Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Fake Security Alert


  • This topic is locked This topic is locked
32 replies to this topic

#1 kmeechan

kmeechan

  • Members
  • 54 posts
  • OFFLINE
  •  
  • Local time:06:11 AM

Posted 01 June 2011 - 02:42 AM

Thank you so much for all your information and assistance! I have apparently solved the immediate problem and symptoms although my PC remains slower than before with a few remaining problems but I would appreciate a review of what I have done and any further suggestions to make sure I am "clean" and if possible returned to normal operation. I came across your site after already running various scans and removing many instances of malware (some probably had been there for a while)so I have not followed your normal procedures but hopefully I haven't made things worse. I am a DIY guy interested in learning more about PC operation and maintenance and appreciate the help and knowledge shared. Below is a lengthy description and logs from the scans I have already done, sorry for the lenght but there are some complications and many questions. I'll add the DDS and GMER files at the bottom as requested.

Before getting into the details can you also address these general questions if time allows?
1. Was it a mistake/is it a mistake in general to use system restore to stop a Fake Alert type infection from interfering with my PC and then attempt to find and remove it later when it is no longer trying to disable my antivirus protection?
2. Once I am deemed "clean" would it make sense to do a restore to the last day when it seemed to be functioning normally (5/18, before I did the restore to the 12th that messed it up for the 2nd time)or is this asking for more trouble? Presumably if system restore is working normally again (it was disabled for a while by malware) I could undo the restore point if needed.
3. Once I have removed malware and a PC appears to be clean and "normal" is it advisable to disable system restore temporarily and then run final scans to see if anything else pops up? (and if so in normal or safe mode?)Or is it dangerous to eliminate your restore points by doing this in case they are needed later?
4. My ADD/DELETE PROGRAMS (control panel)is no longer functioning normally, some programs I deleted prior to doing a system restore are still listed but now cannot be removed, when clicking "remove" an error occurs. Ccleaner keeps finding registry errors related to these "removed" programs. Is this something you can help with either as part of this post or should I address this elsewhere under a different topic?
5. TASK MANAGER PROCESSES: Numerous websites want to sell me process analyzers and warn me that 2 of my 8 svchost processes running appear suspect, also up to 4 iexplore processes are running together (but not when IE is closed), should I be concerned with processes or is this problem exaggerated? It seems malware will name itself after a legitimate process and I don’t see how to read the complete location path from the Task Manager.
6. I also run Ccleaner cleanup and registry cleaner weekly yet other online registry cleaning tools claim to find over 1000 registry errors (I have to buy the product to see and fix the errors), is this a concern or an exaggeration?



DETAILS:

HISTORY: On May 13th I unknowingly downloaded one of the fake security alert Trojan programs, presumably from an unsafe website (my bad), it started doing it’s fake scan. Unfortunately I didn’t think to write down the name. I temporarily stopped it and because I was short on time I did a system restore to the last restore point instead of taking the time to scan for malware; I’m guessing this was maybe a mistake? I have a subscription and real time protection running from McAfee antivirus/firewall and Webroot Spysweeper. (I notice when looking at the McAfee logs that later that day there were a couple of “incoming events” from outside IP addresses, presumably the firewall stopped them. These may be unrelated, as there seems to be an ongoing pattern of occasional incoming attempts). Also, at the time of the Fake Alert infection a program called gax.exe attempted an outbound connection, which was blocked by the McAfee firewall. I have checked the location path for this file and it is no longer there and a Windows Explorer search fails to find it anywhere, may have been subsequently removed by a scan. I believe Spysweeper possibly blocked something at that time as well but its log doesn’t go back that far for some reason. That same day I did a McAfee quick scan followed by a full scan, nothing found. MBAM also found nothing. Also ran a full scan with Windows Malicious Software Removal Tool, nothing found. However McAfee was having it’s real time protection turned off, if I turned it back on it turned off again in a few seconds. I repaired McAfee with their Virtual Technician tool and everything seemed Ok.

May 15th serious problems begin: McAfee becomes totally disabled, Windows Security Center warning of disabled virus protection, then the FAKE security warning bubbles start appearing in the system tray at the bottom. Something called kws.exe attempts an outbound connection and is blocked by firewall (before McAfee went dead). I also followed this location path and it’s not there any longer and a file search doesn’t find it. FYI I believe that while McAfee virus protection was disabled the firewall remained functional (although no way to know for sure as neither McAfee nor it’s virtual technician would open). I say this because other programs were unable to update themselves and McAfee remote technicians were unable to establish a connection.

STATS: XP Home SP 3, IE 8/MSN Explorer 10, Pentium 4 2.66, 1.5 GB RAM

SYMPTOMS:
· MCaFEE real time protection disabled
· Various web pages and tabs/links wouldn’t work
· System Restore wouldn’t open (not in safe mode either, nor from a command prompt)
· Windows Updates wouldn’t work
· SAS would become locked by system a couple of times and I had to reboot, this resulted in some log files being lost
· Unable to print from web pages
· FYI I would have contacted you sooner but your user registration page wouldn’t work because the security anti-spam image at the bottom was missing. I wasn’t smart enough to try a different browser

PHASE ONE: Over the next 3 days I slowly got the PC running presumably normal again by running various scans, sometimes in safe mode and downloading a few more programs to try to clean out as much as I could find. I apologize for doing this haphazardly, I hadn’t found you right away and when I did I was unable to set up the new user acct. as I mentioned. FYI the real time scanning is now off for SAS, MSSE and Avast to avoid conflicts. Here is a synopsis of what was found by what:

MCAFEE: never found anything

SPYSWEEPER: I believe nothing found but the logs are missing or cleared. At some point it “blocked”? The following: null0.4850269398030337.exe service key shared access (?)

MS MALICIOUS SOFTWARE REMOVAL TOOL: nothing found

MBAM: (free version)
Malwarebytes' Anti-Malware 1.50.1.1100
www.malwarebytes.org

Database version: 6585

Windows 5.1.2600 Service Pack 3
Internet Explorer 8.0.6001.18702

5/15/2011 10:19:31 AM
mbam-log-2011-05-15 (10-19-31).txt

Scan type: Quick scan
Objects scanned: 169186
Time elapsed: 14 minute(s), 49 second(s)

Memory Processes Infected: 1
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 3
Folders Infected: 0
Files Infected: 2

Memory Processes Infected:
c:\documents and settings\amy meechan\local settings\application data\kws.exe (Trojan.FakeAlert.Gen) -> 3452 -> Unloaded process successfully.

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\UpdatesDisableNotify (PUM.Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\AntiVirusDisableNotify (PUM.Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\FirewallDisableNotify (PUM.Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.

Folders Infected:
(No malicious items detected)

Files Infected:
c:\documents and settings\amy meechan\local settings\application data\kws.exe (Trojan.FakeAlert.Gen) -> Delete on reboot.
c:\documents and settings\amy meechan\local settings\Temp\jar_cache2141175938841779804.tmp (Trojan.FakeAlert.Gen) -> Quarantined and deleted successfully.

Malwarebytes' Anti-Malware 1.50.1.1100
www.malwarebytes.org

Database version: 6593

Windows 5.1.2600 Service Pack 3
Internet Explorer 8.0.6001.18702

5/16/2011 3:07:03 PM
mbam-log-2011-05-16 (15-07-03).txt

Scan type: Quick scan
Objects scanned: 183517
Time elapsed: 23 minute(s), 53 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 1

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
c:\documents and settings\administrator.dell\Desktop\uSeRiNiT.exe (Heuristics.Reserved.Word.Exploit) -> Quarantined and deleted successfully.



MICROSOFT SECURITY ESSENTIALS: This log history is missing, there was a problem with the application at some point but here is what was found initially and removed: (this may have been a Safe Mode scan, don’t remember)

1. Program: Win32/PowerRegScheduler (path: C:\WINDOWS\pss\PowerRegSchedulerV3.exeStartup)
2. Trojan downloader: Java/OpenConnection.LZ
3. AdWare: Win32/ABetterInternet.C
4. Trojan Downloader: Java/Open Stream.AH

AVAST: free version nothing found including a boot scan

SAS free version: run from a USB flash drive in normal and safe mode: These logs are also missing, I believe it found 2-3 malware files initially as well and deleted them successfully.

*************

PHASE TWO: By May 18 after all the above scans the PC seemed normal although a tad slow and I decided to do a final step and do a system restore to the 12th (before the problems began). BIG MISTAKE! PC back to totally messed up again, no McAfee, browser malfunctioning, etc. Since then I have done more scans and it has slowly returned to normal again (McAfee running normally) but slower now, very slow boot up, occasional problems with search/windows explorer having a problem (runtime error, needs to close), once it ran low on virtual memory even when doing almost nothing (only 2 web pages running). ALSO: Prior to doing the system restore on the 18th and ruining all my hard work I uninstalled about 8 old programs from add/delete programs, now some of them are still there in the list as well as the program list and add/delete programs will no longer work!

PHASE TWO SCANS: (not necessarily in order)

MCAFEE, SPYSWEEPER, MS MALICIOUS TOOL, MBAM: nothing found, including safe mode scans

MSSE: there seems to be no way to export log files or copy/paste the text, the file path is too long to type but here is what was found, seems to be related to a website I visited called PCMichiana YouTube virus removal video, I downloaded a zipfile with some free malware tools:
Trojan: Win32/Agent.gen!D was found in 1 location on the 21st and in 2 locations on the 25th, all successfully deleted

SAS: the logs are missing but these were found and deleted in safe mode:

(16 instances) Trojan.Agent/Gen-Iexplorer (Fake)
(1) Trojan.Agent/Gen.Nullo (Short)
(16) Trojan.Agent/Gen-PEC

NORMAN MALWARE CLEANER (saw you mention this tool on your site):
Norman Malware Cleaner v2.00.05
Copyright © 1990 - 2011, Norman ASA.

Norman Scanner Engine Version: 6.07.07
nvcbin.def: Version: 6.07.00, Date: 2011/05/20 05:23:32, Variants: 12017694
nvcmacro.def: Version: 6.07.00, Date: 2011/02/01 06:21:31, Variants: 20465

Operating System: Windows XP Service Pack 3

Switches: /iagree /nounpack /cleanrootkit /nomt

Scan started: 2011/05/20 13:56:46

Running pre-scan cleanup routine...

Scanning time: 0s

Scanning system for active rootkit activity...

Scanning time: 0s

Scanning running processes and process memory...

Number of objects found: 2002
Number of objects scanned: 2002
Number of objects not scanned: 0
Number of malicious memory objects found: 0
Scanning time: 1m 57s

Running full scan...
C:\Documents and Settings\All Users\Application Data\Microsoft\Microsoft Antimalware\IMpServiceEDB4FA23-53B8-4AFA-8C5D-99752CCA7094.lock: Error opening file for read: 0x00000020
C:\Documents and Settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Scans\History\CacheManager\MpScanCache-0.bin: Error opening file for read: 0x00000020
C:\Documents and Settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Scans\MpDiag.bin: Error opening file for read: 0x00000020
C:\Documents and Settings\Amy Meechan\Local Settings\Application Data\Microsoft\Internet Explorer\Recovery\Active\RecoveryStore.{6422C2BF-831C-11E0-A68D-000D566A6D37}.dat: Error opening file for read: 0x00000020
C:\Documents and Settings\Amy Meechan\Local Settings\Application Data\Microsoft\Internet Explorer\Recovery\Active\{555B8E8E-831D-11E0-A68D-000D566A6D37}.dat: Error opening file for read: 0x00000020
C:\Documents and Settings\Amy Meechan\Local Settings\Application Data\Microsoft\Internet Explorer\Recovery\Active\{6422C2C0-831C-11E0-A68D-000D566A6D37}.dat: Error opening file for read: 0x00000020
C:\Documents and Settings\Amy Meechan\Local Settings\Application Data\Microsoft\Internet Explorer\Recovery\Active\{811BF672-831C-11E0-A68D-000D566A6D37}.dat: Error opening file for read: 0x00000020
C:\Documents and Settings\Amy Meechan\Local Settings\Application Data\Microsoft\Internet Explorer\Recovery\Active\{811BF674-831C-11E0-A68D-000D566A6D37}.dat: Error opening file for read: 0x00000020
C:\Documents and Settings\Amy Meechan\Local Settings\Application Data\Microsoft\Search Enhancement Pack\Search Box Extension\searchhs.dat: Error opening file for read: 0x00000020
C:\Documents and Settings\Amy Meechan\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat: Error opening file for read: 0x00000020
C:\Documents and Settings\Amy Meechan\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG: Error opening file for read: 0x00000020
C:\Documents and Settings\Amy Meechan\Local Settings\Application Data\Microsoft\Windows Live Contacts\{44492cf6-9f6f-49b6-9260-3f682fd347aa}\DBStore\contacts.edb: Error opening file for read: 0x00000020
C:\Documents and Settings\Amy Meechan\Local Settings\Application Data\Microsoft\Windows Live Contacts\{44492cf6-9f6f-49b6-9260-3f682fd347aa}\DBStore\LogFiles\edb.log: Error opening file for read: 0x00000020
C:\Documents and Settings\Amy Meechan\Local Settings\Application Data\Microsoft\Windows Live Contacts\{44492cf6-9f6f-49b6-9260-3f682fd347aa}\DBStore\LogFiles\edbtmp.log: Error opening file for read: 0x00000020
C:\Documents and Settings\Amy Meechan\Local Settings\Application Data\Microsoft\Windows Live Contacts\{44492cf6-9f6f-49b6-9260-3f682fd347aa}\DBStore\tempedb.edb: Error opening file for read: 0x00000020
C:\Documents and Settings\Amy Meechan\Local Settings\Temp\~DF2461.tmp: Error opening file for read: 0x00000020
C:\Documents and Settings\Amy Meechan\Local Settings\Temp\~DF28E3.tmp: Error opening file for read: 0x00000020
C:\Documents and Settings\Amy Meechan\Local Settings\Temp\~DF2974.tmp: Error opening file for read: 0x00000020
C:\Documents and Settings\Amy Meechan\Local Settings\Temp\~DF2B1F.tmp: Error opening file for read: 0x00000020
C:\Documents and Settings\Amy Meechan\Local Settings\Temp\~DF2BB0.tmp: Error opening file for read: 0x00000020
C:\Documents and Settings\Amy Meechan\Local Settings\Temp\~DF2F33.tmp: Error opening file for read: 0x00000020
C:\Documents and Settings\Amy Meechan\Local Settings\Temp\~DF3036.tmp: Error opening file for read: 0x00000020
C:\Documents and Settings\Amy Meechan\Local Settings\Temp\~DF57B0.tmp: Error opening file for read: 0x00000020
C:\Documents and Settings\Amy Meechan\Local Settings\Temp\~DF5F4B.tmp: Error opening file for read: 0x00000020
C:\Documents and Settings\Amy Meechan\Local Settings\Temp\~DFB7E2.tmp: Error opening file for read: 0x00000020
C:\Documents and Settings\Amy Meechan\Local Settings\Temp\~DFC5D0.tmp: Error opening file for read: 0x00000020
C:\Documents and Settings\Amy Meechan\ntuser.dat: Error opening file for read: 0x00000020
C:\Documents and Settings\Amy Meechan\ntuser.dat.LOG: Error opening file for read: 0x00000020
C:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat: Error opening file for read: 0x00000020
C:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG: Error opening file for read: 0x00000020
C:\Documents and Settings\LocalService\NTUSER.DAT: Error opening file for read: 0x00000020
C:\Documents and Settings\LocalService\ntuser.dat.LOG: Error opening file for read: 0x00000020
C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat: Error opening file for read: 0x00000020
C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG: Error opening file for read: 0x00000020
C:\Documents and Settings\NetworkService\NTUSER.DAT: Error opening file for read: 0x00000020
C:\Documents and Settings\NetworkService\ntuser.dat.LOG: Error opening file for read: 0x00000020
C:\Program Files\Webroot\Spy Sweeper\Data\settings.dat: Error opening file for read: 0x00000005
C:\Program Files\Webroot\Spy Sweeper\Masters\masters.bak: Error opening file for read: 0x00000005
C:\Program Files\Webroot\Spy Sweeper\Masters\Masters.const: Error opening file for read: 0x00000005
C:\Program Files\Webroot\Spy Sweeper\Masters\masters.mst: Error opening file for read: 0x00000005
C:\Program Files\Webroot\Spy Sweeper\Masters\other.dat: Error opening file for read: 0x00000005
C:\Program Files\Webroot\Spy Sweeper\Masters.base: Error opening file for read: 0x00000005
C:\Program Files\Webroot\Spy Sweeper\wrstemp\SSMS0734AF9E-890D-408F-8A7E-AA0D3771CAF7.tmp: Error opening file for read: 0x00000020
C:\Program Files\Webroot\Spy Sweeper\wrstemp\SSMS08CBC615-17D4-4E92-A467-A0960E0B538F.tmp: Error opening file for read: 0x00000020
C:\Program Files\Webroot\Spy Sweeper\wrstemp\SSMS0B923D88-B08B-405C-8890-46D976846240.tmp: Error opening file for read: 0x00000020
C:\Program Files\Webroot\Spy Sweeper\wrstemp\SSMS0C133EFA-BA8E-460E-844F-A6B29D8FC12B.tmp: Error opening file for read: 0x00000020
C:\Program Files\Webroot\Spy Sweeper\wrstemp\SSMS0D72C03E-4F8B-4442-BFD9-DD643A2C6554.tmp: Error opening file for read: 0x00000020
C:\Program Files\Webroot\Spy Sweeper\wrstemp\SSMS13BD5C51-D5BB-4AAB-9472-A053F45F0389.tmp: Error opening file for read: 0x00000020
C:\Program Files\Webroot\Spy Sweeper\wrstemp\SSMS14275942-50D9-4040-B6E6-D2D8D65FBA0F.tmp: Error opening file for read: 0x00000020
C:\Program Files\Webroot\Spy Sweeper\wrstemp\SSMS152497B5-50A7-4210-8232-7243E5CE6486.tmp: Error opening file for read: 0x00000020
C:\Program Files\Webroot\Spy Sweeper\wrstemp\SSMS171699A4-2FF2-45C6-B2E3-9B35581666CE.tmp: Error opening file for read: 0x00000020
C:\Program Files\Webroot\Spy Sweeper\wrstemp\SSMS18F59C4E-A95E-46F9-B7E4-42FF8C2E07BD.tmp: Error opening file for read: 0x00000020
C:\Program Files\Webroot\Spy Sweeper\wrstemp\SSMS1C2F2953-60B3-499C-996C-219BDEF6AA0B.tmp: Error opening file for read: 0x00000020
C:\Program Files\Webroot\Spy Sweeper\wrstemp\SSMS1E8FD470-4537-49E9-894A-73495FA9DEA6.tmp: Error opening file for read: 0x00000020
C:\Program Files\Webroot\Spy Sweeper\wrstemp\SSMS2001795F-D077-4DB5-ACE9-26514BB5D86B.tmp: Error opening file for read: 0x00000020
C:\Program Files\Webroot\Spy Sweeper\wrstemp\SSMS23E5D7D3-3D7E-4389-A1E8-12FF3A219ED6.tmp: Error opening file for read: 0x00000020
C:\Program Files\Webroot\Spy Sweeper\wrstemp\SSMS244369B7-2676-4FF6-9D83-168D19A84226.tmp: Error opening file for read: 0x00000020
C:\Program Files\Webroot\Spy Sweeper\wrstemp\SSMS272CDD00-3F05-4C51-A7DD-7A2937D3F4A5.tmp: Error opening file for read: 0x00000020
C:\Program Files\Webroot\Spy Sweeper\wrstemp\SSMS2A334057-643E-41CC-985E-60CC05C1950D.tmp: Error opening file for read: 0x00000020
C:\Program Files\Webroot\Spy Sweeper\wrstemp\SSMS2BAD30CD-5995-4598-B25E-105D73F24F61.tmp: Error opening file for read: 0x00000020
C:\Program Files\Webroot\Spy Sweeper\wrstemp\SSMS2EE42C76-785C-447F-B26A-89419024EE9A.tmp: Error opening file for read: 0x00000020
C:\Program Files\Webroot\Spy Sweeper\wrstemp\SSMS303674BB-0F4F-4A0F-A6D5-2D8E3A5FA9B7.tmp: Error opening file for read: 0x00000020
C:\Program Files\Webroot\Spy Sweeper\wrstemp\SSMS310DFED2-05DD-4A57-BB02-40DB0C26C6F0.tmp: Error opening file for read: 0x00000020
C:\Program Files\Webroot\Spy Sweeper\wrstemp\SSMS3184CDF5-5193-4220-9943-8F1876B7EC64.tmp: Error opening file for read: 0x00000020
C:\Program Files\Webroot\Spy Sweeper\wrstemp\SSMS3661BCDD-E92D-4DFC-AEB1-67AC5F604444.tmp: Error opening file for read: 0x00000020
C:\Program Files\Webroot\Spy Sweeper\wrstemp\SSMS3761665C-39F1-4280-BD35-4515725025C9.tmp: Error opening file for read: 0x00000020
C:\Program Files\Webroot\Spy Sweeper\wrstemp\SSMS3AE76613-AA95-4849-8EC0-3AD75074EB8D.tmp: Error opening file for read: 0x00000020
C:\Program Files\Webroot\Spy Sweeper\wrstemp\SSMS420FAB1F-5983-4493-ACE5-F8FD0EECD6E3.tmp: Error opening file for read: 0x00000020
C:\Program Files\Webroot\Spy Sweeper\wrstemp\SSMS44FF15F8-2935-4C8F-A6D8-3D6B7A3F47C7.tmp: Error opening file for read: 0x00000020
C:\Program Files\Webroot\Spy Sweeper\wrstemp\SSMS4745CD5A-595C-494F-8F89-26F714881371.tmp: Error opening file for read: 0x00000020
C:\Program Files\Webroot\Spy Sweeper\wrstemp\SSMS48A10A95-8DB4-47F4-8DB4-05D1C793E9BC.tmp: Error opening file for read: 0x00000020
C:\Program Files\Webroot\Spy Sweeper\wrstemp\SSMS4B0FC30C-CD71-48A1-B321-CBBF1C8E54DB.tmp: Error opening file for read: 0x00000020
C:\Program Files\Webroot\Spy Sweeper\wrstemp\SSMS51A00D38-E33F-45BD-B0FF-7E8AB5A3ABE2.tmp: Error opening file for read: 0x00000020
C:\Program Files\Webroot\Spy Sweeper\wrstemp\SSMS55EC6C4B-A5C4-409C-BDB1-8F9780264902.tmp: Error opening file for read: 0x00000020
C:\Program Files\Webroot\Spy Sweeper\wrstemp\SSMS575342CD-92A2-4049-99B7-B18A7A654E04.tmp: Error opening file for read: 0x00000020
C:\Program Files\Webroot\Spy Sweeper\wrstemp\SSMS5A63F9EA-85FC-4A17-A566-031C4C9D93F5.tmp: Error opening file for read: 0x00000020
C:\Program Files\Webroot\Spy Sweeper\wrstemp\SSMS5C3527C4-D651-4D83-AD75-76027F0C142B.tmp: Error opening file for read: 0x00000020
C:\Program Files\Webroot\Spy Sweeper\wrstemp\SSMS5E01EC84-713C-4A77-B1D1-5CA7BE51B75C.tmp: Error opening file for read: 0x00000020
C:\Program Files\Webroot\Spy Sweeper\wrstemp\SSMS5E9528FD-B0EF-4CCB-B0AA-84021724A87B.tmp: Error opening file for read: 0x00000020
C:\Program Files\Webroot\Spy Sweeper\wrstemp\SSMS5EAADC46-B44D-4913-AE4C-2395BED821FA.tmp: Error opening file for read: 0x00000020
C:\Program Files\Webroot\Spy Sweeper\wrstemp\SSMS5F47D4B7-5054-4744-A12F-968ACD7DD499.tmp: Error opening file for read: 0x00000020
C:\Program Files\Webroot\Spy Sweeper\wrstemp\SSMS60BB078B-4DA6-416A-8DC9-490741BBDC56.tmp: Error opening file for read: 0x00000020
C:\Program Files\Webroot\Spy Sweeper\wrstemp\SSMS6421EC86-2EB6-4996-BFC8-37E841EC7A32.tmp: Error opening file for read: 0x00000020
C:\Program Files\Webroot\Spy Sweeper\wrstemp\SSMS688A504B-8986-4B63-9189-706DC6BAA4ED.tmp: Error opening file for read: 0x00000020
C:\Program Files\Webroot\Spy Sweeper\wrstemp\SSMS6E93F46F-754A-4D5F-A056-3603974FDDC0.tmp: Error opening file for read: 0x00000020
C:\Program Files\Webroot\Spy Sweeper\wrstemp\SSMS6F6F5025-0470-4EE6-8B0B-B4A7220AB75A.tmp: Error opening file for read: 0x00000020
C:\Program Files\Webroot\Spy Sweeper\wrstemp\SSMS7026A2B7-846C-4380-935C-2C2FC76DDF9E.tmp: Error opening file for read: 0x00000020
C:\Program Files\Webroot\Spy Sweeper\wrstemp\SSMS72EF2AA0-6FF4-446A-8A2C-656CE2784298.tmp: Error opening file for read: 0x00000020
C:\Program Files\Webroot\Spy Sweeper\wrstemp\SSMS74D63AFE-8048-4080-AC07-8C67309D62F9.tmp: Error opening file for read: 0x00000020
C:\Program Files\Webroot\Spy Sweeper\wrstemp\SSMS7A3138EC-4200-4156-86F1-421E8FC01D72.tmp: Error opening file for read: 0x00000020
C:\Program Files\Webroot\Spy Sweeper\wrstemp\SSMS7CE58B77-E079-4461-80ED-F2964F84E1C0.tmp: Error opening file for read: 0x00000020
C:\Program Files\Webroot\Spy Sweeper\wrstemp\SSMS7D7FB869-E838-408F-A88D-8349EB7DA808.tmp: Error opening file for read: 0x00000020
C:\Program Files\Webroot\Spy Sweeper\wrstemp\SSMS7E7D4C8E-7C99-438F-9064-2DDD3CD3F0CB.tmp: Error opening file for read: 0x00000020
C:\Program Files\Webroot\Spy Sweeper\wrstemp\SSMS7FAFB484-0C3C-4D11-86F6-99D6688AC12B.tmp: Error opening file for read: 0x00000020
C:\Program Files\Webroot\Spy Sweeper\wrstemp\SSMS88EFC5B9-83B9-45A2-80DA-12EE891BE1E4.tmp: Error opening file for read: 0x00000020
C:\Program Files\Webroot\Spy Sweeper\wrstemp\SSMS89ECE2FB-7977-4B8B-AC28-AB1231DB5FC8.tmp: Error opening file for read: 0x00000020
C:\Program Files\Webroot\Spy Sweeper\wrstemp\SSMS8C105F40-C05B-4870-A958-6B8EB1407854.tmp: Error opening file for read: 0x00000020
C:\Program Files\Webroot\Spy Sweeper\wrstemp\SSMS8C5B82C5-3DCE-4AD8-8080-72DCEEE3E5A5.tmp: Error opening file for read: 0x00000020
C:\Program Files\Webroot\Spy Sweeper\wrstemp\SSMS8F51FC5D-FE82-4739-AAF1-C9CC7C41071A.tmp: Error opening file for read: 0x00000020
C:\Program Files\Webroot\Spy Sweeper\wrstemp\SSMS91E4D9D7-76BB-41E0-B044-2BA25B7E4E5C.tmp: Error opening file for read: 0x00000020
C:\Program Files\Webroot\Spy Sweeper\wrstemp\SSMS924BB613-389B-4739-9684-DE1D560265CE.tmp: Error opening file for read: 0x00000020
C:\Program Files\Webroot\Spy Sweeper\wrstemp\SSMS95C22EF0-B4A8-424F-A625-BBA2C657042C.tmp: Error opening file for read: 0x00000020
C:\Program Files\Webroot\Spy Sweeper\wrstemp\SSMS96829282-B5AB-4315-AA71-CFF02FCFBD9E.tmp: Error opening file for read: 0x00000020
C:\Program Files\Webroot\Spy Sweeper\wrstemp\SSMS9983D902-2396-4FAF-BA29-D46A8ED15C13.tmp: Error opening file for read: 0x00000020
C:\Program Files\Webroot\Spy Sweeper\wrstemp\SSMS9A90F866-0F5B-49BE-9671-85EAA9FB713D.tmp: Error opening file for read: 0x00000020
C:\Program Files\Webroot\Spy Sweeper\wrstemp\SSMS9B716113-5FCF-4A9A-8E44-4E8D50C8FBF4.tmp: Error opening file for read: 0x00000020
C:\Program Files\Webroot\Spy Sweeper\wrstemp\SSMS9E487804-6223-4262-AADF-EB20E881B728.tmp: Error opening file for read: 0x00000020
C:\Program Files\Webroot\Spy Sweeper\wrstemp\SSMS9EE939CB-4E15-4331-94CC-B60BFFA88CE8.tmp: Error opening file for read: 0x00000020
C:\Program Files\Webroot\Spy Sweeper\wrstemp\SSMSA1915A6C-C4E0-44AA-BEB3-06508248D37D.tmp: Error opening file for read: 0x00000020
C:\Program Files\Webroot\Spy Sweeper\wrstemp\SSMSA239496D-11C9-46A2-A076-9E2989452F31.tmp: Error opening file for read: 0x00000020
C:\Program Files\Webroot\Spy Sweeper\wrstemp\SSMSA2A51A2D-0D7F-459E-96BB-A6C4EB9AED0A.tmp: Error opening file for read: 0x00000020
C:\Program Files\Webroot\Spy Sweeper\wrstemp\SSMSA3C00420-574B-4AF8-8008-AB62C436B76B.tmp: Error opening file for read: 0x00000020
C:\Program Files\Webroot\Spy Sweeper\wrstemp\SSMSA5BC4C1D-8168-4C5E-89AE-C909250C5FFF.tmp: Error opening file for read: 0x00000020
C:\Program Files\Webroot\Spy Sweeper\wrstemp\SSMSA7E8628D-72E8-4AEB-816E-B4A27959FC96.tmp: Error opening file for read: 0x00000020
C:\Program Files\Webroot\Spy Sweeper\wrstemp\SSMSAC204176-17A3-4A25-94F5-5CA48A00D6F7.tmp: Error opening file for read: 0x00000020
C:\Program Files\Webroot\Spy Sweeper\wrstemp\SSMSADED026E-A34C-4199-A283-8A62A3C47820.tmp: Error opening file for read: 0x00000020
C:\Program Files\Webroot\Spy Sweeper\wrstemp\SSMSAE77B8E7-65DD-4098-8FBE-FE39DEA3FB9A.tmp: Error opening file for read: 0x00000020
C:\Program Files\Webroot\Spy Sweeper\wrstemp\SSMSB9255237-F53C-4CA9-A533-6D224FE7EB68.tmp: Error opening file for read: 0x00000020
C:\Program Files\Webroot\Spy Sweeper\wrstemp\SSMSC184A075-F842-42E9-BAA8-D67230F01248.tmp: Error opening file for read: 0x00000020
C:\Program Files\Webroot\Spy Sweeper\wrstemp\SSMSC3A2CEB6-39AD-41E8-BF16-3845A0418C8A.tmp: Error opening file for read: 0x00000020
C:\Program Files\Webroot\Spy Sweeper\wrstemp\SSMSC9BAF2E5-F63C-4821-AEC3-E65D1C13C40C.tmp: Error opening file for read: 0x00000020
C:\Program Files\Webroot\Spy Sweeper\wrstemp\SSMSCA0BB08D-0908-4765-B2AD-D26346E27BEE.tmp: Error opening file for read: 0x00000020
C:\Program Files\Webroot\Spy Sweeper\wrstemp\SSMSCB3B487E-B1D4-4C1A-B419-78BF49FDE8CD.tmp: Error opening file for read: 0x00000020
C:\Program Files\Webroot\Spy Sweeper\wrstemp\SSMSCC17FFCB-8077-436B-9DCE-405DEA4AA89F.tmp: Error opening file for read: 0x00000020
C:\Program Files\Webroot\Spy Sweeper\wrstemp\SSMSD144FDB4-F97C-4C8D-A566-D4CBB51E9287.tmp: Error opening file for read: 0x00000020
C:\Program Files\Webroot\Spy Sweeper\wrstemp\SSMSD16AE9A3-905A-4BA2-912E-062E2F5C3989.tmp: Error opening file for read: 0x00000020
C:\Program Files\Webroot\Spy Sweeper\wrstemp\SSMSD2DF4654-DDA5-4AF9-9A0E-7B22D426F377.tmp: Error opening file for read: 0x00000020
C:\Program Files\Webroot\Spy Sweeper\wrstemp\SSMSD3D6673B-ECDC-4014-8FA7-C040126959D8.tmp: Error opening file for read: 0x00000020
C:\Program Files\Webroot\Spy Sweeper\wrstemp\SSMSD98D21C6-C97B-411F-9259-258313F38700.tmp: Error opening file for read: 0x00000020
C:\Program Files\Webroot\Spy Sweeper\wrstemp\SSMSDAB4B2B9-F33D-4651-BBCB-7A1DB864D2E6.tmp: Error opening file for read: 0x00000020
C:\Program Files\Webroot\Spy Sweeper\wrstemp\SSMSDB092014-F49A-4C27-A7BB-80629FC4C457.tmp: Error opening file for read: 0x00000020
C:\Program Files\Webroot\Spy Sweeper\wrstemp\SSMSDDE15D66-464A-482B-B939-94DE82ABC6CC.tmp: Error opening file for read: 0x00000020
C:\Program Files\Webroot\Spy Sweeper\wrstemp\SSMSDE328925-6A53-47AB-8630-FA1F7DCB6F9C.tmp: Error opening file for read: 0x00000020
C:\Program Files\Webroot\Spy Sweeper\wrstemp\SSMSE10572AB-A268-421A-B560-35F0DB7F99A0.tmp: Error opening file for read: 0x00000020
C:\Program Files\Webroot\Spy Sweeper\wrstemp\SSMSE1532C92-6DF2-405F-A1BE-965F0C9A2BA3.tmp: Error opening file for read: 0x00000020
C:\Program Files\Webroot\Spy Sweeper\wrstemp\SSMSE4AD0364-E99C-42E5-B970-32A5CF83C412.tmp: Error opening file for read: 0x00000020
C:\Program Files\Webroot\Spy Sweeper\wrstemp\SSMSE62FEF98-04EE-4A5B-8124-6394008000C6.tmp: Error opening file for read: 0x00000020
C:\Program Files\Webroot\Spy Sweeper\wrstemp\SSMSE6DC4EBD-2F17-4689-90CB-CBE1BAC56478.tmp: Error opening file for read: 0x00000020
C:\Program Files\Webroot\Spy Sweeper\wrstemp\SSMSEB990AFF-C18D-4EDF-8E58-6BAAD40F623C.tmp: Error opening file for read: 0x00000020
C:\Program Files\Webroot\Spy Sweeper\wrstemp\SSMSEC4D67D9-CF1C-4CC6-8FC5-0CBACA4D4ACD.tmp: Error opening file for read: 0x00000020
C:\Program Files\Webroot\Spy Sweeper\wrstemp\SSMSEFBC8A1D-5A63-47A3-BCDD-04BDA486752D.tmp: Error opening file for read: 0x00000020
C:\Program Files\Webroot\Spy Sweeper\wrstemp\SSMSF0E29BEF-E803-4823-A131-30C0FF0AF2E1.tmp: Error opening file for read: 0x00000020
C:\Program Files\Webroot\Spy Sweeper\wrstemp\SSMSF199C0DB-64F1-4FA9-A7EB-36D2E51915E4.tmp: Error opening file for read: 0x00000020
C:\Program Files\Webroot\Spy Sweeper\wrstemp\SSMSF7474983-BF58-45E4-A596-589156F97271.tmp: Error opening file for read: 0x00000020
C:\Program Files\Webroot\Spy Sweeper\wrstemp\SSMSF86BC3C6-54D6-4254-9292-2748F4DD37F1.tmp: Error opening file for read: 0x00000020
C:\Program Files\Webroot\Spy Sweeper\wrstemp\SSMSFD1A012C-7074-4987-949E-ABD1FA6C1A0D.tmp: Error opening file for read: 0x00000020
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP2479\A0316036.exe: File infected with W32/Virtumonde.CYPF
Deleted file: C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP2479\A0316036.exe
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP2480\A0316105.rbf: File infected with W32/Malware.QTQO
Deleted file: C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP2480\A0316105.rbf
C:\WINDOWS\SYSTEM32\CONFIG\DEFAULT: Error opening file for read: 0x00000020
C:\WINDOWS\SYSTEM32\CONFIG\DEFAULT.LOG: Error opening file for read: 0x00000020
C:\WINDOWS\SYSTEM32\CONFIG\SAM: Error opening file for read: 0x00000020
C:\WINDOWS\SYSTEM32\CONFIG\SAM.LOG: Error opening file for read: 0x00000020
C:\WINDOWS\SYSTEM32\CONFIG\SECURITY: Error opening file for read: 0x00000020
C:\WINDOWS\SYSTEM32\CONFIG\SECURITY.LOG: Error opening file for read: 0x00000020
C:\WINDOWS\SYSTEM32\CONFIG\SOFTWARE: Error opening file for read: 0x00000020
C:\WINDOWS\SYSTEM32\CONFIG\SOFTWARE.LOG: Error opening file for read: 0x00000020
C:\WINDOWS\SYSTEM32\CONFIG\SYSTEM: Error opening file for read: 0x00000020
C:\WINDOWS\SYSTEM32\CONFIG\SYSTEM.LOG: Error opening file for read: 0x00000020
C:\WINDOWS\SYSTEM32\SsiEfr.exe: Error opening file for read: 0x00000005
C:\WINDOWS\SYSTEM32\wrLZMA.dll: Error opening file for read: 0x00000005
C:\WINDOWS\Temp\Perflib_Perfdata_cd0.dat: Error opening file for read: 0x00000020
C:\WINDOWS\Temp\Perflib_Perfdata_f54.dat: Error opening file for read: 0x00000020
C:\WINDOWS\Temp\_avast_\Webshlock.txt: Error opening file for read: 0x00000020
C:\WINDOWS\TrueInstall.exe: File infected with W32/Obfuscated.EI!genr
Deleted file: C:\WINDOWS\TrueInstall.exe

Number of files found: 107643
Number of archives unpacked: 0
Number of objects found: 107643
Number of objects scanned: 107542
Number of objects not scanned: 161
Number of malicious objects found: 3
Number of malicious objects cleaned: 3
Number of malicious files found: 3
Number of malicious files cleaned: 3
Scanning time: 1h 58m 41s
Running post-scan cleanup routine...

Scanning time: 0s

Results:
Total number of files found: 107643
Total number of archives unpacked: 0
Total number of objects found: 109645
Total number of objects scanned: 109544
Total number of objects not scanned: 161
Total number of malicious objects found: 3
Total number of malicious objects cleaned: 3
Total number of malicious files found: 3
Total number of malicious files cleaned: 3
Total scanning time: 2h 0m 38s

2nd Norman scan on May 26th:
Norman Malware Cleaner v2.00.05
Copyright © 1990 - 2011, Norman ASA.

Norman Scanner Engine Version: 6.07.07
nvcbin.def: Version: 6.07.00, Date: 2011/05/26 04:59:18, Variants: 12120327
nvcmacro.def: Version: 6.07.00, Date: 2011/02/01 06:21:31, Variants: 20465

Operating System: Windows XP Service Pack 3

Switches: /iagree /nounpack /cleanrootkit /nomt

Scan started: 2011/05/26 09:02:02

Running pre-scan cleanup routine...

Scanning time: 1s

Scanning system for active rootkit activity...

Scanning time: 0s

Scanning running processes and process memory...

Number of objects found: 2102
Number of objects scanned: 2102
Number of objects not scanned: 0
Number of malicious memory objects found: 0
Scanning time: 1m 52s

Running full scan...
C:\Documents and Settings\All Users\Application Data\Microsoft\Microsoft Antimalware\IMpServiceEDB4FA23-53B8-4AFA-8C5D-99752CCA7094.lock: Error opening file for read: 0x00000020
C:\Documents and Settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Scans\History\CacheManager\MpScanCache-0.bin: Error opening file for read: 0x00000020
C:\Documents and Settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Scans\MpDiag.bin: Error opening file for read: 0x00000020
C:\Documents and Settings\Amy Meechan\Local Settings\Application Data\Microsoft\Internet Explorer\Recovery\Active\RecoveryStore.{F60E312D-874F-11E0-A69E-000D566A6D37}.dat: Error opening file for read: 0x00000020
C:\Documents and Settings\Amy Meechan\Local Settings\Application Data\Microsoft\Internet Explorer\Recovery\Active\{0DB5BF2E-8759-11E0-A69E-000D566A6D37}.dat: Error opening file for read: 0x00000020
C:\Documents and Settings\Amy Meechan\Local Settings\Application Data\Microsoft\Internet Explorer\Recovery\Active\{93F82B7A-87AF-11E0-A69E-000D566A6D37}.dat: Error opening file for read: 0x00000020
C:\Documents and Settings\Amy Meechan\Local Settings\Application Data\Microsoft\Internet Explorer\Recovery\Active\{D0332474-876D-11E0-A69E-000D566A6D37}.dat: Error opening file for read: 0x00000020
C:\Documents and Settings\Amy Meechan\Local Settings\Application Data\Microsoft\Internet Explorer\Recovery\Active\{F60E312E-874F-11E0-A69E-000D566A6D37}.dat: Error opening file for read: 0x00000020
C:\Documents and Settings\Amy Meechan\Local Settings\Application Data\Microsoft\Internet Explorer\Recovery\Active\{F8FDE04C-876D-11E0-A69E-000D566A6D37}.dat: Error opening file for read: 0x00000020
C:\Documents and Settings\Amy Meechan\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat: Error opening file for read: 0x00000020
C:\Documents and Settings\Amy Meechan\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG: Error opening file for read: 0x00000020
C:\Documents and Settings\Amy Meechan\Local Settings\Application Data\Microsoft\Windows Live Contacts\{196990a5-8e7b-4d4a-a74e-657e5db88a41}\DBStore\contacts.edb: Error opening file for read: 0x00000020
C:\Documents and Settings\Amy Meechan\Local Settings\Application Data\Microsoft\Windows Live Contacts\{196990a5-8e7b-4d4a-a74e-657e5db88a41}\DBStore\LogFiles\edb.log: Error opening file for read: 0x00000020
C:\Documents and Settings\Amy Meechan\Local Settings\Application Data\Microsoft\Windows Live Contacts\{196990a5-8e7b-4d4a-a74e-657e5db88a41}\DBStore\tempedb.edb: Error opening file for read: 0x00000020
C:\Documents and Settings\Amy Meechan\Local Settings\Application Data\Microsoft\Windows Live Contacts\{44492cf6-9f6f-49b6-9260-3f682fd347aa}\DBStore\contacts.edb: Error opening file for read: 0x00000020
C:\Documents and Settings\Amy Meechan\Local Settings\Application Data\Microsoft\Windows Live Contacts\{44492cf6-9f6f-49b6-9260-3f682fd347aa}\DBStore\LogFiles\edb.log: Error opening file for read: 0x00000020
C:\Documents and Settings\Amy Meechan\Local Settings\Application Data\Microsoft\Windows Live Contacts\{44492cf6-9f6f-49b6-9260-3f682fd347aa}\DBStore\LogFiles\edbtmp.log: Error opening file for read: 0x00000020
C:\Documents and Settings\Amy Meechan\Local Settings\Application Data\Microsoft\Windows Live Contacts\{44492cf6-9f6f-49b6-9260-3f682fd347aa}\DBStore\tempedb.edb: Error opening file for read: 0x00000020
C:\Documents and Settings\Amy Meechan\Local Settings\Temp\~DF3021.tmp: Error opening file for read: 0x00000020
C:\Documents and Settings\Amy Meechan\Local Settings\Temp\~DF5431.tmp: Error opening file for read: 0x00000020
C:\Documents and Settings\Amy Meechan\Local Settings\Temp\~DF9646.tmp: Error opening file for read: 0x00000020
C:\Documents and Settings\Amy Meechan\Local Settings\Temp\~DFC956.tmp: Error opening file for read: 0x00000020
C:\Documents and Settings\Amy Meechan\Local Settings\Temp\~DFCAC6.tmp: Error opening file for read: 0x00000020
C:\Documents and Settings\Amy Meechan\Local Settings\Temp\~DFF5CF.tmp: Error opening file for read: 0x00000020
C:\Documents and Settings\Amy Meechan\ntuser.dat: Error opening file for read: 0x00000020
C:\Documents and Settings\Amy Meechan\ntuser.dat.LOG: Error opening file for read: 0x00000020
C:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat: Error opening file for read: 0x00000020
C:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG: Error opening file for read: 0x00000020
C:\Documents and Settings\LocalService\NTUSER.DAT: Error opening file for read: 0x00000020
C:\Documents and Settings\LocalService\ntuser.dat.LOG: Error opening file for read: 0x00000020
C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat: Error opening file for read: 0x00000020
C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG: Error opening file for read: 0x00000020
C:\Documents and Settings\NetworkService\NTUSER.DAT: Error opening file for read: 0x00000020
C:\Documents and Settings\NetworkService\ntuser.dat.LOG: Error opening file for read: 0x00000020
C:\Program Files\Webroot\Spy Sweeper\Data\settings.dat: Error opening file for read: 0x00000005
C:\Program Files\Webroot\Spy Sweeper\Masters\masters.bak: Error opening file for read: 0x00000005
C:\Program Files\Webroot\Spy Sweeper\Masters\Masters.const: Error opening file for read: 0x00000005
C:\Program Files\Webroot\Spy Sweeper\Masters\masters.mst: Error opening file for read: 0x00000005
C:\Program Files\Webroot\Spy Sweeper\Masters\other.dat: Error opening file for read: 0x00000005
C:\Program Files\Webroot\Spy Sweeper\Masters.base: Error opening file for read: 0x00000005
C:\Program Files\Webroot\Spy Sweeper\wrstemp\SSMS00D19367-828C-43E6-8CC1-7B99AD943DD6.tmp: Error opening file for read: 0x00000020
C:\Program Files\Webroot\Spy Sweeper\wrstemp\SSMS0129B749-BD49-4F33-8B73-814CD7B70531.tmp: Error opening file for read: 0x00000020
C:\Program Files\Webroot\Spy Sweeper\wrstemp\SSMS01326B5E-A3AB-4AAB-AD5A-D275AEFE5B9C.tmp: Error opening file for read: 0x00000020
C:\Program Files\Webroot\Spy Sweeper\wrstemp\SSMS037790C1-BF06-4BBC-8588-2664970FC77F.tmp: Error opening file for read: 0x00000020
C:\Program Files\Webroot\Spy Sweeper\wrstemp\SSMS039F5FB6-8B5D-48C8-90E0-6EA16AC3B3D0.tmp: Error opening file for read: 0x00000020
C:\Program Files\Webroot\Spy Sweeper\wrstemp\SSMS03BCB8D5-667B-4892-A290-DFEC32987E9E.tmp: Error opening file for read: 0x00000020
C:\Program Files\Webroot\Spy Sweeper\wrstemp\SSMS049D68BB-199B-4831-A2FA-90B20B8A8146.tmp: Error opening file for read: 0x00000020
C:\Program Files\Webroot\Spy Sweeper\wrstemp\SSMS058FAB78-772A-4DF3-A3C6-0E82908D1D94.tmp: Error opening file for read: 0x00000020
C:\Program Files\Webroot\Spy Sweeper\wrstemp\SSMS05C1D196-9E31-4C7D-8E40-3D42496B4EFC.tmp: Error opening file for read: 0x00000020
C:\Program Files\Webroot\Spy Sweeper\wrstemp\SSMS05FACB85-FDDD-4EDC-B141-AFA08FC08124.tmp: Error opening file for read: 0x00000020
C:\Program Files\Webroot\Spy Sweeper\wrstemp\SSMS0749EAD8-C5B0-4322-AF14-7A6FE4387813.tmp: Error opening file for read: 0x00000020
C:\Program Files\Webroot\Spy Sweeper\wrstemp\SSMS076FB7A2-A27D-44C8-B689-5329B832F70E.tmp: Error opening file for read: 0x00000020
C:\Program Files\Webroot\Spy Sweeper\wrstemp\SSMS08C9DF96-8CBE-4BC7-ADA3-47194F635C75.tmp: Error opening file for read: 0x00000020
C:\Program Files\Webroot\Spy Sweeper\wrstemp\SSMS08EDA493-596A-4B06-AE6C-2BCF3DD8E6ED.tmp: Error opening file for read: 0x00000020
C:\Program Files\Webroot\Spy Sweeper\wrstemp\SSMS0916A0AC-52FD-4ED4-B565-73BB92225DD3.tmp: Error opening file for read: 0x00000020
C:\Program Files\Webroot\Spy Sweeper\wrstemp\SSMS09DBB2AE-B941-45E7-A865-49785A30953B.tmp: Error opening file for read: 0x00000020
C:\Program Files\Webroot\Spy Sweeper\wrstemp\SSMS0B3AA201-A98C-4367-9509-A57704279BE4.tmp: Error opening file for read: 0x00000020
C:\Program Files\Webroot\Spy Sweeper\wrstemp\SSMS0C0DE82F-3284-4F08-8B60-26ED019E71FC.tmp: Error opening file for read: 0x00000020
C:\Program Files\Webroot\Spy Sweeper\wrstemp\SSMS0C6398DE-C9D4-407E-8012-04616B768885.tmp: Error opening file for read: 0x00000020
C:\Program Files\Webroot\Spy Sweeper\wrstemp\SSMS0CA01AEB-4CA3-44EB-8EEE-9149527FA8C1.tmp: Error opening file for read: 0x00000020
C:\Program Files\Webroot\Spy Sweeper\wrstemp\SSMS0CDEF1D7-B855-4175-9436-08B31F9E5A1B.tmp: Error opening file for read: 0x00000020
C:\Program Files\Webroot\Spy Sweeper\wrstemp\SSMS0D7D4EC1-5403-4D0D-8228-326926C4EBDB.tmp: Error opening file for read: 0x00000020
C:\Program Files\Webroot\Spy Sweeper\wrstemp\SSMS0D7ED92D-3F30-4658-9FC5-6E9FD92CB806.tmp: Error opening file for read: 0x00000020
C:\Program Files\Webroot\Spy Sweeper\wrstemp\SSMS0DB78B91-C26C-43D1-AF67-0EC0C5657076.tmp: Error opening file for read: 0x00000020
C:\Program Files\Webroot\Spy Sweeper\wrstemp\SSMS0E4B406A-4458-4E6A-BB28-77ADC33F20DB.tmp: Error opening file for read: 0x00000020
C:\Program Files\Webroot\Spy Sweeper\wrstemp\SSMS0ED2E9B9-101E-4DD5-AE8E-CAE117DD72AC.tmp: Error opening file for read: 0x00000020
C:\Program Files\Webroot\Spy Sweeper\wrstemp\SSMS100C673E-E924-4FAE-AA91-7B178CA37751.tmp: Error opening file for read: 0x00000020
C:\Program Files\Webroot\Spy Sweeper\wrstemp\SSMS1255CE64-5528-4066-93A6-4B505E36859F.tmp: Error opening file for read: 0x00000020
C:\Program Files\Webroot\Spy Sweeper\wrstemp\SSMS12F91FA4-2322-4154-BC2F-BC7ED0A54681.tmp: Error opening file for read: 0x00000020
C:\Program Files\Webroot\Spy Sweeper\wrstemp\SSMS139516F2-1BFA-4C74-8DDC-E3863478C39B.tmp: Error opening file for read: 0x00000020
C:\Program Files\Webroot\Spy Sweeper\wrstemp\SSMS142CA53A-180E-411D-9385-DA006395C8FB.tmp: Error opening file for read: 0x00000020
C:\Program Files\Webroot\Spy Sweeper\wrstemp\SSMS15C5056A-C216-4542-BA28-BD5EEDEF1EEB.tmp: Error opening file for read: 0x00000020
C:\Program Files\Webroot\Spy Sweeper\wrstemp\SSMS15DAEBD0-EA2A-4CC1-AD84-4A1C7D35FE14.tmp: Error opening file for read: 0x00000020
C:\Program Files\Webroot\Spy Sweeper\wrstemp\SSMS180FC3B2-D0B1-4B55-BBC0-5A5BD6458E6D.tmp: Error opening file for read: 0x00000020
C:\Program Files\Webroot\Spy Sweeper\wrstemp\SSMS187D9928-F17C-47BC-910D-7CB6FB1DCDCB.tmp: Error opening file for read: 0x00000020
C:\Program Files\Webroot\Spy Sweeper\wrstemp\SSMS1B02DA38-CDAA-478E-912B-E718885A28E2.tmp: Error opening file for read: 0x00000020
C:\Program Files\Webroot\Spy Sweeper\wrstemp\SSMS1B706F75-2A25-4445-8E40-6741636B19C4.tmp: Error opening file for read: 0x00000020
C:\Program Files\Webroot\Spy Sweeper\wrstemp\SSMS1B73DF0A-9EE5-44E1-8BD2-B50ACEECB996.tmp: Error opening file for read: 0x00000020
C:\Program Files\Webroot\Spy Sweeper\wrstemp\SSMS1B741E41-C5CD-4F79-A633-BA6273D6AC04.tmp: Error opening file for read: 0x00000020
C:\Program Files\Webroot\Spy Sweeper\wrstemp\SSMS1C5CBF46-2BD6-45E2-91A3-EF7B7C507856.tmp: Error opening file for read: 0x00000020
C:\Program Files\Webroot\Spy Sweeper\wrstemp\SSMS1D6D7333-ADF3-4FFE-8FF1-1EE965761A84.tmp: Error opening file for read: 0x00000020
C:\Program Files\Webroot\Spy Sweeper\wrstemp\SSMS1FB4004A-0066-4D1C-BD6E-B9585CC7903D.tmp: Error opening file for read: 0x00000020
C:\Program Files\Webroot\Spy Sweeper\wrstemp\SSMS22BAA15A-8EA3-429A-98B2-A5C9587CA8CE.tmp: Error opening file for read: 0x00000020
C:\Program Files\Webroot\Spy Sweeper\wrstemp\SSMS23C22236-4DC4-462E-AFCB-66595520C289.tmp: Error opening file for read: 0x00000020
C:\Program Files\Webroot\Spy Sweeper\wrstemp\SSMS240A1C76-5BC4-4239-9419-9504A7D0BDC5.tmp: Error opening file for read: 0x00000020
C:\Program Files\Webroot\Spy Sweeper\wrstemp\SSMS24116DC1-7E1A-4AAE-A920-B1B0CE122759.tmp: Error opening file for read: 0x00000020
C:\Program Files\Webroot\Spy Sweeper\wrstemp\SSMS25322E76-C13B-4074-A0EF-9DCFCB730E50.tmp: Error opening file for read: 0x00000020
C:\Program Files\Webroot\Spy Sweeper\wrstemp\SSMS2548BDFE-35C2-4A3C-B0FC-5870FEAD75EF.tmp: Error opening file for read: 0x00000020
C:\Program Files\Webroot\Spy Sweeper\wrstemp\SSMS254CB6BA-DA8E-4066-9A8E-6DC86F1B299E.tmp: Error opening file for read: 0x00000020
C:\Program Files\Webroot\Spy Sweeper\wrstemp\SSMS26588D89-2E39-4099-B2DB-8B69C1F04758.tmp: Error opening file for read: 0x00000020
C:\Program Files\Webroot\Spy Sweeper\wrstemp\SSMS27253704-0F64-48CC-9ECD-29E4EFBF67F0.tmp: Error opening file for read: 0x00000020
C:\Program Files\Webroot\Spy Sweeper\wrstemp\SSMS27F3B643-202E-44B7-8546-BBC428C48DB2.tmp: Error opening file for read: 0x00000020
C:\Program Files\Webroot\Spy Sweeper\wrstemp\SSMS28C77F79-E7C0-4E80-985D-C447D5E2C0F9.tmp: Error opening file for read: 0x00000020
C:\Program Files\Webroot\Spy Sweeper\wrstemp\SSMS28DE7AD2-6112-4485-AE7A-35B2D7C66ED1.tmp: Error opening file for read: 0x00000020
C:\Program Files\Webroot\Spy Sweeper\wrstemp\SSMS2A42DFDD-B68E-4C61-95F4-BF125811862F.tmp: Error opening file for read: 0x00000020
C:\Program Files\Webroot\Spy Sweeper\wrstemp\SSMS2B9ADAC3-5738-4BB5-8988-56D22E0DC064.tmp: Error opening file for read: 0x00000020
C:\Program Files\Webroot\Spy Sweeper\wrstemp\SSMS2D483101-7709-4976-9DF1-1607BF4D1462.tmp: Error opening file for read: 0x00000020
C:\Program Files\Webroot\Spy Sweeper\wrstemp\SSMS2D5420FC-627D-4548-97F3-259EE3882D87.tmp: Error opening file for read: 0x00000020
C:\Program Files\Webroot\Spy Sweeper\wrstemp\SSMS2D580E06-70A5-4CAE-AE02-3EC906D125BF.tmp: Error opening file for read: 0x00000020
C:\Program Files\Webroot\Spy Sweeper\wrstemp\SSMS31082007-D99D-4814-AE4E-3F222C88BD0E.tmp: Error opening file for read: 0x00000020
C:\Program Files\Webroot\Spy Sweeper\wrstemp\SSMS312A6009-377F-4B67-8893-230528C1D272.tmp: Error opening file for read: 0x00000020
C:\Program Files\Webroot\Spy Sweeper\wrstemp\SSMS320499F4-D23D-42D8-BF7C-4B7042A3A26B.tmp: Error opening file for read: 0x00000020
C:\Program Files\Webroot\Spy Sweeper\wrstemp\SSMS32C16C13-6609-4F41-8F8C-A11BC1EB34B7.tmp: Error opening file for read: 0x00000020
C:\Program Files\Webroot\Spy Sweeper\wrstemp\SSMS33056B8D-6A7E-48B2-AA6C-2CC2DC006CB9.tmp: Error opening file for read: 0x00000020
C:\Program Files\Webroot\Spy Sweeper\wrstemp\SSMS33B7671B-6F61-403A-B24E-613CEAA3C722.tmp: Error opening file for read: 0x00000020
C:\Program Files\Webroot\Spy Sweeper\wrstemp\SSMS352A7CD5-DE98-49BF-94E5-92A3A4A12E2B.tmp: Error opening file for read: 0x00000020
C:\Program Files\Webroot\Spy Sweeper\wrstemp\SSMS35403EE4-EA76-4001-856A-3D90B24E5F5E.tmp: Error opening file for read: 0x00000020
C:\Program Files\Webroot\Spy Sweeper\wrstemp\SSMS38945125-9C94-4E5E-8E7A-48065EBD383E.tmp: Error opening file for read: 0x00000020
C:\Program Files\Webroot\Spy Sweeper\wrstemp\SSMS38D58403-CA53-4113-BC07-76E3A0D31499.tmp: Error opening file for read: 0x00000020
C:\Program Files\Webroot\Spy Sweeper\wrstemp\SSMS38E2B9DC-8F07-4B7E-A0C0-3EF15A77260A.tmp: Error opening file for read: 0x00000020
C:\Program Files\Webroot\Spy Sweeper\wrstemp\SSMS39305A81-C3F9-454B-BAE3-7243A430590C.tmp: Error opening file for read: 0x00000020
C:\Program Files\Webroot\Spy Sweeper\wrstemp\SSMS39911999-B425-452C-91CE-ADBBC41A6BDC.tmp: Error opening file for read: 0x00000020
C:\Program Files\Webroot\Spy Sweeper\wrstemp\SSMS3A6B2AA3-7D93-45B0-BFEC-70C52A5EB8B7.tmp: Error opening file for read: 0x00000020
C:\Program Files\Webroot\Spy Sweeper\wrstemp\SSMS3BD53F55-FDA3-49B6-B349-CDDB92481BAF.tmp: Error opening file for read: 0x00000020
C:\Program Files\Webroot\Spy Sweeper\wrstemp\SSMS3E2D040E-BAC4-4593-9492-E9237C0C2166.tmp: Error opening file for read: 0x00000020
C:\Program Files\Webroot\Spy Sweeper\wrstemp\SSMS3F67B24C-8D97-4D49-80B1-1C459D0333E6.tmp: Error opening file for read: 0x00000020
C:\Program Files\Webroot\Spy Sweeper\wrstemp\SSMS3F87C2BF-5D2B-49CF-9850-C9F0006453B0.tmp: Error opening file for read: 0x00000020
C:\Program Files\Webroot\Spy Sweeper\wrstemp\SSMS401A0E45-001B-4292-AB8E-31BBD6255C0D.tmp: Error opening file for read: 0x00000020
C:\Program Files\Webroot\Spy Sweeper\wrstemp\SSMS40330640-96E6-4A44-AC75-1CBD554A4598.tmp: Error opening file for read: 0x00000020
C:\Program Files\Webroot\Spy Sweeper\wrstemp\SSMS40606B8A-E347-417B-8B8F-E6E9B6F19365.tmp: Error opening file for read: 0x00000020
C:\Program Files\Webroot\Spy Sweeper\wrstemp\SSMS40C0FE42-EFCF-4FE1-8E33-066E0607BDC5.tmp: Error opening file for read: 0x00000020
C:\Program Files\Webroot\Spy Sweeper\wrstemp\SSMS41984FE6-CEFE-4F44-80E0-5EC0333A1370.tmp: Error opening file for read: 0x00000020
C:\Program Files\Webroot\Spy Sweeper\wrstemp\SSMS437DFB21-A1CC-49CB-9EA1-71C27AA08344.tmp: Error opening file for read: 0x00000020
C:\Program Files\Webroot\Spy Sweeper\wrstemp\SSMS4567B6EC-789A-44F1-983F-13A72DF7D418.tmp: Error opening file for read: 0x00000020
C:\Program Files\Webroot\Spy Sweeper\wrstemp\SSMS4644594A-7D20-406C-8C7E-B128D6CECCA6.tmp: Error opening file for read: 0x00000020
C:\Program Files\Webroot\Spy Sweeper\wrstemp\SSMS466E0198-B87F-4152-BA34-B993A9648882.tmp: Error opening file for read: 0x00000020
C:\Program Files\Webroot\Spy Sweeper\wrstemp\SSMS472EEA20-A2A1-445F-AF99-AA1D19C7FCF3.tmp: Error opening file for read: 0x00000020
C:\Program Files\Webroot\Spy Sweeper\wrstemp\SSMS473AF17A-D56C-4931-A4A3-27ED55CC4A04.tmp: Error opening file for read: 0x00000020
C:\Program Files\Webroot\Spy Sweeper\wrstemp\SSMS48F9158F-584E-4006-848E-72BD1DA3C65B.tmp: Error opening file for read: 0x00000020
C:\Program Files\Webroot\Spy Sweeper\wrstemp\SSMS493341D9-FFF6-4F36-815E-00C2FB942B00.tmp: Error opening file for read: 0x00000020
C:\Program Files\Webroot\Spy Sweeper\wrstemp\SSMS4B01F898-5551-48C4-A31C-A031984E1A29.tmp: Error opening file for read: 0x00000020
C:\Program Files\Webroot\Spy Sweeper\wrstemp\SSMS4B8BAC24-5F50-42FC-998F-18296EF5F9C5.tmp: Error opening file for read: 0x00000020
C:\Program Files\Webroot\Spy Sweeper\wrstemp\SSMS4C4872F2-7B0C-4B92-8532-A60715FB6105.tmp: Error opening file for read: 0x00000020
C:\Program Files\Webroot\Spy Sweeper\wrstemp\SSMS4C67ADB4-7AA4-414C-BC87-E162AE9495A3.tmp: Error opening file for read: 0x00000020
C:\Program Files\Webroot\Spy Sweeper\wrstemp\SSMS4CD066BC-836F-4822-9A86-2D042EA2F4C6.tmp: Error opening file for read: 0x00000020
C:\Program Files\Webroot\Spy Sweeper\wrstemp\SSMS4CDAF2EB-7CDC-4877-8A51-F83E334C5D35.tmp: Error opening file for read: 0x00000020
C:\Program Files\Webroot\Spy Sweeper\wrstemp\SSMS4CDCBD3A-2F98-4A6F-9CC7-ECDC406DCFAB.tmp: Error opening file for read: 0x00000020
C:\Program Files\Webroot\Spy Sweeper\wrstemp\SSMS4DB06417-9295-42F2-AAFC-D41BD3AD3FE5.tmp: Error opening file for read: 0x00000020
C:\Program Files\Webroot\Spy Sweeper\wrstemp\SSMS4DBEC182-7050-4F97-BB15-51EDB5D435C1.tmp: Error opening file for read: 0x00000020
C:\Program Files\Webroot\Spy Sweeper\wrstemp\SSMS4DE4B2FA-630F-4B96-987B-7240837BE76A.tmp: Error opening file for read: 0x00000020
C:\Program Files\Webroot\Spy Sweeper\wrstemp\SSMS4F5D7AC0-54E9-44DC-B700-E98605587445.tmp: Error opening file for read: 0x00000020
C:\Program Files\Webroot\Spy Sweeper\wrstemp\SSMS4FF21D8E-A263-42BE-80D3-DB2C90D5B02D.tmp: Error opening file for read: 0x00000020
C:\Program Files\Webroot\Spy Sweeper\wrstemp\SSMS5014316A-9884-4B82-B99B-1AE0DB3B280C.tmp: Error opening file for read: 0x00000020
C:\Program Files\Webroot\Spy Sweeper\wrstemp\SSMS50A0ED27-A6F3-473A-8EAA-D5A0AC7A5994.tmp: Error opening file for read: 0x00000020
C:\Program Files\Webroot\Spy Sweeper\wrstemp\SSMS5123B561-0255-45D2-91D3-FAA765EA4AD4.tmp: Error opening file for read: 0x00000020
C:\Program Files\Webroot\Spy Sweeper\wrstemp\SSMS51CAB377-3E53-4140-8443-329AA5FD60F1.tmp: Error opening file for read: 0x00000020
C:\Program Files\Webroot\Spy Sweeper\wrstemp\SSMS52A2D445-320A-42C4-9AA8-3B03D802B6F6.tmp: Error opening file for read: 0x00000020
C:\Program Files\Webroot\Spy Sweeper\wrstemp\SSMS53DB6CC9-0872-44EA-BD94-3D72EEBBA7E1.tmp: Error opening file for read: 0x00000020
C:\Program Files\Webroot\Spy Sweeper\wrstemp\SSMS553F8191-7E3B-495B-945D-DA066129D55F.tmp: Error opening file for read: 0x00000020
C:\Program Files\Webroot\Spy Sweeper\wrstemp\SSMS554A16C6-E2FC-43C4-B90B-FD9D4C165BA2.tmp: Error opening file for read: 0x00000020
C:\Program Files\Webroot\Spy Sweeper\wrstemp\SSMS5600F431-A7D0-45CD-96DD-C4A10EC8287E.tmp: Error opening file for read: 0x00000020
C:\Program Files\Webroot\Spy Sweeper\wrstemp\SSMS570159C9-4A07-40C7-A6EC-E0690CECA373.tmp: Error opening file for read: 0x00000020
C:\Program Files\Webroot\Spy Sweeper\wrstemp\SSMS577750CC-F74E-4FB9-966D-5C0EB0D945BC.tmp: Error opening file for read: 0x00000020
C:\Program Files\Webroot\Spy Sweeper\wrstemp\SSMS581D485C-03DE-49D8-8CA8-670317F11EBA.tmp: Error opening file for read: 0x00000020
C:\Program Files\Webroot\Spy Sweeper\wrstemp\SSMS589E2450-FB52-45FB-907C-36CC6D7FEB6B.tmp: Error opening file for read: 0x00000020
C:\Program Files\Webroot\Spy Sweeper\wrstemp\SSMS598C0484-649B-4468-A2B8-FA848CC60B78.tmp: Error opening file for read: 0x00000020
C:\Program Files\Webroot\Spy Sweeper\wrstemp\SSMS59B6AC20-F8BA-4794-B911-89F91F1485CF.tmp: Error opening file for read: 0x00000020
C:\Program Files\Webroot\Spy Sweeper\wrstemp\SSMS5BDE03A3-7166-48F4-AEAE-0F67CACF9433.tmp: Error opening file for read: 0x00000020
C:\Program Files\Webroot\Spy Sweeper\wrstemp\SSMS5BF661EC-445F-49A7-B263-CE59CB2F99CA.tmp: Error opening file for read: 0x00000020
C:\Program Files\Webroot\Spy Sweeper\wrstemp\SSMS5C557C02-D687-4848-A1E2-4262FA427FCD.tmp: Error opening file for read: 0x00000020
C:\Program Files\Webroot\Spy Sweeper\wrstemp\SSMS5C6AD27A-4D5D-40A8-8AA2-719ABC066AD2.tmp: Error opening file for read: 0x00000020
C:\Program Files\Webroot\Spy Sweeper\wrstemp\SSMS5D32B2D3-1D54-44C4-9ED2-E5017F1CCEC4.tmp: Error opening file for read: 0x00000020
C:\Program Files\Webroot\Spy Sweeper\wrstemp\SSMS5DF31577-1643-4A51-96E0-0D77BC493880.tmp: Error opening file for read: 0x00000020
C:\Program Files\Webroot\Spy Sweeper\wrstemp\SSMS5E0C1DF8-67A5-4F2A-ADF3-B16C8E7D6812.tmp: Error opening file for read: 0x00000020
C:\Program Files\Webroot\Spy Sweeper\wrstemp\SSMS5E53358D-7B04-4850-ADEA-63624BFC60C8.tmp: Error opening file for read: 0x00000020
C:\Program Files\Webroot\Spy Sweeper\wrstemp\SSMS5EA2D300-84E5-40F6-9479-EE501A8EC603.tmp: Error opening file for read: 0x00000020
C:\Program Files\Webroot\Spy Sweeper\wrstemp\SSMS60BF3527-A452-4277-BD9B-1E0AB8794280.tmp: Error opening file for read: 0x00000020
C:\Program Files\Webroot\Spy Sweeper\wrstemp\SSMS619BDB15-C40A-4BCE-AAC8-1BDD0522B1D6.tmp: Error opening file for read: 0x00000020
C:\Program Files\Webroot\Spy Sweeper\wrstemp\SSMS61A912FD-C5E9-4939-AF05-A6A5282BB6C2.tmp: Error opening file for read: 0x00000020
C:\Program Files\Webroot\Spy Sweeper\wrstemp\SSMS61CB43F4-5C50-49C6-B1D4-1A8D5E0AE4B7.tmp: Error opening file for read: 0x00000020
C:\Program Files\Webroot\Spy Sweeper\wrstemp\SSMS62F7E883-1271-4F77-946F-B6848CAA2F08.tmp: Error opening file for read: 0x00000020
C:\Program Files\Webroot\Spy Sweeper\wrstemp\SSMS63C13989-5627-4A36-9238-11F6C6AEF43D.tmp: Error opening file for read: 0x00000020
C:\Program Files\Webroot\Spy Sweeper\wrstemp\SSMS640BE432-FA3E-4F73-A839-A6942EF315CB.tmp: Error opening file for read: 0x00000020
C:\Program Files\Webroot\Spy Sweeper\wrstemp\SSMS655DEF09-D6E7-4645-9C14-ED0FF4AA0920.tmp: Error opening file for read: 0x00000020
C:\Program Files\Webroot\Spy Sweeper\wrstemp\SSMS66643C07-9732-4708-B9FD-1476F6ABEEE3.tmp: Error opening file for read: 0x00000020
C:\Program Files\Webroot\Spy Sweeper\wrstemp\SSMS667E78CB-9062-45EE-8730-D193931B5CF3.tmp: Error opening file for read: 0x00000020
C:\Program Files\Webroot\Spy Sweeper\wrstemp\SSMS692FAC1C-C780-4854-91AE-ED0C45CD9D82.tmp: Error opening file for read: 0x00000020
C:\Program Files\Webroot\Spy Sweeper\wrstemp\SSMS69AD1CF8-B100-453E-8C1B-6B8092B2569E.tmp: Error opening file for read: 0x00000020
C:\Program Files\Webroot\Spy Sweeper\wrstemp\SSMS69E15E5F-6B00-44CD-8CFA-7C6470FE3511.tmp: Error opening file for read: 0x00000020
C:\Program Files\Webroot\Spy Sweeper\wrstemp\SSMS6B477E54-0898-479D-A3B9-C2E31C7B95AA.tmp: Error opening file for read: 0x00000020
C:\Program Files\Webroot\Spy Sweeper\wrstemp\SSMS6D197B6E-F966-4AA9-B8C4-A9DD12841EA5.tmp: Error opening file for read: 0x00000020
C:\Program Files\Webroot\Spy Sweeper\wrstemp\SSMS6D29BDC8-80D1-483F-9BEA-5F87F5AC3ACE.tmp: Error opening file for read: 0x00000020
C:\Program Files\Webroot\Spy Sweeper\wrstemp\SSMS6DDDD772-E092-4B33-B638-33451F72AB17.tmp: Error opening file for read: 0x00000020
C:\Program Files\Webroot\Spy Sweeper\wrstemp\SSMS70E87E80-9E31-4572-BD81-762FC58CF204.tmp: Error opening file for read: 0x00000020
C:\Program Files\Webroot\Spy Sweeper\wrstemp\SSMS72C64981-D685-413B-95EC-A54F68BDB63F.tmp: Error opening file for read: 0x00000020
C:\Program Files\Webroot\Spy Sweeper\wrstemp\SSMS74618204-A66A-4333-ADF7-173C936DC751.tmp: Error opening file for read: 0x00000020
C:\Program Files\Webroot\Spy Sweeper\wrstemp\SSMS75A103C4-0B6E-4A52-8E57-62553ED519C7.tmp: Error opening file for read: 0x00000020
C:\Program Files\Webroot\Spy Sweeper\wrstemp\SSMS75E059F1-A0B9-47B8-ACE7-A4EF07FB6359.tmp: Error opening file for read: 0x00000020
C:\Program Files\Webroot\Spy Sweeper\wrstemp\SSMS7628C406-7DCC-4AC0-8B76-F6A987211A6E.tmp: Error opening file for read: 0x00000020
C:\Program Files\Webroot\Spy Sweeper\wrstemp\SSMS76395396-5D47-4BF7-8FFD-90688ED0482F.tmp: Error opening file for read: 0x00000020
C:\Program Files\Webroot\Spy Sweeper\wrstemp\SSMS778A88C1-2052-4238-B422-0A2A653AC9E6.tmp: Error opening file for read: 0x00000020
C:\Program Files\Webroot\Spy Sweeper\wrstemp\SSMS789F545B-A735-4DCB-AFFE-88A3178CE3A3.tmp: Error opening file for read: 0x00000020
C:\Program Files\Webroot\Spy Sweeper\wrstemp\SSMS78ED54BE-AE61-4FDA-A9EE-EC3BF9132726.tmp: Error opening file for read: 0x00000020
C:\Program Files\Webroot\Spy Sweeper\wrstemp\SSMS79BCE391-5D91-4973-8EF7-5C75C10B1071.tmp: Error opening file for read: 0x00000020
C:\Program Files\Webroot\Spy Sweeper\wrstemp\SSMS7A39D9BC-3B0A-486C-87CC-B94A36AE5E08.tmp: Error opening file for read: 0x00000020
C:\Program Files\Webroot\Spy Sweeper\wrstemp\SSMS7B1A1904-971A-474C-9AA0-D99CA05254CD.tmp: Error opening file for read: 0x00000020
C:\Program Files\Webroot\Spy Sweeper\wrstemp\SSMS7BF66EBE-127E-4A1C-A492-A933CF44F3F6.tmp: Error opening file for read: 0x00000020
C:\Program Files\Webroot\Spy Sweeper\wrstemp\SSMS7C6C861C-591E-4492-BF0F-0295201FC378.tmp: Error opening file for read: 0x00000020
C:\Program Files\Webroot\Spy Sweeper\wrstemp\SSMS7C6EE5E0-541C-46F5-A9D4-26808E5ADE4A.tmp: Error opening file for read: 0x00000020
C:\Program Files\Webroot\Spy Sweeper\wrstemp\SSMS7DF8C18B-2DDC-4A73-8D80-A945AC04437F.tmp: Error opening file for read: 0x00000020
C:\Program Files\Webroot\Spy Sweeper\wrstemp\SSMS7FBC0ED1-972B-4D45-A83E-8D51F31DEED7.tmp: Error opening file for read: 0x00000020
C:\Program Files\Webroot\Spy Sweeper\wrstemp\SSMS800B4F0F-AE98-4041-B136-FCFAAF2A3BF0.tmp: Error opening file for read: 0x00000020
C:\Program Files\Webroot\Spy Sweeper\wrstemp\SSMS803DC962-DF7C-4EB7-BD98-7DCEE5E42697.tmp: Error opening file for read: 0x00000020
C:\Program Files\Webroot\Spy Sweeper\wrstemp\SSMS80A39CDC-355B-4A6F-9053-A6A5CE45867E.tmp: Error opening file for read: 0x00000020
C:\Program Files\Webroot\Spy Sweeper\wrstemp\SSMS814491EA-B2AB-429B-9955-0BCB982EAB6B.tmp: Error opening file for read: 0x00000020
C:\Program Files\Webroot\Spy Sweeper\wrstemp\SSMS82BE6441-7E5A-4508-B967-0B0862D9F9B2.tmp: Error opening file for read: 0x00000020
C:\Program Files\Webroot\Spy Sweeper\wrstemp\SSMS830B8061-D82D-463A-A070-7628D9A46A7E.tmp: Error opening file for read: 0x00000020
C:\Program Files\Webroot\Spy Sweeper\wrstemp\SSMS83AD76C1-6396-4179-8735-E9BECAAE858D.tmp: Error opening file for read: 0x00000020
C:\Program Files\Webroot\Spy Sweeper\wrstemp\SSMS8443E133-68D0-49C5-849D-8C1288C6D10C.tmp: Error opening file for read: 0x00000020
C:\Program Files\Webroot\Spy Sweeper\wrstemp\SSMS857CF8D9-B5D8-40D6-AD0A-377A9CAA9061.tmp: Error opening file for read: 0x00000020
C:\Program Files\Webroot\Spy Sweeper\wrstemp\SSMS875CEEDC-6B2D-4094-BE08-5A2DF0AB9534.tmp: Error opening file for read: 0x00000020
C:\Program Files\Webroot\Spy Sweeper\wrstemp\SSMS896C68D2-2880-498B-AC0F-99C1AABBCE16.tmp: Error opening file for read: 0x00000020
C:\Program Files\Webroot\Spy Sweeper\wrstemp\SSMS8A123A67-3E9E-4E71-9EA7-0C7D86665646.tmp: Error opening file for read: 0x00000020
C:\Program Files\Webroot\Spy Sweeper\wrstemp\SSMS8A7DF270-F714-48B1-8C29-46EC47E51E96.tmp: Error opening file for read: 0x00000020
C:\Program Files\Webroot\Spy Sweeper\wrstemp\SSMS8AC4C5D0-345E-46EF-93A6-0B1A654EE4B2.tmp: Error opening file for read: 0x00000020
C:\Program Files\Webroot\Spy Sweeper\wrstemp\SSMS8B911E87-472F-4B0B-9CE0-4628A128486A.tmp: Error opening file for read: 0x00000020
C:\Program Files\Webroot\Spy Sweeper\wrstemp\SSMS8B9A8BC3-9818-42FF-B467-71BDD5142935.tmp: Error opening file for read: 0x00000020
C:\Program Files\Webroot\Spy Sweeper\wrstemp\SSMS8C3EB55A-5D2C-440B-9D7F-10D095C6EF68.tmp: Error opening file for read: 0x00000020
C:\Program Files\Webroot\Spy Sweeper\wrstemp\SSMS8CA7890C-F8B7-41CB-8570-931B36B89A68.tmp: Error opening file for read: 0x00000020
C:\Program Files\Webroot\Spy Sweeper\wrstemp\SSMS8CAC3E17-9565-4EA8-BACE-C0E00F647510.tmp: Error opening file for read: 0x00000020
C:\Program Files\Webroot\Spy Sweeper\wrstemp\SSMS8E1FC201-83AD-4546-8EF1-4D80DA6EF475.tmp: Error opening file for read: 0x00000020
C:\Program Files\Webroot\Spy Sweeper\wrstemp\SSMS8FA7A9D9-D353-46BF-9619-6560280033F6.tmp: Error opening file for read: 0x00000020
C:\Program Files\Webroot\Spy Sweeper\wrstemp\SSMS900DBEF3-CF3E-4B41-B2F1-37192072D7F4.tmp: Error opening file for read: 0x00000020
C:\Program Files\Webroot\Spy Sweeper\wrstemp\SSMS907FC86F-5E57-4BAF-8BBC-EF1877B60598.tmp: Error opening file for read: 0x00000020
C:\Program Files\Webroot\Spy Sweeper\wrstemp\SSMS909CB816-3DA3-45CB-86BB-69C68C9635A6.tmp: Error opening file for read: 0x00000020
C:\Program Files\Webroot\Spy Sweeper\wrstemp\SSMS912EDCFD-5153-4701-A58D-EF32359DF67B.tmp: Error opening file for read: 0x00000020
C:\Program Files\Webroot\Spy Sweeper\wrstemp\SSMS91634B7E-0CAE-40CF-A35D-C0A81E2A492A.tmp: Error opening file for read: 0x00000020
C:\Program Files\Webroot\Spy Sweeper\wrstemp\SSMS91FBD7F7-DFDB-4CC0-8681-53CBF9E7001A.tmp: Error opening file for read: 0x00000020
C:\Program Files\Webroot\Spy Sweeper\wrstemp\SSMS95993AAA-D5B6-4714-B0A8-698D5EB02199.tmp: Error opening file for read: 0x00000020
C:\Program Files\Webroot\Spy Sweeper\wrstemp\SSMS96E8ECEA-4B54-4E36-A2A7-558CAFE979EA.tmp: Error opening file for read: 0x00000020
C:\Program Files\Webroot\Spy Sweeper\wrstemp\SSMS97A858B0-ABA6-4406-B5E3-A2848BA4FC50.tmp: Error opening file for read: 0x00000020
C:\Program Files\Webroot\Spy Sweeper\wrstemp\SSMS97D1FB35-9A11-4E4A-91EE-F5573A670396.tmp: Error opening file for read: 0x00000020
C:\Program Files\Webroot\Spy Sweeper\wrstemp\SSMS983BF21D-3B0E-43AE-AE7C-36896E3C618C.tmp: Error opening file for read: 0x00000020
C:\Program Files\Webroot\Spy Sweeper\wrstemp\SSMS98B57142-C277-4BB8-80D4-3CC9E61A0AF5.tmp: Error opening file for read: 0x00000020
C:\Program Files\Webroot\Spy Sweeper\wrstemp\SSMS98CE7BD4-BD70-4DBE-B4AE-5E28EC0A456F.tmp: Error opening file for read: 0x00000020
C:\Program Files\Webroot\Spy Sweeper\wrstemp\SSMS9ABCF1F8-E98B-43B9-B0C6-E8813221C138.tmp: Error opening file for read: 0x00000020
C:\Program Files\Webroot\Spy Sweeper\wrstemp\SSMS9B520EDB-D15A-4A55-B132-ED77DE8E8D5A.tmp: Error opening file for read: 0x00000020
C:\Program Files\Webroot\Spy Sweeper\wrstemp\SSMS9BAF1870-2BA6-4FFF-9ED7-7B6042EB5AE7.tmp: Error opening file for read: 0x00000020
C:\Program Files\Webroot\Spy Sweeper\wrstemp\SSMS9F0C38A1-9CCE-4385-A5A5-2768F6F2D271.tmp: Error opening file for read: 0x00000020
C:\Program Files\Webroot\Spy Sweeper\wrstemp\SSMS9F4A0D0F-77A1-412B-AC5B-54A2BE9462BA.tmp: Error opening file for read: 0x00000020
C:\Program Files\Webroot\Spy Sweeper\wrstemp\SSMS9F680EE2-1DCB-4AB4-A498-BA43F62FB127.tmp: Error opening file for read: 0x00000020
C:\Program Files\Webroot\Spy Sweeper\wrstemp\SSMS9FD36771-7E15-4103-A8FF-7888919B0351.tmp: Error opening file for read: 0x00000020
C:\Program Files\Webroot\Spy Sweeper\wrstemp\SSMSA06B5F1E-DA0D-419F-85D3-A6BAFEDD2869.tmp: Error opening file for read: 0x00000020
C:\Program Files\Webroot\Spy Sweeper\wrstemp\SSMSA159E57C-F080-4357-9DE0-7D6C45BADCA7.tmp: Error opening file for read: 0x00000020
C:\Program Files\Webroot\Spy Sweeper\wrstemp\SSMSA1BBBAA3-CEFA-491F-BED4-E27EA79BCFF5.tmp: Error opening file for read: 0x00000020
C:\Program Files\Webroot\Spy Sweeper\wrstemp\SSMSA2372049-9F47-40BD-A2A8-063ECFF9CEB8.tmp: Error opening file for read: 0x00000020
C:\Program Files\Webroot\Spy Sweeper\wrstemp\SSMSA31A9D07-C8B2-4A1D-BB3A-59825E0142FC.tmp: Error opening file for read: 0x00000020
C:\Program Files\Webroot\Spy Sweeper\wrstemp\SSMSA44770D0-7CA9-4853-B966-6CDB40F9E6E0.tmp: Error opening file for read: 0x00000020
C:\Program Files\Webroot\Spy Sweeper\wrstemp\SSMSA5730D54-92C1-4DD0-BA84-2DCD609730C0.tmp: Error opening file for read: 0x00000020
C:\Program Files\Webroot\Spy Sweeper\wrstemp\SSMSA6646D48-643F-4FF9-B9CC-AF8F47622F42.tmp: Error opening file for read: 0x00000020
C:\Program Files\Webroot\Spy Sweeper\wrstemp\SSMSA89A4198-3C0C-4D18-A68A-5112B0141322.tmp: Error opening file for read: 0x00000020
C:\Program Files\Webroot\Spy Sweeper\wrstemp\SSMSA92A2402-46C1-4571-B6E3-2F2D19762C3A.tmp: Error opening file for read: 0x00000020
C:\Program Files\Webroot\Spy Sweeper\wrstemp\SSMSAB632AFE-10B3-4FBD-9830-C0E2BCB6C49F.tmp: Error opening file for read: 0x00000020
C:\Program Files\Webroot\Spy Sweeper\wrstemp\SSMSAB736036-6947-423A-B3EA-2DB045D40D53.tmp: Error opening file for read: 0x00000020
C:\Program Files\Webroot\Spy Sweeper\wrstemp\SSMSABC980F1-BCF3-4C64-A145-CB3E1E518829.tmp: Error opening file for read: 0x00000020
C:\Program Files\Webroot\Spy Sweeper\wrstemp\SSMSAC50EF6A-4CD2-4C95-A586-BB8064510E4C.tmp: Error opening file for read: 0x00000020
C:\Program Files\Webroot\Spy Sweeper\wrstemp\SSMSAD435923-5019-4A26-AD28-6C7E011A07FA.tmp: Error opening file for read: 0x00000020
C:\Program Files\Webroot\Spy Sweeper\wrstemp\SSMSAEB68F7F-A6F9-4D4E-B32B-AF598383B8C9.tmp: Error opening file for read: 0x00000020
C:\Program Files\Webroot\Spy Sweeper\wrstemp\SSMSAEF6705E-88CD-429E-81D1-A0620823D91C.tmp: Error opening file for read: 0x00000020
C:\Program Files\Webroot\Spy Sweeper\wrstemp\SSMSAF6506C4-A8F9-48BC-814C-77000DC4DAE9.tmp: Error opening file for read: 0x00000020
C:\Program Files\Webroot\Spy Sweeper\wrstemp\SSMSAFF723ED-9682-400B-B2D6-1019A6F4A8E5.tmp: Error opening file for read: 0x00000020
C:\Program Files\Webroot\Spy Sweeper\wrstemp\SSMSB00EA5AE-5AEC-4DF8-81A5-846A35DA7837.tmp: Error opening file for read: 0x00000020
C:\Program Files\Webroot\Spy Sweeper\wrstemp\SSMSB048ED5F-6948-47A6-9A81-AD93C79991CC.tmp: Error opening file for read: 0x00000020
C:\Program Files\Webroot\Spy Sweeper\wrstemp\SSMSB0C483E5-4A96-4164-BBA6-751E5B1CE487.tmp: Error opening file for read: 0x00000020
C:\Program Files\Webroot\Spy Sweeper\wrstemp\SSMSB0F972D0-2F35-47A3-A24F-FB8A54A6B281.tmp: Error opening file for read: 0x00000020
C:\Program Files\Webroot\Spy Sweeper\wrstemp\SSMSB1457200-6C58-4B57-9271-E5B7A880E36C.tmp: Error opening file for read: 0x00000020
C:\Program Files\Webroot\Spy Sweeper\wrstemp\SSMSB1E92B7D-0292-4A31-8739-1D58149FB115.tmp: Error opening file for read: 0x00000020
C:\Program Files\Webroot\Spy Sweeper\wrstemp\SSMSB2D976C0-0DF8-416E-B5B7-A683BCC18DE3.tmp: Error opening file for read: 0x00000020
C:\Program Files\Webroot\Spy Sweeper\wrstemp\SSMSB3D282F5-17A7-483F-BF2B-1307820BBAD9.tmp: Error opening file for read: 0x00000020
C:\Program Files\Webroot\Spy Sweeper\wrstemp\SSMSB477291D-0AB4-4675-A2EF-7BB61D2613A8.tmp: Error opening file for read: 0x00000020
C:\Program Files\Webroot\Spy Sweeper\wrstemp\SSMSB47994C5-DA38-48AC-B21A-54FA960ED350.tmp: Error opening file for read: 0x00000020
C:\Program Files\Webroot\Spy Sweeper\wrstemp\SSMSB5DA9F66-0F31-4FF3-BF67-0A7A3A78D7C1.tmp: Error opening file for read: 0x00000020
C:\Program Files\Webroot\Spy Sweeper\wrstemp\SSMSB5DB42B4-A200-41F1-9777-1E69B511CE78.tmp: Error opening file for read: 0x00000020
C:\Program Files\Webroot\Spy Sweeper\wrstemp\SSMSB76045AB-1ACC-4241-9207-196A09624A91.tmp: Error opening file for read: 0x00000020
C:\Program Files\Webroot\Spy Sweeper\wrstemp\SSMSB7630BA4-436F-4CE4-96DE-D6D5DF708B48.tmp: Error opening file for read: 0x00000020
C:\Program Files\Webroot\Spy Sweeper\wrstemp\SSMSB76E6AA5-B9F6-421F-9A4F-A1234810C454.tmp: Error opening file for read: 0x00000020
C:\Program Files\Webroot\Spy Sweeper\wrstemp\SSMSBAE13FCE-80ED-457F-BBCB-C24EA7F0A65E.tmp: Error opening file for read: 0x00000020
C:\Program Files\Webroot\Spy Sweeper\wrstemp\SSMSBBA6691B-F6BF-4EE4-8EB6-015F87AC4A79.tmp: Error opening file for read: 0x00000020
C:\Program Files\Webroot\Spy Sweeper\wrstemp\SSMSBBBF33BE-2B8D-441E-979F-56D786949D98.tmp: Error opening file for read: 0x00000020
C:\Program Files\Webroot\Spy Sweeper\wrstemp\SSMSBC669163-5673-4206-BCF4-CCA624A81ECD.tmp: Error opening file for read: 0x00000020
C:\Program Files\Webroot\Spy Sweeper\wrstemp\SSMSBD06A16D-F103-45AB-A278-59BB594D046D.tmp: Error opening file for read: 0x00000020
C:\Program Files\Webroot\Spy Sweeper\wrstemp\SSMSBEDB859C-C45A-4486-8A30-401FD6BE3618.tmp: Error opening file for read: 0x00000020
C:\Program Files\Webroot\Spy Sweeper\wrstemp\SSMSC10ECD38-DF91-4CF4-8CD3-BB6F7D9BB569.tmp: Error opening file for read: 0x00000020
C:\Program Files\Webroot\Spy Sweeper\wrstemp\SSMSC1122670-587C-4E7A-ACC1-935F0DB0B792.tmp: Error opening file for read: 0x00000020
C:\Program Files\Webroot\Spy Sweeper\wrstemp\SSMSC1268A23-5A83-4A2F-8D16-2948D8A739BB.tmp: Error opening file for read: 0x00000020
C:\Program Files\Webroot\Spy Sweeper\wrstemp\SSMSC240232E-24DA-4EE5-8165-F762BEBD61BF.tmp: Error opening file for read: 0x00000020
C:\Program Files\Webroot\Spy Sweeper\wrstemp\SSMSC335A3B2-883C-455D-846C-09F25C53A5F2.tmp: Error opening file for read: 0x00000020
C:\Program Files\Webroot\Spy Sweeper\wrstemp\SSMSC353D1E9-2A3D-4F17-B51A-4E8337A8F072.tmp: Error opening file for read: 0x00000020
C:\Program Files\Webroot\Spy Sweeper\wrstemp\SSMSC44FC639-E208-4970-B495-2EBCDF522342.tmp: Error opening file for read: 0x00000020
C:\Program Files\Webroot\Spy Sweeper\wrstemp\SSMSC5C731A4-EC14-4DEA-B4CA-374F2B762EAF.tmp: Error opening file for read: 0x00000020
C:\Program Files\Webroot\Spy Sweeper\wrstemp\SSMSC6C63341-BF90-4E7C-80CA-24732F5D16A5.tmp: Error opening file for read: 0x00000020
C:\Program Files\Webroot\Spy Sweeper\wrstemp\SSMSC714E268-C57A-48D7-9A9E-8B7711F6818E.tmp: Error opening file for read: 0x00000020
C:\Program Files\Webroot\Spy Sweeper\wrstemp\SSMSC8151CF6-E9B6-4848-B453-862382775FE0.tmp: Error opening file for read: 0x00000020
C:\Program Files\Webroot\Spy Sweeper\wrstemp\SSMSC8522CB2-CD5F-4770-A60B-6F8689CDE160.tmp: Error opening file for read: 0x00000020
C:\Program Files\Webroot\Spy Sweeper\wrstemp\SSMSC98EE232-2F75-4FC7-A807-693DD006ADE2.tmp: Error opening file for read: 0x00000020
C:\Program Files\Webroot\Spy Sweeper\wrstemp\SSMSCA6E174A-FA01-42EA-AB13-41DB5D0F71C3.tmp: Error opening file for read: 0x00000020
C:\Program Files\Webroot\Spy Sweeper\wrstemp\SSMSCB6B249E-68EF-478A-B104-310F76A9BB8F.tmp: Error opening file for read: 0x00000020
C:\Program Files\Webroot\Spy Sweeper\wrstemp\SSMSCCA450CE-438C-4BC0-93B3-976E694F72FD.tmp: Error opening file for read: 0x00000020
C:\Program Files\Webroot\Spy Sweeper\wrstemp\SSMSCED4064D-1CA8-49F2-BF1B-5F847B4222CD.tmp: Error opening file for read: 0x00000020
C:\Program Files\Webroot\Spy Sweeper\wrstemp\SSMSD064DDEA-9029-431A-B684-EC2A7BC53D14.tmp: Error opening file for read: 0x00000020
C:\Program Files\Webroot\Spy Sweeper\wrstemp\SSMSD1DC06C4-368A-42C8-93A2-F53A2C7535D7.tmp: Error opening file for read: 0x00000020
C:\Program Files\Webroot\Spy Sweeper\wrstemp\SSMSD2FF0364-3DCA-4766-8047-E93DD54053D0.tmp: Error opening file for read: 0x00000020
C:\Program Files\Webroot\Spy Sweeper\wrstemp\SSMSD510624C-B952-4B6C-BFEA-66EB80E98F8B.tmp: Error opening file for read: 0x00000020
C:\Program Files\Webroot\Spy Sweeper\wrstemp\SSMSD5116A6F-0BB6-477B-8E25-4825B188EA89.tmp: Error opening file for read: 0x00000020
C:\Program Files\Webroot\Spy Sweeper\wrstemp\SSMSD5462B12-0AA7-47A6-88C8-6A5A2345952E.tmp: Error opening file for read: 0x00000020
C:\Program Files\Webroot\Spy Sweeper\wrstemp\SSMSD5E75B74-196F-4A1C-B6B7-A09B3919F65C.tmp: Error opening file for read: 0x00000020
C:\Program Files\Webroot\Spy Sweeper\wrstemp\SSMSD807619C-D720-4D70-80BB-95CBCCB71183.tmp: Error opening file for read: 0x00000020
C:\Program Files\Webroot\Spy Sweeper\wrstemp\SSMSD833DB95-736D-4B06-BA80-68F2BE7720C0.tmp: Error opening file for read: 0x00000020
C:\Program Files\Webroot\Spy Sweeper\wrstemp\SSMSD88D7A31-2614-4CC8-841F-713A71C1A849.tmp: Error opening file for read: 0x00000020
C:\Program Files\Webroot\Spy Sweeper\wrstemp\SSMSDB3A3ECB-2C24-4D72-B3CE-1725EE920B05.tmp: Error opening file for read: 0x00000020
C:\Program Files\Webroot\Spy Sweeper\wrstemp\SSMSDBD3A3AB-5DDD-4DD1-8C8A-EE742CB8DD8B.tmp: Error opening file for read: 0x00000020
C:\Program Files\Webroot\Spy Sweeper\wrstemp\SSMSDD0B8C17-E19A-4EE4-AD33-93CAD7B8289F.tmp: Error opening file for read: 0x00000020
C:\Program Files\Webroot\Spy Sweeper\wrstemp\SSMSDD8CA3FE-EE34-472C-8C82-DFED5D2617FB.tmp: Error opening file for read: 0x00000020
C:\Program Files\Webroot\Spy Sweeper\wrstemp\SSMSDE74600A-169E-472B-8212-AAC6DE6B9588.tmp: Error opening file for read: 0x00000020
C:\Program Files\Webroot\Spy Sweeper\wrstemp\SSMSE042AC97-451E-4872-A849-5F68D60F8274.tmp: Error opening file for read: 0x00000020
C:\Program Files\Webroot\Spy Sweeper\wrstemp\SSMSE04EC081-A68A-4F60-8008-A0639E8A3F09.tmp: Error opening file for read: 0x00000020
C:\Program Files\Webroot\Spy Sweeper\wrstemp\SSMSE1B87CA3-90ED-4D61-8B4C-C25CD9AF1792.tmp: Error opening file for read: 0x00000020
C:\Program Files\Webroot\Spy Sweeper\wrstemp\SSMSE30FD3A9-FB4D-4713-8FEA-4013E3812587.tmp: Error opening file for read: 0x00000020
C:\Program Files\Webroot\Spy Sweeper\wrstemp\SSMSE31A3EF4-2B1C-4A78-84DC-32787F14FCB6.tmp: Error opening file for read: 0x00000020
C:\Program Files\Webroot\Spy Sweeper\wrstemp\SSMSE3EECC55-BC95-410D-9C9C-9C9D09F16136.tmp: Error opening file for read: 0x00000020
C:\Program Files\Webroot\Spy Sweeper\wrstemp\SSMSE48FDA58-E726-4372-A6BF-7D95AE8F80F0.tmp: Error opening file for read: 0x00000020
C:\Program Files\Webroot\Spy Sweeper\wrstemp\SSMSE536ED53-59BF-4EE6-A8B3-10C677182BA9.tmp: Error opening file for read: 0x00000020
C:\Program Files\Webroot\Spy Sweeper\wrstemp\SSMSE8D1D494-F119-4C4A-AF2C-FE15A121D1D7.tmp: Error opening file for read: 0x00000020
C:\Program Files\Webroot\Spy Sweeper\wrstemp\SSMSEB5B4970-BE72-4DA9-A032-70B85CA081DC.tmp: Error opening file for read: 0x00000020
C:\Program Files\Webroot\Spy Sweeper\wrstemp\SSMSEC5B7DF6-4BBD-44E1-8E6E-2F58B5C871F4.tmp: Error opening file for read: 0x00000020
C:\Program Files\Webroot\Spy Sweeper\wrstemp\SSMSED66E080-8816-41F7-AC4D-3DF8844A90F2.tmp: Error opening file for read: 0x00000020
C:\Program Files\Webroot\Spy Sweeper\wrstemp\SSMSEF3685E3-04D4-4A75-94B2-C8B853510496.tmp: Error opening file for read: 0x00000020
C:\Program Files\Webroot\Spy Sweeper\wrstemp\SSMSEFA94EFD-551C-4631-884F-FB458A824305.tmp: Error opening file for read: 0x00000020
C:\Program Files\Webroot\Spy Sweeper\wrstemp\SSMSF08309A9-98EF-49A6-AF60-396D70BB409D.tmp: Error opening file for read: 0x00000020
C:\Program Files\Webroot\Spy Sweeper\wrstemp\SSMSF15589D0-03BE-400A-8105-FF681A12AF00.tmp: Error opening file for read: 0x00000020
C:\Program Files\Webroot\Spy Sweeper\wrstemp\SSMSF1DDDD38-84A9-4188-AD26-FAFCBA57D31F.tmp: Error opening file for read: 0x00000020
C:\Program Files\Webroot\Spy Sweeper\wrstemp\SSMSF22D2132-3454-402C-A321-34E7E574F775.tmp: Error opening file for read: 0x00000020
C:\Program Files\Webroot\Spy Sweeper\wrstemp\SSMSF25183A8-3A85-4E93-B7CB-EC65F972C097.tmp: Error opening file for read: 0x00000020
C:\Program Files\Webroot\Spy Sweeper\wrstemp\SSMSF35986C3-248E-4291-9818-6662E7121A5D.tmp: Error opening file for read: 0x00000020
C:\Program Files\Webroot\Spy Sweeper\wrstemp\SSMSF4662ADA-7FB9-4517-9E5C-E26CAE8D3CB7.tmp: Error opening file for read: 0x00000020
C:\Program Files\Webroot\Spy Sweeper\wrstemp\SSMSF555912E-70AF-4738-91E5-CC954D2AB469.tmp: Error opening file for read: 0x00000020
C:\Program Files\Webroot\Spy Sweeper\wrstemp\SSMSF58D4FB5-77C9-46CE-9B8C-0CE3A261C9B2.tmp: Error opening file for read: 0x00000020
C:\Program Files\Webroot\Spy Sweeper\wrstemp\SSMSF5C21659-CB71-4E58-BCEB-27839742A71F.tmp: Error opening file for read: 0x00000020
C:\Program Files\Webroot\Spy Sweeper\wrstemp\SSMSF5F1F22B-7D07-44A9-BD69-C308DB514AF2.tmp: Error opening file for read: 0x00000020
C:\Program Files\Webroot\Spy Sweeper\wrstemp\SSMSF64F9FA2-533E-4F10-841E-3AA6AEB54717.tmp: Error opening file for read: 0x00000020
C:\Program Files\Webroot\Spy Sweeper\wrstemp\SSMSF88287B3-D6CE-4720-85B5-81EF7A312843.tmp: Error opening file for read: 0x00000020
C:\Program Files\Webroot\Spy Sweeper\wrstemp\SSMSF90BBFAD-8351-4311-A848-2F85ECEE8915.tmp: Error opening file for read: 0x00000020
C:\Program Files\Webroot\Spy Sweeper\wrstemp\SSMSF92EF2CE-77A6-405B-B8A6-105C4F3501F5.tmp: Error opening file for read: 0x00000020
C:\Program Files\Webroot\Spy Sweeper\wrstemp\SSMSF946A611-1EC2-48BA-8886-F175A098A416.tmp: Error opening file for read: 0x00000020
C:\Program Files\Webroot\Spy Sweeper\wrstemp\SSMSFA3C2D4F-694F-4678-A5F2-14E71142B3D5.tmp: Error opening file for read: 0x00000020
C:\Program Files\Webroot\Spy Sweeper\wrstemp\SSMSFB193014-7573-4C6E-B307-B971C0D3C122.tmp: Error opening file for read: 0x00000020
C:\Program Files\Webroot\Spy Sweeper\wrstemp\SSMSFBC3D072-DB55-42E3-903C-52559EBE3233.tmp: Error opening file for read: 0x00000020
C:\Program Files\Webroot\Spy Sweeper\wrstemp\SSMSFC5DE8D8-4ECE-4BCE-BE25-F59C76B83477.tmp: Error opening file for read: 0x00000020
C:\Program Files\Webroot\Spy Sweeper\wrstemp\SSMSFF3D7484-EA9D-4F93-88F2-259E1A0DC52D.tmp: Error opening file for read: 0x00000020
C:\Program Files\Webroot\Spy Sweeper\wrstemp\SSMSFF716989-ABCC-4AB8-86EE-16FC9AC6442B.tmp: Error opening file for read: 0x00000020
C:\Program Files\Webroot\Spy Sweeper\wrstemp\SSMSFF71A589-5004-4018-B1DC-0DBC98985C5B.tmp: Error opening file for read: 0x00000020
C:\Program Files\Webroot\Spy Sweeper\wrstemp\SSMSFF9D2284-0A21-46EA-A9C6-7569CF9F51C3.tmp: Error opening file for read: 0x00000020
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP2497\A0319922.exe: File infected with W32/Obfuscated.EI!genr
Deleted file: C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP2497\A0319922.exe
C:\WINDOWS\SYSTEM32\CatRoot2\edb.log: Error opening file for read: 0x00000020
C:\WINDOWS\SYSTEM32\CatRoot2\tmp.edb: Error opening file for read: 0x00000020
C:\WINDOWS\SYSTEM32\CONFIG\DEFAULT: Error opening file for read: 0x00000020
C:\WINDOWS\SYSTEM32\CONFIG\DEFAULT.LOG: Error opening file for read: 0x00000020
C:\WINDOWS\SYSTEM32\CONFIG\SAM: Error opening file for read: 0x00000020
C:\WINDOWS\SYSTEM32\CONFIG\SAM.LOG: Error opening file for read: 0x00000020
C:\WINDOWS\SYSTEM32\CONFIG\SECURITY: Error opening file for read: 0x00000020
C:\WINDOWS\SYSTEM32\CONFIG\SECURITY.LOG: Error opening file for read: 0x00000020
C:\WINDOWS\SYSTEM32\CONFIG\SOFTWARE: Error opening file for read: 0x00000020
C:\WINDOWS\SYSTEM32\CONFIG\SOFTWARE.LOG: Error opening file for read: 0x00000020
C:\WINDOWS\SYSTEM32\CONFIG\SYSTEM: Error opening file for read: 0x00000020
C:\WINDOWS\SYSTEM32\CONFIG\SYSTEM.LOG: Error opening file for read: 0x00000020
C:\WINDOWS\SYSTEM32\SsiEfr.exe: Error opening file for read: 0x00000005
C:\WINDOWS\SYSTEM32\wrLZMA.dll: Error opening file for read: 0x00000005
C:\WINDOWS\Temp\mcafee_BPlOFSOFTHQTKk5: Error opening file for read: 0x00000020
C:\WINDOWS\Temp\Perflib_Perfdata_618.dat: Error opening file for read: 0x00000020
C:\WINDOWS\Temp\Perflib_Perfdata_824.dat: Error opening file for read: 0x00000020

Number of files found: 108288
Number of archives unpacked: 0
Number of objects found: 108288
Number of objects scanned: 107979
Number of objects not scanned: 369
Number of malicious objects found: 1
Number of malicious objects cleaned: 1
Number of malicious files found: 1
Number of malicious files cleaned: 1
Scanning time: 2h 27m 22s
Running post-scan cleanup routine...

Scanning time: 38s

Results:
Total number of files found: 108288
Total number of archives unpacked: 0
Total number of objects found: 110390
Total number of objects scanned: 110081
Total number of objects not scanned: 369
Total number of malicious objects found: 1
Total number of malicious objects cleaned: 1
Total number of malicious files found: 1
Total number of malicious files cleaned: 1
Total scanning time: 2h 29m 53s

***************

Now it gets weirder:
GRPCONV and RKILL: I came across your website and also tried running Rkill before running some of the scans, usually it found no malicious processes but twice it killed
C\WINDOWS/SYSTEM32\verclsid.exe and once killed C:\WINDOWS\SYSTEM32\wuauclt.exe. Both of these processes appear to be normal MS processes HOWEVER upon searching the C drive for instances of files with this name both appear as .pf files in the Prefetch folder along with IEXPLORE.EXE and all 3 were created at the same date/time last August, is this a concern at all?

Also when running Rkill GRPCONV tries to add itself to startup (I am notified of additions to startup by Spysweeper), I denied it. Again this appears to be a harmless MS process but when doing a web search to see what it was I came across a GRPCONV Removal Tool from Security Stronghold (http://www.securitystronghold.com/home-office/) and for kicks I ran a free scan and it found 16 supposedly malicious files that seem to relate to the 16 trojans removed by SAS AND some of the file path names match malware listed on logs posted by users on your website (this is how I found you!). EXAMPLE:
C:\Documents and Settings\Administrator.DELL\LocalSettings\Temp\RarSFX6\procs\iexplore.exe
-OR- \h\iexplore.exe
There are a total of 32 of these folders (plus a few more empty ones) each with a different number (0-8) which contain among other items iexplore.exe and explorer.exe files and an rkill batch file. These folders and their contents were all created on May 16th. Are these a concern, can they be deleted? I am concerned about malicious or fake iexplore or explorer processes. The website with the GRPCONV removal tool wanted to charge me about a $1.25 per item to remove, I passed as I don’t know who they are and they’re in Russia. I sent them one of these folders in a zip file and they said the folder contained a threat and to try downloading and running Combofix from your website! I have not done this as you say not to unless requested.


I am concerned that malware remains on my PC and/or it has registry or other errors that need to be fixed, any suggestions on how to proceed would be appreciated. I have never encountered such a mess before. Should I run scans with the system restore off to finalize the cleanup? Do you recommend any tools to analyze running processes/services for malware?


Sincere Thanks

.
DDS (Ver_11-05-19.01) - NTFSx86
Internet Explorer: 8.0.6001.18702 BrowserJavaVersion: 1.6.0_25
Run by Amy Meechan at 23:10:37 on 2011-05-30
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.1534.472 [GMT -7:00]
.
AV: Microsoft Security Essentials *Disabled/Updated* {EDB4FA23-53B8-4AFA-8C5D-99752CCA7095}
AV: avast! Antivirus *Disabled/Updated* {7591DB91-41F0-48A3-B128-1A293FD8233D}
AV: McAfee Anti-Virus and Anti-Spyware *Enabled/Updated* {84B5EE75-6421-4CDE-A33A-DD43BA9FAD83}
FW: McAfee Firewall *Enabled*
.
============== Running Processes ===============
.
C:\Program Files\Webroot\Spy Sweeper\WRConsumerService.exe
C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
c:\Program Files\Microsoft Security Client\Antimalware\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
svchost.exe
svchost.exe
C:\Program Files\AVAST Software\Avast\AvastSvc.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Webroot\Spy Sweeper\SpySweeperUI.exe
C:\Program Files\MozyHome\mozystat.exe
C:\WINDOWS\system32\spoolsv.exe
svchost.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Common Files\Motive\McciCMService.exe
C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe
C:\WINDOWS\system32\mfevtps.exe
C:\Program Files\MozyHome\mozybackup.exe
C:\WINDOWS\system32\HPZipm12.exe
C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
C:\WINDOWS\System32\svchost.exe -k imgsvc
C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
C:\Program Files\Common Files\McAfee\SystemCore\mcshield.exe
C:\Program Files\Common Files\McAfee\SystemCore\mfefire.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\PROGRA~1\McAfee\MSM\McSmtFwk.exe
C:\PROGRA~1\COMMON~1\McAfee\MSC\McUICnt.exe
C:\Program Files\MSN\MSNCoreFiles\msn.exe
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
C:\Program Files\Windows Live\Contacts\wlcomm.exe
c:\PROGRA~1\mcafee.com\agent\mcagent.exe
C:\Program Files\iTunes\iTunes.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceHelper.exe
C:\Program Files\Common Files\Apple\Apple Application Support\distnoted.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Documents and Settings\Amy Meechan\Desktop\dds.scr
C:\WINDOWS\system32\WSCRIPT.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://login.live.com/login.srf?wa=wsignin1.0&rpsnv=11&ct=1278433960&rver=6.0.5285.0&wp=MBI&wreply=http:%2F%2Fmail.live.com%2Fdefault.aspx&lc=1033&id=64855&mkt=en-us
uSearchMigratedDefaultURL = hxxp://search.live.com/results.aspx?q={searchTerms}&src={referrer:source?}
uInternet Settings,ProxyServer = http=127.0.0.1:9022
uInternet Settings,ProxyOverride = 127.0.0.1;127.0.0.1 citrix.protectionone.com;<local>;localhost;*.local
BHO: {02478D38-C3F9-4efb-9B51-7695ECA05670} - No File
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: {5C255C8A-E604-49b4-9D64-90988571CECB} - No File
BHO: Search Helper: {6ebf7485-159f-4bff-a14f-b9e3aac4465b} - c:\program files\microsoft\search enhancement pack\search helper\SEPsearchhelperie.dll
BHO: scriptproxy: {7db2d5a0-7241-4e79-b68d-6309f01c5231} - c:\program files\common files\mcafee\systemcore\ScriptSn.20110522012022.dll
BHO: avast! WebRep: {8e5e2654-ad2d-48bf-ac2d-d17f00898d06} - c:\program files\avast software\avast\aswWebRepIE.dll
BHO: Windows Live ID Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll
BHO: MSN Search Toolbar Helper: {bdbd1dad-c946-4a17-adc1-64b5b4ff55d0} - c:\program files\msn toolbar suite\tb\02.05.0001.1119\en-us\msntb.dll
BHO: Bing Bar BHO: {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - c:\program files\msn toolbar\platform\5.0.1423.0\npwinext.dll
BHO: Java™ Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
BHO: Windows Live Toolbar Helper: {e15a8dc0-8516-42a1-81ea-dc94ec1acf10} - c:\program files\windows live\toolbar\wltcore.dll
BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
BHO: {FDD3B846-8D59-4ffb-8758-209B6AD74ACC} - No File
TB: Easy-WebPrint: {327c2873-e90d-4c37-aa9d-10ac9baba46c} - c:\program files\canon\easy-webprint\Toolband.dll
TB: MSN Search Toolbar: {bdad1dad-c946-4a17-adc1-64b5b4ff55d0} - c:\program files\msn toolbar suite\tb\02.05.0001.1119\en-us\msntb.dll
TB: @c:\program files\msn toolbar\platform\5.0.1423.0\npwinext.dll,-100: {8dcb7100-df86-4384-8842-8fa844297b3f} - c:\program files\msn toolbar\platform\5.0.1423.0\npwinext.dll
TB: &Windows Live Toolbar: {21fa44ef-376d-4d53-9b0f-8a89d3229068} - c:\program files\windows live\toolbar\wltcore.dll
TB: avast! WebRep: {8e5e2654-ad2d-48bf-ac2d-d17f00898d06} - c:\program files\avast software\avast\aswWebRepIE.dll
EB: {32683183-48a0-441b-a342-7c2a440a9478} - No File
mRun: [SpySweeper] "c:\program files\webroot\spy sweeper\SpySweeperUI.exe" /startintray
dRun: [DWQueuedReporting] "c:\progra~1\common~1\micros~1\dw\dwtrig20.exe" -t
dRunOnce: [RunNarrator] Narrator.exe
StartupFolder: c:\docume~1\amymee~1\startm~1\programs\startup\bjstat~1.lnk - c:\documents and settings\amy meechan\cnmss Canon MP780 Series Printer (Local).exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\mozyho~1.lnk - c:\program files\mozyhome\mozystat.exe
IE: {CD67F990-D8E9-11d2-98FE-00C0F0318AFE}
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
Trusted Zone: internet
Trusted Zone: mcafee.com
Trusted Zone: specoddns.net\demo4th.ddns
Trusted Zone: websamsung.net\m484e28
DPF: Microsoft XML Parser for Java - file://c:\windows\java\classes\xmldso.cab
DPF: {05CA9FB0-3E3E-4B36-BF41-0E3A5CAA8CD8} - hxxp://download.microsoft.com/download/e/7/3/e7345c16-80aa-4488-ae10-9ac6be844f99/OGAControl.cab
DPF: {166B1BCA-3F9C-11CF-8075-444553540000} - hxxp://fpdownload.macromedia.com/pub/shockwave/cabs/director/sw.cab
DPF: {16F67783-7E72-4C39-99C4-4780A8335484} - hxxp://www.syncmyride.com/Own/Modules/UploadDownload/applets/sync.cab
DPF: {17492023-C23A-453E-A040-C7C580BBF700} - hxxp://download.microsoft.com/download/5/b/0/5b0d4654-aa20-495c-b89f-c1c34c691085/LegitCheckControl.cab
DPF: {233C1507-6A77-46A4-9443-F871F945D258} - hxxp://fpdownload.macromedia.com/get/shockwave/cabs/director/sw.cab
DPF: {46D8BEE7-0B27-4466-ABA2-A5F1E157971C} - hxxp://65.254.18.46:100/RemoteWeb.cab
DPF: {4871A87A-BFDD-4106-8153-FFDE2BAC2967} - hxxp://dlm.tools.akamai.com/dlmanager/versions/activex/dlm-activex-2.2.5.0.cab
DPF: {49232000-16E4-426C-A231-62846947304B} - hxxp://ipgweb.cce.hp.com/rdqna/downloads/sysinfo.cab
DPF: {596AF4AC-40A0-474A-9F86-33F0A90F0FD6} - hxxp://photos.msn.com/resources/neutral/controls/DigWebX2.cab
DPF: {5C519EC4-2BAE-44CE-B7F5-AD0CCD4BEFBD} - hxxp://www.starvedia.com/ActiveX/axmpeg4.cab
DPF: {5FFDFC21-AE40-4C7C-955C-415A1ACE01C8} - hxxp://65.254.18.46:100/VideoViewer.cab
DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} - hxxp://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1120157897796
DPF: {66935983-2FD2-11D8-BE9F-0008C7DB2119} - hxxp://services.alarmnet.com/P1Connect/aojv.dll
DPF: {77E32299-629F-43C6-AB77-6A1E6D7663F6} - hxxp://atv.disney.go.com/global/download/otoy/OTOYAX29b.cab
DPF: {801A846F-2310-11D8-BE9F-0008C7DB2119} - hxxp://services.alarmnet.com/P1Connect/aojv.dll
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_25-windows-i586.cab
DPF: {924B4927-D3BA-41EA-9F7E-8A89194AB3AC} - hxxp://panda-plugin.disney.go.com/plugin/win32/p3dactivex.cab
DPF: {BF776FD3-69B4-4151-AC97-3A2A64753E18} - hxxp://63.169.172.196:2080/GVersionMan.cab
DPF: {C02226EB-A5D7-4B1F-BD7E-635E46C2288D} - hxxp://a.download.toontown.com/sv1.0.32.21/ttinst.cab
DPF: {C7DB51B4-BCF7-4923-8874-7F1A0DC92277} - hxxp://office.microsoft.com/officeupdate/content/opuc4.cab
DPF: {CAFEEFAC-0016-0000-0025-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_25-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_25-windows-i586.cab
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab
DPF: {DA5CE92B-A2DF-4400-A7F4-481A127FA434} - hxxp://204.246.206.100:4080/webviewer.cab
DPF: {DB31DA00-4F6F-4CC7-8627-C5A142E1FC7C} - hxxp://www.syncmyride.com/Own/Modules/UploadDownload/applets/sync.cab
DPF: {E06E2E99-0AA1-11D4-ABA6-0060082AA75C} - hxxps://attwm.webex.com/client/T25L10NSP41EP15-attwm/webex/ieatgpc.cab
DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
DPF: {FFB3A759-98B1-446F-BDA9-909C6EB18CC7} - hxxp://utilities.pcpitstop.com/optimize2/pcpitstop2.dll
Handler: x-owacid - {0215258f-f0a8-49de-bf1b-0ff02eda8807} - c:\program files\microsoft\outlook web access smime client\mimectl.dll
Notify: !SASWinLogon - c:\program files\superantispyware\SASWINLO.DLL
Notify: igfxcui - igfxsrvc.dll
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll
SEH: SABShellExecuteHook Class: {5ae067d3-9afb-48e0-853a-ebb7f4a000da} - c:\program files\superantispyware\SASSEH.DLL
.
================= FIREFOX ===================
.
FF - ProfilePath - c:\documents and settings\amy meechan\application data\mozilla\firefox\profiles\rzv73fdh.default\
FF - plugin: c:\documents and settings\amy meechan\local settings\application data\unity\webplayer\loader\npUnity3D32.dll
FF - plugin: c:\program files\google\google updater\2.4.1536.6592\npCIDetect13.dll
FF - plugin: c:\program files\google\update\1.3.21.53\npGoogleUpdate3.dll
FF - plugin: c:\program files\java\jre6\bin\new_plugin\npdeployJava1.dll
FF - plugin: c:\program files\mcafee\supportability\mvt\NPMVTPlugin.dll
FF - plugin: c:\program files\microsoft silverlight\4.0.60310.0\npctrlui.dll
FF - plugin: c:\program files\msn toolbar\platform\5.0.1423.0\npwinext.dll
FF - plugin: c:\program files\nos\bin\np_gp.dll
FF - plugin: c:\program files\quicktime\plugins\npqtplugin8.dll
.
============= SERVICES / DRIVERS ===============
.
R0 mfehidk;McAfee Inc. mfehidk;c:\windows\system32\drivers\mfehidk.sys [2007-5-16 387480]
R0 ssfs0bbc;ssfs0bbc;c:\windows\system32\drivers\ssfs0bbc.sys [2009-4-21 29832]
R1 aswSnx;aswSnx;c:\windows\system32\drivers\aswSnx.sys [2011-5-18 441176]
R1 aswSP;aswSP;c:\windows\system32\drivers\aswSP.sys [2011-5-18 307928]
R1 mfetdi2k;McAfee Inc. mfetdi2k;c:\windows\system32\drivers\mfetdi2k.sys [2011-1-13 84200]
R1 MpFilter;Microsoft Malware Protection Driver;c:\windows\system32\drivers\MpFilter.sys [2010-10-24 165264]
R1 SASDIFSV;SASDIFSV;c:\program files\superantispyware\sasdifsv.sys [2010-2-17 12872]
R1 SASKUTIL;SASKUTIL;c:\program files\superantispyware\SASKUTIL.SYS [2010-5-10 67656]
R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [2011-5-18 19544]
R2 avast! Antivirus;avast! Antivirus;c:\program files\avast software\avast\AvastSvc.exe [2011-5-18 42184]
R2 McMPFSvc;McAfee Personal Firewall Service;"c:\program files\common files\mcafee\mcsvchost\McSvHost.exe" /McCoreSvc [2011-1-13 271480]
R2 McNaiAnn;McAfee VirusScan Announcer;"c:\program files\common files\mcafee\mcsvchost\McSvHost.exe" /McCoreSvc [2011-1-13 271480]
R2 McProxy;McAfee Proxy Service;"c:\program files\common files\mcafee\mcsvchost\McSvHost.exe" /McCoreSvc [2011-1-13 271480]
R2 McShield;McShield;c:\program files\common files\mcafee\systemcore\mcshield.exe [2011-1-13 171168]
R2 mfefire;McAfee Firewall Core Service;c:\program files\common files\mcafee\systemcore\mfefire.exe [2011-1-13 188136]
R2 mfevtp;McAfee Validation Trust Protection Service;c:\windows\system32\mfevtps.exe [2011-1-13 141792]
R2 WebrootSpySweeperService;Webroot Spy Sweeper Engine;c:\program files\webroot\spy sweeper\SpySweeper.exe [2011-3-22 4048256]
R2 WRConsumerService;Webroot Client Service;c:\program files\webroot\spy sweeper\WRConsumerService.exe [2009-7-12 1201656]
R3 cfwids;McAfee Inc. cfwids;c:\windows\system32\drivers\cfwids.sys [2011-1-13 56064]
R3 mfeavfk;McAfee Inc. mfeavfk;c:\windows\system32\drivers\mfeavfk.sys [2007-5-16 153280]
R3 mfebopk;McAfee Inc. mfebopk;c:\windows\system32\drivers\mfebopk.sys [2007-5-16 52320]
R3 mfefirek;McAfee Inc. mfefirek;c:\windows\system32\drivers\mfefirek.sys [2011-1-13 314088]
R3 mfendiskmp;mfendiskmp;c:\windows\system32\drivers\mfendisk.sys [2011-1-13 88736]
S2 gupdate;Google Update Service (gupdate);c:\program files\google\update\GoogleUpdate.exe [2009-7-30 133104]
S3 gupdatem;Google Update Service (gupdatem);c:\program files\google\update\GoogleUpdate.exe [2009-7-30 133104]
S3 mfendisk;McAfee Core NDIS Intermediate Filter;c:\windows\system32\drivers\mfendisk.sys [2011-1-13 88736]
S3 mferkdet;McAfee Inc. mferkdet;c:\windows\system32\drivers\mferkdet.sys [2011-1-13 84488]
S3 mferkdk;McAfee Inc. mferkdk;c:\windows\system32\drivers\mferkdk.sys [2007-5-16 34248]
S3 mfesmfk;McAfee Inc. mfesmfk;c:\windows\system32\drivers\mfesmfk.sys [2007-5-16 40552]
S3 nosGetPlusHelper;getPlus® Helper 3004;c:\windows\system32\svchost.exe -k nosGetPlusHelper [2002-8-29 14336]
S3 wind502u;Motorola Wireless USB Adapter WU830G Windows Driver;c:\windows\system32\drivers\wind502u.sys --> c:\windows\system32\drivers\wind502u.sys [?]
.
=============== Created Last 30 ================
.
2011-05-30 23:59:38 6962000 ----a-w- c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{b5b0a7b1-8ef5-4cf7-bcfb-1660670fae5b}\mpengine.dll
2011-05-28 06:37:10 116224 ----a-w- c:\windows\system32\dllcache\xrxwiadr.dll
2011-05-28 06:37:09 23040 ----a-w- c:\windows\system32\dllcache\xrxwbtmp.dll
2011-05-28 06:37:08 18944 ----a-w- c:\windows\system32\dllcache\xrxscnui.dll
2011-05-28 06:37:07 27648 ----a-w- c:\windows\system32\dllcache\xrxftplt.exe
2011-05-28 06:37:06 4608 ----a-w- c:\windows\system32\dllcache\xrxflnch.exe
2011-05-28 06:37:02 99865 ----a-w- c:\windows\system32\dllcache\xlog.exe
2011-05-28 06:37:01 16970 ----a-w- c:\windows\system32\dllcache\xem336n5.sys
2011-05-28 06:36:52 8192 ----a-w- c:\windows\system32\dllcache\wshirda.dll
2011-05-28 06:36:22 8832 ----a-w- c:\windows\system32\dllcache\wmiacpi.sys
2011-05-28 06:36:17 154624 ----a-w- c:\windows\system32\dllcache\wlluc48.sys
2011-05-28 06:36:16 34890 ----a-w- c:\windows\system32\dllcache\wlandrv2.sys
2011-05-28 06:36:08 771581 ----a-w- c:\windows\system32\dllcache\winacisa.sys
2011-05-28 06:36:04 53760 ----a-w- c:\windows\system32\dllcache\wiamsmud.dll
2011-05-28 06:36:03 87040 ----a-w- c:\windows\system32\dllcache\wiafbdrv.dll
2011-05-28 06:36:01 41600 ----a-w- c:\windows\system32\dllcache\weitekp9.dll
2011-05-28 06:36:01 31232 ----a-w- c:\windows\system32\dllcache\weitekp9.sys
2011-05-28 06:34:56 166784 ----a-w- c:\windows\system32\dllcache\tridxpm.sys
2011-05-28 06:33:58 24660 ----a-w- c:\windows\system32\dllcache\spxupchk.dll
2011-05-28 06:32:59 252032 ----a-w- c:\windows\system32\dllcache\sis300iv.dll
2011-05-28 06:31:59 30720 ----a-w- c:\windows\system32\dllcache\rthwcls.sys
2011-05-28 06:30:59 92416 ----a-w- c:\windows\system32\dllcache\phildec.sys
2011-05-28 06:29:57 87040 ----a-w- c:\windows\system32\dllcache\nm6wdm.sys
2011-05-28 06:28:57 2944 ----a-w- c:\windows\system32\dllcache\msmpu401.sys
2011-05-28 06:27:59 797500 ----a-w- c:\windows\system32\dllcache\ltsmt.sys
2011-05-28 06:26:54 18432 ----a-w- c:\windows\system32\dllcache\jupiw.dll
2011-05-28 06:25:59 353184 ----a-w- c:\windows\system32\dllcache\i740dnt5.dll
2011-05-28 06:24:59 320384 ----a-w- c:\windows\system32\dllcache\g200m.sys
2011-05-28 06:23:58 19996 ----a-w- c:\windows\system32\dllcache\em556n4.sys
2011-05-28 06:22:59 102484 ----a-w- c:\windows\system32\dllcache\digiinf.dll
2011-05-28 06:21:59 44032 ----a-w- c:\windows\system32\dllcache\cnusd.dll
2011-05-28 06:20:37 13824 ----a-w- c:\windows\system32\dllcache\bulltlp3.sys
2011-05-28 06:19:59 37568 ----a-w- c:\windows\system32\dllcache\avmwan.sys
2011-05-28 06:18:59 10880 ----a-w- c:\windows\system32\dllcache\admjoy.sys
2011-05-27 05:47:56 -------- d-----w- c:\program files\SUPERAntiSpyware
2011-05-25 06:39:57 -------- d-----w- c:\documents and settings\amy meechan\application data\Uniblue
2011-05-25 06:39:29 -------- d-----w- c:\program files\Uniblue
2011-05-25 06:37:22 -------- d-----w- c:\documents and settings\amy meechan\local settings\application data\PackageAware
2011-05-23 08:11:53 472808 ----a-w- c:\windows\system32\deployJava1.dll
2011-05-23 07:22:40 -------- d-----w- c:\documents and settings\all users\application data\SecTaskMan
2011-05-23 07:22:24 -------- d-----w- c:\program files\Security Task Manager
2011-05-22 07:25:25 24376 ----a-w- c:\program files\mozilla firefox\components\Scriptff.dll
2011-05-21 07:17:25 -------- d-----w- c:\program files\ESET
2011-05-19 07:00:08 81920 ----a-w- c:\windows\eSellerateControl350.dll
2011-05-19 07:00:08 356352 ----a-w- c:\windows\eSellerateEngine.dll
2011-05-19 07:00:03 -------- d-----w- c:\program files\Grp Conv Removal Tool
2011-05-18 20:29:58 441176 ----a-w- c:\windows\system32\drivers\aswSnx.sys
2011-05-18 20:29:12 40112 ----a-w- c:\windows\avastSS.scr
2011-05-18 14:58:54 -------- d-----w- c:\windows\system32\wbem\repository\FS
2011-05-18 14:58:54 -------- d-----w- c:\windows\system32\wbem\Repository
2011-05-18 14:57:47 -------- d-----w- c:\program files\NewSoft
2011-05-18 14:56:39 -------- d-----w- c:\program files\Verizon
2011-05-17 16:23:31 -------- d-----w- c:\program files\AVAST Software
2011-05-17 16:23:31 -------- d-----w- c:\documents and settings\all users\application data\AVAST Software
2011-05-17 06:10:54 6962000 ----a-w- c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\backup\mpengine.dll
2011-05-16 20:28:32 -------- d-----w- c:\program files\Microsoft Security Client
2011-05-16 19:20:50 -------- d-----w- c:\documents and settings\amy meechan\local settings\application data\Mozilla
2011-05-16 16:45:30 7040 ----a-w- c:\windows\system32\sabprocenum.sys
2011-05-16 09:32:13 222080 ------w- c:\windows\system32\MpSigStub.exe
2011-05-15 23:33:06 -------- d-----w- c:\documents and settings\amy meechan\application data\SUPERAntiSpyware.com
2011-05-15 23:33:06 -------- d-----w- c:\documents and settings\all users\application data\SUPERAntiSpyware.com
2011-05-13 22:22:04 -------- d-----w- c:\documents and settings\all users\application data\Citrix
2011-05-13 22:09:44 -------- d-----w- c:\documents and settings\amy meechan\local settings\application data\Citrix
2011-05-13 22:09:29 103784 ----a-w- c:\documents and settings\amy meechan\GoToAssistDownloadHelper.exe
2011-05-13 20:31:03 -------- d-----w- c:\documents and settings\amy meechan\application data\McAfee
.
==================== Find3M ====================
.
2011-04-14 21:01:38 95824 ----a-w- c:\windows\system32\drivers\mfeapfk.sys
2011-04-14 21:01:38 9344 ----a-w- c:\windows\system32\drivers\mfeclnk.sys
2011-04-14 21:01:38 88736 ----a-w- c:\windows\system32\drivers\mfendisk.sys
2011-04-14 21:01:38 84488 ----a-w- c:\windows\system32\drivers\mferkdet.sys
2011-04-14 21:01:38 84200 ----a-w- c:\windows\system32\drivers\mfetdi2k.sys
2011-04-14 21:01:38 56064 ----a-w- c:\windows\system32\drivers\cfwids.sys
2011-04-14 21:01:38 52320 ----a-w- c:\windows\system32\drivers\mfebopk.sys
2011-04-14 21:01:38 387480 ----a-w- c:\windows\system32\drivers\mfehidk.sys
2011-04-14 21:01:38 314088 ----a-w- c:\windows\system32\drivers\mfefirek.sys
2011-04-14 21:01:38 153280 ----a-w- c:\windows\system32\drivers\mfeavfk.sys
2011-04-14 21:01:38 141792 ----a-w- c:\windows\system32\mfevtps.exe
2011-04-14 09:40:22 73728 ----a-w- c:\windows\system32\javacpl.cpl
2011-04-05 22:55:22 1563024 ----a-w- c:\windows\WRSetup.dll
2011-03-22 17:14:22 29832 ----a-w- c:\windows\system32\drivers\ssfs0bbc.sys
2011-03-22 17:14:22 23176 ----a-w- c:\windows\system32\drivers\sshrmd.sys
2011-03-22 17:14:22 176776 ----a-w- c:\windows\system32\drivers\ssidrv.sys
2011-03-07 05:33:50 692736 ----a-w- c:\windows\system32\inetcomm.dll
2011-03-04 06:37:06 420864 ----a-w- c:\windows\system32\vbscript.dll
2011-03-03 13:21:11 1857920 ----a-w- c:\windows\system32\win32k.sys
2007-10-22 10:31:06 76808 ----a-w- c:\program files\common files\DSETUP.dll
2007-10-22 10:31:06 502792 ----a-w- c:\program files\common files\DXSETUP.exe
2007-10-22 10:31:06 1673224 ----a-w- c:\program files\common files\dsetup32.dll
.
============= FINISH: 23:20:21.20 ===============

Attached Files



BC AdBot (Login to Remove)

 


#2 kmeechan

kmeechan
  • Topic Starter

  • Members
  • 54 posts
  • OFFLINE
  •  
  • Local time:06:11 AM

Posted 06 June 2011 - 11:47 AM

McAfee quarantined RKILL.COM (THREAT): Artemis! F206C61003B5 (trojan) FILE PATH: C\DOCUMENTS AND SETTINGS\ADMISTRATOR.DELL.000\DESKTOP. I have your program RKill on my desktop but under a different file path, it still there, I am wondering how this may be related to your downloaded Rkill program, whether I should be concerned and whether I can safely remove this quarantined item. This was not found during a scan but rather during real time protection.

By the way I have a post on 6-1 12:42 AM that has no replies yet that concerns Rkill among other things, I proactively tried to remove some malware as I was unable to set myself up as a user and get instructions first from your site while infected (problems with web page functionality). I am concerned that I may have delayed receiving help due to the length and number of questions in this original post, let me know if there's anything I can do to help speed up the process such as editing the post or removing the additional questions I included. This post includes all the logs you initially request.

Thanks

Edited by hamluis, 06 June 2011 - 12:21 PM.
Merged into MRL: thread.


#3 SweetTech

SweetTech

    Agent ST


  • Members
  • 13,421 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Antarctica
  • Local time:09:11 AM

Posted 06 June 2011 - 12:16 PM

Hello and welcome to the forums!

My secret agent name on the forums is SweetTech (you can call me ST for short), it's a pleasure to meet you. :)

I am very sorry for the delay in responding, but as you can see we are at the moment being flooded with logs which, when paired with the never-ending shortage of helpers, resulted in the delayed responding to your thread.

I would be glad to take a look at your log and help you with solving any malware problems.

If you have since resolved the issues you were originally experiencing, or have received help elsewhere, please inform me so that this topic can be closed.

If you have not, please adhere to the guidelines below and then follow instructions as outlined further below:

  • Logs from malware removal programs (OTL is one of them) can take some time to analyze. I need you to be patient while I analyze any logs you post. Please remember, I am a volunteer, and I do have a life outside of these forums.
  • Please make sure to carefully read any instruction that I give you. Attention to detail is important! Since I cannot see or directly interact with your computer I am dependent on you to "be my eyes" and provide as much information as you can regarding the current state of your computer.
  • If you're not sure, or if something unexpected happens, do NOT continue! Stop and ask!
  • In Windows Vista and Windows 7, all tools need to be started by right clicking and selecting Run as Administrator!
  • If I instruct you to download a specific tool in which you already have, please delete the copy that you have and re-download the tool. The reason I ask you to do this is because these tools are updated fairly regularly.
  • Do not do things I do not ask for, such as running a spyware scan on your computer. The one thing that you should always do, is to make sure sure that your anti-virus definitions are up-to-date!
  • Please do not use the Attachment feature for any log file. Do a Copy/Paste of the entire contents of the log file and submit it inside your post.
  • I am going to stick with you until ALL malware is gone from your system. I would appreciate it if you would do the same. From this point, we're in this together ;)
    Because of this, you must reply within three days
    failure to reply will result in the topic being closed!
  • Please do not PM me directly for help. If you have any questions, post them in this topic.
  • Lastly, I am no magician. I will try very hard to fix your issues, but no promises can be made. Also be aware that some infections are so severe that you might need to resort to reformatting and reinstalling your operating system.
    Don't worry, this only happens in severe cases, but it sadly does happen. Be prepared to back up your data. Have means of backing up your data available.

____________________________________________________

Rootkit UnHooker (RkU)
Please download Rootkit Unhooker from one of the following links and save it to your desktop.
Link 1 (.exe file)
Link 2 (zipped file)
Link 3 (.rar file)In order to use this tool if you downloaded from either of the second two links, you will need to extract the RKUnhookerLE.exe file using a program capable of extracing ZIP and RAR compressed files. If you don't have an extraction program, you can downlaod, install and use the free 7-zip utility.

  • Double-click on RKUnhookerLE.exe to start the program.
    Vista/Windows 7 users right-click and select Run As Administrator.
  • Click the Report tab, then click Scan.
  • Check Drivers, Stealth Code, and uncheck the rest.
  • Click OK.
  • Wait until it's finished and then go to File > Save Report.
  • Save the report to your Desktop.
  • Copy and paste the contents of the report into your next reply.
-- Note: You may get this warning...just ignore it, click OK and continue: "Rootkit Unhooker has detected a parasite inside itself! It is recommended to remove parasite, okay?".



NEXT:


Running OTL

We need to create a FULL OTL Report
  • Please download OTL from here:
  • Save it to your desktop.
  • Double click on the Posted Image icon on your desktop.
  • Click the "Scan All Users" checkbox.
  • Change the "Extra Registry" option to "SafeList"
  • Push the Posted Image button.
  • Two reports will open, copy and paste them in a reply here:
    • OTL.txt <-- Will be opened
    • Extras.txt <-- Will be minimized

NEXT:


Please provide an update on how things are running in your next reply.

Have I helped you? If you'd like to assist in the fight against malware, click here Posted Image


The instructions seen in this post have been specifically tailored to this user and the issues they are experiencing with their computer. If you think you have a similar problem, please first read this topic, and then begin your own, new thread. I do not offer private support via Private Message.


#4 kmeechan

kmeechan
  • Topic Starter

  • Members
  • 54 posts
  • OFFLINE
  •  
  • Local time:06:11 AM

Posted 06 June 2011 - 02:02 PM

ST, I tried to add a reply with the 3 logs you requested pasted in the reply and I get a mssg saying "Your post was too long. Please go back and shorten it a little." What to you suggest now?

#5 SweetTech

SweetTech

    Agent ST


  • Members
  • 13,421 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Antarctica
  • Local time:09:11 AM

Posted 06 June 2011 - 02:11 PM

Try to post each of the logs into there own post.

ie. Post the RKU log in one post and then post it, then the OTL.txt log in one post and then post, and finally the Extras.txt log in it's own post, and post it.

Have I helped you? If you'd like to assist in the fight against malware, click here Posted Image


The instructions seen in this post have been specifically tailored to this user and the issues they are experiencing with their computer. If you think you have a similar problem, please first read this topic, and then begin your own, new thread. I do not offer private support via Private Message.


#6 kmeechan

kmeechan
  • Topic Starter

  • Members
  • 54 posts
  • OFFLINE
  •  
  • Local time:06:11 AM

Posted 06 June 2011 - 02:18 PM

Here is the RkU log, the other 2 will be in separate posts. Thanks for your help and prompt reply! BTW when I opened RK Unhooker my Webroot Spysweeper program warned me that RKU was attempting to delete Black Box (?), I had 45 seconds to decide to ALLOW or BLOCK this change, with no idea what this is I allowed it to delete as it seemed related to running the program as you instructed. This also happened when I closed RKU, once I again ALLOWED Black Box to be deleted. Other than that the PC is the same, slower than it was before all this happened but useable.

RkU Version: 3.8.389.593, Type LE (SR2)
==============================================
OS Name: Windows XP
Version 5.1.2600 (Service Pack 3)
Number of processors #1
==============================================
>Drivers
==============================================
0x804D7000 C:\WINDOWS\system32\ntoskrnl.exe 2192768 bytes (Microsoft Corporation, NT Kernel & System)
0x804D7000 PnpManager 2192768 bytes
0x804D7000 RAW 2192768 bytes
0x804D7000 WMIxWDM 2192768 bytes
0xBF800000 Win32k 1859584 bytes
0xBF800000 C:\WINDOWS\System32\win32k.sys 1859584 bytes (Microsoft Corporation, Multi-User Win32 Driver)
0xB9E2A000 C:\WINDOWS\System32\DRIVERS\IntelC51.sys 1208320 bytes (Intel Corporation, Modem DSP Driver)
0xBF06B000 C:\WINDOWS\System32\ialmdd5.DLL 905216 bytes (Intel Corporation, DirectDraw® Driver for Intel® Graphics Technology)
0xB9FAC000 C:\WINDOWS\System32\DRIVERS\ialmnt5.sys 811008 bytes (Intel Corporation, Intel Graphics Miniport Driver)
0xB9D95000 C:\WINDOWS\System32\DRIVERS\IntelC52.sys 610304 bytes (Intel Corporation, Modem CP Driver)
0xB9CF0000 C:\WINDOWS\system32\drivers\smwdm.sys 593920 bytes (Analog Devices, Inc., SoundMAX Integrated Digital Audio )
0xF7B52000 Ntfs.sys 577536 bytes (Microsoft Corporation, NT File System Driver)
0xB0E82000 C:\WINDOWS\System32\Drivers\aswSnx.SYS 458752 bytes (AVAST Software, avast! Virtualization Driver)
0xB0F3C000 C:\WINDOWS\System32\DRIVERS\mrxsmb.sys 458752 bytes (Microsoft Corporation, Windows NT SMB Minirdr)
0xB9B9B000 C:\WINDOWS\System32\DRIVERS\update.sys 385024 bytes (Microsoft Corporation, Update Driver)
0xF783A000 mfehidk.sys 380928 bytes (McAfee, Inc., McAfee Link Driver)
0xB1144000 C:\WINDOWS\System32\DRIVERS\tcpip.sys 364544 bytes (Microsoft Corporation, TCP/IP Protocol Driver)
0xB033B000 C:\WINDOWS\System32\DRIVERS\srv.sys 360448 bytes (Microsoft Corporation, Server driver)
0xB9C21000 C:\WINDOWS\system32\drivers\mfefirek.sys 307200 bytes (McAfee, Inc., McAfee Core Firewall Engine Driver)
0xB0EF2000 C:\WINDOWS\System32\Drivers\aswSP.SYS 303104 bytes (AVAST Software, avast! self protection module)
0xBF148000 C:\WINDOWS\System32\ATMFD.DLL 290816 bytes (Adobe Systems Incorporated, Windows NT OpenType/Type 1 Font Driver)
0xAFCA7000 C:\WINDOWS\System32\Drivers\HTTP.sys 266240 bytes (Microsoft Corporation, HTTP Protocol Stack)
0xF75A8000 ACPI.sys 188416 bytes (Microsoft Corporation, ACPI Driver for NT)
0xF74C9000 SSIDRV.SYS 188416 bytes (Webroot Software, Inc. (www.webroot.com), Spy Sweeper Interdiction Driver)
0xB0483000 C:\WINDOWS\System32\DRIVERS\mrxdav.sys 184320 bytes (Microsoft Corporation, Windows NT WebDav Minirdr)
0xF749C000 C:\WINDOWS\SYSTEM32\Drivers\NDIS.SYS 184320 bytes (Microsoft Corporation, NDIS 5.1 wrapper driver)
0xBF03F000 C:\WINDOWS\System32\ialmdev5.DLL 180224 bytes (Intel Corporation, Component GHAL Driver)
0xAF0C9000 C:\WINDOWS\system32\drivers\kmixer.sys 176128 bytes (Microsoft Corporation, Kernel Mode Audio Mixer)
0xB0FAC000 C:\WINDOWS\System32\DRIVERS\rdbss.sys 176128 bytes (Microsoft Corporation, Redirected Drive Buffering SubSystem Driver)
0xB10E3000 C:\WINDOWS\System32\DRIVERS\netbt.sys 163840 bytes (Microsoft Corporation, MBT Transport driver)
0xB1252000 C:\WINDOWS\system32\DRIVERS\MpFilter.sys 159744 bytes (Microsoft Corporation, Microsoft antimalware file system filter driver)
0xB110B000 C:\WINDOWS\System32\DRIVERS\ipnat.sys 155648 bytes (Microsoft Corporation, IP Network Address Translator)
0xB9C6C000 C:\WINDOWS\system32\drivers\mfeavfk.sys 147456 bytes (McAfee, Inc., Anti-Virus File System Filter Driver)
0xB9CCC000 C:\WINDOWS\system32\drivers\portcls.sys 147456 bytes (Microsoft Corporation, Port Class (Class Driver for Port/Miniport Devices))
0xB9F74000 C:\WINDOWS\System32\DRIVERS\USBPORT.SYS 147456 bytes (Microsoft Corporation, USB 1.1 & 2.0 Port Driver)
0xB9F51000 C:\WINDOWS\System32\DRIVERS\ks.sys 143360 bytes (Microsoft Corporation, Kernel CSA Library)
0xB10C1000 C:\WINDOWS\System32\drivers\afd.sys 139264 bytes (Microsoft Corporation, Ancillary Function Driver for WinSock)
0xB0FD7000 C:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS 139264 bytes (SUPERAdBlocker.com and SUPERAntiSpyware.com, SASKUTIL.SYS)
0x806EF000 ACPI_HAL 131840 bytes
0x806EF000 C:\WINDOWS\system32\hal.dll 131840 bytes (Microsoft Corporation, Hardware Abstraction Layer DLL)
0xF7445000 fltmgr.sys 131072 bytes (Microsoft Corporation, Microsoft Filesystem Filter Manager)
0xF747D000 ftdisk.sys 126976 bytes (Microsoft Corporation, FT Disk Driver)
0xBF020000 C:\WINDOWS\System32\ialmdnt5.dll 126976 bytes (Intel Corporation, Controller Hub for Intel Graphics Driver)
0xF7402000 Mup.sys 106496 bytes (Microsoft Corporation, Multiple UNC Provider driver)
0xF7465000 atapi.sys 98304 bytes (Microsoft Corporation, IDE/ATAPI Port Driver)
0xB0E42000 C:\WINDOWS\System32\Drivers\dump_atapi.sys 98304 bytes
0xB0A1B000 C:\WINDOWS\System32\Drivers\aswMon2.SYS 94208 bytes (AVAST Software, avast! File System Filter Driver for Windows XP)
0xF741C000 KSecDD.sys 94208 bytes (Microsoft Corporation, Kernel Security Support Provider Interface)
0xB9CA1000 C:\WINDOWS\System32\DRIVERS\ndiswan.sys 94208 bytes (Microsoft Corporation, MS PPP Framing Driver (Strong Encryption))
0xAFA9B000 C:\WINDOWS\system32\drivers\mfeapfk.sys 90112 bytes (McAfee, Inc., Access Protection Filter Driver)
0xB06BE000 C:\WINDOWS\system32\drivers\wdmaud.sys 86016 bytes (Microsoft Corporation, MMSYSTEM Wave/Midi API mapper)
0xB9CB8000 C:\WINDOWS\system32\DRIVERS\mfendisk.sys 81920 bytes (McAfee, Inc., McAfee NDIS Intermediate Driver)
0xB9D81000 C:\WINDOWS\System32\DRIVERS\parport.sys 81920 bytes (Microsoft Corporation, Parallel Port Driver)
0xB9F98000 C:\WINDOWS\System32\DRIVERS\VIDEOPRT.SYS 81920 bytes (Microsoft Corporation, Video Port Driver)
0xB119D000 C:\WINDOWS\System32\DRIVERS\ipsec.sys 77824 bytes (Microsoft Corporation, IPSec Driver)
0xB1131000 C:\WINDOWS\system32\drivers\mfetdi2k.sys 77824 bytes (McAfee, Inc., Anti-Virus Mini-Firewall Driver)
0xB11D0000 C:\WINDOWS\system32\DRIVERS\mozy.sys 77824 bytes (Mozy, Inc., Mozy Change Monitor Filter Driver)
0xBF000000 C:\WINDOWS\System32\drivers\dxg.sys 73728 bytes (Microsoft Corporation, DirectX Graphics Driver)
0xF7433000 sr.sys 73728 bytes (Microsoft Corporation, System Restore Filesystem Filter Driver)
0xF7597000 PCI.SYS 69632 bytes (Microsoft Corporation, NT Plug and Play PCI Enumerator)
0xB9C90000 C:\WINDOWS\System32\DRIVERS\psched.sys 69632 bytes (Microsoft Corporation, MS QoS Packet Scheduler)
0xF76F7000 C:\WINDOWS\System32\Drivers\Cdfs.SYS 65536 bytes (Microsoft Corporation, CD-ROM File System Driver)
0xBA7C8000 C:\WINDOWS\System32\DRIVERS\cdrom.sys 65536 bytes (Microsoft Corporation, SCSI CD-ROM Driver)
0xF74F7000 C:\WINDOWS\System32\DRIVERS\serial.sys 65536 bytes (Microsoft Corporation, Serial Device Driver)
0xBA798000 C:\WINDOWS\system32\drivers\drmk.sys 61440 bytes (Microsoft Corporation, Microsoft Kernel DRM Descrambler Filter)
0xF7527000 C:\WINDOWS\System32\DRIVERS\IntelC53.sys 61440 bytes (Intel Corporation, Modem AFE Driver)
0xBA7B8000 C:\WINDOWS\System32\DRIVERS\redbook.sys 61440 bytes (Microsoft Corporation, Redbook Audio Filter Driver)
0xB0883000 C:\WINDOWS\system32\drivers\sysaudio.sys 61440 bytes (Microsoft Corporation, System Audio WDM Filter)
0xBA2D5000 C:\WINDOWS\System32\DRIVERS\usbhub.sys 61440 bytes (Microsoft Corporation, Default Hub Driver for USB)
0xBF012000 C:\WINDOWS\System32\ialmrnt5.dll 57344 bytes (Intel Corporation, Controller Hub for Intel Graphics Driver)
0xF7657000 C:\WINDOWS\System32\DRIVERS\CLASSPNP.SYS 53248 bytes (Microsoft Corporation, SCSI Class System Dll)
0xF7507000 C:\WINDOWS\System32\DRIVERS\i8042prt.sys 53248 bytes (Microsoft Corporation, i8042 Port Driver)
0xBA788000 C:\WINDOWS\System32\DRIVERS\rasl2tp.sys 53248 bytes (Microsoft Corporation, RAS L2TP mini-port/call-manager driver)
0xF7637000 VolSnap.sys 53248 bytes (Microsoft Corporation, Volume Shadow Copy Driver)
0xB016B000 C:\WINDOWS\system32\drivers\cfwids.sys 49152 bytes (McAfee, Inc., McAfee Personal Firewall IDS Plugin)
0xAFB30000 C:\WINDOWS\system32\drivers\mfebopk.sys 49152 bytes (McAfee, Inc., Buffer Overflow Protection Driver)
0xBA768000 C:\WINDOWS\System32\DRIVERS\raspptp.sys 49152 bytes (Microsoft Corporation, Peer-to-Peer Tunneling Protocol)
0xF7517000 C:\WINDOWS\System32\DRIVERS\bcm4sbxp.sys 45056 bytes (Broadcom Corporation, Broadcom Corporation NDIS 5.1 ethernet driver)
0xBA255000 C:\WINDOWS\System32\Drivers\Fips.SYS 45056 bytes (Microsoft Corporation, FIPS Crypto Driver)
0xBA7A8000 C:\WINDOWS\System32\DRIVERS\imapi.sys 45056 bytes (Microsoft Corporation, IMAPI Kernel Driver)
0xF7627000 MountMgr.sys 45056 bytes (Microsoft Corporation, Mount Manager)
0xBA778000 C:\WINDOWS\System32\DRIVERS\raspppoe.sys 45056 bytes (Microsoft Corporation, RAS PPPoE mini-port/call-manager driver)
0xF7617000 ssfs0bbc.sys 45056 bytes (Webroot Software, Inc. (www.webroot.com), Spy Sweeper FileSystem Filter Driver)
0xBA295000 C:\WINDOWS\System32\Drivers\aswTdi.SYS 40960 bytes (AVAST Software, avast! TDI Filter Driver)
0xF75F7000 isapnp.sys 40960 bytes (Microsoft Corporation, PNP ISA Bus Driver)
0xF7677000 C:\WINDOWS\System32\Drivers\NDProxy.SYS 40960 bytes (Microsoft Corporation, NDIS Proxy)
0xBA748000 C:\WINDOWS\System32\DRIVERS\termdd.sys 40960 bytes (Microsoft Corporation, Terminal Server Driver)
0xAF346000 C:\WINDOWS\System32\Drivers\BlackBox.SYS 36864 bytes (RKU Driver)
0xF7647000 disk.sys 36864 bytes (Microsoft Corporation, PnP Disk Driver)
0xF7537000 C:\WINDOWS\System32\DRIVERS\intelppm.sys 36864 bytes (Microsoft Corporation, Processor Device Driver)
0xBA758000 C:\WINDOWS\System32\DRIVERS\msgpc.sys 36864 bytes (Microsoft Corporation, MS General Packet Classifier)
0xBA285000 C:\WINDOWS\System32\DRIVERS\netbios.sys 36864 bytes (Microsoft Corporation, NetBIOS interface driver)
0xF7607000 SSHRMD.SYS 36864 bytes (Webroot Software, Inc. (www.webroot.com), Spy Sweeper Mini Driver)
0xF7687000 C:\WINDOWS\System32\DRIVERS\wanarp.sys 36864 bytes (Microsoft Corporation, MS Remote Access and Routing ARP Driver)
0xF7777000 C:\WINDOWS\System32\Drivers\Modem.SYS 32768 bytes (Microsoft Corporation, Modem Device Driver)
0xF7817000 C:\WINDOWS\System32\Drivers\Npfs.SYS 32768 bytes (Microsoft Corporation, NPFS Driver)
0xF77EF000 C:\WINDOWS\System32\DRIVERS\usbccgp.sys 32768 bytes (Microsoft Corporation, USB Common Class Generic Parent Driver)
0xF7767000 C:\WINDOWS\System32\DRIVERS\usbehci.sys 32768 bytes (Microsoft Corporation, EHCI eUSB Miniport Driver)
0xF777F000 C:\WINDOWS\System32\DRIVERS\fdc.sys 28672 bytes (Microsoft Corporation, Floppy Disk Controller Driver)
0xF770F000 C:\WINDOWS\System32\DRIVERS\PCIIDEX.SYS 28672 bytes (Microsoft Corporation, PCI IDE Bus Driver Extension)
0xF77FF000 C:\WINDOWS\System32\DRIVERS\usbprint.sys 28672 bytes (Microsoft Corporation, USB Printer driver)
0xF7757000 C:\WINDOWS\System32\Drivers\Aavmker4.SYS 24576 bytes (AVAST Software, avast! Base Kernel-Mode Device Driver for Windows NT/2000/XP)
0xF7797000 C:\WINDOWS\SYSTEM32\DRIVERS\GEARAspiWDM.sys 24576 bytes (GEAR Software Inc., CD DVD Filter)
0xF7787000 C:\WINDOWS\System32\DRIVERS\kbdclass.sys 24576 bytes (Microsoft Corporation, Keyboard Class Driver)
0xF776F000 C:\WINDOWS\System32\DRIVERS\mohfilt.sys 24576 bytes (Intel Corporation, Filter Driver to Support Modem-on-Hold)
0xF778F000 C:\WINDOWS\System32\DRIVERS\mouclass.sys 24576 bytes (Microsoft Corporation, Mouse Class Driver)
0xF773F000 C:\Program Files\SUPERAntiSpyware\SASDIFSV.SYS 24576 bytes (SUPERAdBlocker.com and SUPERAntiSpyware.com, SASDIFSV.SYS)
0xF7737000 C:\WINDOWS\System32\Drivers\SbcpHid.sys 24576 bytes (-, -)
0xF775F000 C:\WINDOWS\System32\DRIVERS\usbuhci.sys 24576 bytes (Microsoft Corporation, UHCI USB Miniport Driver)
0xF7807000 C:\WINDOWS\System32\drivers\vga.sys 24576 bytes (Microsoft Corporation, VGA/Super VGA Video Driver)
0xF781F000 C:\WINDOWS\System32\Drivers\aswRdr.SYS 20480 bytes (AVAST Software, avast! TDI RDR Driver)
0xF77BF000 C:\WINDOWS\System32\DRIVERS\flpydisk.sys 20480 bytes (Microsoft Corporation, Floppy Driver)
0xF780F000 C:\WINDOWS\System32\Drivers\Msfs.SYS 20480 bytes (Microsoft Corporation, Mailslot driver)
0xF77AF000 C:\WINDOWS\System32\DRIVERS\omci.sys 20480 bytes (Dell Computer Corporation, OMCI Device Driver)
0xF7717000 PartMgr.sys 20480 bytes (Microsoft Corporation, Partition Manager)
0xF779F000 C:\WINDOWS\System32\DRIVERS\ptilink.sys 20480 bytes (Parallel Technologies, Inc., Parallel Technologies DirectParallel IO Library)
0xF771F000 PxHelp20.sys 20480 bytes (Sonic Solutions, Px Engine Device Driver for Windows 2000/XP)
0xF77A7000 C:\WINDOWS\System32\DRIVERS\raspti.sys 20480 bytes (Microsoft Corporation, PTI DirectParallel® mini-port/call-manager driver)
0xF7707000 C:\WINDOWS\SYSTEM32\Drivers\TDI.SYS 20480 bytes (Microsoft Corporation, TDI Wrapper)
0xF77CF000 C:\WINDOWS\System32\watchdog.sys 20480 bytes (Microsoft Corporation, Watchdog Driver)
0xBA71F000 C:\WINDOWS\system32\drivers\MODEMCSA.sys 16384 bytes (Microsoft Corporation, Unimodem CSA Filter)
0xF7937000 C:\WINDOWS\System32\DRIVERS\mssmbios.sys 16384 bytes (Microsoft Corporation, System Management BIOS Driver)
0xB0C8E000 C:\WINDOWS\System32\DRIVERS\ndisuio.sys 16384 bytes (Microsoft Corporation, NDIS User mode I/O Driver)
0xF791F000 C:\WINDOWS\System32\DRIVERS\serenum.sys 16384 bytes (Microsoft Corporation, Serial Port Enumerator)
0xB0B82000 C:\WINDOWS\System32\DRIVERS\usbscan.sys 16384 bytes (Microsoft Corporation, USB Scanner Driver)
0xB0DE2000 C:\WINDOWS\System32\Drivers\aswFsBlk.SYS 12288 bytes (AVAST Software, avast! File System Access Blocking Driver)
0xF7897000 C:\WINDOWS\system32\BOOTVID.dll 12288 bytes (Microsoft Corporation, VGA Boot Driver)
0xB0E76000 C:\WINDOWS\System32\drivers\Dxapi.sys 12288 bytes (Microsoft Corporation, DirectX API Driver)
0xBA70F000 C:\WINDOWS\System32\Drivers\i2omgmt.SYS 12288 bytes (Microsoft Corporation, I2O Utility Filter)
0xBA31B000 C:\WINDOWS\System32\DRIVERS\ndistapi.sys 12288 bytes (Microsoft Corporation, NDIS 3.0 connection wrapper driver)
0xF7933000 C:\WINDOWS\System32\DRIVERS\rasacd.sys 12288 bytes (Microsoft Corporation, RAS Automatic Connection Driver)
0xB12BD000 C:\WINDOWS\System32\drivers\ws2ifsl.sys 12288 bytes (Microsoft Corporation, Winsock2 IFS Layer)
0xF79CF000 C:\WINDOWS\system32\drivers\aeaudio.sys 8192 bytes (Andrea Electronics Corporation, Andrea Audio Stub Driver)
0xF79B7000 C:\WINDOWS\System32\Drivers\Beep.SYS 8192 bytes (Microsoft Corporation, BEEP Driver)
0xF7A09000 C:\WINDOWS\System32\Drivers\dump_WMILIB.SYS 8192 bytes
0xF79B5000 C:\WINDOWS\System32\Drivers\Fs_Rec.SYS 8192 bytes (Microsoft Corporation, File System Recognizer Driver)
0xF7987000 C:\WINDOWS\system32\KDCOM.DLL 8192 bytes (Microsoft Corporation, Kernel Debugger HW Extension DLL)
0xF79B9000 C:\WINDOWS\System32\Drivers\mnmdd.SYS 8192 bytes (Microsoft Corporation, Frame buffer simulator)
0xF79E5000 C:\WINDOWS\System32\Drivers\ParVdm.SYS 8192 bytes (Microsoft Corporation, VDM Parallel Driver)
0xF79BB000 C:\WINDOWS\System32\DRIVERS\RDPCDD.sys 8192 bytes (Microsoft Corporation, RDP Miniport)
0xF79D3000 C:\WINDOWS\System32\DRIVERS\swenum.sys 8192 bytes (Microsoft Corporation, Plug and Play Software Device Enumerator)
0xF79D7000 C:\WINDOWS\System32\DRIVERS\USBD.SYS 8192 bytes (Microsoft Corporation, Universal Serial Bus Driver)
0xF7989000 C:\WINDOWS\System32\DRIVERS\WMILIB.SYS 8192 bytes (Microsoft Corporation, WMILIB WMI support library Dll)
0xBA0D5000 C:\WINDOWS\System32\DRIVERS\audstub.sys 4096 bytes (Microsoft Corporation, AudStub Driver)
0xBA24E000 C:\WINDOWS\System32\drivers\dxgthk.sys 4096 bytes (Microsoft Corporation, DirectX Graphics Driver Thunk)
0xB11E5000 C:\WINDOWS\System32\Drivers\Null.SYS 4096 bytes (Microsoft Corporation, NULL Driver)
0xF7A4F000 pciide.sys 4096 bytes (Microsoft Corporation, Generic PCI IDE Bus Driver)
0x8A68E0E8 unknown_irp_handler 3864 bytes
0x8A5A31B0 unknown_irp_handler 3664 bytes
0x8A6601D0 unknown_irp_handler 3632 bytes
0x8A59D288 unknown_irp_handler 3448 bytes
0x8A5922F8 unknown_irp_handler 3336 bytes
0x8A5A63A8 unknown_irp_handler 3160 bytes
0x8A58E420 unknown_irp_handler 3040 bytes
0x8A658558 unknown_irp_handler 2728 bytes
0x8A5FB598 unknown_irp_handler 2664 bytes
0x8A6035D8 unknown_irp_handler 2600 bytes
0x8A611608 unknown_irp_handler 2552 bytes
0x8A68F620 unknown_irp_handler 2528 bytes
0x8A5E1630 unknown_irp_handler 2512 bytes
0x8A619728 unknown_irp_handler 2264 bytes
0x8A5F4800 unknown_irp_handler 2048 bytes
0x8A5A2878 unknown_irp_handler 1928 bytes
0x8A597928 unknown_irp_handler 1752 bytes
0x8A61A980 unknown_irp_handler 1664 bytes
0x8A5FE9A0 unknown_irp_handler 1632 bytes
0x8A59DA60 unknown_irp_handler 1440 bytes
0x8A5F3B38 unknown_irp_handler 1224 bytes
0x8A69BC40 unknown_irp_handler 960 bytes
0x8A6C7C68 unknown_irp_handler 920 bytes
0x8A61ACE8 unknown_irp_handler 792 bytes
0x8A5DED08 unknown_irp_handler 760 bytes
0x8A602D78 unknown_irp_handler 648 bytes
0x8A5F5FA8 unknown_irp_handler 88 bytes
0x8A692FA8 unknown_irp_handler 88 bytes
==============================================
>Stealth
==============================================

#7 kmeechan

kmeechan
  • Topic Starter

  • Members
  • 54 posts
  • OFFLINE
  •  
  • Local time:06:11 AM

Posted 06 June 2011 - 02:20 PM

Here is the OTL log:

OTL logfile created on: 6/6/2011 11:07:12 AM - Run 1
OTL by OldTimer - Version 3.2.23.0 Folder = C:\Documents and Settings\Amy Meechan\Desktop
Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

1.50 Gb Total Physical Memory | 0.39 Gb Available Physical Memory | 26.00% Memory free
2.10 Gb Paging File | 0.96 Gb Available in Paging File | 45.81% Paging File free
Paging file location(s): C:\pagefile.sys 768 1536 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 74.47 Gb Total Space | 9.68 Gb Free Space | 13.00% Space Free | Partition Type: NTFS

Computer Name: DELL | User Name: Amy Meechan | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2011/06/06 11:05:28 | 000,580,096 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Amy Meechan\Desktop\OTL.exe
PRC - [2011/05/23 08:00:06 | 002,424,192 | ---- | M] (SUPERAntiSpyware.com) -- C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
PRC - [2011/05/10 05:10:57 | 000,042,184 | ---- | M] (AVAST Software) -- C:\Program Files\AVAST Software\Avast\AvastSvc.exe
PRC - [2011/04/25 11:17:18 | 001,201,656 | ---- | M] (Webroot Software, Inc. ) -- C:\Program Files\Webroot\Spy Sweeper\WRConsumerService.exe
PRC - [2011/04/14 14:01:38 | 000,188,136 | ---- | M] (McAfee, Inc.) -- C:\Program Files\Common Files\McAfee\SystemCore\mfefire.exe
PRC - [2011/04/14 14:01:38 | 000,171,168 | ---- | M] (McAfee, Inc.) -- C:\Program Files\Common Files\McAfee\SystemCore\mcshield.exe
PRC - [2011/04/14 14:01:38 | 000,141,792 | ---- | M] (McAfee, Inc.) -- C:\WINDOWS\SYSTEM32\mfevtps.exe
PRC - [2011/04/05 15:55:24 | 006,156,336 | ---- | M] (Webroot Software, Inc.) -- C:\Program Files\Webroot\Spy Sweeper\SpySweeperUI.exe
PRC - [2011/04/05 11:50:44 | 001,195,408 | ---- | M] (McAfee, Inc.) -- c:\Program Files\McAfee.com\Agent\mcagent.exe
PRC - [2011/03/22 10:14:12 | 004,048,256 | ---- | M] (Webroot Software, Inc. (www.webroot.com)) -- C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe
PRC - [2011/03/22 10:14:10 | 000,165,248 | ---- | M] (Webroot Software, Inc. (www.webroot.com)) -- C:\Program Files\Webroot\Spy Sweeper\SSU.exe
PRC - [2011/02/08 14:24:02 | 003,600,184 | ---- | M] (Mozy, Inc.) -- C:\Program Files\MozyHome\mozystat.exe
PRC - [2010/11/11 12:26:40 | 000,011,736 | ---- | M] (Microsoft Corporation) -- c:\Program Files\Microsoft Security Client\Antimalware\MsMpEng.exe
PRC - [2010/07/05 01:23:49 | 000,108,368 | ---- | M] (Microsoft Corporation) -- C:\Program Files\MSN\MSNCoreFiles\msn.exe
PRC - [2010/03/10 16:10:40 | 000,439,376 | ---- | M] (McAfee, Inc.) -- C:\Program Files\Common Files\McAfee\MSC\McUICnt.exe
PRC - [2010/03/10 15:41:24 | 000,180,888 | ---- | M] (McAfee, Inc.) -- C:\Program Files\McAfee\MSM\McSmtFwk.exe
PRC - [2010/03/10 11:14:44 | 000,271,480 | ---- | M] (McAfee, Inc.) -- C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe
PRC - [2008/04/13 17:12:19 | 001,033,728 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
PRC - [2007/08/09 00:27:52 | 000,073,728 | ---- | M] (HP) -- C:\WINDOWS\SYSTEM32\HPZipm12.exe


========== Modules (SafeList) ==========

MOD - [2011/06/06 11:05:28 | 000,580,096 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Amy Meechan\Desktop\OTL.exe
MOD - [2011/05/10 05:10:55 | 000,199,792 | ---- | M] (AVAST Software) -- C:\Program Files\AVAST Software\Avast\snxhk.dll
MOD - [2010/08/23 09:12:02 | 001,054,208 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.6028_x-ww_61e65202\comctl32.dll


========== Win32 Services (SafeList) ==========

SRV - File not found [Disabled | Stopped] -- -- (HidServ)
SRV - File not found [Disabled | Stopped] -- -- (AppMgmt)
SRV - [2011/05/10 05:10:57 | 000,042,184 | ---- | M] (AVAST Software) [Auto | Running] -- C:\Program Files\AVAST Software\Avast\AvastSvc.exe -- (avast! Antivirus)
SRV - [2011/04/25 11:17:18 | 001,201,656 | ---- | M] (Webroot Software, Inc. ) [Auto | Running] -- C:\Program Files\Webroot\Spy Sweeper\WRConsumerService.exe -- (WRConsumerService)
SRV - [2011/04/14 14:01:38 | 000,188,136 | ---- | M] (McAfee, Inc.) [Auto | Running] -- C:\Program Files\Common Files\McAfee\SystemCore\mfefire.exe -- (mfefire)
SRV - [2011/04/14 14:01:38 | 000,171,168 | ---- | M] () [Unknown | Running] -- C:\Program Files\Common Files\McAfee\SystemCore\\mcshield.exe -- (McShield)
SRV - [2011/04/14 14:01:38 | 000,141,792 | ---- | M] (McAfee, Inc.) [Unknown | Running] -- C:\WINDOWS\SYSTEM32\mfevtps.exe -- (mfevtp)
SRV - [2011/03/22 10:14:12 | 004,048,256 | ---- | M] (Webroot Software, Inc. (www.webroot.com)) [Auto | Running] -- C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe -- (WebrootSpySweeperService)
SRV - [2011/03/01 09:56:36 | 000,052,288 | ---- | M] (NOS Microsystems Ltd.) [On_Demand | Stopped] -- C:\Program Files\NOS\bin\getPlus_Helper_3004.dll -- (nosGetPlusHelper) getPlus®
SRV - [2010/11/11 12:26:40 | 000,011,736 | ---- | M] (Microsoft Corporation) [Auto | Running] -- c:\Program Files\Microsoft Security Client\Antimalware\MsMpEng.exe -- (MsMpSvc)
SRV - [2010/10/07 21:34:28 | 000,364,216 | ---- | M] (McAfee, Inc.) [On_Demand | Stopped] -- C:\Program Files\McAfee\VirusScan\mcods.exe -- (McODS)
SRV - [2010/03/10 11:14:44 | 000,271,480 | ---- | M] (McAfee, Inc.) [Auto | Running] -- C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe -- (McProxy)
SRV - [2010/03/10 11:14:44 | 000,271,480 | ---- | M] (McAfee, Inc.) [Auto | Running] -- C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe -- (McNASvc)
SRV - [2010/03/10 11:14:44 | 000,271,480 | ---- | M] (McAfee, Inc.) [Auto | Running] -- C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe -- (McNaiAnn)
SRV - [2010/03/10 11:14:44 | 000,271,480 | ---- | M] (McAfee, Inc.) [Auto | Running] -- C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe -- (mcmscsvc)
SRV - [2010/03/10 11:14:44 | 000,271,480 | ---- | M] (McAfee, Inc.) [Auto | Running] -- C:\Program Files\Common Files\Mcafee\McSvcHost\McSvHost.exe -- (McMPFSvc)
SRV - [2007/08/09 00:27:52 | 000,073,728 | ---- | M] (HP) [Auto | Running] -- C:\WINDOWS\SYSTEM32\HPZipm12.exe -- (Pml Driver HPZ12)
SRV - [2006/05/08 04:24:54 | 000,069,632 | ---- | M] (Sony Corporation) [On_Demand | Stopped] -- C:\Program Files\Common Files\Sony Shared\AVLib\SSScsiSV.exe -- (SSScsiSV)


========== Driver Services (SafeList) ==========

DRV - [2011/05/10 05:03:54 | 000,441,176 | ---- | M] (AVAST Software) [File_System | System | Running] -- C:\WINDOWS\System32\drivers\aswSnx.sys -- (aswSnx)
DRV - [2011/05/10 05:03:44 | 000,307,928 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\aswSP.sys -- (aswSP)
DRV - [2011/05/10 05:02:37 | 000,049,240 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\aswTdi.sys -- (aswTdi)
DRV - [2011/05/10 05:02:25 | 000,102,616 | ---- | M] (AVAST Software) [File_System | Auto | Running] -- C:\WINDOWS\System32\drivers\aswmon2.sys -- (aswMon2)
DRV - [2011/05/10 04:59:56 | 000,025,432 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\aswRdr.sys -- (aswRdr)
DRV - [2011/05/10 04:59:37 | 000,030,808 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\aavmker4.sys -- (Aavmker4)
DRV - [2011/05/10 04:59:35 | 000,019,544 | ---- | M] (AVAST Software) [File_System | Auto | Running] -- C:\WINDOWS\System32\drivers\aswFsBlk.sys -- (aswFsBlk)
DRV - [2011/04/14 14:01:38 | 000,387,480 | ---- | M] (McAfee, Inc.) [Kernel | Boot | Running] -- C:\WINDOWS\system32\drivers\mfehidk.sys -- (mfehidk)
DRV - [2011/04/14 14:01:38 | 000,314,088 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\SYSTEM32\DRIVERS\mfefirek.sys -- (mfefirek)
DRV - [2011/04/14 14:01:38 | 000,153,280 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\SYSTEM32\DRIVERS\mfeavfk.sys -- (mfeavfk)
DRV - [2011/04/14 14:01:38 | 000,095,824 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\SYSTEM32\DRIVERS\mfeapfk.sys -- (mfeapfk)
DRV - [2011/04/14 14:01:38 | 000,088,736 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\SYSTEM32\DRIVERS\mfendisk.sys -- (mfendiskmp)
DRV - [2011/04/14 14:01:38 | 000,088,736 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SYSTEM32\DRIVERS\mfendisk.sys -- (mfendisk)
DRV - [2011/04/14 14:01:38 | 000,084,488 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SYSTEM32\DRIVERS\mferkdet.sys -- (mferkdet)
DRV - [2011/04/14 14:01:38 | 000,084,200 | ---- | M] (McAfee, Inc.) [Kernel | System | Running] -- C:\WINDOWS\SYSTEM32\DRIVERS\mfetdi2k.sys -- (mfetdi2k)
DRV - [2011/04/14 14:01:38 | 000,056,064 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\SYSTEM32\DRIVERS\cfwids.sys -- (cfwids)
DRV - [2011/04/14 14:01:38 | 000,052,320 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\SYSTEM32\DRIVERS\mfebopk.sys -- (mfebopk)
DRV - [2011/03/22 10:14:22 | 000,176,776 | ---- | M] (Webroot Software, Inc. (www.webroot.com)) [Kernel | Boot | Running] -- C:\WINDOWS\SYSTEM32\Drivers\SSIDRV.SYS -- (SSIDRV)
DRV - [2011/03/22 10:14:22 | 000,029,832 | ---- | M] (Webroot Software, Inc. (www.webroot.com)) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\ssfs0bbc.sys -- (ssfs0bbc)
DRV - [2011/03/22 10:14:22 | 000,023,176 | ---- | M] (Webroot Software, Inc. (www.webroot.com)) [Kernel | Boot | Running] -- C:\WINDOWS\SYSTEM32\Drivers\SSHRMD.SYS -- (SSHRMD)
DRV - [2010/05/10 11:41:30 | 000,067,656 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Running] -- C:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS -- (SASKUTIL)
DRV - [2010/02/17 11:25:48 | 000,012,872 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Running] -- C:\Program Files\SUPERAntiSpyware\sasdifsv.sys -- (SASDIFSV)
DRV - [2009/09/16 10:22:48 | 000,040,552 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SYSTEM32\DRIVERS\mfesmfk.sys -- (mfesmfk)
DRV - [2009/09/16 10:22:14 | 000,034,248 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SYSTEM32\DRIVERS\mferkdk.sys -- (mferkdk)
DRV - [2009/09/08 18:06:44 | 000,021,248 | ---- | M] (Printing Communications Assoc., Inc. (PCAUSA)) [Kernel | On_Demand | Stopped] -- C:\Program Files\Common Files\Motive\MREMP50.sys -- (MREMP50)
DRV - [2009/09/08 18:06:37 | 000,020,096 | ---- | M] (Printing Communications Assoc., Inc. (PCAUSA)) [Kernel | On_Demand | Stopped] -- C:\Program Files\Common Files\Motive\MRESP50.sys -- (MRESP50)
DRV - [2008/05/28 11:02:16 | 000,020,848 | ---- | M] (Webroot Software Inc (www.webroot.com)) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SYSTEM32\DRIVERS\sskbfd.sys -- (SSKBFD)
DRV - [2004/08/03 22:29:49 | 000,019,455 | ---- | M] (Intel® Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SYSTEM32\DRIVERS\wvchntxx.sys -- (iAimFP4)
DRV - [2004/08/03 22:29:47 | 000,012,063 | ---- | M] (Intel® Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SYSTEM32\DRIVERS\wsiintxx.sys -- (iAimFP3)
DRV - [2004/08/03 22:29:45 | 000,023,615 | ---- | M] (Intel® Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SYSTEM32\DRIVERS\wch7xxnt.sys -- (iAimTV4)
DRV - [2004/08/03 22:29:43 | 000,033,599 | ---- | M] (Intel® Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SYSTEM32\DRIVERS\watv04nt.sys -- (iAimTV3)
DRV - [2004/08/03 22:29:42 | 000,019,551 | ---- | M] (Intel® Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SYSTEM32\DRIVERS\watv02nt.sys -- (iAimTV1)
DRV - [2004/08/03 22:29:41 | 000,029,311 | ---- | M] (Intel® Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SYSTEM32\DRIVERS\watv01nt.sys -- (iAimTV0)
DRV - [2004/08/03 22:29:37 | 000,012,415 | ---- | M] (Intel® Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SYSTEM32\DRIVERS\wadv01nt.sys -- (iAimFP0)
DRV - [2004/08/03 22:29:37 | 000,012,127 | ---- | M] (Intel® Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SYSTEM32\DRIVERS\wadv02nt.sys -- (iAimFP1)
DRV - [2004/08/03 22:29:37 | 000,011,775 | ---- | M] (Intel® Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SYSTEM32\DRIVERS\wadv05nt.sys -- (iAimFP2)
DRV - [2004/08/03 22:29:36 | 000,161,020 | ---- | M] (Intel® Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SYSTEM32\DRIVERS\i81xnt5.sys -- (i81x)
DRV - [2004/08/03 22:29:26 | 000,701,440 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SYSTEM32\DRIVERS\ati2mtag.sys -- (ati2mtag)
DRV - [2004/03/05 20:15:34 | 000,647,929 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\SYSTEM32\DRIVERS\IntelC52.sys -- (IntelC52)
DRV - [2004/03/05 20:14:42 | 001,233,525 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\SYSTEM32\DRIVERS\IntelC51.sys -- (IntelC51)
DRV - [2004/03/05 20:13:52 | 000,060,949 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\SYSTEM32\DRIVERS\IntelC53.sys -- (IntelC53)
DRV - [2004/03/05 20:13:38 | 000,037,048 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\SYSTEM32\DRIVERS\mohfilt.sys -- (mohfilt)
DRV - [2003/07/16 22:28:02 | 000,017,142 | ---- | M] (Printing Communications Assoc., Inc. (PCAUSA)) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SYSTEM32\CBTNDIS5.sys -- (CBTNDIS5)
DRV - [2003/05/23 10:58:30 | 000,043,136 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\SYSTEM32\DRIVERS\bcm4sbxp.sys -- (bcm4sbxp)
DRV - [2002/11/08 11:45:06 | 000,017,217 | ---- | M] (Dell Computer Corporation) [Kernel | System | Running] -- C:\WINDOWS\SYSTEM32\DRIVERS\omci.sys -- (omci)
DRV - [2001/08/23 12:00:00 | 000,022,400 | ---- | M] () [Kernel | System | Running] -- C:\WINDOWS\SYSTEM32\DRIVERS\SbcpHid.sys -- (SbcpHid)
DRV - [2001/08/17 10:11:06 | 000,066,591 | ---- | M] (3Com Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SYSTEM32\DRIVERS\EL90XBC5.SYS -- (EL90XBC)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========



IE - HKU\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.dell4me.com/myway
IE - HKU\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\Main,First Home Page = http://www.dell4me.com/myway
IE - HKU\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.dell4me.com/myway
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = 127.0.0.1;127.0.0.1 citrix.protectionone.com;<local>;localhost;*.local
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyServer" = http=127.0.0.1:9022

IE - HKU\S-1-5-18\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.dell4me.com/myway
IE - HKU\S-1-5-18\SOFTWARE\Microsoft\Internet Explorer\Main,First Home Page = http://www.dell4me.com/myway
IE - HKU\S-1-5-18\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.dell4me.com/myway
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = 127.0.0.1;127.0.0.1 citrix.protectionone.com;<local>;localhost;*.local
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyServer" = http=127.0.0.1:9022

IE - HKU\S-1-5-19\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-20\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-21-2154351683-1843223600-758978945-1007\SOFTWARE\Microsoft\Internet Explorer\Main,SearchMigratedDefaultName = Live Search
IE - HKU\S-1-5-21-2154351683-1843223600-758978945-1007\SOFTWARE\Microsoft\Internet Explorer\Main,SearchMigratedDefaultURL = http://search.live.com/results.aspx?q={searchTerms}&src={referrer:source?}
IE - HKU\S-1-5-21-2154351683-1843223600-758978945-1007\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://login.live.com/login.srf?wa=wsignin1.0&rpsnv=11&ct=1278433960&rver=6.0.5285.0&wp=MBI&wreply=http:%2F%2Fmail.live.com%2Fdefault.aspx&lc=1033&id=64855&mkt=en-us
IE - HKU\S-1-5-21-2154351683-1843223600-758978945-1007\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://www.msn.com/
IE - HKU\S-1-5-21-2154351683-1843223600-758978945-1007\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-us
IE - HKU\S-1-5-21-2154351683-1843223600-758978945-1007\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-21-2154351683-1843223600-758978945-1007\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = 127.0.0.1;127.0.0.1 citrix.protectionone.com;<local>;localhost;*.local
IE - HKU\S-1-5-21-2154351683-1843223600-758978945-1007\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyServer" = http=127.0.0.1:9022

========== FireFox ==========


FF - HKLM\software\mozilla\Firefox\Extensions\\msntoolbar@msn.com: C:\Program Files\MSN Toolbar\Platform\5.0.1423.0\Firefox [2010/12/11 19:48:39 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Firefox\Extensions\\{27182e60-b5f3-411c-b545-b44205977502}: C:\Program Files\Microsoft\Search Enhancement Pack\Search Helper\firefoxextension\SearchHelperExtension\ [2010/12/12 09:27:22 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 4.0.1\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2011/06/03 06:48:01 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 4.0.1\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins

[2011/05/22 01:14:04 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Amy Meechan\Application Data\Mozilla\Extensions
[2011/05/23 01:11:58 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
[2011/05/23 01:12:00 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0025-ABCDEFFEDCBA}
File not found (No name found) --
[2009/11/05 11:39:59 | 000,000,000 | ---D | M] (Java Quick Starter) -- C:\PROGRAM FILES\JAVA\JRE6\LIB\DEPLOY\JQS\FF
[2009/06/24 07:13:45 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\WINDOWS\MICROSOFT.NET\FRAMEWORK\V3.5\WINDOWS PRESENTATION FOUNDATION\DOTNETASSISTANTEXTENSION
[2011/04/14 09:26:02 | 000,142,296 | ---- | M] (Mozilla Foundation) -- C:\Program Files\Mozilla Firefox\components\browsercomps.dll
[2011/04/14 14:01:38 | 000,024,376 | ---- | M] (McAfee, Inc.) -- C:\Program Files\Mozilla Firefox\components\Scriptff.dll
[2010/01/01 01:00:00 | 000,002,252 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\bing.xml

O1 HOSTS File: ([2010/06/14 13:01:50 | 000,000,692 | ---- | M]) - C:\WINDOWS\SYSTEM32\DRIVERS\ETC\HOSTS
O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - No CLSID value found.
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found.
O2 - BHO: (scriptproxy) - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - C:\Program Files\Common Files\McAfee\SystemCore\ScriptSn.20110603064801.dll (McAfee, Inc.)
O2 - BHO: (avast! WebRep) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
O2 - BHO: (MSN Search Toolbar Helper) - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Toolbar Suite\TB\02.05.0001.1119\en-us\msntb.dll (Microsoft Corporation)
O2 - BHO: (no name) - {FDD3B846-8D59-4ffb-8758-209B6AD74ACC} - No CLSID value found.
O3 - HKLM\..\Toolbar: (Easy-WebPrint) - {327C2873-E90D-4c37-AA9D-10AC9BABA46C} - C:\Program Files\Canon\Easy-WebPrint\Toolband.dll ()
O3 - HKLM\..\Toolbar: (avast! WebRep) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
O3 - HKLM\..\Toolbar: (MSN Search Toolbar) - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Toolbar Suite\TB\02.05.0001.1119\en-us\msntb.dll (Microsoft Corporation)
O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O3 - HKU\S-1-5-21-2154351683-1843223600-758978945-1007\..\Toolbar\ShellBrowser: (MSN Search Toolbar) - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Toolbar Suite\TB\02.05.0001.1119\en-us\msntb.dll (Microsoft Corporation)
O3 - HKU\S-1-5-21-2154351683-1843223600-758978945-1007\..\Toolbar\WebBrowser: (MSN Search Toolbar) - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Toolbar Suite\TB\02.05.0001.1119\en-us\msntb.dll (Microsoft Corporation)
O4 - HKLM..\Run: [SpySweeper] C:\Program Files\Webroot\Spy Sweeper\SpySweeperUI.exe (Webroot Software, Inc.)
O4 - HKU\.DEFAULT..\RunOnce: [RunNarrator] C:\WINDOWS\System32\narrator.exe (Microsoft Corporation)
O4 - HKU\S-1-5-18..\RunOnce: [RunNarrator] C:\WINDOWS\System32\narrator.exe (Microsoft Corporation)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\MozyHome Status.lnk = C:\Program Files\MozyHome\mozystat.exe (Mozy, Inc.)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoCDBurning = 0
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-21-2154351683-1843223600-758978945-1007\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 0
O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O15 - HKU\S-1-5-21-2154351683-1843223600-758978945-1007\..Trusted Domains: ([]msn in My Computer)
O15 - HKU\S-1-5-21-2154351683-1843223600-758978945-1007\..Trusted Domains: //@mail.mar@ ([]msn in Local intranet)
O15 - HKU\S-1-5-21-2154351683-1843223600-758978945-1007\..Trusted Domains: //@mail.mar@/ ([]msn in Local intranet)
O15 - HKU\S-1-5-21-2154351683-1843223600-758978945-1007\..Trusted Domains: //@signup.mar@ ([]msn in My Computer)
O15 - HKU\S-1-5-21-2154351683-1843223600-758978945-1007\..Trusted Domains: //@signup.mar@/ ([]msn in My Computer)
O15 - HKU\S-1-5-21-2154351683-1843223600-758978945-1007\..Trusted Domains: internet ([]about in Trusted sites)
O15 - HKU\S-1-5-21-2154351683-1843223600-758978945-1007\..Trusted Domains: mcafee.com ([]http in Trusted sites)
O15 - HKU\S-1-5-21-2154351683-1843223600-758978945-1007\..Trusted Domains: mcafee.com ([]https in Trusted sites)
O15 - HKU\S-1-5-21-2154351683-1843223600-758978945-1007\..Trusted Domains: specoddns.net ([demo4th.ddns] http in Trusted sites)
O15 - HKU\S-1-5-21-2154351683-1843223600-758978945-1007\..Trusted Domains: websamsung.net ([m484e28] http in Trusted sites)
O16 - DPF: {05CA9FB0-3E3E-4B36-BF41-0E3A5CAA8CD8} http://download.microsoft.com/download/e/7/3/e7345c16-80aa-4488-ae10-9ac6be844f99/OGAControl.cab (Office Genuine Advantage Validation Tool)
O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} http://fpdownload.macromedia.com/pub/shockwave/cabs/director/sw.cab (Shockwave ActiveX Control)
O16 - DPF: {16F67783-7E72-4C39-99C4-4780A8335484} http://www.syncmyride.com/Own/Modules/UploadDownload/applets/sync.cab (SyncXfer Class)
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} http://download.microsoft.com/download/5/b/0/5b0d4654-aa20-495c-b89f-c1c34c691085/LegitCheckControl.cab (Windows Genuine Advantage Validation Tool)
O16 - DPF: {233C1507-6A77-46A4-9443-F871F945D258} http://fpdownload.macromedia.com/get/shockwave/cabs/director/sw.cab (Shockwave ActiveX Control)
O16 - DPF: {46D8BEE7-0B27-4466-ABA2-A5F1E157971C} http://65.254.18.46:100/RemoteWeb.cab (Reg Error: Key error.)
O16 - DPF: {4871A87A-BFDD-4106-8153-FFDE2BAC2967} http://dlm.tools.akamai.com/dlmanager/versions/activex/dlm-activex-2.2.5.0.cab (DLM Control)
O16 - DPF: {49232000-16E4-426C-A231-62846947304B} http://ipgweb.cce.hp.com/rdqna/downloads/sysinfo.cab (Reg Error: Key error.)
O16 - DPF: {596AF4AC-40A0-474A-9F86-33F0A90F0FD6} http://photos.msn.com/resources/neutral/controls/DigWebX2.cab (PictureItLauncher Class)
O16 - DPF: {5C519EC4-2BAE-44CE-B7F5-AD0CCD4BEFBD} http://www.starvedia.com/ActiveX/axmpeg4.cab (mpeg4 ActiveX Plugin v2)
O16 - DPF: {5FFDFC21-AE40-4C7C-955C-415A1ACE01C8} http://65.254.18.46:100/VideoViewer.cab (Reg Error: Key error.)
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} http://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1120157897796 (WUWebControl Class)
O16 - DPF: {66935983-2FD2-11D8-BE9F-0008C7DB2119} http://services.alarmnet.com/P1Connect/aojv.dll (ACont Class)
O16 - DPF: {77E32299-629F-43C6-AB77-6A1E6D7663F6} http://atv.disney.go.com/global/download/otoy/OTOYAX29b.cab (Groove Control)
O16 - DPF: {801A846F-2310-11D8-BE9F-0008C7DB2119} http://services.alarmnet.com/P1Connect/aojv.dll (AViewer Class)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_25-windows-i586.cab (Java Plug-in 1.6.0_25)
O16 - DPF: {924B4927-D3BA-41EA-9F7E-8A89194AB3AC} http://panda-plugin.disney.go.com/plugin/win32/p3dactivex.cab (P3DActiveX Control)
O16 - DPF: {BF776FD3-69B4-4151-AC97-3A2A64753E18} http://63.169.172.196:2080/GVersionMan.cab (GVersionManager Class)
O16 - DPF: {C02226EB-A5D7-4B1F-BD7E-635E46C2288D} http://a.download.toontown.com/sv1.0.32.21/ttinst.cab (Reg Error: Key error.)
O16 - DPF: {C7DB51B4-BCF7-4923-8874-7F1A0DC92277} http://office.microsoft.com/officeupdate/content/opuc4.cab (Office Update Installation Engine)
O16 - DPF: {CAFEEFAC-0016-0000-0025-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_25-windows-i586.cab (Java Plug-in 1.6.0_25)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_25-windows-i586.cab (Java Plug-in 1.6.0_25)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object)
O16 - DPF: {DA5CE92B-A2DF-4400-A7F4-481A127FA434} http://204.246.206.100:4080/webviewer.cab (GTileContainerCtl Class)
O16 - DPF: {DB31DA00-4F6F-4CC7-8627-C5A142E1FC7C} http://www.syncmyride.com/Own/Modules/UploadDownload/applets/sync.cab (SyncXfer Class)
O16 - DPF: {E06E2E99-0AA1-11D4-ABA6-0060082AA75C} https://attwm.webex.com/client/T25L10NSP41EP15-attwm/webex/ieatgpc.cab (GpcContainer Class)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (get_atlcom Class)
O16 - DPF: {FFB3A759-98B1-446F-BDA9-909C6EB18CC7} http://utilities.pcpitstop.com/optimize2/pcpitstop2.dll (PCPitstop Exam)
O16 - DPF: Microsoft XML Parser for Java file://C:\WINDOWS\Java\classes\xmldso.cab (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1 192.168.1.1
O18 - Protocol\Handler\ms-itss {0A9007C0-4076-11D3-8789-0000F8105754} - Reg Error: Key error. File not found
O18 - Protocol\Handler\x-owacid {0215258f-f0a8-49de-bf1b-0ff02eda8807} - C:\Program Files\Microsoft\Outlook Web Access SMIME Client\mimectl.dll (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - Winlogon\Notify\!SASWinLogon: DllName - C:\Program Files\SUPERAntiSpyware\SASWINLO.DLL - C:\Program Files\SUPERAntiSpyware\SASWINLO.DLL (SUPERAntiSpyware.com)
O20 - Winlogon\Notify\igfxcui: DllName - igfxsrvc.dll - C:\WINDOWS\System32\igfxsrvc.dll (Intel Corporation)
O24 - Desktop WallPaper: C:\Documents and Settings\Amy Meechan\Application Data\Microsoft\Internet Explorer\Internet Explorer Wallpaper.bmp
O24 - Desktop BackupWallPaper: C:\Documents and Settings\Amy Meechan\Application Data\Microsoft\Internet Explorer\Internet Explorer Wallpaper.bmp
O28 - HKLM ShellExecuteHooks: {5AE067D3-9AFB-48E0-853A-EBB7F4A000DA} - C:\Program Files\SUPERAntiSpyware\SASSEH.DLL (SuperAdBlocker.com)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2002/09/03 06:59:58 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O33 - MountPoints2\{bedb8324-b6a0-11dd-a3de-000d566a6d37}\Shell - "" = AutoRun
O33 - MountPoints2\{bedb8324-b6a0-11dd-a3de-000d566a6d37}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{bedb8324-b6a0-11dd-a3de-000d566a6d37}\Shell\AutoRun\command - "" = C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL FileConverter.exe
O33 - MountPoints2\{bedb8324-b6a0-11dd-a3de-000d566a6d37}\Shell\setup\command - "" = F:\FileConverter.exe
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

========== Files/Folders - Created Within 30 Days ==========

[2011/06/06 11:05:17 | 000,580,096 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Amy Meechan\Desktop\OTL.exe
[2011/06/06 07:44:17 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\McAfee
[2011/06/02 12:59:42 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Amy Meechan\My Documents\2008 IRS
[2011/05/30 23:10:18 | 000,606,738 | R--- | C] (Swearware) -- C:\Documents and Settings\Amy Meechan\Desktop\dds.scr
[2011/05/27 23:37:10 | 000,116,224 | ---- | C] (Xerox) -- C:\WINDOWS\System32\dllcache\xrxwiadr.dll
[2011/05/27 23:37:09 | 000,023,040 | ---- | C] (Xerox Corporation) -- C:\WINDOWS\System32\dllcache\xrxwbtmp.dll
[2011/05/27 23:37:06 | 000,004,608 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\xrxflnch.exe
[2011/05/27 23:37:02 | 000,099,865 | ---- | C] (Eicon Technology) -- C:\WINDOWS\System32\dllcache\xlog.exe
[2011/05/27 23:37:01 | 000,016,970 | ---- | C] (US Robotics MCD (Megahertz)) -- C:\WINDOWS\System32\dllcache\xem336n5.sys
[2011/05/27 23:36:52 | 000,008,192 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\wshirda.dll
[2011/05/27 23:36:22 | 000,008,832 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\wmiacpi.sys
[2011/05/27 23:36:17 | 000,154,624 | ---- | C] (Lucent Technologies) -- C:\WINDOWS\System32\dllcache\wlluc48.sys
[2011/05/27 23:36:16 | 000,034,890 | ---- | C] (Raytheon Corp.) -- C:\WINDOWS\System32\dllcache\wlandrv2.sys
[2011/05/27 23:36:08 | 000,771,581 | ---- | C] (Rockwell) -- C:\WINDOWS\System32\dllcache\winacisa.sys
[2011/05/27 23:36:04 | 000,053,760 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\wiamsmud.dll
[2011/05/27 23:36:03 | 000,087,040 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\wiafbdrv.dll
[2011/05/27 23:36:01 | 000,041,600 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\weitekp9.dll
[2011/05/27 23:36:01 | 000,031,232 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\weitekp9.sys
[2011/05/27 23:35:59 | 000,701,386 | ---- | C] (3Com Corporation) -- C:\WINDOWS\System32\dllcache\wdhaalba.sys
[2011/05/27 23:35:57 | 000,031,744 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\wceusbsh.sys
[2011/05/27 23:35:56 | 000,035,871 | ---- | C] (Winbond Electronics Corp.) -- C:\WINDOWS\System32\dllcache\wbfirdma.sys
[2011/05/27 23:35:48 | 000,019,016 | ---- | C] (Winbond Electronics Corporation) -- C:\WINDOWS\System32\dllcache\w926nd.sys
[2011/05/27 23:35:48 | 000,016,925 | ---- | C] (Winbond Electronics Corporation) -- C:\WINDOWS\System32\dllcache\w940nd.sys
[2011/05/27 23:35:47 | 000,019,528 | ---- | C] (Winbond Electronics Corporation) -- C:\WINDOWS\System32\dllcache\w840nd.sys
[2011/05/27 23:35:46 | 000,048,256 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\w32.dll
[2011/05/27 23:35:45 | 000,064,605 | ---- | C] (PCtel, Inc.) -- C:\WINDOWS\System32\dllcache\vvoice.sys
[2011/05/27 23:35:43 | 000,397,502 | ---- | C] (PCtel, Inc.) -- C:\WINDOWS\System32\dllcache\vpctcom.sys
[2011/05/27 23:35:41 | 000,604,253 | ---- | C] (PCTEL, INC.) -- C:\WINDOWS\System32\dllcache\vmodem.sys
[2011/05/27 23:35:40 | 000,249,402 | ---- | C] (Xircom) -- C:\WINDOWS\System32\dllcache\vinwm.sys
[2011/05/27 23:35:39 | 000,024,576 | ---- | C] (VIA Technologies, Inc.) -- C:\WINDOWS\System32\dllcache\viairda.sys
[2011/05/27 23:35:36 | 000,053,760 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\vfwwdm32.dll
[2011/05/27 23:35:33 | 000,687,999 | ---- | C] (U.S. Robotics Corporation) -- C:\WINDOWS\System32\dllcache\usrwdxjs.sys
[2011/05/27 23:35:31 | 000,765,884 | ---- | C] (U.S. Robotics, Inc.) -- C:\WINDOWS\System32\dllcache\usrti.sys
[2011/05/27 23:35:30 | 000,113,762 | ---- | C] (U.S. Robotics Corporation) -- C:\WINDOWS\System32\dllcache\usrpda.sys
[2011/05/27 23:35:29 | 000,007,556 | ---- | C] (U.S. Robotics Corporation) -- C:\WINDOWS\System32\dllcache\usroslba.sys
[2011/05/27 23:35:27 | 000,224,802 | ---- | C] (U.S. Robotics Corporation) -- C:\WINDOWS\System32\dllcache\usr1807a.sys
[2011/05/27 23:35:26 | 000,794,399 | ---- | C] (U.S. Robotics, Inc.) -- C:\WINDOWS\System32\dllcache\usr1806v.sys
[2011/05/27 23:35:25 | 000,793,598 | ---- | C] (U.S. Robotics, Inc.) -- C:\WINDOWS\System32\dllcache\usr1806.sys
[2011/05/27 23:35:24 | 000,794,654 | ---- | C] (U.S. Robotics, Inc.) -- C:\WINDOWS\System32\dllcache\usr1801.sys
[2011/05/27 23:35:21 | 000,026,112 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\usbser.sys
[2011/05/27 23:35:19 | 000,017,152 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\usbohci.sys
[2011/05/27 23:35:17 | 000,060,032 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\usbaudio.sys
[2011/05/27 23:35:15 | 000,032,384 | ---- | C] (KLSI USA, Inc.) -- C:\WINDOWS\System32\dllcache\usb101et.sys
[2011/05/27 23:35:11 | 000,094,720 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\umaxud32.dll
[2011/05/27 23:35:10 | 000,028,160 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\umaxu40.dll
[2011/05/27 23:35:09 | 000,026,624 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\umaxu22.dll
[2011/05/27 23:35:08 | 000,069,632 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\umaxu12.dll
[2011/05/27 23:35:08 | 000,050,688 | ---- | C] (UMAX DATA SYSTEMS INC.) -- C:\WINDOWS\System32\dllcache\umaxscan.dll
[2011/05/27 23:35:07 | 000,022,912 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\umaxpcls.sys
[2011/05/27 23:35:06 | 000,050,176 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\umaxp60.dll
[2011/05/27 23:35:05 | 000,047,616 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\umaxcam.dll
[2011/05/27 23:35:04 | 000,211,968 | ---- | C] (UMAX Data Systems Inc.) -- C:\WINDOWS\System32\dllcache\um54scan.dll
[2011/05/27 23:35:03 | 000,216,064 | ---- | C] (UMAX Data Systems Inc.) -- C:\WINDOWS\System32\dllcache\um34scan.dll
[2011/05/27 23:35:01 | 000,011,520 | ---- | C] (IBM Corporation) -- C:\WINDOWS\System32\dllcache\twotrack.sys
[2011/05/27 23:35:00 | 000,014,336 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\tsprof.exe
[2011/05/27 23:34:56 | 000,166,784 | ---- | C] (Trident Microsystems Inc.) -- C:\WINDOWS\System32\dllcache\tridxpm.sys
[2011/05/27 23:34:55 | 000,525,568 | ---- | C] (Trident Microsystems Inc.) -- C:\WINDOWS\System32\dllcache\tridxp.dll
[2011/05/27 23:34:54 | 000,159,232 | ---- | C] (Trident Microsystems Inc.) -- C:\WINDOWS\System32\dllcache\tridkbm.sys
[2011/05/27 23:34:53 | 000,440,576 | ---- | C] (Trident Microsystems Inc.) -- C:\WINDOWS\System32\dllcache\tridkb.dll
[2011/05/27 23:34:52 | 000,222,336 | ---- | C] (Trident Microsystems Inc.) -- C:\WINDOWS\System32\dllcache\trid3dm.sys
[2011/05/27 23:34:51 | 000,315,520 | ---- | C] (Trident Microsystems Inc.) -- C:\WINDOWS\System32\dllcache\trid3d.dll
[2011/05/27 23:34:50 | 000,034,375 | ---- | C] (Intel Corporation) -- C:\WINDOWS\System32\dllcache\tpro4.sys
[2011/05/27 23:34:49 | 000,042,496 | ---- | C] (IBM Corporation) -- C:\WINDOWS\System32\dllcache\tp4res.dll
[2011/05/27 23:34:48 | 000,082,944 | ---- | C] (IBM Corporation) -- C:\WINDOWS\System32\dllcache\tp4mon.exe
[2011/05/27 23:34:47 | 000,031,744 | ---- | C] (IBM Corporation) -- C:\WINDOWS\System32\dllcache\tp4.dll
[2011/05/27 23:34:45 | 000,230,912 | ---- | C] (Toshiba Corporation) -- C:\WINDOWS\System32\dllcache\tosdvd03.sys
[2011/05/27 23:34:44 | 000,241,664 | ---- | C] (Toshiba Corporation) -- C:\WINDOWS\System32\dllcache\tosdvd02.sys
[2011/05/27 23:34:43 | 000,028,232 | ---- | C] (TOSHIBA Corporation) -- C:\WINDOWS\System32\dllcache\tos4mo.sys
[2011/05/27 23:34:42 | 000,123,995 | ---- | C] (Tiger Jet Network) -- C:\WINDOWS\System32\dllcache\tjisdn.sys
[2011/05/27 23:34:40 | 000,185,344 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\thawbrkr.dll
[2011/05/27 23:34:39 | 000,138,528 | ---- | C] (Trident Microsystems Inc.) -- C:\WINDOWS\System32\dllcache\tgiulnt5.sys
[2011/05/27 23:34:38 | 000,081,408 | ---- | C] (Trident Microsystems Inc.) -- C:\WINDOWS\System32\dllcache\tgiul50.dll
[2011/05/27 23:34:36 | 000,149,376 | ---- | C] (M-Systems) -- C:\WINDOWS\System32\dllcache\tffsport.sys
[2011/05/27 23:34:34 | 000,019,464 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\tdspx.sys
[2011/05/27 23:34:33 | 000,037,961 | ---- | C] (TDK Corporation) -- C:\WINDOWS\System32\dllcache\tdk100b.sys
[2011/05/27 23:34:33 | 000,017,129 | ---- | C] (TDK Corporation) -- C:\WINDOWS\System32\dllcache\tdkcd31.sys
[2011/05/27 23:34:32 | 000,021,896 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\tdipx.sys
[2011/05/27 23:34:31 | 000,013,192 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\tdasync.sys
[2011/05/27 23:34:29 | 000,030,464 | ---- | C] (Toshiba Corporation) -- C:\WINDOWS\System32\dllcache\tbatm155.sys
[2011/05/27 23:34:26 | 000,036,640 | ---- | C] (Number Nine Visual Technology Corp.) -- C:\WINDOWS\System32\dllcache\t2r4mini.sys
[2011/05/27 23:34:26 | 000,007,040 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\tandqic.sys
[2011/05/27 23:34:25 | 000,172,768 | ---- | C] (Number Nine Visual Technology) -- C:\WINDOWS\System32\dllcache\t2r4disp.dll
[2011/05/27 23:34:19 | 000,094,293 | ---- | C] (Perle Systems Ltd. ) -- C:\WINDOWS\System32\dllcache\sxports.dll
[2011/05/27 23:34:18 | 000,103,936 | ---- | C] (Perle Systems Ltd. ) -- C:\WINDOWS\System32\dllcache\sx.sys
[2011/05/27 23:34:17 | 000,003,968 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\swusbflt.sys
[2011/05/27 23:34:16 | 000,010,240 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\swpidflt.dll
[2011/05/27 23:34:15 | 000,010,240 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\swpdflt2.dll
[2011/05/27 23:34:14 | 000,053,760 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\sw_wheel.dll
[2011/05/27 23:34:13 | 000,041,472 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\sw_effct.dll
[2011/05/27 23:34:10 | 000,155,648 | ---- | C] (Stallion Technologies) -- C:\WINDOWS\System32\dllcache\stlnprop.dll
[2011/05/27 23:34:10 | 000,053,248 | ---- | C] (Stallion Technologies) -- C:\WINDOWS\System32\dllcache\stlncoin.dll
[2011/05/27 23:34:09 | 000,285,760 | ---- | C] (Stallion Technologies) -- C:\WINDOWS\System32\dllcache\stlnata.sys
[2011/05/27 23:34:07 | 000,016,896 | ---- | C] (SCM Microsystems, Inc.) -- C:\WINDOWS\System32\dllcache\stcusb.sys
[2011/05/27 23:34:04 | 000,048,736 | ---- | C] (3Com) -- C:\WINDOWS\System32\dllcache\srwlnd5.sys
[2011/05/27 23:34:02 | 000,099,328 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\srusd.dll
[2011/05/27 23:34:01 | 000,101,376 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\srusbusd.dll
[2011/05/27 23:33:58 | 000,024,660 | ---- | C] (Perle Systems Ltd.) -- C:\WINDOWS\System32\dllcache\spxupchk.dll
[2011/05/27 23:33:54 | 000,061,824 | ---- | C] (Perle Systems Ltd.) -- C:\WINDOWS\System32\dllcache\speed.sys
[2011/05/27 23:33:53 | 000,106,584 | ---- | C] (Perle Systems Ltd.) -- C:\WINDOWS\System32\dllcache\spdports.dll
[2011/05/27 23:33:51 | 000,007,552 | ---- | C] (Sony Corporation) -- C:\WINDOWS\System32\dllcache\sonypvu1.sys
[2011/05/27 23:33:50 | 000,114,688 | ---- | C] (Sony Corporation) -- C:\WINDOWS\System32\dllcache\sonypi.dll
[2011/05/27 23:33:50 | 000,037,040 | ---- | C] (Sony Corporation) -- C:\WINDOWS\System32\dllcache\sonypi.sys
[2011/05/27 23:33:49 | 000,020,752 | ---- | C] (Sony Corporation) -- C:\WINDOWS\System32\dllcache\sonync.sys
[2011/05/27 23:33:48 | 000,009,600 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\sonymc.sys
[2011/05/27 23:33:46 | 000,007,552 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\sonyait.sys
[2011/05/27 23:33:45 | 000,007,040 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\snyaitmc.sys
[2011/05/27 23:33:44 | 000,007,168 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\EXCH_snprfdll.dll
[2011/05/27 23:33:43 | 000,010,240 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\snmpstup.dll
[2011/05/27 23:33:38 | 000,012,288 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\EXCH_smtpctrs.dll
[2011/05/27 23:33:37 | 000,005,632 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\smimsgif.dll
[2011/05/27 23:33:36 | 000,058,368 | ---- | C] (Silicon Motion Inc.) -- C:\WINDOWS\System32\dllcache\smiminib.sys
[2011/05/27 23:33:35 | 000,015,872 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\smierrsm.dll
[2011/05/27 23:33:35 | 000,005,632 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\smierrsy.dll
[2011/05/27 23:33:34 | 000,147,200 | ---- | C] (Silicon Motion Inc.) -- C:\WINDOWS\System32\dllcache\smidispb.dll
[2011/05/27 23:33:33 | 000,025,034 | ---- | C] (SMC Networks, Inc.) -- C:\WINDOWS\System32\dllcache\smcpwr2n.sys
[2011/05/27 23:33:31 | 000,035,913 | ---- | C] (SMC) -- C:\WINDOWS\System32\dllcache\smcirda.sys
[2011/05/27 23:33:31 | 000,024,576 | ---- | C] (SMC Networks, Inc.) -- C:\WINDOWS\System32\dllcache\smc8000n.sys
[2011/05/27 23:33:30 | 000,006,784 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\smbhc.sys
[2011/05/27 23:33:28 | 000,006,912 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\smbclass.sys
[2011/05/27 23:33:27 | 000,016,000 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\smbbatt.sys
[2011/05/27 23:33:26 | 000,045,568 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\smb3w.dll
[2011/05/27 23:33:26 | 000,031,744 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\smb6w.dll
[2011/05/27 23:33:25 | 000,033,792 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\smb0w.dll
[2011/05/27 23:33:24 | 000,031,744 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\sma3w.dll
[2011/05/27 23:33:24 | 000,028,672 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\sma0w.dll
[2011/05/27 23:33:23 | 000,038,912 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\sm9aw.dll
[2011/05/27 23:33:22 | 000,026,624 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\sm93w.dll
[2011/05/27 23:33:22 | 000,026,624 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\sm92w.dll
[2011/05/27 23:33:21 | 000,028,160 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\sm91w.dll
[2011/05/27 23:33:21 | 000,026,112 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\sm90w.dll
[2011/05/27 23:33:20 | 000,029,184 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\sm8cw.dll
[2011/05/27 23:33:20 | 000,026,112 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\sm8dw.dll
[2011/05/27 23:33:19 | 000,026,112 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\sm8aw.dll
[2011/05/27 23:33:19 | 000,026,112 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\sm89w.dll
[2011/05/27 23:33:18 | 000,030,208 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\sm87w.dll
[2011/05/27 23:33:18 | 000,030,208 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\sm81w.dll
[2011/05/27 23:33:17 | 000,025,088 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\sm59w.dll
[2011/05/27 23:33:13 | 000,063,547 | ---- | C] (Symbol Technologies) -- C:\WINDOWS\System32\dllcache\sla30nd5.sys
[2011/05/27 23:33:12 | 000,091,294 | ---- | C] (SysKonnect, a business unit of Schneider & Koch & Co. Datensysteme GmbH.) -- C:\WINDOWS\System32\dllcache\skfpwin.sys
[2011/05/27 23:33:11 | 000,094,698 | ---- | C] (SysKonnect GmbH.) -- C:\WINDOWS\System32\dllcache\sk98xwin.sys
[2011/05/27 23:33:10 | 000,157,696 | ---- | C] (Silicon Integrated Systems Corporation) -- C:\WINDOWS\System32\dllcache\sisv256.dll
[2011/05/27 23:33:09 | 000,050,432 | ---- | C] (Silicon Integrated Systems Corporation) -- C:\WINDOWS\System32\dllcache\sisv.sys
[2011/05/27 23:33:03 | 000,238,592 | ---- | C] (Silicon Integrated Systems Corporation) -- C:\WINDOWS\System32\dllcache\sisgrv.dll
[2011/05/27 23:33:03 | 000,032,768 | ---- | C] (SiS Corporation) -- C:\WINDOWS\System32\dllcache\sisnic.sys
[2011/05/27 23:33:02 | 000,104,064 | ---- | C] (Silicon Integrated Systems Corporation) -- C:\WINDOWS\System32\dllcache\sisgrp.sys
[2011/05/27 23:33:00 | 000,150,144 | ---- | C] (Silicon Integrated Systems Corporation) -- C:\WINDOWS\System32\dllcache\sis6306v.dll
[2011/05/27 23:33:00 | 000,068,608 | ---- | C] (Silicon Integrated Systems Corporation) -- C:\WINDOWS\System32\dllcache\sis6306p.sys
[2011/05/27 23:32:59 | 000,252,032 | ---- | C] (Silicon Integrated Systems Corporation) -- C:\WINDOWS\System32\dllcache\sis300iv.dll
[2011/05/27 23:32:58 | 000,101,760 | ---- | C] (Silicon Integrated Systems Corporation) -- C:\WINDOWS\System32\dllcache\sis300ip.sys
[2011/05/27 23:32:57 | 000,018,944 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\simptcp.dll
[2011/05/27 23:32:47 | 000,161,568 | ---- | C] (Micro Systemation) -- C:\WINDOWS\System32\dllcache\sgsmusb.sys
[2011/05/27 23:32:46 | 000,098,080 | ---- | C] (Trident Microsystems Inc.) -- C:\WINDOWS\System32\dllcache\sgiulnt5.sys
[2011/05/27 23:32:46 | 000,018,400 | ---- | C] (Micro Systemation) -- C:\WINDOWS\System32\dllcache\sgsmld.sys
[2011/05/27 23:32:45 | 000,386,560 | ---- | C] (Trident Microsystems Inc.) -- C:\WINDOWS\System32\dllcache\sgiul50.dll
[2011/05/27 23:32:44 | 000,036,480 | ---- | C] (Creative Technology Ltd.) -- C:\WINDOWS\System32\dllcache\sfmanm.sys
[2011/05/27 23:32:39 | 000,006,784 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\serscan.sys
[2011/05/27 23:32:38 | 000,017,664 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\sermouse.sys
[2011/05/27 23:32:37 | 000,026,112 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\EXCH_seos.dll
[2011/05/27 23:32:35 | 000,006,912 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\seaddsmc.sys
[2011/05/27 23:32:33 | 000,011,520 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\scsiscan.sys
[2011/05/27 23:32:32 | 000,057,856 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\EXCH_scripto.dll
[2011/05/27 23:32:32 | 000,011,648 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\scsiprnt.sys
[2011/05/27 23:32:30 | 000,017,280 | ---- | C] (SCM Microsystems) -- C:\WINDOWS\System32\dllcache\scr111.sys
[2011/05/27 23:32:29 | 000,016,640 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\scmstcs.sys
[2011/05/27 23:32:28 | 000,023,936 | ---- | C] (OMNIKEY AG) -- C:\WINDOWS\System32\dllcache\sccmusbm.sys
[2011/05/27 23:32:27 | 000,023,936 | ---- | C] (OMNIKEY AG) -- C:\WINDOWS\System32\dllcache\sccmn50m.sys
[2011/05/27 23:32:24 | 000,043,904 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\sbp2port.sys
[2011/05/27 23:32:23 | 000,495,616 | ---- | C] (Creative Technology Ltd.) -- C:\WINDOWS\System32\dllcache\sblfx.dll
[2011/05/27 23:32:20 | 000,075,392 | ---- | C] (S3 Graphics, Inc.) -- C:\WINDOWS\System32\dllcache\s3savmxm.sys
[2011/05/27 23:32:19 | 000,245,632 | ---- | C] (S3 Graphics, Inc.) -- C:\WINDOWS\System32\dllcache\s3savmx.dll
[2011/05/27 23:32:18 | 000,198,400 | ---- | C] (S3 Incorporated) -- C:\WINDOWS\System32\dllcache\s3sav4.dll
[2011/05/27 23:32:18 | 000,077,824 | ---- | C] (S3 Incorporated) -- C:\WINDOWS\System32\dllcache\s3sav4m.sys
[2011/05/27 23:32:17 | 000,061,504 | ---- | C] (S3 Incorporated) -- C:\WINDOWS\System32\dllcache\s3sav3dm.sys
[2011/05/27 23:32:16 | 000,179,264 | ---- | C] (S3 Incorporated) -- C:\WINDOWS\System32\dllcache\s3sav3d.dll
[2011/05/27 23:32:15 | 000,210,496 | ---- | C] (S3 Incorporated) -- C:\WINDOWS\System32\dllcache\s3mvirge.dll
[2011/05/27 23:32:14 | 000,062,496 | ---- | C] (S3 Incorporated) -- C:\WINDOWS\System32\dllcache\s3mtrio.dll
[2011/05/27 23:32:14 | 000,041,216 | ---- | C] (S3 Incorporated) -- C:\WINDOWS\System32\dllcache\s3mt3d.sys
[2011/05/27 23:32:13 | 000,182,272 | ---- | C] (S3 Incorporated) -- C:\WINDOWS\System32\dllcache\s3mt3d.dll
[2011/05/27 23:32:12 | 000,166,720 | ---- | C] (S3 Incorporated) -- C:\WINDOWS\System32\dllcache\s3m.sys
[2011/05/27 23:32:11 | 000,065,664 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\s3legacy.sys
[2011/05/27 23:32:10 | 000,082,432 | ---- | C] (Ricoh Co., Ltd.) -- C:\WINDOWS\System32\dllcache\rwia450.dll
[2011/05/27 23:32:09 | 000,079,872 | ---- | C] (Ricoh Co., Ltd.) -- C:\WINDOWS\System32\dllcache\rwia430.dll
[2011/05/27 23:32:08 | 000,079,872 | ---- | C] (Ricoh Co., Ltd.) -- C:\WINDOWS\System32\dllcache\rwia330.dll
[2011/05/27 23:32:08 | 000,079,872 | ---- | C] (Ricoh Co., Ltd.) -- C:\WINDOWS\System32\dllcache\rwia001.dll
[2011/05/27 23:32:06 | 000,029,696 | ---- | C] (Ricoh Co., Ltd.) -- C:\WINDOWS\System32\dllcache\rw450ext.dll
[2011/05/27 23:32:05 | 000,027,648 | ---- | C] (Ricoh Co., Ltd.) -- C:\WINDOWS\System32\dllcache\rw430ext.dll
[2011/05/27 23:32:01 | 000,020,992 | ---- | C] (Realtek Semiconductor Corporation) -- C:\WINDOWS\System32\dllcache\rtl8139.sys
[2011/05/27 23:32:00 | 000,019,017 | ---- | C] (Realtek Semiconductor Corporation) -- C:\WINDOWS\System32\dllcache\rtl8029.sys
[2011/05/27 23:31:59 | 000,030,720 | ---- | C] (Conexant Systems Inc.) -- C:\WINDOWS\System32\dllcache\rthwcls.sys
[2011/05/27 23:31:56 | 000,009,216 | ---- | C] (Brother Industries, Ltd.) -- C:\WINDOWS\System32\dllcache\rsmgrstr.dll
[2011/05/27 23:31:55 | 000,003,840 | ---- | C] (Conexant Systems Inc.) -- C:\WINDOWS\System32\dllcache\rpfun.sys
[2011/05/27 23:31:51 | 000,079,104 | ---- | C] (Comtrol Corporation) -- C:\WINDOWS\System32\dllcache\rocket.sys
[2011/05/27 23:31:49 | 000,037,563 | ---- | C] (RadioLAN) -- C:\WINDOWS\System32\dllcache\rlnet5.sys
[2011/05/27 23:31:48 | 000,086,097 | ---- | C] (Xircom) -- C:\WINDOWS\System32\dllcache\reslog32.dll
[2011/05/27 23:31:46 | 000,023,040 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\EXCH_regtrace.exe
[2011/05/27 23:31:44 | 000,014,848 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\register.exe
[2011/05/27 23:31:37 | 000,019,584 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\rasirda.sys
[2011/05/27 23:31:33 | 000,899,146 | ---- | C] (Xircom, Inc.) -- C:\WINDOWS\System32\dllcache\r2mdkxga.sys
[2011/05/27 23:31:33 | 000,714,762 | ---- | C] (Xircom, Inc.) -- C:\WINDOWS\System32\dllcache\r2mdmkxx.sys
[2011/05/27 23:31:31 | 000,041,472 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\qvusd.dll
[2011/05/27 23:31:30 | 000,016,384 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\quser.exe
[2011/05/27 23:31:30 | 000,003,328 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\qv2kux.sys
[2011/05/27 23:31:29 | 000,009,728 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\query.exe
[2011/05/27 23:31:24 | 000,006,016 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\qic157.sys
[2011/05/27 23:31:22 | 000,130,942 | ---- | C] (PCTEL, INC.) -- C:\WINDOWS\System32\dllcache\ptserlv.sys
[2011/05/27 23:31:21 | 000,112,574 | ---- | C] (PCTEL, INC.) -- C:\WINDOWS\System32\dllcache\ptserlp.sys
[2011/05/27 23:31:20 | 000,128,286 | ---- | C] (PCTEL, INC.) -- C:\WINDOWS\System32\dllcache\ptserli.sys
[2011/05/27 23:31:18 | 000,159,232 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\ptpusd.dll
[2011/05/27 23:31:18 | 000,005,632 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\ptpusb.dll
[2011/05/27 23:31:16 | 000,035,328 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\psisload.dll
[2011/05/27 23:31:15 | 000,016,128 | ---- | C] (SCM Microsystems, Inc.) -- C:\WINDOWS\System32\dllcache\pscr.sys
[2011/05/27 23:31:11 | 000,017,664 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\ppa3.sys
[2011/05/27 23:31:10 | 000,017,792 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\ppa.sys
[2011/05/27 23:31:09 | 000,008,832 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\powerfil.sys
[2011/05/27 23:31:07 | 000,007,168 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\pnrmc.sys
[2011/05/27 23:31:06 | 000,131,584 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\pmxviceo.dll
[2011/05/27 23:31:06 | 000,011,264 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\pmxmcro.dll
[2011/05/27 23:31:05 | 000,006,144 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\pmxgl.dll
[2011/05/27 23:31:01 | 000,121,344 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\phvfwext.dll
[2011/05/27 23:31:00 | 000,019,840 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\philtune.sys
[2011/05/27 23:30:59 | 000,092,416 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\phildec.sys
[2011/05/27 23:30:58 | 000,173,696 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\philcam2.sys
[2011/05/27 23:30:58 | 000,075,776 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\philcam1.sys
[2011/05/27 23:30:57 | 000,016,384 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\philcam1.dll
[2011/05/27 23:30:56 | 000,105,984 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\phdsext.ax
[2011/05/27 23:30:55 | 000,259,328 | ---- | C] (Microsoft Corp., 3Dlabs Inc. Ltd.) -- C:\WINDOWS\System32\dllcache\perm3dd.dll
[2011/05/27 23:30:53 | 000,028,032 | ---- | C] (Microsoft Corp., 3Dlabs Inc. Ltd.) -- C:\WINDOWS\System32\dllcache\perm3.sys
[2011/05/27 23:30:52 | 000,211,584 | ---- | C] (Microsoft Corp., 3Dlabs Inc. Ltd.) -- C:\WINDOWS\System32\dllcache\perm2dll.dll
[2011/05/27 23:30:51 | 000,027,904 | ---- | C] (Microsoft Corp., 3Dlabs Inc. Ltd.) -- C:\WINDOWS\System32\dllcache\perm2.sys
[2011/05/27 23:30:47 | 000,169,984 | ---- | C] (Cisco Systems) -- C:\WINDOWS\System32\dllcache\pcx500.sys
[2011/05/27 23:30:46 | 000,086,016 | ---- | C] (PCtel, Inc.) -- C:\WINDOWS\System32\dllcache\pctspk.exe
[2011/05/27 23:30:46 | 000,035,328 | ---- | C] (AMD Inc.) -- C:\WINDOWS\System32\dllcache\pcntpci5.sys
[2011/05/27 23:30:45 | 000,029,769 | ---- | C] (AMD Inc.) -- C:\WINDOWS\System32\dllcache\pcntn5m.sys
[2011/05/27 23:30:44 | 000,030,282 | ---- | C] (AMD Inc.) -- C:\WINDOWS\System32\dllcache\pcntn5hl.sys
[2011/05/27 23:30:43 | 000,026,153 | ---- | C] (Linksys) -- C:\WINDOWS\System32\dllcache\pcmlm56.sys
[2011/05/27 23:30:41 | 000,029,502 | ---- | C] (Marconi Communications, Inc.) -- C:\WINDOWS\System32\dllcache\pca200e.sys
[2011/05/27 23:30:40 | 000,030,495 | ---- | C] (Linksys) -- C:\WINDOWS\System32\dllcache\pc100nds.sys
[2011/05/27 23:30:36 | 000,041,984 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\ovui2rc.dll
[2011/05/27 23:30:35 | 000,044,544 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\ovui2.dll
[2011/05/27 23:30:34 | 000,025,216 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\ovsound2.sys
[2011/05/27 23:30:33 | 000,039,424 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\ovcoms.exe
[2011/05/27 23:30:32 | 000,351,616 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\ovcodek2.sys
[2011/05/27 23:30:32 | 000,020,480 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\ovcomc.dll
[2011/05/27 23:30:31 | 000,116,736 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\ovcodec2.dll
[2011/05/27 23:30:30 | 000,031,872 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\ovce.sys
[2011/05/27 23:30:29 | 000,028,032 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\ovcd.sys
[2011/05/27 23:30:28 | 000,048,000 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\ovcam2.sys
[2011/05/27 23:30:27 | 000,054,186 | ---- | C] (Ositech Communications, Inc.) -- C:\WINDOWS\System32\dllcache\otcsercb.sys
[2011/05/27 23:30:27 | 000,025,088 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\ovca.sys
[2011/05/27 23:30:26 | 000,043,689 | ---- | C] (Ositech Communications, Inc.) -- C:\WINDOWS\System32\dllcache\otceth5.sys
[2011/05/27 23:30:25 | 000,027,209 | ---- | C] (Ositech Communications, Inc.) -- C:\WINDOWS\System32\dllcache\otc06x5.sys
[2011/05/27 23:30:23 | 000,054,528 | ---- | C] (Yamaha Corp.) -- C:\WINDOWS\System32\dllcache\opl3sax.sys
[2011/05/27 23:30:18 | 000,061,696 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\ohci1394.sys
[2011/05/27 23:30:13 | 000,198,144 | ---- | C] (NVIDIA Corporation) -- C:\WINDOWS\System32\dllcache\nv3.sys
[2011/05/27 23:30:12 | 000,123,776 | ---- | C] (NVIDIA Corporation) -- C:\WINDOWS\System32\dllcache\nv3.dll
[2011/05/27 23:30:04 | 000,051,552 | ---- | C] (Kensington Technology Group) -- C:\WINDOWS\System32\dllcache\ntgrip.sys
[2011/05/27 23:30:04 | 000,038,912 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\EXCH_ntfsdrv.dll
[2011/05/27 23:30:02 | 000,009,344 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\ntapm.sys
[2011/05/27 23:30:01 | 000,007,552 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\nsmmc.sys
[2011/05/27 23:30:00 | 000,028,672 | ---- | C] (National Semiconductor Corporation) -- C:\WINDOWS\System32\dllcache\nscirda.sys
[2011/05/27 23:29:57 | 000,087,040 | ---- | C] (NeoMagic Corporation) -- C:\WINDOWS\System32\dllcache\nm6wdm.sys
[2011/05/27 23:29:56 | 000,126,080 | ---- | C] (NeoMagic Corporation) -- C:\WINDOWS\System32\dllcache\nm5a2wdm.sys
[2011/05/27 23:29:54 | 000,032,840 | ---- | C] (NETGEAR Corporation.) -- C:\WINDOWS\System32\dllcache\ngrpci.sys
[2011/05/27 23:29:52 | 000,132,695 | ---- | C] (802.11b) -- C:\WINDOWS\System32\dllcache\netwlan5.sys
[2011/05/27 23:29:48 | 000,065,278 | ---- | C] (Compaq Computer Corporation) -- C:\WINDOWS\System32\dllcache\netflx3.sys
[2011/05/27 23:29:46 | 000,039,264 | ---- | C] (NeoMagic Corporation) -- C:\WINDOWS\System32\dllcache\neo20xx.sys
[2011/05/27 23:29:45 | 000,060,480 | ---- | C] (NeoMagic Corporation) -- C:\WINDOWS\System32\dllcache\neo20xx.dll
[2011/05/27 23:29:44 | 000,015,872 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\ne2000.sys
[2011/05/27 23:29:39 | 000,091,488 | ---- | C] (Number Nine Visual Technology Corp.) -- C:\WINDOWS\System32\dllcache\n9i3disp.dll
[2011/05/27 23:29:38 | 000,027,936 | ---- | C] (Number Nine Visual Technology Corp.) -- C:\WINDOWS\System32\dllcache\n9i3d.sys
[2011/05/27 23:29:37 | 000,033,088 | ---- | C] (Number Nine Visual Technology Corp.) -- C:\WINDOWS\System32\dllcache\n9i128v2.sys
[2011/05/27 23:29:36 | 000,059,104 | ---- | C] (Number Nine Visual Technology Corp.) -- C:\WINDOWS\System32\dllcache\n9i128v2.dll
[2011/05/27 23:29:35 | 000,035,392 | ---- | C] (Number Nine Visual Technology Corp.) -- C:\WINDOWS\System32\dllcache\n9i128.dll
[2011/05/27 23:29:35 | 000,013,664 | ---- | C] (Number Nine Visual Technology Corp.) -- C:\WINDOWS\System32\dllcache\n9i128.sys
[2011/05/27 23:29:34 | 000,128,000 | ---- | C] (Compaq Computer Corporation) -- C:\WINDOWS\System32\dllcache\n100325.sys
[2011/05/27 23:29:32 | 000,052,255 | ---- | C] (Compaq Computer Corporation) -- C:\WINDOWS\System32\dllcache\n1000nt5.sys
[2011/05/27 23:29:31 | 000,075,520 | ---- | C] (Moxa Technologies Co., Ltd.) -- C:\WINDOWS\System32\dllcache\mxport.sys
[2011/05/27 23:29:30 | 000,007,168 | ---- | C] (Moxa Technologies Co., Ltd) -- C:\WINDOWS\System32\dllcache\mxport.dll
[2011/05/27 23:29:29 | 000,019,968 | ---- | C] (Moxa Technologies Co., Ltd) -- C:\WINDOWS\System32\dllcache\mxicfg.dll
[2011/05/27 23:29:29 | 000,019,968 | ---- | C] (Macronix International Co., Ltd. ) -- C:\WINDOWS\System32\dllcache\mxnic.sys
[2011/05/27 23:29:27 | 000,021,888 | ---- | C] (Moxa Technologies Co., Ltd.) -- C:\WINDOWS\System32\dllcache\mxcard.sys
[2011/05/27 23:29:25 | 000,103,296 | ---- | C] (Matrox Graphics Inc) -- C:\WINDOWS\System32\dllcache\mtxvideo.sys
[2011/05/27 23:29:09 | 000,049,024 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\mstape.sys
[2011/05/27 23:29:05 | 000,012,416 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\msriffwv.sys
[2011/05/27 23:28:57 | 000,002,944 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\msmpu401.sys
[2011/05/27 23:28:55 | 000,022,016 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\msircomm.sys
[2011/05/27 23:28:44 | 000,035,200 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\msgame.sys
[2011/05/27 23:28:43 | 000,006,016 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\msfsio.sys
[2011/05/27 23:28:27 | 000,012,160 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\mouhid.sys
[2011/05/27 23:28:21 | 000,006,528 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\miniqic.sys
[2011/05/27 23:28:18 | 000,034,304 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\migisol.exe
[2011/05/27 23:28:17 | 000,320,384 | ---- | C] (Matrox Graphics Inc.) -- C:\WINDOWS\System32\dllcache\mgaum.sys
[2011/05/27 23:28:16 | 000,235,648 | ---- | C] (Matrox Graphics Inc.) -- C:\WINDOWS\System32\dllcache\mgaud.dll
[2011/05/27 23:28:15 | 000,092,416 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\mga.sys
[2011/05/27 23:28:15 | 000,092,032 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\mga.dll
[2011/05/27 23:28:14 | 000,026,112 | ---- | C] (Sony Corporation) -- C:\WINDOWS\System32\dllcache\memstpci.sys
[2011/05/27 23:28:13 | 000,047,616 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\memgrp.dll
[2011/05/27 23:28:12 | 000,008,320 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\memcard.sys
[2011/05/27 23:28:10 | 000,164,586 | ---- | C] (Madge Networks Ltd) -- C:\WINDOWS\System32\dllcache\mdgndis5.sys
[2011/05/27 23:28:07 | 000,007,424 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\mammoth.sys
[2011/05/27 23:28:06 | 000,065,536 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\EXCH_mailmsg.dll
[2011/05/27 23:28:05 | 000,048,768 | ---- | C] (ESS Technology, Inc.) -- C:\WINDOWS\System32\dllcache\maestro.sys
[2011/05/27 23:28:04 | 000,058,880 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\m3092dc.dll
[2011/05/27 23:28:03 | 000,058,368 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\m3091dc.dll
[2011/05/27 23:28:02 | 000,022,848 | ---- | C] (Logitech Inc.) -- C:\WINDOWS\System32\dllcache\lwusbhid.sys
[2011/05/27 23:28:01 | 000,020,864 | ---- | C] (Logitech Inc.) -- C:\WINDOWS\System32\dllcache\lwadihid.sys
[2011/05/27 23:27:59 | 000,797,500 | ---- | C] (LT) -- C:\WINDOWS\System32\dllcache\ltsmt.sys
[2011/05/27 23:27:58 | 000,802,683 | ---- | C] (Lucent Technologies) -- C:\WINDOWS\System32\dllcache\ltsm.sys
[2011/05/27 23:27:57 | 000,420,992 | ---- | C] (LT) -- C:\WINDOWS\System32\dllcache\ltmdmntt.sys
[2011/05/27 23:27:57 | 000,007,040 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\ltotape.sys
[2011/05/27 23:27:56 | 000,576,746 | ---- | C] (LT) -- C:\WINDOWS\System32\dllcache\ltmdmntl.sys
[2011/05/27 23:27:55 | 000,606,684 | ---- | C] (LT) -- C:\WINDOWS\System32\dllcache\ltmdmnt.sys
[2011/05/27 23:27:54 | 000,727,786 | ---- | C] (Xircom, Inc.) -- C:\WINDOWS\System32\dllcache\ltck000c.sys
[2011/05/27 23:27:51 | 000,004,992 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\loop.sys
[2011/05/27 23:27:47 | 000,070,730 | ---- | C] (Linksys Group, Inc.) -- C:\WINDOWS\System32\dllcache\lne100tx.sys
[2011/05/27 23:27:47 | 000,020,573 | ---- | C] (The Linksts Group ) -- C:\WINDOWS\System32\dllcache\lne100.sys
[2011/05/27 23:27:45 | 000,025,065 | ---- | C] (D-Link) -- C:\WINDOWS\System32\dllcache\lmndis3.sys
[2011/05/27 23:27:44 | 000,015,744 | ---- | C] (Litronic Industries) -- C:\WINDOWS\System32\dllcache\lit220p.sys
[2011/05/27 23:27:42 | 000,034,688 | ---- | C] (Toshiba Corp.) -- C:\WINDOWS\System32\dllcache\lbrtfdc.sys
[2011/05/27 23:27:41 | 000,026,442 | ---- | C] (SMSC) -- C:\WINDOWS\System32\dllcache\lanepic5.sys
[2011/05/27 23:27:39 | 000,019,016 | ---- | C] (Kingston Technology Company ) -- C:\WINDOWS\System32\dllcache\ktc111.sys
[2011/05/27 23:27:37 | 000,037,376 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kousd.dll
[2011/05/27 23:27:32 | 000,253,952 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kdsusd.dll
[2011/05/27 23:27:31 | 000,048,640 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kdsui.dll
[2011/05/27 23:27:28 | 000,005,632 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kbdusa.dll
[2011/05/27 23:27:10 | 000,014,592 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kbdhid.sys
[2011/05/27 23:26:54 | 000,018,432 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\jupiw.dll
[2011/05/27 23:26:51 | 000,026,624 | ---- | C] (SigmaTel, Inc.) -- C:\WINDOWS\System32\dllcache\irstusb.sys
[2011/05/27 23:26:50 | 000,018,688 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\irsir.sys
[2011/05/27 23:26:49 | 000,028,160 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\irmon.dll
[2011/05/27 23:26:49 | 000,023,552 | ---- | C] (MKNet Corporation) -- C:\WINDOWS\System32\dllcache\irmk7.sys
[2011/05/27 23:26:48 | 000,151,552 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\irftp.exe
[2011/05/27 23:26:47 | 000,088,192 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\irda.sys
[2011/05/27 23:26:41 | 000,045,632 | ---- | C] (Interphase ® Corporation a Windows ® 2000 DDK Driver Provider) -- C:\WINDOWS\System32\dllcache\ip5515.sys
[2011/05/27 23:26:40 | 000,090,200 | ---- | C] (Perle Systems Ltd. ) -- C:\WINDOWS\System32\dllcache\io8ports.dll
[2011/05/27 23:26:39 | 000,038,784 | ---- | C] (Perle Systems Ltd. ) -- C:\WINDOWS\System32\dllcache\io8.sys
[2011/05/27 23:26:38 | 000,013,056 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\inport.sys
[2011/05/27 23:26:16 | 000,372,824 | ---- | C] (Xircom) -- C:\WINDOWS\System32\dllcache\iconf32.dll
[2011/05/27 23:26:14 | 000,100,992 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\icam5usb.sys
[2011/05/27 23:26:13 | 000,020,480 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\icam5ext.dll
[2011/05/27 23:26:12 | 000,154,496 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\icam4usb.sys
[2011/05/27 23:26:12 | 000,045,056 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\icam5com.dll
[2011/05/27 23:26:11 | 000,061,952 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\icam4ext.dll
[2011/05/27 23:26:10 | 000,091,136 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\icam4com.dll
[2011/05/27 23:26:09 | 000,026,624 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\icam3ext.dll
[2011/05/27 23:26:08 | 000,141,056 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\icam3.sys
[2011/05/27 23:26:07 | 000,038,528 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\ibmvcap.sys
[2011/05/27 23:26:06 | 000,109,085 | ---- | C] (IBM Corporation) -- C:\WINDOWS\System32\dllcache\ibmtrp.sys
[2011/05/27 23:26:05 | 000,100,936 | ---- | C] (IBM Corporation) -- C:\WINDOWS\System32\dllcache\ibmtok.sys
[2011/05/27 23:26:04 | 000,028,700 | ---- | C] (IBM Corp.) -- C:\WINDOWS\System32\dllcache\ibmexmp.sys
[2011/05/27 23:26:04 | 000,009,216 | ---- | C] (IBM Corporation) -- C:\WINDOWS\System32\dllcache\ibmsgnet.dll
[2011/05/27 23:26:00 | 000,058,592 | ---- | C] (Intel Corporation) -- C:\WINDOWS\System32\dllcache\i740nt5.sys
[2011/05/27 23:25:59 | 000,353,184 | ---- | C] (Intel Corporation) -- C:\WINDOWS\System32\dllcache\i740dnt5.dll
[2011/05/27 23:25:45 | 000,488,383 | ---- | C] (Conexant) -- C:\WINDOWS\System32\dllcache\hsf_v124.sys
[2011/05/27 23:25:44 | 000,050,751 | ---- | C] (Conexant) -- C:\WINDOWS\System32\dllcache\hsf_tone.sys
[2011/05/27 23:25:43 | 000,073,279 | ---- | C] (Conexant) -- C:\WINDOWS\System32\dllcache\hsf_spkp.sys
[2011/05/27 23:25:42 | 000,044,863 | ---- | C] (Conexant) -- C:\WINDOWS\System32\dllcache\hsf_soar.sys
[2011/05/27 23:25:41 | 000,057,471 | ---- | C] (Conexant) -- C:\WINDOWS\System32\dllcache\hsf_samp.sys
[2011/05/27 23:25:40 | 000,542,879 | ---- | C] (Conexant) -- C:\WINDOWS\System32\dllcache\hsf_msft.sys
[2011/05/27 23:25:40 | 000,391,199 | ---- | C] (Conexant) -- C:\WINDOWS\System32\dllcache\hsf_k56k.sys
[2011/05/27 23:25:39 | 000,009,759 | ---- | C] (Conexant) -- C:\WINDOWS\System32\dllcache\hsf_inst.dll
[2011/05/27 23:25:38 | 000,115,807 | ---- | C] (Conexant) -- C:\WINDOWS\System32\dllcache\hsf_fsks.sys
[2011/05/27 23:25:37 | 000,199,711 | ---- | C] (Conexant) -- C:\WINDOWS\System32\dllcache\hsf_faxx.sys
[2011/05/27 23:25:36 | 000,289,887 | ---- | C] (Conexant) -- C:\WINDOWS\System32\dllcache\hsf_fall.sys
[2011/05/27 23:25:36 | 000,067,167 | ---- | C] (Conexant) -- C:\WINDOWS\System32\dllcache\hsf_bsc2.sys
[2011/05/27 23:25:35 | 000,150,239 | ---- | C] (Conexant) -- C:\WINDOWS\System32\dllcache\hsf_amos.sys
[2011/05/27 23:25:33 | 000,019,456 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\hr1w.dll
[2011/05/27 23:25:33 | 000,005,760 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\hpt4qic.sys
[2011/05/27 23:25:32 | 000,013,312 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\hpsjmcro.dll
[2011/05/27 23:25:31 | 000,324,608 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\hpojwia.dll
[2011/05/27 23:25:30 | 000,032,768 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\hpgtmcro.dll
[2011/05/27 23:25:29 | 000,068,608 | ---- | C] (Avisioin) -- C:\WINDOWS\System32\dllcache\hpgt53tk.dll
[2011/05/27 23:25:27 | 000,031,232 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\hpgt42tk.dll
[2011/05/27 23:25:26 | 000,126,976 | ---- | C] (Hewlett Packard) -- C:\WINDOWS\System32\dllcache\hpgt34tk.dll
[2011/05/27 23:25:24 | 000,048,128 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\hpgt33tk.dll
[2011/05/27 23:25:22 | 000,123,392 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\hpgt21tk.dll
[2011/05/27 23:25:21 | 000,119,296 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\hpdigwia.dll
[2011/05/27 23:25:17 | 000,021,504 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\hidserv.dll
[2011/05/27 23:25:17 | 000,002,688 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\hidswvd.sys
[2011/05/27 23:25:15 | 000,008,576 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\hidgame.sys
[2011/05/27 23:25:14 | 000,020,352 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\hidbatt.sys
[2011/05/27 23:25:11 | 000,907,456 | ---- | C] (Conexant) -- C:\WINDOWS\System32\dllcache\hcf_msft.sys
[2011/05/27 23:25:08 | 000,028,288 | ---- | C] (Gemplus) -- C:\WINDOWS\System32\dllcache\grserial.sys
[2011/05/27 23:25:07 | 000,082,304 | ---- | C] (Gemplus) -- C:\WINDOWS\System32\dllcache\grclass.sys
[2011/05/27 23:25:06 | 000,017,408 | ---- | C] (Gemplus) -- C:\WINDOWS\System32\dllcache\gpr400.sys
[2011/05/27 23:25:03 | 000,059,136 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\gckernel.sys
[2011/05/27 23:25:02 | 000,010,624 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\gameenum.sys
[2011/05/27 23:25:01 | 000,322,432 | ---- | C] (Matrox Graphics Inc.) -- C:\WINDOWS\System32\dllcache\g400m.sys
[2011/05/27 23:25:00 | 001,733,120 | ---- | C] (Matrox Graphics Inc.) -- C:\WINDOWS\System32\dllcache\g400d.dll
[2011/05/27 23:24:59 | 000,320,384 | ---- | C] (Matrox Graphics Inc.) -- C:\WINDOWS\System32\dllcache\g200m.sys
[2011/05/27 23:24:58 | 000,470,144 | ---- | C] (Matrox Graphics Inc.) -- C:\WINDOWS\System32\dllcache\g200d.dll
[2011/05/27 23:24:57 | 000,454,912 | ---- | C] (AVM GmbH) -- C:\WINDOWS\System32\dllcache\fxusbase.sys
[2011/05/27 23:24:52 | 000,092,160 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\fuusd.dll
[2011/05/27 23:24:51 | 000,455,296 | ---- | C] (AVM GmbH) -- C:\WINDOWS\System32\dllcache\fusbbase.sys
[2011/05/27 23:24:50 | 000,455,680 | ---- | C] (AVM GmbH) -- C:\WINDOWS\System32\dllcache\fus2base.sys
[2011/05/27 23:24:49 | 000,006,144 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\ftlx041e.dll
[2011/05/27 23:24:46 | 000,442,240 | ---- | C] (AVM GmbH) -- C:\WINDOWS\System32\dllcache\fpnpbase.sys
[2011/05/27 23:24:45 | 000,444,416 | ---- | C] (AVM GmbH) -- C:\WINDOWS\System32\dllcache\fpcibase.sys
[2011/05/27 23:24:45 | 000,441,728 | ---- | C] (AVM GmbH) -- C:\WINDOWS\System32\dllcache\fpcmbase.sys
[2011/05/27 23:24:42 | 000,034,173 | ---- | C] (Marconi Communications, Inc.) -- C:\WINDOWS\System32\dllcache\forehe.sys
[2011/05/27 23:24:41 | 000,071,680 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\fnfilter.dll
[2011/05/27 23:24:39 | 000,014,848 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\flattemp.exe
[2011/05/27 23:24:37 | 000,027,165 | ---- | C] (VIA Technologies, Inc. ) -- C:\WINDOWS\System32\dllcache\fetnd5.sys
[2011/05/27 23:24:34 | 000,022,090 | ---- | C] (3Com Corporation) -- C:\WINDOWS\System32\dllcache\fem556n5.sys
[2011/05/27 23:24:33 | 000,043,520 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\EXCH_fcachdll.dll
[2011/05/27 23:24:32 | 000,024,618 | ---- | C] (NETGEAR) -- C:\WINDOWS\System32\dllcache\fa410nd5.sys
[2011/05/27 23:24:31 | 000,016,074 | ---- | C] (NETGEAR Corp.) -- C:\WINDOWS\System32\dllcache\fa312nd5.sys
[2011/05/27 23:24:30 | 000,011,850 | ---- | C] (FUJITSU LIMITED) -- C:\WINDOWS\System32\dllcache\f3ab18xj.sys
[2011/05/27 23:24:29 | 000,012,362 | ---- | C] (FUJITSU LIMITED) -- C:\WINDOWS\System32\dllcache\f3ab18xi.sys
[2011/05/27 23:24:27 | 000,007,040 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\exabyte2.sys
[2011/05/27 23:24:26 | 000,016,998 | ---- | C] (Intel Corporation) -- C:\WINDOWS\System32\dllcache\ex10.sys
[2011/05/27 23:24:23 | 000,045,056 | ---- | C] (SEIKO EPSON CORP.) -- C:\WINDOWS\System32\dllcache\esunid.dll
[2011/05/27 23:24:23 | 000,025,856 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\et4000.sys
[2011/05/27 23:24:22 | 000,045,568 | ---- | C] (SEIKO EPSON CORP.) -- C:\WINDOWS\System32\dllcache\esunib.dll
[2011/05/27 23:24:21 | 000,057,856 | ---- | C] (SEIKO EPSON CORP.) -- C:\WINDOWS\System32\dllcache\esuimgd.dll
[2011/05/27 23:24:21 | 000,045,568 | ---- | C] (SEIKO EPSON CORP.) -- C:\WINDOWS\System32\dllcache\esuni.dll
[2011/05/27 23:24:20 | 000,034,816 | ---- | C] (SEIKO EPSON CORP.) -- C:\WINDOWS\System32\dllcache\esuimg.dll
[2011/05/27 23:24:20 | 000,031,744 | ---- | C] (SEIKO EPSON CORP.) -- C:\WINDOWS\System32\dllcache\esucmd.dll
[2011/05/27 23:24:19 | 000,043,008 | ---- | C] (SEIKO EPSON CORP.) -- C:\WINDOWS\System32\dllcache\esucm.dll
[2011/05/27 23:24:18 | 000,137,088 | ---- | C] (ESS Technology, Inc.) -- C:\WINDOWS\System32\dllcache\essm2e.sys
[2011/05/27 23:24:17 | 000,063,360 | ---- | C] (ESS Technology, Inc.) -- C:\WINDOWS\System32\dllcache\ess.sys
[2011/05/27 23:24:15 | 000,347,550 | ---- | C] (ESS Technology, Inc.) -- C:\WINDOWS\System32\dllcache\es56tpi.sys
[2011/05/27 23:24:14 | 000,594,238 | ---- | C] (ESS Technology, Inc.) -- C:\WINDOWS\System32\dllcache\es56hpi.sys
[2011/05/27 23:24:13 | 000,595,647 | ---- | C] (ESS Technology, Inc.) -- C:\WINDOWS\System32\dllcache\es56cvmp.sys
[2011/05/27 23:24:12 | 000,174,464 | ---- | C] (ESS Technology, Inc.) -- C:\WINDOWS\System32\dllcache\es198x.sys
[2011/05/27 23:24:12 | 000,072,192 | ---- | C] (ESS Technology Inc.) -- C:\WINDOWS\System32\dllcache\es1969.sys
[2011/05/27 23:24:11 | 000,040,704 | ---- | C] (Creative Technology Ltd.) -- C:\WINDOWS\System32\dllcache\es1371mp.sys
[2011/05/27 23:24:10 | 000,037,120 | ---- | C] (Creative Technology Ltd.) -- C:\WINDOWS\System32\dllcache\es1370mp.sys
[2011/05/27 23:24:09 | 000,061,952 | ---- | C] (Equinox Systems Inc.) -- C:\WINDOWS\System32\dllcache\eqnloop.exe
[2011/05/27 23:24:08 | 000,051,200 | ---- | C] (Equinox Systems Inc.) -- C:\WINDOWS\System32\dllcache\eqnlogr.exe
[2011/05/27 23:24:07 | 000,053,248 | ---- | C] (Equinox Systems Inc.) -- C:\WINDOWS\System32\dllcache\eqndiag.exe
[2011/05/27 23:24:06 | 000,629,952 | ---- | C] (Equinox Systems Inc.) -- C:\WINDOWS\System32\dllcache\eqn.sys
[2011/05/27 23:24:04 | 000,114,944 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\epstw2k.sys
[2011/05/27 23:24:04 | 000,018,503 | ---- | C] (Intel Corporation) -- C:\WINDOWS\System32\dllcache\epro4.sys
[2011/05/27 23:24:03 | 000,144,896 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\epcfw2k.sys
[2011/05/27 23:24:02 | 000,006,400 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\enum1394.sys
[2011/05/27 23:24:01 | 000,283,904 | ---- | C] (Creative Technology Ltd.) -- C:\WINDOWS\System32\dllcache\emu10k1m.sys
[2011/05/27 23:23:58 | 000,019,996 | ---- | C] (3Com Corporation) -- C:\WINDOWS\System32\dllcache\em556n4.sys
[2011/05/27 23:23:57 | 000,025,159 | ---- | C] (3Com Corporation) -- C:\WINDOWS\System32\dllcache\elnk3.sys
[2011/05/27 23:23:56 | 000,171,520 | ---- | C] (3Com Corporation) -- C:\WINDOWS\System32\dllcache\el99xn51.sys
[2011/05/27 23:23:56 | 000,007,296 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\elmsmc.sys
[2011/05/27 23:23:55 | 000,070,174 | ---- | C] (3Com Corporation) -- C:\WINDOWS\System32\dllcache\el98xn5.sys
[2011/05/27 23:23:54 | 000,455,199 | ---- | C] (3Com Corporation.) -- C:\WINDOWS\System32\dllcache\el985n51.sys
[2011/05/27 23:23:53 | 000,153,631 | ---- | C] (3Com Corporation) -- C:\WINDOWS\System32\dllcache\el90xnd5.sys
[2011/05/27 23:23:52 | 000,241,206 | ---- | C] (3Com Corporation) -- C:\WINDOWS\System32\dllcache\el656se5.sys
[2011/05/27 23:23:51 | 000,077,386 | ---- | C] (3Com Corporation) -- C:\WINDOWS\System32\dllcache\el656nd5.sys
[2011/05/27 23:23:50 | 000,634,134 | ---- | C] (3Com Corporation) -- C:\WINDOWS\System32\dllcache\el656ct5.sys
[2011/05/27 23:23:49 | 000,069,194 | ---- | C] (3Com Corporation) -- C:\WINDOWS\System32\dllcache\el656cd5.sys
[2011/05/27 23:23:49 | 000,026,141 | ---- | C] (3Com Corporation) -- C:\WINDOWS\System32\dllcache\el589nd5.sys
[2011/05/27 23:23:48 | 000,069,692 | ---- | C] (3Com Corporation) -- C:\WINDOWS\System32\dllcache\el575nd5.sys
[2011/05/27 23:23:47 | 000,024,653 | ---- | C] (3Com Corporation) -- C:\WINDOWS\System32\dllcache\el574nd4.sys
[2011/05/27 23:23:46 | 000,055,999 | ---- | C] (3Com Corporation) -- C:\WINDOWS\System32\dllcache\el556nd5.sys
[2011/05/27 23:23:45 | 000,044,103 | ---- | C] (3Com Corporation) -- C:\WINDOWS\System32\dllcache\el515.sys
[2011/05/27 23:23:44 | 000,514,587 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\edb500.dll
[2011/05/27 23:23:42 | 000,019,594 | ---- | C] (Intel Corporation) -- C:\WINDOWS\System32\dllcache\e100isa4.sys
[2011/05/27 23:23:41 | 000,117,760 | ---- | C] (Intel Corporation) -- C:\WINDOWS\System32\dllcache\e100b325.sys
[2011/05/27 23:23:40 | 000,050,719 | ---- | C] (Intel Corporation) -- C:\WINDOWS\System32\dllcache\e1000nt5.sys
[2011/05/27 23:23:33 | 000,020,992 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\dshowext.ax
[2011/05/27 23:23:32 | 000,334,208 | ---- | C] (Yamaha Corp.) -- C:\WINDOWS\System32\dllcache\ds1wdm.sys
[2011/05/27 23:23:26 | 000,028,062 | ---- | C] (National Semiconductor Coproration) -- C:\WINDOWS\System32\dllcache\dp83820.sys
[2011/05/27 23:23:25 | 000,023,808 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\dot4usb.sys
[2011/05/27 23:23:25 | 000,008,704 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\dot4scan.sys
[2011/05/27 23:23:24 | 000,012,928 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\dot4prt.sys
[2011/05/27 23:23:23 | 000,206,976 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\dot4.sys
[2011/05/27 23:23:16 | 000,029,696 | ---- | C] (CNet Technology, Inc. ) -- C:\WINDOWS\System32\dllcache\dm9pci5.sys
[2011/05/27 23:23:15 | 000,008,320 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\dlttape.sys
[2011/05/27 23:23:14 | 000,026,698 | ---- | C] (D-Link Corporation) -- C:\WINDOWS\System32\dllcache\dlh5xnd5.sys
[2011/05/27 23:23:13 | 000,952,007 | ---- | C] (Eicon Technology) -- C:\WINDOWS\System32\dllcache\diwan.sys
[2011/05/27 23:23:10 | 000,236,060 | ---- | C] (Eicon Technology) -- C:\WINDOWS\System32\dllcache\ditrace.exe
[2011/05/27 23:23:09 | 000,038,985 | ---- | C] (Eicon Technology) -- C:\WINDOWS\System32\dllcache\disrvsu.dll
[2011/05/27 23:23:08 | 000,031,305 | ---- | C] (Eicon Technology) -- C:\WINDOWS\System32\dllcache\disrvpp.dll
[2011/05/27 23:23:07 | 000,006,729 | ---- | C] (Eicon Technology) -- C:\WINDOWS\System32\dllcache\disrvci.dll
[2011/05/27 23:23:04 | 000,091,305 | ---- | C] (Eicon Technology) -- C:\WINDOWS\System32\dllcache\dimaint.sys
[2011/05/27 23:23:03 | 000,614,429 | ---- | C] (Digi International Inc.) -- C:\WINDOWS\System32\dllcache\digiview.exe
[2011/05/27 23:23:03 | 000,042,432 | ---- | C] (Digi International, Inc.) -- C:\WINDOWS\System32\dllcache\digirlpt.sys
[2011/05/27 23:23:02 | 000,110,621 | ---- | C] (Digi International, Inc.) -- C:\WINDOWS\System32\dllcache\digirlpt.dll
[2011/05/27 23:23:01 | 000,021,606 | ---- | C] (Digi International Inc.) -- C:\WINDOWS\System32\dllcache\digiisdn.sys
[2011/05/27 23:23:00 | 000,041,046 | ---- | C] (Digi International Inc.) -- C:\WINDOWS\System32\dllcache\digiisdn.dll
[2011/05/27 23:22:59 | 000,102,484 | ---- | C] (Digi International Inc.) -- C:\WINDOWS\System32\dllcache\digiinf.dll
[2011/05/27 23:22:58 | 000,159,828 | ---- | C] (Digi International Inc.) -- C:\WINDOWS\System32\dllcache\digihlc.dll
[2011/05/27 23:22:57 | 000,229,462 | ---- | C] (Digi International Inc.) -- C:\WINDOWS\System32\dllcache\digifwrk.dll
[2011/05/27 23:22:57 | 000,090,525 | ---- | C] (Digi International Inc.) -- C:\WINDOWS\System32\dllcache\digifep5.sys
[2011/05/27 23:22:56 | 000,103,044 | ---- | C] (Digi International Inc.) -- C:\WINDOWS\System32\dllcache\digidxb.sys
[2011/05/27 23:22:55 | 000,131,156 | ---- | C] (Digi International Inc.) -- C:\WINDOWS\System32\dllcache\digidbp.dll
[2011/05/27 23:22:54 | 000,037,735 | ---- | C] (Digi International Inc.) -- C:\WINDOWS\System32\dllcache\digiasyn.sys
[2011/05/27 23:22:53 | 000,065,622 | ---- | C] (Digi International Inc.) -- C:\WINDOWS\System32\dllcache\digiasyn.dll
[2011/05/27 23:22:50 | 000,419,357 | ---- | C] (Digi International) -- C:\WINDOWS\System32\dllcache\dgconfig.dll
[2011/05/27 23:22:49 | 000,029,531 | ---- | C] (Digi International Inc.) -- C:\WINDOWS\System32\dllcache\dgapci.sys
[2011/05/27 23:22:48 | 000,024,649 | ---- | C] (D-Link) -- C:\WINDOWS\System32\dllcache\dfe650d.sys
[2011/05/27 23:22:47 | 000,024,648 | ---- | C] (D-Link) -- C:\WINDOWS\System32\dllcache\dfe650.sys
[2011/05/27 23:22:46 | 000,024,064 | ---- | C] (Creative Technology Ltd.) -- C:\WINDOWS\System32\dllcache\devldr32.exe
[2011/05/27 23:22:45 | 000,256,512 | ---- | C] (Creative Technology Ltd.) -- C:\WINDOWS\System32\dllcache\devcon32.dll
[2011/05/27 23:22:43 | 000,020,928 | ---- | C] (Digital Networks, LLC) -- C:\WINDOWS\System32\dllcache\defpa.sys
[2011/05/27 23:22:43 | 000,007,424 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\ddsmc.sys
[2011/05/27 23:22:41 | 000,110,592 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\dc260usd.dll
[2011/05/27 23:22:40 | 000,086,016 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\dc240usd.dll
[2011/05/27 23:22:39 | 000,080,896 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\dc210usd.dll
[2011/05/27 23:22:39 | 000,063,208 | ---- | C] (Intel Corporation.) -- C:\WINDOWS\System32\dllcache\dc21x4.sys
[2011/05/27 23:22:38 | 000,025,600 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\dc210_32.dll
[2011/05/27 23:22:32 | 000,117,760 | ---- | C] (Intel Corporation) -- C:\WINDOWS\System32\dllcache\d100ib5.sys
[2011/05/27 23:22:31 | 000,049,792 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\cyzport.sys
[2011/05/27 23:22:31 | 000,027,648 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\cyzports.dll
[2011/05/27 23:22:30 | 000,027,136 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\cyzcoins.dll
[2011/05/27 23:22:29 | 000,027,648 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\cyyports.dll
[2011/05/27 23:22:28 | 000,050,176 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\cyyport.sys
[2011/05/27 23:22:27 | 000,028,672 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\cyycoins.dll
[2011/05/27 23:22:26 | 000,017,152 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\cyclad-z.sys
[2011/05/27 23:22:26 | 000,014,848 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\cyclom-y.sys
[2011/05/27 23:22:25 | 000,048,640 | ---- | C] (Crystal Semiconductor Corp.) -- C:\WINDOWS\System32\dllcache\cwrwdm.sys
[2011/05/27 23:22:24 | 000,093,952 | ---- | C] (Crystal Semiconductor Corp.) -- C:\WINDOWS\System32\dllcache\cwcwdm.sys
[2011/05/27 23:22:23 | 000,111,872 | ---- | C] (Crystal Semiconductor Corp.) -- C:\WINDOWS\System32\dllcache\cwcspud.sys
[2011/05/27 23:22:22 | 000,003,584 | ---- | C] (Crystal Semiconductor Corp.) -- C:\WINDOWS\System32\dllcache\cwcosnt5.sys
[2011/05/27 23:22:21 | 000,072,832 | ---- | C] (Crystal Semiconductor Corp.) -- C:\WINDOWS\System32\dllcache\cwbwdm.sys
[2011/05/27 23:22:20 | 000,003,072 | ---- | C] (Crystal Semiconductor Corp.) -- C:\WINDOWS\System32\dllcache\cwbmidi.sys
[2011/05/27 23:22:19 | 000,003,072 | ---- | C] (Crystal Semiconductor Corp.) -- C:\WINDOWS\System32\dllcache\cwbase.sys
[2011/05/27 23:22:18 | 000,004,096 | ---- | C] (Creative Technology Ltd.) -- C:\WINDOWS\System32\dllcache\ctwdm32.dll
[2011/05/27 23:22:17 | 000,249,856 | ---- | C] (Comtrol® Corporation) -- C:\WINDOWS\System32\dllcache\ctmasetp.dll
[2011/05/27 23:22:16 | 000,096,256 | ---- | C] (Copyright © Creative Technology Ltd. 1994-2001) -- C:\WINDOWS\System32\dllcache\ctlsb16.sys
[2011/05/27 23:22:15 | 000,006,912 | ---- | C] (Creative Technology Ltd.) -- C:\WINDOWS\System32\dllcache\ctlfacem.sys
[2011/05/27 23:22:15 | 000,003,712 | ---- | C] (Creative Technology Ltd.) -- C:\WINDOWS\System32\dllcache\ctljystk.sys
[2011/05/27 23:22:12 | 000,175,104 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\csamsp.dll
[2011/05/27 23:22:11 | 000,042,112 | ---- | C] (Conexant Systems Inc.) -- C:\WINDOWS\System32\dllcache\crtaud.sys
[2011/05/27 23:22:09 | 000,216,064 | ---- | C] (COMPAQ Inc.) -- C:\WINDOWS\System32\dllcache\cpscan.dll
[2011/05/27 23:22:09 | 000,018,944 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\cprofile.exe
[2011/05/27 23:22:08 | 000,060,970 | ---- | C] (Compaq Computer Corp.) -- C:\WINDOWS\System32\dllcache\cpqtrnd5.sys
[2011/05/27 23:22:07 | 000,021,533 | ---- | C] (Compaq Computer Corporation) -- C:\WINDOWS\System32\dllcache\cpqndis5.sys
[2011/05/27 23:22:02 | 000,010,240 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\compbatt.sys
[2011/05/27 23:22:00 | 000,039,936 | ---- | C] (Conexant Systems, Inc.) -- C:\WINDOWS\System32\dllcache\cnxt1803.sys
[2011/05/27 23:21:59 | 000,044,032 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\cnusd.dll
[2011/05/27 23:21:55 | 000,020,736 | ---- | C] (OMNIKEY AG) -- C:\WINDOWS\System32\dllcache\cmbp0wdm.sys
[2011/05/27 23:21:54 | 000,013,952 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\cmbatt.sys
[2011/05/27 23:21:52 | 000,248,064 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\cl546xm.sys
[2011/05/27 23:21:51 | 000,170,880 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\cl546x.dll
[2011/05/27 23:21:50 | 000,111,232 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\cl5465.dll
[2011/05/27 23:21:49 | 000,091,264 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\cirrus.dll
[2011/05/27 23:21:49 | 000,045,696 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\cirrus.sys
[2011/05/27 23:21:46 | 000,272,640 | ---- | C] (RAVISENT Technologies Inc.) -- C:\WINDOWS\System32\dllcache\cinemclc.sys
[2011/05/27 23:21:44 | 000,980,034 | ---- | C] (Xircom) -- C:\WINDOWS\System32\dllcache\cicap.sys
[2011/05/27 23:21:41 | 000,014,336 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\chgusr.exe
[2011/05/27 23:21:40 | 000,015,872 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\chgport.exe
[2011/05/27 23:21:39 | 000,013,312 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\chglogon.exe
[2011/05/27 23:21:38 | 000,009,728 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\change.exe
[2011/05/27 23:21:38 | 000,008,192 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\changer.sys
[2011/05/27 23:21:36 | 000,049,182 | ---- | C] (Xircom, Inc.) -- C:\WINDOWS\System32\dllcache\cem56n5.sys
[2011/05/27 23:21:35 | 000,022,044 | ---- | C] (Xircom, Inc.) -- C:\WINDOWS\System32\dllcache\cem33n5.sys
[2011/05/27 23:21:34 | 000,022,044 | ---- | C] (Xircom, Inc.) -- C:\WINDOWS\System32\dllcache\cem28n5.sys
[2011/05/27 23:21:33 | 000,027,164 | ---- | C] (Xircom, Inc.) -- C:\WINDOWS\System32\dllcache\ce3n5.sys
[2011/05/27 23:21:32 | 000,021,530 | ---- | C] (Xircom, Inc.) -- C:\WINDOWS\System32\dllcache\ce2n5.sys
[2011/05/27 23:21:29 | 000,714,698 | ---- | C] (Xircom, Inc.) -- C:\WINDOWS\System32\dllcache\cbmdmkxx.sys
[2011/05/27 23:21:28 | 000,046,108 | ---- | C] (Xircom, Inc.) -- C:\WINDOWS\System32\dllcache\cben5.sys
[2011/05/27 23:21:27 | 000,039,680 | ---- | C] (Silicom Ltd.) -- C:\WINDOWS\System32\dllcache\cb325.sys
[2011/05/27 23:21:26 | 000,037,916 | ---- | C] (Fast Ethernet Controller Provider) -- C:\WINDOWS\System32\dllcache\cb102.sys
[2011/05/27 23:21:25 | 000,032,256 | ---- | C] (Eicon Technology Corporation) -- C:\WINDOWS\System32\dllcache\diapi2NT.dll
[2011/05/27 23:21:24 | 000,164,923 | ---- | C] (Eicon Technology) -- C:\WINDOWS\System32\dllcache\diapi2.sys
[2011/05/27 23:21:23 | 000,054,528 | ---- | C] (Philips Semiconductors GmbH) -- C:\WINDOWS\System32\dllcache\cap7146.sys
[2011/05/27 23:21:22 | 000,121,856 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\camext30.dll
[2011/05/27 23:21:21 | 000,116,736 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\camext30.ax
[2011/05/27 23:21:20 | 000,236,032 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\camext20.dll
[2011/05/27 23:21:19 | 000,244,224 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\camext20.ax
[2011/05/27 23:21:18 | 000,074,240 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\camexo20.dll
[2011/05/27 23:21:17 | 000,171,264 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\camdrv30.sys
[2011/05/27 23:21:17 | 000,073,216 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\camexo20.ax
[2011/05/27 23:21:16 | 000,223,232 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\camdrv21.sys
[2011/05/27 23:21:15 | 000,314,752 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\camdro21.sys
[2011/05/27 23:21:13 | 000,010,752 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\c_iscii.dll
[2011/05/27 23:20:37 | 000,013,824 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\bulltlp3.sys
[2011/05/27 23:20:34 | 000,031,529 | ---- | C] (BreezeCOM) -- C:\WINDOWS\System32\dllcache\brzwlan.sys
[2011/05/27 23:20:33 | 000,010,368 | ---- | C] (Brother Industries Ltd.) -- C:\WINDOWS\System32\dllcache\brusbscn.sys
[2011/05/27 23:20:32 | 000,011,008 | ---- | C] (Brother Industries Ltd.) -- C:\WINDOWS\System32\dllcache\brusbmdm.sys
[2011/05/27 23:20:31 | 000,060,416 | ---- | C] (Brother Industries Ltd.) -- C:\WINDOWS\System32\dllcache\brserwdm.sys
[2011/05/27 23:20:30 | 000,009,728 | ---- | C] (Brother Industries, Ltd.) -- C:\WINDOWS\System32\dllcache\brserif.dll
[2011/05/27 23:20:29 | 000,005,120 | ---- | C] (Brother Industries,Ltd.) -- C:\WINDOWS\System32\dllcache\brscnrsm.dll
[2011/05/27 23:20:28 | 000,039,552 | ---- | C] (Brother Industries Ltd.) -- C:\WINDOWS\System32\dllcache\brparwdm.sys
[2011/05/27 23:20:27 | 000,003,168 | ---- | C] (Brother Industries Ltd.) -- C:\WINDOWS\System32\dllcache\brparimg.sys
[2011/05/27 23:20:23 | 000,041,472 | ---- | C] (Brother Industries, Ltd.) -- C:\WINDOWS\System32\dllcache\brmfusb.dll
[2011/05/27 23:20:22 | 000,032,256 | ---- | C] (Brother Industries, Ltd.) -- C:\WINDOWS\System32\dllcache\brmfrsmg.exe
[2011/05/27 23:20:21 | 000,081,408 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\brmfcwia.dll
[2011/05/27 23:20:21 | 000,029,696 | ---- | C] (Brother Industries, Ltd.) -- C:\WINDOWS\System32\dllcache\brmflpt.dll
[2011/05/27 23:20:20 | 000,015,360 | ---- | C] (Brother Industries, Ltd.) -- C:\WINDOWS\System32\dllcache\brmfbidi.dll
[2011/05/27 23:20:19 | 000,003,968 | ---- | C] (Brother Industries, Ltd.) -- C:\WINDOWS\System32\dllcache\brfiltup.sys
[2011/05/27 23:20:18 | 000,012,160 | ---- | C] (Brother Industries, Ltd.) -- C:\WINDOWS\System32\dllcache\brfiltlo.sys
[2011/05/27 23:20:17 | 000,002,944 | ---- | C] (Brother Industries Ltd.) -- C:\WINDOWS\System32\dllcache\brfilt.sys
[2011/05/27 23:20:16 | 000,012,800 | ---- | C] (Brother Industries, Ltd.) -- C:\WINDOWS\System32\dllcache\brevif.dll
[2011/05/27 23:20:15 | 000,009,728 | ---- | C] (Brother Industries Ltd.) -- C:\WINDOWS\System32\dllcache\brcoinst.dll
[2011/05/27 23:20:14 | 000,019,456 | ---- | C] (Brother Industries, Ltd.) -- C:\WINDOWS\System32\dllcache\brbidiif.dll
[2011/05/27 23:20:11 | 000,102,400 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\binlsvc.dll
[2011/05/27 23:20:09 | 000,871,388 | ---- | C] (BCM) -- C:\WINDOWS\System32\dllcache\bcmdm.sys
[2011/05/27 23:20:09 | 000,026,568 | ---- | C] (Broadcom Corporation) -- C:\WINDOWS\System32\dllcache\bcm4e5.sys
[2011/05/27 23:20:08 | 000,054,271 | ---- | C] (Broadcom Corporation) -- C:\WINDOWS\System32\dllcache\bcm42xx5.sys
[2011/05/27 23:20:07 | 000,066,557 | ---- | C] (Broadcom Corporation) -- C:\WINDOWS\System32\dllcache\bcm42u.sys
[2011/05/27 23:20:05 | 000,014,208 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\battc.sys
[2011/05/27 23:20:04 | 000,036,128 | ---- | C] (3Dfx Interactive, Inc.) -- C:\WINDOWS\System32\dllcache\banshee.sys
[2011/05/27 23:20:03 | 000,342,336 | ---- | C] (3Dfx Interactive, Inc.) -- C:\WINDOWS\System32\dllcache\banshee.dll
[2011/05/27 23:20:02 | 000,096,640 | ---- | C] (Broadcom Corporation) -- C:\WINDOWS\System32\dllcache\b57xp32.sys
[2011/05/27 23:20:01 | 000,089,952 | ---- | C] (AVM GmbH) -- C:\WINDOWS\System32\dllcache\b1cbase.sys
[2011/05/27 23:20:00 | 000,036,992 | ---- | C] (Aztech Systems Ltd) -- C:\WINDOWS\System32\dllcache\aztw2320.sys
[2011/05/27 23:19:59 | 000,037,568 | ---- | C] (AVM GmbH) -- C:\WINDOWS\System32\dllcache\avmwan.sys
[2011/05/27 23:19:58 | 000,144,384 | ---- | C] (AVM GmbH) -- C:\WINDOWS\System32\dllcache\avmenum.dll
[2011/05/27 23:19:57 | 000,087,552 | ---- | C] (AVM GmbH) -- C:\WINDOWS\System32\dllcache\avmcoxp.dll
[2011/05/27 23:19:55 | 000,013,696 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\avcstrm.sys
[2011/05/27 23:19:54 | 000,038,912 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\avc.sys
[2011/05/27 23:19:54 | 000,036,096 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\avcaudio.sys
[2011/05/27 23:19:41 | 000,070,528 | ---- | C] (ATI Technologies Inc.) -- C:\WINDOWS\System32\dllcache\atiragem.sys
[2011/05/27 23:19:40 | 000,104,832 | ---- | C] (ATI Technologies Inc.) -- C:\WINDOWS\System32\dllcache\atiraged.dll
[2011/05/27 23:19:36 | 000,281,600 | ---- | C] (ATI Technologies Inc.) -- C:\WINDOWS\System32\dllcache\atimtai.sys
[2011/05/27 23:19:35 | 000,289,664 | ---- | C] (ATI Technologies Inc.) -- C:\WINDOWS\System32\dllcache\atimpab.sys
[2011/05/27 23:19:35 | 000,075,136 | ---- | C] (ATI Technologies Inc.) -- C:\WINDOWS\System32\dllcache\atimpae.sys
[2011/05/27 23:19:34 | 000,037,376 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\atievxx.exe
[2011/05/27 23:19:32 | 000,268,160 | ---- | C] (ATI Technologies Inc.) -- C:\WINDOWS\System32\dllcache\atidvai.dll
[2011/05/27 23:19:31 | 000,382,592 | ---- | C] (ATI Technologies Inc.) -- C:\WINDOWS\System32\dllcache\atidrab.dll
[2011/05/27 23:19:31 | 000,137,216 | ---- | C] (ATI Technologies Inc.) -- C:\WINDOWS\System32\dllcache\atidrae.dll
[2011/05/27 23:19:25 | 000,077,568 | ---- | C] (ATI Technologies, Inc.) -- C:\WINDOWS\System32\dllcache\ati.sys
[2011/05/27 23:19:24 | 000,096,128 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\ati.dll
[2011/05/27 23:19:23 | 000,097,354 | ---- | C] (Bay Networks, Inc.) -- C:\WINDOWS\System32\dllcache\aspndis3.sys
[2011/05/27 23:19:20 | 000,045,056 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\EXCH_aqadmin.dll
[2011/05/27 23:19:19 | 000,006,272 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\apmbatt.sys
[2011/05/27 23:19:17 | 000,036,224 | ---- | C] (ADMtek Incorporated.) -- C:\WINDOWS\System32\dllcache\an983.sys
[2011/05/27 23:19:16 | 000,016,969 | ---- | C] (AmbiCom, Inc.) -- C:\WINDOWS\System32\dllcache\amb8002.sys
[2011/05/27 23:19:14 | 000,026,624 | ---- | C] (Acer Laboratories Inc.) -- C:\WINDOWS\System32\dllcache\alifir.sys
[2011/05/27 23:19:13 | 000,027,678 | ---- | C] (Acer Laboratories Inc.) -- C:\WINDOWS\System32\dllcache\ali5261.sys
[2011/05/27 23:19:05 | 000,024,576 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\agcgauge.ax
[2011/05/27 23:19:02 | 000,005,632 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\EXCH_adsiisex.dll
[2011/05/27 23:19:01 | 000,046,112 | ---- | C] (Adaptec, Inc ) -- C:\WINDOWS\System32\dllcache\adptsf50.sys
[2011/05/27 23:18:59 | 000,010,880 | ---- | C] (Aureal, Inc.) -- C:\WINDOWS\System32\dllcache\admjoy.sys
[2011/05/27 23:18:58 | 000,747,392 | ---- | C] (Aureal, Inc.) -- C:\WINDOWS\System32\dllcache\adm8830.sys
[2011/05/27 23:18:57 | 000,553,984 | ---- | C] (Aureal, Inc.) -- C:\WINDOWS\System32\dllcache\adm8820.sys
[2011/05/27 23:18:56 | 000,584,448 | ---- | C] (Aureal, Inc.) -- C:\WINDOWS\System32\dllcache\adm8810.sys
[2011/05/27 23:18:55 | 000,020,160 | ---- | C] (ADMtek Incorporated) -- C:\WINDOWS\System32\dllcache\adm8511.sys
[2011/05/27 23:18:55 | 000,007,424 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\adicvls.sys
[2011/05/27 23:18:52 | 000,061,440 | ---- | C] (Color Flatbed Scanner) -- C:\WINDOWS\System32\dllcache\acerscad.dll
[2011/05/27 23:18:51 | 000,084,480 | ---- | C] (VIA Technologies, Inc.) -- C:\WINDOWS\System32\dllcache\ac97via.sys
[2011/05/27 23:18:50 | 000,297,728 | ---- | C] (Silicon Integrated Systems Corp.) -- C:\WINDOWS\System32\dllcache\ac97sis.sys
[2011/05/27 23:18:49 | 000,096,256 | ---- | C] (Intel Corporation) -- C:\WINDOWS\System32\dllcache\ac97intc.sys
[2011/05/27 23:18:48 | 000,231,552 | ---- | C] (Acer Laboratories Inc.) -- C:\WINDOWS\System32\dllcache\ac97ali.sys
[2011/05/27 23:18:46 | 000,462,848 | ---- | C] (Aureal Inc.) -- C:\WINDOWS\System32\dllcache\a3dapi.dll
[2011/05/27 23:18:45 | 000,038,400 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\8514a.dll
[2011/05/27 23:18:44 | 000,048,128 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\61883.sys
[2011/05/27 23:18:43 | 000,148,352 | ---- | C] (3dfx Interactive, Inc.) -- C:\WINDOWS\System32\dllcache\3dfxvsm.sys
[2011/05/27 23:18:43 | 000,012,288 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\4mmdat.sys
[2011/05/27 23:18:42 | 000,689,216 | ---- | C] (3dfx Interactive, Inc.) -- C:\WINDOWS\System32\dllcache\3dfxvs.dll
[2011/05/27 23:18:41 | 000,762,780 | ---- | C] (3Com, Inc.) -- C:\WINDOWS\System32\dllcache\3cwmcru.sys
[2011/05/27 23:18:40 | 000,011,264 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\1394vdbg.sys
[2011/05/27 23:18:39 | 000,053,376 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\1394bus.sys
[2011/05/27 23:18:01 | 000,066,048 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\s3legacy.dll
[2011/05/26 22:48:06 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\SUPERAntiSpyware
[2011/05/26 22:47:56 | 000,000,000 | ---D | C] -- C:\Program Files\SUPERAntiSpyware
[2011/05/24 23:39:57 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Amy Meechan\Application Data\Uniblue
[2011/05/24 23:39:29 | 000,000,000 | ---D | C] -- C:\Program Files\Uniblue
[2011/05/24 23:37:22 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Amy Meechan\Local Settings\Application Data\PackageAware
[2011/05/24 12:25:21 | 000,000,000 | ---D | C] -- C:\Documents and Settings\LocalService\Local Settings\Application Data\Adobe
[2011/05/23 01:12:21 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Sun
[2011/05/23 01:11:53 | 000,472,808 | ---- | C] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\deployJava1.dll
[2011/05/23 01:11:53 | 000,157,472 | ---- | C] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\javaws.exe
[2011/05/23 01:11:53 | 000,145,184 | ---- | C] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\javaw.exe
[2011/05/23 01:11:53 | 000,145,184 | ---- | C] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\java.exe
[2011/05/23 00:22:40 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\SecTaskMan
[2011/05/23 00:22:24 | 000,000,000 | ---D | C] -- C:\Program Files\Security Task Manager
[2011/05/22 10:10:52 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\CCleaner
[2011/05/22 00:15:06 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Amy Meechan\Application Data\Mozilla
[2011/05/22 00:14:32 | 000,000,000 | ---D | C] -- C:\Program Files\Mozilla Firefox
[2011/05/21 00:17:25 | 000,000,000 | ---D | C] -- C:\Program Files\ESET
[2011/05/21 00:15:36 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\WinZip
[2011/05/20 12:58:45 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Amy Meechan\My Documents\Malware
[2011/05/19 21:46:17 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NetworkService\Local Settings\Application Data\PCHealth
[2011/05/19 00:00:09 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Grp Conv Removal Tool
[2011/05/19 00:00:08 | 000,356,352 | ---- | C] (eSellerate Inc.) -- C:\WINDOWS\eSellerateEngine.dll
[2011/05/19 00:00:08 | 000,081,920 | ---- | C] (eSellerate Inc.) -- C:\WINDOWS\eSellerateControl350.dll
[2011/05/19 00:00:03 | 000,000,000 | ---D | C] -- C:\Program Files\Grp Conv Removal Tool
[2011/05/18 13:30:12 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\avast! Free Antivirus
[2011/05/18 13:30:11 | 000,019,544 | ---- | C] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswFsBlk.sys
[2011/05/18 13:30:10 | 000,307,928 | ---- | C] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswSP.sys
[2011/05/18 13:30:00 | 000,025,432 | ---- | C] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswRdr.sys
[2011/05/18 13:29:59 | 000,049,240 | ---- | C] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswTdi.sys
[2011/05/18 13:29:58 | 000,441,176 | ---- | C] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswSnx.sys
[2011/05/18 13:29:57 | 000,102,616 | ---- | C] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswmon2.sys
[2011/05/18 13:29:57 | 000,096,344 | ---- | C] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswmon.sys
[2011/05/18 13:29:56 | 000,030,808 | ---- | C] (AVAST Software) -- C:\WINDOWS\System32\drivers\aavmker4.sys
[2011/05/18 13:29:12 | 000,199,304 | ---- | C] (AVAST Software) -- C:\WINDOWS\System32\aswBoot.exe
[2011/05/18 13:29:12 | 000,040,112 | ---- | C] (AVAST Software) -- C:\WINDOWS\avastSS.scr
[2011/05/18 07:57:47 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Presto! PageManager 6
[2011/05/18 07:57:47 | 000,000,000 | ---D | C] -- C:\Program Files\NewSoft
[2011/05/18 07:57:45 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Amy Meechan\Start Menu\Programs\Scholastic
[2011/05/18 07:56:42 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Verizon
[2011/05/18 07:56:39 | 000,000,000 | ---D | C] -- C:\Program Files\Verizon
[2011/05/17 09:23:31 | 000,000,000 | ---D | C] -- C:\Program Files\AVAST Software
[2011/05/17 09:23:31 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\AVAST Software
[2011/05/16 13:28:32 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft Security Client
[2011/05/16 12:20:50 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Amy Meechan\Local Settings\Application Data\Mozilla
[2011/05/16 09:45:30 | 000,007,040 | ---- | C] (SuperAdBlocker.com) -- C:\WINDOWS\System32\sabprocenum.sys
[2011/05/16 02:57:06 | 000,000,000 | ---D | C] -- C:\Documents and Settings\LocalService\Local Settings\Application Data\PCHealth
[2011/05/16 02:32:13 | 000,222,080 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\MpSigStub.exe
[2011/05/15 16:33:06 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Amy Meechan\Application Data\SUPERAntiSpyware.com
[2011/05/15 16:33:06 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\SUPERAntiSpyware.com
[2011/05/13 15:22:04 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Citrix
[2011/05/13 15:09:44 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Amy Meechan\Local Settings\Application Data\Citrix
[2011/05/13 13:31:03 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Amy Meechan\Application Data\McAfee
[2007/10/22 03:31:06 | 001,673,224 | ---- | C] (Microsoft Corporation) -- C:\Program Files\Common Files\dsetup32.dll
[2007/10/22 03:31:06 | 000,502,792 | ---- | C] (Microsoft Corporation) -- C:\Program Files\Common Files\DXSETUP.exe
[2007/10/22 03:31:06 | 000,076,808 | ---- | C] (Microsoft Corporation) -- C:\Program Files\Common Files\DSETUP.dll
[2004/09/11 00:22:49 | 000,090,112 | R--- | C] ( ) -- C:\WINDOWS\System32\SCCD3X02.DLL
[45 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
[42 C:\WINDOWS\System32\dllcache\*.tmp files -> C:\WINDOWS\System32\dllcache\*.tmp -> ]
[3 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2011/06/06 11:05:28 | 000,580,096 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Amy Meechan\Desktop\OTL.exe
[2011/06/06 11:00:04 | 000,000,896 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job
[2011/06/06 10:45:21 | 000,139,264 | ---- | M] () -- C:\Documents and Settings\Amy Meechan\Desktop\RKUnhookerLE.EXE
[2011/06/06 09:45:25 | 000,000,868 | ---- | M] () -- C:\WINDOWS\tasks\Google Software Updater.job
[2011/06/06 09:24:51 | 001,006,778 | ---- | M] () -- C:\Documents and Settings\Amy Meechan\Desktop\iExplore.exe
[2011/06/06 08:54:00 | 000,000,284 | ---- | M] () -- C:\WINDOWS\tasks\AppleSoftwareUpdate.job
[2011/06/06 07:48:28 | 000,000,424 | -H-- | M] () -- C:\WINDOWS\tasks\MP Scheduled Scan.job
[2011/06/06 07:44:16 | 000,001,595 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\McAfee Security Center.lnk
[2011/06/06 07:43:43 | 000,000,892 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job
[2011/06/06 07:43:42 | 000,000,276 | ---- | M] () -- C:\WINDOWS\tasks\RegistryBooster.job
[2011/06/06 07:43:09 | 000,002,048 | --S- | M] () -- C:\WINDOWS\BOOTSTAT.DAT
[2011/06/06 07:43:08 | 1608,585,216 | -HS- | M] () -- C:\hiberfil.sys
[2011/06/06 06:02:53 | 000,004,742 | ---- | M] () -- C:\WINDOWS\mozy.blk
[2011/06/06 06:02:52 | 000,002,954 | ---- | M] () -- C:\WINDOWS\mozy.flt
[2011/06/06 03:40:33 | 000,000,784 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes' Anti-Malware.lnk
[2011/06/03 09:00:06 | 000,001,648 | ---- | M] () -- C:\WINDOWS\tasks\wrSpySweeper_L07F18B7EC75F4D408676B4C1D60C956D.job
[2011/06/03 06:59:44 | 000,001,170 | ---- | M] () -- C:\WINDOWS\System32\WPA.DBL
[2011/06/01 07:53:50 | 000,491,592 | ---- | M] () -- C:\Documents and Settings\Amy Meechan\Desktop\menu.pdf
[2011/05/30 23:40:03 | 000,293,977 | ---- | M] () -- C:\Documents and Settings\Amy Meechan\Desktop\gmer.zip
[2011/05/30 23:10:35 | 000,606,738 | R--- | M] (Swearware) -- C:\Documents and Settings\Amy Meechan\Desktop\dds.scr
[2011/05/30 23:06:34 | 000,000,000 | ---- | M] () -- C:\Documents and Settings\Amy Meechan\defogger_reenable
[2011/05/30 23:04:18 | 000,050,477 | ---- | M] () -- C:\Documents and Settings\Amy Meechan\Desktop\Defogger.exe
[2011/05/29 12:32:00 | 000,302,592 | ---- | M] () -- C:\Documents and Settings\Amy Meechan\Desktop\gmer.exe
[2011/05/29 09:11:30 | 000,039,984 | ---- | M] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys
[2011/05/29 09:11:20 | 000,022,712 | ---- | M] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
[2011/05/27 22:28:31 | 007,775,264 | ---- | M] () -- C:\Documents and Settings\Amy Meechan\My Documents\Westell gateway user guide.pdf
[2011/05/27 16:38:23 | 000,000,211 | -HS- | M] () -- C:\BOOT.INI
[2011/05/26 22:48:07 | 000,001,678 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\SUPERAntiSpyware Professional.lnk
[2011/05/24 23:25:47 | 000,000,766 | ---- | M] () -- C:\Documents and Settings\Amy Meechan\Desktop\Shortcut to TaskMan.lnk
[2011/05/23 07:19:14 | 000,425,408 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2011/05/22 10:10:52 | 000,000,682 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\CCleaner.lnk
[2011/05/22 00:14:47 | 000,000,742 | ---- | M] () -- C:\Documents and Settings\Amy Meechan\Application Data\Microsoft\Internet Explorer\Quick Launch\Mozilla Firefox.lnk
[2011/05/22 00:14:47 | 000,000,724 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Mozilla Firefox.lnk
[2011/05/21 09:24:31 | 000,002,243 | ---- | M] () -- C:\WINDOWS\epplauncher.mif
[2011/05/19 00:00:09 | 000,001,735 | ---- | M] () -- C:\Documents and Settings\Amy Meechan\Desktop\Grp Conv Removal Tool.lnk
[2011/05/18 13:30:12 | 000,001,689 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\avast! Free Antivirus.lnk
[2011/05/18 13:29:58 | 000,002,625 | ---- | M] () -- C:\WINDOWS\System32\CONFIG.NT
[2011/05/17 20:56:44 | 000,097,688 | -H-- | M] () -- C:\WINDOWS\System32\mlfcache.dat
[2011/05/17 20:33:48 | 000,000,033 | ---- | M] () -- C:\WINDOWS\TLCAPPS.INI
[2011/05/17 16:45:45 | 000,001,253 | ---- | M] () -- C:\WINDOWS\disney.ini
[2011/05/16 23:44:21 | 000,001,680 | ---- | M] () -- C:\Documents and Settings\Amy Meechan\Desktop\Microsoft Security Essentials.lnk
[2011/05/16 13:07:11 | 000,000,664 | ---- | M] () -- C:\WINDOWS\System32\d3d9caps.dat
[2011/05/16 12:20:54 | 000,000,000 | ---- | M] () -- C:\WINDOWS\nsreg.dat
[2011/05/16 09:45:30 | 000,007,040 | ---- | M] (SuperAdBlocker.com) -- C:\WINDOWS\System32\sabprocenum.sys
[2011/05/15 10:17:44 | 000,015,778 | -HS- | M] () -- C:\Documents and Settings\Amy Meechan\Local Settings\Application Data\kqxjax25212syk721811b172n8n71yg66c
[2011/05/15 10:17:44 | 000,015,778 | -HS- | M] () -- C:\Documents and Settings\All Users\Application Data\kqxjax25212syk721811b172n8n71yg66c
[2011/05/13 20:30:54 | 000,002,397 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\IGT Slots Wolf Run.lnk
[2011/05/13 15:09:30 | 000,103,784 | ---- | M] () -- C:\Documents and Settings\Amy Meechan\GoToAssistDownloadHelper.exe
[2011/05/13 11:43:32 | 000,012,308 | -HS- | M] () -- C:\Documents and Settings\Amy Meechan\Local Settings\Application Data\13nnf18pd0364y8w46p0i346m583t86kk1odd1c8w0
[2011/05/13 11:43:32 | 000,012,308 | -HS- | M] () -- C:\Documents and Settings\All Users\Application Data\13nnf18pd0364y8w46p0i346m583t86kk1odd1c8w0
[2011/05/10 05:10:59 | 000,040,112 | ---- | M] (AVAST Software) -- C:\WINDOWS\avastSS.scr
[2011/05/10 05:10:55 | 000,199,304 | ---- | M] (AVAST Software) -- C:\WINDOWS\System32\aswBoot.exe
[2011/05/10 05:03:54 | 000,441,176 | ---- | M] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswSnx.sys
[2011/05/10 05:03:44 | 000,307,928 | ---- | M] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswSP.sys
[2011/05/10 05:02:37 | 000,049,240 | ---- | M] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswTdi.sys
[2011/05/10 05:02:25 | 000,102,616 | ---- | M] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswmon2.sys
[2011/05/10 05:02:22 | 000,096,344 | ---- | M] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswmon.sys
[2011/05/10 04:59:56 | 000,025,432 | ---- | M] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswRdr.sys
[2011/05/10 04:59:37 | 000,030,808 | ---- | M] (AVAST Software) -- C:\WINDOWS\System32\drivers\aavmker4.sys
[2011/05/10 04:59:35 | 000,019,544 | ---- | M] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswFsBlk.sys
[45 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
[42 C:\WINDOWS\System32\dllcache\*.tmp files -> C:\WINDOWS\System32\dllcache\*.tmp -> ]
[3 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]

========== Files Created - No Company Name ==========

[2011/06/06 10:45:11 | 000,139,264 | ---- | C] () -- C:\Documents and Settings\Amy Meechan\Desktop\RKUnhookerLE.EXE
[2011/05/30 23:40:01 | 000,293,977 | ---- | C] () -- C:\Documents and Settings\Amy Meechan\Desktop\gmer.zip
[2011/05/30 23:06:34 | 000,000,000 | ---- | C] () -- C:\Documents and Settings\Amy Meechan\defogger_reenable
[2011/05/30 23:04:08 | 000,050,477 | ---- | C] () -- C:\Documents and Settings\Amy Meechan\Desktop\Defogger.exe
[2011/05/29 12:32:00 | 000,302,592 | ---- | C] () -- C:\Documents and Settings\Amy Meechan\Desktop\gmer.exe
[2011/05/27 23:37:08 | 000,018,944 | ---- | C] () -- C:\WINDOWS\System32\dllcache\xrxscnui.dll
[2011/05/27 23:37:07 | 000,027,648 | ---- | C] () -- C:\WINDOWS\System32\dllcache\xrxftplt.exe
[2011/05/27 23:25:28 | 000,165,888 | ---- | C] () -- C:\WINDOWS\System32\dllcache\hpgt53.dll
[2011/05/27 23:25:27 | 000,093,696 | ---- | C] () -- C:\WINDOWS\System32\dllcache\hpgt42.dll
[2011/05/27 23:25:25 | 000,101,376 | ---- | C] () -- C:\WINDOWS\System32\dllcache\hpgt34.dll
[2011/05/27 23:25:23 | 000,089,088 | ---- | C] () -- C:\WINDOWS\System32\dllcache\hpgt33.dll
[2011/05/27 23:25:21 | 000,083,968 | ---- | C] () -- C:\WINDOWS\System32\dllcache\hpgt21.dll
[2011/05/27 23:23:12 | 000,029,768 | ---- | C] () -- C:\WINDOWS\System32\dllcache\divasu.dll
[2011/05/27 23:23:11 | 000,037,962 | ---- | C] () -- C:\WINDOWS\System32\dllcache\divaprop.dll
[2011/05/27 23:23:10 | 000,006,216 | ---- | C] () -- C:\WINDOWS\System32\dllcache\divaci.dll
[2011/05/27 23:19:48 | 000,023,552 | ---- | C] () -- C:\WINDOWS\System32\dllcache\atixbar.sys
[2011/05/27 23:19:47 | 000,026,624 | ---- | C] () -- C:\WINDOWS\System32\dllcache\ativxbar.sys
[2011/05/27 23:19:46 | 000,019,456 | ---- | C] () -- C:\WINDOWS\System32\dllcache\ativttxx.sys
[2011/05/27 23:19:45 | 000,009,472 | ---- | C] () -- C:\WINDOWS\System32\dllcache\ativmdcd.sys
[2011/05/27 23:19:44 | 000,017,152 | ---- | C] () -- C:\WINDOWS\System32\dllcache\atitvsnd.sys
[2011/05/27 23:19:43 | 000,017,152 | ---- | C] () -- C:\WINDOWS\System32\dllcache\atitunep.sys
[2011/05/27 23:19:42 | 000,026,880 | ---- | C] () -- C:\WINDOWS\System32\dllcache\atirtsnd.sys
[2011/05/27 23:19:41 | 000,049,920 | ---- | C] () -- C:\WINDOWS\System32\dllcache\atirtcap.sys
[2011/05/27 23:19:39 | 000,010,240 | ---- | C] () -- C:\WINDOWS\System32\dllcache\atipcxxx.sys
[2011/05/27 23:19:30 | 000,046,464 | ---- | C] () -- C:\WINDOWS\System32\dllcache\atibt829.sys
[2011/05/27 22:28:07 | 007,775,264 | ---- | C] () -- C:\Documents and Settings\Amy Meechan\My Documents\Westell gateway user guide.pdf
[2011/05/26 22:48:07 | 000,001,678 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\SUPERAntiSpyware Professional.lnk
[2011/05/24 23:40:02 | 000,000,276 | ---- | C] () -- C:\WINDOWS\tasks\RegistryBooster.job
[2011/05/24 23:25:47 | 000,000,766 | ---- | C] () -- C:\Documents and Settings\Amy Meechan\Desktop\Shortcut to TaskMan.lnk
[2011/05/22 00:14:47 | 000,000,742 | ---- | C] () -- C:\Documents and Settings\Amy Meechan\Application Data\Microsoft\Internet Explorer\Quick Launch\Mozilla Firefox.lnk
[2011/05/22 00:14:47 | 000,000,724 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Mozilla Firefox.lnk
[2011/05/22 00:14:46 | 000,000,730 | ---- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Mozilla Firefox.lnk
[2011/05/21 19:17:24 | 1608,585,216 | -HS- | C] () -- C:\hiberfil.sys
[2011/05/19 00:00:09 | 000,001,735 | ---- | C] () -- C:\Documents and Settings\Amy Meechan\Desktop\Grp Conv Removal Tool.lnk
[2011/05/18 16:16:40 | 000,000,424 | -H-- | C] () -- C:\WINDOWS\tasks\MP Scheduled Scan.job
[2011/05/18 13:30:12 | 000,001,689 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\avast! Free Antivirus.lnk
[2011/05/16 23:44:21 | 000,001,680 | ---- | C] () -- C:\Documents and Settings\Amy Meechan\Desktop\Microsoft Security Essentials.lnk
[2011/05/16 13:29:06 | 000,001,680 | ---- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Microsoft Security Essentials.lnk
[2011/05/16 13:01:02 | 000,000,664 | ---- | C] () -- C:\WINDOWS\System32\d3d9caps.dat
[2011/05/16 12:20:54 | 000,000,000 | ---- | C] () -- C:\WINDOWS\nsreg.dat
[2011/05/16 02:28:35 | 000,002,243 | ---- | C] () -- C:\WINDOWS\epplauncher.mif
[2011/05/16 02:15:46 | 001,006,778 | ---- | C] () -- C:\Documents and Settings\Amy Meechan\Desktop\iExplore.exe
[2011/05/15 09:16:09 | 000,015,778 | -HS- | C] () -- C:\Documents and Settings\Amy Meechan\Local Settings\Application Data\kqxjax25212syk721811b172n8n71yg66c
[2011/05/15 09:16:09 | 000,015,778 | -HS- | C] () -- C:\Documents and Settings\All Users\Application Data\kqxjax25212syk721811b172n8n71yg66c
[2011/05/13 15:09:29 | 000,103,784 | ---- | C] () -- C:\Documents and Settings\Amy Meechan\GoToAssistDownloadHelper.exe
[2011/05/13 13:30:23 | 000,001,775 | ---- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\McAfee Virtual Technician.lnk
[2011/05/13 11:41:06 | 000,012,308 | -HS- | C] () -- C:\Documents and Settings\Amy Meechan\Local Settings\Application Data\13nnf18pd0364y8w46p0i346m583t86kk1odd1c8w0
[2011/05/13 11:41:06 | 000,012,308 | -HS- | C] () -- C:\Documents and Settings\All Users\Application Data\13nnf18pd0364y8w46p0i346m583t86kk1odd1c8w0
[2011/04/16 00:19:09 | 000,012,674 | -HS- | C] () -- C:\Documents and Settings\Amy Meechan\Local Settings\Application Data\b513h2vulke4
[2011/04/16 00:19:09 | 000,012,674 | -HS- | C] () -- C:\Documents and Settings\All Users\Application Data\b513h2vulke4
[2011/03/22 10:14:16 | 000,031,104 | ---- | C] () -- C:\WINDOWS\System32\wrLZMA.dll
[2011/03/22 10:14:10 | 000,016,256 | ---- | C] () -- C:\WINDOWS\System32\SsiEfr.exe
[2010/12/09 12:13:22 | 000,709,456 | ---- | C] () -- C:\WINDOWS\is-UF32K.exe
[2009/10/11 15:00:13 | 000,097,688 | -H-- | C] () -- C:\WINDOWS\System32\mlfcache.dat
[2009/07/15 12:59:38 | 000,051,304 | ---- | C] () -- C:\WINDOWS\System32\drivers\atnt40k.sys
[2009/05/11 08:55:08 | 000,000,164 | ---- | C] () -- C:\WINDOWS\install.dat
[2008/09/01 19:16:10 | 000,000,000 | ---- | C] () -- C:\WINDOWS\SETUP32.INI
[2008/09/01 17:26:20 | 000,007,284 | ---- | C] () -- C:\WINDOWS\rrm46.dat
[2008/09/01 17:17:02 | 000,000,298 | ---- | C] () -- C:\WINDOWS\EReg077.dat
[2008/09/01 17:16:41 | 000,000,033 | ---- | C] () -- C:\WINDOWS\TLCAPPS.INI
[2008/01/15 16:43:40 | 000,045,056 | ---- | C] () -- C:\WINDOWS\System32\MediaMan.dll
[2008/01/15 16:43:30 | 000,024,576 | ---- | C] () -- C:\WINDOWS\System32\XNS_web.dll
[2008/01/15 16:43:18 | 000,102,400 | ---- | C] () -- C:\WINDOWS\System32\device_shr_web.dll
[2008/01/15 16:43:06 | 000,106,496 | ---- | C] () -- C:\WINDOWS\System32\device_dvr_web.dll
[2007/10/22 03:49:52 | 001,805,306 | ---- | C] () -- C:\Program Files\Common Files\NOV2007_d3dx9_36_x64.cab
[2007/10/22 03:49:50 | 000,867,848 | ---- | C] () -- C:\Program Files\Common Files\NOV2007_d3dx10_36_x64.cab
[2007/10/22 03:49:48 | 001,712,608 | ---- | C] () -- C:\Program Files\Common Files\NOV2007_d3dx9_36_x86.cab
[2007/10/22 03:49:48 | 000,807,132 | ---- | C] () -- C:\Program Files\Common Files\NOV2007_d3dx10_36_x86.cab
[2007/10/22 03:49:48 | 000,200,010 | ---- | C] () -- C:\Program Files\Common Files\NOV2007_XACT_x64.cab
[2007/10/22 03:49:48 | 000,151,512 | ---- | C] () -- C:\Program Files\Common Files\NOV2007_XACT_x86.cab
[2007/10/22 03:49:48 | 000,049,392 | ---- | C] () -- C:\Program Files\Common Files\NOV2007_X3DAudio_x64.cab
[2007/10/22 03:49:48 | 000,044,850 | ---- | C] () -- C:\Program Files\Common Files\dxdllreg_x86.cab
[2007/10/22 03:49:48 | 000,021,744 | ---- | C] () -- C:\Program Files\Common Files\NOV2007_X3DAudio_x86.cab
[2007/10/22 03:31:06 | 001,611,374 | ---- | C] () -- C:\Program Files\Common Files\JUN2007_d3dx9_34_x64.cab
[2007/10/22 03:31:06 | 001,610,886 | ---- | C] () -- C:\Program Files\Common Files\JUN2007_d3dx9_34_x86.cab
[2007/10/22 03:31:06 | 001,413,862 | ---- | C] () -- C:\Program Files\Common Files\OCT2006_d3dx9_31_x64.cab
[2007/10/22 03:31:06 | 001,128,177 | ---- | C] () -- C:\Program Files\Common Files\OCT2006_d3dx9_31_x86.cab
[2007/10/22 03:31:06 | 000,702,644 | ---- | C] () -- C:\Program Files\Common Files\JUN2007_d3dx10_34_x64.cab
[2007/10/22 03:31:06 | 000,702,072 | ---- | C] () -- C:\Program Files\Common Files\JUN2007_d3dx10_34_x86.cab
[2007/10/22 03:31:06 | 000,200,722 | ---- | C] () -- C:\Program Files\Common Files\JUN2007_XACT_x64.cab
[2007/10/22 03:31:06 | 000,183,321 | ---- | C] () -- C:\Program Files\Common Files\OCT2006_XACT_x64.cab
[2007/10/22 03:31:06 | 000,181,745 | ---- | C] () -- C:\Program Files\Common Files\JUN2006_XACT_x64.cab
[2007/10/22 03:31:06 | 000,156,509 | ---- | C] () -- C:\Program Files\Common Files\JUN2007_XACT_x86.cab
[2007/10/22 03:31:06 | 000,138,977 | ---- | C] () -- C:\Program Files\Common Files\OCT2006_XACT_x86.cab
[2007/10/22 03:31:06 | 000,134,631 | ---- | C] () -- C:\Program Files\Common Files\JUN2006_XACT_x86.cab
[2007/10/22 03:31:06 | 000,086,925 | ---- | C] () -- C:\Program Files\Common Files\Oct2005_xinput_x64.cab
[2007/10/22 03:31:06 | 000,086,802 | ---- | C] () -- C:\Program Files\Common Files\dxupdate.cab
[2007/10/22 03:31:06 | 000,046,247 | ---- | C] () -- C:\Program Files\Common Files\Oct2005_xinput_x86.cab
[2007/10/22 03:31:04 | 001,803,760 | ---- | C] () -- C:\Program Files\Common Files\AUG2007_d3dx9_35_x64.cab
[2007/10/22 03:31:04 | 001,711,752 | ---- | C] () -- C:\Program Files\Common Files\AUG2007_d3dx9_35_x86.cab
[2007/10/22 03:31:04 | 001,575,336 | ---- | C] () -- C:\Program Files\Common Files\DEC2006_d3dx9_32_x86.cab
[2007/10/22 03:31:04 | 001,572,114 | ---- | C] () -- C:\Program Files\Common Files\DEC2006_d3dx9_32_x64.cab
[2007/10/22 03:31:04 | 001,363,684 | ---- | C] () -- C:\Program Files\Common Files\Feb2006_d3dx9_29_x64.cab
[2007/10/22 03:31:04 | 001,358,864 | ---- | C] () -- C:\Program Files\Common Files\Dec2005_d3dx9_28_x64.cab
[2007/10/22 03:31:04 | 001,351,430 | ---- | C] () -- C:\Program Files\Common Files\Aug2005_d3dx9_27_x64.cab
[2007/10/22 03:31:04 | 001,336,890 | ---- | C] () -- C:\Program Files\Common Files\Jun2005_d3dx9_26_x64.cab
[2007/10/22 03:31:04 | 001,248,387 | ---- | C] () -- C:\Program Files\Common Files\Feb2005_d3dx9_24_x64.cab
[2007/10/22 03:31:04 | 001,085,608 | ---- | C] () -- C:\Program Files\Common Files\Feb2006_d3dx9_29_x86.cab
[2007/10/22 03:31:04 | 001,080,344 | ---- | C] () -- C:\Program Files\Common Files\Dec2005_d3dx9_28_x86.cab
[2007/10/22 03:31:04 | 001,078,532 | ---- | C] () -- C:\Program Files\Common Files\Aug2005_d3dx9_27_x86.cab
[2007/10/22 03:31:04 | 001,065,813 | ---- | C] () -- C:\Program Files\Common Files\Jun2005_d3dx9_26_x86.cab
[2007/10/22 03:31:04 | 001,014,113 | ---- | C] () -- C:\Program Files\Common Files\Feb2005_d3dx9_24_x86.cab
[2007/10/22 03:31:04 | 000,855,886 | ---- | C] () -- C:\Program Files\Common Files\AUG2007_d3dx10_35_x64.cab
[2007/10/22 03:31:04 | 000,800,467 | ---- | C] () -- C:\Program Files\Common Files\AUG2007_d3dx10_35_x86.cab
[2007/10/22 03:31:04 | 000,213,767 | ---- | C] () -- C:\Program Files\Common Files\DEC2006_d3dx10_00_x64.cab
[2007/10/22 03:31:04 | 000,201,696 | ---- | C] () -- C:\Program Files\Common Files\AUG2007_XACT_x64.cab
[2007/10/22 03:31:04 | 000,198,275 | ---- | C] () -- C:\Program Files\Common Files\FEB2007_XACT_x64.cab
[2007/10/22 03:31:04 | 000,193,435 | ---- | C] () -- C:\Program Files\Common Files\DEC2006_XACT_x64.cab
[2007/10/22 03:31:04 | 000,192,680 | ---- | C] () -- C:\Program Files\Common Files\DEC2006_d3dx10_00_x86.cab
[2007/10/22 03:31:04 | 000,183,863 | ---- | C] () -- C:\Program Files\Common Files\AUG2006_XACT_x64.cab
[2007/10/22 03:31:04 | 000,179,247 | ---- | C] () -- C:\Program Files\Common Files\Feb2006_XACT_x64.cab
[2007/10/22 03:31:04 | 000,156,612 | ---- | C] () -- C:\Program Files\Common Files\AUG2007_XACT_x86.cab
[2007/10/22 03:31:04 | 000,154,825 | ---- | C] () -- C:\Program Files\Common Files\APR2007_XACT_x86.cab
[2007/10/22 03:31:04 | 000,151,583 | ---- | C] () -- C:\Program Files\Common Files\FEB2007_XACT_x86.cab
[2007/10/22 03:31:04 | 000,146,559 | ---- | C] () -- C:\Program Files\Common Files\DEC2006_XACT_x86.cab
[2007/10/22 03:31:04 | 000,138,195 | ---- | C] () -- C:\Program Files\Common Files\AUG2006_XACT_x86.cab
[2007/10/22 03:31:04 | 000,133,297 | ---- | C] () -- C:\Program Files\Common Files\Feb2006_XACT_x86.cab
[2007/10/22 03:31:04 | 000,100,417 | ---- | C] () -- C:\Program Files\Common Files\APR2007_xinput_x64.cab
[2007/10/22 03:31:04 | 000,088,102 | ---- | C] () -- C:\Program Files\Common Files\AUG2006_xinput_x64.cab
[2007/10/22 03:31:04 | 000,056,902 | ---- | C] () -- C:\Program Files\Common Files\APR2007_xinput_x86.cab
[2007/10/22 03:31:04 | 000,047,018 | ---- | C] () -- C:\Program Files\Common Files\AUG2006_xinput_x86.cab
[2007/10/22 03:31:02 | 013,265,040 | ---- | C] () -- C:\Program Files\Common Files\dxnt.cab
[2007/10/22 03:31:02 | 004,163,518 | ---- | C] () -- C:\Program Files\Common Files\Apr2006_MDX1_x86_Archive.cab
[2007/10/22 03:31:02 | 001,610,958 | ---- | C] () -- C:\Program Files\Common Files\APR2007_d3dx9_33_x64.cab
[2007/10/22 03:31:02 | 001,609,639 | ---- | C] () -- C:\Program Files\Common Files\APR2007_d3dx9_33_x86.cab
[2007/10/22 03:31:02 | 001,398,718 | ---- | C] () -- C:\Program Files\Common Files\Apr2006_d3dx9_30_x64.cab
[2007/10/22 03:31:02 | 001,348,242 | ---- | C] () -- C:\Program Files\Common Files\Apr2005_d3dx9_25_x64.cab
[2007/10/22 03:31:02 | 001,156,363 | ---- | C] () -- C:\Program Files\Common Files\BDANT.cab
[2007/10/22 03:31:02 | 001,116,109 | ---- | C] () -- C:\Program Files\Common Files\Apr2006_d3dx9_30_x86.cab
[2007/10/22 03:31:02 | 001,079,850 | ---- | C] () -- C:\Program Files\Common Files\Apr2005_d3dx9_25_x86.cab
[2007/10/22 03:31:02 | 000,976,020 | ---- | C] () -- C:\Program Files\Common Files\BDAXP.cab
[2007/10/22 03:31:02 | 000,917,318 | ---- | C] () -- C:\Program Files\Common Files\Apr2006_MDX1_x86.cab
[2007/10/22 03:31:02 | 000,702,212 | ---- | C] () -- C:\Program Files\Common Files\APR2007_d3dx10_33_x64.cab
[2007/10/22 03:31:02 | 000,699,465 | ---- | C] () -- C:\Program Files\Common Files\APR2007_d3dx10_33_x86.cab
[2007/10/22 03:31:02 | 000,199,366 | ---- | C] () -- C:\Program Files\Common Files\APR2007_XACT_x64.cab
[2007/10/22 03:31:02 | 000,180,021 | ---- | C] () -- C:\Program Files\Common Files\Apr2006_XACT_x64.cab
[2007/10/22 03:31:02 | 000,133,991 | ---- | C] () -- C:\Program Files\Common Files\Apr2006_XACT_x86.cab
[2007/10/22 03:31:02 | 000,087,989 | ---- | C] () -- C:\Program Files\Common Files\Apr2006_xinput_x64.cab
[2007/10/22 03:31:02 | 000,046,898 | ---- | C] () -- C:\Program Files\Common Files\Apr2006_xinput_x86.cab
[2007/06/22 16:13:36 | 000,000,032 | ---- | C] () -- C:\WINDOWS\CD_Start.INI
[2007/06/19 16:08:44 | 000,036,864 | ---- | C] () -- C:\WINDOWS\System32\TrustZoneRegister.dll
[2007/05/09 09:44:46 | 000,074,240 | ---- | C] () -- C:\WINDOWS\System32\zlibwapi.dll
[2007/05/03 00:38:12 | 000,000,002 | ---- | C] () -- C:\WINDOWS\msoffice.ini
[2007/03/05 14:34:28 | 000,676,224 | ---- | C] () -- C:\WINDOWS\System32\OGACheckControl.DLL
[2006/11/20 10:46:49 | 000,000,214 | ---- | C] () -- C:\WINDOWS\HP_48BitScanUpdatePatch.ini
[2006/11/18 09:54:40 | 000,006,048 | ---- | C] () -- C:\WINDOWS\System32\MCC16.dll
[2006/06/30 07:03:25 | 000,520,192 | ---- | C] () -- C:\WINDOWS\System32\CddbPlaylist2Sony.dll
[2006/05/23 17:34:47 | 000,000,227 | ---- | C] () -- C:\WINDOWS\HP_CounterReport_Update_HPSU.ini
[2006/05/23 17:33:52 | 000,000,228 | ---- | C] () -- C:\WINDOWS\HP_ISRegionListUpdatelog_HPSU.ini
[2006/05/23 17:33:19 | 000,000,214 | ---- | C] () -- C:\WINDOWS\HP_InstantSHareJPG.ini
[2006/05/23 17:32:57 | 000,000,217 | ---- | C] () -- C:\WINDOWS\HP_IZClosingDiscErrorPatch.ini
[2006/04/23 17:56:56 | 000,000,206 | ---- | C] () -- C:\WINDOWS\HPGdiPlus.ini
[2006/04/07 06:18:12 | 000,102,912 | ---- | C] () -- C:\WINDOWS\System32\islzma.dll
[2006/04/07 06:18:07 | 000,684,032 | ---- | C] () -- C:\WINDOWS\libeay32.dll
[2006/04/07 06:18:07 | 000,155,648 | ---- | C] () -- C:\WINDOWS\ssleay32.dll
[2006/04/05 12:48:29 | 000,000,234 | ---- | C] () -- C:\WINDOWS\PrnHlpLogConfig.ini
[2006/03/24 06:50:01 | 000,000,221 | ---- | C] () -- C:\WINDOWS\HP_RedboxHprblog_HPSU.ini
[2006/03/08 09:20:17 | 000,000,063 | ---- | C] () -- C:\WINDOWS\mdm.ini
[2006/02/25 14:13:08 | 000,000,218 | ---- | C] () -- C:\WINDOWS\ka.ini
[2006/01/20 18:12:49 | 000,077,824 | R--- | C] () -- C:\WINDOWS\System32\hpzids01.dll
[2006/01/20 17:38:15 | 000,080,487 | ---- | C] () -- C:\WINDOWS\HPHins08.dat
[2006/01/20 17:38:15 | 000,004,011 | ---- | C] () -- C:\WINDOWS\hphmdl08.dat
[2006/01/09 08:51:35 | 000,001,751 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\QTSBandwidthCache
[2005/12/28 08:02:10 | 000,000,224 | ---- | C] () -- C:\WINDOWS\prestopm.INI
[2005/12/26 23:13:12 | 000,007,680 | ---- | C] () -- C:\WINDOWS\System32\CNMVS6y.DLL
[2005/12/26 23:03:57 | 000,040,960 | ---- | C] () -- C:\WINDOWS\System32\IPPCPUID.DLL
[2005/12/26 23:03:57 | 000,000,105 | ---- | C] () -- C:\WINDOWS\UMXADDIN.INI
[2005/12/26 23:03:44 | 000,011,776 | ---- | C] () -- C:\WINDOWS\System32\pmsbfn32.dll
[2005/12/26 23:02:24 | 000,000,074 | ---- | C] () -- C:\WINDOWS\PMINI.ini
[2005/12/26 23:01:03 | 000,000,532 | ---- | C] () -- C:\WINDOWS\MAXLINK.INI
[2005/12/26 22:57:47 | 000,000,398 | ---- | C] () -- C:\WINDOWS\System32\CNCMP60.INI
[2005/12/26 22:57:41 | 000,020,480 | ---- | C] () -- C:\WINDOWS\System32\CNCFMS60.EXE
[2005/07/18 23:36:39 | 000,000,037 | ---- | C] () -- C:\WINDOWS\ipixActivex.ini
[2005/05/06 15:48:36 | 000,006,550 | ---- | C] () -- C:\WINDOWS\jautoexp.dat
[2005/04/21 10:23:18 | 000,000,000 | ---- | C] () -- C:\WINDOWS\iPlayer.INI
[2004/11/21 17:01:48 | 000,000,000 | ---- | C] () -- C:\WINDOWS\ump.INI
[2004/11/19 13:44:38 | 000,000,000 | ---- | C] () -- C:\WINDOWS\DVRViewer.INI
[2004/10/27 08:27:32 | 000,363,520 | ---- | C] () -- C:\WINDOWS\System32\psisdecd.dll
[2004/10/25 12:41:44 | 000,004,569 | ---- | C] () -- C:\WINDOWS\System32\secupd.dat
[2004/10/24 22:32:34 | 000,000,023 | ---- | C] () -- C:\WINDOWS\kodakpcd.Amy Meechan.ini
[2004/09/11 00:22:49 | 000,131,072 | R--- | C] () -- C:\WINDOWS\System32\SCCD3X01.DLL
[2004/08/04 11:53:42 | 000,000,045 | ---- | C] () -- C:\WINDOWS\GECGHNHL.ini
[2004/06/12 22:21:59 | 000,000,814 | ---- | C] () -- C:\WINDOWS\cdPlayer.ini
[2004/05/30 15:08:33 | 000,000,134 | ---- | C] () -- C:\Documents and Settings\Amy Meechan\Local Settings\Application Data\fusioncache.dat
[2004/05/22 23:47:28 | 000,000,225 | ---- | C] () -- C:\WINDOWS\PowerReg.dat
[2004/05/22 22:45:38 | 000,001,531 | ---- | C] () -- C:\WINDOWS\EReg515.dat
[2004/05/22 22:45:16 | 000,010,240 | ---- | C] () -- C:\WINDOWS\System32\vidx16.dll
[2004/05/22 22:43:30 | 000,001,253 | ---- | C] () -- C:\WINDOWS\disney.ini
[2004/05/16 14:26:56 | 000,000,021 | ---- | C] () -- C:\WINDOWS\DVDSentry.ini
[2004/05/09 10:53:53 | 000,306,688 | ---- | C] () -- C:\WINDOWS\System32\LFFPX7.DLL
[2004/05/09 10:53:53 | 000,095,232 | ---- | C] () -- C:\WINDOWS\System32\LFKODAK.DLL
[2004/05/09 10:53:35 | 000,044,544 | ---- | C] () -- C:\WINDOWS\System32\gif89.dll
[2004/05/09 10:53:03 | 000,000,243 | ---- | C] () -- C:\WINDOWS\SIERRA.INI
[2004/05/05 23:55:21 | 000,032,768 | ---- | C] () -- C:\WINDOWS\System32\instlsp.exe
[2004/05/05 23:51:12 | 000,001,793 | ---- | C] () -- C:\WINDOWS\System32\fxsperf.ini
[2004/05/05 23:01:32 | 000,022,016 | ---- | C] () -- C:\Documents and Settings\Amy Meechan\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2004/04/28 07:34:54 | 000,000,376 | ---- | C] () -- C:\WINDOWS\ODBC.INI
[2004/04/23 10:13:42 | 000,061,678 | ---- | C] () -- C:\Documents and Settings\Amy Meechan\Application Data\PFP110JPR.{PB
[2004/04/23 10:13:42 | 000,012,358 | ---- | C] () -- C:\Documents and Settings\Amy Meechan\Application Data\PFP110JCM.{PB
[2004/04/15 05:09:06 | 000,000,061 | ---- | C] () -- C:\WINDOWS\smscfg.ini
[2004/04/15 05:04:47 | 000,149,504 | ---- | C] () -- C:\WINDOWS\UNWISE.EXE
[2004/04/15 05:00:45 | 000,000,185 | ---- | C] () -- C:\WINDOWS\wininit.ini
[2004/04/15 04:50:46 | 000,002,048 | --S- | C] () -- C:\WINDOWS\BOOTSTAT.DAT
[2004/04/15 04:49:10 | 000,508,266 | ---- | C] () -- C:\WINDOWS\System32\PERFH009.DAT
[2004/04/15 04:49:10 | 000,092,144 | ---- | C] () -- C:\WINDOWS\System32\PERFC009.DAT
[2004/04/15 04:36:42 | 000,000,550 | ---- | C] () -- C:\WINDOWS\System32\OEMINFO.INI
[2004/01/22 15:00:48 | 000,425,408 | ---- | C] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2004/01/22 14:59:18 | 000,000,258 | ---- | C] () -- C:\WINDOWS\System32\BDEMERGE.INI
[2004/01/22 14:58:10 | 000,000,900 | ---- | C] () -- C:\WINDOWS\ORUN32.INI
[2003/05/31 17:43:00 | 000,005,632 | ---- | C] () -- C:\WINDOWS\TrueProcess.exe
[2002/09/03 06:59:14 | 000,004,161 | ---- | C] () -- C:\WINDOWS\ODBCINST.INI
[2002/09/03 06:56:30 | 000,021,640 | ---- | C] () -- C:\WINDOWS\System32\emptyregdb.dat
[2002/09/03 06:31:46 | 013,107,200 | ---- | C] () -- C:\WINDOWS\System32\oembios.bin
[2002/09/03 06:31:44 | 000,004,594 | ---- | C] () -- C:\WINDOWS\System32\oembios.dat
[2002/08/29 03:00:00 | 000,673,088 | ---- | C] () -- C:\WINDOWS\System32\MLANG.DAT
[2002/08/29 03:00:00 | 000,272,128 | ---- | C] () -- C:\WINDOWS\System32\PERFI009.DAT
[2002/08/29 03:00:00 | 000,218,003 | ---- | C] () -- C:\WINDOWS\System32\DSSEC.DAT
[2002/08/29 03:00:00 | 000,046,258 | ---- | C] () -- C:\WINDOWS\System32\MIB.BIN
[2002/08/29 03:00:00 | 000,028,626 | ---- | C] () -- C:\WINDOWS\System32\PERFD009.DAT
[2002/08/29 03:00:00 | 000,001,804 | ---- | C] () -- C:\WINDOWS\System32\dcache.bin
[2002/08/29 03:00:00 | 000,000,741 | ---- | C] () -- C:\WINDOWS\System32\NOISE.DAT
[2001/08/23 12:00:00 | 000,022,400 | ---- | C] () -- C:\WINDOWS\System32\drivers\SbcpHid.sys

========== Alternate Data Streams ==========

@Alternate Data Stream - 88 bytes -> C:\Documents and Settings\Amy Meechan\webct_upload_applet.properties:SummaryInformation
@Alternate Data Stream - 88 bytes -> C:\Documents and Settings\Amy Meechan\Desktop\iExplore.exe:SummaryInformation
@Alternate Data Stream - 155 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:619D6FE6
@Alternate Data Stream - 144 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:38760F1C
@Alternate Data Stream - 132 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:7C017FB1
@Alternate Data Stream - 130 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:140CF428
@Alternate Data Stream - 129 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:98F0614F
@Alternate Data Stream - 124 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:F8342E7B
@Alternate Data Stream - 121 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:522EA216
@Alternate Data Stream - 120 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:8DE807EE
@Alternate Data Stream - 114 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:20C69EEE
@Alternate Data Stream - 112 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:2CFBE2D1
@Alternate Data Stream - 110 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:F3F95A98

< End of report >

#8 kmeechan

kmeechan
  • Topic Starter

  • Members
  • 54 posts
  • OFFLINE
  •  
  • Local time:06:11 AM

Posted 06 June 2011 - 02:21 PM

here is the OTL extras log:

OTL Extras logfile created on: 6/6/2011 11:07:12 AM - Run 1
OTL by OldTimer - Version 3.2.23.0 Folder = C:\Documents and Settings\Amy Meechan\Desktop
Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

1.50 Gb Total Physical Memory | 0.39 Gb Available Physical Memory | 26.00% Memory free
2.10 Gb Paging File | 0.96 Gb Available in Paging File | 45.81% Paging File free
Paging file location(s): C:\pagefile.sys 768 1536 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 74.47 Gb Total Space | 9.68 Gb Free Space | 13.00% Space Free | Partition Type: NTFS

Computer Name: DELL | User Name: Amy Meechan | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Extra Registry (SafeList) ==========


========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*

[HKEY_USERS\S-1-5-21-2154351683-1843223600-758978945-1007\SOFTWARE\Classes\<extension>]
.bat [@ = batfile] -- Reg Error: Key error. File not found
.hta [@ = htafile] -- Reg Error: Key error. File not found
.html [@ = htmlfile] -- Reg Error: Key error. File not found
.url [@ = InternetShortcut] -- Reg Error: Key error. File not found

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
exefile [open] -- "%1" %*
htmlfile [edit] -- "C:\Program Files\Microsoft Office\Office\msohtmed.exe" %1 (Microsoft Corporation)
htmlfile [print] -- "C:\Program Files\Microsoft Office\Office\msohtmed.exe" /p %1 (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"UpdatesDisableNotify" = 0
"AntiVirusOverride" = 0
"FirewallOverride" = 0
"AntiVirusDisableNotify" = 0
"FirewallDisableNotify" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]
"DisableMonitoring" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]
"DisableMonitoring" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]

========== System Restore Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"DisableSR" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Sr]
"Start" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SrService]
"Start" = 2

========== Firewall Settings ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\List]
"139:TCP" = 139:TCP:*:Enabled:@xpsp2res.dll,-22004
"445:TCP" = 445:TCP:*:Enabled:@xpsp2res.dll,-22005
"137:UDP" = 137:UDP:*:Enabled:@xpsp2res.dll,-22001
"138:UDP" = 138:UDP:*:Enabled:@xpsp2res.dll,-22002

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 0
"DoNotAllowExceptions" = 0
"DisableNotifications" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
"1900:UDP" = 1900:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22007
"2869:TCP" = 2869:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22008
"139:TCP" = 139:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22004
"445:TCP" = 445:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22005
"137:UDP" = 137:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22001
"138:UDP" = 138:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22002

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
"C:\Program Files\MSN Messenger\livecall.exe" = C:\Program Files\MSN Messenger\livecall.exe:*:Enabled:Windows Live Messenger 8.1 (Phone)

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"C:\Program Files\Kodak\KODAK Software Updater\7288971\Program\backWeb-7288971.exe" = C:\Program Files\Kodak\KODAK Software Updater\7288971\Program\backWeb-7288971.exe:*:Disabled:backWeb-7288971
"C:\Documents and Settings\Amy Meechan\Local Settings\Temp\~osC8.tmp\ossproxy.exe" = C:\Documents and Settings\Amy Meechan\Local Settings\Temp\~osC8.tmp\ossproxy.exe:*:Enabled:ossproxy.exe
"c:\windows\system32\rk.exe" = c:\windows\system32\rk.exe:*:Enabled:rk.exe
"C:\Program Files\Pelco\BOSS4\BOSS.BOSS" = C:\Program Files\Pelco\BOSS4\BOSS.BOSS:*:Enabled:B.O.S.S.
"C:\Program Files\Real\RealPlayer\realplay.exe" = C:\Program Files\Real\RealPlayer\realplay.exe:*:Enabled:RealOne Player
"C:\WINDOWS\SYSTEM32\fxsclnt.exe" = C:\WINDOWS\SYSTEM32\fxsclnt.exe:*:Enabled:Microsoft Fax Console -- (Microsoft Corporation)
"C:\Program Files\MsnMusic\4226251\MsnMusic.exe" = C:\Program Files\MsnMusic\4226251\MsnMusic.exe:*:Enabled:MsnMusic -- (Microsoft Corp.)
"C:\Program Files\MSN\MSNCoreFiles\msn.exe" = C:\Program Files\MSN\MSNCoreFiles\msn.exe:*:Enabled:msn -- (Microsoft Corporation)
"C:\Program Files\Samsung\SmartViewer 2.0 for ProDVR\SmartViewer.exe" = C:\Program Files\Samsung\SmartViewer 2.0 for ProDVR\SmartViewer.exe:*:Enabled:Viewer MFC ?? ????
"C:\Program Files\HP\HP Software Update\HPWUCli.exe" = C:\Program Files\HP\HP Software Update\HPWUCli.exe:*:Enabled:HP Software Update Client -- (Hewlett-Packard)
"C:\Program Files\MSN Messenger\livecall.exe" = C:\Program Files\MSN Messenger\livecall.exe:*:Enabled:Windows Live Messenger 8.1 (Phone)
"C:\Program Files\Common Files\McAfee\MNA\McNASvc.exe" = C:\Program Files\Common Files\McAfee\MNA\McNASvc.exe:*:Enabled:McAfee Network Agent
"C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe" = C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe:*:Enabled:McAfee Shared Service Host -- (McAfee, Inc.)


========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{00000000-785F-478A-BAA2-87F1A136068C}" = MSN Encarta Plus Support Files
"{00020409-78E1-11D2-B60F-006097C998E7}" = Microsoft Office 2000 SR-1 Standard
"{03B1B42B-F6DE-41d9-8CFF-DC44E895C7A7}" = PhotoGallery
"{04410044-9149-45C6-A806-F2BF9CFCE762}" = Microsoft Encarta Encyclopedia Standard 2004
"{0611BD4E-4FE4-4a62-B0C0-18A4CC463428}" = CP_Package_Variety1
"{06E6E30D-B498-442F-A943-07DE41D7F785}" = Microsoft Search Enhancement Pack
"{08234a0d-cf39-4dca-99f0-0c5cb496da81}" = Bing Bar
"{0840B4D6-7DD1-4187-8523-E6FC0007EFB7}" = Windows Live ID Sign-in Assistant
"{09984AEC-6B9F-4ca7-B78D-CB44D4771DA3}" = Destinations
"{109AB81D-9732-40B3-9C1F-113A86CE6F93}" = Canon MP Navigator 1.0
"{11F1920A-56A2-4642-B6E0-3B31A12C9288}" = Dell Solution Center
"{15EE79F4-4ED1-4267-9B0F-351009325D7D}" = HP Software Update
"{18A5DFF2-8A95-49F3-873F-743CB5549F3D}" = Canon ScanGear Starter
"{1BD07DF4-FB06-41BA-B896-B2DA59000C96}" = Windows Live Toolbar
"{1C139D7D-9FEA-468d-A9C8-2A6E3BDE564A}" = CP_Package_Variety3
"{1D643CD7-4DD6-11D7-A4E0-000874180BB3}" = Microsoft Money 2004
"{1EEDF3E1-C0EA-409B-A772-164EF9AB3BCE}" = Hallmark Card Studio 2
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{1FCC574F-AFA2-4432-9EF1-79CA7BA73431}_is1" = Spy Sweeper for MSN
"{205C6BDD-7B73-42DE-8505-9A093F35A238}" = Windows Live Upload Tool
"{21DB3D90-D816-4092-A260-CA3F6B55A6DD}" = Sonic_PrimoSDK
"{22B775E7-6C42-4FC5-8E10-9A5E3257BD94}" = MSVCRT
"{23A7B376-BBEC-4e76-BBD7-0F155E70D74B}" = CP_Panorama1Config
"{23BE930B-6AC4-4D0D-B5C3-03062A2BF2A3}" = OpenMG AAC Add-on Module 1.0.00
"{25EF00BE-F17B-11D6-88EA-000476CD2443}" = Verizon Online
"{2637C347-9DAD-11D6-9EA2-00055D0CA761}" = Dell Media Experience
"{26A24AE4-039D-4CA4-87B4-2F83216017FF}" = Java™ 6 Update 25
"{287ECFA4-719A-2143-A09B-D6A12DE54E40}" = Acrobat.com
"{2A981294-F14C-4F0F-9627-D793270922F8}" = Bonjour
"{2CADCEAB-D5DA-44D6-B5FC-7DEE87AB3C0C}" = Unload
"{308B6AEA-DE50-4666-996D-0FA461719D6B}" = Apple Mobile Device Support
"{30C19FF2-7FBA-4d09-B9DE-1659977F64F6}" = TrayApp
"{3175E049-F9A9-4A3D-8F19-AC9FB04514D1}" = Windows Live Communications Platform
"{32BDCCB8-9DC8-496d-9DB1-F77510775BDB}" = InstantShareDevices
"{32F66A20-7614-11D4-BD11-00104BD3F987}" = MathPlayer
"{33D6CC28-9F75-4d1b-A11D-98895B3A3729}" = HP Photosmart 330,380,420,470,7800,8000,8200 Series
"{350C97B0-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP
"{35BDEFF1-A610-4956-A00D-15453C116395}" = Internet Explorer Default Page
"{3633BA28-67CE-4AC8-A677-3406CA84C3D8}" = OpenMG Secure Module 4.5.01
"{36E47DA1-10E1-45d9-8B19-14D19607CDCF}" = CP_CalendarTemplates1
"{36FDBE6E-6684-462B-AE98-9A39A1B200CC}" = HP Product Assistant
"{3A1AB8E6-748E-4B95-AA2D-FE9952EB3106}" = OLYMPUS Master 2
"{3F5B6210-0903-4DC6-8034-8F488AA3A782}" = Spy Sweeper Core
"{3F92ABBB-6BBF-11D5-B229-002078017FBF}" = Modem On Hold
"{3FF3DD04-F386-46B0-97FC-B86238B65487}" = Canon MP Drivers 6.0
"{474F25F5-BDC9-40E5-B1B6-F6BF23FC106F}" = Windows Live Essentials
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4B9F45E8-E3CE-40B4-9463-80A9B3481DEF}" = Banctec Service Agreement
"{4F1CECBC-670F-4daa-81D6-944B12450917}" = DIGReqEx
"{512FA709-D3E8-4094-A1B5-39A2A08A8400}" = Microsoft Outlook Web Access S/MIME (2007)
"{51F96AEC-D902-4434-A0DC-B9692A21AE7C}" = MobileMe Control Panel
"{5264E937-B015-11D2-8C0E-00C04FBBCFF9}" = Microsoft Greetings 2000
"{53EE9E42-CECB-4C92-BF76-9CA65DAF8F1C}" = FullDPAppQFolder
"{5421155F-B033-49DB-9B33-8F80F233D4D5}" = GdiplusUpgrade
"{54F90B55-BEB3-4F0D-8802-228822FA5921}" = WordPerfect Office 11
"{56EE8B17-8274-418d-89AC-C057C5DB251E}" = RandMap
"{56F8AFC3-FA98-4ff1-9673-8A026CBF85BE}" = WebReg
"{57752979-A1C9-4C02-856B-FBB27AC4E02C}" = QuickTime
"{5A01C58E-B0EC-49b9-AD71-7C0468688087}" = CP_Package_Basic1
"{5BE42A03-E7B8-42A9-B1BB-FC48B03D58B8}" = Presto! PageManager 6.03
"{5F26311C-B135-4F7F-B11E-8E650F83651E}" = DeviceFunctionQFolder
"{63505193-EE81-450B-9F74-B1F25FAE64B7}" = Rand McNally SGDE Engine V6.3
"{63569CE9-FA00-469C-AF5C-E5D4D93ACF91}" = Windows Genuine Advantage v1.3.0254.0
"{6412CECE-8172-4BE5-935B-6CECACD2CA87}" = Windows Live Mail
"{66BA8C26-AFE4-4408-807B-43E76B57EF53}" = SkinsHP1
"{66E6CE0C-5A1E-430C-B40A-0C90FF1804A8}" = eSupportQFolder
"{6811CAA0-BF12-11D4-9EA1-0050BAE317E1}" = PowerDVD
"{68D60342-7686-45C9-B8EB-40EF843D0460}" = Dell Networking Guide
"{6956856F-B6B3-4BE0-BA0B-8F495BE32033}" = Apple Software Update
"{6FC334FD-3FBB-42D5-816F-0951019581E7}" = Rand McNally Street Guide King, Pierce, & Snohomish
"{716E0306-8318-4364-8B8F-0CC4E9376BAC}" = MSXML 4.0 SP2 Parser and SDK
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{755EC5E3-FD51-46bd-A57F-7A2D56FBF061}" = PSTAPlugin
"{75B6C1BF-B98C-4B99-BD0D-CC9BF16C490D}" = Clifford Phonics
"{769A295C-DCF4-41d6-AFBA-7D9394B23AFE}" = PSPrinters08
"{76EFFC7C-17A6-479D-9E47-8E658C1695AE}" = Windows Backup Utility
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{774088D4-0777-4D78-904D-E435B318F5D2}" = Microsoft Antimalware
"{77A776C4-D10F-416D-88F0-53F2D9DCD9B3}" = Microsoft Security Client
"{79D5997E-BF79-48BB-8B41-9BE59C15C2D7}" = OmniPage SE 2.0
"{7A0EFAFB-AC4B-4B88-8C6B-6731BE88DB68}" = Modem Event Monitor
"{7C0BF6E9-7021-46E4-87B3-4C4587256A22}" = Masque IGT Slots Wolf Run
"{7D1DCBBA-F6F5-42B4-B90B-F04ACE4DFD6C}" = MSN Search Toolbar
"{7E27304E-BAA2-4d90-A34E-76641FAFABB4}" = CP_AtenaShokunin1Config
"{7F142D56-3326-11D5-B229-002078017FBF}" = Modem Helper
"{81A34902-9D0B-4920-A25C-4CDC5D14B328}" = Jasc Paint Shop Pro 8 Dell Edition
"{86CE85E6-DBAC-3FFD-B977-E4B79F83C909}" = Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570
"{89EE857B-8970-4F9F-AB58-A1C873AC72B3}" = Broadcom Management Programs
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8A708DD8-A5E6-11D4-A706-000629E95E20}" = Intel® Extreme Graphics Driver
"{8A74E887-8F0F-4017-AF53-CBA42211AAA5}" = Microsoft Sync Framework Runtime Native v1.0 (x86)
"{8C64E145-54BA-11D6-91B1-00500462BE80}" = Microsoft Money 2004 System Pack
"{8DFD3DDA-6127-413a-83E7-5E03F17F2275}" = PS420
"{8E5233E1-7495-44FB-8DEB-4BE906D59619}" = Junk Mail filter update
"{8F41F431-071E-5B44-2EEE-5C51173D6498}" = MozyHome
"{90120000-0020-0409-0000-0000000FF1CE}" = Compatibility Pack for the 2007 Office system
"{90D55A3F-1D99-4C94-A77E-46DC14F0BF08}" = Help and Support Customization
"{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting
"{98DF85D9-96C0-4F57-A92E-C3539477EF5E}" = DVDSentry
"{9F7FC79B-3059-4264-9450-39EB368E3220}" = Microsoft Picture It! Library 9
"{A0EB195B-5876-48E6-879D-33D4B2102610}" = SonicStage 4.0
"{a0fe116e-9a8a-466f-aee0-625cb7c207e3}" = Microsoft Visual C++ 2005 Redistributable - KB2467175
"{A1F66FC9-11EE-4F2F-98C9-16F8D1E69FB7}" = Segoe UI
"{A2BCA9F1-566C-4805-97D1-7FDC93386723}" = Adobe AIR
"{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}" = Microsoft .NET Framework 3.0 Service Pack 2
"{A3455242-DAE0-4523-8242-FD82706ABF4B}" = CameraDrivers
"{A5BB5365-EFB4-44c3-A7E2-EB59B7EFD23D}" = CueTour
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{AB5D51AE-EBC3-438D-872C-705C7C2084B0}" = DeviceManagementQFolder
"{AC1D8269-A50C-4C1E-88D6-1B6E1320FEE8}" = Adventures in Typing with Timon and Pumbaa
"{AC76BA86-7AD7-1033-7B44-A94000000001}" = Adobe Reader 9.4.4
"{B4D279F1-4309-49cc-A4B5-3A0D2E59C7B5}" = PanoStandAlone
"{B4E96960-5F6B-48B9-A5BD-6A5A9BB4F027}" = Avery Wizard 3.1
"{B57EAFF2-D6EE-4C6C-9175-ED9F17BFC1BC}" = Windows Live Messenger
"{B824B5C9-849F-4b9e-9EA7-6FD8CD8116DA}" = CP_Package_Variety2
"{B95B1BA9-F887-4B3C-8D3A-CCD4C4675120}" = Microsoft Default Manager
"{B996AE66-10DB-4ac5-B151-E8B4BFBC42FC}" = BufferChm
"{BD64AF4A-8C80-4152-AD77-FCDDF05208AB}" = Microsoft Sync Framework Services Native v1.0 (x86)
"{BE50CAF7-C98E-4242-B476-C1BCEFC6E22E}" = Rand McNally SGDE Search Databases
"{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}" = Microsoft .NET Framework 2.0 Service Pack 2
"{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1
"{CC000127-5E5D-4A1C-90CB-EEAAAC1E3AC0}" = Jasc Paint Shop Photo Album
"{CDDCBBF1-2703-46BC-938B-BCC81A1EEAAA}" = SUPERAntiSpyware
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{D78653C3-A8FF-415F-92E6-D774E634FF2D}" = Dell ResourceCD
"{DADE7970-4E6A-11D4-8BA5-0050BAAA20E2}" = Jeopardy! 2nd Edition
"{DBA8B9E1-C6FF-4624-9598-73D3B41A0900}" = Microsoft Picture It! Express 9
"{E21DA178-9FB0-4F91-B79C-5A6DDEEBFB8D}" = Bing Bar Platform
"{E2883E8F-472F-4fb0-9522-AC9BF37916A7}" = Adobe Download Manager
"{E3F90083-80D4-4b5a-87C7-E97E12F5516D}" = HPProductAssistant
"{E6158D07-2637-4ECF-B576-37C489669174}" = Windows Live Call
"{EA103B64-C0E4-4C0E-A506-751590E1653D}" = SolutionCenter
"{EE6097DD-05F4-4178-9719-D3170BF098E8}" = Apple Application Support
"{F0E12BBA-AD66-4022-A453-A1C8A0C4D570}" = Microsoft Choice Guard
"{F4C2E5F5-2970-45f4-ABD3-C180C4D961C4}" = Status
"{FAE36873-1941-4076-A9A5-48812B5EA0B7}" = iTunes
"{FC4ED75D-916C-4A8C-BB67-3C6F6E06D62B}" = Banctec Service Agreement
"{FCC3BD6A-F118-475D-8748-7EE08EA0AF56}" = HDView for Internet Explorer
"040a_5005" = USB MassStorage CardReader
"3DGroove" = OTOY
"ActiveTouchMeetingClient" = Meeting Service
"Adobe AIR" = Adobe AIR
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Shockwave Player" = Adobe Shockwave Player 11
"avast" = avast! Free Antivirus
"Caterpillar" = Caterpillar (remove only)
"CCleaner" = CCleaner
"Dell Digital Jukebox Driver" = Dell Digital Jukebox Driver
"DellSupport" = Dell Support 5.0.0 (766)
"Easy-PhotoPrint" = Canon Utilities Easy-PhotoPrint
"Easy-WebPrint" = Easy-WebPrint
"egamestoolbar" = eGames Toolbar
"Google Updater" = Google Updater
"Grp Conv Removal Tool_is1" = Grp Conv Removal Tool
"HP Imaging Device Functions" = HP Imaging Device Functions 5.3
"HP Photo & Imaging" = HP Image Zone 5.3
"HP Solution Center & Imaging Support Tools" = HP Solution Center & Imaging Support Tools 5.3
"IDNMitigationAPIs" = Microsoft Internationalized Domain Names Mitigation APIs
"ie8" = Windows Internet Explorer 8
"InstallShield_{23BE930B-6AC4-4D0D-B5C3-03062A2BF2A3}" = OpenMG AAC Add-on Module 1.0.00
"InstallShield_{3633BA28-67CE-4AC8-A677-3406CA84C3D8}" = OpenMG Secure Module 4.5.01
"InstallShield_{6FC334FD-3FBB-42D5-816F-0951019581E7}" = Rand McNally Street Guide King, Pierce, & Snohomish
"InstallShield_{89EE857B-8970-4F9F-AB58-A1C873AC72B3}" = Broadcom Management Programs
"Intel® 537EP V9x DF PCI Modem" = Intel® 537EP V9x DF PCI Modem
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware version 1.51.0.1200
"McAfee Virtual Technician" = McAfee Virtual Technician
"Microsoft .NET Framework 1.1 (1033)" = Microsoft .NET Framework 1.1
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Microsoft Security Client" = Microsoft Security Essentials
"Mozilla Firefox 4.0.1 (x86 en-US)" = Mozilla Firefox 4.0.1 (x86 en-US)
"MSC" = McAfee SecurityCenter
"MSCompPackV1" = Microsoft Compression Client Pack 1.0 for Windows XP
"MSN Entertainment Download Troubleshooter" = MSN Entertainment Download Troubleshooter
"MSN Music Assistant" = MSN Music Assistant
"MSNINST" = MSN
"NLSDownlevelMapping" = Microsoft National Language Support Downlevel APIs
"PictureIt_POD_v9" = Microsoft Picture It! Library 9
"PictureIt_v9" = Microsoft Picture It! Express 9
"rrm46_32.exe" = Reader Rabbit's Math Ages 4-6
"Scholastic's I SPY Junior" = Scholastic's I SPY Junior
"Security Task Manager" = Security Task Manager 1.8c
"Shockwave" = Shockwave
"Slingo Quest (tb)" = Slingo Quest (tb) (remove only)
"SpongeBob SquarePants Typing" = SpongeBob SquarePants Typing
"SpongeBob: Truth or Square" = SpongeBob: Truth or Square
"Verizon Help and Support" = Verizon Help and Support Tool
"Who Wants To Be A Millionaire 2nd Edition" = Who Wants To Be A Millionaire 2nd Edition
"WIC" = Windows Imaging Component
"Windows Media Format Runtime" = Windows Media Format 11 runtime
"Windows Media Player" = Windows Media Player 11
"Windows XP Service Pack" = Windows XP Service Pack 3
"WinLiveSuite_Wave3" = Windows Live Essentials
"WMFDist11" = Windows Media Format 11 runtime
"wmp11" = Windows Media Player 11
"Wudf01000" = Microsoft User-Mode Driver Framework Feature Pack 1.0

========== HKEY_USERS Uninstall List ==========

[HKEY_USERS\S-1-5-21-2154351683-1843223600-758978945-1007\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"UnityWebPlayer" = Unity Web Player

========== Last 10 Event Log Errors ==========

[ Application Events ]
Error - 6/1/2011 2:24:29 AM | Computer Name = DELL | Source = Application Error | ID = 1000
Description = Faulting application outlook.exe, version 9.0.0.6604, faulting module
unknown, version 0.0.0.0, fault address 0x3ff54578.

Error - 6/1/2011 11:51:58 PM | Computer Name = DELL | Source = Application Error | ID = 1000
Description = Faulting application outlook.exe, version 9.0.0.6604, faulting module
unknown, version 0.0.0.0, fault address 0x3ff54578.

Error - 6/2/2011 7:28:17 PM | Computer Name = DELL | Source = Application Error | ID = 1000
Description = Faulting application outlook.exe, version 9.0.0.6604, faulting module
unknown, version 0.0.0.0, fault address 0x3ff54578.

Error - 6/2/2011 8:06:48 PM | Computer Name = DELL | Source = Application Error | ID = 1000
Description = Faulting application explorer.exe, version 6.0.2900.5512, faulting
module unknown, version 0.0.0.0, fault address 0x03fd23ac.

Error - 6/4/2011 11:07:34 AM | Computer Name = DELL | Source = Application Error | ID = 1000
Description = Faulting application outlook.exe, version 9.0.0.6604, faulting module
unknown, version 0.0.0.0, fault address 0x3ff54578.

Error - 6/5/2011 10:25:51 AM | Computer Name = DELL | Source = Application Error | ID = 1000
Description = Faulting application outlook.exe, version 9.0.0.6604, faulting module
unknown, version 0.0.0.0, fault address 0x3ff54578.

Error - 6/6/2011 6:45:07 AM | Computer Name = DELL | Source = Application Hang | ID = 1002
Description = Hanging application mbam.exe, version 1.51.0.1074, hang module hungapp,
version 0.0.0.0, hang address 0x00000000.

Error - 6/6/2011 6:45:22 AM | Computer Name = DELL | Source = Application Hang | ID = 1002
Description = Hanging application mbam.exe, version 1.51.0.1074, hang module hungapp,
version 0.0.0.0, hang address 0x00000000.

Error - 6/6/2011 6:46:00 AM | Computer Name = DELL | Source = Application Hang | ID = 1002
Description = Hanging application mbam.exe, version 1.51.0.1074, hang module hungapp,
version 0.0.0.0, hang address 0x00000000.

Error - 6/6/2011 6:46:22 AM | Computer Name = DELL | Source = Application Hang | ID = 1002
Description = Hanging application mbam-setup.tmp, version 51.52.0.0, hang module
hungapp, version 0.0.0.0, hang address 0x00000000.

[ System Events ]
Error - 6/3/2011 10:06:46 AM | Computer Name = DELL | Source = W32Time | ID = 39452701
Description = The time provider NtpClient is configured to acquire time from one
or more time sources, however none of the sources are currently accessible. No attempt
to contact a source will be made for 14 minutes. NtpClient has no source of accurate
time.

Error - 6/3/2011 10:11:45 AM | Computer Name = DELL | Source = W32Time | ID = 39452689
Description = Time Provider NtpClient: An error occurred during DNS lookup of the
manually configured peer 'time-a.nist.gov,0x1'. NtpClient will try the DNS lookup
again in 15 minutes. The error was: A socket operation was attempted to an unreachable
host. (0x80072751)

Error - 6/3/2011 10:11:45 AM | Computer Name = DELL | Source = W32Time | ID = 39452701
Description = The time provider NtpClient is configured to acquire time from one
or more time sources, however none of the sources are currently accessible. No attempt
to contact a source will be made for 14 minutes. NtpClient has no source of accurate
time.

Error - 6/3/2011 4:19:06 PM | Computer Name = DELL | Source = atapi | ID = 262153
Description = The device, \Device\Ide\IdePort1, did not respond within the timeout
period.

Error - 6/3/2011 6:52:51 PM | Computer Name = DELL | Source = W32Time | ID = 39452689
Description = Time Provider NtpClient: An error occurred during DNS lookup of the
manually configured peer 'time-a.nist.gov,0x1'. NtpClient will try the DNS lookup
again in 15 minutes. The error was: A socket operation was attempted to an unreachable
host. (0x80072751)

Error - 6/3/2011 6:52:51 PM | Computer Name = DELL | Source = W32Time | ID = 39452701
Description = The time provider NtpClient is configured to acquire time from one
or more time sources, however none of the sources are currently accessible. No attempt
to contact a source will be made for 14 minutes. NtpClient has no source of accurate
time.

Error - 6/3/2011 8:52:24 PM | Computer Name = DELL | Source = atapi | ID = 262153
Description = The device, \Device\Ide\IdePort1, did not respond within the timeout
period.

Error - 6/4/2011 10:48:38 AM | Computer Name = DELL | Source = DCOM | ID = 10010
Description = The server {209500FC-6B45-4693-8871-6296C4843751} did not register
with DCOM within the required timeout.

Error - 6/6/2011 5:27:22 AM | Computer Name = DELL | Source = atapi | ID = 262153
Description = The device, \Device\Ide\IdePort1, did not respond within the timeout
period.

Error - 6/6/2011 5:43:53 AM | Computer Name = DELL | Source = atapi | ID = 262153
Description = The device, \Device\Ide\IdePort1, did not respond within the timeout
period.


< End of report >

#9 SweetTech

SweetTech

    Agent ST


  • Members
  • 13,421 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Antarctica
  • Local time:09:11 AM

Posted 06 June 2011 - 02:34 PM

Hi!

Do you plan on using Avast or McAfee??

OTL Fix

We need to run an OTL Fix
  • Please reopen Posted Image on your desktop.
  • Copy and Paste the following code into the Posted Image textbox.
    :Services
    :OTL
    IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = 127.0.0.1;127.0.0.1 citrix.protectionone.com;<local>;localhost;*.local
    IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyServer" = http=127.0.0.1:9022
    IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = 127.0.0.1;127.0.0.1 citrix.protectionone.com;<local>;localhost;*.local
    IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyServer" = http=127.0.0.1:9022
    IE - HKU\S-1-5-21-2154351683-1843223600-758978945-1007\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = 127.0.0.1;127.0.0.1 citrix.protectionone.com;<local>;localhost;*.local
    IE - HKU\S-1-5-21-2154351683-1843223600-758978945-1007\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyServer" = http=127.0.0.1:9022
    O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - No CLSID value found.
    O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found.
    O2 - BHO: (no name) - {FDD3B846-8D59-4ffb-8758-209B6AD74ACC} - No CLSID value found.
    O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
    O16 - DPF: {46D8BEE7-0B27-4466-ABA2-A5F1E157971C} http://65.254.18.46:100/RemoteWeb.cab (Reg Error: Key error.)
    O16 - DPF: {49232000-16E4-426C-A231-62846947304B} http://ipgweb.cce.hp.com/rdqna/downloads/sysinfo.cab (Reg Error: Key error.)
    O16 - DPF: {5FFDFC21-AE40-4C7C-955C-415A1ACE01C8} http://65.254.18.46:100/VideoViewer.cab (Reg Error: Key error.)
    O16 - DPF: {C02226EB-A5D7-4B1F-BD7E-635E46C2288D} http://a.download.toontown.com/sv1.0.32.21/ttinst.cab (Reg Error: Key error.)
    O16 - DPF: Microsoft XML Parser for Java file://C:\WINDOWS\Java\classes\xmldso.cab (Reg Error: Key error.)
    O33 - MountPoints2\{bedb8324-b6a0-11dd-a3de-000d566a6d37}\Shell - "" = AutoRun
    O33 - MountPoints2\{bedb8324-b6a0-11dd-a3de-000d566a6d37}\Shell\AutoRun - "" = Auto&Play
    O33 - MountPoints2\{bedb8324-b6a0-11dd-a3de-000d566a6d37}\Shell\AutoRun\command - "" = C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL FileConverter.exe
    O33 - MountPoints2\{bedb8324-b6a0-11dd-a3de-000d566a6d37}\Shell\setup\command - "" = F:\FileConverter.exe
    [2011/05/15 10:17:44 | 000,015,778 | -HS- | M] () -- C:\Documents and Settings\Amy Meechan\Local Settings\Application Data\kqxjax25212syk721811b172n8n71yg66c
    [2011/05/15 10:17:44 | 000,015,778 | -HS- | M] () -- C:\Documents and Settings\All Users\Application Data\kqxjax25212syk721811b172n8n71yg66c
    [2011/05/13 11:43:32 | 000,012,308 | -HS- | M] () -- C:\Documents and Settings\Amy Meechan\Local Settings\Application Data\13nnf18pd0364y8w46p0i346m583t86kk1odd1c8w0
    [2011/05/13 11:43:32 | 000,012,308 | -HS- | M] () -- C:\Documents and Settings\All Users\Application Data\13nnf18pd0364y8w46p0i346m583t86kk1odd1c8w0
    [2011/05/15 09:16:09 | 000,015,778 | -HS- | C] () -- C:\Documents and Settings\Amy Meechan\Local Settings\Application Data\kqxjax25212syk721811b172n8n71yg66c
    [2011/05/15 09:16:09 | 000,015,778 | -HS- | C] () -- C:\Documents and Settings\All Users\Application Data\kqxjax25212syk721811b172n8n71yg66c
    [2011/05/13 11:41:06 | 000,012,308 | -HS- | C] () -- C:\Documents and Settings\Amy Meechan\Local Settings\Application Data\13nnf18pd0364y8w46p0i346m583t86kk1odd1c8w0
    [2011/05/13 11:41:06 | 000,012,308 | -HS- | C] () -- C:\Documents and Settings\All Users\Application Data\13nnf18pd0364y8w46p0i346m583t86kk1odd1c8w0
    [2011/04/16 00:19:09 | 000,012,674 | -HS- | C] () -- C:\Documents and Settings\All Users\Application Data\b513h2vulke4
    @Alternate Data Stream - 88 bytes -> C:\Documents and Settings\Amy Meechan\webct_upload_applet.properties:SummaryInformation
    @Alternate Data Stream - 88 bytes -> C:\Documents and Settings\Amy Meechan\Desktop\iExplore.exe:SummaryInformation
    @Alternate Data Stream - 155 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:619D6FE6
    @Alternate Data Stream - 144 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:38760F1C
    @Alternate Data Stream - 132 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:7C017FB1
    @Alternate Data Stream - 130 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:140CF428
    @Alternate Data Stream - 129 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:98F0614F
    @Alternate Data Stream - 124 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:F8342E7B
    @Alternate Data Stream - 121 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:522EA216
    @Alternate Data Stream - 120 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:8DE807EE
    @Alternate Data Stream - 114 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:20C69EEE
    @Alternate Data Stream - 112 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:2CFBE2D1
    @Alternate Data Stream - 110 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:F3F95A98
    
    :Reg
    
    :Files
    ipconfig /flushdns /c
    :Commands
    [purity]
    [resethosts]
    [CreateRestorePoint]
    
  • Push Posted Image
  • OTL may ask to reboot the machine. Please do so if asked.
  • Click the OK button.
  • A report will open. Copy and Paste that report in your next reply.
  • If the machine reboots, the log will be located at C:\_OTL\MovedFiles\mmddyyyy_hhmmss.log, where mmddyyyy_hhmmss is the date of the tool run.


NEXT:



Running ComboFix
Download ComboFix from one of the following locations:
Link 1
Link 2

VERY IMPORTANT !!! Save ComboFix.exe to your Desktop
  • IMPORTANT - Disable your Anti-Virus and Anti-Spyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools. If you have difficulty properly disabling your protective programs, refer to this link here

    Note: If AVG or CA Internet Security Suite is installed, you must remove these programs before using Combofix. If for some reason these applications will not uninstall, try uninstalling with AppRemover by Opswat.
  • Double click on ComboFix.exe & follow the prompts.
As part of it's process, ComboFix will check to see if the Microsoft Windows Recovery Console is installed. With malware infections being as they are today, it's strongly recommended to have this pre-installed on your machine before doing any malware removal. It will allow you to boot up into a special recovery/repair mode that will allow us to more easily help you should your computer have a problem after an attempted removal of malware.

  • Follow the prompts to allow ComboFix to download and install the Microsoft Windows Recovery Console, and when prompted, agree to the End-User License Agreement to install the Microsoft Windows Recovery Console.
**Please note: If the Microsoft Windows Recovery Console is already installed, ComboFix will continue it's malware removal procedures.

Posted Image

  • Once the Microsoft Windows Recovery Console is installed using ComboFix, you should see the following message:

Posted Image

  • Click on Yes, to continue scanning for malware.
When finished, it shall produce a log for you. Please include the C:\ComboFix.txt in your next reply.
Notes:
1. Do not mouse-click Combofix's window while it is running. That may cause it to stall.
2. Do not "re-run" Combofix. If you have a problem, reply back for further instructions.

Please make sure you include the ComboFix log in your next reply as well as describe how your computer is running now

Have I helped you? If you'd like to assist in the fight against malware, click here Posted Image


The instructions seen in this post have been specifically tailored to this user and the issues they are experiencing with their computer. If you think you have a similar problem, please first read this topic, and then begin your own, new thread. I do not offer private support via Private Message.


#10 kmeechan

kmeechan
  • Topic Starter

  • Members
  • 54 posts
  • OFFLINE
  •  
  • Local time:06:11 AM

Posted 06 June 2011 - 02:58 PM

Man, you are quick, much appreciated! I will probably have to get to these next steps later today. Regarding your question about McAfee and Avast, Avast and MSSecurity Essenstials were downloaded as additional scanning tools to try, their real time protection is off. McAfee and Webroot Spysweeper have free subscriptions with real time protection from my ISP, they don't seem to conflict with each other and McAfee includes a firewall. So Avast I don't need, it never found abything anyway, I just wanted to try the boot scan feature. As for McAfee maybe I need something better as it didn't find any malware either, is there any real time antivirus freeware and/or firewall you recomend? I was impressed with the scanning from SAS so I purchased the Pro version of SAS, it says it won't conflict with other antivirus running but right now it's real time protection is also off. Would it make sense to turn on SAS instead of McAfee and maybe just keep the McAfee firewall on?

#11 SweetTech

SweetTech

    Agent ST


  • Members
  • 13,421 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Antarctica
  • Local time:09:11 AM

Posted 06 June 2011 - 03:01 PM

I'd probably go with either Avast or Microsoft Security Essentials for an Anti-Virus program, as they will both use less memory than McAfee will.

Have I helped you? If you'd like to assist in the fight against malware, click here Posted Image


The instructions seen in this post have been specifically tailored to this user and the issues they are experiencing with their computer. If you think you have a similar problem, please first read this topic, and then begin your own, new thread. I do not offer private support via Private Message.


#12 kmeechan

kmeechan
  • Topic Starter

  • Members
  • 54 posts
  • OFFLINE
  •  
  • Local time:06:11 AM

Posted 07 June 2011 - 03:16 AM

OTL FIX LOG:

========== SERVICES/DRIVERS ==========
========== OTL ==========
HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings\\ProxyOverride| /E : value set successfully!
HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings\\ProxyServer| /E : value set successfully!
HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings\\ProxyOverride| /E : value set successfully!
HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings\\ProxyServer| /E : value set successfully!
HKU\S-1-5-21-2154351683-1843223600-758978945-1007\Software\Microsoft\Windows\CurrentVersion\Internet Settings\\ProxyOverride| /E : value set successfully!
HKU\S-1-5-21-2154351683-1843223600-758978945-1007\Software\Microsoft\Windows\CurrentVersion\Internet Settings\\ProxyServer| /E : value set successfully!
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{02478D38-C3F9-4efb-9B51-7695ECA05670}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{02478D38-C3F9-4efb-9B51-7695ECA05670}\ not found.
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{5C255C8A-E604-49b4-9D64-90988571CECB}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{5C255C8A-E604-49b4-9D64-90988571CECB}\ not found.
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{FDD3B846-8D59-4ffb-8758-209B6AD74ACC}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{FDD3B846-8D59-4ffb-8758-209B6AD74ACC}\ not found.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\Locked deleted successfully.
Starting removal of ActiveX control {46D8BEE7-0B27-4466-ABA2-A5F1E157971C}
C:\WINDOWS\Downloaded Program Files\RemoteWeb.inf not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{46D8BEE7-0B27-4466-ABA2-A5F1E157971C}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{46D8BEE7-0B27-4466-ABA2-A5F1E157971C}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{46D8BEE7-0B27-4466-ABA2-A5F1E157971C}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{46D8BEE7-0B27-4466-ABA2-A5F1E157971C}\ not found.
Starting removal of ActiveX control {49232000-16E4-426C-A231-62846947304B}
C:\WINDOWS\Downloaded Program Files\sysinfo.inf not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{49232000-16E4-426C-A231-62846947304B}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{49232000-16E4-426C-A231-62846947304B}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{49232000-16E4-426C-A231-62846947304B}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{49232000-16E4-426C-A231-62846947304B}\ not found.
Starting removal of ActiveX control {5FFDFC21-AE40-4C7C-955C-415A1ACE01C8}
C:\WINDOWS\Downloaded Program Files\VideoViewer.inf not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{5FFDFC21-AE40-4C7C-955C-415A1ACE01C8}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{5FFDFC21-AE40-4C7C-955C-415A1ACE01C8}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{5FFDFC21-AE40-4C7C-955C-415A1ACE01C8}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{5FFDFC21-AE40-4C7C-955C-415A1ACE01C8}\ not found.
Starting removal of ActiveX control {C02226EB-A5D7-4B1F-BD7E-635E46C2288D}
C:\WINDOWS\Downloaded Program Files\ttinst.inf not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{C02226EB-A5D7-4B1F-BD7E-635E46C2288D}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{C02226EB-A5D7-4B1F-BD7E-635E46C2288D}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{C02226EB-A5D7-4B1F-BD7E-635E46C2288D}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{C02226EB-A5D7-4B1F-BD7E-635E46C2288D}\ not found.
File oft XML Parser for Java file://C:\WINDOWS\Java\classes\xmldso.cab not found.
Starting removal of ActiveX control Microsoft XML Parser for Java
Registry error reading value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\Microsoft XML Parser for Java\DownloadInformation\\INF .
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\Microsoft XML Parser for Java\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\Microsoft XML Parser for Java\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{bedb8324-b6a0-11dd-a3de-000d566a6d37}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{bedb8324-b6a0-11dd-a3de-000d566a6d37}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{bedb8324-b6a0-11dd-a3de-000d566a6d37}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{bedb8324-b6a0-11dd-a3de-000d566a6d37}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{bedb8324-b6a0-11dd-a3de-000d566a6d37}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{bedb8324-b6a0-11dd-a3de-000d566a6d37}\ not found.
File C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL FileConverter.exe not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{bedb8324-b6a0-11dd-a3de-000d566a6d37}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{bedb8324-b6a0-11dd-a3de-000d566a6d37}\ not found.
File F:\FileConverter.exe not found.
C:\Documents and Settings\Amy Meechan\Local Settings\Application Data\kqxjax25212syk721811b172n8n71yg66c moved successfully.
C:\Documents and Settings\All Users\Application Data\kqxjax25212syk721811b172n8n71yg66c moved successfully.
C:\Documents and Settings\Amy Meechan\Local Settings\Application Data\13nnf18pd0364y8w46p0i346m583t86kk1odd1c8w0 moved successfully.
C:\Documents and Settings\All Users\Application Data\13nnf18pd0364y8w46p0i346m583t86kk1odd1c8w0 moved successfully.
File C:\Documents and Settings\Amy Meechan\Local Settings\Application Data\kqxjax25212syk721811b172n8n71yg66c not found.
File C:\Documents and Settings\All Users\Application Data\kqxjax25212syk721811b172n8n71yg66c not found.
File C:\Documents and Settings\Amy Meechan\Local Settings\Application Data\13nnf18pd0364y8w46p0i346m583t86kk1odd1c8w0 not found.
File C:\Documents and Settings\All Users\Application Data\13nnf18pd0364y8w46p0i346m583t86kk1odd1c8w0 not found.
C:\Documents and Settings\All Users\Application Data\b513h2vulke4 moved successfully.
ADS C:\Documents and Settings\Amy Meechan\webct_upload_applet.properties:SummaryInformation deleted successfully.
ADS C:\Documents and Settings\Amy Meechan\Desktop\iExplore.exe:SummaryInformation deleted successfully.
ADS C:\Documents and Settings\All Users\Application Data\TEMP:619D6FE6 deleted successfully.
ADS C:\Documents and Settings\All Users\Application Data\TEMP:38760F1C deleted successfully.
ADS C:\Documents and Settings\All Users\Application Data\TEMP:7C017FB1 deleted successfully.
ADS C:\Documents and Settings\All Users\Application Data\TEMP:140CF428 deleted successfully.
ADS C:\Documents and Settings\All Users\Application Data\TEMP:98F0614F deleted successfully.
ADS C:\Documents and Settings\All Users\Application Data\TEMP:F8342E7B deleted successfully.
ADS C:\Documents and Settings\All Users\Application Data\TEMP:522EA216 deleted successfully.
ADS C:\Documents and Settings\All Users\Application Data\TEMP:8DE807EE deleted successfully.
ADS C:\Documents and Settings\All Users\Application Data\TEMP:20C69EEE deleted successfully.
ADS C:\Documents and Settings\All Users\Application Data\TEMP:2CFBE2D1 deleted successfully.
ADS C:\Documents and Settings\All Users\Application Data\TEMP:F3F95A98 deleted successfully.
========== REGISTRY ==========
========== FILES ==========
< ipconfig /flushdns /c >
Windows IP Configuration
Successfully flushed the DNS Resolver Cache.
C:\Documents and Settings\Amy Meechan\Desktop\cmd.bat deleted successfully.
C:\Documents and Settings\Amy Meechan\Desktop\cmd.txt deleted successfully.
========== COMMANDS ==========
C:\WINDOWS\System32\drivers\etc\Hosts moved successfully.
HOSTS file reset successfully
Restore point Set: OTL Restore Point (0)

OTL by OldTimer - Version 3.2.23.0 log created on 06062011_232726

COMBOFIX LOG:

ComboFix 11-06-06.03 - Amy Meechan 06/07/2011 0:05.1.1 - x86
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.1534.773 [GMT -7:00]
Running from: c:\documents and settings\Amy Meechan\Desktop\ComboFix.exe
AV: avast! Antivirus *Disabled/Updated* {7591DB91-41F0-48A3-B128-1A293FD8233D}
AV: McAfee Anti-Virus and Anti-Spyware *Disabled/Updated* {84B5EE75-6421-4CDE-A33A-DD43BA9FAD83}
AV: Microsoft Security Essentials *Disabled/Updated* {EDB4FA23-53B8-4AFA-8C5D-99752CCA7095}
FW: McAfee Firewall *Enabled* {94894B63-8C7F-4050-BDA4-813CA00DA3E8}
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\documents and settings\Administrator.DELL\GoToAssistDownloadHelper.exe
c:\documents and settings\All Users\Start Menu\HP Image Zone .lnk
c:\documents and settings\Amy Meechan\g2mdlhlpx.exe
c:\documents and settings\Amy Meechan\GoToAssistDownloadHelper.exe
c:\documents and settings\Amy Meechan\WINDOWS
c:\program files\Internet Explorer\SET145.tmp
c:\program files\Internet Explorer\SET146.tmp
c:\program files\Internet Explorer\SET148.tmp
c:\windows\MailSwitch.ocx
c:\windows\system32\drivers\fad.sys
c:\windows\system32\zlibwapi.dll
.
.
((((((((((((((((((((((((( Files Created from 2011-05-07 to 2011-06-07 )))))))))))))))))))))))))))))))
.
.
2011-06-07 06:27 . 2011-06-07 06:27 -------- d-----w- C:\_OTL
2011-06-07 03:57 . 2011-06-07 04:08 -------- d-----w- c:\documents and settings\Amy Meechan\Application Data\MSNInstaller
2011-06-06 14:45 . 2011-06-06 14:45 63115 ----a-w- c:\documents and settings\All Users\Application Data\Microsoft\IdentityCRL\production\temp\wlidui_WLIDSVC\USERTILE.JS
2011-06-06 14:45 . 2011-06-06 14:45 6429 ----a-w- c:\documents and settings\All Users\Application Data\Microsoft\IdentityCRL\production\temp\wlidui_WLIDSVC\UICORE.JS
2011-06-06 14:45 . 2011-06-06 14:45 4599 ----a-w- c:\documents and settings\All Users\Application Data\Microsoft\IdentityCRL\production\temp\wlidui_WLIDSVC\UIRESOURCE.JS
2011-06-06 14:45 . 2011-06-06 14:45 9310 ----a-w- c:\documents and settings\All Users\Application Data\Microsoft\IdentityCRL\production\temp\wlidui_WLIDSVC\TEXTBOX.JS
2011-06-06 14:45 . 2011-06-06 14:45 8646 ----a-w- c:\documents and settings\All Users\Application Data\Microsoft\IdentityCRL\production\temp\wlidui_WLIDSVC\TILEBOX.JS
2011-06-06 14:45 . 2011-06-06 14:45 5927 ----a-w- c:\documents and settings\All Users\Application Data\Microsoft\IdentityCRL\production\temp\wlidui_WLIDSVC\TEXT.JS
2011-06-06 14:45 . 2011-06-06 14:45 8613 ----a-w- c:\documents and settings\All Users\Application Data\Microsoft\IdentityCRL\production\temp\wlidui_WLIDSVC\SAVEDUSER.JS
2011-06-06 14:45 . 2011-06-06 14:45 1651 ----a-w- c:\documents and settings\All Users\Application Data\Microsoft\IdentityCRL\production\temp\wlidui_WLIDSVC\QUERYSTRING.JS
2011-06-06 14:45 . 2011-06-06 14:45 6910 ----a-w- c:\documents and settings\All Users\Application Data\Microsoft\IdentityCRL\production\temp\wlidui_WLIDSVC\NEWUSERCOMM.JS
2011-06-06 14:45 . 2011-06-06 14:45 18541 ----a-w- c:\documents and settings\All Users\Application Data\Microsoft\IdentityCRL\production\temp\wlidui_WLIDSVC\LOCALIZATION.JS
2011-06-06 14:45 . 2011-06-06 14:45 6208 ----a-w- c:\documents and settings\All Users\Application Data\Microsoft\IdentityCRL\production\temp\wlidui_WLIDSVC\LINK.JS
2011-06-06 14:44 . 2011-06-06 14:44 8288 ----a-w- c:\documents and settings\All Users\Application Data\Microsoft\IdentityCRL\production\temp\wlidui_WLIDSVC\IMAGE.JS
2011-06-06 14:44 . 2011-06-06 14:44 51852 ----a-w- c:\documents and settings\All Users\Application Data\Microsoft\IdentityCRL\production\temp\wlidui_WLIDSVC\EXTERNALWRAPPER.JS
2011-06-06 14:44 . 2011-06-06 14:44 20719 ----a-w- c:\documents and settings\All Users\Application Data\Microsoft\IdentityCRL\production\temp\wlidui_WLIDSVC\DIVWRAPPER.JS
2011-06-06 14:44 . 2011-06-06 14:44 23327 ----a-w- c:\documents and settings\All Users\Application Data\Microsoft\IdentityCRL\production\temp\wlidui_WLIDSVC\COMBOBOX.JS
2011-06-06 14:44 . 2011-06-06 14:44 7271 ----a-w- c:\documents and settings\All Users\Application Data\Microsoft\IdentityCRL\production\temp\wlidui_WLIDSVC\CHECKBOX.JS
2011-06-06 14:44 . 2011-06-06 14:44 8782 ----a-w- c:\documents and settings\All Users\Application Data\Microsoft\IdentityCRL\production\temp\wlidui_WLIDSVC\BUTTON.JS
2011-06-06 11:03 . 2011-05-09 20:46 6962000 ----a-w- c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{539B9BA2-BCC6-4FA4-B3FF-0F3390EE0F17}\mpengine.dll
2011-05-28 06:37 . 2008-04-14 00:12 116224 ----a-w- c:\windows\system32\dllcache\xrxwiadr.dll
2011-05-28 06:37 . 2001-08-18 05:36 23040 ----a-w- c:\windows\system32\dllcache\xrxwbtmp.dll
2011-05-28 06:37 . 2008-04-14 00:12 18944 ----a-w- c:\windows\system32\dllcache\xrxscnui.dll
2011-05-28 06:37 . 2001-08-18 05:37 27648 ----a-w- c:\windows\system32\dllcache\xrxftplt.exe
2011-05-28 06:37 . 2001-08-18 05:37 4608 ----a-w- c:\windows\system32\dllcache\xrxflnch.exe
2011-05-28 06:37 . 2001-08-18 05:37 99865 ----a-w- c:\windows\system32\dllcache\xlog.exe
2011-05-28 06:37 . 2001-08-17 19:11 16970 ----a-w- c:\windows\system32\dllcache\xem336n5.sys
2011-05-28 06:36 . 2008-04-14 00:12 8192 ----a-w- c:\windows\system32\dllcache\wshirda.dll
2011-05-28 06:36 . 2008-04-13 18:36 8832 ----a-w- c:\windows\system32\dllcache\wmiacpi.sys
2011-05-28 06:36 . 2002-08-29 05:59 154624 ----a-w- c:\windows\system32\dllcache\wlluc48.sys
2011-05-28 06:36 . 2001-08-17 19:12 34890 ----a-w- c:\windows\system32\dllcache\wlandrv2.sys
2011-05-28 06:36 . 2001-08-17 20:28 771581 ----a-w- c:\windows\system32\dllcache\winacisa.sys
2011-05-28 06:36 . 2001-08-18 05:36 53760 ----a-w- c:\windows\system32\dllcache\wiamsmud.dll
2011-05-28 06:36 . 2001-08-18 05:36 87040 ----a-w- c:\windows\system32\dllcache\wiafbdrv.dll
2011-05-28 06:36 . 2002-08-29 10:00 41600 ----a-w- c:\windows\system32\dllcache\weitekp9.dll
2011-05-28 06:36 . 2002-08-29 10:00 31232 ----a-w- c:\windows\system32\dllcache\weitekp9.sys
2011-05-28 06:34 . 2001-08-17 19:51 166784 ----a-w- c:\windows\system32\dllcache\tridxpm.sys
2011-05-28 06:33 . 2001-08-18 05:36 24660 ----a-w- c:\windows\system32\dllcache\spxupchk.dll
2011-05-28 06:32 . 2001-08-17 21:56 252032 ----a-w- c:\windows\system32\dllcache\sis300iv.dll
2011-05-28 06:31 . 2001-08-17 19:19 30720 ----a-w- c:\windows\system32\dllcache\rthwcls.sys
2011-05-28 06:30 . 2001-08-17 21:04 92416 ----a-w- c:\windows\system32\dllcache\phildec.sys
2011-05-28 06:29 . 2001-08-17 19:20 87040 ----a-w- c:\windows\system32\dllcache\nm6wdm.sys
2011-05-28 06:28 . 2001-08-17 21:00 2944 ----a-w- c:\windows\system32\dllcache\msmpu401.sys
2011-05-28 06:27 . 2001-08-17 20:28 797500 ----a-w- c:\windows\system32\dllcache\ltsmt.sys
2011-05-28 06:26 . 2002-08-29 10:00 18432 ----a-w- c:\windows\system32\dllcache\jupiw.dll
2011-05-28 06:25 . 2001-08-17 21:56 353184 ----a-w- c:\windows\system32\dllcache\i740dnt5.dll
2011-05-28 06:24 . 2001-08-17 19:49 320384 ----a-w- c:\windows\system32\dllcache\g200m.sys
2011-05-28 06:23 . 2001-08-17 19:10 19996 ----a-w- c:\windows\system32\dllcache\em556n4.sys
2011-05-28 06:22 . 2001-08-18 05:36 102484 ----a-w- c:\windows\system32\dllcache\digiinf.dll
2011-05-28 06:21 . 2001-08-18 05:36 44032 ----a-w- c:\windows\system32\dllcache\cnusd.dll
2011-05-28 06:20 . 2001-08-17 20:51 13824 ----a-w- c:\windows\system32\dllcache\bulltlp3.sys
2011-05-28 06:19 . 2001-08-17 19:13 37568 ----a-w- c:\windows\system32\dllcache\avmwan.sys
2011-05-28 06:18 . 2002-08-29 06:00 10880 ----a-w- c:\windows\system32\dllcache\admjoy.sys
2011-05-27 05:47 . 2011-05-28 03:16 -------- d-----w- c:\program files\SUPERAntiSpyware
2011-05-25 06:39 . 2011-05-25 06:39 -------- d-----w- c:\documents and settings\Amy Meechan\Application Data\Uniblue
2011-05-25 06:39 . 2011-05-25 06:39 -------- d-----w- c:\program files\Uniblue
2011-05-25 06:37 . 2011-05-25 06:37 -------- d-----w- c:\documents and settings\Amy Meechan\Local Settings\Application Data\PackageAware
2011-05-24 19:25 . 2011-05-24 20:45 -------- d-----w- c:\documents and settings\LocalService\Local Settings\Application Data\Adobe
2011-05-23 08:11 . 2011-04-14 12:07 472808 ----a-w- c:\windows\system32\deployJava1.dll
2011-05-23 07:22 . 2011-05-26 06:13 -------- d-----w- c:\documents and settings\All Users\Application Data\SecTaskMan
2011-05-23 07:22 . 2011-05-23 07:22 -------- d-----w- c:\program files\Security Task Manager
2011-05-21 07:17 . 2011-05-21 07:17 -------- d-----w- c:\program files\ESET
2011-05-20 04:46 . 2011-05-20 04:46 -------- d-----w- c:\documents and settings\NetworkService\Local Settings\Application Data\PCHealth
2011-05-19 07:00 . 2010-10-13 16:38 81920 ----a-w- c:\windows\eSellerateControl350.dll
2011-05-19 07:00 . 2010-10-13 16:38 356352 ----a-w- c:\windows\eSellerateEngine.dll
2011-05-19 07:00 . 2011-05-19 08:01 -------- d-----w- c:\program files\Grp Conv Removal Tool
2011-05-18 20:30 . 2011-05-10 11:59 19544 ----a-w- c:\windows\system32\drivers\aswFsBlk.sys
2011-05-18 20:30 . 2011-05-10 12:03 307928 ----a-w- c:\windows\system32\drivers\aswSP.sys
2011-05-18 20:30 . 2011-05-10 11:59 25432 ----a-w- c:\windows\system32\drivers\aswRdr.sys
2011-05-18 20:29 . 2011-05-10 12:02 49240 ----a-w- c:\windows\system32\drivers\aswTdi.sys
2011-05-18 20:29 . 2011-05-10 12:03 441176 ----a-w- c:\windows\system32\drivers\aswSnx.sys
2011-05-18 20:29 . 2011-05-10 12:02 102616 ----a-w- c:\windows\system32\drivers\aswmon2.sys
2011-05-18 20:29 . 2011-05-10 12:02 96344 ----a-w- c:\windows\system32\drivers\aswmon.sys
2011-05-18 20:29 . 2011-05-10 11:59 30808 ----a-w- c:\windows\system32\drivers\aavmker4.sys
2011-05-18 20:29 . 2011-05-10 12:10 40112 ----a-w- c:\windows\avastSS.scr
2011-05-18 20:29 . 2011-05-10 12:10 199304 ----a-w- c:\windows\system32\aswBoot.exe
2011-05-18 14:58 . 2011-05-18 14:58 -------- d-----w- c:\windows\system32\wbem\Repository
2011-05-18 14:57 . 2011-05-18 14:57 -------- d-----w- c:\program files\NewSoft
2011-05-18 14:56 . 2011-05-18 14:56 -------- d-----w- c:\program files\Verizon
2011-05-17 16:23 . 2011-05-18 20:28 -------- d-----w- c:\documents and settings\All Users\Application Data\AVAST Software
2011-05-17 16:23 . 2011-05-17 16:23 -------- d-----w- c:\program files\AVAST Software
2011-05-17 06:10 . 2011-05-09 20:46 6962000 ----a-w- c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll
2011-05-16 20:28 . 2011-05-16 20:29 -------- d-----w- c:\program files\Microsoft Security Client
2011-05-16 19:20 . 2011-05-16 19:20 -------- d-----w- c:\documents and settings\Amy Meechan\Local Settings\Application Data\Mozilla
2011-05-16 16:45 . 2011-05-16 16:45 7040 ----a-w- c:\windows\system32\sabprocenum.sys
2011-05-16 09:57 . 2011-05-16 09:57 -------- d-----w- c:\documents and settings\LocalService\Local Settings\Application Data\PCHealth
2011-05-16 09:32 . 2010-10-19 20:51 222080 ------w- c:\windows\system32\MpSigStub.exe
2011-05-15 23:33 . 2011-05-15 23:33 -------- d-----w- c:\documents and settings\Amy Meechan\Application Data\SUPERAntiSpyware.com
2011-05-15 23:33 . 2011-05-15 23:33 -------- d-----w- c:\documents and settings\All Users\Application Data\SUPERAntiSpyware.com
2011-05-15 20:22 . 2011-06-07 07:24 -------- d-----w- c:\documents and settings\Administrator.DELL
2011-05-13 22:22 . 2011-05-13 22:22 -------- d-----w- c:\documents and settings\All Users\Application Data\Citrix
2011-05-13 22:09 . 2011-05-13 22:09 -------- d-----w- c:\documents and settings\Amy Meechan\Local Settings\Application Data\Citrix
2011-05-13 20:31 . 2011-05-13 20:31 -------- d-----w- c:\documents and settings\Amy Meechan\Application Data\McAfee
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-05-29 16:11 . 2009-06-29 07:23 39984 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2011-05-29 16:11 . 2009-06-29 07:23 22712 ----a-w- c:\windows\system32\drivers\mbam.sys
2011-04-14 21:01 . 2011-01-14 02:37 9344 ----a-w- c:\windows\system32\drivers\mfeclnk.sys
2011-04-14 21:01 . 2011-01-14 02:37 141792 ----a-w- c:\windows\system32\mfevtps.exe
2011-04-14 21:01 . 2011-01-14 02:36 88736 ----a-w- c:\windows\system32\drivers\mfendisk.sys
2011-04-14 21:01 . 2011-01-14 02:36 84488 ----a-w- c:\windows\system32\drivers\mferkdet.sys
2011-04-14 21:01 . 2011-01-14 02:36 84200 ----a-w- c:\windows\system32\drivers\mfetdi2k.sys
2011-04-14 21:01 . 2011-01-14 02:36 314088 ----a-w- c:\windows\system32\drivers\mfefirek.sys
2011-04-14 21:01 . 2011-01-14 02:36 95824 ----a-w- c:\windows\system32\drivers\mfeapfk.sys
2011-04-14 21:01 . 2011-01-14 02:36 56064 ----a-w- c:\windows\system32\drivers\cfwids.sys
2011-04-14 21:01 . 2007-05-16 15:40 52320 ----a-w- c:\windows\system32\drivers\mfebopk.sys
2011-04-14 21:01 . 2007-05-16 15:40 387480 ----a-w- c:\windows\system32\drivers\mfehidk.sys
2011-04-14 21:01 . 2007-05-16 15:40 153280 ----a-w- c:\windows\system32\drivers\mfeavfk.sys
2011-04-14 09:40 . 2009-11-05 18:42 73728 ----a-w- c:\windows\system32\javacpl.cpl
2011-04-05 22:55 . 2009-07-13 05:12 1563024 ----a-w- c:\windows\WRSetup.dll
2011-03-22 17:14 . 2009-04-22 01:27 29832 ----a-w- c:\windows\system32\drivers\ssfs0bbc.sys
2011-03-22 17:14 . 2007-04-25 00:45 23176 ----a-w- c:\windows\system32\drivers\sshrmd.sys
2011-03-22 17:14 . 2007-04-25 00:45 176776 ----a-w- c:\windows\system32\drivers\ssidrv.sys
2007-10-22 10:31 . 2007-10-22 10:31 76808 ----a-w- c:\program files\Common Files\DSETUP.dll
2007-10-22 10:31 . 2007-10-22 10:31 502792 ----a-w- c:\program files\Common Files\DXSETUP.exe
2007-10-22 10:31 . 2007-10-22 10:31 1673224 ----a-w- c:\program files\Common Files\dsetup32.dll
2011-04-14 16:26 . 2011-05-22 07:14 142296 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll
2011-04-14 21:01 . 2011-05-22 07:25 24376 ----a-w- c:\program files\mozilla firefox\components\Scriptff.dll
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\00avast]
@="{472083B0-C522-11CF-8763-00608CC02F24}"
[HKEY_CLASSES_ROOT\CLSID\{472083B0-C522-11CF-8763-00608CC02F24}]
2011-05-10 12:10 122512 ----a-w- c:\program files\AVAST Software\Avast\ashShell.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\mozy2]
@="{747E722C-CB46-4a9d-BDFE-192AAD5099B1}"
[HKEY_CLASSES_ROOT\CLSID\{747E722C-CB46-4a9d-BDFE-192AAD5099B1}]
2011-02-08 21:24 3443000 ----a-w- c:\program files\MozyHome\mozyshell.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\mozy3]
@="{EE6F5A00-7898-40f7-AB77-51FF9D6DEB20}"
[HKEY_CLASSES_ROOT\CLSID\{EE6F5A00-7898-40f7-AB77-51FF9D6DEB20}]
2011-02-08 21:24 3443000 ----a-w- c:\program files\MozyHome\mozyshell.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SpySweeper"="c:\program files\Webroot\Spy Sweeper\SpySweeperUI.exe" [2011-04-05 6156336]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"DWQueuedReporting"="c:\progra~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" [2007-02-26 437160]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"RunNarrator"="Narrator.exe" [2008-04-14 53760]
.
c:\documents and settings\All Users\Start Menu\Programs\Startup\
MozyHome Status.lnk - c:\program files\MozyHome\mozystat.exe [2011-2-8 3600184]
.
[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "c:\program files\SUPERAntiSpyware\SASSEH.DLL" [2008-05-13 77824]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
2009-09-03 22:21 548352 ----a-w- c:\program files\SUPERAntiSpyware\SASWINLO.DLL
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\mcmscsvc]
@=""
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS]
@=""
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc]
@="Service"
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WebrootSpySweeperService]
@="Service"
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WRConsumerService]
@="Service"
.
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Adobe Reader Speed Launch.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Adobe Reader Speed Launch.lnk
backup=c:\windows\pss\Adobe Reader Speed Launch.lnkCommon Startup
.
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^America Online 9.0 Tray Icon.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\America Online 9.0 Tray Icon.lnk
backup=c:\windows\pss\America Online 9.0 Tray Icon.lnkCommon Startup
.
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^HP Digital Imaging Monitor.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\HP Digital Imaging Monitor.lnk
backup=c:\windows\pss\HP Digital Imaging Monitor.lnkCommon Startup
.
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^HP Image Zone Fast Start.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\HP Image Zone Fast Start.lnk
backup=c:\windows\pss\HP Image Zone Fast Start.lnkCommon Startup
.
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Kodak EasyShare software.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Kodak EasyShare software.lnk
backup=c:\windows\pss\Kodak EasyShare software.lnkCommon Startup
.
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^KODAK Software Updater.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\KODAK Software Updater.lnk
backup=c:\windows\pss\KODAK Software Updater.lnkCommon Startup
.
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Microsoft Works Calendar Reminders.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Microsoft Works Calendar Reminders.lnk
backup=c:\windows\pss\Microsoft Works Calendar Reminders.lnkCommon Startup
.
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^SideACT!.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\SideACT!.lnk
backup=c:\windows\pss\SideACT!.lnkCommon Startup
.
[HKLM\~\startupfolder\C:^Documents and Settings^Amy Meechan^Start Menu^Programs^Startup^PowerReg Scheduler V3.exe]
path=c:\documents and settings\Amy Meechan\Start Menu\Programs\Startup\PowerReg Scheduler V3.exe
backup=c:\windows\pss\PowerReg Scheduler V3.exeStartup
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
2011-01-31 08:44 35760 ----a-w- c:\program files\Adobe\Reader 9.0\Reader\reader_sl.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ctfmon.exe]
2008-04-14 00:12 15360 ----a-w- c:\windows\SYSTEM32\ctfmon.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DACSMiniApp]
2008-03-13 19:05 128256 ----a-w- c:\program files\Fisher-Price\DACS\MiniApp\DACSMiniApp.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DVDSentry]
2003-08-13 15:27 28672 ----a-w- c:\windows\SYSTEM32\DSentry.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HotKeysCmds]
2005-10-19 16:59 126976 ----a-w- c:\windows\SYSTEM32\hkcmd.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HP Software Update]
2005-05-12 07:12 49152 ----a-w- c:\program files\HP\HP Software Update\hpwuSchd2.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HPHUPD08]
2005-06-01 16:35 49152 ----a-w- c:\program files\HP\Digital Imaging\{33D6CC28-9F75-4d1b-A11D-98895B3A3729}\hphupd08.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IgfxTray]
2005-10-19 16:59 155648 ----a-w- c:\windows\SYSTEM32\igfxtray.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IntelMeM]
2003-09-04 01:12 221184 ----a-w- c:\program files\Intel\Modem Event Monitor\IntelMEM.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
2010-11-18 04:59 421160 ----a-w- c:\program files\iTunes\iTunesHelper.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\mcui_exe]
2011-04-05 18:50 1195408 ----a-w- c:\program files\McAfee.com\Agent\mcagent.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\OpwareSE2]
2003-05-08 20:00 49152 ----a-w- c:\program files\ScanSoft\OmniPageSE2.0\opwareSE2.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
2010-11-30 01:38 421888 ----a-w- c:\program files\QuickTime\QTTask.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SsAAD.exe]
2006-05-08 12:17 81920 ----a-w- c:\progra~1\Sony\SONICS~1\SSAAD.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SUPERAntiSpyware]
2011-05-23 15:00 2424192 ----a-w- c:\program files\SUPERAntiSpyware\SUPERAntiSpyware.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeAntiVirus]
"DisableMonitoring"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeFirewall]
"DisableMonitoring"=dword:00000001
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\WINDOWS\\SYSTEM32\\fxsclnt.exe"=
"c:\\Program Files\\MsnMusic\\4226251\\MsnMusic.exe"=
"c:\\Program Files\\MSN\\MSNCoreFiles\\msn.exe"=
"c:\\Program Files\\HP\\HP Software Update\\HPWUCli.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=
"c:\\Program Files\\Common Files\\McAfee\\McSvcHost\\McSvHost.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
.
R0 ssfs0bbc;ssfs0bbc;c:\windows\SYSTEM32\DRIVERS\ssfs0bbc.sys [4/21/2009 6:27 PM 29832]
R1 aswSnx;aswSnx;c:\windows\SYSTEM32\DRIVERS\aswSnx.sys [5/18/2011 1:29 PM 441176]
R1 aswSP;aswSP;c:\windows\SYSTEM32\DRIVERS\aswSP.sys [5/18/2011 1:30 PM 307928]
R1 mfetdi2k;McAfee Inc. mfetdi2k;c:\windows\SYSTEM32\DRIVERS\mfetdi2k.sys [1/13/2011 7:36 PM 84200]
R1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\sasdifsv.sys [2/17/2010 11:25 AM 12872]
R1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL.SYS [5/10/2010 11:41 AM 67656]
R2 aswFsBlk;aswFsBlk;c:\windows\SYSTEM32\DRIVERS\aswFsBlk.sys [5/18/2011 1:30 PM 19544]
R2 McMPFSvc;McAfee Personal Firewall Service;"c:\program files\Common Files\Mcafee\McSvcHost\McSvHost.exe" /McCoreSvc [1/13/2011 7:36 PM 271480]
R2 McNaiAnn;McAfee VirusScan Announcer;"c:\program files\Common Files\McAfee\McSvcHost\McSvHost.exe" /McCoreSvc [1/13/2011 7:36 PM 271480]
R2 mfefire;McAfee Firewall Core Service;c:\program files\Common Files\McAfee\SystemCore\mfefire.exe [1/13/2011 7:37 PM 188136]
R2 mfevtp;McAfee Validation Trust Protection Service;c:\windows\SYSTEM32\mfevtps.exe [1/13/2011 7:37 PM 141792]
R2 WRConsumerService;Webroot Client Service;c:\program files\Webroot\Spy Sweeper\WRConsumerService.exe [7/12/2009 10:14 PM 1201656]
R3 cfwids;McAfee Inc. cfwids;c:\windows\SYSTEM32\DRIVERS\cfwids.sys [1/13/2011 7:36 PM 56064]
R3 mfefirek;McAfee Inc. mfefirek;c:\windows\SYSTEM32\DRIVERS\mfefirek.sys [1/13/2011 7:36 PM 314088]
R3 mfendiskmp;mfendiskmp;c:\windows\SYSTEM32\DRIVERS\mfendisk.sys [1/13/2011 7:36 PM 88736]
S2 gupdate;Google Update Service (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [7/30/2009 1:49 PM 133104]
S3 gupdatem;Google Update Service (gupdatem);c:\program files\Google\Update\GoogleUpdate.exe [7/30/2009 1:49 PM 133104]
S3 mfendisk;McAfee Core NDIS Intermediate Filter;c:\windows\SYSTEM32\DRIVERS\mfendisk.sys [1/13/2011 7:36 PM 88736]
S3 mferkdet;McAfee Inc. mferkdet;c:\windows\SYSTEM32\DRIVERS\mferkdet.sys [1/13/2011 7:36 PM 84488]
S3 nosGetPlusHelper;getPlus® Helper 3004;c:\windows\System32\svchost.exe -k nosGetPlusHelper [8/29/2002 3:00 AM 14336]
S3 wind502u;Motorola Wireless USB Adapter WU830G Windows Driver;c:\windows\system32\DRIVERS\wind502u.sys --> c:\windows\system32\DRIVERS\wind502u.sys [?]
.
--- Other Services/Drivers In Memory ---
.
*NewlyCreated* - BLACKBOX
*Deregistered* - BlackBox
*Deregistered* - MBAMSwissArmy
*Deregistered* - mfeavfk01
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
nosGetPlusHelper REG_MULTI_SZ nosGetPlusHelper
.
Contents of the 'Scheduled Tasks' folder
.
2011-06-06 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 19:34]
.
2011-06-06 c:\windows\Tasks\Google Software Updater.job
- c:\program files\Google\Common\Google Updater\GoogleUpdaterService.exe [2008-09-20 01:51]
.
2011-06-06 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-07-30 20:48]
.
2011-06-07 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-07-30 20:48]
.
2011-06-06 c:\windows\Tasks\MP Scheduled Scan.job
- c:\program files\Microsoft Security Client\Antimalware\MpCmdRun.exe [2010-11-11 19:26]
.
2011-06-03 c:\windows\Tasks\wrSpySweeper_L07F18B7EC75F4D408676B4C1D60C956D.job
- c:\program files\Webroot\Spy Sweeper\SpySweeperUI.exe [2007-04-25 22:55]
.
2011-06-03 c:\windows\Tasks\wrSpySweeper_L07F18B7EC75F4D408676B4C1D60C956D.job
- c:\program files\Webroot\Spy Sweeper\SpySweeperUI.exe [2007-04-25 22:55]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://login.live.com/login.srf?wa=wsignin1.0&rpsnv=11&ct=1278433960&rver=6.0.5285.0&wp=MBI&wreply=http:%2F%2Fmail.live.com%2Fdefault.aspx&lc=1033&id=64855&mkt=en-us
uSearchMigratedDefaultURL = hxxp://search.live.com/results.aspx?q={searchTerms}&src={referrer:source?}
Trusted Zone: internet
Trusted Zone: mcafee.com
Trusted Zone: specoddns.net\demo4th.ddns
Trusted Zone: websamsung.net\m484e28
TCP: DhcpNameServer = 192.168.1.1 192.168.1.1
DPF: {16F67783-7E72-4C39-99C4-4780A8335484} - hxxp://www.syncmyride.com/Own/Modules/UploadDownload/applets/sync.cab
DPF: {5C519EC4-2BAE-44CE-B7F5-AD0CCD4BEFBD} - hxxp://www.starvedia.com/ActiveX/axmpeg4.cab
DPF: {66935983-2FD2-11D8-BE9F-0008C7DB2119} - hxxp://services.alarmnet.com/P1Connect/aojv.dll
DPF: {801A846F-2310-11D8-BE9F-0008C7DB2119} - hxxp://services.alarmnet.com/P1Connect/aojv.dll
DPF: {BF776FD3-69B4-4151-AC97-3A2A64753E18} - hxxp://63.169.172.196:2080/GVersionMan.cab
DPF: {DA5CE92B-A2DF-4400-A7F4-481A127FA434} - hxxp://204.246.206.100:4080/webviewer.cab
DPF: {DB31DA00-4F6F-4CC7-8627-C5A142E1FC7C} - hxxp://www.syncmyride.com/Own/Modules/UploadDownload/applets/sync.cab
FF - ProfilePath - c:\documents and settings\Amy Meechan\Application Data\Mozilla\Firefox\Profiles\rzv73fdh.default\
.
- - - - ORPHANS REMOVED - - - -
.
SafeBoot-svcWRSSSDK
MSConfigStartUp-A Verizon App - c:\progra~1\VERIZO~1\HELPSU~1\VERIZO~1.EXE
MSConfigStartUp-AppleSyncNotifier - c:\program files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe
MSConfigStartUp-Microsoft Works Update Detection - c:\program files\Common Files\Microsoft Shared\Works Shared\WkUFind.exe
MSConfigStartUp-mmtask - c:\program files\MusicMatch\MusicMatch Jukebox\mmtask.exe
MSConfigStartUp-MMTray - c:\program files\MUSICMATCH\MUSICMATCH Jukebox\mm_tray.exe
MSConfigStartUp-MoneyAgent - c:\program files\Microsoft Money\System\mnyexpr.exe
MSConfigStartUp-Motive SmartBridge - c:\progra~1\VERIZO~1\HELPSU~1\SMARTB~1\MotiveSB.exe
MSConfigStartUp-PCMService - c:\program files\Dell\Media Experience\PCMService.exe
MSConfigStartUp-SunJavaUpdateSched - c:\program files\Java\jre6\bin\jusched.exe
MSConfigStartUp-TkBellExe - c:\program files\Common Files\Real\Update_OB\realsched.exe
MSConfigStartUp-UpdateManager - c:\program files\Common Files\Sonic\Update Manager\sgtray.exe
MSConfigStartUp-updateMgr - c:\program files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe
MSConfigStartUp-ViewMgr - c:\program files\Viewpoint\Viewpoint Manager\ViewMgr.exe
AddRemove-rrm46_32.exe - c:\tlcwin\rrm46\Uninst\DeIsL1.isu
.
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2011-06-07 00:31
Windows 5.1.2600 Service Pack 3 NTFS
.
scanning hidden processes ...
.
scanning hidden autostart entries ...
.
scanning hidden files ...
.
scan completed successfully
hidden files: 0
.
**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_USERS\S-1-5-21-2154351683-1843223600-758978945-1007\Software\Microsoft\SystemCertificates\AddressBook*]
@Allowed: (Read) (RestrictedCode)
@Allowed: (Read) (RestrictedCode)
.
--------------------- DLLs Loaded Under Running Processes ---------------------
.
- - - - - - - > 'winlogon.exe'(1096)
c:\program files\SUPERAntiSpyware\SASWINLO.DLL
c:\windows\system32\WININET.dll
.
Completion time: 2011-06-07 00:50:19
ComboFix-quarantined-files.txt 2011-06-07 07:50
.
Pre-Run: 10,118,819,840 bytes free
Post-Run: 10,323,443,712 bytes free
.
WindowsXP-KB310994-SP2-Home-BootDisk-ENU.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(2)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
UnsupportedDebug="do not select this" /debug
multi(0)disk(0)rdisk(0)partition(2)\WINDOWS="Microsoft Windows XP Home Edition" /fastdetect /NoExecute=OptIn
.
- - End Of File - - 93915983574C4A7BD852845825E2A4CC

#13 kmeechan

kmeechan
  • Topic Starter

  • Members
  • 54 posts
  • OFFLINE
  •  
  • Local time:06:11 AM

Posted 07 June 2011 - 03:22 AM

During the Combofix operation an error message appeared in a separate window: "pev.cfxxe has encountered a problem and needs to close". Pc seems the same, sluggish, browser opens slowly, web pages load slowly, etc. FYI it has not been rebooted since the various scans you have had me do today, I was not prompted to restart

#14 kmeechan

kmeechan
  • Topic Starter

  • Members
  • 54 posts
  • OFFLINE
  •  
  • Local time:06:11 AM

Posted 07 June 2011 - 01:51 PM

as you asked how the PC is running here is some additional info:
out of curiosity I restarted it, much better but still slower than before the problems began, especially start up time, it used to take 2-3 minutes to boot up and load everything in the system tray lower right, it now took about 7 minutes until the McAfee icon appeared. McAfee recently upgraded itself, maybe it's even more of a resource hog now, I'll try turning off the real time scanning and use another program for that.

I notice that not only are the folders/files I was concerned about gone now (C:\Documents and Settings\Administrator.DELL\LocalSettings\Temp\RarSFX6\procs\iexplore.exe) but that there are no more LocalSettings folders at all under any of the user account folders, is this normal after running OTL and Combofix?

Just for my own info were there specific problems/threats found that you were addressing with OTL fix and Combofix? Any evidence of rootkit activity/

Thanks

#15 SweetTech

SweetTech

    Agent ST


  • Members
  • 13,421 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Antarctica
  • Local time:09:11 AM

Posted 07 June 2011 - 02:21 PM

Hi!

During the Combofix operation an error message appeared in a separate window: "pev.cfxxe has encountered a problem and needs to close". Pc seems the same, sluggish, browser opens slowly, web pages load slowly, etc. FYI it has not been rebooted since the various scans you have had me do today, I was not prompted to restart

Okay. Thanks for letting me know that.

out of curiosity I restarted it, much better but still slower than before the problems began, especially start up time, it used to take 2-3 minutes to boot up and load everything in the system tray lower right, it now took about 7 minutes until the McAfee icon appeared. McAfee recently upgraded itself, maybe it's even more of a resource hog now, I'll try turning off the real time scanning and use another program for that.

Okay, this maybe related to you having 3 anti-virus programs installed on your system. I'd choose 1 and remove the other 2.

I notice that not only are the folders/files I was concerned about gone now (C:\Documents and Settings\Administrator.DELL\LocalSettings\Temp\RarSFX6\procs\iexplore.exe) but that there are no more LocalSettings folders at all under any of the user account folders, is this normal after running OTL and Combofix?

Off hand I believe Local Settings is a legitimate Windows folder. You're not seeing it now, because a setting has been reset to hide Hidden Folders.

Malwarebytes' Anti-Malware

I see that you have Malwarebytes' Anti-Malware installed on your computer could you please do a scan using these settings:

  • Open Malwarebytes' Anti-Malware
  • Select the Update tab
  • Click Check for Updates
  • After the update have been completed, Select the Scanner tab.
  • Select Perform quick scan, then click on Scan
  • Leave the default options as it is and click on Start Scan
  • When done, you will be prompted. Click OK, then click on Show Results
  • Checked (ticked) all items and click on Remove Selected
  • After it has removed the items, Notepad will open. Please post this log in your next reply. You can also find the log in the Logs tab. The bottom most log is the latest
Extra Note: If MBAM encounters a file that is difficult to remove, you will be presented with 1 of 2 prompts, click OK to either and let MBAM proceed with the disinfection process, if asked to restart the computer, please do so immediately.



NEXT:



ESET Online Scanner
I'd like us to scan your machine with ESET Online Scan

Note: It is recommended to disable on-board anti-virus program and anti-spyware programs while performing scans so there are no conflicts and it will speed up scan time.
Please don't go surfing while your resident protection is disabled!
Once the scan is finished remember to re-enable your anti-virus along with your anti-spyware programs.



  • Hold down Control and click on the following link to open ESET OnlineScan in a new window.
    ESET OnlineScan
  • Click the Posted Image button.
  • For alternate browsers only: (Microsoft Internet Explorer users can skip these steps)
    • Click on Posted Image to download the ESET Smart Installer. Save it to your desktop.
    • Double click on the Posted Image icon on your desktop.
  • Check Posted Image
  • Click the Posted Image button.
  • Accept any security warnings from your browser.
  • Check Posted Image
  • Make sure that the option "Remove found threats" is Unchecked
  • When the Computer scan settings display shows, click the Advanced option, the place a check next to the following (if it is not already checked):
    • Enable Anti-Stealth technology
  • Push the Start button.
  • ESET will then download updates for itself, install itself, and begin
    scanning your computer. Please be patient as this can take some time.
  • When the scan completes, push Posted Image
  • Push Posted Image, and save the file to your desktop using a unique name, such as
    ESETScan. Include the contents of this report in your next reply.
  • Push the Posted Image button.
  • Push Posted Image


NEXT:



Security Check
Download Security Check by screen317 from here or here.
  • Save it to your Desktop.
  • Double click SecurityCheck.exe and follow the onscreen instructions inside of the black box.
  • A Notepad document should open automatically called checkup.txt; please post the contents of that document.

Have I helped you? If you'd like to assist in the fight against malware, click here Posted Image


The instructions seen in this post have been specifically tailored to this user and the issues they are experiencing with their computer. If you think you have a similar problem, please first read this topic, and then begin your own, new thread. I do not offer private support via Private Message.





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users