -- C:\WINNT\System32\drivers\hddirect.sys
[2010/11/01 17:06:46 | 016,883,056 | ---- | M] (Microsoft Corporation) -- C:\Program Files\IE8-WindowsXP-x86-ENU.exe
[2010/11/01 17:02:17 | 013,063,352 | ---- | M] (Microsoft Corporation) -- C:\Program Files\mssefullinstall-x86fre-en-us-xp.exe
[2010/11/01 17:00:36 | 000,312,250 | ---- | M] () -- C:\Documents and Settings\Doug1\My Documents\trojan-recovery.pdf
[2010/11/01 15:45:37 | 000,000,654 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Winamp.lnk
[2010/11/01 15:44:33 | 011,285,608 | ---- | M] (Nullsoft, Inc.) -- C:\Program Files\winamp5581_full_emusic-7plus_en-us.exe
[2010/10/30 17:41:03 | 000,020,480 | ---- | M] () -- C:\Documents and Settings\Doug1\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2010/10/30 16:32:02 | 000,142,032 | ---- | M] () -- C:\WINNT\System32\FNTCACHE.DAT
[2010/10/30 14:38:23 | 000,000,045 | ---- | M] () -- C:\WINNT\System32\mapisvc.inf
[2010/10/30 10:53:31 | 000,000,402 | ---- | M] () -- C:\WINNT\tasks\At3.job
[2010/10/30 10:53:31 | 000,000,402 | ---- | M] () -- C:\WINNT\tasks\At2.job
[2010/10/30 01:36:31 | 006,153,352 | ---- | M] (Malwarebytes Corporation ) -- C:\Program Files\mbam-setup-1.46.exe
[2010/10/28 22:26:25 | 000,153,376 | ---- | M] (Sun Microsystems, Inc.) -- C:\WINNT\System32\javaws.exe
[2010/10/28 22:26:25 | 000,145,184 | ---- | M] (Sun Microsystems, Inc.) -- C:\WINNT\System32\javaw.exe
[2010/10/28 22:26:25 | 000,145,184 | ---- | M] (Sun Microsystems, Inc.) -- C:\WINNT\System32\java.exe
[2010/10/28 22:26:25 | 000,073,728 | ---- | M] (Sun Microsystems, Inc.) -- C:\WINNT\System32\javacpl.cpl
[2010/10/28 22:26:24 | 000,472,808 | ---- | M] (Sun Microsystems, Inc.) -- C:\WINNT\System32\deployJava1.dll
[2010/10/28 22:23:19 | 000,874,272 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\jxpiinstall.exe
[2010/10/28 22:07:59 | 001,317,464 | ---- | M] (Kaspersky Lab ZAO) -- C:\Program Files\tdsskiller.exe
[2010/10/28 19:14:38 | 097,961,613 | ---- | M] () -- C:\WINNT\System32\drivers\AVG\incavi.avm
[2010/10/28 06:34:00 | 000,000,402 | ---- | M] () -- C:\WINNT\tasks\At11.job
[2010/10/28 05:34:00 | 000,000,402 | ---- | M] () -- C:\WINNT\tasks\At7.job
[2010/10/28 04:34:00 | 000,000,402 | ---- | M] () -- C:\WINNT\tasks\At6.job
[2010/10/28 03:34:00 | 000,000,402 | ---- | M] () -- C:\WINNT\tasks\At4.job
[2010/10/28 02:34:00 | 000,000,402 | ---- | M] () -- C:\WINNT\tasks\At5.job
[2010/10/27 07:34:00 | 000,000,402 | ---- | M] () -- C:\WINNT\tasks\At13.job
[2010/10/26 22:51:34 | 000,001,324 | ---- | M] () -- C:\WINNT\System32\d3d9caps.dat
[2010/10/25 23:08:24 | 001,137,360 | ---- | M] (F-Secure Corporation) -- C:\Program Files\fsbl.exe
[2010/10/24 20:01:28 | 001,402,880 | ---- | M] () -- C:\Program Files\HiJackThis.msi
[2010/10/24 12:14:29 | 000,294,912 | ---- | M] () -- C:\Program Files\rqq2nwdo.exe
[2010/10/24 11:45:13 | 000,000,696 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes' Anti-Malware.lnk
[2010/10/24 10:36:16 | 011,701,704 | ---- | M] (Microsoft Corporation) -- C:\Program Files\windows-kb890830-v3.12.exe
[2010/10/22 14:02:58 | 000,625,796 | ---- | M] () -- C:\WINNT\System32\drivers\AVG\iavifw.avm
[2010/10/21 23:51:35 | 000,000,006 | ---- | M] () -- C:\Documents and Settings\Doug1\Application Data\completescan
[2010/10/10 16:42:54 | 002,228,224 | ---- | M] () -- C:\Documents and Settings\Doug1\Desktop\My Money.mny
[6 C:\WINNT\*.tmp files -> C:\WINNT\*.tmp -> ]

========== Files Created - No Company Name ==========

[2010/11/06 09:26:28 | 000,000,638 | ---- | C] () -- C:\Documents and Settings\Doug1\Desktop\Winmx.lnk
[2010/11/02 00:01:20 | 000,017,408 | ---- | C] () -- C:\WINNT\System32\dllcache\xrxscnui.dll
[2010/11/02 00:01:16 | 000,027,648 | ---- | C] () -- C:\WINNT\System32\dllcache\xrxftplt.exe
[2010/11/01 23:37:53 | 000,165,888 | ---- | C] () -- C:\WINNT\System32\dllcache\hpgt53.dll
[2010/11/01 23:37:48 | 000,093,696 | ---- | C] () -- C:\WINNT\System32\dllcache\hpgt42.dll
[2010/11/01 23:37:44 | 000,101,376 | ---- | C] () -- C:\WINNT\System32\dllcache\hpgt34.dll
[2010/11/01 23:37:40 | 000,089,088 | ---- | C] () -- C:\WINNT\System32\dllcache\hpgt33.dll
[2010/11/01 23:37:35 | 000,083,968 | ---- | C] () -- C:\WINNT\System32\dllcache\hpgt21.dll
[2010/11/01 23:34:38 | 000,029,768 | ---- | C] () -- C:\WINNT\System32\dllcache\divasu.dll
[2010/11/01 23:34:37 | 000,037,962 | ---- | C] () -- C:\WINNT\System32\dllcache\divaprop.dll
[2010/11/01 23:34:36 | 000,006,216 | ---- | C] () -- C:\WINNT\System32\dllcache\divaci.dll
[2010/11/01 23:31:38 | 000,026,624 | ---- | C] () -- C:\WINNT\System32\dllcache\ativxbar.sys
[2010/11/01 23:31:38 | 000,023,552 | ---- | C] () -- C:\WINNT\System32\dllcache\atixbar.sys
[2010/11/01 23:31:37 | 000,019,456 | ---- | C] () -- C:\WINNT\System32\dllcache\ativttxx.sys
[2010/11/01 23:31:35 | 000,009,472 | ---- | C] () -- C:\WINNT\System32\dllcache\ativmdcd.sys
[2010/11/01 23:31:34 | 000,017,152 | ---- | C] () -- C:\WINNT\System32\dllcache\atitvsnd.sys
[2010/11/01 23:31:33 | 000,049,920 | ---- | C] () -- C:\WINNT\System32\dllcache\atirtcap.sys
[2010/11/01 23:31:33 | 000,026,880 | ---- | C] () -- C:\WINNT\System32\dllcache\atirtsnd.sys
[2010/11/01 23:31:33 | 000,017,152 | ---- | C] () -- C:\WINNT\System32\dllcache\atitunep.sys
[2010/11/01 23:31:31 | 000,010,240 | ---- | C] () -- C:\WINNT\System32\dllcache\atipcxxx.sys
[2010/11/01 23:31:21 | 000,046,464 | ---- | C] () -- C:\WINNT\System32\dllcache\atibt829.sys
[2010/11/01 21:25:28 | 000,002,447 | ---- | C] () -- C:\Documents and Settings\Doug1\Desktop\HiJackThis.lnk
[2010/11/01 21:18:40 | 002,957,532 | ---- | C] () -- C:\Program Files\asc.exe
[2010/11/01 20:45:56 | 000,012,552 | ---- | C] () -- C:\WINNT\System32\drivers\hddirect.sys
[2010/11/01 17:00:36 | 000,312,250 | ---- | C] () -- C:\Documents and Settings\Doug1\My Documents\trojan-recovery.pdf
[2010/11/01 15:45:37 | 000,000,654 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Winamp.lnk
[2010/10/28 19:14:38 | 097,961,613 | ---- | C] () -- C:\WINNT\System32\drivers\AVG\incavi.avm
[2010/10/28 16:52:11 | 000,000,232 | ---- | C] () -- C:\WINNT\tasks\OGALogon.job
[2010/10/24 20:01:15 | 001,402,880 | ---- | C] () -- C:\Program Files\HiJackThis.msi
[2010/10/24 12:14:27 | 000,294,912 | ---- | C] () -- C:\Program Files\rqq2nwdo.exe
[2010/10/24 11:45:13 | 000,000,696 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes' Anti-Malware.lnk
[2010/10/22 14:02:58 | 000,625,796 | ---- | C] () -- C:\WINNT\System32\drivers\AVG\iavifw.avm
[2010/10/21 20:46:34 | 000,000,006 | ---- | C] () -- C:\Documents and Settings\Doug1\Application Data\completescan
[2010/10/21 20:39:00 | 000,000,402 | ---- | C] () -- C:\WINNT\tasks\At24.job
[2010/10/21 20:39:00 | 000,000,402 | ---- | C] () -- C:\WINNT\tasks\At23.job
[2010/10/21 20:39:00 | 000,000,402 | ---- | C] () -- C:\WINNT\tasks\At22.job
[2010/10/21 20:39:00 | 000,000,402 | ---- | C] () -- C:\WINNT\tasks\At21.job
[2010/10/21 20:39:00 | 000,000,402 | ---- | C] () -- C:\WINNT\tasks\At20.job
[2010/10/21 20:39:00 | 000,000,402 | ---- | C] () -- C:\WINNT\tasks\At19.job
[2010/10/21 20:39:00 | 000,000,402 | ---- | C] () -- C:\WINNT\tasks\At18.job
[2010/10/21 20:39:00 | 000,000,402 | ---- | C] () -- C:\WINNT\tasks\At17.job
[2010/10/21 20:39:00 | 000,000,402 | ---- | C] () -- C:\WINNT\tasks\At16.job
[2010/10/21 20:39:00 | 000,000,402 | ---- | C] () -- C:\WINNT\tasks\At15.job
[2010/10/21 20:39:00 | 000,000,402 | ---- | C] () -- C:\WINNT\tasks\At14.job
[2010/10/21 20:38:59 | 000,000,402 | ---- | C] () -- C:\WINNT\tasks\At9.job
[2010/10/21 20:38:59 | 000,000,402 | ---- | C] () -- C:\WINNT\tasks\At8.job
[2010/10/21 20:38:59 | 000,000,402 | ---- | C] () -- C:\WINNT\tasks\At13.job
[2010/10/21 20:38:59 | 000,000,402 | ---- | C] () -- C:\WINNT\tasks\At12.job
[2010/10/21 20:38:59 | 000,000,402 | ---- | C] () -- C:\WINNT\tasks\At11.job
[2010/10/21 20:38:59 | 000,000,402 | ---- | C] () -- C:\WINNT\tasks\At10.job
[2010/10/21 20:38:56 | 000,000,402 | ---- | C] () -- C:\WINNT\tasks\At7.job
[2010/10/21 20:38:56 | 000,000,402 | ---- | C] () -- C:\WINNT\tasks\At6.job
[2010/10/21 20:38:55 | 000,000,402 | ---- | C] () -- C:\WINNT\tasks\At5.job
[2010/10/21 20:38:55 | 000,000,402 | ---- | C] () -- C:\WINNT\tasks\At4.job
[2010/10/21 20:38:55 | 000,000,402 | ---- | C] () -- C:\WINNT\tasks\At3.job
[2010/10/21 20:38:55 | 000,000,402 | ---- | C] () -- C:\WINNT\tasks\At2.job
[2010/10/21 20:38:54 | 000,000,402 | ---- | C] () -- C:\WINNT\tasks\At1.job
[2010/10/02 14:32:25 | 000,053,248 | ---- | C] () -- C:\WINNT\System32\CommonDL.dll
[2010/10/02 14:32:25 | 000,002,413 | ---- | C] () -- C:\WINNT\System32\lgAxconfig.ini
[2010/07/14 08:42:28 | 044,089,904 | ---- | C] () -- C:\Program Files\avira_antivir_personal_en.exe
[2010/07/05 16:25:34 | 000,069,632 | ---- | C] () -- C:\WINNT\realbap1.dll
[2010/07/05 16:25:34 | 000,045,568 | ---- | C] () -- C:\WINNT\realbsf1.dll
[2010/07/04 08:35:59 | 000,069,632 | ---- | C] () -- C:\WINNT\System32\realbap1.dll
[2010/07/04 08:35:59 | 000,045,568 | ---- | C] () -- C:\WINNT\System32\realbsf1.dll
[2010/06/14 09:24:26 | 000,000,469 | ---- | C] () -- C:\WINNT\thumbs.ini
[2010/04/13 14:55:36 | 000,056,832 | ---- | C] () -- C:\WINNT\System32\iyvu9_32.dll
[2010/03/05 12:28:36 | 000,112,688 | ---- | C] () -- C:\WINNT\System32\shw32.dll
[2010/01/09 19:40:09 | 000,020,480 | ---- | C] () -- C:\Documents and Settings\Doug1\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2010/01/08 13:38:23 | 000,529,953 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\phn.dat
[2010/01/08 07:08:30 | 000,000,128 | ---- | C] () -- C:\Documents and Settings\Doug1\Local Settings\Application Data\fusioncache.dat
[2009/12/29 16:17:28 | 000,030,208 | ---- | C] () -- C:\WINNT\System32\WNASPI32.DLL
[2009/12/29 16:17:28 | 000,000,283 | ---- | C] () -- C:\WINNT\msfsetup.ini
[2009/12/26 14:57:49 | 000,001,743 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\QTSBandwidthCache
[2009/12/07 08:45:21 | 000,016,370 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\hpzinstall.log
[2007/08/09 18:02:38 | 000,000,000 | ---- | C] () -- C:\Program Files\BF2142_Update_1.25.exe
[2006/08/02 16:02:23 | 000,086,016 | ---- | C] () -- C:\WINNT\System32\ati2evxx.dll
[2006/06/07 13:35:22 | 000,000,000 | ---- | C] () -- C:\WINNT\OpPrintServer.INI
[2005/08/09 16:13:31 | 000,831,488 | ---- | C] () -- C:\WINNT\System32\libeay32.dll
[2005/08/09 16:13:31 | 000,159,744 | ---- | C] () -- C:\WINNT\System32\ssleay32.dll
[2005/08/09 16:12:28 | 003,596,288 | ---- | C] () -- C:\WINNT\System32\qt-dx331.dll
[2004/09/22 13:53:28 | 000,001,670 | ---- | C] () -- C:\WINNT\wbocx.ini
[2004/08/04 06:00:00 | 000,027,440 | ---- | C] () -- C:\WINNT\System32\drivers\secdrv.sys
[2004/08/03 18:56:46 | 000,363,520 | ---- | C] () -- C:\WINNT\System32\psisdecd.dll
[2004/07/09 15:22:37 | 000,000,398 | ---- | C] () -- C:\WINNT\TBPlugin.INI
[2004/07/09 15:22:37 | 000,000,243 | ---- | C] () -- C:\WINNT\avconfig.ini
[2004/04/16 19:12:31 | 000,106,496 | ---- | C] () -- C:\WINNT\System32\SaiCfg.dll
[2004/04/08 20:24:49 | 000,000,025 | ---- | C] () -- C:\WINNT\cdplayer.ini
[2004/02/28 15:22:35 | 000,000,000 | ---- | C] () -- C:\WINNT\OPPRIN~1.INI
[2004/02/05 21:11:58 | 000,000,010 | ---- | C] () -- C:\WINNT\WININIT.INI
[2004/02/05 20:32:36 | 000,000,432 | ---- | C] () -- C:\WINNT\SIERRA.INI
[2004/02/05 19:22:54 | 000,000,832 | ---- | C] () -- C:\WINNT\ODBC.INI
[2004/02/05 16:23:02 | 000,021,952 | -H-- | C] () -- C:\Program Files\folder.htt
[2004/02/05 08:03:55 | 000,004,073 | ---- | C] () -- C:\WINNT\ODBCINST.INI
[2002/05/17 16:18:30 | 000,124,928 | ---- | C] () -- C:\WINNT\System32\mp4fil32.dll
[2001/10/24 18:00:40 | 000,524,288 | ---- | C] () -- C:\WINNT\System32\TDI-SonyOMG.dll
[2001/07/06 15:30:00 | 000,003,399 | ---- | C] () -- C:\WINNT\System32\hptcpmon.ini
[2000/10/09 09:50:00 | 000,028,672 | ---- | C] () -- C:\WINNT\System32\NavLogon.dll
[1999/12/07 06:00:00 | 000,176,400 | ---- | C] () -- C:\WINNT\System32\qcut.dll
[1999/09/25 04:36:24 | 000,088,816 | ---- | C] () -- C:\WINNT\System32\drivers\lvcam.sys
[1999/09/25 04:36:22 | 000,017,424 | ---- | C] () -- C:\WINNT\System32\drivers\lvsound.sys

========== Custom Scans ==========


< %SYSTEMDRIVE%\*.exe >
[2005/08/03 23:16:38 | 017,173,837 | ---- | M] (Macrovision Corporation) -- C:\bf2patch_v_102.exe
[2006/03/15 22:54:41 | 085,550,150 | ---- | M] (Macrovision Corporation) -- C:\bf2_incremental_patch_1.12-1.2.exe
[2006/03/15 19:16:09 | 085,550,150 | ---- | M] (Macrovision Corporation) -- C:\bf2_incremental_patch_1.12_-_1.2.exe
[2006/03/15 20:41:22 | 385,389,772 | ---- | M] (Macrovision Corporation) -- C:\bf2_patch_121.exe
[2006/03/15 17:34:26 | 014,590,230 | ---- | M] (Macrovision Corporation) -- C:\bf2_patch_121_incremental.exe
[2006/03/16 00:03:34 | 294,285,337 | ---- | M] (Macrovision Corporation) -- C:\bf2_v1_12update.exe


< MD5 for: EXPLORER.EXE >
[2004/08/04 06:00:00 | 001,032,192 | ---- | M] (Microsoft Corporation) MD5=A0732187050030AE399B241436565E64 -- C:\WINNT\explorer.exe
[2004/08/04 06:00:00 | 001,032,192 | ---- | M] (Microsoft Corporation) MD5=A0732187050030AE399B241436565E64 -- C:\WINNT\system32\dllcache\explorer.exe

< MD5 for: WINLOGON.EXE >
[2004/08/04 06:00:00 | 000,502,272 | ---- | M] (Microsoft Corporation) MD5=01C3346C241652F43AED8E2149881BFE -- C:\WINNT\system32\dllcache\winlogon.exe
[2004/08/04 06:00:00 | 000,502,272 | ---- | M] (Microsoft Corporation) MD5=01C3346C241652F43AED8E2149881BFE -- C:\WINNT\system32\winlogon.exe
[2004/08/24 16:59:09 | 000,182,544 | ---- | M] (Microsoft Corporation) MD5=5922E8055EB439A58EF29530D8567A40 -- C:\WINNT\$NtUpdateRollupPackUninstall$\winlogon.exe

< %systemroot%\*. /mp /s >

< %systemroot%\system32\*.dll /lockedfiles >

< %systemroot%\Tasks\*.job /lockedfiles >

< %systemroot%\system32\drivers\*.sys /lockedfiles >

< %systemroot%\System32\config\*.sav >
[2010/01/03 05:36:51 | 000,262,144 | ---- | M] () -- C:\WINNT\system32\config\default.sav
[2010/01/03 11:23:37 | 000,028,672 | ---- | M] () -- C:\WINNT\system32\config\security.sav
[2010/01/03 05:36:51 | 026,550,272 | ---- | M] () -- C:\WINNT\system32\config\software.sav
[2010/01/03 05:36:54 | 004,980,736 | ---- | M] () -- C:\WINNT\system32\config\system.sav

< %systemroot%\system32\drivers\*.sys /90 >
[2010/11/03 09:32:59 | 000,060,936 | ---- | M] (Avira GmbH) -- C:\WINNT\system32\drivers\avgntflt.sys
[2010/11/03 09:32:59 | 000,126,856 | ---- | M] (Avira GmbH) -- C:\WINNT\system32\drivers\avipbb.sys
[2010/11/01 20:45:56 | 000,012,552 | ---- | M] () -- C:\WINNT\system32\drivers\hddirect.sys

========== Files - Unicode (All) ==========
[2004/03/17 22:03:39 | 000,000,000 | ---- | M] ()(C:\WINNT\?) -- C:\WINNT\꽐
[2004/03/17 22:03:39 | 000,000,000 | ---- | C] ()(C:\WINNT\?) -- C:\WINNT\꽐

< End of report >
I ran rootkit unhooker and nothing was found
please see above post for remaining symptoms. Maybe I got past the worst of the virus but I don't know how to fix the rest

Thanks Again

#7 myrti

myrti

    Sillyberry


  • Malware Study Hall Admin
  • 33,784 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:At home
  • Local time:05:18 AM

Posted 09 November 2010 - 02:00 AM

Hi,

could you please post the log from Rootkit Unhooker anyways. It may still contain information I need.

regards myrti

is that a bird?  a plane? nooo it's the flying blueberry!

If I have been helping you and haven't replied in 2 days, feel free to shoot me a PM! Please don't send help request via PM, unless I am already helping you. Use the forums!

animinionsmalltext.gif

Follow BleepingComputer on: Facebook | Twitter | Google+


#8 Buzzkill

Buzzkill
  • Topic Starter

  • Members
  • 13 posts
  • OFFLINE
  •  
  • Local time:10:18 PM

Posted 09 November 2010 - 06:48 PM

OK, It's attached

Attached Files



#9 myrti

myrti

    Sillyberry


  • Malware Study Hall Admin
  • 33,784 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:At home
  • Local time:05:18 AM

Posted 11 November 2010 - 03:46 AM

Hi,

that is not the log I asked you to create. Make sure you go to the report tab first, don't run a scan directly on the drivers.

regards myrti

is that a bird?  a plane? nooo it's the flying blueberry!

If I have been helping you and haven't replied in 2 days, feel free to shoot me a PM! Please don't send help request via PM, unless I am already helping you. Use the forums!

animinionsmalltext.gif

Follow BleepingComputer on: Facebook | Twitter | Google+


#10 Buzzkill

Buzzkill
  • Topic Starter

  • Members
  • 13 posts
  • OFFLINE
  •  
  • Local time:10:18 PM

Posted 11 November 2010 - 10:19 AM

Hi Myrti.
I'm sorry I'm having trouble understanding...I opened rootkit unhooker, clicked the report tab, checked drivers and stealth code, unchecked the rest and then saved the report and attached it. when i ran the scan, on the report tab it said only; >Drivers
>Stealth
Nothing detected:(

I'm not sure what I'm doing wrong...the report I attached was what came out when I clicked save report

#11 myrti

myrti

    Sillyberry


  • Malware Study Hall Admin
  • 33,784 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:At home
  • Local time:05:18 AM

Posted 11 November 2010 - 11:48 AM

Hi,

ok, I'll check. The layout of the log seems off. The content of it seems clean however.

Please run a scan with ComboFix next:
Please download ComboFix from one of these locations:

Link 1
Link 2

* IMPORTANT !!! Save ComboFix.exe to your Desktop
  • Temporarily disable isable your AntiVirus and AntiSpyware applications. They may otherwise interfere with our tools
    Usually this can be done via a right click on the System Tray icon, check this tutorial for disabling the most common security programs: Link

  • Double click on ComboFix.exe & follow the prompts.
  • As part of it's process, ComboFix will check to see if the Microsoft Windows Recovery Console is installed. With malware infections being as they are today, it's strongly recommended to have this pre-installed on your machine before doing any malware removal. It will allow you to boot up into a special recovery/repair mode that will allow us to more easily help you should your computer have a problem after an attempted removal of malware.
  • Follow the prompts to allow ComboFix to download and install the Microsoft Windows Recovery Console, and when prompted, agree to the End-User License Agreement to install the Microsoft Windows Recovery Console.
**Please note: If the Microsoft Windows Recovery Console is already installed, ComboFix will continue it's malware removal procedures.

Posted Image


Once the Microsoft Windows Recovery Console is installed using ComboFix, you should see the following message:

Posted Image


Click on Yes, to continue scanning for malware.

When finished, it will produce a log for you. Please include the C:\ComboFix.txt in your next reply.

This tool is not a toy and not for everyday use.
ComboFix SHOULD NOT be used unless requested by a forum helper


If you need help, see this link:
http://www.bleepingcomputer.com/combofix/how-to-use-combofix

is that a bird?  a plane? nooo it's the flying blueberry!

If I have been helping you and haven't replied in 2 days, feel free to shoot me a PM! Please don't send help request via PM, unless I am already helping you. Use the forums!

animinionsmalltext.gif

Follow BleepingComputer on: Facebook | Twitter | Google+


#12 Buzzkill

Buzzkill
  • Topic Starter

  • Members
  • 13 posts
  • OFFLINE
  •  
  • Local time:10:18 PM

Posted 11 November 2010 - 04:51 PM

OK Myrti,

Here's the combofix log.

I want to thank you for your help and patience. It means a lot

Attached Files



#13 myrti

myrti

    Sillyberry


  • Malware Study Hall Admin
  • 33,784 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:At home
  • Local time:05:18 AM

Posted 14 November 2010 - 04:52 PM

Hi,

sorry for the delay. This is looking like progress.

Please make sure that you can view all hidden files. Instructions on how to do this can be found here:

How to see hidden files in Windows

Please click this link-->Jotti

When the jotti page has finished loading, click the browse button and navigate to the file listed below in bold, then click Submit.

C:\windows\system32\winlogon.exe

Please post back the results of the scan in your next post.

If Jotti is busy, try the same at Virustotal: http://www.virustotal.com/

Edited by myrti, 14 November 2010 - 04:53 PM.

is that a bird?  a plane? nooo it's the flying blueberry!

If I have been helping you and haven't replied in 2 days, feel free to shoot me a PM! Please don't send help request via PM, unless I am already helping you. Use the forums!

animinionsmalltext.gif

Follow BleepingComputer on: Facebook | Twitter | Google+


#14 Buzzkill

Buzzkill
  • Topic Starter

  • Members
  • 13 posts
  • OFFLINE
  •  
  • Local time:10:18 PM

Posted 14 November 2010 - 07:58 PM

OK, I'm just gonna throw you the kitchen sink:

Jotti: File size: 502272 bytes
Filetype: PE32 executable for MS Windows (GUI) Intel 80386 32-bit
MD5: 01c3346c241652f43aed8e2149881bfe
SHA1: a5396141cab8b22d9d88b28a814089537dce366a

[ArcaVir]
2010-11-13 Found nothing
[G DATA]
2010-11-13 Found nothing
[Avast! antivirus]
2010-11-12 Found nothing
[Ikarus]
2010-11-12 Found nothing
[Grisoft AVG Anti-Virus]
2010-11-12 Found nothing
[Kaspersky Anti-Virus]
2010-11-12 Found nothing
[Avira AntiVir]
2010-11-12 Found nothing
[ESET NOD32]
2010-11-12 Found nothing
[Softwin BitDefender]
2010-11-13 Found nothing
[Panda Antivirus]
2010-11-12 Found nothing
[ClamAV]
2010-11-13 Found nothing
[Quick Heal]
2010-11-12 Found nothing
[CPsecure]
2010-11-13 Found nothing
[Sophos]
2010-11-13 Found nothing
[Dr.Web]
2010-11-13 Found nothing
[VirusBlokAda VBA32]
2010-11-12 Found nothing
[Frisk F-Prot Antivirus]
2010-11-13 Found nothing
[VirusBuster]
2010-11-12 Found nothing
[F-Secure Anti-Virus]
2010-11-13 Found nothing


VirusTotal:

1 VT Community user(s) with a total of 3 reputation credit(s) say(s) this sample is goodware. 0 VT Community user(s) with a total of 0 reputation credit(s) say(s) this sample is malware.
File name:
WINLOGON.EXE
Submission date:
2010-11-13 16:09:20 (UTC)
Current status:
finished
Result:
0 /43 (0.0%)

VT Community

goodware
Safety score: 100.0%
Compact
Print results
Antivirus Version Last Update Result
AhnLab-V3 2010.11.14.00 2010.11.13 -
AntiVir 7.10.13.235 2010.11.12 -
Antiy-AVL 2.0.3.7 2010.11.13 -
Authentium 5.2.0.5 2010.11.13 -
Avast 4.8.1351.0 2010.11.13 -
Avast5 5.0.594.0 2010.11.13 -
AVG 9.0.0.851 2010.11.13 -
BitDefender 7.2 2010.11.13 -
CAT-QuickHeal 11.00 2010.11.09 -
ClamAV 0.96.4.0 2010.11.13 -
Comodo 6705 2010.11.13 -
DrWeb 5.0.2.03300 2010.11.13 -
Emsisoft 5.0.0.50 2010.11.13 -
eSafe 7.0.17.0 2010.11.11 -
eTrust-Vet 36.1.7973 2010.11.13 -
F-Prot 4.6.2.117 2010.11.13 -
F-Secure 9.0.16160.0 2010.11.13 -
Fortinet 4.2.249.0 2010.11.13 -
GData 21 2010.11.13 -
Ikarus T3.1.1.90.0 2010.11.13 -
Jiangmin 13.0.900 2010.11.13 -
K7AntiVirus 9.67.2973 2010.11.12 -
Kaspersky 7.0.0.125 2010.11.13 -
McAfee 5.400.0.1158 2010.11.13 -
McAfee-GW-Edition 2010.1C 2010.11.12 -
Microsoft 1.6301 2010.11.13 -
NOD32 5616 2010.11.13 -
Norman 6.06.10 2010.11.13 -
nProtect 2010-11-13.01 2010.11.13 -
Panda 10.0.2.7 2010.11.13 -
PCTools 7.0.3.5 2010.11.13 -
Prevx 3.0 2010.11.13 -
Rising 22.73.04.00 2010.11.13 -
Sophos 4.59.0 2010.11.13 -
Sunbelt 7299 2010.11.13 -
SUPERAntiSpyware 4.40.0.1006 2010.11.13 -
Symantec 20101.2.0.161 2010.11.13 -
TheHacker 6.7.0.1.083 2010.11.13 -
TrendMicro 9.120.0.1004 2010.11.13 -
TrendMicro-HouseCall 9.120.0.1004 2010.11.13 -
VBA32 3.12.14.2 2010.11.12 -
ViRobot 2010.11.13.4145 2010.11.13 -
VirusBuster 12.75.1.0 2010.11.12 -
Additional information
Show all
MD5 : 01c3346c241652f43aed8e2149881bfe
SHA1 : a5396141cab8b22d9d88b28a814089537dce366a
SHA256: affd0973cd3128083417d407f62bc4a635fc25b65dbf52e91d3ab4ae2f9c1b4a

#15 myrti

myrti

    Sillyberry


  • Malware Study Hall Admin
  • 33,784 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:At home
  • Local time:05:18 AM

Posted 15 November 2010 - 04:15 AM

Hi,

are you still getting redirected? Do you use a router?

is that a bird?  a plane? nooo it's the flying blueberry!

If I have been helping you and haven't replied in 2 days, feel free to shoot me a PM! Please don't send help request via PM, unless I am already helping you. Use the forums!

animinionsmalltext.gif

Follow BleepingComputer on: Facebook | Twitter | Google+





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users