Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

After TR/Rootkit.Gen2 (Avira) internet won't work


  • This topic is locked This topic is locked
49 replies to this topic

#1 lakecharles6

lakecharles6

  • Members
  • 27 posts
  • OFFLINE
  •  
  • Local time:03:21 PM

Posted 13 May 2012 - 03:17 AM

Running Windows XP SP3, dual opteron, 2 gbs of ram can supply more info if needed have Everest installed

system restore goes back to May 4 but won't restore even when it goes through the motions, in fact, I did have CD-ROM access and now it's lost

tried netsh ip reset

get the following message:

The procedure entry point MigrateWinsockConfiguration could not be located in the dynamic link library MSWSOCK.dll

cannot get IP address setting it to static, have a Tenda Router W311R, have not tried bypassing it directly to modem, altough the router is working fine cuz I'm typing this on a Windows 7 laptop

I have an older back of the C: drive that is USB and is mounting fine still (but don't know which files I would need to restore the internet or the CD-Rom drivers, oh interestingly enough had a virtual CD drive as created by DaemonToolsLite but it's not showing up on My Computer either...

Shoot I know that the guidelines say one problem one topic but let me say this can I get the internet working first?

Any help would be deeply appreciated.

Thanks in advance

BC AdBot (Login to Remove)

 


#2 m0le

m0le

    Can U Dig It?


  • Malware Response Team
  • 34,527 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:London, UK
  • Local time:09:21 PM

Posted 15 May 2012 - 07:31 PM

Hi,

Welcome to Bleeping Computer. My name is m0le and I will be helping you with your log.
  • Please subscribe to this topic, if you haven't already. Click the Watch This Topic button at the top on the right.

  • Please avoid installing/uninstalling or updating any programs and attempting any unsupervised fixes or scans. This can make helping you impossible.

  • Please reply to this post so I know you are there.
The forum is busy and we need to have replies as soon as possible. If I haven't had a reply after 3 days I will bump the topic and if you do not reply by the following day after that then I will close the topic.

Once I receive a reply then I will return with your first instructions.

Thanks :thumbup2:
Posted Image
m0le is a proud member of UNITE

#3 lakecharles6

lakecharles6
  • Topic Starter

  • Members
  • 27 posts
  • OFFLINE
  •  
  • Local time:03:21 PM

Posted 15 May 2012 - 08:11 PM

I'm here get notifications on my phone. Hurrah for technology.

Got the internet back, got the CD ROM back, dunno if I'm still infected, there was an issue with hiberfil.sys but I read other posts and disabled hibernation

Dunno if system restore is truly working or if it's even helpful to be on and at what percentage?

Also trying to remove other possible malware from the system. Part of the problem is a raid fast track 378 which makes me nervous because I'm not familiar with adding those drivers to say Hiren...

I know this forum is made of experts such as yourself and that any advice I get in here will be sound

Thanks

#4 m0le

m0le

    Can U Dig It?


  • Malware Response Team
  • 34,527 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:London, UK
  • Local time:09:21 PM

Posted 16 May 2012 - 05:37 PM

Congratulations on getting the connection back. Let's see if we can check where we are.

Please download aswMBR ( 511KB ) to your desktop.
  • Double click the aswMBR.exe icon to run it
  • Click the Scan button to start the scan
  • On completion of the scan, click the save log button, save it to your desktop and post it in your next reply.

Posted Image
m0le is a proud member of UNITE

#5 lakecharles6

lakecharles6
  • Topic Starter

  • Members
  • 27 posts
  • OFFLINE
  •  
  • Local time:03:21 PM

Posted 16 May 2012 - 10:02 PM

mOle

let me clarify, i got the internet on the affected computer, but I have not reestablished network connection between my desktop (affected by the malware) and my laptop

I assume you meant a quick scan (since you didn't specify otherwise),

attached is the log...

aswMBR version 0.9.9.1665 Copyright© 2011 AVAST Software
Run date: 2012-05-16 18:50:41
-----------------------------
18:50:41.890 OS Version: Windows 5.1.2600 Service Pack 3
18:50:41.890 Number of processors: 2 586 0x501
18:50:41.906 ComputerName: DUALOPT UserName: Guy
18:50:42.796 Initialize success
18:50:43.921 AVAST engine defs: 12051601
18:51:09.703 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Scsi\fasttx2k1Port0Path0Target0Lun0
18:51:09.718 Disk 0 Vendor: Promise_ 1.10 Size: 305245MB BusType: 1
18:51:09.734 Disk 0 MBR read successfully
18:51:09.734 Disk 0 MBR scan
18:51:09.796 Disk 0 Windows XP default MBR code
18:51:09.812 Disk 0 Partition 1 80 (A) 07 HPFS/NTFS NTFS 305242 MB offset 63
18:51:09.812 Disk 0 scanning sectors +625137345
18:51:09.890 Disk 0 scanning C:\WINDOWS\system32\drivers
18:51:23.593 Service scanning
18:51:37.234 Service sptd C:\WINDOWS\System32\Drivers\sptd.sys **LOCKED** 32
18:51:41.218 Modules scanning
18:51:48.781 Disk 0 trace - called modules:
18:51:48.828 ntkrnlpa.exe CLASSPNP.SYS disk.sys >>UNKNOWN [0x877631f8]<<
18:51:48.828 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0x8666d680]
18:51:48.828 3 CLASSPNP.SYS[f755efd7] -> nt!IofCallDriver -> \Device\Scsi\fasttx2k1Port0Path0Target0Lun0[0x8773aa38]
18:51:48.843 \Driver\fasttx2k[0x876ade48] -> IRP_MJ_CREATE -> 0x877631f8
18:51:49.218 AVAST engine scan C:\WINDOWS
18:52:06.609 AVAST engine scan C:\WINDOWS\system32
18:57:33.000 AVAST engine scan C:\WINDOWS\system32\drivers
18:58:00.140 AVAST engine scan C:\Documents and Settings\Guy
20:57:49.750 AVAST engine scan C:\Documents and Settings\All Users
21:07:21.515 Scan finished successfully
21:59:22.734 Disk 0 MBR has been saved successfully to "C:\Documents and Settings\Guy\Desktop\NetBT recovery\MBR.dat"
21:59:22.750 The log file has been saved successfully to "C:\Documents and Settings\Guy\Desktop\NetBT recovery\2012-05-16 aswMBR.txt"



Thanks

#6 m0le

m0le

    Can U Dig It?


  • Malware Response Team
  • 34,527 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:London, UK
  • Local time:09:21 PM

Posted 17 May 2012 - 05:17 PM

There's a certain rootkit which is possibly showing on the aswMBR log. Let's confirm what we have.

Download GETxPUD.exe to the desktop of your clean computer
  • Run GETxPUD.exe
  • A new folder will appear on the desktop.
  • Open the GETxPUD folder and click on the get&burn.bat
  • The program will download xpud_0.9.2.iso, and upon finished will open BurnCDCC ready to burn the image.
  • Click on Start and follow the prompts to burn the image to a CD.
  • Next download dumpit to your USB
  • Remove the USB & CD and insert it in the sick computer
  • Boot the Sick computer with the CD you just burned
  • The computer must be set to boot from the CD
  • Gently tap F12 and choose to boot from the CD
  • Follow the prompts
  • A Welcome to xPUD screen will appear
  • Press File
  • Expand mnt
  • Click on sdb1 (sdb1 represents the USB drive).
  • Double click on the dumpit file.
  • A black window will pop-up and it will dump and zip the MBR to your USB drive.
  • Press Enter to exit the black window.
  • Click on HOME tab and choose Power Off to turn off xPUD.
  • Remove the USB drive and insert it back on your working computer.
  • Locate the mbr.zip file in your USB drive and attach it when you reply.

Posted Image
m0le is a proud member of UNITE

#7 lakecharles6

lakecharles6
  • Topic Starter

  • Members
  • 27 posts
  • OFFLINE
  •  
  • Local time:03:21 PM

Posted 17 May 2012 - 08:13 PM

I'm not at home but right off the bat let me say that before I wrote that I didn't know if the computer would recognize the RAID when booting from a recovery CD without the RAID drivers.

It's true it doesn't, however I was able to add the Promise RAID FastTrack 378 drivers to Hiren 15.1 which has USB support. Would it be the same if I then ran the rootkit this way?

#8 lakecharles6

lakecharles6
  • Topic Starter

  • Members
  • 27 posts
  • OFFLINE
  •  
  • Local time:03:21 PM

Posted 17 May 2012 - 09:59 PM

got, ironically enough xPUD correctly saw my hard drive but couldn't see my jump drive... I used USB hard drive in its place and worked it out,even figured out how to attach file by selection Use Full Editor... lol

here it goes:

thanks

Attached Files

  • Attached File  mbr.zip   4.58KB   2 downloads


#9 m0le

m0le

    Can U Dig It?


  • Malware Response Team
  • 34,527 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:London, UK
  • Local time:09:21 PM

Posted 18 May 2012 - 06:38 PM

Thanks. That log rules out one variant and the following should find most of the others.

  • Download TDSSKiller and save it to your Desktop.

  • Extract its contents to your desktop and make sure TDSSKiller.exe (the contents of the zipped file) is on the Desktop itself, not within a folder on the desktop.

  • Go to Start > Run (Or you can hold down your Windows key and press R) and copy and paste the following into the text field. (make sure you include the quote marks) Then press OK.

    "%userprofile%\Desktop\TDSSKiller.exe" -l report.txt

  • Now click Start Scan.
  • If Malicious objects are found, ensure Cure is selected then click Continue > Reboot now.
  • Click Close
  • Finally press Report and copy and paste the contents into your next reply. If you've rebooted then the log will be found at C:\

Posted Image
m0le is a proud member of UNITE

#10 lakecharles6

lakecharles6
  • Topic Starter

  • Members
  • 27 posts
  • OFFLINE
  •  
  • Local time:03:21 PM

Posted 18 May 2012 - 09:52 PM

Ok

Here it is:

21:41:03.0468 5084 TDSS rootkit removing tool

2.7.35.0 May 16 2012 07:37:57
21:41:03.0921 5084

==========================================================

==
21:41:03.0921 5084 Current date / time: 2012/05/18

21:41:03.0921
21:41:03.0921 5084 SystemInfo:
21:41:03.0921 5084
21:41:03.0921 5084 OS Version: 5.1.2600 ServicePack:

3.0
21:41:03.0921 5084 Product type: Workstation
21:41:03.0921 5084 ComputerName: DUALOPT
21:41:03.0921 5084 UserName: Guy
21:41:03.0921 5084 Windows directory: C:\WINDOWS
21:41:03.0921 5084 System windows directory:

C:\WINDOWS
21:41:03.0921 5084 Processor architecture: Intel x86
21:41:03.0921 5084 Number of processors: 2
21:41:03.0921 5084 Page size: 0x1000
21:41:03.0921 5084 Boot type: Normal boot
21:41:03.0921 5084

==========================================================

==
21:41:06.0671 5084 Drive \Device\Harddisk0\DR0 -

Size: 0x4A85D40000 (298.09 Gb), SectorSize: 0x200,

Cylinders: 0x9801, SectorsPerTrack: 0x3F,

TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000058
21:41:06.0687 5084 Drive \Device\Harddisk1\DR2 -

Size: 0x1D1C1116000 (1863.02 Gb), SectorSize: 0x200,

Cylinders: 0x3B601, SectorsPerTrack: 0x3F,

TracksPerCylinder: 0xFF, Type 'W'
21:41:06.0687 5084

==========================================================

==
21:41:06.0687 5084 \Device\Harddisk0\DR0:
21:41:06.0687 5084 MBR partitions:
21:41:06.0687 5084 \Device\Harddisk0\DR0\Partition0:

MBR, Type 0x7, StartLBA 0x3F, BlocksNum 0x2542D682
21:41:06.0687 5084 \Device\Harddisk1\DR2:
21:41:06.0687 5084 MBR partitions:
21:41:06.0687 5084 \Device\Harddisk1\DR2\Partition0:

MBR, Type 0x7, StartLBA 0x3F, BlocksNum 0xE8E07482
21:41:06.0687 5084

==========================================================

==
21:41:06.0843 5084 C: <-> \Device\Harddisk0\DR0

\Partition0
21:41:06.0906 5084 F: <-> \Device\Harddisk1\DR2

\Partition0
21:41:06.0906 5084

==========================================================

==
21:41:06.0906 5084 Initialize success
21:41:06.0906 5084

==========================================================

==
21:41:39.0187 3372

==========================================================

==
21:41:39.0187 3372 Scan started
21:41:39.0187 3372 Mode: Manual;
21:41:39.0187 3372

==========================================================

==
21:41:40.0562 3372 Aavmker4

(473f97edc5a5312f3665ab2921196c0c) C:\WINDOWS\system32

\drivers\Aavmker4.sys
21:41:40.0562 3372 Aavmker4 - ok
21:41:40.0562 3372 Abiosdsk - ok
21:41:40.0578 3372 abp480n5 - ok
21:41:40.0687 3372 ACPI

(8fd99680a539792a30e97944fdaecf17) C:\WINDOWS\system32

\DRIVERS\ACPI.sys
21:41:40.0734 3372 ACPI - ok
21:41:40.0828 3372 ACPIEC

(9859c0f6936e723e4892d7141b1327d5) C:\WINDOWS\system32

\drivers\ACPIEC.sys
21:41:40.0828 3372 ACPIEC - ok
21:41:41.0046 3372 AdobeFlashPlayerUpdateSvc

(76d5a3d2a50402a0b9b6ed13c4371e79) C:\WINDOWS\system32

\Macromed\Flash\FlashPlayerUpdateService.exe
21:41:41.0187 3372 AdobeFlashPlayerUpdateSvc - ok
21:41:41.0187 3372 adpu160m - ok
21:41:41.0312 3372 aec

(8bed39e3c35d6a489438b8141717a557) C:\WINDOWS\system32

\drivers\aec.sys
21:41:41.0359 3372 aec - ok
21:41:41.0468 3372 AegisP

(15e655baa989444f56787ef558823643) C:\WINDOWS\system32

\DRIVERS\AegisP.sys
21:41:41.0484 3372 AegisP - ok
21:41:41.0562 3372 AFD

(1e44bc1e83d8fd2305f8d452db109cf9) C:\WINDOWS\System32

\drivers\afd.sys
21:41:41.0609 3372 AFD - ok
21:41:41.0609 3372 Aha154x - ok
21:41:41.0625 3372 aic78u2 - ok
21:41:41.0625 3372 aic78xx - ok
21:41:42.0000 3372 ALCXWDM

(35045a23957a71ba649740741e69408c) C:\WINDOWS\system32

\drivers\ALCXWDM.SYS
21:41:42.0359 3372 ALCXWDM - ok
21:41:42.0484 3372 Alerter

(a9a3daa780ca6c9671a19d52456705b4) C:\WINDOWS\system32

\alrsvc.dll
21:41:42.0484 3372 Alerter - ok
21:41:42.0609 3372 ALG

(8c515081584a38aa007909cd02020b3d) C:\WINDOWS\System32

\alg.exe
21:41:42.0609 3372 ALG - ok
21:41:42.0625 3372 AliIde - ok
21:41:42.0718 3372 AMDAC97

(ea8ec8d5de64a5672af737640451f188) C:\WINDOWS\system32

\drivers\AMDAC97.sys
21:41:42.0718 3372 AMDAC97 - ok
21:41:42.0781 3372 amdagp8p

(d5bcc5dd747fdd6ad1a5b3fa2bdbb5fa) C:\WINDOWS\system32

\DRIVERS\amdagp8p.sys
21:41:42.0781 3372 amdagp8p - ok
21:41:42.0796 3372 amdbusdr

(eb7fa9d456b37c80e87f2957bb0ba066) C:\WINDOWS\system32

\DRIVERS\amdbusdr.sys
21:41:42.0796 3372 amdbusdr - ok
21:41:42.0812 3372 AMDEIDE

(3733b54ceadaddde88f0c30413ea9207) C:\WINDOWS\system32

\DRIVERS\AmdEide.sys
21:41:42.0812 3372 AMDEIDE - ok
21:41:42.0828 3372 AmdLLD - ok
21:41:43.0000 3372 AMDPCI - ok
21:41:43.0031 3372 AmdPPM

(033448d435e65c4bd72e70521fd05c76) C:\WINDOWS\system32

\DRIVERS\AmdPPM.sys
21:41:43.0031 3372 AmdPPM - ok
21:41:43.0046 3372 amsint - ok
21:41:43.0203 3372 AntiVirSchedulerService

(0a1cc583e8147004e4ad4625d7fbf88c) C:\Program

Files\Avira\AntiVir Desktop\sched.exe
21:41:43.0234 3372 AntiVirSchedulerService - ok
21:41:43.0281 3372 AntiVirService

(c9a36ef935aced86aedf93e97e606911) C:\Program

Files\Avira\AntiVir Desktop\avguard.exe
21:41:43.0281 3372 AntiVirService - ok
21:41:43.0328 3372 AnyDVD

(133b7b6d6a3ec9e46fbe742ee1516c37) C:\WINDOWS\system32

\Drivers\AnyDVD.sys
21:41:43.0375 3372 AnyDVD - ok
21:41:43.0421 3372 Apple Mobile Device

(7ef47644b74ebe721cc32211d3c35e76) C:\Program Files\Common

Files\Apple\Mobile Device

Support\AppleMobileDeviceService.exe
21:41:43.0437 3372 Apple Mobile Device - ok
21:41:43.0468 3372 appliand

(05eda44c080ebaf758f8a318488ffd75) C:\WINDOWS\system32

\DRIVERS\appliand.sys
21:41:43.0484 3372 appliand - ok
21:41:43.0484 3372 appliandMP

(05eda44c080ebaf758f8a318488ffd75) C:\WINDOWS\system32

\DRIVERS\appliand.sys
21:41:43.0484 3372 appliandMP - ok
21:41:43.0531 3372 AppMgmt

(d8849f77c0b66226335a59d26cb4edc6) C:\WINDOWS\System32

\appmgmts.dll
21:41:43.0562 3372 AppMgmt - ok
21:41:43.0609 3372 Arp1394

(b5b8a80875c1dededa8b02765642c32f) C:\WINDOWS\system32

\DRIVERS\arp1394.sys
21:41:43.0625 3372 Arp1394 - ok
21:41:43.0625 3372 asc - ok
21:41:43.0640 3372 asc3350p - ok
21:41:43.0640 3372 asc3550 - ok
21:41:43.0734 3372 aspnet_state

(0e5e4957549056e2bf2c49f4f6b601ad)

C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727

\aspnet_state.exe
21:41:43.0750 3372 aspnet_state - ok
21:41:43.0765 3372 aswFsBlk

(0ae43c6c411254049279c2ee55630f95) C:\WINDOWS\system32

\drivers\aswFsBlk.sys
21:41:43.0765 3372 aswFsBlk - ok
21:41:43.0796 3372 aswMon2

(8c30b7ddd2f1d8d138ebe40345af2b11) C:\WINDOWS\system32

\drivers\aswMon2.sys
21:41:43.0828 3372 aswMon2 - ok
21:41:43.0843 3372 AswRdr

(da12626fd9a67f4e917e2f2fbe1e1764) C:\WINDOWS\system32

\drivers\AswRdr.sys
21:41:43.0843 3372 AswRdr - ok
21:41:43.0890 3372 aswSnx

(dcb199b967375753b5019ec15f008f53) C:\WINDOWS\system32

\drivers\aswSnx.sys
21:41:43.0921 3372 aswSnx - ok
21:41:43.0984 3372 aswSP

(b32873e5a1443c0a1e322266e203bf10) C:\WINDOWS\system32

\drivers\aswSP.sys
21:41:44.0015 3372 aswSP - ok
21:41:44.0046 3372 aswTdi

(6ff544175a9180c5d88534d3d9c9a9f7) C:\WINDOWS\system32

\drivers\aswTdi.sys
21:41:44.0062 3372 aswTdi - ok
21:41:44.0078 3372 AsyncMac

(b153affac761e7f5fcfa822b9c4e97bc) C:\WINDOWS\system32

\DRIVERS\asyncmac.sys
21:41:44.0078 3372 AsyncMac - ok
21:41:44.0156 3372 atapi

(9f3a2f5aa6875c72bf062c712cfa2674) C:\WINDOWS\system32

\DRIVERS\atapi.sys
21:41:44.0171 3372 atapi - ok
21:41:44.0171 3372 Atdisk - ok
21:41:44.0234 3372 Ati HotKey Poller

(a2eaeb497ca29ecaeaf0df66ad85c57d) C:\WINDOWS\system32

\Ati2evxx.exe
21:41:44.0265 3372 Ati HotKey Poller - ok
21:41:44.0312 3372 ATI Smart

(312a17dff710a0f4e6d4dd1d52ead1a8) C:\WINDOWS\system32

\ati2sgag.exe
21:41:44.0375 3372 ATI Smart - ok
21:41:44.0468 3372 ati2mtag

(492bd2a5f65f218d4ede5764a3bb67e9) C:\WINDOWS\system32

\DRIVERS\ati2mtag.sys
21:41:44.0515 3372 ati2mtag - ok
21:41:44.0593 3372 Atmarpc

(9916c1225104ba14794209cfa8012159) C:\WINDOWS\system32

\DRIVERS\atmarpc.sys
21:41:44.0593 3372 Atmarpc - ok
21:41:44.0625 3372 AudioSrv

(def7a7882bec100fe0b2ce2549188f9d) C:\WINDOWS\System32

\audiosrv.dll
21:41:44.0640 3372 AudioSrv - ok
21:41:44.0671 3372 audstub

(d9f724aa26c010a217c97606b160ed68) C:\WINDOWS\system32

\DRIVERS\audstub.sys
21:41:44.0671 3372 audstub - ok
21:41:44.0734 3372 avast! Antivirus

(4041d31508a2a084dfb42c595854090f) C:\Program Files\AVAST

Software\Avast\AvastSvc.exe
21:41:44.0750 3372 avast! Antivirus - ok
21:41:44.0781 3372 avgntflt

(d5541f0afb767e85fc412fc609d96a74) C:\WINDOWS\system32

\DRIVERS\avgntflt.sys
21:41:44.0828 3372 avgntflt - ok
21:41:44.0859 3372 avipbb

(7d967a682d4694df7fa57d63a2db01fe) C:\WINDOWS\system32

\DRIVERS\avipbb.sys
21:41:44.0890 3372 avipbb - ok
21:41:44.0906 3372 avkmgr

(271cfd1a989209b1964e24d969552bf7) C:\WINDOWS\system32

\DRIVERS\avkmgr.sys
21:41:44.0906 3372 avkmgr - ok
21:41:44.0937 3372 b57w2k

(8143be3d94866258f0b93373830cef01) C:\WINDOWS\system32

\DRIVERS\b57xp32.sys
21:41:44.0984 3372 b57w2k - ok
21:41:45.0015 3372 Beep

(da1f27d85e0d1525f6621372e7b685e9) C:\WINDOWS\system32

\drivers\Beep.sys
21:41:45.0015 3372 Beep - ok
21:41:45.0062 3372 BENDER

(fc6d0c2f327a5f716fdfdc24a305aceb) C:\WINDOWS\system32

\drivers\bender.sys
21:41:45.0093 3372 BENDER - ok
21:41:45.0187 3372 BITS

(574738f61fca2935f5265dc4e5691314) C:\WINDOWS\system32

\qmgr.dll
21:41:45.0281 3372 BITS - ok
21:41:45.0296 3372 BlueletAudio

(04e84c8049ee93614a2ff6d676d1e247) C:\WINDOWS\system32

\DRIVERS\blueletaudio.sys
21:41:45.0296 3372 BlueletAudio - ok
21:41:45.0359 3372 BlueSoleil Hid Service

(55f24e6ec983fcc7510293b05a27ceec) C:\Program Files\IVT

Corporation\BlueSoleil\BTNtService.exe
21:41:45.0390 3372 BlueSoleil Hid Service - ok
21:41:45.0453 3372 Bonjour Service

(db5bea73edaf19ac68b2c0fad0f92b1a) C:\Program

Files\Bonjour\mDNSResponder.exe
21:41:45.0515 3372 Bonjour Service - ok
21:41:45.0546 3372 brfilt

(4ba311473e0d8557827e6f2fe33a8095) C:\WINDOWS\system32

\Drivers\Brfilt.sys
21:41:45.0546 3372 brfilt - ok
21:41:45.0578 3372 Browser

(a06ce3399d16db864f55faeb1f1927a9) C:\WINDOWS\System32

\browser.dll
21:41:45.0593 3372 Browser - ok
21:41:45.0609 3372 BrSerWDM

(8e06cd96e00472c03770a697d04031c0) C:\WINDOWS\system32

\Drivers\BrSerWdm.sys
21:41:45.0609 3372 BrSerWDM - ok
21:41:45.0609 3372 BrUsbMdm

(37e2d0b12ddf536cd64af6eb3b580ef8) C:\WINDOWS\system32

\Drivers\BrUsbMdm.sys
21:41:45.0609 3372 BrUsbMdm - ok
21:41:45.0656 3372 BrUsbScn

(1c5f014048e5b2748c1a8ad297c50b6f) C:\WINDOWS\system32

\Drivers\BrUsbScn.sys
21:41:45.0656 3372 BrUsbScn - ok
21:41:45.0687 3372 BT

(d1813668a0117ae05bc0b81c874f91d4) C:\WINDOWS\system32

\DRIVERS\btnetdrv.sys
21:41:45.0687 3372 BT - ok
21:41:45.0687 3372 BTCOMBUS - ok
21:41:45.0765 3372 Btcsrusb

(7304acc25455746912de37d7ded387ed) C:\WINDOWS\system32

\Drivers\btcusb.sys
21:41:45.0765 3372 Btcsrusb - ok
21:41:45.0796 3372 BthEnum

(b279426e3c0c344893ed78a613a73bde) C:\WINDOWS\system32

\DRIVERS\BthEnum.sys
21:41:45.0796 3372 BthEnum - ok
21:41:45.0828 3372 BtHidBus

(da9e15e55c33392d7dfd7f21116214be) C:\WINDOWS\system32

\Drivers\BtHidBus.sys
21:41:45.0828 3372 BtHidBus - ok
21:41:45.0843 3372 BTHidEnum

(161969d2dd1d39cd2f1edbc60c61fa99) C:\WINDOWS\system32

\DRIVERS\vbtenum.sys
21:41:45.0843 3372 BTHidEnum - ok
21:41:45.0859 3372 BTHidMgr

(a9164c2a39bd917b9f42ae087560ac3d) C:\WINDOWS\system32

\Drivers\BTHidMgr.sys
21:41:45.0859 3372 BTHidMgr - ok
21:41:45.0890 3372 BTHMODEM

(fca6f069597b62d42495191ace3fc6c1) C:\WINDOWS\system32

\DRIVERS\bthmodem.sys
21:41:45.0890 3372 BTHMODEM - ok
21:41:45.0921 3372 BthPan

(80602b8746d3738f5886ce3d67ef06b6) C:\WINDOWS\system32

\DRIVERS\bthpan.sys
21:41:45.0937 3372 BthPan - ok
21:41:46.0015 3372 BTHPORT

(662bfd909447dd9cc15b1a1c366583b4) C:\WINDOWS\system32

\Drivers\BTHport.sys
21:41:46.0093 3372 BTHPORT - ok
21:41:46.0203 3372 BthServ

(f4c43c66471b87996d95db7a3a664a37) C:\WINDOWS\System32

\bthserv.dll
21:41:46.0203 3372 BthServ - ok
21:41:46.0218 3372 BTHUSB

(61364cd71ef63b0f038b7e9df00f1efa) C:\WINDOWS\system32

\Drivers\BTHUSB.sys
21:41:46.0234 3372 BTHUSB - ok
21:41:46.0265 3372 btnetBUs

(7bb8ac22bc9e6a1e7707daecada95cd9) C:\WINDOWS\system32

\Drivers\btnetBus.sys
21:41:46.0265 3372 btnetBUs - ok
21:41:46.0296 3372 BTNetFilter

(6b05fdc0cfc3753b520d2d4176cc32d0) C:\WINDOWS\system32

\drivers\BTNetFilter.sys
21:41:46.0296 3372 BTNetFilter - ok
21:41:46.0328 3372 CBDisk

(93c568904e116607df2389907a9d8899) C:\WINDOWS\system32

\drivers\CBDisk.sys
21:41:46.0328 3372 CBDisk - ok
21:41:46.0375 3372 cbidf2k

(90a673fc8e12a79afbed2576f6a7aaf9) C:\WINDOWS\system32

\drivers\cbidf2k.sys
21:41:46.0375 3372 cbidf2k - ok
21:41:46.0406 3372 CCDECODE

(0be5aef125be881c4f854c554f2b025c) C:\WINDOWS\system32

\DRIVERS\CCDECODE.sys
21:41:46.0406 3372 CCDECODE - ok
21:41:46.0406 3372 cd20xrnt - ok
21:41:46.0453 3372 Cdaudio

(c1b486a7658353d33a10cc15211a873b) C:\WINDOWS\system32

\drivers\Cdaudio.sys
21:41:46.0453 3372 Cdaudio - ok
21:41:46.0484 3372 Cdfs

(c885b02847f5d2fd45a24e219ed93b32) C:\WINDOWS\system32

\drivers\Cdfs.sys
21:41:46.0484 3372 Cdfs - ok
21:41:46.0515 3372 Cdrom

(1f4260cc5b42272d71f79e570a27a4fe) C:\WINDOWS\system32

\DRIVERS\cdrom.sys
21:41:46.0531 3372 Cdrom - ok
21:41:46.0531 3372 Changer - ok
21:41:46.0562 3372 CiSvc

(1cfe720eb8d93a7158a4ebc3ab178bde) C:\WINDOWS\system32

\cisvc.exe
21:41:46.0578 3372 CiSvc - ok
21:41:46.0609 3372 ClipSrv

(34cbe729f38138217f9c80212a2a0c82) C:\WINDOWS\system32

\clipsrv.exe
21:41:46.0609 3372 ClipSrv - ok
21:41:46.0671 3372 clr_optimization_v2.0.50727_32

(d87acaed61e417bba546ced5e7e36d9c)

C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
21:41:46.0687 3372 clr_optimization_v2.0.50727_32 -

ok
21:41:46.0687 3372 CmdIde - ok
21:41:46.0796 3372 cmuda3

(5d9e1c82428d99ff664139648a13fcbf) C:\WINDOWS\system32

\drivers\cmudax3.sys
21:41:46.0828 3372 cmuda3 - ok
21:41:46.0859 3372 COMSysApp - ok
21:41:46.0875 3372 Cpqarray - ok
21:41:46.0906 3372 CryptSvc

(3d4e199942e29207970e04315d02ad3b) C:\WINDOWS\System32

\cryptsvc.dll
21:41:46.0921 3372 CryptSvc - ok
21:41:46.0921 3372 CrystalSysInfo - ok
21:41:46.0953 3372 CXFALCON

(0baa935d5b8c17ced5c93b9c0f133f03) C:\WINDOWS\system32

\drivers\cxfalcon.sys
21:41:47.0000 3372 CXFALCON - ok
21:41:47.0000 3372 dac2w2k - ok
21:41:47.0015 3372 dac960nt - ok
21:41:47.0062 3372 DcomLaunch

(6b27a5c03dfb94b4245739065431322c) C:\WINDOWS\system32

\rpcss.dll
21:41:47.0156 3372 DcomLaunch - ok
21:41:47.0203 3372 Dhcp

(5e38d7684a49cacfb752b046357e0589) C:\WINDOWS\System32

\dhcpcsvc.dll
21:41:47.0234 3372 Dhcp - ok
21:41:47.0265 3372 Disk

(044452051f3e02e7963599fc8f4f3e25) C:\WINDOWS\system32

\DRIVERS\disk.sys
21:41:47.0265 3372 Disk - ok
21:41:47.0265 3372 dmadmin - ok
21:41:47.0312 3372 dmboot

(d992fe1274bde0f84ad826acae022a41) C:\WINDOWS\system32

\drivers\dmboot.sys
21:41:47.0343 3372 dmboot - ok
21:41:47.0375 3372 dmio

(7c824cf7bbde77d95c08005717a95f6f) C:\WINDOWS\system32

\drivers\dmio.sys
21:41:47.0406 3372 dmio - ok
21:41:47.0437 3372 dmload

(e9317282a63ca4d188c0df5e09c6ac5f) C:\WINDOWS\system32

\drivers\dmload.sys
21:41:47.0437 3372 dmload - ok
21:41:47.0468 3372 dmserver

(57edec2e5f59f0335e92f35184bc8631) C:\WINDOWS\System32

\dmserver.dll
21:41:47.0468 3372 dmserver - ok
21:41:47.0515 3372 DMusic

(8a208dfcf89792a484e76c40e5f50b45) C:\WINDOWS\system32

\drivers\DMusic.sys
21:41:47.0515 3372 DMusic - ok
21:41:47.0546 3372 Dnscache

(5f7e24fa9eab896051ffb87f840730d2) C:\WINDOWS\System32

\dnsrslvr.dll
21:41:47.0562 3372 Dnscache - ok
21:41:47.0593 3372 Dot3svc

(0f0f6e687e5e15579ef4da8dd6945814) C:\WINDOWS\System32

\dot3svc.dll
21:41:47.0640 3372 Dot3svc - ok
21:41:47.0656 3372 dpti2o - ok
21:41:47.0687 3372 drmkaud

(8f5fcff8e8848afac920905fbd9d33c8) C:\WINDOWS\system32

\drivers\drmkaud.sys
21:41:47.0687 3372 drmkaud - ok
21:41:47.0718 3372 DrvAgent32

(651554e483712b708ede864d0ca1aa73) C:\WINDOWS\system32

\Drivers\DrvAgent32.sys
21:41:47.0718 3372 DrvAgent32 - ok
21:41:47.0750 3372 EapHost

(2187855a7703adef0cef9ee4285182cc) C:\WINDOWS\System32

\eapsvc.dll
21:41:47.0765 3372 EapHost - ok
21:41:47.0796 3372 ElbyCDIO

(d71233d7ccc2e64f8715a20428d5a33b) C:\WINDOWS\system32

\Drivers\ElbyCDIO.sys
21:41:47.0796 3372 ElbyCDIO - ok
21:41:47.0828 3372 ERSvc

(bc93b4a066477954555966d77fec9ecb) C:\WINDOWS\System32

\ersvc.dll
21:41:47.0843 3372 ERSvc - ok
21:41:47.0875 3372 Eventlog

(65df52f5b8b6e9bbd183505225c37315) C:\WINDOWS\system32

\services.exe
21:41:47.0906 3372 Eventlog - ok
21:41:47.0953 3372 EventSystem

(d4991d98f2db73c60d042f1aef79efae) C:\WINDOWS\system32

\es.dll
21:41:47.0984 3372 EventSystem - ok
21:41:48.0000 3372 Fastfat

(38d332a6d56af32635675f132548343e) C:\WINDOWS\system32

\drivers\Fastfat.sys
21:41:48.0015 3372 Fastfat - ok
21:41:48.0093 3372 FastTrakSvc

(532459f2e4efb12a15e4540ac1e4f008) C:\Program

Files\Promise\FastTrak\FtrakSvc.exe
21:41:48.0093 3372 Suspicious file (Forged):

C:\Program Files\Promise\FastTrak\FtrakSvc.exe. Real md5:

532459f2e4efb12a15e4540ac1e4f008, Fake md5:

05e5a05f373c3da1ae7488a7c2338d37
21:41:48.0093 3372 FastTrakSvc (

ForgedFile.Multi.Generic ) - warning
21:41:48.0093 3372 FastTrakSvc - detected

ForgedFile.Multi.Generic (1)
21:41:48.0171 3372 fasttx2k

(3acbc73531dedd69837fe73b1623d49c) C:\WINDOWS\system32

\DRIVERS\fasttx2k.sys
21:41:48.0187 3372 fasttx2k - ok
21:41:48.0218 3372 FastUserSwitchingCompatibility

(99bc0b50f511924348be19c7c7313bbf) C:\WINDOWS\System32

\shsvcs.dll
21:41:48.0250 3372 FastUserSwitchingCompatibility -

ok
21:41:48.0265 3372 Fdc

(92cdd60b6730b9f50f6a1a0c1f8cdc81) C:\WINDOWS\system32

\DRIVERS\fdc.sys
21:41:48.0265 3372 Fdc - ok
21:41:48.0281 3372 Fips

(d45926117eb9fa946a6af572fbe1caa3) C:\WINDOWS\system32

\drivers\Fips.sys
21:41:48.0296 3372 Fips - ok
21:41:48.0343 3372 FLEXnet Licensing Service

(d778107d7c2a19d7e7a884a9f0d79581) C:\Program Files\Common

Files\Macrovision Shared\FLEXnet

Publisher\FNPLicensingService.exe
21:41:48.0390 3372 FLEXnet Licensing Service - ok
21:41:48.0437 3372 Flpydisk

(9d27e7b80bfcdf1cdd9b555862d5e7f0) C:\WINDOWS\system32

\DRIVERS\flpydisk.sys
21:41:48.0437 3372 Flpydisk - ok
21:41:48.0484 3372 FltMgr

(b2cf4b0786f8212cb92ed2b50c6db6b0) C:\WINDOWS\system32

\drivers\fltmgr.sys
21:41:48.0500 3372 FltMgr - ok
21:41:48.0562 3372 FontCache3.0.0.0

(8ba7c024070f2b7fdd98ed8a4ba41789)

C:\WINDOWS\Microsoft.NET\Framework\v3.0

\WPF\PresentationFontCache.exe
21:41:48.0593 3372 FontCache3.0.0.0 - ok
21:41:48.0640 3372 fssfltr

(e0087225b137e57239ff40f8ae82059b) C:\WINDOWS\system32

\DRIVERS\fssfltr_tdi.sys
21:41:48.0640 3372 fssfltr - ok
21:41:48.0796 3372 fsssvc

(45b52394f9624237f33a8a3d73c0b221) C:\Program

Files\Windows Live\Family Safety\fsssvc.exe
21:41:48.0875 3372 fsssvc - ok
21:41:48.0906 3372 Fs_Rec

(3e1e2bd4f39b0e2b7dc4f4d2bcc2779a) C:\WINDOWS\system32

\drivers\Fs_Rec.sys
21:41:48.0906 3372 Fs_Rec - ok
21:41:48.0953 3372 Ftdisk

(6ac26732762483366c3969c9e4d2259d) C:\WINDOWS\system32

\DRIVERS\ftdisk.sys
21:41:48.0984 3372 Ftdisk - ok
21:41:48.0984 3372 gagp30kx

(3a74c423cf6bcca6982715878f450a3b) C:\WINDOWS\system32

\DRIVERS\gagp30kx.sys
21:41:49.0000 3372 gagp30kx - ok
21:41:49.0031 3372 GbpKm

(2da91726e8a880c359c06452f8d3735f) C:\WINDOWS\system32

\drivers\gbpkm.sys
21:41:49.0031 3372 GbpKm - ok
21:41:49.0062 3372 GbpSv

(c40ab5c64ca6fc95d2da4b43675fe9bd) C:\PROGRA~1

\GbPlugin\GbpSv.exe
21:41:49.0265 3372 GbpSv - ok
21:41:49.0312 3372 GearAspiWDM

(8182ff89c65e4d38b2de4bb0fb18564e) C:\WINDOWS\system32

\DRIVERS\GEARAspiWDM.sys
21:41:49.0312 3372 GearAspiWDM - ok
21:41:49.0343 3372 GEARSecurity

(b6e01969246fcb67470e87e6957ee147) C:\WINDOWS\System32

\GEARSec.exe
21:41:49.0359 3372 GEARSecurity - ok
21:41:49.0375 3372 getPlusHelper - ok
21:41:49.0406 3372 Gpc

(0a02c63c8b144bd8c86b103dee7c86a2) C:\WINDOWS\system32

\DRIVERS\msgpc.sys
21:41:49.0406 3372 Gpc - ok
21:41:49.0468 3372 gupdate

(f02a533f517eb38333cb12a9e8963773) C:\Program

Files\Google\Update\GoogleUpdate.exe
21:41:49.0500 3372 gupdate - ok
21:41:49.0515 3372 gupdatem

(f02a533f517eb38333cb12a9e8963773) C:\Program

Files\Google\Update\GoogleUpdate.exe
21:41:49.0515 3372 gupdatem - ok
21:41:49.0562 3372 gusvc

(c1b577b2169900f4cf7190c39f085794) C:\Program

Files\Google\Common\Google

Updater\GoogleUpdaterService.exe
21:41:49.0609 3372 gusvc - ok
21:41:49.0671 3372 helpsvc

(4fcca060dfe0c51a09dd5c3843888bcd)

C:\WINDOWS\PCHealth\HelpCtr\Binaries\pchsvc.dll
21:41:49.0703 3372 helpsvc - ok
21:41:49.0718 3372 HidServ

(deb04da35cc871b6d309b77e1443c796) C:\WINDOWS\System32

\hidserv.dll
21:41:49.0750 3372 HidServ - ok
21:41:49.0781 3372 HidUsb

(ccf82c5ec8a7326c3066de870c06daf1) C:\WINDOWS\system32

\DRIVERS\hidusb.sys
21:41:49.0781 3372 HidUsb - ok
21:41:49.0812 3372 hkmsvc

(8878bd685e490239777bfe51320b88e9) C:\WINDOWS\System32

\kmsvc.dll
21:41:49.0843 3372 hkmsvc - ok
21:41:49.0843 3372 hpn - ok
21:41:49.0937 3372 HPSLPSVC

(568e44f6dcfa173f3670172b69379891) C:\Program

Files\HP\Digital Imaging\bin\HPSLPSVC32.DLL
21:41:50.0000 3372 HPSLPSVC - ok
21:41:50.0046 3372 HTTP

(f80a415ef82cd06ffaf0d971528ead38) C:\WINDOWS\system32

\Drivers\HTTP.sys
21:41:50.0062 3372 HTTP - ok
21:41:50.0140 3372 HTTPFilter

(6100a808600f44d999cebdef8841c7a3) C:\WINDOWS\System32

\w3ssl.dll
21:41:50.0156 3372 HTTPFilter - ok
21:41:50.0156 3372 i2omgmt - ok
21:41:50.0171 3372 i2omp - ok
21:41:50.0187 3372 i8042prt

(4a0b06aa8943c1e332520f7440c0aa30) C:\WINDOWS\system32

\DRIVERS\i8042prt.sys
21:41:50.0203 3372 i8042prt - ok
21:41:50.0296 3372 IDriverT

(daf66902f08796f9c694901660e5a64a) C:\Program Files\Common

Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe
21:41:50.0312 3372 IDriverT - ok
21:41:50.0421 3372 idsvc

(c01ac32dc5c03076cfb852cb5da5229c)

C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows

Communication Foundation\infocard.exe
21:41:50.0546 3372 idsvc - ok
21:41:50.0562 3372 Imapi

(083a052659f5310dd8b6a6cb05edcf8e) C:\WINDOWS\system32

\DRIVERS\imapi.sys
21:41:50.0562 3372 Imapi - ok
21:41:50.0593 3372 ImapiService

(30deaf54a9755bb8546168cfe8a6b5e1) C:\WINDOWS\system32

\imapi.exe
21:41:50.0671 3372 ImapiService - ok
21:41:50.0671 3372 ini910u - ok
21:41:50.0687 3372 IntelIde - ok
21:41:50.0734 3372 Ip6Fw

(3bb22519a194418d5fec05d800a19ad0) C:\WINDOWS\system32

\drivers\ip6fw.sys
21:41:50.0734 3372 Ip6Fw - ok
21:41:50.0765 3372 IpFilterDriver

(731f22ba402ee4b62748adaf6363c182) C:\WINDOWS\system32

\DRIVERS\ipfltdrv.sys
21:41:50.0765 3372 IpFilterDriver - ok
21:41:50.0781 3372 IpInIp

(b87ab476dcf76e72010632b5550955f5) C:\WINDOWS\system32

\DRIVERS\ipinip.sys
21:41:50.0796 3372 IpInIp - ok
21:41:50.0812 3372 IpNat

(cc748ea12c6effde940ee98098bf96bb) C:\WINDOWS\system32

\DRIVERS\ipnat.sys
21:41:50.0843 3372 IpNat - ok
21:41:51.0015 3372 iPod Service

(57edb35ea2feca88f8b17c0c095c9a56) C:\Program

Files\iPod\bin\iPodService.exe
21:41:51.0062 3372 iPod Service - ok
21:41:51.0078 3372 IPSec

(23c74d75e36e7158768dd63d92789a91) C:\WINDOWS\system32

\DRIVERS\ipsec.sys
21:41:51.0093 3372 IPSec - ok
21:41:51.0140 3372 IRENUM

(c93c9ff7b04d772627a3646d89f7bf89) C:\WINDOWS\system32

\DRIVERS\irenum.sys
21:41:51.0156 3372 IRENUM - ok
21:41:51.0171 3372 isapnp

(05a299ec56e52649b1cf2fc52d20f2d7) C:\WINDOWS\system32

\DRIVERS\isapnp.sys
21:41:51.0171 3372 isapnp - ok
21:41:51.0203 3372 IvtBtBUs

(132eb047e3f94dc9eab83c74e8c2e85a) C:\WINDOWS\system32

\Drivers\IvtBtBus.sys
21:41:51.0203 3372 IvtBtBUs - ok
21:41:51.0281 3372 JavaQuickStarterService

(5e06a9d23727daf96faa796f1135fdcd) C:\Program

Files\Java\jre6\bin\jqs.exe
21:41:51.0312 3372 JavaQuickStarterService - ok
21:41:51.0328 3372 Kbdclass

(463c1ec80cd17420a542b7f36a36f128) C:\WINDOWS\system32

\DRIVERS\kbdclass.sys
21:41:51.0343 3372 Kbdclass - ok
21:41:51.0375 3372 kbdhid

(9ef487a186dea361aa06913a75b3fa99) C:\WINDOWS\system32

\DRIVERS\kbdhid.sys
21:41:51.0375 3372 kbdhid - ok
21:41:51.0421 3372 kmixer

(692bcf44383d056aed41b045a323d378) C:\WINDOWS\system32

\drivers\kmixer.sys
21:41:51.0437 3372 kmixer - ok
21:41:51.0468 3372 KMWDFILTER

(566c5fd480fdbce3ba5cf9fbcffaea9a) C:\WINDOWS\system32

\DRIVERS\KMWDFILTER.sys
21:41:51.0468 3372 KMWDFILTER - ok
21:41:51.0484 3372 KSecDD

(b467646c54cc746128904e1654c750c1) C:\WINDOWS\system32

\drivers\KSecDD.sys
21:41:51.0515 3372 KSecDD - ok
21:41:51.0546 3372 lanmanserver

(3a7c3cbe5d96b8ae96ce81f0b22fb527) C:\WINDOWS\System32

\srvsvc.dll
21:41:51.0578 3372 lanmanserver - ok
21:41:51.0625 3372 lanmanworkstation

(a8888a5327621856c0cec4e385f69309) C:\WINDOWS\System32

\wkssvc.dll
21:41:51.0656 3372 lanmanworkstation - ok
21:41:51.0656 3372 lbrtfdc - ok
21:41:51.0703 3372 LmHosts

(a7db739ae99a796d91580147e919cc59) C:\WINDOWS\System32

\lmhsvc.dll
21:41:51.0718 3372 LmHosts - ok
21:41:51.0750 3372 MacDrive8Service

(3826dc55daf874a13e8586b66987c938) C:\Program

Files\Mediafour\MacDrive 8\MacDrive8Service.exe
21:41:51.0812 3372 MacDrive8Service - ok
21:41:51.0875 3372 MarvinBus

(a3e700d78eec390f1208098cdca5c6b6) C:\WINDOWS\system32

\DRIVERS\MarvinBus.sys
21:41:51.0968 3372 MarvinBus - ok
21:41:52.0015 3372 MDFSYSNT

(2c70290d63eb639da23ed667b9ebdf84) C:\WINDOWS\system32

\drivers\MDFSYSNT.sys
21:41:52.0078 3372 MDFSYSNT - ok
21:41:52.0218 3372 MDM

(11f714f85530a2bd134074dc30e99fca) C:\Program Files\Common

Files\Microsoft Shared\VS7Debug\mdm.exe
21:41:52.0281 3372 MDM - ok
21:41:52.0296 3372 MDPMGRNT

(d94d2e968239ce7f01f2cfa503db57e1) C:\WINDOWS\system32

\drivers\MDPMGRNT.sys
21:41:52.0296 3372 MDPMGRNT - ok
21:41:52.0328 3372 Messenger

(986b1ff5814366d71e0ac5755c88f2d3) C:\WINDOWS\System32

\msgsvc.dll
21:41:52.0343 3372 Messenger - ok
21:41:52.0359 3372 mf

(a7da20ab18a1bdae28b0f349e57da0d1) C:\WINDOWS\system32

\DRIVERS\mf.sys
21:41:52.0375 3372 mf - ok
21:41:52.0453 3372 Microsoft Office Groove Audit

Service (123271bd5237ab991dc5c21fdf8835eb) C:\Program

Files\Microsoft Office\Office12\GrooveAuditService.exe
21:41:52.0468 3372 Microsoft Office Groove Audit

Service - ok
21:41:52.0500 3372 mnmdd

(4ae068242760a1fb6e1a44bf4e16afa6) C:\WINDOWS\system32

\drivers\mnmdd.sys
21:41:52.0500 3372 mnmdd - ok
21:41:52.0562 3372 mnmsrvc

(d18f1f0c101d06a1c1adf26eed16fcdd) C:\WINDOWS\system32

\mnmsrvc.exe
21:41:52.0578 3372 mnmsrvc - ok
21:41:52.0593 3372 Modem

(dfcbad3cec1c5f964962ae10e0bcc8e1) C:\WINDOWS\system32

\drivers\Modem.sys
21:41:52.0593 3372 Modem - ok
21:41:52.0625 3372 Mouclass

(35c9e97194c8cfb8430125f8dbc34d04) C:\WINDOWS\system32

\DRIVERS\mouclass.sys
21:41:52.0625 3372 Mouclass - ok
21:41:52.0656 3372 mouhid

(b1c303e17fb9d46e87a98e4ba6769685) C:\WINDOWS\system32

\DRIVERS\mouhid.sys
21:41:52.0656 3372 mouhid - ok
21:41:52.0656 3372 MountMgr

(a80b9a0bad1b73637dbcbba7df72d3fd) C:\WINDOWS\system32

\drivers\MountMgr.sys
21:41:52.0671 3372 MountMgr - ok
21:41:52.0687 3372 MPE

(c0f8e0c2c3c0437cf37c6781896dc3ec) C:\WINDOWS\system32

\DRIVERS\MPE.sys
21:41:52.0703 3372 MPE - ok
21:41:52.0703 3372 mraid35x - ok
21:41:52.0718 3372 MRxDAV

(11d42bb6206f33fbb3ba0288d3ef81bd) C:\WINDOWS\system32

\DRIVERS\mrxdav.sys
21:41:52.0734 3372 MRxDAV - ok
21:41:52.0796 3372 MSDTC

(a137f1470499a205abbb9aafb3b6f2b1) C:\WINDOWS\system32

\msdtc.exe
21:41:52.0812 3372 MSDTC - ok
21:41:52.0812 3372 Msfs

(c941ea2454ba8350021d774daf0f1027) C:\WINDOWS\system32

\drivers\Msfs.sys
21:41:52.0812 3372 Msfs - ok
21:41:52.0828 3372 MSIServer - ok
21:41:52.0859 3372 MSKSSRV

(d1575e71568f4d9e14ca56b7b0453bf1) C:\WINDOWS\system32

\drivers\MSKSSRV.sys
21:41:52.0859 3372 MSKSSRV - ok
21:41:52.0890 3372 MSPCLOCK

(325bb26842fc7ccc1fcce2c457317f3e) C:\WINDOWS\system32

\drivers\MSPCLOCK.sys
21:41:52.0890 3372 MSPCLOCK - ok
21:41:52.0906 3372 MSPQM

(bad59648ba099da4a17680b39730cb3d) C:\WINDOWS\system32

\drivers\MSPQM.sys
21:41:52.0906 3372 MSPQM - ok
21:41:52.0921 3372 mssmbios

(af5f4f3f14a8ea2c26de30f7a1e17136) C:\WINDOWS\system32

\DRIVERS\mssmbios.sys
21:41:52.0937 3372 mssmbios - ok
21:41:52.0937 3372 MSTEE

(e53736a9e30c45fa9e7b5eac55056d1d) C:\WINDOWS\system32

\drivers\MSTEE.sys
21:41:52.0953 3372 MSTEE - ok
21:41:52.0968 3372 Mup

(de6a75f5c270e756c5508d94b6cf68f5) C:\WINDOWS\system32

\drivers\Mup.sys
21:41:53.0000 3372 Mup - ok
21:41:53.0031 3372 NABTSFEC

(5b50f1b2a2ed47d560577b221da734db) C:\WINDOWS\system32

\DRIVERS\NABTSFEC.sys
21:41:53.0046 3372 NABTSFEC - ok
21:41:53.0171 3372 napagent

(0102140028fad045756796e1c685d695) C:\WINDOWS\System32

\qagentrt.dll
21:41:53.0234 3372 napagent - ok
21:41:53.0250 3372 NDIS

(1df7f42665c94b825322fae71721130d) C:\WINDOWS\system32

\drivers\NDIS.sys
21:41:53.0265 3372 NDIS - ok
21:41:53.0281 3372 NdisIP

(7ff1f1fd8609c149aa432f95a8163d97) C:\WINDOWS\system32

\DRIVERS\NdisIP.sys
21:41:53.0296 3372 NdisIP - ok
21:41:53.0312 3372 NdisTapi

(0109c4f3850dfbab279542515386ae22) C:\WINDOWS\system32

\DRIVERS\ndistapi.sys
21:41:53.0312 3372 NdisTapi - ok
21:41:53.0343 3372 Ndisuio

(f927a4434c5028758a842943ef1a3849) C:\WINDOWS\system32

\DRIVERS\ndisuio.sys
21:41:53.0343 3372 Ndisuio - ok
21:41:53.0375 3372 NdisWan

(edc1531a49c80614b2cfda43ca8659ab) C:\WINDOWS\system32

\DRIVERS\ndiswan.sys
21:41:53.0406 3372 NdisWan - ok
21:41:53.0437 3372 NDProxy

(9282bd12dfb069d3889eb3fcc1000a9b) C:\WINDOWS\system32

\drivers\NDProxy.sys
21:41:53.0437 3372 NDProxy - ok
21:41:53.0484 3372 Net Driver HPZ12

(510c138564486ff926a3f773205c63d1) C:\WINDOWS\system32

\HPZinw12.dll
21:41:53.0500 3372 Net Driver HPZ12 - ok
21:41:53.0515 3372 NetBIOS

(5d81cf9a2f1a3a756b66cf684911cdf0) C:\WINDOWS\system32

\DRIVERS\netbios.sys
21:41:53.0515 3372 NetBIOS - ok
21:41:53.0578 3372 NetBT

(74b2b2f5bea5e9a3dc021d685551bd3d) C:\WINDOWS\system32

\DRIVERS\netbt.sys
21:41:53.0609 3372 NetBT - ok
21:41:53.0625 3372 NetDDE

(b857ba82860d7ff85ae29b095645563b) C:\WINDOWS\system32

\netdde.exe
21:41:53.0671 3372 NetDDE - ok
21:41:53.0671 3372 NetDDEdsdm

(b857ba82860d7ff85ae29b095645563b) C:\WINDOWS\system32

\netdde.exe
21:41:53.0687 3372 NetDDEdsdm - ok
21:41:53.0734 3372 Netlogon

(bf2466b3e18e970d8a976fb95fc1ca85) C:\WINDOWS\system32

\lsass.exe
21:41:53.0734 3372 Netlogon - ok
21:41:53.0781 3372 Netman

(13e67b55b3abd7bf3fe7aae5a0f9a9de) C:\WINDOWS\System32

\netman.dll
21:41:53.0828 3372 Netman - ok
21:41:53.0875 3372 NetTcpPortSharing

(d34612c5d02d026535b3095d620626ae)

C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows

Communication Foundation\SMSvcHost.exe
21:41:53.0921 3372 NetTcpPortSharing - ok
21:41:53.0937 3372 NIC1394

(e9e47cfb2d461fa0fc75b7a74c6383ea) C:\WINDOWS\system32

\DRIVERS\nic1394.sys
21:41:53.0937 3372 NIC1394 - ok
21:41:54.0000 3372 Nla

(943337d786a56729263071623bbb9de5) C:\WINDOWS\System32

\mswsock.dll
21:41:54.0015 3372 Nla - ok
21:41:54.0171 3372 Norton Ghost

(854bd283fc520b7b154d1586676057cf) C:\Program

Files\Symantec\Norton Ghost\Agent\PQV2iSvc.exe
21:41:54.0265 3372 Norton Ghost - ok
21:41:54.0406 3372 Npfs

(3182d64ae053d6fb034f44b6def8034a) C:\WINDOWS\system32

\drivers\Npfs.sys
21:41:54.0406 3372 Npfs - ok
21:41:54.0453 3372 Ntfs

(78a08dd6a8d65e697c18e1db01c5cdca) C:\WINDOWS\system32

\drivers\Ntfs.sys
21:41:54.0484 3372 Ntfs - ok
21:41:54.0500 3372 NtLmSsp

(bf2466b3e18e970d8a976fb95fc1ca85) C:\WINDOWS\system32

\lsass.exe
21:41:54.0500 3372 NtLmSsp - ok
21:41:54.0562 3372 NtmsSvc

(156f64a3345bd23c600655fb4d10bc08) C:\WINDOWS\system32

\ntmssvc.dll
21:41:54.0609 3372 NtmsSvc - ok
21:41:54.0640 3372 Null

(73c1e1f395918bc2c6dd67af7591a3ad) C:\WINDOWS\system32

\drivers\Null.sys
21:41:54.0640 3372 Null - ok
21:41:54.0671 3372 NwlnkFlt

(b305f3fad35083837ef46a0bbce2fc57) C:\WINDOWS\system32

\DRIVERS\nwlnkflt.sys
21:41:54.0671 3372 NwlnkFlt - ok
21:41:54.0687 3372 NwlnkFwd

(c99b3415198d1aab7227f2c88fd664b9) C:\WINDOWS\system32

\DRIVERS\nwlnkfwd.sys
21:41:54.0687 3372 NwlnkFwd - ok
21:41:54.0781 3372 odserv

(785f487a64950f3cb8e9f16253ba3b7b) C:\Program Files\Common

Files\Microsoft Shared\OFFICE12\ODSERV.EXE
21:41:54.0906 3372 odserv - ok
21:41:54.0921 3372 ohci1394

(ca33832df41afb202ee7aeb05145922f) C:\WINDOWS\system32

\DRIVERS\ohci1394.sys
21:41:54.0937 3372 ohci1394 - ok
21:41:55.0000 3372 OmniTV

(550f7d634e7526ef8d02d02cf896acca) C:\WINDOWS\system32

\DRIVERS\OmniTV.sys
21:41:55.0062 3372 OmniTV - ok
21:41:55.0156 3372 ose

(9d10f99a6712e28f8acd5641e3a7ea6b) C:\Program Files\Common

Files\Microsoft Shared\Source Engine\OSE.EXE
21:41:55.0203 3372 ose - ok
21:41:55.0500 3372 osppsvc

(358a9cca612c68eb2f07ddad4ce1d8d7) C:\Program Files\Common

Files\Microsoft

Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE
21:41:55.0906 3372 osppsvc - ok
21:41:56.0062 3372 PAC207

(9482616a0f87384c5afb5f34a317bf6c) C:\WINDOWS\system32

\DRIVERS\PFC027.SYS
21:41:56.0078 3372 PAC207 - ok
21:41:56.0156 3372 PAC7302

(ad66bc56dd6a030174c03395b3dc0720) C:\WINDOWS\system32

\DRIVERS\PAC7302.SYS
21:41:56.0203 3372 PAC7302 - ok
21:41:56.0218 3372 Parport

(5575faf8f97ce5e713d108c2a58d7c7c) C:\WINDOWS\system32

\DRIVERS\parport.sys
21:41:56.0265 3372 Parport - ok
21:41:56.0281 3372 PartMgr

(beb3ba25197665d82ec7065b724171c6) C:\WINDOWS\system32

\drivers\PartMgr.sys
21:41:56.0281 3372 PartMgr - ok
21:41:56.0312 3372 ParVdm

(70e98b3fd8e963a6a46a2e6247e0bea1) C:\WINDOWS\system32

\drivers\ParVdm.sys
21:41:56.0312 3372 ParVdm - ok
21:41:56.0343 3372 pccsmcfd

(fd2041e9ba03db7764b2248f02475079) C:\WINDOWS\system32

\DRIVERS\pccsmcfd.sys
21:41:56.0343 3372 pccsmcfd - ok
21:41:56.0359 3372 PCI

(a219903ccf74233761d92bef471a07b1) C:\WINDOWS\system32

\DRIVERS\pci.sys
21:41:56.0375 3372 PCI - ok
21:41:56.0375 3372 PCIDump - ok
21:41:56.0421 3372 PCIIde

(ccf5f451bb1a5a2a522a76e670000ff0) C:\WINDOWS\system32

\DRIVERS\pciide.sys
21:41:56.0421 3372 PCIIde - ok
21:41:56.0453 3372 Pcmcia

(9e89ef60e9ee05e3f2eef2da7397f1c1) C:\WINDOWS\system32

\drivers\Pcmcia.sys
21:41:56.0484 3372 Pcmcia - ok
21:41:56.0515 3372 pcouffin

(5b6c11de7e839c05248ced8825470fef) C:\WINDOWS\system32

\Drivers\pcouffin.sys
21:41:56.0515 3372 pcouffin - ok
21:41:56.0531 3372 PDCOMP - ok
21:41:56.0531 3372 PDFRAME - ok
21:41:56.0546 3372 PDRELI - ok
21:41:56.0546 3372 PDRFRAME - ok
21:41:56.0562 3372 perc2 - ok
21:41:56.0562 3372 perc2hib - ok
21:41:56.0625 3372 PlugPlay

(65df52f5b8b6e9bbd183505225c37315) C:\WINDOWS\system32

\services.exe
21:41:56.0640 3372 PlugPlay - ok
21:41:56.0671 3372 Pml Driver HPZ12

(37e5e8ffbad35605daeec3224ea0e465) C:\WINDOWS\system32

\HPZipm12.dll
21:41:56.0687 3372 Pml Driver HPZ12 - ok
21:41:56.0718 3372 pneteth

(713e294439d982bb161317de0136faa0) C:\WINDOWS\system32

\DRIVERS\pneteth.sys
21:41:56.0734 3372 pneteth - ok
21:41:56.0765 3372 pnetmdm

(da19e3401f39c10df193be029c7e7bba) C:\WINDOWS\system32

\DRIVERS\pnetmdm.sys
21:41:56.0765 3372 pnetmdm - ok
21:41:56.0796 3372 PolicyAgent

(bf2466b3e18e970d8a976fb95fc1ca85) C:\WINDOWS\system32

\lsass.exe
21:41:56.0796 3372 PolicyAgent - ok
21:41:56.0843 3372 PptpMiniport

(efeec01b1d3cf84f16ddd24d9d9d8f99) C:\WINDOWS\system32

\DRIVERS\raspptp.sys
21:41:56.0843 3372 PptpMiniport - ok
21:41:56.0875 3372 PQIMount

(19b9004d21704dee27d19b03b3ab15c0) C:\WINDOWS\system32

\drivers\PQIMount.sys
21:41:56.0875 3372 PQIMount - ok
21:41:56.0890 3372 PQNTDrv

(4228630829c0e521c43d882a00533374) C:\WINDOWS\system32

\drivers\PQNTDrv.sys
21:41:56.0906 3372 PQNTDrv - ok
21:41:56.0937 3372 PQV2i

(abf46ec4e7708889ff13cae8c136a1a4) C:\WINDOWS\system32

\drivers\PQV2i.sys
21:41:56.0953 3372 PQV2i - ok
21:41:56.0968 3372 Processor

(a32bebaf723557681bfc6bd93e98bd26) C:\WINDOWS\system32

\DRIVERS\processr.sys
21:41:56.0968 3372 Processor - ok
21:41:56.0968 3372 ProtectedStorage

(bf2466b3e18e970d8a976fb95fc1ca85) C:\WINDOWS\system32

\lsass.exe
21:41:56.0984 3372 ProtectedStorage - ok
21:41:57.0000 3372 PSched

(09298ec810b07e5d582cb3a3f9255424) C:\WINDOWS\system32

\DRIVERS\psched.sys
21:41:57.0015 3372 PSched - ok
21:41:57.0046 3372 Ptilink

(80d317bd1c3dbc5d4fe7b1678c60cadd) C:\WINDOWS\system32

\DRIVERS\ptilink.sys
21:41:57.0046 3372 Ptilink - ok
21:41:57.0093 3372 pwdrvio

(81ac2b3fa0e3b4d7fa03d7463abe2094) C:\WINDOWS\system32

\pwdrvio.sys
21:41:57.0140 3372 pwdrvio - ok
21:41:57.0171 3372 pwdspio

(2d88214f6b54567eab0a6c42915aa600) C:\WINDOWS\system32

\pwdspio.sys
21:41:57.0187 3372 pwdspio - ok
21:41:57.0203 3372 PxHelp20

(b572ed0c3e6165643fa116af20425a54) C:\WINDOWS\system32

\DRIVERS\PxHelp20.sys
21:41:57.0203 3372 PxHelp20 - ok
21:41:57.0218 3372 ql1080 - ok
21:41:57.0218 3372 Ql10wnt - ok
21:41:57.0234 3372 ql12160 - ok
21:41:57.0234 3372 ql1240 - ok
21:41:57.0250 3372 ql1280 - ok
21:41:57.0265 3372 RasAcd

(fe0d99d6f31e4fad8159f690d68ded9c) C:\WINDOWS\system32

\DRIVERS\rasacd.sys
21:41:57.0265 3372 RasAcd - ok
21:41:57.0296 3372 RasAuto

(ad188be7bdf94e8df4ca0a55c00a5073) C:\WINDOWS\System32

\rasauto.dll
21:41:57.0343 3372 RasAuto - ok
21:41:57.0359 3372 Rasl2tp

(11b4a627bc9614b885c4969bfa5ff8a6) C:\WINDOWS\system32

\DRIVERS\rasl2tp.sys
21:41:57.0359 3372 Rasl2tp - ok
21:41:57.0406 3372 RasMan

(76a9a3cbeadd68cc57cda5e1d7448235) C:\WINDOWS\System32

\rasmans.dll
21:41:57.0421 3372 RasMan - ok
21:41:57.0453 3372 RasPppoe

(5bc962f2654137c9909c3d4603587dee) C:\WINDOWS\system32

\DRIVERS\raspppoe.sys
21:41:57.0453 3372 RasPppoe - ok
21:41:57.0453 3372 Raspti

(fdbb1d60066fcfbb7452fd8f9829b242) C:\WINDOWS\system32

\DRIVERS\raspti.sys
21:41:57.0453 3372 Raspti - ok
21:41:57.0484 3372 Rdbss

(7ad224ad1a1437fe28d89cf22b17780a) C:\WINDOWS\system32

\DRIVERS\rdbss.sys
21:41:57.0500 3372 Rdbss - ok
21:41:57.0500 3372 RDPCDD

(4912d5b403614ce99c28420f75353332) C:\WINDOWS\system32

\DRIVERS\RDPCDD.sys
21:41:57.0500 3372 RDPCDD - ok
21:41:57.0531 3372 rdpdr

(15cabd0f7c00c47c70124907916af3f1) C:\WINDOWS\system32

\DRIVERS\rdpdr.sys
21:41:57.0546 3372 rdpdr - ok
21:41:57.0593 3372 RDPWD

(5b3055daa788bd688594d2f5981f2a83) C:\WINDOWS\system32

\drivers\RDPWD.sys
21:41:57.0625 3372 RDPWD - ok
21:41:57.0656 3372 RDSessMgr

(3c37bf86641bda977c3bf8a840f3b7fa) C:\WINDOWS\system32

\sessmgr.exe
21:41:57.0718 3372 RDSessMgr - ok
21:41:57.0750 3372 redbook

(f828dd7e1419b6653894a8f97a0094c5) C:\WINDOWS\system32

\DRIVERS\redbook.sys
21:41:57.0765 3372 redbook - ok
21:41:57.0781 3372 RemoteAccess

(7e699ff5f59b5d9de5390e3c34c67cf5) C:\WINDOWS\System32

\mprdim.dll
21:41:57.0812 3372 RemoteAccess - ok
21:41:57.0843 3372 RemoteRegistry

(5b19b557b0c188210a56a6b699d90b8f) C:\WINDOWS\system32

\regsvc.dll
21:41:57.0859 3372 RemoteRegistry - ok
21:41:57.0875 3372 RFCOMM

(851c30df2807fcfa21e4c681a7d6440e) C:\WINDOWS\system32

\DRIVERS\rfcomm.sys
21:41:57.0890 3372 RFCOMM - ok
21:41:57.0921 3372 ROOTMODEM

(d8b0b4ade32574b2d9c5cc34dc0dbbe7) C:\WINDOWS\system32

\Drivers\RootMdm.sys
21:41:57.0921 3372 ROOTMODEM - ok
21:41:57.0937 3372 RpcLocator

(aaed593f84afa419bbae8572af87cf6a) C:\WINDOWS\system32

\locator.exe
21:41:57.0953 3372 RpcLocator - ok
21:41:58.0046 3372 RpcSs

(6b27a5c03dfb94b4245739065431322c) C:\WINDOWS\system32

\rpcss.dll
21:41:58.0062 3372 RpcSs - ok
21:41:58.0140 3372 RSVP

(471b3f9741d762abe75e9deea4787e47) C:\WINDOWS\system32

\rsvp.exe
21:41:58.0203 3372 RSVP - ok
21:41:58.0296 3372 RT80x86

(97b59ce2cfbb0884a16ddd8f1781812b) C:\WINDOWS\system32

\DRIVERS\RT2860.sys
21:41:58.0359 3372 RT80x86 - ok
21:41:58.0359 3372 SamSs

(bf2466b3e18e970d8a976fb95fc1ca85) C:\WINDOWS\system32

\lsass.exe
21:41:58.0375 3372 SamSs - ok
21:41:58.0406 3372 SCardSvr

(86d007e7a654b9a71d1d7d856b104353) C:\WINDOWS\System32

\SCardSvr.exe
21:41:58.0500 3372 SCardSvr - ok
21:41:58.0531 3372 Schedule

(0a9a7365a1ca4319aa7c1d6cd8e4eafa) C:\WINDOWS\system32

\schedsvc.dll
21:41:58.0593 3372 Schedule - ok
21:41:58.0640 3372 Secdrv

(90a3935d05b494a5a39d37e71f09a677) C:\WINDOWS\system32

\DRIVERS\secdrv.sys
21:41:58.0640 3372 Secdrv - ok
21:41:58.0671 3372 seclogon

(cbe612e2bb6a10e3563336191eda1250) C:\WINDOWS\System32

\seclogon.dll
21:41:58.0703 3372 seclogon - ok
21:41:58.0734 3372 SENS

(7fdd5d0684eca8c1f68b4d99d124dcd0) C:\WINDOWS\system32

\sens.dll
21:41:58.0750 3372 SENS - ok
21:41:58.0765 3372 serenum

(0f29512ccd6bead730039fb4bd2c85ce) C:\WINDOWS\system32

\DRIVERS\serenum.sys
21:41:58.0765 3372 serenum - ok
21:41:58.0812 3372 Serial

(cca207a8896d4c6a0c9ce29a4ae411a7) C:\WINDOWS\system32

\DRIVERS\serial.sys
21:41:58.0812 3372 Serial - ok
21:41:58.0953 3372 ServiceLayer

(3334de016fdcde5c98e30a405a72dd8d) C:\Program Files\PC

Connectivity Solution\ServiceLayer.exe
21:41:59.0000 3372 ServiceLayer - ok
21:41:59.0015 3372 Sfloppy

(8e6b8c671615d126fdc553d1e2de5562) C:\WINDOWS\system32

\drivers\Sfloppy.sys
21:41:59.0031 3372 Sfloppy - ok
21:41:59.0093 3372 SgtSch2Svc

(c240035fb95c2faef99cfc2403edcd46) C:\Program Files\Common

Files\Seagate\Schedule2\schedul2.exe
21:41:59.0187 3372 SgtSch2Svc - ok
21:41:59.0250 3372 SharedAccess

(83f41d0d89645d7235c051ab1d9523ac) C:\WINDOWS\System32

\ipnathlp.dll
21:41:59.0281 3372 SharedAccess - ok
21:41:59.0328 3372 ShellHWDetection

(99bc0b50f511924348be19c7c7313bbf) C:\WINDOWS\System32

\shsvcs.dll
21:41:59.0343 3372 ShellHWDetection - ok
21:41:59.0343 3372 Simbad - ok
21:41:59.0390 3372 SkypeUpdate

(6128e98eaaed364ed1a32708d2fd22cb) C:\Program

Files\Skype\Updater\Updater.exe
21:41:59.0515 3372 SkypeUpdate - ok
21:41:59.0562 3372 SLIP

(866d538ebe33709a5c9f5c62b73b7d14) C:\WINDOWS\system32

\DRIVERS\SLIP.sys
21:41:59.0562 3372 SLIP - ok
21:41:59.0593 3372 snapman

(c3bf55189aa92b8f919108ef9e4accae) C:\WINDOWS\system32

\DRIVERS\snapman.sys
21:41:59.0625 3372 snapman - ok
21:41:59.0765 3372 SNP2UVC

(e1f5f9fbf8a2cfed174e4ec38a358b93) C:\WINDOWS\system32

\DRIVERS\snp2uvc.sys
21:41:59.0859 3372 SNP2UVC - ok
21:42:00.0046 3372 Sparrow - ok
21:42:00.0078 3372 splitter

(ab8b92451ecb048a4d1de7c3ffcb4a9f) C:\WINDOWS\system32

\drivers\splitter.sys
21:42:00.0078 3372 splitter - ok
21:42:00.0156 3372 Spooler

(60784f891563fb1b767f70117fc2428f) C:\WINDOWS\system32

\spoolsv.exe
21:42:00.0171 3372 Spooler - ok
21:42:00.0250 3372 sptd

(d15da1ba189770d93eea2d7e18f95af9) C:\WINDOWS\system32

\Drivers\sptd.sys
21:42:00.0296 3372 Suspicious file (NoAccess):

C:\WINDOWS\system32\Drivers\sptd.sys. md5:

d15da1ba189770d93eea2d7e18f95af9
21:42:00.0296 3372 sptd ( LockedFile.Multi.Generic )

- warning
21:42:00.0296 3372 sptd - detected

LockedFile.Multi.Generic (1)
21:42:00.0328 3372 sr

(76bb022c2fb6902fd5bdd4f78fc13a5d) C:\WINDOWS\system32

\DRIVERS\sr.sys
21:42:00.0343 3372 sr - ok
21:42:00.0375 3372 srservice

(3805df0ac4296a34ba4bf93b346cc378) C:\WINDOWS\system32

\srsvc.dll
21:42:00.0421 3372 srservice - ok
21:42:00.0468 3372 Srv

(47ddfc2f003f7f9f0592c6874962a2e7) C:\WINDOWS\system32

\DRIVERS\srv.sys
21:42:00.0484 3372 Srv - ok
21:42:00.0515 3372 ssadbus

(48f44a1be434830b7c90fb730745f65a) C:\WINDOWS\system32

\DRIVERS\ssadbus.sys
21:42:00.0562 3372 ssadbus - ok
21:42:00.0593 3372 sscdbus

(2d4027c46b4c6e45875e3c4ba3f67492) C:\WINDOWS\system32

\DRIVERS\sscdbus.sys
21:42:00.0625 3372 sscdbus - ok
21:42:00.0640 3372 sscdmdfl

(f548f1eba107bc19e91189e6a460bd0e) C:\WINDOWS\system32

\DRIVERS\sscdmdfl.sys
21:42:00.0640 3372 sscdmdfl - ok
21:42:00.0656 3372 sscdmdm

(71d348d53597379dfe1de255d70af13c) C:\WINDOWS\system32

\DRIVERS\sscdmdm.sys
21:42:00.0671 3372 sscdmdm - ok
21:42:00.0703 3372 SSDPSRV

(0a5679b3714edab99e357057ee88fca6) C:\WINDOWS\System32

\ssdpsrv.dll
21:42:00.0718 3372 SSDPSRV - ok
21:42:00.0750 3372 ssmdrv

(a36ee93698802cd899f98bfd553d8185) C:\WINDOWS\system32

\DRIVERS\ssmdrv.sys
21:42:00.0765 3372 ssmdrv - ok
21:42:00.0812 3372 stdriver

(5c031c715e14f10dfc9395004f54ee21) C:\WINDOWS\system32

\DRIVERS\stdriver32.sys
21:42:00.0812 3372 stdriver - ok
21:42:00.0843 3372 StillCam

(a9573045baa16eab9b1085205b82f1ed) C:\WINDOWS\system32

\DRIVERS\serscan.sys
21:42:00.0859 3372 StillCam - ok
21:42:00.0906 3372 stisvc

(8bad69cbac032d4bbacfce0306174c30) C:\WINDOWS\system32

\wiaservc.dll
21:42:00.0968 3372 stisvc - ok
21:42:01.0000 3372 streamip

(77813007ba6265c4b6098187e6ed79d2) C:\WINDOWS\system32

\DRIVERS\StreamIP.sys
21:42:01.0000 3372 streamip - ok
21:42:01.0031 3372 swenum

(3941d127aef12e93addf6fe6ee027e0f) C:\WINDOWS\system32

\DRIVERS\swenum.sys
21:42:01.0031 3372 swenum - ok
21:42:01.0078 3372 swmidi

(8ce882bcc6cf8a62f2b2323d95cb3d01) C:\WINDOWS\system32

\drivers\swmidi.sys
21:42:01.0078 3372 swmidi - ok
21:42:01.0078 3372 SwPrv - ok
21:42:01.0093 3372 symc810 - ok
21:42:01.0109 3372 symc8xx - ok
21:42:01.0109 3372 sym_hi - ok
21:42:01.0125 3372 sym_u3 - ok
21:42:01.0171 3372 sysaudio

(8b83f3ed0f1688b4958f77cd6d2bf290) C:\WINDOWS\system32

\drivers\sysaudio.sys
21:42:01.0171 3372 sysaudio - ok
21:42:01.0218 3372 SysmonLog

(c7abbc59b43274b1109df6b24d617051) C:\WINDOWS\system32

\smlogsvc.exe
21:42:01.0265 3372 SysmonLog - ok
21:42:01.0328 3372 TapiSrv

(3cb78c17bb664637787c9a1c98f79c38) C:\WINDOWS\System32

\tapisrv.dll
21:42:01.0390 3372 TapiSrv - ok
21:42:01.0468 3372 Tcpip

(9aefa14bd6b182d61e3119fa5f436d3d) C:\WINDOWS\system32

\DRIVERS\tcpip.sys
21:42:01.0531 3372 Tcpip - ok
21:42:01.0578 3372 TDPIPE

(6471a66807f5e104e4885f5b67349397) C:\WINDOWS\system32

\drivers\TDPIPE.sys
21:42:01.0578 3372 TDPIPE - ok
21:42:01.0656 3372 tdrpman

(3b7b6779eb231f731bba8f9fe67aadfc) C:\WINDOWS\system32

\DRIVERS\tdrpman.sys
21:42:01.0718 3372 tdrpman - ok
21:42:01.0750 3372 TDTCP

(c56b6d0402371cf3700eb322ef3aaf61) C:\WINDOWS\system32

\drivers\TDTCP.sys
21:42:01.0750 3372 TDTCP - ok
21:42:01.0781 3372 TermDD

(88155247177638048422893737429d9e) C:\WINDOWS\system32

\DRIVERS\termdd.sys
21:42:01.0781 3372 TermDD - ok
21:42:01.0843 3372 TermService

(ff3477c03be7201c294c35f684b3479f) C:\WINDOWS\System32

\termsrv.dll
21:42:01.0875 3372 TermService - ok
21:42:01.0906 3372 Themes

(99bc0b50f511924348be19c7c7313bbf) C:\WINDOWS\System32

\shsvcs.dll
21:42:01.0921 3372 Themes - ok
21:42:01.0953 3372 tifsfilter

(b0b3122bff3910e0ba97014045467778) C:\WINDOWS\system32

\DRIVERS\tifsfilt.sys
21:42:01.0953 3372 tifsfilter - ok
21:42:01.0984 3372 timounter

(13bfe330880ac0ce8672d00aa5aff738) C:\WINDOWS\system32

\DRIVERS\timntr.sys
21:42:02.0000 3372 timounter - ok
21:42:02.0031 3372 TlntSvr

(db7205804759ff62c34e3efd8a4cc76a) C:\WINDOWS\system32

\tlntsvr.exe
21:42:02.0062 3372 TlntSvr - ok
21:42:02.0062 3372 TosIde - ok
21:42:02.0171 3372 TridVid

(edb4065c757df24db891e3d0b66c2b72) C:\WINDOWS\system32

\DRIVERS\TridVid.sys
21:42:02.0187 3372 TridVid - ok
21:42:02.0218 3372 TrkWks

(55bca12f7f523d35ca3cb833c725f54e) C:\WINDOWS\system32

\trkwks.dll
21:42:02.0265 3372 TrkWks - ok
21:42:02.0312 3372 TVICHW32

(e266683fc95abdec17cd378564e1b54b) C:\WINDOWS\system32

\DRIVERS\TVICHW32.SYS
21:42:02.0328 3372 TVICHW32 - ok
21:42:02.0359 3372 Udfs

(5787b80c2e3c5e2f56c2a233d91fa2c9) C:\WINDOWS\system32

\drivers\Udfs.sys
21:42:02.0375 3372 Udfs - ok
21:42:02.0375 3372 ultra - ok
21:42:02.0437 3372 UnlockerDriver5

(d0cb75386d9e89c864d808d64ec9160f) C:\Program

Files\Unlocker\UnlockerDriver5.sys
21:42:02.0453 3372 UnlockerDriver5 - ok
21:42:02.0500 3372 Update

(402ddc88356b1bac0ee3dd1580c76a31) C:\WINDOWS\system32

\DRIVERS\update.sys
21:42:02.0531 3372 Update - ok
21:42:02.0562 3372 upnphost

(1ebafeb9a3fbdc41b8d9c7f0f687ad91) C:\WINDOWS\System32

\upnphost.dll
21:42:02.0625 3372 upnphost - ok
21:42:02.0656 3372 UPS

(05365fb38fca1e98f7a566aaaf5d1815) C:\WINDOWS\System32

\ups.exe
21:42:02.0671 3372 UPS - ok
21:42:02.0703 3372 USBAAPL

(eafe1e00739afe6c51487a050e772e17) C:\WINDOWS\system32

\Drivers\usbaapl.sys
21:42:02.0703 3372 USBAAPL - ok
21:42:02.0734 3372 usbaudio

(e919708db44ed8543a7c017953148330) C:\WINDOWS\system32

\drivers\usbaudio.sys
21:42:02.0750 3372 usbaudio - ok
21:42:02.0765 3372 usbccgp

(173f317ce0db8e21322e71b7e60a27e8) C:\WINDOWS\system32

\DRIVERS\usbccgp.sys
21:42:02.0765 3372 usbccgp - ok
21:42:02.0796 3372 usbehci

(65dcf09d0e37d4c6b11b5b0b76d470a7) C:\WINDOWS\system32

\DRIVERS\usbehci.sys
21:42:02.0796 3372 usbehci - ok
21:42:02.0796 3372 usbhub

(1ab3cdde553b6e064d2e754efe20285c) C:\WINDOWS\system32

\DRIVERS\usbhub.sys
21:42:02.0812 3372 usbhub - ok
21:42:02.0828 3372 usbohci

(0daecce65366ea32b162f85f07c6753b) C:\WINDOWS\system32

\DRIVERS\usbohci.sys
21:42:02.0828 3372 usbohci - ok
21:42:02.0859 3372 usbprint

(a717c8721046828520c9edf31288fc00) C:\WINDOWS\system32

\DRIVERS\usbprint.sys
21:42:02.0875 3372 usbprint - ok
21:42:02.0906 3372 usbscan

(a0b8cf9deb1184fbdd20784a58fa75d4) C:\WINDOWS\system32

\DRIVERS\usbscan.sys
21:42:02.0906 3372 usbscan - ok
21:42:02.0921 3372 USBSTOR

(a32426d9b14a089eaa1d922e0c5801a9) C:\WINDOWS\system32

\DRIVERS\USBSTOR.SYS
21:42:02.0921 3372 USBSTOR - ok
21:42:02.0921 3372 usbuhci

(26496f9dee2d787fc3e61ad54821ffe6) C:\WINDOWS\system32

\DRIVERS\usbuhci.sys
21:42:02.0937 3372 usbuhci - ok
21:42:02.0953 3372 usbvideo

(63bbfca7f390f4c49ed4b96bfb1633e0) C:\WINDOWS\system32

\Drivers\usbvideo.sys
21:42:03.0000 3372 usbvideo - ok
21:42:03.0031 3372 VComm

(9ebee4a060c5364a31aeaa04eac2af1e) C:\WINDOWS\system32

\DRIVERS\VComm.sys
21:42:03.0031 3372 VComm - ok
21:42:03.0062 3372 VcommMgr

(630bbdbf5490f8f57abe650da63661a0) C:\WINDOWS\system32

\Drivers\VcommMgr.sys
21:42:03.0078 3372 VcommMgr - ok
21:42:03.0156 3372 VgaSave

(0d3a8fafceacd8b7625cd549757a7df1) C:\WINDOWS\System32

\drivers\vga.sys
21:42:03.0156 3372 VgaSave - ok
21:42:03.0171 3372 ViaIde - ok
21:42:03.0218 3372 VolSnap

(4c8fcb5cc53aab716d810740fe59d025) C:\WINDOWS\system32

\drivers\VolSnap.sys
21:42:03.0218 3372 VolSnap - ok
21:42:03.0296 3372 VSS

(7a9db3a67c333bf0bd42e42b8596854b) C:\WINDOWS\System32

\vssvc.exe
21:42:03.0343 3372 VSS - ok
21:42:03.0359 3372 W32Time

(54af4b1d5459500ef0937f6d33b1914f) C:\WINDOWS\system32

\w32time.dll
21:42:03.0406 3372 W32Time - ok
21:42:03.0421 3372 Wanarp

(e20b95baedb550f32dd489265c1da1f6) C:\WINDOWS\system32

\DRIVERS\wanarp.sys
21:42:03.0421 3372 Wanarp - ok
21:42:03.0468 3372 Wdf01000

(bbcfeab7e871cddac2d397ee7fa91fdc) C:\WINDOWS\system32

\Drivers\wdf01000.sys
21:42:03.0500 3372 Wdf01000 - ok
21:42:03.0515 3372 WDICA - ok
21:42:03.0546 3372 wdmaud

(6768acf64b18196494413695f0c3a00f) C:\WINDOWS\system32

\drivers\wdmaud.sys
21:42:03.0578 3372 wdmaud - ok
21:42:03.0609 3372 WebClient

(77a354e28153ad2d5e120a5a8687bc06) C:\WINDOWS\System32

\webclnt.dll
21:42:03.0640 3372 WebClient - ok
21:42:03.0703 3372 winmgmt

(2d0e4ed081963804ccc196a0929275b5) C:\WINDOWS\system32

\wbem\WMIsvc.dll
21:42:03.0750 3372 winmgmt - ok
21:42:03.0781 3372 WinUSB

(fd600b032e741eb6aab509fc630f7c42) C:\WINDOWS\system32

\DRIVERS\WinUSB.sys
21:42:03.0781 3372 WinUSB - ok
21:42:03.0875 3372 wlidsvc

(5144ae67d60ec653f97ddf3feed29e77) C:\Program Files\Common

Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
21:42:03.0937 3372 wlidsvc - ok
21:42:04.0031 3372 WmdmPmSN

(c51b4a5c05a5475708e3c81c7765b71d) C:\WINDOWS\system32

\MsPMSNSv.dll
21:42:04.0046 3372 WmdmPmSN - ok
21:42:04.0187 3372 Wmi

(e76f8807070ed04e7408a86d6d3a6137) C:\WINDOWS\System32

\advapi32.dll
21:42:04.0218 3372 Wmi - ok
21:42:04.0250 3372 WmiApSrv

(e0673f1106e62a68d2257e376079f821) C:\WINDOWS\system32

\wbem\wmiapsrv.exe
21:42:04.0281 3372 WmiApSrv - ok
21:42:04.0390 3372 WMPNetworkSvc

(f74e3d9a7fa9556c3bbb14d4e5e63d3b) C:\Program

Files\Windows Media Player\WMPNetwk.exe
21:42:04.0468 3372 WMPNetworkSvc - ok
21:42:04.0515 3372 WS2IFSL

(6abe6e225adb5a751622a9cc3bc19ce8) C:\WINDOWS\System32

\drivers\ws2ifsl.sys
21:42:04.0515 3372 WS2IFSL - ok
21:42:04.0562 3372 wscsvc

(7c278e6408d1dce642230c0585a854d5) C:\WINDOWS\system32

\wscsvc.dll
21:42:04.0593 3372 wscsvc - ok
21:42:04.0625 3372 WSTCODEC

(c98b39829c2bbd34e454150633c62c78) C:\WINDOWS\system32

\DRIVERS\WSTCODEC.SYS
21:42:04.0625 3372 WSTCODEC - ok
21:42:04.0656 3372 wuauserv

(35321fb577cdc98ce3eb3a3eb9e4610a) C:\WINDOWS\system32

\wuauserv.dll
21:42:04.0671 3372 wuauserv - ok
21:42:04.0734 3372 WudfPf

(f15feafffbb3644ccc80c5da584e6311) C:\WINDOWS\system32

\DRIVERS\WudfPf.sys
21:42:04.0750 3372 WudfPf - ok
21:42:04.0781 3372 WudfRd

(28b524262bce6de1f7ef9f510ba3985b) C:\WINDOWS\system32

\DRIVERS\wudfrd.sys
21:42:04.0796 3372 WudfRd - ok
21:42:04.0828 3372 WudfSvc

(05231c04253c5bc30b26cbaae680ed89) C:\WINDOWS\System32

\WUDFSvc.dll
21:42:04.0875 3372 WudfSvc - ok
21:42:04.0968 3372 WZCSVC

(81dc3f549f44b1c1fff022dec9ecf30b) C:\WINDOWS\System32

\wzcsvc.dll
21:42:05.0031 3372 WZCSVC - ok
21:42:05.0078 3372 xmlprov

(295d21f14c335b53cb8154e5b1f892b9) C:\WINDOWS\System32

\xmlprov.dll
21:42:05.0171 3372 xmlprov - ok
21:42:05.0281 3372 YahooAUService

(dd0042f0c3b606a6a8b92d49afb18ad6) C:\Program

Files\Yahoo!\SoftwareUpdate\YahooAUService.exe
21:42:05.0312 3372 YahooAUService - ok
21:42:05.0406 3372 MBR (0x1B8)

(8f558eb6672622401da993e1e865c861) \Device\Harddisk0\DR0
21:42:05.0828 3372 \Device\Harddisk0\DR0 - ok
21:42:05.0843 3372 MBR (0x1B8)

(8f558eb6672622401da993e1e865c861) \Device\Harddisk1\DR2
21:42:06.0515 3372 \Device\Harddisk1\DR2 - ok
21:42:06.0531 3372 Boot (0x1200)

(b62c76a3eacf031ec109341f60263eb6) \Device\Harddisk0\DR0

\Partition0
21:42:06.0531 3372 \Device\Harddisk0\DR0\Partition0 -

ok
21:42:06.0531 3372 Boot (0x1200)

(96215fa283b9fb7c255984cc74c89d5b) \Device\Harddisk1\DR2

\Partition0
21:42:06.0531 3372 \Device\Harddisk1\DR2\Partition0 -

ok
21:42:06.0531 3372

==========================================================

==
21:42:06.0531 3372 Scan finished
21:42:06.0531 3372

==========================================================

==
21:42:06.0562 2444 Detected object count: 2
21:42:06.0562 2444 Actual detected object count: 2
21:44:12.0171 2444 C:\Program

Files\Promise\FastTrak\FtrakSvc.exe - copied to quarantine
21:44:12.0812 2444 FastTrakSvc (

ForgedFile.Multi.Generic ) - User select action:

Quarantine
21:44:12.0953 2444 C:\WINDOWS\system32

\Drivers\sptd.sys - copied to quarantine
21:44:13.0078 2444 sptd ( LockedFile.Multi.Generic )

- User select action: Quarantine



Thanks

#11 lakecharles6

lakecharles6
  • Topic Starter

  • Members
  • 27 posts
  • OFFLINE
  •  
  • Local time:03:21 PM

Posted 19 May 2012 - 01:00 AM

after boot the log file is identical except for one additional line at the very end which reads:

21:53:27.0375 5708 Deinitialize success

#12 m0le

m0le

    Can U Dig It?


  • Malware Response Team
  • 34,527 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:London, UK
  • Local time:09:21 PM

Posted 19 May 2012 - 06:15 AM

Neither of the files you quarantined are malware so please rerun TDSSKiller and skip these two entries this time.

Please next run OTL, a scanner which I can use to find remnants of malware

We need to create an OTL Report
  • Please download OTL from one of the following mirrors:
  • Save it to your desktop.
  • Double click on the Posted Image icon on your desktop.
  • Click the "Scan All Users" checkbox.
  • Push the Posted Image button.
  • Two reports will open, copy and paste them in a reply here:
    • OTL.txt <-- Will be opened
    • Extra.txt <-- Will be minimized

Posted Image
m0le is a proud member of UNITE

#13 lakecharles6

lakecharles6
  • Topic Starter

  • Members
  • 27 posts
  • OFFLINE
  •  
  • Local time:03:21 PM

Posted 19 May 2012 - 12:45 PM

ok, your previous post told me to "cure" everything... after copying to quarantine and rebooting TDSSKiller still revealed the two files so I chose to delete them and reboot.

I have since reinstalled the SPTD v1.81 versus the prviously installed 1.58 and ironically enough TDSSKiller doesn't show it as "locked" as before (0 threats)... how do I get the fastrack service and corresponding file (FtrakSvc.exe) back? are they essential to my RAID configuration? Before you even answering I will tell you that the computer is running fine without it... I have been automatically backing up by registry with ERUNT going back to 5/15... just in case you needed that info.

also just noticed the directory C:\TDSSKiller_Quarantine ... hmmm

now for OTL report and the extras.txt as an attachment (forum complained my post was too long...)


OTL logfile created on: 5/19/2012 12:01:18 PM - Run 1
OTL by OldTimer - Version 3.2.43.0 Folder = C:\Documents and Settings\Guy\Desktop
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

1022.95 Mb Total Physical Memory | 450.77 Mb Available Physical Memory | 44.07% Memory free
2.40 Gb Paging File | 1.81 Gb Available in Paging File | 75.38% Paging File free
Paging file location(s): C:\pagefile.sys 1536 3072 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 298.09 Gb Total Space | 13.65 Gb Free Space | 4.58% Space Free | Partition Type: NTFS
Drive F: | 1863.01 Gb Total Space | 220.31 Gb Free Space | 11.83% Space Free | Partition Type: NTFS

Computer Name: DUALOPT | User Name: Guy | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2012/05/19 11:57:51 | 000,595,456 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Guy\Desktop\OTL.exe
PRC - [2012/05/08 22:14:03 | 000,086,224 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files\Avira\AntiVir Desktop\sched.exe
PRC - [2012/05/08 22:14:02 | 000,348,624 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files\Avira\AntiVir Desktop\avgnt.exe
PRC - [2012/05/08 22:14:02 | 000,110,032 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files\Avira\AntiVir Desktop\avguard.exe
PRC - [2012/05/08 22:14:02 | 000,080,336 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files\Avira\AntiVir Desktop\avshadow.exe
PRC - [2012/03/06 18:15:17 | 004,241,512 | ---- | M] (AVAST Software) -- C:\Program Files\AVAST Software\Avast\AvastUI.exe
PRC - [2012/03/06 18:15:14 | 000,044,768 | ---- | M] (AVAST Software) -- C:\Program Files\AVAST Software\Avast\AvastSvc.exe
PRC - [2012/02/20 15:53:58 | 001,679,360 | ---- | M] (Wondershare) -- C:\Program Files\Common Files\Wondershare\Wondershare Helper Compact\WSHelper.exe
PRC - [2011/07/18 08:11:44 | 000,208,264 | ---- | M] ( ) -- C:\Program Files\GbPlugin\gbpsv.exe
PRC - [2010/02/04 13:42:18 | 000,289,368 | ---- | M] (Mediafour Corporation) -- C:\Program Files\Mediafour\MacDrive 8\MacDrive.exe
PRC - [2010/01/07 10:22:52 | 000,192,512 | ---- | M] (Mediafour Corporation) -- C:\Program Files\Mediafour\MacDrive 8\MacDrive8Service.exe
PRC - [2009/10/16 18:39:28 | 000,431,456 | ---- | M] (Seagate) -- C:\Program Files\Common Files\Seagate\Schedule2\schedul2.exe
PRC - [2009/06/22 09:23:46 | 000,662,016 | ---- | M] (Sonix) -- C:\WINDOWS\vsnp2uvc.exe
PRC - [2008/11/09 15:48:14 | 000,602,392 | ---- | M] (Yahoo! Inc.) -- C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe
PRC - [2008/04/13 19:12:19 | 001,033,728 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
PRC - [2005/04/06 16:03:28 | 000,110,592 | ---- | M] () -- C:\Program Files\IVT Corporation\BlueSoleil\BTNtService.exe
PRC - [2004/07/29 04:02:34 | 001,269,760 | ---- | M] (Symantec Corporation) -- C:\Program Files\Symantec\Norton Ghost\Agent\PQV2iSvc.exe
PRC - [2004/07/29 02:53:58 | 000,053,248 | ---- | M] (GEAR Software) -- C:\WINDOWS\system32\gearsec.exe
PRC - [2003/05/15 20:36:40 | 000,446,464 | ---- | M] (Provtech Limited) -- C:\Program Files\ScreenPrint32 v3\ScreenPrint32.exe


========== Modules (No Company Name) ==========

MOD - [2012/05/19 01:45:03 | 001,761,280 | ---- | M] () -- C:\Program Files\AVAST Software\Avast\defs\12051900\algo.dll
MOD - [2012/05/08 22:14:04 | 000,398,288 | ---- | M] () -- C:\Program Files\Avira\AntiVir Desktop\sqlite3.dll
MOD - [2012/02/20 22:29:04 | 000,087,912 | ---- | M] () -- C:\Program Files\Common Files\Apple\Apple Application Support\zlib1.dll
MOD - [2012/02/20 22:28:42 | 001,242,472 | ---- | M] () -- C:\Program Files\Common Files\Apple\Apple Application Support\libxml2.dll
MOD - [2010/03/08 21:55:56 | 000,010,752 | ---- | M] () -- C:\Program Files\Unlocker\UnlockerCOM.dll
MOD - [2010/02/22 17:00:02 | 000,190,976 | ---- | M] () -- C:\WINDOWS\system32\WgaLogon.dll
MOD - [2009/07/30 20:44:14 | 000,176,235 | ---- | M] () -- C:\WINDOWS\system32\Primomonnt.dll
MOD - [2006/04/18 19:15:22 | 000,126,464 | ---- | M] () -- C:\Program Files\WinRAR\RarExt.dll
MOD - [2005/10/19 09:17:58 | 000,073,728 | ---- | M] () -- C:\Program Files\ATI Technologies\ATI.ACE\atiacmxx.dll
MOD - [2005/04/06 16:03:28 | 000,110,592 | ---- | M] () -- C:\Program Files\IVT Corporation\BlueSoleil\BTNtService.exe
MOD - [2001/08/03 01:01:00 | 000,036,864 | ---- | M] () -- C:\WINDOWS\system32\spool\drivers\w32x86\3\brumpd.dll


========== Win32 Services (SafeList) ==========

SRV - File not found [On_Demand | Stopped] -- C:\Program Files\NOS\bin\getPlus_Helper.dll -- (getPlusHelper) getPlus®
SRV - [2012/05/08 22:14:03 | 000,086,224 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto | Running] -- C:\Program Files\Avira\AntiVir Desktop\sched.exe -- (AntiVirSchedulerService)
SRV - [2012/05/08 22:14:02 | 000,110,032 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto | Running] -- C:\Program Files\Avira\AntiVir Desktop\avguard.exe -- (AntiVirService)
SRV - [2012/05/05 01:24:11 | 000,257,696 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
SRV - [2012/03/22 15:28:22 | 000,658,432 | ---- | M] (Macrovision Europe Ltd.) [On_Demand | Stopped] -- C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe -- (FLEXnet Licensing Service)
SRV - [2012/03/06 18:15:14 | 000,044,768 | ---- | M] (AVAST Software) [Auto | Running] -- C:\Program Files\AVAST Software\Avast\AvastSvc.exe -- (avast! Antivirus)
SRV - [2012/02/29 08:50:48 | 000,158,856 | R--- | M] (Skype Technologies) [Auto | Stopped] -- C:\Program Files\Skype\Updater\Updater.exe -- (SkypeUpdate)
SRV - [2011/07/18 08:11:44 | 000,208,264 | ---- | M] ( ) [Auto | Running] -- C:\Program Files\GbPlugin\gbpsv.exe -- (GbpSv)
SRV - [2010/01/07 10:22:52 | 000,192,512 | ---- | M] (Mediafour Corporation) [Auto | Running] -- C:\Program Files\Mediafour\MacDrive 8\MacDrive8Service.exe -- (MacDrive8Service)
SRV - [2009/10/16 18:39:28 | 000,431,456 | ---- | M] (Seagate) [Auto | Running] -- C:\Program Files\Common Files\Seagate\Schedule2\schedul2.exe -- (SgtSch2Svc)
SRV - [2008/11/09 15:48:14 | 000,602,392 | ---- | M] (Yahoo! Inc.) [Auto | Running] -- C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe -- (YahooAUService)
SRV - [2008/09/08 07:59:00 | 000,575,488 | ---- | M] (Nokia.) [On_Demand | Stopped] -- C:\Program Files\PC Connectivity Solution\ServiceLayer.exe -- (ServiceLayer)
SRV - [2005/04/06 16:03:28 | 000,110,592 | ---- | M] () [Auto | Running] -- C:\Program Files\IVT Corporation\BlueSoleil\BTNtService.exe -- (BlueSoleil Hid Service)
SRV - [2004/07/29 04:02:34 | 001,269,760 | ---- | M] (Symantec Corporation) [Auto | Running] -- C:\Program Files\Symantec\Norton Ghost\Agent\PQV2iSvc.exe -- (Norton Ghost)
SRV - [2004/07/29 02:53:58 | 000,053,248 | ---- | M] (GEAR Software) [Auto | Running] -- C:\WINDOWS\system32\gearsec.exe -- (GEARSecurity)


========== Driver Services (SafeList) ==========

DRV - File not found [Kernel | On_Demand | Stopped] -- -- (WDICA)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDRFRAME)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDRELI)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDFRAME)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDCOMP)
DRV - File not found [Kernel | System | Stopped] -- -- (PCIDump)
DRV - File not found [Kernel | System | Stopped] -- -- (lbrtfdc)
DRV - File not found [Kernel | System | Stopped] -- -- (i2omgmt)
DRV - File not found [Kernel | On_Demand | Stopped] -- M:\Installs (Windows Tweaks & Geeks)\CrystalCPUID\CrystalCPUID49\SysInfo.sys -- (CrystalSysInfo)
DRV - File not found [Kernel | System | Stopped] -- -- (Changer)
DRV - File not found [Kernel | On_Demand | Stopped] -- System32\Drivers\btcombus.sys -- (BTCOMBUS)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\DOCUME~1\Guy\LOCALS~1\Temp\AMDPCI.sys -- (AMDPCI)
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\AmdLLD.sys -- (AmdLLD)
DRV - [2012/05/19 11:33:05 | 000,477,240 | ---- | M] (Duplex Secure Ltd.) [Kernel | Boot | Running] -- C:\WINDOWS\system32\drivers\sptd.sys -- (sptd)
DRV - [2012/05/08 22:14:04 | 000,137,928 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\avipbb.sys -- (avipbb)
DRV - [2012/05/08 22:14:04 | 000,083,392 | ---- | M] (Avira GmbH) [File_System | Auto | Running] -- C:\WINDOWS\system32\drivers\avgntflt.sys -- (avgntflt)
DRV - [2012/03/11 14:58:18 | 000,049,240 | ---- | M] (NCH Software) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\stdriver32.sys -- (stdriver)
DRV - [2012/03/06 18:03:51 | 000,612,184 | ---- | M] (AVAST Software) [File_System | System | Running] -- C:\WINDOWS\System32\drivers\aswSnx.sys -- (aswSnx)
DRV - [2012/03/06 18:03:38 | 000,337,880 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\aswSP.sys -- (aswSP)
DRV - [2012/03/06 18:02:00 | 000,035,672 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\aswRdr.sys -- (AswRdr)
DRV - [2012/03/06 18:01:53 | 000,053,848 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\aswTdi.sys -- (aswTdi)
DRV - [2012/03/06 18:01:39 | 000,095,704 | ---- | M] (AVAST Software) [File_System | Auto | Running] -- C:\WINDOWS\System32\drivers\aswmon2.sys -- (aswMon2)
DRV - [2012/03/06 18:01:30 | 000,020,696 | ---- | M] (AVAST Software) [File_System | Auto | Running] -- C:\WINDOWS\System32\drivers\aswFsBlk.sys -- (aswFsBlk)
DRV - [2012/03/06 17:58:29 | 000,024,920 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\aavmker4.sys -- (Aavmker4)
DRV - [2012/03/01 20:48:23 | 000,023,456 | ---- | M] (Phoenix Technologies) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\DrvAgent32.sys -- (DrvAgent32)
DRV - [2011/11/25 01:26:04 | 000,013,440 | ---- | M] (June Fabrics Technology Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\pneteth.sys -- (pneteth)
DRV - [2011/10/11 15:00:32 | 000,036,000 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\avkmgr.sys -- (avkmgr)
DRV - [2011/10/06 11:33:49 | 000,441,760 | ---- | M] (Acronis) [Kernel | Boot | Running] -- C:\WINDOWS\system32\drivers\timntr.sys -- (timounter)
DRV - [2011/10/06 11:33:49 | 000,044,384 | ---- | M] (Acronis) [File_System | Auto | Running] -- C:\WINDOWS\system32\drivers\tifsfilt.sys -- (tifsfilter)
DRV - [2011/10/06 11:33:44 | 000,132,224 | ---- | M] (Acronis) [Kernel | Boot | Running] -- C:\WINDOWS\system32\drivers\snapman.sys -- (snapman)
DRV - [2011/10/06 11:33:35 | 000,368,480 | ---- | M] (Acronis) [Kernel | Boot | Running] -- C:\WINDOWS\system32\drivers\tdrpman.sys -- (tdrpman)
DRV - [2011/09/02 22:29:40 | 000,016,472 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\pwdrvio.sys -- (pwdrvio)
DRV - [2011/09/02 22:29:36 | 000,011,104 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\pwdspio.sys -- (pwdspio)
DRV - [2011/07/18 08:13:36 | 000,043,600 | ---- | M] (GAS Tecnologia) [Kernel | Boot | Running] -- C:\WINDOWS\system32\drivers\gbpkm.sys -- (GbpKm)
DRV - [2011/06/09 16:05:11 | 000,121,464 | ---- | M] (SlySoft, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\AnyDVD.sys -- (AnyDVD)
DRV - [2011/01/12 21:15:08 | 000,121,192 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ssadbus.sys -- (ssadbus) SAMSUNG Android USB Composite Device driver (WDM)
DRV - [2010/06/24 13:46:12 | 000,028,256 | ---- | M] (Applian Technologies Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\appliand.sys -- (appliandMP)
DRV - [2010/06/24 13:46:12 | 000,028,256 | ---- | M] (Applian Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\appliand.sys -- (appliand)
DRV - [2010/06/17 15:14:27 | 000,028,520 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\ssmdrv.sys -- (ssmdrv)
DRV - [2010/04/28 08:44:02 | 000,054,760 | ---- | M] (Microsoft Corporation) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\fssfltr_tdi.sys -- (fssfltr)
DRV - [2010/04/06 18:33:10 | 000,025,864 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\btnetBus.sys -- (btnetBUs)
DRV - [2010/04/06 18:32:48 | 000,023,048 | ---- | M] (IVT Corporation.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\IvtBtBus.sys -- (IvtBtBUs)
DRV - [2010/04/06 18:32:44 | 000,020,104 | ---- | M] (IVT Corporation.) [Kernel | Boot | Running] -- C:\WINDOWS\system32\drivers\BtHidBus.sys -- (BtHidBus)
DRV - [2010/03/08 21:52:44 | 000,004,096 | ---- | M] () [Kernel | Unavailable | Unknown] -- C:\Program Files\Unlocker\UnlockerDriver5.sys -- (UnlockerDriver5)
DRV - [2010/02/04 10:52:16 | 000,231,016 | ---- | M] (Mediafour Corporation) [File_System | Boot | Running] -- C:\WINDOWS\System32\drivers\MDFSYSNT.SYS -- (MDFSYSNT)
DRV - [2010/01/22 11:20:34 | 000,029,792 | ---- | M] (Mediafour Corporation) [Kernel | Boot | Running] -- C:\WINDOWS\System32\drivers\MDPMGRNT.SYS -- (MDPMGRNT)
DRV - [2010/01/13 11:15:52 | 000,057,800 | ---- | M] (EldoS Corporation) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\CBDisk.sys -- (CBDisk)
DRV - [2009/08/26 15:10:26 | 000,213,544 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\b57xp32.sys -- (b57w2k)
DRV - [2009/07/10 21:33:36 | 001,015,424 | ---- | M] (Ralink Technology, Corp.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\rt2860.sys -- (RT80x86)
DRV - [2009/06/23 09:37:10 | 003,486,336 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\snp2uvc.sys -- (SNP2UVC) USB2.0 PC Camera (SNP2UVC)
DRV - [2009/04/28 10:08:40 | 000,461,824 | ---- | M] (PixArt Imaging Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\PAC7302.SYS -- (PAC7302)
DRV - [2008/12/03 01:32:06 | 001,519,424 | R--- | M] (C-Media Inc) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\cmudax3.sys -- (cmuda3)
DRV - [2008/10/09 15:42:42 | 000,017,408 | ---- | M] (Windows ® Codename Longhorn DDK provider) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\KMWDFILTER.sys -- (KMWDFILTER)
DRV - [2008/08/26 10:26:12 | 000,018,816 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\pccsmcfd.sys -- (pccsmcfd)
DRV - [2008/04/29 15:34:02 | 000,401,280 | ---- | M] (YUAN High-Tech Development Co. Ltd.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\OmniTV.sys -- (OmniTV)
DRV - [2008/04/13 13:46:22 | 000,015,232 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\MPE.sys -- (MPE)
DRV - [2008/04/13 13:36:41 | 000,063,744 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\mf.sys -- (mf)
DRV - [2007/10/25 18:31:08 | 000,616,064 | ---- | M] (PixArt Imaging Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\PFC027.SYS -- (PAC207)
DRV - [2007/07/02 06:40:34 | 000,201,216 | R--- | M] (Trident Multimedia Technologies Co.,Ltd) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\TridVid.sys -- (TridVid)
DRV - [2007/04/16 21:46:00 | 000,033,792 | ---- | M] (Advanced Micro Devices) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\AmdPPM.sys -- (AmdPPM)
DRV - [2006/12/04 10:36:10 | 000,203,264 | ---- | M] (Pinnacle Systems) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\bender.sys -- (BENDER)
DRV - [2006/11/18 00:51:01 | 000,137,884 | R--- | M] (MCCI) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\sscdmdm.sys -- (sscdmdm)
DRV - [2006/11/18 00:51:01 | 000,080,272 | R--- | M] (MCCI) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\sscdbus.sys -- (sscdbus) SAMSUNG USB Composite Device driver (WDM)
DRV - [2006/11/18 00:51:01 | 000,010,864 | R--- | M] (MCCI) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\sscdmdfl.sys -- (sscdmdfl)
DRV - [2006/11/02 07:00:08 | 000,039,368 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\winusb.sys -- (WinUSB)
DRV - [2006/09/28 16:32:14 | 000,009,472 | ---- | M] (June Fabrics Technology) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\pnetmdm.sys -- (pnetmdm)
DRV - [2006/05/03 11:50:42 | 001,540,608 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ati2mtag.sys -- (ati2mtag)
DRV - [2006/01/12 09:49:04 | 000,105,600 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\cxfalcon.sys -- (CXFALCON)
DRV - [2005/09/23 23:18:32 | 000,171,520 | ---- | M] (Pinnacle Systems GmbH) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\MarvinBus.sys -- (MarvinBus)
DRV - [2005/06/20 23:08:44 | 002,324,480 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ALCXWDM.SYS -- (ALCXWDM) Service for Realtek AC97 Audio (WDM)
DRV - [2005/05/31 15:40:20 | 000,020,480 | ---- | M] (IVT Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\blueletaudio.sys -- (BlueletAudio)
DRV - [2005/05/31 09:42:28 | 000,023,000 | ---- | M] (IVT Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\btcusb.sys -- (Btcsrusb)
DRV - [2005/04/30 14:50:20 | 000,011,860 | ---- | M] () [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\vbtenum.sys -- (BTHidEnum)
DRV - [2005/04/30 14:50:10 | 000,028,271 | ---- | M] (IVT Corporation) [Kernel | Boot | Running] -- C:\WINDOWS\system32\drivers\BTHidMgr.sys -- (BTHidMgr)
DRV - [2005/04/30 14:48:58 | 000,010,804 | ---- | M] (IVT Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\BtNetDrv.sys -- (BT)
DRV - [2005/03/25 17:18:48 | 000,082,148 | ---- | M] (IVT Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\VcommMgr.sys -- (VcommMgr)
DRV - [2005/01/27 15:26:50 | 000,029,696 | ---- | M] (AMD) [Kernel | Boot | Running] -- C:\WINDOWS\system32\drivers\AmdBusDr.sys -- (amdbusdr)
DRV - [2005/01/27 15:26:44 | 000,041,216 | ---- | M] (AMD) [Kernel | Boot | Running] -- C:\WINDOWS\system32\drivers\AmdEide.sys -- (AMDEIDE)
DRV - [2004/12/16 16:32:54 | 000,013,304 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\BTNetFilter.sys -- (BTNetFilter)
DRV - [2004/10/19 13:37:38 | 000,061,312 | ---- | M] (IVT Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\VComm.sys -- (VComm)
DRV - [2004/07/29 04:13:28 | 000,046,779 | ---- | M] (PowerQuest Corporation) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\PQIMount.sys -- (PQIMount)
DRV - [2004/07/29 03:33:08 | 000,138,780 | ---- | M] (StorageCraft) [File_System | Boot | Running] -- C:\WINDOWS\System32\drivers\PQV2i.sys -- (PQV2i)
DRV - [2003/08/22 15:25:16 | 000,027,648 | ---- | M] (Advanced Micro Devices, Inc.) [Kernel | Boot | Running] -- C:\WINDOWS\system32\drivers\amdagp8p.sys -- (amdagp8p)
DRV - [2003/08/06 10:43:04 | 000,159,744 | ---- | M] (Promise Technology, Inc.) [Kernel | Boot | Running] -- C:\WINDOWS\system32\drivers\Fasttx2k.sys -- (fasttx2k)
DRV - [2003/07/09 17:25:50 | 000,038,784 | ---- | M] (AMD) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\AMDAC97.sys -- (AMDAC97) AMD AC'97 Audio Driver (WDM)
DRV - [2002/10/15 22:41:06 | 000,102,220 | ---- | M] (Sony Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\sonypvs1.sys -- (sonypvs1)
DRV - [2002/09/16 17:14:32 | 000,004,228 | ---- | M] (PowerQuest Corporation) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\PQNTDRV.sys -- (PQNTDrv)
DRV - [2001/08/17 13:12:22 | 000,010,368 | ---- | M] (Brother Industries Ltd.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\BrUsbScn.sys -- (BrUsbScn)
DRV - [2001/08/17 13:12:12 | 000,002,944 | ---- | M] (Brother Industries Ltd.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\BrFilt.sys -- (brfilt)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://search.live.com/results.aspx?q={searchTerms}&src={referrer:source?}


IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0



IE - HKU\S-1-5-21-839522115-842925246-725345543-1003\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://home.suddenlink.net/
IE - HKU\S-1-5-21-839522115-842925246-725345543-1003\..\SearchScopes,DefaultScope = {28213585-3597-4286-9A79-8D9B9D38EDAC}
IE - HKU\S-1-5-21-839522115-842925246-725345543-1003\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://search.live.com/results.aspx?q={searchTerms}&src=IE-SearchBox&Form=IE8SRC
IE - HKU\S-1-5-21-839522115-842925246-725345543-1003\..\SearchScopes\{28213585-3597-4286-9A79-8D9B9D38EDAC}: "URL" = http://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:{language}:{referrer:source}&ie={inputEncoding?}&oe={outputEncoding?}
IE - HKU\S-1-5-21-839522115-842925246-725345543-1003\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

========== FireFox ==========

FF - prefs.js..browser.search.param.yahoo-fr: "chrf-ytbm"
FF - prefs.js..browser.search.param.yahoo-fr-cjkt: "chrf-ytbm"
FF - prefs.js..browser.search.param.yahoo-type: "${8}"
FF - prefs.js..browser.startup.homepage: "http://www.hulu.com/"
FF - prefs.js..extensions.enabledItems: {E2883E8F-472F-4fb0-9522-AC9BF37916A7}:1.6.2.63
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}:6.0.20
FF - prefs.js..extensions.enabledItems: jqs@sun.com:1.0
FF - prefs.js..extensions.enabledItems: {AB2CE124-6272-4b12-94A9-7303C7397BD1}:5.0.0.6778
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}:6.0.21
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}:6.0.22
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}:6.0.23
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}:6.0.24
FF - prefs.js..extensions.enabledItems: {87F8774F-B485-47E2-A755-A40A8A5E886C}:1.0.18.2


FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\WINDOWS\system32\Macromed\Flash\NPSWF32_11_2_202_235.dll ()
FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\WINDOWS\system32\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.)
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@ei.Retrogamer_2z.com/Plugin: C:\Program Files\Retrogamer_2zEI\Installr\2.bin\NP2zEISB.dll (Retrogamer)
FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF - HKLM\Software\MozillaPlugins\@google.com/npPicasa3,version=3.0.0: C:\Program Files\Google\Picasa3\npPicasa3.dll (Google, Inc.)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@messenger.yahoo.com/YahooMessengerStatePlugin;version=1.0.0.6: C:\Program Files\Yahoo!\Shared\npYState.dll (Yahoo! Inc.)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files\Microsoft Silverlight\5.1.10411.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\PROGRA~1\MICROS~2\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=14.0.8117.0416: C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: C:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.111\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.111\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@videolan.org/vlc,version=2.0.1: C:\Program Files\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\wrc@avast.com: C:\Program Files\AVAST Software\Avast\WebRep\FF [2012/05/14 02:04:17 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 10.0.2\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2012/03/13 00:35:21 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 10.0.2\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2012/04/12 17:35:33 | 000,000,000 | ---D | M]

[2010/04/19 14:46:29 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Guy\Application Data\Mozilla\Extensions
[2012/05/17 11:14:56 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Guy\Application Data\Mozilla\Firefox\Profiles\qgj1br4f.default\extensions
[2010/05/31 04:49:22 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Documents and Settings\Guy\Application Data\Mozilla\Firefox\Profiles\qgj1br4f.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}(2)
[2012/04/28 15:17:05 | 000,000,000 | ---D | M] (Yahoo! Toolbar) -- C:\Documents and Settings\Guy\Application Data\Mozilla\Firefox\Profiles\qgj1br4f.default\extensions\{635abd67-4fe9-1b23-4f01-e679fa7484c1}
[2012/02/13 23:23:40 | 000,000,000 | ---D | M] (Modulo de Seguranca - Banco do Brasil) -- C:\Documents and Settings\Guy\Application Data\Mozilla\Firefox\Profiles\qgj1br4f.default\extensions\{87F8774F-B485-47E2-A755-A40A8A5E886C}
[2012/05/17 11:14:56 | 000,000,000 | ---D | M] ("Free YouTube Download (Free Studio) Menu") -- C:\Documents and Settings\Guy\Application Data\Mozilla\Firefox\Profiles\qgj1br4f.default\extensions\{ACAA314B-EEBA-48e4-AD47-84E31C44796C}
[2010/06/01 12:40:22 | 000,000,000 | ---D | M] (Adobe DLM (powered by getPlus®)) -- C:\Documents and Settings\Guy\Application Data\Mozilla\Firefox\Profiles\qgj1br4f.default\extensions\{E2883E8F-472F-4fb0-9522-AC9BF37916A7}
[2012/04/15 17:56:37 | 000,000,000 | ---D | M] (Iplex to ALLPlayer) -- C:\Documents and Settings\Guy\Application Data\Mozilla\Firefox\Profiles\qgj1br4f.default\extensions\IplextoALL@ALLPlayer.org
[2011/11/16 20:43:41 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
[2011/10/25 22:05:54 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions\{AB2CE124-6272-4b12-94A9-7303C7397BD1}
[2012/03/13 00:35:21 | 000,134,104 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browsercomps.dll
[2011/02/02 22:40:24 | 000,472,808 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\mozilla firefox\plugins\npdeployJava1.dll
[2010/11/12 11:25:00 | 000,076,288 | ---- | M] (Foxit Software Company) -- C:\Program Files\mozilla firefox\plugins\npFoxitReaderPlugin.dll
[2012/02/13 23:23:17 | 000,002,252 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\bing.xml
[2012/02/13 23:23:17 | 000,002,040 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\twitter.xml

O1 HOSTS File: ([2012/05/15 04:41:19 | 000,000,736 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (avast! WebRep) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
O2 - BHO: (Office Document Cache Handler) - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
O2 - BHO: (GbIehObj Class) - {C41A1C0E-EA6C-11D4-B1B8-444553540000} - C:\Program Files\GbPlugin\gbieh.dll (Banco do Brasil)
O3 - HKLM\..\Toolbar: (avast! WebRep) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
O3 - HKU\S-1-5-21-839522115-842925246-725345543-1003\..\Toolbar\WebBrowser: (no name) - {D4027C7F-154A-4066-A1AD-4243D8127440} - No CLSID value found.
O4 - HKLM..\Run: [APSDaemon] C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.)
O4 - HKLM..\Run: [avast] C:\Program Files\AVAST Software\Avast\avastUI.exe (AVAST Software)
O4 - HKLM..\Run: [avgnt] C:\Program Files\Avira\AntiVir Desktop\avgnt.exe (Avira Operations GmbH & Co. KG)
O4 - HKLM..\Run: [BluetoothAuthenticationAgent] C:\WINDOWS\System32\bthprops.cpl (Microsoft Corporation)
O4 - HKLM..\Run: [Getting started with MacDrive 8] C:\Program Files\Mediafour\MacDrive 8\MDGetStarted.exe (Mediafour Corporation)
O4 - HKLM..\Run: [MacDrive 8 application] C:\Program Files\Mediafour\MacDrive 8\MacDrive.exe (Mediafour Corporation)
O4 - HKLM..\Run: [Ptipbmf] C:\WINDOWS\System32\ptipbmf.dll (Promise Technology, Inc.)
O4 - HKLM..\Run: [ScreenPrint32] C:\Program Files\ScreenPrint32 v3\ScreenPrint32.exe (Provtech Limited)
O4 - HKLM..\Run: [snp2uvc] C:\WINDOWS\vsnp2uvc.exe (Sonix)
O4 - HKLM..\Run: [Wondershare Helper Compact.exe] C:\Program Files\Common Files\Wondershare\Wondershare Helper Compact\WSHelper.exe (Wondershare)
O4 - Startup: C:\Documents and Settings\Guy\Start Menu\Programs\Startup\ERUNT AutoBackup.lnk = C:\Program Files\ERUNT\AUTOBACK.EXE ()
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoCDBurning = 1
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-21-839522115-842925246-725345543-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O8 - Extra context menu item: Free YouTube Download - C:\Documents and Settings\Guy\Application Data\DVDVideoSoftIEHelpers\freeytvdownloader.htm ()
O8 - Extra context menu item: Free YouTube to MP3 Converter - C:\Documents and Settings\Guy\Application Data\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm ()
O9 - Extra Button: Run WinHTTrack - {36ECAF82-3300-8F84-092E-AFF36D6C7040} - C:\Program Files\WinHTTrack\WinHTTrackIEBar.dll ()
O9 - Extra 'Tools' menuitem : Launch WinHTTrack - {36ECAF82-3300-8F84-092E-AFF36D6C7040} - C:\Program Files\WinHTTrack\WinHTTrackIEBar.dll ()
O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\WINDOWS\system32\nwprovau.dll (Microsoft Corporation)
O15 - HKU\S-1-5-21-839522115-842925246-725345543-1003\..Trusted Domains: bancobrasil.com.br ([www] * in Trusted sites)
O15 - HKU\S-1-5-21-839522115-842925246-725345543-1003\..Trusted Domains: bancobrasil.com.br ([www14] * in Trusted sites)
O15 - HKU\S-1-5-21-839522115-842925246-725345543-1003\..Trusted Domains: bancobrasil.com.br ([www2] * in Trusted sites)
O15 - HKU\S-1-5-21-839522115-842925246-725345543-1003\..Trusted Domains: bb.com.br ([www] * in Trusted sites)
O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} http://download.macromedia.com/pub/shockwave/cabs/director/sw.cab (Shockwave ActiveX Control)
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} http://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1252877502441 (WUWebControl Class)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab (Java Plug-in 1.6.0_24)
O16 - DPF: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab (Java Plug-in 1.6.0_24)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab (Java Plug-in 1.6.0_24)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.)
O16 - DPF: Garmin Communicator Plug-In https://static.garmincdn.com/gcp/ie/2.9.2.0/GarminAxControl.CAB (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 208.180.42.100 208.180.42.68
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{39952A7E-90BF-40A8-B01C-D703E6DB3139}: DhcpNameServer = 208.180.42.100 208.180.42.68
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\WINDOWS\system32\userinit.exe) - C:\WINDOWS\system32\userinit.exe (Microsoft Corporation)
O20 - Winlogon\Notify\ GbPluginBb: DllName - (C:\Program Files\GbPlugin\gbieh.dll) - C:\Program Files\GbPlugin\gbieh.dll (Banco do Brasil)
O20 - Winlogon\Notify\AtiExtEvent: DllName - (Ati2evxx.dll) - C:\WINDOWS\System32\ati2evxx.dll (ATI Technologies Inc.)
O20 - Winlogon\Notify\profsem: DllName - (C:\Documents and Settings\NetworkService\Local Settings\Application Data\profsem.dll) - File not found
O20 - Winlogon\Notify\WgaLogon: DllName - (WgaLogon.dll) - C:\WINDOWS\System32\WgaLogon.dll ()
O24 - Desktop WallPaper: C:\WINDOWS\Web\Wallpaper\Bliss.bmp
O24 - Desktop BackupWallPaper: C:\WINDOWS\Web\Wallpaper\Bliss.bmp
O28 - HKLM ShellExecuteHooks: {E37CB5F0-51F5-4395-A808-5FA49E399F83} - C:\Program Files\GbPlugin\gbieh.dll (Banco do Brasil)
O30 - LSA: Authentication Packages - (relog_ap) - C:\WINDOWS\System32\relog_ap.dll (Acronis)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2009/09/13 15:08:10 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O32 - AutoRun File - [2009/09/13 15:08:10 | 000,000,000 | ---- | M] () - F:\AUTOEXEC.BAT -- [ NTFS ]
O33 - MountPoints2\{af8d7ccf-a0a2-11de-99d2-b59feb0cf639}\Shell - "" = AutoRun
O33 - MountPoints2\{af8d7ccf-a0a2-11de-99d2-b59feb0cf639}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{af8d7ccf-a0a2-11de-99d2-b59feb0cf639}\Shell\AutoRun\command - "" = E:\LaunchU3.exe -a
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)

========== Files/Folders - Created Within 30 Days ==========

[2012/05/19 11:58:24 | 000,595,456 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Guy\Desktop\OTL.exe
[2012/05/19 11:33:05 | 000,477,240 | ---- | C] (Duplex Secure Ltd.) -- C:\WINDOWS\System32\drivers\sptd.sys
[2012/05/19 03:09:57 | 000,005,376 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\MSPCLOCK.sys
[2012/05/19 03:04:18 | 000,299,923 | ---- | C] (Sony Corporation) -- C:\WINDOWS\System32\drivers\sonyhcs.sys
[2012/05/19 03:04:18 | 000,053,248 | ---- | C] (Sony Corporation) -- C:\WINDOWS\System32\SONYHCY.DLL
[2012/05/19 03:04:18 | 000,038,739 | ---- | C] (Sony Corporation) -- C:\WINDOWS\System32\drivers\sonyhcc.sys
[2012/05/19 03:04:18 | 000,006,097 | ---- | C] (Sony Corporation) -- C:\WINDOWS\System32\drivers\sonyhcb.sys
[2012/05/19 03:04:17 | 000,102,220 | ---- | C] (Sony Corporation) -- C:\WINDOWS\System32\drivers\sonypvs1.sys
[2012/05/19 03:04:17 | 000,000,000 | ---D | C] -- C:\Drivers
[2012/05/18 21:44:12 | 000,000,000 | ---D | C] -- C:\TDSSKiller_Quarantine
[2012/05/17 11:21:44 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Guy\Local Settings\Application Data\Wondershare
[2012/05/17 11:21:41 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Wondershare
[2012/05/17 11:21:37 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Wondershare
[2012/05/17 11:20:39 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Guy\My Documents\Wondershare Video Editor
[2012/05/17 11:20:39 | 000,000,000 | ---D | C] -- C:\Program Files\Wondershare
[2012/05/17 11:14:55 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Guy\Application Data\DVDVideoSoftIEHelpers
[2012/05/17 11:14:38 | 000,405,176 | ---- | C] (Newtonsoft) -- C:\WINDOWS\System32\Newtonsoft.Json.Net20.dll
[2012/05/17 11:01:09 | 002,557,952 | ---- | C] (Nokia Corporation and/or its subsidiary(-ies)) -- C:\WINDOWS\System32\QtCore4.dll
[2012/05/17 11:01:09 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\DVDVideoSoft
[2012/05/17 11:00:43 | 000,000,000 | ---D | C] -- C:\Program Files\DVDVideoSoft
[2012/05/16 22:09:23 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\SlySoft
[2012/05/16 00:27:50 | 000,000,000 | ---D | C] -- C:\My Drivers
[2012/05/16 00:27:15 | 000,110,592 | ---- | C] (Common Controls Replacement Project (CCRP)) -- C:\WINDOWS\System32\ccrpbds6.dll
[2012/05/16 00:27:09 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\DriverGuide Toolkit
[2012/05/16 00:27:08 | 000,000,000 | ---D | C] -- C:\Program Files\DriverGuide Toolkit
[2012/05/15 15:13:32 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\iTunes
[2012/05/15 15:10:48 | 000,000,000 | ---D | C] -- C:\Program Files\iPod
[2012/05/15 15:10:20 | 000,000,000 | ---D | C] -- C:\Program Files\iTunes
[2012/05/15 11:45:20 | 000,000,000 | ---D | C] -- C:\WINDOWS\ERDNT
[2012/05/15 11:37:58 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\ERUNT
[2012/05/15 11:37:56 | 000,000,000 | ---D | C] -- C:\Program Files\ERUNT
[2012/05/15 04:41:54 | 000,000,000 | ---D | C] -- C:\ERDNT
[2012/05/15 02:34:02 | 000,162,816 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\netbt.sys
[2012/05/15 02:33:47 | 000,075,264 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\ipsec.sys
[2012/05/14 02:05:05 | 000,337,880 | ---- | C] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswSP.sys
[2012/05/14 02:05:05 | 000,020,696 | ---- | C] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswFsBlk.sys
[2012/05/14 02:05:05 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\avast! Free Antivirus
[2012/05/14 02:04:59 | 000,612,184 | ---- | C] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswSnx.sys
[2012/05/14 02:04:59 | 000,053,848 | ---- | C] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswTdi.sys
[2012/05/14 02:04:59 | 000,035,672 | ---- | C] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswRdr.sys
[2012/05/14 02:04:58 | 000,095,704 | ---- | C] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswmon2.sys
[2012/05/14 02:04:58 | 000,089,048 | ---- | C] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswmon.sys
[2012/05/14 02:04:58 | 000,024,920 | ---- | C] (AVAST Software) -- C:\WINDOWS\System32\drivers\aavmker4.sys
[2012/05/14 02:03:32 | 000,041,184 | ---- | C] (AVAST Software) -- C:\WINDOWS\avastSS.scr
[2012/05/14 02:03:26 | 000,201,352 | ---- | C] (AVAST Software) -- C:\WINDOWS\System32\aswBoot.exe
[2012/05/14 02:02:07 | 000,000,000 | ---D | C] -- C:\Program Files\AVAST Software
[2012/05/14 02:02:07 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\AVAST Software
[2012/05/14 00:57:11 | 000,000,000 | ---D | C] -- C:\Program Files\Spybot - Search & Destroy
[2012/05/14 00:57:11 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
[2012/05/12 13:21:13 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NetworkService\Application Data\Sun
[2012/05/12 12:34:48 | 000,138,496 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\afd.sys
[2012/05/12 12:29:41 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Guy\Desktop\NetBT recovery
[2012/05/12 02:30:10 | 000,068,608 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\iisext51.dll
[2012/05/12 02:30:10 | 000,064,512 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\iismap.dll
[2012/05/12 02:29:51 | 000,020,538 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\fpremadm.exe
[2012/05/12 02:29:50 | 000,598,071 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\fpmmc.dll
[2012/05/12 02:29:50 | 000,208,896 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\fpmmcsat.dll
[2012/05/12 02:29:50 | 000,020,541 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\fpexedll.dll
[2012/05/12 02:29:49 | 000,188,494 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\fpcount.exe
[2012/05/12 02:29:49 | 000,109,840 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\fp98swin.exe
[2012/05/12 02:29:48 | 000,876,653 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\fp4awel.dll
[2012/05/12 02:29:48 | 000,015,120 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\fp98sadm.exe
[2012/05/12 02:29:47 | 000,049,212 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\fp4awebs.dll
[2012/05/12 02:29:47 | 000,041,020 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\fp4avnb.dll
[2012/05/12 02:29:47 | 000,032,826 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\fp4avss.dll
[2012/05/12 02:29:46 | 000,102,509 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\fp4atxt.dll
[2012/05/12 02:29:46 | 000,049,210 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\fp4areg.dll
[2012/05/12 02:29:45 | 000,184,435 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\fp4amsft.dll
[2012/05/12 02:29:45 | 000,147,513 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\fp4apws.dll
[2012/05/12 02:29:45 | 000,082,035 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\fp4anscp.dll
[2012/05/12 02:29:43 | 000,046,592 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\coadmin.dll
[2012/05/12 02:29:42 | 000,188,480 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\cfgwiz.exe
[2012/05/12 02:29:42 | 000,076,288 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\cnfgprts.ocx
[2012/05/12 02:29:41 | 000,275,968 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\certwiz.ocx
[2012/05/12 02:29:22 | 000,020,540 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\author.dll
[2012/05/12 02:29:22 | 000,016,439 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\author.exe
[2012/05/12 02:29:20 | 000,290,816 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\adsiis51.dll
[2012/05/12 02:29:20 | 000,043,520 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\admwprox.dll
[2012/05/12 02:29:20 | 000,016,439 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\admin.exe
[2012/05/12 02:29:19 | 000,020,540 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\admin.dll
[2012/05/12 02:21:15 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NetworkService\Application Data\Apple Computer
[2012/05/12 01:50:24 | 000,116,224 | ---- | C] (Xerox) -- C:\WINDOWS\System32\dllcache\xrxwiadr.dll
[2012/05/12 01:50:24 | 000,023,040 | ---- | C] (Xerox Corporation) -- C:\WINDOWS\System32\dllcache\xrxwbtmp.dll
[2012/05/12 01:50:22 | 000,004,608 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\xrxflnch.exe
[2012/05/12 01:50:12 | 000,099,865 | ---- | C] (Eicon Technology) -- C:\WINDOWS\System32\dllcache\xlog.exe
[2012/05/12 01:50:11 | 000,016,970 | ---- | C] (US Robotics MCD (Megahertz)) -- C:\WINDOWS\System32\dllcache\xem336n5.sys
[2012/05/12 01:50:10 | 000,019,455 | ---- | C] (Intel® Corporation) -- C:\WINDOWS\System32\dllcache\wvchntxx.sys
[2012/05/12 01:50:07 | 000,012,063 | ---- | C] (Intel® Corporation) -- C:\WINDOWS\System32\dllcache\wsiintxx.sys
[2012/05/12 01:49:55 | 000,008,832 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\wmiacpi.sys
[2012/05/12 01:49:52 | 000,154,624 | ---- | C] (Lucent Technologies) -- C:\WINDOWS\System32\dllcache\wlluc48.sys
[2012/05/12 01:49:52 | 000,034,890 | ---- | C] (Raytheon Corp.) -- C:\WINDOWS\System32\dllcache\wlandrv2.sys
[2012/05/12 01:49:49 | 000,771,581 | ---- | C] (Rockwell) -- C:\WINDOWS\System32\dllcache\winacisa.sys
[2012/05/12 01:49:48 | 000,087,040 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\wiafbdrv.dll
[2012/05/12 01:49:48 | 000,053,760 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\wiamsmud.dll
[2012/05/12 01:49:47 | 000,041,600 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\weitekp9.dll
[2012/05/12 01:49:47 | 000,031,232 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\weitekp9.sys
[2012/05/12 01:49:46 | 000,701,386 | ---- | C] (3Com Corporation) -- C:\WINDOWS\System32\dllcache\wdhaalba.sys
[2012/05/12 01:49:45 | 000,023,615 | ---- | C] (Intel® Corporation) -- C:\WINDOWS\System32\dllcache\wch7xxnt.sys
[2012/05/12 01:49:44 | 000,031,744 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\wceusbsh.sys
[2012/05/12 01:49:43 | 000,035,871 | ---- | C] (Winbond Electronics Corp.) -- C:\WINDOWS\System32\dllcache\wbfirdma.sys
[2012/05/12 01:49:41 | 000,033,599 | ---- | C] (Intel® Corporation) -- C:\WINDOWS\System32\dllcache\watv04nt.sys
[2012/05/12 01:49:40 | 000,019,551 | ---- | C] (Intel® Corporation) -- C:\WINDOWS\System32\dllcache\watv02nt.sys
[2012/05/12 01:49:39 | 000,029,311 | ---- | C] (Intel® Corporation) -- C:\WINDOWS\System32\dllcache\watv01nt.sys
[2012/05/12 01:49:38 | 000,009,216 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\wamps51.dll
[2012/05/12 01:49:36 | 000,011,775 | ---- | C] (Intel® Corporation) -- C:\WINDOWS\System32\dllcache\wadv05nt.sys
[2012/05/12 01:49:35 | 000,012,127 | ---- | C] (Intel® Corporation) -- C:\WINDOWS\System32\dllcache\wadv02nt.sys
[2012/05/12 01:49:34 | 000,012,415 | ---- | C] (Intel® Corporation) -- C:\WINDOWS\System32\dllcache\wadv01nt.sys
[2012/05/12 01:49:33 | 000,019,528 | ---- | C] (Winbond Electronics Corporation) -- C:\WINDOWS\System32\dllcache\w840nd.sys
[2012/05/12 01:49:33 | 000,019,016 | ---- | C] (Winbond Electronics Corporation) -- C:\WINDOWS\System32\dllcache\w926nd.sys
[2012/05/12 01:49:33 | 000,016,925 | ---- | C] (Winbond Electronics Corporation) -- C:\WINDOWS\System32\dllcache\w940nd.sys
[2012/05/12 01:49:32 | 000,073,728 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\w3ext.dll
[2012/05/12 01:49:32 | 000,005,632 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\w3svapi.dll
[2012/05/12 01:49:32 | 000,004,608 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\w3ctrs51.dll
[2012/05/12 01:49:31 | 000,064,605 | ---- | C] (PCtel, Inc.) -- C:\WINDOWS\System32\dllcache\vvoice.sys
[2012/05/12 01:49:31 | 000,048,256 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\w32.dll
[2012/05/12 01:49:30 | 000,397,502 | ---- | C] (PCtel, Inc.) -- C:\WINDOWS\System32\dllcache\vpctcom.sys
[2012/05/12 01:49:29 | 000,604,253 | ---- | C] (PCTEL, INC.) -- C:\WINDOWS\System32\dllcache\vmodem.sys
[2012/05/12 01:49:29 | 000,249,402 | ---- | C] (Xircom) -- C:\WINDOWS\System32\dllcache\vinwm.sys
[2012/05/12 01:49:29 | 000,024,576 | ---- | C] (VIA Technologies, Inc.) -- C:\WINDOWS\System32\dllcache\viairda.sys
[2012/05/12 01:49:27 | 000,005,376 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\viaide.sys
[2012/05/12 01:49:25 | 000,765,884 | ---- | C] (U.S. Robotics, Inc.) -- C:\WINDOWS\System32\dllcache\usrti.sys
[2012/05/12 01:49:25 | 000,687,999 | ---- | C] (U.S. Robotics Corporation) -- C:\WINDOWS\System32\dllcache\usrwdxjs.sys
[2012/05/12 01:49:25 | 000,113,762 | ---- | C] (U.S. Robotics Corporation) -- C:\WINDOWS\System32\dllcache\usrpda.sys
[2012/05/12 01:49:24 | 000,224,802 | ---- | C] (U.S. Robotics Corporation) -- C:\WINDOWS\System32\dllcache\usr1807a.sys
[2012/05/12 01:49:24 | 000,007,556 | ---- | C] (U.S. Robotics Corporation) -- C:\WINDOWS\System32\dllcache\usroslba.sys
[2012/05/12 01:49:23 | 000,794,654 | ---- | C] (U.S. Robotics, Inc.) -- C:\WINDOWS\System32\dllcache\usr1801.sys
[2012/05/12 01:49:23 | 000,794,399 | ---- | C] (U.S. Robotics, Inc.) -- C:\WINDOWS\System32\dllcache\usr1806v.sys
[2012/05/12 01:49:23 | 000,793,598 | ---- | C] (U.S. Robotics, Inc.) -- C:\WINDOWS\System32\dllcache\usr1806.sys
[2012/05/12 01:49:21 | 000,026,112 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\usbser.sys
[2012/05/12 01:49:19 | 000,032,384 | ---- | C] (KLSI USA, Inc.) -- C:\WINDOWS\System32\dllcache\usb101et.sys
[2012/05/12 01:49:17 | 000,094,720 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\umaxud32.dll
[2012/05/12 01:49:17 | 000,069,632 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\umaxu12.dll
[2012/05/12 01:49:17 | 000,028,160 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\umaxu40.dll
[2012/05/12 01:49:17 | 000,026,624 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\umaxu22.dll
[2012/05/12 01:49:16 | 000,050,688 | ---- | C] (UMAX DATA SYSTEMS INC.) -- C:\WINDOWS\System32\dllcache\umaxscan.dll
[2012/05/12 01:49:16 | 000,050,176 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\umaxp60.dll
[2012/05/12 01:49:16 | 000,022,912 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\umaxpcls.sys
[2012/05/12 01:49:15 | 000,216,064 | ---- | C] (UMAX Data Systems Inc.) -- C:\WINDOWS\System32\dllcache\um34scan.dll
[2012/05/12 01:49:15 | 000,211,968 | ---- | C] (UMAX Data Systems Inc.) -- C:\WINDOWS\System32\dllcache\um54scan.dll
[2012/05/12 01:49:15 | 000,047,616 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\umaxcam.dll
[2012/05/12 01:49:14 | 000,036,736 | ---- | C] (Promise Technology, Inc.) -- C:\WINDOWS\System32\dllcache\ultra.sys
[2012/05/12 01:49:13 | 000,014,336 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\tsprof.exe
[2012/05/12 01:49:13 | 000,011,520 | ---- | C] (IBM Corporation) -- C:\WINDOWS\System32\dllcache\twotrack.sys
[2012/05/12 01:49:11 | 000,525,568 | ---- | C] (Trident Microsystems Inc.) -- C:\WINDOWS\System32\dllcache\tridxp.dll
[2012/05/12 01:49:11 | 000,166,784 | ---- | C] (Trident Microsystems Inc.) -- C:\WINDOWS\System32\dllcache\tridxpm.sys
[2012/05/12 01:49:10 | 000,440,576 | ---- | C] (Trident Microsystems Inc.) -- C:\WINDOWS\System32\dllcache\tridkb.dll
[2012/05/12 01:49:10 | 000,222,336 | ---- | C] (Trident Microsystems Inc.) -- C:\WINDOWS\System32\dllcache\trid3dm.sys
[2012/05/12 01:49:10 | 000,159,232 | ---- | C] (Trident Microsystems Inc.) -- C:\WINDOWS\System32\dllcache\tridkbm.sys
[2012/05/12 01:49:09 | 000,315,520 | ---- | C] (Trident Microsystems Inc.) -- C:\WINDOWS\System32\dllcache\trid3d.dll
[2012/05/12 01:49:09 | 000,034,375 | ---- | C] (Intel Corporation) -- C:\WINDOWS\System32\dllcache\tpro4.sys
[2012/05/12 01:49:08 | 000,042,496 | ---- | C] (IBM Corporation) -- C:\WINDOWS\System32\dllcache\tp4res.dll
[2012/05/12 01:49:07 | 000,082,944 | ---- | C] (IBM Corporation) -- C:\WINDOWS\System32\dllcache\tp4mon.exe
[2012/05/12 01:49:07 | 000,031,744 | ---- | C] (IBM Corporation) -- C:\WINDOWS\System32\dllcache\tp4.dll
[2012/05/12 01:49:06 | 000,230,912 | ---- | C] (Toshiba Corporation) -- C:\WINDOWS\System32\dllcache\tosdvd03.sys
[2012/05/12 01:49:06 | 000,004,992 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\toside.sys
[2012/05/12 01:49:05 | 000,241,664 | ---- | C] (Toshiba Corporation) -- C:\WINDOWS\System32\dllcache\tosdvd02.sys
[2012/05/12 01:49:05 | 000,028,232 | ---- | C] (TOSHIBA Corporation) -- C:\WINDOWS\System32\dllcache\tos4mo.sys
[2012/05/12 01:49:04 | 000,123,995 | ---- | C] (Tiger Jet Network) -- C:\WINDOWS\System32\dllcache\tjisdn.sys
[2012/05/12 01:49:03 | 000,185,344 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\thawbrkr.dll
[2012/05/12 01:49:02 | 000,138,528 | ---- | C] (Trident Microsystems Inc.) -- C:\WINDOWS\System32\dllcache\tgiulnt5.sys
[2012/05/12 01:49:02 | 000,081,408 | ---- | C] (Trident Microsystems Inc.) -- C:\WINDOWS\System32\dllcache\tgiul50.dll
[2012/05/12 01:49:01 | 000,149,376 | ---- | C] (M-Systems) -- C:\WINDOWS\System32\dllcache\tffsport.sys
[2012/05/12 01:49:00 | 000,037,961 | ---- | C] (TDK Corporation) -- C:\WINDOWS\System32\dllcache\tdk100b.sys
[2012/05/12 01:49:00 | 000,019,464 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\tdspx.sys
[2012/05/12 01:49:00 | 000,017,129 | ---- | C] (TDK Corporation) -- C:\WINDOWS\System32\dllcache\tdkcd31.sys
[2012/05/12 01:48:59 | 000,021,896 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\tdipx.sys
[2012/05/12 01:48:59 | 000,013,192 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\tdasync.sys
[2012/05/12 01:48:58 | 000,030,464 | ---- | C] (Toshiba Corporation) -- C:\WINDOWS\System32\dllcache\tbatm155.sys
[2012/05/12 01:48:57 | 000,007,040 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\tandqic.sys
[2012/05/12 01:48:56 | 000,172,768 | ---- | C] (Number Nine Visual Technology) -- C:\WINDOWS\System32\dllcache\t2r4disp.dll
[2012/05/12 01:48:56 | 000,036,640 | ---- | C] (Number Nine Visual Technology Corp.) -- C:\WINDOWS\System32\dllcache\t2r4mini.sys
[2012/05/12 01:48:54 | 000,032,640 | ---- | C] (LSI Logic) -- C:\WINDOWS\System32\dllcache\symc8xx.sys
[2012/05/12 01:48:54 | 000,030,688 | ---- | C] (LSI Logic) -- C:\WINDOWS\System32\dllcache\sym_u3.sys
[2012/05/12 01:48:54 | 000,028,384 | ---- | C] (LSI Logic) -- C:\WINDOWS\System32\dllcache\sym_hi.sys
[2012/05/12 01:48:54 | 000,016,256 | ---- | C] (Symbios Logic Inc.) -- C:\WINDOWS\System32\dllcache\symc810.sys
[2012/05/12 01:48:53 | 000,103,936 | ---- | C] (Perle Systems Ltd. ) -- C:\WINDOWS\System32\dllcache\sx.sys
[2012/05/12 01:48:53 | 000,094,293 | ---- | C] (Perle Systems Ltd. ) -- C:\WINDOWS\System32\dllcache\sxports.dll
[2012/05/12 01:48:53 | 000,003,968 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\swusbflt.sys
[2012/05/12 01:48:52 | 000,053,760 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\sw_wheel.dll
[2012/05/12 01:48:52 | 000,010,240 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\swpidflt.dll
[2012/05/12 01:48:52 | 000,010,240 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\swpdflt2.dll
[2012/05/12 01:48:51 | 000,041,472 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\sw_effct.dll
[2012/05/12 01:48:50 | 000,285,760 | ---- | C] (Stallion Technologies) -- C:\WINDOWS\System32\dllcache\stlnata.sys
[2012/05/12 01:48:50 | 000,155,648 | ---- | C] (Stallion Technologies) -- C:\WINDOWS\System32\dllcache\stlnprop.dll
[2012/05/12 01:48:50 | 000,053,248 | ---- | C] (Stallion Technologies) -- C:\WINDOWS\System32\dllcache\stlncoin.dll
[2012/05/12 01:48:49 | 000,016,896 | ---- | C] (SCM Microsystems, Inc.) -- C:\WINDOWS\System32\dllcache\stcusb.sys
[2012/05/12 01:48:49 | 000,016,896 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\status.dll
[2012/05/12 01:48:46 | 000,099,328 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\srusd.dll
[2012/05/12 01:48:46 | 000,048,736 | ---- | C] (3Com) -- C:\WINDOWS\System32\dllcache\srwlnd5.sys
[2012/05/12 01:48:45 | 000,101,376 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\srusbusd.dll
[2012/05/12 01:48:44 | 000,024,660 | ---- | C] (Perle Systems Ltd.) -- C:\WINDOWS\System32\dllcache\spxupchk.dll
[2012/05/12 01:48:42 | 000,106,584 | ---- | C] (Perle Systems Ltd.) -- C:\WINDOWS\System32\dllcache\spdports.dll
[2012/05/12 01:48:42 | 000,061,824 | ---- | C] (Perle Systems Ltd.) -- C:\WINDOWS\System32\dllcache\speed.sys
[2012/05/12 01:48:42 | 000,019,072 | ---- | C] (Adaptec, Inc.) -- C:\WINDOWS\System32\dllcache\sparrow.sys
[2012/05/12 01:48:41 | 000,114,688 | ---- | C] (Sony Corporation) -- C:\WINDOWS\System32\dllcache\sonypi.dll
[2012/05/12 01:48:41 | 000,037,040 | ---- | C] (Sony Corporation) -- C:\WINDOWS\System32\dllcache\sonypi.sys
[2012/05/12 01:48:41 | 000,007,552 | ---- | C] (Sony Corporation) -- C:\WINDOWS\System32\dllcache\sonypvu1.sys
[2012/05/12 01:48:40 | 000,020,752 | ---- | C] (Sony Corporation) -- C:\WINDOWS\System32\dllcache\sonync.sys
[2012/05/12 01:48:40 | 000,009,600 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\sonymc.sys
[2012/05/12 01:48:39 | 000,007,552 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\sonyait.sys
[2012/05/12 01:48:38 | 000,007,168 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\EXCH_snprfdll.dll
[2012/05/12 01:48:38 | 000,007,040 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\snyaitmc.sys
[2012/05/12 01:48:24 | 000,010,240 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\snmpstup.dll
[2012/05/12 01:48:22 | 000,012,288 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\EXCH_smtpctrs.dll
[2012/05/12 01:48:17 | 000,058,368 | ---- | C] (Silicon Motion Inc.) -- C:\WINDOWS\System32\dllcache\smiminib.sys
[2012/05/12 01:48:17 | 000,005,632 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\smimsgif.dll
[2012/05/12 01:48:17 | 000,005,632 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\smierrsy.dll
[2012/05/12 01:48:16 | 000,147,200 | ---- | C] (Silicon Motion Inc.) -- C:\WINDOWS\System32\dllcache\smidispb.dll
[2012/05/12 01:48:16 | 000,025,034 | ---- | C] (SMC Networks, Inc.) -- C:\WINDOWS\System32\dllcache\smcpwr2n.sys
[2012/05/12 01:48:16 | 000,015,872 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\smierrsm.dll
[2012/05/12 01:48:15 | 000,035,913 | ---- | C] (SMC) -- C:\WINDOWS\System32\dllcache\smcirda.sys
[2012/05/12 01:48:15 | 000,024,576 | ---- | C] (SMC Networks, Inc.) -- C:\WINDOWS\System32\dllcache\smc8000n.sys
[2012/05/12 01:48:15 | 000,006,784 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\smbhc.sys
[2012/05/12 01:48:13 | 000,006,912 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\smbclass.sys
[2012/05/12 01:48:12 | 000,045,568 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\smb3w.dll
[2012/05/12 01:48:12 | 000,033,792 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\smb0w.dll
[2012/05/12 01:48:12 | 000,031,744 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\smb6w.dll
[2012/05/12 01:48:12 | 000,016,000 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\smbbatt.sys
[2012/05/12 01:48:11 | 000,038,912 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\sm9aw.dll
[2012/05/12 01:48:11 | 000,031,744 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\sma3w.dll
[2012/05/12 01:48:11 | 000,028,672 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\sma0w.dll
[2012/05/12 01:48:10 | 000,028,160 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\sm91w.dll
[2012/05/12 01:48:10 | 000,026,624 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\sm93w.dll
[2012/05/12 01:48:10 | 000,026,624 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\sm92w.dll
[2012/05/12 01:48:10 | 000,026,112 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\sm90w.dll
[2012/05/12 01:48:09 | 000,029,184 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\sm8cw.dll
[2012/05/12 01:48:09 | 000,026,112 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\sm8dw.dll
[2012/05/12 01:48:09 | 000,026,112 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\sm8aw.dll
[2012/05/12 01:48:09 | 000,026,112 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\sm89w.dll
[2012/05/12 01:48:08 | 000,030,208 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\sm87w.dll
[2012/05/12 01:48:08 | 000,030,208 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\sm81w.dll
[2012/05/12 01:48:08 | 000,025,088 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\sm59w.dll
[2012/05/12 01:48:05 | 000,091,294 | ---- | C] (SysKonnect, a business unit of Schneider & Koch & Co. Datensysteme GmbH.) -- C:\WINDOWS\System32\dllcache\skfpwin.sys
[2012/05/12 01:48:05 | 000,063,547 | ---- | C] (Symbol Technologies) -- C:\WINDOWS\System32\dllcache\sla30nd5.sys
[2012/05/12 01:48:04 | 000,157,696 | ---- | C] (Silicon Integrated Systems Corporation) -- C:\WINDOWS\System32\dllcache\sisv256.dll
[2012/05/12 01:48:04 | 000,094,698 | ---- | C] (SysKonnect GmbH.) -- C:\WINDOWS\System32\dllcache\sk98xwin.sys
[2012/05/12 01:48:04 | 000,050,432 | ---- | C] (Silicon Integrated Systems Corporation) -- C:\WINDOWS\System32\dllcache\sisv.sys
[2012/05/12 01:48:03 | 000,032,768 | ---- | C] (SiS Corporation) -- C:\WINDOWS\System32\dllcache\sisnic.sys
[2012/05/12 01:48:02 | 000,238,592 | ---- | C] (Silicon Integrated Systems Corporation) -- C:\WINDOWS\System32\dllcache\sisgrv.dll
[2012/05/12 01:48:02 | 000,150,144 | ---- | C] (Silicon Integrated Systems Corporation) -- C:\WINDOWS\System32\dllcache\sis6306v.dll
[2012/05/12 01:48:02 | 000,104,064 | ---- | C] (Silicon Integrated Systems Corporation) -- C:\WINDOWS\System32\dllcache\sisgrp.sys
[2012/05/12 01:48:01 | 000,252,032 | ---- | C] (Silicon Integrated Systems Corporation) -- C:\WINDOWS\System32\dllcache\sis300iv.dll
[2012/05/12 01:48:01 | 000,101,760 | ---- | C] (Silicon Integrated Systems Corporation) -- C:\WINDOWS\System32\dllcache\sis300ip.sys
[2012/05/12 01:48:01 | 000,068,608 | ---- | C] (Silicon Integrated Systems Corporation) -- C:\WINDOWS\System32\dllcache\sis6306p.sys
[2012/05/12 01:48:01 | 000,018,944 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\simptcp.dll
[2012/05/12 01:47:57 | 000,161,568 | ---- | C] (Micro Systemation) -- C:\WINDOWS\System32\dllcache\sgsmusb.sys
[2012/05/12 01:47:56 | 000,386,560 | ---- | C] (Trident Microsystems Inc.) -- C:\WINDOWS\System32\dllcache\sgiul50.dll
[2012/05/12 01:47:56 | 000,098,080 | ---- | C] (Trident Microsystems Inc.) -- C:\WINDOWS\System32\dllcache\sgiulnt5.sys
[2012/05/12 01:47:56 | 000,018,400 | ---- | C] (Micro Systemation) -- C:\WINDOWS\System32\dllcache\sgsmld.sys
[2012/05/12 01:47:55 | 000,036,480 | ---- | C] (Creative Technology Ltd.) -- C:\WINDOWS\System32\dllcache\sfmanm.sys
[2012/05/12 01:47:54 | 000,026,112 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\EXCH_seos.dll
[2012/05/12 01:47:54 | 000,017,664 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\sermouse.sys
[2012/05/12 01:47:36 | 000,006,912 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\seaddsmc.sys
[2012/05/12 01:47:35 | 000,011,520 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\scsiscan.sys
[2012/05/12 01:47:34 | 000,057,856 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\EXCH_scripto.dll
[2012/05/12 01:47:34 | 000,011,648 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\scsiprnt.sys
[2012/05/12 01:47:31 | 000,017,280 | ---- | C] (SCM Microsystems) -- C:\WINDOWS\System32\dllcache\scr111.sys
[2012/05/12 01:47:31 | 000,016,640 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\scmstcs.sys
[2012/05/12 01:47:30 | 000,023,936 | ---- | C] (OMNIKEY AG) -- C:\WINDOWS\System32\dllcache\sccmusbm.sys
[2012/05/12 01:47:30 | 000,023,936 | ---- | C] (OMNIKEY AG) -- C:\WINDOWS\System32\dllcache\sccmn50m.sys
[2012/05/12 01:47:28 | 000,495,616 | ---- | C] (Creative Technology Ltd.) -- C:\WINDOWS\System32\dllcache\sblfx.dll
[2012/05/12 01:47:28 | 000,043,904 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\sbp2port.sys
[2012/05/12 01:47:27 | 000,245,632 | ---- | C] (S3 Graphics, Inc.) -- C:\WINDOWS\System32\dllcache\s3savmx.dll
[2012/05/12 01:47:27 | 000,075,392 | ---- | C] (S3 Graphics, Inc.) -- C:\WINDOWS\System32\dllcache\s3savmxm.sys
[2012/05/12 01:47:26 | 000,198,400 | ---- | C] (S3 Incorporated) -- C:\WINDOWS\System32\dllcache\s3sav4.dll
[2012/05/12 01:47:26 | 000,179,264 | ---- | C] (S3 Incorporated) -- C:\WINDOWS\System32\dllcache\s3sav3d.dll
[2012/05/12 01:47:26 | 000,077,824 | ---- | C] (S3 Incorporated) -- C:\WINDOWS\System32\dllcache\s3sav4m.sys
[2012/05/12 01:47:26 | 000,061,504 | ---- | C] (S3 Incorporated) -- C:\WINDOWS\System32\dllcache\s3sav3dm.sys
[2012/05/12 01:47:25 | 000,210,496 | ---- | C] (S3 Incorporated) -- C:\WINDOWS\System32\dllcache\s3mvirge.dll
[2012/05/12 01:47:25 | 000,062,496 | ---- | C] (S3 Incorporated) -- C:\WINDOWS\System32\dllcache\s3mtrio.dll
[2012/05/12 01:47:25 | 000,041,216 | ---- | C] (S3 Incorporated) -- C:\WINDOWS\System32\dllcache\s3mt3d.sys
[2012/05/12 01:47:24 | 000,182,272 | ---- | C] (S3 Incorporated) -- C:\WINDOWS\System32\dllcache\s3mt3d.dll
[2012/05/12 01:47:24 | 000,166,720 | ---- | C] (S3 Incorporated) -- C:\WINDOWS\System32\dllcache\s3m.sys
[2012/05/12 01:47:24 | 000,065,664 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\s3legacy.sys
[2012/05/12 01:47:23 | 000,082,432 | ---- | C] (Ricoh Co., Ltd.) -- C:\WINDOWS\System32\dllcache\rwia450.dll
[2012/05/12 01:47:22 | 000,079,872 | ---- | C] (Ricoh Co., Ltd.) -- C:\WINDOWS\System32\dllcache\rwia430.dll
[2012/05/12 01:47:22 | 000,079,872 | ---- | C] (Ricoh Co., Ltd.) -- C:\WINDOWS\System32\dllcache\rwia330.dll
[2012/05/12 01:47:22 | 000,079,872 | ---- | C] (Ricoh Co., Ltd.) -- C:\WINDOWS\System32\dllcache\rwia001.dll
[2012/05/12 01:47:21 | 000,029,696 | ---- | C] (Ricoh Co., Ltd.) -- C:\WINDOWS\System32\dllcache\rw450ext.dll
[2012/05/12 01:47:20 | 000,027,648 | ---- | C] (Ricoh Co., Ltd.) -- C:\WINDOWS\System32\dllcache\rw430ext.dll
[2012/05/12 01:47:18 | 000,020,992 | ---- | C] (Realtek Semiconductor Corporation) -- C:\WINDOWS\System32\dllcache\rtl8139.sys
[2012/05/12 01:47:18 | 000,019,017 | ---- | C] (Realtek Semiconductor Corporation) -- C:\WINDOWS\System32\dllcache\rtl8029.sys
[2012/05/12 01:47:17 | 000,030,720 | ---- | C] (Conexant Systems Inc.) -- C:\WINDOWS\System32\dllcache\rthwcls.sys
[2012/05/12 01:47:16 | 000,003,840 | ---- | C] (Conexant Systems Inc.) -- C:\WINDOWS\System32\dllcache\rpfun.sys
[2012/05/12 01:47:14 | 000,079,104 | ---- | C] (Comtrol Corporation) -- C:\WINDOWS\System32\dllcache\rocket.sys
[2012/05/12 01:47:13 | 000,086,097 | ---- | C] (Xircom) -- C:\WINDOWS\System32\dllcache\reslog32.dll
[2012/05/12 01:47:13 | 000,037,563 | ---- | C] (RadioLAN) -- C:\WINDOWS\System32\dllcache\rlnet5.sys
[2012/05/12 01:47:12 | 000,023,040 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\EXCH_regtrace.exe
[2012/05/12 01:47:04 | 000,014,848 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\register.exe
[2012/05/12 01:47:01 | 000,019,584 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\rasirda.sys
[2012/05/12 01:47:00 | 000,899,146 | ---- | C] (Xircom, Inc.) -- C:\WINDOWS\System32\dllcache\r2mdkxga.sys
[2012/05/12 01:47:00 | 000,714,762 | ---- | C] (Xircom, Inc.) -- C:\WINDOWS\System32\dllcache\r2mdmkxx.sys
[2012/05/12 01:47:00 | 000,041,472 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\qvusd.dll
[2012/05/12 01:46:59 | 000,016,384 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\quser.exe
[2012/05/12 01:46:59 | 000,009,728 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\query.exe
[2012/05/12 01:46:59 | 000,003,328 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\qv2kux.sys
[2012/05/12 01:46:57 | 000,049,024 | ---- | C] (QLogic Corporation) -- C:\WINDOWS\System32\dllcache\ql1280.sys
[2012/05/12 01:46:57 | 000,045,312 | ---- | C] (QLogic Corporation) -- C:\WINDOWS\System32\dllcache\ql12160.sys
[2012/05/12 01:46:57 | 000,040,448 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\ql1240.sys
[2012/05/12 01:46:57 | 000,033,152 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\ql10wnt.sys
[2012/05/12 01:46:56 | 000,040,320 | ---- | C] (QLogic Corporation) -- C:\WINDOWS\System32\dllcache\ql1080.sys
[2012/05/12 01:46:55 | 000,006,016 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\qic157.sys
[2012/05/12 01:46:54 | 000,130,942 | ---- | C] (PCTEL, INC.) -- C:\WINDOWS\System32\dllcache\ptserlv.sys
[2012/05/12 01:46:54 | 000,112,574 | ---- | C] (PCTEL, INC.) -- C:\WINDOWS\System32\dllcache\ptserlp.sys
[2012/05/12 01:46:53 | 000,128,286 | ---- | C] (PCTEL, INC.) -- C:\WINDOWS\System32\dllcache\ptserli.sys
[2012/05/12 01:46:52 | 000,159,232 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\ptpusd.dll
[2012/05/12 01:46:52 | 000,005,632 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\ptpusb.dll
[2012/05/12 01:46:51 | 000,035,328 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\psisload.dll
[2012/05/12 01:46:51 | 000,016,128 | ---- | C] (SCM Microsystems, Inc.) -- C:\WINDOWS\System32\dllcache\pscr.sys
[2012/05/12 01:46:49 | 000,017,792 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\ppa.sys
[2012/05/12 01:46:49 | 000,017,664 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\ppa3.sys
[2012/05/12 01:46:48 | 000,008,832 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\powerfil.sys
[2012/05/12 01:46:47 | 000,007,168 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\pnrmc.sys
[2012/05/12 01:46:46 | 000,131,584 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\pmxviceo.dll
[2012/05/12 01:46:46 | 000,011,264 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\pmxmcro.dll
[2012/05/12 01:46:46 | 000,006,144 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\pmxgl.dll
[2012/05/12 01:46:44 | 000,121,344 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\phvfwext.dll
[2012/05/12 01:46:44 | 000,019,840 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\philtune.sys
[2012/05/12 01:46:43 | 000,173,696 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\philcam2.sys
[2012/05/12 01:46:43 | 000,092,416 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\phildec.sys
[2012/05/12 01:46:43 | 000,075,776 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\philcam1.sys
[2012/05/12 01:46:43 | 000,016,384 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\philcam1.dll
[2012/05/12 01:46:42 | 000,105,984 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\phdsext.ax
[2012/05/12 01:46:42 | 000,020,992 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\permchk.dll
[2012/05/12 01:46:40 | 000,259,328 | ---- | C] (Microsoft Corp., 3Dlabs Inc. Ltd.) -- C:\WINDOWS\System32\dllcache\perm3dd.dll
[2012/05/12 01:46:39 | 000,028,032 | ---- | C] (Microsoft Corp., 3Dlabs Inc. Ltd.) -- C:\WINDOWS\System32\dllcache\perm3.sys
[2012/05/12 01:46:38 | 000,211,584 | ---- | C] (Microsoft Corp., 3Dlabs Inc. Ltd.) -- C:\WINDOWS\System32\dllcache\perm2dll.dll
[2012/05/12 01:46:37 | 000,027,904 | ---- | C] (Microsoft Corp., 3Dlabs Inc. Ltd.) -- C:\WINDOWS\System32\dllcache\perm2.sys
[2012/05/12 01:46:37 | 000,005,504 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\perc2hib.sys
[2012/05/12 01:46:36 | 000,027,296 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\perc2.sys
[2012/05/12 01:46:35 | 000,169,984 | ---- | C] (Cisco Systems) -- C:\WINDOWS\System32\dllcache\pcx500.sys
[2012/05/12 01:46:35 | 000,086,016 | ---- | C] (PCtel, Inc.) -- C:\WINDOWS\System32\dllcache\pctspk.exe
[2012/05/12 01:46:34 | 000,035,328 | ---- | C] (AMD Inc.) -- C:\WINDOWS\System32\dllcache\pcntpci5.sys
[2012/05/12 01:46:34 | 000,030,282 | ---- | C] (AMD Inc.) -- C:\WINDOWS\System32\dllcache\pcntn5hl.sys
[2012/05/12 01:46:34 | 000,029,769 | ---- | C] (AMD Inc.) -- C:\WINDOWS\System32\dllcache\pcntn5m.sys
[2012/05/12 01:46:33 | 000,026,153 | ---- | C] (Linksys) -- C:\WINDOWS\System32\dllcache\pcmlm56.sys
[2012/05/12 01:46:32 | 000,030,495 | ---- | C] (Linksys) -- C:\WINDOWS\System32\dllcache\pc100nds.sys
[2012/05/12 01:46:32 | 000,029,502 | ---- | C] (Marconi Communications, Inc.) -- C:\WINDOWS\System32\dllcache\pca200e.sys
[2012/05/12 01:46:31 | 000,031,744 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\pagecnt.dll
[2012/05/12 01:46:28 | 000,044,544 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\ovui2.dll
[2012/05/12 01:46:28 | 000,041,984 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\ovui2rc.dll
[2012/05/12 01:46:27 | 000,351,616 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\ovcodek2.sys
[2012/05/12 01:46:27 | 000,039,424 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\ovcoms.exe
[2012/05/12 01:46:27 | 000,025,216 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\ovsound2.sys
[2012/05/12 01:46:27 | 000,020,480 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\ovcomc.dll
[2012/05/12 01:46:26 | 000,116,736 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\ovcodec2.dll
[2012/05/12 01:46:26 | 000,048,000 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\ovcam2.sys
[2012/05/12 01:46:26 | 000,031,872 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\ovce.sys
[2012/05/12 01:46:26 | 000,028,032 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\ovcd.sys
[2012/05/12 01:46:25 | 000,054,186 | ---- | C] (Ositech Communications, Inc.) -- C:\WINDOWS\System32\dllcache\otcsercb.sys
[2012/05/12 01:46:25 | 000,043,689 | ---- | C] (Ositech Communications, Inc.) -- C:\WINDOWS\System32\dllcache\otceth5.sys
[2012/05/12 01:46:25 | 000,025,088 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\ovca.sys
[2012/05/12 01:46:24 | 000,054,528 | ---- | C] (Yamaha Corp.) -- C:\WINDOWS\System32\dllcache\opl3sax.sys
[2012/05/12 01:46:24 | 000,027,209 | ---- | C] (Ositech Communications, Inc.) -- C:\WINDOWS\System32\dllcache\otc06x5.sys
[2012/05/12 01:46:20 | 000,198,144 | ---- | C] (NVIDIA Corporation) -- C:\WINDOWS\System32\dllcache\nv3.sys
[2012/05/12 01:46:20 | 000,123,776 | ---- | C] (NVIDIA Corporation) -- C:\WINDOWS\System32\dllcache\nv3.dll
[2012/05/12 01:46:18 | 002,069,120 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\ntkrnlpa.exe
[2012/05/12 01:46:17 | 000,051,552 | ---- | C] (Kensington Technology Group) -- C:\WINDOWS\System32\dllcache\ntgrip.sys
[2012/05/12 01:46:17 | 000,038,912 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\EXCH_ntfsdrv.dll
[2012/05/12 01:44:51 | 000,009,344 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\ntapm.sys
[2012/05/12 01:44:51 | 000,007,552 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\nsmmc.sys
[2012/05/12 01:44:50 | 000,028,672 | ---- | C] (National Semiconductor Corporation) -- C:\WINDOWS\System32\dllcache\nscirda.sys
[2012/05/12 01:44:48 | 000,126,080 | ---- | C] (NeoMagic Corporation) -- C:\WINDOWS\System32\dllcache\nm5a2wdm.sys
[2012/05/12 01:44:48 | 000,087,040 | ---- | C] (NeoMagic Corporation) -- C:\WINDOWS\System32\dllcache\nm6wdm.sys
[2012/05/12 01:44:47 | 000,053,248 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\nextlink.dll
[2012/05/12 01:44:47 | 000,032,840 | ---- | C] (NETGEAR Corporation.) -- C:\WINDOWS\System32\dllcache\ngrpci.sys
[2012/05/12 01:44:45 | 000,132,695 | ---- | C] (802.11b) -- C:\WINDOWS\System32\dllcache\netwlan5.sys
[2012/05/12 01:44:43 | 000,065,278 | ---- | C] (Compaq Computer Corporation) -- C:\WINDOWS\System32\dllcache\netflx3.sys
[2012/05/12 01:44:42 | 000,039,264 | ---- | C] (NeoMagic Corporation) -- C:\WINDOWS\System32\dllcache\neo20xx.sys
[2012/05/12 01:44:41 | 000,060,480 | ---- | C] (NeoMagic Corporation) -- C:\WINDOWS\System32\dllcache\neo20xx.dll
[2012/05/12 01:44:41 | 000,015,872 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\ne2000.sys
[2012/05/12 01:44:40 | 000,091,488 | ---- | C] (Number Nine Visual Technology Corp.) -- C:\WINDOWS\System32\dllcache\n9i3disp.dll
[2012/05/12 01:44:39 | 000,059,104 | ---- | C] (Number Nine Visual Technology Corp.) -- C:\WINDOWS\System32\dllcache\n9i128v2.dll
[2012/05/12 01:44:39 | 000,033,088 | ---- | C] (Number Nine Visual Technology Corp.) -- C:\WINDOWS\System32\dllcache\n9i128v2.sys
[2012/05/12 01:44:39 | 000,027,936 | ---- | C] (Number Nine Visual Technology Corp.) -- C:\WINDOWS\System32\dllcache\n9i3d.sys
[2012/05/12 01:44:38 | 000,128,000 | ---- | C] (Compaq Computer Corporation) -- C:\WINDOWS\System32\dllcache\n100325.sys
[2012/05/12 01:44:38 | 000,035,392 | ---- | C] (Number Nine Visual Technology Corp.) -- C:\WINDOWS\System32\dllcache\n9i128.dll
[2012/05/12 01:44:38 | 000,013,664 | ---- | C] (Number Nine Visual Technology Corp.) -- C:\WINDOWS\System32\dllcache\n9i128.sys
[2012/05/12 01:44:37 | 000,075,520 | ---- | C] (Moxa Technologies Co., Ltd.) -- C:\WINDOWS\System32\dllcache\mxport.sys
[2012/05/12 01:44:37 | 000,052,255 | ---- | C] (Compaq Computer Corporation) -- C:\WINDOWS\System32\dllcache\n1000nt5.sys
[2012/05/12 01:44:37 | 000,007,168 | ---- | C] (Moxa Technologies Co., Ltd) -- C:\WINDOWS\System32\dllcache\mxport.dll
[2012/05/12 01:44:36 | 000,021,888 | ---- | C] (Moxa Technologies Co., Ltd.) -- C:\WINDOWS\System32\dllcache\mxcard.sys
[2012/05/12 01:44:36 | 000,019,968 | ---- | C] (Moxa Technologies Co., Ltd) -- C:\WINDOWS\System32\dllcache\mxicfg.dll
[2012/05/12 01:44:36 | 000,019,968 | ---- | C] (Macronix International Co., Ltd. ) -- C:\WINDOWS\System32\dllcache\mxnic.sys
[2012/05/12 01:44:35 | 000,103,296 | ---- | C] (Matrox Graphics Inc) -- C:\WINDOWS\System32\dllcache\mtxvideo.sys
[2012/05/12 01:44:30 | 000,049,024 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\mstape.sys
[2012/05/12 01:44:28 | 000,012,416 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\msriffwv.sys
[2012/05/12 01:44:26 | 000,002,944 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\msmpu401.sys
[2012/05/12 01:44:24 | 000,022,016 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\msircomm.sys
[2012/05/12 01:44:19 | 000,035,200 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\msgame.sys
[2012/05/12 01:44:19 | 000,006,016 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\msfsio.sys
[2012/05/12 01:44:18 | 000,051,200 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\msdv.sys
[2012/05/12 01:44:15 | 000,017,280 | ---- | C] (American Megatrends Inc.) -- C:\WINDOWS\System32\dllcache\mraid35x.sys
[2012/05/12 01:44:11 | 000,016,128 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\modemcsa.sys
[2012/05/12 01:44:09 | 000,006,528 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\miniqic.sys
[2012/05/12 01:44:08 | 000,034,304 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\migisol.exe
[2012/05/12 01:44:07 | 000,320,384 | ---- | C] (Matrox Graphics Inc.) -- C:\WINDOWS\System32\dllcache\mgaum.sys
[2012/05/12 01:44:07 | 000,235,648 | ---- | C] (Matrox Graphics Inc.) -- C:\WINDOWS\System32\dllcache\mgaud.dll
[2012/05/12 01:44:07 | 000,092,416 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\mga.sys
[2012/05/12 01:44:06 | 000,092,032 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\mga.dll
[2012/05/12 01:44:05 | 000,047,616 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\memgrp.dll
[2012/05/12 01:44:05 | 000,026,112 | ---- | C] (Sony Corporation) -- C:\WINDOWS\System32\dllcache\memstpci.sys
[2012/05/12 01:44:04 | 000,026,624 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\mdsync.dll
[2012/05/12 01:44:04 | 000,008,320 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\memcard.sys
[2012/05/12 01:44:03 | 000,164,586 | ---- | C] (Madge Networks Ltd) -- C:\WINDOWS\System32\dllcache\mdgndis5.sys
[2012/05/12 01:44:02 | 000,007,424 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\mammoth.sys
[2012/05/12 01:44:01 | 000,065,536 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\EXCH_mailmsg.dll
[2012/05/12 01:43:57 | 000,058,880 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\m3092dc.dll
[2012/05/12 01:43:57 | 000,048,768 | ---- | C] (ESS Technology, Inc.) -- C:\WINDOWS\System32\dllcache\maestro.sys
[2012/05/12 01:43:56 | 000,058,368 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\m3091dc.dll
[2012/05/12 01:43:56 | 000,022,848 | ---- | C] (Logitech Inc.) -- C:\WINDOWS\System32\dllcache\lwusbhid.sys
[2012/05/12 01:43:55 | 000,797,500 | ---- | C] (LT) -- C:\WINDOWS\System32\dllcache\ltsmt.sys
[2012/05/12 01:43:55 | 000,020,864 | ---- | C] (Logitech Inc.) -- C:\WINDOWS\System32\dllcache\lwadihid.sys
[2012/05/12 01:43:54 | 000,802,683 | ---- | C] (Lucent Technologies) -- C:\WINDOWS\System32\dllcache\ltsm.sys
[2012/05/12 01:43:54 | 000,007,040 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\ltotape.sys
[2012/05/12 01:43:53 | 000,576,746 | ---- | C] (LT) -- C:\WINDOWS\System32\dllcache\ltmdmntl.sys
[2012/05/12 01:43:53 | 000,420,992 | ---- | C] (LT) -- C:\WINDOWS\System32\dllcache\ltmdmntt.sys
[2012/05/12 01:43:52 | 000,727,786 | ---- | C] (Xircom, Inc.) -- C:\WINDOWS\System32\dllcache\ltck000c.sys
[2012/05/12 01:43:52 | 000,606,684 | ---- | C] (LT) -- C:\WINDOWS\System32\dllcache\ltmdmnt.sys
[2012/05/12 01:43:51 | 000,004,992 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\loop.sys
[2012/05/12 01:43:50 | 000,022,016 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\logscrpt.dll
[2012/05/12 01:43:49 | 000,070,730 | ---- | C] (Linksys Group, Inc.) -- C:\WINDOWS\System32\dllcache\lne100tx.sys
[2012/05/12 01:43:48 | 000,025,065 | ---- | C] (D-Link) -- C:\WINDOWS\System32\dllcache\lmndis3.sys
[2012/05/12 01:43:48 | 000,020,573 | ---- | C] (The Linksts Group ) -- C:\WINDOWS\System32\dllcache\lne100.sys
[2012/05/12 01:43:47 | 000,015,744 | ---- | C] (Litronic Industries) -- C:\WINDOWS\System32\dllcache\lit220p.sys
[2012/05/12 01:43:46 | 000,034,688 | ---- | C] (Toshiba Corp.) -- C:\WINDOWS\System32\dllcache\lbrtfdc.sys
[2012/05/12 01:43:46 | 000,026,442 | ---- | C] (SMSC) -- C:\WINDOWS\System32\dllcache\lanepic5.sys
[2012/05/12 01:43:46 | 000,019,016 | ---- | C] (Kingston Technology Company ) -- C:\WINDOWS\System32\dllcache\ktc111.sys
[2012/05/12 01:43:44 | 000,037,376 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kousd.dll
[2012/05/12 01:43:43 | 000,253,952 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kdsusd.dll
[2012/05/12 01:43:43 | 000,048,640 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kdsui.dll
[2012/05/12 01:43:42 | 000,005,632 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kbdvntc.dll
[2012/05/12 01:43:42 | 000,005,632 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kbdusa.dll
[2012/05/12 01:43:41 | 000,006,144 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kbdth3.dll
[2012/05/12 01:43:41 | 000,006,144 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kbdth2.dll
[2012/05/12 01:43:41 | 000,005,632 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kbdurdu.dll
[2012/05/12 01:43:40 | 000,005,632 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kbdth1.dll
[2012/05/12 01:43:40 | 000,005,632 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kbdth0.dll
[2012/05/12 01:43:40 | 000,005,632 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kbdsyr2.dll
[2012/05/12 01:43:40 | 000,005,632 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kbdsyr1.dll
[2012/05/12 01:43:38 | 000,005,632 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kbdintel.dll
[2012/05/12 01:43:38 | 000,005,632 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kbdintam.dll
[2012/05/12 01:43:37 | 000,006,144 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kbdinpun.dll
[2012/05/12 01:43:37 | 000,005,632 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kbdinmar.dll
[2012/05/12 01:43:37 | 000,005,632 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kbdinkan.dll
[2012/05/12 01:43:37 | 000,005,632 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kbdinhin.dll
[2012/05/12 01:43:36 | 000,005,632 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kbdinguj.dll
[2012/05/12 01:43:36 | 000,005,632 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kbdindev.dll
[2012/05/12 01:43:35 | 000,005,632 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kbdheb.dll
[2012/05/12 01:43:35 | 000,005,120 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kbdgeo.dll
[2012/05/12 01:43:34 | 000,005,632 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kbdfa.dll
[2012/05/12 01:43:34 | 000,005,632 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kbddiv2.dll
[2012/05/12 01:43:34 | 000,005,632 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kbddiv1.dll
[2012/05/12 01:43:33 | 000,005,120 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kbdarmw.dll
[2012/05/12 01:43:33 | 000,005,120 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kbdarme.dll
[2012/05/12 01:43:32 | 000,005,632 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kbda3.dll
[2012/05/12 01:43:32 | 000,005,632 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kbda2.dll
[2012/05/12 01:43:32 | 000,005,632 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kbda1.dll
[2012/05/12 01:43:31 | 000,018,432 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\jupiw.dll
[2012/05/12 01:43:30 | 000,009,216 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\iwrps.dll
[2012/05/12 01:43:29 | 000,007,168 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\isapips.dll
[2012/05/12 01:43:28 | 000,026,624 | ---- | C] (SigmaTel, Inc.) -- C:\WINDOWS\System32\dllcache\irstusb.sys
[2012/05/12 01:43:28 | 000,018,688 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\irsir.sys
[2012/05/12 01:43:27 | 000,023,552 | ---- | C] (MKNet Corporation) -- C:\WINDOWS\System32\dllcache\irmk7.sys
[2012/05/12 01:43:26 | 000,088,192 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\irda.sys
[2012/05/12 01:43:24 | 000,090,200 | ---- | C] (Perle Systems Ltd. ) -- C:\WINDOWS\System32\dllcache\io8ports.dll
[2012/05/12 01:43:24 | 000,045,632 | ---- | C] (Interphase ® Corporation a Windows ® 2000 DDK Driver Provider) -- C:\WINDOWS\System32\dllcache\ip5515.sys
[2012/05/12 01:43:24 | 000,038,784 | ---- | C] (Perle Systems Ltd. ) -- C:\WINDOWS\System32\dllcache\io8.sys
[2012/05/12 01:43:23 | 000,013,056 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\inport.sys
[2012/05/12 01:43:23 | 000,005,504 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\intelide.sys
[2012/05/12 01:43:22 | 000,016,000 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\ini910u.sys
[2012/05/12 01:43:22 | 000,008,704 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\infoctrs.dll
[2012/05/12 01:43:17 | 000,006,656 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\iissync.exe
[2012/05/12 01:43:16 | 000,019,456 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\iiscrmap.dll
[2012/05/12 01:43:16 | 000,003,584 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\iismui.dll
[2012/05/12 01:43:15 | 000,060,928 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\iisclex4.dll
[2012/05/12 01:43:12 | 000,372,824 | ---- | C] (Xircom) -- C:\WINDOWS\System32\dllcache\iconf32.dll
[2012/05/12 01:43:11 | 000,100,992 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\icam5usb.sys
[2012/05/12 01:43:11 | 000,045,056 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\icam5com.dll
[2012/05/12 01:43:11 | 000,020,480 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\icam5ext.dll
[2012/05/12 01:43:10 | 000,154,496 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\icam4usb.sys
[2012/05/12 01:43:10 | 000,091,136 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\icam4com.dll
[2012/05/12 01:43:10 | 000,061,952 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\icam4ext.dll
[2012/05/12 01:43:09 | 000,141,056 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\icam3.sys
[2012/05/12 01:43:09 | 000,038,528 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\ibmvcap.sys
[2012/05/12 01:43:09 | 000,026,624 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\icam3ext.dll
[2012/05/12 01:43:08 | 000,109,085 | ---- | C] (IBM Corporation) -- C:\WINDOWS\System32\dllcache\ibmtrp.sys
[2012/05/12 01:43:08 | 000,100,936 | ---- | C] (IBM Corporation) -- C:\WINDOWS\System32\dllcache\ibmtok.sys
[2012/05/12 01:43:08 | 000,009,216 | ---- | C] (IBM Corporation) -- C:\WINDOWS\System32\dllcache\ibmsgnet.dll
[2012/05/12 01:43:07 | 000,028,700 | ---- | C] (IBM Corp.) -- C:\WINDOWS\System32\dllcache\ibmexmp.sys
[2012/05/12 01:43:06 | 000,702,845 | ---- | C] (Intel® Corporation) -- C:\WINDOWS\System32\dllcache\i81xdnt5.dll
[2012/05/12 01:43:06 | 000,161,020 | ---- | C] (Intel® Corporation) -- C:\WINDOWS\System32\dllcache\i81xnt5.sys
[2012/05/12 01:43:05 | 000,353,184 | ---- | C] (Intel Corporation) -- C:\WINDOWS\System32\dllcache\i740dnt5.dll
[2012/05/12 01:43:05 | 000,058,592 | ---- | C] (Intel Corporation) -- C:\WINDOWS\System32\dllcache\i740nt5.sys
[2012/05/12 01:43:04 | 000,018,560 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\i2omp.sys
[2012/05/12 01:43:04 | 000,008,576 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\i2omgmt.sys
[2012/05/12 01:42:54 | 000,488,383 | ---- | C] (Conexant) -- C:\WINDOWS\System32\dllcache\hsf_v124.sys
[2012/05/12 01:42:54 | 000,050,751 | ---- | C] (Conexant) -- C:\WINDOWS\System32\dllcache\hsf_tone.sys
[2012/05/12 01:42:53 | 000,542,879 | ---- | C] (Conexant) -- C:\WINDOWS\System32\dllcache\hsf_msft.sys
[2012/05/12 01:42:53 | 000,073,279 | ---- | C] (Conexant) -- C:\WINDOWS\System32\dllcache\hsf_spkp.sys
[2012/05/12 01:42:53 | 000,057,471 | ---- | C] (Conexant) -- C:\WINDOWS\System32\dllcache\hsf_samp.sys
[2012/05/12 01:42:53 | 000,044,863 | ---- | C] (Conexant) -- C:\WINDOWS\System32\dllcache\hsf_soar.sys
[2012/05/12 01:42:52 | 000,391,199 | ---- | C] (Conexant) -- C:\WINDOWS\System32\dllcache\hsf_k56k.sys
[2012/05/12 01:42:52 | 000,115,807 | ---- | C] (Conexant) -- C:\WINDOWS\System32\dllcache\hsf_fsks.sys
[2012/05/12 01:42:52 | 000,009,759 | ---- | C] (Conexant) -- C:\WINDOWS\System32\dllcache\hsf_inst.dll
[2012/05/12 01:42:51 | 000,289,887 | ---- | C] (Conexant) -- C:\WINDOWS\System32\dllcache\hsf_fall.sys
[2012/05/12 01:42:51 | 000,199,711 | ---- | C] (Conexant) -- C:\WINDOWS\System32\dllcache\hsf_faxx.sys
[2012/05/12 01:42:51 | 000,067,167 | ---- | C] (Conexant) -- C:\WINDOWS\System32\dllcache\hsf_bsc2.sys
[2012/05/12 01:42:50 | 000,150,239 | ---- | C] (Conexant) -- C:\WINDOWS\System32\dllcache\hsf_amos.sys
[2012/05/12 01:42:50 | 000,019,456 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\hr1w.dll
[2012/05/12 01:42:50 | 000,005,760 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\hpt4qic.sys
[2012/05/12 01:42:49 | 000,324,608 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\hpojwia.dll
[2012/05/12 01:42:49 | 000,032,768 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\hpgtmcro.dll
[2012/05/12 01:42:49 | 000,025,952 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\hpn.sys
[2012/05/12 01:42:49 | 000,013,312 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\hpsjmcro.dll
[2012/05/12 01:42:48 | 000,068,608 | ---- | C] (Avisioin) -- C:\WINDOWS\System32\dllcache\hpgt53tk.dll
[2012/05/12 01:42:48 | 000,031,232 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\hpgt42tk.dll
[2012/05/12 01:42:47 | 000,126,976 | ---- | C] (Hewlett Packard) -- C:\WINDOWS\System32\dllcache\hpgt34tk.dll
[2012/05/12 01:42:47 | 000,048,128 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\hpgt33tk.dll
[2012/05/12 01:42:46 | 000,123,392 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\hpgt21tk.dll
[2012/05/12 01:42:45 | 000,119,296 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\hpdigwia.dll
[2012/05/12 01:42:44 | 000,002,688 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\hidswvd.sys
[2012/05/12 01:42:43 | 000,020,352 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\hidbatt.sys
[2012/05/12 01:42:43 | 000,008,576 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\hidgame.sys
[2012/05/12 01:42:41 | 000,907,456 | ---- | C] (Conexant) -- C:\WINDOWS\System32\dllcache\hcf_msft.sys
[2012/05/12 01:42:40 | 000,028,288 | ---- | C] (Gemplus) -- C:\WINDOWS\System32\dllcache\grserial.sys
[2012/05/12 01:42:39 | 000,082,304 | ---- | C] (Gemplus) -- C:\WINDOWS\System32\dllcache\grclass.sys
[2012/05/12 01:42:39 | 000,017,408 | ---- | C] (Gemplus) -- C:\WINDOWS\System32\dllcache\gpr400.sys
[2012/05/12 01:42:36 | 000,059,136 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\gckernel.sys
[2012/05/12 01:42:36 | 000,010,624 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\gameenum.sys
[2012/05/12 01:42:35 | 001,733,120 | ---- | C] (Matrox Graphics Inc.) -- C:\WINDOWS\System32\dllcache\g400d.dll
[2012/05/12 01:42:35 | 000,322,432 | ---- | C] (Matrox Graphics Inc.) -- C:\WINDOWS\System32\dllcache\g400m.sys
[2012/05/12 01:42:35 | 000,320,384 | ---- | C] (Matrox Graphics Inc.) -- C:\WINDOWS\System32\dllcache\g200m.sys
[2012/05/12 01:42:34 | 000,470,144 | ---- | C] (Matrox Graphics Inc.) -- C:\WINDOWS\System32\dllcache\g200d.dll
[2012/05/12 01:42:34 | 000,454,912 | ---- | C] (AVM GmbH) -- C:\WINDOWS\System32\dllcache\fxusbase.sys
[2012/05/12 01:42:32 | 000,031,744 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\fxsroute.dll
[2012/05/12 01:42:32 | 000,011,264 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\fxssend.exe
[2012/05/12 01:42:28 | 000,132,608 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\fxsclntr.dll
[2012/05/12 01:42:27 | 000,111,104 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\fxscfgwz.dll
[2012/05/12 01:42:27 | 000,092,160 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\fuusd.dll
[2012/05/12 01:42:26 | 000,455,680 | ---- | C] (AVM GmbH) -- C:\WINDOWS\System32\dllcache\fus2base.sys
[2012/05/12 01:42:26 | 000,455,296 | ---- | C] (AVM GmbH) -- C:\WINDOWS\System32\dllcache\fusbbase.sys
[2012/05/12 01:42:25 | 000,007,680 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\ftpctrs2.dll
[2012/05/12 01:42:25 | 000,006,144 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\ftlx041e.dll
[2012/05/12 01:42:24 | 000,442,240 | ---- | C] (AVM GmbH) -- C:\WINDOWS\System32\dllcache\fpnpbase.sys
[2012/05/12 01:42:23 | 000,444,416 | ---- | C] (AVM GmbH) -- C:\WINDOWS\System32\dllcache\fpcibase.sys
[2012/05/12 01:42:23 | 000,441,728 | ---- | C] (AVM GmbH) -- C:\WINDOWS\System32\dllcache\fpcmbase.sys
[2012/05/12 01:42:22 | 000,034,173 | ---- | C] (Marconi Communications, Inc.) -- C:\WINDOWS\System32\dllcache\forehe.sys
[2012/05/12 01:42:21 | 000,071,680 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\fnfilter.dll
[2012/05/12 01:42:20 | 000,027,165 | ---- | C] (VIA Technologies, Inc. ) -- C:\WINDOWS\System32\dllcache\fetnd5.sys
[2012/05/12 01:42:20 | 000,014,848 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\flattemp.exe
[2012/05/12 01:42:19 | 000,022,090 | ---- | C] (3Com Corporation) -- C:\WINDOWS\System32\dllcache\fem556n5.sys
[2012/05/12 01:42:18 | 000,043,520 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\EXCH_fcachdll.dll
[2012/05/12 01:41:58 | 000,024,618 | ---- | C] (NETGEAR) -- C:\WINDOWS\System32\dllcache\fa410nd5.sys
[2012/05/12 01:41:58 | 000,016,074 | ---- | C] (NETGEAR Corp.) -- C:\WINDOWS\System32\dllcache\fa312nd5.sys
[2012/05/12 01:41:57 | 000,012,362 | ---- | C] (FUJITSU LIMITED) -- C:\WINDOWS\System32\dllcache\f3ab18xi.sys
[2012/05/12 01:41:57 | 000,011,850 | ---- | C] (FUJITSU LIMITED) -- C:\WINDOWS\System32\dllcache\f3ab18xj.sys
[2012/05/12 01:41:56 | 000,016,998 | ---- | C] (Intel Corporation) -- C:\WINDOWS\System32\dllcache\ex10.sys
[2012/05/12 01:41:56 | 000,007,040 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\exabyte2.sys
[2012/05/12 01:41:54 | 000,045,056 | ---- | C] (SEIKO EPSON CORP.) -- C:\WINDOWS\System32\dllcache\esunid.dll
[2012/05/12 01:41:54 | 000,025,856 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\et4000.sys
[2012/05/12 01:41:53 | 000,057,856 | ---- | C] (SEIKO EPSON CORP.) -- C:\WINDOWS\System32\dllcache\esuimgd.dll
[2012/05/12 01:41:53 | 000,045,568 | ---- | C] (SEIKO EPSON CORP.) -- C:\WINDOWS\System32\dllcache\esunib.dll
[2012/05/12 01:41:53 | 000,045,568 | ---- | C] (SEIKO EPSON CORP.) -- C:\WINDOWS\System32\dllcache\esuni.dll
[2012/05/12 01:41:52 | 000,034,816 | ---- | C] (SEIKO EPSON CORP.) -- C:\WINDOWS\System32\dllcache\esuimg.dll
[2012/05/12 01:41:52 | 000,031,744 | ---- | C] (SEIKO EPSON CORP.) -- C:\WINDOWS\System32\dllcache\esucmd.dll
[2012/05/12 01:41:51 | 000,137,088 | ---- | C] (ESS Technology, Inc.) -- C:\WINDOWS\System32\dllcache\essm2e.sys
[2012/05/12 01:41:51 | 000,043,008 | ---- | C] (SEIKO EPSON CORP.) -- C:\WINDOWS\System32\dllcache\esucm.dll
[2012/05/12 01:41:50 | 000,347,550 | ---- | C] (ESS Technology, Inc.) -- C:\WINDOWS\System32\dllcache\es56tpi.sys
[2012/05/12 01:41:50 | 000,063,360 | ---- | C] (ESS Technology, Inc.) -- C:\WINDOWS\System32\dllcache\ess.sys
[2012/05/12 01:41:49 | 000,595,647 | ---- | C] (ESS Technology, Inc.) -- C:\WINDOWS\System32\dllcache\es56cvmp.sys
[2012/05/12 01:41:49 | 000,594,238 | ---- | C] (ESS Technology, Inc.) -- C:\WINDOWS\System32\dllcache\es56hpi.sys
[2012/05/12 01:41:49 | 000,174,464 | ---- | C] (ESS Technology, Inc.) -- C:\WINDOWS\System32\dllcache\es198x.sys
[2012/05/12 01:41:48 | 000,072,192 | ---- | C] (ESS Technology Inc.) -- C:\WINDOWS\System32\dllcache\es1969.sys
[2012/05/12 01:41:48 | 000,040,704 | ---- | C] (Creative Technology Ltd.) -- C:\WINDOWS\System32\dllcache\es1371mp.sys
[2012/05/12 01:41:48 | 000,037,120 | ---- | C] (Creative Technology Ltd.) -- C:\WINDOWS\System32\dllcache\es1370mp.sys
[2012/05/12 01:41:47 | 000,061,952 | ---- | C] (Equinox Systems Inc.) -- C:\WINDOWS\System32\dllcache\eqnloop.exe
[2012/05/12 01:41:47 | 000,053,248 | ---- | C] (Equinox Systems Inc.) -- C:\WINDOWS\System32\dllcache\eqndiag.exe
[2012/05/12 01:41:47 | 000,051,200 | ---- | C] (Equinox Systems Inc.) -- C:\WINDOWS\System32\dllcache\eqnlogr.exe
[2012/05/12 01:41:46 | 000,629,952 | ---- | C] (Equinox Systems Inc.) -- C:\WINDOWS\System32\dllcache\eqn.sys
[2012/05/12 01:41:46 | 000,144,896 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\epcfw2k.sys
[2012/05/12 01:41:46 | 000,114,944 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\epstw2k.sys
[2012/05/12 01:41:46 | 000,018,503 | ---- | C] (Intel Corporation) -- C:\WINDOWS\System32\dllcache\epro4.sys
[2012/05/12 01:41:45 | 000,283,904 | ---- | C] (Creative Technology Ltd.) -- C:\WINDOWS\System32\dllcache\emu10k1m.sys
[2012/05/12 01:41:44 | 000,025,159 | ---- | C] (3Com Corporation) -- C:\WINDOWS\System32\dllcache\elnk3.sys
[2012/05/12 01:41:44 | 000,019,996 | ---- | C] (3Com Corporation) -- C:\WINDOWS\System32\dllcache\em556n4.sys
[2012/05/12 01:41:43 | 000,455,199 | ---- | C] (3Com Corporation.) -- C:\WINDOWS\System32\dllcache\el985n51.sys
[2012/05/12 01:41:43 | 000,171,520 | ---- | C] (3Com Corporation) -- C:\WINDOWS\System32\dllcache\el99xn51.sys
[2012/05/12 01:41:43 | 000,070,174 | ---- | C] (3Com Corporation) -- C:\WINDOWS\System32\dllcache\el98xn5.sys
[2012/05/12 01:41:43 | 000,007,296 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\elmsmc.sys
[2012/05/12 01:41:42 | 000,153,631 | ---- | C] (3Com Corporation) -- C:\WINDOWS\System32\dllcache\el90xnd5.sys
[2012/05/12 01:41:42 | 000,066,591 | ---- | C] (3Com Corporation) -- C:\WINDOWS\System32\dllcache\el90xbc5.sys
[2012/05/12 01:41:41 | 000,241,206 | ---- | C] (3Com Corporation) -- C:\WINDOWS\System32\dllcache\el656se5.sys
[2012/05/12 01:41:41 | 000,077,386 | ---- | C] (3Com Corporation) -- C:\WINDOWS\System32\dllcache\el656nd5.sys
[2012/05/12 01:41:40 | 000,634,134 | ---- | C] (3Com Corporation) -- C:\WINDOWS\System32\dllcache\el656ct5.sys
[2012/05/12 01:41:40 | 000,069,194 | ---- | C] (3Com Corporation) -- C:\WINDOWS\System32\dllcache\el656cd5.sys
[2012/05/12 01:41:39 | 000,069,692 | ---- | C] (3Com Corporation) -- C:\WINDOWS\System32\dllcache\el575nd5.sys
[2012/05/12 01:41:39 | 000,026,141 | ---- | C] (3Com Corporation) -- C:\WINDOWS\System32\dllcache\el589nd5.sys
[2012/05/12 01:41:39 | 000,024,653 | ---- | C] (3Com Corporation) -- C:\WINDOWS\System32\dllcache\el574nd4.sys
[2012/05/12 01:41:38 | 000,055,999 | ---- | C] (3Com Corporation) -- C:\WINDOWS\System32\dllcache\el556nd5.sys
[2012/05/12 01:41:38 | 000,044,103 | ---- | C] (3Com Corporation) -- C:\WINDOWS\System32\dllcache\el515.sys
[2012/05/12 01:41:37 | 000,514,587 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\edb500.dll
[2012/05/12 01:41:35 | 000,117,760 | ---- | C] (Intel Corporation) -- C:\WINDOWS\System32\dllcache\e100b325.sys
[2012/05/12 01:41:35 | 000,019,594 | ---- | C] (Intel Corporation) -- C:\WINDOWS\System32\dllcache\e100isa4.sys
[2012/05/12 01:41:34 | 000,050,719 | ---- | C] (Intel Corporation) -- C:\WINDOWS\System32\dllcache\e1000nt5.sys
[2012/05/12 01:41:32 | 000,334,208 | ---- | C] (Yamaha Corp.) -- C:\WINDOWS\System32\dllcache\ds1wdm.sys
[2012/05/12 01:41:30 | 000,020,192 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\dpti2o.sys
[2012/05/12 01:41:29 | 000,028,062 | ---- | C] (National Semiconductor Coproration) -- C:\WINDOWS\System32\dllcache\dp83820.sys
[2012/05/12 01:41:29 | 000,023,808 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\dot4usb.sys
[2012/05/12 01:41:29 | 000,012,928 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\dot4prt.sys
[2012/05/12 01:41:29 | 000,008,704 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\dot4scan.sys
[2012/05/12 01:41:28 | 000,206,976 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\dot4.sys
[2012/05/12 01:41:26 | 000,029,696 | ---- | C] (CNet Technology, Inc. ) -- C:\WINDOWS\System32\dllcache\dm9pci5.sys
[2012/05/12 01:41:26 | 000,008,320 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\dlttape.sys
[2012/05/12 01:41:25 | 000,952,007 | ---- | C] (Eicon Technology) -- C:\WINDOWS\System32\dllcache\diwan.sys
[2012/05/12 01:41:25 | 000,026,698 | ---- | C] (D-Link Corporation) -- C:\WINDOWS\System32\dllcache\dlh5xnd5.sys
[2012/05/12 01:41:24 | 000,236,060 | ---- | C] (Eicon Technology) -- C:\WINDOWS\System32\dllcache\ditrace.exe
[2012/05/12 01:41:23 | 000,038,985 | ---- | C] (Eicon Technology) -- C:\WINDOWS\System32\dllcache\disrvsu.dll
[2012/05/12 01:41:23 | 000,031,305 | ---- | C] (Eicon Technology) -- C:\WINDOWS\System32\dllcache\disrvpp.dll
[2012/05/12 01:41:23 | 000,006,729 | ---- | C] (Eicon Technology) -- C:\WINDOWS\System32\dllcache\disrvci.dll
[2012/05/12 01:41:21 | 000,614,429 | ---- | C] (Digi International Inc.) -- C:\WINDOWS\System32\dllcache\digiview.exe
[2012/05/12 01:41:21 | 000,110,621 | ---- | C] (Digi International, Inc.) -- C:\WINDOWS\System32\dllcache\digirlpt.dll
[2012/05/12 01:41:21 | 000,091,305 | ---- | C] (Eicon Technology) -- C:\WINDOWS\System32\dllcache\dimaint.sys
[2012/05/12 01:41:21 | 000,042,432 | ---- | C] (Digi International, Inc.) -- C:\WINDOWS\System32\dllcache\digirlpt.sys
[2012/05/12 01:41:20 | 000,102,484 | ---- | C] (Digi International Inc.) -- C:\WINDOWS\System32\dllcache\digiinf.dll
[2012/05/12 01:41:20 | 000,041,046 | ---- | C] (Digi International Inc.) -- C:\WINDOWS\System32\dllcache\digiisdn.dll
[2012/05/12 01:41:20 | 000,021,606 | ---- | C] (Digi International Inc.) -- C:\WINDOWS\System32\dllcache\digiisdn.sys
[2012/05/12 01:41:19 | 000,229,462 | ---- | C] (Digi International Inc.) -- C:\WINDOWS\System32\dllcache\digifwrk.dll
[2012/05/12 01:41:19 | 000,159,828 | ---- | C] (Digi International Inc.) -- C:\WINDOWS\System32\dllcache\digihlc.dll
[2012/05/12 01:41:19 | 000,103,044 | ---- | C] (Digi International Inc.) -- C:\WINDOWS\System32\dllcache\digidxb.sys
[2012/05/12 01:41:19 | 000,090,525 | ---- | C] (Digi International Inc.) -- C:\WINDOWS\System32\dllcache\digifep5.sys
[2012/05/12 01:41:18 | 000,131,156 | ---- | C] (Digi International Inc.) -- C:\WINDOWS\System32\dllcache\digidbp.dll
[2012/05/12 01:41:18 | 000,065,622 | ---- | C] (Digi International Inc.) -- C:\WINDOWS\System32\dllcache\digiasyn.dll
[2012/05/12 01:41:18 | 000,037,735 | ---- | C] (Digi International Inc.) -- C:\WINDOWS\System32\dllcache\digiasyn.sys
[2012/05/12 01:41:17 | 000,419,357 | ---- | C] (Digi International) -- C:\WINDOWS\System32\dllcache\dgconfig.dll
[2012/05/12 01:41:16 | 000,029,531 | ---- | C] (Digi International Inc.) -- C:\WINDOWS\System32\dllcache\dgapci.sys
[2012/05/12 01:41:16 | 000,024,649 | ---- | C] (D-Link) -- C:\WINDOWS\System32\dllcache\dfe650d.sys
[2012/05/12 01:41:16 | 000,024,648 | ---- | C] (D-Link) -- C:\WINDOWS\System32\dllcache\dfe650.sys
[2012/05/12 01:41:15 | 000,256,512 | ---- | C] (Creative Technology Ltd.) -- C:\WINDOWS\System32\dllcache\devcon32.dll
[2012/05/12 01:41:15 | 000,024,064 | ---- | C] (Creative Technology Ltd.) -- C:\WINDOWS\System32\dllcache\devldr32.exe
[2012/05/12 01:41:14 | 000,110,592 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\dc260usd.dll
[2012/05/12 01:41:14 | 000,020,928 | ---- | C] (Digital Networks, LLC) -- C:\WINDOWS\System32\dllcache\defpa.sys
[2012/05/12 01:41:14 | 000,007,424 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\ddsmc.sys
[2012/05/12 01:41:13 | 000,086,016 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\dc240usd.dll
[2012/05/12 01:41:13 | 000,080,896 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\dc210usd.dll
[2012/05/12 01:41:13 | 000,063,208 | ---- | C] (Intel Corporation.) -- C:\WINDOWS\System32\dllcache\dc21x4.sys
[2012/05/12 01:41:12 | 000,025,600 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\dc210_32.dll
[2012/05/12 01:41:11 | 000,179,584 | ---- | C] (Mylex Corporation) -- C:\WINDOWS\System32\dllcache\dac2w2k.sys
[2012/05/12 01:41:11 | 000,014,720 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\dac960nt.sys
[2012/05/12 01:41:09 | 000,117,760 | ---- | C] (Intel Corporation) -- C:\WINDOWS\System32\dllcache\d100ib5.sys
[2012/05/12 01:41:09 | 000,049,792 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\cyzport.sys
[2012/05/12 01:41:09 | 000,027,648 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\cyzports.dll
[2012/05/12 01:41:09 | 000,027,136 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\cyzcoins.dll
[2012/05/12 01:41:08 | 000,050,176 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\cyyport.sys
[2012/05/12 01:41:08 | 000,028,672 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\cyycoins.dll
[2012/05/12 01:41:08 | 000,027,648 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\cyyports.dll
[2012/05/12 01:41:07 | 000,017,152 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\cyclad-z.sys
[2012/05/12 01:41:07 | 000,014,848 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\cyclom-y.sys
[2012/05/12 01:41:06 | 000,111,872 | ---- | C] (Crystal Semiconductor Corp.) -- C:\WINDOWS\System32\dllcache\cwcspud.sys
[2012/05/12 01:41:06 | 000,093,952 | ---- | C] (Crystal Semiconductor Corp.) -- C:\WINDOWS\System32\dllcache\cwcwdm.sys
[2012/05/12 01:41:06 | 000,048,640 | ---- | C] (Crystal Semiconductor Corp.) -- C:\WINDOWS\System32\dllcache\cwrwdm.sys
[2012/05/12 01:41:06 | 000,003,584 | ---- | C] (Crystal Semiconductor Corp.) -- C:\WINDOWS\System32\dllcache\cwcosnt5.sys
[2012/05/12 01:41:05 | 000,072,832 | ---- | C] (Crystal Semiconductor Corp.) -- C:\WINDOWS\System32\dllcache\cwbwdm.sys
[2012/05/12 01:41:05 | 000,003,072 | ---- | C] (Crystal Semiconductor Corp.) -- C:\WINDOWS\System32\dllcache\cwbmidi.sys
[2012/05/12 01:41:05 | 000,003,072 | ---- | C] (Crystal Semiconductor Corp.) -- C:\WINDOWS\System32\dllcache\cwbase.sys
[2012/05/12 01:41:04 | 000,249,856 | ---- | C] (ComtrolŪ Corporation) -- C:\WINDOWS\System32\dllcache\ctmasetp.dll
[2012/05/12 01:41:04 | 000,096,256 | ---- | C] (Copyright © Creative Technology Ltd. 1994-2001) -- C:\WINDOWS\System32\dllcache\ctlsb16.sys
[2012/05/12 01:41:04 | 000,004,096 | ---- | C] (Creative Technology Ltd.) -- C:\WINDOWS\System32\dllcache\ctwdm32.dll
[2012/05/12 01:41:03 | 000,006,912 | ---- | C] (Creative Technology Ltd.) -- C:\WINDOWS\System32\dllcache\ctlfacem.sys
[2012/05/12 01:41:03 | 000,003,712 | ---- | C] (Creative Technology Ltd.) -- C:\WINDOWS\System32\dllcache\ctljystk.sys
[2012/05/12 01:41:02 | 000,175,104 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\csamsp.dll
[2012/05/12 01:41:02 | 000,042,112 | ---- | C] (Conexant Systems Inc.) -- C:\WINDOWS\System32\dllcache\crtaud.sys
[2012/05/12 01:41:01 | 000,216,064 | ---- | C] (COMPAQ Inc.) -- C:\WINDOWS\System32\dllcache\cpscan.dll
[2012/05/12 01:41:01 | 000,060,970 | ---- | C] (Compaq Computer Corp.) -- C:\WINDOWS\System32\dllcache\cpqtrnd5.sys
[2012/05/12 01:41:01 | 000,021,533 | ---- | C] (Compaq Computer Corporation) -- C:\WINDOWS\System32\dllcache\cpqndis5.sys
[2012/05/12 01:41:01 | 000,018,944 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\cprofile.exe
[2012/05/12 01:41:00 | 000,020,480 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\counters.dll
[2012/05/12 01:41:00 | 000,014,976 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\cpqarray.sys
[2012/05/12 01:40:59 | 000,056,320 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\convlog.exe
[2012/05/12 01:40:59 | 000,033,792 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\controt.dll
[2012/05/12 01:40:57 | 000,010,240 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\compbatt.sys
[2012/05/12 01:40:56 | 000,044,032 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\cnusd.dll
[2012/05/12 01:40:56 | 000,039,936 | ---- | C] (Conexant Systems, Inc.) -- C:\WINDOWS\System32\dllcache\cnxt1803.sys
[2012/05/12 01:40:55 | 000,006,656 | ---- | C] (CMD Technology, Inc.) -- C:\WINDOWS\System32\dllcache\cmdide.sys
[2012/05/12 01:40:54 | 000,020,736 | ---- | C] (OMNIKEY AG) -- C:\WINDOWS\System32\dllcache\cmbp0wdm.sys
[2012/05/12 01:40:54 | 000,013,952 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\cmbatt.sys
[2012/05/12 01:40:53 | 000,248,064 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\cl546xm.sys
[2012/05/12 01:40:52 | 000,170,880 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\cl546x.dll
[2012/05/12 01:40:52 | 000,111,232 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\cl5465.dll
[2012/05/12 01:40:52 | 000,045,696 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\cirrus.sys
[2012/05/12 01:40:51 | 000,272,640 | ---- | C] (RAVISENT Technologies Inc.) -- C:\WINDOWS\System32\dllcache\cinemclc.sys
[2012/05/12 01:40:51 | 000,091,264 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\cirrus.dll
[2012/05/12 01:40:50 | 000,980,034 | ---- | C] (Xircom) -- C:\WINDOWS\System32\dllcache\cicap.sys
[2012/05/12 01:40:48 | 000,015,872 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\chgport.exe
[2012/05/12 01:40:48 | 000,014,336 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\chgusr.exe
[2012/05/12 01:40:48 | 000,013,312 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\chglogon.exe
[2012/05/12 01:40:47 | 000,009,728 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\change.exe
[2012/05/12 01:40:47 | 000,008,192 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\changer.sys
[2012/05/12 01:40:46 | 000,049,182 | ---- | C] (Xircom, Inc.) -- C:\WINDOWS\System32\dllcache\cem56n5.sys
[2012/05/12 01:40:46 | 000,022,044 | ---- | C] (Xircom, Inc.) -- C:\WINDOWS\System32\dllcache\cem33n5.sys
[2012/05/12 01:40:46 | 000,022,044 | ---- | C] (Xircom, Inc.) -- C:\WINDOWS\System32\dllcache\cem28n5.sys
[2012/05/12 01:40:45 | 000,027,164 | ---- | C] (Xircom, Inc.) -- C:\WINDOWS\System32\dllcache\ce3n5.sys
[2012/05/12 01:40:45 | 000,021,530 | ---- | C] (Xircom, Inc.) -- C:\WINDOWS\System32\dllcache\ce2n5.sys
[2012/05/12 01:40:44 | 000,007,680 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\cd20xrnt.sys
[2012/05/12 01:40:43 | 000,714,698 | ---- | C] (Xircom, Inc.) -- C:\WINDOWS\System32\dllcache\cbmdmkxx.sys
[2012/05/12 01:40:43 | 000,046,108 | ---- | C] (Xircom, Inc.) -- C:\WINDOWS\System32\dllcache\cben5.sys
[2012/05/12 01:40:43 | 000,039,680 | ---- | C] (Silicom Ltd.) -- C:\WINDOWS\System32\dllcache\cb325.sys
[2012/05/12 01:40:42 | 000,164,923 | ---- | C] (Eicon Technology) -- C:\WINDOWS\System32\dllcache\diapi2.sys
[2012/05/12 01:40:42 | 000,037,916 | ---- | C] (Fast Ethernet Controller Provider) -- C:\WINDOWS\System32\dllcache\cb102.sys
[2012/05/12 01:40:42 | 000,032,256 | ---- | C] (Eicon Technology Corporation) -- C:\WINDOWS\System32\dllcache\diapi2NT.dll
[2012/05/12 01:40:41 | 000,121,856 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\camext30.dll
[2012/05/12 01:40:41 | 000,054,528 | ---- | C] (Philips Semiconductors GmbH) -- C:\WINDOWS\System32\dllcache\cap7146.sys
[2012/05/12 01:40:40 | 000,244,224 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\camext20.ax
[2012/05/12 01:40:40 | 000,236,032 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\camext20.dll
[2012/05/12 01:40:40 | 000,116,736 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\camext30.ax
[2012/05/12 01:40:39 | 000,223,232 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\camdrv21.sys
[2012/05/12 01:40:39 | 000,171,264 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\camdrv30.sys
[2012/05/12 01:40:39 | 000,074,240 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\camexo20.dll
[2012/05/12 01:40:39 | 000,073,216 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\camexo20.ax
[2012/05/12 01:40:38 | 000,314,752 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\camdro21.sys
[2012/05/12 01:40:38 | 000,010,752 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\c_iscii.dll
[2012/05/12 01:40:22 | 000,013,824 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\bulltlp3.sys
[2012/05/12 01:40:21 | 000,031,529 | ---- | C] (BreezeCOM) -- C:\WINDOWS\System32\dllcache\brzwlan.sys
[2012/05/12 01:40:20 | 000,039,552 | ---- | C] (Brother Industries Ltd.) -- C:\WINDOWS\System32\dllcache\brparwdm.sys
[2012/05/12 01:40:19 | 000,045,568 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\browscap.dll
[2012/05/12 01:40:19 | 000,003,168 | ---- | C] (Brother Industries Ltd.) -- C:\WINDOWS\System32\dllcache\brparimg.sys
[2012/05/12 01:40:18 | 000,081,408 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\brmfcwia.dll
[2012/05/12 01:40:17 | 000,012,160 | ---- | C] (Brother Industries, Ltd.) -- C:\WINDOWS\System32\dllcache\brfiltlo.sys
[2012/05/12 01:40:17 | 000,003,968 | ---- | C] (Brother Industries, Ltd.) -- C:\WINDOWS\System32\dllcache\brfiltup.sys
[2012/05/12 01:40:15 | 000,102,400 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\binlsvc.dll
[2012/05/12 01:40:14 | 000,871,388 | ---- | C] (BCM) -- C:\WINDOWS\System32\dllcache\bcmdm.sys
[2012/05/12 01:40:14 | 000,054,271 | ---- | C] (Broadcom Corporation) -- C:\WINDOWS\System32\dllcache\bcm42xx5.sys
[2012/05/12 01:40:14 | 000,026,568 | ---- | C] (Broadcom Corporation) -- C:\WINDOWS\System32\dllcache\bcm4e5.sys
[2012/05/12 01:40:13 | 000,066,557 | ---- | C] (Broadcom Corporation) -- C:\WINDOWS\System32\dllcache\bcm42u.sys
[2012/05/12 01:40:13 | 000,014,208 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\battc.sys
[2012/05/12 01:40:12 | 000,342,336 | ---- | C] (3Dfx Interactive, Inc.) -- C:\WINDOWS\System32\dllcache\banshee.dll
[2012/05/12 01:40:12 | 000,089,952 | ---- | C] (AVM GmbH) -- C:\WINDOWS\System32\dllcache\b1cbase.sys
[2012/05/12 01:40:12 | 000,036,128 | ---- | C] (3Dfx Interactive, Inc.) -- C:\WINDOWS\System32\dllcache\banshee.sys
[2012/05/12 01:40:11 | 000,144,384 | ---- | C] (AVM GmbH) -- C:\WINDOWS\System32\dllcache\avmenum.dll
[2012/05/12 01:40:11 | 000,037,568 | ---- | C] (AVM GmbH) -- C:\WINDOWS\System32\dllcache\avmwan.sys
[2012/05/12 01:40:11 | 000,036,992 | ---- | C] (Aztech Systems Ltd) -- C:\WINDOWS\System32\dllcache\aztw2320.sys
[2012/05/12 01:40:10 | 000,087,552 | ---- | C] (AVM GmbH) -- C:\WINDOWS\System32\dllcache\avmcoxp.dll
[2012/05/12 01:40:09 | 000,038,912 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\avc.sys
[2012/05/12 01:40:09 | 000,036,096 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\avcaudio.sys
[2012/05/12 01:40:09 | 000,013,696 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\avcstrm.sys
[2012/05/12 01:40:08 | 000,009,216 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\authfilt.dll
[2012/05/12 01:40:03 | 000,104,832 | ---- | C] (ATI Technologies Inc.) -- C:\WINDOWS\System32\dllcache\atiraged.dll
[2012/05/12 01:40:03 | 000,070,528 | ---- | C] (ATI Technologies Inc.) -- C:\WINDOWS\System32\dllcache\atiragem.sys
[2012/05/12 01:40:02 | 000,281,600 | ---- | C] (ATI Technologies Inc.) -- C:\WINDOWS\System32\dllcache\atimtai.sys
[2012/05/12 01:40:02 | 000,075,136 | ---- | C] (ATI Technologies Inc.) -- C:\WINDOWS\System32\dllcache\atimpae.sys
[2012/05/12 01:40:01 | 000,289,664 | ---- | C] (ATI Technologies Inc.) -- C:\WINDOWS\System32\dllcache\atimpab.sys
[2012/05/12 01:40:01 | 000,268,160 | ---- | C] (ATI Technologies Inc.) -- C:\WINDOWS\System32\dllcache\atidvai.dll
[2012/05/12 01:40:01 | 000,037,376 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\atievxx.exe
[2012/05/12 01:40:00 | 000,382,592 | ---- | C] (ATI Technologies Inc.) -- C:\WINDOWS\System32\dllcache\atidrab.dll
[2012/05/12 01:40:00 | 000,137,216 | ---- | C] (ATI Technologies Inc.) -- C:\WINDOWS\System32\dllcache\atidrae.dll
[2012/05/12 01:39:58 | 000,096,128 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\ati.dll
[2012/05/12 01:39:58 | 000,077,568 | ---- | C] (ATI Technologies, Inc.) -- C:\WINDOWS\System32\dllcache\ati.sys
[2012/05/12 01:39:57 | 000,029,184 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\asptxn.dll
[2012/05/12 01:39:57 | 000,010,240 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\aspperf.dll
[2012/05/12 01:39:56 | 000,097,354 | ---- | C] (Bay Networks, Inc.) -- C:\WINDOWS\System32\dllcache\aspndis3.sys
[2012/05/12 01:39:56 | 000,014,848 | ---- | C] (Advanced System Products, Inc.) -- C:\WINDOWS\System32\dllcache\asc3550.sys
[2012/05/12 01:39:55 | 000,026,496 | ---- | C] (Advanced System Products, Inc.) -- C:\WINDOWS\System32\dllcache\asc.sys
[2012/05/12 01:39:55 | 000,022,400 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\asc3350p.sys
[2012/05/12 01:39:54 | 000,045,056 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\EXCH_aqadmin.dll
[2012/05/12 01:39:32 | 000,036,224 | ---- | C] (ADMtek Incorporated.) -- C:\WINDOWS\System32\dllcache\an983.sys
[2012/05/12 01:39:32 | 000,006,272 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\apmbatt.sys
[2012/05/12 01:39:31 | 000,016,969 | ---- | C] (AmbiCom, Inc.) -- C:\WINDOWS\System32\dllcache\amb8002.sys
[2012/05/12 01:39:31 | 000,012,032 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\amsint.sys
[2012/05/12 01:39:31 | 000,005,248 | ---- | C] (Acer Laboratories Inc.) -- C:\WINDOWS\System32\dllcache\aliide.sys
[2012/05/12 01:39:30 | 000,027,678 | ---- | C] (Acer Laboratories Inc.) -- C:\WINDOWS\System32\dllcache\ali5261.sys
[2012/05/12 01:39:30 | 000,026,624 | ---- | C] (Acer Laboratories Inc.) -- C:\WINDOWS\System32\dllcache\alifir.sys
[2012/05/12 01:39:29 | 000,056,960 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\aic78xx.sys
[2012/05/12 01:39:29 | 000,055,168 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\aic78u2.sys
[2012/05/12 01:39:29 | 000,012,800 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\aha154x.sys
[2012/05/12 01:39:27 | 000,024,576 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\agcgauge.ax
[2012/05/12 01:39:25 | 000,005,632 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\EXCH_adsiisex.dll
[2012/05/12 01:36:15 | 000,101,888 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\adpu160m.sys
[2012/05/12 01:36:15 | 000,049,664 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\adrot.dll
[2012/05/12 01:36:14 | 000,046,112 | ---- | C] (Adaptec, Inc ) -- C:\WINDOWS\System32\dllcache\adptsf50.sys
[2012/05/12 01:36:14 | 000,006,144 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\admxprox.dll
[2012/05/12 01:36:13 | 000,010,880 | ---- | C] (Aureal, Inc.) -- C:\WINDOWS\System32\dllcache\admjoy.sys
[2012/05/12 01:36:12 | 000,747,392 | ---- | C] (Aureal, Inc.) -- C:\WINDOWS\System32\dllcache\adm8830.sys
[2012/05/12 01:36:12 | 000,553,984 | ---- | C] (Aureal, Inc.) -- C:\WINDOWS\System32\dllcache\adm8820.sys
[2012/05/12 01:36:11 | 000,584,448 | ---- | C] (Aureal, Inc.) -- C:\WINDOWS\System32\dllcache\adm8810.sys
[2012/05/12 01:36:11 | 000,020,160 | ---- | C] (ADMtek Incorporated) -- C:\WINDOWS\System32\dllcache\adm8511.sys
[2012/05/12 01:36:11 | 000,007,424 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\adicvls.sys
[2012/05/12 01:36:10 | 000,084,480 | ---- | C] (VIA Technologies, Inc.) -- C:\WINDOWS\System32\dllcache\ac97via.sys
[2012/05/12 01:36:10 | 000,061,440 | ---- | C] (Color Flatbed Scanner) -- C:\WINDOWS\System32\dllcache\acerscad.dll
[2012/05/12 01:36:09 | 000,297,728 | ---- | C] (Silicon Integrated Systems Corp.) -- C:\WINDOWS\System32\dllcache\ac97sis.sys
[2012/05/12 01:36:09 | 000,231,552 | ---- | C] (Acer Laboratories Inc.) -- C:\WINDOWS\System32\dllcache\ac97ali.sys
[2012/05/12 01:36:09 | 000,096,256 | ---- | C] (Intel Corporation) -- C:\WINDOWS\System32\dllcache\ac97intc.sys
[2012/05/12 01:36:08 | 000,462,848 | ---- | C] (Aureal Inc.) -- C:\WINDOWS\System32\dllcache\a3dapi.dll
[2012/05/12 01:36:08 | 000,098,304 | ---- | C] (Aureal Semiconductor) -- C:\WINDOWS\System32\dllcache\a3d.dll
[2012/05/12 01:36:08 | 000,023,552 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\abp480n5.sys
[2012/05/12 01:36:07 | 000,048,128 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\61883.sys
[2012/05/12 01:36:07 | 000,038,400 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\8514a.dll
[2012/05/12 01:36:07 | 000,012,288 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\4mmdat.sys
[2012/05/12 01:36:06 | 000,762,780 | ---- | C] (3Com, Inc.) -- C:\WINDOWS\System32\dllcache\3cwmcru.sys
[2012/05/12 01:36:06 | 000,689,216 | ---- | C] (3dfx Interactive, Inc.) -- C:\WINDOWS\System32\dllcache\3dfxvs.dll
[2012/05/12 01:36:06 | 000,148,352 | ---- | C] (3dfx Interactive, Inc.) -- C:\WINDOWS\System32\dllcache\3dfxvsm.sys
[2012/05/12 01:36:05 | 000,011,264 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\1394vdbg.sys
[2012/05/12 01:35:57 | 000,007,168 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\wamregps.dll
[2012/05/12 01:35:52 | 000,066,048 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\s3legacy.dll
[2012/05/12 01:35:46 | 002,192,640 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\ntoskrnl.exe
[2012/05/12 01:35:41 | 000,019,968 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\inetsloc.dll
[2012/05/12 01:35:40 | 000,007,680 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\inetmgr.exe
[2012/05/12 01:35:39 | 000,169,984 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\iisui.dll
[2012/05/12 01:35:39 | 000,005,632 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\iisrstap.dll
[2012/05/12 01:35:38 | 000,014,336 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\iisreset.exe
[2012/05/12 01:35:37 | 000,006,144 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\ftpsapi2.dll
[2012/05/12 01:35:29 | 000,094,720 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\certmap.ocx
[2012/05/11 04:49:17 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NetworkService\Local Settings\Application Data\Apple Computer
[2012/05/10 23:41:26 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NetworkService\Application Data\Macromedia
[2012/05/10 23:41:12 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NetworkService\Application Data\Adobe
[2012/05/01 15:51:13 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Guy\My Documents\Rebates
[2012/04/28 15:16:47 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Yahoo! Companion
[2012/04/28 15:16:29 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Yahoo! Messenger
[2012/04/26 23:51:06 | 000,000,000 | ---D | C] -- C:\Program Files\XviD
[2012/04/26 23:51:06 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\XviD
[2012/04/26 23:50:35 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Guy\Start Menu\Programs\AviSynth 2.5
[2012/04/26 23:50:34 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\AviSynth 2.5
[2012/04/26 23:50:33 | 000,000,000 | ---D | C] -- C:\Program Files\AviSynth 2.5
[2012/04/26 23:48:57 | 000,000,000 | ---D | C] -- C:\Program Files\Gabest
[2012/04/26 23:48:04 | 000,000,000 | ---D | C] -- C:\Program Files\AutoGK
[2012/04/26 23:48:04 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\AutoGK
[2012/04/26 19:28:47 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Guy\Application Data\dvdcss
[2012/04/26 16:25:07 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Skype
[2012/04/26 16:25:06 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Skype
[2012/04/22 11:23:50 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\web-reg
[2012/04/22 11:23:49 | 000,000,000 | ---D | C] -- C:\Program Files\web-reg
[2010/11/18 01:09:06 | 000,047,360 | ---- | C] (VSO Software) -- C:\Documents and Settings\Guy\Application Data\pcouffin.sys
[4 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2012/05/19 11:57:51 | 000,595,456 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Guy\Desktop\OTL.exe
[2012/05/19 11:49:02 | 000,444,366 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2012/05/19 11:49:02 | 000,072,640 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2012/05/19 11:46:54 | 000,000,876 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job
[2012/05/19 11:46:53 | 000,000,236 | ---- | M] () -- C:\WINDOWS\tasks\OGALogon.job
[2012/05/19 11:36:13 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2012/05/19 11:36:10 | 1072,717,824 | -HS- | M] () -- C:\hiberfil.sys
[2012/05/19 11:34:05 | 000,000,880 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job
[2012/05/19 11:24:15 | 000,000,830 | ---- | M] () -- C:\WINDOWS\tasks\Adobe Flash Player Updater.job
[2012/05/19 03:59:09 | 000,000,192 | ---- | M] () -- C:\Documents and Settings\Guy\Desktop\Reinstal NetBT Tech Tips and IT Support Information.url
[2012/05/17 22:10:29 | 000,000,778 | ---- | M] () -- C:\Documents and Settings\Guy\Desktop\AnyDVD.lnk
[2012/05/17 10:57:45 | 000,834,471 | ---- | M] () -- C:\Documents
[2012/05/17 09:21:03 | 000,000,284 | ---- | M] () -- C:\WINDOWS\tasks\AppleSoftwareUpdate.job
[2012/05/17 00:17:45 | 000,000,214 | ---- | M] () -- C:\Documents and Settings\Guy\Desktop\After TR-Rootkit.Gen2 (Avira) internet won't work.url
[2012/05/16 11:55:40 | 000,000,791 | ---- | M] () -- C:\Documents and Settings\Guy\Start Menu\Programs\Startup\ERUNT AutoBackup.lnk
[2012/05/16 11:05:41 | 013,631,488 | ---- | M] () -- C:\Documents and Settings\Guy\ntuser.bak
[2012/05/16 10:56:46 | 000,002,206 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2012/05/15 12:12:08 | 000,086,016 | ---- | M] (Sonic Solutions) -- C:\WINDOWS\System32\pxwma.dll
[2012/05/15 12:12:08 | 000,053,248 | ---- | M] () -- C:\WINDOWS\System32\pxhpinst.exe
[2012/05/15 12:12:07 | 000,462,848 | ---- | M] (Sonic Solutions) -- C:\WINDOWS\System32\px.dll
[2012/05/15 12:12:07 | 000,319,488 | ---- | M] (Sonic Solutions) -- C:\WINDOWS\System32\pxdrv.dll
[2012/05/15 12:12:07 | 000,286,720 | ---- | M] (Sonic Solutions) -- C:\WINDOWS\System32\pxwave.dll
[2012/05/15 12:12:07 | 000,143,360 | ---- | M] (Sonic Solutions) -- C:\WINDOWS\System32\pxmas.dll
[2012/05/15 12:12:07 | 000,028,672 | ---- | M] (Sonic Solutions) -- C:\WINDOWS\System32\VXBLOCK.dll
[2012/05/15 04:54:40 | 000,000,015 | ---- | M] () -- C:\Documents and Settings\Guy\catalog
[2012/05/15 04:41:19 | 000,000,736 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts
[2012/05/15 03:35:50 | 000,524,288 | ---- | M] () -- C:\Documents and Settings\Guy\My Documents\system.evt
[2012/05/14 20:20:38 | 000,000,000 | -HS- | M] () -- C:\WINDOWS\System32\dds_trash_log.cmd
[2012/05/14 10:05:54 | 000,000,664 | ---- | M] () -- C:\WINDOWS\System32\d3d9caps.dat
[2012/05/14 02:05:06 | 000,001,695 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\avast! Free Antivirus.lnk
[2012/05/14 02:04:58 | 000,002,625 | ---- | M] () -- C:\WINDOWS\System32\CONFIG.NT
[2012/05/12 13:17:17 | 000,000,859 | ---- | M] () -- C:\Documents and Settings\Guy\Desktop\Automatically Add to iTunes.lnk
[2012/05/12 00:05:21 | 000,000,349 | ---- | M] () -- C:\Documents and Settings\All Users\Documents\PCLECHAL.INI
[2012/05/11 21:49:01 | 000,002,653 | ---- | M] () -- C:\WINDOWS\BRMFBIDI.INI
[2012/05/10 23:30:07 | 000,378,448 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2012/05/09 11:27:05 | 000,000,090 | ---- | M] () -- C:\WINDOWS\QBChanUtil_Trigger.ini
[2012/05/09 11:17:17 | 000,000,188 | ---- | M] () -- C:\Documents and Settings\Guy\Desktop\Blackboard Learn.url
[2012/05/08 23:22:39 | 000,001,355 | ---- | M] () -- C:\WINDOWS\imsins.BAK
[2012/05/08 22:14:04 | 000,137,928 | ---- | M] (Avira GmbH) -- C:\WINDOWS\System32\drivers\avipbb.sys
[2012/05/08 22:14:04 | 000,083,392 | ---- | M] (Avira GmbH) -- C:\WINDOWS\System32\drivers\avgntflt.sys
[2012/05/05 19:13:01 | 000,000,272 | ---- | M] () -- C:\WINDOWS\tasks\expressShakeIcon.job
[2012/05/05 10:44:18 | 000,000,443 | ---- | M] () -- C:\Documents and Settings\Guy\Desktop\Banking & Business.lnk
[2012/05/05 01:24:11 | 000,419,488 | ---- | M] (Adobe Systems Incorporated) -- C:\WINDOWS\System32\FlashPlayerApp.exe
[2012/05/05 01:24:11 | 000,070,304 | ---- | M] (Adobe Systems Incorporated) -- C:\WINDOWS\System32\FlashPlayerCPLApp.cpl
[2012/04/30 21:35:52 | 000,000,754 | ---- | M] () -- C:\WINDOWS\WORDPAD.INI
[2012/04/30 21:14:28 | 001,511,591 | ---- | M] () -- C:\Documents and Settings\Guy\Desktop\2012-04-30 17.12.38.jpg
[2012/04/30 21:12:52 | 000,061,200 | ---- | M] () -- C:\Documents and Settings\Guy\Desktop\Fringe.S03E21.HDTV.XviD-LOL.avi_snapshot_42.11_[2012.04.30_21.11.18].jpg
[2012/04/27 21:06:47 | 000,253,927 | ---- | M] () -- C:\Documents and Settings\Guy\Desktop\Corn Pudding Recipe.jpg
[2012/04/27 10:11:56 | 000,000,550 | ---- | M] () -- C:\Documents and Settings\Guy\Application Data\AutoGK.ini
[2012/04/26 19:14:01 | 000,000,211 | -HS- | M] () -- C:\boot.ini
[4 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]

========== Files Created - No Company Name ==========

[2012/05/19 03:53:20 | 000,000,192 | ---- | C] () -- C:\Documents and Settings\Guy\Desktop\Reinstal NetBT Tech Tips and IT Support Information.url
[2012/05/19 03:04:18 | 000,003,654 | ---- | C] () -- C:\WINDOWS\System32\drivers\Sonyhcp.dll
[2012/05/18 00:33:22 | 1072,717,824 | -HS- | C] () -- C:\hiberfil.sys
[2012/05/17 22:10:29 | 000,000,778 | ---- | C] () -- C:\Documents and Settings\Guy\Desktop\AnyDVD.lnk
[2012/05/17 10:57:16 | 000,834,471 | ---- | C] () -- C:\Documents
[2012/05/16 18:48:20 | 000,000,214 | ---- | C] () -- C:\Documents and Settings\Guy\Desktop\After TR-Rootkit.Gen2 (Avira) internet won't work.url
[2012/05/15 11:52:42 | 000,053,248 | ---- | C] () -- C:\WINDOWS\System32\pxhpinst.exe
[2012/05/15 11:38:26 | 000,000,791 | ---- | C] () -- C:\Documents and Settings\Guy\Start Menu\Programs\Startup\ERUNT AutoBackup.lnk
[2012/05/15 04:54:39 | 000,000,015 | ---- | C] () -- C:\Documents and Settings\Guy\catalog
[2012/05/15 03:58:06 | 000,524,288 | ---- | C] () -- C:\Documents and Settings\Guy\My Documents\system.evt
[2012/05/14 02:05:06 | 000,001,695 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\avast! Free Antivirus.lnk
[2012/05/12 01:50:23 | 000,027,648 | ---- | C] () -- C:\WINDOWS\System32\dllcache\xrxftplt.exe
[2012/05/12 01:50:23 | 000,018,944 | ---- | C] () -- C:\WINDOWS\System32\dllcache\xrxscnui.dll
[2012/05/12 01:42:48 | 000,165,888 | ---- | C] () -- C:\WINDOWS\System32\dllcache\hpgt53.dll
[2012/05/12 01:42:47 | 000,101,376 | ---- | C] () -- C:\WINDOWS\System32\dllcache\hpgt34.dll
[2012/05/12 01:42:47 | 000,093,696 | ---- | C] () -- C:\WINDOWS\System32\dllcache\hpgt42.dll
[2012/05/12 01:42:46 | 000,089,088 | ---- | C] () -- C:\WINDOWS\System32\dllcache\hpgt33.dll
[2012/05/12 01:42:46 | 000,083,968 | ---- | C] () -- C:\WINDOWS\System32\dllcache\hpgt21.dll
[2012/05/12 01:41:25 | 000,029,768 | ---- | C] () -- C:\WINDOWS\System32\dllcache\divasu.dll
[2012/05/12 01:41:24 | 000,037,962 | ---- | C] () -- C:\WINDOWS\System32\dllcache\divaprop.dll
[2012/05/12 01:41:24 | 000,006,216 | ---- | C] () -- C:\WINDOWS\System32\dllcache\divaci.dll
[2012/05/12 01:40:06 | 000,023,552 | ---- | C] () -- C:\WINDOWS\System32\dllcache\atixbar.sys
[2012/05/12 01:40:05 | 000,026,624 | ---- | C] () -- C:\WINDOWS\System32\dllcache\ativxbar.sys
[2012/05/12 01:40:05 | 000,019,456 | ---- | C] () -- C:\WINDOWS\System32\dllcache\ativttxx.sys
[2012/05/12 01:40:05 | 000,009,472 | ---- | C] () -- C:\WINDOWS\System32\dllcache\ativmdcd.sys
[2012/05/12 01:40:04 | 000,049,920 | ---- | C] () -- C:\WINDOWS\System32\dllcache\atirtcap.sys
[2012/05/12 01:40:04 | 000,026,880 | ---- | C] () -- C:\WINDOWS\System32\dllcache\atirtsnd.sys
[2012/05/12 01:40:04 | 000,017,152 | ---- | C] () -- C:\WINDOWS\System32\dllcache\atitvsnd.sys
[2012/05/12 01:40:04 | 000,017,152 | ---- | C] () -- C:\WINDOWS\System32\dllcache\atitunep.sys
[2012/05/12 01:40:03 | 000,010,240 | ---- | C] () -- C:\WINDOWS\System32\dllcache\atipcxxx.sys
[2012/05/12 01:40:00 | 000,046,464 | ---- | C] () -- C:\WINDOWS\System32\dllcache\atibt829.sys
[2012/05/10 22:22:25 | 000,000,000 | -HS- | C] () -- C:\WINDOWS\System32\dds_trash_log.cmd
[2012/05/05 10:44:18 | 000,000,443 | ---- | C] () -- C:\Documents and Settings\Guy\Desktop\Banking & Business.lnk
[2012/04/30 21:14:24 | 001,511,591 | ---- | C] () -- C:\Documents and Settings\Guy\Desktop\2012-04-30 17.12.38.jpg
[2012/04/30 21:11:47 | 000,061,200 | ---- | C] () -- C:\Documents and Settings\Guy\Desktop\Fringe.S03E21.HDTV.XviD-LOL.avi_snapshot_42.11_[2012.04.30_21.11.18].jpg
[2012/04/27 21:05:12 | 000,253,927 | ---- | C] () -- C:\Documents and Settings\Guy\Desktop\Corn Pudding Recipe.jpg
[2012/04/27 10:11:56 | 000,000,550 | ---- | C] () -- C:\Documents and Settings\Guy\Application Data\AutoGK.ini
[2012/04/26 19:13:31 | 000,000,272 | ---- | C] () -- C:\WINDOWS\tasks\expressShakeIcon.job
[2012/04/15 17:56:53 | 000,258,048 | ---- | C] () -- C:\WINDOWS\System32\libFLAC.dll
[2012/03/19 16:48:04 | 000,000,051 | ---- | C] () -- C:\WINDOWS\brmx2001.ini
[2012/03/19 16:48:04 | 000,000,040 | ---- | C] () -- C:\WINDOWS\opt_2460.ini
[2012/03/01 22:38:28 | 000,156,672 | ---- | C] () -- C:\WINDOWS\System32\RTLCPAPI.dll
[2012/03/01 22:38:28 | 000,040,960 | ---- | C] () -- C:\WINDOWS\System32\ChCfg.exe
[2012/02/15 09:44:09 | 000,003,072 | ---- | C] () -- C:\WINDOWS\System32\iacenc.dll
[2012/02/12 21:27:22 | 000,000,033 | ---- | C] () -- C:\WINDOWS\Multimedia manager.INI
[2011/10/17 23:29:53 | 000,000,233 | ---- | C] () -- C:\WINDOWS\qwimp.ini
[2011/10/17 23:18:55 | 000,000,396 | ---- | C] () -- C:\WINDOWS\intuprof.ini
[2011/10/17 22:33:50 | 000,001,177 | ---- | C] () -- C:\WINDOWS\Quicken.ini
[2011/10/17 14:27:06 | 000,000,090 | ---- | C] () -- C:\WINDOWS\QBChanUtil_Trigger.ini
[2011/10/07 08:48:30 | 000,001,371 | ---- | C] () -- C:\Documents and Settings\Guy\Application Data\DownloadManagerFiles.xml
[2011/09/25 11:46:17 | 000,098,304 | ---- | C] () -- C:\WINDOWS\System32\redmonnt.dll
[2011/08/10 20:21:40 | 000,000,125 | -HS- | C] () -- C:\Documents and Settings\All Users\Application Data\.zreglib
[2011/07/27 20:24:23 | 000,000,038 | ---- | C] () -- C:\WINDOWS\avisplitter.ini
[2011/07/27 20:24:21 | 000,216,064 | ---- | C] ( ) -- C:\WINDOWS\System32\lagarith.dll
[2011/07/27 20:24:20 | 003,164,160 | ---- | C] () -- C:\WINDOWS\System32\x264vfw.dll
[2011/07/27 20:24:20 | 000,644,608 | ---- | C] () -- C:\WINDOWS\System32\xvidcore.dll
[2011/07/27 20:24:20 | 000,243,200 | ---- | C] () -- C:\WINDOWS\System32\xvidvfw.dll
[2011/07/27 20:24:19 | 000,074,752 | ---- | C] () -- C:\WINDOWS\System32\ff_vfw.dll
[2011/07/21 16:21:00 | 000,121,224 | ---- | C] () -- C:\WINDOWS\File Renamer - Basic Uninstaller.exe
[2011/06/26 13:19:55 | 000,000,267 | ---- | C] () -- C:\WINDOWS\Brpcfx.ini
[2011/06/26 13:19:50 | 000,000,052 | ---- | C] () -- C:\WINDOWS\BRPP2KA.INI
[2011/06/26 13:19:50 | 000,000,000 | ---- | C] () -- C:\WINDOWS\brwmark.ini
[2011/06/26 13:19:39 | 000,651,264 | ---- | C] () -- C:\WINDOWS\System32\brfxdial.dll
[2011/06/26 13:17:48 | 000,002,653 | ---- | C] () -- C:\WINDOWS\BRMFBIDI.INI
[2011/06/26 13:17:47 | 000,000,256 | R--- | C] () -- C:\WINDOWS\System32\brmsl05f.bin
[2011/05/04 15:41:15 | 000,205,208 | ---- | C] () -- C:\WINDOWS\hpwins26.dat
[2011/05/04 15:41:14 | 000,000,370 | ---- | C] () -- C:\WINDOWS\hpwmdl26.dat
[2011/04/17 19:33:23 | 000,093,608 | -H-- | C] () -- C:\WINDOWS\System32\mlfcache.dat
[2011/01/20 12:08:22 | 000,000,754 | ---- | C] () -- C:\WINDOWS\WORDPAD.INI
[2010/11/18 01:09:06 | 000,087,608 | ---- | C] () -- C:\Documents and Settings\Guy\Application Data\inst.exe
[2010/11/18 01:09:06 | 000,007,887 | ---- | C] () -- C:\Documents and Settings\Guy\Application Data\pcouffin.cat
[2010/11/18 01:09:06 | 000,001,144 | ---- | C] () -- C:\Documents and Settings\Guy\Application Data\pcouffin.inf
[2010/09/16 12:26:18 | 000,013,304 | ---- | C] () -- C:\WINDOWS\System32\drivers\BTNetFilter.sys
[2010/08/18 19:16:16 | 003,486,336 | ---- | C] () -- C:\WINDOWS\System32\drivers\snp2uvc.sys
[2010/08/18 19:16:16 | 000,196,608 | ---- | C] ( ) -- C:\WINDOWS\System32\csnp2uvc.dll
[2010/08/18 19:16:16 | 000,028,544 | ---- | C] () -- C:\WINDOWS\System32\drivers\sncduvc.sys
[2010/08/18 19:16:16 | 000,015,497 | ---- | C] () -- C:\WINDOWS\snp2uvc.ini
[2010/08/18 19:16:14 | 000,241,664 | ---- | C] ( ) -- C:\WINDOWS\System32\rsnp2uvc.dll
[2010/07/31 11:56:39 | 000,011,860 | ---- | C] () -- C:\WINDOWS\System32\drivers\vbtenum.sys
[2010/07/27 11:18:31 | 000,000,082 | ---- | C] () -- C:\WINDOWS\AW6.ini
[2010/07/10 16:27:52 | 000,000,472 | ---- | C] () -- C:\WINDOWS\System32\Remover.ini
[2010/07/09 21:25:45 | 000,000,056 | -H-- | C] () -- C:\WINDOWS\System32\ezsidmv.dat
[2010/06/23 10:49:21 | 000,000,850 | ---- | C] () -- C:\WINDOWS\System32\SP7302.INI
[2010/06/19 11:09:39 | 000,000,664 | ---- | C] () -- C:\WINDOWS\System32\d3d9caps.dat
[2010/06/13 23:35:43 | 000,028,672 | R--- | C] () -- C:\WINDOWS\System32\VendorCmdRW.dll
[2010/06/13 23:35:42 | 000,363,520 | ---- | C] () -- C:\WINDOWS\System32\PsisDecd.dll
[2010/06/13 00:33:17 | 000,000,056 | ---- | C] () -- C:\WINDOWS\RAIDeUtility.ini
[2010/06/12 23:47:51 | 000,000,254 | ---- | C] () -- C:\WINDOWS\_delis43.ini
[2010/06/10 22:23:49 | 000,176,235 | ---- | C] () -- C:\WINDOWS\System32\Primomonnt.dll
[2010/06/04 01:17:33 | 000,000,000 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\LauncherAccess.dt
[2010/06/04 01:01:38 | 000,005,632 | ---- | C] () -- C:\WINDOWS\System32\drivers\StarOpen.sys
[2010/06/02 11:09:36 | 000,910,920 | ---- | C] () -- C:\WINDOWS\System32\pwNative.exe
[2010/06/02 11:09:34 | 000,016,472 | ---- | C] () -- C:\WINDOWS\System32\pwdrvio.sys
[2010/06/02 11:09:34 | 000,011,104 | ---- | C] () -- C:\WINDOWS\System32\pwdspio.sys
[2010/06/01 12:22:46 | 000,000,376 | ---- | C] () -- C:\WINDOWS\ODBC.INI

========== Hard Links - Junction Points - Mount Points - Symbolic Links ==========
[C:\WINDOWS\$NtUninstallKB1659$] -> Error: Cannot create file handle -> Unknown point type

========== Alternate Data Streams ==========

@Alternate Data Stream - 204 bytes -> C:\WINDOWS\System32\drivers:GbpKmAp.lst
@Alternate Data Stream - 2 bytes -> C:\WINDOWS\system32:BBAA722A_Bb.gbp
@Alternate Data Stream - 142 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:F8D65F32
@Alternate Data Stream - 12 bytes -> C:\WINDOWS\System32\drivers:IncompleteBoot.cnt
@Alternate Data Stream - 119 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:661DFA1C

< End of report >

Attached Files



#14 m0le

m0le

    Can U Dig It?


  • Malware Response Team
  • 34,527 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:London, UK
  • Local time:09:21 PM

Posted 19 May 2012 - 05:00 PM

You don't need FastTrack, so don't worry.

Please download ComboFix from one of these locations:* IMPORTANT !!! Save ComboFix.exe to your Desktop making sure you rename it comfix.exe
  • Disable your AntiVirus and AntiSpyware applications including Firewalls, usually via a right click on the System Tray icon. They may otherwise interfere with our tools. (Click on this link to see a list of programs that should be disabled. The list is not all inclusive.)
  • Double click on Comfix.exe & follow the prompts.
  • As part of it's process, ComboFix will check to see if the Microsoft Windows Recovery Console is installed. With malware infections being as they are today, it's strongly recommended to have this pre-installed on your machine before doing any malware removal. It will allow you to boot up into a special recovery/repair mode that will allow us to more easily help you should your computer have a problem after an attempted removal of malware.
  • Follow the prompts to allow ComboFix to download and install the Microsoft Windows Recovery Console, and when prompted, agree to the End-User License Agreement to install the Microsoft Windows Recovery Console.
**Please note: If the Microsoft Windows Recovery Console is already installed, ComboFix will continue it's malware removal procedures.

Posted Image


Once the Microsoft Windows Recovery Console is installed using ComboFix, you should see the following message:

Posted Image


Click on Yes, to continue scanning for malware.

When finished, it shall produce a log for you. Please include the C:\ComboFix.txt in your next reply.

Edited by m0le, 19 May 2012 - 05:01 PM.

Posted Image
m0le is a proud member of UNITE

#15 lakecharles6

lakecharles6
  • Topic Starter

  • Members
  • 27 posts
  • OFFLINE
  •  
  • Local time:03:21 PM

Posted 19 May 2012 - 10:48 PM

wow it found the Zero Configuration Rootkit...

still have internet access here (whew!!!), but still cannot see Win 7 laptop. Win 7 laptop was able to see desktop puter (till this combofix was run)

would very very muchly like to remove GbPlugin also, since i have no need to access that bank's website anymore.

thanks


ComboFix 12-05-19.02 - Guy 05/19/2012 20:39:19.1.2 - x86
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.1023.486 [GMT -5:00]
Running from: c:\documents and settings\Guy\Desktop\comfix.exe
AV: avast! Antivirus *Disabled/Updated* {7591DB91-41F0-48A3-B128-1A293FD8233D}
AV: Avira Desktop *Disabled/Updated* {AD166499-45F9-482A-A743-FDD3350758C7}
.
ADS - system32: deleted 2 bytes in 1 streams.
ADS - drivers: deleted 216 bytes in 2 streams.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\documents and settings\All Users\Application Data\TEMP
c:\documents and settings\Guy\Application Data\inst.exe
c:\documents and settings\Guy\Application Data\Microsoft\~DFK6488e0a.tmp
c:\documents and settings\Guy\Application Data\Microsoft\1eaadjc.dll
c:\documents and settings\Guy\Application Data\Microsoft\bass.dll
c:\documents and settings\Guy\Application Data\Microsoft\kfgresk.dll
c:\documents and settings\Guy\Application Data\Microsoft\mjcriu.dll
c:\documents and settings\Guy\Application Data\Microsoft\peaadje.dll
c:\documents and settings\Guy\Application Data\Microsoft\qwadjb.dll
c:\documents and settings\Guy\Application Data\Microsoft\rsaadjd.dll
c:\documents and settings\Guy\Application Data\PriceGong
c:\documents and settings\Guy\Application Data\PriceGong\Data\1.xml
c:\documents and settings\Guy\Application Data\PriceGong\Data\a.xml
c:\documents and settings\Guy\Application Data\PriceGong\Data\b.xml
c:\documents and settings\Guy\Application Data\PriceGong\Data\c.xml
c:\documents and settings\Guy\Application Data\PriceGong\Data\d.xml
c:\documents and settings\Guy\Application Data\PriceGong\Data\e.xml
c:\documents and settings\Guy\Application Data\PriceGong\Data\f.xml
c:\documents and settings\Guy\Application Data\PriceGong\Data\g.xml
c:\documents and settings\Guy\Application Data\PriceGong\Data\h.xml
c:\documents and settings\Guy\Application Data\PriceGong\Data\i.xml
c:\documents and settings\Guy\Application Data\PriceGong\Data\J.xml
c:\documents and settings\Guy\Application Data\PriceGong\Data\k.xml
c:\documents and settings\Guy\Application Data\PriceGong\Data\l.xml
c:\documents and settings\Guy\Application Data\PriceGong\Data\m.xml
c:\documents and settings\Guy\Application Data\PriceGong\Data\mru.xml
c:\documents and settings\Guy\Application Data\PriceGong\Data\n.xml
c:\documents and settings\Guy\Application Data\PriceGong\Data\o.xml
c:\documents and settings\Guy\Application Data\PriceGong\Data\p.xml
c:\documents and settings\Guy\Application Data\PriceGong\Data\q.xml
c:\documents and settings\Guy\Application Data\PriceGong\Data\r.xml
c:\documents and settings\Guy\Application Data\PriceGong\Data\s.xml
c:\documents and settings\Guy\Application Data\PriceGong\Data\t.xml
c:\documents and settings\Guy\Application Data\PriceGong\Data\u.xml
c:\documents and settings\Guy\Application Data\PriceGong\Data\v.xml
c:\documents and settings\Guy\Application Data\PriceGong\Data\w.xml
c:\documents and settings\Guy\Application Data\PriceGong\Data\x.xml
c:\documents and settings\Guy\Application Data\PriceGong\Data\y.xml
c:\documents and settings\Guy\Application Data\PriceGong\Data\z.xml
c:\documents and settings\Guy\WINDOWS
C:\Documents
c:\program files\Retrogamer_2zEI
c:\program files\Retrogamer_2zEI\Installr\2.bin\2zEIPlug.dll
c:\program files\Retrogamer_2zEI\Installr\2.bin\2zEZSETP.dll
c:\program files\Retrogamer_2zEI\Installr\2.bin\NP2zEISb.dll
c:\windows\$NtUninstallKB1659$
c:\windows\$NtUninstallKB1659$\3337076892\@
c:\windows\$NtUninstallKB1659$\3337076892\cfg.ini
c:\windows\$NtUninstallKB1659$\3337076892\Desktop.ini
c:\windows\$NtUninstallKB1659$\3337076892\L\boeetmjp
c:\windows\$NtUninstallKB1659$\713624712
c:\windows\dasetup.log
c:\windows\system32\avisynth.dll
c:\windows\system32\dds_trash_log.cmd
c:\windows\system32\devil.dll
c:\windows\system32\dllcache\dlimport.exe
c:\windows\system32\drivers\etc\hosts.ics
c:\windows\system32\PowerToyReadme.htm
.
.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
-------\Service_SPService
.
.
((((((((((((((((((((((((( Files Created from 2012-04-20 to 2012-05-20 )))))))))))))))))))))))))))))))
.
.
2012-05-19 16:33 . 2012-05-19 16:33 477240 ----a-w- c:\windows\system32\drivers\sptd.sys
2012-05-19 08:09 . 2008-04-13 18:39 5376 ----a-w- c:\windows\system32\MSPCLOCK.sys
2012-05-19 08:04 . 2001-11-05 14:23 299923 ----a-w- c:\windows\system32\drivers\sonyhcs.sys
2012-05-19 08:04 . 2001-11-05 14:23 38739 ----a-w- c:\windows\system32\drivers\sonyhcc.sys
2012-05-19 08:04 . 2001-11-05 14:23 6097 ----a-w- c:\windows\system32\drivers\sonyhcb.sys
2012-05-19 08:04 . 2001-07-04 01:39 3654 ----a-w- c:\windows\system32\drivers\Sonyhcp.dll
2012-05-19 08:04 . 2001-07-04 01:33 53248 ----a-w- c:\windows\system32\SONYHCY.DLL
2012-05-19 08:04 . 2012-05-19 08:04 -------- d-----w- C:\Drivers
2012-05-19 08:04 . 2002-10-16 03:41 102220 ----a-w- c:\windows\system32\drivers\sonypvs1.sys
2012-05-19 02:44 . 2012-05-19 02:44 -------- d-----w- C:\TDSSKiller_Quarantine
2012-05-17 16:21 . 2012-05-17 16:21 -------- d-----w- c:\documents and settings\Guy\Local Settings\Application Data\Wondershare
2012-05-17 16:21 . 2012-05-17 16:21 -------- d-----w- c:\program files\Common Files\Wondershare
2012-05-17 16:20 . 2012-05-17 16:20 -------- d-----w- c:\program files\Wondershare
2012-05-17 16:14 . 2012-05-17 16:14 -------- d-----w- c:\documents and settings\Guy\Application Data\DVDVideoSoftIEHelpers
2012-05-17 16:14 . 2012-04-18 18:49 405176 ----a-w- c:\windows\system32\Newtonsoft.Json.Net20.dll
2012-05-17 16:01 . 2012-03-22 18:43 2557952 ----a-w- c:\windows\system32\QtCore4.dll
2012-05-17 16:00 . 2012-05-17 16:12 -------- d-----w- c:\program files\DVDVideoSoft
2012-05-16 05:27 . 2012-05-16 05:51 -------- d-----w- C:\My Drivers
2012-05-16 05:27 . 2001-11-29 14:57 110592 ----a-w- c:\windows\system32\ccrpbds6.dll
2012-05-16 05:27 . 2012-05-16 05:51 -------- d-----w- c:\program files\DriverGuide Toolkit
2012-05-15 20:10 . 2012-05-15 20:10 -------- d-----w- c:\program files\iPod
2012-05-15 20:10 . 2012-05-15 20:13 -------- d-----w- c:\program files\iTunes
2012-05-15 16:37 . 2012-05-15 16:38 -------- d-----w- c:\program files\ERUNT
2012-05-15 09:41 . 2012-05-15 09:42 -------- d-----w- C:\ERDNT
2012-05-15 08:19 . 2008-04-13 18:40 57600 ----a-w- c:\windows\system32\drivers\redbook.sys
2012-05-15 07:34 . 2008-04-13 19:21 162816 ----a-w- c:\windows\system32\drivers\netbt.sys
2012-05-15 07:33 . 2008-04-13 19:19 75264 ----a-w- c:\windows\system32\drivers\ipsec.sys
2012-05-14 07:05 . 2012-03-06 23:03 337880 ----a-w- c:\windows\system32\drivers\aswSP.sys
2012-05-14 07:05 . 2012-03-06 23:01 20696 ----a-w- c:\windows\system32\drivers\aswFsBlk.sys
2012-05-14 07:04 . 2012-03-06 23:03 612184 ----a-w- c:\windows\system32\drivers\aswSnx.sys
2012-05-14 07:04 . 2012-03-06 23:02 35672 ----a-w- c:\windows\system32\drivers\aswRdr.sys
2012-05-14 07:04 . 2012-03-06 23:01 53848 ----a-w- c:\windows\system32\drivers\aswTdi.sys
2012-05-14 07:04 . 2012-03-06 23:01 95704 ----a-w- c:\windows\system32\drivers\aswmon2.sys
2012-05-14 07:04 . 2012-03-06 23:01 89048 ----a-w- c:\windows\system32\drivers\aswmon.sys
2012-05-14 07:04 . 2012-03-06 22:58 24920 ----a-w- c:\windows\system32\drivers\aavmker4.sys
2012-05-14 07:03 . 2012-03-06 23:15 41184 ----a-w- c:\windows\avastSS.scr
2012-05-14 07:03 . 2012-03-06 23:15 201352 ----a-w- c:\windows\system32\aswBoot.exe
2012-05-14 07:02 . 2012-05-14 07:02 -------- d-----w- c:\program files\AVAST Software
2012-05-14 07:02 . 2012-05-14 07:02 -------- d-----w- c:\documents and settings\All Users\Application Data\AVAST Software
2012-05-14 05:57 . 2012-05-16 15:56 -------- d-----w- c:\program files\Spybot - Search & Destroy
2012-05-14 05:57 . 2012-05-16 07:36 -------- d-----w- c:\documents and settings\All Users\Application Data\Spybot - Search & Destroy
2012-05-12 17:34 . 2011-08-17 13:49 138496 -c--a-w- c:\windows\system32\dllcache\afd.sys
2012-05-12 17:34 . 2011-08-17 13:49 138496 ----a-w- c:\windows\system32\drivers\afd.sys
2012-05-12 07:29 . 2008-04-14 00:12 16439 ----a-w- c:\windows\system32\dllcache\author.exe
2012-05-12 07:29 . 2008-04-14 00:11 20540 ----a-w- c:\windows\system32\dllcache\author.dll
2012-05-12 07:29 . 2008-04-14 00:12 16439 ----a-w- c:\windows\system32\dllcache\admin.exe
2012-05-12 07:29 . 2008-04-14 00:11 43520 ----a-w- c:\windows\system32\dllcache\admwprox.dll
2012-05-12 07:29 . 2008-04-14 00:11 290816 ----a-w- c:\windows\system32\dllcache\adsiis51.dll
2012-05-12 07:29 . 2008-04-14 00:11 20540 ----a-w- c:\windows\system32\dllcache\admin.dll
2012-05-12 07:21 . 2012-05-12 07:21 -------- d-----w- c:\documents and settings\NetworkService\Application Data\Apple Computer
2012-05-12 06:39 . 2001-08-17 19:55 96128 -c--a-w- c:\windows\system32\dllcache\ati.dll
2012-05-12 06:36 . 2001-08-23 11:00 49664 ----a-w- c:\windows\system32\dllcache\adrot.dll
2012-05-11 09:49 . 2012-05-11 09:49 -------- d-----w- c:\documents and settings\NetworkService\Local Settings\Application Data\Apple Computer
2012-05-06 14:52 . 2012-05-06 14:52 -------- d-----w- c:\documents and settings\Jason\Local Settings\Application Data\visi_coupon
2012-05-06 14:51 . 2012-05-06 14:51 -------- d-----w- c:\documents and settings\Jason\Application Data\Yahoo!
2012-04-28 20:16 . 2012-04-28 20:39 -------- d-----w- c:\documents and settings\All Users\Application Data\Yahoo! Companion
2012-04-27 04:51 . 2012-04-27 04:51 -------- d-----w- c:\program files\XviD
2012-04-27 04:50 . 2012-04-27 04:50 -------- d-----w- c:\program files\AviSynth 2.5
2012-04-27 04:48 . 2012-04-27 04:48 -------- d-----w- c:\program files\Gabest
2012-04-27 04:48 . 2012-04-27 04:51 -------- d-----w- c:\program files\AutoGK
2012-04-27 00:28 . 2012-04-27 00:28 -------- d-----w- c:\documents and settings\Guy\Application Data\dvdcss
2012-04-26 21:25 . 2012-04-26 21:25 -------- d-----w- c:\program files\Common Files\Skype
2012-04-22 16:23 . 2012-04-22 16:23 -------- d-----w- c:\program files\web-reg
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-05-15 17:12 . 2003-06-09 06:02 86016 ------w- c:\windows\system32\pxwma.dll
2012-05-15 17:12 . 2003-01-03 07:02 20016 ------w- c:\windows\system32\drivers\pxhelp20.sys
2012-05-09 03:14 . 2011-10-18 15:16 83392 ----a-w- c:\windows\system32\drivers\avgntflt.sys
2012-05-09 03:14 . 2011-10-18 15:16 137928 ----a-w- c:\windows\system32\drivers\avipbb.sys
2012-05-05 06:24 . 2012-04-11 01:16 419488 ----a-w- c:\windows\system32\FlashPlayerApp.exe
2012-05-05 06:24 . 2011-05-19 16:31 70304 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2012-04-11 13:14 . 2004-08-04 04:18 2148352 ----a-w- c:\windows\system32\ntoskrnl.exe
2012-04-11 13:12 . 2004-08-04 04:17 1862272 ----a-w- c:\windows\system32\win32k.sys
2012-04-11 12:35 . 2004-08-03 22:59 2026496 ----a-w- c:\windows\system32\ntkrnlpa.exe
2012-03-22 19:12 . 2012-03-22 19:12 4435968 ----a-w- c:\windows\system32\GPhotos.scr
2012-03-11 19:58 . 2012-03-11 19:58 49240 ----a-w- c:\windows\system32\drivers\stdriver32.sys
2012-03-02 01:48 . 2012-03-02 01:48 23456 ----a-w- c:\windows\system32\drivers\DrvAgent32.sys
2012-03-01 11:01 . 2004-08-04 05:56 1469440 ------w- c:\windows\system32\inetcpl.cpl
2012-03-01 11:01 . 2004-08-04 05:56 916992 ----a-w- c:\windows\system32\wininet.dll
2012-03-01 11:01 . 2004-08-04 05:56 43520 ----a-w- c:\windows\system32\licmgr10.dll
2012-02-29 14:10 . 2004-08-04 05:56 177664 ----a-w- c:\windows\system32\wintrust.dll
2012-02-29 14:10 . 2004-08-04 05:56 148480 ----a-w- c:\windows\system32\imagehlp.dll
2012-02-29 12:17 . 2004-08-04 03:59 385024 ----a-w- c:\windows\system32\html.iec
2006-11-20 14:01 . 2006-11-20 14:01 163840 ----a-w- c:\program files\Common Files\AMCap.exe
2012-03-13 05:35 . 2011-11-17 01:43 134104 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\00avast]
@="{472083B0-C522-11CF-8763-00608CC02F24}"
[HKEY_CLASSES_ROOT\CLSID\{472083B0-C522-11CF-8763-00608CC02F24}]
2012-03-06 23:15 123536 ----a-w- c:\program files\AVAST Software\Avast\ashShell.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Ptipbmf"="ptipbmf.dll" [2003-06-20 118784]
"BluetoothAuthenticationAgent"="bthprops.cpl" [2008-04-14 110592]
"ScreenPrint32"="c:\program files\ScreenPrint32 v3\ScreenPrint32.exe" [2003-05-16 446464]
"GrooveMonitor"="c:\program files\Microsoft Office\Office12\GrooveMonitor.exe" [2009-02-26 30040]
"snp2uvc"="c:\windows\vsnp2uvc.exe" [2009-06-22 662016]
"MacDrive 8 application"="c:\program files\Mediafour\MacDrive 8\MacDrive.exe" [2010-02-04 289368]
"Getting started with MacDrive 8"="c:\program files\Mediafour\MacDrive 8\MDGetStarted.exe" [2009-03-31 141312]
"avgnt"="c:\program files\Avira\AntiVir Desktop\avgnt.exe" [2012-05-09 348624]
"APSDaemon"="c:\program files\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2012-02-21 59240]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-01-03 843712]
"avast"="c:\program files\AVAST Software\Avast\avastUI.exe" [2012-03-06 4241512]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2012-03-27 421736]
"Wondershare Helper Compact.exe"="c:\program files\Common Files\Wondershare\Wondershare Helper Compact\WSHelper.exe" [2012-02-20 1679360]
.
c:\documents and settings\Guy\Start Menu\Programs\Startup\
ERUNT AutoBackup.lnk - c:\program files\ERUNT\AUTOBACK.EXE [2005-10-20 38912]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\ GbPluginBb]
2011-07-18 13:09 1685384 ----a-w- c:\program files\GbPlugin\gbieh.dll
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=
"c:\\Program Files\\uTorrent\\uTorrent.exe"=
.
R0 amdagp8p;AMD NB AGP Bus Filter;c:\windows\system32\drivers\amdagp8p.sys [9/15/2009 1:03 AM 27648]
R0 amdbusdr;amdbusdr;c:\windows\system32\drivers\AmdBusDr.sys [9/15/2009 1:03 AM 29696]
R0 AMDEIDE;AMD EIDE Driver;c:\windows\system32\drivers\AmdEide.sys [9/15/2009 1:03 AM 41216]
R0 BtHidBus;Bluetooth HID Bus Service;c:\windows\system32\drivers\BtHidBus.sys [4/6/2010 6:32 PM 20104]
R0 GbpKm;Gbp KernelMode;c:\windows\system32\drivers\gbpkm.sys [5/19/2011 11:24 AM 43600]
R0 MDFSYSNT;MacDrive file system driver;c:\windows\system32\drivers\MDFSYSNT.SYS [2/4/2010 10:52 AM 231016]
R0 MDPMGRNT;MacDrive partition driver;c:\windows\system32\drivers\MDPMGRNT.SYS [1/22/2010 11:20 AM 29792]
R0 PQV2i;PQV2i;c:\windows\system32\drivers\PQV2i.sys [7/29/2004 3:33 AM 138780]
R0 sptd;sptd;\SystemRoot\\SystemRoot\System32\Drivers\sptd.sys --> \SystemRoot\\SystemRoot\System32\Drivers\sptd.sys [?]
R1 aswSnx;aswSnx;c:\windows\system32\drivers\aswSnx.sys [5/14/2012 2:04 AM 612184]
R1 aswSP;aswSP;c:\windows\system32\drivers\aswSP.sys [5/14/2012 2:05 AM 337880]
R1 avkmgr;avkmgr;c:\windows\system32\drivers\avkmgr.sys [10/18/2011 10:16 AM 36000]
R1 CBDisk;CBDisk;c:\windows\system32\drivers\CBDisk.sys [9/29/2011 10:59 AM 57800]
R1 PQIMount;PQIMount;c:\windows\system32\drivers\PQIMount.sys [7/29/2004 4:13 AM 46779]
R2 AntiVirSchedulerService;Avira Scheduler;c:\program files\Avira\AntiVir Desktop\sched.exe [10/18/2011 10:16 AM 86224]
R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [5/14/2012 2:05 AM 20696]
R2 GbpSv;Gbp Service;c:\progra~1\GbPlugin\GbpSv.exe [5/19/2011 11:24 AM 208264]
R2 MacDrive8Service;MacDrive 8 service;c:\program files\Mediafour\MacDrive 8\MacDrive8Service.exe [1/7/2010 10:22 AM 192512]
R2 SgtSch2Svc;Seagate Scheduler2 Service;c:\program files\Common Files\Seagate\Schedule2\schedul2.exe [10/16/2009 6:39 PM 431456]
R3 appliandMP;appliandMP;c:\windows\system32\drivers\appliand.sys [6/24/2010 1:46 PM 28256]
R3 OmniTV;Cx2388x AvStream Video Capture;c:\windows\system32\drivers\OmniTV.sys [6/14/2010 4:49 PM 401280]
R3 stdriver;Sound Tap Upper Class Filter Driver v2.0.0.0;c:\windows\system32\drivers\stdriver32.sys [3/11/2012 2:58 PM 49240]
S2 gupdate;Google Update Service (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [1/28/2011 2:47 PM 136176]
S2 SkypeUpdate;Skype Updater;c:\program files\Skype\Updater\Updater.exe [2/29/2012 8:50 AM 158856]
S3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [4/10/2012 8:16 PM 257696]
S3 AMDAC97;AMD AC'97 Audio Driver (WDM);c:\windows\system32\drivers\AMDAC97.sys [9/15/2009 12:50 AM 38784]
S3 appliand;Applian Network Service;c:\windows\system32\drivers\appliand.sys [6/24/2010 1:46 PM 28256]
S3 BENDER;Pinnacle DV/AV Capture;c:\windows\system32\drivers\bender.sys [4/22/2010 9:39 PM 203264]
S3 brfilt;Brother MFC Filter Driver;c:\windows\system32\drivers\BrFilt.sys [6/26/2011 1:17 PM 2944]
S3 BrSerWDM;Brother Serial driver;c:\windows\system32\drivers\BrSerWdm.sys [6/26/2011 1:17 PM 60416]
S3 BrUsbMdm;Brother MFC USB Fax Only Modem;c:\windows\system32\drivers\BrUsbMdm.sys [6/26/2011 1:17 PM 11008]
S3 BrUsbScn;Brother MFC USB Scanner driver;c:\windows\system32\drivers\BrUsbScn.sys [6/26/2011 1:17 PM 10368]
S3 BTCOMBUS;Bluetooth Serial Port Bus Service;c:\windows\system32\Drivers\btcombus.sys --> c:\windows\system32\Drivers\btcombus.sys [?]
S3 btnetBUs;Bluetooth PAN Bus Service;c:\windows\system32\drivers\btnetBus.sys [4/6/2010 6:33 PM 25864]
S3 CXFALCON;Conexant Falcon Video Capture;c:\windows\system32\drivers\cxfalcon.sys [6/3/2010 11:07 AM 105600]
S3 DrvAgent32;DrvAgent32;c:\windows\system32\drivers\DrvAgent32.sys [3/1/2012 8:48 PM 23456]
S3 gupdatem;Google Update Service (gupdatem);c:\program files\Google\Update\GoogleUpdate.exe [1/28/2011 2:47 PM 136176]
S3 IvtBtBUs;IVT Bluetooth Bus Service;c:\windows\system32\drivers\IvtBtBus.sys [4/6/2010 6:32 PM 23048]
S3 osppsvc;Office Software Protection Platform;c:\program files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [1/9/2010 9:37 PM 4640000]
S3 PAC207;PC Camera;c:\windows\system32\drivers\PFC027.SYS [10/25/2007 6:31 PM 616064]
S3 pcouffin;VSO Software pcouffin;c:\windows\system32\drivers\pcouffin.sys [11/18/2010 1:09 AM 47360]
S3 pneteth;PdaNet Broadband;c:\windows\system32\drivers\pneteth.sys [9/14/2010 1:18 PM 13440]
S3 pnetmdm;PdaNet Modem;c:\windows\system32\drivers\pnetmdm.sys [11/10/2010 10:39 AM 9472]
S3 pwdrvio;pwdrvio;c:\windows\system32\pwdrvio.sys [6/2/2010 11:09 AM 16472]
S3 pwdspio;pwdspio;c:\windows\system32\pwdspio.sys [6/2/2010 11:09 AM 11104]
S3 RT80x86;Ralink 802.11n Wireless Driver;c:\windows\system32\drivers\rt2860.sys [4/19/2010 12:58 PM 1015424]
S3 ssadbus;SAMSUNG Android USB Composite Device driver (WDM);c:\windows\system32\drivers\ssadbus.sys [9/14/2010 1:18 PM 121192]
S3 TridVid;Trident Analog Video;c:\windows\system32\drivers\TridVid.sys [6/13/2010 11:35 PM 201216]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
getPlusHelper REG_MULTI_SZ getPlusHelper
HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12
HPService REG_MULTI_SZ HPSLPSVC
.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
diskperf
.
Contents of the 'Scheduled Tasks' folder
.
2012-05-20 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2012-04-11 06:24]
.
2012-05-17 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2009-10-22 16:50]
.
2012-05-06 c:\windows\Tasks\expressShakeIcon.job
- c:\program files\NCH Software\Express\express.exe [2012-03-11 20:26]
.
2012-05-20 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2011-01-28 19:47]
.
2012-05-20 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2011-01-28 19:47]
.
2012-03-21 c:\windows\Tasks\soundtapShakeIcon.job
- c:\program files\NCH Swift Sound\SoundTap\soundtap.exe [2012-03-11 19:58]
.
2012-03-18 c:\windows\Tasks\WavePadReminder.job
- c:\program files\NCH Software\WavePad\wavepad.exe [2012-03-11 20:14]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://home.suddenlink.net/
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
IE: Free YouTube Download - c:\documents and settings\Guy\Application Data\DVDVideoSoftIEHelpers\freeytvdownloader.htm
IE: Free YouTube to MP3 Converter - c:\documents and settings\Guy\Application Data\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm
Trusted Zone: bancobrasil.com.br\www
Trusted Zone: bancobrasil.com.br\www14
Trusted Zone: bancobrasil.com.br\www2
Trusted Zone: bb.com.br\www
TCP: DhcpNameServer = 208.180.42.100 208.180.42.68
DPF: Garmin Communicator Plug-In - hxxps://static.garmincdn.com/gcp/ie/2.9.2.0/GarminAxControl.CAB
FF - ProfilePath - c:\documents and settings\Guy\Application Data\Mozilla\Firefox\Profiles\qgj1br4f.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.hulu.com/
FF - user.js: yahoo.ytff.general.dontshowhpoffer - true
.
- - - - ORPHANS REMOVED - - - -
.
WebBrowser-{D4027C7F-154A-4066-A1AD-4243D8127440} - (no file)
ShellIconOverlayIdentifiers-MacDrive volume icons - (no file)
Notify-profsem - c:\documents and settings\NetworkService\Local Settings\Application Data\profsem.dll
SafeBoot-44592271.sys
AddRemove-DAEMON Tools Toolbar - c:\program files\DAEMON Tools Toolbar\uninst.exe
AddRemove-Uninstall_is1 - c:\program files\Common Files\DVDVideoSoft\unins000.exe
AddRemove-{F38ADCA4-AF7C-4C73-9021-6F1EA15D15EA} - c:\program files\InstallShield Installation Information\{F38ADCA4-AF7C-4C73-9021-6F1EA15D15EA}\Setup.exeUNINSTALL
.
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2012-05-19 22:20
Windows 5.1.2600 Service Pack 3 NTFS
.
scanning hidden processes ...
.
scanning hidden autostart entries ...
.
scanning hidden files ...
.
scan completed successfully
hidden files: 0
.
**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------
.
- - - - - - - > 'winlogon.exe'(1272)
c:\program files\GbPlugin\gbieh.dll
c:\windows\system32\Ati2evxx.dll
.
- - - - - - - > 'lsass.exe'(1328)
c:\windows\system32\relog_ap.dll
.
- - - - - - - > 'explorer.exe'(2228)
c:\windows\system32\WININET.dll
c:\windows\WinSxS\x86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0.50727.6195_x-ww_44262b86\MSVCR80.dll
c:\program files\Mediafour\MacDrive 8\MDVolumeIcons.dll
c:\program files\Mediafour\MacDrive 8\MACDRAPI.DLL
c:\windows\system32\ieframe.dll
c:\program files\GbPlugin\gbieh.dll
c:\windows\system32\webcheck.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\hnetcfg.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
------------------------ Other Running Processes ------------------------
.
c:\windows\system32\Ati2evxx.exe
c:\program files\AVAST Software\Avast\AvastSvc.exe
c:\program files\Avira\AntiVir Desktop\avguard.exe
c:\program files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
c:\program files\IVT Corporation\BlueSoleil\BTNtService.exe
c:\program files\Bonjour\mDNSResponder.exe
c:\windows\System32\GEARSec.exe
c:\program files\Java\jre6\bin\jqs.exe
c:\program files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
c:\program files\Symantec\Norton Ghost\Agent\PQV2iSvc.exe
c:\program files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
c:\program files\Yahoo!\SoftwareUpdate\YahooAUService.exe
c:\program files\Avira\AntiVir Desktop\avshadow.exe
c:\program files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
c:\windows\system32\Ati2evxx.exe
c:\windows\system32\rundll32.exe
c:\program files\iPod\bin\iPodService.exe
.
**************************************************************************
.
Completion time: 2012-05-19 22:29:07 - machine was rebooted
ComboFix-quarantined-files.txt 2012-05-20 03:28
.
Pre-Run: 14,460,379,136 bytes free
Post-Run: 17,070,194,688 bytes free
.
WindowsXP-KB310994-SP2-Pro-BootDisk-ENU.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
UnsupportedDebug="do not select this" /debug
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Professional" /noexecute=optin /fastdetect
.
- - End Of File - - C1A7C978C65E741A25EF020FBC4BB8FD




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users