Jump to content

Welcome to Geeks to Go - Register now for FREE

Geeks To Go is a helpful hub, where thousands of volunteer geeks quickly serve friendly answers and support. Check out the forums and get free advice from the experts. Register now to gain access to all of our features, it's FREE and only takes one minute. Once registered and logged in, you will be able to create topics, post replies to existing threads, give reputation to your fellow members, get your own private messenger, post status updates, manage your profile and so much more.

Create Account How it Works
Photo

Browser Redirect


  • This topic is locked This topic is locked

#1
gtzig

gtzig

    New Member

  • Member
  • Pip
  • 5 posts
Hi
I am a new member seeking help removing a redirect virus. My current symptoms are whenever I select an item from an internet search results page,the computer is rediredted to a bogus site. If I back up to the search results page and select the same item again I get sent to the correct page. I normally use IE8 with Google or Yahoo. I get the same redirect problems with Firefox.

I like fixing problems myself and hate to have to ask for help, but this one baffles me. Over the last several weeks I have downloaded and run many many programs (Hitman Pro, OTM, Combofix, Malwarebytes, GooredFix,TDSSKiller, etc) in addition to manual fix attempts and none of them touch the problem. I worked through the "How to fix Google Redirects" procedure on G2G - again no joy. I have a couple of strange sites(213.109.68.8 and 213.109 .75.92) that show up on my router status for a DNS Server. Have tried to disable them but who knows what is really going on.

My Sony laptop is part of a wireless home network with two other computers (one of which also has the rediredt virus) and a printer through a router. My computer runs XP and I have McAfee Antivirus Plus.

Please help!

Thanks

Gtzig

OTM Results
All processes killed
========== FILES ==========
< ipconfig /flushdns /c >
Windows IP Configuration
Could not flush the DNS Resolver Cache: Function failed during execution.
C:\Documents and Settings\Gary Zeigler\Desktop\cmd.bat deleted successfully.
C:\Documents and Settings\Gary Zeigler\Desktop\cmd.txt deleted successfully.
========== COMMANDS ==========
C:\WINDOWS\System32\drivers\etc\Hosts moved successfully.
HOSTS file reset successfully

[EMPTYTEMP]

User: Administrator
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes

User: All Users

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 0 bytes

User: Gary Zeigler
->Temp folder emptied: 2091381 bytes
->Temporary Internet Files folder emptied: 86370051 bytes
->Java cache emptied: 3342 bytes
->FireFox cache emptied: 0 bytes
->Flash cache emptied: 4892 bytes

User: LocalService
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 33170 bytes

User: NetworkService
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 33170 bytes
->Flash cache emptied: 0 bytes

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32\dllcache .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 32464 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temp folder emptied: 0 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temporary Internet Files folder emptied: 33170 bytes
RecycleBin emptied: 0 bytes

Total Files Cleaned = 84.00 mb

Restore point Set: OTM Restore Point (0)

OTM by OldTimer - Version 3.1.18.0 log created on 08052011_055207

Files moved on Reboot...

Registry entries deleted on Reboot...
  • 0

Advertisements


#2
Aaron

Aaron

    GeekU Mod

  • GeekU Moderator
  • 3,155 posts
Hi, welcome to Geeks to Go :) !
I'm Aaron and I will be helping you with your problem(s).

Before we start I need to mention a few things:
  • Please post all the requested logs directly in your reply, do not attach or put them in Quote/Code boxes unless asked to.
  • Try to reply every day please, I'll try to do the same. If this topic is inactive for 3 days, then it will be closed.
  • Note that removing malware is not instantaneous, I requires a specific process to be removed completely. Running antimalware removal tools I didn't ask for might slow this process down.
  • If you have any questions, don't hesitate to ask!

I have a couple of strange sites(213.109.68.8 and 213.109 .75.92) that show up on my router status for a DNS Server.

These don't look legit unless you live in Russia. If not we'll have to change this in the router, but we need to clear the infections (if any) on your computer too. This is how to reset your router:

! Safety precaution: backup your router configuration first - if you can't get your internet connection to work then you can use this backup again !

Next you must reset the router to its default configuration. This can be done by inserting something tiny like a paper clip end or pencil tip into a small hole labeled "reset" located on the back of the router. Press and hold down the small button inside until the lights on the front of the router blink off and then on again (usually about 10 seconds).
This will reset all setting - including your security settings so you also need to reconfigure these security settings you had in place prior to the reset. Download your router's manual first, this could help you.

Check out this site here for video tutorials on how to properly configure your router's encryption and security settings. You may also need to consult with your Internet service provider to find out which DNS servers your network should be using. Or use OpenDNS, I do. I suggest you take WPA2 encryption (if every computer can handle this) and change your SSID name - take a long password with characters, numbers and symbols as WPA2 code. Also it's very important to setup an administrator password on your router to prevent future changes by malware. This will be enough security for most user. Make a new backup from your router configuration now, it could help you if you ever have problems with your router again.

============ Step one ============

Please download OTL to your Desktop.

  • Double click on the icon to run it. Make sure all other windows and programs are closed to let it run uninterrupted.
  • Select All Users.
  • Under the Posted Image box at the bottom, paste in the following:

    netsvcs
    %SYSTEMDRIVE%\*.exe
    %USERPROFILE%\..|smtmp;true;true;true /FP
    /md5start
    explorer.exe
    winlogon.exe
    Userinit.exe
    svchost.exe
    /md5stop
    %systemroot%\*. /mp /s
    hklm\software\clients\startmenuinternet|command /rs
    hklm\software\clients\startmenuinternet|command /64 /rs
    CREATERESTOREPOINT

  • Click the Posted Image button. Do not change any settings unless otherwise told to do so. The scan wont take long.
  • When the scan completes, it will open two notepad windows: OTL.Txt and Extras.Txt. These are saved in the same location as OTL.
  • Please copy (Edit->Select All, Edit->Copy) the content of OTL.Txt and paste it in your next post. Do the same for Extras.Txt.

============ Step two ============

Download aswMBR.exe to your desktop.

1. Double click the aswMBR.exe to run it
2. Click the "Scan" button to start scan
Note: if you use Avast, please disable the automatic scan: put AV engine to None.
Posted Image

3. On completion of the scan click save log, save it to your desktop and post in your next reply
Posted Image

- Maser00
  • 0

#3
gtzig

gtzig

    New Member

  • Topic Starter
  • Member
  • Pip
  • 5 posts
Hi Aaron
Thanks for the response and agreeing to help.
I have had partial success. I reset the router and changed to router logon password. I have not yet been able to change the wireless security setup, however at least temporarily the redirects have stopped and the Russian DNS server id's have been replaced.
When I run the OTL software the Extras file does not show up - have not been able to figure out why. The OTL txt and the ASWmbr files follow.
Thanks again
Gary

OTL logfile created on: 8/6/2011 11:28:33 AM - Run 4
OTL by OldTimer - Version 3.2.26.1 Folder = C:\Documents and Settings\Gary Zeigler\Desktop
Windows XP Media Center Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

1014.11 Mb Total Physical Memory | 599.66 Mb Available Physical Memory | 59.13% Memory free
2.38 Gb Paging File | 1.85 Gb Available in Paging File | 77.78% Paging File free
Paging file location(s): C:\pagefile.sys 1524 3048 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 104.79 Gb Total Space | 86.27 Gb Free Space | 82.33% Space Free | Partition Type: NTFS

Computer Name: GARYLAPTOP | User Name: Gary Zeigler | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2011/08/06 11:26:27 | 000,579,584 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Gary Zeigler\Desktop\OTL.exe
PRC - [2011/07/01 15:01:18 | 000,151,552 | ---- | M] () -- C:\Program Files\Verizon\IHA_MessageCenter\Bin\Verizon_IHAMessageCenter.exe
PRC - [2011/06/28 07:01:30 | 001,195,408 | ---- | M] (McAfee, Inc.) -- C:\Program Files\McAfee.com\Agent\mcagent.exe
PRC - [2011/06/15 15:16:48 | 000,997,920 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft Security Client\msseces.exe
PRC - [2011/04/14 14:01:38 | 000,188,136 | ---- | M] (McAfee, Inc.) -- C:\Program Files\Common Files\Mcafee\SystemCore\mfefire.exe
PRC - [2011/04/14 14:01:38 | 000,171,168 | ---- | M] (McAfee, Inc.) -- C:\Program Files\Common Files\Mcafee\SystemCore\mcshield.exe
PRC - [2011/03/13 11:45:14 | 000,148,520 | ---- | M] (McAfee, Inc.) -- C:\WINDOWS\system32\mfevtps.exe
PRC - [2011/01/17 18:37:40 | 011,322,880 | ---- | M] (OpenOffice.org) -- C:\Program Files\OpenOffice.org 3\program\soffice.exe
PRC - [2011/01/17 18:37:40 | 011,314,688 | ---- | M] (OpenOffice.org) -- C:\Program Files\OpenOffice.org 3\program\soffice.bin
PRC - [2010/08/23 20:21:40 | 000,013,672 | ---- | M] (Intuit Inc.) -- C:\Program Files\Common Files\Intuit\Update Service\IntuitUpdateService.exe
PRC - [2010/07/13 01:34:46 | 000,906,648 | ---- | M] (Sony Corporation) -- C:\Program Files\Sony\Reader\Data\bin\launcher\Reader Library Launcher.exe
PRC - [2010/03/10 10:14:44 | 000,271,480 | ---- | M] (McAfee, Inc.) -- C:\Program Files\Common Files\Mcafee\McSvcHost\McSvHost.exe
PRC - [2008/11/09 16:48:14 | 000,602,392 | ---- | M] (Yahoo! Inc.) -- C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe
PRC - [2008/04/13 20:12:19 | 001,033,728 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
PRC - [2006/04/13 16:36:36 | 000,176,128 | ---- | M] (Sony Corporation) -- C:\Program Files\Sony\VAIO Event Service\VESMgr.exe
PRC - [2006/02/14 15:11:46 | 000,176,128 | ---- | M] (Sony Corporation) -- C:\Program Files\Sony\Wireless Switch Setting Utility\Switcher.exe
PRC - [2005/12/27 16:58:10 | 000,069,632 | ---- | M] (Sony Corporation) -- C:\Program Files\Sony\VAIO Camera Utility\VCUServe.exe
PRC - [2005/03/11 20:55:40 | 000,135,168 | ---- | M] (Sony Corporation) -- C:\Program Files\Common Files\Sony Shared\WMPlugIn\SonicStageMonitoring.exe
PRC - [2004/11/17 23:47:16 | 000,118,784 | ---- | M] (Alps Electric Co., Ltd.) -- C:\Program Files\Apoint\Apoint.exe
PRC - [2004/08/19 12:40:08 | 000,045,056 | ---- | M] (Alps Electric Co., Ltd.) -- C:\Program Files\Apoint\ApntEx.exe


========== Modules (SafeList) ==========

MOD - [2011/08/06 11:26:27 | 000,579,584 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Gary Zeigler\Desktop\OTL.exe
MOD - [2011/04/08 16:56:28 | 000,018,176 | ---- | M] (McAfee, Inc.) -- c:\Program Files\McAfee\SiteAdvisor\sahook.dll
MOD - [2010/08/23 12:12:02 | 001,054,208 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.6028_x-ww_61e65202\comctl32.dll


========== Win32 Services (SafeList) ==========

SRV - File not found [Disabled | Stopped] -- -- (HidServ)
SRV - [2011/07/01 15:01:18 | 000,151,552 | ---- | M] () [Auto | Running] -- C:\Program Files\Verizon\IHA_MessageCenter\Bin\Verizon_IHAMessageCenter.exe -- (IHA_MessageCenter)
SRV - [2011/04/27 15:39:26 | 000,011,736 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- c:\Program Files\Microsoft Security Client\Antimalware\MsMpEng.exe -- (MsMpSvc)
SRV - [2011/04/14 14:01:38 | 000,188,136 | ---- | M] (McAfee, Inc.) [Auto | Running] -- C:\Program Files\Common Files\McAfee\SystemCore\mfefire.exe -- (mfefire)
SRV - [2011/04/14 14:01:38 | 000,171,168 | ---- | M] () [Unknown | Running] -- C:\Program Files\Common Files\McAfee\SystemCore\\mcshield.exe -- (McShield)
SRV - [2011/03/13 11:45:14 | 000,148,520 | ---- | M] (McAfee, Inc.) [Unknown | Running] -- C:\WINDOWS\system32\mfevtps.exe -- (mfevtp)
SRV - [2010/10/07 20:34:28 | 000,364,216 | ---- | M] (McAfee, Inc.) [On_Demand | Stopped] -- C:\Program Files\McAfee\VirusScan\mcods.exe -- (McODS)
SRV - [2010/08/23 20:21:40 | 000,013,672 | ---- | M] (Intuit Inc.) [Auto | Running] -- C:\Program Files\Common Files\Intuit\Update Service\IntuitUpdateService.exe -- (IntuitUpdateService)
SRV - [2010/04/02 21:34:12 | 000,073,728 | ---- | M] (Sony Corporation) [On_Demand | Stopped] -- C:\Program Files\Common Files\Sony Shared\Fsk\SonySCSIHelperService.exe -- (Sony SCSI Helper Service)
SRV - [2010/03/10 10:14:44 | 000,271,480 | ---- | M] (McAfee, Inc.) [Auto | Running] -- C:\Program Files\Common Files\Mcafee\McSvcHost\McSvHost.exe -- (McProxy)
SRV - [2010/03/10 10:14:44 | 000,271,480 | ---- | M] (McAfee, Inc.) [Auto | Running] -- C:\Program Files\Common Files\Mcafee\McSvcHost\McSvHost.exe -- (McNASvc)
SRV - [2010/03/10 10:14:44 | 000,271,480 | ---- | M] (McAfee, Inc.) [Auto | Running] -- C:\Program Files\Common Files\Mcafee\McSvcHost\McSvHost.exe -- (McNaiAnn)
SRV - [2010/03/10 10:14:44 | 000,271,480 | ---- | M] (McAfee, Inc.) [Auto | Running] -- C:\Program Files\Common Files\Mcafee\McSvcHost\McSvHost.exe -- (mcmscsvc)
SRV - [2010/03/10 10:14:44 | 000,271,480 | ---- | M] (McAfee, Inc.) [Auto | Running] -- C:\Program Files\Common Files\Mcafee\McSvcHost\McSvHost.exe -- (McMPFSvc)
SRV - [2010/03/10 10:14:44 | 000,271,480 | ---- | M] (McAfee, Inc.) [Auto | Running] -- C:\Program Files\Common Files\Mcafee\McSvcHost\McSvHost.exe -- (McAfee SiteAdvisor Service)
SRV - [2008/11/09 16:48:14 | 000,602,392 | ---- | M] (Yahoo! Inc.) [Auto | Running] -- C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe -- (YahooAUService)
SRV - [2006/06/13 11:03:42 | 002,084,864 | ---- | M] (Sony Corporation) [On_Demand | Stopped] -- C:\Program Files\Sony\VAIO Media Integrated Server\VMISrv.exe -- (VAIOMediaPlatform-IntegratedServer-AppServer)
SRV - [2006/06/07 12:51:50 | 000,155,648 | ---- | M] (Sony Corporation) [On_Demand | Stopped] -- C:\Program Files\Sony\VAIO Media Integrated Server\Platform\VmGateway.exe -- (VAIOMediaPlatform-Mobile-Gateway)
SRV - [2006/05/18 13:22:26 | 000,770,048 | ---- | M] (Sony Corporation) [On_Demand | Stopped] -- C:\Program Files\Sony\VAIO Media Integrated Server\Platform\UPnPFramework.exe -- (VAIOMediaPlatform-IntegratedServer-UPnP) VAIO Media Integrated Server (UPnP)
SRV - [2006/05/18 13:22:26 | 000,057,344 | ---- | M] (Sony Corporation) [On_Demand | Stopped] -- C:\Program Files\Sony\VAIO Media Integrated Server\Platform\SV_Httpd.exe -- (VAIOMediaPlatform-IntegratedServer-HTTP) VAIO Media Integrated Server (HTTP)
SRV - [2006/05/08 07:24:54 | 000,069,632 | ---- | M] (Sony Corporation) [On_Demand | Stopped] -- C:\Program Files\Common Files\Sony Shared\AVLib\SSScsiSV.exe -- (SSScsiSV)
SRV - [2006/04/27 20:35:16 | 000,053,337 | ---- | M] (Sony Corporation) [On_Demand | Stopped] -- C:\Program Files\Common Files\Sony Shared\AVLib\MSCSPTISRV.exe -- (MSCSPTISRV)
SRV - [2006/04/27 20:27:06 | 000,049,241 | ---- | M] (Sony Corporation) [On_Demand | Stopped] -- C:\Program Files\Common Files\Sony Shared\AVLib\PACSPTISVR.exe -- (PACSPTISVR)
SRV - [2006/04/27 20:16:28 | 000,069,718 | ---- | M] (Sony Corporation) [On_Demand | Stopped] -- C:\Program Files\Common Files\Sony Shared\AVLib\SPTISRV.exe -- (SPTISRV)
SRV - [2006/04/13 16:36:36 | 000,176,128 | ---- | M] (Sony Corporation) [Auto | Running] -- C:\Program Files\Sony\VAIO Event Service\VESMgr.exe -- (VAIO Event Service)
SRV - [2006/04/04 17:55:18 | 000,274,432 | ---- | M] (Sony Corporation) [On_Demand | Stopped] -- C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VCSW\VCSW.exe -- (Vcsw)
SRV - [2005/11/28 16:38:44 | 000,135,168 | ---- | M] (Sony Corporation) [Disabled | Stopped] -- C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VzCdb\VzFw.exe -- (VzFw)
SRV - [2005/11/28 16:38:42 | 000,167,936 | ---- | M] (Sony Corporation) [Disabled | Stopped] -- C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VzCdb\VzCdbSvc.exe -- (VzCdbSvc)
SRV - [2005/11/25 16:08:54 | 000,073,728 | ---- | M] (Sony Corporation) [On_Demand | Stopped] -- C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VzCs\VzHardwareResourceManager\VzHardwareResourceManager.exe -- (VAIO Entertainment TV Device Arbitration Service)
SRV - [2005/07/14 22:10:16 | 000,032,768 | ---- | M] (Sony Corporation) [On_Demand | Stopped] -- C:\Program Files\Sony\Image Converter 2\IcVzMon.exe -- (Image Converter video recording monitor for VAIO Entertainment)
SRV - [2005/03/11 20:55:40 | 000,135,168 | ---- | M] (Sony Corporation) [Auto | Running] -- C:\Program Files\Common Files\Sony Shared\WMPlugIn\SonicStageMonitoring.exe -- (SonicStageMonitoring)
SRV - [2004/08/11 03:46:56 | 000,483,328 | ---- | M] (Microsoft Corporation) [Unknown | Stopped] -- c:\Program Files\Windows Media Connect\mswmccds.exe -- (WmcCds) Windows Media Connect (WMC)
SRV - [2004/08/11 00:50:42 | 000,028,160 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Windows Media Connect\mswmcls.exe -- (WmcCdsLs) Windows Media Connect (WMC)


========== Driver Services (SafeList) ==========

DRV - [2011/07/27 07:34:59 | 000,021,064 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\hitmanpro35.sys -- (hitmanpro35)
DRV - [2011/07/01 16:18:22 | 000,010,344 | ---- | M] (Symantec Corporation) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\symlcbrd.sys -- (symlcbrd)
DRV - [2011/04/14 14:01:38 | 000,314,088 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\mfefirek.sys -- (mfefirek)
DRV - [2011/04/14 14:01:38 | 000,153,280 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\mfeavfk.sys -- (mfeavfk)
DRV - [2011/04/14 14:01:38 | 000,088,736 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\mfendisk.sys -- (mfendiskmp)
DRV - [2011/04/14 14:01:38 | 000,088,736 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\mfendisk.sys -- (mfendisk)
DRV - [2011/04/14 14:01:38 | 000,084,488 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\mferkdet.sys -- (mferkdet)
DRV - [2011/04/14 14:01:38 | 000,084,200 | ---- | M] (McAfee, Inc.) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\mfetdi2k.sys -- (mfetdi2k)
DRV - [2011/04/14 14:01:38 | 000,056,064 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\cfwids.sys -- (cfwids)
DRV - [2011/04/14 14:01:38 | 000,052,320 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\mfebopk.sys -- (mfebopk)
DRV - [2011/03/13 11:20:10 | 000,459,728 | ---- | M] (McAfee, Inc.) [Kernel | Unknown | Running] -- C:\WINDOWS\system32\drivers\mfehidk.sys -- (mfehidk)
DRV - [2011/03/13 11:20:10 | 000,118,784 | ---- | M] (McAfee, Inc.) [Kernel | Unknown | Running] -- C:\WINDOWS\system32\drivers\mfeapfk.sys -- (mfeapfk)
DRV - [2006/05/26 10:59:12 | 001,177,032 | ---- | M] (SigmaTel, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\sthda.sys -- (STHDA)
DRV - [2006/03/06 22:39:00 | 000,030,080 | ---- | M] (Sony Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\SonyImgF.sys -- (SonyImgF)
DRV - [2006/02/21 22:32:32 | 000,226,304 | ---- | M] (Texas Instruments) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ti21sony.sys -- (ti21sony)
DRV - [2006/02/08 20:33:34 | 000,062,848 | ---- | M] (TOSHIBA Corporation.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\tosrfhid.sys -- (Tosrfhid)
DRV - [2006/02/03 02:16:08 | 000,108,928 | ---- | M] (TOSHIBA CORPORATION) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\tosrfbd.sys -- (Tosrfbd)
DRV - [2006/01/31 21:35:28 | 000,039,808 | ---- | M] (TOSHIBA CORPORATION) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\tosrfusb.sys -- (Tosrfusb)
DRV - [2005/12/29 22:42:00 | 000,234,496 | ---- | M] (Vimicro Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\usbvm321.sys -- (usbvm321)
DRV - [2005/12/14 20:07:24 | 000,037,632 | ---- | M] (TOSHIBA Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\tosrfbnp.sys -- (Tosrfbnp)
DRV - [2005/12/05 03:55:30 | 001,428,096 | ---- | M] (Intel® Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\w39n51.sys -- (w39n51) Intel®
DRV - [2005/11/28 15:09:26 | 000,013,568 | ---- | M] (Intel Corporation) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\s24trans.sys -- (s24trans)
DRV - [2005/11/24 16:37:36 | 000,047,104 | ---- | M] (TOSHIBA Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\tosporte.sys -- (tosporte)
DRV - [2005/11/11 18:09:52 | 000,052,864 | ---- | M] (TOSHIBA Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\tosrfsnd.sys -- (TosRfSnd) Bluetooth Audio Device (WDM)
DRV - [2005/10/18 20:53:24 | 000,998,656 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\HSF_DPV.sys -- (HSF_DPV)
DRV - [2005/10/18 20:52:34 | 000,202,112 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\HSFHWAZL.sys -- (HSFHWAZL)
DRV - [2005/10/18 20:52:30 | 000,721,280 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\HSF_CNXT.sys -- (winachsf)
DRV - [2005/09/21 13:04:56 | 000,067,456 | ---- | M] (Silicon Image, Inc.) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\SI3132.sys -- (SI3132)
DRV - [2005/09/20 19:18:20 | 000,005,248 | ---- | M] (Silicon Image, Inc.) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\SiRemFil.sys -- (SiRemFil)
DRV - [2005/08/01 19:45:08 | 000,064,896 | ---- | M] (TOSHIBA Corporation) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\tosrfcom.sys -- (Tosrfcom)
DRV - [2005/07/11 21:58:56 | 000,003,712 | ---- | M] (TOSHIBA Corporation.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\toshidpt.sys -- (toshidpt)
DRV - [2005/01/06 16:42:42 | 000,018,612 | ---- | M] (TOSHIBA Corporation.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\tosrfnds.sys -- (tosrfnds)
DRV - [2004/11/22 16:31:10 | 000,108,767 | ---- | M] (Alps Electric Co., Ltd.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\Apfiltr.sys -- (ApfiltrService)
DRV - [2004/11/01 16:21:32 | 000,010,368 | ---- | M] (Silicon Image, Inc.) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\SiWinAcc.sys -- (SiFilter)
DRV - [2002/06/28 21:21:40 | 000,017,251 | ---- | M] (Primax Electronics Ltd.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\PELMOUSE.SYS -- (pelmouse)
DRV - [2001/07/24 13:34:34 | 000,007,520 | ---- | M] (Primax Electronics Ltd.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\pelusblf.sys -- (pelusblf)
DRV - [2000/12/05 19:18:02 | 000,003,952 | ---- | M] (Sony Corporation) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\DMICall.sys -- (DMICall)
DRV - [2000/11/09 23:15:08 | 000,048,896 | ---- | M] (Sony Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\SonyNC.sys -- (SNC)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = [Binary data over 100 bytes]
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Secondary Start Pages = [Binary data over 100 bytes]
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://verizon.my.yahoo.com
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Search_URL =


IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyServer" = http=127.0.0.1:51111

IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyServer" = http=127.0.0.1:51111

IE - HKU\S-1-5-19\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.sony.com/vaiopeople

IE - HKU\S-1-5-20\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.sony.com/vaiopeople

IE - HKU\S-1-5-21-1311575983-3620465673-597036893-1005\SOFTWARE\Microsoft\Internet Explorer\Main,SearchDefaultBranded = 1
IE - HKU\S-1-5-21-1311575983-3620465673-597036893-1005\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://verizon.my.yahoo.com
IE - HKU\S-1-5-21-1311575983-3620465673-597036893-1005\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant =
IE - HKU\S-1-5-21-1311575983-3620465673-597036893-1005\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-21-1311575983-3620465673-597036893-1005\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyServer" = http=127.0.0.1:51111

========== FireFox ==========

FF - prefs.js..browser.startup.homepage: "http://mail.aol.com/33912-111/aol-1/en-us/Suite.aspx|http://www.cbssports.com/#!/nba/|http://www.weather.com/weather/today/Naples+FL+34120|http://www.weather.com/weather/today/King+Of+Prussia+PA+19406"
FF - prefs.js..extensions.enabledItems: {B7082FAA-CB62-4872-9106-E42DD88EDE45}:3.3.1
FF - prefs.js..extensions.enabledItems: [email protected]:1.0
FF - prefs.js..network.proxy.http: "127.0.0.1"
FF - prefs.js..network.proxy.http_port: 51111
FF - prefs.js..network.proxy.type: 0


FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\WINDOWS\system32\Macromed\Flash\NPSWF32.dll ()
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@mcafee.com/MVT: C:\Program Files\McAfee\Supportability\MVT\npmvtplugin.dll (McAfee, Inc.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@sony.com/eBookLibrary: C:\Program Files\Sony\Reader\Data\bin\npebldetectmoz.dll (Sony Corporation)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{B7082FAA-CB62-4872-9106-E42DD88EDE45}: C:\Program Files\McAfee\SiteAdvisor [2011/07/01 17:03:29 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 5.0\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2011/07/07 17:01:46 | 000,000,000 | ---D | M]

[2011/07/07 10:14:51 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Gary Zeigler\Application Data\Mozilla\Extensions
[2011/07/20 12:35:31 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Gary Zeigler\Application Data\Mozilla\Firefox\Profiles\z3pv479b.default\extensions
[2011/07/08 16:56:37 | 000,000,000 | ---D | M] (Yahoo! Toolbar) -- C:\Documents and Settings\Gary Zeigler\Application Data\Mozilla\Firefox\Profiles\z3pv479b.default\extensions\{635abd67-4fe9-1b23-4f01-e679fa7484c1}
[2011/07/15 08:04:38 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
[2011/07/15 08:04:39 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA}
File not found (No name found) --
() (No name found) -- C:\DOCUMENTS AND SETTINGS\GARY ZEIGLER\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\Z3PV479B.DEFAULT\EXTENSIONS\{73A6FE31-595D-460B-A920-FCC0F8843232}.XPI
[2011/07/02 15:33:16 | 000,000,000 | ---D | M] (Java Quick Starter) -- C:\PROGRAM FILES\JAVA\JRE6\LIB\DEPLOY\JQS\FF
[2011/06/16 00:17:34 | 000,142,296 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browsercomps.dll
[2011/04/14 14:01:38 | 000,024,376 | ---- | M] (McAfee, Inc.) -- C:\Program Files\mozilla firefox\components\Scriptff.dll
[2010/01/01 04:00:00 | 000,002,252 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\bing.xml

O1 HOSTS File: ([2011/08/05 05:52:23 | 000,000,098 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\Hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: ::1 localhost
O2 - BHO: (&Yahoo! Toolbar Helper) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll (Yahoo! Inc.)
O2 - BHO: (AOLSearchHook Class) - {54EB34EA-E6BE-4CFD-9F4F-C4A0C2EAFA22} - C:\Program Files\AOL\AOL Search Enhancement\AOLSearch.dll (America Online, Inc.)
O2 - BHO: (scriptproxy) - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - C:\Program Files\Common Files\Mcafee\SystemCore\ScriptSn.20110707170146.dll (McAfee, Inc.)
O2 - BHO: (McAfee SiteAdvisor BHO) - {B164E929-A1B6-4A06-B104-2CD0E90A88FF} - c:\Program Files\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)
O2 - BHO: (SingleInstance Class) - {FDAD4DA1-61A2-4FD8-9C17-86F7AC245081} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\YTSingleInstance.dll (Yahoo! Inc)
O3 - HKLM\..\Toolbar: (McAfee SiteAdvisor Toolbar) - {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\Program Files\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)
O3 - HKLM\..\Toolbar: (Verizon Yahoo! Toolbar) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll (Yahoo! Inc.)
O3 - HKU\S-1-5-21-1311575983-3620465673-597036893-1005\..\Toolbar\WebBrowser: (no name) - {0B53EAC3-8D69-4B9E-9B19-A37C9A5676A7} - No CLSID value found.
O3 - HKU\S-1-5-21-1311575983-3620465673-597036893-1005\..\Toolbar\WebBrowser: (no name) - {C4069E3A-68F1-403E-B40E-20066696354B} - No CLSID value found.
O4 - HKLM..\Run: [Apoint] C:\Program Files\Apoint\Apoint.exe (Alps Electric Co., Ltd.)
O4 - HKLM..\Run: [mcui_exe] C:\Program Files\McAfee.com\Agent\mcagent.exe (McAfee, Inc.)
O4 - HKLM..\Run: [MSC] c:\Program Files\Microsoft Security Client\msseces.exe (Microsoft Corporation)
O4 - HKLM..\Run: [NapsterShell] C:\Program Files\Napster\napster.exe (Napster)
O4 - HKLM..\Run: [NvCplDaemon] C:\WINDOWS\System32\NvCpl.dll (NVIDIA Corporation)
O4 - HKLM..\Run: [PartSeal] C:\WINDOWS\SONYSYS\VAIO Recovery\PartSeal.exe (Sony Electronics Inc)
O4 - HKLM..\Run: [Reader Library Launcher] C:\Program Files\Sony\Reader\Data\bin\launcher\Reader Library Launcher.exe (Sony Corporation)
O4 - HKLM..\Run: [Switcher.exe] C:\Program Files\Sony\Wireless Switch Setting Utility\Switcher.exe (Sony Corporation)
O4 - HKLM..\Run: [VAIOCameraUtility] C:\Program Files\Sony\VAIO Camera Utility\VCUServe.exe (Sony Corporation)
O4 - HKLM..\Run: [VAIOSurvey] c:\Program Files\Sony\VAIO Survey\SurveySA.exe (Sony Electronics)
O4 - Startup: C:\Documents and Settings\Gary Zeigler\Start Menu\Programs\Startup\OpenOffice.org 3.3.lnk = C:\Program Files\OpenOffice.org 3\program\quickstart.exe ()
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: InstallVisualStyle = C:\WINDOWS\Resources\Themes\Royale\Royale.msstyles (Microsoft)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: InstallTheme = C:\WINDOWS\Resources\Themes\Royale.theme ()
O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-21-1311575983-3620465673-597036893-1005\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-1311575983-3620465673-597036893-1005\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKU\S-1-5-21-1311575983-3620465673-597036893-1005\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKU\S-1-5-21-1311575983-3620465673-597036893-1005\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O15 - HKU\S-1-5-21-1311575983-3620465673-597036893-1005\..Trusted Domains: internet ([]about in Trusted sites)
O15 - HKU\S-1-5-21-1311575983-3620465673-597036893-1005\..Trusted Domains: intuit.com ([ttlc] https in Trusted sites)
O15 - HKU\S-1-5-21-1311575983-3620465673-597036893-1005\..Trusted Domains: mcafee.com ([]http in Trusted sites)
O15 - HKU\S-1-5-21-1311575983-3620465673-597036893-1005\..Trusted Domains: mcafee.com ([]https in Trusted sites)
O16 - DPF: {02CF1781-EA91-4FA5-A200-646E8241987C} http://esupport.sony.com/VaioInfo.CAB (VaioInfo.CMClass)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_26)
O16 - DPF: {CAFEEFAC-0015-0000-0007-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_26)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_26)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload2.m...ash/swflash.cab (Shockwave Flash Object)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.ad...Plus/1.6/gp.cab (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1 71.242.0.12
O18 - Protocol\Handler\dssrequest {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)
O18 - Protocol\Handler\sacore {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - Winlogon\Notify\VESWinlogon: DllName - VESWinlogon.dll - C:\WINDOWS\System32\VESWinlogon.dll (Sony Corporation)
O24 - Desktop WallPaper: C:\Documents and Settings\Gary Zeigler\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O24 - Desktop BackupWallPaper: C:\Documents and Settings\Gary Zeigler\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2006/07/24 13:45:48 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

NetSvcs: 6to4 - File not found
NetSvcs: HidServ - File not found
NetSvcs: Ias - File not found
NetSvcs: Iprip - File not found
NetSvcs: Irmon - File not found
NetSvcs: NWCWorkstation - File not found
NetSvcs: Nwsapagent - File not found
NetSvcs: WmdmPmSp - File not found

CREATERESTOREPOINT
Restore point Set: OTL Restore Point

========== Files/Folders - Created Within 30 Days ==========

[2011/08/06 11:18:55 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\McAfee
[2011/08/05 08:25:58 | 000,579,584 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Gary Zeigler\Desktop\OTL.exe
[2011/08/01 18:07:21 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Gary Zeigler\Desktop\GooredFix Backups
[2011/08/01 17:45:53 | 000,000,000 | ---D | C] -- C:\_OTM
[2011/08/01 17:36:16 | 000,071,398 | ---- | C] (jpshortstuff) -- C:\Documents and Settings\Gary Zeigler\Desktop\GooredFix.exe
[2011/08/01 17:32:23 | 000,522,752 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Gary Zeigler\Desktop\OTM.exe
[2011/07/31 08:29:54 | 000,356,352 | ---- | C] (eSellerate Inc.) -- C:\WINDOWS\eSellerateEngine.dll
[2011/07/31 08:29:54 | 000,081,920 | ---- | C] (eSellerate Inc.) -- C:\WINDOWS\eSellerateControl350.dll
[2011/07/31 08:29:54 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\DNSChanger Trojan Removal Tool [1]
[2011/07/31 08:29:50 | 000,000,000 | ---D | C] -- C:\Program Files\DNSChanger Trojan Removal Tool [1]
[2011/07/27 08:08:54 | 000,000,000 | -HSD | C] -- C:\RECYCLER
[2011/07/27 07:03:13 | 000,000,000 | ---D | C] -- C:\Program Files\Hitman Pro 3.5
[2011/07/27 07:01:52 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Hitman Pro
[2011/07/26 10:25:44 | 000,000,000 | RH-D | C] -- C:\Documents and Settings\Gary Zeigler\Recent
[2011/07/25 14:54:50 | 000,518,144 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWREG.exe
[2011/07/25 14:54:50 | 000,406,528 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWSC.exe
[2011/07/25 14:54:50 | 000,212,480 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWXCACLS.exe
[2011/07/25 14:54:50 | 000,060,416 | ---- | C] (NirSoft) -- C:\WINDOWS\NIRCMD.exe
[2011/07/25 14:54:34 | 000,000,000 | ---D | C] -- C:\Qoobox
[2011/07/25 14:50:22 | 004,154,451 | R--- | C] (Swearware) -- C:\Documents and Settings\Gary Zeigler\Desktop\ComboFix.exe
[2011/07/25 14:46:04 | 000,000,000 | ---D | C] -- C:\ComboFix1
[2011/07/25 14:43:30 | 000,000,000 | RHSD | C] -- C:\cmdcons
[2011/07/25 11:15:46 | 000,000,000 | ---D | C] -- C:\WINDOWS\ERDNT
[2011/07/23 09:21:54 | 000,000,000 | -HSD | C] -- C:\Documents and Settings\All Users\Documents\MCE Logs
[2011/07/22 08:56:18 | 004,199,768 | ---- | C] (Amyuni Technologies
http://www.amyuni.com) -- C:\WINDOWS\System32\cdintf400.dll
[2011/07/22 08:56:02 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Quicken 2011
[2011/07/20 07:33:38 | 000,000,000 | ---D | C] -- C:\Program Files\Verizon
[2011/07/18 19:13:30 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\RegCure
[2011/07/18 14:02:46 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Gary Zeigler\Application Data\McAfee
[2011/07/18 13:29:22 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\appmgmt
[2011/07/17 12:52:24 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Gary Zeigler\DoctorWeb
[2011/07/15 07:51:39 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Gary Zeigler\Start Menu\Programs\FixRedirectVirus
[2011/07/15 07:51:33 | 000,000,000 | ---D | C] -- C:\Program Files\FixRedirectVirus
[2011/07/15 05:53:43 | 000,000,000 | ---D | C] -- C:\Program Files\CCleaner
[2011/07/15 05:15:56 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Gary Zeigler\Application Data\Malwarebytes
[2011/07/15 05:15:42 | 000,041,272 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys
[2011/07/15 05:15:42 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Malwarebytes' Anti-Malware
[2011/07/15 05:15:40 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Malwarebytes
[2011/07/15 05:15:36 | 000,022,712 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
[2011/07/15 05:15:35 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2011/07/14 16:26:35 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Gary Zeigler\Start Menu\Programs\RegCure
[2011/07/14 16:26:28 | 000,000,000 | ---D | C] -- C:\Program Files\RegCure
[2011/07/14 16:26:28 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\RegCure
[2011/07/14 15:32:44 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft Security Client
[2011/07/14 10:56:42 | 000,116,224 | ---- | C] (Xerox) -- C:\WINDOWS\System32\dllcache\xrxwiadr.dll
[2011/07/14 10:56:38 | 000,023,040 | ---- | C] (Xerox Corporation) -- C:\WINDOWS\System32\dllcache\xrxwbtmp.dll
[2011/07/14 10:56:13 | 000,099,865 | ---- | C] (Eicon Technology) -- C:\WINDOWS\System32\dllcache\xlog.exe
[2011/07/14 10:56:08 | 000,016,970 | ---- | C] (US Robotics MCD (Megahertz)) -- C:\WINDOWS\System32\dllcache\xem336n5.sys
[2011/07/14 10:55:34 | 000,154,624 | ---- | C] (Lucent Technologies) -- C:\WINDOWS\System32\dllcache\wlluc48.sys
[2011/07/14 10:55:30 | 000,034,890 | ---- | C] (Raytheon Corp.) -- C:\WINDOWS\System32\dllcache\wlandrv2.sys
[2011/07/14 10:55:22 | 000,771,581 | ---- | C] (Rockwell) -- C:\WINDOWS\System32\dllcache\winacisa.sys
[2011/07/14 10:55:02 | 000,035,871 | ---- | C] (Winbond Electronics Corp.) -- C:\WINDOWS\System32\dllcache\wbfirdma.sys
[2011/07/14 10:54:50 | 000,016,925 | ---- | C] (Winbond Electronics Corporation) -- C:\WINDOWS\System32\dllcache\w940nd.sys
[2011/07/14 10:54:46 | 000,019,016 | ---- | C] (Winbond Electronics Corporation) -- C:\WINDOWS\System32\dllcache\w926nd.sys
[2011/07/14 10:54:42 | 000,019,528 | ---- | C] (Winbond Electronics Corporation) -- C:\WINDOWS\System32\dllcache\w840nd.sys
[2011/07/14 10:54:37 | 000,064,605 | ---- | C] (PCtel, Inc.) -- C:\WINDOWS\System32\dllcache\vvoice.sys
[2011/07/14 10:54:33 | 000,397,502 | ---- | C] (PCtel, Inc.) -- C:\WINDOWS\System32\dllcache\vpctcom.sys
[2011/07/14 10:54:28 | 000,604,253 | ---- | C] (PCTEL, INC.) -- C:\WINDOWS\System32\dllcache\vmodem.sys
[2011/07/14 10:54:24 | 000,249,402 | ---- | C] (Xircom) -- C:\WINDOWS\System32\dllcache\vinwm.sys
[2011/07/14 10:54:09 | 000,765,884 | ---- | C] (U.S. Robotics, Inc.) -- C:\WINDOWS\System32\dllcache\usrti.sys
[2011/07/14 10:53:53 | 000,794,399 | ---- | C] (U.S. Robotics, Inc.) -- C:\WINDOWS\System32\dllcache\usr1806v.sys
[2011/07/14 10:53:49 | 000,793,598 | ---- | C] (U.S. Robotics, Inc.) -- C:\WINDOWS\System32\dllcache\usr1806.sys
[2011/07/14 10:53:45 | 000,794,654 | ---- | C] (U.S. Robotics, Inc.) -- C:\WINDOWS\System32\dllcache\usr1801.sys
[2011/07/14 10:53:39 | 000,032,384 | ---- | C] (KLSI USA, Inc.) -- C:\WINDOWS\System32\dllcache\usb101et.sys
[2011/07/14 10:53:20 | 000,050,688 | ---- | C] (UMAX DATA SYSTEMS INC.) -- C:\WINDOWS\System32\dllcache\umaxscan.dll
[2011/07/14 10:53:05 | 000,211,968 | ---- | C] (UMAX Data Systems Inc.) -- C:\WINDOWS\System32\dllcache\um54scan.dll
[2011/07/14 10:53:01 | 000,216,064 | ---- | C] (UMAX Data Systems Inc.) -- C:\WINDOWS\System32\dllcache\um34scan.dll
[2011/07/14 10:52:47 | 000,166,784 | ---- | C] (Trident Microsystems Inc.) -- C:\WINDOWS\System32\dllcache\tridxpm.sys
[2011/07/14 10:52:44 | 000,525,568 | ---- | C] (Trident Microsystems Inc.) -- C:\WINDOWS\System32\dllcache\tridxp.dll
[2011/07/14 10:52:40 | 000,159,232 | ---- | C] (Trident Microsystems Inc.) -- C:\WINDOWS\System32\dllcache\tridkbm.sys
[2011/07/14 10:52:36 | 000,440,576 | ---- | C] (Trident Microsystems Inc.) -- C:\WINDOWS\System32\dllcache\tridkb.dll
[2011/07/14 10:52:33 | 000,222,336 | ---- | C] (Trident Microsystems Inc.) -- C:\WINDOWS\System32\dllcache\trid3dm.sys
[2011/07/14 10:52:29 | 000,315,520 | ---- | C] (Trident Microsystems Inc.) -- C:\WINDOWS\System32\dllcache\trid3d.dll
[2011/07/14 10:51:57 | 000,123,995 | ---- | C] (Tiger Jet Network) -- C:\WINDOWS\System32\dllcache\tjisdn.sys
[2011/07/14 10:51:52 | 000,138,528 | ---- | C] (Trident Microsystems Inc.) -- C:\WINDOWS\System32\dllcache\tgiulnt5.sys
[2011/07/14 10:51:49 | 000,081,408 | ---- | C] (Trident Microsystems Inc.) -- C:\WINDOWS\System32\dllcache\tgiul50.dll
[2011/07/14 10:51:48 | 000,149,376 | ---- | C] (M-Systems) -- C:\WINDOWS\System32\dllcache\tffsport.sys
[2011/07/14 10:51:43 | 000,017,129 | ---- | C] (TDK Corporation) -- C:\WINDOWS\System32\dllcache\tdkcd31.sys
[2011/07/14 10:51:40 | 000,037,961 | ---- | C] (TDK Corporation) -- C:\WINDOWS\System32\dllcache\tdk100b.sys
[2011/07/14 10:51:28 | 000,036,640 | ---- | C] (Number Nine Visual Technology Corp.) -- C:\WINDOWS\System32\dllcache\t2r4mini.sys
[2011/07/14 10:51:24 | 000,172,768 | ---- | C] (Number Nine Visual Technology) -- C:\WINDOWS\System32\dllcache\t2r4disp.dll
[2011/07/14 10:50:41 | 000,155,648 | ---- | C] (Stallion Technologies) -- C:\WINDOWS\System32\dllcache\stlnprop.dll
[2011/07/14 10:50:37 | 000,053,248 | ---- | C] (Stallion Technologies) -- C:\WINDOWS\System32\dllcache\stlncoin.dll
[2011/07/14 10:50:34 | 000,285,760 | ---- | C] (Stallion Technologies) -- C:\WINDOWS\System32\dllcache\stlnata.sys
[2011/07/14 10:50:30 | 000,016,896 | ---- | C] (SCM Microsystems, Inc.) -- C:\WINDOWS\System32\dllcache\stcusb.sys
[2011/07/14 10:50:25 | 000,048,736 | ---- | C] (3Com) -- C:\WINDOWS\System32\dllcache\srwlnd5.sys
[2011/07/14 10:50:05 | 000,019,072 | ---- | C] (Adaptec, Inc.) -- C:\WINDOWS\System32\dllcache\sparrow.sys
[2011/07/14 10:49:38 | 000,058,368 | ---- | C] (Silicon Motion Inc.) -- C:\WINDOWS\System32\dllcache\smiminib.sys
[2011/07/14 10:49:34 | 000,147,200 | ---- | C] (Silicon Motion Inc.) -- C:\WINDOWS\System32\dllcache\smidispb.dll
[2011/07/14 10:49:31 | 000,025,034 | ---- | C] (SMC Networks, Inc.) -- C:\WINDOWS\System32\dllcache\smcpwr2n.sys
[2011/07/14 10:49:27 | 000,035,913 | ---- | C] (SMC) -- C:\WINDOWS\System32\dllcache\smcirda.sys
[2011/07/14 10:49:24 | 000,024,576 | ---- | C] (SMC Networks, Inc.) -- C:\WINDOWS\System32\dllcache\smc8000n.sys
[2011/07/14 10:49:00 | 000,063,547 | ---- | C] (Symbol Technologies) -- C:\WINDOWS\System32\dllcache\sla30nd5.sys
[2011/07/14 10:48:57 | 000,091,294 | ---- | C] (SysKonnect, a business unit of Schneider & Koch & Co. Datensysteme GmbH.) -- C:\WINDOWS\System32\dllcache\skfpwin.sys
[2011/07/14 10:48:53 | 000,094,698 | ---- | C] (SysKonnect GmbH.) -- C:\WINDOWS\System32\dllcache\sk98xwin.sys
[2011/07/14 10:48:46 | 000,032,768 | ---- | C] (SiS Corporation) -- C:\WINDOWS\System32\dllcache\sisnic.sys
[2011/07/14 10:48:18 | 000,161,568 | ---- | C] (Micro Systemation) -- C:\WINDOWS\System32\dllcache\sgsmusb.sys
[2011/07/14 10:48:15 | 000,018,400 | ---- | C] (Micro Systemation) -- C:\WINDOWS\System32\dllcache\sgsmld.sys
[2011/07/14 10:48:12 | 000,098,080 | ---- | C] (Trident Microsystems Inc.) -- C:\WINDOWS\System32\dllcache\sgiulnt5.sys
[2011/07/14 10:48:08 | 000,386,560 | ---- | C] (Trident Microsystems Inc.) -- C:\WINDOWS\System32\dllcache\sgiul50.dll
[2011/07/14 10:47:47 | 000,017,280 | ---- | C] (SCM Microsystems) -- C:\WINDOWS\System32\dllcache\scr111.sys
[2011/07/14 10:47:41 | 000,023,936 | ---- | C] (OMNIKEY AG) -- C:\WINDOWS\System32\dllcache\sccmusbm.sys
[2011/07/14 10:47:37 | 000,023,936 | ---- | C] (OMNIKEY AG) -- C:\WINDOWS\System32\dllcache\sccmn50m.sys
[2011/07/14 10:47:21 | 000,077,824 | ---- | C] (S3 Incorporated) -- C:\WINDOWS\System32\dllcache\s3sav4m.sys
[2011/07/14 10:47:18 | 000,198,400 | ---- | C] (S3 Incorporated) -- C:\WINDOWS\System32\dllcache\s3sav4.dll
[2011/07/14 10:47:15 | 000,061,504 | ---- | C] (S3 Incorporated) -- C:\WINDOWS\System32\dllcache\s3sav3dm.sys
[2011/07/14 10:47:12 | 000,179,264 | ---- | C] (S3 Incorporated) -- C:\WINDOWS\System32\dllcache\s3sav3d.dll
[2011/07/14 10:47:08 | 000,210,496 | ---- | C] (S3 Incorporated) -- C:\WINDOWS\System32\dllcache\s3mvirge.dll
[2011/07/14 10:47:05 | 000,062,496 | ---- | C] (S3 Incorporated) -- C:\WINDOWS\System32\dllcache\s3mtrio.dll
[2011/07/14 10:47:02 | 000,041,216 | ---- | C] (S3 Incorporated) -- C:\WINDOWS\System32\dllcache\s3mt3d.sys
[2011/07/14 10:46:58 | 000,182,272 | ---- | C] (S3 Incorporated) -- C:\WINDOWS\System32\dllcache\s3mt3d.dll
[2011/07/14 10:46:55 | 000,166,720 | ---- | C] (S3 Incorporated) -- C:\WINDOWS\System32\dllcache\s3m.sys
[2011/07/14 10:46:48 | 000,082,432 | ---- | C] (Ricoh Co., Ltd.) -- C:\WINDOWS\System32\dllcache\rwia450.dll
[2011/07/14 10:46:45 | 000,079,872 | ---- | C] (Ricoh Co., Ltd.) -- C:\WINDOWS\System32\dllcache\rwia430.dll
[2011/07/14 10:46:45 | 000,079,872 | ---- | C] (Ricoh Co., Ltd.) -- C:\WINDOWS\System32\dllcache\rwia330.dll
[2011/07/14 10:46:45 | 000,079,872 | ---- | C] (Ricoh Co., Ltd.) -- C:\WINDOWS\System32\dllcache\rwia001.dll
[2011/07/14 10:46:44 | 000,029,696 | ---- | C] (Ricoh Co., Ltd.) -- C:\WINDOWS\System32\dllcache\rw450ext.dll
[2011/07/14 10:46:43 | 000,027,648 | ---- | C] (Ricoh Co., Ltd.) -- C:\WINDOWS\System32\dllcache\rw430ext.dll
[2011/07/14 10:46:31 | 000,009,216 | ---- | C] (Brother Industries, Ltd.) -- C:\WINDOWS\System32\dllcache\rsmgrstr.dll
[2011/07/14 10:46:25 | 000,079,104 | ---- | C] (Comtrol Corporation) -- C:\WINDOWS\System32\dllcache\rocket.sys
[2011/07/14 10:46:21 | 000,037,563 | ---- | C] (RadioLAN) -- C:\WINDOWS\System32\dllcache\rlnet5.sys
[2011/07/14 10:46:18 | 000,086,097 | ---- | C] (Xircom) -- C:\WINDOWS\System32\dllcache\reslog32.dll
[2011/07/14 10:46:06 | 000,714,762 | ---- | C] (Xircom, Inc.) -- C:\WINDOWS\System32\dllcache\r2mdmkxx.sys
[2011/07/14 10:46:03 | 000,899,146 | ---- | C] (Xircom, Inc.) -- C:\WINDOWS\System32\dllcache\r2mdkxga.sys
[2011/07/14 10:45:34 | 000,130,942 | ---- | C] (PCTEL, INC.) -- C:\WINDOWS\System32\dllcache\ptserlv.sys
[2011/07/14 10:45:30 | 000,112,574 | ---- | C] (PCTEL, INC.) -- C:\WINDOWS\System32\dllcache\ptserlp.sys
[2011/07/14 10:45:27 | 000,128,286 | ---- | C] (PCTEL, INC.) -- C:\WINDOWS\System32\dllcache\ptserli.sys
[2011/07/14 10:45:16 | 000,016,128 | ---- | C] (SCM Microsystems, Inc.) -- C:\WINDOWS\System32\dllcache\pscr.sys
[2011/07/14 10:44:26 | 000,086,016 | ---- | C] (PCtel, Inc.) -- C:\WINDOWS\System32\dllcache\pctspk.exe
[2011/07/14 10:44:14 | 000,026,153 | ---- | C] (Linksys) -- C:\WINDOWS\System32\dllcache\pcmlm56.sys
[2011/07/14 10:44:13 | 000,029,502 | ---- | C] (Marconi Communications, Inc.) -- C:\WINDOWS\System32\dllcache\pca200e.sys
[2011/07/14 10:44:10 | 000,030,495 | ---- | C] (Linksys) -- C:\WINDOWS\System32\dllcache\pc100nds.sys
[2011/07/14 10:43:30 | 000,054,186 | ---- | C] (Ositech Communications, Inc.) -- C:\WINDOWS\System32\dllcache\otcsercb.sys
[2011/07/14 10:43:27 | 000,043,689 | ---- | C] (Ositech Communications, Inc.) -- C:\WINDOWS\System32\dllcache\otceth5.sys
[2011/07/14 10:43:24 | 000,027,209 | ---- | C] (Ositech Communications, Inc.) -- C:\WINDOWS\System32\dllcache\otc06x5.sys
[2011/07/14 10:43:21 | 000,054,528 | ---- | C] (Yamaha Corp.) -- C:\WINDOWS\System32\dllcache\opl3sax.sys
[2011/07/14 10:43:02 | 000,051,552 | ---- | C] (Kensington Technology Group) -- C:\WINDOWS\System32\dllcache\ntgrip.sys
[2011/07/14 10:30:29 | 000,087,040 | ---- | C] (NeoMagic Corporation) -- C:\WINDOWS\System32\dllcache\nm6wdm.sys
[2011/07/14 10:30:26 | 000,126,080 | ---- | C] (NeoMagic Corporation) -- C:\WINDOWS\System32\dllcache\nm5a2wdm.sys
[2011/07/14 10:30:21 | 000,132,695 | ---- | C] (802.11b) -- C:\WINDOWS\System32\dllcache\netwlan5.sys
[2011/07/14 10:30:13 | 000,039,264 | ---- | C] (NeoMagic Corporation) -- C:\WINDOWS\System32\dllcache\neo20xx.sys
[2011/07/14 10:30:10 | 000,060,480 | ---- | C] (NeoMagic Corporation) -- C:\WINDOWS\System32\dllcache\neo20xx.dll
[2011/07/14 10:30:02 | 000,091,488 | ---- | C] (Number Nine Visual Technology Corp.) -- C:\WINDOWS\System32\dllcache\n9i3disp.dll
[2011/07/14 10:29:59 | 000,027,936 | ---- | C] (Number Nine Visual Technology Corp.) -- C:\WINDOWS\System32\dllcache\n9i3d.sys
[2011/07/14 10:29:56 | 000,033,088 | ---- | C] (Number Nine Visual Technology Corp.) -- C:\WINDOWS\System32\dllcache\n9i128v2.sys
[2011/07/14 10:29:53 | 000,059,104 | ---- | C] (Number Nine Visual Technology Corp.) -- C:\WINDOWS\System32\dllcache\n9i128v2.dll
[2011/07/14 10:29:51 | 000,013,664 | ---- | C] (Number Nine Visual Technology Corp.) -- C:\WINDOWS\System32\dllcache\n9i128.sys
[2011/07/14 10:29:48 | 000,035,392 | ---- | C] (Number Nine Visual Technology Corp.) -- C:\WINDOWS\System32\dllcache\n9i128.dll
[2011/07/14 10:29:39 | 000,075,520 | ---- | C] (Moxa Technologies Co., Ltd.) -- C:\WINDOWS\System32\dllcache\mxport.sys
[2011/07/14 10:29:36 | 000,007,168 | ---- | C] (Moxa Technologies Co., Ltd) -- C:\WINDOWS\System32\dllcache\mxport.dll
[2011/07/14 10:29:33 | 000,019,968 | ---- | C] (Macronix International Co., Ltd. ) -- C:\WINDOWS\System32\dllcache\mxnic.sys
[2011/07/14 10:29:30 | 000,019,968 | ---- | C] (Moxa Technologies Co., Ltd) -- C:\WINDOWS\System32\dllcache\mxicfg.dll
[2011/07/14 10:29:27 | 000,021,888 | ---- | C] (Moxa Technologies Co., Ltd.) -- C:\WINDOWS\System32\dllcache\mxcard.sys
[2011/07/14 10:28:39 | 000,017,280 | ---- | C] (American Megatrends Inc.) -- C:\WINDOWS\System32\dllcache\mraid35x.sys
[2011/07/14 10:27:55 | 000,164,586 | ---- | C] (Madge Networks Ltd) -- C:\WINDOWS\System32\dllcache\mdgndis5.sys
[2011/07/14 10:27:36 | 000,797,500 | ---- | C] (LT) -- C:\WINDOWS\System32\dllcache\ltsmt.sys
[2011/07/14 10:27:33 | 000,802,683 | ---- | C] (Lucent Technologies) -- C:\WINDOWS\System32\dllcache\ltsm.sys
[2011/07/14 10:27:32 | 000,420,992 | ---- | C] (LT) -- C:\WINDOWS\System32\dllcache\ltmdmntt.sys
[2011/07/14 10:27:29 | 000,576,746 | ---- | C] (LT) -- C:\WINDOWS\System32\dllcache\ltmdmntl.sys
[2011/07/14 10:27:28 | 000,606,684 | ---- | C] (LT) -- C:\WINDOWS\System32\dllcache\ltmdmnt.sys
[2011/07/14 10:27:26 | 000,727,786 | ---- | C] (Xircom, Inc.) -- C:\WINDOWS\System32\dllcache\ltck000c.sys
[2011/07/14 10:27:18 | 000,070,730 | ---- | C] (Linksys Group, Inc.) -- C:\WINDOWS\System32\dllcache\lne100tx.sys
[2011/07/14 10:27:15 | 000,020,573 | ---- | C] (The Linksts Group ) -- C:\WINDOWS\System32\dllcache\lne100.sys
[2011/07/14 10:27:12 | 000,025,065 | ---- | C] (D-Link) -- C:\WINDOWS\System32\dllcache\lmndis3.sys
[2011/07/14 10:27:09 | 000,015,744 | ---- | C] (Litronic Industries) -- C:\WINDOWS\System32\dllcache\lit220p.sys
[2011/07/14 10:27:06 | 000,026,442 | ---- | C] (SMSC) -- C:\WINDOWS\System32\dllcache\lanepic5.sys
[2011/07/14 10:27:03 | 000,019,016 | ---- | C] (Kingston Technology Company ) -- C:\WINDOWS\System32\dllcache\ktc111.sys
[2011/07/14 10:26:18 | 000,023,552 | ---- | C] (MKNet Corporation) -- C:\WINDOWS\System32\dllcache\irmk7.sys
[2011/07/14 10:25:42 | 000,372,824 | ---- | C] (Xircom) -- C:\WINDOWS\System32\dllcache\iconf32.dll
[2011/07/14 10:24:03 | 000,068,608 | ---- | C] (Avisioin) -- C:\WINDOWS\System32\dllcache\hpgt53tk.dll
[2011/07/14 10:23:52 | 000,126,976 | ---- | C] (Hewlett Packard) -- C:\WINDOWS\System32\dllcache\hpgt34tk.dll
[2011/07/14 10:23:26 | 000,028,288 | ---- | C] (Gemplus) -- C:\WINDOWS\System32\dllcache\grserial.sys
[2011/07/14 10:23:24 | 000,082,304 | ---- | C] (Gemplus) -- C:\WINDOWS\System32\dllcache\grclass.sys
[2011/07/14 10:23:21 | 000,017,408 | ---- | C] (Gemplus) -- C:\WINDOWS\System32\dllcache\gpr400.sys
[2011/07/14 10:23:09 | 000,454,912 | ---- | C] (AVM GmbH) -- C:\WINDOWS\System32\dllcache\fxusbase.sys
[2011/07/14 10:22:58 | 000,455,296 | ---- | C] (AVM GmbH) -- C:\WINDOWS\System32\dllcache\fusbbase.sys
[2011/07/14 10:22:56 | 000,455,680 | ---- | C] (AVM GmbH) -- C:\WINDOWS\System32\dllcache\fus2base.sys
[2011/07/14 10:22:53 | 000,442,240 | ---- | C] (AVM GmbH) -- C:\WINDOWS\System32\dllcache\fpnpbase.sys
[2011/07/14 10:22:50 | 000,441,728 | ---- | C] (AVM GmbH) -- C:\WINDOWS\System32\dllcache\fpcmbase.sys
[2011/07/14 10:22:48 | 000,444,416 | ---- | C] (AVM GmbH) -- C:\WINDOWS\System32\dllcache\fpcibase.sys
[2011/07/14 10:22:47 | 000,034,173 | ---- | C] (Marconi Communications, Inc.) -- C:\WINDOWS\System32\dllcache\forehe.sys
[2011/07/14 10:22:33 | 000,024,618 | ---- | C] (NETGEAR) -- C:\WINDOWS\System32\dllcache\fa410nd5.sys
[2011/07/14 10:22:28 | 000,011,850 | ---- | C] (FUJITSU LIMITED) -- C:\WINDOWS\System32\dllcache\f3ab18xj.sys
[2011/07/14 10:22:26 | 000,012,362 | ---- | C] (FUJITSU LIMITED) -- C:\WINDOWS\System32\dllcache\f3ab18xi.sys
[2011/07/14 10:21:03 | 000,334,208 | ---- | C] (Yamaha Corp.) -- C:\WINDOWS\System32\dllcache\ds1wdm.sys
[2011/07/14 10:20:59 | 000,028,062 | ---- | C] (National Semiconductor Coproration) -- C:\WINDOWS\System32\dllcache\dp83820.sys
[2011/07/14 10:20:51 | 000,029,696 | ---- | C] (CNet Technology, Inc. ) -- C:\WINDOWS\System32\dllcache\dm9pci5.sys
[2011/07/14 10:20:49 | 000,026,698 | ---- | C] (D-Link Corporation) -- C:\WINDOWS\System32\dllcache\dlh5xnd5.sys
[2011/07/14 10:20:48 | 000,952,007 | ---- | C] (Eicon Technology) -- C:\WINDOWS\System32\dllcache\diwan.sys
[2011/07/14 10:20:43 | 000,236,060 | ---- | C] (Eicon Technology) -- C:\WINDOWS\System32\dllcache\ditrace.exe
[2011/07/14 10:20:42 | 000,038,985 | ---- | C] (Eicon Technology) -- C:\WINDOWS\System32\dllcache\disrvsu.dll
[2011/07/14 10:20:40 | 000,031,305 | ---- | C] (Eicon Technology) -- C:\WINDOWS\System32\dllcache\disrvpp.dll
[2011/07/14 10:20:39 | 000,006,729 | ---- | C] (Eicon Technology) -- C:\WINDOWS\System32\dllcache\disrvci.dll
[2011/07/14 10:20:37 | 000,091,305 | ---- | C] (Eicon Technology) -- C:\WINDOWS\System32\dllcache\dimaint.sys
[2011/07/14 10:20:16 | 000,024,649 | ---- | C] (D-Link) -- C:\WINDOWS\System32\dllcache\dfe650d.sys
[2011/07/14 10:20:15 | 000,024,648 | ---- | C] (D-Link) -- C:\WINDOWS\System32\dllcache\dfe650.sys
[2011/07/14 10:20:11 | 000,020,928 | ---- | C] (Digital Networks, LLC) -- C:\WINDOWS\System32\dllcache\defpa.sys
[2011/07/14 10:19:48 | 000,048,640 | ---- | C] (Crystal Semiconductor Corp.) -- C:\WINDOWS\System32\dllcache\cwrwdm.sys
[2011/07/14 10:19:47 | 000,093,952 | ---- | C] (Crystal Semiconductor Corp.) -- C:\WINDOWS\System32\dllcache\cwcwdm.sys
[2011/07/14 10:19:46 | 000,111,872 | ---- | C] (Crystal Semiconductor Corp.) -- C:\WINDOWS\System32\dllcache\cwcspud.sys
[2011/07/14 10:19:44 | 000,003,584 | ---- | C] (Crystal Semiconductor Corp.) -- C:\WINDOWS\System32\dllcache\cwcosnt5.sys
[2011/07/14 10:19:43 | 000,072,832 | ---- | C] (Crystal Semiconductor Corp.) -- C:\WINDOWS\System32\dllcache\cwbwdm.sys
[2011/07/14 10:19:42 | 000,003,072 | ---- | C] (Crystal Semiconductor Corp.) -- C:\WINDOWS\System32\dllcache\cwbmidi.sys
[2011/07/14 10:19:41 | 000,003,072 | ---- | C] (Crystal Semiconductor Corp.) -- C:\WINDOWS\System32\dllcache\cwbase.sys
[2011/07/14 10:19:39 | 000,249,856 | ---- | C] (Comtrol® Corporation) -- C:\WINDOWS\System32\dllcache\ctmasetp.dll
[2011/07/14 10:19:31 | 000,216,064 | ---- | C] (COMPAQ Inc.) -- C:\WINDOWS\System32\dllcache\cpscan.dll
[2011/07/14 10:19:19 | 000,020,736 | ---- | C] (OMNIKEY AG) -- C:\WINDOWS\System32\dllcache\cmbp0wdm.sys
[2011/07/14 10:19:12 | 000,980,034 | ---- | C] (Xircom) -- C:\WINDOWS\System32\dllcache\cicap.sys
[2011/07/14 10:19:07 | 000,049,182 | ---- | C] (Xircom, Inc.) -- C:\WINDOWS\System32\dllcache\cem56n5.sys
[2011/07/14 10:19:06 | 000,022,044 | ---- | C] (Xircom, Inc.) -- C:\WINDOWS\System32\dllcache\cem33n5.sys
[2011/07/14 10:19:05 | 000,027,164 | ---- | C] (Xircom, Inc.) -- C:\WINDOWS\System32\dllcache\ce3n5.sys
[2011/07/14 10:19:05 | 000,022,044 | ---- | C] (Xircom, Inc.) -- C:\WINDOWS\System32\dllcache\cem28n5.sys
[2011/07/14 10:19:04 | 000,021,530 | ---- | C] (Xircom, Inc.) -- C:\WINDOWS\System32\dllcache\ce2n5.sys
[2011/07/14 10:19:01 | 000,714,698 | ---- | C] (Xircom, Inc.) -- C:\WINDOWS\System32\dllcache\cbmdmkxx.sys
[2011/07/14 10:19:00 | 000,046,108 | ---- | C] (Xircom, Inc.) -- C:\WINDOWS\System32\dllcache\cben5.sys
[2011/07/14 10:18:59 | 000,039,680 | ---- | C] (Silicom Ltd.) -- C:\WINDOWS\System32\dllcache\cb325.sys
[2011/07/14 10:18:58 | 000,037,916 | ---- | C] (Fast Ethernet Controller Provider) -- C:\WINDOWS\System32\dllcache\cb102.sys
[2011/07/14 10:18:57 | 000,032,256 | ---- | C] (Eicon Technology Corporation) -- C:\WINDOWS\System32\dllcache\diapi2NT.dll
[2011/07/14 10:18:55 | 000,164,923 | ---- | C] (Eicon Technology) -- C:\WINDOWS\System32\dllcache\diapi2.sys
[2011/07/14 10:18:55 | 000,054,528 | ---- | C] (Philips Semiconductors GmbH) -- C:\WINDOWS\System32\dllcache\cap7146.sys
[2011/07/14 10:18:26 | 000,031,529 | ---- | C] (BreezeCOM) -- C:\WINDOWS\System32\dllcache\brzwlan.sys
[2011/07/14 10:18:25 | 000,011,008 | ---- | C] (Brother Industries Ltd.) -- C:\WINDOWS\System32\dllcache\brusbmdm.sys
[2011/07/14 10:18:25 | 000,010,368 | ---- | C] (Brother Industries Ltd.) -- C:\WINDOWS\System32\dllcache\brusbscn.sys
[2011/07/14 10:18:24 | 000,060,416 | ---- | C] (Brother Industries Ltd.) -- C:\WINDOWS\System32\dllcache\brserwdm.sys
[2011/07/14 10:18:23 | 000,009,728 | ---- | C] (Brother Industries, Ltd.) -- C:\WINDOWS\System32\dllcache\brserif.dll
[2011/07/14 10:18:23 | 000,005,120 | ---- | C] (Brother Industries,Ltd.) -- C:\WINDOWS\System32\dllcache\brscnrsm.dll
[2011/07/14 10:18:22 | 000,039,552 | ---- | C] (Brother Industries Ltd.) -- C:\WINDOWS\System32\dllcache\brparwdm.sys
[2011/07/14 10:18:21 | 000,003,168 | ---- | C] (Brother Industries Ltd.) -- C:\WINDOWS\System32\dllcache\brparimg.sys
[2011/07/14 10:18:19 | 000,041,472 | ---- | C] (Brother Industries, Ltd.) -- C:\WINDOWS\System32\dllcache\brmfusb.dll
[2011/07/14 10:18:19 | 000,032,256 | ---- | C] (Brother Industries, Ltd.) -- C:\WINDOWS\System32\dllcache\brmfrsmg.exe
[2011/07/14 10:18:18 | 000,029,696 | ---- | C] (Brother Industries, Ltd.) -- C:\WINDOWS\System32\dllcache\brmflpt.dll
[2011/07/14 10:18:17 | 000,015,360 | ---- | C] (Brother Industries, Ltd.) -- C:\WINDOWS\System32\dllcache\brmfbidi.dll
[2011/07/14 10:18:16 | 000,012,160 | ---- | C] (Brother Industries, Ltd.) -- C:\WINDOWS\System32\dllcache\brfiltlo.sys
[2011/07/14 10:18:16 | 000,003,968 | ---- | C] (Brother Industries, Ltd.) -- C:\WINDOWS\System32\dllcache\brfiltup.sys
[2011/07/14 10:18:15 | 000,002,944 | ---- | C] (Brother Industries Ltd.) -- C:\WINDOWS\System32\dllcache\brfilt.sys
[2011/07/14 10:18:14 | 000,012,800 | ---- | C] (Brother Industries, Ltd.) -- C:\WINDOWS\System32\dllcache\brevif.dll
[2011/07/14 10:18:14 | 000,009,728 | ---- | C] (Brother Industries Ltd.) -- C:\WINDOWS\System32\dllcache\brcoinst.dll
[2011/07/14 10:18:13 | 000,019,456 | ---- | C] (Brother Industries, Ltd.) -- C:\WINDOWS\System32\dllcache\brbidiif.dll
[2011/07/14 10:18:09 | 000,871,388 | ---- | C] (BCM) -- C:\WINDOWS\System32\dllcache\bcmdm.sys
[2011/07/14 10:18:06 | 000,342,336 | ---- | C] (3Dfx Interactive, Inc.) -- C:\WINDOWS\System32\dllcache\banshee.dll
[2011/07/14 10:18:06 | 000,036,128 | ---- | C] (3Dfx Interactive, Inc.) -- C:\WINDOWS\System32\dllcache\banshee.sys
[2011/07/14 10:18:04 | 000,089,952 | ---- | C] (AVM GmbH) -- C:\WINDOWS\System32\dllcache\b1cbase.sys
[2011/07/14 10:18:04 | 000,036,992 | ---- | C] (Aztech Systems Ltd) -- C:\WINDOWS\System32\dllcache\aztw2320.sys
[2011/07/14 10:18:03 | 000,144,384 | ---- | C] (AVM GmbH) -- C:\WINDOWS\System32\dllcache\avmenum.dll
[2011/07/14 10:18:03 | 000,037,568 | ---- | C] (AVM GmbH) -- C:\WINDOWS\System32\dllcache\avmwan.sys
[2011/07/14 10:18:02 | 000,087,552 | ---- | C] (AVM GmbH) -- C:\WINDOWS\System32\dllcache\avmcoxp.dll
[2011/07/14 10:17:40 | 000,097,354 | ---- | C] (Bay Networks, Inc.) -- C:\WINDOWS\System32\dllcache\aspndis3.sys
[2011/07/14 10:17:34 | 000,016,969 | ---- | C] (AmbiCom, Inc.) -- C:\WINDOWS\System32\dllcache\amb8002.sys
[2011/07/14 10:17:23 | 000,046,112 | ---- | C] (Adaptec, Inc ) -- C:\WINDOWS\System32\dllcache\adptsf50.sys
[2011/07/14 10:17:22 | 000,747,392 | ---- | C] (Aureal, Inc.) -- C:\WINDOWS\System32\dllcache\adm8830.sys
[2011/07/14 10:17:22 | 000,010,880 | ---- | C] (Aureal, Inc.) -- C:\WINDOWS\System32\dllcache\admjoy.sys
[2011/07/14 10:17:21 | 000,584,448 | ---- | C] (Aureal, Inc.) -- C:\WINDOWS\System32\dllcache\adm8810.sys
[2011/07/14 10:17:21 | 000,553,984 | ---- | C] (Aureal, Inc.) -- C:\WINDOWS\System32\dllcache\adm8820.sys
[2011/07/14 10:17:18 | 000,061,440 | ---- | C] (Color Flatbed Scanner) -- C:\WINDOWS\System32\dllcache\acerscad.dll
[2011/07/14 10:17:16 | 000,462,848 | ---- | C] (Aureal Inc.) -- C:\WINDOWS\System32\dllcache\a3dapi.dll
[2011/07/14 10:17:15 | 000,098,304 | ---- | C] (Aureal Semiconductor) -- C:\WINDOWS\System32\dllcache\a3d.dll
[2011/07/14 10:17:14 | 000,148,352 | ---- | C] (3dfx Interactive, Inc.) -- C:\WINDOWS\System32\dllcache\3dfxvsm.sys
[2011/07/14 10:17:13 | 000,762,780 | ---- | C] (3Com, Inc.) -- C:\WINDOWS\System32\dllcache\3cwmcru.sys
[2011/07/14 10:17:13 | 000,689,216 | ---- | C] (3dfx Interactive, Inc.) -- C:\WINDOWS\System32\dllcache\3dfxvs.dll
[2011/07/13 15:38:03 | 000,000,000 | ---D | C] -- C:\Program Files\jv16 PowerTools 2008
[2011/07/13 11:01:25 | 000,000,000 | R--D | C] -- C:\Documents and Settings\Gary Zeigler\Start Menu\Programs\Administrative Tools
[2011/07/13 11:01:12 | 000,000,000 | -H-D | C] -- C:\WINDOWS\System32\GroupPolicy
[2011/07/13 10:47:53 | 000,000,000 | -HSD | C] -- C:\WINDOWS\CSC
[2011/07/07 11:34:04 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Gary Zeigler\Local Settings\Application Data\Yahoo

========== Files - Modified Within 30 Days ==========

[2011/08/06 11:26:27 | 000,579,584 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Gary Zeigler\Desktop\OTL.exe
[2011/08/06 11:19:10 | 000,000,452 | ---- | M] () -- C:\WINDOWS\tasks\RegCure Program Check.job
[2011/08/06 11:18:55 | 000,001,595 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\McAfee AntiVirus Plus.lnk
[2011/08/06 11:18:49 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2011/08/06 11:18:47 | 1063,440,384 | -HS- | M] () -- C:\hiberfil.sys
[2011/08/05 20:16:55 | 000,452,800 | ---- | M] () -- C:\Documents and Settings\Gary Zeigler\Desktop\Wireless Broadband Router.conf
[2011/08/05 05:52:23 | 000,000,098 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\Hosts
[2011/08/01 18:07:11 | 000,071,398 | ---- | M] (jpshortstuff) -- C:\Documents and Settings\Gary Zeigler\Desktop\GooredFix.exe
[2011/08/01 17:32:26 | 000,522,752 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Gary Zeigler\Desktop\OTM.exe
[2011/07/31 08:29:55 | 000,001,936 | ---- | M] () -- C:\Documents and Settings\Gary Zeigler\Desktop\DNSChanger Trojan Removal Tool [1].lnk
[2011/07/27 07:34:59 | 000,021,064 | ---- | M] () -- C:\WINDOWS\System32\drivers\hitmanpro35.sys
[2011/07/27 07:10:53 | 004,154,451 | R--- | M] (Swearware) -- C:\Documents and Settings\Gary Zeigler\Desktop\ComboFix.exe
[2011/07/27 07:03:14 | 000,001,663 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Hitman Pro 3.5.lnk
[2011/07/25 16:32:36 | 000,200,144 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2011/07/25 14:43:46 | 000,000,325 | RHS- | M] () -- C:\boot.ini
[2011/07/24 11:19:43 | 000,001,546 | ---- | M] () -- C:\Documents and Settings\Gary Zeigler\My Documents\reg keys mcafeeF.reg
[2011/07/24 11:18:27 | 000,001,504 | ---- | M] () -- C:\Documents and Settings\Gary Zeigler\My Documents\reg keys mcafeeE.reg
[2011/07/24 11:17:02 | 000,001,552 | ---- | M] () -- C:\Documents and Settings\Gary Zeigler\My Documents\reg keys mcafeeD.reg
[2011/07/24 11:10:04 | 000,001,980 | ---- | M] () -- C:\Documents and Settings\Gary Zeigler\My Documents\reg keys mcafee.reg
[2011/07/24 06:45:41 | 000,000,438 | ---- | M] () -- C:\Documents and Settings\Gary Zeigler\My Documents\reg keys vc.reg
[2011/07/24 06:41:54 | 000,000,638 | ---- | M] () -- C:\Documents and Settings\Gary Zeigler\My Documents\reg keys vantage.reg
[2011/07/23 09:46:05 | 000,000,209 | ---- | M] () -- C:\Boot.bak
[2011/07/23 09:21:53 | 000,000,135 | ---- | M] () -- C:\Documents and Settings\Gary Zeigler\Local Settings\Application Data\fusioncache.dat
[2011/07/22 11:26:06 | 000,453,568 | ---- | M] () -- C:\Documents and Settings\Gary Zeigler\My Documents\Wireless Broadband Router.conf
[2011/07/22 08:56:17 | 000,001,577 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Quicken Deluxe 2011.lnk
[2011/07/22 08:56:04 | 000,000,120 | ---- | M] () -- C:\WINDOWS\QUICKEN.INI
[2011/07/20 10:57:41 | 000,002,419 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Vz In-Home Agent.lnk
[2011/07/20 07:35:25 | 000,000,260 | ---- | M] () -- C:\WINDOWS\System32\cmdVBS.vbs
[2011/07/20 07:35:25 | 000,000,256 | ---- | M] () -- C:\WINDOWS\System32\MSIevent.bat
[2011/07/18 14:02:45 | 000,001,771 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\McAfee Virtual Technician.lnk
[2011/07/17 14:15:29 | 000,000,067 | ---- | M] () -- C:\Documents and Settings\Gary Zeigler\My Documents\DrWeb.csv
[2011/07/15 07:23:59 | 000,218,636 | ---- | M] () -- C:\Documents and Settings\Gary Zeigler\My Documents\cc_20110715_072329.reg
[2011/07/15 05:53:51 | 000,000,682 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\CCleaner.lnk
[2011/07/15 05:15:42 | 000,000,784 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes' Anti-Malware.lnk
[2011/07/14 21:37:19 | 000,000,026 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts.old
[2011/07/14 21:36:05 | 000,003,704 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\lmhosts.sam
[2011/07/14 16:28:41 | 000,002,305 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\AIM.lnk
[2011/07/14 16:26:28 | 000,000,441 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\RegCure.lnk
[2011/07/14 16:08:21 | 000,000,678 | ---- | M] () -- C:\Documents and Settings\Gary Zeigler\Desktop\jv16 PowerTools 2008.lnk
[2011/07/14 15:34:31 | 000,001,945 | ---- | M] () -- C:\WINDOWS\epplauncher.mif
[2011/07/14 15:32:29 | 000,001,158 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2011/07/13 16:15:29 | 000,015,157 | ---- | M] () -- C:\Documents and Settings\Gary Zeigler\Application Data\old 3EFA.BBE
[2011/07/13 16:06:13 | 000,000,023 | ---- | M] () -- C:\WINDOWS\System32\dfabbaedbd_z.ocx
[2011/07/13 15:38:12 | 000,000,023 | ---- | M] () -- C:\WINDOWS\System32\aed_z.ocx
[2011/07/13 11:57:28 | 000,001,324 | ---- | M] () -- C:\WINDOWS\System32\d3d9caps.dat
[2011/07/13 11:23:55 | 000,000,552 | ---- | M] () -- C:\WINDOWS\System32\d3d8caps.dat
[2011/07/13 07:39:20 | 000,013,260 | -HS- | M] () -- C:\Documents and Settings\Gary Zeigler\Local Settings\Application Data\l03a8n73a084217
[2011/07/13 07:39:20 | 000,013,260 | -HS- | M] () -- C:\Documents and Settings\All Users\Application Data\l03a8n73a084217
[2011/07/09 10:04:06 | 000,000,150 | ---- | M] () -- C:\Documents and Settings\Gary Zeigler\Desktop\rk-proxy.reg

========== Files Created - No Company Name ==========

[2011/08/05 20:16:46 | 000,452,800 | ---- | C] () -- C:\Documents and Settings\Gary Zeigler\Desktop\Wireless Broadband Router.conf
[2011/07/31 08:29:55 | 000,001,936 | ---- | C] () -- C:\Documents and Settings\Gary Zeigler\Desktop\DNSChanger Trojan Removal Tool [1].lnk
[2011/07/27 07:03:15 | 000,021,064 | ---- | C] () -- C:\WINDOWS\System32\drivers\hitmanpro35.sys
[2011/07/27 07:03:14 | 000,001,663 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Hitman Pro 3.5.lnk
[2011/07/26 10:40:03 | 1063,440,384 | -HS- | C] () -- C:\hiberfil.sys
[2011/07/25 14:54:50 | 000,256,000 | ---- | C] () -- C:\WINDOWS\PEV.exe
[2011/07/25 14:54:50 | 000,208,896 | ---- | C] () -- C:\WINDOWS\MBR.exe
[2011/07/25 14:54:50 | 000,098,816 | ---- | C] () -- C:\WINDOWS\sed.exe
[2011/07/25 14:54:50 | 000,080,412 | ---- | C] () -- C:\WINDOWS\grep.exe
[2011/07/25 14:54:50 | 000,068,096 | ---- | C] () -- C:\WINDOWS\zip.exe
[2011/07/25 14:43:46 | 000,000,209 | ---- | C] () -- C:\Boot.bak
[2011/07/25 14:43:36 | 000,260,272 | RHS- | C] () -- C:\cmldr
[2011/07/24 11:19:43 | 000,001,546 | ---- | C] () -- C:\Documents and Settings\Gary Zeigler\My Documents\reg keys mcafeeF.reg
[2011/07/24 11:18:27 | 000,001,504 | ---- | C] () -- C:\Documents and Settings\Gary Zeigler\My Documents\reg keys mcafeeE.reg
[2011/07/24 11:17:02 | 000,001,552 | ---- | C] () -- C:\Documents and Settings\Gary Zeigler\My Documents\reg keys mcafeeD.reg
[2011/07/24 11:10:04 | 000,001,980 | ---- | C] () -- C:\Documents and Settings\Gary Zeigler\My Documents\reg keys mcafee.reg
[2011/07/24 06:45:41 | 000,000,438 | ---- | C] () -- C:\Documents and Settings\Gary Zeigler\My Documents\reg keys vc.reg
[2011/07/24 06:41:54 | 000,000,638 | ---- | C] () -- C:\Documents and Settings\Gary Zeigler\My Documents\reg keys vantage.reg
[2011/07/22 11:25:57 | 000,453,568 | ---- | C] () -- C:\Documents and Settings\Gary Zeigler\My Documents\Wireless Broadband Router.conf
[2011/07/22 08:56:17 | 000,001,577 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Quicken Deluxe 2011.lnk
[2011/07/20 07:35:25 | 000,000,260 | ---- | C] () -- C:\WINDOWS\System32\cmdVBS.vbs
[2011/07/20 07:35:25 | 000,000,256 | ---- | C] () -- C:\WINDOWS\System32\MSIevent.bat
[2011/07/20 07:34:43 | 000,002,419 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Vz In-Home Agent.lnk
[2011/07/18 14:02:45 | 000,001,771 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\McAfee Virtual Technician.lnk
[2011/07/18 14:02:15 | 000,001,775 | ---- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\McAfee Virtual Technician.lnk
[2011/07/17 14:15:29 | 000,000,067 | ---- | C] () -- C:\Documents and Settings\Gary Zeigler\My Documents\DrWeb.csv
[2011/07/15 07:23:35 | 000,218,636 | ---- | C] () -- C:\Documents and Settings\Gary Zeigler\My Documents\cc_20110715_072329.reg
[2011/07/15 05:53:51 | 000,000,682 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\CCleaner.lnk
[2011/07/15 05:15:42 | 000,000,784 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes' Anti-Malware.lnk
[2011/07/14 16:26:42 | 000,000,452 | ---- | C] () -- C:\WINDOWS\tasks\RegCure Program Check.job
[2011/07/14 16:26:28 | 000,000,441 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\RegCure.lnk
[2011/07/14 16:08:21 | 000,000,678 | ---- | C] () -- C:\Documents and Settings\Gary Zeigler\Desktop\jv16 PowerTools 2008.lnk
[2011/07/14 15:34:31 | 000,001,945 | ---- | C] () -- C:\WINDOWS\epplauncher.mif
[2011/07/14 15:33:06 | 000,001,680 | ---- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Microsoft Security Essentials.lnk
[2011/07/14 10:56:36 | 000,018,944 | ---- | C] () -- C:\WINDOWS\System32\dllcache\xrxscnui.dll
[2011/07/14 10:56:33 | 000,027,648 | ---- | C] () -- C:\WINDOWS\System32\dllcache\xrxftplt.exe
[2011/07/14 10:26:58 | 001,158,818 | ---- | C] () -- C:\WINDOWS\System32\dllcache\korwbrkr.lex
[2011/07/14 10:25:51 | 000,134,339 | ---- | C] () -- C:\WINDOWS\System32\dllcache\imekr.lex
[2011/07/14 10:24:00 | 000,165,888 | ---- | C] () -- C:\WINDOWS\System32\dllcache\hpgt53.dll
[2011/07/14 10:23:55 | 000,093,696 | ---- | C] () -- C:\WINDOWS\System32\dllcache\hpgt42.dll
[2011/07/14 10:23:50 | 000,101,376 | ---- | C] () -- C:\WINDOWS\System32\dllcache\hpgt34.dll
[2011/07/14 10:23:45 | 000,089,088 | ---- | C] () -- C:\WINDOWS\System32\dllcache\hpgt33.dll
[2011/07/14 10:23:40 | 000,083,968 | ---- | C] () -- C:\WINDOWS\System32\dllcache\hpgt21.dll
[2011/07/14 10:23:27 | 000,108,827 | ---- | C] () -- C:\WINDOWS\System32\dllcache\hanja.lex
[2011/07/14 10:20:46 | 000,029,768 | ---- | C] () -- C:\WINDOWS\System32\dllcache\divasu.dll
[2011/07/14 10:20:45 | 000,037,962 | ---- | C] () -- C:\WINDOWS\System32\dllcache\divaprop.dll
[2011/07/14 10:20:44 | 000,006,216 | ---- | C] () -- C:\WINDOWS\System32\dllcache\divaci.dll
[2011/07/14 10:17:55 | 000,026,624 | ---- | C] () -- C:\WINDOWS\System32\dllcache\ativxbar.sys
[2011/07/14 10:17:55 | 000,023,552 | ---- | C] () -- C:\WINDOWS\System32\dllcache\atixbar.sys
[2011/07/14 10:17:54 | 000,019,456 | ---- | C] () -- C:\WINDOWS\System32\dllcache\ativttxx.sys
[2011/07/14 10:17:53 | 000,017,152 | ---- | C] () -- C:\WINDOWS\System32\dllcache\atitvsnd.sys
[2011/07/14 10:17:53 | 000,009,472 | ---- | C] () -- C:\WINDOWS\System32\dllcache\ativmdcd.sys
[2011/07/14 10:17:52 | 000,017,152 | ---- | C] () -- C:\WINDOWS\System32\dllcache\atitunep.sys
[2011/07/14 10:17:51 | 000,049,920 | ---- | C] () -- C:\WINDOWS\System32\dllcache\atirtcap.sys
[2011/07/14 10:17:51 | 000,026,880 | ---- | C] () -- C:\WINDOWS\System32\dllcache\atirtsnd.sys
[2011/07/14 10:17:49 | 000,010,240 | ---- | C] () -- C:\WINDOWS\System32\dllcache\atipcxxx.sys
[2011/07/14 10:17:44 | 000,046,464 | ---- | C] () -- C:\WINDOWS\System32\dllcache\atibt829.sys
[2011/07/13 16:06:13 | 000,000,023 | ---- | C] () -- C:\WINDOWS\System32\dfabbaedbd_z.ocx
[2011/07/13 15:38:12 | 000,000,023 | ---- | C] () -- C:\WINDOWS\System32\aed_z.ocx
[2011/07/13 11:23:55 | 000,000,552 | ---- | C] () -- C:\WINDOWS\System32\d3d8caps.dat
[2011/07/13 06:30:19 | 000,013,260 | -HS- | C] () -- C:\Documents and Settings\Gary Zeigler\Local Settings\Application Data\l03a8n73a084217
[2011/07/13 06:30:19 | 000,013,260 | -HS- | C] () -- C:\Documents and Settings\All Users\Application Data\l03a8n73a084217
[2011/07/09 10:04:06 | 000,000,150 | ---- | C] () -- C:\Documents and Settings\Gary Zeigler\Desktop\rk-proxy.reg
[2011/07/07 10:14:32 | 000,000,000 | ---- | C] () -- C:\WINDOWS\nsreg.dat
[2011/07/05 07:56:06 | 000,015,157 | ---- | C] () -- C:\Documents and Settings\Gary Zeigler\Application Data\old 3EFA.BBE
[2011/07/04 08:12:36 | 000,001,324 | ---- | C] () -- C:\WINDOWS\System32\d3d9caps.dat
[2011/07/04 07:53:26 | 000,000,148 | ---- | C] () -- C:\Documents and Settings\Gary Zeigler\Application Data\skyrlu2qp.bat
[2011/07/02 10:41:59 | 000,141,976 | ---- | C] () -- C:\WINDOWS\hpwins05.dat.temp
[2011/07/02 10:41:59 | 000,003,953 | ---- | C] () -- C:\WINDOWS\hpwmdl05.dat.temp
[2011/07/02 09:20:29 | 000,000,755 | ---- | C] () -- C:\WINDOWS\hpntwksetup.ini
[2011/07/02 08:40:39 | 000,000,162 | ---- | C] () -- C:\WINDOWS\System32\AddPort.ini
[2011/07/02 08:18:51 | 000,077,824 | R--- | C] () -- C:\WINDOWS\System32\hpzids01.dll
[2011/07/01 16:37:13 | 000,000,135 | ---- | C] () -- C:\Documents and Settings\Gary Zeigler\Local Settings\Application Data\fusioncache.dat
[2011/07/01 16:21:30 | 000,204,800 | ---- | C] () -- C:\WINDOWS\System32\IVIresizeW7.dll
[2011/07/01 16:21:30 | 000,200,704 | ---- | C] () -- C:\WINDOWS\System32\IVIresizeA6.dll
[2011/07/01 16:21:30 | 000,192,512 | ---- | C] () -- C:\WINDOWS\System32\IVIresizeP6.dll
[2011/07/01 16:21:30 | 000,192,512 | ---- | C] () -- C:\WINDOWS\System32\IVIresizeM6.dll
[2011/07/01 16:21:30 | 000,188,416 | ---- | C] () -- C:\WINDOWS\System32\IVIresizePX.dll
[2011/07/01 16:21:30 | 000,020,480 | ---- | C] () -- C:\WINDOWS\System32\IVIresize.dll
[2011/07/01 16:20:25 | 000,000,004 | ---- | C] () -- C:\WINDOWS\Pix11.dat
[2011/07/01 16:11:03 | 000,019,968 | ---- | C] () -- C:\WINDOWS\System32\Cpuinf32.dll
[2011/07/01 16:09:33 | 000,000,120 | ---- | C] () -- C:\WINDOWS\QUICKEN.INI
[2011/07/01 16:07:37 | 000,000,376 | ---- | C] () -- C:\WINDOWS\ODBC.INI
[2011/07/01 16:01:21 | 000,002,154 | ---- | C] () -- C:\WINDOWS\System32\tmmute.ini
[2011/07/01 15:59:05 | 000,520,192 | ---- | C] () -- C:\WINDOWS\System32\CddbPlaylist2Sony.dll
[2006/09/20 04:25:44 | 000,012,416 | ---- | C] () -- C:\WINDOWS\hpwscr05.dat
[2006/07/24 16:45:11 | 000,610,304 | ---- | C] () -- C:\WINDOWS\System32\lpykrp.exe
[2006/07/24 16:24:00 | 000,000,061 | ---- | C] () -- C:\WINDOWS\smscfg.ini
[2006/07/24 15:40:49 | 000,000,754 | ---- | C] () -- C:\WINDOWS\WORDPAD.INI
[2006/07/24 15:38:31 | 000,000,059 | ---- | C] () -- C:\WINDOWS\WININIT.INI
[2006/07/24 15:30:17 | 000,000,000 | ---- | C] () -- C:\WINDOWS\VAIOUpdt.INI
[2006/07/24 14:03:04 | 000,000,034 | ---- | C] () -- C:\WINDOWS\System32\elcric.dat
[2006/07/24 13:52:40 | 000,000,811 | ---- | C] () -- C:\WINDOWS\orun32.ini
[2006/07/24 13:48:44 | 000,002,048 | --S- | C] () -- C:\WINDOWS\bootstat.dat
[2006/07/24 13:41:43 | 000,021,640 | ---- | C] () -- C:\WINDOWS\System32\emptyregdb.dat
[2006/07/24 13:28:35 | 000,098,304 | ---- | C] () -- C:\WINDOWS\System32\nvapi.dll
[2006/07/24 13:28:25 | 000,000,758 | ---- | C] () -- C:\WINDOWS\System32\oeminfo.ini
[2006/07/24 13:28:15 | 000,755,200 | ---- | C] () -- C:\WINDOWS\System32\ir50_32.dll
[2006/07/24 13:28:15 | 000,338,432 | ---- | C] () -- C:\WINDOWS\System32\ir41_qcx.dll
[2006/07/24 13:28:15 | 000,200,192 | ---- | C] () -- C:\WINDOWS\System32\ir50_qc.dll
[2006/07/24 13:28:15 | 000,183,808 | ---- | C] () -- C:\WINDOWS\System32\ir50_qcx.dll
[2006/07/24 13:28:15 | 000,120,320 | ---- | C] () -- C:\WINDOWS\System32\ir41_qc.dll
[2006/07/24 13:27:49 | 000,004,569 | ---- | C] () -- C:\WINDOWS\System32\secupd.dat
[2006/07/24 13:27:47 | 000,459,522 | ---- | C] () -- C:\WINDOWS\System32\perfh009.dat
[2006/07/24 13:27:47 | 000,272,128 | ---- | C] () -- C:\WINDOWS\System32\perfi009.dat
[2006/07/24 13:27:47 | 000,079,010 | ---- | C] () -- C:\WINDOWS\System32\perfc009.dat
[2006/07/24 13:27:47 | 000,028,626 | ---- | C] () -- C:\WINDOWS\System32\perfd009.dat
[2006/07/24 13:27:47 | 000,004,569 | ---- | C] () -- C:\WINDOWS\System32\oembios.dat
[2006/07/24 13:27:46 | 013,107,200 | ---- | C] () -- C:\WINDOWS\System32\oembios.bin
[2006/07/24 13:27:46 | 000,000,741 | ---- | C] () -- C:\WINDOWS\System32\noise.dat
[2006/07/24 13:27:42 | 000,673,088 | ---- | C] () -- C:\WINDOWS\System32\mlang.dat
[2006/07/24 13:27:42 | 000,046,258 | ---- | C] () -- C:\WINDOWS\System32\mib.bin
[2006/07/24 13:27:38 | 000,218,003 | ---- | C] () -- C:\WINDOWS\System32\dssec.dat
[2006/07/24 13:27:34 | 000,001,804 | ---- | C] () -- C:\WINDOWS\System32\dcache.bin
[2006/07/24 06:35:41 | 000,004,161 | ---- | C] () -- C:\WINDOWS\ODBCINST.INI
[2006/07/24 06:34:48 | 000,200,144 | ---- | C] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2005/11/01 21:53:38 | 000,000,000 | ---- | C] () -- C:\WINDOWS\System32\px.ini
[2005/08/05 17:01:54 | 000,239,104 | ---- | C] () -- C:\WINDOWS\System32\psisdecd.dll
[2003/01/07 18:05:08 | 000,002,695 | ---- | C] () -- C:\WINDOWS\System32\OUTLPERF.INI
[2002/06/12 15:21:12 | 000,049,152 | R--- | C] () -- C:\WINDOWS\System32\winchip.dll
[2001/07/07 03:00:00 | 000,003,399 | ---- | C] () -- C:\WINDOWS\System32\hptcpmon.ini

========== LOP Check ==========

[2011/07/10 07:35:02 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Digital Interactive Systems Corporation
[2011/07/27 07:01:55 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Hitman Pro
[2011/07/01 20:32:23 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\kinoma
[2006/07/24 15:42:54 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Napster
[2011/07/18 19:13:30 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\RegCure
[2011/07/04 11:35:14 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\TEMP
[2011/07/05 08:59:11 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Gary Zeigler\Application Data\OpenOffice.org
[2011/08/06 11:19:10 | 000,000,452 | ---- | M] () -- C:\WINDOWS\Tasks\RegCure Program Check.job

========== Purity Check ==========



========== Custom Scans ==========


< %SYSTEMDRIVE%\*.exe >

< %USERPROFILE%\..|smtmp;true;true;true /FP >


< MD5 for: EXPLORER.EXE >
[2008/04/13 20:12:19 | 001,033,728 | ---- | M] (Microsoft Corporation) MD5=12896823FB95BFB3DC9B46BCAEDC9923 -- C:\WINDOWS\ERDNT\cache\explorer.exe
[2008/04/13 20:12:19 | 001,033,728 | ---- | M] (Microsoft Corporation) MD5=12896823FB95BFB3DC9B46BCAEDC9923 -- C:\WINDOWS\explorer.exe
[2008/04/13 20:12:19 | 001,033,728 | ---- | M] (Microsoft Corporation) MD5=12896823FB95BFB3DC9B46BCAEDC9923 -- C:\WINDOWS\ServicePackFiles\i386\explorer.exe
[2008/04/13 20:12:19 | 001,033,728 | ---- | M] (Microsoft Corporation) MD5=12896823FB95BFB3DC9B46BCAEDC9923 -- C:\WINDOWS\system32\dllcache\explorer.exe
[2006/03/15 08:00:00 | 001,032,192 | ---- | M] (Microsoft Corporation) MD5=A0732187050030AE399B241436565E64 -- C:\WINDOWS\$NtServicePackUninstall$\explorer.exe

< MD5 for: SVCHOST.EXE >
[2008/04/13 20:12:36 | 000,014,336 | ---- | M] (Microsoft Corporation) MD5=27C6D03BCDB8CFEB96B716F3D8BE3E18 -- C:\WINDOWS\ERDNT\cache\svchost.exe
[2008/04/13 20:12:36 | 000,014,336 | ---- | M] (Microsoft Corporation) MD5=27C6D03BCDB8CFEB96B716F3D8BE3E18 -- C:\WINDOWS\ServicePackFiles\i386\svchost.exe
[2008/04/13 20:12:36 | 000,014,336 | ---- | M] (Microsoft Corporation) MD5=27C6D03BCDB8CFEB96B716F3D8BE3E18 -- C:\WINDOWS\system32\dllcache\svchost.exe
[2008/04/13 20:12:36 | 000,014,336 | ---- | M] (Microsoft Corporation) MD5=27C6D03BCDB8CFEB96B716F3D8BE3E18 -- C:\WINDOWS\system32\svchost.exe
[2006/03/15 08:00:00 | 000,014,336 | ---- | M] (Microsoft Corporation) MD5=8F078AE4ED187AAABC0A305146DE6716 -- C:\WINDOWS\$NtServicePackUninstall$\svchost.exe

< MD5 for: USERINIT.EXE >
[2006/03/15 08:00:00 | 000,024,576 | ---- | M] (Microsoft Corporation) MD5=39B1FFB03C2296323832ACBAE50D2AFF -- C:\WINDOWS\$NtServicePackUninstall$\userinit.exe
[2008/04/13 20:12:38 | 000,026,112 | ---- | M] (Microsoft Corporation) MD5=A93AEE1928A9D7CE3E16D24EC7380F89 -- C:\WINDOWS\ERDNT\cache\userinit.exe
[2008/04/13 20:12:38 | 000,026,112 | ---- | M] (Microsoft Corporation) MD5=A93AEE1928A9D7CE3E16D24EC7380F89 -- C:\WINDOWS\ServicePackFiles\i386\userinit.exe
[2008/04/13 20:12:38 | 000,026,112 | ---- | M] (Microsoft Corporation) MD5=A93AEE1928A9D7CE3E16D24EC7380F89 -- C:\WINDOWS\system32\dllcache\userinit.exe
[2008/04/13 20:12:38 | 000,026,112 | ---- | M] (Microsoft Corporation) MD5=A93AEE1928A9D7CE3E16D24EC7380F89 -- C:\WINDOWS\system32\userinit.exe

< MD5 for: WINLOGON.EXE >
[2004/08/13 19:01:19 | 000,502,784 | ---- | M] (Microsoft Corporation) MD5=EA16F83B5E4964C100F6098CE9874927 -- C:\WINDOWS\$NtServicePackUninstall$\winlogon.exe
[2008/04/13 20:12:39 | 000,507,904 | ---- | M] (Microsoft Corporation) MD5=ED0EF0A136DEC83DF69F04118870003E -- C:\WINDOWS\ERDNT\cache\winlogon.exe
[2008/04/13 20:12:39 | 000,507,904 | ---- | M] (Microsoft Corporation) MD5=ED0EF0A136DEC83DF69F04118870003E -- C:\WINDOWS\ServicePackFiles\i386\winlogon.exe
[2008/04/13 20:12:39 | 000,507,904 | ---- | M] (Microsoft Corporation) MD5=ED0EF0A136DEC83DF69F04118870003E -- C:\WINDOWS\system32\dllcache\winlogon.exe
[2008/04/13 20:12:39 | 000,507,904 | ---- | M] (Microsoft Corporation) MD5=ED0EF0A136DEC83DF69F04118870003E -- C:\WINDOWS\system32\winlogon.exe

< %systemroot%\*. /mp /s >

< hklm\software\clients\startmenuinternet|command /rs >
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\InstallInfo\\HideIconsCommand: "C:\Program Files\Mozilla Firefox\uninstall\helper.exe" /HideShortcuts [2011/06/16 00:17:34 | 000,712,976 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\InstallInfo\\ShowIconsCommand: "C:\Program Files\Mozilla Firefox\uninstall\helper.exe" /ShowShortcuts [2011/06/16 00:17:34 | 000,712,976 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\InstallInfo\\ReinstallCommand: "C:\Program Files\Mozilla Firefox\uninstall\helper.exe" /SetAsDefaultAppGlobal [2011/06/16 00:17:34 | 000,712,976 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\shell\properties\command\\: "C:\Program Files\Mozilla Firefox\firefox.exe" -preferences [2011/06/16 00:17:34 | 000,924,632 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\shell\safemode\command\\: firefox.exe -safe-mode
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\ReinstallCommand: "C:\WINDOWS\system32\ie4uinit.exe" -reinstall [2011/04/25 08:01:34 | 000,173,568 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\HideIconsCommand: "C:\WINDOWS\system32\ie4uinit.exe" -hide [2011/04/25 08:01:34 | 000,173,568 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\ShowIconsCommand: "C:\WINDOWS\system32\ie4uinit.exe" -show [2011/04/25 08:01:34 | 000,173,568 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\shell\naom\command\\: "C:\Program Files\Internet Explorer\iexplore.exe" -extoff [2009/03/08 14:09:26 | 000,638,816 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\shell\open\command\\: "C:\Program Files\Internet Explorer\iexplore.exe" [2009/03/08 14:09:26 | 000,638,816 | ---- | M] (Microsoft Corporation)

< hklm\software\clients\startmenuinternet|command /64 /rs >
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\InstallInfo\\HideIconsCommand: "C:\Program Files\Mozilla Firefox\uninstall\helper.exe" /HideShortcuts [2011/06/16 00:17:34 | 000,712,976 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\InstallInfo\\ShowIconsCommand: "C:\Program Files\Mozilla Firefox\uninstall\helper.exe" /ShowShortcuts [2011/06/16 00:17:34 | 000,712,976 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\InstallInfo\\ReinstallCommand: "C:\Program Files\Mozilla Firefox\uninstall\helper.exe" /SetAsDefaultAppGlobal [2011/06/16 00:17:34 | 000,712,976 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\shell\properties\command\\: "C:\Program Files\Mozilla Firefox\firefox.exe" -preferences [2011/06/16 00:17:34 | 000,924,632 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\shell\safemode\command\\: firefox.exe -safe-mode
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\ReinstallCommand: "C:\WINDOWS\system32\ie4uinit.exe" -reinstall [2011/04/25 08:01:34 | 000,173,568 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\HideIconsCommand: "C:\WINDOWS\system32\ie4uinit.exe" -hide [2011/04/25 08:01:34 | 000,173,568 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\ShowIconsCommand: "C:\WINDOWS\system32\ie4uinit.exe" -show [2011/04/25 08:01:34 | 000,173,568 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\shell\naom\command\\: "C:\Program Files\Internet Explorer\iexplore.exe" -extoff [2009/03/08 14:09:26 | 000,638,816 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\shell\open\command\\: "C:\Program Files\Internet Explorer\iexplore.exe" [2009/03/08 14:09:26 | 000,638,816 | ---- | M] (Microsoft Corporation)

< >

< End of report >


aswMBR version 0.9.8.978 Copyright© 2011 AVAST Software
Run date: 2011-08-06 11:52:16
-----------------------------
11:52:16.171 OS Version: Windows 5.1.2600 Service Pack 3
11:52:16.171 Number of processors: 2 586 0xF06
11:52:16.171 ComputerName: GARYLAPTOP UserName:
11:52:17.843 Initialize success
11:52:53.156 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP1T0L0-e
11:52:53.156 Disk 0 Vendor: FUJITSU_MHV2120BH_PL 00000029 Size: 114473MB BusType: 3
11:52:53.171 Disk 1 \Device\Harddisk1\DR3 -> \Device\00000097
11:52:53.171 Disk 1 Vendor: ( Size: 114473MB BusType: 0
11:52:55.187 Disk 0 MBR read successfully
11:52:55.187 Disk 0 MBR scan
11:52:55.187 Disk 0 Windows XP default MBR code
11:52:55.187 Disk 0 scanning sectors +234436545
11:52:55.203 Disk 0 malicious Win32:MBRoot code @ sector 234436548 !
11:52:55.203 Disk 0 PE file @ sector 234436570 !
11:52:55.265 Disk 0 scanning C:\WINDOWS\system32\drivers
11:53:03.390 Service scanning
11:53:05.125 Modules scanning
11:53:10.468 Disk 0 trace - called modules:
11:53:10.500 ntkrnlpa.exe CLASSPNP.SYS disk.sys ACPI.sys hal.dll atapi.sys pciide.sys PCIIDEX.SYS
11:53:10.500 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0x87520ab8]
11:53:10.500 3 CLASSPNP.SYS[f755efd7] -> nt!IofCallDriver -> \Device\0000008f[0x8755f9e8]
11:53:10.500 5 ACPI.sys[f73d5620] -> nt!IofCallDriver -> \Device\Ide\IdeDeviceP1T0L0-e[0x87574940]
11:53:10.500 Scan finished successfully
11:58:25.281 Disk 0 MBR has been saved successfully to "C:\Documents and Settings\Gary Zeigler\Desktop\MBR.dat"
11:58:25.281 The log file has been saved successfully to "C:\Documents and Settings\Gary Zeigler\Desktop\aswMBR.txt"
  • 0

#4
Aaron

Aaron

    GeekU Mod

  • GeekU Moderator
  • 3,155 posts
Hi

Please follow these steps:

[2011/07/24 11:19:43 | 000,001,546 | ---- | M] () -- C:\Documents and Settings\Gary Zeigler\My Documents\reg keys mcafeeF.reg
[2011/07/24 11:18:27 | 000,001,504 | ---- | M] () -- C:\Documents and Settings\Gary Zeigler\My Documents\reg keys mcafeeE.reg
[2011/07/24 11:17:02 | 000,001,552 | ---- | M] () -- C:\Documents and Settings\Gary Zeigler\My Documents\reg keys mcafeeD.reg
[2011/07/24 11:10:04 | 000,001,980 | ---- | M] () -- C:\Documents and Settings\Gary Zeigler\My Documents\reg keys mcafee.reg
[2011/07/24 06:45:41 | 000,000,438 | ---- | M] () -- C:\Documents and Settings\Gary Zeigler\My Documents\reg keys vc.reg
[2011/07/24 06:41:54 | 000,000,638 | ---- | M] () -- C:\Documents and Settings\Gary Zeigler\My Documents\reg keys vantage.reg

Are these used for cracking?

============ Step one ============

Please go to Start > Control Panel > Add/Remove Programs and remove the following (if present):

RegCure
DNSChanger Trojan Removal Tool


============ Step two ============

Run OTL again

  • Under the Posted Image box at the bottom, paste in the following

    :OTL
    [2011/07/13 07:39:20 | 000,013,260 | -HS- | M] () -- C:\Documents and Settings\Gary Zeigler\Local Settings\Application Data\l03a8n73a084217
    [2011/07/13 07:39:20 | 000,013,260 | -HS- | M] () -- C:\Documents and Settings\All Users\Application Data\l03a8n73a084217
    [2011/07/05 07:56:06 | 000,015,157 | ---- | C] () -- C:\Documents and Settings\Gary Zeigler\Application Data\old 3EFA.BBE
    [2011/07/04 07:53:26 | 000,000,148 | ---- | C] () -- C:\Documents and Settings\Gary Zeigler\Application Data\skyrlu2qp.bat
    
    :Services
    
    :Reg
    
    :Files
    ipconfig /flushdns /c
    
    :Commands
    [emptytemp]
    [EMPTYFLASH]
    [CREATERESTOREPOINT]
    [Reboot]
  • Then click the Posted Image button at the top
  • Let the program run unhindered, reboot the PC when it is done and post the log it produces.
  • Then open OTL again and click the Posted Image button. Please post this log too.

============ Step three ============


11:52:55.203 Disk 0 malicious Win32:MBRoot code @ sector 234436548 !

This indicates you had a MBR bootkit, however it looks to be removed and this is a backup copy. Try running aswMBR again, press Fix MBR, reboot, make a new scan and post this please.

============ Step four ============

Post the log from Combofix' last run (C:\ComboFix.txt), then run Combofix again please:

Please download ComboFix from one of these locations:

Bleepingcomputer
ForoSpyware
  • Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools. (Click on this link to see a list of programs that should be disabled. The list is not all inclusive.)
  • Double click on Combofix.exe and follow the prompts.
  • As part of it's process, ComboFix will check to see if the Microsoft Windows Recovery Console is installed. With malware infections being as they are today, it's strongly recommended to have this pre-installed on your machine before doing any malware removal. It will allow you to boot up into a special recovery/repair mode that will allow us to more easily help you should your computer have a problem after an attempted removal of malware.
  • Follow the prompts to allow ComboFix to download and install the Microsoft Windows Recovery Console, and when prompted, agree to the End-User License Agreement to install the Microsoft Windows Recovery Console.
**Please note: If the Microsoft Windows Recovery Console is already installed, or if you are running Vista, ComboFix will continue it's malware removal procedures.

Posted Image


Once the Microsoft Windows Recovery Console is installed using ComboFix, you should see the following message:

Posted Image


Click on Yes, to continue scanning for malware.

When finished, it shall produce a log for you. Please include the C:\ComboFix.txt in your next reply.

============ Step five ============

Please post the contents of the Extras.txt log from OTL in your next post. The file can be found at the same location as OTL.
If you can't fin it then we'll make a new one. Please run OTL again.

  • Press the Posted Image button.
  • Set the Extra Registry section to Use Safelist.
  • Press the Posted Image button.
When the scan completes, it will open a notepad window called Extras.Txt. It is saved in the same location as OTL. Please post this log.

- Maser00
  • 0

#5
gtzig

gtzig

    New Member

  • Topic Starter
  • Member
  • Pip
  • 5 posts
Hi Aaron
Thanks for the continuing direction. This process is much more interesting than me wandering blindly. I believe I have accomplished all of today's tasks
1. The saved registry key data resulted from manual removal by me of unused/unnecessary keys indicated by some program (I don't remember which) that found the errors and then wanted me to pay for a version that would remove them. I saved the data in case I made a mistake and needed to put them back.
2. RegCure and DNSChanger Trojan Removal Tool programs were removed
3. Following are text data in the order requested.
By the way I have changed my network SSID and will strengthen the security soon.

Thanks again
Gary

All processes killed
========== OTL ==========
C:\Documents and Settings\Gary Zeigler\Local Settings\Application Data\l03a8n73a084217 moved successfully.
C:\Documents and Settings\All Users\Application Data\l03a8n73a084217 moved successfully.
C:\Documents and Settings\Gary Zeigler\Application Data\old 3EFA.BBE moved successfully.
C:\Documents and Settings\Gary Zeigler\Application Data\skyrlu2qp.bat moved successfully.
========== SERVICES/DRIVERS ==========
========== REGISTRY ==========
========== FILES ==========
< ipconfig /flushdns /c >
Windows IP Configuration
Could not flush the DNS Resolver Cache: Function failed during execution.
C:\Documents and Settings\Gary Zeigler\Desktop\cmd.bat deleted successfully.
C:\Documents and Settings\Gary Zeigler\Desktop\cmd.txt deleted successfully.
========== COMMANDS ==========

[EMPTYTEMP]

User: Administrator
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes

User: All Users

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 0 bytes

User: Gary Zeigler
->Temp folder emptied: 2718786 bytes
->Temporary Internet Files folder emptied: 32516689 bytes
->Java cache emptied: 0 bytes
->FireFox cache emptied: 0 bytes
->Flash cache emptied: 3076 bytes

User: LocalService
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 33170 bytes

User: NetworkService
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 33170 bytes
->Flash cache emptied: 0 bytes

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32\dllcache .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 84272 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temp folder emptied: 0 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temporary Internet Files folder emptied: 33170 bytes
RecycleBin emptied: 682488 bytes

Total Files Cleaned = 34.00 mb


[EMPTYFLASH]

User: Administrator

User: All Users

User: Default User
->Flash cache emptied: 0 bytes

User: Gary Zeigler
->Flash cache emptied: 0 bytes

User: LocalService

User: NetworkService
->Flash cache emptied: 0 bytes

Total Flash Files Cleaned = 0.00 mb


OTL by OldTimer - Version 3.2.26.1 log created on 08072011_083018

Files\Folders moved on Reboot...
File\Folder C:\WINDOWS\temp\Perflib_Perfdata_4b0.dat not found!

Registry entries deleted on Reboot...
OTL logfile created on: 8/7/2011 10:31:55 AM - Run 10
OTL by OldTimer - Version 3.2.26.1 Folder = C:\Documents and Settings\Gary Zeigler\Desktop
Windows XP Media Center Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

1014.11 Mb Total Physical Memory | 428.36 Mb Available Physical Memory | 42.24% Memory free
2.38 Gb Paging File | 1.61 Gb Available in Paging File | 67.49% Paging File free
Paging file location(s): C:\pagefile.sys 1524 3048 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 104.79 Gb Total Space | 86.18 Gb Free Space | 82.25% Space Free | Partition Type: NTFS

Computer Name: GARYLAPTOP | User Name: Gary Zeigler | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Files/Folders - Created Within 30 Days ==========

[2011/08/07 09:28:00 | 004,165,920 | R--- | C] (Swearware) -- C:\Documents and Settings\Gary Zeigler\Desktop\ComboFix2.exe
[2011/08/07 08:32:41 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\McAfee
[2011/08/07 08:30:18 | 000,000,000 | ---D | C] -- C:\_OTL
[2011/08/06 19:43:29 | 000,000,000 | ---D | C] -- C:\WINDOWS\Minidump
[2011/08/06 11:52:07 | 001,915,904 | ---- | C] (AVAST Software) -- C:\Documents and Settings\Gary Zeigler\Desktop\aswMBR.exe
[2011/08/05 08:25:58 | 000,579,584 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Gary Zeigler\Desktop\OTL.exe
[2011/08/01 18:07:21 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Gary Zeigler\Desktop\GooredFix Backups
[2011/08/01 17:45:53 | 000,000,000 | ---D | C] -- C:\_OTM
[2011/08/01 17:36:16 | 000,071,398 | ---- | C] (jpshortstuff) -- C:\Documents and Settings\Gary Zeigler\Desktop\GooredFix.exe
[2011/08/01 17:32:23 | 000,522,752 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Gary Zeigler\Desktop\OTM.exe
[2011/07/31 08:29:50 | 000,000,000 | ---D | C] -- C:\Program Files\DNSChanger Trojan Removal Tool [1]
[2011/07/27 07:03:13 | 000,000,000 | ---D | C] -- C:\Program Files\Hitman Pro 3.5
[2011/07/27 07:01:52 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Hitman Pro
[2011/07/26 10:25:44 | 000,000,000 | RH-D | C] -- C:\Documents and Settings\Gary Zeigler\Recent
[2011/07/25 14:54:50 | 000,518,144 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWREG.exe
[2011/07/25 14:54:50 | 000,406,528 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWSC.exe
[2011/07/25 14:54:50 | 000,212,480 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWXCACLS.exe
[2011/07/25 14:54:50 | 000,060,416 | ---- | C] (NirSoft) -- C:\WINDOWS\NIRCMD.exe
[2011/07/25 14:54:34 | 000,000,000 | ---D | C] -- C:\Qoobox
[2011/07/25 14:50:22 | 004,154,451 | R--- | C] (Swearware) -- C:\Documents and Settings\Gary Zeigler\Desktop\ComboFix.exe
[2011/07/25 14:46:04 | 000,000,000 | ---D | C] -- C:\ComboFix1
[2011/07/25 14:43:30 | 000,000,000 | RHSD | C] -- C:\cmdcons
[2011/07/25 11:15:46 | 000,000,000 | ---D | C] -- C:\WINDOWS\ERDNT
[2011/07/23 09:21:54 | 000,000,000 | -HSD | C] -- C:\Documents and Settings\All Users\Documents\MCE Logs
[2011/07/22 08:56:18 | 004,199,768 | ---- | C] (Amyuni Technologies
http://www.amyuni.com) -- C:\WINDOWS\System32\cdintf400.dll
[2011/07/22 08:56:02 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Quicken 2011
[2011/07/20 07:33:38 | 000,000,000 | ---D | C] -- C:\Program Files\Verizon
[2011/07/18 14:02:46 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Gary Zeigler\Application Data\McAfee
[2011/07/18 13:29:22 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\appmgmt
[2011/07/17 12:52:24 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Gary Zeigler\DoctorWeb
[2011/07/15 08:04:36 | 000,157,472 | ---- | C] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\javaws.exe
[2011/07/15 08:04:36 | 000,145,184 | ---- | C] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\javaw.exe
[2011/07/15 08:04:36 | 000,145,184 | ---- | C] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\java.exe
[2011/07/15 07:51:39 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Gary Zeigler\Start Menu\Programs\FixRedirectVirus
[2011/07/15 07:51:33 | 000,000,000 | ---D | C] -- C:\Program Files\FixRedirectVirus
[2011/07/15 05:53:43 | 000,000,000 | ---D | C] -- C:\Program Files\CCleaner
[2011/07/15 05:15:56 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Gary Zeigler\Application Data\Malwarebytes
[2011/07/15 05:15:42 | 000,041,272 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys
[2011/07/15 05:15:42 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Malwarebytes' Anti-Malware
[2011/07/15 05:15:40 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Malwarebytes
[2011/07/15 05:15:36 | 000,022,712 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
[2011/07/15 05:15:35 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2011/07/14 15:32:44 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft Security Client
[2011/07/14 10:56:42 | 000,116,224 | ---- | C] (Xerox) -- C:\WINDOWS\System32\dllcache\xrxwiadr.dll
[2011/07/14 10:56:38 | 000,023,040 | ---- | C] (Xerox Corporation) -- C:\WINDOWS\System32\dllcache\xrxwbtmp.dll
[2011/07/14 10:56:29 | 000,004,608 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\xrxflnch.exe
[2011/07/14 10:56:13 | 000,099,865 | ---- | C] (Eicon Technology) -- C:\WINDOWS\System32\dllcache\xlog.exe
[2011/07/14 10:56:08 | 000,016,970 | ---- | C] (US Robotics MCD (Megahertz)) -- C:\WINDOWS\System32\dllcache\xem336n5.sys
[2011/07/14 10:56:07 | 000,019,455 | ---- | C] (Intel® Corporation) -- C:\WINDOWS\System32\dllcache\wvchntxx.sys
[2011/07/14 10:56:02 | 000,012,063 | ---- | C] (Intel® Corporation) -- C:\WINDOWS\System32\dllcache\wsiintxx.sys
[2011/07/14 10:56:01 | 000,008,192 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\wshirda.dll
[2011/07/14 10:55:37 | 000,008,832 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\wmiacpi.sys
[2011/07/14 10:55:34 | 000,154,624 | ---- | C] (Lucent Technologies) -- C:\WINDOWS\System32\dllcache\wlluc48.sys
[2011/07/14 10:55:30 | 000,034,890 | ---- | C] (Raytheon Corp.) -- C:\WINDOWS\System32\dllcache\wlandrv2.sys
[2011/07/14 10:55:22 | 000,771,581 | ---- | C] (Rockwell) -- C:\WINDOWS\System32\dllcache\winacisa.sys
[2011/07/14 10:55:17 | 000,053,760 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\wiamsmud.dll
[2011/07/14 10:55:13 | 000,087,040 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\wiafbdrv.dll
[2011/07/14 10:55:12 | 000,041,600 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\weitekp9.dll
[2011/07/14 10:55:12 | 000,031,232 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\weitekp9.sys
[2011/07/14 10:55:08 | 000,701,386 | ---- | C] (3Com Corporation) -- C:\WINDOWS\System32\dllcache\wdhaalba.sys
[2011/07/14 10:55:07 | 000,023,615 | ---- | C] (Intel® Corporation) -- C:\WINDOWS\System32\dllcache\wch7xxnt.sys
[2011/07/14 10:55:06 | 000,031,744 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\wceusbsh.sys
[2011/07/14 10:55:02 | 000,035,871 | ---- | C] (Winbond Electronics Corp.) -- C:\WINDOWS\System32\dllcache\wbfirdma.sys
[2011/07/14 10:55:00 | 000,033,599 | ---- | C] (Intel® Corporation) -- C:\WINDOWS\System32\dllcache\watv04nt.sys
[2011/07/14 10:54:59 | 000,019,551 | ---- | C] (Intel® Corporation) -- C:\WINDOWS\System32\dllcache\watv02nt.sys
[2011/07/14 10:54:58 | 000,029,311 | ---- | C] (Intel® Corporation) -- C:\WINDOWS\System32\dllcache\watv01nt.sys
[2011/07/14 10:54:57 | 000,009,216 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\wamps51.dll
[2011/07/14 10:54:56 | 000,011,775 | ---- | C] (Intel® Corporation) -- C:\WINDOWS\System32\dllcache\wadv05nt.sys
[2011/07/14 10:54:55 | 000,012,127 | ---- | C] (Intel® Corporation) -- C:\WINDOWS\System32\dllcache\wadv02nt.sys
[2011/07/14 10:54:54 | 000,012,415 | ---- | C] (Intel® Corporation) -- C:\WINDOWS\System32\dllcache\wadv01nt.sys
[2011/07/14 10:54:50 | 000,016,925 | ---- | C] (Winbond Electronics Corporation) -- C:\WINDOWS\System32\dllcache\w940nd.sys
[2011/07/14 10:54:46 | 000,019,016 | ---- | C] (Winbond Electronics Corporation) -- C:\WINDOWS\System32\dllcache\w926nd.sys
[2011/07/14 10:54:42 | 000,019,528 | ---- | C] (Winbond Electronics Corporation) -- C:\WINDOWS\System32\dllcache\w840nd.sys
[2011/07/14 10:54:42 | 000,005,632 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\w3svapi.dll
[2011/07/14 10:54:41 | 000,073,728 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\w3ext.dll
[2011/07/14 10:54:41 | 000,048,256 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\w32.dll
[2011/07/14 10:54:41 | 000,004,608 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\w3ctrs51.dll
[2011/07/14 10:54:37 | 000,064,605 | ---- | C] (PCtel, Inc.) -- C:\WINDOWS\System32\dllcache\vvoice.sys
[2011/07/14 10:54:33 | 000,397,502 | ---- | C] (PCtel, Inc.) -- C:\WINDOWS\System32\dllcache\vpctcom.sys
[2011/07/14 10:54:28 | 000,604,253 | ---- | C] (PCTEL, INC.) -- C:\WINDOWS\System32\dllcache\vmodem.sys
[2011/07/14 10:54:24 | 000,249,402 | ---- | C] (Xircom) -- C:\WINDOWS\System32\dllcache\vinwm.sys
[2011/07/14 10:54:20 | 000,024,576 | ---- | C] (VIA Technologies, Inc.) -- C:\WINDOWS\System32\dllcache\viairda.sys
[2011/07/14 10:54:19 | 000,005,376 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\viaide.sys
[2011/07/14 10:54:13 | 000,687,999 | ---- | C] (U.S. Robotics Corporation) -- C:\WINDOWS\System32\dllcache\usrwdxjs.sys
[2011/07/14 10:54:09 | 000,765,884 | ---- | C] (U.S. Robotics, Inc.) -- C:\WINDOWS\System32\dllcache\usrti.sys
[2011/07/14 10:54:04 | 000,113,762 | ---- | C] (U.S. Robotics Corporation) -- C:\WINDOWS\System32\dllcache\usrpda.sys
[2011/07/14 10:54:01 | 000,007,556 | ---- | C] (U.S. Robotics Corporation) -- C:\WINDOWS\System32\dllcache\usroslba.sys
[2011/07/14 10:53:56 | 000,224,802 | ---- | C] (U.S. Robotics Corporation) -- C:\WINDOWS\System32\dllcache\usr1807a.sys
[2011/07/14 10:53:53 | 000,794,399 | ---- | C] (U.S. Robotics, Inc.) -- C:\WINDOWS\System32\dllcache\usr1806v.sys
[2011/07/14 10:53:49 | 000,793,598 | ---- | C] (U.S. Robotics, Inc.) -- C:\WINDOWS\System32\dllcache\usr1806.sys
[2011/07/14 10:53:45 | 000,794,654 | ---- | C] (U.S. Robotics, Inc.) -- C:\WINDOWS\System32\dllcache\usr1801.sys
[2011/07/14 10:53:43 | 000,026,112 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\usbser.sys
[2011/07/14 10:53:42 | 000,017,152 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\usbohci.sys
[2011/07/14 10:53:41 | 000,060,032 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\usbaudio.sys
[2011/07/14 10:53:39 | 000,032,384 | ---- | C] (KLSI USA, Inc.) -- C:\WINDOWS\System32\dllcache\usb101et.sys
[2011/07/14 10:53:34 | 000,094,720 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\umaxud32.dll
[2011/07/14 10:53:30 | 000,028,160 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\umaxu40.dll
[2011/07/14 10:53:27 | 000,026,624 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\umaxu22.dll
[2011/07/14 10:53:23 | 000,069,632 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\umaxu12.dll
[2011/07/14 10:53:20 | 000,050,688 | ---- | C] (UMAX DATA SYSTEMS INC.) -- C:\WINDOWS\System32\dllcache\umaxscan.dll
[2011/07/14 10:53:16 | 000,022,912 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\umaxpcls.sys
[2011/07/14 10:53:12 | 000,050,176 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\umaxp60.dll
[2011/07/14 10:53:09 | 000,047,616 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\umaxcam.dll
[2011/07/14 10:53:05 | 000,211,968 | ---- | C] (UMAX Data Systems Inc.) -- C:\WINDOWS\System32\dllcache\um54scan.dll
[2011/07/14 10:53:01 | 000,216,064 | ---- | C] (UMAX Data Systems Inc.) -- C:\WINDOWS\System32\dllcache\um34scan.dll
[2011/07/14 10:52:57 | 000,036,736 | ---- | C] (Promise Technology, Inc.) -- C:\WINDOWS\System32\dllcache\ultra.sys
[2011/07/14 10:52:53 | 000,011,520 | ---- | C] (IBM Corporation) -- C:\WINDOWS\System32\dllcache\twotrack.sys
[2011/07/14 10:52:52 | 000,014,336 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\tsprof.exe
[2011/07/14 10:52:47 | 000,166,784 | ---- | C] (Trident Microsystems Inc.) -- C:\WINDOWS\System32\dllcache\tridxpm.sys
[2011/07/14 10:52:44 | 000,525,568 | ---- | C] (Trident Microsystems Inc.) -- C:\WINDOWS\System32\dllcache\tridxp.dll
[2011/07/14 10:52:40 | 000,159,232 | ---- | C] (Trident Microsystems Inc.) -- C:\WINDOWS\System32\dllcache\tridkbm.sys
[2011/07/14 10:52:36 | 000,440,576 | ---- | C] (Trident Microsystems Inc.) -- C:\WINDOWS\System32\dllcache\tridkb.dll
[2011/07/14 10:52:33 | 000,222,336 | ---- | C] (Trident Microsystems Inc.) -- C:\WINDOWS\System32\dllcache\trid3dm.sys
[2011/07/14 10:52:29 | 000,315,520 | ---- | C] (Trident Microsystems Inc.) -- C:\WINDOWS\System32\dllcache\trid3d.dll
[2011/07/14 10:52:25 | 000,034,375 | ---- | C] (Intel Corporation) -- C:\WINDOWS\System32\dllcache\tpro4.sys
[2011/07/14 10:52:22 | 000,042,496 | ---- | C] (IBM Corporation) -- C:\WINDOWS\System32\dllcache\tp4res.dll
[2011/07/14 10:52:20 | 000,082,944 | ---- | C] (IBM Corporation) -- C:\WINDOWS\System32\dllcache\tp4mon.exe
[2011/07/14 10:52:17 | 000,031,744 | ---- | C] (IBM Corporation) -- C:\WINDOWS\System32\dllcache\tp4.dll
[2011/07/14 10:52:13 | 000,004,992 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\toside.sys
[2011/07/14 10:52:09 | 000,230,912 | ---- | C] (Toshiba Corporation) -- C:\WINDOWS\System32\dllcache\tosdvd03.sys
[2011/07/14 10:52:06 | 000,241,664 | ---- | C] (Toshiba Corporation) -- C:\WINDOWS\System32\dllcache\tosdvd02.sys
[2011/07/14 10:52:02 | 000,028,232 | ---- | C] (TOSHIBA Corporation) -- C:\WINDOWS\System32\dllcache\tos4mo.sys
[2011/07/14 10:51:57 | 000,123,995 | ---- | C] (Tiger Jet Network) -- C:\WINDOWS\System32\dllcache\tjisdn.sys
[2011/07/14 10:51:56 | 000,185,344 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\thawbrkr.dll
[2011/07/14 10:51:52 | 000,138,528 | ---- | C] (Trident Microsystems Inc.) -- C:\WINDOWS\System32\dllcache\tgiulnt5.sys
[2011/07/14 10:51:49 | 000,081,408 | ---- | C] (Trident Microsystems Inc.) -- C:\WINDOWS\System32\dllcache\tgiul50.dll
[2011/07/14 10:51:48 | 000,149,376 | ---- | C] (M-Systems) -- C:\WINDOWS\System32\dllcache\tffsport.sys
[2011/07/14 10:51:47 | 000,019,464 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\tdspx.sys
[2011/07/14 10:51:43 | 000,017,129 | ---- | C] (TDK Corporation) -- C:\WINDOWS\System32\dllcache\tdkcd31.sys
[2011/07/14 10:51:40 | 000,037,961 | ---- | C] (TDK Corporation) -- C:\WINDOWS\System32\dllcache\tdk100b.sys
[2011/07/14 10:51:40 | 000,021,896 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\tdipx.sys
[2011/07/14 10:51:39 | 000,013,192 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\tdasync.sys
[2011/07/14 10:51:35 | 000,030,464 | ---- | C] (Toshiba Corporation) -- C:\WINDOWS\System32\dllcache\tbatm155.sys
[2011/07/14 10:51:31 | 000,007,040 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\tandqic.sys
[2011/07/14 10:51:28 | 000,036,640 | ---- | C] (Number Nine Visual Technology Corp.) -- C:\WINDOWS\System32\dllcache\t2r4mini.sys
[2011/07/14 10:51:24 | 000,172,768 | ---- | C] (Number Nine Visual Technology) -- C:\WINDOWS\System32\dllcache\t2r4disp.dll
[2011/07/14 10:51:19 | 000,032,640 | ---- | C] (LSI Logic) -- C:\WINDOWS\System32\dllcache\symc8xx.sys
[2011/07/14 10:51:15 | 000,016,256 | ---- | C] (Symbios Logic Inc.) -- C:\WINDOWS\System32\dllcache\symc810.sys
[2011/07/14 10:51:12 | 000,030,688 | ---- | C] (LSI Logic) -- C:\WINDOWS\System32\dllcache\sym_u3.sys
[2011/07/14 10:51:09 | 000,028,384 | ---- | C] (LSI Logic) -- C:\WINDOWS\System32\dllcache\sym_hi.sys
[2011/07/14 10:51:05 | 000,094,293 | ---- | C] (Perle Systems Ltd. ) -- C:\WINDOWS\System32\dllcache\sxports.dll
[2011/07/14 10:51:02 | 000,103,936 | ---- | C] (Perle Systems Ltd. ) -- C:\WINDOWS\System32\dllcache\sx.sys
[2011/07/14 10:50:58 | 000,003,968 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\swusbflt.sys
[2011/07/14 10:50:55 | 000,010,240 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\swpidflt.dll
[2011/07/14 10:50:52 | 000,010,240 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\swpdflt2.dll
[2011/07/14 10:50:48 | 000,053,760 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\sw_wheel.dll
[2011/07/14 10:50:45 | 000,041,472 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\sw_effct.dll
[2011/07/14 10:50:41 | 000,155,648 | ---- | C] (Stallion Technologies) -- C:\WINDOWS\System32\dllcache\stlnprop.dll
[2011/07/14 10:50:37 | 000,053,248 | ---- | C] (Stallion Technologies) -- C:\WINDOWS\System32\dllcache\stlncoin.dll
[2011/07/14 10:50:34 | 000,285,760 | ---- | C] (Stallion Technologies) -- C:\WINDOWS\System32\dllcache\stlnata.sys
[2011/07/14 10:50:30 | 000,016,896 | ---- | C] (SCM Microsystems, Inc.) -- C:\WINDOWS\System32\dllcache\stcusb.sys
[2011/07/14 10:50:30 | 000,016,896 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\status.dll
[2011/07/14 10:50:25 | 000,048,736 | ---- | C] (3Com) -- C:\WINDOWS\System32\dllcache\srwlnd5.sys
[2011/07/14 10:50:21 | 000,101,376 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\srusbusd.dll
[2011/07/14 10:50:21 | 000,099,328 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\srusd.dll
[2011/07/14 10:50:16 | 000,024,660 | ---- | C] (Perle Systems Ltd.) -- C:\WINDOWS\System32\dllcache\spxupchk.dll
[2011/07/14 10:50:11 | 000,061,824 | ---- | C] (Perle Systems Ltd.) -- C:\WINDOWS\System32\dllcache\speed.sys
[2011/07/14 10:50:08 | 000,106,584 | ---- | C] (Perle Systems Ltd.) -- C:\WINDOWS\System32\dllcache\spdports.dll
[2011/07/14 10:50:05 | 000,019,072 | ---- | C] (Adaptec, Inc.) -- C:\WINDOWS\System32\dllcache\sparrow.sys
[2011/07/14 10:50:00 | 000,007,552 | ---- | C] (Sony Corporation) -- C:\WINDOWS\System32\dllcache\sonypvu1.sys
[2011/07/14 10:49:57 | 000,037,040 | ---- | C] (Sony Corporation) -- C:\WINDOWS\System32\dllcache\sonypi.sys
[2011/07/14 10:49:54 | 000,114,688 | ---- | C] (Sony Corporation) -- C:\WINDOWS\System32\dllcache\sonypi.dll
[2011/07/14 10:49:50 | 000,009,600 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\sonymc.sys
[2011/07/14 10:49:49 | 000,143,422 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\softkey.dll
[2011/07/14 10:49:49 | 000,007,552 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\sonyait.sys
[2011/07/14 10:49:45 | 000,007,168 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\EXCH_snprfdll.dll
[2011/07/14 10:49:45 | 000,007,040 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\snyaitmc.sys
[2011/07/14 10:49:44 | 000,010,240 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\snmpstup.dll
[2011/07/14 10:49:42 | 000,012,288 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\EXCH_smtpctrs.dll
[2011/07/14 10:49:41 | 000,005,632 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\smimsgif.dll
[2011/07/14 10:49:38 | 000,058,368 | ---- | C] (Silicon Motion Inc.) -- C:\WINDOWS\System32\dllcache\smiminib.sys
[2011/07/14 10:49:38 | 000,015,872 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\smierrsm.dll
[2011/07/14 10:49:38 | 000,005,632 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\smierrsy.dll
[2011/07/14 10:49:34 | 000,147,200 | ---- | C] (Silicon Motion Inc.) -- C:\WINDOWS\System32\dllcache\smidispb.dll
[2011/07/14 10:49:31 | 000,025,034 | ---- | C] (SMC Networks, Inc.) -- C:\WINDOWS\System32\dllcache\smcpwr2n.sys
[2011/07/14 10:49:27 | 000,035,913 | ---- | C] (SMC) -- C:\WINDOWS\System32\dllcache\smcirda.sys
[2011/07/14 10:49:24 | 000,024,576 | ---- | C] (SMC Networks, Inc.) -- C:\WINDOWS\System32\dllcache\smc8000n.sys
[2011/07/14 10:49:21 | 000,006,784 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\smbhc.sys
[2011/07/14 10:49:20 | 000,006,912 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\smbclass.sys
[2011/07/14 10:49:19 | 000,031,744 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\smb6w.dll
[2011/07/14 10:49:19 | 000,016,000 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\smbbatt.sys
[2011/07/14 10:49:15 | 000,045,568 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\smb3w.dll
[2011/07/14 10:49:12 | 000,033,792 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\smb0w.dll
[2011/07/14 10:49:12 | 000,031,744 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\sma3w.dll
[2011/07/14 10:49:09 | 000,028,672 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\sma0w.dll
[2011/07/14 10:49:08 | 000,038,912 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\sm9aw.dll
[2011/07/14 10:49:08 | 000,026,624 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\sm93w.dll
[2011/07/14 10:49:08 | 000,026,624 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\sm92w.dll
[2011/07/14 10:49:05 | 000,028,160 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\sm91w.dll
[2011/07/14 10:49:04 | 000,029,184 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\sm8cw.dll
[2011/07/14 10:49:04 | 000,026,112 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\sm90w.dll
[2011/07/14 10:49:04 | 000,026,112 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\sm8dw.dll
[2011/07/14 10:49:03 | 000,026,112 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\sm8aw.dll
[2011/07/14 10:49:03 | 000,026,112 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\sm89w.dll
[2011/07/14 10:49:02 | 000,030,208 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\sm87w.dll
[2011/07/14 10:49:02 | 000,030,208 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\sm81w.dll
[2011/07/14 10:49:02 | 000,025,088 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\sm59w.dll
[2011/07/14 10:49:00 | 000,063,547 | ---- | C] (Symbol Technologies) -- C:\WINDOWS\System32\dllcache\sla30nd5.sys
[2011/07/14 10:48:57 | 000,091,294 | ---- | C] (SysKonnect, a business unit of Schneider & Koch & Co. Datensysteme GmbH.) -- C:\WINDOWS\System32\dllcache\skfpwin.sys
[2011/07/14 10:48:53 | 000,094,698 | ---- | C] (SysKonnect GmbH.) -- C:\WINDOWS\System32\dllcache\sk98xwin.sys
[2011/07/14 10:48:50 | 000,157,696 | ---- | C] (Silicon Integrated Systems Corporation) -- C:\WINDOWS\System32\dllcache\sisv256.dll
[2011/07/14 10:48:47 | 000,050,432 | ---- | C] (Silicon Integrated Systems Corporation) -- C:\WINDOWS\System32\dllcache\sisv.sys
[2011/07/14 10:48:46 | 000,032,768 | ---- | C] (SiS Corporation) -- C:\WINDOWS\System32\dllcache\sisnic.sys
[2011/07/14 10:48:43 | 000,238,592 | ---- | C] (Silicon Integrated Systems Corporation) -- C:\WINDOWS\System32\dllcache\sisgrv.dll
[2011/07/14 10:48:39 | 000,104,064 | ---- | C] (Silicon Integrated Systems Corporation) -- C:\WINDOWS\System32\dllcache\sisgrp.sys
[2011/07/14 10:48:36 | 000,150,144 | ---- | C] (Silicon Integrated Systems Corporation) -- C:\WINDOWS\System32\dllcache\sis6306v.dll
[2011/07/14 10:48:33 | 000,068,608 | ---- | C] (Silicon Integrated Systems Corporation) -- C:\WINDOWS\System32\dllcache\sis6306p.sys
[2011/07/14 10:48:30 | 000,252,032 | ---- | C] (Silicon Integrated Systems Corporation) -- C:\WINDOWS\System32\dllcache\sis300iv.dll
[2011/07/14 10:48:26 | 000,101,760 | ---- | C] (Silicon Integrated Systems Corporation) -- C:\WINDOWS\System32\dllcache\sis300ip.sys
[2011/07/14 10:48:26 | 000,018,944 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\simptcp.dll
[2011/07/14 10:48:18 | 000,161,568 | ---- | C] (Micro Systemation) -- C:\WINDOWS\System32\dllcache\sgsmusb.sys
[2011/07/14 10:48:15 | 000,018,400 | ---- | C] (Micro Systemation) -- C:\WINDOWS\System32\dllcache\sgsmld.sys
[2011/07/14 10:48:12 | 000,098,080 | ---- | C] (Trident Microsystems Inc.) -- C:\WINDOWS\System32\dllcache\sgiulnt5.sys
[2011/07/14 10:48:08 | 000,386,560 | ---- | C] (Trident Microsystems Inc.) -- C:\WINDOWS\System32\dllcache\sgiul50.dll
[2011/07/14 10:48:05 | 000,036,480 | ---- | C] (Creative Technology Ltd.) -- C:\WINDOWS\System32\dllcache\sfmanm.sys
[2011/07/14 10:48:00 | 000,017,664 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\sermouse.sys
[2011/07/14 10:47:59 | 000,026,112 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\EXCH_seos.dll
[2011/07/14 10:47:55 | 000,006,912 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\seaddsmc.sys
[2011/07/14 10:47:54 | 000,011,520 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\scsiscan.sys
[2011/07/14 10:47:51 | 000,057,856 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\EXCH_scripto.dll
[2011/07/14 10:47:51 | 000,011,648 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\scsiprnt.sys
[2011/07/14 10:47:47 | 000,017,280 | ---- | C] (SCM Microsystems) -- C:\WINDOWS\System32\dllcache\scr111.sys
[2011/07/14 10:47:44 | 000,016,640 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\scmstcs.sys
[2011/07/14 10:47:41 | 000,023,936 | ---- | C] (OMNIKEY AG) -- C:\WINDOWS\System32\dllcache\sccmusbm.sys
[2011/07/14 10:47:37 | 000,023,936 | ---- | C] (OMNIKEY AG) -- C:\WINDOWS\System32\dllcache\sccmn50m.sys
[2011/07/14 10:47:36 | 000,043,904 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\sbp2port.sys
[2011/07/14 10:47:33 | 000,495,616 | ---- | C] (Creative Technology Ltd.) -- C:\WINDOWS\System32\dllcache\sblfx.dll
[2011/07/14 10:47:28 | 000,075,392 | ---- | C] (S3 Graphics, Inc.) -- C:\WINDOWS\System32\dllcache\s3savmxm.sys
[2011/07/14 10:47:24 | 000,245,632 | ---- | C] (S3 Graphics, Inc.) -- C:\WINDOWS\System32\dllcache\s3savmx.dll
[2011/07/14 10:47:21 | 000,077,824 | ---- | C] (S3 Incorporated) -- C:\WINDOWS\System32\dllcache\s3sav4m.sys
[2011/07/14 10:47:18 | 000,198,400 | ---- | C] (S3 Incorporated) -- C:\WINDOWS\System32\dllcache\s3sav4.dll
[2011/07/14 10:47:15 | 000,061,504 | ---- | C] (S3 Incorporated) -- C:\WINDOWS\System32\dllcache\s3sav3dm.sys
[2011/07/14 10:47:12 | 000,179,264 | ---- | C] (S3 Incorporated) -- C:\WINDOWS\System32\dllcache\s3sav3d.dll
[2011/07/14 10:47:08 | 000,210,496 | ---- | C] (S3 Incorporated) -- C:\WINDOWS\System32\dllcache\s3mvirge.dll
[2011/07/14 10:47:05 | 000,062,496 | ---- | C] (S3 Incorporated) -- C:\WINDOWS\System32\dllcache\s3mtrio.dll
[2011/07/14 10:47:02 | 000,041,216 | ---- | C] (S3 Incorporated) -- C:\WINDOWS\System32\dllcache\s3mt3d.sys
[2011/07/14 10:46:58 | 000,182,272 | ---- | C] (S3 Incorporated) -- C:\WINDOWS\System32\dllcache\s3mt3d.dll
[2011/07/14 10:46:55 | 000,166,720 | ---- | C] (S3 Incorporated) -- C:\WINDOWS\System32\dllcache\s3m.sys
[2011/07/14 10:46:52 | 000,065,664 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\s3legacy.sys
[2011/07/14 10:46:48 | 000,082,432 | ---- | C] (Ricoh Co., Ltd.) -- C:\WINDOWS\System32\dllcache\rwia450.dll
[2011/07/14 10:46:45 | 000,079,872 | ---- | C] (Ricoh Co., Ltd.) -- C:\WINDOWS\System32\dllcache\rwia430.dll
[2011/07/14 10:46:45 | 000,079,872 | ---- | C] (Ricoh Co., Ltd.) -- C:\WINDOWS\System32\dllcache\rwia330.dll
[2011/07/14 10:46:45 | 000,079,872 | ---- | C] (Ricoh Co., Ltd.) -- C:\WINDOWS\System32\dllcache\rwia001.dll
[2011/07/14 10:46:44 | 000,029,696 | ---- | C] (Ricoh Co., Ltd.) -- C:\WINDOWS\System32\dllcache\rw450ext.dll
[2011/07/14 10:46:43 | 000,027,648 | ---- | C] (Ricoh Co., Ltd.) -- C:\WINDOWS\System32\dllcache\rw430ext.dll
[2011/07/14 10:46:41 | 000,020,992 | ---- | C] (Realtek Semiconductor Corporation) -- C:\WINDOWS\System32\dllcache\rtl8139.sys
[2011/07/14 10:46:38 | 000,019,017 | ---- | C] (Realtek Semiconductor Corporation) -- C:\WINDOWS\System32\dllcache\rtl8029.sys
[2011/07/14 10:46:34 | 000,030,720 | ---- | C] (Conexant Systems Inc.) -- C:\WINDOWS\System32\dllcache\rthwcls.sys
[2011/07/14 10:46:31 | 000,009,216 | ---- | C] (Brother Industries, Ltd.) -- C:\WINDOWS\System32\dllcache\rsmgrstr.dll
[2011/07/14 10:46:27 | 000,003,840 | ---- | C] (Conexant Systems Inc.) -- C:\WINDOWS\System32\dllcache\rpfun.sys
[2011/07/14 10:46:25 | 000,079,104 | ---- | C] (Comtrol Corporation) -- C:\WINDOWS\System32\dllcache\rocket.sys
[2011/07/14 10:46:21 | 000,037,563 | ---- | C] (RadioLAN) -- C:\WINDOWS\System32\dllcache\rlnet5.sys
[2011/07/14 10:46:18 | 000,086,097 | ---- | C] (Xircom) -- C:\WINDOWS\System32\dllcache\reslog32.dll
[2011/07/14 10:46:17 | 000,023,040 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\EXCH_regtrace.exe
[2011/07/14 10:46:16 | 000,014,848 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\register.exe
[2011/07/14 10:46:10 | 000,019,584 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\rasirda.sys
[2011/07/14 10:46:06 | 000,714,762 | ---- | C] (Xircom, Inc.) -- C:\WINDOWS\System32\dllcache\r2mdmkxx.sys
[2011/07/14 10:46:03 | 000,899,146 | ---- | C] (Xircom, Inc.) -- C:\WINDOWS\System32\dllcache\r2mdkxga.sys
[2011/07/14 10:46:00 | 000,041,472 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\qvusd.dll
[2011/07/14 10:45:57 | 000,003,328 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\qv2kux.sys
[2011/07/14 10:45:56 | 000,016,384 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\quser.exe
[2011/07/14 10:45:56 | 000,009,728 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\query.exe
[2011/07/14 10:45:51 | 000,049,024 | ---- | C] (QLogic Corporation) -- C:\WINDOWS\System32\dllcache\ql1280.sys
[2011/07/14 10:45:48 | 000,040,448 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\ql1240.sys
[2011/07/14 10:45:45 | 000,045,312 | ---- | C] (QLogic Corporation) -- C:\WINDOWS\System32\dllcache\ql12160.sys
[2011/07/14 10:45:42 | 000,033,152 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\ql10wnt.sys
[2011/07/14 10:45:39 | 000,040,320 | ---- | C] (QLogic Corporation) -- C:\WINDOWS\System32\dllcache\ql1080.sys
[2011/07/14 10:45:38 | 000,006,016 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\qic157.sys
[2011/07/14 10:45:34 | 000,130,942 | ---- | C] (PCTEL, INC.) -- C:\WINDOWS\System32\dllcache\ptserlv.sys
[2011/07/14 10:45:30 | 000,112,574 | ---- | C] (PCTEL, INC.) -- C:\WINDOWS\System32\dllcache\ptserlp.sys
[2011/07/14 10:45:27 | 000,128,286 | ---- | C] (PCTEL, INC.) -- C:\WINDOWS\System32\dllcache\ptserli.sys
[2011/07/14 10:45:26 | 000,159,232 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\ptpusd.dll
[2011/07/14 10:45:23 | 000,005,632 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\ptpusb.dll
[2011/07/14 10:45:20 | 000,035,328 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\psisload.dll
[2011/07/14 10:45:16 | 000,016,128 | ---- | C] (SCM Microsystems, Inc.) -- C:\WINDOWS\System32\dllcache\pscr.sys
[2011/07/14 10:45:14 | 000,017,664 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\ppa3.sys
[2011/07/14 10:45:10 | 000,017,792 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\ppa.sys
[2011/07/14 10:45:09 | 000,008,832 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\powerfil.sys
[2011/07/14 10:45:06 | 000,007,168 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\pnrmc.sys
[2011/07/14 10:45:05 | 000,131,584 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\pmxviceo.dll
[2011/07/14 10:45:05 | 000,011,264 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\pmxmcro.dll
[2011/07/14 10:45:05 | 000,006,144 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\pmxgl.dll
[2011/07/14 10:45:00 | 000,121,344 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\phvfwext.dll
[2011/07/14 10:44:56 | 000,019,840 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\philtune.sys
[2011/07/14 10:44:53 | 000,092,416 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\phildec.sys
[2011/07/14 10:44:50 | 000,173,696 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\philcam2.sys
[2011/07/14 10:44:47 | 000,075,776 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\philcam1.sys
[2011/07/14 10:44:44 | 000,016,384 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\philcam1.dll
[2011/07/14 10:44:41 | 000,105,984 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\phdsext.ax
[2011/07/14 10:44:40 | 000,259,328 | ---- | C] (Microsoft Corp., 3Dlabs Inc. Ltd.) -- C:\WINDOWS\System32\dllcache\perm3dd.dll
[2011/07/14 10:44:40 | 000,020,992 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\permchk.dll
[2011/07/14 10:44:39 | 000,028,032 | ---- | C] (Microsoft Corp., 3Dlabs Inc. Ltd.) -- C:\WINDOWS\System32\dllcache\perm3.sys
[2011/07/14 10:44:38 | 000,211,584 | ---- | C] (Microsoft Corp., 3Dlabs Inc. Ltd.) -- C:\WINDOWS\System32\dllcache\perm2dll.dll
[2011/07/14 10:44:37 | 000,027,904 | ---- | C] (Microsoft Corp., 3Dlabs Inc. Ltd.) -- C:\WINDOWS\System32\dllcache\perm2.sys
[2011/07/14 10:44:34 | 000,005,504 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\perc2hib.sys
[2011/07/14 10:44:30 | 000,027,296 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\perc2.sys
[2011/07/14 10:44:29 | 000,169,984 | ---- | C] (Cisco Systems) -- C:\WINDOWS\System32\dllcache\pcx500.sys
[2011/07/14 10:44:26 | 000,086,016 | ---- | C] (PCtel, Inc.) -- C:\WINDOWS\System32\dllcache\pctspk.exe
[2011/07/14 10:44:23 | 000,035,328 | ---- | C] (AMD Inc.) -- C:\WINDOWS\System32\dllcache\pcntpci5.sys
[2011/07/14 10:44:20 | 000,029,769 | ---- | C] (AMD Inc.) -- C:\WINDOWS\System32\dllcache\pcntn5m.sys
[2011/07/14 10:44:17 | 000,030,282 | ---- | C] (AMD Inc.) -- C:\WINDOWS\System32\dllcache\pcntn5hl.sys
[2011/07/14 10:44:14 | 000,026,153 | ---- | C] (Linksys) -- C:\WINDOWS\System32\dllcache\pcmlm56.sys
[2011/07/14 10:44:13 | 000,029,502 | ---- | C] (Marconi Communications, Inc.) -- C:\WINDOWS\System32\dllcache\pca200e.sys
[2011/07/14 10:44:10 | 000,030,495 | ---- | C] (Linksys) -- C:\WINDOWS\System32\dllcache\pc100nds.sys
[2011/07/14 10:44:09 | 000,031,744 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\pagecnt.dll
[2011/07/14 10:44:08 | 000,036,927 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\padrs411.dll
[2011/07/14 10:44:08 | 000,014,336 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\padrs412.dll
[2011/07/14 10:44:04 | 000,041,984 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\ovui2rc.dll
[2011/07/14 10:44:01 | 000,044,544 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\ovui2.dll
[2011/07/14 10:43:58 | 000,025,216 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\ovsound2.sys
[2011/07/14 10:43:55 | 000,039,424 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\ovcoms.exe
[2011/07/14 10:43:51 | 000,020,480 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\ovcomc.dll
[2011/07/14 10:43:48 | 000,351,616 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\ovcodek2.sys
[2011/07/14 10:43:45 | 000,116,736 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\ovcodec2.dll
[2011/07/14 10:43:42 | 000,031,872 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\ovce.sys
[2011/07/14 10:43:39 | 000,028,032 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\ovcd.sys
[2011/07/14 10:43:36 | 000,048,000 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\ovcam2.sys
[2011/07/14 10:43:33 | 000,025,088 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\ovca.sys
[2011/07/14 10:43:30 | 000,054,186 | ---- | C] (Ositech Communications, Inc.) -- C:\WINDOWS\System32\dllcache\otcsercb.sys
[2011/07/14 10:43:27 | 000,043,689 | ---- | C] (Ositech Communications, Inc.) -- C:\WINDOWS\System32\dllcache\otceth5.sys
[2011/07/14 10:43:24 | 000,027,209 | ---- | C] (Ositech Communications, Inc.) -- C:\WINDOWS\System32\dllcache\otc06x5.sys
[2011/07/14 10:43:21 | 000,054,528 | ---- | C] (Yamaha Corp.) -- C:\WINDOWS\System32\dllcache\opl3sax.sys
[2011/07/14 10:43:12 | 000,198,144 | ---- | C] (NVIDIA Corporation) -- C:\WINDOWS\System32\dllcache\nv3.sys
[2011/07/14 10:43:09 | 000,123,776 | ---- | C] (NVIDIA Corporation) -- C:\WINDOWS\System32\dllcache\nv3.dll
[2011/07/14 10:43:02 | 000,051,552 | ---- | C] (Kensington Technology Group) -- C:\WINDOWS\System32\dllcache\ntgrip.sys
[2011/07/14 10:43:02 | 000,038,912 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\EXCH_ntfsdrv.dll
[2011/07/14 10:42:58 | 000,009,344 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\ntapm.sys
[2011/07/14 10:42:55 | 000,007,552 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\nsmmc.sys
[2011/07/14 10:42:54 | 000,028,672 | ---- | C] (National Semiconductor Corporation) -- C:\WINDOWS\System32\dllcache\nscirda.sys
[2011/07/14 10:30:29 | 000,087,040 | ---- | C] (NeoMagic Corporation) -- C:\WINDOWS\System32\dllcache\nm6wdm.sys
[2011/07/14 10:30:26 | 000,126,080 | ---- | C] (NeoMagic Corporation) -- C:\WINDOWS\System32\dllcache\nm5a2wdm.sys
[2011/07/14 10:30:22 | 000,053,248 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\nextlink.dll
[2011/07/14 10:30:22 | 000,032,840 | ---- | C] (NETGEAR Corporation.) -- C:\WINDOWS\System32\dllcache\ngrpci.sys
[2011/07/14 10:30:21 | 000,132,695 | ---- | C] (802.11b) -- C:\WINDOWS\System32\dllcache\netwlan5.sys
[2011/07/14 10:30:17 | 000,065,278 | ---- | C] (Compaq Computer Corporation) -- C:\WINDOWS\System32\dllcache\netflx3.sys
[2011/07/14 10:30:13 | 000,039,264 | ---- | C] (NeoMagic Corporation) -- C:\WINDOWS\System32\dllcache\neo20xx.sys
[2011/07/14 10:30:10 | 000,060,480 | ---- | C] (NeoMagic Corporation) -- C:\WINDOWS\System32\dllcache\neo20xx.dll
[2011/07/14 10:30:07 | 000,015,872 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\ne2000.sys
[2011/07/14 10:30:02 | 000,091,488 | ---- | C] (Number Nine Visual Technology Corp.) -- C:\WINDOWS\System32\dllcache\n9i3disp.dll
[2011/07/14 10:29:59 | 000,027,936 | ---- | C] (Number Nine Visual Technology Corp.) -- C:\WINDOWS\System32\dllcache\n9i3d.sys
[2011/07/14 10:29:56 | 000,033,088 | ---- | C] (Number Nine Visual Technology Corp.) -- C:\WINDOWS\System32\dllcache\n9i128v2.sys
[2011/07/14 10:29:53 | 000,059,104 | ---- | C] (Number Nine Visual Technology Corp.) -- C:\WINDOWS\System32\dllcache\n9i128v2.dll
[2011/07/14 10:29:51 | 000,013,664 | ---- | C] (Number Nine Visual Technology Corp.) -- C:\WINDOWS\System32\dllcache\n9i128.sys
[2011/07/14 10:29:48 | 000,035,392 | ---- | C] (Number Nine Visual Technology Corp.) -- C:\WINDOWS\System32\dllcache\n9i128.dll
[2011/07/14 10:29:45 | 000,128,000 | ---- | C] (Compaq Computer Corporation) -- C:\WINDOWS\System32\dllcache\n100325.sys
[2011/07/14 10:29:42 | 000,052,255 | ---- | C] (Compaq Computer Corporation) -- C:\WINDOWS\System32\dllcache\n1000nt5.sys
[2011/07/14 10:29:39 | 000,075,520 | ---- | C] (Moxa Technologies Co., Ltd.) -- C:\WINDOWS\System32\dllcache\mxport.sys
[2011/07/14 10:29:36 | 000,007,168 | ---- | C] (Moxa Technologies Co., Ltd) -- C:\WINDOWS\System32\dllcache\mxport.dll
[2011/07/14 10:29:33 | 000,019,968 | ---- | C] (Macronix International Co., Ltd. ) -- C:\WINDOWS\System32\dllcache\mxnic.sys
[2011/07/14 10:29:30 | 000,019,968 | ---- | C] (Moxa Technologies Co., Ltd) -- C:\WINDOWS\System32\dllcache\mxicfg.dll
[2011/07/14 10:29:27 | 000,021,888 | ---- | C] (Moxa Technologies Co., Ltd.) -- C:\WINDOWS\System32\dllcache\mxcard.sys
[2011/07/14 10:29:26 | 000,229,439 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\multibox.dll
[2011/07/14 10:29:23 | 000,103,296 | ---- | C] (Matrox Graphics Inc) -- C:\WINDOWS\System32\dllcache\mtxvideo.sys
[2011/07/14 10:29:14 | 000,049,024 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\mstape.sys
[2011/07/14 10:29:10 | 000,012,416 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\msriffwv.sys
[2011/07/14 10:29:03 | 000,002,944 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\msmpu401.sys
[2011/07/14 10:29:02 | 000,022,016 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\msircomm.sys
[2011/07/14 10:29:01 | 001,875,968 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\msir3jp.lex
[2011/07/14 10:29:00 | 000,098,304 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\msir3jp.dll
[2011/07/14 10:28:53 | 000,035,200 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\msgame.sys
[2011/07/14 10:28:50 | 000,006,016 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\msfsio.sys
[2011/07/14 10:28:49 | 000,051,200 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\msdv.sys
[2011/07/14 10:28:39 | 000,017,280 | ---- | C] (American Megatrends Inc.) -- C:\WINDOWS\System32\dllcache\mraid35x.sys
[2011/07/14 10:28:25 | 000,015,232 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\mpe.sys
[2011/07/14 10:28:19 | 000,016,128 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\modemcsa.sys
[2011/07/14 10:28:14 | 000,006,528 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\miniqic.sys
[2011/07/14 10:28:13 | 000,034,304 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\migisol.exe
[2011/07/14 10:28:09 | 000,320,384 | ---- | C] (Matrox Graphics Inc.) -- C:\WINDOWS\System32\dllcache\mgaum.sys
[2011/07/14 10:28:06 | 000,235,648 | ---- | C] (Matrox Graphics Inc.) -- C:\WINDOWS\System32\dllcache\mgaud.dll
[2011/07/14 10:28:06 | 000,092,416 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\mga.sys
[2011/07/14 10:28:06 | 000,092,032 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\mga.dll
[2011/07/14 10:28:05 | 000,026,112 | ---- | C] (Sony Corporation) -- C:\WINDOWS\System32\dllcache\memstpci.sys
[2011/07/14 10:28:02 | 000,047,616 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\memgrp.dll
[2011/07/14 10:27:59 | 000,008,320 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\memcard.sys
[2011/07/14 10:27:58 | 000,026,624 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\mdsync.dll
[2011/07/14 10:27:55 | 000,164,586 | ---- | C] (Madge Networks Ltd) -- C:\WINDOWS\System32\dllcache\mdgndis5.sys
[2011/07/14 10:27:51 | 000,065,536 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\EXCH_mailmsg.dll
[2011/07/14 10:27:51 | 000,007,424 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\mammoth.sys
[2011/07/14 10:27:48 | 000,048,768 | ---- | C] (ESS Technology, Inc.) -- C:\WINDOWS\System32\dllcache\maestro.sys
[2011/07/14 10:27:45 | 000,058,880 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\m3092dc.dll
[2011/07/14 10:27:42 | 000,058,368 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\m3091dc.dll
[2011/07/14 10:27:39 | 000,022,848 | ---- | C] (Logitech Inc.) -- C:\WINDOWS\System32\dllcache\lwusbhid.sys
[2011/07/14 10:27:39 | 000,020,864 | ---- | C] (Logitech Inc.) -- C:\WINDOWS\System32\dllcache\lwadihid.sys
[2011/07/14 10:27:36 | 000,797,500 | ---- | C] (LT) -- C:\WINDOWS\System32\dllcache\ltsmt.sys
[2011/07/14 10:27:33 | 000,802,683 | ---- | C] (Lucent Technologies) -- C:\WINDOWS\System32\dllcache\ltsm.sys
[2011/07/14 10:27:32 | 000,420,992 | ---- | C] (LT) -- C:\WINDOWS\System32\dllcache\ltmdmntt.sys
[2011/07/14 10:27:32 | 000,007,040 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\ltotape.sys
[2011/07/14 10:27:29 | 000,576,746 | ---- | C] (LT) -- C:\WINDOWS\System32\dllcache\ltmdmntl.sys
[2011/07/14 10:27:28 | 000,606,684 | ---- | C] (LT) -- C:\WINDOWS\System32\dllcache\ltmdmnt.sys
[2011/07/14 10:27:26 | 000,727,786 | ---- | C] (Xircom, Inc.) -- C:\WINDOWS\System32\dllcache\ltck000c.sys
[2011/07/14 10:27:22 | 000,022,016 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\logscrpt.dll
[2011/07/14 10:27:22 | 000,004,992 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\loop.sys
[2011/07/14 10:27:18 | 000,070,730 | ---- | C] (Linksys Group, Inc.) -- C:\WINDOWS\System32\dllcache\lne100tx.sys
[2011/07/14 10:27:15 | 000,020,573 | ---- | C] (The Linksts Group ) -- C:\WINDOWS\System32\dllcache\lne100.sys
[2011/07/14 10:27:12 | 000,025,065 | ---- | C] (D-Link) -- C:\WINDOWS\System32\dllcache\lmndis3.sys
[2011/07/14 10:27:09 | 000,015,744 | ---- | C] (Litronic Industries) -- C:\WINDOWS\System32\dllcache\lit220p.sys
[2011/07/14 10:27:08 | 000,034,688 | ---- | C] (Toshiba Corp.) -- C:\WINDOWS\System32\dllcache\lbrtfdc.sys
[2011/07/14 10:27:06 | 000,026,442 | ---- | C] (SMSC) -- C:\WINDOWS\System32\dllcache\lanepic5.sys
[2011/07/14 10:27:03 | 000,019,016 | ---- | C] (Kingston Technology Company ) -- C:\WINDOWS\System32\dllcache\ktc111.sys
[2011/07/14 10:26:58 | 000,070,656 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\korwbrkr.dll
[2011/07/14 10:26:58 | 000,037,376 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kousd.dll
[2011/07/14 10:26:56 | 000,253,952 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kdsusd.dll
[2011/07/14 10:26:56 | 000,048,640 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kdsui.dll
[2011/07/14 10:26:55 | 000,005,632 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kbdusa.dll
[2011/07/14 10:26:52 | 000,007,680 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kbdnecnt.dll
[2011/07/14 10:26:51 | 000,009,216 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kbdnecat.dll
[2011/07/14 10:26:51 | 000,007,168 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kbdnec95.dll
[2011/07/14 10:26:47 | 000,008,192 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kbdkor.dll
[2011/07/14 10:26:45 | 000,008,704 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kbdjpn.dll
[2011/07/14 10:26:42 | 000,014,592 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kbdhid.sys
[2011/07/14 10:26:37 | 000,006,144 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kbd106.dll
[2011/07/14 10:26:34 | 000,005,632 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kbd103.dll
[2011/07/14 10:26:32 | 000,006,144 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kbd101c.dll
[2011/07/14 10:26:29 | 000,006,144 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kbd101b.dll
[2011/07/14 10:26:29 | 000,006,144 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kbd101a.dll
[2011/07/14 10:26:28 | 000,018,432 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\jupiw.dll
[2011/07/14 10:26:28 | 000,009,216 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\iwrps.dll
[2011/07/14 10:26:26 | 000,007,168 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\isapips.dll
[2011/07/14 10:26:24 | 000,026,624 | ---- | C] (SigmaTel, Inc.) -- C:\WINDOWS\System32\dllcache\irstusb.sys
[2011/07/14 10:26:21 | 000,028,160 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\irmon.dll
[2011/07/14 10:26:21 | 000,018,688 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\irsir.sys
[2011/07/14 10:26:18 | 000,151,552 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\irftp.exe
[2011/07/14 10:26:18 | 000,023,552 | ---- | C] (MKNet Corporation) -- C:\WINDOWS\System32\dllcache\irmk7.sys
[2011/07/14 10:26:17 | 000,088,192 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\irda.sys
[2011/07/14 10:26:13 | 000,045,632 | ---- | C] (Interphase ® Corporation a Windows ® 2000 DDK Driver Provider) -- C:\WINDOWS\System32\dllcache\ip5515.sys
[2011/07/14 10:26:10 | 000,090,200 | ---- | C] (Perle Systems Ltd. ) -- C:\WINDOWS\System32\dllcache\io8ports.dll
[2011/07/14 10:26:07 | 000,038,784 | ---- | C] (Perle Systems Ltd. ) -- C:\WINDOWS\System32\dllcache\io8.sys
[2011/07/14 10:26:07 | 000,005,504 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\intelide.sys
[2011/07/14 10:26:04 | 000,013,056 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\inport.sys
[2011/07/14 10:26:02 | 000,016,000 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\ini910u.sys
[2011/07/14 10:26:01 | 000,008,704 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\infoctrs.dll
[2011/07/14 10:25:57 | 000,471,102 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\imskdic.dll
[2011/07/14 10:25:57 | 000,059,904 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\imkrinst.exe
[2011/07/14 10:25:56 | 000,045,109 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\imjpuex.exe
[2011/07/14 10:25:54 | 000,057,398 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\imjpdadm.exe
[2011/07/14 10:25:53 | 000,311,359 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\imepadsv.exe
[2011/07/14 10:25:53 | 000,102,463 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\imepadsm.dll
[2011/07/14 10:25:52 | 000,044,032 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\imekrmig.exe
[2011/07/14 10:25:51 | 000,006,656 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\iissync.exe
[2011/07/14 10:25:51 | 000,003,584 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\iismui.dll
[2011/07/14 10:25:50 | 000,060,928 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\iisclex4.dll
[2011/07/14 10:25:50 | 000,019,456 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\iiscrmap.dll
[2011/07/14 10:25:42 | 000,372,824 | ---- | C] (Xircom) -- C:\WINDOWS\System32\dllcache\iconf32.dll
[2011/07/14 10:25:39 | 000,100,992 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\icam5usb.sys
[2011/07/14 10:25:37 | 000,020,480 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\icam5ext.dll
[2011/07/14 10:25:34 | 000,045,056 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\icam5com.dll
[2011/07/14 10:25:32 | 000,154,496 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\icam4usb.sys
[2011/07/14 10:25:29 | 000,061,952 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\icam4ext.dll
[2011/07/14 10:25:26 | 000,091,136 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\icam4com.dll
[2011/07/14 10:25:24 | 000,026,624 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\icam3ext.dll
[2011/07/14 10:25:21 | 000,141,056 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\icam3.sys
[2011/07/14 10:25:19 | 000,038,528 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\ibmvcap.sys
[2011/07/14 10:25:16 | 000,109,085 | ---- | C] (IBM Corporation) -- C:\WINDOWS\System32\dllcache\ibmtrp.sys
[2011/07/14 10:25:14 | 000,100,936 | ---- | C] (IBM Corporation) -- C:\WINDOWS\System32\dllcache\ibmtok.sys
[2011/07/14 10:25:11 | 000,009,216 | ---- | C] (IBM Corporation) -- C:\WINDOWS\System32\dllcache\ibmsgnet.dll
[2011/07/14 10:25:08 | 000,028,700 | ---- | C] (IBM Corp.) -- C:\WINDOWS\System32\dllcache\ibmexmp.sys
[2011/07/14 10:25:07 | 000,702,845 | ---- | C] (Intel® Corporation) -- C:\WINDOWS\System32\dllcache\i81xdnt5.dll
[2011/07/14 10:25:07 | 000,161,020 | ---- | C] (Intel® Corporation) -- C:\WINDOWS\System32\dllcache\i81xnt5.sys
[2011/07/14 10:25:04 | 000,058,592 | ---- | C] (Intel Corporation) -- C:\WINDOWS\System32\dllcache\i740nt5.sys
[2011/07/14 10:25:02 | 000,353,184 | ---- | C] (Intel Corporation) -- C:\WINDOWS\System32\dllcache\i740dnt5.dll
[2011/07/14 10:25:01 | 000,018,560 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\i2omp.sys
[2011/07/14 10:25:00 | 000,008,576 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\i2omgmt.sys
[2011/07/14 10:24:58 | 010,129,408 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\hwxkor.dll
[2011/07/14 10:24:54 | 010,096,640 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\hwxcht.dll
[2011/07/14 10:24:50 | 000,488,383 | ---- | C] (Conexant) -- C:\WINDOWS\System32\dllcache\hsf_v124.sys
[2011/07/14 10:24:48 | 000,050,751 | ---- | C] (Conexant) -- C:\WINDOWS\System32\dllcache\hsf_tone.sys
[2011/07/14 10:24:45 | 000,073,279 | ---- | C] (Conexant) -- C:\WINDOWS\System32\dllcache\hsf_spkp.sys
[2011/07/14 10:24:43 | 000,044,863 | ---- | C] (Conexant) -- C:\WINDOWS\System32\dllcache\hsf_soar.sys
[2011/07/14 10:24:40 | 000,057,471 | ---- | C] (Conexant) -- C:\WINDOWS\System32\dllcache\hsf_samp.sys
[2011/07/14 10:24:38 | 000,542,879 | ---- | C] (Conexant) -- C:\WINDOWS\System32\dllcache\hsf_msft.sys
[2011/07/14 10:24:35 | 000,391,199 | ---- | C] (Conexant) -- C:\WINDOWS\System32\dllcache\hsf_k56k.sys
[2011/07/14 10:24:33 | 000,009,759 | ---- | C] (Conexant) -- C:\WINDOWS\System32\dllcache\hsf_inst.dll
[2011/07/14 10:24:30 | 000,115,807 | ---- | C] (Conexant) -- C:\WINDOWS\System32\dllcache\hsf_fsks.sys
[2011/07/14 10:24:28 | 000,199,711 | ---- | C] (Conexant) -- C:\WINDOWS\System32\dllcache\hsf_faxx.sys
[2011/07/14 10:24:25 | 000,289,887 | ---- | C] (Conexant) -- C:\WINDOWS\System32\dllcache\hsf_fall.sys
[2011/07/14 10:24:23 | 000,067,167 | ---- | C] (Conexant) -- C:\WINDOWS\System32\dllcache\hsf_bsc2.sys
[2011/07/14 10:24:20 | 000,150,239 | ---- | C] (Conexant) -- C:\WINDOWS\System32\dllcache\hsf_amos.sys
[2011/07/14 10:24:17 | 000,019,456 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\hr1w.dll
[2011/07/14 10:24:15 | 000,005,760 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\hpt4qic.sys
[2011/07/14 10:24:13 | 000,013,312 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\hpsjmcro.dll
[2011/07/14 10:24:10 | 000,324,608 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\hpojwia.dll
[2011/07/14 10:24:08 | 000,025,952 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\hpn.sys
[2011/07/14 10:24:05 | 000,032,768 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\hpgtmcro.dll
[2011/07/14 10:24:03 | 000,068,608 | ---- | C] (Avisioin) -- C:\WINDOWS\System32\dllcache\hpgt53tk.dll
[2011/07/14 10:23:57 | 000,031,232 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\hpgt42tk.dll
[2011/07/14 10:23:52 | 000,126,976 | ---- | C] (Hewlett Packard) -- C:\WINDOWS\System32\dllcache\hpgt34tk.dll
[2011/07/14 10:23:48 | 000,048,128 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\hpgt33tk.dll
[2011/07/14 10:23:43 | 000,123,392 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\hpgt21tk.dll
[2011/07/14 10:23:38 | 000,119,296 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\hpdigwia.dll
[2011/07/14 10:23:35 | 000,021,504 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\hidserv.dll
[2011/07/14 10:23:35 | 000,002,688 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\hidswvd.sys
[2011/07/14 10:23:32 | 000,008,576 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\hidgame.sys
[2011/07/14 10:23:31 | 000,020,352 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\hidbatt.sys
[2011/07/14 10:23:27 | 000,907,456 | ---- | C] (Conexant) -- C:\WINDOWS\System32\dllcache\hcf_msft.sys
[2011/07/14 10:23:27 | 000,036,864 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\hanjadic.dll
[2011/07/14 10:23:26 | 000,028,288 | ---- | C] (Gemplus) -- C:\WINDOWS\System32\dllcache\grserial.sys
[2011/07/14 10:23:24 | 000,082,304 | ---- | C] (Gemplus) -- C:\WINDOWS\System32\dllcache\grclass.sys
[2011/07/14 10:23:21 | 000,017,408 | ---- | C] (Gemplus) -- C:\WINDOWS\System32\dllcache\gpr400.sys
[2011/07/14 10:23:20 | 000,059,136 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\gckernel.sys
[2011/07/14 10:23:19 | 000,010,624 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\gameenum.sys
[2011/07/14 10:23:17 | 000,322,432 | ---- | C] (Matrox Graphics Inc.) -- C:\WINDOWS\System32\dllcache\g400m.sys
[2011/07/14 10:23:15 | 001,733,120 | ---- | C] (Matrox Graphics Inc.) -- C:\WINDOWS\System32\dllcache\g400d.dll
[2011/07/14 10:23:13 | 000,320,384 | ---- | C] (Matrox Graphics Inc.) -- C:\WINDOWS\System32\dllcache\g200m.sys
[2011/07/14 10:23:11 | 000,470,144 | ---- | C] (Matrox Graphics Inc.) -- C:\WINDOWS\System32\dllcache\g200d.dll
[2011/07/14 10:23:09 | 000,454,912 | ---- | C] (AVM GmbH) -- C:\WINDOWS\System32\dllcache\fxusbase.sys
[2011/07/14 10:23:07 | 000,031,744 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\fxsroute.dll
[2011/07/14 10:23:07 | 000,011,264 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\fxssend.exe
[2011/07/14 10:23:04 | 000,132,608 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\fxsclntr.dll
[2011/07/14 10:23:03 | 000,111,104 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\fxscfgwz.dll
[2011/07/14 10:23:00 | 000,092,160 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\fuusd.dll
[2011/07/14 10:22:58 | 000,455,296 | ---- | C] (AVM GmbH) -- C:\WINDOWS\System32\dllcache\fusbbase.sys
[2011/07/14 10:22:56 | 000,455,680 | ---- | C] (AVM GmbH) -- C:\WINDOWS\System32\dllcache\fus2base.sys
[2011/07/14 10:22:56 | 000,007,680 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\ftpctrs2.dll
[2011/07/14 10:22:55 | 000,006,144 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\ftlx041e.dll
[2011/07/14 10:22:53 | 000,442,240 | ---- | C] (AVM GmbH) -- C:\WINDOWS\System32\dllcache\fpnpbase.sys
[2011/07/14 10:22:50 | 000,441,728 | ---- | C] (AVM GmbH) -- C:\WINDOWS\System32\dllcache\fpcmbase.sys
[2011/07/14 10:22:48 | 000,444,416 | ---- | C] (AVM GmbH) -- C:\WINDOWS\System32\dllcache\fpcibase.sys
[2011/07/14 10:22:47 | 000,034,173 | ---- | C] (Marconi Communications, Inc.) -- C:\WINDOWS\System32\dllcache\forehe.sys
[2011/07/14 10:22:44 | 000,071,680 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\fnfilter.dll
[2011/07/14 10:22:44 | 000,014,848 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\flattemp.exe
[2011/07/14 10:22:41 | 000,027,165 | ---- | C] (VIA Technologies, Inc. ) -- C:\WINDOWS\System32\dllcache\fetnd5.sys
[2011/07/14 10:22:36 | 000,022,090 | ---- | C] (3Com Corporation) -- C:\WINDOWS\System32\dllcache\fem556n5.sys
[2011/07/14 10:22:35 | 000,043,520 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\EXCH_fcachdll.dll
[2011/07/14 10:22:33 | 000,024,618 | ---- | C] (NETGEAR) -- C:\WINDOWS\System32\dllcache\fa410nd5.sys
[2011/07/14 10:22:31 | 000,016,074 | ---- | C] (NETGEAR Corp.) -- C:\WINDOWS\System32\dllcache\fa312nd5.sys
[2011/07/14 10:22:28 | 000,011,850 | ---- | C] (FUJITSU LIMITED) -- C:\WINDOWS\System32\dllcache\f3ab18xj.sys
[2011/07/14 10:22:26 | 000,012,362 | ---- | C] (FUJITSU LIMITED) -- C:\WINDOWS\System32\dllcache\f3ab18xi.sys
[2011/07/14 10:22:24 | 000,007,040 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\exabyte2.sys
[2011/07/14 10:22:22 | 000,016,998 | ---- | C] (Intel Corporation) -- C:\WINDOWS\System32\dllcache\ex10.sys
[2011/07/14 10:22:20 | 000,045,056 | ---- | C] (SEIKO EPSON CORP.) -- C:\WINDOWS\System32\dllcache\esunid.dll
[2011/07/14 10:22:20 | 000,025,856 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\et4000.sys
[2011/07/14 10:22:18 | 000,045,568 | ---- | C] (SEIKO EPSON CORP.) -- C:\WINDOWS\System32\dllcache\esunib.dll
[2011/07/14 10:22:16 | 000,057,856 | ---- | C] (SEIKO EPSON CORP.) -- C:\WINDOWS\System32\dllcache\esuimgd.dll
[2011/07/14 10:22:16 | 000,045,568 | ---- | C] (SEIKO EPSON CORP.) -- C:\WINDOWS\System32\dllcache\esuni.dll
[2011/07/14 10:22:14 | 000,034,816 | ---- | C] (SEIKO EPSON CORP.) -- C:\WINDOWS\System32\dllcache\esuimg.dll
[2011/07/14 10:22:14 | 000,031,744 | ---- | C] (SEIKO EPSON CORP.) -- C:\WINDOWS\System32\dllcache\esucmd.dll
[2011/07/14 10:22:12 | 000,043,008 | ---- | C] (SEIKO EPSON CORP.) -- C:\WINDOWS\System32\dllcache\esucm.dll
[2011/07/14 10:22:11 | 000,137,088 | ---- | C] (ESS Technology, Inc.) -- C:\WINDOWS\System32\dllcache\essm2e.sys
[2011/07/14 10:22:09 | 000,063,360 | ---- | C] (ESS Technology, Inc.) -- C:\WINDOWS\System32\dllcache\ess.sys
[2011/07/14 10:22:07 | 000,347,550 | ---- | C] (ESS Technology, Inc.) -- C:\WINDOWS\System32\dllcache\es56tpi.sys
[2011/07/14 10:22:05 | 000,594,238 | ---- | C] (ESS Technology, Inc.) -- C:\WINDOWS\System32\dllcache\es56hpi.sys
[2011/07/14 10:22:03 | 000,595,647 | ---- | C] (ESS Technology, Inc.) -- C:\WINDOWS\System32\dllcache\es56cvmp.sys
[2011/07/14 10:22:01 | 000,174,464 | ---- | C] (ESS Technology, Inc.) -- C:\WINDOWS\System32\dllcache\es198x.sys
[2011/07/14 10:21:58 | 000,072,192 | ---- | C] (ESS Technology Inc.) -- C:\WINDOWS\System32\dllcache\es1969.sys
[2011/07/14 10:21:57 | 000,040,704 | ---- | C] (Creative Technology Ltd.) -- C:\WINDOWS\System32\dllcache\es1371mp.sys
[2011/07/14 10:21:55 | 000,037,120 | ---- | C] (Creative Technology Ltd.) -- C:\WINDOWS\System32\dllcache\es1370mp.sys
[2011/07/14 10:21:52 | 000,061,952 | ---- | C] (Equinox Systems Inc.) -- C:\WINDOWS\System32\dllcache\eqnloop.exe
[2011/07/14 10:21:50 | 000,051,200 | ---- | C] (Equinox Systems Inc.) -- C:\WINDOWS\System32\dllcache\eqnlogr.exe
[2011/07/14 10:21:49 | 000,053,248 | ---- | C] (Equinox Systems Inc.) -- C:\WINDOWS\System32\dllcache\eqndiag.exe
[2011/07/14 10:21:47 | 000,629,952 | ---- | C] (Equinox Systems Inc.) -- C:\WINDOWS\System32\dllcache\eqn.sys
[2011/07/14 10:21:45 | 000,114,944 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\epstw2k.sys
[2011/07/14 10:21:42 | 000,018,503 | ---- | C] (Intel Corporation) -- C:\WINDOWS\System32\dllcache\epro4.sys
[2011/07/14 10:21:41 | 000,144,896 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\epcfw2k.sys
[2011/07/14 10:21:39 | 000,283,904 | ---- | C] (Creative Technology Ltd.) -- C:\WINDOWS\System32\dllcache\emu10k1m.sys
[2011/07/14 10:21:35 | 000,019,996 | ---- | C] (3Com Corporation) -- C:\WINDOWS\System32\dllcache\em556n4.sys
[2011/07/14 10:21:33 | 000,025,159 | ---- | C] (3Com Corporation) -- C:\WINDOWS\System32\dllcache\elnk3.sys
[2011/07/14 10:21:32 | 000,007,296 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\elmsmc.sys
[2011/07/14 10:21:30 | 000,171,520 | ---- | C] (3Com Corporation) -- C:\WINDOWS\System32\dllcache\el99xn51.sys
[2011/07/14 10:21:29 | 000,070,174 | ---- | C] (3Com Corporation) -- C:\WINDOWS\System32\dllcache\el98xn5.sys
[2011/07/14 10:21:27 | 000,455,199 | ---- | C] (3Com Corporation.) -- C:\WINDOWS\System32\dllcache\el985n51.sys
[2011/07/14 10:21:26 | 000,153,631 | ---- | C] (3Com Corporation) -- C:\WINDOWS\System32\dllcache\el90xnd5.sys
[2011/07/14 10:21:25 | 000,066,591 | ---- | C] (3Com Corporation) -- C:\WINDOWS\System32\dllcache\el90xbc5.sys
[2011/07/14 10:21:23 | 000,241,206 | ---- | C] (3Com Corporation) -- C:\WINDOWS\System32\dllcache\el656se5.sys
[2011/07/14 10:21:22 | 000,077,386 | ---- | C] (3Com Corporation) -- C:\WINDOWS\System32\dllcache\el656nd5.sys
[2011/07/14 10:21:21 | 000,634,134 | ---- | C] (3Com Corporation) -- C:\WINDOWS\System32\dllcache\el656ct5.sys
[2011/07/14 10:21:19 | 000,069,194 | ---- | C] (3Com Corporation) -- C:\WINDOWS\System32\dllcache\el656cd5.sys
[2011/07/14 10:21:18 | 000,026,141 | ---- | C] (3Com Corporation) -- C:\WINDOWS\System32\dllcache\el589nd5.sys
[2011/07/14 10:21:17 | 000,069,692 | ---- | C] (3Com Corporation) -- C:\WINDOWS\System32\dllcache\el575nd5.sys
[2011/07/14 10:21:15 | 000,024,653 | ---- | C] (3Com Corporation) -- C:\WINDOWS\System32\dllcache\el574nd4.sys
[2011/07/14 10:21:14 | 000,055,999 | ---- | C] (3Com Corporation) -- C:\WINDOWS\System32\dllcache\el556nd5.sys
[2011/07/14 10:21:12 | 000,514,587 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\edb500.dll
[2011/07/14 10:21:12 | 000,044,103 | ---- | C] (3Com Corporation) -- C:\WINDOWS\System32\dllcache\el515.sys
[2011/07/14 10:21:10 | 000,019,594 | ---- | C] (Intel Corporation) -- C:\WINDOWS\System32\dllcache\e100isa4.sys
[2011/07/14 10:21:09 | 000,050,719 | ---- | C] (Intel Corporation) -- C:\WINDOWS\System32\dllcache\e1000nt5.sys
[2011/07/14 10:21:03 | 000,334,208 | ---- | C] (Yamaha Corp.) -- C:\WINDOWS\System32\dllcache\ds1wdm.sys
[2011/07/14 10:21:01 | 000,020,192 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\dpti2o.sys
[2011/07/14 10:20:59 | 000,028,062 | ---- | C] (National Semiconductor Coproration) -- C:\WINDOWS\System32\dllcache\dp83820.sys
[2011/07/14 10:20:58 | 000,023,808 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\dot4usb.sys
[2011/07/14 10:20:56 | 000,008,704 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\dot4scan.sys
[2011/07/14 10:20:55 | 000,206,976 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\dot4.sys
[2011/07/14 10:20:55 | 000,012,928 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\dot4prt.sys
[2011/07/14 10:20:51 | 000,029,696 | ---- | C] (CNet Technology, Inc. ) -- C:\WINDOWS\System32\dllcache\dm9pci5.sys
[2011/07/14 10:20:50 | 000,008,320 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\dlttape.sys
[2011/07/14 10:20:49 | 000,026,698 | ---- | C] (D-Link Corporation) -- C:\WINDOWS\System32\dllcache\dlh5xnd5.sys
[2011/07/14 10:20:48 | 000,952,007 | ---- | C] (Eicon Technology) -- C:\WINDOWS\System32\dllcache\diwan.sys
[2011/07/14 10:20:43 | 000,236,060 | ---- | C] (Eicon Technology) -- C:\WINDOWS\System32\dllcache\ditrace.exe
[2011/07/14 10:20:42 | 000,038,985 | ---- | C] (Eicon Technology) -- C:\WINDOWS\System32\dllcache\disrvsu.dll
[2011/07/14 10:20:40 | 000,031,305 | ---- | C] (Eicon Technology) -- C:\WINDOWS\System32\dllcache\disrvpp.dll
[2011/07/14 10:20:39 | 000,006,729 | ---- | C] (Eicon Technology) -- C:\WINDOWS\System32\dllcache\disrvci.dll
[2011/07/14 10:20:37 | 000,091,305 | ---- | C] (Eicon Technology) -- C:\WINDOWS\System32\dllcache\dimaint.sys
[2011/07/14 10:20:36 | 000,614,429 | ---- | C] (Digi International Inc.) -- C:\WINDOWS\System32\dllcache\digiview.exe
[2011/07/14 10:20:35 | 000,042,432 | ---- | C] (Digi International, Inc.) -- C:\WINDOWS\System32\dllcache\digirlpt.sys
[2011/07/14 10:20:34 | 000,110,621 | ---- | C] (Digi International, Inc.) -- C:\WINDOWS\System32\dllcache\digirlpt.dll
[2011/07/14 10:20:32 | 000,021,606 | ---- | C] (Digi International Inc.) -- C:\WINDOWS\System32\dllcache\digiisdn.sys
[2011/07/14 10:20:31 | 000,041,046 | ---- | C] (Digi International Inc.) -- C:\WINDOWS\System32\dllcache\digiisdn.dll
[2011/07/14 10:20:30 | 000,102,484 | ---- | C] (Digi International Inc.) -- C:\WINDOWS\System32\dllcache\digiinf.dll
[2011/07/14 10:20:29 | 000,159,828 | ---- | C] (Digi International Inc.) -- C:\WINDOWS\System32\dllcache\digihlc.dll
[2011/07/14 10:20:27 | 000,229,462 | ---- | C] (Digi International Inc.) -- C:\WINDOWS\System32\dllcache\digifwrk.dll
[2011/07/14 10:20:26 | 000,090,525 | ---- | C] (Digi International Inc.) -- C:\WINDOWS\System32\dllcache\digifep5.sys
[2011/07/14 10:20:25 | 000,103,044 | ---- | C] (Digi International Inc.) -- C:\WINDOWS\System32\dllcache\digidxb.sys
[2011/07/14 10:20:24 | 000,131,156 | ---- | C] (Digi International Inc.) -- C:\WINDOWS\System32\dllcache\digidbp.dll
[2011/07/14 10:20:22 | 000,037,735 | ---- | C] (Digi International Inc.) -- C:\WINDOWS\System32\dllcache\digiasyn.sys
[2011/07/14 10:20:21 | 000,065,622 | ---- | C] (Digi International Inc.) -- C:\WINDOWS\System32\dllcache\digiasyn.dll
[2011/07/14 10:20:19 | 000,419,357 | ---- | C] (Digi International) -- C:\WINDOWS\System32\dllcache\dgconfig.dll
[2011/07/14 10:20:18 | 000,029,531 | ---- | C] (Digi International Inc.) -- C:\WINDOWS\System32\dllcache\dgapci.sys
[2011/07/14 10:20:16 | 000,024,649 | ---- | C] (D-Link) -- C:\WINDOWS\System32\dllcache\dfe650d.sys
[2011/07/14 10:20:15 | 000,024,648 | ---- | C] (D-Link) -- C:\WINDOWS\System32\dllcache\dfe650.sys
[2011/07/14 10:20:14 | 000,024,064 | ---- | C] (Creative Technology Ltd.) -- C:\WINDOWS\System32\dllcache\devldr32.exe
[2011/07/14 10:20:12 | 000,256,512 | ---- | C] (Creative Technology Ltd.) -- C:\WINDOWS\System32\dllcache\devcon32.dll
[2011/07/14 10:20:11 | 000,020,928 | ---- | C] (Digital Networks, LLC) -- C:\WINDOWS\System32\dllcache\defpa.sys
[2011/07/14 10:20:10 | 000,007,424 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\ddsmc.sys
[2011/07/14 10:20:08 | 000,110,592 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\dc260usd.dll
[2011/07/14 10:20:07 | 000,086,016 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\dc240usd.dll
[2011/07/14 10:20:06 | 000,063,208 | ---- | C] (Intel Corporation.) -- C:\WINDOWS\System32\dllcache\dc21x4.sys
[2011/07/14 10:20:05 | 000,080,896 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\dc210usd.dll
[2011/07/14 10:20:03 | 000,025,600 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\dc210_32.dll
[2011/07/14 10:20:01 | 000,014,720 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\dac960nt.sys
[2011/07/14 10:20:00 | 000,179,584 | ---- | C] (Mylex Corporation) -- C:\WINDOWS\System32\dllcache\dac2w2k.sys
[2011/07/14 10:19:58 | 000,117,760 | ---- | C] (Intel Corporation) -- C:\WINDOWS\System32\dllcache\d100ib5.sys
[2011/07/14 10:19:57 | 000,027,648 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\cyzports.dll
[2011/07/14 10:19:55 | 000,049,792 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\cyzport.sys
[2011/07/14 10:19:54 | 000,027,136 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\cyzcoins.dll
[2011/07/14 10:19:53 | 000,027,648 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\cyyports.dll
[2011/07/14 10:19:52 | 000,050,176 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\cyyport.sys
[2011/07/14 10:19:51 | 000,028,672 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\cyycoins.dll
[2011/07/14 10:19:50 | 000,014,848 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\cyclom-y.sys
[2011/07/14 10:19:48 | 000,048,640 | ---- | C] (Crystal Semiconductor Corp.) -- C:\WINDOWS\System32\dllcache\cwrwdm.sys
[2011/07/14 10:19:48 | 000,017,152 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\cyclad-z.sys
[2011/07/14 10:19:47 | 000,093,952 | ---- | C] (Crystal Semiconductor Corp.) -- C:\WINDOWS\System32\dllcache\cwcwdm.sys
[2011/07/14 10:19:46 | 000,111,872 | ---- | C] (Crystal Semiconductor Corp.) -- C:\WINDOWS\System32\dllcache\cwcspud.sys
[2011/07/14 10:19:44 | 000,003,584 | ---- | C] (Crystal Semiconductor Corp.) -- C:\WINDOWS\System32\dllcache\cwcosnt5.sys
[2011/07/14 10:19:43 | 000,072,832 | ---- | C] (Crystal Semiconductor Corp.) -- C:\WINDOWS\System32\dllcache\cwbwdm.sys
[2011/07/14 10:19:42 | 000,003,072 | ---- | C] (Crystal Semiconductor Corp.) -- C:\WINDOWS\System32\dllcache\cwbmidi.sys
[2011/07/14 10:19:41 | 000,003,072 | ---- | C] (Crystal Semiconductor Corp.) -- C:\WINDOWS\System32\dllcache\cwbase.sys
[2011/07/14 10:19:40 | 000,004,096 | ---- | C] (Creative Technology Ltd.) -- C:\WINDOWS\System32\dllcache\ctwdm32.dll
[2011/07/14 10:19:39 | 000,249,856 | ---- | C] (Comtrol® Corporation) -- C:\WINDOWS\System32\dllcache\ctmasetp.dll
[2011/07/14 10:19:38 | 000,096,256 | ---- | C] (Copyright © Creative Technology Ltd. 1994-2001) -- C:\WINDOWS\System32\dllcache\ctlsb16.sys
[2011/07/14 10:19:37 | 000,003,712 | ---- | C] (Creative Technology Ltd.) -- C:\WINDOWS\System32\dllcache\ctljystk.sys
[2011/07/14 10:19:36 | 000,006,912 | ---- | C] (Creative Technology Ltd.) -- C:\WINDOWS\System32\dllcache\ctlfacem.sys
[2011/07/14 10:19:34 | 000,175,104 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\csamsp.dll
[2011/07/14 10:19:32 | 000,042,112 | ---- | C] (Conexant Systems Inc.) -- C:\WINDOWS\System32\dllcache\crtaud.sys
[2011/07/14 10:19:31 | 000,216,064 | ---- | C] (COMPAQ Inc.) -- C:\WINDOWS\System32\dllcache\cpscan.dll
[2011/07/14 10:19:31 | 000,018,944 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\cprofile.exe
[2011/07/14 10:19:30 | 000,060,970 | ---- | C] (Compaq Computer Corp.) -- C:\WINDOWS\System32\dllcache\cpqtrnd5.sys
[2011/07/14 10:19:29 | 000,021,533 | ---- | C] (Compaq Computer Corporation) -- C:\WINDOWS\System32\dllcache\cpqndis5.sys
[2011/07/14 10:19:28 | 000,014,976 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\cpqarray.sys
[2011/07/14 10:19:27 | 000,056,320 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\convlog.exe
[2011/07/14 10:19:27 | 000,020,480 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\counters.dll
[2011/07/14 10:19:26 | 000,033,792 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\controt.dll
[2011/07/14 10:19:23 | 000,039,936 | ---- | C] (Conexant Systems, Inc.) -- C:\WINDOWS\System32\dllcache\cnxt1803.sys
[2011/07/14 10:19:22 | 000,044,032 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\cnusd.dll
[2011/07/14 10:19:20 | 000,006,656 | ---- | C] (CMD Technology, Inc.) -- C:\WINDOWS\System32\dllcache\cmdide.sys
[2011/07/14 10:19:19 | 000,020,736 | ---- | C] (OMNIKEY AG) -- C:\WINDOWS\System32\dllcache\cmbp0wdm.sys
[2011/07/14 10:19:18 | 000,248,064 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\cl546xm.sys
[2011/07/14 10:19:17 | 000,170,880 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\cl546x.dll
[2011/07/14 10:19:16 | 000,111,232 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\cl5465.dll
[2011/07/14 10:19:16 | 000,045,696 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\cirrus.sys
[2011/07/14 10:19:15 | 000,091,264 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\cirrus.dll
[2011/07/14 10:19:13 | 000,272,640 | ---- | C] (RAVISENT Technologies Inc.) -- C:\WINDOWS\System32\dllcache\cinemclc.sys
[2011/07/14 10:19:12 | 000,980,034 | ---- | C] (Xircom) -- C:\WINDOWS\System32\dllcache\cicap.sys
[2011/07/14 10:19:11 | 001,677,824 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\chsbrkr.dll
[2011/07/14 10:19:11 | 000,838,144 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\chtbrkr.dll
[2011/07/14 10:19:10 | 000,015,872 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\chgport.exe
[2011/07/14 10:19:10 | 000,014,336 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\chgusr.exe
[2011/07/14 10:19:09 | 000,013,312 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\chglogon.exe
[2011/07/14 10:19:09 | 000,009,728 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\change.exe
[2011/07/14 10:19:09 | 000,008,192 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\changer.sys
[2011/07/14 10:19:07 | 000,049,182 | ---- | C] (Xircom, Inc.) -- C:\WINDOWS\System32\dllcache\cem56n5.sys
[2011/07/14 10:19:06 | 000,022,044 | ---- | C] (Xircom, Inc.) -- C:\WINDOWS\System32\dllcache\cem33n5.sys
[2011/07/14 10:19:05 | 000,027,164 | ---- | C] (Xircom, Inc.) -- C:\WINDOWS\System32\dllcache\ce3n5.sys
[2011/07/14 10:19:05 | 000,022,044 | ---- | C] (Xircom, Inc.) -- C:\WINDOWS\System32\dllcache\cem28n5.sys
[2011/07/14 10:19:04 | 000,021,530 | ---- | C] (Xircom, Inc.) -- C:\WINDOWS\System32\dllcache\ce2n5.sys
[2011/07/14 10:19:02 | 000,007,680 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\cd20xrnt.sys
[2011/07/14 10:19:01 | 000,714,698 | ---- | C] (Xircom, Inc.) -- C:\WINDOWS\System32\dllcache\cbmdmkxx.sys
[2011/07/14 10:19:00 | 000,046,108 | ---- | C] (Xircom, Inc.) -- C:\WINDOWS\System32\dllcache\cben5.sys
[2011/07/14 10:18:59 | 000,039,680 | ---- | C] (Silicom Ltd.) -- C:\WINDOWS\System32\dllcache\cb325.sys
[2011/07/14 10:18:58 | 000,037,916 | ---- | C] (Fast Ethernet Controller Provider) -- C:\WINDOWS\System32\dllcache\cb102.sys
[2011/07/14 10:18:57 | 000,032,256 | ---- | C] (Eicon Technology Corporation) -- C:\WINDOWS\System32\dllcache\diapi2NT.dll
[2011/07/14 10:18:55 | 000,164,923 | ---- | C] (Eicon Technology) -- C:\WINDOWS\System32\dllcache\diapi2.sys
[2011/07/14 10:18:55 | 000,121,856 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\camext30.dll
[2011/07/14 10:18:55 | 000,054,528 | ---- | C] (Philips Semiconductors GmbH) -- C:\WINDOWS\System32\dllcache\cap7146.sys
[2011/07/14 10:18:54 | 000,116,736 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\camext30.ax
[2011/07/14 10:18:53 | 000,236,032 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\camext20.dll
[2011/07/14 10:18:52 | 000,244,224 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\camext20.ax
[2011/07/14 10:18:51 | 000,074,240 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\camexo20.dll
[2011/07/14 10:18:51 | 000,073,216 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\camexo20.ax
[2011/07/14 10:18:50 | 000,171,264 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\camdrv30.sys
[2011/07/14 10:18:49 | 000,314,752 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\camdro21.sys
[2011/07/14 10:18:49 | 000,223,232 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\camdrv21.sys
[2011/07/14 10:18:48 | 000,010,752 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\c_iscii.dll
[2011/07/14 10:18:47 | 000,006,656 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\c_is2022.dll
[2011/07/14 10:18:28 | 000,013,824 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\bulltlp3.sys
[2011/07/14 10:18:26 | 000,031,529 | ---- | C] (BreezeCOM) -- C:\WINDOWS\System32\dllcache\brzwlan.sys
[2011/07/14 10:18:25 | 000,011,008 | ---- | C] (Brother Industries Ltd.) -- C:\WINDOWS\System32\dllcache\brusbmdm.sys
[2011/07/14 10:18:25 | 000,010,368 | ---- | C] (Brother Industries Ltd.) -- C:\WINDOWS\System32\dllcache\brusbscn.sys
[2011/07/14 10:18:24 | 000,060,416 | ---- | C] (Brother Industries Ltd.) -- C:\WINDOWS\System32\dllcache\brserwdm.sys
[2011/07/14 10:18:23 | 000,009,728 | ---- | C] (Brother Industries, Ltd.) -- C:\WINDOWS\System32\dllcache\brserif.dll
[2011/07/14 10:18:23 | 000,005,120 | ---- | C] (Brother Industries,Ltd.) -- C:\WINDOWS\System32\dllcache\brscnrsm.dll
[2011/07/14 10:18:22 | 000,039,552 | ---- | C] (Brother Industries Ltd.) -- C:\WINDOWS\System32\dllcache\brparwdm.sys
[2011/07/14 10:18:21 | 000,003,168 | ---- | C] (Brother Industries Ltd.) -- C:\WINDOWS\System32\dllcache\brparimg.sys
[2011/07/14 10:18:20 | 000,045,568 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\browscap.dll
[2011/07/14 10:18:19 | 000,041,472 | ---- | C] (Brother Industries, Ltd.) -- C:\WINDOWS\System32\dllcache\brmfusb.dll
[2011/07/14 10:18:19 | 000,032,256 | ---- | C] (Brother Industries, Ltd.) -- C:\WINDOWS\System32\dllcache\brmfrsmg.exe
[2011/07/14 10:18:18 | 000,081,408 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\brmfcwia.dll
[2011/07/14 10:18:18 | 000,029,696 | ---- | C] (Brother Industries, Ltd.) -- C:\WINDOWS\System32\dllcache\brmflpt.dll
[2011/07/14 10:18:17 | 000,015,360 | ---- | C] (Brother Industries, Ltd.) -- C:\WINDOWS\System32\dllcache\brmfbidi.dll
[2011/07/14 10:18:16 | 000,012,160 | ---- | C] (Brother Industries, Ltd.) -- C:\WINDOWS\System32\dllcache\brfiltlo.sys
[2011/07/14 10:18:16 | 000,003,968 | ---- | C] (Brother Industries, Ltd.) -- C:\WINDOWS\System32\dllcache\brfiltup.sys
[2011/07/14 10:18:15 | 000,002,944 | ---- | C] (Brother Industries Ltd.) -- C:\WINDOWS\System32\dllcache\brfilt.sys
[2011/07/14 10:18:14 | 000,012,800 | ---- | C] (Brother Industries, Ltd.) -- C:\WINDOWS\System32\dllcache\brevif.dll
[2011/07/14 10:18:14 | 000,009,728 | ---- | C] (Brother Industries Ltd.) -- C:\WINDOWS\System32\dllcache\brcoinst.dll
[2011/07/14 10:18:13 | 000,019,456 | ---- | C] (Brother Industries, Ltd.) -- C:\WINDOWS\System32\dllcache\brbidiif.dll
[2011/07/14 10:18:11 | 000,102,400 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\binlsvc.dll
[2011/07/14 10:18:10 | 000,018,432 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\bdaplgin.ax
[2011/07/14 10:18:10 | 000,011,776 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\bdasup.sys
[2011/07/14 10:18:09 | 000,871,388 | ---- | C] (BCM) -- C:\WINDOWS\System32\dllcache\bcmdm.sys
[2011/07/14 10:18:09 | 000,026,568 | ---- | C] (Broadcom Corporation) -- C:\WINDOWS\System32\dllcache\bcm4e5.sys
[2011/07/14 10:18:08 | 000,066,557 | ---- | C] (Broadcom Corporation) -- C:\WINDOWS\System32\dllcache\bcm42u.sys
[2011/07/14 10:18:08 | 000,054,271 | ---- | C] (Broadcom Corporation) -- C:\WINDOWS\System32\dllcache\bcm42xx5.sys
[2011/07/14 10:18:06 | 000,342,336 | ---- | C] (3Dfx Interactive, Inc.) -- C:\WINDOWS\System32\dllcache\banshee.dll
[2011/07/14 10:18:06 | 000,036,128 | ---- | C] (3Dfx Interactive, Inc.) -- C:\WINDOWS\System32\dllcache\banshee.sys
[2011/07/14 10:18:05 | 000,096,640 | ---- | C] (Broadcom Corporation) -- C:\WINDOWS\System32\dllcache\b57xp32.sys
[2011/07/14 10:18:04 | 000,089,952 | ---- | C] (AVM GmbH) -- C:\WINDOWS\System32\dllcache\b1cbase.sys
[2011/07/14 10:18:04 | 000,036,992 | ---- | C] (Aztech Systems Ltd) -- C:\WINDOWS\System32\dllcache\aztw2320.sys
[2011/07/14 10:18:03 | 000,144,384 | ---- | C] (AVM GmbH) -- C:\WINDOWS\System32\dllcache\avmenum.dll
[2011/07/14 10:18:03 | 000,037,568 | ---- | C] (AVM GmbH) -- C:\WINDOWS\System32\dllcache\avmwan.sys
[2011/07/14 10:18:02 | 000,087,552 | ---- | C] (AVM GmbH) -- C:\WINDOWS\System32\dllcache\avmcoxp.dll
[2011/07/14 10:18:00 | 000,013,696 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\avcstrm.sys
[2011/07/14 10:17:59 | 000,038,912 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\avc.sys
[2011/07/14 10:17:59 | 000,036,096 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\avcaudio.sys
[2011/07/14 10:17:58 | 000,009,216 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\authfilt.dll
[2011/07/14 10:17:50 | 000,104,832 | ---- | C] (ATI Technologies Inc.) -- C:\WINDOWS\System32\dllcache\atiraged.dll
[2011/07/14 10:17:50 | 000,070,528 | ---- | C] (ATI Technologies Inc.) -- C:\WINDOWS\System32\dllcache\atiragem.sys
[2011/07/14 10:17:48 | 000,281,600 | ---- | C] (ATI Technologies Inc.) -- C:\WINDOWS\System32\dllcache\atimtai.sys
[2011/07/14 10:17:47 | 000,289,664 | ---- | C] (ATI Technologies Inc.) -- C:\WINDOWS\System32\dllcache\atimpab.sys
[2011/07/14 10:17:47 | 000,075,136 | ---- | C] (ATI Technologies Inc.) -- C:\WINDOWS\System32\dllcache\atimpae.sys
[2011/07/14 10:17:46 | 000,268,160 | ---- | C] (ATI Technologies Inc.) -- C:\WINDOWS\System32\dllcache\atidvai.dll
[2011/07/14 10:17:46 | 000,037,376 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\atievxx.exe
[2011/07/14 10:17:45 | 000,382,592 | ---- | C] (ATI Technologies Inc.) -- C:\WINDOWS\System32\dllcache\atidrab.dll
[2011/07/14 10:17:45 | 000,137,216 | ---- | C] (ATI Technologies Inc.) -- C:\WINDOWS\System32\dllcache\atidrae.dll
[2011/07/14 10:17:42 | 000,077,568 | ---- | C] (ATI Technologies, Inc.) -- C:\WINDOWS\System32\dllcache\ati.sys
[2011/07/14 10:17:41 | 000,096,128 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\ati.dll
[2011/07/14 10:17:41 | 000,029,184 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\asptxn.dll
[2011/07/14 10:17:40 | 000,097,354 | ---- | C] (Bay Networks, Inc.) -- C:\WINDOWS\System32\dllcache\aspndis3.sys
[2011/07/14 10:17:40 | 000,010,240 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\aspperf.dll
[2011/07/14 10:17:38 | 000,022,400 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\asc3350p.sys
[2011/07/14 10:17:38 | 000,014,848 | ---- | C] (Advanced System Products, Inc.) -- C:\WINDOWS\System32\dllcache\asc3550.sys
[2011/07/14 10:17:37 | 000,045,056 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\EXCH_aqadmin.dll
[2011/07/14 10:17:37 | 000,026,496 | ---- | C] (Advanced System Products, Inc.) -- C:\WINDOWS\System32\dllcache\asc.sys
[2011/07/14 10:17:36 | 000,006,272 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\apmbatt.sys
[2011/07/14 10:17:35 | 000,036,224 | ---- | C] (ADMtek Incorporated.) -- C:\WINDOWS\System32\dllcache\an983.sys
[2011/07/14 10:17:35 | 000,012,032 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\amsint.sys
[2011/07/14 10:17:34 | 000,016,969 | ---- | C] (AmbiCom, Inc.) -- C:\WINDOWS\System32\dllcache\amb8002.sys
[2011/07/14 10:17:33 | 000,026,624 | ---- | C] (Acer Laboratories Inc.) -- C:\WINDOWS\System32\dllcache\alifir.sys
[2011/07/14 10:17:33 | 000,005,248 | ---- | C] (Acer Laboratories Inc.) -- C:\WINDOWS\System32\dllcache\aliide.sys
[2011/07/14 10:17:32 | 000,027,678 | ---- | C] (Acer Laboratories Inc.) -- C:\WINDOWS\System32\dllcache\ali5261.sys
[2011/07/14 10:17:31 | 000,056,960 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\aic78xx.sys
[2011/07/14 10:17:31 | 000,055,168 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\aic78u2.sys
[2011/07/14 10:17:30 | 000,012,800 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\aha154x.sys
[2011/07/14 10:17:27 | 000,024,576 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\agcgauge.ax
[2011/07/14 10:17:24 | 000,101,888 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\adpu160m.sys
[2011/07/14 10:17:24 | 000,049,664 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\adrot.dll
[2011/07/14 10:17:24 | 000,005,632 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\EXCH_adsiisex.dll
[2011/07/14 10:17:23 | 000,046,112 | ---- | C] (Adaptec, Inc ) -- C:\WINDOWS\System32\dllcache\adptsf50.sys
[2011/07/14 10:17:23 | 000,006,144 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\admxprox.dll
[2011/07/14 10:17:22 | 000,747,392 | ---- | C] (Aureal, Inc.) -- C:\WINDOWS\System32\dllcache\adm8830.sys
[2011/07/14 10:17:22 | 000,010,880 | ---- | C] (Aureal, Inc.) -- C:\WINDOWS\System32\dllcache\admjoy.sys
[2011/07/14 10:17:21 | 000,584,448 | ---- | C] (Aureal, Inc.) -- C:\WINDOWS\System32\dllcache\adm8810.sys
[2011/07/14 10:17:21 | 000,553,984 | ---- | C] (Aureal, Inc.) -- C:\WINDOWS\System32\dllcache\adm8820.sys
[2011/07/14 10:17:20 | 000,020,160 | ---- | C] (ADMtek Incorporated) -- C:\WINDOWS\System32\dllcache\adm8511.sys
[2011/07/14 10:17:20 | 000,007,424 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\adicvls.sys
[2011/07/14 10:17:18 | 000,297,728 | ---- | C] (Silicon Integrated Systems Corp.) -- C:\WINDOWS\System32\dllcache\ac97sis.sys
[2011/07/14 10:17:18 | 000,084,480 | ---- | C] (VIA Technologies, Inc.) -- C:\WINDOWS\System32\dllcache\ac97via.sys
[2011/07/14 10:17:18 | 000,061,440 | ---- | C] (Color Flatbed Scanner) -- C:\WINDOWS\System32\dllcache\acerscad.dll
[2011/07/14 10:17:17 | 000,231,552 | ---- | C] (Acer Laboratories Inc.) -- C:\WINDOWS\System32\dllcache\ac97ali.sys
[2011/07/14 10:17:17 | 000,096,256 | ---- | C] (Intel Corporation) -- C:\WINDOWS\System32\dllcache\ac97intc.sys
[2011/07/14 10:17:16 | 000,462,848 | ---- | C] (Aureal Inc.) -- C:\WINDOWS\System32\dllcache\a3dapi.dll
[2011/07/14 10:17:16 | 000,023,552 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\abp480n5.sys
[2011/07/14 10:17:15 | 000,098,304 | ---- | C] (Aureal Semiconductor) -- C:\WINDOWS\System32\dllcache\a3d.dll
[2011/07/14 10:17:15 | 000,038,400 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\8514a.dll
[2011/07/14 10:17:14 | 000,148,352 | ---- | C] (3dfx Interactive, Inc.) -- C:\WINDOWS\System32\dllcache\3dfxvsm.sys
[2011/07/14 10:17:14 | 000,048,128 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\61883.sys
[2011/07/14 10:17:14 | 000,012,288 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\4mmdat.sys
[2011/07/14 10:17:13 | 000,762,780 | ---- | C] (3Com, Inc.) -- C:\WINDOWS\System32\dllcache\3cwmcru.sys
[2011/07/14 10:17:13 | 000,689,216 | ---- | C] (3dfx Interactive, Inc.) -- C:\WINDOWS\System32\dllcache\3dfxvs.dll
[2011/07/14 10:17:12 | 000,011,264 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\1394vdbg.sys
[2011/07/14 10:15:13 | 000,007,168 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\wamregps.dll
[2011/07/14 10:15:03 | 000,066,048 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\s3legacy.dll
[2011/07/14 10:14:50 | 000,019,968 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\inetsloc.dll
[2011/07/14 10:14:49 | 000,169,984 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\iisui.dll
[2011/07/14 10:14:49 | 000,007,680 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\inetmgr.exe
[2011/07/14 10:14:48 | 000,014,336 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\iisreset.exe
[2011/07/14 10:14:48 | 000,005,632 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\iisrstap.dll
[2011/07/14 10:14:47 | 000,006,144 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\ftpsapi2.dll
[2011/07/14 10:14:41 | 000,094,720 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\certmap.ocx
[2011/07/13 15:38:03 | 000,000,000 | ---D | C] -- C:\Program Files\jv16 PowerTools 2008
[2011/07/13 11:01:25 | 000,000,000 | R--D | C] -- C:\Documents and Settings\Gary Zeigler\Start Menu\Programs\Administrative Tools
[2011/07/13 11:01:12 | 000,000,000 | -H-D | C] -- C:\WINDOWS\System32\GroupPolicy
[2011/07/13 10:47:53 | 000,000,000 | -HSD | C] -- C:\WINDOWS\CSC

========== Files - Modified Within 30 Days ==========

[2011/08/07 09:28:02 | 004,165,920 | R--- | M] (Swearware) -- C:\Documents and Settings\Gary Zeigler\Desktop\ComboFix2.exe
[2011/08/07 09:22:31 | 000,000,512 | ---- | M] () -- C:\Documents and Settings\Gary Zeigler\Desktop\MBR.dat
[2011/08/07 08:32:38 | 000,001,595 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\McAfee AntiVirus Plus.lnk
[2011/08/07 08:32:29 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2011/08/07 08:32:28 | 1063,440,384 | -HS- | M] () -- C:\hiberfil.sys
[2011/08/06 12:35:17 | 000,422,752 | ---- | M] () -- C:\Documents and Settings\Gary Zeigler\Desktop\Wireless Broadband Router2.conf
[2011/08/06 11:52:15 | 001,915,904 | ---- | M] (AVAST Software) -- C:\Documents and Settings\Gary Zeigler\Desktop\aswMBR.exe
[2011/08/06 11:26:27 | 000,579,584 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Gary Zeigler\Desktop\OTL.exe
[2011/08/05 20:16:55 | 000,452,800 | ---- | M] () -- C:\Documents and Settings\Gary Zeigler\Desktop\Wireless Broadband Router.conf
[2011/08/05 05:52:23 | 000,000,098 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\Hosts
[2011/08/01 18:07:11 | 000,071,398 | ---- | M] (jpshortstuff) -- C:\Documents and Settings\Gary Zeigler\Desktop\GooredFix.exe
[2011/08/01 17:32:26 | 000,522,752 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Gary Zeigler\Desktop\OTM.exe
[2011/07/27 07:34:59 | 000,021,064 | ---- | M] () -- C:\WINDOWS\System32\drivers\hitmanpro35.sys
[2011/07/27 07:10:53 | 004,154,451 | R--- | M] (Swearware) -- C:\Documents and Settings\Gary Zeigler\Desktop\ComboFix.exe
[2011/07/27 07:03:14 | 000,001,663 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Hitman Pro 3.5.lnk
[2011/07/25 16:32:36 | 000,200,144 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2011/07/25 14:43:46 | 000,000,325 | RHS- | M] () -- C:\boot.ini
[2011/07/24 11:19:43 | 000,001,546 | ---- | M] () -- C:\Documents and Settings\Gary Zeigler\My Documents\reg keys mcafeeF.reg
[2011/07/24 11:18:27 | 000,001,504 | ---- | M] () -- C:\Documents and Settings\Gary Zeigler\My Documents\reg keys mcafeeE.reg
[2011/07/24 11:17:02 | 000,001,552 | ---- | M] () -- C:\Documents and Settings\Gary Zeigler\My Documents\reg keys mcafeeD.reg
[2011/07/24 11:10:04 | 000,001,980 | ---- | M] () -- C:\Documents and Settings\Gary Zeigler\My Documents\reg keys mcafee.reg
[2011/07/24 06:45:41 | 000,000,438 | ---- | M] () -- C:\Documents and Settings\Gary Zeigler\My Documents\reg keys vc.reg
[2011/07/24 06:41:54 | 000,000,638 | ---- | M] () -- C:\Documents and Settings\Gary Zeigler\My Documents\reg keys vantage.reg
[2011/07/23 09:46:05 | 000,000,209 | ---- | M] () -- C:\Boot.bak
[2011/07/23 09:21:53 | 000,000,135 | ---- | M] () -- C:\Documents and Settings\Gary Zeigler\Local Settings\Application Data\fusioncache.dat
[2011/07/22 11:26:06 | 000,453,568 | ---- | M] () -- C:\Documents and Settings\Gary Zeigler\My Documents\Wireless Broadband Router.conf
[2011/07/22 08:56:17 | 000,001,577 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Quicken Deluxe 2011.lnk
[2011/07/22 08:56:04 | 000,000,120 | ---- | M] () -- C:\WINDOWS\QUICKEN.INI
[2011/07/20 10:57:41 | 000,002,419 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Vz In-Home Agent.lnk
[2011/07/20 07:35:25 | 000,000,260 | ---- | M] () -- C:\WINDOWS\System32\cmdVBS.vbs
[2011/07/20 07:35:25 | 000,000,256 | ---- | M] () -- C:\WINDOWS\System32\MSIevent.bat
[2011/07/18 14:02:45 | 000,001,771 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\McAfee Virtual Technician.lnk
[2011/07/17 14:15:29 | 000,000,067 | ---- | M] () -- C:\Documents and Settings\Gary Zeigler\My Documents\DrWeb.csv
[2011/07/15 07:23:59 | 000,218,636 | ---- | M] () -- C:\Documents and Settings\Gary Zeigler\My Documents\cc_20110715_072329.reg
[2011/07/15 05:53:51 | 000,000,682 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\CCleaner.lnk
[2011/07/15 05:15:42 | 000,000,784 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes' Anti-Malware.lnk
[2011/07/14 21:37:19 | 000,000,026 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts.old
[2011/07/14 21:36:05 | 000,003,704 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\lmhosts.sam
[2011/07/14 16:28:41 | 000,002,305 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\AIM.lnk
[2011/07/14 16:08:21 | 000,000,678 | ---- | M] () -- C:\Documents and Settings\Gary Zeigler\Desktop\jv16 PowerTools 2008.lnk
[2011/07/14 15:34:31 | 000,001,945 | ---- | M] () -- C:\WINDOWS\epplauncher.mif
[2011/07/14 15:32:29 | 000,001,158 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2011/07/13 16:06:13 | 000,000,023 | ---- | M] () -- C:\WINDOWS\System32\dfabbaedbd_z.ocx
[2011/07/13 15:38:12 | 000,000,023 | ---- | M] () -- C:\WINDOWS\System32\aed_z.ocx
[2011/07/13 11:57:28 | 000,001,324 | ---- | M] () -- C:\WINDOWS\System32\d3d9caps.dat
[2011/07/13 11:23:55 | 000,000,552 | ---- | M] () -- C:\WINDOWS\System32\d3d8caps.dat
[2011/07/09 10:04:06 | 000,000,150 | ---- | M] () -- C:\Documents and Settings\Gary Zeigler\Desktop\rk-proxy.reg

========== Files Created - No Company Name ==========

[2011/08/06 12:35:17 | 000,422,752 | ---- | C] () -- C:\Documents and Settings\Gary Zeigler\Desktop\Wireless Broadband Router2.conf
[2011/08/06 11:58:25 | 000,000,512 | ---- | C] () -- C:\Documents and Settings\Gary Zeigler\Desktop\MBR.dat
[2011/08/05 20:16:46 | 000,452,800 | ---- | C] () -- C:\Documents and Settings\Gary Zeigler\Desktop\Wireless Broadband Router.conf
[2011/07/27 07:03:15 | 000,021,064 | ---- | C] () -- C:\WINDOWS\System32\drivers\hitmanpro35.sys
[2011/07/27 07:03:14 | 000,001,663 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Hitman Pro 3.5.lnk
[2011/07/26 10:40:03 | 1063,440,384 | -HS- | C] () -- C:\hiberfil.sys
[2011/07/25 14:54:50 | 000,256,000 | ---- | C] () -- C:\WINDOWS\PEV.exe
[2011/07/25 14:54:50 | 000,208,896 | ---- | C] () -- C:\WINDOWS\MBR.exe
[2011/07/25 14:54:50 | 000,098,816 | ---- | C] () -- C:\WINDOWS\sed.exe
[2011/07/25 14:54:50 | 000,080,412 | ---- | C] () -- C:\WINDOWS\grep.exe
[2011/07/25 14:54:50 | 000,068,096 | ---- | C] () -- C:\WINDOWS\zip.exe
[2011/07/25 14:43:46 | 000,000,209 | ---- | C] () -- C:\Boot.bak
[2011/07/25 14:43:36 | 000,260,272 | RHS- | C] () -- C:\cmldr
[2011/07/24 11:19:43 | 000,001,546 | ---- | C] () -- C:\Documents and Settings\Gary Zeigler\My Documents\reg keys mcafeeF.reg
[2011/07/24 11:18:27 | 000,001,504 | ---- | C] () -- C:\Documents and Settings\Gary Zeigler\My Documents\reg keys mcafeeE.reg
[2011/07/24 11:17:02 | 000,001,552 | ---- | C] () -- C:\Documents and Settings\Gary Zeigler\My Documents\reg keys mcafeeD.reg
[2011/07/24 11:10:04 | 000,001,980 | ---- | C] () -- C:\Documents and Settings\Gary Zeigler\My Documents\reg keys mcafee.reg
[2011/07/24 06:45:41 | 000,000,438 | ---- | C] () -- C:\Documents and Settings\Gary Zeigler\My Documents\reg keys vc.reg
[2011/07/24 06:41:54 | 000,000,638 | ---- | C] () -- C:\Documents and Settings\Gary Zeigler\My Documents\reg keys vantage.reg
[2011/07/22 11:25:57 | 000,453,568 | ---- | C] () -- C:\Documents and Settings\Gary Zeigler\My Documents\Wireless Broadband Router.conf
[2011/07/22 08:56:17 | 000,001,577 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Quicken Deluxe 2011.lnk
[2011/07/20 07:35:25 | 000,000,260 | ---- | C] () -- C:\WINDOWS\System32\cmdVBS.vbs
[2011/07/20 07:35:25 | 000,000,256 | ---- | C] () -- C:\WINDOWS\System32\MSIevent.bat
[2011/07/20 07:34:43 | 000,002,419 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Vz In-Home Agent.lnk
[2011/07/18 14:02:45 | 000,001,771 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\McAfee Virtual Technician.lnk
[2011/07/18 14:02:15 | 000,001,775 | ---- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\McAfee Virtual Technician.lnk
[2011/07/17 14:15:29 | 000,000,067 | ---- | C] () -- C:\Documents and Settings\Gary Zeigler\My Documents\DrWeb.csv
[2011/07/15 07:23:35 | 000,218,636 | ---- | C] () -- C:\Documents and Settings\Gary Zeigler\My Documents\cc_20110715_072329.reg
[2011/07/15 05:53:51 | 000,000,682 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\CCleaner.lnk
[2011/07/15 05:15:42 | 000,000,784 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes' Anti-Malware.lnk
[2011/07/14 16:08:21 | 000,000,678 | ---- | C] () -- C:\Documents and Settings\Gary Zeigler\Desktop\jv16 PowerTools 2008.lnk
[2011/07/14 15:34:31 | 000,001,945 | ---- | C] () -- C:\WINDOWS\epplauncher.mif
[2011/07/14 15:33:06 | 000,001,680 | ---- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Microsoft Security Essentials.lnk
[2011/07/14 10:56:36 | 000,018,944 | ---- | C] () -- C:\WINDOWS\System32\dllcache\xrxscnui.dll
[2011/07/14 10:56:33 | 000,027,648 | ---- | C] () -- C:\WINDOWS\System32\dllcache\xrxftplt.exe
[2011/07/14 10:26:58 | 001,158,818 | ---- | C] () -- C:\WINDOWS\System32\dllcache\korwbrkr.lex
[2011/07/14 10:25:51 | 000,134,339 | ---- | C] () -- C:\WINDOWS\System32\dllcache\imekr.lex
[2011/07/14 10:24:00 | 000,165,888 | ---- | C] () -- C:\WINDOWS\System32\dllcache\hpgt53.dll
[2011/07/14 10:23:55 | 000,093,696 | ---- | C] () -- C:\WINDOWS\System32\dllcache\hpgt42.dll
[2011/07/14 10:23:50 | 000,101,376 | ---- | C] () -- C:\WINDOWS\System32\dllcache\hpgt34.dll
[2011/07/14 10:23:45 | 000,089,088 | ---- | C] () -- C:\WINDOWS\System32\dllcache\hpgt33.dll
[2011/07/14 10:23:40 | 000,083,968 | ---- | C] () -- C:\WINDOWS\System32\dllcache\hpgt21.dll
[2011/07/14 10:23:27 | 000,108,827 | ---- | C] () -- C:\WINDOWS\System32\dllcache\hanja.lex
[2011/07/14 10:20:46 | 000,029,768 | ---- | C] () -- C:\WINDOWS\System32\dllcache\divasu.dll
[2011/07/14 10:20:45 | 000,037,962 | ---- | C] () -- C:\WINDOWS\System32\dllcache\divaprop.dll
[2011/07/14 10:20:44 | 000,006,216 | ---- | C] () -- C:\WINDOWS\System32\dllcache\divaci.dll
[2011/07/14 10:17:55 | 000,026,624 | ---- | C] () -- C:\WINDOWS\System32\dllcache\ativxbar.sys
[2011/07/14 10:17:55 | 000,023,552 | ---- | C] () -- C:\WINDOWS\System32\dllcache\atixbar.sys
[2011/07/14 10:17:54 | 000,019,456 | ---- | C] () -- C:\WINDOWS\System32\dllcache\ativttxx.sys
[2011/07/14 10:17:53 | 000,017,152 | ---- | C] () -- C:\WINDOWS\System32\dllcache\atitvsnd.sys
[2011/07/14 10:17:53 | 000,009,472 | ---- | C] () -- C:\WINDOWS\System32\dllcache\ativmdcd.sys
[2011/07/14 10:17:52 | 000,017,152 | ---- | C] () -- C:\WINDOWS\System32\dllcache\atitunep.sys
[2011/07/14 10:17:51 | 000,049,920 | ---- | C] () -- C:\WINDOWS\System32\dllcache\atirtcap.sys
[2011/07/14 10:17:51 | 000,026,880 | ---- | C] () -- C:\WINDOWS\System32\dllcache\atirtsnd.sys
[2011/07/14 10:17:49 | 000,010,240 | ---- | C] () -- C:\WINDOWS\System32\dllcache\atipcxxx.sys
[2011/07/14 10:17:44 | 000,046,464 | ---- | C] () -- C:\WINDOWS\System32\dllcache\atibt829.sys
[2011/07/13 16:06:13 | 000,000,023 | ---- | C] () -- C:\WINDOWS\System32\dfabbaedbd_z.ocx
[2011/07/13 15:38:12 | 000,000,023 | ---- | C] () -- C:\WINDOWS\System32\aed_z.ocx
[2011/07/13 11:23:55 | 000,000,552 | ---- | C] () -- C:\WINDOWS\System32\d3d8caps.dat
[2011/07/09 10:04:06 | 000,000,150 | ---- | C] () -- C:\Documents and Settings\Gary Zeigler\Desktop\rk-proxy.reg
[2011/07/07 10:14:32 | 000,000,000 | ---- | C] () -- C:\WINDOWS\nsreg.dat
[2011/07/04 08:12:36 | 000,001,324 | ---- | C] () -- C:\WINDOWS\System32\d3d9caps.dat
[2011/07/02 10:41:59 | 000,141,976 | ---- | C] () -- C:\WINDOWS\hpwins05.dat.temp
[2011/07/02 10:41:59 | 000,003,953 | ---- | C] () -- C:\WINDOWS\hpwmdl05.dat.temp
[2011/07/02 09:20:29 | 000,000,755 | ---- | C] () -- C:\WINDOWS\hpntwksetup.ini
[2011/07/02 08:40:39 | 000,000,162 | ---- | C] () -- C:\WINDOWS\System32\AddPort.ini
[2011/07/02 08:18:51 | 000,077,824 | R--- | C] () -- C:\WINDOWS\System32\hpzids01.dll
[2011/07/01 16:37:13 | 000,000,135 | ---- | C] () -- C:\Documents and Settings\Gary Zeigler\Local Settings\Application Data\fusioncache.dat
[2011/07/01 16:21:30 | 000,204,800 | ---- | C] () -- C:\WINDOWS\System32\IVIresizeW7.dll
[2011/07/01 16:21:30 | 000,200,704 | ---- | C] () -- C:\WINDOWS\System32\IVIresizeA6.dll
[2011/07/01 16:21:30 | 000,192,512 | ---- | C] () -- C:\WINDOWS\System32\IVIresizeP6.dll
[2011/07/01 16:21:30 | 000,192,512 | ---- | C] () -- C:\WINDOWS\System32\IVIresizeM6.dll
[2011/07/01 16:21:30 | 000,188,416 | ---- | C] () -- C:\WINDOWS\System32\IVIresizePX.dll
[2011/07/01 16:21:30 | 000,020,480 | ---- | C] () -- C:\WINDOWS\System32\IVIresize.dll
[2011/07/01 16:20:25 | 000,000,004 | ---- | C] () -- C:\WINDOWS\Pix11.dat
[2011/07/01 16:11:03 | 000,019,968 | ---- | C] () -- C:\WINDOWS\System32\Cpuinf32.dll
[2011/07/01 16:09:33 | 000,000,120 | ---- | C] () -- C:\WINDOWS\QUICKEN.INI
[2011/07/01 16:07:37 | 000,000,376 | ---- | C] () -- C:\WINDOWS\ODBC.INI
[2011/07/01 16:01:21 | 000,002,154 | ---- | C] () -- C:\WINDOWS\System32\tmmute.ini
[2011/07/01 15:59:05 | 000,520,192 | ---- | C] () -- C:\WINDOWS\System32\CddbPlaylist2Sony.dll
[2006/09/20 04:25:44 | 000,012,416 | ---- | C] () -- C:\WINDOWS\hpwscr05.dat
[2006/07/24 16:45:11 | 000,610,304 | ---- | C] () -- C:\WINDOWS\System32\lpykrp.exe
[2006/07/24 16:24:00 | 000,000,061 | ---- | C] () -- C:\WINDOWS\smscfg.ini
[2006/07/24 15:40:49 | 000,000,754 | ---- | C] () -- C:\WINDOWS\WORDPAD.INI
[2006/07/24 15:38:31 | 000,000,059 | ---- | C] () -- C:\WINDOWS\WININIT.INI
[2006/07/24 15:30:17 | 000,000,000 | ---- | C] () -- C:\WINDOWS\VAIOUpdt.INI
[2006/07/24 14:03:04 | 000,000,034 | ---- | C] () -- C:\WINDOWS\System32\elcric.dat
[2006/07/24 13:52:40 | 000,000,811 | ---- | C] () -- C:\WINDOWS\orun32.ini
[2006/07/24 13:48:44 | 000,002,048 | --S- | C] () -- C:\WINDOWS\bootstat.dat
[2006/07/24 13:41:43 | 000,021,640 | ---- | C] () -- C:\WINDOWS\System32\emptyregdb.dat
[2006/07/24 13:28:35 | 000,098,304 | ---- | C] () -- C:\WINDOWS\System32\nvapi.dll
[2006/07/24 13:28:25 | 000,000,758 | ---- | C] () -- C:\WINDOWS\System32\oeminfo.ini
[2006/07/24 13:27:49 | 000,004,569 | ---- | C] () -- C:\WINDOWS\System32\secupd.dat
[2006/07/24 13:27:47 | 000,459,522 | ---- | C] () -- C:\WINDOWS\System32\perfh009.dat
[2006/07/24 13:27:47 | 000,272,128 | ---- | C] () -- C:\WINDOWS\System32\perfi009.dat
[2006/07/24 13:27:47 | 000,079,010 | ---- | C] () -- C:\WINDOWS\System32\perfc009.dat
[2006/07/24 13:27:47 | 000,028,626 | ---- | C] () -- C:\WINDOWS\System32\perfd009.dat
[2006/07/24 13:27:47 | 000,004,569 | ---- | C] () -- C:\WINDOWS\System32\oembios.dat
[2006/07/24 13:27:46 | 013,107,200 | ---- | C] () -- C:\WINDOWS\System32\oembios.bin
[2006/07/24 13:27:46 | 000,000,741 | ---- | C] () -- C:\WINDOWS\System32\noise.dat
[2006/07/24 13:27:42 | 000,673,088 | ---- | C] () -- C:\WINDOWS\System32\mlang.dat
[2006/07/24 13:27:42 | 000,046,258 | ---- | C] () -- C:\WINDOWS\System32\mib.bin
[2006/07/24 13:27:38 | 000,218,003 | ---- | C] () -- C:\WINDOWS\System32\dssec.dat
[2006/07/24 13:27:34 | 000,001,804 | ---- | C] () -- C:\WINDOWS\System32\dcache.bin
[2006/07/24 06:35:41 | 000,004,161 | ---- | C] () -- C:\WINDOWS\ODBCINST.INI
[2006/07/24 06:34:48 | 000,200,144 | ---- | C] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2005/11/01 21:53:38 | 000,000,000 | ---- | C] () -- C:\WINDOWS\System32\px.ini
[2005/08/05 17:01:54 | 000,239,104 | ---- | C] () -- C:\WINDOWS\System32\psisdecd.dll
[2003/01/07 18:05:08 | 000,002,695 | ---- | C] () -- C:\WINDOWS\System32\OUTLPERF.INI
[2002/06/12 15:21:12 | 000,049,152 | R--- | C] () -- C:\WINDOWS\System32\winchip.dll
[2001/07/07 03:00:00 | 000,003,399 | ---- | C] () -- C:\WINDOWS\System32\hptcpmon.ini

< End of report >

aswMBR version 0.9.8.978 Copyright© 2011 AVAST Software
Run date: 2011-08-07 09:09:03
-----------------------------
09:09:03.437 OS Version: Windows 5.1.2600 Service Pack 3
09:09:03.437 Number of processors: 2 586 0xF06
09:09:03.437 ComputerName: GARYLAPTOP UserName:
09:09:04.937 Initialize success
09:17:38.546 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP1T0L0-e
09:17:38.546 Disk 0 Vendor: FUJITSU_MHV2120BH_PL 00000029 Size: 114473MB BusType: 3
09:17:38.546 Disk 1 \Device\Harddisk1\DR3 -> \Device\00000097
09:17:38.546 Disk 1 Vendor: ( Size: 114473MB BusType: 0
09:17:40.562 Disk 0 MBR read successfully
09:17:40.562 Disk 0 MBR scan
09:17:40.562 Disk 0 Windows XP default MBR code
09:17:40.562 Disk 0 scanning sectors +234436545
09:17:40.593 Disk 0 malicious Win32:MBRoot code @ sector 234436548 !
09:17:40.593 Disk 0 PE file @ sector 234436570 !
09:17:40.656 Disk 0 scanning C:\WINDOWS\system32\drivers
09:17:48.765 Service scanning
09:17:51.906 Modules scanning
09:17:59.921 Disk 0 trace - called modules:
09:17:59.937 ntkrnlpa.exe CLASSPNP.SYS disk.sys ACPI.sys hal.dll atapi.sys pciide.sys PCIIDEX.SYS
09:17:59.937 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0x8755aab8]
09:17:59.937 3 CLASSPNP.SYS[f75defd7] -> nt!IofCallDriver -> \Device\0000008f[0x8755e9e8]
09:17:59.937 5 ACPI.sys[f7455620] -> nt!IofCallDriver -> \Device\Ide\IdeDeviceP1T0L0-e[0x8755dd98]
09:17:59.937 Scan finished successfully
09:20:05.343 Disk 0 MBR has been saved successfully to "C:\Documents and Settings\Gary Zeigler\Desktop\MBR.dat"
09:20:05.359 The log file has been saved successfully to "C:\Documents and Settings\Gary Zeigler\Desktop\aswMBR.txt"
09:20:14.906 Disk 0 MBR read successfully
09:20:14.906 Disk 0 scanning sectors +234436545
09:20:14.953 Disk 0 malicious Win32:MBRoot code @ sector 234436548 !
09:20:14.953 Disk 0 PE file @ sector 234436570 !
09:20:14.953 Disk 0 sector 234436548 cleaned
09:20:14.953 Disk 0 sector 234436570 cleaned
09:20:14.953 Verifying disinfection
09:20:26.984 Infection fixed successfully - please reboot ASAP
09:22:31.484 Disk 0 MBR has been saved successfully to "C:\Documents and Settings\Gary Zeigler\Desktop\MBR.dat"
09:22:31.515 The log file has been saved successfully to "C:\Documents and Settings\Gary Zeigler\Desktop\aswMBRfix.txt"


ComboFix 11-07-27.01 - Gary Zeigler 07/27/2011 7:12.2.2 - x86
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.1014.550 [GMT -4:00]
Running from: c:\documents and settings\Gary Zeigler\Desktop\ComboFix.exe
Command switches used :: c:\documents and settings\Gary Zeigler\Desktop\cfscript.txt
AV: McAfee Anti-Virus and Anti-Spyware *Disabled/Updated* {84B5EE75-6421-4CDE-A33A-DD43BA9FAD83}
AV: Microsoft Security Essentials *Disabled/Updated* {EDB4FA23-53B8-4AFA-8C5D-99752CCA7095}
FW: McAfee Firewall *Enabled* {94894B63-8C7F-4050-BDA4-813CA00DA3E8}
.
FILE ::
"c:\program files\AdvancedVirusRemover\PAVRM.exe"
"c:\windows\system32\AVR09.exe"
"c:\windows\system32\winhelper.dll"
"c:\windows\system32\winupdate.exe"
.
.
((((((((((((((((((((((((( Files Created from 2011-06-27 to 2011-07-27 )))))))))))))))))))))))))))))))
.
.
2011-07-27 11:03 . 2011-07-27 11:03 21064 ----a-w- c:\windows\system32\drivers\hitmanpro35.sys
2011-07-27 11:03 . 2011-07-27 11:03 -------- d-----w- c:\program files\Hitman Pro 3.5
2011-07-27 11:01 . 2011-07-27 11:01 -------- d-----w- c:\documents and settings\All Users\Application Data\Hitman Pro
2011-07-22 12:56 . 2011-07-22 12:56 180356 ----a-w- c:\program files\Common Files\InstallShield\Professional\RunTime\10\00\Intel32\iGdi.dll
2011-07-22 12:56 . 2004-04-19 03:42 733184 ----a-w- c:\program files\Common Files\InstallShield\Professional\RunTime\10\00\Intel32\iKernel.dll
2011-07-22 12:56 . 2004-04-19 03:40 69715 ----a-w- c:\program files\Common Files\InstallShield\Professional\RunTime\10\00\Intel32\ctor.dll
2011-07-22 12:56 . 2004-04-19 03:39 266240 ----a-w- c:\program files\Common Files\InstallShield\Professional\RunTime\10\00\Intel32\iscript.dll
2011-07-22 12:56 . 2004-04-19 03:39 172032 ----a-w- c:\program files\Common Files\InstallShield\Professional\RunTime\10\00\Intel32\iuser.dll
2011-07-22 12:56 . 2004-04-19 03:39 5632 ----a-w- c:\program files\Common Files\InstallShield\Professional\RunTime\10\00\Intel32\DotNetInstaller.exe
2011-07-22 12:56 . 2011-07-22 12:56 303236 ----a-w- c:\program files\Common Files\InstallShield\Professional\RunTime\10\00\Intel32\setup.dll
2011-07-22 12:56 . 2010-10-14 20:35 4199768 ----a-w- c:\windows\system32\cdintf400.dll
2011-07-20 11:35 . 2011-07-20 11:35 260 ----a-w- c:\windows\system32\cmdVBS.vbs
2011-07-20 11:35 . 2011-07-20 11:35 256 ----a-w- c:\windows\system32\MSIevent.bat
2011-07-20 11:33 . 2011-07-20 11:35 -------- d-----w- c:\program files\Verizon
2011-07-18 23:13 . 2011-07-18 23:13 -------- d-----w- c:\documents and settings\All Users\Application Data\RegCure
2011-07-15 11:51 . 2011-07-18 23:39 -------- d-----w- c:\program files\FixRedirectVirus
2011-07-15 09:53 . 2011-07-15 09:53 -------- d-----w- c:\program files\CCleaner
2011-07-15 09:15 . 2011-07-06 23:52 41272 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2011-07-15 09:15 . 2011-07-15 09:15 -------- d-----w- c:\documents and settings\All Users\Application Data\Malwarebytes
2011-07-15 09:15 . 2011-07-06 23:52 22712 ----a-w- c:\windows\system32\drivers\mbam.sys
2011-07-15 09:15 . 2011-07-15 09:43 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2011-07-14 20:26 . 2011-07-18 23:13 -------- d-----w- c:\program files\RegCure
2011-07-14 19:32 . 2011-07-14 19:33 -------- d-----w- c:\program files\Microsoft Security Client
2011-07-14 14:56 . 2008-04-14 00:12 116224 -c--a-w- c:\windows\system32\dllcache\xrxwiadr.dll
2011-07-14 14:56 . 2001-08-18 02:36 23040 -c--a-w- c:\windows\system32\dllcache\xrxwbtmp.dll
2011-07-14 14:56 . 2008-04-14 00:12 18944 -c--a-w- c:\windows\system32\dllcache\xrxscnui.dll
2011-07-14 14:56 . 2001-08-18 02:37 27648 -c--a-w- c:\windows\system32\dllcache\xrxftplt.exe
2011-07-14 14:56 . 2001-08-18 02:37 4608 -c--a-w- c:\windows\system32\dllcache\xrxflnch.exe
2011-07-14 14:56 . 2001-08-18 02:37 99865 -c--a-w- c:\windows\system32\dllcache\xlog.exe
2011-07-14 14:56 . 2001-08-17 16:11 16970 -c--a-w- c:\windows\system32\dllcache\xem336n5.sys
2011-07-14 14:56 . 2004-08-04 02:29 19455 -c--a-w- c:\windows\system32\dllcache\wvchntxx.sys
2011-07-14 14:56 . 2004-08-04 02:29 12063 -c--a-w- c:\windows\system32\dllcache\wsiintxx.sys
2011-07-14 14:56 . 2008-04-14 00:12 8192 -c--a-w- c:\windows\system32\dllcache\wshirda.dll
2011-07-14 14:54 . 2004-08-04 02:29 19551 -c--a-w- c:\windows\system32\dllcache\watv02nt.sys
2011-07-14 14:53 . 2001-08-17 17:28 224802 -c--a-w- c:\windows\system32\dllcache\usr1807a.sys
2011-07-14 14:52 . 2001-08-17 17:52 36736 -c--a-w- c:\windows\system32\dllcache\ultra.sys
2011-07-14 14:51 . 2001-08-17 16:14 123995 -c--a-w- c:\windows\system32\dllcache\tjisdn.sys
2011-07-14 14:50 . 2001-08-17 18:02 3968 -c--a-w- c:\windows\system32\dllcache\swusbflt.sys
2011-07-14 14:49 . 2001-08-17 16:51 37040 -c--a-w- c:\windows\system32\dllcache\sonypi.sys
2011-07-14 14:48 . 2001-08-17 16:12 91294 -c--a-w- c:\windows\system32\dllcache\skfpwin.sys
2011-07-14 14:47 . 2001-08-18 02:36 26112 -c--a-w- c:\windows\system32\dllcache\EXCH_seos.dll
2011-07-14 14:46 . 2001-08-17 18:56 182272 -c--a-w- c:\windows\system32\dllcache\s3mt3d.dll
2011-07-14 14:45 . 2001-08-17 17:53 3328 -c--a-w- c:\windows\system32\dllcache\qv2kux.sys
2011-07-14 14:44 . 2001-08-17 18:07 19840 -c--a-w- c:\windows\system32\dllcache\philtune.sys
2011-07-14 14:43 . 2001-08-17 18:05 25216 -c--a-w- c:\windows\system32\dllcache\ovsound2.sys
2011-07-14 14:42 . 2001-08-17 17:47 9344 -c--a-w- c:\windows\system32\dllcache\ntapm.sys
2011-07-14 14:42 . 2001-08-17 17:53 7552 -c--a-w- c:\windows\system32\dllcache\nsmmc.sys
2011-07-14 14:42 . 2008-04-13 18:54 28672 -c--a-w- c:\windows\system32\dllcache\nscirda.sys
2011-07-14 14:30 . 2001-08-17 16:20 87040 -c--a-w- c:\windows\system32\dllcache\nm6wdm.sys
2011-07-14 14:30 . 2001-08-17 16:20 126080 -c--a-w- c:\windows\system32\dllcache\nm5a2wdm.sys
2011-07-14 14:30 . 2006-03-15 12:00 53248 -c--a-w- c:\windows\system32\dllcache\nextlink.dll
2011-07-14 14:30 . 2001-08-17 16:12 32840 -c--a-w- c:\windows\system32\dllcache\ngrpci.sys
2011-07-14 14:30 . 2004-08-04 02:31 132695 -c--a-w- c:\windows\system32\dllcache\netwlan5.sys
2011-07-14 14:30 . 2001-08-17 16:11 65278 -c--a-w- c:\windows\system32\dllcache\netflx3.sys
2011-07-14 14:30 . 2001-08-17 16:50 39264 -c--a-w- c:\windows\system32\dllcache\neo20xx.sys
2011-07-14 14:30 . 2001-08-18 02:36 60480 -c--a-w- c:\windows\system32\dllcache\neo20xx.dll
2011-07-14 14:30 . 2001-08-17 17:49 15872 -c--a-w- c:\windows\system32\dllcache\ne2000.sys
2011-07-14 14:30 . 2001-08-17 18:56 91488 -c--a-w- c:\windows\system32\dllcache\n9i3disp.dll
2011-07-14 14:28 . 2001-08-17 18:02 35200 -c--a-w- c:\windows\system32\dllcache\msgame.sys
2011-07-14 14:27 . 2001-08-17 17:58 8320 -c--a-w- c:\windows\system32\dllcache\memcard.sys
2011-07-14 14:26 . 2006-03-15 12:00 70656 -c--a-w- c:\windows\system32\dllcache\korwbrkr.dll
2011-07-14 14:25 . 2006-03-15 12:00 59904 -c--a-w- c:\windows\system32\dllcache\imkrinst.exe
2011-07-14 14:24 . 2006-03-15 12:00 10129408 -c--a-w- c:\windows\system32\dllcache\hwxkor.dll
2011-07-14 14:23 . 2001-08-18 02:36 31232 -c--a-w- c:\windows\system32\dllcache\hpgt42tk.dll
2011-07-14 14:22 . 2001-08-17 16:15 455296 -c--a-w- c:\windows\system32\dllcache\fusbbase.sys
2011-07-14 14:21 . 2001-08-17 16:19 72192 -c--a-w- c:\windows\system32\dllcache\es1969.sys
2011-07-14 14:20 . 2001-08-17 16:12 28062 -c--a-w- c:\windows\system32\dllcache\dp83820.sys
2011-07-14 14:19 . 2001-08-17 16:12 117760 -c--a-w- c:\windows\system32\dllcache\d100ib5.sys
2011-07-14 14:18 . 2001-08-17 16:12 39680 -c--a-w- c:\windows\system32\dllcache\cb325.sys
2011-07-14 14:17 . 2008-04-13 18:46 38912 -c--a-w- c:\windows\system32\dllcache\avc.sys
2011-07-14 14:15 . 2006-03-15 12:00 7168 -c--a-w- c:\windows\system32\dllcache\wamregps.dll
2011-07-14 14:15 . 2001-08-17 18:56 66048 -c--a-w- c:\windows\system32\dllcache\s3legacy.dll
2011-07-14 14:14 . 2006-03-15 12:00 19968 -c--a-w- c:\windows\system32\dllcache\inetsloc.dll
2011-07-14 14:14 . 2006-03-15 12:00 7680 -c--a-w- c:\windows\system32\dllcache\inetmgr.exe
2011-07-14 14:14 . 2006-03-15 12:00 169984 -c--a-w- c:\windows\system32\dllcache\iisui.dll
2011-07-14 14:14 . 2006-03-15 12:00 5632 -c--a-w- c:\windows\system32\dllcache\iisrstap.dll
2011-07-14 14:14 . 2006-03-15 12:00 14336 -c--a-w- c:\windows\system32\dllcache\iisreset.exe
2011-07-14 14:14 . 2006-03-15 12:00 6144 -c--a-w- c:\windows\system32\dllcache\ftpsapi2.dll
2011-07-13 19:38 . 2011-07-14 20:10 -------- d-----w- c:\program files\jv16 PowerTools 2008
2011-07-13 15:01 . 2011-07-13 15:01 -------- d--h--w- c:\windows\system32\GroupPolicy
2011-07-04 15:35 . 2011-07-04 15:35 -------- d-----w- c:\documents and settings\All Users\Application Data\TEMP
2011-07-02 20:35 . 2011-07-02 20:35 -------- d-sh--w- c:\documents and settings\LocalService\IETldCache
2011-07-02 19:34 . 2011-07-02 19:34 -------- d-----w- c:\program files\OpenOffice.org 3
2011-07-02 19:33 . 2011-05-04 08:52 472808 ----a-w- c:\windows\system32\deployJava1.dll
2011-07-02 19:33 . 2011-05-04 06:25 73728 ----a-w- c:\windows\system32\javacpl.cpl
2011-07-02 15:53 . 2011-07-02 15:53 -------- d-----w- c:\program files\Common Files\RingtoneJunkiez
2011-07-02 15:53 . 2011-07-25 19:04 -------- d-----w- c:\program files\Object
2011-07-02 14:48 . 2011-07-02 14:48 -------- d-----w- c:\documents and settings\All Users\Application Data\HP
2011-07-02 13:24 . 2011-07-02 13:24 -------- d-----w- c:\program files\Common Files\Hewlett-Packard
2011-07-02 12:41 . 2006-03-20 00:48 286720 ----a-r- c:\windows\system32\HPZc3212.dll
2011-07-02 12:41 . 2005-08-26 01:19 258122 ----a-r- c:\windows\system32\hpovst09.dll
2011-07-02 12:41 . 2006-04-02 07:41 835072 ----a-r- c:\windows\system32\hpwtiop1.dll
2011-07-02 12:41 . 2006-06-27 07:58 876544 ----a-r- c:\windows\system32\hpwwiax1.dll
2011-07-02 12:41 . 2001-08-17 17:53 6784 -c--a-w- c:\windows\system32\dllcache\serscan.sys
2011-07-02 12:41 . 2001-08-17 17:53 6784 ----a-w- c:\windows\system32\drivers\serscan.sys
2011-07-02 12:38 . 2011-07-02 12:38 -------- d-----w- c:\windows\system32\scripting
2011-07-02 12:38 . 2011-07-02 12:38 -------- d-----w- c:\windows\l2schemas
2011-07-02 12:38 . 2011-07-02 12:38 -------- d-----w- c:\windows\system32\en
2011-07-02 12:38 . 2011-07-02 12:38 -------- d-----w- c:\windows\system32\bits
2011-07-02 12:37 . 2011-07-04 00:29 -------- d-----w- C:\TEMP
2011-07-02 12:33 . 2011-07-02 12:33 -------- d-----w- c:\windows\carrier
2011-07-02 12:32 . 2004-08-04 02:58 15104 -c--a-w- c:\windows\system32\dllcache\usbscan.sys
2011-07-02 12:32 . 2004-08-04 02:58 15104 ----a-w- c:\windows\system32\drivers\usbscan.sys
2011-07-02 12:32 . 2004-08-04 03:08 31616 -c--a-w- c:\windows\system32\dllcache\usbccgp.sys
2011-07-02 12:32 . 2004-08-04 03:08 31616 ----a-w- c:\windows\system32\drivers\usbccgp.sys
2011-07-02 12:32 . 2004-08-04 03:01 25856 -c--a-w- c:\windows\system32\dllcache\usbprint.sys
2011-07-02 12:32 . 2004-08-04 03:01 25856 ----a-w- c:\windows\system32\drivers\usbprint.sys
2011-07-02 12:29 . 2011-07-02 14:47 -------- d-----w- c:\program files\HP
2011-07-02 12:18 . 2006-07-03 15:54 91648 ----a-w- c:\windows\system32\Spool\prtprocs\w32x86\hpzpp4sa.dll
2011-07-02 12:18 . 2006-07-03 15:54 38400 ----a-w- c:\windows\system32\hpz3l4sa.dll
2011-07-02 12:18 . 2005-10-12 02:20 77824 ----a-r- c:\windows\system32\hpzids01.dll
2011-07-02 10:09 . 2011-07-02 10:09 -------- d-----w- c:\windows\Sun
2011-07-02 09:41 . 2004-08-04 02:32 455168 -c--a-w- c:\windows\system32\dllcache\tintsetp.exe
2011-07-02 09:40 . 2004-08-04 02:29 73216 -c--a-w- c:\windows\system32\dllcache\atintuxx.sys
2011-07-02 00:32 . 2011-07-02 00:32 -------- d-----w- c:\documents and settings\All Users\Application Data\kinoma
2011-07-02 00:32 . 2011-07-02 00:32 -------- d-----w- c:\program files\DIFX
2011-07-02 00:10 . 2011-07-02 00:11 -------- d-----w- c:\program files\Common Files\Adobe
2011-07-02 00:00 . 2011-07-02 00:00 -------- d-----w- c:\program files\Common Files\Adobe AIR
2011-07-01 23:24 . 2011-07-01 23:24 -------- d-----w- c:\program files\TurboTax
2011-07-01 23:13 . 2011-07-01 23:13 -------- d-----w- c:\program files\MSXML 6.0
2011-07-01 22:58 . 2011-07-22 12:56 -------- d-----w- c:\program files\Common Files\AnswerWorks 5.0
2011-07-01 20:57 . 2011-04-14 18:01 9344 ----a-w- c:\windows\system32\drivers\mfeclnk.sys
2011-07-01 20:56 . 2011-04-14 18:01 88736 ----a-w- c:\windows\system32\drivers\mfendisk.sys
2011-07-01 20:56 . 2011-04-14 18:01 84488 ----a-w- c:\windows\system32\drivers\mferkdet.sys
2011-07-01 20:56 . 2011-04-14 18:01 84200 ----a-w- c:\windows\system32\drivers\mfetdi2k.sys
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-06-02 14:02 . 2006-07-24 17:27 1858944 ----a-w- c:\windows\system32\win32k.sys
2011-05-20 18:42 . 2011-05-20 18:42 12 ----a-w- c:\windows\Fonts\wfonts.key
2011-05-02 15:31 . 2006-07-24 17:42 692736 ----a-w- c:\windows\system32\inetcomm.dll
2011-04-29 17:25 . 2006-07-24 17:27 151552 ----a-w- c:\windows\system32\schannel.dll
2011-04-29 16:19 . 2006-07-24 17:27 456320 ----a-w- c:\windows\system32\drivers\mrxsmb.sys
2011-06-16 04:17 . 2011-07-07 14:23 142296 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll
2011-04-14 18:01 . 2011-07-07 21:01 24376 ----a-w- c:\program files\mozilla firefox\components\Scriptff.dll
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Apoint"="c:\program files\Apoint\Apoint.exe" [2004-11-18 118784]
"NapsterShell"="c:\program files\Napster\napster.exe" [2006-06-29 319488]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2006-05-08 7561216]
"Switcher.exe"="c:\program files\Sony\Wireless Switch Setting Utility\Switcher.exe" [2006-02-14 176128]
"VAIOSurvey"="c:\program files\sony\vaio survey\surveysa.exe" [2005-06-13 258048]
"VAIOCameraUtility"="c:\program files\Sony\VAIO Camera Utility\VCUServe.exe" [2005-12-27 69632]
"PartSeal"="c:\windows\Sonysys\VAIO Recovery\PartSeal.exe" [2003-04-20 28672]
"mcui_exe"="c:\program files\McAfee.com\Agent\mcagent.exe" [2011-05-05 1195408]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2011-06-06 937920]
"Reader Library Launcher"="c:\program files\Sony\Reader\Data\bin\launcher\Reader Library Launcher.exe" [2010-07-13 906648]
"MSC"="c:\program files\Microsoft Security Client\msseces.exe" [2011-06-15 997920]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2011-04-08 254696]
.
c:\documents and settings\Gary Zeigler\Start Menu\Programs\Startup\
OpenOffice.org 3.3.lnk - c:\program files\OpenOffice.org 3\program\quickstart.exe [2010-12-13 1198592]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\VESWinlogon]
2006-03-09 21:51 73728 ----a-w- c:\windows\system32\VESWinlogon.dll
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\mcmscsvc]
@=""
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS]
@=""
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc]
@="Service"
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ehTray]
2005-08-05 20:56 64512 ----a-w- c:\windows\ehome\ehtray.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\igfxhkcmd]
2006-04-05 18:21 77824 ----a-w- c:\windows\system32\hkcmd.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\igfxpers]
2006-04-05 18:21 118784 ----a-w- c:\windows\system32\igfxpers.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\igfxtray]
2006-04-05 18:21 94208 ----a-w- c:\windows\system32\igfxtray.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ISBMgr.exe]
2004-02-20 21:12 32768 ----a-w- c:\program files\Sony\ISB Utility\ISBMgr.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Mouse Suite 98 Daemon]
2002-03-14 23:46 45056 ----a-w- c:\windows\system32\ico.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SonyPowerCfg]
2006-06-28 01:24 217088 ----a-w- c:\program files\Sony\VAIO Power Management\SPMgr.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\VAIO Recovery]
2003-04-20 04:08 28672 ----a-w- c:\windows\SONYSYS\VAIO Recovery\PartSeal.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\VAIO Update 2]
2005-10-12 04:36 151552 ----a-w- c:\program files\Sony\VAIO Update 2\VAIOUpdt.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeAntiVirus]
"DisableMonitoring"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeFirewall]
"DisableMonitoring"=dword:00000001
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)
"DisableNotifications"= 1 (0x1)
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Common Files\\Mcafee\\McSvcHost\\McSvHost.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"50000:UDP"= 50000:UDP:IHA_MessageCenter
.
R1 mfetdi2k;McAfee Inc. mfetdi2k;c:\windows\system32\drivers\mfetdi2k.sys [7/1/2011 4:56 PM 84200]
R2 IHA_MessageCenter;IHA_MessageCenter;c:\program files\Verizon\IHA_MessageCenter\Bin\Verizon_IHAMessageCenter.exe [7/1/2011 3:01 PM 151552]
R2 McAfee SiteAdvisor Service;McAfee SiteAdvisor Service;"c:\program files\Common Files\Mcafee\McSvcHost\McSvHost.exe" /McCoreSvc [7/1/2011 4:56 PM 271480]
R2 McMPFSvc;McAfee Personal Firewall Service;"c:\program files\Common Files\Mcafee\McSvcHost\McSvHost.exe" /McCoreSvc [7/1/2011 4:56 PM 271480]
R2 McNaiAnn;McAfee VirusScan Announcer;"c:\program files\Common Files\Mcafee\McSvcHost\McSvHost.exe" /McCoreSvc [7/1/2011 4:56 PM 271480]
R2 mfefire;McAfee Firewall Core Service;c:\program files\Common Files\Mcafee\SystemCore\mfefire.exe [7/1/2011 4:57 PM 188136]
R2 mfevtp;McAfee Validation Trust Protection Service;c:\windows\system32\mfevtps.exe [7/1/2011 4:56 PM 148520]
R2 MSSQL$VAIO_VEDB;MSSQL$VAIO_VEDB;c:\program files\Microsoft SQL Server\MSSQL$VAIO_VEDB\Binn\sqlservr.exe -sVAIO_VEDB --> c:\program files\Microsoft SQL Server\MSSQL$VAIO_VEDB\Binn\sqlservr.exe -sVAIO_VEDB [?]
R3 cfwids;McAfee Inc. cfwids;c:\windows\system32\drivers\cfwids.sys [7/1/2011 4:56 PM 56064]
R3 mfefirek;McAfee Inc. mfefirek;c:\windows\system32\drivers\mfefirek.sys [7/1/2011 4:56 PM 314088]
R3 mfendiskmp;mfendiskmp;c:\windows\system32\drivers\mfendisk.sys [7/1/2011 4:56 PM 88736]
R3 SonyImgF;Sony Image Conversion Filter Driver;c:\windows\system32\drivers\SonyImgF.sys [7/24/2006 1:28 PM 30080]
R3 ti21sony;ti21sony;c:\windows\system32\drivers\ti21sony.sys [7/24/2006 1:28 PM 226304]
S3 mfendisk;McAfee Core NDIS Intermediate Filter;c:\windows\system32\drivers\mfendisk.sys [7/1/2011 4:56 PM 88736]
S3 mferkdet;McAfee Inc. mferkdet;c:\windows\system32\drivers\mferkdet.sys [7/1/2011 4:56 PM 84488]
S3 SQLAgent$VAIO_VEDB;SQLAgent$VAIO_VEDB;c:\program files\Microsoft SQL Server\MSSQL$VAIO_VEDB\Binn\sqlagent.EXE -i VAIO_VEDB --> c:\program files\Microsoft SQL Server\MSSQL$VAIO_VEDB\Binn\sqlagent.EXE -i VAIO_VEDB [?]
.
--- Other Services/Drivers In Memory ---
.
*Deregistered* - mfeavfk01
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12
HPService REG_MULTI_SZ HPSLPSVC
.
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{A509B1FF-37FF-4bFF-8CFF-4F3A747040FF}]
2009-03-08 08:32 128512 ----a-w- c:\windows\system32\advpack.dll
.
Contents of the 'Scheduled Tasks' folder
.
2011-07-26 c:\windows\Tasks\RegCure Program Check.job
- c:\program files\RegCure\RegCure.exe [2010-05-19 23:20]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://verizon.my.yahoo.com
mStart Page = hxxp://verizon.my.yahoo.com
uInternet Settings,ProxyServer = http=127.0.0.1:51111
uSearchAssistant =
Trusted Zone: internet
Trusted Zone: intuit.com\ttlc
Trusted Zone: mcafee.com
TCP: DhcpNameServer = 192.168.1.1 213.109.68.8
FF - ProfilePath - c:\documents and settings\Gary Zeigler\Application Data\Mozilla\Firefox\Profiles\z3pv479b.default\
FF - prefs.js: browser.startup.homepage - hxxp://mail.aol.com/33912-111/aol-1/en-us/Suite.aspx|http://www.cbssports.com/#!/nba/|http://www.weather.com/weather/today/Naples+FL+34120|http://www.weather.com/weather/today/King+Of+Prussia+PA+19406
FF - prefs.js: network.proxy.http - 127.0.0.1
FF - prefs.js: network.proxy.http_port - 51111
FF - prefs.js: network.proxy.type - 0
FF - user.js: yahoo.ytff.general.dontshowhpoffer - true
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2011-07-27 07:24
Windows 5.1.2600 Service Pack 3 NTFS
.
scanning hidden processes ...
.
scanning hidden autostart entries ...
.
scanning hidden files ...
.
scan completed successfully
hidden files: 0
.
**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_USERS\S-1-5-21-1311575983-3620465673-597036893-1005\Software\Microsoft\SystemCertificates\AddressBook*]
@Allowed: (Read) (RestrictedCode)
@Allowed: (Read) (RestrictedCode)
.
--------------------- DLLs Loaded Under Running Processes ---------------------
.
- - - - - - - > 'winlogon.exe'(1400)
c:\windows\system32\VESWinlogon.dll
.
- - - - - - - > 'explorer.exe'(3732)
c:\windows\system32\WININET.dll
c:\progra~1\mcafee\sitead~1\saHook.dll
c:\windows\system32\ieframe.dll
c:\windows\system32\webcheck.dll
.
Completion time: 2011-07-27 07:32:24
ComboFix-quarantined-files.txt 2011-07-27 11:32
ComboFix2.txt 2011-07-25 19:11
.
Pre-Run: 93,256,384,512 bytes free
Post-Run: 93,253,586,944 bytes free
.
- - End Of File - - D7E7BE1FDC3A58DA89E50DA6E6760B6D

ComboFix 11-08-06.02 - Gary Zeigler 08/07/2011 10:00:04.3.2 - x86
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.1014.627 [GMT -4:00]
Running from: c:\documents and settings\Gary Zeigler\Desktop\ComboFix2.exe
AV: McAfee Anti-Virus and Anti-Spyware *Disabled/Outdated* {84B5EE75-6421-4CDE-A33A-DD43BA9FAD83}
AV: Microsoft Security Essentials *Disabled/Updated* {EDB4FA23-53B8-4AFA-8C5D-99752CCA7095}
FW: McAfee Firewall *Disabled* {94894B63-8C7F-4050-BDA4-813CA00DA3E8}
.
.
((((((((((((((((((((((((( Files Created from 2011-07-07 to 2011-08-07 )))))))))))))))))))))))))))))))
.
.
2011-08-07 12:30 . 2011-08-07 12:30 -------- d-----w- C:\_OTL
2011-08-01 21:45 . 2011-08-01 21:45 -------- d-----w- C:\_OTM
2011-07-31 12:29 . 2011-08-07 12:03 -------- d-----w- c:\program files\DNSChanger Trojan Removal Tool [1]
2011-07-27 11:03 . 2011-07-27 11:34 21064 ----a-w- c:\windows\system32\drivers\hitmanpro35.sys
2011-07-27 11:03 . 2011-07-27 11:03 -------- d-----w- c:\program files\Hitman Pro 3.5
2011-07-27 11:01 . 2011-07-27 11:01 -------- d-----w- c:\documents and settings\All Users\Application Data\Hitman Pro
2011-07-25 18:46 . 2011-07-25 18:46 -------- d-----w- C:\ComboFix1
2011-07-22 12:56 . 2011-07-22 12:56 180356 ----a-w- c:\program files\Common Files\InstallShield\Professional\RunTime\10\00\Intel32\iGdi.dll
2011-07-22 12:56 . 2004-04-19 03:42 733184 ----a-w- c:\program files\Common Files\InstallShield\Professional\RunTime\10\00\Intel32\iKernel.dll
2011-07-22 12:56 . 2004-04-19 03:40 69715 ----a-w- c:\program files\Common Files\InstallShield\Professional\RunTime\10\00\Intel32\ctor.dll
2011-07-22 12:56 . 2004-04-19 03:39 266240 ----a-w- c:\program files\Common Files\InstallShield\Professional\RunTime\10\00\Intel32\iscript.dll
2011-07-22 12:56 . 2004-04-19 03:39 172032 ----a-w- c:\program files\Common Files\InstallShield\Professional\RunTime\10\00\Intel32\iuser.dll
2011-07-22 12:56 . 2004-04-19 03:39 5632 ----a-w- c:\program files\Common Files\InstallShield\Professional\RunTime\10\00\Intel32\DotNetInstaller.exe
2011-07-22 12:56 . 2011-07-22 12:56 303236 ----a-w- c:\program files\Common Files\InstallShield\Professional\RunTime\10\00\Intel32\setup.dll
2011-07-22 12:56 . 2010-10-14 20:35 4199768 ----a-w- c:\windows\system32\cdintf400.dll
2011-07-20 11:35 . 2011-07-20 11:35 260 ----a-w- c:\windows\system32\cmdVBS.vbs
2011-07-20 11:35 . 2011-07-20 11:35 256 ----a-w- c:\windows\system32\MSIevent.bat
2011-07-20 11:33 . 2011-07-20 11:35 -------- d-----w- c:\program files\Verizon
2011-07-18 18:02 . 2011-07-18 18:02 -------- d-----w- c:\documents and settings\Gary Zeigler\Application Data\McAfee
2011-07-17 16:52 . 2011-07-17 17:14 -------- d-----w- c:\documents and settings\Gary Zeigler\DoctorWeb
2011-07-15 11:51 . 2011-07-18 23:39 -------- d-----w- c:\program files\FixRedirectVirus
2011-07-15 09:53 . 2011-07-15 09:53 -------- d-----w- c:\program files\CCleaner
2011-07-15 09:15 . 2011-07-15 09:15 -------- d-----w- c:\documents and settings\Gary Zeigler\Application Data\Malwarebytes
2011-07-15 09:15 . 2011-07-06 23:52 41272 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2011-07-15 09:15 . 2011-07-15 09:15 -------- d-----w- c:\documents and settings\All Users\Application Data\Malwarebytes
2011-07-15 09:15 . 2011-07-06 23:52 22712 ----a-w- c:\windows\system32\drivers\mbam.sys
2011-07-15 09:15 . 2011-07-15 09:43 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2011-07-14 19:32 . 2011-07-14 19:33 -------- d-----w- c:\program files\Microsoft Security Client
2011-07-14 14:56 . 2008-04-14 00:12 116224 -c--a-w- c:\windows\system32\dllcache\xrxwiadr.dll
2011-07-14 14:56 . 2001-08-18 02:36 23040 -c--a-w- c:\windows\system32\dllcache\xrxwbtmp.dll
2011-07-14 14:56 . 2008-04-14 00:12 18944 -c--a-w- c:\windows\system32\dllcache\xrxscnui.dll
2011-07-14 14:56 . 2001-08-18 02:37 27648 -c--a-w- c:\windows\system32\dllcache\xrxftplt.exe
2011-07-14 14:56 . 2001-08-18 02:37 4608 -c--a-w- c:\windows\system32\dllcache\xrxflnch.exe
2011-07-14 14:56 . 2001-08-18 02:37 99865 -c--a-w- c:\windows\system32\dllcache\xlog.exe
2011-07-14 14:56 . 2001-08-17 16:11 16970 -c--a-w- c:\windows\system32\dllcache\xem336n5.sys
2011-07-14 14:56 . 2004-08-04 02:29 19455 -c--a-w- c:\windows\system32\dllcache\wvchntxx.sys
2011-07-14 14:56 . 2004-08-04 02:29 12063 -c--a-w- c:\windows\system32\dllcache\wsiintxx.sys
2011-07-14 14:56 . 2008-04-14 00:12 8192 -c--a-w- c:\windows\system32\dllcache\wshirda.dll
2011-07-14 14:54 . 2004-08-04 02:29 19551 -c--a-w- c:\windows\system32\dllcache\watv02nt.sys
2011-07-14 14:53 . 2001-08-17 17:28 224802 -c--a-w- c:\windows\system32\dllcache\usr1807a.sys
2011-07-14 14:52 . 2001-08-17 17:52 36736 -c--a-w- c:\windows\system32\dllcache\ultra.sys
2011-07-14 14:51 . 2001-08-17 16:14 123995 -c--a-w- c:\windows\system32\dllcache\tjisdn.sys
2011-07-14 14:50 . 2001-08-17 18:02 3968 -c--a-w- c:\windows\system32\dllcache\swusbflt.sys
2011-07-14 14:49 . 2001-08-17 16:51 37040 -c--a-w- c:\windows\system32\dllcache\sonypi.sys
2011-07-14 14:48 . 2001-08-17 16:12 91294 -c--a-w- c:\windows\system32\dllcache\skfpwin.sys
2011-07-14 14:47 . 2001-08-18 02:36 26112 -c--a-w- c:\windows\system32\dllcache\EXCH_seos.dll
2011-07-14 14:46 . 2001-08-17 18:56 182272 -c--a-w- c:\windows\system32\dllcache\s3mt3d.dll
2011-07-14 14:45 . 2001-08-17 17:53 3328 -c--a-w- c:\windows\system32\dllcache\qv2kux.sys
2011-07-14 14:44 . 2001-08-17 18:07 19840 -c--a-w- c:\windows\system32\dllcache\philtune.sys
2011-07-14 14:43 . 2001-08-17 18:05 25216 -c--a-w- c:\windows\system32\dllcache\ovsound2.sys
2011-07-14 14:42 . 2001-08-17 17:47 9344 -c--a-w- c:\windows\system32\dllcache\ntapm.sys
2011-07-14 14:42 . 2001-08-17 17:53 7552 -c--a-w- c:\windows\system32\dllcache\nsmmc.sys
2011-07-14 14:42 . 2008-04-13 18:54 28672 -c--a-w- c:\windows\system32\dllcache\nscirda.sys
2011-07-14 14:30 . 2001-08-17 16:20 87040 -c--a-w- c:\windows\system32\dllcache\nm6wdm.sys
2011-07-14 14:30 . 2001-08-17 16:20 126080 -c--a-w- c:\windows\system32\dllcache\nm5a2wdm.sys
2011-07-14 14:30 . 2006-03-15 12:00 53248 -c--a-w- c:\windows\system32\dllcache\nextlink.dll
2011-07-14 14:30 . 2001-08-17 16:12 32840 -c--a-w- c:\windows\system32\dllcache\ngrpci.sys
2011-07-14 14:30 . 2004-08-04 02:31 132695 -c--a-w- c:\windows\system32\dllcache\netwlan5.sys
2011-07-14 14:30 . 2001-08-17 16:11 65278 -c--a-w- c:\windows\system32\dllcache\netflx3.sys
2011-07-14 14:30 . 2001-08-17 16:50 39264 -c--a-w- c:\windows\system32\dllcache\neo20xx.sys
2011-07-14 14:30 . 2001-08-18 02:36 60480 -c--a-w- c:\windows\system32\dllcache\neo20xx.dll
2011-07-14 14:30 . 2001-08-17 17:49 15872 -c--a-w- c:\windows\system32\dllcache\ne2000.sys
2011-07-14 14:30 . 2001-08-17 18:56 91488 -c--a-w- c:\windows\system32\dllcache\n9i3disp.dll
2011-07-14 14:28 . 2001-08-17 18:02 35200 -c--a-w- c:\windows\system32\dllcache\msgame.sys
2011-07-14 14:27 . 2001-08-17 17:58 8320 -c--a-w- c:\windows\system32\dllcache\memcard.sys
2011-07-14 14:26 . 2006-03-15 12:00 70656 -c--a-w- c:\windows\system32\dllcache\korwbrkr.dll
2011-07-14 14:25 . 2006-03-15 12:00 59904 -c--a-w- c:\windows\system32\dllcache\imkrinst.exe
2011-07-14 14:24 . 2006-03-15 12:00 10129408 -c--a-w- c:\windows\system32\dllcache\hwxkor.dll
2011-07-14 14:23 . 2001-08-18 02:36 31232 -c--a-w- c:\windows\system32\dllcache\hpgt42tk.dll
2011-07-14 14:22 . 2001-08-17 16:15 455296 -c--a-w- c:\windows\system32\dllcache\fusbbase.sys
2011-07-14 14:21 . 2001-08-17 16:19 72192 -c--a-w- c:\windows\system32\dllcache\es1969.sys
2011-07-14 14:20 . 2001-08-17 16:12 28062 -c--a-w- c:\windows\system32\dllcache\dp83820.sys
2011-07-14 14:19 . 2001-08-17 16:12 117760 -c--a-w- c:\windows\system32\dllcache\d100ib5.sys
2011-07-14 14:18 . 2001-08-17 16:12 39680 -c--a-w- c:\windows\system32\dllcache\cb325.sys
2011-07-14 14:17 . 2008-04-13 18:46 38912 -c--a-w- c:\windows\system32\dllcache\avc.sys
2011-07-14 14:15 . 2006-03-15 12:00 7168 -c--a-w- c:\windows\system32\dllcache\wamregps.dll
2011-07-14 14:15 . 2001-08-17 18:56 66048 -c--a-w- c:\windows\system32\dllcache\s3legacy.dll
2011-07-14 14:14 . 2006-03-15 12:00 19968 -c--a-w- c:\windows\system32\dllcache\inetsloc.dll
2011-07-14 14:14 . 2006-03-15 12:00 7680 -c--a-w- c:\windows\system32\dllcache\inetmgr.exe
2011-07-14 14:14 . 2006-03-15 12:00 169984 -c--a-w- c:\windows\system32\dllcache\iisui.dll
2011-07-14 14:14 . 2006-03-15 12:00 5632 -c--a-w- c:\windows\system32\dllcache\iisrstap.dll
2011-07-14 14:14 . 2006-03-15 12:00 14336 -c--a-w- c:\windows\system32\dllcache\iisreset.exe
2011-07-14 14:14 . 2006-03-15 12:00 6144 -c--a-w- c:\windows\system32\dllcache\ftpsapi2.dll
2011-07-13 19:38 . 2011-07-14 20:10 -------- d-----w- c:\program files\jv16 PowerTools 2008
2011-07-13 15:01 . 2011-07-13 15:01 -------- d--h--w- c:\windows\system32\GroupPolicy
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-07-07 15:57 . 2011-07-01 19:36 404640 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2011-07-01 20:18 . 2011-07-01 20:16 10344 ----a-w- c:\windows\system32\drivers\symlcbrd.sys
2011-06-02 14:02 . 2006-07-24 17:27 1858944 ----a-w- c:\windows\system32\win32k.sys
2011-05-20 18:42 . 2011-05-20 18:42 12 ----a-w- c:\windows\Fonts\wfonts.key
2011-06-16 04:17 . 2011-07-07 14:23 142296 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll
2011-04-14 18:01 . 2011-07-07 21:01 24376 ----a-w- c:\program files\mozilla firefox\components\Scriptff.dll
.
.
((((((((((((((((((((((((((((( [email protected]_11.24.26 )))))))))))))))))))))))))))))))))))))))))
.
+ 2011-08-07 12:32 . 2011-08-07 12:32 16384 c:\windows\Temp\Perflib_Perfdata_498.dat
+ 2011-08-07 12:32 . 2011-08-07 12:32 16384 c:\windows\Temp\Perflib_Perfdata_42c.dat
+ 2006-07-24 17:48 . 2011-08-07 10:20 32768 c:\windows\system32\config\systemprofile\Local Settings\History\History.IE5\index.dat
- 2006-07-24 17:48 . 2011-07-27 10:37 32768 c:\windows\system32\config\systemprofile\Local Settings\History\History.IE5\index.dat
+ 2011-07-27 15:09 . 2011-08-07 10:20 32768 c:\windows\system32\config\systemprofile\Cookies\index.dat
+ 2011-08-01 21:42 . 2011-08-01 21:42 8192 c:\windows\ERDNT\8-1-2011\Users\00000004\UsrClass.dat
+ 2011-08-01 21:42 . 2011-08-01 21:42 8192 c:\windows\ERDNT\8-1-2011\Users\00000002\UsrClass.dat
+ 2011-08-01 21:42 . 2011-08-01 21:42 204800 c:\windows\ERDNT\8-1-2011\Users\00000006\UsrClass.dat
+ 2011-08-01 21:42 . 2011-08-01 21:42 241664 c:\windows\ERDNT\8-1-2011\Users\00000003\NTUSER.DAT
+ 2011-08-01 21:42 . 2011-08-01 21:42 241664 c:\windows\ERDNT\8-1-2011\Users\00000001\NTUSER.DAT
+ 2011-08-01 21:42 . 2011-08-01 21:23 163328 c:\windows\ERDNT\8-1-2011\ERDNT.EXE
+ 2011-08-01 21:42 . 2011-08-01 21:42 3588096 c:\windows\ERDNT\8-1-2011\Users\00000005\NTUSER.DAT
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Apoint"="c:\program files\Apoint\Apoint.exe" [2004-11-18 118784]
"NapsterShell"="c:\program files\Napster\napster.exe" [2006-06-29 319488]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2006-05-08 7561216]
"Switcher.exe"="c:\program files\Sony\Wireless Switch Setting Utility\Switcher.exe" [2006-02-14 176128]
"VAIOSurvey"="c:\program files\sony\vaio survey\surveysa.exe" [2005-06-13 258048]
"VAIOCameraUtility"="c:\program files\Sony\VAIO Camera Utility\VCUServe.exe" [2005-12-27 69632]
"PartSeal"="c:\windows\Sonysys\VAIO Recovery\PartSeal.exe" [2003-04-20 28672]
"mcui_exe"="c:\program files\McAfee.com\Agent\mcagent.exe" [2011-06-28 1195408]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2011-06-06 937920]
"Reader Library Launcher"="c:\program files\Sony\Reader\Data\bin\launcher\Reader Library Launcher.exe" [2010-07-13 906648]
"MSC"="c:\program files\Microsoft Security Client\msseces.exe" [2011-06-15 997920]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2011-04-08 254696]
.
c:\documents and settings\Gary Zeigler\Start Menu\Programs\Startup\
OpenOffice.org 3.3.lnk - c:\program files\OpenOffice.org 3\program\quickstart.exe [2010-12-13 1198592]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\VESWinlogon]
2006-03-09 21:51 73728 ----a-w- c:\windows\system32\VESWinlogon.dll
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\mcmscsvc]
@=""
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS]
@=""
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc]
@="Service"
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ehTray]
2005-08-05 20:56 64512 ----a-w- c:\windows\ehome\ehtray.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\igfxhkcmd]
2006-04-05 18:21 77824 ----a-w- c:\windows\system32\hkcmd.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\igfxpers]
2006-04-05 18:21 118784 ----a-w- c:\windows\system32\igfxpers.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\igfxtray]
2006-04-05 18:21 94208 ----a-w- c:\windows\system32\igfxtray.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ISBMgr.exe]
2004-02-20 21:12 32768 ----a-w- c:\program files\Sony\ISB Utility\ISBMgr.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Mouse Suite 98 Daemon]
2002-03-14 23:46 45056 ----a-w- c:\windows\system32\ico.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SonyPowerCfg]
2006-06-28 01:24 217088 ----a-w- c:\program files\Sony\VAIO Power Management\SPMgr.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\VAIO Recovery]
2003-04-20 04:08 28672 ----a-w- c:\windows\SONYSYS\VAIO Recovery\PartSeal.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\VAIO Update 2]
2005-10-12 04:36 151552 ----a-w- c:\program files\Sony\VAIO Update 2\VAIOUpdt.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeAntiVirus]
"DisableMonitoring"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeFirewall]
"DisableMonitoring"=dword:00000001
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"DisableNotifications"= 1 (0x1)
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Common Files\\Mcafee\\McSvcHost\\McSvHost.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"50000:UDP"= 50000:UDP:IHA_MessageCenter
.
R1 mfetdi2k;McAfee Inc. mfetdi2k;c:\windows\system32\drivers\mfetdi2k.sys [7/1/2011 4:56 PM 84200]
R2 IHA_MessageCenter;IHA_MessageCenter;c:\program files\Verizon\IHA_MessageCenter\Bin\Verizon_IHAMessageCenter.exe [7/1/2011 3:01 PM 151552]
R2 McAfee SiteAdvisor Service;McAfee SiteAdvisor Service;"c:\program files\Common Files\Mcafee\McSvcHost\McSvHost.exe" /McCoreSvc [7/1/2011 4:56 PM 271480]
R2 McMPFSvc;McAfee Personal Firewall Service;"c:\program files\Common Files\Mcafee\McSvcHost\McSvHost.exe" /McCoreSvc [7/1/2011 4:56 PM 271480]
R2 McNaiAnn;McAfee VirusScan Announcer;"c:\program files\Common Files\Mcafee\McSvcHost\McSvHost.exe" /McCoreSvc [7/1/2011 4:56 PM 271480]
R2 mfefire;McAfee Firewall Core Service;c:\program files\Common Files\Mcafee\SystemCore\mfefire.exe [7/1/2011 4:57 PM 188136]
R2 mfevtp;McAfee Validation Trust Protection Service;c:\windows\system32\mfevtps.exe [7/1/2011 4:56 PM 148520]
R2 MSSQL$VAIO_VEDB;MSSQL$VAIO_VEDB;c:\program files\Microsoft SQL Server\MSSQL$VAIO_VEDB\Binn\sqlservr.exe -sVAIO_VEDB --> c:\program files\Microsoft SQL Server\MSSQL$VAIO_VEDB\Binn\sqlservr.exe -sVAIO_VEDB [?]
R3 cfwids;McAfee Inc. cfwids;c:\windows\system32\drivers\cfwids.sys [7/1/2011 4:56 PM 56064]
R3 mfefirek;McAfee Inc. mfefirek;c:\windows\system32\drivers\mfefirek.sys [7/1/2011 4:56 PM 314088]
R3 mfendiskmp;mfendiskmp;c:\windows\system32\drivers\mfendisk.sys [7/1/2011 4:56 PM 88736]
R3 SonyImgF;Sony Image Conversion Filter Driver;c:\windows\system32\drivers\SonyImgF.sys [7/24/2006 1:28 PM 30080]
R3 ti21sony;ti21sony;c:\windows\system32\drivers\ti21sony.sys [7/24/2006 1:28 PM 226304]
S3 hitmanpro35;Hitman Pro 3.5 Support Driver;c:\windows\system32\drivers\hitmanpro35.sys [7/27/2011 7:03 AM 21064]
S3 mfendisk;McAfee Core NDIS Intermediate Filter;c:\windows\system32\drivers\mfendisk.sys [7/1/2011 4:56 PM 88736]
S3 mferkdet;McAfee Inc. mferkdet;c:\windows\system32\drivers\mferkdet.sys [7/1/2011 4:56 PM 84488]
S3 SQLAgent$VAIO_VEDB;SQLAgent$VAIO_VEDB;c:\program files\Microsoft SQL Server\MSSQL$VAIO_VEDB\Binn\sqlagent.EXE -i VAIO_VEDB --> c:\program files\Microsoft SQL Server\MSSQL$VAIO_VEDB\Binn\sqlagent.EXE -i VAIO_VEDB [?]
.
--- Other Services/Drivers In Memory ---
.
*Deregistered* - aswMBR
*Deregistered* - mfeavfk01
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12
HPService REG_MULTI_SZ HPSLPSVC
.
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{A509B1FF-37FF-4bFF-8CFF-4F3A747040FF}]
2009-03-08 08:32 128512 ----a-w- c:\windows\system32\advpack.dll
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://verizon.my.yahoo.com
mStart Page = hxxp://verizon.my.yahoo.com
uInternet Settings,ProxyServer = http=127.0.0.1:51111
uSearchAssistant =
Trusted Zone: internet
Trusted Zone: intuit.com\ttlc
Trusted Zone: mcafee.com
TCP: DhcpNameServer = 192.168.1.1 71.242.0.12
FF - ProfilePath - c:\documents and settings\Gary Zeigler\Application Data\Mozilla\Firefox\Profiles\z3pv479b.default\
FF - prefs.js: browser.startup.homepage - hxxp://mail.aol.com/33912-111/aol-1/en-us/Suite.aspx|http://www.cbssports.com/#!/nba/|http://www.weather.com/weather/today/Naples+FL+34120|http://www.weather.com/weather/today/King+Of+Prussia+PA+19406
FF - prefs.js: network.proxy.http - 127.0.0.1
FF - prefs.js: network.proxy.http_port - 51111
FF - prefs.js: network.proxy.type - 0
FF - user.js: yahoo.ytff.general.dontshowhpoffer - true
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2011-08-07 10:08
Windows 5.1.2600 Service Pack 3 NTFS
.
scanning hidden processes ...
.
scanning hidden autostart entries ...
.
scanning hidden files ...
.
scan completed successfully
hidden files: 0
.
**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_USERS\S-1-5-21-1311575983-3620465673-597036893-1005\Software\Microsoft\SystemCertificates\AddressBook*]
@Allowed: (Read) (RestrictedCode)
@Allowed: (Read) (RestrictedCode)
.
--------------------- DLLs Loaded Under Running Processes ---------------------
.
- - - - - - - > 'winlogon.exe'(1392)
c:\windows\system32\VESWinlogon.dll
.
- - - - - - - > 'explorer.exe'(4004)
c:\windows\system32\WININET.dll
c:\progra~1\mcafee\sitead~1\saHook.dll
c:\windows\system32\ieframe.dll
c:\windows\system32\webcheck.dll
.
Completion time: 2011-08-07 10:12:00
ComboFix-quarantined-files.txt 2011-08-07 14:11
ComboFix2.txt 2011-07-27 11:32
ComboFix3.txt 2011-07-25 19:11
.
Pre-Run: 92,516,188,160 bytes free
Post-Run: 92,480,741,376 bytes free
.
- - End Of File - - 52A595C43AB282350FA4EE0CFD74B246

OTL Extras logfile created on: 8/7/2011 10:31:55 AM - Run 10
OTL by OldTimer - Version 3.2.26.1 Folder = C:\Documents and Settings\Gary Zeigler\Desktop
Windows XP Media Center Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

1014.11 Mb Total Physical Memory | 428.36 Mb Available Physical Memory | 42.24% Memory free
2.38 Gb Paging File | 1.61 Gb Available in Paging File | 67.49% Paging File free
Paging file location(s): C:\pagefile.sys 1524 3048 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 104.79 Gb Total Space | 86.18 Gb Free Space | 82.25% Space Free | Partition Type: NTFS

Computer Name: GARYLAPTOP | User Name: Gary Zeigler | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Extra Registry (SafeList) ==========


========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
.url [@ = InternetShortcut] -- rundll32.exe ieframe.dll,OpenURL %l

[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = htmlfile] -- Reg Error: Key error. File not found

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
exefile [open] -- "%1" %*
InternetShortcut [open] -- rundll32.exe ieframe.dll,OpenURL %l
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"FirstRunDisabled" = 1
"AntiVirusDisableNotify" = 0
"FirewallDisableNotify" = 0
"UpdatesDisableNotify" = 0
"AntiVirusOverride" = 0
"FirewallOverride" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]
"DisableMonitoring" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]
"DisableMonitoring" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]

========== System Restore Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"DisableSR" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Sr]
"Start" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SrService]
"Start" = 2

========== Firewall Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"EnableFirewall" = 0
"DoNotAllowExceptions" = 0
"DisableNotifications" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\List]
"1900:UDP" = 1900:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22007
"2869:TCP" = 2869:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22008

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1
"DoNotAllowExceptions" = 0
"DisableNotifications" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
"2869:TCP" = 2869:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22008
"1900:UDP" = 1900:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22007
"50000:UDP" = 50000:UDP:*:Enabled:IHA_MessageCenter
"139:TCP" = 139:TCP:LocalSubNet:Disabled:@xpsp2res.dll,-22004
"445:TCP" = 445:TCP:LocalSubNet:Disabled:@xpsp2res.dll,-22005
"137:UDP" = 137:UDP:LocalSubNet:Disabled:@xpsp2res.dll,-22001
"138:UDP" = 138:UDP:LocalSubNet:Disabled:@xpsp2res.dll,-22002

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"C:\Program Files\Common Files\Mcafee\McSvcHost\McSvHost.exe" = C:\Program Files\Common Files\Mcafee\McSvcHost\McSvHost.exe:*:Enabled:McAfee Shared Service Host -- (McAfee, Inc.)
"C:\Program Files\Common Files\Intuit\Update Service\IntuitUpdateService.exe" = C:\Program Files\Common Files\Intuit\Update Service\IntuitUpdateService.exe:LocalSubNet:Disabled:Intuit Update Shared Downloads Server -- (Intuit Inc.)


========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{013E1BA8-C815-4E27-BCB9-D6B1B2E24094}" = SonicStage Mastering Studio Audio Filter Custom Preset
"{01FDC9FC-4D4F-4DB0-ACD1-D3E8E1D52902}" = Sony MP4 Shared Library
"{048DDE77-66D5-4335-8497-903856759B58}" = BPDSoftware
"{05BDC796-3451-4F81-B91D-E98F7ADA76C2}" = TurboTax 2010 WinPerTaxSupport
"{05BFB060-4F22-4710-B0A2-2801A1B606C5}" = Microsoft Antimalware
"{075473F5-846A-448B-BCB3-104AA1760205}" = Roxio DigitalMedia Data
"{097CDB1E-07C9-40F1-9972-F0F9F3A287E4}" = Network
"{0A55CDBB-0566-4AA2-A15B-24C7F27C6FF4}" = BPD_Scan
"{0DF00135-D5A7-476A-BFB3-EDFF2840076A}" = VAIO Wireless LAN Setup Utility
"{1417F599-1DBD-4499-9375-B2813E9F890C}" = VAIO Camera Utility
"{18A8E78B-9EF2-496E-B310-BCD8E4C1DAB3}" = iSEEK AnswerWorks English Runtime
"{1BEF9285-5530-426B-A5F1-5836B95C7EB1}" = VAIO Original Screen Saver
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{2063C2E8-3812-4BBD-9998-6610F80C1DD4}" = VAIO Media AC3 Decoder 1.0
"{23BE930B-6AC4-4D0D-B5C3-03062A2BF2A3}" = OpenMG AAC Add-on Module 1.0.00
"{23FB368F-1399-4EAC-817C-4B83ECBE3D83}" = mProSafe
"{26A24AE4-039D-4CA4-87B4-2F83216022FF}" = Java™ 6 Update 26
"{27337663-2619-11D4-99DC-0000F49094C7}" = Memory Stick Formatter
"{2A0F3EF9-68EE-49E9-A05B-ED5B82DF63E5}" = Wireless Switch Setting Utility
"{2EA7CF7E-0C76-44A5-B0CF-A1D171476E42}" = VAIO Breeze Wallpaper
"{315BA29D-2644-4760-B5FD-5AC04A52B8C5}" = VAIO Registration
"{3248F0A8-6813-11D6-A77B-00B0D0150070}" = J2SE Runtime Environment 5.0 Update 7
"{350C97B0-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP
"{3633BA28-67CE-4AC8-A677-3406CA84C3D8}" = OpenMG Secure Module 4.5.01
"{3782EC09-4000-475E-8A59-9CABD6F03B4C}" = TurboTax 2010 WinPerFedFormset
"{3E171899-0175-47CC-84C4-562ACDD4C021}" = OpenOffice.org 3.3
"{47D2103B-FD51-4017-9C20-DD408B17D726}" = Office 2003 Trial Assistant
"{48820099-ED7D-424B-890C-9A82EF00656D}" = VAIO Update 2
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4E993095-28F2-4060-9101-99C1FD1195C0}" = VAIO Central
"{4F2FCCCF-29F3-44B9-886F-6D16F8417522}" = TurboTax 2010 wrapper
"{54B6DC7D-8C5B-4DFB-BC15-C010A3326B2B}" = Microsoft Security Client
"{560F6B2E-F0DF-44E5-8190-A4A161F0E205}" = VAIO Media 5.0
"{5855C127-1F20-404D-B7FB-1FD84D7EAB5E}" = VAIO Media Redistribution 5.0
"{59452470-A902-477F-9338-9B88101681BD}" = Setting Utility Series
"{5958CAC6-373E-402F-84FE-0A699AA920B9}" = LAN Setting Utility
"{5B82682E-C555-45DA-8E2C-CE6525427AC9}" = Click to DVD 2.5.30
"{5D95AD35-368F-47D5-B63A-A082DDF00111}" = Microsoft Digital Image Starter Edition 2006 Editor
"{5E8A1B08-0FBD-4543-9646-F2C2D0D05750}" = Macromedia Flash Player 8
"{5FE545A1-D215-4216-9189-E7B39C9D1CC1}" = Quicken 2011
"{60FFB3E0-6D5B-4D73-AE5B-07E58B83AF0C}" = 32 Bit HP CIO Components Installer
"{639BB4D3-AA30-4A7B-8CB5-6DE681AD6659}" = VAIO Light Flo Wallpaper
"{63B8FB69-A1B6-425D-B67D-5257B7A1F663}" = Image Converter 2 Plus
"{66E6CE0C-5A1E-430C-B40A-0C90FF1804A8}" = eSupportQFolder
"{685BCC47-B8EC-45EC-BBCE-77DF2451502C}" = DVgate Plus
"{691F4068-81BF-49E3-B32E-FE3E16400111}" = Microsoft Digital Image Starter Edition 2006 Library
"{6B1F20F2-6321-4669-A58C-33DF8E7517FF}" = VAIO Entertainment Platform
"{6D52C408-B09A-4520-9B18-475B81D393F1}" = Microsoft Works
"{730EF0E8-8B8E-4054-B2CE-5D4BA3BCE510}" = Vz In Home Agent
"{785EB1D4-ECEC-4195-99B4-73C47E187721}" = VAIO Media Integrated Server 5.0
"{80EE18E6-F16C-11D4-8BE8-006097C9A3ED}" = ISScript
"{82081533-F045-469E-BD53-F16839E445C3}" = VAIO Support Central
"{87E2B986-07E8-477a-93DC-AF0B6758B192}" = DocProcQFolder
"{8A4CE7FD-9657-4B06-9943-E1819F3D5D67}" = DocProc
"{8A708DD8-A5E6-11D4-A706-000629E95E20}" = Intel® Graphics Media Accelerator Driver
"{8B928BA1-EDEC-4227-A2DA-DD83026C36F5}" = mPfMgr
"{8DCE550C-CA43-4E82-92DF-FFC4A48F5BE1}" = Napster Burn Engine
"{91120409-6000-11D3-8CFE-0150048383C9}" = Microsoft Office Standard Edition 2003
"{91810AFC-A4F8-4EBA-A5AA-B198BBC81144}" = InterVideo WinDVD for VAIO
"{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting
"{9941F0AA-B903-4AF4-A055-83A9815CC011}" = Sonic Encoders
"{9B953606-000E-491C-B74D-78ECFDD520A0}" = OpenMG Metadata Extractor for Windows Media Player
"{9CC89556-3578-48DD-8408-04E66EBEF401}" = mXML
"{9E319E96-ED8E-4B01-9775-C521A1869A25}" = VAIO Power Management
"{9E407618-D9CD-4F39-9490-9ED45294073D}" = Click to DVD 2.0.03 Menu Data
"{9F7FC79B-3059-4264-9450-39EB368E3225}" = Microsoft Digital Image Library 9 - Blocker
"{A0EB195B-5876-48E6-879D-33D4B2102610}" = SonicStage 4.0
"{A0F925BF-5C55-44C2-A4E7-5A4C59791C29}" = mDriver
"{A212E6C2-20F7-4A8E-BD8E-DC3EE7483FA2}" = PRS-500 USB driver
"{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}" = Microsoft .NET Framework 3.0 Service Pack 2
"{A462213D-EED4-42C2-9A60-7BDD4D4B0B17}" = SigmaTel Audio
"{A525E00B-6609-442E-9DCD-64453C233E8D}" = TurboTax 2010 WinPerReleaseEngine
"{A87EBA79-93DB-4A87-B9BA-62F8FB12D993}" = ImageStation
"{A947C2B3-7445-42C4-9063-EE704CACCB22}" = VAIO Hardware Diagnostics
"{AB467B85-4F52-48C2-AEED-0673D00417B0}" = SonicStage Mastering Studio Audio Filter
"{AB708C9B-97C8-4AC9-899B-DBF226AC9382}" = Roxio DigitalMedia Audio
"{AC76BA86-7AD7-1033-7B44-AA1000000001}" = Adobe Reader X (10.1.0)
"{AF9A04EB-7D8E-41DE-9EDE-4AB9BB2B71B6}" = VAIO Media Registration Tool 5.0
"{B12665F4-4E93-4AB4-B7FC-37053B524629}" = Roxio DigitalMedia Copy
"{B70E5793-F912-4C62-AFE2-C4F0B078FD31}" = Reader Library by Sony
"{BA46CCF2-2C59-4DEB-93DC-7000B7C53B4E}" = VAIOSurveySA
"{BBBCAE4B-B416-4182-A6F2-438180894A81}" = Napster
"{BE2DDF55-4C42-44CC-A56E-C8E4A65CB2FF}" = IHA_MessageCenter
"{BE56FEF0-1A0F-4719-B3AD-34B5087AFA6D}" = Sony Video Shared Library
"{BF3B304B-8A18-452D-A19F-6012CA8418D7}" = SonicStage Mastering Studio 2.2
"{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}" = Microsoft .NET Framework 2.0 Service Pack 2
"{C27BF761-C499-488D-A964-A3718BC6EC3E}" = DSD Direct
"{C89EB8CD-675F-44F4-9729-4C9A8FAC2D4F}" = DSD Playback Plug-in 1.0
"{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1
"{CE24344F-DFD8-40C8-8FD8-C9740B5F25AC}" = BPDfax
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{D0448678-1203-4158-A58F-B3D0B616BF9E}" = Sony Certificate PCH
"{D9952D4E-766C-4CD3-BF2E-A2C3D8B15EF3}" = VAIO Backup Utility
"{DBCC73BA-C69A-4BF5-B4BF-F07501EE7039}" = AnswerWorks 5.0 English Runtime
"{DD1E51DF-C3C0-400C-A0D7-C67DB49C9D9C}" = RingtoneJunkiez Desktop
"{E09B48B5-E141-427A-AB0C-D3605127224A}" = Microsoft SQL Server Desktop Engine (VAIO_VEDB)
"{E3D278BD-FC97-4F87-BB1F-689AE0CB9122}" = Macromedia Flash Player 8 Plugin
"{E81667C6-2856-46D6-ABEA-6A2F42166779}" = mCore
"{ED3D79A6-B3BB-4482-B226-0B620F97258A}" = BPDSoftware_Ini
"{EE7EB179-5AA2-4B28-AC92-5CBAAF82BA7F}" = SonicStage Mastering Studio Plugins
"{EF3D45BB-2260-4008-88EA-492E7744A9DF}" = Sony Utilities DLL
"{F0BFC7EF-9CF8-44EE-91B0-158884CD87C5}" = mMHouse
"{F0D85ADD-DD61-4B43-87A0-6DA52A211A8B}" = VAIO Event Service
"{F3760724-B29D-465B-BC53-E5D72095BCC4}" = Scan
"{F6869CD2-3DB4-476D-A4C7-B3AE7C3ACF7B}" = Windows Media Connect
"{FB714F13-10C9-48DB-91C9-DDBCCCBF9370}" = VAIO Original Screen Saver VAIO Cozy Screen SD Wide Contents
"{FCA651F3-5BDA-4DDA-9E4A-5D87D6914CC4}" = mWlsSafe
"{FDB3B167-F4FA-461D-976F-286304A57B2A}" = Adobe AIR
"{FE3BF611-9B8B-44DC-A424-F8C4BA122A1D}" = VAIO Security Center
"75070B1806113224B16C70296B90DD1AD8A53479" = Windows Driver Package - Sony Corporation (PRSUSB) USB (08/08/2006 1.0.03.08080)
"Adobe AIR" = Adobe AIR
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"AOL Search Enhancement" = Search Enhancement by AOL Search
"CCleaner" = CCleaner
"CNXT_MODEM_HDAUDIO_VEN_14F1&DEV_2BFA&SUBSYS_20030003" = HDAUDIO SoftV92 Data Fax Modem with SmartCP
"FixRedirectVirus1.5" = FixRedirectVirus
"HitmanPro35" = Hitman Pro 3.5
"HPOCR" = OCR Software by I.R.I.S 7.0
"ie8" = Windows Internet Explorer 8
"InstallShield_{23BE930B-6AC4-4D0D-B5C3-03062A2BF2A3}" = OpenMG AAC Add-on Module 1.0.00
"InstallShield_{315BA29D-2644-4760-B5FD-5AC04A52B8C5}" = VAIO Registration
"InstallShield_{3633BA28-67CE-4AC8-A677-3406CA84C3D8}" = OpenMG Secure Module 4.5.01
"InstallShield_{BA46CCF2-2C59-4DEB-93DC-7000B7C53B4E}" = VAIOSurveySA
"jv16 PowerTools 2008_is1" = jv16 PowerTools 2008
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware version 1.51.1.1800
"McAfee Virtual Technician" = McAfee Virtual Technician
"Microsoft .NET Framework 1.1 (1033)" = Microsoft .NET Framework 1.1
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Microsoft Security Client" = Microsoft Security Essentials
"MouseSuite98" = Sony USB Mouse
"Mozilla Firefox 5.0 (x86 en-US)" = Mozilla Firefox 5.0 (x86 en-US)
"MSC" = McAfee AntiVirus Plus
"NVIDIA Drivers" = NVIDIA Drivers
"OpenMG HotFix4.5-06-05-10-01" = OpenMG Limited Patch 4.5-06-05-12-01
"PictureItSuiteTrial_v11" = Microsoft Digital Image Starter Edition 2006
"ProInst" = Intel® PROSet/Wireless Software
"PROSet" = Intel® PRO Network Connections Drivers
"TurboTax 2010" = TurboTax 2010
"WIC" = Windows Imaging Component
"Windows Media Connect" = Windows Media Connect
"Windows Media Format Runtime" = Windows Media Format Runtime
"Windows XP Service Pack" = Windows XP Service Pack 3
"Yahoo! Companion" = Verizon Yahoo! Toolbar
"Yahoo! Software Update" = Yahoo! Software Update

========== Last 10 Event Log Errors ==========

[ Application Events ]
Error - 7/14/2011 3:33:26 PM | Computer Name = GARYLAPTOP | Source = MPSampleSubmission | ID = 5000
Description = EventType mptelemetry, P1 0x80070003, P2 moac, P3 cachereset, P4 3.0.8402.0,
P5 unspecified, P6 unspecified, P7 unspecified, P8 NIL, P9 NIL, P10 NIL.

Error - 7/14/2011 5:52:39 PM | Computer Name = GARYLAPTOP | Source = Application Error | ID = 1000
Description = Faulting application firefox.exe, version 5.0.0.4183, faulting module
unknown, version 0.0.0.0, fault address 0xffffffff.

Error - 7/15/2011 5:46:05 AM | Computer Name = GARYLAPTOP | Source = MsiInstaller | ID = 11706
Description = Product: Scan -- Error 1706.No valid source could be found for product
Scan. The Windows Installer cannot continue.

Error - 7/15/2011 5:46:26 AM | Computer Name = GARYLAPTOP | Source = MsiInstaller | ID = 11706
Description = Product: Scan -- Error 1706.No valid source could be found for product
Scan. The Windows Installer cannot continue.

Error - 7/15/2011 8:46:02 AM | Computer Name = GARYLAPTOP | Source = Application Error | ID = 1000
Description = Faulting application firefox.exe, version 5.0.0.4183, faulting module
unknown, version 0.0.0.0, fault address 0xffffffff.

Error - 7/15/2011 8:52:15 AM | Computer Name = GARYLAPTOP | Source = Application Error | ID = 1001
Description = Fault bucket 00000009.

Error - 7/18/2011 1:37:21 PM | Computer Name = GARYLAPTOP | Source = MsiInstaller | ID = 11316
Description = Product: RingtoneJunkiez Desktop -- Error 1316. A network error occurred
while attempting to read from the file: C:\WINDOWS\Installer\tmp9E.tmp.msi

Error - 7/18/2011 1:37:52 PM | Computer Name = GARYLAPTOP | Source = MsiInstaller | ID = 11316
Description = Product: RingtoneJunkiez Desktop -- Error 1316. A network error occurred
while attempting to read from the file: C:\WINDOWS\Installer\tmp9E.tmp.msi

Error - 7/25/2011 2:33:12 PM | Computer Name = GARYLAPTOP | Source = Application Hang | ID = 1002
Description = Hanging application iexplore.exe, version 8.0.6001.18702, hang module
hungapp, version 0.0.0.0, hang address 0x00000000.

Error - 7/25/2011 2:37:45 PM | Computer Name = GARYLAPTOP | Source = McLogEvent | ID = 5051
Description = A thread in process C:\Program Files\Common Files\McAfee\SystemCore\mcshield.exe
took longer than 90000 ms to complete a request. The process will be terminated.
Thread
id : 1180 (0x49c) Thread address : 0x7C90E514 Thread message : Build VSCORE.14.2.0.835
/ 5400.1158 Object being scanned = \Device\HarddiskVolume2\32788R22FWJFW\License\iexplore.exe

by **\IEXPLORE.EXE 4(0)(0) 4(0)(0) 7200(0)(0) 7595(0)(0) 7005(0)(0) 7004(0)(0)
5006(0)(0) 5004(0)(0)

[ System Events ]
Error - 7/18/2011 1:16:49 PM | Computer Name = GARYLAPTOP | Source = DCOM | ID = 10005
Description = DCOM got error "%1084" attempting to start the service McNaiAnn with
arguments "" in order to run the server: {DC7EF8E1-824F-4110-AB43-1604DA9B4F40}

Error - 7/18/2011 1:16:49 PM | Computer Name = GARYLAPTOP | Source = DCOM | ID = 10005
Description = DCOM got error "%1084" attempting to start the service McNaiAnn with
arguments "" in order to run the server: {DC7EF8E1-824F-4110-AB43-1604DA9B4F40}

Error - 7/18/2011 1:16:49 PM | Computer Name = GARYLAPTOP | Source = DCOM | ID = 10005
Description = DCOM got error "%1084" attempting to start the service McNaiAnn with
arguments "" in order to run the server: {DC7EF8E1-824F-4110-AB43-1604DA9B4F40}

Error - 7/18/2011 1:16:49 PM | Computer Name = GARYLAPTOP | Source = DCOM | ID = 10005
Description = DCOM got error "%1084" attempting to start the service McNaiAnn with
arguments "" in order to run the server: {DC7EF8E1-824F-4110-AB43-1604DA9B4F40}

Error - 7/18/2011 1:20:06 PM | Computer Name = GARYLAPTOP | Source = DCOM | ID = 10005
Description = DCOM got error "%1084" attempting to start the service McNaSvc with
arguments "" in order to run the server: {24F616A1-B755-4053-8018-C3425DC8B68A}

Error - 7/18/2011 1:20:06 PM | Computer Name = GARYLAPTOP | Source = DCOM | ID = 10005
Description = DCOM got error "%1084" attempting to start the service McNaSvc with
arguments "" in order to run the server: {24F616A1-B755-4053-8018-C3425DC8B68A}

Error - 7/18/2011 1:29:22 PM | Computer Name = GARYLAPTOP | Source = DCOM | ID = 10005
Description = DCOM got error "%1084" attempting to start the service MSIServer with
arguments "" in order to run the server: {000C101C-0000-0000-C000-000000000046}

Error - 7/18/2011 1:30:22 PM | Computer Name = GARYLAPTOP | Source = DCOM | ID = 10005
Description = DCOM got error "%1084" attempting to start the service MSIServer with
arguments "" in order to run the server: {000C101C-0000-0000-C000-000000000046}

Error - 7/18/2011 1:30:35 PM | Computer Name = GARYLAPTOP | Source = DCOM | ID = 10005
Description = DCOM got error "%1084" attempting to start the service MSIServer with
arguments "" in order to run the server: {000C101C-0000-0000-C000-000000000046}

Error - 7/18/2011 1:31:21 PM | Computer Name = GARYLAPTOP | Source = DCOM | ID = 10005
Description = DCOM got error "%1084" attempting to start the service EventSystem
with arguments "" in order to run the server: {1BE1F766-5536-11D1-B726-00C04FB926AF}


< End of report >
  • 0

#6
Aaron

Aaron

    GeekU Mod

  • GeekU Moderator
  • 3,155 posts
Hi

How come OTL went from run 4 to run 10 ? I also see u used someone else's fix in Combofix or made you're own, not very smart as this could make your computer unbootable. However, the things you tried to remove were not on your computer (any more).

Still having problems or are the redirection stopped?

Is your router back fully function or you need a bit of help there?

Please follow these steps:
============ Step one ============

You are using Microsoft Security Essentials and McAfee AntiVirus Plus.
Anti-Virus programs take up an enormous amount of your computer's resources when they are actively scanning your computer. Having two anti-virus programs running at the same time can cause your computer to run very slow, become unstable and even, in rare cases, crash. You better remove one of them.

If you choose to install more than one Anti-Virus program on your computer, then only one of them should be active in memory at a time.

There are basically two types of these programs:
On-Access and On-Demand

On-Access Scanners
As the name implies, are scanners that run in the background all the time the PC is turned on and running. The main function of an On-Access scanner is to monitor activity on your machine.

On-Demand Scanners
As the name implies, are scanners that only run when you ask them to.
Such as:
Online Scans and scanners that run on your machine but are not actively scanning your machine

============ Step two ============

Download the GMER Rootkit Scanner. Unzip it to your Desktop.

Before scanning, make sure all other running programs are closed and no other actions like a scheduled antivirus scan will occur while the scan is being performed. Do not use your computer for anything else during the scan.
  • Double click GMER.exe.
    Posted Image
  • If it gives you a warning about rootkit activity and asks if you want to run a full scan...click on NO, then use the following settings for a more complete scan..
  • In the right panel, you will see several boxes that have been checked. Ensure the following are UNCHECKED ...
    • IAT/EAT
    • Drives/Partition other than Systemdrive (typically C:\)
    • Show All (don't miss this one)
      Posted Image
      Click the image to enlarge it
  • Then click the Scan button & wait for it to finish.
  • Once done click on the [Save..] button, and in the File name area, type in "ark.txt"
  • Save the log where you can easily find it, such as your desktop.
**Caution**
Rootkit scans often produce false positives. Do NOT take any action on any "<--- ROOKIT" entries


Please post this log.

============ Step three ============

Posted Image Please download Malwarebytes' Anti-Malware from Here.

Double Click mbam-setup.exe to install the application.
  • Make sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
  • If an update is found, it will download and install the latest version.
  • Once the program has loaded, select "Perform Quick Scan", then click Scan.
  • The scan may take some time to finish,so please be patient.
  • When the scan is complete, click OK, then Show Results to view the results.
  • Make sure that everything is checked, and click Remove Selected.
  • When disinfection is completed, a log will open in Notepad and you may be prompted to Restart.(See Extra Note)
  • The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
  • Copy&Paste the entire report in your next reply.
Extra Note:

If MBAM encounters a file that is difficult to remove,you will be presented with 1 of 2 prompts,click OK to either and let MBAM proceed with the disinfection process. If asked to restart the computer, please do so immediately.

============ Step four ============

I'd like us to scan your machine with ESET Online Scan

Note: It is recommended to disable on-board anti-virus program and anti-spyware programs while performing scans so there are no conflicts and it will speed up scan time.
Please don't go surfing while your resident protection is disabled!
Once the scan is finished remember to re-enable your anti-virus along with your anti-spyware programs.



  • Hold down Control and click on the following link to open ESET OnlineScan in a new window.
    ESET OnlineScan
  • Click the Posted Image button.
  • For alternate browsers only: (Microsoft Internet Explorer users can skip these steps)
    • Click on Posted Image to download the ESET Smart Installer. Save it to your desktop.
    • Double click on the Posted Image icon on your desktop.
  • Check Posted Image
  • Click the Posted Image button.
  • Accept any security warnings from your browser.
  • Check Posted Image
  • Make sure that the option "Remove found threats" is Unchecked
  • Push the Start button.
  • ESET will then download updates for itself, install itself, and begin
    scanning your computer. Please be patient as this can take some time.
  • When the scan completes, push Posted Image
  • Push Posted Image, and save the file to your desktop using a unique name, such as
    ESETScan. Include the contents of this report in your next reply.
  • Push the Posted Image button.
  • Push Posted Image

- Maser00
  • 0

#7
gtzig

gtzig

    New Member

  • Topic Starter
  • Member
  • Pip
  • 5 posts
Hi Aaron

Thanks for the continuing help.

The increased number of OTL runs was due to my ineptness - mostly trying to get the EXTRA file before you told me how.

The computer is showing no evidence of Redirects - Hurrah.

The router is OK - I just haven't had the time to upgrade the security level from the current WEP 64. Initially, I was leery because for some reason I can't connect to the router with an ethernet cable (likely some process I disabled in the past and forgot about) and I didn't know that when the router is reset its initial configuration has the wireless active with an ssid and security key that I know. Showing my age I guess.

I understand your comments about two anti-vius programs running at the same time and thanks for the reminder. Although Microsoft Security Essentials is installed, I have had it disabled for some time. McAfee is my primary security suite.

I have lots of clean-up work to do, but have been trying to keep hardware and software configuration constant while you are helping me.

Following are requested data

Thanks

Gary


GMER 1.0.15.15641 - http://www.gmer.net
Rootkit scan 2011-08-08 08:21:00
Windows 5.1.2600 Service Pack 3 Harddisk0\DR0 -> \Device\Ide\IdeDeviceP1T0L0-e FUJITSU_MHV2120BH_PL rev.00000029
Running: gmer.exe; Driver: C:\DOCUME~1\GARYZE~1\LOCALS~1\Temp\pwdorkob.sys


---- System - GMER 1.0.15 ----

Code mfehidk.sys (McAfee Link Driver/McAfee, Inc.) ZwCreateKey [0xF735FD70]
Code mfehidk.sys (McAfee Link Driver/McAfee, Inc.) ZwDeleteKey [0xF735FD84]
Code mfehidk.sys (McAfee Link Driver/McAfee, Inc.) ZwDeleteValueKey [0xF735FDB0]
Code mfehidk.sys (McAfee Link Driver/McAfee, Inc.) ZwMapViewOfSection [0xF735FE06]
Code mfehidk.sys (McAfee Link Driver/McAfee, Inc.) ZwOpenKey [0xF735FD5C]
Code mfehidk.sys (McAfee Link Driver/McAfee, Inc.) ZwOpenProcess [0xF735FD34]
Code mfehidk.sys (McAfee Link Driver/McAfee, Inc.) ZwOpenThread [0xF735FD48]
Code mfehidk.sys (McAfee Link Driver/McAfee, Inc.) ZwRenameKey [0xF735FD9A]
Code mfehidk.sys (McAfee Link Driver/McAfee, Inc.) ZwSetSecurityObject [0xF735FDDC]
Code mfehidk.sys (McAfee Link Driver/McAfee, Inc.) ZwSetValueKey [0xF735FDC6]
Code mfehidk.sys (McAfee Link Driver/McAfee, Inc.) ZwTerminateProcess [0xF735FE30]
Code mfehidk.sys (McAfee Link Driver/McAfee, Inc.) ZwUnmapViewOfSection [0xF735FE1C]
Code mfehidk.sys (McAfee Link Driver/McAfee, Inc.) ZwYieldExecution [0xF735FDF0]
Code \??\C:\DOCUME~1\GARYZE~1\LOCALS~1\Temp\catchme.sys pIofCallDriver
Code mfehidk.sys (McAfee Link Driver/McAfee, Inc.) NtMapViewOfSection
Code mfehidk.sys (McAfee Link Driver/McAfee, Inc.) NtOpenProcess
Code mfehidk.sys (McAfee Link Driver/McAfee, Inc.) NtOpenThread
Code mfehidk.sys (McAfee Link Driver/McAfee, Inc.) NtSetSecurityObject

---- Kernel code sections - GMER 1.0.15 ----

? C:\DOCUME~1\GARYZE~1\LOCALS~1\Temp\aswMBR.sys The system cannot find the file specified. !
? C:\WINDOWS\system32\Drivers\PROCEXP113.SYS The system cannot find the file specified. !
? C:\DOCUME~1\GARYZE~1\LOCALS~1\Temp\catchme.sys The system cannot find the file specified. !
? System32\Drivers\hiber_WMILIB.SYS The system cannot find the path specified. !

---- User code sections - GMER 1.0.15 ----

.text C:\WINDOWS\system32\svchost.exe[472] ntdll.dll!NtCreateFile 7C90D0AE 5 Bytes JMP 00EA0000
.text C:\WINDOWS\system32\svchost.exe[472] ntdll.dll!NtCreateProcess 7C90D14E 5 Bytes JMP 00EA0FEF
.text C:\WINDOWS\system32\svchost.exe[472] ntdll.dll!NtProtectVirtualMemory 7C90D6EE 5 Bytes JMP 00EA0025
.text C:\WINDOWS\system32\svchost.exe[472] kernel32.dll!CreateFileA 7C801A28 5 Bytes JMP 00E90FEF
.text C:\WINDOWS\system32\svchost.exe[472] kernel32.dll!VirtualProtectEx 7C801A61 5 Bytes JMP 00E90F6F
.text C:\WINDOWS\system32\svchost.exe[472] kernel32.dll!VirtualProtect 7C801AD4 5 Bytes JMP 00E9006E
.text C:\WINDOWS\system32\svchost.exe[472] kernel32.dll!LoadLibraryExW 7C801AF5 5 Bytes JMP 00E90051
.text C:\WINDOWS\system32\svchost.exe[472] kernel32.dll!LoadLibraryExA 7C801D53 5 Bytes JMP 00E90036
.text C:\WINDOWS\system32\svchost.exe[472] kernel32.dll!LoadLibraryA 7C801D7B 5 Bytes JMP 00E90014
.text C:\WINDOWS\system32\svchost.exe[472] kernel32.dll!GetStartupInfoW 7C801E54 5 Bytes JMP 00E90F3C
.text C:\WINDOWS\system32\svchost.exe[472] kernel32.dll!GetStartupInfoA 7C801EF2 5 Bytes JMP 00E90F4D
.text C:\WINDOWS\system32\svchost.exe[472] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 00E90F0D
.text C:\WINDOWS\system32\svchost.exe[472] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 00E900B0
.text C:\WINDOWS\system32\svchost.exe[472] kernel32.dll!GetProcAddress 7C80AE40 5 Bytes JMP 00E90EFC
.text C:\WINDOWS\system32\svchost.exe[472] kernel32.dll!LoadLibraryW 7C80AEEB 5 Bytes JMP 00E90025
.text C:\WINDOWS\system32\svchost.exe[472] kernel32.dll!CreateFileW 7C810800 5 Bytes JMP 00E90FCA
.text C:\WINDOWS\system32\svchost.exe[472] kernel32.dll!CreatePipe 7C81D83F 5 Bytes JMP 00E90F5E
.text C:\WINDOWS\system32\svchost.exe[472] kernel32.dll!CreateNamedPipeW 7C82F0DD 5 Bytes JMP 00E90FA8
.text C:\WINDOWS\system32\svchost.exe[472] kernel32.dll!CreateNamedPipeA 7C860CDC 5 Bytes JMP 00E90FB9
.text C:\WINDOWS\system32\svchost.exe[472] kernel32.dll!WinExec 7C86250D 5 Bytes JMP 00E90095
.text C:\WINDOWS\system32\svchost.exe[472] ADVAPI32.dll!RegOpenKeyExW 77DD6AAF 5 Bytes JMP 00E80025
.text C:\WINDOWS\system32\svchost.exe[472] ADVAPI32.dll!RegCreateKeyExW 77DD776C 5 Bytes JMP 00E80073
.text C:\WINDOWS\system32\svchost.exe[472] ADVAPI32.dll!RegOpenKeyExA 77DD7852 5 Bytes JMP 00E80FD4
.text C:\WINDOWS\system32\svchost.exe[472] ADVAPI32.dll!RegOpenKeyW 77DD7946 5 Bytes JMP 00E80FE5
.text C:\WINDOWS\system32\svchost.exe[472] ADVAPI32.dll!RegCreateKeyExA 77DDE9F4 5 Bytes JMP 00E80062
.text C:\WINDOWS\system32\svchost.exe[472] ADVAPI32.dll!RegOpenKeyA 77DDEFC8 5 Bytes JMP 00E80000
.text C:\WINDOWS\system32\svchost.exe[472] ADVAPI32.dll!RegCreateKeyW 77DFBA55 5 Bytes JMP 00E80051
.text C:\WINDOWS\system32\svchost.exe[472] ADVAPI32.dll!RegCreateKeyA 77DFBCF3 5 Bytes JMP 00E80036
.text C:\WINDOWS\system32\svchost.exe[472] msvcrt.dll!_wsystem 77C2931E 5 Bytes JMP 00E70FA6
.text C:\WINDOWS\system32\svchost.exe[472] msvcrt.dll!system 77C293C7 5 Bytes JMP 00E70027
.text C:\WINDOWS\system32\svchost.exe[472] msvcrt.dll!_creat 77C2D40F 5 Bytes JMP 00E7000C
.text C:\WINDOWS\system32\svchost.exe[472] msvcrt.dll!_open 77C2F566 5 Bytes JMP 00E70FEF
.text C:\WINDOWS\system32\svchost.exe[472] msvcrt.dll!_wcreat 77C2FC9B 5 Bytes JMP 00E70FC1
.text C:\WINDOWS\system32\svchost.exe[472] msvcrt.dll!_wopen 77C30055 5 Bytes JMP 00E70FD2
.text C:\WINDOWS\system32\svchost.exe[472] WS2_32.dll!socket 71AB4211 5 Bytes JMP 00E60000
.text C:\WINDOWS\system32\svchost.exe[652] ntdll.dll!NtCreateFile 7C90D0AE 5 Bytes JMP 00C60FE5
.text C:\WINDOWS\system32\svchost.exe[652] ntdll.dll!NtCreateProcess 7C90D14E 5 Bytes JMP 00C60FCA
.text C:\WINDOWS\system32\svchost.exe[652] ntdll.dll!NtProtectVirtualMemory 7C90D6EE 5 Bytes JMP 00C60000
.text C:\WINDOWS\system32\svchost.exe[652] kernel32.dll!CreateFileA 7C801A28 5 Bytes JMP 00C50FE5
.text C:\WINDOWS\system32\svchost.exe[652] kernel32.dll!VirtualProtectEx 7C801A61 5 Bytes JMP 00C50039
.text C:\WINDOWS\system32\svchost.exe[652] kernel32.dll!VirtualProtect 7C801AD4 5 Bytes JMP 00C50F44
.text C:\WINDOWS\system32\svchost.exe[652] kernel32.dll!LoadLibraryExW 7C801AF5 5 Bytes JMP 00C5001E
.text C:\WINDOWS\system32\svchost.exe[652] kernel32.dll!LoadLibraryExA 7C801D53 5 Bytes JMP 00C50F61
.text C:\WINDOWS\system32\svchost.exe[652] kernel32.dll!LoadLibraryA 7C801D7B 5 Bytes JMP 00C50FA1
.text C:\WINDOWS\system32\svchost.exe[652] kernel32.dll!GetStartupInfoW 7C801E54 5 Bytes JMP 00C50F29
.text C:\WINDOWS\system32\svchost.exe[652] kernel32.dll!GetStartupInfoA 7C801EF2 5 Bytes JMP 00C50071
.text C:\WINDOWS\system32\svchost.exe[652] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 00C500C2
.text C:\WINDOWS\system32\svchost.exe[652] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 00C500A7
.text C:\WINDOWS\system32\svchost.exe[652] kernel32.dll!GetProcAddress 7C80AE40 5 Bytes JMP 00C50F04
.text C:\WINDOWS\system32\svchost.exe[652] kernel32.dll!LoadLibraryW 7C80AEEB 5 Bytes JMP 00C50F86
.text C:\WINDOWS\system32\svchost.exe[652] kernel32.dll!CreateFileW 7C810800 5 Bytes JMP 00C50FD4
.text C:\WINDOWS\system32\svchost.exe[652] kernel32.dll!CreatePipe 7C81D83F 5 Bytes JMP 00C50054
.text C:\WINDOWS\system32\svchost.exe[652] kernel32.dll!CreateNamedPipeW 7C82F0DD 5 Bytes JMP 00C50FB2
.text C:\WINDOWS\system32\svchost.exe[652] kernel32.dll!CreateNamedPipeA 7C860CDC 5 Bytes JMP 00C50FC3
.text C:\WINDOWS\system32\svchost.exe[652] kernel32.dll!WinExec 7C86250D 5 Bytes JMP 00C5008C
.text C:\WINDOWS\system32\svchost.exe[652] ADVAPI32.dll!RegOpenKeyExW 77DD6AAF 5 Bytes JMP 00C4002F
.text C:\WINDOWS\system32\svchost.exe[652] ADVAPI32.dll!RegCreateKeyExW 77DD776C 5 Bytes JMP 00C40062
.text C:\WINDOWS\system32\svchost.exe[652] ADVAPI32.dll!RegOpenKeyExA 77DD7852 5 Bytes JMP 00C40FDE
.text C:\WINDOWS\system32\svchost.exe[652] ADVAPI32.dll!RegOpenKeyW 77DD7946 5 Bytes JMP 00C4000A
.text C:\WINDOWS\system32\svchost.exe[652] ADVAPI32.dll!RegCreateKeyExA 77DDE9F4 5 Bytes JMP 00C40051
.text C:\WINDOWS\system32\svchost.exe[652] ADVAPI32.dll!RegOpenKeyA 77DDEFC8 5 Bytes JMP 00C40FEF
.text C:\WINDOWS\system32\svchost.exe[652] ADVAPI32.dll!RegCreateKeyW 77DFBA55 5 Bytes JMP 00C40040
.text C:\WINDOWS\system32\svchost.exe[652] ADVAPI32.dll!RegCreateKeyA 77DFBCF3 5 Bytes JMP 00C40FC3
.text C:\WINDOWS\system32\svchost.exe[652] msvcrt.dll!_wsystem 77C2931E 5 Bytes JMP 00C30FC8
.text C:\WINDOWS\system32\svchost.exe[652] msvcrt.dll!system 77C293C7 5 Bytes JMP 00C30FD9
.text C:\WINDOWS\system32\svchost.exe[652] msvcrt.dll!_creat 77C2D40F 5 Bytes JMP 00C30038
.text C:\WINDOWS\system32\svchost.exe[652] msvcrt.dll!_open 77C2F566 5 Bytes JMP 00C30000
.text C:\WINDOWS\system32\svchost.exe[652] msvcrt.dll!_wcreat 77C2FC9B 5 Bytes JMP 00C30049
.text C:\WINDOWS\system32\svchost.exe[652] msvcrt.dll!_wopen 77C30055 5 Bytes JMP 00C3001D
.text C:\WINDOWS\system32\svchost.exe[688] ntdll.dll!NtCreateFile 7C90D0AE 3 Bytes JMP 00910FE5
.text C:\WINDOWS\system32\svchost.exe[688] ntdll.dll!NtCreateFile + 4 7C90D0B2 1 Byte [84]
.text C:\WINDOWS\system32\svchost.exe[688] ntdll.dll!NtCreateProcess 7C90D14E 3 Bytes JMP 00910025
.text C:\WINDOWS\system32\svchost.exe[688] ntdll.dll!NtCreateProcess + 4 7C90D152 1 Byte [84]
.text C:\WINDOWS\system32\svchost.exe[688] ntdll.dll!NtProtectVirtualMemory 7C90D6EE 3 Bytes JMP 00910000
.text C:\WINDOWS\system32\svchost.exe[688] ntdll.dll!NtProtectVirtualMemory + 4 7C90D6F2 1 Byte [84]
.text C:\WINDOWS\system32\svchost.exe[688] kernel32.dll!CreateFileA 7C801A28 5 Bytes JMP 0090000A
.text C:\WINDOWS\system32\svchost.exe[688] kernel32.dll!VirtualProtectEx 7C801A61 5 Bytes JMP 00900084
.text C:\WINDOWS\system32\svchost.exe[688] kernel32.dll!VirtualProtect 7C801AD4 5 Bytes JMP 00900073
.text C:\WINDOWS\system32\svchost.exe[688] kernel32.dll!LoadLibraryExW 7C801AF5 5 Bytes JMP 00900062
.text C:\WINDOWS\system32\svchost.exe[688] kernel32.dll!LoadLibraryExA 7C801D53 5 Bytes JMP 00900FAF
.text C:\WINDOWS\system32\svchost.exe[688] kernel32.dll!LoadLibraryA 7C801D7B 5 Bytes JMP 00900FD4
.text C:\WINDOWS\system32\svchost.exe[688] kernel32.dll!GetStartupInfoW 7C801E54 5 Bytes JMP 009000C6
.text C:\WINDOWS\system32\svchost.exe[688] kernel32.dll!GetStartupInfoA 7C801EF2 5 Bytes JMP 00900F7E
.text C:\WINDOWS\system32\svchost.exe[688] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 00900F34
.text C:\WINDOWS\system32\svchost.exe[688] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 00900F4F
.text C:\WINDOWS\system32\svchost.exe[688] kernel32.dll!GetProcAddress 7C80AE40 5 Bytes JMP 009000E8
.text C:\WINDOWS\system32\svchost.exe[688] kernel32.dll!LoadLibraryW 7C80AEEB 5 Bytes JMP 00900051
.text C:\WINDOWS\system32\svchost.exe[688] kernel32.dll!CreateFileW 7C810800 5 Bytes JMP 00900FE5
.text C:\WINDOWS\system32\svchost.exe[688] kernel32.dll!CreatePipe 7C81D83F 5 Bytes JMP 0090009F
.text C:\WINDOWS\system32\svchost.exe[688] kernel32.dll!CreateNamedPipeW 7C82F0DD 5 Bytes JMP 00900040
.text C:\WINDOWS\system32\svchost.exe[688] kernel32.dll!CreateNamedPipeA 7C860CDC 5 Bytes JMP 0090001B
.text C:\WINDOWS\system32\svchost.exe[688] kernel32.dll!WinExec 7C86250D 5 Bytes JMP 009000D7
.text C:\WINDOWS\system32\svchost.exe[688] ADVAPI32.dll!RegOpenKeyExW 77DD6AAF 5 Bytes JMP 00BF0025
.text C:\WINDOWS\system32\svchost.exe[688] ADVAPI32.dll!RegCreateKeyExW 77DD776C 5 Bytes JMP 00BF0F9E
.text C:\WINDOWS\system32\svchost.exe[688] ADVAPI32.dll!RegOpenKeyExA 77DD7852 5 Bytes JMP 00BF000A
.text C:\WINDOWS\system32\svchost.exe[688] ADVAPI32.dll!RegOpenKeyW 77DD7946 5 Bytes JMP 00BF0FD4
.text C:\WINDOWS\system32\svchost.exe[688] ADVAPI32.dll!RegCreateKeyExA 77DDE9F4 5 Bytes JMP 00BF005B
.text C:\WINDOWS\system32\svchost.exe[688] ADVAPI32.dll!RegOpenKeyA 77DDEFC8 5 Bytes JMP 00BF0FEF
.text C:\WINDOWS\system32\svchost.exe[688] ADVAPI32.dll!RegCreateKeyW 77DFBA55 2 Bytes JMP 00BF0FB9
.text C:\WINDOWS\system32\svchost.exe[688] ADVAPI32.dll!RegCreateKeyW + 3 77DFBA58 2 Bytes [DF, 88]
.text C:\WINDOWS\system32\svchost.exe[688] ADVAPI32.dll!RegCreateKeyA 77DFBCF3 5 Bytes JMP 00BF0040
.text C:\WINDOWS\system32\svchost.exe[688] msvcrt.dll!_wsystem 77C2931E 5 Bytes JMP 00BE002F
.text C:\WINDOWS\system32\svchost.exe[688] msvcrt.dll!system 77C293C7 5 Bytes JMP 00BE0FA4
.text C:\WINDOWS\system32\svchost.exe[688] msvcrt.dll!_creat 77C2D40F 5 Bytes JMP 00BE0FC6
.text C:\WINDOWS\system32\svchost.exe[688] msvcrt.dll!_open 77C2F566 5 Bytes JMP 00BE0000
.text C:\WINDOWS\system32\svchost.exe[688] msvcrt.dll!_wcreat 77C2FC9B 5 Bytes JMP 00BE0FB5
.text C:\WINDOWS\system32\svchost.exe[688] msvcrt.dll!_wopen 77C30055 5 Bytes JMP 00BE0FE3
.text C:\WINDOWS\system32\svchost.exe[688] WININET.dll!InternetOpenA 3D95D690 5 Bytes JMP 0092000A
.text C:\WINDOWS\system32\svchost.exe[688] WININET.dll!InternetOpenW 3D95DB09 5 Bytes JMP 0092001B
.text C:\WINDOWS\system32\svchost.exe[688] WININET.dll!InternetOpenUrlA 3D95F3A4 5 Bytes JMP 00920036
.text C:\WINDOWS\system32\svchost.exe[688] WININET.dll!InternetOpenUrlW 3D9A6D5F 5 Bytes JMP 00920047
.text C:\WINDOWS\system32\svchost.exe[688] WS2_32.dll!socket 71AB4211 5 Bytes JMP 00930FEF
.text C:\WINDOWS\system32\svchost.exe[836] ntdll.dll!NtCreateFile 7C90D0AE 5 Bytes JMP 019B0000
.text C:\WINDOWS\system32\svchost.exe[836] ntdll.dll!NtCreateProcess 7C90D14E 5 Bytes JMP 019B0FD1
.text C:\WINDOWS\system32\svchost.exe[836] ntdll.dll!NtProtectVirtualMemory 7C90D6EE 5 Bytes JMP 019B0011
.text C:\WINDOWS\system32\svchost.exe[836] kernel32.dll!CreateFileA 7C801A28 5 Bytes JMP 019A0000
.text C:\WINDOWS\system32\svchost.exe[836] kernel32.dll!VirtualProtectEx 7C801A61 5 Bytes JMP 019A0073
.text C:\WINDOWS\system32\svchost.exe[836] kernel32.dll!VirtualProtect 7C801AD4 5 Bytes JMP 019A0062
.text C:\WINDOWS\system32\svchost.exe[836] kernel32.dll!LoadLibraryExW 7C801AF5 5 Bytes JMP 019A0051
.text C:\WINDOWS\system32\svchost.exe[836] kernel32.dll!LoadLibraryExA 7C801D53 5 Bytes JMP 019A0040
.text C:\WINDOWS\system32\svchost.exe[836] kernel32.dll!LoadLibraryA 7C801D7B 5 Bytes JMP 019A0FAF
.text C:\WINDOWS\system32\svchost.exe[836] kernel32.dll!GetStartupInfoW 7C801E54 5 Bytes JMP 019A009F
.text C:\WINDOWS\system32\svchost.exe[836] kernel32.dll!GetStartupInfoA 7C801EF2 5 Bytes JMP 019A0F57
.text C:\WINDOWS\system32\svchost.exe[836] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 019A00C1
.text C:\WINDOWS\system32\svchost.exe[836] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 019A00B0
.text C:\WINDOWS\system32\svchost.exe[836] kernel32.dll!GetProcAddress 7C80AE40 5 Bytes JMP 019A00D2
.text C:\WINDOWS\system32\svchost.exe[836] kernel32.dll!LoadLibraryW 7C80AEEB 5 Bytes JMP 019A0F9E
.text C:\WINDOWS\system32\svchost.exe[836] kernel32.dll!CreateFileW 7C810800 5 Bytes JMP 019A0FE5
.text C:\WINDOWS\system32\svchost.exe[836] kernel32.dll!CreatePipe 7C81D83F 5 Bytes JMP 019A0084
.text C:\WINDOWS\system32\svchost.exe[836] kernel32.dll!CreateNamedPipeW 7C82F0DD 5 Bytes JMP 019A001B
.text C:\WINDOWS\system32\svchost.exe[836] kernel32.dll!CreateNamedPipeA 7C860CDC 5 Bytes JMP 019A0FCA
.text C:\WINDOWS\system32\svchost.exe[836] kernel32.dll!WinExec 7C86250D 5 Bytes JMP 019A0F3C
.text C:\WINDOWS\system32\svchost.exe[836] ADVAPI32.dll!RegOpenKeyExW 77DD6AAF 5 Bytes JMP 00FF0FB9
.text C:\WINDOWS\system32\svchost.exe[836] ADVAPI32.dll!RegCreateKeyExW 77DD776C 5 Bytes JMP 00FF0065
.text C:\WINDOWS\system32\svchost.exe[836] ADVAPI32.dll!RegOpenKeyExA 77DD7852 5 Bytes JMP 00FF0FD4
.text C:\WINDOWS\system32\svchost.exe[836] ADVAPI32.dll!RegOpenKeyW 77DD7946 5 Bytes JMP 00FF000A
.text C:\WINDOWS\system32\svchost.exe[836] ADVAPI32.dll!RegCreateKeyExA 77DDE9F4 5 Bytes JMP 00FF004A
.text C:\WINDOWS\system32\svchost.exe[836] ADVAPI32.dll!RegOpenKeyA 77DDEFC8 5 Bytes JMP 00FF0FEF
.text C:\WINDOWS\system32\svchost.exe[836] ADVAPI32.dll!RegCreateKeyW 77DFBA55 5 Bytes JMP 00FF002F
.text C:\WINDOWS\system32\svchost.exe[836] ADVAPI32.dll!RegCreateKeyA 77DFBCF3 5 Bytes JMP 00FF0FA8
.text C:\WINDOWS\system32\svchost.exe[836] msvcrt.dll!_wsystem 77C2931E 5 Bytes JMP 01A60FB2
.text C:\WINDOWS\system32\svchost.exe[836] msvcrt.dll!system 77C293C7 5 Bytes JMP 01A60FCD
.text C:\WINDOWS\system32\svchost.exe[836] msvcrt.dll!_creat 77C2D40F 5 Bytes JMP 01A60FDE
.text C:\WINDOWS\system32\svchost.exe[836] msvcrt.dll!_open 77C2F566 5 Bytes JMP 01A6000C
.text C:\WINDOWS\system32\svchost.exe[836] msvcrt.dll!_wcreat 77C2FC9B 5 Bytes JMP 01A6003D
.text C:\WINDOWS\system32\svchost.exe[836] msvcrt.dll!_wopen 77C30055 5 Bytes JMP 01A60FEF
.text C:\WINDOWS\system32\svchost.exe[836] WS2_32.dll!socket 71AB4211 5 Bytes JMP 019D0000
.text C:\WINDOWS\system32\svchost.exe[836] WININET.dll!InternetOpenA 3D95D690 5 Bytes JMP 019C0FE5
.text C:\WINDOWS\system32\svchost.exe[836] WININET.dll!InternetOpenW 3D95DB09 5 Bytes JMP 019C0FD4
.text C:\WINDOWS\system32\svchost.exe[836] WININET.dll!InternetOpenUrlA 3D95F3A4 5 Bytes JMP 019C000A
.text C:\WINDOWS\system32\svchost.exe[836] WININET.dll!InternetOpenUrlW 3D9A6D5F 5 Bytes JMP 019C0FB9
.text C:\Program Files\Common Files\Mcafee\McSvcHost\McSvHost.exe[1092] kernel32.dll!LoadLibraryA 7C801D7B 5 Bytes JMP 62419A20 C:\Program Files\Common Files\McAfee\McProxy\mcproxy.dll (McAfee Proxy Service Module/McAfee, Inc.)
.text C:\Program Files\Common Files\Mcafee\McSvcHost\McSvHost.exe[1092] kernel32.dll!LoadLibraryW 7C80AEEB 5 Bytes JMP 62419AE2 C:\Program Files\Common Files\McAfee\McProxy\mcproxy.dll (McAfee Proxy Service Module/McAfee, Inc.)
.text C:\Program Files\Microsoft SQL Server\MSSQL$VAIO_VEDB\Binn\sqlservr.exe[1176] ntdll.dll!NtCreateFile 7C90D0AE 5 Bytes JMP 025B0FEF
.text C:\Program Files\Microsoft SQL Server\MSSQL$VAIO_VEDB\Binn\sqlservr.exe[1176] ntdll.dll!NtCreateProcess 7C90D14E 5 Bytes JMP 025B0FD4
.text C:\Program Files\Microsoft SQL Server\MSSQL$VAIO_VEDB\Binn\sqlservr.exe[1176] ntdll.dll!NtProtectVirtualMemory 7C90D6EE 5 Bytes JMP 025B000A
.text C:\Program Files\Microsoft SQL Server\MSSQL$VAIO_VEDB\Binn\sqlservr.exe[1176] kernel32.dll!CreateFileA 7C801A28 5 Bytes JMP 025A0FE5
.text C:\Program Files\Microsoft SQL Server\MSSQL$VAIO_VEDB\Binn\sqlservr.exe[1176] kernel32.dll!VirtualProtectEx 7C801A61 5 Bytes JMP 025A0F6B
.text C:\Program Files\Microsoft SQL Server\MSSQL$VAIO_VEDB\Binn\sqlservr.exe[1176] kernel32.dll!VirtualProtect 7C801AD4 5 Bytes JMP 025A0060
.text C:\Program Files\Microsoft SQL Server\MSSQL$VAIO_VEDB\Binn\sqlservr.exe[1176] kernel32.dll!LoadLibraryExW 7C801AF5 5 Bytes JMP 025A0039
.text C:\Program Files\Microsoft SQL Server\MSSQL$VAIO_VEDB\Binn\sqlservr.exe[1176] kernel32.dll!LoadLibraryExA 7C801D53 5 Bytes JMP 025A0F86
.text C:\Program Files\Microsoft SQL Server\MSSQL$VAIO_VEDB\Binn\sqlservr.exe[1176] kernel32.dll!LoadLibraryA 7C801D7B 5 Bytes JMP 025A0014
.text C:\Program Files\Microsoft SQL Server\MSSQL$VAIO_VEDB\Binn\sqlservr.exe[1176] kernel32.dll!GetStartupInfoW 7C801E54 5 Bytes JMP 025A0F33
.text C:\Program Files\Microsoft SQL Server\MSSQL$VAIO_VEDB\Binn\sqlservr.exe[1176] kernel32.dll!GetStartupInfoA 7C801EF2 5 Bytes JMP 025A007B
.text C:\Program Files\Microsoft SQL Server\MSSQL$VAIO_VEDB\Binn\sqlservr.exe[1176] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 025A00A7
.text C:\Program Files\Microsoft SQL Server\MSSQL$VAIO_VEDB\Binn\sqlservr.exe[1176] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 025A0096
.text C:\Program Files\Microsoft SQL Server\MSSQL$VAIO_VEDB\Binn\sqlservr.exe[1176] kernel32.dll!GetProcAddress 7C80AE40 5 Bytes JMP 025A00C2
.text C:\Program Files\Microsoft SQL Server\MSSQL$VAIO_VEDB\Binn\sqlservr.exe[1176] kernel32.dll!LoadLibraryW 7C80AEEB 5 Bytes JMP 025A0F97
.text C:\Program Files\Microsoft SQL Server\MSSQL$VAIO_VEDB\Binn\sqlservr.exe[1176] kernel32.dll!CreateFileW 7C810800 5 Bytes JMP 025A0FD4
.text C:\Program Files\Microsoft SQL Server\MSSQL$VAIO_VEDB\Binn\sqlservr.exe[1176] kernel32.dll!CreatePipe 7C81D83F 5 Bytes JMP 025A0F50
.text C:\Program Files\Microsoft SQL Server\MSSQL$VAIO_VEDB\Binn\sqlservr.exe[1176] kernel32.dll!CreateNamedPipeW 7C82F0DD 5 Bytes JMP 025A0FA8
.text C:\Program Files\Microsoft SQL Server\MSSQL$VAIO_VEDB\Binn\sqlservr.exe[1176] kernel32.dll!CreateNamedPipeA 7C860CDC 5 Bytes JMP 025A0FC3
.text C:\Program Files\Microsoft SQL Server\MSSQL$VAIO_VEDB\Binn\sqlservr.exe[1176] kernel32.dll!WinExec 7C86250D 5 Bytes JMP 025A0F18
.text C:\Program Files\Microsoft SQL Server\MSSQL$VAIO_VEDB\Binn\sqlservr.exe[1176] ADVAPI32.DLL!RegOpenKeyExW 77DD6AAF 5 Bytes JMP 00DB0FDE
.text C:\Program Files\Microsoft SQL Server\MSSQL$VAIO_VEDB\Binn\sqlservr.exe[1176] ADVAPI32.DLL!RegCreateKeyExW 77DD776C 5 Bytes JMP 00DB0FA8
.text C:\Program Files\Microsoft SQL Server\MSSQL$VAIO_VEDB\Binn\sqlservr.exe[1176] ADVAPI32.DLL!RegOpenKeyExA 77DD7852 5 Bytes JMP 00DB0025
.text C:\Program Files\Microsoft SQL Server\MSSQL$VAIO_VEDB\Binn\sqlservr.exe[1176] ADVAPI32.DLL!RegOpenKeyW 77DD7946 5 Bytes JMP 00DB000A
.text C:\Program Files\Microsoft SQL Server\MSSQL$VAIO_VEDB\Binn\sqlservr.exe[1176] ADVAPI32.DLL!RegCreateKeyExA 77DDE9F4 5 Bytes JMP 00DB005B
.text C:\Program Files\Microsoft SQL Server\MSSQL$VAIO_VEDB\Binn\sqlservr.exe[1176] ADVAPI32.DLL!RegOpenKeyA 77DDEFC8 5 Bytes JMP 00DB0FEF
.text C:\Program Files\Microsoft SQL Server\MSSQL$VAIO_VEDB\Binn\sqlservr.exe[1176] ADVAPI32.DLL!RegCreateKeyW 77DFBA55 2 Bytes JMP 00DB0FB9
.text C:\Program Files\Microsoft SQL Server\MSSQL$VAIO_VEDB\Binn\sqlservr.exe[1176] ADVAPI32.DLL!RegCreateKeyW + 3 77DFBA58 2 Bytes [FB, 88]
.text C:\Program Files\Microsoft SQL Server\MSSQL$VAIO_VEDB\Binn\sqlservr.exe[1176] ADVAPI32.DLL!RegCreateKeyA 77DFBCF3 5 Bytes JMP 00DB0040
.text C:\Program Files\Microsoft SQL Server\MSSQL$VAIO_VEDB\Binn\sqlservr.exe[1176] MSVCRT.DLL!_wsystem 77C2931E 5 Bytes JMP 025D0049
.text C:\Program Files\Microsoft SQL Server\MSSQL$VAIO_VEDB\Binn\sqlservr.exe[1176] MSVCRT.DLL!system 77C293C7 5 Bytes JMP 025D0038
.text C:\Program Files\Microsoft SQL Server\MSSQL$VAIO_VEDB\Binn\sqlservr.exe[1176] MSVCRT.DLL!_creat 77C2D40F 5 Bytes JMP 025D001D
.text C:\Program Files\Microsoft SQL Server\MSSQL$VAIO_VEDB\Binn\sqlservr.exe[1176] MSVCRT.DLL!_open 77C2F566 5 Bytes JMP 025D0000
.text C:\Program Files\Microsoft SQL Server\MSSQL$VAIO_VEDB\Binn\sqlservr.exe[1176] MSVCRT.DLL!_wcreat 77C2FC9B 5 Bytes JMP 025D0FBE
.text C:\Program Files\Microsoft SQL Server\MSSQL$VAIO_VEDB\Binn\sqlservr.exe[1176] MSVCRT.DLL!_wopen 77C30055 5 Bytes JMP 025D0FE3
.text C:\Program Files\Microsoft SQL Server\MSSQL$VAIO_VEDB\Binn\sqlservr.exe[1176] WS2_32.dll!socket 00CF4211 5 Bytes JMP 025C000A
.text C:\Program Files\internet explorer\iexplore.exe[1332] ntdll.dll!NtCreateFile 7C90D0AE 5 Bytes JMP 00B90FEF
.text C:\Program Files\internet explorer\iexplore.exe[1332] ntdll.dll!NtCreateProcess 7C90D14E 5 Bytes JMP 00B90FDE
.text C:\Program Files\internet explorer\iexplore.exe[1332] ntdll.dll!NtProtectVirtualMemory 7C90D6EE 5 Bytes JMP 00B9000A
.text C:\Program Files\internet explorer\iexplore.exe[1332] kernel32.dll!CreateFileA 7C801A28 5 Bytes JMP 00B80FEF
.text C:\Program Files\internet explorer\iexplore.exe[1332] kernel32.dll!VirtualProtectEx 7C801A61 5 Bytes JMP 00B80F94
.text C:\Program Files\internet explorer\iexplore.exe[1332] kernel32.dll!VirtualProtect 7C801AD4 5 Bytes JMP 00B8007F
.text C:\Program Files\internet explorer\iexplore.exe[1332] kernel32.dll!LoadLibraryExW 7C801AF5 5 Bytes JMP 00B80FA5
.text C:\Program Files\internet explorer\iexplore.exe[1332] kernel32.dll!LoadLibraryExA 7C801D53 5 Bytes JMP 00B80062
.text C:\Program Files\internet explorer\iexplore.exe[1332] kernel32.dll!LoadLibraryA 7C801D7B 5 Bytes JMP 00B80051
.text C:\Program Files\internet explorer\iexplore.exe[1332] kernel32.dll!GetStartupInfoW 7C801E54 5 Bytes JMP 00B80F61
.text C:\Program Files\internet explorer\iexplore.exe[1332] kernel32.dll!GetStartupInfoA 7C801EF2 5 Bytes JMP 00B80F72
.text C:\Program Files\internet explorer\iexplore.exe[1332] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 00B80F35
.text C:\Program Files\internet explorer\iexplore.exe[1332] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 00B80F46
.text C:\Program Files\internet explorer\iexplore.exe[1332] kernel32.dll!GetProcAddress 7C80AE40 5 Bytes JMP 00B800DF
.text C:\Program Files\internet explorer\iexplore.exe[1332] kernel32.dll!LoadLibraryW 7C80AEEB 5 Bytes JMP 00B80FC0
.text C:\Program Files\internet explorer\iexplore.exe[1332] kernel32.dll!CreateFileW 7C810800 5 Bytes JMP 00B80014
.text C:\Program Files\internet explorer\iexplore.exe[1332] kernel32.dll!CreatePipe 7C81D83F 5 Bytes JMP 00B80F83
.text C:\Program Files\internet explorer\iexplore.exe[1332] kernel32.dll!CreateNamedPipeW 7C82F0DD 5 Bytes JMP 00B80036
.text C:\Program Files\internet explorer\iexplore.exe[1332] kernel32.dll!CreateNamedPipeA 7C860CDC 5 Bytes JMP 00B80025
.text C:\Program Files\internet explorer\iexplore.exe[1332] kernel32.dll!WinExec 7C86250D 5 Bytes JMP 00B800C4
.text C:\Program Files\internet explorer\iexplore.exe[1332] ADVAPI32.dll!RegOpenKeyExW 77DD6AAF 5 Bytes JMP 00B7002C
.text C:\Program Files\internet explorer\iexplore.exe[1332] ADVAPI32.dll!RegCreateKeyExW 77DD776C 5 Bytes JMP 00B70F91
.text C:\Program Files\internet explorer\iexplore.exe[1332] ADVAPI32.dll!RegOpenKeyExA 77DD7852 5 Bytes JMP 00B70FD1
.text C:\Program Files\internet explorer\iexplore.exe[1332] ADVAPI32.dll!RegOpenKeyW 77DD7946 5 Bytes JMP 00B70011
.text C:\Program Files\internet explorer\iexplore.exe[1332] ADVAPI32.dll!RegCreateKeyExA 77DDE9F4 5 Bytes JMP 00B70FAC
.text C:\Program Files\internet explorer\iexplore.exe[1332] ADVAPI32.dll!RegOpenKeyA 77DDEFC8 5 Bytes JMP 00B70000
.text C:\Program Files\internet explorer\iexplore.exe[1332] ADVAPI32.dll!RegCreateKeyW 77DFBA55 5 Bytes JMP 00B7004E
.text C:\Program Files\internet explorer\iexplore.exe[1332] ADVAPI32.dll!RegCreateKeyA 77DFBCF3 5 Bytes JMP 00B7003D
.text C:\Program Files\internet explorer\iexplore.exe[1332] USER32.dll!DialogBoxParamW 7E4247AB 5 Bytes JMP 3E2154C5 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\internet explorer\iexplore.exe[1332] USER32.dll!SetWindowsHookExW 7E42820F 5 Bytes JMP 3E2E9A91 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\internet explorer\iexplore.exe[1332] USER32.dll!CallNextHookEx 7E42B3C6 5 Bytes JMP 3E2DD0CD C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\internet explorer\iexplore.exe[1332] USER32.dll!CreateWindowExW 7E42D0A3 5 Bytes JMP 3E2EDB04 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\internet explorer\iexplore.exe[1332] USER32.dll!UnhookWindowsHookEx 7E42D5F3 5 Bytes JMP 3E25466E C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\internet explorer\iexplore.exe[1332] USER32.dll!DialogBoxIndirectParamW 7E432072 5 Bytes JMP 3E3E5329 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\internet explorer\iexplore.exe[1332] USER32.dll!MessageBoxIndirectA 7E43A082 5 Bytes JMP 3E3E525B C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\internet explorer\iexplore.exe[1332] USER32.dll!DialogBoxParamA 7E43B144 5 Bytes JMP 3E3E52C6 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\internet explorer\iexplore.exe[1332] USER32.dll!MessageBoxExW 7E450838 5 Bytes JMP 3E3E512C C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\internet explorer\iexplore.exe[1332] USER32.dll!MessageBoxExA 7E45085C 5 Bytes JMP 3E3E518E C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\internet explorer\iexplore.exe[1332] USER32.dll!DialogBoxIndirectParamA 7E456D7D 5 Bytes JMP 3E3E538C C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\internet explorer\iexplore.exe[1332] USER32.dll!MessageBoxIndirectW 7E4664D5 5 Bytes JMP 3E3E51F0 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\internet explorer\iexplore.exe[1332] msvcrt.dll!_wsystem 77C2931E 5 Bytes JMP 00B6004C
.text C:\Program Files\internet explorer\iexplore.exe[1332] msvcrt.dll!system 77C293C7 5 Bytes JMP 00B60FB7
.text C:\Program Files\internet explorer\iexplore.exe[1332] msvcrt.dll!_creat 77C2D40F 5 Bytes JMP 00B60027
.text C:\Program Files\internet explorer\iexplore.exe[1332] msvcrt.dll!_open 77C2F566 5 Bytes JMP 00B60000
.text C:\Program Files\internet explorer\iexplore.exe[1332] msvcrt.dll!_wcreat 77C2FC9B 5 Bytes JMP 00B60FD2
.text C:\Program Files\internet explorer\iexplore.exe[1332] msvcrt.dll!_wopen 77C30055 5 Bytes JMP 00B60FE3
.text C:\Program Files\internet explorer\iexplore.exe[1332] ole32.dll!CoCreateInstance 774FF1AC 5 Bytes JMP 3E2EDB60 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\internet explorer\iexplore.exe[1332] ole32.dll!OleLoadFromStream 7752981B 5 Bytes JMP 3E3E5691 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\internet explorer\iexplore.exe[1332] WININET.dll!InternetOpenA 3D95D690 5 Bytes JMP 00B40000
.text C:\Program Files\internet explorer\iexplore.exe[1332] WININET.dll!InternetOpenW 3D95DB09 5 Bytes JMP 00B40011
.text C:\Program Files\internet explorer\iexplore.exe[1332] WININET.dll!InternetOpenUrlA 3D95F3A4 5 Bytes JMP 00B40FD1
.text C:\Program Files\internet explorer\iexplore.exe[1332] WININET.dll!InternetOpenUrlW 3D9A6D5F 5 Bytes JMP 00B40022
.text C:\Program Files\internet explorer\iexplore.exe[1332] ws2_32.dll!socket 71AB4211 5 Bytes JMP 00B50000
.text C:\WINDOWS\system32\services.exe[1436] ntdll.dll!NtCreateFile 7C90D0AE 5 Bytes JMP 00D90000
.text C:\WINDOWS\system32\services.exe[1436] ntdll.dll!NtCreateProcess 7C90D14E 5 Bytes JMP 00D90FDB
.text C:\WINDOWS\system32\services.exe[1436] ntdll.dll!NtProtectVirtualMemory 7C90D6EE 5 Bytes JMP 00D90011
.text C:\WINDOWS\system32\services.exe[1436] kernel32.dll!CreateFileA 7C801A28 5 Bytes JMP 00D80FE5
.text C:\WINDOWS\system32\services.exe[1436] kernel32.dll!VirtualProtectEx 7C801A61 5 Bytes JMP 00D80076
.text C:\WINDOWS\system32\services.exe[1436] kernel32.dll!VirtualProtect 7C801AD4 5 Bytes JMP 00D80F81
.text C:\WINDOWS\system32\services.exe[1436] kernel32.dll!LoadLibraryExW 7C801AF5 5 Bytes JMP 00D8005B
.text C:\WINDOWS\system32\services.exe[1436] kernel32.dll!LoadLibraryExA 7C801D53 5 Bytes JMP 00D80040
.text C:\WINDOWS\system32\services.exe[1436] kernel32.dll!LoadLibraryA 7C801D7B 5 Bytes JMP 00D8002F
.text C:\WINDOWS\system32\services.exe[1436] kernel32.dll!GetStartupInfoW 7C801E54 5 Bytes JMP 00D800A2
.text C:\WINDOWS\system32\services.exe[1436] kernel32.dll!GetStartupInfoA 7C801EF2 5 Bytes JMP 00D80F66
.text C:\WINDOWS\system32\services.exe[1436] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 00D800F3
.text C:\WINDOWS\system32\services.exe[1436] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 00D800D8
.text C:\WINDOWS\system32\services.exe[1436] kernel32.dll!GetProcAddress 7C80AE40 5 Bytes JMP 00D80F3F
.text C:\WINDOWS\system32\services.exe[1436] kernel32.dll!LoadLibraryW 7C80AEEB 5 Bytes JMP 00D80F9E
.text C:\WINDOWS\system32\services.exe[1436] kernel32.dll!CreateFileW 7C810800 5 Bytes JMP 00D80FD4
.text C:\WINDOWS\system32\services.exe[1436] kernel32.dll!CreatePipe 7C81D83F 5 Bytes JMP 00D80091
.text C:\WINDOWS\system32\services.exe[1436] kernel32.dll!CreateNamedPipeW 7C82F0DD 5 Bytes JMP 00D80FC3
.text C:\WINDOWS\system32\services.exe[1436] kernel32.dll!CreateNamedPipeA 7C860CDC 5 Bytes JMP 00D8000A
.text C:\WINDOWS\system32\services.exe[1436] kernel32.dll!WinExec 7C86250D 5 Bytes JMP 00D800BD
.text C:\WINDOWS\system32\services.exe[1436] ADVAPI32.dll!RegOpenKeyExW 77DD6AAF 5 Bytes JMP 00DC002F
.text C:\WINDOWS\system32\services.exe[1436] ADVAPI32.dll!RegCreateKeyExW 77DD776C 5 Bytes JMP 00DC0076
.text C:\WINDOWS\system32\services.exe[1436] ADVAPI32.dll!RegOpenKeyExA 77DD7852 5 Bytes JMP 00DC0FD4
.text C:\WINDOWS\system32\services.exe[1436] ADVAPI32.dll!RegOpenKeyW 77DD7946 5 Bytes JMP 00DC0FEF
.text C:\WINDOWS\system32\services.exe[1436] ADVAPI32.dll!RegCreateKeyExA 77DDE9F4 5 Bytes JMP 00DC0FB9
.text C:\WINDOWS\system32\services.exe[1436] ADVAPI32.dll!RegOpenKeyA 77DDEFC8 5 Bytes JMP 00DC0000
.text C:\WINDOWS\system32\services.exe[1436] ADVAPI32.dll!RegCreateKeyW 77DFBA55 5 Bytes JMP 00DC005B
.text C:\WINDOWS\system32\services.exe[1436] ADVAPI32.dll!RegCreateKeyA 77DFBCF3 5 Bytes JMP 00DC0040
.text C:\WINDOWS\system32\services.exe[1436] msvcrt.dll!_wsystem 77C2931E 5 Bytes JMP 00DB0FDE
.text C:\WINDOWS\system32\services.exe[1436] msvcrt.dll!system 77C293C7 5 Bytes JMP 00DB0069
.text C:\WINDOWS\system32\services.exe[1436] msvcrt.dll!_creat 77C2D40F 5 Bytes JMP 00DB0FEF
.text C:\WINDOWS\system32\services.exe[1436] msvcrt.dll!_open 77C2F566 5 Bytes JMP 00DB000C
.text C:\WINDOWS\system32\services.exe[1436] msvcrt.dll!_wcreat 77C2FC9B 5 Bytes JMP 00DB0044
.text C:\WINDOWS\system32\services.exe[1436] msvcrt.dll!_wopen 77C30055 5 Bytes JMP 00DB0029
.text C:\WINDOWS\system32\services.exe[1436] WS2_32.dll!socket 71AB4211 5 Bytes JMP 00DA0FEF
.text C:\WINDOWS\system32\lsass.exe[1472] ntdll.dll!NtCreateFile 7C90D0AE 5 Bytes JMP 00D80FEF
.text C:\WINDOWS\system32\lsass.exe[1472] ntdll.dll!NtCreateProcess 7C90D14E 5 Bytes JMP 00D8000A
.text C:\WINDOWS\system32\lsass.exe[1472] ntdll.dll!NtProtectVirtualMemory 7C90D6EE 5 Bytes JMP 00D80FD4
.text C:\WINDOWS\system32\lsass.exe[1472] kernel32.dll!CreateFileA 7C801A28 5 Bytes JMP 00D70FEF
.text C:\WINDOWS\system32\lsass.exe[1472] kernel32.dll!VirtualProtectEx 7C801A61 5 Bytes JMP 00D70F5C
.text C:\WINDOWS\system32\lsass.exe[1472] kernel32.dll!VirtualProtect 7C801AD4 5 Bytes JMP 00D70F81
.text C:\WINDOWS\system32\lsass.exe[1472] kernel32.dll!LoadLibraryExW 7C801AF5 5 Bytes JMP 00D70F9E
.text C:\WINDOWS\system32\lsass.exe[1472] kernel32.dll!LoadLibraryExA 7C801D53 5 Bytes JMP 00D7005B
.text C:\WINDOWS\system32\lsass.exe[1472] kernel32.dll!LoadLibraryA 7C801D7B 5 Bytes JMP 00D70FAF
.text C:\WINDOWS\system32\lsass.exe[1472] kernel32.dll!GetStartupInfoW 7C801E54 5 Bytes JMP 00D70F3A
.text C:\WINDOWS\system32\lsass.exe[1472] kernel32.dll!GetStartupInfoA 7C801EF2 5 Bytes JMP 00D70082
.text C:\WINDOWS\system32\lsass.exe[1472] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 00D700AE
.text C:\WINDOWS\system32\lsass.exe[1472] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 00D70F1F
.text C:\WINDOWS\system32\lsass.exe[1472] kernel32.dll!GetProcAddress 7C80AE40 5 Bytes JMP 00D70EFA
.text C:\WINDOWS\system32\lsass.exe[1472] kernel32.dll!LoadLibraryW 7C80AEEB 5 Bytes JMP 00D70040
.text C:\WINDOWS\system32\lsass.exe[1472] kernel32.dll!CreateFileW 7C810800 5 Bytes JMP 00D70FD4
.text C:\WINDOWS\system32\lsass.exe[1472] kernel32.dll!CreatePipe 7C81D83F 5 Bytes JMP 00D70F4B
.text C:\WINDOWS\system32\lsass.exe[1472] kernel32.dll!CreateNamedPipeW 7C82F0DD 5 Bytes JMP 00D7001B
.text C:\WINDOWS\system32\lsass.exe[1472] kernel32.dll!CreateNamedPipeA 7C860CDC 5 Bytes JMP 00D70000
.text C:\WINDOWS\system32\lsass.exe[1472] kernel32.dll!WinExec 7C86250D 5 Bytes JMP 00D7009D
.text C:\WINDOWS\system32\lsass.exe[1472] ADVAPI32.dll!RegOpenKeyExW 77DD6AAF 5 Bytes JMP 00FD0FB9
.text C:\WINDOWS\system32\lsass.exe[1472] ADVAPI32.dll!RegCreateKeyExW 77DD776C 5 Bytes JMP 00FD0065
.text C:\WINDOWS\system32\lsass.exe[1472] ADVAPI32.dll!RegOpenKeyExA 77DD7852 5 Bytes JMP 00FD000A
.text C:\WINDOWS\system32\lsass.exe[1472] ADVAPI32.dll!RegOpenKeyW 77DD7946 5 Bytes JMP 00FD0FD4
.text C:\WINDOWS\system32\lsass.exe[1472] ADVAPI32.dll!RegCreateKeyExA 77DDE9F4 5 Bytes JMP 00FD004A
.text C:\WINDOWS\system32\lsass.exe[1472] ADVAPI32.dll!RegOpenKeyA 77DDEFC8 5 Bytes JMP 00FD0FEF
.text C:\WINDOWS\system32\lsass.exe[1472] ADVAPI32.dll!RegCreateKeyW 77DFBA55 2 Bytes JMP 00FD0FA8
.text C:\WINDOWS\system32\lsass.exe[1472] ADVAPI32.dll!RegCreateKeyW + 3 77DFBA58 2 Bytes [1D, 89]
.text C:\WINDOWS\system32\lsass.exe[1472] ADVAPI32.dll!RegCreateKeyA 77DFBCF3 5 Bytes JMP 00FD002F
.text C:\WINDOWS\system32\lsass.exe[1472] msvcrt.dll!_wsystem 77C2931E 5 Bytes JMP 00DA0062
.text C:\WINDOWS\system32\lsass.exe[1472] msvcrt.dll!system 77C293C7 5 Bytes JMP 00DA0047
.text C:\WINDOWS\system32\lsass.exe[1472] msvcrt.dll!_creat 77C2D40F 5 Bytes JMP 00DA0011
.text C:\WINDOWS\system32\lsass.exe[1472] msvcrt.dll!_open 77C2F566 5 Bytes JMP 00DA0FEF
.text C:\WINDOWS\system32\lsass.exe[1472] msvcrt.dll!_wcreat 77C2FC9B 5 Bytes JMP 00DA0036
.text C:\WINDOWS\system32\lsass.exe[1472] msvcrt.dll!_wopen 77C30055 5 Bytes JMP 00DA0000
.text C:\WINDOWS\system32\lsass.exe[1472] WS2_32.dll!socket 71AB4211 5 Bytes JMP 00D90000
.text C:\WINDOWS\system32\svchost.exe[1624] ntdll.dll!NtCreateFile 7C90D0AE 5 Bytes JMP 00F90FEF
.text C:\WINDOWS\system32\svchost.exe[1624] ntdll.dll!NtCreateProcess 7C90D14E 5 Bytes JMP 00F90011
.text C:\WINDOWS\system32\svchost.exe[1624] ntdll.dll!NtProtectVirtualMemory 7C90D6EE 5 Bytes JMP 00F90000
.text C:\WINDOWS\system32\svchost.exe[1624] kernel32.dll!CreateFileA 7C801A28 5 Bytes JMP 00F80000
.text C:\WINDOWS\system32\svchost.exe[1624] kernel32.dll!VirtualProtectEx 7C801A61 5 Bytes JMP 00F80F94
.text C:\WINDOWS\system32\svchost.exe[1624] kernel32.dll!VirtualProtect 7C801AD4 5 Bytes JMP 00F8007F
.text C:\WINDOWS\system32\svchost.exe[1624] kernel32.dll!LoadLibraryExW 7C801AF5 5 Bytes JMP 00F8006E
.text C:\WINDOWS\system32\svchost.exe[1624] kernel32.dll!LoadLibraryExA 7C801D53 5 Bytes JMP 00F80051
.text C:\WINDOWS\system32\svchost.exe[1624] kernel32.dll!LoadLibraryA 7C801D7B 5 Bytes JMP 00F80FC0
.text C:\WINDOWS\system32\svchost.exe[1624] kernel32.dll!GetStartupInfoW 7C801E54 5 Bytes JMP 00F800C1
.text C:\WINDOWS\system32\svchost.exe[1624] kernel32.dll!GetStartupInfoA 7C801EF2 5 Bytes JMP 00F800A4
.text C:\WINDOWS\system32\svchost.exe[1624] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 00F80108
.text C:\WINDOWS\system32\svchost.exe[1624] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 00F800ED
.text C:\WINDOWS\system32\svchost.exe[1624] kernel32.dll!GetProcAddress 7C80AE40 5 Bytes JMP 00F80119
.text C:\WINDOWS\system32\svchost.exe[1624] kernel32.dll!LoadLibraryW 7C80AEEB 5 Bytes JMP 00F80FA5
.text C:\WINDOWS\system32\svchost.exe[1624] kernel32.dll!CreateFileW 7C810800 5 Bytes JMP 00F80FE5
.text C:\WINDOWS\system32\svchost.exe[1624] kernel32.dll!CreatePipe 7C81D83F 5 Bytes JMP 00F80F79
.text C:\WINDOWS\system32\svchost.exe[1624] kernel32.dll!CreateNamedPipeW 7C82F0DD 5 Bytes JMP 00F80022
.text C:\WINDOWS\system32\svchost.exe[1624] kernel32.dll!CreateNamedPipeA 7C860CDC 5 Bytes JMP 00F80011
.text C:\WINDOWS\system32\svchost.exe[1624] kernel32.dll!WinExec 7C86250D 5 Bytes JMP 00F800DC
.text C:\WINDOWS\system32\svchost.exe[1624] ADVAPI32.dll!RegOpenKeyExW 77DD6AAF 5 Bytes JMP 00FC0FE5
.text C:\WINDOWS\system32\svchost.exe[1624] ADVAPI32.dll!RegCreateKeyExW 77DD776C 5 Bytes JMP 00FC006C
.text C:\WINDOWS\system32\svchost.exe[1624] ADVAPI32.dll!RegOpenKeyExA 77DD7852 5 Bytes JMP 00FC002C
.text C:\WINDOWS\system32\svchost.exe[1624] ADVAPI32.dll!RegOpenKeyW 77DD7946 5 Bytes JMP 00FC001B
.text C:\WINDOWS\system32\svchost.exe[1624] ADVAPI32.dll!RegCreateKeyExA 77DDE9F4 5 Bytes JMP 00FC005B
.text C:\WINDOWS\system32\svchost.exe[1624] ADVAPI32.dll!RegOpenKeyA 77DDEFC8 5 Bytes JMP 00FC0000
.text C:\WINDOWS\system32\svchost.exe[1624] ADVAPI32.dll!RegCreateKeyW 77DFBA55 2 Bytes JMP 00FC0FAF
.text C:\WINDOWS\system32\svchost.exe[1624] ADVAPI32.dll!RegCreateKeyW + 3 77DFBA58 2 Bytes [1C, 89] {SBB AL, 0x89}
.text C:\WINDOWS\system32\svchost.exe[1624] ADVAPI32.dll!RegCreateKeyA 77DFBCF3 5 Bytes JMP 00FC0FC0
.text C:\WINDOWS\system32\svchost.exe[1624] msvcrt.dll!_wsystem 77C2931E 5 Bytes JMP 00FB003D
.text C:\WINDOWS\system32\svchost.exe[1624] msvcrt.dll!system 77C293C7 5 Bytes JMP 00FB0FB2
.text C:\WINDOWS\system32\svchost.exe[1624] msvcrt.dll!_creat 77C2D40F 5 Bytes JMP 00FB0FD7
.text C:\WINDOWS\system32\svchost.exe[1624] msvcrt.dll!_open 77C2F566 5 Bytes JMP 00FB0000
.text C:\WINDOWS\system32\svchost.exe[1624] msvcrt.dll!_wcreat 77C2FC9B 5 Bytes JMP 00FB002C
.text C:\WINDOWS\system32\svchost.exe[1624] msvcrt.dll!_wopen 77C30055 5 Bytes JMP 00FB0011
.text C:\WINDOWS\system32\svchost.exe[1624] WS2_32.dll!socket 71AB4211 5 Bytes JMP 00FA0000
.text C:\WINDOWS\system32\svchost.exe[1716] ntdll.dll!NtCreateFile 7C90D0AE 5 Bytes JMP 00C90000
.text C:\WINDOWS\system32\svchost.exe[1716] ntdll.dll!NtCreateProcess 7C90D14E 5 Bytes JMP 00C90FDB
.text C:\WINDOWS\system32\svchost.exe[1716] ntdll.dll!NtProtectVirtualMemory 7C90D6EE 5 Bytes JMP 00C90011
.text C:\WINDOWS\system32\svchost.exe[1716] kernel32.dll!CreateFileA 7C801A28 5 Bytes JMP 00C8000A
.text C:\WINDOWS\system32\svchost.exe[1716] kernel32.dll!VirtualProtectEx 7C801A61 5 Bytes JMP 00C80091
.text C:\WINDOWS\system32\svchost.exe[1716] kernel32.dll!VirtualProtect 7C801AD4 5 Bytes JMP 00C80080
.text C:\WINDOWS\system32\svchost.exe[1716] kernel32.dll!LoadLibraryExW 7C801AF5 5 Bytes JMP 00C80065
.text C:\WINDOWS\system32\svchost.exe[1716] kernel32.dll!LoadLibraryExA 7C801D53 5 Bytes JMP 00C80FA8
.text C:\WINDOWS\system32\svchost.exe[1716] kernel32.dll!LoadLibraryA 7C801D7B 5 Bytes JMP 00C8004A
.text C:\WINDOWS\system32\svchost.exe[1716] kernel32.dll!GetStartupInfoW 7C801E54 5 Bytes JMP 00C80F75
.text C:\WINDOWS\system32\svchost.exe[1716] kernel32.dll!GetStartupInfoA 7C801EF2 5 Bytes JMP 00C800BD
.text C:\WINDOWS\system32\svchost.exe[1716] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 00C80F49
.text C:\WINDOWS\system32\svchost.exe[1716] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 00C800E2
.text C:\WINDOWS\system32\svchost.exe[1716] kernel32.dll!GetProcAddress 7C80AE40 5 Bytes JMP 00C80F38
.text C:\WINDOWS\system32\svchost.exe[1716] kernel32.dll!LoadLibraryW 7C80AEEB 5 Bytes JMP 00C80FC3
.text C:\WINDOWS\system32\svchost.exe[1716] kernel32.dll!CreateFileW 7C810800 5 Bytes JMP 00C80FEF
.text C:\WINDOWS\system32\svchost.exe[1716] kernel32.dll!CreatePipe 7C81D83F 5 Bytes JMP 00C800A2
.text C:\WINDOWS\system32\svchost.exe[1716] kernel32.dll!CreateNamedPipeW 7C82F0DD 5 Bytes JMP 00C8002F
.text C:\WINDOWS\system32\svchost.exe[1716] kernel32.dll!CreateNamedPipeA 7C860CDC 5 Bytes JMP 00C80FD4
.text C:\WINDOWS\system32\svchost.exe[1716] kernel32.dll!WinExec 7C86250D 5 Bytes JMP 00C80F64
.text C:\WINDOWS\system32\svchost.exe[1716] ADVAPI32.dll!RegOpenKeyExW 77DD6AAF 5 Bytes JMP 00CC0F94
.text C:\WINDOWS\system32\svchost.exe[1716] ADVAPI32.dll!RegCreateKeyExW 77DD776C 5 Bytes JMP 00CC0F57
.text C:\WINDOWS\system32\svchost.exe[1716] ADVAPI32.dll!RegOpenKeyExA 77DD7852 5 Bytes JMP 00CC0FB9
.text C:\WINDOWS\system32\svchost.exe[1716] ADVAPI32.dll!RegOpenKeyW 77DD7946 5 Bytes JMP 00CC0FD4
.text C:\WINDOWS\system32\svchost.exe[1716] ADVAPI32.dll!RegCreateKeyExA 77DDE9F4 5 Bytes JMP 00CC0014
.text C:\WINDOWS\system32\svchost.exe[1716] ADVAPI32.dll!RegOpenKeyA 77DDEFC8 5 Bytes JMP 00CC0FE5
.text C:\WINDOWS\system32\svchost.exe[1716] ADVAPI32.dll!RegCreateKeyW 77DFBA55 2 Bytes JMP 00CC0F72
.text C:\WINDOWS\system32\svchost.exe[1716] ADVAPI32.dll!RegCreateKeyW + 3 77DFBA58 2 Bytes [EC, 88]
.text C:\WINDOWS\system32\svchost.exe[1716] ADVAPI32.dll!RegCreateKeyA 77DFBCF3 5 Bytes JMP 00CC0F83
.text C:\WINDOWS\system32\svchost.exe[1716] msvcrt.dll!_wsystem 77C2931E 5 Bytes JMP 00CB0F95
.text C:\WINDOWS\system32\svchost.exe[1716] msvcrt.dll!system 77C293C7 5 Bytes JMP 00CB0FA6
.text C:\WINDOWS\system32\svchost.exe[1716] msvcrt.dll!_creat 77C2D40F 5 Bytes JMP 00CB0FB7
.text C:\WINDOWS\system32\svchost.exe[1716] msvcrt.dll!_open 77C2F566 3 Bytes JMP 00CB0FE3
.text C:\WINDOWS\system32\svchost.exe[1716] msvcrt.dll!_open + 4 77C2F56A 1 Byte [89]
.text C:\WINDOWS\system32\svchost.exe[1716] msvcrt.dll!_wcreat 77C2FC9B 5 Bytes JMP 00CB000C
.text C:\WINDOWS\system32\svchost.exe[1716] msvcrt.dll!_wopen 77C30055 5 Bytes JMP 00CB0FD2
.text C:\WINDOWS\system32\svchost.exe[1716] WS2_32.dll!socket 71AB4211 5 Bytes JMP 00CA0FEF
.text C:\WINDOWS\System32\svchost.exe[1756] ntdll.dll!NtCreateFile 7C90D0AE 5 Bytes JMP 0294000A
.text C:\WINDOWS\System32\svchost.exe[1756] ntdll.dll!NtCreateProcess 7C90D14E 5 Bytes JMP 0294002C
.text C:\WINDOWS\System32\svchost.exe[1756] ntdll.dll!NtProtectVirtualMemory 7C90D6EE 5 Bytes JMP 0294001B
.text C:\WINDOWS\System32\svchost.exe[1756] kernel32.dll!CreateFileA 7C801A28 5 Bytes JMP 02930FEF
.text C:\WINDOWS\System32\svchost.exe[1756] kernel32.dll!VirtualProtectEx 7C801A61 5 Bytes JMP 0293005B
.text C:\WINDOWS\System32\svchost.exe[1756] kernel32.dll!VirtualProtect 7C801AD4 5 Bytes JMP 0293004A
.text C:\WINDOWS\System32\svchost.exe[1756] kernel32.dll!LoadLibraryExW 7C801AF5 5 Bytes JMP 02930F70
.text C:\WINDOWS\System32\svchost.exe[1756] kernel32.dll!LoadLibraryExA 7C801D53 5 Bytes JMP 02930F8D
.text C:\WINDOWS\System32\svchost.exe[1756] kernel32.dll!LoadLibraryA 7C801D7B 5 Bytes JMP 02930FB9
.text C:\WINDOWS\System32\svchost.exe[1756] kernel32.dll!GetStartupInfoW 7C801E54 5 Bytes JMP 02930089
.text C:\WINDOWS\System32\svchost.exe[1756] kernel32.dll!GetStartupInfoA 7C801EF2 5 Bytes JMP 0293006C
.text C:\WINDOWS\System32\svchost.exe[1756] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 029300C6
.text C:\WINDOWS\System32\svchost.exe[1756] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 029300B5
.text C:\WINDOWS\System32\svchost.exe[1756] kernel32.dll!GetProcAddress 7C80AE40 5 Bytes JMP 029300E1
.text C:\WINDOWS\System32\svchost.exe[1756] kernel32.dll!LoadLibraryW 7C80AEEB 5 Bytes JMP 02930FA8
.text C:\WINDOWS\System32\svchost.exe[1756] kernel32.dll!CreateFileW 7C810800 5 Bytes JMP 0293000A
.text C:\WINDOWS\System32\svchost.exe[1756] kernel32.dll!CreatePipe 7C81D83F 5 Bytes JMP 02930F4B
.text C:\WINDOWS\System32\svchost.exe[1756] kernel32.dll!CreateNamedPipeW 7C82F0DD 5 Bytes JMP 02930FCA
.text C:\WINDOWS\System32\svchost.exe[1756] kernel32.dll!CreateNamedPipeA 7C860CDC 5 Bytes JMP 0293001B
.text C:\WINDOWS\System32\svchost.exe[1756] kernel32.dll!WinExec 7C86250D 5 Bytes JMP 0293009A
.text C:\WINDOWS\System32\svchost.exe[1756] ADVAPI32.dll!RegOpenKeyExW 77DD6AAF 5 Bytes JMP 0298002C
.text C:\WINDOWS\System32\svchost.exe[1756] ADVAPI32.dll!RegCreateKeyExW 77DD776C 5 Bytes JMP 02980F9B
.text C:\WINDOWS\System32\svchost.exe[1756] ADVAPI32.dll!RegOpenKeyExA 77DD7852 5 Bytes JMP 02980011
.text C:\WINDOWS\System32\svchost.exe[1756] ADVAPI32.dll!RegOpenKeyW 77DD7946 5 Bytes JMP 02980000
.text C:\WINDOWS\System32\svchost.exe[1756] ADVAPI32.dll!RegCreateKeyExA 77DDE9F4 5 Bytes JMP 02980058
.text C:\WINDOWS\System32\svchost.exe[1756] ADVAPI32.dll!RegOpenKeyA 77DDEFC8 5 Bytes JMP 02980FEF
.text C:\WINDOWS\System32\svchost.exe[1756] ADVAPI32.dll!RegCreateKeyW 77DFBA55 5 Bytes JMP 02980047
.text C:\WINDOWS\System32\svchost.exe[1756] ADVAPI32.dll!RegCreateKeyA 77DFBCF3 5 Bytes JMP 02980FB6
.text C:\WINDOWS\System32\svchost.exe[1756] msvcrt.dll!_wsystem 77C2931E 5 Bytes JMP 02970F95
.text C:\WINDOWS\System32\svchost.exe[1756] msvcrt.dll!system 77C293C7 5 Bytes JMP 02970FA6
.text C:\WINDOWS\System32\svchost.exe[1756] msvcrt.dll!_creat 77C2D40F 5 Bytes JMP 02970016
.text C:\WINDOWS\System32\svchost.exe[1756] msvcrt.dll!_open 77C2F566 5 Bytes JMP 02970FEF
.text C:\WINDOWS\System32\svchost.exe[1756] msvcrt.dll!_wcreat 77C2FC9B 5 Bytes JMP 02970FB7
.text C:\WINDOWS\System32\svchost.exe[1756] msvcrt.dll!_wopen 77C30055 5 Bytes JMP 02970FD2
.text C:\WINDOWS\System32\svchost.exe[1756] WS2_32.dll!socket 71AB4211 5 Bytes JMP 02960000
.text C:\WINDOWS\System32\svchost.exe[1756] WININET.dll!InternetOpenA 3D95D690 5 Bytes JMP 02950FE5
.text C:\WINDOWS\System32\svchost.exe[1756] WININET.dll!InternetOpenW 3D95DB09 5 Bytes JMP 02950FD4
.text C:\WINDOWS\System32\svchost.exe[1756] WININET.dll!InternetOpenUrlA 3D95F3A4 5 Bytes JMP 02950FB9
.text C:\WINDOWS\System32\svchost.exe[1756] WININET.dll!InternetOpenUrlW 3D9A6D5F 5 Bytes JMP 02950FA8
.text C:\Program Files\internet explorer\iexplore.exe[1932] ntdll.dll!NtCreateFile 7C90D0AE 5 Bytes JMP 00BA0000
.text C:\Program Files\internet explorer\iexplore.exe[1932] ntdll.dll!NtCreateProcess 7C90D14E 5 Bytes JMP 00BA0FE5
.text C:\Program Files\internet explorer\iexplore.exe[1932] ntdll.dll!NtProtectVirtualMemory 7C90D6EE 5 Bytes JMP 00BA001B
.text C:\Program Files\internet explorer\iexplore.exe[1932] kernel32.dll!CreateFileA 7C801A28 5 Bytes JMP 00B90FEF
.text C:\Program Files\internet explorer\iexplore.exe[1932] kernel32.dll!VirtualProtectEx 7C801A61 5 Bytes JMP 00B90076
.text C:\Program Files\internet explorer\iexplore.exe[1932] kernel32.dll!VirtualProtect 7C801AD4 5 Bytes JMP 00B90F81
.text C:\Program Files\internet explorer\iexplore.exe[1932] kernel32.dll!LoadLibraryExW 7C801AF5 5 Bytes JMP 00B9005B
.text C:\Program Files\internet explorer\iexplore.exe[1932] kernel32.dll!LoadLibraryExA 7C801D53 5 Bytes JMP 00B90040
.text C:\Program Files\internet explorer\iexplore.exe[1932] kernel32.dll!LoadLibraryA 7C801D7B 5 Bytes JMP 00B90FAF
.text C:\Program Files\internet explorer\iexplore.exe[1932] kernel32.dll!GetStartupInfoW 7C801E54 5 Bytes JMP 00B90F4B
.text C:\Program Files\internet explorer\iexplore.exe[1932] kernel32.dll!GetStartupInfoA 7C801EF2 5 Bytes JMP 00B90093
.text C:\Program Files\internet explorer\iexplore.exe[1932] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 00B90F26
.text C:\Program Files\internet explorer\iexplore.exe[1932] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 00B900BF
.text C:\Program Files\internet explorer\iexplore.exe[1932] kernel32.dll!GetProcAddress 7C80AE40 5 Bytes JMP 00B90F0B
.text C:\Program Files\internet explorer\iexplore.exe[1932] kernel32.dll!LoadLibraryW 7C80AEEB 5 Bytes JMP 00B90F9E
.text C:\Program Files\internet explorer\iexplore.exe[1932] kernel32.dll!CreateFileW 7C810800 5 Bytes JMP 00B90000
.text C:\Program Files\internet explorer\iexplore.exe[1932] kernel32.dll!CreatePipe 7C81D83F 5 Bytes JMP 00B90F66
.text C:\Program Files\internet explorer\iexplore.exe[1932] kernel32.dll!CreateNamedPipeW 7C82F0DD 5 Bytes JMP 00B9001B
.text C:\Program Files\internet explorer\iexplore.exe[1932] kernel32.dll!CreateNamedPipeA 7C860CDC 5 Bytes JMP 00B90FC0
.text C:\Program Files\internet explorer\iexplore.exe[1932] kernel32.dll!WinExec 7C86250D 5 Bytes JMP 00B900AE
.text C:\Program Files\internet explorer\iexplore.exe[1932] ADVAPI32.dll!RegOpenKeyExW 77DD6AAF 5 Bytes JMP 00B80FC3
.text C:\Program Files\internet explorer\iexplore.exe[1932] ADVAPI32.dll!RegCreateKeyExW 77DD776C 5 Bytes JMP 00B80F8D
.text C:\Program Files\internet explorer\iexplore.exe[1932] ADVAPI32.dll!RegOpenKeyExA 77DD7852 5 Bytes JMP 00B80FDE
.text C:\Program Files\internet explorer\iexplore.exe[1932] ADVAPI32.dll!RegOpenKeyW 77DD7946 5 Bytes JMP 00B8000A
.text C:\Program Files\internet explorer\iexplore.exe[1932] ADVAPI32.dll!RegCreateKeyExA 77DDE9F4 5 Bytes JMP 00B80FA8
.text C:\Program Files\internet explorer\iexplore.exe[1932] ADVAPI32.dll!RegOpenKeyA 77DDEFC8 5 Bytes JMP 00B80FEF
.text C:\Program Files\internet explorer\iexplore.exe[1932] ADVAPI32.dll!RegCreateKeyW 77DFBA55 5 Bytes JMP 00B80040
.text C:\Program Files\internet explorer\iexplore.exe[1932] ADVAPI32.dll!RegCreateKeyA 77DFBCF3 5 Bytes JMP 00B8002F
.text C:\Program Files\internet explorer\iexplore.exe[1932] USER32.dll!DialogBoxParamW 7E4247AB 5 Bytes JMP 3E2154C5 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\internet explorer\iexplore.exe[1932] USER32.dll!SetWindowsHookExW 7E42820F 5 Bytes JMP 3E2E9A91 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\internet explorer\iexplore.exe[1932] USER32.dll!CallNextHookEx 7E42B3C6 5 Bytes JMP 3E2DD0CD C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\internet explorer\iexplore.exe[1932] USER32.dll!CreateWindowExW 7E42D0A3 5 Bytes JMP 3E2EDB04 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\internet explorer\iexplore.exe[1932] USER32.dll!UnhookWindowsHookEx 7E42D5F3 5 Bytes JMP 3E25466E C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\internet explorer\iexplore.exe[1932] USER32.dll!DialogBoxIndirectParamW 7E432072 5 Bytes JMP 3E3E5329 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\internet explorer\iexplore.exe[1932] USER32.dll!MessageBoxIndirectA 7E43A082 5 Bytes JMP 3E3E525B C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\internet explorer\iexplore.exe[1932] USER32.dll!DialogBoxParamA 7E43B144 5 Bytes JMP 3E3E52C6 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\internet explorer\iexplore.exe[1932] USER32.dll!MessageBoxExW 7E450838 5 Bytes JMP 3E3E512C C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\internet explorer\iexplore.exe[1932] USER32.dll!MessageBoxExA 7E45085C 5 Bytes JMP 3E3E518E C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\internet explorer\iexplore.exe[1932] USER32.dll!DialogBoxIndirectParamA 7E456D7D 5 Bytes JMP 3E3E538C C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\internet explorer\iexplore.exe[1932] USER32.dll!MessageBoxIndirectW 7E4664D5 5 Bytes JMP 3E3E51F0 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\internet explorer\iexplore.exe[1932] msvcrt.dll!_wsystem 77C2931E 5 Bytes JMP 00B70FBB
.text C:\Program Files\internet explorer\iexplore.exe[1932] msvcrt.dll!system 77C293C7 5 Bytes JMP 00B70050
.text C:\Program Files\internet explorer\iexplore.exe[1932] msvcrt.dll!_creat 77C2D40F 5 Bytes JMP 00B7002E
.text C:\Program Files\internet explorer\iexplore.exe[1932] msvcrt.dll!_open 77C2F566 5 Bytes JMP 00B7000C
.text C:\Program Files\internet explorer\iexplore.exe[1932] msvcrt.dll!_wcreat 77C2FC9B 5 Bytes JMP 00B7003F
.text C:\Program Files\internet explorer\iexplore.exe[1932] msvcrt.dll!_wopen 77C30055 5 Bytes JMP 00B7001D
.text C:\Program Files\internet explorer\iexplore.exe[1932] ole32.dll!CoCreateInstance 774FF1AC 5 Bytes JMP 3E2EDB60 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\internet explorer\iexplore.exe[1932] ole32.dll!OleLoadFromStream 7752981B 5 Bytes JMP 3E3E5691 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\internet explorer\iexplore.exe[1932] WININET.dll!InternetOpenA 3D95D690 5 Bytes JMP 00B50000
.text C:\Program Files\internet explorer\iexplore.exe[1932] WININET.dll!InternetOpenW 3D95DB09 5 Bytes JMP 00B50FDB
.text C:\Program Files\internet explorer\iexplore.exe[1932] WININET.dll!InternetOpenUrlA 3D95F3A4 5 Bytes JMP 00B50FC0
.text C:\Program Files\internet explorer\iexplore.exe[1932] WININET.dll!InternetOpenUrlW 3D9A6D5F 5 Bytes JMP 00B50FA5
.text C:\Program Files\internet explorer\iexplore.exe[1932] ws2_32.dll!socket 71AB4211 5 Bytes JMP 00B60FEF
.text C:\WINDOWS\system32\svchost.exe[2032] ntdll.dll!NtCreateFile 7C90D0AE 5 Bytes JMP 00A60FEF
.text C:\WINDOWS\system32\svchost.exe[2032] ntdll.dll!NtCreateProcess 7C90D14E 5 Bytes JMP 00A60FC3
.text C:\WINDOWS\system32\svchost.exe[2032] ntdll.dll!NtProtectVirtualMemory 7C90D6EE 5 Bytes JMP 00A60FDE
.text C:\WINDOWS\system32\svchost.exe[2032] kernel32.dll!CreateFileA 7C801A28 5 Bytes JMP 00A50FEF
.text C:\WINDOWS\system32\svchost.exe[2032] kernel32.dll!VirtualProtectEx 7C801A61 5 Bytes JMP 00A50054
.text C:\WINDOWS\system32\svchost.exe[2032] kernel32.dll!VirtualProtect 7C801AD4 5 Bytes JMP 00A50039
.text C:\WINDOWS\system32\svchost.exe[2032] kernel32.dll!LoadLibraryExW 7C801AF5 5 Bytes JMP 00A50F61
.text C:\WINDOWS\system32\svchost.exe[2032] kernel32.dll!LoadLibraryExA 7C801D53 5 Bytes JMP 00A50F72
.text C:\WINDOWS\system32\svchost.exe[2032] kernel32.dll!LoadLibraryA 7C801D7B 5 Bytes JMP 00A5001E
.text C:\WINDOWS\system32\svchost.exe[2032] kernel32.dll!GetStartupInfoW 7C801E54 5 Bytes JMP 00A50087
.text C:\WINDOWS\system32\svchost.exe[2032] kernel32.dll!GetStartupInfoA 7C801EF2 5 Bytes JMP 00A50076
.text C:\WINDOWS\system32\svchost.exe[2032] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 00A500A2
.text C:\WINDOWS\system32\svchost.exe[2032] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 00A50F09
.text C:\WINDOWS\system32\svchost.exe[2032] kernel32.dll!GetProcAddress 7C80AE40 5 Bytes JMP 00A500B3
.text C:\WINDOWS\system32\svchost.exe[2032] kernel32.dll!LoadLibraryW 7C80AEEB 5 Bytes JMP 00A50F8D
.text C:\WINDOWS\system32\svchost.exe[2032] kernel32.dll!CreateFileW 7C810800 5 Bytes JMP 00A50FDE
.text C:\WINDOWS\system32\svchost.exe[2032] kernel32.dll!CreatePipe 7C81D83F 5 Bytes JMP 00A50065
.text C:\WINDOWS\system32\svchost.exe[2032] kernel32.dll!CreateNamedPipeW 7C82F0DD 5 Bytes JMP 00A50FA8
.text C:\WINDOWS\system32\svchost.exe[2032] kernel32.dll!CreateNamedPipeA 7C860CDC 5 Bytes JMP 00A50FC3
.text C:\WINDOWS\system32\svchost.exe[2032] kernel32.dll!WinExec 7C86250D 5 Bytes JMP 00A50F24
.text C:\WINDOWS\system32\svchost.exe[2032] ADVAPI32.dll!RegOpenKeyExW 77DD6AAF 5 Bytes JMP 00A90FAF
.text C:\WINDOWS\system32\svchost.exe[2032] ADVAPI32.dll!RegCreateKeyExW 77DD776C 5 Bytes JMP 00A90047
.text C:\WINDOWS\system32\svchost.exe[2032] ADVAPI32.dll!RegOpenKeyExA 77DD7852 5 Bytes JMP 00A90FCA
.text C:\WINDOWS\system32\svchost.exe[2032] ADVAPI32.dll!RegOpenKeyW 77DD7946 5 Bytes JMP 00A90FDB
.text C:\WINDOWS\system32\svchost.exe[2032] ADVAPI32.dll!RegCreateKeyExA 77DDE9F4 5 Bytes JMP 00A9002C
.text C:\WINDOWS\system32\svchost.exe[2032] ADVAPI32.dll!RegOpenKeyA 77DDEFC8 5 Bytes JMP 00A90000
.text C:\WINDOWS\system32\svchost.exe[2032] ADVAPI32.dll!RegCreateKeyW 77DFBA55 5 Bytes JMP 00A9001B
.text C:\WINDOWS\system32\svchost.exe[2032] ADVAPI32.dll!RegCreateKeyA 77DFBCF3 5 Bytes JMP 00A90F9E
.text C:\WINDOWS\system32\svchost.exe[2032] msvcrt.dll!_wsystem 77C2931E 5 Bytes JMP 00A80FAF
.text C:\WINDOWS\system32\svchost.exe[2032] msvcrt.dll!system 77C293C7 5 Bytes JMP 00A80FCA
.text C:\WINDOWS\system32\svchost.exe[2032] msvcrt.dll!_creat 77C2D40F 5 Bytes JMP 00A80029
.text C:\WINDOWS\system32\svchost.exe[2032] msvcrt.dll!_open 77C2F566 5 Bytes JMP 00A80FEF
.text C:\WINDOWS\system32\svchost.exe[2032] msvcrt.dll!_wcreat 77C2FC9B 5 Bytes JMP 00A8003A
.text C:\WINDOWS\system32\svchost.exe[2032] msvcrt.dll!_wopen 77C30055 5 Bytes JMP 00A80018
.text C:\WINDOWS\system32\svchost.exe[2032] WS2_32.dll!socket 71AB4211 5 Bytes JMP 00A70000
.text C:\Program Files\internet explorer\iexplore.exe[2524] ntdll.dll!NtCreateFile 7C90D0AE 5 Bytes JMP 011B0000
.text C:\Program Files\internet explorer\iexplore.exe[2524] ntdll.dll!NtCreateProcess 7C90D14E 5 Bytes JMP 011B002C
.text C:\Program Files\internet explorer\iexplore.exe[2524] ntdll.dll!NtProtectVirtualMemory 7C90D6EE 5 Bytes JMP 011B0011
.text C:\Program Files\internet explorer\iexplore.exe[2524] kernel32.dll!CreateFileA 7C801A28 5 Bytes JMP 011A0FE5
.text C:\Program Files\internet explorer\iexplore.exe[2524] kernel32.dll!VirtualProtectEx 7C801A61 5 Bytes JMP 011A0F50
.text C:\Program Files\internet explorer\iexplore.exe[2524] kernel32.dll!VirtualProtect 7C801AD4 5 Bytes JMP 011A003B
.text C:\Program Files\internet explorer\iexplore.exe[2524] kernel32.dll!LoadLibraryExW 7C801AF5 5 Bytes JMP 011A0F61
.text C:\Program Files\internet explorer\iexplore.exe[2524] kernel32.dll!LoadLibraryExA 7C801D53 5 Bytes JMP 011A0F72
.text C:\Program Files\internet explorer\iexplore.exe[2524] kernel32.dll!LoadLibraryA 7C801D7B 5 Bytes JMP 011A0F9E
.text C:\Program Files\internet explorer\iexplore.exe[2524] kernel32.dll!GetStartupInfoW 7C801E54 5 Bytes JMP 011A0F35
.text C:\Program Files\internet explorer\iexplore.exe[2524] kernel32.dll!GetStartupInfoA 7C801EF2 5 Bytes JMP 011A007D
.text C:\Program Files\internet explorer\iexplore.exe[2524] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 011A0F09
.text C:\Program Files\internet explorer\iexplore.exe[2524] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 011A00A2
.text C:\Program Files\internet explorer\iexplore.exe[2524] kernel32.dll!GetProcAddress 7C80AE40 5 Bytes JMP 011A0EEE
.text C:\Program Files\internet explorer\iexplore.exe[2524] kernel32.dll!LoadLibraryW 7C80AEEB 5 Bytes JMP 011A0F8D
.text C:\Program Files\internet explorer\iexplore.exe[2524] kernel32.dll!CreateFileW 7C810800 5 Bytes JMP 011A0FD4
.text C:\Program Files\internet explorer\iexplore.exe[2524] kernel32.dll!CreatePipe 7C81D83F 5 Bytes JMP 011A0060
.text C:\Program Files\internet explorer\iexplore.exe[2524] kernel32.dll!CreateNamedPipeW 7C82F0DD 5 Bytes JMP 011A000A
.text C:\Program Files\internet explorer\iexplore.exe[2524] kernel32.dll!CreateNamedPipeA 7C860CDC 5 Bytes JMP 011A0FC3
.text C:\Program Files\internet explorer\iexplore.exe[2524] kernel32.dll!WinExec 7C86250D 5 Bytes JMP 011A0F1A
.text C:\Program Files\internet explorer\iexplore.exe[2524] ADVAPI32.dll!RegOpenKeyExW 77DD6AAF 5 Bytes JMP 01190FB9
.text C:\Program Files\internet explorer\iexplore.exe[2524] ADVAPI32.dll!RegCreateKeyExW 77DD776C 5 Bytes JMP 01190040
.text C:\Program Files\internet explorer\iexplore.exe[2524] ADVAPI32.dll!RegOpenKeyExA 77DD7852 5 Bytes JMP 01190FCA
.text C:\Program Files\internet explorer\iexplore.exe[2524] ADVAPI32.dll!RegOpenKeyW 77DD7946 5 Bytes JMP 01190FE5
.text C:\Program Files\internet explorer\iexplore.exe[2524] ADVAPI32.dll!RegCreateKeyExA 77DDE9F4 5 Bytes JMP 01190F83
.text C:\Program Files\internet explorer\iexplore.exe[2524] ADVAPI32.dll!RegOpenKeyA 77DDEFC8 5 Bytes JMP 01190000
.text C:\Program Files\internet explorer\iexplore.exe[2524] ADVAPI32.dll!RegCreateKeyW 77DFBA55 5 Bytes JMP 01190025
.text C:\Program Files\internet explorer\iexplore.exe[2524] ADVAPI32.dll!RegCreateKeyA 77DFBCF3 5 Bytes JMP 01190F9E
.text C:\Program Files\internet explorer\iexplore.exe[2524] USER32.dll!DialogBoxParamW 7E4247AB 5 Bytes JMP 3E2154C5 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\internet explorer\iexplore.exe[2524] USER32.dll!SetWindowsHookExW 7E42820F 5 Bytes JMP 3E2E9A91 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\internet explorer\iexplore.exe[2524] USER32.dll!CallNextHookEx 7E42B3C6 5 Bytes JMP 3E2DD0CD C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\internet explorer\iexplore.exe[2524] USER32.dll!CreateWindowExW 7E42D0A3 5 Bytes JMP 3E2EDB04 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\internet explorer\iexplore.exe[2524] USER32.dll!UnhookWindowsHookEx 7E42D5F3 5 Bytes JMP 3E25466E C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\internet explorer\iexplore.exe[2524] USER32.dll!DialogBoxIndirectParamW 7E432072 5 Bytes JMP 3E3E5329 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\internet explorer\iexplore.exe[2524] USER32.dll!MessageBoxIndirectA 7E43A082 5 Bytes JMP 3E3E525B C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\internet explorer\iexplore.exe[2524] USER32.dll!DialogBoxParamA 7E43B144 5 Bytes JMP 3E3E52C6 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\internet explorer\iexplore.exe[2524] USER32.dll!MessageBoxExW 7E450838 5 Bytes JMP 3E3E512C C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\internet explorer\iexplore.exe[2524] USER32.dll!MessageBoxExA 7E45085C 5 Bytes JMP 3E3E518E C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\internet explorer\iexplore.exe[2524] USER32.dll!DialogBoxIndirectParamA 7E456D7D 5 Bytes JMP 3E3E538C C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\internet explorer\iexplore.exe[2524] USER32.dll!MessageBoxIndirectW 7E4664D5 5 Bytes JMP 3E3E51F0 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\internet explorer\iexplore.exe[2524] msvcrt.dll!_wsystem 77C2931E 5 Bytes JMP 01180FC0
.text C:\Program Files\internet explorer\iexplore.exe[2524] msvcrt.dll!system 77C293C7 5 Bytes JMP 0118004B
.text C:\Program Files\internet explorer\iexplore.exe[2524] msvcrt.dll!_creat 77C2D40F 5 Bytes JMP 01180029
.text C:\Program Files\internet explorer\iexplore.exe[2524] msvcrt.dll!_open 77C2F566 5 Bytes JMP 01180FEF
.text C:\Program Files\internet explorer\iexplore.exe[2524] msvcrt.dll!_wcreat 77C2FC9B 5 Bytes JMP 0118003A
.text C:\Program Files\internet explorer\iexplore.exe[2524] msvcrt.dll!_wopen 77C30055 5 Bytes JMP 01180018
.text C:\Program Files\internet explorer\iexplore.exe[2524] ole32.dll!CoCreateInstance 774FF1AC 5 Bytes JMP 3E2EDB60 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\internet explorer\iexplore.exe[2524] ole32.dll!OleLoadFromStream 7752981B 5 Bytes JMP 3E3E5691 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\internet explorer\iexplore.exe[2524] WININET.dll!InternetOpenA 3D95D690 5 Bytes JMP 01160FEF
.text C:\Program Files\internet explorer\iexplore.exe[2524] WININET.dll!InternetOpenW 3D95DB09 5 Bytes JMP 01160000
.text C:\Program Files\internet explorer\iexplore.exe[2524] WININET.dll!InternetOpenUrlA 3D95F3A4 5 Bytes JMP 01160011
.text C:\Program Files\internet explorer\iexplore.exe[2524] WININET.dll!InternetOpenUrlW 3D9A6D5F 5 Bytes JMP 01160FC0
.text C:\Program Files\internet explorer\iexplore.exe[2524] ws2_32.dll!socket 71AB4211 5 Bytes JMP 01170FEF
.text C:\Program Files\internet explorer\iexplore.exe[3392] ntdll.dll!NtCreateFile 7C90D0AE 5 Bytes JMP 00B90FEF
.text C:\Program Files\internet explorer\iexplore.exe[3392] ntdll.dll!NtCreateProcess 7C90D14E 5 Bytes JMP 00B90FC3
.text C:\Program Files\internet explorer\iexplore.exe[3392] ntdll.dll!NtProtectVirtualMemory 7C90D6EE 5 Bytes JMP 00B90FD4
.text C:\Program Files\internet explorer\iexplore.exe[3392] kernel32.dll!CreateFileA 7C801A28 5 Bytes JMP 00B80FE5
.text C:\Program Files\internet explorer\iexplore.exe[3392] kernel32.dll!VirtualProtectEx 7C801A61 5 Bytes JMP 00B8009A
.text C:\Program Files\internet explorer\iexplore.exe[3392] kernel32.dll!VirtualProtect 7C801AD4 5 Bytes JMP 00B8007F
.text C:\Program Files\internet explorer\iexplore.exe[3392] kernel32.dll!LoadLibraryExW 7C801AF5 5 Bytes JMP 00B80062
.text C:\Program Files\internet explorer\iexplore.exe[3392] kernel32.dll!LoadLibraryExA 7C801D53 5 Bytes JMP 00B80051
.text C:\Program Files\internet explorer\iexplore.exe[3392] kernel32.dll!LoadLibraryA 7C801D7B 5 Bytes JMP 00B8002F
.text C:\Program Files\internet explorer\iexplore.exe[3392] kernel32.dll!GetStartupInfoW 7C801E54 5 Bytes JMP 00B800D0
.text C:\Program Files\internet explorer\iexplore.exe[3392] kernel32.dll!GetStartupInfoA 7C801EF2 5 Bytes JMP 00B800B5
.text C:\Program Files\internet explorer\iexplore.exe[3392] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 00B80F3E
.text C:\Program Files\internet explorer\iexplore.exe[3392] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 00B80F63
.text C:\Program Files\internet explorer\iexplore.exe[3392] kernel32.dll!GetProcAddress 7C80AE40 5 Bytes JMP 00B80F23
.text C:\Program Files\internet explorer\iexplore.exe[3392] kernel32.dll!LoadLibraryW 7C80AEEB 5 Bytes JMP 00B80040
.text C:\Program Files\internet explorer\iexplore.exe[3392] kernel32.dll!CreateFileW 7C810800 5 Bytes JMP 00B80FD4
.text C:\Program Files\internet explorer\iexplore.exe[3392] kernel32.dll!CreatePipe 7C81D83F 5 Bytes JMP 00B80F8A
.text C:\Program Files\internet explorer\iexplore.exe[3392] kernel32.dll!CreateNamedPipeW 7C82F0DD 5 Bytes JMP 00B80FC3
.text C:\Program Files\internet explorer\iexplore.exe[3392] kernel32.dll!CreateNamedPipeA 7C860CDC 5 Bytes JMP 00B8000A
.text C:\Program Files\internet explorer\iexplore.exe[3392] kernel32.dll!WinExec 7C86250D 5 Bytes JMP 00B800E1
.text C:\Program Files\internet explorer\iexplore.exe[3392] ADVAPI32.dll!RegOpenKeyExW 77DD6AAF 5 Bytes JMP 00B70040
.text C:\Program Files\internet explorer\iexplore.exe[3392] ADVAPI32.dll!RegCreateKeyExW 77DD776C 5 Bytes JMP 00B70FC3
.text C:\Program Files\internet explorer\iexplore.exe[3392] ADVAPI32.dll!RegOpenKeyExA 77DD7852 5 Bytes JMP 00B70FEF
.text C:\Program Files\internet explorer\iexplore.exe[3392] ADVAPI32.dll!RegOpenKeyW 77DD7946 5 Bytes JMP 00B7001B
.text C:\Program Files\internet explorer\iexplore.exe[3392] ADVAPI32.dll!RegCreateKeyExA 77DDE9F4 5 Bytes JMP 00B70FD4
.text C:\Program Files\internet explorer\iexplore.exe[3392] ADVAPI32.dll!RegOpenKeyA 77DDEFC8 5 Bytes JMP 00B7000A
.text C:\Program Files\internet explorer\iexplore.exe[3392] ADVAPI32.dll!RegCreateKeyW 77DFBA55 5 Bytes JMP 00B70076
.text C:\Program Files\internet explorer\iexplore.exe[3392] ADVAPI32.dll!RegCreateKeyA 77DFBCF3 5 Bytes JMP 00B7005B
.text C:\Program Files\internet explorer\iexplore.exe[3392] USER32.dll!DialogBoxParamW 7E4247AB 5 Bytes JMP 3E2154C5 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\internet explorer\iexplore.exe[3392] USER32.dll!CreateWindowExW 7E42D0A3 5 Bytes JMP 3E2EDB04 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\internet explorer\iexplore.exe[3392] USER32.dll!DialogBoxIndirectParamW 7E432072 5 Bytes JMP 3E3E5329 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\internet explorer\iexplore.exe[3392] USER32.dll!MessageBoxIndirectA 7E43A082 5 Bytes JMP 3E3E525B C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\internet explorer\iexplore.exe[3392] USER32.dll!DialogBoxParamA 7E43B144 5 Bytes JMP 3E3E52C6 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\internet explorer\iexplore.exe[3392] USER32.dll!MessageBoxExW 7E450838 5 Bytes JMP 3E3E512C C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\internet explorer\iexplore.exe[3392] USER32.dll!MessageBoxExA 7E45085C 5 Bytes JMP 3E3E518E C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\internet explorer\iexplore.exe[3392] USER32.dll!DialogBoxIndirectParamA 7E456D7D 5 Bytes JMP 3E3E538C C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\internet explorer\iexplore.exe[3392] USER32.dll!MessageBoxIndirectW 7E4664D5 5 Bytes JMP 3E3E51F0 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\internet explorer\iexplore.exe[3392] msvcrt.dll!_wsystem 77C2931E 5 Bytes JMP 00B6004E
.text C:\Program Files\internet explorer\iexplore.exe[3392] msvcrt.dll!system 77C293C7 5 Bytes JMP 00B60033
.text C:\Program Files\internet explorer\iexplore.exe[3392] msvcrt.dll!_creat 77C2D40F 5 Bytes JMP 00B60018
.text C:\Program Files\internet explorer\iexplore.exe[3392] msvcrt.dll!_open 77C2F566 5 Bytes JMP 00B60FEF
.text C:\Program Files\internet explorer\iexplore.exe[3392] msvcrt.dll!_wcreat 77C2FC9B 5 Bytes JMP 00B60FC3
.text C:\Program Files\internet explorer\iexplore.exe[3392] msvcrt.dll!_wopen 77C30055 5 Bytes JMP 00B60FDE
.text C:\Program Files\internet explorer\iexplore.exe[3392] WININET.dll!InternetOpenA 3D95D690 5 Bytes JMP 00B3000A
.text C:\Program Files\internet explorer\iexplore.exe[3392] WININET.dll!InternetOpenW 3D95DB09 5 Bytes JMP 00B30FEF
.text C:\Program Files\internet explorer\iexplore.exe[3392] WININET.dll!InternetOpenUrlA 3D95F3A4 5 Bytes JMP 00B30025
.text C:\Program Files\internet explorer\iexplore.exe[3392] WININET.dll!InternetOpenUrlW 3D9A6D5F 5 Bytes JMP 00B30FD4
.text C:\Program Files\internet explorer\iexplore.exe[3392] ws2_32.dll!socket 71AB4211 5 Bytes JMP 00B50000
.text C:\WINDOWS\System32\svchost.exe[3552] ntdll.dll!NtCreateFile 7C90D0AE 5 Bytes JMP 00F8000A
.text C:\WINDOWS\System32\svchost.exe[3552] ntdll.dll!NtCreateProcess 7C90D14E 5 Bytes JMP 00F80FEF
.text C:\WINDOWS\System32\svchost.exe[3552] ntdll.dll!NtProtectVirtualMemory 7C90D6EE 5 Bytes JMP 00F80025
.text C:\WINDOWS\System32\svchost.exe[3552] kernel32.dll!CreateFileA 7C801A28 5 Bytes JMP 00F7000A
.text C:\WINDOWS\System32\svchost.exe[3552] kernel32.dll!VirtualProtectEx 7C801A61 5 Bytes JMP 00F70F70
.text C:\WINDOWS\System32\svchost.exe[3552] kernel32.dll!VirtualProtect 7C801AD4 5 Bytes JMP 00F70F81
.text C:\WINDOWS\System32\svchost.exe[3552] kernel32.dll!LoadLibraryExW 7C801AF5 5 Bytes JMP 00F70F9E
.text C:\WINDOWS\System32\svchost.exe[3552] kernel32.dll!LoadLibraryExA 7C801D53 5 Bytes JMP 00F7005B
.text C:\WINDOWS\System32\svchost.exe[3552] kernel32.dll!LoadLibraryA 7C801D7B 5 Bytes JMP 00F70FD4
.text C:\WINDOWS\System32\svchost.exe[3552] kernel32.dll!GetStartupInfoW 7C801E54 5 Bytes JMP 00F700B1
.text C:\WINDOWS\System32\svchost.exe[3552] kernel32.dll!GetStartupInfoA 7C801EF2 5 Bytes JMP 00F70096
.text C:\WINDOWS\System32\svchost.exe[3552] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 00F700F8
.text C:\WINDOWS\System32\svchost.exe[3552] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 00F700E7
.text C:\WINDOWS\System32\svchost.exe[3552] kernel32.dll!GetProcAddress 7C80AE40 1 Byte [E9]
.text C:\WINDOWS\System32\svchost.exe[3552] kernel32.dll!GetProcAddress 7C80AE40 5 Bytes JMP 00F70F44
.text C:\WINDOWS\System32\svchost.exe[3552] kernel32.dll!LoadLibraryW 7C80AEEB 5 Bytes JMP 00F70FB9
.text C:\WINDOWS\System32\svchost.exe[3552] kernel32.dll!CreateFileW 7C810800 5 Bytes JMP 00F7001B
.text C:\WINDOWS\System32\svchost.exe[3552] kernel32.dll!CreatePipe 7C81D83F 5 Bytes JMP 00F70F5F
.text C:\WINDOWS\System32\svchost.exe[3552] kernel32.dll!CreateNamedPipeW 7C82F0DD 5 Bytes JMP 00F70FEF
.text C:\WINDOWS\System32\svchost.exe[3552] kernel32.dll!CreateNamedPipeA 7C860CDC 5 Bytes JMP 00F70040
.text C:\WINDOWS\System32\svchost.exe[3552] kernel32.dll!WinExec 7C86250D 5 Bytes JMP 00F700CC
.text C:\WINDOWS\System32\svchost.exe[3552] ADVAPI32.dll!RegOpenKeyExW 77DD6AAF 5 Bytes JMP 00F6002C
.text C:\WINDOWS\System32\svchost.exe[3552] ADVAPI32.dll!RegCreateKeyExW 77DD776C 5 Bytes JMP 00F60F9E
.text C:\WINDOWS\System32\svchost.exe[3552] ADVAPI32.dll!RegOpenKeyExA 77DD7852 5 Bytes JMP 00F60FE5
.text C:\WINDOWS\System32\svchost.exe[3552] ADVAPI32.dll!RegOpenKeyW 77DD7946 5 Bytes JMP 00F60011
.text C:\WINDOWS\System32\svchost.exe[3552] ADVAPI32.dll!RegCreateKeyExA 77DDE9F4 5 Bytes JMP 00F6005B
.text C:\WINDOWS\System32\svchost.exe[3552] ADVAPI32.dll!RegOpenKeyA 77DDEFC8 5 Bytes JMP 00F60000
.text C:\WINDOWS\System32\svchost.exe[3552] ADVAPI32.dll!RegCreateKeyW 77DFBA55 2 Bytes JMP 00F60FAF
.text C:\WINDOWS\System32\svchost.exe[3552] ADVAPI32.dll!RegCreateKeyW + 3 77DFBA58 2 Bytes [16, 89]
.text C:\WINDOWS\System32\svchost.exe[3552] ADVAPI32.dll!RegCreateKeyA 77DFBCF3 5 Bytes JMP 00F60FC0
.text C:\WINDOWS\System32\svchost.exe[3552] msvcrt.dll!_wsystem 77C2931E 5 Bytes JMP 00F50042
.text C:\WINDOWS\System32\svchost.exe[3552] msvcrt.dll!system 77C293C7 5 Bytes JMP 00F50FAD
.text C:\WINDOWS\System32\svchost.exe[3552] msvcrt.dll!_creat 77C2D40F 5 Bytes JMP 00F5001D
.text C:\WINDOWS\System32\svchost.exe[3552] msvcrt.dll!_open 77C2F566 5 Bytes JMP 00F50000
.text C:\WINDOWS\System32\svchost.exe[3552] msvcrt.dll!_wcreat 77C2FC9B 5 Bytes JMP 00F50FC8
.text C:\WINDOWS\System32\svchost.exe[3552] msvcrt.dll!_wopen 77C30055 5 Bytes JMP 00F50FE3
.text C:\WINDOWS\System32\svchost.exe[3552] WS2_32.dll!socket 71AB4211 5 Bytes JMP 00F40000
.text C:\WINDOWS\explorer.exe[4004] ntdll.dll!NtCreateFile 7C90D0AE 5 Bytes JMP 017C0FE5
.text C:\WINDOWS\explorer.exe[4004] ntdll.dll!NtCreateProcess 7C90D14E 5 Bytes JMP 017C0FB9
.text C:\WINDOWS\explorer.exe[4004] ntdll.dll!NtProtectVirtualMemory 7C90D6EE 5 Bytes JMP 017C0FD4
.text C:\WINDOWS\explorer.exe[4004] kernel32.dll!CreateFileA 7C801A28 5 Bytes JMP 017B0000
.text C:\WINDOWS\explorer.exe[4004] kernel32.dll!VirtualProtectEx 7C801A61 5 Bytes JMP 017B0F8D
.text C:\WINDOWS\explorer.exe[4004] kernel32.dll!VirtualProtect 7C801AD4 5 Bytes JMP 017B0FA8
.text C:\WINDOWS\explorer.exe[4004] kernel32.dll!LoadLibraryExW 7C801AF5 5 Bytes JMP 017B0076
.text C:\WINDOWS\explorer.exe[4004] kernel32.dll!LoadLibraryExA 7C801D53 5 Bytes JMP 017B0FC3
.text C:\WINDOWS\explorer.exe[4004] kernel32.dll!LoadLibraryA 7C801D7B 5 Bytes JMP 017B0040
.text C:\WINDOWS\explorer.exe[4004] kernel32.dll!GetStartupInfoW 7C801E54 5 Bytes JMP 017B0F4E
.text C:\WINDOWS\explorer.exe[4004] kernel32.dll!GetStartupInfoA 7C801EF2 5 Bytes JMP 017B0F5F
.text C:\WINDOWS\explorer.exe[4004] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 017B0F18
.text C:\WINDOWS\explorer.exe[4004] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 017B00B1
.text C:\WINDOWS\explorer.exe[4004] kernel32.dll!GetProcAddress 7C80AE40 5 Bytes JMP 017B0EFD
.text C:\WINDOWS\explorer.exe[4004] kernel32.dll!LoadLibraryW 7C80AEEB 5 Bytes JMP 017B0065
.text C:\WINDOWS\explorer.exe[4004] kernel32.dll!CreateFileW 7C810800 5 Bytes JMP 017B0025
.text C:\WINDOWS\explorer.exe[4004] kernel32.dll!CreatePipe 7C81D83F 5 Bytes JMP 017B0F7C
.text C:\WINDOWS\explorer.exe[4004] kernel32.dll!CreateNamedPipeW 7C82F0DD 5 Bytes JMP 017B0FDE
.text C:\WINDOWS\explorer.exe[4004] kernel32.dll!CreateNamedPipeA 7C860CDC 5 Bytes JMP 017B0FEF
.text C:\WINDOWS\explorer.exe[4004] kernel32.dll!WinExec 7C86250D 5 Bytes JMP 017B0F33
.text C:\WINDOWS\explorer.exe[4004] ADVAPI32.dll!RegOpenKeyExW 77DD6AAF 5 Bytes JMP 016B001B
.text C:\WINDOWS\explorer.exe[4004] ADVAPI32.dll!RegCreateKeyExW 77DD776C 5 Bytes JMP 016B0051
.text C:\WINDOWS\explorer.exe[4004] ADVAPI32.dll!RegOpenKeyExA 77DD7852 5 Bytes JMP 016B0FCA
.text C:\WINDOWS\explorer.exe[4004] ADVAPI32.dll!RegOpenKeyW 77DD7946 5 Bytes JMP 016B000A
.text C:\WINDOWS\explorer.exe[4004] ADVAPI32.dll!RegCreateKeyExA 77DDE9F4 5 Bytes JMP 016B0036
.text C:\WINDOWS\explorer.exe[4004] ADVAPI32.dll!RegOpenKeyA 77DDEFC8 5 Bytes JMP 016B0FEF
.text C:\WINDOWS\explorer.exe[4004] ADVAPI32.dll!RegCreateKeyW 77DFBA55 2 Bytes JMP 016B0F94
.text C:\WINDOWS\explorer.exe[4004] ADVAPI32.dll!RegCreateKeyW + 4 77DFBA59 1 Byte [89]
.text C:\WINDOWS\explorer.exe[4004] ADVAPI32.dll!RegCreateKeyA 77DFBCF3 3 Bytes JMP 016B0FA5
.text C:\WINDOWS\explorer.exe[4004] ADVAPI32.dll!RegCreateKeyA + 4 77DFBCF7 1 Byte [89]
.text C:\WINDOWS\explorer.exe[4004] msvcrt.dll!_wsystem 77C2931E 5 Bytes JMP 00E7004E
.text C:\WINDOWS\explorer.exe[4004] msvcrt.dll!system 77C293C7 5 Bytes JMP 00E70FB9
.text C:\WINDOWS\explorer.exe[4004] msvcrt.dll!_creat 77C2D40F 5 Bytes JMP 00E70029
.text C:\WINDOWS\explorer.exe[4004] msvcrt.dll!_open 77C2F566 5 Bytes JMP 00E70FEF
.text C:\WINDOWS\explorer.exe[4004] msvcrt.dll!_wcreat 77C2FC9B 5 Bytes JMP 00E70FCA
.text C:\WINDOWS\explorer.exe[4004] msvcrt.dll!_wopen 77C30055 5 Bytes JMP 00E7000C
.text C:\WINDOWS\explorer.exe[4004] WININET.dll!InternetOpenA 3D95D690 5 Bytes JMP 00E50000
.text C:\WINDOWS\explorer.exe[4004] WININET.dll!InternetOpenW 3D95DB09 5 Bytes JMP 00E5001B
.text C:\WINDOWS\explorer.exe[4004] WININET.dll!InternetOpenUrlA 3D95F3A4 5 Bytes JMP 00E50FE5
.text C:\WINDOWS\explorer.exe[4004] WININET.dll!InternetOpenUrlW 3D9A6D5F 5 Bytes JMP 00E50036
.text C:\WINDOWS\explorer.exe[4004] WS2_32.dll!socket 71AB4211 5 Bytes JMP 00E60000

---- Devices - GMER 1.0.15 ----

AttachedDevice \FileSystem\Ntfs \Ntfs mfehidk.sys (McAfee Link Driver/McAfee, Inc.)
AttachedDevice \Driver\Tcpip \Device\Ip mfetdi2k.sys (Anti-Virus Mini-Firewall Driver/McAfee, Inc.)
AttachedDevice \Driver\Tcpip \Device\Tcp mfetdi2k.sys (Anti-Virus Mini-Firewall Driver/McAfee, Inc.)
AttachedDevice \Driver\Tcpip \Device\Udp mfetdi2k.sys (Anti-Virus Mini-Firewall Driver/McAfee, Inc.)
AttachedDevice \Driver\Tcpip \Device\RawIp mfetdi2k.sys (Anti-Virus Mini-Firewall Driver/McAfee, Inc.)

Device mrxsmb.sys (Windows NT SMB Minirdr/Microsoft Corporation)
Device Fs_Rec.SYS (File System Recognizer Driver/Microsoft Corporation)

---- Threads - GMER 1.0.15 ----

Thread System [4:272] A77E6BD0

---- EOF - GMER 1.0.15 ----



Malwarebytes' Anti-Malware 1.51.1.1800
www.malwarebytes.org

Database version: 7409

Windows 5.1.2600 Service Pack 3
Internet Explorer 8.0.6001.18702

8/8/2011 9:00:39 AM
mbam-log-2011-08-08 (09-00-39).txt

Scan type: Quick scan
Objects scanned: 170620
Time elapsed: 10 minute(s), 32 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 1
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{70C6E9DE-F30E-4A40-8A6F-9572C2328320} (PUP.FCTPlugin) -> Quarantined and deleted successfully.

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)

Eset Threats
C:\Documents and Settings\Gary Zeigler\DoctorWeb\Quarantine\expsrv7.dll probably a variant of Win32/Kryptik.LXF trojan
C:\System Volume Information\_restore{ECE42D92-315C-418E-8F32-95DC4FF2BBEF}\RP43\A0007940.exe probably a variant of Win32/SecurityStronghold application
  • 0

#8
Aaron

Aaron

    GeekU Mod

  • GeekU Moderator
  • 3,155 posts
Hi, your logs look clean :)

I'm happy I could help. I'm giving you some tips about preventing new infections and how to increase your computer's speed.
Let's first remove all system restore points (because they may still contain malware) and create a new restore point. To do this:

  • Open OTL
  • Under the Custom Scans/Fixes box at the bottom, paste the following:

    :Commands
    [clearallrestorepoints]
  • Click the Run Fix button at the top
  • It might ask you to reboot, if so click YES
Now we can cleanup the tools we used:
  • Open OTL to run it.
  • Click on the CleanUp button.
  • Click Yes to begin the cleanup process and remove tools, including this application.
  • You may be asked to reboot the machine to finish the cleanup process - if so, choose Yes.
  • Note: if there are still some files left then you may delete them manually
============ 1. Cleaning your temporary files ============

We've already cleaned your temporary files when we removed the malware on your computer, but you could do this step once a month to keep your computer clean and faster. It will also greatly decrease the time a program like e.g. MBAM needs to scan for malware

Download Posted ImageTFC by OldTimer to your desktop
  • Please right-click TFC.exe and choose Run As Administrator.
  • It will close all programs when run, so make sure you have saved all your work before you begin.
  • Click the Start button to begin the process. Depending on how often you clean temp files, execution time should be anywhere from a few seconds to a minute or two. Let it run uninterrupted to completion.
  • Once it''s finished it should reboot your machine. If it does not, please manually reboot the machine yourself to ensure a complete clean.
You can find more information about TFC here.
Another great program you could use instead is Posted ImageCcleaner, it's best to download and install Ccleaner Slim that does not contain the Yahoo! Toolbar.

============ 2. Updating your programs ============

It is recommended to update all your programs, as this will result in a faster working computer and optimal protection. I highly recommended you to update most programs at least once a month!

  • Posted ImageIt is very important to update Windows as this will make your computer a lot safer, stable and maybe even faster. Every XP user should have Service Pack 3 & every Vista user should have Service Pack 2.
    For XP users: You can start it by clicking Start -> All programs -> Windows Update or go to this site.

    For Vista/Windows 7 users: Go to Control Panel and select System and Maintenance, then select Windows Update and install every update.
  • Posted Image It is also very important to update Java! Older versions have vulnerabilities that malware can use to infect your system (like when playing a browser game or even by visiting certain sites). Please follow these steps to remove older versions of Java and to install the newest one available.
    • Download the latest version of Java SE Runtime Environment (JRE) here.
    • Please go to Start -> Control Panel -> Add/Remove Programs and remove all old versions like Java™ 6 Update *version*. The following versions of Java could also be installed, uninstall these too: Java Runtime, Runtime Environment, Runtime, JRE, Java Virtual Machine, Virtual Machine, Java VM, JVM, VM, J2RE and J2SE.
    • Reboot your computer once all Java components are removed.
    • If you are experiencing problems while removing Java then you can try JavaRa to remove all leftovers.
    • Then from your desktop double-click on the download to install the newest version.
  • Posted ImageIt is also important to update Adobe Reader. Please go to Start > Control Panel > Add/Remove Programs and remove Adobe Reader. Then download and install the latest version here.
  • Extra:Posted ImageSecunia and the Posted ImageFilehippo Update Checker are two programs which can help you updating your programs. These will notify you when an update is found an suggest you a download link.
============ 3. How to prevent an new infection ============

I will list some program's here to secure your computer. At first look this could seem as a security overkill, but it isn't. Most program's aren't active so they won't slow down your computer at all. Only your antivirus, firewall, Winpatrol and Autorun Eater are active. These last two use almost no system resources from your computer, so your computer won't slow down a bit. All these programs are also free or have a free version.

  • First of all you need a good antivirus. Only install one antivirus program at the time because they can conflict! A few good antivirus to buy are Avira, Kaspersky, Avast and Norton (there are other good ones too). You see for yourself, you can find test reports ones a month at AV-Comparatives.org.
    If you want a free antivirus then I recommend you ONE of these:

    ! McAfee and Norton are known for their inability to uninstall themselves correctly, so after you uninstall them then run the corresponding uninstaller before trying to install a new anti-virus!
    McAfee Uninstaller
    Norton Uninstaller
  • Posted ImageSpywareblaster protects against bad ActiveX, it immunizes your PC against them. For more information see the TUTORIAL
  • Posted Image MVPS Hosts file this hosts file should replace your current hosts file. When done, a lot of 'bad' sites will be blocked so you can't access them and you won't be infected. For more information see the TUTORIAL
  • A firewall is important to prevent malware connecting the internet (for sending personal information or to copy itself to other computers) and blocking unauthorised access to your computer, however this is can only come in handy for -very- experienced users. The windows firewall is fine for the most users, but it doesn't allow you to monitor outgoing connections (Vista and Windows can if you change the settings). A tutorial on understanding and using firewalls may be found here. If really you want a third-party firewall then I recommend you ONE of these to:

  • Extra: Posted ImageWinPatrol is a small program that will sit in your systray and warn you if something like malware tries to make changes to your system - for experienced users who like this extra protection.
  • Extra: if you use USB drives a lot then you might want to install Posted ImageAutorun Eater. This is a small program which will stay resident and prevent an infected USB device from infecting your PC. This is the ONLY secure way to use USB drives that aren't yours! For more information see the FAQ
  • Posted ImageSandboxie runs your programs in an isolated space which prevents them from making permanent changes to other programs and data in your computer. It therefore greatly increases your security ! Anything done in the 'Sandbox' can easily be undone, for more information see the Help & FAQ. This is one of my favorite programs!
  • Extra: have a look at Posted ImageOpenDNS if you want to block phishing sites, +18 sites from you kids and more.
  • If you have a router, logon to it today and change the password from the default. If you don't know how, get the make and model from the router then google for the router maker's site. Almost all router makers have very clear instructions for each router they make. This will prevent DNS hijacking. Also try using WPA(2) encryption as WEP is easily hacked.
  • For safest browsing use a login which does not have admin rights. Any login (especially those with admin rights should have a password and it should be something you can remember but which a random hacker can't guess.)
    How to create User Accounts XP
    How to create User Accounts Video - Windows 7 (& Vista)
============ 4. Detecting and deleting infections ============

Unfortunately some malware will always be able to get through our very good prevention, however this is very rare. To check your system for malware or to remove it I recommend you to scan monthly with these three programs:

Always update these programs before you start scanning, this is very important !!
If you are happy with MBAM or SuperAntiSpyware then you might consider buying a license. A license isn't expensive at all and they are valid for ever, so no need to buy a new every year. With a license you have real-time protection (besides your antivirus software) and will prevent a lot of malware before they get on your computer! I strongly recommend you try a free trail to test each program and make up for yourself which one suites you best. BUT, do not buy a license for both. If you have these two programs running at the same time, then they may conflict.

============ 5. What browser should I use and how do I surf the internet safe? ============

There are a lot of browsers you can use. Some are more secure, faster, have a better compatibility with most sites and some are more customizable then others, but they all have there strong and weak points.

Posted ImageInternet Explorer is installed on almost every Windows computer. It is the slowest browser of all browser listed here and it's targeted most by malware. However Internet Explorer has a very high compatibility with most sites, it is a browser that most people use and there is good support from Microsoft.

How to make Internet Explorer more secure ?
  • Click Start > Run
  • Type Inetcpl.cpl & click OK
  • Click on the Security tab
  • Click Reset all zones to default level
  • Make sure the Internet Zone is selected & Click Custom level
  • In the ActiveX section, set the first two options ("Download signed and unsigned ActiveX controls) to "Prompt", and ("Initialize and Script ActiveX controls not marked as safe") to "Disable".
  • Next Click OK, then Apply button and then OK to exit the Internet Properties page.
Posted ImageFirefox is a very good open source browser. It's the secondly most used browser, it has a high compatibility with most sites and it's highly customizable. It is my personal favourite. FireFox is also targeted a lot by malware and it's not the fastest one, it has a slow startup. If you use Firefox then I recommend these add-ons:

  • Adblock Plus will block almost all ads on the internet.
  • WOT this tells you whether the sites you are about to visit are safe or not. A must if you do a lot of Googling!
  • NoScript provides extra protection to your Firefox (for more experienced users). It really makes Firefox safer!
    It allows JavaScript, Java and other executable content to run only from trusted domains of your choice, e.g. your home-banking web site, guarding your "trust boundaries" against cross-site scripting attacks (XSS) and Clickjacking attempts.
  • Vacuum Places Improved defragments your Firefox "Places" database (history/bookmarks)
    This greatly reduces the lag while typing in the address bar and the start-up time.
    This extension features configurable automatic cleaning, periodic reminder, and internationalization.
  • SpeedyFox another good tool that also boosts Firefox.
See here for a list of popular extensions, I'm sure it will improve your browser experience!

Posted ImageOpera is a good looking and very fast browser that has a lot of features other browsers don't have and it also isn't really targeted by malware. Not as customizable as Firefox and you can have some compatibility problems. Some features are: Mouse gestures, Opera Link, Opera Mail, Opera Turbo, Widgets, Speed Dial, Opera Unite... See here for more information.

Posted ImageGoogle Chrome is relatively new browser that is getting popular very fast. It is made by Google, it's the fastest browser of all and it's also easy looking. It also has support for add-ons like Firefox, but not as many as Firefox:

  • Adblock will block almost all ads on the internet.
  • WOT this tells you whether the sites you are about to visit are safe or not. A must if you do a lot of Googling!
See here for a list of popular extensions, I'm sure it will improve your browser experience!

============ 6. A few tips ============

  • Remove trail software and programs that you don't use any more, it will free disk space and can speed up your computer.
  • Make sure your hard drive is defragmented, this will also increase your computers' speed.

    • Windows XP users: have a look here
    • Windows Vista & 7 users: Windows normally defragments automatcly so you don't need to do anything. If you want to do it yourself then you can find information here
      I strongly recommend you to let Windows automatically defragment your drive once a month - not more, not less. You can check this option if you open Disk Defragmenter.
  • Make sure you always have backups! If anything goes wrong, you will always have your most precious data stored safe.
  • Do this to make your computer boot up and work a lot faster: open Start > Run and typ msconfig (Vista and 7 users can just typ this in the start menu) > Go to the Boot (4th) tab and untick everythink that isn't security software > press OK and restart.
    This will greatly improve your computers' speed!
  • Think twice when before downloading things like attachments, torrents, cracks, keygens, codecs and using P2P program's. Also watch out what sites you visit: particularly +18 sites and sites where you can download illegal or cracked software.
  • Do not use following software or be very, very careful: register cleaners, driver updating software, codecs (for music or movies) and Windows Transformation Packs. These often contain malware and even if they are malware free then they can still do severe damage to your system!
  • Also see the general the Preventing Malware and Safe Computing guide, made by one of my excellent former teachers.
--------------------------------------------------------------

Tell me if you need help with your router! :unsure:
Happy surfing again !
  • 0

#9
gtzig

gtzig

    New Member

  • Topic Starter
  • Member
  • Pip
  • 5 posts
Hi Aaron

My sincere thanks for your help. Computer is running fine and I am busy with the clean-up and implementing tools recommended by you to keep me safe in the future.

Thanks again

Gary
  • 0

#10
Aaron

Aaron

    GeekU Mod

  • GeekU Moderator
  • 3,155 posts
Since this issue appears to be resolved ... this Topic has been closed. Glad we could help. :)

If you're the topic starter, and need this topic reopened, please contact a staff member with the address of the thread.

Everyone else please begin a New Topic.
  • 0






Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP