Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Infected with AV Security 2012 and possibly TR/Rootkit.Gen2


  • This topic is locked This topic is locked
57 replies to this topic

#1 Jdaniel314

Jdaniel314

  • Members
  • 108 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:01:46 PM

Posted 30 November 2011 - 04:35 PM

Please see previous thread.
http://www.bleepingcomputer.com/forums/topic427775.html

When I click Malwarebytes, It doesn't start at all.
Instead, I get an error dialogue:
The system cannot find the file specified
PROGRAM_ERROR_ENUMERATE_LANGUAGES(2,0)

When I ran dds.scr, the log notification repeated 5 times after the program had finished running,
and twice more AFTER I restarted the computer.
OH, I just got another one

whenever the computer starts, I get this notification:
avgnt.exe (THIS IS MY ANTIVIRUS PROGRAM!)
C:\WINDOWS\system32\MSCTF.dll is not a valid windows image

Also, I got a seperate notification that the file vb6stkit.dll was not found.

And Ironically enough, I have a virus too. :hysterical:
So, my head's not very clear atm, so I may have forgotten a couple of things
Here are the logs.
GMER 1.0.15.15641 - http://www.gmer.net
Rootkit scan 2011-11-29 15:55:44
Windows 5.1.2600 Service Pack 3 Harddisk0\DR0 -> \Device\Ide\IdeDeviceP4T0L0-16 ST3120213A rev.3.AAE
Running: nsq9ndw2.exe; Driver: C:\DOCUME~1\Owner\LOCALS~1\Temp\pgqcqfow.sys


---- System - GMER 1.0.15 ----

SSDT F7D768E4 ZwClose
SSDT F7D7689E ZwCreateKey
SSDT F7D768EE ZwCreateSection
SSDT F7D768C6 ZwCreateSymbolicLinkObject
SSDT F7D76894 ZwCreateThread
SSDT F7D768A3 ZwDeleteKey
SSDT F7D768AD ZwDeleteValueKey
SSDT F7D768DF ZwDuplicateObject
SSDT F7D768CB ZwLoadDriver
SSDT F7D768B2 ZwLoadKey
SSDT F7D76880 ZwOpenProcess
SSDT F7D768C1 ZwOpenSection
SSDT F7D76885 ZwOpenThread
SSDT F7D76907 ZwQueryValueKey
SSDT F7D768BC ZwReplaceKey
SSDT F7D768F8 ZwRequestWaitReplyPort
SSDT F7D768B7 ZwRestoreKey
SSDT F7D768F3 ZwSetContextThread
SSDT F7D768FD ZwSetSecurityObject
SSDT F7D768D0 ZwSetSystemInformation
SSDT F7D768A8 ZwSetValueKey
SSDT F7D76902 ZwSystemDebugControl
SSDT F7D7688F ZwTerminateProcess
SSDT F7D7688A ZwWriteVirtualMemory

---- Kernel code sections - GMER 1.0.15 ----

? C:\DOCUME~1\Owner\LOCALS~1\Temp\mbr.sys The system cannot find the file specified. !

---- User code sections - GMER 1.0.15 ----

.text C:\Program Files\Real\RealPlayer\update\realsched.exe[1172] kernel32.dll!SetUnhandledExceptionFilter 7C84495D 5 Bytes [33, C0, C2, 04, 00] {XOR EAX, EAX; RET 0x4}

---- Files - GMER 1.0.15 ----

File C:\WINDOWS\$NtUninstallKB34755$\1954564807 0 bytes
File C:\WINDOWS\$NtUninstallKB34755$\3940379934 0 bytes
File C:\WINDOWS\$NtUninstallKB34755$\3940379934\@ 2048 bytes
File C:\WINDOWS\$NtUninstallKB34755$\3940379934\bckfg.tmp 847 bytes
File C:\WINDOWS\$NtUninstallKB34755$\3940379934\cfg.ini 123 bytes
File C:\WINDOWS\$NtUninstallKB34755$\3940379934\Desktop.ini 4608 bytes
File C:\WINDOWS\$NtUninstallKB34755$\3940379934\keywords 0 bytes
File C:\WINDOWS\$NtUninstallKB34755$\3940379934\kwrd.dll 223744 bytes
File C:\WINDOWS\$NtUninstallKB34755$\3940379934\L 0 bytes
File C:\WINDOWS\$NtUninstallKB34755$\3940379934\L\arxnoznw 52480 bytes
File C:\WINDOWS\$NtUninstallKB34755$\3940379934\U 0 bytes
File C:\WINDOWS\$NtUninstallKB34755$\3940379934\U\00000001.@ 2048 bytes
File C:\WINDOWS\$NtUninstallKB34755$\3940379934\U\00000002.@ 224768 bytes
File C:\WINDOWS\$NtUninstallKB34755$\3940379934\U\00000004.@ 1024 bytes
File C:\WINDOWS\$NtUninstallKB34755$\3940379934\U\80000000.@ 1024 bytes
File C:\WINDOWS\$NtUninstallKB34755$\3940379934\U\80000004.@ 12800 bytes
File C:\WINDOWS\$NtUninstallKB34755$\3940379934\U\80000032.@ 96256 bytes

---- EOF - GMER 1.0.15 ----


.
DDS (Ver_2011-08-26.01) - NTFSx86
Internet Explorer: 8.0.6001.18702
Run by Owner at 12:09:43 on 2011-11-29
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.1022.537 [GMT -6:00]
.
AV: Avira Desktop *Disabled/Updated* {C19476D9-52BC-4E93-8AF3-CCF59F7AE8FE}
.
============== Running Processes ===============
.
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Avira\AntiVir Desktop\sched.exe
C:\WINDOWS\Explorer.EXE
svchost.exe
C:\Program Files\SUPERAntiSpyware\SASCORE.EXE
C:\Program Files\Avira\AntiVir Desktop\avguard.exe
C:\WINDOWS\system32\cisvc.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\WINDOWS\system32\lxcycoms.exe
C:\WINDOWS\system32\svchost.exe -k imgsvc
C:\WINDOWS\RTHDCPL.EXE
C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe
C:\Program Files\Lexmark 3400 Series\ezprint.exe
C:\Program Files\ATI Technologies\ATI.ACE\CLI.EXE
C:\Program Files\Real\RealPlayer\update\realsched.exe
C:\Program Files\Ask.com\Updater\Updater.exe
C:\Program Files\Avira\AntiVir Desktop\avgnt.exe
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\Program Files\Common Files\Ahead\lib\NMBgMonitor.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
C:\Program Files\Avira\AntiVir Desktop\avshadow.exe
C:\Program Files\Avira\AntiVir Desktop\avmailc.exe
C:\Program Files\Avira\AntiVir Desktop\AVWEBGRD.EXE
C:\WINDOWS\system32\cidaemon.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\system32\rundll32.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://www.yahoo.com/
uURLSearchHooks: UrlSearchHook Class: {00000000-6e41-4fd3-8538-502f5495e5fc} - c:\program files\ask.com\GenericAskToolbar.dll
BHO: Lexmark Toolbar: {1017a80c-6f09-4548-a84d-edd6ac9525f0} - c:\program files\lexmark toolbar\toolband.dll
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: RealPlayer Download and Record Plugin for Internet Explorer: {3049c3e9-b461-4bc5-8870-4c09146192ca} - c:\documents and settings\all users\application data\real\realplayer\browserrecordplugin\ie\rpbrowserrecordplugin.dll
BHO: Google Toolbar Helper: {aa58ed58-01dd-4d91-8333-cf10577473f7} - c:\program files\google\google toolbar\GoogleToolbar_32.dll
BHO: {af69de43-7d58-4638-b6fa-ce66b5ad205d} - Google Toolbar Notifier BHO
BHO: Ask Toolbar: {d4027c7f-154a-4066-a1ad-4243d8127440} - c:\program files\ask.com\GenericAskToolbar.dll
BHO: Java™ Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
TB: Lexmark Toolbar: {1017a80c-6f09-4548-a84d-edd6ac9525f0} - c:\program files\lexmark toolbar\toolband.dll
TB: Google Toolbar: {2318c2b1-4965-11d4-9b18-009027a5cd4f} - c:\program files\google\google toolbar\GoogleToolbar_32.dll
TB: Ask Toolbar: {d4027c7f-154a-4066-a1ad-4243d8127440} - c:\program files\ask.com\GenericAskToolbar.dll
uRun: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "c:\program files\common files\ahead\lib\NMBgMonitor.exe"
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
uRun: [MSMSGS] "c:\program files\messenger\msmsgs.exe" /background
uRun: [swg] "c:\program files\google\googletoolbarnotifier\GoogleToolbarNotifier.exe"
mRun: [RTHDCPL] RTHDCPL.EXE
mRun: [Alcmtr] ALCMTR.EXE
mRun: [NeroFilterCheck] c:\windows\system32\NeroCheck.exe
mRun: [RemoteControl] "c:\program files\cyberlink\powerdvd\PDVDServ.exe"
mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 9.0\reader\Reader_sl.exe"
mRun: [ATICCC] "c:\program files\ati technologies\ati.ace\CLIStart.exe"
mRun: [lxcymon.exe] "c:\program files\lexmark 3400 series\lxcymon.exe"
mRun: [EzPrint] "c:\program files\lexmark 3400 series\ezprint.exe"
mRun: [FaxCenterServer] "c:\program files\lexmark fax solutions\fm3032.exe" /s
mRun: [LXCYCATS] rundll32 c:\windows\system32\spool\drivers\w32x86\3\LXCYtime.dll,_RunDLLEntry@16
mRun: [TkBellExe] "c:\program files\real\realplayer\update\realsched.exe" -osboot
mRun: [ApnUpdater] "c:\program files\ask.com\updater\Updater.exe"
mRun: [avgnt] "c:\program files\avira\antivir desktop\avgnt.exe" /min
mRun: [SunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe"
mRun: [APSDaemon] "c:\program files\common files\apple\apple application support\APSDaemon.exe"
mRun: [QuickTime Task] "c:\program files\quicktime\qttask.exe" -atboottime
StartupFolder: c:\docume~1\owner\startm~1\programs\startup\openof~1.lnk - c:\program files\openoffice.org 3\program\quickstart.exe
IE: Google Sidewiki... - c:\program files\google\google toolbar\component\GoogleToolbarDynamic_mui_en_7461B1589E8B4FB7.dll/cmsidewiki.html
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
LSP: c:\program files\avira\antivir desktop\avsda.dll
LSP: mswsock.dll
DPF: {17492023-C23A-453E-A040-C7C580BBF700} - hxxp://download.microsoft.com/download/E/5/6/E5611B10-0D6D-4117-8430-A67417AA88CD/LegitCheckControl.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0029-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab
TCP: DhcpNameServer = 192.168.0.1
TCP: Interfaces\{9761E3DC-26A0-4143-B844-C507E062515F} : DhcpNameServer = 192.168.0.1
Notify: !SASWinLogon - c:\program files\superantispyware\SASWINLO.DLL
Notify: AtiExtEvent - Ati2evxx.dll
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll
SEH: SABShellExecuteHook Class: {5ae067d3-9afb-48e0-853a-ebb7f4a000da} - c:\program files\superantispyware\SASSEH.DLL
.
============= SERVICES / DRIVERS ===============
.
R1 avkmgr;avkmgr;c:\windows\system32\drivers\avkmgr.sys [2011-10-20 36000]
R1 SASDIFSV;SASDIFSV;c:\program files\superantispyware\sasdifsv.sys [2011-7-22 12880]
R1 SASKUTIL;SASKUTIL;c:\program files\superantispyware\SASKUTIL.SYS [2011-7-12 67664]
R2 !SASCORE;SAS Core Service;c:\program files\superantispyware\SASCore.exe [2011-8-11 116608]
R2 AntiVirMailService;Avira Mail Protection;c:\program files\avira\antivir desktop\avmailc.exe [2011-11-13 342480]
R2 AntiVirSchedulerService;Avira Scheduler;c:\program files\avira\antivir desktop\sched.exe [2011-10-20 86224]
R2 AntiVirService;Avira Realtime Protection;c:\program files\avira\antivir desktop\avguard.exe [2011-10-20 110032]
R2 AntiVirWebService;Avira Web Protection;c:\program files\avira\antivir desktop\avwebgrd.exe [2011-10-20 463824]
R2 avgntflt;avgntflt;c:\windows\system32\drivers\avgntflt.sys [2011-10-20 74640]
R2 lxcy_device;lxcy_device;c:\windows\system32\lxcycoms.exe -service --> c:\windows\system32\lxcycoms.exe -service [?]
S2 gupdate;Google Update Service (gupdate);c:\program files\google\update\GoogleUpdate.exe [2011-5-27 136176]
S3 gupdatem;Google Update Service (gupdatem);c:\program files\google\update\GoogleUpdate.exe [2011-5-27 136176]
S3 MBAMSwissArmy;MBAMSwissArmy;\??\c:\windows\system32\drivers\mbamswissarmy.sys --> c:\windows\system32\drivers\mbamswissarmy.sys [?]
.
=============== Created Last 30 ================
.
2011-11-29 03:48:00 -------- d-----w- c:\program files\Free Window Registry Repair
2011-11-29 02:58:19 116224 -c--a-w- c:\windows\system32\dllcache\xrxwiadr.dll
2011-11-29 02:58:15 23040 -c--a-w- c:\windows\system32\dllcache\xrxwbtmp.dll
2011-11-29 02:58:15 18944 -c--a-w- c:\windows\system32\dllcache\xrxscnui.dll
2011-11-29 02:58:11 27648 -c--a-w- c:\windows\system32\dllcache\xrxftplt.exe
2011-11-29 02:58:08 4608 -c--a-w- c:\windows\system32\dllcache\xrxflnch.exe
2011-11-29 02:58:02 99865 -c--a-w- c:\windows\system32\dllcache\xlog.exe
2011-11-29 02:57:55 16970 -c--a-w- c:\windows\system32\dllcache\xem336n5.sys
2011-11-29 02:57:54 19455 -c--a-w- c:\windows\system32\dllcache\wvchntxx.sys
2011-11-29 02:57:52 19200 -c--a-w- c:\windows\system32\dllcache\wstcodec.sys
2011-11-29 02:57:51 12063 -c--a-w- c:\windows\system32\dllcache\wsiintxx.sys
2011-11-29 02:57:50 8192 -c--a-w- c:\windows\system32\dllcache\wshirda.dll
2011-11-29 02:57:25 8832 -c--a-w- c:\windows\system32\dllcache\wmiacpi.sys
2011-11-29 02:57:23 154624 -c--a-w- c:\windows\system32\dllcache\wlluc48.sys
2011-11-29 02:57:20 34890 -c--a-w- c:\windows\system32\dllcache\wlandrv2.sys
2011-11-29 02:57:02 771581 -c--a-w- c:\windows\system32\dllcache\winacisa.sys
2011-11-29 02:55:56 249402 -c--a-w- c:\windows\system32\dllcache\vinwm.sys
2011-11-29 02:54:58 26624 -c--a-w- c:\windows\system32\dllcache\umaxu22.dll
2011-11-29 02:53:56 34375 -c--a-w- c:\windows\system32\dllcache\tpro4.sys
2011-11-29 02:51:50 30464 -c--a-w- c:\windows\system32\dllcache\tbatm155.sys
2011-11-29 02:50:58 53248 -c--a-w- c:\windows\system32\dllcache\stlncoin.dll
2011-11-29 02:49:38 58368 -c--a-w- c:\windows\system32\dllcache\smiminib.sys
2011-11-29 02:49:31 147200 -c--a-w- c:\windows\system32\dllcache\smidispb.dll
2011-11-29 02:49:24 25034 -c--a-w- c:\windows\system32\dllcache\smcpwr2n.sys
2011-11-29 02:49:21 35913 -c--a-w- c:\windows\system32\dllcache\smcirda.sys
2011-11-29 02:49:18 24576 -c--a-w- c:\windows\system32\dllcache\smc8000n.sys
2011-11-29 02:49:15 6912 -c--a-w- c:\windows\system32\dllcache\smbclass.sys
2011-11-29 02:49:15 6784 -c--a-w- c:\windows\system32\dllcache\smbhc.sys
2011-11-29 02:49:14 5888 -c--a-w- c:\windows\system32\dllcache\smbali.sys
2011-11-29 02:49:14 16000 -c--a-w- c:\windows\system32\dllcache\smbbatt.sys
2011-11-29 02:49:09 45568 -c--a-w- c:\windows\system32\dllcache\smb3w.dll
2011-11-29 02:49:06 33792 -c--a-w- c:\windows\system32\dllcache\smb0w.dll
2011-11-29 02:49:01 28672 -c--a-w- c:\windows\system32\dllcache\sma0w.dll
2011-11-29 02:47:57 3901 -c--a-w- c:\windows\system32\dllcache\siint5.dll
2011-11-29 02:46:59 495616 -c--a-w- c:\windows\system32\dllcache\sblfx.dll
2011-11-29 02:45:53 19017 -c--a-w- c:\windows\system32\dllcache\rtl8029.sys
2011-11-29 02:44:48 49024 -c--a-w- c:\windows\system32\dllcache\ql1280.sys
2011-11-29 02:43:09 121344 -c--a-w- c:\windows\system32\dllcache\phvfwext.dll
2011-11-29 02:43:02 19840 -c--a-w- c:\windows\system32\dllcache\philtune.sys
2011-11-29 02:41:57 39424 -c--a-w- c:\windows\system32\dllcache\ovcoms.exe
2011-11-29 02:40:58 9344 -c--a-w- c:\windows\system32\dllcache\ntapm.sys
2011-11-29 02:39:59 75520 -c--a-w- c:\windows\system32\dllcache\mxport.sys
2011-11-29 02:38:53 35200 -c--a-w- c:\windows\system32\dllcache\msgame.sys
2011-11-29 02:38:50 6016 -c--a-w- c:\windows\system32\dllcache\msfsio.sys
2011-11-29 02:38:48 51200 -c--a-w- c:\windows\system32\dllcache\msdv.sys
2011-11-29 02:38:41 17280 -c--a-w- c:\windows\system32\dllcache\mraid35x.sys
2011-11-29 02:38:38 15232 -c--a-w- c:\windows\system32\dllcache\mpe.sys
2011-11-29 02:38:25 16128 -c--a-w- c:\windows\system32\dllcache\modemcsa.sys
2011-11-29 02:38:18 6528 -c--a-w- c:\windows\system32\dllcache\miniqic.sys
2011-11-29 02:38:09 320384 -c--a-w- c:\windows\system32\dllcache\mgaum.sys
2011-11-29 02:38:06 235648 -c--a-w- c:\windows\system32\dllcache\mgaud.dll
2011-11-29 02:36:55 15744 -c--a-w- c:\windows\system32\dllcache\lit220p.sys
2011-11-29 02:36:54 34688 -c--a-w- c:\windows\system32\dllcache\lbrtfdc.sys
2011-11-29 02:36:51 26442 -c--a-w- c:\windows\system32\dllcache\lanepic5.sys
2011-11-29 02:36:49 19016 -c--a-w- c:\windows\system32\dllcache\ktc111.sys
2011-11-29 02:36:42 37376 -c--a-w- c:\windows\system32\dllcache\kousd.dll
2011-11-29 02:36:37 253952 -c--a-w- c:\windows\system32\dllcache\kdsusd.dll
2011-11-29 02:36:36 48640 -c--a-w- c:\windows\system32\dllcache\kdsui.dll
2011-11-29 02:36:10 8192 -c--a-w- c:\windows\system32\dllcache\kbdkor.dll
2011-11-29 02:36:08 8704 -c--a-w- c:\windows\system32\dllcache\kbdjpn.dll
2011-11-29 02:35:33 6144 -c--a-w- c:\windows\system32\dllcache\kbd106.dll
2011-11-29 02:35:31 5632 -c--a-w- c:\windows\system32\dllcache\kbd103.dll
2011-11-29 02:35:28 6144 -c--a-w- c:\windows\system32\dllcache\kbd101c.dll
2011-11-29 02:35:26 6144 -c--a-w- c:\windows\system32\dllcache\kbd101b.dll
2011-11-29 02:35:17 26624 -c--a-w- c:\windows\system32\dllcache\irstusb.sys
2011-11-29 02:35:15 18688 -c--a-w- c:\windows\system32\dllcache\irsir.sys
2011-11-29 02:35:14 28160 -c--a-w- c:\windows\system32\dllcache\irmon.dll
2011-11-29 02:35:12 23552 -c--a-w- c:\windows\system32\dllcache\irmk7.sys
2011-11-29 02:35:12 151552 -c--a-w- c:\windows\system32\dllcache\irftp.exe
2011-11-29 02:35:11 88192 -c--a-w- c:\windows\system32\dllcache\irda.sys
2011-11-29 02:35:03 45632 -c--a-w- c:\windows\system32\dllcache\ip5515.sys
2011-11-29 02:35:01 90200 -c--a-w- c:\windows\system32\dllcache\io8ports.dll
2011-11-29 02:34:58 38784 -c--a-w- c:\windows\system32\dllcache\io8.sys
2011-11-29 02:34:57 5504 -c--a-w- c:\windows\system32\dllcache\intelide.sys
2011-11-29 02:34:55 13056 -c--a-w- c:\windows\system32\dllcache\inport.sys
2011-11-29 02:34:52 16000 -c--a-w- c:\windows\system32\dllcache\ini910u.sys
2011-11-29 02:34:02 372824 -c--a-w- c:\windows\system32\dllcache\iconf32.dll
2011-11-29 02:32:57 73279 -c--a-w- c:\windows\system32\dllcache\hsf_spkp.sys
2011-11-29 02:31:59 119296 -c--a-w- c:\windows\system32\dllcache\hpdigwia.dll
2011-11-29 02:30:23 92160 -c--a-w- c:\windows\system32\dllcache\fuusd.dll
2011-11-29 02:30:22 455296 -c--a-w- c:\windows\system32\dllcache\fusbbase.sys
2011-11-29 02:30:20 455680 -c--a-w- c:\windows\system32\dllcache\fus2base.sys
2011-11-29 02:30:14 442240 -c--a-w- c:\windows\system32\dllcache\fpnpbase.sys
2011-11-29 02:30:10 441728 -c--a-w- c:\windows\system32\dllcache\fpcmbase.sys
2011-11-29 02:30:08 444416 -c--a-w- c:\windows\system32\dllcache\fpcibase.sys
2011-11-29 02:30:00 34173 -c--a-w- c:\windows\system32\dllcache\forehe.sys
2011-11-29 02:29:58 71680 -c--a-w- c:\windows\system32\dllcache\fnfilter.dll
2011-11-29 02:29:50 27165 -c--a-w- c:\windows\system32\dllcache\fetnd5.sys
2011-11-29 02:29:45 22090 -c--a-w- c:\windows\system32\dllcache\fem556n5.sys
2011-11-29 02:29:40 24618 -c--a-w- c:\windows\system32\dllcache\fa410nd5.sys
2011-11-29 02:29:38 16074 -c--a-w- c:\windows\system32\dllcache\fa312nd5.sys
2011-11-29 02:29:33 11850 -c--a-w- c:\windows\system32\dllcache\f3ab18xj.sys
2011-11-29 02:29:31 12362 -c--a-w- c:\windows\system32\dllcache\f3ab18xi.sys
2011-11-29 02:29:29 7040 -c--a-w- c:\windows\system32\dllcache\exabyte2.sys
2011-11-29 02:29:27 16998 -c--a-w- c:\windows\system32\dllcache\ex10.sys
2011-11-29 02:29:12 45568 -c--a-w- c:\windows\system32\dllcache\esunib.dll
2011-11-29 02:29:10 45568 -c--a-w- c:\windows\system32\dllcache\esuni.dll
2011-11-29 02:29:02 34816 -c--a-w- c:\windows\system32\dllcache\esuimg.dll
2011-11-29 02:27:55 19594 -c--a-w- c:\windows\system32\dllcache\e100isa4.sys
2011-11-29 02:26:58 24064 -c--a-w- c:\windows\system32\dllcache\devldr32.exe
2011-11-29 02:25:57 10240 -c--a-w- c:\windows\system32\dllcache\compbatt.sys
2011-11-29 02:24:58 121856 -c--a-w- c:\windows\system32\dllcache\camext30.dll
2011-11-29 02:24:57 236032 -c--a-w- c:\windows\system32\dllcache\camext20.dll
2011-11-29 02:24:56 74240 -c--a-w- c:\windows\system32\dllcache\camexo20.dll
2011-11-29 02:24:55 171264 -c--a-w- c:\windows\system32\dllcache\camdrv30.sys
2011-11-29 02:24:54 314752 -c--a-w- c:\windows\system32\dllcache\camdro21.sys
2011-11-29 02:24:54 223232 -c--a-w- c:\windows\system32\dllcache\camdrv21.sys
2011-11-29 02:20:58 52224 -c--a-w- c:\windows\system32\dllcache\atinraxx.sys
2011-11-29 02:19:59 101888 -c--a-w- c:\windows\system32\dllcache\adpu160m.sys
2011-11-29 01:21:09 66048 -c--a-w- c:\windows\system32\dllcache\s3legacy.dll
2011-11-28 21:41:07 -------- d-----w- c:\program files\Windows Media Connect 2
2011-11-28 21:39:45 -------- d-----w- c:\windows\system32\LogFiles
2011-11-28 21:38:55 6144 -c----w- c:\windows\system32\dllcache\iecompat.dll
2011-11-28 20:38:28 -------- d-----w- c:\program files\Needed-Files-Downloader
2011-11-28 17:27:52 -------- d-----w- c:\windows\system32\wbem\repository\FS
2011-11-28 17:27:52 -------- d-----w- c:\windows\system32\wbem\Repository
2011-11-28 04:19:05 -------- d-----w- c:\program files\Audacity
2011-11-23 03:48:49 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2011-11-23 03:36:04 -------- d-----w- c:\documents and settings\all users\application data\Individual Software
2011-11-23 03:36:03 -------- d-----w- c:\program files\Total 3D
2011-11-21 13:33:16 -------- d-----w- c:\program files\321cba
2011-11-21 04:53:23 -------- d-----w- c:\documents and settings\owner\application data\SUPERAntiSpyware.com
2011-11-21 04:52:02 -------- d-----w- c:\program files\SUPERAntiSpyware
2011-11-21 04:52:02 -------- d-----w- c:\documents and settings\all users\application data\SUPERAntiSpyware.com
2011-11-14 02:46:36 -------- d-----w- c:\documents and settings\owner\application data\Petroglyph
2011-11-13 23:20:33 -------- d-----w- c:\documents and settings\owner\local settings\application data\Apple
2011-11-13 23:20:30 -------- d-----w- c:\program files\CONEXANT
2011-11-13 07:18:15 -------- d-----w- c:\program files\LucasArts
2011-11-13 02:51:54 159744 ----a-w- c:\program files\internet explorer\plugins\npqtplugin7.dll
2011-11-13 02:51:54 159744 ----a-w- c:\program files\internet explorer\plugins\npqtplugin6.dll
2011-11-13 02:51:54 159744 ----a-w- c:\program files\internet explorer\plugins\npqtplugin5.dll
2011-11-13 02:51:54 159744 ----a-w- c:\program files\internet explorer\plugins\npqtplugin4.dll
2011-11-13 02:51:54 159744 ----a-w- c:\program files\internet explorer\plugins\npqtplugin3.dll
2011-11-13 02:51:54 159744 ----a-w- c:\program files\internet explorer\plugins\npqtplugin2.dll
2011-11-13 02:51:54 159744 ----a-w- c:\program files\internet explorer\plugins\npqtplugin.dll
2011-11-13 02:49:03 -------- d-----w- c:\documents and settings\owner\local settings\application data\Apple Computer
2011-11-10 12:45:10 -------- d-----w- c:\documents and settings\owner\application data\JRgXjCkBzNx1
2011-11-10 12:45:09 -------- d-----w- c:\documents and settings\owner\application data\SwUeOx0c1b3n4Q6
2011-11-09 22:34:27 -------- d-----w- c:\documents and settings\owner\application data\wJfLgZjCkVzNx0v
2011-11-09 22:34:27 -------- d-----w- c:\documents and settings\owner\application data\pwIrOtAuSiFpGaJ
2011-11-09 22:31:25 -------- d-----w- c:\documents and settings\owner\application data\WsWJ7dELTqYwIrO
2011-11-09 22:31:24 -------- d-----w- c:\documents and settings\owner\application data\g6dWKjUCByuoFpH
2011-11-09 22:31:04 -------- d-----w- c:\documents and settings\owner\application data\TlBx01b3n4Q6W7R
2011-11-09 03:27:27 -------- d-----w- c:\program files\Paint.NET
2011-11-09 03:27:18 -------- d-----w- c:\documents and settings\owner\local settings\application data\Paint.NET
2011-11-04 23:13:35 -------- d-----w- c:\program files\Wild Creatures Demo
.
==================== Find3M ====================
.
2011-10-24 20:29:02 94208 ----a-w- c:\windows\system32\QuickTimeVR.qtx
2011-10-24 20:29:02 69632 ----a-w- c:\windows\system32\QuickTime.qts
2011-10-19 03:48:11 414368 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2011-10-11 20:00:32 74640 ----a-w- c:\windows\system32\drivers\avgntflt.sys
2011-10-11 20:00:32 36000 ----a-w- c:\windows\system32\drivers\avkmgr.sys
2011-10-10 14:22:41 692736 ----a-w- c:\windows\system32\inetcomm.dll
2011-10-07 23:05:50 323624 ----a-w- c:\windows\system32\wiaaut.dll
2011-10-03 11:06:03 472808 ----a-w- c:\windows\system32\deployJava1.dll
2011-10-03 08:37:52 73728 ----a-w- c:\windows\system32\javacpl.cpl
2011-09-28 07:06:50 599040 ----a-w- c:\windows\system32\crypt32.dll
2011-09-26 16:41:20 611328 ----a-w- c:\windows\system32\uiautomationcore.dll
2011-09-26 16:41:20 220160 ----a-w- c:\windows\system32\oleacc.dll
2011-09-26 16:41:14 20480 ----a-w- c:\windows\system32\oleaccrc.dll
2011-09-06 13:20:51 1858944 ----a-w- c:\windows\system32\win32k.sys
2011-09-03 17:49:21 98304 ----a-w- c:\windows\DUMP498c.tmp
2011-09-03 10:17:37 599040 ----a-w- c:\windows\system32\crypt32(3).dll
2011-08-31 23:00:50 22216 ----a-w- c:\windows\system32\drivers\mbam.sys
.
============= FINISH: 12:10:52.48 ===============

BC AdBot (Login to Remove)

 


#2 SweetTech

SweetTech

    Agent ST


  • Members
  • 13,421 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Antarctica
  • Local time:03:46 PM

Posted 01 December 2011 - 03:42 AM

Hello and welcome to the forums!

My secret agent name on the forums is SweetTech (you can call me Agent ST for short), it's a pleasure to meet you. :)

I would be glad to take a look at your log and help you with solving any malware problems.

If you have since resolved the issues you were originally experiencing, or have received help elsewhere, please inform me so that this topic can be closed.

If you have not, please adhere to the guidelines below and then follow instructions as outlined further below:


  • Logs from malware removal programs (OTL is one of them) can take some time to analyze. I need you to be patient while I analyze any logs you post. Please remember, I am a volunteer, and I do have a life outside of these forums.
  • Please make sure to carefully read any instruction that I give you. Attention to detail is important! Since I cannot see or directly interact with your computer I am dependent on you to "be my eyes" and provide as much information as you can regarding the current state of your computer.
  • If you're not sure, or if something unexpected happens, do NOT continue! Stop and ask!
  • In Windows Vista and Windows 7, all tools need to be started by right clicking and selecting Run as Administrator!
  • If I instruct you to download a specific tool in which you already have, please delete the copy that you have and re-download the tool. The reason I ask you to do this is because these tools are updated fairly regularly.
  • Do not do things I do not ask for, such as running a spyware scan on your computer. The one thing that you should always do, is to make sure sure that your anti-virus definitions are up-to-date!
  • Please do not use the Attachment feature for any log file. Do a Copy/Paste of the entire contents of the log file and submit it inside your post.
  • I am going to stick with you until ALL malware is gone from your system. I would appreciate it if you would do the same. From this point, we're in this together ;)
    Because of this, you must reply within three days
    failure to reply will result in the topic being closed!
  • Lastly, I am no magician. I will try very hard to fix your issues, but no promises can be made. Also be aware that some infections are so severe that you might need to resort to reformatting and reinstalling your operating system.
    Don't worry, this only happens in severe cases, but it sadly does happen. Be prepared to back up your data. Have means of backing up your data available.

____________________________________________________

Looks like you may be infected with ZeroAccess. Please run these scans for me:

OTS Scan
Download OTS to your Desktop
  • Double-click on OTS.exe to start the program. Make sure you close all other programs.
  • Now click the Run Scan button on the toolbar. Make sure not to use the PC while the program is running or it will freeze.
  • When the scan is complete Notepad will open with the report file loaded in it.
  • Please copy and paste the contents of the OTS report into your next reply.

Have I helped you? If you'd like to assist in the fight against malware, click here Posted Image


The instructions seen in this post have been specifically tailored to this user and the issues they are experiencing with their computer. If you think you have a similar problem, please first read this topic, and then begin your own, new thread. I do not offer private support via Private Message.


#3 Jdaniel314

Jdaniel314
  • Topic Starter

  • Members
  • 108 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:01:46 PM

Posted 01 December 2011 - 11:54 AM

Thank you very much for helping out on this fourum! :-), I really appreciate you and the other wonderful people like you that volunteer your free time, especially considering how many people come here with a sense of entitlement, and sometimes even resort to blatant insults (for shame!)

I'm a bit concerned about the On-screen keyboard, it's getting VERY slow and unresponsive, and as I mentioned in the previous thread, the physical keyboard doesn't work. :wacko:

Oh, and also, when I went to turn off my screensaver to make sure that OTS would not be interrupted,I figured out that the reason that I kept getting the dds log was that I had left it as the screensaver (silly me)
Also, if the log shos that avira's guards were down, that's because I had temporarily disabled them to run the scan, I'd also physically disconnected the DSL because that's something I always do whenever the guards are down
So anyway, Here's the log.

OTS logfile created on: 12/1/2011 9:02:57 AM - Run 1
OTS by OldTimer - Version 3.1.46.0     Folder = C:\Documents and Settings\Owner\Desktop
Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy
 
1,022.00 Mb Total Physical Memory | 621.00 Mb Available Physical Memory | 61.00% Memory free
2.00 Gb Paging File | 2.00 Gb Available in Paging File | 80.00% Paging File free
Paging file location(s): C:\pagefile.sys 1344 2688 [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 111.78 Gb Total Space | 75.28 Gb Free Space | 67.35% Space Free | Partition Type: NTFS
D: Drive not present or media not loaded
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded
 
Computer Name: OWNER-BFB099902
Current User Name: Owner
Logged in as Administrator.
 
Current Boot Mode: Normal
Scan Mode: All users
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
 
[Processes - Safe List]
ots.exe -> C:\Documents and Settings\Owner\Desktop\OTS.exe -> [2011/12/01 08:55:24 | 000,646,144 | ---- | M] (OldTimer Tools)
avshadow.exe -> C:\Program Files\Avira\AntiVir Desktop\avshadow.exe -> [2011/10/19 17:03:39 | 000,080,336 | ---- | M] (Avira Operations GmbH & Co. KG)
sched.exe -> C:\Program Files\Avira\AntiVir Desktop\sched.exe -> [2011/10/19 17:03:23 | 000,086,224 | ---- | M] (Avira Operations GmbH & Co. KG)
avwebgrd.exe -> C:\Program Files\Avira\AntiVir Desktop\avwebgrd.exe -> [2011/10/19 17:03:12 | 000,463,824 | ---- | M] (Avira Operations GmbH & Co. KG)
avmailc.exe -> C:\Program Files\Avira\AntiVir Desktop\avmailc.exe -> [2011/10/19 17:03:10 | 000,342,480 | ---- | M] (Avira Operations GmbH & Co. KG)
avgnt.exe -> C:\Program Files\Avira\AntiVir Desktop\avgnt.exe -> [2011/10/19 17:03:09 | 000,258,512 | ---- | M] (Avira Operations GmbH & Co. KG)
avguard.exe -> C:\Program Files\Avira\AntiVir Desktop\avguard.exe -> [2011/10/19 17:03:09 | 000,110,032 | ---- | M] (Avira Operations GmbH & Co. KG)
updater.exe -> C:\Program Files\Ask.com\Updater\Updater.exe -> [2011/08/23 20:20:18 | 000,887,976 | ---- | M] (Ask)
sascore.exe -> C:\Program Files\SUPERAntiSpyware\SASCore.exe -> [2011/08/11 17:38:07 | 000,116,608 | ---- | M] (SUPERAntiSpyware.com)
realsched.exe -> C:\Program Files\Real\RealPlayer\Update\realsched.exe -> [2011/05/27 12:41:50 | 000,273,544 | ---- | M] (RealNetworks, Inc.)
explorer.exe -> C:\WINDOWS\explorer.exe -> [2008/04/14 06:00:00 | 001,033,728 | ---- | M] (Microsoft Corporation)
ezprint.exe -> C:\Program Files\Lexmark 3400 Series\ezprint.exe -> [2007/06/25 08:34:56 | 000,082,608 | ---- | M] (Lexmark International Inc.)
lxcycoms.exe -> C:\WINDOWS\system32\lxcycoms.exe -> [2007/06/20 04:28:55 | 000,537,264 | ---- | M] ( )
cli.exe -> C:\Program Files\ATI Technologies\ATI.ACE\CLI.exe -> [2006/09/25 08:12:20 | 000,045,056 | ---- | M] (ATI Technologies Inc.)
nmbgmonitor.exe -> C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe -> [2005/10/28 15:25:44 | 000,094,208 | ---- | M] (Nero AG)
 
[Modules - No Company Name]
sqlite3.dll -> C:\Program Files\Avira\AntiVir Desktop\sqlite3.dll -> [2011/10/19 17:03:26 | 000,398,288 | ---- | M] ()
system.web.ni.dll -> C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Web\60df958ca96c9b8945f836759b6abd34\System.Web.ni.dll -> [2011/10/13 11:03:52 | 011,800,576 | ---- | M] ()
system.configuration.ni.dll -> C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Configuration\bce0720436dc6cb76006377f295ea365\System.Configuration.ni.dll -> [2011/10/13 11:01:41 | 000,971,264 | ---- | M] ()
system.xml.ni.dll -> C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Xml\70cacc44f0b4257f6037eda7a59a0aeb\System.Xml.ni.dll -> [2011/10/13 10:29:14 | 005,450,752 | ---- | M] ()
system.windows.forms.ni.dll -> C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\71a2ae9ad561a62181cbd9fb11e9de7a\System.Windows.Forms.ni.dll -> [2011/10/13 10:29:04 | 012,430,848 | ---- | M] ()
system.drawing.ni.dll -> C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Drawing\c10bea3c4bb7ef654651141bf9419090\System.Drawing.ni.dll -> [2011/10/13 10:28:39 | 001,587,200 | ---- | M] ()
system.ni.dll -> C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System\af39f6e644af02873b9bae319f2bfb13\System.ni.dll -> [2011/10/13 10:25:12 | 007,950,848 | ---- | M] ()
mscorlib.ni.dll -> C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\mscorlib\ca87ba84221991839abbe7d4bc9c6721\mscorlib.ni.dll -> [2011/10/13 10:24:47 | 011,490,816 | ---- | M] ()
system.management.dll -> C:\WINDOWS\assembly\GAC_MSIL\System.Management\2.0.0.0__b03f5f7f11d50a3a\System.Management.dll -> [2011/10/13 10:23:02 | 000,372,736 | ---- | M] ()
system.runtime.remoting.dll -> C:\WINDOWS\assembly\GAC_MSIL\System.Runtime.Remoting\2.0.0.0__b77a5c561934e089\System.Runtime.Remoting.dll -> [2011/10/13 10:22:59 | 000,303,104 | ---- | M] ()
lxcypp5c.dll -> C:\WINDOWS\system32\spool\prtprocs\w32x86\lxcypp5c.dll -> [2007/03/16 04:38:25 | 000,117,760 | ---- | M] ()
fxctrstr.dll -> C:\Program Files\Lexmark Fax Solutions\fxctrstr.dll -> [2006/11/22 08:05:12 | 000,012,288 | ---- | M] ()
lxprmon.dll -> C:\WINDOWS\system32\LXPRMON.DLL -> [2006/11/22 07:51:26 | 000,045,056 | ---- | M] ()
ipcmt.dll -> C:\Program Files\Lexmark Fax Solutions\ipcmt.dll -> [2006/11/22 07:49:18 | 000,032,768 | ---- | M] ()
atiacmxx.dll -> C:\Program Files\ATI Technologies\ATI.ACE\atiacmxx.dll -> [2006/09/25 08:13:12 | 000,073,728 | ---- | M] ()
iptk.dll -> C:\Program Files\Lexmark 3400 Series\iptk.dll -> [2006/05/25 14:20:44 | 000,241,664 | ---- | M] ()
 
[Win32 Services - Safe List]
(HidServ) Human Interface Device Access [Disabled | Stopped] ->  -> File not found
(AppMgmt) Application Management [On_Demand | Stopped] ->  -> File not found
(AntiVirSchedulerService) Avira Scheduler [Auto | Running] -> C:\Program Files\Avira\AntiVir Desktop\sched.exe -> [2011/10/19 17:03:23 | 000,086,224 | ---- | M] (Avira Operations GmbH & Co. KG)
(AntiVirWebService) Avira Web Protection [Auto | Running] -> C:\Program Files\Avira\AntiVir Desktop\AVWEBGRD.EXE -> [2011/10/19 17:03:12 | 000,463,824 | ---- | M] (Avira Operations GmbH & Co. KG)
(AntiVirMailService) Avira Mail Protection [Auto | Running] -> C:\Program Files\Avira\AntiVir Desktop\avmailc.exe -> [2011/10/19 17:03:10 | 000,342,480 | ---- | M] (Avira Operations GmbH & Co. KG)
(AntiVirService) Avira Realtime Protection [Auto | Running] -> C:\Program Files\Avira\AntiVir Desktop\avguard.exe -> [2011/10/19 17:03:09 | 000,110,032 | ---- | M] (Avira Operations GmbH & Co. KG)
(!SASCORE) SAS Core Service [Auto | Running] -> C:\Program Files\SUPERAntiSpyware\SASCORE.EXE -> [2011/08/11 17:38:07 | 000,116,608 | ---- | M] (SUPERAntiSpyware.com)
(lxcy_device) lxcy_device [Auto | Running] -> C:\WINDOWS\System32\lxcycoms.exe -> [2007/06/20 04:28:55 | 000,537,264 | ---- | M] ( )
 
[Driver Services - Safe List]
(avipbb) avipbb [Kernel | System | Running] -> C:\WINDOWS\system32\drivers\avipbb.sys -> [2011/10/11 14:00:32 | 000,134,344 | ---- | M] (Avira GmbH)
(avgntflt) avgntflt [File_System | Auto | Running] -> C:\WINDOWS\system32\drivers\avgntflt.sys -> [2011/10/11 14:00:32 | 000,074,640 | ---- | M] (Avira GmbH)
(avkmgr) avkmgr [Kernel | System | Running] -> C:\WINDOWS\system32\drivers\avkmgr.sys -> [2011/10/11 14:00:32 | 000,036,000 | ---- | M] (Avira GmbH)
(SASDIFSV) SASDIFSV [Kernel | System | Running] -> C:\Program Files\SUPERAntiSpyware\sasdifsv.sys -> [2011/07/22 10:27:02 | 000,012,880 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com)
(SASKUTIL) SASKUTIL [Kernel | System | Running] -> C:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS -> [2011/07/12 15:55:22 | 000,067,664 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com)
(ssmdrv) ssmdrv [Kernel | System | Running] -> C:\WINDOWS\system32\drivers\ssmdrv.sys -> [2010/06/17 14:14:27 | 000,028,520 | ---- | M] (Avira GmbH)
(RTL8023xp) Realtek 10/100/1000 PCI NIC Family NDIS XP Driver [Kernel | On_Demand | Running] -> C:\WINDOWS\system32\drivers\Rtnicxp.sys -> [2009/03/25 12:29:52 | 000,130,432 | ---- | M] (Realtek Semiconductor Corporation                           )
(IntcAzAudAddService) Service for Realtek HD Audio (WDM) [Kernel | On_Demand | Running] -> C:\WINDOWS\system32\drivers\RtkHDAud.sys -> [2008/04/17 08:33:26 | 004,707,328 | ---- | M] (Realtek Semiconductor Corp.)
(rtl8139) Realtek RTL8139(A/B/C)-based PCI Fast Ethernet Adapter NT Driver [Kernel | On_Demand | Stopped] -> C:\WINDOWS\system32\drivers\RTL8139.sys -> [2008/04/13 16:05:40 | 000,020,992 | ---- | M] (Realtek Semiconductor Corporation)
(ati2mtag) ati2mtag [Kernel | On_Demand | Running] -> C:\WINDOWS\system32\drivers\ati2mtag.sys -> [2006/11/28 20:52:42 | 002,830,336 | ---- | M] (ATI Technologies Inc.)
(HSF_DPV) HSF_DPV [Kernel | On_Demand | Running] -> C:\WINDOWS\system32\drivers\HSF_DPV.sys -> [2006/07/18 15:16:08 | 000,990,592 | ---- | M] (Conexant Systems, Inc.)
(HSFHWBS2) HSFHWBS2 [Kernel | On_Demand | Running] -> C:\WINDOWS\system32\drivers\HSFHWBS2.sys -> [2006/07/18 15:15:18 | 000,256,128 | ---- | M] (Conexant Systems, Inc.)
(winachsf) winachsf [Kernel | On_Demand | Running] -> C:\WINDOWS\system32\drivers\HSF_CNXT.sys -> [2006/07/18 15:15:10 | 000,728,192 | ---- | M] (Conexant Systems, Inc.)
 
[Registry - Safe List]
< Internet Explorer Settings [HKEY_LOCAL_MACHINE\] > -> -> 
< Internet Explorer Settings [HKEY_USERS\.DEFAULT\] > -> -> 
HKEY_USERS\.DEFAULT\: "ProxyEnable" -> 0 -> 
< Internet Explorer Settings [HKEY_USERS\S-1-5-18\] > -> -> 
HKEY_USERS\S-1-5-18\: "ProxyEnable" -> 0 -> 
< Internet Explorer Settings [HKEY_USERS\S-1-5-19\] > -> -> 
< Internet Explorer Settings [HKEY_USERS\S-1-5-20\] > -> -> 
< Internet Explorer Settings [HKEY_USERS\S-1-5-21-1220945662-2111687655-1177238915-1003\] > -> -> 
HKEY_USERS\S-1-5-21-1220945662-2111687655-1177238915-1003\: Main\\"Start Page" -> http://www.yahoo.com/ -> 
HKEY_USERS\S-1-5-21-1220945662-2111687655-1177238915-1003\: URLSearchHooks\\"{00000000-6E41-4FD3-8538-502F5495E5FC}" [HKLM] -> C:\Program Files\Ask.com\GenericAskToolbar.dll [UrlSearchHook Class] -> [2011/08/23 20:20:12 | 001,515,688 | ---- | M] (Ask)
HKEY_USERS\S-1-5-21-1220945662-2111687655-1177238915-1003\: "ProxyEnable" -> 0 -> 
< FireFox Extensions [HKLM] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Mozilla
HKLM\software\mozilla\Firefox\extensions ->  -> 
HKLM\software\mozilla\Firefox\extensions\\{ABDE892B-13A8-4d1b-88E6-365A6E755758} -> C:\Documents and Settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\Firefox\Ext [C:\DOCUMENTS AND SETTINGS\ALL USERS\APPLICATION DATA\REAL\REALPLAYER\BROWSERRECORDPLUGIN\FIREFOX\EXT] -> [2011/05/27 12:42:07 | 000,000,000 | ---D | M]
< FireFox Extensions [User Folders] > -> 
< HOSTS File > ([2011/11/10 06:45:10 | 000,000,914 | ---- | M] - 27 lines) -> C:\WINDOWS\system32\drivers\etc\hosts -> 
First 25 entries...
Reset Hosts
127.0.0.1       localhost
	46.4.179.109	google.com
	46.4.179.109	yahoo.com
	46.4.179.109	bing.com
	46.4.179.109	facebook.com
	46.4.179.109	yahoo.com
	46.4.179.109	bing.com
	46.4.179.109	facebook.com
< BHO's [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\ -> 
{1017A80C-6F09-4548-A84D-EDD6AC9525F0} [HKLM] -> C:\Program Files\Lexmark Toolbar\toolband.dll [Lexmark Toolbar] -> [2006/08/09 12:37:24 | 000,184,320 | R--- | M] ()
{3049C3E9-B461-4BC5-8870-4C09146192CA} [HKLM] -> C:\Documents and Settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\IE\rpbrowserrecordplugin.dll [RealPlayer Download and Record Plugin for Internet Explorer] -> [2011/05/27 12:42:05 | 000,386,264 | ---- | M] (RealPlayer)
{AF69DE43-7D58-4638-B6FA-CE66B5AD205D} [HKLM] -> C:\Program Files\Google\GoogleToolbarNotifier\5.7.7018.1622\swg.dll [Google Toolbar Notifier BHO] -> [2011/11/30 09:21:59 | 001,003,576 | ---- | M] (Google Inc.)
{D4027C7F-154A-4066-A1AD-4243D8127440} [HKLM] -> C:\Program Files\Ask.com\GenericAskToolbar.dll [Ask Toolbar] -> [2011/08/23 20:20:12 | 001,515,688 | ---- | M] (Ask)
< Internet Explorer ToolBars [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\ToolBar -> 
"{1017A80C-6F09-4548-A84D-EDD6AC9525F0}" [HKLM] -> C:\Program Files\Lexmark Toolbar\toolband.dll [Lexmark Toolbar] -> [2006/08/09 12:37:24 | 000,184,320 | R--- | M] ()
"{D4027C7F-154A-4066-A1AD-4243D8127440}" [HKLM] -> C:\Program Files\Ask.com\GenericAskToolbar.dll [Ask Toolbar] -> [2011/08/23 20:20:12 | 001,515,688 | ---- | M] (Ask)
< Internet Explorer ToolBars [HKEY_USERS\S-1-5-21-1220945662-2111687655-1177238915-1003\] > -> HKEY_USERS\S-1-5-21-1220945662-2111687655-1177238915-1003\Software\Microsoft\Internet Explorer\Toolbar\ -> 
WebBrowser\\"{D4027C7F-154A-4066-A1AD-4243D8127440}" [HKLM] -> C:\Program Files\Ask.com\GenericAskToolbar.dll [Ask Toolbar] -> [2011/08/23 20:20:12 | 001,515,688 | ---- | M] (Ask)
< Run [HKEY_LOCAL_MACHINE\] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run -> 
"Alcmtr" -> C:\WINDOWS\ALCMTR.EXE [ALCMTR.EXE] -> [2005/05/03 10:43:28 | 000,069,632 | ---- | M] (Realtek Semiconductor Corp.)
"ApnUpdater" -> C:\Program Files\Ask.com\Updater\Updater.exe ["C:\Program Files\Ask.com\Updater\Updater.exe"] -> [2011/08/23 20:20:18 | 000,887,976 | ---- | M] (Ask)
"APSDaemon" -> C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe ["C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe"] -> [2011/09/27 07:22:28 | 000,059,240 | ---- | M] (Apple Inc.)
"ATICCC" -> C:\Program Files\ATI Technologies\ATI.ACE\CLIStart.exe ["C:\Program Files\ATI Technologies\ATI.ACE\CLIStart.exe"] -> [2006/09/25 08:12:20 | 000,090,112 | ---- | M] ()
"avgnt" -> C:\Program Files\Avira\AntiVir Desktop\avgnt.exe ["C:\Program Files\Avira\AntiVir Desktop\avgnt.exe" /min] -> [2011/10/19 17:03:09 | 000,258,512 | ---- | M] (Avira Operations GmbH & Co. KG)
"EzPrint" -> C:\Program Files\Lexmark 3400 Series\ezprint.exe ["C:\Program Files\Lexmark 3400 Series\ezprint.exe"] -> [2007/06/25 08:34:56 | 000,082,608 | ---- | M] (Lexmark International Inc.)
"FaxCenterServer" -> C:\Program Files\Lexmark Fax Solutions\fm3032.exe ["C:\Program Files\Lexmark Fax Solutions\fm3032.exe" /s] -> [2007/06/25 08:35:01 | 000,295,600 | ---- | M] ()
"LXCYCATS" -> C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\LXCYtime.DLL [rundll32 C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\LXCYtime.dll,_RunDLLEntry@16] -> [2006/11/21 11:27:06 | 000,106,496 | ---- | M] (Lexmark International Inc.)
"lxcymon.exe" -> C:\Program Files\Lexmark 3400 Series\lxcymon.exe ["C:\Program Files\Lexmark 3400 Series\lxcymon.exe"] -> [2007/06/25 08:34:55 | 000,291,504 | ---- | M] ()
"NeroFilterCheck" -> C:\WINDOWS\system32\NeroCheck.exe [C:\WINDOWS\system32\NeroCheck.exe] -> [2001/07/09 09:50:42 | 000,155,648 | ---- | M] (Ahead Software Gmbh)
"TkBellExe" -> C:\Program Files\Real\RealPlayer\update\realsched.exe ["C:\Program Files\Real\RealPlayer\update\realsched.exe"  -osboot] -> [2011/05/27 12:41:50 | 000,273,544 | ---- | M] (RealNetworks, Inc.)
< Run [HKEY_USERS\S-1-5-21-1220945662-2111687655-1177238915-1003\] > -> HKEY_USERS\S-1-5-21-1220945662-2111687655-1177238915-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\Run -> 
"BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}" -> C:\Program Files\Common Files\Ahead\lib\NMBgMonitor.exe ["C:\Program Files\Common Files\Ahead\lib\NMBgMonitor.exe"] -> [2005/10/28 15:25:44 | 000,094,208 | ---- | M] (Nero AG)
< Administrator Startup Folder > -> C:\Documents and Settings\Administrator\Start Menu\Programs\Startup -> 
< All Users Startup Folder > -> C:\Documents and Settings\All Users\Start Menu\Programs\Startup -> 
< Default User Startup Folder > -> C:\Documents and Settings\Default User\Start Menu\Programs\Startup -> 
< Owner Startup Folder > -> C:\Documents and Settings\Owner\Start Menu\Programs\Startup -> 
C:\Documents and Settings\Owner\Start Menu\Programs\Startup\OpenOffice.org 3.3.lnk -> C:\Program Files\OpenOffice.org 3\program\quickstart.exe -> [2010/12/13 10:12:08 | 001,198,592 | ---- | M] ()
< CurrentVersion Policy Settings - Explorer [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer
\\"HonorAutoRunSetting" ->  [1] -> File not found
< CurrentVersion Policy Settings - System [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System
< CurrentVersion Policy Settings [HKEY_USERS\.DEFAULT] > -> HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer -> 
HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer
\\"NoDriveTypeAutoRun" ->  [145] -> File not found
< CurrentVersion Policy Settings [HKEY_USERS\S-1-5-18] > -> HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer -> 
HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer
\\"NoDriveTypeAutoRun" ->  [145] -> File not found
< CurrentVersion Policy Settings [HKEY_USERS\S-1-5-19] > -> HKEY_USERS\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer -> 
HKEY_USERS\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer
\\"NoDriveTypeAutoRun" ->  [145] -> File not found
< CurrentVersion Policy Settings [HKEY_USERS\S-1-5-20] > -> HKEY_USERS\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer -> 
HKEY_USERS\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer
\\"NoDriveTypeAutoRun" ->  [145] -> File not found
< CurrentVersion Policy Settings [HKEY_USERS\S-1-5-21-1220945662-2111687655-1177238915-1003] > -> HKEY_USERS\S-1-5-21-1220945662-2111687655-1177238915-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer -> 
HKEY_USERS\S-1-5-21-1220945662-2111687655-1177238915-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer
\\"NoDriveTypeAutoRun" ->  [145] -> File not found
< Internet Explorer Menu Extensions [HKEY_USERS\S-1-5-21-1220945662-2111687655-1177238915-1003\] > -> HKEY_USERS\S-1-5-21-1220945662-2111687655-1177238915-1003\Software\Microsoft\Internet Explorer\MenuExt\ -> 
Google Sidewiki... ->  [res://C:\Program Files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_7461B1589E8B4FB7.dll/cmsidewiki.html] -> File not found
< Internet Explorer Plugins [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Plugins\ -> 
< Default Prefix > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\URL\DefaultPrefix
"" -> http://
< Trusted Sites Domains [HKEY_LOCAL_MACHINE\] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ -> [Key] 1 domain(s) found. -> 
< Trusted Sites Ranges [HKEY_LOCAL_MACHINE\] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ -> [Key] 0 range(s) found. -> 
< Trusted Sites Domains [HKEY_USERS\.DEFAULT\] > -> HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ -> 
HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ -> [Key] 0 domain(s) found. -> 
< Trusted Sites Ranges [HKEY_USERS\.DEFAULT\] > -> HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ -> 
HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ -> [Key] 0 range(s) found. -> 
< Trusted Sites Domains [HKEY_USERS\S-1-5-18\] > -> HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ -> 
HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ -> [Key] 0 domain(s) found. -> 
< Trusted Sites Ranges [HKEY_USERS\S-1-5-18\] > -> HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ -> 
HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ -> [Key] 0 range(s) found. -> 
< Trusted Sites Domains [HKEY_USERS\S-1-5-19\] > -> HKEY_USERS\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ -> 
HKEY_USERS\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ -> [Key] 0 domain(s) found. -> 
< Trusted Sites Ranges [HKEY_USERS\S-1-5-19\] > -> HKEY_USERS\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ -> 
HKEY_USERS\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ -> [Key] 0 range(s) found. -> 
< Trusted Sites Domains [HKEY_USERS\S-1-5-20\] > -> HKEY_USERS\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ -> 
HKEY_USERS\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ -> [Key] 0 domain(s) found. -> 
< Trusted Sites Ranges [HKEY_USERS\S-1-5-20\] > -> HKEY_USERS\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ -> 
HKEY_USERS\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ -> [Key] 0 range(s) found. -> 
< Trusted Sites Domains [HKEY_USERS\S-1-5-21-1220945662-2111687655-1177238915-1003\] > -> HKEY_USERS\S-1-5-21-1220945662-2111687655-1177238915-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ -> 
HKEY_USERS\S-1-5-21-1220945662-2111687655-1177238915-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ -> [Key] 0 domain(s) found. -> 
< Trusted Sites Ranges [HKEY_USERS\S-1-5-21-1220945662-2111687655-1177238915-1003\] > -> HKEY_USERS\S-1-5-21-1220945662-2111687655-1177238915-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ -> 
HKEY_USERS\S-1-5-21-1220945662-2111687655-1177238915-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ -> [Key] 0 range(s) found. -> 
< Downloaded Program Files > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\ -> 
{17492023-C23A-453E-A040-C7C580BBF700} [HKLM] -> http://download.microsoft.com/download/E/5/6/E5611B10-0D6D-4117-8430-A67417AA88CD/LegitCheckControl.cab [Windows Genuine Advantage Validation Tool] -> 
{8AD9C840-044E-11D1-B3E9-00805F499D93} [HKLM] -> http://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab [Java Plug-in 1.6.0_29] -> 
{CAFEEFAC-0016-0000-0029-ABCDEFFEDCBA} [HKLM] -> http://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab [Java Plug-in 1.6.0_29] -> 
{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} [HKLM] -> http://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab [Java Plug-in 1.6.0_29] -> 
< Winlogon settings [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon -> 
*Shell* -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\\Shell -> 
Explorer.exe -> C:\WINDOWS\explorer.exe -> [2008/04/14 06:00:00 | 001,033,728 | ---- | M] (Microsoft Corporation)
*MultiFile Done* -> -> 
*UserInit* -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\\UserInit -> 
C:\WINDOWS\system32\userinit.exe -> C:\WINDOWS\system32\userinit.exe -> [2008/04/14 06:00:00 | 000,026,112 | ---- | M] (Microsoft Corporation)
*MultiFile Done* -> -> 
< Winlogon\Notify settings [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\ -> 
!SASWinLogon -> C:\Program Files\SUPERAntiSpyware\SASWINLO.DLL -> [2011/05/04 11:54:14 | 000,551,296 | ---- | M] (SUPERAntiSpyware.com)
AtiExtEvent -> C:\WINDOWS\System32\ati2evxx.dll -> [2006/11/28 20:46:20 | 000,090,112 | ---- | M] (ATI Technologies Inc.)
< ShellExecuteHooks [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks -> 
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}" [HKLM] -> C:\Program Files\SUPERAntiSpyware\SASSEH.DLL [] -> [2011/07/18 18:02:18 | 000,113,024 | ---- | M] (SuperAdBlocker.com)
< Domain Profile Authorized Applications List > -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List -> 
< Standard Profile Authorized Applications List > -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List -> 
"C:\Program Files\Common Files\Apple\Apple Application Support\WebKit2WebProcess.exe" -> C:\Program Files\Common Files\Apple\Apple Application Support\WebKit2WebProcess.exe [C:\Program Files\Common Files\Apple\Apple Application Support\WebKit2WebProcess.exe:*:Enabled:WebKit] -> [2011/09/27 07:22:50 | 000,014,184 | ---- | M] (Apple Inc.)
"C:\Program Files\Electronic Arts\EADM\Core.exe" ->  [C:\Program Files\Electronic Arts\EADM\Core.exe:*:Enabled:EA Download Manager] -> File not found
"C:\Program Files\LucasArts\Star Wars Empire at War Forces of Corruption\swfoc.exe" -> C:\Program Files\LucasArts\Star Wars Empire at War Forces of Corruption\swfoc.exe [C:\Program Files\LucasArts\Star Wars Empire at War Forces of Corruption\swfoc.exe:*:Enabled:Star Wars(TM): Empire at War(TM): Forces of Corruption(TM)] -> [2007/08/02 18:11:50 | 013,583,784 | ---- | M] (Lucasfilm Entertainment Company, Ltd.)
"C:\Program Files\LucasArts\Star Wars Empire at War\GameData\sweaw.exe" -> C:\Program Files\LucasArts\Star Wars Empire at War\GameData\sweaw.exe [C:\Program Files\LucasArts\Star Wars Empire at War\GameData\sweaw.exe:*:Enabled:Star Wars(TM): Empire at War(TM)] -> [2007/08/02 18:04:02 | 012,227,960 | ---- | M] (Lucasfilm Entertainment Company, Ltd.)
"C:\Program Files\Microsoft Games\Age of Empires II\age2_x1\AGE2_X1.ICD" -> C:\Program Files\Microsoft Games\Age of Empires II\age2_x1\AGE2_X1.ICD [C:\Program Files\Microsoft Games\Age of Empires II\age2_x1\AGE2_X1.ICD:*:Enabled:Age of Empires II Expansion] -> [2000/06/27 15:09:58 | 002,695,213 | ---- | M] (Microsoft Corporation)
"C:\Program Files\Microsoft Games\Rise of Nations\rise.exe" -> C:\Program Files\Microsoft Games\Rise of Nations\rise.exe [C:\Program Files\Microsoft Games\Rise of Nations\rise.exe:*:Enabled:Rise of Nations] -> [2004/04/23 16:33:47 | 000,503,857 | ---- | M] (Big Huge Games, Inc.)
"C:\Program Files\Microsoft Games\Zoo Tycoon 2 Trial Version\zt2demoretail.exe" ->  [C:\Program Files\Microsoft Games\Zoo Tycoon 2 Trial Version\zt2demoretail.exe:*:Enabled:Zoo Tycoon 2 Demo Executable] -> File not found
"C:\WINDOWS\system32\dpvsetup.exe" -> C:\WINDOWS\System32\dpvsetup.exe [C:\WINDOWS\system32\dpvsetup.exe:*:Enabled:Microsoft DirectPlay Voice Test] -> [2008/04/14 06:00:00 | 000,083,456 | ---- | M] (Microsoft Corporation)
"C:\WINDOWS\system32\lxcycoms.exe" -> C:\WINDOWS\System32\lxcycoms.exe [C:\WINDOWS\system32\lxcycoms.exe:*:Enabled:3400 Series Server] -> [2007/06/20 04:28:55 | 000,537,264 | ---- | M] ( )
< SafeBoot AlternateShell [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot -> 
< CDROM Autorun Setting [HKEY_LOCAL_MACHINE]> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom ->
"AutoRun" -> 1 -> 
"DisplayName" -> CD-ROM Driver -> 
"ImagePath" ->  [system32\DRIVERS\cdrom.sys] -> File not found
< Drives with AutoRun files > ->  -> 
C:\AUTOEXEC.BAT [] -> C:\AUTOEXEC.BAT [ NTFS ] -> [2011/04/12 15:41:18 | 000,000,000 | ---- | M] ()
< MountPoints2 [HKEY_CURRENT_USER] > -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2 -> 
< Registry Shell Spawning - Select to Repair > -> HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command -> 
comfile [open] -> "%1" %* -> 
exefile [open] -> "%1" %* -> 
< File Associations - Select to Repair > -> HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>\ -> 
.com [@ = comfile] -> "%1" %* -> 
.exe [@ = exefile] -> "%1" %* -> 
 
 
[Files/Folders - Created Within 30 Days]
 OTS.exe -> C:\Documents and Settings\Owner\Desktop\OTS.exe -> [2011/12/01 08:55:23 | 000,646,144 | ---- | C] (OldTimer Tools)
 Administrative Tools -> C:\Documents and Settings\Owner\Start Menu\Programs\Administrative Tools -> [2011/11/29 12:09:43 | 000,000,000 | R--D | C]
 dds.scr -> C:\Documents and Settings\Owner\Desktop\dds.scr -> [2011/11/29 12:07:01 | 000,607,260 | R--- | C] (Swearware)
 Free Window Registry Repair -> C:\Program Files\Free Window Registry Repair -> [2011/11/28 21:48:00 | 000,000,000 | ---D | C]
 Free Window Registry Repair -> C:\Documents and Settings\Owner\Start Menu\Programs\Free Window Registry Repair -> [2011/11/28 21:48:00 | 000,000,000 | ---D | C]
 xrxwiadr.dll -> C:\WINDOWS\System32\dllcache\xrxwiadr.dll -> [2011/11/28 20:58:19 | 000,116,224 | ---- | C] (Xerox)
 xrxwbtmp.dll -> C:\WINDOWS\System32\dllcache\xrxwbtmp.dll -> [2011/11/28 20:58:15 | 000,023,040 | ---- | C] (Xerox Corporation)
 xrxflnch.exe -> C:\WINDOWS\System32\dllcache\xrxflnch.exe -> [2011/11/28 20:58:08 | 000,004,608 | ---- | C] (Microsoft Corporation)
 xlog.exe -> C:\WINDOWS\System32\dllcache\xlog.exe -> [2011/11/28 20:58:02 | 000,099,865 | ---- | C] (Eicon Technology)
 xem336n5.sys -> C:\WINDOWS\System32\dllcache\xem336n5.sys -> [2011/11/28 20:57:55 | 000,016,970 | ---- | C] (US Robotics MCD (Megahertz))
 wvchntxx.sys -> C:\WINDOWS\System32\dllcache\wvchntxx.sys -> [2011/11/28 20:57:54 | 000,019,455 | ---- | C] (Intel(R) Corporation)
 wstcodec.sys -> C:\WINDOWS\System32\dllcache\wstcodec.sys -> [2011/11/28 20:57:52 | 000,019,200 | ---- | C] (Microsoft Corporation)
 wsiintxx.sys -> C:\WINDOWS\System32\dllcache\wsiintxx.sys -> [2011/11/28 20:57:51 | 000,012,063 | ---- | C] (Intel(R) Corporation)
 wshirda.dll -> C:\WINDOWS\System32\dllcache\wshirda.dll -> [2011/11/28 20:57:50 | 000,008,192 | ---- | C] (Microsoft Corporation)
 wmiacpi.sys -> C:\WINDOWS\System32\dllcache\wmiacpi.sys -> [2011/11/28 20:57:25 | 000,008,832 | ---- | C] (Microsoft Corporation)
 wlluc48.sys -> C:\WINDOWS\System32\dllcache\wlluc48.sys -> [2011/11/28 20:57:23 | 000,154,624 | ---- | C] (Lucent Technologies)
 wlandrv2.sys -> C:\WINDOWS\System32\dllcache\wlandrv2.sys -> [2011/11/28 20:57:20 | 000,034,890 | ---- | C] (Raytheon Corp.)
 winacisa.sys -> C:\WINDOWS\System32\dllcache\winacisa.sys -> [2011/11/28 20:57:02 | 000,771,581 | ---- | C] (Rockwell)
 wiamsmud.dll -> C:\WINDOWS\System32\dllcache\wiamsmud.dll -> [2011/11/28 20:56:57 | 000,053,760 | ---- | C] (Microsoft Corporation)
 wdhaalba.sys -> C:\WINDOWS\System32\dllcache\wdhaalba.sys -> [2011/11/28 20:56:46 | 000,701,386 | ---- | C] (3Com Corporation)
 wceusbsh.sys -> C:\WINDOWS\System32\dllcache\wceusbsh.sys -> [2011/11/28 20:56:45 | 000,031,744 | ---- | C] (Microsoft Corporation)
 wch7xxnt.sys -> C:\WINDOWS\System32\dllcache\wch7xxnt.sys -> [2011/11/28 20:56:45 | 000,023,615 | ---- | C] (Intel(R) Corporation)
 wbfirdma.sys -> C:\WINDOWS\System32\dllcache\wbfirdma.sys -> [2011/11/28 20:56:42 | 000,035,871 | ---- | C] (Winbond Electronics Corp.)
 watv10nt.sys -> C:\WINDOWS\System32\dllcache\watv10nt.sys -> [2011/11/28 20:56:39 | 000,025,471 | ---- | C] (Intel(R) Corporation)
 watv04nt.sys -> C:\WINDOWS\System32\dllcache\watv04nt.sys -> [2011/11/28 20:56:38 | 000,033,599 | ---- | C] (Intel(R) Corporation)
 watv06nt.sys -> C:\WINDOWS\System32\dllcache\watv06nt.sys -> [2011/11/28 20:56:38 | 000,022,271 | ---- | C] (Intel(R) Corporation)
 watv02nt.sys -> C:\WINDOWS\System32\dllcache\watv02nt.sys -> [2011/11/28 20:56:37 | 000,019,551 | ---- | C] (Intel(R) Corporation)
 watv01nt.sys -> C:\WINDOWS\System32\dllcache\watv01nt.sys -> [2011/11/28 20:56:36 | 000,029,311 | ---- | C] (Intel(R) Corporation)
 wadv11nt.sys -> C:\WINDOWS\System32\dllcache\wadv11nt.sys -> [2011/11/28 20:56:35 | 000,011,935 | ---- | C] (Intel(R) Corporation)
 wadv09nt.sys -> C:\WINDOWS\System32\dllcache\wadv09nt.sys -> [2011/11/28 20:56:35 | 000,011,871 | ---- | C] (Intel(R) Corporation)
 wadv08nt.sys -> C:\WINDOWS\System32\dllcache\wadv08nt.sys -> [2011/11/28 20:56:35 | 000,011,295 | ---- | C] (Intel(R) Corporation)
 wadv07nt.sys -> C:\WINDOWS\System32\dllcache\wadv07nt.sys -> [2011/11/28 20:56:34 | 000,011,807 | ---- | C] (Intel(R) Corporation)
 wadv05nt.sys -> C:\WINDOWS\System32\dllcache\wadv05nt.sys -> [2011/11/28 20:56:33 | 000,011,775 | ---- | C] (Intel(R) Corporation)
 wadv01nt.sys -> C:\WINDOWS\System32\dllcache\wadv01nt.sys -> [2011/11/28 20:56:32 | 000,012,415 | ---- | C] (Intel(R) Corporation)
 wadv02nt.sys -> C:\WINDOWS\System32\dllcache\wadv02nt.sys -> [2011/11/28 20:56:32 | 000,012,127 | ---- | C] (Intel(R) Corporation)
 wacompen.sys -> C:\WINDOWS\System32\dllcache\wacompen.sys -> [2011/11/28 20:56:31 | 000,014,208 | ---- | C] (Microsoft Corporation)
 w940nd.sys -> C:\WINDOWS\System32\dllcache\w940nd.sys -> [2011/11/28 20:56:27 | 000,016,925 | ---- | C] (Winbond Electronics Corporation)
 w926nd.sys -> C:\WINDOWS\System32\dllcache\w926nd.sys -> [2011/11/28 20:56:23 | 000,019,016 | ---- | C] (Winbond Electronics Corporation)
 w840nd.sys -> C:\WINDOWS\System32\dllcache\w840nd.sys -> [2011/11/28 20:56:20 | 000,019,528 | ---- | C] (Winbond Electronics Corporation)
 vvoice.sys -> C:\WINDOWS\System32\dllcache\vvoice.sys -> [2011/11/28 20:56:13 | 000,064,605 | ---- | C] (PCtel, Inc.)
 vpctcom.sys -> C:\WINDOWS\System32\dllcache\vpctcom.sys -> [2011/11/28 20:56:09 | 000,397,502 | ---- | C] (PCtel, Inc.)
 vmodem.sys -> C:\WINDOWS\System32\dllcache\vmodem.sys -> [2011/11/28 20:56:00 | 000,604,253 | ---- | C] (PCTEL, INC.)
 vinwm.sys -> C:\WINDOWS\System32\dllcache\vinwm.sys -> [2011/11/28 20:55:56 | 000,249,402 | ---- | C] (Xircom)
 vidcap.ax -> C:\WINDOWS\System32\dllcache\vidcap.ax -> [2011/11/28 20:55:55 | 000,028,672 | ---- | C] (Microsoft Corporation)
 viairda.sys -> C:\WINDOWS\System32\dllcache\viairda.sys -> [2011/11/28 20:55:52 | 000,024,576 | ---- | C] (VIA Technologies, Inc.)
 viaagp.sys -> C:\WINDOWS\System32\dllcache\viaagp.sys -> [2011/11/28 20:55:51 | 000,042,240 | ---- | C] (Microsoft Corporation)
 viaide.sys -> C:\WINDOWS\System32\dllcache\viaide.sys -> [2011/11/28 20:55:51 | 000,005,376 | ---- | C] (Microsoft Corporation)
 vfwwdm32.dll -> C:\WINDOWS\System32\dllcache\vfwwdm32.dll -> [2011/11/28 20:55:49 | 000,053,760 | ---- | C] (Microsoft Corporation)
 vchnt5.dll -> C:\WINDOWS\System32\dllcache\vchnt5.dll -> [2011/11/28 20:55:48 | 000,011,325 | ---- | C] (Intel(R) Corporation)
 usrwdxjs.sys -> C:\WINDOWS\System32\dllcache\usrwdxjs.sys -> [2011/11/28 20:55:44 | 000,687,999 | ---- | C] (U.S. Robotics Corporation)
 usrti.sys -> C:\WINDOWS\System32\dllcache\usrti.sys -> [2011/11/28 20:55:41 | 000,765,884 | ---- | C] (U.S. Robotics, Inc.)
 usrpda.sys -> C:\WINDOWS\System32\dllcache\usrpda.sys -> [2011/11/28 20:55:37 | 000,113,762 | ---- | C] (U.S. Robotics Corporation)
 usroslba.sys -> C:\WINDOWS\System32\dllcache\usroslba.sys -> [2011/11/28 20:55:34 | 000,007,556 | ---- | C] (U.S. Robotics Corporation)
 usr1807a.sys -> C:\WINDOWS\System32\dllcache\usr1807a.sys -> [2011/11/28 20:55:30 | 000,224,802 | ---- | C] (U.S. Robotics Corporation)
 usr1806v.sys -> C:\WINDOWS\System32\dllcache\usr1806v.sys -> [2011/11/28 20:55:27 | 000,794,399 | ---- | C] (U.S. Robotics, Inc.)
 usr1806.sys -> C:\WINDOWS\System32\dllcache\usr1806.sys -> [2011/11/28 20:55:24 | 000,793,598 | ---- | C] (U.S. Robotics, Inc.)
 usr1801.sys -> C:\WINDOWS\System32\dllcache\usr1801.sys -> [2011/11/28 20:55:20 | 000,794,654 | ---- | C] (U.S. Robotics, Inc.)
 usbvideo.sys -> C:\WINDOWS\System32\dllcache\usbvideo.sys -> [2011/11/28 20:55:19 | 000,121,984 | ---- | C] (Microsoft Corporation)
 usbser.sys -> C:\WINDOWS\System32\dllcache\usbser.sys -> [2011/11/28 20:55:18 | 000,026,112 | ---- | C] (Microsoft Corporation)
 usbuhci.sys -> C:\WINDOWS\System32\dllcache\usbuhci.sys -> [2011/11/28 20:55:18 | 000,020,608 | ---- | C] (Microsoft Corporation)
 usbaudio.sys -> C:\WINDOWS\System32\dllcache\usbaudio.sys -> [2011/11/28 20:55:16 | 000,060,032 | ---- | C] (Microsoft Corporation)
 usb8023x.sys -> C:\WINDOWS\System32\dllcache\usb8023x.sys -> [2011/11/28 20:55:15 | 000,012,800 | ---- | C] (Microsoft Corporation)
 usb101et.sys -> C:\WINDOWS\System32\dllcache\usb101et.sys -> [2011/11/28 20:55:14 | 000,032,384 | ---- | C] (KLSI USA, Inc.)
 umaxud32.dll -> C:\WINDOWS\System32\dllcache\umaxud32.dll -> [2011/11/28 20:55:04 | 000,094,720 | ---- | C] (Microsoft Corporation)
 umaxu40.dll -> C:\WINDOWS\System32\dllcache\umaxu40.dll -> [2011/11/28 20:55:01 | 000,028,160 | ---- | C] (Microsoft Corporation)
 umaxu22.dll -> C:\WINDOWS\System32\dllcache\umaxu22.dll -> [2011/11/28 20:54:58 | 000,026,624 | ---- | C] (Microsoft Corporation)
 umaxu12.dll -> C:\WINDOWS\System32\dllcache\umaxu12.dll -> [2011/11/28 20:54:55 | 000,069,632 | ---- | C] (Microsoft Corporation)
 umaxscan.dll -> C:\WINDOWS\System32\dllcache\umaxscan.dll -> [2011/11/28 20:54:51 | 000,050,688 | ---- | C] (UMAX DATA SYSTEMS INC.)
 umaxpcls.sys -> C:\WINDOWS\System32\dllcache\umaxpcls.sys -> [2011/11/28 20:54:48 | 000,022,912 | ---- | C] (Microsoft Corporation)
 umaxp60.dll -> C:\WINDOWS\System32\dllcache\umaxp60.dll -> [2011/11/28 20:54:45 | 000,050,176 | ---- | C] (Microsoft Corporation)
 umaxcam.dll -> C:\WINDOWS\System32\dllcache\umaxcam.dll -> [2011/11/28 20:54:42 | 000,047,616 | ---- | C] (Microsoft Corporation)
 um54scan.dll -> C:\WINDOWS\System32\dllcache\um54scan.dll -> [2011/11/28 20:54:38 | 000,211,968 | ---- | C] (UMAX Data Systems Inc.)
 um34scan.dll -> C:\WINDOWS\System32\dllcache\um34scan.dll -> [2011/11/28 20:54:35 | 000,216,064 | ---- | C] (UMAX Data Systems Inc.)
 ultra.sys -> C:\WINDOWS\System32\dllcache\ultra.sys -> [2011/11/28 20:54:32 | 000,036,736 | ---- | C] (Promise Technology, Inc.)
 uagp35.sys -> C:\WINDOWS\System32\dllcache\uagp35.sys -> [2011/11/28 20:54:30 | 000,044,672 | ---- | C] (Microsoft Corporation)
 twotrack.sys -> C:\WINDOWS\System32\dllcache\twotrack.sys -> [2011/11/28 20:54:26 | 000,011,520 | ---- | C] (IBM Corporation)
 tridxpm.sys -> C:\WINDOWS\System32\dllcache\tridxpm.sys -> [2011/11/28 20:54:16 | 000,166,784 | ---- | C] (Trident Microsystems Inc.)
 tridxp.dll -> C:\WINDOWS\System32\dllcache\tridxp.dll -> [2011/11/28 20:54:13 | 000,525,568 | ---- | C] (Trident Microsystems Inc.)
 tridkbm.sys -> C:\WINDOWS\System32\dllcache\tridkbm.sys -> [2011/11/28 20:54:10 | 000,159,232 | ---- | C] (Trident Microsystems Inc.)
 tridkb.dll -> C:\WINDOWS\System32\dllcache\tridkb.dll -> [2011/11/28 20:54:06 | 000,440,576 | ---- | C] (Trident Microsystems Inc.)
 trid3dm.sys -> C:\WINDOWS\System32\dllcache\trid3dm.sys -> [2011/11/28 20:54:03 | 000,222,336 | ---- | C] (Trident Microsystems Inc.)
 trid3d.dll -> C:\WINDOWS\System32\dllcache\trid3d.dll -> [2011/11/28 20:54:00 | 000,315,520 | ---- | C] (Trident Microsystems Inc.)
 tpro4.sys -> C:\WINDOWS\System32\dllcache\tpro4.sys -> [2011/11/28 20:53:56 | 000,034,375 | ---- | C] (Intel Corporation)
 tp4res.dll -> C:\WINDOWS\System32\dllcache\tp4res.dll -> [2011/11/28 20:53:53 | 000,042,496 | ---- | C] (IBM Corporation)
 tp4mon.exe -> C:\WINDOWS\System32\dllcache\tp4mon.exe -> [2011/11/28 20:53:52 | 000,082,944 | ---- | C] (IBM Corporation)
 tp4.dll -> C:\WINDOWS\System32\dllcache\tp4.dll -> [2011/11/28 20:53:49 | 000,031,744 | ---- | C] (IBM Corporation)
 toside.sys -> C:\WINDOWS\System32\dllcache\toside.sys -> [2011/11/28 20:53:41 | 000,004,992 | ---- | C] (Microsoft Corporation)
 tosdvd03.sys -> C:\WINDOWS\System32\dllcache\tosdvd03.sys -> [2011/11/28 20:53:37 | 000,230,912 | ---- | C] (Toshiba Corporation)
 tosdvd02.sys -> C:\WINDOWS\System32\dllcache\tosdvd02.sys -> [2011/11/28 20:53:34 | 000,241,664 | ---- | C] (Toshiba Corporation)
 tos4mo.sys -> C:\WINDOWS\System32\dllcache\tos4mo.sys -> [2011/11/28 20:53:31 | 000,028,232 | ---- | C] (TOSHIBA Corporation)
 tjisdn.sys -> C:\WINDOWS\System32\dllcache\tjisdn.sys -> [2011/11/28 20:53:25 | 000,123,995 | ---- | C] (Tiger Jet Network)
 tgiulnt5.sys -> C:\WINDOWS\System32\dllcache\tgiulnt5.sys -> [2011/11/28 20:53:13 | 000,138,528 | ---- | C] (Trident Microsystems Inc.)
 tgiul50.dll -> C:\WINDOWS\System32\dllcache\tgiul50.dll -> [2011/11/28 20:53:10 | 000,081,408 | ---- | C] (Trident Microsystems Inc.)
 tffsport.sys -> C:\WINDOWS\System32\dllcache\tffsport.sys -> [2011/11/28 20:53:09 | 000,149,376 | ---- | C] (M-Systems)
 tdkcd31.sys -> C:\WINDOWS\System32\dllcache\tdkcd31.sys -> [2011/11/28 20:53:04 | 000,017,129 | ---- | C] (TDK Corporation)
 tdk100b.sys -> C:\WINDOWS\System32\dllcache\tdk100b.sys -> [2011/11/28 20:53:01 | 000,037,961 | ---- | C] (TDK Corporation)
 tbatm155.sys -> C:\WINDOWS\System32\dllcache\tbatm155.sys -> [2011/11/28 20:51:50 | 000,030,464 | ---- | C] (Toshiba Corporation)
 tandqic.sys -> C:\WINDOWS\System32\dllcache\tandqic.sys -> [2011/11/28 20:51:46 | 000,007,040 | ---- | C] (Microsoft Corporation)
 t2r4mini.sys -> C:\WINDOWS\System32\dllcache\t2r4mini.sys -> [2011/11/28 20:51:43 | 000,036,640 | ---- | C] (Number Nine Visual Technology Corp.)
 t2r4disp.dll -> C:\WINDOWS\System32\dllcache\t2r4disp.dll -> [2011/11/28 20:51:40 | 000,172,768 | ---- | C] (Number Nine Visual Technology)
 symc8xx.sys -> C:\WINDOWS\System32\dllcache\symc8xx.sys -> [2011/11/28 20:51:35 | 000,032,640 | ---- | C] (LSI Logic)
 symc810.sys -> C:\WINDOWS\System32\dllcache\symc810.sys -> [2011/11/28 20:51:32 | 000,016,256 | ---- | C] (Symbios Logic Inc.)
 sym_u3.sys -> C:\WINDOWS\System32\dllcache\sym_u3.sys -> [2011/11/28 20:51:29 | 000,030,688 | ---- | C] (LSI Logic)
 sym_hi.sys -> C:\WINDOWS\System32\dllcache\sym_hi.sys -> [2011/11/28 20:51:26 | 000,028,384 | ---- | C] (LSI Logic)
 sxports.dll -> C:\WINDOWS\System32\dllcache\sxports.dll -> [2011/11/28 20:51:23 | 000,094,293 | ---- | C] (Perle Systems Ltd. )
 sx.sys -> C:\WINDOWS\System32\dllcache\sx.sys -> [2011/11/28 20:51:20 | 000,103,936 | ---- | C] (Perle Systems Ltd. )
 swusbflt.sys -> C:\WINDOWS\System32\dllcache\swusbflt.sys -> [2011/11/28 20:51:17 | 000,003,968 | ---- | C] (Microsoft Corporation)
 swpidflt.dll -> C:\WINDOWS\System32\dllcache\swpidflt.dll -> [2011/11/28 20:51:14 | 000,010,240 | ---- | C] (Microsoft Corporation)
 swpdflt2.dll -> C:\WINDOWS\System32\dllcache\swpdflt2.dll -> [2011/11/28 20:51:11 | 000,010,240 | ---- | C] (Microsoft Corporation)
 sw_wheel.dll -> C:\WINDOWS\System32\dllcache\sw_wheel.dll -> [2011/11/28 20:51:08 | 000,053,760 | ---- | C] (Microsoft Corporation)
 sw_effct.dll -> C:\WINDOWS\System32\dllcache\sw_effct.dll -> [2011/11/28 20:51:05 | 000,041,472 | ---- | C] (Microsoft Corporation)
 streamip.sys -> C:\WINDOWS\System32\dllcache\streamip.sys -> [2011/11/28 20:51:04 | 000,015,232 | ---- | C] (Microsoft Corporation)
 stlnprop.dll -> C:\WINDOWS\System32\dllcache\stlnprop.dll -> [2011/11/28 20:51:01 | 000,155,648 | ---- | C] (Stallion Technologies)
 stlncoin.dll -> C:\WINDOWS\System32\dllcache\stlncoin.dll -> [2011/11/28 20:50:58 | 000,053,248 | ---- | C] (Stallion Technologies)
 stlnata.sys -> C:\WINDOWS\System32\dllcache\stlnata.sys -> [2011/11/28 20:50:55 | 000,285,760 | ---- | C] (Stallion Technologies)
 stcusb.sys -> C:\WINDOWS\System32\dllcache\stcusb.sys -> [2011/11/28 20:50:51 | 000,016,896 | ---- | C] (SCM Microsystems, Inc.)
 srwlnd5.sys -> C:\WINDOWS\System32\dllcache\srwlnd5.sys -> [2011/11/28 20:50:46 | 000,048,736 | ---- | C] (3Com)
 srusd.dll -> C:\WINDOWS\System32\dllcache\srusd.dll -> [2011/11/28 20:50:43 | 000,099,328 | ---- | C] (Microsoft Corporation)
 spxupchk.dll -> C:\WINDOWS\System32\dllcache\spxupchk.dll -> [2011/11/28 20:50:34 | 000,024,660 | ---- | C] (Perle Systems Ltd.)
 speed.sys -> C:\WINDOWS\System32\dllcache\speed.sys -> [2011/11/28 20:50:27 | 000,061,824 | ---- | C] (Perle Systems Ltd.)
 spdports.dll -> C:\WINDOWS\System32\dllcache\spdports.dll -> [2011/11/28 20:50:24 | 000,106,584 | ---- | C] (Perle Systems Ltd.)
 sparrow.sys -> C:\WINDOWS\System32\dllcache\sparrow.sys -> [2011/11/28 20:50:21 | 000,019,072 | ---- | C] (Adaptec, Inc.)
 sonypvu1.sys -> C:\WINDOWS\System32\dllcache\sonypvu1.sys -> [2011/11/28 20:50:18 | 000,007,552 | ---- | C] (Sony Corporation)
 sonypi.sys -> C:\WINDOWS\System32\dllcache\sonypi.sys -> [2011/11/28 20:50:15 | 000,037,040 | ---- | C] (Sony Corporation)
 sonypi.dll -> C:\WINDOWS\System32\dllcache\sonypi.dll -> [2011/11/28 20:50:12 | 000,114,688 | ---- | C] (Sony Corporation)
 sonync.sys -> C:\WINDOWS\System32\dllcache\sonync.sys -> [2011/11/28 20:50:09 | 000,020,752 | ---- | C] (Sony Corporation)
 sonymc.sys -> C:\WINDOWS\System32\dllcache\sonymc.sys -> [2011/11/28 20:50:06 | 000,009,600 | ---- | C] (Microsoft Corporation)
 sonyait.sys -> C:\WINDOWS\System32\dllcache\sonyait.sys -> [2011/11/28 20:50:06 | 000,007,552 | ---- | C] (Microsoft Corporation)
 snyaitmc.sys -> C:\WINDOWS\System32\dllcache\snyaitmc.sys -> [2011/11/28 20:50:00 | 000,007,040 | ---- | C] (Microsoft Corporation)
 smiminib.sys -> C:\WINDOWS\System32\dllcache\smiminib.sys -> [2011/11/28 20:49:38 | 000,058,368 | ---- | C] (Silicon Motion Inc.)
 smidispb.dll -> C:\WINDOWS\System32\dllcache\smidispb.dll -> [2011/11/28 20:49:31 | 000,147,200 | ---- | C] (Silicon Motion Inc.)
 smcpwr2n.sys -> C:\WINDOWS\System32\dllcache\smcpwr2n.sys -> [2011/11/28 20:49:24 | 000,025,034 | ---- | C] (SMC Networks, Inc.)
 smcirda.sys -> C:\WINDOWS\System32\dllcache\smcirda.sys -> [2011/11/28 20:49:21 | 000,035,913 | ---- | C] (SMC)
 smc8000n.sys -> C:\WINDOWS\System32\dllcache\smc8000n.sys -> [2011/11/28 20:49:18 | 000,024,576 | ---- | C] (SMC Networks, Inc.)
 smbclass.sys -> C:\WINDOWS\System32\dllcache\smbclass.sys -> [2011/11/28 20:49:15 | 000,006,912 | ---- | C] (Microsoft Corporation)
 smbhc.sys -> C:\WINDOWS\System32\dllcache\smbhc.sys -> [2011/11/28 20:49:15 | 000,006,784 | ---- | C] (Microsoft Corporation)
 smbbatt.sys -> C:\WINDOWS\System32\dllcache\smbbatt.sys -> [2011/11/28 20:49:14 | 000,016,000 | ---- | C] (Microsoft Corporation)
 smbali.sys -> C:\WINDOWS\System32\dllcache\smbali.sys -> [2011/11/28 20:49:14 | 000,005,888 | ---- | C] (Microsoft Corporation)
 smb3w.dll -> C:\WINDOWS\System32\dllcache\smb3w.dll -> [2011/11/28 20:49:09 | 000,045,568 | ---- | C] (Microsoft Corporation)
 smb0w.dll -> C:\WINDOWS\System32\dllcache\smb0w.dll -> [2011/11/28 20:49:06 | 000,033,792 | ---- | C] (Microsoft Corporation)
 sma0w.dll -> C:\WINDOWS\System32\dllcache\sma0w.dll -> [2011/11/28 20:49:01 | 000,028,672 | ---- | C] (Microsoft Corporation)
 sm91w.dll -> C:\WINDOWS\System32\dllcache\sm91w.dll -> [2011/11/28 20:48:52 | 000,028,160 | ---- | C] (Microsoft Corporation)
 slserv.exe -> C:\WINDOWS\System32\dllcache\slserv.exe -> [2011/11/28 20:48:36 | 000,073,796 | ---- | C] (Smart Link)
 slwdmsup.sys -> C:\WINDOWS\System32\dllcache\slwdmsup.sys -> [2011/11/28 20:48:36 | 000,013,240 | ---- | C] (Smart Link)
 slnthal.sys -> C:\WINDOWS\System32\dllcache\slnthal.sys -> [2011/11/28 20:48:35 | 000,095,424 | ---- | C] (Smart Link)
 slrundll.exe -> C:\WINDOWS\System32\dllcache\slrundll.exe -> [2011/11/28 20:48:35 | 000,032,866 | ---- | C] (Smart Link)
 slntamr.sys -> C:\WINDOWS\System32\dllcache\slntamr.sys -> [2011/11/28 20:48:34 | 000,404,990 | ---- | C] (Smart Link)
 slnt7554.sys -> C:\WINDOWS\System32\dllcache\slnt7554.sys -> [2011/11/28 20:48:34 | 000,129,535 | ---- | C] (Smart Link)
 slgen.dll -> C:\WINDOWS\System32\dllcache\slgen.dll -> [2011/11/28 20:48:33 | 000,188,508 | ---- | C] (Smart Link)
 slip.sys -> C:\WINDOWS\System32\dllcache\slip.sys -> [2011/11/28 20:48:33 | 000,011,136 | ---- | C] (Microsoft Corporation)
 slextspk.dll -> C:\WINDOWS\System32\dllcache\slextspk.dll -> [2011/11/28 20:48:32 | 000,286,792 | ---- | C] (Smart Link)
 slcoinst.dll -> C:\WINDOWS\System32\dllcache\slcoinst.dll -> [2011/11/28 20:48:32 | 000,073,832 | ---- | C] (Smart Link)
 sla30nd5.sys -> C:\WINDOWS\System32\dllcache\sla30nd5.sys -> [2011/11/28 20:48:31 | 000,063,547 | ---- | C] (Symbol Technologies)
 skfpwin.sys -> C:\WINDOWS\System32\dllcache\skfpwin.sys -> [2011/11/28 20:48:28 | 000,091,294 | ---- | C] (SysKonnect, a business unit of Schneider & Koch & Co. Datensysteme GmbH.)
 sk98xwin.sys -> C:\WINDOWS\System32\dllcache\sk98xwin.sys -> [2011/11/28 20:48:25 | 000,094,698 | ---- | C] (SysKonnect GmbH.)
 sisv256.dll -> C:\WINDOWS\System32\dllcache\sisv256.dll -> [2011/11/28 20:48:22 | 000,157,696 | ---- | C] (Silicon Integrated Systems Corporation)
 sisv.sys -> C:\WINDOWS\System32\dllcache\sisv.sys -> [2011/11/28 20:48:19 | 000,050,432 | ---- | C] (Silicon Integrated Systems Corporation)
 sisnic.sys -> C:\WINDOWS\System32\dllcache\sisnic.sys -> [2011/11/28 20:48:18 | 000,032,768 | ---- | C] (SiS Corporation)
 sisgrv.dll -> C:\WINDOWS\System32\dllcache\sisgrv.dll -> [2011/11/28 20:48:15 | 000,238,592 | ---- | C] (Silicon Integrated Systems Corporation)
 sisgrp.sys -> C:\WINDOWS\System32\dllcache\sisgrp.sys -> [2011/11/28 20:48:13 | 000,104,064 | ---- | C] (Silicon Integrated Systems Corporation)
 sisagp.sys -> C:\WINDOWS\System32\dllcache\sisagp.sys -> [2011/11/28 20:48:12 | 000,040,960 | ---- | C] (Silicon Integrated Systems Corporation)
 sis6306v.dll -> C:\WINDOWS\System32\dllcache\sis6306v.dll -> [2011/11/28 20:48:09 | 000,150,144 | ---- | C] (Silicon Integrated Systems Corporation)
 sis6306p.sys -> C:\WINDOWS\System32\dllcache\sis6306p.sys -> [2011/11/28 20:48:06 | 000,068,608 | ---- | C] (Silicon Integrated Systems Corporation)
 sis300iv.dll -> C:\WINDOWS\System32\dllcache\sis300iv.dll -> [2011/11/28 20:48:03 | 000,252,032 | ---- | C] (Silicon Integrated Systems Corporation)
 sis300ip.sys -> C:\WINDOWS\System32\dllcache\sis300ip.sys -> [2011/11/28 20:48:01 | 000,101,760 | ---- | C] (Silicon Integrated Systems Corporation)
 siint5.dll -> C:\WINDOWS\System32\dllcache\siint5.dll -> [2011/11/28 20:47:57 | 000,003,901 | ---- | C] (Intel(R) Corporation)
 sgsmusb.sys -> C:\WINDOWS\System32\dllcache\sgsmusb.sys -> [2011/11/28 20:47:48 | 000,161,568 | ---- | C] (Micro Systemation)
 sgsmld.sys -> C:\WINDOWS\System32\dllcache\sgsmld.sys -> [2011/11/28 20:47:45 | 000,018,400 | ---- | C] (Micro Systemation)
 sgiulnt5.sys -> C:\WINDOWS\System32\dllcache\sgiulnt5.sys -> [2011/11/28 20:47:42 | 000,098,080 | ---- | C] (Trident Microsystems Inc.)
 sgiul50.dll -> C:\WINDOWS\System32\dllcache\sgiul50.dll -> [2011/11/28 20:47:39 | 000,386,560 | ---- | C] (Trident Microsystems Inc.)
 sfmanm.sys -> C:\WINDOWS\System32\dllcache\sfmanm.sys -> [2011/11/28 20:47:36 | 000,036,480 | ---- | C] (Creative Technology Ltd.)
 serscan.sys -> C:\WINDOWS\System32\dllcache\serscan.sys -> [2011/11/28 20:47:32 | 000,006,784 | ---- | C] (Microsoft Corporation)
 sermouse.sys -> C:\WINDOWS\System32\dllcache\sermouse.sys -> [2011/11/28 20:47:29 | 000,017,664 | ---- | C] (Microsoft Corporation)
 seaddsmc.sys -> C:\WINDOWS\System32\dllcache\seaddsmc.sys -> [2011/11/28 20:47:23 | 000,006,912 | ---- | C] (Microsoft Corporation)
 scsiscan.sys -> C:\WINDOWS\System32\dllcache\scsiscan.sys -> [2011/11/28 20:47:22 | 000,011,520 | ---- | C] (Microsoft Corporation)
 scsiprnt.sys -> C:\WINDOWS\System32\dllcache\scsiprnt.sys -> [2011/11/28 20:47:19 | 000,011,648 | ---- | C] (Microsoft Corporation)
 scr111.sys -> C:\WINDOWS\System32\dllcache\scr111.sys -> [2011/11/28 20:47:12 | 000,017,280 | ---- | C] (SCM Microsystems)
 scmstcs.sys -> C:\WINDOWS\System32\dllcache\scmstcs.sys -> [2011/11/28 20:47:09 | 000,016,640 | ---- | C] (Microsoft Corporation)
 sccmusbm.sys -> C:\WINDOWS\System32\dllcache\sccmusbm.sys -> [2011/11/28 20:47:06 | 000,023,936 | ---- | C] (OMNIKEY AG)
 sccmn50m.sys -> C:\WINDOWS\System32\dllcache\sccmn50m.sys -> [2011/11/28 20:47:03 | 000,023,936 | ---- | C] (OMNIKEY AG)
 sbp2port.sys -> C:\WINDOWS\System32\dllcache\sbp2port.sys -> [2011/11/28 20:47:02 | 000,043,904 | ---- | C] (Microsoft Corporation)
 sblfx.dll -> C:\WINDOWS\System32\dllcache\sblfx.dll -> [2011/11/28 20:46:59 | 000,495,616 | ---- | C] (Creative Technology Ltd.)
 s3savmxm.sys -> C:\WINDOWS\System32\dllcache\s3savmxm.sys -> [2011/11/28 20:46:53 | 000,075,392 | ---- | C] (S3 Graphics, Inc.)
 s3savmx.dll -> C:\WINDOWS\System32\dllcache\s3savmx.dll -> [2011/11/28 20:46:50 | 000,245,632 | ---- | C] (S3 Graphics, Inc.)
 s3sav4m.sys -> C:\WINDOWS\System32\dllcache\s3sav4m.sys -> [2011/11/28 20:46:48 | 000,077,824 | ---- | C] (S3 Incorporated)
 s3sav4.dll -> C:\WINDOWS\System32\dllcache\s3sav4.dll -> [2011/11/28 20:46:45 | 000,198,400 | ---- | C] (S3 Incorporated)
 s3sav3dm.sys -> C:\WINDOWS\System32\dllcache\s3sav3dm.sys -> [2011/11/28 20:46:42 | 000,061,504 | ---- | C] (S3 Incorporated)
 s3sav3d.dll -> C:\WINDOWS\System32\dllcache\s3sav3d.dll -> [2011/11/28 20:46:39 | 000,179,264 | ---- | C] (S3 Incorporated)
 s3mvirge.dll -> C:\WINDOWS\System32\dllcache\s3mvirge.dll -> [2011/11/28 20:46:36 | 000,210,496 | ---- | C] (S3 Incorporated)
 s3mtrio.dll -> C:\WINDOWS\System32\dllcache\s3mtrio.dll -> [2011/11/28 20:46:33 | 000,062,496 | ---- | C] (S3 Incorporated)
 s3mt3d.sys -> C:\WINDOWS\System32\dllcache\s3mt3d.sys -> [2011/11/28 20:46:31 | 000,041,216 | ---- | C] (S3 Incorporated)
 s3mt3d.dll -> C:\WINDOWS\System32\dllcache\s3mt3d.dll -> [2011/11/28 20:46:28 | 000,182,272 | ---- | C] (S3 Incorporated)
 s3m.sys -> C:\WINDOWS\System32\dllcache\s3m.sys -> [2011/11/28 20:46:25 | 000,166,720 | ---- | C] (S3 Incorporated)
 s3gnbm.sys -> C:\WINDOWS\System32\dllcache\s3gnbm.sys -> [2011/11/28 20:46:22 | 000,166,912 | ---- | C] (S3 Graphics, Inc.)
 s3legacy.sys -> C:\WINDOWS\System32\dllcache\s3legacy.sys -> [2011/11/28 20:46:22 | 000,065,664 | ---- | C] (Microsoft Corporation)
 s3gnb.dll -> C:\WINDOWS\System32\dllcache\s3gnb.dll -> [2011/11/28 20:46:21 | 000,397,056 | ---- | C] (S3 Graphics, Inc.)
 rwia450.dll -> C:\WINDOWS\System32\dllcache\rwia450.dll -> [2011/11/28 20:46:18 | 000,082,432 | ---- | C] (Ricoh Co., Ltd.)
 rwia430.dll -> C:\WINDOWS\System32\dllcache\rwia430.dll -> [2011/11/28 20:46:15 | 000,079,872 | ---- | C] (Ricoh Co., Ltd.)
 rw450ext.dll -> C:\WINDOWS\System32\dllcache\rw450ext.dll -> [2011/11/28 20:46:09 | 000,029,696 | ---- | C] (Ricoh Co., Ltd.)
 rw430ext.dll -> C:\WINDOWS\System32\dllcache\rw430ext.dll -> [2011/11/28 20:46:08 | 000,027,648 | ---- | C] (Ricoh Co., Ltd.)
 rtl8029.sys -> C:\WINDOWS\System32\dllcache\rtl8029.sys -> [2011/11/28 20:45:53 | 000,019,017 | ---- | C] (Realtek Semiconductor Corporation)
 rthwcls.sys -> C:\WINDOWS\System32\dllcache\rthwcls.sys -> [2011/11/28 20:45:49 | 000,030,720 | ---- | C] (Conexant Systems Inc.)
 rsmgrstr.dll -> C:\WINDOWS\System32\dllcache\rsmgrstr.dll -> [2011/11/28 20:45:45 | 000,009,216 | ---- | C] (Brother Industries, Ltd.)
 rpfun.sys -> C:\WINDOWS\System32\dllcache\rpfun.sys -> [2011/11/28 20:45:42 | 000,003,840 | ---- | C] (Conexant Systems Inc.)
 rocket.sys -> C:\WINDOWS\System32\dllcache\rocket.sys -> [2011/11/28 20:45:38 | 000,079,104 | ---- | C] (Comtrol Corporation)
 rndismpx.sys -> C:\WINDOWS\System32\dllcache\rndismpx.sys -> [2011/11/28 20:45:37 | 000,030,592 | ---- | C] (Microsoft Corporation)
 rlnet5.sys -> C:\WINDOWS\System32\dllcache\rlnet5.sys -> [2011/11/28 20:45:34 | 000,037,563 | ---- | C] (RadioLAN)
 rfcomm.sys -> C:\WINDOWS\System32\dllcache\rfcomm.sys -> [2011/11/28 20:45:33 | 000,059,136 | ---- | C] (Microsoft Corporation)
 reslog32.dll -> C:\WINDOWS\System32\dllcache\reslog32.dll -> [2011/11/28 20:45:30 | 000,086,097 | ---- | C] (Xircom)
 recagent.sys -> C:\WINDOWS\System32\dllcache\recagent.sys -> [2011/11/28 20:45:21 | 000,013,776 | ---- | C] (Smart Link)
 rasirda.sys -> C:\WINDOWS\System32\dllcache\rasirda.sys -> [2011/11/28 20:45:15 | 000,019,584 | ---- | C] (Microsoft Corporation)
 r2mdmkxx.sys -> C:\WINDOWS\System32\dllcache\r2mdmkxx.sys -> [2011/11/28 20:45:09 | 000,714,762 | ---- | C] (Xircom, Inc.)
 r2mdkxga.sys -> C:\WINDOWS\System32\dllcache\r2mdkxga.sys -> [2011/11/28 20:45:06 | 000,899,146 | ---- | C] (Xircom, Inc.)
 qvusd.dll -> C:\WINDOWS\System32\dllcache\qvusd.dll -> [2011/11/28 20:45:03 | 000,041,472 | ---- | C] (Microsoft Corporation)
 qv2kux.sys -> C:\WINDOWS\System32\dllcache\qv2kux.sys -> [2011/11/28 20:45:00 | 000,003,328 | ---- | C] (Microsoft Corporation)
 ql1280.sys -> C:\WINDOWS\System32\dllcache\ql1280.sys -> [2011/11/28 20:44:48 | 000,049,024 | ---- | C] (QLogic Corporation)
 ql1240.sys -> C:\WINDOWS\System32\dllcache\ql1240.sys -> [2011/11/28 20:44:46 | 000,040,448 | ---- | C] (Microsoft Corporation)
 ql12160.sys -> C:\WINDOWS\System32\dllcache\ql12160.sys -> [2011/11/28 20:44:43 | 000,045,312 | ---- | C] (QLogic Corporation)
 ql10wnt.sys -> C:\WINDOWS\System32\dllcache\ql10wnt.sys -> [2011/11/28 20:44:40 | 000,033,152 | ---- | C] (Microsoft Corporation)
 ql1080.sys -> C:\WINDOWS\System32\dllcache\ql1080.sys -> [2011/11/28 20:44:37 | 000,040,320 | ---- | C] (QLogic Corporation)
 qic157.sys -> C:\WINDOWS\System32\dllcache\qic157.sys -> [2011/11/28 20:44:36 | 000,006,016 | ---- | C] (Microsoft Corporation)
 ptserlv.sys -> C:\WINDOWS\System32\dllcache\ptserlv.sys -> [2011/11/28 20:44:33 | 000,130,942 | ---- | C] (PCTEL, INC.)
 ptserlp.sys -> C:\WINDOWS\System32\dllcache\ptserlp.sys -> [2011/11/28 20:44:30 | 000,112,574 | ---- | C] (PCTEL, INC.)
 ptserli.sys -> C:\WINDOWS\System32\dllcache\ptserli.sys -> [2011/11/28 20:44:27 | 000,128,286 | ---- | C] (PCTEL, INC.)
 ptpusd.dll -> C:\WINDOWS\System32\dllcache\ptpusd.dll -> [2011/11/28 20:44:26 | 000,159,232 | ---- | C] (Microsoft Corporation)
 ptpusb.dll -> C:\WINDOWS\System32\dllcache\ptpusb.dll -> [2011/11/28 20:44:23 | 000,005,632 | ---- | C] (Microsoft Corporation)
 psisload.dll -> C:\WINDOWS\System32\dllcache\psisload.dll -> [2011/11/28 20:44:20 | 000,035,328 | ---- | C] (Microsoft Corporation)
 pscr.sys -> C:\WINDOWS\System32\dllcache\pscr.sys -> [2011/11/28 20:44:16 | 000,016,128 | ---- | C] (SCM Microsystems, Inc.)
 ppa3.sys -> C:\WINDOWS\System32\dllcache\ppa3.sys -> [2011/11/28 20:44:09 | 000,017,664 | ---- | C] (Microsoft Corporation)
 ppa.sys -> C:\WINDOWS\System32\dllcache\ppa.sys -> [2011/11/28 20:44:06 | 000,017,792 | ---- | C] (Microsoft Corporation)
 powerfil.sys -> C:\WINDOWS\System32\dllcache\powerfil.sys -> [2011/11/28 20:44:06 | 000,008,832 | ---- | C] (Microsoft Corporation)
 pnrmc.sys -> C:\WINDOWS\System32\dllcache\pnrmc.sys -> [2011/11/28 20:44:03 | 000,007,168 | ---- | C] (Microsoft Corporation)
 phvfwext.dll -> C:\WINDOWS\System32\dllcache\phvfwext.dll -> [2011/11/28 20:43:09 | 000,121,344 | ---- | C] (Microsoft Corporation)
 philtune.sys -> C:\WINDOWS\System32\dllcache\philtune.sys -> [2011/11/28 20:43:02 | 000,019,840 | ---- | C] (Microsoft Corporation)
 phildec.sys -> C:\WINDOWS\System32\dllcache\phildec.sys -> [2011/11/28 20:42:59 | 000,092,416 | ---- | C] (Microsoft Corporation)
 philcam2.sys -> C:\WINDOWS\System32\dllcache\philcam2.sys -> [2011/11/28 20:42:57 | 000,173,696 | ---- | C] (Microsoft Corporation)
 philcam1.sys -> C:\WINDOWS\System32\dllcache\philcam1.sys -> [2011/11/28 20:42:54 | 000,075,776 | ---- | C] (Microsoft Corporation)
 philcam1.dll -> C:\WINDOWS\System32\dllcache\philcam1.dll -> [2011/11/28 20:42:51 | 000,016,384 | ---- | C] (Microsoft Corporation)
 perm3dd.dll -> C:\WINDOWS\System32\dllcache\perm3dd.dll -> [2011/11/28 20:42:48 | 000,259,328 | ---- | C] (Microsoft Corp., 3Dlabs Inc. Ltd.)
 phdsext.ax -> C:\WINDOWS\System32\dllcache\phdsext.ax -> [2011/11/28 20:42:48 | 000,105,984 | ---- | C] (Microsoft Corporation)
 perm3.sys -> C:\WINDOWS\System32\dllcache\perm3.sys -> [2011/11/28 20:42:47 | 000,028,032 | ---- | C] (Microsoft Corp., 3Dlabs Inc. Ltd.)
 perm2dll.dll -> C:\WINDOWS\System32\dllcache\perm2dll.dll -> [2011/11/28 20:42:46 | 000,211,584 | ---- | C] (Microsoft Corp., 3Dlabs Inc. Ltd.)
 perm2.sys -> C:\WINDOWS\System32\dllcache\perm2.sys -> [2011/11/28 20:42:46 | 000,027,904 | ---- | C] (Microsoft Corp., 3Dlabs Inc. Ltd.)
 perc2hib.sys -> C:\WINDOWS\System32\dllcache\perc2hib.sys -> [2011/11/28 20:42:41 | 000,005,504 | ---- | C] (Microsoft Corporation)
 perc2.sys -> C:\WINDOWS\System32\dllcache\perc2.sys -> [2011/11/28 20:42:38 | 000,027,296 | ---- | C] (Microsoft Corporation)
 pcx500.sys -> C:\WINDOWS\System32\dllcache\pcx500.sys -> [2011/11/28 20:42:37 | 000,169,984 | ---- | C] (Cisco Systems)
 pctspk.exe -> C:\WINDOWS\System32\dllcache\pctspk.exe -> [2011/11/28 20:42:34 | 000,086,016 | ---- | C] (PCtel, Inc.)
 pcntpci5.sys -> C:\WINDOWS\System32\dllcache\pcntpci5.sys -> [2011/11/28 20:42:32 | 000,035,328 | ---- | C] (AMD Inc.)
 pcntn5m.sys -> C:\WINDOWS\System32\dllcache\pcntn5m.sys -> [2011/11/28 20:42:29 | 000,029,769 | ---- | C] (AMD Inc.)
 pcntn5hl.sys -> C:\WINDOWS\System32\dllcache\pcntn5hl.sys -> [2011/11/28 20:42:26 | 000,030,282 | ---- | C] (AMD Inc.)
 pca200e.sys -> C:\WINDOWS\System32\dllcache\pca200e.sys -> [2011/11/28 20:42:23 | 000,029,502 | ---- | C] (Marconi Communications, Inc.)
 pcmlm56.sys -> C:\WINDOWS\System32\dllcache\pcmlm56.sys -> [2011/11/28 20:42:23 | 000,026,153 | ---- | C] (Linksys)
 pc100nds.sys -> C:\WINDOWS\System32\dllcache\pc100nds.sys -> [2011/11/28 20:42:20 | 000,030,495 | ---- | C] (Linksys)
 ovui2rc.dll -> C:\WINDOWS\System32\dllcache\ovui2rc.dll -> [2011/11/28 20:42:05 | 000,041,984 | ---- | C] (Microsoft Corporation)
 ovui2.dll -> C:\WINDOWS\System32\dllcache\ovui2.dll -> [2011/11/28 20:42:02 | 000,044,544 | ---- | C] (Microsoft Corporation)
 ovsound2.sys -> C:\WINDOWS\System32\dllcache\ovsound2.sys -> [2011/11/28 20:42:00 | 000,025,216 | ---- | C] (Microsoft Corporation)
 ovcoms.exe -> C:\WINDOWS\System32\dllcache\ovcoms.exe -> [2011/11/28 20:41:57 | 000,039,424 | ---- | C] (Microsoft Corporation)
 ovcomc.dll -> C:\WINDOWS\System32\dllcache\ovcomc.dll -> [2011/11/28 20:41:54 | 000,020,480 | ---- | C] (Microsoft Corporation)
 ovcodek2.sys -> C:\WINDOWS\System32\dllcache\ovcodek2.sys -> [2011/11/28 20:41:51 | 000,351,616 | ---- | C] (Microsoft Corporation)
 ovcodec2.dll -> C:\WINDOWS\System32\dllcache\ovcodec2.dll -> [2011/11/28 20:41:49 | 000,116,736 | ---- | C] (Microsoft Corporation)
 ovce.sys -> C:\WINDOWS\System32\dllcache\ovce.sys -> [2011/11/28 20:41:46 | 000,031,872 | ---- | C] (Microsoft Corporation)
 ovcd.sys -> C:\WINDOWS\System32\dllcache\ovcd.sys -> [2011/11/28 20:41:43 | 000,028,032 | ---- | C] (Microsoft Corporation)
 ovcam2.sys -> C:\WINDOWS\System32\dllcache\ovcam2.sys -> [2011/11/28 20:41:40 | 000,048,000 | ---- | C] (Microsoft Corporation)
 ovca.sys -> C:\WINDOWS\System32\dllcache\ovca.sys -> [2011/11/28 20:41:37 | 000,025,088 | ---- | C] (Microsoft Corporation)
 otcsercb.sys -> C:\WINDOWS\System32\dllcache\otcsercb.sys -> [2011/11/28 20:41:34 | 000,054,186 | ---- | C] (Ositech Communications, Inc.)
 otceth5.sys -> C:\WINDOWS\System32\dllcache\otceth5.sys -> [2011/11/28 20:41:31 | 000,043,689 | ---- | C] (Ositech Communications, Inc.)
 otc06x5.sys -> C:\WINDOWS\System32\dllcache\otc06x5.sys -> [2011/11/28 20:41:29 | 000,027,209 | ---- | C] (Ositech Communications, Inc.)
 opl3sax.sys -> C:\WINDOWS\System32\dllcache\opl3sax.sys -> [2011/11/28 20:41:25 | 000,054,528 | ---- | C] (Yamaha Corp.)
 ohci1394.sys -> C:\WINDOWS\System32\dllcache\ohci1394.sys -> [2011/11/28 20:41:22 | 000,061,696 | ---- | C] (Microsoft Corporation)
 nv4_mini.sys -> C:\WINDOWS\System32\dllcache\nv4_mini.sys -> [2011/11/28 20:41:19 | 001,897,408 | ---- | C] (NVIDIA Corporation)
 nv4_disp.dll -> C:\WINDOWS\System32\dllcache\nv4_disp.dll -> [2011/11/28 20:41:18 | 004,274,816 | ---- | C] (NVIDIA Corporation)
 nv3.sys -> C:\WINDOWS\System32\dllcache\nv3.sys -> [2011/11/28 20:41:16 | 000,198,144 | ---- | C] (NVIDIA Corporation)
 nv3.dll -> C:\WINDOWS\System32\dllcache\nv3.dll -> [2011/11/28 20:41:13 | 000,123,776 | ---- | C] (NVIDIA Corporation)
 ntmtlfax.sys -> C:\WINDOWS\System32\dllcache\ntmtlfax.sys -> [2011/11/28 20:41:11 | 000,180,360 | ---- | C] (Smart Link)
 ntgrip.sys -> C:\WINDOWS\System32\dllcache\ntgrip.sys -> [2011/11/28 20:41:05 | 000,051,552 | ---- | C] (Kensington Technology Group)
 ntapm.sys -> C:\WINDOWS\System32\dllcache\ntapm.sys -> [2011/11/28 20:40:58 | 000,009,344 | ---- | C] (Microsoft Corporation)
 nsmmc.sys -> C:\WINDOWS\System32\dllcache\nsmmc.sys -> [2011/11/28 20:40:55 | 000,007,552 | ---- | C] (Microsoft Corporation)
 nscirda.sys -> C:\WINDOWS\System32\dllcache\nscirda.sys -> [2011/11/28 20:40:54 | 000,028,672 | ---- | C] (National Semiconductor Corporation)
 nm6wdm.sys -> C:\WINDOWS\System32\dllcache\nm6wdm.sys -> [2011/11/28 20:40:49 | 000,087,040 | ---- | C] (NeoMagic Corporation)
 nm5a2wdm.sys -> C:\WINDOWS\System32\dllcache\nm5a2wdm.sys -> [2011/11/28 20:40:46 | 000,126,080 | ---- | C] (NeoMagic Corporation)
 ngrpci.sys -> C:\WINDOWS\System32\dllcache\ngrpci.sys -> [2011/11/28 20:40:42 | 000,032,840 | ---- | C] (NETGEAR Corporation.)
 netwlan5.sys -> C:\WINDOWS\System32\dllcache\netwlan5.sys -> [2011/11/28 20:40:41 | 000,132,695 | ---- | C] (802.11b)
 netflx3.sys -> C:\WINDOWS\System32\dllcache\netflx3.sys -> [2011/11/28 20:40:36 | 000,065,278 | ---- | C] (Compaq Computer Corporation)
 neo20xx.sys -> C:\WINDOWS\System32\dllcache\neo20xx.sys -> [2011/11/28 20:40:32 | 000,039,264 | ---- | C] (NeoMagic Corporation)
 neo20xx.dll -> C:\WINDOWS\System32\dllcache\neo20xx.dll -> [2011/11/28 20:40:29 | 000,060,480 | ---- | C] (NeoMagic Corporation)
 ne2000.sys -> C:\WINDOWS\System32\dllcache\ne2000.sys -> [2011/11/28 20:40:26 | 000,015,872 | ---- | C] (Microsoft Corporation)
 ndisip.sys -> C:\WINDOWS\System32\dllcache\ndisip.sys -> [2011/11/28 20:40:25 | 000,010,880 | ---- | C] (Microsoft Corporation)
 nabtsfec.sys -> C:\WINDOWS\System32\dllcache\nabtsfec.sys -> [2011/11/28 20:40:23 | 000,085,248 | ---- | C] (Microsoft Corporation)
 n9i3disp.dll -> C:\WINDOWS\System32\dllcache\n9i3disp.dll -> [2011/11/28 20:40:20 | 000,091,488 | ---- | C] (Number Nine Visual Technology Corp.)
 n9i3d.sys -> C:\WINDOWS\System32\dllcache\n9i3d.sys -> [2011/11/28 20:40:18 | 000,027,936 | ---- | C] (Number Nine Visual Technology Corp.)
 n9i128v2.sys -> C:\WINDOWS\System32\dllcache\n9i128v2.sys -> [2011/11/28 20:40:15 | 000,033,088 | ---- | C] (Number Nine Visual Technology Corp.)
 n9i128v2.dll -> C:\WINDOWS\System32\dllcache\n9i128v2.dll -> [2011/11/28 20:40:13 | 000,059,104 | ---- | C] (Number Nine Visual Technology Corp.)
 n9i128.sys -> C:\WINDOWS\System32\dllcache\n9i128.sys -> [2011/11/28 20:40:10 | 000,013,664 | ---- | C] (Number Nine Visual Technology Corp.)
 n9i128.dll -> C:\WINDOWS\System32\dllcache\n9i128.dll -> [2011/11/28 20:40:07 | 000,035,392 | ---- | C] (Number Nine Visual Technology Corp.)
 n100325.sys -> C:\WINDOWS\System32\dllcache\n100325.sys -> [2011/11/28 20:40:05 | 000,128,000 | ---- | C] (Compaq Computer Corporation)
 n1000nt5.sys -> C:\WINDOWS\System32\dllcache\n1000nt5.sys -> [2011/11/28 20:40:02 | 000,052,255 | ---- | C] (Compaq Computer Corporation)
 mxport.sys -> C:\WINDOWS\System32\dllcache\mxport.sys -> [2011/11/28 20:39:59 | 000,075,520 | ---- | C] (Moxa Technologies Co., Ltd.)
 mxport.dll -> C:\WINDOWS\System32\dllcache\mxport.dll -> [2011/11/28 20:39:57 | 000,007,168 | ---- | C] (Moxa Technologies Co., Ltd)
 mxnic.sys -> C:\WINDOWS\System32\dllcache\mxnic.sys -> [2011/11/28 20:39:54 | 000,019,968 | ---- | C] (Macronix International Co., Ltd.                                               )
 mxicfg.dll -> C:\WINDOWS\System32\dllcache\mxicfg.dll -> [2011/11/28 20:39:52 | 000,019,968 | ---- | C] (Moxa Technologies Co., Ltd)
 mxcard.sys -> C:\WINDOWS\System32\dllcache\mxcard.sys -> [2011/11/28 20:39:49 | 000,021,888 | ---- | C] (Moxa Technologies Co., Ltd.)
 mutohpen.sys -> C:\WINDOWS\System32\dllcache\mutohpen.sys -> [2011/11/28 20:39:48 | 000,012,672 | ---- | C] (Microsoft Corporation)
 mtxvideo.sys -> C:\WINDOWS\System32\dllcache\mtxvideo.sys -> [2011/11/28 20:39:42 | 000,103,296 | ---- | C] (Matrox Graphics Inc)
 mtxparhm.sys -> C:\WINDOWS\System32\dllcache\mtxparhm.sys -> [2011/11/28 20:39:41 | 000,452,736 | ---- | C] (Matrox Graphics Inc.)
 mtxparhd.dll -> C:\WINDOWS\System32\dllcache\mtxparhd.dll -> [2011/11/28 20:39:40 | 001,737,856 | ---- | C] (Matrox Graphics Inc.)
 mtlstrm.sys -> C:\WINDOWS\System32\dllcache\mtlstrm.sys -> [2011/11/28 20:39:35 | 001,309,184 | ---- | C] (Smart Link)
 mtlmnt5.sys -> C:\WINDOWS\System32\dllcache\mtlmnt5.sys -> [2011/11/28 20:39:34 | 000,126,686 | ---- | C] (Smart Link)
 mstee.sys -> C:\WINDOWS\System32\dllcache\mstee.sys -> [2011/11/28 20:39:27 | 000,005,504 | ---- | C] (Microsoft Corporation)
 mstape.sys -> C:\WINDOWS\System32\dllcache\mstape.sys -> [2011/11/28 20:39:26 | 000,049,024 | ---- | C] (Microsoft Corporation)
 msriffwv.sys -> C:\WINDOWS\System32\dllcache\msriffwv.sys -> [2011/11/28 20:39:21 | 000,012,416 | ---- | C] (Microsoft Corporation)
 msmpu401.sys -> C:\WINDOWS\System32\dllcache\msmpu401.sys -> [2011/11/28 20:39:15 | 000,002,944 | ---- | C] (Microsoft Corporation)
 msircomm.sys -> C:\WINDOWS\System32\dllcache\msircomm.sys -> [2011/11/28 20:39:12 | 000,022,016 | ---- | C] (Microsoft Corporation)
 msgame.sys -> C:\WINDOWS\System32\dllcache\msgame.sys -> [2011/11/28 20:38:53 | 000,035,200 | ---- | C] (Microsoft Corporation)
 msfsio.sys -> C:\WINDOWS\System32\dllcache\msfsio.sys -> [2011/11/28 20:38:50 | 000,006,016 | ---- | C] (Microsoft Corporation)
 msdv.sys -> C:\WINDOWS\System32\dllcache\msdv.sys -> [2011/11/28 20:38:48 | 000,051,200 | ---- | C] (Microsoft Corporation)
 mraid35x.sys -> C:\WINDOWS\System32\dllcache\mraid35x.sys -> [2011/11/28 20:38:41 | 000,017,280 | ---- | C] (American Megatrends Inc.)
 mpe.sys -> C:\WINDOWS\System32\dllcache\mpe.sys -> [2011/11/28 20:38:38 | 000,015,232 | ---- | C] (Microsoft Corporation)
 modemcsa.sys -> C:\WINDOWS\System32\dllcache\modemcsa.sys -> [2011/11/28 20:38:25 | 000,016,128 | ---- | C] (Microsoft Corporation)
 miniqic.sys -> C:\WINDOWS\System32\dllcache\miniqic.sys -> [2011/11/28 20:38:18 | 000,006,528 | ---- | C] (Microsoft Corporation)
 mgaum.sys -> C:\WINDOWS\System32\dllcache\mgaum.sys -> [2011/11/28 20:38:09 | 000,320,384 | ---- | C] (Matrox Graphics Inc.)
 mgaud.dll -> C:\WINDOWS\System32\dllcache\mgaud.dll -> [2011/11/28 20:38:06 | 000,235,648 | ---- | C] (Matrox Graphics Inc.)
 memstpci.sys -> C:\WINDOWS\System32\dllcache\memstpci.sys -> [2011/11/28 20:37:59 | 000,026,112 | ---- | C] (Sony Corporation)
 memgrp.dll -> C:\WINDOWS\System32\dllcache\memgrp.dll -> [2011/11/28 20:37:57 | 000,047,616 | ---- | C] (Microsoft Corporation)
 memcard.sys -> C:\WINDOWS\System32\dllcache\memcard.sys -> [2011/11/28 20:37:54 | 000,008,320 | ---- | C] (Microsoft Corporation)
 mdgndis5.sys -> C:\WINDOWS\System32\dllcache\mdgndis5.sys -> [2011/11/28 20:37:51 | 000,164,586 | ---- | C] (Madge Networks Ltd)
 mammoth.sys -> C:\WINDOWS\System32\dllcache\mammoth.sys -> [2011/11/28 20:37:47 | 000,007,424 | ---- | C] (Microsoft Corporation)
 maestro.sys -> C:\WINDOWS\System32\dllcache\maestro.sys -> [2011/11/28 20:37:39 | 000,048,768 | ---- | C] (ESS Technology, Inc.)
 m3092dc.dll -> C:\WINDOWS\System32\dllcache\m3092dc.dll -> [2011/11/28 20:37:37 | 000,058,880 | ---- | C] (Microsoft Corporation)
 m3091dc.dll -> C:\WINDOWS\System32\dllcache\m3091dc.dll -> [2011/11/28 20:37:33 | 000,058,368 | ---- | C] (Microsoft Corporation)
 lwusbhid.sys -> C:\WINDOWS\System32\dllcache\lwusbhid.sys -> [2011/11/28 20:37:30 | 000,022,848 | ---- | C] (Logitech Inc.)
 lwadihid.sys -> C:\WINDOWS\System32\dllcache\lwadihid.sys -> [2011/11/28 20:37:30 | 000,020,864 | ---- | C] (Logitech Inc.)
 ltsmt.sys -> C:\WINDOWS\System32\dllcache\ltsmt.sys -> [2011/11/28 20:37:25 | 000,797,500 | ---- | C] (LT)
 ltsm.sys -> C:\WINDOWS\System32\dllcache\ltsm.sys -> [2011/11/28 20:37:23 | 000,802,683 | ---- | C] (Lucent Technologies)
 ltotape.sys -> C:\WINDOWS\System32\dllcache\ltotape.sys -> [2011/11/28 20:37:22 | 000,007,040 | ---- | C] (Microsoft Corporation)
 ltmdmntt.sys -> C:\WINDOWS\System32\dllcache\ltmdmntt.sys -> [2011/11/28 20:37:21 | 000,420,992 | ---- | C] (LT)
 ltmdmntl.sys -> C:\WINDOWS\System32\dllcache\ltmdmntl.sys -> [2011/11/28 20:37:19 | 000,576,746 | ---- | C] (LT)
 ltmdmnt.sys -> C:\WINDOWS\System32\dllcache\ltmdmnt.sys -> [2011/11/28 20:37:18 | 000,606,684 | ---- | C] (LT)
 ltck000c.sys -> C:\WINDOWS\System32\dllcache\ltck000c.sys -> [2011/11/28 20:37:16 | 000,727,786 | ---- | C] (Xircom, Inc.)
 loop.sys -> C:\WINDOWS\System32\dllcache\loop.sys -> [2011/11/28 20:37:09 | 000,004,992 | ---- | C] (Microsoft Corporation)
 lne100tx.sys -> C:\WINDOWS\System32\dllcache\lne100tx.sys -> [2011/11/28 20:37:05 | 000,070,730 | ---- | C] (Linksys Group, Inc.)
 lne100.sys -> C:\WINDOWS\System32\dllcache\lne100.sys -> [2011/11/28 20:37:02 | 000,020,573 | ---- | C] (The Linksts Group )
 lmndis3.sys -> C:\WINDOWS\System32\dllcache\lmndis3.sys -> [2011/11/28 20:37:00 | 000,025,065 | ---- | C] (D-Link)
 lit220p.sys -> C:\WINDOWS\System32\dllcache\lit220p.sys -> [2011/11/28 20:36:55 | 000,015,744 | ---- | C] (Litronic Industries)
 lbrtfdc.sys -> C:\WINDOWS\System32\dllcache\lbrtfdc.sys -> [2011/11/28 20:36:54 | 000,034,688 | ---- | C] (Toshiba Corp.)
 lanepic5.sys -> C:\WINDOWS\System32\dllcache\lanepic5.sys -> [2011/11/28 20:36:51 | 000,026,442 | ---- | C] (SMSC)
 ksxbar.ax -> C:\WINDOWS\System32\dllcache\ksxbar.ax -> [2011/11/28 20:36:49 | 000,043,008 | ---- | C] (Microsoft Corporation)
 ktc111.sys -> C:\WINDOWS\System32\dllcache\ktc111.sys -> [2011/11/28 20:36:49 | 000,019,016 | ---- | C] (Kingston Technology Company                                                             )
 kswdmcap.ax -> C:\WINDOWS\System32\dllcache\kswdmcap.ax -> [2011/11/28 20:36:48 | 000,091,136 | ---- | C] (Microsoft Corporation)
 kstvtune.ax -> C:\WINDOWS\System32\dllcache\kstvtune.ax -> [2011/11/28 20:36:47 | 000,061,952 | ---- | C] (Microsoft Corporation)
 kousd.dll -> C:\WINDOWS\System32\dllcache\kousd.dll -> [2011/11/28 20:36:42 | 000,037,376 | ---- | C] (Microsoft Corporation)
 kdsusd.dll -> C:\WINDOWS\System32\dllcache\kdsusd.dll -> [2011/11/28 20:36:37 | 000,253,952 | ---- | C] (Microsoft Corporation)
 kdsui.dll -> C:\WINDOWS\System32\dllcache\kdsui.dll -> [2011/11/28 20:36:36 | 000,048,640 | ---- | C] (Microsoft Corporation)
 kbdkor.dll -> C:\WINDOWS\System32\dllcache\kbdkor.dll -> [2011/11/28 20:36:10 | 000,008,192 | ---- | C] (Microsoft Corporation)
 kbdjpn.dll -> C:\WINDOWS\System32\dllcache\kbdjpn.dll -> [2011/11/28 20:36:08 | 000,008,704 | ---- | C] (Microsoft Corporation)
 kbd106.dll -> C:\WINDOWS\System32\dllcache\kbd106.dll -> [2011/11/28 20:35:33 | 000,006,144 | ---- | C] (Microsoft Corporation)
 kbd103.dll -> C:\WINDOWS\System32\dllcache\kbd103.dll -> [2011/11/28 20:35:31 | 000,005,632 | ---- | C] (Microsoft Corporation)
 kbd101c.dll -> C:\WINDOWS\System32\dllcache\kbd101c.dll -> [2011/11/28 20:35:28 | 000,006,144 | ---- | C] (Microsoft Corporation)
 kbd101b.dll -> C:\WINDOWS\System32\dllcache\kbd101b.dll -> [2011/11/28 20:35:26 | 000,006,144 | ---- | C] (Microsoft Corporation)
 irstusb.sys -> C:\WINDOWS\System32\dllcache\irstusb.sys -> [2011/11/28 20:35:17 | 000,026,624 | ---- | C] (SigmaTel, Inc.)
 irsir.sys -> C:\WINDOWS\System32\dllcache\irsir.sys -> [2011/11/28 20:35:15 | 000,018,688 | ---- | C] (Microsoft Corporation)
 irmon.dll -> C:\WINDOWS\System32\dllcache\irmon.dll -> [2011/11/28 20:35:14 | 000,028,160 | ---- | C] (Microsoft Corporation)
 irftp.exe -> C:\WINDOWS\System32\dllcache\irftp.exe -> [2011/11/28 20:35:12 | 000,151,552 | ---- | C] (Microsoft Corporation)
 irmk7.sys -> C:\WINDOWS\System32\dllcache\irmk7.sys -> [2011/11/28 20:35:12 | 000,023,552 | ---- | C] (MKNet Corporation)
 irda.sys -> C:\WINDOWS\System32\dllcache\irda.sys -> [2011/11/28 20:35:11 | 000,088,192 | ---- | C] (Microsoft Corporation)
 ipsink.ax -> C:\WINDOWS\System32\dllcache\ipsink.ax -> [2011/11/28 20:35:09 | 000,016,384 | ---- | C] (Microsoft Corporation)
 ip5515.sys -> C:\WINDOWS\System32\dllcache\ip5515.sys -> [2011/11/28 20:35:03 | 000,045,632 | ---- | C] (Interphase (R) Corporation a Windows (R) 2000 DDK Driver Provider)
 io8ports.dll -> C:\WINDOWS\System32\dllcache\io8ports.dll -> [2011/11/28 20:35:01 | 000,090,200 | ---- | C] (Perle Systems Ltd. )
 io8.sys -> C:\WINDOWS\System32\dllcache\io8.sys -> [2011/11/28 20:34:58 | 000,038,784 | ---- | C] (Perle Systems Ltd. )
 intelide.sys -> C:\WINDOWS\System32\dllcache\intelide.sys -> [2011/11/28 20:34:57 | 000,005,504 | ---- | C] (Microsoft Corporation)
 inport.sys -> C:\WINDOWS\System32\dllcache\inport.sys -> [2011/11/28 20:34:55 | 000,013,056 | ---- | C] (Microsoft Corporation)
 ini910u.sys -> C:\WINDOWS\System32\dllcache\ini910u.sys -> [2011/11/28 20:34:52 | 000,016,000 | ---- | C] (Microsoft Corporation)
 iconf32.dll -> C:\WINDOWS\System32\dllcache\iconf32.dll -> [2011/11/28 20:34:02 | 000,372,824 | ---- | C] (Xircom)
 icam5usb.sys -> C:\WINDOWS\System32\dllcache\icam5usb.sys -> [2011/11/28 20:33:59 | 000,100,992 | ---- | C] (Microsoft Corporation)
 icam5ext.dll -> C:\WINDOWS\System32\dllcache\icam5ext.dll -> [2011/11/28 20:33:57 | 000,020,480 | ---- | C] (Microsoft Corporation)
 icam5com.dll -> C:\WINDOWS\System32\dllcache\icam5com.dll -> [2011/11/28 20:33:54 | 000,045,056 | ---- | C] (Microsoft Corporation)
 icam4usb.sys -> C:\WINDOWS\System32\dllcache\icam4usb.sys -> [2011/11/28 20:33:52 | 000,154,496 | ---- | C] (Microsoft Corporation)
 icam4ext.dll -> C:\WINDOWS\System32\dllcache\icam4ext.dll -> [2011/11/28 20:33:50 | 000,061,952 | ---- | C] (Microsoft Corporation)
 icam4com.dll -> C:\WINDOWS\System32\dllcache\icam4com.dll -> [2011/11/28 20:33:48 | 000,091,136 | ---- | C] (Microsoft Corporation)
 icam3ext.dll -> C:\WINDOWS\System32\dllcache\icam3ext.dll -> [2011/11/28 20:33:46 | 000,026,624 | ---- | C] (Microsoft Corporation)
 icam3.sys -> C:\WINDOWS\System32\dllcache\icam3.sys -> [2011/11/28 20:33:43 | 000,141,056 | ---- | C] (Microsoft Corporation)
 ibmvcap.sys -> C:\WINDOWS\System32\dllcache\ibmvcap.sys -> [2011/11/28 20:33:41 | 000,038,528 | ---- | C] (Microsoft Corporation)
 ibmtrp.sys -> C:\WINDOWS\System32\dllcache\ibmtrp.sys -> [2011/11/28 20:33:39 | 000,109,085 | ---- | C] (IBM Corporation)
 ibmtok.sys -> C:\WINDOWS\System32\dllcache\ibmtok.sys -> [2011/11/28 20:33:37 | 000,100,936 | ---- | C] (IBM Corporation)
 ibmsgnet.dll -> C:\WINDOWS\System32\dllcache\ibmsgnet.dll -> [2011/11/28 20:33:34 | 000,009,216 | ---- | C] (IBM Corporation)
 ibmexmp.sys -> C:\WINDOWS\System32\dllcache\ibmexmp.sys -> [2011/11/28 20:33:32 | 000,028,700 | ---- | C] (IBM Corp.)
 i81xdnt5.dll -> C:\WINDOWS\System32\dllcache\i81xdnt5.dll -> [2011/11/28 20:33:30 | 000,702,845 | ---- | C] (Intel(R) Corporation)
 i81xnt5.sys -> C:\WINDOWS\System32\dllcache\i81xnt5.sys -> [2011/11/28 20:33:30 | 000,161,020 | ---- | C] (Intel(R) Corporation)
 i740nt5.sys -> C:\WINDOWS\System32\dllcache\i740nt5.sys -> [2011/11/28 20:33:28 | 000,058,592 | ---- | C] (Intel Corporation)
 i740dnt5.dll -> C:\WINDOWS\System32\dllcache\i740dnt5.dll -> [2011/11/28 20:33:25 | 000,353,184 | ---- | C] (Intel Corporation)
 i2omp.sys -> C:\WINDOWS\System32\dllcache\i2omp.sys -> [2011/11/28 20:33:24 | 000,018,560 | ---- | C] (Microsoft Corporation)
 i2omgmt.sys -> C:\WINDOWS\System32\dllcache\i2omgmt.sys -> [2011/11/28 20:33:23 | 000,008,576 | ---- | C] (Microsoft Corporation)
 hsfdpsp2.sys -> C:\WINDOWS\System32\dllcache\hsfdpsp2.sys -> [2011/11/28 20:33:07 | 001,041,536 | ---- | C] (Conexant Systems, Inc.)
 hsfcxts2.sys -> C:\WINDOWS\System32\dllcache\hsfcxts2.sys -> [2011/11/28 20:33:06 | 000,685,056 | ---- | C] (Conexant Systems, Inc.)
 hsfcisp2.dll -> C:\WINDOWS\System32\dllcache\hsfcisp2.dll -> [2011/11/28 20:33:05 | 000,032,285 | ---- | C] (Conexant Systems, Inc.)
 hsfbs2s2.sys -> C:\WINDOWS\System32\dllcache\hsfbs2s2.sys -> [2011/11/28 20:33:04 | 000,220,032 | ---- | C] (Conexant Systems, Inc.)
 hsf_v124.sys -> C:\WINDOWS\System32\dllcache\hsf_v124.sys -> [2011/11/28 20:33:02 | 000,488,383 | ---- | C] (Conexant)
 hsf_tone.sys -> C:\WINDOWS\System32\dllcache\hsf_tone.sys -> [2011/11/28 20:33:00 | 000,050,751 | ---- | C] (Conexant)
 hsf_spkp.sys -> C:\WINDOWS\System32\dllcache\hsf_spkp.sys -> [2011/11/28 20:32:57 | 000,073,279 | ---- | C] (Conexant)
 hsf_soar.sys -> C:\WINDOWS\System32\dllcache\hsf_soar.sys -> [2011/11/28 20:32:55 | 000,044,863 | ---- | C] (Conexant)
 hsf_samp.sys -> C:\WINDOWS\System32\dllcache\hsf_samp.sys -> [2011/11/28 20:32:53 | 000,057,471 | ---- | C] (Conexant)
 hsf_msft.sys -> C:\WINDOWS\System32\dllcache\hsf_msft.sys -> [2011/11/28 20:32:51 | 000,542,879 | ---- | C] (Conexant)
 hsf_k56k.sys -> C:\WINDOWS\System32\dllcache\hsf_k56k.sys -> [2011/11/28 20:32:48 | 000,391,199 | ---- | C] (Conexant)
 hsf_inst.dll -> C:\WINDOWS\System32\dllcache\hsf_inst.dll -> [2011/11/28 20:32:46 | 000,009,759 | ---- | C] (Conexant)
 hsf_fsks.sys -> C:\WINDOWS\System32\dllcache\hsf_fsks.sys -> [2011/11/28 20:32:44 | 000,115,807 | ---- | C] (Conexant)
 hsf_faxx.sys -> C:\WINDOWS\System32\dllcache\hsf_faxx.sys -> [2011/11/28 20:32:42 | 000,199,711 | ---- | C] (Conexant)
 hsf_fall.sys -> C:\WINDOWS\System32\dllcache\hsf_fall.sys -> [2011/11/28 20:32:40 | 000,289,887 | ---- | C] (Conexant)
 hsf_bsc2.sys -> C:\WINDOWS\System32\dllcache\hsf_bsc2.sys -> [2011/11/28 20:32:37 | 000,067,167 | ---- | C] (Conexant)
 hsf_amos.sys -> C:\WINDOWS\System32\dllcache\hsf_amos.sys -> [2011/11/28 20:32:35 | 000,150,239 | ---- | C] (Conexant)
 hr1w.dll -> C:\WINDOWS\System32\dllcache\hr1w.dll -> [2011/11/28 20:32:32 | 000,019,456 | ---- | C] (Microsoft Corporation)
 hpt4qic.sys -> C:\WINDOWS\System32\dllcache\hpt4qic.sys -> [2011/11/28 20:32:30 | 000,005,760 | ---- | C] (Microsoft Corporation)
 hpsjmcro.dll -> C:\WINDOWS\System32\dllcache\hpsjmcro.dll -> [2011/11/28 20:32:28 | 000,013,312 | ---- | C] (Microsoft Corporation)
 hpojwia.dll -> C:\WINDOWS\System32\dllcache\hpojwia.dll -> [2011/11/28 20:32:26 | 000,324,608 | ---- | C] (Microsoft Corporation)
 hpn.sys -> C:\WINDOWS\System32\dllcache\hpn.sys -> [2011/11/28 20:32:24 | 000,025,952 | ---- | C] (Microsoft Corporation)
 hpgtmcro.dll -> C:\WINDOWS\System32\dllcache\hpgtmcro.dll -> [2011/11/28 20:32:22 | 000,032,768 | ---- | C] (Microsoft Corporation)
 hpgt53tk.dll -> C:\WINDOWS\System32\dllcache\hpgt53tk.dll -> [2011/11/28 20:32:20 | 000,068,608 | ---- | C] (Avisioin)
 hpgt42tk.dll -> C:\WINDOWS\System32\dllcache\hpgt42tk.dll -> [2011/11/28 20:32:16 | 000,031,232 | ---- | C] (Microsoft Corporation)
 hpgt34tk.dll -> C:\WINDOWS\System32\dllcache\hpgt34tk.dll -> [2011/11/28 20:32:12 | 000,126,976 | ---- | C] (Hewlett Packard)
 hpgt33tk.dll -> C:\WINDOWS\System32\dllcache\hpgt33tk.dll -> [2011/11/28 20:32:08 | 000,048,128 | ---- | C] (Microsoft Corporation)
 hpgt21tk.dll -> C:\WINDOWS\System32\dllcache\hpgt21tk.dll -> [2011/11/28 20:32:03 | 000,123,392 | ---- | C] (Microsoft Corporation)
 hpdigwia.dll -> C:\WINDOWS\System32\dllcache\hpdigwia.dll -> [2011/11/28 20:31:59 | 000,119,296 | ---- | C] (Microsoft Corporation)
 hidserv.dll -> C:\WINDOWS\System32\dllcache\hidserv.dll -> [2011/11/28 20:31:51 | 000,021,504 | ---- | C] (Microsoft Corporation)
 hidswvd.sys -> C:\WINDOWS\System32\dllcache\hidswvd.sys -> [2011/11/28 20:31:51 | 000,002,688 | ---- | C] (Microsoft Corporation)
 hidir.sys -> C:\WINDOWS\System32\dllcache\hidir.sys -> [2011/11/28 20:31:50 | 000,019,200 | ---- | C] (Microsoft Corporation)
 hidgame.sys -> C:\WINDOWS\System32\dllcache\hidgame.sys -> [2011/11/28 20:31:48 | 000,008,576 | ---- | C] (Microsoft Corporation)
 hidbth.sys -> C:\WINDOWS\System32\dllcache\hidbth.sys -> [2011/11/28 20:31:47 | 000,025,600 | ---- | C] (Microsoft Corporation)
 hidbatt.sys -> C:\WINDOWS\System32\dllcache\hidbatt.sys -> [2011/11/28 20:31:46 | 000,020,352 | ---- | C] (Microsoft Corporation)
 hcf_msft.sys -> C:\WINDOWS\System32\dllcache\hcf_msft.sys -> [2011/11/28 20:31:43 | 000,907,456 | ---- | C] (Conexant)
 grserial.sys -> C:\WINDOWS\System32\dllcache\grserial.sys -> [2011/11/28 20:31:37 | 000,028,288 | ---- | C] (Gemplus)
 grclass.sys -> C:\WINDOWS\System32\dllcache\grclass.sys -> [2011/11/28 20:31:35 | 000,082,304 | ---- | C] (Gemplus)
 gpr400.sys -> C:\WINDOWS\System32\dllcache\gpr400.sys -> [2011/11/28 20:31:33 | 000,017,408 | ---- | C] (Gemplus)
 gckernel.sys -> C:\WINDOWS\System32\dllcache\gckernel.sys -> [2011/11/28 20:31:31 | 000,059,136 | ---- | C] (Microsoft Corporation)
 gameenum.sys -> C:\WINDOWS\System32\dllcache\gameenum.sys -> [2011/11/28 20:31:30 | 000,010,624 | ---- | C] (Microsoft Corporation)
 gagp30kx.sys -> C:\WINDOWS\System32\dllcache\gagp30kx.sys -> [2011/11/28 20:31:29 | 000,046,464 | ---- | C] (Microsoft Corporation)
 g400m.sys -> C:\WINDOWS\System32\dllcache\g400m.sys -> [2011/11/28 20:31:27 | 000,322,432 | ---- | C] (Matrox Graphics Inc.)
 g400d.dll -> C:\WINDOWS\System32\dllcache\g400d.dll -> [2011/11/28 20:31:25 | 001,733,120 | ---- | C] (Matrox Graphics Inc.)
 g200m.sys -> C:\WINDOWS\System32\dllcache\g200m.sys -> [2011/11/28 20:31:24 | 000,320,384 | ---- | C] (Matrox Graphics Inc.)
 g200d.dll -> C:\WINDOWS\System32\dllcache\g200d.dll -> [2011/11/28 20:31:22 | 000,470,144 | ---- | C] (Matrox Graphics Inc.)
 fxusbase.sys -> C:\WINDOWS\System32\dllcache\fxusbase.sys -> [2011/11/28 20:31:20 | 000,454,912 | ---- | C] (AVM GmbH)
 fuusd.dll -> C:\WINDOWS\System32\dllcache\fuusd.dll -> [2011/11/28 20:30:23 | 000,092,160 | ---- | C] (Microsoft Corporation)
 fusbbase.sys -> C:\WINDOWS\System32\dllcache\fusbbase.sys -> [2011/11/28 20:30:22 | 000,455,296 | ---- | C] (AVM GmbH)
 fus2base.sys -> C:\WINDOWS\System32\dllcache\fus2base.sys -> [2011/11/28 20:30:20 | 000,455,680 | ---- | C] (AVM GmbH)
 fpnpbase.sys -> C:\WINDOWS\System32\dllcache\fpnpbase.sys -> [2011/11/28 20:30:14 | 000,442,240 | ---- | C] (AVM GmbH)
 fpcmbase.sys -> C:\WINDOWS\System32\dllcache\fpcmbase.sys -> [2011/11/28 20:30:10 | 000,441,728 | ---- | C] (AVM GmbH)
 fpcibase.sys -> C:\WINDOWS\System32\dllcache\fpcibase.sys -> [2011/11/28 20:30:08 | 000,444,416 | ---- | C] (AVM GmbH)
 forehe.sys -> C:\WINDOWS\System32\dllcache\forehe.sys -> [2011/11/28 20:30:00 | 000,034,173 | ---- | C] (Marconi Communications, Inc.)
 fnfilter.dll -> C:\WINDOWS\System32\dllcache\fnfilter.dll -> [2011/11/28 20:29:58 | 000,071,680 | ---- | C] (Microsoft Corporation)
 fetnd5.sys -> C:\WINDOWS\System32\dllcache\fetnd5.sys -> [2011/11/28 20:29:50 | 000,027,165 | ---- | C] (VIA Technologies, Inc.              )
 fem556n5.sys -> C:\WINDOWS\System32\dllcache\fem556n5.sys -> [2011/11/28 20:29:45 | 000,022,090 | ---- | C] (3Com Corporation)
 fa410nd5.sys -> C:\WINDOWS\System32\dllcache\fa410nd5.sys -> [2011/11/28 20:29:40 | 000,024,618 | ---- | C] (NETGEAR)
 fa312nd5.sys -> C:\WINDOWS\System32\dllcache\fa312nd5.sys -> [2011/11/28 20:29:38 | 000,016,074 | ---- | C] (NETGEAR Corp.)
 f3ab18xj.sys -> C:\WINDOWS\System32\dllcache\f3ab18xj.sys -> [2011/11/28 20:29:33 | 000,011,850 | ---- | C] (FUJITSU LIMITED)
 f3ab18xi.sys -> C:\WINDOWS\System32\dllcache\f3ab18xi.sys -> [2011/11/28 20:29:31 | 000,012,362 | ---- | C] (FUJITSU LIMITED)
 exabyte2.sys -> C:\WINDOWS\System32\dllcache\exabyte2.sys -> [2011/11/28 20:29:29 | 000,007,040 | ---- | C] (Microsoft Corporation)
 ex10.sys -> C:\WINDOWS\System32\dllcache\ex10.sys -> [2011/11/28 20:29:27 | 000,016,998 | ---- | C] (Intel Corporation)
 esunib.dll -> C:\WINDOWS\System32\dllcache\esunib.dll -> [2011/11/28 20:29:12 | 000,045,568 | ---- | C] (SEIKO EPSON CORP.)
 esuni.dll -> C:\WINDOWS\System32\dllcache\esuni.dll -> [2011/11/28 20:29:10 | 000,045,568 | ---- | C] (SEIKO EPSON CORP.)
 esuimg.dll -> C:\WINDOWS\System32\dllcache\esuimg.dll -> [2011/11/28 20:29:02 | 000,034,816 | ---- | C] (SEIKO EPSON CORP.)
 esucm.dll -> C:\WINDOWS\System32\dllcache\esucm.dll -> [2011/11/28 20:28:55 | 000,043,008 | ---- | C] (SEIKO EPSON CORP.)
 essm2e.sys -> C:\WINDOWS\System32\dllcache\essm2e.sys -> [2011/11/28 20:28:54 | 000,137,088 | ---- | C] (ESS Technology, Inc.)
 ess.sys -> C:\WINDOWS\System32\dllcache\ess.sys -> [2011/11/28 20:28:53 | 000,063,360 | ---- | C] (ESS Technology, Inc.)
 es56tpi.sys -> C:\WINDOWS\System32\dllcache\es56tpi.sys -> [2011/11/28 20:28:50 | 000,347,550 | ---- | C] (ESS Technology, Inc.)
 es56hpi.sys -> C:\WINDOWS\System32\dllcache\es56hpi.sys -> [2011/11/28 20:28:49 | 000,594,238 | ---- | C] (ESS Technology, Inc.)
 es56cvmp.sys -> C:\WINDOWS\System32\dllcache\es56cvmp.sys -> [2011/11/28 20:28:47 | 000,595,647 | ---- | C] (ESS Technology, Inc.)
 es198x.sys -> C:\WINDOWS\System32\dllcache\es198x.sys -> [2011/11/28 20:28:45 | 000,174,464 | ---- | C] (ESS Technology, Inc.)
 es1969.sys -> C:\WINDOWS\System32\dllcache\es1969.sys -> [2011/11/28 20:28:44 | 000,072,192 | ---- | C] (ESS Technology Inc.)
 es1371mp.sys -> C:\WINDOWS\System32\dllcache\es1371mp.sys -> [2011/11/28 20:28:42 | 000,040,704 | ---- | C] (Creative Technology Ltd.)
 es1370mp.sys -> C:\WINDOWS\System32\dllcache\es1370mp.sys -> [2011/11/28 20:28:40 | 000,037,120 | ---- | C] (Creative Technology Ltd.)
 eqnloop.exe -> C:\WINDOWS\System32\dllcache\eqnloop.exe -> [2011/11/28 20:28:38 | 000,061,952 | ---- | C] (Equinox Systems Inc.)
 eqnlogr.exe -> C:\WINDOWS\System32\dllcache\eqnlogr.exe -> [2011/11/28 20:28:37 | 000,051,200 | ---- | C] (Equinox Systems Inc.)
 eqndiag.exe -> C:\WINDOWS\System32\dllcache\eqndiag.exe -> [2011/11/28 20:28:35 | 000,053,248 | ---- | C] (Equinox Systems Inc.)
 eqn.sys -> C:\WINDOWS\System32\dllcache\eqn.sys -> [2011/11/28 20:28:33 | 000,629,952 | ---- | C] (Equinox Systems Inc.)
 epstw2k.sys -> C:\WINDOWS\System32\dllcache\epstw2k.sys -> [2011/11/28 20:28:32 | 000,114,944 | ---- | C] (Microsoft Corporation)
 epro4.sys -> C:\WINDOWS\System32\dllcache\epro4.sys -> [2011/11/28 20:28:30 | 000,018,503 | ---- | C] (Intel Corporation)
 epcfw2k.sys -> C:\WINDOWS\System32\dllcache\epcfw2k.sys -> [2011/11/28 20:28:29 | 000,144,896 | ---- | C] (Microsoft Corporation)
 enum1394.sys -> C:\WINDOWS\System32\dllcache\enum1394.sys -> [2011/11/28 20:28:28 | 000,006,400 | ---- | C] (Microsoft Corporation)
 emu10k1m.sys -> C:\WINDOWS\System32\dllcache\emu10k1m.sys -> [2011/11/28 20:28:26 | 000,283,904 | ---- | C] (Creative Technology Ltd.)
 em556n4.sys -> C:\WINDOWS\System32\dllcache\em556n4.sys -> [2011/11/28 20:28:22 | 000,019,996 | ---- | C] (3Com Corporation)
 elnk3.sys -> C:\WINDOWS\System32\dllcache\elnk3.sys -> [2011/11/28 20:28:21 | 000,025,159 | ---- | C] (3Com Corporation)
 elmsmc.sys -> C:\WINDOWS\System32\dllcache\elmsmc.sys -> [2011/11/28 20:28:20 | 000,007,296 | ---- | C] (Microsoft Corporation)
 el99xn51.sys -> C:\WINDOWS\System32\dllcache\el99xn51.sys -> [2011/11/28 20:28:19 | 000,171,520 | ---- | C] (3Com Corporation)
 el98xn5.sys -> C:\WINDOWS\System32\dllcache\el98xn5.sys -> [2011/11/28 20:28:17 | 000,070,174 | ---- | C] (3Com Corporation)
 el985n51.sys -> C:\WINDOWS\System32\dllcache\el985n51.sys -> [2011/11/28 20:28:16 | 000,455,199 | ---- | C] (3Com Corporation.)
 el90xnd5.sys -> C:\WINDOWS\System32\dllcache\el90xnd5.sys -> [2011/11/28 20:28:15 | 000,153,631 | ---- | C] (3Com Corporation)
 el90xbc5.sys -> C:\WINDOWS\System32\dllcache\el90xbc5.sys -> [2011/11/28 20:28:14 | 000,066,591 | ---- | C] (3Com Corporation)
 el656se5.sys -> C:\WINDOWS\System32\dllcache\el656se5.sys -> [2011/11/28 20:28:13 | 000,241,206 | ---- | C] (3Com Corporation)
 el656nd5.sys -> C:\WINDOWS\System32\dllcache\el656nd5.sys -> [2011/11/28 20:28:11 | 000,077,386 | ---- | C] (3Com Corporation)
 el656ct5.sys -> C:\WINDOWS\System32\dllcache\el656ct5.sys -> [2011/11/28 20:28:10 | 000,634,134 | ---- | C] (3Com Corporation)
 el656cd5.sys -> C:\WINDOWS\System32\dllcache\el656cd5.sys -> [2011/11/28 20:28:09 | 000,069,194 | ---- | C] (3Com Corporation)
 el589nd5.sys -> C:\WINDOWS\System32\dllcache\el589nd5.sys -> [2011/11/28 20:28:08 | 000,026,141 | ---- | C] (3Com Corporation)
 el575nd5.sys -> C:\WINDOWS\System32\dllcache\el575nd5.sys -> [2011/11/28 20:28:07 | 000,069,692 | ---- | C] (3Com Corporation)
 el574nd4.sys -> C:\WINDOWS\System32\dllcache\el574nd4.sys -> [2011/11/28 20:28:05 | 000,024,653 | ---- | C] (3Com Corporation)
 el556nd5.sys -> C:\WINDOWS\System32\dllcache\el556nd5.sys -> [2011/11/28 20:28:04 | 000,055,999 | ---- | C] (3Com Corporation)
 el515.sys -> C:\WINDOWS\System32\dllcache\el515.sys -> [2011/11/28 20:28:03 | 000,044,103 | ---- | C] (3Com Corporation)
 e100isa4.sys -> C:\WINDOWS\System32\dllcache\e100isa4.sys -> [2011/11/28 20:27:55 | 000,019,594 | ---- | C] (Intel Corporation)
 e100b325.sys -> C:\WINDOWS\System32\dllcache\e100b325.sys -> [2011/11/28 20:27:54 | 000,117,760 | ---- | C] (Intel Corporation)
 e1000nt5.sys -> C:\WINDOWS\System32\dllcache\e1000nt5.sys -> [2011/11/28 20:27:53 | 000,050,719 | ---- | C] (Intel Corporation)
 dshowext.ax -> C:\WINDOWS\System32\dllcache\dshowext.ax -> [2011/11/28 20:27:48 | 000,020,992 | ---- | C] (Microsoft Corporation)
 ds1wdm.sys -> C:\WINDOWS\System32\dllcache\ds1wdm.sys -> [2011/11/28 20:27:47 | 000,334,208 | ---- | C] (Yamaha Corp.)
 dpti2o.sys -> C:\WINDOWS\System32\dllcache\dpti2o.sys -> [2011/11/28 20:27:44 | 000,020,192 | ---- | C] (Microsoft Corporation)
 dp83820.sys -> C:\WINDOWS\System32\dllcache\dp83820.sys -> [2011/11/28 20:27:42 | 000,028,062 | ---- | C] (National Semiconductor Coproration)
 dot4usb.sys -> C:\WINDOWS\System32\dllcache\dot4usb.sys -> [2011/11/28 20:27:41 | 000,023,808 | ---- | C] (Microsoft Corporation)
 dot4scan.sys -> C:\WINDOWS\System32\dllcache\dot4scan.sys -> [2011/11/28 20:27:40 | 000,008,704 | ---- | C] (Microsoft Corporation)
 dot4.sys -> C:\WINDOWS\System32\dllcache\dot4.sys -> [2011/11/28 20:27:38 | 000,206,976 | ---- | C] (Microsoft Corporation)
 dot4prt.sys -> C:\WINDOWS\System32\dllcache\dot4prt.sys -> [2011/11/28 20:27:38 | 000,012,928 | ---- | C] (Microsoft Corporation)
 dm9pci5.sys -> C:\WINDOWS\System32\dllcache\dm9pci5.sys -> [2011/11/28 20:27:32 | 000,029,696 | ---- | C] (CNet Technology, Inc.                                                    )
 dlttape.sys -> C:\WINDOWS\System32\dllcache\dlttape.sys -> [2011/11/28 20:27:32 | 000,008,320 | ---- | C] (Microsoft Corporation)
 dlh5xnd5.sys -> C:\WINDOWS\System32\dllcache\dlh5xnd5.sys -> [2011/11/28 20:27:30 | 000,026,698 | ---- | C] (D-Link Corporation)
 diwan.sys -> C:\WINDOWS\System32\dllcache\diwan.sys -> [2011/11/28 20:27:29 | 000,952,007 | ---- | C] (Eicon Technology)
 ditrace.exe -> C:\WINDOWS\System32\dllcache\ditrace.exe -> [2011/11/28 20:27:25 | 000,236,060 | ---- | C] (Eicon Technology)
 disrvsu.dll -> C:\WINDOWS\System32\dllcache\disrvsu.dll -> [2011/11/28 20:27:24 | 000,038,985 | ---- | C] (Eicon Technology)
 disrvpp.dll -> C:\WINDOWS\System32\dllcache\disrvpp.dll -> [2011/11/28 20:27:23 | 000,031,305 | ---- | C] (Eicon Technology)
 disrvci.dll -> C:\WINDOWS\System32\dllcache\disrvci.dll -> [2011/11/28 20:27:22 | 000,006,729 | ---- | C] (Eicon Technology)
 dimaint.sys -> C:\WINDOWS\System32\dllcache\dimaint.sys -> [2011/11/28 20:27:19 | 000,091,305 | ---- | C] (Eicon Technology)
 digiview.exe -> C:\WINDOWS\System32\dllcache\digiview.exe -> [2011/11/28 20:27:18 | 000,614,429 | ---- | C] (Digi International Inc.)
 digirlpt.sys -> C:\WINDOWS\System32\dllcache\digirlpt.sys -> [2011/11/28 20:27:17 | 000,042,432 | ---- | C] (Digi International, Inc.)
 digirlpt.dll -> C:\WINDOWS\System32\dllcache\digirlpt.dll -> [2011/11/28 20:27:16 | 000,110,621 | ---- | C] (Digi International, Inc.)
 digiisdn.sys -> C:\WINDOWS\System32\dllcache\digiisdn.sys -> [2011/11/28 20:27:15 | 000,021,606 | ---- | C] (Digi International Inc.)
 digiisdn.dll -> C:\WINDOWS\System32\dllcache\digiisdn.dll -> [2011/11/28 20:27:14 | 000,041,046 | ---- | C] (Digi International Inc.)
 digiinf.dll -> C:\WINDOWS\System32\dllcache\digiinf.dll -> [2011/11/28 20:27:13 | 000,102,484 | ---- | C] (Digi International Inc.)
 digihlc.dll -> C:\WINDOWS\System32\dllcache\digihlc.dll -> [2011/11/28 20:27:12 | 000,159,828 | ---- | C] (Digi International Inc.)
 digifwrk.dll -> C:\WINDOWS\System32\dllcache\digifwrk.dll -> [2011/11/28 20:27:11 | 000,229,462 | ---- | C] (Digi International Inc.)
 digifep5.sys -> C:\WINDOWS\System32\dllcache\digifep5.sys -> [2011/11/28 20:27:10 | 000,090,525 | ---- | C] (Digi International Inc.)
 digidxb.sys -> C:\WINDOWS\System32\dllcache\digidxb.sys -> [2011/11/28 20:27:09 | 000,103,044 | ---- | C] (Digi International Inc.)
 digidbp.dll -> C:\WINDOWS\System32\dllcache\digidbp.dll -> [2011/11/28 20:27:08 | 000,131,156 | ---- | C] (Digi International Inc.)
 digiasyn.sys -> C:\WINDOWS\System32\dllcache\digiasyn.sys -> [2011/11/28 20:27:07 | 000,037,735 | ---- | C] (Digi International Inc.)
 digiasyn.dll -> C:\WINDOWS\System32\dllcache\digiasyn.dll -> [2011/11/28 20:27:06 | 000,065,622 | ---- | C] (Digi International Inc.)
 dgconfig.dll -> C:\WINDOWS\System32\dllcache\dgconfig.dll -> [2011/11/28 20:27:03 | 000,419,357 | ---- | C] (Digi International)
 dgapci.sys -> C:\WINDOWS\System32\dllcache\dgapci.sys -> [2011/11/28 20:27:02 | 000,029,531 | ---- | C] (Digi International Inc.)
 dfe650d.sys -> C:\WINDOWS\System32\dllcache\dfe650d.sys -> [2011/11/28 20:27:01 | 000,024,649 | ---- | C] (D-Link)
 dfe650.sys -> C:\WINDOWS\System32\dllcache\dfe650.sys -> [2011/11/28 20:27:00 | 000,024,648 | ---- | C] (D-Link)
 devldr32.exe -> C:\WINDOWS\System32\dllcache\devldr32.exe -> [2011/11/28 20:26:58 | 000,024,064 | ---- | C] (Creative Technology Ltd.)
 devcon32.dll -> C:\WINDOWS\System32\dllcache\devcon32.dll -> [2011/11/28 20:26:57 | 000,256,512 | ---- | C] (Creative Technology Ltd.)
 defpa.sys -> C:\WINDOWS\System32\dllcache\defpa.sys -> [2011/11/28 20:26:56 | 000,020,928 | ---- | C] (Digital Networks, LLC)
 ddsmc.sys -> C:\WINDOWS\System32\dllcache\ddsmc.sys -> [2011/11/28 20:26:55 | 000,007,424 | ---- | C] (Microsoft Corporation)
 dc260usd.dll -> C:\WINDOWS\System32\dllcache\dc260usd.dll -> [2011/11/28 20:26:53 | 000,110,592 | ---- | C] (Microsoft Corporation)
 dc240usd.dll -> C:\WINDOWS\System32\dllcache\dc240usd.dll -> [2011/11/28 20:26:52 | 000,086,016 | ---- | C] (Microsoft Corporation)
 dc21x4.sys -> C:\WINDOWS\System32\dllcache\dc21x4.sys -> [2011/11/28 20:26:51 | 000,063,208 | ---- | C] (Intel Corporation.)
 dc210usd.dll -> C:\WINDOWS\System32\dllcache\dc210usd.dll -> [2011/11/28 20:26:50 | 000,080,896 | ---- | C] (Microsoft Corporation)
 dc210_32.dll -> C:\WINDOWS\System32\dllcache\dc210_32.dll -> [2011/11/28 20:26:49 | 000,025,600 | ---- | C] (Microsoft Corporation)
 dac960nt.sys -> C:\WINDOWS\System32\dllcache\dac960nt.sys -> [2011/11/28 20:26:43 | 000,014,720 | ---- | C] (Microsoft Corporation)
 dac2w2k.sys -> C:\WINDOWS\System32\dllcache\dac2w2k.sys -> [2011/11/28 20:26:42 | 000,179,584 | ---- | C] (Mylex Corporation)
 d100ib5.sys -> C:\WINDOWS\System32\dllcache\d100ib5.sys -> [2011/11/28 20:26:34 | 000,117,760 | ---- | C] (Intel Corporation)
 cyzports.dll -> C:\WINDOWS\System32\dllcache\cyzports.dll -> [2011/11/28 20:26:34 | 000,027,648 | ---- | C] (Microsoft Corporation)
 cyzport.sys -> C:\WINDOWS\System32\dllcache\cyzport.sys -> [2011/11/28 20:26:33 | 000,049,792 | ---- | C] (Microsoft Corporation)
 cyzcoins.dll -> C:\WINDOWS\System32\dllcache\cyzcoins.dll -> [2011/11/28 20:26:32 | 000,027,136 | ---- | C] (Microsoft Corporation)
 cyyports.dll -> C:\WINDOWS\System32\dllcache\cyyports.dll -> [2011/11/28 20:26:31 | 000,027,648 | ---- | C] (Microsoft Corporation)
 cyyport.sys -> C:\WINDOWS\System32\dllcache\cyyport.sys -> [2011/11/28 20:26:30 | 000,050,176 | ---- | C] (Microsoft Corporation)
 cyycoins.dll -> C:\WINDOWS\System32\dllcache\cyycoins.dll -> [2011/11/28 20:26:29 | 000,028,672 | ---- | C] (Microsoft Corporation)
 cyclom-y.sys -> C:\WINDOWS\System32\dllcache\cyclom-y.sys -> [2011/11/28 20:26:28 | 000,014,848 | ---- | C] (Microsoft Corporation)
 cyclad-z.sys -> C:\WINDOWS\System32\dllcache\cyclad-z.sys -> [2011/11/28 20:26:27 | 000,017,152 | ---- | C] (Microsoft Corporation)
 cwrwdm.sys -> C:\WINDOWS\System32\dllcache\cwrwdm.sys -> [2011/11/28 20:26:26 | 000,048,640 | ---- | C] (Crystal Semiconductor Corp.)
 cwcwdm.sys -> C:\WINDOWS\System32\dllcache\cwcwdm.sys -> [2011/11/28 20:26:25 | 000,093,952 | ---- | C] (Crystal Semiconductor Corp.)
 cwcspud.sys -> C:\WINDOWS\System32\dllcache\cwcspud.sys -> [2011/11/28 20:26:24 | 000,111,872 | ---- | C] (Crystal Semiconductor Corp.)
 cwcosnt5.sys -> C:\WINDOWS\System32\dllcache\cwcosnt5.sys -> [2011/11/28 20:26:23 | 000,003,584 | ---- | C] (Crystal Semiconductor Corp.)
 cwbwdm.sys -> C:\WINDOWS\System32\dllcache\cwbwdm.sys -> [2011/11/28 20:26:22 | 000,072,832 | ---- | C] (Crystal Semiconductor Corp.)
 cwbmidi.sys -> C:\WINDOWS\System32\dllcache\cwbmidi.sys -> [2011/11/28 20:26:21 | 000,003,072 | ---- | C] (Crystal Semiconductor Corp.)
 cwbase.sys -> C:\WINDOWS\System32\dllcache\cwbase.sys -> [2011/11/28 20:26:20 | 000,003,072 | ---- | C] (Crystal Semiconductor Corp.)
 ctmasetp.dll -> C:\WINDOWS\System32\dllcache\ctmasetp.dll -> [2011/11/28 20:26:19 | 000,249,856 | ---- | C] (ComtrolŪ Corporation)
 ctwdm32.dll -> C:\WINDOWS\System32\dllcache\ctwdm32.dll -> [2011/11/28 20:26:19 | 000,004,096 | ---- | C] (Creative Technology Ltd.)
 ctlsb16.sys -> C:\WINDOWS\System32\dllcache\ctlsb16.sys -> [2011/11/28 20:26:18 | 000,096,256 | ---- | C] (Copyright (C) Creative Technology Ltd. 1994-2001)
 ctljystk.sys -> C:\WINDOWS\System32\dllcache\ctljystk.sys -> [2011/11/28 20:26:17 | 000,003,712 | ---- | C] (Creative Technology Ltd.)
 ctlfacem.sys -> C:\WINDOWS\System32\dllcache\ctlfacem.sys -> [2011/11/28 20:26:16 | 000,006,912 | ---- | C] (Creative Technology Ltd.)
 csamsp.dll -> C:\WINDOWS\System32\dllcache\csamsp.dll -> [2011/11/28 20:26:14 | 000,175,104 | ---- | C] (Microsoft Corporation)
 crtaud.sys -> C:\WINDOWS\System32\dllcache\crtaud.sys -> [2011/11/28 20:26:13 | 000,042,112 | ---- | C] (Conexant Systems Inc.)
 cpscan.dll -> C:\WINDOWS\System32\dllcache\cpscan.dll -> [2011/11/28 20:26:12 | 000,216,064 | ---- | C] (COMPAQ Inc.)
 cpqtrnd5.sys -> C:\WINDOWS\System32\dllcache\cpqtrnd5.sys -> [2011/11/28 20:26:08 | 000,060,970 | ---- | C] (Compaq Computer Corp.)
 cpqndis5.sys -> C:\WINDOWS\System32\dllcache\cpqndis5.sys -> [2011/11/28 20:26:07 | 000,021,533 | ---- | C] (Compaq Computer Corporation)
 cpqarray.sys -> C:\WINDOWS\System32\dllcache\cpqarray.sys -> [2011/11/28 20:26:06 | 000,014,976 | ---- | C] (Microsoft Corporation)
 compbatt.sys -> C:\WINDOWS\System32\dllcache\compbatt.sys -> [2011/11/28 20:25:57 | 000,010,240 | ---- | C] (Microsoft Corporation)
 cnxt1803.sys -> C:\WINDOWS\System32\dllcache\cnxt1803.sys -> [2011/11/28 20:25:56 | 000,039,936 | ---- | C] (Conexant Systems, Inc.)
 cnusd.dll -> C:\WINDOWS\System32\dllcache\cnusd.dll -> [2011/11/28 20:25:55 | 000,044,032 | ---- | C] (Microsoft Corporation)
 cmdide.sys -> C:\WINDOWS\System32\dllcache\cmdide.sys -> [2011/11/28 20:25:53 | 000,006,656 | ---- | C] (CMD Technology, Inc.)
 cmbp0wdm.sys -> C:\WINDOWS\System32\dllcache\cmbp0wdm.sys -> [2011/11/28 20:25:52 | 000,020,736 | ---- | C] (OMNIKEY AG)
 cmbatt.sys -> C:\WINDOWS\System32\dllcache\cmbatt.sys -> [2011/11/28 20:25:52 | 000,013,952 | ---- | C] (Microsoft Corporation)
 cl546xm.sys -> C:\WINDOWS\System32\dllcache\cl546xm.sys -> [2011/11/28 20:25:50 | 000,248,064 | ---- | C] (Microsoft Corporation)
 cl546x.dll -> C:\WINDOWS\System32\dllcache\cl546x.dll -> [2011/11/28 20:25:49 | 000,170,880 | ---- | C] (Microsoft Corporation)
 cl5465.dll -> C:\WINDOWS\System32\dllcache\cl5465.dll -> [2011/11/28 20:25:49 | 000,111,232 | ---- | C] (Microsoft Corporation)
 cirrus.sys -> C:\WINDOWS\System32\dllcache\cirrus.sys -> [2011/11/28 20:25:48 | 000,045,696 | ---- | C] (Microsoft Corporation)
 cirrus.dll -> C:\WINDOWS\System32\dllcache\cirrus.dll -> [2011/11/28 20:25:47 | 000,091,264 | ---- | C] (Microsoft Corporation)
 cinemclc.sys -> C:\WINDOWS\System32\dllcache\cinemclc.sys -> [2011/11/28 20:25:41 | 000,272,640 | ---- | C] (RAVISENT Technologies Inc.)
 cicap.sys -> C:\WINDOWS\System32\dllcache\cicap.sys -> [2011/11/28 20:25:40 | 000,980,034 | ---- | C] (Xircom)
 changer.sys -> C:\WINDOWS\System32\dllcache\changer.sys -> [2011/11/28 20:25:20 | 000,008,192 | ---- | C] (Microsoft Corporation)
 ch7xxnt5.dll -> C:\WINDOWS\System32\dllcache\ch7xxnt5.dll -> [2011/11/28 20:25:15 | 000,015,423 | ---- | C] (Intel(R) Corporation)
 cem56n5.sys -> C:\WINDOWS\System32\dllcache\cem56n5.sys -> [2011/11/28 20:25:13 | 000,049,182 | ---- | C] (Xircom, Inc.)
 cem33n5.sys -> C:\WINDOWS\System32\dllcache\cem33n5.sys -> [2011/11/28 20:25:13 | 000,022,044 | ---- | C] (Xircom, Inc.)
 ce3n5.sys -> C:\WINDOWS\System32\dllcache\ce3n5.sys -> [2011/11/28 20:25:12 | 000,027,164 | ---- | C] (Xircom, Inc.)
 cem28n5.sys -> C:\WINDOWS\System32\dllcache\cem28n5.sys -> [2011/11/28 20:25:12 | 000,022,044 | ---- | C] (Xircom, Inc.)
 ce2n5.sys -> C:\WINDOWS\System32\dllcache\ce2n5.sys -> [2011/11/28 20:25:11 | 000,021,530 | ---- | C] (Xircom, Inc.)
 cd20xrnt.sys -> C:\WINDOWS\System32\dllcache\cd20xrnt.sys -> [2011/11/28 20:25:10 | 000,007,680 | ---- | C] (Microsoft Corporation)
 cbmdmkxx.sys -> C:\WINDOWS\System32\dllcache\cbmdmkxx.sys -> [2011/11/28 20:25:09 | 000,714,698 | ---- | C] (Xircom, Inc.)
 ccdecode.sys -> C:\WINDOWS\System32\dllcache\ccdecode.sys -> [2011/11/28 20:25:09 | 000,017,024 | ---- | C] (Microsoft Corporation)
 cben5.sys -> C:\WINDOWS\System32\dllcache\cben5.sys -> [2011/11/28 20:25:08 | 000,046,108 | ---- | C] (Xircom, Inc.)
 cb325.sys -> C:\WINDOWS\System32\dllcache\cb325.sys -> [2011/11/28 20:25:07 | 000,039,680 | ---- | C] (Silicom Ltd.)
 cb102.sys -> C:\WINDOWS\System32\dllcache\cb102.sys -> [2011/11/28 20:25:07 | 000,037,916 | ---- | C] (Fast Ethernet Controller Provider)
 diapi2NT.dll -> C:\WINDOWS\System32\dllcache\diapi2NT.dll -> [2011/11/28 20:25:05 | 000,032,256 | ---- | C] (Eicon Technology Corporation)
 diapi2.sys -> C:\WINDOWS\System32\dllcache\diapi2.sys -> [2011/11/28 20:25:04 | 000,164,923 | ---- | C] (Eicon Technology)
 camext30.dll -> C:\WINDOWS\System32\dllcache\camext30.dll -> [2011/11/28 20:24:58 | 000,121,856 | ---- | C] (Microsoft Corporation)
 camext30.ax -> C:\WINDOWS\System32\dllcache\camext30.ax -> [2011/11/28 20:24:58 | 000,116,736 | ---- | C] (Microsoft Corporation)
 camext20.ax -> C:\WINDOWS\System32\dllcache\camext20.ax -> [2011/11/28 20:24:57 | 000,244,224 | ---- | C] (Microsoft Corporation)
 camext20.dll -> C:\WINDOWS\System32\dllcache\camext20.dll -> [2011/11/28 20:24:57 | 000,236,032 | ---- | C] (Microsoft Corporation)
 camexo20.dll -> C:\WINDOWS\System32\dllcache\camexo20.dll -> [2011/11/28 20:24:56 | 000,074,240 | ---- | C] (Microsoft Corporation)
 camexo20.ax -> C:\WINDOWS\System32\dllcache\camexo20.ax -> [2011/11/28 20:24:56 | 000,073,216 | ---- | C] (Microsoft Corporation)
 camdrv30.sys -> C:\WINDOWS\System32\dllcache\camdrv30.sys -> [2011/11/28 20:24:55 | 000,171,264 | ---- | C] (Microsoft Corporation)
 camdro21.sys -> C:\WINDOWS\System32\dllcache\camdro21.sys -> [2011/11/28 20:24:54 | 000,314,752 | ---- | C] (Microsoft Corporation)
 camdrv21.sys -> C:\WINDOWS\System32\dllcache\camdrv21.sys -> [2011/11/28 20:24:54 | 000,223,232 | ---- | C] (Microsoft Corporation)
 bulltlp3.sys -> C:\WINDOWS\System32\dllcache\bulltlp3.sys -> [2011/11/28 20:21:53 | 000,013,824 | ---- | C] (Microsoft Corporation)
 bthpan.sys -> C:\WINDOWS\System32\dllcache\bthpan.sys -> [2011/11/28 20:21:52 | 000,101,120 | ---- | C] (Microsoft Corporation)
 bthprint.sys -> C:\WINDOWS\System32\dllcache\bthprint.sys -> [2011/11/28 20:21:52 | 000,036,480 | ---- | C] (Microsoft Corporation)
 bthusb.sys -> C:\WINDOWS\System32\dllcache\bthusb.sys -> [2011/11/28 20:21:52 | 000,018,944 | ---- | C] (Microsoft Corporation)
 bthmodem.sys -> C:\WINDOWS\System32\dllcache\bthmodem.sys -> [2011/11/28 20:21:51 | 000,037,888 | ---- | C] (Microsoft Corporation)
 brzwlan.sys -> C:\WINDOWS\System32\dllcache\brzwlan.sys -> [2011/11/28 20:21:50 | 000,031,529 | ---- | C] (BreezeCOM)
 bthenum.sys -> C:\WINDOWS\System32\dllcache\bthenum.sys -> [2011/11/28 20:21:50 | 000,017,024 | ---- | C] (Microsoft Corporation)
 brusbmdm.sys -> C:\WINDOWS\System32\dllcache\brusbmdm.sys -> [2011/11/28 20:21:49 | 000,011,008 | ---- | C] (Brother Industries Ltd.)
 brusbscn.sys -> C:\WINDOWS\System32\dllcache\brusbscn.sys -> [2011/11/28 20:21:49 | 000,010,368 | ---- | C] (Brother Industries Ltd.)
 brserwdm.sys -> C:\WINDOWS\System32\dllcache\brserwdm.sys -> [2011/11/28 20:21:48 | 000,060,416 | ---- | C] (Brother Industries Ltd.)
 brserif.dll -> C:\WINDOWS\System32\dllcache\brserif.dll -> [2011/11/28 20:21:48 | 000,009,728 | ---- | C] (Brother Industries, Ltd.)
 brscnrsm.dll -> C:\WINDOWS\System32\dllcache\brscnrsm.dll -> [2011/11/28 20:21:47 | 000,005,120 | ---- | C] (Brother Industries,Ltd.)
 brparwdm.sys -> C:\WINDOWS\System32\dllcache\brparwdm.sys -> [2011/11/28 20:21:46 | 000,039,552 | ---- | C] (Brother Industries Ltd.)
 brparimg.sys -> C:\WINDOWS\System32\dllcache\brparimg.sys -> [2011/11/28 20:21:45 | 000,003,168 | ---- | C] (Brother Industries Ltd.)
 brmfusb.dll -> C:\WINDOWS\System32\dllcache\brmfusb.dll -> [2011/11/28 20:21:42 | 000,041,472 | ---- | C] (Brother Industries, Ltd.)
 brmfrsmg.exe -> C:\WINDOWS\System32\dllcache\brmfrsmg.exe -> [2011/11/28 20:21:42 | 000,032,256 | ---- | C] (Brother Industries, Ltd.)
 brmflpt.dll -> C:\WINDOWS\System32\dllcache\brmflpt.dll -> [2011/11/28 20:21:42 | 000,029,696 | ---- | C] (Brother Industries, Ltd.)
 brmfcwia.dll -> C:\WINDOWS\System32\dllcache\brmfcwia.dll -> [2011/11/28 20:21:41 | 000,081,408 | ---- | C] (Microsoft Corporation)
 brmfbidi.dll -> C:\WINDOWS\System32\dllcache\brmfbidi.dll -> [2011/11/28 20:21:41 | 000,015,360 | ---- | C] (Brother Industries, Ltd.)
 brfiltup.sys -> C:\WINDOWS\System32\dllcache\brfiltup.sys -> [2011/11/28 20:21:40 | 000,003,968 | ---- | C] (Brother Industries, Ltd.)
 brfiltlo.sys -> C:\WINDOWS\System32\dllcache\brfiltlo.sys -> [2011/11/28 20:21:39 | 000,012,160 | ---- | C] (Brother Industries, Ltd.)
 brfilt.sys -> C:\WINDOWS\System32\dllcache\brfilt.sys -> [2011/11/28 20:21:39 | 000,002,944 | ---- | C] (Brother Industries Ltd.)
 brevif.dll -> C:\WINDOWS\System32\dllcache\brevif.dll -> [2011/11/28 20:21:38 | 000,012,800 | ---- | C] (Brother Industries, Ltd.)
 brcoinst.dll -> C:\WINDOWS\System32\dllcache\brcoinst.dll -> [2011/11/28 20:21:38 | 000,009,728 | ---- | C] (Brother Industries Ltd.)
 brbidiif.dll -> C:\WINDOWS\System32\dllcache\brbidiif.dll -> [2011/11/28 20:21:37 | 000,019,456 | ---- | C] (Brother Industries, Ltd.)
 binlsvc.dll -> C:\WINDOWS\System32\dllcache\binlsvc.dll -> [2011/11/28 20:21:34 | 000,102,400 | ---- | C] (Microsoft Corporation)
 bcmdm.sys -> C:\WINDOWS\System32\dllcache\bcmdm.sys -> [2011/11/28 20:21:27 | 000,871,388 | ---- | C] (BCM)
 bdaplgin.ax -> C:\WINDOWS\System32\dllcache\bdaplgin.ax -> [2011/11/28 20:21:27 | 000,018,432 | ---- | C] (Microsoft Corporation)
 bdasup.sys -> C:\WINDOWS\System32\dllcache\bdasup.sys -> [2011/11/28 20:21:27 | 000,011,776 | ---- | C] (Microsoft Corporation)
 bcm42xx5.sys -> C:\WINDOWS\System32\dllcache\bcm42xx5.sys -> [2011/11/28 20:21:26 | 000,054,271 | ---- | C] (Broadcom Corporation)
 bcm4e5.sys -> C:\WINDOWS\System32\dllcache\bcm4e5.sys -> [2011/11/28 20:21:26 | 000,026,568 | ---- | C] (Broadcom Corporation)
 bcm42u.sys -> C:\WINDOWS\System32\dllcache\bcm42u.sys -> [2011/11/28 20:21:25 | 000,066,557 | ---- | C] (Broadcom Corporation)
 battc.sys -> C:\WINDOWS\System32\dllcache\battc.sys -> [2011/11/28 20:21:24 | 000,014,208 | ---- | C] (Microsoft Corporation)
 banshee.dll -> C:\WINDOWS\System32\dllcache\banshee.dll -> [2011/11/28 20:21:23 | 000,342,336 | ---- | C] (3Dfx Interactive, Inc.)
 banshee.sys -> C:\WINDOWS\System32\dllcache\banshee.sys -> [2011/11/28 20:21:23 | 000,036,128 | ---- | C] (3Dfx Interactive, Inc.)
 b57xp32.sys -> C:\WINDOWS\System32\dllcache\b57xp32.sys -> [2011/11/28 20:21:22 | 000,096,640 | ---- | C] (Broadcom Corporation)
 b1cbase.sys -> C:\WINDOWS\System32\dllcache\b1cbase.sys -> [2011/11/28 20:21:22 | 000,089,952 | ---- | C] (AVM GmbH)
 avmwan.sys -> C:\WINDOWS\System32\dllcache\avmwan.sys -> [2011/11/28 20:21:21 | 000,037,568 | ---- | C] (AVM GmbH)
 aztw2320.sys -> C:\WINDOWS\System32\dllcache\aztw2320.sys -> [2011/11/28 20:21:21 | 000,036,992 | ---- | C] (Aztech Systems Ltd)
 avmenum.dll -> C:\WINDOWS\System32\dllcache\avmenum.dll -> [2011/11/28 20:21:20 | 000,144,384 | ---- | C] (AVM GmbH)
 avmcoxp.dll -> C:\WINDOWS\System32\dllcache\avmcoxp.dll -> [2011/11/28 20:21:20 | 000,087,552 | ---- | C] (AVM GmbH)
 avcstrm.sys -> C:\WINDOWS\System32\dllcache\avcstrm.sys -> [2011/11/28 20:21:19 | 000,013,696 | ---- | C] (Microsoft Corporation)
 avcaudio.sys -> C:\WINDOWS\System32\dllcache\avcaudio.sys -> [2011/11/28 20:21:18 | 000,036,096 | ---- | C] (Microsoft Corporation)
 avc.sys -> C:\WINDOWS\System32\dllcache\avc.sys -> [2011/11/28 20:21:17 | 000,038,912 | ---- | C] (Microsoft Corporation)
 atv10nt5.dll -> C:\WINDOWS\System32\dllcache\atv10nt5.dll -> [2011/11/28 20:21:15 | 000,017,279 | ---- | C] (Intel(R) Corporation)
 atv06nt5.dll -> C:\WINDOWS\System32\dllcache\atv06nt5.dll -> [2011/11/28 20:21:15 | 000,014,143 | ---- | C] (Intel(R) Corporation)
 atv04nt5.dll -> C:\WINDOWS\System32\dllcache\atv04nt5.dll -> [2011/11/28 20:21:14 | 000,025,471 | ---- | C] (Intel(R) Corporation)
 atv02nt5.dll -> C:\WINDOWS\System32\dllcache\atv02nt5.dll -> [2011/11/28 20:21:13 | 000,011,359 | ---- | C] (Intel(R) Corporation)
 atv01nt5.dll -> C:\WINDOWS\System32\dllcache\atv01nt5.dll -> [2011/11/28 20:21:12 | 000,021,183 | ---- | C] (Intel(R) Corporation)
 ativtmxx.dll -> C:\WINDOWS\System32\dllcache\ativtmxx.dll -> [2011/11/28 20:21:08 | 000,032,768 | ---- | C] (ATI Technologies Inc.)
 ativmvxx.ax -> C:\WINDOWS\System32\dllcache\ativmvxx.ax -> [2011/11/28 20:21:07 | 000,023,040 | ---- | C] (ATI Technologies Inc.)
 ativdaxx.ax -> C:\WINDOWS\System32\dllcache\ativdaxx.ax -> [2011/11/28 20:21:06 | 000,009,728 | ---- | C] (ATI Technologies Inc.)
 atiraged.dll -> C:\WINDOWS\System32\dllcache\atiraged.dll -> [2011/11/28 20:21:04 | 000,104,832 | ---- | C] (ATI Technologies Inc.)
 atiragem.sys -> C:\WINDOWS\System32\dllcache\atiragem.sys -> [2011/11/28 20:21:04 | 000,070,528 | ---- | C] (ATI Technologies Inc.)
 atinxsxx.sys -> C:\WINDOWS\System32\dllcache\atinxsxx.sys -> [2011/11/28 20:21:03 | 000,063,488 | ---- | C] (ATI Technologies Inc.)
 atinxbxx.sys -> C:\WINDOWS\System32\dllcache\atinxbxx.sys -> [2011/11/28 20:21:02 | 000,031,744 | ---- | C] (ATI Technologies Inc.)
 atintuxx.sys -> C:\WINDOWS\System32\dllcache\atintuxx.sys -> [2011/11/28 20:21:01 | 000,073,216 | ---- | C] (ATI Technologies Inc.)
 atinttxx.sys -> C:\WINDOWS\System32\dllcache\atinttxx.sys -> [2011/11/28 20:21:01 | 000,013,824 | ---- | C] (ATI Technologies Inc.)
 atinsnxx.sys -> C:\WINDOWS\System32\dllcache\atinsnxx.sys -> [2011/11/28 20:21:00 | 000,028,672 | ---- | C] (ATI Technologies Inc.)
 atinrvxx.sys -> C:\WINDOWS\System32\dllcache\atinrvxx.sys -> [2011/11/28 20:20:58 | 000,104,960 | ---- | C] (ATI Technologies Inc.)
 atinraxx.sys -> C:\WINDOWS\System32\dllcache\atinraxx.sys -> [2011/11/28 20:20:58 | 000,052,224 | ---- | C] (ATI Technologies Inc.)
 atinpdxx.sys -> C:\WINDOWS\System32\dllcache\atinpdxx.sys -> [2011/11/28 20:20:58 | 000,014,336 | ---- | C] (ATI Technologies Inc.)
 atinbtxx.sys -> C:\WINDOWS\System32\dllcache\atinbtxx.sys -> [2011/11/28 20:20:57 | 000,057,856 | ---- | C] (ATI Technologies Inc.)
 atinmdxx.sys -> C:\WINDOWS\System32\dllcache\atinmdxx.sys -> [2011/11/28 20:20:57 | 000,013,824 | ---- | C] (ATI Technologies Inc.)
 atimpab.sys -> C:\WINDOWS\System32\dllcache\atimpab.sys -> [2011/11/28 20:20:56 | 000,289,664 | ---- | C] (ATI Technologies Inc.)
 atimtai.sys -> C:\WINDOWS\System32\dllcache\atimtai.sys -> [2011/11/28 20:20:56 | 000,281,600 | ---- | C] (ATI Technologies Inc.)
 atimpae.sys -> C:\WINDOWS\System32\dllcache\atimpae.sys -> [2011/11/28 20:20:56 | 000,075,136 | ---- | C] (ATI Technologies Inc.)
 atidvai.dll -> C:\WINDOWS\System32\dllcache\atidvai.dll -> [2011/11/28 20:20:55 | 000,268,160 | ---- | C] (ATI Technologies Inc.)
 atievxx.exe -> C:\WINDOWS\System32\dllcache\atievxx.exe -> [2011/11/28 20:20:55 | 000,037,376 | ---- | C] (Microsoft Corporation)
 atidrab.dll -> C:\WINDOWS\System32\dllcache\atidrab.dll -> [2011/11/28 20:20:54 | 000,382,592 | ---- | C] (ATI Technologies Inc.)
 atidrae.dll -> C:\WINDOWS\System32\dllcache\atidrae.dll -> [2011/11/28 20:20:54 | 000,137,216 | ---- | C] (ATI Technologies Inc.)
 ati3d1ag.dll -> C:\WINDOWS\System32\dllcache\ati3d1ag.dll -> [2011/11/28 20:20:52 | 000,870,784 | ---- | C] (ATI Technologies Inc. )
 ati2dvaa.dll -> C:\WINDOWS\System32\dllcache\ati2dvaa.dll -> [2011/11/28 20:20:51 | 000,377,984 | ---- | C] (ATI Technologies Inc.)
 ati2mtaa.sys -> C:\WINDOWS\System32\dllcache\ati2mtaa.sys -> [2011/11/28 20:20:51 | 000,327,040 | ---- | C] (ATI Technologies Inc.)
 ati1xsxx.sys -> C:\WINDOWS\System32\dllcache\ati1xsxx.sys -> [2011/11/28 20:20:50 | 000,034,735 | ---- | C] (ATI Technologies Inc.)
 ati1xbxx.sys -> C:\WINDOWS\System32\dllcache\ati1xbxx.sys -> [2011/11/28 20:20:50 | 000,029,455 | ---- | C] (ATI Technologies Inc.)
 ati1tuxx.sys -> C:\WINDOWS\System32\dllcache\ati1tuxx.sys -> [2011/11/28 20:20:48 | 000,036,463 | ---- | C] (ATI Technologies Inc.)
 ati1snxx.sys -> C:\WINDOWS\System32\dllcache\ati1snxx.sys -> [2011/11/28 20:20:48 | 000,026,367 | ---- | C] (ATI Technologies Inc.)
 ati1ttxx.sys -> C:\WINDOWS\System32\dllcache\ati1ttxx.sys -> [2011/11/28 20:20:48 | 000,021,343 | ---- | C] (ATI Technologies Inc.)
 ati1rvxx.sys -> C:\WINDOWS\System32\dllcache\ati1rvxx.sys -> [2011/11/28 20:20:47 | 000,063,663 | ---- | C] (ATI Technologies Inc.)
 ati1raxx.sys -> C:\WINDOWS\System32\dllcache\ati1raxx.sys -> [2011/11/28 20:20:47 | 000,030,671 | ---- | C] (ATI Technologies Inc.)
 ati1pdxx.sys -> C:\WINDOWS\System32\dllcache\ati1pdxx.sys -> [2011/11/28 20:20:46 | 000,012,047 | ---- | C] (ATI Technologies Inc.)
 ati1mdxx.sys -> C:\WINDOWS\System32\dllcache\ati1mdxx.sys -> [2011/11/28 20:20:46 | 000,011,615 | ---- | C] (ATI Technologies Inc.)
 ati.sys -> C:\WINDOWS\System32\dllcache\ati.sys -> [2011/11/28 20:20:45 | 000,077,568 | ---- | C] (ATI Technologies, Inc.)
 ati1btxx.sys -> C:\WINDOWS\System32\dllcache\ati1btxx.sys -> [2011/11/28 20:20:45 | 000,056,623 | ---- | C] (ATI Technologies Inc.)
 aspndis3.sys -> C:\WINDOWS\System32\dllcache\aspndis3.sys -> [2011/11/28 20:20:44 | 000,097,354 | ---- | C] (Bay Networks, Inc.)
 ati.dll -> C:\WINDOWS\System32\dllcache\ati.dll -> [2011/11/28 20:20:44 | 000,096,128 | ---- | C] (Microsoft Corporation)
 asc3350p.sys -> C:\WINDOWS\System32\dllcache\asc3350p.sys -> [2011/11/28 20:20:43 | 000,022,400 | ---- | C] (Microsoft Corporation)
 asc3550.sys -> C:\WINDOWS\System32\dllcache\asc3550.sys -> [2011/11/28 20:20:43 | 000,014,848 | ---- | C] (Advanced System Products, Inc.)
 asc.sys -> C:\WINDOWS\System32\dllcache\asc.sys -> [2011/11/28 20:20:42 | 000,026,496 | ---- | C] (Advanced System Products, Inc.)
 apmbatt.sys -> C:\WINDOWS\System32\dllcache\apmbatt.sys -> [2011/11/28 20:20:35 | 000,006,272 | ---- | C] (Microsoft Corporation)
 an983.sys -> C:\WINDOWS\System32\dllcache\an983.sys -> [2011/11/28 20:20:34 | 000,036,224 | ---- | C] (ADMtek Incorporated.)
 amsint.sys -> C:\WINDOWS\System32\dllcache\amsint.sys -> [2011/11/28 20:20:34 | 000,012,032 | ---- | C] (Microsoft Corporation)
 amdagp.sys -> C:\WINDOWS\System32\dllcache\amdagp.sys -> [2011/11/28 20:20:33 | 000,043,008 | ---- | C] (Advanced Micro Devices, Inc.)
 amb8002.sys -> C:\WINDOWS\System32\dllcache\amb8002.sys -> [2011/11/28 20:20:33 | 000,016,969 | ---- | C] (AmbiCom, Inc.)
 alim1541.sys -> C:\WINDOWS\System32\dllcache\alim1541.sys -> [2011/11/28 20:20:32 | 000,042,752 | ---- | C] (Microsoft Corporation)
 alifir.sys -> C:\WINDOWS\System32\dllcache\alifir.sys -> [2011/11/28 20:20:32 | 000,026,624 | ---- | C] (Acer Laboratories Inc.)
 aliide.sys -> C:\WINDOWS\System32\dllcache\aliide.sys -> [2011/11/28 20:20:32 | 000,005,248 | ---- | C] (Acer Laboratories Inc.)
 aic78xx.sys -> C:\WINDOWS\System32\dllcache\aic78xx.sys -> [2011/11/28 20:20:31 | 000,056,960 | ---- | C] (Microsoft Corporation)
 ali5261.sys -> C:\WINDOWS\System32\dllcache\ali5261.sys -> [2011/11/28 20:20:31 | 000,027,678 | ---- | C] (Acer Laboratories Inc.)
 aic78u2.sys -> C:\WINDOWS\System32\dllcache\aic78u2.sys -> [2011/11/28 20:20:30 | 000,055,168 | ---- | C] (Microsoft Corporation)
 aha154x.sys -> C:\WINDOWS\System32\dllcache\aha154x.sys -> [2011/11/28 20:20:30 | 000,012,800 | ---- | C] (Microsoft Corporation)
 agpcpq.sys -> C:\WINDOWS\System32\dllcache\agpcpq.sys -> [2011/11/28 20:20:12 | 000,044,928 | ---- | C] (Microsoft Corporation)
 agp440.sys -> C:\WINDOWS\System32\dllcache\agp440.sys -> [2011/11/28 20:20:11 | 000,042,368 | ---- | C] (Microsoft Corporation)
 agcgauge.ax -> C:\WINDOWS\System32\dllcache\agcgauge.ax -> [2011/11/28 20:20:10 | 000,024,576 | ---- | C] (Microsoft Corporation)
 adv11nt5.dll -> C:\WINDOWS\System32\dllcache\adv11nt5.dll -> [2011/11/28 20:20:09 | 000,003,775 | ---- | C] (Intel(R) Corporation)
 adv09nt5.dll -> C:\WINDOWS\System32\dllcache\adv09nt5.dll -> [2011/11/28 20:20:08 | 000,003,711 | ---- | C] (Intel(R) Corporation)
 adv07nt5.dll -> C:\WINDOWS\System32\dllcache\adv07nt5.dll -> [2011/11/28 20:20:07 | 000,003,647 | ---- | C] (Intel(R) Corporation)
 adv08nt5.dll -> C:\WINDOWS\System32\dllcache\adv08nt5.dll -> [2011/11/28 20:20:07 | 000,003,135 | ---- | C] (Intel(R) Corporation)
 adv02nt5.dll -> C:\WINDOWS\System32\dllcache\adv02nt5.dll -> [2011/11/28 20:20:05 | 000,003,967 | ---- | C] (Intel(R) Corporation)
 adv05nt5.dll -> C:\WINDOWS\System32\dllcache\adv05nt5.dll -> [2011/11/28 20:20:05 | 000,003,615 | ---- | C] (Intel(R) Corporation)
 adv01nt5.dll -> C:\WINDOWS\System32\dllcache\adv01nt5.dll -> [2011/11/28 20:20:04 | 000,004,255 | ---- | C] (Intel(R) Corporation)
 adpu160m.sys -> C:\WINDOWS\System32\dllcache\adpu160m.sys -> [2011/11/28 20:19:59 | 000,101,888 | ---- | C] (Microsoft Corporation)
 adptsf50.sys -> C:\WINDOWS\System32\dllcache\adptsf50.sys -> [2011/11/28 20:19:58 | 000,046,112 | ---- | C] (Adaptec, Inc )
 admjoy.sys -> C:\WINDOWS\System32\dllcache\admjoy.sys -> [2011/11/28 20:19:58 | 000,010,880 | ---- | C] (Aureal, Inc.)
 adm8830.sys -> C:\WINDOWS\System32\dllcache\adm8830.sys -> [2011/11/28 20:19:57 | 000,747,392 | ---- | C] (Aureal, Inc.)
 adm8820.sys -> C:\WINDOWS\System32\dllcache\adm8820.sys -> [2011/11/28 20:19:57 | 000,553,984 | ---- | C] (Aureal, Inc.)
 adm8810.sys -> C:\WINDOWS\System32\dllcache\adm8810.sys -> [2011/11/28 20:19:56 | 000,584,448 | ---- | C] (Aureal, Inc.)
 adm8511.sys -> C:\WINDOWS\System32\dllcache\adm8511.sys -> [2011/11/28 20:19:56 | 000,020,160 | ---- | C] (ADMtek Incorporated)
 adicvls.sys -> C:\WINDOWS\System32\dllcache\adicvls.sys -> [2011/11/28 20:19:56 | 000,007,424 | ---- | C] (Microsoft Corporation)
 acerscad.dll -> C:\WINDOWS\System32\dllcache\acerscad.dll -> [2011/11/28 20:19:55 | 000,061,440 | ---- | C] (Color Flatbed Scanner)
 ac97via.sys -> C:\WINDOWS\System32\dllcache\ac97via.sys -> [2011/11/28 20:19:54 | 000,084,480 | ---- | C] (VIA Technologies, Inc.)
 ac97sis.sys -> C:\WINDOWS\System32\dllcache\ac97sis.sys -> [2011/11/28 20:19:53 | 000,297,728 | ---- | C] (Silicon Integrated Systems Corp.)
 ac97intc.sys -> C:\WINDOWS\System32\dllcache\ac97intc.sys -> [2011/11/28 20:19:53 | 000,096,256 | ---- | C] (Intel Corporation)
 ac97ali.sys -> C:\WINDOWS\System32\dllcache\ac97ali.sys -> [2011/11/28 20:19:52 | 000,231,552 | ---- | C] (Acer Laboratories Inc.)
 abp480n5.sys -> C:\WINDOWS\System32\dllcache\abp480n5.sys -> [2011/11/28 20:19:52 | 000,023,552 | ---- | C] (Microsoft Corporation)
 a3dapi.dll -> C:\WINDOWS\System32\dllcache\a3dapi.dll -> [2011/11/28 20:19:51 | 000,462,848 | ---- | C] (Aureal Inc.)
 a3d.dll -> C:\WINDOWS\System32\dllcache\a3d.dll -> [2011/11/28 20:19:51 | 000,098,304 | ---- | C] (Aureal Semiconductor)
 8514a.dll -> C:\WINDOWS\System32\dllcache\8514a.dll -> [2011/11/28 20:19:51 | 000,038,400 | ---- | C] (Microsoft Corporation)
 61883.sys -> C:\WINDOWS\System32\dllcache\61883.sys -> [2011/11/28 20:19:50 | 000,048,128 | ---- | C] (Microsoft Corporation)
 3dfxvs.dll -> C:\WINDOWS\System32\dllcache\3dfxvs.dll -> [2011/11/28 20:19:49 | 000,689,216 | ---- | C] (3dfx Interactive, Inc.)
 3dfxvsm.sys -> C:\WINDOWS\System32\dllcache\3dfxvsm.sys -> [2011/11/28 20:19:49 | 000,148,352 | ---- | C] (3dfx Interactive, Inc.)
 4mmdat.sys -> C:\WINDOWS\System32\dllcache\4mmdat.sys -> [2011/11/28 20:19:49 | 000,012,288 | ---- | C] (Microsoft Corporation)
 3cwmcru.sys -> C:\WINDOWS\System32\dllcache\3cwmcru.sys -> [2011/11/28 20:19:48 | 000,762,780 | ---- | C] (3Com, Inc.)
 1394vdbg.sys -> C:\WINDOWS\System32\dllcache\1394vdbg.sys -> [2011/11/28 20:19:48 | 000,011,264 | ---- | C] (Microsoft Corporation)
 1394bus.sys -> C:\WINDOWS\System32\dllcache\1394bus.sys -> [2011/11/28 20:19:47 | 000,053,376 | ---- | C] (Microsoft Corporation)
 s3legacy.dll -> C:\WINDOWS\System32\dllcache\s3legacy.dll -> [2011/11/28 19:21:09 | 000,066,048 | ---- | C] (Microsoft Corporation)
 SUPERAntiSpyware -> C:\Documents and Settings\All Users\Start Menu\Programs\SUPERAntiSpyware -> [2011/11/28 17:46:31 | 000,000,000 | ---D | C]
 Adobe -> C:\Documents and Settings\LocalService\Local Settings\Application Data\Adobe -> [2011/11/28 17:32:52 | 000,000,000 | ---D | C]
 spmsg.dll -> C:\WINDOWS\System32\spmsg.dll -> [2011/11/28 15:41:32 | 000,016,760 | ---- | C] (Microsoft Corporation)
 Windows Media Connect 2 -> C:\Program Files\Windows Media Connect 2 -> [2011/11/28 15:41:07 | 000,000,000 | ---D | C]
 UMDF -> C:\WINDOWS\System32\drivers\UMDF -> [2011/11/28 15:39:45 | 000,000,000 | ---D | C]
 LogFiles -> C:\WINDOWS\System32\LogFiles -> [2011/11/28 15:39:45 | 000,000,000 | ---D | C]
 Needed-Files-Downloader -> C:\Program Files\Needed-Files-Downloader -> [2011/11/28 14:38:28 | 000,000,000 | ---D | C]
 Audacity -> C:\Program Files\Audacity -> [2011/11/27 22:19:05 | 000,000,000 | ---D | C]
 Malwarebytes' Anti-Malware -> C:\Documents and Settings\All Users\Start Menu\Programs\Malwarebytes' Anti-Malware -> [2011/11/22 21:49:11 | 000,000,000 | ---D | C]
 Malwarebytes' Anti-Malware -> C:\Program Files\Malwarebytes' Anti-Malware -> [2011/11/22 21:48:49 | 000,000,000 | ---D | C]
 Total 3D Home and Landscape Design Suite -> C:\Documents and Settings\All Users\Start Menu\Programs\Total 3D Home and Landscape Design Suite -> [2011/11/22 21:36:14 | 000,000,000 | ---D | C]
 Individual Software -> C:\Documents and Settings\All Users\Application Data\Individual Software -> [2011/11/22 21:36:04 | 000,000,000 | ---D | C]
 Total 3D -> C:\Program Files\Total 3D -> [2011/11/22 21:36:03 | 000,000,000 | ---D | C]
 OpenOffice.org 3.3 -> C:\Documents and Settings\All Users\Start Menu\Programs\OpenOffice.org 3.3 -> [2011/11/22 21:36:02 | 000,000,000 | --SD | C]
 321cba -> C:\Program Files\321cba -> [2011/11/21 07:33:16 | 000,000,000 | ---D | C]
 SUPERAntiSpyware.com -> C:\Documents and Settings\Owner\Application Data\SUPERAntiSpyware.com -> [2011/11/20 22:53:23 | 000,000,000 | ---D | C]
 SUPERAntiSpyware.com -> C:\Documents and Settings\All Users\Application Data\SUPERAntiSpyware.com -> [2011/11/20 22:52:02 | 000,000,000 | ---D | C]
 SUPERAntiSpyware -> C:\Program Files\SUPERAntiSpyware -> [2011/11/20 22:52:02 | 000,000,000 | ---D | C]
 Petroglyph -> C:\Documents and Settings\Owner\Application Data\Petroglyph -> [2011/11/13 20:46:36 | 000,000,000 | ---D | C]
 LucasArts -> C:\Documents and Settings\All Users\Start Menu\Programs\LucasArts -> [2011/11/13 17:21:05 | 000,000,000 | ---D | C]
 InstallShield -> C:\Documents and Settings\Owner\Application Data\InstallShield -> [2011/11/13 17:21:04 | 000,000,000 | ---D | C]
 QuickTime -> C:\Documents and Settings\All Users\Start Menu\Programs\QuickTime -> [2011/11/13 17:21:02 | 000,000,000 | ---D | C]
 Apple Computer -> C:\Documents and Settings\All Users\Application Data\Apple Computer -> [2011/11/13 17:20:51 | 000,000,000 | ---D | C]
 Apple -> C:\Documents and Settings\Owner\Local Settings\Application Data\Apple -> [2011/11/13 17:20:33 | 000,000,000 | ---D | C]
 Apple -> C:\Documents and Settings\All Users\Application Data\Apple -> [2011/11/13 17:20:31 | 000,000,000 | ---D | C]
 CONEXANT -> C:\Program Files\CONEXANT -> [2011/11/13 17:20:30 | 000,000,000 | ---D | C]
 Avira -> C:\Documents and Settings\All Users\Start Menu\Programs\Avira -> [2011/11/13 14:41:28 | 000,000,000 | ---D | C]
 LucasArts -> C:\Program Files\LucasArts -> [2011/11/13 01:18:15 | 000,000,000 | ---D | C]
 Videos -> C:\Documents and Settings\Owner\My Documents\Videos -> [2011/11/12 22:00:55 | 000,000,000 | ---D | C]
 Apple Computer -> C:\Documents and Settings\Owner\Application Data\Apple Computer -> [2011/11/12 20:56:39 | 000,000,000 | ---D | C]
 QuickTime -> C:\Program Files\QuickTime -> [2011/11/12 20:50:57 | 000,000,000 | ---D | C]
 Apple -> C:\Program Files\Common Files\Apple -> [2011/11/12 20:50:01 | 000,000,000 | ---D | C]
 Apple Software Update -> C:\Program Files\Apple Software Update -> [2011/11/12 20:49:27 | 000,000,000 | ---D | C]
 Apple Computer -> C:\Documents and Settings\Owner\Local Settings\Application Data\Apple Computer -> [2011/11/12 20:49:03 | 000,000,000 | ---D | C]
 Java -> C:\Program Files\Common Files\Java -> [2011/11/11 22:02:18 | 000,000,000 | ---D | C]
 javaws.exe -> C:\WINDOWS\System32\javaws.exe -> [2011/11/11 22:02:04 | 000,157,472 | ---- | C] (Sun Microsystems, Inc.)
 javaw.exe -> C:\WINDOWS\System32\javaw.exe -> [2011/11/11 22:02:04 | 000,145,184 | ---- | C] (Sun Microsystems, Inc.)
 java.exe -> C:\WINDOWS\System32\java.exe -> [2011/11/11 22:02:04 | 000,145,184 | ---- | C] (Sun Microsystems, Inc.)
 Macromedia -> C:\Documents and Settings\NetworkService\Application Data\Macromedia -> [2011/11/10 06:55:29 | 000,000,000 | ---D | C]
 Adobe -> C:\Documents and Settings\NetworkService\Application Data\Adobe -> [2011/11/10 06:55:12 | 000,000,000 | ---D | C]
 JRgXjCkBzNx1 -> C:\Documents and Settings\Owner\Application Data\JRgXjCkBzNx1 -> [2011/11/10 06:45:10 | 000,000,000 | ---D | C]
 SwUeOx0c1b3n4Q6 -> C:\Documents and Settings\Owner\Application Data\SwUeOx0c1b3n4Q6 -> [2011/11/10 06:45:09 | 000,000,000 | ---D | C]
 wJfLgZjCkVzNx0v -> C:\Documents and Settings\Owner\Application Data\wJfLgZjCkVzNx0v -> [2011/11/09 16:34:27 | 000,000,000 | ---D | C]
 pwIrOtAuSiFpGaJ -> C:\Documents and Settings\Owner\Application Data\pwIrOtAuSiFpGaJ -> [2011/11/09 16:34:27 | 000,000,000 | ---D | C]
 AV Security 2012 -> C:\Documents and Settings\Owner\Start Menu\Programs\AV Security 2012 -> [2011/11/09 16:31:26 | 000,000,000 | ---D | C]
 WsWJ7dELTqYwIrO -> C:\Documents and Settings\Owner\Application Data\WsWJ7dELTqYwIrO -> [2011/11/09 16:31:25 | 000,000,000 | ---D | C]
 g6dWKjUCByuoFpH -> C:\Documents and Settings\Owner\Application Data\g6dWKjUCByuoFpH -> [2011/11/09 16:31:24 | 000,000,000 | ---D | C]
 TlBx01b3n4Q6W7R -> C:\Documents and Settings\Owner\Application Data\TlBx01b3n4Q6W7R -> [2011/11/09 16:31:04 | 000,000,000 | ---D | C]
 Paint.NET -> C:\Program Files\Paint.NET -> [2011/11/08 21:27:27 | 000,000,000 | ---D | C]
 Paint.NET -> C:\Documents and Settings\Owner\Local Settings\Application Data\Paint.NET -> [2011/11/08 21:27:18 | 000,000,000 | ---D | C]
 Wild Creatures Demo -> C:\Program Files\Wild Creatures Demo -> [2011/11/04 17:13:35 | 000,000,000 | ---D | C]
 lxcyinpa.dll -> C:\WINDOWS\System32\lxcyinpa.dll -> [2011/04/17 12:26:56 | 000,413,696 | ---- | C] ( )
 lxcyhcp.dll -> C:\WINDOWS\System32\lxcyhcp.dll -> [2011/04/17 12:26:56 | 000,323,584 | ---- | C] ( )
 lxcyserv.dll -> C:\WINDOWS\System32\lxcyserv.dll -> [2011/04/17 12:26:55 | 001,224,704 | ---- | C] ( )
 lxcyusb1.dll -> C:\WINDOWS\System32\lxcyusb1.dll -> [2011/04/17 12:26:55 | 000,995,328 | ---- | C] ( )
 lxcyiesc.dll -> C:\WINDOWS\System32\lxcyiesc.dll -> [2011/04/17 12:26:55 | 000,397,312 | ---- | C] ( )
 lxcypmui.dll -> C:\WINDOWS\System32\lxcypmui.dll -> [2011/04/17 12:26:54 | 000,643,072 | ---- | C] ( )
 lxcylmpm.dll -> C:\WINDOWS\System32\lxcylmpm.dll -> [2011/04/17 12:26:54 | 000,585,728 | ---- | C] ( )
 lxcyprox.dll -> C:\WINDOWS\System32\lxcyprox.dll -> [2011/04/17 12:26:54 | 000,163,840 | ---- | C] ( )
 lxcypplc.dll -> C:\WINDOWS\System32\lxcypplc.dll -> [2011/04/17 12:26:54 | 000,094,208 | ---- | C] ( )
 lxcyhbn3.dll -> C:\WINDOWS\System32\lxcyhbn3.dll -> [2011/04/17 12:26:53 | 000,696,320 | ---- | C] ( )
 lxcyih.exe -> C:\WINDOWS\System32\lxcyih.exe -> [2011/04/17 12:26:53 | 000,385,712 | ---- | C] ( )
 lxcycoms.exe -> C:\WINDOWS\System32\lxcycoms.exe -> [2011/04/17 12:26:52 | 000,537,264 | ---- | C] ( )
 lxcycomc.dll -> C:\WINDOWS\System32\lxcycomc.dll -> [2011/04/17 12:26:51 | 000,684,032 | ---- | C] ( )
 lxcycomm.dll -> C:\WINDOWS\System32\lxcycomm.dll -> [2011/04/17 12:26:51 | 000,421,888 | ---- | C] ( )
 lxcycfg.exe -> C:\WINDOWS\System32\lxcycfg.exe -> [2011/04/17 12:26:51 | 000,381,616 | ---- | C] ( )
 7 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> 
 6 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> 
 1 C:\Documents and Settings\All Users\*.tmp files -> C:\Documents and Settings\All Users\*.tmp -> 
 
[Files/Folders - Modified Within 30 Days]
 RealUpgradeScheduledTaskS-1-5-21-1220945662-2111687655-1177238915-1003.job -> C:\WINDOWS\tasks\RealUpgradeScheduledTaskS-1-5-21-1220945662-2111687655-1177238915-1003.job -> [2011/12/01 08:57:19 | 000,000,286 | ---- | M] ()
 RealUpgradeLogonTaskS-1-5-21-1220945662-2111687655-1177238915-1003.job -> C:\WINDOWS\tasks\RealUpgradeLogonTaskS-1-5-21-1220945662-2111687655-1177238915-1003.job -> [2011/12/01 08:57:19 | 000,000,278 | ---- | M] ()
 OTS.exe -> C:\Documents and Settings\Owner\Desktop\OTS.exe -> [2011/12/01 08:55:24 | 000,646,144 | ---- | M] (OldTimer Tools)
 GoogleUpdateTaskMachineCore.job -> C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job -> [2011/12/01 08:37:41 | 000,000,880 | ---- | M] ()
 wpa.dbl -> C:\WINDOWS\System32\wpa.dbl -> [2011/12/01 08:37:32 | 000,013,646 | ---- | M] ()
 bootstat.dat -> C:\WINDOWS\bootstat.dat -> [2011/12/01 08:37:29 | 000,002,048 | --S- | M] ()
 Scheduled Update for Ask Toolbar.job -> C:\WINDOWS\tasks\Scheduled Update for Ask Toolbar.job -> [2011/12/01 01:34:00 | 000,000,234 | ---- | M] ()
 GoogleUpdateTaskMachineUA.job -> C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job -> [2011/12/01 01:21:00 | 000,000,884 | ---- | M] ()
 Windows Media Player.lnk -> C:\Documents and Settings\Owner\Application Data\Microsoft\Internet Explorer\Quick Launch\Windows Media Player.lnk -> [2011/11/30 11:50:16 | 000,000,800 | ---- | M] ()
 nsq9ndw2.exe -> C:\Documents and Settings\Owner\Desktop\nsq9ndw2.exe -> [2011/11/29 12:08:18 | 000,302,592 | ---- | M] ()
 dds.scr -> C:\Documents and Settings\Owner\Desktop\dds.scr -> [2011/11/29 12:07:01 | 000,607,260 | R--- | M] (Swearware)
 Defogger.exe -> C:\Documents and Settings\Owner\Desktop\Defogger.exe -> [2011/11/29 12:04:57 | 000,050,477 | ---- | M] ()
 Free Window Registry Repair.lnk -> C:\Documents and Settings\Owner\Desktop\Free Window Registry Repair.lnk -> [2011/11/28 21:48:00 | 000,000,718 | ---- | M] ()
 RegpairSetup.exe -> C:\Documents and Settings\Owner\My Documents\RegpairSetup.exe -> [2011/11/28 21:47:23 | 000,799,120 | ---- | M] ()
 imsins.BAK -> C:\WINDOWS\imsins.BAK -> [2011/11/28 21:02:31 | 000,001,393 | ---- | M] ()
 SUPERAntiSpyware Free Edition.lnk -> C:\Documents and Settings\All Users\Desktop\SUPERAntiSpyware Free Edition.lnk -> [2011/11/28 17:46:31 | 000,001,678 | ---- | M] ()
 My Documents (2).lnk -> C:\My Documents (2).lnk -> [2011/11/28 17:14:30 | 000,000,395 | ---- | M] ()
 My Documents.lnk -> C:\My Documents.lnk -> [2011/11/28 17:14:17 | 000,000,395 | ---- | M] ()
 default.pls -> C:\Documents and Settings\Owner\default.pls -> [2011/11/28 16:59:04 | 000,000,108 | ---- | M] ()
 NeroDigital.ini -> C:\WINDOWS\NeroDigital.ini -> [2011/11/28 16:58:04 | 000,000,116 | ---- | M] ()
 nscompat.tlb -> C:\WINDOWS\System32\nscompat.tlb -> [2011/11/28 15:41:23 | 000,023,392 | ---- | M] ()
 amcompat.tlb -> C:\WINDOWS\System32\amcompat.tlb -> [2011/11/28 15:41:23 | 000,016,832 | ---- | M] ()
 WMSysPr9.prx -> C:\WINDOWS\WMSysPr9.prx -> [2011/11/28 15:40:26 | 000,316,640 | ---- | M] ()
 MsftWdf_user_01_00_00.Wdf -> C:\WINDOWS\System32\drivers\UMDF\MsftWdf_user_01_00_00.Wdf -> [2011/11/28 15:39:46 | 000,000,000 | -H-- | M] ()
 perfh009.dat -> C:\WINDOWS\System32\perfh009.dat -> [2011/11/28 15:33:40 | 000,493,750 | ---- | M] ()
 perfc009.dat -> C:\WINDOWS\System32\perfc009.dat -> [2011/11/28 15:33:40 | 000,092,836 | ---- | M] ()
 Chala Head Chala Original Instrumental.wav -> C:\Documents and Settings\Owner\My Documents\Chala Head Chala Original Instrumental.wav -> [2011/11/28 10:26:09 | 008,786,348 | ---- | M] ()
 Chala Head Chala Original Instrumental.wma -> C:\Documents and Settings\Owner\My Documents\Chala Head Chala Original Instrumental.wma -> [2011/11/28 02:31:48 | 003,214,087 | ---- | M] ()
 Chala Head Chala English (Philippine-Movie Version w  Lyrics) - YouTube.wav -> C:\Documents and Settings\Owner\My Documents\Chala Head Chala English (Philippine-Movie Version w  Lyrics) - YouTube.wav -> [2011/11/28 02:25:29 | 037,007,444 | ---- | M] ()
 Pretty Soldier Sailor Moon- Moonlight Densetsu ENGLISH - YouTube.wav -> C:\Documents and Settings\Owner\My Documents\Pretty Soldier Sailor Moon- Moonlight Densetsu ENGLISH - YouTube.wav -> [2011/11/27 23:29:16 | 016,275,500 | ---- | M] ()
 Cha la head cha la.rtf -> C:\Documents and Settings\Owner\My Documents\Cha la head cha la.rtf -> [2011/11/25 20:08:58 | 000,000,766 | ---- | M] ()
 defogger_reenable -> C:\Documents and Settings\Owner\defogger_reenable -> [2011/11/22 17:02:10 | 000,000,000 | ---- | M] ()
 SecurityCheck.exe -> C:\Documents and Settings\Owner\My Documents\SecurityCheck.exe -> [2011/11/20 20:52:48 | 000,879,656 | ---- | M] ()
 Chala Head Chala Original Instrumental.mp3 -> C:\Documents and Settings\Owner\My Documents\Chala Head Chala Original Instrumental.mp3 -> [2011/11/19 01:04:01 | 003,191,998 | ---- | M] ()
 Avira Control Center.lnk -> C:\Documents and Settings\All Users\Desktop\Avira Control Center.lnk -> [2011/11/13 14:41:28 | 000,001,707 | ---- | M] ()
 Star Wars Empire at War.lnk -> C:\Documents and Settings\All Users\Desktop\Star Wars Empire at War.lnk -> [2011/11/13 01:22:26 | 000,001,836 | ---- | M] ()
 DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini -> C:\Documents and Settings\Owner\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini -> [2011/11/13 00:22:14 | 000,031,232 | ---- | M] ()
 QuickTime Player.lnk -> C:\Documents and Settings\All Users\Desktop\QuickTime Player.lnk -> [2011/11/12 20:51:30 | 000,001,604 | ---- | M] ()
 NT.INI -> C:\WINDOWS\NT.INI -> [2011/11/11 23:30:02 | 000,000,000 | ---- | M] ()
 Malwarebytes' Anti-Malware.lnk -> C:\Documents and Settings\Owner\Application Data\Microsoft\Internet Explorer\Quick Launch\Malwarebytes' Anti-Malware.lnk -> [2011/11/11 14:57:21 | 000,000,802 | ---- | M] ()
 Malwarebytes' Anti-Malware.lnk -> C:\Documents and Settings\All Users\Desktop\Malwarebytes' Anti-Malware.lnk -> [2011/11/11 14:57:21 | 000,000,784 | ---- | M] ()
 d3d9caps.dat -> C:\WINDOWS\System32\d3d9caps.dat -> [2011/11/11 14:56:32 | 000,000,664 | ---- | M] ()
 FNTCACHE.DAT -> C:\WINDOWS\System32\FNTCACHE.DAT -> [2011/11/06 01:34:58 | 000,136,464 | ---- | M] ()
 Age of Empires III Trial.lnk -> C:\Documents and Settings\All Users\Desktop\Age of Empires III Trial.lnk -> [2011/11/01 19:55:45 | 000,001,852 | ---- | M] ()
 72 C:\Documents and Settings\Owner\Local Settings\Temp\*.tmp files -> C:\Documents and Settings\Owner\Local Settings\Temp\*.tmp -> 
 72 C:\Documents and Settings\Owner\Local Settings\Temp\*.tmp files -> C:\Documents and Settings\Owner\Local Settings\Temp\*.tmp -> 
 7 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> 
 6 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> 
 2 C:\WINDOWS\Temp\*.tmp files -> C:\WINDOWS\Temp\*.tmp -> 
 2 C:\WINDOWS\Temp\*.tmp files -> C:\WINDOWS\Temp\*.tmp -> 
 2 C:\WINDOWS\Temp\*.tmp files -> C:\WINDOWS\Temp\*.tmp -> 
 1 C:\Documents and Settings\All Users\*.tmp files -> C:\Documents and Settings\All Users\*.tmp -> 
 
[Files - No Company Name]
 nsq9ndw2.exe -> C:\Documents and Settings\Owner\Desktop\nsq9ndw2.exe -> [2011/11/29 12:08:18 | 000,302,592 | ---- | C] ()
 Defogger.exe -> C:\Documents and Settings\Owner\Desktop\Defogger.exe -> [2011/11/29 12:04:38 | 000,050,477 | ---- | C] ()
 Free Window Registry Repair.lnk -> C:\Documents and Settings\Owner\Desktop\Free Window Registry Repair.lnk -> [2011/11/28 21:48:00 | 000,000,718 | ---- | C] ()
 RegpairSetup.exe -> C:\Documents and Settings\Owner\My Documents\RegpairSetup.exe -> [2011/11/28 21:47:31 | 000,799,120 | ---- | C] ()
 xrxscnui.dll -> C:\WINDOWS\System32\dllcache\xrxscnui.dll -> [2011/11/28 20:58:15 | 000,018,944 | ---- | C] ()
 xrxftplt.exe -> C:\WINDOWS\System32\dllcache\xrxftplt.exe -> [2011/11/28 20:58:11 | 000,027,648 | ---- | C] ()
 psisrndr.ax -> C:\WINDOWS\System32\dllcache\psisrndr.ax -> [2011/11/28 20:44:23 | 000,033,280 | ---- | C] ()
 psisdecd.dll -> C:\WINDOWS\System32\dllcache\psisdecd.dll -> [2011/11/28 20:44:19 | 000,363,520 | ---- | C] ()
 msdvbnp.ax -> C:\WINDOWS\System32\dllcache\msdvbnp.ax -> [2011/11/28 20:38:49 | 000,056,832 | ---- | C] ()
 hpgt53.dll -> C:\WINDOWS\System32\dllcache\hpgt53.dll -> [2011/11/28 20:32:18 | 000,165,888 | ---- | C] ()
 hpgt42.dll -> C:\WINDOWS\System32\dllcache\hpgt42.dll -> [2011/11/28 20:32:14 | 000,093,696 | ---- | C] ()
 hpgt34.dll -> C:\WINDOWS\System32\dllcache\hpgt34.dll -> [2011/11/28 20:32:10 | 000,101,376 | ---- | C] ()
 hpgt33.dll -> C:\WINDOWS\System32\dllcache\hpgt33.dll -> [2011/11/28 20:32:05 | 000,089,088 | ---- | C] ()
 hpgt21.dll -> C:\WINDOWS\System32\dllcache\hpgt21.dll -> [2011/11/28 20:32:01 | 000,083,968 | ---- | C] ()
 divasu.dll -> C:\WINDOWS\System32\dllcache\divasu.dll -> [2011/11/28 20:27:28 | 000,029,768 | ---- | C] ()
 divaprop.dll -> C:\WINDOWS\System32\dllcache\divaprop.dll -> [2011/11/28 20:27:27 | 000,037,962 | ---- | C] ()
 divaci.dll -> C:\WINDOWS\System32\dllcache\divaci.dll -> [2011/11/28 20:27:26 | 000,006,216 | ---- | C] ()
 atixbar.sys -> C:\WINDOWS\System32\dllcache\atixbar.sys -> [2011/11/28 20:21:11 | 000,023,552 | ---- | C] ()
 ativxbar.sys -> C:\WINDOWS\System32\dllcache\ativxbar.sys -> [2011/11/28 20:21:10 | 000,026,624 | ---- | C] ()
 ativttxx.sys -> C:\WINDOWS\System32\dllcache\ativttxx.sys -> [2011/11/28 20:21:09 | 000,019,456 | ---- | C] ()
 ativmdcd.sys -> C:\WINDOWS\System32\dllcache\ativmdcd.sys -> [2011/11/28 20:21:07 | 000,009,472 | ---- | C] ()
 atitvsnd.sys -> C:\WINDOWS\System32\dllcache\atitvsnd.sys -> [2011/11/28 20:21:06 | 000,017,152 | ---- | C] ()
 atirtcap.sys -> C:\WINDOWS\System32\dllcache\atirtcap.sys -> [2011/11/28 20:21:05 | 000,049,920 | ---- | C] ()
 atirtsnd.sys -> C:\WINDOWS\System32\dllcache\atirtsnd.sys -> [2011/11/28 20:21:05 | 000,026,880 | ---- | C] ()
 atitunep.sys -> C:\WINDOWS\System32\dllcache\atitunep.sys -> [2011/11/28 20:21:05 | 000,017,152 | ---- | C] ()
 atipcxxx.sys -> C:\WINDOWS\System32\dllcache\atipcxxx.sys -> [2011/11/28 20:21:03 | 000,010,240 | ---- | C] ()
 atibt829.sys -> C:\WINDOWS\System32\dllcache\atibt829.sys -> [2011/11/28 20:20:54 | 000,046,464 | ---- | C] ()
 SUPERAntiSpyware Free Edition.lnk -> C:\Documents and Settings\All Users\Desktop\SUPERAntiSpyware Free Edition.lnk -> [2011/11/28 17:46:31 | 000,001,678 | ---- | C] ()
 My Documents (2).lnk -> C:\My Documents (2).lnk -> [2011/11/28 17:14:30 | 000,000,395 | ---- | C] ()
 My Documents.lnk -> C:\My Documents.lnk -> [2011/11/28 17:14:17 | 000,000,395 | ---- | C] ()
 MsftWdf_user_01_00_00.Wdf -> C:\WINDOWS\System32\drivers\UMDF\MsftWdf_user_01_00_00.Wdf -> [2011/11/28 15:39:46 | 000,000,000 | -H-- | C] ()
 Chala Head Chala Original Instrumental.wav -> C:\Documents and Settings\Owner\My Documents\Chala Head Chala Original Instrumental.wav -> [2011/11/28 10:26:09 | 008,786,348 | ---- | C] ()
 Chala Head Chala Original Instrumental.wma -> C:\Documents and Settings\Owner\My Documents\Chala Head Chala Original Instrumental.wma -> [2011/11/28 02:31:12 | 003,214,087 | ---- | C] ()
 Chala Head Chala English (Philippine-Movie Version w  Lyrics) - YouTube.wav -> C:\Documents and Settings\Owner\My Documents\Chala Head Chala English (Philippine-Movie Version w  Lyrics) - YouTube.wav -> [2011/11/28 02:25:22 | 037,007,444 | ---- | C] ()
 Pretty Soldier Sailor Moon- Moonlight Densetsu ENGLISH - YouTube.wav -> C:\Documents and Settings\Owner\My Documents\Pretty Soldier Sailor Moon- Moonlight Densetsu ENGLISH - YouTube.wav -> [2011/11/27 23:29:14 | 016,275,500 | ---- | C] ()
 Cha la head cha la.rtf -> C:\Documents and Settings\Owner\My Documents\Cha la head cha la.rtf -> [2011/11/25 19:59:38 | 000,000,766 | ---- | C] ()
 RealUpgradeLogonTaskS-1-5-21-1220945662-2111687655-1177238915-1003.job -> C:\WINDOWS\tasks\RealUpgradeLogonTaskS-1-5-21-1220945662-2111687655-1177238915-1003.job -> [2011/11/25 01:37:14 | 000,000,278 | ---- | C] ()
 defogger_reenable -> C:\Documents and Settings\Owner\defogger_reenable -> [2011/11/22 17:02:10 | 000,000,000 | ---- | C] ()
 SecurityCheck.exe -> C:\Documents and Settings\Owner\My Documents\SecurityCheck.exe -> [2011/11/20 20:50:43 | 000,879,656 | ---- | C] ()
 Chala Head Chala Original Instrumental.mp3 -> C:\Documents and Settings\Owner\My Documents\Chala Head Chala Original Instrumental.mp3 -> [2011/11/19 01:03:53 | 003,191,998 | ---- | C] ()
 Star Wars Empire at War.lnk -> C:\Documents and Settings\All Users\Desktop\Star Wars Empire at War.lnk -> [2011/11/13 01:22:26 | 000,001,836 | ---- | C] ()
 QuickTime Player.lnk -> C:\Documents and Settings\All Users\Desktop\QuickTime Player.lnk -> [2011/11/12 20:51:30 | 000,001,604 | ---- | C] ()
 Apple Software Update.lnk -> C:\Documents and Settings\All Users\Start Menu\Programs\Apple Software Update.lnk -> [2011/11/12 20:49:30 | 000,001,830 | ---- | C] ()
 NT.INI -> C:\WINDOWS\NT.INI -> [2011/11/11 23:30:02 | 000,000,000 | ---- | C] ()
 d3d9caps.dat -> C:\WINDOWS\System32\d3d9caps.dat -> [2011/11/11 14:56:22 | 000,000,664 | ---- | C] ()
 Malwarebytes' Anti-Malware.lnk -> C:\Documents and Settings\Owner\Application Data\Microsoft\Internet Explorer\Quick Launch\Malwarebytes' Anti-Malware.lnk -> [2011/11/11 14:55:38 | 000,000,802 | ---- | C] ()
 Paint.NET.lnk -> C:\Documents and Settings\All Users\Start Menu\Programs\Paint.NET.lnk -> [2011/11/08 21:27:45 | 000,000,818 | ---- | C] ()
 Age of Empires III Trial.lnk -> C:\Documents and Settings\All Users\Desktop\Age of Empires III Trial.lnk -> [2011/11/01 19:55:44 | 000,001,852 | ---- | C] ()
 NeroDigital.ini -> C:\WINDOWS\NeroDigital.ini -> [2011/05/29 21:04:50 | 000,000,116 | ---- | C] ()
 lxcyvs.dll -> C:\WINDOWS\System32\lxcyvs.dll -> [2011/04/17 12:29:34 | 000,040,960 | ---- | C] ()
 lxcycoin.dll -> C:\WINDOWS\System32\lxcycoin.dll -> [2011/04/17 12:29:33 | 000,344,064 | ---- | C] ()
 lxcydrs.dll -> C:\WINDOWS\System32\lxcydrs.dll -> [2011/04/17 12:29:10 | 000,692,224 | ---- | C] ()
 lxcycaps.dll -> C:\WINDOWS\System32\lxcycaps.dll -> [2011/04/17 12:29:10 | 000,065,536 | ---- | C] ()
 lxcycnv4.dll -> C:\WINDOWS\System32\lxcycnv4.dll -> [2011/04/17 12:29:10 | 000,061,440 | ---- | C] ()
 LXPRMON.DLL -> C:\WINDOWS\System32\LXPRMON.DLL -> [2011/04/17 12:28:33 | 000,045,056 | ---- | C] ()
 LXPMONUI.DLL -> C:\WINDOWS\System32\LXPMONUI.DLL -> [2011/04/17 12:28:33 | 000,032,768 | ---- | C] ()
 lxcyinst.dll -> C:\WINDOWS\System32\lxcyinst.dll -> [2011/04/17 12:26:56 | 000,274,432 | ---- | C] ()
 ati2sgag.exe -> C:\WINDOWS\System32\ati2sgag.exe -> [2011/04/13 13:13:03 | 000,520,192 | ---- | C] ()
 ativvaxx.dat -> C:\WINDOWS\System32\ativvaxx.dat -> [2011/04/13 13:12:44 | 003,107,788 | R--- | C] ()
 DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini -> C:\Documents and Settings\Owner\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini -> [2011/04/13 08:31:58 | 000,031,232 | ---- | C] ()
 ativpsrm.bin -> C:\WINDOWS\ativpsrm.bin -> [2011/04/12 16:02:22 | 000,000,000 | ---- | C] ()
 RtNicProp32.dll -> C:\WINDOWS\System32\RtNicProp32.dll -> [2011/04/12 15:55:21 | 000,073,728 | ---- | C] ()
 ativva5x.dat -> C:\WINDOWS\System32\ativva5x.dat -> [2011/04/12 15:51:35 | 003,107,788 | ---- | C] ()
 ativva6x.dat -> C:\WINDOWS\System32\ativva6x.dat -> [2011/04/12 15:51:35 | 000,887,724 | ---- | C] ()
 atiicdxx.dat -> C:\WINDOWS\System32\atiicdxx.dat -> [2011/04/12 15:51:35 | 000,142,345 | R--- | C] ()
 bootstat.dat -> C:\WINDOWS\bootstat.dat -> [2011/04/12 15:43:44 | 000,002,048 | --S- | C] ()
 emptyregdb.dat -> C:\WINDOWS\System32\emptyregdb.dat -> [2011/04/12 15:38:14 | 000,021,640 | ---- | C] ()
 ODBCINST.INI -> C:\WINDOWS\ODBCINST.INI -> [2011/04/12 10:28:30 | 000,004,161 | ---- | C] ()
 FNTCACHE.DAT -> C:\WINDOWS\System32\FNTCACHE.DAT -> [2011/04/12 10:27:12 | 000,136,464 | ---- | C] ()
 oembios.bin -> C:\WINDOWS\System32\oembios.bin -> [2008/04/14 06:00:00 | 013,107,200 | ---- | C] ()
 mlang.dat -> C:\WINDOWS\System32\mlang.dat -> [2008/04/14 06:00:00 | 000,673,088 | ---- | C] ()
 perfh009.dat -> C:\WINDOWS\System32\perfh009.dat -> [2008/04/14 06:00:00 | 000,493,750 | ---- | C] ()
 perfi009.dat -> C:\WINDOWS\System32\perfi009.dat -> [2008/04/14 06:00:00 | 000,272,128 | ---- | C] ()
 dssec.dat -> C:\WINDOWS\System32\dssec.dat -> [2008/04/14 06:00:00 | 000,218,003 | ---- | C] ()
 perfc009.dat -> C:\WINDOWS\System32\perfc009.dat -> [2008/04/14 06:00:00 | 000,092,836 | ---- | C] ()
 mib.bin -> C:\WINDOWS\System32\mib.bin -> [2008/04/14 06:00:00 | 000,046,258 | ---- | C] ()
 perfd009.dat -> C:\WINDOWS\System32\perfd009.dat -> [2008/04/14 06:00:00 | 000,028,626 | ---- | C] ()
 secupd.dat -> C:\WINDOWS\System32\secupd.dat -> [2008/04/14 06:00:00 | 000,004,569 | ---- | C] ()
 oembios.dat -> C:\WINDOWS\System32\oembios.dat -> [2008/04/14 06:00:00 | 000,004,461 | ---- | C] ()
 Dcache.bin -> C:\WINDOWS\System32\Dcache.bin -> [2008/04/14 06:00:00 | 000,001,804 | ---- | C] ()
 noise.dat -> C:\WINDOWS\System32\noise.dat -> [2008/04/14 06:00:00 | 000,000,741 | ---- | C] ()
 iyvu9_32.dll -> C:\WINDOWS\System32\iyvu9_32.dll -> [1997/06/13 19:56:08 | 000,056,832 | ---- | C] ()
< End of report >


#4 SweetTech

SweetTech

    Agent ST


  • Members
  • 13,421 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Antarctica
  • Local time:03:46 PM

Posted 01 December 2011 - 08:18 PM

Good Evening!

Thank you very much for helping out on this fourum! :-), I really appreciate you and the other wonderful people like you that volunteer your free time, especially considering how many people come here with a sense of entitlement, and sometimes even resort to blatant insults (for shame!)

Thank you for the kind words. I along with the other members of the staff who volunteer their time truly appreciate users like yourself who are greatful for the help they receive. :)

I'm a bit concerned about the On-screen keyboard, it's getting VERY slow and unresponsive, and as I mentioned in the previous thread, the physical keyboard doesn't work.

Okay, that sounds like a real pain! I didn't look at your other thread, but I just looked at it.

Oh, and also, when I went to turn off my screensaver to make sure that OTS would not be interrupted,I figured out that the reason that I kept getting the dds log was that I had left it as the screensaver (silly me)
Also, if the log shos that avira's guards were down, that's because I had temporarily disabled them to run the scan, I'd also physically disconnected the DSL because that's something I always do whenever the guards are down

Okay, that's fine. Thanks for that information.

In your previous thread you mentioned that MBAM found something the first time you ran it. Just so I can see what was found as it could provide some insight into what's going on with the keyboard issue.

Would you mind posting that log file for me to review?

Malwarebytes' Anti-Malware

  • Open Malwarebytes' Anti-Malware
  • Select the Logs tab
  • Click on the latest log. The bottom most log is the latest
  • Click Open
  • Notepad will open. Please post this log in your next reply.


NEXT:




Running OTS Fix
Start OTS Copy/Paste the information inside the codebox below into the panel where it says "Paste fix here" and then click the Run Fix button.

[Kill All Processes]
[Unregister Dlls]
[Registry - Safe List]
< HOSTS File > ([2011/11/10 06:45:10 | 000,000,914 | ---- | M] - 27 lines) -> C:\WINDOWS\system32\drivers\etc\hosts
YN -> 	46.4.179.109	google.com -> 
YN -> 	46.4.179.109	yahoo.com -> 
YN -> 	46.4.179.109	bing.com -> 
YN -> 	46.4.179.109	facebook.com -> 
YN -> 	46.4.179.109	yahoo.com -> 
YN -> 	46.4.179.109	bing.com -> 
YN -> 	46.4.179.109	facebook.com -> 
< Downloaded Program Files > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\
YN -> {8AD9C840-044E-11D1-B3E9-00805F499D93} [HKLM] -> http://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab [Java Plug-in 1.6.0_29]
YN -> {CAFEEFAC-0016-0000-0029-ABCDEFFEDCBA} [HKLM] -> http://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab [Java Plug-in 1.6.0_29]
YN -> {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} [HKLM] -> http://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab [Java Plug-in 1.6.0_29]
< Standard Profile Authorized Applications List > -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List
YN -> "C:\Program Files\Electronic Arts\EADM\Core.exe" -> [C:\Program Files\Electronic Arts\EADM\Core.exe:*:Enabled:EA Download Manager]
YN -> "C:\Program Files\Microsoft Games\Zoo Tycoon 2 Trial Version\zt2demoretail.exe" -> [C:\Program Files\Microsoft Games\Zoo Tycoon 2 Trial Version\zt2demoretail.exe:*:Enabled:Zoo Tycoon 2 Demo Executable]
[Files/Folders - Created Within 30 Days]
NY ->  JRgXjCkBzNx1 -> C:\Documents and Settings\Owner\Application Data\JRgXjCkBzNx1
NY ->  SwUeOx0c1b3n4Q6 -> C:\Documents and Settings\Owner\Application Data\SwUeOx0c1b3n4Q6
NY ->  wJfLgZjCkVzNx0v -> C:\Documents and Settings\Owner\Application Data\wJfLgZjCkVzNx0v
NY ->  pwIrOtAuSiFpGaJ -> C:\Documents and Settings\Owner\Application Data\pwIrOtAuSiFpGaJ
NY ->  AV Security 2012 -> C:\Documents and Settings\Owner\Start Menu\Programs\AV Security 2012
NY ->  WsWJ7dELTqYwIrO -> C:\Documents and Settings\Owner\Application Data\WsWJ7dELTqYwIrO
NY ->  g6dWKjUCByuoFpH -> C:\Documents and Settings\Owner\Application Data\g6dWKjUCByuoFpH
NY ->  TlBx01b3n4Q6W7R -> C:\Documents and Settings\Owner\Application Data\TlBx01b3n4Q6W7R
[Purity]
[EmptyFlash]
[ResetHosts]
[CreateRestorePoint]

The fix should only take a very short time. When the fix is completed a message box will popup either telling you that it is finished, or that a reboot is needed to complete the fix. If the fix is complete, click the Ok button and Notepad will open with a log of actions taken during the fix. Post that log back here in your next reply.

If a reboot is required, click the "Yes" button to reboot the machine. After the reboot, OTS will finish moving any files that could not be moved during the fix and NotePad will open with the final results at that time. Post that log back here in your next reply.


NEXT:



Running ComboFix

Download ComboFix from one of the following locations:
Link 1
Link 2

VERY IMPORTANT !!! Save ComboFix.exe to your Desktop
* IMPORTANT - Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon.
They may otherwise interfere with our tools. If you have difficulty properly disabling your protective programs, refer to this link here

  • Double click on ComboFix.exe & follow the prompts.
  • Accept the disclaimer and allow to update if it asks
    Posted Image
    Posted Image
  • When finished, it shall produce a log for you.
  • Please include the C:\ComboFix.txt in your next reply.

Notes:
1. Do not mouse-click Combofix's window while it is running. That may cause it to stall.
2. Do not "re-run" Combofix. If you have a problem, reply back for further instructions.


Please make sure you include the ComboFix log in your next reply as well as describe how your computer is running now

Have I helped you? If you'd like to assist in the fight against malware, click here Posted Image


The instructions seen in this post have been specifically tailored to this user and the issues they are experiencing with their computer. If you think you have a similar problem, please first read this topic, and then begin your own, new thread. I do not offer private support via Private Message.


#5 Jdaniel314

Jdaniel314
  • Topic Starter

  • Members
  • 108 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:01:46 PM

Posted 02 December 2011 - 12:10 AM

SweetTech
"In your previous thread you mentioned that MBAM found something the first time you ran it. Just so I can see what was found as it could provide some insight into what's going on with the keyboard issue."

Um, sorry I'm afraid I cannot do that, because as I've stated at the top of my first post in this thread,
Malwarebytes won't open at all. :whistle:
The best I can do is to give you the scanner and detection events from Avira's virus scans and active guard results, but those do go back to the ninth of November. (The files that Avira's activeguard blocked at that time
are dated 11/13/2011 1:39 PM)

Also, I would like some confirmation before continuing, in case this changes anything..
Sorry if this causes any inconvenience, but I'd rather be safe than sorry.

Exported events:

11/28/2011 3:50 PM [System Scanner] Malware found
The file 'C:\Documents and Settings\Owner\My Documents\Installation.exe'
contained a virus or unwanted program 'TR/Crypt.CFI.Gen' [trojan]
Action(s) taken:
The file was moved to the quarantine directory under the name '4dfda3b3.qua'.

11/28/2011 3:49 PM [Realtime Protection] Malware found
Virus or unwanted program 'TR/Crypt.CFI.Gen [trojan]'
detected in file 'C:\Documents and Settings\Owner\My Documents\Installation.exe.
Action performed: Deny access

11/28/2011 3:49 PM [Realtime Protection] Malware found
Virus or unwanted program 'TR/Crypt.CFI.Gen [trojan]'
detected in file 'C:\Documents and Settings\Owner\My Documents\Installation.exe.
Action performed: Deny access

11/28/2011 3:49 PM [Realtime Protection] Malware found
Virus or unwanted program 'TR/Crypt.CFI.Gen [trojan]'
detected in file 'C:\Documents and Settings\Owner\My Documents\Installation.exe.
Action performed: Deny access

11/28/2011 2:36 PM [System Scanner] Malware found
The file 'C:\Documents and Settings\Owner\My Documents\Installation.exe'
contained a virus or unwanted program 'TR/Crypt.CFI.Gen' [trojan]
Action(s) taken:
The file was moved to the quarantine directory under the name '4dfc5073.qua'.

11/28/2011 2:36 PM [Realtime Protection] Malware found
Virus or unwanted program 'TR/Crypt.CFI.Gen [trojan]'
detected in file 'C:\Documents and Settings\Owner\My Documents\Installation.exe.
Action performed: Deny access

11/28/2011 2:36 PM [Realtime Protection] Malware found
Virus or unwanted program 'TR/Crypt.CFI.Gen [trojan]'
detected in file 'C:\Documents and Settings\Owner\My Documents\Installation.exe.
Action performed: Deny access

11/28/2011 2:35 PM [Realtime Protection] Malware found
Virus or unwanted program 'TR/Crypt.CFI.Gen [trojan]'
detected in file 'C:\Documents and Settings\Owner\My Documents\Installation.exe.
Action performed: Transfer to Scanner

11/28/2011 2:02 PM [System Scanner] Malware found
The file 'C:\Documents and Settings\Owner\Application
Data\Sun\Java\Deployment\cache\6.0\35\1e485223-20501651'
contained a virus or unwanted program 'EXP/CVE-2010-0840.FH' [exploit]
Action(s) taken:
The file was moved to the quarantine directory under the name '4d584d00.qua'.

11/15/2011 11:37 PM [System Scanner] Malware found
The file 'C:\Documents and Settings\Owner\Local Settings\Temporary Internet
Files\Content.IE5\QKMXQNVE\ai8r643[1].htm'
contained a virus or unwanted program 'JS/Dldr.DarDuk.B' [virus]
Action(s) taken:
The file was moved to the quarantine directory under the name '4c55edb6.qua'.

11/15/2011 11:37 PM [System Scanner] Malware found
The file 'C:\Documents and Settings\Owner\Local Settings\Temporary Internet
Files\Content.IE5\RQ7YCZDI\field[1].swf'
contained a virus or unwanted program 'SWF/Wilde.A' [virus]
Action(s) taken:
The file was moved to the quarantine directory under the name '4d86edb7.qua'.

11/15/2011 11:36 PM [Realtime Protection] Malware found
Virus or unwanted program 'SWF/Wilde.A [virus]'
detected in file 'C:\Documents and Settings\Owner\Local Settings\Temporary
Internet Files\Content.IE5\RQ7YCZDI\field[1].swf.
Action performed: Deny access

11/15/2011 11:35 PM [Realtime Protection] Malware found
Virus or unwanted program 'JS/Dldr.DarDuk.B [virus]'
detected in file 'C:\Documents and Settings\Owner\Local Settings\Temporary
Internet Files\Content.IE5\QKMXQNVE\ai8r643[1].htm.
Action performed: Deny access

11/13/2011 1:43 PM [System Scanner] Malware found
The file 'C:\System Volume
Information\_restore{7A1C0466-D9A2-4937-827F-70CC86B6D564}\RP232\A0043982.exe'
contained a virus or unwanted program 'TR/Fake.Scanti.587' [trojan]
Action(s) taken:
The file was moved to the quarantine directory under the name '47dfd9ba.qua'.

11/13/2011 1:43 PM [System Scanner] Malware found
The file 'C:\System Volume
Information\_restore{7A1C0466-D9A2-4937-827F-70CC86B6D564}\RP232\A0042946.sys'
contained a virus or unwanted program 'TR/Rootkit.Gen2' [trojan]
Action(s) taken:
The file was moved to the quarantine directory under the name '253ea88b.qua'.

11/13/2011 1:43 PM [System Scanner] Malware found
The file 'C:\System Volume
Information\_restore{7A1C0466-D9A2-4937-827F-70CC86B6D564}\RP232\A0041946.sys'
contained a virus or unwanted program 'TR/Rootkit.Gen2' [trojan]
Action(s) taken:
The file was moved to the quarantine directory under the name '60ba85b4.qua'.

11/13/2011 1:43 PM [System Scanner] Malware found
The file 'C:\System Volume
Information\_restore{7A1C0466-D9A2-4937-827F-70CC86B6D564}\RP232\A0042951.sys'
contained a virus or unwanted program 'TR/Rootkit.Gen2' [trojan]
Action(s) taken:
The file was moved to the quarantine directory under the name '5a259aea.qua'.

11/13/2011 1:43 PM [System Scanner] Malware found
The file 'C:\System Volume
Information\_restore{7A1C0466-D9A2-4937-827F-70CC86B6D564}\RP232\A0043980.sys'
contained a virus or unwanted program 'TR/Rootkit.Gen2' [trojan]
Action(s) taken:
The file was moved to the quarantine directory under the name '6a85f6f0.qua'.

11/13/2011 1:43 PM [System Scanner] Malware found
The file 'C:\System Volume
Information\_restore{7A1C0466-D9A2-4937-827F-70CC86B6D564}\RP232\A0042977.sys'
contained a virus or unwanted program 'TR/Rootkit.Gen2' [trojan]
Action(s) taken:
The file was moved to the quarantine directory under the name '169db6a0.qua'.

11/13/2011 1:43 PM [System Scanner] Malware found
The file 'C:\System Volume
Information\_restore{7A1C0466-D9A2-4937-827F-70CC86B6D564}\RP232\A0039728.sys'
contained a virus or unwanted program 'TR/Rootkit.Gen2' [trojan]
Action(s) taken:
The file was moved to the quarantine directory under the name '4c45bf3a.qua'.

11/13/2011 1:43 PM [System Scanner] Malware found
The file 'C:\System Volume
Information\_restore{7A1C0466-D9A2-4937-827F-70CC86B6D564}\RP232\A0040728.sys'
contained a virus or unwanted program 'TR/Rootkit.Gen2' [trojan]
Action(s) taken:
The file was moved to the quarantine directory under the name '54d2909e.qua'.

11/13/2011 1:43 PM [System Scanner] Malware found
The file 'C:\System Volume
Information\_restore{7A1C0466-D9A2-4937-827F-70CC86B6D564}\RP231\A0039715.sys'
contained a virus or unwanted program 'TR/Rootkit.Gen2' [trojan]
Action(s) taken:
The file was moved to the quarantine directory under the name '54fbd8bf.qua'.

11/13/2011 1:43 PM [System Scanner] Malware found
The file 'C:\System Volume
Information\_restore{7A1C0466-D9A2-4937-827F-70CC86B6D564}\RP232\A0041728.sys'
contained a virus or unwanted program 'TR/Rootkit.Gen2' [trojan]
Action(s) taken:
The file was moved to the quarantine directory under the name '068dca76.qua'.

11/13/2011 1:40 PM [Realtime Protection] Malware found
Virus or unwanted program 'TR/Rootkit.Gen2 [trojan]'
detected in file 'C:\System Volume
Information\_restore{7A1C0466-D9A2-4937-827F-70CC86B6D564}\RP232\A0042977.sys.
Action performed: Deny access

11/13/2011 1:40 PM [Realtime Protection] Malware found
Virus or unwanted program 'TR/Fake.Scanti.587 [trojan]'
detected in file 'C:\System Volume
Information\_restore{7A1C0466-D9A2-4937-827F-70CC86B6D564}\RP232\A0043982.exe.
Action performed: Deny access

11/13/2011 1:40 PM [Realtime Protection] Malware found
Virus or unwanted program 'TR/Rootkit.Gen2 [trojan]'
detected in file 'C:\System Volume
Information\_restore{7A1C0466-D9A2-4937-827F-70CC86B6D564}\RP232\A0043980.sys.
Action performed: Deny access

11/13/2011 1:40 PM [Realtime Protection] Malware found
Virus or unwanted program 'TR/Rootkit.Gen2 [trojan]'
detected in file 'C:\System Volume
Information\_restore{7A1C0466-D9A2-4937-827F-70CC86B6D564}\RP232\A0042951.sys.
Action performed: Deny access

11/13/2011 1:40 PM [Realtime Protection] Malware found
Virus or unwanted program 'TR/Rootkit.Gen2 [trojan]'
detected in file 'C:\System Volume
Information\_restore{7A1C0466-D9A2-4937-827F-70CC86B6D564}\RP232\A0042946.sys.
Action performed: Deny access

11/13/2011 1:40 PM [Realtime Protection] Malware found
Virus or unwanted program 'TR/Rootkit.Gen2 [trojan]'
detected in file 'C:\System Volume
Information\_restore{7A1C0466-D9A2-4937-827F-70CC86B6D564}\RP232\A0041946.sys.
Action performed: Deny access

11/13/2011 1:40 PM [Realtime Protection] Malware found
Virus or unwanted program 'TR/Rootkit.Gen2 [trojan]'
detected in file 'C:\System Volume
Information\_restore{7A1C0466-D9A2-4937-827F-70CC86B6D564}\RP232\A0041728.sys.
Action performed: Deny access

11/13/2011 1:40 PM [Realtime Protection] Malware found
Virus or unwanted program 'TR/Rootkit.Gen2 [trojan]'
detected in file 'C:\System Volume
Information\_restore{7A1C0466-D9A2-4937-827F-70CC86B6D564}\RP232\A0040728.sys.
Action performed: Deny access

11/13/2011 1:40 PM [Realtime Protection] Malware found
Virus or unwanted program 'TR/Rootkit.Gen2 [trojan]'
detected in file 'C:\System Volume
Information\_restore{7A1C0466-D9A2-4937-827F-70CC86B6D564}\RP232\A0039728.sys.
Action performed: Deny access

11/13/2011 1:39 PM [Realtime Protection] Malware found
Virus or unwanted program 'TR/Rootkit.Gen2 [trojan]'
detected in file 'C:\System Volume
Information\_restore{7A1C0466-D9A2-4937-827F-70CC86B6D564}\RP231\A0039715.sys.
Action performed: Deny access

11/13/2011 12:57 AM [System Scanner] Malware found
The file 'C:\System Volume
Information\_restore{7A1C0466-D9A2-4937-827F-70CC86B6D564}\RP231\A0038715.sys'
contained a virus or unwanted program 'TR/Rootkit.Gen2' [trojan]
Action(s) taken:
The file was moved to the quarantine directory under the name '4c5acbbb.qua'.

11/13/2011 12:54 AM [Realtime Protection] Malware found
Virus or unwanted program 'TR/Rootkit.Gen2 [trojan]'
detected in file 'C:\System Volume
Information\_restore{7A1C0466-D9A2-4937-827F-70CC86B6D564}\RP231\A0038715.sys.
Action performed: Deny access

11/12/2011 11:55 PM [System Scanner] Malware found
The file 'C:\System Volume
Information\_restore{7A1C0466-D9A2-4937-827F-70CC86B6D564}\RP231\A0037715.sys'
contained a virus or unwanted program 'TR/Rootkit.Gen2' [trojan]
Action(s) taken:
The file was moved to the quarantine directory under the name '4c2dfadc.qua'.

11/12/2011 11:20 PM [Realtime Protection] Malware found
Virus or unwanted program 'TR/Rootkit.Gen2 [trojan]'
detected in file 'C:\System Volume
Information\_restore{7A1C0466-D9A2-4937-827F-70CC86B6D564}\RP231\A0037715.sys.
Action performed: Deny access

11/12/2011 11:05 PM [Realtime Protection] Malware found
Virus or unwanted program 'TR/Rootkit.Gen2 [trojan]'
detected in file 'C:\System Volume
Information\_restore{7A1C0466-D9A2-4937-827F-70CC86B6D564}\RP231\A0037715.sys.
Action performed: Deny access

11/12/2011 9:59 PM [System Scanner] Malware found
The file 'C:\System Volume
Information\_restore{7A1C0466-D9A2-4937-827F-70CC86B6D564}\RP230\A0036702.sys'
contained a virus or unwanted program 'TR/Rootkit.Gen2' [trojan]
Action(s) taken:
The file was moved to the quarantine directory under the name '4c2de18d.qua'.

11/12/2011 9:28 PM [Realtime Protection] Malware found
Virus or unwanted program 'TR/Rootkit.Gen2 [trojan]'
detected in file 'C:\System Volume
Information\_restore{7A1C0466-D9A2-4937-827F-70CC86B6D564}\RP230\A0036702.sys.
Action performed: Deny access

11/11/2011 11:16 PM [System Scanner] Malware found
The file 'C:\System Volume
Information\_restore{7A1C0466-D9A2-4937-827F-70CC86B6D564}\RP230\A0035702.sys'
contained a virus or unwanted program 'TR/Rootkit.Gen2' [trojan]
Action(s) taken:
The file was moved to the quarantine directory under the name '4c2ba078.qua'.

11/11/2011 11:13 PM [Realtime Protection] Malware found
Virus or unwanted program 'TR/Rootkit.Gen2 [trojan]'
detected in file 'C:\System Volume
Information\_restore{7A1C0466-D9A2-4937-827F-70CC86B6D564}\RP230\A0035702.sys.
Action performed: Deny access

11/11/2011 8:50 PM [Realtime Protection] Malware found
Virus or unwanted program 'TR/Rootkit.Gen2 [trojan]'
detected in file 'C:\System Volume
Information\_restore{7A1C0466-D9A2-4937-827F-70CC86B6D564}\RP230\A0035702.sys.
Action performed: Deny access

11/11/2011 7:56 PM [System Scanner] Malware found
The file 'C:\System Volume
Information\_restore{7A1C0466-D9A2-4937-827F-70CC86B6D564}\RP230\A0034702.sys'
contained a virus or unwanted program 'TR/Rootkit.Gen2' [trojan]
Action(s) taken:
The file was moved to the quarantine directory under the name '4c2873bb.qua'.

11/11/2011 7:50 PM [Realtime Protection] Malware found
Virus or unwanted program 'TR/Rootkit.Gen2 [trojan]'
detected in file 'C:\System Volume
Information\_restore{7A1C0466-D9A2-4937-827F-70CC86B6D564}\RP230\A0034702.sys.
Action performed: Deny access

11/11/2011 3:12 PM [Realtime Protection] Malware found
Virus or unwanted program 'TR/Offend.kdv.400458.1 [trojan]'
detected in file 'C:\Documents and Settings\Owner\Application
Data\Sun\Java\Deployment\cache\6.0\2\771e83c2-348ba802.
Action performed: Deny access

11/11/2011 3:12 PM [Realtime Protection] Malware found
Virus or unwanted program 'TR/Offend.kdv.400458.1 [trojan]'
detected in file 'C:\Documents and Settings\Owner\Application
Data\Sun\Java\Deployment\cache\6.0\2\771e83c2-348ba802.
Action performed: Deny access

11/11/2011 3:02 PM [System Scanner] Malware found
The file 'C:\WINDOWS\system32\drivers\i8042prt.sys'
contained a virus or unwanted program 'TR/Rootkit.Gen2' [trojan]
Action(s) taken:
The file was moved to the quarantine directory under the name '4c282c96.qua'.
The registration entry
<HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\i8042prt\ImagePath> could
not be repaired.
For the final repair, a restart of the computer is instigated.
The registration entry
<HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\i8042prt\ImagePath> could not
be repaired.
For the final repair, a restart of the computer is instigated.

11/11/2011 3:01 PM [Realtime Protection] Malware found
Virus or unwanted program 'TR/Rootkit.Gen2 [trojan]'
detected in file 'C:\WINDOWS\system32\drivers\i8042prt.sys.
Action performed: Deny access

11/9/2011 6:50 AM [System Scanner] Malware found
The file 'C:\Documents and Settings\Owner\Application
Data\Sun\Java\Deployment\cache\6.0\51\43023c73-7c395ae9'
contained a virus or unwanted program 'EXP/CVE-2010-4452.BG' [exploit]
Action(s) taken:
The file was moved to the quarantine directory under the name '4d80d312.qua'.

11/9/2011 6:50 AM [System Scanner] Malware found
The file 'C:\Documents and Settings\Owner\Application
Data\Sun\Java\Deployment\cache\6.0\51\43023c73-2efc6f03'
contained a virus or unwanted program 'EXP/CVE-2010-4452.BG' [exploit]
Action(s) taken:
The file was moved to the quarantine directory under the name '5517fcb5.qua'.

#6 SweetTech

SweetTech

    Agent ST


  • Members
  • 13,421 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Antarctica
  • Local time:03:46 PM

Posted 02 December 2011 - 02:38 AM

Hi!

Um, sorry I'm afraid I cannot do that, because as I've stated at the top of my first post in this thread,
Malwarebytes won't open at all.

Sorry about that. I tend to speed read through the first post in a users thread before I pick it up, and try to go back to read it completely once I've picked it up, unfortunately, your thread was one where I didn't get a chance to read it completely. I have gone ahead and done so now.

We should be able to access the MalwareBytes Anti-Malware log file manually. It's saved in a folder.

You should be able to grab it from here: C:\Documents and Settings\All Users\Application Data\Malwarebytes\Malwarebytes' Anti-Malware\Logs

That log file you posted for me is showing me a mixture of infected files and some that are in system restore and which will be removed at the end of our time together when we clean-up our tools.

Have I helped you? If you'd like to assist in the fight against malware, click here Posted Image


The instructions seen in this post have been specifically tailored to this user and the issues they are experiencing with their computer. If you think you have a similar problem, please first read this topic, and then begin your own, new thread. I do not offer private support via Private Message.


#7 Jdaniel314

Jdaniel314
  • Topic Starter

  • Members
  • 108 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:01:46 PM

Posted 02 December 2011 - 03:53 PM

Well, I think OST is stuck, it's been repairing the same registry file for an hour, should I cancel and retry in safe mode, or keep waiting?
(The file is 46.4.179.109 Google.com)

EDIT:
After OTS spent 6+ hours on the same fle, I decided to cancel the repair, I hope that wasn't a big mistake.
Should I try again in safe mode, or do something else?

Here are the only two Malwarebyes logs that found malware.

Malwarebytes' Anti-Malware 1.51.2.1300
www.malwarebytes.org

Database version: 8142

Windows 5.1.2600 Service Pack 3 (Safe Mode)
Internet Explorer 8.0.6001.18702

11/11/2011 5:44:45 PM
mbam-log-2011-11-11 (17-44-45).txt

Scan type: Full scan (C:\|)
Objects scanned: 284267
Time elapsed: 2 hour(s), 20 minute(s), 44 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 6

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
c:\documents and settings\Owner\application data\Sun\Java\deployment\cache\6.0\2\771e83c2-348ba802 (Trojan.FakeMS1) -> Quarantined and deleted successfully.
c:\documents and settings\Owner\local settings\temporary internet files\Content.IE5\HM9RDBWO\file[1].exe (Trojan.FakeMS1) -> Quarantined and deleted successfully.
c:\documents and settings\Owner\local settings\temporary internet files\Content.IE5\PHUSYHOP\file[1].exe (Trojan.FakeMS1) -> Quarantined and deleted successfully.
c:\WINDOWS\system32\av security 2012v121.exe (Trojan.FakeMS1) -> Quarantined and deleted successfully.
c:\documents and settings\Owner\application data\ldr.ini (Malware.Trace) -> Quarantined and deleted successfully.
c:\documents and settings\Owner\Desktop\av security 2012.lnk (Rogue.AVSecurity2012) -> Quarantined and deleted successfully.


Malwarebytes' Anti-Malware 1.51.2.1300
www.malwarebytes.org

Database version: 8153

Windows 5.1.2600 Service Pack 3
Internet Explorer 8.0.6001.18702

11/13/2011 2:19:42 PM
mbam-log-2011-11-13 (14-19-42).txt

Scan type: Full scan (C:\|)
Objects scanned: 269871
Time elapsed: 2 hour(s), 21 minute(s), 9 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 2

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
c:\system volume information\_restore{7a1c0466-d9a2-4937-827f-70cc86b6d564}\RP232\A0043982.exe (Trojan.FakeMS1) -> Quarantined and deleted successfully.
c:\documents and settings\Owner\application data\ldr.ini (Malware.Trace) -> Quarantined and deleted successfully.

Edited by Jdaniel314, 02 December 2011 - 11:34 PM.


#8 SweetTech

SweetTech

    Agent ST


  • Members
  • 13,421 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Antarctica
  • Local time:03:46 PM

Posted 03 December 2011 - 02:48 AM

Good Evening!

It does sound like OTS did get stuck, that was fine that you cancelled the fix.

Thanks for posting those MalwareBytes' Anti-Malware logs for me.

Please go ahead and try running ComboFix and see if that will run for you.

Have I helped you? If you'd like to assist in the fight against malware, click here Posted Image


The instructions seen in this post have been specifically tailored to this user and the issues they are experiencing with their computer. If you think you have a similar problem, please first read this topic, and then begin your own, new thread. I do not offer private support via Private Message.


#9 Jdaniel314

Jdaniel314
  • Topic Starter

  • Members
  • 108 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:01:46 PM

Posted 03 December 2011 - 02:38 PM

I thought I had all the shields down, but avira popped up anyway when combofix started. :blink:
(Thank God for the "trusted program" option.)

Well, after combofixed finished running, malwarebytes still doesn't work, and niether does the keyboard, but the computer itself seems to be running much better, exept that it now deosn't have an internet connection, either.
When combofix was running, it said it found the Rootkit Zeroaccess in the Ip file, and to restart the computer after combofix had completed virus removal process, so I did, and it still didn't work.
combofix advised me to run it again if the restart didn't fix the internet connection, but as this is something you specifically instructed me not to do, I will not run it unless you say to.

Tried pinging my router in command prompt, and recieved the error "error destination host unreachable".
So, per the directions for my router, I typed the command ipconfig/release enter,
then the command ipconfig/renew.
Then I got this error message:
"An error occured while renewing interface local area connection: The requested service provider could not be loaded or initialized."

I've used a flash drive to move the log and post it from the oother computer, here it is:

ComboFix 11-12-03.01 - Owner 12/03/2011 11:36:44.1.1 - x86
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.1022.631 [GMT -6:00]
Running from: c:\documents and settings\Owner\Desktop\ComboFix.exe
AV: Avira Desktop *Disabled/Updated* {C19476D9-52BC-4E93-8AF3-CCF59F7AE8FE}
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\documents and settings\All Users\SPL126.tmp
c:\documents and settings\Owner\Start Menu\Programs\AV Security 2012
c:\documents and settings\Owner\Start Menu\Programs\AV Security 2012\AV Security 2012.lnk
c:\windows\$NtUninstallKB34755$
c:\windows\$NtUninstallKB34755$\1954564807
c:\windows\$NtUninstallKB34755$\3940379934\@
c:\windows\$NtUninstallKB34755$\3940379934\bckfg.tmp
c:\windows\$NtUninstallKB34755$\3940379934\cfg.ini
c:\windows\$NtUninstallKB34755$\3940379934\Desktop.ini
c:\windows\$NtUninstallKB34755$\3940379934\keywords
c:\windows\$NtUninstallKB34755$\3940379934\kwrd.dll
c:\windows\$NtUninstallKB34755$\3940379934\L\arxnoznw
c:\windows\$NtUninstallKB34755$\3940379934\U\00000001.@
c:\windows\$NtUninstallKB34755$\3940379934\U\00000002.@
c:\windows\$NtUninstallKB34755$\3940379934\U\00000004.@
c:\windows\$NtUninstallKB34755$\3940379934\U\80000000.@
c:\windows\$NtUninstallKB34755$\3940379934\U\80000004.@
c:\windows\$NtUninstallKB34755$\3940379934\U\80000032.@
c:\windows\system32\twain.dll
.
.
((((((((((((((((((((((((( Files Created from 2011-11-03 to 2011-12-03 )))))))))))))))))))))))))))))))
.
.
2011-12-02 19:27 . 2011-12-02 19:27 -------- d-----w- C:\_OTS
2011-11-30 17:50 . 2008-04-14 12:00 26624 ----a-w- c:\documents and settings\LocalService\Application Data\Microsoft\UPnP Device Host\upnphost\udhisapi.dll
2011-11-29 03:48 . 2011-11-29 03:51 -------- d-----w- c:\program files\Free Window Registry Repair
2011-11-29 02:20 . 2008-04-14 04:04 52224 -c--a-w- c:\windows\system32\dllcache\atinraxx.sys
2011-11-29 02:19 . 2001-08-17 20:07 101888 -c--a-w- c:\windows\system32\dllcache\adpu160m.sys
2011-11-28 23:32 . 2011-11-29 00:45 -------- d-----w- c:\documents and settings\LocalService\Local Settings\Application Data\Adobe
2011-11-28 21:41 . 2011-11-28 21:41 -------- d-----w- c:\program files\Windows Media Connect 2
2011-11-28 21:39 . 2011-11-28 21:40 -------- d-----w- c:\windows\system32\drivers\UMDF
2011-11-28 21:39 . 2011-11-28 21:39 -------- d-----w- c:\windows\system32\LogFiles
2011-11-28 20:38 . 2011-11-28 20:52 -------- d-----w- c:\program files\Needed-Files-Downloader
2011-11-28 17:27 . 2011-11-28 17:27 -------- d-----w- c:\windows\system32\wbem\Repository
2011-11-28 04:19 . 2011-11-28 17:27 -------- d-----w- c:\program files\Audacity
2011-11-23 03:48 . 2011-11-28 17:37 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2011-11-23 03:36 . 2011-11-23 03:36 -------- d-----w- c:\documents and settings\All Users\Application Data\Individual Software
2011-11-23 03:36 . 2011-11-23 03:48 -------- d-----w- c:\program files\Total 3D
2011-11-21 13:33 . 2011-11-23 03:48 -------- d-----w- c:\program files\321cba
2011-11-21 04:53 . 2011-11-21 04:53 -------- d-----w- c:\documents and settings\Owner\Application Data\SUPERAntiSpyware.com
2011-11-21 04:52 . 2011-11-28 23:47 -------- d-----w- c:\program files\SUPERAntiSpyware
2011-11-21 04:52 . 2011-11-21 04:52 -------- d-----w- c:\documents and settings\All Users\Application Data\SUPERAntiSpyware.com
2011-11-14 02:46 . 2011-11-14 04:32 -------- d-----w- c:\documents and settings\Owner\Application Data\Petroglyph
2011-11-13 23:21 . 2011-11-13 23:21 -------- d-----w- c:\documents and settings\Owner\Application Data\InstallShield
2011-11-13 23:20 . 2011-11-13 23:20 -------- d-----w- c:\documents and settings\All Users\Application Data\Apple Computer
2011-11-13 23:20 . 2011-11-13 23:20 -------- d-----w- c:\documents and settings\Owner\Local Settings\Application Data\Apple
2011-11-13 23:20 . 2011-11-13 23:20 -------- d-----w- c:\documents and settings\All Users\Application Data\Apple
2011-11-13 23:20 . 2011-11-13 23:20 -------- d-----w- c:\program files\CONEXANT
2011-11-13 07:18 . 2011-11-14 04:18 -------- d-----w- c:\program files\LucasArts
2011-11-13 02:56 . 2011-11-13 06:19 -------- d-----w- c:\documents and settings\Owner\Application Data\Apple Computer
2011-11-13 02:51 . 2011-11-13 02:51 159744 ----a-w- c:\program files\Internet Explorer\Plugins\npqtplugin7.dll
2011-11-13 02:51 . 2011-11-13 02:51 159744 ----a-w- c:\program files\Internet Explorer\Plugins\npqtplugin6.dll
2011-11-13 02:51 . 2011-11-13 02:51 159744 ----a-w- c:\program files\Internet Explorer\Plugins\npqtplugin5.dll
2011-11-13 02:51 . 2011-11-13 02:51 159744 ----a-w- c:\program files\Internet Explorer\Plugins\npqtplugin4.dll
2011-11-13 02:51 . 2011-11-13 02:51 159744 ----a-w- c:\program files\Internet Explorer\Plugins\npqtplugin3.dll
2011-11-13 02:51 . 2011-11-13 02:51 159744 ----a-w- c:\program files\Internet Explorer\Plugins\npqtplugin2.dll
2011-11-13 02:51 . 2011-11-13 02:51 159744 ----a-w- c:\program files\Internet Explorer\Plugins\npqtplugin.dll
2011-11-13 02:50 . 2011-11-13 23:19 -------- d-----w- c:\program files\QuickTime
2011-11-13 02:50 . 2011-11-13 02:50 -------- d-----w- c:\program files\Common Files\Apple
2011-11-13 02:49 . 2011-11-13 23:19 -------- d-----w- c:\program files\Apple Software Update
2011-11-13 02:49 . 2011-11-13 02:49 -------- d-----w- c:\documents and settings\Owner\Local Settings\Application Data\Apple Computer
2011-11-12 04:02 . 2011-11-13 23:20 -------- d-----w- c:\program files\Common Files\Java
2011-11-10 12:45 . 2011-11-10 12:45 -------- d-----w- c:\documents and settings\Owner\Application Data\JRgXjCkBzNx1
2011-11-10 12:45 . 2011-11-10 12:45 -------- d-----w- c:\documents and settings\Owner\Application Data\SwUeOx0c1b3n4Q6
2011-11-09 23:52 . 2011-11-09 23:52 -------- d-----w- c:\documents and settings\Administrator\Application Data\Avira
2011-11-09 22:34 . 2011-11-09 22:34 -------- d-----w- c:\documents and settings\Owner\Application Data\wJfLgZjCkVzNx0v
2011-11-09 22:34 . 2011-11-09 22:34 -------- d-----w- c:\documents and settings\Owner\Application Data\pwIrOtAuSiFpGaJ
2011-11-09 22:31 . 2011-11-09 22:31 -------- d-----w- c:\documents and settings\Owner\Application Data\WsWJ7dELTqYwIrO
2011-11-09 22:31 . 2011-11-09 22:31 -------- d-----w- c:\documents and settings\Owner\Application Data\g6dWKjUCByuoFpH
2011-11-09 22:31 . 2011-11-09 22:31 -------- d-----w- c:\documents and settings\Owner\Application Data\TlBx01b3n4Q6W7R
2011-11-09 03:27 . 2011-11-09 03:27 -------- d-----w- c:\program files\Paint.NET
2011-11-09 03:27 . 2011-11-09 03:27 -------- d-----w- c:\documents and settings\Owner\Local Settings\Application Data\Paint.NET
2011-11-04 23:13 . 2011-11-11 20:09 -------- d-----w- c:\program files\Wild Creatures Demo
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-10-24 20:29 . 2011-10-24 20:29 94208 ----a-w- c:\windows\system32\QuickTimeVR.qtx
2011-10-24 20:29 . 2011-10-24 20:29 69632 ----a-w- c:\windows\system32\QuickTime.qts
2011-10-19 03:48 . 2011-05-19 13:15 414368 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2011-10-11 20:00 . 2011-10-20 12:18 74640 ----a-w- c:\windows\system32\drivers\avgntflt.sys
2011-10-11 20:00 . 2011-10-20 12:18 36000 ----a-w- c:\windows\system32\drivers\avkmgr.sys
2011-10-11 20:00 . 2011-10-20 12:18 134344 ----a-w- c:\windows\system32\drivers\avipbb.sys
2011-10-10 14:22 . 2011-04-12 21:38 692736 ----a-w- c:\windows\system32\inetcomm.dll
2011-10-07 23:05 . 2011-10-07 23:05 323624 ----a-w- c:\windows\system32\wiaaut.dll
2011-10-04 14:33 . 2011-10-04 14:33 18944 ----a-r- c:\documents and settings\Owner\Application Data\Microsoft\Installer\{297DCADA-86A1-4A42-8A13-66B7D7A09FD2}\IconBB6A16301.exe
2011-10-03 11:06 . 2011-04-12 22:28 472808 ----a-w- c:\windows\system32\deployJava1.dll
2011-10-03 08:37 . 2011-04-12 22:28 73728 ----a-w- c:\windows\system32\javacpl.cpl
2011-09-28 07:06 . 2008-04-14 12:00 599040 ----a-w- c:\windows\system32\crypt32.dll
2011-09-26 16:41 . 2008-07-30 00:59 611328 ----a-w- c:\windows\system32\uiautomationcore.dll
2011-09-26 16:41 . 2008-04-14 12:00 220160 ----a-w- c:\windows\system32\oleacc.dll
2011-09-26 16:41 . 2008-04-14 12:00 20480 ----a-w- c:\windows\system32\oleaccrc.dll
2011-09-06 13:20 . 2008-04-14 12:00 1858944 ----a-w- c:\windows\system32\win32k.sys
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
"{00000000-6E41-4FD3-8538-502F5495E5FC}"= "c:\program files\Ask.com\GenericAskToolbar.dll" [2011-08-24 1515688]
.
[HKEY_CLASSES_ROOT\clsid\{00000000-6e41-4fd3-8538-502f5495e5fc}]
.
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{D4027C7F-154A-4066-A1AD-4243D8127440}]
2011-08-24 02:20 1515688 ----a-w- c:\program files\Ask.com\GenericAskToolbar.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{D4027C7F-154A-4066-A1AD-4243D8127440}"= "c:\program files\Ask.com\GenericAskToolbar.dll" [2011-08-24 1515688]
.
[HKEY_CLASSES_ROOT\clsid\{d4027c7f-154a-4066-a1ad-4243d8127440}]
[HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd.1]
[HKEY_CLASSES_ROOT\TypeLib\{2996F0E7-292B-4CAE-893F-47B8B1C05B56}]
[HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd]
.
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser]
"{D4027C7F-154A-4066-A1AD-4243D8127440}"= "c:\program files\Ask.com\GenericAskToolbar.dll" [2011-08-24 1515688]
.
[HKEY_CLASSES_ROOT\clsid\{d4027c7f-154a-4066-a1ad-4243d8127440}]
[HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd.1]
[HKEY_CLASSES_ROOT\TypeLib\{2996F0E7-292B-4CAE-893F-47B8B1C05B56}]
[HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd]
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="c:\program files\Common Files\Ahead\lib\NMBgMonitor.exe" [2005-10-28 94208]
"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2011-05-27 39408]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RTHDCPL"="RTHDCPL.EXE" [2008-04-10 16861184]
"NeroFilterCheck"="c:\windows\system32\NeroCheck.exe" [2001-07-09 155648]
"RemoteControl"="c:\program files\CyberLink\PowerDVD\PDVDServ.exe" [2005-01-12 32768]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2009-02-27 35696]
"ATICCC"="c:\program files\ATI Technologies\ATI.ACE\CLIStart.exe" [2006-09-25 90112]
"lxcymon.exe"="c:\program files\Lexmark 3400 Series\lxcymon.exe" [2007-06-25 291504]
"EzPrint"="c:\program files\Lexmark 3400 Series\ezprint.exe" [2007-06-25 82608]
"FaxCenterServer"="c:\program files\Lexmark Fax Solutions\fm3032.exe" [2007-06-25 295600]
"LXCYCATS"="c:\windows\System32\spool\DRIVERS\W32X86\3\LXCYtime.dll" [2006-11-21 106496]
"TkBellExe"="c:\program files\Real\RealPlayer\update\realsched.exe" [2011-05-27 273544]
"ApnUpdater"="c:\program files\Ask.com\Updater\Updater.exe" [2011-08-24 887976]
"avgnt"="c:\program files\Avira\AntiVir Desktop\avgnt.exe" [2011-10-19 258512]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2011-06-09 254696]
"APSDaemon"="c:\program files\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2011-09-27 59240]
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2011-10-24 421888]
.
c:\documents and settings\Owner\Start Menu\Programs\Startup\
OpenOffice.org 3.3.lnk - c:\program files\OpenOffice.org 3\program\quickstart.exe [2010-12-13 1198592]
.
[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "c:\program files\SUPERAntiSpyware\SASSEH.DLL" [2011-07-19 113024]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
2011-05-04 17:54 551296 ----a-w- c:\program files\SUPERAntiSpyware\SASWINLO.DLL
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\!SASCORE]
@=""
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"%windir%\\system32\\sessmgr.exe"=
"c:\\WINDOWS\\system32\\lxcycoms.exe"=
"c:\\Program Files\\Microsoft Games\\Rise of Nations\\rise.exe"=
"c:\\WINDOWS\\system32\\dpvsetup.exe"=
"c:\\Program Files\\Microsoft Games\\Age of Empires II\\age2_x1\\AGE2_X1.ICD"=
"c:\\Program Files\\Common Files\\Apple\\Apple Application Support\\WebKit2WebProcess.exe"=
"c:\\Program Files\\LucasArts\\Star Wars Empire at War\\GameData\\sweaw.exe"=
"c:\\Program Files\\LucasArts\\Star Wars Empire at War Forces of Corruption\\swfoc.exe"=
.
R1 avkmgr;avkmgr;c:\windows\system32\drivers\avkmgr.sys [10/20/2011 6:18 AM 36000]
R1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\sasdifsv.sys [7/22/2011 10:27 AM 12880]
R1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL.SYS [7/12/2011 3:55 PM 67664]
R2 !SASCORE;SAS Core Service;c:\program files\SUPERAntiSpyware\SASCore.exe [8/11/2011 5:38 PM 116608]
R2 AntiVirSchedulerService;Avira Scheduler;c:\program files\Avira\AntiVir Desktop\sched.exe [10/20/2011 6:18 AM 86224]
R2 lxcy_device;lxcy_device;c:\windows\system32\lxcycoms.exe -service --> c:\windows\system32\lxcycoms.exe -service [?]
S2 AntiVirMailService;Avira Mail Protection;c:\program files\Avira\AntiVir Desktop\avmailc.exe [11/13/2011 2:41 PM 342480]
S2 AntiVirWebService;Avira Web Protection;c:\program files\Avira\AntiVir Desktop\avwebgrd.exe [10/20/2011 6:18 AM 463824]
S2 gupdate;Google Update Service (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [5/27/2011 12:41 PM 136176]
S3 gupdatem;Google Update Service (gupdatem);c:\program files\Google\Update\GoogleUpdate.exe [5/27/2011 12:41 PM 136176]
S3 MBAMSwissArmy;MBAMSwissArmy;\??\c:\windows\system32\drivers\mbamswissarmy.sys --> c:\windows\system32\drivers\mbamswissarmy.sys [?]
.
Contents of the 'Scheduled Tasks' folder
.
2011-12-03 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2011-05-27 18:41]
.
2011-12-03 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2011-05-27 18:41]
.
2011-12-03 c:\windows\Tasks\RealUpgradeLogonTaskS-1-5-21-1220945662-2111687655-1177238915-1003.job
- c:\program files\Real\RealUpgrade\realupgrade.exe [2011-03-29 15:47]
.
2011-12-03 c:\windows\Tasks\RealUpgradeScheduledTaskS-1-5-21-1220945662-2111687655-1177238915-1003.job
- c:\program files\Real\RealUpgrade\realupgrade.exe [2011-03-29 15:47]
.
2011-12-03 c:\windows\Tasks\Scheduled Update for Ask Toolbar.job
- c:\program files\Ask.com\UpdateTask.exe [2011-08-24 02:20]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.yahoo.com/
IE: Google Sidewiki... - c:\program files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_7461B1589E8B4FB7.dll/cmsidewiki.html
LSP: c:\program files\Avira\AntiVir Desktop\avsda.dll
TCP: DhcpNameServer = 192.168.0.1
.
- - - - ORPHANS REMOVED - - - -
.
AddRemove-Age of Mythology Demo 1.0 - c:\program files\Microsoft Games\Age of Mythology Trial\UNINSTAL.EXE
AddRemove-RapidTyping - c:\program files\RapidTyping\Uninstall.exe
.
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2011-12-03 11:52
Windows 5.1.2600 Service Pack 3 NTFS
.
scanning hidden processes ...
.
scanning hidden autostart entries ...
.
HKLM\Software\Microsoft\Windows\CurrentVersion\Run
LXCYCATS = rundll32 c:\windows\System32\spool\DRIVERS\W32X86\3\LXCYtime.dll,_RunDLLEntry@16???????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????
.
scanning hidden files ...
.
scan completed successfully
hidden files: 0
.
**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_USERS\S-1-5-21-1220945662-2111687655-1177238915-1003\Software\SecuROM\License information*]
"datasecu"=hex:19,b9,4e,19,e6,78,16,e3,07,dd,0b,12,05,ce,df,e4,92,0a,fc,14,7e,
cc,01,ec,c5,4a,c8,48,5e,3f,7d,a7,b7,a2,5e,31,20,5b,08,a8,39,03,da,1d,a3,42,\
"rkeysecu"=hex:64,b6,bd,e1,3e,80,9e,c4,40,b4,90,83,87,8e,33,49
.
--------------------- DLLs Loaded Under Running Processes ---------------------
.
- - - - - - - > 'winlogon.exe'(680)
c:\program files\SUPERAntiSpyware\SASWINLO.DLL
c:\windows\system32\WININET.dll
c:\windows\system32\Ati2evxx.dll
.
- - - - - - - > 'explorer.exe'(1316)
c:\windows\system32\WININET.dll
c:\windows\system32\ieframe.dll
c:\windows\system32\webcheck.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
------------------------ Other Running Processes ------------------------
.
c:\windows\system32\Ati2evxx.exe
c:\windows\system32\Ati2evxx.exe
c:\program files\Avira\AntiVir Desktop\avguard.exe
c:\program files\Java\jre6\bin\jqs.exe
c:\windows\system32\lxcycoms.exe
c:\program files\Avira\AntiVir Desktop\avshadow.exe
c:\windows\RTHDCPL.EXE
c:\windows\system32\wscntfy.exe
.
**************************************************************************
.
Completion time: 2011-12-03 11:58:28 - machine was rebooted
ComboFix-quarantined-files.txt 2011-12-03 17:58
.
Pre-Run: 81,263,153,152 bytes free
Post-Run: 82,868,822,016 bytes free
.
WindowsXP-KB310994-SP2-Home-BootDisk-ENU.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
UnsupportedDebug="do not select this" /debug
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Home Edition" /noexecute=optin /fastdetect
.
- - End Of File - - 10210082F2F894F9E95E13857FF3711A

Edited by Jdaniel314, 03 December 2011 - 02:40 PM.


#10 SweetTech

SweetTech

    Agent ST


  • Members
  • 13,421 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Antarctica
  • Local time:03:46 PM

Posted 04 December 2011 - 01:57 AM

Hello!

It sounds like we're going to need to re-run ComboFix again, to see if that restores your internet connection.

You should be aware of the following warning in regards to ZeroAccess.

Posted Image One or more of the identified infections is a backdoor trojan and password stealer.

This type of infection allows hackers to access and remotely control your computer, log keystrokes, steal critical system information, and download and execute files without your knowledge.
If you do any banking or other financial transactions on the PC or if it contains any other sensitive information, then from a clean computer, change all passwords where applicable.
It would also be wise to contact those same financial institutions to appraise them of your situation.


I highly suggest you take a look at the two links provided below:
1. How Do I Handle Possible Identify Theft, Internet Fraud, and CC Fraud?
2. When should I re-format? How should I reinstall?


We can still clean this machine but I can't guarantee that it will be 100% secure afterwards. Let me know what you decide to do. If you decide to go through with the cleanup, please proceed with the following steps.

Have I helped you? If you'd like to assist in the fight against malware, click here Posted Image


The instructions seen in this post have been specifically tailored to this user and the issues they are experiencing with their computer. If you think you have a similar problem, please first read this topic, and then begin your own, new thread. I do not offer private support via Private Message.


#11 Jdaniel314

Jdaniel314
  • Topic Starter

  • Members
  • 108 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:01:46 PM

Posted 05 December 2011 - 06:18 PM

Well, I'm not sure what to do next about the computer, am in the process of getting passwords changed.
I've just realized that in addition to the internet being down Avira's internet protections are also down, as well as Windows firewall.
As I wasn't sure as to whether Internet explorer would start up again without protection, I decided to run Combofix with the internet physically disconnected.
In hindsight, that doesn't sound like such a good idea anymore.

Here's the second combofix log, should I try to hook up the internet now, or try to get the firewall running first?

ComboFix 11-12-03.01 - Owner 12/05/2011 7:25.2.1 - x86
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.1022.511 [GMT -6:00]
Running from: c:\documents and settings\Owner\Desktop\ComboFix.exe
AV: Avira Desktop *Disabled/Updated* {C19476D9-52BC-4E93-8AF3-CCF59F7AE8FE}
.
.
((((((((((((((((((((((((( Files Created from 2011-11-05 to 2011-12-05 )))))))))))))))))))))))))))))))
.
.
2011-12-02 19:27 . 2011-12-02 19:27 -------- d-----w- C:\_OTS
2011-11-30 17:50 . 2008-04-14 12:00 26624 ----a-w- c:\documents and settings\LocalService\Application Data\Microsoft\UPnP Device Host\upnphost\udhisapi.dll
2011-11-29 03:48 . 2011-11-29 03:51 -------- d-----w- c:\program files\Free Window Registry Repair
2011-11-29 02:55 . 2001-08-17 19:28 794399 -c--a-w- c:\windows\system32\dllcache\usr1806v.sys
2011-11-29 02:55 . 2001-08-17 19:28 793598 -c--a-w- c:\windows\system32\dllcache\usr1806.sys
2011-11-29 02:55 . 2001-08-17 19:28 794654 -c--a-w- c:\windows\system32\dllcache\usr1801.sys
2011-11-29 02:55 . 2008-04-14 06:16 121984 -c--a-w- c:\windows\system32\dllcache\usbvideo.sys
2011-11-29 02:55 . 2008-04-14 06:15 26112 -c--a-w- c:\windows\system32\dllcache\usbser.sys
2011-11-29 02:55 . 2008-04-14 06:15 20608 -c--a-w- c:\windows\system32\dllcache\usbuhci.sys
2011-11-29 02:55 . 2008-04-14 06:15 60032 -c--a-w- c:\windows\system32\dllcache\usbaudio.sys
2011-11-29 02:55 . 2008-04-14 06:26 12800 -c--a-w- c:\windows\system32\dllcache\usb8023x.sys
2011-11-29 02:55 . 2008-04-14 04:05 32384 -c--a-w- c:\windows\system32\dllcache\usb101et.sys
2011-11-29 02:55 . 2001-08-18 04:36 94720 -c--a-w- c:\windows\system32\dllcache\umaxud32.dll
2011-11-29 02:55 . 2001-08-18 04:36 28160 -c--a-w- c:\windows\system32\dllcache\umaxu40.dll
2011-11-29 02:53 . 2001-08-17 18:12 34375 -c--a-w- c:\windows\system32\dllcache\tpro4.sys
2011-11-29 02:51 . 2001-08-17 19:49 30464 -c--a-w- c:\windows\system32\dllcache\tbatm155.sys
2011-11-29 02:50 . 2001-08-18 04:36 53248 -c--a-w- c:\windows\system32\dllcache\stlncoin.dll
2011-11-29 02:49 . 2001-08-17 18:51 58368 -c--a-w- c:\windows\system32\dllcache\smiminib.sys
2011-11-29 02:49 . 2001-08-17 20:56 147200 -c--a-w- c:\windows\system32\dllcache\smidispb.dll
2011-11-29 02:49 . 2001-08-17 18:12 25034 -c--a-w- c:\windows\system32\dllcache\smcpwr2n.sys
2011-11-29 02:49 . 2001-08-17 18:10 35913 -c--a-w- c:\windows\system32\dllcache\smcirda.sys
2011-11-29 02:49 . 2001-08-17 18:12 24576 -c--a-w- c:\windows\system32\dllcache\smc8000n.sys
2011-11-29 02:49 . 2008-04-14 06:06 6912 -c--a-w- c:\windows\system32\dllcache\smbclass.sys
2011-11-29 02:49 . 2001-08-17 19:57 6784 -c--a-w- c:\windows\system32\dllcache\smbhc.sys
2011-11-29 02:49 . 2008-04-14 06:06 5888 -c--a-w- c:\windows\system32\dllcache\smbali.sys
2011-11-29 02:49 . 2008-04-14 06:06 16000 -c--a-w- c:\windows\system32\dllcache\smbbatt.sys
2011-11-29 02:49 . 2001-08-18 04:36 45568 -c--a-w- c:\windows\system32\dllcache\smb3w.dll
2011-11-29 02:49 . 2001-08-18 04:36 33792 -c--a-w- c:\windows\system32\dllcache\smb0w.dll
2011-11-29 02:49 . 2001-08-18 04:36 28672 -c--a-w- c:\windows\system32\dllcache\sma0w.dll
2011-11-29 02:47 . 2008-04-14 11:42 3901 -c--a-w- c:\windows\system32\dllcache\siint5.dll
2011-11-29 02:46 . 2001-08-18 04:36 495616 -c--a-w- c:\windows\system32\dllcache\sblfx.dll
2011-11-29 02:45 . 2001-08-17 18:12 19017 -c--a-w- c:\windows\system32\dllcache\rtl8029.sys
2011-11-29 02:44 . 2001-08-17 19:52 49024 -c--a-w- c:\windows\system32\dllcache\ql1280.sys
2011-11-29 02:43 . 2001-08-18 04:36 121344 -c--a-w- c:\windows\system32\dllcache\phvfwext.dll
2011-11-29 02:43 . 2001-08-17 20:07 19840 -c--a-w- c:\windows\system32\dllcache\philtune.sys
2011-11-29 02:41 . 2001-08-18 04:36 39424 -c--a-w- c:\windows\system32\dllcache\ovcoms.exe
2011-11-29 02:40 . 2001-08-17 19:47 9344 -c--a-w- c:\windows\system32\dllcache\ntapm.sys
2011-11-29 02:39 . 2001-08-17 19:50 75520 -c--a-w- c:\windows\system32\dllcache\mxport.sys
2011-11-29 02:38 . 2001-08-17 20:02 35200 -c--a-w- c:\windows\system32\dllcache\msgame.sys
2011-11-29 02:38 . 2001-08-17 19:48 6016 -c--a-w- c:\windows\system32\dllcache\msfsio.sys
2011-11-29 02:38 . 2008-04-14 06:16 51200 -c--a-w- c:\windows\system32\dllcache\msdv.sys
2011-11-29 02:38 . 2001-08-17 19:52 17280 -c--a-w- c:\windows\system32\dllcache\mraid35x.sys
2011-11-29 02:38 . 2008-04-14 06:16 15232 -c--a-w- c:\windows\system32\dllcache\mpe.sys
2011-11-29 02:38 . 2001-08-17 19:57 16128 -c--a-w- c:\windows\system32\dllcache\modemcsa.sys
2011-11-29 02:38 . 2001-08-17 19:52 6528 -c--a-w- c:\windows\system32\dllcache\miniqic.sys
2011-11-29 02:38 . 2001-08-17 18:50 320384 -c--a-w- c:\windows\system32\dllcache\mgaum.sys
2011-11-29 02:38 . 2001-08-17 20:56 235648 -c--a-w- c:\windows\system32\dllcache\mgaud.dll
2011-11-29 02:36 . 2001-08-17 19:51 15744 -c--a-w- c:\windows\system32\dllcache\lit220p.sys
2011-11-29 02:36 . 2008-04-14 06:10 34688 -c--a-w- c:\windows\system32\dllcache\lbrtfdc.sys
2011-11-29 02:36 . 2001-08-17 18:12 26442 -c--a-w- c:\windows\system32\dllcache\lanepic5.sys
2011-11-29 02:36 . 2001-08-17 18:12 19016 -c--a-w- c:\windows\system32\dllcache\ktc111.sys
2011-11-29 02:36 . 2001-08-18 04:36 37376 -c--a-w- c:\windows\system32\dllcache\kousd.dll
2011-11-29 02:36 . 2008-04-14 11:41 253952 -c--a-w- c:\windows\system32\dllcache\kdsusd.dll
2011-11-29 02:36 . 2008-04-14 11:41 48640 -c--a-w- c:\windows\system32\dllcache\kdsui.dll
2011-11-29 02:36 . 2001-08-18 04:36 8192 -c--a-w- c:\windows\system32\dllcache\kbdkor.dll
2011-11-29 02:36 . 2001-08-18 04:36 8704 -c--a-w- c:\windows\system32\dllcache\kbdjpn.dll
2011-11-29 02:35 . 2008-04-14 11:39 6144 -c--a-w- c:\windows\system32\dllcache\kbd106.dll
2011-11-29 02:35 . 2001-08-17 20:55 5632 -c--a-w- c:\windows\system32\dllcache\kbd103.dll
2011-11-29 02:35 . 2001-08-17 20:55 6144 -c--a-w- c:\windows\system32\dllcache\kbd101c.dll
2011-11-29 02:35 . 2001-08-17 20:55 6144 -c--a-w- c:\windows\system32\dllcache\kbd101b.dll
2011-11-29 02:35 . 2001-08-17 19:49 26624 -c--a-w- c:\windows\system32\dllcache\irstusb.sys
2011-11-29 02:35 . 2001-08-17 19:51 18688 -c--a-w- c:\windows\system32\dllcache\irsir.sys
2011-11-29 02:35 . 2008-04-14 11:41 28160 -c--a-w- c:\windows\system32\dllcache\irmon.dll
2011-11-29 02:35 . 2008-04-14 11:42 151552 -c--a-w- c:\windows\system32\dllcache\irftp.exe
2011-11-29 02:35 . 2001-08-17 19:49 23552 -c--a-w- c:\windows\system32\dllcache\irmk7.sys
2011-11-29 02:35 . 2008-04-14 06:24 88192 -c--a-w- c:\windows\system32\dllcache\irda.sys
2011-11-29 02:35 . 2001-08-17 18:12 45632 -c--a-w- c:\windows\system32\dllcache\ip5515.sys
2011-11-29 02:35 . 2001-08-18 04:36 90200 -c--a-w- c:\windows\system32\dllcache\io8ports.dll
2011-11-29 02:34 . 2001-08-17 19:50 38784 -c--a-w- c:\windows\system32\dllcache\io8.sys
2011-11-29 02:34 . 2008-04-14 06:10 5504 -c--a-w- c:\windows\system32\dllcache\intelide.sys
2011-11-29 02:34 . 2001-08-17 19:47 13056 -c--a-w- c:\windows\system32\dllcache\inport.sys
2011-11-29 02:34 . 2001-08-17 19:52 16000 -c--a-w- c:\windows\system32\dllcache\ini910u.sys
2011-11-29 02:34 . 2001-08-18 04:36 372824 -c--a-w- c:\windows\system32\dllcache\iconf32.dll
2011-11-29 02:32 . 2001-08-17 19:28 73279 -c--a-w- c:\windows\system32\dllcache\hsf_spkp.sys
2011-11-29 02:31 . 2001-08-18 04:36 119296 -c--a-w- c:\windows\system32\dllcache\hpdigwia.dll
2011-11-29 02:30 . 2001-08-18 04:36 92160 -c--a-w- c:\windows\system32\dllcache\fuusd.dll
2011-11-29 02:30 . 2001-08-17 18:15 455296 -c--a-w- c:\windows\system32\dllcache\fusbbase.sys
2011-11-29 02:30 . 2001-08-17 18:15 455680 -c--a-w- c:\windows\system32\dllcache\fus2base.sys
2011-11-29 02:30 . 2001-08-17 18:15 442240 -c--a-w- c:\windows\system32\dllcache\fpnpbase.sys
2011-11-29 02:30 . 2001-08-17 18:14 441728 -c--a-w- c:\windows\system32\dllcache\fpcmbase.sys
2011-11-29 02:30 . 2001-08-17 18:14 444416 -c--a-w- c:\windows\system32\dllcache\fpcibase.sys
2011-11-29 02:30 . 2008-04-14 04:05 34173 -c--a-w- c:\windows\system32\dllcache\forehe.sys
2011-11-29 02:29 . 2001-08-18 04:36 71680 -c--a-w- c:\windows\system32\dllcache\fnfilter.dll
2011-11-29 02:29 . 2001-08-17 18:13 27165 -c--a-w- c:\windows\system32\dllcache\fetnd5.sys
2011-11-29 02:29 . 2001-08-17 18:10 22090 -c--a-w- c:\windows\system32\dllcache\fem556n5.sys
2011-11-29 02:29 . 2001-08-17 18:12 24618 -c--a-w- c:\windows\system32\dllcache\fa410nd5.sys
2011-11-29 02:29 . 2001-08-17 18:12 16074 -c--a-w- c:\windows\system32\dllcache\fa312nd5.sys
2011-11-29 02:29 . 2001-08-17 18:11 11850 -c--a-w- c:\windows\system32\dllcache\f3ab18xj.sys
2011-11-29 02:29 . 2001-08-17 18:11 12362 -c--a-w- c:\windows\system32\dllcache\f3ab18xi.sys
2011-11-29 02:29 . 2001-08-17 19:52 7040 -c--a-w- c:\windows\system32\dllcache\exabyte2.sys
2011-11-29 02:29 . 2001-08-17 18:12 16998 -c--a-w- c:\windows\system32\dllcache\ex10.sys
2011-11-29 02:29 . 2001-08-18 04:36 45568 -c--a-w- c:\windows\system32\dllcache\esunib.dll
2011-11-29 02:29 . 2001-08-18 04:36 45568 -c--a-w- c:\windows\system32\dllcache\esuni.dll
2011-11-29 02:29 . 2001-08-18 04:36 34816 -c--a-w- c:\windows\system32\dllcache\esuimg.dll
2011-11-29 02:27 . 2001-08-17 18:12 19594 -c--a-w- c:\windows\system32\dllcache\e100isa4.sys
2011-11-29 02:26 . 2001-08-18 04:36 24064 -c--a-w- c:\windows\system32\dllcache\devldr32.exe
2011-11-29 02:25 . 2008-04-14 06:06 10240 -c--a-w- c:\windows\system32\dllcache\compbatt.sys
2011-11-29 02:24 . 2008-04-14 11:41 121856 -c--a-w- c:\windows\system32\dllcache\camext30.dll
2011-11-29 02:24 . 2001-08-18 04:36 236032 -c--a-w- c:\windows\system32\dllcache\camext20.dll
2011-11-29 02:24 . 2001-08-18 04:36 74240 -c--a-w- c:\windows\system32\dllcache\camexo20.dll
2011-11-29 02:24 . 2001-08-17 20:04 171264 -c--a-w- c:\windows\system32\dllcache\camdrv30.sys
2011-11-29 02:24 . 2001-08-17 20:05 314752 -c--a-w- c:\windows\system32\dllcache\camdro21.sys
2011-11-29 02:24 . 2001-08-17 20:04 223232 -c--a-w- c:\windows\system32\dllcache\camdrv21.sys
2011-11-29 02:20 . 2008-04-14 04:04 52224 -c--a-w- c:\windows\system32\dllcache\atinraxx.sys
2011-11-29 02:19 . 2001-08-17 20:07 101888 -c--a-w- c:\windows\system32\dllcache\adpu160m.sys
2011-11-29 01:21 . 2001-08-17 20:56 66048 -c--a-w- c:\windows\system32\dllcache\s3legacy.dll
2011-11-28 23:32 . 2011-11-29 00:45 -------- d-----w- c:\documents and settings\LocalService\Local Settings\Application Data\Adobe
2011-11-28 21:41 . 2011-11-28 21:41 -------- d-----w- c:\program files\Windows Media Connect 2
2011-11-28 21:39 . 2011-11-28 21:40 -------- d-----w- c:\windows\system32\drivers\UMDF
2011-11-28 21:39 . 2011-11-28 21:39 -------- d-----w- c:\windows\system32\LogFiles
2011-11-28 21:38 . 2011-08-16 10:45 6144 -c----w- c:\windows\system32\dllcache\iecompat.dll
2011-11-28 20:38 . 2011-11-28 20:52 -------- d-----w- c:\program files\Needed-Files-Downloader
2011-11-28 17:27 . 2011-11-28 17:27 -------- d-----w- c:\windows\system32\wbem\Repository
2011-11-28 04:19 . 2011-11-28 17:27 -------- d-----w- c:\program files\Audacity
2011-11-23 03:48 . 2011-11-28 17:37 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2011-11-23 03:36 . 2011-11-23 03:36 -------- d-----w- c:\documents and settings\All Users\Application Data\Individual Software
2011-11-23 03:36 . 2011-11-23 03:48 -------- d-----w- c:\program files\Total 3D
2011-11-21 13:33 . 2011-11-23 03:48 -------- d-----w- c:\program files\321cba
2011-11-21 04:53 . 2011-11-21 04:53 -------- d-----w- c:\documents and settings\Owner\Application Data\SUPERAntiSpyware.com
2011-11-21 04:52 . 2011-11-28 23:47 -------- d-----w- c:\program files\SUPERAntiSpyware
2011-11-21 04:52 . 2011-11-21 04:52 -------- d-----w- c:\documents and settings\All Users\Application Data\SUPERAntiSpyware.com
2011-11-14 02:46 . 2011-11-14 04:32 -------- d-----w- c:\documents and settings\Owner\Application Data\Petroglyph
2011-11-13 23:21 . 2011-11-13 23:21 -------- d-----w- c:\documents and settings\Owner\Application Data\InstallShield
2011-11-13 23:20 . 2011-11-13 23:20 -------- d-----w- c:\documents and settings\All Users\Application Data\Apple Computer
2011-11-13 23:20 . 2011-11-13 23:20 -------- d-----w- c:\documents and settings\Owner\Local Settings\Application Data\Apple
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-10-24 20:29 . 2011-10-24 20:29 94208 ----a-w- c:\windows\system32\QuickTimeVR.qtx
2011-10-24 20:29 . 2011-10-24 20:29 69632 ----a-w- c:\windows\system32\QuickTime.qts
2011-10-19 03:48 . 2011-05-19 13:15 414368 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2011-10-11 20:00 . 2011-10-20 12:18 74640 ----a-w- c:\windows\system32\drivers\avgntflt.sys
2011-10-11 20:00 . 2011-10-20 12:18 36000 ----a-w- c:\windows\system32\drivers\avkmgr.sys
2011-10-11 20:00 . 2011-10-20 12:18 134344 ----a-w- c:\windows\system32\drivers\avipbb.sys
2011-10-10 14:22 . 2011-04-12 21:38 692736 ----a-w- c:\windows\system32\inetcomm.dll
2011-10-07 23:05 . 2011-10-07 23:05 323624 ----a-w- c:\windows\system32\wiaaut.dll
2011-10-04 14:33 . 2011-10-04 14:33 18944 ----a-r- c:\documents and settings\Owner\Application Data\Microsoft\Installer\{297DCADA-86A1-4A42-8A13-66B7D7A09FD2}\IconBB6A16301.exe
2011-10-03 11:06 . 2011-04-12 22:28 472808 ----a-w- c:\windows\system32\deployJava1.dll
2011-10-03 08:37 . 2011-04-12 22:28 73728 ----a-w- c:\windows\system32\javacpl.cpl
2011-09-28 07:06 . 2008-04-14 12:00 599040 ----a-w- c:\windows\system32\crypt32.dll
2011-09-26 16:41 . 2008-07-30 00:59 611328 ----a-w- c:\windows\system32\uiautomationcore.dll
2011-09-26 16:41 . 2008-04-14 12:00 220160 ----a-w- c:\windows\system32\oleacc.dll
2011-09-26 16:41 . 2008-04-14 12:00 20480 ----a-w- c:\windows\system32\oleaccrc.dll
.
.
((((((((((((((((((((((((((((( SnapShot@2011-12-03_17.51.12 )))))))))))))))))))))))))))))))))))))))))
.
+ 2011-12-04 06:37 . 2011-12-04 06:37 16384 c:\windows\Temp\Perflib_Perfdata_798.dat
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
"{00000000-6E41-4FD3-8538-502F5495E5FC}"= "c:\program files\Ask.com\GenericAskToolbar.dll" [2011-08-24 1515688]
.
[HKEY_CLASSES_ROOT\clsid\{00000000-6e41-4fd3-8538-502f5495e5fc}]
.
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{D4027C7F-154A-4066-A1AD-4243D8127440}]
2011-08-24 02:20 1515688 ----a-w- c:\program files\Ask.com\GenericAskToolbar.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{D4027C7F-154A-4066-A1AD-4243D8127440}"= "c:\program files\Ask.com\GenericAskToolbar.dll" [2011-08-24 1515688]
.
[HKEY_CLASSES_ROOT\clsid\{d4027c7f-154a-4066-a1ad-4243d8127440}]
[HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd.1]
[HKEY_CLASSES_ROOT\TypeLib\{2996F0E7-292B-4CAE-893F-47B8B1C05B56}]
[HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd]
.
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser]
"{D4027C7F-154A-4066-A1AD-4243D8127440}"= "c:\program files\Ask.com\GenericAskToolbar.dll" [2011-08-24 1515688]
.
[HKEY_CLASSES_ROOT\clsid\{d4027c7f-154a-4066-a1ad-4243d8127440}]
[HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd.1]
[HKEY_CLASSES_ROOT\TypeLib\{2996F0E7-292B-4CAE-893F-47B8B1C05B56}]
[HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd]
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="c:\program files\Common Files\Ahead\lib\NMBgMonitor.exe" [2005-10-28 94208]
"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2011-05-27 39408]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RTHDCPL"="RTHDCPL.EXE" [2008-04-10 16861184]
"NeroFilterCheck"="c:\windows\system32\NeroCheck.exe" [2001-07-09 155648]
"RemoteControl"="c:\program files\CyberLink\PowerDVD\PDVDServ.exe" [2005-01-12 32768]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2009-02-27 35696]
"ATICCC"="c:\program files\ATI Technologies\ATI.ACE\CLIStart.exe" [2006-09-25 90112]
"lxcymon.exe"="c:\program files\Lexmark 3400 Series\lxcymon.exe" [2007-06-25 291504]
"EzPrint"="c:\program files\Lexmark 3400 Series\ezprint.exe" [2007-06-25 82608]
"FaxCenterServer"="c:\program files\Lexmark Fax Solutions\fm3032.exe" [2007-06-25 295600]
"LXCYCATS"="c:\windows\System32\spool\DRIVERS\W32X86\3\LXCYtime.dll" [2006-11-21 106496]
"TkBellExe"="c:\program files\Real\RealPlayer\update\realsched.exe" [2011-05-27 273544]
"ApnUpdater"="c:\program files\Ask.com\Updater\Updater.exe" [2011-08-24 887976]
"avgnt"="c:\program files\Avira\AntiVir Desktop\avgnt.exe" [2011-10-19 258512]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2011-06-09 254696]
"APSDaemon"="c:\program files\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2011-09-27 59240]
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2011-10-24 421888]
.
c:\documents and settings\Owner\Start Menu\Programs\Startup\
OpenOffice.org 3.3.lnk - c:\program files\OpenOffice.org 3\program\quickstart.exe [2010-12-13 1198592]
.
[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "c:\program files\SUPERAntiSpyware\SASSEH.DLL" [2011-07-19 113024]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
2011-05-04 17:54 551296 ----a-w- c:\program files\SUPERAntiSpyware\SASWINLO.DLL
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\!SASCORE]
@=""
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"%windir%\\system32\\sessmgr.exe"=
"c:\\WINDOWS\\system32\\lxcycoms.exe"=
"c:\\Program Files\\Microsoft Games\\Rise of Nations\\rise.exe"=
"c:\\WINDOWS\\system32\\dpvsetup.exe"=
"c:\\Program Files\\Microsoft Games\\Age of Empires II\\age2_x1\\AGE2_X1.ICD"=
"c:\\Program Files\\Common Files\\Apple\\Apple Application Support\\WebKit2WebProcess.exe"=
"c:\\Program Files\\LucasArts\\Star Wars Empire at War\\GameData\\sweaw.exe"=
"c:\\Program Files\\LucasArts\\Star Wars Empire at War Forces of Corruption\\swfoc.exe"=
.
R1 avkmgr;avkmgr;c:\windows\system32\drivers\avkmgr.sys [10/20/2011 6:18 AM 36000]
R1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\sasdifsv.sys [7/22/2011 10:27 AM 12880]
R1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL.SYS [7/12/2011 3:55 PM 67664]
R2 !SASCORE;SAS Core Service;c:\program files\SUPERAntiSpyware\SASCore.exe [8/11/2011 5:38 PM 116608]
R2 AntiVirSchedulerService;Avira Scheduler;c:\program files\Avira\AntiVir Desktop\sched.exe [10/20/2011 6:18 AM 86224]
R2 lxcy_device;lxcy_device;c:\windows\system32\lxcycoms.exe -service --> c:\windows\system32\lxcycoms.exe -service [?]
S2 AntiVirMailService;Avira Mail Protection;c:\program files\Avira\AntiVir Desktop\avmailc.exe [11/13/2011 2:41 PM 342480]
S2 AntiVirWebService;Avira Web Protection;c:\program files\Avira\AntiVir Desktop\avwebgrd.exe [10/20/2011 6:18 AM 463824]
S2 gupdate;Google Update Service (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [5/27/2011 12:41 PM 136176]
S3 gupdatem;Google Update Service (gupdatem);c:\program files\Google\Update\GoogleUpdate.exe [5/27/2011 12:41 PM 136176]
S3 MBAMSwissArmy;MBAMSwissArmy;\??\c:\windows\system32\drivers\mbamswissarmy.sys --> c:\windows\system32\drivers\mbamswissarmy.sys [?]
.
Contents of the 'Scheduled Tasks' folder
.
2011-12-05 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2011-05-27 18:41]
.
2011-12-05 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2011-05-27 18:41]
.
2011-12-04 c:\windows\Tasks\RealUpgradeLogonTaskS-1-5-21-1220945662-2111687655-1177238915-1003.job
- c:\program files\Real\RealUpgrade\realupgrade.exe [2011-03-29 15:47]
.
2011-12-03 c:\windows\Tasks\RealUpgradeScheduledTaskS-1-5-21-1220945662-2111687655-1177238915-1003.job
- c:\program files\Real\RealUpgrade\realupgrade.exe [2011-03-29 15:47]
.
2011-12-05 c:\windows\Tasks\Scheduled Update for Ask Toolbar.job
- c:\program files\Ask.com\UpdateTask.exe [2011-08-24 02:20]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.yahoo.com/
IE: Google Sidewiki... - c:\program files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_7461B1589E8B4FB7.dll/cmsidewiki.html
LSP: c:\program files\Avira\AntiVir Desktop\avsda.dll
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2011-12-05 07:32
Windows 5.1.2600 Service Pack 3 NTFS
.
scanning hidden processes ...
.
scanning hidden autostart entries ...
.
HKLM\Software\Microsoft\Windows\CurrentVersion\Run
LXCYCATS = rundll32 c:\windows\System32\spool\DRIVERS\W32X86\3\LXCYtime.dll,_RunDLLEntry@16???????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????
.
scanning hidden files ...
.
scan completed successfully
hidden files: 0
.
**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_USERS\S-1-5-21-1220945662-2111687655-1177238915-1003\Software\SecuROM\License information*]
"datasecu"=hex:19,b9,4e,19,e6,78,16,e3,07,dd,0b,12,05,ce,df,e4,92,0a,fc,14,7e,
cc,01,ec,c5,4a,c8,48,5e,3f,7d,a7,b7,a2,5e,31,20,5b,08,a8,39,03,da,1d,a3,42,\
"rkeysecu"=hex:64,b6,bd,e1,3e,80,9e,c4,40,b4,90,83,87,8e,33,49
.
--------------------- DLLs Loaded Under Running Processes ---------------------
.
- - - - - - - > 'winlogon.exe'(680)
c:\program files\SUPERAntiSpyware\SASWINLO.DLL
c:\windows\system32\WININET.dll
c:\windows\system32\Ati2evxx.dll
.
- - - - - - - > 'explorer.exe'(1880)
c:\windows\system32\WININET.dll
c:\windows\system32\ieframe.dll
c:\windows\system32\webcheck.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
Completion time: 2011-12-05 07:35:25
ComboFix-quarantined-files.txt 2011-12-05 13:35
ComboFix2.txt 2011-12-03 17:58
.
Pre-Run: 82,827,280,384 bytes free
Post-Run: 82,815,504,384 bytes free
.
- - End Of File - - 55D38E018B369C180C89F8F700499F86

#12 SweetTech

SweetTech

    Agent ST


  • Members
  • 13,421 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Antarctica
  • Local time:03:46 PM

Posted 06 December 2011 - 01:49 AM

Hi!

Yes, please hook your internet back up, and try to see if you can launch the Windows firewall.

If you can't please provide me with the error message you receive when you try to load it up.

Have I helped you? If you'd like to assist in the fight against malware, click here Posted Image


The instructions seen in this post have been specifically tailored to this user and the issues they are experiencing with their computer. If you think you have a similar problem, please first read this topic, and then begin your own, new thread. I do not offer private support via Private Message.


#13 Jdaniel314

Jdaniel314
  • Topic Starter

  • Members
  • 108 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:01:46 PM

Posted 07 December 2011 - 12:25 AM

Hello again.
When I hook up the router, the message goes from "no connection" to "limited or no connectivity (100mbps)"
When I attempt to launch Windows Firewall, I simply get a dialogue stating
"Windows cannot start the Windows Firewall/Internet connection sharing service" with no error code or any other explanation as to why it cannot start, sorry.

I also told Windows to attempt to repair the network, and got a dialogue stating
"windows could notfinish repairing the problem beause the following action could not be completed:
Repairing your IP Address"

Tried pinging my router in command prompt, and recieved the error "error destination host unreachable"
(all 4 packets were a 100% loss).
So, per the directions for my router, I typed the command ipconfig/release enter,
then the command ipconfig/renew.
Then I got this error message:
"An error occured while renewing interface local area connection: The requested service provider could not be loaded or initialized."

If you need me to download anything, I do have a 4GB flash drive that I can use.
Oh, and also, if it helps my router is an Atheros Airlink 101 model# AR430W, and I know that the wireless connection still works because I'm using it to reply right now.

#14 SweetTech

SweetTech

    Agent ST


  • Members
  • 13,421 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Antarctica
  • Local time:03:46 PM

Posted 07 December 2011 - 02:31 AM

Good Evening.

Lets try this.

Please go to Start > Run > and Copy/Paste the following bolded text, followed by ENTER. After it completes, please reboot your computer and see if you can connect to the internet then.


NETSH WINSOCK RESET CATALOG

Have I helped you? If you'd like to assist in the fight against malware, click here Posted Image


The instructions seen in this post have been specifically tailored to this user and the issues they are experiencing with their computer. If you think you have a similar problem, please first read this topic, and then begin your own, new thread. I do not offer private support via Private Message.


#15 Jdaniel314

Jdaniel314
  • Topic Starter

  • Members
  • 108 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:01:46 PM

Posted 07 December 2011 - 11:39 AM

We have internet!!
:thumbsup:

The internet is back again, Thank You!

The two biggest problems left are the keyboard still doesn't work, and Malwarebytes is still unable to start.
The error code for Malwarebytes is: PROGRAM_ERROR_ENUMERATE_LANGUAGES (2,0)
The error code for the keyboard is: This device cannot start. (Code 10)

There are a few other errors too.
OpenOffice.org is causing an error whenever the computer starts, because
"Windows cannot find the file specified"
Am seriously considering uninstalling this program, as I don't use it anymore.

Realplayer has been showing instability since I first noticed the initial infection, although I haven't checked on it since running combofix.


Also, there appears to be some, (programming code?) scattered in various locations in the
"My documents" folder.
The files are:
Desktop.ini (several of these)
Thumbs.db (several of these)
dxva_sig.txt (only one)




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users