Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

zekos malware infection


  • This topic is locked This topic is locked
23 replies to this topic

#1 castillo

castillo

  • Members
  • 17 posts
  • OFFLINE
  •  
  • Local time:01:33 AM

Posted 16 January 2014 - 10:46 PM

http://www.bleepingcomputer.com/forums/t/520987/dcom-service-launcher-using-lots-of-memory/?hl=%2Bdcom#entry3261792

 

 

 

DDS (Ver_2012-11-20.01) - NTFS_x86
Internet Explorer: 8.0.6001.18702  BrowserJavaVersion: 10.45.2
Run by Salon at 22:32:24 on 2014-01-16
FW: ZoneAlarm Free Firewall Firewall *Enabled*
.
============== Running Processes ================
.
C:\WINDOWS\Explorer.EXE
C:\Program Files\NavNT\vptray.exe
C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\system32\igfxpers.exe
C:\Program Files\LogMeIn\x86\LogMeInSystray.exe
C:\Program Files\Olympus\ib\olycamdetect.exe
C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
C:\Program Files\Samsung\Kies\KiesTrayAgent.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Samsung\Kies\Kies.exe
C:\Program Files\Samsung\Kies\KiesAirMessage.exe
C:\Program Files\Samsung\Kies\External\FirmwareUpdate\KiesPDLR.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\WINDOWS\SYSTEM32\RunDll32.exe
C:\Program Files\NavNT\defwatch.exe
C:\WINDOWS\system32\imapi.exe
C:\Program Files\Java\jre7\bin\jqs.exe
C:\Program Files\LogMeIn\x86\LMIGuardianSvc.exe
C:\Program Files\LogMeIn\x86\RaMaint.exe
C:\Program Files\Intel\Intel® Management Engine Components\LMS\LMS.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\Memeo\AutoBackup\MemeoBackgroundService.exe
C:\Program Files\NavNT\rtvscan.exe
C:\WINDOWS\System32\locator.exe
C:\Program Files\Intel\Intel® Management Engine Components\UNS\UNS.exe
C:\Program Files\CheckPoint\ZoneAlarm\ZAPrivacyService.exe
C:\Program Files\LogMeIn\x86\LogMeIn.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\System32\alg.exe
C:\Program Files\Memeo\AutoBackup\MemeoBackup.exe
C:\Program Files\Check Point Software Technologies LTD\zonealarm\AbineSDK\IE\DNTPService.exe
C:\Program Files\LogMeIn\x86\LogMeIn.exe
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\LEXPPS.EXE
C:\Program Files\Mozilla Firefox\firefox.exe
C:\WINDOWS\system32\svchost.exe -k rpcss
C:\WINDOWS\System32\svchost.exe -k netsvcs
C:\WINDOWS\system32\svchost.exe -k WudfServiceGroup
C:\WINDOWS\System32\svchost.exe -k NetworkService
C:\WINDOWS\system32\svchost.exe -k LocalService
C:\WINDOWS\System32\svchost.exe -k LocalService
C:\WINDOWS\system32\svchost.exe -k hpdevmgmt
C:\WINDOWS\system32\svchost.exe -k HPService
C:\WINDOWS\System32\svchost.exe -k HPZ12
C:\WINDOWS\System32\svchost.exe -k HPZ12
C:\WINDOWS\System32\svchost.exe -k imgsvc
C:\WINDOWS\System32\svchost.exe -k HTTPFilter
C:\WINDOWS\system32\svchost.exe -k DcomLaunch
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://att.yahoo.com/
uProxyOverride = hxxp://localhost;*.local
BHO: HP Print Enhancer: {0347C33E-8762-4905-BF09-768834316C61} - c:\program files\hp\digital imaging\smart web printing\hpswp_printenhancer.dll
BHO: Adobe PDF Reader Link Helper: {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelper.dll
BHO: Zonealarm Helper Object: {2A841F7A-A014-4DA5-B6D9-8B913DFB7A8C} - c:\program files\check point software technologies ltd\zonealarm\1.8.28.13\bh\zonealarm.dll
BHO: Spybot-S&D IE Protection: {53707962-6F74-2D53-2644-206D7942484F} - c:\program files\spybot - search & destroy\SDHelper.dll
BHO: Java™ Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - c:\program files\java\jre7\bin\ssv.dll
BHO: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll
BHO: Java™ Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - c:\program files\java\jre7\bin\jp2ssv.dll
BHO: HP Smart BHO Class: {FFFFFFFF-CF4E-4F2B-BDC2-0E72E116A856} - c:\program files\hp\digital imaging\smart web printing\hpswp_BHO.dll
TB: ZoneAlarm Security Toolbar: {438FAE3E-BDEF-44D3-AB8B-0C7C8350DF59} - c:\program files\check point software technologies ltd\zonealarm\1.8.28.13\zonealarmTlbr.dll
EB: {32683183-48a0-441b-a342-7c2a440a9478} - <orphaned>
uRun: [KiesPreload] c:\program files\samsung\kies\Kies.exe /preload
uRun: [KiesAirMessage] c:\program files\samsung\kies\KiesAirMessage.exe -startup
uRun: [KiesPDLR] c:\program files\samsung\kies\external\firmwareupdate\KiesPDLR.exe
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
uRun: [] c:\program files\samsung\kies\external\firmwareupdate\KiesPDLR.exe
mRun: [vptray] c:\program files\navnt\vptray.exe
mRun: [WD Button Manager] WDBtnMgr.exe
mRun: [IgfxTray] c:\windows\system32\igfxtray.exe
mRun: [HotKeysCmds] c:\windows\system32\hkcmd.exe
mRun: [Persistence] c:\windows\system32\igfxpers.exe
mRun: [AppleSyncNotifier] c:\program files\common files\apple\mobile device support\AppleSyncNotifier.exe
mRun: [APSDaemon] "c:\program files\common files\apple\apple application support\APSDaemon.exe"
mRun: [LogMeIn GUI] "c:\program files\logmein\x86\LogMeInSystray.exe"
mRun: [QuickTime Task] "c:\program files\quicktime\qttask.exe" -atboottime
mRun: [Olympus ib] "c:\program files\olympus\ib\olycamdetect.exe" /Startup
mRun: [MDS_Menu] "c:\program files\olympus\ib\muitransfer\muistartmenu.exe" "c:\program files\olympus\ib" updatewithcreateonce "software\olympus\ib\1.0"
mRun: [HP Software Update] c:\program files\hp\hp software update\HPWuSchd2.exe
mRun: [KiesTrayAgent] c:\program files\samsung\kies\KiesTrayAgent.exe
mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe"
mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe"
mRun: [SunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe"
mRun: [ZoneAlarm] "c:\program files\checkpoint\zonealarm\zatray.exe"
StartupFolder: c:\docume~1\salon\startm~1\programs\startup\monito~1.lnk - c:\windows\system32\RunDll32.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\memeoa~1.lnk - c:\windows\installer\{17fe46df-24dc-4888-ba8b-1c918a2e79ed}\NewShortcut5_6EA2867D4E8340A5A3471FF71A363544.exe
uPolicies-Explorer: NoDriveTypeAutoRun = dword:323
uPolicies-Explorer: NoDriveAutoRun = dword:67108863
uPolicies-Explorer: NoDrives = dword:0
mPolicies-Explorer: NoDriveAutoRun = dword:67108863
mPolicies-Explorer: NoDriveTypeAutoRun = dword:323
mPolicies-Explorer: NoDrives = dword:0
mPolicies-Windows\System: Allow-LogonScript-NetbiosDisabled = dword:1
mPolicies-Explorer: NoDriveTypeAutoRun = dword:323
mPolicies-Explorer: NoDriveAutoRun = dword:67108863
IE: E&xport to Microsoft Excel - c:\progra~1\micros~2\office11\EXCEL.EXE/3000
IE: {22CC3EBD-C286-43aa-B8E6-06B115F74162} - c:\program files\hewlett-packard\smartprint\smartprintsetup.exe
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503}
IE: {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - {FE54FA40-D68C-11d2-98FA-00C0F0318AFE}
IE: {DDE87865-83C5-48c4-8357-2F5B1AA84522} - {DDE87865-83C5-48c4-8357-2F5B1AA84522} - c:\program files\hp\digital imaging\smart web printing\hpswp_BHO.dll
IE: {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - {53707962-6F74-2D53-2644-206D7942484F} - c:\program files\spybot - search & destroy\SDHelper.dll
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
DPF: DirectAnimation Java Classes - file://c:\windows\java\classes\dajava.cab
DPF: Microsoft XML Parser for Java - file://c:\windows\java\classes\xmldso.cab
DPF: Yahoo! Pool 2 - hxxp://download.games.yahoo.com/games/clients/y/potc_x.cab
DPF: {1C11B948-582A-433F-A98D-A8C4D5CC64F2} - hxxp://kitchenplanner.ikea.com/US/Core/Player/2020PlayerAX_Win32.cab
DPF: {30528230-99F7-4BB4-88D8-FA1D4F56A2AB} - hxxp://us.dl1.yimg.com/download.yahoo.com/dl/installs/yinst0401.cab
DPF: {33564D57-0000-0010-8000-00AA00389B71} - hxxp://download.microsoft.com/download/F/6/E/F6E491A6-77E1-4E20-9F5F-94901338C922/wmv9VCM.CAB
DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} - hxxp://www.update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1353111579734
DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} - hxxp://www.update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1353111562671
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_35-windows-i586.cab
DPF: {9F1C11AA-197B-4942-BA54-47A8489BB47F} - hxxp://v4.windowsupdate.microsoft.com/CAB/x86/unicode/iuctl.CAB?37792.3701273148
DPF: {CAFEEFAC-0016-0000-0035-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_35-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_35-windows-i586.cab
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab
DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
TCP: NameServer = 192.168.1.1
TCP: Interfaces\{4EF108A5-6A98-47C7-ACFD-1C1FA3C4C0D9} : DHCPNameServer = 192.168.1.1
TCP: Interfaces\{C6C6D5F7-E15F-42CA-8AE3-EB0173835AA7} : DHCPNameServer = 192.168.1.254 192.168.1.254
Notify: !SASWinLogon - c:\program files\superantispyware\SASWINLO.DLL
Notify: igfxcui - igfxdev.dll
Notify: LMIinit - LMIinit.dll
Notify: NavLogon - c:\windows\system32\NavLogon.dll
Notify: PCANotify - PCANotify.dll
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll
SEH: SABShellExecuteHook Class - {5AE067D3-9AFB-48E0-853A-EBB7F4A000DA} - c:\program files\superantispyware\SASSEH.DLL
.
================= FIREFOX ===================
.
FF - ProfilePath - c:\documents and settings\salon\application data\mozilla\firefox\profiles\hqzgyejm.default-1375245231546\
FF - prefs.js: browser.startup.homepage - hxxp://att.yahoo.com/
FF - plugin: c:\program files\adobe\reader 11.0\reader\air\nppdf32.dll
FF - plugin: c:\program files\java\jre7\bin\dtplugin\npdeployJava1.dll
FF - plugin: c:\program files\java\jre7\bin\plugin2\npjp2.dll
FF - plugin: c:\program files\olympus\ib utilities\firefox plugin\npIbInst.dll
FF - plugin: c:\windows\system32\macromed\flash\NPSWF32_11_9_900_170.dll
.
============= SERVICES / DRIVERS ===============
.
.
=============== Created Last 30 ================
.
2014-01-14 04:40:48    --------    d-----w-    c:\documents and settings\salon\local settings\application data\DoNotTrackPlus
2014-01-12 19:10:06    --------    d-sha-r-    C:\cmdcons
2014-01-12 19:05:59    208896    ----a-w-    c:\windows\MBR.exe
2014-01-12 19:05:58    98816    ----a-w-    c:\windows\sed.exe
2014-01-12 19:05:58    256000    ----a-w-    c:\windows\PEV.exe
2014-01-12 18:46:52    94632    ----a-w-    c:\windows\system32\WindowsAccessBridge.dll
2014-01-12 17:49:18    51416    ----a-w-    c:\windows\system32\drivers\mbamchameleon.sys
2013-12-21 06:04:22    225656    ----a-w-    c:\program files\internet explorer\plugins\nppdf32.dll
.
==================== Find3M  ====================
.
2013-12-12 16:54:30    86888    ----a-w-    c:\windows\system32\LMIRfsClientNP.dll
2013-12-12 16:54:29    53064    ----a-w-    c:\windows\system32\spool\prtprocs\w32x86\LMIproc.dll
2013-12-12 16:54:28    85832    ----a-w-    c:\windows\system32\LMIinit.dll
2013-12-12 16:54:28    31560    ----a-w-    c:\windows\system32\LMIport.dll
2013-12-11 17:26:19    71048    ----a-w-    c:\windows\system32\FlashPlayerCPLApp.cpl
2013-12-11 17:26:19    692616    ----a-w-    c:\windows\system32\FlashPlayerApp.exe
2013-10-27 13:54:06    86888    ----a-w-    c:\windows\system32\LMIRfsClientNP.dll.000.bak
2013-10-27 13:54:05    85832    ----a-w-    c:\windows\system32\LMIinit.dll.000.bak
.
============= FINISH: 22:33:28.14 ===============

Attached Files



BC AdBot (Login to Remove)

 


#2 RPMcMurphy

RPMcMurphy

    Bleeping *^#@%~


  • Malware Response Team
  • 3,970 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:02:33 AM

Posted 16 January 2014 - 11:31 PM

Hello and welcome.  Please follow these guidelines while we work on your PC:

  • Malware removal is a sometimes lengthy and tedious process. Please stick with the thread until I’ve given you the “All clear.”  Absence of symptoms does not mean your machine is clean!
  • Please do not run any scans or install/uninstall any applications without being directed to do so.
  • Please note that the forum is very busy and if I don't hear from you within five days this thread will be closed.

icon11.gif   Please download Farbar Recovery Scan Tool and save it to your desktop.

Note: You need to run the version compatibale with your system. If you are not sure which version applies to your system download both of them and try to run them. Only one of them will run on your system, that will be the right version.
  • Double-click to run it. When the tool opens click Yes to disclaimer.
  • Press Scan button.
  • It will make a log (FRST.txt) in the same directory the tool is run. Please copy and paste it to your reply.
  • The first time the tool is run, it makes also another log (Addition.txt). Please attach it to your reply.


Threads are closed after 5 days of inactivity.

ASAP & UNITE Member


The help you receive here is free. If you wish to show your appreciation, then you may btn_donate_SM.gif


#3 castillo

castillo
  • Topic Starter

  • Members
  • 17 posts
  • OFFLINE
  •  
  • Local time:01:33 AM

Posted 17 January 2014 - 09:51 AM

Farbar Logs

 

Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 17-01-2014 01
Ran by Salon (administrator) on DIMENSION on 17-01-2014 09:45:59
Running from C:\Documents and Settings\Salon\Desktop
Microsoft Windows XP Service Pack 3 (X86) OS Language: English(US)
Internet Explorer Version 8
Boot Mode: Normal

The only official download link for FRST:
Download link for 32-Bit version: http://www.bleepingcomputer.com/download/farbar-recovery-scan-tool/dl/81/
Download link for 64-Bit Version: http://www.bleepingcomputer.com/download/farbar-recovery-scan-tool/dl/82/
Download link from any site other than Bleeping Computer is unpermitted or outdated.
See tutorial for FRST: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

ATTENTION: If processes are not listed WMI should be repaired.


==================== Processes (Whitelisted) ===================



==================== Registry (Whitelisted) ==================

HKLM\...\Run: [vptray] - C:\Program Files\NavNT\vptray.exe [73728 2001-09-24] (Symantec Corporation)
HKLM\...\Run: [WD Button Manager] - C:\Windows\system32\WDBtnMgr.exe [339968 2007-03-12] (Western Digital Technologies, Inc.)
HKLM\...\Run: [AppleSyncNotifier] - C:\Program Files\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe [58656 2011-04-20] (Apple Inc.)
HKLM\...\Run: [APSDaemon] - C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe [59280 2012-08-27] (Apple Inc.)
HKLM\...\Run: [LogMeIn GUI] - C:\Program Files\LogMeIn\x86\LogMeInSystray.exe [63048 2011-09-16] (LogMeIn, Inc.)
HKLM\...\Run: [QuickTime Task] - C:\Program Files\QuickTime\qttask.exe [421888 2011-07-05] (Apple Inc.)
HKLM\...\Run: [Olympus ib] - C:\Program Files\Olympus\ib\olycamdetect.exe [96128 2012-02-02] (OLYMPUS IMAGING CORP.)
HKLM\...\Run: [MDS_Menu] - C:\Program Files\Olympus\ib\MUITransfer\MUIStartMenu.exe [223104 2011-08-30] (CyberLink Corp.)
HKLM\...\Run: [HP Software Update] - C:\Program Files\HP\HP Software Update\HPWuSchd2.exe [49208 2011-03-24] (Hewlett-Packard)
HKLM\...\Run: [KiesTrayAgent] - C:\Program Files\Samsung\Kies\KiesTrayAgent.exe [310280 2012-12-20] (Samsung Electronics Co., Ltd.)
HKLM\...\Run: [iTunesHelper] - C:\Program Files\iTunes\iTunesHelper.exe [421776 2012-09-09] (Apple Inc.)
HKLM\...\Run: [Adobe ARM] - C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe [959904 2013-11-21] (Adobe Systems Incorporated)
HKLM\...\Run: [SunJavaUpdateSched] - C:\Program Files\Common Files\Java\Java Update\jusched.exe [254336 2013-07-02] (Oracle Corporation)
HKLM\...\Run: [ZoneAlarm] - C:\Program Files\CheckPoint\ZoneAlarm\zatray.exe [73832 2013-12-16] (Check Point Software Technologies LTD)
Winlogon\Notify\!SASWinLogon: C:\Program Files\SUPERAntiSpyware\SASWINLO.DLL (SUPERAntiSpyware.com)
Winlogon\Notify\LMIinit: C:\Windows\system32\LMIinit.dll (LogMeIn, Inc.)
Winlogon\Notify\NavLogon: C:\WINDOWS\System32\NavLogon.dll ()
Winlogon\Notify\PCANotify: C:\Windows\system32\PCANotify.dll (Symantec Corporation)
HKCU\...\Run: [KiesPreload] - C:\Program Files\Samsung\Kies\Kies.exe [1476104 2012-12-20] (Samsung)
HKCU\...\Run: [KiesAirMessage] - C:\Program Files\Samsung\Kies\KiesAirMessage.exe [578560 2012-12-17] (Samsung Electronics)
HKCU\...\Run: [KiesPDLR] - C:\Program Files\Samsung\Kies\External\FirmwareUpdate\KiesPDLR.exe [844296 2012-12-20] (Samsung)
HKCU\...\Run: [] - C:\Program Files\Samsung\Kies\External\FirmwareUpdate\KiesPDLR.exe [844296 2012-12-20] (Samsung)
HKU\Administrator\...\RunOnce: [NeroHomeFirstStart] - "C:\Program Files\Common Files\Nero\Lib\NMFirstStart.exe"
HKU\Default User\...\RunOnce: [NeroHomeFirstStart] - "C:\Program Files\Common Files\Nero\Lib\NMFirstStart.exe"
Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Memeo AutoBackup.lnk
ShortcutTarget: Memeo AutoBackup.lnk -> C:\WINDOWS\Installer\{17FE46DF-24DC-4888-BA8B-1C918A2E79ED}\NewShortcut5_6EA2867D4E8340A5A3471FF71A363544.exe (Macrovision Corporation)
Startup: C:\Documents and Settings\Salon\Start Menu\Programs\Startup\Monitor Ink Alerts - HP Photosmart 5510d series.lnk
ShortcutTarget: Monitor Ink Alerts - HP Photosmart 5510d series.lnk -> C:\Program Files\HP\HP Photosmart 5510d series\Bin\HPStatusBL.dll (Hewlett-Packard Co.)

==================== Internet (Whitelisted) ====================

HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://att.yahoo.com/
HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
SearchScopes: HKLM - {9BB47C17-9C68-4BB3-B188-DD9AF0FD2406} URL = http://www.searchqu.com/web?src=ieb&appid=102&systemid=406&sr=0&q={searchTerms}
SearchScopes: HKLM - {cca2e567-1987-4100-a3c6-5b4267084510} URL = http://search.mywebsearch.com/mywebsearch/GGmain.jhtml?p2=^YK^xdm030^S00744^us&si=21786&ptb=4E84E14E-107E-4F2A-A83B-7FAE48EA403B&psa=&ind=2012033016&st=sb&n=77ed2ff8&searchfor={searchTerms}
SearchScopes: HKCU - DefaultScope {002D945D-4E44-4951-A159-E376222EFB79} URL = http://search.zonealarm.com/search?src=sp&tbid=HFA5&Lan=en&q={searchTerms}&gu=b3af63f41a384a9d8ef44ecef3f3e6a4&tu=10GXy00C02C01u0&sku=&tstsId=&ver=&&r=875
SearchScopes: HKCU - {002D945D-4E44-4951-A159-E376222EFB79} URL = http://search.zonealarm.com/search?src=sp&tbid=HFA5&Lan=en&q={searchTerms}&gu=b3af63f41a384a9d8ef44ecef3f3e6a4&tu=10GXy00C02C01u0&sku=&tstsId=&ver=&&r=875
SearchScopes: HKCU - {9BB47C17-9C68-4BB3-B188-DD9AF0FD2406} URL = http://www.searchqu.com/web?src=ieb&appid=102&systemid=406&sr=0&q={searchTerms}
SearchScopes: HKCU - {cca2e567-1987-4100-a3c6-5b4267084510} URL = http://search.mywebsearch.com/mywebsearch/GGmain.jhtml?p2=^YK^xdm030^S00744^us&si=21786&ptb=4E84E14E-107E-4F2A-A83B-7FAE48EA403B&psa=&ind=2012033016&st=sb&n=77ed2ff8&searchfor={searchTerms}
BHO: HP Print Enhancer - {0347C33E-8762-4905-BF09-768834316C61} - C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_printenhancer.dll (Hewlett-Packard Co.)
BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
BHO: Zonealarm Helper Object - {2A841F7A-A014-4DA5-B6D9-8B913DFB7A8C} - C:\Program Files\Check Point Software Technologies LTD\zonealarm\1.8.28.13\bh\zonealarm.dll (Check Point Software Technologies LTD)
BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
BHO: Java™ Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation)
BHO: Java™ Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
BHO: HP Smart BHO Class - {FFFFFFFF-CF4E-4F2B-BDC2-0E72E116A856} - C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll (Hewlett-Packard Co.)
Toolbar: HKLM - ZoneAlarm Security Toolbar - {438FAE3E-BDEF-44D3-AB8B-0C7C8350DF59} - C:\Program Files\Check Point Software Technologies LTD\zonealarm\1.8.28.13\zonealarmTlbr.dll (Check Point Software Technologies LTD)
Toolbar: HKCU - No Name - {2318C2B1-4965-11D4-9B18-009027A5CD4F} -  No File
Toolbar: HKCU - No Name - {EE2AC4E5-B0B0-4EC6-88A9-BCA1A32AB107} -  No File
DPF: {1C11B948-582A-433F-A98D-A8C4D5CC64F2} http://kitchenplanner.ikea.com/US/Core/Player/2020PlayerAX_Win32.cab
DPF: {30528230-99F7-4BB4-88D8-FA1D4F56A2AB} http://us.dl1.yimg.com/download.yahoo.com/dl/installs/yinst0401.cab
DPF: {33564D57-0000-0010-8000-00AA00389B71} http://download.microsoft.com/download/F/6/E/F6E491A6-77E1-4E20-9F5F-94901338C922/wmv9VCM.CAB
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_35-windows-i586.cab
DPF: {9F1C11AA-197B-4942-BA54-47A8489BB47F} http://v4.windowsupdate.microsoft.com/CAB/x86/unicode/iuctl.CAB?37792.3701273148
DPF: {CAFEEFAC-0016-0000-0035-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_35-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_35-windows-i586.cab
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab
DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
Handler: ms-itss - {0A9007C0-4076-11D3-8789-0000F8105754} - C:\Program Files\Common Files\Microsoft Shared\Information Retrieval\MSITSS.DLL (Microsoft Corporation)
ShellExecuteHooks: SABShellExecuteHook Class - {5AE067D3-9AFB-48E0-853A-EBB7F4A000DA} - C:\Program Files\SUPERAntiSpyware\SASSEH.DLL [115440 2014-01-16] (SuperAdBlocker.com)
Winsock: Catalog5 04 C:\Program Files\Bonjour\mdnsNSP.dll [121704] (Apple Inc.)
Tcpip\Parameters: [DhcpNameServer] 192.168.1.1

FireFox:
========
FF ProfilePath: C:\Documents and Settings\Salon\Application Data\Mozilla\Firefox\Profiles\hqzgyejm.default-1375245231546
FF Homepage: hxxp://att.yahoo.com/
FF Plugin: @adobe.com/FlashPlayer - C:\WINDOWS\system32\Macromed\Flash\NPSWF32_11_9_900_170.dll ()
FF Plugin: @java.com/DTPlugin,version=10.45.2 - C:\Program Files\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=10.45.2 - C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin: @olympus-imaging.jp/npIbInst - C:\Program Files\OLYMPUS\ib Utilities\Firefox Plugin\npIbInst.dll (OLYMPUS IMAGING CORP.)
FF Plugin: Adobe Reader - C:\Program Files\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)

========================== Services (Whitelisted) =================

S4 awhost32; C:\Program Files\Symantec\pcAnywhere\awhost32.exe [114749 2002-02-15] (Symantec Corporation)
R2 DefWatch; C:\Program Files\NavNT\defwatch.exe [32768 2001-09-24] (Symantec Corporation)
R2 JavaQuickStarterService; C:\Program Files\Java\jre7\bin\jqs.exe [182696 2013-10-08] (Oracle Corporation)
R2 LexBceS; C:\WINDOWS\system32\LEXBCES.EXE [303104 2003-02-28] (Lexmark International, Inc.)
S3 McComponentHostService; C:\Program Files\McAfee Security Scan\2.1.121\McCHSvc.exe [227232 2010-09-03] (McAfee, Inc.)
R2 MemeoBackgroundService; C:\Program Files\Memeo\AutoBackup\MemeoBackgroundService.exe [25824 2008-04-17] (Memeo)
R2 Norton AntiVirus Server; C:\Program Files\NavNT\rtvscan.exe [454656 2001-09-24] (Symantec Corporation)
R2 vsmon; C:\Program Files\CheckPoint\ZoneAlarm\vsmon.exe [2445816 2013-12-16] (Check Point Software Technologies LTD)
S2 WANMiniportService; C:\WINDOWS\wanmpsvc.exe [65536 2002-10-08] (America Online, Inc.)
R2 ZAPrivacyService; C:\Program Files\CheckPoint\ZoneAlarm\ZAPrivacyService.exe [50704 2013-10-15] (Check Point Software Technologies, Ltd.)

==================== Drivers (Whitelisted) ====================

S4 abp480n5; C:\Windows\System32\DRIVERS\ABP480N5.SYS [23552 2001-08-17] (Microsoft Corporation)
R3 Afc; C:\Windows\System32\drivers\Afc.sys [11776 2005-02-23] (Arcsoft, Inc.)
R2 Aspi32; C:\Windows\System32\Drivers\Aspi32.sys [17005 2003-05-28] (Adaptec)
S3 ATWPKT2; C:\Program Files\America Online 8.0\ATWPKT2.SYS [19140 2002-10-08] (America Online)
R1 awlegacy; C:\Windows\System32\Drivers\awlegacy.sys [10816 2000-09-11] (Symantec Corporation)
R1 AW_HOST; C:\Windows\System32\drivers\aw_host5.sys [33496 2002-02-11] (Symantec Corporation)
S3 BCMModem; C:\Windows\System32\DRIVERS\BCMSM.sys [1101696 2003-02-24] (Broadcom Corporation)
S3 EL90XBC; C:\Windows\System32\DRIVERS\el90xbc5.sys [66591 2001-08-17] (3Com Corporation)
R0 Gernuwa; C:\Windows\System32\Drivers\Gernuwa.sys [14944 2001-10-09] (Symantec Corporation)
S3 HPZid412; C:\Windows\System32\DRIVERS\HPZid412.sys [49920 2009-08-05] (HP)
S3 HPZipr12; C:\Windows\System32\DRIVERS\HPZipr12.sys [16496 2009-08-05] (HP)
S3 HPZius12; C:\Windows\System32\DRIVERS\HPZius12.sys [21568 2009-08-05] (HP)
S3 i81x; C:\Windows\System32\DRIVERS\i81xnt5.sys [161020 2004-08-03] (Intel® Corporation)
S3 iAimFP0; C:\Windows\System32\DRIVERS\wADV01nt.sys [12415 2004-08-03] (Intel® Corporation)
S3 iAimFP1; C:\Windows\System32\DRIVERS\wADV02NT.sys [12127 2004-08-03] (Intel® Corporation)
S3 iAimFP2; C:\Windows\System32\DRIVERS\wADV05NT.sys [11775 2004-08-03] (Intel® Corporation)
S3 iAimFP3; C:\Windows\System32\DRIVERS\wSiINTxx.sys [12063 2004-08-03] (Intel® Corporation)
S3 iAimFP4; C:\Windows\System32\DRIVERS\wVchNTxx.sys [19455 2004-08-03] (Intel® Corporation)
S3 iAimTV0; C:\Windows\System32\DRIVERS\wATV01nt.sys [29311 2004-08-03] (Intel® Corporation)
S3 iAimTV1; C:\Windows\System32\DRIVERS\wATV02NT.sys [19551 2004-08-03] (Intel® Corporation)
S3 iAimTV3; C:\Windows\System32\DRIVERS\wATV04nt.sys [33599 2004-08-03] (Intel® Corporation)
S3 iAimTV4; C:\Windows\System32\DRIVERS\wCh7xxNT.sys [23615 2004-08-03] (Intel® Corporation)
R3 L1c; C:\Windows\System32\DRIVERS\l1c51x86.sys [62576 2010-12-27] (Atheros Communications, Inc.)
R3 MEI; C:\Windows\System32\DRIVERS\HECI.sys [41088 2010-10-19] (Intel Corporation)
R3 monfilt; C:\Windows\System32\drivers\monfilt.sys [1389056 2008-02-14] (Creative Technology Ltd.)
R3 MxlW2k; C:\Windows\System32\Drivers\MxlW2k.sys [28164 2003-04-23] (MusicMatch, Inc.)
R3 NAVAP; C:\Program Files\NavNT\NAVAP.sys [176208 2001-09-24] ()
R2 NAVAPEL; C:\Program Files\NavNT\NAVAPEL.SYS [9232 2001-09-24] ()
R3 NAVENG; C:\Program Files\Common Files\Symantec Shared\VirusDefs\20101013.002\NAVENG.SYS [86064 2010-10-13] (Symantec Corporation)
R3 NAVEX15; C:\Program Files\Common Files\Symantec Shared\VirusDefs\20101013.002\NAVEX15.SYS [1371184 2010-10-13] (Symantec Corporation)
S3 OlyCamComm; C:\Windows\System32\DRIVERS\OlyCamComm.sys [21648 2009-09-10] (OLYMPUS IMAGING CORP.)
S1 P3; C:\Windows\System32\DRIVERS\p3.sys [42752 2008-04-14] (Microsoft Corporation)
S3 QV2KUX; C:\Windows\System32\DRIVERS\qv2kux.sys [3328 2001-08-17] (Microsoft Corporation)
R1 SASDIFSV; C:\Program Files\SUPERAntiSpyware\SASDIFSV.SYS [12872 2010-05-06] (SUPERAdBlocker.com and SUPERAntiSpyware.com)
S3 SASENUM; C:\Program Files\SUPERAntiSpyware\SASENUM.SYS [12872 2010-05-06] ( SUPERAdBlocker.com and SUPERAntiSpyware.com)
R1 SASKUTIL; C:\Program Files\SUPERAntiSpyware\SASKUTIL.sys [67664 2014-01-16] (SUPERAdBlocker.com and SUPERAntiSpyware.com)
S3 SONYPVU1; C:\Windows\System32\DRIVERS\SONYPVU1.SYS [7552 2001-08-17] (Sony Corporation)
R3 SymEvent; C:\Program Files\Symantec\SYMEVENT.SYS [82136 2003-08-15] (Symantec Corporation)
R3 VIAHdAudAddService; C:\Windows\System32\drivers\viahduaa.sys [2135280 2010-10-01] (VIA Technologies, Inc.)
R1 Vsdatant; C:\Windows\System32\vsdatant.sys [529640 2013-12-16] (Check Point Software Technologies LTD)
R3 wanatw; C:\Windows\System32\DRIVERS\wanatw4.sys [33588 2002-10-08] (America Online, Inc.)
S3 {6080A529-897E-4629-A488-ABA0C29B635E}; C:\Windows\System32\drivers\ialmsbw.sys [108736 2003-01-14] (Intel Corporation)
S3 {D31A0762-0CEB-444e-ACFF-B049A1F6FE91}; C:\Windows\System32\drivers\ialmkchw.sys [78272 2003-01-14] (Intel Corporation)
S0 87838909; system32\drivers\73257380.sys [x]
S3 bvrp_pci; No ImagePath
S3 catchme; \??\C:\ComboFix\catchme.sys [x]
S3 iAimTV2; System32\DRIVERS\wATV03nt.sys [x]
S4 LMIRfsClientNP; No ImagePath
U5 ScsiPort; C:\Windows\system32\drivers\scsiport.sys [96384 2008-04-14] (Microsoft Corporation)
U5 Tcpip6; C:\Windows\System32\Drivers\Tcpip6.sys [226880 2010-02-11] (Microsoft Corporation)
U3 mbr; \??\C:\DOCUME~1\Salon\LOCALS~1\Temp\mbr.sys [x]

==================== NetSvcs (Whitelisted) ===================


==================== One Month Created Files and Folders ========

2014-01-17 09:43 - 2014-01-17 09:45 - 00022894 _____ C:\Documents and Settings\Salon\Desktop\Addition.txt
2014-01-17 09:39 - 2014-01-17 09:39 - 01220096 _____ (Farbar) C:\Documents and Settings\Salon\Desktop\FRST.exe
2014-01-17 09:37 - 2014-01-17 09:37 - 00000000 ____D C:\Documents and Settings\Salon\Desktop\FRST-OlderVersion
2014-01-17 09:29 - 2014-01-17 09:46 - 00015814 _____ C:\Documents and Settings\Salon\Desktop\FRST.txt
2014-01-17 09:29 - 2014-01-17 09:37 - 00000000 ____D C:\FRST
2014-01-16 22:34 - 2014-01-16 22:34 - 00003389 _____ C:\Documents and Settings\Salon\Desktop\attach.zip
2014-01-16 22:33 - 2014-01-16 22:33 - 00011695 _____ C:\Documents and Settings\Salon\Desktop\dds.txt
2014-01-16 22:33 - 2014-01-16 22:33 - 00010836 _____ C:\Documents and Settings\Salon\Desktop\attach.txt
2014-01-16 20:15 - 2014-01-16 20:26 - 00000000 _____ C:\Documents and Settings\Salon\Desktop\sfcdetails.txt
2014-01-16 17:09 - 2014-01-16 22:07 - 00004070 _____ C:\Documents and Settings\Salon\Desktop\Rkill.txt
2014-01-16 17:09 - 2014-01-15 21:45 - 01933048 _____ (Bleeping Computer, LLC) C:\Documents and Settings\Salon\Desktop\rkill(1).exe
2014-01-16 00:49 - 2014-01-16 00:49 - 00000000 ____D C:\Documents and Settings\LocalService\Local Settings\Application Data\LogMeIn
2014-01-15 20:23 - 2014-01-15 20:23 - 02250054 _____ C:\Documents and Settings\LocalService\Application Data\wincreen.bmp
2014-01-14 11:10 - 2014-01-14 11:10 - 00000000 ____S C:\WINDOWS\system32\rgbp.egz
2014-01-13 23:40 - 2014-01-17 09:21 - 00000000 ____D C:\Documents and Settings\Salon\Local Settings\Application Data\DoNotTrackPlus
2014-01-13 23:39 - 2014-01-13 23:39 - 00000000 ____D C:\Documents and Settings\All Users\Start Menu\Programs\Check Point
2014-01-12 15:00 - 2014-01-12 15:00 - 00028166 _____ C:\ComboFix.txt
2014-01-12 14:48 - 2014-01-12 14:48 - 00016384 ____H C:\WINDOWS\system32\config\DEFAULT.tmp.LOG
2014-01-12 14:48 - 2014-01-12 14:48 - 00008192 ____H C:\WINDOWS\system32\config\SECURITY.tmp.LOG
2014-01-12 14:48 - 2014-01-12 14:48 - 00000000 ____H C:\WINDOWS\system32\config\SYSTEM.tmp.LOG
2014-01-12 14:48 - 2014-01-12 14:48 - 00000000 ____H C:\WINDOWS\system32\config\SOFTWARE.tmp.LOG
2014-01-12 14:48 - 2014-01-12 14:48 - 00000000 ____H C:\WINDOWS\system32\config\SAM.tmp.LOG
2014-01-12 14:10 - 2014-01-12 14:10 - 00000000 _RSHD C:\cmdcons
2014-01-12 14:10 - 2012-07-12 20:22 - 00000211 _____ C:\Boot.bak
2014-01-12 14:10 - 2004-08-03 23:00 - 00260272 __RSH C:\cmldr
2014-01-12 14:05 - 2011-06-26 01:45 - 00256000 _____ C:\WINDOWS\PEV.exe
2014-01-12 14:05 - 2010-11-07 12:20 - 00208896 _____ C:\WINDOWS\MBR.exe
2014-01-12 14:05 - 2009-04-19 23:56 - 00060416 _____ (NirSoft) C:\WINDOWS\NIRCMD.exe
2014-01-12 14:05 - 2000-08-30 19:00 - 00518144 _____ (SteelWerX) C:\WINDOWS\SWREG.exe
2014-01-12 14:05 - 2000-08-30 19:00 - 00406528 _____ (SteelWerX) C:\WINDOWS\SWSC.exe
2014-01-12 14:05 - 2000-08-30 19:00 - 00212480 _____ (SteelWerX) C:\WINDOWS\SWXCACLS.exe
2014-01-12 14:05 - 2000-08-30 19:00 - 00098816 _____ C:\WINDOWS\sed.exe
2014-01-12 14:05 - 2000-08-30 19:00 - 00080412 _____ C:\WINDOWS\grep.exe
2014-01-12 14:05 - 2000-08-30 19:00 - 00068096 _____ C:\WINDOWS\zip.exe
2014-01-12 14:04 - 2014-01-12 15:01 - 00000000 ____D C:\Qoobox
2014-01-12 14:02 - 2014-01-12 14:58 - 00000000 ____D C:\WINDOWS\erdnt
2014-01-12 13:48 - 2014-01-12 13:48 - 00000000 ____D C:\Program Files\Common Files\Java
2014-01-12 13:47 - 2013-10-08 07:46 - 00264616 _____ (Oracle Corporation) C:\WINDOWS\system32\javaws.exe
2014-01-12 13:46 - 2013-10-08 07:50 - 00094632 _____ (Oracle Corporation) C:\WINDOWS\system32\WindowsAccessBridge.dll
2014-01-12 13:46 - 2013-10-08 07:46 - 00175016 _____ (Oracle Corporation) C:\WINDOWS\system32\javaw.exe
2014-01-12 13:46 - 2013-10-08 07:46 - 00174504 _____ (Oracle Corporation) C:\WINDOWS\system32\java.exe
2014-01-12 13:45 - 2014-01-12 13:46 - 00005480 _____ C:\WINDOWS\system32\jupdate-1.7.0_45-b18.log
2014-01-12 13:45 - 2014-01-12 13:45 - 00000000 ____D C:\Documents and Settings\All Users\Start Menu\Programs\Java
2014-01-12 12:49 - 2014-01-12 12:49 - 00051416 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\mbamchameleon.sys
2014-01-12 12:24 - 2014-01-12 12:24 - 00000000 ____S C:\WINDOWS\system32\pznim.vru
2014-01-11 12:56 - 2014-01-11 12:56 - 00000000 ____S C:\WINDOWS\system32\mjawhsg.apa
2014-01-10 13:38 - 2014-01-10 13:38 - 00028672 _____ C:\WINDOWS\system32\xwzm.osw
2014-01-10 13:28 - 2014-01-11 15:33 - 00000089 _____ C:\WINDOWS\system32\drlhfqf.vzn
2014-01-10 13:27 - 2014-01-10 13:38 - 00000095 _____ C:\WINDOWS\system32\mxtpf.ofb
2014-01-10 13:27 - 2014-01-10 13:27 - 00000064 _____ C:\WINDOWS\system32\qnci.lvv
2014-01-10 13:11 - 2014-01-10 13:11 - 00101213 ____S C:\WINDOWS\system32\aesc.tdg

==================== One Month Modified Files and Folders =======

2014-01-17 09:46 - 2014-01-17 09:29 - 00015814 _____ C:\Documents and Settings\Salon\Desktop\FRST.txt
2014-01-17 09:45 - 2014-01-17 09:43 - 00022894 _____ C:\Documents and Settings\Salon\Desktop\Addition.txt
2014-01-17 09:45 - 2009-05-17 12:42 - 00000414 _____ C:\WINDOWS\Tasks\Symantec NetDetect.job
2014-01-17 09:39 - 2014-01-17 09:39 - 01220096 _____ (Farbar) C:\Documents and Settings\Salon\Desktop\FRST.exe
2014-01-17 09:37 - 2014-01-17 09:37 - 00000000 ____D C:\Documents and Settings\Salon\Desktop\FRST-OlderVersion
2014-01-17 09:37 - 2014-01-17 09:29 - 00000000 ____D C:\FRST
2014-01-17 09:29 - 2013-10-22 13:58 - 00000000 ____D C:\Program Files\Mozilla Firefox
2014-01-17 09:26 - 2012-09-23 09:48 - 00000830 _____ C:\WINDOWS\Tasks\Adobe Flash Player Updater.job
2014-01-17 09:24 - 2010-06-19 18:54 - 00000000 ____D C:\Documents and Settings\All Users\Application Data\LogMeIn
2014-01-17 09:21 - 2014-01-13 23:40 - 00000000 ____D C:\Documents and Settings\Salon\Local Settings\Application Data\DoNotTrackPlus
2014-01-17 07:26 - 2003-04-23 21:10 - 00032534 _____ C:\WINDOWS\SchedLgU.Txt
2014-01-16 22:58 - 2010-06-20 15:55 - 00000178 ___SH C:\Documents and Settings\LogMeInRemoteUser\NTUSER.INI
2014-01-16 22:34 - 2014-01-16 22:34 - 00003389 _____ C:\Documents and Settings\Salon\Desktop\attach.zip
2014-01-16 22:33 - 2014-01-16 22:33 - 00011695 _____ C:\Documents and Settings\Salon\Desktop\dds.txt
2014-01-16 22:33 - 2014-01-16 22:33 - 00010836 _____ C:\Documents and Settings\Salon\Desktop\attach.txt
2014-01-16 22:07 - 2014-01-16 17:09 - 00004070 _____ C:\Documents and Settings\Salon\Desktop\Rkill.txt
2014-01-16 20:40 - 2012-05-15 14:54 - 00000462 _____ C:\WINDOWS\Tasks\At2.job
2014-01-16 20:26 - 2014-01-16 20:15 - 00000000 _____ C:\Documents and Settings\Salon\Desktop\sfcdetails.txt
2014-01-16 16:18 - 2012-01-07 15:07 - 00000664 _____ C:\WINDOWS\system32\d3d9caps.dat
2014-01-16 15:54 - 2012-05-15 14:54 - 00000462 _____ C:\WINDOWS\Tasks\At3.job
2014-01-16 14:00 - 2012-05-15 14:54 - 00000462 _____ C:\WINDOWS\Tasks\At4.job
2014-01-16 10:10 - 2012-05-15 14:54 - 00000462 _____ C:\WINDOWS\Tasks\At1.job
2014-01-16 09:47 - 2007-03-13 18:45 - 02076353 _____ C:\WINDOWS\WindowsUpdate.log
2014-01-16 09:42 - 2003-04-23 21:08 - 00001374 _____ C:\WINDOWS\system32\WPA.DBL
2014-01-16 09:42 - 2002-09-03 13:29 - 00000159 _____ C:\WINDOWS\WIADEBUG.LOG
2014-01-16 09:42 - 2002-09-03 13:29 - 00000049 _____ C:\WINDOWS\WIASERVC.LOG
2014-01-16 09:41 - 2003-04-23 21:10 - 00000006 ____H C:\WINDOWS\Tasks\SA.DAT
2014-01-16 09:39 - 2011-08-20 19:48 - 00000278 ___SH C:\Documents and Settings\Salon\NTUSER.INI
2014-01-16 00:50 - 2009-04-10 18:59 - 00000000 ____D C:\Program Files\SUPERAntiSpyware
2014-01-16 00:49 - 2014-01-16 00:49 - 00000000 ____D C:\Documents and Settings\LocalService\Local Settings\Application Data\LogMeIn
2014-01-16 00:42 - 2013-03-22 20:22 - 00002347 _____ C:\Documents and Settings\All Users\Start Menu\Programs\Adobe Reader XI.lnk
2014-01-16 00:37 - 2012-11-16 19:41 - 00000000 __HDC C:\WINDOWS\$NtUninstallKB952004$
2014-01-15 21:45 - 2014-01-16 17:09 - 01933048 _____ (Bleeping Computer, LLC) C:\Documents and Settings\Salon\Desktop\rkill(1).exe
2014-01-15 20:43 - 2011-08-20 19:48 - 00000000 ____D C:\Documents and Settings\Salon
2014-01-15 20:23 - 2014-01-15 20:23 - 02250054 _____ C:\Documents and Settings\LocalService\Application Data\wincreen.bmp
2014-01-15 20:22 - 2013-02-10 11:11 - 00000000 ____D C:\Documents and Settings\LocalService\Local Settings\Application Data\Adobe
2014-01-15 20:22 - 2012-02-18 22:02 - 00000000 ____D C:\Documents and Settings\LocalService\Application Data\Adobe
2014-01-14 12:14 - 2003-04-23 20:55 - 00000000 ____D C:\WINDOWS\Registration
2014-01-14 11:10 - 2014-01-14 11:10 - 00000000 ____S C:\WINDOWS\system32\rgbp.egz
2014-01-14 10:42 - 2003-10-17 11:39 - 00000000 ____D C:\Program Files\Web Publish
2014-01-14 10:42 - 2003-06-20 11:25 - 00153829 _____ C:\WINDOWS\wmsetup.log
2014-01-14 00:04 - 2011-05-05 19:59 - 00002327 _____ C:\Documents and Settings\Salon\Desktop\Memeo AutoBackup.lnk
2014-01-14 00:04 - 2009-05-17 14:36 - 00000000 ____D C:\Documents and Settings\All Users\Start Menu\Programs\Memeo AutoBackup
2014-01-13 23:57 - 2013-03-22 20:32 - 00417569 _____ C:\WINDOWS\system32\vsconfig.xml
2014-01-13 23:41 - 2003-04-23 21:09 - 00525770 _____ C:\WINDOWS\system32\PerfStringBackup.INI
2014-01-13 23:39 - 2014-01-13 23:39 - 00000000 ____D C:\Documents and Settings\All Users\Start Menu\Programs\Check Point
2014-01-13 23:39 - 2013-03-22 20:31 - 00000539 _____ C:\Documents and Settings\All Users\Desktop\ZoneAlarm Security.lnk
2014-01-13 17:30 - 2012-09-23 09:48 - 00000000 ____D C:\Program Files\Google
2014-01-12 21:58 - 2003-04-23 20:55 - 00000000 __SHD C:\Documents and Settings\NetworkService
2014-01-12 21:40 - 2012-09-23 09:48 - 00000000 ____D C:\Documents and Settings\Salon\Local Settings\Application Data\Google
2014-01-12 21:38 - 2012-09-23 09:48 - 00000000 ____D C:\Documents and Settings\All Users\Application Data\Google
2014-01-12 15:01 - 2014-01-12 14:04 - 00000000 ____D C:\Qoobox
2014-01-12 15:00 - 2014-01-12 15:00 - 00028166 _____ C:\ComboFix.txt
2014-01-12 14:58 - 2014-01-12 14:02 - 00000000 ____D C:\WINDOWS\erdnt
2014-01-12 14:53 - 2002-09-03 13:26 - 00000227 _____ C:\WINDOWS\system.ini
2014-01-12 14:49 - 1980-01-01 07:00 - 44040192 _____ C:\WINDOWS\system32\config\SOFTWARE.bak
2014-01-12 14:49 - 1980-01-01 07:00 - 10223616 _____ C:\WINDOWS\system32\config\SYSTEM.bak
2014-01-12 14:49 - 1980-01-01 07:00 - 01048576 _____ C:\WINDOWS\system32\config\DEFAULT.bak
2014-01-12 14:49 - 1980-01-01 07:00 - 00262144 _____ C:\WINDOWS\system32\config\SECURITY.bak
2014-01-12 14:49 - 1980-01-01 07:00 - 00262144 _____ C:\WINDOWS\system32\config\SAM.bak
2014-01-12 14:48 - 2014-01-12 14:48 - 00016384 ____H C:\WINDOWS\system32\config\DEFAULT.tmp.LOG
2014-01-12 14:48 - 2014-01-12 14:48 - 00008192 ____H C:\WINDOWS\system32\config\SECURITY.tmp.LOG
2014-01-12 14:48 - 2014-01-12 14:48 - 00000000 ____H C:\WINDOWS\system32\config\SYSTEM.tmp.LOG
2014-01-12 14:48 - 2014-01-12 14:48 - 00000000 ____H C:\WINDOWS\system32\config\SOFTWARE.tmp.LOG
2014-01-12 14:48 - 2014-01-12 14:48 - 00000000 ____H C:\WINDOWS\system32\config\SAM.tmp.LOG
2014-01-12 14:43 - 2013-07-07 11:54 - 00000000 ____D C:\Documents and Settings\Salon\Local Settings\Application Data\TuneUp
2014-01-12 14:43 - 2003-04-23 20:55 - 00000000 ____D C:\Documents and Settings\Administrator
2014-01-12 14:10 - 2014-01-12 14:10 - 00000000 _RSHD C:\cmdcons
2014-01-12 14:10 - 2003-04-23 21:00 - 00000327 __RSH C:\BOOT.INI
2014-01-12 13:48 - 2014-01-12 13:48 - 00000000 ____D C:\Program Files\Common Files\Java
2014-01-12 13:46 - 2014-01-12 13:45 - 00005480 _____ C:\WINDOWS\system32\jupdate-1.7.0_45-b18.log
2014-01-12 13:46 - 2011-07-02 11:18 - 00000000 ____D C:\Program Files\Java
2014-01-12 13:45 - 2014-01-12 13:45 - 00000000 ____D C:\Documents and Settings\All Users\Start Menu\Programs\Java
2014-01-12 13:32 - 2012-11-16 20:17 - 00000000 __HDC C:\WINDOWS\$NtUninstallKB2691442$
2014-01-12 12:49 - 2014-01-12 12:49 - 00051416 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\mbamchameleon.sys
2014-01-12 12:24 - 2014-01-12 12:24 - 00000000 ____S C:\WINDOWS\system32\pznim.vru
2014-01-11 17:59 - 2009-01-22 11:06 - 00000284 _____ C:\WINDOWS\Tasks\AppleSoftwareUpdate.job
2014-01-11 15:33 - 2014-01-10 13:28 - 00000089 _____ C:\WINDOWS\system32\drlhfqf.vzn
2014-01-11 12:56 - 2014-01-11 12:56 - 00000000 ____S C:\WINDOWS\system32\mjawhsg.apa
2014-01-10 16:39 - 2012-11-16 20:19 - 00000000 __HDC C:\WINDOWS\$NtUninstallKB2723135-v2$
2014-01-10 13:38 - 2014-01-10 13:38 - 00028672 _____ C:\WINDOWS\system32\xwzm.osw
2014-01-10 13:38 - 2014-01-10 13:27 - 00000095 _____ C:\WINDOWS\system32\mxtpf.ofb
2014-01-10 13:27 - 2014-01-10 13:27 - 00000064 _____ C:\WINDOWS\system32\qnci.lvv
2014-01-10 13:11 - 2014-01-10 13:11 - 00101213 ____S C:\WINDOWS\system32\aesc.tdg
2014-01-03 12:57 - 2012-01-31 19:05 - 00599754 _____ C:\WINDOWS\setupapi.log
2013-12-27 10:00 - 2011-08-23 17:49 - 00002497 _____ C:\Documents and Settings\Salon\Desktop\Microsoft Office Word 2003.lnk
ZeroAccess:
C:\Documents and Settings\Salon\Local Settings\Application Data\Google\Desktop\Install
ZeroAccess:
C:\Program Files\Google\Desktop\Install

Files to move or delete:
====================
C:\Documents and Settings\Salon\acrobat.exe
C:\Documents and Settings\Salon\acrobatreader.exe
C:\Documents and Settings\Salon\acrobatreader966842.exe
C:\Documents and Settings\Salon\flashplayer519949.exe
C:\Documents and Settings\Salon\googleupdate.exe
C:\Documents and Settings\Salon\jqs.exe
C:\Documents and Settings\Salon\notepad744623.exe
C:\Documents and Settings\Salon\opera.exe
C:\Documents and Settings\Salon\rundll32578063.exe
C:\Windows\Tasks\At1.job
C:\Windows\Tasks\At2.job
C:\Windows\Tasks\At3.job
C:\Windows\Tasks\At4.job


Some content of TEMP:
====================
C:\Documents and Settings\Salon\Local Settings\Temp\procexp.exe
C:\Documents and Settings\Salon\Local Settings\Temp\SSUPDATE.EXE
C:\Documents and Settings\Salon\Local Settings\Temp\TDSSKiller.exe
C:\Documents and Settings\Salon\Local Settings\Temp\Uninstall.exe


==================== Bamital & volsnap Check =================

C:\Windows\explorer.exe => MD5 is legit
C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\System32\rpcss.dll
[2007-03-15 18:13] - [2009-02-09 07:10] - 0401408 ____A (Microsoft Corporation) 302a1d0092fcaa892c0ab2e9e09f721b

 ATTENTION ======> If the system is having audio adware rpcss.dll is patched. Google the MD5, if the MD5 is unique the file is infected.
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit

==================== End Of Log ============================

 

 

 

 

 

 

Additional scan result of Farbar Recovery Scan Tool (x86) Version: 17-01-2014 01
Ran by Salon at 2014-01-17 09:46:24
Running from C:\Documents and Settings\Salon\Desktop
Boot Mode: Normal
==========================================================


==================== Security Center ========================

FW: ZoneAlarm Free Firewall Firewall (Disabled) {829BDA32-94B3-44F4-8446-F8FCFF809F8B}

==================== Installed Programs ======================

32 Bit HP CIO Components Installer (Version: 7.1.8 - Hewlett-Packard) Hidden
Ad-Aware SE Personal (Version: 1.06 - Lavasoft)
Adobe Acrobat 5.0 (Version: 5.0 - Adobe Systems, Inc.)
Adobe Flash Player 11 ActiveX (Version: 11.9.900.170 - Adobe Systems Incorporated)
Adobe Flash Player 11 Plugin (Version: 11.9.900.170 - Adobe Systems Incorporated)
Adobe Reader XI (11.0.06) (Version: 11.0.06 - Adobe Systems Incorporated)
America Online (Version:  - )
American Greetings CreataCard Select 6 (Version:  - )
Apple Application Support (Version: 2.2.2 - Apple Inc.)
Apple Mobile Device Support (Version: 6.0.0.59 - Apple Inc.)
Apple Software Update (Version: 2.1.3.127 - Apple Inc.)
Atheros Communications Inc.® AR81Family Gigabit/Fast Ethernet Driver (Version: 1.0.0.46 - Atheros Communications Inc.)
BACS (Version: 3.26.0000 - Broadcom) Hidden
Banctec Service Agreement (Version: 1.00.0004 - Dell) Hidden
BCM V.92 56K Modem (Version:  - )
BlackBerry Desktop Software 6.0 (Version: 6.0.0.43 - Research In Motion Ltd.)
BlackBerry Desktop Software 6.0 (Version: 6.0.0.43 - Research In Motion Ltd.) Hidden
Bonjour (Version: 3.0.0.10 - Apple Inc.)
Britannica Ready Reference (Version:  - )
Broadcom Advanced Control Suite (Version: 3.26.0000 - Broadcom)
BufferChm (Version: 140.0.212.000 - Hewlett-Packard) Hidden
BurnAware Free 2.3.5 (Version:  - Burnaware Technologies)
Business Complete Care Services Agreement (Version: 1.00.0004 - Dell) Hidden
C310 (Version: 140.0.304.000 - Hewlett-Packard) Hidden
Camera Window (Version: 4.0.1 - Canon) Hidden
CameraDrivers (Version: 5.0.0.328 - Hewlett-Packard) Hidden
Canon Camera WIA Driver (Version: 5.0.3 - Canon) Hidden
Canon Camera Window for ZoomBrowser EX (Version: 4.0.1 - Canon)
Canon PhotoRecord (Version:  - )
Canon Utilities PhotoStitch 3.1 (Version: 3.1.8 - Canon)
Canon Utilities ZoomBrowser EX (Version: 04.00.0200 - CISRA)
Canon ZR65 MC WIA Driver (Version: 5.0.3 - Canon)
Compatibility Pack for the 2007 Office system (Version: 12.0.6514.5001 - Microsoft Corporation)
Coupon Printer for Windows (Version: 5.0.0.0 - Coupons.com Incorporated) <==== ATTENTION
CP_Package_Variety1 (Version: 53.0.13.000 - Hewlett-Packard) Hidden
CP_Package_Variety2 (Version: 53.0.13.000 - Hewlett-Packard) Hidden
CP_Package_Variety3 (Version: 53.0.13.000 - Hewlett-Packard) Hidden
CustomerResearchQFolder (Version: 1.00.0000 - Hewlett-Packard) Hidden
DAO (Version: 3.50 - Jasc Software Inc)
Dell Picture Studio - Dell Image Expert (Version: 3.4.1 - Jasc Software Inc)
Dell Support (Version: 2.00.0000 - Dell)
Destinations (Version: 140.0.77.000 - Hewlett-Packard) Hidden
DeviceDiscovery (Version: 140.0.212.000 - Hewlett-Packard) Hidden
DeviceManagementQFolder (Version: 1.00.0000 - Hewlett-Packard) Hidden
Earthlink Installer - uninstall 'Earthlink 5.0' entry first if present (Version: 1.00.0000 - EarthLink, Inc.)
ELNKInst (Version: 1.00.0000 - EarthLink, Inc.) Hidden
eSupportQFolder (Version: 1.00.0000 - Hewlett-Packard) Hidden
Eusing Free Registry Cleaner (Version:  - Eusing Software)
FirstRowSportApp (Version: 2.1 Build 26473 - FirstRowSportApp.com)
Google Toolbar for Internet Explorer (Version: 1.0.0 - Google Inc.) Hidden
Google Update Helper (Version: 1.3.22.3 - Google Inc.) Hidden
GPBaseService2 (Version: 140.0.211.000 - Hewlett-Packard) Hidden
Help and Support Customization (Version: 1.00.0000 - Dell) Hidden
Hewlett-Packard ACLM.NET v1.1.0.0 (Version: 1.00.0000 - Hewlett-Packard) Hidden
High Definition Audio Driver Package - KB888111 (Version: 20040219.000000 - Microsoft Corporation)
HP Customer Participation Program 14.0 (Version: 14.0 - HP)
HP Image Zone Express (Version: 1.5.2.32 - Hewlett-Packard)
HP Imaging Device Functions 14.0 (Version: 14.0 - HP)
HP Photo Creations (Version: 1.0.0.2024 - HP Photo Creations Powered by RocketLife)
HP Photosmart 330,380,420,470,7800,8000,8200 Series (Version: 8.1 - HP)
HP Photosmart 5510d series Basic Device Software (Version: 25.0.607.0 - Hewlett-Packard Co.)
HP Photosmart 5510d series Help (Version: 140.0.2.2 - Hewlett Packard)
HP Photosmart 5510d series Product Improvement Study (Version: 25.0.607.0 - Hewlett-Packard Co.)
HP Photosmart Prem C310 All-In-One Driver Software 14.0 Rel. 7 (Version: 14.0 - HP)
HP Product Detection (Version: 11.14.0001 - HP)
HP Smart Web Printing 4.60 (Version: 4.60 - HP)
HP Solution Center 14.0 (Version: 14.0 - HP)
HP Update (Version: 5.003.001.001 - Hewlett-Packard)
HPAppStudio (Version: 140.0.95.000 - Hewlett-Packard) Hidden
HPProductAssistant (Version: 140.0.212.000 - Hewlett-Packard) Hidden
HPSSupply (Version: 140.0.211.000 - Hewlett-Packard) Hidden
iLivid (Version: 1.92.0.115854 - Bandoo Media Inc.) Hidden <==== ATTENTION
ImgBurn (Version: 2.5.7.0 - LIGHTNING UK!)
Incredibar Toolbar  on IE (Version:  - ) <==== ATTENTION
Intel® Extreme Graphics Driver (Version:  - )
Intel® Management Engine Components (Version: 7.0.0.1144 - Intel Corporation)
Intel® Processor Graphics (Version: 6.14.10.5328 - Intel Corporation)
iTunes (Version: 10.7.0.21 - Apple Inc.)
Java 7 Update 45 (Version: 7.0.450 - Oracle)
Java Auto Updater (Version: 2.1.9.8 - Sun Microsystems, Inc.) Hidden
Java™ 6 Update 35 (Version: 6.0.350 - Oracle)
JetBee 5.0.4 (build 443) (Version:  - )
Lernout & Hauspie TruVoice American English TTS Engine (Version:  - )
LiveReg (Symantec Corporation) (Version: 2.4.1.2056 - Symantec Corporation)
LiveUpdate 1.90 (Symantec Corporation) (Version: 1.90.15.0 - Symantec Corporation)
LogMeIn (Version: 4.1.1310 - LogMeIn, Inc.)
LogMeIn (Version: 4.1.2138 - LogMeIn, Inc.)
Magical Jelly Bean KeyFinder (Version: 2.0.8.2 - Magical Jelly Bean)
Malwarebytes Anti-Malware version 1.75.0.1300 (Version: 1.75.0.1300 - Malwarebytes Corporation)
MarketResearch (Version: 140.0.212.000 - Hewlett-Packard) Hidden
McAfee Security Scan Plus (Version: 2.1.121.2 - McAfee, Inc.)
Memeo AutoBackup (Version: 3.50.3429 - Memeo Inc)
Memeo AutoBackup (Version: 3.50.3429 - Memeo Inc) Hidden
Microsoft .NET Framework (English) (Version: 1.0.3705 - Microsoft) Hidden
Microsoft .NET Framework (English) v1.0.3705 (Version:  - )
Microsoft .NET Framework 1.0 Hotfix (KB928367) (Version:  - )
Microsoft .NET Framework 1.1 (Version:  - )
Microsoft .NET Framework 1.1 (Version: 1.1.4322 - Microsoft) Hidden
Microsoft .NET Framework 2.0 Service Pack 2 (Version: 2.2.30729 - Microsoft Corporation)
Microsoft .NET Framework 3.0 Service Pack 2 (Version: 3.2.30729 - Microsoft Corporation)
Microsoft .NET Framework 3.5 SP1 (Version:  - Microsoft Corporation)
Microsoft .NET Framework 3.5 SP1 (Version: 3.5.30729 - Microsoft Corporation) Hidden
Microsoft Compression Client Pack 1.0 for Windows XP (Version: 1 - Microsoft Corporation)
Microsoft Default Manager (Version: 2.1.54.0 - Microsoft Corporation) Hidden
Microsoft Office Professional Edition 2003 (Version: 11.0.8173.0 - Microsoft Corporation)
Microsoft Silverlight (Version: 4.1.10329.0 - Microsoft Corporation)
Microsoft User-Mode Driver Framework Feature Pack 1.0 (Version:  - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (Version: 8.0.50727.42 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (Version: 8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022 (Version: 9.0.21022 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Web Publishing Wizard 1.52 (Version:  - )
Microsoft Windows Journal Viewer (Version: 1.5.2315.3 - Microsoft)
Microsoft XML Parser (Version: 8.70.1104.04 - Microsoft Corporation) Hidden
Millennium Professional Edition (Version: 1.8.021 - HARMS Software Inc.)
MobileMe Control Panel (Version: 3.1.6.0 - Apple Inc.)
Modem Helper (Version:  - )
Mozilla Firefox 24.0 (x86 en-US) (Version: 24.0 - Mozilla)
Mozilla Maintenance Service (Version: 24.0 - Mozilla)
MSXML 4.0 SP2 (KB954430) (Version: 4.20.9870.0 - Microsoft Corporation)
MSXML 4.0 SP2 (KB973688) (Version: 4.20.9876.0 - Microsoft Corporation)
MSXML 4.0 SP2 Parser and SDK (Version: 4.20.9818.0 - Microsoft Corporation)
MSXML 6.0 Parser (KB933579) (Version: 6.10.1200.0 - Microsoft Corporation)
MUSICMATCH Jukebox (Version:  - )
MyFreeCodec (Version:  - )
Nero 7 Essentials (Version: 7.02.9398 - Nero AG)
neroxml (Version: 1.0.0 - Nero AG) Hidden
Network (Version: 140.0.215.000 - Hewlett-Packard) Hidden
Norton AntiVirus Corporate Edition (Version: 7.6.0.0000 - Symantec Corporation)
OLYMPUS Digital Camera Updater (Version: 1.0.3 - OLYMPUS IMAGING CORP.)
Olympus ib (Version: 1.3.2207 - OLYMPUS IMAGING CORP.)
Olympus ib (Version: 1.3.2207 - OLYMPUS IMAGING CORP.) Hidden
OLYMPUS Viewer 2 (Version: 1.1.1 - OLYMPUS IMAGING CORP.)
Paint Shop Pro 7 (Version: 7.05.0000 - Jasc Software Inc)
PhotoStitch (Version: 3.1.8 - Canon) Hidden
Platform (Version: 1.34 - VIA Technologies, Inc.) Hidden
PS_AIO_07_C310_SW_Min (Version: 140.0.304.000 - Hewlett-Packard) Hidden
PS380 (Version: 8.01.0000 - HP) Hidden
PSPrinters08 (Version: 8.01.0000 - HP) Hidden
PSTAPlugin (Version: 8.01.0000 - Hewlett-Packard) Hidden
Quicken 2002 New User Edition (Version:  - )
QuickTime (Version: 7.70.80.34 - Apple Inc.)
QuickTransfer (Version: 140.0.98.000 - Hewlett-Packard) Hidden
RealOne Player (Version:  - )
Safari (Version: 5.34.50.0 - Apple Inc.)
Samsung Kies (Version: 2.3.3.12085_7 - Samsung Electronics Co., Ltd.)
Samsung Kies (Version: 2.3.3.12085_7 - Samsung Electronics Co., Ltd.) Hidden
SAMSUNG USB Driver for Mobile Phones (Version: 1.5.16.0 - SAMSUNG Electronics Co., Ltd.)
Scan (Version: 140.0.80.000 - Hewlett-Packard) Hidden
SearchCore for Browsers (Version: 3.0.0.115554 - SearchCore)
SES Driver (Version: 1.0.0 - Western Digital)
Shop for HP Supplies (Version: 14.0 - HP)
SmartWebPrinting (Version: 140.0.186.000 - Hewlett-Packard) Hidden
SolutionCenter (Version: 140.0.214.000 - Hewlett-Packard) Hidden
Spelling Dictionaries Support For Adobe Reader 9 (Version: 9.0.0 - Adobe Systems Incorporated)
Spybot - Search & Destroy (Version: 1.6.2 - Safer Networking Limited)
Spybot - Search & Destroy 1.4 (Version: 1.4 - Safer Networking Limited)
Status (Version: 140.0.256.000 - Hewlett-Packard) Hidden
SUPERAntiSpyware Free Edition (Version: 4.26.0.1000 - SUPERAntiSpyware.com)
Super-Charger (Version:  - MSI CO.,LTD.)
Symantec pcAnywhere (Version: 10.5.1 - Symantec)
Toolbox (Version: 140.0.428.000 - Hewlett-Packard) Hidden
TrayApp (Version: 140.0.212.000 - Hewlett-Packard) Hidden
Unload (Version: 5.0.0 - Hewlett-Packard) Hidden
Update for Microsoft .NET Framework 3.5 SP1 (KB963707) (Version: 1 - Microsoft Corporation)
Update for Windows XP (KB2661254-v2) (Version: 2 - Microsoft Corporation)
Update for Windows XP (KB2736233) (Version: 1 - Microsoft Corporation)
Update for Windows XP (KB2749655) (Version: 1 - Microsoft Corporation)
Update for Windows XP (KB898461) (Version: 1 - Microsoft Corporation)
Update for Windows XP (KB951978) (Version: 1 - Microsoft Corporation)
Update for Windows XP (KB968389) (Version: 1 - Microsoft Corporation)
Update for Windows XP (KB971029) (Version: 1 - Microsoft Corporation)
Update for Windows XP (KB973815) (Version: 1 - Microsoft Corporation)
VCRedistSetup (Version: 1.0.0 - Nero AG) Hidden
VIA Platform Device Manager (Version: 1.34 - VIA Technologies, Inc.)
Viewpoint Media Player (Remove Only) (Version:  - )
VZAccess Manager for RIM (Version: 6.9.0 - Smith Micro Software Inc.)
WD Diagnostics (Version: 1.09.0002 - Western Digital Technologies)
WebFldrs XP (Version: 9.50.6513 - Microsoft Corporation) Hidden
WebReg (Version: 140.0.212.017 - Hewlett-Packard) Hidden
Windows Driver Package - OLYMPUS IMAGING CORP. Camera Communication Driver Package (09/09/2009 1.0.0.0) (Version: 09/09/2009 1.0.0.0 - OLYMPUS IMAGING CORP.)
Windows Genuine Advantage Notifications (KB905474) (Version: 1.9.0040.0 - Microsoft Corporation)
Windows iLivid Toolbar (Version: 3.0.0.115554 - Bandoo Media, Inc) <==== ATTENTION
Windows Imaging Component (Version: 3.0.0.0 - Microsoft Corporation)
Windows Internet Explorer 8 (Version: 20090308.140743 - Microsoft Corporation)
Windows Live ID Sign-in Assistant (Version: 6.500.3165.0 - Microsoft Corporation)
Windows Media Format 11 runtime (Version:  - )
Windows Media Format 11 runtime (Version:  - Microsoft Corporation) Hidden
Windows Media Player 11 (Version:  - )
Windows Media Player 11 (Version:  - Microsoft Corporation) Hidden
Windows PowerShell™ 1.0 (Version: 2 - Microsoft Corporation)
Windows XP Service Pack 3 (Version: 20080414.031525 - Microsoft Corporation)
WinZip (Version:  8.1  (4331) - WinZip Computing, Inc.)
WordPerfect Office 2002 (Version:  - )
WordPerfect Office 2002 (Version: 10 - Corel) Hidden
ZoneAlarm Firewall (Version: 12.0.118.000 - Check Point Software Technologies Ltd.) Hidden
ZoneAlarm Free Firewall (Version: 12.0.118.000 - Check Point)
ZoneAlarm Security (Version: 12.0.118.000 - Check Point Software Technologies Ltd.) Hidden
ZoneAlarm Security Toolbar  (Version: 1.8.28.13 - Check Point Software Technologies LTD)

==================== Restore Points  =========================

Could not list Restore Points. Check WMI.


==================== Hosts content: ==========================

2002-08-29 05:00 - 2014-01-12 14:51 - 00000027 ____A C:\WINDOWS\system32\Drivers\etc\hosts
127.0.0.1       localhost

==================== Scheduled Tasks (whitelisted) =============

Task: C:\WINDOWS\Tasks\Adobe Flash Player Updater.job => C:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\WINDOWS\Tasks\AppleSoftwareUpdate.job => C:\Program Files\Apple Software Update\SoftwareUpdate.exe
Task: C:\WINDOWS\Tasks\At1.job => C:\Program Files\HP\HP Photosmart 5510d series\Bin\HPCustPartic.exe
Task: C:\WINDOWS\Tasks\At2.job => C:\Program Files\HP\HP Photosmart 5510d series\Bin\HPCustPartic.exe
Task: C:\WINDOWS\Tasks\At3.job => C:\Program Files\HP\HP Photosmart 5510d series\Bin\HPCustPartic.exe
Task: C:\WINDOWS\Tasks\At4.job => C:\Program Files\HP\HP Photosmart 5510d series\Bin\HPCustPartic.exe
Task: C:\WINDOWS\Tasks\Symantec NetDetect.job => C:\Program Files\Symantec\LiveUpdate\NDETECT.EXE

==================== Loaded Modules (whitelisted) =============


==================== Alternate Data Streams (whitelisted) =========


==================== Safe Mode (whitelisted) ===================


==================== Faulty Device Manager Devices =============

Could not list Devices. Check WMI.


==================== Event log errors: =========================

Application errors:
==================
Error: (01/17/2014 09:31:15 AM) (Source: Application Error) (User: )
Description: Faulting application frst.exe, version 0.0.0.0, faulting module frst.exe, version 0.0.0.0, fault address 0x0001fcbe.
Processing media-specific event for [frst.exe!ws!]

Error: (01/17/2014 09:23:41 AM) (Source: Application Hang) (User: )
Description: Hanging application millennium.exe, version 1.9.128.0, hang module hungapp, version 0.0.0.0, hang address 0x00000000.

Error: (01/17/2014 09:23:30 AM) (Source: Application Hang) (User: )
Description: Hanging application millennium.exe, version 1.9.128.0, hang module hungapp, version 0.0.0.0, hang address 0x00000000.

Error: (01/16/2014 09:38:52 AM) (Source: VSS) (User: )
Description: Volume Shadow Copy Service error: Unexpected error calling routine CoCreateInstance.  hr = 0x80040206.

Error: (01/16/2014 09:38:52 AM) (Source: EventSystem) (User: )
Description: The COM+ Event System detected a bad return code during its internal processing.  HRESULT was 80070005 from line 44 of d:\comxp_sp3\com\com1x\src\events\tier1\eventsystemobj.cpp.  Please contact Microsoft Product Support Services to report this error.

Error: (01/16/2014 00:49:45 AM) (Source: LogMeIn Guardian) (User: NT AUTHORITY)
Description: LogMeIn Guardian has detected a problem with the LogMeIn software installed on this machine. The problem is locally identified by the following reference ID: 'e28f209654feb74e970042db38ba17ea'.

Error: (01/15/2014 09:40:52 AM) (Source: VSS) (User: )
Description: Volume Shadow Copy Service error: Unexpected error calling routine CoCreateInstance.  hr = 0x80040206.

Error: (01/15/2014 09:40:52 AM) (Source: EventSystem) (User: )
Description: The COM+ Event System detected a bad return code during its internal processing.  HRESULT was 800706BA from line 44 of d:\comxp_sp3\com\com1x\src\events\tier1\eventsystemobj.cpp.  Please contact Microsoft Product Support Services to report this error.

Error: (01/11/2014 01:38:39 PM) (Source: crypt32) (User: )
Description: Failed auto update retrieval of third-party root list sequence number from: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootseq.txt> with error: This network connection does not exist.

Error: (01/11/2014 01:38:39 PM) (Source: crypt32) (User: )
Description: Failed auto update retrieval of third-party root list sequence number from: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootseq.txt> with error: This network connection does not exist.


System errors:
=============
Error: (01/16/2014 10:06:10 PM) (Source: Service Control Manager) (User: )
Description: The LexBce Server service terminated unexpectedly.  It has done this 2 time(s).

Error: (01/16/2014 05:09:54 PM) (Source: Service Control Manager) (User: )
Description: The WAN Miniport (ATW) Service service terminated unexpectedly.  It has done this 1 time(s).

Error: (01/16/2014 05:09:48 PM) (Source: Service Control Manager) (User: )
Description: The LexBce Server service terminated unexpectedly.  It has done this 1 time(s).

Error: (01/16/2014 02:40:54 PM) (Source: Service Control Manager) (User: )
Description: The Terminal Services service terminated unexpectedly.  It has done this 1 time(s).  The following corrective action will be taken in 60000 milliseconds: Restart the service.

Error: (01/16/2014 02:40:54 PM) (Source: Service Control Manager) (User: )
Description: The DCOM Server Process Launcher service terminated unexpectedly.  It has done this 1 time(s).  The following corrective action will be taken in 60000 milliseconds: Restart the service.

Error: (01/16/2014 00:57:06 PM) (Source: Service Control Manager) (User: )
Description: The Terminal Services service terminated unexpectedly.  It has done this 1 time(s).  The following corrective action will be taken in 60000 milliseconds: Restart the service.

Error: (01/16/2014 00:57:06 PM) (Source: Service Control Manager) (User: )
Description: The DCOM Server Process Launcher service terminated unexpectedly.  It has done this 1 time(s).  The following corrective action will be taken in 60000 milliseconds: Restart the service.

Error: (01/16/2014 00:05:43 PM) (Source: Service Control Manager) (User: )
Description: The Terminal Services service terminated unexpectedly.  It has done this 1 time(s).  The following corrective action will be taken in 60000 milliseconds: Restart the service.

Error: (01/16/2014 00:05:43 PM) (Source: Service Control Manager) (User: )
Description: The DCOM Server Process Launcher service terminated unexpectedly.  It has done this 1 time(s).  The following corrective action will be taken in 60000 milliseconds: Restart the service.

Error: (01/16/2014 11:12:14 AM) (Source: Service Control Manager) (User: )
Description: The Terminal Services service terminated unexpectedly.  It has done this 1 time(s).  The following corrective action will be taken in 60000 milliseconds: Restart the service.


Microsoft Office Sessions:
=========================
Error: (01/17/2014 09:31:15 AM) (Source: Application Error)(User: )
Description: frst.exe0.0.0.0frst.exe0.0.0.00001fcbe

Error: (01/17/2014 09:23:41 AM) (Source: Application Hang)(User: )
Description: millennium.exe1.9.128.0hungapp0.0.0.000000000

Error: (01/17/2014 09:23:30 AM) (Source: Application Hang)(User: )
Description: millennium.exe1.9.128.0hungapp0.0.0.000000000

Error: (01/16/2014 09:38:52 AM) (Source: VSS)(User: )
Description: CoCreateInstance0x80040206

Error: (01/16/2014 09:38:52 AM) (Source: EventSystem)(User: )
Description: d:\comxp_sp3\com\com1x\src\events\tier1\eventsystemobj.cpp4480070005

Error: (01/16/2014 00:49:45 AM) (Source: LogMeIn Guardian)(User: NT AUTHORITY)
Description: e28f209654feb74e970042db38ba17ea

Error: (01/15/2014 09:40:52 AM) (Source: VSS)(User: )
Description: CoCreateInstance0x80040206

Error: (01/15/2014 09:40:52 AM) (Source: EventSystem)(User: )
Description: d:\comxp_sp3\com\com1x\src\events\tier1\eventsystemobj.cpp44800706BA

Error: (01/11/2014 01:38:39 PM) (Source: crypt32)(User: )
Description: http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootseq.txtThis network connection does not exist.

Error: (01/11/2014 01:38:39 PM) (Source: crypt32)(User: )
Description: http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootseq.txtThis network connection does not exist.


==================== Memory info ===========================

Percentage of memory in use: 64%
Total physical RAM: 1954.56 MB
Available physical RAM: 690.75 MB
Total Pagefile: 3756.68 MB
Available Pagefile: 1892.18 MB
Total Virtual: 2047.88 MB
Available Virtual: 1948.03 MB

==================== Drives ================================

Drive c: () (Fixed) (Total:465.76 GB) (Free:361.56 GB) NTFS ==>[Drive with boot components (Windows XP)]
Drive e: (My Book) (Fixed) (Total:931.28 GB) (Free:827.67 GB) FAT32

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (MBR Code: Windows XP) (Size: 466 GB) (Disk ID: B316D4B4)
Partition 1: (Active) - (Size=466 GB) - (Type=07 NTFS)

========================================================
Disk: 1 (Size: 932 GB) (Disk ID: FA48B3ED)
Partition 1: (Not Active) - (Size=932 GB) - (Type=0C)

==================== End Of Log ============================



#4 RPMcMurphy

RPMcMurphy

    Bleeping *^#@%~


  • Malware Response Team
  • 3,970 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:02:33 AM

Posted 19 January 2014 - 10:31 AM

Please do this next:

icon11.gif   Open notepad. Please copy the contents of the code box below. To do this highlight the contents of the box and right click on it. Paste this into the open notepad. Save it in the same location as FRST (usually your desktop) as fixlist.txt

2014-01-12 12:24 - 2014-01-12 12:24 - 00000000 ____S C:\WINDOWS\system32\pznim.vru
2014-01-11 12:56 - 2014-01-11 12:56 - 00000000 ____S C:\WINDOWS\system32\mjawhsg.apa
2014-01-10 13:38 - 2014-01-10 13:38 - 00028672 _____ C:\WINDOWS\system32\xwzm.osw
2014-01-10 13:28 - 2014-01-11 15:33 - 00000089 _____ C:\WINDOWS\system32\drlhfqf.vzn
2014-01-10 13:27 - 2014-01-10 13:38 - 00000095 _____ C:\WINDOWS\system32\mxtpf.ofb
2014-01-10 13:27 - 2014-01-10 13:27 - 00000064 _____ C:\WINDOWS\system32\qnci.lvv
2014-01-10 13:11 - 2014-01-10 13:11 - 00101213 ____S C:\WINDOWS\system32\aesc.tdg
2014-01-16 20:40 - 2012-05-15 14:54 - 00000462 _____ C:\WINDOWS\Tasks\At2.job
2014-01-16 15:54 - 2012-05-15 14:54 - 00000462 _____ C:\WINDOWS\Tasks\At3.job
2014-01-16 14:00 - 2012-05-15 14:54 - 00000462 _____ C:\WINDOWS\Tasks\At4.job
2014-01-16 10:10 - 2012-05-15 14:54 - 00000462 _____ C:\WINDOWS\Tasks\At1.job
2014-01-14 11:10 - 2014-01-14 11:10 - 00000000 ____S C:\WINDOWS\system32\rgbp.egz
C:\Documents and Settings\Salon\Local Settings\Application Data\Google\Desktop\Install
C:\Program Files\Google\Desktop\Install
C:\Documents and Settings\Salon\rundll32578063.exe
NOTICE: This script was written specifically for this user, for use on that particular machine. Running this on another machine may cause damage to your operating system

Now run FRST again.
  • When the tool opens click Yes to disclaimer.
  • Press the Fix button just once and wait.
  • The tool will make a log (Fixlog.txt) please post it to your reply.

icon11.gif   Run FRST again.
  • When the tool opens click Yes to disclaimer.
  • Enter the following into the search box:  rpcss.dll
  • Press the Search File(s) button
  • The tool will make another log (Search.txt) please post it to your reply.

Please include the following in your next post:
  • Fixlog.txt report
  • Search.txt report

Threads are closed after 5 days of inactivity.

ASAP & UNITE Member


The help you receive here is free. If you wish to show your appreciation, then you may btn_donate_SM.gif


#5 castillo

castillo
  • Topic Starter

  • Members
  • 17 posts
  • OFFLINE
  •  
  • Local time:01:33 AM

Posted 19 January 2014 - 01:58 PM

Fix result of Farbar Recovery Tool (FRST written by Farbar) (x86) Version: 19-01-2014 04
Ran by Salon at 2014-01-19 13:37:32 Run:1
Running from C:\Documents and Settings\Salon\Desktop
Boot Mode: Normal

==============================================

Content of fixlist:
*****************
2014-01-12 12:24 - 2014-01-12 12:24 - 00000000 ____S C:\WINDOWS\system32\pznim.vru
2014-01-11 12:56 - 2014-01-11 12:56 - 00000000 ____S C:\WINDOWS\system32\mjawhsg.apa
2014-01-10 13:38 - 2014-01-10 13:38 - 00028672 _____ C:\WINDOWS\system32\xwzm.osw
2014-01-10 13:28 - 2014-01-11 15:33 - 00000089 _____ C:\WINDOWS\system32\drlhfqf.vzn
2014-01-10 13:27 - 2014-01-10 13:38 - 00000095 _____ C:\WINDOWS\system32\mxtpf.ofb
2014-01-10 13:27 - 2014-01-10 13:27 - 00000064 _____ C:\WINDOWS\system32\qnci.lvv
2014-01-10 13:11 - 2014-01-10 13:11 - 00101213 ____S C:\WINDOWS\system32\aesc.tdg
2014-01-16 20:40 - 2012-05-15 14:54 - 00000462 _____ C:\WINDOWS\Tasks\At2.job
2014-01-16 15:54 - 2012-05-15 14:54 - 00000462 _____ C:\WINDOWS\Tasks\At3.job
2014-01-16 14:00 - 2012-05-15 14:54 - 00000462 _____ C:\WINDOWS\Tasks\At4.job
2014-01-16 10:10 - 2012-05-15 14:54 - 00000462 _____ C:\WINDOWS\Tasks\At1.job
2014-01-14 11:10 - 2014-01-14 11:10 - 00000000 ____S C:\WINDOWS\system32\rgbp.egz
C:\Documents and Settings\Salon\Local Settings\Application Data\Google\Desktop\Install
C:\Program Files\Google\Desktop\Install
C:\Documents and Settings\Salon\rundll32578063.exe
*****************

Could not move "C:\WINDOWS\system32\pznim.vru" => Scheduled to move on reboot.
C:\WINDOWS\system32\mjawhsg.apa => Moved successfully.
C:\WINDOWS\system32\xwzm.osw => Moved successfully.
C:\WINDOWS\system32\drlhfqf.vzn => Moved successfully.
Could not move "C:\WINDOWS\system32\mxtpf.ofb" => Scheduled to move on reboot.
C:\WINDOWS\system32\qnci.lvv => Moved successfully.
Could not move "C:\WINDOWS\system32\aesc.tdg" => Scheduled to move on reboot.
C:\WINDOWS\Tasks\At2.job => Moved successfully.
C:\WINDOWS\Tasks\At3.job => Moved successfully.
C:\WINDOWS\Tasks\At4.job => Moved successfully.
C:\WINDOWS\Tasks\At1.job => Moved successfully.
C:\WINDOWS\system32\rgbp.egz => Moved successfully.
C:\Documents and Settings\Salon\Local Settings\Application Data\Google\Desktop\Install => Moved successfully.
C:\Program Files\Google\Desktop\Install => Moved successfully.
C:\Documents and Settings\Salon\rundll32578063.exe => Moved successfully.

=> Result of Scheduled Files to move (Boot Mode: Normal) (Date&Time: 2014-01-19 13:44:06)<=

C:\WINDOWS\system32\pznim.vru => Is moved successfully.
C:\WINDOWS\system32\mxtpf.ofb => Is moved successfully.
C:\WINDOWS\system32\aesc.tdg => Is moved successfully.

==== End of Fixlog ====

 

 

 

 

 

 

 

 

 

Farbar Recovery Scan Tool (x86) Version: 19-01-2014 04
Ran by Salon at 2014-01-19 13:47:16
Running from C:\Documents and Settings\Salon\Desktop
Boot Mode: Normal

================== Search: "rpcss.dll" ===================

C:\WINDOWS\SYSTEM32\rpcss.dll
[2007-03-15 18:13] - [2009-02-09 07:10] - 0401408 ____A (Microsoft Corporation) 302a1d0092fcaa892c0ab2e9e09f721b

C:\WINDOWS\SYSTEM32\DLLCACHE\rpcss.dll
[2012-02-28 21:27] - [2009-02-09 07:10] - 0401408 ____A (Microsoft Corporation) f56ed30b876c3851b4489667a48bc9fb

C:\WINDOWS\ServicePackFiles\i386\rpcss.dll
[2007-03-18 01:08] - [2008-04-14 05:42] - 0399360 ____A (Microsoft Corporation) 2589fe6015a316c0f5d5112b4da7b509

C:\WINDOWS\$NtUninstallKB956572$\rpcss.dll
[2012-11-16 19:40] - [2008-04-14 05:42] - 0399360 ___AC (Microsoft Corporation) 2589fe6015a316c0f5d5112b4da7b509

C:\WINDOWS\$NtServicePackUninstall$\rpcss.dll
[2012-01-31 18:12] - [2004-08-04 00:56] - 0395776 ___AC (Microsoft Corporation) 5c83a4408604f737717ab96371201680

C:\WINDOWS\$hf_mig$\KB956572\SP3QFE\rpcss.dll
[2012-02-28 21:27] - [2009-02-09 05:56] - 0401408 ____A (Microsoft Corporation) 9222562d44021b988b9f9f62207fb6f2

C:\I386\RPCSS.DLL
[2003-06-20 10:04] - [2002-08-29 05:00] - 0260608 ____A (Microsoft Corporation) 493fcbed180dcacf0b5d4c8c29949ca9

=== End Of Search ===



#6 castillo

castillo
  • Topic Starter

  • Members
  • 17 posts
  • OFFLINE
  •  
  • Local time:01:33 AM

Posted 19 January 2014 - 02:26 PM

After performing the above steps the computer is producing this message every few minutes.

 

"Generic Host Process for Win32 Services has encountered a problem and needs to close.  We are sorry for the inconvenience."



#7 RPMcMurphy

RPMcMurphy

    Bleeping *^#@%~


  • Malware Response Team
  • 3,970 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:02:33 AM

Posted 19 January 2014 - 02:40 PM

Please do this next:

icon11.gif  Download ComboFix from the link below:
Link 1

VERY IMPORTANT !!! Save ComboFix.exe to your Desktop

* IMPORTANT - Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools. If you have difficulty properly disabling your protective programs, refer to this link

  • Double click on ComboFix.exe & follow the prompts.

As part of it's process, ComboFix will check to see if the Microsoft Windows Recovery Console is installed. With malware infections being as they are today, it's strongly recommended to have this pre-installed on your machine before doing any malware removal. It will allow you to boot up into a special recovery/repair mode that will allow us to more easily help you should your computer have a problem after an attempted removal of malware.

  • Follow the prompts to allow ComboFix to download and install the Microsoft Windows Recovery Console, and when prompted, agree to the End-User License Agreement to install the Microsoft Windows Recovery Console.

**Please note: If the Microsoft Windows Recovery Console is already installed, ComboFix will continue it's malware removal procedures.

  • Once the Microsoft Windows Recovery Console is installed click on Yes[/b], to continue scanning for malware.

When finished, it shall produce a log for you. Please include the C:\ComboFix.txt in your next reply.

Notes:
1. Do not mouse-click Combofix's window while it is running. That may cause it to stall.
2. Do not "re-run" Combofix. If you have a problem, reply back for further instructions.


Please include the following in your next post:
  • ComboFix log


Threads are closed after 5 days of inactivity.

ASAP & UNITE Member


The help you receive here is free. If you wish to show your appreciation, then you may btn_donate_SM.gif


#8 castillo

castillo
  • Topic Starter

  • Members
  • 17 posts
  • OFFLINE
  •  
  • Local time:01:33 AM

Posted 22 January 2014 - 08:11 AM

ComboFix 14-01-21.03 - Salon 01/22/2014   7:49.2.2 - x86
Microsoft Windows XP Professional  5.1.2600.3.1252.1.1033.18.1955.1338 [GMT -5:00]
Running from: c:\documents and settings\Salon\Desktop\ComboFix.exe
FW: ZoneAlarm Free Firewall Firewall *Enabled* {829BDA32-94B3-44F4-8446-F8FCFF809F8B}
.
.
(((((((((((((((((((((((((((((((((((((((   Other Deletions   )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\documents and settings\LocalService\Application Data\ssecurity.exe
c:\documents and settings\LocalService\Application Data\wincreen.jpg
c:\windows\Installer\{17FE46DF-24DC-4888-BA8B-1C918A2E79ED}\NewShortcut5_6EA2867D4E8340A5A3471FF71A363544.exe
.
.
(((((((((((((((((((((((((   Files Created from 2013-12-22 to 2014-01-22  )))))))))))))))))))))))))))))))
.
.
2014-01-21 16:50 . 2008-04-14 10:42    116224    ----a-w-    c:\windows\system32\dllcache\xrxwiadr.dll
2014-01-21 16:50 . 2001-08-18 03:36    23040    ----a-w-    c:\windows\system32\dllcache\xrxwbtmp.dll
2014-01-21 16:50 . 2008-04-14 10:42    18944    ----a-w-    c:\windows\system32\dllcache\xrxscnui.dll
2014-01-21 16:50 . 2001-08-18 03:37    4608    ----a-w-    c:\windows\system32\dllcache\xrxflnch.exe
2014-01-21 16:50 . 2001-08-18 03:37    27648    ----a-w-    c:\windows\system32\dllcache\xrxftplt.exe
2014-01-21 16:50 . 2001-08-18 03:37    99865    ----a-w-    c:\windows\system32\dllcache\xlog.exe
2014-01-21 16:50 . 2001-08-17 17:11    16970    ----a-w-    c:\windows\system32\dllcache\xem336n5.sys
2014-01-21 16:48 . 2001-08-17 18:49    30464    ----a-w-    c:\windows\system32\dllcache\tbatm155.sys
2014-01-21 16:47 . 2002-08-29 10:00    14848    ----a-w-    c:\windows\system32\dllcache\register.exe
2014-01-21 16:46 . 2008-04-14 05:16    49024    ----a-w-    c:\windows\system32\dllcache\mstape.sys
2014-01-21 16:45 . 2008-04-14 10:39    6144    ----a-w-    c:\windows\system32\dllcache\kbd106.dll
2014-01-21 16:44 . 2002-08-29 10:00    7680    ----a-w-    c:\windows\system32\dllcache\ftpctrs2.dll
2014-01-21 16:43 . 2002-08-29 10:00    33792    ----a-w-    c:\windows\system32\dllcache\controt.dll
2014-01-21 16:42 . 2002-08-29 10:00    49664    ----a-w-    c:\windows\system32\dllcache\adrot.dll
2014-01-17 14:29 . 2014-01-19 18:44    --------    d-----w-    C:\FRST
2014-01-16 05:49 . 2014-01-16 05:49    --------    d-----w-    c:\documents and settings\LocalService\Local Settings\Application Data\LogMeIn
2014-01-14 04:40 . 2014-01-21 16:53    --------    d-----w-    c:\documents and settings\Salon\Local Settings\Application Data\DoNotTrackPlus
2014-01-12 18:48 . 2014-01-12 18:48    --------    d-----w-    c:\program files\Common Files\Java
2014-01-12 18:46 . 2013-10-08 12:50    94632    ----a-w-    c:\windows\system32\WindowsAccessBridge.dll
2014-01-12 17:49 . 2014-01-12 17:49    51416    ----a-w-    c:\windows\system32\drivers\mbamchameleon.sys
.
.
.
((((((((((((((((((((((((((((((((((((((((   Find3M Report   ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2013-12-12 16:54 . 2010-06-19 23:54    86888    ----a-w-    c:\windows\system32\LMIRfsClientNP.dll
2013-12-12 16:54 . 2010-06-19 23:54    53064    ----a-w-    c:\windows\system32\Spool\prtprocs\w32x86\LMIproc.dll
2013-12-12 16:54 . 2010-06-19 23:54    31560    ----a-w-    c:\windows\system32\LMIport.dll
2013-12-12 16:54 . 2010-06-19 23:54    85832    ----a-w-    c:\windows\system32\LMIinit.dll
2013-12-11 17:26 . 2012-09-23 14:48    692616    ----a-w-    c:\windows\system32\FlashPlayerApp.exe
2013-12-11 17:26 . 2011-07-27 13:34    71048    ----a-w-    c:\windows\system32\FlashPlayerCPLApp.cpl
2013-10-27 13:54 . 2010-06-19 23:54    86888    ----a-w-    c:\windows\system32\LMIRfsClientNP.dll.000.bak
2013-10-27 13:54 . 2010-06-19 23:54    85832    ----a-w-    c:\windows\system32\LMIinit.dll.000.bak
.
.
(((((((((((((((((((((((((((((((((((((   Reg Loading Points   ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"KiesPreload"="c:\program files\Samsung\Kies\Kies.exe" [2012-12-20 1476104]
"KiesAirMessage"="c:\program files\Samsung\Kies\KiesAirMessage.exe" [2012-12-18 578560]
"KiesPDLR"="c:\program files\Samsung\Kies\External\FirmwareUpdate\KiesPDLR.exe" [2012-12-20 844296]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"vptray"="c:\program files\NavNT\vptray.exe" [2001-09-24 73728]
"WD Button Manager"="WDBtnMgr.exe" [2007-03-13 339968]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2011-02-02 142360]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2011-02-02 176152]
"Persistence"="c:\windows\system32\igfxpers.exe" [2011-02-02 145944]
"AppleSyncNotifier"="c:\program files\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe" [2011-04-20 58656]
"APSDaemon"="c:\program files\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2012-08-28 59280]
"LogMeIn GUI"="c:\program files\LogMeIn\x86\LogMeInSystray.exe" [2011-09-16 63048]
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2011-07-05 421888]
"Olympus ib"="c:\program files\Olympus\ib\olycamdetect.exe" [2012-02-02 96128]
"MDS_Menu"="c:\program files\Olympus\ib\MUITransfer\MUIStartMenu.exe" [2011-08-30 223104]
"HP Software Update"="c:\program files\HP\HP Software Update\HPWuSchd2.exe" [2011-03-24 49208]
"KiesTrayAgent"="c:\program files\Samsung\Kies\KiesTrayAgent.exe" [2012-12-20 310280]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2012-09-10 421776]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2013-11-21 959904]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2013-07-02 254336]
"ZoneAlarm"="c:\program files\CheckPoint\ZoneAlarm\zatray.exe" [2013-12-16 73832]
.
c:\documents and settings\Salon\Start Menu\Programs\Startup\
Monitor Ink Alerts - HP Photosmart 5510d series.lnk - c:\windows\SYSTEM32\RunDll32.exe "c:\program files\HP\HP Photosmart 5510d series\bin\HPStatusBL.dll",RunDLLEntry SERIALNUMBER=CN22N3BF3205RW;CONNECTION=USB;MONITOR=1; [2007-3-15 33280]
.
[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "c:\program files\SUPERAntiSpyware\SASSEH.DLL" [2014-01-16 115440]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
2009-09-08 13:48    548352    ----a-w-    c:\program files\SUPERAntiSpyware\SASWINLO.DLL
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\LMIinit]
2013-12-12 16:54    85832    ----a-w-    c:\windows\SYSTEM32\LMIinit.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\PCANotify]
2002-02-15 14:51    24638    ----a-w-    c:\windows\SYSTEM32\PCANotify.dll
.
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^America Online 8.0 Tray Icon.lnk]
backup=c:\windows\pss\America Online 8.0 Tray Icon.lnkCommon Startup
.
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^HP Digital Imaging Monitor.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\HP Digital Imaging Monitor.lnk
backup=c:\windows\pss\HP Digital Imaging Monitor.lnkCommon Startup
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe ARM]
2013-11-21 16:57    959904    ----a-w-    c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AppleSyncNotifier]
2011-04-20 16:48    58656    ----a-w-    c:\program files\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}]
2007-06-21 19:43    148776    ----a-w-    c:\program files\Common Files\Ahead\Lib\NMBgMonitor.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ctfmon.exe]
2008-04-14 10:42    15360    ----a-w-    c:\windows\SYSTEM32\ctfmon.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HDAudDeck]
2009-05-14 14:45    33624064    ----a-r-    c:\program files\VIA\VIAudioi\HDADeck\HDeck.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HP Software Update]
2011-03-24 17:13    49208    ----a-w-    c:\program files\HP\HP Software Update\hpwuschd2.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
2012-09-10 04:30    421776    ----a-w-    c:\program files\iTunes\iTunesHelper.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LogMeIn GUI]
2011-09-16 19:10    63048    ----a-w-    c:\program files\LogMeIn\x86\LogMeInSystray.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Microsoft Default Manager]
2009-07-17 15:12    288080    ----a-w-    c:\program files\Microsoft\Search Enhancement Pack\Default Manager\DefMgr.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MMTray]
2002-08-14 22:29    90112    ----a-w-    c:\program files\MUSICMATCH\MUSICMATCH Jukebox\mm_tray.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS]
2008-04-14 10:42    1695232    ----a-w-    c:\program files\Messenger\msmsgs.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck]
2007-06-11 12:44    153136    ----a-w-    c:\program files\Common Files\Ahead\Lib\NeroCheck.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
2011-07-05 22:36    421888    ----a-w-    c:\program files\QuickTime\QTTask.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SpybotSD TeaTimer]
2009-03-05 20:07    2260480    --sha-r-    c:\program files\Spybot - Search & Destroy\TeaTimer.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Super-Charger]
2011-01-25 14:00    303104    ----a-w-    c:\program files\MSI\Super-Charger\StartSuperCharger.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SUPERAntiSpyware]
2014-01-16 05:49    5625624    ----a-w-    c:\program files\SUPERAntiSpyware\SUPERANTISPYWARE.EXE
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TkBellExe]
2003-04-24 02:31    151597    ----a-w-    c:\program files\Common Files\Real\Update_OB\realsched.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"wlidsvc"=2 (0x2)
"SeaPort"=2 (0x2)
"McComponentHostService"=3 (0x3)
"idsvc"=3 (0x3)
"awhost32"=3 (0x3)
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-]
"HotKeysCmds"=c:\windows\System32\hkcmd.exe
"IgfxTray"=c:\windows\System32\igfxtray.exe
"TkBellExe"="c:\program files\Common Files\Real\Update_OB\realsched.exe" -osboot
"DwlClient"=c:\program files\Common Files\Dell\EUSW\Support.exe
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe"
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" -atboottime
"BCMSMMSG"=BCMSMMSG.exe
"HPHUPD08"=c:\program files\HP\Digital Imaging\{33D6CC28-9F75-4d1b-A11D-98895B3A3729}\hphupd08.exe
"HP Software Update"=c:\program files\HP\HP Software Update\HPWuSchd2.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\ZoneLabsFirewall]
"DisableMonitoring"=dword:00000001
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\WINDOWS\\SYSTEM32\\LEXPPS.EXE"=
.
R1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\SASDIFSV.SYS [3/23/2009 1:07 PM 12872]
R1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL.SYS [3/23/2009 1:07 PM 67664]
R2 LMIGuardianSvc;LMIGuardianSvc;c:\program files\LogMeIn\x86\LMIGuardianSvc.exe [1/31/2012 9:30 PM 375120]
R2 LMIInfo;LogMeIn Kernel Information Provider;c:\program files\LogMeIn\x86\rainfo.sys [9/16/2011 2:10 PM 13624]
R2 UNS;Intel® Management and Security Application User Notification Service;c:\program files\Intel\Intel® Management Engine Components\UNS\UNS.exe [8/20/2011 2:29 AM 2656280]
R2 ZAPrivacyService;ZoneAlarm Privacy Service;c:\program files\CheckPoint\ZoneAlarm\ZAPrivacyService.exe [10/15/2013 5:38 AM 50704]
R3 L1c;NDIS Miniport Driver for Atheros AR813x/AR815x PCI-E Ethernet Controller;c:\windows\SYSTEM32\DRIVERS\l1c51x86.sys [8/20/2011 2:12 PM 62576]
R3 MEI;Intel® Management Engine Interface;c:\windows\SYSTEM32\DRIVERS\HECI.sys [8/20/2011 2:29 AM 41088]
R3 VIAHdAudAddService;VIA High Definition Audio Driver Service;c:\windows\SYSTEM32\DRIVERS\viahduaa.sys [8/20/2011 9:44 AM 2135280]
S0 87838909;87838909;c:\windows\system32\drivers\73257380.sys --> c:\windows\system32\drivers\73257380.sys [?]
S2 MemeoBackgroundService;MemeoBackgroundService;c:\program files\Memeo\AutoBackup\MemeoBackgroundService.exe [4/17/2008 9:09 AM 25824]
S3 dg_ssudbus;SAMSUNG Mobile USB Composite Device Driver (DEVGURU Ver.);c:\windows\SYSTEM32\DRIVERS\ssudbus.sys [12/30/2012 9:58 AM 83168]
S3 dgderdrv;dgderdrv;c:\windows\SYSTEM32\DRIVERS\dgderdrv.sys [9/22/2012 4:30 PM 20032]
S3 McComponentHostService;McAfee Security Scan Component Host Service;c:\program files\McAfee Security Scan\2.1.121\McCHSvc.exe [9/3/2010 1:45 AM 227232]
S3 OlyCamComm;OLYMPUS USB Communication Device;c:\windows\SYSTEM32\DRIVERS\OlyCamComm.sys [4/5/2012 9:49 AM 21648]
S3 SASENUM;SASENUM;c:\program files\SUPERAntiSpyware\SASENUM.SYS [3/23/2009 1:07 PM 12872]
S3 ssudmdm;SAMSUNG  Mobile USB Modem Drivers (DEVGURU Ver.);c:\windows\SYSTEM32\DRIVERS\ssudmdm.sys [12/30/2012 9:58 AM 181344]
.
--- Other Services/Drivers In Memory ---
.
*Deregistered* - NAVAP
*Deregistered* - NAVENG
*Deregistered* - NAVEX15
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
HPZ12    REG_MULTI_SZ       Pml Driver HPZ12 Net Driver HPZ12
HPService    REG_MULTI_SZ       HPSLPSVC
hpdevmgmt    REG_MULTI_SZ       hpqcxs08 hpqddsvc
.
Contents of the 'Scheduled Tasks' folder
.
2014-01-22 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2012-09-23 17:26]
.
2014-01-18 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2011-06-01 17:34]
.
2014-01-22 c:\windows\Tasks\Symantec NetDetect.job
- c:\program files\Symantec\LiveUpdate\NDETECT.EXE [2003-06-20 18:23]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://att.yahoo.com/
uInternet Settings,ProxyOverride = hxxp://localhost;*.local
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
TCP: DhcpNameServer = 192.168.1.1
DPF: DirectAnimation Java Classes - file://c:\windows\Java\classes\dajava.cab
DPF: Microsoft XML Parser for Java - file://c:\windows\Java\classes\xmldso.cab
FF - ProfilePath - c:\documents and settings\Salon\Application Data\Mozilla\Firefox\Profiles\hqzgyejm.default-1375245231546\
FF - prefs.js: browser.startup.homepage - hxxp://att.yahoo.com/
.
- - - - ORPHANS REMOVED - - - -
.
c:\documents and settings\All Users\Start Menu\Programs\Startup\Memeo AutoBackup.lnk - c:\windows\Installer\{17FE46DF-24DC-4888-BA8B-1C918A2E79ED}\NewShortcut5_6EA2867D4E8340A5A3471FF71A363544.exe
.
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2014-01-22 07:58
Windows 5.1.2600 Service Pack 3 NTFS
.
scanning hidden processes ...  
.
scanning hidden autostart entries ...
.
scanning hidden files ...  
.
scan completed successfully
hidden files: 0
.
**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil32_11_9_900_170_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil32_11_9_900_170_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
--------------------- DLLs Loaded Under Running Processes ---------------------
.
- - - - - - - > 'winlogon.exe'(664)
c:\program files\SUPERAntiSpyware\SASWINLO.DLL
c:\windows\system32\WININET.dll
c:\windows\system32\LMIinit.dll
c:\windows\system32\LMIRfsClientNP.dll
c:\windows\System32\NavLogon.dll
c:\windows\system32\igfxdev.dll
.
Completion time: 2014-01-22  08:06:19
ComboFix-quarantined-files.txt  2014-01-22 13:06
ComboFix2.txt  2014-01-12 20:00
.
Pre-Run: 386,029,518,848 bytes free
Post-Run: 386,998,468,608 bytes free
.
- - End Of File - - 0A57DB0723E290C02430A756039E5FB9
8F558EB6672622401DA993E1E865C861
 



#9 RPMcMurphy

RPMcMurphy

    Bleeping *^#@%~


  • Malware Response Team
  • 3,970 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:02:33 AM

Posted 22 January 2014 - 11:56 AM

Please do this next:

icon11.gif  You have this program installed, Malwarebytes' Anti-Malware (MBAM). Please update it and run a scan.

Open MBAM

  • Click the Update tab
  • Click Check for Updates
  • If an update is found, it will download and install the latest version.
  • The program will close to update and reopen.
  • Once the program has loaded, select "Perform Full Scan", then click Scan.
  • The scan may take some time to finish,so please be patient.
  • When the scan is complete, click OK, then Show Results to view the results.
  • Uncheck any entries from C:\System Volume Information, C:FRST\Quarantine or C:\Qoobox
  • Make sure that everything else is checked, and click Remove Selected.
  • When disinfection is completed, a log will open in Notepad and you may be prompted to Restart.(See Extra Note)
  • The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
  • Copy&Paste the entire report in your next reply.

Extra Note:
If MBAM encounters a file that is difficult to remove,you will be presented with 1 of 2 prompts,click OK to either and let MBAM proceed with the disinfection process,if asked to restart the computer,please do so immediately.

icon11.gif   Double click on FRST to open it again

  • Click Yes to disclaimer.
  • Press Scan button.
  • It will make a log (FRST.txt) in the same directory the tool is run. Please copy and paste it to your reply.

Please include the following in your next post:
  • MBAM log
  • FRST log


Threads are closed after 5 days of inactivity.

ASAP & UNITE Member


The help you receive here is free. If you wish to show your appreciation, then you may btn_donate_SM.gif


#10 castillo

castillo
  • Topic Starter

  • Members
  • 17 posts
  • OFFLINE
  •  
  • Local time:01:33 AM

Posted 25 January 2014 - 12:32 PM

Here's the MB log.  FRST is giving me an error when I try to run it.  However it still produced a log which I've posted below.
 
Malwarebytes Anti-Malware 1.75.0.1300
www.malwarebytes.org

Database version: v2014.01.22.12

Windows XP Service Pack 3 x86 NTFS
Internet Explorer 8.0.6001.18702
Salon :: DIMENSION [administrator]

1/22/2014 10:47:34 PM
mbam-log-2014-01-22 (22-47-34).txt

Scan type: Full scan (C:\|E:\|)
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 532761
Time elapsed: 1 hour(s), 7 minute(s), 26 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 0
(No malicious items detected)

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 0
(No malicious items detected)

Files Detected: 41
C:\Qoobox\Quarantine\C\Documents and Settings\LocalService\Application Data\ssecurity.exe.vir (Trojan.Zbot.CRV) -> No action taken.
C:\System Volume Information\_restore{987E0331-0F01-427C-A58A-7A2E4AABF84D}\RP3363\A0144042.exe (Trojan.FakeFlash.ED) -> No action taken.
C:\System Volume Information\_restore{987E0331-0F01-427C-A58A-7A2E4AABF84D}\RP3363\A0144043.exe (Trojan.FakeFlash.ED) -> No action taken.
C:\System Volume Information\_restore{987E0331-0F01-427C-A58A-7A2E4AABF84D}\RP3363\A0144044.exe (Trojan.Ransom) -> No action taken.
C:\System Volume Information\_restore{987E0331-0F01-427C-A58A-7A2E4AABF84D}\RP3363\A0144045.exe (Trojan.FakeFlash.ED) -> No action taken.
C:\System Volume Information\_restore{987E0331-0F01-427C-A58A-7A2E4AABF84D}\RP3363\A0144046.exe (Trojan.Ransom) -> No action taken.
C:\System Volume Information\_restore{987E0331-0F01-427C-A58A-7A2E4AABF84D}\RP3363\A0144047.exe (Trojan.Ransom) -> No action taken.
C:\System Volume Information\_restore{987E0331-0F01-427C-A58A-7A2E4AABF84D}\RP3363\A0144048.exe (Trojan.Ransom) -> No action taken.
C:\System Volume Information\_restore{987E0331-0F01-427C-A58A-7A2E4AABF84D}\RP3363\A0144049.exe (Trojan.FakeFlash.ED) -> No action taken.
C:\System Volume Information\_restore{987E0331-0F01-427C-A58A-7A2E4AABF84D}\RP3363\A0144050.exe (Trojan.Ransom) -> No action taken.
C:\System Volume Information\_restore{987E0331-0F01-427C-A58A-7A2E4AABF84D}\RP3363\A0144051.exe (Trojan.FakeFlash.ED) -> No action taken.
C:\System Volume Information\_restore{987E0331-0F01-427C-A58A-7A2E4AABF84D}\RP3363\A0144052.exe (Trojan.Zbot) -> No action taken.
C:\System Volume Information\_restore{987E0331-0F01-427C-A58A-7A2E4AABF84D}\RP3363\A0144053.exe (Trojan.Ransom) -> No action taken.
C:\System Volume Information\_restore{987E0331-0F01-427C-A58A-7A2E4AABF84D}\RP3363\A0144054.exe (Trojan.Ransom) -> No action taken.
C:\System Volume Information\_restore{987E0331-0F01-427C-A58A-7A2E4AABF84D}\RP3363\A0144055.exe (Trojan.FakeFlash.ED) -> No action taken.
C:\System Volume Information\_restore{987E0331-0F01-427C-A58A-7A2E4AABF84D}\RP3363\A0144056.exe (Trojan.Zbot) -> No action taken.
C:\System Volume Information\_restore{987E0331-0F01-427C-A58A-7A2E4AABF84D}\RP3363\A0144057.exe (Trojan.FakeFlash.ED) -> No action taken.
C:\System Volume Information\_restore{987E0331-0F01-427C-A58A-7A2E4AABF84D}\RP3363\A0144058.exe (Trojan.FakeFlash.ED) -> No action taken.
C:\System Volume Information\_restore{987E0331-0F01-427C-A58A-7A2E4AABF84D}\RP3363\A0144059.exe (Trojan.Ransom) -> No action taken.
C:\System Volume Information\_restore{987E0331-0F01-427C-A58A-7A2E4AABF84D}\RP3365\A0145134.exe (Trojan.Faketrm.ED) -> No action taken.
C:\System Volume Information\_restore{987E0331-0F01-427C-A58A-7A2E4AABF84D}\RP3365\A0145135.exe (Trojan.Faketrm.ED) -> No action taken.
C:\System Volume Information\_restore{987E0331-0F01-427C-A58A-7A2E4AABF84D}\RP3366\A0145262.exe (PUP.Optional.Bandoo.A) -> No action taken.
C:\System Volume Information\_restore{987E0331-0F01-427C-A58A-7A2E4AABF84D}\RP3366\A0145295.ini (Trojan.0access) -> No action taken.
C:\System Volume Information\_restore{987E0331-0F01-427C-A58A-7A2E4AABF84D}\RP3369\A0145666.exe (Trojan.Zbot.CRV) -> No action taken.
C:\System Volume Information\_restore{987E0331-0F01-427C-A58A-7A2E4AABF84D}\RP3372\A0145798.dll (Adware.Yontoo) -> No action taken.
C:\System Volume Information\_restore{987E0331-0F01-427C-A58A-7A2E4AABF84D}\RP3372\A0145799.exe (PUP.Optional.OptChrome.A) -> No action taken.
C:\System Volume Information\_restore{987E0331-0F01-427C-A58A-7A2E4AABF84D}\RP3373\A0146284.exe (Trojan.Zbot.CRV) -> No action taken.
C:\Documents and Settings\Salon\Local Settings\Application Data\Sun\Java\Deployment\cache\6.0\56\6dda8678-57c8edf8 (Rootkit.0Access) -> Quarantined and deleted successfully.
C:\TDSSKiller_Quarantine\23.03.2013_14.55.35\mbr0000\tdlfs0000\tsk0003.dta (Rootkit.0Access) -> Quarantined and deleted successfully.
C:\TDSSKiller_Quarantine\23.03.2013_14.55.35\mbr0000\tdlfs0000\tsk0004.dta (Rootkit.TDSS.OL) -> Quarantined and deleted successfully.
C:\TDSSKiller_Quarantine\23.03.2013_14.55.35\mbr0000\tdlfs0000\tsk0008.dta (Rootkit.TDSS.OL) -> Quarantined and deleted successfully.
C:\TDSSKiller_Quarantine\23.03.2013_14.55.35\mbr0000\tdlfs0000\tsk0009.dta (Rootkit.TDSS.OL) -> Quarantined and deleted successfully.
E:\My Documents\Memeo\My Documents\C_\Documents and Settings\PATRICE\My Documents\Downloads\freesystemscan.exe (Trojan.FakeAlert) -> Quarantined and deleted successfully.
E:\My Documents\Memeo\My Documents\C_\Documents and Settings\PATRICE\My Documents\Downloads\freesystemscan(1).exe (Trojan.FakeAlert) -> Quarantined and deleted successfully.
E:\My Documents\Memeo\My Documents\C_\Documents and Settings\PATRICE\My Documents\Downloads\freesystemscan(2).exe (Trojan.FakeAlert) -> Quarantined and deleted successfully.
E:\My Documents\Memeo\My Documents\C_\Documents and Settings\PATRICE\My Documents\Downloads\freesystemscan(3).exe (Trojan.FakeAlert) -> Quarantined and deleted successfully.
E:\My Documents 2011\Memeo\My Documents 2011\C_\Documents and Settings\Salon\My Documents\Downloads\freesystemscan(1).exe (Trojan.FakeAlert) -> Quarantined and deleted successfully.
E:\My Documents 2011\Memeo\My Documents 2011\C_\Documents and Settings\Salon\My Documents\Downloads\freesystemscan(2).exe (Trojan.FakeAlert) -> Quarantined and deleted successfully.
E:\My Documents 2011\Memeo\My Documents 2011\C_\Documents and Settings\Salon\My Documents\Downloads\freesystemscan(3).exe (Trojan.FakeAlert) -> Quarantined and deleted successfully.
E:\My Documents 2011\Memeo\My Documents 2011\C_\Documents and Settings\Salon\My Documents\Downloads\freesystemscan(4).exe (Trojan.FakeAlert) -> Quarantined and deleted successfully.
E:\My Documents 2011\Memeo\My Documents 2011\C_\Documents and Settings\Salon\My Documents\Downloads\freesystemscan.exe (Trojan.FakeAlert) -> Quarantined and deleted successfully.

(end)

 

 

 

 

FSRT Log

 

Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 23-01-2014
Ran by Salon (administrator) on DIMENSION on 23-01-2014 07:56:20
Running from C:\Documents and Settings\Salon\Desktop
Microsoft Windows XP Professional Service Pack 3 (X86) OS Language: English(US)
Internet Explorer Version 8
Boot Mode: Normal

The only official download link for FRST:
Download link for 32-Bit version: http://www.bleepingcomputer.com/download/farbar-recovery-scan-tool/dl/81/
Download link for 64-Bit Version: http://www.bleepingcomputer.com/download/farbar-recovery-scan-tool/dl/82/
Download link from any site other than Bleeping Computer is unpermitted or outdated.
See tutorial for FRST: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) ===================

(Check Point Software Technologies LTD) C:\Program Files\CheckPoint\ZoneAlarm\vsmon.exe
(Lexmark International, Inc.) C:\WINDOWS\SYSTEM32\LEXBCES.EXE
(Lexmark International, Inc.) C:\WINDOWS\SYSTEM32\LEXPPS.EXE
(Apple Inc.) C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(Symantec Corporation) C:\Program Files\NavNT\defwatch.exe
(Microsoft Corporation) C:\WINDOWS\SYSTEM32\imapi.exe
(Oracle Corporation) C:\Program Files\Java\jre7\bin\jqs.exe
(LogMeIn, Inc.) C:\Program Files\LogMeIn\x86\LMIGuardianSvc.exe
(LogMeIn, Inc.) C:\Program Files\LogMeIn\x86\ramaint.exe
(Intel Corporation) C:\Program Files\Intel\Intel® Management Engine Components\LMS\LMS.exe
(Microsoft Corporation) C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
(Memeo) C:\Program Files\Memeo\AutoBackup\MemeoBackgroundService.exe
(Symantec Corporation) C:\Program Files\NavNT\rtvscan.exe
(Microsoft Corporation) C:\WINDOWS\SYSTEM32\locator.exe
(Intel Corporation) C:\Program Files\Intel\Intel® Management Engine Components\UNS\UNS.exe
(America Online, Inc.) C:\WINDOWS\wanmpsvc.exe
(Check Point Software Technologies, Ltd.) C:\Program Files\CheckPoint\ZoneAlarm\ZAPrivacyService.exe
(LogMeIn, Inc.) C:\Program Files\LogMeIn\x86\LogMeIn.exe
(Intel Corporation) C:\WINDOWS\SYSTEM32\MSGSYS.EXE
(Symantec Corporation) C:\Program Files\NavNT\vptray.exe
(Western Digital Technologies, Inc.) C:\WINDOWS\SYSTEM32\WDBtnMgr.exe
(Intel Corporation) C:\WINDOWS\SYSTEM32\hkcmd.exe
(Intel Corporation) C:\WINDOWS\SYSTEM32\igfxpers.exe
(LogMeIn, Inc.) C:\Program Files\LogMeIn\x86\LogMeInSystray.exe
(Oracle Corporation) C:\Program Files\Common Files\Java\Java Update\jusched.exe
(Check Point Software Technologies LTD) C:\Program Files\CheckPoint\ZoneAlarm\zatray.exe
(LogMeIn, Inc.) C:\Program Files\LogMeIn\x86\LogMeIn.exe
(Memeo Inc.) C:\Program Files\Memeo\AutoBackup\MemeoBackup.exe


==================== Registry (Whitelisted) ==================

HKLM\...\Run: [vptray] - C:\Program Files\NavNT\vptray.exe [73728 2001-09-24] (Symantec Corporation)
HKLM\...\Run: [WD Button Manager] - C:\WINDOWS\system32\WDBtnMgr.exe [339968 2007-03-12] (Western Digital Technologies, Inc.)
HKLM\...\Run: [LogMeIn GUI] - C:\Program Files\LogMeIn\x86\LogMeInSystray.exe [63048 2011-09-16] (LogMeIn, Inc.)
HKLM\...\Run: [MDS_Menu] - C:\Program Files\Olympus\ib\MUITransfer\MUIStartMenu.exe [223104 2011-08-30] (CyberLink Corp.)
HKLM\...\Run: [SunJavaUpdateSched] - C:\Program Files\Common Files\Java\Java Update\jusched.exe [254336 2013-07-02] (Oracle Corporation)
HKLM\...\Run: [ZoneAlarm] - C:\Program Files\CheckPoint\ZoneAlarm\zatray.exe [73832 2013-12-16] (Check Point Software Technologies LTD)
Winlogon\Notify\!SASWinLogon: C:\Program Files\SUPERAntiSpyware\SASWINLO.DLL (SUPERAntiSpyware.com)
Winlogon\Notify\LMIinit: C:\WINDOWS\system32\LMIinit.dll (LogMeIn, Inc.)
Winlogon\Notify\NavLogon: C:\WINDOWS\System32\NavLogon.dll ()
Winlogon\Notify\PCANotify: C:\WINDOWS\system32\PCANotify.dll (Symantec Corporation)
HKU\Administrator\...\RunOnce: [NeroHomeFirstStart] - "C:\Program Files\Common Files\Nero\Lib\NMFirstStart.exe"
HKU\Default User\...\RunOnce: [NeroHomeFirstStart] - "C:\Program Files\Common Files\Nero\Lib\NMFirstStart.exe"

==================== Internet (Whitelisted) ====================

HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://att.yahoo.com/
HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
SearchScopes: HKLM - {9BB47C17-9C68-4BB3-B188-DD9AF0FD2406} URL = http://www.searchqu.com/web?src=ieb&appid=102&systemid=406&sr=0&q={searchTerms}
SearchScopes: HKLM - {cca2e567-1987-4100-a3c6-5b4267084510} URL = http://search.mywebsearch.com/mywebsearch/GGmain.jhtml?p2=^YK^xdm030^S00744^us&si=21786&ptb=4E84E14E-107E-4F2A-A83B-7FAE48EA403B&psa=&ind=2012033016&st=sb&n=77ed2ff8&searchfor={searchTerms}
SearchScopes: HKCU - {002D945D-4E44-4951-A159-E376222EFB79} URL = http://search.zonealarm.com/search?src=sp&tbid=HFA5&Lan=en&q={searchTerms}&gu=b3af63f41a384a9d8ef44ecef3f3e6a4&tu=10GXy00C02C01u0&sku=&tstsId=&ver=&&r=875
SearchScopes: HKCU - {9BB47C17-9C68-4BB3-B188-DD9AF0FD2406} URL = http://www.searchqu.com/web?src=ieb&appid=102&systemid=406&sr=0&q={searchTerms}
SearchScopes: HKCU - {cca2e567-1987-4100-a3c6-5b4267084510} URL = http://search.mywebsearch.com/mywebsearch/GGmain.jhtml?p2=^YK^xdm030^S00744^us&si=21786&ptb=4E84E14E-107E-4F2A-A83B-7FAE48EA403B&psa=&ind=2012033016&st=sb&n=77ed2ff8&searchfor={searchTerms}
BHO: HP Print Enhancer - {0347C33E-8762-4905-BF09-768834316C61} - C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_printenhancer.dll (Hewlett-Packard Co.)
BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
BHO: Zonealarm Helper Object - {2A841F7A-A014-4DA5-B6D9-8B913DFB7A8C} - C:\Program Files\Check Point Software Technologies LTD\zonealarm\1.8.28.13\bh\zonealarm.dll (Check Point Software Technologies LTD)
BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
BHO: Java™ Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation)
BHO: Java™ Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
BHO: HP Smart BHO Class - {FFFFFFFF-CF4E-4F2B-BDC2-0E72E116A856} - C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll (Hewlett-Packard Co.)
Toolbar: HKLM - ZoneAlarm Security Toolbar - {438FAE3E-BDEF-44D3-AB8B-0C7C8350DF59} - C:\Program Files\Check Point Software Technologies LTD\zonealarm\1.8.28.13\zonealarmTlbr.dll (Check Point Software Technologies LTD)
Toolbar: HKCU - No Name - {2318C2B1-4965-11D4-9B18-009027A5CD4F} -  No File
Toolbar: HKCU - No Name - {EE2AC4E5-B0B0-4EC6-88A9-BCA1A32AB107} -  No File
DPF: {1C11B948-582A-433F-A98D-A8C4D5CC64F2} http://kitchenplanner.ikea.com/US/Core/Player/2020PlayerAX_Win32.cab
DPF: {30528230-99F7-4BB4-88D8-FA1D4F56A2AB} http://us.dl1.yimg.com/download.yahoo.com/dl/installs/yinst0401.cab
DPF: {33564D57-0000-0010-8000-00AA00389B71} http://download.microsoft.com/download/F/6/E/F6E491A6-77E1-4E20-9F5F-94901338C922/wmv9VCM.CAB
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_35-windows-i586.cab
DPF: {9F1C11AA-197B-4942-BA54-47A8489BB47F} http://v4.windowsupdate.microsoft.com/CAB/x86/unicode/iuctl.CAB?37792.3701273148
DPF: {CAFEEFAC-0016-0000-0035-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_35-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_35-windows-i586.cab
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab
DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
Handler: ms-itss - {0A9007C0-4076-11D3-8789-0000F8105754} - C:\Program Files\Common Files\Microsoft Shared\Information Retrieval\MSITSS.DLL (Microsoft Corporation)
ShellExecuteHooks: SABShellExecuteHook Class - {5AE067D3-9AFB-48E0-853A-EBB7F4A000DA} - C:\Program Files\SUPERAntiSpyware\SASSEH.DLL [115440 2014-01-16] (SuperAdBlocker.com)
Winsock: Catalog5 04 C:\Program Files\Bonjour\mdnsNSP.dll [121704] (Apple Inc.)
Tcpip\Parameters: [DhcpNameServer] 192.168.1.1

FireFox:
========
FF ProfilePath: C:\Documents and Settings\Salon\Application Data\Mozilla\Firefox\Profiles\hqzgyejm.default-1375245231546
FF Homepage: hxxp://att.yahoo.com/
FF Plugin: @adobe.com/FlashPlayer - C:\WINDOWS\system32\Macromed\Flash\NPSWF32_11_9_900_170.dll ()
FF Plugin: @java.com/DTPlugin,version=10.45.2 - C:\Program Files\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=10.45.2 - C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin: @olympus-imaging.jp/npIbInst - C:\Program Files\OLYMPUS\ib Utilities\Firefox Plugin\npIbInst.dll (OLYMPUS IMAGING CORP.)
FF Plugin: Adobe Reader - C:\Program Files\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)

Chrome:
=======
CHR HomePage: hxxp://www.google.com/
CHR RestoreOnStartup: "hxxp://www.google.com/"
 



#11 RPMcMurphy

RPMcMurphy

    Bleeping *^#@%~


  • Malware Response Team
  • 3,970 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:02:33 AM

Posted 25 January 2014 - 12:44 PM

Hi,

 

The FRST log got cut off.  Please post that again for me.


Threads are closed after 5 days of inactivity.

ASAP & UNITE Member


The help you receive here is free. If you wish to show your appreciation, then you may btn_donate_SM.gif


#12 castillo

castillo
  • Topic Starter

  • Members
  • 17 posts
  • OFFLINE
  •  
  • Local time:01:33 AM

Posted 25 January 2014 - 02:21 PM

I'm encountering an error when I run FRST. 

 

AutoIt Error

Line 10430 (file "C:\docs and settings\salon \desktop\frst.exe")

 

Error: Variable used without being declared.



#13 RPMcMurphy

RPMcMurphy

    Bleeping *^#@%~


  • Malware Response Team
  • 3,970 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:02:33 AM

Posted 25 January 2014 - 02:33 PM

Delete it from your desktop then download a new copy from Here and try running it again.


Threads are closed after 5 days of inactivity.

ASAP & UNITE Member


The help you receive here is free. If you wish to show your appreciation, then you may btn_donate_SM.gif


#14 castillo

castillo
  • Topic Starter

  • Members
  • 17 posts
  • OFFLINE
  •  
  • Local time:01:33 AM

Posted 25 January 2014 - 03:34 PM

Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 25-01-2014 01
Ran by Salon (administrator) on DIMENSION on 25-01-2014 15:27:38
Running from C:\Documents and Settings\Salon\Desktop
Microsoft Windows XP Professional Service Pack 3 (X86) OS Language: English(US)
Internet Explorer Version 8
Boot Mode: Normal

The only official download link for FRST:
Download link for 32-Bit version: http://www.bleepingcomputer.com/download/farbar-recovery-scan-tool/dl/81/
Download link for 64-Bit Version: http://www.bleepingcomputer.com/download/farbar-recovery-scan-tool/dl/82/
Download link from any site other than Bleeping Computer is unpermitted or outdated.
See tutorial for FRST: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) ===================

(Check Point Software Technologies LTD) C:\Program Files\CheckPoint\ZoneAlarm\vsmon.exe
(Lexmark International, Inc.) C:\WINDOWS\SYSTEM32\LEXBCES.EXE
(Lexmark International, Inc.) C:\WINDOWS\SYSTEM32\LEXPPS.EXE
(Apple Inc.) C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(Symantec Corporation) C:\Program Files\NavNT\defwatch.exe
(Microsoft Corporation) C:\WINDOWS\SYSTEM32\imapi.exe
(Oracle Corporation) C:\Program Files\Java\jre7\bin\jqs.exe
(LogMeIn, Inc.) C:\Program Files\LogMeIn\x86\LMIGuardianSvc.exe
(LogMeIn, Inc.) C:\Program Files\LogMeIn\x86\ramaint.exe
(Intel Corporation) C:\Program Files\Intel\Intel® Management Engine Components\LMS\LMS.exe
(Microsoft Corporation) C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
(Memeo) C:\Program Files\Memeo\AutoBackup\MemeoBackgroundService.exe
(Symantec Corporation) C:\Program Files\NavNT\rtvscan.exe
(Microsoft Corporation) C:\WINDOWS\SYSTEM32\locator.exe
(Intel Corporation) C:\Program Files\Intel\Intel® Management Engine Components\UNS\UNS.exe
(America Online, Inc.) C:\WINDOWS\wanmpsvc.exe
(Check Point Software Technologies, Ltd.) C:\Program Files\CheckPoint\ZoneAlarm\ZAPrivacyService.exe
(LogMeIn, Inc.) C:\Program Files\LogMeIn\x86\LogMeIn.exe
(Intel Corporation) C:\WINDOWS\SYSTEM32\MSGSYS.EXE
(Symantec Corporation) C:\Program Files\NavNT\vptray.exe
(Western Digital Technologies, Inc.) C:\WINDOWS\SYSTEM32\WDBtnMgr.exe
(Intel Corporation) C:\WINDOWS\SYSTEM32\hkcmd.exe
(Intel Corporation) C:\WINDOWS\SYSTEM32\igfxpers.exe
(LogMeIn, Inc.) C:\Program Files\LogMeIn\x86\LogMeInSystray.exe
(Oracle Corporation) C:\Program Files\Common Files\Java\Java Update\jusched.exe
(Check Point Software Technologies LTD) C:\Program Files\CheckPoint\ZoneAlarm\zatray.exe
(Memeo Inc.) C:\Program Files\Memeo\AutoBackup\MemeoBackup.exe
(Oracle Corporation) C:\Program Files\Common Files\Java\Java Update\jucheck.exe
(HARMS Software Inc.) C:\Program Files\HARMS\Millennium\millennium.exe
(Microsoft Corporation) C:\WINDOWS\MSAGENT\agentsvr.exe
(Microsoft Corporation) C:\Program Files\Internet Explorer\iexplore.exe
(Microsoft Corporation) C:\Program Files\Internet Explorer\iexplore.exe
(Abine Inc.) C:\Program Files\Check Point Software Technologies LTD\zonealarm\AbineSDK\IE\DNTPService.exe
(Hewlett-Packard Co.) C:\Program Files\HP\Digital Imaging\smart web printing\hpswp_clipbook.exe
(LogMeIn, Inc.) C:\Program Files\LogMeIn\x86\LogMeIn.exe


==================== Registry (Whitelisted) ==================

HKLM\...\Run: [vptray] - C:\Program Files\NavNT\vptray.exe [73728 2001-09-24] (Symantec Corporation)
HKLM\...\Run: [WD Button Manager] - C:\WINDOWS\system32\WDBtnMgr.exe [339968 2007-03-12] (Western Digital Technologies, Inc.)
HKLM\...\Run: [LogMeIn GUI] - C:\Program Files\LogMeIn\x86\LogMeInSystray.exe [63048 2011-09-16] (LogMeIn, Inc.)
HKLM\...\Run: [MDS_Menu] - C:\Program Files\Olympus\ib\MUITransfer\MUIStartMenu.exe [223104 2011-08-30] (CyberLink Corp.)
HKLM\...\Run: [SunJavaUpdateSched] - C:\Program Files\Common Files\Java\Java Update\jusched.exe [254336 2013-07-02] (Oracle Corporation)
HKLM\...\Run: [ZoneAlarm] - C:\Program Files\CheckPoint\ZoneAlarm\zatray.exe [73832 2013-12-16] (Check Point Software Technologies LTD)
Winlogon\Notify\!SASWinLogon: C:\Program Files\SUPERAntiSpyware\SASWINLO.DLL (SUPERAntiSpyware.com)
Winlogon\Notify\LMIinit: C:\WINDOWS\system32\LMIinit.dll (LogMeIn, Inc.)
Winlogon\Notify\NavLogon: C:\WINDOWS\System32\NavLogon.dll ()
Winlogon\Notify\PCANotify: C:\WINDOWS\system32\PCANotify.dll (Symantec Corporation)
HKU\Administrator\...\RunOnce: [NeroHomeFirstStart] - "C:\Program Files\Common Files\Nero\Lib\NMFirstStart.exe"
HKU\Default User\...\RunOnce: [NeroHomeFirstStart] - "C:\Program Files\Common Files\Nero\Lib\NMFirstStart.exe"

==================== Internet (Whitelisted) ====================

HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://att.yahoo.com/
HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
SearchScopes: HKLM - {9BB47C17-9C68-4BB3-B188-DD9AF0FD2406} URL = http://www.searchqu.com/web?src=ieb&appid=102&systemid=406&sr=0&q={searchTerms}
SearchScopes: HKLM - {cca2e567-1987-4100-a3c6-5b4267084510} URL = http://search.mywebsearch.com/mywebsearch/GGmain.jhtml?p2=^YK^xdm030^S00744^us&si=21786&ptb=4E84E14E-107E-4F2A-A83B-7FAE48EA403B&psa=&ind=2012033016&st=sb&n=77ed2ff8&searchfor={searchTerms}
SearchScopes: HKCU - {002D945D-4E44-4951-A159-E376222EFB79} URL = http://search.zonealarm.com/search?src=sp&tbid=HFA5&Lan=en&q={searchTerms}&gu=b3af63f41a384a9d8ef44ecef3f3e6a4&tu=10GXy00C02C01u0&sku=&tstsId=&ver=&&r=875
SearchScopes: HKCU - {9BB47C17-9C68-4BB3-B188-DD9AF0FD2406} URL = http://www.searchqu.com/web?src=ieb&appid=102&systemid=406&sr=0&q={searchTerms}
SearchScopes: HKCU - {cca2e567-1987-4100-a3c6-5b4267084510} URL = http://search.mywebsearch.com/mywebsearch/GGmain.jhtml?p2=^YK^xdm030^S00744^us&si=21786&ptb=4E84E14E-107E-4F2A-A83B-7FAE48EA403B&psa=&ind=2012033016&st=sb&n=77ed2ff8&searchfor={searchTerms}
BHO: HP Print Enhancer - {0347C33E-8762-4905-BF09-768834316C61} - C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_printenhancer.dll (Hewlett-Packard Co.)
BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
BHO: Zonealarm Helper Object - {2A841F7A-A014-4DA5-B6D9-8B913DFB7A8C} - C:\Program Files\Check Point Software Technologies LTD\zonealarm\1.8.28.13\bh\zonealarm.dll (Check Point Software Technologies LTD)
BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
BHO: Java™ Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation)
BHO: Java™ Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
BHO: HP Smart BHO Class - {FFFFFFFF-CF4E-4F2B-BDC2-0E72E116A856} - C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll (Hewlett-Packard Co.)
Toolbar: HKLM - ZoneAlarm Security Toolbar - {438FAE3E-BDEF-44D3-AB8B-0C7C8350DF59} - C:\Program Files\Check Point Software Technologies LTD\zonealarm\1.8.28.13\zonealarmTlbr.dll (Check Point Software Technologies LTD)
Toolbar: HKCU - No Name - {2318C2B1-4965-11D4-9B18-009027A5CD4F} -  No File
Toolbar: HKCU - No Name - {EE2AC4E5-B0B0-4EC6-88A9-BCA1A32AB107} -  No File
DPF: {1C11B948-582A-433F-A98D-A8C4D5CC64F2} http://kitchenplanner.ikea.com/US/Core/Player/2020PlayerAX_Win32.cab
DPF: {30528230-99F7-4BB4-88D8-FA1D4F56A2AB} http://us.dl1.yimg.com/download.yahoo.com/dl/installs/yinst0401.cab
DPF: {33564D57-0000-0010-8000-00AA00389B71} http://download.microsoft.com/download/F/6/E/F6E491A6-77E1-4E20-9F5F-94901338C922/wmv9VCM.CAB
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_35-windows-i586.cab
DPF: {9F1C11AA-197B-4942-BA54-47A8489BB47F} http://v4.windowsupdate.microsoft.com/CAB/x86/unicode/iuctl.CAB?37792.3701273148
DPF: {CAFEEFAC-0016-0000-0035-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_35-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_35-windows-i586.cab
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab
DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
Handler: ms-itss - {0A9007C0-4076-11D3-8789-0000F8105754} - C:\Program Files\Common Files\Microsoft Shared\Information Retrieval\MSITSS.DLL (Microsoft Corporation)
ShellExecuteHooks: SABShellExecuteHook Class - {5AE067D3-9AFB-48E0-853A-EBB7F4A000DA} - C:\Program Files\SUPERAntiSpyware\SASSEH.DLL [115440 2014-01-16] (SuperAdBlocker.com)
Winsock: Catalog5 04 C:\Program Files\Bonjour\mdnsNSP.dll [121704] (Apple Inc.)
Tcpip\Parameters: [DhcpNameServer] 192.168.1.1

FireFox:
========
FF ProfilePath: C:\Documents and Settings\Salon\Application Data\Mozilla\Firefox\Profiles\hqzgyejm.default-1375245231546
FF Homepage: hxxp://att.yahoo.com/
FF Plugin: @adobe.com/FlashPlayer - C:\WINDOWS\system32\Macromed\Flash\NPSWF32_11_9_900_170.dll ()
FF Plugin: @java.com/DTPlugin,version=10.45.2 - C:\Program Files\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=10.45.2 - C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin: @olympus-imaging.jp/npIbInst - C:\Program Files\OLYMPUS\ib Utilities\Firefox Plugin\npIbInst.dll (OLYMPUS IMAGING CORP.)
FF Plugin: Adobe Reader - C:\Program Files\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)

Chrome:
=======
CHR HomePage: hxxp://www.google.com/
CHR RestoreOnStartup: "hxxp://www.google.com/"
CHR HKLM\...\Chrome\Extension: [dlnembnfbcpjnepmfjmngjenhhajpdfd] - C:\Program Files\IB Updater\source.crx []
CHR HKLM\...\Chrome\Extension: [niapdbllcanepiiimjjndipklodoedlc] - C:\Program Files\Yontoo Layers Runtime\YontooLayers.crx []

========================== Services (Whitelisted) =================

S4 awhost32; C:\Program Files\Symantec\pcAnywhere\awhost32.exe [114749 2002-02-15] (Symantec Corporation)
R2 DefWatch; C:\Program Files\NavNT\defwatch.exe [32768 2001-09-24] (Symantec Corporation)
R2 JavaQuickStarterService; C:\Program Files\Java\jre7\bin\jqs.exe [182696 2013-10-08] (Oracle Corporation)
R2 LexBceS; C:\WINDOWS\system32\LEXBCES.EXE [303104 2003-02-28] (Lexmark International, Inc.)
S4 McComponentHostService; C:\Program Files\McAfee Security Scan\2.1.121\McCHSvc.exe [227232 2010-09-03] (McAfee, Inc.)
R2 MemeoBackgroundService; C:\Program Files\Memeo\AutoBackup\MemeoBackgroundService.exe [25824 2008-04-17] (Memeo)
R2 Norton AntiVirus Server; C:\Program Files\NavNT\rtvscan.exe [454656 2001-09-24] (Symantec Corporation)
R2 vsmon; C:\Program Files\CheckPoint\ZoneAlarm\vsmon.exe [2445816 2013-12-16] (Check Point Software Technologies LTD)
R2 WANMiniportService; C:\WINDOWS\wanmpsvc.exe [65536 2002-10-08] (America Online, Inc.)
R2 ZAPrivacyService; C:\Program Files\CheckPoint\ZoneAlarm\ZAPrivacyService.exe [50704 2013-10-15] (Check Point Software Technologies, Ltd.)

==================== Drivers (Whitelisted) ====================

S4 abp480n5; C:\Windows\System32\DRIVERS\ABP480N5.SYS [23552 2001-08-17] (Microsoft Corporation)
R3 Afc; C:\Windows\System32\drivers\Afc.sys [11776 2005-02-23] (Arcsoft, Inc.)
R2 Aspi32; C:\Windows\System32\Drivers\Aspi32.sys [17005 2003-05-28] (Adaptec)
S3 ATWPKT2; C:\Program Files\America Online 8.0\ATWPKT2.SYS [19140 2002-10-08] (America Online)
R1 awlegacy; C:\Windows\System32\Drivers\awlegacy.sys [10816 2000-09-11] (Symantec Corporation)
R1 AW_HOST; C:\Windows\System32\drivers\aw_host5.sys [33496 2002-02-11] (Symantec Corporation)
S3 BCMModem; C:\Windows\System32\DRIVERS\BCMSM.sys [1101696 2003-02-24] (Broadcom Corporation)
S3 EL90XBC; C:\Windows\System32\DRIVERS\el90xbc5.sys [66591 2001-08-17] (3Com Corporation)
R0 Gernuwa; C:\Windows\System32\Drivers\Gernuwa.sys [14944 2001-10-09] (Symantec Corporation)
S3 HPZid412; C:\Windows\System32\DRIVERS\HPZid412.sys [49920 2009-08-05] (HP)
S3 HPZipr12; C:\Windows\System32\DRIVERS\HPZipr12.sys [16496 2009-08-05] (HP)
S3 HPZius12; C:\Windows\System32\DRIVERS\HPZius12.sys [21568 2009-08-05] (HP)
S3 i81x; C:\Windows\System32\DRIVERS\i81xnt5.sys [161020 2004-08-03] (Intel® Corporation)
S3 iAimFP0; C:\Windows\System32\DRIVERS\wADV01nt.sys [12415 2004-08-03] (Intel® Corporation)
S3 iAimFP1; C:\Windows\System32\DRIVERS\wADV02NT.sys [12127 2004-08-03] (Intel® Corporation)
S3 iAimFP2; C:\Windows\System32\DRIVERS\wADV05NT.sys [11775 2004-08-03] (Intel® Corporation)
S3 iAimFP3; C:\Windows\System32\DRIVERS\wSiINTxx.sys [12063 2004-08-03] (Intel® Corporation)
S3 iAimFP4; C:\Windows\System32\DRIVERS\wVchNTxx.sys [19455 2004-08-03] (Intel® Corporation)
S3 iAimTV0; C:\Windows\System32\DRIVERS\wATV01nt.sys [29311 2004-08-03] (Intel® Corporation)
S3 iAimTV1; C:\Windows\System32\DRIVERS\wATV02NT.sys [19551 2004-08-03] (Intel® Corporation)
S3 iAimTV3; C:\Windows\System32\DRIVERS\wATV04nt.sys [33599 2004-08-03] (Intel® Corporation)
S3 iAimTV4; C:\Windows\System32\DRIVERS\wCh7xxNT.sys [23615 2004-08-03] (Intel® Corporation)
R3 L1c; C:\Windows\System32\DRIVERS\l1c51x86.sys [62576 2010-12-27] (Atheros Communications, Inc.)
R3 MEI; C:\Windows\System32\DRIVERS\HECI.sys [41088 2010-10-19] (Intel Corporation)
R3 monfilt; C:\Windows\System32\drivers\monfilt.sys [1389056 2008-02-14] (Creative Technology Ltd.)
R3 MxlW2k; C:\Windows\System32\Drivers\MxlW2k.sys [28164 2003-04-23] (MusicMatch, Inc.)
R3 NAVAP; C:\Program Files\NavNT\NAVAP.sys [176208 2001-09-24] ()
R2 NAVAPEL; C:\Program Files\NavNT\NAVAPEL.SYS [9232 2001-09-24] ()
R3 NAVENG; C:\Program Files\Common Files\Symantec Shared\VirusDefs\20101013.002\NAVENG.SYS [86064 2010-10-13] (Symantec Corporation)
R3 NAVEX15; C:\Program Files\Common Files\Symantec Shared\VirusDefs\20101013.002\NAVEX15.SYS [1371184 2010-10-13] (Symantec Corporation)
S3 OlyCamComm; C:\Windows\System32\DRIVERS\OlyCamComm.sys [21648 2009-09-10] (OLYMPUS IMAGING CORP.)
S1 P3; C:\Windows\System32\DRIVERS\p3.sys [42752 2008-04-14] (Microsoft Corporation)
S3 QV2KUX; C:\Windows\System32\DRIVERS\qv2kux.sys [3328 2001-08-17] (Microsoft Corporation)
R1 SASDIFSV; C:\Program Files\SUPERAntiSpyware\SASDIFSV.SYS [12872 2010-05-06] (SUPERAdBlocker.com and SUPERAntiSpyware.com)
S3 SASENUM; C:\Program Files\SUPERAntiSpyware\SASENUM.SYS [12872 2010-05-06] ( SUPERAdBlocker.com and SUPERAntiSpyware.com)
R1 SASKUTIL; C:\Program Files\SUPERAntiSpyware\SASKUTIL.sys [67664 2014-01-16] (SUPERAdBlocker.com and SUPERAntiSpyware.com)
S3 SONYPVU1; C:\Windows\System32\DRIVERS\SONYPVU1.SYS [7552 2001-08-17] (Sony Corporation)
R3 SymEvent; C:\Program Files\Symantec\SYMEVENT.SYS [82136 2003-08-15] (Symantec Corporation)
R3 VIAHdAudAddService; C:\Windows\System32\drivers\viahduaa.sys [2135280 2010-10-01] (VIA Technologies, Inc.)
R1 Vsdatant; C:\Windows\System32\vsdatant.sys [529640 2013-12-16] (Check Point Software Technologies LTD)
R3 wanatw; C:\Windows\System32\DRIVERS\wanatw4.sys [33588 2002-10-08] (America Online, Inc.)
S3 {6080A529-897E-4629-A488-ABA0C29B635E}; C:\Windows\System32\drivers\ialmsbw.sys [108736 2003-01-14] (Intel Corporation)
S3 {D31A0762-0CEB-444e-ACFF-B049A1F6FE91}; C:\Windows\System32\drivers\ialmkchw.sys [78272 2003-01-14] (Intel Corporation)
S0 87838909; system32\drivers\73257380.sys [x]
S3 bvrp_pci; No ImagePath
S3 catchme; \??\C:\DOCUME~1\Salon\LOCALS~1\Temp\catchme.sys [x]
S3 iAimTV2; System32\DRIVERS\wATV03nt.sys [x]
S4 LMIRfsClientNP; No ImagePath
U5 ScsiPort; C:\Windows\system32\drivers\scsiport.sys [96384 2008-04-14] (Microsoft Corporation)
U5 Tcpip6; C:\Windows\System32\Drivers\Tcpip6.sys [226880 2010-02-11] (Microsoft Corporation)

==================== NetSvcs (Whitelisted) ===================


==================== One Month Created Files and Folders ========

2014-01-25 15:27 - 2014-01-25 15:28 - 00016346 _____ C:\Documents and Settings\Salon\Desktop\FRST.txt
2014-01-25 15:26 - 2014-01-25 15:26 - 01222144 _____ (Farbar) C:\Documents and Settings\Salon\Desktop\FRST.exe
2014-01-23 00:12 - 2014-01-23 00:12 - 00225288 _____ C:\Documents and Settings\LocalService\Local Settings\Application Data\FontCache3.0.0.0.dat
2014-01-22 09:47 - 2014-01-23 00:14 - 00000772 _____ C:\Documents and Settings\All Users\Start Menu\Programs\LogMeIn Client.lnk
2014-01-22 09:47 - 2014-01-22 09:47 - 00000756 _____ C:\Documents and Settings\All Users\Start Menu\Programs\LogMeIn Control Panel.lnk
2014-01-22 09:42 - 2014-01-22 09:42 - 00000000 ____D C:\Documents and Settings\All Users\Documents\CrashDump
2014-01-22 08:06 - 2014-01-22 08:06 - 00017351 _____ C:\ComboFix.txt
2014-01-21 21:11 - 2014-01-21 21:12 - 05172786 ____R (Swearware) C:\Documents and Settings\Salon\Desktop\ComboFix.exe
2014-01-21 15:48 - 2014-01-21 15:48 - 00000296 _____ C:\Documents and Settings\Salon\Desktop\registry backup.reg
2014-01-21 11:50 - 2008-04-14 05:42 - 00116224 _____ (Xerox) C:\WINDOWS\system32\dllcache\xrxwiadr.dll
2014-01-21 11:50 - 2008-04-14 05:42 - 00018944 _____ () C:\WINDOWS\system32\dllcache\xrxscnui.dll
2014-01-21 11:50 - 2002-08-29 05:00 - 00028288 _____ C:\WINDOWS\system32\dllcache\xjis.nls
2014-01-21 11:50 - 2001-08-17 22:37 - 00099865 _____ (Eicon Technology) C:\WINDOWS\system32\dllcache\xlog.exe
2014-01-21 11:50 - 2001-08-17 22:37 - 00027648 _____ () C:\WINDOWS\system32\dllcache\xrxftplt.exe
2014-01-21 11:50 - 2001-08-17 22:37 - 00004608 _____ (Microsoft Corporation) C:\WINDOWS\system32\dllcache\xrxflnch.exe
2014-01-21 11:50 - 2001-08-17 22:36 - 00023040 _____ (Xerox Corporation) C:\WINDOWS\system32\dllcache\xrxwbtmp.dll
2014-01-21 11:50 - 2001-08-17 12:11 - 00016970 _____ (US Robotics MCD (Megahertz)) C:\WINDOWS\system32\dllcache\xem336n5.sys
2014-01-21 11:49 - 2008-04-14 05:42 - 00082944 _____ (IBM Corporation) C:\WINDOWS\system32\dllcache\tp4mon.exe
2014-01-21 11:49 - 2008-04-14 05:42 - 00053760 _____ (Microsoft Corporation) C:\WINDOWS\system32\dllcache\vfwwdm32.dll
2014-01-21 11:49 - 2008-04-14 05:42 - 00008192 _____ (Microsoft Corporation) C:\WINDOWS\system32\dllcache\wshirda.dll
2014-01-21 11:49 - 2008-04-14 00:15 - 00031744 _____ (Microsoft Corporation) C:\WINDOWS\system32\dllcache\wceusbsh.sys
2014-01-21 11:49 - 2008-04-14 00:15 - 00026112 _____ (Microsoft Corporation) C:\WINDOWS\system32\dllcache\usbser.sys
2014-01-21 11:49 - 2008-04-14 00:15 - 00017152 _____ (Microsoft Corporation) C:\WINDOWS\system32\dllcache\usbohci.sys
2014-01-21 11:49 - 2008-04-14 00:10 - 00149376 _____ (M-Systems) C:\WINDOWS\system32\dllcache\tffsport.sys
2014-01-21 11:49 - 2008-04-14 00:06 - 00008832 _____ (Microsoft Corporation) C:\WINDOWS\system32\dllcache\wmiacpi.sys
2014-01-21 11:49 - 2008-04-13 22:05 - 00154624 _____ (Lucent Technologies) C:\WINDOWS\system32\dllcache\wlluc48.sys
2014-01-21 11:49 - 2008-04-13 22:05 - 00032384 _____ (KLSI USA, Inc.) C:\WINDOWS\system32\dllcache\usb101et.sys
2014-01-21 11:49 - 2002-08-29 05:00 - 00185344 _____ (Microsoft Corporation) C:\WINDOWS\system32\dllcache\thawbrkr.dll
2014-01-21 11:49 - 2002-08-29 05:00 - 00073728 _____ (Microsoft Corporation) C:\WINDOWS\system32\dllcache\w3ext.dll
2014-01-21 11:49 - 2002-08-29 05:00 - 00048256 _____ (Microsoft Corporation) C:\WINDOWS\system32\dllcache\w32.dll
2014-01-21 11:49 - 2002-08-29 05:00 - 00041600 _____ (Microsoft Corporation) C:\WINDOWS\system32\dllcache\weitekp9.dll
2014-01-21 11:49 - 2002-08-29 05:00 - 00031232 _____ (Microsoft Corporation) C:\WINDOWS\system32\dllcache\weitekp9.sys
2014-01-21 11:49 - 2002-08-29 05:00 - 00021896 _____ (Microsoft Corporation) C:\WINDOWS\system32\dllcache\tdipx.sys
2014-01-21 11:49 - 2002-08-29 05:00 - 00019464 _____ (Microsoft Corporation) C:\WINDOWS\system32\dllcache\tdspx.sys
2014-01-21 11:49 - 2002-08-29 05:00 - 00014336 _____ (Microsoft Corporation) C:\WINDOWS\system32\dllcache\tsprof.exe
2014-01-21 11:49 - 2002-08-29 05:00 - 00013192 _____ (Microsoft Corporation) C:\WINDOWS\system32\dllcache\tdasync.sys
2014-01-21 11:49 - 2002-08-29 05:00 - 00009216 _____ (Microsoft Corporation) C:\WINDOWS\system32\dllcache\wamps51.dll
2014-01-21 11:49 - 2002-08-29 05:00 - 00005632 _____ (Microsoft Corporation) C:\WINDOWS\system32\dllcache\w3svapi.dll
2014-01-21 11:49 - 2002-08-29 05:00 - 00004608 _____ (Microsoft Corporation) C:\WINDOWS\system32\dllcache\w3ctrs51.dll
2014-01-21 11:49 - 2001-08-17 22:36 - 00525568 _____ (Trident Microsystems Inc.) C:\WINDOWS\system32\dllcache\tridxp.dll
2014-01-21 11:49 - 2001-08-17 22:36 - 00216064 _____ (UMAX Data Systems Inc.) C:\WINDOWS\system32\dllcache\um34scan.dll
2014-01-21 11:49 - 2001-08-17 22:36 - 00211968 _____ (UMAX Data Systems Inc.) C:\WINDOWS\system32\dllcache\um54scan.dll
2014-01-21 11:49 - 2001-08-17 22:36 - 00094720 _____ (Microsoft Corporation) C:\WINDOWS\system32\dllcache\umaxud32.dll
2014-01-21 11:49 - 2001-08-17 22:36 - 00069632 _____ (Microsoft Corporation) C:\WINDOWS\system32\dllcache\umaxu12.dll
2014-01-21 11:49 - 2001-08-17 22:36 - 00053760 _____ (Microsoft Corporation) C:\WINDOWS\system32\dllcache\wiamsmud.dll
2014-01-21 11:49 - 2001-08-17 22:36 - 00050688 _____ (UMAX DATA SYSTEMS INC.) C:\WINDOWS\system32\dllcache\umaxscan.dll
2014-01-21 11:49 - 2001-08-17 22:36 - 00050176 _____ (Microsoft Corporation) C:\WINDOWS\system32\dllcache\umaxp60.dll
2014-01-21 11:49 - 2001-08-17 22:36 - 00047616 _____ (Microsoft Corporation) C:\WINDOWS\system32\dllcache\umaxcam.dll
2014-01-21 11:49 - 2001-08-17 22:36 - 00031744 _____ (IBM Corporation) C:\WINDOWS\system32\dllcache\tp4.dll
2014-01-21 11:49 - 2001-08-17 22:36 - 00028160 _____ (Microsoft Corporation) C:\WINDOWS\system32\dllcache\umaxu40.dll
2014-01-21 11:49 - 2001-08-17 22:36 - 00026624 _____ (Microsoft Corporation) C:\WINDOWS\system32\dllcache\umaxu22.dll
2014-01-21 11:49 - 2001-08-17 22:35 - 00042496 _____ (IBM Corporation) C:\WINDOWS\system32\dllcache\tp4res.dll
2014-01-21 11:49 - 2001-08-17 14:56 - 00440576 _____ (Trident Microsystems Inc.) C:\WINDOWS\system32\dllcache\tridkb.dll
2014-01-21 11:49 - 2001-08-17 14:56 - 00315520 _____ (Trident Microsystems Inc.) C:\WINDOWS\system32\dllcache\trid3d.dll
2014-01-21 11:49 - 2001-08-17 14:56 - 00081408 _____ (Trident Microsystems Inc.) C:\WINDOWS\system32\dllcache\tgiul50.dll
2014-01-21 11:49 - 2001-08-17 14:02 - 00230912 _____ (Toshiba Corporation) C:\WINDOWS\system32\dllcache\tosdvd03.sys
2014-01-21 11:49 - 2001-08-17 14:01 - 00241664 _____ (Toshiba Corporation) C:\WINDOWS\system32\dllcache\tosdvd02.sys
2014-01-21 11:49 - 2001-08-17 13:58 - 00022912 _____ (Microsoft Corporation) C:\WINDOWS\system32\dllcache\umaxpcls.sys
2014-01-21 11:49 - 2001-08-17 13:49 - 00024576 _____ (VIA Technologies, Inc.) C:\WINDOWS\system32\dllcache\viairda.sys
2014-01-21 11:49 - 2001-08-17 13:48 - 00011520 _____ (IBM Corporation) C:\WINDOWS\system32\dllcache\twotrack.sys
2014-01-21 11:49 - 2001-08-17 13:28 - 00794654 _____ (U.S. Robotics, Inc.) C:\WINDOWS\system32\dllcache\usr1801.sys
2014-01-21 11:49 - 2001-08-17 13:28 - 00794399 _____ (U.S. Robotics, Inc.) C:\WINDOWS\system32\dllcache\usr1806v.sys
2014-01-21 11:49 - 2001-08-17 13:28 - 00793598 _____ (U.S. Robotics, Inc.) C:\WINDOWS\system32\dllcache\usr1806.sys
2014-01-21 11:49 - 2001-08-17 13:28 - 00771581 _____ (Rockwell) C:\WINDOWS\system32\dllcache\winacisa.sys
2014-01-21 11:49 - 2001-08-17 13:28 - 00765884 _____ (U.S. Robotics, Inc.) C:\WINDOWS\system32\dllcache\usrti.sys
2014-01-21 11:49 - 2001-08-17 13:28 - 00701386 _____ (3Com Corporation) C:\WINDOWS\system32\dllcache\wdhaalba.sys
2014-01-21 11:49 - 2001-08-17 13:28 - 00687999 _____ (U.S. Robotics Corporation) C:\WINDOWS\system32\dllcache\usrwdxjs.sys
2014-01-21 11:49 - 2001-08-17 13:28 - 00604253 _____ (PCTEL, INC.) C:\WINDOWS\system32\dllcache\vmodem.sys
2014-01-21 11:49 - 2001-08-17 13:28 - 00397502 _____ (PCtel, Inc.) C:\WINDOWS\system32\dllcache\vpctcom.sys
2014-01-21 11:49 - 2001-08-17 13:28 - 00224802 _____ (U.S. Robotics Corporation) C:\WINDOWS\system32\dllcache\usr1807a.sys
2014-01-21 11:49 - 2001-08-17 13:28 - 00113762 _____ (U.S. Robotics Corporation) C:\WINDOWS\system32\dllcache\usrpda.sys
2014-01-21 11:49 - 2001-08-17 13:28 - 00064605 _____ (PCtel, Inc.) C:\WINDOWS\system32\dllcache\vvoice.sys
2014-01-21 11:49 - 2001-08-17 13:28 - 00007556 _____ (U.S. Robotics Corporation) C:\WINDOWS\system32\dllcache\usroslba.sys
2014-01-21 11:49 - 2001-08-17 12:51 - 00222336 _____ (Trident Microsystems Inc.) C:\WINDOWS\system32\dllcache\trid3dm.sys
2014-01-21 11:49 - 2001-08-17 12:51 - 00166784 _____ (Trident Microsystems Inc.) C:\WINDOWS\system32\dllcache\tridxpm.sys
2014-01-21 11:49 - 2001-08-17 12:51 - 00159232 _____ (Trident Microsystems Inc.) C:\WINDOWS\system32\dllcache\tridkbm.sys
2014-01-21 11:49 - 2001-08-17 12:51 - 00138528 _____ (Trident Microsystems Inc.) C:\WINDOWS\system32\dllcache\tgiulnt5.sys
2014-01-21 11:49 - 2001-08-17 12:14 - 00249402 _____ (Xircom) C:\WINDOWS\system32\dllcache\vinwm.sys
2014-01-21 11:49 - 2001-08-17 12:14 - 00123995 _____ (Tiger Jet Network) C:\WINDOWS\system32\dllcache\tjisdn.sys
2014-01-21 11:49 - 2001-08-17 12:13 - 00037961 _____ (TDK Corporation) C:\WINDOWS\system32\dllcache\tdk100b.sys
2014-01-21 11:49 - 2001-08-17 12:13 - 00019528 _____ (Winbond Electronics Corporation) C:\WINDOWS\system32\dllcache\w840nd.sys
2014-01-21 11:49 - 2001-08-17 12:13 - 00019016 _____ (Winbond Electronics Corporation) C:\WINDOWS\system32\dllcache\w926nd.sys
2014-01-21 11:49 - 2001-08-17 12:13 - 00017129 _____ (TDK Corporation) C:\WINDOWS\system32\dllcache\tdkcd31.sys
2014-01-21 11:49 - 2001-08-17 12:13 - 00016925 _____ (Winbond Electronics Corporation) C:\WINDOWS\system32\dllcache\w940nd.sys
2014-01-21 11:49 - 2001-08-17 12:12 - 00034890 _____ (Raytheon Corp.) C:\WINDOWS\system32\dllcache\wlandrv2.sys
2014-01-21 11:49 - 2001-08-17 12:12 - 00034375 _____ (Intel Corporation) C:\WINDOWS\system32\dllcache\tpro4.sys
2014-01-21 11:49 - 2001-08-17 12:10 - 00035871 _____ (Winbond Electronics Corp.) C:\WINDOWS\system32\dllcache\wbfirdma.sys
2014-01-21 11:49 - 2001-08-17 12:10 - 00028232 _____ (TOSHIBA Corporation) C:\WINDOWS\system32\dllcache\tos4mo.sys
2014-01-21 11:48 - 2008-04-14 05:42 - 00029696 _____ (Ricoh Co., Ltd.) C:\WINDOWS\system32\dllcache\rw450ext.dll
2014-01-21 11:48 - 2008-04-14 05:42 - 00027648 _____ (Ricoh Co., Ltd.) C:\WINDOWS\system32\dllcache\rw430ext.dll
2014-01-21 11:48 - 2008-04-14 00:15 - 00011520 _____ (Microsoft Corporation) C:\WINDOWS\system32\dllcache\scsiscan.sys
2014-01-21 11:48 - 2008-04-14 00:10 - 00079104 _____ (Comtrol Corporation) C:\WINDOWS\system32\dllcache\rocket.sys
2014-01-21 11:48 - 2008-04-14 00:10 - 00043904 _____ (Microsoft Corporation) C:\WINDOWS\system32\dllcache\sbp2port.sys
2014-01-21 11:48 - 2008-04-14 00:10 - 00007552 _____ (Microsoft Corporation) C:\WINDOWS\system32\dllcache\sonyait.sys
2014-01-21 11:48 - 2008-04-14 00:06 - 00016000 _____ (Microsoft Corporation) C:\WINDOWS\system32\dllcache\smbbatt.sys
2014-01-21 11:48 - 2008-04-14 00:06 - 00006912 _____ (Microsoft Corporation) C:\WINDOWS\system32\dllcache\smbclass.sys
2014-01-21 11:48 - 2008-04-13 22:05 - 00063547 _____ (Symbol Technologies) C:\WINDOWS\system32\dllcache\sla30nd5.sys
2014-01-21 11:48 - 2008-04-13 22:05 - 00032768 _____ (SiS Corporation) C:\WINDOWS\system32\dllcache\sisnic.sys
2014-01-21 11:48 - 2008-04-13 22:05 - 00020992 _____ (Realtek Semiconductor Corporation) C:\WINDOWS\system32\dllcache\rtl8139.sys
2014-01-21 11:48 - 2002-08-29 05:00 - 00143422 _____ (Microsoft Corporation) C:\WINDOWS\system32\dllcache\softkey.dll
2014-01-21 11:48 - 2002-08-29 05:00 - 00101376 _____ (Microsoft Corporation) C:\WINDOWS\system32\dllcache\srusbusd.dll
2014-01-21 11:48 - 2002-08-29 05:00 - 00079872 _____ (Ricoh Co., Ltd.) C:\WINDOWS\system32\dllcache\rwia330.dll
2014-01-21 11:48 - 2002-08-29 05:00 - 00079872 _____ (Ricoh Co., Ltd.) C:\WINDOWS\system32\dllcache\rwia001.dll
2014-01-21 11:48 - 2002-08-29 05:00 - 00038912 _____ (Microsoft Corporation) C:\WINDOWS\system32\dllcache\sm9aw.dll
2014-01-21 11:48 - 2002-08-29 05:00 - 00031744 _____ (Microsoft Corporation) C:\WINDOWS\system32\dllcache\smb6w.dll
2014-01-21 11:48 - 2002-08-29 05:00 - 00031744 _____ (Microsoft Corporation) C:\WINDOWS\system32\dllcache\sma3w.dll
2014-01-21 11:48 - 2002-08-29 05:00 - 00030208 _____ (Microsoft Corporation) C:\WINDOWS\system32\dllcache\sm87w.dll
2014-01-21 11:48 - 2002-08-29 05:00 - 00030208 _____ (Microsoft Corporation) C:\WINDOWS\system32\dllcache\sm81w.dll
2014-01-21 11:48 - 2002-08-29 05:00 - 00029184 _____ (Microsoft Corporation) C:\WINDOWS\system32\dllcache\sm8cw.dll
2014-01-21 11:48 - 2002-08-29 05:00 - 00026624 _____ (Microsoft Corporation) C:\WINDOWS\system32\dllcache\sm93w.dll
2014-01-21 11:48 - 2002-08-29 05:00 - 00026624 _____ (Microsoft Corporation) C:\WINDOWS\system32\dllcache\sm92w.dll
2014-01-21 11:48 - 2002-08-29 05:00 - 00026112 _____ (Microsoft Corporation) C:\WINDOWS\system32\dllcache\sm90w.dll
2014-01-21 11:48 - 2002-08-29 05:00 - 00026112 _____ (Microsoft Corporation) C:\WINDOWS\system32\dllcache\sm8dw.dll
2014-01-21 11:48 - 2002-08-29 05:00 - 00026112 _____ (Microsoft Corporation) C:\WINDOWS\system32\dllcache\sm8aw.dll
2014-01-21 11:48 - 2002-08-29 05:00 - 00026112 _____ (Microsoft Corporation) C:\WINDOWS\system32\dllcache\sm89w.dll
2014-01-21 11:48 - 2002-08-29 05:00 - 00025088 _____ (Microsoft Corporation) C:\WINDOWS\system32\dllcache\sm59w.dll
2014-01-21 11:48 - 2002-08-29 05:00 - 00018944 _____ (Microsoft Corporation) C:\WINDOWS\system32\dllcache\simptcp.dll
2014-01-21 11:48 - 2002-08-29 05:00 - 00016896 _____ (Microsoft Corporation) C:\WINDOWS\system32\dllcache\status.dll
2014-01-21 11:48 - 2002-08-29 05:00 - 00015872 _____ (Microsoft Corporation) C:\WINDOWS\system32\dllcache\smierrsm.dll
2014-01-21 11:48 - 2002-08-29 05:00 - 00010240 _____ (Microsoft Corporation) C:\WINDOWS\system32\dllcache\snmpstup.dll
2014-01-21 11:48 - 2002-08-29 05:00 - 00005632 _____ (Microsoft Corporation) C:\WINDOWS\system32\dllcache\smimsgif.dll
2014-01-21 11:48 - 2002-08-29 05:00 - 00005632 _____ (Microsoft Corporation) C:\WINDOWS\system32\dllcache\smierrsy.dll
2014-01-21 11:48 - 2001-08-17 22:36 - 00495616 _____ (Creative Technology Ltd.) C:\WINDOWS\system32\dllcache\sblfx.dll
2014-01-21 11:48 - 2001-08-17 22:36 - 00386560 _____ (Trident Microsystems Inc.) C:\WINDOWS\system32\dllcache\sgiul50.dll
2014-01-21 11:48 - 2001-08-17 22:36 - 00238592 _____ (Silicon Integrated Systems Corporation) C:\WINDOWS\system32\dllcache\sisgrv.dll
2014-01-21 11:48 - 2001-08-17 22:36 - 00155648 _____ (Stallion Technologies) C:\WINDOWS\system32\dllcache\stlnprop.dll
2014-01-21 11:48 - 2001-08-17 22:36 - 00114688 _____ (Sony Corporation) C:\WINDOWS\system32\dllcache\sonypi.dll
2014-01-21 11:48 - 2001-08-17 22:36 - 00106584 _____ (Perle Systems Ltd.) C:\WINDOWS\system32\dllcache\spdports.dll
2014-01-21 11:48 - 2001-08-17 22:36 - 00099328 _____ (Microsoft Corporation) C:\WINDOWS\system32\dllcache\srusd.dll
2014-01-21 11:48 - 2001-08-17 22:36 - 00094293 _____ (Perle Systems Ltd. ) C:\WINDOWS\system32\dllcache\sxports.dll
2014-01-21 11:48 - 2001-08-17 22:36 - 00086097 _____ (Xircom) C:\WINDOWS\system32\dllcache\reslog32.dll
2014-01-21 11:48 - 2001-08-17 22:36 - 00082432 _____ (Ricoh Co., Ltd.) C:\WINDOWS\system32\dllcache\rwia450.dll
2014-01-21 11:48 - 2001-08-17 22:36 - 00079872 _____ (Ricoh Co., Ltd.) C:\WINDOWS\system32\dllcache\rwia430.dll
2014-01-21 11:48 - 2001-08-17 22:36 - 00062496 _____ (S3 Incorporated) C:\WINDOWS\system32\dllcache\s3mtrio.dll
2014-01-21 11:48 - 2001-08-17 22:36 - 00057856 _____ (Microsoft Corporation) C:\WINDOWS\system32\dllcache\EXCH_scripto.dll
2014-01-21 11:48 - 2001-08-17 22:36 - 00053760 _____ (Microsoft Corporation) C:\WINDOWS\system32\dllcache\sw_wheel.dll
2014-01-21 11:48 - 2001-08-17 22:36 - 00053248 _____ (Stallion Technologies) C:\WINDOWS\system32\dllcache\stlncoin.dll
2014-01-21 11:48 - 2001-08-17 22:36 - 00045568 _____ (Microsoft Corporation) C:\WINDOWS\system32\dllcache\smb3w.dll
2014-01-21 11:48 - 2001-08-17 22:36 - 00041472 _____ (Microsoft Corporation) C:\WINDOWS\system32\dllcache\sw_effct.dll
2014-01-21 11:48 - 2001-08-17 22:36 - 00033792 _____ (Microsoft Corporation) C:\WINDOWS\system32\dllcache\smb0w.dll
2014-01-21 11:48 - 2001-08-17 22:36 - 00028672 _____ (Microsoft Corporation) C:\WINDOWS\system32\dllcache\sma0w.dll
2014-01-21 11:48 - 2001-08-17 22:36 - 00028160 _____ (Microsoft Corporation) C:\WINDOWS\system32\dllcache\sm91w.dll
2014-01-21 11:48 - 2001-08-17 22:36 - 00026112 _____ (Microsoft Corporation) C:\WINDOWS\system32\dllcache\EXCH_seos.dll
2014-01-21 11:48 - 2001-08-17 22:36 - 00024660 _____ (Perle Systems Ltd.) C:\WINDOWS\system32\dllcache\spxupchk.dll
2014-01-21 11:48 - 2001-08-17 22:36 - 00012288 _____ (Microsoft Corporation) C:\WINDOWS\system32\dllcache\EXCH_smtpctrs.dll
2014-01-21 11:48 - 2001-08-17 22:36 - 00010240 _____ (Microsoft Corporation) C:\WINDOWS\system32\dllcache\swpidflt.dll
2014-01-21 11:48 - 2001-08-17 22:36 - 00010240 _____ (Microsoft Corporation) C:\WINDOWS\system32\dllcache\swpdflt2.dll
2014-01-21 11:48 - 2001-08-17 22:36 - 00009216 _____ (Brother Industries, Ltd.) C:\WINDOWS\system32\dllcache\rsmgrstr.dll
2014-01-21 11:48 - 2001-08-17 22:36 - 00007168 _____ (Microsoft Corporation) C:\WINDOWS\system32\dllcache\EXCH_snprfdll.dll
2014-01-21 11:48 - 2001-08-17 14:56 - 00252032 _____ (Silicon Integrated Systems Corporation) C:\WINDOWS\system32\dllcache\sis300iv.dll
2014-01-21 11:48 - 2001-08-17 14:56 - 00245632 _____ (S3 Graphics, Inc.) C:\WINDOWS\system32\dllcache\s3savmx.dll
2014-01-21 11:48 - 2001-08-17 14:56 - 00210496 _____ (S3 Incorporated) C:\WINDOWS\system32\dllcache\s3mvirge.dll
2014-01-21 11:48 - 2001-08-17 14:56 - 00198400 _____ (S3 Incorporated) C:\WINDOWS\system32\dllcache\s3sav4.dll
2014-01-21 11:48 - 2001-08-17 14:56 - 00182272 _____ (S3 Incorporated) C:\WINDOWS\system32\dllcache\s3mt3d.dll
2014-01-21 11:48 - 2001-08-17 14:56 - 00179264 _____ (S3 Incorporated) C:\WINDOWS\system32\dllcache\s3sav3d.dll
2014-01-21 11:48 - 2001-08-17 14:56 - 00172768 _____ (Number Nine Visual Technology) C:\WINDOWS\system32\dllcache\t2r4disp.dll
2014-01-21 11:48 - 2001-08-17 14:56 - 00157696 _____ (Silicon Integrated Systems Corporation) C:\WINDOWS\system32\dllcache\sisv256.dll
2014-01-21 11:48 - 2001-08-17 14:56 - 00150144 _____ (Silicon Integrated Systems Corporation) C:\WINDOWS\system32\dllcache\sis6306v.dll
2014-01-21 11:48 - 2001-08-17 14:56 - 00147200 _____ (Silicon Motion Inc.) C:\WINDOWS\system32\dllcache\smidispb.dll
2014-01-21 11:48 - 2001-08-17 14:02 - 00003968 _____ (Microsoft Corporation) C:\WINDOWS\system32\dllcache\swusbflt.sys
2014-01-21 11:48 - 2001-08-17 13:57 - 00065664 _____ (Microsoft Corporation) C:\WINDOWS\system32\dllcache\s3legacy.sys
2014-01-21 11:48 - 2001-08-17 13:57 - 00006784 _____ (Microsoft Corporation) C:\WINDOWS\system32\dllcache\smbhc.sys
2014-01-21 11:48 - 2001-08-17 13:53 - 00009600 _____ (Microsoft Corporation) C:\WINDOWS\system32\dllcache\sonymc.sys
2014-01-21 11:48 - 2001-08-17 13:53 - 00007040 _____ (Microsoft Corporation) C:\WINDOWS\system32\dllcache\snyaitmc.sys
2014-01-21 11:48 - 2001-08-17 13:53 - 00006912 _____ (Microsoft Corporation) C:\WINDOWS\system32\dllcache\seaddsmc.sys
2014-01-21 11:48 - 2001-08-17 13:53 - 00006784 _____ (Microsoft Corporation) C:\WINDOWS\system32\dllcache\serscan.sys
2014-01-21 11:48 - 2001-08-17 13:52 - 00011648 _____ (Microsoft Corporation) C:\WINDOWS\system32\dllcache\scsiprnt.sys
2014-01-21 11:48 - 2001-08-17 13:52 - 00007040 _____ (Microsoft Corporation) C:\WINDOWS\system32\dllcache\tandqic.sys
2014-01-21 11:48 - 2001-08-17 13:51 - 00061824 _____ (Perle Systems Ltd.) C:\WINDOWS\system32\dllcache\speed.sys
2014-01-21 11:48 - 2001-08-17 13:51 - 00023936 _____ (OMNIKEY AG) C:\WINDOWS\system32\dllcache\sccmusbm.sys
2014-01-21 11:48 - 2001-08-17 13:51 - 00023936 _____ (OMNIKEY AG) C:\WINDOWS\system32\dllcache\sccmn50m.sys
2014-01-21 11:48 - 2001-08-17 13:51 - 00017280 _____ (SCM Microsystems) C:\WINDOWS\system32\dllcache\scr111.sys
2014-01-21 11:48 - 2001-08-17 13:51 - 00016896 _____ (SCM Microsystems, Inc.) C:\WINDOWS\system32\dllcache\stcusb.sys
2014-01-21 11:48 - 2001-08-17 13:51 - 00016640 _____ (Microsoft Corporation) C:\WINDOWS\system32\dllcache\scmstcs.sys
2014-01-21 11:48 - 2001-08-17 13:50 - 00103936 _____ (Perle Systems Ltd. ) C:\WINDOWS\system32\dllcache\sx.sys
2014-01-21 11:48 - 2001-08-17 13:49 - 00030464 _____ (Toshiba Corporation) C:\WINDOWS\system32\dllcache\tbatm155.sys
2014-01-21 11:48 - 2001-08-17 13:48 - 00017664 _____ (Microsoft Corporation) C:\WINDOWS\system32\dllcache\sermouse.sys
2014-01-21 11:48 - 2001-08-17 12:51 - 00098080 _____ (Trident Microsystems Inc.) C:\WINDOWS\system32\dllcache\sgiulnt5.sys
2014-01-21 11:48 - 2001-08-17 12:51 - 00058368 _____ (Silicon Motion Inc.) C:\WINDOWS\system32\dllcache\smiminib.sys
2014-01-21 11:48 - 2001-08-17 12:51 - 00037040 _____ (Sony Corporation) C:\WINDOWS\system32\dllcache\sonypi.sys
2014-01-21 11:48 - 2001-08-17 12:51 - 00020752 _____ (Sony Corporation) C:\WINDOWS\system32\dllcache\sonync.sys
2014-01-21 11:48 - 2001-08-17 12:50 - 00166720 _____ (S3 Incorporated) C:\WINDOWS\system32\dllcache\s3m.sys
2014-01-21 11:48 - 2001-08-17 12:50 - 00104064 _____ (Silicon Integrated Systems Corporation) C:\WINDOWS\system32\dllcache\sisgrp.sys
2014-01-21 11:48 - 2001-08-17 12:50 - 00101760 _____ (Silicon Integrated Systems Corporation) C:\WINDOWS\system32\dllcache\sis300ip.sys
2014-01-21 11:48 - 2001-08-17 12:50 - 00077824 _____ (S3 Incorporated) C:\WINDOWS\system32\dllcache\s3sav4m.sys
2014-01-21 11:48 - 2001-08-17 12:50 - 00075392 _____ (S3 Graphics, Inc.) C:\WINDOWS\system32\dllcache\s3savmxm.sys
2014-01-21 11:48 - 2001-08-17 12:50 - 00068608 _____ (Silicon Integrated Systems Corporation) C:\WINDOWS\system32\dllcache\sis6306p.sys
2014-01-21 11:48 - 2001-08-17 12:50 - 00061504 _____ (S3 Incorporated) C:\WINDOWS\system32\dllcache\s3sav3dm.sys
2014-01-21 11:48 - 2001-08-17 12:50 - 00050432 _____ (Silicon Integrated Systems Corporation) C:\WINDOWS\system32\dllcache\sisv.sys
2014-01-21 11:48 - 2001-08-17 12:50 - 00041216 _____ (S3 Incorporated) C:\WINDOWS\system32\dllcache\s3mt3d.sys
2014-01-21 11:48 - 2001-08-17 12:50 - 00036640 _____ (Number Nine Visual Technology Corp.) C:\WINDOWS\system32\dllcache\t2r4mini.sys
2014-01-21 11:48 - 2001-08-17 12:19 - 00036480 _____ (Creative Technology Ltd.) C:\WINDOWS\system32\dllcache\sfmanm.sys
2014-01-21 11:48 - 2001-08-17 12:19 - 00030720 _____ (Conexant Systems Inc.) C:\WINDOWS\system32\dllcache\rthwcls.sys
2014-01-21 11:48 - 2001-08-17 12:19 - 00003840 _____ (Conexant Systems Inc.) C:\WINDOWS\system32\dllcache\rpfun.sys
2014-01-21 11:48 - 2001-08-17 12:18 - 00285760 _____ (Stallion Technologies) C:\WINDOWS\system32\dllcache\stlnata.sys
2014-01-21 11:48 - 2001-08-17 12:12 - 00094698 _____ (SysKonnect GmbH.) C:\WINDOWS\system32\dllcache\sk98xwin.sys
2014-01-21 11:48 - 2001-08-17 12:12 - 00091294 _____ (SysKonnect, a business unit of Schneider & Koch & Co. Datensysteme GmbH.) C:\WINDOWS\system32\dllcache\skfpwin.sys
2014-01-21 11:48 - 2001-08-17 12:12 - 00037563 _____ (RadioLAN) C:\WINDOWS\system32\dllcache\rlnet5.sys
2014-01-21 11:48 - 2001-08-17 12:12 - 00025034 _____ (SMC Networks, Inc.) C:\WINDOWS\system32\dllcache\smcpwr2n.sys
2014-01-21 11:48 - 2001-08-17 12:12 - 00024576 _____ (SMC Networks, Inc.) C:\WINDOWS\system32\dllcache\smc8000n.sys
2014-01-21 11:48 - 2001-08-17 12:12 - 00019017 _____ (Realtek Semiconductor Corporation) C:\WINDOWS\system32\dllcache\rtl8029.sys
2014-01-21 11:48 - 2001-08-17 12:11 - 00048736 _____ (3Com) C:\WINDOWS\system32\dllcache\srwlnd5.sys
2014-01-21 11:48 - 2001-08-17 12:10 - 00035913 _____ (SMC) C:\WINDOWS\system32\dllcache\smcirda.sys
2014-01-21 11:48 - 2001-07-21 14:29 - 00161568 _____ (Micro Systemation) C:\WINDOWS\system32\dllcache\sgsmusb.sys
2014-01-21 11:48 - 2001-07-21 14:29 - 00018400 _____ (Micro Systemation) C:\WINDOWS\system32\dllcache\sgsmld.sys
2014-01-21 11:47 - 2008-04-14 05:42 - 00159232 _____ (Microsoft Corporation) C:\WINDOWS\system32\dllcache\ptpusd.dll
2014-01-21 11:47 - 2008-04-14 05:40 - 00259328 _____ (Microsoft Corp., 3Dlabs Inc. Ltd.) C:\WINDOWS\system32\dllcache\perm3dd.dll
2014-01-21 11:47 - 2008-04-14 05:40 - 00211584 _____ (Microsoft Corp., 3Dlabs Inc. Ltd.) C:\WINDOWS\system32\dllcache\perm2dll.dll
2014-01-21 11:47 - 2008-04-14 00:24 - 00028672 _____ (National Semiconductor Corporation) C:\WINDOWS\system32\dllcache\nscirda.sys
2014-01-21 11:47 - 2008-04-14 00:16 - 00061696 _____ (Microsoft Corporation) C:\WINDOWS\system32\dllcache\ohci1394.sys
2014-01-21 11:47 - 2008-04-14 00:14 - 00028032 _____ (Microsoft Corp., 3Dlabs Inc. Ltd.) C:\WINDOWS\system32\dllcache\perm3.sys
2014-01-21 11:47 - 2008-04-14 00:14 - 00027904 _____ (Microsoft Corp., 3Dlabs Inc. Ltd.) C:\WINDOWS\system32\dllcache\perm2.sys
2014-01-21 11:47 - 2008-04-14 00:11 - 00017664 _____ (Microsoft Corporation) C:\WINDOWS\system32\dllcache\ppa3.sys
2014-01-21 11:47 - 2008-04-14 00:10 - 00008832 _____ (Microsoft Corporation) C:\WINDOWS\system32\dllcache\powerfil.sys
2014-01-21 11:47 - 2008-04-14 00:10 - 00006016 _____ (Microsoft Corporation) C:\WINDOWS\system32\dllcache\qic157.sys
2014-01-21 11:47 - 2008-04-13 22:05 - 00132695 _____ (802.11b) C:\WINDOWS\system32\dllcache\netwlan5.sys
2014-01-21 11:47 - 2008-04-13 22:05 - 00029502 _____ (Marconi Communications, Inc.) C:\WINDOWS\system32\dllcache\pca200e.sys
2014-01-21 11:47 - 2008-04-13 21:42 - 00169984 _____ (Cisco Systems) C:\WINDOWS\system32\dllcache\pcx500.sys
2014-01-21 11:47 - 2002-08-29 05:00 - 00229439 _____ (Microsoft Corporation) C:\WINDOWS\system32\dllcache\multibox.dll
2014-01-21 11:47 - 2002-08-29 05:00 - 00131584 _____ (Microsoft Corporation) C:\WINDOWS\system32\dllcache\pmxviceo.dll
2014-01-21 11:47 - 2002-08-29 05:00 - 00083748 _____ C:\WINDOWS\system32\dllcache\prcp.nls
2014-01-21 11:47 - 2002-08-29 05:00 - 00083748 _____ C:\WINDOWS\system32\dllcache\prc.nls
2014-01-21 11:47 - 2002-08-29 05:00 - 00053248 _____ (Microsoft Corporation) C:\WINDOWS\system32\dllcache\nextlink.dll
2014-01-21 11:47 - 2002-08-29 05:00 - 00036927 _____ (Microsoft Corporation) C:\WINDOWS\system32\dllcache\padrs411.dll
2014-01-21 11:47 - 2002-08-29 05:00 - 00031744 _____ (Microsoft Corporation) C:\WINDOWS\system32\dllcache\pagecnt.dll
2014-01-21 11:47 - 2002-08-29 05:00 - 00020992 _____ (Microsoft Corporation) C:\WINDOWS\system32\dllcache\permchk.dll
2014-01-21 11:47 - 2002-08-29 05:00 - 00016384 _____ (Microsoft Corporation) C:\WINDOWS\system32\dllcache\quser.exe
2014-01-21 11:47 - 2002-08-29 05:00 - 00014848 _____ (Microsoft Corporation) C:\WINDOWS\system32\dllcache\register.exe
2014-01-21 11:47 - 2002-08-29 05:00 - 00014336 _____ (Microsoft Corporation) C:\WINDOWS\system32\dllcache\padrs412.dll
2014-01-21 11:47 - 2002-08-29 05:00 - 00011264 _____ (Microsoft Corporation) C:\WINDOWS\system32\dllcache\pmxmcro.dll
2014-01-21 11:47 - 2002-08-29 05:00 - 00009728 _____ (Microsoft Corporation) C:\WINDOWS\system32\dllcache\query.exe
2014-01-21 11:47 - 2002-08-29 05:00 - 00006144 _____ (Microsoft Corporation) C:\WINDOWS\system32\dllcache\pmxgl.dll
2014-01-21 11:47 - 2001-08-17 22:37 - 00105984 _____ (Microsoft Corporation) C:\WINDOWS\system32\dllcache\phdsext.ax
2014-01-21 11:47 - 2001-08-17 22:36 - 00123776 _____ (NVIDIA Corporation) C:\WINDOWS\system32\dllcache\nv3.dll
2014-01-21 11:47 - 2001-08-17 22:36 - 00121344 _____ (Microsoft Corporation) C:\WINDOWS\system32\dllcache\phvfwext.dll
2014-01-21 11:47 - 2001-08-17 22:36 - 00116736 _____ (Microsoft Corporation) C:\WINDOWS\system32\dllcache\ovcodec2.dll
2014-01-21 11:47 - 2001-08-17 22:36 - 00086016 _____ (PCtel, Inc.) C:\WINDOWS\system32\dllcache\pctspk.exe
2014-01-21 11:47 - 2001-08-17 22:36 - 00060480 _____ (NeoMagic Corporation) C:\WINDOWS\system32\dllcache\neo20xx.dll
2014-01-21 11:47 - 2001-08-17 22:36 - 00059104 _____ (Number Nine Visual Technology Corp.) C:\WINDOWS\system32\dllcache\n9i128v2.dll
2014-01-21 11:47 - 2001-08-17 22:36 - 00044544 _____ (Microsoft Corporation) C:\WINDOWS\system32\dllcache\ovui2.dll
2014-01-21 11:47 - 2001-08-17 22:36 - 00041984 _____ (Microsoft Corporation) C:\WINDOWS\system32\dllcache\ovui2rc.dll
2014-01-21 11:47 - 2001-08-17 22:36 - 00041472 _____ (Microsoft Corporation) C:\WINDOWS\system32\dllcache\qvusd.dll
2014-01-21 11:47 - 2001-08-17 22:36 - 00039424 _____ (Microsoft Corporation) C:\WINDOWS\system32\dllcache\ovcoms.exe
2014-01-21 11:47 - 2001-08-17 22:36 - 00038912 _____ (Microsoft Corporation) C:\WINDOWS\system32\dllcache\EXCH_ntfsdrv.dll
2014-01-21 11:47 - 2001-08-17 22:36 - 00035328 _____ (Microsoft Corporation) C:\WINDOWS\system32\dllcache\psisload.dll
2014-01-21 11:47 - 2001-08-17 22:36 - 00023040 _____ (Microsoft Corporation) C:\WINDOWS\system32\dllcache\EXCH_regtrace.exe
2014-01-21 11:47 - 2001-08-17 22:36 - 00020480 _____ (Microsoft Corporation) C:\WINDOWS\system32\dllcache\ovcomc.dll
2014-01-21 11:47 - 2001-08-17 22:36 - 00019968 _____ (Moxa Technologies Co., Ltd) C:\WINDOWS\system32\dllcache\mxicfg.dll
2014-01-21 11:47 - 2001-08-17 22:36 - 00016384 _____ (Microsoft Corporation) C:\WINDOWS\system32\dllcache\philcam1.dll
2014-01-21 11:47 - 2001-08-17 22:36 - 00007168 _____ (Moxa Technologies Co., Ltd) C:\WINDOWS\system32\dllcache\mxport.dll
2014-01-21 11:47 - 2001-08-17 22:36 - 00005632 _____ (Microsoft Corporation) C:\WINDOWS\system32\dllcache\ptpusb.dll
2014-01-21 11:47 - 2001-08-17 14:56 - 00091488 _____ (Number Nine Visual Technology Corp.) C:\WINDOWS\system32\dllcache\n9i3disp.dll
2014-01-21 11:47 - 2001-08-17 14:56 - 00035392 _____ (Number Nine Visual Technology Corp.) C:\WINDOWS\system32\dllcache\n9i128.dll
2014-01-21 11:47 - 2001-08-17 14:07 - 00019840 _____ (Microsoft Corporation) C:\WINDOWS\system32\dllcache\philtune.sys
2014-01-21 11:47 - 2001-08-17 14:05 - 00351616 _____ (Microsoft Corporation) C:\WINDOWS\system32\dllcache\ovcodek2.sys
2014-01-21 11:47 - 2001-08-17 14:05 - 00048000 _____ (Microsoft Corporation) C:\WINDOWS\system32\dllcache\ovcam2.sys
2014-01-21 11:47 - 2001-08-17 14:05 - 00031872 _____ (Microsoft Corporation) C:\WINDOWS\system32\dllcache\ovce.sys
2014-01-21 11:47 - 2001-08-17 14:05 - 00028032 _____ (Microsoft Corporation) C:\WINDOWS\system32\dllcache\ovcd.sys
2014-01-21 11:47 - 2001-08-17 14:05 - 00025216 _____ (Microsoft Corporation) C:\WINDOWS\system32\dllcache\ovsound2.sys
2014-01-21 11:47 - 2001-08-17 14:05 - 00025088 _____ (Microsoft Corporation) C:\WINDOWS\system32\dllcache\ovca.sys
2014-01-21 11:47 - 2001-08-17 14:04 - 00173696 _____ (Microsoft Corporation) C:\WINDOWS\system32\dllcache\philcam2.sys
2014-01-21 11:47 - 2001-08-17 14:04 - 00092416 _____ (Microsoft Corporation) C:\WINDOWS\system32\dllcache\phildec.sys
2014-01-21 11:47 - 2001-08-17 14:04 - 00075776 _____ (Microsoft Corporation) C:\WINDOWS\system32\dllcache\philcam1.sys
2014-01-21 11:47 - 2001-08-17 13:53 - 00017792 _____ (Microsoft Corporation) C:\WINDOWS\system32\dllcache\ppa.sys
2014-01-21 11:47 - 2001-08-17 13:53 - 00007552 _____ (Microsoft Corporation) C:\WINDOWS\system32\dllcache\nsmmc.sys
2014-01-21 11:47 - 2001-08-17 13:53 - 00007168 _____ (Microsoft Corporation) C:\WINDOWS\system32\dllcache\pnrmc.sys
2014-01-21 11:47 - 2001-08-17 13:51 - 00019584 _____ (Microsoft Corporation) C:\WINDOWS\system32\dllcache\rasirda.sys
2014-01-21 11:47 - 2001-08-17 13:51 - 00016128 _____ (SCM Microsystems, Inc.) C:\WINDOWS\system32\dllcache\pscr.sys
2014-01-21 11:47 - 2001-08-17 13:50 - 00075520 _____ (Moxa Technologies Co., Ltd.) C:\WINDOWS\system32\dllcache\mxport.sys
2014-01-21 11:47 - 2001-08-17 13:50 - 00021888 _____ (Moxa Technologies Co., Ltd.) C:\WINDOWS\system32\dllcache\mxcard.sys
2014-01-21 11:47 - 2001-08-17 13:49 - 00019968 _____ (Macronix International Co., Ltd.                                               ) C:\WINDOWS\system32\dllcache\mxnic.sys
2014-01-21 11:47 - 2001-08-17 13:49 - 00015872 _____ (Microsoft Corporation) C:\WINDOWS\system32\dllcache\ne2000.sys
2014-01-21 11:47 - 2001-08-17 13:47 - 00009344 _____ (Microsoft Corporation) C:\WINDOWS\system32\dllcache\ntapm.sys
2014-01-21 11:47 - 2001-08-17 13:28 - 00899146 _____ (Xircom, Inc.) C:\WINDOWS\system32\dllcache\r2mdkxga.sys
2014-01-21 11:47 - 2001-08-17 13:28 - 00714762 _____ (Xircom, Inc.) C:\WINDOWS\system32\dllcache\r2mdmkxx.sys
2014-01-21 11:47 - 2001-08-17 13:28 - 00130942 _____ (PCTEL, INC.) C:\WINDOWS\system32\dllcache\ptserlv.sys
2014-01-21 11:47 - 2001-08-17 13:28 - 00128286 _____ (PCTEL, INC.) C:\WINDOWS\system32\dllcache\ptserli.sys
2014-01-21 11:47 - 2001-08-17 13:28 - 00112574 _____ (PCTEL, INC.) C:\WINDOWS\system32\dllcache\ptserlp.sys
2014-01-21 11:47 - 2001-08-17 13:28 - 00054186 _____ (Ositech Communications, Inc.) C:\WINDOWS\system32\dllcache\otcsercb.sys
2014-01-21 11:47 - 2001-08-17 12:50 - 00198144 _____ (NVIDIA Corporation) C:\WINDOWS\system32\dllcache\nv3.sys
2014-01-21 11:47 - 2001-08-17 12:50 - 00103296 _____ (Matrox Graphics Inc) C:\WINDOWS\system32\dllcache\mtxvideo.sys
2014-01-21 11:47 - 2001-08-17 12:50 - 00039264 _____ (NeoMagic Corporation) C:\WINDOWS\system32\dllcache\neo20xx.sys
2014-01-21 11:47 - 2001-08-17 12:50 - 00033088 _____ (Number Nine Visual Technology Corp.) C:\WINDOWS\system32\dllcache\n9i128v2.sys
2014-01-21 11:47 - 2001-08-17 12:50 - 00027936 _____ (Number Nine Visual Technology Corp.) C:\WINDOWS\system32\dllcache\n9i3d.sys
2014-01-21 11:47 - 2001-08-17 12:50 - 00013664 _____ (Number Nine Visual Technology Corp.) C:\WINDOWS\system32\dllcache\n9i128.sys
2014-01-21 11:47 - 2001-08-17 12:49 - 00051552 _____ (Kensington Technology Group) C:\WINDOWS\system32\dllcache\ntgrip.sys
2014-01-21 11:47 - 2001-08-17 12:20 - 00126080 _____ (NeoMagic Corporation) C:\WINDOWS\system32\dllcache\nm5a2wdm.sys
2014-01-21 11:47 - 2001-08-17 12:20 - 00087040 _____ (NeoMagic Corporation) C:\WINDOWS\system32\dllcache\nm6wdm.sys
2014-01-21 11:47 - 2001-08-17 12:20 - 00054528 _____ (Yamaha Corp.) C:\WINDOWS\system32\dllcache\opl3sax.sys
2014-01-21 11:47 - 2001-08-17 12:12 - 00043689 _____ (Ositech Communications, Inc.) C:\WINDOWS\system32\dllcache\otceth5.sys
2014-01-21 11:47 - 2001-08-17 12:12 - 00032840 _____ (NETGEAR Corporation.) C:\WINDOWS\system32\dllcache\ngrpci.sys
2014-01-21 11:47 - 2001-08-17 12:12 - 00030495 _____ (Linksys) C:\WINDOWS\system32\dllcache\pc100nds.sys
2014-01-21 11:47 - 2001-08-17 12:12 - 00027209 _____ (Ositech Communications, Inc.) C:\WINDOWS\system32\dllcache\otc06x5.sys
2014-01-21 11:47 - 2001-08-17 12:12 - 00026153 _____ (Linksys) C:\WINDOWS\system32\dllcache\pcmlm56.sys
2014-01-21 11:47 - 2001-08-17 12:11 - 00128000 _____ (Compaq Computer Corporation) C:\WINDOWS\system32\dllcache\n100325.sys
2014-01-21 11:47 - 2001-08-17 12:11 - 00065278 _____ (Compaq Computer Corporation) C:\WINDOWS\system32\dllcache\netflx3.sys
2014-01-21 11:47 - 2001-08-17 12:11 - 00052255 _____ (Compaq Computer Corporation) C:\WINDOWS\system32\dllcache\n1000nt5.sys
2014-01-21 11:47 - 2001-08-17 12:11 - 00035328 _____ (AMD Inc.) C:\WINDOWS\system32\dllcache\pcntpci5.sys
2014-01-21 11:47 - 2001-08-17 12:11 - 00030282 _____ (AMD Inc.) C:\WINDOWS\system32\dllcache\pcntn5hl.sys
2014-01-21 11:47 - 2001-08-17 12:11 - 00029769 _____ (AMD Inc.) C:\WINDOWS\system32\dllcache\pcntn5m.sys
2014-01-21 11:46 - 2008-04-14 05:41 - 00253952 _____ (Microsoft Corporation) C:\WINDOWS\system32\dllcache\kdsusd.dll
2014-01-21 11:46 - 2008-04-14 05:41 - 00048640 _____ (Microsoft Corporation) C:\WINDOWS\system32\dllcache\kdsui.dll
2014-01-21 11:46 - 2008-04-14 00:24 - 00022016 _____ (Microsoft Corporation) C:\WINDOWS\system32\dllcache\msircomm.sys
2014-01-21 11:46 - 2008-04-14 00:16 - 00049024 _____ (Microsoft Corporation) C:\WINDOWS\system32\dllcache\mstape.sys
2014-01-21 11:46 - 2008-04-14 00:11 - 00026112 _____ (Sony Corporation) C:\WINDOWS\system32\dllcache\memstpci.sys
2014-01-21 11:46 - 2008-04-14 00:10 - 00034688 _____ (Toshiba Corp.) C:\WINDOWS\system32\dllcache\lbrtfdc.sys
2014-01-21 11:46 - 2008-04-14 00:10 - 00007040 _____ (Microsoft Corporation) C:\WINDOWS\system32\dllcache\ltotape.sys
2014-01-21 11:46 - 2008-04-13 23:53 - 00606684 _____ (LT) C:\WINDOWS\system32\dllcache\ltmdmnt.sys
2014-01-21 11:46 - 2008-04-13 23:53 - 00420992 _____ (LT) C:\WINDOWS\system32\dllcache\ltmdmntt.sys
2014-01-21 11:46 - 2008-04-13 22:09 - 00020864 _____ (Logitech Inc.) C:\WINDOWS\system32\dllcache\lwadihid.sys
2014-01-21 11:46 - 2002-08-29 05:00 - 01875968 _____ (Microsoft Corporation) C:\WINDOWS\system32\dllcache\msir3jp.lex
2014-01-21 11:46 - 2002-08-29 05:00 - 01158818 _____ C:\WINDOWS\system32\dllcache\korwbrkr.lex
2014-01-21 11:46 - 2002-08-29 05:00 - 00098304 _____ (Microsoft Corporation) C:\WINDOWS\system32\dllcache\msir3jp.dll
2014-01-21 11:46 - 2002-08-29 05:00 - 00092416 _____ (Microsoft Corporation) C:\WINDOWS\system32\dllcache\mga.sys
2014-01-21 11:46 - 2002-08-29 05:00 - 00092032 _____ (Microsoft Corporation) C:\WINDOWS\system32\dllcache\mga.dll
2014-01-21 11:46 - 2002-08-29 05:00 - 00070656 _____ (Microsoft Corporation) C:\WINDOWS\system32\dllcache\korwbrkr.dll
2014-01-21 11:46 - 2002-08-29 05:00 - 00047066 _____ C:\WINDOWS\system32\dllcache\ksc.nls
2014-01-21 11:46 - 2002-08-29 05:00 - 00034304 _____ (Microsoft Corporation) C:\WINDOWS\system32\dllcache\migisol.exe
2014-01-21 11:46 - 2002-08-29 05:00 - 00026624 _____ (Microsoft Corporation) C:\WINDOWS\system32\dllcache\mdsync.dll
2014-01-21 11:46 - 2002-08-29 05:00 - 00022016 _____ (Microsoft Corporation) C:\WINDOWS\system32\dllcache\logscrpt.dll
2014-01-21 11:46 - 2002-08-29 05:00 - 00009216 _____ (Microsoft Corporation) C:\WINDOWS\system32\dllcache\kbdnecat.dll
2014-01-21 11:46 - 2002-08-29 05:00 - 00007680 _____ (Microsoft Corporation) C:\WINDOWS\system32\dllcache\kbdnecnt.dll
2014-01-21 11:46 - 2002-08-29 05:00 - 00007168 _____ (Microsoft Corporation) C:\WINDOWS\system32\dllcache\kbdnec95.dll
2014-01-21 11:46 - 2002-08-29 05:00 - 00005632 _____ (Microsoft Corporation) C:\WINDOWS\system32\dllcache\kbdusa.dll
2014-01-21 11:46 - 2001-08-17 22:36 - 00065536 _____ (Microsoft Corporation) C:\WINDOWS\system32\dllcache\EXCH_mailmsg.dll
2014-01-21 11:46 - 2001-08-17 22:36 - 00058880 _____ (Microsoft Corporation) C:\WINDOWS\system32\dllcache\m3092dc.dll
2014-01-21 11:46 - 2001-08-17 22:36 - 00058368 _____ (Microsoft Corporation) C:\WINDOWS\system32\dllcache\m3091dc.dll
2014-01-21 11:46 - 2001-08-17 22:36 - 00047616 _____ (Microsoft Corporation) C:\WINDOWS\system32\dllcache\memgrp.dll
2014-01-21 11:46 - 2001-08-17 22:36 - 00037376 _____ (Microsoft Corporation) C:\WINDOWS\system32\dllcache\kousd.dll
2014-01-21 11:46 - 2001-08-17 22:36 - 00008704 _____ (Microsoft Corporation) C:\WINDOWS\system32\dllcache\kbdjpn.dll
2014-01-21 11:46 - 2001-08-17 22:36 - 00008192 _____ (Microsoft Corporation) C:\WINDOWS\system32\dllcache\kbdkor.dll
2014-01-21 11:46 - 2001-08-17 14:56 - 00235648 _____ (Matrox Graphics Inc.) C:\WINDOWS\system32\dllcache\mgaud.dll
2014-01-21 11:46 - 2001-08-17 14:02 - 00035200 _____ (Microsoft Corporation) C:\WINDOWS\system32\dllcache\msgame.sys
2014-01-21 11:46 - 2001-08-17 14:00 - 00002944 _____ (Microsoft Corporation) C:\WINDOWS\system32\dllcache\msmpu401.sys
2014-01-21 11:46 - 2001-08-17 13:58 - 00008320 _____ (Microsoft Corporation) C:\WINDOWS\system32\dllcache\memcard.sys
2014-01-21 11:46 - 2001-08-17 13:53 - 00004992 _____ (Microsoft Corporation) C:\WINDOWS\system32\dllcache\loop.sys
2014-01-21 11:46 - 2001-08-17 13:52 - 00007424 _____ (Microsoft Corporation) C:\WINDOWS\system32\dllcache\mammoth.sys
2014-01-21 11:46 - 2001-08-17 13:52 - 00006528 _____ (Microsoft Corporation) C:\WINDOWS\system32\dllcache\miniqic.sys
2014-01-21 11:46 - 2001-08-17 13:51 - 00015744 _____ (Litronic Industries) C:\WINDOWS\system32\dllcache\lit220p.sys
2014-01-21 11:46 - 2001-08-17 13:48 - 00012416 _____ (Microsoft Corporation) C:\WINDOWS\system32\dllcache\msriffwv.sys
2014-01-21 11:46 - 2001-08-17 13:48 - 00012160 _____ (Microsoft Corporation) C:\WINDOWS\system32\dllcache\mouhid.sys
2014-01-21 11:46 - 2001-08-17 13:48 - 00006016 _____ (Microsoft Corporation) C:\WINDOWS\system32\dllcache\msfsio.sys
2014-01-21 11:46 - 2001-08-17 13:28 - 00802683 _____ (Lucent Technologies) C:\WINDOWS\system32\dllcache\ltsm.sys
2014-01-21 11:46 - 2001-08-17 13:28 - 00797500 _____ (LT) C:\WINDOWS\system32\dllcache\ltsmt.sys
2014-01-21 11:46 - 2001-08-17 13:28 - 00727786 _____ (Xircom, Inc.) C:\WINDOWS\system32\dllcache\ltck000c.sys
2014-01-21 11:46 - 2001-08-17 13:28 - 00576746 _____ (LT) C:\WINDOWS\system32\dllcache\ltmdmntl.sys
2014-01-21 11:46 - 2001-08-17 12:50 - 00320384 _____ (Matrox Graphics Inc.) C:\WINDOWS\system32\dllcache\mgaum.sys
2014-01-21 11:46 - 2001-08-17 12:49 - 00022848 _____ (Logitech Inc.) C:\WINDOWS\system32\dllcache\lwusbhid.sys
2014-01-21 11:46 - 2001-08-17 12:19 - 00048768 _____ (ESS Technology, Inc.) C:\WINDOWS\system32\dllcache\maestro.sys
2014-01-21 11:46 - 2001-08-17 12:12 - 00164586 _____ (Madge Networks Ltd) C:\WINDOWS\system32\dllcache\mdgndis5.sys
2014-01-21 11:46 - 2001-08-17 12:12 - 00070730 _____ (Linksys Group, Inc.) C:\WINDOWS\system32\dllcache\lne100tx.sys
2014-01-21 11:46 - 2001-08-17 12:12 - 00026442 _____ (SMSC) C:\WINDOWS\system32\dllcache\lanepic5.sys
2014-01-21 11:46 - 2001-08-17 12:12 - 00020573 _____ (The Linksts Group ) C:\WINDOWS\system32\dllcache\lne100.sys
2014-01-21 11:46 - 2001-08-17 12:12 - 00019016 _____ (Kingston Technology Company                                                             ) C:\WINDOWS\system32\dllcache\ktc111.sys
2014-01-21 11:46 - 2001-08-17 12:11 - 00025065 _____ (D-Link) C:\WINDOWS\system32\dllcache\lmndis3.sys
2014-01-21 11:45 - 2008-04-14 05:42 - 00151552 _____ (Microsoft Corporation) C:\WINDOWS\system32\dllcache\irftp.exe
2014-01-21 11:45 - 2008-04-14 05:41 - 00028160 _____ (Microsoft Corporation) C:\WINDOWS\system32\dllcache\irmon.dll
2014-01-21 11:45 - 2008-04-14 05:39 - 00006144 _____ (Microsoft Corporation) C:\WINDOWS\system32\dllcache\kbd106.dll
2014-01-21 11:45 - 2008-04-14 00:24 - 00088192 _____ (Microsoft Corporation) C:\WINDOWS\system32\dllcache\irda.sys
2014-01-21 11:45 - 2008-04-14 00:15 - 00059136 _____ (Microsoft Corporation) C:\WINDOWS\system32\dllcache\gckernel.sys
2014-01-21 11:45 - 2008-04-14 00:15 - 00010624 _____ (Microsoft Corporation) C:\WINDOWS\system32\dllcache\gameenum.sys
2014-01-21 11:45 - 2008-04-14 00:10 - 00028288 _____ (Gemplus) C:\WINDOWS\system32\dllcache\grserial.sys
2014-01-21 11:45 - 2008-04-14 00:06 - 00020352 _____ (Microsoft Corporation) C:\WINDOWS\system32\dllcache\hidbatt.sys
2014-01-21 11:45 - 2002-08-29 05:00 - 10129408 _____ (Microsoft Corporation) C:\WINDOWS\system32\dllcache\hwxkor.dll
2014-01-21 11:45 - 2002-08-29 05:00 - 10096640 _____ (Microsoft Corporation) C:\WINDOWS\system32\dllcache\hwxcht.dll
2014-01-21 11:45 - 2002-08-29 05:00 - 00471102 _____ (Microsoft Corporation) C:\WINDOWS\system32\dllcache\imskdic.dll
2014-01-21 11:45 - 2002-08-29 05:00 - 00311359 _____ (Microsoft Corporation) C:\WINDOWS\system32\dllcache\imepadsv.exe
2014-01-21 11:45 - 2002-08-29 05:00 - 00134339 _____ C:\WINDOWS\system32\dllcache\imekr.lex
2014-01-21 11:45 - 2002-08-29 05:00 - 00132608 _____ (Microsoft Corporation) C:\WINDOWS\system32\dllcache\fxsclntr.dll
2014-01-21 11:45 - 2002-08-29 05:00 - 00111104 _____ (Microsoft Corporation) C:\WINDOWS\system32\dllcache\fxscfgwz.dll
2014-01-21 11:45 - 2002-08-29 05:00 - 00108827 _____ C:\WINDOWS\system32\dllcache\hanja.lex
2014-01-21 11:45 - 2002-08-29 05:00 - 00102463 _____ (Microsoft Corporation) C:\WINDOWS\system32\dllcache\imepadsm.dll
2014-01-21 11:45 - 2002-08-29 05:00 - 00060928 _____ (Microsoft Corporation) C:\WINDOWS\system32\dllcache\iisclex4.dll
2014-01-21 11:45 - 2002-08-29 05:00 - 00059904 _____ (Microsoft Corporation) C:\WINDOWS\system32\dllcache\imkrinst.exe
2014-01-21 11:45 - 2002-08-29 05:00 - 00057398 _____ (Microsoft Corporation) C:\WINDOWS\system32\dllcache\imjpdadm.exe
2014-01-21 11:45 - 2002-08-29 05:00 - 00045109 _____ (Microsoft Corporation) C:\WINDOWS\system32\dllcache\imjpuex.exe
2014-01-21 11:45 - 2002-08-29 05:00 - 00044032 _____ (Microsoft Corporation) C:\WINDOWS\system32\dllcache\imekrmig.exe
2014-01-21 11:45 - 2002-08-29 05:00 - 00036864 _____ (Microsoft Corporation) C:\WINDOWS\system32\dllcache\hanjadic.dll
2014-01-21 11:45 - 2002-08-29 05:00 - 00031744 _____ (Microsoft Corporation) C:\WINDOWS\system32\dllcache\fxsroute.dll
2014-01-21 11:45 - 2002-08-29 05:00 - 00019456 _____ (Microsoft Corporation) C:\WINDOWS\system32\dllcache\iiscrmap.dll
2014-01-21 11:45 - 2002-08-29 05:00 - 00018432 _____ (Microsoft Corporation) C:\WINDOWS\system32\dllcache\jupiw.dll
2014-01-21 11:45 - 2002-08-29 05:00 - 00011264 _____ (Microsoft Corporation) C:\WINDOWS\system32\dllcache\fxssend.exe
2014-01-21 11:45 - 2002-08-29 05:00 - 00009216 _____ (Microsoft Corporation) C:\WINDOWS\system32\dllcache\iwrps.dll
2014-01-21 11:45 - 2002-08-29 05:00 - 00008704 _____ (Microsoft Corporation) C:\WINDOWS\system32\dllcache\infoctrs.dll
2014-01-21 11:45 - 2002-08-29 05:00 - 00007168 _____ (Microsoft Corporation) C:\WINDOWS\system32\dllcache\isapips.dll
2014-01-21 11:45 - 2002-08-29 05:00 - 00006656 _____ (Microsoft Corporation) C:\WINDOWS\system32\dllcache\iissync.exe
2014-01-21 11:45 - 2002-08-29 05:00 - 00006144 _____ (Microsoft Corporation) C:\WINDOWS\system32\dllcache\kbd101a.dll
2014-01-21 11:45 - 2002-08-29 05:00 - 00003584 _____ (Microsoft Corporation) C:\WINDOWS\system32\dllcache\iismui.dll
2014-01-21 11:45 - 2001-08-17 22:36 - 00372824 _____ (Xircom) C:\WINDOWS\system32\dllcache\iconf32.dll
2014-01-21 11:45 - 2001-08-17 22:36 - 00324608 _____ (Microsoft Corporation) C:\WINDOWS\system32\dllcache\hpojwia.dll
2014-01-21 11:45 - 2001-08-17 22:36 - 00165888 _____ () C:\WINDOWS\system32\dllcache\hpgt53.dll
2014-01-21 11:45 - 2001-08-17 22:36 - 00126976 _____ (Hewlett Packard) C:\WINDOWS\system32\dllcache\hpgt34tk.dll
2014-01-21 11:45 - 2001-08-17 22:36 - 00123392 _____ (Microsoft Corporation) C:\WINDOWS\system32\dllcache\hpgt21tk.dll
2014-01-21 11:45 - 2001-08-17 22:36 - 00119296 _____ (Microsoft Corporation) C:\WINDOWS\system32\dllcache\hpdigwia.dll
2014-01-21 11:45 - 2001-08-17 22:36 - 00101376 _____ () C:\WINDOWS\system32\dllcache\hpgt34.dll
2014-01-21 11:45 - 2001-08-17 22:36 - 00093696 _____ () C:\WINDOWS\system32\dllcache\hpgt42.dll
2014-01-21 11:45 - 2001-08-17 22:36 - 00092160 _____ (Microsoft Corporation) C:\WINDOWS\system32\dllcache\fuusd.dll
2014-01-21 11:45 - 2001-08-17 22:36 - 00091136 _____ (Microsoft Corporation) C:\WINDOWS\system32\dllcache\icam4com.dll
2014-01-21 11:45 - 2001-08-17 22:36 - 00090200 _____ (Perle Systems Ltd. ) C:\WINDOWS\system32\dllcache\io8ports.dll
2014-01-21 11:45 - 2001-08-17 22:36 - 00089088 _____ () C:\WINDOWS\system32\dllcache\hpgt33.dll
2014-01-21 11:45 - 2001-08-17 22:36 - 00083968 _____ () C:\WINDOWS\system32\dllcache\hpgt21.dll
2014-01-21 11:45 - 2001-08-17 22:36 - 00068608 _____ (Avisioin) C:\WINDOWS\system32\dllcache\hpgt53tk.dll
2014-01-21 11:45 - 2001-08-17 22:36 - 00061952 _____ (Microsoft Corporation) C:\WINDOWS\system32\dllcache\icam4ext.dll
2014-01-21 11:45 - 2001-08-17 22:36 - 00048128 _____ (Microsoft Corporation) C:\WINDOWS\system32\dllcache\hpgt33tk.dll
2014-01-21 11:45 - 2001-08-17 22:36 - 00045056 _____ (Microsoft Corporation) C:\WINDOWS\system32\dllcache\icam5com.dll
2014-01-21 11:45 - 2001-08-17 22:36 - 00032768 _____ (Microsoft Corporation) C:\WINDOWS\system32\dllcache\hpgtmcro.dll
2014-01-21 11:45 - 2001-08-17 22:36 - 00031232 _____ (Microsoft Corporation) C:\WINDOWS\system32\dllcache\hpgt42tk.dll
2014-01-21 11:45 - 2001-08-17 22:36 - 00026624 _____ (Microsoft Corporation) C:\WINDOWS\system32\dllcache\icam3ext.dll
2014-01-21 11:45 - 2001-08-17 22:36 - 00020480 _____ (Microsoft Corporation) C:\WINDOWS\system32\dllcache\icam5ext.dll
2014-01-21 11:45 - 2001-08-17 22:36 - 00019456 _____ (Microsoft Corporation) C:\WINDOWS\system32\dllcache\hr1w.dll
2014-01-21 11:45 - 2001-08-17 22:36 - 00013312 _____ (Microsoft Corporation) C:\WINDOWS\system32\dllcache\hpsjmcro.dll
2014-01-21 11:45 - 2001-08-17 22:36 - 00009759 _____ (Conexant) C:\WINDOWS\system32\dllcache\hsf_inst.dll
2014-01-21 11:45 - 2001-08-17 22:34 - 00009216 _____ (IBM Corporation) C:\WINDOWS\system32\dllcache\ibmsgnet.dll
2014-01-21 11:45 - 2001-08-17 14:56 - 01733120 _____ (Matrox Graphics Inc.) C:\WINDOWS\system32\dllcache\g400d.dll
2014-01-21 11:45 - 2001-08-17 14:56 - 00470144 _____ (Matrox Graphics Inc.) C:\WINDOWS\system32\dllcache\g200d.dll
2014-01-21 11:45 - 2001-08-17 14:56 - 00353184 _____ (Intel Corporation) C:\WINDOWS\system32\dllcache\i740dnt5.dll
2014-01-21 11:45 - 2001-08-17 14:55 - 00006144 _____ (Microsoft Corporation) C:\WINDOWS\system32\dllcache\kbd101c.dll
2014-01-21 11:45 - 2001-08-17 14:55 - 00006144 _____ (Microsoft Corporation) C:\WINDOWS\system32\dllcache\kbd101b.dll
2014-01-21 11:45 - 2001-08-17 14:55 - 00005632 _____ (Microsoft Corporation) C:\WINDOWS\system32\dllcache\kbd103.dll
2014-01-21 11:45 - 2001-08-17 14:06 - 00154496 _____ (Microsoft Corporation) C:\WINDOWS\system32\dllcache\icam4usb.sys
2014-01-21 11:45 - 2001-08-17 14:06 - 00100992 _____ (Microsoft Corporation) C:\WINDOWS\system32\dllcache\icam5usb.sys
2014-01-21 11:45 - 2001-08-17 14:06 - 00038528 _____ (Microsoft Corporation) C:\WINDOWS\system32\dllcache\ibmvcap.sys
2014-01-21 11:45 - 2001-08-17 14:05 - 00141056 _____ (Microsoft Corporation) C:\WINDOWS\system32\dllcache\icam3.sys
2014-01-21 11:45 - 2001-08-17 14:02 - 00008576 _____ (Microsoft Corporation) C:\WINDOWS\system32\dllcache\hidgame.sys
2014-01-21 11:45 - 2001-08-17 14:02 - 00002688 _____ (Microsoft Corporation) C:\WINDOWS\system32\dllcache\hidswvd.sys
2014-01-21 11:45 - 2001-08-17 13:52 - 00005760 _____ (Microsoft Corporation) C:\WINDOWS\system32\dllcache\hpt4qic.sys
2014-01-21 11:45 - 2001-08-17 13:51 - 00082304 _____ (Gemplus) C:\WINDOWS\system32\dllcache\grclass.sys
2014-01-21 11:45 - 2001-08-17 13:51 - 00018688 _____ (Microsoft Corporation) C:\WINDOWS\system32\dllcache\irsir.sys
2014-01-21 11:45 - 2001-08-17 13:51 - 00017408 _____ (Gemplus) C:\WINDOWS\system32\dllcache\gpr400.sys
2014-01-21 11:45 - 2001-08-17 13:50 - 00038784 _____ (Perle Systems Ltd. ) C:\WINDOWS\system32\dllcache\io8.sys
2014-01-21 11:45 - 2001-08-17 13:49 - 00026624 _____ (SigmaTel, Inc.) C:\WINDOWS\system32\dllcache\irstusb.sys
2014-01-21 11:45 - 2001-08-17 13:49 - 00023552 _____ (MKNet Corporation) C:\WINDOWS\system32\dllcache\irmk7.sys
2014-01-21 11:45 - 2001-08-17 13:47 - 00013056 _____ (Microsoft Corporation) C:\WINDOWS\system32\dllcache\inport.sys
2014-01-21 11:45 - 2001-08-17 13:28 - 00907456 _____ (Conexant) C:\WINDOWS\system32\dllcache\hcf_msft.sys
2014-01-21 11:45 - 2001-08-17 13:28 - 00542879 _____ (Conexant) C:\WINDOWS\system32\dllcache\hsf_msft.sys
2014-01-21 11:45 - 2001-08-17 13:28 - 00488383 _____ (Conexant) C:\WINDOWS\system32\dllcache\hsf_v124.sys
2014-01-21 11:45 - 2001-08-17 13:28 - 00391199 _____ (Conexant) C:\WINDOWS\system32\dllcache\hsf_k56k.sys
2014-01-21 11:45 - 2001-08-17 13:28 - 00289887 _____ (Conexant) C:\WINDOWS\system32\dllcache\hsf_fall.sys
2014-01-21 11:45 - 2001-08-17 13:28 - 00199711 _____ (Conexant) C:\WINDOWS\system32\dllcache\hsf_faxx.sys
2014-01-21 11:45 - 2001-08-17 13:28 - 00150239 _____ (Conexant) C:\WINDOWS\system32\dllcache\hsf_amos.sys
2014-01-21 11:45 - 2001-08-17 13:28 - 00115807 _____ (Conexant) C:\WINDOWS\system32\dllcache\hsf_fsks.sys
2014-01-21 11:45 - 2001-08-17 13:28 - 00073279 _____ (Conexant) C:\WINDOWS\system32\dllcache\hsf_spkp.sys
2014-01-21 11:45 - 2001-08-17 13:28 - 00067167 _____ (Conexant) C:\WINDOWS\system32\dllcache\hsf_bsc2.sys
2014-01-21 11:45 - 2001-08-17 13:28 - 00057471 _____ (Conexant) C:\WINDOWS\system32\dllcache\hsf_samp.sys
2014-01-21 11:45 - 2001-08-17 13:28 - 00050751 _____ (Conexant) C:\WINDOWS\system32\dllcache\hsf_tone.sys
2014-01-21 11:45 - 2001-08-17 13:28 - 00044863 _____ (Conexant) C:\WINDOWS\system32\dllcache\hsf_soar.sys
2014-01-21 11:45 - 2001-08-17 12:49 - 00322432 _____ (Matrox Graphics Inc.) C:\WINDOWS\system32\dllcache\g400m.sys
2014-01-21 11:45 - 2001-08-17 12:49 - 00320384 _____ (Matrox Graphics Inc.) C:\WINDOWS\system32\dllcache\g200m.sys
2014-01-21 11:45 - 2001-08-17 12:49 - 00058592 _____ (Intel Corporation) C:\WINDOWS\system32\dllcache\i740nt5.sys
2014-01-21 11:45 - 2001-08-17 12:15 - 00455296 _____ (AVM GmbH) C:\WINDOWS\system32\dllcache\fusbbase.sys
2014-01-21 11:45 - 2001-08-17 12:15 - 00454912 _____ (AVM GmbH) C:\WINDOWS\system32\dllcache\fxusbase.sys
2014-01-21 11:45 - 2001-08-17 12:12 - 00109085 _____ (IBM Corporation) C:\WINDOWS\system32\dllcache\ibmtrp.sys
2014-01-21 11:45 - 2001-08-17 12:12 - 00100936 _____ (IBM Corporation) C:\WINDOWS\system32\dllcache\ibmtok.sys
2014-01-21 11:45 - 2001-08-17 12:12 - 00045632 _____ (Interphase ® Corporation a Windows ® 2000 DDK Driver Provider) C:\WINDOWS\system32\dllcache\ip5515.sys
2014-01-21 11:45 - 2001-08-17 12:11 - 00028700 _____ (IBM Corp.) C:\WINDOWS\system32\dllcache\ibmexmp.sys
2014-01-21 11:44 - 2008-04-14 05:42 - 00020992 _____ (Microsoft Corporation) C:\WINDOWS\system32\dllcache\dshowext.ax
2014-01-21 11:44 - 2008-04-14 05:41 - 00249856 _____ (Comtrol® Corporation) C:\WINDOWS\system32\dllcache\ctmasetp.dll
2014-01-21 11:44 - 2008-04-14 00:10 - 00008320 _____ (Microsoft Corporation) C:\WINDOWS\system32\dllcache\dlttape.sys
2014-01-21 11:44 - 2008-04-14 00:09 - 00206976 _____ (Microsoft Corporation) C:\WINDOWS\system32\dllcache\dot4.sys
2014-01-21 11:44 - 2008-04-13 22:06 - 00137088 _____ (ESS Technology, Inc.) C:\WINDOWS\system32\dllcache\essm2e.sys
2014-01-21 11:44 - 2008-04-13 22:06 - 00048640 _____ (Crystal Semiconductor Corp.) C:\WINDOWS\system32\dllcache\cwrwdm.sys
2014-01-21 11:44 - 2008-04-13 22:05 - 00034173 _____ (Marconi Communications, Inc.) C:\WINDOWS\system32\dllcache\forehe.sys
2014-01-21 11:44 - 2002-08-29 05:00 - 00514587 _____ (Microsoft Corporation) C:\WINDOWS\system32\dllcache\edb500.dll
2014-01-21 11:44 - 2002-08-29 05:00 - 00057856 _____ (SEIKO EPSON CORP.) C:\WINDOWS\system32\dllcache\esuimgd.dll
2014-01-21 11:44 - 2002-08-29 05:00 - 00056320 _____ (Microsoft Corporation) C:\WINDOWS\system32\dllcache\convlog.exe
2014-01-21 11:44 - 2002-08-29 05:00 - 00045056 _____ (SEIKO EPSON CORP.) C:\WINDOWS\system32\dllcache\esunid.dll
2014-01-21 11:44 - 2002-08-29 05:00 - 00031744 _____ (SEIKO EPSON CORP.) C:\WINDOWS\system32\dllcache\esucmd.dll
2014-01-21 11:44 - 2002-08-29 05:00 - 00025856 _____ (Microsoft Corporation) C:\WINDOWS\system32\dllcache\et4000.sys
2014-01-21 11:44 - 2002-08-29 05:00 - 00020480 _____ (Microsoft Corporation) C:\WINDOWS\system32\dllcache\counters.dll
2014-01-21 11:44 - 2002-08-29 05:00 - 00018944 _____ (Microsoft Corporation) C:\WINDOWS\system32\dllcache\cprofile.exe
2014-01-21 11:44 - 2002-08-29 05:00 - 00014848 _____ (Microsoft Corporation) C:\WINDOWS\system32\dllcache\flattemp.exe
2014-01-21 11:44 - 2002-08-29 05:00 - 00007680 _____ (Microsoft Corporation) C:\WINDOWS\system32\dllcache\ftpctrs2.dll
2014-01-21 11:44 - 2002-08-29 05:00 - 00006144 _____ (Microsoft Corporation) C:\WINDOWS\system32\dllcache\ftlx041e.dll
2014-01-21 11:44 - 2001-08-17 22:36 - 00614429 _____ (Digi International Inc.) C:\WINDOWS\system32\dllcache\digiview.exe
2014-01-21 11:44 - 2001-08-17 22:36 - 00419357 _____ (Digi International) C:\WINDOWS\system32\dllcache\dgconfig.dll
2014-01-21 11:44 - 2001-08-17 22:36 - 00256512 _____ (Creative Technology Ltd.) C:\WINDOWS\system32\dllcache\devcon32.dll
2014-01-21 11:44 - 2001-08-17 22:36 - 00236060 _____ (Eicon Technology) C:\WINDOWS\system32\dllcache\ditrace.exe
2014-01-21 11:44 - 2001-08-17 22:36 - 00229462 _____ (Digi International Inc.) C:\WINDOWS\system32\dllcache\digifwrk.dll
2014-01-21 11:44 - 2001-08-17 22:36 - 00216064 _____ (COMPAQ Inc.) C:\WINDOWS\system32\dllcache\cpscan.dll
2014-01-21 11:44 - 2001-08-17 22:36 - 00175104 _____ (Microsoft Corporation) C:\WINDOWS\system32\dllcache\csamsp.dll
2014-01-21 11:44 - 2001-08-17 22:36 - 00159828 _____ (Digi International Inc.) C:\WINDOWS\system32\dllcache\digihlc.dll
2014-01-21 11:44 - 2001-08-17 22:36 - 00131156 _____ (Digi International Inc.) C:\WINDOWS\system32\dllcache\digidbp.dll
2014-01-21 11:44 - 2001-08-17 22:36 - 00110621 _____ (Digi International, Inc.) C:\WINDOWS\system32\dllcache\digirlpt.dll
2014-01-21 11:44 - 2001-08-17 22:36 - 00110592 _____ (Microsoft Corporation) C:\WINDOWS\system32\dllcache\dc260usd.dll
2014-01-21 11:44 - 2001-08-17 22:36 - 00102484 _____ (Digi International Inc.) C:\WINDOWS\system32\dllcache\digiinf.dll
2014-01-21 11:44 - 2001-08-17 22:36 - 00086016 _____ (Microsoft Corporation) C:\WINDOWS\system32\dllcache\dc240usd.dll
2014-01-21 11:44 - 2001-08-17 22:36 - 00080896 _____ (Microsoft Corporation) C:\WINDOWS\system32\dllcache\dc210usd.dll
2014-01-21 11:44 - 2001-08-17 22:36 - 00071680 _____ (Microsoft Corporation) C:\WINDOWS\system32\dllcache\fnfilter.dll
2014-01-21 11:44 - 2001-08-17 22:36 - 00065622 _____ (Digi International Inc.) C:\WINDOWS\system32\dllcache\digiasyn.dll
2014-01-21 11:44 - 2001-08-17 22:36 - 00061952 _____ (Equinox Systems Inc.) C:\WINDOWS\system32\dllcache\eqnloop.exe
2014-01-21 11:44 - 2001-08-17 22:36 - 00053248 _____ (Equinox Systems Inc.) C:\WINDOWS\system32\dllcache\eqndiag.exe
2014-01-21 11:44 - 2001-08-17 22:36 - 00051200 _____ (Equinox Systems Inc.) C:\WINDOWS\system32\dllcache\eqnlogr.exe
2014-01-21 11:44 - 2001-08-17 22:36 - 00045568 _____ (SEIKO EPSON CORP.) C:\WINDOWS\system32\dllcache\esunib.dll
2014-01-21 11:44 - 2001-08-17 22:36 - 00045568 _____ (SEIKO EPSON CORP.) C:\WINDOWS\system32\dllcache\esuni.dll
2014-01-21 11:44 - 2001-08-17 22:36 - 00043520 _____ (Microsoft Corporation) C:\WINDOWS\system32\dllcache\EXCH_fcachdll.dll
2014-01-21 11:44 - 2001-08-17 22:36 - 00043008 _____ (SEIKO EPSON CORP.) C:\WINDOWS\system32\dllcache\esucm.dll
2014-01-21 11:44 - 2001-08-17 22:36 - 00041046 _____ (Digi International Inc.) C:\WINDOWS\system32\dllcache\digiisdn.dll
2014-01-21 11:44 - 2001-08-17 22:36 - 00038985 _____ (Eicon Technology) C:\WINDOWS\system32\dllcache\disrvsu.dll
2014-01-21 11:44 - 2001-08-17 22:36 - 00037962 _____ C:\WINDOWS\system32\dllcache\divaprop.dll
2014-01-21 11:44 - 2001-08-17 22:36 - 00034816 _____ (SEIKO EPSON CORP.) C:\WINDOWS\system32\dllcache\esuimg.dll
2014-01-21 11:44 - 2001-08-17 22:36 - 00031305 _____ (Eicon Technology) C:\WINDOWS\system32\dllcache\disrvpp.dll
2014-01-21 11:44 - 2001-08-17 22:36 - 00029768 _____ C:\WINDOWS\system32\dllcache\divasu.dll
2014-01-21 11:44 - 2001-08-17 22:36 - 00028672 _____ (Microsoft Corporation) C:\WINDOWS\system32\dllcache\cyycoins.dll
2014-01-21 11:44 - 2001-08-17 22:36 - 00027648 _____ (Microsoft Corporation) C:\WINDOWS\system32\dllcache\cyzports.dll
2014-01-21 11:44 - 2001-08-17 22:36 - 00027648 _____ (Microsoft Corporation) C:\WINDOWS\system32\dllcache\cyyports.dll
2014-01-21 11:44 - 2001-08-17 22:36 - 00027136 _____ (Microsoft Corporation) C:\WINDOWS\system32\dllcache\cyzcoins.dll
2014-01-21 11:44 - 2001-08-17 22:36 - 00025600 _____ (Microsoft Corporation) C:\WINDOWS\system32\dllcache\dc210_32.dll
2014-01-21 11:44 - 2001-08-17 22:36 - 00024064 _____ (Creative Technology Ltd.) C:\WINDOWS\system32\dllcache\devldr32.exe
2014-01-21 11:44 - 2001-08-17 22:36 - 00006729 _____ (Eicon Technology) C:\WINDOWS\system32\dllcache\disrvci.dll
2014-01-21 11:44 - 2001-08-17 22:36 - 00006216 _____ C:\WINDOWS\system32\dllcache\divaci.dll
2014-01-21 11:44 - 2001-08-17 22:36 - 00004096 _____ (Creative Technology Ltd.) C:\WINDOWS\system32\dllcache\ctwdm32.dll
2014-01-21 11:44 - 2001-08-17 13:53 - 00007296 _____ (Microsoft Corporation) C:\WINDOWS\system32\dllcache\elmsmc.sys
2014-01-21 11:44 - 2001-08-17 13:52 - 00007424 _____ (Microsoft Corporation) C:\WINDOWS\system32\dllcache\ddsmc.sys
2014-01-21 11:44 - 2001-08-17 13:52 - 00007040 _____ (Microsoft Corporation) C:\WINDOWS\system32\dllcache\exabyte2.sys
2014-01-21 11:44 - 2001-08-17 13:50 - 00144896 _____ (Microsoft Corporation) C:\WINDOWS\system32\dllcache\epcfw2k.sys
2014-01-21 11:44 - 2001-08-17 13:50 - 00114944 _____ (Microsoft Corporation) C:\WINDOWS\system32\dllcache\epstw2k.sys
2014-01-21 11:44 - 2001-08-17 13:50 - 00050176 _____ (Microsoft Corporation) C:\WINDOWS\system32\dllcache\cyyport.sys
2014-01-21 11:44 - 2001-08-17 13:50 - 00049792 _____ (Microsoft Corporation) C:\WINDOWS\system32\dllcache\cyzport.sys
2014-01-21 11:44 - 2001-08-17 13:50 - 00017152 _____ (Microsoft Corporation) C:\WINDOWS\system32\dllcache\cyclad-z.sys
2014-01-21 11:44 - 2001-08-17 13:50 - 00014848 _____ (Microsoft Corporation) C:\WINDOWS\system32\dllcache\cyclom-y.sys
2014-01-21 11:44 - 2001-08-17 13:47 - 00023808 _____ (Microsoft Corporation) C:\WINDOWS\system32\dllcache\dot4usb.sys
2014-01-21 11:44 - 2001-08-17 13:47 - 00012928 _____ (Microsoft Corporation) C:\WINDOWS\system32\dllcache\dot4prt.sys
2014-01-21 11:44 - 2001-08-17 13:47 - 00008704 _____ (Microsoft Corporation) C:\WINDOWS\system32\dllcache\dot4scan.sys
2014-01-21 11:44 - 2001-08-17 13:46 - 00006400 _____ (Microsoft Corporation) C:\WINDOWS\system32\dllcache\enum1394.sys
2014-01-21 11:44 - 2001-08-17 13:28 - 00634134 _____ (3Com Corporation) C:\WINDOWS\system32\dllcache\el656ct5.sys
2014-01-21 11:44 - 2001-08-17 13:28 - 00595647 _____ (ESS Technology, Inc.) C:\WINDOWS\system32\dllcache\es56cvmp.sys
2014-01-21 11:44 - 2001-08-17 13:28 - 00594238 _____ (ESS Technology, Inc.) C:\WINDOWS\system32\dllcache\es56hpi.sys
2014-01-21 11:44 - 2001-08-17 13:28 - 00347550 _____ (ESS Technology, Inc.) C:\WINDOWS\system32\dllcache\es56tpi.sys
2014-01-21 11:44 - 2001-08-17 13:28 - 00241206 _____ (3Com Corporation) C:\WINDOWS\system32\dllcache\el656se5.sys
2014-01-21 11:44 - 2001-08-17 12:20 - 00334208 _____ (Yamaha Corp.) C:\WINDOWS\system32\dllcache\ds1wdm.sys
2014-01-21 11:44 - 2001-08-17 12:19 - 00283904 _____ (Creative Technology Ltd.) C:\WINDOWS\system32\dllcache\emu10k1m.sys
2014-01-21 11:44 - 2001-08-17 12:19 - 00174464 _____ (ESS Technology, Inc.) C:\WINDOWS\system32\dllcache\es198x.sys
2014-01-21 11:44 - 2001-08-17 12:19 - 00111872 _____ (Crystal Semiconductor Corp.) C:\WINDOWS\system32\dllcache\cwcspud.sys
2014-01-21 11:44 - 2001-08-17 12:19 - 00096256 _____ (Copyright © Creative Technology Ltd. 1994-2001) C:\WINDOWS\system32\dllcache\ctlsb16.sys
2014-01-21 11:44 - 2001-08-17 12:19 - 00093952 _____ (Crystal Semiconductor Corp.) C:\WINDOWS\system32\dllcache\cwcwdm.sys
2014-01-21 11:44 - 2001-08-17 12:19 - 00072832 _____ (Crystal Semiconductor Corp.) C:\WINDOWS\system32\dllcache\cwbwdm.sys
2014-01-21 11:44 - 2001-08-17 12:19 - 00072192 _____ (ESS Technology Inc.) C:\WINDOWS\system32\dllcache\es1969.sys
2014-01-21 11:44 - 2001-08-17 12:19 - 00063360 _____ (ESS Technology, Inc.) C:\WINDOWS\system32\dllcache\ess.sys
2014-01-21 11:44 - 2001-08-17 12:19 - 00042112 _____ (Conexant Systems Inc.) C:\WINDOWS\system32\dllcache\crtaud.sys
2014-01-21 11:44 - 2001-08-17 12:19 - 00040704 _____ (Creative Technology Ltd.) C:\WINDOWS\system32\dllcache\es1371mp.sys
2014-01-21 11:44 - 2001-08-17 12:19 - 00037120 _____ (Creative Technology Ltd.) C:\WINDOWS\system32\dllcache\es1370mp.sys
2014-01-21 11:44 - 2001-08-17 12:19 - 00006912 _____ (Creative Technology Ltd.) C:\WINDOWS\system32\dllcache\ctlfacem.sys
2014-01-21 11:44 - 2001-08-17 12:19 - 00003712 _____ (Creative Technology Ltd.) C:\WINDOWS\system32\dllcache\ctljystk.sys
2014-01-21 11:44 - 2001-08-17 12:19 - 00003584 _____ (Crystal Semiconductor Corp.) C:\WINDOWS\system32\dllcache\cwcosnt5.sys
2014-01-21 11:44 - 2001-08-17 12:19 - 00003072 _____ (Crystal Semiconductor Corp.) C:\WINDOWS\system32\dllcache\cwbmidi.sys
2014-01-21 11:44 - 2001-08-17 12:19 - 00003072 _____ (Crystal Semiconductor Corp.) C:\WINDOWS\system32\dllcache\cwbase.sys
2014-01-21 11:44 - 2001-08-17 12:17 - 00629952 _____ (Equinox Systems Inc.) C:\WINDOWS\system32\dllcache\eqn.sys
2014-01-21 11:44 - 2001-08-17 12:17 - 00090525 _____ (Digi International Inc.) C:\WINDOWS\system32\dllcache\digifep5.sys
2014-01-21 11:44 - 2001-08-17 12:17 - 00042432 _____ (Digi International, Inc.) C:\WINDOWS\system32\dllcache\digirlpt.sys
2014-01-21 11:44 - 2001-08-17 12:17 - 00029531 _____ (Digi International Inc.) C:\WINDOWS\system32\dllcache\dgapci.sys
2014-01-21 11:44 - 2001-08-17 12:15 - 00455680 _____ (AVM GmbH) C:\WINDOWS\system32\dllcache\fus2base.sys
2014-01-21 11:44 - 2001-08-17 12:15 - 00442240 _____ (AVM GmbH) C:\WINDOWS\system32\dllcache\fpnpbase.sys
2014-01-21 11:44 - 2001-08-17 12:14 - 00952007 _____ (Eicon Technology) C:\WINDOWS\system32\dllcache\diwan.sys
2014-01-21 11:44 - 2001-08-17 12:14 - 00444416 _____ (AVM GmbH) C:\WINDOWS\system32\dllcache\fpcibase.sys
2014-01-21 11:44 - 2001-08-17 12:14 - 00441728 _____ (AVM GmbH) C:\WINDOWS\system32\dllcache\fpcmbase.sys
2014-01-21 11:44 - 2001-08-17 12:14 - 00021606 _____ (Digi International Inc.) C:\WINDOWS\system32\dllcache\digiisdn.sys
2014-01-21 11:44 - 2001-08-17 12:13 - 00103044 _____ (Digi International Inc.) C:\WINDOWS\system32\dllcache\digidxb.sys
2014-01-21 11:44 - 2001-08-17 12:13 - 00091305 _____ (Eicon Technology) C:\WINDOWS\system32\dllcache\dimaint.sys
2014-01-21 11:44 - 2001-08-17 12:13 - 00037735 _____ (Digi International Inc.) C:\WINDOWS\system32\dllcache\digiasyn.sys
2014-01-21 11:44 - 2001-08-17 12:13 - 00027165 _____ (VIA Technologies, Inc.              ) C:\WINDOWS\system32\dllcache\fetnd5.sys
2014-01-21 11:44 - 2001-08-17 12:13 - 00021533 _____ (Compaq Computer Corporation) C:\WINDOWS\system32\dllcache\cpqndis5.sys
2014-01-21 11:44 - 2001-08-17 12:12 - 00117760 _____ (Intel Corporation) C:\WINDOWS\system32\dllcache\e100b325.sys
2014-01-21 11:44 - 2001-08-17 12:12 - 00117760 _____ (Intel Corporation) C:\WINDOWS\system32\dllcache\d100ib5.sys
2014-01-21 11:44 - 2001-08-17 12:12 - 00063208 _____ (Intel Corporation.) C:\WINDOWS\system32\dllcache\dc21x4.sys
2014-01-21 11:44 - 2001-08-17 12:12 - 00050719 _____ (Intel Corporation) C:\WINDOWS\system32\dllcache\e1000nt5.sys
2014-01-21 11:44 - 2001-08-17 12:12 - 00028062 _____ (National Semiconductor Coproration) C:\WINDOWS\system32\dllcache\dp83820.sys
2014-01-21 11:44 - 2001-08-17 12:12 - 00024618 _____ (NETGEAR) C:\WINDOWS\system32\dllcache\fa410nd5.sys
2014-01-21 11:44 - 2001-08-17 12:12 - 00019594 _____ (Intel Corporation) C:\WINDOWS\system32\dllcache\e100isa4.sys
2014-01-21 11:44 - 2001-08-17 12:12 - 00018503 _____ (Intel Corporation) C:\WINDOWS\system32\dllcache\epro4.sys
2014-01-21 11:44 - 2001-08-17 12:12 - 00016998 _____ (Intel Corporation) C:\WINDOWS\system32\dllcache\ex10.sys
2014-01-21 11:44 - 2001-08-17 12:12 - 00016074 _____ (NETGEAR Corp.) C:\WINDOWS\system32\dllcache\fa312nd5.sys
2014-01-21 11:44 - 2001-08-17 12:11 - 00455199 _____ (3Com Corporation.) C:\WINDOWS\system32\dllcache\el985n51.sys
2014-01-21 11:44 - 2001-08-17 12:11 - 00171520 _____ (3Com Corporation) C:\WINDOWS\system32\dllcache\el99xn51.sys
2014-01-21 11:44 - 2001-08-17 12:11 - 00153631 _____ (3Com Corporation) C:\WINDOWS\system32\dllcache\el90xnd5.sys
2014-01-21 11:44 - 2001-08-17 12:11 - 00077386 _____ (3Com Corporation) C:\WINDOWS\system32\dllcache\el656nd5.sys
2014-01-21 11:44 - 2001-08-17 12:11 - 00070174 _____ (3Com Corporation) C:\WINDOWS\system32\dllcache\el98xn5.sys
2014-01-21 11:44 - 2001-08-17 12:11 - 00069194 _____ (3Com Corporation) C:\WINDOWS\system32\dllcache\el656cd5.sys
2014-01-21 11:44 - 2001-08-17 12:11 - 00060970 _____ (Compaq Computer Corp.) C:\WINDOWS\system32\dllcache\cpqtrnd5.sys
2014-01-21 11:44 - 2001-08-17 12:11 - 00029696 _____ (CNet Technology, Inc.                                                    ) C:\WINDOWS\system32\dllcache\dm9pci5.sys
2014-01-21 11:44 - 2001-08-17 12:11 - 00026698 _____ (D-Link Corporation) C:\WINDOWS\system32\dllcache\dlh5xnd5.sys
2014-01-21 11:44 - 2001-08-17 12:11 - 00024649 _____ (D-Link) C:\WINDOWS\system32\dllcache\dfe650d.sys
2014-01-21 11:44 - 2001-08-17 12:11 - 00024648 _____ (D-Link) C:\WINDOWS\system32\dllcache\dfe650.sys
2014-01-21 11:44 - 2001-08-17 12:11 - 00020928 _____ (Digital Networks, LLC) C:\WINDOWS\system32\dllcache\defpa.sys
2014-01-21 11:44 - 2001-08-17 12:11 - 00012362 _____ (FUJITSU LIMITED) C:\WINDOWS\system32\dllcache\f3ab18xi.sys
2014-01-21 11:44 - 2001-08-17 12:11 - 00011850 _____ (FUJITSU LIMITED) C:\WINDOWS\system32\dllcache\f3ab18xj.sys
2014-01-21 11:44 - 2001-08-17 12:10 - 00069692 _____ (3Com Corporation) C:\WINDOWS\system32\dllcache\el575nd5.sys
2014-01-21 11:44 - 2001-08-17 12:10 - 00055999 _____ (3Com Corporation) C:\WINDOWS\system32\dllcache\el556nd5.sys
2014-01-21 11:44 - 2001-08-17 12:10 - 00044103 _____ (3Com Corporation) C:\WINDOWS\system32\dllcache\el515.sys
2014-01-21 11:44 - 2001-08-17 12:10 - 00026141 _____ (3Com Corporation) C:\WINDOWS\system32\dllcache\el589nd5.sys
2014-01-21 11:44 - 2001-08-17 12:10 - 00025159 _____ (3Com Corporation) C:\WINDOWS\system32\dllcache\elnk3.sys
2014-01-21 11:44 - 2001-08-17 12:10 - 00024653 _____ (3Com Corporation) C:\WINDOWS\system32\dllcache\el574nd4.sys
2014-01-21 11:44 - 2001-08-17 12:10 - 00022090 _____ (3Com Corporation) C:\WINDOWS\system32\dllcache\fem556n5.sys
2014-01-21 11:44 - 2001-08-17 12:10 - 00019996 _____ (3Com Corporation) C:\WINDOWS\system32\dllcache\em556n4.sys
2014-01-21 11:43 - 2008-04-14 05:41 - 00121856 _____ (Microsoft Corporation) C:\WINDOWS\system32\dllcache\camext30.dll
2014-01-21 11:43 - 2008-04-14 00:16 - 00038912 _____ (Microsoft Corporation) C:\WINDOWS\system32\dllcache\avc.sys
2014-01-21 11:43 - 2008-04-14 00:16 - 00013696 _____ (Microsoft Corporation) C:\WINDOWS\system32\dllcache\avcstrm.sys
2014-01-21 11:43 - 2008-04-14 00:11 - 00008192 _____ (Microsoft Corporation) C:\WINDOWS\system32\dllcache\changer.sys
2014-01-21 11:43 - 2008-04-14 00:06 - 00014208 _____ (Microsoft Corporation) C:\WINDOWS\system32\dllcache\battc.sys
2014-01-21 11:43 - 2008-04-14 00:06 - 00013952 _____ (Microsoft Corporation) C:\WINDOWS\system32\dllcache\cmbatt.sys
2014-01-21 11:43 - 2008-04-14 00:06 - 00010240 _____ (Microsoft Corporation) C:\WINDOWS\system32\dllcache\compbatt.sys
2014-01-21 11:43 - 2008-04-13 22:05 - 00036224 _____ (ADMtek Incorporated.) C:\WINDOWS\system32\dllcache\an983.sys
2014-01-21 11:43 - 2002-08-29 05:00 - 01677824 _____ (Microsoft Corporation) C:\WINDOWS\system32\dllcache\chsbrkr.dll
2014-01-21 11:43 - 2002-08-29 05:00 - 00838144 _____ (Microsoft Corporation) C:\WINDOWS\system32\dllcache\chtbrkr.dll
2014-01-21 11:43 - 2002-08-29 05:00 - 00195618 _____ C:\WINDOWS\system32\dllcache\c_10002.nls
2014-01-21 11:43 - 2002-08-29 05:00 - 00189986 _____ C:\WINDOWS\system32\dllcache\c_1361.nls
2014-01-21 11:43 - 2002-08-29 05:00 - 00187938 _____ C:\WINDOWS\system32\dllcache\c_20005.nls
2014-01-21 11:43 - 2002-08-29 05:00 - 00186402 _____ C:\WINDOWS\system32\dllcache\c_20001.nls
2014-01-21 11:43 - 2002-08-29 05:00 - 00185378 _____ C:\WINDOWS\system32\dllcache\c_20003.nls
2014-01-21 11:43 - 2002-08-29 05:00 - 00180770 _____ C:\WINDOWS\system32\dllcache\c_20932.nls
2014-01-21 11:43 - 2002-08-29 05:00 - 00180258 _____ C:\WINDOWS\system32\dllcache\c_20004.nls
2014-01-21 11:43 - 2002-08-29 05:00 - 00180258 _____ C:\WINDOWS\system32\dllcache\c_20000.nls
2014-01-21 11:43 - 2002-08-29 05:00 - 00177698 _____ C:\WINDOWS\system32\dllcache\c_20949.nls
2014-01-21 11:43 - 2002-08-29 05:00 - 00177698 _____ C:\WINDOWS\system32\dllcache\c_10003.nls
2014-01-21 11:43 - 2002-08-29 05:00 - 00173602 _____ C:\WINDOWS\system32\dllcache\c_20936.nls
2014-01-21 11:43 - 2002-08-29 05:00 - 00173602 _____ C:\WINDOWS\system32\dllcache\c_20002.nls
2014-01-21 11:43 - 2002-08-29 05:00 - 00173602 _____ C:\WINDOWS\system32\dllcache\c_10008.nls
2014-01-21 11:43 - 2002-08-29 05:00 - 00162850 _____ C:\WINDOWS\system32\dllcache\c_10001.nls
2014-01-21 11:43 - 2002-08-29 05:00 - 00082172 _____ C:\WINDOWS\system32\dllcache\bopomofo.nls
2014-01-21 11:43 - 2002-08-29 05:00 - 00066728 _____ C:\WINDOWS\system32\dllcache\big5.nls
2014-01-21 11:43 - 2002-08-29 05:00 - 00066594 _____ C:\WINDOWS\system32\dllcache\c_864.nls
2014-01-21 11:43 - 2002-08-29 05:00 - 00066594 _____ C:\WINDOWS\system32\dllcache\c_862.nls
2014-01-21 11:43 - 2002-08-29 05:00 - 00066594 _____ C:\WINDOWS\system32\dllcache\c_858.nls
2014-01-21 11:43 - 2002-08-29 05:00 - 00066594 _____ C:\WINDOWS\system32\dllcache\c_720.nls
2014-01-21 11:43 - 2002-08-29 05:00 - 00066082 _____ C:\WINDOWS\system32\dllcache\c_870.nls
2014-01-21 11:43 - 2002-08-29 05:00 - 00066082 _____ C:\WINDOWS\system32\dllcache\c_708.nls
2014-01-21 11:43 - 2002-08-29 05:00 - 00066082 _____ C:\WINDOWS\system32\dllcache\c_28596.nls
2014-01-21 11:43 - 2002-08-29 05:00 - 00066082 _____ C:\WINDOWS\system32\dllcache\c_21027.nls
2014-01-21 11:43 - 2002-08-29 05:00 - 00066082 _____ C:\WINDOWS\system32\dllcache\c_21025.nls
2014-01-21 11:43 - 2002-08-29 05:00 - 00066082 _____ C:\WINDOWS\system32\dllcache\c_20924.nls
2014-01-21 11:43 - 2002-08-29 05:00 - 00066082 _____ C:\WINDOWS\system32\dllcache\c_20880.nls
2014-01-21 11:43 - 2002-08-29 05:00 - 00066082 _____ C:\WINDOWS\system32\dllcache\c_20871.nls
2014-01-21 11:43 - 2002-08-29 05:00 - 00066082 _____ C:\WINDOWS\system32\dllcache\c_20838.nls
2014-01-21 11:43 - 2002-08-29 05:00 - 00066082 _____ C:\WINDOWS\system32\dllcache\c_20833.nls
2014-01-21 11:43 - 2002-08-29 05:00 - 00066082 _____ C:\WINDOWS\system32\dllcache\c_20424.nls
2014-01-21 11:43 - 2002-08-29 05:00 - 00066082 _____ C:\WINDOWS\system32\dllcache\c_20423.nls
2014-01-21 11:43 - 2002-08-29 05:00 - 00066082 _____ C:\WINDOWS\system32\dllcache\c_20420.nls
2014-01-21 11:43 - 2002-08-29 05:00 - 00066082 _____ C:\WINDOWS\system32\dllcache\c_20297.nls
2014-01-21 11:43 - 2002-08-29 05:00 - 00066082 _____ C:\WINDOWS\system32\dllcache\c_20290.nls
2014-01-21 11:43 - 2002-08-29 05:00 - 00066082 _____ C:\WINDOWS\system32\dllcache\c_20285.nls
2014-01-21 11:43 - 2002-08-29 05:00 - 00066082 _____ C:\WINDOWS\system32\dllcache\c_20284.nls
2014-01-21 11:43 - 2002-08-29 05:00 - 00066082 _____ C:\WINDOWS\system32\dllcache\c_20280.nls
2014-01-21 11:43 - 2002-08-29 05:00 - 00066082 _____ C:\WINDOWS\system32\dllcache\c_20278.nls
2014-01-21 11:43 - 2002-08-29 05:00 - 00066082 _____ C:\WINDOWS\system32\dllcache\c_20277.nls
2014-01-21 11:43 - 2002-08-29 05:00 - 00066082 _____ C:\WINDOWS\system32\dllcache\c_20273.nls
2014-01-21 11:43 - 2002-08-29 05:00 - 00066082 _____ C:\WINDOWS\system32\dllcache\c_20269.nls
2014-01-21 11:43 - 2002-08-29 05:00 - 00066082 _____ C:\WINDOWS\system32\dllcache\c_20108.nls
2014-01-21 11:43 - 2002-08-29 05:00 - 00066082 _____ C:\WINDOWS\system32\dllcache\c_20107.nls
2014-01-21 11:43 - 2002-08-29 05:00 - 00066082 _____ C:\WINDOWS\system32\dllcache\c_20106.nls
2014-01-21 11:43 - 2002-08-29 05:00 - 00066082 _____ C:\WINDOWS\system32\dllcache\c_20105.nls
2014-01-21 11:43 - 2002-08-29 05:00 - 00066082 _____ C:\WINDOWS\system32\dllcache\c_1149.nls
2014-01-21 11:43 - 2002-08-29 05:00 - 00066082 _____ C:\WINDOWS\system32\dllcache\c_1148.nls
2014-01-21 11:43 - 2002-08-29 05:00 - 00066082 _____ C:\WINDOWS\system32\dllcache\c_1147.nls
2014-01-21 11:43 - 2002-08-29 05:00 - 00066082 _____ C:\WINDOWS\system32\dllcache\c_1146.nls
2014-01-21 11:43 - 2002-08-29 05:00 - 00066082 _____ C:\WINDOWS\system32\dllcache\c_1145.nls
2014-01-21 11:43 - 2002-08-29 05:00 - 00066082 _____ C:\WINDOWS\system32\dllcache\c_1144.nls
2014-01-21 11:43 - 2002-08-29 05:00 - 00066082 _____ C:\WINDOWS\system32\dllcache\c_1143.nls
2014-01-21 11:43 - 2002-08-29 05:00 - 00066082 _____ C:\WINDOWS\system32\dllcache\c_1142.nls
2014-01-21 11:43 - 2002-08-29 05:00 - 00066082 _____ C:\WINDOWS\system32\dllcache\c_1141.nls
2014-01-21 11:43 - 2002-08-29 05:00 - 00066082 _____ C:\WINDOWS\system32\dllcache\c_1140.nls
2014-01-21 11:43 - 2002-08-29 05:00 - 00066082 _____ C:\WINDOWS\system32\dllcache\c_1047.nls
2014-01-21 11:43 - 2002-08-29 05:00 - 00066082 _____ C:\WINDOWS\system32\dllcache\c_10021.nls
2014-01-21 11:43 - 2002-08-29 05:00 - 00066082 _____ C:\WINDOWS\system32\dllcache\c_10005.nls
2014-01-21 11:43 - 2002-08-29 05:00 - 00066082 _____ C:\WINDOWS\system32\dllcache\c_10004.nls
2014-01-21 11:43 - 2002-08-29 05:00 - 00054528 _____ (Philips Semiconductors GmbH) C:\WINDOWS\system32\dllcache\cap7146.sys
2014-01-21 11:43 - 2002-08-29 05:00 - 00045568 _____ (Microsoft Corporation) C:\WINDOWS\system32\dllcache\browscap.dll
2014-01-21 11:43 - 2002-08-29 05:00 - 00033792 _____ (Microsoft Corporation) C:\WINDOWS\system32\dllcache\controt.dll
2014-01-21 11:43 - 2002-08-29 05:00 - 00029184 _____ (Microsoft Corporation) C:\WINDOWS\system32\dllcache\asptxn.dll
2014-01-21 11:43 - 2002-08-29 05:00 - 00015872 _____ (Microsoft Corporation) C:\WINDOWS\system32\dllcache\chgport.exe
2014-01-21 11:43 - 2002-08-29 05:00 - 00014336 _____ (Microsoft Corporation) C:\WINDOWS\system32\dllcache\chgusr.exe
2014-01-21 11:43 - 2002-08-29 05:00 - 00013312 _____ (Microsoft Corporation) C:\WINDOWS\system32\dllcache\chglogon.exe
2014-01-21 11:43 - 2002-08-29 05:00 - 00010752 _____ (Microsoft Corporation) C:\WINDOWS\system32\dllcache\c_iscii.dll
2014-01-21 11:43 - 2002-08-29 05:00 - 00010240 _____ (Microsoft Corporation) C:\WINDOWS\system32\dllcache\aspperf.dll
2014-01-21 11:43 - 2002-08-29 05:00 - 00009728 _____ (Microsoft Corporation) C:\WINDOWS\system32\dllcache\change.exe
2014-01-21 11:43 - 2002-08-29 05:00 - 00009216 _____ (Microsoft Corporation) C:\WINDOWS\system32\dllcache\authfilt.dll
2014-01-21 11:43 - 2002-08-29 05:00 - 00006656 _____ (Microsoft Corporation) C:\WINDOWS\system32\dllcache\c_is2022.dll
2014-01-21 11:43 - 2001-08-17 22:37 - 00244224 _____ (Microsoft Corporation) C:\WINDOWS\system32\dllcache\camext20.ax
2014-01-21 11:43 - 2001-08-17 22:37 - 00116736 _____ (Microsoft Corporation) C:\WINDOWS\system32\dllcache\camext30.ax
2014-01-21 11:43 - 2001-08-17 22:37 - 00073216 _____ (Microsoft Corporation) C:\WINDOWS\system32\dllcache\camexo20.ax
2014-01-21 11:43 - 2001-08-17 22:36 - 00236032 _____ (Microsoft Corporation) C:\WINDOWS\system32\dllcache\camext20.dll
2014-01-21 11:43 - 2001-08-17 22:36 - 00144384 _____ (AVM GmbH) C:\WINDOWS\system32\dllcache\avmenum.dll
2014-01-21 11:43 - 2001-08-17 22:36 - 00102400 _____ (Microsoft Corporation) C:\WINDOWS\system32\dllcache\binlsvc.dll
2014-01-21 11:43 - 2001-08-17 22:36 - 00087552 _____ (AVM GmbH) C:\WINDOWS\system32\dllcache\avmcoxp.dll
2014-01-21 11:43 - 2001-08-17 22:36 - 00081408 _____ (Microsoft Corporation) C:\WINDOWS\system32\dllcache\brmfcwia.dll
2014-01-21 11:43 - 2001-08-17 22:36 - 00074240 _____ (Microsoft Corporation) C:\WINDOWS\system32\dllcache\camexo20.dll
2014-01-21 11:43 - 2001-08-17 22:36 - 00045056 _____ (Microsoft Corporation) C:\WINDOWS\system32\dllcache\EXCH_aqadmin.dll
2014-01-21 11:43 - 2001-08-17 22:36 - 00044032 _____ (Microsoft Corporation) C:\WINDOWS\system32\dllcache\cnusd.dll
2014-01-21 11:43 - 2001-08-17 22:36 - 00041472 _____ (Brother Industries, Ltd.) C:\WINDOWS\system32\dllcache\brmfusb.dll
2014-01-21 11:43 - 2001-08-17 22:36 - 00037376 _____ (Microsoft Corporation) C:\WINDOWS\system32\dllcache\atievxx.exe
2014-01-21 11:43 - 2001-08-17 22:36 - 00032256 _____ (Eicon Technology Corporation) C:\WINDOWS\system32\dllcache\diapi2NT.dll
2014-01-21 11:43 - 2001-08-17 22:36 - 00032256 _____ (Brother Industries, Ltd.) C:\WINDOWS\system32\dllcache\brmfrsmg.exe
2014-01-21 11:43 - 2001-08-17 22:36 - 00029696 _____ (Brother Industries, Ltd.) C:\WINDOWS\system32\dllcache\brmflpt.dll
2014-01-21 11:43 - 2001-08-17 22:36 - 00019456 _____ (Brother Industries, Ltd.) C:\WINDOWS\system32\dllcache\brbidiif.dll
2014-01-21 11:43 - 2001-08-17 22:36 - 00015360 _____ (Brother Industries, Ltd.) C:\WINDOWS\system32\dllcache\brmfbidi.dll
2014-01-21 11:43 - 2001-08-17 22:36 - 00012800 _____ (Brother Industries, Ltd.) C:\WINDOWS\system32\dllcache\brevif.dll
2014-01-21 11:43 - 2001-08-17 22:36 - 00009728 _____ (Brother Industries, Ltd.) C:\WINDOWS\system32\dllcache\brserif.dll
2014-01-21 11:43 - 2001-08-17 22:36 - 00009728 _____ (Brother Industries Ltd.) C:\WINDOWS\system32\dllcache\brcoinst.dll
2014-01-21 11:43 - 2001-08-17 22:36 - 00005120 _____ (Brother Industries,Ltd.) C:\WINDOWS\system32\dllcache\brscnrsm.dll
2014-01-21 11:43 - 2001-08-17 14:56 - 00342336 _____ (3Dfx Interactive, Inc.) C:\WINDOWS\system32\dllcache\banshee.dll
2014-01-21 11:43 - 2001-08-17 14:56 - 00268160 _____ (ATI Technologies Inc.) C:\WINDOWS\system32\dllcache\atidvai.dll
2014-01-21 11:43 - 2001-08-17 14:56 - 00170880 _____ (Microsoft Corporation) C:\WINDOWS\system32\dllcache\cl546x.dll
2014-01-21 11:43 - 2001-08-17 14:56 - 00137216 _____ (ATI Technologies Inc.) C:\WINDOWS\system32\dllcache\atidrae.dll
2014-01-21 11:43 - 2001-08-17 14:56 - 00111232 _____ (Microsoft Corporation) C:\WINDOWS\system32\dllcache\cl5465.dll
2014-01-21 11:43 - 2001-08-17 14:56 - 00104832 _____ (ATI Technologies Inc.) C:\WINDOWS\system32\dllcache\atiraged.dll
2014-01-21 11:43 - 2001-08-17 14:56 - 00091264 _____ (Microsoft Corporation) C:\WINDOWS\system32\dllcache\cirrus.dll
2014-01-21 11:43 - 2001-08-17 14:55 - 00382592 _____ (ATI Technologies Inc.) C:\WINDOWS\system32\dllcache\atidrab.dll
2014-01-21 11:43 - 2001-08-17 14:55 - 00096128 _____ (Microsoft Corporation) C:\WINDOWS\system32\dllcache\ati.dll
2014-01-21 11:43 - 2001-08-17 14:05 - 00314752 _____ (Microsoft Corporation) C:\WINDOWS\system32\dllcache\camdro21.sys
2014-01-21 11:43 - 2001-08-17 14:04 - 00223232 _____ (Microsoft Corporation) C:\WINDOWS\system32\dllcache\camdrv21.sys
2014-01-21 11:43 - 2001-08-17 14:04 - 00171264 _____ (Microsoft Corporation) C:\WINDOWS\system32\dllcache\camdrv30.sys
2014-01-21 11:43 - 2001-08-17 14:02 - 00272640 _____ (RAVISENT Technologies Inc.) C:\WINDOWS\system32\dllcache\cinemclc.sys
2014-01-21 11:43 - 2001-08-17 14:01 - 00036096 _____ (Microsoft Corporation) C:\WINDOWS\system32\dllcache\avcaudio.sys
2014-01-21 11:43 - 2001-08-17 13:57 - 00248064 _____ (Microsoft Corporation) C:\WINDOWS\system32\dllcache\cl546xm.sys
2014-01-21 11:43 - 2001-08-17 13:57 - 00077568 _____ (ATI Technologies, Inc.) C:\WINDOWS\system32\dllcache\ati.sys
2014-01-21 11:43 - 2001-08-17 13:57 - 00045696 _____ (Microsoft Corporation) C:\WINDOWS\system32\dllcache\cirrus.sys
2014-01-21 11:43 - 2001-08-17 13:51 - 00020736 _____ (OMNIKEY AG) C:\WINDOWS\system32\dllcache\cmbp0wdm.sys
2014-01-21 11:43 - 2001-08-17 13:51 - 00013824 _____ (Microsoft Corporation) C:\WINDOWS\system32\dllcache\bulltlp3.sys
2014-01-21 11:43 - 2001-08-17 13:49 - 00026624 _____ (Acer Laboratories Inc.) C:\WINDOWS\system32\dllcache\alifir.sys
2014-01-21 11:43 - 2001-08-17 13:47 - 00006272 _____ (Microsoft Corporation) C:\WINDOWS\system32\dllcache\apmbatt.sys
2014-01-21 11:43 - 2001-08-17 13:28 - 00714698 _____ (Xircom, Inc.) C:\WINDOWS\system32\dllcache\cbmdmkxx.sys
2014-01-21 11:43 - 2001-08-17 13:12 - 00060416 _____ (Brother Industries Ltd.) C:\WINDOWS\system32\dllcache\brserwdm.sys
2014-01-21 11:43 - 2001-08-17 13:12 - 00039552 _____ (Brother Industries Ltd.) C:\WINDOWS\system32\dllcache\brparwdm.sys
2014-01-21 11:43 - 2001-08-17 13:12 - 00012160 _____ (Brother Industries, Ltd.) C:\WINDOWS\system32\dllcache\brfiltlo.sys
2014-01-21 11:43 - 2001-08-17 13:12 - 00011008 _____ (Brother Industries Ltd.) C:\WINDOWS\system32\dllcache\brusbmdm.sys
2014-01-21 11:43 - 2001-08-17 13:12 - 00010368 _____ (Brother Industries Ltd.) C:\WINDOWS\system32\dllcache\brusbscn.sys
2014-01-21 11:43 - 2001-08-17 13:12 - 00003968 _____ (Brother Industries, Ltd.) C:\WINDOWS\system32\dllcache\brfiltup.sys
2014-01-21 11:43 - 2001-08-17 13:12 - 00003168 _____ (Brother Industries Ltd.) C:\WINDOWS\system32\dllcache\brparimg.sys
2014-01-21 11:43 - 2001-08-17 13:12 - 00002944 _____ (Brother Industries Ltd.) C:\WINDOWS\system32\dllcache\brfilt.sys
2014-01-21 11:43 - 2001-08-17 12:49 - 00075136 _____ (ATI Technologies Inc.) C:\WINDOWS\system32\dllcache\atimpae.sys
2014-01-21 11:43 - 2001-08-17 12:49 - 00049920 _____ C:\WINDOWS\system32\dllcache\atirtcap.sys
2014-01-21 11:43 - 2001-08-17 12:49 - 00046464 _____ C:\WINDOWS\system32\dllcache\atibt829.sys
2014-01-21 11:43 - 2001-08-17 12:49 - 00026880 _____ C:\WINDOWS\system32\dllcache\atirtsnd.sys
2014-01-21 11:43 - 2001-08-17 12:49 - 00026624 _____ C:\WINDOWS\system32\dllcache\ativxbar.sys
2014-01-21 11:43 - 2001-08-17 12:49 - 00023552 _____ C:\WINDOWS\system32\dllcache\atixbar.sys
2014-01-21 11:43 - 2001-08-17 12:49 - 00019456 _____ C:\WINDOWS\system32\dllcache\ativttxx.sys
2014-01-21 11:43 - 2001-08-17 12:49 - 00017152 _____ C:\WINDOWS\system32\dllcache\atitvsnd.sys
2014-01-21 11:43 - 2001-08-17 12:49 - 00017152 _____ C:\WINDOWS\system32\dllcache\atitunep.sys
2014-01-21 11:43 - 2001-08-17 12:49 - 00010240 _____ C:\WINDOWS\system32\dllcache\atipcxxx.sys
2014-01-21 11:43 - 2001-08-17 12:49 - 00009472 _____ C:\WINDOWS\system32\dllcache\ativmdcd.sys
2014-01-21 11:43 - 2001-08-17 12:48 - 00289664 _____ (ATI Technologies Inc.) C:\WINDOWS\system32\dllcache\atimpab.sys
2014-01-21 11:43 - 2001-08-17 12:48 - 00281600 _____ (ATI Technologies Inc.) C:\WINDOWS\system32\dllcache\atimtai.sys
2014-01-21 11:43 - 2001-08-17 12:48 - 00070528 _____ (ATI Technologies Inc.) C:\WINDOWS\system32\dllcache\atiragem.sys
2014-01-21 11:43 - 2001-08-17 12:48 - 00036128 _____ (3Dfx Interactive, Inc.) C:\WINDOWS\system32\dllcache\banshee.sys
2014-01-21 11:43 - 2001-08-17 12:19 - 00036992 _____ (Aztech Systems Ltd) C:\WINDOWS\system32\dllcache\aztw2320.sys
2014-01-21 11:43 - 2001-08-17 12:13 - 00980034 _____ (Xircom) C:\WINDOWS\system32\dllcache\cicap.sys
2014-01-21 11:43 - 2001-08-17 12:13 - 00164923 _____ (Eicon Technology) C:\WINDOWS\system32\dllcache\diapi2.sys
2014-01-21 11:43 - 2001-08-17 12:13 - 00089952 _____ (AVM GmbH) C:\WINDOWS\system32\dllcache\b1cbase.sys
2014-01-21 11:43 - 2001-08-17 12:13 - 00049182 _____ (Xircom, Inc.) C:\WINDOWS\system32\dllcache\cem56n5.sys
2014-01-21 11:43 - 2001-08-17 12:13 - 00046108 _____ (Xircom, Inc.) C:\WINDOWS\system32\dllcache\cben5.sys
2014-01-21 11:43 - 2001-08-17 12:13 - 00037568 _____ (AVM GmbH) C:\WINDOWS\system32\dllcache\avmwan.sys
2014-01-21 11:43 - 2001-08-17 12:13 - 00027164 _____ (Xircom, Inc.) C:\WINDOWS\system32\dllcache\ce3n5.sys
2014-01-21 11:43 - 2001-08-17 12:13 - 00022044 _____ (Xircom, Inc.) C:\WINDOWS\system32\dllcache\cem33n5.sys
2014-01-21 11:43 - 2001-08-17 12:13 - 00022044 _____ (Xircom, Inc.) C:\WINDOWS\system32\dllcache\cem28n5.sys
2014-01-21 11:43 - 2001-08-17 12:13 - 00021530 _____ (Xircom, Inc.) C:\WINDOWS\system32\dllcache\ce2n5.sys
2014-01-21 11:43 - 2001-08-17 12:12 - 00097354 _____ (Bay Networks, Inc.) C:\WINDOWS\system32\dllcache\aspndis3.sys
2014-01-21 11:43 - 2001-08-17 12:12 - 00039680 _____ (Silicom Ltd.) C:\WINDOWS\system32\dllcache\cb325.sys
2014-01-21 11:43 - 2001-08-17 12:12 - 00037916 _____ (Fast Ethernet Controller Provider) C:\WINDOWS\system32\dllcache\cb102.sys
2014-01-21 11:43 - 2001-08-17 12:11 - 00096640 _____ (Broadcom Corporation) C:\WINDOWS\system32\dllcache\b57xp32.sys
2014-01-21 11:43 - 2001-08-17 12:11 - 00066557 _____ (Broadcom Corporation) C:\WINDOWS\system32\dllcache\bcm42u.sys
2014-01-21 11:43 - 2001-08-17 12:11 - 00054271 _____ (Broadcom Corporation) C:\WINDOWS\system32\dllcache\bcm42xx5.sys
2014-01-21 11:43 - 2001-08-17 12:11 - 00039936 _____ (Conexant Systems, Inc.) C:\WINDOWS\system32\dllcache\cnxt1803.sys
2014-01-21 11:43 - 2001-08-17 12:11 - 00031529 _____ (BreezeCOM) C:\WINDOWS\system32\dllcache\brzwlan.sys
2014-01-21 11:43 - 2001-08-17 12:11 - 00027678 _____ (Acer Laboratories Inc.) C:\WINDOWS\system32\dllcache\ali5261.sys
2014-01-21 11:43 - 2001-08-17 12:11 - 00026568 _____ (Broadcom Corporation) C:\WINDOWS\system32\dllcache\bcm4e5.sys
2014-01-21 11:43 - 2001-08-17 12:11 - 00016969 _____ (AmbiCom, Inc.) C:\WINDOWS\system32\dllcache\amb8002.sys
2014-01-21 11:42 - 2008-04-14 00:16 - 00053376 _____ (Microsoft Corporation) C:\WINDOWS\system32\dllcache\1394bus.sys
2014-01-21 11:42 - 2008-04-14 00:16 - 00048128 _____ (Microsoft Corporation) C:\WINDOWS\system32\dllcache\61883.sys
2014-01-21 11:42 - 2008-04-14 00:10 - 00012288 _____ (Microsoft Corporation) C:\WINDOWS\system32\dllcache\4mmdat.sys
2014-01-21 11:42 - 2008-04-13 22:06 - 00231552 _____ (Acer Laboratories Inc.) C:\WINDOWS\system32\dllcache\ac97ali.sys
2014-01-21 11:42 - 2008-04-13 22:06 - 00084480 _____ (VIA Technologies, Inc.) C:\WINDOWS\system32\dllcache\ac97via.sys
2014-01-21 11:42 - 2008-04-13 22:06 - 00010880 _____ (Aureal, Inc.) C:\WINDOWS\system32\dllcache\admjoy.sys
2014-01-21 11:42 - 2002-08-29 05:00 - 00169984 _____ (Microsoft Corporation) C:\WINDOWS\system32\dllcache\iisui.dll
2014-01-21 11:42 - 2002-08-29 05:00 - 00094720 _____ (Microsoft Corporation) C:\WINDOWS\system32\dllcache\certmap.ocx
2014-01-21 11:42 - 2002-08-29 05:00 - 00049664 _____ (Microsoft Corporation) C:\WINDOWS\system32\dllcache\adrot.dll
2014-01-21 11:42 - 2002-08-29 05:00 - 00019968 _____ (Microsoft Corporation) C:\WINDOWS\system32\dllcache\inetsloc.dll
2014-01-21 11:42 - 2002-08-29 05:00 - 00014336 _____ (Microsoft Corporation) C:\WINDOWS\system32\dllcache\iisreset.exe
2014-01-21 11:42 - 2002-08-29 05:00 - 00007680 _____ (Microsoft Corporation) C:\WINDOWS\system32\dllcache\inetmgr.exe
2014-01-21 11:42 - 2002-08-29 05:00 - 00007168 _____ (Microsoft Corporation) C:\WINDOWS\system32\dllcache\wamregps.dll
2014-01-21 11:42 - 2002-08-29 05:00 - 00006144 _____ (Microsoft Corporation) C:\WINDOWS\system32\dllcache\ftpsapi2.dll
2014-01-21 11:42 - 2002-08-29 05:00 - 00006144 _____ (Microsoft Corporation) C:\WINDOWS\system32\dllcache\admxprox.dll
2014-01-21 11:42 - 2002-08-29 05:00 - 00005632 _____ (Microsoft Corporation) C:\WINDOWS\system32\dllcache\iisrstap.dll
2014-01-21 11:42 - 2001-08-17 22:37 - 00024576 _____ (Microsoft Corporation) C:\WINDOWS\system32\dllcache\agcgauge.ax
2014-01-21 11:42 - 2001-08-17 22:36 - 00462848 _____ (Aureal Inc.) C:\WINDOWS\system32\dllcache\a3dapi.dll
2014-01-21 11:42 - 2001-08-17 22:36 - 00061440 _____ (Color Flatbed Scanner) C:\WINDOWS\system32\dllcache\acerscad.dll
2014-01-21 11:42 - 2001-08-17 22:36 - 00005632 _____ (Microsoft Corporation) C:\WINDOWS\system32\dllcache\EXCH_adsiisex.dll
2014-01-21 11:42 - 2001-08-17 14:56 - 00066048 _____ (Microsoft Corporation) C:\WINDOWS\system32\dllcache\s3legacy.dll
2014-01-21 11:42 - 2001-08-17 14:55 - 00689216 _____ (3dfx Interactive, Inc.) C:\WINDOWS\system32\dllcache\3dfxvs.dll
2014-01-21 11:42 - 2001-08-17 14:55 - 00038400 _____ (Microsoft Corporation) C:\WINDOWS\system32\dllcache\8514a.dll
2014-01-21 11:42 - 2001-08-17 14:06 - 00011264 _____ (Microsoft Corporation) C:\WINDOWS\system32\dllcache\1394vdbg.sys
2014-01-21 11:42 - 2001-08-17 13:53 - 00007424 _____ (Microsoft Corporation) C:\WINDOWS\system32\dllcache\adicvls.sys
2014-01-21 11:42 - 2001-08-17 13:28 - 00762780 _____ (3Com, Inc.) C:\WINDOWS\system32\dllcache\3cwmcru.sys
2014-01-21 11:42 - 2001-08-17 12:48 - 00148352 _____ (3dfx Interactive, Inc.) C:\WINDOWS\system32\dllcache\3dfxvsm.sys
2014-01-21 11:42 - 2001-08-17 12:20 - 00297728 _____ (Silicon Integrated Systems Corp.) C:\WINDOWS\system32\dllcache\ac97sis.sys
2014-01-21 11:42 - 2001-08-17 12:20 - 00096256 _____ (Intel Corporation) C:\WINDOWS\system32\dllcache\ac97intc.sys
2014-01-21 11:42 - 2001-08-17 12:19 - 00747392 _____ (Aureal, Inc.) C:\WINDOWS\system32\dllcache\adm8830.sys
2014-01-21 11:42 - 2001-08-17 12:19 - 00584448 _____ (Aureal, Inc.) C:\WINDOWS\system32\dllcache\adm8810.sys
2014-01-21 11:42 - 2001-08-17 12:19 - 00553984 _____ (Aureal, Inc.) C:\WINDOWS\system32\dllcache\adm8820.sys
2014-01-21 11:42 - 2001-08-17 12:11 - 00046112 _____ (Adaptec, Inc ) C:\WINDOWS\system32\dllcache\adptsf50.sys
2014-01-21 11:42 - 2001-08-17 12:11 - 00020160 _____ (ADMtek Incorporated) C:\WINDOWS\system32\dllcache\adm8511.sys
2014-01-21 11:11 - 2014-01-21 11:12 - 00009107 _____ C:\WINDOWS\KB942288-v3.log
2014-01-21 11:11 - 2014-01-21 11:11 - 00000000 __HDC C:\WINDOWS\$NtUninstallKB942288-v3$
2014-01-19 13:47 - 2014-01-19 13:52 - 00001342 _____ C:\Documents and Settings\Salon\Desktop\Search.txt
2014-01-18 10:05 - 2014-01-18 10:05 - 00000000 ____S C:\WINDOWS\system32\nxjqzst.hzj
2014-01-17 09:43 - 2014-01-17 09:46 - 00022894 _____ C:\Documents and Settings\Salon\Desktop\Addition.txt
2014-01-17 09:29 - 2014-01-23 00:16 - 00000000 ____D C:\FRST
2014-01-17 09:28 - 2014-01-17 09:29 - 00000000 ____D C:\Program Files\Mozilla Firefox
2014-01-16 22:34 - 2014-01-16 22:34 - 00003389 _____ C:\Documents and Settings\Salon\Desktop\attach.zip
2014-01-16 22:33 - 2014-01-16 22:33 - 00011695 _____ C:\Documents and Settings\Salon\Desktop\dds.txt
2014-01-16 22:33 - 2014-01-16 22:33 - 00010836 _____ C:\Documents and Settings\Salon\Desktop\attach.txt
2014-01-16 20:15 - 2014-01-16 20:26 - 00000000 _____ C:\Documents and Settings\Salon\Desktop\sfcdetails.txt
2014-01-16 17:09 - 2014-01-16 22:07 - 00004070 _____ C:\Documents and Settings\Salon\Desktop\Rkill.txt
2014-01-16 17:09 - 2014-01-15 21:45 - 01933048 _____ (Bleeping Computer, LLC) C:\Documents and Settings\Salon\Desktop\rkill(1).exe
2014-01-16 00:49 - 2014-01-16 00:49 - 00000000 ____D C:\Documents and Settings\LocalService\Local Settings\Application Data\LogMeIn
2014-01-15 20:23 - 2014-01-17 14:45 - 02250054 _____ C:\Documents and Settings\LocalService\Application Data\wincreen.bmp
2014-01-13 23:40 - 2014-01-24 09:33 - 00000000 ____D C:\Documents and Settings\Salon\Local Settings\Application Data\DoNotTrackPlus
2014-01-13 23:39 - 2014-01-13 23:39 - 00000000 ____D C:\Documents and Settings\All Users\Start Menu\Programs\Check Point
2014-01-12 14:48 - 2014-01-12 14:48 - 00016384 ____H C:\WINDOWS\system32\config\DEFAULT.tmp.LOG
2014-01-12 14:48 - 2014-01-12 14:48 - 00008192 ____H C:\WINDOWS\system32\config\SECURITY.tmp.LOG
2014-01-12 14:48 - 2014-01-12 14:48 - 00000000 ____H C:\WINDOWS\system32\config\SYSTEM.tmp.LOG
2014-01-12 14:48 - 2014-01-12 14:48 - 00000000 ____H C:\WINDOWS\system32\config\SOFTWARE.tmp.LOG
2014-01-12 14:48 - 2014-01-12 14:48 - 00000000 ____H C:\WINDOWS\system32\config\SAM.tmp.LOG
2014-01-12 14:10 - 2014-01-12 14:10 - 00000000 _RSHD C:\cmdcons
2014-01-12 14:10 - 2012-07-12 20:22 - 00000211 _____ C:\Boot.bak
2014-01-12 14:10 - 2004-08-03 23:00 - 00260272 __RSH C:\cmldr
2014-01-12 14:05 - 2011-06-26 01:45 - 00256000 _____ C:\WINDOWS\PEV.exe
2014-01-12 14:05 - 2010-11-07 12:20 - 00208896 _____ C:\WINDOWS\MBR.exe
2014-01-12 14:05 - 2009-04-19 23:56 - 00060416 _____ (NirSoft) C:\WINDOWS\NIRCMD.exe
2014-01-12 14:05 - 2000-08-30 19:00 - 00518144 _____ (SteelWerX) C:\WINDOWS\SWREG.exe
2014-01-12 14:05 - 2000-08-30 19:00 - 00406528 _____ (SteelWerX) C:\WINDOWS\SWSC.exe
2014-01-12 14:05 - 2000-08-30 19:00 - 00212480 _____ (SteelWerX) C:\WINDOWS\SWXCACLS.exe
2014-01-12 14:05 - 2000-08-30 19:00 - 00098816 _____ C:\WINDOWS\sed.exe
2014-01-12 14:05 - 2000-08-30 19:00 - 00080412 _____ C:\WINDOWS\grep.exe
2014-01-12 14:05 - 2000-08-30 19:00 - 00068096 _____ C:\WINDOWS\zip.exe
2014-01-12 14:04 - 2014-01-22 08:06 - 00000000 ____D C:\Qoobox
2014-01-12 14:02 - 2014-01-12 14:58 - 00000000 ____D C:\WINDOWS\erdnt
2014-01-12 13:48 - 2014-01-12 13:48 - 00000000 ____D C:\Program Files\Common Files\Java
2014-01-12 13:47 - 2013-10-08 07:46 - 00264616 _____ (Oracle Corporation) C:\WINDOWS\system32\javaws.exe
2014-01-12 13:46 - 2013-10-08 07:50 - 00094632 _____ (Oracle Corporation) C:\WINDOWS\system32\WindowsAccessBridge.dll
2014-01-12 13:46 - 2013-10-08 07:46 - 00175016 _____ (Oracle Corporation) C:\WINDOWS\system32\javaw.exe
2014-01-12 13:46 - 2013-10-08 07:46 - 00174504 _____ (Oracle Corporation) C:\WINDOWS\system32\java.exe
2014-01-12 13:45 - 2014-01-12 13:46 - 00005480 _____ C:\WINDOWS\system32\jupdate-1.7.0_45-b18.log
2014-01-12 13:45 - 2014-01-12 13:45 - 00000000 ____D C:\Documents and Settings\All Users\Start Menu\Programs\Java
2014-01-12 12:49 - 2014-01-12 12:49 - 00051416 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\mbamchameleon.sys

==================== One Month Modified Files and Folders =======

2014-01-25 15:28 - 2014-01-25 15:27 - 00016346 _____ C:\Documents and Settings\Salon\Desktop\FRST.txt
2014-01-25 15:26 - 2014-01-25 15:26 - 01222144 _____ (Farbar) C:\Documents and Settings\Salon\Desktop\FRST.exe
2014-01-25 15:26 - 2012-09-23 09:48 - 00000830 _____ C:\WINDOWS\Tasks\Adobe Flash Player Updater.job
2014-01-25 15:25 - 2009-05-17 12:42 - 00000414 _____ C:\WINDOWS\Tasks\Symantec NetDetect.job
2014-01-25 13:05 - 2003-04-23 21:10 - 00032618 _____ C:\WINDOWS\SchedLgU.Txt
2014-01-25 12:34 - 2010-06-20 15:55 - 00000178 ___SH C:\Documents and Settings\LogMeInRemoteUser\NTUSER.INI
2014-01-25 09:44 - 2010-06-19 18:54 - 00000000 ____D C:\Documents and Settings\All Users\Application Data\LogMeIn
2014-01-24 09:33 - 2014-01-13 23:40 - 00000000 ____D C:\Documents and Settings\Salon\Local Settings\Application Data\DoNotTrackPlus
2014-01-23 00:16 - 2014-01-17 09:29 - 00000000 ____D C:\FRST
2014-01-23 00:16 - 2007-03-13 18:45 - 01230608 _____ C:\WINDOWS\WindowsUpdate.log
2014-01-23 00:14 - 2014-01-22 09:47 - 00000772 _____ C:\Documents and Settings\All Users\Start Menu\Programs\LogMeIn Client.lnk
2014-01-23 00:14 - 2003-04-23 21:08 - 00001374 _____ C:\WINDOWS\system32\WPA.DBL
2014-01-23 00:14 - 2002-09-03 13:29 - 00000159 _____ C:\WINDOWS\WIADEBUG.LOG
2014-01-23 00:14 - 2002-09-03 13:29 - 00000049 _____ C:\WINDOWS\WIASERVC.LOG
2014-01-23 00:13 - 2012-09-23 09:48 - 00000000 ____D C:\Program Files\Google
2014-01-23 00:13 - 2003-06-20 11:12 - 00000000 __HDC C:\WINDOWS\$NtUninstallQ810577$
2014-01-23 00:13 - 2003-04-23 21:10 - 00000006 ____H C:\WINDOWS\Tasks\SA.DAT
2014-01-23 00:12 - 2014-01-23 00:12 - 00225288 _____ C:\Documents and Settings\LocalService\Local Settings\Application Data\FontCache3.0.0.0.dat
2014-01-23 00:12 - 2011-08-20 19:48 - 00000278 ___SH C:\Documents and Settings\Salon\NTUSER.INI
2014-01-23 00:12 - 2011-08-20 19:48 - 00000000 ____D C:\Documents and Settings\Salon
2014-01-22 22:06 - 2003-04-23 20:55 - 00000000 __SHD C:\Documents and Settings\NetworkService
2014-01-22 09:47 - 2014-01-22 09:47 - 00000756 _____ C:\Documents and Settings\All Users\Start Menu\Programs\LogMeIn Control Panel.lnk
2014-01-22 09:47 - 2010-06-19 18:53 - 00000000 ____D C:\Program Files\LogMeIn
2014-01-22 09:44 - 2010-06-19 18:54 - 00086888 _____ (LogMeIn, Inc.) C:\WINDOWS\system32\LMIRfsClientNP.dll
2014-01-22 09:44 - 2010-06-19 18:54 - 00085832 _____ (LogMeIn, Inc.) C:\WINDOWS\system32\LMIinit.dll
2014-01-22 09:44 - 2010-06-19 18:54 - 00031560 _____ (LogMeIn, Inc.) C:\WINDOWS\system32\LMIport.dll
2014-01-22 09:44 - 2003-06-20 10:12 - 00000000 ____D C:\WINDOWS\pss
2014-01-22 09:44 - 2003-04-23 21:00 - 00000327 __RSH C:\BOOT.INI
2014-01-22 09:44 - 2002-09-03 13:36 - 00001157 _____ C:\WINDOWS\WIN.INI
2014-01-22 09:44 - 2002-09-03 13:26 - 00000227 _____ C:\WINDOWS\system.ini
2014-01-22 09:42 - 2014-01-22 09:42 - 00000000 ____D C:\Documents and Settings\All Users\Documents\CrashDump
2014-01-22 09:39 - 2012-09-23 09:48 - 00000000 ____D C:\Documents and Settings\Salon\Local Settings\Application Data\Google
2014-01-22 09:39 - 2012-09-23 09:48 - 00000000 ____D C:\Documents and Settings\All Users\Application Data\Google
2014-01-22 09:37 - 2011-09-20 14:40 - 00000000 ____D C:\Documents and Settings\Salon\Local Settings\Application Data\Adobe
2014-01-22 09:30 - 2012-09-23 09:48 - 00692616 _____ (Adobe Systems Incorporated) C:\WINDOWS\system32\FlashPlayerApp.exe
2014-01-22 09:30 - 2011-07-27 08:34 - 00071048 _____ (Adobe Systems Incorporated) C:\WINDOWS\system32\FlashPlayerCPLApp.cpl
2014-01-22 08:06 - 2014-01-22 08:06 - 00017351 _____ C:\ComboFix.txt
2014-01-22 08:06 - 2014-01-12 14:04 - 00000000 ____D C:\Qoobox
2014-01-21 21:12 - 2014-01-21 21:11 - 05172786 ____R (Swearware) C:\Documents and Settings\Salon\Desktop\ComboFix.exe
2014-01-21 15:57 - 2003-04-23 21:32 - 00118672 _____ C:\Documents and Settings\Administrator\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2014-01-21 15:55 - 2002-09-03 13:42 - 00388000 _____ C:\WINDOWS\system32\FNTCACHE.DAT
2014-01-21 15:50 - 2003-06-20 21:13 - 00000000 ____D C:\Documents and Settings\All Users\Start Menu\Programs\HARMS Software Inc
2014-01-21 15:48 - 2014-01-21 15:48 - 00000296 _____ C:\Documents and Settings\Salon\Desktop\registry backup.reg
2014-01-21 11:48 - 2012-01-31 19:05 - 00602582 _____ C:\WINDOWS\setupapi.log
2014-01-21 11:12 - 2014-01-21 11:11 - 00009107 _____ C:\WINDOWS\KB942288-v3.log
2014-01-21 11:12 - 2003-04-23 20:54 - 00000000 ____D C:\WINDOWS\system32\MUI
2014-01-21 11:12 - 2002-09-03 13:50 - 01351746 _____ C:\WINDOWS\IIS6.LOG
2014-01-21 11:12 - 2002-09-03 13:50 - 00507406 _____ C:\WINDOWS\TSOC.LOG
2014-01-21 11:12 - 2002-09-03 13:41 - 00366280 _____ C:\WINDOWS\COMSETUP.LOG
2014-01-21 11:12 - 2002-09-03 13:41 - 00226204 _____ C:\WINDOWS\ntdtcsetup.log
2014-01-21 11:12 - 2002-09-03 13:41 - 00052984 _____ C:\WINDOWS\TABLETOC.LOG
2014-01-21 11:12 - 2002-09-03 13:41 - 00001374 _____ C:\WINDOWS\imsins.log
2014-01-21 11:12 - 2002-09-03 13:32 - 01054871 _____ C:\WINDOWS\FaxSetup.log
2014-01-21 11:12 - 2002-09-03 13:32 - 00569257 _____ C:\WINDOWS\OCGEN.LOG
2014-01-21 11:12 - 2002-09-03 13:32 - 00186993 _____ C:\WINDOWS\NETFXOCM.LOG
2014-01-21 11:12 - 2002-09-03 13:32 - 00077639 _____ C:\WINDOWS\MedCtrOC.log
2014-01-21 11:12 - 2002-09-03 13:32 - 00057468 _____ C:\WINDOWS\OCMSN.LOG
2014-01-21 11:12 - 2002-09-03 13:32 - 00054929 _____ C:\WINDOWS\MSGSOCM.LOG
2014-01-21 11:12 - 2002-09-03 13:30 - 00363110 _____ C:\WINDOWS\MSMQINST.LOG
2014-01-21 11:11 - 2014-01-21 11:11 - 00000000 __HDC C:\WINDOWS\$NtUninstallKB942288-v3$
2014-01-21 10:52 - 2003-03-28 14:31 - 822224320 _____ C:\Documents and Settings\Salon\My Documents\ERRORS.FPT
2014-01-21 10:03 - 2011-05-05 19:59 - 00002327 _____ C:\Documents and Settings\Salon\Desktop\Memeo AutoBackup.lnk
2014-01-19 13:52 - 2014-01-19 13:47 - 00001342 _____ C:\Documents and Settings\Salon\Desktop\Search.txt
2014-01-19 03:25 - 2012-01-07 15:07 - 00000664 _____ C:\WINDOWS\system32\d3d9caps.dat
2014-01-18 17:59 - 2009-01-22 11:06 - 00000284 _____ C:\WINDOWS\Tasks\AppleSoftwareUpdate.job
2014-01-18 10:05 - 2014-01-18 10:05 - 00000000 ____S C:\WINDOWS\system32\nxjqzst.hzj
2014-01-17 14:45 - 2014-01-15 20:23 - 02250054 _____ C:\Documents and Settings\LocalService\Application Data\wincreen.bmp
2014-01-17 12:44 - 2013-07-30 23:26 - 00000000 ____D C:\Program Files\Mozilla Maintenance Service
2014-01-17 09:46 - 2014-01-17 09:43 - 00022894 _____ C:\Documents and Settings\Salon\Desktop\Addition.txt
2014-01-17 09:29 - 2014-01-17 09:28 - 00000000 ____D C:\Program Files\Mozilla Firefox
2014-01-16 22:34 - 2014-01-16 22:34 - 00003389 _____ C:\Documents and Settings\Salon\Desktop\attach.zip
2014-01-16 22:33 - 2014-01-16 22:33 - 00011695 _____ C:\Documents and Settings\Salon\Desktop\dds.txt
2014-01-16 22:33 - 2014-01-16 22:33 - 00010836 _____ C:\Documents and Settings\Salon\Desktop\attach.txt
2014-01-16 22:07 - 2014-01-16 17:09 - 00004070 _____ C:\Documents and Settings\Salon\Desktop\Rkill.txt
2014-01-16 20:26 - 2014-01-16 20:15 - 00000000 _____ C:\Documents and Settings\Salon\Desktop\sfcdetails.txt
2014-01-16 00:50 - 2009-04-10 18:59 - 00000000 ____D C:\Program Files\SUPERAntiSpyware
2014-01-16 00:49 - 2014-01-16 00:49 - 00000000 ____D C:\Documents and Settings\LocalService\Local Settings\Application Data\LogMeIn
2014-01-16 00:42 - 2013-03-22 20:22 - 00002347 _____ C:\Documents and Settings\All Users\Start Menu\Programs\Adobe Reader XI.lnk
2014-01-16 00:37 - 2012-11-16 19:41 - 00000000 __HDC C:\WINDOWS\$NtUninstallKB952004$
2014-01-15 21:45 - 2014-01-16 17:09 - 01933048 _____ (Bleeping Computer, LLC) C:\Documents and Settings\Salon\Desktop\rkill(1).exe
2014-01-15 20:22 - 2013-02-10 11:11 - 00000000 ____D C:\Documents and Settings\LocalService\Local Settings\Application Data\Adobe
2014-01-15 20:22 - 2012-02-18 22:02 - 00000000 ____D C:\Documents and Settings\LocalService\Application Data\Adobe
2014-01-14 12:14 - 2003-04-23 20:55 - 00000000 ____D C:\WINDOWS\Registration
2014-01-14 10:42 - 2003-10-17 11:39 - 00000000 ____D C:\Program Files\Web Publish
2014-01-14 10:42 - 2003-06-20 11:25 - 00153829 _____ C:\WINDOWS\wmsetup.log
2014-01-14 00:04 - 2009-05-17 14:36 - 00000000 ____D C:\Documents and Settings\All Users\Start Menu\Programs\Memeo AutoBackup
2014-01-13 23:57 - 2013-03-22 20:32 - 00417569 _____ C:\WINDOWS\system32\vsconfig.xml
2014-01-13 23:41 - 2003-04-23 21:09 - 00525770 _____ C:\WINDOWS\system32\PerfStringBackup.INI
2014-01-13 23:39 - 2014-01-13 23:39 - 00000000 ____D C:\Documents and Settings\All Users\Start Menu\Programs\Check Point
2014-01-13 23:39 - 2013-03-22 20:31 - 00000539 _____ C:\Documents and Settings\All Users\Desktop\ZoneAlarm Security.lnk
2014-01-12 14:58 - 2014-01-12 14:02 - 00000000 ____D C:\WINDOWS\erdnt
2014-01-12 14:49 - 1980-01-01 07:00 - 44040192 _____ C:\WINDOWS\system32\config\SOFTWARE.bak
2014-01-12 14:49 - 1980-01-01 07:00 - 10223616 _____ C:\WINDOWS\system32\config\SYSTEM.bak
2014-01-12 14:49 - 1980-01-01 07:00 - 01048576 _____ C:\WINDOWS\system32\config\DEFAULT.bak
2014-01-12 14:49 - 1980-01-01 07:00 - 00262144 _____ C:\WINDOWS\system32\config\SECURITY.bak
2014-01-12 14:49 - 1980-01-01 07:00 - 00262144 _____ C:\WINDOWS\system32\config\SAM.bak
2014-01-12 14:48 - 2014-01-12 14:48 - 00016384 ____H C:\WINDOWS\system32\config\DEFAULT.tmp.LOG
2014-01-12 14:48 - 2014-01-12 14:48 - 00008192 ____H C:\WINDOWS\system32\config\SECURITY.tmp.LOG
2014-01-12 14:48 - 2014-01-12 14:48 - 00000000 ____H C:\WINDOWS\system32\config\SYSTEM.tmp.LOG
2014-01-12 14:48 - 2014-01-12 14:48 - 00000000 ____H C:\WINDOWS\system32\config\SOFTWARE.tmp.LOG
2014-01-12 14:48 - 2014-01-12 14:48 - 00000000 ____H C:\WINDOWS\system32\config\SAM.tmp.LOG
2014-01-12 14:43 - 2013-07-07 11:54 - 00000000 ____D C:\Documents and Settings\Salon\Local Settings\Application Data\TuneUp
2014-01-12 14:43 - 2003-04-23 20:55 - 00000000 ____D C:\Documents and Settings\Administrator
2014-01-12 14:10 - 2014-01-12 14:10 - 00000000 _RSHD C:\cmdcons
2014-01-12 13:48 - 2014-01-12 13:48 - 00000000 ____D C:\Program Files\Common Files\Java
2014-01-12 13:46 - 2014-01-12 13:45 - 00005480 _____ C:\WINDOWS\system32\jupdate-1.7.0_45-b18.log
2014-01-12 13:46 - 2011-07-02 11:18 - 00000000 ____D C:\Program Files\Java
2014-01-12 13:45 - 2014-01-12 13:45 - 00000000 ____D C:\Documents and Settings\All Users\Start Menu\Programs\Java
2014-01-12 13:32 - 2012-11-16 20:17 - 00000000 __HDC C:\WINDOWS\$NtUninstallKB2691442$
2014-01-12 12:49 - 2014-01-12 12:49 - 00051416 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\mbamchameleon.sys
2014-01-10 16:39 - 2012-11-16 20:19 - 00000000 __HDC C:\WINDOWS\$NtUninstallKB2723135-v2$
2013-12-27 10:00 - 2011-08-23 17:49 - 00002497 _____ C:\Documents and Settings\Salon\Desktop\Microsoft Office Word 2003.lnk

Files to move or delete:
====================
C:\Documents and Settings\Salon\acrobat.exe
C:\Documents and Settings\Salon\acrobatreader.exe
C:\Documents and Settings\Salon\acrobatreader966842.exe
C:\Documents and Settings\Salon\flashplayer519949.exe
C:\Documents and Settings\Salon\googleupdate.exe
C:\Documents and Settings\Salon\jqs.exe
C:\Documents and Settings\Salon\notepad744623.exe
C:\Documents and Settings\Salon\opera.exe


==================== Bamital & volsnap Check =================

C:\Windows\explorer.exe => MD5 is legit
C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\System32\rpcss.dll
[2007-03-15 18:13] - [2008-04-14 05:42] - 0399360 ____A (Microsoft Corporation) 2589fe6015a316c0f5d5112b4da7b509

 ATTENTION ======> If the system is having audio adware rpcss.dll is patched. Google the MD5, if the MD5 is unique the file is infected.
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit

==================== End Of Log ============================



#15 RPMcMurphy

RPMcMurphy

    Bleeping *^#@%~


  • Malware Response Team
  • 3,970 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:02:33 AM

Posted 25 January 2014 - 03:57 PM

Please do this next:
 
icon11.gif   Open notepad. Please copy the contents of the code box below. To do this highlight the contents of the box and right click on it. Paste this into the open notepad. Save it in the same location as FRST (usually your desktop) as fixlist.txt 
Replace: C:\WINDOWS\SYSTEM32\DLLCACHE\rpcss.dll C:\WINDOWS\SYSTEM32\rpcss.dll
NOTICE: This script was written specifically for this user, for use on that particular machine. Running this on another machine may cause damage to your operating system
 
Now run FRST again.
  • When the tool opens click Yes to disclaimer.
  • Press the Fix button just once and wait.
  • The tool will make a log (Fixlog.txt) please post it to your reply.

  • Threads are closed after 5 days of inactivity.

    ASAP & UNITE Member


    The help you receive here is free. If you wish to show your appreciation, then you may btn_donate_SM.gif





    0 user(s) are reading this topic

    0 members, 0 guests, 0 anonymous users