Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Spooldr.sys?


  • This topic is locked This topic is locked
29 replies to this topic

#1 Daddymoen

Daddymoen

  • Members
  • 16 posts
  • OFFLINE
  •  
  • Local time:04:39 PM

Posted 11 January 2013 - 01:14 PM

Brand new to BleepingComputer Site. Running Windows XP Home, SP3 on older desktop (attached attach.zip)

Trouble first noticed when I tried to answer a Skype video call and crashed with a BSOD. That continues to be a problem. Next I couldn't run some applications and discovered that my File Associations had been changed,the .EXE association to applications had been removed from the list. Google search led me a site that had downloads to fix that, imported the correction file to my Registry which added .EXE back to the File Association list. Did the same for the LNK File association. I could then run virus scan applications (Avast, Avast Rootkit scan, Malwarebytes (full scan), Spybot) Nothing found.

After another Skype induced BSOD the Microsoft error report response said my computer was infected with spooldr.sys and more Google searches led to trying to find that file or spooldr.exe. The Right Click - Sart - Search feature of my XP gives no response, Search won't run from there. Used Task Manager to run Search of All Drives and All Files and Folders several times and neither of those files were found.

Getting more desperate, next I ran the Windows XP Home Repair using my original CD. I thought this might replace damaged or infected files and eliminate the problem. After all that the problems are still there. Initiating or receiving Skype calls still gives the BSOD, Search still does not run if I try to start it from the Right Click - Start - Search.

I am concerned that my machine may be being mined for (probably already has) for private information and perhaps attempting to infect other people's computers through stolen email addresses from my contacts lists.

I have a backup that was done the day before the infection was noticed (Paragon) that is stored on a separate hard drive in my computer. As a last resort I have considered restoring that backup but resist out of concern that it too may be infected. I am considering purchase of a new hard drive to replace the infected one and doing the restore of the backup to the new drive.

This old computer has tons of software I've used for years and much of the older stuff is probably irreplaceable. I really need to fix this problem with as little software loss as possible.

I look forward to assistance in resolving this issue.

Thank for help you folks offer,

Daddymoen

Here's the DDS Log:

DDS (Ver_2012-11-20.01) - NTFS_x86
Internet Explorer: 8.0.6001.18702 BrowserJavaVersion: 10.9.2
Run by Bruce Moen at 12:15:02 on 2013-01-11
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.3006.1958 [GMT -5:00]
.
AV: avast! Antivirus *Enabled/Updated* {7591DB91-41F0-48A3-B128-1A293FD8233D}
.
============== Running Processes ================
.
C:\WINDOWS\system32\nvsvc32.exe
C:\Program Files\Sandboxie\SbieSvc.exe
C:\Program Files\AVAST Software\Avast\AvastSvc.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\CTsvcCDA.exe
C:\WINDOWS\system32\crypserv.exe
C:\Program Files\Common Files\Nuance\dgnsvc.exe
C:\WINDOWS\system32\lkcitdl.exe
C:\WINDOWS\system32\lkads.exe
C:\WINDOWS\system32\lktsrv.exe
C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe
C:\Program Files\Maxtor\Sync\SyncServices.exe
C:\Program Files\Malwarebytes' Anti-Malware\mbamscheduler.exe
C:\Program Files\National Instruments\MAX\nimxs.exe
C:\WINDOWS\system32\nipalsm.exe
C:\Program Files\National Instruments\Shared\Security\nidmsrv.exe
C:\WINDOWS\system32\nisvcloc.exe
C:\Program Files\National Instruments\Shared\Tagger\tagsrv.exe
c:\Program Files\Common Files\Protexis\License Service\PsiService_2.exe
C:\PROGRA~1\Dantz\RETROS~1\retrorun.exe
C:\Program Files\CyberLink\Shared Files\RichVideo.exe
C:\Program Files\Common Files\Seagate\Schedule2\schedul2.exe
C:\Program Files\Viewpoint\Common\ViewpointService.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
C:\WINDOWS\system32\LVCOMSX.EXE
C:\WINDOWS\system32\nipalsm.exe
C:\WINDOWS\RTHDCPL.EXE
C:\Program Files\AVAST Software\Avast\avastUI.exe
C:\Program Files\Hp\HP Software Update\HPWuSchd2.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\Program Files\Windows Media Player\WMPNSCFG.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
C:\WINDOWS\System32\alg.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Mozilla Firefox\plugin-container.exe
C:\Program Files\Mozilla Firefox\plugin-container.exe
C:\Program Files\Google\Update\GoogleUpdate.exe
C:\Documents and Settings\Bruce Moen\Local Settings\Application Data\Google\Update\GoogleUpdate.exe
C:\WINDOWS\system32\wbem\wmiprvse.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
C:\WINDOWS\System32\svchost.exe -k NetworkService
C:\WINDOWS\System32\svchost.exe -k LocalService
C:\WINDOWS\System32\svchost.exe -k LocalService
C:\WINDOWS\System32\svchost.exe -k HTTPFilter
C:\WINDOWS\System32\svchost.exe -k imgsvc
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://www.google.com/
uSearch Bar = hxxp://www.google.com/ie
uSearch Page = hxxp://www.google.com
uSearchMigratedDefaultURL = hxxp://search.yahoo.com/search?p={searchTerms}&ei=utf-8&fr=b1ie7
uProxyServer = sas.r4.attbi.com:8000
uProxyOverride = *.r4.attbi.com;<local>
uSearchURL,(Default) = hxxp://www.google.com/keyword/%s
BHO: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: Spybot-S&D IE Protection: {53707962-6F74-2D53-2644-206D7942484F} - c:\program files\spybot - search & destroy\SDHelper.dll
BHO: Java™ Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - c:\program files\java\jre7\bin\ssv.dll
BHO: avast! WebRep: {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - c:\program files\avast software\avast\aswWebRepIE.dll
BHO: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll
BHO: Java™ Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - c:\program files\java\jre7\bin\jp2ssv.dll
BHO: OToolbarHelper Class: {EAD3A971-6A23-4246-8691-C9244E858967} - c:\program files\paypal\paypal plug-in\PayPalHelper.dll
TB: Ask Toolbar: {D4027C7F-154A-4066-A1AD-4243D8127440} - c:\program files\ask.com\GenericAskToolbar.dll
TB: Easy-WebPrint: {327C2873-E90D-4c37-AA9D-10AC9BABA46C} - c:\program files\canon\easy-webprint\Toolband.dll
TB: PayPal Plug-In: {DC0F2F93-27FA-4f84-ACAA-9416F90B9511} - c:\program files\paypal\paypal plug-in\OToolbar.dll
TB: avast! WebRep: {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - c:\program files\avast software\avast\aswWebRepIE.dll
EB: {32683183-48a0-441b-a342-7c2a440a9478} - <orphaned>
uRun: [WMPNSCFG] c:\program files\windows media player\WMPNSCFG.exe
uRun: [Skype] "c:\program files\skype\phone\Skype.exe" /minimized /regrun
mRun: [LVCOMSX] c:\windows\system32\LVCOMSX.EXE
mRun: [RTHDCPL] RTHDCPL.EXE
mRun: [KernelFaultCheck] c:\windows\system32\dumprep 0 -k
mRun: [avast] "c:\program files\avast software\avast\avastUI.exe" /nogui
mRun: [HP Software Update] c:\program files\hp\hp software update\HPWuSchd2.exe
mRun: [DNS7reminder] "c:\program files\nuance\naturallyspeaking12\ereg\ereg.exe" -r "c:\documents and settings\all users\application data\nuance\naturallyspeaking12\Ereg.ini"
mRun: [NvMediaCenter] RUNDLL32.EXE c:\windows\system32\NvMcTray.dll,NvTaskbarInit
mRun: [NvCplDaemon] RUNDLL32.EXE c:\windows\system32\NvCpl.dll,NvStartup
mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe"
mRun: [IMJPMIG8.1] "c:\windows\ime\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
mRun: [IMEKRMIG6.1] c:\windows\ime\imkr6_1\IMEKRMIG.EXE
mRun: [PHIME2002ASync] c:\windows\system32\ime\tintlgnt\TINTSETP.EXE /SYNC
mRun: [PHIME2002A] c:\windows\system32\ime\tintlgnt\TINTSETP.EXE /IMEName
mRun: [MSPY2002] c:\windows\system32\ime\pintlgnt\ImScInst.exe /SYNC
uPolicies-System: qsmwzhwnjpttddgsewaeTaskMgr = dword:0
mPolicies-System: EnableLUA = dword:0
mPolicies-Windows\System: Allow-LogonScript-NetbiosDisabled = dword:1
mPolicies-Explorer: NoDriveTypeAutoRun = dword:145
IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - c:\program files\windows live\writer\WriterBrowserExtension.dll
IE: {22CC3EBD-C286-43aa-B8E6-06B115F74162} - c:\program files\hewlett-packard\smartprint\smartprintsetup.exe
IE: {AA6419A7-4B01-46E8-98AD-AB811359C33E} - c:\program files\bytescout movies extractor scout\flashextract_ie.html
IE: {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - {53707962-6F74-2D53-2644-206D7942484F} - c:\program files\spybot - search & destroy\SDHelper.dll
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
.
INFO: HKCU has more than 50 listed domains.
If you wish to scan all of them, select the 'Force scan all domains' option.
.
.
INFO: HKLM has more than 50 listed domains.
If you wish to scan all of them, select the 'Force scan all domains' option.
.
DPF: Microsoft XML Parser for Java - file:///C:/WINDOWS/Java/classes/xmldso.cab
DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} - hxxp://appldnld.apple.com.edgesuite.net/content.info.apple.com/QuickTime/qtactivex/qtplugin.cab
DPF: {0742B9EF-8C83-41CA-BFBA-830A59E23533} - hxxps://support.microsoft.com/OAS/ActiveX/MSDcode.cab
DPF: {0E8D0700-75DF-11D3-8B4A-0008C7450C4A} - hxxp://downloadcenter.samsung.com/content/common/cab/DjVuControlLite_EN.cab
DPF: {17492023-C23A-453E-A040-C7C580BBF700} - hxxp://download.microsoft.com/download/3/9/8/398422c0-8d3e-40e1-a617-af65a72a0465/LegitCheckControl.cab
DPF: {406B5949-7190-4245-91A9-30A17DE16AD0} - hxxp://www1.snapfish.com/SnapfishActivia.cab
DPF: {54823A9D-6BAE-11D5-B519-0050BA2413EB} - hxxp://www.cyberlink.com/winxp/CheckDVD.cab
DPF: {5ED80217-570B-4DA9-BF44-BE107C0EC166} - hxxp://cdn.scan.onecare.live.com/resource/download/scanner/wlscbase6662.cab
DPF: {5F0C30E4-1E72-4DCC-85E5-57810F1CA97B} - hxxp://www.amiuptodate.com/vsc/bin/1,0,0,7/McUpdatePortal.cab
DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} - hxxp://v5.windowsupdate.microsoft.com/v5consumer/V5Controls/en/x86/client/wuweb_site.cab?1093618483609
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_09-windows-i586.cab
DPF: {CAFEEFAC-0017-0000-0009-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_09-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_09-windows-i586.cab
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload.macromedia.com/get/flashplayer/current/swflash.cab
DPF: {DF780F87-FF2B-4DF8-92D0-73DB16A1543A} - hxxp://www.popcap.com/webgames/popcaploader_v10.cab
TCP: NameServer = 216.181.31.11 216.181.30.11 65.32.5.111
TCP: Interfaces\{4BC42FD9-7DBC-474F-95D5-3F7ACBB9F35B} : DHCPNameServer = 216.181.31.11 216.181.30.11 65.32.5.111
TCP: Interfaces\{AB5F1DBB-D865-4E6F-A6DF-FA06490F0A60} : DHCPNameServer = 192.168.0.1
TCP: Interfaces\{BE72B7F1-9B0E-4278-BC0A-8113151D3E18} : NameServer = 65.32.5.111,65.32.5.112
Handler: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - c:\program files\logitech\desktop messenger\8876480\program\GAPlugProtocol-8876480.dll
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - c:\program files\common files\skype\Skype4COM.dll
Notify: LBTWlgn - c:\program files\common files\logishrd\bluetooth\LBTWlgn.dll
SSODL: CDBurn - <orphaned>
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll
Hosts: 127.0.0.1 www.spywareinfo.com
.
============= SERVICES / DRIVERS ===============
.
R0 hotcore3;hc3ServiceName;c:\windows\system32\drivers\hotcore3.sys [2010-8-11 40560]
R0 Lbd;Lbd;c:\windows\system32\drivers\Lbd.sys [2009-1-21 64160]
R0 nipbcfk;National Instruments Class Upper Filter Driver;c:\windows\system32\drivers\nipbcfk.sys [2007-7-10 15448]
R1 aswSnx;aswSnx;c:\windows\system32\drivers\aswSnx.sys [2012-1-26 738504]
R1 aswSP;aswSP;c:\windows\system32\drivers\aswSP.sys [2012-1-26 361032]
R1 hwinterface;hwinterface;c:\windows\system32\drivers\hwinterface.sys [2007-6-10 3026]
R1 hwinterface32B01;hwinterface32B01;c:\windows\system32\drivers\hwinterface32B01.sys [2009-11-2 4930]
R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [2012-1-26 21256]
R2 avast! Antivirus;avast! Antivirus;c:\program files\avast software\avast\AvastSvc.exe [2012-1-26 44808]
R2 DragonSvc;Dragon Service;c:\program files\common files\nuance\dgnsvc.exe [2012-7-18 310232]
R2 fssfltr;FssFltr;c:\windows\system32\drivers\fssfltr_tdi.sys [2009-11-17 54752]
R2 gupdate1c98e3fdec49ea2;Google Update Service (gupdate1c98e3fdec49ea2);c:\program files\google\update\GoogleUpdate.exe [2009-2-13 133104]
R2 LBeepKE;Logitech Beep Suppression Driver;c:\windows\system32\drivers\LBeepKE.sys [2010-9-21 10448]
R2 MBAMScheduler;MBAMScheduler;c:\program files\malwarebytes' anti-malware\mbamscheduler.exe [2012-11-27 398184]
R2 nidevldu;NI Device Loader;c:\windows\system32\nipalsm.exe [2007-2-16 12696]
R2 nipxirmk;nipxirmk;c:\windows\system32\drivers\nipxirmkl.sys [2007-9-18 11552]
R2 NiViPxiK;NI-VISA PXI Driver;c:\windows\system32\drivers\NiViPxiKl.sys [2007-7-19 11360]
R2 SgtSch2Svc;Seagate Scheduler2 Service;c:\program files\common files\seagate\schedule2\schedul2.exe [2009-10-16 431456]
R2 uacFlt;Plantronics USB Audio Adapter EQ Filter Driver;c:\windows\system32\drivers\uacflt.sys [2006-2-16 21276]
R2 Viewpoint Manager Service;Viewpoint Manager Service;c:\program files\viewpoint\common\ViewpointService.exe [2008-11-25 24652]
R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2010-3-10 21104]
R3 nidimk;nidimk;c:\windows\system32\drivers\nidimkl.sys [2007-12-14 11360]
R3 niesrk;niesrk;c:\windows\system32\drivers\niesrkl.sys [2008-2-22 11336]
R3 nimru2k;nimru2k;c:\windows\system32\drivers\nimru2kl.sys [2007-12-14 11360]
R3 nimstsk;nimstsk;c:\windows\system32\drivers\nimstskl.sys [2007-12-18 11360]
R3 SbieDrv;SbieDrv;c:\program files\sandboxie\SbieDrv.sys [2011-11-23 131856]
S0 viasraid;viasraid;c:\windows\system32\drivers\viasraid.sys [2004-8-18 76416]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\microsoft.net\framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 MBAMService;MBAMService;c:\program files\malwarebytes' anti-malware\mbamservice.exe [2010-3-10 682344]
S2 SkypeUpdate;Skype Updater;c:\program files\skype\updater\Updater.exe [2013-1-8 161536]
S3 Ambfilt;Ambfilt;c:\windows\system32\drivers\Ambfilt.sys [2010-9-13 1691480]
S3 ampa;ampa;c:\windows\system32\ampa.sys [2010-12-2 10936]
S3 fsssvc;Windows Live Family Safety Service;c:\program files\windows live\family safety\fsssvc.exe [2009-8-5 704864]
S3 lvalarmk;lvalarmk;c:\windows\system32\drivers\lvalarmk.sys [2007-12-20 20056]
S3 MatSvc;Microsoft Automated Troubleshooting Service;c:\program files\microsoft fix it center\Matsvc.exe [2011-6-13 267568]
S3 ni1006k;NI PXI-1006 Chassis Pilot;c:\windows\system32\drivers\ni1006k.sys [2007-10-8 25888]
S3 ni1045k;NI PXI-1045 Chassis Pilot;c:\windows\system32\drivers\ni1045kl.sys [2007-10-8 11552]
S3 ni1065k;NI PXIe-1065 Chassis Pilot;c:\windows\system32\drivers\ni1065k.sys [2007-10-8 22360]
S3 nicdrk;nicdrk;c:\windows\system32\drivers\nicdrkl.sys [2007-12-26 11352]
S3 nicsrk;nicsrk;c:\windows\system32\drivers\nicsrkl.sys [2008-2-22 11336]
S3 nidmxfk;nidmxfk;c:\windows\system32\drivers\nidmxfkl.sys [2007-12-18 11336]
S3 nidsark;nidsark;c:\windows\system32\drivers\nidsarkl.sys [2008-2-15 11344]
S3 niemrk;niemrk;c:\windows\system32\drivers\niemrkl.sys [2008-2-22 11336]
S3 nifslk;nifslk;c:\windows\system32\drivers\nifslkl.sys [2007-12-26 11352]
S3 nimsdrk;nimsdrk;c:\windows\system32\drivers\nimsdrkl.sys [2008-1-11 11392]
S3 nimslk;nimslk;c:\windows\system32\drivers\nimslk.dll [2007-4-4 14464]
S3 nimsrlk;nimsrlk;c:\windows\system32\drivers\nimsrlk.dll [2007-4-4 151683]
S3 nimxpk;nimxpk;c:\windows\system32\drivers\nimxpkl.sys [2007-12-18 11368]
S3 ninshsdk;ninshsdk;c:\windows\system32\drivers\ninshsdkl.sys [2007-12-27 11360]
S3 nipalfwedl;nipalfwedl;c:\windows\system32\drivers\nipalfwedl.sys [2007-12-12 11904]
S3 nipalusbedl;nipalusbedl;c:\windows\system32\drivers\nipalusbedl.sys [2007-12-12 11896]
S3 nipxigpk;NI PXI Generic Chassis Pilot;c:\windows\system32\drivers\nipxigpk.sys [2007-11-26 20768]
S3 niscdk;niscdk;c:\windows\system32\drivers\niscdkl.sys [2008-1-7 11376]
S3 nisdigk;nisdigk;c:\windows\system32\drivers\nisdigkl.sys [2008-1-7 11352]
S3 nisftk;nisftk;c:\windows\system32\drivers\nisftkl.sys [2007-12-20 11344]
S3 nispdk;nispdk;c:\windows\system32\drivers\nispdkl.sys [2008-1-7 11376]
S3 nissrk;nissrk;c:\windows\system32\drivers\nissrkl.sys [2008-2-22 11336]
S3 nistc2k;nistc2k;c:\windows\system32\drivers\nistc2kl.sys [2008-1-7 11312]
S3 nistcrk;nistcrk;c:\windows\system32\drivers\nistcrkl.sys [2008-2-14 11360]
S3 niswdk;niswdk;c:\windows\system32\drivers\niswdkl.sys [2008-1-2 11336]
S3 nitiork;nitiork;c:\windows\system32\drivers\nitiorkl.sys [2008-2-19 11360]
S3 niufurk;niufurk;c:\windows\system32\drivers\niufurkl.sys [2008-2-22 11368]
S3 NiViFWK;NI-VISA FireWire Driver;c:\windows\system32\drivers\NiViFWKl.sys [2007-7-19 11384]
S3 NiViPciK;NI-VISA PCI Driver;c:\windows\system32\drivers\NiViPciKl.sys [2007-7-19 11360]
S3 niwfrk;niwfrk;c:\windows\system32\drivers\niwfrkl.sys [2008-2-22 11336]
S3 nixsrk;nixsrk;c:\windows\system32\drivers\nixsrkl.sys [2008-2-22 11336]
S3 NPF;NetGroup Packet Filter Driver;c:\windows\system32\drivers\npf.sys [2008-5-21 34576]
S3 PsSdk41;PsSdk41;c:\windows\system32\drivers\pssdk41.sys [2010-10-13 36928]
S3 Samsung UPD Service;Samsung UPD Service;c:\windows\system32\SUPDSvc.exe [2010-9-13 132464]
S3 StkMini;VideoAdvantage USB;c:\windows\system32\drivers\StkMini.sys [2005-3-25 600617]
S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\microsoft.net\framework\v4.0.30319\wpf\WPFFontCache_v0400.exe [2010-3-18 753504]
.
=============== File Associations ===============
.
ShellExec: Photoshop.exe: open=c:\program files\adobe\photoshop 7.0\Photoshop.exe
.
=============== Created Last 30 ================
.
.
==================== Find3M ====================
.
2013-01-08 23:26:07 74248 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2013-01-08 23:26:07 697864 ----a-w- c:\windows\system32\FlashPlayerApp.exe
2012-12-16 12:23:59 290560 ----a-w- c:\windows\system32\atmfd.dll
2012-12-14 21:49:28 21104 ----a-w- c:\windows\system32\drivers\mbam.sys
2012-11-13 01:25:12 1866368 ----a-w- c:\windows\system32\win32k.sys
2012-11-06 02:01:39 1371648 ----a-w- c:\windows\system32\msxml6.dll
2012-11-02 02:02:42 375296 ----a-w- c:\windows\system32\dpnet.dll
2012-11-01 12:17:54 916992 ----a-w- c:\windows\system32\wininet.dll
2012-11-01 12:17:54 43520 ------w- c:\windows\system32\licmgr10.dll
2012-11-01 12:17:54 1469440 ------w- c:\windows\system32\inetcpl.cpl
2012-11-01 00:35:34 385024 ------w- c:\windows\system32\html.iec
2012-10-30 23:51:58 738504 ----a-w- c:\windows\system32\drivers\aswSnx.sys
2012-10-30 23:51:07 41224 ----a-w- c:\windows\avastSS.scr
2004-12-21 16:33:56 446464 ----a-w- c:\program files\Voicer.exe
.
============= FINISH: 12:16:15.42 ===============

Attached Files


Edited by Daddymoen, 11 January 2013 - 01:19 PM.


BC AdBot (Login to Remove)

 


#2 nasdaq

nasdaq

  • Malware Response Team
  • 40,476 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:04:39 PM

Posted 13 January 2013 - 10:55 AM

Hello, Welcome to BleepingComputer.
I'm nasdaq and will be helping you.

If you can please print this topic it will make it easier for you to follow the instructions and complete all of the necessary steps.
===

Please download ComboFix from one of these locations:

Link 1
Link 2

* IMPORTANT !!! Save ComboFix.exe to your Desktop

  • Disable your Anti-Virus and Anti-Spyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools
  • Close any open browsers, and all other programs working. Make sure you save your file if working on a document.
  • Do not install any other programs until this if fixed.[/b]
  • Double click on ComboFix.exe & follow the prompts.
  • As part of it's process, ComboFix will check to see if the Microsoft Windows Recovery Console is installed. With malware infections being as they are today, it's strongly recommended to have this pre-installed on your machine before doing any malware removal. It will allow you to boot up into a special recovery/repair mode that will allow us to more easily help you should your computer have a problem after an attempted removal of malware.
  • Follow the prompts to allow ComboFix to download and install the Microsoft Windows Recovery Console, and when prompted, agree to the End-User License Agreement to install the Microsoft Windows Recovery Console.
  • Some Rookit infection may damage your boot sector. The Windows Recovery Console may be needed to restore it. Do not bypass this installation. You may regret it.

**Please note: If the Microsoft Windows Recovery Console is already installed, ComboFix will continue it's malware removal procedures.

Posted Image


Once the Microsoft Windows Recovery Console is installed using ComboFix, you should see the following message:

Posted Image

Click on Yes, to continue scanning for malware.

When finished, it shall produce a log for you. Please include the C:\ComboFix.txt in your next reply.

Note: If you have difficulty properly disabling your protection programs, refer to this link --> http://www.bleepingcomputer.com/forums/topic114351.html

Do not mouse click ComboFix's window while it's running. That may cause it to stall

Note: If after running ComboFix you get this error message "Illegal operation attempted on a registry key that has been marked for deletion." when attempting to run a program all you need to do is restart the computer to reset the registry.
===

Third party programs if not up to date can be the cause of infiltration an infection.

Please run this security check for my review.

Download Security Check by screen317 from here.
  • Save it to your Desktop.
  • Double click SecurityCheck.exe and follow the onscreen instructions inside of the black box.
  • A Notepad document should open automatically called checkup.txt; please post the contents of that document.
===

Please download AdwCleaner by Xplode onto your Desktop.
  • Double click on AdwCleaner.exe to run the tool.
  • Click on Search.
  • A log file will automatically open after the scan has finished.
  • Please post the content of that log file with your next answer.
  • You can find the log file at C:\AdwCleaner[Rn].txt (n is a number).

Please post the logs and let me know if the problem persists.

#3 Daddymoen

Daddymoen
  • Topic Starter

  • Members
  • 16 posts
  • OFFLINE
  •  
  • Local time:04:39 PM

Posted 14 January 2013 - 12:32 PM

Thank you for the assist you are providing.

The first attempt to run ComboFix ended in a BSOD during the portion of the scan that said, "Completed Stage_10" I didn't get the actual stage number at which the BSOD occurred, it took me by surprise as I was looking at the screen of my other computer, reading your instruction. After rebooting the MSN error report indicated a hardware driver error was the cause of the BSOD.

The second attempt to run ComboFix finished properly and generated the log file (see below)

Security Check and adwcleaner both ran without incident and generated their logs (see below)

I then attempted to test the computer to see if the problem was fixed. Previously, running Skype and either starting a call or answering a call ALWAYS resulted in a BSOD. There is some progress to report. It didn't cause a BSOD, it did however lockup the computer to the point that after waiting for a long time I had to use the power switch to reboot. After rebooting I check Skype settings and noticed hardware settings had been changed. My Plantronics DSP 500 headset is no longer on the "My Computer" hardware list. I unplugged the headset from its USB Hub port, waited, then plugged it in again assuming the Plug and Play feature would reinstall the headset. No Go. went on the Internet looking for updated drivers for the headset without success.

So, it looks like, based on my Skype test, the some problem still exists.

I hope something in the logs gives some solid clues to a fix.

Thanks again,

Daddymoen

Here are the logs.

ComboFix Log

ComboFix 13-01-14.01 - Bruce Moen 01/14/2013 10:41:22.2.1 - x86
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.3006.2412 [GMT -5:00]
Running from: c:\documents and settings\Bruce Moen\Desktop\ComboFix.exe
AV: avast! Antivirus *Disabled/Updated* {7591DB91-41F0-48A3-B128-1A293FD8233D}
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\documents and settings\All Users\Application Data\TEMP
c:\documents and settings\Bruce Moen\AnalyseDyeConc.dll
c:\documents and settings\Bruce Moen\Application Data\MSA
c:\documents and settings\Bruce Moen\Application Data\MSA\userid.dat
c:\documents and settings\Bruce Moen\CombineImages.dll
c:\documents and settings\Bruce Moen\DataAcquisition.dll
c:\documents and settings\Bruce Moen\dfcArrayViewer.dll
c:\documents and settings\Bruce Moen\dfcFunctionDLL.dll
c:\documents and settings\Bruce Moen\DigiBit.dll
c:\documents and settings\Bruce Moen\DigiBit500.dll
c:\documents and settings\Bruce Moen\DigiFlow.exe
c:\documents and settings\Bruce Moen\EditStreams.dll
c:\documents and settings\Bruce Moen\Ensembles.dll
c:\documents and settings\Bruce Moen\GoToAssistDownloadHelper.exe
c:\documents and settings\Bruce Moen\gs853w32.exe
c:\documents and settings\Bruce Moen\gsv48w32.exe
c:\documents and settings\Bruce Moen\HelpSystem.dll
c:\documents and settings\Bruce Moen\LiveVideo.dll
c:\documents and settings\Bruce Moen\Local Settings\Temporary Internet Files\ApnStub.exe
c:\documents and settings\Bruce Moen\My Documents\DPE.DUS
c:\documents and settings\Bruce Moen\OpticalFlow.dll
c:\documents and settings\Bruce Moen\ParticleTracking.dll
c:\documents and settings\Bruce Moen\PatternMatching.dll
c:\documents and settings\Bruce Moen\QualitativeSchlieren.dll
c:\documents and settings\Bruce Moen\RoadRunner.dll
c:\documents and settings\Bruce Moen\RunUserDLL.dll
c:\documents and settings\Bruce Moen\ShowAsStreaks.dll
c:\documents and settings\Bruce Moen\SynthSchLines.dll
c:\documents and settings\Bruce Moen\TestDigiFlow.dll
c:\documents and settings\Bruce Moen\TimeAverage.dll
c:\documents and settings\Bruce Moen\TimeSeries.dll
c:\documents and settings\Bruce Moen\TransformIntensity.dll
c:\documents and settings\Bruce Moen\TransformToWorld.dll
c:\documents and settings\Bruce Moen\WINDOWS
c:\windows\Downloaded Program Files\ODCTOOLS
c:\windows\system32\1682547124.dat
c:\windows\system32\LegitCheckControl.dll.orig
c:\windows\system32\OLD39.tmp
c:\windows\system32\syoepk_lib0.dll
c:\windows\system32\URTTemp
c:\windows\system32\URTTemp\fusion.dll
c:\windows\system32\URTTemp\mscoree.dll
c:\windows\system32\URTTemp\mscoree.dll.local
c:\windows\system32\URTTemp\mscorsn.dll
c:\windows\system32\URTTemp\mscorwks.dll
c:\windows\system32\URTTemp\msvcr71.dll
c:\windows\system32\URTTemp\msvcr71.dll.int
c:\windows\system32\URTTemp\regtlib.exe
.
.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
-------\Legacy_uacFlt
-------\Service_uacFlt
.
.
((((((((((((((((((((((((( Files Created from 2012-12-14 to 2013-01-14 )))))))))))))))))))))))))))))))
.
.
2067-02-24 21:21 . 2003-02-05 10:02 79947 ----a-w- c:\windows\fw20.vxd
2013-01-11 16:57 . 2013-01-11 16:57 -------- d-----w- c:\program files\NirSoft
2013-01-09 22:36 . 2013-01-09 22:36 -------- d-----w- c:\documents and settings\Bruce Moen\Local Settings\Application Data\PCHealth
2013-01-09 22:00 . 2013-01-09 22:02 -------- dc-h--w- c:\windows\ie8
2013-01-09 01:05 . 2001-08-17 18:28 701386 -c--a-w- c:\windows\system32\dllcache\wdhaalba.sys
2013-01-09 01:04 . 2001-08-18 03:35 42496 -c--a-w- c:\windows\system32\dllcache\tp4res.dll
2013-01-09 01:03 . 2001-08-17 17:12 25034 -c--a-w- c:\windows\system32\dllcache\smcpwr2n.sys
2013-01-09 01:02 . 2004-08-04 06:31 20992 -c--a-w- c:\windows\system32\dllcache\rtl8139.sys
2013-01-09 01:01 . 2008-04-13 19:44 28032 -c--a-w- c:\windows\system32\dllcache\perm3.sys
2013-01-09 01:00 . 2001-08-18 03:36 59104 -c--a-w- c:\windows\system32\dllcache\n9i128v2.dll
2013-01-09 00:59 . 2001-08-17 18:52 7424 -c--a-w- c:\windows\system32\dllcache\mammoth.sys
2013-01-09 00:58 . 2001-08-18 03:36 372824 -c--a-w- c:\windows\system32\dllcache\iconf32.dll
2013-01-09 00:57 . 2001-08-18 03:36 92160 -c--a-w- c:\windows\system32\dllcache\fuusd.dll
2013-01-09 00:56 . 2001-08-17 17:12 19594 -c--a-w- c:\windows\system32\dllcache\e100isa4.sys
2013-01-09 00:55 . 2001-08-18 03:36 44032 -c--a-w- c:\windows\system32\dllcache\cnusd.dll
2013-01-09 00:54 . 2001-08-17 18:51 13824 -c--a-w- c:\windows\system32\dllcache\bulltlp3.sys
2013-01-09 00:53 . 2001-08-17 18:47 6272 -c--a-w- c:\windows\system32\dllcache\apmbatt.sys
2013-01-09 00:53 . 2002-08-29 03:59 36224 -c--a-w- c:\windows\system32\dllcache\an983.sys
2013-01-09 00:53 . 2001-08-17 18:52 12032 -c--a-w- c:\windows\system32\dllcache\amsint.sys
2013-01-09 00:53 . 2001-08-17 17:11 16969 -c--a-w- c:\windows\system32\dllcache\amb8002.sys
2013-01-09 00:53 . 2001-08-17 18:51 5248 -c--a-w- c:\windows\system32\dllcache\aliide.sys
2013-01-09 00:53 . 2001-08-17 18:49 26624 -c--a-w- c:\windows\system32\dllcache\alifir.sys
2013-01-09 00:53 . 2001-08-17 17:11 27678 -c--a-w- c:\windows\system32\dllcache\ali5261.sys
2013-01-09 00:53 . 2001-08-17 19:07 56960 -c--a-w- c:\windows\system32\dllcache\aic78xx.sys
2013-01-09 00:53 . 2001-08-17 19:07 55168 -c--a-w- c:\windows\system32\dllcache\aic78u2.sys
2013-01-09 00:53 . 2001-08-17 18:52 12800 -c--a-w- c:\windows\system32\dllcache\aha154x.sys
2013-01-08 17:35 . 2013-01-08 17:35 -------- d-----w- c:\documents and settings\Bruce Moen\Application Data\ColorCop
2013-01-08 17:29 . 2013-01-08 17:29 -------- d-----w- c:\documents and settings\All Users\Application Data\APN
2013-01-03 16:22 . 2013-01-03 16:22 207510 ----a-w- c:\windows\Photo Pos Pro Uninstaller.exe
2013-01-03 16:22 . 2013-01-03 16:22 -------- d-----w- c:\program files\Common Files\Thraex Software
2013-01-03 16:22 . 2013-01-03 16:23 -------- d-----w- c:\program files\Photo Pos Pro
2012-12-31 20:32 . 2012-12-31 20:35 -------- d-----w- c:\program files\MeeSoft
2012-12-19 18:25 . 2012-12-19 18:25 -------- d-----w- c:\windows\system32\wbem\Repository
2012-12-19 17:57 . 2012-12-19 18:25 -------- d-----w- C:\Fiji
2012-12-18 14:28 . 2012-12-18 14:28 186584 ----a-w- c:\program files\Internet Explorer\PLUGINS\nppdf32.dll
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2013-01-08 23:26 . 2012-05-11 19:33 697864 ----a-w- c:\windows\system32\FlashPlayerApp.exe
2013-01-08 23:26 . 2011-06-23 19:26 74248 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2012-12-16 12:23 . 2003-03-31 12:00 290560 ----a-w- c:\windows\system32\atmfd.dll
2012-12-14 21:49 . 2010-03-10 19:46 21104 ----a-w- c:\windows\system32\drivers\mbam.sys
2012-11-13 01:25 . 2003-03-31 12:00 1866368 ----a-w- c:\windows\system32\win32k.sys
2012-11-06 02:01 . 2008-05-30 14:35 1371648 ----a-w- c:\windows\system32\msxml6.dll
2012-11-02 02:02 . 2002-12-12 06:14 375296 ----a-w- c:\windows\system32\dpnet.dll
2012-11-01 12:17 . 2006-06-23 15:33 916992 ----a-w- c:\windows\system32\wininet.dll
2012-11-01 12:17 . 2003-03-31 12:00 43520 ------w- c:\windows\system32\licmgr10.dll
2012-11-01 12:17 . 2003-03-31 12:00 1469440 ------w- c:\windows\system32\inetcpl.cpl
2012-11-01 00:35 . 2004-08-04 05:59 385024 ------w- c:\windows\system32\html.iec
2012-10-31 16:45 . 2008-01-04 13:37 40960 ----a-r- c:\documents and settings\Bruce Moen\Application Data\Microsoft\Installer\{19CAAE99-2574-47DD-9467-DC54276728FC}\NewShortcut41_880A24336AA24650A896CF1ADDA98C89.exe
2012-10-31 16:45 . 2008-01-04 13:37 40960 ----a-r- c:\documents and settings\Bruce Moen\Application Data\Microsoft\Installer\{19CAAE99-2574-47DD-9467-DC54276728FC}\NewShortcut3_880A24336AA24650A896CF1ADDA98C89.exe
2012-10-31 16:45 . 2008-01-04 13:37 40960 ----a-r- c:\documents and settings\Bruce Moen\Application Data\Microsoft\Installer\{19CAAE99-2574-47DD-9467-DC54276728FC}\NewShortcut4_880A24336AA24650A896CF1ADDA98C89.exe
2012-10-30 23:51 . 2012-01-26 16:56 361032 ----a-w- c:\windows\system32\drivers\aswSP.sys
2012-10-30 23:51 . 2012-01-26 16:56 738504 ----a-w- c:\windows\system32\drivers\aswSnx.sys
2012-10-30 23:51 . 2012-01-26 16:56 54232 ----a-w- c:\windows\system32\drivers\aswTdi.sys
2012-10-30 23:51 . 2012-01-26 16:56 35928 ----a-w- c:\windows\system32\drivers\aswRdr.sys
2012-10-30 23:51 . 2012-01-26 16:56 97608 ----a-w- c:\windows\system32\drivers\aswmon2.sys
2012-10-30 23:51 . 2012-01-26 16:56 89752 ----a-w- c:\windows\system32\drivers\aswmon.sys
2012-10-30 23:51 . 2012-01-26 16:56 21256 ----a-w- c:\windows\system32\drivers\aswFsBlk.sys
2012-10-30 23:51 . 2012-01-26 16:56 25256 ----a-w- c:\windows\system32\drivers\aavmker4.sys
2012-10-30 23:51 . 2012-01-26 16:56 41224 ----a-w- c:\windows\avastSS.scr
2012-10-30 23:50 . 2012-01-26 16:56 227648 ----a-w- c:\windows\system32\aswBoot.exe
2004-12-21 16:33 . 2004-12-21 16:33 446464 ----a-w- c:\program files\Voicer.exe
2004-03-15 21:51 . 2004-03-15 21:51 114688 ----a-w- c:\program files\internet explorer\plugins\LV71ActiveXControl.dll
2006-01-23 14:32 . 2006-01-23 14:32 131072 ----a-w- c:\program files\internet explorer\plugins\LV80ActiveXControl.dll
2007-02-08 14:48 . 2007-02-08 14:48 133920 ----a-w- c:\program files\internet explorer\plugins\LV82ActiveXControl.dll
2007-07-24 23:03 . 2007-07-24 23:03 118784 ----a-w- c:\program files\internet explorer\plugins\LV85ActiveXControl.dll
2013-01-11 16:28 . 2013-01-11 16:28 262704 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll
.
<pre>
c:\program files\HearSource\HearSource Fitting  .exe
c:\program files\HearSource\Backup\HearSource Fitting  .exe
</pre>
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\00avast]
@="{472083B0-C522-11CF-8763-00608CC02F24}"
[HKEY_CLASSES_ROOT\CLSID\{472083B0-C522-11CF-8763-00608CC02F24}]
2012-10-30 23:50 121528 ----a-w- c:\program files\AVAST Software\Avast\ashShell.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"WMPNSCFG"="c:\program files\Windows Media Player\WMPNSCFG.exe" [2006-10-19 204288]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"LVCOMSX"="c:\windows\system32\LVCOMSX.EXE" [2005-07-19 221184]
"RTHDCPL"="RTHDCPL.EXE" [2010-09-03 19573352]
"avast"="c:\program files\AVAST Software\Avast\avastUI.exe" [2012-10-30 4297136]
"HP Software Update"="c:\program files\Hp\HP Software Update\HPWuSchd2.exe" [2011-05-10 49208]
"DNS7reminder"="c:\program files\Nuance\NaturallySpeaking12\Ereg\Ereg.exe" [2010-10-27 328992]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2010-03-16 110696]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2010-03-16 13670504]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-12-03 946352]
"IMJPMIG8.1"="c:\windows\IME\imjp8_1\IMJPMIG.EXE" [2004-08-04 208952]
"IMEKRMIG6.1"="c:\windows\ime\imkr6_1\IMEKRMIG.EXE" [2002-08-29 44032]
"PHIME2002ASync"="c:\windows\system32\IME\TINTLGNT\TINTSETP.EXE" [2003-03-31 455168]
"PHIME2002A"="c:\windows\system32\IME\TINTLGNT\TINTSETP.EXE" [2003-03-31 455168]
"MSPY2002"="c:\windows\system32\IME\PINTLGNT\ImScInst.exe" [2003-03-31 59392]
.
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\system]
"qsmwzhwnjpttddgsewaeTaskMgr"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\LBTWlgn]
2010-10-28 10:13 64592 ----a-w- c:\program files\Common Files\Logishrd\Bluetooth\LBTWLgn.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"midi10"=midicode32.drv
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute REG_MULTI_SZ \0
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS]
@=""
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WdfLoadGroup]
@=""
.
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Device Detector 2.lnk]
backup=c:\windows\pss\Device Detector 2.lnkCommon Startup
.
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^HotSync Manager.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Franklin Covey\Palm Connected Organizer\HotSync Manager.lnk
backup=c:\windows\pss\HotSync Manager.lnkCommon Startup
.
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Kodak EasyShare software.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Kodak\Kodak EasyShare\Kodak EasyShare software.lnk
backup=c:\windows\pss\Kodak EasyShare software.lnkCommon Startup
.
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Kodak software updater.lnk]
backup=c:\windows\pss\Kodak software updater.lnkCommon Startup
.
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Microsoft Office.lnk]
backup=c:\windows\pss\Microsoft Office.lnkCommon Startup
.
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Perstray.lnk]
backup=c:\windows\pss\Perstray.lnkCommon Startup
.
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^raid_tool.exe.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\VIA\RAID\raid_tool.exe.lnk
backup=c:\windows\pss\raid_tool.exe.lnkCommon Startup
.
[HKLM\~\startupfolder\C:^Documents and Settings^Bruce Moen^Start Menu^Programs^Startup^PowerReg Scheduler V3.exe]
.
[HKLM\~\startupfolder\C:^Documents and Settings^Bruce Moen^Start Menu^Programs^Startup^PowerReg Scheduler.exe]
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MsnMsgr
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Share-to-Web Namespace Daemon
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\StorageGuard
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Google Update]
2008-11-29 14:54 133104 ----atw- c:\documents and settings\Bruce Moen\Local Settings\Application Data\Google\Update\GoogleUpdate.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\P17Helper]
2005-05-04 02:38 64512 ----a-w- c:\windows\system32\P17.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WMPNSCFG]
2006-10-19 03:05 204288 ------w- c:\program files\Windows Media Player\wmpnscfg.exe
.
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run-]
"Skype"="c:\program files\Skype\Phone\Skype.exe" /nosplash /minimized
"SandboxieControl"="c:\program files\Sandboxie\SbieCtrl.exe"
"HP Officejet Pro 8600 (NET)"="c:\program files\HP\HP Officejet Pro 8600\Bin\ScanToPCActivationApp.exe" -deviceID "CN23MBR3X405KD:NW" -scfn "HP Officejet Pro 8600 (NET)" -AutoStart 1
"Google Update"="c:\documents and settings\Bruce Moen\Local Settings\Application Data\Google\Update\GoogleUpdate.exe" /c
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-]
"RetroExpress"=c:\progra~1\Dantz\RETROS~1\RetroExpress.exe /h
"niDevMon"=c:\program files\National Instruments\NI-DAQ\HWConfig\nidevmon.exe
"Sidereal Clock"=c:\program files\sidclock1\RSclock.exe
"EvtMgr6"=c:\program files\Logitech\SetPointP\SetPoint.exe /launchGaming
"mxomssmenu"="c:\program files\Maxtor\OneTouch Status\maxmenumgr.exe"
"Seagate Scheduler2 Service"="c:\program files\Common Files\Seagate\Schedule2\schedhlp.exe"
"LogitechQuickCamRibbon"="c:\program files\Logitech\Logitech WebCam Software\LWS.exe" /hide
"ISUSPM"=c:\documents and settings\All Users\Application Data\FLEXnet\Connect\11\\isuspm.exe -scheduler
"nwiz"=nwiz.exe /installquiet
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusOverride"=dword:00000001
"FirewallOverride"=dword:00000001
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Messenger\\msmsgs.exe"=
"c:\\Program Files\\Kodak\\Kodak EasyShare software\\bin\\EasyShare.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\Logitech\\Desktop Messenger\\8876480\\Program\\LogitechDesktopMessenger.exe"=
"c:\\WINDOWS\\system32\\nisvcloc.exe"=
"c:\\WINDOWS\\system32\\lktsrv.exe"=
"c:\\WINDOWS\\system32\\CTSVCCDA.EXE"=
"%windir%\\system32\\drivers\\svchost.exe"=
"c:\\Documents and Settings\\Bruce Moen\\Local Settings\\Application Data\\Google\\Google Talk Plugin\\googletalkplugin.dll"=
"c:\\Documents and Settings\\Bruce Moen\\Local Settings\\Application Data\\Google\\Google Talk Plugin\\googletalkplugin.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\wlcsdk.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"c:\\Program Files\\Windows Live\\Sync\\WindowsLiveSync.exe"=
"c:\\WINDOWS\\system32\\dpvsetup.exe"=
"c:\\Program Files\\ImageJ\\jre\\bin\\javaw.exe"=
"c:\\WINDOWS\\system32\\SUPDSvc.exe"=
"c:\\Program Files\\Logitech\\Vid HD\\Vid.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"51001:TCP"= 51001:TCP:Dragon Smart Phone Server
.
R0 hotcore3;hc3ServiceName;c:\windows\system32\drivers\hotcore3.sys [8/11/2010 8:32 AM 40560]
R0 Lbd;Lbd;c:\windows\system32\drivers\Lbd.sys [1/21/2009 2:14 PM 64160]
R0 nipbcfk;National Instruments Class Upper Filter Driver;c:\windows\system32\drivers\nipbcfk.sys [7/10/2007 6:08 PM 15448]
R1 aswSnx;aswSnx;c:\windows\system32\drivers\aswSnx.sys [1/26/2012 11:56 AM 738504]
R1 aswSP;aswSP;c:\windows\system32\drivers\aswSP.sys [1/26/2012 11:56 AM 361032]
R1 hwinterface32B01;hwinterface32B01;c:\windows\system32\drivers\hwinterface32B01.sys [11/2/2009 3:38 PM 4930]
R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [1/26/2012 11:56 AM 21256]
R2 DragonSvc;Dragon Service;c:\program files\Common Files\Nuance\dgnsvc.exe [7/18/2012 9:07 PM 310232]
R2 LBeepKE;Logitech Beep Suppression Driver;c:\windows\system32\drivers\LBeepKE.sys [9/21/2010 1:54 PM 10448]
R2 MBAMScheduler;MBAMScheduler;c:\program files\Malwarebytes' Anti-Malware\mbamscheduler.exe [11/27/2012 12:48 PM 398184]
R2 nidevldu;NI Device Loader;c:\windows\system32\nipalsm.exe [2/16/2007 9:21 AM 12696]
R2 nipxirmk;nipxirmk;c:\windows\system32\drivers\nipxirmkl.sys [9/18/2007 6:24 AM 11552]
R2 NiViPxiK;NI-VISA PXI Driver;c:\windows\system32\drivers\NiViPxiKl.sys [7/19/2007 10:56 AM 11360]
R2 SgtSch2Svc;Seagate Scheduler2 Service;c:\program files\Common Files\Seagate\Schedule2\schedul2.exe [10/16/2009 5:39 PM 431456]
R2 Viewpoint Manager Service;Viewpoint Manager Service;c:\program files\Viewpoint\Common\ViewpointService.exe [11/25/2008 2:29 PM 24652]
R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [3/10/2010 2:46 PM 21104]
R3 nidimk;nidimk;c:\windows\system32\drivers\nidimkl.sys [12/14/2007 11:41 AM 11360]
R3 niesrk;niesrk;c:\windows\system32\drivers\niesrkl.sys [2/22/2008 10:25 AM 11336]
R3 nimru2k;nimru2k;c:\windows\system32\drivers\nimru2kl.sys [12/14/2007 2:06 PM 11360]
R3 nimstsk;nimstsk;c:\windows\system32\drivers\nimstskl.sys [12/18/2007 5:14 PM 11360]
S0 viasraid;viasraid;c:\windows\system32\drivers\viasraid.sys [8/18/2004 9:20 AM 76416]
S2 gupdate1c98e3fdec49ea2;Google Update Service (gupdate1c98e3fdec49ea2);c:\program files\Google\Update\GoogleUpdate.exe [2/13/2009 8:02 PM 133104]
S2 MBAMService;MBAMService;c:\program files\Malwarebytes' Anti-Malware\mbamservice.exe [3/10/2010 2:46 PM 682344]
S2 SkypeUpdate;Skype Updater;c:\program files\Skype\Updater\Updater.exe [1/8/2013 12:55 PM 161536]
S3 Ambfilt;Ambfilt;c:\windows\system32\drivers\Ambfilt.sys [9/13/2010 3:06 PM 1691480]
S3 ampa;ampa;c:\windows\system32\ampa.sys [12/2/2010 3:08 PM 10936]
S3 lvalarmk;lvalarmk;c:\windows\system32\drivers\lvalarmk.sys [12/20/2007 8:37 AM 20056]
S3 MatSvc;Microsoft Automated Troubleshooting Service;c:\program files\Microsoft Fix it Center\Matsvc.exe [6/13/2011 10:09 PM 267568]
S3 ni1006k;NI PXI-1006 Chassis Pilot;c:\windows\system32\drivers\ni1006k.sys [10/8/2007 1:10 PM 25888]
S3 ni1045k;NI PXI-1045 Chassis Pilot;c:\windows\system32\drivers\ni1045kl.sys [10/8/2007 1:10 PM 11552]
S3 ni1065k;NI PXIe-1065 Chassis Pilot;c:\windows\system32\drivers\ni1065k.sys [10/8/2007 1:10 PM 22360]
S3 nicdrk;nicdrk;c:\windows\system32\drivers\nicdrkl.sys [12/26/2007 10:53 AM 11352]
S3 nicsrk;nicsrk;c:\windows\system32\drivers\nicsrkl.sys [2/22/2008 10:25 AM 11336]
S3 nidmxfk;nidmxfk;c:\windows\system32\drivers\nidmxfkl.sys [12/18/2007 5:20 PM 11336]
S3 nidsark;nidsark;c:\windows\system32\drivers\nidsarkl.sys [2/15/2008 2:37 PM 11344]
S3 niemrk;niemrk;c:\windows\system32\drivers\niemrkl.sys [2/22/2008 10:25 AM 11336]
S3 nifslk;nifslk;c:\windows\system32\drivers\nifslkl.sys [12/26/2007 10:18 AM 11352]
S3 nimsdrk;nimsdrk;c:\windows\system32\drivers\nimsdrkl.sys [1/11/2008 3:08 PM 11392]
S3 nimslk;nimslk;c:\windows\system32\drivers\nimslk.dll [4/4/2007 7:06 AM 14464]
S3 nimsrlk;nimsrlk;c:\windows\system32\drivers\nimsrlk.dll [4/4/2007 7:06 AM 151683]
S3 nimxpk;nimxpk;c:\windows\system32\drivers\nimxpkl.sys [12/18/2007 5:14 PM 11368]
S3 ninshsdk;ninshsdk;c:\windows\system32\drivers\ninshsdkl.sys [12/27/2007 8:45 AM 11360]
S3 nipalfwedl;nipalfwedl;c:\windows\system32\drivers\nipalfwedl.sys [12/12/2007 10:23 PM 11904]
S3 nipalusbedl;nipalusbedl;c:\windows\system32\drivers\nipalusbedl.sys [12/12/2007 10:22 PM 11896]
S3 nipxigpk;NI PXI Generic Chassis Pilot;c:\windows\system32\drivers\nipxigpk.sys [11/26/2007 4:22 PM 20768]
S3 niscdk;niscdk;c:\windows\system32\drivers\niscdkl.sys [1/7/2008 11:38 PM 11376]
S3 nisdigk;nisdigk;c:\windows\system32\drivers\nisdigkl.sys [1/7/2008 11:21 PM 11352]
S3 nisftk;nisftk;c:\windows\system32\drivers\nisftkl.sys [12/20/2007 2:54 PM 11344]
S3 nispdk;nispdk;c:\windows\system32\drivers\nispdkl.sys [1/7/2008 11:38 PM 11376]
S3 nissrk;nissrk;c:\windows\system32\drivers\nissrkl.sys [2/22/2008 10:25 AM 11336]
S3 nistc2k;nistc2k;c:\windows\system32\drivers\nistc2kl.sys [1/7/2008 11:35 PM 11312]
S3 nistcrk;nistcrk;c:\windows\system32\drivers\nistcrkl.sys [2/14/2008 7:58 PM 11360]
S3 niswdk;niswdk;c:\windows\system32\drivers\niswdkl.sys [1/2/2008 12:14 PM 11336]
S3 nitiork;nitiork;c:\windows\system32\drivers\nitiorkl.sys [2/19/2008 10:56 PM 11360]
S3 niufurk;niufurk;c:\windows\system32\drivers\niufurkl.sys [2/22/2008 10:25 AM 11368]
S3 NiViFWK;NI-VISA FireWire Driver;c:\windows\system32\drivers\NiViFWKl.sys [7/19/2007 10:48 AM 11384]
S3 NiViPciK;NI-VISA PCI Driver;c:\windows\system32\drivers\NiViPciKl.sys [7/19/2007 10:56 AM 11360]
S3 niwfrk;niwfrk;c:\windows\system32\drivers\niwfrkl.sys [2/22/2008 10:25 AM 11336]
S3 nixsrk;nixsrk;c:\windows\system32\drivers\nixsrkl.sys [2/22/2008 10:25 AM 11336]
S3 NPF;NetGroup Packet Filter Driver;c:\windows\system32\drivers\npf.sys [5/21/2008 6:57 PM 34576]
S3 PsSdk41;PsSdk41;c:\windows\system32\drivers\pssdk41.sys [10/13/2010 2:50 AM 36928]
S3 Samsung UPD Service;Samsung UPD Service;c:\windows\system32\SUPDSvc.exe [9/13/2010 3:16 PM 132464]
S3 StkMini;VideoAdvantage USB;c:\windows\system32\drivers\StkMini.sys [3/25/2005 9:39 AM 600617]
.
Contents of the 'Scheduled Tasks' folder
.
2013-01-14 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2012-05-11 23:26]
.
2013-01-14 c:\windows\Tasks\At1.job
- c:\program files\HP\HP Officejet Pro 8600\Bin\HPCustPartic.exe [2011-09-09 19:53]
.
2013-01-14 c:\windows\Tasks\At2.job
- c:\program files\HP\HP Officejet Pro 8600\Bin\HPCustPartic.exe [2011-09-09 19:53]
.
2013-01-13 c:\windows\Tasks\At3.job
- c:\program files\HP\HP Officejet Pro 8600\Bin\HPCustPartic.exe [2011-09-09 19:53]
.
2013-01-13 c:\windows\Tasks\At4.job
- c:\program files\HP\HP Officejet Pro 8600\Bin\HPCustPartic.exe [2011-09-09 19:53]
.
2013-01-14 c:\windows\Tasks\avast! Emergency Update.job
- c:\program files\AVAST Software\Avast\AvastEmUpdate.exe [2012-07-03 23:50]
.
2013-01-07 c:\windows\Tasks\classicftpShakeIcon.job
- c:\program files\NCH Software\ClassicFTP\classicftp.exe [2011-06-06 17:49]
.
2013-01-14 c:\windows\Tasks\ConfigExec.job
- c:\program files\Microsoft Fix it Center\MatsApi.dll [2011-06-14 03:09]
.
2013-01-14 c:\windows\Tasks\DataUpload.job
- c:\program files\Microsoft Fix it Center\MatsApi.dll [2011-06-14 03:09]
.
2013-01-14 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-02-14 01:02]
.
2013-01-14 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-02-14 01:02]
.
2013-01-13 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-746137067-2049760794-839522115-1004Core.job
- c:\documents and settings\Bruce Moen\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2008-11-29 14:54]
.
2013-01-14 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-746137067-2049760794-839522115-1004UA.job
- c:\documents and settings\Bruce Moen\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2008-11-29 14:54]
.
2013-01-14 c:\windows\Tasks\RealUpgradeLogonTaskS-1-5-21-746137067-2049760794-839522115-1004.job
- c:\program files\Real\RealUpgrade\realupgrade.exe [2010-11-05 16:33]
.
2013-01-14 c:\windows\Tasks\RealUpgradeScheduledTaskS-1-5-21-746137067-2049760794-839522115-1004.job
- c:\program files\Real\RealUpgrade\realupgrade.exe [2010-11-05 16:33]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.google.com/
uSearchMigratedDefaultURL = hxxp://search.yahoo.com/search?p={searchTerms}&ei=utf-8&fr=b1ie7
uInternet Settings,ProxyServer = sas.r4.attbi.com:8000
uInternet Settings,ProxyOverride = *.r4.attbi.com;<local>
uSearchURL,(Default) = hxxp://www.google.com/keyword/%s
IE: {{654415B4-654E-4A6B-9F80-D4F2DD24E621} - c:\program files\Bytescout Movies Extractor Scout\flashextract_ie.html
IE: {{68FFDFEE-F5A7-46F5-9DEE-03024EFE5586} - c:\program files\Bytescout Movies Extractor Scout\flashextract_ie.html
IE: {{AA6419A7-4B01-46E8-98AD-AB811359C33E} - c:\program files\Bytescout Movies Extractor Scout\flashextract_ie.html
Trusted Zone: internet
Trusted Zone: lingo.com\www
Trusted Zone: mcafee.com
TCP: DhcpNameServer = 216.181.31.11 216.181.30.11 65.32.5.111
TCP: Interfaces\{BE72B7F1-9B0E-4278-BC0A-8113151D3E18}: NameServer = 65.32.5.111,65.32.5.112
Handler: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - c:\program files\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll
DPF: DirectAnimation Java Classes
DPF: Microsoft XML Parser for Java - file:///C:/WINDOWS/Java/classes/xmldso.cab
.
.
------- File Associations -------
.
.reg=regedit
.
- - - - ORPHANS REMOVED - - - -
.
AddRemove-DreamStation DXi2 - c:\windows\DSDXIRMV.EXE
AddRemove-Replay Video Capture3.0 - c:\windows\Replay Video Capture\uninstall.exe
.
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2013-01-14 10:56
Windows 5.1.2600 Service Pack 3 NTFS
.
scanning hidden processes ...
.
scanning hidden autostart entries ...
.
scanning hidden files ...
.
scan completed successfully
hidden files: 0
.
**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_USERS\S-1-5-21-746137067-2049760794-839522115-1004\Software\Microsoft\SystemCertificates\AddressBook*]
@Allowed: (Read) (RestrictedCode)
@Allowed: (Read) (RestrictedCode)
.
[HKEY_USERS\S-1-5-21-746137067-2049760794-839522115-1004\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{DEC3C133-8181-6605-8DB3-DDB9D5D7596D}*]
@Allowed: (Read) (RestrictedCode)
@Allowed: (Read) (RestrictedCode)
"iabgcpmekffiogpbhn"=hex:6a,61,6b,6d,6b,6b,6d,62,6a,65,61,6c,6f,6b,6d,64,64,65,
70,6b,00,00
"hahfkfegihmcioeg"=hex:69,61,67,6e,65,6b,69,6f,69,6f,68,6c,63,68,70,70,68,6a,
00,00
.
[HKEY_USERS\S-1-5-21-746137067-2049760794-839522115-1004\Software\Zepter Software\RegLib*4c5ea22c\CloneDVD2/2]
"1"=dword:44a2eef7
"2"=dword:45548fd7
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil32_11_5_502_146_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil32_11_5_502_146_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{DEC3C133-8181-6605-8DB3-DDB9D5D7596D}\InProcServer32*]
"jadgboiklbfokebjgjhc"=hex:6a,61,6b,6d,6b,6b,6d,62,6a,65,61,6c,6f,6b,6d,64,64,
65,70,6b,00,00
"iadglngdijooknajgf"=hex:69,61,67,6e,65,6b,69,6f,69,6f,68,6c,63,68,70,70,68,6a,
00,00
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
--------------------- DLLs Loaded Under Running Processes ---------------------
.
- - - - - - - > 'winlogon.exe'(972)
c:\program files\common files\logishrd\bluetooth\LBTWlgn.dll
.
- - - - - - - > 'explorer.exe'(6872)
c:\windows\system32\WININET.dll
c:\windows\TEMP\logishrd\LVPrcInj01.dll
c:\windows\system32\ieframe.dll
c:\windows\system32\webcheck.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
------------------------ Other Running Processes ------------------------
.
c:\windows\system32\nvsvc32.exe
c:\program files\Sandboxie\SbieSvc.exe
c:\program files\AVAST Software\Avast\AvastSvc.exe
c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
c:\windows\system32\CTsvcCDA.exe
c:\windows\system32\crypserv.exe
c:\windows\system32\lkcitdl.exe
c:\windows\system32\lkads.exe
c:\windows\system32\lktsrv.exe
c:\program files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe
c:\program files\Maxtor\Sync\SyncServices.exe
c:\program files\National Instruments\MAX\nimxs.exe
c:\program files\National Instruments\Shared\Security\nidmsrv.exe
c:\windows\system32\nisvcloc.exe
c:\program files\National Instruments\Shared\Tagger\tagsrv.exe
c:\program files\Common Files\Protexis\License Service\PsiService_2.exe
c:\progra~1\Dantz\RETROS~1\retrorun.exe
c:\program files\CyberLink\Shared Files\RichVideo.exe
c:\program files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
c:\program files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
c:\windows\RTHDCPL.EXE
c:\windows\system32\RUNDLL32.EXE
.
**************************************************************************
.
Completion time: 2013-01-14 11:00:58 - machine was rebooted
ComboFix-quarantined-files.txt 2013-01-14 16:00
.
Pre-Run: 383,939,907,584 bytes free
Post-Run: 384,182,501,376 bytes free
.
- - End Of File - - 07AEE0CBDAB1CD725DA2CCABBE3A30F9

Security Check Log

Results of screen317's Security Check version 0.99.57
Windows XP Service Pack 3 x86
Internet Explorer 8
``````````````Antivirus/Firewall Check:``````````````
Windows Firewall Enabled!
avast! Free Antivirus
`````````Anti-malware/Other Utilities Check:`````````
Out of date HijackThis installed!
Spybot - Search & Destroy
Malwarebytes Anti-Malware version 1.70.0.1100
HijackThis 2.0.2
Java 7 Update 9
Java version out of Date!
Adobe Flash Player 11.5.502.146
Adobe Reader 8 Adobe Reader out of Date!
Adobe Reader 10.1.5 Adobe Reader out of Date!
Mozilla Firefox (18.0)
````````Process Check: objlist.exe by Laurent````````
Malwarebytes' Anti-Malware mbamscheduler.exe
AVAST Software Avast AvastSvc.exe
AVAST Software Avast avastUI.exe
`````````````````System Health check`````````````````
Total Fragmentation on Drive C::
````````````````````End of Log``````````````````````

Adwcleaner Log

# AdwCleaner v2.105 - Logfile created 01/14/2013 at 11:06:47
# Updated 08/01/2013 by Xplode
# Operating system : Microsoft Windows XP Service Pack 3 (32 bits)
# User : Bruce Moen - BIOSTAR5
# Boot Mode : Normal
# Running from : C:\Documents and Settings\Bruce Moen\Desktop\adwcleaner.exe
# Option [Search]


***** [Services] *****

Found : Viewpoint Manager Service

***** [Files / Folders] *****

Folder Found : C:\Documents and Settings\All Users\Application Data\APN
Folder Found : C:\Documents and Settings\All Users\Application Data\Ask
Folder Found : C:\Documents and Settings\All Users\Application Data\Viewpoint
Folder Found : C:\Documents and Settings\Bruce Moen\Application Data\Viewpoint
Folder Found : C:\Program Files\Ask.com
Folder Found : C:\Program Files\Viewpoint

***** [Registry] *****

Key Found : HKCU\Software\Conduit
Key Found : HKCU\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{A5AA24EA-11B8-4113-95AE-9ED71DEAF12A}
Key Found : HKCU\Software\Softonic
Key Found : HKLM\Software\AskToolbar
Key Found : HKLM\SOFTWARE\Classes\AppID\{9B0CB95C-933A-4B8C-B6D4-EDCD19A43874}
Key Found : HKLM\SOFTWARE\Classes\AppID\GenericAskToolbar.DLL
Key Found : HKLM\SOFTWARE\Classes\AppID\NCTAudioCDGrabber2.DLL
Key Found : HKLM\SOFTWARE\Classes\AxMetaStream.MetaStreamCtl
Key Found : HKLM\SOFTWARE\Classes\AxMetaStream.MetaStreamCtl.1
Key Found : HKLM\SOFTWARE\Classes\AxMetaStream.MetaStreamCtlSecondary
Key Found : HKLM\SOFTWARE\Classes\AxMetaStream.MetaStreamCtlSecondary.1
Key Found : HKLM\SOFTWARE\Classes\CLSID\{1B00725B-C455-4DE6-BFB6-AD540AD427CD}
Key Found : HKLM\SOFTWARE\Classes\Interface\{6C434537-053E-486D-B62A-160059D9D456}
Key Found : HKLM\SOFTWARE\Classes\Interface\{91CF619A-4686-4CA4-9232-3B2E6B63AA92}
Key Found : HKLM\SOFTWARE\Classes\Interface\{AC71B60E-94C9-4EDE-BA46-E146747BB67E}
Key Found : HKLM\SOFTWARE\Classes\toolband.eb_explorerbar
Key Found : HKLM\SOFTWARE\Classes\toolband.eb_explorerbar.1
Key Found : HKLM\SOFTWARE\Classes\toolband.fh_hookeventsink
Key Found : HKLM\SOFTWARE\Classes\toolband.fh_hookeventsink.1
Key Found : HKLM\SOFTWARE\Classes\toolband.ipm_printlistitem
Key Found : HKLM\SOFTWARE\Classes\toolband.ipm_printlistitem.1
Key Found : HKLM\SOFTWARE\Classes\toolband.pm_dialogeventshandler
Key Found : HKLM\SOFTWARE\Classes\toolband.pm_dialogeventshandler.1
Key Found : HKLM\SOFTWARE\Classes\toolband.pm_launcher
Key Found : HKLM\SOFTWARE\Classes\toolband.pm_launcher.1
Key Found : HKLM\SOFTWARE\Classes\toolband.pm_printmanager
Key Found : HKLM\SOFTWARE\Classes\toolband.pm_printmanager.1
Key Found : HKLM\SOFTWARE\Classes\toolband.pr_bindstatuscallback
Key Found : HKLM\SOFTWARE\Classes\toolband.pr_bindstatuscallback.1
Key Found : HKLM\SOFTWARE\Classes\toolband.pr_cancelbuttoneventhandler
Key Found : HKLM\SOFTWARE\Classes\toolband.pr_cancelbuttoneventhandler.1
Key Found : HKLM\SOFTWARE\Classes\toolband.pr_printdialogcallback
Key Found : HKLM\SOFTWARE\Classes\toolband.pr_printdialogcallback.1
Key Found : HKLM\SOFTWARE\Classes\toolband.tbtoolband
Key Found : HKLM\SOFTWARE\Classes\toolband.tbtoolband.1
Key Found : HKLM\SOFTWARE\Classes\toolband.useroptions
Key Found : HKLM\SOFTWARE\Classes\toolband.useroptions.1
Key Found : HKLM\Software\Conduit
Key Found : HKLM\Software\MetaStream
Key Found : HKLM\SOFTWARE\Microsoft\Active Setup\Installed Components\{03F998B2-0E00-11D3-A498-00104B6EB52E}
Key Found : HKLM\SOFTWARE\Microsoft\Active Setup\Installed Components\{1B00725B-C455-4DE6-BFB6-AD540AD427CD}
Key Found : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{A5AA24EA-11B8-4113-95AE-9ED71DEAF12A}
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\App Management\ARPCache\ViewpointMediaPlayer
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{03F998B2-0E00-11D3-A498-00104B6EB52E}
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{1B00725B-C455-4DE6-BFB6-AD540AD427CD}
Key Found : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\0CFE535C35F99574E8340BFA75BF92C2
Key Found : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\261F213D1F55267499B1F87D0CC3BCF7
Key Found : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\741B4ADF27276464790022C965AB6DA8
Key Found : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\7DE196B10195F5647A2B21B761F3DE01
Key Found : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\9D4F5849367142E4685ED8C25E44C5ED
Key Found : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\A5875B04372C19545BEB90D4D606C472
Key Found : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\A876D9E80B896EC44A8620248CC79296
Key Found : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\B66FFAB725B92594C986DE826A867888
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\ViewpointMediaPlayer
Key Found : HKLM\SOFTWARE\MozillaPlugins\@viewpoint.com/VMP
Key Found : HKLM\Software\Viewpoint

***** [Internet Browsers] *****

-\\ Internet Explorer v8.0.6001.18702

[OK] Registry is clean.

-\\ Mozilla Firefox v18.0 (en-US)

File : C:\Documents and Settings\Bruce Moen\Application Data\Mozilla\Firefox\Profiles\bk41c1fs.default\prefs.js

[OK] File is clean.

-\\ Google Chrome v [Unable to get version]

File : C:\Documents and Settings\Bruce Moen\Local Settings\Application Data\Google\Chrome\User Data\Default\Preferences

[OK] File is clean.

*************************

AdwCleaner[R1].txt - [5749 octets] - [14/01/2013 11:06:47]

########## EOF - C:\AdwCleaner[R1].txt - [5809 octets] ##########

#4 nasdaq

nasdaq

  • Malware Response Team
  • 40,476 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:04:39 PM

Posted 14 January 2013 - 02:44 PM

c:\program files\HearSource\HearSource Fitting .exe
c:\program files\HearSource\Backup\HearSource Fitting .exe

Both files have been corropted.
If ComboFix finds the good copies they will be replaced.
If not you will have to reinstall the application.
Are they part of this software?
http://www.hearsource.com/product_freestyle_hearing_aid.html
===

Open notepad and copy/paste the text in the quote box below into it:

RENV::
c:\program files\HearSource\HearSource Fitting  .exe
c:\program files\HearSource\Backup\HearSource Fitting  .exe

Registry::
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\system]
"qsmwzhwnjpttddgsewaeTaskMgr"=-

ClearJavaCache::


Save this as CFScript.txt on your desktop.

Posted Image

Referring to the picture above, drag CFScript into ComboFix.exe
Then post the resultant log.
===

Remove this old version of HijackThis using the Add/Remove Programs list.
HijackThis 2.0.2

Secure your system by updating 3rd party programs.

Your version of Java is outdated and needs to be updated to take advantage of fixes that have eliminated security vulnerabilities.

Check your present version and update as recommended.
https://www.java.com/en/download/installed.jsp

If present remove the old version(s) of Java using the Add/Remove Programs applet.


Old versions....


Java 7 update 10 introduced important new security controls
You can read about it here.
http://nakedsecurity.sophos.com/2012/12/19/java-7-update-10-introduces-important-new-security-controls/
===

Critical vulnerabilities have been identified in Adobe Flash Player v11.3.300.264 and earlier versions... being exploited in the wild in active targeted attacks...

Get the latest Flash Player

On the top of the page you will be given an opportunity to download the version for your operating system.
Make sure you select appropriate version.

You will also have an option to install the Free! McAfee Security Scan Plus Un-check the box if you are NOT using McAfee's virus protection software.

For the users of Internet Explorer download version 11.
Flash Player 11 (64 bit)
Flash Player 11 (32 bit)
===

Get the latest version of the Adobe Reader.
http://get.adobe.com/reader/
Before your download I suggest you unckeck the box on the top right "Yes, install McAfee Security Scan Plus - optional" this is not required if you are not a McAfee subscriber. While the installation is in progress you can also deny the installation of any other programs that may be suggested.

When installed remove your old version of the Reader using the Add/Remove Programs applet if present.
They are:
Adobe Reader 8 Adobe Reader out of Date!
Adobe Reader 10.1.5 Adobe Reader out of Date!
===

Remove the AdWare, PUP (Potentially Unwanted Program) installed on your computer.

  • Close all open programs and internet browsers.
  • Double click on AdwCleaner.exe to run the tool.
  • Click on Delete.
  • Everything that was found will be deleted.
  • Follow the prompts to reboot the computer. A text file will open after the restart.
  • Please post the content of that log file with your next answer.
  • You can find the log file at C:\AdwCleaner[Sn].txt (n is a number)..

Please post the logs and let me know what problem persists.

#5 Daddymoen

Daddymoen
  • Topic Starter

  • Members
  • 16 posts
  • OFFLINE
  •  
  • Local time:04:39 PM

Posted 15 January 2013 - 02:20 PM

Nasdaq,

Present situation:

Cannot drag and drop any icons or files anywhere in Windows XP.
Internet Explorer hangs when I try to run it. Attempted to find it to uninstall and reinstall. Couldn't find it. Not on the Add/Remove Programs list at the control panel.
Plantronics DSP 500 USB headset still not working. The headset was plugged in when I ran the next test with Skype.
As a test I attempted to use Skype first with the Plantronics headset plugged in, then with it not plugged in and and in both situations it lead to a BSOD. I posted the Crash Dump Analysis log I obtained by downloading "WhoCrashed" and running it in case they are useful.

Could not drag and drop CFScript.txt Desktop icon to ComboFix icon, used copy/paste instead to copy the script icon and paste it on the Combofix icon. That appeared to work.
HijackThis 2.0.2 was installed but did not appear on the "Add or Remove Programs" list, removed it by deleting its folder.

Updated Logitech Mouse and Keyboard software.

Updated Java to Ver 7 Update 11. Had to uninstall old version before it would download and install the new one.

Uninstalled Sandboxie.

Adobe Flash Player 11 for IE Users browser gave 404 File Not Found error.

Adobe Reader old versions 8 and 10.1.5 are not listed on the Add/Remove Programs list. Deleted folders.

Removed as much Third Party software as the computer would allow. Some could not be found on the Add/Remove Programs list from Control Panel. Some could only be deleted by deleting folders. Some gave error messages during attempts to delete them and deletion was not possible so the deleting folder method was used. I know this has to have left a lot of trash in registry that something Ace Utilities Registry Cleaner would remove, but have not run it yet as it is not on your list of things to do.
.

MSN updates were downloaded and automatically installed during the process of following your instructions.



ComboFix Log

ComboFix 13-01-15.02 - Bruce Moen 01/15/2013 9:09.3.1 - x86
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.3006.2399 [GMT -5:00]
Running from: c:\documents and settings\Bruce Moen\Desktop\ComboFix.exe
Command switches used :: c:\documents and settings\Bruce Moen\Desktop\CFScript.txt
AV: avast! Antivirus *Disabled/Updated* {7591DB91-41F0-48A3-B128-1A293FD8233D}
.
.
((((((((((((((((((((((((( Files Created from 2012-12-15 to 2013-01-15 )))))))))))))))))))))))))))))))
.
.
2067-02-24 21:21 . 2003-02-05 10:02 79947 ----a-w- c:\windows\fw20.vxd
2013-01-11 16:57 . 2013-01-11 16:57 -------- d-----w- c:\program files\NirSoft
2013-01-09 22:36 . 2013-01-09 22:36 -------- d-----w- c:\documents and settings\Bruce Moen\Local Settings\Application Data\PCHealth
2013-01-09 22:00 . 2013-01-09 22:02 -------- dc-h--w- c:\windows\ie8
2013-01-09 01:05 . 2001-08-17 18:28 701386 -c--a-w- c:\windows\system32\dllcache\wdhaalba.sys
2013-01-09 01:04 . 2001-08-18 03:35 42496 -c--a-w- c:\windows\system32\dllcache\tp4res.dll
2013-01-09 01:03 . 2001-08-17 17:12 25034 -c--a-w- c:\windows\system32\dllcache\smcpwr2n.sys
2013-01-09 01:02 . 2004-08-04 06:31 20992 -c--a-w- c:\windows\system32\dllcache\rtl8139.sys
2013-01-09 01:01 . 2008-04-13 19:44 28032 -c--a-w- c:\windows\system32\dllcache\perm3.sys
2013-01-09 01:00 . 2001-08-18 03:36 59104 -c--a-w- c:\windows\system32\dllcache\n9i128v2.dll
2013-01-09 00:59 . 2001-08-17 18:52 7424 -c--a-w- c:\windows\system32\dllcache\mammoth.sys
2013-01-09 00:58 . 2001-08-18 03:36 372824 -c--a-w- c:\windows\system32\dllcache\iconf32.dll
2013-01-09 00:57 . 2001-08-18 03:36 92160 -c--a-w- c:\windows\system32\dllcache\fuusd.dll
2013-01-09 00:56 . 2001-08-17 17:12 19594 -c--a-w- c:\windows\system32\dllcache\e100isa4.sys
2013-01-09 00:55 . 2001-08-18 03:36 44032 -c--a-w- c:\windows\system32\dllcache\cnusd.dll
2013-01-09 00:54 . 2001-08-17 18:51 13824 -c--a-w- c:\windows\system32\dllcache\bulltlp3.sys
2013-01-09 00:53 . 2001-08-17 18:47 6272 -c--a-w- c:\windows\system32\dllcache\apmbatt.sys
2013-01-09 00:53 . 2002-08-29 03:59 36224 -c--a-w- c:\windows\system32\dllcache\an983.sys
2013-01-09 00:53 . 2001-08-17 18:52 12032 -c--a-w- c:\windows\system32\dllcache\amsint.sys
2013-01-09 00:53 . 2001-08-17 17:11 16969 -c--a-w- c:\windows\system32\dllcache\amb8002.sys
2013-01-09 00:53 . 2001-08-17 18:51 5248 -c--a-w- c:\windows\system32\dllcache\aliide.sys
2013-01-09 00:53 . 2001-08-17 18:49 26624 -c--a-w- c:\windows\system32\dllcache\alifir.sys
2013-01-09 00:53 . 2001-08-17 17:11 27678 -c--a-w- c:\windows\system32\dllcache\ali5261.sys
2013-01-09 00:53 . 2001-08-17 19:07 56960 -c--a-w- c:\windows\system32\dllcache\aic78xx.sys
2013-01-09 00:53 . 2001-08-17 19:07 55168 -c--a-w- c:\windows\system32\dllcache\aic78u2.sys
2013-01-09 00:53 . 2001-08-17 18:52 12800 -c--a-w- c:\windows\system32\dllcache\aha154x.sys
2013-01-08 17:35 . 2013-01-08 17:35 -------- d-----w- c:\documents and settings\Bruce Moen\Application Data\ColorCop
2013-01-08 17:29 . 2013-01-08 17:29 -------- d-----w- c:\documents and settings\All Users\Application Data\APN
2013-01-03 16:22 . 2013-01-03 16:22 207510 ----a-w- c:\windows\Photo Pos Pro Uninstaller.exe
2013-01-03 16:22 . 2013-01-03 16:22 -------- d-----w- c:\program files\Common Files\Thraex Software
2013-01-03 16:22 . 2013-01-03 16:23 -------- d-----w- c:\program files\Photo Pos Pro
2012-12-31 20:32 . 2012-12-31 20:35 -------- d-----w- c:\program files\MeeSoft
2012-12-19 18:25 . 2012-12-19 18:25 -------- d-----w- c:\windows\system32\wbem\Repository
2012-12-19 17:57 . 2012-12-19 18:25 -------- d-----w- C:\Fiji
2012-12-18 14:28 . 2012-12-18 14:28 186584 ----a-w- c:\program files\Internet Explorer\PLUGINS\nppdf32.dll
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2013-01-08 23:26 . 2012-05-11 19:33 697864 ----a-w- c:\windows\system32\FlashPlayerApp.exe
2013-01-08 23:26 . 2011-06-23 19:26 74248 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2012-12-16 12:23 . 2003-03-31 12:00 290560 ----a-w- c:\windows\system32\atmfd.dll
2012-12-14 21:49 . 2010-03-10 19:46 21104 ----a-w- c:\windows\system32\drivers\mbam.sys
2012-11-13 01:25 . 2003-03-31 12:00 1866368 ----a-w- c:\windows\system32\win32k.sys
2012-11-06 02:01 . 2008-05-30 14:35 1371648 ----a-w- c:\windows\system32\msxml6.dll
2012-11-02 02:02 . 2002-12-12 06:14 375296 ----a-w- c:\windows\system32\dpnet.dll
2012-11-01 12:17 . 2006-06-23 15:33 916992 ----a-w- c:\windows\system32\wininet.dll
2012-11-01 12:17 . 2003-03-31 12:00 43520 ------w- c:\windows\system32\licmgr10.dll
2012-11-01 12:17 . 2003-03-31 12:00 1469440 ------w- c:\windows\system32\inetcpl.cpl
2012-11-01 00:35 . 2004-08-04 05:59 385024 ------w- c:\windows\system32\html.iec
2012-10-31 16:45 . 2008-01-04 13:37 40960 ----a-r- c:\documents and settings\Bruce Moen\Application Data\Microsoft\Installer\{19CAAE99-2574-47DD-9467-DC54276728FC}\NewShortcut41_880A24336AA24650A896CF1ADDA98C89.exe
2012-10-31 16:45 . 2008-01-04 13:37 40960 ----a-r- c:\documents and settings\Bruce Moen\Application Data\Microsoft\Installer\{19CAAE99-2574-47DD-9467-DC54276728FC}\NewShortcut3_880A24336AA24650A896CF1ADDA98C89.exe
2012-10-31 16:45 . 2008-01-04 13:37 40960 ----a-r- c:\documents and settings\Bruce Moen\Application Data\Microsoft\Installer\{19CAAE99-2574-47DD-9467-DC54276728FC}\NewShortcut4_880A24336AA24650A896CF1ADDA98C89.exe
2012-10-30 23:51 . 2012-01-26 16:56 361032 ----a-w- c:\windows\system32\drivers\aswSP.sys
2012-10-30 23:51 . 2012-01-26 16:56 738504 ----a-w- c:\windows\system32\drivers\aswSnx.sys
2012-10-30 23:51 . 2012-01-26 16:56 54232 ----a-w- c:\windows\system32\drivers\aswTdi.sys
2012-10-30 23:51 . 2012-01-26 16:56 35928 ----a-w- c:\windows\system32\drivers\aswRdr.sys
2012-10-30 23:51 . 2012-01-26 16:56 97608 ----a-w- c:\windows\system32\drivers\aswmon2.sys
2012-10-30 23:51 . 2012-01-26 16:56 89752 ----a-w- c:\windows\system32\drivers\aswmon.sys
2012-10-30 23:51 . 2012-01-26 16:56 21256 ----a-w- c:\windows\system32\drivers\aswFsBlk.sys
2012-10-30 23:51 . 2012-01-26 16:56 25256 ----a-w- c:\windows\system32\drivers\aavmker4.sys
2012-10-30 23:51 . 2012-01-26 16:56 41224 ----a-w- c:\windows\avastSS.scr
2012-10-30 23:50 . 2012-01-26 16:56 227648 ----a-w- c:\windows\system32\aswBoot.exe
2004-12-21 16:33 . 2004-12-21 16:33 446464 ----a-w- c:\program files\Voicer.exe
2004-03-15 21:51 . 2004-03-15 21:51 114688 ----a-w- c:\program files\internet explorer\plugins\LV71ActiveXControl.dll
2006-01-23 14:32 . 2006-01-23 14:32 131072 ----a-w- c:\program files\internet explorer\plugins\LV80ActiveXControl.dll
2007-02-08 14:48 . 2007-02-08 14:48 133920 ----a-w- c:\program files\internet explorer\plugins\LV82ActiveXControl.dll
2007-07-24 23:03 . 2007-07-24 23:03 118784 ----a-w- c:\program files\internet explorer\plugins\LV85ActiveXControl.dll
2013-01-11 16:28 . 2013-01-11 16:28 262704 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\00avast]
@="{472083B0-C522-11CF-8763-00608CC02F24}"
[HKEY_CLASSES_ROOT\CLSID\{472083B0-C522-11CF-8763-00608CC02F24}]
2012-10-30 23:50 121528 ----a-w- c:\program files\AVAST Software\Avast\ashShell.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"WMPNSCFG"="c:\program files\Windows Media Player\WMPNSCFG.exe" [2006-10-19 204288]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"LVCOMSX"="c:\windows\system32\LVCOMSX.EXE" [2005-07-19 221184]
"RTHDCPL"="RTHDCPL.EXE" [2010-09-03 19573352]
"avast"="c:\program files\AVAST Software\Avast\avastUI.exe" [2012-10-30 4297136]
"HP Software Update"="c:\program files\Hp\HP Software Update\HPWuSchd2.exe" [2011-05-10 49208]
"DNS7reminder"="c:\program files\Nuance\NaturallySpeaking12\Ereg\Ereg.exe" [2010-10-27 328992]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2010-03-16 110696]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2010-03-16 13670504]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-12-03 946352]
"IMJPMIG8.1"="c:\windows\IME\imjp8_1\IMJPMIG.EXE" [2004-08-04 208952]
"IMEKRMIG6.1"="c:\windows\ime\imkr6_1\IMEKRMIG.EXE" [2002-08-29 44032]
"PHIME2002ASync"="c:\windows\system32\IME\TINTLGNT\TINTSETP.EXE" [2003-03-31 455168]
"PHIME2002A"="c:\windows\system32\IME\TINTLGNT\TINTSETP.EXE" [2003-03-31 455168]
"MSPY2002"="c:\windows\system32\IME\PINTLGNT\ImScInst.exe" [2003-03-31 59392]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\LBTWlgn]
2010-10-28 10:13 64592 ----a-w- c:\program files\Common Files\Logishrd\Bluetooth\LBTWLgn.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"midi10"=midicode32.drv
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute REG_MULTI_SZ \0
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS]
@=""
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WdfLoadGroup]
@=""
.
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Device Detector 2.lnk]
backup=c:\windows\pss\Device Detector 2.lnkCommon Startup
.
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^HotSync Manager.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Franklin Covey\Palm Connected Organizer\HotSync Manager.lnk
backup=c:\windows\pss\HotSync Manager.lnkCommon Startup
.
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Kodak EasyShare software.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Kodak\Kodak EasyShare\Kodak EasyShare software.lnk
backup=c:\windows\pss\Kodak EasyShare software.lnkCommon Startup
.
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Kodak software updater.lnk]
backup=c:\windows\pss\Kodak software updater.lnkCommon Startup
.
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Microsoft Office.lnk]
backup=c:\windows\pss\Microsoft Office.lnkCommon Startup
.
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Perstray.lnk]
backup=c:\windows\pss\Perstray.lnkCommon Startup
.
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^raid_tool.exe.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\VIA\RAID\raid_tool.exe.lnk
backup=c:\windows\pss\raid_tool.exe.lnkCommon Startup
.
[HKLM\~\startupfolder\C:^Documents and Settings^Bruce Moen^Start Menu^Programs^Startup^PowerReg Scheduler V3.exe]
.
[HKLM\~\startupfolder\C:^Documents and Settings^Bruce Moen^Start Menu^Programs^Startup^PowerReg Scheduler.exe]
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Google Update]
2008-11-29 14:54 133104 ----atw- c:\documents and settings\Bruce Moen\Local Settings\Application Data\Google\Update\GoogleUpdate.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\P17Helper]
2005-05-04 02:38 64512 ----a-w- c:\windows\system32\P17.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WMPNSCFG]
2006-10-19 03:05 204288 ------w- c:\program files\Windows Media Player\wmpnscfg.exe
.
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run-]
"Skype"="c:\program files\Skype\Phone\Skype.exe" /nosplash /minimized
"SandboxieControl"="c:\program files\Sandboxie\SbieCtrl.exe"
"HP Officejet Pro 8600 (NET)"="c:\program files\HP\HP Officejet Pro 8600\Bin\ScanToPCActivationApp.exe" -deviceID "CN23MBR3X405KD:NW" -scfn "HP Officejet Pro 8600 (NET)" -AutoStart 1
"Google Update"="c:\documents and settings\Bruce Moen\Local Settings\Application Data\Google\Update\GoogleUpdate.exe" /c
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-]
"RetroExpress"=c:\progra~1\Dantz\RETROS~1\RetroExpress.exe /h
"niDevMon"=c:\program files\National Instruments\NI-DAQ\HWConfig\nidevmon.exe
"Sidereal Clock"=c:\program files\sidclock1\RSclock.exe
"EvtMgr6"=c:\program files\Logitech\SetPointP\SetPoint.exe /launchGaming
"mxomssmenu"="c:\program files\Maxtor\OneTouch Status\maxmenumgr.exe"
"Seagate Scheduler2 Service"="c:\program files\Common Files\Seagate\Schedule2\schedhlp.exe"
"LogitechQuickCamRibbon"="c:\program files\Logitech\Logitech WebCam Software\LWS.exe" /hide
"ISUSPM"=c:\documents and settings\All Users\Application Data\FLEXnet\Connect\11\\isuspm.exe -scheduler
"nwiz"=nwiz.exe /installquiet
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusOverride"=dword:00000001
"FirewallOverride"=dword:00000001
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Messenger\\msmsgs.exe"=
"c:\\Program Files\\Kodak\\Kodak EasyShare software\\bin\\EasyShare.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\Logitech\\Desktop Messenger\\8876480\\Program\\LogitechDesktopMessenger.exe"=
"c:\\WINDOWS\\system32\\nisvcloc.exe"=
"c:\\WINDOWS\\system32\\lktsrv.exe"=
"c:\\WINDOWS\\system32\\CTSVCCDA.EXE"=
"%windir%\\system32\\drivers\\svchost.exe"=
"c:\\Documents and Settings\\Bruce Moen\\Local Settings\\Application Data\\Google\\Google Talk Plugin\\googletalkplugin.dll"=
"c:\\Documents and Settings\\Bruce Moen\\Local Settings\\Application Data\\Google\\Google Talk Plugin\\googletalkplugin.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\wlcsdk.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"c:\\Program Files\\Windows Live\\Sync\\WindowsLiveSync.exe"=
"c:\\WINDOWS\\system32\\dpvsetup.exe"=
"c:\\Program Files\\ImageJ\\jre\\bin\\javaw.exe"=
"c:\\WINDOWS\\system32\\SUPDSvc.exe"=
"c:\\Program Files\\Logitech\\Vid HD\\Vid.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"51001:TCP"= 51001:TCP:Dragon Smart Phone Server
.
R0 hotcore3;hc3ServiceName;c:\windows\system32\drivers\hotcore3.sys [8/11/2010 8:32 AM 40560]
R0 Lbd;Lbd;c:\windows\system32\drivers\Lbd.sys [1/21/2009 2:14 PM 64160]
R0 nipbcfk;National Instruments Class Upper Filter Driver;c:\windows\system32\drivers\nipbcfk.sys [7/10/2007 6:08 PM 15448]
R1 aswSnx;aswSnx;c:\windows\system32\drivers\aswSnx.sys [1/26/2012 11:56 AM 738504]
R1 aswSP;aswSP;c:\windows\system32\drivers\aswSP.sys [1/26/2012 11:56 AM 361032]
R1 hwinterface32B01;hwinterface32B01;c:\windows\system32\drivers\hwinterface32B01.sys [11/2/2009 3:38 PM 4930]
R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [1/26/2012 11:56 AM 21256]
R2 DragonSvc;Dragon Service;c:\program files\Common Files\Nuance\dgnsvc.exe [7/18/2012 9:07 PM 310232]
R2 LBeepKE;Logitech Beep Suppression Driver;c:\windows\system32\drivers\LBeepKE.sys [9/21/2010 1:54 PM 10448]
R2 MBAMScheduler;MBAMScheduler;c:\program files\Malwarebytes' Anti-Malware\mbamscheduler.exe [11/27/2012 12:48 PM 398184]
R2 nidevldu;NI Device Loader;c:\windows\system32\nipalsm.exe [2/16/2007 9:21 AM 12696]
R2 nipxirmk;nipxirmk;c:\windows\system32\drivers\nipxirmkl.sys [9/18/2007 6:24 AM 11552]
R2 NiViPxiK;NI-VISA PXI Driver;c:\windows\system32\drivers\NiViPxiKl.sys [7/19/2007 10:56 AM 11360]
R2 SgtSch2Svc;Seagate Scheduler2 Service;c:\program files\Common Files\Seagate\Schedule2\schedul2.exe [10/16/2009 5:39 PM 431456]
R2 Viewpoint Manager Service;Viewpoint Manager Service;c:\program files\Viewpoint\Common\ViewpointService.exe [11/25/2008 2:29 PM 24652]
R3 MatSvc;Microsoft Automated Troubleshooting Service;c:\program files\Microsoft Fix it Center\Matsvc.exe [6/13/2011 10:09 PM 267568]
R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [3/10/2010 2:46 PM 21104]
R3 nidimk;nidimk;c:\windows\system32\drivers\nidimkl.sys [12/14/2007 11:41 AM 11360]
R3 niesrk;niesrk;c:\windows\system32\drivers\niesrkl.sys [2/22/2008 10:25 AM 11336]
R3 nimru2k;nimru2k;c:\windows\system32\drivers\nimru2kl.sys [12/14/2007 2:06 PM 11360]
R3 nimstsk;nimstsk;c:\windows\system32\drivers\nimstskl.sys [12/18/2007 5:14 PM 11360]
S0 viasraid;viasraid;c:\windows\system32\drivers\viasraid.sys [8/18/2004 9:20 AM 76416]
S2 gupdate1c98e3fdec49ea2;Google Update Service (gupdate1c98e3fdec49ea2);c:\program files\Google\Update\GoogleUpdate.exe [2/13/2009 8:02 PM 133104]
S2 MBAMService;MBAMService;c:\program files\Malwarebytes' Anti-Malware\mbamservice.exe [3/10/2010 2:46 PM 682344]
S2 SkypeUpdate;Skype Updater;c:\program files\Skype\Updater\Updater.exe [1/8/2013 12:55 PM 161536]
S3 Ambfilt;Ambfilt;c:\windows\system32\drivers\Ambfilt.sys [9/13/2010 3:06 PM 1691480]
S3 ampa;ampa;c:\windows\system32\ampa.sys [12/2/2010 3:08 PM 10936]
S3 lvalarmk;lvalarmk;c:\windows\system32\drivers\lvalarmk.sys [12/20/2007 8:37 AM 20056]
S3 ni1006k;NI PXI-1006 Chassis Pilot;c:\windows\system32\drivers\ni1006k.sys [10/8/2007 1:10 PM 25888]
S3 ni1045k;NI PXI-1045 Chassis Pilot;c:\windows\system32\drivers\ni1045kl.sys [10/8/2007 1:10 PM 11552]
S3 ni1065k;NI PXIe-1065 Chassis Pilot;c:\windows\system32\drivers\ni1065k.sys [10/8/2007 1:10 PM 22360]
S3 nicdrk;nicdrk;c:\windows\system32\drivers\nicdrkl.sys [12/26/2007 10:53 AM 11352]
S3 nicsrk;nicsrk;c:\windows\system32\drivers\nicsrkl.sys [2/22/2008 10:25 AM 11336]
S3 nidmxfk;nidmxfk;c:\windows\system32\drivers\nidmxfkl.sys [12/18/2007 5:20 PM 11336]
S3 nidsark;nidsark;c:\windows\system32\drivers\nidsarkl.sys [2/15/2008 2:37 PM 11344]
S3 niemrk;niemrk;c:\windows\system32\drivers\niemrkl.sys [2/22/2008 10:25 AM 11336]
S3 nifslk;nifslk;c:\windows\system32\drivers\nifslkl.sys [12/26/2007 10:18 AM 11352]
S3 nimsdrk;nimsdrk;c:\windows\system32\drivers\nimsdrkl.sys [1/11/2008 3:08 PM 11392]
S3 nimslk;nimslk;c:\windows\system32\drivers\nimslk.dll [4/4/2007 7:06 AM 14464]
S3 nimsrlk;nimsrlk;c:\windows\system32\drivers\nimsrlk.dll [4/4/2007 7:06 AM 151683]
S3 nimxpk;nimxpk;c:\windows\system32\drivers\nimxpkl.sys [12/18/2007 5:14 PM 11368]
S3 ninshsdk;ninshsdk;c:\windows\system32\drivers\ninshsdkl.sys [12/27/2007 8:45 AM 11360]
S3 nipalfwedl;nipalfwedl;c:\windows\system32\drivers\nipalfwedl.sys [12/12/2007 10:23 PM 11904]
S3 nipalusbedl;nipalusbedl;c:\windows\system32\drivers\nipalusbedl.sys [12/12/2007 10:22 PM 11896]
S3 nipxigpk;NI PXI Generic Chassis Pilot;c:\windows\system32\drivers\nipxigpk.sys [11/26/2007 4:22 PM 20768]
S3 niscdk;niscdk;c:\windows\system32\drivers\niscdkl.sys [1/7/2008 11:38 PM 11376]
S3 nisdigk;nisdigk;c:\windows\system32\drivers\nisdigkl.sys [1/7/2008 11:21 PM 11352]
S3 nisftk;nisftk;c:\windows\system32\drivers\nisftkl.sys [12/20/2007 2:54 PM 11344]
S3 nispdk;nispdk;c:\windows\system32\drivers\nispdkl.sys [1/7/2008 11:38 PM 11376]
S3 nissrk;nissrk;c:\windows\system32\drivers\nissrkl.sys [2/22/2008 10:25 AM 11336]
S3 nistc2k;nistc2k;c:\windows\system32\drivers\nistc2kl.sys [1/7/2008 11:35 PM 11312]
S3 nistcrk;nistcrk;c:\windows\system32\drivers\nistcrkl.sys [2/14/2008 7:58 PM 11360]
S3 niswdk;niswdk;c:\windows\system32\drivers\niswdkl.sys [1/2/2008 12:14 PM 11336]
S3 nitiork;nitiork;c:\windows\system32\drivers\nitiorkl.sys [2/19/2008 10:56 PM 11360]
S3 niufurk;niufurk;c:\windows\system32\drivers\niufurkl.sys [2/22/2008 10:25 AM 11368]
S3 NiViFWK;NI-VISA FireWire Driver;c:\windows\system32\drivers\NiViFWKl.sys [7/19/2007 10:48 AM 11384]
S3 NiViPciK;NI-VISA PCI Driver;c:\windows\system32\drivers\NiViPciKl.sys [7/19/2007 10:56 AM 11360]
S3 niwfrk;niwfrk;c:\windows\system32\drivers\niwfrkl.sys [2/22/2008 10:25 AM 11336]
S3 nixsrk;nixsrk;c:\windows\system32\drivers\nixsrkl.sys [2/22/2008 10:25 AM 11336]
S3 NPF;NetGroup Packet Filter Driver;c:\windows\system32\drivers\npf.sys [5/21/2008 6:57 PM 34576]
S3 PsSdk41;PsSdk41;c:\windows\system32\drivers\pssdk41.sys [10/13/2010 2:50 AM 36928]
S3 Samsung UPD Service;Samsung UPD Service;c:\windows\system32\SUPDSvc.exe [9/13/2010 3:16 PM 132464]
S3 StkMini;VideoAdvantage USB;c:\windows\system32\drivers\StkMini.sys [3/25/2005 9:39 AM 600617]
.
Contents of the 'Scheduled Tasks' folder
.
2013-01-15 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2012-05-11 23:26]
.
2013-01-14 c:\windows\Tasks\At1.job
- c:\program files\HP\HP Officejet Pro 8600\Bin\HPCustPartic.exe [2011-09-09 19:53]
.
2013-01-14 c:\windows\Tasks\At2.job
- c:\program files\HP\HP Officejet Pro 8600\Bin\HPCustPartic.exe [2011-09-09 19:53]
.
2013-01-14 c:\windows\Tasks\At3.job
- c:\program files\HP\HP Officejet Pro 8600\Bin\HPCustPartic.exe [2011-09-09 19:53]
.
2013-01-13 c:\windows\Tasks\At4.job
- c:\program files\HP\HP Officejet Pro 8600\Bin\HPCustPartic.exe [2011-09-09 19:53]
.
2013-01-15 c:\windows\Tasks\avast! Emergency Update.job
- c:\program files\AVAST Software\Avast\AvastEmUpdate.exe [2012-07-03 23:50]
.
2013-01-07 c:\windows\Tasks\classicftpShakeIcon.job
- c:\program files\NCH Software\ClassicFTP\classicftp.exe [2011-06-06 17:49]
.
2013-01-15 c:\windows\Tasks\ConfigExec.job
- c:\program files\Microsoft Fix it Center\MatsApi.dll [2011-06-14 03:09]
.
2013-01-14 c:\windows\Tasks\DataUpload.job
- c:\program files\Microsoft Fix it Center\MatsApi.dll [2011-06-14 03:09]
.
2013-01-15 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-02-14 01:02]
.
2013-01-15 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-02-14 01:02]
.
2013-01-14 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-746137067-2049760794-839522115-1004Core.job
- c:\documents and settings\Bruce Moen\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2008-11-29 14:54]
.
2013-01-15 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-746137067-2049760794-839522115-1004UA.job
- c:\documents and settings\Bruce Moen\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2008-11-29 14:54]
.
2013-01-15 c:\windows\Tasks\RealUpgradeLogonTaskS-1-5-21-746137067-2049760794-839522115-1004.job
- c:\program files\Real\RealUpgrade\realupgrade.exe [2010-11-05 16:33]
.
2013-01-14 c:\windows\Tasks\RealUpgradeScheduledTaskS-1-5-21-746137067-2049760794-839522115-1004.job
- c:\program files\Real\RealUpgrade\realupgrade.exe [2010-11-05 16:33]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.google.com/
uSearchMigratedDefaultURL = hxxp://search.yahoo.com/search?p={searchTerms}&ei=utf-8&fr=b1ie7
uInternet Settings,ProxyServer = sas.r4.attbi.com:8000
uInternet Settings,ProxyOverride = *.r4.attbi.com;<local>
uSearchURL,(Default) = hxxp://www.google.com/keyword/%s
IE: {{654415B4-654E-4A6B-9F80-D4F2DD24E621} - c:\program files\Bytescout Movies Extractor Scout\flashextract_ie.html
IE: {{68FFDFEE-F5A7-46F5-9DEE-03024EFE5586} - c:\program files\Bytescout Movies Extractor Scout\flashextract_ie.html
IE: {{AA6419A7-4B01-46E8-98AD-AB811359C33E} - c:\program files\Bytescout Movies Extractor Scout\flashextract_ie.html
Trusted Zone: internet
Trusted Zone: lingo.com\www
Trusted Zone: mcafee.com
TCP: DhcpNameServer = 216.181.31.11 216.181.30.11 65.32.5.111
TCP: Interfaces\{BE72B7F1-9B0E-4278-BC0A-8113151D3E18}: NameServer = 65.32.5.111,65.32.5.112
Handler: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - c:\program files\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll
DPF: DirectAnimation Java Classes
DPF: Microsoft XML Parser for Java - file:///C:/WINDOWS/Java/classes/xmldso.cab
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2013-01-15 09:20
Windows 5.1.2600 Service Pack 3 NTFS
.
scanning hidden processes ...
.
scanning hidden autostart entries ...
.
scanning hidden files ...
.
scan completed successfully
hidden files: 0
.
**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_USERS\S-1-5-21-746137067-2049760794-839522115-1004\Software\Microsoft\SystemCertificates\AddressBook*]
@Allowed: (Read) (RestrictedCode)
@Allowed: (Read) (RestrictedCode)
.
[HKEY_USERS\S-1-5-21-746137067-2049760794-839522115-1004\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{DEC3C133-8181-6605-8DB3-DDB9D5D7596D}*]
@Allowed: (Read) (RestrictedCode)
@Allowed: (Read) (RestrictedCode)
"iabgcpmekffiogpbhn"=hex:6a,61,6b,6d,6b,6b,6d,62,6a,65,61,6c,6f,6b,6d,64,64,65,
70,6b,00,00
"hahfkfegihmcioeg"=hex:69,61,67,6e,65,6b,69,6f,69,6f,68,6c,63,68,70,70,68,6a,
00,00
.
[HKEY_USERS\S-1-5-21-746137067-2049760794-839522115-1004\Software\Zepter Software\RegLib*4c5ea22c\CloneDVD2/2]
"1"=dword:44a2eef7
"2"=dword:45548fd7
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil32_11_5_502_146_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil32_11_5_502_146_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{DEC3C133-8181-6605-8DB3-DDB9D5D7596D}\InProcServer32*]
"jadgboiklbfokebjgjhc"=hex:6a,61,6b,6d,6b,6b,6d,62,6a,65,61,6c,6f,6b,6d,64,64,
65,70,6b,00,00
"iadglngdijooknajgf"=hex:69,61,67,6e,65,6b,69,6f,69,6f,68,6c,63,68,70,70,68,6a,
00,00
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
--------------------- DLLs Loaded Under Running Processes ---------------------
.
- - - - - - - > 'winlogon.exe'(960)
c:\program files\common files\logishrd\bluetooth\LBTWlgn.dll
.
- - - - - - - > 'explorer.exe'(468)
c:\windows\system32\WININET.dll
c:\windows\system32\ieframe.dll
c:\windows\system32\webcheck.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
Completion time: 2013-01-15 09:23:48
ComboFix-quarantined-files.txt 2013-01-15 14:23
ComboFix2.txt 2013-01-14 16:00
.
Pre-Run: 383,971,139,584 bytes free
Post-Run: 383,950,094,336 bytes free
.
- - End Of File - - 7B9E069961FF58C34E7A7E9101C48F91


AdwCleaner Log

# AdwCleaner v2.105 - Logfile created 01/15/2013 at 12:33:03
# Updated 08/01/2013 by Xplode
# Operating system : Microsoft Windows XP Service Pack 3 (32 bits)
# User : Bruce Moen - BIOSTAR5
# Boot Mode : Normal
# Running from : C:\Documents and Settings\Bruce Moen\Desktop\adwcleaner.exe
# Option [Delete]


***** [Services] *****

Stopped & Deleted : Viewpoint Manager Service

***** [Files / Folders] *****

Folder Deleted : C:\Documents and Settings\All Users\Application Data\APN
Folder Deleted : C:\Documents and Settings\All Users\Application Data\Ask
Folder Deleted : C:\Documents and Settings\All Users\Application Data\Viewpoint
Folder Deleted : C:\Documents and Settings\Bruce Moen\Application Data\Viewpoint
Folder Deleted : C:\Program Files\Ask.com
Folder Deleted : C:\Program Files\Viewpoint

***** [Registry] *****

Key Deleted : HKCU\Software\Conduit
Key Deleted : HKCU\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{A5AA24EA-11B8-4113-95AE-9ED71DEAF12A}
Key Deleted : HKCU\Software\Softonic
Key Deleted : HKLM\Software\AskToolbar
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{9B0CB95C-933A-4B8C-B6D4-EDCD19A43874}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\GenericAskToolbar.DLL
Key Deleted : HKLM\SOFTWARE\Classes\AppID\NCTAudioCDGrabber2.DLL
Key Deleted : HKLM\SOFTWARE\Classes\AxMetaStream.MetaStreamCtl
Key Deleted : HKLM\SOFTWARE\Classes\AxMetaStream.MetaStreamCtl.1
Key Deleted : HKLM\SOFTWARE\Classes\AxMetaStream.MetaStreamCtlSecondary
Key Deleted : HKLM\SOFTWARE\Classes\AxMetaStream.MetaStreamCtlSecondary.1
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{1B00725B-C455-4DE6-BFB6-AD540AD427CD}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{6C434537-053E-486D-B62A-160059D9D456}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{91CF619A-4686-4CA4-9232-3B2E6B63AA92}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{AC71B60E-94C9-4EDE-BA46-E146747BB67E}
Key Deleted : HKLM\SOFTWARE\Classes\toolband.eb_explorerbar
Key Deleted : HKLM\SOFTWARE\Classes\toolband.eb_explorerbar.1
Key Deleted : HKLM\SOFTWARE\Classes\toolband.fh_hookeventsink
Key Deleted : HKLM\SOFTWARE\Classes\toolband.fh_hookeventsink.1
Key Deleted : HKLM\SOFTWARE\Classes\toolband.ipm_printlistitem
Key Deleted : HKLM\SOFTWARE\Classes\toolband.ipm_printlistitem.1
Key Deleted : HKLM\SOFTWARE\Classes\toolband.pm_dialogeventshandler
Key Deleted : HKLM\SOFTWARE\Classes\toolband.pm_dialogeventshandler.1
Key Deleted : HKLM\SOFTWARE\Classes\toolband.pm_launcher
Key Deleted : HKLM\SOFTWARE\Classes\toolband.pm_launcher.1
Key Deleted : HKLM\SOFTWARE\Classes\toolband.pm_printmanager
Key Deleted : HKLM\SOFTWARE\Classes\toolband.pm_printmanager.1
Key Deleted : HKLM\SOFTWARE\Classes\toolband.pr_bindstatuscallback
Key Deleted : HKLM\SOFTWARE\Classes\toolband.pr_bindstatuscallback.1
Key Deleted : HKLM\SOFTWARE\Classes\toolband.pr_cancelbuttoneventhandler
Key Deleted : HKLM\SOFTWARE\Classes\toolband.pr_cancelbuttoneventhandler.1
Key Deleted : HKLM\SOFTWARE\Classes\toolband.pr_printdialogcallback
Key Deleted : HKLM\SOFTWARE\Classes\toolband.pr_printdialogcallback.1
Key Deleted : HKLM\SOFTWARE\Classes\toolband.tbtoolband
Key Deleted : HKLM\SOFTWARE\Classes\toolband.tbtoolband.1
Key Deleted : HKLM\SOFTWARE\Classes\toolband.useroptions
Key Deleted : HKLM\SOFTWARE\Classes\toolband.useroptions.1
Key Deleted : HKLM\Software\Conduit
Key Deleted : HKLM\Software\MetaStream
Key Deleted : HKLM\SOFTWARE\Microsoft\Active Setup\Installed Components\{03F998B2-0E00-11D3-A498-00104B6EB52E}
Key Deleted : HKLM\SOFTWARE\Microsoft\Active Setup\Installed Components\{1B00725B-C455-4DE6-BFB6-AD540AD427CD}
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{A5AA24EA-11B8-4113-95AE-9ED71DEAF12A}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\App Management\ARPCache\ViewpointMediaPlayer
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{03F998B2-0E00-11D3-A498-00104B6EB52E}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{1B00725B-C455-4DE6-BFB6-AD540AD427CD}
Key Deleted : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\0CFE535C35F99574E8340BFA75BF92C2
Key Deleted : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\261F213D1F55267499B1F87D0CC3BCF7
Key Deleted : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\741B4ADF27276464790022C965AB6DA8
Key Deleted : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\7DE196B10195F5647A2B21B761F3DE01
Key Deleted : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\9D4F5849367142E4685ED8C25E44C5ED
Key Deleted : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\A5875B04372C19545BEB90D4D606C472
Key Deleted : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\A876D9E80B896EC44A8620248CC79296
Key Deleted : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\B66FFAB725B92594C986DE826A867888
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\ViewpointMediaPlayer
Key Deleted : HKLM\SOFTWARE\MozillaPlugins\@viewpoint.com/VMP
Key Deleted : HKLM\Software\Viewpoint

***** [Internet Browsers] *****

-\\ Internet Explorer v8.0.6001.18702

[OK] Registry is clean.

-\\ Mozilla Firefox v18.0 (en-US)

File : C:\Documents and Settings\Bruce Moen\Application Data\Mozilla\Firefox\Profiles\bk41c1fs.default\prefs.js

[OK] File is clean.

-\\ Google Chrome v [Unable to get version]

File : C:\Documents and Settings\Bruce Moen\Local Settings\Application Data\Google\Chrome\User Data\Default\Preferences

[OK] File is clean.

*************************

AdwCleaner[R1].txt - [5878 octets] - [14/01/2013 11:06:47]
AdwCleaner[S1].txt - [5945 octets] - [15/01/2013 12:33:03]

########## EOF - C:\AdwCleaner[S1].txt - [6005 octets] ##########


WhoCrashed Log with Plantronics Headset plugged in (USB)

On Tue 1/15/2013 6:20:40 PM GMT your computer crashed
crash dump file: C:\WINDOWS\Minidump\Mini011513-01.dmp
This was probably caused by the following module: aswsnx.sys (aswSnx+0x58E84)
Bugcheck code: 0x1000008E (0xFFFFFFFFC0000005, 0xFFFFFFFF805B0C34, 0xFFFFFFFFB2343C90, 0x0)
Error: KERNEL_MODE_EXCEPTION_NOT_HANDLED_M
file path: C:\WINDOWS\system32\drivers\aswsnx.sys
product: avast! Antivirus
company: AVAST Software
description: avast! Virtualization Driver
Bug check description: This indicates that a kernel-mode program generated an exception which the error handler did not catch.
This appears to be a typical software driver bug and is not likely to be caused by a hardware problem.
A third party driver was identified as the probable root cause of this system error. It is suggested you look for an update for the following driver: aswsnx.sys (avast! Virtualization Driver, AVAST Software).
Google query: AVAST Software KERNEL_MODE_EXCEPTION_NOT_HANDLED_M



On Mon 1/14/2013 3:24:52 PM GMT your computer crashed
crash dump file: C:\WINDOWS\Minidump\Mini011413-01.dmp
This was probably caused by the following module: ntkrnlpa.exe (nt+0x21CE3)
Bugcheck code: 0xCA (0x4, 0xFFFFFFFF887C3F10, 0x0, 0x0)
Error: PNP_DETECTED_FATAL_ERROR
file path: C:\WINDOWS\system32\ntkrnlpa.exe
product: Microsoft® Windows® Operating System
company: Microsoft Corporation
description: NT Kernel & System
Bug check description: This indicates that the Plug and Play Manager encountered a severe error, probably as a result of a problematic Plug and Play driver.
The crash took place in the Windows kernel. Possibly this problem is caused by another driver that cannot be identified at this time.
-------------------------------------
WhoCrashed Log without Plantronics headset plugged in.

On Tue 1/15/2013 6:54:44 PM GMT your computer crashed
crash dump file: C:\WINDOWS\Minidump\Mini011513-02.dmp
This was probably caused by the following module: ntkrnlpa.exe (nt+0x21CE3)
Bugcheck code: 0xC2 (0x7, 0xCD4, 0x0, 0xFFFFFFFF893711C8)
Error: BAD_POOL_CALLER
file path: C:\WINDOWS\system32\ntkrnlpa.exe
product: Microsoft® Windows® Operating System
company: Microsoft Corporation
description: NT Kernel & System
Bug check description: This indicates that the current thread is making a bad pool request.
This appears to be a typical software driver bug and is not likely to be caused by a hardware problem.
The crash took place in the Windows kernel. Possibly this problem is caused by another driver that cannot be identified at this time.



On Tue 1/15/2013 6:54:44 PM GMT your computer crashed
crash dump file: C:\WINDOWS\memory.dmp
This was probably caused by the following module: ntkrnlpa.exe (nt!KeBugCheckEx+0x1B)
Bugcheck code: 0xC2 (0x7, 0xCD4, 0x0, 0xFFFFFFFF893711C8)
Error: BAD_POOL_CALLER
file path: C:\WINDOWS\system32\ntkrnlpa.exe
product: Microsoft® Windows® Operating System
company: Microsoft Corporation
description: NT Kernel & System
Bug check description: This indicates that the current thread is making a bad pool request.
This appears to be a typical software driver bug and is not likely to be caused by a hardware problem.
The crash took place in the Windows kernel. Possibly this problem is caused by another driver that cannot be identified at this time.

#6 nasdaq

nasdaq

  • Malware Response Team
  • 40,476 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:04:39 PM

Posted 16 January 2013 - 09:13 AM

Remove this registry key.

; Purpose: Remove traces in the registry.
;
; Instructions: Copy and paste this text IN BOLD into a text editor such as Notepad.
;
; Save this text as Fix.reg. Make sure the "Save as type:" is "All Files (*.*)" and save it to your desktop.

REGEDIT4

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\system]
"qsmwzhwnjpttddgsewaeTaskMgr"=-



; Double-click on Fix.reg. When it asks you to merge the information to the registry click Yes.

On a Vista or Windows 7 operating system, right click the Fix.reg and run as Administrator.

Delete the Fix.reg file when done.
===


Download Revo Uninstaller and remove any programs you are having difficulties in completing the removal using the Add/Remove Programs list.
Remove also any remnat items associated with deleted programs.

http://majorgeeks.com/Revo_Uninstaller_d5706.html
===

The crashed are coming from different processes.
Lets check deeper.


Please Download
TDSSKiller.zip

>>> Double-click on TDSSKiller.exe to run the application.
  • Click on the Start Scan button and wait for the scan and disinfection process to be over.
  • If an infected file is detected, the default action will be Cure, click on Continue
    Posted Image
  • If a suspicious file is detected, the default action will be Skip, click on Continue
    Posted Image
  • If you are asked to reboot the computer to complete the process, click on the Reboot Now button. A report will be automatically saved at the root of the System drive ((usually C:\) in the form of "TDSSKiller.[Version]_[Date]_[Time]_log.txt" (for example, C:\TDSSKiller.2.2.0_20.12.2009_15.31.43_log.txt). Please copy and paste the contents of that file here.
  • If no reboot is required, click on Report. A log file will appear. Please copy and paste the contents of that file in your next reply.

Download http://public.avast.com/~gmerek/aswMBR.exe (aswMBR.exe) to your desktop. Double click the aswMBR.exe to run it

  • Click the "Scan" button to start scan.
  • Upon completion of the scan, click Save log, and save it to your desktop. (Note - do not select any Fix at this time) <- IMPORTANT
  • Please post the contents of that log in your next reply.
There shall also be a file on your desktop named MBR.dat. Right click that file and select Send To>Compressed (zipped) folder. Please attach that zipped file in your next reply.

===

Please post the logs for my review.

#7 Daddymoen

Daddymoen
  • Topic Starter

  • Members
  • 16 posts
  • OFFLINE
  •  
  • Local time:04:39 PM

Posted 16 January 2013 - 12:46 PM

Nasdaq,

Could not get Fix.reg to run from the desktop. Dialog box asked if I wanted to import Fix.reg into the registry, but errored out. Instead, I used Start - Run - regedit and then imported from there. That appeared to work.

As a side note, the script added to ComboFix to fix the corrupted file in HearSource continues to run sporadically. The file is replaced already but it keeps trying to add it again. I Cancel out to avoid adding another copy to the directory. Do I need to uninstall ComboFix to get this to stop? Or do I need to delete the script file?

Still can't drag and drop icons or files, etc. I checked XP settings and Drag and Drop is enabled.

Internet Explorer 8 still wouldn't run. I deleted history, cookies, etc. to no effect. Used Revo Uninstaller to remove IE8 completely thinking maybe there was old trash in the Registry or elsewhere causing the problem. Will try a reinstall again at some point, probably after we get the computer working.

Used Revo Uninstall to remove Skype, will need to reinstall to see if the BSOD problem persists. Later, I will post a note regarding IE8 and Skype tests.

There is an old PayPal plugin that needs to be removed, it is no longer supported or used by PayPal. Revo showed so many registry entries for it I was afraid to remove all the Bold ones on the list out of concern there may be something needed that would be wiped out. Can I trust that Revo enough to remove all of those? So far I chickened out.

Used Revo to remove lots of unnecessary programs and remnants of previous uninstalls.

TDSSKiller Log
TDSSKiller finished its scan with a "No Threats Found" and did not generate a report.

aswMBR.exe Log

aswMBR version 0.9.9.1707 Copyright© 2011 AVAST Software
Run date: 2013-01-16 11:39:36
-----------------------------
11:39:36.218 OS Version: Windows 5.1.2600 Service Pack 3
11:39:36.218 Number of processors: 1 586 0x4F02
11:39:36.218 ComputerName: BIOSTAR5 UserName:
11:39:39.125 Initialize success
11:39:39.968 AVAST engine defs: 13011600
11:40:12.890 Disk 0 \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-4
11:40:12.890 Disk 0 Vendor: Maxtor_6Y160P0 YAR41BW0 Size: 156334MB BusType: 3
11:40:12.890 Disk 1 (boot) \Device\Harddisk1\DR1 -> \Device\Scsi\nvgts1Port2Path0Target0Lun0
11:40:12.890 Disk 1 Vendor: ST315003 CC1H Size: 1430799MB BusType: 3
11:40:12.906 Disk 1 MBR read successfully
11:40:12.906 Disk 1 MBR scan
11:40:12.953 Disk 1 Windows XP default MBR code
11:40:12.953 Disk 1 Partition 1 80 (A) 07 HPFS/NTFS NTFS 511993 MB offset 63
11:40:12.953 Disk 1 Partition - 00 0F Extended LBA 918795 MB offset 1048578615
11:40:12.968 Disk 1 Partition 2 00 07 HPFS/NTFS NTFS 918795 MB offset 1048578678
11:40:12.968 Disk 1 scanning sectors +2930272065
11:40:13.031 Disk 1 scanning C:\WINDOWS\system32\drivers
11:40:28.718 Service scanning
11:40:46.328 Modules scanning
11:41:06.609 Disk 1 trace - called modules:
11:41:06.640 ntkrnlpa.exe CLASSPNP.SYS disk.sys ACPI.sys hal.dll SCSIPORT.SYS nvgts.sys
11:41:06.640 1 nt!IofCallDriver -> \Device\Harddisk1\DR1[0x8adcfab8]
11:41:06.656 3 CLASSPNP.SYS[b80e8fd7] -> nt!IofCallDriver -> \Device\000000a8[0x8ad21920]
11:41:06.656 5 ACPI.sys[b7f7f620] -> nt!IofCallDriver -> \Device\Scsi\nvgts1Port2Path0Target0Lun0[0x8ad8da38]
11:41:07.468 AVAST engine scan C:\WINDOWS
11:41:40.203 AVAST engine scan C:\WINDOWS\system32
11:45:17.187 AVAST engine scan C:\WINDOWS\system32\drivers
11:46:05.281 AVAST engine scan C:\Documents and Settings\Bruce Moen
12:00:25.265 Disk 1 MBR has been saved successfully to "C:\Documents and Settings\Bruce Moen\Desktop\MBR.dat"
12:00:25.312 The log file has been saved successfully to "C:\Documents and Settings\Bruce Moen\Desktop\aswMBR.txt"

Attached Files

  • Attached File  MBR.zip   512bytes   0 downloads


#8 Daddymoen

Daddymoen
  • Topic Starter

  • Members
  • 16 posts
  • OFFLINE
  •  
  • Local time:04:39 PM

Posted 16 January 2013 - 02:05 PM

Nasdaq,

When I installed Skype all went well, at first. I was able to make a test voice call successfully. When I tried a video call almost immediately got a BSOD. When I checked the crash log with WhoCrashed it mentioned an Avast file. I searched Bleeping Computer forums and found the following post:

http://www.bleepingcomputer.com/forums/topic466393.html

Maybe it's a clue?

Daddymoen


Crash Dump Analysis
--------------------------------------------------------------------------------

Crash dump directory: C:\WINDOWS\Minidump

Crash dumps are enabled on your computer.

On Wed 1/16/2013 6:26:29 PM GMT your computer crashed
crash dump file: C:\WINDOWS\Minidump\Mini011613-01.dmp
This was probably caused by the following module: ntkrnlpa.exe (nt+0x21CE3)
Bugcheck code: 0xC2 (0x7, 0xCD4, 0x0, 0xFFFFFFFF86806940)
Error: BAD_POOL_CALLER
file path: C:\WINDOWS\system32\ntkrnlpa.exe
product: Microsoft® Windows® Operating System
company: Microsoft Corporation
description: NT Kernel & System
Bug check description: This indicates that the current thread is making a bad pool request.
This appears to be a typical software driver bug and is not likely to be caused by a hardware problem.
The crash took place in the Windows kernel. Possibly this problem is caused by another driver that cannot be identified at this time.



On Wed 1/16/2013 6:26:29 PM GMT your computer crashed
crash dump file: C:\WINDOWS\memory.dmp
This was probably caused by the following module: ntkrnlpa.exe (nt!KeBugCheckEx+0x1B)
Bugcheck code: 0xC2 (0x7, 0xCD4, 0x0, 0xFFFFFFFF86806940)
Error: BAD_POOL_CALLER
file path: C:\WINDOWS\system32\ntkrnlpa.exe
product: Microsoft® Windows® Operating System
company: Microsoft Corporation
description: NT Kernel & System
Bug check description: This indicates that the current thread is making a bad pool request.
This appears to be a typical software driver bug and is not likely to be caused by a hardware problem.
The crash took place in the Windows kernel. Possibly this problem is caused by another driver that cannot be identified at this time.

Conclusion
--------------------------------------------------------------------------------

5 crash dumps have been found and analyzed. A third party driver has been identified to be causing system crashes on your computer. It is strongly suggested that you check for updates for these drivers on their company websites. Click on the links below to search with Google for updates for these drivers:

aswsnx.sys (avast! Virtualization Driver, AVAST Software)

If no updates for these drivers are available, try searching with Google on the names of these drivers in combination the errors that have been reported for these drivers and include the brand and model name of your computer as well in the query. This often yields interesting results from discussions from users who have been experiencing similar problems.


Read the topic general suggestions for troubleshooting system crashes for more information.

#9 nasdaq

nasdaq

  • Malware Response Team
  • 40,476 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:04:39 PM

Posted 16 January 2013 - 02:33 PM

As a side note, the script added to ComboFix to fix the corrupted file in HearSource continues to run sporadically. The file is replaced already but it keeps trying to add it again. I Cancel out to avoid adding another copy to the directory. Do I need to uninstall ComboFix to get this to stop? Or do I need to delete the script file?

This will be corrected when I ask you to remove ComboFix.


There is an old PayPal plugin that needs to be removed, it is no longer supported or used by PayPal. Revo showed so many registry entries for it I was afraid to remove all the Bold ones on the list out of concern there may be something needed that would be wiped out. Can I trust that Revo enough to remove all of those? So far I chickened out.

Yes I think you can. Paypal is not working so nothing to worry about.
Create a restore point before proceeding. See below.


XP drag and drop issue. You will find two possible solution here.

http://forums.cnet.com/7723-6142_102-148439/can-t-drag-and-drop-files-anymore/

Before you try any fix, please create a new restore point as suggested in the topic.

===

Keep me posted.

#10 Daddymoen

Daddymoen
  • Topic Starter

  • Members
  • 16 posts
  • OFFLINE
  •  
  • Local time:04:39 PM

Posted 16 January 2013 - 02:53 PM

Nasdaq,

As promised I also removed and reinstalled Internet Explorer 8. I can't tell if it works now or not. When I start IE8 it runs and shows that it is attempting to connect with a home page. But then the script to add the file to HearSource (that we added to ComboFix early on) starts to run again. To avoid adding another copy of the application file to its directory I click Cancel to stop that process. IE8 immediately shuts down. So, I can't tell if IE8 is working or not.

Daddymoen

#11 Daddymoen

Daddymoen
  • Topic Starter

  • Members
  • 16 posts
  • OFFLINE
  •  
  • Local time:04:39 PM

Posted 16 January 2013 - 04:49 PM

Nasdaq,

No problem about the script trying to add the file, I'll leave it alone until you are comfortable that we're finished. I will hold off on any more attempts to test IE8 until we are finished with ComboFix.

The Drag and Drop issue is fixed! Thanks a bunch! I used the (http://www.aumha.org/downloads/dragndropx.zip) link, creating Restore Points as I went along.

Also, as part of the suggestions at that Drag N Drop Fix link was the suggestion to run Housecall. I did run it in the recommended Quick Scan mode and it did find a "Threat" that it labeled: "TROJ SPNR.0CA012" However, since we still have pending results and possible action from the aswMBR.exe scan (that might be interfered with by using Housecall to "Fix" the threat it found) I did not let Housecall "Fix" it. If this trojan is part of the problem it is still in place.

I hunted up the install disk for my Plantronic DSP 500 USB headset. It is no longer installed and not recognized by Plug N Play. I suspect its driver may be corrupted or that it was transported to that great bit bucket in the sky at some point. I will hold off on any attempts to reinstall this device until later so as to not put another variable into the mix.

Thanks again for all the work you are putting into this project.

Daddymoen

#12 nasdaq

nasdaq

  • Malware Response Team
  • 40,476 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:04:39 PM

Posted 17 January 2013 - 09:40 AM

Run ComboFix and post a fresh log.

Will take it from there.

#13 Daddymoen

Daddymoen
  • Topic Starter

  • Members
  • 16 posts
  • OFFLINE
  •  
  • Local time:04:39 PM

Posted 17 January 2013 - 10:50 AM

nasdaq,

When I ran ComboFix it gave a message saying that a newer version was available and asking if I wanted to download and install it. I told it to go ahead and update ComboFix. That appears to have been a mistake. Part way through the update an error message popped up saying that IE8 had encountered an error and had to close. Not sure how IE8 was started or got involved in the process, I didn't start it. It appears that the ComboFix update stopped before it completed when IE8 errored out. When I try to run ComboFix now it deletes and extracts files in the same small black screen as I saw during the update. It begins backing up the Registry and then stops. Any evidence on the Desktop that ComboFix is continuing to run disappears and I am back to the normal Desktop.

Not sure what to do. I've attempted to run ComboFix several times. I've warm booted and cold booted the computer before some of the retries, always the same result, Nada. So, what's next? Reinstall ComboFix? Uninstall and then reinstall it? I'd suggest punting but with my bad right leg I tend to stumble and miss the ball (:d)

Hmmmm . . .

Daddymoen

____________
Update
------------
Two hours later ComboFix spontaneously began to run. The blue box it runs in popped up and after printing first two lines that end saying . . . badly infected computers may take much longer . . . a separate Windows dialog box popped up to deliver the message that the file, NIRKMD, could not be found. The message asked me to check my typing to be sure I spelled it right (?) or to Search for it. Using Windows Search found NIRKMD.3XE-039469CA.pf in the Windows Prefetch directory. I checked the file properties and it showed being modified on Jan 15. So that is probably from my last successful run of ComboFix three days ago.

Edited by Daddymoen, 17 January 2013 - 12:25 PM.


#14 nasdaq

nasdaq

  • Malware Response Team
  • 40,476 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:04:39 PM

Posted 17 January 2013 - 02:17 PM

  • Download OTL to your Desktop.
  • Double click on the icon to run it. Make sure all other windows are closed and to let it run uninterrupted.
  • When the window appears, underneath Output at the top change it to Minimal Output.
  • Check the boxes beside LOP Check and Purity Check.
  • Under the Custom Scan box paste this in

    netsvcs
    %SYSTEMDRIVE%\*.exe
    %systemroot%\system32\drivers\*.sys /90
    %systemroot%\*. /mp /s
    c:\$recycle.bin\*.* /s
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install|LastSuccessTime /rs
    /md5start
    eventlog.dll
    scecli.dll
    netlogon.dll
    cngaudit.dll
    sceclt.dll
    ntelogon.dll
    logevent.dll
    iaStor.sys
    nvstor.sys
    atapi.sys
    IdeChnDr.sys
    viasraid.sys
    AGP440.sys
    vaxscsi.sys
    nvatabus.sys
    viamraid.sys
    nvata.sys
    nvgts.sys
    iastorv.sys
    ViPrt.sys
    eNetHook.dll
    explorer.exe
    svchost.exe
    userinit.exe
    qmgr.dll
    proquota.exe
    kernel32.dll
    ndis.sys
    autochk.exe
    spoolsv.exe
    xmlprov.dll
    ntmssvc.dll
    mswsock.dll
    Beep.SYS
    ntfs.sys
    termsrv.dll
    sfcfiles.dll
    st3shark.sys
    ahcix86.sys
    srsvc.dll
    /md5stop
  • Click the Run Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long.
  • When the scan completes, it will open two notepad windows. OTL.Txt and Extras.Txt. These are saved in the same location as OTL.
  • Please copy (Edit->Select All, Edit->Copy) the contents of these files, one at a time, and post it with your next reply. You may need two posts to fit them all in.
===

#15 Daddymoen

Daddymoen
  • Topic Starter

  • Members
  • 16 posts
  • OFFLINE
  •  
  • Local time:04:39 PM

Posted 17 January 2013 - 03:05 PM

Nasdaq,

Here is the first of two scans.

OTL logfile created on: 1/17/2013 2:35:07 PM - Run 1
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Documents and Settings\Bruce Moen\Desktop
Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 7.0.5730.13)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

2.94 Gb Total Physical Memory | 2.31 Gb Available Physical Memory | 78.78% Memory free
7.17 Gb Paging File | 6.80 Gb Available in Paging File | 94.79% Paging File free
Paging file location(s): C:\pagefile.sys 4500 6000 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 499.99 Gb Total Space | 358.36 Gb Free Space | 71.67% Space Free | Partition Type: NTFS
Drive E: | 897.26 Gb Total Space | 890.37 Gb Free Space | 99.23% Space Free | Partition Type: NTFS
Drive F: | 152.66 Gb Total Space | 23.34 Gb Free Space | 15.29% Space Free | Partition Type: NTFS

Computer Name: BIOSTAR5 | User Name: Bruce Moen | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - C:\Documents and Settings\Bruce Moen\Desktop\OTL.exe (OldTimer Tools)
PRC - C:\Program Files\Java\jre7\bin\jqs.exe (Oracle Corporation)
PRC - C:\Program Files\Malwarebytes' Anti-Malware\mbamscheduler.exe (Malwarebytes Corporation)
PRC - C:\Program Files\AVAST Software\Avast\AvastUI.exe (AVAST Software)
PRC - C:\Program Files\AVAST Software\Avast\AvastSvc.exe (AVAST Software)
PRC - C:\Program Files\Common Files\Nuance\dgnsvc.exe (Nuance Communications, Inc.)
PRC - C:\Program Files\Logitech\SetPointP\SetPoint.exe (Logitech, Inc.)
PRC - C:\Program Files\Common Files\Logishrd\KHAL3\KHALMNPR.exe (Logitech, Inc.)
PRC - c:\Program Files\Common Files\Protexis\License Service\PsiService_2.exe (Protexis Inc.)
PRC - C:\Program Files\Common Files\Seagate\Schedule2\schedul2.exe (Seagate)
PRC - C:\Program Files\Common Files\Logishrd\LVMVFM\LVPrcSrv.exe (Logitech Inc.)
PRC - C:\Program Files\Maxtor\Sync\SyncServices.exe (Seagate Technology LLC)
PRC - C:\WINDOWS\explorer.exe (Microsoft Corporation)
PRC - C:\Program Files\National Instruments\MAX\nimxs.exe (National Instruments Corporation)
PRC - C:\WINDOWS\system32\nisvcloc.exe (National Instruments Corp.)
PRC - C:\Program Files\National Instruments\Shared\Security\nidmsrv.exe (National Instruments Corporation)
PRC - C:\WINDOWS\system32\lktsrv.exe (National Instruments Corporation)
PRC - C:\WINDOWS\system32\lkads.exe (National Instruments Corporation)
PRC - C:\WINDOWS\system32\lkcitdl.exe (National Instruments, Inc.)
PRC - C:\WINDOWS\system32\nipalsm.exe (National Instruments Corporation)
PRC - C:\Program Files\National Instruments\Shared\Tagger\tagsrv.exe (National Instruments, Inc.)
PRC - C:\WINDOWS\system32\LVCOMSX.EXE (Logitech Inc.)
PRC - C:\Program Files\Dantz\Retrospect Express HD\retrorun.exe (Dantz Development Corporation)
PRC - C:\WINDOWS\system32\Crypserv.exe (Kenonic Controls Ltd.)


========== Modules (No Company Name) ==========

MOD - C:\Program Files\AVAST Software\Avast\defs\13011600\algo.dll ()
MOD - C:\Program Files\Logitech\SetPointP\Macros\MacroCore.dll ()
MOD - C:\WINDOWS\system32\spd__l.dll ()
MOD - C:\Program Files\National Instruments\NI-DAQ\Caps\nitio.sdc ()
MOD - C:\Program Files\National Instruments\NI-DAQ\Caps\NIDSA.sdc ()
MOD - C:\Program Files\National Instruments\NI-DAQ\Caps\NISCXI.sdc ()
MOD - C:\Program Files\National Instruments\NI-DAQ\Caps\nixs.sdc ()
MOD - C:\Program Files\National Instruments\NI-DAQ\Caps\niss.sdc ()
MOD - C:\Program Files\National Instruments\NI-DAQ\Caps\niwf.sdc ()
MOD - C:\Program Files\National Instruments\NI-DAQ\Caps\nies.sdc ()
MOD - C:\Program Files\National Instruments\NI-DAQ\Caps\niem.sdc ()
MOD - C:\Program Files\National Instruments\NI-DAQ\Caps\nics.sdc ()
MOD - C:\Program Files\National Instruments\NI-DAQ\Caps\nisd.sdc ()
MOD - C:\Program Files\National Instruments\NI-DAQ\Caps\NISWCH.sdc ()
MOD - C:\Program Files\National Instruments\NI-DAQ\Caps\NI6535.sdc ()
MOD - C:\Program Files\National Instruments\NI-DAQ\Caps\NISFT.sdc ()
MOD - C:\Program Files\National Instruments\NI-DAQ\Caps\Compat\NITSU.sdc ()
MOD - C:\Program Files\National Instruments\NI-DAQ\Caps\Compat\NITNR.sdc ()
MOD - C:\Program Files\National Instruments\NI-DAQ\Caps\Compat\NISYNC.sdc ()
MOD - C:\Program Files\National Instruments\NI-DAQ\Caps\Compat\NISRC.sdc ()
MOD - C:\Program Files\National Instruments\NI-DAQ\Caps\Compat\NISL.sdc ()
MOD - C:\Program Files\National Instruments\NI-DAQ\Caps\Compat\NIPS.sdc ()
MOD - C:\Program Files\National Instruments\NI-DAQ\Caps\Compat\NIRFSA.sdc ()
MOD - C:\Program Files\National Instruments\NI-DAQ\Caps\Compat\NIHSD.sdc ()
MOD - C:\Program Files\National Instruments\NI-DAQ\Caps\Compat\NIDWG.sdc ()
MOD - C:\Program Files\National Instruments\NI-DAQ\Caps\Compat\NI5690.sdc ()
MOD - C:\Program Files\National Instruments\NI-DAQ\Caps\NIMAS.sdc ()
MOD - C:\Program Files\National Instruments\NI-DAQ\Caps\NIFILTER.sdc ()
MOD - C:\Program Files\National Instruments\NI-DAQ\Caps\NIHWDB.sdc ()
MOD - C:\WINDOWS\system32\pdf995mon.dll ()


========== Services (SafeList) ==========

SRV - (WMP54Gv4SVC) -- File not found
SRV - (AppMgmt) -- %SystemRoot%\System32\appmgmts.dll File not found
SRV - (AdobeFlashPlayerUpdateSvc) -- C:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService.exe (Adobe Systems Incorporated)
SRV - (JavaQuickStarterService) -- C:\Program Files\Java\jre7\bin\jqs.exe (Oracle Corporation)
SRV - (MozillaMaintenance) -- C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe (Mozilla Foundation)
SRV - (MBAMService) -- C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe (Malwarebytes Corporation)
SRV - (MBAMScheduler) -- C:\Program Files\Malwarebytes' Anti-Malware\mbamscheduler.exe (Malwarebytes Corporation)
SRV - (avast! Antivirus) -- C:\Program Files\AVAST Software\Avast\AvastSvc.exe (AVAST Software)
SRV - (DragonSvc) -- C:\Program Files\Common Files\Nuance\dgnsvc.exe (Nuance Communications, Inc.)
SRV - (LBTServ) -- C:\Program Files\Common Files\Logishrd\Bluetooth\LBTServ.exe (Logitech, Inc.)
SRV - (Samsung UPD Service) -- C:\WINDOWS\system32\SUPDSvc.exe (Samsung Electronics CO., LTD.)
SRV - (PSI_SVC_2) -- c:\Program Files\Common Files\Protexis\License Service\PsiService_2.exe (Protexis Inc.)
SRV - (SgtSch2Svc) -- C:\Program Files\Common Files\Seagate\Schedule2\schedul2.exe (Seagate)
SRV - (LVPrcSrv) -- C:\Program Files\Common Files\Logishrd\LVMVFM\LVPrcSrv.exe (Logitech Inc.)
SRV - (Maxtor Sync Service) -- C:\Program Files\Maxtor\Sync\SyncServices.exe (Seagate Technology LLC)
SRV - (rpcapd) -- C:\Program Files\WinPcap\rpcapd.exe (CACE Technologies, Inc.)
SRV - (NILM License Manager) -- C:\Program Files\National Instruments\Shared\License Manager\Bin\lmgrd.exe (Macrovision Corporation)
SRV - (mxssvr) -- C:\Program Files\National Instruments\MAX\nimxs.exe (National Instruments Corporation)
SRV - (niSvcLoc) -- C:\WINDOWS\system32\nisvcloc.exe (National Instruments Corp.)
SRV - (NIDomainService) -- C:\Program Files\National Instruments\Shared\Security\nidmsrv.exe (National Instruments Corporation)
SRV - (lkTimeSync) -- C:\WINDOWS\system32\lktsrv.exe (National Instruments Corporation)
SRV - (lkClassAds) -- C:\WINDOWS\system32\lkads.exe (National Instruments Corporation)
SRV - (LkCitadelServer) -- C:\WINDOWS\system32\lkcitdl.exe (National Instruments, Inc.)
SRV - (nipxirmu) -- C:\WINDOWS\system32\nipalsm.exe (National Instruments Corporation)
SRV - (nidevldu) -- C:\WINDOWS\system32\nipalsm.exe (National Instruments Corporation)
SRV - (NITaggerService) -- C:\Program Files\National Instruments\Shared\Tagger\tagsrv.exe (National Instruments, Inc.)
SRV - (RetroExp Helper) -- C:\Program Files\Dantz\Retrospect Express HD\rthlpsvc.exe (Dantz Development Corporation)
SRV - (RetroExpLauncher) -- C:\Program Files\Dantz\Retrospect Express HD\retrorun.exe (Dantz Development Corporation)
SRV - (Pctspk) -- C:\WINDOWS\system32\pctspk.exe (PCtel, Inc.)
SRV - (Crypkey License) -- C:\WINDOWS\System32\Crypserv.exe (Kenonic Controls Ltd.)


========== Driver Services (SafeList) ==========

DRV - (PCIDump) -- File not found
DRV - (catchme) -- C:\DOCUME~1\BRUCEM~1\LOCALS~1\Temp\catchme.sys File not found
DRV - (SWDUMon) -- C:\WINDOWS\system32\drivers\SWDUMon.sys ()
DRV - (MBAMProtector) -- C:\WINDOWS\system32\drivers\mbam.sys (Malwarebytes Corporation)
DRV - (aswSnx) -- C:\WINDOWS\System32\drivers\aswSnx.sys (AVAST Software)
DRV - (aswSP) -- C:\WINDOWS\System32\drivers\aswSP.sys (AVAST Software)
DRV - (aswTdi) -- C:\WINDOWS\System32\drivers\aswTdi.sys (AVAST Software)
DRV - (aswRdr) -- C:\WINDOWS\System32\drivers\aswRdr.sys (AVAST Software)
DRV - (aswMon2) -- C:\WINDOWS\System32\drivers\aswmon2.sys (AVAST Software)
DRV - (Aavmker4) -- C:\WINDOWS\System32\drivers\aavmker4.sys (AVAST Software)
DRV - (aswFsBlk) -- C:\WINDOWS\System32\drivers\aswFsBlk.sys (AVAST Software)
DRV - (AnyDVD) -- C:\WINDOWS\system32\drivers\AnyDVD.sys (SlySoft, Inc.)
DRV - (FTDIBUS) -- C:\WINDOWS\system32\drivers\ftdibus.sys (FTDI Ltd.)
DRV - (FTSER2K) -- C:\WINDOWS\system32\drivers\ftser2k.sys (FTDI Ltd.)
DRV - (LMouFilt) -- C:\WINDOWS\system32\drivers\LMouFilt.Sys (Logitech, Inc.)
DRV - (LHidFilt) -- C:\WINDOWS\system32\drivers\LHidFilt.Sys (Logitech, Inc.)
DRV - (LBeepKE) -- C:\WINDOWS\system32\drivers\LBeepKE.sys (Logitech, Inc.)
DRV - (speedfan) -- C:\WINDOWS\system32\speedfan.sys (Almico Software)
DRV - (PsSdk41) -- C:\WINDOWS\system32\drivers\pssdk41.sys (microOLAP Technologies LTD)
DRV - (ampa) -- C:\WINDOWS\system32\ampa.sys ()
DRV - (timounter) -- C:\WINDOWS\system32\drivers\timntr.sys (Acronis)
DRV - (tifsfilter) -- C:\WINDOWS\system32\drivers\tifsfilt.sys (Acronis)
DRV - (snapman) -- C:\WINDOWS\system32\drivers\snapman.sys (Acronis)
DRV - (tdrpman) -- C:\WINDOWS\system32\drivers\tdrpman.sys (Acronis)
DRV - (IntcAzAudAddService) -- C:\WINDOWS\system32\drivers\RtkHDAud.sys (Realtek Semiconductor Corp.)
DRV - (LUsbFilt) -- C:\WINDOWS\system32\drivers\LUsbFilt.sys (Logitech, Inc.)
DRV - (hotcore3) -- C:\WINDOWS\system32\drivers\hotcore3.sys (Paragon Software Group)
DRV - (Uim_IM) -- C:\WINDOWS\system32\drivers\Uim_IM.sys (Paragon)
DRV - (UimBus) -- C:\WINDOWS\system32\drivers\UimBus.sys (Windows ® 2000 DDK provider)
DRV - (Monfilt) -- C:\WINDOWS\system32\drivers\Monfilt.sys (Creative Technology Ltd.)
DRV - (Ambfilt) -- C:\WINDOWS\system32\drivers\Ambfilt.sys (Creative)
DRV - (hwinterface32B01) -- C:\WINDOWS\system32\drivers\hwinterface32B01.sys (Logix4u)
DRV - (LVPr2Mon) -- C:\WINDOWS\system32\drivers\LVPr2Mon.sys ()
DRV - (fssfltr) -- C:\WINDOWS\system32\drivers\fssfltr_tdi.sys (Microsoft Corporation)
DRV - (LVRS) -- C:\WINDOWS\system32\drivers\lvrs.sys (Logitech Inc.)
DRV - (PID_PEPI) -- C:\WINDOWS\system32\drivers\LV302V32.SYS (Logitech Inc.)
DRV - (pepifilter) -- C:\WINDOWS\system32\drivers\lv302af.sys (Logitech Inc.)
DRV - (Lbd) -- C:\WINDOWS\system32\drivers\Lbd.sys (Lavasoft AB)
DRV - (NPF) -- C:\WINDOWS\system32\drivers\npf.sys (CACE Technologies, Inc.)
DRV - (nm) -- C:\WINDOWS\system32\drivers\nmnt.sys (Microsoft Corporation)
DRV - (gameenum) -- C:\WINDOWS\system32\drivers\gameenum.sys (Microsoft Corporation)
DRV - (nixsrk) -- C:\WINDOWS\system32\drivers\nixsrkl.sys (National Instruments Corporation)
DRV - (niufurk) -- C:\WINDOWS\system32\drivers\niufurkl.sys (National Instruments Corporation)
DRV - (niwfrk) -- C:\WINDOWS\system32\drivers\niwfrkl.sys (National Instruments Corporation)
DRV - (nissrk) -- C:\WINDOWS\system32\drivers\nissrkl.sys (National Instruments Corporation)
DRV - (niesrk) -- C:\WINDOWS\system32\drivers\niesrkl.sys (National Instruments Corporation)
DRV - (niemrk) -- C:\WINDOWS\system32\drivers\niemrkl.sys (National Instruments Corporation)
DRV - (nicsrk) -- C:\WINDOWS\system32\drivers\nicsrkl.sys (National Instruments Corporation)
DRV - (nitiork) -- C:\WINDOWS\system32\drivers\nitiorkl.sys (National Instruments Corporation)
DRV - (nidsark) -- C:\WINDOWS\system32\drivers\nidsarkl.sys (National Instruments Corporation)
DRV - (nistcrk) -- C:\WINDOWS\system32\drivers\nistcrkl.sys (National Instruments Corporation)
DRV - (nimsdrk) -- C:\WINDOWS\system32\drivers\nimsdrkl.sys (National Instruments Corporation)
DRV - (nispdk) -- C:\WINDOWS\system32\drivers\nispdkl.sys (National Instruments Corporation)
DRV - (niscdk) -- C:\WINDOWS\system32\drivers\niscdkl.sys (National Instruments Corporation)
DRV - (nistc2k) -- C:\WINDOWS\system32\drivers\nistc2kl.sys (National Instruments Corporation)
DRV - (nisdigk) -- C:\WINDOWS\system32\drivers\nisdigkl.sys (National Instruments Corporation)
DRV - (niswdk) -- C:\WINDOWS\system32\drivers\niswdkl.sys (National Instruments Corporation)
DRV - (ninshsdk) -- C:\WINDOWS\system32\drivers\ninshsdkl.sys (National Instruments Corporation)
DRV - (nicdrk) -- C:\WINDOWS\system32\drivers\nicdrkl.sys (National Instruments Corporation)
DRV - (nifslk) -- C:\WINDOWS\system32\drivers\nifslkl.sys (National Instruments Corporation)
DRV - (nisftk) -- C:\WINDOWS\system32\drivers\nisftkl.sys (National Instruments Corporation)
DRV - (lvalarmk) -- C:\WINDOWS\system32\drivers\lvalarmk.sys (National Instruments Corporation)
DRV - (nidmxfk) -- C:\WINDOWS\system32\drivers\nidmxfkl.sys (National Instruments Corporation)
DRV - (nimstsk) -- C:\WINDOWS\system32\drivers\nimstskl.sys (National Instruments Corporation)
DRV - (nimxpk) -- C:\WINDOWS\system32\drivers\nimxpkl.sys (National Instruments Corporation)
DRV - (nimru2k) -- C:\WINDOWS\system32\drivers\nimru2kl.sys (National Instruments Corporation)
DRV - (nimxdfk) -- C:\WINDOWS\system32\drivers\nimxdfkl.sys (National Instruments Corporation)
DRV - (nidimk) -- C:\WINDOWS\system32\drivers\nidimkl.sys (National Instruments Corporation)
DRV - (nimdbgk) -- C:\WINDOWS\system32\drivers\nimdbgkl.sys (National Instruments Corporation)
DRV - (niorbk) -- C:\WINDOWS\system32\drivers\niorbkl.sys (National Instruments Corporation)
DRV - (nipalfwedl) -- C:\WINDOWS\system32\drivers\nipalfwedl.sys (National Instruments Corporation)
DRV - (NIPALK) -- C:\WINDOWS\system32\drivers\nipalk.sys (National Instruments Corporation)
DRV - (nipalusbedl) -- C:\WINDOWS\system32\drivers\nipalusbedl.sys (National Instruments Corporation)
DRV - (nipxigpk) -- C:\WINDOWS\system32\drivers\nipxigpk.sys (National Instruments Corporation)
DRV - (ni1065k) -- C:\WINDOWS\system32\drivers\ni1065k.sys (National Instruments Corporation)
DRV - (ni1045k) -- C:\WINDOWS\system32\drivers\ni1045kl.sys (National Instruments Corporation)
DRV - (ni1006k) -- C:\WINDOWS\system32\drivers\ni1006k.sys (National Instruments Corporation)
DRV - (LMouKE) -- C:\WINDOWS\system32\drivers\LMouKE.Sys (Logitech, Inc.)
DRV - (L8042mou) -- C:\WINDOWS\system32\drivers\L8042mou.Sys (Logitech, Inc.)
DRV - (L8042Kbd) -- C:\WINDOWS\system32\drivers\L8042Kbd.sys (Logitech, Inc.)
DRV - (nipxirmk) -- C:\WINDOWS\system32\drivers\nipxirmkl.sys (National Instruments Corporation)
DRV - (cvintdrv) -- C:\WINDOWS\System32\drivers\cvintdrv.sys ()
DRV - (NiViPxiK) -- C:\WINDOWS\system32\drivers\NiViPxiKl.sys (National Instruments Corporation)
DRV - (NiViPciK) -- C:\WINDOWS\system32\drivers\NiViPciKl.sys (National Instruments Corporation)
DRV - (NiViFWK) -- C:\WINDOWS\system32\drivers\NiViFWKl.sys (National Instruments Corporation)
DRV - (nipbcfk) -- C:\WINDOWS\system32\drivers\nipbcfk.sys (National Instruments Corporation)
DRV - (hwinterface) -- C:\WINDOWS\system32\drivers\hwinterface.sys (Logix4u)
DRV - (nimsrlk) -- C:\WINDOWS\system32\drivers\nimsrlk.dll (National Instruments Corporation)
DRV - (nimslk) -- C:\WINDOWS\system32\drivers\nimslk.dll (National Instruments Corporation)
DRV - (elagopro) -- C:\WINDOWS\system32\drivers\elagopro.sys (Gteko Ltd.)
DRV - (elaunidr) -- C:\WINDOWS\system32\drivers\elaunidr.sys (Gteko Ltd.)
DRV - (ElbyCDFL) -- C:\WINDOWS\system32\drivers\ElbyCDFL.sys (SlySoft, Inc.)
DRV - (moufiltr) -- C:\WINDOWS\system32\drivers\moufiltr.sys (Chic Tech.)
DRV - (RT61) -- C:\WINDOWS\system32\drivers\rt61.sys (Ralink Technology Inc.)
DRV - (P17) -- C:\WINDOWS\system32\drivers\P17.sys (Creative Technology Ltd.)
DRV - (QCMerced) -- C:\WINDOWS\system32\drivers\lvcm.sys ()
DRV - (LVUSBSta) -- C:\WINDOWS\system32\drivers\LVUSBSta.sys (Logitech Inc.)
DRV - (ossrv) -- C:\WINDOWS\system32\drivers\ctoss2k.sys (Creative Technology Ltd.)
DRV - (ctsfm2k) -- C:\WINDOWS\system32\drivers\ctsfm2k.sys (Creative Technology Ltd)
DRV - (MXOPSWD) -- C:\WINDOWS\system32\drivers\mxopswd.sys (Maxtor Corp.)
DRV - (StkScan) -- C:\WINDOWS\system32\drivers\StkScan.sys (Syntek America Inc.)
DRV - (StkMini) -- C:\WINDOWS\system32\drivers\StkMini.sys (Syntek America Inc.)
DRV - (pfc) -- C:\WINDOWS\system32\drivers\pfc.sys (Padus, Inc.)
DRV - (MXOFX) -- C:\WINDOWS\system32\drivers\MXOFX.SYS (Cypress Semiconductor)
DRV - (DgiVecp) -- C:\WINDOWS\system32\drivers\DGIVECP.SYS (DeviceGuys, Inc.)
DRV - (viasraid) -- C:\WINDOWS\system32\drivers\viasraid.sys (VIA Technologies inc,.ltd)
DRV - (ms_mpu401) -- C:\WINDOWS\system32\drivers\msmpu401.sys (Microsoft Corporation)
DRV - (Vpctcom) -- C:\WINDOWS\system32\drivers\vpctcom.sys (PCtel, Inc.)
DRV - (Vvoice) -- C:\WINDOWS\system32\drivers\vvoice.sys (PCtel, Inc.)
DRV - (Vmodem) -- C:\WINDOWS\system32\drivers\vmodem.sys (PCTEL, INC.)
DRV - (Ptserlp) -- C:\WINDOWS\system32\drivers\ptserlp.sys (PCTEL, INC.)
DRV - (SetupNT) -- C:\WINDOWS\system32\SetupNT.sys ()
DRV - (NetworkX) -- C:\WINDOWS\system32\Ckldrv.sys ()
DRV - (nvgts) -- C:\WINDOWS\system32\drivers\nvgts.sys (NVIDIA Corporation)
DRV - (NVENETFD) -- C:\WINDOWS\system32\drivers\NVENETFD.sys (NVIDIA Corporation)
DRV - (nvnetbus) -- C:\WINDOWS\system32\drivers\nvnetbus.sys (NVIDIA Corporation)
DRV - (giveio) -- C:\WINDOWS\system32\giveio.sys ()


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.google.com
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.msn.com
IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://search.live.com/results.aspx?q={searchTerms}&src={referrer:source?}

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://www.msn.com/?ocid=iehp
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-us
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 68 1C E2 55 20 F4 CD 01 [binary data]
IE - HKCU\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.r4.attbi.com;<local>
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyServer" = sas.r4.attbi.com:8000

========== FireFox ==========

FF - prefs.js..browser.startup.homepage: "https://login.live.com/login.srf?wa=wsignin1.0&rpsnv=11&ct=1325865238&rver=6.1.6206.0&wp=MBI&wreply=http:%2F%2Fmail.live.com%2F&lc=1033&id=64855&mkt=en-us&cbcxt=mai&snsc=1"
FF - prefs.js..extensions.enabledAddons: personas%40christopher.beard:1.6.2
FF - prefs.js..extensions.enabledAddons: %7BCAFEEFAC-0016-0000-0033-ABCDEFFEDCBA%7D:6.0.33
FF - prefs.js..extensions.enabledAddons: anttoolbar%40ant.com:2.4.7.5
FF - prefs.js..extensions.enabledAddons: %7B972ce4c6-7e08-4474-a285-3208198ce6fd%7D:18.0
FF - user.js - File not found

FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\WINDOWS\system32\Macromed\Flash\NPSWF32_11_5_502_146.dll ()
FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.11.2: C:\Program Files\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.11.2: C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files\Microsoft Silverlight\4.1.10329.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=14.0.8081.0709: C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: C:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@real.com/nppl3260;version=12.0.1.609: C:\Program Files\Real\RealPlayer\Netscape6\nppl3260.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprjplug;version=12.0.1.609: C:\Program Files\Real\RealPlayer\Netscape6\nprjplug.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprphtml5videoshim;version=12.0.1.609: C:\Documents and Settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprphtml5videoshim.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprpjplug;version=12.0.1.609: C:\Program Files\Real\RealPlayer\Netscape6\nprpjplug.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nsJSRealPlayerPlugin;version=: File not found
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF - HKLM\Software\MozillaPlugins\nuance.com/DragonRIAPlugin: C:\Program Files\Nuance\NaturallySpeaking12\Program\npDgnRia.dll (Nuance Communications Inc.)
FF - HKCU\Software\MozillaPlugins\@talk.google.com/GoogleTalkPlugin: C:\Documents and Settings\Bruce Moen\Application Data\Mozilla\plugins\npgoogletalk.dll (Google)
FF - HKCU\Software\MozillaPlugins\@talk.google.com/O3DPlugin: C:\Documents and Settings\Bruce Moen\Application Data\Mozilla\plugins\npgtpo3dautoplugin.dll ()
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Documents and Settings\Bruce Moen\Local Settings\Application Data\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Documents and Settings\Bruce Moen\Local Settings\Application Data\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\paypalfirefoxplugin@orbiscom: C:\Program Files\PayPal\PayPal Plug-In
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\quickprint@hp.com: C:\Program Files\Hewlett-Packard\SmartPrint\QPExtension [2011/01/26 14:27:28 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\jid0-lmZNVK7a82O8cufhdfB9dUDfA2w@jetpack: C:\Program Files\Nuance\NaturallySpeaking12\Program\ffShim.xpi [2012/07/18 20:54:16 | 000,136,026 | ---- | M] ()
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\wrc@avast.com: C:\Program Files\AVAST Software\Avast\WebRep\FF [2012/11/06 13:41:17 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 18.0\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2013/01/11 11:28:29 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 18.0\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2013/01/15 10:47:45 | 000,000,000 | ---D | M]

[2011/12/29 13:10:39 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Bruce Moen\Application Data\Mozilla\Extensions
[2013/01/17 13:46:59 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Bruce Moen\Application Data\Mozilla\Firefox\Profiles\bk41c1fs.default\extensions
[2013/01/17 13:46:58 | 000,000,000 | ---D | M] (Ant Video Downloader) -- C:\Documents and Settings\Bruce Moen\Application Data\Mozilla\Firefox\Profiles\bk41c1fs.default\extensions\anttoolbar@ant.com
[2011/12/29 13:34:27 | 000,330,316 | ---- | M] () (No name found) -- C:\Documents and Settings\Bruce Moen\Application Data\Mozilla\Firefox\Profiles\bk41c1fs.default\extensions\personas@christopher.beard.xpi
[2011/12/29 13:29:58 | 000,008,283 | ---- | M] () (No name found) -- C:\Documents and Settings\Bruce Moen\Application Data\Mozilla\Firefox\Profiles\bk41c1fs.default\extensions\{cd617372-6743-4ee4-bac4-fbf60f35719e}.xpi
[2013/01/11 11:28:13 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
[2013/01/11 11:28:14 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0033-ABCDEFFEDCBA}
[2013/01/11 11:28:28 | 000,262,704 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browsercomps.dll
[2012/09/10 09:02:23 | 000,002,465 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\bing.xml
[2012/11/06 15:02:30 | 000,002,058 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\twitter.xml

========== Chrome ==========

CHR - default_search_provider: Google ()
CHR - default_search_provider: search_url = {google:baseURL}search?{google:RLZ}{google:acceptedSuggestion}{google:originalQueryForSuggestion}sourceid=chrome&ie={inputEncoding}&q={searchTerms}
CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?client=chrome&output=chrome&hl={language}&q={searchTerms}
CHR - homepage: https://www.google.com/accounts/ServiceLogin?service=mail&passive=true&rm=false&continue=http%3A%2F%2Fmail.google.com%2Fmail%2F%3Fui%3Dhtml%26zy%3Dl&bsv=1k96igf4806cy&ltmpl=default&ltmplcache=2

O1 HOSTS File: ([2013/01/14 10:54:47 | 000,000,027 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (Spybot-S&D IE Protection) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O2 - BHO: (Java™ Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation)
O2 - BHO: (avast! WebRep) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
O2 - BHO: (Java™ Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
O3 - HKLM\..\Toolbar: (avast! WebRep) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
O4 - HKLM..\Run: [avast] C:\Program Files\AVAST Software\Avast\avastUI.exe (AVAST Software)
O4 - HKLM..\Run: [DNS7reminder] C:\Program Files\Nuance\NaturallySpeaking12\Ereg\Ereg.exe (Nuance Communications, Inc.)
O4 - HKLM..\Run: [EvtMgr6] C:\Program Files\Logitech\SetPointP\SetPoint.exe (Logitech, Inc.)
O4 - HKLM..\Run: [IMEKRMIG6.1] C:\WINDOWS\ime\imkr6_1\imekrmig.exe (Microsoft Corporation)
O4 - HKLM..\Run: [IMJPMIG8.1] C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE (Microsoft Corporation)
O4 - HKLM..\Run: [LVCOMSX] C:\WINDOWS\system32\LVCOMSX.EXE (Logitech Inc.)
O4 - HKLM..\Run: [MSPY2002] C:\WINDOWS\System32\IME\PINTLGNT\ImScInst.exe ()
O4 - HKLM..\Run: [NvCplDaemon] C:\WINDOWS\System32\NvCpl.dll (NVIDIA Corporation)
O4 - HKLM..\Run: [NvMediaCenter] C:\WINDOWS\System32\NvMcTray.dll (NVIDIA Corporation)
O4 - HKLM..\Run: [PHIME2002A] C:\WINDOWS\System32\IME\TINTLGNT\TINTSETP.EXE (Microsoft Corporation)
O4 - HKLM..\Run: [PHIME2002ASync] C:\WINDOWS\System32\IME\TINTLGNT\TINTSETP.EXE (Microsoft Corporation)
O4 - Startup: C:\Documents and Settings\Bruce Moen\Start Menu\Programs\Startup\Logitech . Product Registration.lnk = C:\Program Files\Common Files\Logishrd\eReg\SetPoint\eReg.exe (Leader Technologies/Logitech)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoCDBurning = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoChangeStartMenu = 0
O15 - HKCU\..Trusted Domains: internet ([]about in Trusted sites)
O15 - HKCU\..Trusted Domains: lingo.com ([www] https in Trusted sites)
O15 - HKCU\..Trusted Domains: mcafee.com ([]http in Trusted sites)
O15 - HKCU\..Trusted Domains: mcafee.com ([]https in Trusted sites)
O16 - DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} http://appldnld.apple.com.edgesuite.net/content.info.apple.com/QuickTime/qtactivex/qtplugin.cab (Reg Error: Key error.)
O16 - DPF: {0742B9EF-8C83-41CA-BFBA-830A59E23533} https://support.microsoft.com/OAS/ActiveX/MSDcode.cab (Microsoft Data Collection Control)
O16 - DPF: {0E8D0700-75DF-11D3-8B4A-0008C7450C4A} http://downloadcenter.samsung.com/content/common/cab/DjVuControlLite_EN.cab (DjVuCtl Class)
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} http://download.microsoft.com/download/3/9/8/398422c0-8d3e-40e1-a617-af65a72a0465/LegitCheckControl.cab (Windows Genuine Advantage Validation Tool)
O16 - DPF: {406B5949-7190-4245-91A9-30A17DE16AD0} http://www1.snapfish.com/SnapfishActivia.cab (Snapfish Activia)
O16 - DPF: {54823A9D-6BAE-11D5-B519-0050BA2413EB} http://www.cyberlink.com/winxp/CheckDVD.cab (ChkDVDCtl Class)
O16 - DPF: {5F0C30E4-1E72-4DCC-85E5-57810F1CA97B} http://www.amiuptodate.com/vsc/bin/1,0,0,7/McUpdatePortal.cab (McUpdatePortalFactory Class)
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} http://v5.windowsupdate.microsoft.com/v5consumer/V5Controls/en/x86/client/wuweb_site.cab?1093618483609 (WUWebControl Class)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.7.0/jinstall-1_7_0_09-windows-i586.cab (Reg Error: Value error.)
O16 - DPF: {CAFEEFAC-0017-0000-0009-ABCDEFFEDCBA} http://java.sun.com/update/1.7.0/jinstall-1_7_0_09-windows-i586.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.7.0/jinstall-1_7_0_09-windows-i586.cab (Reg Error: Key error.)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload.macromedia.com/get/flashplayer/current/swflash.cab (Shockwave Flash Object)
O16 - DPF: {DF780F87-FF2B-4DF8-92D0-73DB16A1543A} http://www.popcap.com/webgames/popcaploader_v10.cab (PopCapLoader Object)
O16 - DPF: DirectAnimation Java Classes Reg Error: Value error. (Reg Error: Key error.)
O16 - DPF: Microsoft XML Parser for Java file:///C:/WINDOWS/Java/classes/xmldso.cab (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 216.181.31.11 216.181.30.11 65.32.5.111
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{4BC42FD9-7DBC-474F-95D5-3F7ACBB9F35B}: DhcpNameServer = 216.181.31.11 216.181.30.11 65.32.5.111
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{AB5F1DBB-D865-4E6F-A6DF-FA06490F0A60}: DhcpNameServer = 192.168.0.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{BE72B7F1-9B0E-4278-BC0A-8113151D3E18}: NameServer = 65.32.5.111,65.32.5.112
O18 - Protocol\Handler\mhtml - No CLSID value found
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O18 - Protocol\Handler\wlmailhtml - No CLSID value found
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\WINDOWS\system32\userinit.exe) - C:\WINDOWS\system32\userinit.exe (Microsoft Corporation)
O20 - Winlogon\Notify\LBTWlgn: DllName - (c:\program files\common files\logishrd\bluetooth\LBTWlgn.dll) - c:\Program Files\Common Files\Logishrd\Bluetooth\LBTWLgn.dll (Logitech, Inc.)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2005/02/07 14:13:12 | 000,000,050 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O32 - AutoRun File - [2013/01/10 10:35:57 | 000,000,000 | ---- | M] () - F:\AUTOEXEC.BAT -- [ NTFS ]
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)

NetSvcs: 6to4 - File not found
NetSvcs: AppMgmt - %SystemRoot%\System32\appmgmts.dll File not found
NetSvcs: Ias - File not found
NetSvcs: Iprip - File not found
NetSvcs: Irmon - File not found
NetSvcs: NWCWorkstation - File not found
NetSvcs: Nwsapagent - File not found
NetSvcs: WmdmPmSp - File not found

========== Files/Folders - Created Within 30 Days ==========

[2013/01/17 14:27:04 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Bruce Moen\Desktop\OTL.exe
[2013/01/17 11:50:37 | 000,000,000 | -HSD | C] -- C:\RECYCLER
[2013/01/17 11:44:39 | 000,000,000 | --SD | C] -- C:\ComboFix
[2013/01/16 14:22:09 | 000,078,336 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\ieencode.dll
[2013/01/16 14:22:09 | 000,078,336 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\ieencode.dll
[2013/01/16 13:08:29 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Bruce Moen\Application Data\SkypeTalking
[2013/01/16 09:50:37 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Bruce Moen\Start Menu\Programs\Revo Uninstaller
[2013/01/16 06:46:31 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\TEMP
[2013/01/16 06:42:00 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\SlimDrivers
[2013/01/16 06:41:58 | 000,000,000 | ---D | C] -- C:\Program Files\SlimDrivers
[2013/01/16 06:04:31 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\UAB
[2013/01/16 06:04:23 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Bruce Moen\Local Settings\Application Data\PC_Drivers_Headquarters
[2013/01/15 15:29:41 | 000,000,000 | ---D | C] -- C:\Program Files\VS Revo Group
[2013/01/15 13:41:00 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\WhoCrashed
[2013/01/15 13:40:59 | 000,000,000 | ---D | C] -- C:\Program Files\WhoCrashed
[2013/01/15 10:32:06 | 000,261,024 | ---- | C] (Oracle Corporation) -- C:\WINDOWS\System32\javaws.exe
[2013/01/15 10:32:06 | 000,143,872 | ---- | C] (Oracle Corporation) -- C:\WINDOWS\System32\javacpl.cpl
[2013/01/15 10:32:01 | 000,174,496 | ---- | C] (Oracle Corporation) -- C:\WINDOWS\System32\javaw.exe
[2013/01/15 10:32:01 | 000,174,496 | ---- | C] (Oracle Corporation) -- C:\WINDOWS\System32\java.exe
[2013/01/15 10:32:01 | 000,094,112 | ---- | C] (Oracle Corporation) -- C:\WINDOWS\System32\WindowsAccessBridge.dll
[2013/01/15 09:45:21 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Bruce Moen\My Documents\HearSource Backup
[2013/01/15 09:20:49 | 000,000,000 | ---D | C] -- C:\WINDOWS\temp
[2013/01/14 10:17:55 | 000,000,000 | RHSD | C] -- C:\cmdcons
[2013/01/14 10:15:39 | 000,518,144 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWREG.exe
[2013/01/14 10:15:39 | 000,406,528 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWSC.exe
[2013/01/14 10:15:39 | 000,212,480 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWXCACLS.exe
[2013/01/14 10:15:39 | 000,060,416 | ---- | C] (NirSoft) -- C:\WINDOWS\NIRCMD.exe
[2013/01/14 10:12:09 | 005,024,203 | R--- | C] (Swearware) -- C:\Documents and Settings\Bruce Moen\Desktop\ComboFix.exe
[2013/01/14 10:06:59 | 000,000,000 | ---D | C] -- C:\Qoobox
[2013/01/14 10:06:47 | 000,000,000 | ---D | C] -- C:\WINDOWS\erdnt
[2013/01/11 12:19:43 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Bruce Moen\My Documents\ComboFix Stuff
[2013/01/11 11:57:22 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Bruce Moen\Start Menu\Programs\NirSoft BlueScreenView
[2013/01/11 11:57:22 | 000,000,000 | ---D | C] -- C:\Program Files\NirSoft
[2013/01/11 11:28:12 | 000,000,000 | ---D | C] -- C:\Program Files\Mozilla Firefox
[2013/01/09 17:36:22 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Bruce Moen\Local Settings\Application Data\PCHealth
[2013/01/09 12:30:30 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Bruce Moen\My Documents\Computer Profile
[2013/01/08 20:06:41 | 000,116,224 | ---- | C] (Xerox) -- C:\WINDOWS\System32\dllcache\xrxwiadr.dll
[2013/01/08 20:06:41 | 000,023,040 | ---- | C] (Xerox Corporation) -- C:\WINDOWS\System32\dllcache\xrxwbtmp.dll
[2013/01/08 20:06:38 | 000,004,608 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\xrxflnch.exe
[2013/01/08 20:06:36 | 000,099,865 | ---- | C] (Eicon Technology) -- C:\WINDOWS\System32\dllcache\xlog.exe
[2013/01/08 20:06:36 | 000,016,970 | ---- | C] (US Robotics MCD (Megahertz)) -- C:\WINDOWS\System32\dllcache\xem336n5.sys
[2013/01/08 20:06:33 | 000,019,455 | ---- | C] (Intel® Corporation) -- C:\WINDOWS\System32\dllcache\wvchntxx.sys
[2013/01/08 20:06:30 | 000,012,063 | ---- | C] (Intel® Corporation) -- C:\WINDOWS\System32\dllcache\wsiintxx.sys
[2013/01/08 20:06:28 | 000,008,192 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\wshirda.dll
[2013/01/08 20:06:13 | 000,008,832 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\wmiacpi.sys
[2013/01/08 20:06:11 | 000,154,624 | ---- | C] (Lucent Technologies) -- C:\WINDOWS\System32\dllcache\wlluc48.sys
[2013/01/08 20:06:10 | 000,034,890 | ---- | C] (Raytheon Corp.) -- C:\WINDOWS\System32\dllcache\wlandrv2.sys
[2013/01/08 20:06:04 | 000,771,581 | ---- | C] (Rockwell) -- C:\WINDOWS\System32\dllcache\winacisa.sys
[2013/01/08 20:06:02 | 000,087,040 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\wiafbdrv.dll
[2013/01/08 20:06:02 | 000,053,760 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\wiamsmud.dll
[2013/01/08 20:05:58 | 000,701,386 | ---- | C] (3Com Corporation) -- C:\WINDOWS\System32\dllcache\wdhaalba.sys
[2013/01/08 20:05:57 | 000,023,615 | ---- | C] (Intel® Corporation) -- C:\WINDOWS\System32\dllcache\wch7xxnt.sys
[2013/01/08 20:05:56 | 000,031,744 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\wceusbsh.sys
[2013/01/08 20:05:55 | 000,035,871 | ---- | C] (Winbond Electronics Corp.) -- C:\WINDOWS\System32\dllcache\wbfirdma.sys
[2013/01/08 20:05:51 | 000,033,599 | ---- | C] (Intel® Corporation) -- C:\WINDOWS\System32\dllcache\watv04nt.sys
[2013/01/08 20:05:50 | 000,019,551 | ---- | C] (Intel® Corporation) -- C:\WINDOWS\System32\dllcache\watv02nt.sys
[2013/01/08 20:05:48 | 000,029,311 | ---- | C] (Intel® Corporation) -- C:\WINDOWS\System32\dllcache\watv01nt.sys
[2013/01/08 20:05:45 | 000,011,775 | ---- | C] (Intel® Corporation) -- C:\WINDOWS\System32\dllcache\wadv05nt.sys
[2013/01/08 20:05:43 | 000,012,127 | ---- | C] (Intel® Corporation) -- C:\WINDOWS\System32\dllcache\wadv02nt.sys
[2013/01/08 20:05:42 | 000,012,415 | ---- | C] (Intel® Corporation) -- C:\WINDOWS\System32\dllcache\wadv01nt.sys
[2013/01/08 20:05:40 | 000,016,925 | ---- | C] (Winbond Electronics Corporation) -- C:\WINDOWS\System32\dllcache\w940nd.sys
[2013/01/08 20:05:39 | 000,019,528 | ---- | C] (Winbond Electronics Corporation) -- C:\WINDOWS\System32\dllcache\w840nd.sys
[2013/01/08 20:05:39 | 000,019,016 | ---- | C] (Winbond Electronics Corporation) -- C:\WINDOWS\System32\dllcache\w926nd.sys
[2013/01/08 20:05:33 | 000,249,402 | ---- | C] (Xircom) -- C:\WINDOWS\System32\dllcache\vinwm.sys
[2013/01/08 20:05:33 | 000,024,576 | ---- | C] (VIA Technologies, Inc.) -- C:\WINDOWS\System32\dllcache\viairda.sys
[2013/01/08 20:05:29 | 000,687,999 | ---- | C] (U.S. Robotics Corporation) -- C:\WINDOWS\System32\dllcache\usrwdxjs.sys
[2013/01/08 20:05:28 | 000,765,884 | ---- | C] (U.S. Robotics, Inc.) -- C:\WINDOWS\System32\dllcache\usrti.sys
[2013/01/08 20:05:27 | 000,113,762 | ---- | C] (U.S. Robotics Corporation) -- C:\WINDOWS\System32\dllcache\usrpda.sys
[2013/01/08 20:05:26 | 000,007,556 | ---- | C] (U.S. Robotics Corporation) -- C:\WINDOWS\System32\dllcache\usroslba.sys
[2013/01/08 20:05:25 | 000,794,399 | ---- | C] (U.S. Robotics, Inc.) -- C:\WINDOWS\System32\dllcache\usr1806v.sys
[2013/01/08 20:05:25 | 000,224,802 | ---- | C] (U.S. Robotics Corporation) -- C:\WINDOWS\System32\dllcache\usr1807a.sys
[2013/01/08 20:05:24 | 000,793,598 | ---- | C] (U.S. Robotics, Inc.) -- C:\WINDOWS\System32\dllcache\usr1806.sys
[2013/01/08 20:05:23 | 000,794,654 | ---- | C] (U.S. Robotics, Inc.) -- C:\WINDOWS\System32\dllcache\usr1801.sys
[2013/01/08 20:05:20 | 000,026,112 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\usbser.sys
[2013/01/08 20:05:16 | 000,032,384 | ---- | C] (KLSI USA, Inc.) -- C:\WINDOWS\System32\dllcache\usb101et.sys
[2013/01/08 20:05:12 | 000,094,720 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\umaxud32.dll
[2013/01/08 20:05:12 | 000,069,632 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\umaxu12.dll
[2013/01/08 20:05:12 | 000,028,160 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\umaxu40.dll
[2013/01/08 20:05:12 | 000,026,624 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\umaxu22.dll
[2013/01/08 20:05:11 | 000,050,688 | ---- | C] (UMAX DATA SYSTEMS INC.) -- C:\WINDOWS\System32\dllcache\umaxscan.dll
[2013/01/08 20:05:11 | 000,022,912 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\umaxpcls.sys
[2013/01/08 20:05:10 | 000,211,968 | ---- | C] (UMAX Data Systems Inc.) -- C:\WINDOWS\System32\dllcache\um54scan.dll
[2013/01/08 20:05:10 | 000,050,176 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\umaxp60.dll
[2013/01/08 20:05:10 | 000,047,616 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\umaxcam.dll
[2013/01/08 20:05:09 | 000,216,064 | ---- | C] (UMAX Data Systems Inc.) -- C:\WINDOWS\System32\dllcache\um34scan.dll
[2013/01/08 20:05:09 | 000,036,736 | ---- | C] (Promise Technology, Inc.) -- C:\WINDOWS\System32\dllcache\ultra.sys
[2013/01/08 20:05:07 | 000,011,520 | ---- | C] (IBM Corporation) -- C:\WINDOWS\System32\dllcache\twotrack.sys
[2013/01/08 20:05:03 | 000,525,568 | ---- | C] (Trident Microsystems Inc.) -- C:\WINDOWS\System32\dllcache\tridxp.dll
[2013/01/08 20:05:03 | 000,166,784 | ---- | C] (Trident Microsystems Inc.) -- C:\WINDOWS\System32\dllcache\tridxpm.sys
[2013/01/08 20:05:02 | 000,440,576 | ---- | C] (Trident Microsystems Inc.) -- C:\WINDOWS\System32\dllcache\tridkb.dll
[2013/01/08 20:05:02 | 000,159,232 | ---- | C] (Trident Microsystems Inc.) -- C:\WINDOWS\System32\dllcache\tridkbm.sys
[2013/01/08 20:05:01 | 000,315,520 | ---- | C] (Trident Microsystems Inc.) -- C:\WINDOWS\System32\dllcache\trid3d.dll
[2013/01/08 20:05:01 | 000,222,336 | ---- | C] (Trident Microsystems Inc.) -- C:\WINDOWS\System32\dllcache\trid3dm.sys
[2013/01/08 20:04:59 | 000,042,496 | ---- | C] (IBM Corporation) -- C:\WINDOWS\System32\dllcache\tp4res.dll
[2013/01/08 20:04:59 | 000,034,375 | ---- | C] (Intel Corporation) -- C:\WINDOWS\System32\dllcache\tpro4.sys
[2013/01/08 20:04:58 | 000,082,944 | ---- | C] (IBM Corporation) -- C:\WINDOWS\System32\dllcache\tp4mon.exe
[2013/01/08 20:04:58 | 000,031,744 | ---- | C] (IBM Corporation) -- C:\WINDOWS\System32\dllcache\tp4.dll
[2013/01/08 20:04:56 | 000,004,992 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\toside.sys
[2013/01/08 20:04:55 | 000,241,664 | ---- | C] (Toshiba Corporation) -- C:\WINDOWS\System32\dllcache\tosdvd02.sys
[2013/01/08 20:04:55 | 000,230,912 | ---- | C] (Toshiba Corporation) -- C:\WINDOWS\System32\dllcache\tosdvd03.sys
[2013/01/08 20:04:54 | 000,028,232 | ---- | C] (TOSHIBA Corporation) -- C:\WINDOWS\System32\dllcache\tos4mo.sys
[2013/01/08 20:04:53 | 000,123,995 | ---- | C] (Tiger Jet Network) -- C:\WINDOWS\System32\dllcache\tjisdn.sys
[2013/01/08 20:04:51 | 000,138,528 | ---- | C] (Trident Microsystems Inc.) -- C:\WINDOWS\System32\dllcache\tgiulnt5.sys
[2013/01/08 20:04:51 | 000,081,408 | ---- | C] (Trident Microsystems Inc.) -- C:\WINDOWS\System32\dllcache\tgiul50.dll
[2013/01/08 20:04:49 | 000,149,376 | ---- | C] (M-Systems) -- C:\WINDOWS\System32\dllcache\tffsport.sys
[2013/01/08 20:04:47 | 000,017,129 | ---- | C] (TDK Corporation) -- C:\WINDOWS\System32\dllcache\tdkcd31.sys
[2013/01/08 20:04:45 | 000,037,961 | ---- | C] (TDK Corporation) -- C:\WINDOWS\System32\dllcache\tdk100b.sys
[2013/01/08 20:04:41 | 000,030,464 | ---- | C] (Toshiba Corporation) -- C:\WINDOWS\System32\dllcache\tbatm155.sys
[2013/01/08 20:04:39 | 000,007,040 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\tandqic.sys
[2013/01/08 20:04:38 | 000,172,768 | ---- | C] (Number Nine Visual Technology) -- C:\WINDOWS\System32\dllcache\t2r4disp.dll
[2013/01/08 20:04:38 | 000,036,640 | ---- | C] (Number Nine Visual Technology Corp.) -- C:\WINDOWS\System32\dllcache\t2r4mini.sys
[2013/01/08 20:04:34 | 000,032,640 | ---- | C] (LSI Logic) -- C:\WINDOWS\System32\dllcache\symc8xx.sys
[2013/01/08 20:04:33 | 000,030,688 | ---- | C] (LSI Logic) -- C:\WINDOWS\System32\dllcache\sym_u3.sys
[2013/01/08 20:04:33 | 000,016,256 | ---- | C] (Symbios Logic Inc.) -- C:\WINDOWS\System32\dllcache\symc810.sys
[2013/01/08 20:04:32 | 000,094,293 | ---- | C] (Perle Systems Ltd. ) -- C:\WINDOWS\System32\dllcache\sxports.dll
[2013/01/08 20:04:32 | 000,028,384 | ---- | C] (LSI Logic) -- C:\WINDOWS\System32\dllcache\sym_hi.sys
[2013/01/08 20:04:31 | 000,103,936 | ---- | C] (Perle Systems Ltd. ) -- C:\WINDOWS\System32\dllcache\sx.sys
[2013/01/08 20:04:31 | 000,010,240 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\swpidflt.dll
[2013/01/08 20:04:31 | 000,003,968 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\swusbflt.sys
[2013/01/08 20:04:30 | 000,053,760 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\sw_wheel.dll
[2013/01/08 20:04:30 | 000,010,240 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\swpdflt2.dll
[2013/01/08 20:04:29 | 000,041,472 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\sw_effct.dll
[2013/01/08 20:04:28 | 000,155,648 | ---- | C] (Stallion Technologies) -- C:\WINDOWS\System32\dllcache\stlnprop.dll
[2013/01/08 20:04:28 | 000,053,248 | ---- | C] (Stallion Technologies) -- C:\WINDOWS\System32\dllcache\stlncoin.dll
[2013/01/08 20:04:27 | 000,285,760 | ---- | C] (Stallion Technologies) -- C:\WINDOWS\System32\dllcache\stlnata.sys
[2013/01/08 20:04:26 | 000,016,896 | ---- | C] (SCM Microsystems, Inc.) -- C:\WINDOWS\System32\dllcache\stcusb.sys
[2013/01/08 20:04:21 | 000,048,736 | ---- | C] (3Com) -- C:\WINDOWS\System32\dllcache\srwlnd5.sys
[2013/01/08 20:04:20 | 000,099,328 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\srusd.dll
[2013/01/08 20:04:17 | 000,024,660 | ---- | C] (Perle Systems Ltd.) -- C:\WINDOWS\System32\dllcache\spxupchk.dll
[2013/01/08 20:04:14 | 000,106,584 | ---- | C] (Perle Systems Ltd.) -- C:\WINDOWS\System32\dllcache\spdports.dll
[2013/01/08 20:04:14 | 000,061,824 | ---- | C] (Perle Systems Ltd.) -- C:\WINDOWS\System32\dllcache\speed.sys
[2013/01/08 20:04:13 | 000,019,072 | ---- | C] (Adaptec, Inc.) -- C:\WINDOWS\System32\dllcache\sparrow.sys
[2013/01/08 20:04:12 | 000,007,552 | ---- | C] (Sony Corporation) -- C:\WINDOWS\System32\dllcache\sonypvu1.sys
[2013/01/08 20:04:11 | 000,114,688 | ---- | C] (Sony Corporation) -- C:\WINDOWS\System32\dllcache\sonypi.dll
[2013/01/08 20:04:11 | 000,037,040 | ---- | C] (Sony Corporation) -- C:\WINDOWS\System32\dllcache\sonypi.sys
[2013/01/08 20:04:10 | 000,020,752 | ---- | C] (Sony Corporation) -- C:\WINDOWS\System32\dllcache\sonync.sys
[2013/01/08 20:04:10 | 000,009,600 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\sonymc.sys
[2013/01/08 20:04:08 | 000,007,552 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\sonyait.sys
[2013/01/08 20:04:07 | 000,007,040 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\snyaitmc.sys
[2013/01/08 20:04:01 | 000,058,368 | ---- | C] (Silicon Motion Inc.) -- C:\WINDOWS\System32\dllcache\smiminib.sys
[2013/01/08 20:04:00 | 000,147,200 | ---- | C] (Silicon Motion Inc.) -- C:\WINDOWS\System32\dllcache\smidispb.dll
[2013/01/08 20:03:58 | 000,025,034 | ---- | C] (SMC Networks, Inc.) -- C:\WINDOWS\System32\dllcache\smcpwr2n.sys
[2013/01/08 20:03:57 | 000,035,913 | ---- | C] (SMC) -- C:\WINDOWS\System32\dllcache\smcirda.sys
[2013/01/08 20:03:57 | 000,024,576 | ---- | C] (SMC Networks, Inc.) -- C:\WINDOWS\System32\dllcache\smc8000n.sys
[2013/01/08 20:03:56 | 000,006,784 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\smbhc.sys
[2013/01/08 20:03:55 | 000,006,912 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\smbclass.sys
[2013/01/08 20:03:54 | 000,016,000 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\smbbatt.sys
[2013/01/08 20:03:53 | 000,045,568 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\smb3w.dll
[2013/01/08 20:03:52 | 000,033,792 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\smb0w.dll
[2013/01/08 20:03:52 | 000,028,672 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\sma0w.dll
[2013/01/08 20:03:50 | 000,028,160 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\sm91w.dll
[2013/01/08 20:03:44 | 000,091,294 | ---- | C] (SysKonnect, a business unit of Schneider & Koch & Co. Datensysteme GmbH.) -- C:\WINDOWS\System32\dllcache\skfpwin.sys
[2013/01/08 20:03:44 | 000,063,547 | ---- | C] (Symbol Technologies) -- C:\WINDOWS\System32\dllcache\sla30nd5.sys
[2013/01/08 20:03:42 | 000,094,698 | ---- | C] (SysKonnect GmbH.) -- C:\WINDOWS\System32\dllcache\sk98xwin.sys
[2013/01/08 20:03:41 | 000,157,696 | ---- | C] (Silicon Integrated Systems Corporation) -- C:\WINDOWS\System32\dllcache\sisv256.dll
[2013/01/08 20:03:41 | 000,050,432 | ---- | C] (Silicon Integrated Systems Corporation) -- C:\WINDOWS\System32\dllcache\sisv.sys
[2013/01/08 20:03:39 | 000,238,592 | ---- | C] (Silicon Integrated Systems Corporation) -- C:\WINDOWS\System32\dllcache\sisgrv.dll
[2013/01/08 20:03:39 | 000,032,768 | ---- | C] (SiS Corporation) -- C:\WINDOWS\System32\dllcache\sisnic.sys
[2013/01/08 20:03:38 | 000,150,144 | ---- | C] (Silicon Integrated Systems Corporation) -- C:\WINDOWS\System32\dllcache\sis6306v.dll
[2013/01/08 20:03:38 | 000,104,064 | ---- | C] (Silicon Integrated Systems Corporation) -- C:\WINDOWS\System32\dllcache\sisgrp.sys
[2013/01/08 20:03:37 | 000,252,032 | ---- | C] (Silicon Integrated Systems Corporation) -- C:\WINDOWS\System32\dllcache\sis300iv.dll
[2013/01/08 20:03:37 | 000,068,608 | ---- | C] (Silicon Integrated Systems Corporation) -- C:\WINDOWS\System32\dllcache\sis6306p.sys
[2013/01/08 20:03:36 | 000,101,760 | ---- | C] (Silicon Integrated Systems Corporation) -- C:\WINDOWS\System32\dllcache\sis300ip.sys
[2013/01/08 20:03:29 | 000,161,568 | ---- | C] (Micro Systemation) -- C:\WINDOWS\System32\dllcache\sgsmusb.sys
[2013/01/08 20:03:29 | 000,018,400 | ---- | C] (Micro Systemation) -- C:\WINDOWS\System32\dllcache\sgsmld.sys
[2013/01/08 20:03:28 | 000,386,560 | ---- | C] (Trident Microsystems Inc.) -- C:\WINDOWS\System32\dllcache\sgiul50.dll
[2013/01/08 20:03:28 | 000,098,080 | ---- | C] (Trident Microsystems Inc.) -- C:\WINDOWS\System32\dllcache\sgiulnt5.sys
[2013/01/08 20:03:27 | 000,036,480 | ---- | C] (Creative Technology Ltd.) -- C:\WINDOWS\System32\dllcache\sfmanm.sys
[2013/01/08 20:03:23 | 000,017,664 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\sermouse.sys
[2013/01/08 20:03:20 | 000,006,912 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\seaddsmc.sys
[2013/01/08 20:03:19 | 000,011,520 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\scsiscan.sys
[2013/01/08 20:03:18 | 000,011,648 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\scsiprnt.sys
[2013/01/08 20:03:16 | 000,017,280 | ---- | C] (SCM Microsystems) -- C:\WINDOWS\System32\dllcache\scr111.sys
[2013/01/08 20:03:15 | 000,016,640 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\scmstcs.sys
[2013/01/08 20:03:14 | 000,023,936 | ---- | C] (OMNIKEY AG) -- C:\WINDOWS\System32\dllcache\sccmusbm.sys
[2013/01/08 20:03:14 | 000,023,936 | ---- | C] (OMNIKEY AG) -- C:\WINDOWS\System32\dllcache\sccmn50m.sys
[2013/01/08 20:03:12 | 000,043,904 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\sbp2port.sys
[2013/01/08 20:03:11 | 000,495,616 | ---- | C] (Creative Technology Ltd.) -- C:\WINDOWS\System32\dllcache\sblfx.dll
[2013/01/08 20:03:09 | 000,245,632 | ---- | C] (S3 Graphics, Inc.) -- C:\WINDOWS\System32\dllcache\s3savmx.dll
[2013/01/08 20:03:09 | 000,075,392 | ---- | C] (S3 Graphics, Inc.) -- C:\WINDOWS\System32\dllcache\s3savmxm.sys
[2013/01/08 20:03:08 | 000,198,400 | ---- | C] (S3 Incorporated) -- C:\WINDOWS\System32\dllcache\s3sav4.dll
[2013/01/08 20:03:08 | 000,077,824 | ---- | C] (S3 Incorporated) -- C:\WINDOWS\System32\dllcache\s3sav4m.sys
[2013/01/08 20:03:07 | 000,210,496 | ---- | C] (S3 Incorporated) -- C:\WINDOWS\System32\dllcache\s3mvirge.dll
[2013/01/08 20:03:07 | 000,179,264 | ---- | C] (S3 Incorporated) -- C:\WINDOWS\System32\dllcache\s3sav3d.dll
[2013/01/08 20:03:07 | 000,061,504 | ---- | C] (S3 Incorporated) -- C:\WINDOWS\System32\dllcache\s3sav3dm.sys
[2013/01/08 20:03:06 | 000,062,496 | ---- | C] (S3 Incorporated) -- C:\WINDOWS\System32\dllcache\s3mtrio.dll
[2013/01/08 20:03:06 | 000,041,216 | ---- | C] (S3 Incorporated) -- C:\WINDOWS\System32\dllcache\s3mt3d.sys
[2013/01/08 20:03:05 | 000,182,272 | ---- | C] (S3 Incorporated) -- C:\WINDOWS\System32\dllcache\s3mt3d.dll
[2013/01/08 20:03:05 | 000,166,720 | ---- | C] (S3 Incorporated) -- C:\WINDOWS\System32\dllcache\s3m.sys
[2013/01/08 20:03:04 | 000,065,664 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\s3legacy.sys
[2013/01/08 20:03:03 | 000,082,432 | ---- | C] (Ricoh Co., Ltd.) -- C:\WINDOWS\System32\dllcache\rwia450.dll
[2013/01/08 20:03:03 | 000,079,872 | ---- | C] (Ricoh Co., Ltd.) -- C:\WINDOWS\System32\dllcache\rwia430.dll
[2013/01/08 20:03:01 | 000,029,696 | ---- | C] (Ricoh Co., Ltd.) -- C:\WINDOWS\System32\dllcache\rw450ext.dll
[2013/01/08 20:03:00 | 000,027,648 | ---- | C] (Ricoh Co., Ltd.) -- C:\WINDOWS\System32\dllcache\rw430ext.dll
[2013/01/08 20:02:57 | 000,020,992 | ---- | C] (Realtek Semiconductor Corporation) -- C:\WINDOWS\System32\dllcache\rtl8139.sys
[2013/01/08 20:02:56 | 000,030,720 | ---- | C] (Conexant Systems Inc.) -- C:\WINDOWS\System32\dllcache\rthwcls.sys
[2013/01/08 20:02:56 | 000,019,017 | ---- | C] (Realtek Semiconductor Corporation) -- C:\WINDOWS\System32\dllcache\rtl8029.sys
[2013/01/08 20:02:54 | 000,009,216 | ---- | C] (Brother Industries, Ltd.) -- C:\WINDOWS\System32\dllcache\rsmgrstr.dll
[2013/01/08 20:02:52 | 000,003,840 | ---- | C] (Conexant Systems Inc.) -- C:\WINDOWS\System32\dllcache\rpfun.sys
[2013/01/08 20:02:49 | 000,079,104 | ---- | C] (Comtrol Corporation) -- C:\WINDOWS\System32\dllcache\rocket.sys
[2013/01/08 20:02:48 | 000,037,563 | ---- | C] (RadioLAN) -- C:\WINDOWS\System32\dllcache\rlnet5.sys
[2013/01/08 20:02:47 | 000,086,097 | ---- | C] (Xircom) -- C:\WINDOWS\System32\dllcache\reslog32.dll
[2013/01/08 20:02:34 | 000,019,584 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\rasirda.sys
[2013/01/08 20:02:32 | 000,714,762 | ---- | C] (Xircom, Inc.) -- C:\WINDOWS\System32\dllcache\r2mdmkxx.sys
[2013/01/08 20:02:31 | 000,899,146 | ---- | C] (Xircom, Inc.) -- C:\WINDOWS\System32\dllcache\r2mdkxga.sys
[2013/01/08 20:02:30 | 000,041,472 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\qvusd.dll
[2013/01/08 20:02:29 | 000,003,328 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\qv2kux.sys
[2013/01/08 20:02:26 | 000,049,024 | ---- | C] (QLogic Corporation) -- C:\WINDOWS\System32\dllcache\ql1280.sys
[2013/01/08 20:02:26 | 000,040,448 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\ql1240.sys
[2013/01/08 20:02:25 | 000,045,312 | ---- | C] (QLogic Corporation) -- C:\WINDOWS\System32\dllcache\ql12160.sys
[2013/01/08 20:02:25 | 000,033,152 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\ql10wnt.sys
[2013/01/08 20:02:24 | 000,040,320 | ---- | C] (QLogic Corporation) -- C:\WINDOWS\System32\dllcache\ql1080.sys
[2013/01/08 20:02:23 | 000,006,016 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\qic157.sys
[2013/01/08 20:02:21 | 000,130,942 | ---- | C] (PCTEL, INC.) -- C:\WINDOWS\System32\dllcache\ptserlv.sys
[2013/01/08 20:02:20 | 000,128,286 | ---- | C] (PCTEL, INC.) -- C:\WINDOWS\System32\dllcache\ptserli.sys
[2013/01/08 20:02:19 | 000,159,232 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\ptpusd.dll
[2013/01/08 20:02:19 | 000,005,632 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\ptpusb.dll
[2013/01/08 20:02:18 | 000,035,328 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\psisload.dll
[2013/01/08 20:02:17 | 000,016,128 | ---- | C] (SCM Microsystems, Inc.) -- C:\WINDOWS\System32\dllcache\pscr.sys
[2013/01/08 20:02:13 | 000,017,792 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\ppa.sys
[2013/01/08 20:02:13 | 000,017,664 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\ppa3.sys
[2013/01/08 20:02:12 | 000,008,832 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\powerfil.sys
[2013/01/08 20:02:11 | 000,007,168 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\pnrmc.sys
[2013/01/08 20:02:04 | 000,121,344 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\phvfwext.dll
[2013/01/08 20:02:04 | 000,019,840 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\philtune.sys
[2013/01/08 20:02:03 | 000,173,696 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\philcam2.sys
[2013/01/08 20:02:03 | 000,092,416 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\phildec.sys
[2013/01/08 20:02:02 | 000,075,776 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\philcam1.sys
[2013/01/08 20:02:02 | 000,016,384 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\philcam1.dll
[2013/01/08 20:02:01 | 000,105,984 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\phdsext.ax
[2013/01/08 20:02:00 | 000,259,328 | ---- | C] (Microsoft Corp., 3Dlabs Inc. Ltd.) -- C:\WINDOWS\System32\dllcache\perm3dd.dll
[2013/01/08 20:01:59 | 000,028,032 | ---- | C] (Microsoft Corp., 3Dlabs Inc. Ltd.) -- C:\WINDOWS\System32\dllcache\perm3.sys
[2013/01/08 20:01:58 | 000,211,584 | ---- | C] (Microsoft Corp., 3Dlabs Inc. Ltd.) -- C:\WINDOWS\System32\dllcache\perm2dll.dll
[2013/01/08 20:01:57 | 000,027,904 | ---- | C] (Microsoft Corp., 3Dlabs Inc. Ltd.) -- C:\WINDOWS\System32\dllcache\perm2.sys
[2013/01/08 20:01:56 | 000,005,504 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\perc2hib.sys
[2013/01/08 20:01:55 | 000,027,296 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\perc2.sys
[2013/01/08 20:01:54 | 000,169,984 | ---- | C] (Cisco Systems) -- C:\WINDOWS\System32\dllcache\pcx500.sys
[2013/01/08 20:01:53 | 000,035,328 | ---- | C] (AMD Inc.) -- C:\WINDOWS\System32\dllcache\pcntpci5.sys
[2013/01/08 20:01:52 | 000,030,282 | ---- | C] (AMD Inc.) -- C:\WINDOWS\System32\dllcache\pcntn5hl.sys
[2013/01/08 20:01:52 | 000,029,769 | ---- | C] (AMD Inc.) -- C:\WINDOWS\System32\dllcache\pcntn5m.sys
[2013/01/08 20:01:51 | 000,026,153 | ---- | C] (Linksys) -- C:\WINDOWS\System32\dllcache\pcmlm56.sys
[2013/01/08 20:01:49 | 000,029,502 | ---- | C] (Marconi Communications, Inc.) -- C:\WINDOWS\System32\dllcache\pca200e.sys
[2013/01/08 20:01:48 | 000,030,495 | ---- | C] (Linksys) -- C:\WINDOWS\System32\dllcache\pc100nds.sys
[2013/01/08 20:01:45 | 000,044,544 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\ovui2.dll
[2013/01/08 20:01:45 | 000,041,984 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\ovui2rc.dll
[2013/01/08 20:01:44 | 000,039,424 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\ovcoms.exe
[2013/01/08 20:01:44 | 000,025,216 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\ovsound2.sys
[2013/01/08 20:01:44 | 000,020,480 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\ovcomc.dll
[2013/01/08 20:01:43 | 000,351,616 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\ovcodek2.sys
[2013/01/08 20:01:43 | 000,116,736 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\ovcodec2.dll
[2013/01/08 20:01:42 | 000,048,000 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\ovcam2.sys
[2013/01/08 20:01:42 | 000,031,872 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\ovce.sys
[2013/01/08 20:01:42 | 000,028,032 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\ovcd.sys
[2013/01/08 20:01:41 | 000,054,186 | ---- | C] (Ositech Communications, Inc.) -- C:\WINDOWS\System32\dllcache\otcsercb.sys
[2013/01/08 20:01:41 | 000,025,088 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\ovca.sys
[2013/01/08 20:01:40 | 000,043,689 | ---- | C] (Ositech Communications, Inc.) -- C:\WINDOWS\System32\dllcache\otceth5.sys
[2013/01/08 20:01:40 | 000,027,209 | ---- | C] (Ositech Communications, Inc.) -- C:\WINDOWS\System32\dllcache\otc06x5.sys
[2013/01/08 20:01:38 | 000,054,528 | ---- | C] (Yamaha Corp.) -- C:\WINDOWS\System32\dllcache\opl3sax.sys
[2013/01/08 20:01:35 | 000,061,696 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\ohci1394.sys
[2013/01/08 20:01:27 | 000,198,144 | ---- | C] (NVIDIA Corporation) -- C:\WINDOWS\System32\dllcache\nv3.sys
[2013/01/08 20:01:27 | 000,123,776 | ---- | C] (NVIDIA Corporation) -- C:\WINDOWS\System32\dllcache\nv3.dll
[2013/01/08 20:01:21 | 000,051,552 | ---- | C] (Kensington Technology Group) -- C:\WINDOWS\System32\dllcache\ntgrip.sys
[2013/01/08 20:01:20 | 000,009,344 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\ntapm.sys
[2013/01/08 20:01:20 | 000,007,552 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\nsmmc.sys
[2013/01/08 20:01:18 | 000,028,672 | ---- | C] (National Semiconductor Corporation) -- C:\WINDOWS\System32\dllcache\nscirda.sys
[2013/01/08 20:01:15 | 000,126,080 | ---- | C] (NeoMagic Corporation) -- C:\WINDOWS\System32\dllcache\nm5a2wdm.sys
[2013/01/08 20:01:15 | 000,087,040 | ---- | C] (NeoMagic Corporation) -- C:\WINDOWS\System32\dllcache\nm6wdm.sys
[2013/01/08 20:01:13 | 000,032,840 | ---- | C] (NETGEAR Corporation.) -- C:\WINDOWS\System32\dllcache\ngrpci.sys
[2013/01/08 20:01:12 | 000,132,695 | ---- | C] (802.11b) -- C:\WINDOWS\System32\dllcache\netwlan5.sys
[2013/01/08 20:01:08 | 000,065,278 | ---- | C] (Compaq Computer Corporation) -- C:\WINDOWS\System32\dllcache\netflx3.sys
[2013/01/08 20:01:06 | 000,060,480 | ---- | C] (NeoMagic Corporation) -- C:\WINDOWS\System32\dllcache\neo20xx.dll
[2013/01/08 20:01:06 | 000,039,264 | ---- | C] (NeoMagic Corporation) -- C:\WINDOWS\System32\dllcache\neo20xx.sys
[2013/01/08 20:01:05 | 000,015,872 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\ne2000.sys
[2013/01/08 20:01:01 | 000,091,488 | ---- | C] (Number Nine Visual Technology Corp.) -- C:\WINDOWS\System32\dllcache\n9i3disp.dll
[2013/01/08 20:01:00 | 000,027,936 | ---- | C] (Number Nine Visual Technology Corp.) -- C:\WINDOWS\System32\dllcache\n9i3d.sys
[2013/01/08 20:00:59 | 000,059,104 | ---- | C] (Number Nine Visual Technology Corp.) -- C:\WINDOWS\System32\dllcache\n9i128v2.dll
[2013/01/08 20:00:59 | 000,033,088 | ---- | C] (Number Nine Visual Technology Corp.) -- C:\WINDOWS\System32\dllcache\n9i128v2.sys
[2013/01/08 20:00:59 | 000,013,664 | ---- | C] (Number Nine Visual Technology Corp.) -- C:\WINDOWS\System32\dllcache\n9i128.sys
[2013/01/08 20:00:58 | 000,128,000 | ---- | C] (Compaq Computer Corporation) -- C:\WINDOWS\System32\dllcache\n100325.sys
[2013/01/08 20:00:58 | 000,035,392 | ---- | C] (Number Nine Visual Technology Corp.) -- C:\WINDOWS\System32\dllcache\n9i128.dll
[2013/01/08 20:00:57 | 000,052,255 | ---- | C] (Compaq Computer Corporation) -- C:\WINDOWS\System32\dllcache\n1000nt5.sys
[2013/01/08 20:00:56 | 000,075,520 | ---- | C] (Moxa Technologies Co., Ltd.) -- C:\WINDOWS\System32\dllcache\mxport.sys
[2013/01/08 20:00:56 | 000,007,168 | ---- | C] (Moxa Technologies Co., Ltd) -- C:\WINDOWS\System32\dllcache\mxport.dll
[2013/01/08 20:00:55 | 000,019,968 | ---- | C] (Moxa Technologies Co., Ltd) -- C:\WINDOWS\System32\dllcache\mxicfg.dll
[2013/01/08 20:00:55 | 000,019,968 | ---- | C] (Macronix International Co., Ltd. ) -- C:\WINDOWS\System32\dllcache\mxnic.sys
[2013/01/08 20:00:54 | 000,021,888 | ---- | C] (Moxa Technologies Co., Ltd.) -- C:\WINDOWS\System32\dllcache\mxcard.sys
[2013/01/08 20:00:53 | 000,103,296 | ---- | C] (Matrox Graphics Inc) -- C:\WINDOWS\System32\dllcache\mtxvideo.sys
[2013/01/08 20:00:44 | 000,049,024 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\mstape.sys
[2013/01/08 20:00:42 | 000,012,416 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\msriffwv.sys
[2013/01/08 20:00:35 | 000,022,016 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\msircomm.sys
[2013/01/08 20:00:28 | 000,035,200 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\msgame.sys
[2013/01/08 20:00:27 | 000,006,016 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\msfsio.sys
[2013/01/08 20:00:21 | 000,017,280 | ---- | C] (American Megatrends Inc.) -- C:\WINDOWS\System32\dllcache\mraid35x.sys
[2013/01/08 20:00:16 | 000,016,128 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\modemcsa.sys
[2013/01/08 20:00:12 | 000,006,528 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\miniqic.sys
[2013/01/08 20:00:08 | 000,320,384 | ---- | C] (Matrox Graphics Inc.) -- C:\WINDOWS\System32\dllcache\mgaum.sys
[2013/01/08 20:00:07 | 000,235,648 | ---- | C] (Matrox Graphics Inc.) -- C:\WINDOWS\System32\dllcache\mgaud.dll
[2013/01/08 20:00:03 | 000,047,616 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\memgrp.dll
[2013/01/08 20:00:03 | 000,026,112 | ---- | C] (Sony Corporation) -- C:\WINDOWS\System32\dllcache\memstpci.sys
[2013/01/08 20:00:02 | 000,008,320 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\memcard.sys
[2013/01/08 20:00:01 | 000,164,586 | ---- | C] (Madge Networks Ltd) -- C:\WINDOWS\System32\dllcache\mdgndis5.sys
[2013/01/08 19:59:59 | 000,007,424 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\mammoth.sys
[2013/01/08 19:59:56 | 000,058,880 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\m3092dc.dll
[2013/01/08 19:59:56 | 000,048,768 | ---- | C] (ESS Technology, Inc.) -- C:\WINDOWS\System32\dllcache\maestro.sys
[2013/01/08 19:59:55 | 000,058,368 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\m3091dc.dll
[2013/01/08 19:59:55 | 000,022,848 | ---- | C] (Logitech Inc.) -- C:\WINDOWS\System32\dllcache\lwusbhid.sys
[2013/01/08 19:59:54 | 000,020,864 | ---- | C] (Logitech Inc.) -- C:\WINDOWS\System32\dllcache\lwadihid.sys
[2013/01/08 19:59:53 | 000,797,500 | ---- | C] (LT) -- C:\WINDOWS\System32\dllcache\ltsmt.sys
[2013/01/08 19:59:52 | 000,802,683 | ---- | C] (Lucent Technologies) -- C:\WINDOWS\System32\dllcache\ltsm.sys
[2013/01/08 19:59:51 | 000,007,040 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\ltotape.sys
[2013/01/08 19:59:50 | 000,576,746 | ---- | C] (LT) -- C:\WINDOWS\System32\dllcache\ltmdmntl.sys
[2013/01/08 19:59:50 | 000,420,992 | ---- | C] (LT) -- C:\WINDOWS\System32\dllcache\ltmdmntt.sys
[2013/01/08 19:59:49 | 000,606,684 | ---- | C] (LT) -- C:\WINDOWS\System32\dllcache\ltmdmnt.sys
[2013/01/08 19:59:48 | 000,727,786 | ---- | C] (Xircom, Inc.) -- C:\WINDOWS\System32\dllcache\ltck000c.sys
[2013/01/08 19:59:45 | 000,004,992 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\loop.sys
[2013/01/08 19:59:42 | 000,070,730 | ---- | C] (Linksys Group, Inc.) -- C:\WINDOWS\System32\dllcache\lne100tx.sys
[2013/01/08 19:59:42 | 000,020,573 | ---- | C] (The Linksts Group ) -- C:\WINDOWS\System32\dllcache\lne100.sys
[2013/01/08 19:59:41 | 000,025,065 | ---- | C] (D-Link) -- C:\WINDOWS\System32\dllcache\lmndis3.sys
[2013/01/08 19:59:40 | 000,015,744 | ---- | C] (Litronic Industries) -- C:\WINDOWS\System32\dllcache\lit220p.sys
[2013/01/08 19:59:38 | 000,034,688 | ---- | C] (Toshiba Corp.) -- C:\WINDOWS\System32\dllcache\lbrtfdc.sys
[2013/01/08 19:59:38 | 000,026,442 | ---- | C] (SMSC) -- C:\WINDOWS\System32\dllcache\lanepic5.sys
[2013/01/08 19:59:37 | 000,019,016 | ---- | C] (Kingston Technology Company ) -- C:\WINDOWS\System32\dllcache\ktc111.sys
[2013/01/08 19:59:36 | 000,037,376 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kousd.dll
[2013/01/08 19:59:34 | 000,253,952 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kdsusd.dll
[2013/01/08 19:59:33 | 000,048,640 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kdsui.dll
[2013/01/08 19:59:15 | 000,026,624 | ---- | C] (SigmaTel, Inc.) -- C:\WINDOWS\System32\dllcache\irstusb.sys
[2013/01/08 19:59:14 | 000,028,160 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\irmon.dll
[2013/01/08 19:59:14 | 000,018,688 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\irsir.sys
[2013/01/08 19:59:13 | 000,023,552 | ---- | C] (MKNet Corporation) -- C:\WINDOWS\System32\dllcache\irmk7.sys
[2013/01/08 19:59:12 | 000,151,552 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\irftp.exe
[2013/01/08 19:59:11 | 000,088,192 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\irda.sys
[2013/01/08 19:59:07 | 000,090,200 | ---- | C] (Perle Systems Ltd. ) -- C:\WINDOWS\System32\dllcache\io8ports.dll
[2013/01/08 19:59:07 | 000,045,632 | ---- | C] (Interphase ® Corporation a Windows ® 2000 DDK Driver Provider) -- C:\WINDOWS\System32\dllcache\ip5515.sys
[2013/01/08 19:59:06 | 000,038,784 | ---- | C] (Perle Systems Ltd. ) -- C:\WINDOWS\System32\dllcache\io8.sys
[2013/01/08 19:59:05 | 000,005,504 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\intelide.sys
[2013/01/08 19:59:04 | 000,016,000 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\ini910u.sys
[2013/01/08 19:59:04 | 000,013,056 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\inport.sys
[2013/01/08 19:58:52 | 000,372,824 | ---- | C] (Xircom) -- C:\WINDOWS\System32\dllcache\iconf32.dll
[2013/01/08 19:58:51 | 000,100,992 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\icam5usb.sys
[2013/01/08 19:58:51 | 000,020,480 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\icam5ext.dll
[2013/01/08 19:58:50 | 000,154,496 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\icam4usb.sys
[2013/01/08 19:58:50 | 000,045,056 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\icam5com.dll
[2013/01/08 19:58:49 | 000,091,136 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\icam4com.dll
[2013/01/08 19:58:49 | 000,061,952 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\icam4ext.dll
[2013/01/08 19:58:49 | 000,026,624 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\icam3ext.dll
[2013/01/08 19:58:48 | 000,141,056 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\icam3.sys
[2013/01/08 19:58:48 | 000,038,528 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\ibmvcap.sys
[2013/01/08 19:58:47 | 000,109,085 | ---- | C] (IBM Corporation) -- C:\WINDOWS\System32\dllcache\ibmtrp.sys
[2013/01/08 19:58:47 | 000,100,936 | ---- | C] (IBM Corporation) -- C:\WINDOWS\System32\dllcache\ibmtok.sys
[2013/01/08 19:58:46 | 000,028,700 | ---- | C] (IBM Corp.) -- C:\WINDOWS\System32\dllcache\ibmexmp.sys
[2013/01/08 19:58:46 | 000,009,216 | ---- | C] (IBM Corporation) -- C:\WINDOWS\System32\dllcache\ibmsgnet.dll
[2013/01/08 19:58:44 | 000,702,845 | ---- | C] (Intel® Corporation) -- C:\WINDOWS\System32\dllcache\i81xdnt5.dll
[2013/01/08 19:58:44 | 000,161,020 | ---- | C] (Intel® Corporation) -- C:\WINDOWS\System32\dllcache\i81xnt5.sys
[2013/01/08 19:58:43 | 000,058,592 | ---- | C] (Intel Corporation) -- C:\WINDOWS\System32\dllcache\i740nt5.sys
[2013/01/08 19:58:42 | 000,353,184 | ---- | C] (Intel Corporation) -- C:\WINDOWS\System32\dllcache\i740dnt5.dll
[2013/01/08 19:58:42 | 000,018,560 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\i2omp.sys
[2013/01/08 19:58:41 | 000,008,576 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\i2omgmt.sys
[2013/01/08 19:58:34 | 000,488,383 | ---- | C] (Conexant) -- C:\WINDOWS\System32\dllcache\hsf_v124.sys
[2013/01/08 19:58:34 | 000,050,751 | ---- | C] (Conexant) -- C:\WINDOWS\System32\dllcache\hsf_tone.sys
[2013/01/08 19:58:33 | 000,073,279 | ---- | C] (Conexant) -- C:\WINDOWS\System32\dllcache\hsf_spkp.sys
[2013/01/08 19:58:33 | 000,044,863 | ---- | C] (Conexant) -- C:\WINDOWS\System32\dllcache\hsf_soar.sys
[2013/01/08 19:58:32 | 000,057,471 | ---- | C] (Conexant) -- C:\WINDOWS\System32\dllcache\hsf_samp.sys
[2013/01/08 19:58:31 | 000,542,879 | ---- | C] (Conexant) -- C:\WINDOWS\System32\dllcache\hsf_msft.sys
[2013/01/08 19:58:31 | 000,391,199 | ---- | C] (Conexant) -- C:\WINDOWS\System32\dllcache\hsf_k56k.sys
[2013/01/08 19:58:30 | 000,115,807 | ---- | C] (Conexant) -- C:\WINDOWS\System32\dllcache\hsf_fsks.sys
[2013/01/08 19:58:30 | 000,009,759 | ---- | C] (Conexant) -- C:\WINDOWS\System32\dllcache\hsf_inst.dll
[2013/01/08 19:58:29 | 000,289,887 | ---- | C] (Conexant) -- C:\WINDOWS\System32\dllcache\hsf_fall.sys
[2013/01/08 19:58:29 | 000,199,711 | ---- | C] (Conexant) -- C:\WINDOWS\System32\dllcache\hsf_faxx.sys
[2013/01/08 19:58:28 | 000,150,239 | ---- | C] (Conexant) -- C:\WINDOWS\System32\dllcache\hsf_amos.sys
[2013/01/08 19:58:28 | 000,067,167 | ---- | C] (Conexant) -- C:\WINDOWS\System32\dllcache\hsf_bsc2.sys
[2013/01/08 19:58:27 | 000,019,456 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\hr1w.dll
[2013/01/08 19:58:25 | 000,013,312 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\hpsjmcro.dll
[2013/01/08 19:58:25 | 000,005,760 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\hpt4qic.sys
[2013/01/08 19:58:24 | 000,324,608 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\hpojwia.dll
[2013/01/08 19:58:24 | 000,025,952 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\hpn.sys
[2013/01/08 19:58:23 | 000,068,608 | ---- | C] (Avisioin) -- C:\WINDOWS\System32\dllcache\hpgt53tk.dll
[2013/01/08 19:58:23 | 000,032,768 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\hpgtmcro.dll
[2013/01/08 19:58:22 | 000,126,976 | ---- | C] (Hewlett Packard) -- C:\WINDOWS\System32\dllcache\hpgt34tk.dll
[2013/01/08 19:58:22 | 000,031,232 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\hpgt42tk.dll
[2013/01/08 19:58:21 | 000,048,128 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\hpgt33tk.dll
[2013/01/08 19:58:20 | 000,123,392 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\hpgt21tk.dll
[2013/01/08 19:58:20 | 000,119,296 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\hpdigwia.dll
[2013/01/08 19:58:18 | 000,002,688 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\hidswvd.sys
[2013/01/08 19:58:17 | 000,008,576 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\hidgame.sys
[2013/01/08 19:58:13 | 000,907,456 | ---- | C] (Conexant) -- C:\WINDOWS\System32\dllcache\hcf_msft.sys
[2013/01/08 19:58:12 | 000,028,288 | ---- | C] (Gemplus) -- C:\WINDOWS\System32\dllcache\grserial.sys
[2013/01/08 19:58:11 | 000,082,304 | ---- | C] (Gemplus) -- C:\WINDOWS\System32\dllcache\grclass.sys
[2013/01/08 19:58:10 | 000,017,408 | ---- | C] (Gemplus) -- C:\WINDOWS\System32\dllcache\gpr400.sys
[2013/01/08 19:58:08 | 000,059,136 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\gckernel.sys
[2013/01/08 19:58:07 | 000,322,432 | ---- | C] (Matrox Graphics Inc.) -- C:\WINDOWS\System32\dllcache\g400m.sys
[2013/01/08 19:58:06 | 001,733,120 | ---- | C] (Matrox Graphics Inc.) -- C:\WINDOWS\System32\dllcache\g400d.dll
[2013/01/08 19:58:06 | 000,320,384 | ---- | C] (Matrox Graphics Inc.) -- C:\WINDOWS\System32\dllcache\g200m.sys
[2013/01/08 19:58:04 | 000,470,144 | ---- | C] (Matrox Graphics Inc.) -- C:\WINDOWS\System32\dllcache\g200d.dll
[2013/01/08 19:58:02 | 000,454,912 | ---- | C] (AVM GmbH) -- C:\WINDOWS\System32\dllcache\fxusbase.sys
[2013/01/08 19:57:54 | 000,092,160 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\fuusd.dll
[2013/01/08 19:57:53 | 000,455,680 | ---- | C] (AVM GmbH) -- C:\WINDOWS\System32\dllcache\fus2base.sys
[2013/01/08 19:57:53 | 000,455,296 | ---- | C] (AVM GmbH) -- C:\WINDOWS\System32\dllcache\fusbbase.sys
[2013/01/08 19:57:49 | 000,442,240 | ---- | C] (AVM GmbH) -- C:\WINDOWS\System32\dllcache\fpnpbase.sys
[2013/01/08 19:57:49 | 000,441,728 | ---- | C] (AVM GmbH) -- C:\WINDOWS\System32\dllcache\fpcmbase.sys
[2013/01/08 19:57:48 | 000,444,416 | ---- | C] (AVM GmbH) -- C:\WINDOWS\System32\dllcache\fpcibase.sys
[2013/01/08 19:57:46 | 000,034,173 | ---- | C] (Marconi Communications, Inc.) -- C:\WINDOWS\System32\dllcache\forehe.sys
[2013/01/08 19:57:45 | 000,071,680 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\fnfilter.dll
[2013/01/08 19:57:41 | 000,027,165 | ---- | C] (VIA Technologies, Inc. ) -- C:\WINDOWS\System32\dllcache\fetnd5.sys
[2013/01/08 19:57:39 | 000,022,090 | ---- | C] (3Com Corporation) -- C:\WINDOWS\System32\dllcache\fem556n5.sys
[2013/01/08 19:57:37 | 000,024,618 | ---- | C] (NETGEAR) -- C:\WINDOWS\System32\dllcache\fa410nd5.sys
[2013/01/08 19:57:36 | 000,016,074 | ---- | C] (NETGEAR Corp.) -- C:\WINDOWS\System32\dllcache\fa312nd5.sys
[2013/01/08 19:57:36 | 000,011,850 | ---- | C] (FUJITSU LIMITED) -- C:\WINDOWS\System32\dllcache\f3ab18xj.sys
[2013/01/08 19:57:35 | 000,012,362 | ---- | C] (FUJITSU LIMITED) -- C:\WINDOWS\System32\dllcache\f3ab18xi.sys
[2013/01/08 19:57:33 | 000,016,998 | ---- | C] (Intel Corporation) -- C:\WINDOWS\System32\dllcache\ex10.sys
[2013/01/08 19:57:33 | 000,007,040 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\exabyte2.sys
[2013/01/08 19:57:29 | 000,045,568 | ---- | C] (SEIKO EPSON CORP.) -- C:\WINDOWS\System32\dllcache\esunib.dll
[2013/01/08 19:57:29 | 000,045,568 | ---- | C] (SEIKO EPSON CORP.) -- C:\WINDOWS\System32\dllcache\esuni.dll
[2013/01/08 19:57:28 | 000,034,816 | ---- | C] (SEIKO EPSON CORP.) -- C:\WINDOWS\System32\dllcache\esuimg.dll
[2013/01/08 19:57:26 | 000,137,088 | ---- | C] (ESS Technology, Inc.) -- C:\WINDOWS\System32\dllcache\essm2e.sys
[2013/01/08 19:57:26 | 000,043,008 | ---- | C] (SEIKO EPSON CORP.) -- C:\WINDOWS\System32\dllcache\esucm.dll
[2013/01/08 19:57:25 | 000,063,360 | ---- | C] (ESS Technology, Inc.) -- C:\WINDOWS\System32\dllcache\ess.sys
[2013/01/08 19:57:22 | 000,347,550 | ---- | C] (ESS Technology, Inc.) -- C:\WINDOWS\System32\dllcache\es56tpi.sys
[2013/01/08 19:57:21 | 000,594,238 | ---- | C] (ESS Technology, Inc.) -- C:\WINDOWS\System32\dllcache\es56hpi.sys
[2013/01/08 19:57:20 | 000,595,647 | ---- | C] (ESS Technology, Inc.) -- C:\WINDOWS\System32\dllcache\es56cvmp.sys
[2013/01/08 19:57:20 | 000,174,464 | ---- | C] (ESS Technology, Inc.) -- C:\WINDOWS\System32\dllcache\es198x.sys
[2013/01/08 19:57:19 | 000,072,192 | ---- | C] (ESS Technology Inc.) -- C:\WINDOWS\System32\dllcache\es1969.sys
[2013/01/08 19:57:19 | 000,040,704 | ---- | C] (Creative Technology Ltd.) -- C:\WINDOWS\System32\dllcache\es1371mp.sys
[2013/01/08 19:57:18 | 000,061,952 | ---- | C] (Equinox Systems Inc.) -- C:\WINDOWS\System32\dllcache\eqnloop.exe
[2013/01/08 19:57:18 | 000,037,120 | ---- | C] (Creative Technology Ltd.) -- C:\WINDOWS\System32\dllcache\es1370mp.sys
[2013/01/08 19:57:17 | 000,051,200 | ---- | C] (Equinox Systems Inc.) -- C:\WINDOWS\System32\dllcache\eqnlogr.exe
[2013/01/08 19:57:16 | 000,053,248 | ---- | C] (Equinox Systems Inc.) -- C:\WINDOWS\System32\dllcache\eqndiag.exe
[2013/01/08 19:57:15 | 000,629,952 | ---- | C] (Equinox Systems Inc.) -- C:\WINDOWS\System32\dllcache\eqn.sys
[2013/01/08 19:57:15 | 000,114,944 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\epstw2k.sys
[2013/01/08 19:57:14 | 000,144,896 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\epcfw2k.sys
[2013/01/08 19:57:14 | 000,018,503 | ---- | C] (Intel Corporation) -- C:\WINDOWS\System32\dllcache\epro4.sys
[2013/01/08 19:57:13 | 000,283,904 | ---- | C] (Creative Technology Ltd.) -- C:\WINDOWS\System32\dllcache\emu10k1m.sys
[2013/01/08 19:57:13 | 000,006,400 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\enum1394.sys
[2013/01/08 19:57:11 | 000,019,996 | ---- | C] (3Com Corporation) -- C:\WINDOWS\System32\dllcache\em556n4.sys
[2013/01/08 19:57:10 | 000,025,159 | ---- | C] (3Com Corporation) -- C:\WINDOWS\System32\dllcache\elnk3.sys
[2013/01/08 19:57:10 | 000,007,296 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\elmsmc.sys
[2013/01/08 19:57:09 | 000,171,520 | ---- | C] (3Com Corporation) -- C:\WINDOWS\System32\dllcache\el99xn51.sys
[2013/01/08 19:57:09 | 000,070,174 | ---- | C] (3Com Corporation) -- C:\WINDOWS\System32\dllcache\el98xn5.sys
[2013/01/08 19:57:08 | 000,455,199 | ---- | C] (3Com Corporation.) -- C:\WINDOWS\System32\dllcache\el985n51.sys
[2013/01/08 19:57:07 | 000,153,631 | ---- | C] (3Com Corporation) -- C:\WINDOWS\System32\dllcache\el90xnd5.sys
[2013/01/08 19:57:07 | 000,066,591 | ---- | C] (3Com Corporation) -- C:\WINDOWS\System32\dllcache\el90xbc5.sys
[2013/01/08 19:57:06 | 000,241,206 | ---- | C] (3Com Corporation) -- C:\WINDOWS\System32\dllcache\el656se5.sys
[2013/01/08 19:57:05 | 000,634,134 | ---- | C] (3Com Corporation) -- C:\WINDOWS\System32\dllcache\el656ct5.sys
[2013/01/08 19:57:05 | 000,077,386 | ---- | C] (3Com Corporation) -- C:\WINDOWS\System32\dllcache\el656nd5.sys
[2013/01/08 19:57:04 | 000,069,194 | ---- | C] (3Com Corporation) -- C:\WINDOWS\System32\dllcache\el656cd5.sys
[2013/01/08 19:57:03 | 000,069,692 | ---- | C] (3Com Corporation) -- C:\WINDOWS\System32\dllcache\el575nd5.sys
[2013/01/08 19:57:03 | 000,026,141 | ---- | C] (3Com Corporation) -- C:\WINDOWS\System32\dllcache\el589nd5.sys
[2013/01/08 19:57:02 | 000,024,653 | ---- | C] (3Com Corporation) -- C:\WINDOWS\System32\dllcache\el574nd4.sys
[2013/01/08 19:57:01 | 000,055,999 | ---- | C] (3Com Corporation) -- C:\WINDOWS\System32\dllcache\el556nd5.sys
[2013/01/08 19:57:01 | 000,044,103 | ---- | C] (3Com Corporation) -- C:\WINDOWS\System32\dllcache\el515.sys
[2013/01/08 19:56:59 | 000,117,760 | ---- | C] (Intel Corporation) -- C:\WINDOWS\System32\dllcache\e100b325.sys
[2013/01/08 19:56:59 | 000,019,594 | ---- | C] (Intel Corporation) -- C:\WINDOWS\System32\dllcache\e100isa4.sys
[2013/01/08 19:56:58 | 000,050,719 | ---- | C] (Intel Corporation) -- C:\WINDOWS\System32\dllcache\e1000nt5.sys
[2013/01/08 19:56:53 | 000,334,208 | ---- | C] (Yamaha Corp.) -- C:\WINDOWS\System32\dllcache\ds1wdm.sys
[2013/01/08 19:56:51 | 000,020,192 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\dpti2o.sys
[2013/01/08 19:56:49 | 000,028,062 | ---- | C] (National Semiconductor Coproration) -- C:\WINDOWS\System32\dllcache\dp83820.sys
[2013/01/08 19:56:49 | 000,023,808 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\dot4usb.sys
[2013/01/08 19:56:48 | 000,012,928 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\dot4prt.sys
[2013/01/08 19:56:48 | 000,008,704 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\dot4scan.sys
[2013/01/08 19:56:47 | 000,206,976 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\dot4.sys
[2013/01/08 19:56:43 | 000,029,696 | ---- | C] (CNet Technology, Inc. ) -- C:\WINDOWS\System32\dllcache\dm9pci5.sys
[2013/01/08 19:56:42 | 000,008,320 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\dlttape.sys
[2013/01/08 19:56:41 | 000,952,007 | ---- | C] (Eicon Technology) -- C:\WINDOWS\System32\dllcache\diwan.sys
[2013/01/08 19:56:41 | 000,026,698 | ---- | C] (D-Link Corporation) -- C:\WINDOWS\System32\dllcache\dlh5xnd5.sys
[2013/01/08 19:56:39 | 000,236,060 | ---- | C] (Eicon Technology) -- C:\WINDOWS\System32\dllcache\ditrace.exe
[2013/01/08 19:56:39 | 000,038,985 | ---- | C] (Eicon Technology) -- C:\WINDOWS\System32\dllcache\disrvsu.dll
[2013/01/08 19:56:38 | 000,031,305 | ---- | C] (Eicon Technology) -- C:\WINDOWS\System32\dllcache\disrvpp.dll
[2013/01/08 19:56:38 | 000,006,729 | ---- | C] (Eicon Technology) -- C:\WINDOWS\System32\dllcache\disrvci.dll
[2013/01/08 19:56:36 | 000,091,305 | ---- | C] (Eicon Technology) -- C:\WINDOWS\System32\dllcache\dimaint.sys
[2013/01/08 19:56:35 | 000,614,429 | ---- | C] (Digi International Inc.) -- C:\WINDOWS\System32\dllcache\digiview.exe
[2013/01/08 19:56:35 | 000,042,432 | ---- | C] (Digi International, Inc.) -- C:\WINDOWS\System32\dllcache\digirlpt.sys
[2013/01/08 19:56:34 | 000,110,621 | ---- | C] (Digi International, Inc.) -- C:\WINDOWS\System32\dllcache\digirlpt.dll
[2013/01/08 19:56:34 | 000,041,046 | ---- | C] (Digi International Inc.) -- C:\WINDOWS\System32\dllcache\digiisdn.dll
[2013/01/08 19:56:34 | 000,021,606 | ---- | C] (Digi International Inc.) -- C:\WINDOWS\System32\dllcache\digiisdn.sys
[2013/01/08 19:56:33 | 000,229,462 | ---- | C] (Digi International Inc.) -- C:\WINDOWS\System32\dllcache\digifwrk.dll
[2013/01/08 19:56:33 | 000,159,828 | ---- | C] (Digi International Inc.) -- C:\WINDOWS\System32\dllcache\digihlc.dll
[2013/01/08 19:56:33 | 000,102,484 | ---- | C] (Digi International Inc.) -- C:\WINDOWS\System32\dllcache\digiinf.dll
[2013/01/08 19:56:32 | 000,090,525 | ---- | C] (Digi International Inc.) -- C:\WINDOWS\System32\dllcache\digifep5.sys
[2013/01/08 19:56:31 | 000,131,156 | ---- | C] (Digi International Inc.) -- C:\WINDOWS\System32\dllcache\digidbp.dll
[2013/01/08 19:56:31 | 000,103,044 | ---- | C] (Digi International Inc.) -- C:\WINDOWS\System32\dllcache\digidxb.sys
[2013/01/08 19:56:31 | 000,037,735 | ---- | C] (Digi International Inc.) -- C:\WINDOWS\System32\dllcache\digiasyn.sys
[2013/01/08 19:56:30 | 000,065,622 | ---- | C] (Digi International Inc.) -- C:\WINDOWS\System32\dllcache\digiasyn.dll
[2013/01/08 19:56:29 | 000,419,357 | ---- | C] (Digi International) -- C:\WINDOWS\System32\dllcache\dgconfig.dll
[2013/01/08 19:56:28 | 000,029,531 | ---- | C] (Digi International Inc.) -- C:\WINDOWS\System32\dllcache\dgapci.sys
[2013/01/08 19:56:27 | 000,024,649 | ---- | C] (D-Link) -- C:\WINDOWS\System32\dllcache\dfe650d.sys
[2013/01/08 19:56:26 | 000,024,648 | ---- | C] (D-Link) -- C:\WINDOWS\System32\dllcache\dfe650.sys
[2013/01/08 19:56:26 | 000,024,064 | ---- | C] (Creative Technology Ltd.) -- C:\WINDOWS\System32\dllcache\devldr32.exe
[2013/01/08 19:56:25 | 000,256,512 | ---- | C] (Creative Technology Ltd.) -- C:\WINDOWS\System32\dllcache\devcon32.dll
[2013/01/08 19:56:24 | 000,020,928 | ---- | C] (Digital Networks, LLC) -- C:\WINDOWS\System32\dllcache\defpa.sys
[2013/01/08 19:56:24 | 000,007,424 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\ddsmc.sys
[2013/01/08 19:56:22 | 000,110,592 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\dc260usd.dll
[2013/01/08 19:56:22 | 000,086,016 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\dc240usd.dll
[2013/01/08 19:56:22 | 000,063,208 | ---- | C] (Intel Corporation.) -- C:\WINDOWS\System32\dllcache\dc21x4.sys
[2013/01/08 19:56:21 | 000,080,896 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\dc210usd.dll
[2013/01/08 19:56:21 | 000,025,600 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\dc210_32.dll
[2013/01/08 19:56:19 | 000,014,720 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\dac960nt.sys
[2013/01/08 19:56:17 | 000,179,584 | ---- | C] (Mylex Corporation) -- C:\WINDOWS\System32\dllcache\dac2w2k.sys
[2013/01/08 19:56:16 | 000,117,760 | ---- | C] (Intel Corporation) -- C:\WINDOWS\System32\dllcache\d100ib5.sys
[2013/01/08 19:56:15 | 000,049,792 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\cyzport.sys
[2013/01/08 19:56:15 | 000,027,648 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\cyzports.dll
[2013/01/08 19:56:15 | 000,027,136 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\cyzcoins.dll
[2013/01/08 19:56:14 | 000,050,176 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\cyyport.sys
[2013/01/08 19:56:14 | 000,027,648 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\cyyports.dll
[2013/01/08 19:56:13 | 000,028,672 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\cyycoins.dll
[2013/01/08 19:56:13 | 000,014,848 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\cyclom-y.sys
[2013/01/08 19:56:12 | 000,048,640 | ---- | C] (Crystal Semiconductor Corp.) -- C:\WINDOWS\System32\dllcache\cwrwdm.sys
[2013/01/08 19:56:12 | 000,017,152 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\cyclad-z.sys
[2013/01/08 19:56:11 | 000,111,872 | ---- | C] (Crystal Semiconductor Corp.) -- C:\WINDOWS\System32\dllcache\cwcspud.sys
[2013/01/08 19:56:11 | 000,093,952 | ---- | C] (Crystal Semiconductor Corp.) -- C:\WINDOWS\System32\dllcache\cwcwdm.sys
[2013/01/08 19:56:10 | 000,072,832 | ---- | C] (Crystal Semiconductor Corp.) -- C:\WINDOWS\System32\dllcache\cwbwdm.sys
[2013/01/08 19:56:10 | 000,003,584 | ---- | C] (Crystal Semiconductor Corp.) -- C:\WINDOWS\System32\dllcache\cwcosnt5.sys
[2013/01/08 19:56:09 | 000,003,072 | ---- | C] (Crystal Semiconductor Corp.) -- C:\WINDOWS\System32\dllcache\cwbmidi.sys
[2013/01/08 19:56:09 | 000,003,072 | ---- | C] (Crystal Semiconductor Corp.) -- C:\WINDOWS\System32\dllcache\cwbase.sys
[2013/01/08 19:56:08 | 000,249,856 | ---- | C] (Comtrol® Corporation) -- C:\WINDOWS\System32\dllcache\ctmasetp.dll
[2013/01/08 19:56:08 | 000,004,096 | ---- | C] (Creative Technology Ltd.) -- C:\WINDOWS\System32\dllcache\ctwdm32.dll
[2013/01/08 19:56:07 | 000,096,256 | ---- | C] (Copyright © Creative Technology Ltd. 1994-2001) -- C:\WINDOWS\System32\dllcache\ctlsb16.sys
[2013/01/08 19:56:07 | 000,003,712 | ---- | C] (Creative Technology Ltd.) -- C:\WINDOWS\System32\dllcache\ctljystk.sys
[2013/01/08 19:56:06 | 000,006,912 | ---- | C] (Creative Technology Ltd.) -- C:\WINDOWS\System32\dllcache\ctlfacem.sys
[2013/01/08 19:56:05 | 000,175,104 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\csamsp.dll
[2013/01/08 19:56:04 | 000,216,064 | ---- | C] (COMPAQ Inc.) -- C:\WINDOWS\System32\dllcache\cpscan.dll
[2013/01/08 19:56:04 | 000,042,112 | ---- | C] (Conexant Systems Inc.) -- C:\WINDOWS\System32\dllcache\crtaud.sys
[2013/01/08 19:56:02 | 000,060,970 | ---- | C] (Compaq Computer Corp.) -- C:\WINDOWS\System32\dllcache\cpqtrnd5.sys
[2013/01/08 19:56:01 | 000,021,533 | ---- | C] (Compaq Computer Corporation) -- C:\WINDOWS\System32\dllcache\cpqndis5.sys
[2013/01/08 19:56:00 | 000,014,976 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\cpqarray.sys
[2013/01/08 19:55:55 | 000,044,032 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\cnusd.dll
[2013/01/08 19:55:55 | 000,039,936 | ---- | C] (Conexant Systems, Inc.) -- C:\WINDOWS\System32\dllcache\cnxt1803.sys
[2013/01/08 19:55:50 | 000,006,656 | ---- | C] (CMD Technology, Inc.) -- C:\WINDOWS\System32\dllcache\cmdide.sys
[2013/01/08 19:55:49 | 000,020,736 | ---- | C] (OMNIKEY AG) -- C:\WINDOWS\System32\dllcache\cmbp0wdm.sys
[2013/01/08 19:55:49 | 000,013,952 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\cmbatt.sys
[2013/01/08 19:55:47 | 000,248,064 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\cl546xm.sys
[2013/01/08 19:55:47 | 000,170,880 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\cl546x.dll
[2013/01/08 19:55:46 | 000,111,232 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\cl5465.dll
[2013/01/08 19:55:45 | 000,091,264 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\cirrus.dll
[2013/01/08 19:55:45 | 000,045,696 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\cirrus.sys
[2013/01/08 19:55:43 | 000,272,640 | ---- | C] (RAVISENT Technologies Inc.) -- C:\WINDOWS\System32\dllcache\cinemclc.sys
[2013/01/08 19:55:41 | 000,980,034 | ---- | C] (Xircom) -- C:\WINDOWS\System32\dllcache\cicap.sys
[2013/01/08 19:55:36 | 000,008,192 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\changer.sys
[2013/01/08 19:55:35 | 000,049,182 | ---- | C] (Xircom, Inc.) -- C:\WINDOWS\System32\dllcache\cem56n5.sys
[2013/01/08 19:55:34 | 000,022,044 | ---- | C] (Xircom, Inc.) -- C:\WINDOWS\System32\dllcache\cem33n5.sys
[2013/01/08 19:55:34 | 000,022,044 | ---- | C] (Xircom, Inc.) -- C:\WINDOWS\System32\dllcache\cem28n5.sys
[2013/01/08 19:55:33 | 000,027,164 | ---- | C] (Xircom, Inc.) -- C:\WINDOWS\System32\dllcache\ce3n5.sys
[2013/01/08 19:55:33 | 000,021,530 | ---- | C] (Xircom, Inc.) -- C:\WINDOWS\System32\dllcache\ce2n5.sys
[2013/01/08 19:55:31 | 000,007,680 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\cd20xrnt.sys
[2013/01/08 19:55:30 | 000,714,698 | ---- | C] (Xircom, Inc.) -- C:\WINDOWS\System32\dllcache\cbmdmkxx.sys
[2013/01/08 19:55:29 | 000,046,108 | ---- | C] (Xircom, Inc.) -- C:\WINDOWS\System32\dllcache\cben5.sys
[2013/01/08 19:55:28 | 000,039,680 | ---- | C] (Silicom Ltd.) -- C:\WINDOWS\System32\dllcache\cb325.sys
[2013/01/08 19:55:27 | 000,037,916 | ---- | C] (Fast Ethernet Controller Provider) -- C:\WINDOWS\System32\dllcache\cb102.sys
[2013/01/08 19:55:27 | 000,032,256 | ---- | C] (Eicon Technology Corporation) -- C:\WINDOWS\System32\dllcache\diapi2NT.dll
[2013/01/08 19:55:26 | 000,164,923 | ---- | C] (Eicon Technology) -- C:\WINDOWS\System32\dllcache\diapi2.sys
[2013/01/08 19:55:25 | 000,121,856 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\camext30.dll
[2013/01/08 19:55:25 | 000,116,736 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\camext30.ax
[2013/01/08 19:55:24 | 000,244,224 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\camext20.ax
[2013/01/08 19:55:24 | 000,236,032 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\camext20.dll
[2013/01/08 19:55:24 | 000,074,240 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\camexo20.dll
[2013/01/08 19:55:23 | 000,171,264 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\camdrv30.sys
[2013/01/08 19:55:23 | 000,073,216 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\camexo20.ax
[2013/01/08 19:55:21 | 000,223,232 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\camdrv21.sys
[2013/01/08 19:55:20 | 000,314,752 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\camdro21.sys
[2013/01/08 19:54:59 | 000,013,824 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\bulltlp3.sys
[2013/01/08 19:54:56 | 000,031,529 | ---- | C] (BreezeCOM) -- C:\WINDOWS\System32\dllcache\brzwlan.sys
[2013/01/08 19:54:56 | 000,010,368 | ---- | C] (Brother Industries Ltd.) -- C:\WINDOWS\System32\dllcache\brusbscn.sys
[2013/01/08 19:54:54 | 000,060,416 | ---- | C] (Brother Industries Ltd.) -- C:\WINDOWS\System32\dllcache\brserwdm.sys
[2013/01/08 19:54:54 | 000,011,008 | ---- | C] (Brother Industries Ltd.) -- C:\WINDOWS\System32\dllcache\brusbmdm.sys
[2013/01/08 19:54:54 | 000,009,728 | ---- | C] (Brother Industries, Ltd.) -- C:\WINDOWS\System32\dllcache\brserif.dll
[2013/01/08 19:54:53 | 000,005,120 | ---- | C] (Brother Industries,Ltd.) -- C:\WINDOWS\System32\dllcache\brscnrsm.dll
[2013/01/08 19:54:52 | 000,039,552 | ---- | C] (Brother Industries Ltd.) -- C:\WINDOWS\System32\dllcache\brparwdm.sys
[2013/01/08 19:54:52 | 000,003,168 | ---- | C] (Brother Industries Ltd.) -- C:\WINDOWS\System32\dllcache\brparimg.sys
[2013/01/08 19:54:51 | 000,041,472 | ---- | C] (Brother Industries, Ltd.) -- C:\WINDOWS\System32\dllcache\brmfusb.dll
[2013/01/08 19:54:51 | 000,032,256 | ---- | C] (Brother Industries, Ltd.) -- C:\WINDOWS\System32\dllcache\brmfrsmg.exe
[2013/01/08 19:54:50 | 000,081,408 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\brmfcwia.dll
[2013/01/08 19:54:50 | 000,029,696 | ---- | C] (Brother Industries, Ltd.) -- C:\WINDOWS\System32\dllcache\brmflpt.dll
[2013/01/08 19:54:50 | 000,015,360 | ---- | C] (Brother Industries, Ltd.) -- C:\WINDOWS\System32\dllcache\brmfbidi.dll
[2013/01/08 19:54:49 | 000,003,968 | ---- | C] (Brother Industries, Ltd.) -- C:\WINDOWS\System32\dllcache\brfiltup.sys
[2013/01/08 19:54:47 | 000,012,160 | ---- | C] (Brother Industries, Ltd.) -- C:\WINDOWS\System32\dllcache\brfiltlo.sys
[2013/01/08 19:54:46 | 000,012,800 | ---- | C] (Brother Industries, Ltd.) -- C:\WINDOWS\System32\dllcache\brevif.dll
[2013/01/08 19:54:46 | 000,002,944 | ---- | C] (Brother Industries Ltd.) -- C:\WINDOWS\System32\dllcache\brfilt.sys
[2013/01/08 19:54:45 | 000,019,456 | ---- | C] (Brother Industries, Ltd.) -- C:\WINDOWS\System32\dllcache\brbidiif.dll
[2013/01/08 19:54:45 | 000,009,728 | ---- | C] (Brother Industries Ltd.) -- C:\WINDOWS\System32\dllcache\brcoinst.dll
[2013/01/08 19:54:42 | 000,102,400 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\binlsvc.dll
[2013/01/08 19:54:41 | 000,871,388 | ---- | C] (BCM) -- C:\WINDOWS\System32\dllcache\bcmdm.sys
[2013/01/08 19:54:40 | 000,054,271 | ---- | C] (Broadcom Corporation) -- C:\WINDOWS\System32\dllcache\bcm42xx5.sys
[2013/01/08 19:54:40 | 000,026,568 | ---- | C] (Broadcom Corporation) -- C:\WINDOWS\System32\dllcache\bcm4e5.sys
[2013/01/08 19:54:39 | 000,066,557 | ---- | C] (Broadcom Corporation) -- C:\WINDOWS\System32\dllcache\bcm42u.sys
[2013/01/08 19:54:38 | 000,036,128 | ---- | C] (3Dfx Interactive, Inc.) -- C:\WINDOWS\System32\dllcache\banshee.sys
[2013/01/08 19:54:37 | 000,342,336 | ---- | C] (3Dfx Interactive, Inc.) -- C:\WINDOWS\System32\dllcache\banshee.dll
[2013/01/08 19:54:37 | 000,096,640 | ---- | C] (Broadcom Corporation) -- C:\WINDOWS\System32\dllcache\b57xp32.sys
[2013/01/08 19:54:36 | 000,089,952 | ---- | C] (AVM GmbH) -- C:\WINDOWS\System32\dllcache\b1cbase.sys
[2013/01/08 19:54:36 | 000,036,992 | ---- | C] (Aztech Systems Ltd) -- C:\WINDOWS\System32\dllcache\aztw2320.sys
[2013/01/08 19:54:35 | 000,144,384 | ---- | C] (AVM GmbH) -- C:\WINDOWS\System32\dllcache\avmenum.dll
[2013/01/08 19:54:35 | 000,037,568 | ---- | C] (AVM GmbH) -- C:\WINDOWS\System32\dllcache\avmwan.sys
[2013/01/08 19:54:34 | 000,087,552 | ---- | C] (AVM GmbH) -- C:\WINDOWS\System32\dllcache\avmcoxp.dll
[2013/01/08 19:54:33 | 000,036,096 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\avcaudio.sys
[2013/01/08 19:54:33 | 000,013,696 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\avcstrm.sys
[2013/01/08 19:54:32 | 000,038,912 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\avc.sys
[2013/01/08 19:54:22 | 000,104,832 | ---- | C] (ATI Technologies Inc.) -- C:\WINDOWS\System32\dllcache\atiraged.dll
[2013/01/08 19:54:22 | 000,070,528 | ---- | C] (ATI Technologies Inc.) -- C:\WINDOWS\System32\dllcache\atiragem.sys
[2013/01/08 19:54:17 | 000,281,600 | ---- | C] (ATI Technologies Inc.) -- C:\WINDOWS\System32\dllcache\atimtai.sys
[2013/01/08 19:54:15 | 000,289,664 | ---- | C] (ATI Technologies Inc.) -- C:\WINDOWS\System32\dllcache\atimpab.sys
[2013/01/08 19:54:15 | 000,075,136 | ---- | C] (ATI Technologies Inc.) -- C:\WINDOWS\System32\dllcache\atimpae.sys
[2013/01/08 19:54:14 | 000,268,160 | ---- | C] (ATI Technologies Inc.) -- C:\WINDOWS\System32\dllcache\atidvai.dll
[2013/01/08 19:54:14 | 000,037,376 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\atievxx.exe
[2013/01/08 19:54:13 | 000,382,592 | ---- | C] (ATI Technologies Inc.) -- C:\WINDOWS\System32\dllcache\atidrab.dll
[2013/01/08 19:54:13 | 000,137,216 | ---- | C] (ATI Technologies Inc.) -- C:\WINDOWS\System32\dllcache\atidrae.dll
[2013/01/08 19:54:05 | 000,096,128 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\ati.dll
[2013/01/08 19:54:05 | 000,077,568 | ---- | C] (ATI Technologies, Inc.) -- C:\WINDOWS\System32\dllcache\ati.sys
[2013/01/08 19:54:02 | 000,097,354 | ---- | C] (Bay Networks, Inc.) -- C:\WINDOWS\System32\dllcache\aspndis3.sys
[2013/01/08 19:54:02 | 000,014,848 | ---- | C] (Advanced System Products, Inc.) -- C:\WINDOWS\System32\dllcache\asc3550.sys
[2013/01/08 19:54:01 | 000,026,496 | ---- | C] (Advanced System Products, Inc.) -- C:\WINDOWS\System32\dllcache\asc.sys
[2013/01/08 19:54:01 | 000,022,400 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\asc3350p.sys
[2013/01/08 19:53:59 | 000,006,272 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\apmbatt.sys
[2013/01/08 19:53:58 | 000,036,224 | ---- | C] (ADMtek Incorporated.) -- C:\WINDOWS\System32\dllcache\an983.sys
[2013/01/08 19:53:58 | 000,012,032 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\amsint.sys
[2013/01/08 19:53:56 | 000,016,969 | ---- | C] (AmbiCom, Inc.) -- C:\WINDOWS\System32\dllcache\amb8002.sys
[2013/01/08 19:53:54 | 000,005,248 | ---- | C] (Acer Laboratories Inc.) -- C:\WINDOWS\System32\dllcache\aliide.sys
[2013/01/08 19:53:53 | 000,027,678 | ---- | C] (Acer Laboratories Inc.) -- C:\WINDOWS\System32\dllcache\ali5261.sys
[2013/01/08 19:53:53 | 000,026,624 | ---- | C] (Acer Laboratories Inc.) -- C:\WINDOWS\System32\dllcache\alifir.sys
[2013/01/08 19:53:52 | 000,056,960 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\aic78xx.sys
[2013/01/08 19:53:51 | 000,055,168 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\aic78u2.sys
[2013/01/08 19:53:51 | 000,012,800 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\aha154x.sys
[2013/01/08 19:53:47 | 000,024,576 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\agcgauge.ax
[2013/01/08 19:51:48 | 000,101,888 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\adpu160m.sys
[2013/01/08 19:51:47 | 000,046,112 | ---- | C] (Adaptec, Inc ) -- C:\WINDOWS\System32\dllcache\adptsf50.sys
[2013/01/08 19:51:47 | 000,010,880 | ---- | C] (Aureal, Inc.) -- C:\WINDOWS\System32\dllcache\admjoy.sys
[2013/01/08 19:51:46 | 000,747,392 | ---- | C] (Aureal, Inc.) -- C:\WINDOWS\System32\dllcache\adm8830.sys
[2013/01/08 19:51:45 | 000,553,984 | ---- | C] (Aureal, Inc.) -- C:\WINDOWS\System32\dllcache\adm8820.sys
[2013/01/08 19:51:44 | 000,584,448 | ---- | C] (Aureal, Inc.) -- C:\WINDOWS\System32\dllcache\adm8810.sys
[2013/01/08 19:51:44 | 000,020,160 | ---- | C] (ADMtek Incorporated) -- C:\WINDOWS\System32\dllcache\adm8511.sys
[2013/01/08 19:51:43 | 000,007,424 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\adicvls.sys
[2013/01/08 19:51:41 | 000,061,440 | ---- | C] (Color Flatbed Scanner) -- C:\WINDOWS\System32\dllcache\acerscad.dll
[2013/01/08 19:51:40 | 000,084,480 | ---- | C] (VIA Technologies, Inc.) -- C:\WINDOWS\System32\dllcache\ac97via.sys
[2013/01/08 19:51:39 | 000,297,728 | ---- | C] (Silicon Integrated Systems Corp.) -- C:\WINDOWS\System32\dllcache\ac97sis.sys
[2013/01/08 19:51:38 | 000,096,256 | ---- | C] (Intel Corporation) -- C:\WINDOWS\System32\dllcache\ac97intc.sys
[2013/01/08 19:51:37 | 000,231,552 | ---- | C] (Acer Laboratories Inc.) -- C:\WINDOWS\System32\dllcache\ac97ali.sys
[2013/01/08 19:51:36 | 000,462,848 | ---- | C] (Aureal Inc.) -- C:\WINDOWS\System32\dllcache\a3dapi.dll
[2013/01/08 19:51:36 | 000,023,552 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\abp480n5.sys
[2013/01/08 19:51:35 | 000,038,400 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\8514a.dll
[2013/01/08 19:51:34 | 000,048,128 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\61883.sys
[2013/01/08 19:51:33 | 000,148,352 | ---- | C] (3dfx Interactive, Inc.) -- C:\WINDOWS\System32\dllcache\3dfxvsm.sys
[2013/01/08 19:51:33 | 000,012,288 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\4mmdat.sys
[2013/01/08 19:51:32 | 000,689,216 | ---- | C] (3dfx Interactive, Inc.) -- C:\WINDOWS\System32\dllcache\3dfxvs.dll
[2013/01/08 19:51:31 | 000,762,780 | ---- | C] (3Com, Inc.) -- C:\WINDOWS\System32\dllcache\3cwmcru.sys
[2013/01/08 19:51:31 | 000,011,264 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\1394vdbg.sys
[2013/01/08 19:51:30 | 000,053,376 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\1394bus.sys
[2013/01/08 19:51:14 | 000,066,048 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\s3legacy.dll
[2013/01/08 12:35:37 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Bruce Moen\Application Data\ColorCop
[2013/01/03 11:22:53 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Documents\Sys
[2012/12/31 15:32:14 | 000,000,000 | ---D | C] -- C:\Program Files\MeeSoft
[2012/12/19 12:57:03 | 000,000,000 | ---D | C] -- C:\Fiji
[2010/06/27 15:00:13 | 000,063,827 | ---- | C] (Zlib) -- C:\Documents and Settings\Bruce Moen\zlib.dll
[2010/06/27 15:00:12 | 001,937,408 | ---- | C] (FreeImage) -- C:\Documents and Settings\Bruce Moen\FreeImage.dll
[2010/06/27 15:00:12 | 000,163,840 | ---- | C] (Compaq Computer Corporation) -- C:\Documents and Settings\Bruce Moen\AVIEW160.DLL
[2010/06/27 15:00:12 | 000,045,056 | ---- | C] (TODO: <Company name>) -- C:\Documents and Settings\Bruce Moen\DigiError.dll
[2004/12/21 11:33:56 | 000,446,464 | ---- | C] (D-Bross) -- C:\Program Files\Voicer.exe
[2 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[1 C:\Documents and Settings\All Users\Application Data\*.tmp files -> C:\Documents and Settings\All Users\Application Data\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2013/01/17 14:41:00 | 000,000,886 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job
[2013/01/17 14:27:06 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Bruce Moen\Desktop\OTL.exe
[2013/01/17 14:25:00 | 000,000,830 | ---- | M] () -- C:\WINDOWS\tasks\Adobe Flash Player Updater.job
[2013/01/17 14:22:10 | 000,000,364 | -H-- | M] () -- C:\WINDOWS\tasks\avast! Emergency Update.job
[2013/01/17 14:02:25 | 000,271,638 | ---- | M] () -- C:\WINDOWS\System32\NvApps.xml
[2013/01/17 14:01:28 | 000,000,069 | ---- | M] () -- C:\WINDOWS\pxisys.ini
[2013/01/17 14:01:28 | 000,000,030 | ---- | M] () -- C:\WINDOWS\pxiesys.ini
[2013/01/17 13:59:17 | 000,000,815 | ---- | M] () -- C:\Documents and Settings\Bruce Moen\Application Data\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser.lnk
[2013/01/17 13:59:03 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2013/01/17 13:45:00 | 000,000,998 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-746137067-2049760794-839522115-1004UA.job
[2013/01/17 12:23:00 | 000,000,452 | ---- | M] () -- C:\WINDOWS\tasks\At3.job
[2013/01/17 11:45:00 | 000,000,946 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-746137067-2049760794-839522115-1004Core.job
[2013/01/17 10:07:10 | 005,024,203 | R--- | M] (Swearware) -- C:\Documents and Settings\Bruce Moen\Desktop\ComboFix.exe
[2013/01/16 20:40:00 | 000,000,452 | ---- | M] () -- C:\WINDOWS\tasks\At2.job
[2013/01/16 16:03:36 | 000,307,688 | ---- | M] () -- C:\Documents and Settings\Bruce Moen\Local Settings\Application Data\census.cache
[2013/01/16 16:03:27 | 000,300,806 | ---- | M] () -- C:\Documents and Settings\Bruce Moen\Local Settings\Application Data\ars.cache
[2013/01/16 14:36:58 | 000,001,374 | ---- | M] () -- C:\WINDOWS\imsins.BAK
[2013/01/16 14:27:15 | 000,000,882 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job
[2013/01/16 14:27:15 | 000,000,288 | ---- | M] () -- C:\WINDOWS\tasks\RealUpgradeLogonTaskS-1-5-21-746137067-2049760794-839522115-1004.job
[2013/01/16 14:24:28 | 000,001,646 | ---- | M] () -- C:\WINDOWS\System32\spupdsvc.inf
[2013/01/16 14:00:00 | 000,000,452 | ---- | M] () -- C:\WINDOWS\tasks\At4.job
[2013/01/16 13:27:19 | 337,993,728 | ---- | M] () -- C:\WINDOWS\MEMORY.DMP
[2013/01/16 12:03:36 | 000,000,512 | ---- | M] () -- C:\Documents and Settings\Bruce Moen\Desktop\MBR.zip
[2013/01/16 12:00:25 | 000,000,512 | ---- | M] () -- C:\Documents and Settings\Bruce Moen\Desktop\MBR.dat
[2013/01/16 10:10:00 | 000,000,452 | ---- | M] () -- C:\WINDOWS\tasks\At1.job
[2013/01/16 09:50:37 | 000,000,917 | ---- | M] () -- C:\Documents and Settings\Bruce Moen\Desktop\Revo Uninstaller.lnk
[2013/01/16 07:11:33 | 000,013,024 | ---- | M] () -- C:\WINDOWS\System32\drivers\SWDUMon.sys
[2013/01/16 06:42:00 | 000,001,854 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\SlimDrivers.lnk
[2013/01/16 05:13:25 | 000,001,766 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\HearSource.lnk
[2013/01/15 14:22:45 | 000,002,625 | ---- | M] () -- C:\WINDOWS\System32\CONFIG.NT
[2013/01/15 13:41:00 | 000,000,706 | ---- | M] () -- C:\Documents and Settings\Bruce Moen\Desktop\WhoCrashed.lnk
[2013/01/15 12:13:02 | 000,000,515 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Spectrum Lab.lnk
[2013/01/15 10:47:45 | 000,001,734 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Adobe Reader XI.lnk
[2013/01/15 10:35:04 | 000,697,864 | ---- | M] (Adobe Systems Incorporated) -- C:\WINDOWS\System32\FlashPlayerApp.exe
[2013/01/15 10:35:03 | 000,074,248 | ---- | M] (Adobe Systems Incorporated) -- C:\WINDOWS\System32\FlashPlayerCPLApp.cpl
[2013/01/15 10:31:50 | 000,094,112 | ---- | M] (Oracle Corporation) -- C:\WINDOWS\System32\WindowsAccessBridge.dll
[2013/01/15 10:31:48 | 000,261,024 | ---- | M] (Oracle Corporation) -- C:\WINDOWS\System32\javaws.exe
[2013/01/15 10:31:48 | 000,174,496 | ---- | M] (Oracle Corporation) -- C:\WINDOWS\System32\javaw.exe
[2013/01/15 10:31:48 | 000,143,872 | ---- | M] (Oracle Corporation) -- C:\WINDOWS\System32\javacpl.cpl
[2013/01/15 10:31:47 | 000,780,192 | ---- | M] (Oracle Corporation) -- C:\WINDOWS\System32\deployJava1.dll
[2013/01/15 10:31:47 | 000,174,496 | ---- | M] (Oracle Corporation) -- C:\WINDOWS\System32\java.exe
[2013/01/15 09:52:54 | 000,000,951 | ---- | M] () -- C:\Documents and Settings\Bruce Moen\Start Menu\Programs\Startup\Logitech . Product Registration.lnk
[2013/01/15 09:50:21 | 000,016,400 | ---- | M] (Logitech, Inc.) -- C:\WINDOWS\System32\drivers\LNonPnP.sys
[2013/01/14 10:54:47 | 000,000,027 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts
[2013/01/14 10:38:00 | 000,554,087 | ---- | M] () -- C:\Documents and Settings\Bruce Moen\Desktop\adwcleaner.exe
[2013/01/14 10:36:36 | 000,881,914 | ---- | M] () -- C:\Documents and Settings\Bruce Moen\Desktop\SecurityCheck.exe
[2013/01/14 10:26:01 | 000,020,860 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2013/01/14 10:18:02 | 000,000,327 | RHS- | M] () -- C:\boot.ini
[2013/01/14 09:56:00 | 000,000,296 | ---- | M] () -- C:\WINDOWS\tasks\RealUpgradeScheduledTaskS-1-5-21-746137067-2049760794-839522115-1004.job
[2013/01/11 10:59:49 | 000,000,036 | ---- | M] () -- C:\Documents and Settings\Bruce Moen\Local Settings\Application Data\housecall.guid.cache
[2013/01/09 17:29:35 | 000,503,122 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2013/01/09 17:29:35 | 000,088,662 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2013/01/09 13:38:50 | 000,000,784 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes Anti-Malware.lnk
[2013/01/08 12:16:43 | 000,000,830 | ---- | M] () -- C:\Documents and Settings\Bruce Moen\Desktop\Install RGB Color Picker.lnk
[2013/01/08 11:17:47 | 000,000,028 | ---- | M] () -- C:\WINDOWS\popcinfo.dat
[2013/01/07 15:48:15 | 000,001,695 | ---- | M] () -- C:\Documents and Settings\Bruce Moen\Desktop\Ace Utilities.lnk
[2013/01/07 11:19:56 | 000,000,013 | ---- | M] () -- C:\WINDOWS\System32\WinSys32.crc
[2013/01/07 09:27:20 | 000,000,298 | ---- | M] () -- C:\WINDOWS\tasks\classicftpShakeIcon.job
[2013/01/03 11:04:25 | 000,000,101 | ---- | M] () -- C:\Documents and Settings\Bruce Moen\eLynxLab.ini
[2012/12/21 13:44:52 | 000,296,456 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2012/12/18 18:13:39 | 000,000,430 | ---- | M] () -- C:\Documents and Settings\Bruce Moen\Application Data\Multique.ini
[2 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[1 C:\Documents and Settings\All Users\Application Data\*.tmp files -> C:\Documents and Settings\All Users\Application Data\*.tmp -> ]

========== Files Created - No Company Name ==========

[2067/02/24 16:21:18 | 000,079,947 | ---- | C] () -- C:\WINDOWS\fw20.vxd
[2013/01/16 16:03:36 | 000,307,688 | ---- | C] () -- C:\Documents and Settings\Bruce Moen\Local Settings\Application Data\census.cache
[2013/01/16 16:03:27 | 000,300,806 | ---- | C] () -- C:\Documents and Settings\Bruce Moen\Local Settings\Application Data\ars.cache
[2013/01/16 12:03:36 | 000,000,512 | ---- | C] () -- C:\Documents and Settings\Bruce Moen\Desktop\MBR.zip
[2013/01/16 12:00:25 | 000,000,512 | ---- | C] () -- C:\Documents and Settings\Bruce Moen\Desktop\MBR.dat
[2013/01/16 09:50:37 | 000,000,917 | ---- | C] () -- C:\Documents and Settings\Bruce Moen\Desktop\Revo Uninstaller.lnk
[2013/01/16 06:42:00 | 000,001,854 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\SlimDrivers.lnk
[2013/01/16 05:34:07 | 000,001,646 | ---- | C] () -- C:\WINDOWS\System32\spupdsvc.inf
[2013/01/15 13:41:00 | 000,000,706 | ---- | C] () -- C:\Documents and Settings\Bruce Moen\Desktop\WhoCrashed.lnk
[2013/01/15 12:13:02 | 000,000,515 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Spectrum Lab.lnk
[2013/01/15 10:47:45 | 000,001,804 | ---- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Adobe Reader XI.lnk
[2013/01/15 10:47:45 | 000,001,734 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Adobe Reader XI.lnk
[2013/01/15 09:52:54 | 000,000,951 | ---- | C] () -- C:\Documents and Settings\Bruce Moen\Start Menu\Programs\Startup\Logitech . Product Registration.lnk
[2013/01/14 10:37:57 | 000,554,087 | ---- | C] () -- C:\Documents and Settings\Bruce Moen\Desktop\adwcleaner.exe
[2013/01/14 10:36:34 | 000,881,914 | ---- | C] () -- C:\Documents and Settings\Bruce Moen\Desktop\SecurityCheck.exe
[2013/01/14 10:18:02 | 000,000,211 | ---- | C] () -- C:\Boot.bak
[2013/01/14 10:17:58 | 000,260,272 | RHS- | C] () -- C:\cmldr
[2013/01/14 10:15:39 | 000,256,000 | ---- | C] () -- C:\WINDOWS\PEV.exe
[2013/01/14 10:15:39 | 000,208,896 | ---- | C] () -- C:\WINDOWS\MBR.exe
[2013/01/14 10:15:39 | 000,098,816 | ---- | C] () -- C:\WINDOWS\sed.exe
[2013/01/14 10:15:39 | 000,080,412 | ---- | C] () -- C:\WINDOWS\grep.exe
[2013/01/14 10:15:39 | 000,068,096 | ---- | C] () -- C:\WINDOWS\zip.exe
[2013/01/11 10:59:49 | 000,000,036 | ---- | C] () -- C:\Documents and Settings\Bruce Moen\Local Settings\Application Data\housecall.guid.cache
[2013/01/10 10:51:08 | 337,993,728 | ---- | C] () -- C:\WINDOWS\MEMORY.DMP
[2013/01/09 13:38:50 | 000,000,784 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes Anti-Malware.lnk
[2013/01/08 20:06:40 | 000,018,944 | ---- | C] () -- C:\WINDOWS\System32\dllcache\xrxscnui.dll
[2013/01/08 20:06:39 | 000,027,648 | ---- | C] () -- C:\WINDOWS\System32\dllcache\xrxftplt.exe
[2013/01/08 19:58:23 | 000,165,888 | ---- | C] () -- C:\WINDOWS\System32\dllcache\hpgt53.dll
[2013/01/08 19:58:22 | 000,093,696 | ---- | C] () -- C:\WINDOWS\System32\dllcache\hpgt42.dll
[2013/01/08 19:58:21 | 000,101,376 | ---- | C] () -- C:\WINDOWS\System32\dllcache\hpgt34.dll
[2013/01/08 19:58:21 | 000,089,088 | ---- | C] () -- C:\WINDOWS\System32\dllcache\hpgt33.dll
[2013/01/08 19:58:20 | 000,083,968 | ---- | C] () -- C:\WINDOWS\System32\dllcache\hpgt21.dll
[2013/01/08 19:56:40 | 000,037,962 | ---- | C] () -- C:\WINDOWS\System32\dllcache\divaprop.dll
[2013/01/08 19:56:40 | 000,029,768 | ---- | C] () -- C:\WINDOWS\System32\dllcache\divasu.dll
[2013/01/08 19:56:40 | 000,006,216 | ---- | C] () -- C:\WINDOWS\System32\dllcache\divaci.dll
[2013/01/08 19:54:27 | 000,023,552 | ---- | C] () -- C:\WINDOWS\System32\dllcache\atixbar.sys
[2013/01/08 19:54:26 | 000,026,624 | ---- | C] () -- C:\WINDOWS\System32\dllcache\ativxbar.sys
[2013/01/08 19:54:26 | 000,019,456 | ---- | C] () -- C:\WINDOWS\System32\dllcache\ativttxx.sys
[2013/01/08 19:54:25 | 000,017,152 | ---- | C] () -- C:\WINDOWS\System32\dllcache\atitvsnd.sys
[2013/01/08 19:54:25 | 000,009,472 | ---- | C] () -- C:\WINDOWS\System32\dllcache\ativmdcd.sys
[2013/01/08 19:54:24 | 000,017,152 | ---- | C] () -- C:\WINDOWS\System32\dllcache\atitunep.sys
[2013/01/08 19:54:23 | 000,049,920 | ---- | C] () -- C:\WINDOWS\System32\dllcache\atirtcap.sys
[2013/01/08 19:54:23 | 000,026,880 | ---- | C] () -- C:\WINDOWS\System32\dllcache\atirtsnd.sys
[2013/01/08 19:54:21 | 000,010,240 | ---- | C] () -- C:\WINDOWS\System32\dllcache\atipcxxx.sys
[2013/01/08 19:54:11 | 000,046,464 | ---- | C] () -- C:\WINDOWS\System32\dllcache\atibt829.sys
[2013/01/08 12:16:43 | 000,000,830 | ---- | C] () -- C:\Documents and Settings\Bruce Moen\Desktop\Install RGB Color Picker.lnk
[2013/01/07 09:27:19 | 000,000,298 | ---- | C] () -- C:\WINDOWS\tasks\classicftpShakeIcon.job
[2013/01/03 11:04:25 | 000,000,101 | ---- | C] () -- C:\Documents and Settings\Bruce Moen\eLynxLab.ini
[2012/12/05 17:36:29 | 000,027,392 | ---- | C] () -- C:\Documents and Settings\Bruce Moen\logo.png
[2012/12/05 15:46:27 | 000,000,218 | ---- | C] () -- C:\Documents and Settings\Bruce Moen\.recently-used.xbel
[2012/10/04 11:47:18 | 000,000,664 | ---- | C] () -- C:\WINDOWS\System32\d3d9caps.dat
[2012/10/04 11:33:54 | 002,811,988 | ---- | C] () -- C:\WINDOWS\System32\nvdata.data
[2012/10/04 11:03:03 | 000,013,024 | ---- | C] () -- C:\WINDOWS\System32\drivers\SWDUMon.sys
[2012/07/07 11:21:06 | 000,000,057 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\Ament.ini
[2012/07/03 12:56:08 | 000,000,890 | ---- | C] () -- C:\WINDOWS\System32\WLAN.INI
[2012/02/08 14:57:21 | 000,001,933 | ---- | C] () -- C:\WINDOWS\iris.ini
[2012/01/02 10:36:27 | 000,000,040 | ---- | C] () -- C:\Documents and Settings\Bruce Moen\Application Data\cdr.ini
[2010/12/10 13:25:11 | 000,000,652 | ---- | C] () -- C:\Documents and Settings\Bruce Moen\.ufrawrc
[2010/06/27 15:00:13 | 000,059,904 | ---- | C] () -- C:\Documents and Settings\Bruce Moen\zlib1.dll
[2010/06/27 15:00:12 | 000,080,898 | ---- | C] () -- C:\Documents and Settings\Bruce Moen\zlib123-dll.zip
[2010/06/27 15:00:11 | 001,366,587 | ---- | C] () -- C:\Documents and Settings\Bruce Moen\FreeImage3100Win32.zip
[2010/06/27 15:00:11 | 000,744,984 | ---- | C] () -- C:\Documents and Settings\Bruce Moen\dfcFunctionDLL.zip
[2010/06/27 15:00:07 | 000,314,342 | ---- | C] () -- C:\Documents and Settings\Bruce Moen\GettingStarted.pdf
[2010/06/27 15:00:07 | 000,260,942 | ---- | C] () -- C:\Documents and Settings\Bruce Moen\LicenceAgreement.pdf
[2010/06/27 15:00:07 | 000,238,466 | ---- | C] () -- C:\Documents and Settings\Bruce Moen\GettingStarted_SiteLicence.pdf
[2010/06/27 15:00:06 | 006,123,638 | ---- | C] () -- C:\Documents and Settings\Bruce Moen\DigiFlow.pdf
[2010/06/27 15:00:06 | 000,058,628 | ---- | C] () -- C:\Documents and Settings\Bruce Moen\FreeImage.lib
[2010/06/27 15:00:06 | 000,014,074 | ---- | C] () -- C:\Documents and Settings\Bruce Moen\libz.lib
[2010/06/27 15:00:06 | 000,001,605 | ---- | C] () -- C:\Documents and Settings\Bruce Moen\DigiFlow Manual (pdf).lnk
[2010/06/27 15:00:06 | 000,001,605 | ---- | C] () -- C:\Documents and Settings\Bruce Moen\DigiFlow Manual (html).lnk
[2010/06/27 15:00:06 | 000,000,771 | ---- | C] () -- C:\Documents and Settings\Bruce Moen\DigiFlow.lnk
[2010/06/27 15:00:06 | 000,000,164 | ---- | C] () -- C:\Documents and Settings\Bruce Moen\EPS.lnk
[2010/06/27 15:00:06 | 000,000,041 | ---- | C] () -- C:\Documents and Settings\Bruce Moen\DigiFlow_20100113.pak
[2010/06/27 15:00:05 | 003,041,692 | ---- | C] () -- C:\Documents and Settings\Bruce Moen\digiflow.htm
[2010/06/27 15:00:05 | 000,759,734 | ---- | C] () -- C:\Documents and Settings\Bruce Moen\DigiFlow_dfcCommands.dfc
[2010/06/27 15:00:05 | 000,124,922 | ---- | C] () -- C:\Documents and Settings\Bruce Moen\DigiFlow_Recipes.dfc
[2010/06/27 15:00:05 | 000,093,698 | ---- | C] () -- C:\Documents and Settings\Bruce Moen\DigiFlow_Changes.dfr
[2010/06/27 15:00:05 | 000,065,489 | ---- | C] () -- C:\Documents and Settings\Bruce Moen\DigiFlow_Cameras.dfc
[2010/06/27 15:00:05 | 000,054,222 | ---- | C] () -- C:\Documents and Settings\Bruce Moen\DigiFlow_General.dfr
[2010/06/27 15:00:05 | 000,035,705 | ---- | C] () -- C:\Documents and Settings\Bruce Moen\DigiFlow_Configuration.dfc
[2010/06/27 15:00:05 | 000,027,233 | ---- | C] () -- C:\Documents and Settings\Bruce Moen\DigiFlow_Utilities.dfc
[2010/06/27 15:00:05 | 000,020,368 | ---- | C] () -- C:\Documents and Settings\Bruce Moen\DigiFlow_Latex.dfc
[2010/06/27 15:00:05 | 000,018,862 | ---- | C] () -- C:\Documents and Settings\Bruce Moen\DigiFlow_SlaveProcess.dfc
[2010/06/27 15:00:05 | 000,008,363 | ---- | C] () -- C:\Documents and Settings\Bruce Moen\DigiFlow_Update.dfc
[2010/06/27 15:00:05 | 000,008,161 | ---- | C] () -- C:\Documents and Settings\Bruce Moen\DigiFlow_SimplePlot.dfc
[2010/06/27 15:00:05 | 000,007,286 | ---- | C] () -- C:\Documents and Settings\Bruce Moen\DigiFlow_Setup.dfc
[2010/06/27 15:00:05 | 000,006,913 | ---- | C] () -- C:\Documents and Settings\Bruce Moen\DigiFlow_WorkstationInstall.dfc
[2010/06/27 15:00:05 | 000,006,197 | ---- | C] () -- C:\Documents and Settings\Bruce Moen\PhotosToWeb.dfc
[2010/06/27 15:00:05 | 000,005,817 | ---- | C] () -- C:\Documents and Settings\Bruce Moen\DigiFlow_Constants.dfc
[2010/06/27 15:00:05 | 000,005,739 | ---- | C] () -- C:\Documents and Settings\Bruce Moen\DigiFlow_GlobalData.dfc
[2010/06/27 15:00:05 | 000,005,488 | ---- | C] () -- C:\Documents and Settings\Bruce Moen\StreamFunctionVorticity.dfc
[2010/06/27 15:00:05 | 000,004,304 | ---- | C] () -- C:\Documents and Settings\Bruce Moen\DigiFlow_CheckLicence.dfc
[2010/06/27 15:00:05 | 000,003,277 | ---- | C] () -- C:\Documents and Settings\Bruce Moen\ServerInstall.bat
[2010/06/27 15:00:05 | 000,002,696 | ---- | C] () -- C:\Documents and Settings\Bruce Moen\DigiFlow_Phrases.dfr
[2010/06/27 15:00:05 | 000,002,368 | ---- | C] () -- C:\Documents and Settings\Bruce Moen\DigiFlow_dfcInstall.dfc
[2010/06/27 15:00:05 | 000,002,066 | ---- | C] () -- C:\Documents and Settings\Bruce Moen\DigiFlow_Plotting.dfc
[2010/06/27 15:00:05 | 000,001,938 | ---- | C] () -- C:\Documents and Settings\Bruce Moen\DigiFlow_Registry.dfc
[2010/06/27 15:00:05 | 000,001,562 | ---- | C] () -- C:\Documents and Settings\Bruce Moen\WorkstationSetup.bat
[2010/06/27 15:00:05 | 000,001,347 | ---- | C] () -- C:\Documents and Settings\Bruce Moen\MouseClickToFile.dfc
[2010/06/27 15:00:05 | 000,001,126 | ---- | C] () -- C:\Documents and Settings\Bruce Moen\setup.bat
[2010/06/27 15:00:05 | 000,000,980 | ---- | C] () -- C:\Documents and Settings\Bruce Moen\SelectGain.dfc
[2010/06/27 15:00:05 | 000,000,520 | ---- | C] () -- C:\Documents and Settings\Bruce Moen\DigiFlow_SetAssociations.bat
[2010/06/27 15:00:05 | 000,000,439 | ---- | C] () -- C:\Documents and Settings\Bruce Moen\DigiFlow_SSDensityFromGradient.dfc
[2010/06/27 15:00:05 | 000,000,304 | ---- | C] () -- C:\Documents and Settings\Bruce Moen\SetVDSGain.dfc
[2010/06/27 15:00:05 | 000,000,236 | ---- | C] () -- C:\Documents and Settings\Bruce Moen\InstallDigiFlow.bat
[2010/06/27 15:00:05 | 000,000,136 | ---- | C] () -- C:\Documents and Settings\Bruce Moen\DigiFlow_7Z_Install.dfr
[2010/06/27 15:00:05 | 000,000,028 | ---- | C] () -- C:\Documents and Settings\Bruce Moen\DigiFlowUpdate.flg
[2010/06/27 15:00:04 | 000,000,000 | ---- | C] () -- C:\Documents and Settings\Bruce Moen\DigiFlow_Dialogs.dfc
[2010/01/05 06:53:20 | 000,000,013 | -H-- | C] () -- C:\Documents and Settings\All Users\Application Data\˜113.›sys
[2009/02/01 12:50:41 | 000,925,232 | ---- | C] () -- C:\Documents and Settings\Bruce Moen\Mighty-1.svg
[2008/11/10 23:04:22 | 000,001,403 | ---- | C] () -- C:\Documents and Settings\Bruce Moen\Application Data\MQPreset.ini
[2008/11/10 23:04:22 | 000,000,430 | ---- | C] () -- C:\Documents and Settings\Bruce Moen\Application Data\Multique.ini
[2008/09/24 05:24:50 | 000,000,046 | ---- | C] () -- C:\Documents and Settings\Bruce Moen\Local Settings\Application Data\DonationCoder_urlsnooper_InstallInfo.dat
[2007/11/19 10:55:23 | 000,000,032 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\ezsid.dat
[2007/07/21 10:24:50 | 000,000,013 | -H-- | C] () -- C:\Documents and Settings\All Users\Application Data\ØÒÝÃÄ3113›.sys
[2007/07/05 18:10:34 | 000,000,022 | ---- | C] () -- C:\Documents and Settings\Bruce Moen\Local Settings\Application Data\kodakpcd.ini
[2007/01/04 14:42:14 | 000,000,043 | -HS- | C] () -- C:\Documents and Settings\All Users\Application Data\.zreglib
[2006/08/09 09:21:56 | 000,003,394 | ---- | C] () -- C:\Documents and Settings\Bruce Moen\Application Data\SAS7_000.DAT
[2006/02/09 11:02:45 | 000,000,013 | -H-- | C] () -- C:\Documents and Settings\All Users\Application Data\jgalt.ayn
[2006/01/17 13:58:35 | 000,000,137 | ---- | C] () -- C:\Documents and Settings\NetworkService\Local Settings\Application Data\fusioncache.dat
[2005/04/29 19:01:12 | 000,000,133 | ---- | C] () -- C:\Documents and Settings\Bruce Moen\Local Settings\Application Data\fusioncache.dat
[2005/01/06 14:29:42 | 000,000,002 | ---- | C] () -- C:\Program Files\audiorightschedule
[2004/08/24 02:24:49 | 000,196,096 | ---- | C] () -- C:\Documents and Settings\Bruce Moen\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini

========== ZeroAccess Check ==========

[2005/04/29 18:55:24 | 000,000,227 | RHS- | M] () -- C:\WINDOWS\assembly\Desktop.ini

[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]

[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shdocvw.dll -- [2008/04/13 19:12:05 | 001,499,136 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2009/02/09 07:10:48 | 000,473,600 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]
"" = %systemroot%\system32\wbem\wbemess.dll -- [2008/04/13 19:12:08 | 000,273,920 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both

========== LOP Check ==========

[2012/01/26 11:56:10 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\AVAST Software
[2012/06/06 14:36:50 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Cisco Systems
[2008/02/13 12:05:59 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Citrix
[2010/12/02 14:13:11 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\createonepart
[2008/09/24 05:50:49 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\DonationCoder
[2007/11/29 10:53:22 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Downloaded Installations
[2010/09/13 12:21:27 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Driver Boost
[2009/08/23 04:50:37 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\DriverCure
[2008/03/27 09:46:28 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Elaborate Bytes
[2010/12/02 14:12:24 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\explauncher
[2010/06/26 10:51:57 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Farstone
[2007/11/29 10:56:50 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Fellowes
[2010/06/26 10:51:40 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\fscltdcn
[2009/05/22 18:25:47 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\GoldWave
[2008/10/03 15:04:47 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\GoldWaveCDDB
[2010/12/02 14:12:05 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\launcher
[2010/09/13 15:30:37 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Maxtor
[2006/08/03 12:00:34 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\MCA63.tmp
[2005/01/07 23:16:02 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\MimarSinan
[2004/08/18 09:49:12 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\MSN Messenger 6.1.0155
[2008/06/20 15:55:28 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\National Instruments
[2010/01/28 14:27:19 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\NCH Swift Sound
[2012/08/05 01:45:25 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Nuance
[2010/08/11 09:02:57 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Paragon
[2009/08/22 14:25:04 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\PoldParetoLogic
[2010/12/02 14:14:01 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\redistpart
[2007/09/06 12:41:21 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\RetroExp
[2004/08/18 14:43:56 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\SBT
[2004/12/06 14:00:28 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\ScanSoft
[2010/09/21 10:19:03 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Seagate
[2012/11/09 14:44:20 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\SlySoft
[2007/10/24 19:50:24 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\SSScanAppDataDir
[2007/10/24 19:50:25 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\SSScanWizard
[2013/01/16 06:48:01 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\TEMP
[2007/12/28 07:20:49 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Transparent
[2013/01/16 06:06:04 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\UAB
[2010/12/06 11:29:49 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Voxenable
[2009/11/25 12:24:38 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\WholeSecurity
[2010/09/21 14:39:53 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Bruce Moen\Application Data\acccore
[2004/09/22 03:40:52 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Bruce Moen\Application Data\Acoustica
[2005/10/18 12:54:12 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Bruce Moen\Application Data\AI Internet Solutions
[2012/06/18 10:48:23 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Bruce Moen\Application Data\Canon
[2013/01/07 09:28:49 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Bruce Moen\Application Data\CoffeeCup Software
[2013/01/08 12:35:37 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Bruce Moen\Application Data\ColorCop
[2005/10/05 12:09:09 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Bruce Moen\Application Data\COWON
[2007/07/11 08:18:40 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Bruce Moen\Application Data\DeepBurner
[2008/09/24 05:51:58 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Bruce Moen\Application Data\DonationCoder
[2009/08/22 14:26:41 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Bruce Moen\Application Data\DriverCure
[2012/12/06 11:08:29 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Bruce Moen\Application Data\Easy2Convert
[2008/12/16 11:37:27 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Bruce Moen\Application Data\EasyDeskTicker
[2012/02/20 10:08:40 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Bruce Moen\Application Data\ElevatedDiagnostics
[2008/07/27 08:00:49 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Bruce Moen\Application Data\FileZilla
[2012/02/10 10:57:16 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Bruce Moen\Application Data\Filter Forge 3
[2012/08/05 01:34:38 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Bruce Moen\Application Data\GetRightToGo
[2012/01/02 10:16:54 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Bruce Moen\Application Data\GoldWaveCDDB
[2012/06/18 13:34:41 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Bruce Moen\Application Data\gtk-2.0
[2008/11/09 10:43:13 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Bruce Moen\Application Data\Inkscape
[2004/08/23 14:53:25 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Bruce Moen\Application Data\Leadertech
[2010/01/14 10:44:26 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Bruce Moen\Application Data\Likno
[2008/12/17 10:30:54 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Bruce Moen\Application Data\MechCAD
[2008/03/19 13:11:47 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Bruce Moen\Application Data\Movies Extractor Scout
[2004/08/19 13:29:53 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Bruce Moen\Application Data\MSNInstaller
[2009/03/30 16:16:57 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Bruce Moen\Application Data\NewSoft
[2012/08/05 01:52:44 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Bruce Moen\Application Data\Nuance
[2007/10/23 09:22:31 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Bruce Moen\Application Data\ScanSoft
[2009/08/04 10:33:24 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Bruce Moen\Application Data\Skinux
[2007/03/25 12:02:36 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Bruce Moen\Application Data\SlySoft
[2007/06/26 14:39:35 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Bruce Moen\Application Data\Snapfish
[2010/07/16 12:29:03 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Bruce Moen\Application Data\TeamViewer
[2012/02/09 11:26:17 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Bruce Moen\Application Data\ThePluginSite
[2012/09/07 16:32:32 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Bruce Moen\Application Data\Ulead Systems
[2008/11/11 13:53:27 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Bruce Moen\Application Data\Video Converter for Any Flv Player
[2010/10/14 23:33:18 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Bruce Moen\Application Data\XLink Kai
[2010/11/15 13:46:38 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Bruce Moen\Application Data\YouSendIt
[2004/08/27 14:06:18 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Bruce Moen\Application Data\ZipBackupToCD

========== Purity Check ==========



========== Custom Scans ==========

< %SYSTEMDRIVE%\*.exe >

< %systemroot%\system32\drivers\*.sys /90 >
[2012/10/30 18:51:56 | 000,025,256 | ---- | M] (AVAST Software) -- C:\WINDOWS\system32\drivers\aavmker4.sys
[2012/10/30 18:51:56 | 000,021,256 | ---- | M] (AVAST Software) -- C:\WINDOWS\system32\drivers\aswFsBlk.sys
[2012/10/30 18:51:57 | 000,089,752 | ---- | M] (AVAST Software) -- C:\WINDOWS\system32\drivers\aswmon.sys
[2012/10/30 18:51:57 | 000,097,608 | ---- | M] (AVAST Software) -- C:\WINDOWS\system32\drivers\aswmon2.sys
[2012/10/30 18:51:58 | 000,035,928 | ---- | M] (AVAST Software) -- C:\WINDOWS\system32\drivers\aswRdr.sys
[2012/10/30 18:51:58 | 000,738,504 | ---- | M] (AVAST Software) -- C:\WINDOWS\system32\drivers\aswSnx.sys
[2012/10/30 18:51:58 | 000,361,032 | ---- | M] (AVAST Software) -- C:\WINDOWS\system32\drivers\aswSP.sys
[2012/10/30 18:51:58 | 000,054,232 | ---- | M] (AVAST Software) -- C:\WINDOWS\system32\drivers\aswTdi.sys
[2013/01/15 09:50:21 | 000,016,400 | ---- | M] (Logitech, Inc.) -- C:\WINDOWS\system32\drivers\LNonPnP.sys
[2012/12/14 16:49:28 | 000,021,104 | ---- | M] (Malwarebytes Corporation) -- C:\WINDOWS\system32\drivers\mbam.sys
[2013/01/16 07:11:33 | 000,013,024 | ---- | M] () -- C:\WINDOWS\system32\drivers\SWDUMon.sys

< %systemroot%\*. /mp /s >

< c:\$recycle.bin\*.* /s >
[2004/08/18 09:08:57 | 000,000,065 | RH-- | C] () -- C:\WINDOWS\Tasks\desktop.ini
[2004/08/18 09:11:12 | 000,000,006 | -H-- | C] () -- C:\WINDOWS\Tasks\SA.DAT
[2009/06/30 05:16:50 | 000,000,946 | ---- | C] () -- C:\WINDOWS\Tasks\GoogleUpdateTaskUserS-1-5-21-746137067-2049760794-839522115-1004Core.job
[2009/06/30 05:16:50 | 000,000,998 | ---- | C] () -- C:\WINDOWS\Tasks\GoogleUpdateTaskUserS-1-5-21-746137067-2049760794-839522115-1004UA.job
[2009/06/30 20:26:47 | 000,000,882 | ---- | C] () -- C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job
[2009/06/30 20:26:47 | 000,000,886 | ---- | C] () -- C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job
[2010/12/06 09:56:10 | 000,000,288 | ---- | C] () -- C:\WINDOWS\Tasks\RealUpgradeLogonTaskS-1-5-21-746137067-2049760794-839522115-1004.job
[2010/12/06 09:56:10 | 000,000,296 | ---- | C] () -- C:\WINDOWS\Tasks\RealUpgradeScheduledTaskS-1-5-21-746137067-2049760794-839522115-1004.job
[2012/05/11 14:33:57 | 000,000,830 | ---- | C] () -- C:\WINDOWS\Tasks\Adobe Flash Player Updater.job
[2012/07/05 14:42:56 | 000,000,364 | -H-- | C] () -- C:\WINDOWS\Tasks\avast! Emergency Update.job
[2012/07/07 11:23:40 | 000,000,452 | ---- | C] () -- C:\WINDOWS\Tasks\At1.job
[2012/07/07 11:23:40 | 000,000,452 | ---- | C] () -- C:\WINDOWS\Tasks\At2.job
[2012/07/07 11:23:40 | 000,000,452 | ---- | C] () -- C:\WINDOWS\Tasks\At3.job
[2012/07/07 11:23:40 | 000,000,452 | ---- | C] () -- C:\WINDOWS\Tasks\At4.job
[2013/01/07 09:27:19 | 000,000,298 | ---- | C] () -- C:\WINDOWS\Tasks\classicftpShakeIcon.job

< HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install|LastSuccessTime /rs >
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install\\LastSuccessTime: 2013-01-16 19:36:58

< MD5 for: AGP440.SYS >
[2007/10/12 16:55:55 | 022,245,337 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp2.cab:AGP440.sys
[2008/05/30 09:42:25 | 023,852,652 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp3.cab:AGP440.sys
[2007/10/12 16:55:55 | 022,245,337 | ---- | M] () .cab file -- C:\WINDOWS\ServicePackFiles\i386\sp2.cab:AGP440.sys
[2008/05/30 09:42:25 | 023,852,652 | ---- | M] () .cab file -- C:\WINDOWS\ServicePackFiles\i386\sp3.cab:AGP440.sys
[2008/04/13 13:36:38 | 000,042,368 | ---- | M] (Microsoft Corporation) MD5=08FD04AA961BDC77FB983F328334E3D7 -- C:\WINDOWS\erdnt\cache\agp440.sys
[2008/04/13 13:36:38 | 000,042,368 | ---- | M] (Microsoft Corporation) MD5=08FD04AA961BDC77FB983F328334E3D7 -- C:\WINDOWS\ServicePackFiles\i386\agp440.sys
[2008/04/13 13:36:38 | 000,042,368 | ---- | M] (Microsoft Corporation) MD5=08FD04AA961BDC77FB983F328334E3D7 -- C:\WINDOWS\system32\dllcache\agp440.sys
[2008/04/13 13:36:38 | 000,042,368 | ---- | M] (Microsoft Corporation) MD5=08FD04AA961BDC77FB983F328334E3D7 -- C:\WINDOWS\system32\drivers\agp440.sys
[2004/08/04 01:07:41 | 000,042,368 | ---- | M] (Microsoft Corporation) MD5=2C428FA0C3E3A01ED93C9B2A27D8D4BB -- C:\WINDOWS\$NtServicePackUninstall$\agp440.sys

< MD5 for: ATAPI.SYS >
[2003/03/31 07:00:00 | 010,158,890 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp1.cab:atapi.sys
[2007/10/12 16:55:55 | 022,245,337 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp2.cab:atapi.sys
[2008/05/30 09:42:25 | 023,852,652 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp3.cab:atapi.sys
[2007/10/12 16:55:55 | 022,245,337 | ---- | M] () .cab file -- C:\WINDOWS\ServicePackFiles\i386\sp2.cab:atapi.sys
[2008/05/30 09:42:25 | 023,852,652 | ---- | M] () .cab file -- C:\WINDOWS\ServicePackFiles\i386\sp3.cab:atapi.sys
[2008/04/13 13:40:30 | 000,096,512 | ---- | M] (Microsoft Corporation) MD5=9F3A2F5AA6875C72BF062C712CFA2674 -- C:\WINDOWS\erdnt\cache\atapi.sys
[2008/04/13 13:40:30 | 000,096,512 | ---- | M] (Microsoft Corporation) MD5=9F3A2F5AA6875C72BF062C712CFA2674 -- C:\WINDOWS\ServicePackFiles\i386\atapi.sys
[2008/04/13 13:40:30 | 000,096,512 | ---- | M] (Microsoft Corporation) MD5=9F3A2F5AA6875C72BF062C712CFA2674 -- C:\WINDOWS\system32\dllcache\atapi.sys
[2008/04/13 13:40:30 | 000,096,512 | ---- | M] (Microsoft Corporation) MD5=9F3A2F5AA6875C72BF062C712CFA2674 -- C:\WINDOWS\system32\drivers\atapi.sys
[2004/08/04 00:59:42 | 000,095,360 | ---- | M] (Microsoft Corporation) MD5=CDFE4411A69C224BD1D11B2DA92DAC51 -- C:\WINDOWS\$NtServicePackUninstall$\atapi.sys

< MD5 for: AUTOCHK.EXE >
[2008/04/13 19:12:12 | 000,588,800 | ---- | M] (Microsoft Corporation) MD5=23043C91A0F9DFB4B9E9F87B680863B4 -- C:\cmdcons\autochk.exe
[2008/04/13 19:12:12 | 000,588,800 | ---- | M] (Microsoft Corporation) MD5=23043C91A0F9DFB4B9E9F87B680863B4 -- C:\WINDOWS\ServicePackFiles\i386\autochk.exe
[2008/04/13 19:12:12 | 000,588,800 | ---- | M] (Microsoft Corporation) MD5=23043C91A0F9DFB4B9E9F87B680863B4 -- C:\WINDOWS\system32\autochk.exe
[2008/04/13 19:12:12 | 000,588,800 | ---- | M] (Microsoft Corporation) MD5=23043C91A0F9DFB4B9E9F87B680863B4 -- C:\WINDOWS\system32\dllcache\autochk.exe
[2004/08/04 02:56:47 | 000,588,800 | ---- | M] (Microsoft Corporation) MD5=B3415B9D6026F65E43089ABED096C38C -- C:\WINDOWS\$NtServicePackUninstall$\autochk.exe

< MD5 for: BEEP.SYS >
[2003/03/31 07:00:00 | 000,004,224 | ---- | M] (Microsoft Corporation) MD5=DA1F27D85E0D1525F6621372E7B685E9 -- C:\WINDOWS\erdnt\cache\beep.sys
[2003/03/31 07:00:00 | 000,004,224 | ---- | M] (Microsoft Corporation) MD5=DA1F27D85E0D1525F6621372E7B685E9 -- C:\WINDOWS\system32\dllcache\beep.sys
[2003/03/31 07:00:00 | 000,004,224 | ---- | M] (Microsoft Corporation) MD5=DA1F27D85E0D1525F6621372E7B685E9 -- C:\WINDOWS\system32\drivers\beep.sys

< MD5 for: EVENTLOG.DLL >
[2008/04/13 19:11:53 | 000,056,320 | ---- | M] (Microsoft Corporation) MD5=6D4FEB43EE538FC5428CC7F0565AA656 -- C:\WINDOWS\erdnt\cache\eventlog.dll
[2008/04/13 19:11:53 | 000,056,320 | ---- | M] (Microsoft Corporation) MD5=6D4FEB43EE538FC5428CC7F0565AA656 -- C:\WINDOWS\ServicePackFiles\i386\eventlog.dll
[2008/04/13 19:11:53 | 000,056,320 | ---- | M] (Microsoft Corporation) MD5=6D4FEB43EE538FC5428CC7F0565AA656 -- C:\WINDOWS\system32\dllcache\eventlog.dll
[2008/04/13 19:11:53 | 000,056,320 | ---- | M] (Microsoft Corporation) MD5=6D4FEB43EE538FC5428CC7F0565AA656 -- C:\WINDOWS\system32\eventlog.dll
[2004/08/04 02:56:42 | 000,055,808 | ---- | M] (Microsoft Corporation) MD5=82B24CB70E5944E6E34662205A2A5B78 -- C:\WINDOWS\$NtServicePackUninstall$\eventlog.dll

< MD5 for: EXPLORER.EXE >
[2008/04/13 19:12:19 | 001,033,728 | ---- | M] (Microsoft Corporation) MD5=12896823FB95BFB3DC9B46BCAEDC9923 -- C:\WINDOWS\erdnt\cache\explorer.exe
[2008/04/13 19:12:19 | 001,033,728 | ---- | M] (Microsoft Corporation) MD5=12896823FB95BFB3DC9B46BCAEDC9923 -- C:\WINDOWS\explorer.exe
[2008/04/13 19:12:19 | 001,033,728 | ---- | M] (Microsoft Corporation) MD5=12896823FB95BFB3DC9B46BCAEDC9923 -- C:\WINDOWS\ServicePackFiles\i386\explorer.exe
[2008/04/13 19:12:19 | 001,033,728 | ---- | M] (Microsoft Corporation) MD5=12896823FB95BFB3DC9B46BCAEDC9923 -- C:\WINDOWS\system32\dllcache\explorer.exe
[2007/06/13 06:26:03 | 001,033,216 | ---- | M] (Microsoft Corporation) MD5=7712DF0CDDE3A5AC89843E61CD5B3658 -- C:\WINDOWS\$hf_mig$\KB938828\SP2QFE\explorer.exe
[2007/06/13 05:23:07 | 001,033,216 | ---- | M] (Microsoft Corporation) MD5=97BD6515465659FF8F3B7BE375B2EA87 -- C:\WINDOWS\$NtServicePackUninstall$\explorer.exe

< MD5 for: KERNEL32.DLL >
[2007/04/16 11:07:27 | 000,986,112 | ---- | M] (Microsoft Corporation) MD5=09F7CB3687F86EDAA4CA081F7AB66C03 -- C:\WINDOWS\$hf_mig$\KB935839\SP2QFE\kernel32.dll
[2006/07/05 05:57:10 | 000,985,088 | ---- | M] (Microsoft Corporation) MD5=0FDD84928A5DDE2510761B7EC76CCEC9 -- C:\WINDOWS\$hf_mig$\KB917422\SP2QFE\kernel32.dll
[2012/10/02 23:57:29 | 000,991,744 | ---- | M] (Microsoft Corporation) MD5=6CBFEEB384F04681AF75F495AA48DD32 -- C:\WINDOWS\$hf_mig$\KB2758857\SP3QFE\kernel32.dll
[2012/10/02 23:58:13 | 000,990,208 | ---- | M] (Microsoft Corporation) MD5=6FE42512AB1B89F32A7407F261B1D2D0 -- C:\WINDOWS\erdnt\cache\kernel32.dll
[2012/10/02 23:58:13 | 000,990,208 | ---- | M] (Microsoft Corporation) MD5=6FE42512AB1B89F32A7407F261B1D2D0 -- C:\WINDOWS\system32\dllcache\kernel32.dll
[2012/10/02 23:58:13 | 000,990,208 | ---- | M] (Microsoft Corporation) MD5=6FE42512AB1B89F32A7407F261B1D2D0 -- C:\WINDOWS\system32\kernel32.dll
[2004/08/04 02:56:42 | 000,983,552 | ---- | M] (Microsoft Corporation) MD5=888190E31455FAD793312F8D087146EB -- C:\WINDOWS\$NtUninstallKB917422$\kernel32.dll
[2007/04/16 10:52:53 | 000,984,576 | ---- | M] (Microsoft Corporation) MD5=A01F9CA902A88F7CED06884174D6419D -- C:\WINDOWS\$NtServicePackUninstall$\kernel32.dll
[2009/03/21 09:06:58 | 000,989,696 | ---- | M] (Microsoft Corporation) MD5=B921FB870C9AC0D509B2CCABBBBE95F3 -- C:\WINDOWS\$NtUninstallKB2758857$\kernel32.dll
[2008/04/13 19:11:56 | 000,989,696 | ---- | M] (Microsoft Corporation) MD5=C24B983D211C34DA8FCC1AC38477971D -- C:\WINDOWS\$NtUninstallKB959426$\kernel32.dll
[2008/04/13 19:11:56 | 000,989,696 | ---- | M] (Microsoft Corporation) MD5=C24B983D211C34DA8FCC1AC38477971D -- C:\WINDOWS\ServicePackFiles\i386\kernel32.dll
[2006/07/05 05:55:01 | 000,984,064 | ---- | M] (Microsoft Corporation) MD5=D8DB5397DE07577C1CB50BA6D23B3AD4 -- C:\WINDOWS\$hf_mig$\KB917422\SP2GDR\kernel32.dll
[2009/03/21 08:59:23 | 000,991,744 | ---- | M] (Microsoft Corporation) MD5=DA11D9D6ECBDF0F93436A4B7C13F7BEC -- C:\WINDOWS\$hf_mig$\KB959426\SP3QFE\kernel32.dll

< MD5 for: MSWSOCK.DLL >
[2004/08/04 02:56:44 | 000,245,248 | ---- | M] (Microsoft Corporation) MD5=4E74AF063C3271FBEA20DD940CFD1184 -- C:\WINDOWS\$NtServicePackUninstall$\mswsock.dll
[2008/06/20 12:46:57 | 000,245,248 | ---- | M] (Microsoft Corporation) MD5=832E4DD8964AB7ACC880B2837CB1ED20 -- C:\WINDOWS\$NtUninstallKB2509553$\mswsock.dll
[2008/06/20 11:02:47 | 000,245,248 | ---- | M] (Microsoft Corporation) MD5=943337D786A56729263071623BBB9DE5 -- C:\WINDOWS\erdnt\cache\mswsock.dll
[2008/06/20 11:02:47 | 000,245,248 | ---- | M] (Microsoft Corporation) MD5=943337D786A56729263071623BBB9DE5 -- C:\WINDOWS\system32\dllcache\mswsock.dll
[2008/06/20 11:02:47 | 000,245,248 | ---- | M] (Microsoft Corporation) MD5=943337D786A56729263071623BBB9DE5 -- C:\WINDOWS\system32\mswsock.dll
[2008/04/13 19:12:01 | 000,245,248 | ---- | M] (Microsoft Corporation) MD5=B4138E99236F0F57D4CF49BAE98A0746 -- C:\WINDOWS\$NtUninstallKB951748$\mswsock.dll
[2008/04/13 19:12:01 | 000,245,248 | ---- | M] (Microsoft Corporation) MD5=B4138E99236F0F57D4CF49BAE98A0746 -- C:\WINDOWS\ServicePackFiles\i386\mswsock.dll
[2008/06/20 12:43:05 | 000,245,248 | ---- | M] (Microsoft Corporation) MD5=FCEE5FCB99F7C724593365C706D28388 -- C:\WINDOWS\$hf_mig$\KB2509553\SP3QFE\mswsock.dll
[2008/06/20 12:43:05 | 000,245,248 | ---- | M] (Microsoft Corporation) MD5=FCEE5FCB99F7C724593365C706D28388 -- C:\WINDOWS\$hf_mig$\KB951748\SP3QFE\mswsock.dll

< MD5 for: NDIS.SYS >
[2008/04/13 14:20:37 | 000,182,656 | ---- | M] (Microsoft Corporation) MD5=1DF7F42665C94B825322FAE71721130D -- C:\WINDOWS\erdnt\cache\ndis.sys
[2008/04/13 14:20:37 | 000,182,656 | ---- | M] (Microsoft Corporation) MD5=1DF7F42665C94B825322FAE71721130D -- C:\WINDOWS\ServicePackFiles\i386\ndis.sys
[2008/04/13 14:20:37 | 000,182,656 | ---- | M] (Microsoft Corporation) MD5=1DF7F42665C94B825322FAE71721130D -- C:\WINDOWS\system32\dllcache\ndis.sys
[2008/04/13 14:20:37 | 000,182,656 | ---- | M] (Microsoft Corporation) MD5=1DF7F42665C94B825322FAE71721130D -- C:\WINDOWS\system32\drivers\ndis.sys
[2004/08/04 01:14:28 | 000,182,912 | ---- | M] (Microsoft Corporation) MD5=558635D3AF1C7546D26067D5D9B6959E -- C:\WINDOWS\$NtServicePackUninstall$\ndis.sys

< MD5 for: NETLOGON.DLL >
[2008/04/13 19:12:01 | 000,407,040 | ---- | M] (Microsoft Corporation) MD5=1B7F071C51B77C272875C3A23E1E4550 -- C:\WINDOWS\erdnt\cache\netlogon.dll
[2008/04/13 19:12:01 | 000,407,040 | ---- | M] (Microsoft Corporation) MD5=1B7F071C51B77C272875C3A23E1E4550 -- C:\WINDOWS\ServicePackFiles\i386\netlogon.dll
[2008/04/13 19:12:01 | 000,407,040 | ---- | M] (Microsoft Corporation) MD5=1B7F071C51B77C272875C3A23E1E4550 -- C:\WINDOWS\system32\dllcache\netlogon.dll
[2008/04/13 19:12:01 | 000,407,040 | ---- | M] (Microsoft Corporation) MD5=1B7F071C51B77C272875C3A23E1E4550 -- C:\WINDOWS\system32\netlogon.dll
[2004/08/04 02:56:44 | 000,407,040 | ---- | M] (Microsoft Corporation) MD5=96353FCECBA774BB8DA74A1C6507015A -- C:\WINDOWS\$NtServicePackUninstall$\netlogon.dll

< MD5 for: NTFS.SYS >
[2007/02/09 06:23:36 | 000,574,976 | ---- | M] (Microsoft Corporation) MD5=05AB81909514BFD69CBB1F2C147CF6B9 -- C:\WINDOWS\$hf_mig$\KB930916\SP2QFE\ntfs.sys
[2007/02/09 06:10:35 | 000,574,464 | ---- | M] (Microsoft Corporation) MD5=19A811EF5F1ED5C926A028CE107FF1AF -- C:\WINDOWS\$NtServicePackUninstall$\ntfs.sys
[2008/04/13 14:15:53 | 000,574,976 | ---- | M] (Microsoft Corporation) MD5=78A08DD6A8D65E697C18E1DB01C5CDCA -- C:\WINDOWS\erdnt\cache\ntfs.sys
[2008/04/13 14:15:53 | 000,574,976 | ---- | M] (Microsoft Corporation) MD5=78A08DD6A8D65E697C18E1DB01C5CDCA -- C:\WINDOWS\ServicePackFiles\i386\ntfs.sys
[2008/04/13 14:15:53 | 000,574,976 | ---- | M] (Microsoft Corporation) MD5=78A08DD6A8D65E697C18E1DB01C5CDCA -- C:\WINDOWS\system32\dllcache\ntfs.sys
[2008/04/13 14:15:53 | 000,574,976 | ---- | M] (Microsoft Corporation) MD5=78A08DD6A8D65E697C18E1DB01C5CDCA -- C:\WINDOWS\system32\drivers\ntfs.sys
[2004/08/03 23:15:10 | 000,574,592 | ---- | M] (Microsoft Corporation) MD5=B78BE402C3F63DD55521F73876951CDD -- C:\cmdcons\NTFS.SYS

< MD5 for: NTMSSVC.DLL >
[2008/04/13 19:12:02 | 000,435,200 | ---- | M] (Microsoft Corporation) MD5=156F64A3345BD23C600655FB4D10BC08 -- C:\WINDOWS\erdnt\cache\ntmssvc.dll
[2008/04/13 19:12:02 | 000,435,200 | ---- | M] (Microsoft Corporation) MD5=156F64A3345BD23C600655FB4D10BC08 -- C:\WINDOWS\ServicePackFiles\i386\ntmssvc.dll
[2008/04/13 19:12:02 | 000,435,200 | ---- | M] (Microsoft Corporation) MD5=156F64A3345BD23C600655FB4D10BC08 -- C:\WINDOWS\system32\dllcache\ntmssvc.dll
[2008/04/13 19:12:02 | 000,435,200 | ---- | M] (Microsoft Corporation) MD5=156F64A3345BD23C600655FB4D10BC08 -- C:\WINDOWS\system32\ntmssvc.dll
[2004/08/04 02:56:44 | 000,435,200 | ---- | M] (Microsoft Corporation) MD5=B62F29C00AC55A761B2E45877D85EA0F -- C:\WINDOWS\$NtServicePackUninstall$\ntmssvc.dll

< MD5 for: NVGTS.SYS >
[1999/12/31 19:00:00 | 000,168,040 | ---- | M] (NVIDIA Corporation) MD5=52DCE3B30C9D61C8E20FE3C6DA4BDFB7 -- C:\WINDOWS\system32\drivers\nvgts.sys
[2008/11/12 15:58:38 | 000,145,952 | ---- | M] (NVIDIA Corporation) MD5=75E2E77C5497F34E60491D27BF03F1CB -- C:\Documents and Settings\Bruce Moen\Local Settings\Application Data\SlimWare Utilities Inc\SlimDrivers\Backups\20121004T160438250000\pci\ven_10de&dev_03f6&cc_0101\nvgts.sys
[2008/11/12 15:58:38 | 000,145,952 | ---- | M] (NVIDIA Corporation) MD5=75E2E77C5497F34E60491D27BF03F1CB -- C:\Documents and Settings\Bruce Moen\Local Settings\Application Data\SlimWare Utilities Inc\SlimDrivers\Backups\20121004T162250421875\pci\ven_10de&dev_03f6&cc_0101\nvgts.sys
[2008/11/12 15:58:38 | 000,145,952 | ---- | M] (NVIDIA Corporation) MD5=75E2E77C5497F34E60491D27BF03F1CB -- C:\Documents and Settings\Bruce Moen\Local Settings\Application Data\SlimWare Utilities Inc\SlimDrivers\Backups\20121004T164504062500\pci\ven_10de&dev_03f6&cc_0101\nvgts.sys
[2008/11/12 15:58:38 | 000,145,952 | ---- | M] (NVIDIA Corporation) MD5=75E2E77C5497F34E60491D27BF03F1CB -- C:\NVIDIA\nForceWinXPInt\15.26\IDE\WinXP\sata_ide\nvgts.sys
[2008/11/12 15:58:38 | 000,145,952 | ---- | M] (NVIDIA Corporation) MD5=75E2E77C5497F34E60491D27BF03F1CB -- C:\WINDOWS\system32\ReinstallBackups\0034\DriverFiles\nvgts.sys
[2008/11/12 15:59:06 | 000,145,952 | ---- | M] (NVIDIA Corporation) MD5=8EB82606FCD8C5D039ADA33BD46FE7F8 -- C:\NVIDIA\nForceWinXPInt\15.26\IDE\WinXP\sataraid\nvgts.sys

< MD5 for: PROQUOTA.EXE >
[2004/08/04 02:56:55 | 000,050,176 | ---- | M] (Microsoft Corporation) MD5=4D9D45A4370E0C2AD00C362B7118E2A4 -- C:\WINDOWS\$NtServicePackUninstall$\proquota.exe
[2008/04/13 19:12:32 | 000,050,176 | ---- | M] (Microsoft Corporation) MD5=F6465A2EEF75468988A4FCF124148FA8 -- C:\WINDOWS\ServicePackFiles\i386\proquota.exe
[2008/04/13 19:12:32 | 000,050,176 | ---- | M] (Microsoft Corporation) MD5=F6465A2EEF75468988A4FCF124148FA8 -- C:\WINDOWS\system32\dllcache\proquota.exe
[2008/04/13 19:12:32 | 000,050,176 | ---- | M] (Microsoft Corporation) MD5=F6465A2EEF75468988A4FCF124148FA8 -- C:\WINDOWS\system32\proquota.exe

< MD5 for: QMGR.DLL >
[2004/08/04 02:56:44 | 000,382,464 | ---- | M] (Microsoft Corporation) MD5=2C69EC7E5A311334D10DD95F338FCCEA -- C:\WINDOWS\$NtServicePackUninstall$\qmgr.dll
[2008/04/13 19:12:03 | 000,409,088 | ---- | M] (Microsoft Corporation) MD5=574738F61FCA2935F5265DC4E5691314 -- C:\WINDOWS\erdnt\cache\qmgr.dll
[2008/04/13 19:12:03 | 000,409,088 | ---- | M] (Microsoft Corporation) MD5=574738F61FCA2935F5265DC4E5691314 -- C:\WINDOWS\ServicePackFiles\i386\qmgr.dll
[2008/04/13 19:12:03 | 000,409,088 | ---- | M] (Microsoft Corporation) MD5=574738F61FCA2935F5265DC4E5691314 -- C:\WINDOWS\system32\bits\qmgr.dll
[2008/04/13 19:12:03 | 000,409,088 | ---- | M] (Microsoft Corporation) MD5=574738F61FCA2935F5265DC4E5691314 -- C:\WINDOWS\system32\dllcache\qmgr.dll
[2008/04/13 19:12:03 | 000,409,088 | ---- | M] (Microsoft Corporation) MD5=574738F61FCA2935F5265DC4E5691314 -- C:\WINDOWS\system32\qmgr.dll
[2003/03/31 07:00:00 | 000,221,696 | ---- | M] (Microsoft Corporation) MD5=6A1CF14D0E7D0B2241F552223769C8A7 -- C:\WINDOWS\$NtUninstallKB842773$\qmgr.dll

< MD5 for: SCECLI.DLL >
[2004/08/04 02:56:44 | 000,180,224 | ---- | M] (Microsoft Corporation) MD5=0F78E27F563F2AAF74B91A49E2ABF19A -- C:\WINDOWS\$NtServicePackUninstall$\scecli.dll
[2008/04/13 19:12:05 | 000,181,248 | ---- | M] (Microsoft Corporation) MD5=A86BB5E61BF3E39B62AB4C7E7085A084 -- C:\WINDOWS\erdnt\cache\scecli.dll
[2008/04/13 19:12:05 | 000,181,248 | ---- | M] (Microsoft Corporation) MD5=A86BB5E61BF3E39B62AB4C7E7085A084 -- C:\WINDOWS\ServicePackFiles\i386\scecli.dll
[2008/04/13 19:12:05 | 000,181,248 | ---- | M] (Microsoft Corporation) MD5=A86BB5E61BF3E39B62AB4C7E7085A084 -- C:\WINDOWS\system32\dllcache\scecli.dll
[2008/04/13 19:12:05 | 000,181,248 | ---- | M] (Microsoft Corporation) MD5=A86BB5E61BF3E39B62AB4C7E7085A084 -- C:\WINDOWS\system32\scecli.dll

< MD5 for: SFCFILES.DLL >
[2004/08/04 02:56:45 | 001,580,544 | ---- | M] (Microsoft Corporation) MD5=30A609E00BD1D4FFC49D6B5A432BE7F2 -- C:\WINDOWS\$NtServicePackUninstall$\sfcfiles.dll
[2008/04/13 19:12:05 | 001,614,848 | ---- | M] (Microsoft Corporation) MD5=9DD07AF82244867CA36681EA2D29CE79 -- C:\WINDOWS\erdnt\cache\sfcfiles.dll
[2008/04/13 19:12:05 | 001,614,848 | ---- | M] (Microsoft Corporation) MD5=9DD07AF82244867CA36681EA2D29CE79 -- C:\WINDOWS\ServicePackFiles\i386\sfcfiles.dll
[2008/04/13 19:12:05 | 001,614,848 | ---- | M] (Microsoft Corporation) MD5=9DD07AF82244867CA36681EA2D29CE79 -- C:\WINDOWS\system32\dllcache\sfcfiles.dll
[2008/04/13 19:12:05 | 001,614,848 | ---- | M] (Microsoft Corporation) MD5=9DD07AF82244867CA36681EA2D29CE79 -- C:\WINDOWS\system32\sfcfiles.dll

< MD5 for: SPOOLSV.EXE >
[2010/08/17 08:19:36 | 000,058,880 | ---- | M] (Microsoft Corporation) MD5=258DD5D4283FD9F9A7166BE9AE45CE73 -- C:\WINDOWS\$hf_mig$\KB2347290\SP3QFE\spoolsv.exe
[2010/08/17 08:17:06 | 000,058,880 | ---- | M] (Microsoft Corporation) MD5=60784F891563FB1B767F70117FC2428F -- C:\WINDOWS\erdnt\cache\spoolsv.exe
[2010/08/17 08:17:06 | 000,058,880 | ---- | M] (Microsoft Corporation) MD5=60784F891563FB1B767F70117FC2428F -- C:\WINDOWS\system32\dllcache\spoolsv.exe
[2010/08/17 08:17:06 | 000,058,880 | ---- | M] (Microsoft Corporation) MD5=60784F891563FB1B767F70117FC2428F -- C:\WINDOWS\system32\spoolsv.exe
[2004/08/04 02:56:57 | 000,057,856 | ---- | M] (Microsoft Corporation) MD5=7435B108B935E42EA92CA94F59C8E717 -- C:\WINDOWS\$NtUninstallKB896423$\spoolsv.exe
[2005/06/10 19:17:13 | 000,057,856 | ---- | M] (Microsoft Corporation) MD5=AD3D9D191AEA7B5445FE1D82FFBB4788 -- C:\WINDOWS\$hf_mig$\KB896423\SP2QFE\spoolsv.exe
[2008/04/13 19:12:36 | 000,057,856 | ---- | M] (Microsoft Corporation) MD5=D8E14A61ACC1D4A6CD0D38AEBAC7FA3B -- C:\WINDOWS\$NtUninstallKB2347290$\spoolsv.exe
[2008/04/13 19:12:36 | 000,057,856 | ---- | M] (Microsoft Corporation) MD5=D8E14A61ACC1D4A6CD0D38AEBAC7FA3B -- C:\WINDOWS\ServicePackFiles\i386\spoolsv.exe
[2005/06/10 18:53:32 | 000,057,856 | ---- | M] (Microsoft Corporation) MD5=DA81EC57ACD4CDC3D4C51CF3D409AF9F -- C:\WINDOWS\$hf_mig$\KB896423\SP2GDR\spoolsv.exe
[2005/06/10 18:53:32 | 000,057,856 | ---- | M] (Microsoft Corporation) MD5=DA81EC57ACD4CDC3D4C51CF3D409AF9F -- C:\WINDOWS\$NtServicePackUninstall$\spoolsv.exe

< MD5 for: SRSVC.DLL >
[2008/04/13 19:12:07 | 000,171,008 | ---- | M] (Microsoft Corporation) MD5=3805DF0AC4296A34BA4BF93B346CC378 -- C:\WINDOWS\erdnt\cache\srsvc.dll
[2008/04/13 19:12:07 | 000,171,008 | ---- | M] (Microsoft Corporation) MD5=3805DF0AC4296A34BA4BF93B346CC378 -- C:\WINDOWS\ServicePackFiles\i386\srsvc.dll
[2008/04/13 19:12:07 | 000,171,008 | ---- | M] (Microsoft Corporation) MD5=3805DF0AC4296A34BA4BF93B346CC378 -- C:\WINDOWS\system32\dllcache\srsvc.dll
[2008/04/13 19:12:07 | 000,171,008 | ---- | M] (Microsoft Corporation) MD5=3805DF0AC4296A34BA4BF93B346CC378 -- C:\WINDOWS\system32\srsvc.dll
[2004/08/04 02:56:45 | 000,170,496 | ---- | M] (Microsoft Corporation) MD5=92BDF74F12D6CBEC43C94D4B7F804838 -- C:\WINDOWS\$NtServicePackUninstall$\srsvc.dll

< MD5 for: SVCHOST.EXE >
[2012/12/14 16:49:28 | 000,216,424 | ---- | M] () MD5=22101A85B3CA2FE2BE05FE9A61A7A83D -- C:\Program Files\Malwarebytes' Anti-Malware\Chameleon\svchost.exe
[2008/04/13 19:12:36 | 000,014,336 | ---- | M] (Microsoft Corporation) MD5=27C6D03BCDB8CFEB96B716F3D8BE3E18 -- C:\WINDOWS\erdnt\cache\svchost.exe
[2008/04/13 19:12:36 | 000,014,336 | ---- | M] (Microsoft Corporation) MD5=27C6D03BCDB8CFEB96B716F3D8BE3E18 -- C:\WINDOWS\ServicePackFiles\i386\svchost.exe
[2008/04/13 19:12:36 | 000,014,336 | ---- | M] (Microsoft Corporation) MD5=27C6D03BCDB8CFEB96B716F3D8BE3E18 -- C:\WINDOWS\system32\dllcache\svchost.exe
[2008/04/13 19:12:36 | 000,014,336 | ---- | M] (Microsoft Corporation) MD5=27C6D03BCDB8CFEB96B716F3D8BE3E18 -- C:\WINDOWS\system32\svchost.exe
[2004/08/04 02:56:57 | 000,014,336 | ---- | M] (Microsoft Corporation) MD5=8F078AE4ED187AAABC0A305146DE6716 -- C:\WINDOWS\$NtServicePackUninstall$\svchost.exe

< MD5 for: TERMSRV.DLL >
[2004/08/04 02:56:46 | 000,295,424 | ---- | M] (Microsoft Corporation) MD5=B60C877D16D9C880B952FDA04ADF16E6 -- C:\WINDOWS\$NtServicePackUninstall$\termsrv.dll
[2008/04/13 19:12:07 | 000,295,424 | ---- | M] (Microsoft Corporation) MD5=FF3477C03BE7201C294C35F684B3479F -- C:\WINDOWS\erdnt\cache\termsrv.dll
[2008/04/13 19:12:07 | 000,295,424 | ---- | M] (Microsoft Corporation) MD5=FF3477C03BE7201C294C35F684B3479F -- C:\WINDOWS\ServicePackFiles\i386\termsrv.dll
[2008/04/13 19:12:07 | 000,295,424 | ---- | M] (Microsoft Corporation) MD5=FF3477C03BE7201C294C35F684B3479F -- C:\WINDOWS\system32\dllcache\termsrv.dll
[2008/04/13 19:12:07 | 000,295,424 | ---- | M] (Microsoft Corporation) MD5=FF3477C03BE7201C294C35F684B3479F -- C:\WINDOWS\system32\termsrv.dll

< MD5 for: USERINIT.EXE >
[2004/08/04 02:56:57 | 000,024,576 | ---- | M] (Microsoft Corporation) MD5=39B1FFB03C2296323832ACBAE50D2AFF -- C:\WINDOWS\$NtServicePackUninstall$\userinit.exe
[2008/04/13 19:12:38 | 000,026,112 | ---- | M] (Microsoft Corporation) MD5=A93AEE1928A9D7CE3E16D24EC7380F89 -- C:\WINDOWS\erdnt\cache\userinit.exe
[2008/04/13 19:12:38 | 000,026,112 | ---- | M] (Microsoft Corporation) MD5=A93AEE1928A9D7CE3E16D24EC7380F89 -- C:\WINDOWS\ServicePackFiles\i386\userinit.exe
[2008/04/13 19:12:38 | 000,026,112 | ---- | M] (Microsoft Corporation) MD5=A93AEE1928A9D7CE3E16D24EC7380F89 -- C:\WINDOWS\system32\dllcache\userinit.exe
[2008/04/13 19:12:38 | 000,026,112 | ---- | M] (Microsoft Corporation) MD5=A93AEE1928A9D7CE3E16D24EC7380F89 -- C:\WINDOWS\system32\userinit.exe

< MD5 for: VIASRAID.SYS >
[2003/07/04 04:22:44 | 000,076,416 | R--- | M] (VIA Technologies inc,.ltd) MD5=69588DCADD3F9B91ED222D8B27E140DD -- C:\WINDOWS\system32\drivers\viasraid.sys

< MD5 for: XMLPROV.DLL >
[2008/04/13 19:12:11 | 000,129,024 | ---- | M] (Microsoft Corporation) MD5=295D21F14C335B53CB8154E5B1F892B9 -- C:\WINDOWS\erdnt\cache\xmlprov.dll
[2008/04/13 19:12:11 | 000,129,024 | ---- | M] (Microsoft Corporation) MD5=295D21F14C335B53CB8154E5B1F892B9 -- C:\WINDOWS\ServicePackFiles\i386\xmlprov.dll
[2008/04/13 19:12:11 | 000,129,024 | ---- | M] (Microsoft Corporation) MD5=295D21F14C335B53CB8154E5B1F892B9 -- C:\WINDOWS\system32\dllcache\xmlprov.dll
[2008/04/13 19:12:11 | 000,129,024 | ---- | M] (Microsoft Corporation) MD5=295D21F14C335B53CB8154E5B1F892B9 -- C:\WINDOWS\system32\xmlprov.dll
[2004/08/04 02:56:46 | 000,129,536 | ---- | M] (Microsoft Corporation) MD5=EEF46DAB68229A14DA3D8E73C99E2959 -- C:\WINDOWS\$NtServicePackUninstall$\xmlprov.dll

========== Alternate Data Streams ==========

@Alternate Data Stream - 153 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:E965A533

< End of report >




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users