Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Rootkit.zeroaccess has crippled my network settings and services


  • This topic is locked This topic is locked
19 replies to this topic

#1 mypcsupportteam

mypcsupportteam

  • Members
  • 11 posts
  • OFFLINE
  •  
  • Local time:11:30 PM

Posted 22 February 2012 - 03:27 PM

Hi I have been battling this virus for the past couple days. Combofix alerted me that I was infected with this virus, that it was difficult to remove. etc. I also cannot change my domain or pc name as it says my networking is not installed properly. I have noticed that several services may also not be running. I have attached Combofix log , tdss log and ots log for your information

Attached File  OTS.Txt   82.33KB   2 downloads
Attached File  ComboFix.txt   16.75KB   7 downloads
Attached File  TDSSKiller.2.7.13.0_22.02.2012_12.25.45_log.txt   43.52KB   8 downloads

Your attention to this is greatly appreciated

Kurt

BC AdBot (Login to Remove)

 


#2 SweetTech

SweetTech

    Agent ST


  • Members
  • 13,421 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Antarctica
  • Local time:12:30 AM

Posted 23 February 2012 - 02:07 AM

Hi mypcsupportteam!

My secret agent name on the forums is SweetTech (you can call me Agent ST for short), it's a pleasure to meet you. :)

I'll be addressing you by your username, if you'd like me to address you by something else, please let me know!

I would be glad to take a look at your log and help you with solving any malware problems.

If you have since resolved the issues you were originally experiencing, or have received help elsewhere, please inform me so that this topic can be closed.

If you have not, please adhere to the guidelines below and then follow instructions as outlined further below:


  • Logs from malware removal programs (OTL is one of them) can take some time to analyze. I need you to be patient while I analyze any logs you post. Please remember, I am a volunteer, and I do have a life outside of these forums.
  • Please make sure to carefully read any instruction that I give you. Attention to detail is important! Since I cannot see or directly interact with your computer I am dependent on you to "be my eyes" and provide as much information as you can regarding the current state of your computer.
  • If you're not sure, or if something unexpected happens, do NOT continue! Stop and ask!
  • In Windows Vista and Windows 7, all tools need to be started by right clicking and selecting Run as Administrator!
  • If I instruct you to download a specific tool in which you already have, please delete the copy that you have and re-download the tool. The reason I ask you to do this is because these tools are updated fairly regularly.
  • Do not do things I do not ask for, such as running a spyware scan on your computer. The one thing that you should always do, is to make sure sure that your anti-virus definitions are up-to-date!
  • Please do not use the Attachment feature for any log file. Do a Copy/Paste of the entire contents of the log file and submit it inside your post.
  • I am going to stick with you until ALL malware is gone from your system. I would appreciate it if you would do the same. From this point, we're in this together ;)

    • Because of this, you must reply within 3 days failure to reply will result in the topic being closed! I like chocolate chip cookies.
  • Lastly, I am no magician. I will try very hard to fix your issues, but no promises can be made. Also be aware that some infections are so severe that you might need to resort to reformatting and reinstalling your operating system or even taking your computer into a repair shop.

    • Don't worry, this only happens in severe cases, but it sadly does happen. Be prepared to back up your data and have means of backing up your data available.

____________________________________________________

It appears you're infected with an infection known as ZeroAccess.

ZeroAccess (Max++) Rootkit (aka: Sirefef) is a sophisticated rootkit that uses advanced technology to hide its presence in a system and can infect both x86 and x64 platforms. ZeroAccess is similar to the TDSS rootkit but has more self-protection mechanisms that can be used to disable anti-virus software resulting in "Access Denied" messages whenever you run a security application. For more specific information about this infection, please refer to:


NEXT:



Posted Image One or more of the identified infections is a backdoor trojan and password stealer.

This type of infection allows hackers to access and remotely control your computer, log keystrokes, steal critical system information, and download and execute files without your knowledge.
If you do any banking or other financial transactions on the PC or if it contains any other sensitive information, then from a clean computer, change all passwords where applicable.
It would also be wise to contact those same financial institutions to appraise them of your situation.


I highly suggest you take a look at the two links provided below:
1. How Do I Handle Possible Identify Theft, Internet Fraud, and CC Fraud?
2. When should I re-format? How should I reinstall?


We can still clean this machine but I can't guarantee that it will be 100% secure afterwards. Let me know what you decide to do. If you decide to go through with the cleanup, please proceed with the following steps.



NEXT:



Running TDSSKiller

Download the latest version of TDSSKiller from here and save it to your Desktop.


  • Doubleclick on TDSSKiller.exe to run the application, then click on Change parameters.

    Posted Image
  • Check the boxes beside Verify Driver Digital Signature and Detect TDLFS file system, then click OK.

    Posted Image
  • Click the Start Scan button.

    Posted Image
  • If a suspicious object is detected, the default action will be Skip, click on Continue.

    Posted Image
  • If malicious objects are found, they will show in the Scan results and offer three (3) options.
  • Ensure SKIP is selected, then click Continue => Reboot now to finish the cleaning process.

    Posted Image
  • Note: Do not choose Cure or Delete unless instructed.

A report will be created in your root directory, (usually C:\ folder) in the form of "TDSSKiller.[Version]_[Date]_[Time]_log.txt". Please copy and paste its contents on your next reply.


NEXT:



Running aswMBR.exe

Download aswMBR.exe (4.5mb) to your desktop.
Double click the aswMBR.exe to run it Click the "Scan" button to start scan

Posted Image

On completion of the scan click save log, save it to your desktop and post in your next reply

Posted Image



NEXT:



Farbar Service Scanner

Please download Farbar Service Scanner and run it on the computer with the issue.
  • Make sure the following options are checked:
    • Internet Services
    • Windows Firewall
    • System Restore
    • Security Center
    • Windows Update
  • Press "Scan".
  • It will create a log (FSS.txt) in the same directory the tool is run.
  • Please copy and paste the log to your reply.


NEXT:


Running OTL

We need to create a New FULL OTL Report
  • Please download OTL from here if you have not done so already:
  • Save it to your desktop.
  • Double click on the Posted Image icon on your desktop.
  • Click the "Scan All Users" checkbox.
  • Change the "Extra Registry" option to "SafeList"
  • In the custom scan box paste the following:
    msconfig
    safebootminimal
    activex
    drivers32
    netsvcs
    "%WinDir%\$NtUninstallKB*$." /30
    C:\Program Files\Common Files\ComObjects\*.* /s
    %systemroot%\*. /mp /s
    %systemroot%\*. /rp /s
    %systemroot%\system32\*.dll /lockedfiles
    %systemroot%\Tasks\*.job /lockedfiles
    %systemroot%\system32\drivers\*.sys /lockedfiles
    %systemroot%\System32\config\*.sav
    %systemroot%\system32\drivers\*.sys /90
    %SYSTEMDRIVE%\*.exe
    /md5start
    MpFilter.sys
    volsnap.sys
    atapi.sys
    explorer.exe
    winlogon.exe
    wininit.exe
    tdx.sys
    /md5stop
    hklm\software\clients\startmenuinternet|command /rs
    hklm\software\clients\startmenuinternet|command /64 /rs
    
  • Push the Posted Image button.
  • Two reports will open, copy and paste them in a reply here:
    • OTL.txt <-- Will be opened
    • Extras.txt <-- Will be minimized


NEXT:



Please make sure you include the following items in your next post:

1. Any comments or questions you may have that you'd like for me to answer in my next post to you.
2. TDSSKiller log.
3. aswMBR log.
4. Farbar Service Scanner log.
5. OTL.txt & Extras.txt logs.
6. An update on how your computer is currently running.

It would be helpful if you could answer each question in the order asked, as well as numbering your answers.


Please let me know how the above scans go.

Kindest Regards,
Agent ST.

Have I helped you? If you'd like to assist in the fight against malware, click here Posted Image


The instructions seen in this post have been specifically tailored to this user and the issues they are experiencing with their computer. If you think you have a similar problem, please first read this topic, and then begin your own, new thread. I do not offer private support via Private Message.


#3 mypcsupportteam

mypcsupportteam
  • Topic Starter

  • Members
  • 11 posts
  • OFFLINE
  •  
  • Local time:11:30 PM

Posted 23 February 2012 - 12:46 PM

OOps see below

Edited by mypcsupportteam, 23 February 2012 - 01:22 PM.


#4 mypcsupportteam

mypcsupportteam
  • Topic Starter

  • Members
  • 11 posts
  • OFFLINE
  •  
  • Local time:11:30 PM

Posted 23 February 2012 - 12:47 PM

Hello Agent ST, boy this one has me stumped. I will attach the logs as requested and look forward to resolving this. PC is running and it has internet. Malwarebytes does not detect virus but everytime I run combofix it finds the rootkit and wants to reboot, but I remain infected and my biggest concern is how it has lock down my network so I can't change the computer name or add or drop from domains. I know that there are several services including "workstation" that will not run. I am attaching the logs in the order you requested below:



08:29:56.0406 1240 TDSS rootkit removing tool 2.7.13.0 Feb 15 2012 19:33:14
08:29:56.0859 1240 ============================================================
08:29:56.0859 1240 Current date / time: 2012/02/23 08:29:56.0859
08:29:56.0859 1240 SystemInfo:
08:29:56.0859 1240
08:29:56.0859 1240 OS Version: 5.1.2600 ServicePack: 3.0
08:29:56.0859 1240 Product type: Workstation
08:29:56.0859 1240 ComputerName: CBW-EST2
08:29:56.0859 1240 UserName: gtorres
08:29:56.0859 1240 Windows directory: C:\WINDOWS
08:29:56.0859 1240 System windows directory: C:\WINDOWS
08:29:56.0859 1240 Processor architecture: Intel x86
08:29:56.0859 1240 Number of processors: 2
08:29:56.0859 1240 Page size: 0x1000
08:29:56.0859 1240 Boot type: Normal boot
08:29:56.0859 1240 ============================================================
08:29:59.0078 1240 Drive \Device\Harddisk0\DR0 - Size: 0x25433D6000 (149.05 Gb), SectorSize: 0x200, Cylinders: 0x4C01, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000058
08:29:59.0078 1240 \Device\Harddisk0\DR0:
08:29:59.0078 1240 MBR used
08:29:59.0078 1240 \Device\Harddisk0\DR0\Partition0: MBR, Type 0x7, StartLBA 0x3F, BlocksNum 0x12A14BC1
08:29:59.0109 1240 Initialize success
08:29:59.0109 1240 ============================================================
08:30:16.0703 1512 ============================================================
08:30:16.0703 1512 Scan started
08:30:16.0703 1512 Mode: Manual; SigCheck; TDLFS;
08:30:16.0703 1512 ============================================================
08:30:17.0343 1512 Scan interrupted by user!
08:30:17.0343 1512 Scan interrupted by user!
08:30:17.0343 1512 Scan interrupted by user!
08:30:17.0343 1512 ============================================================
08:30:17.0343 1512 Scan finished
08:30:17.0343 1512 ============================================================
08:30:17.0343 2568 Detected object count: 0
08:30:17.0343 2568 Actual detected object count: 0
08:30:24.0203 2560 ============================================================
08:30:24.0203 2560 Scan started
08:30:24.0203 2560 Mode: Manual; SigCheck; TDLFS;
08:30:24.0203 2560 ============================================================
08:30:24.0765 2560 Abiosdsk - ok
08:30:24.0781 2560 abp480n5 - ok
08:30:24.0828 2560 ACPI (8fd99680a539792a30e97944fdaecf17) C:\WINDOWS\system32\DRIVERS\ACPI.sys
08:30:25.0015 2560 ACPI - ok
08:30:25.0031 2560 ACPIEC (9859c0f6936e723e4892d7141b1327d5) C:\WINDOWS\system32\drivers\ACPIEC.sys
08:30:25.0140 2560 ACPIEC - ok
08:30:25.0156 2560 adpu160m - ok
08:30:25.0203 2560 aec (8bed39e3c35d6a489438b8141717a557) C:\WINDOWS\system32\drivers\aec.sys
08:30:25.0312 2560 aec - ok
08:30:25.0359 2560 AFD (1e44bc1e83d8fd2305f8d452db109cf9) C:\WINDOWS\System32\drivers\afd.sys
08:30:25.0390 2560 AFD - ok
08:30:25.0390 2560 Aha154x - ok
08:30:25.0406 2560 aic78u2 - ok
08:30:25.0406 2560 aic78xx - ok
08:30:25.0421 2560 AliIde - ok
08:30:25.0500 2560 Ambfilt (267fc636801edc5ab28e14036349e3be) C:\WINDOWS\system32\drivers\Ambfilt.sys
08:30:25.0578 2560 Ambfilt - ok
08:30:25.0578 2560 amsint - ok
08:30:25.0593 2560 asc - ok
08:30:25.0609 2560 asc3350p - ok
08:30:25.0609 2560 asc3550 - ok
08:30:25.0656 2560 AsyncMac (b153affac761e7f5fcfa822b9c4e97bc) C:\WINDOWS\system32\DRIVERS\asyncmac.sys
08:30:25.0765 2560 AsyncMac - ok
08:30:25.0781 2560 atapi (9f3a2f5aa6875c72bf062c712cfa2674) C:\WINDOWS\system32\DRIVERS\atapi.sys
08:30:25.0890 2560 atapi - ok
08:30:25.0906 2560 Atdisk - ok
08:30:25.0921 2560 Atmarpc (9916c1225104ba14794209cfa8012159) C:\WINDOWS\system32\DRIVERS\atmarpc.sys
08:30:26.0046 2560 Atmarpc - ok
08:30:26.0078 2560 audstub (d9f724aa26c010a217c97606b160ed68) C:\WINDOWS\system32\DRIVERS\audstub.sys
08:30:26.0203 2560 audstub - ok
08:30:26.0250 2560 Beep (da1f27d85e0d1525f6621372e7b685e9) C:\WINDOWS\system32\drivers\Beep.sys
08:30:26.0375 2560 Beep - ok
08:30:26.0515 2560 catchme - ok
08:30:26.0531 2560 cbidf2k (90a673fc8e12a79afbed2576f6a7aaf9) C:\WINDOWS\system32\drivers\cbidf2k.sys
08:30:26.0671 2560 cbidf2k - ok
08:30:26.0671 2560 cd20xrnt - ok
08:30:26.0718 2560 Cdaudio (c1b486a7658353d33a10cc15211a873b) C:\WINDOWS\system32\drivers\Cdaudio.sys
08:30:26.0843 2560 Cdaudio - ok
08:30:26.0843 2560 Cdfs (c885b02847f5d2fd45a24e219ed93b32) C:\WINDOWS\system32\drivers\Cdfs.sys
08:30:26.0968 2560 Cdfs - ok
08:30:27.0000 2560 Cdrom (1f4260cc5b42272d71f79e570a27a4fe) C:\WINDOWS\system32\DRIVERS\cdrom.sys
08:30:27.0125 2560 Cdrom - ok
08:30:27.0125 2560 Changer - ok
08:30:27.0140 2560 CmdIde - ok
08:30:27.0156 2560 Cpqarray - ok
08:30:27.0171 2560 dac2w2k - ok
08:30:27.0171 2560 dac960nt - ok
08:30:27.0203 2560 Disk (044452051f3e02e7963599fc8f4f3e25) C:\WINDOWS\system32\DRIVERS\disk.sys
08:30:27.0328 2560 Disk - ok
08:30:27.0359 2560 dmboot (d992fe1274bde0f84ad826acae022a41) C:\WINDOWS\system32\drivers\dmboot.sys
08:30:27.0515 2560 dmboot - ok
08:30:27.0531 2560 dmio (7c824cf7bbde77d95c08005717a95f6f) C:\WINDOWS\system32\drivers\dmio.sys
08:30:27.0656 2560 dmio - ok
08:30:27.0687 2560 dmload (e9317282a63ca4d188c0df5e09c6ac5f) C:\WINDOWS\system32\drivers\dmload.sys
08:30:27.0812 2560 dmload - ok
08:30:27.0890 2560 DMusic (8a208dfcf89792a484e76c40e5f50b45) C:\WINDOWS\system32\drivers\DMusic.sys
08:30:28.0031 2560 DMusic - ok
08:30:28.0031 2560 dpti2o - ok
08:30:28.0062 2560 drmkaud (8f5fcff8e8848afac920905fbd9d33c8) C:\WINDOWS\system32\drivers\drmkaud.sys
08:30:28.0171 2560 drmkaud - ok
08:30:28.0203 2560 Fastfat (38d332a6d56af32635675f132548343e) C:\WINDOWS\system32\drivers\Fastfat.sys
08:30:28.0343 2560 Fastfat - ok
08:30:28.0359 2560 Fdc (92cdd60b6730b9f50f6a1a0c1f8cdc81) C:\WINDOWS\system32\DRIVERS\fdc.sys
08:30:28.0484 2560 Fdc - ok
08:30:28.0500 2560 Fips (d45926117eb9fa946a6af572fbe1caa3) C:\WINDOWS\system32\drivers\Fips.sys
08:30:28.0625 2560 Fips - ok
08:30:28.0640 2560 Flpydisk (9d27e7b80bfcdf1cdd9b555862d5e7f0) C:\WINDOWS\system32\DRIVERS\flpydisk.sys
08:30:28.0781 2560 Flpydisk - ok
08:30:28.0796 2560 FltMgr (b2cf4b0786f8212cb92ed2b50c6db6b0) C:\WINDOWS\system32\DRIVERS\fltMgr.sys
08:30:28.0921 2560 FltMgr - ok
08:30:28.0937 2560 Fs_Rec (3e1e2bd4f39b0e2b7dc4f4d2bcc2779a) C:\WINDOWS\system32\drivers\Fs_Rec.sys
08:30:29.0062 2560 Fs_Rec - ok
08:30:29.0093 2560 Ftdisk (6ac26732762483366c3969c9e4d2259d) C:\WINDOWS\system32\DRIVERS\ftdisk.sys
08:30:29.0218 2560 Ftdisk - ok
08:30:29.0250 2560 GEARAspiWDM (8182ff89c65e4d38b2de4bb0fb18564e) C:\WINDOWS\system32\DRIVERS\GEARAspiWDM.sys
08:30:29.0265 2560 GEARAspiWDM - ok
08:30:29.0281 2560 Gpc (0a02c63c8b144bd8c86b103dee7c86a2) C:\WINDOWS\system32\DRIVERS\msgpc.sys
08:30:29.0406 2560 Gpc - ok
08:30:29.0453 2560 HDAudBus (573c7d0a32852b48f3058cfd8026f511) C:\WINDOWS\system32\DRIVERS\HDAudBus.sys
08:30:29.0578 2560 HDAudBus - ok
08:30:29.0625 2560 hidusb (ccf82c5ec8a7326c3066de870c06daf1) C:\WINDOWS\system32\DRIVERS\hidusb.sys
08:30:29.0765 2560 hidusb - ok
08:30:29.0765 2560 hpn - ok
08:30:29.0828 2560 HTTP (f80a415ef82cd06ffaf0d971528ead38) C:\WINDOWS\system32\Drivers\HTTP.sys
08:30:29.0843 2560 HTTP - ok
08:30:29.0859 2560 i2omgmt - ok
08:30:29.0859 2560 i2omp - ok
08:30:29.0906 2560 i8042prt (4a0b06aa8943c1e332520f7440c0aa30) C:\WINDOWS\system32\DRIVERS\i8042prt.sys
08:30:30.0015 2560 i8042prt - ok
08:30:30.0031 2560 Imapi (083a052659f5310dd8b6a6cb05edcf8e) C:\WINDOWS\system32\DRIVERS\imapi.sys
08:30:30.0171 2560 Imapi - ok
08:30:30.0171 2560 ini910u - ok
08:30:30.0359 2560 IntcAzAudAddService (0021d1fab7bccfe78aca87eed3732b78) C:\WINDOWS\system32\drivers\RtkHDAud.sys
08:30:30.0578 2560 IntcAzAudAddService - ok
08:30:30.0593 2560 IntelIde - ok
08:30:30.0625 2560 Ip6Fw (3bb22519a194418d5fec05d800a19ad0) C:\WINDOWS\system32\DRIVERS\Ip6Fw.sys
08:30:30.0734 2560 Ip6Fw - ok
08:30:30.0765 2560 IpFilterDriver (731f22ba402ee4b62748adaf6363c182) C:\WINDOWS\system32\DRIVERS\ipfltdrv.sys
08:30:30.0906 2560 IpFilterDriver - ok
08:30:30.0921 2560 IpInIp (b87ab476dcf76e72010632b5550955f5) C:\WINDOWS\system32\DRIVERS\ipinip.sys
08:30:31.0031 2560 IpInIp - ok
08:30:31.0062 2560 IpNat (cc748ea12c6effde940ee98098bf96bb) C:\WINDOWS\system32\DRIVERS\ipnat.sys
08:30:31.0203 2560 IpNat - ok
08:30:31.0218 2560 IPSec (23c74d75e36e7158768dd63d92789a91) C:\WINDOWS\system32\DRIVERS\ipsec.sys
08:30:31.0343 2560 IPSec - ok
08:30:31.0359 2560 IRENUM (c93c9ff7b04d772627a3646d89f7bf89) C:\WINDOWS\system32\DRIVERS\irenum.sys
08:30:31.0421 2560 IRENUM - ok
08:30:31.0453 2560 isapnp (05a299ec56e52649b1cf2fc52d20f2d7) C:\WINDOWS\system32\DRIVERS\isapnp.sys
08:30:31.0578 2560 isapnp - ok
08:30:31.0593 2560 Kbdclass (463c1ec80cd17420a542b7f36a36f128) C:\WINDOWS\system32\DRIVERS\kbdclass.sys
08:30:31.0718 2560 Kbdclass - ok
08:30:31.0718 2560 kbdhid (9ef487a186dea361aa06913a75b3fa99) C:\WINDOWS\system32\DRIVERS\kbdhid.sys
08:30:31.0843 2560 kbdhid - ok
08:30:31.0890 2560 kmixer (692bcf44383d056aed41b045a323d378) C:\WINDOWS\system32\drivers\kmixer.sys
08:30:32.0015 2560 kmixer - ok
08:30:32.0031 2560 KSecDD (b467646c54cc746128904e1654c750c1) C:\WINDOWS\system32\drivers\KSecDD.sys
08:30:32.0062 2560 KSecDD - ok
08:30:32.0078 2560 lbrtfdc - ok
08:30:32.0109 2560 MBAMProtector (b7ca8cc3f978201856b6ab82f40953c3) C:\WINDOWS\system32\drivers\mbam.sys
08:30:32.0109 2560 MBAMProtector - ok
08:30:32.0125 2560 mnmdd (4ae068242760a1fb6e1a44bf4e16afa6) C:\WINDOWS\system32\drivers\mnmdd.sys
08:30:32.0265 2560 mnmdd - ok
08:30:32.0312 2560 Modem (dfcbad3cec1c5f964962ae10e0bcc8e1) C:\WINDOWS\system32\drivers\Modem.sys
08:30:32.0437 2560 Modem - ok
08:30:32.0484 2560 Monfilt (c7d9f9717916b34c1b00dd4834af485c) C:\WINDOWS\system32\drivers\Monfilt.sys
08:30:32.0546 2560 Monfilt - ok
08:30:32.0578 2560 Mouclass (35c9e97194c8cfb8430125f8dbc34d04) C:\WINDOWS\system32\DRIVERS\mouclass.sys
08:30:32.0687 2560 Mouclass - ok
08:30:32.0734 2560 mouhid (b1c303e17fb9d46e87a98e4ba6769685) C:\WINDOWS\system32\DRIVERS\mouhid.sys
08:30:32.0859 2560 mouhid - ok
08:30:32.0890 2560 MountMgr (a80b9a0bad1b73637dbcbba7df72d3fd) C:\WINDOWS\system32\drivers\MountMgr.sys
08:30:33.0000 2560 MountMgr - ok
08:30:33.0015 2560 MpFilter - ok
08:30:33.0015 2560 mraid35x - ok
08:30:33.0031 2560 MRxDAV (11d42bb6206f33fbb3ba0288d3ef81bd) C:\WINDOWS\system32\DRIVERS\mrxdav.sys
08:30:33.0140 2560 MRxDAV - ok
08:30:33.0156 2560 MRxSmb - ok
08:30:33.0187 2560 Msfs (c941ea2454ba8350021d774daf0f1027) C:\WINDOWS\system32\drivers\Msfs.sys
08:30:33.0312 2560 Msfs - ok
08:30:33.0328 2560 MSKSSRV (d1575e71568f4d9e14ca56b7b0453bf1) C:\WINDOWS\system32\drivers\MSKSSRV.sys
08:30:33.0468 2560 MSKSSRV - ok
08:30:33.0500 2560 MSPCLOCK (325bb26842fc7ccc1fcce2c457317f3e) C:\WINDOWS\system32\drivers\MSPCLOCK.sys
08:30:33.0609 2560 MSPCLOCK - ok
08:30:33.0625 2560 MSPQM (bad59648ba099da4a17680b39730cb3d) C:\WINDOWS\system32\drivers\MSPQM.sys
08:30:33.0765 2560 MSPQM - ok
08:30:33.0796 2560 mssmbios (af5f4f3f14a8ea2c26de30f7a1e17136) C:\WINDOWS\system32\DRIVERS\mssmbios.sys
08:30:33.0921 2560 mssmbios - ok
08:30:33.0937 2560 Mup (de6a75f5c270e756c5508d94b6cf68f5) C:\WINDOWS\system32\drivers\Mup.sys
08:30:33.0953 2560 Mup - ok
08:30:33.0984 2560 NDIS (1df7f42665c94b825322fae71721130d) C:\WINDOWS\system32\drivers\NDIS.sys
08:30:34.0109 2560 NDIS - ok
08:30:34.0140 2560 NdisTapi (0109c4f3850dfbab279542515386ae22) C:\WINDOWS\system32\DRIVERS\ndistapi.sys
08:30:34.0171 2560 NdisTapi - ok
08:30:34.0203 2560 Ndisuio (f927a4434c5028758a842943ef1a3849) C:\WINDOWS\system32\DRIVERS\ndisuio.sys
08:30:34.0312 2560 Ndisuio - ok
08:30:34.0343 2560 NdisWan (edc1531a49c80614b2cfda43ca8659ab) C:\WINDOWS\system32\DRIVERS\ndiswan.sys
08:30:34.0468 2560 NdisWan - ok
08:30:34.0515 2560 NDProxy (9282bd12dfb069d3889eb3fcc1000a9b) C:\WINDOWS\system32\drivers\NDProxy.sys
08:30:34.0531 2560 NDProxy - ok
08:30:34.0562 2560 NetBIOS (5d81cf9a2f1a3a756b66cf684911cdf0) C:\WINDOWS\system32\DRIVERS\netbios.sys
08:30:34.0671 2560 NetBIOS - ok
08:30:34.0718 2560 NetBT (74b2b2f5bea5e9a3dc021d685551bd3d) C:\WINDOWS\system32\DRIVERS\netbt.sys
08:30:34.0843 2560 NetBT - ok
08:30:34.0875 2560 NgFilter - ok
08:30:34.0875 2560 NgLog - ok
08:30:34.0890 2560 NgVpn - ok
08:30:34.0890 2560 NgWfp - ok
08:30:34.0921 2560 nm (1e421a6bcf2203cc61b821ada9de878b) C:\WINDOWS\system32\DRIVERS\NMnt.sys
08:30:35.0031 2560 nm - ok
08:30:35.0046 2560 Npfs (3182d64ae053d6fb034f44b6def8034a) C:\WINDOWS\system32\drivers\Npfs.sys
08:30:35.0156 2560 Npfs - ok
08:30:35.0187 2560 Ntfs (78a08dd6a8d65e697c18e1db01c5cdca) C:\WINDOWS\system32\drivers\Ntfs.sys
08:30:35.0328 2560 Ntfs - ok
08:30:35.0359 2560 Null (73c1e1f395918bc2c6dd67af7591a3ad) C:\WINDOWS\system32\drivers\Null.sys
08:30:35.0500 2560 Null - ok
08:30:35.0718 2560 nv (4c3696c1ed1a36629ebb348bf745a328) C:\WINDOWS\system32\DRIVERS\nv4_mini.sys
08:30:35.0968 2560 nv - ok
08:30:36.0000 2560 NVENETFD (5110ccb98c9883177754549f033f7f89) C:\WINDOWS\system32\DRIVERS\NVENETFD.sys
08:30:36.0031 2560 NVENETFD - ok
08:30:36.0046 2560 nvgts (cb136553fe924fe1343d0df8e838cebe) C:\WINDOWS\system32\DRIVERS\nvgts.sys
08:30:36.0062 2560 nvgts - ok
08:30:36.0078 2560 nvnetbus (a5f0ee23d37e375d2f93691b6eeff7a0) C:\WINDOWS\system32\DRIVERS\nvnetbus.sys
08:30:36.0109 2560 nvnetbus - ok
08:30:36.0140 2560 NwlnkFlt (b305f3fad35083837ef46a0bbce2fc57) C:\WINDOWS\system32\DRIVERS\nwlnkflt.sys
08:30:36.0265 2560 NwlnkFlt - ok
08:30:36.0265 2560 NwlnkFwd (c99b3415198d1aab7227f2c88fd664b9) C:\WINDOWS\system32\DRIVERS\nwlnkfwd.sys
08:30:36.0406 2560 NwlnkFwd - ok
08:30:36.0453 2560 Parport (5575faf8f97ce5e713d108c2a58d7c7c) C:\WINDOWS\system32\DRIVERS\parport.sys
08:30:36.0578 2560 Parport - ok
08:30:36.0609 2560 PartMgr (beb3ba25197665d82ec7065b724171c6) C:\WINDOWS\system32\drivers\PartMgr.sys
08:30:36.0734 2560 PartMgr - ok
08:30:36.0765 2560 ParVdm (70e98b3fd8e963a6a46a2e6247e0bea1) C:\WINDOWS\system32\drivers\ParVdm.sys
08:30:36.0875 2560 ParVdm - ok
08:30:36.0890 2560 PCI (a219903ccf74233761d92bef471a07b1) C:\WINDOWS\system32\DRIVERS\pci.sys
08:30:37.0031 2560 PCI - ok
08:30:37.0031 2560 PCIDump - ok
08:30:37.0062 2560 PCIIde (ccf5f451bb1a5a2a522a76e670000ff0) C:\WINDOWS\system32\DRIVERS\pciide.sys
08:30:37.0171 2560 PCIIde - ok
08:30:37.0203 2560 Pcmcia (9e89ef60e9ee05e3f2eef2da7397f1c1) C:\WINDOWS\system32\drivers\Pcmcia.sys
08:30:37.0328 2560 Pcmcia - ok
08:30:37.0328 2560 PDCOMP - ok
08:30:37.0343 2560 PDFRAME - ok
08:30:37.0343 2560 PDRELI - ok
08:30:37.0359 2560 PDRFRAME - ok
08:30:37.0359 2560 perc2 - ok
08:30:37.0375 2560 perc2hib - ok
08:30:37.0421 2560 PptpMiniport (efeec01b1d3cf84f16ddd24d9d9d8f99) C:\WINDOWS\system32\DRIVERS\raspptp.sys
08:30:37.0531 2560 PptpMiniport - ok
08:30:37.0562 2560 Processor (a32bebaf723557681bfc6bd93e98bd26) C:\WINDOWS\system32\DRIVERS\processr.sys
08:30:37.0703 2560 Processor - ok
08:30:37.0703 2560 PROCEXP150 - ok
08:30:37.0718 2560 PSched (09298ec810b07e5d582cb3a3f9255424) C:\WINDOWS\system32\DRIVERS\psched.sys
08:30:37.0828 2560 PSched - ok
08:30:37.0843 2560 Ptilink (80d317bd1c3dbc5d4fe7b1678c60cadd) C:\WINDOWS\system32\DRIVERS\ptilink.sys
08:30:37.0968 2560 Ptilink - ok
08:30:37.0968 2560 ql1080 - ok
08:30:37.0984 2560 Ql10wnt - ok
08:30:38.0000 2560 ql12160 - ok
08:30:38.0000 2560 ql1240 - ok
08:30:38.0015 2560 ql1280 - ok
08:30:38.0031 2560 RasAcd (fe0d99d6f31e4fad8159f690d68ded9c) C:\WINDOWS\system32\DRIVERS\rasacd.sys
08:30:38.0140 2560 RasAcd - ok
08:30:38.0156 2560 Rasl2tp (11b4a627bc9614b885c4969bfa5ff8a6) C:\WINDOWS\system32\DRIVERS\rasl2tp.sys
08:30:38.0281 2560 Rasl2tp - ok
08:30:38.0296 2560 RasPppoe (5bc962f2654137c9909c3d4603587dee) C:\WINDOWS\system32\DRIVERS\raspppoe.sys
08:30:38.0421 2560 RasPppoe - ok
08:30:38.0421 2560 Raspti (fdbb1d60066fcfbb7452fd8f9829b242) C:\WINDOWS\system32\DRIVERS\raspti.sys
08:30:38.0546 2560 Raspti - ok
08:30:38.0546 2560 Rdbss (7ad224ad1a1437fe28d89cf22b17780a) C:\WINDOWS\system32\DRIVERS\rdbss.sys
08:30:38.0671 2560 Rdbss - ok
08:30:38.0703 2560 RDPCDD (4912d5b403614ce99c28420f75353332) C:\WINDOWS\system32\DRIVERS\RDPCDD.sys
08:30:38.0796 2560 RDPCDD - ok
08:30:38.0828 2560 rdpdr (15cabd0f7c00c47c70124907916af3f1) C:\WINDOWS\system32\DRIVERS\rdpdr.sys
08:30:38.0953 2560 rdpdr - ok
08:30:39.0000 2560 RDPWD (fc105dd312ed64eb66bff111e8ec6eac) C:\WINDOWS\system32\drivers\RDPWD.sys
08:30:39.0031 2560 RDPWD - ok
08:30:39.0062 2560 redbook (f828dd7e1419b6653894a8f97a0094c5) C:\WINDOWS\system32\DRIVERS\redbook.sys
08:30:39.0187 2560 redbook - ok
08:30:39.0250 2560 Secdrv (90a3935d05b494a5a39d37e71f09a677) C:\WINDOWS\system32\DRIVERS\secdrv.sys
08:30:39.0312 2560 Secdrv - ok
08:30:39.0359 2560 serenum (0f29512ccd6bead730039fb4bd2c85ce) C:\WINDOWS\system32\DRIVERS\serenum.sys
08:30:39.0484 2560 serenum - ok
08:30:39.0515 2560 Serial (cca207a8896d4c6a0c9ce29a4ae411a7) C:\WINDOWS\system32\DRIVERS\serial.sys
08:30:39.0625 2560 Serial - ok
08:30:39.0640 2560 Sfloppy (8e6b8c671615d126fdc553d1e2de5562) C:\WINDOWS\system32\drivers\Sfloppy.sys
08:30:39.0765 2560 Sfloppy - ok
08:30:39.0765 2560 Simbad - ok
08:30:39.0781 2560 Sparrow - ok
08:30:39.0828 2560 splitter (ab8b92451ecb048a4d1de7c3ffcb4a9f) C:\WINDOWS\system32\drivers\splitter.sys
08:30:39.0937 2560 splitter - ok
08:30:40.0015 2560 sr (76bb022c2fb6902fd5bdd4f78fc13a5d) C:\WINDOWS\system32\DRIVERS\sr.sys
08:30:40.0046 2560 sr - ok
08:30:40.0078 2560 Srv (47ddfc2f003f7f9f0592c6874962a2e7) C:\WINDOWS\system32\DRIVERS\srv.sys
08:30:40.0109 2560 Srv - ok
08:30:40.0125 2560 swenum (3941d127aef12e93addf6fe6ee027e0f) C:\WINDOWS\system32\DRIVERS\swenum.sys
08:30:40.0234 2560 swenum - ok
08:30:40.0265 2560 swmidi (8ce882bcc6cf8a62f2b2323d95cb3d01) C:\WINDOWS\system32\drivers\swmidi.sys
08:30:40.0390 2560 swmidi - ok
08:30:40.0390 2560 symc810 - ok
08:30:40.0406 2560 symc8xx - ok
08:30:40.0406 2560 sym_hi - ok
08:30:40.0421 2560 sym_u3 - ok
08:30:40.0453 2560 sysaudio (8b83f3ed0f1688b4958f77cd6d2bf290) C:\WINDOWS\system32\drivers\sysaudio.sys
08:30:40.0562 2560 sysaudio - ok
08:30:40.0625 2560 Tcpip (9aefa14bd6b182d61e3119fa5f436d3d) C:\WINDOWS\system32\DRIVERS\tcpip.sys
08:30:40.0656 2560 Tcpip - ok
08:30:40.0687 2560 Tcpip6 (4e53bbcc4be37d7a4bd6ef1098c89ff7) C:\WINDOWS\system32\DRIVERS\tcpip6.sys
08:30:40.0703 2560 Tcpip6 - ok
08:30:40.0734 2560 TDPIPE (6471a66807f5e104e4885f5b67349397) C:\WINDOWS\system32\drivers\TDPIPE.sys
08:30:40.0843 2560 TDPIPE - ok
08:30:40.0875 2560 TDTCP (c56b6d0402371cf3700eb322ef3aaf61) C:\WINDOWS\system32\drivers\TDTCP.sys
08:30:41.0000 2560 TDTCP - ok
08:30:41.0031 2560 TermDD (88155247177638048422893737429d9e) C:\WINDOWS\system32\DRIVERS\termdd.sys
08:30:41.0171 2560 TermDD - ok
08:30:41.0187 2560 TosIde - ok
08:30:41.0218 2560 tunmp (8f861eda21c05857eb8197300a92501c) C:\WINDOWS\system32\DRIVERS\tunmp.sys
08:30:41.0359 2560 tunmp - ok
08:30:41.0390 2560 Udfs (5787b80c2e3c5e2f56c2a233d91fa2c9) C:\WINDOWS\system32\drivers\Udfs.sys
08:30:41.0515 2560 Udfs - ok
08:30:41.0531 2560 ultra - ok
08:30:41.0578 2560 Update (402ddc88356b1bac0ee3dd1580c76a31) C:\WINDOWS\system32\DRIVERS\update.sys
08:30:41.0687 2560 Update - ok
08:30:41.0734 2560 USBAAPL (d4fb6ecc60a428564ba8768b0e23c0fc) C:\WINDOWS\system32\Drivers\usbaapl.sys
08:30:41.0765 2560 USBAAPL - ok
08:30:41.0796 2560 usbccgp (173f317ce0db8e21322e71b7e60a27e8) C:\WINDOWS\system32\DRIVERS\usbccgp.sys
08:30:41.0906 2560 usbccgp - ok
08:30:41.0937 2560 usbehci (65dcf09d0e37d4c6b11b5b0b76d470a7) C:\WINDOWS\system32\DRIVERS\usbehci.sys
08:30:42.0062 2560 usbehci - ok
08:30:42.0062 2560 usbhub (1ab3cdde553b6e064d2e754efe20285c) C:\WINDOWS\system32\DRIVERS\usbhub.sys
08:30:42.0187 2560 usbhub - ok
08:30:42.0187 2560 usbohci (0daecce65366ea32b162f85f07c6753b) C:\WINDOWS\system32\DRIVERS\usbohci.sys
08:30:42.0312 2560 usbohci - ok
08:30:42.0343 2560 usbscan (a0b8cf9deb1184fbdd20784a58fa75d4) C:\WINDOWS\system32\DRIVERS\usbscan.sys
08:30:42.0468 2560 usbscan - ok
08:30:42.0515 2560 USBSTOR (a32426d9b14a089eaa1d922e0c5801a9) C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS
08:30:42.0625 2560 USBSTOR - ok
08:30:42.0656 2560 VgaSave (0d3a8fafceacd8b7625cd549757a7df1) C:\WINDOWS\System32\drivers\vga.sys
08:30:42.0796 2560 VgaSave - ok
08:30:42.0796 2560 ViaIde - ok
08:30:42.0828 2560 VolSnap (4c8fcb5cc53aab716d810740fe59d025) C:\WINDOWS\system32\drivers\VolSnap.sys
08:30:42.0968 2560 VolSnap - ok
08:30:43.0000 2560 Wanarp (e20b95baedb550f32dd489265c1da1f6) C:\WINDOWS\system32\DRIVERS\wanarp.sys
08:30:43.0125 2560 Wanarp - ok
08:30:43.0125 2560 WDICA - ok
08:30:43.0171 2560 wdmaud (6768acf64b18196494413695f0c3a00f) C:\WINDOWS\system32\drivers\wdmaud.sys
08:30:43.0281 2560 wdmaud - ok
08:30:43.0343 2560 WS2IFSL (6abe6e225adb5a751622a9cc3bc19ce8) C:\WINDOWS\System32\drivers\ws2ifsl.sys
08:30:43.0468 2560 WS2IFSL - ok
08:30:43.0515 2560 MBR (0x1B8) (8f558eb6672622401da993e1e865c861) \Device\Harddisk0\DR0
08:30:43.0687 2560 \Device\Harddisk0\DR0 - ok
08:30:43.0687 2560 Boot (0x1200) (41389a46d1be0c959ddf0b8375ccc46a) \Device\Harddisk0\DR0\Partition0
08:30:43.0687 2560 \Device\Harddisk0\DR0\Partition0 - ok
08:30:43.0687 2560 ============================================================
08:30:43.0687 2560 Scan finished
08:30:43.0687 2560 ============================================================
08:30:43.0796 3340 Detected object count: 0
08:30:43.0796 3340 Actual detected object count: 0







aswMBR version 0.9.9.1649 Copyright© 2011 AVAST Software
Run date: 2012-02-23 08:38:41
-----------------------------
08:38:41.062 OS Version: Windows 5.1.2600 Service Pack 3
08:38:41.062 Number of processors: 2 586 0x4B02
08:38:41.062 ComputerName: CBW-EST2 UserName: gtorres
08:38:41.484 Initialize success
08:39:38.421 AVAST engine defs: 12022300
08:44:15.156 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Scsi\nvgts1Port2Path0Target0Lun0
08:44:15.156 Disk 0 Vendor: WDC_WD16 05.0 Size: 152627MB BusType: 3
08:44:15.156 Device \Driver\nvgts -> DriverStartIo SCSIPORT.SYS b7ecb40e
08:44:15.171 Disk 0 MBR read successfully
08:44:15.171 Disk 0 MBR scan
08:44:15.203 Disk 0 Windows XP default MBR code
08:44:15.203 Disk 0 Partition 1 80 (A) 07 HPFS/NTFS NTFS 152617 MB offset 63
08:44:15.203 Disk 0 scanning sectors +312560640
08:44:15.281 Disk 0 scanning C:\WINDOWS\system32\drivers
08:44:20.609 Service scanning
08:44:37.515 Modules scanning
08:44:40.500 Disk 0 trace - called modules:
08:44:40.515 ntkrnlpa.exe catchme.sys CLASSPNP.SYS disk.sys ACPI.sys hal.dll SCSIPORT.SYS nvgts.sys
08:44:40.531 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0x8a34e0f8]
08:44:40.531 3 CLASSPNP.SYS[b80e8fd7] -> nt!IofCallDriver -> \Device\00000066[0x8a370920]
08:44:40.531 5 ACPI.sys[b7f7f620] -> nt!IofCallDriver -> \Device\Scsi\nvgts1Port2Path0Target0Lun0[0x8a381a38]
08:44:41.093 AVAST engine scan C:\WINDOWS
08:44:45.750 AVAST engine scan C:\WINDOWS\system32
08:46:56.156 AVAST engine scan C:\WINDOWS\system32\drivers
08:47:05.171 AVAST engine scan C:\Documents and Settings\Gabriel
08:55:16.968 AVAST engine scan C:\Documents and Settings\All Users
08:58:44.406 Scan finished successfully
09:00:00.609 Disk 0 MBR has been saved successfully to "C:\Documents and Settings\Gabriel\Desktop\Spyware Tools\MBR.dat"
09:00:00.609 The log file has been saved successfully to "C:\Documents and Settings\Gabriel\Desktop\Spyware Tools\aswMBR.txt"


Continued next post

This is the continuation of my post

Farbar Service Scanner Version: 22-02-2012
Ran by gtorres (administrator) on 23-02-2012 at 09:40:11
Running from "C:\Documents and Settings\Gabriel\Desktop\Spyware Tools"
Microsoft Windows XP Professional Service Pack 3 (X86)
Boot Mode: Normal
****************************************************************

Internet Services:
============

Connection Status:
==============
Localhost is accessible.
LAN connected.
Google IP is accessible.
Yahoo IP is accessible.


Windows Firewall:
=============

Firewall Disabled Policy:
==================
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"EnableFirewall"=DWORD:0


System Restore:
============

System Restore Disabled Policy:
========================


Security Center:
============

File Check:
========
C:\WINDOWS\system32\dhcpcsvc.dll => MD5 is legit
C:\WINDOWS\system32\Drivers\afd.sys => MD5 is legit
C:\WINDOWS\system32\Drivers\netbt.sys => MD5 is legit
C:\WINDOWS\system32\Drivers\tcpip.sys => MD5 is legit
C:\WINDOWS\system32\Drivers\ipsec.sys => MD5 is legit
C:\WINDOWS\system32\dnsrslvr.dll => MD5 is legit
C:\WINDOWS\system32\ipnathlp.dll => MD5 is legit
C:\WINDOWS\system32\netman.dll => MD5 is legit
C:\WINDOWS\system32\wbem\WMIsvc.dll => MD5 is legit
C:\WINDOWS\system32\srsvc.dll => MD5 is legit
C:\WINDOWS\system32\Drivers\sr.sys => MD5 is legit
C:\WINDOWS\system32\wscsvc.dll => MD5 is legit
C:\WINDOWS\system32\wbem\WMIsvc.dll => MD5 is legit
C:\WINDOWS\system32\svchost.exe => MD5 is legit
C:\WINDOWS\system32\rpcss.dll => MD5 is legit
C:\WINDOWS\system32\services.exe => MD5 is legit

Extra List:
=======
Gpc(3) IPSec(11) NetBT(12) PSched(9) Tcpip(10) Tcpip6(8)
0x0C0000000B0000000500000001000000020000000300000004000000060000000700000008000000090000000A0000000C000000


**** End of log ****




OTL logfile created on: 2/23/2012 9:01:47 AM - Run 2
OTL by OldTimer - Version 3.2.33.2 Folder = C:\Documents and Settings\Gabriel\Desktop\Spyware Tools
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

2.00 Gb Total Physical Memory | 1.38 Gb Available Physical Memory | 68.83% Memory free
3.85 Gb Paging File | 3.34 Gb Available in Paging File | 86.71% Paging File free
Paging file location(s): C:\pagefile.sys 2046 4092 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 149.04 Gb Total Space | 115.84 Gb Free Space | 77.72% Space Free | Partition Type: NTFS
Drive D: | 642.95 Mb Total Space | 0.00 Mb Free Space | 0.00% Space Free | Partition Type: CDFS

Computer Name: CBW-EST2 | User Name: gtorres | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2012/02/23 09:01:15 | 000,583,680 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Gabriel\Desktop\Spyware Tools\OTL.exe
PRC - [2012/02/23 09:00:19 | 000,337,133 | ---- | M] () -- C:\Documents and Settings\Gabriel\Desktop\Spyware Tools\FSS.exe
PRC - [2012/01/13 14:53:18 | 000,652,360 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
PRC - [2010/11/11 11:26:40 | 000,011,736 | ---- | M] (Microsoft Corporation) -- c:\Program Files\Microsoft Security Client\Antimalware\MsMpEng.exe
PRC - [2009/07/01 18:14:00 | 000,028,672 | ---- | M] (OEConnection) -- C:\Program Files\OEConnection\OEConnection Application Update Service\OECUpdaterService.exe
PRC - [2008/04/14 04:42:20 | 001,033,728 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe


========== Modules (No Company Name) ==========

MOD - [2012/02/23 09:00:19 | 000,337,133 | ---- | M] () -- C:\Documents and Settings\Gabriel\Desktop\Spyware Tools\FSS.exe
MOD - [2012/02/22 03:04:52 | 003,391,488 | ---- | M] () -- c:\windows\assembly\nativeimages1_v1.1.4322\mscorlib\1.0.5000.0__b77a5c561934e089_4f2e49a3\mscorlib.dll
MOD - [2012/02/22 03:04:45 | 002,088,960 | ---- | M] () -- c:\windows\assembly\nativeimages1_v1.1.4322\system.xml\1.0.5000.0__b77a5c561934e089_d65514cc\system.xml.dll
MOD - [2012/02/22 03:04:40 | 003,035,136 | ---- | M] () -- c:\windows\assembly\nativeimages1_v1.1.4322\system.windows.forms\1.0.5000.0__b77a5c561934e089_e6c18e66\system.windows.forms.dll
MOD - [2012/02/22 03:04:28 | 001,966,080 | ---- | M] () -- c:\windows\assembly\nativeimages1_v1.1.4322\system\1.0.5000.0__b77a5c561934e089_d20883ed\system.dll
MOD - [2012/02/22 03:04:16 | 001,269,760 | ---- | M] () -- c:\windows\assembly\gac\system.web\1.0.5000.0__b03f5f7f11d50a3a\system.web.dll
MOD - [2012/02/22 03:04:16 | 001,232,896 | ---- | M] () -- c:\windows\assembly\gac\system\1.0.5000.0__b77a5c561934e089\system.dll
MOD - [2012/02/22 03:04:15 | 002,064,384 | ---- | M] () -- c:\windows\assembly\gac\system.windows.forms\1.0.5000.0__b77a5c561934e089\system.windows.forms.dll
MOD - [2010/03/26 11:03:42 | 000,126,976 | ---- | M] () -- c:\windows\assembly\gac\system.serviceprocess\1.0.5000.0__b03f5f7f11d50a3a\system.serviceprocess.dll
MOD - [2010/03/26 11:03:41 | 001,339,392 | ---- | M] () -- c:\windows\assembly\gac\system.xml\1.0.5000.0__b77a5c561934e089\system.xml.dll
MOD - [2010/03/26 11:03:40 | 000,323,584 | ---- | M] () -- c:\windows\assembly\gac\system.runtime.remoting\1.0.5000.0__b77a5c561934e089\system.runtime.remoting.dll
MOD - [2010/03/26 11:03:39 | 000,131,072 | ---- | M] () -- c:\windows\assembly\gac\system.runtime.serialization.formatters.soap\1.0.5000.0__b03f5f7f11d50a3a\system.runtime.serialization.formatters.soap.dll
MOD - [2010/03/24 20:17:36 | 008,794,464 | ---- | M] () -- C:\Program Files\Microsoft Office\Office14\1033\GrooveIntlResource.dll
MOD - [2010/01/30 01:41:12 | 004,254,560 | ---- | M] () -- C:\Program Files\Common Files\Microsoft Shared\OFFICE14\Cultures\OFFICE.ODF


========== Win32 Services (SafeList) ==========

SRV - File not found [Auto | Stopped] -- -- (se44mdfl)
SRV - [2012/01/13 14:53:18 | 000,652,360 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe -- (MBAMService)
SRV - [2010/11/11 11:26:40 | 000,011,736 | ---- | M] (Microsoft Corporation) [Auto | Running] -- c:\Program Files\Microsoft Security Client\Antimalware\MsMpEng.exe -- (MsMpSvc)
SRV - [2010/03/25 09:25:22 | 030,969,208 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Microsoft Office\Office14\GROOVE.EXE -- (Microsoft SharePoint Workspace Audit Service)
SRV - [2009/07/01 18:14:00 | 000,028,672 | ---- | M] (OEConnection) [Auto | Running] -- C:\Program Files\OEConnection\OEConnection Application Update Service\OECUpdaterService.exe -- (OECApplicationUpdaterService)


========== Driver Services (SafeList) ==========

DRV - File not found [Kernel | On_Demand | Running] -- -- (catchme)
DRV - [2011/12/10 15:24:06 | 000,020,464 | ---- | M] (Malwarebytes Corporation) [File_System | On_Demand | Running] -- C:\WINDOWS\system32\drivers\mbam.sys -- (MBAMProtector)
DRV - [2010/03/25 07:07:10 | 005,862,432 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\RtkHDAud.sys -- (IntcAzAudAddService) Service for Realtek HD Audio (WDM)
DRV - [2010/03/25 07:07:06 | 001,395,800 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\Monfilt.sys -- (Monfilt)
DRV - [2010/03/25 07:07:04 | 001,691,480 | ---- | M] (Creative) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\Ambfilt.sys -- (Ambfilt)
DRV - [2010/03/25 06:58:52 | 000,165,920 | ---- | M] (NVIDIA Corporation) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\nvgts.sys -- (nvgts)
DRV - [2010/03/25 06:58:40 | 000,066,816 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\NVENETFD.sys -- (NVENETFD)
DRV - [2010/03/25 06:58:40 | 000,013,824 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\nvnetbus.sys -- (nvnetbus)
DRV - [2010/02/11 04:02:15 | 000,226,880 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\tcpip6.sys -- (Tcpip6)
DRV - [2008/04/13 23:23:10 | 000,040,320 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\nmnt.sys -- (nm)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0


IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0



IE - HKU\S-1-5-21-1639856103-3518354671-3985206489-1188\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://www.msn.com/?ocid=iehp
IE - HKU\S-1-5-21-1639856103-3518354671-3985206489-1188\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-us
IE - HKU\S-1-5-21-1639856103-3518354671-3985206489-1188\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 78 60 CE 0E 48 F2 CC 01 [binary data]
IE - HKU\S-1-5-21-1639856103-3518354671-3985206489-1188\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-21-1639856103-3518354671-3985206489-1188\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

========== FireFox ==========

FF - prefs.js..browser.search.defaultenginename: "Bing"
FF - prefs.js..browser.search.defaulturl: "http://www.bing.com/search?FORM=SO3TDF&PC=SUN3&q="
FF - prefs.js..browser.search.useDBForOrder: true
FF - prefs.js..browser.startup.homepage: "http://www.msn.com/?pc=SUN3"
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}:6.0.20
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}:6.0.22
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}:6.0.23
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}:6.0.24
FF - prefs.js..extensions.enabledItems: jqs@sun.com:1.0
FF - prefs.js..keyword.URL: "http://www.bing.com/search?FORM=SO3TDF&PC=SUN3&q="

FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\WINDOWS\system32\Macromed\Flash\NPSWF32.dll ()
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@google.com/npPicasa3,version=3.0.0: C:\Program Files\Google\Picasa3\npPicasa3.dll (Google, Inc.)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\4.0.60831.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\PROGRA~1\MICROS~2\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 3.6.17\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2011/06/01 10:44:24 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 3.6.17\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2011/06/01 10:44:24 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 3.1.9\extensions\\Components: C:\Program Files\Mozilla Thunderbird\components [2011/04/27 09:07:08 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 3.1.9\extensions\\Plugins: C:\Program Files\Mozilla Thunderbird\plugins

[2011/03/29 10:46:25 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Gabriel\Application Data\Mozilla\Extensions
[2011/03/29 10:46:25 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Gabriel\Application Data\Mozilla\Extensions\{3550f703-e582-4d05-9a08-453d09bdfdc6}
[2011/12/14 13:02:15 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Gabriel\Application Data\Mozilla\Firefox\Profiles\hi28lrfl.default\extensions
[2011/04/27 09:21:59 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Documents and Settings\Gabriel\Application Data\Mozilla\Firefox\Profiles\hi28lrfl.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2011/04/05 07:46:47 | 000,001,832 | ---- | M] () -- C:\Documents and Settings\Gabriel\Application Data\Mozilla\Firefox\Profiles\hi28lrfl.default\searchplugins\bing.xml
[2011/12/14 13:02:15 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
[2010/05/11 07:56:09 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}
[2010/10/18 11:37:50 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}
[2010/12/20 22:56:36 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}
[2011/02/23 08:59:10 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}
[2010/05/11 07:55:58 | 000,000,000 | ---D | M] (Java Quick Starter) -- C:\PROGRAM FILES\JAVA\JRE6\LIB\DEPLOY\JQS\FF
[2011/02/02 21:40:24 | 000,472,808 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\mozilla firefox\plugins\npdeployJava1.dll

O1 HOSTS File: ([2012/02/22 16:25:02 | 000,000,855 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (AcroIEHlprObj Class) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
O2 - BHO: (Groove GFS Browser Helper) - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation)
O2 - BHO: (Office Document Cache Handler) - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
O4 - HKLM..\Run: [Malwarebytes' Anti-Malware] C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation)
O4 - HKLM..\Run: [MSC] c:\Program Files\Microsoft Security Client\msseces.exe (Microsoft Corporation)
O4 - HKLM..\Run: [NvCplDaemon] C:\WINDOWS\System32\NvCpl.dll (NVIDIA Corporation)
O4 - HKLM..\Run: [ToasterClient] C:\Program Files\Cyncast\ToasterClient\ToasterClient.exe (Cyncast)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\ALLDATA Collision S3500 EI.lnk = C:\WINDOWS\Installer\{FAA7E737-EBC3-4D92-84F1-040C6FAA13B8}\_B4D93AA2867D2521A059B9.exe ()
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\SmartCapture.lnk = C:\Program Files\Seiko Instruments USA Inc\Smart Label Printer 6.4\slpcap.exe (Seiko Instruments USA Inc.)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\ToasterClient.lnk = C:\WINDOWS\Installer\{0E4D838E-5DA5-49CB-82B6-69E6571A81B1}\_6C5C9500ADDE2498947489.exe ()
O4 - Startup: C:\Documents and Settings\Troberts\Start Menu\Programs\Startup\OpenOffice.org 3.2.lnk = C:\Program Files\OpenOffice.org 3\program\quickstart.exe ()
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoWelcomeScreen = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-21-1639856103-3518354671-3985206489-1188\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-1639856103-3518354671-3985206489-1188\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKU\S-1-5-21-1639856103-3518354671-3985206489-1188\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKU\S-1-5-21-1639856103-3518354671-3985206489-1188\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O9 - Extra Button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : Se&nd to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra Button: OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files\Microsoft Office\Office14\ONBttnIELinkedNotes.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files\Microsoft Office\Office14\ONBttnIELinkedNotes.dll (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000001 [] - C:\WINDOWS\system32\nwprovau.dll (Microsoft Corporation)
O15 - HKU\S-1-5-21-1639856103-3518354671-3985206489-1188\..Trusted Domains: processclaims.com ([]* in Trusted sites)
O15 - HKU\S-1-5-21-1639856103-3518354671-3985206489-1188\..Trusted Domains: processclaims.com ([shopflow] http in Trusted sites)
O16 - DPF: {485D813E-EE26-4DF8-9FAF-DEDF2885306E} http://server/connectcomputer/nshelp.dll (NSHelp Class)
O16 - DPF: {5D357AB9-10EA-49A7-B2EB-B8F07C9E1EF4} http://shopflow.processclaims.com/ShopFlowWeb/WebResource.axd?d=uAxWuL9du8tEA6VQyEYRcP9Mk9SMwbQnDX54lfIJoHPYZBJG_PxVERseDMygzdbcKxhZxCTy6_qOYalgGp4hQPsX_UQjLfF-M04EyqZSPAw1&t=633934566620000000 (ProcessClaims Upload/Download ClientAccess Class)
O16 - DPF: {6B081705-DB09-4C5C-9CD0-F50AE950AB01} http://caf.oeconnection.com/applications/collisionlink/shopclient/install.cab (Reg Error: Key error.)
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} http://www.update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1269527810859 (MUWebControl Class)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab (Java Plug-in 1.6.0_24)
O16 - DPF: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab (Java Plug-in 1.6.0_24)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab (Java Plug-in 1.6.0_24)
O16 - DPF: DownloadClientAccessCab http://www.processclaims.com/web/cab/DownloadClientAccess.CAB (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 209.18.47.61 209.18.47.62
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: Domain = CBW.local
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{FFD80F87-C348-492E-A0DD-837B8ECA782C}: DhcpNameServer = 209.18.47.61 209.18.47.62
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\WINDOWS\system32\userinit.exe) - C:\WINDOWS\system32\userinit.exe (Microsoft Corporation)
O24 - Desktop WallPaper: C:\Documents and Settings\Gabriel\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O24 - Desktop BackupWallPaper: C:\Documents and Settings\Gabriel\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O28 - HKLM ShellExecuteHooks: {56F9679E-7826-4C84-81F3-532071A8BCC5} - C:\Program Files\Windows Desktop Search\MsnlNamespaceMgr.dll (Microsoft Corporation)
O28 - HKLM ShellExecuteHooks: {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2010/03/25 06:14:14 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O32 - AutoRun File - [2006/02/28 04:00:00 | 000,000,110 | R--- | M] () - D:\AUTORUN.INF -- [ CDFS ]
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

MsConfig - StartUpFolder: C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Adobe Acrobat Speed Launcher.lnk - C:\WINDOWS\Installer\{AC76BA86-1033-F400-BA7E-100000000002}\SC_Acrobat.exe - ()
MsConfig - StartUpFolder: C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Windows Search.lnk - C:\Program Files\Windows Desktop Search\WindowsSearch.exe - (Microsoft Corporation)
MsConfig - StartUpFolder: C:^Documents and Settings^Gabriel^Start Menu^Programs^Startup^OpenOffice.org 3.2.lnk - C:\Program Files\OpenOffice.org 3\program\quickstart.exe - ()
MsConfig - StartUpReg: Acrobat Assistant 7.0 - hkey= - key= - C:\Program Files\Adobe\Acrobat 7.0\Distillr\Acrotray.exe (Adobe Systems Inc.)
MsConfig - StartUpReg: BCSSync - hkey= - key= - C:\Program Files\Microsoft Office\Office14\BCSSync.exe (Microsoft Corporation)
MsConfig - StartUpReg: ctfmon.exe - hkey= - key= - File not found
MsConfig - StartUpReg: iTunesHelper - hkey= - key= - C:\Program Files\iTunes\iTunesHelper.exe (Apple Inc.)
MsConfig - StartUpReg: MSMSGS - hkey= - key= - C:\Program Files\Messenger\msmsgs.exe (Microsoft Corporation)
MsConfig - StartUpReg: NvCplDaemon - hkey= - key= - File not found
MsConfig - StartUpReg: NvMediaCenter - hkey= - key= - File not found
MsConfig - StartUpReg: QuickTime Task - hkey= - key= - C:\Program Files\QuickTime\qttask.exe (Apple Inc.)
MsConfig - StartUpReg: RTHDCPL - hkey= - key= - C:\WINDOWS\RTHDCPL.EXE (Realtek Semiconductor Corp.)
MsConfig - StartUpReg: SunJavaUpdateSched - hkey= - key= - C:\Program Files\Common Files\Java\Java Update\jusched.exe (Sun Microsystems, Inc.)
MsConfig - State: "system.ini" - 0
MsConfig - State: "win.ini" - 0
MsConfig - State: "bootini" - 0
MsConfig - State: "services" - 0
MsConfig - State: "startup" - 2

SafeBootMin: Base - Driver Group
SafeBootMin: Boot Bus Extender - Driver Group
SafeBootMin: Boot file system - Driver Group
SafeBootMin: File system - Driver Group
SafeBootMin: Filter - Driver Group
SafeBootMin: MsMpSvc - c:\Program Files\Microsoft Security Client\Antimalware\MsMpEng.exe (Microsoft Corporation)
SafeBootMin: PCI Configuration - Driver Group
SafeBootMin: PNP Filter - Driver Group
SafeBootMin: Primary disk - Driver Group
SafeBootMin: SCSI Class - Driver Group
SafeBootMin: sermouse.sys - Driver
SafeBootMin: System Bus Extender - Driver Group
SafeBootMin: vga.sys - Driver
SafeBootMin: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers
SafeBootMin: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive
SafeBootMin: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive
SafeBootMin: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller
SafeBootMin: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc
SafeBootMin: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard
SafeBootMin: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse
SafeBootMin: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters
SafeBootMin: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter
SafeBootMin: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System
SafeBootMin: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive
SafeBootMin: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume
SafeBootMin: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices

ActiveX: {0213C6AF-5562-4D09-884C-2ADCFC8C2F35} - Microsoft .NET Framework 1.1 Security Update (KB2656353)
ActiveX: {08B0E5C0-4FCB-11CF-AAA5-00401C608500} - Java (Sun)
ActiveX: {10072CEC-8CC1-11D1-986E-00A0C955B42F} - Vector Graphics Rendering (VML)
ActiveX: {2179C5D3-EBFF-11CF-B6FD-00AA00B4E220} - NetShow
ActiveX: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Microsoft Windows Media Player 6.4
ActiveX: {283807B5-2C60-11D0-A31D-00AA00B92C03} - DirectAnimation
ActiveX: {2A3320D6-C805-4280-B423-B665BDE33D8F} - Microsoft .NET Framework 1.1 Security Update (KB979906)
ActiveX: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll
ActiveX: {36f8ec70-c29a-11d1-b5c7-0000f8051515} - Dynamic HTML Data Binding for Java
ActiveX: {3af36230-a269-11d1-b5bf-0000f8051515} - Offline Browsing Pack
ActiveX: {3bf42070-b3b1-11d1-b5c5-0000f8051515} - Uniscribe
ActiveX: {411EDCF7-755D-414E-A74B-3DCD6583F589} - Microsoft .NET Framework 1.1 Service Pack 1 (KB867460)
ActiveX: {4278c270-a269-11d1-b5bf-0000f8051515} - Advanced Authoring
ActiveX: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles%\Outlook Express\setup50.exe" /APP:OE /CALLER:WINNT /user /install
ActiveX: {44BBA842-CC51-11CF-AAFA-00AA00B6015B} - rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\msnetmtg.inf,NetMtg.Install.PerUser.NT
ActiveX: {44BBA848-CC51-11CF-AAFA-00AA00B6015C} - DirectShow
ActiveX: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx
ActiveX: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer Help
ActiveX: {4f216970-c90c-11d1-b5c7-0000f8051515} - DirectAnimation Java Classes
ActiveX: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.8
ActiveX: {5945c046-1e7d-11d1-bc44-00c04fd912be} - rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\msmsgs.inf,BLC.QuietInstall.PerUser
ActiveX: {5A8D6EE0-3E18-11D0-821E-444553540000} - ICW
ActiveX: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools
ActiveX: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsing Enhancements
ActiveX: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - Microsoft Windows Media Player
ActiveX: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - MSN Site Access
ActiveX: {73fa19d0-2d75-11d2-995d-00c04f98bbc9} - Web Folders
ActiveX: {7790769C-0471-11d2-AF11-00C04FA35D02} - "%ProgramFiles%\Outlook Express\setup50.exe" /APP:WAB /CALLER:WINNT /user /install
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4383} - C:\WINDOWS\system32\ie4uinit.exe -BaseSettings
ActiveX: {89B4C1CD-B018-4511-B0A1-5476DBF70820} - c:\WINDOWS\system32\Rundll32.exe c:\WINDOWS\system32\mscories.dll,Install
ActiveX: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML Data Binding
ActiveX: {ACC563BC-4266-43f0-B6ED-9D38C4202C7E} -
ActiveX: {C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F} - .NET Framework
ActiveX: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer Core Fonts
ActiveX: {CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1} - .NET Framework
ActiveX: {CC2A9BA0-3BDD-11D0-821E-444553540000} - Task Scheduler
ActiveX: {CDD7975E-60F8-41d5-8149-19E51D6F71D0} - Windows Movie Maker v2.1
ActiveX: {D27CDB6E-AE6D-11cf-96B8-444553540000} - Adobe Flash Player
ActiveX: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML Help
ActiveX: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface
ActiveX: <{12d0ed0d-0ee0-4f90-8827-78cefb8f4988} - C:\WINDOWS\system32\ieudinit.exe
ActiveX: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - C:\WINDOWS\inf\unregmp2.exe /ShowWMP
ActiveX: >{26923b43-4d38-484f-9b9e-de460746276c} - C:\WINDOWS\system32\ie4uinit.exe -UserIconConfig
ActiveX: >{60B49E34-C7CC-11D0-8953-00A0C90347FF} - "C:\WINDOWS\system32\rundll32.exe" "C:\WINDOWS\system32\iedkcs32.dll",BrandIEActiveSetup SIGNUP
ActiveX: >{60B49E34-C7CC-11D0-8953-00A0C90347FF}MICROS - RunDLL32 IEDKCS32.DLL,BrandIE4 SIGNUP
ActiveX: >{881dd1c5-3dcf-431b-b061-f3f88e8be88a} - %systemroot%\system32\shmgrate.exe OCInstallUserConfigOE

Drivers32: msacm.iac2 - C:\WINDOWS\system32\iac25_32.ax (Intel Corporation)
Drivers32: msacm.l3acm - C:\WINDOWS\system32\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
Drivers32: msacm.sl_anet - C:\WINDOWS\System32\sl_anet.acm (Sipro Lab Telecom Inc.)
Drivers32: msacm.trspch - C:\WINDOWS\System32\tssoft32.acm (DSP GROUP, INC.)
Drivers32: vidc.cvid - C:\WINDOWS\System32\iccvid.dll (Radius Inc.)
Drivers32: vidc.iv31 - C:\WINDOWS\System32\ir32_32.dll ()
Drivers32: vidc.iv32 - C:\WINDOWS\System32\ir32_32.dll ()
Drivers32: vidc.iv41 - C:\WINDOWS\System32\ir41_32.ax ()
Drivers32: vidc.iv50 - C:\WINDOWS\System32\ir50_32.dll ()

NetSvcs: Ias - File not found
NetSvcs: Iprip - File not found
NetSvcs: Irmon - File not found
NetSvcs: NWCWorkstation - File not found
NetSvcs: Nwsapagent - File not found
NetSvcs: se44mdfl - File not found
NetSvcs: WmdmPmSp - File not found

========== Files/Folders - Created Within 30 Days ==========

[2012/02/23 08:28:52 | 000,000,000 | -HSD | C] -- C:\RECYCLER
[2012/02/22 17:47:35 | 000,116,224 | ---- | C] (Xerox) -- C:\WINDOWS\System32\dllcache\xrxwiadr.dll
[2012/02/22 17:47:32 | 000,023,040 | ---- | C] (Xerox Corporation) -- C:\WINDOWS\System32\dllcache\xrxwbtmp.dll
[2012/02/22 17:47:25 | 000,004,608 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\xrxflnch.exe
[2012/02/22 17:47:04 | 000,099,865 | ---- | C] (Eicon Technology) -- C:\WINDOWS\System32\dllcache\xlog.exe
[2012/02/22 17:47:01 | 000,016,970 | ---- | C] (US Robotics MCD (Megahertz)) -- C:\WINDOWS\System32\dllcache\xem336n5.sys
[2012/02/22 17:47:00 | 000,019,455 | ---- | C] (Intel® Corporation) -- C:\WINDOWS\System32\dllcache\wvchntxx.sys
[2012/02/22 17:46:58 | 000,019,200 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\wstcodec.sys
[2012/02/22 17:46:57 | 000,012,063 | ---- | C] (Intel® Corporation) -- C:\WINDOWS\System32\dllcache\wsiintxx.sys
[2012/02/22 17:46:56 | 000,008,192 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\wshirda.dll
[2012/02/22 17:46:42 | 000,008,832 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\wmiacpi.sys
[2012/02/22 17:46:40 | 000,154,624 | ---- | C] (Lucent Technologies) -- C:\WINDOWS\System32\dllcache\wlluc48.sys
[2012/02/22 17:46:37 | 000,034,890 | ---- | C] (Raytheon Corp.) -- C:\WINDOWS\System32\dllcache\wlandrv2.sys
[2012/02/22 17:46:30 | 000,771,581 | ---- | C] (Rockwell) -- C:\WINDOWS\System32\dllcache\winacisa.sys
[2012/02/22 17:46:25 | 000,053,760 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\wiamsmud.dll
[2012/02/22 17:46:23 | 000,087,040 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\wiafbdrv.dll
[2012/02/22 17:46:18 | 000,701,386 | ---- | C] (3Com Corporation) -- C:\WINDOWS\System32\dllcache\wdhaalba.sys
[2012/02/22 17:46:17 | 000,031,744 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\wceusbsh.sys
[2012/02/22 17:46:17 | 000,023,615 | ---- | C] (Intel® Corporation) -- C:\WINDOWS\System32\dllcache\wch7xxnt.sys
[2012/02/22 17:46:14 | 000,035,871 | ---- | C] (Winbond Electronics Corp.) -- C:\WINDOWS\System32\dllcache\wbfirdma.sys
[2012/02/22 17:46:12 | 000,025,471 | ---- | C] (Intel® Corporation) -- C:\WINDOWS\System32\dllcache\watv10nt.sys
[2012/02/22 17:46:11 | 000,033,599 | ---- | C] (Intel® Corporation) -- C:\WINDOWS\System32\dllcache\watv04nt.sys
[2012/02/22 17:46:11 | 000,022,271 | ---- | C] (Intel® Corporation) -- C:\WINDOWS\System32\dllcache\watv06nt.sys
[2012/02/22 17:46:11 | 000,019,551 | ---- | C] (Intel® Corporation) -- C:\WINDOWS\System32\dllcache\watv02nt.sys
[2012/02/22 17:46:10 | 000,029,311 | ---- | C] (Intel® Corporation) -- C:\WINDOWS\System32\dllcache\watv01nt.sys
[2012/02/22 17:46:08 | 000,011,935 | ---- | C] (Intel® Corporation) -- C:\WINDOWS\System32\dllcache\wadv11nt.sys
[2012/02/22 17:46:08 | 000,011,871 | ---- | C] (Intel® Corporation) -- C:\WINDOWS\System32\dllcache\wadv09nt.sys
[2012/02/22 17:46:08 | 000,011,295 | ---- | C] (Intel® Corporation) -- C:\WINDOWS\System32\dllcache\wadv08nt.sys
[2012/02/22 17:46:07 | 000,011,807 | ---- | C] (Intel® Corporation) -- C:\WINDOWS\System32\dllcache\wadv07nt.sys
[2012/02/22 17:46:06 | 000,012,127 | ---- | C] (Intel® Corporation) -- C:\WINDOWS\System32\dllcache\wadv02nt.sys
[2012/02/22 17:46:06 | 000,011,775 | ---- | C] (Intel® Corporation) -- C:\WINDOWS\System32\dllcache\wadv05nt.sys
[2012/02/22 17:46:05 | 000,014,208 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\wacompen.sys
[2012/02/22 17:46:05 | 000,012,415 | ---- | C] (Intel® Corporation) -- C:\WINDOWS\System32\dllcache\wadv01nt.sys
[2012/02/22 17:46:01 | 000,016,925 | ---- | C] (Winbond Electronics Corporation) -- C:\WINDOWS\System32\dllcache\w940nd.sys
[2012/02/22 17:45:58 | 000,019,016 | ---- | C] (Winbond Electronics Corporation) -- C:\WINDOWS\System32\dllcache\w926nd.sys
[2012/02/22 17:45:55 | 000,019,528 | ---- | C] (Winbond Electronics Corporation) -- C:\WINDOWS\System32\dllcache\w840nd.sys
[2012/02/22 17:45:50 | 000,064,605 | ---- | C] (PCtel, Inc.) -- C:\WINDOWS\System32\dllcache\vvoice.sys
[2012/02/22 17:45:47 | 000,397,502 | ---- | C] (PCtel, Inc.) -- C:\WINDOWS\System32\dllcache\vpctcom.sys
[2012/02/22 17:45:43 | 000,604,253 | ---- | C] (PCTEL, INC.) -- C:\WINDOWS\System32\dllcache\vmodem.sys
[2012/02/22 17:45:40 | 000,249,402 | ---- | C] (Xircom) -- C:\WINDOWS\System32\dllcache\vinwm.sys
[2012/02/22 17:45:39 | 000,028,672 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\vidcap.ax
[2012/02/22 17:45:37 | 000,024,576 | ---- | C] (VIA Technologies, Inc.) -- C:\WINDOWS\System32\dllcache\viairda.sys
[2012/02/22 17:45:36 | 000,042,240 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\viaagp.sys
[2012/02/22 17:45:36 | 000,005,376 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\viaide.sys
[2012/02/22 17:45:34 | 000,053,760 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\vfwwdm32.dll
[2012/02/22 17:45:33 | 000,011,325 | ---- | C] (Intel® Corporation) -- C:\WINDOWS\System32\dllcache\vchnt5.dll
[2012/02/22 17:45:29 | 000,687,999 | ---- | C] (U.S. Robotics Corporation) -- C:\WINDOWS\System32\dllcache\usrwdxjs.sys
[2012/02/22 17:45:26 | 000,765,884 | ---- | C] (U.S. Robotics, Inc.) -- C:\WINDOWS\System32\dllcache\usrti.sys
[2012/02/22 17:45:23 | 000,113,762 | ---- | C] (U.S. Robotics Corporation) -- C:\WINDOWS\System32\dllcache\usrpda.sys
[2012/02/22 17:45:20 | 000,007,556 | ---- | C] (U.S. Robotics Corporation) -- C:\WINDOWS\System32\dllcache\usroslba.sys
[2012/02/22 17:45:16 | 000,224,802 | ---- | C] (U.S. Robotics Corporation) -- C:\WINDOWS\System32\dllcache\usr1807a.sys
[2012/02/22 17:45:13 | 000,794,399 | ---- | C] (U.S. Robotics, Inc.) -- C:\WINDOWS\System32\dllcache\usr1806v.sys
[2012/02/22 17:45:10 | 000,793,598 | ---- | C] (U.S. Robotics, Inc.) -- C:\WINDOWS\System32\dllcache\usr1806.sys
[2012/02/22 17:45:07 | 000,794,654 | ---- | C] (U.S. Robotics, Inc.) -- C:\WINDOWS\System32\dllcache\usr1801.sys
[2012/02/22 17:45:05 | 000,121,984 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\usbvideo.sys
[2012/02/22 17:45:04 | 000,026,112 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\usbser.sys
[2012/02/22 17:45:04 | 000,020,608 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\usbuhci.sys
[2012/02/22 17:45:03 | 000,025,856 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\usbprint.sys
[2012/02/22 17:45:02 | 000,060,032 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\usbaudio.sys
[2012/02/22 17:45:01 | 000,012,800 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\usb8023x.sys
[2012/02/22 17:45:00 | 000,032,384 | ---- | C] (KLSI USA, Inc.) -- C:\WINDOWS\System32\dllcache\usb101et.sys
[2012/02/22 17:44:52 | 000,094,720 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\umaxud32.dll
[2012/02/22 17:44:49 | 000,028,160 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\umaxu40.dll
[2012/02/22 17:44:46 | 000,026,624 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\umaxu22.dll
[2012/02/22 17:44:43 | 000,069,632 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\umaxu12.dll
[2012/02/22 17:44:40 | 000,050,688 | ---- | C] (UMAX DATA SYSTEMS INC.) -- C:\WINDOWS\System32\dllcache\umaxscan.dll
[2012/02/22 17:44:37 | 000,022,912 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\umaxpcls.sys
[2012/02/22 17:44:35 | 000,050,176 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\umaxp60.dll
[2012/02/22 17:44:32 | 000,047,616 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\umaxcam.dll
[2012/02/22 17:44:29 | 000,211,968 | ---- | C] (UMAX Data Systems Inc.) -- C:\WINDOWS\System32\dllcache\um54scan.dll
[2012/02/22 17:44:26 | 000,216,064 | ---- | C] (UMAX Data Systems Inc.) -- C:\WINDOWS\System32\dllcache\um34scan.dll
[2012/02/22 17:44:23 | 000,036,736 | ---- | C] (Promise Technology, Inc.) -- C:\WINDOWS\System32\dllcache\ultra.sys
[2012/02/22 17:44:20 | 000,044,672 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\uagp35.sys
[2012/02/22 17:44:16 | 000,011,520 | ---- | C] (IBM Corporation) -- C:\WINDOWS\System32\dllcache\twotrack.sys
[2012/02/22 17:44:10 | 000,166,784 | ---- | C] (Trident Microsystems Inc.) -- C:\WINDOWS\System32\dllcache\tridxpm.sys
[2012/02/22 17:44:07 | 000,525,568 | ---- | C] (Trident Microsystems Inc.) -- C:\WINDOWS\System32\dllcache\tridxp.dll
[2012/02/22 17:44:05 | 000,159,232 | ---- | C] (Trident Microsystems Inc.) -- C:\WINDOWS\System32\dllcache\tridkbm.sys
[2012/02/22 17:44:02 | 000,440,576 | ---- | C] (Trident Microsystems Inc.) -- C:\WINDOWS\System32\dllcache\tridkb.dll
[2012/02/22 17:43:59 | 000,222,336 | ---- | C] (Trident Microsystems Inc.) -- C:\WINDOWS\System32\dllcache\trid3dm.sys
[2012/02/22 17:43:56 | 000,315,520 | ---- | C] (Trident Microsystems Inc.) -- C:\WINDOWS\System32\dllcache\trid3d.dll
[2012/02/22 17:43:52 | 000,034,375 | ---- | C] (Intel Corporation) -- C:\WINDOWS\System32\dllcache\tpro4.sys
[2012/02/22 17:43:49 | 000,042,496 | ---- | C] (IBM Corporation) -- C:\WINDOWS\System32\dllcache\tp4res.dll
[2012/02/22 17:43:48 | 000,082,944 | ---- | C] (IBM Corporation) -- C:\WINDOWS\System32\dllcache\tp4mon.exe
[2012/02/22 17:43:45 | 000,031,744 | ---- | C] (IBM Corporation) -- C:\WINDOWS\System32\dllcache\tp4.dll
[2012/02/22 17:43:40 | 000,004,992 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\toside.sys
[2012/02/22 17:43:37 | 000,230,912 | ---- | C] (Toshiba Corporation) -- C:\WINDOWS\System32\dllcache\tosdvd03.sys
[2012/02/22 17:43:34 | 000,241,664 | ---- | C] (Toshiba Corporation) -- C:\WINDOWS\System32\dllcache\tosdvd02.sys
[2012/02/22 17:43:31 | 000,028,232 | ---- | C] (TOSHIBA Corporation) -- C:\WINDOWS\System32\dllcache\tos4mo.sys
[2012/02/22 17:43:27 | 000,123,995 | ---- | C] (Tiger Jet Network) -- C:\WINDOWS\System32\dllcache\tjisdn.sys
[2012/02/22 17:43:22 | 000,138,528 | ---- | C] (Trident Microsystems Inc.) -- C:\WINDOWS\System32\dllcache\tgiulnt5.sys
[2012/02/22 17:43:18 | 000,081,408 | ---- | C] (Trident Microsystems Inc.) -- C:\WINDOWS\System32\dllcache\tgiul50.dll
[2012/02/22 17:43:17 | 000,149,376 | ---- | C] (M-Systems) -- C:\WINDOWS\System32\dllcache\tffsport.sys
[2012/02/22 17:43:12 | 000,017,129 | ---- | C] (TDK Corporation) -- C:\WINDOWS\System32\dllcache\tdkcd31.sys
[2012/02/22 17:43:09 | 000,037,961 | ---- | C] (TDK Corporation) -- C:\WINDOWS\System32\dllcache\tdk100b.sys
[2012/02/22 17:43:05 | 000,030,464 | ---- | C] (Toshiba Corporation) -- C:\WINDOWS\System32\dllcache\tbatm155.sys
[2012/02/22 17:42:59 | 000,007,040 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\tandqic.sys
[2012/02/22 17:42:56 | 000,036,640 | ---- | C] (Number Nine Visual Technology Corp.) -- C:\WINDOWS\System32\dllcache\t2r4mini.sys
[2012/02/22 17:42:54 | 000,172,768 | ---- | C] (Number Nine Visual Technology) -- C:\WINDOWS\System32\dllcache\t2r4disp.dll
[2012/02/22 17:42:46 | 000,032,640 | ---- | C] (LSI Logic) -- C:\WINDOWS\System32\dllcache\symc8xx.sys
[2012/02/22 17:42:43 | 000,016,256 | ---- | C] (Symbios Logic Inc.) -- C:\WINDOWS\System32\dllcache\symc810.sys
[2012/02/22 17:42:40 | 000,030,688 | ---- | C] (LSI Logic) -- C:\WINDOWS\System32\dllcache\sym_u3.sys
[2012/02/22 17:42:38 | 000,028,384 | ---- | C] (LSI Logic) -- C:\WINDOWS\System32\dllcache\sym_hi.sys
[2012/02/22 17:42:34 | 000,094,293 | ---- | C] (Perle Systems Ltd. ) -- C:\WINDOWS\System32\dllcache\sxports.dll
[2012/02/22 17:42:31 | 000,103,936 | ---- | C] (Perle Systems Ltd. ) -- C:\WINDOWS\System32\dllcache\sx.sys
[2012/02/22 17:42:29 | 000,003,968 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\swusbflt.sys
[2012/02/22 17:42:26 | 000,010,240 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\swpidflt.dll
[2012/02/22 17:42:24 | 000,010,240 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\swpdflt2.dll
[2012/02/22 17:42:21 | 000,053,760 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\sw_wheel.dll
[2012/02/22 17:42:18 | 000,041,472 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\sw_effct.dll
[2012/02/22 17:42:16 | 000,015,232 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\streamip.sys
[2012/02/22 17:42:13 | 000,155,648 | ---- | C] (Stallion Technologies) -- C:\WINDOWS\System32\dllcache\stlnprop.dll
[2012/02/22 17:42:10 | 000,053,248 | ---- | C] (Stallion Technologies) -- C:\WINDOWS\System32\dllcache\stlncoin.dll
[2012/02/22 17:42:08 | 000,285,760 | ---- | C] (Stallion Technologies) -- C:\WINDOWS\System32\dllcache\stlnata.sys
[2012/02/22 17:42:04 | 000,016,896 | ---- | C] (SCM Microsystems, Inc.) -- C:\WINDOWS\System32\dllcache\stcusb.sys
[2012/02/22 17:41:57 | 000,048,736 | ---- | C] (3Com) -- C:\WINDOWS\System32\dllcache\srwlnd5.sys
[2012/02/22 17:41:54 | 000,099,328 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\srusd.dll
[2012/02/22 17:41:47 | 000,024,660 | ---- | C] (Perle Systems Ltd.) -- C:\WINDOWS\System32\dllcache\spxupchk.dll
[2012/02/22 17:41:40 | 000,061,824 | ---- | C] (Perle Systems Ltd.) -- C:\WINDOWS\System32\dllcache\speed.sys
[2012/02/22 17:41:38 | 000,106,584 | ---- | C] (Perle Systems Ltd.) -- C:\WINDOWS\System32\dllcache\spdports.dll
[2012/02/22 17:41:35 | 000,019,072 | ---- | C] (Adaptec, Inc.) -- C:\WINDOWS\System32\dllcache\sparrow.sys
[2012/02/22 17:41:31 | 000,007,552 | ---- | C] (Sony Corporation) -- C:\WINDOWS\System32\dllcache\sonypvu1.sys
[2012/02/22 17:41:29 | 000,037,040 | ---- | C] (Sony Corporation) -- C:\WINDOWS\System32\dllcache\sonypi.sys
[2012/02/22 17:41:26 | 000,114,688 | ---- | C] (Sony Corporation) -- C:\WINDOWS\System32\dllcache\sonypi.dll
[2012/02/22 17:41:24 | 000,020,752 | ---- | C] (Sony Corporation) -- C:\WINDOWS\System32\dllcache\sonync.sys
[2012/02/22 17:41:21 | 000,009,600 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\sonymc.sys
[2012/02/22 17:41:21 | 000,007,552 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\sonyait.sys
[2012/02/22 17:41:17 | 000,007,040 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\snyaitmc.sys
[2012/02/22 17:41:07 | 000,058,368 | ---- | C] (Silicon Motion Inc.) -- C:\WINDOWS\System32\dllcache\smiminib.sys
[2012/02/22 17:41:04 | 000,147,200 | ---- | C] (Silicon Motion Inc.) -- C:\WINDOWS\System32\dllcache\smidispb.dll
[2012/02/22 17:41:02 | 000,025,034 | ---- | C] (SMC Networks, Inc.) -- C:\WINDOWS\System32\dllcache\smcpwr2n.sys
[2012/02/22 17:40:59 | 000,035,913 | ---- | C] (SMC) -- C:\WINDOWS\System32\dllcache\smcirda.sys
[2012/02/22 17:40:56 | 000,024,576 | ---- | C] (SMC Networks, Inc.) -- C:\WINDOWS\System32\dllcache\smc8000n.sys
[2012/02/22 17:40:54 | 000,006,784 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\smbhc.sys
[2012/02/22 17:40:53 | 000,016,000 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\smbbatt.sys
[2012/02/22 17:40:53 | 000,006,912 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\smbclass.sys
[2012/02/22 17:40:52 | 000,005,888 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\smbali.sys
[2012/02/22 17:40:49 | 000,045,568 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\smb3w.dll
[2012/02/22 17:40:47 | 000,033,792 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\smb0w.dll
[2012/02/22 17:40:44 | 000,028,672 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\sma0w.dll
[2012/02/22 17:40:41 | 000,028,160 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\sm91w.dll
[2012/02/22 17:40:38 | 000,013,240 | ---- | C] (Smart Link) -- C:\WINDOWS\System32\dllcache\slwdmsup.sys
[2012/02/22 17:40:37 | 000,073,796 | ---- | C] (Smart Link) -- C:\WINDOWS\System32\dllcache\slserv.exe
[2012/02/22 17:40:37 | 000,032,866 | ---- | C] (Smart Link) -- C:\WINDOWS\System32\dllcache\slrundll.exe
[2012/02/22 17:40:36 | 000,404,990 | ---- | C] (Smart Link) -- C:\WINDOWS\System32\dllcache\slntamr.sys
[2012/02/22 17:40:36 | 000,129,535 | ---- | C] (Smart Link) -- C:\WINDOWS\System32\dllcache\slnt7554.sys
[2012/02/22 17:40:36 | 000,095,424 | ---- | C] (Smart Link) -- C:\WINDOWS\System32\dllcache\slnthal.sys
[2012/02/22 17:40:35 | 000,188,508 | ---- | C] (Smart Link) -- C:\WINDOWS\System32\dllcache\slgen.dll
[2012/02/22 17:40:35 | 000,011,136 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\slip.sys
[2012/02/22 17:40:34 | 000,286,792 | ---- | C] (Smart Link) -- C:\WINDOWS\System32\dllcache\slextspk.dll
[2012/02/22 17:40:34 | 000,073,832 | ---- | C] (Smart Link) -- C:\WINDOWS\System32\dllcache\slcoinst.dll
[2012/02/22 17:40:33 | 000,063,547 | ---- | C] (Symbol Technologies) -- C:\WINDOWS\System32\dllcache\sla30nd5.sys
[2012/02/22 17:40:31 | 000,091,294 | ---- | C] (SysKonnect, a business unit of Schneider & Koch & Co. Datensysteme GmbH.) -- C:\WINDOWS\System32\dllcache\skfpwin.sys
[2012/02/22 17:40:28 | 000,094,698 | ---- | C] (SysKonnect GmbH.) -- C:\WINDOWS\System32\dllcache\sk98xwin.sys
[2012/02/22 17:40:25 | 000,157,696 | ---- | C] (Silicon Integrated Systems Corporation) -- C:\WINDOWS\System32\dllcache\sisv256.dll
[2012/02/22 17:40:23 | 000,050,432 | ---- | C] (Silicon Integrated Systems Corporation) -- C:\WINDOWS\System32\dllcache\sisv.sys
[2012/02/22 17:40:22 | 000,032,768 | ---- | C] (SiS Corporation) -- C:\WINDOWS\System32\dllcache\sisnic.sys
[2012/02/22 17:40:19 | 000,238,592 | ---- | C] (Silicon Integrated Systems Corporation) -- C:\WINDOWS\System32\dllcache\sisgrv.dll
[2012/02/22 17:40:17 | 000,104,064 | ---- | C] (Silicon Integrated Systems Corporation) -- C:\WINDOWS\System32\dllcache\sisgrp.sys
[2012/02/22 17:40:16 | 000,040,960 | ---- | C] (Silicon Integrated Systems Corporation) -- C:\WINDOWS\System32\dllcache\sisagp.sys
[2012/02/22 17:40:14 | 000,150,144 | ---- | C] (Silicon Integrated Systems Corporation) -- C:\WINDOWS\System32\dllcache\sis6306v.dll
[2012/02/22 17:40:11 | 000,068,608 | ---- | C] (Silicon Integrated Systems Corporation) -- C:\WINDOWS\System32\dllcache\sis6306p.sys
[2012/02/22 17:40:08 | 000,252,032 | ---- | C] (Silicon Integrated Systems Corporation) -- C:\WINDOWS\System32\dllcache\sis300iv.dll
[2012/02/22 17:40:06 | 000,101,760 | ---- | C] (Silicon Integrated Systems Corporation) -- C:\WINDOWS\System32\dllcache\sis300ip.sys
[2012/02/22 17:40:05 | 000,003,901 | ---- | C] (Intel® Corporation) -- C:\WINDOWS\System32\dllcache\siint5.dll
[2012/02/22 17:39:44 | 000,161,568 | ---- | C] (Micro Systemation) -- C:\WINDOWS\System32\dllcache\sgsmusb.sys
[2012/02/22 17:39:42 | 000,018,400 | ---- | C] (Micro Systemation) -- C:\WINDOWS\System32\dllcache\sgsmld.sys
[2012/02/22 17:39:39 | 000,098,080 | ---- | C] (Trident Microsystems Inc.) -- C:\WINDOWS\System32\dllcache\sgiulnt5.sys
[2012/02/22 17:39:37 | 000,386,560 | ---- | C] (Trident Microsystems Inc.) -- C:\WINDOWS\System32\dllcache\sgiul50.dll
[2012/02/22 17:39:34 | 000,036,480 | ---- | C] (Creative Technology Ltd.) -- C:\WINDOWS\System32\dllcache\sfmanm.sys
[2012/02/22 17:39:28 | 000,006,784 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\serscan.sys
[2012/02/22 17:39:25 | 000,017,664 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\sermouse.sys
[2012/02/22 17:39:20 | 000,006,912 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\seaddsmc.sys
[2012/02/22 17:39:19 | 000,011,520 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\scsiscan.sys
[2012/02/22 17:39:17 | 000,011,648 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\scsiprnt.sys
[2012/02/22 17:39:13 | 000,017,280 | ---- | C] (SCM Microsystems) -- C:\WINDOWS\System32\dllcache\scr111.sys
[2012/02/22 17:39:10 | 000,016,640 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\scmstcs.sys
[2012/02/22 17:39:06 | 000,023,936 | ---- | C] (OMNIKEY AG) -- C:\WINDOWS\System32\dllcache\sccmusbm.sys
[2012/02/22 17:39:04 | 000,023,936 | ---- | C] (OMNIKEY AG) -- C:\WINDOWS\System32\dllcache\sccmn50m.sys
[2012/02/22 17:39:03 | 000,043,904 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\sbp2port.sys
[2012/02/22 17:39:00 | 000,495,616 | ---- | C] (Creative Technology Ltd.) -- C:\WINDOWS\System32\dllcache\sblfx.dll
[2012/02/22 17:38:56 | 000,075,392 | ---- | C] (S3 Graphics, Inc.) -- C:\WINDOWS\System32\dllcache\s3savmxm.sys
[2012/02/22 17:38:53 | 000,245,632 | ---- | C] (S3 Graphics, Inc.) -- C:\WINDOWS\System32\dllcache\s3savmx.dll
[2012/02/22 17:38:51 | 000,077,824 | ---- | C] (S3 Incorporated) -- C:\WINDOWS\System32\dllcache\s3sav4m.sys
[2012/02/22 17:38:48 | 000,198,400 | ---- | C] (S3 Incorporated) -- C:\WINDOWS\System32\dllcache\s3sav4.dll
[2012/02/22 17:38:46 | 000,061,504 | ---- | C] (S3 Incorporated) -- C:\WINDOWS\System32\dllcache\s3sav3dm.sys
[2012/02/22 17:38:43 | 000,179,264 | ---- | C] (S3 Incorporated) -- C:\WINDOWS\System32\dllcache\s3sav3d.dll
[2012/02/22 17:38:41 | 000,210,496 | ---- | C] (S3 Incorporated) -- C:\WINDOWS\System32\dllcache\s3mvirge.dll
[2012/02/22 17:38:38 | 000,062,496 | ---- | C] (S3 Incorporated) -- C:\WINDOWS\System32\dllcache\s3mtrio.dll
[2012/02/22 17:38:36 | 000,041,216 | ---- | C] (S3 Incorporated) -- C:\WINDOWS\System32\dllcache\s3mt3d.sys
[2012/02/22 17:38:33 | 000,182,272 | ---- | C] (S3 Incorporated) -- C:\WINDOWS\System32\dllcache\s3mt3d.dll
[2012/02/22 17:38:31 | 000,166,720 | ---- | C] (S3 Incorporated) -- C:\WINDOWS\System32\dllcache\s3m.sys
[2012/02/22 17:38:28 | 000,166,912 | ---- | C] (S3 Graphics, Inc.) -- C:\WINDOWS\System32\dllcache\s3gnbm.sys
[2012/02/22 17:38:28 | 000,065,664 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\s3legacy.sys
[2012/02/22 17:38:27 | 000,397,056 | ---- | C] (S3 Graphics, Inc.) -- C:\WINDOWS\System32\dllcache\s3gnb.dll
[2012/02/22 17:38:23 | 000,082,432 | ---- | C] (Ricoh Co., Ltd.) -- C:\WINDOWS\System32\dllcache\rwia450.dll
[2012/02/22 17:38:21 | 000,079,872 | ---- | C] (Ricoh Co., Ltd.) -- C:\WINDOWS\System32\dllcache\rwia430.dll
[2012/02/22 17:38:20 | 000,029,696 | ---- | C] (Ricoh Co., Ltd.) -- C:\WINDOWS\System32\dllcache\rw450ext.dll
[2012/02/22 17:38:19 | 000,027,648 | ---- | C] (Ricoh Co., Ltd.) -- C:\WINDOWS\System32\dllcache\rw430ext.dll
[2012/02/22 17:38:17 | 000,020,992 | ---- | C] (Realtek Semiconductor Corporation) -- C:\WINDOWS\System32\dllcache\rtl8139.sys
[2012/02/22 17:38:14 | 000,019,017 | ---- | C] (Realtek Semiconductor Corporation) -- C:\WINDOWS\System32\dllcache\rtl8029.sys
[2012/02/22 17:38:12 | 000,030,720 | ---- | C] (Conexant Systems Inc.) -- C:\WINDOWS\System32\dllcache\rthwcls.sys
[2012/02/22 17:38:08 | 000,009,216 | ---- | C] (Brother Industries, Ltd.) -- C:\WINDOWS\System32\dllcache\rsmgrstr.dll
[2012/02/22 17:38:05 | 000,003,840 | ---- | C] (Conexant Systems Inc.) -- C:\WINDOWS\System32\dllcache\rpfun.sys
[2012/02/22 17:38:02 | 000,079,104 | ---- | C] (Comtrol Corporation) -- C:\WINDOWS\System32\dllcache\rocket.sys
[2012/02/22 17:38:01 | 000,030,592 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\rndismpx.sys
[2012/02/22 17:37:58 | 000,037,563 | ---- | C] (RadioLAN) -- C:\WINDOWS\System32\dllcache\rlnet5.sys
[2012/02/22 17:37:56 | 000,059,136 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\rfcomm.sys
[2012/02/22 17:37:54 | 000,086,097 | ---- | C] (Xircom) -- C:\WINDOWS\System32\dllcache\reslog32.dll
[2012/02/22 17:37:49 | 000,013,776 | ---- | C] (Smart Link) -- C:\WINDOWS\System32\dllcache\recagent.sys
[2012/02/22 17:37:41 | 000,019,584 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\rasirda.sys
[2012/02/22 17:37:37 | 000,714,762 | ---- | C] (Xircom, Inc.) -- C:\WINDOWS\System32\dllcache\r2mdmkxx.sys
[2012/02/22 17:37:35 | 000,899,146 | ---- | C] (Xircom, Inc.) -- C:\WINDOWS\System32\dllcache\r2mdkxga.sys
[2012/02/22 17:37:32 | 000,041,472 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\qvusd.dll
[2012/02/22 17:37:29 | 000,003,328 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\qv2kux.sys
[2012/02/22 17:37:24 | 000,049,024 | ---- | C] (QLogic Corporation) -- C:\WINDOWS\System32\dllcache\ql1280.sys
[2012/02/22 17:37:21 | 000,040,448 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\ql1240.sys
[2012/02/22 17:37:19 | 000,045,312 | ---- | C] (QLogic Corporation) -- C:\WINDOWS\System32\dllcache\ql12160.sys
[2012/02/22 17:37:16 | 000,033,152 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\ql10wnt.sys
[2012/02/22 17:37:14 | 000,040,320 | ---- | C] (QLogic Corporation) -- C:\WINDOWS\System32\dllcache\ql1080.sys
[2012/02/22 17:37:13 | 000,006,016 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\qic157.sys
[2012/02/22 17:37:09 | 000,130,942 | ---- | C] (PCTEL, INC.) -- C:\WINDOWS\System32\dllcache\ptserlv.sys
[2012/02/22 17:37:06 | 000,112,574 | ---- | C] (PCTEL, INC.) -- C:\WINDOWS\System32\dllcache\ptserlp.sys
[2012/02/22 17:37:04 | 000,128,286 | ---- | C] (PCTEL, INC.) -- C:\WINDOWS\System32\dllcache\ptserli.sys
[2012/02/22 17:37:03 | 000,159,232 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\ptpusd.dll
[2012/02/22 17:37:00 | 000,005,632 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\ptpusb.dll
[2012/02/22 17:36:57 | 000,035,328 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\psisload.dll
[2012/02/22 17:36:53 | 000,016,128 | ---- | C] (SCM Microsystems, Inc.) -- C:\WINDOWS\System32\dllcache\pscr.sys
[2012/02/22 17:36:50 | 000,017,664 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\ppa3.sys
[2012/02/22 17:36:48 | 000,017,792 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\ppa.sys
[2012/02/22 17:36:47 | 000,008,832 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\powerfil.sys
[2012/02/22 17:36:44 | 000,007,168 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\pnrmc.sys
[2012/02/22 17:36:36 | 000,121,344 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\phvfwext.dll
[2012/02/22 17:36:33 | 000,019,840 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\philtune.sys
[2012/02/22 17:36:31 | 000,092,416 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\phildec.sys
[2012/02/22 17:36:28 | 000,173,696 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\philcam2.sys
[2012/02/22 17:36:26 | 000,075,776 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\philcam1.sys
[2012/02/22 17:36:23 | 000,016,384 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\philcam1.dll
[2012/02/22 17:36:20 | 000,259,328 | ---- | C] (Microsoft Corp., 3Dlabs Inc. Ltd.) -- C:\WINDOWS\System32\dllcache\perm3dd.dll
[2012/02/22 17:36:20 | 000,105,984 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\phdsext.ax
[2012/02/22 17:36:19 | 000,028,032 | ---- | C] (Microsoft Corp., 3Dlabs Inc. Ltd.) -- C:\WINDOWS\System32\dllcache\perm3.sys
[2012/02/22 17:36:18 | 000,211,584 | ---- | C] (Microsoft Corp., 3Dlabs Inc. Ltd.) -- C:\WINDOWS\System32\dllcache\perm2dll.dll
[2012/02/22 17:36:18 | 000,027,904 | ---- | C] (Microsoft Corp., 3Dlabs Inc. Ltd.) -- C:\WINDOWS\System32\dllcache\perm2.sys
[2012/02/22 17:36:15 | 000,005,504 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\perc2hib.sys
[2012/02/22 17:36:12 | 000,027,296 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\perc2.sys
[2012/02/22 17:36:11 | 000,169,984 | ---- | C] (Cisco Systems) -- C:\WINDOWS\System32\dllcache\pcx500.sys
[2012/02/22 17:36:09 | 000,086,016 | ---- | C] (PCtel, Inc.) -- C:\WINDOWS\System32\dllcache\pctspk.exe
[2012/02/22 17:36:06 | 000,035,328 | ---- | C] (AMD Inc.) -- C:\WINDOWS\System32\dllcache\pcntpci5.sys
[2012/02/22 17:36:04 | 000,029,769 | ---- | C] (AMD Inc.) -- C:\WINDOWS\System32\dllcache\pcntn5m.sys
[2012/02/22 17:36:01 | 000,030,282 | ---- | C] (AMD Inc.) -- C:\WINDOWS\System32\dllcache\pcntn5hl.sys
[2012/02/22 17:35:59 | 000,026,153 | ---- | C] (Linksys) -- C:\WINDOWS\System32\dllcache\pcmlm56.sys
[2012/02/22 17:35:58 | 000,029,502 | ---- | C] (Marconi Communications, Inc.) -- C:\WINDOWS\System32\dllcache\pca200e.sys
[2012/02/22 17:35:56 | 000,030,495 | ---- | C] (Linksys) -- C:\WINDOWS\System32\dllcache\pc100nds.sys
[2012/02/22 17:35:47 | 000,041,984 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\ovui2rc.dll
[2012/02/22 17:35:45 | 000,044,544 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\ovui2.dll
[2012/02/22 17:35:42 | 000,025,216 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\ovsound2.sys
[2012/02/22 17:35:40 | 000,039,424 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\ovcoms.exe
[2012/02/22 17:35:37 | 000,020,480 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\ovcomc.dll
[2012/02/22 17:35:35 | 000,351,616 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\ovcodek2.sys
[2012/02/22 17:35:32 | 000,116,736 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\ovcodec2.dll
[2012/02/22 17:35:30 | 000,031,872 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\ovce.sys
[2012/02/22 17:35:27 | 000,028,032 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\ovcd.sys
[2012/02/22 17:35:25 | 000,048,000 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\ovcam2.sys
[2012/02/22 17:35:22 | 000,025,088 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\ovca.sys
[2012/02/22 17:35:20 | 000,054,186 | ---- | C] (Ositech Communications, Inc.) -- C:\WINDOWS\System32\dllcache\otcsercb.sys
[2012/02/22 17:35:17 | 000,043,689 | ---- | C] (Ositech Communications, Inc.) -- C:\WINDOWS\System32\dllcache\otceth5.sys
[2012/02/22 17:35:15 | 000,027,209 | ---- | C] (Ositech Communications, Inc.) -- C:\WINDOWS\System32\dllcache\otc06x5.sys
[2012/02/22 17:35:12 | 000,054,528 | ---- | C] (Yamaha Corp.) -- C:\WINDOWS\System32\dllcache\opl3sax.sys
[2012/02/22 17:35:08 | 000,061,696 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\ohci1394.sys
[2012/02/22 17:34:52 | 000,198,144 | ---- | C] (NVIDIA Corporation) -- C:\WINDOWS\System32\dllcache\nv3.sys
[2012/02/22 17:34:49 | 000,123,776 | ---- | C] (NVIDIA Corporation) -- C:\WINDOWS\System32\dllcache\nv3.dll
[2012/02/22 17:34:48 | 000,180,360 | ---- | C] (Smart Link) -- C:\WINDOWS\System32\dllcache\ntmtlfax.sys
[2012/02/22 17:34:42 | 000,051,552 | ---- | C] (Kensington Technology Group) -- C:\WINDOWS\System32\dllcache\ntgrip.sys
[2012/02/22 17:34:38 | 000,009,344 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\ntapm.sys
[2012/02/22 17:34:35 | 000,007,552 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\nsmmc.sys
[2012/02/22 17:34:34 | 000,028,672 | ---- | C] (National Semiconductor Corporation) -- C:\WINDOWS\System32\dllcache\nscirda.sys
[2012/02/22 17:34:29 | 000,087,040 | ---- | C] (NeoMagic Corporation) -- C:\WINDOWS\System32\dllcache\nm6wdm.sys
[2012/02/22 17:34:27 | 000,126,080 | ---- | C] (NeoMagic Corporation) -- C:\WINDOWS\System32\dllcache\nm5a2wdm.sys
[2012/02/22 17:34:23 | 000,032,840 | ---- | C] (NETGEAR Corporation.) -- C:\WINDOWS\System32\dllcache\ngrpci.sys
[2012/02/22 17:34:22 | 000,132,695 | ---- | C] (802.11b) -- C:\WINDOWS\System32\dllcache\netwlan5.sys
[2012/02/22 17:34:15 | 000,065,278 | ---- | C] (Compaq Computer Corporation) -- C:\WINDOWS\System32\dllcache\netflx3.sys
[2012/02/22 17:34:12 | 000,039,264 | ---- | C] (NeoMagic Corporation) -- C:\WINDOWS\System32\dllcache\neo20xx.sys
[2012/02/22 17:34:09 | 000,060,480 | ---- | C] (NeoMagic Corporation) -- C:\WINDOWS\System32\dllcache\neo20xx.dll
[2012/02/22 17:34:07 | 000,015,872 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\ne2000.sys
[2012/02/22 17:34:06 | 000,010,880 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\ndisip.sys
[2012/02/22 17:34:03 | 000,085,248 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\nabtsfec.sys
[2012/02/22 17:34:01 | 000,091,488 | ---- | C] (Number Nine Visual Technology Corp.) -- C:\WINDOWS\System32\dllcache\n9i3disp.dll
[2012/02/22 17:33:59 | 000,027,936 | ---- | C] (Number Nine Visual Technology Corp.) -- C:\WINDOWS\System32\dllcache\n9i3d.sys
[2012/02/22 17:33:56 | 000,033,088 | ---- | C] (Number Nine Visual Technology Corp.) -- C:\WINDOWS\System32\dllcache\n9i128v2.sys
[2012/02/22 17:33:54 | 000,059,104 | ---- | C] (Number Nine Visual Technology Corp.) -- C:\WINDOWS\System32\dllcache\n9i128v2.dll
[2012/02/22 17:33:52 | 000,013,664 | ---- | C] (Number Nine Visual Technology Corp.) -- C:\WINDOWS\System32\dllcache\n9i128.sys
[2012/02/22 17:33:50 | 000,035,392 | ---- | C] (Number Nine Visual Technology Corp.) -- C:\WINDOWS\System32\dllcache\n9i128.dll
[2012/02/22 17:33:47 | 000,128,000 | ---- | C] (Compaq Computer Corporation) -- C:\WINDOWS\System32\dllcache\n100325.sys
[2012/02/22 17:33:45 | 000,052,255 | ---- | C] (Compaq Computer Corporation) -- C:\WINDOWS\System32\dllcache\n1000nt5.sys
[2012/02/22 17:33:42 | 000,075,520 | ---- | C] (Moxa Technologies Co., Ltd.) -- C:\WINDOWS\System32\dllcache\mxport.sys
[2012/02/22 17:33:40 | 000,007,168 | ---- | C] (Moxa Technologies Co., Ltd) -- C:\WINDOWS\System32\dllcache\mxport.dll
[2012/02/22 17:33:38 | 000,019,968 | ---- | C] (Macronix International Co., Ltd. ) -- C:\WINDOWS\System32\dllcache\mxnic.sys
[2012/02/22 17:33:36 | 000,019,968 | ---- | C] (Moxa Technologies Co., Ltd) -- C:\WINDOWS\System32\dllcache\mxicfg.dll
[2012/02/22 17:33:33 | 000,021,888 | ---- | C] (Moxa Technologies Co., Ltd.) -- C:\WINDOWS\System32\dllcache\mxcard.sys
[2012/02/22 17:33:32 | 000,012,672 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\mutohpen.sys
[2012/02/22 17:33:29 | 000,452,736 | ---- | C] (Matrox Graphics Inc.) -- C:\WINDOWS\System32\dllcache\mtxparhm.sys
[2012/02/22 17:33:29 | 000,103,296 | ---- | C] (Matrox Graphics Inc) -- C:\WINDOWS\System32\dllcache\mtxvideo.sys
[2012/02/22 17:33:28 | 001,737,856 | ---- | C] (Matrox Graphics Inc.) -- C:\WINDOWS\System32\dllcache\mtxparhd.dll
[2012/02/22 17:33:26 | 001,309,184 | ---- | C] (Smart Link) -- C:\WINDOWS\System32\dllcache\mtlstrm.sys
[2012/02/22 17:33:26 | 000,126,686 | ---- | C] (Smart Link) -- C:\WINDOWS\System32\dllcache\mtlmnt5.sys
[2012/02/22 17:33:15 | 000,005,504 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\mstee.sys
[2012/02/22 17:33:14 | 000,049,024 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\mstape.sys
[2012/02/22 17:33:09 | 000,012,416 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\msriffwv.sys
[2012/02/22 17:32:59 | 000,002,944 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\msmpu401.sys
[2012/02/22 17:32:58 | 000,022,016 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\msircomm.sys
[2012/02/22 17:32:44 | 000,035,200 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\msgame.sys
[2012/02/22 17:32:41 | 000,006,016 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\msfsio.sys
[2012/02/22 17:32:40 | 000,051,200 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\msdv.sys
[2012/02/22 17:32:27 | 000,017,280 | ---- | C] (American Megatrends Inc.) -- C:\WINDOWS\System32\dllcache\mraid35x.sys
[2012/02/22 17:32:20 | 000,015,232 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\mpe.sys
[2012/02/22 17:32:13 | 000,016,128 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\modemcsa.sys
[2012/02/22 17:32:06 | 000,006,528 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\miniqic.sys
[2012/02/22 17:32:00 | 000,320,384 | ---- | C] (Matrox Graphics Inc.) -- C:\WINDOWS\System32\dllcache\mgaum.sys
[2012/02/22 17:31:58 | 000,235,648 | ---- | C] (Matrox Graphics Inc.) -- C:\WINDOWS\System32\dllcache\mgaud.dll
[2012/02/22 17:31:56 | 000,026,112 | ---- | C] (Sony Corporation) -- C:\WINDOWS\System32\dllcache\memstpci.sys
[2012/02/22 17:31:53 | 000,047,616 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\memgrp.dll
[2012/02/22 17:31:51 | 000,008,320 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\memcard.sys
[2012/02/22 17:31:47 | 000,164,586 | ---- | C] (Madge Networks Ltd) -- C:\WINDOWS\System32\dllcache\mdgndis5.sys
[2012/02/22 17:31:42 | 000,007,424 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\mammoth.sys
[2012/02/22 17:31:39 | 000,048,768 | ---- | C] (ESS Technology, Inc.) -- C:\WINDOWS\System32\dllcache\maestro.sys
[2012/02/22 17:31:36 | 000,058,880 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\m3092dc.dll
[2012/02/22 17:31:34 | 000,058,368 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\m3091dc.dll
[2012/02/22 17:31:31 | 000,022,848 | ---- | C] (Logitech Inc.) -- C:\WINDOWS\System32\dllcache\lwusbhid.sys
[2012/02/22 17:31:31 | 000,020,864 | ---- | C] (Logitech Inc.) -- C:\WINDOWS\System32\dllcache\lwadihid.sys
[2012/02/22 17:31:27 | 000,797,500 | ---- | C] (LT) -- C:\WINDOWS\System32\dllcache\ltsmt.sys
[2012/02/22 17:31:25 | 000,802,683 | ---- | C] (Lucent Technologies) -- C:\WINDOWS\System32\dllcache\ltsm.sys
[2012/02/22 17:31:25 | 000,007,040 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\ltotape.sys
[2012/02/22 17:31:24 | 000,420,992 | ---- | C] (LT) -- C:\WINDOWS\System32\dllcache\ltmdmntt.sys
[2012/02/22 17:31:21 | 000,606,684 | ---- | C] (LT) -- C:\WINDOWS\System32\dllcache\ltmdmnt.sys
[2012/02/22 17:31:21 | 000,576,746 | ---- | C] (LT) -- C:\WINDOWS\System32\dllcache\ltmdmntl.sys
[2012/02/22 17:31:19 | 000,727,786 | ---- | C] (Xircom, Inc.) -- C:\WINDOWS\System32\dllcache\ltck000c.sys
[2012/02/22 17:31:15 | 000,004,992 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\loop.sys
[2012/02/22 17:31:09 | 000,070,730 | ---- | C] (Linksys Group, Inc.) -- C:\WINDOWS\System32\dllcache\lne100tx.sys
[2012/02/22 17:31:07 | 000,020,573 | ---- | C] (The Linksts Group ) -- C:\WINDOWS\System32\dllcache\lne100.sys
[2012/02/22 17:31:05 | 000,025,065 | ---- | C] (D-Link) -- C:\WINDOWS\System32\dllcache\lmndis3.sys
[2012/02/22 17:31:02 | 000,015,744 | ---- | C] (Litronic Industries) -- C:\WINDOWS\System32\dllcache\lit220p.sys
[2012/02/22 17:31:01 | 000,034,688 | ---- | C] (Toshiba Corp.) -- C:\WINDOWS\System32\dllcache\lbrtfdc.sys
[2012/02/22 17:30:59 | 000,026,442 | ---- | C] (SMSC) -- C:\WINDOWS\System32\dllcache\lanepic5.sys
[2012/02/22 17:30:56 | 000,043,008 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\ksxbar.ax
[2012/02/22 17:30:56 | 000,019,016 | ---- | C] (Kingston Technology Company ) -- C:\WINDOWS\System32\dllcache\ktc111.sys
[2012/02/22 17:30:55 | 000,091,136 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kswdmcap.ax
[2012/02/22 17:30:54 | 000,061,952 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kstvtune.ax
[2012/02/22 17:30:51 | 000,037,376 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kousd.dll
[2012/02/22 17:30:49 | 000,253,952 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kdsusd.dll
[2012/02/22 17:30:48 | 000,048,640 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kdsui.dll
[2012/02/22 17:30:36 | 000,008,192 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kbdkor.dll
[2012/02/22 17:30:34 | 000,008,704 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kbdjpn.dll
[2012/02/22 17:30:23 | 000,006,144 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kbd106.dll
[2012/02/22 17:30:21 | 000,005,632 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kbd103.dll
[2012/02/22 17:30:19 | 000,006,144 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kbd101c.dll
[2012/02/22 17:30:16 | 000,006,144 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kbd101b.dll
[2012/02/22 17:30:11 | 000,026,624 | ---- | C] (SigmaTel, Inc.) -- C:\WINDOWS\System32\dllcache\irstusb.sys
[2012/02/22 17:30:09 | 000,018,688 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\irsir.sys
[2012/02/22 17:30:08 | 000,028,160 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\irmon.dll
[2012/02/22 17:30:06 | 000,023,552 | ---- | C] (MKNet Corporation) -- C:\WINDOWS\System32\dllcache\irmk7.sys
[2012/02/22 17:30:05 | 000,151,552 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\irftp.exe
[2012/02/22 17:30:04 | 000,088,192 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\irda.sys
[2012/02/22 17:30:04 | 000,046,592 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\irbus.sys
[2012/02/22 17:30:02 | 000,016,384 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\ipsink.ax
[2012/02/22 17:29:57 | 000,045,632 | ---- | C] (Interphase ® Corporation a Windows ® 2000 DDK Driver Provider) -- C:\WINDOWS\System32\dllcache\ip5515.sys
[2012/02/22 17:29:55 | 000,090,200 | ---- | C] (Perle Systems Ltd. ) -- C:\WINDOWS\System32\dllcache\io8ports.dll
[2012/02/22 17:29:53 | 000,038,784 | ---- | C] (Perle Systems Ltd. ) -- C:\WINDOWS\System32\dllcache\io8.sys
[2012/02/22 17:29:52 | 000,005,504 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\intelide.sys
[2012/02/22 17:29:49 | 000,013,056 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\inport.sys
[2012/02/22 17:29:47 | 000,016,000 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\ini910u.sys
[2012/02/22 17:29:25 | 000,081,920 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\ieencode.dll
[2012/02/22 17:29:20 | 000,372,824 | ---- | C] (Xircom) -- C:\WINDOWS\System32\dllcache\iconf32.dll
[2012/02/22 17:29:17 | 000,100,992 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\icam5usb.sys
[2012/02/22 17:29:15 | 000,020,480 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\icam5ext.dll
[2012/02/22 17:29:13 | 000,045,056 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\icam5com.dll
[2012/02/22 17:29:11 | 000,154,496 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\icam4usb.sys
[2012/02/22 17:29:09 | 000,061,952 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\icam4ext.dll
[2012/02/22 17:29:07 | 000,091,136 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\icam4com.dll
[2012/02/22 17:29:05 | 000,026,624 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\icam3ext.dll
[2012/02/22 17:29:03 | 000,141,056 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\icam3.sys
[2012/02/22 17:29:01 | 000,038,528 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\ibmvcap.sys
[2012/02/22 17:28:59 | 000,109,085 | ---- | C] (IBM Corporation) -- C:\WINDOWS\System32\dllcache\ibmtrp.sys
[2012/02/22 17:28:57 | 000,100,936 | ---- | C] (IBM Corporation) -- C:\WINDOWS\System32\dllcache\ibmtok.sys
[2012/02/22 17:28:55 | 000,009,216 | ---- | C] (IBM Corporation) -- C:\WINDOWS\System32\dllcache\ibmsgnet.dll
[2012/02/22 17:28:53 | 000,028,700 | ---- | C] (IBM Corp.) -- C:\WINDOWS\System32\dllcache\ibmexmp.sys
[2012/02/22 17:28:51 | 000,161,020 | ---- | C] (Intel® Corporation) -- C:\WINDOWS\System32\dllcache\i81xnt5.sys
[2012/02/22 17:28:50 | 000,702,845 | ---- | C] (Intel® Corporation) -- C:\WINDOWS\System32\dllcache\i81xdnt5.dll
[2012/02/22 17:28:48 | 000,058,592 | ---- | C] (Intel Corporation) -- C:\WINDOWS\System32\dllcache\i740nt5.sys
[2012/02/22 17:28:46 | 000,353,184 | ---- | C] (Intel Corporation) -- C:\WINDOWS\System32\dllcache\i740dnt5.dll
[2012/02/22 17:28:45 | 000,018,560 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\i2omp.sys
[2012/02/22 17:28:44 | 000,008,576 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\i2omgmt.sys
[2012/02/22 17:28:21 | 001,041,536 | ---- | C] (Conexant Systems, Inc.) -- C:\WINDOWS\System32\dllcache\hsfdpsp2.sys
[2012/02/22 17:28:20 | 000,685,056 | ---- | C] (Conexant Systems, Inc.) -- C:\WINDOWS\System32\dllcache\hsfcxts2.sys
[2012/02/22 17:28:19 | 000,032,285 | ---- | C] (Conexant Systems, Inc.) -- C:\WINDOWS\System32\dllcache\hsfcisp2.dll
[2012/02/22 17:28:18 | 000,220,032 | ---- | C] (Conexant Systems, Inc.) -- C:\WINDOWS\System32\dllcache\hsfbs2s2.sys
[2012/02/22 17:28:16 | 000,488,383 | ---- | C] (Conexant) -- C:\WINDOWS\System32\dllcache\hsf_v124.sys
[2012/02/22 17:28:14 | 000,050,751 | ---- | C] (Conexant) -- C:\WINDOWS\System32\dllcache\hsf_tone.sys
[2012/02/22 17:28:12 | 000,073,279 | ---- | C] (Conexant) -- C:\WINDOWS\System32\dllcache\hsf_spkp.sys
[2012/02/22 17:28:11 | 000,044,863 | ---- | C] (Conexant) -- C:\WINDOWS\System32\dllcache\hsf_soar.sys
[2012/02/22 17:28:09 | 000,057,471 | ---- | C] (Conexant) -- C:\WINDOWS\System32\dllcache\hsf_samp.sys
[2012/02/22 17:28:07 | 000,542,879 | ---- | C] (Conexant) -- C:\WINDOWS\System32\dllcache\hsf_msft.sys
[2012/02/22 17:28:04 | 000,391,199 | ---- | C] (Conexant) -- C:\WINDOWS\System32\dllcache\hsf_k56k.sys
[2012/02/22 17:28:03 | 000,009,759 | ---- | C] (Conexant) -- C:\WINDOWS\System32\dllcache\hsf_inst.dll
[2012/02/22 17:28:01 | 000,115,807 | ---- | C] (Conexant) -- C:\WINDOWS\System32\dllcache\hsf_fsks.sys
[2012/02/22 17:27:59 | 000,199,711 | ---- | C] (Conexant) -- C:\WINDOWS\System32\dllcache\hsf_faxx.sys
[2012/02/22 17:27:57 | 000,289,887 | ---- | C] (Conexant) -- C:\WINDOWS\System32\dllcache\hsf_fall.sys
[2012/02/22 17:27:55 | 000,067,167 | ---- | C] (Conexant) -- C:\WINDOWS\System32\dllcache\hsf_bsc2.sys
[2012/02/22 17:27:53 | 000,150,239 | ---- | C] (Conexant) -- C:\WINDOWS\System32\dllcache\hsf_amos.sys
[2012/02/22 17:27:50 | 000,019,456 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\hr1w.dll
[2012/02/22 17:27:48 | 000,005,760 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\hpt4qic.sys
[2012/02/22 17:27:46 | 000,013,312 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\hpsjmcro.dll
[2012/02/22 17:27:44 | 000,324,608 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\hpojwia.dll
[2012/02/22 17:27:42 | 000,025,952 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\hpn.sys
[2012/02/22 17:27:40 | 000,032,768 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\hpgtmcro.dll
[2012/02/22 17:27:38 | 000,068,608 | ---- | C] (Avisioin) -- C:\WINDOWS\System32\dllcache\hpgt53tk.dll
[2012/02/22 17:27:35 | 000,031,232 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\hpgt42tk.dll
[2012/02/22 17:27:31 | 000,126,976 | ---- | C] (Hewlett Packard) -- C:\WINDOWS\System32\dllcache\hpgt34tk.dll
[2012/02/22 17:27:27 | 000,048,128 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\hpgt33tk.dll
[2012/02/22 17:27:24 | 000,123,392 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\hpgt21tk.dll
[2012/02/22 17:27:17 | 000,119,296 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\hpdigwia.dll
[2012/02/22 17:27:11 | 000,002,688 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\hidswvd.sys
[2012/02/22 17:27:10 | 000,019,200 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\hidir.sys
[2012/02/22 17:27:08 | 000,025,600 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\hidbth.sys
[2012/02/22 17:27:08 | 000,008,576 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\hidgame.sys
[2012/02/22 17:27:07 | 000,020,352 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\hidbatt.sys
[2012/02/22 17:27:02 | 000,907,456 | ---- | C] (Conexant) -- C:\WINDOWS\System32\dllcache\hcf_msft.sys
[2012/02/22 17:27:00 | 000,028,288 | ---- | C] (Gemplus) -- C:\WINDOWS\System32\dllcache\grserial.sys
[2012/02/22 17:26:58 | 000,082,304 | ---- | C] (Gemplus) -- C:\WINDOWS\System32\dllcache\grclass.sys
[2012/02/22 17:26:56 | 000,017,408 | ---- | C] (Gemplus) -- C:\WINDOWS\System32\dllcache\gpr400.sys
[2012/02/22 17:26:52 | 000,059,136 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\gckernel.sys
[2012/02/22 17:26:51 | 000,010,624 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\gameenum.sys
[2012/02/22 17:26:50 | 000,046,464 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\gagp30kx.sys
[2012/02/22 17:26:48 | 000,322,432 | ---- | C] (Matrox Graphics Inc.) -- C:\WINDOWS\System32\dllcache\g400m.sys
[2012/02/22 17:26:47 | 001,733,120 | ---- | C] (Matrox Graphics Inc.) -- C:\WINDOWS\System32\dllcache\g400d.dll
[2012/02/22 17:26:44 | 000,320,384 | ---- | C] (Matrox Graphics Inc.) -- C:\WINDOWS\System32\dllcache\g200m.sys
[2012/02/22 17:26:43 | 000,470,144 | ---- | C] (Matrox Graphics Inc.) -- C:\WINDOWS\System32\dllcache\g200d.dll
[2012/02/22 17:26:41 | 000,454,912 | ---- | C] (AVM GmbH) -- C:\WINDOWS\System32\dllcache\fxusbase.sys
[2012/02/22 17:26:32 | 000,092,160 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\fuusd.dll
[2012/02/22 17:26:31 | 000,455,296 | ---- | C] (AVM GmbH) -- C:\WINDOWS\System32\dllcache\fusbbase.sys
[2012/02/22 17:26:29 | 000,455,680 | ---- | C] (AVM GmbH) -- C:\WINDOWS\System32\dllcache\fus2base.sys
[2012/02/22 17:26:26 | 000,193,024 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\fsquirt.exe
[2012/02/22 17:26:24 | 000,442,240 | ---- | C] (AVM GmbH) -- C:\WINDOWS\System32\dllcache\fpnpbase.sys
[2012/02/22 17:26:22 | 000,441,728 | ---- | C] (AVM GmbH) -- C:\WINDOWS\System32\dllcache\fpcmbase.sys
[2012/02/22 17:26:21 | 000,444,416 | ---- | C] (AVM GmbH) -- C:\WINDOWS\System32\dllcache\fpcibase.sys
[2012/02/22 17:26:19 | 000,034,173 | ---- | C] (Marconi Communications, Inc.) -- C:\WINDOWS\System32\dllcache\forehe.sys
[2012/02/22 17:26:17 | 000,071,680 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\fnfilter.dll
[2012/02/22 17:26:12 | 000,027,165 | ---- | C] (VIA Technologies, Inc. ) -- C:\WINDOWS\System32\dllcache\fetnd5.sys
[2012/02/22 17:26:08 | 000,022,090 | ---- | C] (3Com Corporation) -- C:\WINDOWS\System32\dllcache\fem556n5.sys
[2012/02/22 17:26:04 | 000,024,618 | ---- | C] (NETGEAR) -- C:\WINDOWS\System32\dllcache\fa410nd5.sys
[2012/02/22 17:26:03 | 000,016,074 | ---- | C] (NETGEAR Corp.) -- C:\WINDOWS\System32\dllcache\fa312nd5.sys
[2012/02/22 17:26:01 | 000,011,850 | ---- | C] (FUJITSU LIMITED) -- C:\WINDOWS\System32\dllcache\f3ab18xj.sys
[2012/02/22 17:26:00 | 000,012,362 | ---- | C] (FUJITSU LIMITED) -- C:\WINDOWS\System32\dllcache\f3ab18xi.sys
[2012/02/22 17:25:56 | 000,007,040 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\exabyte2.sys
[2012/02/22 17:25:55 | 000,016,998 | ---- | C] (Intel Corporation) -- C:\WINDOWS\System32\dllcache\ex10.sys
[2012/02/22 17:25:50 | 000,045,568 | ---- | C] (SEIKO EPSON CORP.) -- C:\WINDOWS\System32\dllcache\esunib.dll
[2012/02/22 17:25:48 | 000,045,568 | ---- | C] (SEIKO EPSON CORP.) -- C:\WINDOWS\System32\dllcache\esuni.dll
[2012/02/22 17:25:47 | 000,034,816 | ---- | C] (SEIKO EPSON CORP.) -- C:\WINDOWS\System32\dllcache\esuimg.dll
[2012/02/22 17:25:45 | 000,137,088 | ---- | C] (ESS Technology, Inc.) -- C:\WINDOWS\System32\dllcache\essm2e.sys
[2012/02/22 17:25:45 | 000,043,008 | ---- | C] (SEIKO EPSON CORP.) -- C:\WINDOWS\System32\dllcache\esucm.dll
[2012/02/22 17:25:43 | 000,063,360 | ---- | C] (ESS Technology, Inc.) -- C:\WINDOWS\System32\dllcache\ess.sys
[2012/02/22 17:25:40 | 000,347,550 | ---- | C] (ESS Technology, Inc.) -- C:\WINDOWS\System32\dllcache\es56tpi.sys
[2012/02/22 17:25:39 | 000,594,238 | ---- | C] (ESS Technology, Inc.) -- C:\WINDOWS\System32\dllcache\es56hpi.sys
[2012/02/22 17:25:37 | 000,595,647 | ---- | C] (ESS Technology, Inc.) -- C:\WINDOWS\System32\dllcache\es56cvmp.sys
[2012/02/22 17:25:36 | 000,174,464 | ---- | C] (ESS Technology, Inc.) -- C:\WINDOWS\System32\dllcache\es198x.sys
[2012/02/22 17:25:34 | 000,072,192 | ---- | C] (ESS Technology Inc.) -- C:\WINDOWS\System32\dllcache\es1969.sys
[2012/02/22 17:25:33 | 000,040,704 | ---- | C] (Creative Technology Ltd.) -- C:\WINDOWS\System32\dllcache\es1371mp.sys
[2012/02/22 17:25:31 | 000,037,120 | ---- | C] (Creative Technology Ltd.) -- C:\WINDOWS\System32\dllcache\es1370mp.sys
[2012/02/22 17:25:29 | 000,061,952 | ---- | C] (Equinox Systems Inc.) -- C:\WINDOWS\System32\dllcache\eqnloop.exe
[2012/02/22 17:25:28 | 000,051,200 | ---- | C] (Equinox Systems Inc.) -- C:\WINDOWS\System32\dllcache\eqnlogr.exe
[2012/02/22 17:25:26 | 000,053,248 | ---- | C] (Equinox Systems Inc.) -- C:\WINDOWS\System32\dllcache\eqndiag.exe
[2012/02/22 17:25:24 | 000,629,952 | ---- | C] (Equinox Systems Inc.) -- C:\WINDOWS\System32\dllcache\eqn.sys
[2012/02/22 17:25:23 | 000,114,944 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\epstw2k.sys
[2012/02/22 17:25:19 | 000,018,503 | ---- | C] (Intel Corporation) -- C:\WINDOWS\System32\dllcache\epro4.sys
[2012/02/22 17:25:18 | 000,144,896 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\epcfw2k.sys
[2012/02/22 17:25:17 | 000,006,400 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\enum1394.sys
[2012/02/22 17:25:15 | 000,283,904 | ---- | C] (Creative Technology Ltd.) -- C:\WINDOWS\System32\dllcache\emu10k1m.sys
[2012/02/22 17:25:12 | 000,019,996 | ---- | C] (3Com Corporation) -- C:\WINDOWS\System32\dllcache\em556n4.sys
[2012/02/22 17:25:11 | 000,025,159 | ---- | C] (3Com Corporation) -- C:\WINDOWS\System32\dllcache\elnk3.sys
[2012/02/22 17:25:10 | 000,007,296 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\elmsmc.sys
[2012/02/22 17:25:09 | 000,171,520 | ---- | C] (3Com Corporation) -- C:\WINDOWS\System32\dllcache\el99xn51.sys
[2012/02/22 17:25:08 | 000,070,174 | ---- | C] (3Com Corporation) -- C:\WINDOWS\System32\dllcache\el98xn5.sys
[2012/02/22 17:25:07 | 000,455,199 | ---- | C] (3Com Corporation.) -- C:\WINDOWS\System32\dllcache\el985n51.sys
[2012/02/22 17:25:05 | 000,153,631 | ---- | C] (3Com Corporation) -- C:\WINDOWS\System32\dllcache\el90xnd5.sys
[2012/02/22 17:25:04 | 000,066,591 | ---- | C] (3Com Corporation) -- C:\WINDOWS\System32\dllcache\el90xbc5.sys
[2012/02/22 17:25:03 | 000,241,206 | ---- | C] (3Com Corporation) -- C:\WINDOWS\System32\dllcache\el656se5.sys
[2012/02/22 17:25:02 | 000,077,386 | ---- | C] (3Com Corporation) -- C:\WINDOWS\System32\dllcache\el656nd5.sys
[2012/02/22 17:25:01 | 000,634,134 | ---- | C] (3Com Corporation) -- C:\WINDOWS\System32\dllcache\el656ct5.sys
[2012/02/22 17:25:00 | 000,069,194 | ---- | C] (3Com Corporation) -- C:\WINDOWS\System32\dllcache\el656cd5.sys
[2012/02/22 17:24:59 | 000,026,141 | ---- | C] (3Com Corporation) -- C:\WINDOWS\System32\dllcache\el589nd5.sys
[2012/02/22 17:24:58 | 000,069,692 | ---- | C] (3Com Corporation) -- C:\WINDOWS\System32\dllcache\el575nd5.sys
[2012/02/22 17:24:57 | 000,024,653 | ---- | C] (3Com Corporation) -- C:\WINDOWS\System32\dllcache\el574nd4.sys
[2012/02/22 17:24:56 | 000,055,999 | ---- | C] (3Com Corporation) -- C:\WINDOWS\System32\dllcache\el556nd5.sys
[2012/02/22 17:24:55 | 000,044,103 | ---- | C] (3Com Corporation) -- C:\WINDOWS\System32\dllcache\el515.sys
[2012/02/22 17:24:49 | 000,019,594 | ---- | C] (Intel Corporation) -- C:\WINDOWS\System32\dllcache\e100isa4.sys
[2012/02/22 17:24:48 | 000,117,760 | ---- | C] (Intel Corporation) -- C:\WINDOWS\System32\dllcache\e100b325.sys
[2012/02/22 17:24:47 | 000,050,719 | ---- | C] (Intel Corporation) -- C:\WINDOWS\System32\dllcache\e1000nt5.sys
[2012/02/22 17:24:39 | 000,020,992 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\dshowext.ax
[2012/02/22 17:24:37 | 000,334,208 | ---- | C] (Yamaha Corp.) -- C:\WINDOWS\System32\dllcache\ds1wdm.sys
[2012/02/22 17:24:34 | 000,020,192 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\dpti2o.sys
[2012/02/22 17:24:31 | 000,028,062 | ---- | C] (National Semiconductor Coproration) -- C:\WINDOWS\System32\dllcache\dp83820.sys
[2012/02/22 17:24:30 | 000,023,808 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\dot4usb.sys
[2012/02/22 17:24:29 | 000,008,704 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\dot4scan.sys
[2012/02/22 17:24:28 | 000,206,976 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\dot4.sys
[2012/02/22 17:24:28 | 000,012,928 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\dot4prt.sys
[2012/02/22 17:24:21 | 000,029,696 | ---- | C] (CNet Technology, Inc. ) -- C:\WINDOWS\System32\dllcache\dm9pci5.sys
[2012/02/22 17:24:21 | 000,008,320 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\dlttape.sys
[2012/02/22 17:24:19 | 000,952,007 | ---- | C] (Eicon Technology) -- C:\WINDOWS\System32\dllcache\diwan.sys
[2012/02/22 17:24:19 | 000,026,698 | ---- | C] (D-Link Corporation) -- C:\WINDOWS\System32\dllcache\dlh5xnd5.sys
[2012/02/22 17:24:15 | 000,236,060 | ---- | C] (Eicon Technology) -- C:\WINDOWS\System32\dllcache\ditrace.exe
[2012/02/22 17:24:14 | 000,038,985 | ---- | C] (Eicon Technology) -- C:\WINDOWS\System32\dllcache\disrvsu.dll
[2012/02/22 17:24:13 | 000,031,305 | ---- | C] (Eicon Technology) -- C:\WINDOWS\System32\dllcache\disrvpp.dll
[2012/02/22 17:24:12 | 000,006,729 | ---- | C] (Eicon Technology) -- C:\WINDOWS\System32\dllcache\disrvci.dll
[2012/02/22 17:24:10 | 000,091,305 | ---- | C] (Eicon Technology) -- C:\WINDOWS\System32\dllcache\dimaint.sys
[2012/02/22 17:24:09 | 000,614,429 | ---- | C] (Digi International Inc.) -- C:\WINDOWS\System32\dllcache\digiview.exe
[2012/02/22 17:24:08 | 000,042,432 | ---- | C] (Digi International, Inc.) -- C:\WINDOWS\System32\dllcache\digirlpt.sys
[2012/02/22 17:24:07 | 000,110,621 | ---- | C] (Digi International, Inc.) -- C:\WINDOWS\System32\dllcache\digirlpt.dll
[2012/02/22 17:24:06 | 000,021,606 | ---- | C] (Digi International Inc.) -- C:\WINDOWS\System32\dllcache\digiisdn.sys
[2012/02/22 17:24:05 | 000,041,046 | ---- | C] (Digi International Inc.) -- C:\WINDOWS\System32\dllcache\digiisdn.dll
[2012/02/22 17:24:04 | 000,102,484 | ---- | C] (Digi International Inc.) -- C:\WINDOWS\System32\dllcache\digiinf.dll
[2012/02/22 17:24:03 | 000,159,828 | ---- | C] (Digi International Inc.) -- C:\WINDOWS\System32\dllcache\digihlc.dll
[2012/02/22 17:24:02 | 000,229,462 | ---- | C] (Digi International Inc.) -- C:\WINDOWS\System32\dllcache\digifwrk.dll
[2012/02/22 17:24:01 | 000,090,525 | ---- | C] (Digi International Inc.) -- C:\WINDOWS\System32\dllcache\digifep5.sys
[2012/02/22 17:24:00 | 000,131,156 | ---- | C] (Digi International Inc.) -- C:\WINDOWS\System32\dllcache\digidbp.dll
[2012/02/22 17:24:00 | 000,103,044 | ---- | C] (Digi International Inc.) -- C:\WINDOWS\System32\dllcache\digidxb.sys
[2012/02/22 17:23:59 | 000,037,735 | ---- | C] (Digi International Inc.) -- C:\WINDOWS\System32\dllcache\digiasyn.sys
[2012/02/22 17:23:58 | 000,065,622 | ---- | C] (Digi International Inc.) -- C:\WINDOWS\System32\dllcache\digiasyn.dll
[2012/02/22 17:23:55 | 000,419,357 | ---- | C] (Digi International) -- C:\WINDOWS\System32\dllcache\dgconfig.dll
[2012/02/22 17:23:54 | 000,029,531 | ---- | C] (Digi International Inc.) -- C:\WINDOWS\System32\dllcache\dgapci.sys
[2012/02/22 17:23:52 | 000,024,649 | ---- | C] (D-Link) -- C:\WINDOWS\System32\dllcache\dfe650d.sys
[2012/02/22 17:23:51 | 000,024,648 | ---- | C] (D-Link) -- C:\WINDOWS\System32\dllcache\dfe650.sys
[2012/02/22 17:23:50 | 000,024,064 | ---- | C] (Creative Technology Ltd.) -- C:\WINDOWS\System32\dllcache\devldr32.exe
[2012/02/22 17:23:49 | 000,256,512 | ---- | C] (Creative Technology Ltd.) -- C:\WINDOWS\System32\dllcache\devcon32.dll
[2012/02/22 17:23:47 | 000,020,928 | ---- | C] (Digital Networks, LLC) -- C:\WINDOWS\System32\dllcache\defpa.sys
[2012/02/22 17:23:46 | 000,007,424 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\ddsmc.sys
[2012/02/22 17:23:44 | 000,110,592 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\dc260usd.dll
[2012/02/22 17:23:43 | 000,086,016 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\dc240usd.dll
[2012/02/22 17:23:43 | 000,063,208 | ---- | C] (Intel Corporation.) -- C:\WINDOWS\System32\dllcache\dc21x4.sys
[2012/02/22 17:23:42 | 000,080,896 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\dc210usd.dll
[2012/02/22 17:23:41 | 000,025,600 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\dc210_32.dll
[2012/02/22 17:23:37 | 000,014,720 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\dac960nt.sys
[2012/02/22 17:23:36 | 000,179,584 | ---- | C] (Mylex Corporation) -- C:\WINDOWS\System32\dllcache\dac2w2k.sys
[2012/02/22 17:23:32 | 000,117,760 | ---- | C] (Intel Corporation) -- C:\WINDOWS\System32\dllcache\d100ib5.sys
[2012/02/22 17:23:31 | 000,027,648 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\cyzports.dll
[2012/02/22 17:23:30 | 000,049,792 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\cyzport.sys
[2012/02/22 17:23:29 | 000,027,648 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\cyyports.dll
[2012/02/22 17:23:29 | 000,027,136 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\cyzcoins.dll
[2012/02/22 17:23:28 | 000,050,176 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\cyyport.sys
[2012/02/22 17:23:27 | 000,028,672 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\cyycoins.dll
[2012/02/22 17:23:26 | 000,014,848 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\cyclom-y.sys
[2012/02/22 17:23:25 | 000,048,640 | ---- | C] (Crystal Semiconductor Corp.) -- C:\WINDOWS\System32\dllcache\cwrwdm.sys
[2012/02/22 17:23:25 | 000,017,152 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\cyclad-z.sys
[2012/02/22 17:23:24 | 000,093,952 | ---- | C] (Crystal Semiconductor Corp.) -- C:\WINDOWS\System32\dllcache\cwcwdm.sys
[2012/02/22 17:23:23 | 000,111,872 | ---- | C] (Crystal Semiconductor Corp.) -- C:\WINDOWS\System32\dllcache\cwcspud.sys
[2012/02/22 17:23:23 | 000,003,584 | ---- | C] (Crystal Semiconductor Corp.) -- C:\WINDOWS\System32\dllcache\cwcosnt5.sys
[2012/02/22 17:23:22 | 000,072,832 | ---- | C] (Crystal Semiconductor Corp.) -- C:\WINDOWS\System32\dllcache\cwbwdm.sys
[2012/02/22 17:23:21 | 000,003,072 | ---- | C] (Crystal Semiconductor Corp.) -- C:\WINDOWS\System32\dllcache\cwbmidi.sys
[2012/02/22 17:23:20 | 000,003,072 | ---- | C] (Crystal Semiconductor Corp.) -- C:\WINDOWS\System32\dllcache\cwbase.sys
[2012/02/22 17:23:19 | 000,004,096 | ---- | C] (Creative Technology Ltd.) -- C:\WINDOWS\System32\dllcache\ctwdm32.dll
[2012/02/22 17:23:18 | 000,249,856 | ---- | C] (Comtrol® Corporation) -- C:\WINDOWS\System32\dllcache\ctmasetp.dll
[2012/02/22 17:23:18 | 000,096,256 | ---- | C] (Copyright © Creative Technology Ltd. 1994-2001) -- C:\WINDOWS\System32\dllcache\ctlsb16.sys
[2012/02/22 17:23:17 | 000,003,712 | ---- | C] (Creative Technology Ltd.) -- C:\WINDOWS\System32\dllcache\ctljystk.sys
[2012/02/22 17:23:16 | 000,006,912 | ---- | C] (Creative Technology Ltd.) -- C:\WINDOWS\System32\dllcache\ctlfacem.sys
[2012/02/22 17:23:13 | 000,175,104 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\csamsp.dll
[2012/02/22 17:23:12 | 000,042,112 | ---- | C] (Conexant Systems Inc.) -- C:\WINDOWS\System32\dllcache\crtaud.sys
[2012/02/22 17:23:11 | 000,216,064 | ---- | C] (COMPAQ Inc.) -- C:\WINDOWS\System32\dllcache\cpscan.dll
[2012/02/22 17:23:10 | 000,060,970 | ---- | C] (Compaq Computer Corp.) -- C:\WINDOWS\System32\dllcache\cpqtrnd5.sys
[2012/02/22 17:23:10 | 000,021,533 | ---- | C] (Compaq Computer Corporation) -- C:\WINDOWS\System32\dllcache\cpqndis5.sys
[2012/02/22 17:23:09 | 000,014,976 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\cpqarray.sys
[2012/02/22 17:23:00 | 000,010,240 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\compbatt.sys
[2012/02/22 17:22:59 | 000,039,936 | ---- | C] (Conexant Systems, Inc.) -- C:\WINDOWS\System32\dllcache\cnxt1803.sys
[2012/02/22 17:22:58 | 000,044,032 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\cnusd.dll
[2012/02/22 17:22:56 | 000,006,656 | ---- | C] (CMD Technology, Inc.) -- C:\WINDOWS\System32\dllcache\cmdide.sys
[2012/02/22 17:22:55 | 000,020,736 | ---- | C] (OMNIKEY AG) -- C:\WINDOWS\System32\dllcache\cmbp0wdm.sys
[2012/02/22 17:22:54 | 000,013,952 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\cmbatt.sys
[2012/02/22 17:22:53 | 000,248,064 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\cl546xm.sys
[2012/02/22 17:22:52 | 000,170,880 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\cl546x.dll
[2012/02/22 17:22:52 | 000,111,232 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\cl5465.dll
[2012/02/22 17:22:51 | 000,045,696 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\cirrus.sys
[2012/02/22 17:22:50 | 000,091,264 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\cirrus.dll
[2012/02/22 17:22:49 | 000,272,640 | ---- | C] (RAVISENT Technologies Inc.) -- C:\WINDOWS\System32\dllcache\cinemclc.sys
[2012/02/22 17:22:47 | 000,980,034 | ---- | C] (Xircom) -- C:\WINDOWS\System32\dllcache\cicap.sys
[2012/02/22 17:22:42 | 000,008,192 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\changer.sys
[2012/02/22 17:22:41 | 000,015,423 | ---- | C] (Intel® Corporation) -- C:\WINDOWS\System32\dllcache\ch7xxnt5.dll
[2012/02/22 17:22:39 | 000,049,182 | ---- | C] (Xircom, Inc.) -- C:\WINDOWS\System32\dllcache\cem56n5.sys
[2012/02/22 17:22:38 | 000,022,044 | ---- | C] (Xircom, Inc.) -- C:\WINDOWS\System32\dllcache\cem33n5.sys
[2012/02/22 17:22:38 | 000,022,044 | ---- | C] (Xircom, Inc.) -- C:\WINDOWS\System32\dllcache\cem28n5.sys
[2012/02/22 17:22:37 | 000,027,164 | ---- | C] (Xircom, Inc.) -- C:\WINDOWS\System32\dllcache\ce3n5.sys
[2012/02/22 17:22:37 | 000,021,530 | ---- | C] (Xircom, Inc.) -- C:\WINDOWS\System32\dllcache\ce2n5.sys
[2012/02/22 17:22:35 | 000,007,680 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\cd20xrnt.sys
[2012/02/22 17:22:34 | 000,714,698 | ---- | C] (Xircom, Inc.) -- C:\WINDOWS\System32\dllcache\cbmdmkxx.sys
[2012/02/22 17:22:34 | 000,017,024 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\ccdecode.sys
[2012/02/22 17:22:33 | 000,046,108 | ---- | C] (Xircom, Inc.) -- C:\WINDOWS\System32\dllcache\cben5.sys
[2012/02/22 17:22:33 | 000,039,680 | ---- | C] (Silicom Ltd.) -- C:\WINDOWS\System32\dllcache\cb325.sys
[2012/02/22 17:22:32 | 000,037,916 | ---- | C] (Fast Ethernet Controller Provider) -- C:\WINDOWS\System32\dllcache\cb102.sys
[2012/02/22 17:22:31 | 000,032,256 | ---- | C] (Eicon Technology Corporation) -- C:\WINDOWS\System32\dllcache\diapi2NT.dll
[2012/02/22 17:22:30 | 000,164,923 | ---- | C] (Eicon Technology) -- C:\WINDOWS\System32\dllcache\diapi2.sys
[2012/02/22 17:22:28 | 000,121,856 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\camext30.dll
[2012/02/22 17:22:28 | 000,116,736 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\camext30.ax
[2012/02/22 17:22:27 | 000,244,224 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\camext20.ax
[2012/02/22 17:22:27 | 000,236,032 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\camext20.dll
[2012/02/22 17:22:26 | 000,074,240 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\camexo20.dll
[2012/02/22 17:22:26 | 000,073,216 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\camexo20.ax
[2012/02/22 17:22:25 | 000,223,232 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\camdrv21.sys
[2012/02/22 17:22:25 | 000,171,264 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\camdrv30.sys
[2012/02/22 17:22:24 | 000,314,752 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\camdro21.sys
[2012/02/22 17:22:00 | 000,013,824 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\bulltlp3.sys
[2012/02/22 17:21:59 | 000,036,480 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\bthprint.sys
[2012/02/22 17:21:59 | 000,018,944 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\bthusb.sys
[2012/02/22 17:21:58 | 000,101,120 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\bthpan.sys
[2012/02/22 17:21:58 | 000,037,888 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\bthmodem.sys
[2012/02/22 17:21:57 | 000,017,024 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\bthenum.sys
[2012/02/22 17:21:56 | 000,031,529 | ---- | C] (BreezeCOM) -- C:\WINDOWS\System32\dllcache\brzwlan.sys
[2012/02/22 17:21:56 | 000,011,008 | ---- | C] (Brother Industries Ltd.) -- C:\WINDOWS\System32\dllcache\brusbmdm.sys
[2012/02/22 17:21:56 | 000,010,368 | ---- | C] (Brother Industries Ltd.) -- C:\WINDOWS\System32\dllcache\brusbscn.sys
[2012/02/22 17:21:55 | 000,060,416 | ---- | C] (Brother Industries Ltd.) -- C:\WINDOWS\System32\dllcache\brserwdm.sys
[2012/02/22 17:21:55 | 000,009,728 | ---- | C] (Brother Industries, Ltd.) -- C:\WINDOWS\System32\dllcache\brserif.dll
[2012/02/22 17:21:54 | 000,039,552 | ---- | C] (Brother Industries Ltd.) -- C:\WINDOWS\System32\dllcache\brparwdm.sys
[2012/02/22 17:21:54 | 000,005,120 | ---- | C] (Brother Industries,Ltd.) -- C:\WINDOWS\System32\dllcache\brscnrsm.dll
[2012/02/22 17:21:53 | 000,003,168 | ---- | C] (Brother Industries Ltd.) -- C:\WINDOWS\System32\dllcache\brparimg.sys
[2012/02/22 17:21:51 | 000,041,472 | ---- | C] (Brother Industries, Ltd.) -- C:\WINDOWS\System32\dllcache\brmfusb.dll
[2012/02/22 17:21:51 | 000,032,256 | ---- | C] (Brother Industries, Ltd.) -- C:\WINDOWS\System32\dllcache\brmfrsmg.exe
[2012/02/22 17:21:50 | 000,081,408 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\brmfcwia.dll
[2012/02/22 17:21:50 | 000,029,696 | ---- | C] (Brother Industries, Ltd.) -- C:\WINDOWS\System32\dllcache\brmflpt.dll
[2012/02/22 17:21:50 | 000,015,360 | ---- | C] (Brother Industries, Ltd.) -- C:\WINDOWS\System32\dllcache\brmfbidi.dll
[2012/02/22 17:21:49 | 000,012,160 | ---- | C] (Brother Industries, Ltd.) -- C:\WINDOWS\System32\dllcache\brfiltlo.sys
[2012/02/22 17:21:49 | 000,003,968 | ---- | C] (Brother Industries, Ltd.) -- C:\WINDOWS\System32\dllcache\brfiltup.sys
[2012/02/22 17:21:48 | 000,012,800 | ---- | C] (Brother Industries, Ltd.) -- C:\WINDOWS\System32\dllcache\brevif.dll
[2012/02/22 17:21:48 | 000,002,944 | ---- | C] (Brother Industries Ltd.) -- C:\WINDOWS\System32\dllcache\brfilt.sys
[2012/02/22 17:21:47 | 000,019,456 | ---- | C] (Brother Industries, Ltd.) -- C:\WINDOWS\System32\dllcache\brbidiif.dll
[2012/02/22 17:21:47 | 000,009,728 | ---- | C] (Brother Industries Ltd.) -- C:\WINDOWS\System32\dllcache\brcoinst.dll
[2012/02/22 17:21:44 | 000,102,400 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\binlsvc.dll
[2012/02/22 17:21:44 | 000,011,776 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\bdasup.sys
[2012/02/22 17:21:43 | 000,871,388 | ---- | C] (BCM) -- C:\WINDOWS\System32\dllcache\bcmdm.sys
[2012/02/22 17:21:43 | 000,026,568 | ---- | C] (Broadcom Corporation) -- C:\WINDOWS\System32\dllcache\bcm4e5.sys
[2012/02/22 17:21:43 | 000,018,432 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\bdaplgin.ax
[2012/02/22 17:21:42 | 000,066,557 | ---- | C] (Broadcom Corporation) -- C:\WINDOWS\System32\dllcache\bcm42u.sys
[2012/02/22 17:21:42 | 000,054,271 | ---- | C] (Broadcom Corporation) -- C:\WINDOWS\System32\dllcache\bcm42xx5.sys
[2012/02/22 17:21:41 | 000,014,208 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\battc.sys
[2012/02/22 17:21:40 | 000,342,336 | ---- | C] (3Dfx Interactive, Inc.) -- C:\WINDOWS\System32\dllcache\banshee.dll
[2012/02/22 17:21:40 | 000,036,128 | ---- | C] (3Dfx Interactive, Inc.) -- C:\WINDOWS\System32\dllcache\banshee.sys
[2012/02/22 17:21:39 | 000,096,640 | ---- | C] (Broadcom Corporation) -- C:\WINDOWS\System32\dllcache\b57xp32.sys
[2012/02/22 17:21:39 | 000,089,952 | ---- | C] (AVM GmbH) -- C:\WINDOWS\System32\dllcache\b1cbase.sys
[2012/02/22 17:21:39 | 000,036,992 | ---- | C] (Aztech Systems Ltd) -- C:\WINDOWS\System32\dllcache\aztw2320.sys
[2012/02/22 17:21:38 | 000,144,384 | ---- | C] (AVM GmbH) -- C:\WINDOWS\System32\dllcache\avmenum.dll
[2012/02/22 17:21:38 | 000,087,552 | ---- | C] (AVM GmbH) -- C:\WINDOWS\System32\dllcache\avmcoxp.dll
[2012/02/22 17:21:38 | 000,037,568 | ---- | C] (AVM GmbH) -- C:\WINDOWS\System32\dllcache\avmwan.sys
[2012/02/22 17:21:36 | 000,036,096 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\avcaudio.sys
[2012/02/22 17:21:36 | 000,013,696 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\avcstrm.sys
[2012/02/22 17:21:35 | 000,038,912 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\avc.sys
[2012/02/22 17:21:33 | 000,017,279 | ---- | C] (Intel® Corporation) -- C:\WINDOWS\System32\dllcache\atv10nt5.dll
[2012/02/22 17:21:32 | 000,025,471 | ---- | C] (Intel® Corporation) -- C:\WINDOWS\System32\dllcache\atv04nt5.dll
[2012/02/22 17:21:32 | 000,014,143 | ---- | C] (Intel® Corporation) -- C:\WINDOWS\System32\dllcache\atv06nt5.dll
[2012/02/22 17:21:31 | 000,011,359 | ---- | C] (Intel® Corporation) -- C:\WINDOWS\System32\dllcache\atv02nt5.dll
[2012/02/22 17:21:30 | 000,021,183 | ---- | C] (Intel® Corporation) -- C:\WINDOWS\System32\dllcache\atv01nt5.dll
[2012/02/22 17:21:28 | 000,516,768 | ---- | C] (ATI Technologies Inc. ) -- C:\WINDOWS\System32\dllcache\ativvaxx.dll
[2012/02/22 17:21:27 | 000,032,768 | ---- | C] (ATI Technologies Inc.) -- C:\WINDOWS\System32\dllcache\ativtmxx.dll
[2012/02/22 17:21:26 | 000,023,040 | ---- | C] (ATI Technologies Inc.) -- C:\WINDOWS\System32\dllcache\ativmvxx.ax
[2012/02/22 17:21:25 | 000,009,728 | ---- | C] (ATI Technologies Inc.) -- C:\WINDOWS\System32\dllcache\ativdaxx.ax
[2012/02/22 17:21:24 | 000,104,832 | ---- | C] (ATI Technologies Inc.) -- C:\WINDOWS\System32\dllcache\atiraged.dll
[2012/02/22 17:21:24 | 000,070,528 | ---- | C] (ATI Technologies Inc.) -- C:\WINDOWS\System32\dllcache\atiragem.sys
[2012/02/22 17:21:23 | 000,063,488 | ---- | C] (ATI Technologies Inc.) -- C:\WINDOWS\System32\dllcache\atinxsxx.sys
[2012/02/22 17:21:22 | 000,031,744 | ---- | C] (ATI Technologies Inc.) -- C:\WINDOWS\System32\dllcache\atinxbxx.sys
[2012/02/22 17:21:21 | 000,073,216 | ---- | C] (ATI Technologies Inc.) -- C:\WINDOWS\System32\dllcache\atintuxx.sys
[2012/02/22 17:21:21 | 000,013,824 | ---- | C] (ATI Technologies Inc.) -- C:\WINDOWS\System32\dllcache\atinttxx.sys
[2012/02/22 17:21:20 | 000,028,672 | ---- | C] (ATI Technologies Inc.) -- C:\WINDOWS\System32\dllcache\atinsnxx.sys
[2012/02/22 17:21:19 | 000,104,960 | ---- | C] (ATI Technologies Inc.) -- C:\WINDOWS\System32\dllcache\atinrvxx.sys
[2012/02/22 17:21:19 | 000,052,224 | ---- | C] (ATI Technologies Inc.) -- C:\WINDOWS\System32\dllcache\atinraxx.sys
[2012/02/22 17:21:19 | 000,014,336 | ---- | C] (ATI Technologies Inc.) -- C:\WINDOWS\System32\dllcache\atinpdxx.sys
[2012/02/22 17:21:19 | 000,013,824 | ---- | C] (ATI Technologies Inc.) -- C:\WINDOWS\System32\dllcache\atinmdxx.sys
[2012/02/22 17:21:18 | 000,281,600 | ---- | C] (ATI Technologies Inc.) -- C:\WINDOWS\System32\dllcache\atimtai.sys
[2012/02/22 17:21:18 | 000,057,856 | ---- | C] (ATI Technologies Inc.) -- C:\WINDOWS\System32\dllcache\atinbtxx.sys
[2012/02/22 17:21:17 | 000,289,664 | ---- | C] (ATI Technologies Inc.) -- C:\WINDOWS\System32\dllcache\atimpab.sys
[2012/02/22 17:21:17 | 000,268,160 | ---- | C] (ATI Technologies Inc.) -- C:\WINDOWS\System32\dllcache\atidvai.dll
[2012/02/22 17:21:17 | 000,075,136 | ---- | C] (ATI Technologies Inc.) -- C:\WINDOWS\System32\dllcache\atimpae.sys
[2012/02/22 17:21:17 | 000,037,376 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\atievxx.exe
[2012/02/22 17:21:16 | 000,382,592 | ---- | C] (ATI Technologies Inc.) -- C:\WINDOWS\System32\dllcache\atidrab.dll
[2012/02/22 17:21:16 | 000,137,216 | ---- | C] (ATI Technologies Inc.) -- C:\WINDOWS\System32\dllcache\atidrae.dll
[2012/02/22 17:21:15 | 001,888,992 | ---- | C] (ATI Technologies Inc. ) -- C:\WINDOWS\System32\dllcache\ati3duag.dll
[2012/02/22 17:21:14 | 000,870,784 | ---- | C] (ATI Technologies Inc. ) -- C:\WINDOWS\System32\dllcache\ati3d1ag.dll
[2012/02/22 17:21:14 | 000,701,440 | ---- | C] (ATI Technologies Inc.) -- C:\WINDOWS\System32\dllcache\ati2mtag.sys
[2012/02/22 17:21:13 | 000,327,040 | ---- | C] (ATI Technologies Inc.) -- C:\WINDOWS\System32\dllcache\ati2mtaa.sys
[2012/02/22 17:21:13 | 000,201,728 | ---- | C] (ATI Technologies Inc.) -- C:\WINDOWS\System32\dllcache\ati2dvag.dll
[2012/02/22 17:21:12 | 000,377,984 | ---- | C] (ATI Technologies Inc.) -- C:\WINDOWS\System32\dllcache\ati2dvaa.dll
[2012/02/22 17:21:12 | 000,229,376 | ---- | C] (ATI Technologies Inc.) -- C:\WINDOWS\System32\dllcache\ati2cqag.dll
[2012/02/22 17:21:12 | 000,034,735 | ---- | C] (ATI Technologies Inc.) -- C:\WINDOWS\System32\dllcache\ati1xsxx.sys
[2012/02/22 17:21:11 | 000,029,455 | ---- | C] (ATI Technologies Inc.) -- C:\WINDOWS\System32\dllcache\ati1xbxx.sys
[2012/02/22 17:21:10 | 000,036,463 | ---- | C] (ATI Technologies Inc.) -- C:\WINDOWS\System32\dllcache\ati1tuxx.sys
[2012/02/22 17:21:10 | 000,026,367 | ---- | C] (ATI Technologies Inc.) -- C:\WINDOWS\System32\dllcache\ati1snxx.sys
[2012/02/22 17:21:10 | 000,021,343 | ---- | C] (ATI Technologies Inc.) -- C:\WINDOWS\System32\dllcache\ati1ttxx.sys
[2012/02/22 17:21:09 | 000,063,663 | ---- | C] (ATI Technologies Inc.) -- C:\WINDOWS\System32\dllcache\ati1rvxx.sys
[2012/02/22 17:21:09 | 000,030,671 | ---- | C] (ATI Technologies Inc.) -- C:\WINDOWS\System32\dllcache\ati1raxx.sys
[2012/02/22 17:21:09 | 000,012,047 | ---- | C] (ATI Technologies Inc.) -- C:\WINDOWS\System32\dllcache\ati1pdxx.sys
[2012/02/22 17:21:08 | 000,056,623 | ---- | C] (ATI Technologies Inc.) -- C:\WINDOWS\System32\dllcache\ati1btxx.sys
[2012/02/22 17:21:08 | 000,011,615 | ---- | C] (ATI Technologies Inc.) -- C:\WINDOWS\System32\dllcache\ati1mdxx.sys
[2012/02/22 17:21:07 | 000,096,128 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\ati.dll
[2012/02/22 17:21:07 | 000,077,568 | ---- | C] (ATI Technologies, Inc.) -- C:\WINDOWS\System32\dllcache\ati.sys
[2012/02/22 17:21:05 | 000,097,354 | ---- | C] (Bay Networks, Inc.) -- C:\WINDOWS\System32\dllcache\aspndis3.sys
[2012/02/22 17:21:04 | 000,026,496 | ---- | C] (Advanced System Products, Inc.) -- C:\WINDOWS\System32\dllcache\asc.sys
[2012/02/22 17:21:04 | 000,022,400 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\asc3350p.sys
[2012/02/22 17:21:04 | 000,014,848 | ---- | C] (Advanced System Products, Inc.) -- C:\WINDOWS\System32\dllcache\asc3550.sys
[2012/02/22 17:21:01 | 000,006,272 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\apmbatt.sys
[2012/02/22 17:21:00 | 000,036,224 | ---- | C] (ADMtek Incorporated.) -- C:\WINDOWS\System32\dllcache\an983.sys
[2012/02/22 17:20:59 | 000,043,008 | ---- | C] (Advanced Micro Devices, Inc.) -- C:\WINDOWS\System32\dllcache\amdagp.sys
[2012/02/22 17:20:59 | 000,012,032 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\amsint.sys
[2012/02/22 17:20:58 | 000,042,752 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\alim1541.sys
[2012/02/22 17:20:58 | 000,016,969 | ---- | C] (AmbiCom, Inc.) -- C:\WINDOWS\System32\dllcache\amb8002.sys
[2012/02/22 17:20:58 | 000,005,248 | ---- | C] (Acer Laboratories Inc.) -- C:\WINDOWS\System32\dllcache\aliide.sys
[2012/02/22 17:20:57 | 000,056,960 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\aic78xx.sys
[2012/02/22 17:20:57 | 000,027,678 | ---- | C] (Acer Laboratories Inc.) -- C:\WINDOWS\System32\dllcache\ali5261.sys
[2012/02/22 17:20:57 | 000,026,624 | ---- | C] (Acer Laboratories Inc.) -- C:\WINDOWS\System32\dllcache\alifir.sys
[2012/02/22 17:20:56 | 000,055,168 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\aic78u2.sys
[2012/02/22 17:20:56 | 000,012,800 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\aha154x.sys
[2012/02/22 17:20:51 | 000,044,928 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\agpcpq.sys
[2012/02/22 17:20:51 | 000,042,368 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\agp440.sys
[2012/02/22 17:20:50 | 000,024,576 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\agcgauge.ax
[2012/02/22 17:20:48 | 000,003,775 | ---- | C] (Intel® Corporation) -- C:\WINDOWS\System32\dllcache\adv11nt5.dll
[2012/02/22 17:20:48 | 000,003,711 | ---- | C] (Intel® Corporation) -- C:\WINDOWS\System32\dllcache\adv09nt5.dll
[2012/02/22 17:20:45 | 000,003,647 | ---- | C] (Intel® Corporation) -- C:\WINDOWS\System32\dllcache\adv07nt5.dll
[2012/02/22 17:20:45 | 000,003,135 | ---- | C] (Intel® Corporation) -- C:\WINDOWS\System32\dllcache\adv08nt5.dll
[2012/02/22 17:20:43 | 000,003,967 | ---- | C] (Intel® Corporation) -- C:\WINDOWS\System32\dllcache\adv02nt5.dll
[2012/02/22 17:20:43 | 000,003,615 | ---- | C] (Intel® Corporation) -- C:\WINDOWS\System32\dllcache\adv05nt5.dll
[2012/02/22 17:20:42 | 000,004,255 | ---- | C] (Intel® Corporation) -- C:\WINDOWS\System32\dllcache\adv01nt5.dll
[2012/02/22 17:20:40 | 000,101,888 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\adpu160m.sys
[2012/02/22 17:20:40 | 000,046,112 | ---- | C] (Adaptec, Inc ) -- C:\WINDOWS\System32\dllcache\adptsf50.sys
[2012/02/22 17:20:39 | 000,010,880 | ---- | C] (Aureal, Inc.) -- C:\WINDOWS\System32\dllcache\admjoy.sys
[2012/02/22 17:20:38 | 000,747,392 | ---- | C] (Aureal, Inc.) -- C:\WINDOWS\System32\dllcache\adm8830.sys
[2012/02/22 17:20:38 | 000,553,984 | ---- | C] (Aureal, Inc.) -- C:\WINDOWS\System32\dllcache\adm8820.sys
[2012/02/22 17:20:37 | 000,584,448 | ---- | C] (Aureal, Inc.) -- C:\WINDOWS\System32\dllcache\adm8810.sys
[2012/02/22 17:20:37 | 000,020,160 | ---- | C] (ADMtek Incorporated) -- C:\WINDOWS\System32\dllcache\adm8511.sys
[2012/02/22 17:20:37 | 000,007,424 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\adicvls.sys
[2012/02/22 17:20:36 | 000,061,440 | ---- | C] (Color Flatbed Scanner) -- C:\WINDOWS\System32\dllcache\acerscad.dll
[2012/02/22 17:20:34 | 000,297,728 | ---- | C] (Silicon Integrated Systems Corp.) -- C:\WINDOWS\System32\dllcache\ac97sis.sys
[2012/02/22 17:20:34 | 000,096,256 | ---- | C] (Intel Corporation) -- C:\WINDOWS\System32\dllcache\ac97intc.sys
[2012/02/22 17:20:34 | 000,084,480 | ---- | C] (VIA Technologies, Inc.) -- C:\WINDOWS\System32\dllcache\ac97via.sys
[2012/02/22 17:20:33 | 000,462,848 | ---- | C] (Aureal Inc.) -- C:\WINDOWS\System32\dllcache\a3dapi.dll
[2012/02/22 17:20:33 | 000,231,552 | ---- | C] (Acer Laboratories Inc.) -- C:\WINDOWS\System32\dllcache\ac97ali.sys
[2012/02/22 17:20:33 | 000,023,552 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\abp480n5.sys
[2012/02/22 17:20:32 | 000,098,304 | ---- | C] (Aureal Semiconductor) -- C:\WINDOWS\System32\dllcache\a3d.dll
[2012/02/22 17:20:32 | 000,038,400 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\8514a.dll
[2012/02/22 17:20:31 | 000,148,352 | ---- | C] (3dfx Interactive, Inc.) -- C:\WINDOWS\System32\dllcache\3dfxvsm.sys
[2012/02/22 17:20:31 | 000,048,128 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\61883.sys
[2012/02/22 17:20:31 | 000,012,288 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\4mmdat.sys
[2012/02/22 17:20:30 | 000,762,780 | ---- | C] (3Com, Inc.) -- C:\WINDOWS\System32\dllcache\3cwmcru.sys
[2012/02/22 17:20:30 | 000,689,216 | ---- | C] (3dfx Interactive, Inc.) -- C:\WINDOWS\System32\dllcache\3dfxvs.dll
[2012/02/22 17:20:30 | 000,011,264 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\1394vdbg.sys
[2012/02/22 17:20:27 | 000,053,376 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\1394bus.sys
[2012/02/22 17:19:57 | 000,066,048 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\s3legacy.dll
[2012/02/22 16:25:47 | 000,000,000 | ---D | C] -- C:\WINDOWS\SoftwareDistribution
[2012/02/22 16:10:53 | 000,000,000 | ---D | C] -- C:\Program Files\Windows Resource Kits
[2012/02/22 16:04:15 | 000,290,304 | ---- | C] (Microsoft Corporation) -- C:\subinacl.exe
[2012/02/22 16:04:14 | 000,181,064 | ---- | C] (Sysinternals) -- C:\WINDOWS\PSEXESVC.EXE
[2012/02/22 15:04:56 | 000,000,000 | RH-D | C] -- C:\Documents and Settings\Gabriel\Recent
[2012/02/22 12:46:03 | 000,000,000 | ---D | C] -- C:\_OTL
[2012/02/22 12:44:38 | 000,000,000 | ---D | C] -- C:\_OTS
[2012/02/22 11:59:56 | 000,000,000 | ---D | C] -- C:\WINDOWS\temp
[2012/02/22 11:45:53 | 000,518,144 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWREG.exe
[2012/02/22 11:45:53 | 000,406,528 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWSC.exe
[2012/02/22 11:45:53 | 000,212,480 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWXCACLS.exe
[2012/02/22 11:45:53 | 000,060,416 | ---- | C] (NirSoft) -- C:\WINDOWS\NIRCMD.exe
[2012/02/22 11:45:43 | 000,000,000 | ---D | C] -- C:\Qoobox
[2012/02/22 11:41:44 | 000,000,000 | ---D | C] -- C:\TDSSKiller_Quarantine
[2012/02/22 06:42:55 | 004,608,744 | ---- | C] (Microsoft Corporation) -- C:\Documents and Settings\Gabriel\Desktop\WindowsXP-KB310994-SP2-Pro-BootDisk-ENU.exe
[2012/02/21 16:37:51 | 000,000,000 | RHSD | C] -- C:\cmdcons
[2012/02/21 15:07:37 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Gabriel\Desktop\Spyware Tools
[2012/02/21 11:05:30 | 001,413,120 | ---- | C] (Option^Explicit Software Solutions) -- C:\Documents and Settings\Gabriel\My Documents\winsockfix.exe
[2012/02/21 09:53:08 | 000,162,816 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\netbt.sys
[2012/02/21 09:53:08 | 000,075,264 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\ipsec.sys
[2012/02/21 09:53:07 | 000,138,496 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\afd.sys
[2012/02/21 09:32:19 | 000,064,512 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\serial.sys
[2012/02/21 09:31:58 | 000,000,000 | ---D | C] -- C:\WINDOWS\ERDNT
[2012/02/21 09:31:52 | 000,052,480 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\i8042prt.sys
[2012/02/21 09:31:47 | 000,000,000 | R--D | C] -- C:\Documents and Settings\Gabriel\My Documents\My Videos
[2012/02/21 09:31:47 | 000,000,000 | R--D | C] -- C:\Documents and Settings\Gabriel\Start Menu\Programs\Administrative Tools
[2012/02/21 09:31:17 | 000,062,976 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\cdrom.sys
[2012/02/21 09:31:17 | 000,057,600 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\redbook.sys
[2012/02/09 10:06:21 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Gabriel\Start Menu\Programs\AutoWatch
[4 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
[1 C:\Documents and Settings\NetworkService\Local Settings\Application Data\*.tmp files -> C:\Documents and Settings\NetworkService\Local Settings\Application Data\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2012/02/23 09:04:00 | 000,000,428 | -H-- | M] () -- C:\WINDOWS\tasks\User_Feed_Synchronization-{66519A3D-25AE-4183-9A60-D2C21E6B0195}.job
[2012/02/23 08:29:00 | 000,001,010 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-1220945662-73586283-682003330-500UA.job
[2012/02/23 08:28:09 | 000,000,426 | -H-- | M] () -- C:\WINDOWS\tasks\User_Feed_Synchronization-{4A0E6716-CE14-4B96-BF0E-DFA83E89BAB0}.job
[2012/02/23 08:19:13 | 000,013,646 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2012/02/23 08:12:13 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2012/02/22 17:17:39 | 000,002,393 | ---- | M] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Startup\ToasterClient.lnk
[2012/02/22 17:17:37 | 000,002,453 | ---- | M] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Startup\ALLDATA Collision S3500 EI.lnk
[2012/02/22 17:17:25 | 000,253,748 | ---- | M] () -- C:\WINDOWS\System32\NvApps.xml
[2012/02/22 17:16:37 | 000,294,864 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2012/02/22 17:15:00 | 000,181,064 | ---- | M] (Sysinternals) -- C:\WINDOWS\PSEXESVC.EXE
[2012/02/22 16:25:14 | 000,512,564 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2012/02/22 16:25:14 | 000,097,766 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2012/02/22 16:25:02 | 000,000,855 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts
[2012/02/22 16:24:42 | 000,023,392 | ---- | M] () -- C:\WINDOWS\System32\nscompat.tlb
[2012/02/22 16:24:42 | 000,016,832 | ---- | M] () -- C:\WINDOWS\System32\amcompat.tlb
[2012/02/22 16:02:11 | 000,290,304 | ---- | M] (Microsoft Corporation) -- C:\subinacl.exe
[2012/02/22 12:01:55 | 000,000,027 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts_bak_104
[2012/02/22 11:39:11 | 000,000,000 | ---- | M] () -- C:\Documents and Settings\Gabriel\defogger_reenable
[2012/02/22 06:42:59 | 004,608,744 | ---- | M] (Microsoft Corporation) -- C:\Documents and Settings\Gabriel\Desktop\WindowsXP-KB310994-SP2-Pro-BootDisk-ENU.exe
[2012/02/21 16:37:54 | 000,000,327 | RHS- | M] () -- C:\boot.ini
[2012/02/21 11:06:21 | 001,413,120 | ---- | M] (Option^Explicit Software Solutions) -- C:\Documents and Settings\Gabriel\My Documents\winsockfix.exe
[2012/02/21 10:51:35 | 000,000,784 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes Anti-Malware.lnk
[2012/02/21 10:45:52 | 000,000,027 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts.bak
[2012/02/21 09:16:41 | 000,000,211 | ---- | M] () -- C:\Boot.bak
[2012/02/21 06:29:00 | 000,000,958 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-1220945662-73586283-682003330-500Core.job
[2012/02/17 10:52:43 | 000,002,391 | ---- | M] () -- C:\Documents and Settings\Gabriel\Desktop\AutoWatch Utility.lnk
[2012/02/17 07:10:01 | 000,000,284 | ---- | M] () -- C:\WINDOWS\tasks\AppleSoftwareUpdate.job
[2012/02/13 09:51:52 | 000,002,553 | ---- | M] () -- C:\Documents and Settings\Gabriel\Desktop\Launch CollisionLink Shop.lnk
[2012/02/13 08:06:31 | 000,000,664 | ---- | M] () -- C:\WINDOWS\System32\d3d9caps.dat
[2012/01/31 04:44:05 | 000,237,072 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\MpSigStub.exe
[4 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]

========== Files Created - No Company Name ==========

[2012/02/22 17:47:31 | 000,018,944 | ---- | C] () -- C:\WINDOWS\System32\dllcache\xrxscnui.dll
[2012/02/22 17:47:29 | 000,027,648 | ---- | C] () -- C:\WINDOWS\System32\dllcache\xrxftplt.exe
[2012/02/22 17:36:59 | 000,033,280 | ---- | C] () -- C:\WINDOWS\System32\dllcache\psisrndr.ax
[2012/02/22 17:36:56 | 000,363,520 | ---- | C] () -- C:\WINDOWS\System32\dllcache\psisdecd.dll
[2012/02/22 17:32:40 | 000,056,832 | ---- | C] () -- C:\WINDOWS\System32\dllcache\msdvbnp.ax
[2012/02/22 17:27:37 | 000,165,888 | ---- | C] () -- C:\WINDOWS\System32\dllcache\hpgt53.dll
[2012/02/22 17:27:33 | 000,093,696 | ---- | C] () -- C:\WINDOWS\System32\dllcache\hpgt42.dll
[2012/02/22 17:27:29 | 000,101,376 | ---- | C] () -- C:\WINDOWS\System32\dllcache\hpgt34.dll
[2012/02/22 17:27:25 | 000,089,088 | ---- | C] () -- C:\WINDOWS\System32\dllcache\hpgt33.dll
[2012/02/22 17:27:21 | 000,083,968 | ---- | C] () -- C:\WINDOWS\System32\dllcache\hpgt21.dll
[2012/02/22 17:24:18 | 000,029,768 | ---- | C] () -- C:\WINDOWS\System32\dllcache\divasu.dll
[2012/02/22 17:24:17 | 000,037,962 | ---- | C] () -- C:\WINDOWS\System32\dllcache\divaprop.dll
[2012/02/22 17:24:16 | 000,006,216 | ---- | C] () -- C:\WINDOWS\System32\dllcache\divaci.dll
[2012/02/22 17:21:29 | 000,026,624 | ---- | C] () -- C:\WINDOWS\System32\dllcache\ativxbar.sys
[2012/02/22 17:21:29 | 000,023,552 | ---- | C] () -- C:\WINDOWS\System32\dllcache\atixbar.sys
[2012/02/22 17:21:28 | 000,019,456 | ---- | C] () -- C:\WINDOWS\System32\dllcache\ativttxx.sys
[2012/02/22 17:21:26 | 000,009,472 | ---- | C] () -- C:\WINDOWS\System32\dllcache\ativmdcd.sys
[2012/02/22 17:21:25 | 000,017,152 | ---- | C] () -- C:\WINDOWS\System32\dllcache\atitvsnd.sys
[2012/02/22 17:21:25 | 000,017,152 | ---- | C] () -- C:\WINDOWS\System32\dllcache\atitunep.sys
[2012/02/22 17:21:24 | 000,049,920 | ---- | C] () -- C:\WINDOWS\System32\dllcache\atirtcap.sys
[2012/02/22 17:21:24 | 000,026,880 | ---- | C] () -- C:\WINDOWS\System32\dllcache\atirtsnd.sys
[2012/02/22 17:21:23 | 000,010,240 | ---- | C] () -- C:\WINDOWS\System32\dllcache\atipcxxx.sys
[2012/02/22 17:21:16 | 000,046,464 | ---- | C] () -- C:\WINDOWS\System32\dllcache\atibt829.sys
[2012/02/22 11:45:53 | 000,256,000 | ---- | C] () -- C:\WINDOWS\PEV.exe
[2012/02/22 11:45:53 | 000,208,896 | ---- | C] () -- C:\WINDOWS\MBR.exe
[2012/02/22 11:45:53 | 000,098,816 | ---- | C] () -- C:\WINDOWS\sed.exe
[2012/02/22 11:45:53 | 000,080,412 | ---- | C] () -- C:\WINDOWS\grep.exe
[2012/02/22 11:45:53 | 000,068,096 | ---- | C] () -- C:\WINDOWS\zip.exe
[2012/02/22 11:39:11 | 000,000,000 | ---- | C] () -- C:\Documents and Settings\Gabriel\defogger_reenable
[2012/02/21 16:37:54 | 000,000,211 | ---- | C] () -- C:\Boot.bak
[2012/02/21 16:37:51 | 000,260,272 | RHS- | C] () -- C:\cmldr
[2012/02/21 10:51:35 | 000,000,784 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes Anti-Malware.lnk
[2012/02/21 10:10:29 | 000,003,072 | ---- | C] () -- C:\WINDOWS\System32\iacenc.dll
[2012/02/21 10:10:29 | 000,003,072 | ---- | C] () -- C:\WINDOWS\System32\dllcache\iacenc.dll
[2012/02/09 10:06:21 | 000,002,391 | ---- | C] () -- C:\Documents and Settings\Gabriel\Desktop\AutoWatch Utility.lnk
[2011/12/09 12:03:36 | 000,015,586 | -HS- | C] () -- C:\Documents and Settings\Gabriel\Local Settings\Application Data\770572o7n654r638r362b3lrj2k2
[2011/12/09 12:03:36 | 000,015,586 | -HS- | C] () -- C:\Documents and Settings\All Users\Application Data\770572o7n654r638r362b3lrj2k2
[2011/07/15 11:50:47 | 000,002,528 | ---- | C] () -- C:\Documents and Settings\Gabriel\Application Data\$_hpcst$.hpc
[2011/04/01 08:18:48 | 000,000,130 | ---- | C] () -- C:\Documents and Settings\Gabriel\Local Settings\Application Data\fusioncache.dat
[2011/03/31 15:41:00 | 000,009,728 | ---- | C] () -- C:\Documents and Settings\Gabriel\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2010/12/20 20:33:52 | 000,000,078 | ---- | C] () -- C:\WINDOWS\ricdb.ini
[2010/11/07 17:35:05 | 000,000,664 | ---- | C] () -- C:\WINDOWS\System32\d3d9caps.dat
[2010/04/26 09:36:23 | 000,003,131 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\Microsoft.SqlServer.Compact.351.32.bc
[2010/03/25 08:26:21 | 000,000,092 | ---- | C] () -- C:\WINDOWS\CCCLETTR.INI
[2010/03/25 07:58:19 | 000,000,000 | ---- | C] () -- C:\WINDOWS\nsreg.dat
[2010/03/25 07:10:45 | 000,006,136 | ---- | C] () -- C:\WINDOWS\System32\drivers\nvphy.bin
[2010/03/25 06:16:07 | 000,002,048 | --S- | C] () -- C:\WINDOWS\bootstat.dat
[2010/03/25 06:11:48 | 000,021,640 | ---- | C] () -- C:\WINDOWS\System32\emptyregdb.dat
[2010/03/24 21:51:35 | 000,004,161 | ---- | C] () -- C:\WINDOWS\ODBCINST.INI
[2010/03/24 21:48:58 | 000,294,864 | ---- | C] () -- C:\WINDOWS\System32\FNTCACHE.DAT

========== Custom Scans ==========


< "%WinDir%\$NtUninstallKB*$." /30 >

< C:\Program Files\Common Files\ComObjects\*.* /s >

< %systemroot%\*. /mp /s >

< %systemroot%\*. /rp /s >

< %systemroot%\system32\*.dll /lockedfiles >
[1 C:\WINDOWS\system32\*.tmp files -> C:\WINDOWS\system32\*.tmp -> ]

< %systemroot%\Tasks\*.job /lockedfiles >

< %systemroot%\system32\drivers\*.sys /lockedfiles >

< %systemroot%\System32\config\*.sav >
[2010/03/24 21:47:12 | 000,094,208 | ---- | M] () -- C:\WINDOWS\System32\config\default.sav
[2010/03/24 21:47:12 | 001,089,536 | ---- | M] () -- C:\WINDOWS\System32\config\software.sav
[2010/03/24 21:47:12 | 000,921,600 | ---- | M] () -- C:\WINDOWS\System32\config\system.sav

< %systemroot%\system32\drivers\*.sys /90 >
[2011/12/10 15:24:06 | 000,020,464 | ---- | M] (Malwarebytes Corporation) -- C:\WINDOWS\system32\drivers\mbam.sys

< %SYSTEMDRIVE%\*.exe >
[2012/02/22 16:02:11 | 000,290,304 | ---- | M] (Microsoft Corporation) -- C:\subinacl.exe


< MD5 for: ATAPI.SYS >
[2008/04/14 04:51:44 | 020,056,462 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp3.cab:atapi.sys
[2008/04/13 23:10:32 | 000,096,512 | ---- | M] (Microsoft Corporation) MD5=9F3A2F5AA6875C72BF062C712CFA2674 -- C:\WINDOWS\ERDNT\cache\atapi.sys
[2008/04/13 23:10:32 | 000,096,512 | ---- | M] (Microsoft Corporation) MD5=9F3A2F5AA6875C72BF062C712CFA2674 -- C:\WINDOWS\system32\dllcache\atapi.sys
[2008/04/13 23:10:32 | 000,096,512 | ---- | M] (Microsoft Corporation) MD5=9F3A2F5AA6875C72BF062C712CFA2674 -- C:\WINDOWS\system32\drivers\atapi.sys
[2008/04/13 23:10:32 | 000,096,512 | ---- | M] (Microsoft Corporation) MD5=9F3A2F5AA6875C72BF062C712CFA2674 -- C:\WINDOWS\system32\ReinstallBackups\0000\DriverFiles\i386\atapi.sys

< MD5 for: EXPLORER.EXE >
[2008/04/14 04:42:20 | 001,033,728 | ---- | M] (Microsoft Corporation) MD5=12896823FB95BFB3DC9B46BCAEDC9923 -- C:\WINDOWS\ERDNT\cache\explorer.exe
[2008/04/14 04:42:20 | 001,033,728 | ---- | M] (Microsoft Corporation) MD5=12896823FB95BFB3DC9B46BCAEDC9923 -- C:\WINDOWS\explorer.exe
[2008/04/14 04:42:20 | 001,033,728 | ---- | M] (Microsoft Corporation) MD5=12896823FB95BFB3DC9B46BCAEDC9923 -- C:\WINDOWS\system32\dllcache\explorer.exe

< MD5 for: MPFILTER.SYS >
[2010/10/24 20:25:38 | 000,165,264 | ---- | M] (Microsoft Corporation) MD5=7E34BFA1A7B60BBA1DA03D677F16CD63 -- C:\Program Files\Microsoft Security Client\Antimalware\Drivers\mpfilter\mpfilter.sys

< MD5 for: VOLSNAP.SYS >
[2008/04/13 23:11:02 | 000,052,352 | ---- | M] (Microsoft Corporation) MD5=4C8FCB5CC53AAB716D810740FE59D025 -- C:\WINDOWS\system32\dllcache\volsnap.sys
[2008/04/13 23:11:02 | 000,052,352 | ---- | M] (Microsoft Corporation) MD5=4C8FCB5CC53AAB716D810740FE59D025 -- C:\WINDOWS\system32\drivers\volsnap.sys

< MD5 for: WINLOGON.EXE >
[2012/01/13 14:53:20 | 000,182,856 | ---- | M] () MD5=63EEC8A8B221AB79045E776E5F592868 -- C:\Program Files\Malwarebytes' Anti-Malware\Chameleon\winlogon.exe
[2008/04/14 04:42:40 | 000,507,904 | ---- | M] (Microsoft Corporation) MD5=ED0EF0A136DEC83DF69F04118870003E -- C:\WINDOWS\ERDNT\cache\winlogon.exe
[2008/04/14 04:42:40 | 000,507,904 | ---- | M] (Microsoft Corporation) MD5=ED0EF0A136DEC83DF69F04118870003E -- C:\WINDOWS\system32\dllcache\winlogon.exe
[2008/04/14 04:42:40 | 000,507,904 | ---- | M] (Microsoft Corporation) MD5=ED0EF0A136DEC83DF69F04118870003E -- C:\WINDOWS\system32\winlogon.exe

< hklm\software\clients\startmenuinternet|command /rs >
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\InstallInfo\\HideIconsCommand: "C:\Program Files\Mozilla Firefox\uninstall\helper.exe" /HideShortcuts [2011/06/01 10:44:22 | 000,552,464 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\InstallInfo\\ShowIconsCommand: "C:\Program Files\Mozilla Firefox\uninstall\helper.exe" /ShowShortcuts [2011/06/01 10:44:22 | 000,552,464 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\InstallInfo\\ReinstallCommand: "C:\Program Files\Mozilla Firefox\uninstall\helper.exe" /SetAsDefaultAppGlobal [2011/06/01 10:44:22 | 000,552,464 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\shell\open\command\\: firefox.exe
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\shell\properties\command\\: "C:\Program Files\Mozilla Firefox\firefox.exe" -preferences [2011/06/01 10:44:19 | 000,912,344 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\shell\safemode\command\\: firefox.exe -safe-mode
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\Google Chrome\InstallInfo\\ShowIconsCommand: "C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\Application\chrome.exe" --show-icons [2010/03/22 09:51:30 | 000,530,928 | ---- | M] (Google Inc.)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\Google Chrome\InstallInfo\\HideIconsCommand: "C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\Application\chrome.exe" --hide-icons [2010/03/22 09:51:30 | 000,530,928 | ---- | M] (Google Inc.)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\Google Chrome\InstallInfo\\ReinstallCommand: "C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\Application\chrome.exe" --make-default-browser [2010/03/22 09:51:30 | 000,530,928 | ---- | M] (Google Inc.)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\Google Chrome\shell\open\command\\: "C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\Application\chrome.exe" [2010/03/22 09:51:30 | 000,530,928 | ---- | M] (Google Inc.)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\ReinstallCommand: "C:\WINDOWS\system32\ie4uinit.exe" -reinstall [2011/12/16 04:23:08 | 000,174,080 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\HideIconsCommand: "C:\WINDOWS\system32\ie4uinit.exe" -hide [2011/12/16 04:23:08 | 000,174,080 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\ShowIconsCommand: "C:\WINDOWS\system32\ie4uinit.exe" -show [2011/12/16 04:23:08 | 000,174,080 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\shell\naom\command\\: "C:\Program Files\Internet Explorer\iexplore.exe" -extoff [2009/03/08 13:09:26 | 000,638,816 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\shell\open\command\\: "C:\Program Files\Internet Explorer\iexplore.exe" [2009/03/08 13:09:26 | 000,638,816 | ---- | M] (Microsoft Corporation)

< hklm\software\clients\startmenuinternet|command /64 / >
Invalid Switch:


========== Hard Links - Junction Points - Mount Points - Symbolic Links ==========
[C:\WINDOWS\assembly\GAC_32\System.EnterpriseServices\2.0.0.0__b03f5f7f11d50a3a] -> C:\WINDOWS\WinSxS\x86_System.EnterpriseServices_b03f5f7f11d50a3a_2.0.0.0_x-ww_7d5f3790 -> Junction
[C:\WINDOWS\assembly\GAC_MSIL\IEExecRemote\2.0.0.0__b03f5f7f11d50a3a] -> C:\WINDOWS\WinSxS\MSIL_IEExecRemote_b03f5f7f11d50a3a_2.0.0.0_x-ww_6e57c34e -> Junction

< End of report >




OTL Extras logfile created on: 2/23/2012 9:01:47 AM - Run 2
OTL by OldTimer - Version 3.2.33.2 Folder = C:\Documents and Settings\Gabriel\Desktop\Spyware Tools
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

2.00 Gb Total Physical Memory | 1.38 Gb Available Physical Memory | 68.83% Memory free
3.85 Gb Paging File | 3.34 Gb Available in Paging File | 86.71% Paging File free
Paging file location(s): C:\pagefile.sys 2046 4092 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 149.04 Gb Total Space | 115.84 Gb Free Space | 77.72% Space Free | Partition Type: NTFS
Drive D: | 642.95 Mb Total Space | 0.00 Mb Free Space | 0.00% Space Free | Partition Type: CDFS

Computer Name: CBW-EST2 | User Name: gtorres | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Extra Registry (SafeList) ==========


========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
.url [@ = InternetShortcut] -- rundll32.exe ieframe.dll,OpenURL %l

[HKEY_USERS\S-1-5-21-1639856103-3518354671-3985206489-1188\SOFTWARE\Classes\<extension>]
.html [@ = htmlfile] -- Reg Error: Key error. File not found

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
exefile [open] -- "%1" %*
htmlfile [edit] -- "C:\PROGRA~1\MICROS~2\Office14\msohtmed.exe" %1 (Microsoft Corporation)
InternetShortcut [open] -- rundll32.exe ieframe.dll,OpenURL %l
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"FirstRunDisabled" = 1
"AntiVirusDisableNotify" = 0
"FirewallDisableNotify" = 0
"UpdatesDisableNotify" = 0
"AntiVirusOverride" = 0
"FirewallOverride" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]

========== System Restore Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"DisableSR" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Sr]
"Start" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SrService]
"Start" = 2

========== Firewall Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile\AuthorizedApplications]
"Enabled" = 1
"AllowUserPrefMerge" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile\AuthorizedApplications\List]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile\GloballyOpenPorts]
"Enabled" = 1
"AllowUserPrefMerge" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile\GloballyOpenPorts\List]
"135:TCP:*:Enabled:Offer Remote Assistance - Port" = 135:TCP:*:Enabled:Offer Remote Assistance - Port

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile\Services]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile\Services\FileAndPrint]
"Enabled" = 1
"RemoteAddresses" = LocalSubnet

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile\Services\RemoteDesktop]
"Enabled" = 1
"RemoteAddresses" = *

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile\AuthorizedApplications]
"AllowUserPrefMerge" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile\GloballyOpenPorts]
"AllowUserPrefMerge" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"EnableFirewall" = 0
"DoNotAllowExceptions" = 0
"DisableNotifications" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\List]
"26675:TCP" = 26675:TCP:169.254.2.0/255.255.255.0:Enabled:ActiveSync Service

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1
"DoNotAllowExceptions" = 0
"DisableNotifications" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
"26675:TCP" = 26675:TCP:169.254.2.0/255.255.255.0:Enabled:ActiveSync Service
"139:TCP" = 139:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22004
"445:TCP" = 445:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22005
"137:UDP" = 137:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22001
"138:UDP" = 138:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22002

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
"C:\Program Files\AutoWatch Utility\AWUtil.exe" = C:\Program Files\AutoWatch Utility\AWUtil.exe:*:Enabled:AutoWatch® Utility -- (See Progress, Inc.)
"C:\Program Files\OEConnection\OEConnection Application Update Service\OECUpdaterServiceProxy.exe" = C:\Program Files\OEConnection\OEConnection Application Update Service\OECUpdaterServiceProxy.exe:*:Enabled: -- ( )
"C:\Program Files\OEConnection\CollisionLink Shop\2.0.3\Launcher.exe" = C:\Program Files\OEConnection\CollisionLink Shop\2.0.3\Launcher.exe:*:Enabled: -- (OEConnection)
"C:\Program Files\Microsoft Office\Office14\GROOVE.EXE" = C:\Program Files\Microsoft Office\Office14\GROOVE.EXE:*:Enabled:Microsoft SharePoint Workspace -- (Microsoft Corporation)
"C:\Program Files\Microsoft Office\Office14\ONENOTE.EXE" = C:\Program Files\Microsoft Office\Office14\ONENOTE.EXE:*:Enabled:Microsoft OneNote -- (Microsoft Corporation)
"C:\Program Files\Microsoft Office\Office14\OUTLOOK.EXE" = C:\Program Files\Microsoft Office\Office14\OUTLOOK.EXE:*:Enabled:Microsoft Office Outlook -- (Microsoft Corporation)
"C:\Program Files\OEConnection\CollisionLink Shop\2.0.5\Launcher.exe" = C:\Program Files\OEConnection\CollisionLink Shop\2.0.5\Launcher.exe:*:Enabled: -- (OEConnection)

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]


========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{0840B4D6-7DD1-4187-8523-E6FC0007EFB7}" = Windows Live ID Sign-in Assistant
"{0E4D838E-5DA5-49CB-82B6-69E6571A81B1}" = ToasterClient
"{19B3C1D1-2DA5-4F70-B9F4-BB2354B7D295}" = OEConnection CollisionLink Shop
"{1CB92574-96F2-467B-B793-5CEB35C40C29}" = Image Resizer Powertoy for Windows XP
"{226DE464-6D6B-4E27-B9ED-8384163F908F}" = Smart Label Printer 6.4
"{23E5032B-56CA-4C19-A72E-B50161DB82CA}" = Shadow Copy Client
"{2656D0AB-9EA4-4C58-A117-635F3CED8B93}" = Microsoft UI Engine
"{26A24AE4-039D-4CA4-87B4-2F83216020FF}" = Java™ 6 Update 24
"{2750B389-A2D2-4953-99CA-27C1F2A8E6FD}" = Microsoft SQL Server 2005 Tools Express Edition
"{2AFFFDD7-ED85-4A90-8C52-5DA9EBDC9B8F}" = Microsoft SQL Server 2005 Express Edition (SQLEXPRESS)
"{350C97B0-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP
"{353FE16B-30FE-469A-BF55-B978F4218003}" = iTunes
"{379F9A64-4317-477A-BBC5-35466F8476B5}" = OpenOffice.org 3.2
"{45A20539-29A6-4568-93CD-2F90F21D4F73}" = AutoWatch Utility
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{5370BBF3-0059-470F-A239-CEEC3089FD95}" = CCC Pathways Client
"{53F5C3EE-05ED-4830-994B-50B2F0D50FCE}" = Microsoft SQL Server Setup Support Files (English)
"{57752979-A1C9-4C02-856B-FBB27AC4E02C}" = QuickTime
"{59327126-AEBC-42A2-89BE-25E0D91F4F61}" = AutoWatch Utility
"{6956856F-B6B3-4BE0-BA0B-8F495BE32033}" = Apple Software Update
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{749D4B9C-5351-4F36-A873-79177C3685AB}" = PROS V.2
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{774088D4-0777-4D78-904D-E435B318F5D2}" = Microsoft Antimalware
"{77A776C4-D10F-416D-88F0-53F2D9DCD9B3}" = Microsoft Security Client
"{8396C82D-3897-4979-8AFB-E5556B851363}" = AutoWatch Utility
"{853A4763-6643-4604-8D64-28BDD8925F4C}" = Apple Application Support
"{89583A5A-A0D1-4DD2-B408-61546C14F163}" = OEConnection CollisionLink Shop
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{90140000-0010-0409-0000-0000000FF1CE}" = Microsoft Software Update for Web Folders (English) 14
"{90140000-0015-0409-0000-0000000FF1CE}" = Microsoft Office Access MUI (English) 2010
"{90140000-0016-0409-0000-0000000FF1CE}" = Microsoft Office Excel MUI (English) 2010
"{90140000-0018-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (English) 2010
"{90140000-0019-0409-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (English) 2010
"{90140000-001A-0409-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (English) 2010
"{90140000-001B-0409-0000-0000000FF1CE}" = Microsoft Office Word MUI (English) 2010
"{90140000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2010
"{90140000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2010
"{90140000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2010
"{90140000-002C-0409-0000-0000000FF1CE}" = Microsoft Office Proofing (English) 2010
"{90140000-0044-0409-0000-0000000FF1CE}" = Microsoft Office InfoPath MUI (English) 2010
"{90140000-006E-0409-0000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 2010
"{90140000-00A1-0409-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (English) 2010
"{90140000-00BA-0409-0000-0000000FF1CE}" = Microsoft Office Groove MUI (English) 2010
"{90140000-0115-0409-0000-0000000FF1CE}" = Microsoft Office Shared Setup Metadata MUI (English) 2010
"{90140000-0117-0409-0000-0000000FF1CE}" = Microsoft Office Access Setup Metadata MUI (English) 2010
"{91140000-0011-0000-0000-0000000FF1CE}" = Microsoft Office Professional Plus 2010
"{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting
"{99052DB7-9592-4522-A558-5417BBAD48EE}" = Microsoft ActiveSync
"{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}" = Microsoft .NET Framework 3.0 Service Pack 2
"{A43BF6A5-D5F0-4AAA-BF41-65995063EC44}" = MSXML 6.0 Parser
"{A7FE99B6-E077-4F52-BC6A-E24C338F3C23}" = Crystal Reports XI Release 2 .NET 2005 Server
"{AC76BA86-1033-F400-BA7E-100000000002}" = Adobe Acrobat 7.0 Standard - English, Français, Deutsch
"{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}" = Microsoft .NET Framework 2.0 Service Pack 2
"{C2E4B5BD-32DB-4817-A060-341AB17C3F90}" = Bonjour
"{CACAEB5F-174D-4C7C-AC56-A33289A807CA}" = Apple Mobile Device Support
"{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{D143AFE1-CCDF-4308-B057-1F55E95553BA}" = CCC ONE
"{D3EE034D-5B92-4A55-AA02-2E6D0A6A96EE}" = Windows Resource Kit Tools - SubInAcl.exe
"{DF47708E-999C-4470-BC97-5FA4BA533A1C}" = CCC ONE Converter
"{E2A56F14-5199-4DFE-B715-082375B31720}" = CCC ONE Timecard
"{E8A5B228-436B-49A1-BBF8-81536BAD9954}" = OEConnection Application Updater Service
"{E9F44C98-B8B6-480F-AF7B-E42A0A46F4E3}" = Microsoft SQL Server VSS Writer
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F9B3DD02-B0B3-42E9-8650-030DFF0D133D}" = Microsoft SQL Server Native Client
"{FAA7E737-EBC3-4D92-84F1-040C6FAA13B8}" = Collision Data Exchange
"ActiveTouchMeetingClient" = WebEx
"Adobe Acrobat 7.0 Standard - EFG - V" = Adobe Acrobat 7.1.0 Standard - English, Français, Deutsch
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"CCleaner" = CCleaner
"ie8" = Windows Internet Explorer 8
"InstallShield_{5370BBF3-0059-470F-A239-CEEC3089FD95}" = CCC Pathways Client
"InstallShield_{749D4B9C-5351-4F36-A873-79177C3685AB}" = PROS V.2
"LAN-Fax Utilities" = LAN-Fax Utilities
"Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware version 1.60.1.1000
"Microsoft .NET Framework 1.1 (1033)" = Microsoft .NET Framework 1.1
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Microsoft Security Client" = Microsoft Security Essentials
"Microsoft SQL Server 2005" = Microsoft SQL Server 2005
"Mozilla Firefox (3.6.17)" = Mozilla Firefox (3.6.17)
"Mozilla Thunderbird (3.1.9)" = Mozilla Thunderbird (3.1.9)
"MSNINST" = MSN
"NVIDIA Drivers" = NVIDIA Drivers
"Office14.PROPLUSR" = Microsoft Office Professional Plus 2010
"Picasa 3" = Picasa 3

========== Last 10 Event Log Errors ==========

[ Application Events ]
Error - 2/22/2012 11:07:15 PM | Computer Name = CBW-EST2 | Source = Userenv | ID = 1054
Description = Windows cannot obtain the domain controller name for your computer
network. (The workstation driver is not installed. ). Group Policy processing aborted.


Error - 2/23/2012 12:24:51 AM | Computer Name = CBW-EST2 | Source = Userenv | ID = 1054
Description = Windows cannot obtain the domain controller name for your computer
network. (The workstation driver is not installed. ). Group Policy processing aborted.


Error - 2/23/2012 12:57:15 AM | Computer Name = CBW-EST2 | Source = Userenv | ID = 1054
Description = Windows cannot obtain the domain controller name for your computer
network. (The workstation driver is not installed. ). Group Policy processing aborted.


Error - 2/23/2012 4:02:08 AM | Computer Name = CBW-EST2 | Source = Userenv | ID = 1054
Description = Windows cannot obtain the domain controller name for your computer
network. (The workstation driver is not installed. ). Group Policy processing aborted.


Error - 2/23/2012 5:45:08 AM | Computer Name = CBW-EST2 | Source = Userenv | ID = 1054
Description = Windows cannot obtain the domain controller name for your computer
network. (The workstation driver is not installed. ). Group Policy processing aborted.


Error - 2/23/2012 7:28:08 AM | Computer Name = CBW-EST2 | Source = Userenv | ID = 1054
Description = Windows cannot obtain the domain controller name for your computer
network. (The workstation driver is not installed. ). Group Policy processing aborted.


Error - 2/23/2012 8:58:08 AM | Computer Name = CBW-EST2 | Source = Userenv | ID = 1054
Description = Windows cannot obtain the domain controller name for your computer
network. (The workstation driver is not installed. ). Group Policy processing aborted.


Error - 2/23/2012 10:27:17 AM | Computer Name = CBW-EST2 | Source = Userenv | ID = 1054
Description = Windows cannot obtain the domain controller name for your computer
network. (The workstation driver is not installed. ). Group Policy processing aborted.


Error - 2/23/2012 12:05:17 PM | Computer Name = CBW-EST2 | Source = Userenv | ID = 1054
Description = Windows cannot obtain the domain controller name for your computer
network. (The workstation driver is not installed. ). Group Policy processing aborted.


Error - 2/23/2012 12:19:09 PM | Computer Name = CBW-EST2 | Source = Userenv | ID = 1054
Description = Windows cannot obtain the domain controller name for your computer
network. (The workstation driver is not installed. ). Group Policy processing aborted.


[ System Events ]
Error - 2/23/2012 12:12:32 PM | Computer Name = CBW-EST2 | Source = Service Control Manager | ID = 7024
Description = The Workstation service terminated with service-specific error 2250
(0x8CA).

Error - 2/23/2012 12:12:32 PM | Computer Name = CBW-EST2 | Source = Service Control Manager | ID = 7001
Description = The Computer Browser service depends on the Workstation service which
failed to start because of the following error: %%1066

Error - 2/23/2012 12:12:32 PM | Computer Name = CBW-EST2 | Source = Microsoft Antimalware | ID = 3002
Description = %%860 Real-Time Protection feature has encountered an error and failed.

Feature:
%%834 Error Code: 0x80070002 Error description: The system cannot find the file specified.
Reason: %%842

Error - 2/23/2012 12:12:32 PM | Computer Name = CBW-EST2 | Source = Microsoft Antimalware | ID = 3002
Description = %%860 Real-Time Protection feature has encountered an error and failed.

Feature:
%%835 Error Code: 0x80070002 Error description: The system cannot find the file specified.
Reason: %%842

Error - 2/23/2012 12:12:32 PM | Computer Name = CBW-EST2 | Source = Microsoft Antimalware | ID = 3002
Description = %%860 Real-Time Protection feature has encountered an error and failed.

Feature:
%%834 Error Code: 0x80070002 Error description: The system cannot find the file specified.
Reason: %%837

Error - 2/23/2012 12:12:32 PM | Computer Name = CBW-EST2 | Source = Microsoft Antimalware | ID = 3002
Description = %%860 Real-Time Protection feature has encountered an error and failed.

Feature:
%%835 Error Code: 0x80070002 Error description: The system cannot find the file specified.
Reason: %%837

Error - 2/23/2012 12:25:56 PM | Computer Name = CBW-EST2 | Source = Workstation | ID = 5727
Description = Could not load MRxSmb device driver.

Error - 2/23/2012 12:25:56 PM | Computer Name = CBW-EST2 | Source = Workstation | ID = 5727
Description = Could not load RDR device driver.

Error - 2/23/2012 12:25:56 PM | Computer Name = CBW-EST2 | Source = Service Control Manager | ID = 7001
Description = The Computer Browser service depends on the Workstation service which
failed to start because of the following error: %%1066

Error - 2/23/2012 12:25:56 PM | Computer Name = CBW-EST2 | Source = Service Control Manager | ID = 7024
Description = The Workstation service terminated with service-specific error 2250
(0x8CA).


< End of report >


I believe that is all you requested. Please let me know my next steps, Thanks Kurt

#5 SweetTech

SweetTech

    Agent ST


  • Members
  • 13,421 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Antarctica
  • Local time:12:30 AM

Posted 24 February 2012 - 01:30 AM

Hi Kurt!

This infection has been known to cause all sorts of issues. You also look to have a newer variant of the Siref/ZerAccess infection.

Lets get started and see where these scans below leave us.

Before we get started, I'd like to use a utilitiy to back-up your registry.

ERUNT - Emergency Recovery Utility NT
Modifying the Registry can create unforeseen problems, so it's always wise to create a backup before doing so.
This is a free program that allows you to keep a complete backup of your registry and restore it when needed.

ERUNT utility program
Download:

  • Please download ERUNT...by Lars Hederer. Save it to your desktop.
  • Double-click erunt-setup-exe to start the install process. Follow the install prompts.
  • Use the default install settings...
    say "NO" to the section that asks you to add ERUNT to the Start-Up folder. Enable this option later if desired.
  • Start ERUNT by opting to start the program at the end of setup -or- double click the desktop icon.
  • Choose a location for the backup. Note: the default location is C:\WINDOWS\ERDNT which is acceptable.
  • Make sure that at least the first two check boxes are selected.
  • Click on OK ... Then click on "YES" to create the folder.
Run:
  • Please navigate to Start >> All Programs >> ERUNT. Click on OK within the pop-up menu.
  • In the next menu under C:\WINDOWS\ERDNT\DD-MM-YYYY under Backup options make sure both the following are selected:
    • System registry.
    • Current user registry.
  • Next click on "OK"... at the prompt... reply "Yes".
    After a short duration the Registry backup is complete! pop-up message will appear.
  • Now click on "OK". A registry backup has now been created.
< STOP > If you did not successfully complete this step. < STOP > Do not continue with any other steps, post back and let me know!


NEXT:



OTL Fix

We need to run an OTL Fix

Note: If you have MalwareBytes Anti-Malware 1.6 or higher installed and are using the Pro version or trial version, please temporarily disable it for the duration of this fix as it may interfere with the successfully execution of the script below.

  • Please reopen Posted Image on your desktop.
  • Copy and Paste the following code into the Posted Image textbox.
    :Processes
    KILLALLPROCESSES
    :Services
    se44mdfl
    :OTL
    SRV - File not found [Auto | Stopped] -- -- (se44mdfl)
    DRV - File not found [Kernel | On_Demand | Running] -- -- (catchme)
    FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}:6.0.20
    FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}:6.0.22
    FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}:6.0.23
    FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}:6.0.24
    [2010/05/11 07:56:09 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}
    [2010/10/18 11:37:50 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}
    [2010/12/20 22:56:36 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}
    [2011/02/23 08:59:10 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}
    O16 - DPF: {5D357AB9-10EA-49A7-B2EB-B8F07C9E1EF4} http://shopflow.processclaims.com/ShopFlowWeb/WebResource.axd?d=uAxWuL9du8tEA6VQyEYRcP9Mk9SMwbQnDX54lfIJoHPYZBJG_PxVERseDMygzdbcKxhZxCTy6_qOYalgGp4hQPsX_UQjLfF-M04EyqZSPAw1&t=633934566620000000 (ProcessClaims Upload/Download ClientAccess Class)
    O16 - DPF: {6B081705-DB09-4C5C-9CD0-F50AE950AB01} http://caf.oeconnection.com/applications/collisionlink/shopclient/install.cab (Reg Error: Key error.)
    O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab (Java Plug-in 1.6.0_24)
    O16 - DPF: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab (Java Plug-in 1.6.0_24)
    O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab (Java Plug-in 1.6.0_24)
    O16 - DPF: DownloadClientAccessCab http://www.processclaims.com/web/cab/DownloadClientAccess.CAB (Reg Error: Key error.)
    NetSvcs: se44mdfl - File not found
    [2011/12/09 12:03:36 | 000,015,586 | -HS- | C] () -- C:\Documents and Settings\Gabriel\Local Settings\Application Data\770572o7n654r638r362b3lrj2k2
    [2011/12/09 12:03:36 | 000,015,586 | -HS- | C] () -- C:\Documents and Settings\All Users\Application Data\770572o7n654r638r362b3lrj2k2
    
    :Reg
    
    :Files
    C:\WINDOWS\system32\DRIVERS\MpFilter.sys|C:\Program Files\Microsoft Security Client\Antimalware\Drivers\mpfilter\mpfilter.sys /replace
    echo,Y|cacls "%WinDir%\system32\drivers\etc\hosts" /G everyone:f /c
    ipconfig /flushdns /c
    :Commands
    [purity]
    [resethosts]
    [CreateRestorePoint]
    [emptytemp]
    [EMPTYFLASH]
    [EMPTYJAVA]
    
  • Push Posted Image
  • OTL may ask to reboot the machine. Please do so if asked.
  • Click the OK button.
  • A report will open. Copy and Paste that report in your next reply.
  • If the machine reboots, the log will be located at C:\_OTL\MovedFiles\mmddyyyy_hhmmss.log, where mmddyyyy_hhmmss is the date of the tool run.


NEXT:



Running ComboFix

Download ComboFix from one of the following locations:
Link 1
Link 2

VERY IMPORTANT !!! Save ComboFix.exe to your Desktop
* IMPORTANT - Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon.
They may otherwise interfere with our tools. If you have difficulty properly disabling your protective programs, refer to this link here

  • Double click on ComboFix.exe & follow the prompts.
  • Accept the disclaimer and allow to update if it asks
    Posted Image
    Posted Image
  • When finished, it shall produce a log for you.
  • Please include the C:\ComboFix.txt in your next reply.

Notes:
1. Do not mouse-click Combofix's window while it is running. That may cause it to stall.
2. Do not "re-run" Combofix. If you have a problem, reply back for further instructions.


Please make sure you include the ComboFix log in your next reply as well as describe how your computer is running now


NEXT:


Please make sure you include the following items in your next post:

1. Any comments or questions you may have that you'd like for me to answer in my next post to you.
2. OTL fix log.
3. ComboFix.txt log.
4. An update on how your computer is currently running.

It would be helpful if you could answer each question in the order asked, as well as numbering your answers.

Have I helped you? If you'd like to assist in the fight against malware, click here Posted Image


The instructions seen in this post have been specifically tailored to this user and the issues they are experiencing with their computer. If you think you have a similar problem, please first read this topic, and then begin your own, new thread. I do not offer private support via Private Message.


#6 mypcsupportteam

mypcsupportteam
  • Topic Starter

  • Members
  • 11 posts
  • OFFLINE
  •  
  • Local time:11:30 PM

Posted 24 February 2012 - 11:46 AM

Agent ST, So I kinda messed up. I ran the otl fix while it looks like malwarebytes was still running, so I ran it twice. I have included both OTL Logs and the last Combofix log. I still have some service issues and the virus continues to pop up when you run combofix, saying very difficult to fix etc.. Here are the logs. Hopefully we will get this rectified by the end of weekend. Client wants PC back. I appreciate all your help Thanks so much. I look forward to your next instructions.

All processes killed
========== PROCESSES ==========
========== SERVICES/DRIVERS ==========
Service se44mdfl stopped successfully!
Service se44mdfl deleted successfully!
========== OTL ==========
Error: No service named se44mdfl was found to stop!
Service\Driver key se44mdfl not found.
Service catchme stopped successfully!
Service catchme deleted successfully!
Prefs.js: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}:6.0.20 removed from extensions.enabledItems
Prefs.js: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}:6.0.22 removed from extensions.enabledItems
Prefs.js: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}:6.0.23 removed from extensions.enabledItems
Prefs.js: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}:6.0.24 removed from extensions.enabledItems
C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}\chrome\locale\zh-TW\ffjcext folder moved successfully.
C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}\chrome\locale\zh-TW folder moved successfully.
C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}\chrome\locale\zh-CN\ffjcext folder moved successfully.
C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}\chrome\locale\zh-CN folder moved successfully.
C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}\chrome\locale\sv-SE\ffjcext folder moved successfully.
C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}\chrome\locale\sv-SE folder moved successfully.
C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}\chrome\locale\ko-KR\ffjcext folder moved successfully.
C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}\chrome\locale\ko-KR folder moved successfully.
C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}\chrome\locale\ja-JP\ffjcext folder moved successfully.
C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}\chrome\locale\ja-JP folder moved successfully.
C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}\chrome\locale\it-IT\ffjcext folder moved successfully.
C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}\chrome\locale\it-IT folder moved successfully.
C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}\chrome\locale\fr-FR\ffjcext folder moved successfully.
C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}\chrome\locale\fr-FR folder moved successfully.
C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}\chrome\locale\es-ES\ffjcext folder moved successfully.
C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}\chrome\locale\es-ES folder moved successfully.
C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}\chrome\locale\en-US\ffjcext folder moved successfully.
C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}\chrome\locale\en-US folder moved successfully.
C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}\chrome\locale\de-DE\ffjcext folder moved successfully.
C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}\chrome\locale\de-DE folder moved successfully.
C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}\chrome\locale folder moved successfully.
C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}\chrome\content\ffjcext folder moved successfully.
C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}\chrome\content folder moved successfully.
C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}\chrome folder moved successfully.
C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} folder moved successfully.
C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}\chrome\locale\zh-TW\ffjcext folder moved successfully.
C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}\chrome\locale\zh-TW folder moved successfully.
C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}\chrome\locale\zh-CN\ffjcext folder moved successfully.
C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}\chrome\locale\zh-CN folder moved successfully.
C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}\chrome\locale\sv-SE\ffjcext folder moved successfully.
C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}\chrome\locale\sv-SE folder moved successfully.
C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}\chrome\locale\ko-KR\ffjcext folder moved successfully.
C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}\chrome\locale\ko-KR folder moved successfully.
C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}\chrome\locale\ja-JP\ffjcext folder moved successfully.
C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}\chrome\locale\ja-JP folder moved successfully.
C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}\chrome\locale\it-IT\ffjcext folder moved successfully.
C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}\chrome\locale\it-IT folder moved successfully.
C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}\chrome\locale\fr-FR\ffjcext folder moved successfully.
C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}\chrome\locale\fr-FR folder moved successfully.
C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}\chrome\locale\es-ES\ffjcext folder moved successfully.
C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}\chrome\locale\es-ES folder moved successfully.
C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}\chrome\locale\en-US\ffjcext folder moved successfully.
C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}\chrome\locale\en-US folder moved successfully.
C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}\chrome\locale\de-DE\ffjcext folder moved successfully.
C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}\chrome\locale\de-DE folder moved successfully.
C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}\chrome\locale folder moved successfully.
C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}\chrome\content\ffjcext folder moved successfully.
C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}\chrome\content folder moved successfully.
C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}\chrome folder moved successfully.
C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} folder moved successfully.
C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}\chrome\locale\zh-TW\ffjcext folder moved successfully.
C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}\chrome\locale\zh-TW folder moved successfully.
C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}\chrome\locale\zh-CN\ffjcext folder moved successfully.
C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}\chrome\locale\zh-CN folder moved successfully.
C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}\chrome\locale\sv-SE\ffjcext folder moved successfully.
C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}\chrome\locale\sv-SE folder moved successfully.
C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}\chrome\locale\ko-KR\ffjcext folder moved successfully.
C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}\chrome\locale\ko-KR folder moved successfully.
C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}\chrome\locale\ja-JP\ffjcext folder moved successfully.
C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}\chrome\locale\ja-JP folder moved successfully.
C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}\chrome\locale\it-IT\ffjcext folder moved successfully.
C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}\chrome\locale\it-IT folder moved successfully.
C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}\chrome\locale\fr-FR\ffjcext folder moved successfully.
C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}\chrome\locale\fr-FR folder moved successfully.
C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}\chrome\locale\es-ES\ffjcext folder moved successfully.
C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}\chrome\locale\es-ES folder moved successfully.
C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}\chrome\locale\en-US\ffjcext folder moved successfully.
C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}\chrome\locale\en-US folder moved successfully.
C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}\chrome\locale\de-DE\ffjcext folder moved successfully.
C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}\chrome\locale\de-DE folder moved successfully.
C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}\chrome\locale folder moved successfully.
C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}\chrome\content\ffjcext folder moved successfully.
C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}\chrome\content folder moved successfully.
C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}\chrome folder moved successfully.
C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA} folder moved successfully.
C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}\chrome\locale\zh-TW\ffjcext folder moved successfully.
C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}\chrome\locale\zh-TW folder moved successfully.
C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}\chrome\locale\zh-CN\ffjcext folder moved successfully.
C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}\chrome\locale\zh-CN folder moved successfully.
C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}\chrome\locale\sv-SE\ffjcext folder moved successfully.
C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}\chrome\locale\sv-SE folder moved successfully.
C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}\chrome\locale\ko-KR\ffjcext folder moved successfully.
C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}\chrome\locale\ko-KR folder moved successfully.
C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}\chrome\locale\ja-JP\ffjcext folder moved successfully.
C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}\chrome\locale\ja-JP folder moved successfully.
C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}\chrome\locale\it-IT\ffjcext folder moved successfully.
C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}\chrome\locale\it-IT folder moved successfully.
C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}\chrome\locale\fr-FR\ffjcext folder moved successfully.
C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}\chrome\locale\fr-FR folder moved successfully.
C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}\chrome\locale\es-ES\ffjcext folder moved successfully.
C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}\chrome\locale\es-ES folder moved successfully.
C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}\chrome\locale\en-US\ffjcext folder moved successfully.
C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}\chrome\locale\en-US folder moved successfully.
C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}\chrome\locale\de-DE\ffjcext folder moved successfully.
C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}\chrome\locale\de-DE folder moved successfully.
C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}\chrome\locale folder moved successfully.
C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}\chrome\content\ffjcext folder moved successfully.
C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}\chrome\content folder moved successfully.
C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}\chrome folder moved successfully.
C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA} folder moved successfully.
Starting removal of ActiveX control {5D357AB9-10EA-49A7-B2EB-B8F07C9E1EF4}
C:\WINDOWS\Downloaded Program Files\UDCClientAccess.inf moved successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{5D357AB9-10EA-49A7-B2EB-B8F07C9E1EF4}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{5D357AB9-10EA-49A7-B2EB-B8F07C9E1EF4}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{5D357AB9-10EA-49A7-B2EB-B8F07C9E1EF4}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{5D357AB9-10EA-49A7-B2EB-B8F07C9E1EF4}\ not found.
Starting removal of ActiveX control {6B081705-DB09-4C5C-9CD0-F50AE950AB01}
C:\WINDOWS\Downloaded Program Files\Setup.inf moved successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{6B081705-DB09-4C5C-9CD0-F50AE950AB01}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{6B081705-DB09-4C5C-9CD0-F50AE950AB01}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{6B081705-DB09-4C5C-9CD0-F50AE950AB01}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{6B081705-DB09-4C5C-9CD0-F50AE950AB01}\ not found.
Starting removal of ActiveX control {8AD9C840-044E-11D1-B3E9-00805F499D93}
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{8AD9C840-044E-11D1-B3E9-00805F499D93}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{8AD9C840-044E-11D1-B3E9-00805F499D93}\ deleted successfully.
Registry key HKEY_CURRENT_USER\SOFTWARE\Classes\CLSID\{8AD9C840-044E-11D1-B3E9-00805F499D93}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{8AD9C840-044E-11D1-B3E9-00805F499D93}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{8AD9C840-044E-11D1-B3E9-00805F499D93}\ not found.
Starting removal of ActiveX control {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}\ deleted successfully.
Registry key HKEY_CURRENT_USER\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}\ not found.
Starting removal of ActiveX control {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA}
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA}\ not found.
Starting removal of ActiveX control DownloadClientAccessCab
Registry error reading value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\DownloadClientAccessCab\DownloadInformation\\INF .
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\DownloadClientAccessCab\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\DownloadClientAccessCab\ not found.
se44mdfl removed from NetSvcs value successfully!
C:\Documents and Settings\Gabriel\Local Settings\Application Data\770572o7n654r638r362b3lrj2k2 moved successfully.
C:\Documents and Settings\All Users\Application Data\770572o7n654r638r362b3lrj2k2 moved successfully.
========== REGISTRY ==========
========== FILES ==========
File C:\WINDOWS\system32\DRIVERS\MpFilter.sys successfully replaced with C:\Program Files\Microsoft Security Client\Antimalware\Drivers\mpfilter\mpfilter.sys
< echo,Y|cacls "%WinDir%\system32\drivers\etc\hosts" /G everyone:f /c >
Are you sure (Y/N)?processed file: C:\WINDOWS\system32\drivers\etc\hosts
C:\Documents and Settings\Gabriel\Desktop\Spyware Tools\cmd.bat deleted successfully.
C:\Documents and Settings\Gabriel\Desktop\Spyware Tools\cmd.txt deleted successfully.
< ipconfig /flushdns /c >
Windows IP Configuration
Successfully flushed the DNS Resolver Cache.
C:\Documents and Settings\Gabriel\Desktop\Spyware Tools\cmd.bat deleted successfully.
C:\Documents and Settings\Gabriel\Desktop\Spyware Tools\cmd.txt deleted successfully.
========== COMMANDS ==========
C:\WINDOWS\System32\drivers\etc\Hosts moved successfully.
HOSTS file reset successfully
Restore point Set: OTL Restore Point (0)

[EMPTYTEMP]

User: Administrator
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 67 bytes
->Flash cache emptied: 434 bytes

User: administrator.CBW
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 67 bytes
->Java cache emptied: 0 bytes

User: All Users

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 67 bytes

User: Gabriel
->Temp folder emptied: 58702799 bytes
->Temporary Internet Files folder emptied: 13652283 bytes
->Java cache emptied: 0 bytes
->FireFox cache emptied: 46492244 bytes
->Flash cache emptied: 583 bytes

User: LocalService
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 202479 bytes

User: NetworkService
->Temp folder emptied: 18438 bytes
->Temporary Internet Files folder emptied: 33170 bytes
->Java cache emptied: 0 bytes
->Flash cache emptied: 142102 bytes

User: Troberts
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 5537862 bytes
->Java cache emptied: 0 bytes
->FireFox cache emptied: 124806361 bytes
->Flash cache emptied: 1058402 bytes

User: vern
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 294871 bytes
->Java cache emptied: 0 bytes
->FireFox cache emptied: 14175274 bytes

User: __sbs_netsetup__
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 67 bytes

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 2416617 bytes
%systemroot%\System32 .tmp files removed: 2577 bytes
%systemroot%\System32\dllcache .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 526381 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temp folder emptied: 0 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temporary Internet Files folder emptied: 0 bytes
RecycleBin emptied: 21158577 bytes

Total Files Cleaned = 276.00 mb


[EMPTYFLASH]

User: Administrator
->Flash cache emptied: 0 bytes

User: administrator.CBW

User: All Users

User: Default User

User: Gabriel
->Flash cache emptied: 0 bytes

User: LocalService

User: NetworkService
->Flash cache emptied: 0 bytes

User: Troberts
->Flash cache emptied: 0 bytes

User: vern

User: __sbs_netsetup__

Total Flash Files Cleaned = 0.00 mb


[EMPTYJAVA]

User: Administrator

User: administrator.CBW
->Java cache emptied: 0 bytes

User: All Users

User: Default User

User: Gabriel
->Java cache emptied: 0 bytes

User: LocalService

User: NetworkService
->Java cache emptied: 0 bytes

User: Troberts
->Java cache emptied: 0 bytes

User: vern
->Java cache emptied: 0 bytes

User: __sbs_netsetup__

Total Java Files Cleaned = 0.00 mb


OTL by OldTimer - Version 3.2.33.2 log created on 02242012_074837

Files\Folders moved on Reboot...
C:\Documents and Settings\Gabriel\Local Settings\Temp\WCESLog.log moved successfully.
File\Folder C:\Documents and Settings\Gabriel\Local Settings\Temp\~DF54B1.tmp not found!
File\Folder C:\Documents and Settings\Gabriel\Local Settings\Temp\~DF56BD.tmp not found!
File\Folder C:\Documents and Settings\Gabriel\Local Settings\Temp\~DF6122.tmp not found!
File\Folder C:\Documents and Settings\Gabriel\Local Settings\Temp\~DF626A.tmp not found!
C:\Documents and Settings\Gabriel\Local Settings\Temporary Internet Files\Content.IE5\R19TEKSQ\page__p__2607668__fromsearch__1[1].htm moved successfully.
C:\Documents and Settings\Gabriel\Local Settings\Temporary Internet Files\AntiPhishing\2CEDBFBC-DBA8-43AA-B1FD-CC8E6316E3E2.dat moved successfully.
C:\Documents and Settings\Gabriel\Local Settings\Temporary Internet Files\SuggestedSites.dat moved successfully.
File\Folder C:\Documents and Settings\NetworkService\Local Settings\Temp\MpCmdRun-25-20FFC3D1-F96A-40f1-81FD-EA9C5847B465.lock not found!
C:\Documents and Settings\NetworkService\Local Settings\Temp\MpCmdRun.log moved successfully.
File\Folder C:\Documents and Settings\NetworkService\Local Settings\Temp\Perflib_Perfdata_5c0.dat not found!
File\Folder C:\WINDOWS\temp\TMP00000007E27CDAC2A10220EA not found!

Registry entries deleted on Reboot...

All processes killed
========== PROCESSES ==========
========== SERVICES/DRIVERS ==========
Error: No service named se44mdfl was found to stop!
Service\Driver key se44mdfl not found.
========== OTL ==========
Error: No service named se44mdfl was found to stop!
Service\Driver key se44mdfl not found.
Service catchme stopped successfully!
Service catchme deleted successfully!
Prefs.js: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}:6.0.20 removed from extensions.enabledItems
Prefs.js: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}:6.0.22 removed from extensions.enabledItems
Prefs.js: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}:6.0.23 removed from extensions.enabledItems
Prefs.js: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}:6.0.24 removed from extensions.enabledItems
Folder C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}\ not found.
Folder C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}\ not found.
Folder C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}\ not found.
Folder C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}\ not found.
Starting removal of ActiveX control {5D357AB9-10EA-49A7-B2EB-B8F07C9E1EF4}
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{5D357AB9-10EA-49A7-B2EB-B8F07C9E1EF4}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{5D357AB9-10EA-49A7-B2EB-B8F07C9E1EF4}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{5D357AB9-10EA-49A7-B2EB-B8F07C9E1EF4}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{5D357AB9-10EA-49A7-B2EB-B8F07C9E1EF4}\ not found.
Starting removal of ActiveX control {6B081705-DB09-4C5C-9CD0-F50AE950AB01}
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{6B081705-DB09-4C5C-9CD0-F50AE950AB01}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{6B081705-DB09-4C5C-9CD0-F50AE950AB01}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{6B081705-DB09-4C5C-9CD0-F50AE950AB01}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{6B081705-DB09-4C5C-9CD0-F50AE950AB01}\ not found.
Starting removal of ActiveX control {8AD9C840-044E-11D1-B3E9-00805F499D93}
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{8AD9C840-044E-11D1-B3E9-00805F499D93}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{8AD9C840-044E-11D1-B3E9-00805F499D93}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{8AD9C840-044E-11D1-B3E9-00805F499D93}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{8AD9C840-044E-11D1-B3E9-00805F499D93}\ not found.
Starting removal of ActiveX control {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}\ not found.
Starting removal of ActiveX control {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA}
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA}\ not found.
Starting removal of ActiveX control DownloadClientAccessCab
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\DownloadClientAccessCab\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\DownloadClientAccessCab\ not found.
se44mdfl removed from NetSvcs value successfully!
File C:\Documents and Settings\Gabriel\Local Settings\Application Data\770572o7n654r638r362b3lrj2k2 not found.
File C:\Documents and Settings\All Users\Application Data\770572o7n654r638r362b3lrj2k2 not found.
========== REGISTRY ==========
========== FILES ==========
File C:\WINDOWS\system32\DRIVERS\MpFilter.sys successfully replaced with C:\Program Files\Microsoft Security Client\Antimalware\Drivers\mpfilter\mpfilter.sys
< echo,Y|cacls "%WinDir%\system32\drivers\etc\hosts" /G everyone:f /c >
Are you sure (Y/N)?processed file: C:\WINDOWS\system32\drivers\etc\Hosts
C:\Documents and Settings\Gabriel\Desktop\Spyware Tools\cmd.bat deleted successfully.
C:\Documents and Settings\Gabriel\Desktop\Spyware Tools\cmd.txt deleted successfully.
< ipconfig /flushdns /c >
Windows IP Configuration
Successfully flushed the DNS Resolver Cache.
C:\Documents and Settings\Gabriel\Desktop\Spyware Tools\cmd.bat deleted successfully.
C:\Documents and Settings\Gabriel\Desktop\Spyware Tools\cmd.txt deleted successfully.
========== COMMANDS ==========
C:\WINDOWS\System32\drivers\etc\Hosts moved successfully.
HOSTS file reset successfully
Restore point Set: OTL Restore Point (0)

[EMPTYTEMP]

User: Administrator
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 0 bytes

User: administrator.CBW
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Java cache emptied: 0 bytes

User: All Users

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes

User: Gabriel
->Temp folder emptied: 66560 bytes
->Temporary Internet Files folder emptied: 2339556 bytes
->Java cache emptied: 0 bytes
->FireFox cache emptied: 0 bytes
->Flash cache emptied: 456 bytes

User: LocalService
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes

User: NetworkService
->Temp folder emptied: 18912 bytes
->Temporary Internet Files folder emptied: 33170 bytes
->Java cache emptied: 0 bytes
->Flash cache emptied: 0 bytes

User: Troberts
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Java cache emptied: 0 bytes
->FireFox cache emptied: 0 bytes
->Flash cache emptied: 0 bytes

User: vern
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Java cache emptied: 0 bytes
->FireFox cache emptied: 0 bytes

User: __sbs_netsetup__
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32\dllcache .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 9508 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temp folder emptied: 0 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temporary Internet Files folder emptied: 0 bytes
RecycleBin emptied: 0 bytes

Total Files Cleaned = 2.00 mb


[EMPTYFLASH]

User: Administrator
->Flash cache emptied: 0 bytes

User: administrator.CBW

User: All Users

User: Default User

User: Gabriel
->Flash cache emptied: 0 bytes

User: LocalService

User: NetworkService
->Flash cache emptied: 0 bytes

User: Troberts
->Flash cache emptied: 0 bytes

User: vern

User: __sbs_netsetup__

Total Flash Files Cleaned = 0.00 mb

Error: Unable to interpret <[EMPTYJAVA> in the current context!

OTL by OldTimer - Version 3.2.33.2 log created on 02242012_081424

Files\Folders moved on Reboot...
File\Folder C:\Documents and Settings\Gabriel\Local Settings\Temp\~DFE432.tmp not found!
File\Folder C:\Documents and Settings\Gabriel\Local Settings\Temp\~DFE43D.tmp not found!
File\Folder C:\Documents and Settings\Gabriel\Local Settings\Temp\~DFE495.tmp not found!
File\Folder C:\Documents and Settings\Gabriel\Local Settings\Temp\~DFE4A0.tmp not found!
C:\Documents and Settings\Gabriel\Local Settings\Temporary Internet Files\Content.IE5\PRG7SBDY\page__p__2607668__fromsearch__1[1].htm moved successfully.
C:\Documents and Settings\Gabriel\Local Settings\Temporary Internet Files\AntiPhishing\2CEDBFBC-DBA8-43AA-B1FD-CC8E6316E3E2.dat moved successfully.
File\Folder C:\Documents and Settings\NetworkService\Local Settings\Temp\Perflib_Perfdata_590.dat not found!

Registry entries deleted on Reboot...



Last Combofix

ComboFix 12-02-24.02 - gtorres 02/24/2012 8:32.10.2 - x86
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.2047.1648 [GMT -8:00]
Running from: c:\documents and settings\Gabriel\Desktop\ComboFix.exe
AV: Microsoft Security Essentials *Disabled/Updated* {EDB4FA23-53B8-4AFA-8C5D-99752CCA7095}
.
.
((((((((((((((((((((((((( Files Created from 2012-01-24 to 2012-02-24 )))))))))))))))))))))))))))))))
.
.
2012-02-24 16:13 . 2012-02-08 06:03 6552120 ----a-w- c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{3543A37A-D019-4C65-8835-CCF4E532A5ED}\mpengine.dll
2012-02-24 15:48 . 2010-10-25 04:25 165264 ----a-w- c:\windows\system32\drivers\MpFilter.sys
2012-02-24 15:46 . 2012-02-24 15:46 -------- d-----w- c:\program files\ERUNT
2012-02-23 01:47 . 2008-04-14 13:42 116224 -c--a-w- c:\windows\system32\dllcache\xrxwiadr.dll
2012-02-23 01:47 . 2001-08-18 06:36 23040 -c--a-w- c:\windows\system32\dllcache\xrxwbtmp.dll
2012-02-23 01:47 . 2008-04-14 13:42 18944 -c--a-w- c:\windows\system32\dllcache\xrxscnui.dll
2012-02-23 01:47 . 2001-08-18 06:37 27648 -c--a-w- c:\windows\system32\dllcache\xrxftplt.exe
2012-02-23 01:47 . 2001-08-18 06:37 4608 -c--a-w- c:\windows\system32\dllcache\xrxflnch.exe
2012-02-23 01:47 . 2001-08-18 06:37 99865 -c--a-w- c:\windows\system32\dllcache\xlog.exe
2012-02-23 01:47 . 2001-08-17 20:11 16970 -c--a-w- c:\windows\system32\dllcache\xem336n5.sys
2012-02-23 01:47 . 2008-04-14 06:04 19455 -c--a-w- c:\windows\system32\dllcache\wvchntxx.sys
2012-02-23 01:45 . 2001-08-17 20:13 19016 -c--a-w- c:\windows\system32\dllcache\w926nd.sys
2012-02-23 01:44 . 2001-08-18 06:36 94720 -c--a-w- c:\windows\system32\dllcache\umaxud32.dll
2012-02-23 01:43 . 2001-08-17 20:51 222336 -c--a-w- c:\windows\system32\dllcache\trid3dm.sys
2012-02-23 01:42 . 2001-08-17 21:52 7040 -c--a-w- c:\windows\system32\dllcache\tandqic.sys
2012-02-23 01:41 . 2001-08-17 20:11 48736 -c--a-w- c:\windows\system32\dllcache\srwlnd5.sys
2012-02-23 01:40 . 2001-08-17 20:10 35913 -c--a-w- c:\windows\system32\dllcache\smcirda.sys
2012-02-23 01:39 . 2001-07-21 22:29 161568 -c--a-w- c:\windows\system32\dllcache\sgsmusb.sys
2012-02-23 01:38 . 2001-08-17 20:50 75392 -c--a-w- c:\windows\system32\dllcache\s3savmxm.sys
2012-02-23 01:37 . 2001-08-17 20:12 37563 -c--a-w- c:\windows\system32\dllcache\rlnet5.sys
2012-02-23 01:36 . 2001-08-18 06:36 35328 -c--a-w- c:\windows\system32\dllcache\psisload.dll
2012-02-23 01:35 . 2001-08-17 20:12 26153 -c--a-w- c:\windows\system32\dllcache\pcmlm56.sys
2012-02-23 01:34 . 2001-08-17 20:50 198144 -c--a-w- c:\windows\system32\dllcache\nv3.sys
2012-02-23 01:33 . 2001-08-17 20:50 27936 -c--a-w- c:\windows\system32\dllcache\n9i3d.sys
2012-02-23 01:32 . 2001-08-17 22:00 2944 -c--a-w- c:\windows\system32\dllcache\msmpu401.sys
2012-02-23 01:32 . 2008-04-14 08:24 22016 -c--a-w- c:\windows\system32\dllcache\msircomm.sys
2012-02-23 01:32 . 2001-08-17 22:02 35200 -c--a-w- c:\windows\system32\dllcache\msgame.sys
2012-02-23 01:32 . 2001-08-17 21:48 6016 -c--a-w- c:\windows\system32\dllcache\msfsio.sys
2012-02-23 01:32 . 2008-04-14 08:16 51200 -c--a-w- c:\windows\system32\dllcache\msdv.sys
2012-02-23 01:32 . 2001-08-17 21:52 17280 -c--a-w- c:\windows\system32\dllcache\mraid35x.sys
2012-02-23 01:32 . 2008-04-14 08:16 15232 -c--a-w- c:\windows\system32\dllcache\mpe.sys
2012-02-23 01:32 . 2001-08-17 21:57 16128 -c--a-w- c:\windows\system32\dllcache\modemcsa.sys
2012-02-23 01:32 . 2001-08-17 21:52 6528 -c--a-w- c:\windows\system32\dllcache\miniqic.sys
2012-02-23 01:32 . 2001-08-17 20:50 320384 -c--a-w- c:\windows\system32\dllcache\mgaum.sys
2012-02-23 01:30 . 2001-08-17 20:12 26442 -c--a-w- c:\windows\system32\dllcache\lanepic5.sys
2012-02-23 01:29 . 2001-08-17 20:12 45632 -c--a-w- c:\windows\system32\dllcache\ip5515.sys
2012-02-23 01:28 . 2001-08-17 20:12 109085 -c--a-w- c:\windows\system32\dllcache\ibmtrp.sys
2012-02-23 01:27 . 2001-08-17 21:28 199711 -c--a-w- c:\windows\system32\dllcache\hsf_faxx.sys
2012-02-23 01:26 . 2001-08-17 21:51 82304 -c--a-w- c:\windows\system32\dllcache\grclass.sys
2012-02-23 01:25 . 2001-08-17 21:52 7040 -c--a-w- c:\windows\system32\dllcache\exabyte2.sys
2012-02-23 01:24 . 2001-08-17 20:10 26141 -c--a-w- c:\windows\system32\dllcache\el589nd5.sys
2012-02-23 01:23 . 2001-08-17 20:13 37735 -c--a-w- c:\windows\system32\dllcache\digiasyn.sys
2012-02-23 01:22 . 2001-08-17 20:11 39936 -c--a-w- c:\windows\system32\dllcache\cnxt1803.sys
2012-02-23 01:21 . 2008-04-14 08:16 36480 -c--a-w- c:\windows\system32\dllcache\bthprint.sys
2012-02-23 01:20 . 2008-04-14 08:06 43008 -c--a-w- c:\windows\system32\dllcache\amdagp.sys
2012-02-23 01:19 . 2001-08-17 22:56 66048 -c--a-w- c:\windows\system32\dllcache\s3legacy.dll
2012-02-23 00:10 . 2012-02-23 00:10 -------- d-----w- c:\program files\Windows Resource Kits
2012-02-23 00:04 . 2012-02-23 00:02 290304 ----a-w- C:\subinacl.exe
2012-02-23 00:04 . 2012-02-23 01:15 181064 ----a-w- c:\windows\PSEXESVC.EXE
2012-02-22 20:46 . 2012-02-22 20:46 -------- d-----w- C:\_OTL
2012-02-22 20:44 . 2012-02-22 20:44 -------- d-----w- C:\_OTS
2012-02-22 19:41 . 2012-02-22 20:26 -------- d-----w- C:\TDSSKiller_Quarantine
2012-02-21 18:10 . 2012-01-11 19:06 3072 -c--a-w- c:\windows\system32\dllcache\iacenc.dll
2012-02-21 18:10 . 2012-01-11 19:06 3072 ----a-w- c:\windows\system32\iacenc.dll
2012-02-21 17:53 . 2008-04-14 07:51 162816 -c--a-w- c:\windows\system32\dllcache\netbt.sys
2012-02-21 17:53 . 2008-04-14 07:51 162816 ----a-w- c:\windows\system32\drivers\netbt.sys
2012-02-21 17:53 . 2008-04-14 07:49 75264 -c--a-w- c:\windows\system32\dllcache\ipsec.sys
2012-02-21 17:53 . 2008-04-14 07:49 75264 ----a-w- c:\windows\system32\drivers\ipsec.sys
2012-02-21 17:53 . 2011-08-17 13:49 138496 -c--a-w- c:\windows\system32\dllcache\afd.sys
2012-02-21 17:53 . 2011-08-17 13:49 138496 ----a-w- c:\windows\system32\drivers\afd.sys
2012-02-21 17:32 . 2008-04-14 08:45 64512 -c--a-w- c:\windows\system32\dllcache\serial.sys
2012-02-21 17:32 . 2008-04-14 08:45 64512 ----a-w- c:\windows\system32\drivers\serial.sys
2012-02-21 17:31 . 2008-04-14 08:48 52480 -c--a-w- c:\windows\system32\dllcache\i8042prt.sys
2012-02-21 17:31 . 2008-04-14 08:48 52480 ----a-w- c:\windows\system32\drivers\i8042prt.sys
2012-02-21 17:31 . 2008-04-14 08:10 62976 -c--a-w- c:\windows\system32\dllcache\cdrom.sys
2012-02-21 17:31 . 2008-04-14 08:10 62976 ----a-w- c:\windows\system32\drivers\cdrom.sys
2012-02-21 17:31 . 2008-04-14 08:10 57600 -c--a-w- c:\windows\system32\dllcache\redbook.sys
2012-02-21 17:31 . 2008-04-14 08:10 57600 ----a-w- c:\windows\system32\drivers\redbook.sys
2012-02-21 17:04 . 2012-02-23 00:20 -------- d-----w- c:\windows\system32\wbem\Repository
2012-02-10 05:09 . 2012-02-10 05:09 664 ----a-w- c:\documents and settings\NetworkService\Local Settings\Application Data\d3d9caps.tmp
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-02-24 15:44 . 2011-07-06 15:48 414368 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2012-02-08 06:03 . 2010-03-26 16:15 6552120 ----a-w- c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll
2012-01-31 12:44 . 2010-03-25 14:35 237072 ------w- c:\windows\system32\MpSigStub.exe
2012-01-12 16:53 . 2008-04-14 08:00 1859968 ----a-w- c:\windows\system32\win32k.sys
2011-12-17 19:46 . 2008-04-14 12:42 1469440 ----a-w- c:\windows\system32\inetcpl.cpl
2011-12-17 19:46 . 2008-04-14 12:42 916992 ----a-w- c:\windows\system32\wininet.dll
2011-12-17 19:46 . 2008-04-14 12:41 43520 ----a-w- c:\windows\system32\licmgr10.dll
2011-12-16 12:22 . 2008-04-14 07:07 385024 ----a-w- c:\windows\system32\html.iec
2011-12-10 23:24 . 2010-11-08 01:11 20464 ----a-w- c:\windows\system32\drivers\mbam.sys
.
.
((((((((((((((((((((((((((((( SnapShot_2012-02-23_14.34.13 )))))))))))))))))))))))))))))))))))))))))
.
+ 2012-02-24 16:22 . 2012-02-24 16:22 16384 c:\windows\temp\Perflib_Perfdata_548.dat
+ 2012-02-24 15:44 . 2012-02-24 15:44 250016 c:\windows\system32\Macromed\Flash\FlashUtil11f_ActiveX.exe
+ 2012-02-24 15:44 . 2012-02-24 15:44 335520 c:\windows\system32\Macromed\Flash\FlashUtil11f_ActiveX.dll
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"H/PC Connection Agent"="c:\progra~1\MI3AA1~1\wcescomm.exe" [2006-11-13 1289000]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ToasterClient"="c:\program files\Cyncast\ToasterClient\\ToasterClient.exe" [2010-06-08 483328]
"MSC"="c:\program files\Microsoft Security Client\msseces.exe" [2010-11-30 997408]
"Malwarebytes' Anti-Malware"="c:\program files\Malwarebytes' Anti-Malware\mbamgui.exe" [2012-01-13 460872]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2009-09-28 13918208]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"DWQueuedReporting"="c:\progra~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" [2010-02-28 519584]
.
c:\documents and settings\Troberts\Start Menu\Programs\Startup\
OpenOffice.org 3.2.lnk - c:\program files\OpenOffice.org 3\program\quickstart.exe [2009-12-15 384000]
.
c:\documents and settings\All Users\Start Menu\Programs\Startup\
ALLDATA Collision S3500 EI.lnk - c:\windows\Installer\{FAA7E737-EBC3-4D92-84F1-040C6FAA13B8}\_B4D93AA2867D2521A059B9.exe [2011-10-26 63387]
SmartCapture.lnk - c:\program files\Seiko Instruments USA Inc\Smart Label Printer 6.4\slpcap.exe [2007-7-20 58720]
ToasterClient.lnk - c:\windows\Installer\{0E4D838E-5DA5-49CB-82B6-69E6571A81B1}\_6C5C9500ADDE2498947489.exe [2010-8-24 10134]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer]
"NoWelcomeScreen"= 1 (0x1)
.
[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{56F9679E-7826-4C84-81F3-532071A8BCC5}"= "c:\program files\Windows Desktop Search\MSNLNamespaceMgr.dll" [2009-05-25 304128]
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc]
@="Service"
.
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Adobe Acrobat Speed Launcher.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Adobe Acrobat Speed Launcher.lnk
backup=c:\windows\pss\Adobe Acrobat Speed Launcher.lnkCommon Startup
.
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Windows Search.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Windows Search.lnk
backup=c:\windows\pss\Windows Search.lnkCommon Startup
.
[HKLM\~\startupfolder\C:^Documents and Settings^Gabriel^Start Menu^Programs^Startup^OpenOffice.org 3.2.lnk]
path=c:\documents and settings\Gabriel\Start Menu\Programs\Startup\OpenOffice.org 3.2.lnk
backup=c:\windows\pss\OpenOffice.org 3.2.lnkStartup
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Acrobat Assistant 7.0]
2008-04-23 09:08 483328 ----a-w- c:\program files\Adobe\Acrobat 7.0\Distillr\acrotray.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BCSSync]
2010-03-13 21:54 91520 ----a-w- c:\program files\Microsoft Office\Office14\BCSSync.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ctfmon.exe]
2008-04-14 12:42 15360 ----a-w- c:\windows\system32\ctfmon.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
2011-04-14 18:32 421160 ----a-w- c:\program files\iTunes\iTunesHelper.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS]
2008-04-14 13:42 1695232 ----a-w- c:\program files\Messenger\msmsgs.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvCplDaemon]
2009-09-28 02:19 13918208 ----a-w- c:\windows\system32\nvcpl.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvMediaCenter]
2009-09-28 02:19 86016 ----a-w- c:\windows\system32\nvmctray.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
2010-11-30 00:38 421888 ----a-w- c:\program files\QuickTime\QTTask.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RTHDCPL]
2010-03-25 15:07 18791456 ----a-w- c:\windows\RTHDCPL.EXE
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
2010-10-29 22:49 249064 ----a-w- c:\program files\Common Files\Java\Java Update\jusched.exe
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"DisableNotifications"= 1 (0x1)
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=
"c:\program files\Microsoft ActiveSync\rapimgr.exe"= c:\program files\Microsoft ActiveSync\rapimgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync RAPI Manager
"c:\program files\Microsoft ActiveSync\wcescomm.exe"= c:\program files\Microsoft ActiveSync\wcescomm.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Connection Manager
"c:\program files\Microsoft ActiveSync\WCESMgr.exe"= c:\program files\Microsoft ActiveSync\WCESMgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Application
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"26675:TCP"= 26675:TCP:169.254.2.0/255.255.255.0:Enabled:ActiveSync Service
.
R2 MBAMService;MBAMService;c:\program files\Malwarebytes' Anti-Malware\mbamservice.exe [11/7/2010 5:12 PM 652360]
R2 OECApplicationUpdaterService;OECApplicationUpdaterService;c:\program files\OEConnection\OEConnection Application Update Service\OECUpdaterService.exe [7/1/2009 6:14 PM 28672]
R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [11/7/2010 5:11 PM 20464]
S3 Ambfilt;Ambfilt;c:\windows\system32\drivers\Ambfilt.sys [3/25/2010 7:11 AM 1691480]
S3 Microsoft SharePoint Workspace Audit Service;Microsoft SharePoint Workspace Audit Service;c:\program files\Microsoft Office\Office14\GROOVE.EXE [3/25/2010 9:25 AM 30969208]
S3 NgFilter;Aventail VPN Filter;c:\windows\system32\DRIVERS\ngfilter.sys --> c:\windows\system32\DRIVERS\ngfilter.sys [?]
S3 NgLog;Aventail VPN Logging;c:\windows\system32\DRIVERS\nglog.sys --> c:\windows\system32\DRIVERS\nglog.sys [?]
S3 NgVpn;Aventail VPN Adapter;c:\windows\system32\DRIVERS\ngvpn.sys --> c:\windows\system32\DRIVERS\ngvpn.sys [?]
S3 NgWfp;Aventail VPN Callout;c:\windows\system32\DRIVERS\ngwfp.sys --> c:\windows\system32\DRIVERS\ngwfp.sys [?]
S3 osppsvc;Office Software Protection Platform;c:\program files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [1/9/2010 8:37 PM 4640000]
S3 PROCEXP150;PROCEXP150;\??\c:\windows\system32\Drivers\PROCEXP150.SYS --> c:\windows\system32\Drivers\PROCEXP150.SYS [?]
.
Contents of the 'Scheduled Tasks' folder
.
2012-02-17 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 20:34]
.
2012-02-21 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1220945662-73586283-682003330-500Core.job
- c:\documents and settings\Administrator\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2010-03-25 09:08]
.
2012-02-24 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1220945662-73586283-682003330-500UA.job
- c:\documents and settings\Administrator\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2010-03-25 09:08]
.
2012-02-24 c:\windows\Tasks\User_Feed_Synchronization-{4A0E6716-CE14-4B96-BF0E-DFA83E89BAB0}.job
- c:\windows\system32\msfeedssync.exe [2009-03-08 11:31]
.
2012-02-24 c:\windows\Tasks\User_Feed_Synchronization-{66519A3D-25AE-4183-9A60-D2C21E6B0195}.job
- c:\windows\system32\msfeedssync.exe [2009-03-08 11:31]
.
.
------- Supplementary Scan -------
.
uInternet Settings,ProxyOverride = *.local
Trusted Zone: processclaims.com
Trusted Zone: processclaims.com\shopflow
TCP: DhcpNameServer = 209.18.47.61 209.18.47.62
FF - ProfilePath - c:\documents and settings\Gabriel\Application Data\Mozilla\Firefox\Profiles\hi28lrfl.default\
FF - prefs.js: browser.search.defaulturl - hxxp://www.bing.com/search?FORM=SO3TDF&PC=SUN3&q=
FF - prefs.js: browser.startup.homepage - hxxp://www.msn.com/?pc=SUN3
FF - prefs.js: keyword.URL - hxxp://www.bing.com/search?FORM=SO3TDF&PC=SUN3&q=
FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
FF - Ext: Java Quick Starter: jqs@sun.com - c:\program files\Java\jre6\lib\deploy\jqs\ff
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2012-02-24 08:37
Windows 5.1.2600 Service Pack 3 NTFS
.
scanning hidden processes ...
.
scanning hidden autostart entries ...
.
scanning hidden files ...
.
scan completed successfully
hidden files: 0
.
**************************************************************************
.
Completion time: 2012-02-24 08:40:24
ComboFix-quarantined-files.txt 2012-02-24 16:40
ComboFix2.txt 2012-02-24 16:11
ComboFix3.txt 2012-02-23 16:27
ComboFix4.txt 2012-02-23 14:35
ComboFix5.txt 2012-02-24 16:18
.
Pre-Run: 124,316,327,936 bytes free
Post-Run: 124,280,233,984 bytes free
.
- - End Of File - - 919788D470926F23499A9D3837090E6B

Edited by mypcsupportteam, 24 February 2012 - 11:47 AM.


#7 SweetTech

SweetTech

    Agent ST


  • Members
  • 13,421 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Antarctica
  • Local time:12:30 AM

Posted 25 February 2012 - 08:48 AM

Hi mypcsupportteam,

Agent ST, So I kinda messed up. I ran the otl fix while it looks like malwarebytes was still running, so I ran it twice. I have included both OTL Logs and the last Combofix log. I still have some service issues and the virus continues to pop up when you run combofix, saying very difficult to fix etc.. Here are the logs. Hopefully we will get this rectified by the end of weekend. Client wants PC back. I appreciate all your help Thanks so much. I look forward to your next instructions.

Okay, lets see what we can do. I can't make any promises that this will get resolved by the end of the weekend. If your client needs the computer back by the end of the weekend, the easiest thing may just be to reformat and re-install the operating system.

Can you elaborate on what you mean by the virus continues to pop up when you are running ComboFix?


Locating ComboFix Log
  • Right click on START on the left end of your Windows toolbar (lower left corner of your screen)
  • Click on Explore
  • Click on Local Disk (C:) in the left-hand window pane
  • Click on Qoobox in the left-hand window pane
  • Look for ComboFix2.txt in the right-hand window pane and right click on it
  • Put your cursor (arrow) on Open With
  • Move your cursor to the new menu that opens and click on Choose Program...
  • Click on Notepad

When file opens, Copy/Paste text here.

Repeat the above process for ComboFix3.txt, ComboFix4.txt & ComboFix5.txt



Malwarebytes' Anti-Malware

I see that you have Malwarebytes' Anti-Malware installed on your computer could you please do a scan using these settings:

  • Open Malwarebytes' Anti-Malware
  • Select the Update tab
  • Click Check for Updates
  • After the update have been completed, Select the Scanner tab.
  • Select Perform quick scan, then click on Scan
  • Leave the default options as it is and click on Start Scan
  • When done, you will be prompted. Click OK, then click on Show Results
  • Checked (ticked) all items and click on Remove Selected
  • After it has removed the items, Notepad will open. Please post this log in your next reply. You can also find the log in the Logs tab. The bottom most log is the latest
Extra Note: If MBAM encounters a file that is difficult to remove, you will be presented with 1 of 2 prompts, click OK to either and let MBAM proceed with the disinfection process, if asked to restart the computer, please do so immediately.

Have I helped you? If you'd like to assist in the fight against malware, click here Posted Image


The instructions seen in this post have been specifically tailored to this user and the issues they are experiencing with their computer. If you think you have a similar problem, please first read this topic, and then begin your own, new thread. I do not offer private support via Private Message.


#8 mypcsupportteam

mypcsupportteam
  • Topic Starter

  • Members
  • 11 posts
  • OFFLINE
  •  
  • Local time:11:30 PM

Posted 25 February 2012 - 11:32 AM

I just mean that when I run a combofix scan it pops up and warns me that we are infected with rootkit.zeroaccess and its a difficult virus to remove. It does that each time I run combofix. I ran it twice after your instructions because of my mistake with malwarebytes running in the background. I am attaching the logs your requested. I also included MBAM Log

ComboFix 12-02-24.02 - gtorres 02/24/2012 8:04.9.2 - x86
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.2047.1619 [GMT -8:00]
Running from: c:\documents and settings\Gabriel\Desktop\ComboFix.exe
AV: Microsoft Security Essentials *Disabled/Updated* {EDB4FA23-53B8-4AFA-8C5D-99752CCA7095}
.
.
((((((((((((((((((((((((( Files Created from 2012-01-24 to 2012-02-24 )))))))))))))))))))))))))))))))
.
.
2012-02-24 15:48 . 2010-10-25 04:25 165264 ----a-w- c:\windows\system32\drivers\MpFilter.sys
2012-02-24 15:46 . 2012-02-24 15:46 -------- d-----w- c:\program files\ERUNT
2012-02-23 01:47 . 2008-04-14 13:42 116224 -c--a-w- c:\windows\system32\dllcache\xrxwiadr.dll
2012-02-23 01:47 . 2001-08-18 06:36 23040 -c--a-w- c:\windows\system32\dllcache\xrxwbtmp.dll
2012-02-23 01:47 . 2008-04-14 13:42 18944 -c--a-w- c:\windows\system32\dllcache\xrxscnui.dll
2012-02-23 01:47 . 2001-08-18 06:37 27648 -c--a-w- c:\windows\system32\dllcache\xrxftplt.exe
2012-02-23 01:47 . 2001-08-18 06:37 4608 -c--a-w- c:\windows\system32\dllcache\xrxflnch.exe
2012-02-23 01:47 . 2001-08-18 06:37 99865 -c--a-w- c:\windows\system32\dllcache\xlog.exe
2012-02-23 01:47 . 2001-08-17 20:11 16970 -c--a-w- c:\windows\system32\dllcache\xem336n5.sys
2012-02-23 01:47 . 2008-04-14 06:04 19455 -c--a-w- c:\windows\system32\dllcache\wvchntxx.sys
2012-02-23 01:45 . 2001-08-17 20:13 19016 -c--a-w- c:\windows\system32\dllcache\w926nd.sys
2012-02-23 01:44 . 2001-08-18 06:36 94720 -c--a-w- c:\windows\system32\dllcache\umaxud32.dll
2012-02-23 01:43 . 2001-08-17 20:51 222336 -c--a-w- c:\windows\system32\dllcache\trid3dm.sys
2012-02-23 01:42 . 2001-08-17 21:52 7040 -c--a-w- c:\windows\system32\dllcache\tandqic.sys
2012-02-23 01:41 . 2001-08-17 20:11 48736 -c--a-w- c:\windows\system32\dllcache\srwlnd5.sys
2012-02-23 01:40 . 2001-08-17 20:10 35913 -c--a-w- c:\windows\system32\dllcache\smcirda.sys
2012-02-23 01:39 . 2001-07-21 22:29 161568 -c--a-w- c:\windows\system32\dllcache\sgsmusb.sys
2012-02-23 01:38 . 2001-08-17 20:50 75392 -c--a-w- c:\windows\system32\dllcache\s3savmxm.sys
2012-02-23 01:37 . 2001-08-17 20:12 37563 -c--a-w- c:\windows\system32\dllcache\rlnet5.sys
2012-02-23 01:36 . 2001-08-18 06:36 35328 -c--a-w- c:\windows\system32\dllcache\psisload.dll
2012-02-23 01:35 . 2001-08-17 20:12 26153 -c--a-w- c:\windows\system32\dllcache\pcmlm56.sys
2012-02-23 01:34 . 2001-08-17 20:50 198144 -c--a-w- c:\windows\system32\dllcache\nv3.sys
2012-02-23 01:33 . 2001-08-17 20:50 27936 -c--a-w- c:\windows\system32\dllcache\n9i3d.sys
2012-02-23 01:32 . 2001-08-17 22:00 2944 -c--a-w- c:\windows\system32\dllcache\msmpu401.sys
2012-02-23 01:32 . 2008-04-14 08:24 22016 -c--a-w- c:\windows\system32\dllcache\msircomm.sys
2012-02-23 01:32 . 2001-08-17 22:02 35200 -c--a-w- c:\windows\system32\dllcache\msgame.sys
2012-02-23 01:32 . 2001-08-17 21:48 6016 -c--a-w- c:\windows\system32\dllcache\msfsio.sys
2012-02-23 01:32 . 2008-04-14 08:16 51200 -c--a-w- c:\windows\system32\dllcache\msdv.sys
2012-02-23 01:32 . 2001-08-17 21:52 17280 -c--a-w- c:\windows\system32\dllcache\mraid35x.sys
2012-02-23 01:32 . 2008-04-14 08:16 15232 -c--a-w- c:\windows\system32\dllcache\mpe.sys
2012-02-23 01:32 . 2001-08-17 21:57 16128 -c--a-w- c:\windows\system32\dllcache\modemcsa.sys
2012-02-23 01:32 . 2001-08-17 21:52 6528 -c--a-w- c:\windows\system32\dllcache\miniqic.sys
2012-02-23 01:32 . 2001-08-17 20:50 320384 -c--a-w- c:\windows\system32\dllcache\mgaum.sys
2012-02-23 01:30 . 2001-08-17 20:12 26442 -c--a-w- c:\windows\system32\dllcache\lanepic5.sys
2012-02-23 01:29 . 2001-08-17 20:12 45632 -c--a-w- c:\windows\system32\dllcache\ip5515.sys
2012-02-23 01:28 . 2001-08-17 20:12 109085 -c--a-w- c:\windows\system32\dllcache\ibmtrp.sys
2012-02-23 01:27 . 2001-08-17 21:28 199711 -c--a-w- c:\windows\system32\dllcache\hsf_faxx.sys
2012-02-23 01:26 . 2001-08-17 21:51 82304 -c--a-w- c:\windows\system32\dllcache\grclass.sys
2012-02-23 01:25 . 2001-08-17 21:52 7040 -c--a-w- c:\windows\system32\dllcache\exabyte2.sys
2012-02-23 01:24 . 2001-08-17 20:10 26141 -c--a-w- c:\windows\system32\dllcache\el589nd5.sys
2012-02-23 01:23 . 2001-08-17 20:13 37735 -c--a-w- c:\windows\system32\dllcache\digiasyn.sys
2012-02-23 01:22 . 2001-08-17 20:11 39936 -c--a-w- c:\windows\system32\dllcache\cnxt1803.sys
2012-02-23 01:21 . 2008-04-14 08:16 36480 -c--a-w- c:\windows\system32\dllcache\bthprint.sys
2012-02-23 01:20 . 2008-04-14 08:06 43008 -c--a-w- c:\windows\system32\dllcache\amdagp.sys
2012-02-23 01:19 . 2001-08-17 22:56 66048 -c--a-w- c:\windows\system32\dllcache\s3legacy.dll
2012-02-23 00:10 . 2012-02-23 00:10 -------- d-----w- c:\program files\Windows Resource Kits
2012-02-23 00:04 . 2012-02-23 00:02 290304 ----a-w- C:\subinacl.exe
2012-02-23 00:04 . 2012-02-23 01:15 181064 ----a-w- c:\windows\PSEXESVC.EXE
2012-02-22 20:46 . 2012-02-22 20:46 -------- d-----w- C:\_OTL
2012-02-22 20:44 . 2012-02-22 20:44 -------- d-----w- C:\_OTS
2012-02-22 20:12 . 2012-02-08 06:03 6552120 ----a-w- c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{56656557-97CF-48DE-A7F3-5E1E99FA1042}\mpengine.dll
2012-02-22 19:41 . 2012-02-22 20:26 -------- d-----w- C:\TDSSKiller_Quarantine
2012-02-21 18:10 . 2012-01-11 19:06 3072 -c--a-w- c:\windows\system32\dllcache\iacenc.dll
2012-02-21 18:10 . 2012-01-11 19:06 3072 ----a-w- c:\windows\system32\iacenc.dll
2012-02-21 17:53 . 2008-04-14 07:51 162816 -c--a-w- c:\windows\system32\dllcache\netbt.sys
2012-02-21 17:53 . 2008-04-14 07:51 162816 ----a-w- c:\windows\system32\drivers\netbt.sys
2012-02-21 17:53 . 2008-04-14 07:49 75264 -c--a-w- c:\windows\system32\dllcache\ipsec.sys
2012-02-21 17:53 . 2008-04-14 07:49 75264 ----a-w- c:\windows\system32\drivers\ipsec.sys
2012-02-21 17:53 . 2011-08-17 13:49 138496 -c--a-w- c:\windows\system32\dllcache\afd.sys
2012-02-21 17:53 . 2011-08-17 13:49 138496 ----a-w- c:\windows\system32\drivers\afd.sys
2012-02-21 17:32 . 2008-04-14 08:45 64512 -c--a-w- c:\windows\system32\dllcache\serial.sys
2012-02-21 17:32 . 2008-04-14 08:45 64512 ----a-w- c:\windows\system32\drivers\serial.sys
2012-02-21 17:31 . 2008-04-14 08:48 52480 -c--a-w- c:\windows\system32\dllcache\i8042prt.sys
2012-02-21 17:31 . 2008-04-14 08:48 52480 ----a-w- c:\windows\system32\drivers\i8042prt.sys
2012-02-21 17:31 . 2008-04-14 08:10 62976 -c--a-w- c:\windows\system32\dllcache\cdrom.sys
2012-02-21 17:31 . 2008-04-14 08:10 62976 ----a-w- c:\windows\system32\drivers\cdrom.sys
2012-02-21 17:31 . 2008-04-14 08:10 57600 -c--a-w- c:\windows\system32\dllcache\redbook.sys
2012-02-21 17:31 . 2008-04-14 08:10 57600 ----a-w- c:\windows\system32\drivers\redbook.sys
2012-02-21 17:04 . 2012-02-23 00:20 -------- d-----w- c:\windows\system32\wbem\Repository
2012-02-10 05:09 . 2012-02-10 05:09 664 ----a-w- c:\documents and settings\NetworkService\Local Settings\Application Data\d3d9caps.tmp
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-02-24 15:44 . 2011-07-06 15:48 414368 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2012-01-31 12:44 . 2010-03-25 14:35 237072 ----a-w- c:\windows\system32\MpSigStub.exe
2012-01-12 16:53 . 2008-04-14 08:00 1859968 ----a-w- c:\windows\system32\win32k.sys
2011-12-17 19:46 . 2008-04-14 12:42 1469440 ----a-w- c:\windows\system32\inetcpl.cpl
2011-12-17 19:46 . 2008-04-14 12:42 916992 ----a-w- c:\windows\system32\wininet.dll
2011-12-17 19:46 . 2008-04-14 12:41 43520 ----a-w- c:\windows\system32\licmgr10.dll
2011-12-16 12:22 . 2008-04-14 07:07 385024 ----a-w- c:\windows\system32\html.iec
2011-12-10 23:24 . 2010-11-08 01:11 20464 ----a-w- c:\windows\system32\drivers\mbam.sys
.
.
((((((((((((((((((((((((((((( SnapShot_2012-02-23_14.34.13 )))))))))))))))))))))))))))))))))))))))))
.
+ 2012-02-24 16:02 . 2012-02-24 16:02 16384 c:\windows\temp\Perflib_Perfdata_548.dat
+ 2012-02-24 15:44 . 2012-02-24 15:44 250016 c:\windows\system32\Macromed\Flash\FlashUtil11f_ActiveX.exe
+ 2012-02-24 15:44 . 2012-02-24 15:44 335520 c:\windows\system32\Macromed\Flash\FlashUtil11f_ActiveX.dll
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"H/PC Connection Agent"="c:\progra~1\MI3AA1~1\wcescomm.exe" [2006-11-13 1289000]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ToasterClient"="c:\program files\Cyncast\ToasterClient\\ToasterClient.exe" [2010-06-08 483328]
"MSC"="c:\program files\Microsoft Security Client\msseces.exe" [2010-11-30 997408]
"Malwarebytes' Anti-Malware"="c:\program files\Malwarebytes' Anti-Malware\mbamgui.exe" [2012-01-13 460872]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2009-09-28 13918208]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"DWQueuedReporting"="c:\progra~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" [2010-02-28 519584]
.
c:\documents and settings\Troberts\Start Menu\Programs\Startup\
OpenOffice.org 3.2.lnk - c:\program files\OpenOffice.org 3\program\quickstart.exe [2009-12-15 384000]
.
c:\documents and settings\All Users\Start Menu\Programs\Startup\
ALLDATA Collision S3500 EI.lnk - c:\windows\Installer\{FAA7E737-EBC3-4D92-84F1-040C6FAA13B8}\_B4D93AA2867D2521A059B9.exe [2011-10-26 63387]
SmartCapture.lnk - c:\program files\Seiko Instruments USA Inc\Smart Label Printer 6.4\slpcap.exe [2007-7-20 58720]
ToasterClient.lnk - c:\windows\Installer\{0E4D838E-5DA5-49CB-82B6-69E6571A81B1}\_6C5C9500ADDE2498947489.exe [2010-8-24 10134]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer]
"NoWelcomeScreen"= 1 (0x1)
.
[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{56F9679E-7826-4C84-81F3-532071A8BCC5}"= "c:\program files\Windows Desktop Search\MSNLNamespaceMgr.dll" [2009-05-25 304128]
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc]
@="Service"
.
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Adobe Acrobat Speed Launcher.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Adobe Acrobat Speed Launcher.lnk
backup=c:\windows\pss\Adobe Acrobat Speed Launcher.lnkCommon Startup
.
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Windows Search.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Windows Search.lnk
backup=c:\windows\pss\Windows Search.lnkCommon Startup
.
[HKLM\~\startupfolder\C:^Documents and Settings^Gabriel^Start Menu^Programs^Startup^OpenOffice.org 3.2.lnk]
path=c:\documents and settings\Gabriel\Start Menu\Programs\Startup\OpenOffice.org 3.2.lnk
backup=c:\windows\pss\OpenOffice.org 3.2.lnkStartup
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Acrobat Assistant 7.0]
2008-04-23 09:08 483328 ----a-w- c:\program files\Adobe\Acrobat 7.0\Distillr\acrotray.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BCSSync]
2010-03-13 21:54 91520 ----a-w- c:\program files\Microsoft Office\Office14\BCSSync.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ctfmon.exe]
2008-04-14 12:42 15360 ----a-w- c:\windows\system32\ctfmon.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
2011-04-14 18:32 421160 ----a-w- c:\program files\iTunes\iTunesHelper.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS]
2008-04-14 13:42 1695232 ----a-w- c:\program files\Messenger\msmsgs.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvCplDaemon]
2009-09-28 02:19 13918208 ----a-w- c:\windows\system32\nvcpl.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvMediaCenter]
2009-09-28 02:19 86016 ----a-w- c:\windows\system32\nvmctray.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
2010-11-30 00:38 421888 ----a-w- c:\program files\QuickTime\QTTask.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RTHDCPL]
2010-03-25 15:07 18791456 ----a-w- c:\windows\RTHDCPL.EXE
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
2010-10-29 22:49 249064 ----a-w- c:\program files\Common Files\Java\Java Update\jusched.exe
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"DisableNotifications"= 1 (0x1)
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=
"c:\program files\Microsoft ActiveSync\rapimgr.exe"= c:\program files\Microsoft ActiveSync\rapimgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync RAPI Manager
"c:\program files\Microsoft ActiveSync\wcescomm.exe"= c:\program files\Microsoft ActiveSync\wcescomm.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Connection Manager
"c:\program files\Microsoft ActiveSync\WCESMgr.exe"= c:\program files\Microsoft ActiveSync\WCESMgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Application
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"26675:TCP"= 26675:TCP:169.254.2.0/255.255.255.0:Enabled:ActiveSync Service
.
R2 MBAMService;MBAMService;c:\program files\Malwarebytes' Anti-Malware\mbamservice.exe [11/7/2010 5:12 PM 652360]
R2 OECApplicationUpdaterService;OECApplicationUpdaterService;c:\program files\OEConnection\OEConnection Application Update Service\OECUpdaterService.exe [7/1/2009 6:14 PM 28672]
R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [11/7/2010 5:11 PM 20464]
S3 Ambfilt;Ambfilt;c:\windows\system32\drivers\Ambfilt.sys [3/25/2010 7:11 AM 1691480]
S3 Microsoft SharePoint Workspace Audit Service;Microsoft SharePoint Workspace Audit Service;c:\program files\Microsoft Office\Office14\GROOVE.EXE [3/25/2010 9:25 AM 30969208]
S3 NgFilter;Aventail VPN Filter;c:\windows\system32\DRIVERS\ngfilter.sys --> c:\windows\system32\DRIVERS\ngfilter.sys [?]
S3 NgLog;Aventail VPN Logging;c:\windows\system32\DRIVERS\nglog.sys --> c:\windows\system32\DRIVERS\nglog.sys [?]
S3 NgVpn;Aventail VPN Adapter;c:\windows\system32\DRIVERS\ngvpn.sys --> c:\windows\system32\DRIVERS\ngvpn.sys [?]
S3 NgWfp;Aventail VPN Callout;c:\windows\system32\DRIVERS\ngwfp.sys --> c:\windows\system32\DRIVERS\ngwfp.sys [?]
S3 osppsvc;Office Software Protection Platform;c:\program files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [1/9/2010 8:37 PM 4640000]
S3 PROCEXP150;PROCEXP150;\??\c:\windows\system32\Drivers\PROCEXP150.SYS --> c:\windows\system32\Drivers\PROCEXP150.SYS [?]
.
Contents of the 'Scheduled Tasks' folder
.
2012-02-17 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 20:34]
.
2012-02-21 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1220945662-73586283-682003330-500Core.job
- c:\documents and settings\Administrator\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2010-03-25 09:08]
.
2012-02-24 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1220945662-73586283-682003330-500UA.job
- c:\documents and settings\Administrator\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2010-03-25 09:08]
.
2012-02-24 c:\windows\Tasks\User_Feed_Synchronization-{4A0E6716-CE14-4B96-BF0E-DFA83E89BAB0}.job
- c:\windows\system32\msfeedssync.exe [2009-03-08 11:31]
.
2012-02-24 c:\windows\Tasks\User_Feed_Synchronization-{66519A3D-25AE-4183-9A60-D2C21E6B0195}.job
- c:\windows\system32\msfeedssync.exe [2009-03-08 11:31]
.
.
------- Supplementary Scan -------
.
uInternet Settings,ProxyOverride = *.local
Trusted Zone: processclaims.com
Trusted Zone: processclaims.com\shopflow
TCP: DhcpNameServer = 209.18.47.61 209.18.47.62
FF - ProfilePath - c:\documents and settings\Gabriel\Application Data\Mozilla\Firefox\Profiles\hi28lrfl.default\
FF - prefs.js: browser.search.defaulturl - hxxp://www.bing.com/search?FORM=SO3TDF&PC=SUN3&q=
FF - prefs.js: browser.startup.homepage - hxxp://www.msn.com/?pc=SUN3
FF - prefs.js: keyword.URL - hxxp://www.bing.com/search?FORM=SO3TDF&PC=SUN3&q=
FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
FF - Ext: Java Quick Starter: jqs@sun.com - c:\program files\Java\jre6\lib\deploy\jqs\ff
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2012-02-24 08:10
Windows 5.1.2600 Service Pack 3 NTFS
.
scanning hidden processes ...
.
scanning hidden autostart entries ...
.
scanning hidden files ...
.
scan completed successfully
hidden files: 0
.
**************************************************************************
.
Completion time: 2012-02-24 08:11:38
ComboFix-quarantined-files.txt 2012-02-24 16:11
ComboFix2.txt 2012-02-23 16:27
ComboFix3.txt 2012-02-23 14:35
ComboFix4.txt 2012-02-22 20:07
.
Pre-Run: 124,451,110,912 bytes free
Post-Run: 124,416,983,040 bytes free
.
- - End Of File - - ADCC67C0FDF6E115067D07E1834EB1CE


ComboFix 12-02-22.01 - gtorres 02/23/2012 8:20.8.2 - x86
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.2047.1648 [GMT -8:00]
Running from: c:\documents and settings\Gabriel\Desktop\Spyware Tools\ComboFix.exe
AV: Microsoft Security Essentials *Disabled/Updated* {EDB4FA23-53B8-4AFA-8C5D-99752CCA7095}
.
.
((((((((((((((((((((((((( Files Created from 2012-01-23 to 2012-02-23 )))))))))))))))))))))))))))))))
.
.
2012-02-23 01:47 . 2008-04-14 13:42 116224 -c--a-w- c:\windows\system32\dllcache\xrxwiadr.dll
2012-02-23 01:47 . 2001-08-18 06:36 23040 -c--a-w- c:\windows\system32\dllcache\xrxwbtmp.dll
2012-02-23 01:47 . 2008-04-14 13:42 18944 -c--a-w- c:\windows\system32\dllcache\xrxscnui.dll
2012-02-23 01:47 . 2001-08-18 06:37 27648 -c--a-w- c:\windows\system32\dllcache\xrxftplt.exe
2012-02-23 01:47 . 2001-08-18 06:37 4608 -c--a-w- c:\windows\system32\dllcache\xrxflnch.exe
2012-02-23 01:47 . 2001-08-18 06:37 99865 -c--a-w- c:\windows\system32\dllcache\xlog.exe
2012-02-23 01:47 . 2001-08-17 20:11 16970 -c--a-w- c:\windows\system32\dllcache\xem336n5.sys
2012-02-23 01:47 . 2008-04-14 06:04 19455 -c--a-w- c:\windows\system32\dllcache\wvchntxx.sys
2012-02-23 01:45 . 2001-08-17 20:13 19016 -c--a-w- c:\windows\system32\dllcache\w926nd.sys
2012-02-23 01:44 . 2001-08-18 06:36 94720 -c--a-w- c:\windows\system32\dllcache\umaxud32.dll
2012-02-23 01:43 . 2001-08-17 20:51 222336 -c--a-w- c:\windows\system32\dllcache\trid3dm.sys
2012-02-23 01:42 . 2001-08-17 21:52 7040 -c--a-w- c:\windows\system32\dllcache\tandqic.sys
2012-02-23 01:41 . 2001-08-17 20:11 48736 -c--a-w- c:\windows\system32\dllcache\srwlnd5.sys
2012-02-23 01:40 . 2001-08-17 20:10 35913 -c--a-w- c:\windows\system32\dllcache\smcirda.sys
2012-02-23 01:39 . 2001-07-21 22:29 161568 -c--a-w- c:\windows\system32\dllcache\sgsmusb.sys
2012-02-23 01:38 . 2001-08-17 20:50 75392 -c--a-w- c:\windows\system32\dllcache\s3savmxm.sys
2012-02-23 01:37 . 2001-08-17 20:12 37563 -c--a-w- c:\windows\system32\dllcache\rlnet5.sys
2012-02-23 01:36 . 2001-08-18 06:36 35328 -c--a-w- c:\windows\system32\dllcache\psisload.dll
2012-02-23 01:35 . 2001-08-17 20:12 26153 -c--a-w- c:\windows\system32\dllcache\pcmlm56.sys
2012-02-23 01:34 . 2001-08-17 20:50 198144 -c--a-w- c:\windows\system32\dllcache\nv3.sys
2012-02-23 01:33 . 2001-08-17 20:50 27936 -c--a-w- c:\windows\system32\dllcache\n9i3d.sys
2012-02-23 01:32 . 2001-08-17 22:00 2944 -c--a-w- c:\windows\system32\dllcache\msmpu401.sys
2012-02-23 01:32 . 2008-04-14 08:24 22016 -c--a-w- c:\windows\system32\dllcache\msircomm.sys
2012-02-23 01:32 . 2001-08-17 22:02 35200 -c--a-w- c:\windows\system32\dllcache\msgame.sys
2012-02-23 01:32 . 2001-08-17 21:48 6016 -c--a-w- c:\windows\system32\dllcache\msfsio.sys
2012-02-23 01:32 . 2008-04-14 08:16 51200 -c--a-w- c:\windows\system32\dllcache\msdv.sys
2012-02-23 01:32 . 2001-08-17 21:52 17280 -c--a-w- c:\windows\system32\dllcache\mraid35x.sys
2012-02-23 01:32 . 2008-04-14 08:16 15232 -c--a-w- c:\windows\system32\dllcache\mpe.sys
2012-02-23 01:32 . 2001-08-17 21:57 16128 -c--a-w- c:\windows\system32\dllcache\modemcsa.sys
2012-02-23 01:32 . 2001-08-17 21:52 6528 -c--a-w- c:\windows\system32\dllcache\miniqic.sys
2012-02-23 01:32 . 2001-08-17 20:50 320384 -c--a-w- c:\windows\system32\dllcache\mgaum.sys
2012-02-23 01:30 . 2001-08-17 20:12 26442 -c--a-w- c:\windows\system32\dllcache\lanepic5.sys
2012-02-23 01:29 . 2001-08-17 20:12 45632 -c--a-w- c:\windows\system32\dllcache\ip5515.sys
2012-02-23 01:28 . 2001-08-17 20:12 109085 -c--a-w- c:\windows\system32\dllcache\ibmtrp.sys
2012-02-23 01:27 . 2001-08-17 21:28 199711 -c--a-w- c:\windows\system32\dllcache\hsf_faxx.sys
2012-02-23 01:26 . 2001-08-17 21:51 82304 -c--a-w- c:\windows\system32\dllcache\grclass.sys
2012-02-23 01:25 . 2001-08-17 21:52 7040 -c--a-w- c:\windows\system32\dllcache\exabyte2.sys
2012-02-23 01:24 . 2001-08-17 20:10 26141 -c--a-w- c:\windows\system32\dllcache\el589nd5.sys
2012-02-23 01:23 . 2001-08-17 20:13 37735 -c--a-w- c:\windows\system32\dllcache\digiasyn.sys
2012-02-23 01:22 . 2001-08-17 20:11 39936 -c--a-w- c:\windows\system32\dllcache\cnxt1803.sys
2012-02-23 01:21 . 2008-04-14 08:16 36480 -c--a-w- c:\windows\system32\dllcache\bthprint.sys
2012-02-23 01:20 . 2008-04-14 08:06 43008 -c--a-w- c:\windows\system32\dllcache\amdagp.sys
2012-02-23 01:19 . 2001-08-17 22:56 66048 -c--a-w- c:\windows\system32\dllcache\s3legacy.dll
2012-02-23 00:10 . 2012-02-23 00:10 -------- d-----w- c:\program files\Windows Resource Kits
2012-02-23 00:04 . 2012-02-23 00:02 290304 ----a-w- C:\subinacl.exe
2012-02-23 00:04 . 2012-02-23 01:15 181064 ----a-w- c:\windows\PSEXESVC.EXE
2012-02-22 20:46 . 2012-02-22 20:46 -------- d-----w- C:\_OTL
2012-02-22 20:44 . 2012-02-22 20:44 -------- d-----w- C:\_OTS
2012-02-22 20:12 . 2012-02-08 06:03 6552120 ----a-w- c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{56656557-97CF-48DE-A7F3-5E1E99FA1042}\mpengine.dll
2012-02-22 19:41 . 2012-02-22 20:26 -------- d-----w- C:\TDSSKiller_Quarantine
2012-02-21 18:10 . 2012-01-11 19:06 3072 -c--a-w- c:\windows\system32\dllcache\iacenc.dll
2012-02-21 18:10 . 2012-01-11 19:06 3072 ----a-w- c:\windows\system32\iacenc.dll
2012-02-21 17:53 . 2008-04-14 07:51 162816 -c--a-w- c:\windows\system32\dllcache\netbt.sys
2012-02-21 17:53 . 2008-04-14 07:51 162816 ----a-w- c:\windows\system32\drivers\netbt.sys
2012-02-21 17:53 . 2008-04-14 07:49 75264 -c--a-w- c:\windows\system32\dllcache\ipsec.sys
2012-02-21 17:53 . 2008-04-14 07:49 75264 ----a-w- c:\windows\system32\drivers\ipsec.sys
2012-02-21 17:53 . 2011-08-17 13:49 138496 -c--a-w- c:\windows\system32\dllcache\afd.sys
2012-02-21 17:53 . 2011-08-17 13:49 138496 ----a-w- c:\windows\system32\drivers\afd.sys
2012-02-21 17:32 . 2008-04-14 08:45 64512 -c--a-w- c:\windows\system32\dllcache\serial.sys
2012-02-21 17:32 . 2008-04-14 08:45 64512 ----a-w- c:\windows\system32\drivers\serial.sys
2012-02-21 17:31 . 2008-04-14 08:48 52480 -c--a-w- c:\windows\system32\dllcache\i8042prt.sys
2012-02-21 17:31 . 2008-04-14 08:48 52480 ----a-w- c:\windows\system32\drivers\i8042prt.sys
2012-02-21 17:31 . 2008-04-14 08:10 62976 -c--a-w- c:\windows\system32\dllcache\cdrom.sys
2012-02-21 17:31 . 2008-04-14 08:10 62976 ----a-w- c:\windows\system32\drivers\cdrom.sys
2012-02-21 17:31 . 2008-04-14 08:10 57600 -c--a-w- c:\windows\system32\dllcache\redbook.sys
2012-02-21 17:31 . 2008-04-14 08:10 57600 ----a-w- c:\windows\system32\drivers\redbook.sys
2012-02-21 17:04 . 2012-02-23 00:20 -------- d-----w- c:\windows\system32\wbem\Repository
2012-02-10 05:09 . 2012-02-10 05:09 664 ----a-w- c:\documents and settings\NetworkService\Local Settings\Application Data\d3d9caps.tmp
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-01-31 12:44 . 2010-03-25 14:35 237072 ----a-w- c:\windows\system32\MpSigStub.exe
2012-01-12 16:53 . 2008-04-14 08:00 1859968 ----a-w- c:\windows\system32\win32k.sys
2011-12-17 19:46 . 2008-04-14 12:42 1469440 ----a-w- c:\windows\system32\inetcpl.cpl
2011-12-17 19:46 . 2008-04-14 12:42 916992 ----a-w- c:\windows\system32\wininet.dll
2011-12-17 19:46 . 2008-04-14 12:41 43520 ----a-w- c:\windows\system32\licmgr10.dll
2011-12-16 12:22 . 2008-04-14 07:07 385024 ----a-w- c:\windows\system32\html.iec
2011-12-10 23:24 . 2010-11-08 01:11 20464 ----a-w- c:\windows\system32\drivers\mbam.sys
2011-11-25 21:57 . 2008-04-14 12:42 293376 ----a-w- c:\windows\system32\winsrv.dll
.
.
((((((((((((((((((((((((((((( SnapShot_2012-02-23_14.34.13 )))))))))))))))))))))))))))))))))))))))))
.
+ 2012-02-23 16:12 . 2012-02-23 16:12 16384 c:\windows\temp\Perflib_Perfdata_544.dat
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"H/PC Connection Agent"="c:\progra~1\MI3AA1~1\wcescomm.exe" [2006-11-13 1289000]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ToasterClient"="c:\program files\Cyncast\ToasterClient\\ToasterClient.exe" [2010-06-08 483328]
"MSC"="c:\program files\Microsoft Security Client\msseces.exe" [2010-11-30 997408]
"Malwarebytes' Anti-Malware"="c:\program files\Malwarebytes' Anti-Malware\mbamgui.exe" [2012-01-13 460872]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2009-09-28 13918208]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"DWQueuedReporting"="c:\progra~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" [2010-02-28 519584]
.
c:\documents and settings\Troberts\Start Menu\Programs\Startup\
OpenOffice.org 3.2.lnk - c:\program files\OpenOffice.org 3\program\quickstart.exe [2009-12-15 384000]
.
c:\documents and settings\All Users\Start Menu\Programs\Startup\
ALLDATA Collision S3500 EI.lnk - c:\windows\Installer\{FAA7E737-EBC3-4D92-84F1-040C6FAA13B8}\_B4D93AA2867D2521A059B9.exe [2011-10-26 63387]
SmartCapture.lnk - c:\program files\Seiko Instruments USA Inc\Smart Label Printer 6.4\slpcap.exe [2007-7-20 58720]
ToasterClient.lnk - c:\windows\Installer\{0E4D838E-5DA5-49CB-82B6-69E6571A81B1}\_6C5C9500ADDE2498947489.exe [2010-8-24 10134]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer]
"NoWelcomeScreen"= 1 (0x1)
.
[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{56F9679E-7826-4C84-81F3-532071A8BCC5}"= "c:\program files\Windows Desktop Search\MSNLNamespaceMgr.dll" [2009-05-25 304128]
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc]
@="Service"
.
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Adobe Acrobat Speed Launcher.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Adobe Acrobat Speed Launcher.lnk
backup=c:\windows\pss\Adobe Acrobat Speed Launcher.lnkCommon Startup
.
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Windows Search.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Windows Search.lnk
backup=c:\windows\pss\Windows Search.lnkCommon Startup
.
[HKLM\~\startupfolder\C:^Documents and Settings^Gabriel^Start Menu^Programs^Startup^OpenOffice.org 3.2.lnk]
path=c:\documents and settings\Gabriel\Start Menu\Programs\Startup\OpenOffice.org 3.2.lnk
backup=c:\windows\pss\OpenOffice.org 3.2.lnkStartup
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Acrobat Assistant 7.0]
2008-04-23 09:08 483328 ----a-w- c:\program files\Adobe\Acrobat 7.0\Distillr\acrotray.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BCSSync]
2010-03-13 21:54 91520 ----a-w- c:\program files\Microsoft Office\Office14\BCSSync.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ctfmon.exe]
2008-04-14 12:42 15360 ----a-w- c:\windows\system32\ctfmon.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
2011-04-14 18:32 421160 ----a-w- c:\program files\iTunes\iTunesHelper.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS]
2008-04-14 13:42 1695232 ----a-w- c:\program files\Messenger\msmsgs.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvCplDaemon]
2009-09-28 02:19 13918208 ----a-w- c:\windows\system32\nvcpl.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvMediaCenter]
2009-09-28 02:19 86016 ----a-w- c:\windows\system32\nvmctray.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
2010-11-30 00:38 421888 ----a-w- c:\program files\QuickTime\QTTask.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RTHDCPL]
2010-03-25 15:07 18791456 ----a-w- c:\windows\RTHDCPL.EXE
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
2010-10-29 22:49 249064 ----a-w- c:\program files\Common Files\Java\Java Update\jusched.exe
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"DisableNotifications"= 1 (0x1)
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=
"c:\program files\Microsoft ActiveSync\rapimgr.exe"= c:\program files\Microsoft ActiveSync\rapimgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync RAPI Manager
"c:\program files\Microsoft ActiveSync\wcescomm.exe"= c:\program files\Microsoft ActiveSync\wcescomm.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Connection Manager
"c:\program files\Microsoft ActiveSync\WCESMgr.exe"= c:\program files\Microsoft ActiveSync\WCESMgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Application
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"26675:TCP"= 26675:TCP:169.254.2.0/255.255.255.0:Enabled:ActiveSync Service
.
R2 MBAMService;MBAMService;c:\program files\Malwarebytes' Anti-Malware\mbamservice.exe [11/7/2010 5:12 PM 652360]
R2 OECApplicationUpdaterService;OECApplicationUpdaterService;c:\program files\OEConnection\OEConnection Application Update Service\OECUpdaterService.exe [7/1/2009 6:14 PM 28672]
R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [11/7/2010 5:11 PM 20464]
S3 Ambfilt;Ambfilt;c:\windows\system32\drivers\Ambfilt.sys [3/25/2010 7:11 AM 1691480]
S3 Microsoft SharePoint Workspace Audit Service;Microsoft SharePoint Workspace Audit Service;c:\program files\Microsoft Office\Office14\GROOVE.EXE [3/25/2010 9:25 AM 30969208]
S3 NgFilter;Aventail VPN Filter;c:\windows\system32\DRIVERS\ngfilter.sys --> c:\windows\system32\DRIVERS\ngfilter.sys [?]
S3 NgLog;Aventail VPN Logging;c:\windows\system32\DRIVERS\nglog.sys --> c:\windows\system32\DRIVERS\nglog.sys [?]
S3 NgVpn;Aventail VPN Adapter;c:\windows\system32\DRIVERS\ngvpn.sys --> c:\windows\system32\DRIVERS\ngvpn.sys [?]
S3 NgWfp;Aventail VPN Callout;c:\windows\system32\DRIVERS\ngwfp.sys --> c:\windows\system32\DRIVERS\ngwfp.sys [?]
S3 osppsvc;Office Software Protection Platform;c:\program files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [1/9/2010 8:37 PM 4640000]
S3 PROCEXP150;PROCEXP150;\??\c:\windows\system32\Drivers\PROCEXP150.SYS --> c:\windows\system32\Drivers\PROCEXP150.SYS [?]
.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
se44mdfl
.
Contents of the 'Scheduled Tasks' folder
.
2012-02-17 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 20:34]
.
2012-02-21 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1220945662-73586283-682003330-500Core.job
- c:\documents and settings\Administrator\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2010-03-25 09:08]
.
2012-02-23 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1220945662-73586283-682003330-500UA.job
- c:\documents and settings\Administrator\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2010-03-25 09:08]
.
2012-02-23 c:\windows\Tasks\User_Feed_Synchronization-{4A0E6716-CE14-4B96-BF0E-DFA83E89BAB0}.job
- c:\windows\system32\msfeedssync.exe [2009-03-08 11:31]
.
2012-02-23 c:\windows\Tasks\User_Feed_Synchronization-{66519A3D-25AE-4183-9A60-D2C21E6B0195}.job
- c:\windows\system32\msfeedssync.exe [2009-03-08 11:31]
.
.
------- Supplementary Scan -------
.
uInternet Settings,ProxyOverride = *.local
Trusted Zone: processclaims.com
Trusted Zone: processclaims.com\shopflow
TCP: DhcpNameServer = 209.18.47.61 209.18.47.62
DPF: DownloadClientAccessCab - hxxp://www.processclaims.com/web/cab/DownloadClientAccess.CAB
DPF: {5D357AB9-10EA-49A7-B2EB-B8F07C9E1EF4} - hxxp://shopflow.processclaims.com/ShopFlowWeb/WebResource.axd?d=uAxWuL9du8tEA6VQyEYRcP9Mk9SMwbQnDX54lfIJoHPYZBJG_PxVERseDMygzdbcKxhZxCTy6_qOYalgGp4hQPsX_UQjLfF-M04EyqZSPAw1&t=633934566620000000
DPF: {6B081705-DB09-4C5C-9CD0-F50AE950AB01} - hxxp://caf.oeconnection.com/applications/collisionlink/shopclient/install.cab
FF - ProfilePath - c:\documents and settings\Gabriel\Application Data\Mozilla\Firefox\Profiles\hi28lrfl.default\
FF - prefs.js: browser.search.defaulturl - hxxp://www.bing.com/search?FORM=SO3TDF&PC=SUN3&q=
FF - prefs.js: browser.startup.homepage - hxxp://www.msn.com/?pc=SUN3
FF - prefs.js: keyword.URL - hxxp://www.bing.com/search?FORM=SO3TDF&PC=SUN3&q=
FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}
FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension
FF - Ext: Java Quick Starter: jqs@sun.com - c:\program files\Java\jre6\lib\deploy\jqs\ff
FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - %profile%\extensions\{20a82645-c095-46ed-80e3-08825760534b}
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2012-02-23 08:26
Windows 5.1.2600 Service Pack 3 NTFS
.
scanning hidden processes ...
.
scanning hidden autostart entries ...
.
scanning hidden files ...
.
scan completed successfully
hidden files: 0
.
**************************************************************************
.
Completion time: 2012-02-23 08:27:28
ComboFix-quarantined-files.txt 2012-02-23 16:27
ComboFix2.txt 2012-02-23 14:35
ComboFix3.txt 2012-02-22 20:07
.
Pre-Run: 124,409,790,464 bytes free
Post-Run: 124,413,652,992 bytes free
.
- - End Of File - - 807740604DB60560EC86029FCF23745A


ComboFix 12-02-22.01 - gtorres 02/23/2012 6:28.7.2 - x86
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.2047.1623 [GMT -8:00]
Running from: c:\documents and settings\Gabriel\Desktop\Spyware Tools\ComboFix.exe
AV: Microsoft Security Essentials *Disabled/Updated* {EDB4FA23-53B8-4AFA-8C5D-99752CCA7095}
.
.
((((((((((((((((((((((((( Files Created from 2012-01-23 to 2012-02-23 )))))))))))))))))))))))))))))))
.
.
2012-02-23 01:47 . 2008-04-14 13:42 116224 -c--a-w- c:\windows\system32\dllcache\xrxwiadr.dll
2012-02-23 01:47 . 2001-08-18 06:36 23040 -c--a-w- c:\windows\system32\dllcache\xrxwbtmp.dll
2012-02-23 01:47 . 2008-04-14 13:42 18944 -c--a-w- c:\windows\system32\dllcache\xrxscnui.dll
2012-02-23 01:47 . 2001-08-18 06:37 27648 -c--a-w- c:\windows\system32\dllcache\xrxftplt.exe
2012-02-23 01:47 . 2001-08-18 06:37 4608 -c--a-w- c:\windows\system32\dllcache\xrxflnch.exe
2012-02-23 01:47 . 2001-08-18 06:37 99865 -c--a-w- c:\windows\system32\dllcache\xlog.exe
2012-02-23 01:47 . 2001-08-17 20:11 16970 -c--a-w- c:\windows\system32\dllcache\xem336n5.sys
2012-02-23 01:47 . 2008-04-14 06:04 19455 -c--a-w- c:\windows\system32\dllcache\wvchntxx.sys
2012-02-23 01:45 . 2001-08-17 20:13 19016 -c--a-w- c:\windows\system32\dllcache\w926nd.sys
2012-02-23 01:44 . 2001-08-18 06:36 94720 -c--a-w- c:\windows\system32\dllcache\umaxud32.dll
2012-02-23 01:43 . 2001-08-17 20:51 222336 -c--a-w- c:\windows\system32\dllcache\trid3dm.sys
2012-02-23 01:42 . 2001-08-17 21:52 7040 -c--a-w- c:\windows\system32\dllcache\tandqic.sys
2012-02-23 01:41 . 2001-08-17 20:11 48736 -c--a-w- c:\windows\system32\dllcache\srwlnd5.sys
2012-02-23 01:40 . 2001-08-17 20:10 35913 -c--a-w- c:\windows\system32\dllcache\smcirda.sys
2012-02-23 01:39 . 2001-07-21 22:29 161568 -c--a-w- c:\windows\system32\dllcache\sgsmusb.sys
2012-02-23 01:38 . 2001-08-17 20:50 75392 -c--a-w- c:\windows\system32\dllcache\s3savmxm.sys
2012-02-23 01:37 . 2001-08-17 20:12 37563 -c--a-w- c:\windows\system32\dllcache\rlnet5.sys
2012-02-23 01:36 . 2001-08-18 06:36 35328 -c--a-w- c:\windows\system32\dllcache\psisload.dll
2012-02-23 01:35 . 2001-08-17 20:12 26153 -c--a-w- c:\windows\system32\dllcache\pcmlm56.sys
2012-02-23 01:34 . 2001-08-17 20:50 198144 -c--a-w- c:\windows\system32\dllcache\nv3.sys
2012-02-23 01:33 . 2001-08-17 20:50 27936 -c--a-w- c:\windows\system32\dllcache\n9i3d.sys
2012-02-23 01:32 . 2001-08-17 22:00 2944 -c--a-w- c:\windows\system32\dllcache\msmpu401.sys
2012-02-23 01:32 . 2008-04-14 08:24 22016 -c--a-w- c:\windows\system32\dllcache\msircomm.sys
2012-02-23 01:32 . 2001-08-17 22:02 35200 -c--a-w- c:\windows\system32\dllcache\msgame.sys
2012-02-23 01:32 . 2001-08-17 21:48 6016 -c--a-w- c:\windows\system32\dllcache\msfsio.sys
2012-02-23 01:32 . 2008-04-14 08:16 51200 -c--a-w- c:\windows\system32\dllcache\msdv.sys
2012-02-23 01:32 . 2001-08-17 21:52 17280 -c--a-w- c:\windows\system32\dllcache\mraid35x.sys
2012-02-23 01:32 . 2008-04-14 08:16 15232 -c--a-w- c:\windows\system32\dllcache\mpe.sys
2012-02-23 01:32 . 2001-08-17 21:57 16128 -c--a-w- c:\windows\system32\dllcache\modemcsa.sys
2012-02-23 01:32 . 2001-08-17 21:52 6528 -c--a-w- c:\windows\system32\dllcache\miniqic.sys
2012-02-23 01:32 . 2001-08-17 20:50 320384 -c--a-w- c:\windows\system32\dllcache\mgaum.sys
2012-02-23 01:30 . 2001-08-17 20:12 26442 -c--a-w- c:\windows\system32\dllcache\lanepic5.sys
2012-02-23 01:29 . 2001-08-17 20:12 45632 -c--a-w- c:\windows\system32\dllcache\ip5515.sys
2012-02-23 01:28 . 2001-08-17 20:12 109085 -c--a-w- c:\windows\system32\dllcache\ibmtrp.sys
2012-02-23 01:27 . 2001-08-17 21:28 199711 -c--a-w- c:\windows\system32\dllcache\hsf_faxx.sys
2012-02-23 01:26 . 2001-08-17 21:51 82304 -c--a-w- c:\windows\system32\dllcache\grclass.sys
2012-02-23 01:25 . 2001-08-17 21:52 7040 -c--a-w- c:\windows\system32\dllcache\exabyte2.sys
2012-02-23 01:24 . 2001-08-17 20:10 26141 -c--a-w- c:\windows\system32\dllcache\el589nd5.sys
2012-02-23 01:23 . 2001-08-17 20:13 37735 -c--a-w- c:\windows\system32\dllcache\digiasyn.sys
2012-02-23 01:22 . 2001-08-17 20:11 39936 -c--a-w- c:\windows\system32\dllcache\cnxt1803.sys
2012-02-23 01:21 . 2008-04-14 08:16 36480 -c--a-w- c:\windows\system32\dllcache\bthprint.sys
2012-02-23 01:20 . 2008-04-14 08:06 43008 -c--a-w- c:\windows\system32\dllcache\amdagp.sys
2012-02-23 01:19 . 2001-08-17 22:56 66048 -c--a-w- c:\windows\system32\dllcache\s3legacy.dll
2012-02-23 00:10 . 2012-02-23 00:10 -------- d-----w- c:\program files\Windows Resource Kits
2012-02-23 00:04 . 2012-02-23 00:02 290304 ----a-w- C:\subinacl.exe
2012-02-23 00:04 . 2012-02-23 01:15 181064 ----a-w- c:\windows\PSEXESVC.EXE
2012-02-22 20:46 . 2012-02-22 20:46 -------- d-----w- C:\_OTL
2012-02-22 20:44 . 2012-02-22 20:44 -------- d-----w- C:\_OTS
2012-02-22 20:12 . 2012-02-08 06:03 6552120 ----a-w- c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{56656557-97CF-48DE-A7F3-5E1E99FA1042}\mpengine.dll
2012-02-22 19:41 . 2012-02-22 20:26 -------- d-----w- C:\TDSSKiller_Quarantine
2012-02-21 18:10 . 2012-01-11 19:06 3072 -c--a-w- c:\windows\system32\dllcache\iacenc.dll
2012-02-21 18:10 . 2012-01-11 19:06 3072 ----a-w- c:\windows\system32\iacenc.dll
2012-02-21 17:53 . 2008-04-14 07:51 162816 -c--a-w- c:\windows\system32\dllcache\netbt.sys
2012-02-21 17:53 . 2008-04-14 07:51 162816 ----a-w- c:\windows\system32\drivers\netbt.sys
2012-02-21 17:53 . 2008-04-14 07:49 75264 -c--a-w- c:\windows\system32\dllcache\ipsec.sys
2012-02-21 17:53 . 2008-04-14 07:49 75264 ----a-w- c:\windows\system32\drivers\ipsec.sys
2012-02-21 17:53 . 2011-08-17 13:49 138496 -c--a-w- c:\windows\system32\dllcache\afd.sys
2012-02-21 17:53 . 2011-08-17 13:49 138496 ----a-w- c:\windows\system32\drivers\afd.sys
2012-02-21 17:32 . 2008-04-14 08:45 64512 -c--a-w- c:\windows\system32\dllcache\serial.sys
2012-02-21 17:32 . 2008-04-14 08:45 64512 ----a-w- c:\windows\system32\drivers\serial.sys
2012-02-21 17:31 . 2008-04-14 08:48 52480 -c--a-w- c:\windows\system32\dllcache\i8042prt.sys
2012-02-21 17:31 . 2008-04-14 08:48 52480 ----a-w- c:\windows\system32\drivers\i8042prt.sys
2012-02-21 17:31 . 2008-04-14 08:10 62976 -c--a-w- c:\windows\system32\dllcache\cdrom.sys
2012-02-21 17:31 . 2008-04-14 08:10 62976 ----a-w- c:\windows\system32\drivers\cdrom.sys
2012-02-21 17:31 . 2008-04-14 08:10 57600 -c--a-w- c:\windows\system32\dllcache\redbook.sys
2012-02-21 17:31 . 2008-04-14 08:10 57600 ----a-w- c:\windows\system32\drivers\redbook.sys
2012-02-21 17:04 . 2012-02-23 00:20 -------- d-----w- c:\windows\system32\wbem\Repository
2012-02-10 05:09 . 2012-02-10 05:09 664 ----a-w- c:\documents and settings\NetworkService\Local Settings\Application Data\d3d9caps.tmp
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-01-31 12:44 . 2010-03-25 14:35 237072 ----a-w- c:\windows\system32\MpSigStub.exe
2012-01-12 16:53 . 2008-04-14 08:00 1859968 ----a-w- c:\windows\system32\win32k.sys
2011-12-17 19:46 . 2008-04-14 12:42 1469440 ----a-w- c:\windows\system32\inetcpl.cpl
2011-12-17 19:46 . 2008-04-14 12:42 916992 ----a-w- c:\windows\system32\wininet.dll
2011-12-17 19:46 . 2008-04-14 12:41 43520 ----a-w- c:\windows\system32\licmgr10.dll
2011-12-16 12:22 . 2008-04-14 07:07 385024 ----a-w- c:\windows\system32\html.iec
2011-12-10 23:24 . 2010-11-08 01:11 20464 ----a-w- c:\windows\system32\drivers\mbam.sys
2011-11-25 21:57 . 2008-04-14 12:42 293376 ----a-w- c:\windows\system32\winsrv.dll
.
.
((((((((((((((((((((((((((((( SnapShot@2012-02-22_20.02.02 )))))))))))))))))))))))))))))))))))))))))
.
+ 2012-02-23 13:41 . 2012-02-23 13:41 16384 c:\windows\temp\Perflib_Perfdata_540.dat
+ 2006-02-28 12:00 . 2012-02-23 00:25 97766 c:\windows\system32\perfc009.dat
+ 2008-04-14 05:42 . 2008-04-14 12:51 52736 c:\windows\system32\dllcache\wzcsapi.dll
+ 2012-02-23 01:46 . 2008-04-14 08:16 19200 c:\windows\system32\dllcache\wstcodec.sys
+ 2012-02-23 01:46 . 2008-04-14 06:04 12063 c:\windows\system32\dllcache\wsiintxx.sys
+ 2001-08-17 22:36 . 2006-02-28 12:00 13824 c:\windows\system32\dllcache\wowfaxui.dll
+ 2012-02-23 01:46 . 2001-08-17 20:12 34890 c:\windows\system32\dllcache\wlandrv2.sys
+ 2012-02-23 01:46 . 2001-08-18 06:36 53760 c:\windows\system32\dllcache\wiamsmud.dll
+ 2012-02-23 01:46 . 2001-08-18 06:36 87040 c:\windows\system32\dllcache\wiafbdrv.dll
+ 2012-02-23 01:46 . 2008-04-14 06:04 23615 c:\windows\system32\dllcache\wch7xxnt.sys
+ 2012-02-23 01:46 . 2008-04-14 08:15 31744 c:\windows\system32\dllcache\wceusbsh.sys
+ 2012-02-23 01:46 . 2001-08-17 20:10 35871 c:\windows\system32\dllcache\wbfirdma.sys
+ 2012-02-23 01:46 . 2008-04-14 06:04 25471 c:\windows\system32\dllcache\watv10nt.sys
+ 2012-02-23 01:46 . 2008-04-14 06:04 22271 c:\windows\system32\dllcache\watv06nt.sys
+ 2012-02-23 01:46 . 2008-04-14 06:04 33599 c:\windows\system32\dllcache\watv04nt.sys
+ 2012-02-23 01:46 . 2008-04-14 06:04 19551 c:\windows\system32\dllcache\watv02nt.sys
+ 2012-02-23 01:46 . 2008-04-14 06:04 29311 c:\windows\system32\dllcache\watv01nt.sys
+ 2012-02-23 01:46 . 2008-04-14 06:04 11935 c:\windows\system32\dllcache\wadv11nt.sys
+ 2012-02-23 01:46 . 2008-04-14 06:04 11871 c:\windows\system32\dllcache\wadv09nt.sys
+ 2012-02-23 01:46 . 2008-04-14 06:04 11295 c:\windows\system32\dllcache\wadv08nt.sys
+ 2012-02-23 01:46 . 2008-04-14 06:04 11807 c:\windows\system32\dllcache\wadv07nt.sys
+ 2012-02-23 01:46 . 2008-04-14 06:04 11775 c:\windows\system32\dllcache\wadv05nt.sys
+ 2012-02-23 01:46 . 2008-04-14 06:04 12127 c:\windows\system32\dllcache\wadv02nt.sys
+ 2012-02-23 01:46 . 2008-04-14 06:04 12415 c:\windows\system32\dllcache\wadv01nt.sys
+ 2012-02-23 01:46 . 2008-04-14 08:13 14208 c:\windows\system32\dllcache\wacompen.sys
+ 2012-02-23 01:46 . 2001-08-17 20:13 16925 c:\windows\system32\dllcache\w940nd.sys
+ 2012-02-23 01:45 . 2001-08-17 20:13 19528 c:\windows\system32\dllcache\w840nd.sys
+ 2012-02-23 01:45 . 2001-08-17 21:28 64605 c:\windows\system32\dllcache\vvoice.sys
+ 2012-02-23 01:45 . 2001-08-17 21:49 24576 c:\windows\system32\dllcache\viairda.sys
+ 2012-02-23 01:45 . 2008-04-14 08:06 42240 c:\windows\system32\dllcache\viaagp.sys
+ 2012-02-23 01:45 . 2008-04-14 13:42 53760 c:\windows\system32\dllcache\vfwwdm32.dll
+ 2001-08-17 14:02 . 2006-02-28 12:00 58112 c:\windows\system32\dllcache\vdmindvd.sys
+ 2012-02-23 01:45 . 2008-04-14 13:42 11325 c:\windows\system32\dllcache\vchnt5.dll
+ 2001-08-17 22:36 . 2006-02-28 12:00 49211 c:\windows\system32\dllcache\usrvpa.dll
+ 2001-08-17 22:36 . 2006-02-28 12:00 45116 c:\windows\system32\dllcache\usrvoica.dll
+ 2001-08-17 22:36 . 2006-02-28 12:00 49209 c:\windows\system32\dllcache\usrv80a.dll
+ 2001-08-17 22:36 . 2006-02-28 12:00 41019 c:\windows\system32\dllcache\usrsvpia.dll
+ 2001-08-17 22:37 . 2006-02-28 12:00 69700 c:\windows\system32\dllcache\usrshuta.exe
+ 2001-08-17 22:36 . 2006-02-28 12:00 49211 c:\windows\system32\dllcache\usrsdpia.dll
+ 2001-08-17 22:36 . 2006-02-28 12:00 77883 c:\windows\system32\dllcache\usrrtosa.dll
+ 2001-08-17 22:37 . 2006-02-28 12:00 61508 c:\windows\system32\dllcache\usrprbda.exe
+ 2001-08-17 22:37 . 2006-02-28 12:00 77891 c:\windows\system32\dllcache\usrmlnka.exe
+ 2001-08-17 22:36 . 2006-02-28 12:00 53305 c:\windows\system32\dllcache\usrlbva.dll
+ 2001-08-17 22:36 . 2006-02-28 12:00 86073 c:\windows\system32\dllcache\usrfaxa.dll
+ 2001-08-17 22:36 . 2006-02-28 12:00 77890 c:\windows\system32\dllcache\usrdpa.dll
+ 2001-08-17 22:36 . 2006-02-28 12:00 69699 c:\windows\system32\dllcache\usrcoina.dll
+ 2001-08-17 22:36 . 2006-02-28 12:00 61500 c:\windows\system32\dllcache\usrcntra.dll
+ 2010-03-25 05:52 . 2008-04-14 05:42 74240 c:\windows\system32\dllcache\usbui.dll
+ 2012-02-23 01:45 . 2008-04-14 08:15 20608 c:\windows\system32\dllcache\usbuhci.sys
+ 2012-02-23 01:45 . 2008-04-14 08:15 26112 c:\windows\system32\dllcache\usbser.sys
+ 2012-02-23 01:45 . 2008-04-14 08:17 25856 c:\windows\system32\dllcache\usbprint.sys
+ 2008-04-14 07:15 . 2008-04-14 07:15 17152 c:\windows\system32\dllcache\usbohci.sys
+ 2008-04-14 00:15 . 2008-04-14 12:51 15872 c:\windows\system32\dllcache\usbintel.sys
+ 2008-04-14 07:15 . 2008-04-14 07:15 59520 c:\windows\system32\dllcache\usbhub.sys
+ 2008-04-14 07:15 . 2008-04-14 07:15 30208 c:\windows\system32\dllcache\usbehci.sys
+ 2008-04-14 07:15 . 2008-04-14 07:15 32128 c:\windows\system32\dllcache\usbccgp.sys
+ 2008-04-14 00:15 . 2008-04-14 12:51 25728 c:\windows\system32\dllcache\usbcamd2.sys
+ 2008-04-14 00:15 . 2008-04-14 12:51 25600 c:\windows\system32\dllcache\usbcamd.sys
+ 2012-02-23 01:45 . 2008-04-14 08:15 60032 c:\windows\system32\dllcache\usbaudio.sys
+ 2012-02-23 01:45 . 2008-04-14 08:26 12800 c:\windows\system32\dllcache\usb8023x.sys
+ 2012-02-23 01:45 . 2008-04-14 06:05 32384 c:\windows\system32\dllcache\usb101et.sys
+ 2012-02-23 01:44 . 2001-08-18 06:36 28160 c:\windows\system32\dllcache\umaxu40.dll
+ 2012-02-23 01:44 . 2001-08-18 06:36 26624 c:\windows\system32\dllcache\umaxu22.dll
+ 2012-02-23 01:44 . 2001-08-18 06:36 69632 c:\windows\system32\dllcache\umaxu12.dll
+ 2012-02-23 01:44 . 2001-08-18 06:36 50688 c:\windows\system32\dllcache\umaxscan.dll
+ 2012-02-23 01:44 . 2001-08-17 21:58 22912 c:\windows\system32\dllcache\umaxpcls.sys
+ 2012-02-23 01:44 . 2001-08-18 06:36 50176 c:\windows\system32\dllcache\umaxp60.dll
+ 2012-02-23 01:44 . 2001-08-18 06:36 47616 c:\windows\system32\dllcache\umaxcam.dll
+ 2012-02-23 01:44 . 2001-08-17 21:52 36736 c:\windows\system32\dllcache\ultra.sys
+ 2012-02-23 01:44 . 2008-04-14 08:06 44672 c:\windows\system32\dllcache\uagp35.sys
+ 2012-02-23 01:44 . 2001-08-17 21:48 11520 c:\windows\system32\dllcache\twotrack.sys
+ 2008-04-14 00:26 . 2008-04-14 12:51 12288 c:\windows\system32\dllcache\tunmp.sys
+ 2001-08-17 14:06 . 2006-02-28 12:00 21376 c:\windows\system32\dllcache\tsbvcap.sys
+ 2012-02-23 01:43 . 2001-08-17 20:12 34375 c:\windows\system32\dllcache\tpro4.sys
+ 2012-02-23 01:43 . 2001-08-18 06:35 42496 c:\windows\system32\dllcache\tp4res.dll
+ 2012-02-23 01:43 . 2008-04-14 13:42 82944 c:\windows\system32\dllcache\tp4mon.exe
+ 2012-02-23 01:43 . 2001-08-18 06:36 31744 c:\windows\system32\dllcache\tp4.dll
+ 2001-08-17 14:01 . 2006-02-28 12:00 51712 c:\windows\system32\dllcache\tosdvd.sys
+ 2012-02-23 01:43 . 2001-08-17 20:10 28232 c:\windows\system32\dllcache\tos4mo.sys
+ 2012-02-23 01:43 . 2001-08-17 22:56 81408 c:\windows\system32\dllcache\tgiul50.dll
+ 2010-03-25 14:10 . 2008-04-14 13:43 40840 c:\windows\system32\dllcache\termdd.sys
+ 2012-02-23 01:43 . 2001-08-17 20:13 17129 c:\windows\system32\dllcache\tdkcd31.sys
+ 2012-02-23 01:43 . 2001-08-17 20:13 37961 c:\windows\system32\dllcache\tdk100b.sys
+ 2012-02-23 01:43 . 2001-08-17 21:49 30464 c:\windows\system32\dllcache\tbatm155.sys
+ 2012-02-23 01:42 . 2001-08-17 20:50 36640 c:\windows\system32\dllcache\t2r4mini.sys
+ 2012-02-23 01:42 . 2001-08-17 22:07 32640 c:\windows\system32\dllcache\symc8xx.sys
+ 2012-02-23 01:42 . 2001-08-17 22:07 16256 c:\windows\system32\dllcache\symc810.sys
+ 2012-02-23 01:42 . 2001-08-17 22:07 30688 c:\windows\system32\dllcache\sym_u3.sys
+ 2012-02-23 01:42 . 2001-08-17 22:07 28384 c:\windows\system32\dllcache\sym_hi.sys
+ 2012-02-23 01:42 . 2001-08-18 06:36 94293 c:\windows\system32\dllcache\sxports.dll
+ 2012-02-23 01:42 . 2001-08-18 06:36 10240 c:\windows\system32\dllcache\swpidflt.dll
+ 2012-02-23 01:42 . 2001-08-18 06:36 10240 c:\windows\system32\dllcache\swpdflt2.dll
+ 2012-02-23 01:42 . 2001-08-18 06:36 53760 c:\windows\system32\dllcache\sw_wheel.dll
+ 2012-02-23 01:42 . 2001-08-18 06:36 41472 c:\windows\system32\dllcache\sw_effct.dll
+ 2012-02-23 01:42 . 2008-04-14 08:16 15232 c:\windows\system32\dllcache\streamip.sys
+ 2010-03-25 05:51 . 2008-04-14 05:42 74752 c:\windows\system32\dllcache\storprop.dll
+ 2012-02-23 01:42 . 2001-08-18 06:36 53248 c:\windows\system32\dllcache\stlncoin.dll
+ 2012-02-23 01:42 . 2001-08-17 21:51 16896 c:\windows\system32\dllcache\stcusb.sys
+ 2012-02-23 01:41 . 2001-08-18 06:36 99328 c:\windows\system32\dllcache\srusd.dll
+ 2012-02-23 01:41 . 2001-08-18 06:36 24660 c:\windows\system32\dllcache\spxupchk.dll
+ 2001-08-17 22:36 . 2006-02-28 12:00 72192 c:\windows\system32\dllcache\sprio800.dll
+ 2001-08-17 22:36 . 2006-02-28 12:00 70656 c:\windows\system32\dllcache\sprio600.dll
+ 2001-08-17 22:36 . 2006-02-28 12:00 69632 c:\windows\system32\dllcache\spnike.dll
+ 2012-02-23 01:41 . 2001-08-17 21:51 61824 c:\windows\system32\dllcache\speed.sys
+ 2012-02-23 01:41 . 2001-08-17 22:07 19072 c:\windows\system32\dllcache\sparrow.sys
+ 2012-02-23 01:41 . 2001-08-17 20:51 37040 c:\windows\system32\dllcache\sonypi.sys
+ 2012-02-23 01:41 . 2001-08-17 20:51 20752 c:\windows\system32\dllcache\sonync.sys
+ 2008-04-14 00:16 . 2008-04-14 12:51 25344 c:\windows\system32\dllcache\sonydcam.sys
+ 2012-02-23 01:41 . 2001-08-17 20:51 58368 c:\windows\system32\dllcache\smiminib.sys
+ 2012-02-23 01:41 . 2001-08-17 20:12 25034 c:\windows\system32\dllcache\smcpwr2n.sys
+ 2012-02-23 01:40 . 2001-08-17 20:12 24576 c:\windows\system32\dllcache\smc8000n.sys
+ 2012-02-23 01:40 . 2008-04-14 08:06 16000 c:\windows\system32\dllcache\smbbatt.sys
+ 2012-02-23 01:40 . 2001-08-18 06:36 45568 c:\windows\system32\dllcache\smb3w.dll
+ 2012-02-23 01:40 . 2001-08-18 06:36 33792 c:\windows\system32\dllcache\smb0w.dll
+ 2012-02-23 01:40 . 2001-08-18 06:36 28672 c:\windows\system32\dllcache\sma0w.dll
+ 2012-02-23 01:40 . 2001-08-18 06:36 28160 c:\windows\system32\dllcache\sm91w.dll
+ 2012-02-23 01:40 . 2008-04-14 07:53 13240 c:\windows\system32\dllcache\slwdmsup.sys
+ 2012-02-23 01:40 . 2008-04-14 13:42 73796 c:\windows\system32\dllcache\slserv.exe
+ 2012-02-23 01:40 . 2008-04-14 13:42 32866 c:\windows\system32\dllcache\slrundll.exe
+ 2012-02-23 01:40 . 2008-04-14 07:53 95424 c:\windows\system32\dllcache\slnthal.sys
+ 2012-02-23 01:40 . 2008-04-14 08:16 11136 c:\windows\system32\dllcache\slip.sys
+ 2012-02-23 01:40 . 2008-04-14 13:42 73832 c:\windows\system32\dllcache\slcoinst.dll
+ 2012-02-23 01:40 . 2008-04-14 06:05 63547 c:\windows\system32\dllcache\sla30nd5.sys
+ 2012-02-23 01:40 . 2001-08-17 20:12 91294 c:\windows\system32\dllcache\skfpwin.sys
+ 2012-02-23 01:40 . 2001-08-17 20:12 94698 c:\windows\system32\dllcache\sk98xwin.sys
+ 2012-02-23 01:40 . 2001-08-17 20:50 50432 c:\windows\system32\dllcache\sisv.sys
+ 2012-02-23 01:40 . 2008-04-14 06:05 32768 c:\windows\system32\dllcache\sisnic.sys
+ 2012-02-23 01:40 . 2008-04-14 08:06 40960 c:\windows\system32\dllcache\sisagp.sys
+ 2012-02-23 01:40 . 2001-08-17 20:50 68608 c:\windows\system32\dllcache\sis6306p.sys
+ 2012-02-23 01:39 . 2001-07-21 22:29 18400 c:\windows\system32\dllcache\sgsmld.sys
+ 2012-02-23 01:39 . 2001-08-17 20:51 98080 c:\windows\system32\dllcache\sgiulnt5.sys
+ 2012-02-23 01:39 . 2001-08-17 20:19 36480 c:\windows\system32\dllcache\sfmanm.sys
+ 2008-04-14 07:10 . 2008-04-14 07:10 11392 c:\windows\system32\dllcache\sfloppy.sys
+ 2008-04-14 07:10 . 2008-04-14 07:10 11008 c:\windows\system32\dllcache\sffp_sd.sys
+ 2008-04-14 07:10 . 2008-04-14 07:10 11904 c:\windows\system32\dllcache\sffdisk.sys
+ 2012-02-23 01:39 . 2001-08-17 21:48 17664 c:\windows\system32\dllcache\sermouse.sys
+ 2008-04-14 07:10 . 2008-04-14 07:10 15744 c:\windows\system32\dllcache\serenum.sys
+ 2008-04-14 12:42 . 2008-04-14 12:42 29184 c:\windows\system32\dllcache\sdhcinst.dll
+ 2008-04-14 07:06 . 2008-04-14 07:06 79232 c:\windows\system32\dllcache\sdbus.sys
+ 2012-02-23 01:39 . 2008-04-14 08:15 11520 c:\windows\system32\dllcache\scsiscan.sys
+ 2012-02-23 01:39 . 2001-08-17 21:52 11648 c:\windows\system32\dllcache\scsiprnt.sys
+ 2008-04-14 07:10 . 2008-04-14 07:10 96384 c:\windows\system32\dllcache\scsiport.sys
+ 2012-02-23 01:39 . 2001-08-17 21:51 17280 c:\windows\system32\dllcache\scr111.sys
+ 2012-02-23 01:39 . 2001-08-17 21:51 16640 c:\windows\system32\dllcache\scmstcs.sys
+ 2012-02-23 01:39 . 2001-08-17 21:51 23936 c:\windows\system32\dllcache\sccmusbm.sys
+ 2012-02-23 01:39 . 2001-08-17 21:51 23936 c:\windows\system32\dllcache\sccmn50m.sys
+ 2012-02-23 01:39 . 2008-04-14 08:10 43904 c:\windows\system32\dllcache\sbp2port.sys
+ 2012-02-23 01:38 . 2001-08-17 20:50 77824 c:\windows\system32\dllcache\s3sav4m.sys
+ 2012-02-23 01:38 . 2001-08-17 20:50 61504 c:\windows\system32\dllcache\s3sav3dm.sys
+ 2012-02-23 01:38 . 2001-08-18 06:36 62496 c:\windows\system32\dllcache\s3mtrio.dll
+ 2012-02-23 01:38 . 2001-08-17 20:50 41216 c:\windows\system32\dllcache\s3mt3d.sys
+ 2012-02-23 01:38 . 2001-08-17 21:57 65664 c:\windows\system32\dllcache\s3legacy.sys
+ 2012-02-23 01:38 . 2001-08-18 06:36 82432 c:\windows\system32\dllcache\rwia450.dll
+ 2012-02-23 01:38 . 2001-08-18 06:36 79872 c:\windows\system32\dllcache\rwia430.dll
+ 2012-02-23 01:38 . 2008-04-14 13:42 29696 c:\windows\system32\dllcache\rw450ext.dll
+ 2012-02-23 01:38 . 2008-04-14 13:42 27648 c:\windows\system32\dllcache\rw430ext.dll
+ 2012-02-23 01:38 . 2008-04-14 06:05 20992 c:\windows\system32\dllcache\rtl8139.sys
+ 2012-02-23 01:38 . 2001-08-17 20:12 19017 c:\windows\system32\dllcache\rtl8029.sys
+ 2012-02-23 01:38 . 2001-08-17 20:19 30720 c:\windows\system32\dllcache\rthwcls.sys
+ 2012-02-23 01:38 . 2008-04-14 08:10 79104 c:\windows\system32\dllcache\rocket.sys
+ 2012-02-23 01:38 . 2008-04-14 08:26 30592 c:\windows\system32\dllcache\rndismpx.sys
+ 2001-08-17 13:24 . 2006-02-28 12:00 12032 c:\windows\system32\dllcache\riodrv.sys
+ 2001-08-17 13:24 . 2006-02-28 12:00 12032 c:\windows\system32\dllcache\rio8drv.sys
+ 2012-02-23 01:37 . 2008-04-14 08:16 59136 c:\windows\system32\dllcache\rfcomm.sys
+ 2012-02-23 01:37 . 2001-08-18 06:36 86097 c:\windows\system32\dllcache\reslog32.dll
+ 2012-02-23 01:37 . 2008-04-14 07:53 13776 c:\windows\system32\dllcache\recagent.sys
+ 2012-02-23 01:37 . 2001-08-17 21:51 19584 c:\windows\system32\dllcache\rasirda.sys
+ 2012-02-23 01:37 . 2001-08-18 06:36 41472 c:\windows\system32\dllcache\qvusd.dll
+ 2012-02-23 01:37 . 2001-08-17 21:52 49024 c:\windows\system32\dllcache\ql1280.sys
+ 2012-02-23 01:37 . 2001-08-17 21:52 40448 c:\windows\system32\dllcache\ql1240.sys
+ 2012-02-23 01:37 . 2001-08-17 21:52 45312 c:\windows\system32\dllcache\ql12160.sys
+ 2012-02-23 01:37 . 2001-08-17 21:52 33152 c:\windows\system32\dllcache\ql10wnt.sys
+ 2012-02-23 01:37 . 2001-08-17 21:52 40320 c:\windows\system32\dllcache\ql1080.sys
+ 2012-02-23 01:36 . 2001-08-17 21:51 16128 c:\windows\system32\dllcache\pscr.sys
+ 2008-04-14 00:01 . 2008-04-14 12:51 35840 c:\windows\system32\dllcache\processr.sys
+ 2012-02-23 01:36 . 2008-04-14 08:11 17664 c:\windows\system32\dllcache\ppa3.sys
+ 2012-02-23 01:36 . 2001-08-17 21:53 17792 c:\windows\system32\dllcache\ppa.sys
+ 2008-04-14 05:42 . 2008-04-14 12:51 15360 c:\windows\system32\dllcache\pjlmon.dll
+ 2008-04-14 05:42 . 2008-04-14 12:51 35328 c:\windows\system32\dllcache\pid.dll
+ 2012-02-23 01:36 . 2001-08-17 22:07 19840 c:\windows\system32\dllcache\philtune.sys
+ 2012-02-23 01:36 . 2001-08-17 22:04 92416 c:\windows\system32\dllcache\phildec.sys
+ 2012-02-23 01:36 . 2001-08-17 22:04 75776 c:\windows\system32\dllcache\philcam1.sys
+ 2012-02-23 01:36 . 2001-08-18 06:36 16384 c:\windows\system32\dllcache\philcam1.dll
+ 2012-02-23 01:36 . 2008-04-14 08:14 28032 c:\windows\system32\dllcache\perm3.sys
+ 2012-02-23 01:36 . 2008-04-14 08:14 27904 c:\windows\system32\dllcache\perm2.sys
+ 2012-02-23 01:36 . 2001-08-17 22:07 27296 c:\windows\system32\dllcache\perc2.sys
+ 2012-02-23 01:36 . 2001-08-18 06:36 86016 c:\windows\system32\dllcache\pctspk.exe
+ 2012-02-23 01:36 . 2001-08-17 20:11 35328 c:\windows\system32\dllcache\pcntpci5.sys
+ 2012-02-23 01:36 . 2001-08-17 20:11 29769 c:\windows\system32\dllcache\pcntn5m.sys
+ 2012-02-23 01:36 . 2001-08-17 20:11 30282 c:\windows\system32\dllcache\pcntn5hl.sys
+ 2008-04-14 07:10 . 2008-04-14 07:10 24960 c:\windows\system32\dllcache\pciidex.sys
+ 2008-04-14 07:06 . 2008-04-14 07:06 68224 c:\windows\system32\dllcache\pci.sys
+ 2012-02-23 01:35 . 2008-04-14 06:05 29502 c:\windows\system32\dllcache\pca200e.sys
+ 2012-02-23 01:35 . 2001-08-17 20:12 30495 c:\windows\system32\dllcache\pc100nds.sys
+ 2008-04-14 00:10 . 2008-04-14 12:51 80128 c:\windows\system32\dllcache\parport.sys
+ 2008-04-14 00:01 . 2008-04-14 12:51 42752 c:\windows\system32\dllcache\p3.sys
+ 2012-02-23 01:35 . 2001-08-18 06:36 41984 c:\windows\system32\dllcache\ovui2rc.dll
+ 2012-02-23 01:35 . 2001-08-18 06:36 44544 c:\windows\system32\dllcache\ovui2.dll
+ 2012-02-23 01:35 . 2001-08-17 22:05 25216 c:\windows\system32\dllcache\ovsound2.sys
+ 2012-02-23 01:35 . 2001-08-18 06:36 39424 c:\windows\system32\dllcache\ovcoms.exe
+ 2012-02-23 01:35 . 2001-08-18 06:36 20480 c:\windows\system32\dllcache\ovcomc.dll
+ 2012-02-23 01:35 . 2001-08-17 22:05 31872 c:\windows\system32\dllcache\ovce.sys
+ 2012-02-23 01:35 . 2001-08-17 22:05 28032 c:\windows\system32\dllcache\ovcd.sys
+ 2012-02-23 01:35 . 2001-08-17 22:05 48000 c:\windows\system32\dllcache\ovcam2.sys
+ 2012-02-23 01:35 . 2001-08-17 22:05 25088 c:\windows\system32\dllcache\ovca.sys
+ 2012-02-23 01:35 . 2001-08-17 21:28 54186 c:\windows\system32\dllcache\otcsercb.sys
+ 2012-02-23 01:35 . 2001-08-17 20:12 43689 c:\windows\system32\dllcache\otceth5.sys
+ 2012-02-23 01:35 . 2001-08-17 20:12 27209 c:\windows\system32\dllcache\otc06x5.sys
+ 2012-02-23 01:35 . 2001-08-17 20:20 54528 c:\windows\system32\dllcache\opl3sax.sys
+ 2012-02-23 01:35 . 2008-04-14 08:16 61696 c:\windows\system32\dllcache\ohci1394.sys
+ 2012-02-23 01:34 . 2001-08-17 20:49 51552 c:\windows\system32\dllcache\ntgrip.sys
+ 2012-02-23 01:34 . 2008-04-14 08:24 28672 c:\windows\system32\dllcache\nscirda.sys
+ 2012-02-23 01:34 . 2001-08-17 20:20 87040 c:\windows\system32\dllcache\nm6wdm.sys
+ 2001-08-17 13:24 . 2006-02-28 12:00 12032 c:\windows\system32\dllcache\nikedrv.sys
+ 2008-04-14 00:21 . 2008-04-14 12:51 61824 c:\windows\system32\dllcache\nic1394.sys
+ 2012-02-23 01:34 . 2001-08-17 20:12 32840 c:\windows\system32\dllcache\ngrpci.sys
+ 2012-02-23 01:34 . 2001-08-17 20:11 65278 c:\windows\system32\dllcache\netflx3.sys
+ 2012-02-23 01:34 . 2001-08-17 20:50 39264 c:\windows\system32\dllcache\neo20xx.sys
+ 2012-02-23 01:34 . 2001-08-18 06:36 60480 c:\windows\system32\dllcache\neo20xx.dll
+ 2012-02-23 01:34 . 2001-08-17 21:49 15872 c:\windows\system32\dllcache\ne2000.sys
+ 2008-04-14 00:26 . 2008-04-14 12:51 14592 c:\windows\system32\dllcache\ndisuio.sys
+ 2012-02-23 01:34 . 2008-04-14 08:16 10880 c:\windows\system32\dllcache\ndisip.sys
+ 2012-02-23 01:34 . 2008-04-14 08:16 85248 c:\windows\system32\dllcache\nabtsfec.sys
+ 2012-02-23 01:34 . 2001-08-17 22:56 91488 c:\windows\system32\dllcache\n9i3disp.dll
+ 2012-02-23 01:33 . 2001-08-17 20:50 33088 c:\windows\system32\dllcache\n9i128v2.sys
+ 2012-02-23 01:33 . 2001-08-18 06:36 59104 c:\windows\system32\dllcache\n9i128v2.dll
+ 2012-02-23 01:33 . 2001-08-17 20:50 13664 c:\windows\system32\dllcache\n9i128.sys
+ 2012-02-23 01:33 . 2001-08-17 22:56 35392 c:\windows\system32\dllcache\n9i128.dll
+ 2012-02-23 01:33 . 2001-08-17 20:11 52255 c:\windows\system32\dllcache\n1000nt5.sys
+ 2012-02-23 01:33 . 2001-08-17 21:50 75520 c:\windows\system32\dllcache\mxport.sys
+ 2012-02-23 01:33 . 2001-08-17 21:49 19968 c:\windows\system32\dllcache\mxnic.sys
+ 2012-02-23 01:33 . 2001-08-18 06:36 19968 c:\windows\system32\dllcache\mxicfg.dll
+ 2012-02-23 01:33 . 2001-08-17 21:50 21888 c:\windows\system32\dllcache\mxcard.sys
+ 2012-02-23 01:33 . 2008-04-14 08:13 12672 c:\windows\system32\dllcache\mutohpen.sys
- 2009-11-27 17:11 . 2009-11-27 17:11 17920 c:\windows\system32\dllcache\msyuv.dll
+ 2008-04-14 05:42 . 2009-11-27 17:11 17920 c:\windows\system32\dllcache\msyuv.dll
+ 2012-02-23 01:33 . 2008-04-14 08:16 49024 c:\windows\system32\dllcache\mstape.sys
+ 2008-04-14 00:06 . 2008-04-14 12:51 15488 c:\windows\system32\dllcache\mssmbios.sys
+ 2012-02-23 01:33 . 2001-08-17 21:48 12416 c:\windows\system32\dllcache\msriffwv.sys
+ 2001-08-17 13:48 . 2006-02-28 12:00 12160 c:\windows\system32\dllcache\mouhid.sys
+ 2008-04-14 00:09 . 2008-04-14 12:51 23040 c:\windows\system32\dllcache\mouclass.sys
+ 2008-04-14 00:30 . 2008-04-14 12:51 30080 c:\windows\system32\dllcache\modem.sys
+ 2008-04-14 00:06 . 2008-04-14 12:51 63744 c:\windows\system32\dllcache\mf.sys
+ 2012-02-23 01:31 . 2008-04-14 08:11 26112 c:\windows\system32\dllcache\memstpci.sys
+ 2012-02-23 01:31 . 2001-08-18 06:36 47616 c:\windows\system32\dllcache\memgrp.dll
+ 2012-02-23 01:31 . 2001-08-17 20:19 48768 c:\windows\system32\dllcache\maestro.sys
+ 2012-02-23 01:31 . 2001-08-18 06:36 58880 c:\windows\system32\dllcache\m3092dc.dll
+ 2012-02-23 01:31 . 2001-08-18 06:36 58368 c:\windows\system32\dllcache\m3091dc.dll
+ 2012-02-23 01:31 . 2001-08-17 20:49 22848 c:\windows\system32\dllcache\lwusbhid.sys
+ 2012-02-23 01:31 . 2008-04-14 06:09 20864 c:\windows\system32\dllcache\lwadihid.sys
+ 2012-02-23 01:31 . 2001-08-17 20:12 70730 c:\windows\system32\dllcache\lne100tx.sys
+ 2012-02-23 01:31 . 2001-08-17 20:12 20573 c:\windows\system32\dllcache\lne100.sys
+ 2012-02-23 01:31 . 2001-08-17 20:11 25065 c:\windows\system32\dllcache\lmndis3.sys
+ 2012-02-23 01:31 . 2001-08-17 21:51 15744 c:\windows\system32\dllcache\lit220p.sys
+ 2012-02-23 01:31 . 2008-04-14 08:10 34688 c:\windows\system32\dllcache\lbrtfdc.sys
+ 2012-02-23 01:30 . 2001-08-17 20:12 19016 c:\windows\system32\dllcache\ktc111.sys
+ 2012-02-23 01:30 . 2001-08-18 06:36 37376 c:\windows\system32\dllcache\kousd.dll
+ 2012-02-23 01:30 . 2008-04-14 13:41 48640 c:\windows\system32\dllcache\kdsui.dll
+ 2008-04-14 07:09 . 2008-04-14 07:09 14592 c:\windows\system32\dllcache\kbdhid.sys
+ 2008-04-14 07:09 . 2008-04-14 07:09 24576 c:\windows\system32\dllcache\kbdclass.sys
+ 2008-04-14 05:41 . 2009-11-27 16:07 48128 c:\windows\system32\dllcache\iyuv_32.dll
- 2009-11-27 16:07 . 2009-11-27 16:07 48128 c:\windows\system32\dllcache\iyuv_32.dll
+ 2008-04-14 07:06 . 2008-04-14 07:06 37248 c:\windows\system32\dllcache\isapnp.sys
+ 2012-02-23 01:30 . 2001-08-17 21:49 26624 c:\windows\system32\dllcache\irstusb.sys
+ 2012-02-23 01:30 . 2001-08-17 21:51 18688 c:\windows\system32\dllcache\irsir.sys
+ 2012-02-23 01:30 . 2008-04-14 13:41 28160 c:\windows\system32\dllcache\irmon.dll
+ 2012-02-23 01:30 . 2001-08-17 21:49 23552 c:\windows\system32\dllcache\irmk7.sys
+ 2012-02-23 01:30 . 2008-04-14 08:24 88192 c:\windows\system32\dllcache\irda.sys
+ 2012-02-23 01:30 . 2008-04-14 08:15 46592 c:\windows\system32\dllcache\irbus.sys
+ 2012-02-23 01:29 . 2001-08-18 06:36 90200 c:\windows\system32\dllcache\io8ports.dll
+ 2012-02-23 01:29 . 2001-08-17 21:50 38784 c:\windows\system32\dllcache\io8.sys
+ 2008-04-14 07:01 . 2008-04-14 07:01 36352 c:\windows\system32\dllcache\intelppm.sys
+ 2012-02-23 01:29 . 2001-08-17 21:47 13056 c:\windows\system32\dllcache\inport.sys
+ 2012-02-23 01:29 . 2001-08-17 21:52 16000 c:\windows\system32\dllcache\ini910u.sys
+ 2008-04-14 07:11 . 2008-04-14 07:11 42112 c:\windows\system32\dllcache\imapi.sys
+ 2012-02-23 01:29 . 2008-04-14 12:41 81920 c:\windows\system32\dllcache\ieencode.dll
+ 2012-02-23 01:29 . 2001-08-18 06:36 20480 c:\windows\system32\dllcache\icam5ext.dll
+ 2012-02-23 01:29 . 2001-08-18 06:36 45056 c:\windows\system32\dllcache\icam5com.dll
+ 2012-02-23 01:29 . 2001-08-18 06:36 61952 c:\windows\system32\dllcache\icam4ext.dll
+ 2012-02-23 01:29 . 2001-08-18 06:36 91136 c:\windows\system32\dllcache\icam4com.dll
+ 2012-02-23 01:29 . 2001-08-18 06:36 26624 c:\windows\system32\dllcache\icam3ext.dll
+ 2012-02-23 01:29 . 2001-08-17 22:06 38528 c:\windows\system32\dllcache\ibmvcap.sys
+ 2012-02-23 01:28 . 2001-08-17 20:11 28700 c:\windows\system32\dllcache\ibmexmp.sys
+ 2012-02-23 01:28 . 2001-08-17 20:49 58592 c:\windows\system32\dllcache\i740nt5.sys
+ 2012-02-23 01:28 . 2008-04-14 08:11 18560 c:\windows\system32\dllcache\i2omp.sys
+ 2012-02-23 01:28 . 2008-04-14 13:41 32285 c:\windows\system32\dllcache\hsfcisp2.dll
+ 2012-02-23 01:28 . 2001-08-17 21:28 50751 c:\windows\system32\dllcache\hsf_tone.sys
+ 2012-02-23 01:28 . 2001-08-17 21:28 73279 c:\windows\system32\dllcache\hsf_spkp.sys
+ 2012-02-23 01:28 . 2001-08-17 21:28 44863 c:\windows\system32\dllcache\hsf_soar.sys
+ 2012-02-23 01:28 . 2001-08-17 21:28 57471 c:\windows\system32\dllcache\hsf_samp.sys
+ 2012-02-23 01:27 . 2001-08-17 21:28 67167 c:\windows\system32\dllcache\hsf_bsc2.sys
+ 2012-02-23 01:27 . 2001-08-18 06:36 19456 c:\windows\system32\dllcache\hr1w.dll
+ 2012-02-23 01:27 . 2001-08-18 06:36 13312 c:\windows\system32\dllcache\hpsjmcro.dll
+ 2012-02-23 01:27 . 2001-08-17 22:07 25952 c:\windows\system32\dllcache\hpn.sys
+ 2012-02-23 01:27 . 2001-08-18 06:36 32768 c:\windows\system32\dllcache\hpgtmcro.dll
+ 2012-02-23 01:27 . 2001-08-18 06:36 68608 c:\windows\system32\dllcache\hpgt53tk.dll
+ 2012-02-23 01:27 . 2001-08-18 06:36 31232 c:\windows\system32\dllcache\hpgt42tk.dll
+ 2012-02-23 01:27 . 2001-08-18 06:36 93696 c:\windows\system32\dllcache\hpgt42.dll
+ 2012-02-23 01:27 . 2001-08-18 06:36 48128 c:\windows\system32\dllcache\hpgt33tk.dll
+ 2012-02-23 01:27 . 2001-08-18 06:36 89088 c:\windows\system32\dllcache\hpgt33.dll
+ 2012-02-23 01:27 . 2001-08-18 06:36 83968 c:\windows\system32\dllcache\hpgt21.dll
+ 2008-04-14 07:15 . 2008-04-14 07:15 10368 c:\windows\system32\dllcache\hidusb.sys
+ 2010-03-25 06:08 . 2008-04-14 05:41 21504 c:\windows\system32\dllcache\hidserv.dll
+ 2008-04-14 07:15 . 2008-04-14 07:15 24960 c:\windows\system32\dllcache\hidparse.sys
+ 2012-02-23 01:27 . 2008-04-14 08:15 19200 c:\windows\system32\dllcache\hidir.sys
+ 2008-04-14 07:15 . 2008-04-14 07:15 36864 c:\windows\system32\dllcache\hidclass.sys
+ 2012-02-23 01:27 . 2008-04-14 08:16 25600 c:\windows\system32\dllcache\hidbth.sys
+ 2012-02-23 01:27 . 2008-04-14 08:06 20352 c:\windows\system32\dllcache\hidbatt.sys
+ 2008-04-14 05:41 . 2008-04-14 12:51 20992 c:\windows\system32\dllcache\hid.dll
+ 2012-02-23 01:27 . 2008-04-14 08:10 28288 c:\windows\system32\dllcache\grserial.sys
+ 2012-02-23 01:26 . 2001-08-17 21:51 17408 c:\windows\system32\dllcache\gpr400.sys
+ 2012-02-23 01:26 . 2008-04-14 08:15 59136 c:\windows\system32\dllcache\gckernel.sys
+ 2012-02-23 01:26 . 2008-04-14 08:15 10624 c:\windows\system32\dllcache\gameenum.sys
+ 2012-02-23 01:26 . 2008-04-14 08:06 46464 c:\windows\system32\dllcache\gagp30kx.sys
+ 2012-02-23 01:26 . 2001-08-18 06:36 92160 c:\windows\system32\dllcache\fuusd.dll
+ 2001-08-17 13:57 . 2006-02-28 12:00 12160 c:\windows\system32\dllcache\fsvga.sys
+ 2012-02-23 01:26 . 2008-04-14 06:05 34173 c:\windows\system32\dllcache\forehe.sys
+ 2012-02-23 01:26 . 2001-08-18 06:36 71680 c:\windows\system32\dllcache\fnfilter.dll
+ 2008-04-14 07:10 . 2008-04-14 07:10 20480 c:\windows\system32\dllcache\flpydisk.sys
+ 2012-02-23 01:26 . 2001-08-17 20:13 27165 c:\windows\system32\dllcache\fetnd5.sys
+ 2012-02-23 01:26 . 2001-08-17 20:10 22090 c:\windows\system32\dllcache\fem556n5.sys
+ 2008-04-14 07:10 . 2008-04-14 07:10 27392 c:\windows\system32\dllcache\fdc.sys
+ 2012-02-23 01:26 . 2001-08-17 20:12 24618 c:\windows\system32\dllcache\fa410nd5.sys
+ 2012-02-23 01:26 . 2001-08-17 20:12 16074 c:\windows\system32\dllcache\fa312nd5.sys
+ 2012-02-23 01:26 . 2001-08-17 20:11 11850 c:\windows\system32\dllcache\f3ab18xj.sys
+ 2012-02-23 01:26 . 2001-08-17 20:11 12362 c:\windows\system32\dllcache\f3ab18xi.sys
+ 2012-02-23 01:25 . 2001-08-17 20:12 16998 c:\windows\system32\dllcache\ex10.sys
+ 2012-02-23 01:25 . 2001-08-18 06:36 45568 c:\windows\system32\dllcache\esunib.dll
+ 2012-02-23 01:25 . 2001-08-18 06:36 45568 c:\windows\system32\dllcache\esuni.dll
+ 2012-02-23 01:25 . 2001-08-18 06:36 34816 c:\windows\system32\dllcache\esuimg.dll
+ 2012-02-23 01:25 . 2001-08-18 06:36 43008 c:\windows\system32\dllcache\esucm.dll
+ 2012-02-23 01:25 . 2001-08-17 20:19 63360 c:\windows\system32\dllcache\ess.sys
+ 2012-02-23 01:25 . 2001-08-17 20:19 72192 c:\windows\system32\dllcache\es1969.sys
+ 2012-02-23 01:25 . 2001-08-17 20:19 40704 c:\windows\system32\dllcache\es1371mp.sys
+ 2012-02-23 01:25 . 2001-08-17 20:19 37120 c:\windows\system32\dllcache\es1370mp.sys
+ 2012-02-23 01:25 . 2001-08-18 06:36 61952 c:\windows\system32\dllcache\eqnloop.exe
+ 2012-02-23 01:25 . 2001-08-18 06:36 51200 c:\windows\system32\dllcache\eqnlogr.exe
+ 2012-02-23 01:25 . 2001-08-18 06:36 53248 c:\windows\system32\dllcache\eqndiag.exe
+ 2012-02-23 01:25 . 2001-08-17 20:12 18503 c:\windows\system32\dllcache\epro4.sys
+ 2012-02-23 01:25 . 2001-08-17 20:10 19996 c:\windows\system32\dllcache\em556n4.sys
+ 2012-02-23 01:25 . 2001-08-17 20:10 25159 c:\windows\system32\dllcache\elnk3.sys
+ 2012-02-23 01:25 . 2001-08-17 20:11 70174 c:\windows\system32\dllcache\el98xn5.sys
+ 2012-02-23 01:25 . 2001-08-17 20:11 66591 c:\windows\system32\dllcache\el90xbc5.sys
+ 2012-02-23 01:25 . 2001-08-17 20:11 77386 c:\windows\system32\dllcache\el656nd5.sys
+ 2012-02-23 01:25 . 2001-08-17 20:11 69194 c:\windows\system32\dllcache\el656cd5.sys
+ 2012-02-23 01:24 . 2001-08-17 20:10 69692 c:\windows\system32\dllcache\el575nd5.sys
+ 2012-02-23 01:24 . 2001-08-17 20:10 24653 c:\windows\system32\dllcache\el574nd4.sys
+ 2012-02-23 01:24 . 2001-08-17 20:10 55999 c:\windows\system32\dllcache\el556nd5.sys
+ 2012-02-23 01:24 . 2001-08-17 20:10 44103 c:\windows\system32\dllcache\el515.sys
+ 2012-02-23 01:24 . 2001-08-17 20:12 19594 c:\windows\system32\dllcache\e100isa4.sys
+ 2012-02-23 01:24 . 2001-08-17 20:12 50719 c:\windows\system32\dllcache\e1000nt5.sys
+ 2008-04-14 07:08 . 2008-04-14 07:08 71168 c:\windows\system32\dllcache\dxg.sys
+ 2001-08-17 22:36 . 2006-02-28 12:00 55296 c:\windows\system32\dllcache\dvdplay.exe
+ 2012-02-23 01:24 . 2001-08-17 22:07 20192 c:\windows\system32\dllcache\dpti2o.sys
+ 2012-02-23 01:24 . 2001-08-17 20:12 28062 c:\windows\system32\dllcache\dp83820.sys
+ 2012-02-23 01:24 . 2001-08-17 21:47 23808 c:\windows\system32\dllcache\dot4usb.sys
+ 2012-02-23 01:24 . 2001-08-17 21:47 12928 c:\windows\system32\dllcache\dot4prt.sys
+ 2008-04-14 05:41 . 2008-04-14 12:51 52224 c:\windows\system32\dllcache\dmutil.dll
+ 2012-02-23 01:24 . 2001-08-17 20:11 29696 c:\windows\system32\dllcache\dm9pci5.sys
+ 2012-02-23 01:24 . 2001-08-17 20:11 26698 c:\windows\system32\dllcache\dlh5xnd5.sys
+ 2012-02-23 01:24 . 2001-08-18 06:36 29768 c:\windows\system32\dllcache\divasu.dll
+ 2012-02-23 01:24 . 2001-08-18 06:36 37962 c:\windows\system32\dllcache\divaprop.dll
+ 2012-02-23 01:24 . 2001-08-18 06:36 38985 c:\windows\system32\dllcache\disrvsu.dll
+ 2012-02-23 01:24 . 2001-08-18 06:36 31305 c:\windows\system32\dllcache\disrvpp.dll
+ 2008-04-14 07:10 . 2008-04-14 07:10 36352 c:\windows\system32\dllcache\disk.sys
+ 2012-02-23 01:24 . 2001-08-17 20:13 91305 c:\windows\system32\dllcache\dimaint.sys
+ 2012-02-23 01:24 . 2001-08-17 20:17 42432 c:\windows\system32\dllcache\digirlpt.sys
+ 2012-02-23 01:24 . 2001-08-17 20:14 21606 c:\windows\system32\dllcache\digiisdn.sys
+ 2012-02-23 01:24 . 2001-08-18 06:36 41046 c:\windows\system32\dllcache\digiisdn.dll
+ 2012-02-23 01:24 . 2001-08-17 20:17 90525 c:\windows\system32\dllcache\digifep5.sys
+ 2012-02-23 01:23 . 2001-08-18 06:36 65622 c:\windows\system32\dllcache\digiasyn.dll
+ 2012-02-23 01:22 . 2001-08-18 06:36 32256 c:\windows\system32\dllcache\diapi2NT.dll
+ 2012-02-23 01:23 . 2001-08-17 20:17 29531 c:\windows\system32\dllcache\dgapci.sys
+ 2012-02-23 01:23 . 2001-08-17 20:11 24649 c:\windows\system32\dllcache\dfe650d.sys
+ 2012-02-23 01:23 . 2001-08-17 20:11 24648 c:\windows\system32\dllcache\dfe650.sys
+ 2012-02-23 01:23 . 2001-08-18 06:36 24064 c:\windows\system32\dllcache\devldr32.exe
+ 2012-02-23 01:23 . 2001-08-17 20:11 20928 c:\windows\system32\dllcache\defpa.sys
+ 2012-02-23 01:23 . 2001-08-18 06:36 86016 c:\windows\system32\dllcache\dc240usd.dll
+ 2012-02-23 01:23 . 2001-08-17 20:12 63208 c:\windows\system32\dllcache\dc21x4.sys
+ 2012-02-23 01:23 . 2001-08-18 06:36 80896 c:\windows\system32\dllcache\dc210usd.dll
+ 2012-02-23 01:23 . 2001-08-18 06:36 25600 c:\windows\system32\dllcache\dc210_32.dll
+ 2012-02-23 01:23 . 2001-08-17 21:52 14720 c:\windows\system32\dllcache\dac960nt.sys
+ 2012-02-23 01:23 . 2001-08-18 06:36 27648 c:\windows\system32\dllcache\cyzports.dll
+ 2012-02-23 01:23 . 2001-08-17 21:50 49792 c:\windows\system32\dllcache\cyzport.sys
+ 2012-02-23 01:23 . 2001-08-18 06:36 27136 c:\windows\system32\dllcache\cyzcoins.dll
+ 2012-02-23 01:23 . 2001-08-18 06:36 27648 c:\windows\system32\dllcache\cyyports.dll
+ 2012-02-23 01:23 . 2001-08-17 21:50 50176 c:\windows\system32\dllcache\cyyport.sys
+ 2012-02-23 01:23 . 2001-08-18 06:36 28672 c:\windows\system32\dllcache\cyycoins.dll
+ 2012-02-23 01:23 . 2001-08-17 21:50 14848 c:\windows\system32\dllcache\cyclom-y.sys
+ 2012-02-23 01:23 . 2001-08-17 21:50 17152 c:\windows\system32\dllcache\cyclad-z.sys
+ 2012-02-23 01:23 . 2008-04-14 06:06 48640 c:\windows\system32\dllcache\cwrwdm.sys
+ 2012-02-23 01:23 . 2001-08-17 20:19 93952 c:\windows\system32\dllcache\cwcwdm.sys
+ 2012-02-23 01:23 . 2001-08-17 20:19 72832 c:\windows\system32\dllcache\cwbwdm.sys
+ 2012-02-23 01:23 . 2001-08-17 20:19 96256 c:\windows\system32\dllcache\ctlsb16.sys
+ 2008-04-14 00:01 . 2008-04-14 12:51 36736 c:\windows\system32\dllcache\crusoe.sys
+ 2012-02-23 01:23 . 2001-08-17 20:19 42112 c:\windows\system32\dllcache\crtaud.sys
+ 2012-02-23 01:23 . 2001-08-17 20:11 60970 c:\windows\system32\dllcache\cpqtrnd5.sys
+ 2012-02-23 01:23 . 2001-08-17 20:13 21533 c:\windows\system32\dllcache\cpqndis5.sys
+ 2001-08-17 13:24 . 2006-02-28 12:00 11776 c:\windows\system32\dllcache\cpqdap01.sys
+ 2012-02-23 01:23 . 2001-08-17 21:52 14976 c:\windows\system32\dllcache\cpqarray.sys
+ 2012-02-23 01:23 . 2008-04-14 08:06 10240 c:\windows\system32\dllcache\compbatt.sys
+ 2012-02-23 01:22 . 2001-08-18 06:36 44032 c:\windows\system32\dllcache\cnusd.dll
+ 2008-04-14 05:41 . 2008-04-14 12:51 47104 c:\windows\system32\dllcache\cnbjmon.dll
+ 2012-02-23 01:22 . 2001-08-17 21:51 20736 c:\windows\system32\dllcache\cmbp0wdm.sys
+ 2012-02-23 01:22 . 2008-04-14 08:06 13952 c:\windows\system32\dllcache\cmbatt.sys
+ 2012-02-23 01:22 . 2001-08-17 21:57 45696 c:\windows\system32\dllcache\cirrus.sys
+ 2012-02-23 01:22 . 2001-08-17 22:56 91264 c:\windows\system32\dllcache\cirrus.dll
+ 2012-02-23 01:22 . 2008-04-14 13:41 15423 c:\windows\system32\dllcache\ch7xxnt5.dll
+ 2012-02-23 01:22 . 2001-08-17 20:13 49182 c:\windows\system32\dllcache\cem56n5.sys
+ 2012-02-23 01:22 . 2001-08-17 20:13 22044 c:\windows\system32\dllcache\cem33n5.sys
+ 2012-02-23 01:22 . 2001-08-17 20:13 22044 c:\windows\system32\dllcache\cem28n5.sys
+ 2012-02-23 01:22 . 2001-08-17 20:13 27164 c:\windows\system32\dllcache\ce3n5.sys
+ 2012-02-23 01:22 . 2001-08-17 20:13 21530 c:\windows\system32\dllcache\ce2n5.sys
+ 2001-08-17 13:52 . 2006-02-28 12:00 18688 c:\windows\system32\dllcache\cdaudio.sys
+ 2012-02-23 01:22 . 2008-04-14 08:16 17024 c:\windows\system32\dllcache\ccdecode.sys
+ 2006-02-28 12:00 . 2006-02-28 12:00 13952 c:\windows\system32\dllcache\cbidf2k.sys
+ 2012-02-23 01:22 . 2001-08-17 20:13 46108 c:\windows\system32\dllcache\cben5.sys
+ 2012-02-23 01:22 . 2001-08-17 20:12 39680 c:\windows\system32\dllcache\cb325.sys
+ 2012-02-23 01:22 . 2001-08-17 20:12 37916 c:\windows\system32\dllcache\cb102.sys
+ 2012-02-23 01:22 . 2001-08-18 06:36 74240 c:\windows\system32\dllcache\camexo20.dll
+ 2012-02-23 01:22 . 2001-08-17 21:51 13824 c:\windows\system32\dllcache\bulltlp3.sys
+ 2012-02-23 01:21 . 2008-04-14 08:16 18944 c:\windows\system32\dllcache\bthusb.sys
+ 2008-04-14 12:41 . 2008-04-14 12:41 30208 c:\windows\system32\dllcache\bthserv.dll
+ 2012-02-23 01:21 . 2008-04-14 08:16 37888 c:\windows\system32\dllcache\bthmodem.sys
+ 2012-02-23 01:21 . 2008-04-14 08:16 17024 c:\windows\system32\dllcache\bthenum.sys
+ 2008-04-14 12:41 . 2008-04-14 12:41 20992 c:\windows\system32\dllcache\bthci.dll
+ 2012-02-23 01:21 . 2001-08-17 20:11 31529 c:\windows\system32\dllcache\brzwlan.sys
+ 2012-02-23 01:21 . 2001-08-17 21:12 10368 c:\windows\system32\dllcache\brusbscn.sys
+ 2012-02-23 01:21 . 2001-08-17 21:12 11008 c:\windows\system32\dllcache\brusbmdm.sys
+ 2012-02-23 01:21 . 2001-08-17 21:12 60416 c:\windows\system32\dllcache\brserwdm.sys
+ 2012-02-23 01:21 . 2001-08-17 21:12 39552 c:\windows\system32\dllcache\brparwdm.sys
+ 2012-02-23 01:21 . 2001-08-18 06:36 41472 c:\windows\system32\dllcache\brmfusb.dll
+ 2012-02-23 01:21 . 2001-08-18 06:36 32256 c:\windows\system32\dllcache\brmfrsmg.exe
+ 2012-02-23 01:21 . 2001-08-18 06:36 29696 c:\windows\system32\dllcache\brmflpt.dll
+ 2012-02-23 01:21 . 2001-08-18 06:36 81408 c:\windows\system32\dllcache\brmfcwia.dll
+ 2012-02-23 01:21 . 2001-08-18 06:36 15360 c:\windows\system32\dllcache\brmfbidi.dll
+ 2012-02-23 01:21 . 2001-08-17 21:12 12160 c:\windows\system32\dllcache\brfiltlo.sys
+ 2012-02-23 01:21 . 2001-08-18 06:36 12800 c:\windows\system32\dllcache\brevif.dll
+ 2012-02-23 01:21 . 2001-08-18 06:36 19456 c:\windows\system32\dllcache\brbidiif.dll
+ 2012-02-23 01:21 . 2008-04-14 08:16 11776 c:\windows\system32\dllcache\bdasup.sys
+ 2012-02-23 01:21 . 2001-08-17 20:11 26568 c:\windows\system32\dllcache\bcm4e5.sys
+ 2012-02-23 01:21 . 2001-08-17 20:11 54271 c:\windows\system32\dllcache\bcm42xx5.sys
+ 2012-02-23 01:21 . 2001-08-17 20:11 66557 c:\windows\system32\dllcache\bcm42u.sys
+ 2012-02-23 01:21 . 2008-04-14 08:06 14208 c:\windows\system32\dllcache\battc.sys
+ 2012-02-23 01:21 . 2001-08-17 20:48 36128 c:\windows\system32\dllcache\banshee.sys
+ 2012-02-23 01:21 . 2001-08-17 20:11 96640 c:\windows\system32\dllcache\b57xp32.sys
+ 2012-02-23 01:21 . 2001-08-17 20:13 89952 c:\windows\system32\dllcache\b1cbase.sys
+ 2012-02-23 01:21 . 2001-08-17 20:19 36992 c:\windows\system32\dllcache\aztw2320.sys
+ 2012-02-23 01:21 . 2001-08-17 20:13 37568 c:\windows\system32\dllcache\avmwan.sys
+ 2012-02-23 01:21 . 2001-08-18 06:36 87552 c:\windows\system32\dllcache\avmcoxp.dll
+ 2012-02-23 01:21 . 2008-04-14 08:16 13696 c:\windows\system32\dllcache\avcstrm.sys
+ 2012-02-23 01:21 . 2001-08-17 22:01 36096 c:\windows\system32\dllcache\avcaudio.sys
+ 2012-02-23 01:21 . 2008-04-14 08:16 38912 c:\windows\system32\dllcache\avc.sys
+ 2012-02-23 01:21 . 2008-04-14 13:41 17279 c:\windows\system32\dllcache\atv10nt5.dll
+ 2012-02-23 01:21 . 2008-04-14 13:41 14143 c:\windows\system32\dllcache\atv06nt5.dll
+ 2012-02-23 01:21 . 2008-04-14 13:41 25471 c:\windows\system32\dllcache\atv04nt5.dll
+ 2012-02-23 01:21 . 2008-04-14 13:41 11359 c:\windows\system32\dllcache\atv02nt5.dll
+ 2012-02-23 01:21 . 2008-04-14 13:41 21183 c:\windows\system32\dllcache\atv01nt5.dll
+ 2012-02-23 01:21 . 2001-08-17 20:49 23552 c:\windows\system32\dllcache\atixbar.sys
+ 2012-02-23 01:21 . 2001-08-17 20:49 26624 c:\windows\system32\dllcache\ativxbar.sys
+ 2012-02-23 01:21 . 2001-08-17 20:49 19456 c:\windows\system32\dllcache\ativttxx.sys
+ 2012-02-23 01:21 . 2008-04-14 13:41 32768 c:\windows\system32\dllcache\ativtmxx.dll
+ 2012-02-23 01:21 . 2001-08-17 20:49 17152 c:\windows\system32\dllcache\atitvsnd.sys
+ 2012-02-23 01:21 . 2001-08-17 20:49 17152 c:\windows\system32\dllcache\atitunep.sys
+ 2012-02-23 01:21 . 2001-08-17 20:49 26880 c:\windows\system32\dllcache\atirtsnd.sys
+ 2012-02-23 01:21 . 2001-08-17 20:49 49920 c:\windows\system32\dllcache\atirtcap.sys
+ 2012-02-23 01:21 . 2001-08-17 20:48 70528 c:\windows\system32\dllcache\atiragem.sys
+ 2012-02-23 01:21 . 2001-08-17 20:49 10240 c:\windows\system32\dllcache\atipcxxx.sys
+ 2012-02-23 01:21 . 2008-04-14 06:04 63488 c:\windows\system32\dllcache\atinxsxx.sys
+ 2012-02-23 01:21 . 2008-04-14 06:04 31744 c:\windows\system32\dllcache\atinxbxx.sys
+ 2012-02-23 01:21 . 2008-04-14 06:04 73216 c:\windows\system32\dllcache\atintuxx.sys
+ 2012-02-23 01:21 . 2008-04-14 06:04 13824 c:\windows\system32\dllcache\atinttxx.sys
+ 2012-02-23 01:21 . 2008-04-14 06:04 28672 c:\windows\system32\dllcache\atinsnxx.sys
+ 2012-02-23 01:21 . 2008-04-14 06:04 52224 c:\windows\system32\dllcache\atinraxx.sys
+ 2012-02-23 01:21 . 2008-04-14 06:04 14336 c:\windows\system32\dllcache\atinpdxx.sys
+ 2012-02-23 01:21 . 2008-04-14 06:04 13824 c:\windows\system32\dllcache\atinmdxx.sys
+ 2012-02-23 01:21 . 2008-04-14 06:04 57856 c:\windows\system32\dllcache\atinbtxx.sys
+ 2012-02-23 01:21 . 2001-08-17 20:49 75136 c:\windows\system32\dllcache\atimpae.sys
+ 2012-02-23 01:21 . 2001-08-18 06:36 37376 c:\windows\system32\dllcache\atievxx.exe
+ 2012-02-23 01:21 . 2001-08-17 20:49 46464 c:\windows\system32\dllcache\atibt829.sys
+ 2012-02-23 01:21 . 2008-04-14 06:04 34735 c:\windows\system32\dllcache\ati1xsxx.sys
+ 2012-02-23 01:21 . 2008-04-14 06:04 29455 c:\windows\system32\dllcache\ati1xbxx.sys
+ 2012-02-23 01:21 . 2008-04-14 06:04 36463 c:\windows\system32\dllcache\ati1tuxx.sys
+ 2012-02-23 01:21 . 2008-04-14 06:04 21343 c:\windows\system32\dllcache\ati1ttxx.sys
+ 2012-02-23 01:21 . 2008-04-14 06:04 26367 c:\windows\system32\dllcache\ati1snxx.sys
+ 2012-02-23 01:21 . 2008-04-14 06:04 63663 c:\windows\system32\dllcache\ati1rvxx.sys
+ 2012-02-23 01:21 . 2008-04-14 06:04 30671 c:\windows\system32\dllcache\ati1raxx.sys
+ 2012-02-23 01:21 . 2008-04-14 06:04 12047 c:\windows\system32\dllcache\ati1pdxx.sys
+ 2012-02-23 01:21 . 2008-04-14 06:04 11615 c:\windows\system32\dllcache\ati1mdxx.sys
+ 2012-02-23 01:21 . 2008-04-14 06:04 56623 c:\windows\system32\dllcache\ati1btxx.sys
+ 2012-02-23 01:21 . 2001-08-17 21:57 77568 c:\windows\system32\dllcache\ati.sys
+ 2012-02-23 01:21 . 2001-08-17 22:55 96128 c:\windows\system32\dllcache\ati.dll
+ 2008-04-14 07:10 . 2008-04-14 07:10 96512 c:\windows\system32\dllcache\atapi.sys
+ 2012-02-23 01:21 . 2001-08-17 20:12 97354 c:\windows\system32\dllcache\aspndis3.sys
+ 2012-02-23 01:21 . 2001-08-17 21:51 14848 c:\windows\system32\dllcache\asc3550.sys
+ 2012-02-23 01:21 . 2001-08-17 21:52 22400 c:\windows\system32\dllcache\asc3350p.sys
+ 2012-02-23 01:21 . 2001-08-17 21:52 26496 c:\windows\system32\dllcache\asc.sys
+ 2008-04-14 00:21 . 2008-04-14 12:51 60800 c:\windows\system32\dllcache\arp1394.sys
+ 2012-02-23 01:21 . 2008-04-14 06:05 36224 c:\windows\system32\dllcache\an983.sys
+ 2012-02-23 01:20 . 2001-08-17 21:52 12032 c:\windows\system32\dllcache\amsint.sys
+ 2008-04-14 00:01 . 2008-04-14 12:51 37760 c:\windows\system32\dllcache\amdk7.sys
+ 2008-04-14 00:01 . 2008-04-14 12:51 37376 c:\windows\system32\dllcache\amdk6.sys
+ 2012-02-23 01:20 . 2001-08-17 20:11 16969 c:\windows\system32\dllcache\amb8002.sys
+ 2012-02-23 01:20 . 2008-04-14 08:06 42752 c:\windows\system32\dllcache\alim1541.sys
+ 2012-02-23 01:20 . 2001-08-17 21:49 26624 c:\windows\system32\dllcache\alifir.sys
+ 2012-02-23 01:20 . 2001-08-17 20:11 27678 c:\windows\system32\dllcache\ali5261.sys
+ 2012-02-23 01:20 . 2001-08-17 22:07 56960 c:\windows\system32\dllcache\aic78xx.sys
+ 2012-02-23 01:20 . 2001-08-17 22:07 55168 c:\windows\system32\dllcache\aic78u2.sys
+ 2012-02-23 01:20 . 2001-08-17 21:52 12800 c:\windows\system32\dllcache\aha154x.sys
+ 2012-02-23 01:20 . 2008-04-14 08:06 44928 c:\windows\system32\dllcache\agpcpq.sys
+ 2012-02-23 01:20 . 2008-04-14 08:06 42368 c:\windows\system32\dllcache\agp440.sys
+ 2012-02-23 01:20 . 2001-08-17 20:11 46112 c:\windows\system32\dllcache\adptsf50.sys
+ 2012-02-23 01:20 . 2008-04-14 06:06 10880 c:\windows\system32\dllcache\admjoy.sys
+ 2012-02-23 01:20 . 2001-08-17 20:11 20160 c:\windows\system32\dllcache\adm8511.sys
+ 2006-02-28 12:00 . 2006-02-28 12:00 11648 c:\windows\system32\dllcache\acpiec.sys
+ 2012-02-23 01:20 . 2001-08-18 06:36 61440 c:\windows\system32\dllcache\acerscad.dll
+ 2012-02-23 01:20 . 2008-04-14 06:06 84480 c:\windows\system32\dllcache\ac97via.sys
+ 2012-02-23 01:20 . 2001-08-17 20:20 96256 c:\windows\system32\dllcache\ac97intc.sys
+ 2012-02-23 01:20 . 2001-08-17 21:52 23552 c:\windows\system32\dllcache\abp480n5.sys
+ 2012-02-23 01:20 . 2001-08-18 06:36 98304 c:\windows\system32\dllcache\a3d.dll
+ 2012-02-23 01:20 . 2001-08-17 22:55 38400 c:\windows\system32\dllcache\8514a.dll
+ 2012-02-23 01:20 . 2008-04-14 08:16 48128 c:\windows\system32\dllcache\61883.sys
+ 2012-02-23 01:20 . 2008-04-14 08:10 12288 c:\windows\system32\dllcache\4mmdat.sys
+ 2012-02-23 01:20 . 2001-08-17 22:06 11264 c:\windows\system32\dllcache\1394vdbg.sys
+ 2012-02-23 01:20 . 2008-04-14 08:16 53376 c:\windows\system32\dllcache\1394bus.sys
+ 2012-02-23 01:46 . 2008-04-14 13:42 8192 c:\windows\system32\dllcache\wshirda.dll
+ 2001-08-17 22:36 . 2006-02-28 12:00 3200 c:\windows\system32\dllcache\wowfax.dll
+ 2012-02-23 01:46 . 2008-04-14 08:06 8832 c:\windows\system32\dllcache\wmiacpi.sys
+ 2012-02-23 01:45 . 2008-04-14 08:10 5376 c:\windows\system32\dllcache\viaide.sys
+ 2012-02-23 01:45 . 2001-08-17 21:28 7556 c:\windows\system32\dllcache\usroslba.sys
+ 2006-02-28 12:00 . 2006-02-28 12:00 4736 c:\windows\system32\dllcache\usbd.sys
- 2009-11-27 16:07 . 2009-11-27 16:07 8704 c:\windows\system32\dllcache\tsbyuv.dll
+ 2001-08-17 22:36 . 2009-11-27 16:07 8704 c:\windows\system32\dllcache\tsbyuv.dll
+ 2012-02-23 01:43 . 2001-08-17 21:51 4992 c:\windows\system32\dllcache\toside.sys
+ 2012-02-23 01:42 . 2001-08-17 22:02 3968 c:\windows\system32\dllcache\swusbflt.sys
+ 2008-04-14 00:09 . 2008-04-14 12:51 4352 c:\windows\system32\dllcache\swenum.sys
+ 2001-08-17 22:36 . 2006-02-28 12:00 8192 c:\windows\system32\dllcache\streamci.dll
+ 2012-02-23 01:41 . 2001-08-17 21:56 7552 c:\windows\system32\dllcache\sonypvu1.sys
+ 2012-02-23 01:41 . 2001-08-17 21:53 9600 c:\windows\system32\dllcache\sonymc.sys
+ 2012-02-23 01:41 . 2008-04-14 08:10 7552 c:\windows\system32\dllcache\sonyait.sys
+ 2012-02-23 01:41 . 2001-08-17 21:53 7040 c:\windows\system32\dllcache\snyaitmc.sys
+ 2012-02-23 01:40 . 2001-08-17 21:57 6784 c:\windows\system32\dllcache\smbhc.sys
+ 2012-02-23 01:40 . 2008-04-14 08:06 6912 c:\windows\system32\dllcache\smbclass.sys
+ 2012-02-23 01:40 . 2008-04-14 08:06 5888 c:\windows\system32\dllcache\smbali.sys
+ 2012-02-23 01:40 . 2008-04-14 13:42 3901 c:\windows\system32\dllcache\siint5.dll
+ 2012-02-23 01:39 . 2001-08-17 21:53 6784 c:\windows\system32\dllcache\serscan.sys
+ 2012-02-23 01:39 . 2001-08-17 21:53 6912 c:\windows\system32\dllcache\seaddsmc.sys
+ 2012-02-23 01:38 . 2001-08-18 06:36 9216 c:\windows\system32\dllcache\rsmgrstr.dll
+ 2012-02-23 01:38 . 2001-08-17 20:19 3840 c:\windows\system32\dllcache\rpfun.sys
+ 2012-02-23 01:37 . 2001-08-17 21:53 3328 c:\windows\system32\dllcache\qv2kux.sys
+ 2012-02-23 01:37 . 2008-04-14 08:10 6016 c:\windows\system32\dllcache\qic157.sys
+ 2012-02-23 01:37 . 2001-08-18 06:36 5632 c:\windows\system32\dllcache\ptpusb.dll
+ 2012-02-23 01:36 . 2008-04-14 08:10 8832 c:\windows\system32\dllcache\powerfil.sys
+ 2012-02-23 01:36 . 2001-08-17 21:53 7168 c:\windows\system32\dllcache\pnrmc.sys
+ 2012-02-23 01:36 . 2001-08-17 22:07 5504 c:\windows\system32\dllcache\perc2hib.sys
+ 2006-02-28 12:00 . 2006-02-28 12:00 3328 c:\windows\system32\dllcache\pciide.sys
+ 2006-02-28 12:00 . 2006-02-28 12:00 3456 c:\windows\system32\dllcache\oprghdlr.sys
+ 2012-02-23 01:34 . 2001-08-17 21:47 9344 c:\windows\system32\dllcache\ntapm.sys
+ 2012-02-23 01:34 . 2001-08-17 21:53 7552 c:\windows\system32\dllcache\nsmmc.sys
+ 2012-02-23 01:33 . 2001-08-18 06:36 7168 c:\windows\system32\dllcache\mxport.dll
+ 2012-02-23 01:33 . 2008-04-14 08:09 5504 c:\windows\system32\dllcache\mstee.sys
+ 2012-02-23 01:31 . 2001-08-17 21:58 8320 c:\windows\system32\dllcache\memcard.sys
+ 2012-02-23 01:31 . 2001-08-17 21:52 7424 c:\windows\system32\dllcache\mammoth.sys
+ 2012-02-23 01:31 . 2008-04-14 08:10 7040 c:\windows\system32\dllcache\ltotape.sys
+ 2012-02-23 01:31 . 2001-08-17 21:53 4992 c:\windows\system32\dllcache\loop.sys
+ 2012-02-23 01:30 . 2001-08-18 06:36 8192 c:\windows\system32\dllcache\kbdkor.dll
+ 2012-02-23 01:30 . 2001-08-18 06:36 8704 c:\windows\system32\dllcache\kbdjpn.dll
+ 2012-02-23 01:30 . 2008-04-14 13:39 6144 c:\windows\system32\dllcache\kbd106.dll
+ 2012-02-23 01:30 . 2001-08-17 22:55 5632 c:\windows\system32\dllcache\kbd103.dll
+ 2012-02-23 01:30 . 2001-08-17 22:55 6144 c:\windows\system32\dllcache\kbd101c.dll
+ 2012-02-23 01:30 . 2001-08-17 22:55 6144 c:\windows\system32\dllcache\kbd101b.dll
+ 2012-02-23 01:29 . 2008-04-14 08:10 5504 c:\windows\system32\dllcache\intelide.sys
+ 2012-02-23 01:28 . 2001-08-18 06:34 9216 c:\windows\system32\dllcache\ibmsgnet.dll
+ 2012-02-23 01:28 . 2008-04-14 08:11 8576 c:\windows\system32\dllcache\i2omgmt.sys
+ 2012-02-23 01:28 . 2001-08-18 06:36 9759 c:\windows\system32\dllcache\hsf_inst.dll
+ 2012-02-23 01:27 . 2001-08-17 21:52 5760 c:\windows\system32\dllcache\hpt4qic.sys
+ 2012-02-23 01:27 . 2001-08-17 22:02 2688 c:\windows\system32\dllcache\hidswvd.sys
+ 2012-02-23 01:27 . 2001-08-17 22:02 8576 c:\windows\system32\dllcache\hidgame.sys
+ 2008-04-14 12:41 . 2008-04-14 12:41 7168 c:\windows\system32\dllcache\hccoin.dll
+ 2012-02-23 01:25 . 2001-08-17 21:46 6400 c:\windows\system32\dllcache\enum1394.sys
+ 2012-02-23 01:25 . 2001-08-17 21:53 7296 c:\windows\system32\dllcache\elmsmc.sys
+ 2012-02-23 01:24 . 2001-08-17 21:47 8704 c:\windows\system32\dllcache\dot4scan.sys
+ 2012-02-23 01:24 . 2008-04-14 08:10 8320 c:\windows\system32\dllcache\dlttape.sys
+ 2012-02-23 01:24 . 2001-08-18 06:36 6216 c:\windows\system32\dllcache\divaci.dll
+ 2012-02-23 01:24 . 2001-08-18 06:36 6729 c:\windows\system32\dllcache\disrvci.dll
+ 2012-02-23 01:23 . 2001-08-17 21:52 7424 c:\windows\system32\dllcache\ddsmc.sys
+ 2012-02-23 01:23 . 2001-08-17 20:19 3584 c:\windows\system32\dllcache\cwcosnt5.sys
+ 2012-02-23 01:23 . 2001-08-17 20:19 3072 c:\windows\system32\dllcache\cwbmidi.sys
+ 2012-02-23 01:23 . 2001-08-17 20:19 3072 c:\windows\system32\dllcache\cwbase.sys
+ 2012-02-23 01:23 . 2001-08-18 06:36 4096 c:\windows\system32\dllcache\ctwdm32.dll
+ 2012-02-23 01:23 . 2001-08-17 20:19 3712 c:\windows\system32\dllcache\ctljystk.sys
+ 2012-02-23 01:23 . 2001-08-17 20:19 6912 c:\windows\system32\dllcache\ctlfacem.sys
+ 2012-02-23 01:22 . 2001-08-17 21:51 6656 c:\windows\system32\dllcache\cmdide.sys
+ 2012-02-23 01:22 . 2008-04-14 08:11 8192 c:\windows\system32\dllcache\changer.sys
+ 2012-02-23 01:22 . 2001-08-17 21:52 7680 c:\windows\system32\dllcache\cd20xrnt.sys
+ 2012-02-23 01:21 . 2001-08-18 06:36 9728 c:\windows\system32\dllcache\brserif.dll
+ 2012-02-23 01:21 . 2001-08-18 06:36 5120 c:\windows\system32\dllcache\brscnrsm.dll
+ 2012-02-23 01:21 . 2001-08-17 21:12 3168 c:\windows\system32\dllcache\brparimg.sys
+ 2012-02-23 01:21 . 2001-08-17 21:12 3968 c:\windows\system32\dllcache\brfiltup.sys
+ 2012-02-23 01:21 . 2001-08-17 21:12 2944 c:\windows\system32\dllcache\brfilt.sys
+ 2012-02-23 01:21 . 2001-08-18 06:36 9728 c:\windows\system32\dllcache\brcoinst.dll
+ 2010-03-25 05:54 . 2001-08-17 13:59 3072 c:\windows\system32\dllcache\audstub.sys
+ 2012-02-23 01:21 . 2001-08-17 20:49 9472 c:\windows\system32\dllcache\ativmdcd.sys
+ 2012-02-23 01:21 . 2001-08-17 21:47 6272 c:\windows\system32\dllcache\apmbatt.sys
+ 2012-02-23 01:20 . 2001-08-17 21:51 5248 c:\windows\system32\dllcache\aliide.sys
+ 2012-02-23 01:20 . 2008-04-14 13:41 3775 c:\windows\system32\dllcache\adv11nt5.dll
+ 2012-02-23 01:20 . 2008-04-14 13:41 3711 c:\windows\system32\dllcache\adv09nt5.dll
+ 2012-02-23 01:20 . 2008-04-14 13:41 3135 c:\windows\system32\dllcache\adv08nt5.dll
+ 2012-02-23 01:20 . 2008-04-14 13:41 3647 c:\windows\system32\dllcache\adv07nt5.dll
+ 2012-02-23 01:20 . 2008-04-14 13:41 3615 c:\windows\system32\dllcache\adv05nt5.dll
+ 2012-02-23 01:20 . 2008-04-14 13:41 3967 c:\windows\system32\dllcache\adv02nt5.dll
+ 2012-02-23 01:20 . 2008-04-14 13:41 4255 c:\windows\system32\dllcache\adv01nt5.dll
+ 2012-02-23 01:20 . 2001-08-17 21:53 7424 c:\windows\system32\dllcache\adicvls.sys
+ 2006-02-28 12:00 . 2012-02-23 00:25 512564 c:\windows\system32\perfh009.dat
- 2010-03-25 05:48 . 2012-02-22 15:54 294864 c:\windows\system32\FNTCACHE.DAT
+ 2010-03-25 05:48 . 2012-02-23 01:16 294864 c:\windows\system32\FNTCACHE.DAT
+ 2008-04-14 05:42 . 2008-04-14 12:51 483840 c:\windows\system32\dllcache\wzcsvc.dll
+ 2008-04-14 12:42 . 2008-04-14 12:42 108032 c:\windows\system32\dllcache\wshbth.dll
+ 2012-02-23 01:46 . 2008-04-14 06:05 154624 c:\windows\system32\dllcache\wlluc48.sys
+ 2012-02-23 01:46 . 2001-08-17 21:28 771581 c:\windows\system32\dllcache\winacisa.sys
+ 2012-02-23 01:46 . 2001-08-17 21:28 701386 c:\windows\system32\dllcache\wdhaalba.sys
+ 2012-02-23 01:45 . 2001-08-17 21:28 397502 c:\windows\system32\dllcache\vpctcom.sys
+ 2012-02-23 01:45 . 2001-08-17 21:28 604253 c:\windows\system32\dllcache\vmodem.sys
+ 2012-02-23 01:45 . 2001-08-17 20:14 249402 c:\windows\system32\dllcache\vinwm.sys
+ 2012-02-23 01:45 . 2001-08-17 21:28 687999 c:\windows\system32\dllcache\usrwdxjs.sys
+ 2001-08-17 22:36 . 2006-02-28 12:00 102457 c:\windows\system32\dllcache\usrv42a.dll
+ 2012-02-23 01:45 . 2001-08-17 21:28 765884 c:\windows\system32\dllcache\usrti.sys
+ 2012-02-23 01:45 . 2001-08-17 21:28 113762 c:\windows\system32\dllcache\usrpda.sys
+ 2001-08-17 22:36 . 2006-02-28 12:00 323641 c:\windows\system32\dllcache\usrdtea.dll
+ 2012-02-23 01:45 . 2001-08-17 21:28 224802 c:\windows\system32\dllcache\usr1807a.sys
+ 2012-02-23 01:45 . 2001-08-17 21:28 794399 c:\windows\system32\dllcache\usr1806v.sys
+ 2012-02-23 01:45 . 2001-08-17 21:28 793598 c:\windows\system32\dllcache\usr1806.sys
+ 2012-02-23 01:45 . 2001-08-17 21:28 794654 c:\windows\system32\dllcache\usr1801.sys
+ 2012-02-23 01:45 . 2008-04-14 08:16 121984 c:\windows\system32\dllcache\usbvideo.sys
+ 2008-04-14 07:15 . 2008-04-14 07:15 143872 c:\windows\system32\dllcache\usbport.sys
+ 2012-02-23 01:44 . 2001-08-18 06:36 211968 c:\windows\system32\dllcache\um54scan.dll
+ 2012-02-23 01:44 . 2001-08-18 06:36 216064 c:\windows\system32\dllcache\um34scan.dll
+ 2012-02-23 01:44 . 2001-08-17 20:51 166784 c:\windows\system32\dllcache\tridxpm.sys
+ 2012-02-23 01:44 . 2001-08-18 06:36 525568 c:\windows\system32\dllcache\tridxp.dll
+ 2012-02-23 01:44 . 2001-08-17 20:51 159232 c:\windows\system32\dllcache\tridkbm.sys
+ 2012-02-23 01:44 . 2001-08-17 22:56 440576 c:\windows\system32\dllcache\tridkb.dll
+ 2012-02-23 01:43 . 2001-08-17 22:56 315520 c:\windows\system32\dllcache\trid3d.dll
+ 2012-02-23 01:43 . 2001-08-17 22:02 230912 c:\windows\system32\dllcache\tosdvd03.sys
+ 2012-02-23 01:43 . 2001-08-17 22:01 241664 c:\windows\system32\dllcache\tosdvd02.sys
+ 2012-02-23 01:43 . 2001-08-17 20:14 123995 c:\windows\system32\dllcache\tjisdn.sys
+ 2012-02-23 01:43 . 2001-08-17 20:51 138528 c:\windows\system32\dllcache\tgiulnt5.sys
+ 2012-02-23 01:43 . 2008-04-14 08:10 149376 c:\windows\system32\dllcache\tffsport.sys
+ 2012-02-23 01:42 . 2001-08-17 22:56 172768 c:\windows\system32\dllcache\t2r4disp.dll
+ 2012-02-23 01:42 . 2001-08-17 21:50 103936 c:\windows\system32\dllcache\sx.sys
+ 2012-02-23 01:42 . 2001-08-18 06:36 155648 c:\windows\system32\dllcache\stlnprop.dll
+ 2012-02-23 01:42 . 2001-08-17 20:18 285760 c:\windows\system32\dllcache\stlnata.sys
+ 2012-02-23 01:41 . 2001-08-18 06:36 106584 c:\windows\system32\dllcache\spdports.dll
+ 2012-02-23 01:41 . 2001-08-18 06:36 114688 c:\windows\system32\dllcache\sonypi.dll
+ 2012-02-23 01:41 . 2001-08-17 22:56 147200 c:\windows\system32\dllcache\smidispb.dll
+ 2012-02-23 01:40 . 2008-04-14 07:53 404990 c:\windows\system32\dllcache\slntamr.sys
+ 2012-02-23 01:40 . 2008-04-14 07:53 129535 c:\windows\system32\dllcache\slnt7554.sys
+ 2012-02-23 01:40 . 2008-04-14 13:42 188508 c:\windows\system32\dllcache\slgen.dll
+ 2012-02-23 01:40 . 2008-04-14 13:42 286792 c:\windows\system32\dllcache\slextspk.dll
+ 2012-02-23 01:40 . 2001-08-17 22:56 157696 c:\windows\system32\dllcache\sisv256.dll
+ 2012-02-23 01:40 . 2001-08-18 06:36 238592 c:\windows\system32\dllcache\sisgrv.dll
+ 2012-02-23 01:40 . 2001-08-17 20:50 104064 c:\windows\system32\dllcache\sisgrp.sys
+ 2012-02-23 01:40 . 2001-08-17 22:56 150144 c:\windows\system32\dllcache\sis6306v.dll
+ 2012-02-23 01:40 . 2001-08-17 22:56 252032 c:\windows\system32\dllcache\sis300iv.dll
+ 2012-02-23 01:40 . 2001-08-17 20:50 101760 c:\windows\system32\dllcache\sis300ip.sys
+ 2012-02-23 01:39 . 2001-08-18 06:36 386560 c:\windows\system32\dllcache\sgiul50.dll
+ 2012-02-23 01:39 . 2001-08-18 06:36 495616 c:\windows\system32\dllcache\sblfx.dll
+ 2012-02-23 01:38 . 2001-08-17 22:56 245632 c:\windows\system32\dllcache\s3savmx.dll
+ 2012-02-23 01:38 . 2001-08-17 22:56 198400 c:\windows\system32\dllcache\s3sav4.dll
+ 2012-02-23 01:38 . 2001-08-17 22:56 179264 c:\windows\system32\dllcache\s3sav3d.dll
+ 2012-02-23 01:38 . 2001-08-17 22:56 210496 c:\windows\system32\dllcache\s3mvirge.dll
+ 2012-02-23 01:38 . 2001-08-17 22:56 182272 c:\windows\system32\dllcache\s3mt3d.dll
+ 2012-02-23 01:38 . 2001-08-17 20:50 166720 c:\windows\system32\dllcache\s3m.sys
+ 2012-02-23 01:38 . 2008-04-14 06:04 166912 c:\windows\system32\dllcache\s3gnbm.sys
+ 2012-02-23 01:38 . 2008-04-14 13:42 397056 c:\windows\system32\dllcache\s3gnb.dll
+ 2010-03-25 14:10 . 2008-04-14 08:02 196224 c:\windows\system32\dllcache\rdpdr.sys
+ 2012-02-23 01:37 . 2001-08-17 21:28 714762 c:\windows\system32\dllcache\r2mdmkxx.sys
+ 2012-02-23 01:37 . 2001-08-17 21:28 899146 c:\windows\system32\dllcache\r2mdkxga.sys
+ 2012-02-23 01:37 . 2001-08-17 21:28 130942 c:\windows\system32\dllcache\ptserlv.sys
+ 2012-02-23 01:37 . 2001-08-17 21:28 112574 c:\windows\system32\dllcache\ptserlp.sys
+ 2012-02-23 01:37 . 2001-08-17 21:28 128286 c:\windows\system32\dllcache\ptserli.sys
+ 2012-02-23 01:37 . 2008-04-14 13:42 159232 c:\windows\system32\dllcache\ptpusd.dll
+ 2012-02-23 01:36 . 2008-04-14 13:42 363520 c:\windows\system32\dllcache\psisdecd.dll
+ 2012-02-23 01:36 . 2001-08-18 06:36 121344 c:\windows\system32\dllcache\phvfwext.dll
+ 2012-02-23 01:36 . 2001-08-17 22:04 173696 c:\windows\system32\dllcache\philcam2.sys
+ 2012-02-23 01:36 . 2008-04-14 13:40 259328 c:\windows\system32\dllcache\perm3dd.dll
+ 2012-02-23 01:36 . 2008-04-14 13:40 211584 c:\windows\system32\dllcache\perm2dll.dll
+ 2012-02-23 01:36 . 2008-04-14 05:42 169984 c:\windows\system32\dllcache\pcx500.sys
+ 2008-04-14 07:06 . 2008-04-14 07:06 120192 c:\windows\system32\dllcache\pcmcia.sys
+ 2001-08-17 22:36 . 2006-02-28 12:00 157696 c:\windows\system32\dllcache\paqsp.dll
+ 2012-02-23 01:35 . 2001-08-17 22:05 351616 c:\windows\system32\dllcache\ovcodek2.sys
+ 2012-02-23 01:35 . 2001-08-18 06:36 116736 c:\windows\system32\dllcache\ovcodec2.dll
+ 2012-02-23 01:34 . 2001-08-18 06:36 123776 c:\windows\system32\dllcache\nv3.dll
+ 2012-02-23 01:34 . 2008-04-14 07:53 180360 c:\windows\system32\dllcache\ntmtlfax.sys
+ 2012-02-23 01:34 . 2001-08-17 20:20 126080 c:\windows\system32\dllcache\nm5a2wdm.sys
+ 2012-02-23 01:34 . 2008-04-14 06:05 132695 c:\windows\system32\dllcache\netwlan5.sys
+ 2012-02-23 01:33 . 2001-08-17 20:11 128000 c:\windows\system32\dllcache\n100325.sys
+ 2012-02-23 01:33 . 2001-08-17 20:50 103296 c:\windows\system32\dllcache\mtxvideo.sys
+ 2012-02-23 01:33 . 2008-04-14 06:04 452736 c:\windows\system32\dllcache\mtxparhm.sys
+ 2012-02-23 01:33 . 2008-04-14 07:53 126686 c:\windows\system32\dllcache\mtlmnt5.sys
+ 2012-02-23 01:31 . 2001-08-17 22:56 235648 c:\windows\system32\dllcache\mgaud.dll
+ 2001-08-17 22:36 . 2006-02-28 12:00 147968 c:\windows\system32\dllcache\mdwmdmsp.dll
+ 2012-02-23 01:31 . 2001-08-17 20:12 164586 c:\windows\system32\dllcache\mdgndis5.sys
+ 2012-02-23 01:31 . 2001-08-17 21:28 797500 c:\windows\system32\dllcache\ltsmt.sys
+ 2012-02-23 01:31 . 2001-08-17 21:28 802683 c:\windows\system32\dllcache\ltsm.sys
+ 2012-02-23 01:31 . 2008-04-14 07:53 420992 c:\windows\system32\dllcache\ltmdmntt.sys
+ 2012-02-23 01:31 . 2001-08-17 21:28 576746 c:\windows\system32\dllcache\ltmdmntl.sys
+ 2012-02-23 01:31 . 2008-04-14 07:53 606684 c:\windows\system32\dllcache\ltmdmnt.sys
+ 2012-02-23 01:31 . 2001-08-17 21:28 727786 c:\windows\system32\dllcache\ltck000c.sys
+ 2012-02-23 01:30 . 2008-04-14 13:41 253952 c:\windows\system32\dllcache\kdsusd.dll
+ 2012-02-23 01:30 . 2008-04-14 13:42 151552 c:\windows\system32\dllcache\irftp.exe
+ 2012-02-23 01:29 . 2001-08-18 06:36 372824 c:\windows\system32\dllcache\iconf32.dll
+ 2012-02-23 01:29 . 2001-08-17 22:06 100992 c:\windows\system32\dllcache\icam5usb.sys
+ 2012-02-23 01:29 . 2001-08-17 22:06 154496 c:\windows\system32\dllcache\icam4usb.sys
+ 2012-02-23 01:29 . 2001-08-17 22:05 141056 c:\windows\system32\dllcache\icam3.sys
+ 2012-02-23 01:28 . 2001-08-17 20:12 100936 c:\windows\system32\dllcache\ibmtok.sys
+ 2012-02-23 01:28 . 2008-04-14 06:04 161020 c:\windows\system32\dllcache\i81xnt5.sys
+ 2012-02-23 01:28 . 2008-04-14 13:41 702845 c:\windows\system32\dllcache\i81xdnt5.dll
+ 2012-02-23 01:28 . 2001-08-17 22:56 353184 c:\windows\system32\dllcache\i740dnt5.dll
- 2009-10-20 16:20 . 2009-10-20 16:20 265728 c:\windows\system32\dllcache\http.sys
+ 2008-04-14 07:23 . 2009-10-20 16:20 265728 c:\windows\system32\dllcache\http.sys
+ 2012-02-23 01:28 . 2008-04-14 07:53 685056 c:\windows\system32\dllcache\hsfcxts2.sys
+ 2012-02-23 01:28 . 2008-04-14 07:53 220032 c:\windows\system32\dllcache\hsfbs2s2.sys
+ 2012-02-23 01:28 . 2001-08-17 21:28 488383 c:\windows\system32\dllcache\hsf_v124.sys
+ 2012-02-23 01:28 . 2001-08-17 21:28 542879 c:\windows\system32\dllcache\hsf_msft.sys
+ 2012-02-23 01:28 . 2001-08-17 21:28 391199 c:\windows\system32\dllcache\hsf_k56k.sys
+ 2012-02-23 01:28 . 2001-08-17 21:28 115807 c:\windows\system32\dllcache\hsf_fsks.sys
+ 2012-02-23 01:27 . 2001-08-17 21:28 289887 c:\windows\system32\dllcache\hsf_fall.sys
+ 2012-02-23 01:27 . 2001-08-17 21:28 150239 c:\windows\system32\dllcache\hsf_amos.sys
+ 2012-02-23 01:27 . 2001-08-18 06:36 324608 c:\windows\system32\dllcache\hpojwia.dll
+ 2012-02-23 01:27 . 2001-08-18 06:36 165888 c:\windows\system32\dllcache\hpgt53.dll
+ 2012-02-23 01:27 . 2001-08-18 06:36 126976 c:\windows\system32\dllcache\hpgt34tk.dll
+ 2012-02-23 01:27 . 2001-08-18 06:36 101376 c:\windows\system32\dllcache\hpgt34.dll
+ 2012-02-23 01:27 . 2001-08-18 06:36 123392 c:\windows\system32\dllcache\hpgt21tk.dll
+ 2012-02-23 01:27 . 2001-08-18 06:36 119296 c:\windows\system32\dllcache\hpdigwia.dll
+ 2012-02-23 01:27 . 2001-08-17 21:28 907456 c:\windows\system32\dllcache\hcf_msft.sys
+ 2012-02-23 01:26 . 2001-08-17 20:49 322432 c:\windows\system32\dllcache\g400m.sys
+ 2012-02-23 01:26 . 2001-08-17 20:49 320384 c:\windows\system32\dllcache\g200m.sys
+ 2012-02-23 01:26 . 2001-08-17 22:56 470144 c:\windows\system32\dllcache\g200d.dll
+ 2012-02-23 01:26 . 2001-08-17 20:15 454912 c:\windows\system32\dllcache\fxusbase.sys
+ 2012-02-23 01:26 . 2001-08-17 20:15 455296 c:\windows\system32\dllcache\fusbbase.sys
+ 2012-02-23 01:26 . 2001-08-17 20:15 455680 c:\windows\system32\dllcache\fus2base.sys
+ 2006-02-28 12:00 . 2006-02-28 12:00 125056 c:\windows\system32\dllcache\ftdisk.sys
+ 2012-02-23 01:26 . 2008-04-14 13:42 193024 c:\windows\system32\dllcache\fsquirt.exe
+ 2012-02-23 01:26 . 2001-08-17 20:15 442240 c:\windows\system32\dllcache\fpnpbase.sys
+ 2012-02-23 01:26 . 2001-08-17 20:14 441728 c:\windows\system32\dllcache\fpcmbase.sys
+ 2012-02-23 01:26 . 2001-08-17 20:14 444416 c:\windows\system32\dllcache\fpcibase.sys
+ 2012-02-23 01:25 . 2008-04-14 06:06 137088 c:\windows\system32\dllcache\essm2e.sys
+ 2012-02-23 01:25 . 2001-08-17 21:28 347550 c:\windows\system32\dllcache\es56tpi.sys
+ 2012-02-23 01:25 . 2001-08-17 21:28 594238 c:\windows\system32\dllcache\es56hpi.sys
+ 2012-02-23 01:25 . 2001-08-17 21:28 595647 c:\windows\system32\dllcache\es56cvmp.sys
+ 2012-02-23 01:25 . 2001-08-17 20:19 174464 c:\windows\system32\dllcache\es198x.sys
+ 2012-02-23 01:25 . 2001-08-17 20:17 629952 c:\windows\system32\dllcache\eqn.sys
+ 2012-02-23 01:25 . 2001-08-17 21:50 114944 c:\windows\system32\dllcache\epstw2k.sys
+ 2012-02-23 01:25 . 2001-08-17 21:50 144896 c:\windows\system32\dllcache\epcfw2k.sys
+ 2012-02-23 01:25 . 2001-08-17 20:19 283904 c:\windows\system32\dllcache\emu10k1m.sys
+ 2012-02-23 01:25 . 2001-08-17 20:11 171520 c:\windows\system32\dllcache\el99xn51.sys
+ 2012-02-23 01:25 . 2001-08-17 20:11 455199 c:\windows\system32\dllcache\el985n51.sys
+ 2012-02-23 01:25 . 2001-08-17 20:11 153631 c:\windows\system32\dllcache\el90xnd5.sys
+ 2012-02-23 01:25 . 2001-08-17 21:28 241206 c:\windows\system32\dllcache\el656se5.sys
+ 2012-02-23 01:25 . 2001-08-17 21:28 634134 c:\windows\system32\dllcache\el656ct5.sys
+ 2012-02-23 01:24 . 2001-08-17 20:12 117760 c:\windows\system32\dllcache\e100b325.sys
+ 2012-02-23 01:24 . 2001-08-17 20:20 334208 c:\windows\system32\dllcache\ds1wdm.sys
+ 2012-02-23 01:24 . 2008-04-14 08:09 206976 c:\windows\system32\dllcache\dot4.sys
+ 2012-02-23 01:24 . 2001-08-17 20:14 952007 c:\windows\system32\dllcache\diwan.sys
+ 2012-02-23 01:24 . 2001-08-18 06:36 236060 c:\windows\system32\dllcache\ditrace.exe
+ 2012-02-23 01:24 . 2001-08-18 06:36 614429 c:\windows\system32\dllcache\digiview.exe
+ 2012-02-23 01:24 . 2001-08-18 06:36 110621 c:\windows\system32\dllcache\digirlpt.dll
+ 2012-02-23 01:24 . 2001-08-18 06:36 102484 c:\windows\system32\dllcache\digiinf.dll
+ 2012-02-23 01:24 . 2001-08-18 06:36 159828 c:\windows\system32\dllcache\digihlc.dll
+ 2012-02-23 01:24 . 2001-08-18 06:36 229462 c:\windows\system32\dllcache\digifwrk.dll
+ 2012-02-23 01:24 . 2001-08-17 20:13 103044 c:\windows\system32\dllcache\digidxb.sys
+ 2012-02-23 01:24 . 2001-08-18 06:36 131156 c:\windows\system32\dllcache\digidbp.dll
+ 2012-02-23 01:22 . 2001-08-17 20:13 164923 c:\windows\system32\dllcache\diapi2.sys
+ 2012-02-23 01:23 . 2001-08-18 06:36 419357 c:\windows\system32\dllcache\dgconfig.dll
+ 2012-02-23 01:23 . 2001-08-18 06:36 256512 c:\windows\system32\dllcache\devcon32.dll
+ 2012-02-23 01:23 . 2001-08-18 06:36 110592 c:\windows\system32\dllcache\dc260usd.dll
+ 2012-02-23 01:23 . 2001-08-17 21:52 179584 c:\windows\system32\dllcache\dac2w2k.sys
+ 2012-02-23 01:23 . 2001-08-17 20:12 117760 c:\windows\system32\dllcache\d100ib5.sys
+ 2012-02-23 01:23 . 2001-08-17 20:19 111872 c:\windows\system32\dllcache\cwcspud.sys
+ 2012-02-23 01:23 . 2008-04-14 13:41 249856 c:\windows\system32\dllcache\ctmasetp.dll
+ 2012-02-23 01:23 . 2001-08-18 06:36 175104 c:\windows\system32\dllcache\csamsp.dll
+ 2012-02-23 01:23 . 2001-08-18 06:36 216064 c:\windows\system32\dllcache\cpscan.dll
+ 2012-02-23 01:22 . 2001-08-17 21:57 248064 c:\windows\system32\dllcache\cl546xm.sys
+ 2012-02-23 01:22 . 2001-08-17 22:56 170880 c:\windows\system32\dllcache\cl546x.dll
+ 2012-02-23 01:22 . 2001-08-17 22:56 111232 c:\windows\system32\dllcache\cl5465.dll
+ 2001-08-17 14:02 . 2006-02-28 12:00 262528 c:\windows\system32\dllcache\cinemst2.sys
+ 2012-02-23 01:22 . 2001-08-17 22:02 272640 c:\windows\system32\dllcache\cinemclc.sys
+ 2012-02-23 01:22 . 2001-08-17 20:13 980034 c:\windows\system32\dllcache\cicap.sys
+ 2012-02-23 01:22 . 2001-08-17 21:28 714698 c:\windows\system32\dllcache\cbmdmkxx.sys
+ 2012-02-23 01:22 . 2008-04-14 13:41 121856 c:\windows\system32\dllcache\camext30.dll
+ 2012-02-23 01:22 . 2001-08-18 06:36 236032 c:\windows\system32\dllcache\camext20.dll
+ 2012-02-23 01:22 . 2001-08-17 22:04 171264 c:\windows\system32\dllcache\camdrv30.sys
+ 2012-02-23 01:22 . 2001-08-17 22:04 223232 c:\windows\system32\dllcache\camdrv21.sys
+ 2012-02-23 01:22 . 2001-08-17 22:05 314752 c:\windows\system32\dllcache\camdro21.sys
+ 2012-02-23 01:21 . 2008-04-14 08:21 101120 c:\windows\system32\dllcache\bthpan.sys
+ 2012-02-23 01:21 . 2001-08-18 06:36 102400 c:\windows\system32\dllcache\binlsvc.dll
+ 2012-02-23 01:21 . 2001-08-17 21:28 871388 c:\windows\system32\dllcache\bcmdm.sys
+ 2012-02-23 01:21 . 2001-08-17 22:56 342336 c:\windows\system32\dllcache\banshee.dll
+ 2012-02-23 01:21 . 2001-08-18 06:36 144384 c:\windows\system32\dllcache\avmenum.dll
+ 2012-02-23 01:21 . 2008-04-14 13:41 516768 c:\windows\system32\dllcache\ativvaxx.dll
+ 2012-02-23 01:21 . 2001-08-17 22:56 104832 c:\windows\system32\dllcache\atiraged.dll
+ 2012-02-23 01:21 . 2008-04-14 06:04 104960 c:\windows\system32\dllcache\atinrvxx.sys
+ 2012-02-23 01:21 . 2001-08-17 20:48 281600 c:\windows\system32\dllcache\atimtai.sys
+ 2012-02-23 01:21 . 2001-08-17 20:48 289664 c:\windows\system32\dllcache\atimpab.sys
+ 2012-02-23 01:21 . 2001-08-17 22:56 268160 c:\windows\system32\dllcache\atidvai.dll
+ 2012-02-23 01:21 . 2001-08-17 22:56 137216 c:\windows\system32\dllcache\atidrae.dll
+ 2012-02-23 01:21 . 2001-08-17 22:55 382592 c:\windows\system32\dllcache\atidrab.dll
+ 2012-02-23 01:21 . 2008-04-14 13:41 870784 c:\windows\system32\dllcache\ati3d1ag.dll
+ 2012-02-23 01:21 . 2008-04-14 06:04 701440 c:\windows\system32\dllcache\ati2mtag.sys
+ 2012-02-23 01:21 . 2008-04-14 06:04 327040 c:\windows\system32\dllcache\ati2mtaa.sys
+ 2012-02-23 01:21 . 2008-04-14 13:41 201728 c:\windows\system32\dllcache\ati2dvag.dll
+ 2012-02-23 01:21 . 2008-04-14 13:41 377984 c:\windows\system32\dllcache\ati2dvaa.dll
+ 2012-02-23 01:21 . 2008-04-14 13:41 229376 c:\windows\system32\dllcache\ati2cqag.dll
+ 2012-02-23 01:20 . 2001-08-17 22:07 101888 c:\windows\system32\dllcache\adpu160m.sys
+ 2012-02-23 01:20 . 2001-08-17 20:19 747392 c:\windows\system32\dllcache\adm8830.sys
+ 2012-02-23 01:20 . 2001-08-17 20:19 553984 c:\windows\system32\dllcache\adm8820.sys
+ 2012-02-23 01:20 . 2001-08-17 20:19 584448 c:\windows\system32\dllcache\adm8810.sys
+ 2008-04-14 07:06 . 2008-04-14 07:06 187776 c:\windows\system32\dllcache\acpi.sys
+ 2012-02-23 01:20 . 2001-08-17 20:20 297728 c:\windows\system32\dllcache\ac97sis.sys
+ 2012-02-23 01:20 . 2008-04-14 06:06 231552 c:\windows\system32\dllcache\ac97ali.sys
+ 2012-02-23 01:20 . 2001-08-18 06:36 462848 c:\windows\system32\dllcache\a3dapi.dll
+ 2012-02-23 01:20 . 2001-08-17 20:48 148352 c:\windows\system32\dllcache\3dfxvsm.sys
+ 2012-02-23 01:20 . 2001-08-17 22:55 689216 c:\windows\system32\dllcache\3dfxvs.dll
+ 2012-02-23 01:20 . 2001-08-17 21:28 762780 c:\windows\system32\dllcache\3cwmcru.sys
+ 2012-02-23 00:10 . 2012-02-23 00:10 279040 c:\windows\Installer\d9500.msi
- 2010-03-25 15:46 . 2011-10-25 12:52 2027008 c:\windows\system32\dllcache\ntkrpamp.exe
+ 2008-04-14 00:01 . 2011-10-25 12:52 2027008 c:\windows\system32\dllcache\ntkrpamp.exe
+ 2008-04-14 07:54 . 2011-10-25 13:37 2148864 c:\windows\system32\dllcache\ntkrnlmp.exe
- 2010-03-25 15:46 . 2011-10-25 13:37 2148864 c:\windows\system32\dllcache\ntkrnlmp.exe
+ 2012-02-23 01:33 . 2008-04-14 13:42 1737856 c:\windows\system32\dllcache\mtxparhd.dll
+ 2012-02-23 01:33 . 2008-04-14 07:53 1309184 c:\windows\system32\dllcache\mtlstrm.sys
+ 2012-02-23 01:28 . 2008-04-14 07:53 1041536 c:\windows\system32\dllcache\hsfdpsp2.sys
+ 2012-02-23 01:26 . 2001-08-17 22:56 1733120 c:\windows\system32\dllcache\g400d.dll
+ 2012-02-23 01:21 . 2008-04-14 13:41 1888992 c:\windows\system32\dllcache\ati3duag.dll
.
-- Snapshot reset to current date --
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"H/PC Connection Agent"="c:\progra~1\MI3AA1~1\wcescomm.exe" [2006-11-13 1289000]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ToasterClient"="c:\program files\Cyncast\ToasterClient\\ToasterClient.exe" [2010-06-08 483328]
"MSC"="c:\program files\Microsoft Security Client\msseces.exe" [2010-11-30 997408]
"Malwarebytes' Anti-Malware"="c:\program files\Malwarebytes' Anti-Malware\mbamgui.exe" [2012-01-13 460872]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2009-09-28 13918208]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"DWQueuedReporting"="c:\progra~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" [2010-02-28 519584]
.
c:\documents and settings\Troberts\Start Menu\Programs\Startup\
OpenOffice.org 3.2.lnk - c:\program files\OpenOffice.org 3\program\quickstart.exe [2009-12-15 384000]
.
c:\documents and settings\All Users\Start Menu\Programs\Startup\
ALLDATA Collision S3500 EI.lnk - c:\windows\Installer\{FAA7E737-EBC3-4D92-84F1-040C6FAA13B8}\_B4D93AA2867D2521A059B9.exe [2011-10-26 63387]
SmartCapture.lnk - c:\program files\Seiko Instruments USA Inc\Smart Label Printer 6.4\slpcap.exe [2007-7-20 58720]
ToasterClient.lnk - c:\windows\Installer\{0E4D838E-5DA5-49CB-82B6-69E6571A81B1}\_6C5C9500ADDE2498947489.exe [2010-8-24 10134]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer]
"NoWelcomeScreen"= 1 (0x1)
.
[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{56F9679E-7826-4C84-81F3-532071A8BCC5}"= "c:\program files\Windows Desktop Search\MSNLNamespaceMgr.dll" [2009-05-25 304128]
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc]
@="Service"
.
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Adobe Acrobat Speed Launcher.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Adobe Acrobat Speed Launcher.lnk
backup=c:\windows\pss\Adobe Acrobat Speed Launcher.lnkCommon Startup
.
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Windows Search.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Windows Search.lnk
backup=c:\windows\pss\Windows Search.lnkCommon Startup
.
[HKLM\~\startupfolder\C:^Documents and Settings^Gabriel^Start Menu^Programs^Startup^OpenOffice.org 3.2.lnk]
path=c:\documents and settings\Gabriel\Start Menu\Programs\Startup\OpenOffice.org 3.2.lnk
backup=c:\windows\pss\OpenOffice.org 3.2.lnkStartup
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Acrobat Assistant 7.0]
2008-04-23 09:08 483328 ----a-w- c:\program files\Adobe\Acrobat 7.0\Distillr\acrotray.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BCSSync]
2010-03-13 21:54 91520 ----a-w- c:\program files\Microsoft Office\Office14\BCSSync.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ctfmon.exe]
2008-04-14 12:42 15360 ----a-w- c:\windows\system32\ctfmon.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
2011-04-14 18:32 421160 ----a-w- c:\program files\iTunes\iTunesHelper.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS]
2008-04-14 13:42 1695232 ----a-w- c:\program files\Messenger\msmsgs.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvCplDaemon]
2009-09-28 02:19 13918208 ----a-w- c:\windows\system32\nvcpl.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvMediaCenter]
2009-09-28 02:19 86016 ----a-w- c:\windows\system32\nvmctray.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
2010-11-30 00:38 421888 ----a-w- c:\program files\QuickTime\QTTask.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RTHDCPL]
2010-03-25 15:07 18791456 ----a-w- c:\windows\RTHDCPL.EXE
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
2010-10-29 22:49 249064 ----a-w- c:\program files\Common Files\Java\Java Update\jusched.exe
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"DisableNotifications"= 1 (0x1)
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=
"c:\program files\Microsoft ActiveSync\rapimgr.exe"= c:\program files\Microsoft ActiveSync\rapimgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync RAPI Manager
"c:\program files\Microsoft ActiveSync\wcescomm.exe"= c:\program files\Microsoft ActiveSync\wcescomm.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Connection Manager
"c:\program files\Microsoft ActiveSync\WCESMgr.exe"= c:\program files\Microsoft ActiveSync\WCESMgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Application
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"26675:TCP"= 26675:TCP:169.254.2.0/255.255.255.0:Enabled:ActiveSync Service
.
R2 MBAMService;MBAMService;c:\program files\Malwarebytes' Anti-Malware\mbamservice.exe [11/7/2010 5:12 PM 652360]
R2 OECApplicationUpdaterService;OECApplicationUpdaterService;c:\program files\OEConnection\OEConnection Application Update Service\OECUpdaterService.exe [7/1/2009 6:14 PM 28672]
R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [11/7/2010 5:11 PM 20464]
S3 Ambfilt;Ambfilt;c:\windows\system32\drivers\Ambfilt.sys [3/25/2010 7:11 AM 1691480]
S3 Microsoft SharePoint Workspace Audit Service;Microsoft SharePoint Workspace Audit Service;c:\program files\Microsoft Office\Office14\GROOVE.EXE [3/25/2010 9:25 AM 30969208]
S3 NgFilter;Aventail VPN Filter;c:\windows\system32\DRIVERS\ngfilter.sys --> c:\windows\system32\DRIVERS\ngfilter.sys [?]
S3 NgLog;Aventail VPN Logging;c:\windows\system32\DRIVERS\nglog.sys --> c:\windows\system32\DRIVERS\nglog.sys [?]
S3 NgVpn;Aventail VPN Adapter;c:\windows\system32\DRIVERS\ngvpn.sys --> c:\windows\system32\DRIVERS\ngvpn.sys [?]
S3 NgWfp;Aventail VPN Callout;c:\windows\system32\DRIVERS\ngwfp.sys --> c:\windows\system32\DRIVERS\ngwfp.sys [?]
S3 osppsvc;Office Software Protection Platform;c:\program files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [1/9/2010 8:37 PM 4640000]
S3 PROCEXP150;PROCEXP150;\??\c:\windows\system32\Drivers\PROCEXP150.SYS --> c:\windows\system32\Drivers\PROCEXP150.SYS [?]
.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
se44mdfl
.
Contents of the 'Scheduled Tasks' folder
.
2012-02-17 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 20:34]
.
2012-02-21 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1220945662-73586283-682003330-500Core.job
- c:\documents and settings\Administrator\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2010-03-25 09:08]
.
2012-02-23 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1220945662-73586283-682003330-500UA.job
- c:\documents and settings\Administrator\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2010-03-25 09:08]
.
2012-02-23 c:\windows\Tasks\User_Feed_Synchronization-{4A0E6716-CE14-4B96-BF0E-DFA83E89BAB0}.job
- c:\windows\system32\msfeedssync.exe [2009-03-08 11:31]
.
2012-02-23 c:\windows\Tasks\User_Feed_Synchronization-{66519A3D-25AE-4183-9A60-D2C21E6B0195}.job
- c:\windows\system32\msfeedssync.exe [2009-03-08 11:31]
.
.
------- Supplementary Scan -------
.
uInternet Settings,ProxyOverride = *.local
Trusted Zone: processclaims.com
Trusted Zone: processclaims.com\shopflow
TCP: DhcpNameServer = 209.18.47.61 209.18.47.62
DPF: DownloadClientAccessCab - hxxp://www.processclaims.com/web/cab/DownloadClientAccess.CAB
DPF: {5D357AB9-10EA-49A7-B2EB-B8F07C9E1EF4} - hxxp://shopflow.processclaims.com/ShopFlowWeb/WebResource.axd?d=uAxWuL9du8tEA6VQyEYRcP9Mk9SMwbQnDX54lfIJoHPYZBJG_PxVERseDMygzdbcKxhZxCTy6_qOYalgGp4hQPsX_UQjLfF-M04EyqZSPAw1&t=633934566620000000
DPF: {6B081705-DB09-4C5C-9CD0-F50AE950AB01} - hxxp://caf.oeconnection.com/applications/collisionlink/shopclient/install.cab
FF - ProfilePath - c:\documents and settings\Gabriel\Application Data\Mozilla\Firefox\Profiles\hi28lrfl.default\
FF - prefs.js: browser.search.defaulturl - hxxp://www.bing.com/search?FORM=SO3TDF&PC=SUN3&q=
FF - prefs.js: browser.startup.homepage - hxxp://www.msn.com/?pc=SUN3
FF - prefs.js: keyword.URL - hxxp://www.bing.com/search?FORM=SO3TDF&PC=SUN3&q=
FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}
FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension
FF - Ext: Java Quick Starter: jqs@sun.com - c:\program files\Java\jre6\lib\deploy\jqs\ff
FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - %profile%\extensions\{20a82645-c095-46ed-80e3-08825760534b}
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2012-02-23 06:34
Windows 5.1.2600 Service Pack 3 NTFS
.
scanning hidden processes ...
.
scanning hidden autostart entries ...
.
scanning hidden files ...
.
scan completed successfully
hidden files: 0
.
**************************************************************************
.
Completion time: 2012-02-23 06:35:36
ComboFix-quarantined-files.txt 2012-02-23 14:35
ComboFix2.txt 2012-02-22 20:07
.
Pre-Run: 124,403,724,288 bytes free
Post-Run: 124,421,275,648 bytes free
.
- - End Of File - - 2C19CCBF82E8F3AEF63FF759D92B5D26


ComboFix 12-02-22.01 - gtorres 02/22/2012 11:53:56.6.2 - x86
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.2047.1520 [GMT -8:00]
Running from: c:\documents and settings\Gabriel\Desktop\Spyware Tools\ComboFix.exe
Command switches used :: c:\documents and settings\Gabriel\Desktop\Spyware Tools\cfscript.txt
AV: Microsoft Security Essentials *Disabled/Outdated* {EDB4FA23-53B8-4AFA-8C5D-99752CCA7095}
AV: Microsoft Security Essentials *Disabled/Updated* {BCF43643-A118-4432-AEDE-D861FCBCFCDF}
.
FILE ::
"c:\windows\system32\dds_trash_log.cmd"
"c:\windows\system32\drivers\serial.sys_backup"
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\windows\system32\dds_trash_log.cmd
.
.
((((((((((((((((((((((((( Files Created from 2012-01-22 to 2012-02-22 )))))))))))))))))))))))))))))))
.
.
2012-02-22 19:41 . 2012-02-22 19:41 -------- d-----w- C:\TDSSKiller_Quarantine
2012-02-21 18:10 . 2012-01-11 19:06 3072 -c----w- c:\windows\system32\dllcache\iacenc.dll
2012-02-21 18:10 . 2012-01-11 19:06 3072 ------w- c:\windows\system32\iacenc.dll
2012-02-21 17:53 . 2008-04-14 07:51 162816 -c--a-w- c:\windows\system32\dllcache\netbt.sys
2012-02-21 17:53 . 2008-04-14 07:51 162816 ----a-w- c:\windows\system32\drivers\netbt.sys
2012-02-21 17:53 . 2008-04-14 07:49 75264 -c--a-w- c:\windows\system32\dllcache\ipsec.sys
2012-02-21 17:53 . 2008-04-14 07:49 75264 ----a-w- c:\windows\system32\drivers\ipsec.sys
2012-02-21 17:53 . 2011-08-17 13:49 138496 -c--a-w- c:\windows\system32\dllcache\afd.sys
2012-02-21 17:53 . 2011-08-17 13:49 138496 ----a-w- c:\windows\system32\drivers\afd.sys
2012-02-21 17:32 . 2008-04-14 08:45 64512 -c--a-w- c:\windows\system32\dllcache\serial.sys
2012-02-21 17:32 . 2008-04-14 08:45 64512 ----a-w- c:\windows\system32\drivers\serial.sys
2012-02-21 17:31 . 2008-04-14 08:48 52480 -c--a-w- c:\windows\system32\dllcache\i8042prt.sys
2012-02-21 17:31 . 2008-04-14 08:48 52480 ----a-w- c:\windows\system32\drivers\i8042prt.sys
2012-02-21 17:31 . 2008-04-14 08:10 62976 -c--a-w- c:\windows\system32\dllcache\cdrom.sys
2012-02-21 17:31 . 2008-04-14 08:10 62976 ----a-w- c:\windows\system32\drivers\cdrom.sys
2012-02-21 17:31 . 2008-04-14 08:10 57600 -c--a-w- c:\windows\system32\dllcache\redbook.sys
2012-02-21 17:31 . 2008-04-14 08:10 57600 ----a-w- c:\windows\system32\drivers\redbook.sys
2012-02-21 17:06 . 2010-06-10 06:30 5588304 ----a-w- c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{35170C6F-FAF3-4BA5-805A-8D3F06F2461B}\mpengine.dll
2012-02-21 17:04 . 2012-02-21 17:04 -------- d-----w- c:\windows\system32\wbem\Repository
2012-02-10 05:09 . 2012-02-10 05:09 664 ----a-w- c:\documents and settings\NetworkService\Local Settings\Application Data\d3d9caps.tmp
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-02-22 20:05 . 2012-02-22 20:05 40776 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2012-01-12 16:53 . 2008-04-14 08:00 1859968 ----a-w- c:\windows\system32\win32k.sys
2012-01-06 04:19 . 2010-03-26 16:15 6557240 ----a-w- c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll
2011-12-17 19:46 . 2008-04-14 12:42 1469440 ------w- c:\windows\system32\inetcpl.cpl
2011-12-17 19:46 . 2008-04-14 12:42 916992 ----a-w- c:\windows\system32\wininet.dll
2011-12-17 19:46 . 2008-04-14 12:41 43520 ----a-w- c:\windows\system32\licmgr10.dll
2011-12-16 12:22 . 2008-04-14 07:07 385024 ----a-w- c:\windows\system32\html.iec
2011-12-10 23:24 . 2010-11-08 01:11 20464 ----a-w- c:\windows\system32\drivers\mbam.sys
2011-11-25 21:57 . 2008-04-14 12:42 293376 ----a-w- c:\windows\system32\winsrv.dll
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"H/PC Connection Agent"="c:\progra~1\MI3AA1~1\wcescomm.exe" [2006-11-13 1289000]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ToasterClient"="c:\program files\Cyncast\ToasterClient\\ToasterClient.exe" [2010-06-08 483328]
"MSC"="c:\program files\Microsoft Security Client\msseces.exe" [2010-11-30 997408]
"Malwarebytes' Anti-Malware"="c:\program files\Malwarebytes' Anti-Malware\mbamgui.exe" [2012-01-13 460872]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2009-09-28 13918208]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"DWQueuedReporting"="c:\progra~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" [2010-02-28 519584]
.
c:\documents and settings\Troberts\Start Menu\Programs\Startup\
OpenOffice.org 3.2.lnk - c:\program files\OpenOffice.org 3\program\quickstart.exe [2009-12-15 384000]
.
c:\documents and settings\All Users\Start Menu\Programs\Startup\
ALLDATA Collision S3500 EI.lnk - c:\windows\Installer\{FAA7E737-EBC3-4D92-84F1-040C6FAA13B8}\_B4D93AA2867D2521A059B9.exe [2011-10-26 63387]
SmartCapture.lnk - c:\program files\Seiko Instruments USA Inc\Smart Label Printer 6.4\slpcap.exe [2007-7-20 58720]
ToasterClient.lnk - c:\windows\Installer\{0E4D838E-5DA5-49CB-82B6-69E6571A81B1}\_6C5C9500ADDE2498947489.exe [2010-8-24 10134]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer]
"NoWelcomeScreen"= 1 (0x1)
.
[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{56F9679E-7826-4C84-81F3-532071A8BCC5}"= "c:\program files\Windows Desktop Search\MSNLNamespaceMgr.dll" [2009-05-25 304128]
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc]
@="Service"
.
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Adobe Acrobat Speed Launcher.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Adobe Acrobat Speed Launcher.lnk
backup=c:\windows\pss\Adobe Acrobat Speed Launcher.lnkCommon Startup
.
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Windows Search.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Windows Search.lnk
backup=c:\windows\pss\Windows Search.lnkCommon Startup
.
[HKLM\~\startupfolder\C:^Documents and Settings^Gabriel^Start Menu^Programs^Startup^OpenOffice.org 3.2.lnk]
path=c:\documents and settings\Gabriel\Start Menu\Programs\Startup\OpenOffice.org 3.2.lnk
backup=c:\windows\pss\OpenOffice.org 3.2.lnkStartup
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Acrobat Assistant 7.0]
2008-04-23 09:08 483328 ----a-w- c:\program files\Adobe\Acrobat 7.0\Distillr\acrotray.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BCSSync]
2010-03-13 21:54 91520 ----a-w- c:\program files\Microsoft Office\Office14\BCSSync.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ctfmon.exe]
2008-04-14 12:42 15360 ----a-w- c:\windows\system32\ctfmon.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
2011-04-14 18:32 421160 ----a-w- c:\program files\iTunes\iTunesHelper.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS]
2008-04-14 13:42 1695232 ------w- c:\program files\Messenger\msmsgs.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvCplDaemon]
2009-09-28 02:19 13918208 ----a-w- c:\windows\system32\nvcpl.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvMediaCenter]
2009-09-28 02:19 86016 ----a-w- c:\windows\system32\nvmctray.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
2010-11-30 00:38 421888 ----a-w- c:\program files\QuickTime\QTTask.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RTHDCPL]
2010-03-25 15:07 18791456 ----a-w- c:\windows\RTHDCPL.EXE
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
2010-10-29 22:49 249064 ----a-w- c:\program files\Common Files\Java\Java Update\jusched.exe
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"DisableNotifications"= 1 (0x1)
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=
"c:\program files\Microsoft ActiveSync\rapimgr.exe"= c:\program files\Microsoft ActiveSync\rapimgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync RAPI Manager
"c:\program files\Microsoft ActiveSync\wcescomm.exe"= c:\program files\Microsoft ActiveSync\wcescomm.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Connection Manager
"c:\program files\Microsoft ActiveSync\WCESMgr.exe"= c:\program files\Microsoft ActiveSync\WCESMgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Application
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"26675:TCP"= 26675:TCP:169.254.2.0/255.255.255.0:Enabled:ActiveSync Service
.
R2 MBAMService;MBAMService;c:\program files\Malwarebytes' Anti-Malware\mbamservice.exe [11/7/2010 5:12 PM 652360]
R2 OECApplicationUpdaterService;OECApplicationUpdaterService;c:\program files\OEConnection\OEConnection Application Update Service\OECUpdaterService.exe [7/1/2009 6:14 PM 28672]
R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [11/7/2010 5:11 PM 20464]
S3 Ambfilt;Ambfilt;c:\windows\system32\drivers\Ambfilt.sys [3/25/2010 7:11 AM 1691480]
S3 Microsoft SharePoint Workspace Audit Service;Microsoft SharePoint Workspace Audit Service;c:\program files\Microsoft Office\Office14\GROOVE.EXE [3/25/2010 9:25 AM 30969208]
S3 NgFilter;Aventail VPN Filter;c:\windows\system32\DRIVERS\ngfilter.sys --> c:\windows\system32\DRIVERS\ngfilter.sys [?]
S3 NgLog;Aventail VPN Logging;c:\windows\system32\DRIVERS\nglog.sys --> c:\windows\system32\DRIVERS\nglog.sys [?]
S3 NgVpn;Aventail VPN Adapter;c:\windows\system32\DRIVERS\ngvpn.sys --> c:\windows\system32\DRIVERS\ngvpn.sys [?]
S3 NgWfp;Aventail VPN Callout;c:\windows\system32\DRIVERS\ngwfp.sys --> c:\windows\system32\DRIVERS\ngwfp.sys [?]
S3 osppsvc;Office Software Protection Platform;c:\program files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [1/9/2010 8:37 PM 4640000]
S3 PROCEXP150;PROCEXP150;\??\c:\windows\system32\Drivers\PROCEXP150.SYS --> c:\windows\system32\Drivers\PROCEXP150.SYS [?]
.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
se44mdfl
.
Contents of the 'Scheduled Tasks' folder
.
2012-02-17 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 20:34]
.
2012-02-21 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1220945662-73586283-682003330-500Core.job
- c:\documents and settings\Administrator\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2010-03-25 09:08]
.
2012-02-22 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1220945662-73586283-682003330-500UA.job
- c:\documents and settings\Administrator\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2010-03-25 09:08]
.
2012-02-22 c:\windows\Tasks\User_Feed_Synchronization-{4A0E6716-CE14-4B96-BF0E-DFA83E89BAB0}.job
- c:\windows\system32\msfeedssync.exe [2009-03-08 11:31]
.
2012-02-22 c:\windows\Tasks\User_Feed_Synchronization-{66519A3D-25AE-4183-9A60-D2C21E6B0195}.job
- c:\windows\system32\msfeedssync.exe [2009-03-08 11:31]
.
.
------- Supplementary Scan -------
.
uInternet Settings,ProxyOverride = *.local
Trusted Zone: processclaims.com
Trusted Zone: processclaims.com\shopflow
TCP: DhcpNameServer = 209.18.47.61 209.18.47.62
DPF: DownloadClientAccessCab - hxxp://www.processclaims.com/web/cab/DownloadClientAccess.CAB
DPF: {5D357AB9-10EA-49A7-B2EB-B8F07C9E1EF4} - hxxp://shopflow.processclaims.com/ShopFlowWeb/WebResource.axd?d=uAxWuL9du8tEA6VQyEYRcP9Mk9SMwbQnDX54lfIJoHPYZBJG_PxVERseDMygzdbcKxhZxCTy6_qOYalgGp4hQPsX_UQjLfF-M04EyqZSPAw1&t=633934566620000000
DPF: {6B081705-DB09-4C5C-9CD0-F50AE950AB01} - hxxp://caf.oeconnection.com/applications/collisionlink/shopclient/install.cab
FF - ProfilePath - c:\documents and settings\Gabriel\Application Data\Mozilla\Firefox\Profiles\hi28lrfl.default\
FF - prefs.js: browser.search.defaulturl - hxxp://www.bing.com/search?FORM=SO3TDF&PC=SUN3&q=
FF - prefs.js: browser.startup.homepage - hxxp://www.msn.com/?pc=SUN3
FF - prefs.js: keyword.URL - hxxp://www.bing.com/search?FORM=SO3TDF&PC=SUN3&q=
FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}
FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension
FF - Ext: Java Quick Starter: jqs@sun.com - c:\program files\Java\jre6\lib\deploy\jqs\ff
FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - %profile%\extensions\{20a82645-c095-46ed-80e3-08825760534b}
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2012-02-22 12:02
Windows 5.1.2600 Service Pack 3 NTFS
.
scanning hidden processes ...
.
scanning hidden autostart entries ...
.
scanning hidden files ...
.
scan completed successfully
hidden files: 0
.
**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------
.
- - - - - - - > 'explorer.exe'(3508)
c:\windows\system32\WININET.dll
c:\progra~1\COMMON~1\MICROS~1\OFFICE14\Cultures\office.odf
c:\progra~1\MICROS~2\Office14\1033\GrooveIntlResource.dll
c:\program files\Windows Desktop Search\deskbar.dll
c:\program files\Windows Desktop Search\en-us\dbres.dll.mui
c:\program files\Windows Desktop Search\dbres.dll
c:\program files\Windows Desktop Search\wordwheel.dll
c:\program files\Windows Desktop Search\en-us\msnlExtRes.dll.mui
c:\program files\Windows Desktop Search\msnlExtRes.dll
c:\windows\system32\ieframe.dll
c:\windows\system32\webcheck.dll
c:\program files\Windows Desktop Search\wdsShell.dll
c:\program files\Windows Desktop Search\msnlExt.dll
c:\windows\System32\PROPSYS.dll
c:\program files\Windows Desktop Search\MSNLNamespaceMgr.dll
c:\program files\Windows Desktop Search\MSNLDl.dll
c:\windows\System32\msshsq.dll
c:\windows\system32\en-us\tQuery.dll.mui
c:\windows\system32\mshtml.dll
c:\windows\system32\msls31.dll
c:\windows\system32\jscript.dll
c:\windows\system32\Dxtrans.dll
c:\windows\system32\Dxtmsft.dll
c:\program files\Windows Desktop Search\WdsMktTools.dll
.
------------------------ Other Running Processes ------------------------
.
c:\windows\system32\nvsvc32.exe
c:\program files\Microsoft Security Client\Antimalware\MsMpEng.exe
c:\program files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
c:\program files\Bonjour\mDNSResponder.exe
c:\program files\Java\jre6\bin\jqs.exe
c:\program files\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe
c:\program files\Microsoft SQL Server\90\Shared\sqlbrowser.exe
c:\program files\Microsoft SQL Server\90\Shared\sqlwriter.exe
c:\program files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
c:\windows\system32\SearchIndexer.exe
c:\program files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
c:\windows\system32\wscntfy.exe
c:\program files\Cyncast\ToasterClient\ToasterClient.exe
c:\progra~1\MI3AA1~1\rapimgr.exe
c:\documents and settings\All Users\Application Data\NuGen IT\CDX\CDX\App\CdxApp.exe
c:\windows\system32\NOTEPAD.EXE
c:\windows\system32\SearchProtocolHost.exe
c:\windows\system32\SearchFilterHost.exe
.
**************************************************************************
.
Completion time: 2012-02-22 12:07:54 - machine was rebooted
ComboFix-quarantined-files.txt 2012-02-22 20:07
.
Pre-Run: 124,602,032,128 bytes free
Post-Run: 124,639,395,840 bytes free
.
- - End Of File - - 23DFE531A0C7C024737A80AA5D515EC0


Malwarebytes Anti-Malware (PRO) 1.60.1.1000
www.malwarebytes.org

Database version: v2012.02.25.04

Windows XP Service Pack 3 x86 NTFS
Internet Explorer 8.0.6001.18702
gtorres :: CBW-EST2 [administrator]

Protection: Enabled

2/25/2012 8:24:48 AM
mbam-log-2012-02-25 (08-24-48).txt

Scan type: Quick scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 267619
Time elapsed: 3 minute(s), 21 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 0
(No malicious items detected)

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 0
(No malicious items detected)

Files Detected: 0
(No malicious items detected)

(end)

#9 SweetTech

SweetTech

    Agent ST


  • Members
  • 13,421 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Antarctica
  • Local time:12:30 AM

Posted 26 February 2012 - 01:35 AM

Hi!

Please post this log file for me:

I would also like to see a list of files quarantined by ComboFix, so please do this:
Click Start > Run then copy/paste the following single-line command into the Run box and click OK:

C:\Qoobox\ComboFix-quarantined-files.txt

A text file should open. Post the contents of that file in your next reply.

Have I helped you? If you'd like to assist in the fight against malware, click here Posted Image


The instructions seen in this post have been specifically tailored to this user and the issues they are experiencing with their computer. If you think you have a similar problem, please first read this topic, and then begin your own, new thread. I do not offer private support via Private Message.


#10 mypcsupportteam

mypcsupportteam
  • Topic Starter

  • Members
  • 11 posts
  • OFFLINE
  •  
  • Local time:11:30 PM

Posted 26 February 2012 - 11:22 AM

2012-02-22 19:58:33 . 2012-02-24 16:36:05 5,459 ----a-w- C:\Qoobox\Quarantine\Registry_backups\tcpip.reg
2012-02-22 19:52:56 . 2012-02-22 19:52:56 0 ----a-w- C:\Qoobox\Quarantine\catchme.txt
2012-02-22 19:45:48 . 2012-02-24 16:31:48 510 ----a-w- C:\Qoobox\Quarantine\catchme.log
2012-02-05 14:18:21 . 2012-02-17 22:57:51 0 ----a-w- C:\Qoobox\Quarantine\C\WINDOWS\system32\dds_trash_log.cmd.vir

#11 SweetTech

SweetTech

    Agent ST


  • Members
  • 13,421 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Antarctica
  • Local time:12:30 AM

Posted 26 February 2012 - 12:34 PM

Hi!

Please run this scan on the computer for me:


ESET Online Scanner
I'd like us to scan your machine with ESET Online Scan

Note: It is recommended to disable on-board anti-virus program and anti-spyware programs while performing scans so there are no conflicts and it will speed up scan time.
Please don't go surfing while your resident protection is disabled!
Once the scan is finished remember to re-enable your anti-virus along with your anti-spyware programs.



  • Hold down Control and click on the following link to open ESET OnlineScan in a new window.
    ESET OnlineScan
  • Click the Posted Image button.
  • For alternate browsers only: (Microsoft Internet Explorer users can skip these steps)
    • Click on Posted Image to download the ESET Smart Installer. Save it to your desktop.
    • Double click on the Posted Image icon on your desktop.
  • Check Posted Image
  • Click the Posted Image button.
  • Accept any security warnings from your browser.
  • Check Posted Image
  • Make sure that the option "Remove found threats" is Unchecked
  • When the Computer scan settings display shows, click the Advanced option, the place a check next to the following (if it is not already checked):
    • Enable Anti-Stealth technology
  • Push the Start button.
  • ESET will then download updates for itself, install itself, and begin
    scanning your computer. Please be patient as this can take some time.
  • When the scan completes, push Posted Image
  • Push Posted Image, and save the file to your desktop using a unique name, such as
    ESETScan. Include the contents of this report in your next reply.
  • Push the Posted Image button.
  • Push Posted Image

Have I helped you? If you'd like to assist in the fight against malware, click here Posted Image


The instructions seen in this post have been specifically tailored to this user and the issues they are experiencing with their computer. If you think you have a similar problem, please first read this topic, and then begin your own, new thread. I do not offer private support via Private Message.


#12 mypcsupportteam

mypcsupportteam
  • Topic Starter

  • Members
  • 11 posts
  • OFFLINE
  •  
  • Local time:11:30 PM

Posted 26 February 2012 - 07:14 PM

Here is the log you requested. I bought some more time with my client to try and beat this thing. Here is the latest log your requested

C:\System Volume Information\_restore{5F718072-B7E6-4FD7-B8EB-D3C2E167C783}\RP796\A0039643.sys Win32/Sirefef.DA trojan
C:\System Volume Information\_restore{5F718072-B7E6-4FD7-B8EB-D3C2E167C783}\RP796\A0039655.sys Win32/Sirefef.DA trojan
C:\System Volume Information\_restore{5F718072-B7E6-4FD7-B8EB-D3C2E167C783}\RP796\A0040655.sys Win32/Sirefef.DA trojan
C:\System Volume Information\_restore{5F718072-B7E6-4FD7-B8EB-D3C2E167C783}\RP796\A0040667.sys Win32/Sirefef.DA trojan
C:\System Volume Information\_restore{5F718072-B7E6-4FD7-B8EB-D3C2E167C783}\RP796\A0040694.sys Win32/Sirefef.DA trojan
C:\System Volume Information\_restore{5F718072-B7E6-4FD7-B8EB-D3C2E167C783}\RP796\A0040718.sys Win32/Sirefef.DA trojan
C:\System Volume Information\_restore{5F718072-B7E6-4FD7-B8EB-D3C2E167C783}\RP796\A0040730.sys Win32/Sirefef.DA trojan
C:\System Volume Information\_restore{5F718072-B7E6-4FD7-B8EB-D3C2E167C783}\RP796\A0040743.sys Win32/Sirefef.DA trojan
C:\System Volume Information\_restore{5F718072-B7E6-4FD7-B8EB-D3C2E167C783}\RP796\A0040766.sys Win32/Sirefef.DA trojan
C:\System Volume Information\_restore{5F718072-B7E6-4FD7-B8EB-D3C2E167C783}\RP796\A0041837.sys Win32/Sirefef.DA trojan
C:\System Volume Information\_restore{5F718072-B7E6-4FD7-B8EB-D3C2E167C783}\RP797\A0043868.sys Win32/Sirefef.DA trojan
C:\System Volume Information\_restore{5F718072-B7E6-4FD7-B8EB-D3C2E167C783}\RP799\A0044203.sys Win32/Sirefef.DA trojan
C:\System Volume Information\_restore{5F718072-B7E6-4FD7-B8EB-D3C2E167C783}\RP799\A0044228.sys Win32/Sirefef.DA trojan
C:\System Volume Information\_restore{5F718072-B7E6-4FD7-B8EB-D3C2E167C783}\RP799\A0044242.sys Win32/Sirefef.DA trojan
C:\System Volume Information\_restore{5F718072-B7E6-4FD7-B8EB-D3C2E167C783}\RP799\A0044266.sys Win32/Sirefef.DA trojan
C:\System Volume Information\_restore{5F718072-B7E6-4FD7-B8EB-D3C2E167C783}\RP802\A0044340.sys Win32/Sirefef.DA trojan
C:\System Volume Information\_restore{5F718072-B7E6-4FD7-B8EB-D3C2E167C783}\RP804\A0044391.sys Win32/Sirefef.DA trojan
C:\System Volume Information\_restore{5F718072-B7E6-4FD7-B8EB-D3C2E167C783}\RP805\A0044445.sys Win32/Sirefef.DA trojan
C:\System Volume Information\_restore{5F718072-B7E6-4FD7-B8EB-D3C2E167C783}\RP806\A0044495.sys Win32/Sirefef.DA trojan
C:\System Volume Information\_restore{5F718072-B7E6-4FD7-B8EB-D3C2E167C783}\RP807\A0044543.sys Win32/Sirefef.DA trojan
C:\System Volume Information\_restore{5F718072-B7E6-4FD7-B8EB-D3C2E167C783}\RP809\A0044600.sys Win32/Sirefef.DA trojan
C:\System Volume Information\_restore{5F718072-B7E6-4FD7-B8EB-D3C2E167C783}\RP810\A0044611.sys Win32/Sirefef.DA trojan
C:\System Volume Information\_restore{5F718072-B7E6-4FD7-B8EB-D3C2E167C783}\RP811\A0044672.sys Win32/Sirefef.DA trojan
C:\System Volume Information\_restore{5F718072-B7E6-4FD7-B8EB-D3C2E167C783}\RP813\A0044753.sys Win32/Sirefef.DA trojan
C:\System Volume Information\_restore{5F718072-B7E6-4FD7-B8EB-D3C2E167C783}\RP816\A0044830.sys Win32/Sirefef.DA trojan
C:\System Volume Information\_restore{5F718072-B7E6-4FD7-B8EB-D3C2E167C783}\RP817\A0044874.sys Win32/Sirefef.DA trojan
C:\System Volume Information\_restore{5F718072-B7E6-4FD7-B8EB-D3C2E167C783}\RP818\A0044909.sys Win32/Sirefef.DA trojan
C:\System Volume Information\_restore{5F718072-B7E6-4FD7-B8EB-D3C2E167C783}\RP818\A0045909.sys Win32/Sirefef.DA trojan
C:\System Volume Information\_restore{5F718072-B7E6-4FD7-B8EB-D3C2E167C783}\RP819\A0045986.sys Win32/Sirefef.DA trojan
C:\System Volume Information\_restore{5F718072-B7E6-4FD7-B8EB-D3C2E167C783}\RP819\A0046016.sys Win32/Sirefef.DA trojan
C:\System Volume Information\_restore{5F718072-B7E6-4FD7-B8EB-D3C2E167C783}\RP820\A0046060.sys Win32/Sirefef.DA trojan
C:\System Volume Information\_restore{5F718072-B7E6-4FD7-B8EB-D3C2E167C783}\RP822\A0046109.sys Win32/Sirefef.DA trojan
C:\System Volume Information\_restore{5F718072-B7E6-4FD7-B8EB-D3C2E167C783}\RP824\A0046175.sys Win32/Sirefef.DA trojan
C:\System Volume Information\_restore{5F718072-B7E6-4FD7-B8EB-D3C2E167C783}\RP824\A0046375.sys Win32/Sirefef.DA trojan
C:\System Volume Information\_restore{5F718072-B7E6-4FD7-B8EB-D3C2E167C783}\RP825\A0046414.sys Win32/Sirefef.DA trojan
C:\System Volume Information\_restore{5F718072-B7E6-4FD7-B8EB-D3C2E167C783}\RP826\A0046448.sys Win32/Sirefef.DA trojan
C:\System Volume Information\_restore{5F718072-B7E6-4FD7-B8EB-D3C2E167C783}\RP829\A0046521.sys Win32/Sirefef.DA trojan
C:\System Volume Information\_restore{5F718072-B7E6-4FD7-B8EB-D3C2E167C783}\RP831\A0046566.sys Win32/Sirefef.DA trojan
C:\System Volume Information\_restore{5F718072-B7E6-4FD7-B8EB-D3C2E167C783}\RP831\A0046579.sys Win32/Sirefef.DA trojan
C:\System Volume Information\_restore{5F718072-B7E6-4FD7-B8EB-D3C2E167C783}\RP831\A0046606.sys Win32/Sirefef.DA trojan
C:\System Volume Information\_restore{5F718072-B7E6-4FD7-B8EB-D3C2E167C783}\RP832\A0046643.sys Win32/Sirefef.DA trojan
C:\System Volume Information\_restore{5F718072-B7E6-4FD7-B8EB-D3C2E167C783}\RP834\A0046727.sys Win32/Sirefef.DA trojan
C:\System Volume Information\_restore{5F718072-B7E6-4FD7-B8EB-D3C2E167C783}\RP836\A0047727.sys Win32/Sirefef.DA trojan
C:\System Volume Information\_restore{5F718072-B7E6-4FD7-B8EB-D3C2E167C783}\RP836\A0047747.sys Win32/Sirefef.DA trojan
C:\System Volume Information\_restore{5F718072-B7E6-4FD7-B8EB-D3C2E167C783}\RP837\A0047963.sys Win32/Sirefef.DA trojan
C:\System Volume Information\_restore{5F718072-B7E6-4FD7-B8EB-D3C2E167C783}\RP838\A0048002.sys Win32/Sirefef.DA trojan
C:\System Volume Information\_restore{5F718072-B7E6-4FD7-B8EB-D3C2E167C783}\RP840\A0048107.sys Win32/Sirefef.DA trojan
C:\System Volume Information\_restore{5F718072-B7E6-4FD7-B8EB-D3C2E167C783}\RP843\A0048172.sys Win32/Sirefef.DA trojan
C:\System Volume Information\_restore{5F718072-B7E6-4FD7-B8EB-D3C2E167C783}\RP844\A0048209.sys Win32/Sirefef.DA trojan
C:\System Volume Information\_restore{5F718072-B7E6-4FD7-B8EB-D3C2E167C783}\RP846\A0048281.sys Win32/Sirefef.DA trojan
C:\System Volume Information\_restore{5F718072-B7E6-4FD7-B8EB-D3C2E167C783}\RP846\A0048290.sys Win32/Sirefef.DA trojan
C:\System Volume Information\_restore{5F718072-B7E6-4FD7-B8EB-D3C2E167C783}\RP849\A0048369.sys Win32/Sirefef.DA trojan
C:\System Volume Information\_restore{5F718072-B7E6-4FD7-B8EB-D3C2E167C783}\RP852\A0048626.sys Win32/Sirefef.DA trojan
C:\System Volume Information\_restore{5F718072-B7E6-4FD7-B8EB-D3C2E167C783}\RP854\A0048884.sys Win32/Sirefef.DA trojan
C:\System Volume Information\_restore{5F718072-B7E6-4FD7-B8EB-D3C2E167C783}\RP857\A0048977.sys Win32/Sirefef.DA trojan
C:\System Volume Information\_restore{5F718072-B7E6-4FD7-B8EB-D3C2E167C783}\RP866\A0050363.sys a variant of Win32/Sirefef.DA trojan
C:\System Volume Information\_restore{5F718072-B7E6-4FD7-B8EB-D3C2E167C783}\RP866\A0050374.sys a variant of Win32/Sirefef.DA trojan
C:\TDSSKiller_Quarantine\22.02.2012_11.37.41\rtkt0000\svc0000\tsk0000.dta a variant of Win32/Sirefef.DA trojan
C:\TDSSKiller_Quarantine\22.02.2012_11.37.41\rtkt0001\svc0000\tsk0000.dta a variant of Win32/Sirefef.DA trojan
C:\TDSSKiller_Quarantine\22.02.2012_11.37.41\rtkt0002\svc0000\tsk0000.dta a variant of Win32/Sirefef.DA trojan
C:\TDSSKiller_Quarantine\22.02.2012_12.25.45\rtkt0000\svc0000\tsk0000.dta a variant of Win32/Sirefef.DA trojan

#13 SweetTech

SweetTech

    Agent ST


  • Members
  • 13,421 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Antarctica
  • Local time:12:30 AM

Posted 27 February 2012 - 03:43 AM

Hi!

How are things running?


These threat(s) below are currently in Quarantine/System Restore and shall be removed when we clean up our tools later on.

C:\System Volume Information\_restore{5F718072-B7E6-4FD7-B8EB-D3C2E167C783}\RP796\A0039643.sys Win32/Sirefef.DA trojan
C:\System Volume Information\_restore{5F718072-B7E6-4FD7-B8EB-D3C2E167C783}\RP796\A0039655.sys Win32/Sirefef.DA trojan
C:\System Volume Information\_restore{5F718072-B7E6-4FD7-B8EB-D3C2E167C783}\RP796\A0040655.sys Win32/Sirefef.DA trojan
C:\System Volume Information\_restore{5F718072-B7E6-4FD7-B8EB-D3C2E167C783}\RP796\A0040667.sys Win32/Sirefef.DA trojan
C:\System Volume Information\_restore{5F718072-B7E6-4FD7-B8EB-D3C2E167C783}\RP796\A0040694.sys Win32/Sirefef.DA trojan
C:\System Volume Information\_restore{5F718072-B7E6-4FD7-B8EB-D3C2E167C783}\RP796\A0040718.sys Win32/Sirefef.DA trojan
C:\System Volume Information\_restore{5F718072-B7E6-4FD7-B8EB-D3C2E167C783}\RP796\A0040730.sys Win32/Sirefef.DA trojan
C:\System Volume Information\_restore{5F718072-B7E6-4FD7-B8EB-D3C2E167C783}\RP796\A0040743.sys Win32/Sirefef.DA trojan
C:\System Volume Information\_restore{5F718072-B7E6-4FD7-B8EB-D3C2E167C783}\RP796\A0040766.sys Win32/Sirefef.DA trojan
C:\System Volume Information\_restore{5F718072-B7E6-4FD7-B8EB-D3C2E167C783}\RP796\A0041837.sys Win32/Sirefef.DA trojan
C:\System Volume Information\_restore{5F718072-B7E6-4FD7-B8EB-D3C2E167C783}\RP797\A0043868.sys Win32/Sirefef.DA trojan
C:\System Volume Information\_restore{5F718072-B7E6-4FD7-B8EB-D3C2E167C783}\RP799\A0044203.sys Win32/Sirefef.DA trojan
C:\System Volume Information\_restore{5F718072-B7E6-4FD7-B8EB-D3C2E167C783}\RP799\A0044228.sys Win32/Sirefef.DA trojan
C:\System Volume Information\_restore{5F718072-B7E6-4FD7-B8EB-D3C2E167C783}\RP799\A0044242.sys Win32/Sirefef.DA trojan
C:\System Volume Information\_restore{5F718072-B7E6-4FD7-B8EB-D3C2E167C783}\RP799\A0044266.sys Win32/Sirefef.DA trojan
C:\System Volume Information\_restore{5F718072-B7E6-4FD7-B8EB-D3C2E167C783}\RP802\A0044340.sys Win32/Sirefef.DA trojan
C:\System Volume Information\_restore{5F718072-B7E6-4FD7-B8EB-D3C2E167C783}\RP804\A0044391.sys Win32/Sirefef.DA trojan
C:\System Volume Information\_restore{5F718072-B7E6-4FD7-B8EB-D3C2E167C783}\RP805\A0044445.sys Win32/Sirefef.DA trojan
C:\System Volume Information\_restore{5F718072-B7E6-4FD7-B8EB-D3C2E167C783}\RP806\A0044495.sys Win32/Sirefef.DA trojan
C:\System Volume Information\_restore{5F718072-B7E6-4FD7-B8EB-D3C2E167C783}\RP807\A0044543.sys Win32/Sirefef.DA trojan
C:\System Volume Information\_restore{5F718072-B7E6-4FD7-B8EB-D3C2E167C783}\RP809\A0044600.sys Win32/Sirefef.DA trojan
C:\System Volume Information\_restore{5F718072-B7E6-4FD7-B8EB-D3C2E167C783}\RP810\A0044611.sys Win32/Sirefef.DA trojan
C:\System Volume Information\_restore{5F718072-B7E6-4FD7-B8EB-D3C2E167C783}\RP811\A0044672.sys Win32/Sirefef.DA trojan
C:\System Volume Information\_restore{5F718072-B7E6-4FD7-B8EB-D3C2E167C783}\RP813\A0044753.sys Win32/Sirefef.DA trojan
C:\System Volume Information\_restore{5F718072-B7E6-4FD7-B8EB-D3C2E167C783}\RP816\A0044830.sys Win32/Sirefef.DA trojan
C:\System Volume Information\_restore{5F718072-B7E6-4FD7-B8EB-D3C2E167C783}\RP817\A0044874.sys Win32/Sirefef.DA trojan
C:\System Volume Information\_restore{5F718072-B7E6-4FD7-B8EB-D3C2E167C783}\RP818\A0044909.sys Win32/Sirefef.DA trojan
C:\System Volume Information\_restore{5F718072-B7E6-4FD7-B8EB-D3C2E167C783}\RP818\A0045909.sys Win32/Sirefef.DA trojan
C:\System Volume Information\_restore{5F718072-B7E6-4FD7-B8EB-D3C2E167C783}\RP819\A0045986.sys Win32/Sirefef.DA trojan
C:\System Volume Information\_restore{5F718072-B7E6-4FD7-B8EB-D3C2E167C783}\RP819\A0046016.sys Win32/Sirefef.DA trojan
C:\System Volume Information\_restore{5F718072-B7E6-4FD7-B8EB-D3C2E167C783}\RP820\A0046060.sys Win32/Sirefef.DA trojan
C:\System Volume Information\_restore{5F718072-B7E6-4FD7-B8EB-D3C2E167C783}\RP822\A0046109.sys Win32/Sirefef.DA trojan
C:\System Volume Information\_restore{5F718072-B7E6-4FD7-B8EB-D3C2E167C783}\RP824\A0046175.sys Win32/Sirefef.DA trojan
C:\System Volume Information\_restore{5F718072-B7E6-4FD7-B8EB-D3C2E167C783}\RP824\A0046375.sys Win32/Sirefef.DA trojan
C:\System Volume Information\_restore{5F718072-B7E6-4FD7-B8EB-D3C2E167C783}\RP825\A0046414.sys Win32/Sirefef.DA trojan
C:\System Volume Information\_restore{5F718072-B7E6-4FD7-B8EB-D3C2E167C783}\RP826\A0046448.sys Win32/Sirefef.DA trojan
C:\System Volume Information\_restore{5F718072-B7E6-4FD7-B8EB-D3C2E167C783}\RP829\A0046521.sys Win32/Sirefef.DA trojan
C:\System Volume Information\_restore{5F718072-B7E6-4FD7-B8EB-D3C2E167C783}\RP831\A0046566.sys Win32/Sirefef.DA trojan
C:\System Volume Information\_restore{5F718072-B7E6-4FD7-B8EB-D3C2E167C783}\RP831\A0046579.sys Win32/Sirefef.DA trojan
C:\System Volume Information\_restore{5F718072-B7E6-4FD7-B8EB-D3C2E167C783}\RP831\A0046606.sys Win32/Sirefef.DA trojan
C:\System Volume Information\_restore{5F718072-B7E6-4FD7-B8EB-D3C2E167C783}\RP832\A0046643.sys Win32/Sirefef.DA trojan
C:\System Volume Information\_restore{5F718072-B7E6-4FD7-B8EB-D3C2E167C783}\RP834\A0046727.sys Win32/Sirefef.DA trojan
C:\System Volume Information\_restore{5F718072-B7E6-4FD7-B8EB-D3C2E167C783}\RP836\A0047727.sys Win32/Sirefef.DA trojan
C:\System Volume Information\_restore{5F718072-B7E6-4FD7-B8EB-D3C2E167C783}\RP836\A0047747.sys Win32/Sirefef.DA trojan
C:\System Volume Information\_restore{5F718072-B7E6-4FD7-B8EB-D3C2E167C783}\RP837\A0047963.sys Win32/Sirefef.DA trojan
C:\System Volume Information\_restore{5F718072-B7E6-4FD7-B8EB-D3C2E167C783}\RP838\A0048002.sys Win32/Sirefef.DA trojan
C:\System Volume Information\_restore{5F718072-B7E6-4FD7-B8EB-D3C2E167C783}\RP840\A0048107.sys Win32/Sirefef.DA trojan
C:\System Volume Information\_restore{5F718072-B7E6-4FD7-B8EB-D3C2E167C783}\RP843\A0048172.sys Win32/Sirefef.DA trojan
C:\System Volume Information\_restore{5F718072-B7E6-4FD7-B8EB-D3C2E167C783}\RP844\A0048209.sys Win32/Sirefef.DA trojan
C:\System Volume Information\_restore{5F718072-B7E6-4FD7-B8EB-D3C2E167C783}\RP846\A0048281.sys Win32/Sirefef.DA trojan
C:\System Volume Information\_restore{5F718072-B7E6-4FD7-B8EB-D3C2E167C783}\RP846\A0048290.sys Win32/Sirefef.DA trojan
C:\System Volume Information\_restore{5F718072-B7E6-4FD7-B8EB-D3C2E167C783}\RP849\A0048369.sys Win32/Sirefef.DA trojan
C:\System Volume Information\_restore{5F718072-B7E6-4FD7-B8EB-D3C2E167C783}\RP852\A0048626.sys Win32/Sirefef.DA trojan
C:\System Volume Information\_restore{5F718072-B7E6-4FD7-B8EB-D3C2E167C783}\RP854\A0048884.sys Win32/Sirefef.DA trojan
C:\System Volume Information\_restore{5F718072-B7E6-4FD7-B8EB-D3C2E167C783}\RP857\A0048977.sys Win32/Sirefef.DA trojan
C:\System Volume Information\_restore{5F718072-B7E6-4FD7-B8EB-D3C2E167C783}\RP866\A0050363.sys a variant of Win32/Sirefef.DA trojan
C:\System Volume Information\_restore{5F718072-B7E6-4FD7-B8EB-D3C2E167C783}\RP866\A0050374.sys a variant of Win32/Sirefef.DA trojan
C:\TDSSKiller_Quarantine\22.02.2012_11.37.41\rtkt0000\svc0000\tsk0000.dta a variant of Win32/Sirefef.DA trojan
C:\TDSSKiller_Quarantine\22.02.2012_11.37.41\rtkt0001\svc0000\tsk0000.dta a variant of Win32/Sirefef.DA trojan
C:\TDSSKiller_Quarantine\22.02.2012_11.37.41\rtkt0002\svc0000\tsk0000.dta a variant of Win32/Sirefef.DA trojan
C:\TDSSKiller_Quarantine\22.02.2012_12.25.45\rtkt0000\svc0000\tsk0000.dta a variant of Win32/Sirefef.DA trojan



NEXT:



Security Check
Download Security Check by screen317 from here or here.
  • Save it to your Desktop.
  • Double click SecurityCheck.exe and follow the onscreen instructions inside of the black box.
  • A Notepad document should open automatically called checkup.txt; please post the contents of that document.

Have I helped you? If you'd like to assist in the fight against malware, click here Posted Image


The instructions seen in this post have been specifically tailored to this user and the issues they are experiencing with their computer. If you think you have a similar problem, please first read this topic, and then begin your own, new thread. I do not offer private support via Private Message.


#14 mypcsupportteam

mypcsupportteam
  • Topic Starter

  • Members
  • 11 posts
  • OFFLINE
  •  
  • Local time:11:30 PM

Posted 27 February 2012 - 09:31 AM

Still have no access to the services I mentioned earlier. Pc is running fine except for that

Here is the current log and thanks for your continued help

Results of screen317's Security Check version 0.99.24
Windows XP Service Pack 3 x86
Internet Explorer 8
``````````````````````````````
Antivirus/Firewall Check:

Windows Firewall Enabled!
ESET Online Scanner v3
Microsoft Security Essentials
Antivirus up to date! (On Access scanning disabled!)
```````````````````````````````
Anti-malware/Other Utilities Check:

CCleaner
Java™ 6 Update 24
Out of date Java installed!
Adobe Flash Player ( 10.2.152.32) Flash Player Out of Date!
Mozilla Firefox (3.6.17) Firefox Out of Date!
Mozilla Thunderbird (3.1.9) Thunderbird Out of Date!
````````````````````````````````
Process Check:
objlist.exe by Laurent

Windows Defender MSMpEng.exe
Malwarebytes' Anti-Malware mbamservice.exe
Malwarebytes' Anti-Malware mbamgui.exe
Microsoft Security Essentials msseces.exe
Microsoft Security Client Antimalware MsMpEng.exe
``````````End of Log````````````

#15 SweetTech

SweetTech

    Agent ST


  • Members
  • 13,421 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Antarctica
  • Local time:12:30 AM

Posted 27 February 2012 - 10:59 AM

Could you please remind me again, what service this is that's not working, and the exact error message you're receiving when you attempt to start it?

Have I helped you? If you'd like to assist in the fight against malware, click here Posted Image


The instructions seen in this post have been specifically tailored to this user and the issues they are experiencing with their computer. If you think you have a similar problem, please first read this topic, and then begin your own, new thread. I do not offer private support via Private Message.





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users