Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Windows XP Recovery, Cryptic.CVD and Rootkits


  • This topic is locked This topic is locked
27 replies to this topic

#1 Andrew_97

Andrew_97

  • Members
  • 36 posts
  • OFFLINE
  •  
  • Local time:02:39 PM

Posted 19 May 2011 - 08:16 PM

My problem and the steps I followed are here.

Here is the DD.txt log. I attached attach.txt and Ark.txt

.
DDS (Ver_11-05-19.01) - NTFSx86
Internet Explorer: 8.0.6001.18702 BrowserJavaVersion: 1.6.0_24
Run by Andrew at 1:16:55 on 2011-05-20
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.2038.471 [GMT 2:00]
.
AV: AVG Anti-Virus Free Edition 2011 *Enabled/Updated* {17DDD097-36FF-435F-9E1B-52D74245D6BF}
AV: Lavasoft Ad-Watch Live! Anti-Virus *Enabled/Updated* {A1C4F2E0-7FDE-4917-AFAE-013EFC3EDE33}
.
============== Running Processes ===============
.
C:\PROGRA~1\AVG\AVG10\avgchsvx.exe
C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe
C:\WINDOWS\system32\svchost.exe -k WudfServiceGroup
svchost.exe
svchost.exe
C:\WINDOWS\System32\WLTRYSVC.EXE
C:\WINDOWS\System32\bcmwltry.exe
C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe
C:\WINDOWS\system32\spoolsv.exe
svchost.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\AVG\AVG10\avgwdsvc.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Google\Update\1.3.21.53\GoogleCrashHandler.exe
C:\Program Files\Secunia\PSI\sua.exe
C:\WINDOWS\system32\svchost.exe -k imgsvc
C:\Program Files\Switch Off\swoff.exe
C:\WINDOWS\system32\SearchIndexer.exe
C:\Program Files\AVG\AVG10\avgnsx.exe
C:\Program Files\AVG\AVG10\Identity Protection\Agent\Bin\AVGIDSAgent.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\DellTPad\Apoint.exe
C:\Program Files\SigmaTel\C-Major Audio\WDM\stsystra.exe
C:\Program Files\Dell\Dell Mobile Broadband\systray.exe
C:\Program Files\AVG\AVG10\avgtray.exe
C:\WINDOWS\system32\igfxpers.exe
C:\WINDOWS\system32\igfxsrvc.exe
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\Program Files\DellTPad\ApMsgFwd.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\DellTPad\HidFind.exe
C:\Program Files\DellTPad\Apntex.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\Windows Desktop Search\WindowsSearch.exe
C:\Program Files\AVG\AVG10\Identity Protection\agent\bin\avgidsmonitor.exe
C:\PROGRA~1\AVG\AVG10\avgrsx.exe
C:\Program Files\AVG\AVG10\avgcsrvx.exe
C:\WINDOWS\system32\WISPTIS.EXE
C:\Program Files\Adobe\Acrobat 7.0\Acrobat\Acrobat.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe
C:\Documents and Settings\Andrew\Desktop\dds.scr
C:\WINDOWS\system32\WSCRIPT.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://www.google.com/
uInternet Connection Wizard,ShellNext = iexplore
BHO: {02478D38-C3F9-4efb-9B51-7695ECA05670} - No File
BHO: AcroIEHlprObj Class: {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - c:\program files\adobe\acrobat 7.0\activex\AcroIEHelper.dll
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: BitComet Helper: {39f7e362-828a-4b5a-bcaf-5b79bfdfea60} - c:\program files\bitcomet\tools\BitCometBHO_1.4.12.6.dll
BHO: AVG Safe Search: {3ca2f312-6f6e-4b53-a66e-4e65e497c8c0} - c:\program files\avg\avg10\avgssie.dll
BHO: Spybot-S&D IE Protection: {53707962-6f74-2d53-2644-206d7942484f} - c:\progra~1\spybot~1\SDHelper.dll
BHO: {5C255C8A-E604-49b4-9D64-90988571CECB} - No File
BHO: RoboForm: {724d43a9-0d85-11d4-9908-00400523e39a} - c:\program files\siber systems\ai roboform\roboform.dll
BHO: CatcherBHO Class: {9b4df450-dcc7-4b07-935d-0cd757a64583} - c:\program files\moyea youtube flv downloader\MoyeaCatcher.dll
BHO: Google Toolbar Helper: {aa58ed58-01dd-4d91-8333-cf10577473f7} - c:\program files\google\google toolbar\GoogleToolbar_32.dll
BHO: {AE7CD045-E861-484f-8273-0445EE161910} - No File
BHO: Google Toolbar Notifier BHO: {af69de43-7d58-4638-b6fa-ce66b5ad205d} - c:\program files\google\googletoolbarnotifier\5.7.6406.1642\swg.dll
BHO: FDMIECookiesBHO Class: {cc59e0f9-7e43-44fa-9faa-8377850bf205} - c:\program files\free download manager\iefdm2.dll
BHO: Java™ Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
TB: &RoboForm: {724d43a0-0d85-11d4-9908-00400523e39a} - c:\program files\siber systems\ai roboform\roboform.dll
TB: Google Toolbar: {2318c2b1-4965-11d4-9b18-009027a5cd4f} - c:\program files\google\google toolbar\GoogleToolbar_32.dll
TB: {043C5167-00BB-4324-AF7E-62013FAEDACF} - No File
TB: {47833539-D0C5-4125-9FA8-0819E2EAAC93} - No File
EB: {182EC0BE-5110-49C8-A062-BEB1D02A220B} - No File
EB: &Research: {ff059e31-cc5a-4e2e-bf3b-96e929d65503} - c:\progra~1\micros~3\office12\REFIEBAR.DLL
uRun: [CTFMON.EXE] c:\windows\system32\ctfmon.exe
uRun: [SpybotSD TeaTimer] c:\program files\spybot - search & destroy\TeaTimer.exe
uRun: [swg] "c:\program files\google\googletoolbarnotifier\GoogleToolbarNotifier.exe"
uRun: [cdloader] "c:\documents and settings\andrew\application data\mjusbsp\cdloader2.exe" MAGICJACK
mRun: [Apoint] c:\program files\delltpad\Apoint.exe
mRun: [SigmatelSysTrayApp] %ProgramFiles%\SigmaTel\C-Major Audio\WDM\stsystra.exe
mRun: [systray] c:\program files\dell\dell mobile broadband\systray.exe
mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 9.0\reader\Reader_sl.exe"
mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe"
mRun: [AVG_TRAY] c:\program files\avg\avg10\avgtray.exe
mRun: [IgfxTray] c:\windows\system32\igfxtray.exe
mRun: [Persistence] c:\windows\system32\igfxpers.exe
mRun: [SigmaTel Audio] c:\program files\sigmatel\c-major audio\dellxpm_5515v133\setup.exe -postqfe
mRun: [dellsupportcenter] "c:\program files\dell support center\bin\sprtcmd.exe" /P dellsupportcenter
mRun: [SunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe"
dRun: [CTFMON.EXE] c:\windows\system32\CTFMON.EXE
StartupFolder: c:\docume~1\andrew\startm~1\programs\startup\adobea~1.lnk - c:\windows\installer\{ac76ba86-1033-af00-ba7e-100000000002}\SC_Acrobat.exe
StartupFolder: c:\docume~1\andrew\startm~1\programs\startup\window~1.lnk - c:\program files\windows desktop search\WindowsSearch.exe
IE: Download video with Free Download Manager - file://c:\program files\free download manager\dlfvideo.htm
IE: Download with Free Download Manager - file://c:\program files\free download manager\dllink.htm
IE: Google Sidewiki... - c:\program files\google\google toolbar\component\GoogleToolbarDynamic_mui_en_6CE5017F567343CA.dll/cmsidewiki.html
IE: {CCA281CA-C863-46ef-9331-5C8D4460577F} - c:\program files\widcomm\bluetooth software\btsendto_ie.htm
IE: {D18A0B52-D63C-4ed0-AFC6-C1E3DC1AF43A} - res://c:\program files\bitcomet\tools\BitCometBHO_1.4.12.6.dll/206
IE: {d9288080-1baa-4bc4-9cf8-a92d743db949}
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - c:\progra~1\micros~3\office12\ONBttnIE.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~3\office12\REFIEBAR.DLL
IE: {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - {53707962-6F74-2D53-2644-206D7942484F} - c:\progra~1\spybot~1\SDHelper.dll
DPF: {01A88BB1-1174-41EC-ACCB-963509EAE56B} - hxxp://support.dell.com/systemprofiler/SysPro.CAB
DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} - hxxp://appldnld.apple.com.edgesuite.net/content.info.apple.com/QuickTime/qtactivex/qtplugin.cab
DPF: {05CA9FB0-3E3E-4B36-BF41-0E3A5CAA8CD8} - hxxp://download.microsoft.com/download/e/4/9/e494c802-dd90-4c6b-a074-469358f075a6/OGAControl.cab
DPF: {0CCA191D-13A6-4E29-B746-314DEE697D83} - hxxp://upload.facebook.com/controls/2008.10.10_v5.5.8/FacebookPhotoUploader5.cab
DPF: {166B1BCA-3F9C-11CF-8075-444553540000} - hxxp://download.macromedia.com/pub/shockwave/cabs/director/sw.cab
DPF: {362C56AA-6E4F-40C7-A0B5-85501DBDAD77} - hxxp://i.dell.com/images/global/js/scanner/SysProExe.cab
DPF: {5D6F45B3-9043-443D-A792-115447494D24} - hxxp://messenger.zone.msn.com/EN-US/a-UNO1/GAME_UNO1.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab
DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} - hxxp://fpdownload.macromedia.com/get/flashplayer/current/polarbear/ultrashim.cab
DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} - hxxp://messenger.zone.msn.com/binary/ZIntro.cab56649.cab
DPF: {C1F8FC10-E5DB-4112-9DBF-6C3FF728D4E3} - hxxp://support.dell.com/systemprofiler/DellSystemLite.CAB
DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} - hxxp://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab
DPF: {CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_05-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab
DPF: {CF84DAC5-A4F5-419E-A0BA-C01FFD71112F} - hxxp://content.systemrequirementslab.com.s3.amazonaws.com/global/bin/srldetect_intel_4.4.24.0.cab
DPF: {E6F480FC-BD44-4CBA-B74A-89AF7842937D} - hxxp://content.systemrequirementslab.com.s3.amazonaws.com/global/bin/srldetect_cyri_4.4.21.0.cab
TCP: {0B4E30C7-724A-40D3-96AC-B3E4C4C78FF4} = 163.121.128.134,163.121.128.135
Handler: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - c:\program files\avg\avg10\avgpp.dll
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - c:\progra~1\common~1\skype\SKYPE4~1.DLL
Notify: !SASWinLogon - c:\program files\superantispyware\SASWINLO.DLL
Notify: igfxcui - igfxdev.dll
Notify: NavLogon - c:\windows\system32\NavLogon.dll
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll
SEH: Windows Desktop Search Namespace Manager: {56f9679e-7826-4c84-81f3-532071a8bcc5} - c:\program files\windows desktop search\MSNLNamespaceMgr.dll
SEH: SABShellExecuteHook Class: {5ae067d3-9afb-48e0-853a-ebb7f4a000da} - c:\program files\superantispyware\SASSEH.DLL
Hosts: 127.0.0.1 www.spywareinfo.com
.
================= FIREFOX ===================
.
FF - ProfilePath - c:\documents and settings\andrew\application data\mozilla\firefox\profiles\ogjof8ok.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.google.com/
FF - prefs.js: network.proxy.http - 127.0.0.1
FF - prefs.js: network.proxy.http_port - 62808
FF - prefs.js: network.proxy.type - 1
FF - component: c:\program files\avg\avg10\firefox4\components\avgssff4.dll
FF - plugin: c:\program files\google\google earth\plugin\npgeplugin.dll
FF - plugin: c:\program files\google\google updater\2.4.1536.6592\npCIDetect13.dll
FF - plugin: c:\program files\google\update\1.3.21.53\npGoogleUpdate3.dll
FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files\mozilla firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
FF - Ext: Java Quick Starter: jqs@sun.com - c:\program files\java\jre6\lib\deploy\jqs\ff
FF - Ext: AVG Safe Search: {1E73965B-8B48-48be-9C8D-68B920ABC1C4} - c:\program files\avg\avg10\Firefox4
.
============= SERVICES / DRIVERS ===============
.
R0 AVGIDSEH;AVGIDSEH;c:\windows\system32\drivers\AVGIDSEH.sys [2010-9-13 25680]
R0 Avgrkx86;AVG Anti-Rootkit Driver;c:\windows\system32\drivers\avgrkx86.sys [2010-9-7 26064]
R0 Lbd;Lbd;c:\windows\system32\drivers\Lbd.sys [2010-4-15 64288]
R1 Avgldx86;AVG AVI Loader Driver;c:\windows\system32\drivers\avgldx86.sys [2010-9-7 251728]
R1 Avgmfx86;AVG Mini-Filter Resident Anti-Virus Shield;c:\windows\system32\drivers\avgmfx86.sys [2010-9-7 34384]
R1 Avgtdix;AVG TDI Driver;c:\windows\system32\drivers\avgtdix.sys [2010-11-9 299984]
R1 SASDIFSV;SASDIFSV;c:\program files\superantispyware\sasdifsv.sys [2010-2-17 12872]
R1 SASKUTIL;SASKUTIL;c:\program files\superantispyware\SASKUTIL.SYS [2010-5-10 67656]
R2 AVGIDSAgent;AVGIDSAgent;c:\program files\avg\avg10\identity protection\agent\bin\AVGIDSAgent.exe [2011-1-6 6128720]
R2 avgwd;AVG WatchDog;c:\program files\avg\avg10\avgwdsvc.exe [2010-10-22 265400]
R2 Secunia Update Agent;Secunia Update Agent;c:\program files\secunia\psi\sua.exe [2011-4-19 399416]
R2 SwOffScheduler;Airytec Switch Off - Task Scheduler;c:\program files\switch off\swoff.exe -service --> c:\program files\switch off\swoff.exe -service [?]
R3 AVGIDSDriver;AVGIDSDriver;c:\windows\system32\drivers\AVGIDSDriver.sys [2010-8-19 123472]
R3 AVGIDSFilter;AVGIDSFilter;c:\windows\system32\drivers\AVGIDSFilter.sys [2010-8-19 30288]
R3 AVGIDSShim;AVGIDSShim;c:\windows\system32\drivers\AVGIDSShim.sys [2010-8-19 26192]
R3 genmcmnUSB;USB Scroll Mouse Driver;c:\windows\system32\drivers\gflmouhid.sys [2003-8-7 6528]
R3 IntcHdmiAddService;Intel® High Definition Audio HDMI Service;c:\windows\system32\drivers\IntcHdmi.sys [2008-10-22 105984]
R3 Lavasoft Kernexplorer;Lavasoft helper driver;c:\program files\lavasoft\ad-aware\kernexplorer.sys [2010-8-12 15232]
S?2 Lavasoft Ad-Aware Service;Lavasoft Ad-Aware Service;c:\program files\lavasoft\ad-aware\AAWService.exe [2010-8-12 2146496]
S2 gupdate;Google Update Service (gupdate);c:\program files\google\update\GoogleUpdate.exe [2009-12-21 135664]
S2 SwOffWeb;Airytec Switch Off - Web Interface;c:\program files\switch off\swoff.exe -service --> c:\program files\switch off\swoff.exe -service [?]
S3 cpudrv;cpudrv;c:\program files\systemrequirementslab\cpudrv.sys [2009-12-18 11336]
S3 gupdatem;Google Update Service (gupdatem);c:\program files\google\update\GoogleUpdate.exe [2009-12-21 135664]
S3 PSI;PSI;c:\windows\system32\drivers\psi_mf.sys [2010-9-1 15544]
S3 Secunia PSI Agent;Secunia PSI Agent;c:\program files\secunia\psi\psia.exe [2011-4-19 993848]
S3 xcpip;TCP/IP Protocol Driver;c:\windows\system32\drivers\xcpip.sys --> c:\windows\system32\drivers\xcpip.sys [?]
S3 xpsec;IPSEC driver;c:\windows\system32\drivers\xpsec.sys --> c:\windows\system32\drivers\xpsec.sys [?]
.
=============== Created Last 30 ================
.
2011-05-19 00:24:11 -------- d-----w- c:\documents and settings\andrew\application data\SUPERAntiSpyware.com
2011-05-19 00:24:11 -------- d-----w- c:\documents and settings\all users\application data\SUPERAntiSpyware.com
2011-05-19 00:23:40 -------- d-----w- c:\program files\SUPERAntiSpyware
2011-05-15 15:01:50 138752 -c--a-w- c:\windows\system32\dllcache\sndvol32.exe
2011-05-15 15:01:50 138752 ----a-w- c:\windows\system32\sndvol32.exe
2011-05-15 14:43:59 116224 -c--a-w- c:\windows\system32\dllcache\xrxwiadr.dll
2011-05-15 14:43:55 23040 -c--a-w- c:\windows\system32\dllcache\xrxwbtmp.dll
2011-05-15 14:43:54 18944 -c--a-w- c:\windows\system32\dllcache\xrxscnui.dll
2011-05-15 14:43:48 27648 -c--a-w- c:\windows\system32\dllcache\xrxftplt.exe
2011-05-15 14:43:45 4608 -c--a-w- c:\windows\system32\dllcache\xrxflnch.exe
2011-05-15 14:43:11 99865 -c--a-w- c:\windows\system32\dllcache\xlog.exe
2011-05-15 14:43:00 16970 -c--a-w- c:\windows\system32\dllcache\xem336n5.sys
2011-05-15 14:42:59 19455 -c--a-w- c:\windows\system32\dllcache\wvchntxx.sys
2011-05-15 14:42:55 8192 -c--a-w- c:\windows\system32\dllcache\wshirda.dll
2011-05-15 14:42:55 12063 -c--a-w- c:\windows\system32\dllcache\wsiintxx.sys
2011-05-15 14:42:36 154624 -c--a-w- c:\windows\system32\dllcache\wlluc48.sys
2011-05-15 14:42:33 34890 -c--a-w- c:\windows\system32\dllcache\wlandrv2.sys
2011-05-15 14:42:20 771581 -c--a-w- c:\windows\system32\dllcache\winacisa.sys
2011-05-15 14:42:12 53760 -c--a-w- c:\windows\system32\dllcache\wiamsmud.dll
2011-05-15 14:42:09 87040 -c--a-w- c:\windows\system32\dllcache\wiafbdrv.dll
2011-05-15 14:40:58 397502 -c--a-w- c:\windows\system32\dllcache\vpctcom.sys
2011-05-15 14:40:49 604253 -c--a-w- c:\windows\system32\dllcache\vmodem.sys
2011-05-15 14:40:41 249402 -c--a-w- c:\windows\system32\dllcache\vinwm.sys
2011-05-15 14:40:36 5376 -c--a-w- c:\windows\system32\dllcache\viaide.sys
2011-05-15 14:40:36 24576 -c--a-w- c:\windows\system32\dllcache\viairda.sys
2011-05-15 14:40:35 42240 -c--a-w- c:\windows\system32\dllcache\viaagp.sys
2011-05-15 14:40:34 11325 -c--a-w- c:\windows\system32\dllcache\vchnt5.dll
2011-05-15 14:40:26 687999 -c--a-w- c:\windows\system32\dllcache\usrwdxjs.sys
2011-05-15 14:40:23 765884 -c--a-w- c:\windows\system32\dllcache\usrti.sys
2011-05-15 14:40:15 113762 -c--a-w- c:\windows\system32\dllcache\usrpda.sys
2011-05-15 14:40:12 7556 -c--a-w- c:\windows\system32\dllcache\usroslba.sys
2011-05-15 14:40:06 224802 -c--a-w- c:\windows\system32\dllcache\usr1807a.sys
2011-05-15 14:40:01 794399 -c--a-w- c:\windows\system32\dllcache\usr1806v.sys
2011-05-15 14:38:58 211968 -c--a-w- c:\windows\system32\dllcache\um54scan.dll
2011-05-15 14:38:56 216064 -c--a-w- c:\windows\system32\dllcache\um34scan.dll
2011-05-15 14:38:52 36736 -c--a-w- c:\windows\system32\dllcache\ultra.sys
2011-05-15 14:38:49 44672 -c--a-w- c:\windows\system32\dllcache\uagp35.sys
2011-05-15 14:38:46 11520 -c--a-w- c:\windows\system32\dllcache\twotrack.sys
2011-05-15 14:38:33 166784 -c--a-w- c:\windows\system32\dllcache\tridxpm.sys
2011-05-15 14:38:28 525568 -c--a-w- c:\windows\system32\dllcache\tridxp.dll
2011-05-15 14:38:23 159232 -c--a-w- c:\windows\system32\dllcache\tridkbm.sys
2011-05-15 14:38:20 440576 -c--a-w- c:\windows\system32\dllcache\tridkb.dll
2011-05-15 14:38:12 222336 -c--a-w- c:\windows\system32\dllcache\trid3dm.sys
2011-05-15 14:38:09 315520 -c--a-w- c:\windows\system32\dllcache\trid3d.dll
2011-05-15 14:38:04 34375 -c--a-w- c:\windows\system32\dllcache\tpro4.sys
2011-05-15 14:36:53 30464 -c--a-w- c:\windows\system32\dllcache\tbatm155.sys
2011-05-15 14:36:46 7040 -c--a-w- c:\windows\system32\dllcache\tandqic.sys
2011-05-15 14:36:39 36640 -c--a-w- c:\windows\system32\dllcache\t2r4mini.sys
2011-05-15 14:36:36 172768 -c--a-w- c:\windows\system32\dllcache\t2r4disp.dll
2011-05-15 14:36:28 32640 -c--a-w- c:\windows\system32\dllcache\symc8xx.sys
2011-05-15 14:36:26 16256 -c--a-w- c:\windows\system32\dllcache\symc810.sys
2011-05-15 14:36:19 30688 -c--a-w- c:\windows\system32\dllcache\sym_u3.sys
2011-05-15 14:36:16 28384 -c--a-w- c:\windows\system32\dllcache\sym_hi.sys
2011-05-15 14:36:09 94293 -c--a-w- c:\windows\system32\dllcache\sxports.dll
2011-05-15 14:36:07 103936 -c--a-w- c:\windows\system32\dllcache\sx.sys
2011-05-15 14:36:02 3968 -c--a-w- c:\windows\system32\dllcache\swusbflt.sys
2011-05-15 14:35:59 10240 -c--a-w- c:\windows\system32\dllcache\swpidflt.dll
2011-05-15 14:35:56 10240 -c--a-w- c:\windows\system32\dllcache\swpdflt2.dll
2011-05-15 14:35:51 53760 -c--a-w- c:\windows\system32\dllcache\sw_wheel.dll
2011-05-15 14:35:49 41472 -c--a-w- c:\windows\system32\dllcache\sw_effct.dll
2011-05-15 14:35:39 155648 -c--a-w- c:\windows\system32\dllcache\stlnprop.dll
2011-05-15 14:35:32 53248 -c--a-w- c:\windows\system32\dllcache\stlncoin.dll
2011-05-15 14:35:29 285760 -c--a-w- c:\windows\system32\dllcache\stlnata.sys
2011-05-15 14:35:23 16896 -c--a-w- c:\windows\system32\dllcache\stcusb.sys
2011-05-15 14:35:10 48736 -c--a-w- c:\windows\system32\dllcache\srwlnd5.sys
2011-05-15 14:35:05 99328 -c--a-w- c:\windows\system32\dllcache\srusd.dll
2011-05-15 14:35:00 24660 -c--a-w- c:\windows\system32\dllcache\spxupchk.dll
2011-05-15 14:34:47 61824 -c--a-w- c:\windows\system32\dllcache\speed.sys
2011-05-15 14:34:44 106584 -c--a-w- c:\windows\system32\dllcache\spdports.dll
2011-05-15 14:34:39 19072 -c--a-w- c:\windows\system32\dllcache\sparrow.sys
2011-05-15 14:34:36 7552 -c--a-w- c:\windows\system32\dllcache\sonypvu1.sys
2011-05-15 14:34:31 37040 -c--a-w- c:\windows\system32\dllcache\sonypi.sys
2011-05-15 14:34:26 114688 -c--a-w- c:\windows\system32\dllcache\sonypi.dll
2011-05-15 14:34:24 20752 -c--a-w- c:\windows\system32\dllcache\sonync.sys
2011-05-15 14:34:16 9600 -c--a-w- c:\windows\system32\dllcache\sonymc.sys
2011-05-15 14:34:15 7552 -c--a-w- c:\windows\system32\dllcache\sonyait.sys
2011-05-15 14:34:11 7040 -c--a-w- c:\windows\system32\dllcache\snyaitmc.sys
2011-05-15 14:32:59 73832 -c--a-w- c:\windows\system32\dllcache\slcoinst.dll
2011-05-15 14:31:51 161568 -c--a-w- c:\windows\system32\dllcache\sgsmusb.sys
2011-05-15 14:31:49 18400 -c--a-w- c:\windows\system32\dllcache\sgsmld.sys
2011-05-15 14:31:43 98080 -c--a-w- c:\windows\system32\dllcache\sgiulnt5.sys
2011-05-15 14:31:37 386560 -c--a-w- c:\windows\system32\dllcache\sgiul50.dll
2011-05-15 14:31:35 36480 -c--a-w- c:\windows\system32\dllcache\sfmanm.sys
2011-05-15 14:31:28 6784 -c--a-w- c:\windows\system32\dllcache\serscan.sys
2011-05-15 14:31:25 17664 -c--a-w- c:\windows\system32\dllcache\sermouse.sys
2011-05-15 14:31:13 6912 -c--a-w- c:\windows\system32\dllcache\seaddsmc.sys
2011-05-15 14:31:12 11520 -c--a-w- c:\windows\system32\dllcache\scsiscan.sys
2011-05-15 14:31:10 11648 -c--a-w- c:\windows\system32\dllcache\scsiprnt.sys
2011-05-15 14:31:00 17280 -c--a-w- c:\windows\system32\dllcache\scr111.sys
2011-05-15 14:29:58 166720 -c--a-w- c:\windows\system32\dllcache\s3m.sys
2011-05-15 14:29:55 65664 -c--a-w- c:\windows\system32\dllcache\s3legacy.sys
2011-05-15 14:29:55 166912 -c--a-w- c:\windows\system32\dllcache\s3gnbm.sys
2011-05-15 14:29:54 397056 -c--a-w- c:\windows\system32\dllcache\s3gnb.dll
2011-05-15 14:29:43 82432 -c--a-w- c:\windows\system32\dllcache\rwia450.dll
2011-05-15 14:29:40 79872 -c--a-w- c:\windows\system32\dllcache\rwia430.dll
2011-05-15 14:29:37 29696 -c--a-w- c:\windows\system32\dllcache\rw450ext.dll
2011-05-15 14:29:35 27648 -c--a-w- c:\windows\system32\dllcache\rw430ext.dll
2011-05-15 14:29:28 20992 -c--a-w- c:\windows\system32\dllcache\rtl8139.sys
2011-05-15 14:29:23 19017 -c--a-w- c:\windows\system32\dllcache\rtl8029.sys
2011-05-15 14:29:19 30720 -c--a-w- c:\windows\system32\dllcache\rthwcls.sys
2011-05-15 14:29:11 9216 -c--a-w- c:\windows\system32\dllcache\rsmgrstr.dll
2011-05-15 14:29:08 3840 -c--a-w- c:\windows\system32\dllcache\rpfun.sys
2011-05-15 14:28:59 79104 -c--a-w- c:\windows\system32\dllcache\rocket.sys
2011-05-15 14:28:59 30592 -c--a-w- c:\windows\system32\dllcache\rndismpx.sys
2011-05-15 14:28:55 37563 -c--a-w- c:\windows\system32\dllcache\rlnet5.sys
2011-05-15 14:28:52 59136 -c--a-w- c:\windows\system32\dllcache\rfcomm.sys
2011-05-15 14:28:45 86097 -c--a-w- c:\windows\system32\dllcache\reslog32.dll
2011-05-15 14:28:42 13776 -c--a-w- c:\windows\system32\dllcache\recagent.sys
2011-05-15 14:28:37 19584 -c--a-w- c:\windows\system32\dllcache\rasirda.sys
2011-05-15 14:28:30 714762 -c--a-w- c:\windows\system32\dllcache\r2mdmkxx.sys
2011-05-15 14:28:27 899146 -c--a-w- c:\windows\system32\dllcache\r2mdkxga.sys
2011-05-15 14:28:19 41472 -c--a-w- c:\windows\system32\dllcache\qvusd.dll
2011-05-15 14:28:16 3328 -c--a-w- c:\windows\system32\dllcache\qv2kux.sys
2011-05-15 14:28:05 49024 -c--a-w- c:\windows\system32\dllcache\ql1280.sys
2011-05-15 14:26:55 121344 -c--a-w- c:\windows\system32\dllcache\phvfwext.dll
2011-05-15 14:25:57 29769 -c--a-w- c:\windows\system32\dllcache\pcntn5m.sys
2011-05-15 14:24:58 48000 -c--a-w- c:\windows\system32\dllcache\ovcam2.sys
2011-05-15 14:23:55 87040 -c--a-w- c:\windows\system32\dllcache\nm6wdm.sys
2011-05-15 14:23:50 126080 -c--a-w- c:\windows\system32\dllcache\nm5a2wdm.sys
2011-05-15 14:23:47 32840 -c--a-w- c:\windows\system32\dllcache\ngrpci.sys
2011-05-15 14:23:42 132695 -c--a-w- c:\windows\system32\dllcache\netwlan5.sys
2011-05-15 14:23:36 65278 -c--a-w- c:\windows\system32\dllcache\netflx3.sys
2011-05-15 14:23:31 39264 -c--a-w- c:\windows\system32\dllcache\neo20xx.sys
2011-05-15 14:23:27 60480 -c--a-w- c:\windows\system32\dllcache\neo20xx.dll
2011-05-15 14:23:25 15872 -c--a-w- c:\windows\system32\dllcache\ne2000.sys
2011-05-15 14:23:17 91488 -c--a-w- c:\windows\system32\dllcache\n9i3disp.dll
2011-05-15 14:23:15 27936 -c--a-w- c:\windows\system32\dllcache\n9i3d.sys
2011-05-15 14:23:10 33088 -c--a-w- c:\windows\system32\dllcache\n9i128v2.sys
2011-05-15 14:23:07 59104 -c--a-w- c:\windows\system32\dllcache\n9i128v2.dll
2011-05-15 14:23:05 13664 -c--a-w- c:\windows\system32\dllcache\n9i128.sys
2011-05-15 14:21:48 2944 -c--a-w- c:\windows\system32\dllcache\msmpu401.sys
2011-05-15 14:21:46 22016 -c--a-w- c:\windows\system32\dllcache\msircomm.sys
2011-05-15 14:21:11 35200 -c--a-w- c:\windows\system32\dllcache\msgame.sys
2011-05-15 14:21:08 6016 -c--a-w- c:\windows\system32\dllcache\msfsio.sys
2011-05-15 14:20:59 17280 -c--a-w- c:\windows\system32\dllcache\mraid35x.sys
2011-05-15 14:20:40 16128 -c--a-w- c:\windows\system32\dllcache\modemcsa.sys
2011-05-15 14:20:28 6528 -c--a-w- c:\windows\system32\dllcache\miniqic.sys
2011-05-15 14:20:17 320384 -c--a-w- c:\windows\system32\dllcache\mgaum.sys
2011-05-15 14:20:15 235648 -c--a-w- c:\windows\system32\dllcache\mgaud.dll
2011-05-15 14:20:09 26112 -c--a-w- c:\windows\system32\dllcache\memstpci.sys
2011-05-15 14:20:07 47616 -c--a-w- c:\windows\system32\dllcache\memgrp.dll
2011-05-15 14:20:00 8320 -c--a-w- c:\windows\system32\dllcache\memcard.sys
2011-05-15 14:18:57 70730 -c--a-w- c:\windows\system32\dllcache\lne100tx.sys
2011-05-15 14:18:55 20573 -c--a-w- c:\windows\system32\dllcache\lne100.sys
2011-05-15 14:18:53 25065 -c--a-w- c:\windows\system32\dllcache\lmndis3.sys
2011-05-15 14:18:47 15744 -c--a-w- c:\windows\system32\dllcache\lit220p.sys
2011-05-15 14:18:44 34688 -c--a-w- c:\windows\system32\dllcache\lbrtfdc.sys
2011-05-15 14:18:38 26442 -c--a-w- c:\windows\system32\dllcache\lanepic5.sys
2011-05-15 14:18:36 19016 -c--a-w- c:\windows\system32\dllcache\ktc111.sys
2011-05-15 14:18:32 37376 -c--a-w- c:\windows\system32\dllcache\kousd.dll
2011-05-15 14:18:19 253952 -c--a-w- c:\windows\system32\dllcache\kdsusd.dll
2011-05-15 14:18:18 48640 -c--a-w- c:\windows\system32\dllcache\kdsui.dll
2011-05-15 14:17:49 8192 -c--a-w- c:\windows\system32\dllcache\kbdkor.dll
2011-05-15 14:17:47 8704 -c--a-w- c:\windows\system32\dllcache\kbdjpn.dll
2011-05-15 14:17:16 6144 -c--a-w- c:\windows\system32\dllcache\kbd106.dll
2011-05-15 14:17:15 5632 -c--a-w- c:\windows\system32\dllcache\kbd103.dll
2011-05-15 14:17:09 6144 -c--a-w- c:\windows\system32\dllcache\kbd101c.dll
2011-05-15 14:17:07 6144 -c--a-w- c:\windows\system32\dllcache\kbd101b.dll
2011-05-15 14:15:09 372824 -c--a-w- c:\windows\system32\dllcache\iconf32.dll
2011-05-15 14:15:04 100992 -c--a-w- c:\windows\system32\dllcache\icam5usb.sys
2011-05-15 14:15:01 20480 -c--a-w- c:\windows\system32\dllcache\icam5ext.dll
2011-05-15 14:13:53 1041536 -c--a-w- c:\windows\system32\dllcache\hsfdpsp2.sys
2011-05-15 14:12:58 324608 -c--a-w- c:\windows\system32\dllcache\hpojwia.dll
2011-05-15 14:11:58 59136 -c--a-w- c:\windows\system32\dllcache\gckernel.sys
2011-05-15 14:10:54 27165 -c--a-w- c:\windows\system32\dllcache\fetnd5.sys
2011-05-15 14:09:57 37120 -c--a-w- c:\windows\system32\dllcache\es1370mp.sys
2011-05-15 14:08:59 334208 -c--a-w- c:\windows\system32\dllcache\ds1wdm.sys
2011-05-15 14:07:59 63208 -c--a-w- c:\windows\system32\dllcache\dc21x4.sys
2011-05-15 14:06:56 15423 -c--a-w- c:\windows\system32\dllcache\ch7xxnt5.dll
2011-05-15 14:05:59 21183 -c--a-w- c:\windows\system32\dllcache\atv01nt5.dll
2011-05-15 14:04:45 66048 -c--a-w- c:\windows\system32\dllcache\s3legacy.dll
2011-05-15 13:39:33 114688 -c--a-w- c:\windows\system32\dllcache\calc.exe
2011-05-15 13:39:33 114688 ----a-w- c:\windows\system32\calc.exe
2011-05-15 00:53:25 472808 ----a-w- c:\windows\system32\deployJava1.dll
2011-05-15 00:53:25 472808 ----a-w- c:\program files\mozilla firefox\plugins\npdeployJava1.dll
2011-05-15 00:29:18 -------- d-----w- c:\documents and settings\andrew\local settings\application data\Secunia PSI
2011-05-15 00:29:11 -------- d-----w- c:\program files\Secunia
2011-05-14 21:31:25 -------- d-----w- c:\documents and settings\andrew\application data\Malwarebytes
2011-05-14 21:31:16 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2011-05-14 21:31:13 -------- d-----w- c:\documents and settings\all users\application data\Malwarebytes
2011-05-14 21:31:08 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2011-05-14 12:23:59 404640 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2011-05-02 18:06:09 -------- d-----w- c:\documents and settings\andrew\application data\.myibay
2011-05-02 18:05:57 -------- d-----w- c:\program files\myibay
2011-04-20 22:41:07 172032 ----a-w- c:\windows\system32\igfxres.dll
.
==================== Find3M ====================
.
2011-05-15 00:53:11 73728 ----a-w- c:\windows\system32\javacpl.cpl
2011-04-18 10:23:39 16432 ----a-w- c:\windows\system32\lsdelete.exe
2011-04-14 11:03:15 0 ----a-w- c:\windows\system32\Config.Msi
2011-03-07 05:33:50 692736 ----a-w- c:\windows\system32\inetcomm.dll
2011-03-04 06:37:06 420864 ----a-w- c:\windows\system32\vbscript.dll
2011-03-03 13:21:11 1857920 ----a-w- c:\windows\system32\win32k.sys
2011-02-22 23:06:29 916480 ----a-w- c:\windows\system32\wininet.dll
2011-02-22 23:06:29 43520 ----a-w- c:\windows\system32\licmgr10.dll
2011-02-22 23:06:29 1469440 ------w- c:\windows\system32\inetcpl.cpl
2011-02-22 11:41:59 385024 ----a-w- c:\windows\system32\html.iec
2008-10-21 14:04:36 229376 ----a-w- c:\program files\ChipUtil.exe
.
============= FINISH: 1:18:07.64 ===============

Attached Files



BC AdBot (Login to Remove)

 


#2 rigacci

rigacci

    Fiorentino


  • Members
  • 2,604 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:08:39 AM

Posted 27 May 2011 - 09:02 PM

Hello and welcome to Bleeping Computer

We apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help. No one is ignored here.

If you have since resolved the original problem you were having, we would appreciate you letting us know. If not please perform the following steps below so we can have a look at the current condition of your machine.

If you have not done so, include a clear description of the problems you're having, along with any steps you may have performed so far.

Upon completing the steps below another staff member will review your topic an do their best to resolve your issues.

If you have already posted a DDS log, please do so again, as your situation may have changed.
Use the 'Add Reply' and add the new log to this thread.

Thanks and again sorry for the delay.

We need to see some information about what is happening in your machine. Please perform the following scan:
  • Download DDS by sUBs from one of the following links. Save it to your desktop.
  • Double click on the DDS icon, allow it to run.
  • A small box will open, with an explaination about the tool. No input is needed, the scan is running.
  • Notepad will open with the results.
  • Follow the instructions that pop up for posting the results.
  • Close the program window, and delete the program from your desktop.
Please note: You may have to disable any script protection running if the scan fails to run. After downloading the tool, disconnect from the internet and disable all antivirus protection. Run the scan, enable your A/V and reconnect to the internet.

Information on A/V control HERE

We also need a new log from the GMER anti-rootkit scanner. Please first disable any CD emulation programs using the steps found in this topic:

Why we request you disable CD Emulation when receiving Malware Removal Advice


Then create another GMER log and post it as an attachment to the reply where you post your new DDS log. Instructions on how to properly create a GMER log can be found here:

How to create a GMER log


Thanks.

DR

#3 Andrew_97

Andrew_97
  • Topic Starter

  • Members
  • 36 posts
  • OFFLINE
  •  
  • Local time:02:39 PM

Posted 28 May 2011 - 10:25 AM

It's okay. I know you guys get countless posts everyday.

If you have since resolved the original problem you were having, we would appreciate you letting us know

I don't think the problem has been resolved completely yet but I did take a few steps since my initioal post here. I did some scans from which I'm going to post the logs.

First, I was able to run TDSSKiller. I don't know why it worked this time as I couldn't get it to run at all before. Here is the log :

2011/05/25 04:31:02.0312 5924 TDSS rootkit removing tool 2.5.2.0 May 24 2011 11:01:23
2011/05/25 04:31:02.0515 5924 ================================================================================
2011/05/25 04:31:02.0515 5924 SystemInfo:
2011/05/25 04:31:02.0515 5924
2011/05/25 04:31:02.0515 5924 OS Version: 5.1.2600 ServicePack: 3.0
2011/05/25 04:31:02.0515 5924 Product type: Workstation
2011/05/25 04:31:02.0515 5924 ComputerName: HOME-ANDREW-PC1
2011/05/25 04:31:02.0515 5924 UserName: Andrew
2011/05/25 04:31:02.0515 5924 Windows directory: C:\WINDOWS
2011/05/25 04:31:02.0515 5924 System windows directory: C:\WINDOWS
2011/05/25 04:31:02.0515 5924 Processor architecture: Intel x86
2011/05/25 04:31:02.0515 5924 Number of processors: 2
2011/05/25 04:31:02.0515 5924 Page size: 0x1000
2011/05/25 04:31:02.0515 5924 Boot type: Normal boot
2011/05/25 04:31:02.0515 5924 ================================================================================
2011/05/25 04:31:02.0968 5924 Initialize success
2011/05/25 04:31:20.0046 5180 ================================================================================
2011/05/25 04:31:20.0046 5180 Scan started
2011/05/25 04:31:20.0046 5180 Mode: Manual;
2011/05/25 04:31:20.0046 5180 ================================================================================
2011/05/25 04:31:20.0484 5180 ACPI (8fd99680a539792a30e97944fdaecf17) C:\WINDOWS\system32\DRIVERS\ACPI.sys
2011/05/25 04:31:20.0531 5180 ACPIEC (9859c0f6936e723e4892d7141b1327d5) C:\WINDOWS\system32\drivers\ACPIEC.sys
2011/05/25 04:31:20.0593 5180 aec (8bed39e3c35d6a489438b8141717a557) C:\WINDOWS\system32\drivers\aec.sys
2011/05/25 04:31:20.0640 5180 AFD (7618d5218f2a614672ec61a80d854a37) C:\WINDOWS\System32\drivers\afd.sys
2011/05/25 04:31:20.0765 5180 ApfiltrService (a80230bd04f0b8bf05185b369bb1cbb8) C:\WINDOWS\system32\DRIVERS\Apfiltr.sys
2011/05/25 04:31:20.0812 5180 APPDRV (ec94e05b76d033b74394e7b2175103cf) C:\WINDOWS\SYSTEM32\DRIVERS\APPDRV.SYS
2011/05/25 04:31:20.0875 5180 Arp1394 (b5b8a80875c1dededa8b02765642c32f) C:\WINDOWS\system32\DRIVERS\arp1394.sys
2011/05/25 04:31:21.0046 5180 AsyncMac (b153affac761e7f5fcfa822b9c4e97bc) C:\WINDOWS\system32\DRIVERS\asyncmac.sys
2011/05/25 04:31:21.0093 5180 atapi (9f3a2f5aa6875c72bf062c712cfa2674) C:\WINDOWS\system32\DRIVERS\atapi.sys
2011/05/25 04:31:21.0156 5180 Atmarpc (9916c1225104ba14794209cfa8012159) C:\WINDOWS\system32\DRIVERS\atmarpc.sys
2011/05/25 04:31:21.0203 5180 audstub (d9f724aa26c010a217c97606b160ed68) C:\WINDOWS\system32\DRIVERS\audstub.sys
2011/05/25 04:31:21.0265 5180 AVGIDSDriver (c403e7f715bb0a851a9dfae16ec4ae42) C:\WINDOWS\system32\DRIVERS\AVGIDSDriver.Sys
2011/05/25 04:31:21.0296 5180 AVGIDSEH (1af676db3f3d4cc709cfab2571cf5fc3) C:\WINDOWS\system32\DRIVERS\AVGIDSEH.Sys
2011/05/25 04:31:21.0328 5180 AVGIDSFilter (4c51e233c87f9ec7598551de554bc99d) C:\WINDOWS\system32\DRIVERS\AVGIDSFilter.Sys
2011/05/25 04:31:21.0390 5180 AVGIDSShim (c3fc426e54f55c1cc3219e415b88e10c) C:\WINDOWS\system32\DRIVERS\AVGIDSShim.Sys
2011/05/25 04:31:21.0437 5180 Avgldx86 (4e796d3d2c3182b13b3e3b5a2ad4ef0a) C:\WINDOWS\system32\DRIVERS\avgldx86.sys
2011/05/25 04:31:21.0468 5180 Avgmfx86 (5639de66b37d02bd22df4cf3155fba60) C:\WINDOWS\system32\DRIVERS\avgmfx86.sys
2011/05/25 04:31:21.0500 5180 Avgrkx86 (d1baf652eda0ae70896276a1fb32c2d4) C:\WINDOWS\system32\DRIVERS\avgrkx86.sys
2011/05/25 04:31:21.0531 5180 Avgtdix (aaf0ebcad95f2164cffb544e00392498) C:\WINDOWS\system32\DRIVERS\avgtdix.sys
2011/05/25 04:31:21.0609 5180 BCM43XX (e9ea635b8432d68f0005b3f6cebab837) C:\WINDOWS\system32\DRIVERS\bcmwl5.sys
2011/05/25 04:31:21.0687 5180 Beep (da1f27d85e0d1525f6621372e7b685e9) C:\WINDOWS\system32\drivers\Beep.sys
2011/05/25 04:31:21.0765 5180 btaudio (ecdc40cc54603c711e1a7a1c9255184a) C:\WINDOWS\system32\drivers\btaudio.sys
2011/05/25 04:31:21.0796 5180 BTDriver (58a49bd10e08d3d4333a60dedcb1ced8) C:\WINDOWS\system32\DRIVERS\btport.sys
2011/05/25 04:31:21.0859 5180 BTKRNL (885b6d0f826a216eee4c3ad883809012) C:\WINDOWS\system32\DRIVERS\btkrnl.sys
2011/05/25 04:31:21.0906 5180 BTWDNDIS (b1d350f3f13cf340fce93912d2ba1ebf) C:\WINDOWS\system32\DRIVERS\btwdndis.sys
2011/05/25 04:31:21.0937 5180 btwhid (e48668b4a6a5cf68b33aecad18ee8e1e) C:\WINDOWS\system32\DRIVERS\btwhid.sys
2011/05/25 04:31:21.0968 5180 btwmodem (8bcd7bfe9c70a8ff7444263435b18aa1) C:\WINDOWS\system32\DRIVERS\btwmodem.sys
2011/05/25 04:31:21.0984 5180 BTWUSB (57e91e9925976bbc98984eebaaf1d84c) C:\WINDOWS\system32\Drivers\btwusb.sys
2011/05/25 04:31:22.0031 5180 cbidf2k (90a673fc8e12a79afbed2576f6a7aaf9) C:\WINDOWS\system32\drivers\cbidf2k.sys
2011/05/25 04:31:22.0078 5180 CCDECODE (0be5aef125be881c4f854c554f2b025c) C:\WINDOWS\system32\DRIVERS\CCDECODE.sys
2011/05/25 04:31:22.0109 5180 Cdaudio (c1b486a7658353d33a10cc15211a873b) C:\WINDOWS\system32\drivers\Cdaudio.sys
2011/05/25 04:31:22.0156 5180 Cdfs (c885b02847f5d2fd45a24e219ed93b32) C:\WINDOWS\system32\drivers\Cdfs.sys
2011/05/25 04:31:22.0171 5180 Cdrom (1f4260cc5b42272d71f79e570a27a4fe) C:\WINDOWS\system32\DRIVERS\cdrom.sys
2011/05/25 04:31:22.0250 5180 CmBatt (0f6c187d38d98f8df904589a5f94d411) C:\WINDOWS\system32\DRIVERS\CmBatt.sys
2011/05/25 04:31:22.0281 5180 Compbatt (6e4c9f21f0fae8940661144f41b13203) C:\WINDOWS\system32\DRIVERS\compbatt.sys
2011/05/25 04:31:22.0375 5180 cpudrv (d01f685f8b4598d144b0cce9ff95d8d5) C:\Program Files\SystemRequirementsLab\cpudrv.sys
2011/05/25 04:31:22.0468 5180 Disk (044452051f3e02e7963599fc8f4f3e25) C:\WINDOWS\system32\DRIVERS\disk.sys
2011/05/25 04:31:22.0546 5180 dmboot (d992fe1274bde0f84ad826acae022a41) C:\WINDOWS\system32\drivers\dmboot.sys
2011/05/25 04:31:22.0578 5180 dmio (7c824cf7bbde77d95c08005717a95f6f) C:\WINDOWS\system32\drivers\dmio.sys
2011/05/25 04:31:22.0609 5180 dmload (e9317282a63ca4d188c0df5e09c6ac5f) C:\WINDOWS\system32\drivers\dmload.sys
2011/05/25 04:31:22.0671 5180 DMusic (8a208dfcf89792a484e76c40e5f50b45) C:\WINDOWS\system32\drivers\DMusic.sys
2011/05/25 04:31:22.0734 5180 drmkaud (8f5fcff8e8848afac920905fbd9d33c8) C:\WINDOWS\system32\drivers\drmkaud.sys
2011/05/25 04:31:22.0750 5180 Fastfat (38d332a6d56af32635675f132548343e) C:\WINDOWS\system32\drivers\Fastfat.sys
2011/05/25 04:31:22.0781 5180 Fdc (92cdd60b6730b9f50f6a1a0c1f8cdc81) C:\WINDOWS\system32\drivers\Fdc.sys
2011/05/25 04:31:22.0812 5180 Fips (d45926117eb9fa946a6af572fbe1caa3) C:\WINDOWS\system32\drivers\Fips.sys
2011/05/25 04:31:22.0828 5180 Flpydisk (9d27e7b80bfcdf1cdd9b555862d5e7f0) C:\WINDOWS\system32\drivers\Flpydisk.sys
2011/05/25 04:31:22.0875 5180 FltMgr (b2cf4b0786f8212cb92ed2b50c6db6b0) C:\WINDOWS\system32\DRIVERS\fltMgr.sys
2011/05/25 04:31:22.0937 5180 Fs_Rec (3e1e2bd4f39b0e2b7dc4f4d2bcc2779a) C:\WINDOWS\system32\drivers\Fs_Rec.sys
2011/05/25 04:31:22.0953 5180 Ftdisk (6ac26732762483366c3969c9e4d2259d) C:\WINDOWS\system32\DRIVERS\ftdisk.sys
2011/05/25 04:31:22.0984 5180 GEARAspiWDM (f2f431d1573ee632975c524418655b84) C:\WINDOWS\system32\DRIVERS\GEARAspiWDM.sys
2011/05/25 04:31:23.0015 5180 genmcmnUSB (c791d0c9178baf98a5886175ffcda1bf) C:\WINDOWS\system32\DRIVERS\gflmouhid.sys
2011/05/25 04:31:23.0031 5180 Gpc (0a02c63c8b144bd8c86b103dee7c86a2) C:\WINDOWS\system32\DRIVERS\msgpc.sys
2011/05/25 04:31:23.0078 5180 HDAudBus (573c7d0a32852b48f3058cfd8026f511) C:\WINDOWS\system32\DRIVERS\HDAudBus.sys
2011/05/25 04:31:23.0125 5180 hidusb (ccf82c5ec8a7326c3066de870c06daf1) C:\WINDOWS\system32\DRIVERS\hidusb.sys
2011/05/25 04:31:23.0187 5180 HSFHWAZL (290cdbb05903742ea06b7203c5a662f5) C:\WINDOWS\system32\DRIVERS\HSFHWAZL.sys
2011/05/25 04:31:23.0218 5180 HSF_DPV (7ab812355f98858b9ecdd46e6fcc221f) C:\WINDOWS\system32\DRIVERS\HSF_DPV.sys
2011/05/25 04:31:23.0296 5180 HTTP (f80a415ef82cd06ffaf0d971528ead38) C:\WINDOWS\system32\Drivers\HTTP.sys
2011/05/25 04:31:23.0375 5180 i8042prt (4a0b06aa8943c1e332520f7440c0aa30) C:\WINDOWS\system32\DRIVERS\i8042prt.sys
2011/05/25 04:31:23.0609 5180 ialm (bffa387180121df1e4646c4ced3e16ca) C:\WINDOWS\system32\DRIVERS\igxpmp32.sys
2011/05/25 04:31:23.0859 5180 iaStor (e5a0034847537eaee3c00349d5c34c5f) C:\WINDOWS\system32\DRIVERS\iaStor.sys
2011/05/25 04:31:23.0890 5180 Imapi (083a052659f5310dd8b6a6cb05edcf8e) C:\WINDOWS\system32\DRIVERS\imapi.sys
2011/05/25 04:31:24.0000 5180 IntcHdmiAddService (99d47d1cf700982b37cce16b068449f0) C:\WINDOWS\system32\drivers\IntcHdmi.sys
2011/05/25 04:31:24.0031 5180 intelppm (8c953733d8f36eb2133f5bb58808b66b) C:\WINDOWS\system32\DRIVERS\intelppm.sys
2011/05/25 04:31:24.0078 5180 Ip6Fw (3bb22519a194418d5fec05d800a19ad0) C:\WINDOWS\system32\DRIVERS\Ip6Fw.sys
2011/05/25 04:31:24.0093 5180 IpInIp (b87ab476dcf76e72010632b5550955f5) C:\WINDOWS\system32\DRIVERS\ipinip.sys
2011/05/25 04:31:24.0140 5180 IpNat (cc748ea12c6effde940ee98098bf96bb) C:\WINDOWS\system32\DRIVERS\ipnat.sys
2011/05/25 04:31:24.0171 5180 IPSec (23c74d75e36e7158768dd63d92789a91) C:\WINDOWS\system32\DRIVERS\ipsec.sys
2011/05/25 04:31:24.0218 5180 IRENUM (c93c9ff7b04d772627a3646d89f7bf89) C:\WINDOWS\system32\DRIVERS\irenum.sys
2011/05/25 04:31:24.0250 5180 isapnp (05a299ec56e52649b1cf2fc52d20f2d7) C:\WINDOWS\system32\DRIVERS\isapnp.sys
2011/05/25 04:31:24.0296 5180 Kbdclass (463c1ec80cd17420a542b7f36a36f128) C:\WINDOWS\system32\DRIVERS\kbdclass.sys
2011/05/25 04:31:24.0328 5180 kbdhid (9ef487a186dea361aa06913a75b3fa99) C:\WINDOWS\system32\DRIVERS\kbdhid.sys
2011/05/25 04:31:24.0359 5180 kmixer (692bcf44383d056aed41b045a323d378) C:\WINDOWS\system32\drivers\kmixer.sys
2011/05/25 04:31:24.0390 5180 KSecDD (b467646c54cc746128904e1654c750c1) C:\WINDOWS\system32\drivers\KSecDD.sys
2011/05/25 04:31:24.0453 5180 Lavasoft Kernexplorer (6c4a3804510ad8e0f0c07b5be3d44ddb) C:\Program Files\Lavasoft\Ad-Aware\KernExplorer.sys
2011/05/25 04:31:24.0484 5180 Lbd (b7c19ec8b0dd7efa58ad41ffeb8b8cda) C:\WINDOWS\system32\DRIVERS\Lbd.sys
2011/05/25 04:31:24.0562 5180 mdmxsdk (0cea2d0d3fa284b85ed5b68365114f76) C:\WINDOWS\system32\DRIVERS\mdmxsdk.sys
2011/05/25 04:31:24.0625 5180 mnmdd (4ae068242760a1fb6e1a44bf4e16afa6) C:\WINDOWS\system32\drivers\mnmdd.sys
2011/05/25 04:31:24.0687 5180 Modem (dfcbad3cec1c5f964962ae10e0bcc8e1) C:\WINDOWS\system32\drivers\Modem.sys
2011/05/25 04:31:24.0718 5180 Mouclass (35c9e97194c8cfb8430125f8dbc34d04) C:\WINDOWS\system32\DRIVERS\mouclass.sys
2011/05/25 04:31:24.0750 5180 mouhid (b1c303e17fb9d46e87a98e4ba6769685) C:\WINDOWS\system32\DRIVERS\mouhid.sys
2011/05/25 04:31:24.0765 5180 MountMgr (a80b9a0bad1b73637dbcbba7df72d3fd) C:\WINDOWS\system32\drivers\MountMgr.sys
2011/05/25 04:31:24.0828 5180 MRxDAV (11d42bb6206f33fbb3ba0288d3ef81bd) C:\WINDOWS\system32\DRIVERS\mrxdav.sys
2011/05/25 04:31:24.0859 5180 MRxSmb (0ea4d8ed179b75f8afa7998ba22285ca) C:\WINDOWS\system32\DRIVERS\mrxsmb.sys
2011/05/25 04:31:24.0890 5180 Msfs (c941ea2454ba8350021d774daf0f1027) C:\WINDOWS\system32\drivers\Msfs.sys
2011/05/25 04:31:24.0953 5180 MSKSSRV (d1575e71568f4d9e14ca56b7b0453bf1) C:\WINDOWS\system32\drivers\MSKSSRV.sys
2011/05/25 04:31:24.0984 5180 MSPCLOCK (325bb26842fc7ccc1fcce2c457317f3e) C:\WINDOWS\system32\drivers\MSPCLOCK.sys
2011/05/25 04:31:25.0015 5180 MSPQM (bad59648ba099da4a17680b39730cb3d) C:\WINDOWS\system32\drivers\MSPQM.sys
2011/05/25 04:31:25.0031 5180 mssmbios (af5f4f3f14a8ea2c26de30f7a1e17136) C:\WINDOWS\system32\DRIVERS\mssmbios.sys
2011/05/25 04:31:25.0062 5180 MSTEE (e53736a9e30c45fa9e7b5eac55056d1d) C:\WINDOWS\system32\drivers\MSTEE.sys
2011/05/25 04:31:25.0078 5180 Mup (2f625d11385b1a94360bfc70aaefdee1) C:\WINDOWS\system32\drivers\Mup.sys
2011/05/25 04:31:25.0109 5180 MXOPSWD (216ac775320f64de28cfeb7c179c4ff9) C:\WINDOWS\system32\DRIVERS\mxopswd.sys
2011/05/25 04:31:25.0140 5180 NABTSFEC (5b50f1b2a2ed47d560577b221da734db) C:\WINDOWS\system32\DRIVERS\NABTSFEC.sys
2011/05/25 04:31:25.0171 5180 NDIS (1df7f42665c94b825322fae71721130d) C:\WINDOWS\system32\drivers\NDIS.sys
2011/05/25 04:31:25.0203 5180 NdisIP (7ff1f1fd8609c149aa432f95a8163d97) C:\WINDOWS\system32\DRIVERS\NdisIP.sys
2011/05/25 04:31:25.0234 5180 NdisTapi (1ab3d00c991ab086e69db84b6c0ed78f) C:\WINDOWS\system32\DRIVERS\ndistapi.sys
2011/05/25 04:31:25.0250 5180 Ndisuio (f927a4434c5028758a842943ef1a3849) C:\WINDOWS\system32\DRIVERS\ndisuio.sys
2011/05/25 04:31:25.0265 5180 NdisWan (edc1531a49c80614b2cfda43ca8659ab) C:\WINDOWS\system32\DRIVERS\ndiswan.sys
2011/05/25 04:31:25.0296 5180 NDProxy (9282bd12dfb069d3889eb3fcc1000a9b) C:\WINDOWS\system32\drivers\NDProxy.sys
2011/05/25 04:31:25.0328 5180 NetBIOS (5d81cf9a2f1a3a756b66cf684911cdf0) C:\WINDOWS\system32\DRIVERS\netbios.sys
2011/05/25 04:31:25.0359 5180 NetBT (74b2b2f5bea5e9a3dc021d685551bd3d) C:\WINDOWS\system32\DRIVERS\netbt.sys
2011/05/25 04:31:25.0421 5180 NIC1394 (e9e47cfb2d461fa0fc75b7a74c6383ea) C:\WINDOWS\system32\DRIVERS\nic1394.sys
2011/05/25 04:31:25.0437 5180 Npfs (3182d64ae053d6fb034f44b6def8034a) C:\WINDOWS\system32\drivers\Npfs.sys
2011/05/25 04:31:25.0484 5180 Ntfs (78a08dd6a8d65e697c18e1db01c5cdca) C:\WINDOWS\system32\drivers\Ntfs.sys
2011/05/25 04:31:25.0531 5180 Null (73c1e1f395918bc2c6dd67af7591a3ad) C:\WINDOWS\system32\drivers\Null.sys
2011/05/25 04:31:25.0578 5180 NWADI (9edf6fd48a9eb4afdf225eb9c5111df6) C:\WINDOWS\system32\DRIVERS\NWADIenum.sys
2011/05/25 04:31:25.0625 5180 NwlnkFlt (b305f3fad35083837ef46a0bbce2fc57) C:\WINDOWS\system32\DRIVERS\nwlnkflt.sys
2011/05/25 04:31:25.0640 5180 NwlnkFwd (c99b3415198d1aab7227f2c88fd664b9) C:\WINDOWS\system32\DRIVERS\nwlnkfwd.sys
2011/05/25 04:31:25.0671 5180 OEM02Afx (58f478fd0115012ceec75fb73628901c) C:\WINDOWS\system32\Drivers\OEM02Afx.sys
2011/05/25 04:31:25.0718 5180 OEM02Dev (9d20fa5d8875f6063aa5e1c44446f698) C:\WINDOWS\system32\DRIVERS\OEM02Dev.sys
2011/05/25 04:31:25.0734 5180 OEM02Vfx (86326062a90494bdd79ce383511d7d69) C:\WINDOWS\system32\DRIVERS\OEM02Vfx.sys
2011/05/25 04:31:25.0781 5180 ohci1394 (ca33832df41afb202ee7aeb05145922f) C:\WINDOWS\system32\DRIVERS\ohci1394.sys
2011/05/25 04:31:25.0812 5180 Parport (5575faf8f97ce5e713d108c2a58d7c7c) C:\WINDOWS\system32\drivers\Parport.sys
2011/05/25 04:31:25.0828 5180 PartMgr (beb3ba25197665d82ec7065b724171c6) C:\WINDOWS\system32\drivers\PartMgr.sys
2011/05/25 04:31:25.0859 5180 ParVdm (70e98b3fd8e963a6a46a2e6247e0bea1) C:\WINDOWS\system32\drivers\ParVdm.sys
2011/05/25 04:31:25.0906 5180 PCASp50 (1961590aa191b6b7dcf18a6a693af7b8) C:\WINDOWS\system32\Drivers\PCASp50.sys
2011/05/25 04:31:25.0937 5180 PCI (a219903ccf74233761d92bef471a07b1) C:\WINDOWS\system32\DRIVERS\pci.sys
2011/05/25 04:31:25.0984 5180 PCIIde (ccf5f451bb1a5a2a522a76e670000ff0) C:\WINDOWS\system32\DRIVERS\pciide.sys
2011/05/25 04:31:26.0015 5180 Pcmcia (9e89ef60e9ee05e3f2eef2da7397f1c1) C:\WINDOWS\system32\drivers\Pcmcia.sys
2011/05/25 04:31:26.0156 5180 PptpMiniport (efeec01b1d3cf84f16ddd24d9d9d8f99) C:\WINDOWS\system32\DRIVERS\raspptp.sys
2011/05/25 04:31:26.0187 5180 PSched (09298ec810b07e5d582cb3a3f9255424) C:\WINDOWS\system32\DRIVERS\psched.sys
2011/05/25 04:31:26.0234 5180 PSI (d24dfd16a1e2a76034df5aa18125c35d) C:\WINDOWS\system32\DRIVERS\psi_mf.sys
2011/05/25 04:31:26.0265 5180 Ptilink (80d317bd1c3dbc5d4fe7b1678c60cadd) C:\WINDOWS\system32\DRIVERS\ptilink.sys
2011/05/25 04:31:26.0281 5180 PxHelp20 (40fedd328f98245ad201cf5f9f311724) C:\WINDOWS\system32\Drivers\PxHelp20.sys
2011/05/25 04:31:26.0390 5180 RasAcd (fe0d99d6f31e4fad8159f690d68ded9c) C:\WINDOWS\system32\DRIVERS\rasacd.sys
2011/05/25 04:31:26.0421 5180 Rasl2tp (11b4a627bc9614b885c4969bfa5ff8a6) C:\WINDOWS\system32\DRIVERS\rasl2tp.sys
2011/05/25 04:31:26.0437 5180 RasPppoe (5bc962f2654137c9909c3d4603587dee) C:\WINDOWS\system32\DRIVERS\raspppoe.sys
2011/05/25 04:31:26.0468 5180 Raspti (fdbb1d60066fcfbb7452fd8f9829b242) C:\WINDOWS\system32\DRIVERS\raspti.sys
2011/05/25 04:31:26.0500 5180 Rdbss (7ad224ad1a1437fe28d89cf22b17780a) C:\WINDOWS\system32\DRIVERS\rdbss.sys
2011/05/25 04:31:26.0515 5180 RDPCDD (4912d5b403614ce99c28420f75353332) C:\WINDOWS\system32\DRIVERS\RDPCDD.sys
2011/05/25 04:31:26.0562 5180 rdpdr (15cabd0f7c00c47c70124907916af3f1) C:\WINDOWS\system32\DRIVERS\rdpdr.sys
2011/05/25 04:31:26.0625 5180 RDPWD (6728e45b66f93c08f11de2e316fc70dd) C:\WINDOWS\system32\drivers\RDPWD.sys
2011/05/25 04:31:26.0656 5180 redbook (f828dd7e1419b6653894a8f97a0094c5) C:\WINDOWS\system32\DRIVERS\redbook.sys
2011/05/25 04:31:26.0703 5180 rimmptsk (355aac141b214bef1dbc1483afd9bd50) C:\WINDOWS\system32\DRIVERS\rimmptsk.sys
2011/05/25 04:31:26.0718 5180 rimsptsk (a4216c71dd4f60b26418ccfd99cd0815) C:\WINDOWS\system32\DRIVERS\rimsptsk.sys
2011/05/25 04:31:26.0750 5180 rismxdp (d231b577024aa324af13a42f3a807d10) C:\WINDOWS\system32\DRIVERS\rixdptsk.sys
2011/05/25 04:31:26.0843 5180 SASDIFSV (a3281aec37e0720a2bc28034c2df2a56) C:\Program Files\SUPERAntiSpyware\SASDIFSV.SYS
2011/05/25 04:31:26.0906 5180 SASKUTIL (61db0d0756a99506207fd724e3692b25) C:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS
2011/05/25 04:31:26.0968 5180 sdbus (8d04819a3ce51b9eb47e5689b44d43c4) C:\WINDOWS\system32\DRIVERS\sdbus.sys
2011/05/25 04:31:26.0984 5180 Secdrv (90a3935d05b494a5a39d37e71f09a677) C:\WINDOWS\system32\DRIVERS\secdrv.sys
2011/05/25 04:31:27.0031 5180 Serial (cca207a8896d4c6a0c9ce29a4ae411a7) C:\WINDOWS\system32\drivers\Serial.sys
2011/05/25 04:31:27.0062 5180 sffdisk (0fa803c64df0914b41f807ea276bf2a6) C:\WINDOWS\system32\DRIVERS\sffdisk.sys
2011/05/25 04:31:27.0078 5180 sffp_sd (c17c331e435ed8737525c86a7557b3ac) C:\WINDOWS\system32\DRIVERS\sffp_sd.sys
2011/05/25 04:31:27.0109 5180 Sfloppy (8e6b8c671615d126fdc553d1e2de5562) C:\WINDOWS\system32\drivers\Sfloppy.sys
2011/05/25 04:31:27.0171 5180 SLIP (866d538ebe33709a5c9f5c62b73b7d14) C:\WINDOWS\system32\DRIVERS\SLIP.sys
2011/05/25 04:31:27.0234 5180 splitter (ab8b92451ecb048a4d1de7c3ffcb4a9f) C:\WINDOWS\system32\drivers\splitter.sys
2011/05/25 04:31:27.0296 5180 sr (76bb022c2fb6902fd5bdd4f78fc13a5d) C:\WINDOWS\system32\DRIVERS\sr.sys
2011/05/25 04:31:27.0343 5180 Srv (47ddfc2f003f7f9f0592c6874962a2e7) C:\WINDOWS\system32\DRIVERS\srv.sys
2011/05/25 04:31:27.0421 5180 STHDA (951801dfb54d86f611f0af47825476f9) C:\WINDOWS\system32\drivers\sthda.sys
2011/05/25 04:31:27.0484 5180 streamip (77813007ba6265c4b6098187e6ed79d2) C:\WINDOWS\system32\DRIVERS\StreamIP.sys
2011/05/25 04:31:27.0562 5180 swenum (3941d127aef12e93addf6fe6ee027e0f) C:\WINDOWS\system32\DRIVERS\swenum.sys
2011/05/25 04:31:27.0609 5180 swmidi (8ce882bcc6cf8a62f2b2323d95cb3d01) C:\WINDOWS\system32\drivers\swmidi.sys
2011/05/25 04:31:27.0796 5180 sysaudio (8b83f3ed0f1688b4958f77cd6d2bf290) C:\WINDOWS\system32\drivers\sysaudio.sys
2011/05/25 04:31:27.0843 5180 Tcpip (9aefa14bd6b182d61e3119fa5f436d3d) C:\WINDOWS\system32\DRIVERS\tcpip.sys
2011/05/25 04:31:27.0906 5180 TDPIPE (6471a66807f5e104e4885f5b67349397) C:\WINDOWS\system32\drivers\TDPIPE.sys
2011/05/25 04:31:27.0937 5180 TDTCP (c56b6d0402371cf3700eb322ef3aaf61) C:\WINDOWS\system32\drivers\TDTCP.sys
2011/05/25 04:31:27.0953 5180 TermDD (88155247177638048422893737429d9e) C:\WINDOWS\system32\DRIVERS\termdd.sys
2011/05/25 04:31:28.0046 5180 Udfs (5787b80c2e3c5e2f56c2a233d91fa2c9) C:\WINDOWS\system32\drivers\Udfs.sys
2011/05/25 04:31:28.0140 5180 UnlockerDriver5 (4847639d852763ee39415c929470f672) C:\Program Files\Unlocker\UnlockerDriver5.sys
2011/05/25 04:31:28.0203 5180 Update (402ddc88356b1bac0ee3dd1580c76a31) C:\WINDOWS\system32\DRIVERS\update.sys
2011/05/25 04:31:28.0265 5180 usbaudio (e919708db44ed8543a7c017953148330) C:\WINDOWS\system32\drivers\usbaudio.sys
2011/05/25 04:31:28.0296 5180 usbccgp (173f317ce0db8e21322e71b7e60a27e8) C:\WINDOWS\system32\DRIVERS\usbccgp.sys
2011/05/25 04:31:28.0328 5180 usbehci (65dcf09d0e37d4c6b11b5b0b76d470a7) C:\WINDOWS\system32\DRIVERS\usbehci.sys
2011/05/25 04:31:28.0359 5180 usbhub (1ab3cdde553b6e064d2e754efe20285c) C:\WINDOWS\system32\DRIVERS\usbhub.sys
2011/05/25 04:31:28.0406 5180 usbprint (a717c8721046828520c9edf31288fc00) C:\WINDOWS\system32\DRIVERS\usbprint.sys
2011/05/25 04:31:28.0453 5180 usbscan (a0b8cf9deb1184fbdd20784a58fa75d4) C:\WINDOWS\system32\DRIVERS\usbscan.sys
2011/05/25 04:31:28.0468 5180 USBSTOR (a32426d9b14a089eaa1d922e0c5801a9) C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS
2011/05/25 04:31:28.0500 5180 usbuhci (26496f9dee2d787fc3e61ad54821ffe6) C:\WINDOWS\system32\DRIVERS\usbuhci.sys
2011/05/25 04:31:28.0546 5180 usbvideo (63bbfca7f390f4c49ed4b96bfb1633e0) C:\WINDOWS\system32\Drivers\usbvideo.sys
2011/05/25 04:31:28.0593 5180 VgaSave (0d3a8fafceacd8b7625cd549757a7df1) C:\WINDOWS\System32\drivers\vga.sys
2011/05/25 04:31:28.0656 5180 VolSnap (7c38f81f40d61d1607ddb62fe5817bb9) C:\WINDOWS\system32\drivers\VolSnap.sys
2011/05/25 04:31:28.0656 5180 Suspicious file (Forged): C:\WINDOWS\system32\drivers\VolSnap.sys. Real md5: 7c38f81f40d61d1607ddb62fe5817bb9, Fake md5: 4c8fcb5cc53aab716d810740fe59d025
2011/05/25 04:31:28.0656 5180 VolSnap - detected Rootkit.Win32.TDSS.tdl3 (0)
2011/05/25 04:31:28.0671 5180 Wanarp (e20b95baedb550f32dd489265c1da1f6) C:\WINDOWS\system32\DRIVERS\wanarp.sys
2011/05/25 04:31:28.0734 5180 Wdf01000 (fd47474bd21794508af449d9d91af6e6) C:\WINDOWS\system32\DRIVERS\Wdf01000.sys
2011/05/25 04:31:28.0781 5180 wdmaud (6768acf64b18196494413695f0c3a00f) C:\WINDOWS\system32\drivers\wdmaud.sys
2011/05/25 04:31:28.0859 5180 winachsf (a8596cf86d445269a42ecc08b7066a4c) C:\WINDOWS\system32\DRIVERS\HSF_CNXT.sys
2011/05/25 04:31:28.0937 5180 WmiAcpi (c42584fd66ce9e17403aebca199f7bdb) C:\WINDOWS\system32\DRIVERS\wmiacpi.sys
2011/05/25 04:31:28.0984 5180 WpdUsb (cf4def1bf66f06964dc0d91844239104) C:\WINDOWS\system32\DRIVERS\wpdusb.sys
2011/05/25 04:31:29.0031 5180 WSTCODEC (c98b39829c2bbd34e454150633c62c78) C:\WINDOWS\system32\DRIVERS\WSTCODEC.SYS
2011/05/25 04:31:29.0078 5180 WudfPf (f15feafffbb3644ccc80c5da584e6311) C:\WINDOWS\system32\DRIVERS\WudfPf.sys
2011/05/25 04:31:29.0125 5180 WudfRd (28b524262bce6de1f7ef9f510ba3985b) C:\WINDOWS\system32\DRIVERS\wudfrd.sys
2011/05/25 04:31:29.0265 5180 yukonwxp (67331fd053f97a874a60374be6b59523) C:\WINDOWS\system32\DRIVERS\yk51x86.sys
2011/05/25 04:31:29.0359 5180 MBR (0x1B8) (a85844a0d2ae290fb601360a641e5962) \Device\Harddisk0\DR0
2011/05/25 04:31:29.0375 5180 \Device\Harddisk0\DR0 - detected Backdoor.Win32.Sinowal.knf (0)
2011/05/25 04:31:29.0375 5180 ================================================================================
2011/05/25 04:31:29.0375 5180 Scan finished
2011/05/25 04:31:29.0375 5180 ================================================================================
2011/05/25 04:31:29.0406 5160 Detected object count: 2
2011/05/25 04:31:29.0406 5160 Actual detected object count: 2
2011/05/25 04:31:58.0437 5160 VolSnap (7c38f81f40d61d1607ddb62fe5817bb9) C:\WINDOWS\system32\drivers\VolSnap.sys
2011/05/25 04:31:58.0437 5160 Suspicious file (Forged): C:\WINDOWS\system32\drivers\VolSnap.sys. Real md5: 7c38f81f40d61d1607ddb62fe5817bb9, Fake md5: 4c8fcb5cc53aab716d810740fe59d025
2011/05/25 04:31:58.0828 5160 Backup copy found, using it..
2011/05/25 04:31:58.0843 5160 C:\WINDOWS\system32\drivers\VolSnap.sys - will be cured after reboot
2011/05/25 04:31:58.0843 5160 Rootkit.Win32.TDSS.tdl3(VolSnap) - User select action: Cure
2011/05/25 04:31:58.0890 5160 \Device\Harddisk0\DR0 (Backdoor.Win32.Sinowal.knf) - will be cured after reboot
2011/05/25 04:31:58.0890 5160 \Device\Harddisk0\DR0 - ok
2011/05/25 04:31:58.0890 5160 Backdoor.Win32.Sinowal.knf(\Device\Harddisk0\DR0) - User select action: Cure
2011/05/25 04:32:09.0203 2324 Deinitialize success

When this was done, there was no longer an iexplore.exe process running in Task Manager.
Second, I ran a full system scan with ESET Nod32 Antivirus 4 Business Edition. Here are the parts of the log with the threats found (the whole log is extremely long but tell me if you need it):


Scan Log
Version of virus signature database: 6155 (20110526)
Date: 26.May.11 Time: 2:50:56 PM
Scanned disks, folders and files: Operating memory;C:\Boot sector;C:\;D:\Boot sector;D:\;E:\Boot sector;E:\;F:\Boot sector;F:\
C:\Documents and Settings\Andrew\Application Data\Sun\Java\Deployment\cache\6.0\13\3233160d-4f798cf0 » ZIP » favort/gijupo.class - Java/TrojanDownloader.OpenStream.NBW trojan - was a part of the deleted object
C:\Documents and Settings\Andrew\Application Data\Sun\Java\Deployment\cache\6.0\13\3233160d-4f798cf0 » ZIP » favort/jora.class - Java/TrojanDownloader.OpenStream.NBW trojan - was a part of the deleted object
C:\Documents and Settings\Andrew\Application Data\Sun\Java\Deployment\cache\6.0\13\3233160d-4f798cf0 » ZIP » favort/kilop.class - Java/TrojanDownloader.OpenStream.NBW trojan - was a part of the deleted object
C:\Documents and Settings\Andrew\Application Data\Sun\Java\Deployment\cache\6.0\13\3233160d-4f798cf0 » ZIP » favort/maria.class - Java/TrojanDownloader.OpenStream.NBW trojan - was a part of the deleted object
C:\Documents and Settings\Andrew\Application Data\Sun\Java\Deployment\cache\6.0\13\3233160d-4f798cf0 » ZIP » favort/siurele.class - Java/TrojanDownloader.OpenStream.NBV trojan - was a part of the deleted object
C:\Documents and Settings\Andrew\Application Data\Sun\Java\Deployment\cache\6.0\17\7560f91-7194b23d - probably a variant of Java/TrojanDownloader.OpenStream.NCC trojan - cleaned by deleting - quarantined [1]
C:\Documents and Settings\Andrew\Application Data\Sun\Java\Deployment\cache\6.0\43\2767beab-61c48e5c - Java/TrojanDownloader.OpenStream.NBL trojan - cleaned by deleting - quarantined [1]
C:\Documents and Settings\Andrew\Application Data\Sun\Java\Deployment\cache\6.0\57\7800b2b9-7d92cd90 - probably a variant of Java/TrojanDownloader.OpenStream.NCC trojan - cleaned by deleting - quarantined [1]
C:\Documents and Settings\Andrew\Local Settings\Temp\svchost.exe - Win32/Shutdowner.NAL trojan - cleaned by deleting - quarantined [1]
C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\CH6NKLMJ\new[1].mp3 » ZIP » SuspendedInvocationException.class - probably a variant of Java/TrojanDownloader.OpenStream.NCC trojan - was a part of the deleted object
C:\Program Files\Unlocker\eBay_shortcuts_1016.exe » NSIS » eBayShortcuts.exe - Win32/Adware.ADON potentially unwanted application - was a part of the deleted object
D:\Applications\unlocker1.8.7.exe » NSIS » eBay_shortcuts_1016.exe » NSIS » eBayShortcuts.exe - Win32/Adware.ADON potentially unwanted application - was a part of the deleted object
D:\New Music\Amir s songs\dj tiesto\desktop.ini - Win32/VB.NEI worm - cleaned by deleting - quarantined [1]
D:\New Music\Amir s songs\Evanescence_Not For Your Ears\desktop.ini - Win32/VB.NEI worm - cleaned by deleting - quarantined [1]
D:\New Music\Amir s songs\nsc\desktop.ini - Win32/VB.NEI worm - cleaned by deleting - quarantined [1]
D:\Setup Files\unlocker1.8.7.exe » NSIS » eBay_shortcuts_1016.exe » NSIS » eBayShortcuts.exe - Win32/Adware.ADON potentially unwanted application - was a part of the deleted object
Number of scanned objects: 381666
Number of threats found: 18
Number of cleaned objects: 18
Time of completion: 3:54:09 PM Total scanning time: 3793 sec (01:03:13)

Notes:
[1] Object has been deleted as it only contained the virus body.
[4] Object cannot be opened. It may be in use by another application or operating system.


These are the two things I did since I posted this topic. Now here’s the new DDS log dds.txt (I attached attach.txt and ark.txt)

.
DDS (Ver_11-05-19.01) - NTFSx86
Internet Explorer: 8.0.6001.18702 BrowserJavaVersion: 1.6.0_24
Run by Andrew at 17:20:48 on 2011-05-28
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.2038.1213 [GMT 2:00]
.
AV: ESET NOD32 Antivirus 4.2 *Disabled/Updated* {E5E70D32-0101-4F12-8FB0-D96ACA4F34C0}
.
============== Running Processes ===============
.
C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe
C:\WINDOWS\system32\svchost.exe -k WudfServiceGroup
svchost.exe
svchost.exe
C:\WINDOWS\System32\WLTRYSVC.EXE
C:\WINDOWS\System32\bcmwltry.exe
C:\WINDOWS\system32\spoolsv.exe
svchost.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Secunia\PSI\sua.exe
C:\Program Files\Google\Update\1.3.21.53\GoogleCrashHandler.exe
C:\WINDOWS\system32\svchost.exe -k imgsvc
C:\Program Files\Switch Off\swoff.exe
C:\WINDOWS\system32\SearchIndexer.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\DellTPad\Apoint.exe
C:\Program Files\SigmaTel\C-Major Audio\WDM\stsystra.exe
C:\Program Files\Dell\Dell Mobile Broadband\systray.exe
C:\WINDOWS\system32\igfxpers.exe
C:\WINDOWS\system32\igfxsrvc.exe
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\DellTPad\ApMsgFwd.exe
C:\Program Files\Windows Desktop Search\WindowsSearch.exe
C:\Program Files\DellTPad\HidFind.exe
C:\Program Files\DellTPad\Apntex.exe
C:\Program Files\Microsoft Office\Office12\WINWORD.EXE
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\WINDOWS\system32\SearchProtocolHost.exe
C:\Documents and Settings\Andrew\Desktop\dds.scr
C:\WINDOWS\system32\WSCRIPT.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://www.google.com/
uInternet Connection Wizard,ShellNext = iexplore
BHO: {02478D38-C3F9-4efb-9B51-7695ECA05670} - No File
BHO: AcroIEHlprObj Class: {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - c:\program files\adobe\acrobat 7.0\activex\AcroIEHelper.dll
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: BitComet Helper: {39f7e362-828a-4b5a-bcaf-5b79bfdfea60} - c:\program files\bitcomet\tools\BitCometBHO_1.4.12.6.dll
BHO: {5C255C8A-E604-49b4-9D64-90988571CECB} - No File
BHO: RoboForm: {724d43a9-0d85-11d4-9908-00400523e39a} - c:\program files\siber systems\ai roboform\roboform.dll
BHO: CatcherBHO Class: {9b4df450-dcc7-4b07-935d-0cd757a64583} - c:\program files\moyea youtube flv downloader\MoyeaCatcher.dll
BHO: Google Toolbar Helper: {aa58ed58-01dd-4d91-8333-cf10577473f7} - c:\program files\google\google toolbar\GoogleToolbar_32.dll
BHO: {AE7CD045-E861-484f-8273-0445EE161910} - No File
BHO: Google Toolbar Notifier BHO: {af69de43-7d58-4638-b6fa-ce66b5ad205d} - c:\program files\google\googletoolbarnotifier\5.7.6406.1642\swg.dll
BHO: FDMIECookiesBHO Class: {cc59e0f9-7e43-44fa-9faa-8377850bf205} - c:\program files\free download manager\iefdm2.dll
BHO: Java™ Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
TB: &RoboForm: {724d43a0-0d85-11d4-9908-00400523e39a} - c:\program files\siber systems\ai roboform\roboform.dll
TB: Google Toolbar: {2318c2b1-4965-11d4-9b18-009027a5cd4f} - c:\program files\google\google toolbar\GoogleToolbar_32.dll
TB: {043C5167-00BB-4324-AF7E-62013FAEDACF} - No File
TB: {47833539-D0C5-4125-9FA8-0819E2EAAC93} - No File
EB: {182EC0BE-5110-49C8-A062-BEB1D02A220B} - No File
EB: &Research: {ff059e31-cc5a-4e2e-bf3b-96e929d65503} - c:\progra~1\micros~3\office12\REFIEBAR.DLL
uRun: [CTFMON.EXE] c:\windows\system32\ctfmon.exe
uRun: [swg] "c:\program files\google\googletoolbarnotifier\GoogleToolbarNotifier.exe"
uRun: [cdloader] "c:\documents and settings\andrew\application data\mjusbsp\cdloader2.exe" MAGICJACK
mRun: [Apoint] c:\program files\delltpad\Apoint.exe
mRun: [SigmatelSysTrayApp] %ProgramFiles%\SigmaTel\C-Major Audio\WDM\stsystra.exe
mRun: [systray] c:\program files\dell\dell mobile broadband\systray.exe
mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 9.0\reader\Reader_sl.exe"
mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe"
mRun: [IgfxTray] c:\windows\system32\igfxtray.exe
mRun: [Persistence] c:\windows\system32\igfxpers.exe
mRun: [SigmaTel Audio] c:\program files\sigmatel\c-major audio\dellxpm_5515v133\setup.exe -postqfe
mRun: [dellsupportcenter] "c:\program files\dell support center\bin\sprtcmd.exe" /P dellsupportcenter
mRun: [SunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe"
mRun: [egui] "c:\program files\eset\eset nod32 antivirus\egui.exe" /hide /waitservice
mRunOnce: [AvgUninstallURL] cmd.exe /c start http://www.avg.com/ww.special-uninstallation-feedback-appf?lic=NFVWSzItQUxZTUYtU0xLTFUtQVoyVUItNkdPS0ItSkhGTkg"&"inst=NzctNjI5ODU3OTU0LVQxMS1VODUrMS1LVjMrNy1CQSsxLVRCOSsyLUZMKzktWE8zNisxLUYxME0rNS1RSVgxKzQtWDIwMTArMi1WSVAxMCsxLUYxME0xMEQrMi1MSUMrNzctRkwxMCsxLVNQMSsxLVNQMVRCKzEtU1AxUzIrMS1TVUQrMS1TMUkrMS1TVTMrMQ"&"prod=90"&"ver=10.0.1375
dRun: [CTFMON.EXE] c:\windows\system32\CTFMON.EXE
StartupFolder: c:\docume~1\andrew\startm~1\programs\startup\adobea~1.lnk - c:\windows\installer\{ac76ba86-1033-af00-ba7e-100000000002}\SC_Acrobat.exe
StartupFolder: c:\docume~1\andrew\startm~1\programs\startup\window~1.lnk - c:\program files\windows desktop search\WindowsSearch.exe
IE: Download video with Free Download Manager - file://c:\program files\free download manager\dlfvideo.htm
IE: Download with Free Download Manager - file://c:\program files\free download manager\dllink.htm
IE: Google Sidewiki... - c:\program files\google\google toolbar\component\GoogleToolbarDynamic_mui_en_6CE5017F567343CA.dll/cmsidewiki.html
IE: {CCA281CA-C863-46ef-9331-5C8D4460577F} - c:\program files\widcomm\bluetooth software\btsendto_ie.htm
IE: {D18A0B52-D63C-4ed0-AFC6-C1E3DC1AF43A} - res://c:\program files\bitcomet\tools\BitCometBHO_1.4.12.6.dll/206
IE: {d9288080-1baa-4bc4-9cf8-a92d743db949}
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - c:\progra~1\micros~3\office12\ONBttnIE.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~3\office12\REFIEBAR.DLL
DPF: {01A88BB1-1174-41EC-ACCB-963509EAE56B} - hxxp://support.dell.com/systemprofiler/SysPro.CAB
DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} - hxxp://appldnld.apple.com.edgesuite.net/content.info.apple.com/QuickTime/qtactivex/qtplugin.cab
DPF: {05CA9FB0-3E3E-4B36-BF41-0E3A5CAA8CD8} - hxxp://download.microsoft.com/download/e/4/9/e494c802-dd90-4c6b-a074-469358f075a6/OGAControl.cab
DPF: {0CCA191D-13A6-4E29-B746-314DEE697D83} - hxxp://upload.facebook.com/controls/2008.10.10_v5.5.8/FacebookPhotoUploader5.cab
DPF: {166B1BCA-3F9C-11CF-8075-444553540000} - hxxp://download.macromedia.com/pub/shockwave/cabs/director/sw.cab
DPF: {362C56AA-6E4F-40C7-A0B5-85501DBDAD77} - hxxp://i.dell.com/images/global/js/scanner/SysProExe.cab
DPF: {5D6F45B3-9043-443D-A792-115447494D24} - hxxp://messenger.zone.msn.com/EN-US/a-UNO1/GAME_UNO1.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab
DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} - hxxp://fpdownload.macromedia.com/get/flashplayer/current/polarbear/ultrashim.cab
DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} - hxxp://messenger.zone.msn.com/binary/ZIntro.cab56649.cab
DPF: {C1F8FC10-E5DB-4112-9DBF-6C3FF728D4E3} - hxxp://support.dell.com/systemprofiler/DellSystemLite.CAB
DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} - hxxp://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab
DPF: {CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_05-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab
DPF: {CF84DAC5-A4F5-419E-A0BA-C01FFD71112F} - hxxp://content.systemrequirementslab.com.s3.amazonaws.com/global/bin/srldetect_intel_4.4.24.0.cab
DPF: {E6F480FC-BD44-4CBA-B74A-89AF7842937D} - hxxp://content.systemrequirementslab.com.s3.amazonaws.com/global/bin/srldetect_cyri_4.4.21.0.cab
TCP: {0B4E30C7-724A-40D3-96AC-B3E4C4C78FF4} = 163.121.128.134,163.121.128.135
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - c:\progra~1\common~1\skype\SKYPE4~1.DLL
Notify: !SASWinLogon - c:\program files\superantispyware\SASWINLO.DLL
Notify: igfxcui - igfxdev.dll
Notify: NavLogon - c:\windows\system32\NavLogon.dll
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll
SEH: Windows Desktop Search Namespace Manager: {56f9679e-7826-4c84-81f3-532071a8bcc5} - c:\program files\windows desktop search\MSNLNamespaceMgr.dll
SEH: SABShellExecuteHook Class: {5ae067d3-9afb-48e0-853a-ebb7f4a000da} - c:\program files\superantispyware\SASSEH.DLL
Hosts: 127.0.0.1 www.spywareinfo.com
.
================= FIREFOX ===================
.
FF - ProfilePath - c:\documents and settings\andrew\application data\mozilla\firefox\profiles\ogjof8ok.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.google.com/
FF - prefs.js: network.proxy.http - 127.0.0.1
FF - prefs.js: network.proxy.http_port - 62808
FF - prefs.js: network.proxy.type - 1
FF - component: c:\program files\avg\avg10\firefox4\components\avgssff4.dll
FF - plugin: c:\program files\google\google earth\plugin\npgeplugin.dll
FF - plugin: c:\program files\google\google updater\2.4.1536.6592\npCIDetect13.dll
FF - plugin: c:\program files\google\update\1.3.21.53\npGoogleUpdate3.dll
FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files\mozilla firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
FF - Ext: Java Quick Starter: jqs@sun.com - c:\program files\java\jre6\lib\deploy\jqs\ff
.
============= SERVICES / DRIVERS ===============
.
R0 Lbd;Lbd;c:\windows\system32\drivers\Lbd.sys [2010-4-15 64288]
R1 ehdrv;ehdrv;c:\windows\system32\drivers\ehdrv.sys [2010-7-29 115008]
R1 epfwtdir;epfwtdir;c:\windows\system32\drivers\epfwtdir.sys [2010-8-3 95896]
R1 SASDIFSV;SASDIFSV;c:\program files\superantispyware\sasdifsv.sys [2010-2-17 12872]
R1 SASKUTIL;SASKUTIL;c:\program files\superantispyware\SASKUTIL.SYS [2010-5-10 67656]
R2 ekrn;ESET Service;c:\program files\eset\eset nod32 antivirus\ekrn.exe [2010-8-12 810144]
R2 Secunia Update Agent;Secunia Update Agent;c:\program files\secunia\psi\sua.exe [2011-4-19 399416]
R2 SwOffScheduler;Airytec Switch Off - Task Scheduler;c:\program files\switch off\swoff.exe -service --> c:\program files\switch off\swoff.exe -service [?]
R3 genmcmnUSB;USB Scroll Mouse Driver;c:\windows\system32\drivers\gflmouhid.sys [2003-8-7 6528]
R3 IntcHdmiAddService;Intel® High Definition Audio HDMI Service;c:\windows\system32\drivers\IntcHdmi.sys [2008-10-22 105984]
S2 gupdate;Google Update Service (gupdate);c:\program files\google\update\GoogleUpdate.exe [2009-12-21 135664]
S2 SwOffWeb;Airytec Switch Off - Web Interface;c:\program files\switch off\swoff.exe -service --> c:\program files\switch off\swoff.exe -service [?]
S3 cpudrv;cpudrv;c:\program files\systemrequirementslab\cpudrv.sys [2009-12-18 11336]
S3 gupdatem;Google Update Service (gupdatem);c:\program files\google\update\GoogleUpdate.exe [2009-12-21 135664]
S3 Lavasoft Kernexplorer;Lavasoft helper driver;\??\c:\program files\lavasoft\ad-aware\kernexplorer.sys --> c:\program files\lavasoft\ad-aware\KernExplorer.sys [?]
S3 PSI;PSI;c:\windows\system32\drivers\psi_mf.sys [2010-9-1 15544]
S3 Secunia PSI Agent;Secunia PSI Agent;c:\program files\secunia\psi\psia.exe [2011-4-19 993848]
S3 xcpip;TCP/IP Protocol Driver;c:\windows\system32\drivers\xcpip.sys --> c:\windows\system32\drivers\xcpip.sys [?]
S3 xpsec;IPSEC driver;c:\windows\system32\drivers\xpsec.sys --> c:\windows\system32\drivers\xpsec.sys [?]
.
=============== Created Last 30 ================
.
2011-05-26 13:12:04 -------- d-----w- c:\documents and settings\andrew\local settings\application data\ESET
2011-05-26 12:28:14 -------- d-----w- c:\program files\ESET
2011-05-19 00:24:11 -------- d-----w- c:\documents and settings\andrew\application data\SUPERAntiSpyware.com
2011-05-19 00:24:11 -------- d-----w- c:\documents and settings\all users\application data\SUPERAntiSpyware.com
2011-05-19 00:23:40 -------- d-----w- c:\program files\SUPERAntiSpyware
2011-05-15 15:01:50 138752 -c--a-w- c:\windows\system32\dllcache\sndvol32.exe
2011-05-15 15:01:50 138752 ----a-w- c:\windows\system32\sndvol32.exe
2011-05-15 14:43:59 116224 -c--a-w- c:\windows\system32\dllcache\xrxwiadr.dll
2011-05-15 14:43:55 23040 -c--a-w- c:\windows\system32\dllcache\xrxwbtmp.dll
2011-05-15 14:43:54 18944 -c--a-w- c:\windows\system32\dllcache\xrxscnui.dll
2011-05-15 14:43:48 27648 -c--a-w- c:\windows\system32\dllcache\xrxftplt.exe
2011-05-15 14:43:45 4608 -c--a-w- c:\windows\system32\dllcache\xrxflnch.exe
2011-05-15 14:43:11 99865 -c--a-w- c:\windows\system32\dllcache\xlog.exe
2011-05-15 14:43:00 16970 -c--a-w- c:\windows\system32\dllcache\xem336n5.sys
2011-05-15 14:42:59 19455 -c--a-w- c:\windows\system32\dllcache\wvchntxx.sys
2011-05-15 14:42:55 8192 -c--a-w- c:\windows\system32\dllcache\wshirda.dll
2011-05-15 14:42:55 12063 -c--a-w- c:\windows\system32\dllcache\wsiintxx.sys
2011-05-15 14:42:36 154624 -c--a-w- c:\windows\system32\dllcache\wlluc48.sys
2011-05-15 14:42:33 34890 -c--a-w- c:\windows\system32\dllcache\wlandrv2.sys
2011-05-15 14:42:20 771581 -c--a-w- c:\windows\system32\dllcache\winacisa.sys
2011-05-15 14:42:12 53760 -c--a-w- c:\windows\system32\dllcache\wiamsmud.dll
2011-05-15 14:42:09 87040 -c--a-w- c:\windows\system32\dllcache\wiafbdrv.dll
2011-05-15 14:40:58 397502 -c--a-w- c:\windows\system32\dllcache\vpctcom.sys
2011-05-15 14:40:49 604253 -c--a-w- c:\windows\system32\dllcache\vmodem.sys
2011-05-15 14:40:41 249402 -c--a-w- c:\windows\system32\dllcache\vinwm.sys
2011-05-15 14:40:36 5376 -c--a-w- c:\windows\system32\dllcache\viaide.sys
2011-05-15 14:40:36 24576 -c--a-w- c:\windows\system32\dllcache\viairda.sys
2011-05-15 14:40:35 42240 -c--a-w- c:\windows\system32\dllcache\viaagp.sys
2011-05-15 14:40:34 11325 -c--a-w- c:\windows\system32\dllcache\vchnt5.dll
2011-05-15 14:40:26 687999 -c--a-w- c:\windows\system32\dllcache\usrwdxjs.sys
2011-05-15 14:40:23 765884 -c--a-w- c:\windows\system32\dllcache\usrti.sys
2011-05-15 14:40:15 113762 -c--a-w- c:\windows\system32\dllcache\usrpda.sys
2011-05-15 14:40:12 7556 -c--a-w- c:\windows\system32\dllcache\usroslba.sys
2011-05-15 14:40:06 224802 -c--a-w- c:\windows\system32\dllcache\usr1807a.sys
2011-05-15 14:40:01 794399 -c--a-w- c:\windows\system32\dllcache\usr1806v.sys
2011-05-15 14:38:58 211968 -c--a-w- c:\windows\system32\dllcache\um54scan.dll
2011-05-15 14:38:56 216064 -c--a-w- c:\windows\system32\dllcache\um34scan.dll
2011-05-15 14:38:52 36736 -c--a-w- c:\windows\system32\dllcache\ultra.sys
2011-05-15 14:38:49 44672 -c--a-w- c:\windows\system32\dllcache\uagp35.sys
2011-05-15 14:38:46 11520 -c--a-w- c:\windows\system32\dllcache\twotrack.sys
2011-05-15 14:38:33 166784 -c--a-w- c:\windows\system32\dllcache\tridxpm.sys
2011-05-15 14:38:28 525568 -c--a-w- c:\windows\system32\dllcache\tridxp.dll
2011-05-15 14:38:23 159232 -c--a-w- c:\windows\system32\dllcache\tridkbm.sys
2011-05-15 14:38:20 440576 -c--a-w- c:\windows\system32\dllcache\tridkb.dll
2011-05-15 14:38:12 222336 -c--a-w- c:\windows\system32\dllcache\trid3dm.sys
2011-05-15 14:38:09 315520 -c--a-w- c:\windows\system32\dllcache\trid3d.dll
2011-05-15 14:38:04 34375 -c--a-w- c:\windows\system32\dllcache\tpro4.sys
2011-05-15 14:36:53 30464 -c--a-w- c:\windows\system32\dllcache\tbatm155.sys
2011-05-15 14:36:46 7040 -c--a-w- c:\windows\system32\dllcache\tandqic.sys
2011-05-15 14:36:39 36640 -c--a-w- c:\windows\system32\dllcache\t2r4mini.sys
2011-05-15 14:36:36 172768 -c--a-w- c:\windows\system32\dllcache\t2r4disp.dll
2011-05-15 14:36:28 32640 -c--a-w- c:\windows\system32\dllcache\symc8xx.sys
2011-05-15 14:36:26 16256 -c--a-w- c:\windows\system32\dllcache\symc810.sys
2011-05-15 14:36:19 30688 -c--a-w- c:\windows\system32\dllcache\sym_u3.sys
2011-05-15 14:36:16 28384 -c--a-w- c:\windows\system32\dllcache\sym_hi.sys
2011-05-15 14:36:09 94293 -c--a-w- c:\windows\system32\dllcache\sxports.dll
2011-05-15 14:36:07 103936 -c--a-w- c:\windows\system32\dllcache\sx.sys
2011-05-15 14:36:02 3968 -c--a-w- c:\windows\system32\dllcache\swusbflt.sys
2011-05-15 14:35:59 10240 -c--a-w- c:\windows\system32\dllcache\swpidflt.dll
2011-05-15 14:35:56 10240 -c--a-w- c:\windows\system32\dllcache\swpdflt2.dll
2011-05-15 14:35:51 53760 -c--a-w- c:\windows\system32\dllcache\sw_wheel.dll
2011-05-15 14:35:49 41472 -c--a-w- c:\windows\system32\dllcache\sw_effct.dll
2011-05-15 14:35:39 155648 -c--a-w- c:\windows\system32\dllcache\stlnprop.dll
2011-05-15 14:35:32 53248 -c--a-w- c:\windows\system32\dllcache\stlncoin.dll
2011-05-15 14:35:29 285760 -c--a-w- c:\windows\system32\dllcache\stlnata.sys
2011-05-15 14:35:23 16896 -c--a-w- c:\windows\system32\dllcache\stcusb.sys
2011-05-15 14:35:10 48736 -c--a-w- c:\windows\system32\dllcache\srwlnd5.sys
2011-05-15 14:35:05 99328 -c--a-w- c:\windows\system32\dllcache\srusd.dll
2011-05-15 14:35:00 24660 -c--a-w- c:\windows\system32\dllcache\spxupchk.dll
2011-05-15 14:34:47 61824 -c--a-w- c:\windows\system32\dllcache\speed.sys
2011-05-15 14:34:44 106584 -c--a-w- c:\windows\system32\dllcache\spdports.dll
2011-05-15 14:34:39 19072 -c--a-w- c:\windows\system32\dllcache\sparrow.sys
2011-05-15 14:34:36 7552 -c--a-w- c:\windows\system32\dllcache\sonypvu1.sys
2011-05-15 14:34:31 37040 -c--a-w- c:\windows\system32\dllcache\sonypi.sys
2011-05-15 14:34:26 114688 -c--a-w- c:\windows\system32\dllcache\sonypi.dll
2011-05-15 14:34:24 20752 -c--a-w- c:\windows\system32\dllcache\sonync.sys
2011-05-15 14:34:16 9600 -c--a-w- c:\windows\system32\dllcache\sonymc.sys
2011-05-15 14:34:15 7552 -c--a-w- c:\windows\system32\dllcache\sonyait.sys
2011-05-15 14:34:11 7040 -c--a-w- c:\windows\system32\dllcache\snyaitmc.sys
2011-05-15 14:32:59 73832 -c--a-w- c:\windows\system32\dllcache\slcoinst.dll
2011-05-15 14:31:51 161568 -c--a-w- c:\windows\system32\dllcache\sgsmusb.sys
2011-05-15 14:31:49 18400 -c--a-w- c:\windows\system32\dllcache\sgsmld.sys
2011-05-15 14:31:43 98080 -c--a-w- c:\windows\system32\dllcache\sgiulnt5.sys
2011-05-15 14:31:37 386560 -c--a-w- c:\windows\system32\dllcache\sgiul50.dll
2011-05-15 14:31:35 36480 -c--a-w- c:\windows\system32\dllcache\sfmanm.sys
2011-05-15 14:31:28 6784 -c--a-w- c:\windows\system32\dllcache\serscan.sys
2011-05-15 14:31:25 17664 -c--a-w- c:\windows\system32\dllcache\sermouse.sys
2011-05-15 14:31:13 6912 -c--a-w- c:\windows\system32\dllcache\seaddsmc.sys
2011-05-15 14:31:12 11520 -c--a-w- c:\windows\system32\dllcache\scsiscan.sys
2011-05-15 14:31:10 11648 -c--a-w- c:\windows\system32\dllcache\scsiprnt.sys
2011-05-15 14:31:00 17280 -c--a-w- c:\windows\system32\dllcache\scr111.sys
2011-05-15 14:29:58 166720 -c--a-w- c:\windows\system32\dllcache\s3m.sys
2011-05-15 14:29:55 65664 -c--a-w- c:\windows\system32\dllcache\s3legacy.sys
2011-05-15 14:29:55 166912 -c--a-w- c:\windows\system32\dllcache\s3gnbm.sys
2011-05-15 14:29:54 397056 -c--a-w- c:\windows\system32\dllcache\s3gnb.dll
2011-05-15 14:29:43 82432 -c--a-w- c:\windows\system32\dllcache\rwia450.dll
2011-05-15 14:29:40 79872 -c--a-w- c:\windows\system32\dllcache\rwia430.dll
2011-05-15 14:29:37 29696 -c--a-w- c:\windows\system32\dllcache\rw450ext.dll
2011-05-15 14:29:35 27648 -c--a-w- c:\windows\system32\dllcache\rw430ext.dll
2011-05-15 14:29:28 20992 -c--a-w- c:\windows\system32\dllcache\rtl8139.sys
2011-05-15 14:29:23 19017 -c--a-w- c:\windows\system32\dllcache\rtl8029.sys
2011-05-15 14:29:19 30720 -c--a-w- c:\windows\system32\dllcache\rthwcls.sys
2011-05-15 14:29:11 9216 -c--a-w- c:\windows\system32\dllcache\rsmgrstr.dll
2011-05-15 14:29:08 3840 -c--a-w- c:\windows\system32\dllcache\rpfun.sys
2011-05-15 14:28:59 79104 -c--a-w- c:\windows\system32\dllcache\rocket.sys
2011-05-15 14:28:59 30592 -c--a-w- c:\windows\system32\dllcache\rndismpx.sys
2011-05-15 14:28:55 37563 -c--a-w- c:\windows\system32\dllcache\rlnet5.sys
2011-05-15 14:28:52 59136 -c--a-w- c:\windows\system32\dllcache\rfcomm.sys
2011-05-15 14:28:45 86097 -c--a-w- c:\windows\system32\dllcache\reslog32.dll
2011-05-15 14:28:42 13776 -c--a-w- c:\windows\system32\dllcache\recagent.sys
2011-05-15 14:28:37 19584 -c--a-w- c:\windows\system32\dllcache\rasirda.sys
2011-05-15 14:28:30 714762 -c--a-w- c:\windows\system32\dllcache\r2mdmkxx.sys
2011-05-15 14:28:27 899146 -c--a-w- c:\windows\system32\dllcache\r2mdkxga.sys
2011-05-15 14:28:19 41472 -c--a-w- c:\windows\system32\dllcache\qvusd.dll
2011-05-15 14:28:16 3328 -c--a-w- c:\windows\system32\dllcache\qv2kux.sys
2011-05-15 14:28:05 49024 -c--a-w- c:\windows\system32\dllcache\ql1280.sys
2011-05-15 14:26:55 121344 -c--a-w- c:\windows\system32\dllcache\phvfwext.dll
2011-05-15 14:25:57 29769 -c--a-w- c:\windows\system32\dllcache\pcntn5m.sys
2011-05-15 14:24:58 48000 -c--a-w- c:\windows\system32\dllcache\ovcam2.sys
2011-05-15 14:23:55 87040 -c--a-w- c:\windows\system32\dllcache\nm6wdm.sys
2011-05-15 14:23:50 126080 -c--a-w- c:\windows\system32\dllcache\nm5a2wdm.sys
2011-05-15 14:23:47 32840 -c--a-w- c:\windows\system32\dllcache\ngrpci.sys
2011-05-15 14:23:42 132695 -c--a-w- c:\windows\system32\dllcache\netwlan5.sys
2011-05-15 14:23:36 65278 -c--a-w- c:\windows\system32\dllcache\netflx3.sys
2011-05-15 14:23:31 39264 -c--a-w- c:\windows\system32\dllcache\neo20xx.sys
2011-05-15 14:23:27 60480 -c--a-w- c:\windows\system32\dllcache\neo20xx.dll
2011-05-15 14:23:25 15872 -c--a-w- c:\windows\system32\dllcache\ne2000.sys
2011-05-15 14:23:17 91488 -c--a-w- c:\windows\system32\dllcache\n9i3disp.dll
2011-05-15 14:23:15 27936 -c--a-w- c:\windows\system32\dllcache\n9i3d.sys
2011-05-15 14:23:10 33088 -c--a-w- c:\windows\system32\dllcache\n9i128v2.sys
2011-05-15 14:23:07 59104 -c--a-w- c:\windows\system32\dllcache\n9i128v2.dll
2011-05-15 14:23:05 13664 -c--a-w- c:\windows\system32\dllcache\n9i128.sys
2011-05-15 14:21:48 2944 -c--a-w- c:\windows\system32\dllcache\msmpu401.sys
2011-05-15 14:21:46 22016 -c--a-w- c:\windows\system32\dllcache\msircomm.sys
2011-05-15 14:21:11 35200 -c--a-w- c:\windows\system32\dllcache\msgame.sys
2011-05-15 14:21:08 6016 -c--a-w- c:\windows\system32\dllcache\msfsio.sys
2011-05-15 14:20:59 17280 -c--a-w- c:\windows\system32\dllcache\mraid35x.sys
2011-05-15 14:20:40 16128 -c--a-w- c:\windows\system32\dllcache\modemcsa.sys
2011-05-15 14:20:28 6528 -c--a-w- c:\windows\system32\dllcache\miniqic.sys
2011-05-15 14:20:17 320384 -c--a-w- c:\windows\system32\dllcache\mgaum.sys
2011-05-15 14:20:15 235648 -c--a-w- c:\windows\system32\dllcache\mgaud.dll
2011-05-15 14:20:09 26112 -c--a-w- c:\windows\system32\dllcache\memstpci.sys
2011-05-15 14:20:07 47616 -c--a-w- c:\windows\system32\dllcache\memgrp.dll
2011-05-15 14:20:00 8320 -c--a-w- c:\windows\system32\dllcache\memcard.sys
2011-05-15 14:18:57 70730 -c--a-w- c:\windows\system32\dllcache\lne100tx.sys
2011-05-15 14:18:55 20573 -c--a-w- c:\windows\system32\dllcache\lne100.sys
2011-05-15 14:18:53 25065 -c--a-w- c:\windows\system32\dllcache\lmndis3.sys
2011-05-15 14:18:47 15744 -c--a-w- c:\windows\system32\dllcache\lit220p.sys
2011-05-15 14:18:44 34688 -c--a-w- c:\windows\system32\dllcache\lbrtfdc.sys
2011-05-15 14:18:38 26442 -c--a-w- c:\windows\system32\dllcache\lanepic5.sys
2011-05-15 14:18:36 19016 -c--a-w- c:\windows\system32\dllcache\ktc111.sys
2011-05-15 14:18:32 37376 -c--a-w- c:\windows\system32\dllcache\kousd.dll
2011-05-15 14:18:19 253952 -c--a-w- c:\windows\system32\dllcache\kdsusd.dll
2011-05-15 14:18:18 48640 -c--a-w- c:\windows\system32\dllcache\kdsui.dll
2011-05-15 14:17:49 8192 -c--a-w- c:\windows\system32\dllcache\kbdkor.dll
2011-05-15 14:17:47 8704 -c--a-w- c:\windows\system32\dllcache\kbdjpn.dll
2011-05-15 14:17:16 6144 -c--a-w- c:\windows\system32\dllcache\kbd106.dll
2011-05-15 14:17:15 5632 -c--a-w- c:\windows\system32\dllcache\kbd103.dll
2011-05-15 14:17:09 6144 -c--a-w- c:\windows\system32\dllcache\kbd101c.dll
2011-05-15 14:17:07 6144 -c--a-w- c:\windows\system32\dllcache\kbd101b.dll
2011-05-15 14:15:09 372824 -c--a-w- c:\windows\system32\dllcache\iconf32.dll
2011-05-15 14:15:04 100992 -c--a-w- c:\windows\system32\dllcache\icam5usb.sys
2011-05-15 14:15:01 20480 -c--a-w- c:\windows\system32\dllcache\icam5ext.dll
2011-05-15 14:13:53 1041536 -c--a-w- c:\windows\system32\dllcache\hsfdpsp2.sys
2011-05-15 14:12:58 324608 -c--a-w- c:\windows\system32\dllcache\hpojwia.dll
2011-05-15 14:11:58 59136 -c--a-w- c:\windows\system32\dllcache\gckernel.sys
2011-05-15 14:10:54 27165 -c--a-w- c:\windows\system32\dllcache\fetnd5.sys
2011-05-15 14:09:57 37120 -c--a-w- c:\windows\system32\dllcache\es1370mp.sys
2011-05-15 14:08:59 334208 -c--a-w- c:\windows\system32\dllcache\ds1wdm.sys
2011-05-15 14:07:59 63208 -c--a-w- c:\windows\system32\dllcache\dc21x4.sys
2011-05-15 14:06:56 15423 -c--a-w- c:\windows\system32\dllcache\ch7xxnt5.dll
2011-05-15 14:05:59 21183 -c--a-w- c:\windows\system32\dllcache\atv01nt5.dll
2011-05-15 14:04:45 66048 -c--a-w- c:\windows\system32\dllcache\s3legacy.dll
2011-05-15 13:39:33 114688 -c--a-w- c:\windows\system32\dllcache\calc.exe
2011-05-15 13:39:33 114688 ----a-w- c:\windows\system32\calc.exe
2011-05-15 00:53:25 472808 ----a-w- c:\windows\system32\deployJava1.dll
2011-05-15 00:53:25 472808 ----a-w- c:\program files\mozilla firefox\plugins\npdeployJava1.dll
2011-05-15 00:29:18 -------- d-----w- c:\documents and settings\andrew\local settings\application data\Secunia PSI
2011-05-15 00:29:11 -------- d-----w- c:\program files\Secunia
2011-05-14 21:31:25 -------- d-----w- c:\documents and settings\andrew\application data\Malwarebytes
2011-05-14 21:31:16 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2011-05-14 21:31:13 -------- d-----w- c:\documents and settings\all users\application data\Malwarebytes
2011-05-14 21:31:08 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2011-05-14 12:23:59 404640 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2011-05-02 18:06:09 -------- d-----w- c:\documents and settings\andrew\application data\.myibay
2011-05-02 18:05:57 -------- d-----w- c:\program files\myibay
.
==================== Find3M ====================
.
2011-05-25 02:34:54 52352 ----a-w- c:\windows\system32\drivers\volsnap.sys
2011-05-15 00:53:11 73728 ----a-w- c:\windows\system32\javacpl.cpl
2011-04-14 11:03:15 0 ----a-w- c:\windows\system32\Config.Msi
2011-03-07 05:33:50 692736 ----a-w- c:\windows\system32\inetcomm.dll
2011-03-04 06:37:06 420864 ----a-w- c:\windows\system32\vbscript.dll
2011-03-03 13:21:11 1857920 ----a-w- c:\windows\system32\win32k.sys
2008-10-21 14:04:36 229376 ----a-w- c:\program files\ChipUtil.exe
.
============= FINISH: 17:21:07.54 ===============

Attached Files



#4 B-boy/StyLe/

B-boy/StyLe/

    Bleepin' Freestyler


  • Malware Response Team
  • 8,310 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Bulgaria
  • Local time:02:39 PM

Posted 29 May 2011 - 12:07 PM

Hello Andrew_97 ! Welcome to BleepingComputer Forums! :welcome:

My name is Georgi and and I will be helping you with your computer problems.

Before we begin, please note the following:
  • I will working be on your Malware issues, this may or may not, solve other issues you have with your machine.
  • The logs can take some time to research, so please be patient with me.
  • Stay with the topic until I tell you that your system is clean. Missing symptoms does not mean that everything is okay.
  • Instructions that I give are for your system only!
  • Please do not run any tools until requested ! The reason for this is so I know what is going on with the machine at any time. Some programs can interfere with others and hamper the recovery process.
  • Please perform all steps in the order received. If you can't understand something don't hesitate to ask.
  • Again I would like to remind you to make no further changes to your computer unless I direct you to do so. I will not help you if you do not follow my instructions.





IMPORTANT NOTE: One or more of the identified infections is related to the rootkit TDL3 and Sinowal. Rootkits, backdoor Trojans, Botnets, and IRCBots are very dangerous because they compromise system integrity by making changes that allow it to be used be the attacker for malicious purposes. Rootkits are used be Trojans to conceal its presence (hide from view) in order to prevent detection of an attacker's software and make removal more difficult. Many rootkits can hook into the Windows 32-bit kernel, and patch several APIs to hide new registry keys and files they install. They can disable your anti-virus and security tools to prevent detection and removal. Remote attackers use backdoors as a means of accessing and taking control of a computer that bepasses security mechanisms. This type of exploit allows them to steal sensitive information like passwords, personal and financial data which is send back to the hacker. To learn more about these types of infections, you can refer to:If your computer was used for online banking, has credit card information or other sensitive data on it, you should stay disconnected from the Internet until your system is fully cleaned. All passwords should be changed immediately to include those used for banking, email, eBay, paypal and online forums. You should consider them to be compromised and change each password using a clean computer, not the infected one. If not, an attacker may get the new passwords and transaction information. If using a router, you need to reset it with a strong logon/password so the malware cannot gain control before connect again. Banking and credit card institutions should be notified of the possible security breach. Because your computer was compromised please read:Although the infection has been identified and may be removed, your PC has likely been compromised and there is no way to be sure the computer can ever be trusted again. It is dangerous and incorrect to assume the computer is secure even if the malware appears to have been removed. In some instances an infection may have caused so much damage to your system that it cannot be completely cleaned or repaired so you can never be sure that you have completely removed a rootkit. The malware may leave so many remnants behind that security tools cannot find them. Tools that claim to be able to remove rootkits cannot guarantee that all traces of it will be removed. Many experts in the security community believe that once infected with this type of malware, the best course of action is to wipe the drive clean, reformat and reinstall the OS. Please read:

We can still clean this machine but I can't guarantee that it will be 100% secure afterwards. If you decide to continue please do this:



Please download ComboFix from the link below:

Combofix

Save it to your Desktop <-- Important!!!

  • Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools. Please refer to this link for instructions.

  • Double click it & follow the prompts.

  • As part of it's process, ComboFix will check to see if the Microsoft Windows Recovery Console is installed. With malware infections being as they are today, it's strongly recommended to have this pre-installed on your machine before doing any malware removal. It will allow you to boot up into a special recovery/repair mode that will allow us to more easily help you should your computer have a problem after an attempted removal of malware.

  • Follow the prompts to allow ComboFix to download and install the Microsoft Windows Recovery Console, and when prompted, agree to the End-User License Agreement to install the Microsoft Windows Recovery Console.

**Please note: If the Microsoft Windows Recovery Console is already installed, ComboFix will continue it's malware removal procedures.

Posted Image


Once the Microsoft Windows Recovery Console is installed using ComboFix, you should see the following message:

Posted Image

Click on Yes, to continue scanning for malware.

When finished, it will produce a log for you. Please include the C:\ComboFix.txt in your next reply



Regards,
Georgi

cXfZ4wS.png


#5 Andrew_97

Andrew_97
  • Topic Starter

  • Members
  • 36 posts
  • OFFLINE
  •  
  • Local time:02:39 PM

Posted 31 May 2011 - 03:05 PM

Thank you.
I will probably re-format in a few days but in the meantime I would like to continue with the cleaning process. Here is the ComboFix log I just did.

ComboFix 11-05-31.01 - Andrew 31.May.11 21:49:42.1.2 - x86
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.2038.1417 [GMT 2:00]
Running from: c:\documents and settings\Andrew\Desktop\ComboFix.exe
AV: ESET NOD32 Antivirus 4.2 *Disabled/Updated* {E5E70D32-0101-4F12-8FB0-D96ACA4F34C0}
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\documents and settings\Andrew\Application Data\Catalyst
c:\documents and settings\Andrew\Application Data\Java\j2deploy.dll
c:\documents and settings\Andrew\Application Data\msierr.log
c:\documents and settings\Andrew\Application Data\WmiModules
c:\documents and settings\Andrew\WINDOWS
.
.
((((((((((((((((((((((((( Files Created from 2011-04-28 to 2011-05-31 )))))))))))))))))))))))))))))))
.
.
2011-05-30 00:29 . 2011-05-30 00:29 74703 ----a-w- c:\windows\system32\mfc45.dll
2011-05-28 16:25 . 2011-05-28 16:25 -------- d-----w- c:\documents and settings\LocalService\Local Settings\Application Data\ESET
2011-05-26 13:12 . 2011-05-26 13:12 -------- d-----w- c:\documents and settings\Andrew\Local Settings\Application Data\ESET
2011-05-26 12:28 . 2011-05-26 12:28 -------- d-----w- c:\program files\ESET
2011-05-26 12:28 . 2011-05-26 12:28 -------- d-----w- c:\documents and settings\All Users\Application Data\ESET
2011-05-19 00:24 . 2011-05-19 00:24 -------- d-----w- c:\documents and settings\Andrew\Application Data\SUPERAntiSpyware.com
2011-05-19 00:24 . 2011-05-19 00:24 -------- d-----w- c:\documents and settings\All Users\Application Data\SUPERAntiSpyware.com
2011-05-19 00:23 . 2011-05-19 12:31 -------- d-----w- c:\program files\SUPERAntiSpyware
2011-05-15 15:01 . 2003-03-31 05:00 138752 -c--a-w- c:\windows\system32\dllcache\sndvol32.exe
2011-05-15 15:01 . 2003-03-31 05:00 138752 ----a-w- c:\windows\system32\sndvol32.exe
2011-05-15 14:43 . 2008-04-14 03:42 116224 -c--a-w- c:\windows\system32\dllcache\xrxwiadr.dll
2011-05-15 14:43 . 2001-08-17 20:36 23040 -c--a-w- c:\windows\system32\dllcache\xrxwbtmp.dll
2011-05-15 14:43 . 2008-04-14 03:42 18944 -c--a-w- c:\windows\system32\dllcache\xrxscnui.dll
2011-05-15 14:43 . 2001-08-17 20:37 27648 -c--a-w- c:\windows\system32\dllcache\xrxftplt.exe
2011-05-15 14:43 . 2001-08-17 20:37 4608 -c--a-w- c:\windows\system32\dllcache\xrxflnch.exe
2011-05-15 14:43 . 2001-08-17 20:37 99865 -c--a-w- c:\windows\system32\dllcache\xlog.exe
2011-05-15 14:43 . 2001-08-17 10:11 16970 -c--a-w- c:\windows\system32\dllcache\xem336n5.sys
2011-05-15 14:42 . 2008-04-13 20:04 19455 -c--a-w- c:\windows\system32\dllcache\wvchntxx.sys
2011-05-15 14:42 . 2008-04-14 03:42 8192 -c--a-w- c:\windows\system32\dllcache\wshirda.dll
2011-05-15 14:42 . 2008-04-13 20:04 12063 -c--a-w- c:\windows\system32\dllcache\wsiintxx.sys
2011-05-15 14:42 . 2008-04-13 20:05 154624 -c--a-w- c:\windows\system32\dllcache\wlluc48.sys
2011-05-15 14:42 . 2001-08-17 10:12 34890 -c--a-w- c:\windows\system32\dllcache\wlandrv2.sys
2011-05-15 14:42 . 2001-08-17 11:28 771581 -c--a-w- c:\windows\system32\dllcache\winacisa.sys
2011-05-15 14:42 . 2001-08-17 20:36 53760 -c--a-w- c:\windows\system32\dllcache\wiamsmud.dll
2011-05-15 14:42 . 2001-08-17 20:36 87040 -c--a-w- c:\windows\system32\dllcache\wiafbdrv.dll
2011-05-15 14:40 . 2001-08-17 11:28 397502 -c--a-w- c:\windows\system32\dllcache\vpctcom.sys
2011-05-15 14:40 . 2001-08-17 11:28 604253 -c--a-w- c:\windows\system32\dllcache\vmodem.sys
2011-05-15 14:40 . 2001-08-17 10:14 249402 -c--a-w- c:\windows\system32\dllcache\vinwm.sys
2011-05-15 14:40 . 2008-04-13 22:10 5376 -c--a-w- c:\windows\system32\dllcache\viaide.sys
2011-05-15 14:40 . 2001-08-17 11:49 24576 -c--a-w- c:\windows\system32\dllcache\viairda.sys
2011-05-15 14:40 . 2008-04-13 22:06 42240 -c--a-w- c:\windows\system32\dllcache\viaagp.sys
2011-05-15 14:40 . 2008-04-14 03:42 11325 -c--a-w- c:\windows\system32\dllcache\vchnt5.dll
2011-05-15 14:40 . 2001-08-17 11:28 687999 -c--a-w- c:\windows\system32\dllcache\usrwdxjs.sys
2011-05-15 14:40 . 2001-08-17 11:28 765884 -c--a-w- c:\windows\system32\dllcache\usrti.sys
2011-05-15 14:40 . 2001-08-17 11:28 113762 -c--a-w- c:\windows\system32\dllcache\usrpda.sys
2011-05-15 14:40 . 2001-08-17 11:28 7556 -c--a-w- c:\windows\system32\dllcache\usroslba.sys
2011-05-15 14:40 . 2001-08-17 11:28 224802 -c--a-w- c:\windows\system32\dllcache\usr1807a.sys
2011-05-15 14:40 . 2001-08-17 11:28 794399 -c--a-w- c:\windows\system32\dllcache\usr1806v.sys
2011-05-15 14:38 . 2001-08-17 20:36 211968 -c--a-w- c:\windows\system32\dllcache\um54scan.dll
2011-05-15 14:38 . 2001-08-17 20:36 216064 -c--a-w- c:\windows\system32\dllcache\um34scan.dll
2011-05-15 14:38 . 2001-08-17 11:52 36736 -c--a-w- c:\windows\system32\dllcache\ultra.sys
2011-05-15 14:38 . 2008-04-13 22:06 44672 -c--a-w- c:\windows\system32\dllcache\uagp35.sys
2011-05-15 14:38 . 2001-08-17 11:48 11520 -c--a-w- c:\windows\system32\dllcache\twotrack.sys
2011-05-15 14:38 . 2001-08-17 10:51 166784 -c--a-w- c:\windows\system32\dllcache\tridxpm.sys
2011-05-15 14:38 . 2001-08-17 20:36 525568 -c--a-w- c:\windows\system32\dllcache\tridxp.dll
2011-05-15 14:38 . 2001-08-17 10:51 159232 -c--a-w- c:\windows\system32\dllcache\tridkbm.sys
2011-05-15 14:38 . 2001-08-17 12:56 440576 -c--a-w- c:\windows\system32\dllcache\tridkb.dll
2011-05-15 14:38 . 2001-08-17 10:51 222336 -c--a-w- c:\windows\system32\dllcache\trid3dm.sys
2011-05-15 14:38 . 2001-08-17 12:56 315520 -c--a-w- c:\windows\system32\dllcache\trid3d.dll
2011-05-15 14:38 . 2001-08-17 10:12 34375 -c--a-w- c:\windows\system32\dllcache\tpro4.sys
2011-05-15 14:36 . 2001-08-17 11:49 30464 -c--a-w- c:\windows\system32\dllcache\tbatm155.sys
2011-05-15 14:36 . 2001-08-17 11:52 7040 -c--a-w- c:\windows\system32\dllcache\tandqic.sys
2011-05-15 14:36 . 2001-08-17 10:50 36640 -c--a-w- c:\windows\system32\dllcache\t2r4mini.sys
2011-05-15 14:36 . 2001-08-17 12:56 172768 -c--a-w- c:\windows\system32\dllcache\t2r4disp.dll
2011-05-15 14:36 . 2001-08-17 12:07 32640 -c--a-w- c:\windows\system32\dllcache\symc8xx.sys
2011-05-15 14:36 . 2001-08-17 12:07 16256 -c--a-w- c:\windows\system32\dllcache\symc810.sys
2011-05-15 14:36 . 2001-08-17 12:07 30688 -c--a-w- c:\windows\system32\dllcache\sym_u3.sys
2011-05-15 14:36 . 2001-08-17 12:07 28384 -c--a-w- c:\windows\system32\dllcache\sym_hi.sys
2011-05-15 14:36 . 2001-08-17 20:36 94293 -c--a-w- c:\windows\system32\dllcache\sxports.dll
2011-05-15 14:36 . 2001-08-17 11:50 103936 -c--a-w- c:\windows\system32\dllcache\sx.sys
2011-05-15 14:36 . 2001-08-17 12:02 3968 -c--a-w- c:\windows\system32\dllcache\swusbflt.sys
2011-05-15 14:35 . 2001-08-17 20:36 10240 -c--a-w- c:\windows\system32\dllcache\swpidflt.dll
2011-05-15 14:35 . 2001-08-17 20:36 10240 -c--a-w- c:\windows\system32\dllcache\swpdflt2.dll
2011-05-15 14:35 . 2001-08-17 20:36 53760 -c--a-w- c:\windows\system32\dllcache\sw_wheel.dll
2011-05-15 14:35 . 2001-08-17 20:36 41472 -c--a-w- c:\windows\system32\dllcache\sw_effct.dll
2011-05-15 14:35 . 2001-08-17 20:36 155648 -c--a-w- c:\windows\system32\dllcache\stlnprop.dll
2011-05-15 14:35 . 2001-08-17 20:36 53248 -c--a-w- c:\windows\system32\dllcache\stlncoin.dll
2011-05-15 14:35 . 2001-08-17 10:18 285760 -c--a-w- c:\windows\system32\dllcache\stlnata.sys
2011-05-15 14:35 . 2001-08-17 11:51 16896 -c--a-w- c:\windows\system32\dllcache\stcusb.sys
2011-05-15 14:35 . 2001-08-17 10:11 48736 -c--a-w- c:\windows\system32\dllcache\srwlnd5.sys
2011-05-15 14:35 . 2001-08-17 20:36 99328 -c--a-w- c:\windows\system32\dllcache\srusd.dll
2011-05-15 14:35 . 2001-08-17 20:36 24660 -c--a-w- c:\windows\system32\dllcache\spxupchk.dll
2011-05-15 14:34 . 2001-08-17 11:51 61824 -c--a-w- c:\windows\system32\dllcache\speed.sys
2011-05-15 14:34 . 2001-08-17 20:36 106584 -c--a-w- c:\windows\system32\dllcache\spdports.dll
2011-05-15 14:34 . 2001-08-17 12:07 19072 -c--a-w- c:\windows\system32\dllcache\sparrow.sys
2011-05-15 14:34 . 2001-08-17 11:56 7552 -c--a-w- c:\windows\system32\dllcache\sonypvu1.sys
2011-05-15 14:34 . 2001-08-17 10:51 37040 -c--a-w- c:\windows\system32\dllcache\sonypi.sys
2011-05-15 14:34 . 2001-08-17 20:36 114688 -c--a-w- c:\windows\system32\dllcache\sonypi.dll
2011-05-15 14:34 . 2001-08-17 10:51 20752 -c--a-w- c:\windows\system32\dllcache\sonync.sys
2011-05-15 14:34 . 2001-08-17 11:53 9600 -c--a-w- c:\windows\system32\dllcache\sonymc.sys
2011-05-15 14:34 . 2008-04-13 22:10 7552 -c--a-w- c:\windows\system32\dllcache\sonyait.sys
2011-05-15 14:34 . 2001-08-17 11:53 7040 -c--a-w- c:\windows\system32\dllcache\snyaitmc.sys
2011-05-15 14:32 . 2008-04-14 03:42 73832 -c--a-w- c:\windows\system32\dllcache\slcoinst.dll
2011-05-15 14:31 . 2001-07-21 12:29 161568 -c--a-w- c:\windows\system32\dllcache\sgsmusb.sys
2011-05-15 14:31 . 2001-07-21 12:29 18400 -c--a-w- c:\windows\system32\dllcache\sgsmld.sys
2011-05-15 14:31 . 2001-08-17 10:51 98080 -c--a-w- c:\windows\system32\dllcache\sgiulnt5.sys
2011-05-15 14:31 . 2001-08-17 20:36 386560 -c--a-w- c:\windows\system32\dllcache\sgiul50.dll
2011-05-15 14:31 . 2001-08-17 10:19 36480 -c--a-w- c:\windows\system32\dllcache\sfmanm.sys
2011-05-15 14:31 . 2001-08-17 11:53 6784 -c--a-w- c:\windows\system32\dllcache\serscan.sys
2011-05-15 14:31 . 2001-08-17 11:48 17664 -c--a-w- c:\windows\system32\dllcache\sermouse.sys
2011-05-15 14:31 . 2001-08-17 11:53 6912 -c--a-w- c:\windows\system32\dllcache\seaddsmc.sys
2011-05-15 14:31 . 2008-04-13 22:15 11520 -c--a-w- c:\windows\system32\dllcache\scsiscan.sys
2011-05-15 14:31 . 2001-08-17 11:52 11648 -c--a-w- c:\windows\system32\dllcache\scsiprnt.sys
2011-05-15 14:31 . 2001-08-17 11:51 17280 -c--a-w- c:\windows\system32\dllcache\scr111.sys
2011-05-15 14:29 . 2001-08-17 10:50 166720 -c--a-w- c:\windows\system32\dllcache\s3m.sys
2011-05-15 14:29 . 2008-04-13 20:04 166912 -c--a-w- c:\windows\system32\dllcache\s3gnbm.sys
2011-05-15 14:29 . 2001-08-17 11:57 65664 -c--a-w- c:\windows\system32\dllcache\s3legacy.sys
2011-05-15 14:29 . 2008-04-14 03:42 397056 -c--a-w- c:\windows\system32\dllcache\s3gnb.dll
2011-05-15 14:29 . 2001-08-17 20:36 82432 -c--a-w- c:\windows\system32\dllcache\rwia450.dll
2011-05-15 14:29 . 2001-08-17 20:36 79872 -c--a-w- c:\windows\system32\dllcache\rwia430.dll
2011-05-15 14:29 . 2008-04-14 03:42 29696 -c--a-w- c:\windows\system32\dllcache\rw450ext.dll
2011-05-15 14:29 . 2008-04-14 03:42 27648 -c--a-w- c:\windows\system32\dllcache\rw430ext.dll
2011-05-15 14:29 . 2008-04-13 20:05 20992 -c--a-w- c:\windows\system32\dllcache\rtl8139.sys
2011-05-15 14:29 . 2001-08-17 10:12 19017 -c--a-w- c:\windows\system32\dllcache\rtl8029.sys
2011-05-15 14:29 . 2001-08-17 10:19 30720 -c--a-w- c:\windows\system32\dllcache\rthwcls.sys
2011-05-15 14:29 . 2001-08-17 20:36 9216 -c--a-w- c:\windows\system32\dllcache\rsmgrstr.dll
2011-05-15 14:29 . 2001-08-17 10:19 3840 -c--a-w- c:\windows\system32\dllcache\rpfun.sys
2011-05-15 14:28 . 2008-04-13 22:26 30592 -c--a-w- c:\windows\system32\dllcache\rndismpx.sys
2011-05-15 14:28 . 2008-04-13 22:10 79104 -c--a-w- c:\windows\system32\dllcache\rocket.sys
2011-05-15 14:28 . 2001-08-17 10:12 37563 -c--a-w- c:\windows\system32\dllcache\rlnet5.sys
2011-05-15 14:28 . 2008-04-13 22:16 59136 -c--a-w- c:\windows\system32\dllcache\rfcomm.sys
2011-05-15 14:28 . 2001-08-17 20:36 86097 -c--a-w- c:\windows\system32\dllcache\reslog32.dll
2011-05-15 14:28 . 2008-04-13 21:53 13776 -c--a-w- c:\windows\system32\dllcache\recagent.sys
2011-05-15 14:28 . 2001-08-17 11:51 19584 -c--a-w- c:\windows\system32\dllcache\rasirda.sys
2011-05-15 14:28 . 2001-08-17 11:28 714762 -c--a-w- c:\windows\system32\dllcache\r2mdmkxx.sys
2011-05-15 14:28 . 2001-08-17 11:28 899146 -c--a-w- c:\windows\system32\dllcache\r2mdkxga.sys
2011-05-15 14:28 . 2001-08-17 20:36 41472 -c--a-w- c:\windows\system32\dllcache\qvusd.dll
2011-05-15 14:28 . 2001-08-17 11:53 3328 -c--a-w- c:\windows\system32\dllcache\qv2kux.sys
2011-05-15 14:28 . 2001-08-17 11:52 49024 -c--a-w- c:\windows\system32\dllcache\ql1280.sys
2011-05-15 14:26 . 2001-08-17 20:36 121344 -c--a-w- c:\windows\system32\dllcache\phvfwext.dll
2011-05-15 14:25 . 2001-08-17 10:11 29769 -c--a-w- c:\windows\system32\dllcache\pcntn5m.sys
2011-05-15 14:24 . 2001-08-17 12:05 48000 -c--a-w- c:\windows\system32\dllcache\ovcam2.sys
2011-05-15 14:23 . 2001-08-17 10:20 87040 -c--a-w- c:\windows\system32\dllcache\nm6wdm.sys
2011-05-15 14:23 . 2001-08-17 10:20 126080 -c--a-w- c:\windows\system32\dllcache\nm5a2wdm.sys
2011-05-15 14:23 . 2001-08-17 10:12 32840 -c--a-w- c:\windows\system32\dllcache\ngrpci.sys
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-05-25 02:34 . 2008-04-13 20:11 52352 ----a-w- c:\windows\system32\drivers\volsnap.sys
2011-05-15 00:53 . 2008-10-24 13:15 73728 ----a-w- c:\windows\system32\javacpl.cpl
2011-04-14 11:03 . 2011-04-14 11:03 0 ----a-w- c:\windows\system32\Config.Msi
2011-03-07 05:33 . 2008-10-22 17:43 692736 ----a-w- c:\windows\system32\inetcomm.dll
2011-03-04 06:37 . 2008-04-14 01:42 420864 ----a-w- c:\windows\system32\vbscript.dll
2011-03-03 13:27 . 2008-04-13 21:00 1866880 ----a-w- c:\windows\system32\win32k.sys
2008-10-21 14:04 . 2008-10-22 19:57 229376 ----a-w- c:\program files\ChipUtil.exe
.
.
------- Sigcheck -------
Note: Unsigned files aren't necessarily malware.
.
[-] 2008-05-05 . 9F42478360E9B053A6703DEF39B4CE33 . 1614848 . . [5.1.2600.5512] . . c:\windows\system32\sfcfiles.dll
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2008-10-30 39408]
"cdloader"="c:\documents and settings\Andrew\Application Data\mjusbsp\cdloader2.exe" [2010-12-03 50592]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Apoint"="c:\program files\DellTPad\Apoint.exe" [2007-10-25 167936]
"SigmatelSysTrayApp"="c:\program files\SigmaTel\C-Major Audio\WDM\stsystra.exe" [2007-05-10 405504]
"systray"="c:\program files\Dell\Dell Mobile Broadband\systray.exe" [2007-06-23 331851]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2011-01-31 35760]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2010-09-20 932288]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2007-09-05 141848]
"Persistence"="c:\windows\system32\igfxpers.exe" [2007-09-05 137752]
"SigmaTel Audio"="c:\program files\SigmaTel\C-Major Audio\DellXPM_5515v133\setup.exe" [2007-10-18 117200]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2010-10-29 249064]
"egui"="c:\program files\ESET\ESET NOD32 Antivirus\egui.exe" [2010-08-12 2215064]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce]
"AvgUninstallURL"="start http:" [X]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]
.
c:\documents and settings\Andrew\Start Menu\Programs\Startup\
Adobe Acrobat Speed Launcher.lnk - c:\windows\Installer\{AC76BA86-1033-AF00-BA7E-100000000002}\SC_Acrobat.exe [2011-4-14 25214]
Windows Search.lnk - c:\program files\Windows Desktop Search\WindowsSearch.exe [2008-5-26 123904]
.
[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{56F9679E-7826-4C84-81F3-532071A8BCC5}"= "c:\program files\Windows Desktop Search\MSNLNamespaceMgr.dll" [2009-05-24 304128]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "c:\program files\SUPERAntiSpyware\SASSEH.DLL" [2008-05-13 77824]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
2009-09-03 22:21 548352 ----a-w- c:\program files\SUPERAntiSpyware\SASWINLO.DLL
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\aawservice]
@=""
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"
.
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Bluetooth.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Bluetooth.lnk
backup=c:\windows\pss\Bluetooth.lnkCommon Startup
.
[HKLM\~\startupfolder\C:^Documents and Settings^Andrew^Start Menu^Programs^Startup^OneNote 2007 Screen Clipper and Launcher.lnk]
path=c:\documents and settings\Andrew\Start Menu\Programs\Startup\OneNote 2007 Screen Clipper and Launcher.lnk
backup=c:\windows\pss\OneNote 2007 Screen Clipper and Launcher.lnkStartup
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Acrobat Assistant 7.0]
2005-07-28 21:36 483328 ----a-w- c:\program files\Adobe\Acrobat 7.0\Distillr\acrotray.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
2011-01-31 08:44 35760 ----a-w- c:\program files\Adobe\Reader 9.0\Reader\reader_sl.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Broadcom Wireless Manager UI]
2007-10-09 17:17 2183168 ----a-w- c:\windows\system32\WLTRAY.EXE
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Dell QuickSet]
2007-12-10 16:06 1228800 ----a-w- c:\program files\Dell\QuickSet\quickset.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DELL Webcam Manager]
2007-07-27 14:43 118784 ------w- c:\program files\Dell\Dell Webcam Manager\DellWMgr.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HotKeysCmds]
2007-09-05 15:13 166424 ----a-w- c:\windows\system32\hkcmd.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
2009-06-05 10:39 292136 ----a-w- c:\program files\iTunes\iTunesHelper.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS]
2008-04-14 03:42 1695232 --sh--w- c:\program files\Messenger\msmsgs.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\mxomssmenu]
2008-07-21 13:54 169312 ----a-w- c:\program files\Maxtor\OneTouch Status\MaxMenuMgr.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck]
2001-07-09 09:50 155648 ----a-w- c:\windows\system32\NeroCheck.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\OEM02Mon.exe]
2007-05-09 23:01 36864 ----a-w- c:\windows\OEM02Mon.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
2008-12-14 19:48 413696 ----a-w- c:\program files\QuickTime\qttask.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\swg]
2008-10-30 23:29 39408 ----a-w- c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
.
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run-]
"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe"
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-]
"GrooveMonitor"="c:\program files\Microsoft Office\Office12\GrooveMonitor.exe"
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe"
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusOverride"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
"DisableMonitoring"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Microsoft Office\\Office12\\ONENOTE.EXE"=
"c:\\Program Files\\Free Download Manager\\fdm.exe"=
"c:\\Program Files\\BitComet\\BitComet.exe"=
"c:\\Program Files\\Yahoo!\\Messenger\\YahooMessenger.exe"=
"c:\\Program Files\\LimeWire\\LimeWire.exe"=
"c:\\Program Files\\Messenger\\msmsgs.exe"=
"c:\\Program Files\\VideoLAN VLC\\vlc.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=
"c:\\Program Files\\Skype\\Plugin Manager\\skypePM.exe"=
"c:\\Program Files\\Java\\jre6\\bin\\java.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=
"c:\\Program Files\\Google\\Google Earth\\client\\googleearth.exe"=
"c:\\Documents and Settings\\Andrew\\Application Data\\mjusbsp\\magicJack.exe"=
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"8873:TCP"= 8873:TCP:BitComet 8873 TCP
"8873:UDP"= 8873:UDP:BitComet 8873 UDP
"14319:TCP"= 14319:TCP:BitComet 14319 TCP
"14319:UDP"= 14319:UDP:BitComet 14319 UDP
"21691:TCP"= 21691:TCP:BitComet 21691 TCP
"21691:UDP"= 21691:UDP:BitComet 21691 UDP
"3389:TCP"= 3389:TCP:Remote Desktop
"65533:TCP"= 65533:TCP:Services
"52344:TCP"= 52344:TCP:Services
"5085:TCP"= 5085:TCP:Services
"8670:TCP"= 8670:TCP:Services
"4896:TCP"= 4896:TCP:Services
"3804:TCP"= 3804:TCP:Services
"2617:TCP"= 2617:TCP:Services
"3070:TCP"= 3070:TCP:Services
.
R0 Lbd;Lbd;c:\windows\system32\drivers\Lbd.sys [15.Apr.10 6:52 PM 64288]
R1 ehdrv;ehdrv;c:\windows\system32\drivers\ehdrv.sys [29.Jul.10 1:31 PM 115008]
R1 epfwtdir;epfwtdir;c:\windows\system32\drivers\epfwtdir.sys [03.Aug.10 1:28 PM 95896]
R1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\sasdifsv.sys [17.Feb.10 8:25 PM 12872]
R1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL.SYS [10.May.10 8:41 PM 67656]
R2 ekrn;ESET Service;c:\program files\ESET\ESET NOD32 Antivirus\ekrn.exe [12.Aug.10 2:16 PM 810144]
R2 Secunia Update Agent;Secunia Update Agent;c:\program files\Secunia\PSI\sua.exe [19.Apr.11 8:44 AM 399416]
R2 SwOffScheduler;Airytec Switch Off - Task Scheduler;c:\program files\Switch Off\swoff.exe -service --> c:\program files\Switch Off\swoff.exe -service [?]
R3 genmcmnUSB;USB Scroll Mouse Driver;c:\windows\system32\drivers\gflmouhid.sys [07.Aug.03 3:42 PM 6528]
R3 IntcHdmiAddService;Intel® High Definition Audio HDMI Service;c:\windows\system32\drivers\IntcHdmi.sys [22.Oct.08 8:06 PM 105984]
S2 gupdate;Google Update Service (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [21.Dec.09 5:41 PM 135664]
S2 SwOffWeb;Airytec Switch Off - Web Interface;c:\program files\Switch Off\swoff.exe -service --> c:\program files\Switch Off\swoff.exe -service [?]
S3 cpudrv;cpudrv;c:\program files\SystemRequirementsLab\cpudrv.sys [18.Dec.09 11:58 AM 11336]
S3 gupdatem;Google Update Service (gupdatem);c:\program files\Google\Update\GoogleUpdate.exe [21.Dec.09 5:41 PM 135664]
S3 Lavasoft Kernexplorer;Lavasoft helper driver;\??\c:\program files\Lavasoft\Ad-Aware\KernExplorer.sys --> c:\program files\Lavasoft\Ad-Aware\KernExplorer.sys [?]
S3 PSI;PSI;c:\windows\system32\drivers\psi_mf.sys [01.Sep.10 10:30 AM 15544]
S3 Secunia PSI Agent;Secunia PSI Agent;c:\program files\Secunia\PSI\psia.exe [19.Apr.11 8:44 AM 993848]
S3 xcpip;TCP/IP Protocol Driver;c:\windows\system32\drivers\xcpip.sys --> c:\windows\system32\drivers\xcpip.sys [?]
S3 xpsec;IPSEC driver;c:\windows\system32\drivers\xpsec.sys --> c:\windows\system32\drivers\xpsec.sys [?]
.
Contents of the 'Scheduled Tasks' folder
.
2011-05-31 c:\windows\Tasks\Google Software Updater.job
- c:\program files\Google\Common\Google Updater\GoogleUpdaterService.exe [2008-10-30 16:14]
.
2011-05-31 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-12-21 15:41]
.
2011-05-31 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-12-21 15:41]
.
2011-05-31 c:\windows\Tasks\User_Feed_Synchronization-{44FFB25D-4FB5-4514-8F27-10BDFF62832C}.job
- c:\windows\system32\msfeedssync.exe [2007-08-13 01:31]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.google.com/
uInternet Connection Wizard,ShellNext = iexplore
IE: Download with Free Download Manager - file://c:\program files\Free Download Manager\dllink.htm
IE: Google Sidewiki... - c:\program files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_6CE5017F567343CA.dll/cmsidewiki.html
IE: {{d9288080-1baa-4bc4-9cf8-a92d743db949}
TCP: DhcpNameServer = 192.168.1.1
TCP: Interfaces\{0B4E30C7-724A-40D3-96AC-B3E4C4C78FF4}: NameServer = 163.121.128.134,163.121.128.135
FF - ProfilePath - c:\documents and settings\Andrew\Application Data\Mozilla\Firefox\Profiles\ogjof8ok.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.google.com/
FF - prefs.js: network.proxy.http - 127.0.0.1
FF - prefs.js: network.proxy.http_port - 62808
FF - prefs.js: network.proxy.type - 1
FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
FF - Ext: Java Quick Starter: jqs@sun.com - c:\program files\Java\jre6\lib\deploy\jqs\ff
.
- - - - ORPHANS REMOVED - - - -
.
Toolbar-Locked - (no file)
HKLM-Run-dellsupportcenter - c:\program files\Dell Support Center\bin\sprtcmd.exe
SafeBoot-59563026.sys
MSConfigStartUp-dellsupportcenter - c:\program files\Dell Support Center\bin\sprtcmd.exe
MSConfigStartUp-SunJavaUpdateSched - c:\program files\Java\jre6\bin\jusched.exe
.
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2011-05-31 21:54
Windows 5.1.2600 Service Pack 3 NTFS
.
scanning hidden processes ...
.
scanning hidden autostart entries ...
.
scanning hidden files ...
.
scan completed successfully
hidden files: 0
.
**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_USERS\S-1-5-21-746137067-1220945662-1801674531-1003\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{E1AE36E3-BE62-97BE-6D60-4F4C7B868501}*]
@Allowed: (Read) (RestrictedCode)
@Allowed: (Read) (RestrictedCode)
"abcipnpdbfjcfjcdngnncpjnbeldnmeicl"=hex:69,61,66,68,61,6f,65,6d,6a,61,6c,70,
68,67,6f,69,6f,67,00,00
"mahionnblolelfdlaokgngcpib"=hex:6d,61,67,6f,6d,61,68,63,66,64,70,69,6c,62,66,
62,69,67,69,61,64,66,6b,65,6a,6f,00,00
.
[HKEY_LOCAL_MACHINE\software\ESET\ESET Security\CurrentVersion\Info]
@Denied: (2) (LocalSystem)
"AppDataDir"="c:\\Documents and Settings\\All Users\\Application Data\\ESET\\ESET NOD32 Antivirus\\"
"DataDir"="ESET\\ESET NOD32 Antivirus\\"
"EditionName"="BUSINESS EDITION"
"InstallDir"="c:\\Program Files\\ESET\\ESET NOD32 Antivirus\\"
"LanguageId"=dword:00000409
"PackageTag"=dword:6090e758
"ProductBase"=dword:00000000
"ProductCode"="{D02EDDE7-B5C5-40A2-AF57-73A3278F4EEB}"
"ProductName"="ESET NOD32 Antivirus"
"ProductType"="eavbe"
"ProductVersion"="4.2.64.12"
"UniqueId"="0026E6EC4DDE4778"
"ScannerBuild"=dword:00001dd3
"ScannerVersionId"=dword:000014f0
"ScannerVersion"="Open window for status."
.
--------------------- DLLs Loaded Under Running Processes ---------------------
.
- - - - - - - > 'winlogon.exe'(584)
c:\program files\SUPERAntiSpyware\SASWINLO.DLL
c:\windows\system32\WININET.dll
.
Completion time: 2011-05-31 21:58:39
ComboFix-quarantined-files.txt 2011-05-31 19:58
.
Pre-Run: 12,185,743,360 bytes free
Post-Run: 13,844,946,944 bytes free
.
WindowsXP-KB310994-SP2-Pro-BootDisk-ENU.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
UnsupportedDebug="do not select this" /debug
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Professional" /noexecute=optin /fastdetect
.
- - End Of File - - 6F02D5BBD017B706B4EA5B14E457DEA3

#6 B-boy/StyLe/

B-boy/StyLe/

    Bleepin' Freestyler


  • Malware Response Team
  • 8,310 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Bulgaria
  • Local time:02:39 PM

Posted 31 May 2011 - 04:20 PM

Hello,



Download and run HAMeb_check.exe
Post the contents of the resulting log.



Regards,
Georgi

cXfZ4wS.png


#7 Andrew_97

Andrew_97
  • Topic Starter

  • Members
  • 36 posts
  • OFFLINE
  •  
  • Local time:02:39 PM

Posted 31 May 2011 - 06:17 PM

C:\Documents and Settings\Andrew\Desktop\HAMeb_check.exe
01.Jun.11 at 1:10:50.12

Account active No
Local Group Memberships

~~ Checking profile list ~~

No HelpAssistant profile in registry

~~ Checking for HelpAssistant directories ~~

none found

~~ Checking mbr ~~

Stealth MBR rootkit/Mebroot/Sinowal detector 0.3.7 by Gmer, http://www.gmer.net

device: opened successfully
user: MBR read successfully
kernel: MBR read successfully
user & kernel MBR OK
copy of MBR has been found in sector 0x012A14C00
malicious code @ sector 0x012A14C03 !
PE file found in sector at 0x012A14C19 !

~~ Checking for termsrv32.dll ~~

termsrv32.dll was not found


HKEY_LOCAL_MACHINE\system\currentcontrolset\services\termservice\parameters
ServiceDll REG_EXPAND_SZ %SystemRoot%\System32\termsrv.dll

~~ Checking firewall ports ~~

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\DomainProfile\GloballyOpenPorts\List]
"3389:TCP"=3389:TCP:*:Enabled:Remote Desktop
"65533:TCP"=65533:TCP:*:Enabled:Services
"52344:TCP"=52344:TCP:*:Enabled:Services
"5085:TCP"=5085:TCP:*:Enabled:Services
"8670:TCP"=8670:TCP:*:Enabled:Services
"4896:TCP"=4896:TCP:*:Enabled:Services
"3804:TCP"=3804:TCP:*:Enabled:Services
"2617:TCP"=2617:TCP:*:Enabled:Services
"3070:TCP"=3070:TCP:*:Enabled:Services

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"3389:TCP"=3389:TCP:*:Enabled:Remote Desktop
"65533:TCP"=65533:TCP:*:Enabled:Services
"52344:TCP"=52344:TCP:*:Enabled:Services
"5085:TCP"=5085:TCP:*:Enabled:Services
"8670:TCP"=8670:TCP:*:Enabled:Services
"4896:TCP"=4896:TCP:*:Enabled:Services
"3804:TCP"=3804:TCP:*:Enabled:Services
"2617:TCP"=2617:TCP:*:Enabled:Services
"3070:TCP"=3070:TCP:*:Enabled:Services


~~ EOF ~~

#8 B-boy/StyLe/

B-boy/StyLe/

    Bleepin' Freestyler


  • Malware Response Team
  • 8,310 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Bulgaria
  • Local time:02:39 PM

Posted 31 May 2011 - 09:14 PM

Hello,



Please download HelpAsst_mebroot_fix.exe and save it to your desktop.
Close out all other open programs and windows.
Double click the file to run it and follow any prompts.
If the tool detects an mbr infection, please allow it to run mbr -f and shutdown your computer.
Upon restarting, please wait about 5 minutes, click Start>Run and type the following bolded command, then hit Enter.

helpasst -mbrt

Make sure you leave a space between helpasst and -mbrt !
When it completes, a log will open.
Please post the contents of that log.


*In the event the tool does not detect an mbr infection and completes, click Start>Run and type the following bolded command, then hit Enter.

mbr -f

Now, please do the Start>Run>mbr -f command a second time.
Now shut down the computer (do not restart, but shut it down), wait a few minutes then start it back up.
Give it about 5 minutes, then click Start>Run and type the following bolded command, then hit Enter.

helpasst -mbrt

Make sure you leave a space between helpasst and -mbrt !
When it completes, a log will open.
Please post the contents of that log.

**Important note to Dell users - fixing the mbr may prevent access the the Dell Restore Utility, which allows you to press a key on startup and revert your computer to a factory delivered state. There are a couple of known fixes for said condition, though the methods are somewhat advanced. If you are unwilling to take such a risk, you should not allow the tool to execute mbr -f nor execute the command manually, and you will either need to restore your computer to a factory state or allow your computer to remain having an infected mbr (the latter not recommended).



Regards,
Georgi

cXfZ4wS.png


#9 Andrew_97

Andrew_97
  • Topic Starter

  • Members
  • 36 posts
  • OFFLINE
  •  
  • Local time:02:39 PM

Posted 01 June 2011 - 08:40 AM

It didn't detect mbr the first time. I followed your instructions, and here's the log:

C:\Documents and Settings\Andrew\Desktop\HelpAsst_mebroot_fix.exe
01.Jun.11 at 15:08:31.79

HelpAssistant account Inactive

~~ Checking for termsrv32.dll ~~

termsrv32.dll not found

~~ Checking firewall ports ~~

HKLM\~\services\sharedaccess\parameters\firewallpolicy\domainprofile\globallyopenports\list

HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\globallyopenports\list

~~ Checking profile list ~~

No HelpAssistant profile in registry

~~ Checking mbr ~~

user & kernel MBR OK

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

Status check on 01.Jun.11 at 15:38:47.26

Account active No
Local Group Memberships

~~ Checking mbr ~~

Stealth MBR rootkit/Mebroot/Sinowal detector 0.3.7 by Gmer, http://www.gmer.net

device: opened successfully
user: MBR read successfully
called modules: ntkrnlpa.exe CLASSPNP.SYS disk.sys iaStor.sys hal.dll
kernel: MBR read successfully
user & kernel MBR OK
copy of MBR has been found in sector 0x012A14C00
malicious code @ sector 0x012A14C03 !
PE file found in sector at 0x012A14C19 !

~~ Checking for termsrv32.dll ~~

termsrv32.dll not found


HKEY_LOCAL_MACHINE\system\currentcontrolset\services\termservice\parameters
ServiceDll REG_EXPAND_SZ %SystemRoot%\System32\termsrv.dll

~~ Checking profile list ~~

No HelpAssistant profile in registry

~~ Checking for HelpAssistant directories ~~

none found

~~ Checking firewall ports ~~

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\domainprofile\GloballyOpenPorts\List]

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]


~~ EOF ~~

#10 B-boy/StyLe/

B-boy/StyLe/

    Bleepin' Freestyler


  • Malware Response Team
  • 8,310 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Bulgaria
  • Local time:02:39 PM

Posted 01 June 2011 - 07:59 PM

Hello Andrew_97,



Delete your copy of Combofix and download a fresh one from here.

Save it your desktop but do not run it yet ! <--- important !!!



We need to execute a CFScript to clean some remnants.

Please do this:


1. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

2. Open notepad => navigate to format and make sure that wordwrap is unchecked. <--- important !!!

3. Copy/paste the text in the codebox below into it:

KILLALL::
Registry::
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce]
"AvgUninstallURL"=-
[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusOverride"=dword:00000000
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
"DisableMonitoring"=dword:00000000
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000000
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000000
Firefox::
FF - ProfilePath - c:\documents and settings\Andrew\Application Data\Mozilla\Firefox\Profiles\ogjof8ok.default\
FF - prefs.js: network.proxy.http - 127.0.0.1
FF - prefs.js: network.proxy.http_port - 62808
FF - prefs.js: network.proxy.type - 1
Regnull::
[HKEY_USERS\S-1-5-21-746137067-1220945662-1801674531-1003\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{E1AE36E3-BE62-97BE-6D60-4F4C7B868501}*]

4. Save this as CFScript.txt, in the same location as ComboFix.exe

Posted Image

5. Close any open browsers.

6. Refering to the picture above, drag CFScript into ComboFix.exe


When finished, it shall produce a log for you at C:\ComboFix.txt which I will require in your next reply.


Also reply back to let me know how things are going.



Regards,
Georgi

Edited by B-boy/StyLe/, 01 June 2011 - 08:00 PM.

cXfZ4wS.png


#11 Andrew_97

Andrew_97
  • Topic Starter

  • Members
  • 36 posts
  • OFFLINE
  •  
  • Local time:02:39 PM

Posted 01 June 2011 - 09:21 PM

Hi,

I tried to follow the instructions on your last post, but after ComboFix ran and restarted the computer, it told me to wait until it produces the log file. Then it said it could not "access the process as it's being used by another application". I don't know what that means. And there is no ComboFix.txt in C. Should I try again?

As for how things are going, there's been nothing unusual except that today (and I don't know if this has anything to do with my infections) some sites (I think Hotmail mainly) popped up a message in Internet Explorer saying that I'm about to leave a secure connection and it will be possible for others to view the information you send. It happened many times. It was preceded by a similar message saying that I'm entering a secure connection and it will not be possible for others to view the information I send...

Apart from that, there are no symptoms or detections by ESET. I'm still undecided what I should do. Would you still recommend a re format at this point or do you think things are better for my PC (or getting better? It's just that I hate re-formatting. It wears me does for days backing up the C drive, then reinstalling apps, updates, etc... If I don't, is there a risk that someone might be able to have access to my HD, read my files, etc? Or what's the danger exactly?

Also, in case I reformat, when should I change my passwords to sites where I'm registered? Before formatting or after? Should I also change my WIndows login password?

Sorry for bothering you further. Thanks a lot for all this.

Edited by Andrew_97, 01 June 2011 - 09:24 PM.


#12 SweetTech

SweetTech

    Agent ST


  • Members
  • 13,421 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Antarctica
  • Local time:08:39 AM

Posted 02 June 2011 - 03:28 PM

Hi Andrew_97!

Georgi has asked me to step in as he had something unexpected come up, so I will be assisting you from here.

Would you still recommend a re format at this point or do you think things are better for my PC (or getting better? It's just that I hate re-formatting. It wears me does for days backing up the C drive, then reinstalling apps, updates, etc... If I don't, is there a risk that someone might be able to have access to my HD, read my files, etc? Or what's the danger exactly?

I would still recommend a reformat and re-install at this point.


Looking over your earlier logs, I can see that TDSSKiller detected an infection known as HelpAssistant.


HelpAssistant is a MBR (Mebroot) variant which infects the Master Boot Record. The infection is contracted and spread through ads in spam e-mail attachments, by using shared folders on peer-to-peer networks, using Torrents, and via drive-by downloads when visiting porn and malicious websites using browser exploits. For more specific details about this infection, read:
Thanks to quietman7 for providing the above links.


NEXT:



Also, in case I reformat, when should I change my passwords to sites where I'm registered? Before formatting or after? Should I also change my WIndows login password?

Well I'd advise changing your passwords immediately from a known clean computer. If you do not have another clean computer available then I'd change the passwords after reformatting.

I don't think it can hurt to also change your Windows login password.



If you'd like to continue cleaning up your computer please run these scans for me:


Rootkit UnHooker (RkU)
Please download Rootkit Unhooker from one of the following links and save it to your desktop.
Link 1 (.exe file)
Link 2 (zipped file)
Link 3 (.rar file)In order to use this tool if you downloaded from either of the second two links, you will need to extract the RKUnhookerLE.exe file using a program capable of extracing ZIP and RAR compressed files. If you don't have an extraction program, you can downlaod, install and use the free 7-zip utility.

  • Double-click on RKUnhookerLE.exe to start the program.
    Vista/Windows 7 users right-click and select Run As Administrator.
  • Click the Report tab, then click Scan.
  • Check Drivers, Stealth Code, and uncheck the rest.
  • Click OK.
  • Wait until it's finished and then go to File > Save Report.
  • Save the report to your Desktop.
  • Copy and paste the contents of the report into your next reply.
-- Note: You may get this warning...just ignore it, click OK and continue: "Rootkit Unhooker has detected a parasite inside itself! It is recommended to remove parasite, okay?".



NEXT:



Running OTL

We need to create an OTL Report
  • Please download OTL from one of the following mirrors:
  • Save it to your desktop.
  • Double click on the Posted Image icon on your desktop.
  • Click the "Scan All Users" checkbox.
  • Push the Posted Image button.
  • Two reports will open, copy and paste them in a reply here:
    • OTL.txt <-- Will be opened
    • Extras.txt <-- Will be minimized

Have I helped you? If you'd like to assist in the fight against malware, click here Posted Image


The instructions seen in this post have been specifically tailored to this user and the issues they are experiencing with their computer. If you think you have a similar problem, please first read this topic, and then begin your own, new thread. I do not offer private support via Private Message.


#13 SweetTech

SweetTech

    Agent ST


  • Members
  • 13,421 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Antarctica
  • Local time:08:39 AM

Posted 04 June 2011 - 12:06 PM

Do you still need help with your machine?

If the instructions are unclear or something isn't working, please let me know before proceeding.

Have I helped you? If you'd like to assist in the fight against malware, click here Posted Image


The instructions seen in this post have been specifically tailored to this user and the issues they are experiencing with their computer. If you think you have a similar problem, please first read this topic, and then begin your own, new thread. I do not offer private support via Private Message.


#14 Andrew_97

Andrew_97
  • Topic Starter

  • Members
  • 36 posts
  • OFFLINE
  •  
  • Local time:02:39 PM

Posted 04 June 2011 - 01:03 PM

Sorry for not replying earlier. I was a little busy the past 2 days. Thanks again for your assistance.

Here is the first log file

RkU Version: 3.8.389.593, Type LE (SR2)
==============================================
OS Name: Windows XP
Version 5.1.2600 (Service Pack 3)
Number of processors #2
==============================================
>Drivers
==============================================
0xB7E4E000 C:\WINDOWS\system32\DRIVERS\igxpmp32.sys 5779456 bytes (Intel Corporation, Intel Graphics Miniport Driver)
0xBF1D9000 C:\WINDOWS\System32\igxpdx32.DLL 2621440 bytes (Intel Corporation, DirectDraw® Driver for Intel® Graphics Technology)
0x804D7000 C:\WINDOWS\system32\ntkrnlpa.exe 2154496 bytes (Microsoft Corporation, NT Kernel & System)
0x804D7000 PnpManager 2154496 bytes
0x804D7000 RAW 2154496 bytes
0x804D7000 WMIxWDM 2154496 bytes
0xBF800000 Win32k 1867776 bytes
0xBF800000 C:\WINDOWS\System32\win32k.sys 1867776 bytes (Microsoft Corporation, Multi-User Win32 Driver)
0xBF04E000 C:\WINDOWS\System32\igxpdv32.DLL 1617920 bytes (Intel Corporation, Component GHAL Driver)
0x9E207000 C:\WINDOWS\system32\drivers\sthda.sys 1171456 bytes (SigmaTel, Inc., NDRC)
0x9B400000 C:\WINDOWS\system32\DRIVERS\bcmwl5.sys 1126400 bytes (Broadcom Corp., Broadcom 802.11 Network Adapter wireless driver)
0x9E3F7000 C:\WINDOWS\system32\DRIVERS\HSF_DPV.sys 991232 bytes (Conexant Systems, Inc., HSF_DP driver)
0xB01E6000 C:\WINDOWS\system32\DRIVERS\btkrnl.sys 856064 bytes (Broadcom Corporation., Bluetooth Bus Enumerator)
0x9DF15000 C:\WINDOWS\System32\Drivers\dump_iaStor.sys 819200 bytes
0xB9E43000 iaStor.sys 819200 bytes (Intel Corporation, Intel Matrix Storage Manager driver - ia32)
0x9E344000 C:\WINDOWS\system32\DRIVERS\HSF_CNXT.sys 733184 bytes (Conexant Systems, Inc., HSF_CNXT driver)
0x9DE6E000 C:\WINDOWS\system32\DRIVERS\eamon.sys 684032 bytes (ESET, Amon monitor)
0xB9D5A000 Ntfs.sys 577536 bytes (Microsoft Corporation, NT File System Driver)
0xAE641000 C:\WINDOWS\system32\drivers\btaudio.sys 524288 bytes (Broadcom Corporation., Bluetooth Audio Device)
0xB258D000 C:\WINDOWS\system32\DRIVERS\Wdf01000.sys 503808 bytes (Microsoft Corporation, WDF Dynamic)
0x9E017000 C:\WINDOWS\system32\DRIVERS\mrxsmb.sys 458752 bytes (Microsoft Corporation, Windows NT SMB Minirdr)
0xAE6F1000 C:\WINDOWS\system32\DRIVERS\update.sys 385024 bytes (Microsoft Corporation, Update Driver)
0x9E15C000 C:\WINDOWS\system32\DRIVERS\tcpip.sys 364544 bytes (Microsoft Corporation, TCP/IP Protocol Driver)
0x9DC09000 C:\WINDOWS\system32\DRIVERS\srv.sys 360448 bytes (Microsoft Corporation, Server driver)
0xB26D4000 C:\WINDOWS\system32\DRIVERS\rixdptsk.sys 331776 bytes (REDC, RICOH XD SM Driver)
0xBF459000 C:\WINDOWS\System32\ATMFD.DLL 290816 bytes (Adobe Systems Incorporated, Windows NT OpenType/Type 1 Font Driver)
0x9CE1C000 C:\WINDOWS\System32\Drivers\HTTP.sys 266240 bytes (Microsoft Corporation, HTTP Protocol Stack)
0x9DFDD000 C:\WINDOWS\system32\DRIVERS\OEM02Dev.sys 237568 bytes (Creative Technology Ltd., Video Capture Device Driver)
0x9E4E9000 C:\WINDOWS\system32\DRIVERS\HSFHWAZL.sys 212992 bytes (Conexant Systems, Inc., HSF_HWAZL WDM driver)
0xAE6C1000 C:\WINDOWS\system32\DRIVERS\NWADIenum.sys 196608 bytes (Novatel Wireless Inc, NWADI Interface Bus Enumerator)
0xAE74F000 C:\WINDOWS\system32\DRIVERS\rdpdr.sys 196608 bytes (Microsoft Corporation, Microsoft RDP Device redirector)
0xB9F79000 ACPI.sys 188416 bytes (Microsoft Corporation, ACPI Driver for NT)
0x9DD51000 C:\WINDOWS\system32\DRIVERS\mrxdav.sys 184320 bytes (Microsoft Corporation, Windows NT WebDav Minirdr)
0xB9D2D000 NDIS.sys 184320 bytes (Microsoft Corporation, NDIS 5.1 wrapper driver)
0xB26A8000 C:\WINDOWS\system32\DRIVERS\Apfiltr.sys 180224 bytes (Alps Electric Co., Ltd., Alps Touch Pad Driver)
0x9B382000 C:\WINDOWS\system32\drivers\kmixer.sys 176128 bytes (Microsoft Corporation, Kernel Mode Audio Mixer)
0x9E087000 C:\WINDOWS\system32\DRIVERS\rdbss.sys 176128 bytes (Microsoft Corporation, Redirected Drive Buffering SubSystem Driver)
0xBF024000 C:\WINDOWS\System32\igxpgd32.dll 172032 bytes (Intel Corporation, Intel Graphics 2D Driver)
0xB7DEE000 C:\WINDOWS\system32\DRIVERS\HDAudBus.sys 163840 bytes (Windows ® Server 2003 DDK provider, High Definition Audio Bus Driver v1.0a)
0x9E134000 C:\WINDOWS\system32\DRIVERS\netbt.sys 163840 bytes (Microsoft Corporation, MBT Transport driver)
0xB9F23000 dmio.sys 155648 bytes (Microsoft Corp., Veritas Software, NT Disk Manager I/O Driver)
0x9E10E000 C:\WINDOWS\system32\DRIVERS\ipnat.sys 155648 bytes (Microsoft Corporation, IP Network Address Translator)
0xAE61D000 C:\WINDOWS\system32\drivers\portcls.sys 147456 bytes (Microsoft Corporation, Port Class (Class Driver for Port/Miniport Devices))
0xB7E16000 C:\WINDOWS\system32\DRIVERS\USBPORT.SYS 147456 bytes (Microsoft Corporation, USB 1.1 & 2.0 Port Driver)
0xB12E7000 C:\WINDOWS\system32\DRIVERS\ks.sys 143360 bytes (Microsoft Corporation, Kernel CSA Library)
0x9D8EE000 C:\WINDOWS\System32\Drivers\RDPWD.SYS 143360 bytes (Microsoft Corporation, RDP Terminal Stack Driver (US/Canada Only, Not for Export))
0x9E0D4000 C:\WINDOWS\System32\drivers\afd.sys 139264 bytes (Microsoft Corporation, Ancillary Function Driver for WinSock)
0x9E0B2000 C:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS 139264 bytes (SUPERAdBlocker.com and SUPERAntiSpyware.com, SASKUTIL.SYS)
0x806E5000 ACPI_HAL 134528 bytes
0x806E5000 C:\WINDOWS\system32\hal.dll 134528 bytes (Microsoft Corporation, Hardware Abstraction Layer DLL)
0xB9E23000 fltMgr.sys 131072 bytes (Microsoft Corporation, Microsoft Filesystem Filter Manager)
0x9E1E8000 C:\WINDOWS\system32\DRIVERS\ehdrv.sys 126976 bytes (ESET, ESET Helper driver)
0xB9F49000 ftdisk.sys 126976 bytes (Microsoft Corporation, FT Disk Driver)
0x9E325000 C:\WINDOWS\system32\drivers\IntcHdmi.sys 126976 bytes (Intel® Corporation, Intel® High Definition Audio HDMI)
0xB9D13000 Mup.sys 106496 bytes (Microsoft Corporation, Multiple UNC Provider driver)
0xB9F0B000 atapi.sys 98304 bytes (Microsoft Corporation, IDE/ATAPI Port Driver)
0x9E0F6000 C:\WINDOWS\system32\DRIVERS\epfwtdir.sys 98304 bytes (ESET, ESET Antivirus Network Redirector)
0xB9DFA000 KSecDD.sys 94208 bytes (Microsoft Corporation, Kernel Security Support Provider Interface)
0xAF05F000 C:\WINDOWS\system32\DRIVERS\ndiswan.sys 94208 bytes (Microsoft Corporation, MS PPP Framing Driver (Strong Encryption))
0x9D3BF000 C:\WINDOWS\system32\drivers\wdmaud.sys 86016 bytes (Microsoft Corporation, MMSYSTEM Wave/Midi API mapper)
0xB2725000 C:\WINDOWS\system32\DRIVERS\rimsptsk.sys 81920 bytes (REDC, RICOH MS Driver)
0xB2739000 C:\WINDOWS\system32\DRIVERS\sdbus.sys 81920 bytes (Microsoft Corporation, SecureDigital Bus Driver)
0xB7E3A000 C:\WINDOWS\system32\DRIVERS\VIDEOPRT.SYS 81920 bytes (Microsoft Corporation, Video Port Driver)
0x9E1B5000 C:\WINDOWS\system32\DRIVERS\ipsec.sys 77824 bytes (Microsoft Corporation, IPSec Driver)
0xB9DE7000 WudfPf.sys 77824 bytes (Microsoft Corporation, Windows Driver Foundation - User-mode Driver Framework Platform Driver)
0xBF000000 C:\WINDOWS\System32\drivers\dxg.sys 73728 bytes (Microsoft Corporation, DirectX Graphics Driver)
0xBF012000 C:\WINDOWS\System32\igxprd32.dll 73728 bytes (Intel Corporation, Intel Graphics 2D Rotation Driver)
0xB9E11000 sr.sys 73728 bytes (Microsoft Corporation, System Restore Filesystem Filter Driver)
0xB9F68000 pci.sys 69632 bytes (Microsoft Corporation, NT Plug and Play PCI Enumerator)
0xAE7CF000 C:\WINDOWS\system32\DRIVERS\psched.sys 69632 bytes (Microsoft Corporation, MS QoS Packet Scheduler)
0xAEA0B000 C:\WINDOWS\System32\Drivers\btwusb.sys 65536 bytes (Broadcom Corporation., Driver for Bluetooth USB Devices)
0xAE9FB000 C:\WINDOWS\System32\Drivers\Cdfs.SYS 65536 bytes (Microsoft Corporation, CD-ROM File System Driver)
0xB3BB1000 C:\WINDOWS\system32\DRIVERS\cdrom.sys 65536 bytes (Microsoft Corporation, SCSI CD-ROM Driver)
0xBA148000 C:\WINDOWS\system32\DRIVERS\nic1394.sys 65536 bytes (Microsoft Corporation, IEEE1394 Ndis Miniport and Call Manager)
0xBA0B8000 ohci1394.sys 65536 bytes (Microsoft Corporation, 1394 OpenHCI Port Driver)
0xAEA5B000 C:\WINDOWS\system32\DRIVERS\arp1394.sys 61440 bytes (Microsoft Corporation, IP/1394 Arp Client)
0xB6281000 C:\WINDOWS\system32\drivers\drmk.sys 61440 bytes (Microsoft Corporation, Microsoft Kernel DRM Descrambler Filter)
0xBA118000 Lbd.sys 61440 bytes (Lavasoft AB, Boot Driver)
0xB3BA1000 C:\WINDOWS\system32\DRIVERS\redbook.sys 61440 bytes (Microsoft Corporation, Redbook Audio Filter Driver)
0xB6261000 C:\WINDOWS\system32\DRIVERS\rimmptsk.sys 61440 bytes (REDC, RICOH SD Driver)
0xBA228000 C:\WINDOWS\system32\drivers\sysaudio.sys 61440 bytes (Microsoft Corporation, System Audio WDM Filter)
0xB3C11000 C:\WINDOWS\system32\DRIVERS\usbhub.sys 61440 bytes (Microsoft Corporation, Default Hub Driver for USB)
0xBA0C8000 C:\WINDOWS\system32\DRIVERS\1394BUS.SYS 57344 bytes (Microsoft Corporation, 1394 Bus Device Driver)
0xBA108000 C:\WINDOWS\system32\DRIVERS\CLASSPNP.SYS 53248 bytes (Microsoft Corporation, SCSI Class System Dll)
0xB3C31000 C:\WINDOWS\system32\DRIVERS\i8042prt.sys 53248 bytes (Microsoft Corporation, i8042 Port Driver)
0xBA178000 C:\WINDOWS\system32\DRIVERS\rasl2tp.sys 53248 bytes (Microsoft Corporation, RAS L2TP mini-port/call-manager driver)
0xBA0E8000 VolSnap.sys 53248 bytes (Microsoft Corporation, Volume Shadow Copy Driver)
0xB3C21000 C:\WINDOWS\system32\DRIVERS\WDFLDR.SYS 53248 bytes (Microsoft Corporation, WDFLDR)
0xB64BA000 C:\WINDOWS\system32\DRIVERS\raspptp.sys 49152 bytes (Microsoft Corporation, Peer-to-Peer Tunneling Protocol)
0xAEA4B000 C:\WINDOWS\System32\Drivers\Fips.SYS 45056 bytes (Microsoft Corporation, FIPS Crypto Driver)
0xB3BC1000 C:\WINDOWS\system32\DRIVERS\imapi.sys 45056 bytes (Microsoft Corporation, IMAPI Kernel Driver)
0xBA0D8000 MountMgr.sys 45056 bytes (Microsoft Corporation, Mount Manager)
0xB652A000 C:\WINDOWS\system32\DRIVERS\raspppoe.sys 45056 bytes (Microsoft Corporation, RAS PPPoE mini-port/call-manager driver)
0xB3991000 C:\WINDOWS\system32\DRIVERS\GEARAspiWDM.sys 40960 bytes (GEAR Software Inc., CD DVD Filter)
0xBA0A8000 isapnp.sys 40960 bytes (Microsoft Corporation, PNP ISA Bus Driver)
0xB6271000 C:\WINDOWS\System32\Drivers\NDProxy.SYS 40960 bytes (Microsoft Corporation, NDIS Proxy)
0xBA128000 PxHelp20.sys 40960 bytes (Sonic Solutions, Px Engine Device Driver for Windows 2000/XP)
0xB649A000 C:\WINDOWS\system32\DRIVERS\termdd.sys 40960 bytes (Microsoft Corporation, Terminal Server Driver)
0x9CD0C000 C:\WINDOWS\System32\Drivers\BlackBox.SYS 36864 bytes (RKU Driver)
0xBA0F8000 disk.sys 36864 bytes (Microsoft Corporation, PnP Disk Driver)
0xAEA2B000 C:\WINDOWS\system32\DRIVERS\HIDCLASS.SYS 36864 bytes (Microsoft Corporation, Hid Class Library)
0xBA2E8000 C:\WINDOWS\system32\DRIVERS\intelppm.sys 36864 bytes (Microsoft Corporation, Processor Device Driver)
0xB64AA000 C:\WINDOWS\system32\DRIVERS\msgpc.sys 36864 bytes (Microsoft Corporation, MS General Packet Classifier)
0xAEA6B000 C:\WINDOWS\system32\DRIVERS\netbios.sys 36864 bytes (Microsoft Corporation, NetBIOS interface driver)
0xB3BD1000 C:\WINDOWS\system32\DRIVERS\wanarp.sys 36864 bytes (Microsoft Corporation, MS Remote Access and Routing ARP Driver)
0xB734C000 C:\WINDOWS\System32\Drivers\Modem.SYS 32768 bytes (Microsoft Corporation, Modem Device Driver)
0xAE7C7000 C:\WINDOWS\System32\Drivers\Npfs.SYS 32768 bytes (Microsoft Corporation, NPFS Driver)
0xAE7B7000 C:\WINDOWS\system32\DRIVERS\usbccgp.sys 32768 bytes (Microsoft Corporation, USB Common Class Generic Parent Driver)
0xBA3C0000 C:\WINDOWS\system32\DRIVERS\usbehci.sys 32768 bytes (Microsoft Corporation, EHCI eUSB Miniport Driver)
0xB735C000 C:\WINDOWS\system32\DRIVERS\btport.sys 28672 bytes (Broadcom Corporation., Bluetooth BTPORT Driver for Windows 2000)
0xB60CD000 C:\WINDOWS\system32\DRIVERS\HIDPARSE.SYS 28672 bytes (Microsoft Corporation, Hid Parsing Library)
0xBA328000 C:\WINDOWS\system32\DRIVERS\PCIIDEX.SYS 28672 bytes (Microsoft Corporation, PCI IDE Bus Driver Extension)
0xB60AD000 C:\WINDOWS\system32\DRIVERS\kbdclass.sys 24576 bytes (Microsoft Corporation, Keyboard Class Driver)
0xB60B5000 C:\WINDOWS\system32\DRIVERS\mouclass.sys 24576 bytes (Microsoft Corporation, Mouse Class Driver)
0xAE7BF000 C:\Program Files\SUPERAntiSpyware\SASDIFSV.SYS 24576 bytes (SUPERAdBlocker.com and SUPERAntiSpyware.com, SASDIFSV.SYS)
0xBA408000 C:\WINDOWS\System32\Drivers\TDTCP.SYS 24576 bytes (Microsoft Corporation, TCP Transport Driver)
0xBA3B8000 C:\WINDOWS\system32\DRIVERS\usbuhci.sys 24576 bytes (Microsoft Corporation, UHCI USB Miniport Driver)
0xB60C5000 C:\WINDOWS\System32\drivers\vga.sys 24576 bytes (Microsoft Corporation, VGA/Super VGA Video Driver)
0xB60BD000 C:\WINDOWS\System32\Drivers\Msfs.SYS 20480 bytes (Microsoft Corporation, Mailslot driver)
0xBA330000 PartMgr.sys 20480 bytes (Microsoft Corporation, Partition Manager)
0xBA470000 C:\WINDOWS\system32\DRIVERS\ptilink.sys 20480 bytes (Parallel Technologies, Inc., Parallel Technologies DirectParallel IO Library)
0xBA478000 C:\WINDOWS\system32\DRIVERS\raspti.sys 20480 bytes (Microsoft Corporation, PTI DirectParallel® mini-port/call-manager driver)
0xBA468000 C:\WINDOWS\system32\DRIVERS\TDI.SYS 20480 bytes (Microsoft Corporation, TDI Wrapper)
0xAE79F000 C:\WINDOWS\System32\watchdog.sys 20480 bytes (Microsoft Corporation, Watchdog Driver)
0xB2589000 C:\WINDOWS\SYSTEM32\DRIVERS\APPDRV.SYS 16384 bytes (Dell Inc, App Support Driver)
0xBA4C0000 C:\WINDOWS\system32\DRIVERS\BATTC.SYS 16384 bytes (Microsoft Corporation, Battery Class Driver)
0xB3D90000 C:\WINDOWS\system32\DRIVERS\CmBatt.sys 16384 bytes (Microsoft Corporation, Control Method Battery Driver)
0xB9C9E000 C:\WINDOWS\system32\DRIVERS\kbdhid.sys 16384 bytes (Microsoft Corporation, HID Mouse Filter Driver)
0x9DC69000 C:\WINDOWS\system32\DRIVERS\mdmxsdk.sys 16384 bytes (Conexant, Diagnostic Interface x86 Driver)
0xB7438000 C:\WINDOWS\system32\DRIVERS\mssmbios.sys 16384 bytes (Microsoft Corporation, System Management BIOS Driver)
0xBA584000 C:\WINDOWS\system32\DRIVERS\ndisuio.sys 16384 bytes (Microsoft Corporation, NDIS User mode I/O Driver)
0xBA4B8000 C:\WINDOWS\system32\BOOTVID.dll 12288 bytes (Microsoft Corporation, VGA Boot Driver)
0xBA4BC000 compbatt.sys 12288 bytes (Microsoft Corporation, Composite Battery Driver)
0xB92B7000 C:\WINDOWS\System32\drivers\Dxapi.sys 12288 bytes (Microsoft Corporation, DirectX API Driver)
0xB257D000 C:\WINDOWS\system32\DRIVERS\hidusb.sys 12288 bytes (Microsoft Corporation, USB Miniport Driver for Input Devices)
0xB2565000 C:\WINDOWS\system32\DRIVERS\mouhid.sys 12288 bytes (Microsoft Corporation, HID Mouse Filter Driver)
0xBA580000 C:\WINDOWS\system32\DRIVERS\ndistapi.sys 12288 bytes (Microsoft Corporation, NDIS 3.0 connection wrapper driver)
0xB3A7D000 C:\WINDOWS\system32\DRIVERS\rasacd.sys 12288 bytes (Microsoft Corporation, RAS Automatic Connection Driver)
0xB3D8C000 C:\WINDOWS\system32\DRIVERS\wmiacpi.sys 12288 bytes (Microsoft Corporation, Windows Management Interface for ACPI)
0xBA662000 C:\WINDOWS\System32\Drivers\Beep.SYS 8192 bytes (Microsoft Corporation, BEEP Driver)
0xBA5AC000 dmload.sys 8192 bytes (Microsoft Corp., Veritas Software., NT Disk Manager Startup Driver)
0xBA660000 C:\WINDOWS\System32\Drivers\Fs_Rec.SYS 8192 bytes (Microsoft Corporation, File System Recognizer Driver)
0xBA5B6000 C:\WINDOWS\system32\DRIVERS\gflmouhid.sys 8192 bytes (-, WDM NULL filter driver)
0xBA5A8000 C:\WINDOWS\system32\KDCOM.DLL 8192 bytes (Microsoft Corporation, Kernel Debugger HW Extension DLL)
0xBA664000 C:\WINDOWS\System32\Drivers\mnmdd.SYS 8192 bytes (Microsoft Corporation, Frame buffer simulator)
0xBA5B0000 C:\WINDOWS\system32\DRIVERS\OEM02Vfx.sys 8192 bytes (EyePower Games Pte. Ltd., Advanced Video FX Filter
Driver (Win2K based))
0xBA666000 C:\WINDOWS\System32\DRIVERS\RDPCDD.sys 8192 bytes (Microsoft Corporation, RDP Miniport)
0xBA610000 C:\WINDOWS\system32\DRIVERS\swenum.sys 8192 bytes (Microsoft Corporation, Plug and Play Software Device Enumerator)
0xBA64E000 C:\WINDOWS\system32\DRIVERS\USBD.SYS 8192 bytes (Microsoft Corporation, Universal Serial Bus Driver)
0xBA5AA000 C:\WINDOWS\system32\DRIVERS\WMILIB.SYS 8192 bytes (Microsoft Corporation, WMILIB WMI support library Dll)
0xBA76B000 C:\WINDOWS\system32\DRIVERS\audstub.sys 4096 bytes (Microsoft Corporation, AudStub Driver)
0xAF27E000 C:\WINDOWS\System32\drivers\dxgthk.sys 4096 bytes (Microsoft Corporation, DirectX Graphics Driver Thunk)
0xBA780000 C:\WINDOWS\System32\Drivers\Null.SYS 4096 bytes (Microsoft Corporation, NULL Driver)
0xBA670000 pciide.sys 4096 bytes (Microsoft Corporation, Generic PCI IDE Bus Driver)
==============================================
>Stealth
==============================================
0x8975EF13 Unknown page with executable code, 237 bytes
0x897EFDA4 Unknown page with executable code, 604 bytes
0x897F7D46 Unknown page with executable code, 698 bytes


Here is OTL.txt

OTL logfile created on: 04.Jun.11 7:51:35 PM - Run 1
OTL by OldTimer - Version 3.2.23.0 Folder = C:\Documents and Settings\Andrew\Desktop
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: dd.MMM.yy

1.99 Gb Total Physical Memory | 0.26 Gb Available Physical Memory | 12.83% Memory free
3.84 Gb Paging File | 2.35 Gb Available in Paging File | 61.32% Paging File free
Paging file location(s): C:\pagefile.sys 2046 4092 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 34.00 Gb Total Space | 12.38 Gb Free Space | 36.42% Space Free | Partition Type: NTFS
Drive D: | 62.00 Gb Total Space | 14.45 Gb Free Space | 23.30% Space Free | Partition Type: NTFS
Drive E: | 52.89 Gb Total Space | 14.92 Gb Free Space | 28.20% Space Free | Partition Type: NTFS
Drive F: | 102.81 Mb Total Space | 0.00 Mb Free Space | 0.00% Space Free | Partition Type: CDFS

Computer Name: HOME-ANDREW-PC1 | User Name: Andrew | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2011.06.04 19:51:00 | 000,580,096 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Andrew\Desktop\OTL.exe
PRC - [2011.06.03 11:07:55 | 000,140,952 | ---- | M] (Google Inc.) -- C:\Program Files\Google\Update\1.3.21.57\GoogleCrashHandler.exe
PRC - [2011.04.19 08:44:40 | 000,399,416 | ---- | M] (Secunia) -- C:\Program Files\Secunia\PSI\sua.exe
PRC - [2010.08.12 14:16:26 | 000,810,144 | ---- | M] (ESET) -- C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe
PRC - [2010.08.12 14:16:12 | 002,215,064 | ---- | M] (ESET) -- C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe
PRC - [2010.02.04 23:15:14 | 000,121,344 | ---- | M] (Airytec) -- C:\Program Files\Switch Off\swoff.exe
PRC - [2008.07.21 15:53:04 | 000,193,888 | ---- | M] (Seagate Technology LLC) -- C:\Program Files\Maxtor\Sync\SyncServices.exe
PRC - [2008.04.14 03:42:20 | 001,033,728 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
PRC - [2007.10.25 13:31:20 | 000,167,936 | ---- | M] (Alps Electric Co., Ltd.) -- C:\Program Files\DellTPad\Apoint.exe
PRC - [2007.06.23 14:28:32 | 000,331,851 | ---- | M] () -- C:\Program Files\Dell\Dell Mobile Broadband\systray.exe
PRC - [2007.06.06 16:44:44 | 000,049,152 | ---- | M] (Alps Electric Co., Ltd.) -- C:\Program Files\DellTPad\ApntEx.exe
PRC - [2007.05.22 14:18:56 | 000,050,736 | ---- | M] (Alps Electric Co., Ltd.) -- C:\Program Files\DellTPad\ApMsgFwd.exe
PRC - [2007.05.10 10:22:32 | 000,405,504 | ---- | M] (SigmaTel, Inc.) -- C:\Program Files\SigmaTel\C-Major Audio\WDM\stsystra.exe
PRC - [2006.09.08 15:10:22 | 000,040,960 | ---- | M] (Alps Electric Co., Ltd.) -- C:\Program Files\DellTPad\hidfind.exe


========== Modules (SafeList) ==========

MOD - [2011.06.04 19:51:00 | 000,580,096 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Andrew\Desktop\OTL.exe
MOD - [2010.08.23 18:12:02 | 001,054,208 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.6028_x-ww_61e65202\comctl32.dll


========== Win32 Services (SafeList) ==========

SRV - [2011.04.19 08:44:40 | 000,993,848 | ---- | M] (Secunia) [On_Demand | Stopped] -- C:\Program Files\Secunia\PSI\PSIA.exe -- (Secunia PSI Agent)
SRV - [2011.04.19 08:44:40 | 000,399,416 | ---- | M] (Secunia) [Auto | Running] -- C:\Program Files\Secunia\PSI\sua.exe -- (Secunia Update Agent)
SRV - [2010.08.12 14:18:40 | 000,033,584 | ---- | M] (ESET) [On_Demand | Stopped] -- C:\Program Files\ESET\ESET NOD32 Antivirus\EHttpSrv.exe -- (EhttpSrv)
SRV - [2010.08.12 14:16:26 | 000,810,144 | ---- | M] (ESET) [Auto | Running] -- C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe -- (ekrn)
SRV - [2010.02.04 23:15:14 | 000,121,344 | ---- | M] (Airytec) [Auto | Stopped] -- C:\Program Files\Switch Off\swoff.exe -- (SwOffWeb)
SRV - [2010.02.04 23:15:14 | 000,121,344 | ---- | M] (Airytec) [Auto | Running] -- C:\Program Files\Switch Off\swoff.exe -- (SwOffScheduler)
SRV - [2008.07.21 15:53:04 | 000,193,888 | ---- | M] (Seagate Technology LLC) [Auto | Running] -- C:\Program Files\Maxtor\Sync\SyncServices.exe -- (Maxtor Sync Service)


========== Driver Services (SafeList) ==========

DRV - [2010.09.01 10:30:58 | 000,015,544 | ---- | M] (Secunia) [File_System | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\psi_mf.sys -- (PSI)
DRV - [2010.08.12 14:15:20 | 000,064,288 | ---- | M] (Lavasoft AB) [File_System | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\Lbd.sys -- (Lbd)
DRV - [2010.08.04 11:50:36 | 000,140,752 | ---- | M] (ESET) [File_System | Auto | Running] -- C:\WINDOWS\system32\drivers\eamon.sys -- (eamon)
DRV - [2010.08.03 13:28:36 | 000,095,896 | ---- | M] (ESET) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\epfwtdir.sys -- (epfwtdir)
DRV - [2010.07.29 13:31:26 | 000,115,008 | ---- | M] (ESET) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\ehdrv.sys -- (ehdrv)
DRV - [2010.05.10 20:41:30 | 000,067,656 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Running] -- C:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS -- (SASKUTIL)
DRV - [2010.02.17 20:25:48 | 000,012,872 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Running] -- C:\Program Files\SUPERAntiSpyware\sasdifsv.sys -- (SASDIFSV)
DRV - [2009.12.18 11:58:52 | 000,011,336 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Program Files\SystemRequirementsLab\cpudrv.sys -- (cpudrv)
DRV - [2007.12.26 20:02:52 | 000,164,400 | ---- | M] (Alps Electric Co., Ltd.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\Apfiltr.sys -- (ApfiltrService)
DRV - [2007.10.09 19:17:42 | 001,123,328 | ---- | M] (Broadcom Corp.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\BCMWL5.SYS -- (BCM43XX)
DRV - [2007.09.17 10:22:00 | 000,265,856 | ---- | M] (Marvell) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\yk51x86.sys -- (yukonwxp)
DRV - [2007.08.02 17:35:12 | 000,989,952 | R--- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\HSF_DPV.sys -- (HSF_DPV)
DRV - [2007.08.02 17:34:30 | 000,211,200 | R--- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\HSFHWAZL.sys -- (HSFHWAZL)
DRV - [2007.08.02 17:34:26 | 000,731,136 | R--- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\HSF_CNXT.sys -- (winachsf)
DRV - [2007.07.18 01:02:00 | 000,235,520 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\OEM02Dev.sys -- (OEM02Dev)
DRV - [2007.06.08 01:00:00 | 000,141,376 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\OEM02Afx.sys -- (OEM02Afx)
DRV - [2007.06.01 13:57:18 | 000,178,176 | ---- | M] (Novatel Wireless Inc) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\NWADIenum.sys -- (NWADI)
DRV - [2007.05.30 16:50:54 | 000,027,072 | ---- | M] (Printing Communications Assoc., Inc. (PCAUSA)) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\PCASp50.sys -- (PCASp50)
DRV - [2007.05.10 10:24:34 | 001,222,840 | ---- | M] (SigmaTel, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\sthda.sys -- (STHDA)
DRV - [2007.05.04 23:00:00 | 000,105,984 | ---- | M] (Intel® Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\IntcHdmi.sys -- (IntcHdmiAddService) Intel®
DRV - [2007.05.03 12:37:08 | 000,022,152 | ---- | M] (Maxtor Corp.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\mxopswd.sys -- (MXOPSWD)
DRV - [2007.03.31 13:02:42 | 000,876,384 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\btkrnl.sys -- (BTKRNL)
DRV - [2007.03.31 13:02:40 | 000,055,352 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\btwhid.sys -- (btwhid)
DRV - [2007.03.23 10:50:42 | 000,067,960 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\btwusb.sys -- (BTWUSB)
DRV - [2007.03.23 10:50:36 | 000,037,280 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\btwmodem.sys -- (btwmodem)
DRV - [2007.03.23 10:50:24 | 000,149,123 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\btwdndis.sys -- (BTWDNDIS)
DRV - [2007.03.23 10:50:08 | 000,037,424 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\btport.sys -- (BTDriver)
DRV - [2007.03.23 10:49:54 | 000,539,072 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\btaudio.sys -- (btaudio)
DRV - [2007.03.21 22:02:04 | 000,037,376 | ---- | M] (REDC) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\rixdptsk.sys -- (rismxdp)
DRV - [2007.03.05 18:45:00 | 000,007,424 | ---- | M] (EyePower Games Pte. Ltd.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\OEM02Vfx.sys -- (OEM02Vfx)
DRV - [2007.02.24 14:42:22 | 000,039,936 | ---- | M] (REDC) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\rimmptsk.sys -- (rimmptsk)
DRV - [2007.01.23 16:40:20 | 000,042,496 | ---- | M] (REDC) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\rimsptsk.sys -- (rimsptsk)
DRV - [2005.08.12 16:50:46 | 000,016,128 | ---- | M] (Dell Inc) [Kernel | System | Running] -- C:\WINDOWS\SYSTEM32\DRIVERS\APPDRV.SYS -- (APPDRV)
DRV - [2003.08.07 16:42:30 | 000,006,528 | ---- | M] () [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\gflmouhid.sys -- (genmcmnUSB)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========



IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0



IE - HKU\S-1-5-21-746137067-1220945662-1801674531-1003\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com/
IE - HKU\S-1-5-21-746137067-1220945662-1801674531-1003\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-us
IE - HKU\S-1-5-21-746137067-1220945662-1801674531-1003\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

========== FireFox ==========

FF - prefs.js..browser.startup.homepage: "http://www.google.com/"
FF - prefs.js..extensions.enabledItems: jqs@sun.com:1.0
FF - prefs.js..extensions.enabledItems: {1E73965B-8B48-48be-9C8D-68B920ABC1C4}:10.0.0.1209

FF - HKLM\software\mozilla\Firefox\extensions\\{22119944-ED35-4ab1-910B-E619EA06A115}: C:\Program Files\Siber Systems\AI RoboForm\Firefox [2008.10.31 01:24:17 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.17\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2011.05.05 23:38:17 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.17\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2011.05.15 02:53:25 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Thunderbird\Extensions\\eplgTb@eset.com: C:\Program Files\ESET\ESET NOD32 Antivirus\Mozilla Thunderbird [2011.05.26 14:28:15 | 000,000,000 | ---D | M]

[2011.04.24 16:51:32 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Andrew\Application Data\Mozilla\Extensions
[2009.10.25 20:20:12 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Andrew\Application Data\Mozilla\Extensions\mozswing@mozswing.org
[2011.05.15 16:33:07 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Andrew\Application Data\Mozilla\Firefox\Profiles\ogjof8ok.default\extensions
[2011.05.15 02:53:26 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
[2011.05.15 02:53:27 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}
File not found (No name found) -- C:\PROGRAM FILES\AVG\AVG10\FIREFOX4
[2011.05.15 02:53:11 | 000,000,000 | ---D | M] (Java Quick Starter) -- C:\PROGRAM FILES\JAVA\JRE6\LIB\DEPLOY\JQS\FF
[2011.05.15 02:53:11 | 000,472,808 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Mozilla Firefox\plugins\npdeployJava1.dll

O1 HOSTS File: ([2011.06.02 03:57:17 | 000,000,027 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - No CLSID value found.
O2 - BHO: (AcroIEHlprObj Class) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
O2 - BHO: (BitComet Helper) - {39F7E362-828A-4B5A-BCAF-5B79BFDFEA60} - C:\Program Files\BitComet\tools\BitCometBHO_1.4.12.6.dll (BitComet)
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found.
O2 - BHO: (no name) - {724d43a9-0d85-11d4-9908-00400523e39a} - C:\Program Files\Siber Systems\AI RoboForm\roboform.dll (Siber Systems Inc.)
O2 - BHO: (CatcherBHO Class) - {9B4DF450-DCC7-4B07-935D-0CD757A64583} - C:\Program Files\Moyea YouTube FLV Downloader\MoyeaCatcher.dll (Moyea Software Co., Ltd.)
O2 - BHO: (no name) - {AE7CD045-E861-484f-8273-0445EE161910} - No CLSID value found.
O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.7.6406.1642\swg.dll (Google Inc.)
O2 - BHO: (FDMIECookiesBHO Class) - {CC59E0F9-7E43-44FA-9FAA-8377850BF205} - C:\Program Files\Free Download Manager\iefdm2.dll ()
O3 - HKLM\..\Toolbar: (&RoboForm) - {724d43a0-0d85-11d4-9908-00400523e39a} - C:\Program Files\Siber Systems\AI RoboForm\roboform.dll (Siber Systems Inc.)
O3 - HKU\S-1-5-21-746137067-1220945662-1801674531-1003\..\Toolbar\WebBrowser: (no name) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - No CLSID value found.
O3 - HKU\S-1-5-21-746137067-1220945662-1801674531-1003\..\Toolbar\WebBrowser: (&RoboForm) - {724D43A0-0D85-11D4-9908-00400523E39A} - C:\Program Files\Siber Systems\AI RoboForm\roboform.dll (Siber Systems Inc.)
O4 - HKLM..\Run: [Apoint] C:\Program Files\DellTPad\Apoint.exe (Alps Electric Co., Ltd.)
O4 - HKLM..\Run: [egui] C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe (ESET)
O4 - HKLM..\Run: [SigmaTel Audio] C:\Program Files\SigmaTel\C-Major Audio\DellXPM_5515v133\setup.exe (InstallShield Software Corporation)
O4 - HKLM..\Run: [SigmatelSysTrayApp] C:\Program Files\SigmaTel\C-Major Audio\WDM\stsystra.exe (SigmaTel, Inc.)
O4 - HKLM..\Run: [systray] C:\Program Files\Dell\Dell Mobile Broadband\systray.exe ()
O4 - Startup: C:\Documents and Settings\Andrew\Start Menu\programs\Startup\Adobe Acrobat Speed Launcher.lnk = C:\WINDOWS\Installer\{AC76BA86-1033-AF00-BA7E-100000000002}\SC_Acrobat.exe ()
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Recovery present
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Recovery present
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Recovery present
O7 - HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Recovery present
O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-21-746137067-1220945662-1801674531-1003\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-746137067-1220945662-1801674531-1003\Software\Policies\Microsoft\Internet Explorer\Recovery present
O7 - HKU\S-1-5-21-746137067-1220945662-1801674531-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKU\S-1-5-21-746137067-1220945662-1801674531-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKU\S-1-5-21-746137067-1220945662-1801674531-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O8 - Extra context menu item: Download with Free Download Manager - C:\Program Files\Free Download Manager\dllink.htm ()
O8 - Extra context menu item: Google Sidewiki... - C:\Program Files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_6CE5017F567343CA.dll (Google Inc.)
O9 - Extra Button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O9 - Extra 'Tools' menuitem : @btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O9 - Extra Button: BitComet - {D18A0B52-D63C-4ed0-AFC6-C1E3DC1AF43A} - C:\Program Files\BitComet\tools\BitCometBHO_1.4.12.6.dll (BitComet)
O9 - Extra Button: Run IMVU - {d9288080-1baa-4bc4-9cf8-a92d743db949} - Reg Error: Value error. File not found
O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O16 - DPF: {01A88BB1-1174-41EC-ACCB-963509EAE56B} http://support.dell.com/systemprofiler/SysPro.CAB (SysProWmi Class)
O16 - DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} http://appldnld.apple.com.edgesuite.net/content.info.apple.com/QuickTime/qtactivex/qtplugin.cab (QuickTime Plugin Control)
O16 - DPF: {05CA9FB0-3E3E-4B36-BF41-0E3A5CAA8CD8} http://download.microsoft.com/download/e/4/9/e494c802-dd90-4c6b-a074-469358f075a6/OGAControl.cab (Office Genuine Advantage Validation Tool)
O16 - DPF: {0CCA191D-13A6-4E29-B746-314DEE697D83} http://upload.facebook.com/controls/2008.10.10_v5.5.8/FacebookPhotoUploader5.cab (Facebook Photo Uploader 5 Control)
O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} http://download.macromedia.com/pub/shockwave/cabs/director/sw.cab (Shockwave ActiveX Control)
O16 - DPF: {362C56AA-6E4F-40C7-A0B5-85501DBDAD77} http://i.dell.com/images/global/js/scanner/SysProExe.cab (Scanner.SysScanner)
O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} http://messenger.zone.msn.com/EN-US/a-UNO1/GAME_UNO1.cab (UnoCtrl Class)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab (Java Plug-in 1.6.0_24)
O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} http://fpdownload.macromedia.com/get/flashplayer/current/polarbear/ultrashim.cab (Reg Error: Key error.)
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} http://messenger.zone.msn.com/binary/ZIntro.cab56649.cab (MSN Games - Installer)
O16 - DPF: {C1F8FC10-E5DB-4112-9DBF-6C3FF728D4E3} http://support.dell.com/systemprofiler/DellSystemLite.CAB (DellSystemLite.Scanner)
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab (MessengerStatsClient Class)
O16 - DPF: {CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_05-windows-i586.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab (Java Plug-in 1.6.0_07)
O16 - DPF: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab (Java Plug-in 1.6.0_24)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab (Java Plug-in 1.6.0_24)
O16 - DPF: {CF84DAC5-A4F5-419E-A0BA-C01FFD71112F} http://content.systemrequirementslab.com.s3.amazonaws.com/global/bin/srldetect_intel_4.4.24.0.cab (SysInfo Class)
O16 - DPF: {E6F480FC-BD44-4CBA-B74A-89AF7842937D} http://content.systemrequirementslab.com.s3.amazonaws.com/global/bin/srldetect_cyri_4.4.21.0.cab (SysInfo Class)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - Winlogon\Notify\!SASWinLogon: DllName - C:\Program Files\SUPERAntiSpyware\SASWINLO.DLL - C:\Program Files\SUPERAntiSpyware\SASWINLO.DLL (SUPERAntiSpyware.com)
O20 - Winlogon\Notify\NavLogon: DllName - C:\WINDOWS\system32\NavLogon.dll - File not found
O24 - Desktop WallPaper: C:\Documents and Settings\Andrew\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O24 - Desktop BackupWallPaper: C:\Documents and Settings\Andrew\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O28 - HKLM ShellExecuteHooks: {56F9679E-7826-4C84-81F3-532071A8BCC5} - C:\Program Files\Windows Desktop Search\MsnlNamespaceMgr.dll (Microsoft Corporation)
O28 - HKLM ShellExecuteHooks: {5AE067D3-9AFB-48E0-853A-EBB7F4A000DA} - C:\Program Files\SUPERAntiSpyware\SASSEH.DLL (SuperAdBlocker.com)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2008.10.24 18:55:49 | 000,000,050 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O32 - AutoRun File - [2008.11.14 23:52:42 | 000,000,000 | R--D | M] - C:\autorun.inf -- [ NTFS ]
O32 - AutoRun File - [2008.11.14 23:52:42 | 000,000,000 | R--D | M] - D:\autorun.inf -- [ NTFS ]
O32 - AutoRun File - [2008.11.14 23:52:42 | 000,000,000 | R--D | M] - E:\autorun.inf -- [ NTFS ]
O32 - AutoRun File - [1997.07.25 13:53:12 | 000,088,576 | R--- | M] () - F:\AUTORUN.EXE -- [ CDFS ]
O32 - AutoRun File - [1997.07.28 17:02:58 | 000,000,766 | R--- | M] () - F:\AUTORUN.ICO -- [ CDFS ]
O32 - AutoRun File - [1997.07.16 12:03:20 | 000,000,052 | R--- | M] () - F:\AUTORUN.INF -- [ CDFS ]
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

========== Files/Folders - Created Within 30 Days ==========

[2011.06.04 19:50:42 | 000,580,096 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Andrew\Desktop\OTL.exe
[2011.06.03 03:41:01 | 000,000,000 | RH-D | C] -- C:\Documents and Settings\Andrew\Recent
[2011.06.02 04:35:45 | 000,000,000 | -HSD | C] -- C:\RECYCLER
[2011.06.02 03:43:15 | 000,000,000 | ---D | C] -- C:\WINDOWS\temp
[2011.06.02 03:33:06 | 000,000,000 | ---D | C] -- C:\ComboFix
[2011.06.01 15:07:05 | 000,000,000 | ---D | C] -- C:\HelpAsst_backup
[2011.05.31 21:46:56 | 000,000,000 | RHSD | C] -- C:\cmdcons
[2011.05.31 21:22:22 | 000,518,144 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWREG.exe
[2011.05.31 21:22:22 | 000,060,416 | ---- | C] (NirSoft) -- C:\WINDOWS\NIRCMD.exe
[2011.05.31 21:22:21 | 000,406,528 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWSC.exe
[2011.05.31 21:22:21 | 000,212,480 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWXCACLS.exe
[2011.05.31 21:21:54 | 000,000,000 | ---D | C] -- C:\WINDOWS\ERDNT
[2011.05.31 21:08:17 | 000,000,000 | ---D | C] -- C:\Qoobox
[2011.05.30 03:39:04 | 000,017,272 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\spmsg.dll
[2011.05.28 18:25:42 | 000,000,000 | ---D | C] -- C:\Documents and Settings\LocalService\Local Settings\Application Data\ESET
[2011.05.26 15:12:04 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Andrew\Local Settings\Application Data\ESET
[2011.05.26 14:28:14 | 000,000,000 | ---D | C] -- C:\Program Files\ESET
[2011.05.26 14:28:14 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\ESET
[2011.05.26 14:28:14 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\ESET
[2011.05.19 02:24:11 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Andrew\Application Data\SUPERAntiSpyware.com
[2011.05.19 02:24:11 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\SUPERAntiSpyware.com
[2011.05.19 02:23:47 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\SUPERAntiSpyware
[2011.05.19 02:23:40 | 000,000,000 | ---D | C] -- C:\Program Files\SUPERAntiSpyware
[2011.05.16 22:44:22 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Andrew\Start Menu\Programs\AVG 2011
[2011.05.16 22:44:22 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Andrew\Start Menu\Programs\AI RoboForm
[2011.05.16 22:44:22 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Andrew\Start Menu\Programs\Administrative Tools
[2011.05.16 22:44:21 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Andrew\Start Menu\Programs\Knowledge Adventure et Edusoft
[2011.05.16 22:44:21 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Andrew\Start Menu\Programs\HijackThis
[2011.05.16 22:44:21 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Andrew\Start Menu\Programs\Google Earth
[2011.05.16 22:44:21 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Andrew\Start Menu\Programs\Games
[2011.05.16 22:44:21 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Andrew\Start Menu\Programs\FIFA 08
[2011.05.16 22:44:21 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Andrew\Start Menu\Programs\FastStone Image Viewer
[2011.05.16 22:44:21 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Andrew\Start Menu\Programs\Dell Wireless
[2011.05.16 22:44:21 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Andrew\Start Menu\Programs\Dell Webcam
[2011.05.16 22:44:21 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Andrew\Start Menu\Programs\Dell QuickSet
[2011.05.16 22:44:21 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Andrew\Start Menu\Programs\Creative Live! Cam
[2011.05.16 22:44:21 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Andrew\Start Menu\Programs\BitComet
[2011.05.16 22:44:21 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Andrew\Start Menu\Programs\AVG PC Tuneup 2011
[2011.05.16 22:44:20 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Andrew\Start Menu\Programs\Skype
[2011.05.16 22:44:20 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Andrew\Start Menu\Programs\Seagate
[2011.05.16 22:44:20 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Andrew\Start Menu\Programs\Nero
[2011.05.16 22:44:20 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Andrew\Start Menu\Programs\Myibay Auction bid sniper for eBay
[2011.05.16 22:44:20 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Andrew\Start Menu\Programs\muvee autoProducer 6.1
[2011.05.16 22:44:20 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Andrew\Start Menu\Programs\Mozilla Firefox
[2011.05.16 22:44:20 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Andrew\Start Menu\Programs\Moyea YouTube FLV Downloader
[2011.05.16 22:44:20 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Andrew\Start Menu\Programs\Microsoft Works
[2011.05.16 22:44:20 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Andrew\Start Menu\Programs\Microsoft Office
[2011.05.16 22:44:20 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Andrew\Start Menu\Programs\Maxtor
[2011.05.16 22:44:20 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Andrew\Start Menu\Programs\Lavasoft
[2011.05.16 22:44:19 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Andrew\Start Menu\Programs\XviD
[2011.05.16 22:44:19 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Andrew\Start Menu\Programs\Windows Live
[2011.05.16 22:44:19 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Andrew\Start Menu\Programs\VideoLAN
[2011.05.16 22:44:19 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Andrew\Start Menu\Programs\TLC-Edusoft
[2011.05.16 22:44:19 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Andrew\Start Menu\Programs\The Sims
[2011.05.15 17:01:50 | 000,138,752 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\sndvol32.exe
[2011.05.15 17:01:50 | 000,138,752 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\sndvol32.exe
[2011.05.15 16:43:59 | 000,116,224 | ---- | C] (Xerox) -- C:\WINDOWS\System32\dllcache\xrxwiadr.dll
[2011.05.15 16:43:55 | 000,023,040 | ---- | C] (Xerox Corporation) -- C:\WINDOWS\System32\dllcache\xrxwbtmp.dll
[2011.05.15 16:43:45 | 000,004,608 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\xrxflnch.exe
[2011.05.15 16:43:11 | 000,099,865 | ---- | C] (Eicon Technology) -- C:\WINDOWS\System32\dllcache\xlog.exe
[2011.05.15 16:43:00 | 000,016,970 | ---- | C] (US Robotics MCD (Megahertz)) -- C:\WINDOWS\System32\dllcache\xem336n5.sys
[2011.05.15 16:42:59 | 000,019,455 | ---- | C] (Intel® Corporation) -- C:\WINDOWS\System32\dllcache\wvchntxx.sys
[2011.05.15 16:42:55 | 000,012,063 | ---- | C] (Intel® Corporation) -- C:\WINDOWS\System32\dllcache\wsiintxx.sys
[2011.05.15 16:42:55 | 000,008,192 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\wshirda.dll
[2011.05.15 16:42:36 | 000,154,624 | ---- | C] (Lucent Technologies) -- C:\WINDOWS\System32\dllcache\wlluc48.sys
[2011.05.15 16:42:33 | 000,034,890 | ---- | C] (Raytheon Corp.) -- C:\WINDOWS\System32\dllcache\wlandrv2.sys
[2011.05.15 16:42:20 | 000,771,581 | ---- | C] (Rockwell) -- C:\WINDOWS\System32\dllcache\winacisa.sys
[2011.05.15 16:42:12 | 000,053,760 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\wiamsmud.dll
[2011.05.15 16:42:09 | 000,087,040 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\wiafbdrv.dll
[2011.05.15 16:41:59 | 000,701,386 | ---- | C] (3Com Corporation) -- C:\WINDOWS\System32\dllcache\wdhaalba.sys
[2011.05.15 16:41:58 | 000,023,615 | ---- | C] (Intel® Corporation) -- C:\WINDOWS\System32\dllcache\wch7xxnt.sys
[2011.05.15 16:41:57 | 000,031,744 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\wceusbsh.sys
[2011.05.15 16:41:52 | 000,035,871 | ---- | C] (Winbond Electronics Corp.) -- C:\WINDOWS\System32\dllcache\wbfirdma.sys
[2011.05.15 16:41:50 | 000,025,471 | ---- | C] (Intel® Corporation) -- C:\WINDOWS\System32\dllcache\watv10nt.sys
[2011.05.15 16:41:49 | 000,033,599 | ---- | C] (Intel® Corporation) -- C:\WINDOWS\System32\dllcache\watv04nt.sys
[2011.05.15 16:41:49 | 000,022,271 | ---- | C] (Intel® Corporation) -- C:\WINDOWS\System32\dllcache\watv06nt.sys
[2011.05.15 16:41:48 | 000,029,311 | ---- | C] (Intel® Corporation) -- C:\WINDOWS\System32\dllcache\watv01nt.sys
[2011.05.15 16:41:48 | 000,019,551 | ---- | C] (Intel® Corporation) -- C:\WINDOWS\System32\dllcache\watv02nt.sys
[2011.05.15 16:41:40 | 000,011,935 | ---- | C] (Intel® Corporation) -- C:\WINDOWS\System32\dllcache\wadv11nt.sys
[2011.05.15 16:41:39 | 000,011,871 | ---- | C] (Intel® Corporation) -- C:\WINDOWS\System32\dllcache\wadv09nt.sys
[2011.05.15 16:41:38 | 000,011,807 | ---- | C] (Intel® Corporation) -- C:\WINDOWS\System32\dllcache\wadv07nt.sys
[2011.05.15 16:41:38 | 000,011,295 | ---- | C] (Intel® Corporation) -- C:\WINDOWS\System32\dllcache\wadv08nt.sys
[2011.05.15 16:41:37 | 000,012,127 | ---- | C] (Intel® Corporation) -- C:\WINDOWS\System32\dllcache\wadv02nt.sys
[2011.05.15 16:41:37 | 000,011,775 | ---- | C] (Intel® Corporation) -- C:\WINDOWS\System32\dllcache\wadv05nt.sys
[2011.05.15 16:41:36 | 000,012,415 | ---- | C] (Intel® Corporation) -- C:\WINDOWS\System32\dllcache\wadv01nt.sys
[2011.05.15 16:41:35 | 000,014,208 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\wacompen.sys
[2011.05.15 16:41:28 | 000,016,925 | ---- | C] (Winbond Electronics Corporation) -- C:\WINDOWS\System32\dllcache\w940nd.sys
[2011.05.15 16:41:22 | 000,019,016 | ---- | C] (Winbond Electronics Corporation) -- C:\WINDOWS\System32\dllcache\w926nd.sys
[2011.05.15 16:41:15 | 000,019,528 | ---- | C] (Winbond Electronics Corporation) -- C:\WINDOWS\System32\dllcache\w840nd.sys
[2011.05.15 16:41:01 | 000,064,605 | ---- | C] (PCtel, Inc.) -- C:\WINDOWS\System32\dllcache\vvoice.sys
[2011.05.15 16:40:58 | 000,397,502 | ---- | C] (PCtel, Inc.) -- C:\WINDOWS\System32\dllcache\vpctcom.sys
[2011.05.15 16:40:49 | 000,604,253 | ---- | C] (PCTEL, INC.) -- C:\WINDOWS\System32\dllcache\vmodem.sys
[2011.05.15 16:40:41 | 000,249,402 | ---- | C] (Xircom) -- C:\WINDOWS\System32\dllcache\vinwm.sys
[2011.05.15 16:40:36 | 000,024,576 | ---- | C] (VIA Technologies, Inc.) -- C:\WINDOWS\System32\dllcache\viairda.sys
[2011.05.15 16:40:36 | 000,005,376 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\viaide.sys
[2011.05.15 16:40:35 | 000,042,240 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\viaagp.sys
[2011.05.15 16:40:34 | 000,011,325 | ---- | C] (Intel® Corporation) -- C:\WINDOWS\System32\dllcache\vchnt5.dll
[2011.05.15 16:40:26 | 000,687,999 | ---- | C] (U.S. Robotics Corporation) -- C:\WINDOWS\System32\dllcache\usrwdxjs.sys
[2011.05.15 16:40:23 | 000,765,884 | ---- | C] (U.S. Robotics, Inc.) -- C:\WINDOWS\System32\dllcache\usrti.sys
[2011.05.15 16:40:15 | 000,113,762 | ---- | C] (U.S. Robotics Corporation) -- C:\WINDOWS\System32\dllcache\usrpda.sys
[2011.05.15 16:40:12 | 000,007,556 | ---- | C] (U.S. Robotics Corporation) -- C:\WINDOWS\System32\dllcache\usroslba.sys
[2011.05.15 16:40:06 | 000,224,802 | ---- | C] (U.S. Robotics Corporation) -- C:\WINDOWS\System32\dllcache\usr1807a.sys
[2011.05.15 16:40:01 | 000,794,399 | ---- | C] (U.S. Robotics, Inc.) -- C:\WINDOWS\System32\dllcache\usr1806v.sys
[2011.05.15 16:39:57 | 000,793,598 | ---- | C] (U.S. Robotics, Inc.) -- C:\WINDOWS\System32\dllcache\usr1806.sys
[2011.05.15 16:39:50 | 000,794,654 | ---- | C] (U.S. Robotics, Inc.) -- C:\WINDOWS\System32\dllcache\usr1801.sys
[2011.05.15 16:39:49 | 000,026,112 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\usbser.sys
[2011.05.15 16:39:48 | 000,017,152 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\usbohci.sys
[2011.05.15 16:39:47 | 000,012,800 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\usb8023x.sys
[2011.05.15 16:39:46 | 000,032,384 | ---- | C] (KLSI USA, Inc.) -- C:\WINDOWS\System32\dllcache\usb101et.sys
[2011.05.15 16:39:37 | 000,094,720 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\umaxud32.dll
[2011.05.15 16:39:32 | 000,028,160 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\umaxu40.dll
[2011.05.15 16:39:27 | 000,026,624 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\umaxu22.dll
[2011.05.15 16:39:24 | 000,069,632 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\umaxu12.dll
[2011.05.15 16:39:18 | 000,050,688 | ---- | C] (UMAX DATA SYSTEMS INC.) -- C:\WINDOWS\System32\dllcache\umaxscan.dll
[2011.05.15 16:39:13 | 000,022,912 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\umaxpcls.sys
[2011.05.15 16:39:08 | 000,050,176 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\umaxp60.dll
[2011.05.15 16:39:05 | 000,047,616 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\umaxcam.dll
[2011.05.15 16:38:58 | 000,211,968 | ---- | C] (UMAX Data Systems Inc.) -- C:\WINDOWS\System32\dllcache\um54scan.dll
[2011.05.15 16:38:56 | 000,216,064 | ---- | C] (UMAX Data Systems Inc.) -- C:\WINDOWS\System32\dllcache\um34scan.dll
[2011.05.15 16:38:52 | 000,036,736 | ---- | C] (Promise Technology, Inc.) -- C:\WINDOWS\System32\dllcache\ultra.sys
[2011.05.15 16:38:49 | 000,044,672 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\uagp35.sys
[2011.05.15 16:38:46 | 000,011,520 | ---- | C] (IBM Corporation) -- C:\WINDOWS\System32\dllcache\twotrack.sys
[2011.05.15 16:38:33 | 000,166,784 | ---- | C] (Trident Microsystems Inc.) -- C:\WINDOWS\System32\dllcache\tridxpm.sys
[2011.05.15 16:38:28 | 000,525,568 | ---- | C] (Trident Microsystems Inc.) -- C:\WINDOWS\System32\dllcache\tridxp.dll
[2011.05.15 16:38:23 | 000,159,232 | ---- | C] (Trident Microsystems Inc.) -- C:\WINDOWS\System32\dllcache\tridkbm.sys
[2011.05.15 16:38:20 | 000,440,576 | ---- | C] (Trident Microsystems Inc.) -- C:\WINDOWS\System32\dllcache\tridkb.dll
[2011.05.15 16:38:12 | 000,222,336 | ---- | C] (Trident Microsystems Inc.) -- C:\WINDOWS\System32\dllcache\trid3dm.sys
[2011.05.15 16:38:09 | 000,315,520 | ---- | C] (Trident Microsystems Inc.) -- C:\WINDOWS\System32\dllcache\trid3d.dll
[2011.05.15 16:38:04 | 000,034,375 | ---- | C] (Intel Corporation) -- C:\WINDOWS\System32\dllcache\tpro4.sys
[2011.05.15 16:37:59 | 000,082,944 | ---- | C] (IBM Corporation) -- C:\WINDOWS\System32\dllcache\tp4mon.exe
[2011.05.15 16:37:59 | 000,042,496 | ---- | C] (IBM Corporation) -- C:\WINDOWS\System32\dllcache\tp4res.dll
[2011.05.15 16:37:52 | 000,031,744 | ---- | C] (IBM Corporation) -- C:\WINDOWS\System32\dllcache\tp4.dll
[2011.05.15 16:37:48 | 000,004,992 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\toside.sys
[2011.05.15 16:37:42 | 000,230,912 | ---- | C] (Toshiba Corporation) -- C:\WINDOWS\System32\dllcache\tosdvd03.sys
[2011.05.15 16:37:39 | 000,241,664 | ---- | C] (Toshiba Corporation) -- C:\WINDOWS\System32\dllcache\tosdvd02.sys
[2011.05.15 16:37:33 | 000,028,232 | ---- | C] (TOSHIBA Corporation) -- C:\WINDOWS\System32\dllcache\tos4mo.sys
[2011.05.15 16:37:29 | 000,123,995 | ---- | C] (Tiger Jet Network) -- C:\WINDOWS\System32\dllcache\tjisdn.sys
[2011.05.15 16:37:17 | 000,138,528 | ---- | C] (Trident Microsystems Inc.) -- C:\WINDOWS\System32\dllcache\tgiulnt5.sys
[2011.05.15 16:37:14 | 000,081,408 | ---- | C] (Trident Microsystems Inc.) -- C:\WINDOWS\System32\dllcache\tgiul50.dll
[2011.05.15 16:37:13 | 000,149,376 | ---- | C] (M-Systems) -- C:\WINDOWS\System32\dllcache\tffsport.sys
[2011.05.15 16:37:06 | 000,017,129 | ---- | C] (TDK Corporation) -- C:\WINDOWS\System32\dllcache\tdkcd31.sys
[2011.05.15 16:37:02 | 000,037,961 | ---- | C] (TDK Corporation) -- C:\WINDOWS\System32\dllcache\tdk100b.sys
[2011.05.15 16:36:53 | 000,030,464 | ---- | C] (Toshiba Corporation) -- C:\WINDOWS\System32\dllcache\tbatm155.sys
[2011.05.15 16:36:46 | 000,007,040 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\tandqic.sys
[2011.05.15 16:36:39 | 000,036,640 | ---- | C] (Number Nine Visual Technology Corp.) -- C:\WINDOWS\System32\dllcache\t2r4mini.sys
[2011.05.15 16:36:36 | 000,172,768 | ---- | C] (Number Nine Visual Technology) -- C:\WINDOWS\System32\dllcache\t2r4disp.dll
[2011.05.15 16:36:28 | 000,032,640 | ---- | C] (LSI Logic) -- C:\WINDOWS\System32\dllcache\symc8xx.sys
[2011.05.15 16:36:26 | 000,016,256 | ---- | C] (Symbios Logic Inc.) -- C:\WINDOWS\System32\dllcache\symc810.sys
[2011.05.15 16:36:19 | 000,030,688 | ---- | C] (LSI Logic) -- C:\WINDOWS\System32\dllcache\sym_u3.sys
[2011.05.15 16:36:16 | 000,028,384 | ---- | C] (LSI Logic) -- C:\WINDOWS\System32\dllcache\sym_hi.sys
[2011.05.15 16:36:09 | 000,094,293 | ---- | C] (Perle Systems Ltd. ) -- C:\WINDOWS\System32\dllcache\sxports.dll
[2011.05.15 16:36:07 | 000,103,936 | ---- | C] (Perle Systems Ltd. ) -- C:\WINDOWS\System32\dllcache\sx.sys
[2011.05.15 16:36:02 | 000,003,968 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\swusbflt.sys
[2011.05.15 16:35:59 | 000,010,240 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\swpidflt.dll
[2011.05.15 16:35:56 | 000,010,240 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\swpdflt2.dll
[2011.05.15 16:35:51 | 000,053,760 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\sw_wheel.dll
[2011.05.15 16:35:49 | 000,041,472 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\sw_effct.dll
[2011.05.15 16:35:39 | 000,155,648 | ---- | C] (Stallion Technologies) -- C:\WINDOWS\System32\dllcache\stlnprop.dll
[2011.05.15 16:35:32 | 000,053,248 | ---- | C] (Stallion Technologies) -- C:\WINDOWS\System32\dllcache\stlncoin.dll
[2011.05.15 16:35:29 | 000,285,760 | ---- | C] (Stallion Technologies) -- C:\WINDOWS\System32\dllcache\stlnata.sys
[2011.05.15 16:35:23 | 000,016,896 | ---- | C] (SCM Microsystems, Inc.) -- C:\WINDOWS\System32\dllcache\stcusb.sys
[2011.05.15 16:35:10 | 000,048,736 | ---- | C] (3Com) -- C:\WINDOWS\System32\dllcache\srwlnd5.sys
[2011.05.15 16:35:05 | 000,099,328 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\srusd.dll
[2011.05.15 16:35:00 | 000,024,660 | ---- | C] (Perle Systems Ltd.) -- C:\WINDOWS\System32\dllcache\spxupchk.dll
[2011.05.15 16:34:47 | 000,061,824 | ---- | C] (Perle Systems Ltd.) -- C:\WINDOWS\System32\dllcache\speed.sys
[2011.05.15 16:34:44 | 000,106,584 | ---- | C] (Perle Systems Ltd.) -- C:\WINDOWS\System32\dllcache\spdports.dll
[2011.05.15 16:34:39 | 000,019,072 | ---- | C] (Adaptec, Inc.) -- C:\WINDOWS\System32\dllcache\sparrow.sys
[2011.05.15 16:34:36 | 000,007,552 | ---- | C] (Sony Corporation) -- C:\WINDOWS\System32\dllcache\sonypvu1.sys
[2011.05.15 16:34:31 | 000,037,040 | ---- | C] (Sony Corporation) -- C:\WINDOWS\System32\dllcache\sonypi.sys
[2011.05.15 16:34:26 | 000,114,688 | ---- | C] (Sony Corporation) -- C:\WINDOWS\System32\dllcache\sonypi.dll
[2011.05.15 16:34:24 | 000,020,752 | ---- | C] (Sony Corporation) -- C:\WINDOWS\System32\dllcache\sonync.sys
[2011.05.15 16:34:16 | 000,009,600 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\sonymc.sys
[2011.05.15 16:34:15 | 000,007,552 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\sonyait.sys
[2011.05.15 16:34:11 | 000,007,040 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\snyaitmc.sys
[2011.05.15 16:33:59 | 000,058,368 | ---- | C] (Silicon Motion Inc.) -- C:\WINDOWS\System32\dllcache\smiminib.sys
[2011.05.15 16:33:56 | 000,147,200 | ---- | C] (Silicon Motion Inc.) -- C:\WINDOWS\System32\dllcache\smidispb.dll
[2011.05.15 16:33:49 | 000,025,034 | ---- | C] (SMC Networks, Inc.) -- C:\WINDOWS\System32\dllcache\smcpwr2n.sys
[2011.05.15 16:33:42 | 000,035,913 | ---- | C] (SMC) -- C:\WINDOWS\System32\dllcache\smcirda.sys
[2011.05.15 16:33:40 | 000,024,576 | ---- | C] (SMC Networks, Inc.) -- C:\WINDOWS\System32\dllcache\smc8000n.sys
[2011.05.15 16:33:33 | 000,006,784 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\smbhc.sys
[2011.05.15 16:33:31 | 000,006,912 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\smbclass.sys
[2011.05.15 16:33:30 | 000,016,000 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\smbbatt.sys
[2011.05.15 16:33:30 | 000,005,888 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\smbali.sys
[2011.05.15 16:33:27 | 000,045,568 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\smb3w.dll
[2011.05.15 16:33:19 | 000,033,792 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\smb0w.dll
[2011.05.15 16:33:16 | 000,028,672 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\sma0w.dll
[2011.05.15 16:33:09 | 000,028,160 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\sm91w.dll
[2011.05.15 16:33:05 | 000,073,796 | ---- | C] (Smart Link) -- C:\WINDOWS\System32\dllcache\slserv.exe
[2011.05.15 16:33:05 | 000,032,866 | ---- | C] (Smart Link) -- C:\WINDOWS\System32\dllcache\slrundll.exe
[2011.05.15 16:33:05 | 000,013,240 | ---- | C] (Smart Link) -- C:\WINDOWS\System32\dllcache\slwdmsup.sys
[2011.05.15 16:33:04 | 000,095,424 | ---- | C] (Smart Link) -- C:\WINDOWS\System32\dllcache\slnthal.sys
[2011.05.15 16:33:02 | 000,404,990 | ---- | C] (Smart Link) -- C:\WINDOWS\System32\dllcache\slntamr.sys
[2011.05.15 16:33:02 | 000,129,535 | ---- | C] (Smart Link) -- C:\WINDOWS\System32\dllcache\slnt7554.sys
[2011.05.15 16:33:02 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Free Download Manager
[2011.05.15 16:33:01 | 000,188,508 | ---- | C] (Smart Link) -- C:\WINDOWS\System32\dllcache\slgen.dll
[2011.05.15 16:32:59 | 000,286,792 | ---- | C] (Smart Link) -- C:\WINDOWS\System32\dllcache\slextspk.dll
[2011.05.15 16:32:59 | 000,073,832 | ---- | C] (Smart Link) -- C:\WINDOWS\System32\dllcache\slcoinst.dll
[2011.05.15 16:32:57 | 000,063,547 | ---- | C] (Symbol Technologies) -- C:\WINDOWS\System32\dllcache\sla30nd5.sys
[2011.05.15 16:32:55 | 000,091,294 | ---- | C] (SysKonnect, a business unit of Schneider & Koch & Co. Datensysteme GmbH.) -- C:\WINDOWS\System32\dllcache\skfpwin.sys
[2011.05.15 16:32:50 | 000,094,698 | ---- | C] (SysKonnect GmbH.) -- C:\WINDOWS\System32\dllcache\sk98xwin.sys
[2011.05.15 16:32:45 | 000,157,696 | ---- | C] (Silicon Integrated Systems Corporation) -- C:\WINDOWS\System32\dllcache\sisv256.dll
[2011.05.15 16:32:41 | 000,050,432 | ---- | C] (Silicon Integrated Systems Corporation) -- C:\WINDOWS\System32\dllcache\sisv.sys
[2011.05.15 16:32:39 | 000,032,768 | ---- | C] (SiS Corporation) -- C:\WINDOWS\System32\dllcache\sisnic.sys
[2011.05.15 16:32:34 | 000,238,592 | ---- | C] (Silicon Integrated Systems Corporation) -- C:\WINDOWS\System32\dllcache\sisgrv.dll
[2011.05.15 16:32:30 | 000,104,064 | ---- | C] (Silicon Integrated Systems Corporation) -- C:\WINDOWS\System32\dllcache\sisgrp.sys
[2011.05.15 16:32:29 | 000,040,960 | ---- | C] (Silicon Integrated Systems Corporation) -- C:\WINDOWS\System32\dllcache\sisagp.sys
[2011.05.15 16:32:22 | 000,150,144 | ---- | C] (Silicon Integrated Systems Corporation) -- C:\WINDOWS\System32\dllcache\sis6306v.dll
[2011.05.15 16:32:20 | 000,068,608 | ---- | C] (Silicon Integrated Systems Corporation) -- C:\WINDOWS\System32\dllcache\sis6306p.sys
[2011.05.15 16:32:13 | 000,252,032 | ---- | C] (Silicon Integrated Systems Corporation) -- C:\WINDOWS\System32\dllcache\sis300iv.dll
[2011.05.15 16:32:09 | 000,101,760 | ---- | C] (Silicon Integrated Systems Corporation) -- C:\WINDOWS\System32\dllcache\sis300ip.sys
[2011.05.15 16:32:09 | 000,003,901 | ---- | C] (Intel® Corporation) -- C:\WINDOWS\System32\dllcache\siint5.dll
[2011.05.15 16:31:51 | 000,161,568 | ---- | C] (Micro Systemation) -- C:\WINDOWS\System32\dllcache\sgsmusb.sys
[2011.05.15 16:31:49 | 000,018,400 | ---- | C] (Micro Systemation) -- C:\WINDOWS\System32\dllcache\sgsmld.sys
[2011.05.15 16:31:43 | 000,098,080 | ---- | C] (Trident Microsystems Inc.) -- C:\WINDOWS\System32\dllcache\sgiulnt5.sys
[2011.05.15 16:31:37 | 000,386,560 | ---- | C] (Trident Microsystems Inc.) -- C:\WINDOWS\System32\dllcache\sgiul50.dll
[2011.05.15 16:31:35 | 000,036,480 | ---- | C] (Creative Technology Ltd.) -- C:\WINDOWS\System32\dllcache\sfmanm.sys
[2011.05.15 16:31:28 | 000,006,784 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\serscan.sys
[2011.05.15 16:31:25 | 000,017,664 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\sermouse.sys
[2011.05.15 16:31:13 | 000,006,912 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\seaddsmc.sys
[2011.05.15 16:31:12 | 000,011,520 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\scsiscan.sys
[2011.05.15 16:31:10 | 000,011,648 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\scsiprnt.sys
[2011.05.15 16:31:00 | 000,017,280 | ---- | C] (SCM Microsystems) -- C:\WINDOWS\System32\dllcache\scr111.sys
[2011.05.15 16:30:58 | 000,016,640 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\scmstcs.sys
[2011.05.15 16:30:53 | 000,023,936 | ---- | C] (OMNIKEY AG) -- C:\WINDOWS\System32\dllcache\sccmusbm.sys
[2011.05.15 16:30:46 | 000,023,936 | ---- | C] (OMNIKEY AG) -- C:\WINDOWS\System32\dllcache\sccmn50m.sys
[2011.05.15 16:30:44 | 000,043,904 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\sbp2port.sys
[2011.05.15 16:30:42 | 000,495,616 | ---- | C] (Creative Technology Ltd.) -- C:\WINDOWS\System32\dllcache\sblfx.dll
[2011.05.15 16:30:39 | 000,075,392 | ---- | C] (S3 Graphics, Inc.) -- C:\WINDOWS\System32\dllcache\s3savmxm.sys
[2011.05.15 16:30:33 | 000,245,632 | ---- | C] (S3 Graphics, Inc.) -- C:\WINDOWS\System32\dllcache\s3savmx.dll
[2011.05.15 16:30:30 | 000,077,824 | ---- | C] (S3 Incorporated) -- C:\WINDOWS\System32\dllcache\s3sav4m.sys
[2011.05.15 16:30:25 | 000,198,400 | ---- | C] (S3 Incorporated) -- C:\WINDOWS\System32\dllcache\s3sav4.dll
[2011.05.15 16:30:22 | 000,061,504 | ---- | C] (S3 Incorporated) -- C:\WINDOWS\System32\dllcache\s3sav3dm.sys
[2011.05.15 16:30:17 | 000,179,264 | ---- | C] (S3 Incorporated) -- C:\WINDOWS\System32\dllcache\s3sav3d.dll
[2011.05.15 16:30:14 | 000,210,496 | ---- | C] (S3 Incorporated) -- C:\WINDOWS\System32\dllcache\s3mvirge.dll
[2011.05.15 16:30:09 | 000,062,496 | ---- | C] (S3 Incorporated) -- C:\WINDOWS\System32\dllcache\s3mtrio.dll
[2011.05.15 16:30:06 | 000,041,216 | ---- | C] (S3 Incorporated) -- C:\WINDOWS\System32\dllcache\s3mt3d.sys
[2011.05.15 16:30:02 | 000,182,272 | ---- | C] (S3 Incorporated) -- C:\WINDOWS\System32\dllcache\s3mt3d.dll
[2011.05.15 16:29:58 | 000,166,720 | ---- | C] (S3 Incorporated) -- C:\WINDOWS\System32\dllcache\s3m.sys
[2011.05.15 16:29:55 | 000,166,912 | ---- | C] (S3 Graphics, Inc.) -- C:\WINDOWS\System32\dllcache\s3gnbm.sys
[2011.05.15 16:29:55 | 000,065,664 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\s3legacy.sys
[2011.05.15 16:29:54 | 000,397,056 | ---- | C] (S3 Graphics, Inc.) -- C:\WINDOWS\System32\dllcache\s3gnb.dll
[2011.05.15 16:29:43 | 000,082,432 | ---- | C] (Ricoh Co., Ltd.) -- C:\WINDOWS\System32\dllcache\rwia450.dll
[2011.05.15 16:29:40 | 000,079,872 | ---- | C] (Ricoh Co., Ltd.) -- C:\WINDOWS\System32\dllcache\rwia430.dll
[2011.05.15 16:29:37 | 000,029,696 | ---- | C] (Ricoh Co., Ltd.) -- C:\WINDOWS\System32\dllcache\rw450ext.dll
[2011.05.15 16:29:35 | 000,027,648 | ---- | C] (Ricoh Co., Ltd.) -- C:\WINDOWS\System32\dllcache\rw430ext.dll
[2011.05.15 16:29:28 | 000,020,992 | ---- | C] (Realtek Semiconductor Corporation) -- C:\WINDOWS\System32\dllcache\rtl8139.sys
[2011.05.15 16:29:23 | 000,019,017 | ---- | C] (Realtek Semiconductor Corporation) -- C:\WINDOWS\System32\dllcache\rtl8029.sys
[2011.05.15 16:29:19 | 000,030,720 | ---- | C] (Conexant Systems Inc.) -- C:\WINDOWS\System32\dllcache\rthwcls.sys
[2011.05.15 16:29:11 | 000,009,216 | ---- | C] (Brother Industries, Ltd.) -- C:\WINDOWS\System32\dllcache\rsmgrstr.dll
[2011.05.15 16:29:08 | 000,003,840 | ---- | C] (Conexant Systems Inc.) -- C:\WINDOWS\System32\dllcache\rpfun.sys
[2011.05.15 16:28:59 | 000,079,104 | ---- | C] (Comtrol Corporation) -- C:\WINDOWS\System32\dllcache\rocket.sys
[2011.05.15 16:28:59 | 000,030,592 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\rndismpx.sys
[2011.05.15 16:28:55 | 000,037,563 | ---- | C] (RadioLAN) -- C:\WINDOWS\System32\dllcache\rlnet5.sys
[2011.05.15 16:28:52 | 000,059,136 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\rfcomm.sys
[2011.05.15 16:28:45 | 000,086,097 | ---- | C] (Xircom) -- C:\WINDOWS\System32\dllcache\reslog32.dll
[2011.05.15 16:28:42 | 000,013,776 | ---- | C] (Smart Link) -- C:\WINDOWS\System32\dllcache\recagent.sys
[2011.05.15 16:28:37 | 000,019,584 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\rasirda.sys
[2011.05.15 16:28:30 | 000,714,762 | ---- | C] (Xircom, Inc.) -- C:\WINDOWS\System32\dllcache\r2mdmkxx.sys
[2011.05.15 16:28:27 | 000,899,146 | ---- | C] (Xircom, Inc.) -- C:\WINDOWS\System32\dllcache\r2mdkxga.sys
[2011.05.15 16:28:19 | 000,041,472 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\qvusd.dll
[2011.05.15 16:28:16 | 000,003,328 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\qv2kux.sys
[2011.05.15 16:28:05 | 000,049,024 | ---- | C] (QLogic Corporation) -- C:\WINDOWS\System32\dllcache\ql1280.sys
[2011.05.15 16:27:59 | 000,040,448 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\ql1240.sys
[2011.05.15 16:27:56 | 000,045,312 | ---- | C] (QLogic Corporation) -- C:\WINDOWS\System32\dllcache\ql12160.sys
[2011.05.15 16:27:50 | 000,033,152 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\ql10wnt.sys
[2011.05.15 16:27:48 | 000,040,320 | ---- | C] (QLogic Corporation) -- C:\WINDOWS\System32\dllcache\ql1080.sys
[2011.05.15 16:27:47 | 000,006,016 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\qic157.sys
[2011.05.15 16:27:40 | 000,130,942 | ---- | C] (PCTEL, INC.) -- C:\WINDOWS\System32\dllcache\ptserlv.sys
[2011.05.15 16:27:34 | 000,112,574 | ---- | C] (PCTEL, INC.) -- C:\WINDOWS\System32\dllcache\ptserlp.sys
[2011.05.15 16:27:31 | 000,128,286 | ---- | C] (PCTEL, INC.) -- C:\WINDOWS\System32\dllcache\ptserli.sys
[2011.05.15 16:27:30 | 000,159,232 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\ptpusd.dll
[2011.05.15 16:27:24 | 000,005,632 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\ptpusb.dll
[2011.05.15 16:27:21 | 000,035,328 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\psisload.dll
[2011.05.15 16:27:15 | 000,016,128 | ---- | C] (SCM Microsystems, Inc.) -- C:\WINDOWS\System32\dllcache\pscr.sys
[2011.05.15 16:27:13 | 000,017,664 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\ppa3.sys
[2011.05.15 16:27:07 | 000,017,792 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\ppa.sys
[2011.05.15 16:27:06 | 000,008,832 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\powerfil.sys
[2011.05.15 16:27:03 | 000,007,168 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\pnrmc.sys
[2011.05.15 16:26:55 | 000,121,344 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\phvfwext.dll
[2011.05.15 16:26:48 | 000,019,840 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\philtune.sys
[2011.05.15 16:26:42 | 000,092,416 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\phildec.sys
[2011.05.15 16:26:39 | 000,173,696 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\philcam2.sys
[2011.05.15 16:26:36 | 000,075,776 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\philcam1.sys
[2011.05.15 16:26:30 | 000,016,384 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\philcam1.dll
[2011.05.15 16:26:28 | 000,105,984 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\phdsext.ax
[2011.05.15 16:26:24 | 000,259,328 | ---- | C] (Microsoft Corp., 3Dlabs Inc. Ltd.) -- C:\WINDOWS\System32\dllcache\perm3dd.dll
[2011.05.15 16:26:22 | 000,028,032 | ---- | C] (Microsoft Corp., 3Dlabs Inc. Ltd.) -- C:\WINDOWS\System32\dllcache\perm3.sys
[2011.05.15 16:26:21 | 000,211,584 | ---- | C] (Microsoft Corp., 3Dlabs Inc. Ltd.) -- C:\WINDOWS\System32\dllcache\perm2dll.dll
[2011.05.15 16:26:20 | 000,027,904 | ---- | C] (Microsoft Corp., 3Dlabs Inc. Ltd.) -- C:\WINDOWS\System32\dllcache\perm2.sys
[2011.05.15 16:26:16 | 000,005,504 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\perc2hib.sys
[2011.05.15 16:26:12 | 000,027,296 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\perc2.sys
[2011.05.15 16:26:10 | 000,169,984 | ---- | C] (Cisco Systems) -- C:\WINDOWS\System32\dllcache\pcx500.sys
[2011.05.15 16:26:06 | 000,086,016 | ---- | C] (PCtel, Inc.) -- C:\WINDOWS\System32\dllcache\pctspk.exe
[2011.05.15 16:26:03 | 000,035,328 | ---- | C] (AMD Inc.) -- C:\WINDOWS\System32\dllcache\pcntpci5.sys
[2011.05.15 16:25:57 | 000,029,769 | ---- | C] (AMD Inc.) -- C:\WINDOWS\System32\dllcache\pcntn5m.sys
[2011.05.15 16:25:55 | 000,030,282 | ---- | C] (AMD Inc.) -- C:\WINDOWS\System32\dllcache\pcntn5hl.sys
[2011.05.15 16:25:48 | 000,026,153 | ---- | C] (Linksys) -- C:\WINDOWS\System32\dllcache\pcmlm56.sys
[2011.05.15 16:25:47 | 000,029,502 | ---- | C] (Marconi Communications, Inc.) -- C:\WINDOWS\System32\dllcache\pca200e.sys
[2011.05.15 16:25:45 | 000,030,495 | ---- | C] (Linksys) -- C:\WINDOWS\System32\dllcache\pc100nds.sys
[2011.05.15 16:25:33 | 000,041,984 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\ovui2rc.dll
[2011.05.15 16:25:29 | 000,044,544 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\ovui2.dll
[2011.05.15 16:25:27 | 000,025,216 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\ovsound2.sys
[2011.05.15 16:25:21 | 000,039,424 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\ovcoms.exe
[2011.05.15 16:25:19 | 000,020,480 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\ovcomc.dll
[2011.05.15 16:25:13 | 000,351,616 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\ovcodek2.sys
[2011.05.15 16:25:11 | 000,116,736 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\ovcodec2.dll
[2011.05.15 16:25:06 | 000,031,872 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\ovce.sys
[2011.05.15 16:25:03 | 000,028,032 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\ovcd.sys
[2011.05.15 16:24:58 | 000,048,000 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\ovcam2.sys
[2011.05.15 16:24:56 | 000,025,088 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\ovca.sys
[2011.05.15 16:24:50 | 000,054,186 | ---- | C] (Ositech Communications, Inc.) -- C:\WINDOWS\System32\dllcache\otcsercb.sys
[2011.05.15 16:24:46 | 000,043,689 | ---- | C] (Ositech Communications, Inc.) -- C:\WINDOWS\System32\dllcache\otceth5.sys
[2011.05.15 16:24:43 | 000,027,209 | ---- | C] (Ositech Communications, Inc.) -- C:\WINDOWS\System32\dllcache\otc06x5.sys
[2011.05.15 16:24:37 | 000,054,528 | ---- | C] (Yamaha Corp.) -- C:\WINDOWS\System32\dllcache\opl3sax.sys
[2011.05.15 16:24:33 | 001,897,408 | ---- | C] (NVIDIA Corporation) -- C:\WINDOWS\System32\dllcache\nv4_mini.sys
[2011.05.15 16:24:32 | 004,274,816 | ---- | C] (NVIDIA Corporation) -- C:\WINDOWS\System32\dllcache\nv4_disp.dll
[2011.05.15 16:24:26 | 000,198,144 | ---- | C] (NVIDIA Corporation) -- C:\WINDOWS\System32\dllcache\nv3.sys
[2011.05.15 16:24:24 | 000,123,776 | ---- | C] (NVIDIA Corporation) -- C:\WINDOWS\System32\dllcache\nv3.dll
[2011.05.15 16:24:21 | 000,180,360 | ---- | C] (Smart Link) -- C:\WINDOWS\System32\dllcache\ntmtlfax.sys
[2011.05.15 16:24:16 | 000,051,552 | ---- | C] (Kensington Technology Group) -- C:\WINDOWS\System32\dllcache\ntgrip.sys
[2011.05.15 16:24:09 | 000,009,344 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\ntapm.sys
[2011.05.15 16:24:06 | 000,007,552 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\nsmmc.sys
[2011.05.15 16:24:00 | 000,028,672 | ---- | C] (National Semiconductor Corporation) -- C:\WINDOWS\System32\dllcache\nscirda.sys
[2011.05.15 16:23:55 | 000,087,040 | ---- | C] (NeoMagic Corporation) -- C:\WINDOWS\System32\dllcache\nm6wdm.sys
[2011.05.15 16:23:50 | 000,126,080 | ---- | C] (NeoMagic Corporation) -- C:\WINDOWS\System32\dllcache\nm5a2wdm.sys
[2011.05.15 16:23:47 | 000,032,840 | ---- | C] (NETGEAR Corporation.) -- C:\WINDOWS\System32\dllcache\ngrpci.sys
[2011.05.15 16:23:42 | 000,132,695 | ---- | C] (802.11b) -- C:\WINDOWS\System32\dllcache\netwlan5.sys
[2011.05.15 16:23:36 | 000,065,278 | ---- | C] (Compaq Computer Corporation) -- C:\WINDOWS\System32\dllcache\netflx3.sys
[2011.05.15 16:23:31 | 000,039,264 | ---- | C] (NeoMagic Corporation) -- C:\WINDOWS\System32\dllcache\neo20xx.sys
[2011.05.15 16:23:27 | 000,060,480 | ---- | C] (NeoMagic Corporation) -- C:\WINDOWS\System32\dllcache\neo20xx.dll
[2011.05.15 16:23:25 | 000,015,872 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\ne2000.sys
[2011.05.15 16:23:17 | 000,091,488 | ---- | C] (Number Nine Visual Technology Corp.) -- C:\WINDOWS\System32\dllcache\n9i3disp.dll
[2011.05.15 16:23:15 | 000,027,936 | ---- | C] (Number Nine Visual Technology Corp.) -- C:\WINDOWS\System32\dllcache\n9i3d.sys
[2011.05.15 16:23:10 | 000,033,088 | ---- | C] (Number Nine Visual Technology Corp.) -- C:\WINDOWS\System32\dllcache\n9i128v2.sys
[2011.05.15 16:23:07 | 000,059,104 | ---- | C] (Number Nine Visual Technology Corp.) -- C:\WINDOWS\System32\dllcache\n9i128v2.dll
[2011.05.15 16:23:05 | 000,013,664 | ---- | C] (Number Nine Visual Technology Corp.) -- C:\WINDOWS\System32\dllcache\n9i128.sys
[2011.05.15 16:22:58 | 000,035,392 | ---- | C] (Number Nine Visual Technology Corp.) -- C:\WINDOWS\System32\dllcache\n9i128.dll
[2011.05.15 16:22:56 | 000,128,000 | ---- | C] (Compaq Computer Corporation) -- C:\WINDOWS\System32\dllcache\n100325.sys
[2011.05.15 16:22:52 | 000,052,255 | ---- | C] (Compaq Computer Corporation) -- C:\WINDOWS\System32\dllcache\n1000nt5.sys
[2011.05.15 16:22:47 | 000,075,520 | ---- | C] (Moxa Technologies Co., Ltd.) -- C:\WINDOWS\System32\dllcache\mxport.sys
[2011.05.15 16:22:45 | 000,007,168 | ---- | C] (Moxa Technologies Co., Ltd) -- C:\WINDOWS\System32\dllcache\mxport.dll
[2011.05.15 16:22:43 | 000,019,968 | ---- | C] (Macronix International Co., Ltd. ) -- C:\WINDOWS\System32\dllcache\mxnic.sys
[2011.05.15 16:22:38 | 000,019,968 | ---- | C] (Moxa Technologies Co., Ltd) -- C:\WINDOWS\System32\dllcache\mxicfg.dll
[2011.05.15 16:22:35 | 000,021,888 | ---- | C] (Moxa Technologies Co., Ltd.) -- C:\WINDOWS\System32\dllcache\mxcard.sys
[2011.05.15 16:22:34 | 000,012,672 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\mutohpen.sys
[2011.05.15 16:22:30 | 000,103,296 | ---- | C] (Matrox Graphics Inc) -- C:\WINDOWS\System32\dllcache\mtxvideo.sys
[2011.05.15 16:22:29 | 001,737,856 | ---- | C] (Matrox Graphics Inc.) -- C:\WINDOWS\System32\dllcache\mtxparhd.dll
[2011.05.15 16:22:29 | 000,452,736 | ---- | C] (Matrox Graphics Inc.) -- C:\WINDOWS\System32\dllcache\mtxparhm.sys
[2011.05.15 16:22:22 | 001,309,184 | ---- | C] (Smart Link) -- C:\WINDOWS\System32\dllcache\mtlstrm.sys
[2011.05.15 16:22:21 | 000,126,686 | ---- | C] (Smart Link) -- C:\WINDOWS\System32\dllcache\mtlmnt5.sys
[2011.05.15 16:22:10 | 000,049,024 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\mstape.sys
[2011.05.15 16:22:03 | 000,012,416 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\msriffwv.sys
[2011.05.15 16:21:48 | 000,002,944 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\msmpu401.sys
[2011.05.15 16:21:46 | 000,022,016 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\msircomm.sys
[2011.05.15 16:21:11 | 000,035,200 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\msgame.sys
[2011.05.15 16:21:08 | 000,006,016 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\msfsio.sys
[2011.05.15 16:20:59 | 000,017,280 | ---- | C] (American Megatrends Inc.) -- C:\WINDOWS\System32\dllcache\mraid35x.sys
[2011.05.15 16:20:40 | 000,016,128 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\modemcsa.sys
[2011.05.15 16:20:28 | 000,006,528 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\miniqic.sys
[2011.05.15 16:20:17 | 000,320,384 | ---- | C] (Matrox Graphics Inc.) -- C:\WINDOWS\System32\dllcache\mgaum.sys
[2011.05.15 16:20:15 | 000,235,648 | ---- | C] (Matrox Graphics Inc.) -- C:\WINDOWS\System32\dllcache\mgaud.dll
[2011.05.15 16:20:09 | 000,026,112 | ---- | C] (Sony Corporation) -- C:\WINDOWS\System32\dllcache\memstpci.sys
[2011.05.15 16:20:07 | 000,047,616 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\memgrp.dll
[2011.05.15 16:20:00 | 000,008,320 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\memcard.sys
[2011.05.15 16:19:57 | 000,164,586 | ---- | C] (Madge Networks Ltd) -- C:\WINDOWS\System32\dllcache\mdgndis5.sys
[2011.05.15 16:19:53 | 000,007,424 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\mammoth.sys
[2011.05.15 16:19:45 | 000,048,768 | ---- | C] (ESS Technology, Inc.) -- C:\WINDOWS\System32\dllcache\maestro.sys
[2011.05.15 16:19:40 | 000,058,880 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\m3092dc.dll
[2011.05.15 16:19:37 | 000,058,368 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\m3091dc.dll
[2011.05.15 16:19:33 | 000,022,848 | ---- | C] (Logitech Inc.) -- C:\WINDOWS\System32\dllcache\lwusbhid.sys
[2011.05.15 16:19:31 | 000,020,864 | ---- | C] (Logitech Inc.) -- C:\WINDOWS\System32\dllcache\lwadihid.sys
[2011.05.15 16:19:27 | 000,797,500 | ---- | C] (LT) -- C:\WINDOWS\System32\dllcache\ltsmt.sys
[2011.05.15 16:19:23 | 000,802,683 | ---- | C] (Lucent Technologies) -- C:\WINDOWS\System32\dllcache\ltsm.sys
[2011.05.15 16:19:22 | 000,007,040 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\ltotape.sys
[2011.05.15 16:19:21 | 000,420,992 | ---- | C] (LT) -- C:\WINDOWS\System32\dllcache\ltmdmntt.sys
[2011.05.15 16:19:19 | 000,606,684 | ---- | C] (LT) -- C:\WINDOWS\System32\dllcache\ltmdmnt.sys
[2011.05.15 16:19:19 | 000,576,746 | ---- | C] (LT) -- C:\WINDOWS\System32\dllcache\ltmdmntl.sys
[2011.05.15 16:19:13 | 000,727,786 | ---- | C] (Xircom, Inc.) -- C:\WINDOWS\System32\dllcache\ltck000c.sys
[2011.05.15 16:19:08 | 000,004,992 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\loop.sys
[2011.05.15 16:18:57 | 000,070,730 | ---- | C] (Linksys Group, Inc.) -- C:\WINDOWS\System32\dllcache\lne100tx.sys
[2011.05.15 16:18:55 | 000,020,573 | ---- | C] (The Linksts Group ) -- C:\WINDOWS\System32\dllcache\lne100.sys
[2011.05.15 16:18:53 | 000,025,065 | ---- | C] (D-Link) -- C:\WINDOWS\System32\dllcache\lmndis3.sys
[2011.05.15 16:18:47 | 000,015,744 | ---- | C] (Litronic Industries) -- C:\WINDOWS\System32\dllcache\lit220p.sys
[2011.05.15 16:18:44 | 000,034,688 | ---- | C] (Toshiba Corp.) -- C:\WINDOWS\System32\dllcache\lbrtfdc.sys
[2011.05.15 16:18:38 | 000,026,442 | ---- | C] (SMSC) -- C:\WINDOWS\System32\dllcache\lanepic5.sys
[2011.05.15 16:18:36 | 000,019,016 | ---- | C] (Kingston Technology Company ) -- C:\WINDOWS\System32\dllcache\ktc111.sys
[2011.05.15 16:18:32 | 000,037,376 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kousd.dll
[2011.05.15 16:18:19 | 000,253,952 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kdsusd.dll
[2011.05.15 16:18:18 | 000,048,640 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kdsui.dll
[2011.05.15 16:17:49 | 000,008,192 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kbdkor.dll
[2011.05.15 16:17:47 | 000,008,704 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kbdjpn.dll
[2011.05.15 16:17:16 | 000,006,144 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kbd106.dll
[2011.05.15 16:17:15 | 000,005,632 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kbd103.dll
[2011.05.15 16:17:09 | 000,006,144 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kbd101c.dll
[2011.05.15 16:17:07 | 000,006,144 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kbd101b.dll
[2011.05.15 16:16:53 | 000,026,624 | ---- | C] (SigmaTel, Inc.) -- C:\WINDOWS\System32\dllcache\irstusb.sys
[2011.05.15 16:16:52 | 000,018,688 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\irsir.sys
[2011.05.15 16:16:51 | 000,028,160 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\irmon.dll
[2011.05.15 16:16:49 | 000,151,552 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\irftp.exe
[2011.05.15 16:16:49 | 000,023,552 | ---- | C] (MKNet Corporation) -- C:\WINDOWS\System32\dllcache\irmk7.sys
[2011.05.15 16:16:48 | 000,088,192 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\irda.sys
[2011.05.15 16:16:47 | 000,046,592 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\irbus.sys
[2011.05.15 16:16:27 | 000,045,632 | ---- | C] (Interphase ® Corporation a Windows ® 2000 DDK Driver Provider) -- C:\WINDOWS\System32\dllcache\ip5515.sys
[2011.05.15 16:16:25 | 000,090,200 | ---- | C] (Perle Systems Ltd. ) -- C:\WINDOWS\System32\dllcache\io8ports.dll
[2011.05.15 16:16:23 | 000,038,784 | ---- | C] (Perle Systems Ltd. ) -- C:\WINDOWS\System32\dllcache\io8.sys
[2011.05.15 16:16:21 | 000,005,504 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\intelide.sys
[2011.05.15 16:16:17 | 000,013,056 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\inport.sys
[2011.05.15 16:16:15 | 000,016,000 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\ini910u.sys
[2011.05.15 16:15:09 | 000,372,824 | ---- | C] (Xircom) -- C:\WINDOWS\System32\dllcache\iconf32.dll
[2011.05.15 16:15:04 | 000,100,992 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\icam5usb.sys
[2011.05.15 16:15:01 | 000,020,480 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\icam5ext.dll
[2011.05.15 16:14:59 | 000,045,056 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\icam5com.dll
[2011.05.15 16:14:55 | 000,154,496 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\icam4usb.sys
[2011.05.15 16:14:53 | 000,061,952 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\icam4ext.dll
[2011.05.15 16:14:51 | 000,091,136 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\icam4com.dll
[2011.05.15 16:14:46 | 000,026,624 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\icam3ext.dll
[2011.05.15 16:14:44 | 000,141,056 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\icam3.sys
[2011.05.15 16:14:42 | 000,038,528 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\ibmvcap.sys
[2011.05.15 16:14:38 | 000,109,085 | ---- | C] (IBM Corporation) -- C:\WINDOWS\System32\dllcache\ibmtrp.sys
[2011.05.15 16:14:36 | 000,100,936 | ---- | C] (IBM Corporation) -- C:\WINDOWS\System32\dllcache\ibmtok.sys
[2011.05.15 16:14:34 | 000,009,216 | ---- | C] (IBM Corporation) -- C:\WINDOWS\System32\dllcache\ibmsgnet.dll
[2011.05.15 16:14:30 | 000,028,700 | ---- | C] (IBM Corp.) -- C:\WINDOWS\System32\dllcache\ibmexmp.sys
[2011.05.15 16:14:28 | 000,702,845 | ---- | C] (Intel® Corporation) -- C:\WINDOWS\System32\dllcache\i81xdnt5.dll
[2011.05.15 16:14:28 | 000,161,020 | ---- | C] (Intel® Corporation) -- C:\WINDOWS\System32\dllcache\i81xnt5.sys
[2011.05.15 16:14:26 | 000,058,592 | ---- | C] (Intel Corporation) -- C:\WINDOWS\System32\dllcache\i740nt5.sys
[2011.05.15 16:14:21 | 000,353,184 | ---- | C] (Intel Corporation) -- C:\WINDOWS\System32\dllcache\i740dnt5.dll
[2011.05.15 16:14:20 | 000,018,560 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\i2omp.sys
[2011.05.15 16:14:20 | 000,008,576 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\i2omgmt.sys
[2011.05.15 16:13:53 | 001,041,536 | ---- | C] (Conexant Systems, Inc.) -- C:\WINDOWS\System32\dllcache\hsfdpsp2.sys
[2011.05.15 16:13:51 | 000,685,056 | ---- | C] (Conexant Systems, Inc.) -- C:\WINDOWS\System32\dllcache\hsfcxts2.sys
[2011.05.15 16:13:49 | 000,032,285 | ---- | C] (Conexant Systems, Inc.) -- C:\WINDOWS\System32\dllcache\hsfcisp2.dll
[2011.05.15 16:13:47 | 000,220,032 | ---- | C] (Conexant Systems, Inc.) -- C:\WINDOWS\System32\dllcache\hsfbs2s2.sys
[2011.05.15 16:13:45 | 000,488,383 | ---- | C] (Conexant) -- C:\WINDOWS\System32\dllcache\hsf_v124.sys
[2011.05.15 16:13:43 | 000,050,751 | ---- | C] (Conexant) -- C:\WINDOWS\System32\dllcache\hsf_tone.sys
[2011.05.15 16:13:38 | 000,073,279 | ---- | C] (Conexant) -- C:\WINDOWS\System32\dllcache\hsf_spkp.sys
[2011.05.15 16:13:37 | 000,044,863 | ---- | C] (Conexant) -- C:\WINDOWS\System32\dllcache\hsf_soar.sys
[2011.05.15 16:13:32 | 000,057,471 | ---- | C] (Conexant) -- C:\WINDOWS\System32\dllcache\hsf_samp.sys
[2011.05.15 16:13:30 | 000,542,879 | ---- | C] (Conexant) -- C:\WINDOWS\System32\dllcache\hsf_msft.sys
[2011.05.15 16:13:28 | 000,391,199 | ---- | C] (Conexant) -- C:\WINDOWS\System32\dllcache\hsf_k56k.sys
[2011.05.15 16:13:23 | 000,009,759 | ---- | C] (Conexant) -- C:\WINDOWS\System32\dllcache\hsf_inst.dll
[2011.05.15 16:13:21 | 000,115,807 | ---- | C] (Conexant) -- C:\WINDOWS\System32\dllcache\hsf_fsks.sys
[2011.05.15 16:13:18 | 000,199,711 | ---- | C] (Conexant) -- C:\WINDOWS\System32\dllcache\hsf_faxx.sys
[2011.05.15 16:13:15 | 000,289,887 | ---- | C] (Conexant) -- C:\WINDOWS\System32\dllcache\hsf_fall.sys
[2011.05.15 16:13:13 | 000,067,167 | ---- | C] (Conexant) -- C:\WINDOWS\System32\dllcache\hsf_bsc2.sys
[2011.05.15 16:13:11 | 000,150,239 | ---- | C] (Conexant) -- C:\WINDOWS\System32\dllcache\hsf_amos.sys
[2011.05.15 16:13:06 | 000,019,456 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\hr1w.dll
[2011.05.15 16:13:04 | 000,005,760 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\hpt4qic.sys
[2011.05.15 16:13:03 | 000,013,312 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\hpsjmcro.dll
[2011.05.15 16:12:58 | 000,324,608 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\hpojwia.dll
[2011.05.15 16:12:56 | 000,025,952 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\hpn.sys
[2011.05.15 16:12:53 | 000,032,768 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\hpgtmcro.dll
[2011.05.15 16:12:50 | 000,068,608 | ---- | C] (Avisioin) -- C:\WINDOWS\System32\dllcache\hpgt53tk.dll
[2011.05.15 16:12:47 | 000,031,232 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\hpgt42tk.dll
[2011.05.15 16:12:41 | 000,126,976 | ---- | C] (Hewlett Packard) -- C:\WINDOWS\System32\dllcache\hpgt34tk.dll
[2011.05.15 16:12:34 | 000,048,128 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\hpgt33tk.dll
[2011.05.15 16:12:31 | 000,123,392 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\hpgt21tk.dll
[2011.05.15 16:12:27 | 000,119,296 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\hpdigwia.dll
[2011.05.15 16:12:19 | 000,002,688 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\hidswvd.sys
[2011.05.15 16:12:17 | 000,019,200 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\hidir.sys
[2011.05.15 16:12:16 | 000,008,576 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\hidgame.sys
[2011.05.15 16:12:15 | 000,025,600 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\hidbth.sys
[2011.05.15 16:12:15 | 000,020,352 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\hidbatt.sys
[2011.05.15 16:12:11 | 000,907,456 | ---- | C] (Conexant) -- C:\WINDOWS\System32\dllcache\hcf_msft.sys
[2011.05.15 16:12:07 | 000,028,288 | ---- | C] (Gemplus) -- C:\WINDOWS\System32\dllcache\grserial.sys
[2011.05.15 16:12:05 | 000,082,304 | ---- | C] (Gemplus) -- C:\WINDOWS\System32\dllcache\grclass.sys
[2011.05.15 16:12:03 | 000,017,408 | ---- | C] (Gemplus) -- C:\WINDOWS\System32\dllcache\gpr400.sys
[2011.05.15 16:11:58 | 000,059,136 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\gckernel.sys
[2011.05.15 16:11:57 | 000,046,464 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\gagp30kx.sys
[2011.05.15 16:11:57 | 000,010,624 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\gameenum.sys
[2011.05.15 16:11:55 | 000,322,432 | ---- | C] (Matrox Graphics Inc.) -- C:\WINDOWS\System32\dllcache\g400m.sys
[2011.05.15 16:11:50 | 001,733,120 | ---- | C] (Matrox Graphics Inc.) -- C:\WINDOWS\System32\dllcache\g400d.dll
[2011.05.15 16:11:48 | 000,320,384 | ---- | C] (Matrox Graphics Inc.) -- C:\WINDOWS\System32\dllcache\g200m.sys
[2011.05.15 16:11:47 | 000,470,144 | ---- | C] (Matrox Graphics Inc.) -- C:\WINDOWS\System32\dllcache\g200d.dll
[2011.05.15 16:11:44 | 000,454,912 | ---- | C] (AVM GmbH) -- C:\WINDOWS\System32\dllcache\fxusbase.sys
[2011.05.15 16:11:24 | 000,092,160 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\fuusd.dll
[2011.05.15 16:11:22 | 000,455,296 | ---- | C] (AVM GmbH) -- C:\WINDOWS\System32\dllcache\fusbbase.sys
[2011.05.15 16:11:21 | 000,455,680 | ---- | C] (AVM GmbH) -- C:\WINDOWS\System32\dllcache\fus2base.sys
[2011.05.15 16:11:11 | 000,442,240 | ---- | C] (AVM GmbH) -- C:\WINDOWS\System32\dllcache\fpnpbase.sys
[2011.05.15 16:11:09 | 000,441,728 | ---- | C] (AVM GmbH) -- C:\WINDOWS\System32\dllcache\fpcmbase.sys
[2011.05.15 16:11:07 | 000,444,416 | ---- | C] (AVM GmbH) -- C:\WINDOWS\System32\dllcache\fpcibase.sys
[2011.05.15 16:11:04 | 000,034,173 | ---- | C] (Marconi Communications, Inc.) -- C:\WINDOWS\System32\dllcache\forehe.sys
[2011.05.15 16:11:01 | 000,071,680 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\fnfilter.dll
[2011.05.15 16:10:54 | 000,027,165 | ---- | C] (VIA Technologies, Inc. ) -- C:\WINDOWS\System32\dllcache\fetnd5.sys
[2011.05.15 16:10:47 | 000,022,090 | ---- | C] (3Com Corporation) -- C:\WINDOWS\System32\dllcache\fem556n5.sys
[2011.05.15 16:10:42 | 000,024,618 | ---- | C] (NETGEAR) -- C:\WINDOWS\System32\dllcache\fa410nd5.sys
[2011.05.15 16:10:40 | 000,016,074 | ---- | C] (NETGEAR Corp.) -- C:\WINDOWS\System32\dllcache\fa312nd5.sys
[2011.05.15 16:10:38 | 000,011,850 | ---- | C] (FUJITSU LIMITED) -- C:\WINDOWS\System32\dllcache\f3ab18xj.sys
[2011.05.15 16:10:35 | 000,012,362 | ---- | C] (FUJITSU LIMITED) -- C:\WINDOWS\System32\dllcache\f3ab18xi.sys
[2011.05.15 16:10:32 | 000,007,040 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\exabyte2.sys
[2011.05.15 16:10:30 | 000,016,998 | ---- | C] (Intel Corporation) -- C:\WINDOWS\System32\dllcache\ex10.sys
[2011.05.15 16:10:26 | 000,045,568 | ---- | C] (SEIKO EPSON CORP.) -- C:\WINDOWS\System32\dllcache\esunib.dll
[2011.05.15 16:10:23 | 000,045,568 | ---- | C] (SEIKO EPSON CORP.) -- C:\WINDOWS\System32\dllcache\esuni.dll
[2011.05.15 16:10:22 | 000,034,816 | ---- | C] (SEIKO EPSON CORP.) -- C:\WINDOWS\System32\dllcache\esuimg.dll
[2011.05.15 16:10:16 | 000,137,088 | ---- | C] (ESS Technology, Inc.) -- C:\WINDOWS\System32\dllcache\essm2e.sys
[2011.05.15 16:10:16 | 000,043,008 | ---- | C] (SEIKO EPSON CORP.) -- C:\WINDOWS\System32\dllcache\esucm.dll
[2011.05.15 16:10:13 | 000,063,360 | ---- | C] (ESS Technology, Inc.) -- C:\WINDOWS\System32\dllcache\ess.sys
[2011.05.15 16:10:10 | 000,347,550 | ---- | C] (ESS Technology, Inc.) -- C:\WINDOWS\System32\dllcache\es56tpi.sys
[2011.05.15 16:10:09 | 000,594,238 | ---- | C] (ESS Technology, Inc.) -- C:\WINDOWS\System32\dllcache\es56hpi.sys
[2011.05.15 16:10:07 | 000,595,647 | ---- | C] (ESS Technology, Inc.) -- C:\WINDOWS\System32\dllcache\es56cvmp.sys
[2011.05.15 16:10:03 | 000,174,464 | ---- | C] (ESS Technology, Inc.) -- C:\WINDOWS\System32\dllcache\es198x.sys
[2011.05.15 16:10:02 | 000,072,192 | ---- | C] (ESS Technology Inc.) -- C:\WINDOWS\System32\dllcache\es1969.sys
[2011.05.15 16:10:00 | 000,040,704 | ---- | C] (Creative Technology Ltd.) -- C:\WINDOWS\System32\dllcache\es1371mp.sys
[2011.05.15 16:09:57 | 000,037,120 | ---- | C] (Creative Technology Ltd.) -- C:\WINDOWS\System32\dllcache\es1370mp.sys
[2011.05.15 16:09:56 | 000,061,952 | ---- | C] (Equinox Systems Inc.) -- C:\WINDOWS\System32\dllcache\eqnloop.exe
[2011.05.15 16:09:54 | 000,051,200 | ---- | C] (Equinox Systems Inc.) -- C:\WINDOWS\System32\dllcache\eqnlogr.exe
[2011.05.15 16:09:51 | 000,053,248 | ---- | C] (Equinox Systems Inc.) -- C:\WINDOWS\System32\dllcache\eqndiag.exe
[2011.05.15 16:09:50 | 000,629,952 | ---- | C] (Equinox Systems Inc.) -- C:\WINDOWS\System32\dllcache\eqn.sys
[2011.05.15 16:09:48 | 000,114,944 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\epstw2k.sys
[2011.05.15 16:09:45 | 000,018,503 | ---- | C] (Intel Corporation) -- C:\WINDOWS\System32\dllcache\epro4.sys
[2011.05.15 16:09:43 | 000,144,896 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\epcfw2k.sys
[2011.05.15 16:09:41 | 000,283,904 | ---- | C] (Creative Technology Ltd.) -- C:\WINDOWS\System32\dllcache\emu10k1m.sys
[2011.05.15 16:09:36 | 000,019,996 | ---- | C] (3Com Corporation) -- C:\WINDOWS\System32\dllcache\em556n4.sys
[2011.05.15 16:09:35 | 000,025,159 | ---- | C] (3Com Corporation) -- C:\WINDOWS\System32\dllcache\elnk3.sys
[2011.05.15 16:09:34 | 000,007,296 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\elmsmc.sys
[2011.05.15 16:09:33 | 000,171,520 | ---- | C] (3Com Corporation) -- C:\WINDOWS\System32\dllcache\el99xn51.sys
[2011.05.15 16:09:30 | 000,070,174 | ---- | C] (3Com Corporation) -- C:\WINDOWS\System32\dllcache\el98xn5.sys
[2011.05.15 16:09:28 | 000,455,199 | ---- | C] (3Com Corporation.) -- C:\WINDOWS\System32\dllcache\el985n51.sys
[2011.05.15 16:09:28 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Andrew\Application Data\WinRAR
[2011.05.15 16:09:27 | 000,153,631 | ---- | C] (3Com Corporation) -- C:\WINDOWS\System32\dllcache\el90xnd5.sys
[2011.05.15 16:09:26 | 000,066,591 | ---- | C] (3Com Corporation) -- C:\WINDOWS\System32\dllcache\el90xbc5.sys
[2011.05.15 16:09:24 | 000,241,206 | ---- | C] (3Com Corporation) -- C:\WINDOWS\System32\dllcache\el656se5.sys
[2011.05.15 16:09:22 | 000,077,386 | ---- | C] (3Com Corporation) -- C:\WINDOWS\System32\dllcache\el656nd5.sys
[2011.05.15 16:09:21 | 000,634,134 | ---- | C] (3Com Corporation) -- C:\WINDOWS\System32\dllcache\el656ct5.sys
[2011.05.15 16:09:20 | 000,069,194 | ---- | C] (3Com Corporation) -- C:\WINDOWS\System32\dllcache\el656cd5.sys
[2011.05.15 16:09:18 | 000,026,141 | ---- | C] (3Com Corporation) -- C:\WINDOWS\System32\dllcache\el589nd5.sys
[2011.05.15 16:09:16 | 000,069,692 | ---- | C] (3Com Corporation) -- C:\WINDOWS\System32\dllcache\el575nd5.sys
[2011.05.15 16:09:15 | 000,024,653 | ---- | C] (3Com Corporation) -- C:\WINDOWS\System32\dllcache\el574nd4.sys
[2011.05.15 16:09:14 | 000,055,999 | ---- | C] (3Com Corporation) -- C:\WINDOWS\System32\dllcache\el556nd5.sys
[2011.05.15 16:09:13 | 000,044,103 | ---- | C] (3Com Corporation) -- C:\WINDOWS\System32\dllcache\el515.sys
[2011.05.15 16:09:07 | 000,019,594 | ---- | C] (Intel Corporation) -- C:\WINDOWS\System32\dllcache\e100isa4.sys
[2011.05.15 16:09:06 | 000,117,760 | ---- | C] (Intel Corporation) -- C:\WINDOWS\System32\dllcache\e100b325.sys
[2011.05.15 16:09:04 | 000,050,719 | ---- | C] (Intel Corporation) -- C:\WINDOWS\System32\dllcache\e1000nt5.sys
[2011.05.15 16:08:59 | 000,334,208 | ---- | C] (Yamaha Corp.) -- C:\WINDOWS\System32\dllcache\ds1wdm.sys
[2011.05.15 16:08:55 | 000,020,192 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\dpti2o.sys
[2011.05.15 16:08:52 | 000,028,062 | ---- | C] (National Semiconductor Coproration) -- C:\WINDOWS\System32\dllcache\dp83820.sys
[2011.05.15 16:08:51 | 000,023,808 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\dot4usb.sys
[2011.05.15 16:08:49 | 000,008,704 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\dot4scan.sys
[2011.05.15 16:08:47 | 000,012,928 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\dot4prt.sys
[2011.05.15 16:08:46 | 000,206,976 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\dot4.sys
[2011.05.15 16:08:43 | 000,029,696 | ---- | C] (CNet Technology, Inc. ) -- C:\WINDOWS\System32\dllcache\dm9pci5.sys
[2011.05.15 16:08:42 | 000,008,320 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\dlttape.sys
[2011.05.15 16:08:41 | 000,026,698 | ---- | C] (D-Link Corporation) -- C:\WINDOWS\System32\dllcache\dlh5xnd5.sys
[2011.05.15 16:08:40 | 000,952,007 | ---- | C] (Eicon Technology) -- C:\WINDOWS\System32\dllcache\diwan.sys
[2011.05.15 16:08:35 | 000,236,060 | ---- | C] (Eicon Technology) -- C:\WINDOWS\System32\dllcache\ditrace.exe
[2011.05.15 16:08:34 | 000,038,985 | ---- | C] (Eicon Technology) -- C:\WINDOWS\System32\dllcache\disrvsu.dll
[2011.05.15 16:08:32 | 000,031,305 | ---- | C] (Eicon Technology) -- C:\WINDOWS\System32\dllcache\disrvpp.dll
[2011.05.15 16:08:30 | 000,006,729 | ---- | C] (Eicon Technology) -- C:\WINDOWS\System32\dllcache\disrvci.dll
[2011.05.15 16:08:29 | 000,091,305 | ---- | C] (Eicon Technology) -- C:\WINDOWS\System32\dllcache\dimaint.sys
[2011.05.15 16:08:28 | 000,614,429 | ---- | C] (Digi International Inc.) -- C:\WINDOWS\System32\dllcache\digiview.exe
[2011.05.15 16:08:27 | 000,042,432 | ---- | C] (Digi International, Inc.) -- C:\WINDOWS\System32\dllcache\digirlpt.sys
[2011.05.15 16:08:26 | 000,110,621 | ---- | C] (Digi International, Inc.) -- C:\WINDOWS\System32\dllcache\digirlpt.dll
[2011.05.15 16:08:25 | 000,041,046 | ---- | C] (Digi International Inc.) -- C:\WINDOWS\System32\dllcache\digiisdn.dll
[2011.05.15 16:08:25 | 000,021,606 | ---- | C] (Digi International Inc.) -- C:\WINDOWS\System32\dllcache\digiisdn.sys
[2011.05.15 16:08:24 | 000,102,484 | ---- | C] (Digi International Inc.) -- C:\WINDOWS\System32\dllcache\digiinf.dll
[2011.05.15 16:08:23 | 000,159,828 | ---- | C] (Digi International Inc.) -- C:\WINDOWS\System32\dllcache\digihlc.dll
[2011.05.15 16:08:22 | 000,229,462 | ---- | C] (Digi International Inc.) -- C:\WINDOWS\System32\dllcache\digifwrk.dll
[2011.05.15 16:08:22 | 000,090,525 | ---- | C] (Digi International Inc.) -- C:\WINDOWS\System32\dllcache\digifep5.sys
[2011.05.15 16:08:21 | 000,103,044 | ---- | C] (Digi International Inc.) -- C:\WINDOWS\System32\dllcache\digidxb.sys
[2011.05.15 16:08:20 | 000,131,156 | ---- | C] (Digi International Inc.) -- C:\WINDOWS\System32\dllcache\digidbp.dll
[2011.05.15 16:08:19 | 000,065,622 | ---- | C] (Digi International Inc.) -- C:\WINDOWS\System32\dllcache\digiasyn.dll
[2011.05.15 16:08:19 | 000,037,735 | ---- | C] (Digi International Inc.) -- C:\WINDOWS\System32\dllcache\digiasyn.sys
[2011.05.15 16:08:10 | 000,419,357 | ---- | C] (Digi International) -- C:\WINDOWS\System32\dllcache\dgconfig.dll
[2011.05.15 16:08:09 | 000,029,531 | ---- | C] (Digi International Inc.) -- C:\WINDOWS\System32\dllcache\dgapci.sys
[2011.05.15 16:08:08 | 000,024,649 | ---- | C] (D-Link) -- C:\WINDOWS\System32\dllcache\dfe650d.sys
[2011.05.15 16:08:07 | 000,024,648 | ---- | C] (D-Link) -- C:\WINDOWS\System32\dllcache\dfe650.sys
[2011.05.15 16:08:06 | 000,024,064 | ---- | C] (Creative Technology Ltd.) -- C:\WINDOWS\System32\dllcache\devldr32.exe
[2011.05.15 16:08:04 | 000,256,512 | ---- | C] (Creative Technology Ltd.) -- C:\WINDOWS\System32\dllcache\devcon32.dll
[2011.05.15 16:08:02 | 000,020,928 | ---- | C] (Digital Networks, LLC) -- C:\WINDOWS\System32\dllcache\defpa.sys
[2011.05.15 16:08:02 | 000,007,424 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\ddsmc.sys
[2011.05.15 16:08:00 | 000,110,592 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\dc260usd.dll
[2011.05.15 16:08:00 | 000,086,016 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\dc240usd.dll
[2011.05.15 16:07:59 | 000,063,208 | ---- | C] (Intel Corporation.) -- C:\WINDOWS\System32\dllcache\dc21x4.sys
[2011.05.15 16:07:58 | 000,080,896 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\dc210usd.dll
[2011.05.15 16:07:57 | 000,025,600 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\dc210_32.dll
[2011.05.15 16:07:51 | 000,179,584 | ---- | C] (Mylex Corporation) -- C:\WINDOWS\System32\dllcache\dac2w2k.sys
[2011.05.15 16:07:51 | 000,014,720 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\dac960nt.sys
[2011.05.15 16:07:48 | 000,117,760 | ---- | C] (Intel Corporation) -- C:\WINDOWS\System32\dllcache\d100ib5.sys
[2011.05.15 16:07:48 | 000,027,648 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\cyzports.dll
[2011.05.15 16:07:46 | 000,049,792 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\cyzport.sys
[2011.05.15 16:07:44 | 000,027,136 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\cyzcoins.dll
[2011.05.15 16:07:43 | 000,027,648 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\cyyports.dll
[2011.05.15 16:07:42 | 000,050,176 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\cyyport.sys
[2011.05.15 16:07:42 | 000,028,672 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\cyycoins.dll
[2011.05.15 16:07:41 | 000,014,848 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\cyclom-y.sys
[2011.05.15 16:07:40 | 000,048,640 | ---- | C] (Crystal Semiconductor Corp.) -- C:\WINDOWS\System32\dllcache\cwrwdm.sys
[2011.05.15 16:07:40 | 000,017,152 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\cyclad-z.sys
[2011.05.15 16:07:38 | 000,093,952 | ---- | C] (Crystal Semiconductor Corp.) -- C:\WINDOWS\System32\dllcache\cwcwdm.sys
[2011.05.15 16:07:36 | 000,111,872 | ---- | C] (Crystal Semiconductor Corp.) -- C:\WINDOWS\System32\dllcache\cwcspud.sys
[2011.05.15 16:07:35 | 000,003,584 | ---- | C] (Crystal Semiconductor Corp.) -- C:\WINDOWS\System32\dllcache\cwcosnt5.sys
[2011.05.15 16:07:34 | 000,072,832 | ---- | C] (Crystal Semiconductor Corp.) -- C:\WINDOWS\System32\dllcache\cwbwdm.sys
[2011.05.15 16:07:34 | 000,003,072 | ---- | C] (Crystal Semiconductor Corp.) -- C:\WINDOWS\System32\dllcache\cwbmidi.sys
[2011.05.15 16:07:33 | 000,003,072 | ---- | C] (Crystal Semiconductor Corp.) -- C:\WINDOWS\System32\dllcache\cwbase.sys
[2011.05.15 16:07:32 | 000,249,856 | ---- | C] (Comtrol® Corporation) -- C:\WINDOWS\System32\dllcache\ctmasetp.dll
[2011.05.15 16:07:32 | 000,004,096 | ---- | C] (Creative Technology Ltd.) -- C:\WINDOWS\System32\dllcache\ctwdm32.dll
[2011.05.15 16:07:31 | 000,096,256 | ---- | C] (Copyright © Creative Technology Ltd. 1994-2001) -- C:\WINDOWS\System32\dllcache\ctlsb16.sys
[2011.05.15 16:07:30 | 000,003,712 | ---- | C] (Creative Technology Ltd.) -- C:\WINDOWS\System32\dllcache\ctljystk.sys
[2011.05.15 16:07:29 | 000,006,912 | ---- | C] (Creative Technology Ltd.) -- C:\WINDOWS\System32\dllcache\ctlfacem.sys
[2011.05.15 16:07:26 | 000,175,104 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\csamsp.dll
[2011.05.15 16:07:25 | 000,042,112 | ---- | C] (Conexant Systems Inc.) -- C:\WINDOWS\System32\dllcache\crtaud.sys
[2011.05.15 16:07:24 | 000,216,064 | ---- | C] (COMPAQ Inc.) -- C:\WINDOWS\System32\dllcache\cpscan.dll
[2011.05.15 16:07:23 | 000,060,970 | ---- | C] (Compaq Computer Corp.) -- C:\WINDOWS\System32\dllcache\cpqtrnd5.sys
[2011.05.15 16:07:23 | 000,021,533 | ---- | C] (Compaq Computer Corporation) -- C:\WINDOWS\System32\dllcache\cpqndis5.sys
[2011.05.15 16:07:22 | 000,014,976 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\cpqarray.sys
[2011.05.15 16:07:17 | 000,044,032 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\cnusd.dll
[2011.05.15 16:07:17 | 000,039,936 | ---- | C] (Conexant Systems, Inc.) -- C:\WINDOWS\System32\dllcache\cnxt1803.sys
[2011.05.15 16:07:15 | 000,006,656 | ---- | C] (CMD Technology, Inc.) -- C:\WINDOWS\System32\dllcache\cmdide.sys
[2011.05.15 16:07:14 | 000,020,736 | ---- | C] (OMNIKEY AG) -- C:\WINDOWS\System32\dllcache\cmbp0wdm.sys
[2011.05.15 16:07:12 | 000,248,064 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\cl546xm.sys
[2011.05.15 16:07:11 | 000,170,880 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\cl546x.dll
[2011.05.15 16:07:10 | 000,111,232 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\cl5465.dll
[2011.05.15 16:07:09 | 000,045,696 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\cirrus.sys
[2011.05.15 16:07:08 | 000,091,264 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\cirrus.dll
[2011.05.15 16:07:07 | 000,272,640 | ---- | C] (RAVISENT Technologies Inc.) -- C:\WINDOWS\System32\dllcache\cinemclc.sys
[2011.05.15 16:07:06 | 000,980,034 | ---- | C] (Xircom) -- C:\WINDOWS\System32\dllcache\cicap.sys
[2011.05.15 16:07:01 | 000,008,192 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\changer.sys
[2011.05.15 16:06:56 | 000,015,423 | ---- | C] (Intel® Corporation) -- C:\WINDOWS\System32\dllcache\ch7xxnt5.dll
[2011.05.15 16:06:55 | 000,049,182 | ---- | C] (Xircom, Inc.) -- C:\WINDOWS\System32\dllcache\cem56n5.sys
[2011.05.15 16:06:55 | 000,022,044 | ---- | C] (Xircom, Inc.) -- C:\WINDOWS\System32\dllcache\cem33n5.sys
[2011.05.15 16:06:54 | 000,022,044 | ---- | C] (Xircom, Inc.) -- C:\WINDOWS\System32\dllcache\cem28n5.sys
[2011.05.15 16:06:53 | 000,027,164 | ---- | C] (Xircom, Inc.) -- C:\WINDOWS\System32\dllcache\ce3n5.sys
[2011.05.15 16:06:52 | 000,021,530 | ---- | C] (Xircom, Inc.) -- C:\WINDOWS\System32\dllcache\ce2n5.sys
[2011.05.15 16:06:50 | 000,007,680 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\cd20xrnt.sys
[2011.05.15 16:06:49 | 000,714,698 | ---- | C] (Xircom, Inc.) -- C:\WINDOWS\System32\dllcache\cbmdmkxx.sys
[2011.05.15 16:06:49 | 000,046,108 | ---- | C] (Xircom, Inc.) -- C:\WINDOWS\System32\dllcache\cben5.sys
[2011.05.15 16:06:48 | 000,039,680 | ---- | C] (Silicom Ltd.) -- C:\WINDOWS\System32\dllcache\cb325.sys
[2011.05.15 16:06:48 | 000,037,916 | ---- | C] (Fast Ethernet Controller Provider) -- C:\WINDOWS\System32\dllcache\cb102.sys
[2011.05.15 16:06:46 | 000,032,256 | ---- | C] (Eicon Technology Corporation) -- C:\WINDOWS\System32\dllcache\diapi2NT.dll
[2011.05.15 16:06:45 | 000,164,923 | ---- | C] (Eicon Technology) -- C:\WINDOWS\System32\dllcache\diapi2.sys
[2011.05.15 16:06:44 | 000,121,856 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\camext30.dll
[2011.05.15 16:06:44 | 000,116,736 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\camext30.ax
[2011.05.15 16:06:43 | 000,244,224 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\camext20.ax
[2011.05.15 16:06:43 | 000,236,032 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\camext20.dll
[2011.05.15 16:06:42 | 000,171,264 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\camdrv30.sys
[2011.05.15 16:06:42 | 000,074,240 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\camexo20.dll
[2011.05.15 16:06:42 | 000,073,216 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\camexo20.ax
[2011.05.15 16:06:41 | 000,314,752 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\camdro21.sys
[2011.05.15 16:06:41 | 000,223,232 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\camdrv21.sys
[2011.05.15 16:06:27 | 000,013,824 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\bulltlp3.sys
[2011.05.15 16:06:26 | 000,101,120 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\bthpan.sys
[2011.05.15 16:06:26 | 000,036,480 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\bthprint.sys
[2011.05.15 16:06:26 | 000,018,944 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\bthusb.sys
[2011.05.15 16:06:25 | 000,037,888 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\bthmodem.sys
[2011.05.15 16:06:25 | 000,017,024 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\bthenum.sys
[2011.05.15 16:06:24 | 000,031,529 | ---- | C] (BreezeCOM) -- C:\WINDOWS\System32\dllcache\brzwlan.sys
[2011.05.15 16:06:24 | 000,010,368 | ---- | C] (Brother Industries Ltd.) -- C:\WINDOWS\System32\dllcache\brusbscn.sys
[2011.05.15 16:06:23 | 000,060,416 | ---- | C] (Brother Industries Ltd.) -- C:\WINDOWS\System32\dllcache\brserwdm.sys
[2011.05.15 16:06:23 | 000,011,008 | ---- | C] (Brother Industries Ltd.) -- C:\WINDOWS\System32\dllcache\brusbmdm.sys
[2011.05.15 16:06:23 | 000,009,728 | ---- | C] (Brother Industries, Ltd.) -- C:\WINDOWS\System32\dllcache\brserif.dll
[2011.05.15 16:06:22 | 000,039,552 | ---- | C] (Brother Industries Ltd.) -- C:\WINDOWS\System32\dllcache\brparwdm.sys
[2011.05.15 16:06:22 | 000,005,120 | ---- | C] (Brother Industries,Ltd.) -- C:\WINDOWS\System32\dllcache\brscnrsm.dll
[2011.05.15 16:06:21 | 000,003,168 | ---- | C] (Brother Industries Ltd.) -- C:\WINDOWS\System32\dllcache\brparimg.sys
[2011.05.15 16:06:20 | 000,041,472 | ---- | C] (Brother Industries, Ltd.) -- C:\WINDOWS\System32\dllcache\brmfusb.dll
[2011.05.15 16:06:20 | 000,032,256 | ---- | C] (Brother Industries, Ltd.) -- C:\WINDOWS\System32\dllcache\brmfrsmg.exe
[2011.05.15 16:06:19 | 000,081,408 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\brmfcwia.dll
[2011.05.15 16:06:19 | 000,029,696 | ---- | C] (Brother Industries, Ltd.) -- C:\WINDOWS\System32\dllcache\brmflpt.dll
[2011.05.15 16:06:19 | 000,015,360 | ---- | C] (Brother Industries, Ltd.) -- C:\WINDOWS\System32\dllcache\brmfbidi.dll
[2011.05.15 16:06:18 | 000,012,160 | ---- | C] (Brother Industries, Ltd.) -- C:\WINDOWS\System32\dllcache\brfiltlo.sys
[2011.05.15 16:06:18 | 000,003,968 | ---- | C] (Brother Industries, Ltd.) -- C:\WINDOWS\System32\dllcache\brfiltup.sys
[2011.05.15 16:06:18 | 000,002,944 | ---- | C] (Brother Industries Ltd.) -- C:\WINDOWS\System32\dllcache\brfilt.sys
[2011.05.15 16:06:17 | 000,019,456 | ---- | C] (Brother Industries, Ltd.) -- C:\WINDOWS\System32\dllcache\brbidiif.dll
[2011.05.15 16:06:17 | 000,012,800 | ---- | C] (Brother Industries, Ltd.) -- C:\WINDOWS\System32\dllcache\brevif.dll
[2011.05.15 16:06:17 | 000,009,728 | ---- | C] (Brother Industries Ltd.) -- C:\WINDOWS\System32\dllcache\brcoinst.dll
[2011.05.15 16:06:15 | 000,102,400 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\binlsvc.dll
[2011.05.15 16:06:14 | 000,871,388 | ---- | C] (BCM) -- C:\WINDOWS\System32\dllcache\bcmdm.sys
[2011.05.15 16:06:14 | 000,054,271 | ---- | C] (Broadcom Corporation) -- C:\WINDOWS\System32\dllcache\bcm42xx5.sys
[2011.05.15 16:06:14 | 000,026,568 | ---- | C] (Broadcom Corporation) -- C:\WINDOWS\System32\dllcache\bcm4e5.sys
[2011.05.15 16:06:13 | 000,066,557 | ---- | C] (Broadcom Corporation) -- C:\WINDOWS\System32\dllcache\bcm42u.sys
[2011.05.15 16:06:12 | 000,036,128 | ---- | C] (3Dfx Interactive, Inc.) -- C:\WINDOWS\System32\dllcache\banshee.sys
[2011.05.15 16:06:11 | 000,342,336 | ---- | C] (3Dfx Interactive, Inc.) -- C:\WINDOWS\System32\dllcache\banshee.dll
[2011.05.15 16:06:11 | 000,096,640 | ---- | C] (Broadcom Corporation) -- C:\WINDOWS\System32\dllcache\b57xp32.sys
[2011.05.15 16:06:11 | 000,089,952 | ---- | C] (AVM GmbH) -- C:\WINDOWS\System32\dllcache\b1cbase.sys
[2011.05.15 16:06:10 | 000,037,568 | ---- | C] (AVM GmbH) -- C:\WINDOWS\System32\dllcache\avmwan.sys
[2011.05.15 16:06:10 | 000,036,992 | ---- | C] (Aztech Systems Ltd) -- C:\WINDOWS\System32\dllcache\aztw2320.sys
[2011.05.15 16:06:09 | 000,144,384 | ---- | C] (AVM GmbH) -- C:\WINDOWS\System32\dllcache\avmenum.dll
[2011.05.15 16:06:09 | 000,087,552 | ---- | C] (AVM GmbH) -- C:\WINDOWS\System32\dllcache\avmcoxp.dll
[2011.05.15 16:06:08 | 000,036,096 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\avcaudio.sys
[2011.05.15 16:06:08 | 000,013,696 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\avcstrm.sys
[2011.05.15 16:06:07 | 000,038,912 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\avc.sys
[2011.05.15 16:06:02 | 000,017,279 | ---- | C] (Intel® Corporation) -- C:\WINDOWS\System32\dllcache\atv10nt5.dll
[2011.05.15 16:06:01 | 000,014,143 | ---- | C] (Intel® Corporation) -- C:\WINDOWS\System32\dllcache\atv06nt5.dll
[2011.05.15 16:06:00 | 000,025,471 | ---- | C] (Intel® Corporation) -- C:\WINDOWS\System32\dllcache\atv04nt5.dll
[2011.05.15 16:06:00 | 000,011,359 | ---- | C] (Intel® Corporation) -- C:\WINDOWS\System32\dllcache\atv02nt5.dll
[2011.05.15 16:05:59 | 000,021,183 | ---- | C] (Intel® Corporation) -- C:\WINDOWS\System32\dllcache\atv01nt5.dll
[2011.05.15 16:05:57 | 000,516,768 | ---- | C] (ATI Technologies Inc. ) -- C:\WINDOWS\System32\dllcache\ativvaxx.dll
[2011.05.15 16:05:56 | 000,032,768 | ---- | C] (ATI Technologies Inc.) -- C:\WINDOWS\System32\dllcache\ativtmxx.dll
[2011.05.15 16:05:55 | 000,023,040 | ---- | C] (ATI Technologies Inc.) -- C:\WINDOWS\System32\dllcache\ativmvxx.ax
[2011.05.15 16:05:55 | 000,009,728 | ---- | C] (ATI Technologies Inc.) -- C:\WINDOWS\System32\dllcache\ativdaxx.ax
[2011.05.15 16:05:53 | 000,104,832 | ---- | C] (ATI Technologies Inc.) -- C:\WINDOWS\System32\dllcache\atiraged.dll
[2011.05.15 16:05:53 | 000,070,528 | ---- | C] (ATI Technologies Inc.) -- C:\WINDOWS\System32\dllcache\atiragem.sys
[2011.05.15 16:05:52 | 000,063,488 | ---- | C] (ATI Technologies Inc.) -- C:\WINDOWS\System32\dllcache\atinxsxx.sys
[2011.05.15 16:05:52 | 000,031,744 | ---- | C] (ATI Technologies Inc.) -- C:\WINDOWS\System32\dllcache\atinxbxx.sys
[2011.05.15 16:05:51 | 000,073,216 | ---- | C] (ATI Technologies Inc.) -- C:\WINDOWS\System32\dllcache\atintuxx.sys
[2011.05.15 16:05:51 | 000,013,824 | ---- | C] (ATI Technologies Inc.) -- C:\WINDOWS\System32\dllcache\atinttxx.sys
[2011.05.15 16:05:50 | 000,028,672 | ---- | C] (ATI Technologies Inc.) -- C:\WINDOWS\System32\dllcache\atinsnxx.sys
[2011.05.15 16:05:49 | 000,104,960 | ---- | C] (ATI Technologies Inc.) -- C:\WINDOWS\System32\dllcache\atinrvxx.sys
[2011.05.15 16:05:49 | 000,052,224 | ---- | C] (ATI Technologies Inc.) -- C:\WINDOWS\System32\dllcache\atinraxx.sys
[2011.05.15 16:05:49 | 000,014,336 | ---- | C] (ATI Technologies Inc.) -- C:\WINDOWS\System32\dllcache\atinpdxx.sys
[2011.05.15 16:05:49 | 000,013,824 | ---- | C] (ATI Technologies Inc.) -- C:\WINDOWS\System32\dllcache\atinmdxx.sys
[2011.05.15 16:05:48 | 000,281,600 | ---- | C] (ATI Technologies Inc.) -- C:\WINDOWS\System32\dllcache\atimtai.sys
[2011.05.15 16:05:48 | 000,057,856 | ---- | C] (ATI Technologies Inc.) -- C:\WINDOWS\System32\dllcache\atinbtxx.sys
[2011.05.15 16:05:47 | 000,289,664 | ---- | C] (ATI Technologies Inc.) -- C:\WINDOWS\System32\dllcache\atimpab.sys
[2011.05.15 16:05:47 | 000,268,160 | ---- | C] (ATI Technologies Inc.) -- C:\WINDOWS\System32\dllcache\atidvai.dll
[2011.05.15 16:05:47 | 000,075,136 | ---- | C] (ATI Technologies Inc.) -- C:\WINDOWS\System32\dllcache\atimpae.sys
[2011.05.15 16:05:47 | 000,037,376 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\atievxx.exe
[2011.05.15 16:05:46 | 000,382,592 | ---- | C] (ATI Technologies Inc.) -- C:\WINDOWS\System32\dllcache\atidrab.dll
[2011.05.15 16:05:46 | 000,137,216 | ---- | C] (ATI Technologies Inc.) -- C:\WINDOWS\System32\dllcache\atidrae.dll
[2011.05.15 16:05:45 | 001,888,992 | ---- | C] (ATI Technologies Inc. ) -- C:\WINDOWS\System32\dllcache\ati3duag.dll
[2011.05.15 16:05:45 | 000,870,784 | ---- | C] (ATI Technologies Inc. ) -- C:\WINDOWS\System32\dllcache\ati3d1ag.dll
[2011.05.15 16:05:44 | 000,701,440 | ---- | C] (ATI Technologies Inc.) -- C:\WINDOWS\System32\dllcache\ati2mtag.sys
[2011.05.15 16:05:44 | 000,327,040 | ---- | C] (ATI Technologies Inc.) -- C:\WINDOWS\System32\dllcache\ati2mtaa.sys
[2011.05.15 16:05:43 | 000,377,984 | ---- | C] (ATI Technologies Inc.) -- C:\WINDOWS\System32\dllcache\ati2dvaa.dll
[2011.05.15 16:05:43 | 000,229,376 | ---- | C] (ATI Technologies Inc.) -- C:\WINDOWS\System32\dllcache\ati2cqag.dll
[2011.05.15 16:05:43 | 000,201,728 | ---- | C] (ATI Technologies Inc.) -- C:\WINDOWS\System32\dllcache\ati2dvag.dll
[2011.05.15 16:05:42 | 000,034,735 | ---- | C] (ATI Technologies Inc.) -- C:\WINDOWS\System32\dllcache\ati1xsxx.sys
[2011.05.15 16:05:42 | 000,029,455 | ---- | C] (ATI Technologies Inc.) -- C:\WINDOWS\System32\dllcache\ati1xbxx.sys
[2011.05.15 16:05:41 | 000,036,463 | ---- | C] (ATI Technologies Inc.) -- C:\WINDOWS\System32\dllcache\ati1tuxx.sys
[2011.05.15 16:05:41 | 000,026,367 | ---- | C] (ATI Technologies Inc.) -- C:\WINDOWS\System32\dllcache\ati1snxx.sys
[2011.05.15 16:05:41 | 000,021,343 | ---- | C] (ATI Technologies Inc.) -- C:\WINDOWS\System32\dllcache\ati1ttxx.sys
[2011.05.15 16:05:40 | 000,063,663 | ---- | C] (ATI Technologies Inc.) -- C:\WINDOWS\System32\dllcache\ati1rvxx.sys
[2011.05.15 16:05:40 | 000,030,671 | ---- | C] (ATI Technologies Inc.) -- C:\WINDOWS\System32\dllcache\ati1raxx.sys
[2011.05.15 16:05:40 | 000,012,047 | ---- | C] (ATI Technologies Inc.) -- C:\WINDOWS\System32\dllcache\ati1pdxx.sys
[2011.05.15 16:05:39 | 000,056,623 | ---- | C] (ATI Technologies Inc.) -- C:\WINDOWS\System32\dllcache\ati1btxx.sys
[2011.05.15 16:05:39 | 000,011,615 | ---- | C] (ATI Technologies Inc.) -- C:\WINDOWS\System32\dllcache\ati1mdxx.sys
[2011.05.15 16:05:38 | 000,096,128 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\ati.dll
[2011.05.15 16:05:38 | 000,077,568 | ---- | C] (ATI Technologies, Inc.) -- C:\WINDOWS\System32\dllcache\ati.sys
[2011.05.15 16:05:37 | 000,097,354 | ---- | C] (Bay Networks, Inc.) -- C:\WINDOWS\System32\dllcache\aspndis3.sys
[2011.05.15 16:05:36 | 000,026,496 | ---- | C] (Advanced System Products, Inc.) -- C:\WINDOWS\System32\dllcache\asc.sys
[2011.05.15 16:05:36 | 000,022,400 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\asc3350p.sys
[2011.05.15 16:05:36 | 000,014,848 | ---- | C] (Advanced System Products, Inc.) -- C:\WINDOWS\System32\dllcache\asc3550.sys
[2011.05.15 16:05:34 | 000,006,272 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\apmbatt.sys
[2011.05.15 16:05:33 | 000,036,224 | ---- | C] (ADMtek Incorporated.) -- C:\WINDOWS\System32\dllcache\an983.sys
[2011.05.15 16:05:33 | 000,012,032 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\amsint.sys
[2011.05.15 16:05:32 | 000,043,008 | ---- | C] (Advanced Micro Devices, Inc.) -- C:\WINDOWS\System32\dllcache\amdagp.sys
[2011.05.15 16:05:32 | 000,016,969 | ---- | C] (AmbiCom, Inc.) -- C:\WINDOWS\System32\dllcache\amb8002.sys
[2011.05.15 16:05:31 | 000,042,752 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\alim1541.sys
[2011.05.15 16:05:31 | 000,026,624 | ---- | C] (Acer Laboratories Inc.) -- C:\WINDOWS\System32\dllcache\alifir.sys
[2011.05.15 16:05:31 | 000,005,248 | ---- | C] (Acer Laboratories Inc.) -- C:\WINDOWS\System32\dllcache\aliide.sys
[2011.05.15 16:05:30 | 000,056,960 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\aic78xx.sys
[2011.05.15 16:05:30 | 000,055,168 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\aic78u2.sys
[2011.05.15 16:05:30 | 000,027,678 | ---- | C] (Acer Laboratories Inc.) -- C:\WINDOWS\System32\dllcache\ali5261.sys
[2011.05.15 16:05:30 | 000,012,800 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\aha154x.sys
[2011.05.15 16:05:27 | 000,044,928 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\agpcpq.sys
[2011.05.15 16:05:27 | 000,042,368 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\agp440.sys
[2011.05.15 16:05:26 | 000,024,576 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\agcgauge.ax
[2011.05.15 16:05:25 | 000,003,775 | ---- | C] (Intel® Corporation) -- C:\WINDOWS\System32\dllcache\adv11nt5.dll
[2011.05.15 16:05:25 | 000,003,711 | ---- | C] (Intel® Corporation) -- C:\WINDOWS\System32\dllcache\adv09nt5.dll
[2011.05.15 16:05:24 | 000,003,647 | ---- | C] (Intel® Corporation) -- C:\WINDOWS\System32\dllcache\adv07nt5.dll
[2011.05.15 16:05:24 | 000,003,135 | ---- | C] (Intel® Corporation) -- C:\WINDOWS\System32\dllcache\adv08nt5.dll
[2011.05.15 16:05:23 | 000,003,967 | ---- | C] (Intel® Corporation) -- C:\WINDOWS\System32\dllcache\adv02nt5.dll
[2011.05.15 16:05:23 | 000,003,615 | ---- | C] (Intel® Corporation) -- C:\WINDOWS\System32\dllcache\adv05nt5.dll
[2011.05.15 16:05:22 | 000,004,255 | ---- | C] (Intel® Corporation) -- C:\WINDOWS\System32\dllcache\adv01nt5.dll
[2011.05.15 16:05:21 | 000,101,888 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\adpu160m.sys
[2011.05.15 16:05:20 | 000,046,112 | ---- | C] (Adaptec, Inc ) -- C:\WINDOWS\System32\dllcache\adptsf50.sys
[2011.05.15 16:05:20 | 000,010,880 | ---- | C] (Aureal, Inc.) -- C:\WINDOWS\System32\dllcache\admjoy.sys
[2011.05.15 16:05:19 | 000,747,392 | ---- | C] (Aureal, Inc.) -- C:\WINDOWS\System32\dllcache\adm8830.sys
[2011.05.15 16:05:19 | 000,584,448 | ---- | C] (Aureal, Inc.) -- C:\WINDOWS\System32\dllcache\adm8810.sys
[2011.05.15 16:05:19 | 000,553,984 | ---- | C] (Aureal, Inc.) -- C:\WINDOWS\System32\dllcache\adm8820.sys
[2011.05.15 16:05:18 | 000,020,160 | ---- | C] (ADMtek Incorporated) -- C:\WINDOWS\System32\dllcache\adm8511.sys
[2011.05.15 16:05:18 | 000,007,424 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\adicvls.sys
[2011.05.15 16:05:17 | 000,061,440 | ---- | C] (Color Flatbed Scanner) -- C:\WINDOWS\System32\dllcache\acerscad.dll
[2011.05.15 16:05:12 | 000,297,728 | ---- | C] (Silicon Integrated Systems Corp.) -- C:\WINDOWS\System32\dllcache\ac97sis.sys
[2011.05.15 16:05:12 | 000,096,256 | ---- | C] (Intel Corporation) -- C:\WINDOWS\System32\dllcache\ac97intc.sys
[2011.05.15 16:05:12 | 000,084,480 | ---- | C] (VIA Technologies, Inc.) -- C:\WINDOWS\System32\dllcache\ac97via.sys
[2011.05.15 16:05:11 | 000,462,848 | ---- | C] (Aureal Inc.) -- C:\WINDOWS\System32\dllcache\a3dapi.dll
[2011.05.15 16:05:11 | 000,231,552 | ---- | C] (Acer Laboratories Inc.) -- C:\WINDOWS\System32\dllcache\ac97ali.sys
[2011.05.15 16:05:11 | 000,023,552 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\abp480n5.sys
[2011.05.15 16:05:10 | 000,098,304 | ---- | C] (Aureal Semiconductor) -- C:\WINDOWS\System32\dllcache\a3d.dll
[2011.05.15 16:05:10 | 000,048,128 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\61883.sys
[2011.05.15 16:05:10 | 000,038,400 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\8514a.dll
[2011.05.15 16:05:09 | 000,148,352 | ---- | C] (3dfx Interactive, Inc.) -- C:\WINDOWS\System32\dllcache\3dfxvsm.sys
[2011.05.15 16:05:09 | 000,012,288 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\4mmdat.sys
[2011.05.15 16:05:08 | 000,762,780 | ---- | C] (3Com, Inc.) -- C:\WINDOWS\System32\dllcache\3cwmcru.sys
[2011.05.15 16:05:08 | 000,689,216 | ---- | C] (3dfx Interactive, Inc.) -- C:\WINDOWS\System32\dllcache\3dfxvs.dll
[2011.05.15 16:05:08 | 000,011,264 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\1394vdbg.sys
[2011.05.15 16:04:45 | 000,066,048 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\s3legacy.dll
[2011.05.15 16:01:01 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\WinRAR
[2011.05.15 15:39:33 | 000,114,688 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\calc.exe
[2011.05.15 15:39:33 | 000,114,688 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\calc.exe
[2011.05.15 15:17:33 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\VideoLAN
[2011.05.15 02:53:32 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Sun
[2011.05.15 02:53:25 | 000,472,808 | ---- | C] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\deployJava1.dll
[2011.05.15 02:53:25 | 000,157,472 | ---- | C] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\javaws.exe
[2011.05.15 02:53:25 | 000,145,184 | ---- | C] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\javaw.exe
[2011.05.15 02:53:25 | 000,145,184 | ---- | C] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\java.exe
[2011.05.15 02:44:05 | 000,000,000 | ---D | C] -- C:\Documents and Settings\LocalService\Application Data\Macromedia
[2011.05.15 02:44:04 | 000,000,000 | ---D | C] -- C:\Documents and Settings\LocalService\Application Data\Adobe
[2011.05.15 02:29:18 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Andrew\Local Settings\Application Data\Secunia PSI
[2011.05.15 02:29:11 | 000,000,000 | ---D | C] -- C:\Program Files\Secunia
[2011.05.14 23:31:25 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Andrew\Application Data\Malwarebytes
[2011.05.14 23:31:16 | 000,038,224 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys
[2011.05.14 23:31:16 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Malwarebytes' Anti-Malware
[2011.05.14 23:31:13 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Malwarebytes
[2011.05.14 23:31:08 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2011.05.14 14:23:59 | 000,404,640 | ---- | C] (Adobe Systems Incorporated) -- C:\WINDOWS\System32\FlashPlayerCPLApp.cpl
[2011.05.08 14:44:44 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Andrew\Desktop\Kareen
[2008.10.22 21:57:08 | 000,229,376 | ---- | C] (Intel® Corporation) -- C:\Program Files\ChipUtil.exe
[5 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
[4 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[1 C:\Documents and Settings\Andrew\*.tmp files -> C:\Documents and Settings\Andrew\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2011.06.04 19:51:00 | 000,580,096 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Andrew\Desktop\OTL.exe
[2011.06.04 19:50:11 | 000,001,159 | ---- | M] () -- C:\Documents and Settings\Andrew\Application Data\Microsoft\Internet Explorer\Quick Launch\Shortcut to Desktop.lnk
[2011.06.04 19:49:23 | 000,000,424 | -H-- | M] () -- C:\WINDOWS\tasks\User_Feed_Synchronization-{44FFB25D-4FB5-4514-8F27-10BDFF62832C}.job
[2011.06.04 19:13:00 | 000,000,886 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job
[2011.06.04 17:27:37 | 000,000,868 | ---- | M] () -- C:\WINDOWS\tasks\Google Software Updater.job
[2011.06.04 16:28:16 | 000,000,236 | ---- | M] () -- C:\Documents and Settings\Andrew\Desktop\live.rtf
[2011.06.04 14:43:01 | 000,002,335 | ---- | M] () -- C:\Documents and Settings\Andrew\Start Menu\programs\Startup\Adobe Acrobat Speed Launcher.lnk
[2011.06.04 14:42:53 | 000,000,882 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job
[2011.06.04 14:33:00 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2011.06.04 14:32:58 | 2137,038,848 | -HS- | M] () -- C:\hiberfil.sys
[2011.06.03 00:01:11 | 000,000,991 | ---- | M] () -- C:\Documents and Settings\Andrew\Desktop\magicJack.lnk
[2011.06.02 17:13:25 | 000,000,162 | ---- | M] () -- C:\WINDOWS\mrpotato.ini
[2011.06.02 03:57:17 | 000,000,027 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts
[2011.05.31 22:21:32 | 000,001,130 | ---- | M] () -- C:\Documents and Settings\Andrew\Local Settings\Application Data\FASTWiz.html
[2011.05.31 21:46:59 | 000,000,327 | RHS- | M] () -- C:\boot.ini
[2011.05.31 14:36:03 | 000,000,116 | ---- | M] () -- C:\WINDOWS\NeroDigital.ini
[2011.05.30 15:04:51 | 000,346,608 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2011.05.30 02:29:33 | 000,074,703 | ---- | M] () -- C:\WINDOWS\System32\mfc45.dll
[2011.05.29 17:06:07 | 000,002,206 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2011.05.29 03:19:45 | 000,002,281 | ---- | M] () -- C:\Documents and Settings\Andrew\Application Data\Microsoft\Internet Explorer\Quick Launch\Microsoft Office Word 2007.lnk
[2011.05.28 18:45:36 | 000,047,616 | ---- | M] () -- C:\Documents and Settings\Andrew\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2011.05.24 22:53:19 | 000,466,516 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2011.05.24 22:53:19 | 000,079,878 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2011.05.20 18:32:02 | 000,000,064 | ---- | M] () -- C:\WINDOWS\System32\rp_stats.dat
[2011.05.20 18:32:02 | 000,000,044 | ---- | M] () -- C:\WINDOWS\System32\rp_rules.dat
[2011.05.20 02:42:45 | 000,037,913 | ---- | M] () -- C:\Documents and Settings\Andrew\Desktop\Let's talk about Fuchtner.rtf
[2011.05.19 02:23:48 | 000,001,678 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\SUPERAntiSpyware Free Edition.lnk
[2011.05.15 16:59:49 | 000,001,917 | ---- | M] () -- C:\WINDOWS\imsins.BAK
[2011.05.15 15:09:20 | 000,000,837 | ---- | M] () -- C:\Documents and Settings\Andrew\Application Data\Microsoft\Internet Explorer\Quick Launch\Wordpad.lnk
[2011.05.15 15:03:39 | 000,000,386 | ---- | M] () -- C:\Documents and Settings\Andrew\Application Data\Microsoft\Internet Explorer\Quick Launch\Shortcut to Andrew.lnk
[2011.05.15 15:02:20 | 000,000,079 | ---- | M] () -- C:\Documents and Settings\Andrew\Application Data\Microsoft\Internet Explorer\Quick Launch\Show desktop.scf
[2011.05.15 15:00:14 | 000,000,763 | ---- | M] () -- C:\Documents and Settings\Andrew\Application Data\Microsoft\Internet Explorer\Quick Launch\Shortcut to iexplore.lnk
[2011.05.15 03:03:03 | 000,404,640 | ---- | M] (Adobe Systems Incorporated) -- C:\WINDOWS\System32\FlashPlayerCPLApp.cpl
[2011.05.15 02:53:11 | 000,472,808 | ---- | M] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\deployJava1.dll
[2011.05.15 02:53:11 | 000,157,472 | ---- | M] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\javaws.exe
[2011.05.15 02:53:11 | 000,145,184 | ---- | M] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\javaw.exe
[2011.05.15 02:53:11 | 000,145,184 | ---- | M] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\java.exe
[2011.05.15 02:53:11 | 000,073,728 | ---- | M] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\javacpl.cpl
[2011.05.14 18:26:16 | 000,000,336 | ---- | M] () -- C:\Documents and Settings\All Users\Application Data\17555236
[2011.05.14 18:16:44 | 000,001,509 | ---- | M] () -- C:\Documents and Settings\Andrew\Application Data\7A72.C20
[5 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
[4 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[1 C:\Documents and Settings\Andrew\*.tmp files -> C:\Documents and Settings\Andrew\*.tmp -> ]

========== Files Created - No Company Name ==========

[2011.06.04 16:28:16 | 000,000,236 | ---- | C] () -- C:\Documents and Settings\Andrew\Desktop\live.rtf
[2011.06.03 22:46:17 | 000,000,868 | ---- | C] () -- C:\WINDOWS\tasks\Google Software Updater.job
[2011.05.31 22:21:29 | 000,001,130 | ---- | C] () -- C:\Documents and Settings\Andrew\Local Settings\Application Data\FASTWiz.html
[2011.05.31 21:46:59 | 000,000,211 | ---- | C] () -- C:\Boot.bak
[2011.05.31 21:46:57 | 000,260,272 | RHS- | C] () -- C:\cmldr
[2011.05.31 21:22:22 | 000,256,512 | ---- | C] () -- C:\WINDOWS\PEV.exe
[2011.05.31 21:22:22 | 000,208,896 | ---- | C] () -- C:\WINDOWS\MBR.exe
[2011.05.31 21:22:22 | 000,098,816 | ---- | C] () -- C:\WINDOWS\sed.exe
[2011.05.31 21:22:22 | 000,080,412 | ---- | C] () -- C:\WINDOWS\grep.exe
[2011.05.31 21:22:22 | 000,068,096 | ---- | C] () -- C:\WINDOWS\zip.exe
[2011.05.30 02:29:33 | 000,074,703 | ---- | C] () -- C:\WINDOWS\System32\mfc45.dll
[2011.05.19 16:15:30 | 2137,038,848 | -HS- | C] () -- C:\hiberfil.sys
[2011.05.19 02:23:48 | 000,001,678 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\SUPERAntiSpyware Free Edition.lnk
[2011.05.17 20:20:28 | 000,037,913 | ---- | C] () -- C:\Documents and Settings\Andrew\Desktop\Let's talk about Fuchtner.rtf
[2011.05.16 22:46:50 | 000,002,365 | ---- | C] () -- C:\Documents and Settings\Andrew\Desktop\SeaTools for Windows.lnk
[2011.05.16 22:46:50 | 000,001,752 | ---- | C] () -- C:\Documents and Settings\Andrew\Desktop\Adobe Acrobat 7.0 Standard.lnk
[2011.05.16 22:45:51 | 000,000,800 | ---- | C] () -- C:\Documents and Settings\Andrew\Application Data\Microsoft\Internet Explorer\Quick Launch\Windows Media Player.lnk
[2011.05.16 22:45:42 | 000,002,465 | ---- | C] () -- C:\Documents and Settings\Andrew\Application Data\Microsoft\Internet Explorer\Quick Launch\Microsoft Office OneNote 2007.lnk
[2011.05.16 22:45:42 | 000,002,281 | ---- | C] () -- C:\Documents and Settings\Andrew\Application Data\Microsoft\Internet Explorer\Quick Launch\Microsoft Office Word 2007.lnk
[2011.05.16 22:44:20 | 000,002,335 | ---- | C] () -- C:\Documents and Settings\Andrew\Start Menu\programs\Startup\Adobe Acrobat Speed Launcher.lnk
[2011.05.16 22:44:20 | 000,001,787 | ---- | C] () -- C:\Documents and Settings\Andrew\Start Menu\programs\Startup\Windows Search.lnk
[2011.05.16 22:44:19 | 000,002,271 | ---- | C] () -- C:\Documents and Settings\Andrew\Start Menu\Programs\Skype
[2011.05.16 22:44:19 | 000,002,193 | ---- | C] () -- C:\Documents and Settings\Andrew\Start Menu\programs\QuickTime Player.lnk
[2011.05.16 22:44:19 | 000,001,839 | ---- | C] () -- C:\Documents and Settings\Andrew\Start Menu\programs\Windows Live Messenger .lnk
[2011.05.16 22:44:19 | 000,001,803 | ---- | C] () -- C:\Documents and Settings\Andrew\Start Menu\programs\Windows Search.lnk
[2011.05.16 22:44:19 | 000,001,656 | ---- | C] () -- C:\Documents and Settings\Andrew\Start Menu\programs\VideoInspector.lnk
[2011.05.16 22:44:19 | 000,000,941 | ---- | C] () -- C:\Documents and Settings\Andrew\Start Menu\programs\Spybot - Search & Destroy.lnk
[2011.05.16 22:44:19 | 000,000,824 | ---- | C] () -- C:\Documents and Settings\Andrew\Start Menu\programs\Yahoo! Messenger.lnk
[2011.05.16 22:44:19 | 000,000,787 | ---- | C] () -- C:\Documents and Settings\Andrew\Start Menu\programs\Recovery Toolbox for RAR.lnk
[2011.05.16 22:44:19 | 000,000,786 | ---- | C] () -- C:\Documents and Settings\Andrew\Start Menu\programs\Windows Movie Maker.lnk
[2011.05.16 22:44:19 | 000,000,737 | ---- | C] () -- C:\Documents and Settings\Andrew\Start Menu\programs\YouTube FLV Downloader.lnk
[2011.05.16 22:44:19 | 000,000,723 | ---- | C] () -- C:\Documents and Settings\Andrew\Start Menu\programs\Panda USB Vaccine.lnk
[2011.05.16 22:44:19 | 000,000,691 | ---- | C] () -- C:\Documents and Settings\Andrew\Start Menu\programs\VLC media player.lnk
[2011.05.16 22:44:19 | 000,000,682 | ---- | C] () -- C:\Documents and Settings\Andrew\Start Menu\programs\RAR Repair Tool.lnk
[2011.05.16 22:44:19 | 000,000,609 | ---- | C] () -- C:\Documents and Settings\Andrew\Start Menu\programs\Windows Messenger.lnk
[2011.05.16 22:44:18 | 000,002,415 | ---- | C] () -- C:\Documents and Settings\Andrew\Start Menu\programs\Dell Support Center.lnk
[2011.05.16 22:44:18 | 000,002,407 | ---- | C] () -- C:\Documents and Settings\Andrew\Start Menu\programs\Adobe Acrobat 7.0 Standard.lnk
[2011.05.16 22:44:18 | 000,002,391 | ---- | C] () -- C:\Documents and Settings\Andrew\Start Menu\programs\Microsoft Office PowerPoint Viewer 2007.lnk
[2011.05.16 22:44:18 | 000,002,347 | ---- | C] () -- C:\Documents and Settings\Andrew\Start Menu\programs\Adobe Reader 9.lnk
[2011.05.16 22:44:18 | 000,001,925 | ---- | C] () -- C:\Documents and Settings\Andrew\Start Menu\Programs\Google Earth
[2011.05.16 22:44:18 | 000,001,810 | ---- | C] () -- C:\Documents and Settings\Andrew\Start Menu\programs\Acrobat Distiller 7.0.lnk
[2011.05.16 22:44:18 | 000,001,610 | ---- | C] () -- C:\Documents and Settings\Andrew\Start Menu\programs\afreeCodecVT.lnk
[2011.05.16 22:44:18 | 000,001,498 | ---- | C] () -- C:\Documents and Settings\Andrew\Start Menu\programs\Calculator.lnk
[2011.05.16 22:44:18 | 000,000,902 | ---- | C] () -- C:\Documents and Settings\Andrew\Start Menu\programs\Google Updater.lnk
[2011.05.16 22:44:18 | 000,000,901 | ---- | C] () -- C:\Documents and Settings\Andrew\Start Menu\programs\My Bluetooth Places.lnk
[2011.05.16 22:44:18 | 000,000,888 | ---- | C] () -- C:\Documents and Settings\Andrew\Start Menu\programs\Microsoft Works Task Launcher.lnk
[2011.05.16 22:44:18 | 000,000,792 | ---- | C] () -- C:\Documents and Settings\Andrew\Start Menu\Programs\FastStone Image Viewer
[2011.05.16 22:44:18 | 000,000,699 | ---- | C] () -- C:\Documents and Settings\Andrew\Start Menu\programs\Airytec Switch Off.lnk
[2011.05.16 22:44:18 | 000,000,695 | ---- | C] () -- C:\Documents and Settings\Andrew\Start Menu\programs\EVEREST Home Edition.lnk
[2011.05.16 22:44:18 | 000,000,688 | ---- | C] () -- C:\Documents and Settings\Andrew\Start Menu\Programs\BitComet
[2011.05.16 22:44:18 | 000,000,682 | ---- | C] () -- C:\Documents and Settings\Andrew\Start Menu\programs\Ad-Aware.lnk
[2011.05.16 22:44:18 | 000,000,676 | ---- | C] () -- C:\Documents and Settings\Andrew\Start Menu\programs\Free Download Manager.lnk
[2011.05.16 22:44:18 | 000,000,662 | ---- | C] () -- C:\Documents and Settings\Andrew\Start Menu\programs\JCreator LE.lnk
[2011.05.15 16:43:54 | 000,018,944 | ---- | C] () -- C:\WINDOWS\System32\dllcache\xrxscnui.dll
[2011.05.15 16:43:48 | 000,027,648 | ---- | C] () -- C:\WINDOWS\System32\dllcache\xrxftplt.exe
[2011.05.15 16:12:49 | 000,165,888 | ---- | C] () -- C:\WINDOWS\System32\dllcache\hpgt53.dll
[2011.05.15 16:12:42 | 000,093,696 | ---- | C] () -- C:\WINDOWS\System32\dllcache\hpgt42.dll
[2011.05.15 16:12:39 | 000,101,376 | ---- | C] () -- C:\WINDOWS\System32\dllcache\hpgt34.dll
[2011.05.15 16:12:32 | 000,089,088 | ---- | C] () -- C:\WINDOWS\System32\dllcache\hpgt33.dll
[2011.05.15 16:12:29 | 000,083,968 | ---- | C] () -- C:\WINDOWS\System32\dllcache\hpgt21.dll
[2011.05.15 16:08:38 | 000,029,768 | ---- | C] () -- C:\WINDOWS\System32\dllcache\divasu.dll
[2011.05.15 16:08:36 | 000,037,962 | ---- | C] () -- C:\WINDOWS\System32\dllcache\divaprop.dll
[2011.05.15 16:08:36 | 000,006,216 | ---- | C] () -- C:\WINDOWS\System32\dllcache\divaci.dll
[2011.05.15 16:05:58 | 000,026,624 | ---- | C] () -- C:\WINDOWS\System32\dllcache\ativxbar.sys
[2011.05.15 16:05:58 | 000,023,552 | ---- | C] () -- C:\WINDOWS\System32\dllcache\atixbar.sys
[2011.05.15 16:05:57 | 000,019,456 | ---- | C] () -- C:\WINDOWS\System32\dllcache\ativttxx.sys
[2011.05.15 16:05:55 | 000,009,472 | ---- | C] () -- C:\WINDOWS\System32\dllcache\ativmdcd.sys
[2011.05.15 16:05:54 | 000,049,920 | ---- | C] () -- C:\WINDOWS\System32\dllcache\atirtcap.sys
[2011.05.15 16:05:54 | 000,026,880 | ---- | C] () -- C:\WINDOWS\System32\dllcache\atirtsnd.sys
[2011.05.15 16:05:54 | 000,017,152 | ---- | C] () -- C:\WINDOWS\System32\dllcache\atitvsnd.sys
[2011.05.15 16:05:54 | 000,017,152 | ---- | C] () -- C:\WINDOWS\System32\dllcache\atitunep.sys
[2011.05.15 16:05:53 | 000,010,240 | ---- | C] () -- C:\WINDOWS\System32\dllcache\atipcxxx.sys
[2011.05.15 16:05:46 | 000,046,464 | ---- | C] () -- C:\WINDOWS\System32\dllcache\atibt829.sys
[2011.05.15 15:09:10 | 000,000,837 | ---- | C] () -- C:\Documents and Settings\Andrew\Application Data\Microsoft\Internet Explorer\Quick Launch\Wordpad.lnk
[2011.05.15 15:03:39 | 000,000,386 | ---- | C] () -- C:\Documents and Settings\Andrew\Application Data\Microsoft\Internet Explorer\Quick Launch\Shortcut to Andrew.lnk
[2011.05.15 15:03:31 | 000,001,159 | ---- | C] () -- C:\Documents and Settings\Andrew\Application Data\Microsoft\Internet Explorer\Quick Launch\Shortcut to Desktop.lnk
[2011.05.15 15:02:20 | 000,000,079 | ---- | C] () -- C:\Documents and Settings\Andrew\Application Data\Microsoft\Internet Explorer\Quick Launch\Show desktop.scf
[2011.05.15 15:00:14 | 000,000,763 | ---- | C] () -- C:\Documents and Settings\Andrew\Application Data\Microsoft\Internet Explorer\Quick Launch\Shortcut to iexplore.lnk
[2011.05.15 02:29:15 | 000,000,716 | ---- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Secunia PSI.lnk
[2011.05.14 18:26:16 | 000,000,336 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\17555236
[2011.05.14 18:15:45 | 000,001,509 | ---- | C] () -- C:\Documents and Settings\Andrew\Application Data\7A72.C20
[2011.04.24 16:51:27 | 000,000,000 | ---- | C] () -- C:\WINDOWS\nsreg.dat
[2011.04.22 16:54:59 | 000,000,064 | ---- | C] () -- C:\WINDOWS\System32\rp_stats.dat
[2011.04.22 16:54:59 | 000,000,044 | ---- | C] () -- C:\WINDOWS\System32\rp_rules.dat
[2011.04.18 19:45:14 | 000,189,216 | ---- | C] () -- C:\Documents and Settings\LocalService\Local Settings\Application Data\FontCache3.0.0.0.dat
[2011.04.13 14:36:03 | 001,498,560 | ---- | C] () -- C:\WINDOWS\System32\igkrng400.bin
[2011.04.06 23:54:38 | 000,354,816 | ---- | C] () -- C:\WINDOWS\System32\psisdecd.dll
[2011.03.28 15:44:19 | 000,000,228 | ---- | C] () -- C:\WINDOWS\KA.INI
[2011.03.22 22:50:03 | 000,000,499 | ---- | C] () -- C:\WINDOWS\eReg.dat
[2011.02.15 17:47:49 | 000,002,664 | ---- | C] () -- C:\WINDOWS\COLORSTA.INI
[2011.02.15 17:30:42 | 000,000,118 | ---- | C] () -- C:\WINDOWS\chmpchss.INI
[2011.01.29 20:31:52 | 000,001,548 | ---- | C] () -- C:\WINDOWS\RRK.INI
[2011.01.29 20:31:52 | 000,000,088 | ---- | C] () -- C:\WINDOWS\TLCAPPS.INI
[2011.01.29 20:27:55 | 000,000,000 | ---- | C] () -- C:\WINDOWS\SETUP32.INI
[2011.01.10 22:45:39 | 000,000,064 | ---- | C] () -- C:\Documents and Settings\Andrew\Application Data\Statdisk.prefs
[2010.01.30 23:11:41 | 000,000,000 | ---- | C] () -- C:\Documents and Settings\Andrew\Local Settings\Application Data\prvlcl.dat
[2010.01.10 16:45:01 | 000,139,264 | ---- | C] () -- C:\WINDOWS\System32\preflib.dll
[2010.01.10 16:45:00 | 000,753,664 | ---- | C] () -- C:\WINDOWS\System32\bcm1xsup.dll
[2010.01.10 16:45:00 | 000,024,064 | ---- | C] () -- C:\WINDOWS\System32\WLTRYSVC.EXE
[2009.07.14 17:28:55 | 000,000,094 | ---- | C] () -- C:\WINDOWS\FABLES.INI
[2009.07.03 15:19:05 | 000,000,118 | ---- | C] () -- C:\WINDOWS\MAGICWRD.INI
[2009.07.03 15:16:55 | 000,000,364 | ---- | C] () -- C:\WINDOWS\CraGra.ini
[2009.04.01 18:20:50 | 000,000,038 | ---- | C] () -- C:\WINDOWS\AviSplitter.INI
[2009.03.17 02:19:40 | 000,000,754 | ---- | C] () -- C:\WINDOWS\WORDPAD.INI
[2009.02.12 19:39:48 | 000,000,046 | ---- | C] () -- C:\WINDOWS\QTW.INI
[2009.02.03 20:53:20 | 000,000,162 | ---- | C] () -- C:\WINDOWS\mrpotato.ini
[2008.11.09 19:46:28 | 000,000,116 | ---- | C] () -- C:\WINDOWS\NeroDigital.ini
[2008.11.08 23:30:44 | 000,001,324 | ---- | C] () -- C:\WINDOWS\System32\d3d9caps.dat
[2008.11.02 20:18:20 | 000,000,056 | ---- | C] () -- C:\WINDOWS\System32\ezsidmv.dat
[2008.10.27 23:01:25 | 000,004,212 | ---- | C] () -- C:\WINDOWS\System32\zllictbl.dat
[2008.10.27 21:29:06 | 000,016,480 | ---- | C] () -- C:\WINDOWS\System32\rixdicon.dll
[2008.10.27 18:13:00 | 000,000,000 | ---- | C] () -- C:\WINDOWS\VPC32.INI
[2008.10.27 01:19:37 | 000,000,129 | ---- | C] () -- C:\Documents and Settings\Andrew\Local Settings\Application Data\fusioncache.dat
[2008.10.27 00:10:01 | 000,356,352 | ---- | C] () -- C:\WINDOWS\System32\AegisI5Installer.exe
[2008.10.26 19:52:28 | 000,000,000 | ---- | C] () -- C:\Documents and Settings\Andrew\Application Data\wklnhst.dat
[2008.10.23 17:04:07 | 000,000,074 | RHS- | C] () -- C:\WINDOWS\CT4CET.bin
[2008.10.22 22:07:12 | 000,047,616 | ---- | C] () -- C:\Documents and Settings\Andrew\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2008.10.22 21:14:57 | 000,004,161 | ---- | C] () -- C:\WINDOWS\ODBCINST.INI
[2008.10.22 21:13:38 | 000,346,608 | ---- | C] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2008.10.22 20:06:09 | 001,174,000 | ---- | C] () -- C:\WINDOWS\System32\igmedkrn.dll
[2008.10.22 20:06:09 | 000,147,456 | ---- | C] () -- C:\WINDOWS\System32\igfxCoIn_v4864.dll
[2008.10.22 20:06:09 | 000,104,636 | ---- | C] () -- C:\WINDOWS\System32\igmedcompkrn.dll
[2008.10.22 19:47:42 | 000,002,048 | --S- | C] () -- C:\WINDOWS\bootstat.dat
[2008.10.22 19:42:33 | 000,021,640 | ---- | C] () -- C:\WINDOWS\System32\emptyregdb.dat
[2008.05.26 20:59:42 | 000,018,904 | ---- | C] () -- C:\WINDOWS\System32\structuredqueryschematrivial.bin
[2008.05.26 20:59:40 | 000,106,605 | ---- | C] () -- C:\WINDOWS\System32\structuredqueryschema.bin
[2008.04.14 03:55:28 | 000,001,804 | ---- | C] () -- C:\WINDOWS\System32\Dcache.bin
[2008.04.14 03:41:56 | 000,755,200 | ---- | C] () -- C:\WINDOWS\System32\ir50_32.dll
[2008.04.14 03:41:56 | 000,338,432 | ---- | C] () -- C:\WINDOWS\System32\ir41_qcx.dll
[2008.04.14 03:41:56 | 000,200,192 | ---- | C] () -- C:\WINDOWS\System32\ir50_qc.dll
[2008.04.14 03:41:56 | 000,183,808 | ---- | C] () -- C:\WINDOWS\System32\ir50_qcx.dll
[2008.04.14 03:41:56 | 000,120,320 | ---- | C] () -- C:\WINDOWS\System32\ir41_qc.dll
[2008.02.04 18:23:10 | 000,693,792 | ---- | C] () -- C:\WINDOWS\System32\OGACheckControl.DLL
[2007.09.27 09:51:02 | 000,020,698 | ---- | C] () -- C:\WINDOWS\System32\idxcntrs.ini
[2007.09.27 09:48:48 | 000,030,628 | ---- | C] () -- C:\WINDOWS\System32\gsrvctr.ini
[2007.09.27 09:48:28 | 000,031,698 | ---- | C] () -- C:\WINDOWS\System32\gthrctr.ini
[2007.05.17 14:52:30 | 002,842,624 | ---- | C] () -- C:\WINDOWS\System32\btwicons.dll
[2007.05.17 14:23:20 | 000,077,824 | ---- | C] () -- C:\WINDOWS\System32\btprn2k.dll
[2006.12.31 05:57:08 | 000,004,569 | ---- | C] () -- C:\WINDOWS\System32\secupd.dat
[2004.12.20 11:08:28 | 000,155,648 | ---- | C] () -- C:\WINDOWS\System32\xvidvfw.dll
[2004.12.20 11:03:26 | 000,679,936 | ---- | C] () -- C:\WINDOWS\System32\xvidcore.dll
[2004.08.04 13:00:00 | 013,107,200 | ---- | C] () -- C:\WINDOWS\System32\oembios.bin
[2004.08.04 13:00:00 | 000,673,088 | ---- | C] () -- C:\WINDOWS\System32\mlang.dat
[2004.08.04 13:00:00 | 000,466,516 | ---- | C] () -- C:\WINDOWS\System32\perfh009.dat
[2004.08.04 13:00:00 | 000,272,128 | ---- | C] () -- C:\WINDOWS\System32\perfi009.dat
[2004.08.04 13:00:00 | 000,218,003 | ---- | C] () -- C:\WINDOWS\System32\dssec.dat
[2004.08.04 13:00:00 | 000,079,878 | ---- | C] () -- C:\WINDOWS\System32\perfc009.dat
[2004.08.04 13:00:00 | 000,046,258 | ---- | C] () -- C:\WINDOWS\System32\mib.bin
[2004.08.04 13:00:00 | 000,028,626 | ---- | C] () -- C:\WINDOWS\System32\perfd009.dat
[2004.08.04 13:00:00 | 000,004,463 | ---- | C] () -- C:\WINDOWS\System32\oembios.dat
[2004.08.04 13:00:00 | 000,000,741 | ---- | C] () -- C:\WINDOWS\System32\noise.dat
[2003.08.07 15:42:30 | 000,006,528 | ---- | C] () -- C:\WINDOWS\System32\drivers\gflmouhid.sys
[2002.10.16 00:54:04 | 000,153,088 | ---- | C] () -- C:\WINDOWS\System32\unrar.dll
[2001.11.14 13:56:00 | 001,802,240 | ---- | C] () -- C:\WINDOWS\System32\lcppn21.dll

========== Alternate Data Streams ==========

@Alternate Data Stream - 142 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:0B4227B4
@Alternate Data Stream - 122 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:C581A570

< End of report >

Here is Extras.Txt

OTL Extras logfile created on: 04.Jun.11 7:51:35 PM - Run 1
OTL by OldTimer - Version 3.2.23.0 Folder = C:\Documents and Settings\Andrew\Desktop
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: dd.MMM.yy

1.99 Gb Total Physical Memory | 0.26 Gb Available Physical Memory | 12.83% Memory free
3.84 Gb Paging File | 2.35 Gb Available in Paging File | 61.32% Paging File free
Paging file location(s): C:\pagefile.sys 2046 4092 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 34.00 Gb Total Space | 12.38 Gb Free Space | 36.42% Space Free | Partition Type: NTFS
Drive D: | 62.00 Gb Total Space | 14.45 Gb Free Space | 23.30% Space Free | Partition Type: NTFS
Drive E: | 52.89 Gb Total Space | 14.92 Gb Free Space | 28.20% Space Free | Partition Type: NTFS
Drive F: | 102.81 Mb Total Space | 0.00 Mb Free Space | 0.00% Space Free | Partition Type: CDFS

Computer Name: HOME-ANDREW-PC1 | User Name: Andrew | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Extra Registry (SafeList) ==========


========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
.url [@ = InternetShortcut] -- rundll32.exe ieframe.dll,OpenURL %l

[HKEY_USERS\S-1-5-21-746137067-1220945662-1801674531-1003\SOFTWARE\Classes\<extension>]
.html [@ = htmlfile] -- Reg Error: Key error. File not found

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
exefile [open] -- "%1" %*
InternetShortcut [open] -- rundll32.exe ieframe.dll,OpenURL %l
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files\VideoLAN VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [Browse with FastStone] -- "C:\Program Files\FastStone Image Viewer\FSViewer.exe" "%1" ()
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files\VideoLAN VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"FirstRunDisabled" = 1
"AntiVirusDisableNotify" = 0
"FirewallDisableNotify" = 0
"UpdatesDisableNotify" = 0
"AntiVirusOverride" = 0
"FirewallOverride" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
"DisableMonitoring" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]
"DisableMonitoring" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]
"DisableMonitoring" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]

========== System Restore Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"DisableSR" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Sr]
"Start" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SrService]
"Start" = 2

========== Firewall Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\List]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1
"DoNotAllowExceptions" = 0
"DisableNotifications" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
"1900:UDP" = 1900:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22007
"2869:TCP" = 2869:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22008
"8873:TCP" = 8873:TCP:*:Enabled:BitComet 8873 TCP
"8873:UDP" = 8873:UDP:*:Enabled:BitComet 8873 UDP
"14319:TCP" = 14319:TCP:*:Enabled:BitComet 14319 TCP
"14319:UDP" = 14319:UDP:*:Enabled:BitComet 14319 UDP
"21691:TCP" = 21691:TCP:*:Enabled:BitComet 21691 TCP
"21691:UDP" = 21691:UDP:*:Enabled:BitComet 21691 UDP

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"C:\Program Files\Free Download Manager\fdm.exe" = C:\Program Files\Free Download Manager\fdm.exe:*:Enabled:Free Download Manager -- (FreeDownloadManager.ORG)
"C:\Program Files\BitComet\BitComet.exe" = C:\Program Files\BitComet\BitComet.exe:*:Enabled:BitComet - a BitTorrent Client -- (www.BitComet.com)
"C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe" = C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe:*:Enabled:Yahoo! Messenger -- (Yahoo! Inc.)
"C:\Program Files\LimeWire\LimeWire.exe" = C:\Program Files\LimeWire\LimeWire.exe:*:Enabled:LimeWire -- (Lime Wire, LLC)
"C:\Program Files\VideoLAN VLC\vlc.exe" = C:\Program Files\VideoLAN VLC\vlc.exe:*:Disabled:VLC media player -- ()
"C:\Program Files\Java\jre6\bin\java.exe" = C:\Program Files\Java\jre6\bin\java.exe:*:Enabled:Java™ Platform SE binary -- (Sun Microsystems, Inc.)
"C:\Program Files\Google\Google Earth\client\googleearth.exe" = C:\Program Files\Google\Google Earth\client\googleearth.exe:*:Enabled:Google Earth -- (Google)
"C:\WINDOWS\system32\usmt\migwiz.exe" = C:\WINDOWS\system32\usmt\migwiz.exe:*:Enabled:Files and Settings Transfer Wizard -- (Microsoft Corporation)
"C:\Documents and Settings\Andrew\Application Data\mjusbsp\magicJack.exe" = C:\Documents and Settings\Andrew\Application Data\mjusbsp\magicJack.exe:*:Enabled:magicJack -- (magicJack L.P.)


========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{07287123-B8AC-41CE-8346-3D777245C35B}" = Bonjour
"{15BC8CD0-A65B-47D0-A2DD-90A824590FA8}" = Microsoft Works
"{18455581-E099-4BA8-BC6B-F34B2F06600C}" = Google Toolbar for Internet Explorer
"{1D5E29AD-39A9-4D0A-A8B6-46A6FCD8C995}" = Live! Cam Avatar v1.0
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{205C6BDD-7B73-42DE-8505-9A093F35A238}" = Windows Live Upload Tool
"{22B775E7-6C42-4FC5-8E10-9A5E3257BD94}" = MSVCRT
"{2318C2B1-4965-11d4-9B18-009027A5CD4F}" = Google Toolbar for Internet Explorer
"{26A24AE4-039D-4CA4-87B4-2F83216024FF}" = Java™ 6 Update 24
"{2BA00471-0328-3743-93BD-FA813353A783}" = Microsoft .NET Framework 3.0 Service Pack 1
"{3175E049-F9A9-4A3D-8F19-AC9FB04514D1}" = Windows Live Communications Platform
"{3248F0A8-6813-11D6-A77B-00B0D0160050}" = Java™ 6 Update 5
"{3248F0A8-6813-11D6-A77B-00B0D0160070}" = Java™ 6 Update 7
"{32A3A4F4-B792-11D6-A78A-00B0D0150040}" = J2SE Development Kit 5.0 Update 4
"{350C97B0-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP
"{35F83303-C0C0-46B7-B8A8-ADA7C2AC5645}" = muvee autoProducer 6.1
"{4160A344-5848-4332-919F-0CB063822AA3}" = Dell Mobile Broadband Card Utility
"{4286E640-B5FB-11DF-AC4B-005056C00008}" = Google Earth
"{42929F0F-CE14-47AF-9FC7-FF297A603021}" = Dell Resource CD
"{45338B07-A236-4270-9A77-EBB4115517B5}" = Windows Live Sign-in Assistant
"{474F25F5-BDC9-40E5-B1B6-F6BF23FC106F}" = Windows Live Essentials
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4D36E953-4456-4F8F-BC44-90BC4AA59889}" = Maxtor Manager
"{55A41219-9B22-4098-BAE7-AE289B3C569A}_is1" = Panda USB Vaccine 1.0.1.4
"{59F6A514-9813-47A3-948C-8A155460CC2A}" = RICOH R5C83x/84x Flash Media Controller Driver Ver.3.51.01
"{5D601655-6D54-4384-B52C-17EC5385FBBD}" = iTunes
"{6412CECE-8172-4BE5-935B-6CECACD2CA87}" = Windows Live Mail
"{65D0C510-D7B6-4438-9FC8-E6B91115AB0D}" = Live! Cam Avatar Creator
"{679F739E-5C76-4A41-B562-F9392156B6DD}" = System Requirements Lab CYRI
"{6956856F-B6B3-4BE0-BA0B-8F495BE32033}" = Apple Software Update
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{77DCDCE3-2DED-62F3-8154-05E745472D07}" = Acrobat.com
"{7D1928D2-26FA-45FA-A4DD-A876D7293818}" = FIFA 08 Demo
"{8355F970-601D-442D-A79B-1D7DB4F24CAD}" = Apple Mobile Device Support
"{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable
"{84814E6B-2581-46EC-926A-823BD1C670F6}" = WIDCOMM Bluetooth Software
"{86CE85E6-DBAC-3FFD-B977-E4B79F83C909}" = Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570
"{8E5233E1-7495-44FB-8DEB-4BE906D59619}" = Junk Mail filter update
"{90120000-0010-0409-0000-0000000FF1CE}" = Microsoft Software Update for Web Folders (English) 12
"{90120000-0015-0409-0000-0000000FF1CE}" = Microsoft Office Access MUI (English) 2007
"{90120000-0016-0409-0000-0000000FF1CE}" = Microsoft Office Excel MUI (English) 2007
"{90120000-0018-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (English) 2007
"{90120000-0019-0409-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (English) 2007
"{90120000-001A-0409-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (English) 2007
"{90120000-001B-0409-0000-0000000FF1CE}" = Microsoft Office Word MUI (English) 2007
"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
"{90120000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2007
"{90120000-0020-0409-0000-0000000FF1CE}" = Compatibility Pack for the 2007 Office system
"{90120000-002C-0409-0000-0000000FF1CE}" = Microsoft Office Proofing (English) 2007
"{90120000-0030-0000-0000-0000000FF1CE}" = Microsoft Office Enterprise 2007
"{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{0B36C6D6-F5D8-4EAF-BF94-4376A230AD5B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{3D019598-7B59-447A-80AE-815B703B84FF}" = Security Update for Microsoft Office system 2007 (972581)
"{90120000-0044-0409-0000-0000000FF1CE}" = Microsoft Office InfoPath MUI (English) 2007
"{90120000-006E-0409-0000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 2007
"{90120000-00A1-0409-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (English) 2007
"{90120000-00BA-0409-0000-0000000FF1CE}" = Microsoft Office Groove MUI (English) 2007
"{90120000-0114-0409-0000-0000000FF1CE}" = Microsoft Office Groove Setup Metadata MUI (English) 2007
"{90120000-0115-0409-0000-0000000FF1CE}" = Microsoft Office Shared Setup Metadata MUI (English) 2007
"{90120000-0117-0409-0000-0000000FF1CE}" = Microsoft Office Access Setup Metadata MUI (English) 2007
"{95120000-00AF-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint Viewer 2007 (English)
"{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting
"{98613C99-1399-416C-A07C-1EE1C585D872}" = SeaTools for Windows
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9F72EF8B-AEC9-4CA5-B483-143980AFD6FD}" = Dell Touchpad
"{A040AC77-C1AA-4CC9-8931-9F648AF178F6}" = VC 9.0 Runtime
"{a0fe116e-9a8a-466f-aee0-625cb7c207e3}" = Microsoft Visual C++ 2005 Redistributable - KB2467175
"{A1F66FC9-11EE-4F2F-98C9-16F8D1E69FB7}" = Segoe UI
"{A462213D-EED4-42C2-9A60-7BDD4D4B0B17}" = SigmaTel Audio
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{AC76BA86-1033-AF00-BA7E-100000000002}" = Adobe Acrobat 7.0 Standard - Arabic, English, Français
"{AC76BA86-7AD7-1033-7B44-A94000000001}" = Adobe Reader 9.4.4
"{AFF7E080-1974-45BF-9310-10DE1A1F5ED0}" = Adobe AIR
"{B4092C6D-E886-4CB2-BA68-FE5A88D31DE6}_is1" = Spybot - Search & Destroy
"{B57EAFF2-D6EE-4C6C-9175-ED9F17BFC1BC}" = Windows Live Messenger
"{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}" = Microsoft .NET Framework 2.0 Service Pack 2
"{C5074CC4-0E26-4716-A307-960272A90040}" = QuickSet
"{C78EAC6F-7A73-452E-8134-DBB2165C5A68}" = QuickTime
"{C950420B-4182-49EA-850A-A6A2ABF06C6B}" = Marvell Miniport Driver
"{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1
"{CD41B576-4787-4D5C-95EE-24A4ABD89CD3}" = System Requirements Lab for Intel
"{CDDCBBF1-2703-46BC-938B-BCC81A1EEAAA}" = SUPERAntiSpyware
"{D02EDDE7-B5C5-40A2-AF57-73A3278F4EEB}" = ESET NOD32 Antivirus
"{E6158D07-2637-4ECF-B576-37C489669174}" = Windows Live Call
"{E633D396-5188-4E9D-8F6B-BFB8BF3467E8}" = Skype™ 5.0
"{EA426461-31AA-4AB3-B15D-EDD748F08394}_is1" = Moyea YouTube FLV Downloader version: 3.1.2.9
"{F0E12BBA-AD66-4022-A453-A1C8A0C4D570}" = Microsoft Choice Guard
"{F333A33D-125C-32A2-8DCE-5C5D14231E27}" = Visual C++ 2008 x86 Runtime - (v9.0.30729)
"{F333A33D-125C-32A2-8DCE-5C5D14231E27}.vc_x86runtime_30729_01" = Visual C++ 2008 x86 Runtime - v9.0.30729.01
"AC3Filter" = AC3Filter (remove only)
"Adobe Acrobat 7.0 Standard - Arabic, English, Français - V" = Adobe Acrobat 7.0 Standard - Arabic, English, Français
"Adobe AIR" = Adobe AIR
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"Adobe Shockwave Player" = Adobe Shockwave Player 11.5
"Advanced Audio FX Engine" = Advanced Audio FX Engine
"Advanced PDF Repair v2.0" = Advanced PDF Repair v2.0
"Advanced Video FX Engine" = Advanced Video FX Engine
"afreeCodecVT_1.1.51" = afreeCodecVT 1.1.52
"AI RoboForm" = AI RoboForm (All Users)
"Airytec Switch Off" = Airytec Switch Off
"AVIcodec" = AVIcodec (remove only)
"BitComet" = BitComet 1.25
"Broadcom 802.11b Network Adapter" = Dell Wireless WLAN Card
"CNXT_MODEM_HDAUDIO_VEN_14F1&DEV_2C06&SUBSYS_14F1000F" = Conexant HDA D330 MDC V.92 Modem
"com.adobe.mauby.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1" = Acrobat.com
"Creative OEM002" = Laptop Integrated Webcam Driver (1.03.02.0719)
"Dell Webcam Center" = Dell Webcam Center
"Dell Webcam Manager" = Dell Webcam Manager
"DX-Ball 1.09" = DX-Ball 1.09
"ENTERPRISE" = Microsoft Office Enterprise 2007
"EVEREST Home Edition_is1" = EVEREST Home Edition v2.20
"FastStone Image Viewer" = FastStone Image Viewer 4.0
"filehippo.com" = filehippo.com Update Checker
"Free Download Manager_is1" = Free Download Manager 3.0
"Google Updater" = Google Updater
"HDMI" = Intel® Graphics Media Accelerator Driver
"HijackThis" = HijackThis 2.0.2
"IDNMitigationAPIs" = Microsoft Internationalized Domain Names Mitigation APIs
"ie7" = Windows Internet Explorer 7
"ie8" = Windows Internet Explorer 8
"InstallShield_{4D36E953-4456-4F8F-BC44-90BC4AA59889}" = Maxtor Manager
"JCreator LE_is1" = JCreator LE 3.50
"JDiskReport 1.3.1" = JGoodies JDiskReport 1.3.1
"KC Softwares VideoInspector_is1" = KC Softwares VideoInspector
"KG_1.0" = Coup de Pouce Maternelle 3 v1.0
"Lapin Malin Maternelle 3 ADAPT" = Lapin Malin Maternelle 3 ADAPT
"LimeWire" = LimeWire 5.5.10
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware
"Microsoft .NET Framework 1.1 (1033)" = Microsoft .NET Framework 1.1
"Mozilla Firefox (3.6.17)" = Mozilla Firefox (3.6.17)
"Mr. Potato Head's Activity Pack" = Mr. Potato Head Uninstaller
"MSCompPackV1" = Microsoft Compression Client Pack 1.0 for Windows XP
"MSNINST" = MSN
"myibay eBay bid sniper_is1" = Myibay Auction bid sniper for eBay 1.0.43
"NeroMultiInstaller!UninstallKey" = Nero Suite
"Network Play System (Patching)" = Network Play System (Patching)
"NLSDownlevelMapping" = Microsoft National Language Support Downlevel APIs
"RAR Repair Tool_is1" = RAR Repair Tool v.4.0
"RealAlt_is1" = Real Alternative 1.9.0
"RealMedia" = RealMedia (remove only)
"Recovery Toolbox for RAR_is1" = Recovery Toolbox for RAR 1.1
"Secunia PSI" = Secunia PSI (2.0.0.3003)
"SubtitleWorkshop" = Subtitle Workshop 2.51
"The KMPlayer" = The KMPlayer (remove only)
"The Sims" = The Sims
"Unlocker" = Unlocker 1.8.7
"VLC media player" = VLC media player 1.1.9
"VobSub" = VobSub v2.23 (Remove Only)
"Wdf01005" = Microsoft Kernel-Mode Driver Framework Feature Pack 1.5
"Windows Media Format Runtime" = Windows Media Format 11 runtime
"Windows Media Player" = Windows Media Player 11
"WinLiveSuite_Wave3" = Windows Live Essentials
"WinRAR archiver" = WinRAR archiver
"WMFDist11" = Windows Media Format 11 runtime
"wmp11" = Windows Media Player 11
"Wudf01000" = Microsoft User-Mode Driver Framework Feature Pack 1.0
"XpsEPSC" = XML Paper Specification Shared Components Pack 1.0
"XviD_is1" = XviD MPEG-4 Video Codec
"Yahoo! Messenger" = Yahoo! Messenger

========== HKEY_USERS Uninstall List ==========

[HKEY_USERS\S-1-5-21-746137067-1220945662-1801674531-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"309a46b1dc89b774" = Dell Driver Download Manager
"CNET TechTracker" = CNET TechTracker
"Competition Arena" = Competition Arena
"f031ef6ac137efc5" = Dell Driver Download Manager - 1
"IMVU Avatar chat client software BETA" = IMVU Avatar Chat Software
"magicJack" = magicJack

========== Last 10 Event Log Errors ==========

Error reading Event Logs: The Event Service is not operating properly or the Event Logs are corrupt!

< End of report >

#15 SweetTech

SweetTech

    Agent ST


  • Members
  • 13,421 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Antarctica
  • Local time:08:39 AM

Posted 04 June 2011 - 01:08 PM

Hi Andrew_97,

Sorry for not replying earlier. I was a little busy the past 2 days. Thanks again for your assistance.

No worries!

OTL Fix

We need to run an OTL Fix
  • Please reopen Posted Image on your desktop.
  • Copy and Paste the following code into the Posted Image textbox.
    :Services
    :OTL
    O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - No CLSID value found.
    O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found.
    O2 - BHO: (no name) - {AE7CD045-E861-484f-8273-0445EE161910} - No CLSID value found.
    O3 - HKU\S-1-5-21-746137067-1220945662-1801674531-1003\..\Toolbar\WebBrowser: (no name) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - No CLSID value found.
    O9 - Extra Button: Run IMVU - {d9288080-1baa-4bc4-9cf8-a92d743db949} - Reg Error: Value error. File not found
    O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab (Java Plug-in 1.6.0_24)
    O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} http://fpdownload.macromedia.com/get/flashplayer/current/polarbear/ultrashim.cab (Reg Error: Key error.)
    O16 - DPF: {CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_05-windows-i586.cab (Reg Error: Key error.)
    O16 - DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab (Java Plug-in 1.6.0_07)
    O16 - DPF: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab (Java Plug-in 1.6.0_24)
    O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab (Java Plug-in 1.6.0_24)
    [2011.05.14 18:26:16 | 000,000,336 | ---- | M] () -- C:\Documents and Settings\All Users\Application Data\17555236
    [2011.05.14 18:16:44 | 000,001,509 | ---- | M] () -- C:\Documents and Settings\Andrew\Application Data\7A72.C20
    @Alternate Data Stream - 142 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:0B4227B4
    @Alternate Data Stream - 122 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:C581A570
    
    :Reg
    
    :Files
    ipconfig /flushdns /c
    :Commands
    [purity]
    [resethosts]
    [CreateRestorePoint]
    
  • Push Posted Image
  • OTL may ask to reboot the machine. Please do so if asked.
  • Click the OK button.
  • A report will open. Copy and Paste that report in your next reply.
  • If the machine reboots, the log will be located at C:\_OTL\MovedFiles\mmddyyyy_hhmmss.log, where mmddyyyy_hhmmss is the date of the tool run.


NEXT:



Delete the current copy of ComboFix that is on your desktop, and download a new copy from one of the links below:

Running ComboFix
Download ComboFix from one of the following locations:
Link 1
Link 2

VERY IMPORTANT !!! Save ComboFix.exe to your Desktop
  • IMPORTANT - Disable your Anti-Virus and Anti-Spyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools. If you have difficulty properly disabling your protective programs, refer to this link here

    Note: If AVG or CA Internet Security Suite is installed, you must remove these programs before using Combofix. If for some reason these applications will not uninstall, try uninstalling with AppRemover by Opswat.
  • Double click on ComboFix.exe & follow the prompts.
As part of it's process, ComboFix will check to see if the Microsoft Windows Recovery Console is installed. With malware infections being as they are today, it's strongly recommended to have this pre-installed on your machine before doing any malware removal. It will allow you to boot up into a special recovery/repair mode that will allow us to more easily help you should your computer have a problem after an attempted removal of malware.

  • Follow the prompts to allow ComboFix to download and install the Microsoft Windows Recovery Console, and when prompted, agree to the End-User License Agreement to install the Microsoft Windows Recovery Console.
**Please note: If the Microsoft Windows Recovery Console is already installed, ComboFix will continue it's malware removal procedures.

Posted Image

  • Once the Microsoft Windows Recovery Console is installed using ComboFix, you should see the following message:

Posted Image

  • Click on Yes, to continue scanning for malware.
When finished, it shall produce a log for you. Please include the C:\ComboFix.txt in your next reply.
Notes:
1. Do not mouse-click Combofix's window while it is running. That may cause it to stall.
2. Do not "re-run" Combofix. If you have a problem, reply back for further instructions.

Please make sure you include the ComboFix log in your next reply as well as describe how your computer is running now

Have I helped you? If you'd like to assist in the fight against malware, click here Posted Image


The instructions seen in this post have been specifically tailored to this user and the issues they are experiencing with their computer. If you think you have a similar problem, please first read this topic, and then begin your own, new thread. I do not offer private support via Private Message.





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users