Jump to content

Welcome to Geeks to Go - Register now for FREE

Geeks To Go is a helpful hub, where thousands of volunteer geeks quickly serve friendly answers and support. Check out the forums and get free advice from the experts. Register now to gain access to all of our features, it's FREE and only takes one minute. Once registered and logged in, you will be able to create topics, post replies to existing threads, give reputation to your fellow members, get your own private messenger, post status updates, manage your profile and so much more.

Create Account How it Works
Photo

Running Slooooooooow as molasses


  • This topic is locked This topic is locked

#1
writer99

writer99

    Member

  • Member
  • PipPip
  • 11 posts
First, thanks to you Geekstogo volunteers for this website! I've always been impressed with the sheer amount of problems that are solved by volunteers, and now I finally need to post something myself. Thanks in advance for the help!

I'm running WindowsXP on a computer that I've had for 9+ years. It's hasn't been as fast as it used to be in years, but in the last week, it's gotten to be unbelievably slow at times. Video is jerky, apps take forever to open and close. At times, even when switching between tabs in Google Chrome browser, I can watch as the page appears, line by line, from the top to the bottom. It seems to get slower the more time I leave between restarts of Windows, but even then, sometimes it's slow immediately after a restart. I've got 1000 MB RAM, but I've had that much for years, and its been fine up until now. The hard drive is going all the time when it's slow, and I've played around with the virtual memory settings, but with little success.

I've scanned using malwarebytes and found nothing. I run AVAST 24/7, and I'm behind a Linksys router with the firewall on. So I suspect there's a good chance I'm not even infected with anything. I thought it might be a registry that has been clogged up over the years by installing lots of programs, but what do I know?!

Any help you can offer would be very much appreciated.

OTL Logfile is below
(names changed to protect the innocent)



OTL logfile created on: 10/27/2011 10:55:55 PM - Run 1
OTL by OldTimer - Version 3.2.31.0 Folder = C:\Documents and Settings\freddy\My Documents\Current 2\Malware Cleaning
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

1023.29 Mb Total Physical Memory | 362.93 Mb Available Physical Memory | 35.47% Memory free
3.84 Gb Paging File | 3.02 Gb Available in Paging File | 78.81% Paging File free
Paging file location(s): D:\pagefile.sys 3000 4096 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 931.50 Gb Total Space | 775.85 Gb Free Space | 83.29% Space Free | Partition Type: NTFS
Drive D: | 279.48 Gb Total Space | 13.17 Gb Free Space | 4.71% Space Free | Partition Type: NTFS

Computer Name: HP | User Name: freddy | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2011/10/27 22:43:52 | 000,584,192 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\freddy\My Documents\Current 2\Malware Cleaning\OTL.exe
PRC - [2011/10/26 01:10:47 | 001,036,344 | ---- | M] (Google Inc.) -- C:\Documents and Settings\freddy\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
PRC - [2011/09/20 07:58:36 | 049,424,384 | ---- | M] (CompanionLink Software, Inc.) -- C:\Program Files\CompanionLink\CompanionLink.exe
PRC - [2011/08/09 16:38:38 | 000,328,536 | ---- | M] (IObit) -- C:\Program Files\IObit\Advanced SystemCare 4\ASCService.exe
PRC - [2011/07/04 04:43:54 | 003,493,720 | ---- | M] (AVAST Software) -- C:\Program Files\Alwil Software\Avast5\AvastUI.exe
PRC - [2011/07/04 04:43:51 | 000,042,184 | ---- | M] (AVAST Software) -- C:\Program Files\Alwil Software\Avast5\AvastSvc.exe
PRC - [2011/06/24 15:56:40 | 000,050,632 | ---- | M] (Pro-SoftNet Corp, U.S.A) -- C:\Program Files\IDrive\IDriveEBackground.exe
PRC - [2011/06/24 15:56:16 | 000,157,128 | ---- | M] (Pro Softnet Corporation) -- C:\Program Files\IDrive\IDriveE Service.exe
PRC - [2011/06/24 15:54:34 | 002,491,848 | ---- | M] (Pro Softnet Corp.) -- C:\Program Files\IDrive\IDriveETray.exe
PRC - [2011/06/08 19:04:20 | 000,267,688 | ---- | M] ( ) -- C:\Program Files\IDrive\IDrivePlugin.exe
PRC - [2010/09/22 18:11:26 | 000,640,440 | ---- | M] (Adobe Systems Inc.) -- C:\Program Files\Adobe\Acrobat 9.0\Acrobat\acrotray.exe
PRC - [2010/03/25 01:45:44 | 000,495,616 | ---- | M] (Locktime Software) -- C:\Program Files\NetLimiter 2 Monitor\nlsvc.exe
PRC - [2009/09/15 23:01:07 | 000,651,720 | ---- | M] (Macrovision Europe Ltd.) -- C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
PRC - [2009/09/05 11:23:04 | 000,116,032 | ---- | M] (LogMeIn, Inc.) -- C:\Program Files\LogMeIn\x86\ramaint.exe
PRC - [2009/09/05 11:22:58 | 000,378,176 | ---- | M] (LogMeIn, Inc.) -- C:\Program Files\LogMeIn\x86\LMIGuardian.exe
PRC - [2008/08/11 12:41:00 | 000,063,048 | ---- | M] (LogMeIn, Inc.) -- C:\Program Files\LogMeIn\x86\LogMeInSystray.exe
PRC - [2008/08/11 12:41:00 | 000,063,040 | ---- | M] (LogMeIn, Inc.) -- C:\Program Files\LogMeIn\x86\LogMeIn.exe
PRC - [2008/04/13 17:12:22 | 000,015,360 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\inetsrv\inetinfo.exe
PRC - [2008/04/13 17:12:19 | 001,033,728 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
PRC - [2003/04/24 09:22:56 | 005,337,138 | ---- | M] (Interact Commerce Corporation) -- C:\Program Files\ACT\act.exe
PRC - [2003/03/19 18:43:00 | 000,065,536 | ---- | M] (Brother Industries, Ltd.) -- C:\WINDOWS\system32\Brmfrmps.exe
PRC - [2001/08/17 21:36:38 | 000,032,256 | ---- | M] (Brother Industries, Ltd.) -- C:\WINDOWS\system32\BrmfRsmg.exe


========== Modules (No Company Name) ==========

MOD - [2011/10/27 11:05:12 | 001,603,072 | ---- | M] () -- C:\Program Files\Alwil Software\Avast5\defs\11102701\algo.dll
MOD - [2011/10/26 09:42:29 | 000,239,432 | ---- | M] () -- C:\Program Files\Alwil Software\Avast5\defs\11102701\aswRep.dll
MOD - [2011/10/26 01:10:46 | 000,420,920 | ---- | M] () -- C:\Documents and Settings\freddy\Local Settings\Application Data\Google\Chrome\Application\15.0.874.106\ppgooglenaclpluginchrome.dll
MOD - [2011/10/26 01:10:45 | 003,702,840 | ---- | M] () -- C:\Documents and Settings\freddy\Local Settings\Application Data\Google\Chrome\Application\15.0.874.106\pdf.dll
MOD - [2011/10/26 01:09:09 | 000,122,952 | ---- | M] () -- C:\Documents and Settings\freddy\Local Settings\Application Data\Google\Chrome\Application\15.0.874.106\avutil-51.dll
MOD - [2011/10/26 01:09:07 | 000,222,280 | ---- | M] () -- C:\Documents and Settings\freddy\Local Settings\Application Data\Google\Chrome\Application\15.0.874.106\avformat-53.dll
MOD - [2011/10/26 01:09:06 | 001,745,992 | ---- | M] () -- C:\Documents and Settings\freddy\Local Settings\Application Data\Google\Chrome\Application\15.0.874.106\avcodec-53.dll
MOD - [2011/10/25 22:14:43 | 008,587,936 | ---- | M] () -- C:\Documents and Settings\freddy\Local Settings\Application Data\Google\Chrome\Application\15.0.874.106\gcswf32.dll
MOD - [2010/09/22 18:03:40 | 002,666,496 | ---- | M] () -- C:\Program Files\Adobe\Acrobat 9.0\PDFMaker\Common\AdobePDFMakerX.dll
MOD - [2009/08/06 13:14:12 | 001,063,248 | ---- | M] () -- C:\Program Files\LogMeIn\x86\ICSAgent32.dll
MOD - [2003/04/27 12:10:26 | 000,671,788 | ---- | M] () -- C:\Program Files\ACT\adal.dll
MOD - [2003/04/24 09:20:50 | 000,577,587 | ---- | M] () -- C:\Program Files\ACT\rptsys.dll
MOD - [2003/04/24 09:19:10 | 000,131,123 | ---- | M] () -- C:\Program Files\ACT\faxreq.dll
MOD - [2003/04/24 03:55:18 | 000,761,903 | ---- | M] () -- C:\Program Files\ACT\cb.dal
MOD - [2003/04/24 03:53:48 | 000,049,152 | ---- | M] () -- C:\Program Files\ACT\ActRegistrationMFC.dll
MOD - [2003/04/24 03:53:44 | 000,065,536 | ---- | M] () -- C:\Program Files\ACT\regact.dll
MOD - [2003/04/24 03:52:24 | 000,069,632 | ---- | M] () -- C:\Program Files\ACT\res_ie.dll
MOD - [2003/04/24 03:51:20 | 000,102,453 | ---- | M] () -- C:\Program Files\ACT\actparse.dll
MOD - [2003/04/24 03:51:12 | 000,053,301 | ---- | M] () -- C:\Program Files\ACT\macrorec.dll
MOD - [2003/04/24 03:50:54 | 000,491,520 | ---- | M] () -- C:\Program Files\ACT\graphsys.dll
MOD - [2003/04/24 03:50:28 | 000,622,645 | ---- | M] () -- C:\Program Files\ACT\exchange.dll
MOD - [2003/04/24 03:49:26 | 000,098,353 | ---- | M] () -- C:\Program Files\ACT\idal.dll
MOD - [2003/04/24 03:49:00 | 000,598,068 | ---- | M] () -- C:\Program Files\ACT\shareui.dll
MOD - [2003/04/24 03:48:30 | 000,069,685 | ---- | M] () -- C:\Program Files\ACT\Snprompt.dll
MOD - [2003/04/24 03:48:24 | 000,028,672 | ---- | M] () -- C:\Program Files\ACT\rcSNPrompt.dll
MOD - [2003/04/24 03:48:22 | 000,192,590 | ---- | M] () -- C:\WINDOWS\system32\ActExt.dll
MOD - [2003/04/24 03:47:26 | 000,045,142 | ---- | M] () -- C:\Program Files\ACT\ActABCache.dll
MOD - [2003/04/24 03:47:20 | 000,286,773 | ---- | M] () -- C:\Program Files\ACT\sharenui.dll
MOD - [1999/03/23 14:39:04 | 000,307,870 | ---- | M] () -- C:\Program Files\ACT\icdllw32.dll
MOD - [1999/03/23 14:32:24 | 000,200,578 | ---- | M] () -- C:\Program Files\ACT\pddllw32.dll
MOD - [1996/10/09 09:31:56 | 000,052,736 | ---- | M] () -- C:\Program Files\ACT\serial32.dll


========== Win32 Services (SafeList) ==========

SRV - [2011/08/09 16:38:38 | 000,328,536 | ---- | M] (IObit) [Auto | Running] -- C:\Program Files\IObit\Advanced SystemCare 4\ASCService.exe -- (AdvancedSystemCareService)
SRV - [2011/07/04 04:43:51 | 000,042,184 | ---- | M] (AVAST Software) [Auto | Running] -- C:\Program Files\Alwil Software\Avast5\AvastSvc.exe -- (avast! Antivirus)
SRV - [2011/06/24 15:56:16 | 000,157,128 | ---- | M] (Pro Softnet Corporation) [Auto | Running] -- C:\Program Files\IDrive\IDriveE Service.exe -- (IDriveE Service)
SRV - [2010/03/25 01:45:44 | 000,495,616 | ---- | M] (Locktime Software) [Auto | Running] -- C:\Program Files\NetLimiter 2 Monitor\nlsvc.exe -- (nlsvc)
SRV - [2009/09/15 23:01:07 | 000,651,720 | ---- | M] (Macrovision Europe Ltd.) [On_Demand | Running] -- C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe -- (FLEXnet Licensing Service)
SRV - [2009/09/05 11:23:04 | 000,116,032 | ---- | M] (LogMeIn, Inc.) [Auto | Running] -- C:\Program Files\LogMeIn\x86\RaMaint.exe -- (LMIMaint)
SRV - [2008/08/11 12:41:00 | 000,063,040 | ---- | M] (LogMeIn, Inc.) [Auto | Running] -- C:\Program Files\LogMeIn\x86\LogMeIn.exe -- (LogMeIn)
SRV - [2008/04/13 17:12:22 | 000,015,360 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\WINDOWS\system32\inetsrv\inetinfo.exe -- (W3SVC)
SRV - [2008/04/13 17:12:22 | 000,015,360 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\WINDOWS\system32\inetsrv\inetinfo.exe -- (SMTPSVC) Simple Mail Transfer Protocol (SMTP)
SRV - [2008/04/13 17:12:22 | 000,015,360 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\WINDOWS\system32\inetsrv\inetinfo.exe -- (IISADMIN)
SRV - [2003/03/19 18:43:00 | 000,065,536 | ---- | M] (Brother Industries, Ltd.) [Auto | Running] -- C:\WINDOWS\System32\Brmfrmps.exe -- (brmfrmps)


========== Driver Services (SafeList) ==========

DRV - [2011/07/04 04:36:43 | 000,441,176 | ---- | M] (AVAST Software) [File_System | System | Running] -- C:\WINDOWS\System32\drivers\aswSnx.sys -- (aswSnx)
DRV - [2011/07/04 04:36:32 | 000,309,848 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\aswSP.sys -- (aswSP)
DRV - [2011/07/04 04:35:23 | 000,043,608 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\aswTdi.sys -- (aswTdi)
DRV - [2011/07/04 04:35:12 | 000,102,616 | ---- | M] (AVAST Software) [File_System | Auto | Running] -- C:\WINDOWS\System32\drivers\aswmon2.sys -- (aswMon2)
DRV - [2011/07/04 04:32:32 | 000,025,432 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\aswRdr.sys -- (aswRdr)
DRV - [2011/07/04 04:32:13 | 000,030,808 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\aavmker4.sys -- (Aavmker4)
DRV - [2011/07/04 04:32:12 | 000,019,544 | ---- | M] (AVAST Software) [File_System | Auto | Running] -- C:\WINDOWS\System32\drivers\aswFsBlk.sys -- (aswFsBlk)
DRV - [2011/03/09 19:29:18 | 000,006,656 | ---- | M] (Windows ® Codename Longhorn DDK provider) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\iPodDrv.sys -- (iPodDrv)
DRV - [2010/03/25 01:49:06 | 000,082,360 | ---- | M] (Locktime Software) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\nltdi.sys -- (nltdi)
DRV - [2009/09/05 11:23:34 | 000,083,288 | ---- | M] (LogMeIn, Inc.) [File_System | Disabled | Stopped] -- C:\WINDOWS\System32\LMIRfsClientNP.dll -- (LMIRfsClientNP)
DRV - [2009/03/25 06:29:52 | 000,130,432 | ---- | M] (Realtek Semiconductor Corporation ) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\Rtnicxp.sys -- (RTL8023xp)
DRV - [2009/03/18 17:35:40 | 000,026,176 | -H-- | M] (LogMeIn, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\hamachi.sys -- (hamachi)
DRV - [2008/08/11 12:41:00 | 000,047,640 | ---- | M] (LogMeIn, Inc.) [File_System | Auto | Running] -- C:\WINDOWS\system32\drivers\LMIRfsDriver.sys -- (LMIRfsDriver)
DRV - [2008/08/11 12:41:00 | 000,012,856 | ---- | M] (LogMeIn, Inc.) [Kernel | Auto | Running] -- C:\Program Files\LogMeIn\x86\rainfo.sys -- (LMIInfo)
DRV - [2008/04/13 11:36:41 | 000,063,744 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\mf.sys -- (mf)
DRV - [2008/01/14 03:06:32 | 000,021,632 | ---- | M] (ManyCam LLC.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ManyCam.sys -- (ManyCam)
DRV - [2007/12/04 18:10:30 | 000,016,640 | R--- | M] (PalmSource, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\PalmUSBD.sys -- (PalmUSBD)
DRV - [2007/09/05 13:04:34 | 000,079,408 | ---- | M] (PACE Anti-Piracy, Inc.) [Kernel | Boot | Running] -- C:\WINDOWS\System32\drivers\TPkd.sys -- (TPkd)
DRV - [2006/02/21 20:46:26 | 001,505,792 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ati2mtag.sys -- (ati2mtag)
DRV - [2004/10/01 10:24:02 | 002,279,424 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ALCXWDM.SYS -- (ALCXWDM) Service for Realtek AC97 Audio (WDM)
DRV - [2004/08/03 22:31:32 | 000,020,992 | ---- | M] (Realtek Semiconductor Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\rtl8139.sys -- (rtl8139) Realtek RTL8139(A/B/C)
DRV - [2004/08/03 22:29:51 | 000,166,912 | ---- | M] (S3 Graphics, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\s3gnbm.sys -- (S3Psddr)
DRV - [2004/08/03 22:29:29 | 000,014,336 | ---- | M] (ATI Technologies Inc.) [Kernel | Auto | Stopped] -- C:\WINDOWS\system32\drivers\atinpdxx.sys -- (PCDCODEC)
DRV - [2003/12/12 19:03:10 | 000,652,689 | ---- | M] (Agere Systems) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ltmdmnt.sys -- (ltmodem5)
DRV - [2003/02/27 02:19:50 | 000,260,736 | ---- | M] (Silicon Integrated Systems Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\sisgrp.sys -- (SiS315)
DRV - [2003/02/23 03:55:26 | 000,141,824 | ---- | M] (Promise Technology, Inc.) [Kernel | Boot | Running] -- C:\WINDOWS\System32\DRIVERS\fasttx2k.sys -- (fasttx2k)
DRV - [2002/12/27 18:41:00 | 000,026,880 | ---- | M] (VIA Technologies, Inc.) [Kernel | Boot | Running] -- C:\WINDOWS\System32\DRIVERS\viaagp1.sys -- (viaagp1)
DRV - [2002/12/25 05:09:48 | 000,030,848 | ---- | M] (Silicon Integrated Systems Corporation) [Kernel | Boot | Running] -- C:\WINDOWS\System32\DRIVERS\SISAGPX.sys -- (SISAGP)
DRV - [2002/10/01 09:22:32 | 000,009,856 | ---- | M] (Padus, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\pfc.sys -- (pfc)
DRV - [2002/09/24 00:37:00 | 000,080,896 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\NVENET.sys -- (NVENET)
DRV - [2002/09/20 01:15:42 | 000,472,396 | R--- | M] (Logitech Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\lvcm.sys -- (QCMerced)
DRV - [2002/09/11 09:17:14 | 000,100,671 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\atinrvxx.sys -- (atinrvxx)
DRV - [2002/09/11 09:17:14 | 000,059,647 | ---- | M] (ATI Technologies Inc.) [Kernel | Auto | Stopped] -- C:\WINDOWS\system32\drivers\atinxsxx.sys -- (ATIXSAudio)
DRV - [2002/09/11 09:17:14 | 000,048,399 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\atinraxx.sys -- (ativraxx)
DRV - [2002/09/11 09:17:14 | 000,036,911 | ---- | M] (ATI Technologies Inc.) [Kernel | Auto | Stopped] -- C:\WINDOWS\system32\drivers\atintuxx.sys -- (ATITUNEP)
DRV - [2002/09/11 09:17:14 | 000,012,415 | ---- | M] (ATI Technologies Inc.) [Kernel | Auto | Stopped] -- C:\WINDOWS\system32\drivers\atinmdxx.sys -- (MVDCODEC)
DRV - [2002/09/07 01:24:00 | 000,013,568 | ---- | M] (NVIDIA Corporation) [Kernel | Boot | Running] -- C:\WINDOWS\System32\DRIVERS\nv_agp.sys -- (nv_agp)
DRV - [2001/08/17 13:12:22 | 000,010,368 | ---- | M] (Brother Industries Ltd.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\BrUsbScn.sys -- (BrUsbScn)
DRV - [2001/08/17 13:12:12 | 000,002,944 | ---- | M] (Brother Industries Ltd.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\BrFilt.sys -- (brfilt)
DRV - [2001/06/04 21:00:00 | 000,014,112 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\PS2.sys -- (Ps2)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar = http://srch-us8.hpwis.com/

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.google.com/ie
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.msnbc.msn.com/
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Search_URL = http://www.google.com/ie
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.google.com/ie
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = 192.168.*.*;<local>
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "AutoConfigURL" = http://proxy.ucla.edu/cgi/proxy

FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\WINDOWS\system32\Macromed\Flash\NPSWF32.dll ()
FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\WINDOWS\system32\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.)
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@doubletwist.com/NPPodcast: C:\Program Files\Common Files\doubleTwist\NPPodcast.dll (doubleTwist Corporation)
FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF - HKLM\Software\MozillaPlugins\@google.com/npPicasa3,version=3.0.0: C:\Program Files\Google\Picasa3\npPicasa3.dll (Google, Inc.)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\4.0.60831.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@palmsource.com/installer,version=1.0: C:\PROGRA~1\Palm\PACKAG~1\NPInstal.dll ()
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.79\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.79\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\Adobe Acrobat: C:\Program Files\Adobe\Acrobat 9.0\Acrobat\Air\nppdf32.dll (Adobe Systems Inc.)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Documents and Settings\freddy\Local Settings\Application Data\Google\Update\1.3.21.79\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Documents and Settings\freddy\Local Settings\Application Data\Google\Update\1.3.21.79\npGoogleUpdate3.dll (Google Inc.)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{A580ADAB-A578-4DB5-9B07-510AC9442829}: C:\Documents and Settings\freddy\Local Settings\Application Data\{A580ADAB-A578-4DB5-9B07-510AC9442829} [2011/01/20 16:49:48 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 3.5.7\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2011/03/28 14:33:14 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 3.5.7\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2011/07/13 11:34:25 | 000,000,000 | ---D | M]

[2010/04/09 15:10:21 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\freddy\Application Data\Mozilla\Extensions
[2010/04/09 15:10:21 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\freddy\Application Data\Mozilla\Extensions\[email protected]
[2011/06/02 16:28:05 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\freddy\Application Data\Mozilla\Firefox\Profiles\fz5pq15l.freddy\extensions
[2011/02/10 22:40:45 | 000,000,000 | ---D | M] (DownloadHelper) -- C:\Documents and Settings\freddy\Application Data\Mozilla\Firefox\Profiles\fz5pq15l.freddy\extensions\{b9db16a4-6edc-47ec-a1f4-b86292ed211d}
[2009/12/09 11:25:41 | 000,000,000 | ---D | M] ("Tab Mix Plus") -- C:\Documents and Settings\freddy\Application Data\Mozilla\Firefox\Profiles\fz5pq15l.freddy\extensions\{dc572301-7619-498c-a57d-39143191b318}
[2010/03/03 10:44:07 | 000,000,000 | ---D | M] ("Xmarks") -- C:\Documents and Settings\freddy\Application Data\Mozilla\Firefox\Profiles\fz5pq15l.freddy\extensions\[email protected]
[2010/02/11 18:11:45 | 000,000,000 | ---D | M] (LogMeIn, Inc. Remote Access Plugin) -- C:\Documents and Settings\freddy\Application Data\Mozilla\Firefox\Profiles\fz5pq15l.freddy\extensions\[email protected]
[2011/02/10 22:40:45 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\freddy\Application Data\Mozilla\Firefox\Profiles\fz5pq15l.freddy\extensions\staged-xpis
[2011/06/27 23:41:34 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
[2011/06/27 13:04:28 | 000,000,000 | ---D | M] (Skype extension) -- C:\Program Files\Mozilla Firefox\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}
[2011/06/27 23:41:34 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA}
[2010/02/21 03:22:32 | 000,712,704 | ---- | M] (BitComet) -- C:\Program Files\mozilla firefox\plugins\npBitCometAgent.dll
[2011/06/27 23:41:21 | 000,476,904 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\mozilla firefox\plugins\npdeployJava1.dll

========== Chrome ==========

CHR - default_search_provider: Google (Enabled)
CHR - default_search_provider: search_url = {google:baseURL}search?{google:RLZ}{google:acceptedSuggestion}{google:originalQueryForSuggestion}{google:searchFieldtrialParameter}{google:instantFieldTrialGroupParameter}sourceid=chrome&ie={inputEncoding}&q={searchTerms}
CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}{google:instantFieldTrialGroupParameter}client=chrome&hl={language}&q={searchTerms}
CHR - plugin: Shockwave Flash (Enabled) = C:\Documents and Settings\freddy\Local Settings\Application Data\Google\Chrome\Application\15.0.874.106\gcswf32.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\WINDOWS\system32\Macromed\Flash\NPSWF32.dll
CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin.dll
CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin2.dll
CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin3.dll
CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin4.dll
CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin5.dll
CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin6.dll
CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin7.dll
CHR - plugin: Java Deployment Toolkit 6.0.260.3 (Enabled) = C:\Program Files\Java\jre6\bin\new_plugin\npdeployJava1.dll
CHR - plugin: Java™ Platform SE 6 U26 (Enabled) = C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll
CHR - plugin: Adobe Acrobat (Disabled) = C:\Program Files\Adobe\Acrobat 9.0\Acrobat\Browser\nppdf32.dll
CHR - plugin: Silverlight Plug-In (Enabled) = c:\Program Files\Microsoft Silverlight\4.0.60531.0\npctrl.dll
CHR - plugin: Shockwave for Director (Enabled) = C:\WINDOWS\system32\Adobe\Director\np32dsw.dll
CHR - plugin: Windows Media Player Plug-in Dynamic Link Library (Enabled) = C:\Program Files\Windows Media Player\npdsplay.dll
CHR - plugin: Microsoft Office 2003 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\NPOFFICE.DLL
CHR - plugin: Remoting Viewer (Enabled) = internal-remoting-viewer
CHR - plugin: Native Client (Enabled) = C:\Documents and Settings\freddy\Local Settings\Application Data\Google\Chrome\Application\15.0.874.106\ppGoogleNaClPluginChrome.dll
CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Documents and Settings\freddy\Local Settings\Application Data\Google\Chrome\Application\15.0.874.106\pdf.dll
CHR - plugin: ActiveTouch General Plugin Container (Enabled) = C:\Documents and Settings\freddy\Local Settings\Application Data\Google\Chrome\Application\plugins\npatgpc.dll
CHR - plugin: BitCometAgent (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npBitCometAgent.dll
CHR - plugin: Microsoft\u00AE DRM (Enabled) = C:\Program Files\Windows Media Player\npdrmv2.dll
CHR - plugin: Microsoft\u00AE DRM (Enabled) = C:\Program Files\Windows Media Player\npwmsdrm.dll
CHR - plugin: Google Update (Enabled) = C:\Documents and Settings\freddy\Local Settings\Application Data\Google\Update\1.3.21.69\npGoogleUpdate3.dll
CHR - plugin: PalmSource Package Installer (Enabled) = C:\PROGRA~1\Palm\PACKAG~1\NPInstal.dll
CHR - plugin: Google Earth Plugin (Enabled) = C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll
CHR - plugin: Picasa (Enabled) = C:\Program Files\Google\Picasa3\npPicasa3.dll
CHR - plugin: iTunes Application Detector (Enabled) = C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll
CHR - plugin: Windows Presentation Foundation (Enabled) = c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll
CHR - plugin: Default Plug-in (Enabled) = default_plugin
CHR - Extension: Email this page (by Google) = C:\Documents and Settings\freddy\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\dbeoemfhkdniadbojeencpkgmobndpai\1.2.5_0\
CHR - Extension: Select To Get Maps = C:\Documents and Settings\freddy\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\hinehgnhgiohbfpbpgkjnelkcgdkcgha\1.1.1_0\

Hosts file not found
O2 - BHO: (ContributeBHO Class) - {074C1DC5-9320-4A9A-947D-C042949C6216} - C:\Program Files\Adobe\/Adobe Contribute CS3/contributeieplugin.dll ()
O2 - BHO: (PodcastBHO Class) - {65134FDF-F8A5-4B3D-91D9-CDF273CFD578} - C:\Program Files\Common Files\doubleTwist\IEPodcastPlugin.dll (doubleTwist Corporation)
O2 - BHO: (Adobe PDF Conversion Toolbar Helper) - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O2 - BHO: (Skype Browser Helper) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O2 - BHO: (SmartSelect Class) - {F4971EE7-DAA0-4053-9964-665D8EE6A077} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O3 - HKLM\..\Toolbar: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O3 - HKLM\..\Toolbar: (Contribute Toolbar) - {517BDDE4-E3A7-4570-B21E-2B52B6139FC7} - C:\Program Files\Adobe\/Adobe Contribute CS3/contributeieplugin.dll ()
O3 - HKCU\..\Toolbar\ShellBrowser: (no name) - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - No CLSID value found.
O3 - HKCU\..\Toolbar\ShellBrowser: (no name) - {B2847E28-5D7D-4DEB-8B67-05D28BCF79F5} - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O4 - HKLM..\Run: [avast5] C:\Program Files\Alwil Software\Avast5\AvastUI.exe (AVAST Software)
O4 - HKLM..\Run: [LogMeIn GUI] C:\Program Files\LogMeIn\x86\LogMeInSystray.exe (LogMeIn, Inc.)
O4 - HKCU..\Run: [Advanced SystemCare 4] C:\Program Files\IObit\Advanced SystemCare 4\ASCTray.exe (IObit)
O4 - HKCU..\Run: [CompanionLink] c:\program files\companionlink\companionlink.exe (CompanionLink Software, Inc.)
O4 - HKCU..\Run: [IDriveE Startup] C:\Program Files\IDrive\IDrvieEStartup.exe (Pro Softnet Corporation)
O4 - Startup: C:\Documents and Settings\freddy\Start Menu\Programs\Startup\IDrive Tray.lnk = C:\Program Files\IDrive\IDriveEReg2ini.exe (Pro Softnet Corp.)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoCDBurning = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O8 - Extra context menu item: Add to Google Photos Screensa&ver - C:\WINDOWS\System32\GPhotos.scr (Google Inc.)
O8 - Extra context menu item: Append Link Target to Existing PDF - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Append to Existing PDF - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Convert Link Target to Adobe PDF - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Convert to Adobe PDF - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O9 - Extra Button: ATI TV - {44226DFF-747E-4edc-B30C-78752E50CD0C} - C:\Program Files\ATI Multimedia\TV\EXPLBAR.DLL (ATI Technologies Inc.)
O9 - Extra Button: Skype Plug-In - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O9 - Extra 'Tools' menuitem : Skype Plug-In - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O15 - HKCU\..Trusted Domains: skyviewcafe.com ([www] http in Trusted sites)
O16 - DPF: {493ACF15-5CD9-4474-82A6-91670C3DD66E} http://www.linkedin....nderControl.cab (LinkedIn ContactFinderControl)
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} http://update.micros...b?1252903274312 (WUWebControl Class)
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} http://update.micros...b?1252989889015 (MUWebControl Class)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_26)
O16 - DPF: {8BE5651C-D60B-4B59-B5B2-F0EB93733D17} https://www36.verizo...l/VCAVMUtil.CAB (IOBIVMUtil.VMDecoder)
O16 - DPF: {CAFEEFAC-0016-0000-0019-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_19)
O16 - DPF: {CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_26)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_26)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload2.m...ash/swflash.cab (Shockwave Flash Object)
O16 - DPF: {DAF7E6E6-D53A-439A-B28D-12271406B8A9} http://mobileapps.bl...re/AxLoader.cab (RIM AxLoader)
O16 - DPF: {FD0B6769-6490-4A91-AA0A-B5AE0DC75AC9} https://secure.logme...trl.cab?lmi=100 (Performance Viewer Activex Control)
O16 - DPF: DirectAnimation Java Classes file://C:\WINDOWS\Java\classes\dajava.cab (Reg Error: Key error.)
O16 - DPF: Microsoft XML Parser for Java file://C:\WINDOWS\Java\classes\xmldso.cab (Reg Error: Key error.)
O16 - DPF: vzTCPConfig http://my.verizon.co...vzTCPConfig.CAB (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{1A98B31B-1E9E-4E5D-8B52-B7BDB7EF8D02}: DhcpNameServer = 192.168.1.1
O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O20 - HKLM Winlogon: Shell - (Explorer.exe) -C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\WINDOWS\system32\userinit.exe) -C:\WINDOWS\system32\userinit.exe (Microsoft Corporation)
O20 - Winlogon\Notify\AtiExtEvent: DllName - (Ati2evxx.dll) - C:\WINDOWS\System32\ati2evxx.dll (ATI Technologies Inc.)
O20 - Winlogon\Notify\igfxcui: DllName - (igfxsrvc.dll) - C:\WINDOWS\System32\igfxsrvc.dll (Intel Corporation)
O20 - Winlogon\Notify\LMIinit: DllName - (LMIinit.dll) - C:\WINDOWS\System32\LMIinit.dll (LogMeIn, Inc.)
O24 - Desktop WallPaper: C:\Documents and Settings\freddy\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O24 - Desktop BackupWallPaper: C:\Documents and Settings\freddy\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2003/04/24 02:01:37 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O33 - MountPoints2\{ff2f7e7c-e8d8-11e0-a4fa-000c6eaad8e0}\Shell - "" = AutoRun
O33 - MountPoints2\{ff2f7e7c-e8d8-11e0-a4fa-000c6eaad8e0}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{ff2f7e7c-e8d8-11e0-a4fa-000c6eaad8e0}\Shell\AutoRun\command - "" = G:\setup.exe -a
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

========== Files/Folders - Created Within 30 Days ==========

[2011/10/15 23:37:57 | 000,116,224 | ---- | C] (Xerox) -- C:\WINDOWS\System32\dllcache\xrxwiadr.dll
[2011/10/15 23:37:56 | 000,023,040 | ---- | C] (Xerox Corporation) -- C:\WINDOWS\System32\dllcache\xrxwbtmp.dll
[2011/10/15 23:37:37 | 000,099,865 | ---- | C] (Eicon Technology) -- C:\WINDOWS\System32\dllcache\xlog.exe
[2011/10/15 23:37:35 | 000,016,970 | ---- | C] (US Robotics MCD (Megahertz)) -- C:\WINDOWS\System32\dllcache\xem336n5.sys
[2011/10/15 23:37:01 | 000,154,624 | ---- | C] (Lucent Technologies) -- C:\WINDOWS\System32\dllcache\wlluc48.sys
[2011/10/15 23:37:00 | 000,034,890 | ---- | C] (Raytheon Corp.) -- C:\WINDOWS\System32\dllcache\wlandrv2.sys
[2011/10/15 23:36:52 | 000,771,581 | ---- | C] (Rockwell) -- C:\WINDOWS\System32\dllcache\winacisa.sys
[2011/10/15 23:36:40 | 000,035,871 | ---- | C] (Winbond Electronics Corp.) -- C:\WINDOWS\System32\dllcache\wbfirdma.sys
[2011/10/15 23:36:26 | 000,016,925 | ---- | C] (Winbond Electronics Corporation) -- C:\WINDOWS\System32\dllcache\w940nd.sys
[2011/10/15 23:36:25 | 000,019,016 | ---- | C] (Winbond Electronics Corporation) -- C:\WINDOWS\System32\dllcache\w926nd.sys
[2011/10/15 23:36:24 | 000,019,528 | ---- | C] (Winbond Electronics Corporation) -- C:\WINDOWS\System32\dllcache\w840nd.sys
[2011/10/15 23:36:22 | 000,064,605 | ---- | C] (PCtel, Inc.) -- C:\WINDOWS\System32\dllcache\vvoice.sys
[2011/10/15 23:36:20 | 000,397,502 | ---- | C] (PCtel, Inc.) -- C:\WINDOWS\System32\dllcache\vpctcom.sys
[2011/10/15 23:36:18 | 000,604,253 | ---- | C] (PCTEL, INC.) -- C:\WINDOWS\System32\dllcache\vmodem.sys
[2011/10/15 23:36:16 | 000,249,402 | ---- | C] (Xircom) -- C:\WINDOWS\System32\dllcache\vinwm.sys
[2011/10/15 23:36:11 | 000,765,884 | ---- | C] (U.S. Robotics, Inc.) -- C:\WINDOWS\System32\dllcache\usrti.sys
[2011/10/15 23:36:07 | 000,794,399 | ---- | C] (U.S. Robotics, Inc.) -- C:\WINDOWS\System32\dllcache\usr1806v.sys
[2011/10/15 23:36:06 | 000,793,598 | ---- | C] (U.S. Robotics, Inc.) -- C:\WINDOWS\System32\dllcache\usr1806.sys
[2011/10/15 23:36:05 | 000,794,654 | ---- | C] (U.S. Robotics, Inc.) -- C:\WINDOWS\System32\dllcache\usr1801.sys
[2011/10/15 23:35:58 | 000,032,384 | ---- | C] (KLSI USA, Inc.) -- C:\WINDOWS\System32\dllcache\usb101et.sys
[2011/10/15 23:35:51 | 000,050,688 | ---- | C] (UMAX DATA SYSTEMS INC.) -- C:\WINDOWS\System32\dllcache\umaxscan.dll
[2011/10/15 23:35:48 | 000,211,968 | ---- | C] (UMAX Data Systems Inc.) -- C:\WINDOWS\System32\dllcache\um54scan.dll
[2011/10/15 23:35:47 | 000,216,064 | ---- | C] (UMAX Data Systems Inc.) -- C:\WINDOWS\System32\dllcache\um34scan.dll
[2011/10/15 23:35:40 | 000,525,568 | ---- | C] (Trident Microsystems Inc.) -- C:\WINDOWS\System32\dllcache\tridxp.dll
[2011/10/15 23:35:40 | 000,166,784 | ---- | C] (Trident Microsystems Inc.) -- C:\WINDOWS\System32\dllcache\tridxpm.sys
[2011/10/15 23:35:39 | 000,159,232 | ---- | C] (Trident Microsystems Inc.) -- C:\WINDOWS\System32\dllcache\tridkbm.sys
[2011/10/15 23:35:38 | 000,440,576 | ---- | C] (Trident Microsystems Inc.) -- C:\WINDOWS\System32\dllcache\tridkb.dll
[2011/10/15 23:35:38 | 000,222,336 | ---- | C] (Trident Microsystems Inc.) -- C:\WINDOWS\System32\dllcache\trid3dm.sys
[2011/10/15 23:35:37 | 000,315,520 | ---- | C] (Trident Microsystems Inc.) -- C:\WINDOWS\System32\dllcache\trid3d.dll
[2011/10/15 23:35:26 | 000,123,995 | ---- | C] (Tiger Jet Network) -- C:\WINDOWS\System32\dllcache\tjisdn.sys
[2011/10/15 23:35:23 | 000,138,528 | ---- | C] (Trident Microsystems Inc.) -- C:\WINDOWS\System32\dllcache\tgiulnt5.sys
[2011/10/15 23:35:22 | 000,081,408 | ---- | C] (Trident Microsystems Inc.) -- C:\WINDOWS\System32\dllcache\tgiul50.dll
[2011/10/15 23:35:20 | 000,149,376 | ---- | C] (M-Systems) -- C:\WINDOWS\System32\dllcache\tffsport.sys
[2011/10/15 23:35:18 | 000,017,129 | ---- | C] (TDK Corporation) -- C:\WINDOWS\System32\dllcache\tdkcd31.sys
[2011/10/15 23:35:17 | 000,037,961 | ---- | C] (TDK Corporation) -- C:\WINDOWS\System32\dllcache\tdk100b.sys
[2011/10/15 23:35:10 | 000,172,768 | ---- | C] (Number Nine Visual Technology) -- C:\WINDOWS\System32\dllcache\t2r4disp.dll
[2011/10/15 23:35:10 | 000,036,640 | ---- | C] (Number Nine Visual Technology Corp.) -- C:\WINDOWS\System32\dllcache\t2r4mini.sys
[2011/10/15 23:34:57 | 000,155,648 | ---- | C] (Stallion Technologies) -- C:\WINDOWS\System32\dllcache\stlnprop.dll
[2011/10/15 23:34:56 | 000,285,760 | ---- | C] (Stallion Technologies) -- C:\WINDOWS\System32\dllcache\stlnata.sys
[2011/10/15 23:34:56 | 000,053,248 | ---- | C] (Stallion Technologies) -- C:\WINDOWS\System32\dllcache\stlncoin.dll
[2011/10/15 23:34:54 | 000,016,896 | ---- | C] (SCM Microsystems, Inc.) -- C:\WINDOWS\System32\dllcache\stcusb.sys
[2011/10/15 23:34:52 | 000,048,736 | ---- | C] (3Com) -- C:\WINDOWS\System32\dllcache\srwlnd5.sys
[2011/10/15 23:34:42 | 000,019,072 | ---- | C] (Adaptec, Inc.) -- C:\WINDOWS\System32\dllcache\sparrow.sys
[2011/10/15 23:34:28 | 000,058,368 | ---- | C] (Silicon Motion Inc.) -- C:\WINDOWS\System32\dllcache\smiminib.sys
[2011/10/15 23:34:25 | 000,147,200 | ---- | C] (Silicon Motion Inc.) -- C:\WINDOWS\System32\dllcache\smidispb.dll
[2011/10/15 23:34:24 | 000,025,034 | ---- | C] (SMC Networks, Inc.) -- C:\WINDOWS\System32\dllcache\smcpwr2n.sys
[2011/10/15 23:34:23 | 000,035,913 | ---- | C] (SMC) -- C:\WINDOWS\System32\dllcache\smcirda.sys
[2011/10/15 23:34:23 | 000,024,576 | ---- | C] (SMC Networks, Inc.) -- C:\WINDOWS\System32\dllcache\smc8000n.sys
[2011/10/15 23:34:06 | 000,091,294 | ---- | C] (SysKonnect, a business unit of Schneider & Koch & Co. Datensysteme GmbH.) -- C:\WINDOWS\System32\dllcache\skfpwin.sys
[2011/10/15 23:34:06 | 000,063,547 | ---- | C] (Symbol Technologies) -- C:\WINDOWS\System32\dllcache\sla30nd5.sys
[2011/10/15 23:34:05 | 000,094,698 | ---- | C] (SysKonnect GmbH.) -- C:\WINDOWS\System32\dllcache\sk98xwin.sys
[2011/10/15 23:34:02 | 000,032,768 | ---- | C] (SiS Corporation) -- C:\WINDOWS\System32\dllcache\sisnic.sys
[2011/10/15 23:33:50 | 000,161,568 | ---- | C] (Micro Systemation) -- C:\WINDOWS\System32\dllcache\sgsmusb.sys
[2011/10/15 23:33:49 | 000,018,400 | ---- | C] (Micro Systemation) -- C:\WINDOWS\System32\dllcache\sgsmld.sys
[2011/10/15 23:33:48 | 000,098,080 | ---- | C] (Trident Microsystems Inc.) -- C:\WINDOWS\System32\dllcache\sgiulnt5.sys
[2011/10/15 23:33:47 | 000,386,560 | ---- | C] (Trident Microsystems Inc.) -- C:\WINDOWS\System32\dllcache\sgiul50.dll
[2011/10/15 23:33:37 | 000,017,280 | ---- | C] (SCM Microsystems) -- C:\WINDOWS\System32\dllcache\scr111.sys
[2011/10/15 23:33:35 | 000,023,936 | ---- | C] (OMNIKEY AG) -- C:\WINDOWS\System32\dllcache\sccmusbm.sys
[2011/10/15 23:33:34 | 000,023,936 | ---- | C] (OMNIKEY AG) -- C:\WINDOWS\System32\dllcache\sccmn50m.sys
[2011/10/15 23:33:29 | 000,198,400 | ---- | C] (S3 Incorporated) -- C:\WINDOWS\System32\dllcache\s3sav4.dll
[2011/10/15 23:33:29 | 000,077,824 | ---- | C] (S3 Incorporated) -- C:\WINDOWS\System32\dllcache\s3sav4m.sys
[2011/10/15 23:33:28 | 000,061,504 | ---- | C] (S3 Incorporated) -- C:\WINDOWS\System32\dllcache\s3sav3dm.sys
[2011/10/15 23:33:27 | 000,179,264 | ---- | C] (S3 Incorporated) -- C:\WINDOWS\System32\dllcache\s3sav3d.dll
[2011/10/15 23:33:26 | 000,210,496 | ---- | C] (S3 Incorporated) -- C:\WINDOWS\System32\dllcache\s3mvirge.dll
[2011/10/15 23:33:26 | 000,062,496 | ---- | C] (S3 Incorporated) -- C:\WINDOWS\System32\dllcache\s3mtrio.dll
[2011/10/15 23:33:25 | 000,041,216 | ---- | C] (S3 Incorporated) -- C:\WINDOWS\System32\dllcache\s3mt3d.sys
[2011/10/15 23:33:24 | 000,182,272 | ---- | C] (S3 Incorporated) -- C:\WINDOWS\System32\dllcache\s3mt3d.dll
[2011/10/15 23:33:24 | 000,166,720 | ---- | C] (S3 Incorporated) -- C:\WINDOWS\System32\dllcache\s3m.sys
[2011/10/15 23:33:22 | 000,082,432 | ---- | C] (Ricoh Co., Ltd.) -- C:\WINDOWS\System32\dllcache\rwia450.dll
[2011/10/15 23:33:21 | 000,079,872 | ---- | C] (Ricoh Co., Ltd.) -- C:\WINDOWS\System32\dllcache\rwia430.dll
[2011/10/15 23:33:19 | 000,029,696 | ---- | C] (Ricoh Co., Ltd.) -- C:\WINDOWS\System32\dllcache\rw450ext.dll
[2011/10/15 23:33:17 | 000,027,648 | ---- | C] (Ricoh Co., Ltd.) -- C:\WINDOWS\System32\dllcache\rw430ext.dll
[2011/10/15 23:33:06 | 000,079,104 | ---- | C] (Comtrol Corporation) -- C:\WINDOWS\System32\dllcache\rocket.sys
[2011/10/15 23:33:05 | 000,037,563 | ---- | C] (RadioLAN) -- C:\WINDOWS\System32\dllcache\rlnet5.sys
[2011/10/15 23:33:03 | 000,086,097 | ---- | C] (Xircom) -- C:\WINDOWS\System32\dllcache\reslog32.dll
[2011/10/15 23:32:52 | 000,714,762 | ---- | C] (Xircom, Inc.) -- C:\WINDOWS\System32\dllcache\r2mdmkxx.sys
[2011/10/15 23:32:51 | 000,899,146 | ---- | C] (Xircom, Inc.) -- C:\WINDOWS\System32\dllcache\r2mdkxga.sys
[2011/10/15 23:32:39 | 000,130,942 | ---- | C] (PCTEL, INC.) -- C:\WINDOWS\System32\dllcache\ptserlv.sys
[2011/10/15 23:32:38 | 000,128,286 | ---- | C] (PCTEL, INC.) -- C:\WINDOWS\System32\dllcache\ptserli.sys
[2011/10/15 23:32:38 | 000,112,574 | ---- | C] (PCTEL, INC.) -- C:\WINDOWS\System32\dllcache\ptserlp.sys
[2011/10/15 23:32:33 | 000,016,128 | ---- | C] (SCM Microsystems, Inc.) -- C:\WINDOWS\System32\dllcache\pscr.sys
[2011/10/15 23:32:04 | 000,086,016 | ---- | C] (PCtel, Inc.) -- C:\WINDOWS\System32\dllcache\pctspk.exe
[2011/10/15 23:32:01 | 000,026,153 | ---- | C] (Linksys) -- C:\WINDOWS\System32\dllcache\pcmlm56.sys
[2011/10/15 23:31:59 | 000,029,502 | ---- | C] (Marconi Communications, Inc.) -- C:\WINDOWS\System32\dllcache\pca200e.sys
[2011/10/15 23:31:58 | 000,030,495 | ---- | C] (Linksys) -- C:\WINDOWS\System32\dllcache\pc100nds.sys
[2011/10/15 23:31:46 | 000,054,186 | ---- | C] (Ositech Communications, Inc.) -- C:\WINDOWS\System32\dllcache\otcsercb.sys
[2011/10/15 23:31:45 | 000,043,689 | ---- | C] (Ositech Communications, Inc.) -- C:\WINDOWS\System32\dllcache\otceth5.sys
[2011/10/15 23:31:45 | 000,027,209 | ---- | C] (Ositech Communications, Inc.) -- C:\WINDOWS\System32\dllcache\otc06x5.sys
[2011/10/15 23:31:44 | 000,054,528 | ---- | C] (Yamaha Corp.) -- C:\WINDOWS\System32\dllcache\opl3sax.sys
[2011/10/15 23:31:33 | 000,051,552 | ---- | C] (Kensington Technology Group) -- C:\WINDOWS\System32\dllcache\ntgrip.sys
[2011/10/15 23:31:29 | 000,087,040 | ---- | C] (NeoMagic Corporation) -- C:\WINDOWS\System32\dllcache\nm6wdm.sys
[2011/10/15 23:31:28 | 000,126,080 | ---- | C] (NeoMagic Corporation) -- C:\WINDOWS\System32\dllcache\nm5a2wdm.sys
[2011/10/15 23:31:26 | 000,132,695 | ---- | C] (802.11b) -- C:\WINDOWS\System32\dllcache\netwlan5.sys
[2011/10/15 23:31:22 | 000,060,480 | ---- | C] (NeoMagic Corporation) -- C:\WINDOWS\System32\dllcache\neo20xx.dll
[2011/10/15 23:31:22 | 000,039,264 | ---- | C] (NeoMagic Corporation) -- C:\WINDOWS\System32\dllcache\neo20xx.sys
[2011/10/15 23:31:19 | 000,091,488 | ---- | C] (Number Nine Visual Technology Corp.) -- C:\WINDOWS\System32\dllcache\n9i3disp.dll
[2011/10/15 23:31:18 | 000,033,088 | ---- | C] (Number Nine Visual Technology Corp.) -- C:\WINDOWS\System32\dllcache\n9i128v2.sys
[2011/10/15 23:31:18 | 000,027,936 | ---- | C] (Number Nine Visual Technology Corp.) -- C:\WINDOWS\System32\dllcache\n9i3d.sys
[2011/10/15 23:31:17 | 000,059,104 | ---- | C] (Number Nine Visual Technology Corp.) -- C:\WINDOWS\System32\dllcache\n9i128v2.dll
[2011/10/15 23:31:17 | 000,013,664 | ---- | C] (Number Nine Visual Technology Corp.) -- C:\WINDOWS\System32\dllcache\n9i128.sys
[2011/10/15 23:31:16 | 000,035,392 | ---- | C] (Number Nine Visual Technology Corp.) -- C:\WINDOWS\System32\dllcache\n9i128.dll
[2011/10/15 23:31:15 | 000,075,520 | ---- | C] (Moxa Technologies Co., Ltd.) -- C:\WINDOWS\System32\dllcache\mxport.sys
[2011/10/15 23:31:14 | 000,019,968 | ---- | C] (Macronix International Co., Ltd. ) -- C:\WINDOWS\System32\dllcache\mxnic.sys
[2011/10/15 23:31:14 | 000,007,168 | ---- | C] (Moxa Technologies Co., Ltd) -- C:\WINDOWS\System32\dllcache\mxport.dll
[2011/10/15 23:31:13 | 000,021,888 | ---- | C] (Moxa Technologies Co., Ltd.) -- C:\WINDOWS\System32\dllcache\mxcard.sys
[2011/10/15 23:31:13 | 000,019,968 | ---- | C] (Moxa Technologies Co., Ltd) -- C:\WINDOWS\System32\dllcache\mxicfg.dll
[2011/10/15 23:30:45 | 000,017,280 | ---- | C] (American Megatrends Inc.) -- C:\WINDOWS\System32\dllcache\mraid35x.sys
[2011/10/15 23:30:30 | 000,164,586 | ---- | C] (Madge Networks Ltd) -- C:\WINDOWS\System32\dllcache\mdgndis5.sys
[2011/10/15 23:30:24 | 000,802,683 | ---- | C] (Lucent Technologies) -- C:\WINDOWS\System32\dllcache\ltsm.sys
[2011/10/15 23:30:24 | 000,797,500 | ---- | C] (LT) -- C:\WINDOWS\System32\dllcache\ltsmt.sys
[2011/10/15 23:30:22 | 000,576,746 | ---- | C] (LT) -- C:\WINDOWS\System32\dllcache\ltmdmntl.sys
[2011/10/15 23:30:22 | 000,420,992 | ---- | C] (LT) -- C:\WINDOWS\System32\dllcache\ltmdmntt.sys
[2011/10/15 23:30:21 | 000,727,786 | ---- | C] (Xircom, Inc.) -- C:\WINDOWS\System32\dllcache\ltck000c.sys
[2011/10/15 23:30:17 | 000,070,730 | ---- | C] (Linksys Group, Inc.) -- C:\WINDOWS\System32\dllcache\lne100tx.sys
[2011/10/15 23:30:17 | 000,020,573 | ---- | C] (The Linksts Group ) -- C:\WINDOWS\System32\dllcache\lne100.sys
[2011/10/15 23:30:16 | 000,025,065 | ---- | C] (D-Link) -- C:\WINDOWS\System32\dllcache\lmndis3.sys
[2011/10/15 23:30:16 | 000,015,744 | ---- | C] (Litronic Industries) -- C:\WINDOWS\System32\dllcache\lit220p.sys
[2011/10/15 23:30:14 | 000,026,442 | ---- | C] (SMSC) -- C:\WINDOWS\System32\dllcache\lanepic5.sys
[2011/10/15 23:30:13 | 000,019,016 | ---- | C] (Kingston Technology Company ) -- C:\WINDOWS\System32\dllcache\ktc111.sys
[2011/10/15 23:29:41 | 000,023,552 | ---- | C] (MKNet Corporation) -- C:\WINDOWS\System32\dllcache\irmk7.sys
[2011/10/15 23:29:10 | 000,372,824 | ---- | C] (Xircom) -- C:\WINDOWS\System32\dllcache\iconf32.dll
[2011/10/15 23:28:44 | 000,068,608 | ---- | C] (Avisioin) -- C:\WINDOWS\System32\dllcache\hpgt53tk.dll
[2011/10/15 23:28:42 | 000,126,976 | ---- | C] (Hewlett Packard) -- C:\WINDOWS\System32\dllcache\hpgt34tk.dll
[2011/10/15 23:28:33 | 000,028,288 | ---- | C] (Gemplus) -- C:\WINDOWS\System32\dllcache\grserial.sys
[2011/10/15 23:28:32 | 000,082,304 | ---- | C] (Gemplus) -- C:\WINDOWS\System32\dllcache\grclass.sys
[2011/10/15 23:28:31 | 000,017,408 | ---- | C] (Gemplus) -- C:\WINDOWS\System32\dllcache\gpr400.sys
[2011/10/15 23:28:26 | 000,454,912 | ---- | C] (AVM GmbH) -- C:\WINDOWS\System32\dllcache\fxusbase.sys
[2011/10/15 23:28:23 | 000,455,680 | ---- | C] (AVM GmbH) -- C:\WINDOWS\System32\dllcache\fus2base.sys
[2011/10/15 23:28:23 | 000,455,296 | ---- | C] (AVM GmbH) -- C:\WINDOWS\System32\dllcache\fusbbase.sys
[2011/10/15 23:28:20 | 000,442,240 | ---- | C] (AVM GmbH) -- C:\WINDOWS\System32\dllcache\fpnpbase.sys
[2011/10/15 23:28:19 | 000,441,728 | ---- | C] (AVM GmbH) -- C:\WINDOWS\System32\dllcache\fpcmbase.sys
[2011/10/15 23:28:18 | 000,444,416 | ---- | C] (AVM GmbH) -- C:\WINDOWS\System32\dllcache\fpcibase.sys
[2011/10/15 23:28:17 | 000,034,173 | ---- | C] (Marconi Communications, Inc.) -- C:\WINDOWS\System32\dllcache\forehe.sys
[2011/10/15 23:28:12 | 000,024,618 | ---- | C] (NETGEAR) -- C:\WINDOWS\System32\dllcache\fa410nd5.sys
[2011/10/15 23:28:11 | 000,011,850 | ---- | C] (FUJITSU LIMITED) -- C:\WINDOWS\System32\dllcache\f3ab18xj.sys
[2011/10/15 23:28:10 | 000,012,362 | ---- | C] (FUJITSU LIMITED) -- C:\WINDOWS\System32\dllcache\f3ab18xi.sys
[2011/10/15 23:27:35 | 000,334,208 | ---- | C] (Yamaha Corp.) -- C:\WINDOWS\System32\dllcache\ds1wdm.sys
[2011/10/15 23:27:30 | 000,028,062 | ---- | C] (National Semiconductor Coproration) -- C:\WINDOWS\System32\dllcache\dp83820.sys
[2011/10/15 23:27:17 | 000,029,696 | ---- | C] (CNet Technology, Inc. ) -- C:\WINDOWS\System32\dllcache\dm9pci5.sys
[2011/10/15 23:27:16 | 000,026,698 | ---- | C] (D-Link Corporation) -- C:\WINDOWS\System32\dllcache\dlh5xnd5.sys
[2011/10/15 23:27:15 | 000,952,007 | ---- | C] (Eicon Technology) -- C:\WINDOWS\System32\dllcache\diwan.sys
[2011/10/15 23:27:13 | 000,236,060 | ---- | C] (Eicon Technology) -- C:\WINDOWS\System32\dllcache\ditrace.exe
[2011/10/15 23:27:12 | 000,038,985 | ---- | C] (Eicon Technology) -- C:\WINDOWS\System32\dllcache\disrvsu.dll
[2011/10/15 23:27:11 | 000,031,305 | ---- | C] (Eicon Technology) -- C:\WINDOWS\System32\dllcache\disrvpp.dll
[2011/10/15 23:27:11 | 000,006,729 | ---- | C] (Eicon Technology) -- C:\WINDOWS\System32\dllcache\disrvci.dll
[2011/10/15 23:27:09 | 000,091,305 | ---- | C] (Eicon Technology) -- C:\WINDOWS\System32\dllcache\dimaint.sys
[2011/10/15 23:26:56 | 000,024,649 | ---- | C] (D-Link) -- C:\WINDOWS\System32\dllcache\dfe650d.sys
[2011/10/15 23:26:55 | 000,024,648 | ---- | C] (D-Link) -- C:\WINDOWS\System32\dllcache\dfe650.sys
[2011/10/15 23:26:52 | 000,020,928 | ---- | C] (Digital Networks, LLC) -- C:\WINDOWS\System32\dllcache\defpa.sys
[2011/10/15 23:26:36 | 000,048,640 | ---- | C] (Crystal Semiconductor Corp.) -- C:\WINDOWS\System32\dllcache\cwrwdm.sys
[2011/10/15 23:26:35 | 000,093,952 | ---- | C] (Crystal Semiconductor Corp.) -- C:\WINDOWS\System32\dllcache\cwcwdm.sys
[2011/10/15 23:26:34 | 000,111,872 | ---- | C] (Crystal Semiconductor Corp.) -- C:\WINDOWS\System32\dllcache\cwcspud.sys
[2011/10/15 23:26:34 | 000,003,584 | ---- | C] (Crystal Semiconductor Corp.) -- C:\WINDOWS\System32\dllcache\cwcosnt5.sys
[2011/10/15 23:26:33 | 000,072,832 | ---- | C] (Crystal Semiconductor Corp.) -- C:\WINDOWS\System32\dllcache\cwbwdm.sys
[2011/10/15 23:26:32 | 000,003,072 | ---- | C] (Crystal Semiconductor Corp.) -- C:\WINDOWS\System32\dllcache\cwbmidi.sys
[2011/10/15 23:26:32 | 000,003,072 | ---- | C] (Crystal Semiconductor Corp.) -- C:\WINDOWS\System32\dllcache\cwbase.sys
[2011/10/15 23:26:30 | 000,249,856 | ---- | C] (Comtrol® Corporation) -- C:\WINDOWS\System32\dllcache\ctmasetp.dll
[2011/10/15 23:26:25 | 000,216,064 | ---- | C] (COMPAQ Inc.) -- C:\WINDOWS\System32\dllcache\cpscan.dll
[2011/10/15 23:26:07 | 000,020,736 | ---- | C] (OMNIKEY AG) -- C:\WINDOWS\System32\dllcache\cmbp0wdm.sys
[2011/10/15 23:25:46 | 000,980,034 | ---- | C] (Xircom) -- C:\WINDOWS\System32\dllcache\cicap.sys
[2011/10/15 23:25:32 | 000,049,182 | ---- | C] (Xircom, Inc.) -- C:\WINDOWS\System32\dllcache\cem56n5.sys
[2011/10/15 23:25:31 | 000,022,044 | ---- | C] (Xircom, Inc.) -- C:\WINDOWS\System32\dllcache\cem33n5.sys
[2011/10/15 23:25:30 | 000,027,164 | ---- | C] (Xircom, Inc.) -- C:\WINDOWS\System32\dllcache\ce3n5.sys
[2011/10/15 23:25:30 | 000,022,044 | ---- | C] (Xircom, Inc.) -- C:\WINDOWS\System32\dllcache\cem28n5.sys
[2011/10/15 23:25:29 | 000,021,530 | ---- | C] (Xircom, Inc.) -- C:\WINDOWS\System32\dllcache\ce2n5.sys
[2011/10/15 23:25:25 | 000,714,698 | ---- | C] (Xircom, Inc.) -- C:\WINDOWS\System32\dllcache\cbmdmkxx.sys
[2011/10/15 23:25:24 | 000,046,108 | ---- | C] (Xircom, Inc.) -- C:\WINDOWS\System32\dllcache\cben5.sys
[2011/10/15 23:25:23 | 000,039,680 | ---- | C] (Silicom Ltd.) -- C:\WINDOWS\System32\dllcache\cb325.sys
[2011/10/15 23:25:22 | 000,037,916 | ---- | C] (Fast Ethernet Controller Provider) -- C:\WINDOWS\System32\dllcache\cb102.sys
[2011/10/15 23:25:19 | 000,032,256 | ---- | C] (Eicon Technology Corporation) -- C:\WINDOWS\System32\dllcache\diapi2NT.dll
[2011/10/15 23:25:18 | 000,164,923 | ---- | C] (Eicon Technology) -- C:\WINDOWS\System32\dllcache\diapi2.sys
[2011/10/15 23:24:28 | 000,031,529 | ---- | C] (BreezeCOM) -- C:\WINDOWS\System32\dllcache\brzwlan.sys
[2011/10/15 23:24:26 | 000,039,552 | ---- | C] (Brother Industries Ltd.) -- C:\WINDOWS\System32\dllcache\brparwdm.sys
[2011/10/15 23:24:25 | 000,003,168 | ---- | C] (Brother Industries Ltd.) -- C:\WINDOWS\System32\dllcache\brparimg.sys
[2011/10/15 23:24:22 | 000,003,968 | ---- | C] (Brother Industries, Ltd.) -- C:\WINDOWS\System32\dllcache\brfiltup.sys
[2011/10/15 23:24:21 | 000,012,160 | ---- | C] (Brother Industries, Ltd.) -- C:\WINDOWS\System32\dllcache\brfiltlo.sys
[2011/10/15 23:24:11 | 000,871,388 | ---- | C] (BCM) -- C:\WINDOWS\System32\dllcache\bcmdm.sys
[2011/10/15 23:24:04 | 000,342,336 | ---- | C] (3Dfx Interactive, Inc.) -- C:\WINDOWS\System32\dllcache\banshee.dll
[2011/10/15 23:24:04 | 000,036,128 | ---- | C] (3Dfx Interactive, Inc.) -- C:\WINDOWS\System32\dllcache\banshee.sys
[2011/10/15 23:24:02 | 000,089,952 | ---- | C] (AVM GmbH) -- C:\WINDOWS\System32\dllcache\b1cbase.sys
[2011/10/15 23:24:01 | 000,036,992 | ---- | C] (Aztech Systems Ltd) -- C:\WINDOWS\System32\dllcache\aztw2320.sys
[2011/10/15 23:24:00 | 000,037,568 | ---- | C] (AVM GmbH) -- C:\WINDOWS\System32\dllcache\avmwan.sys
[2011/10/15 23:23:59 | 000,144,384 | ---- | C] (AVM GmbH) -- C:\WINDOWS\System32\dllcache\avmenum.dll
[2011/10/15 23:23:59 | 000,087,552 | ---- | C] (AVM GmbH) -- C:\WINDOWS\System32\dllcache\avmcoxp.dll
[2011/10/15 23:23:29 | 000,097,354 | ---- | C] (Bay Networks, Inc.) -- C:\WINDOWS\System32\dllcache\aspndis3.sys
[2011/10/15 23:23:20 | 000,016,969 | ---- | C] (AmbiCom, Inc.) -- C:\WINDOWS\System32\dllcache\amb8002.sys
[2011/10/15 23:23:02 | 000,046,112 | ---- | C] (Adaptec, Inc ) -- C:\WINDOWS\System32\dllcache\adptsf50.sys
[2011/10/15 23:23:00 | 000,010,880 | ---- | C] (Aureal, Inc.) -- C:\WINDOWS\System32\dllcache\admjoy.sys
[2011/10/15 23:22:59 | 000,747,392 | ---- | C] (Aureal, Inc.) -- C:\WINDOWS\System32\dllcache\adm8830.sys
[2011/10/15 23:22:58 | 000,553,984 | ---- | C] (Aureal, Inc.) -- C:\WINDOWS\System32\dllcache\adm8820.sys
[2011/10/15 23:22:57 | 000,584,448 | ---- | C] (Aureal, Inc.) -- C:\WINDOWS\System32\dllcache\adm8810.sys
[2011/10/15 23:22:54 | 000,061,440 | ---- | C] (Color Flatbed Scanner) -- C:\WINDOWS\System32\dllcache\acerscad.dll
[2011/10/15 23:22:49 | 000,462,848 | ---- | C] (Aureal Inc.) -- C:\WINDOWS\System32\dllcache\a3dapi.dll
[2011/10/15 23:22:46 | 000,148,352 | ---- | C] (3dfx Interactive, Inc.) -- C:\WINDOWS\System32\dllcache\3dfxvsm.sys
[2011/10/15 23:22:45 | 000,689,216 | ---- | C] (3dfx Interactive, Inc.) -- C:\WINDOWS\System32\dllcache\3dfxvs.dll
[2011/10/15 23:22:44 | 000,762,780 | ---- | C] (3Com, Inc.) -- C:\WINDOWS\System32\dllcache\3cwmcru.sys
[2011/10/05 22:53:41 | 000,000,000 | ---D | C] -- C:\Documents and Settings\freddy\Application Data\CompanionLink
[2011/10/05 22:53:36 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\CompanionLink Software, Inc
[2011/10/05 22:53:26 | 000,000,000 | ---D | C] -- C:\Program Files\CompanionLink
[2011/10/05 20:48:03 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Google Apps Migration
[2011/10/05 20:46:30 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Google Apps Sync 2.0
[2011/10/05 20:25:45 | 000,000,000 | ---D | C] -- C:\Documents and Settings\freddy\My Documents\Deidre Buck
[2004/04/05 08:44:22 | 000,053,248 | ---- | C] ( ) -- C:\WINDOWS\System32\RCCOLLAB.DLL

========== Files - Modified Within 30 Days ==========

[2011/10/27 22:58:00 | 000,000,978 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-4113586923-2583412229-520591771-1007UA.job
[2011/10/27 22:54:01 | 000,000,884 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job
[2011/10/27 22:32:26 | 000,002,491 | ---- | M] () -- C:\Documents and Settings\freddy\Application Data\Microsoft\Internet Explorer\Quick Launch\Word.lnk
[2011/10/27 22:27:03 | 000,000,422 | -H-- | M] () -- C:\WINDOWS\tasks\User_Feed_Synchronization-{00299ACB-10BC-49D6-88A3-64F230036414}.job
[2011/10/27 18:54:00 | 000,000,880 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job
[2011/10/27 10:58:02 | 000,000,926 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-4113586923-2583412229-520591771-1007Core.job
[2011/10/27 10:01:46 | 000,000,270 | ---- | M] () -- C:\WINDOWS\tasks\ASC4_PerformanceMonitor.job
[2011/10/27 10:00:16 | 000,001,158 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2011/10/27 09:58:48 | 000,002,160 | ---- | M] () -- C:\WINDOWS\BrmfBidi.ini
[2011/10/27 09:57:27 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2011/10/27 09:57:23 | 1073,074,176 | -HS- | M] () -- C:\hiberfil.sys
[2011/10/27 01:59:08 | 000,000,240 | ---- | M] () -- C:\WINDOWS\ActiveAct.INI
[2011/10/26 14:19:08 | 000,005,909 | ---- | M] () -- C:\Documents and Settings\freddy\My Documents\phone.fmt
[2011/10/16 08:33:34 | 000,000,796 | ---- | M] () -- C:\Documents and Settings\freddy\Application Data\Microsoft\Internet Explorer\Quick Launch\Launch Microsoft Office Outlook.lnk
[2011/10/15 23:18:40 | 000,355,360 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2011/10/15 23:11:23 | 000,501,654 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2011/10/15 23:11:23 | 000,092,634 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2011/10/15 23:07:51 | 000,001,393 | ---- | M] () -- C:\WINDOWS\imsins.BAK
[2011/10/12 14:24:32 | 000,000,015 | ---- | M] () -- C:\WINDOWS\DatabaseID
[2011/10/09 01:12:42 | 000,000,031 | ---- | M] () -- C:\WINDOWS\ Connection to the server failed.IDriveE.ini
[2011/10/05 22:53:37 | 000,001,786 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\CompanionLink Synchronize.lnk
[2011/10/05 22:53:37 | 000,001,768 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\CompanionLink Setup.lnk
[2011/10/05 19:17:51 | 1700,733,173 | ---- | M] () -- C:\Documents and Settings\freddy\My Documents\Deidre Buck.zip
[2011/10/04 11:22:56 | 000,004,975 | ---- | M] () -- C:\Documents and Settings\freddy\My Documents\course (1).jnlp
[2011/10/03 11:04:21 | 000,004,975 | ---- | M] () -- C:\Documents and Settings\freddy\My Documents\course.jnlp

========== Files Created - No Company Name ==========

[2011/10/15 23:37:55 | 000,018,944 | ---- | C] () -- C:\WINDOWS\System32\dllcache\xrxscnui.dll
[2011/10/15 23:37:54 | 000,027,648 | ---- | C] () -- C:\WINDOWS\System32\dllcache\xrxftplt.exe
[2011/10/15 23:30:11 | 001,158,818 | ---- | C] () -- C:\WINDOWS\System32\dllcache\korwbrkr.lex
[2011/10/15 23:29:24 | 000,134,339 | ---- | C] () -- C:\WINDOWS\System32\dllcache\imekr.lex
[2011/10/15 23:28:43 | 000,165,888 | ---- | C] () -- C:\WINDOWS\System32\dllcache\hpgt53.dll
[2011/10/15 23:28:42 | 000,101,376 | ---- | C] () -- C:\WINDOWS\System32\dllcache\hpgt34.dll
[2011/10/15 23:28:42 | 000,093,696 | ---- | C] () -- C:\WINDOWS\System32\dllcache\hpgt42.dll
[2011/10/15 23:28:41 | 000,089,088 | ---- | C] () -- C:\WINDOWS\System32\dllcache\hpgt33.dll
[2011/10/15 23:28:40 | 000,083,968 | ---- | C] () -- C:\WINDOWS\System32\dllcache\hpgt21.dll
[2011/10/15 23:28:34 | 000,108,827 | ---- | C] () -- C:\WINDOWS\System32\dllcache\hanja.lex
[2011/10/15 23:27:14 | 000,037,962 | ---- | C] () -- C:\WINDOWS\System32\dllcache\divaprop.dll
[2011/10/15 23:27:14 | 000,029,768 | ---- | C] () -- C:\WINDOWS\System32\dllcache\divasu.dll
[2011/10/15 23:27:13 | 000,006,216 | ---- | C] () -- C:\WINDOWS\System32\dllcache\divaci.dll
[2011/10/15 23:23:51 | 000,026,624 | ---- | C] () -- C:\WINDOWS\System32\dllcache\ativxbar.sys
[2011/10/15 23:23:51 | 000,023,552 | ---- | C] () -- C:\WINDOWS\System32\dllcache\atixbar.sys
[2011/10/15 23:23:49 | 000,019,456 | ---- | C] () -- C:\WINDOWS\System32\dllcache\ativttxx.sys
[2011/10/15 23:23:49 | 000,009,472 | ---- | C] () -- C:\WINDOWS\System32\dllcache\ativmdcd.sys
[2011/10/15 23:23:48 | 000,017,152 | ---- | C] () -- C:\WINDOWS\System32\dllcache\atitvsnd.sys
[2011/10/15 23:23:47 | 000,017,152 | ---- | C] () -- C:\WINDOWS\System32\dllcache\atitunep.sys
[2011/10/15 23:23:46 | 000,026,880 | ---- | C] () -- C:\WINDOWS\System32\dllcache\atirtsnd.sys
[2011/10/15 23:23:45 | 000,049,920 | ---- | C] () -- C:\WINDOWS\System32\dllcache\atirtcap.sys
[2011/10/15 23:23:43 | 000,010,240 | ---- | C] () -- C:\WINDOWS\System32\dllcache\atipcxxx.sys
[2011/10/15 23:23:36 | 000,046,464 | ---- | C] () -- C:\WINDOWS\System32\dllcache\atibt829.sys
[2011/10/15 23:03:42 | 000,001,393 | ---- | C] () -- C:\WINDOWS\imsins.BAK
[2011/10/09 01:12:42 | 000,000,031 | ---- | C] () -- C:\WINDOWS\ Connection to the server failed.IDriveE.ini
[2011/10/05 22:53:37 | 000,001,786 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\CompanionLink Synchronize.lnk
[2011/10/05 22:53:37 | 000,001,768 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\CompanionLink Setup.lnk
[2011/10/05 22:25:18 | 000,049,744 | ---- | C] () -- C:\Documents and Settings\LocalService\Local Settings\Application Data\FontCache3.0.0.0.dat
[2011/10/05 18:28:59 | 1700,733,173 | ---- | C] () -- C:\Documents and Settings\freddy\My Documents\Deidre Buck.zip
[2011/10/04 11:22:59 | 000,004,975 | ---- | C] () -- C:\Documents and Settings\freddy\My Documents\course (1).jnlp
[2011/09/27 12:23:00 | 000,057,344 | ---- | C] () -- C:\WINDOWS\System32\ff_vfw.dll
[2011/07/11 23:29:41 | 000,026,032 | ---- | C] () -- C:\WINDOWS\System32\IDriveEXceedCryReg.exe
[2011/01/20 16:49:49 | 000,000,120 | ---- | C] () -- C:\WINDOWS\Mbere.dat
[2011/01/20 16:49:49 | 000,000,000 | ---- | C] () -- C:\WINDOWS\Kxoqoxosokarade.bin
[2010/10/26 15:46:35 | 023,330,364 | ---- | C] () -- C:\Program Files\Mendeley-Desktop-0.9.8.1-win32.exe
[2010/06/04 11:28:21 | 000,256,512 | ---- | C] () -- C:\WINDOWS\PEV.exe
[2010/06/04 11:28:21 | 000,098,816 | ---- | C] () -- C:\WINDOWS\sed.exe
[2010/06/04 11:28:21 | 000,080,412 | ---- | C] () -- C:\WINDOWS\grep.exe
[2010/06/04 11:28:21 | 000,077,312 | ---- | C] () -- C:\WINDOWS\MBR.exe
[2010/06/04 11:28:21 | 000,068,096 | ---- | C] () -- C:\WINDOWS\zip.exe
[2010/04/30 13:45:18 | 000,000,133 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\Microsoft.SqlServer.Compact.351.32.bc
[2010/04/29 11:35:51 | 000,000,943 | ---- | C] () -- C:\WINDOWS\TATCALL.INI
[2010/04/29 11:35:51 | 000,000,260 | ---- | C] () -- C:\WINDOWS\TATUNINS.INI
[2010/04/29 11:35:51 | 000,000,020 | ---- | C] () -- C:\WINDOWS\TATVER.INI
[2010/03/03 20:41:02 | 000,225,456 | ---- | C] () -- C:\Documents and Settings\freddy\Local Settings\Application Data\rx_image.Cache
[2010/03/03 20:41:02 | 000,002,108 | ---- | C] () -- C:\Documents and Settings\freddy\Local Settings\Application Data\rx_audio.Cache
[2010/02/25 10:14:09 | 000,000,240 | ---- | C] () -- C:\WINDOWS\ActiveAct.INI
[2010/02/24 14:02:44 | 000,000,023 | -H-- | C] () -- C:\Documents and Settings\All Users\Application Data\.119889580931711767808769176
[2010/02/24 14:00:31 | 000,000,021 | -H-- | C] () -- C:\Documents and Settings\All Users\Application Data\.24554863501262644635642126105
[2010/02/16 21:03:16 | 000,000,081 | ---- | C] () -- C:\WINDOWS\PARSONS.INI
[2010/01/25 11:58:06 | 000,462,848 | ---- | C] () -- C:\WINDOWS\System32\ractrlkeyhook.dll
[2010/01/18 18:33:52 | 000,007,680 | ---- | C] () -- C:\Documents and Settings\freddy\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2009/11/06 11:54:47 | 000,073,908 | -H-- | C] () -- C:\WINDOWS\System32\mlfcache.dat
[2009/10/27 10:14:47 | 000,000,664 | ---- | C] () -- C:\WINDOWS\System32\d3d9caps.dat
[2009/10/04 07:38:37 | 000,000,081 | ---- | C] () -- C:\WINDOWS\ImportClient.INI
[2009/10/04 07:35:49 | 000,000,040 | ---- | C] () -- C:\WINDOWS\opt_2460.ini
[2009/10/04 07:35:46 | 000,000,050 | ---- | C] () -- C:\WINDOWS\brmx2001.ini
[2009/09/27 09:38:33 | 000,055,808 | ---- | C] () -- C:\WINDOWS\System32\zlib1.dll
[2009/09/23 01:10:48 | 000,002,160 | ---- | C] () -- C:\WINDOWS\BrmfBidi.ini
[2009/09/23 01:10:32 | 000,000,236 | ---- | C] () -- C:\WINDOWS\Brpfx04a.ini
[2009/09/23 01:10:32 | 000,000,092 | ---- | C] () -- C:\WINDOWS\brpcfx.ini
[2009/09/23 01:10:32 | 000,000,050 | ---- | C] () -- C:\WINDOWS\System32\m8840def.dat
[2009/09/23 01:10:03 | 000,000,052 | ---- | C] () -- C:\WINDOWS\BRPP2KA.INI
[2009/09/23 01:10:03 | 000,000,000 | ---- | C] () -- C:\WINDOWS\brwmark.ini
[2009/09/23 01:09:50 | 000,000,256 | ---- | C] () -- C:\WINDOWS\System32\BRMSL07F.BIN
[2009/09/23 01:09:42 | 000,000,000 | ---- | C] () -- C:\WINDOWS\brdfxspd.dat
[2009/09/17 21:27:56 | 000,000,074 | ---- | C] () -- C:\WINDOWS\MPLAYER.INI
[2009/09/17 21:27:30 | 000,338,944 | ---- | C] () -- C:\WINDOWS\System32\lffpx7.dll
[2009/09/17 21:27:30 | 000,122,880 | ---- | C] () -- C:\WINDOWS\System32\LFKODAK.DLL
[2009/09/17 21:20:11 | 000,000,256 | ---- | C] () -- C:\WINDOWS\System32\pool.bin
[2009/09/17 21:01:00 | 000,116,640 | ---- | C] () -- C:\WINDOWS\System32\Ptsaci40.dll
[2009/09/17 21:00:59 | 000,030,080 | ---- | C] () -- C:\WINDOWS\System32\Ptabimp3.exe
[2009/09/15 23:23:02 | 000,000,000 | ---- | C] () -- C:\WINDOWS\nsreg.dat
[2009/09/15 22:17:12 | 000,192,590 | ---- | C] () -- C:\WINDOWS\System32\ActExt.dll
[2009/09/15 22:17:12 | 000,159,744 | ---- | C] () -- C:\WINDOWS\System32\ActAB32.dll
[2009/09/15 22:17:07 | 000,192,512 | ---- | C] () -- C:\WINDOWS\System32\EmailShared.dll
[2009/09/15 21:38:43 | 000,010,628 | R--- | C] () -- C:\WINDOWS\System32\lvcoinst.ini
[2009/09/15 21:32:45 | 000,000,000 | ---- | C] () -- C:\WINDOWS\OpPrintServer.INI
[2009/09/15 18:40:53 | 000,006,656 | ---- | C] () -- C:\WINDOWS\System32\CNMVS56.DLL
[2009/09/14 21:22:15 | 000,000,376 | ---- | C] () -- C:\WINDOWS\ODBC.INI
[2009/09/13 23:11:10 | 000,000,000 | ---- | C] () -- C:\WINDOWS\ATIMMC.INI
[2009/09/13 21:55:41 | 000,004,569 | ---- | C] () -- C:\WINDOWS\System32\secupd.dat
[2009/09/13 20:13:28 | 000,021,791 | ---- | C] () -- C:\WINDOWS\System32\smtpctrs.ini
[2009/09/13 20:13:28 | 000,001,037 | ---- | C] () -- C:\WINDOWS\System32\ntfsdrct.ini
[2009/09/13 20:13:16 | 000,038,576 | ---- | C] () -- C:\WINDOWS\System32\w3ctrs.ini
[2009/09/13 20:13:16 | 000,011,435 | ---- | C] () -- C:\WINDOWS\System32\infoctrs.ini
[2009/09/13 20:13:16 | 000,010,225 | ---- | C] () -- C:\WINDOWS\System32\axperf.ini
[2009/09/13 19:49:41 | 000,019,968 | ---- | C] () -- C:\WINDOWS\System32\cpuinf32.dll
[2009/09/13 19:39:07 | 000,272,128 | ---- | C] () -- C:\WINDOWS\System32\perfi009.dat
[2009/09/13 19:39:07 | 000,028,626 | ---- | C] () -- C:\WINDOWS\System32\perfd009.dat
[2009/09/13 19:39:04 | 000,004,490 | ---- | C] () -- C:\WINDOWS\System32\oembios.dat
[2009/09/13 19:39:00 | 013,107,200 | ---- | C] () -- C:\WINDOWS\System32\oembios.bin
[2009/09/13 19:38:54 | 000,000,741 | ---- | C] () -- C:\WINDOWS\System32\noise.dat
[2009/09/13 19:38:35 | 000,673,088 | ---- | C] () -- C:\WINDOWS\System32\mlang.dat
[2009/09/13 19:38:34 | 000,046,258 | ---- | C] () -- C:\WINDOWS\System32\mib.bin
[2009/09/13 19:37:34 | 000,218,003 | ---- | C] () -- C:\WINDOWS\System32\dssec.dat
[2009/09/13 19:37:07 | 000,001,804 | ---- | C] () -- C:\WINDOWS\System32\dcache.bin
[2009/03/03 12:18:04 | 000,073,728 | ---- | C] () -- C:\WINDOWS\System32\RtNicProp32.dll
[2005/01/18 15:05:36 | 000,121,995 | ---- | C] () -- C:\WINDOWS\System32\atiicdxx.dat
[2003/09/24 02:40:16 | 000,066,560 | ---- | C] () -- C:\WINDOWS\System32\atiyuv12.dll
[2003/09/24 02:40:16 | 000,056,832 | ---- | C] () -- C:\WINDOWS\System32\Iyvu9_32.dll
[2003/09/24 02:40:15 | 000,013,373 | ---- | C] () -- C:\WINDOWS\System32\vctest.ini
[2003/09/24 02:40:14 | 000,009,136 | ---- | C] () -- C:\WINDOWS\System32\INETWH16.DLL
[2003/04/24 12:50:58 | 000,000,061 | ---- | C] () -- C:\WINDOWS\smscfg.ini
[2003/04/24 12:49:57 | 000,000,000 | ---- | C] () -- C:\WINDOWS\System32\iAlmcoin.dll
[2003/04/24 12:29:26 | 000,000,051 | ---- | C] () -- C:\WINDOWS\System32\mshrml.ini
[2003/04/24 10:45:10 | 000,000,000 | ---- | C] () -- C:\WINDOWS\System32\sunistlog.ini
[2003/04/24 10:45:09 | 000,000,438 | ---- | C] () -- C:\WINDOWS\System32\1_ssetup.ini
[2003/04/24 04:57:03 | 000,167,936 | ---- | C] () -- C:\WINDOWS\System32\PCDrJNI_1_1.dll
[2003/04/24 04:52:56 | 000,024,576 | ---- | C] () -- C:\WINDOWS\System32\syscontr.dll
[2003/04/24 04:52:55 | 000,045,056 | ---- | C] () -- C:\WINDOWS\System32\hpreg.dll
[2003/04/24 04:37:50 | 000,000,165 | ---- | C] () -- C:\WINDOWS\QUICKEN.INI
[2003/04/24 03:42:31 | 000,001,793 | ---- | C] () -- C:\WINDOWS\System32\fxsperf.ini
[2003/04/24 03:31:13 | 000,049,152 | ---- | C] () -- C:\WINDOWS\System32\sis740.bin
[2003/04/24 03:31:13 | 000,049,152 | ---- | C] () -- C:\WINDOWS\System32\sis650.bin
[2003/04/24 03:24:24 | 000,001,024 | ---- | C] () -- C:\WINDOWS\System32\drivers\jedih2rx.bin
[2003/04/24 03:24:24 | 000,000,122 | ---- | C] () -- C:\WINDOWS\System32\drivers\ramsed.bin
[2003/04/24 03:18:48 | 000,363,520 | ---- | C] () -- C:\WINDOWS\System32\psisdecd.dll
[2003/04/24 03:08:08 | 000,299,073 | ---- | C] () -- C:\WINDOWS\System32\PythonCOM22.dll
[2003/04/24 03:08:08 | 000,065,536 | ---- | C] () -- C:\WINDOWS\System32\PyWinTypes22.dll
[2003/04/24 03:07:39 | 000,016,896 | ---- | C] () -- C:\WINDOWS\System32\bcbmm.dll
[2003/04/24 02:07:22 | 000,000,813 | ---- | C] () -- C:\WINDOWS\orun32.ini
[2003/04/24 02:05:13 | 000,002,048 | --S- | C] () -- C:\WINDOWS\bootstat.dat
[2003/04/24 01:57:55 | 000,021,640 | ---- | C] () -- C:\WINDOWS\System32\emptyregdb.dat
[2003/04/24 01:46:00 | 000,000,659 | ---- | C] () -- C:\WINDOWS\System32\oeminfo.ini
[2003/04/24 01:44:49 | 000,501,654 | ---- | C] () -- C:\WINDOWS\System32\perfh009.dat
[2003/04/24 01:44:49 | 000,092,634 | ---- | C] () -- C:\WINDOWS\System32\perfc009.dat
[2003/04/23 18:52:07 | 000,004,161 | ---- | C] () -- C:\WINDOWS\ODBCINST.INI
[2003/04/23 18:50:58 | 000,355,360 | ---- | C] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2003/03/19 23:50:18 | 000,000,000 | ---- | C] () -- C:\WINDOWS\System32\px.ini
[2003/01/07 15:05:08 | 000,002,695 | ---- | C] () -- C:\WINDOWS\System32\OUTLPERF.INI
[2002/11/14 15:09:12 | 000,036,864 | ---- | C] () -- C:\WINDOWS\hpfsched.exe
[2002/11/14 15:08:26 | 000,004,760 | ---- | C] () -- C:\WINDOWS\hphmdl11.dat
[2002/05/24 15:00:00 | 000,208,896 | ---- | C] () -- C:\WINDOWS\System32\lockout.dll
[2002/05/24 15:00:00 | 000,045,056 | ---- | C] () -- C:\WINDOWS\System32\lockres.dll
[1999/01/22 11:46:56 | 000,065,536 | ---- | C] () -- C:\WINDOWS\System32\MSRTEDIT.DLL

========== LOP Check ==========

[2010/07/14 12:53:27 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Alwil Software
[2009/12/05 14:04:45 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\All Users\Application Data\CanonBJ
[2010/10/07 20:55:15 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Cisco Systems
[2010/02/24 14:02:27 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Final Draft
[2010/01/21 12:46:46 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\HotSync
[2009/10/12 09:56:24 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Juniper Networks
[2010/10/13 20:33:02 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Locktime
[2009/09/15 23:07:05 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\LogMeIn
[2010/01/12 20:01:40 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\PACE Anti-Piracy
[2010/03/03 18:39:22 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Research In Motion
[2011/07/12 00:34:00 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\ScanSoft
[2009/09/17 23:26:45 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\{755AC846-7372-4AC8-8550-C52491DAA8BD}
[2010/08/09 13:06:22 | 000,000,000 | ---D | M] -- C:\Documents and Settings\freddy\Application Data\Auslogics
[2010/05/24 13:48:00 | 000,000,000 | ---D | M] -- C:\Documents and Settings\freddy\Application Data\BitComet
[2010/01/06 12:21:43 | 000,000,000 | ---D | M] -- C:\Documents and Settings\freddy\Application Data\CD-LabelPrint
[2011/10/05 22:53:41 | 000,000,000 | ---D | M] -- C:\Documents and Settings\freddy\Application Data\CompanionLink
[2011/08/24 00:31:58 | 000,000,000 | ---D | M] -- C:\Documents and Settings\freddy\Application Data\CoreFTP
[2010/02/05 00:24:27 | 000,000,000 | ---D | M] -- C:\Documents and Settings\freddy\Application Data\DigiDelivery
[2011/03/03 18:06:31 | 000,000,000 | ---D | M] -- C:\Documents and Settings\freddy\Application Data\Elluminate
[2010/01/27 17:58:31 | 000,000,000 | ---D | M] -- C:\Documents and Settings\freddy\Application Data\EndNote
[2010/02/24 14:02:51 | 000,000,000 | ---D | M] -- C:\Documents and Settings\freddy\Application Data\Final Draft
[2010/04/09 15:51:21 | 000,000,000 | ---D | M] -- C:\Documents and Settings\freddy\Application Data\FrostWire
[2010/01/21 12:46:46 | 000,000,000 | ---D | M] -- C:\Documents and Settings\freddy\Application Data\HotSync
[2009/09/15 22:24:51 | 000,000,000 | ---D | M] -- C:\Documents and Settings\freddy\Application Data\Interact Commerce
[2003/04/24 12:29:26 | 000,000,000 | ---D | M] -- C:\Documents and Settings\freddy\Application Data\interMute
[2003/04/24 04:30:35 | 000,000,000 | ---D | M] -- C:\Documents and Settings\freddy\Application Data\InterTrust
[2009/10/30 15:34:19 | 000,000,000 | ---D | M] -- C:\Documents and Settings\freddy\Application Data\InterVideo
[2011/08/23 23:59:22 | 000,000,000 | ---D | M] -- C:\Documents and Settings\freddy\Application Data\IObit
[2011/05/12 21:11:10 | 000,000,000 | ---D | M] -- C:\Documents and Settings\freddy\Application Data\Juniper Networks
[2011/05/12 21:10:42 | 000,000,000 | ---D | M] -- C:\Documents and Settings\freddy\Application Data\Lala Music Mover
[2010/10/13 20:33:35 | 000,000,000 | ---D | M] -- C:\Documents and Settings\freddy\Application Data\Locktime
[2011/07/18 15:23:36 | 000,000,000 | ---D | M] -- C:\Documents and Settings\freddy\Application Data\M8 Software
[2010/04/13 22:36:42 | 000,000,000 | ---D | M] -- C:\Documents and Settings\freddy\Application Data\ManyCam
[2010/01/12 20:01:40 | 000,000,000 | ---D | M] -- C:\Documents and Settings\freddy\Application Data\PACE Anti-Piracy
[2009/09/17 21:24:17 | 000,000,000 | ---D | M] -- C:\Documents and Settings\freddy\Application Data\Research In Motion
[2003/04/24 04:54:03 | 000,000,000 | ---D | M] -- C:\Documents and Settings\freddy\Application Data\SampleView
[2011/01/30 18:50:59 | 000,000,000 | ---D | M] -- C:\Documents and Settings\freddy\Application Data\ScanSoft
[2009/12/26 20:08:44 | 000,000,000 | ---D | M] -- C:\Documents and Settings\freddy\Application Data\VERITAS
[2011/10/27 10:01:46 | 000,000,270 | ---- | M] () -- C:\WINDOWS\Tasks\ASC4_PerformanceMonitor.job
[2011/10/27 22:27:03 | 000,000,422 | -H-- | M] () -- C:\WINDOWS\Tasks\User_Feed_Synchronization-{00299ACB-10BC-49D6-88A3-64F230036414}.job

========== Purity Check ==========



========== Alternate Data Streams ==========

@Alternate Data Stream - 1320 bytes -> C:\Documents and Settings\freddy\Cookies:FPvRREkzyvHHldOxGgLE
@Alternate Data Stream - 1285 bytes -> C:\Documents and Settings\All Users\Application Data\Microsoft:crcOtBPs6BgK2U4gh64n4
@Alternate Data Stream - 1271 bytes -> C:\Documents and Settings\All Users\Application Data\Microsoft:y7Ptm0uJ35xHxz2YSVxCdKvPC7sw
@Alternate Data Stream - 1172 bytes -> C:\Documents and Settings\freddy\Cookies:4VeaJIEaMc5HZ7Qjt8lMFnnGfHid

< End of report >
  • 0

Advertisements


#2
SweetTech

SweetTech

    Sir SpamAlot

  • Retired Staff
  • 7,671 posts
Hello and welcome to the forums!

My secret agent name on the forums is SweetTech (you can call me Agent ST for short), it's a pleasure to meet you. :yes:

I am very sorry for the delay in responding, but as you can see we are at the moment being flooded with logs which, when paired with the never-ending shortage of helpers, resulted in the delayed responding to your thread.

I would be glad to take a look at your log and help you with solving any malware problems.

If you have since resolved the issues you were originally experiencing, or have received help elsewhere, please inform me so that this topic can be closed.

If you have not, please adhere to the guidelines below and then follow instructions as outlined further below:


  • Logs from malware removal programs (OTL is one of them) can take some time to analyze. I need you to be patient while I analyze any logs you post. Please remember, I am a volunteer, and I do have a life outside of these forums.
  • Please make sure to carefully read any instruction that I give you. Attention to detail is important! Since I cannot see or directly interact with your computer I am dependent on you to "be my eyes" and provide as much information as you can regarding the current state of your computer.
  • If you're not sure, or if something unexpected happens, do NOT continue! Stop and ask!
  • If I instruct you to download a specific tool in which you already have, please delete the copy that you have and re-download the tool. The reason I ask you to do this is because these tools are updated fairly regularly.
  • Do not do things I do not ask for, such as running a spyware scan on your computer. The one thing that you should always do, is to make sure sure that your anti-virus definitions are up-to-date!
  • Please do not use the Attachment feature for any log file. Do a Copy/Paste of the entire contents of the log file and submit it inside your post.
  • I am going to stick with you until ALL malware is gone from your system. I would appreciate it if you would do the same. From this point, we're in this together :)
    Because of this, you must reply within three days
    failure to reply will result in the topic being closed!
  • Lastly, I am no magician. I will try very hard to fix your issues, but no promises can be made. Also be aware that some infections are so severe that you might need to resort to reformatting and reinstalling your operating system.
    Don't worry, this only happens in severe cases, but it sadly does happen. Be prepared to back up your data. Have means of backing up your data available.

____________________________________________________

Scanning with GMER

Before scanning, make sure all other running programs are closed and no other actions like a scheduled antivirus scan will occur while the scan is being performed. Do not use your computer for anything else during the scan.


Posted Image
Download GMER Rootkit Scanner from here or here.
  • Extract the contents of the zipped file to desktop.
  • Double click GMER.exe. If asked to allow gmer.sys driver to load, please consent .
  • If it gives you a warning about rootkit activity and asks if you want to run scan...click on NO.

    Posted Image
    Click the image to enlarge it
  • In the right panel, you will see several boxes that have been checked. Uncheck the following ...
    • IAT/EAT
    • Drives/Partition other than Systemdrive (typically C:\)
    • Show All (don't miss this one)
  • Then click the Scan button & wait for it to finish.
  • Once done click on the [Save..] button, and in the File name area, type in "Gmer.txt" or it will save as a .log file which cannot be uploaded to your post.
  • Save it where you can easily find it, such as your desktop, and attach it in your reply.

Notes:
**Caution**
Rootkit scans often produce false positives. Do NOT take any action on any "<--- ROOKIT" entries


-- If you encounter any problems, try running GMER in safe mode.
-- If GMER crashes or keeps resulting in a BSODs, uncheck Devices on the right side before scanning
.



NEXT:



Re-Running OTL

We need to create a New FULL OTL Report
  • Please download OTL from here if you have not done so already:
  • Save it to your desktop.
  • Double click on the Posted Image icon on your desktop.
  • Click the "Scan All Users" checkbox.
  • Change the "Extra Registry" option to "SafeList"
  • Push the Posted Image button.
  • Two reports will open, copy and paste them in a reply here:
    • OTL.txt <-- Will be opened
    • Extras.txt <-- Will be minimized


NEXT:



What issues are you currently experiencing with your computer?

Edited by SweetTech, 07 November 2011 - 03:06 PM.

  • 0

#3
writer99

writer99

    Member

  • Topic Starter
  • Member
  • PipPip
  • 11 posts
Thanks! Will work on getting this done tonight and post tomorrow!
  • 0

#4
SweetTech

SweetTech

    Sir SpamAlot

  • Retired Staff
  • 7,671 posts
:)
  • 0

#5
writer99

writer99

    Member

  • Topic Starter
  • Member
  • PipPip
  • 11 posts
Thanks ST! I appreciate the help!
Symptoms I'm still seeing include:
A LONG time to load applications, switch between applications, etc. The hard drive spins a lot when doing anything, so it feels like there's no RAM available and only virtual memory.

Logs are below:


GMER 1.0.15.15641 - http://www.gmer.net
Rootkit scan 2011-11-11 08:06:33
Windows 5.1.2600 Service Pack 3 Harddisk1\DR1 -> \Device\Ide\IdeDeviceP2T0L0-e WDC_WD1001FALS-00K1B0 rev.05.00K05
Running: gmer.exe; Driver: C:\DOCUME~1\freddy\LOCALS~1\Temp\fgtdipow.sys


---- System - GMER 1.0.15 ----

SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwAddBootEntry [0xBA3FD202]
SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) ZwAllocateVirtualMemory [0xBA463D8C]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwClose [0xBA4216C1]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwCreateEvent [0xBA3FF7F0]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwCreateEventPair [0xBA3FF848]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwCreateIoCompletion [0xBA3FF95E]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwCreateKey [0xBA421075]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwCreateMutant [0xBA3FF746]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwCreateSection [0xBA3FF898]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwCreateSemaphore [0xBA3FF79A]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwCreateTimer [0xBA3FF90C]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwDeleteBootEntry [0xBA3FD226]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwDeleteKey [0xBA421D87]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwDeleteValueKey [0xBA42203D]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwDuplicateObject [0xBA3FFBE2]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwEnumerateKey [0xBA421BF2]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwEnumerateValueKey [0xBA421A5D]
SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) ZwFreeVirtualMemory [0xBA463E3C]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwLoadDriver [0xBA3FCFF0]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwModifyBootEntry [0xBA3FD24A]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwNotifyChangeKey [0xBA3FFD56]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwNotifyChangeMultipleKeys [0xBA3FDCDA]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwOpenEvent [0xBA3FF820]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwOpenEventPair [0xBA3FF870]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwOpenIoCompletion [0xBA3FF988]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwOpenKey [0xBA4213D1]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwOpenMutant [0xBA3FF772]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwOpenProcess [0xBA3FFA1A]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwOpenSection [0xBA3FF8D8]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwOpenSemaphore [0xBA3FF7C8]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwOpenThread [0xBA3FFAFE]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwOpenTimer [0xBA3FF936]
SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) ZwProtectVirtualMemory [0xBA463ED4]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwQueryKey [0xBA4218D8]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwQueryObject [0xBA3FDBA0]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwQueryValueKey [0xBA42172A]
SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) ZwRenameKey [0xBA46C10E]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwRestoreKey [0xBA4206E8]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwSetBootEntryOrder [0xBA3FD26E]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwSetBootOptions [0xBA3FD292]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwSetSystemInformation [0xBA3FD04A]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwSetSystemPowerState [0xBA3FD186]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwSetValueKey [0xBA421E8E]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwShutdownSystem [0xBA3FD162]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwSystemDebugControl [0xBA3FD1AA]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwVdmControl [0xBA3FD2B6]

Code \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) ZwCreateProcessEx [0xBA479398]
Code \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) ObInsertObject
Code \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) ObMakeTemporaryObject

---- Kernel code sections - GMER 1.0.15 ----

.text ntoskrnl.exe!ZwYieldExecution + 3A6 804E4C00 4 Bytes [E8, 06, 42, BA]
PAGE ntoskrnl.exe!ObInsertObject 8056DA64 5 Bytes JMP BA4767F2 \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software)
PAGE ntoskrnl.exe!ZwReplyWaitReceivePortEx + 3CC 805766FB 4 Bytes CALL BA3FE335 \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)
PAGE ntoskrnl.exe!ZwCreateProcessEx 8058B9EC 7 Bytes JMP BA47939C \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software)
PAGE ntoskrnl.exe!ObMakeTemporaryObject 805AD1E0 5 Bytes JMP BA474D4C \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software)
.text win32k.sys!EngFreeUserMem + 674 BF809992 5 Bytes JMP BA400CA2 \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)
.text win32k.sys!EngDeleteSurface + 45 BF813986 5 Bytes JMP BA400BAE \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)
.text win32k.sys!EngSetLastError + 79A8 BF824339 5 Bytes JMP BA3FFF34 \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)
.text win32k.sys!EngCreateBitmap + F9C BF828CA3 5 Bytes JMP BA400E0C \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)
.text win32k.sys!EngUnmapFontFileFD + 2C50 BF8316EE 5 Bytes JMP BA401014 \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)
.text win32k.sys!EngUnmapFontFileFD + B68E BF83A12C 5 Bytes JMP BA400B1E \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)
.text win32k.sys!FONTOBJ_pxoGetXform + C2CF BF851A23 5 Bytes JMP BA3FFE70 \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)
.text win32k.sys!XLATEOBJ_iXlate + 3581 BF85E5B4 5 Bytes JMP BA400180 \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)
.text win32k.sys!XLATEOBJ_iXlate + 360C BF85E63F 5 Bytes JMP BA400326 \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)
.text win32k.sys!EngCreatePalette + 88 BF85F8B2 5 Bytes JMP BA3FFE58 \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)
.text win32k.sys!EngCreatePalette + 5457 BF864C81 5 Bytes JMP BA400BD8 \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)
.text win32k.sys!EngGetCurrentCodePage + 4128 BF873FD0 5 Bytes JMP BA4002FE \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)
.text win32k.sys!EngGradientFill + 26EE BF89482D 5 Bytes JMP BA400D54 \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)
.text win32k.sys!EngStretchBltROP + 583 BF895305 5 Bytes JMP BA400F72 \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)
.text win32k.sys!EngCopyBits + 4DEC BF89DC40 5 Bytes JMP BA3FFFA4 \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)
.text win32k.sys!EngEraseSurface + A9D8 BF8C21B0 5 Bytes JMP BA40003E \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)
.text win32k.sys!EngFillPath + 1517 BF8CA612 5 Bytes JMP BA4000AE \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)
.text win32k.sys!EngFillPath + 1797 BF8CA892 5 Bytes JMP BA4000E8 \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)
.text win32k.sys!EngDeleteSemaphore + 3B3E BF8EC2F7 5 Bytes JMP BA3FFD8C \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)
.text win32k.sys!EngCreateClip + 19DF BF913433 5 Bytes JMP BA3FFEF0 \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)
.text win32k.sys!EngCreateClip + 25B3 BF914007 5 Bytes JMP BA400008 \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)
.text win32k.sys!EngCreateClip + 4F2C BF916980 5 Bytes JMP BA400440 \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)
.text win32k.sys!EngPlgBlt + 18FC BF9463F2 5 Bytes JMP BA400ECA \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)

---- User code sections - GMER 1.0.15 ----

.text C:\Program Files\IDrive\IDriveEBackground.exe[296] ntdll.dll!LdrLoadDll 7C91632D 5 Bytes JMP 001401F8
.text C:\Program Files\IDrive\IDriveEBackground.exe[296] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62]
.text C:\Program Files\IDrive\IDriveEBackground.exe[296] ntdll.dll!LdrUnloadDll 7C9171CD 5 Bytes JMP 001403FC
.text C:\Program Files\IDrive\IDriveEBackground.exe[296] kernel32.dll!GetBinaryTypeW + 80 7C868D8C 1 Byte [62]
.text C:\Program Files\IDrive\IDriveEBackground.exe[296] USER32.dll!SetWindowsHookExW 7E42820F 5 Bytes JMP 00380804
.text C:\Program Files\IDrive\IDriveEBackground.exe[296] USER32.dll!UnhookWindowsHookEx 7E42D5F3 5 Bytes JMP 00380A08
.text C:\Program Files\IDrive\IDriveEBackground.exe[296] USER32.dll!SetWindowsHookExA 7E431211 5 Bytes JMP 00380600
.text C:\Program Files\IDrive\IDriveEBackground.exe[296] USER32.dll!SetWinEventHook 7E4317F7 5 Bytes JMP 003801F8
.text C:\Program Files\IDrive\IDriveEBackground.exe[296] USER32.dll!UnhookWinEvent 7E4318AC 5 Bytes JMP 003803FC
.text C:\Program Files\IDrive\IDriveEBackground.exe[296] ADVAPI32.dll!SetServiceObjectSecurity 77E36D81 5 Bytes JMP 00391014
.text C:\Program Files\IDrive\IDriveEBackground.exe[296] ADVAPI32.dll!ChangeServiceConfigA 77E36E69 5 Bytes JMP 00390804
.text C:\Program Files\IDrive\IDriveEBackground.exe[296] ADVAPI32.dll!ChangeServiceConfigW 77E37001 5 Bytes JMP 00390A08
.text C:\Program Files\IDrive\IDriveEBackground.exe[296] ADVAPI32.dll!ChangeServiceConfig2A 77E37101 5 Bytes JMP 00390C0C
.text C:\Program Files\IDrive\IDriveEBackground.exe[296] ADVAPI32.dll!ChangeServiceConfig2W 77E37189 5 Bytes JMP 00390E10
.text C:\Program Files\IDrive\IDriveEBackground.exe[296] ADVAPI32.dll!CreateServiceA 77E37211 5 Bytes JMP 003901F8
.text C:\Program Files\IDrive\IDriveEBackground.exe[296] ADVAPI32.dll!CreateServiceW 77E373A9 5 Bytes JMP 003903FC
.text C:\Program Files\IDrive\IDriveEBackground.exe[296] ADVAPI32.dll!DeleteService 77E374B1 5 Bytes JMP 00390600
.text C:\WINDOWS\System32\smss.exe[584] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62]
.text C:\Program Files\NetLimiter 2 Monitor\NLClient.exe[624] ntdll.dll!LdrLoadDll 7C91632D 5 Bytes JMP 001501F8
.text C:\Program Files\NetLimiter 2 Monitor\NLClient.exe[624] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62]
.text C:\Program Files\NetLimiter 2 Monitor\NLClient.exe[624] ntdll.dll!LdrUnloadDll 7C9171CD 5 Bytes JMP 001503FC
.text C:\WINDOWS\system32\Brmfrmps.exe[652] ntdll.dll!LdrLoadDll 7C91632D 5 Bytes JMP 001401F8
.text C:\WINDOWS\system32\Brmfrmps.exe[652] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62]
.text C:\WINDOWS\system32\Brmfrmps.exe[652] ntdll.dll!LdrUnloadDll 7C9171CD 5 Bytes JMP 001403FC
.text C:\WINDOWS\system32\Brmfrmps.exe[652] kernel32.dll!GetBinaryTypeW + 80 7C868D8C 1 Byte [62]
.text C:\WINDOWS\system32\Brmfrmps.exe[652] ADVAPI32.dll!SetServiceObjectSecurity 77E36D81 5 Bytes JMP 00381014
.text C:\WINDOWS\system32\Brmfrmps.exe[652] ADVAPI32.dll!ChangeServiceConfigA 77E36E69 5 Bytes JMP 00380804
.text C:\WINDOWS\system32\Brmfrmps.exe[652] ADVAPI32.dll!ChangeServiceConfigW 77E37001 5 Bytes JMP 00380A08
.text C:\WINDOWS\system32\Brmfrmps.exe[652] ADVAPI32.dll!ChangeServiceConfig2A 77E37101 5 Bytes JMP 00380C0C
.text C:\WINDOWS\system32\Brmfrmps.exe[652] ADVAPI32.dll!ChangeServiceConfig2W 77E37189 5 Bytes JMP 00380E10
.text C:\WINDOWS\system32\Brmfrmps.exe[652] ADVAPI32.dll!CreateServiceA 77E37211 5 Bytes JMP 003801F8
.text C:\WINDOWS\system32\Brmfrmps.exe[652] ADVAPI32.dll!CreateServiceW 77E373A9 5 Bytes JMP 003803FC
.text C:\WINDOWS\system32\Brmfrmps.exe[652] ADVAPI32.dll!DeleteService 77E374B1 5 Bytes JMP 00380600
.text C:\WINDOWS\system32\Brmfrmps.exe[652] USER32.dll!SetWindowsHookExW 7E42820F 5 Bytes JMP 00390804
.text C:\WINDOWS\system32\Brmfrmps.exe[652] USER32.dll!UnhookWindowsHookEx 7E42D5F3 5 Bytes JMP 00390A08
.text C:\WINDOWS\system32\Brmfrmps.exe[652] USER32.dll!SetWindowsHookExA 7E431211 5 Bytes JMP 00390600
.text C:\WINDOWS\system32\Brmfrmps.exe[652] USER32.dll!SetWinEventHook 7E4317F7 5 Bytes JMP 003901F8
.text C:\WINDOWS\system32\Brmfrmps.exe[652] USER32.dll!UnhookWinEvent 7E4318AC 5 Bytes JMP 003903FC
.text C:\Program Files\IDrive\IDriveEClsClient.exe[696] ntdll.dll!LdrLoadDll 7C91632D 5 Bytes JMP 001501F8
.text C:\Program Files\IDrive\IDriveEClsClient.exe[696] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62]
.text C:\Program Files\IDrive\IDriveEClsClient.exe[696] ntdll.dll!LdrUnloadDll 7C9171CD 5 Bytes JMP 001503FC
.text C:\Program Files\IDrive\IDriveEClsClient.exe[696] kernel32.dll!GetBinaryTypeW + 80 7C868D8C 1 Byte [62]
.text C:\Program Files\IDrive\IDriveEClsClient.exe[696] ADVAPI32.dll!SetServiceObjectSecurity 77E36D81 5 Bytes JMP 006E1014
.text C:\Program Files\IDrive\IDriveEClsClient.exe[696] ADVAPI32.dll!ChangeServiceConfigA 77E36E69 5 Bytes JMP 006E0804
.text C:\Program Files\IDrive\IDriveEClsClient.exe[696] ADVAPI32.dll!ChangeServiceConfigW 77E37001 5 Bytes JMP 006E0A08
.text C:\Program Files\IDrive\IDriveEClsClient.exe[696] ADVAPI32.dll!ChangeServiceConfig2A 77E37101 5 Bytes JMP 006E0C0C
.text C:\Program Files\IDrive\IDriveEClsClient.exe[696] ADVAPI32.dll!ChangeServiceConfig2W 77E37189 5 Bytes JMP 006E0E10
.text C:\Program Files\IDrive\IDriveEClsClient.exe[696] ADVAPI32.dll!CreateServiceA 77E37211 5 Bytes JMP 006E01F8
.text C:\Program Files\IDrive\IDriveEClsClient.exe[696] ADVAPI32.dll!CreateServiceW 77E373A9 5 Bytes JMP 006E03FC
.text C:\Program Files\IDrive\IDriveEClsClient.exe[696] ADVAPI32.dll!DeleteService 77E374B1 5 Bytes JMP 006E0600
.text C:\Program Files\IDrive\IDriveEClsClient.exe[696] USER32.dll!SetWindowsHookExW 7E42820F 5 Bytes JMP 006F0804
.text C:\Program Files\IDrive\IDriveEClsClient.exe[696] USER32.dll!UnhookWindowsHookEx 7E42D5F3 5 Bytes JMP 006F0A08
.text C:\Program Files\IDrive\IDriveEClsClient.exe[696] USER32.dll!SetWindowsHookExA 7E431211 5 Bytes JMP 006F0600
.text C:\Program Files\IDrive\IDriveEClsClient.exe[696] USER32.dll!SetWinEventHook 7E4317F7 5 Bytes JMP 006F01F8
.text C:\Program Files\IDrive\IDriveEClsClient.exe[696] USER32.dll!UnhookWinEvent 7E4318AC 5 Bytes JMP 006F03FC
.text C:\WINDOWS\system32\csrss.exe[840] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62]
.text C:\WINDOWS\system32\csrss.exe[840] KERNEL32.dll!GetBinaryTypeW + 80 7C868D8C 1 Byte [62]
.text C:\WINDOWS\system32\winlogon.exe[876] ntdll.dll!LdrLoadDll 7C91632D 5 Bytes JMP 000701F8
.text C:\WINDOWS\system32\winlogon.exe[876] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62]
.text C:\WINDOWS\system32\winlogon.exe[876] ntdll.dll!LdrUnloadDll 7C9171CD 5 Bytes JMP 000703FC
.text C:\WINDOWS\system32\winlogon.exe[876] kernel32.dll!GetBinaryTypeW + 80 7C868D8C 1 Byte [62]
.text C:\WINDOWS\system32\winlogon.exe[876] ADVAPI32.dll!SetServiceObjectSecurity 77E36D81 5 Bytes JMP 002B1014
.text C:\WINDOWS\system32\winlogon.exe[876] ADVAPI32.dll!ChangeServiceConfigA 77E36E69 5 Bytes JMP 002B0804
.text C:\WINDOWS\system32\winlogon.exe[876] ADVAPI32.dll!ChangeServiceConfigW 77E37001 5 Bytes JMP 002B0A08
.text C:\WINDOWS\system32\winlogon.exe[876] ADVAPI32.dll!ChangeServiceConfig2A 77E37101 5 Bytes JMP 002B0C0C
.text C:\WINDOWS\system32\winlogon.exe[876] ADVAPI32.dll!ChangeServiceConfig2W 77E37189 5 Bytes JMP 002B0E10
.text C:\WINDOWS\system32\winlogon.exe[876] ADVAPI32.dll!CreateServiceA 77E37211 5 Bytes JMP 002B01F8
.text C:\WINDOWS\system32\winlogon.exe[876] ADVAPI32.dll!CreateServiceW 77E373A9 5 Bytes JMP 002B03FC
.text C:\WINDOWS\system32\winlogon.exe[876] ADVAPI32.dll!DeleteService 77E374B1 5 Bytes JMP 002B0600
.text C:\WINDOWS\system32\winlogon.exe[876] USER32.dll!SetWindowsHookExW 7E42820F 5 Bytes JMP 002C0804
.text C:\WINDOWS\system32\winlogon.exe[876] USER32.dll!UnhookWindowsHookEx 7E42D5F3 5 Bytes JMP 002C0A08
.text C:\WINDOWS\system32\winlogon.exe[876] USER32.dll!SetWindowsHookExA 7E431211 5 Bytes JMP 002C0600
.text C:\WINDOWS\system32\winlogon.exe[876] USER32.dll!SetWinEventHook 7E4317F7 5 Bytes JMP 002C01F8
.text C:\WINDOWS\system32\winlogon.exe[876] USER32.dll!UnhookWinEvent 7E4318AC 5 Bytes JMP 002C03FC
.text C:\WINDOWS\system32\services.exe[920] ntdll.dll!LdrLoadDll 7C91632D 5 Bytes JMP 000901F8
.text C:\WINDOWS\system32\services.exe[920] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62]
.text C:\WINDOWS\system32\services.exe[920] ntdll.dll!LdrUnloadDll 7C9171CD 5 Bytes JMP 000903FC
.text C:\WINDOWS\system32\services.exe[920] kernel32.dll!GetBinaryTypeW + 80 7C868D8C 1 Byte [62]
.text C:\WINDOWS\system32\services.exe[920] ADVAPI32.dll!SetServiceObjectSecurity 77E36D81 5 Bytes JMP 002B1014
.text C:\WINDOWS\system32\services.exe[920] ADVAPI32.dll!ChangeServiceConfigA 77E36E69 5 Bytes JMP 002B0804
.text C:\WINDOWS\system32\services.exe[920] ADVAPI32.dll!ChangeServiceConfigW 77E37001 5 Bytes JMP 002B0A08
.text C:\WINDOWS\system32\services.exe[920] ADVAPI32.dll!ChangeServiceConfig2A 77E37101 5 Bytes JMP 002B0C0C
.text C:\WINDOWS\system32\services.exe[920] ADVAPI32.dll!ChangeServiceConfig2W 77E37189 5 Bytes JMP 002B0E10
.text C:\WINDOWS\system32\services.exe[920] ADVAPI32.dll!CreateServiceA 77E37211 5 Bytes JMP 002B01F8
.text C:\WINDOWS\system32\services.exe[920] ADVAPI32.dll!CreateServiceW 77E373A9 5 Bytes JMP 002B03FC
.text C:\WINDOWS\system32\services.exe[920] ADVAPI32.dll!DeleteService 77E374B1 5 Bytes JMP 002B0600
.text C:\WINDOWS\system32\services.exe[920] USER32.dll!SetWindowsHookExW 7E42820F 5 Bytes JMP 002C0804
.text C:\WINDOWS\system32\services.exe[920] USER32.dll!UnhookWindowsHookEx 7E42D5F3 5 Bytes JMP 002C0A08
.text C:\WINDOWS\system32\services.exe[920] USER32.dll!SetWindowsHookExA 7E431211 5 Bytes JMP 002C0600
.text C:\WINDOWS\system32\services.exe[920] USER32.dll!SetWinEventHook 7E4317F7 5 Bytes JMP 002C01F8
.text C:\WINDOWS\system32\services.exe[920] USER32.dll!UnhookWinEvent 7E4318AC 5 Bytes JMP 002C03FC
.text C:\WINDOWS\system32\lsass.exe[932] ntdll.dll!LdrLoadDll 7C91632D 5 Bytes JMP 000901F8
.text C:\WINDOWS\system32\lsass.exe[932] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62]
.text C:\WINDOWS\system32\lsass.exe[932] ntdll.dll!LdrUnloadDll 7C9171CD 5 Bytes JMP 000903FC
.text C:\WINDOWS\system32\lsass.exe[932] kernel32.dll!GetBinaryTypeW + 80 7C868D8C 1 Byte [62]
.text C:\WINDOWS\system32\lsass.exe[932] ADVAPI32.dll!SetServiceObjectSecurity 77E36D81 5 Bytes JMP 002B1014
.text C:\WINDOWS\system32\lsass.exe[932] ADVAPI32.dll!ChangeServiceConfigA 77E36E69 5 Bytes JMP 002B0804
.text C:\WINDOWS\system32\lsass.exe[932] ADVAPI32.dll!ChangeServiceConfigW 77E37001 5 Bytes JMP 002B0A08
.text C:\WINDOWS\system32\lsass.exe[932] ADVAPI32.dll!ChangeServiceConfig2A 77E37101 5 Bytes JMP 002B0C0C
.text C:\WINDOWS\system32\lsass.exe[932] ADVAPI32.dll!ChangeServiceConfig2W 77E37189 5 Bytes JMP 002B0E10
.text C:\WINDOWS\system32\lsass.exe[932] ADVAPI32.dll!CreateServiceA 77E37211 5 Bytes JMP 002B01F8
.text C:\WINDOWS\system32\lsass.exe[932] ADVAPI32.dll!CreateServiceW 77E373A9 5 Bytes JMP 002B03FC
.text C:\WINDOWS\system32\lsass.exe[932] ADVAPI32.dll!DeleteService 77E374B1 5 Bytes JMP 002B0600
.text C:\WINDOWS\system32\lsass.exe[932] USER32.dll!SetWindowsHookExW 7E42820F 5 Bytes JMP 002C0804
.text C:\WINDOWS\system32\lsass.exe[932] USER32.dll!UnhookWindowsHookEx 7E42D5F3 5 Bytes JMP 002C0A08
.text C:\WINDOWS\system32\lsass.exe[932] USER32.dll!SetWindowsHookExA 7E431211 5 Bytes JMP 002C0600
.text C:\WINDOWS\system32\lsass.exe[932] USER32.dll!SetWinEventHook 7E4317F7 5 Bytes JMP 002C01F8
.text C:\WINDOWS\system32\lsass.exe[932] USER32.dll!UnhookWinEvent 7E4318AC 5 Bytes JMP 002C03FC
.text C:\WINDOWS\system32\Ati2evxx.exe[1100] ntdll.dll!LdrLoadDll 7C91632D 5 Bytes JMP 001401F8
.text C:\WINDOWS\system32\Ati2evxx.exe[1100] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62]
.text C:\WINDOWS\system32\Ati2evxx.exe[1100] ntdll.dll!LdrUnloadDll 7C9171CD 5 Bytes JMP 001403FC
.text C:\WINDOWS\system32\Ati2evxx.exe[1100] kernel32.dll!GetBinaryTypeW + 80 7C868D8C 1 Byte [62]
.text C:\WINDOWS\system32\Ati2evxx.exe[1100] USER32.dll!SetWindowsHookExW 7E42820F 5 Bytes JMP 00380804
.text C:\WINDOWS\system32\Ati2evxx.exe[1100] USER32.dll!UnhookWindowsHookEx 7E42D5F3 5 Bytes JMP 00380A08
.text C:\WINDOWS\system32\Ati2evxx.exe[1100] USER32.dll!SetWindowsHookExA 7E431211 5 Bytes JMP 00380600
.text C:\WINDOWS\system32\Ati2evxx.exe[1100] USER32.dll!SetWinEventHook 7E4317F7 5 Bytes JMP 003801F8
.text C:\WINDOWS\system32\Ati2evxx.exe[1100] USER32.dll!UnhookWinEvent 7E4318AC 5 Bytes JMP 003803FC
.text C:\WINDOWS\system32\Ati2evxx.exe[1100] ADVAPI32.dll!SetServiceObjectSecurity 77E36D81 5 Bytes JMP 00391014
.text C:\WINDOWS\system32\Ati2evxx.exe[1100] ADVAPI32.dll!ChangeServiceConfigA 77E36E69 5 Bytes JMP 00390804
.text C:\WINDOWS\system32\Ati2evxx.exe[1100] ADVAPI32.dll!ChangeServiceConfigW 77E37001 5 Bytes JMP 00390A08
.text C:\WINDOWS\system32\Ati2evxx.exe[1100] ADVAPI32.dll!ChangeServiceConfig2A 77E37101 5 Bytes JMP 00390C0C
.text C:\WINDOWS\system32\Ati2evxx.exe[1100] ADVAPI32.dll!ChangeServiceConfig2W 77E37189 5 Bytes JMP 00390E10
.text C:\WINDOWS\system32\Ati2evxx.exe[1100] ADVAPI32.dll!CreateServiceA 77E37211 5 Bytes JMP 003901F8
.text C:\WINDOWS\system32\Ati2evxx.exe[1100] ADVAPI32.dll!CreateServiceW 77E373A9 5 Bytes JMP 003903FC
.text C:\WINDOWS\system32\Ati2evxx.exe[1100] ADVAPI32.dll!DeleteService 77E374B1 5 Bytes JMP 00390600
.text C:\WINDOWS\system32\svchost.exe[1116] ntdll.dll!LdrLoadDll 7C91632D 5 Bytes JMP 000901F8
.text C:\WINDOWS\system32\svchost.exe[1116] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62]
.text C:\WINDOWS\system32\svchost.exe[1116] ntdll.dll!LdrUnloadDll 7C9171CD 5 Bytes JMP 000903FC
.text C:\WINDOWS\system32\svchost.exe[1116] kernel32.dll!GetBinaryTypeW + 80 7C868D8C 1 Byte [62]
.text C:\WINDOWS\system32\svchost.exe[1116] ADVAPI32.dll!SetServiceObjectSecurity 77E36D81 5 Bytes JMP 002B1014
.text C:\WINDOWS\system32\svchost.exe[1116] ADVAPI32.dll!ChangeServiceConfigA 77E36E69 5 Bytes JMP 002B0804
.text C:\WINDOWS\system32\svchost.exe[1116] ADVAPI32.dll!ChangeServiceConfigW 77E37001 5 Bytes JMP 002B0A08
.text C:\WINDOWS\system32\svchost.exe[1116] ADVAPI32.dll!ChangeServiceConfig2A 77E37101 5 Bytes JMP 002B0C0C
.text C:\WINDOWS\system32\svchost.exe[1116] ADVAPI32.dll!ChangeServiceConfig2W 77E37189 5 Bytes JMP 002B0E10
.text C:\WINDOWS\system32\svchost.exe[1116] ADVAPI32.dll!CreateServiceA 77E37211 5 Bytes JMP 002B01F8
.text C:\WINDOWS\system32\svchost.exe[1116] ADVAPI32.dll!CreateServiceW 77E373A9 5 Bytes JMP 002B03FC
.text C:\WINDOWS\system32\svchost.exe[1116] ADVAPI32.dll!DeleteService 77E374B1 5 Bytes JMP 002B0600
.text C:\WINDOWS\system32\svchost.exe[1116] USER32.dll!SetWindowsHookExW 7E42820F 5 Bytes JMP 002C0804
.text C:\WINDOWS\system32\svchost.exe[1116] USER32.dll!UnhookWindowsHookEx 7E42D5F3 5 Bytes JMP 002C0A08
.text C:\WINDOWS\system32\svchost.exe[1116] USER32.dll!SetWindowsHookExA 7E431211 5 Bytes JMP 002C0600
.text C:\WINDOWS\system32\svchost.exe[1116] USER32.dll!SetWinEventHook 7E4317F7 5 Bytes JMP 002C01F8
.text C:\WINDOWS\system32\svchost.exe[1116] USER32.dll!UnhookWinEvent 7E4318AC 5 Bytes JMP 002C03FC
.text C:\WINDOWS\system32\spoolsv.exe[1180] ntdll.dll!LdrLoadDll 7C91632D 5 Bytes JMP 000901F8
.text C:\WINDOWS\system32\spoolsv.exe[1180] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62]
.text C:\WINDOWS\system32\spoolsv.exe[1180] ntdll.dll!LdrUnloadDll 7C9171CD 5 Bytes JMP 000903FC
.text C:\WINDOWS\system32\spoolsv.exe[1180] kernel32.dll!GetBinaryTypeW + 80 7C868D8C 1 Byte [62]
.text C:\WINDOWS\system32\spoolsv.exe[1180] ADVAPI32.dll!SetServiceObjectSecurity 77E36D81 5 Bytes JMP 002B1014
.text C:\WINDOWS\system32\spoolsv.exe[1180] ADVAPI32.dll!ChangeServiceConfigA 77E36E69 5 Bytes JMP 002B0804
.text C:\WINDOWS\system32\spoolsv.exe[1180] ADVAPI32.dll!ChangeServiceConfigW 77E37001 5 Bytes JMP 002B0A08
.text C:\WINDOWS\system32\spoolsv.exe[1180] ADVAPI32.dll!ChangeServiceConfig2A 77E37101 5 Bytes JMP 002B0C0C
.text C:\WINDOWS\system32\spoolsv.exe[1180] ADVAPI32.dll!ChangeServiceConfig2W 77E37189 5 Bytes JMP 002B0E10
.text C:\WINDOWS\system32\spoolsv.exe[1180] ADVAPI32.dll!CreateServiceA 77E37211 5 Bytes JMP 002B01F8
.text C:\WINDOWS\system32\spoolsv.exe[1180] ADVAPI32.dll!CreateServiceW 77E373A9 5 Bytes JMP 002B03FC
.text C:\WINDOWS\system32\spoolsv.exe[1180] ADVAPI32.dll!DeleteService 77E374B1 5 Bytes JMP 002B0600
.text C:\WINDOWS\system32\spoolsv.exe[1180] USER32.dll!SetWindowsHookExW 7E42820F 5 Bytes JMP 002C0804
.text C:\WINDOWS\system32\spoolsv.exe[1180] USER32.dll!UnhookWindowsHookEx 7E42D5F3 5 Bytes JMP 002C0A08
.text C:\WINDOWS\system32\spoolsv.exe[1180] USER32.dll!SetWindowsHookExA 7E431211 5 Bytes JMP 002C0600
.text C:\WINDOWS\system32\spoolsv.exe[1180] USER32.dll!SetWinEventHook 7E4317F7 5 Bytes JMP 002C01F8
.text C:\WINDOWS\system32\spoolsv.exe[1180] USER32.dll!UnhookWinEvent 7E4318AC 5 Bytes JMP 002C03FC
.text C:\WINDOWS\system32\svchost.exe[1256] ntdll.dll!LdrLoadDll 7C91632D 5 Bytes JMP 000901F8
.text C:\WINDOWS\system32\svchost.exe[1256] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62]
.text C:\WINDOWS\system32\svchost.exe[1256] ntdll.dll!LdrUnloadDll 7C9171CD 5 Bytes JMP 000903FC
.text C:\WINDOWS\system32\svchost.exe[1256] kernel32.dll!GetBinaryTypeW + 80 7C868D8C 1 Byte [62]
.text C:\WINDOWS\system32\svchost.exe[1256] ADVAPI32.dll!SetServiceObjectSecurity 77E36D81 5 Bytes JMP 002B1014
.text C:\WINDOWS\system32\svchost.exe[1256] ADVAPI32.dll!ChangeServiceConfigA 77E36E69 5 Bytes JMP 002B0804
.text C:\WINDOWS\system32\svchost.exe[1256] ADVAPI32.dll!ChangeServiceConfigW 77E37001 5 Bytes JMP 002B0A08
.text C:\WINDOWS\system32\svchost.exe[1256] ADVAPI32.dll!ChangeServiceConfig2A 77E37101 5 Bytes JMP 002B0C0C
.text C:\WINDOWS\system32\svchost.exe[1256] ADVAPI32.dll!ChangeServiceConfig2W 77E37189 5 Bytes JMP 002B0E10
.text C:\WINDOWS\system32\svchost.exe[1256] ADVAPI32.dll!CreateServiceA 77E37211 5 Bytes JMP 002B01F8
.text C:\WINDOWS\system32\svchost.exe[1256] ADVAPI32.dll!CreateServiceW 77E373A9 5 Bytes JMP 002B03FC
.text C:\WINDOWS\system32\svchost.exe[1256] ADVAPI32.dll!DeleteService 77E374B1 5 Bytes JMP 002B0600
.text C:\WINDOWS\system32\svchost.exe[1256] USER32.dll!SetWindowsHookExW 7E42820F 5 Bytes JMP 002C0804
.text C:\WINDOWS\system32\svchost.exe[1256] USER32.dll!UnhookWindowsHookEx 7E42D5F3 5 Bytes JMP 002C0A08
.text C:\WINDOWS\system32\svchost.exe[1256] USER32.dll!SetWindowsHookExA 7E431211 5 Bytes JMP 002C0600
.text C:\WINDOWS\system32\svchost.exe[1256] USER32.dll!SetWinEventHook 7E4317F7 5 Bytes JMP 002C01F8
.text C:\WINDOWS\system32\svchost.exe[1256] USER32.dll!UnhookWinEvent 7E4318AC 5 Bytes JMP 002C03FC
.text C:\Documents and Settings\freddy\My Documents\AAADownloads\Programs to Save\Gmer\gmer.exe[1320] ntdll.dll!LdrLoadDll 7C91632D 5 Bytes JMP 001501F8
.text C:\Documents and Settings\freddy\My Documents\AAADownloads\Programs to Save\Gmer\gmer.exe[1320] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62]
.text C:\Documents and Settings\freddy\My Documents\AAADownloads\Programs to Save\Gmer\gmer.exe[1320] ntdll.dll!LdrUnloadDll 7C9171CD 5 Bytes JMP 001503FC
.text C:\Documents and Settings\freddy\My Documents\AAADownloads\Programs to Save\Gmer\gmer.exe[1320] kernel32.dll!GetBinaryTypeW + 80 7C868D8C 1 Byte [62]
.text C:\Documents and Settings\freddy\My Documents\AAADownloads\Programs to Save\Gmer\gmer.exe[1320] ADVAPI32.dll!SetServiceObjectSecurity 77E36D81 5 Bytes JMP 003E1014
.text C:\Documents and Settings\freddy\My Documents\AAADownloads\Programs to Save\Gmer\gmer.exe[1320] ADVAPI32.dll!ChangeServiceConfigA 77E36E69 5 Bytes JMP 003E0804
.text C:\Documents and Settings\freddy\My Documents\AAADownloads\Programs to Save\Gmer\gmer.exe[1320] ADVAPI32.dll!ChangeServiceConfigW 77E37001 5 Bytes JMP 003E0A08
.text C:\Documents and Settings\freddy\My Documents\AAADownloads\Programs to Save\Gmer\gmer.exe[1320] ADVAPI32.dll!ChangeServiceConfig2A 77E37101 5 Bytes JMP 003E0C0C
.text C:\Documents and Settings\freddy\My Documents\AAADownloads\Programs to Save\Gmer\gmer.exe[1320] ADVAPI32.dll!ChangeServiceConfig2W 77E37189 5 Bytes JMP 003E0E10
.text C:\Documents and Settings\freddy\My Documents\AAADownloads\Programs to Save\Gmer\gmer.exe[1320] ADVAPI32.dll!CreateServiceA 77E37211 5 Bytes JMP 003E01F8
.text C:\Documents and Settings\freddy\My Documents\AAADownloads\Programs to Save\Gmer\gmer.exe[1320] ADVAPI32.dll!CreateServiceW 77E373A9 5 Bytes JMP 003E03FC
.text C:\Documents and Settings\freddy\My Documents\AAADownloads\Programs to Save\Gmer\gmer.exe[1320] ADVAPI32.dll!DeleteService 77E374B1 5 Bytes JMP 003E0600
.text C:\Documents and Settings\freddy\My Documents\AAADownloads\Programs to Save\Gmer\gmer.exe[1320] USER32.dll!SetWindowsHookExW 7E42820F 5 Bytes JMP 003F0804
.text C:\Documents and Settings\freddy\My Documents\AAADownloads\Programs to Save\Gmer\gmer.exe[1320] USER32.dll!UnhookWindowsHookEx 7E42D5F3 5 Bytes JMP 003F0A08
.text C:\Documents and Settings\freddy\My Documents\AAADownloads\Programs to Save\Gmer\gmer.exe[1320] USER32.dll!SetWindowsHookExA 7E431211 5 Bytes JMP 003F0600
.text C:\Documents and Settings\freddy\My Documents\AAADownloads\Programs to Save\Gmer\gmer.exe[1320] USER32.dll!SetWinEventHook 7E4317F7 5 Bytes JMP 003F01F8
.text C:\Documents and Settings\freddy\My Documents\AAADownloads\Programs to Save\Gmer\gmer.exe[1320] USER32.dll!UnhookWinEvent 7E4318AC 5 Bytes JMP 003F03FC
.text C:\WINDOWS\System32\svchost.exe[1352] ntdll.dll!LdrLoadDll 7C91632D 5 Bytes JMP 000901F8
.text C:\WINDOWS\System32\svchost.exe[1352] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62]
.text C:\WINDOWS\System32\svchost.exe[1352] ntdll.dll!LdrUnloadDll 7C9171CD 5 Bytes JMP 000903FC
.text C:\WINDOWS\System32\svchost.exe[1352] kernel32.dll!GetBinaryTypeW + 80 7C868D8C 1 Byte [62]
.text C:\WINDOWS\System32\svchost.exe[1352] ADVAPI32.dll!SetServiceObjectSecurity 77E36D81 5 Bytes JMP 002B1014
.text C:\WINDOWS\System32\svchost.exe[1352] ADVAPI32.dll!ChangeServiceConfigA 77E36E69 5 Bytes JMP 002B0804
.text C:\WINDOWS\System32\svchost.exe[1352] ADVAPI32.dll!ChangeServiceConfigW 77E37001 5 Bytes JMP 002B0A08
.text C:\WINDOWS\System32\svchost.exe[1352] ADVAPI32.dll!ChangeServiceConfig2A 77E37101 5 Bytes JMP 002B0C0C
.text C:\WINDOWS\System32\svchost.exe[1352] ADVAPI32.dll!ChangeServiceConfig2W 77E37189 5 Bytes JMP 002B0E10
.text C:\WINDOWS\System32\svchost.exe[1352] ADVAPI32.dll!CreateServiceA 77E37211 5 Bytes JMP 002B01F8
.text C:\WINDOWS\System32\svchost.exe[1352] ADVAPI32.dll!CreateServiceW 77E373A9 5 Bytes JMP 002B03FC
.text C:\WINDOWS\System32\svchost.exe[1352] ADVAPI32.dll!DeleteService 77E374B1 5 Bytes JMP 002B0600
.text C:\WINDOWS\System32\svchost.exe[1352] USER32.dll!SetWindowsHookExW 7E42820F 5 Bytes JMP 002C0804
.text C:\WINDOWS\System32\svchost.exe[1352] USER32.dll!UnhookWindowsHookEx 7E42D5F3 5 Bytes JMP 002C0A08
.text C:\WINDOWS\System32\svchost.exe[1352] USER32.dll!SetWindowsHookExA 7E431211 5 Bytes JMP 002C0600
.text C:\WINDOWS\System32\svchost.exe[1352] USER32.dll!SetWinEventHook 7E4317F7 5 Bytes JMP 002C01F8
.text C:\WINDOWS\System32\svchost.exe[1352] USER32.dll!UnhookWinEvent 7E4318AC 5 Bytes JMP 002C03FC
.text C:\WINDOWS\system32\svchost.exe[1396] ntdll.dll!LdrLoadDll 7C91632D 5 Bytes JMP 000901F8
.text C:\WINDOWS\system32\svchost.exe[1396] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62]
.text C:\WINDOWS\system32\svchost.exe[1396] ntdll.dll!LdrUnloadDll 7C9171CD 5 Bytes JMP 000903FC
.text C:\WINDOWS\system32\svchost.exe[1396] kernel32.dll!GetBinaryTypeW + 80 7C868D8C 1 Byte [62]
.text C:\WINDOWS\system32\svchost.exe[1396] ADVAPI32.dll!SetServiceObjectSecurity 77E36D81 5 Bytes JMP 002B1014
.text C:\WINDOWS\system32\svchost.exe[1396] ADVAPI32.dll!ChangeServiceConfigA 77E36E69 5 Bytes JMP 002B0804
.text C:\WINDOWS\system32\svchost.exe[1396] ADVAPI32.dll!ChangeServiceConfigW 77E37001 5 Bytes JMP 002B0A08
.text C:\WINDOWS\system32\svchost.exe[1396] ADVAPI32.dll!ChangeServiceConfig2A 77E37101 5 Bytes JMP 002B0C0C
.text C:\WINDOWS\system32\svchost.exe[1396] ADVAPI32.dll!ChangeServiceConfig2W 77E37189 5 Bytes JMP 002B0E10
.text C:\WINDOWS\system32\svchost.exe[1396] ADVAPI32.dll!CreateServiceA 77E37211 5 Bytes JMP 002B01F8
.text C:\WINDOWS\system32\svchost.exe[1396] ADVAPI32.dll!CreateServiceW 77E373A9 5 Bytes JMP 002B03FC
.text C:\WINDOWS\system32\svchost.exe[1396] ADVAPI32.dll!DeleteService 77E374B1 5 Bytes JMP 002B0600
.text C:\WINDOWS\system32\svchost.exe[1396] USER32.dll!SetWindowsHookExW 7E42820F 5 Bytes JMP 002C0804
.text C:\WINDOWS\system32\svchost.exe[1396] USER32.dll!UnhookWindowsHookEx 7E42D5F3 5 Bytes JMP 002C0A08
.text C:\WINDOWS\system32\svchost.exe[1396] USER32.dll!SetWindowsHookExA 7E431211 5 Bytes JMP 002C0600
.text C:\WINDOWS\system32\svchost.exe[1396] USER32.dll!SetWinEventHook 7E4317F7 5 Bytes JMP 002C01F8
.text C:\WINDOWS\system32\svchost.exe[1396] USER32.dll!UnhookWinEvent 7E4318AC 5 Bytes JMP 002C03FC
.text C:\WINDOWS\System32\svchost.exe[1484] ntdll.dll!LdrLoadDll 7C91632D 5 Bytes JMP 000901F8
.text C:\WINDOWS\System32\svchost.exe[1484] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62]
.text C:\WINDOWS\System32\svchost.exe[1484] ntdll.dll!LdrUnloadDll 7C9171CD 5 Bytes JMP 000903FC
.text C:\WINDOWS\System32\svchost.exe[1484] kernel32.dll!GetBinaryTypeW + 80 7C868D8C 1 Byte [62]
.text C:\WINDOWS\System32\svchost.exe[1484] ADVAPI32.dll!SetServiceObjectSecurity 77E36D81 5 Bytes JMP 002B1014
.text C:\WINDOWS\System32\svchost.exe[1484] ADVAPI32.dll!ChangeServiceConfigA 77E36E69 5 Bytes JMP 002B0804
.text C:\WINDOWS\System32\svchost.exe[1484] ADVAPI32.dll!ChangeServiceConfigW 77E37001 5 Bytes JMP 002B0A08
.text C:\WINDOWS\System32\svchost.exe[1484] ADVAPI32.dll!ChangeServiceConfig2A 77E37101 5 Bytes JMP 002B0C0C
.text C:\WINDOWS\System32\svchost.exe[1484] ADVAPI32.dll!ChangeServiceConfig2W 77E37189 5 Bytes JMP 002B0E10
.text C:\WINDOWS\System32\svchost.exe[1484] ADVAPI32.dll!CreateServiceA 77E37211 5 Bytes JMP 002B01F8
.text C:\WINDOWS\System32\svchost.exe[1484] ADVAPI32.dll!CreateServiceW 77E373A9 5 Bytes JMP 002B03FC
.text C:\WINDOWS\System32\svchost.exe[1484] ADVAPI32.dll!DeleteService 77E374B1 5 Bytes JMP 002B0600
.text C:\WINDOWS\System32\svchost.exe[1484] USER32.dll!SetWindowsHookExW 7E42820F 5 Bytes JMP 002C0804
.text C:\WINDOWS\System32\svchost.exe[1484] USER32.dll!UnhookWindowsHookEx 7E42D5F3 5 Bytes JMP 002C0A08
.text C:\WINDOWS\System32\svchost.exe[1484] USER32.dll!SetWindowsHookExA 7E431211 5 Bytes JMP 002C0600
.text C:\WINDOWS\System32\svchost.exe[1484] USER32.dll!SetWinEventHook 7E4317F7 5 Bytes JMP 002C01F8
.text C:\WINDOWS\System32\svchost.exe[1484] USER32.dll!UnhookWinEvent 7E4318AC 5 Bytes JMP 002C03FC
.text C:\Program Files\IDrive\IDriveE Service.exe[1492] ntdll.dll!LdrLoadDll 7C91632D 5 Bytes JMP 001401F8
.text C:\Program Files\IDrive\IDriveE Service.exe[1492] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62]
.text C:\Program Files\IDrive\IDriveE Service.exe[1492] ntdll.dll!LdrUnloadDll 7C9171CD 5 Bytes JMP 001403FC
.text C:\Program Files\IDrive\IDriveE Service.exe[1492] kernel32.dll!GetBinaryTypeW + 80 7C868D8C 1 Byte [62]
.text C:\Program Files\IDrive\IDriveE Service.exe[1492] ADVAPI32.dll!SetServiceObjectSecurity 77E36D81 5 Bytes JMP 00381014
.text C:\Program Files\IDrive\IDriveE Service.exe[1492] ADVAPI32.dll!ChangeServiceConfigA 77E36E69 5 Bytes JMP 00380804
.text C:\Program Files\IDrive\IDriveE Service.exe[1492] ADVAPI32.dll!ChangeServiceConfigW 77E37001 5 Bytes JMP 00380A08
.text C:\Program Files\IDrive\IDriveE Service.exe[1492] ADVAPI32.dll!ChangeServiceConfig2A 77E37101 5 Bytes JMP 00380C0C
.text C:\Program Files\IDrive\IDriveE Service.exe[1492] ADVAPI32.dll!ChangeServiceConfig2W 77E37189 5 Bytes JMP 00380E10
.text C:\Program Files\IDrive\IDriveE Service.exe[1492] ADVAPI32.dll!CreateServiceA 77E37211 5 Bytes JMP 003801F8
.text C:\Program Files\IDrive\IDriveE Service.exe[1492] ADVAPI32.dll!CreateServiceW 77E373A9 5 Bytes JMP 003803FC
.text C:\Program Files\IDrive\IDriveE Service.exe[1492] ADVAPI32.dll!DeleteService 77E374B1 5 Bytes JMP 00380600
.text C:\Program Files\IDrive\IDriveE Service.exe[1492] USER32.dll!SetWindowsHookExW 7E42820F 5 Bytes JMP 00390804
.text C:\Program Files\IDrive\IDriveE Service.exe[1492] USER32.dll!UnhookWindowsHookEx 7E42D5F3 5 Bytes JMP 00390A08
.text C:\Program Files\IDrive\IDriveE Service.exe[1492] USER32.dll!SetWindowsHookExA 7E431211 5 Bytes JMP 00390600
.text C:\Program Files\IDrive\IDriveE Service.exe[1492] USER32.dll!SetWinEventHook 7E4317F7 5 Bytes JMP 003901F8
.text C:\Program Files\IDrive\IDriveE Service.exe[1492] USER32.dll!UnhookWinEvent 7E4318AC 5 Bytes JMP 003903FC
.text C:\WINDOWS\System32\svchost.exe[1516] ntdll.dll!LdrLoadDll 7C91632D 5 Bytes JMP 000901F8
.text C:\WINDOWS\System32\svchost.exe[1516] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62]
.text C:\WINDOWS\System32\svchost.exe[1516] ntdll.dll!LdrUnloadDll 7C9171CD 5 Bytes JMP 000903FC
.text C:\WINDOWS\System32\svchost.exe[1516] kernel32.dll!GetBinaryTypeW + 80 7C868D8C 1 Byte [62]
.text C:\WINDOWS\System32\svchost.exe[1516] ADVAPI32.dll!SetServiceObjectSecurity 77E36D81 5 Bytes JMP 002B1014
.text C:\WINDOWS\System32\svchost.exe[1516] ADVAPI32.dll!ChangeServiceConfigA 77E36E69 5 Bytes JMP 002B0804
.text C:\WINDOWS\System32\svchost.exe[1516] ADVAPI32.dll!ChangeServiceConfigW 77E37001 5 Bytes JMP 002B0A08
.text C:\WINDOWS\System32\svchost.exe[1516] ADVAPI32.dll!ChangeServiceConfig2A 77E37101 5 Bytes JMP 002B0C0C
.text C:\WINDOWS\System32\svchost.exe[1516] ADVAPI32.dll!ChangeServiceConfig2W 77E37189 5 Bytes JMP 002B0E10
.text C:\WINDOWS\System32\svchost.exe[1516] ADVAPI32.dll!CreateServiceA 77E37211 5 Bytes JMP 002B01F8
.text C:\WINDOWS\System32\svchost.exe[1516] ADVAPI32.dll!CreateServiceW 77E373A9 5 Bytes JMP 002B03FC
.text C:\WINDOWS\System32\svchost.exe[1516] ADVAPI32.dll!DeleteService 77E374B1 5 Bytes JMP 002B0600
.text C:\WINDOWS\System32\svchost.exe[1516] USER32.dll!SetWindowsHookExW 7E42820F 5 Bytes JMP 002C0804
.text C:\WINDOWS\System32\svchost.exe[1516] USER32.dll!UnhookWindowsHookEx 7E42D5F3 5 Bytes JMP 002C0A08
.text C:\WINDOWS\System32\svchost.exe[1516] USER32.dll!SetWindowsHookExA 7E431211 5 Bytes JMP 002C0600
.text C:\WINDOWS\System32\svchost.exe[1516] USER32.dll!SetWinEventHook 7E4317F7 5 Bytes JMP 002C01F8
.text C:\WINDOWS\System32\svchost.exe[1516] USER32.dll!UnhookWinEvent 7E4318AC 5 Bytes JMP 002C03FC
.text C:\WINDOWS\System32\inetsrv\inetinfo.exe[1584] ntdll.dll!LdrLoadDll 7C91632D 5 Bytes JMP 000801F8
.text C:\WINDOWS\System32\inetsrv\inetinfo.exe[1584] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62]
.text C:\WINDOWS\System32\inetsrv\inetinfo.exe[1584] ntdll.dll!LdrUnloadDll 7C9171CD 5 Bytes JMP 000803FC
.text C:\WINDOWS\System32\inetsrv\inetinfo.exe[1584] kernel32.dll!GetBinaryTypeW + 80 7C868D8C 1 Byte [62]
.text C:\WINDOWS\System32\inetsrv\inetinfo.exe[1584] ADVAPI32.dll!SetServiceObjectSecurity 77E36D81 5 Bytes JMP 002C1014
.text C:\WINDOWS\System32\inetsrv\inetinfo.exe[1584] ADVAPI32.dll!ChangeServiceConfigA 77E36E69 5 Bytes JMP 002C0804
.text C:\WINDOWS\System32\inetsrv\inetinfo.exe[1584] ADVAPI32.dll!ChangeServiceConfigW 77E37001 5 Bytes JMP 002C0A08
.text C:\WINDOWS\System32\inetsrv\inetinfo.exe[1584] ADVAPI32.dll!ChangeServiceConfig2A 77E37101 5 Bytes JMP 002C0C0C
.text C:\WINDOWS\System32\inetsrv\inetinfo.exe[1584] ADVAPI32.dll!ChangeServiceConfig2W 77E37189 5 Bytes JMP 002C0E10
.text C:\WINDOWS\System32\inetsrv\inetinfo.exe[1584] ADVAPI32.dll!CreateServiceA 77E37211 5 Bytes JMP 002C01F8
.text C:\WINDOWS\System32\inetsrv\inetinfo.exe[1584] ADVAPI32.dll!CreateServiceW 77E373A9 5 Bytes JMP 002C03FC
.text C:\WINDOWS\System32\inetsrv\inetinfo.exe[1584] ADVAPI32.dll!DeleteService 77E374B1 5 Bytes JMP 002C0600
.text C:\WINDOWS\System32\inetsrv\inetinfo.exe[1584] USER32.dll!SetWindowsHookExW 7E42820F 5 Bytes JMP 002D0804
.text C:\WINDOWS\System32\inetsrv\inetinfo.exe[1584] USER32.dll!UnhookWindowsHookEx 7E42D5F3 5 Bytes JMP 002D0A08
.text C:\WINDOWS\System32\inetsrv\inetinfo.exe[1584] USER32.dll!SetWindowsHookExA 7E431211 5 Bytes JMP 002D0600
.text C:\WINDOWS\System32\inetsrv\inetinfo.exe[1584] USER32.dll!SetWinEventHook 7E4317F7 5 Bytes JMP 002D01F8
.text C:\WINDOWS\System32\inetsrv\inetinfo.exe[1584] USER32.dll!UnhookWinEvent 7E4318AC 5 Bytes JMP 002D03FC
.text C:\Program Files\Alwil Software\Avast5\AvastSvc.exe[1772] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62]
.text C:\Program Files\Alwil Software\Avast5\AvastSvc.exe[1772] kernel32.dll!SetUnhandledExceptionFilter 7C84495D 4 Bytes [C2, 04, 00, 90] {RET 0x4; NOP }
.text C:\Program Files\Alwil Software\Avast5\AvastSvc.exe[1772] kernel32.dll!GetBinaryTypeW + 80 7C868D8C 1 Byte [62]
.text C:\WINDOWS\System32\svchost.exe[1804] ntdll.dll!LdrLoadDll 7C91632D 5 Bytes JMP 000901F8
.text C:\WINDOWS\System32\svchost.exe[1804] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62]
.text C:\WINDOWS\System32\svchost.exe[1804] ntdll.dll!LdrUnloadDll 7C9171CD 5 Bytes JMP 000903FC
.text C:\WINDOWS\System32\svchost.exe[1804] kernel32.dll!GetBinaryTypeW + 80 7C868D8C 1 Byte [62]
.text C:\WINDOWS\System32\svchost.exe[1804] ADVAPI32.dll!SetServiceObjectSecurity 77E36D81 5 Bytes JMP 002B1014
.text C:\WINDOWS\System32\svchost.exe[1804] ADVAPI32.dll!ChangeServiceConfigA 77E36E69 5 Bytes JMP 002B0804
.text C:\WINDOWS\System32\svchost.exe[1804] ADVAPI32.dll!ChangeServiceConfigW 77E37001 5 Bytes JMP 002B0A08
.text C:\WINDOWS\System32\svchost.exe[1804] ADVAPI32.dll!ChangeServiceConfig2A 77E37101 5 Bytes JMP 002B0C0C
.text C:\WINDOWS\System32\svchost.exe[1804] ADVAPI32.dll!ChangeServiceConfig2W 77E37189 5 Bytes JMP 002B0E10
.text C:\WINDOWS\System32\svchost.exe[1804] ADVAPI32.dll!CreateServiceA 77E37211 5 Bytes JMP 002B01F8
.text C:\WINDOWS\System32\svchost.exe[1804] ADVAPI32.dll!CreateServiceW 77E373A9 5 Bytes JMP 002B03FC
.text C:\WINDOWS\System32\svchost.exe[1804] ADVAPI32.dll!DeleteService 77E374B1 5 Bytes JMP 002B0600
.text C:\WINDOWS\System32\svchost.exe[1804] USER32.dll!SetWindowsHookExW 7E42820F 5 Bytes JMP 002C0804
.text C:\WINDOWS\System32\svchost.exe[1804] USER32.dll!UnhookWindowsHookEx 7E42D5F3 5 Bytes JMP 002C0A08
.text C:\WINDOWS\System32\svchost.exe[1804] USER32.dll!SetWindowsHookExA 7E431211 5 Bytes JMP 002C0600
.text C:\WINDOWS\System32\svchost.exe[1804] USER32.dll!SetWinEventHook 7E4317F7 5 Bytes JMP 002C01F8
.text C:\WINDOWS\System32\svchost.exe[1804] USER32.dll!UnhookWinEvent 7E4318AC 5 Bytes JMP 002C03FC
.text C:\WINDOWS\system32\BRMFRSMG.EXE[1812] ntdll.dll!LdrLoadDll 7C91632D 5 Bytes JMP 000801F8
.text C:\WINDOWS\system32\BRMFRSMG.EXE[1812] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62]
.text C:\WINDOWS\system32\BRMFRSMG.EXE[1812] ntdll.dll!LdrUnloadDll 7C9171CD 5 Bytes JMP 000803FC
.text C:\WINDOWS\system32\BRMFRSMG.EXE[1812] kernel32.dll!GetBinaryTypeW + 80 7C868D8C 1 Byte [62]
.text C:\WINDOWS\system32\BRMFRSMG.EXE[1812] ADVAPI32.dll!SetServiceObjectSecurity 77E36D81 5 Bytes JMP 002C1014
.text C:\WINDOWS\system32\BRMFRSMG.EXE[1812] ADVAPI32.dll!ChangeServiceConfigA 77E36E69 5 Bytes JMP 002C0804
.text C:\WINDOWS\system32\BRMFRSMG.EXE[1812] ADVAPI32.dll!ChangeServiceConfigW 77E37001 5 Bytes JMP 002C0A08
.text C:\WINDOWS\system32\BRMFRSMG.EXE[1812] ADVAPI32.dll!ChangeServiceConfig2A 77E37101 5 Bytes JMP 002C0C0C
.text C:\WINDOWS\system32\BRMFRSMG.EXE[1812] ADVAPI32.dll!ChangeServiceConfig2W 77E37189 5 Bytes JMP 002C0E10
.text C:\WINDOWS\system32\BRMFRSMG.EXE[1812] ADVAPI32.dll!CreateServiceA 77E37211 5 Bytes JMP 002C01F8
.text C:\WINDOWS\system32\BRMFRSMG.EXE[1812] ADVAPI32.dll!CreateServiceW 77E373A9 5 Bytes JMP 002C03FC
.text C:\WINDOWS\system32\BRMFRSMG.EXE[1812] ADVAPI32.dll!DeleteService 77E374B1 5 Bytes JMP 002C0600
.text C:\WINDOWS\system32\BRMFRSMG.EXE[1812] USER32.dll!SetWindowsHookExW 7E42820F 5 Bytes JMP 002D0804
.text C:\WINDOWS\system32\BRMFRSMG.EXE[1812] USER32.dll!UnhookWindowsHookEx 7E42D5F3 5 Bytes JMP 002D0A08
.text C:\WINDOWS\system32\BRMFRSMG.EXE[1812] USER32.dll!SetWindowsHookExA 7E431211 5 Bytes JMP 002D0600
.text C:\WINDOWS\system32\BRMFRSMG.EXE[1812] USER32.dll!SetWinEventHook 7E4317F7 5 Bytes JMP 002D01F8
.text C:\WINDOWS\system32\BRMFRSMG.EXE[1812] USER32.dll!UnhookWinEvent 7E4318AC 5 Bytes JMP 002D03FC
.text C:\Program Files\Bonjour\mDNSResponder.exe[1816] ntdll.dll!LdrLoadDll 7C91632D 5 Bytes JMP 001501F8
.text C:\Program Files\Bonjour\mDNSResponder.exe[1816] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62]
.text C:\Program Files\Bonjour\mDNSResponder.exe[1816] ntdll.dll!LdrUnloadDll 7C9171CD 5 Bytes JMP 001503FC
.text C:\Program Files\Bonjour\mDNSResponder.exe[1816] kernel32.dll!GetBinaryTypeW + 80 7C868D8C 1 Byte [62]
.text C:\Program Files\Bonjour\mDNSResponder.exe[1816] ADVAPI32.dll!SetServiceObjectSecurity 77E36D81 5 Bytes JMP 00391014
.text C:\Program Files\Bonjour\mDNSResponder.exe[1816] ADVAPI32.dll!ChangeServiceConfigA 77E36E69 5 Bytes JMP 00390804
.text C:\Program Files\Bonjour\mDNSResponder.exe[1816] ADVAPI32.dll!ChangeServiceConfigW 77E37001 5 Bytes JMP 00390A08
.text C:\Program Files\Bonjour\mDNSResponder.exe[1816] ADVAPI32.dll!ChangeServiceConfig2A 77E37101 5 Bytes JMP 00390C0C
.text C:\Program Files\Bonjour\mDNSResponder.exe[1816] ADVAPI32.dll!ChangeServiceConfig2W 77E37189 5 Bytes JMP 00390E10
.text C:\Program Files\Bonjour\mDNSResponder.exe[1816] ADVAPI32.dll!CreateServiceA 77E37211 5 Bytes JMP 003901F8
.text C:\Program Files\Bonjour\mDNSResponder.exe[1816] ADVAPI32.dll!CreateServiceW 77E373A9 5 Bytes JMP 003903FC
.text C:\Program Files\Bonjour\mDNSResponder.exe[1816] ADVAPI32.dll!DeleteService 77E374B1 5 Bytes JMP 00390600
.text C:\Program Files\Bonjour\mDNSResponder.exe[1816] USER32.dll!SetWindowsHookExW 7E42820F 5 Bytes JMP 003A0804
.text C:\Program Files\Bonjour\mDNSResponder.exe[1816] USER32.dll!UnhookWindowsHookEx 7E42D5F3 5 Bytes JMP 003A0A08
.text C:\Program Files\Bonjour\mDNSResponder.exe[1816] USER32.dll!SetWindowsHookExA 7E431211 5 Bytes JMP 003A0600
.text C:\Program Files\Bonjour\mDNSResponder.exe[1816] USER32.dll!SetWinEventHook 7E4317F7 5 Bytes JMP 003A01F8
.text C:\Program Files\Bonjour\mDNSResponder.exe[1816] USER32.dll!UnhookWinEvent 7E4318AC 5 Bytes JMP 003A03FC
.text C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe[1848] ntdll.dll!LdrLoadDll 7C91632D 5 Bytes JMP 001501F8
.text C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe[1848] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62]
.text C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe[1848] ntdll.dll!LdrUnloadDll 7C9171CD 5 Bytes JMP 001503FC
.text C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe[1848] kernel32.dll!GetBinaryTypeW + 80 7C868D8C 1 Byte [62]
.text C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe[1848] ADVAPI32.dll!SetServiceObjectSecurity 77E36D81 5 Bytes JMP 00391014
.text C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe[1848] ADVAPI32.dll!ChangeServiceConfigA 77E36E69 5 Bytes JMP 00390804
.text C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe[1848] ADVAPI32.dll!ChangeServiceConfigW 77E37001 5 Bytes JMP 00390A08
.text C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe[1848] ADVAPI32.dll!ChangeServiceConfig2A 77E37101 5 Bytes JMP 00390C0C
.text C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe[1848] ADVAPI32.dll!ChangeServiceConfig2W 77E37189 5 Bytes JMP 00390E10
.text C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe[1848] ADVAPI32.dll!CreateServiceA 77E37211 5 Bytes JMP 003901F8
.text C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe[1848] ADVAPI32.dll!CreateServiceW 77E373A9 5 Bytes JMP 003903FC
.text C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe[1848] ADVAPI32.dll!DeleteService 77E374B1 5 Bytes JMP 00390600
.text C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe[1848] USER32.dll!SetWindowsHookExW 7E42820F 5 Bytes JMP 003A0804
.text C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe[1848] USER32.dll!UnhookWindowsHookEx 7E42D5F3 5 Bytes JMP 003A0A08
.text C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe[1848] USER32.dll!SetWindowsHookExA 7E431211 5 Bytes JMP 003A0600
.text C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe[1848] USER32.dll!SetWinEventHook 7E4317F7 5 Bytes JMP 003A01F8
.text C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe[1848] USER32.dll!UnhookWinEvent 7E4318AC 5 Bytes JMP 003A03FC
.text C:\WINDOWS\system32\Ati2evxx.exe[1912] ntdll.dll!LdrLoadDll 7C91632D 5 Bytes JMP 001401F8
.text C:\WINDOWS\system32\Ati2evxx.exe[1912] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62]
.text C:\WINDOWS\system32\Ati2evxx.exe[1912] ntdll.dll!LdrUnloadDll 7C9171CD 5 Bytes JMP 001403FC
.text C:\WINDOWS\system32\Ati2evxx.exe[1912] kernel32.dll!GetBinaryTypeW + 80 7C868D8C 1 Byte [62]
.text C:\WINDOWS\system32\Ati2evxx.exe[1912] USER32.dll!SetWindowsHookExW 7E42820F 5 Bytes JMP 00380804
.text C:\WINDOWS\system32\Ati2evxx.exe[1912] USER32.dll!UnhookWindowsHookEx 7E42D5F3 5 Bytes JMP 00380A08
.text C:\WINDOWS\system32\Ati2evxx.exe[1912] USER32.dll!SetWindowsHookExA 7E431211 5 Bytes JMP 00380600
.text C:\WINDOWS\system32\Ati2evxx.exe[1912] USER32.dll!SetWinEventHook 7E4317F7 5 Bytes JMP 003801F8
.text C:\WINDOWS\system32\Ati2evxx.exe[1912] USER32.dll!UnhookWinEvent 7E4318AC 5 Bytes JMP 003803FC
.text C:\WINDOWS\system32\Ati2evxx.exe[1912] ADVAPI32.dll!SetServiceObjectSecurity 77E36D81 5 Bytes JMP 00391014
.text C:\WINDOWS\system32\Ati2evxx.exe[1912] ADVAPI32.dll!ChangeServiceConfigA 77E36E69 5 Bytes JMP 00390804
.text C:\WINDOWS\system32\Ati2evxx.exe[1912] ADVAPI32.dll!ChangeServiceConfigW 77E37001 5 Bytes JMP 00390A08
.text C:\WINDOWS\system32\Ati2evxx.exe[1912] ADVAPI32.dll!ChangeServiceConfig2A 77E37101 5 Bytes JMP 00390C0C
.text C:\WINDOWS\system32\Ati2evxx.exe[1912] ADVAPI32.dll!ChangeServiceConfig2W 77E37189 5 Bytes JMP 00390E10
.text C:\WINDOWS\system32\Ati2evxx.exe[1912] ADVAPI32.dll!CreateServiceA 77E37211 5 Bytes JMP 003901F8
.text C:\WINDOWS\system32\Ati2evxx.exe[1912] ADVAPI32.dll!CreateServiceW 77E373A9 5 Bytes JMP 003903FC
.text C:\WINDOWS\system32\Ati2evxx.exe[1912] ADVAPI32.dll!DeleteService 77E374B1 5 Bytes JMP 00390600
.text C:\WINDOWS\Explorer.EXE[2016] ntdll.dll!LdrLoadDll 7C91632D 5 Bytes JMP 000901F8
.text C:\WINDOWS\Explorer.EXE[2016] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62]
.text C:\WINDOWS\Explorer.EXE[2016] ntdll.dll!LdrUnloadDll 7C9171CD 5 Bytes JMP 000903FC
.text C:\WINDOWS\Explorer.EXE[2016] kernel32.dll!GetBinaryTypeW + 80 7C868D8C 1 Byte [62]
.text C:\WINDOWS\Explorer.EXE[2016] ADVAPI32.dll!SetServiceObjectSecurity 77E36D81 5 Bytes JMP 002C1014
.text C:\WINDOWS\Explorer.EXE[2016] ADVAPI32.dll!ChangeServiceConfigA 77E36E69 5 Bytes JMP 002C0804
.text C:\WINDOWS\Explorer.EXE[2016] ADVAPI32.dll!ChangeServiceConfigW 77E37001 5 Bytes JMP 002C0A08
.text C:\WINDOWS\Explorer.EXE[2016] ADVAPI32.dll!ChangeServiceConfig2A 77E37101 5 Bytes JMP 002C0C0C
.text C:\WINDOWS\Explorer.EXE[2016] ADVAPI32.dll!ChangeServiceConfig2W 77E37189 5 Bytes JMP 002C0E10
.text C:\WINDOWS\Explorer.EXE[2016] ADVAPI32.dll!CreateServiceA 77E37211 5 Bytes JMP 002C01F8
.text C:\WINDOWS\Explorer.EXE[2016] ADVAPI32.dll!CreateServiceW 77E373A9 5 Bytes JMP 002C03FC
.text C:\WINDOWS\Explorer.EXE[2016] ADVAPI32.dll!DeleteService 77E374B1 5 Bytes JMP 002C0600
.text C:\WINDOWS\Explorer.EXE[2016] USER32.dll!SetWindowsHookExW 7E42820F 5 Bytes JMP 002D0804
.text C:\WINDOWS\Explorer.EXE[2016] USER32.dll!UnhookWindowsHookEx 7E42D5F3 5 Bytes JMP 002D0A08
.text C:\WINDOWS\Explorer.EXE[2016] USER32.dll!SetWindowsHookExA 7E431211 5 Bytes JMP 002D0600
.text C:\WINDOWS\Explorer.EXE[2016] USER32.dll!SetWinEventHook 7E4317F7 5 Bytes JMP 002D01F8
.text C:\WINDOWS\Explorer.EXE[2016] USER32.dll!UnhookWinEvent 7E4318AC 5 Bytes JMP 002D03FC
.text C:\Program Files\Java\jre6\bin\jqs.exe[2080] ntdll.dll!LdrLoadDll 7C91632D 5 Bytes JMP 001501F8
.text C:\Program Files\Java\jre6\bin\jqs.exe[2080] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62]
.text C:\Program Files\Java\jre6\bin\jqs.exe[2080] ntdll.dll!LdrUnloadDll 7C9171CD 5 Bytes JMP 001503FC
.text C:\Program Files\Java\jre6\bin\jqs.exe[2080] kernel32.dll!GetBinaryTypeW + 80 7C868D8C 1 Byte [62]
.text C:\Program Files\Java\jre6\bin\jqs.exe[2080] ADVAPI32.dll!SetServiceObjectSecurity 77E36D81 5 Bytes JMP 00391014
.text C:\Program Files\Java\jre6\bin\jqs.exe[2080] ADVAPI32.dll!ChangeServiceConfigA 77E36E69 5 Bytes JMP 00390804
.text C:\Program Files\Java\jre6\bin\jqs.exe[2080] ADVAPI32.dll!ChangeServiceConfigW 77E37001 5 Bytes JMP 00390A08
.text C:\Program Files\Java\jre6\bin\jqs.exe[2080] ADVAPI32.dll!ChangeServiceConfig2A 77E37101 5 Bytes JMP 00390C0C
.text C:\Program Files\Java\jre6\bin\jqs.exe[2080] ADVAPI32.dll!ChangeServiceConfig2W 77E37189 5 Bytes JMP 00390E10
.text C:\Program Files\Java\jre6\bin\jqs.exe[2080] ADVAPI32.dll!CreateServiceA 77E37211 5 Bytes JMP 003901F8
.text C:\Program Files\Java\jre6\bin\jqs.exe[2080] ADVAPI32.dll!CreateServiceW 77E373A9 5 Bytes JMP 003903FC
.text C:\Program Files\Java\jre6\bin\jqs.exe[2080] ADVAPI32.dll!DeleteService 77E374B1 5 Bytes JMP 00390600
.text C:\Program Files\Java\jre6\bin\jqs.exe[2080] USER32.dll!SetWindowsHookExW 7E42820F 5 Bytes JMP 003A0804
.text C:\Program Files\Java\jre6\bin\jqs.exe[2080] USER32.dll!UnhookWindowsHookEx 7E42D5F3 5 Bytes JMP 003A0A08
.text C:\Program Files\Java\jre6\bin\jqs.exe[2080] USER32.dll!SetWindowsHookExA 7E431211 5 Bytes JMP 003A0600
.text C:\Program Files\Java\jre6\bin\jqs.exe[2080] USER32.dll!SetWinEventHook 7E4317F7 5 Bytes JMP 003A01F8
.text C:\Program Files\Java\jre6\bin\jqs.exe[2080] USER32.dll!UnhookWinEvent 7E4318AC 5 Bytes JMP 003A03FC
.text C:\Program Files\LogMeIn\x86\RaMaint.exe[2124] ntdll.dll!LdrLoadDll 7C91632D 5 Bytes JMP 001501F8
.text C:\Program Files\LogMeIn\x86\RaMaint.exe[2124] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62]
.text C:\Program Files\LogMeIn\x86\RaMaint.exe[2124] ntdll.dll!LdrUnloadDll 7C9171CD 5 Bytes JMP 001503FC
.text C:\Program Files\LogMeIn\x86\RaMaint.exe[2124] kernel32.dll!GetBinaryTypeW + 80 7C868D8C 1 Byte [62]
.text C:\Program Files\LogMeIn\x86\RaMaint.exe[2124] ADVAPI32.dll!SetServiceObjectSecurity 77E36D81 5 Bytes JMP 00391014
.text C:\Program Files\LogMeIn\x86\RaMaint.exe[2124] ADVAPI32.dll!ChangeServiceConfigA 77E36E69 5 Bytes JMP 00390804
.text C:\Program Files\LogMeIn\x86\RaMaint.exe[2124] ADVAPI32.dll!ChangeServiceConfigW 77E37001 5 Bytes JMP 00390A08
.text C:\Program Files\LogMeIn\x86\RaMaint.exe[2124] ADVAPI32.dll!ChangeServiceConfig2A 77E37101 5 Bytes JMP 00390C0C
.text C:\Program Files\LogMeIn\x86\RaMaint.exe[2124] ADVAPI32.dll!ChangeServiceConfig2W 77E37189 5 Bytes JMP 00390E10
.text C:\Program Files\LogMeIn\x86\RaMaint.exe[2124] ADVAPI32.dll!CreateServiceA 77E37211 5 Bytes JMP 003901F8
.text C:\Program Files\LogMeIn\x86\RaMaint.exe[2124] ADVAPI32.dll!CreateServiceW 77E373A9 5 Bytes JMP 003903FC
.text C:\Program Files\LogMeIn\x86\RaMaint.exe[2124] ADVAPI32.dll!DeleteService 77E374B1 5 Bytes JMP 00390600
.text C:\Program Files\LogMeIn\x86\RaMaint.exe[2124] USER32.dll!SetWindowsHookExW 7E42820F 5 Bytes JMP 003A0804
.text C:\Program Files\LogMeIn\x86\RaMaint.exe[2124] USER32.dll!UnhookWindowsHookEx 7E42D5F3 5 Bytes JMP 003A0A08
.text C:\Program Files\LogMeIn\x86\RaMaint.exe[2124] USER32.dll!SetWindowsHookExA 7E431211 5 Bytes JMP 003A0600
.text C:\Program Files\LogMeIn\x86\RaMaint.exe[2124] USER32.dll!SetWinEventHook 7E4317F7 5 Bytes JMP 003A01F8
.text C:\Program Files\LogMeIn\x86\RaMaint.exe[2124] USER32.dll!UnhookWinEvent 7E4318AC 5 Bytes JMP 003A03FC
.text C:\Program Files\IDrive\IDriveEClsClient.exe[2304] ntdll.dll!LdrLoadDll 7C91632D 5 Bytes JMP 001501F8
.text C:\Program Files\IDrive\IDriveEClsClient.exe[2304] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62]
.text C:\Program Files\IDrive\IDriveEClsClient.exe[2304] ntdll.dll!LdrUnloadDll 7C9171CD 5 Bytes JMP 001503FC
.text C:\Program Files\IDrive\IDriveEClsClient.exe[2304] kernel32.dll!GetBinaryTypeW + 80 7C868D8C 1 Byte [62]
.text C:\Program Files\IDrive\IDriveEClsClient.exe[2304] ADVAPI32.dll!SetServiceObjectSecurity 77E36D81 5 Bytes JMP 006E1014
.text C:\Program Files\IDrive\IDriveEClsClient.exe[2304] ADVAPI32.dll!ChangeServiceConfigA 77E36E69 5 Bytes JMP 006E0804
.text C:\Program Files\IDrive\IDriveEClsClient.exe[2304] ADVAPI32.dll!ChangeServiceConfigW 77E37001 5 Bytes JMP 006E0A08
.text C:\Program Files\IDrive\IDriveEClsClient.exe[2304] ADVAPI32.dll!ChangeServiceConfig2A 77E37101 5 Bytes JMP 006E0C0C
.text C:\Program Files\IDrive\IDriveEClsClient.exe[2304] ADVAPI32.dll!ChangeServiceConfig2W 77E37189 5 Bytes JMP 006E0E10
.text C:\Program Files\IDrive\IDriveEClsClient.exe[2304] ADVAPI32.dll!CreateServiceA 77E37211 5 Bytes JMP 006E01F8
.text C:\Program Files\IDrive\IDriveEClsClient.exe[2304] ADVAPI32.dll!CreateServiceW 77E373A9 5 Bytes JMP 006E03FC
.text C:\Program Files\IDrive\IDriveEClsClient.exe[2304] ADVAPI32.dll!DeleteService 77E374B1 5 Bytes JMP 006E0600
.text C:\Program Files\IDrive\IDriveEClsClient.exe[2304] USER32.dll!SetWindowsHookExW 7E42820F 5 Bytes JMP 006F0804
.text C:\Program Files\IDrive\IDriveEClsClient.exe[2304] USER32.dll!UnhookWindowsHookEx 7E42D5F3 5 Bytes JMP 006F0A08
.text C:\Program Files\IDrive\IDriveEClsClient.exe[2304] USER32.dll!SetWindowsHookExA 7E431211 5 Bytes JMP 006F0600
.text C:\Program Files\IDrive\IDriveEClsClient.exe[2304] USER32.dll!SetWinEventHook 7E4317F7 5 Bytes JMP 006F01F8
.text C:\Program Files\IDrive\IDriveEClsClient.exe[2304] USER32.dll!UnhookWinEvent 7E4318AC 5 Bytes JMP 006F03FC
.text C:\Program Files\LogMeIn\x86\LogMeIn.exe[2320] ntdll.dll!LdrLoadDll 7C91632D 5 Bytes JMP 001501F8
.text C:\Program Files\LogMeIn\x86\LogMeIn.exe[2320] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62]
.text C:\Program Files\LogMeIn\x86\LogMeIn.exe[2320] ntdll.dll!LdrUnloadDll 7C9171CD 5 Bytes JMP 001503FC
.text C:\Program Files\LogMeIn\x86\LogMeIn.exe[2320] kernel32.dll!GetBinaryTypeW + 80 7C868D8C 1 Byte [62]
.text C:\Program Files\LogMeIn\x86\LogMeIn.exe[2320] ADVAPI32.dll!SetServiceObjectSecurity 77E36D81 5 Bytes JMP 003B1014
.text C:\Program Files\LogMeIn\x86\LogMeIn.exe[2320] ADVAPI32.dll!ChangeServiceConfigA 77E36E69 5 Bytes JMP 003B0804
.text C:\Program Files\LogMeIn\x86\LogMeIn.exe[2320] ADVAPI32.dll!ChangeServiceConfigW 77E37001 5 Bytes JMP 003B0A08
.text C:\Program Files\LogMeIn\x86\LogMeIn.exe[2320] ADVAPI32.dll!ChangeServiceConfig2A 77E37101 5 Bytes JMP 003B0C0C
.text C:\Program Files\LogMeIn\x86\LogMeIn.exe[2320] ADVAPI32.dll!ChangeServiceConfig2W 77E37189 5 Bytes JMP 003B0E10
.text C:\Program Files\LogMeIn\x86\LogMeIn.exe[2320] ADVAPI32.dll!CreateServiceA 77E37211 5 Bytes JMP 003B01F8
.text C:\Program Files\LogMeIn\x86\LogMeIn.exe[2320] ADVAPI32.dll!CreateServiceW 77E373A9 5 Bytes JMP 003B03FC
.text C:\Program Files\LogMeIn\x86\LogMeIn.exe[2320] ADVAPI32.dll!DeleteService 77E374B1 5 Bytes JMP 003B0600
.text C:\Program Files\LogMeIn\x86\LogMeIn.exe[2320] USER32.dll!SetWindowsHookExW 7E42820F 5 Bytes JMP 003C0804
.text C:\Program Files\LogMeIn\x86\LogMeIn.exe[2320] USER32.dll!UnhookWindowsHookEx 7E42D5F3 5 Bytes JMP 003C0A08
.text C:\Program Files\LogMeIn\x86\LogMeIn.exe[2320] USER32.dll!SetWindowsHookExA 7E431211 5 Bytes JMP 003C0600
.text C:\Program Files\LogMeIn\x86\LogMeIn.exe[2320] USER32.dll!SetWinEventHook 7E4317F7 5 Bytes JMP 003C01F8
.text C:\Program Files\LogMeIn\x86\LogMeIn.exe[2320] USER32.dll!UnhookWinEvent 7E4318AC 5 Bytes JMP 003C03FC
.text C:\Program Files\LogMeIn\x86\LMIGuardian.exe[2384] ntdll.dll!LdrLoadDll 7C91632D 5 Bytes JMP 001501F8
.text C:\Program Files\LogMeIn\x86\LMIGuardian.exe[2384] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62]
.text C:\Program Files\LogMeIn\x86\LMIGuardian.exe[2384] ntdll.dll!LdrUnloadDll 7C9171CD 5 Bytes JMP 001503FC
.text C:\Program Files\LogMeIn\x86\LMIGuardian.exe[2384] kernel32.dll!GetBinaryTypeW + 80 7C868D8C 1 Byte [62]
.text C:\Program Files\LogMeIn\x86\LMIGuardian.exe[2384] ADVAPI32.dll!SetServiceObjectSecurity 77E36D81 5 Bytes JMP 00901014
.text C:\Program Files\LogMeIn\x86\LMIGuardian.exe[2384] ADVAPI32.dll!ChangeServiceConfigA 77E36E69 5 Bytes JMP 00900804
.text C:\Program Files\LogMeIn\x86\LMIGuardian.exe[2384] ADVAPI32.dll!ChangeServiceConfigW 77E37001 5 Bytes JMP 00900A08
.text C:\Program Files\LogMeIn\x86\LMIGuardian.exe[2384] ADVAPI32.dll!ChangeServiceConfig2A 77E37101 5 Bytes JMP 00900C0C
.text C:\Program Files\LogMeIn\x86\LMIGuardian.exe[2384] ADVAPI32.dll!ChangeServiceConfig2W 77E37189 5 Bytes JMP 00900E10
.text C:\Program Files\LogMeIn\x86\LMIGuardian.exe[2384] ADVAPI32.dll!CreateServiceA 77E37211 5 Bytes JMP 009001F8
.text C:\Program Files\LogMeIn\x86\LMIGuardian.exe[2384] ADVAPI32.dll!CreateServiceW 77E373A9 5 Bytes JMP 009003FC
.text C:\Program Files\LogMeIn\x86\LMIGuardian.exe[2384] ADVAPI32.dll!DeleteService 77E374B1 5 Bytes JMP 00900600
.text C:\Program Files\Motorola\MotoHelper\MotoHelperService.exe[2644] ntdll.dll!LdrLoadDll 7C91632D 5 Bytes JMP 001501F8
.text C:\Program Files\Motorola\MotoHelper\MotoHelperService.exe[2644] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62]
.text C:\Program Files\Motorola\MotoHelper\MotoHelperService.exe[2644] ntdll.dll!LdrUnloadDll 7C9171CD 5 Bytes JMP 001503FC
.text C:\Program Files\Motorola\MotoHelper\MotoHelperService.exe[2644] kernel32.dll!GetBinaryTypeW + 80 7C868D8C 1 Byte [62]
.text C:\Program Files\Motorola\MotoHelper\MotoHelperService.exe[2644] ADVAPI32.dll!SetServiceObjectSecurity 77E36D81 5 Bytes JMP 003A1014
.text C:\Program Files\Motorola\MotoHelper\MotoHelperService.exe[2644] ADVAPI32.dll!ChangeServiceConfigA 77E36E69 5 Bytes JMP 003A0804
.text C:\Program Files\Motorola\MotoHelper\MotoHelperService.exe[2644] ADVAPI32.dll!ChangeServiceConfigW 77E37001 5 Bytes JMP 003A0A08
.text C:\Program Files\Motorola\MotoHelper\MotoHelperService.exe[2644] ADVAPI32.dll!ChangeServiceConfig2A 77E37101 5 Bytes JMP 003A0C0C
.text C:\Program Files\Motorola\MotoHelper\MotoHelperService.exe[2644] ADVAPI32.dll!ChangeServiceConfig2W 77E37189 5 Bytes JMP 003A0E10
.text C:\Program Files\Motorola\MotoHelper\MotoHelperService.exe[2644] ADVAPI32.dll!CreateServiceA 77E37211 5 Bytes JMP 003A01F8
.text C:\Program Files\Motorola\MotoHelper\MotoHelperService.exe[2644] ADVAPI32.dll!CreateServiceW 77E373A9 5 Bytes JMP 003A03FC
.text C:\Program Files\Motorola\MotoHelper\MotoHelperService.exe[2644] ADVAPI32.dll!DeleteService 77E374B1 5 Bytes JMP 003A0600
.text C:\Program Files\Motorola\MotoHelper\MotoHelperService.exe[2644] USER32.dll!SetWindowsHookExW 7E42820F 5 Bytes JMP 003B0804
.text C:\Program Files\Motorola\MotoHelper\MotoHelperService.exe[2644] USER32.dll!UnhookWindowsHookEx 7E42D5F3 5 Bytes JMP 003B0A08
.text C:\Program Files\Motorola\MotoHelper\MotoHelperService.exe[2644] USER32.dll!SetWindowsHookExA 7E431211 5 Bytes JMP 003B0600
.text C:\Program Files\Motorola\MotoHelper\MotoHelperService.exe[2644] USER32.dll!SetWinEventHook 7E4317F7 5 Bytes JMP 003B01F8
.text C:\Program Files\Motorola\MotoHelper\MotoHelperService.exe[2644] USER32.dll!UnhookWinEvent 7E4318AC 5 Bytes JMP 003B03FC
.text C:\Program Files\LogMeIn\x86\LogMeInSystray.exe[2784] ntdll.dll!LdrLoadDll 7C91632D 5 Bytes JMP 001501F8
.text C:\Program Files\LogMeIn\x86\LogMeInSystray.exe[2784] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62]
.text C:\Program Files\LogMeIn\x86\LogMeInSystray.exe[2784] ntdll.dll!LdrUnloadDll 7C9171CD 5 Bytes JMP 001503FC
.text C:\Program Files\LogMeIn\x86\LogMeInSystray.exe[2784] kernel32.dll!GetBinaryTypeW + 80 7C868D8C 1 Byte [62]
.text C:\Program Files\LogMeIn\x86\LogMeInSystray.exe[2784] ADVAPI32.dll!SetServiceObjectSecurity 77E36D81 5 Bytes JMP 003D1014
.text C:\Program Files\LogMeIn\x86\LogMeInSystray.exe[2784] ADVAPI32.dll!ChangeServiceConfigA 77E36E69 5 Bytes JMP 003D0804
.text C:\Program Files\LogMeIn\x86\LogMeInSystray.exe[2784] ADVAPI32.dll!ChangeServiceConfigW 77E37001 5 Bytes JMP 003D0A08
.text C:\Program Files\LogMeIn\x86\LogMeInSystray.exe[2784] ADVAPI32.dll!ChangeServiceConfig2A 77E37101 5 Bytes JMP 003D0C0C
.text C:\Program Files\LogMeIn\x86\LogMeInSystray.exe[2784] ADVAPI32.dll!ChangeServiceConfig2W 77E37189 5 Bytes JMP 003D0E10
.text C:\Program Files\LogMeIn\x86\LogMeInSystray.exe[2784] ADVAPI32.dll!CreateServiceA 77E37211 5 Bytes JMP 003D01F8
.text C:\Program Files\LogMeIn\x86\LogMeInSystray.exe[2784] ADVAPI32.dll!CreateServiceW 77E373A9 5 Bytes JMP 003D03FC
.text C:\Program Files\LogMeIn\x86\LogMeInSystray.exe[2784] ADVAPI32.dll!DeleteService 77E374B1 5 Bytes JMP 003D0600
.text C:\Program Files\LogMeIn\x86\LogMeInSystray.exe[2784] USER32.dll!SetWindowsHookExW 7E42820F 5 Bytes JMP 003E0804
.text C:\Program Files\LogMeIn\x86\LogMeInSystray.exe[2784] USER32.dll!UnhookWindowsHookEx 7E42D5F3 5 Bytes JMP 003E0A08
.text C:\Program Files\LogMeIn\x86\LogMeInSystray.exe[2784] USER32.dll!SetWindowsHookExA 7E431211 5 Bytes JMP 003E0600
.text C:\Program Files\LogMeIn\x86\LogMeInSystray.exe[2784] USER32.dll!SetWinEventHook 7E4317F7 5 Bytes JMP 003E01F8
.text C:\Program Files\LogMeIn\x86\LogMeInSystray.exe[2784] USER32.dll!UnhookWinEvent 7E4318AC 5 Bytes JMP 003E03FC
.text C:\PROGRA~1\ALWILS~1\Avast5\avastUI.exe[2796] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62]
.text C:\PROGRA~1\ALWILS~1\Avast5\avastUI.exe[2796] kernel32.dll!GetBinaryTypeW + 80 7C868D8C 1 Byte [62]
.text C:\Program Files\LogMeIn\x86\LMIGuardian.exe[2956] ntdll.dll!LdrLoadDll 7C91632D 5 Bytes JMP 001501F8
.text C:\Program Files\LogMeIn\x86\LMIGuardian.exe[2956] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62]
.text C:\Program Files\LogMeIn\x86\LMIGuardian.exe[2956] ntdll.dll!LdrUnloadDll 7C9171CD 5 Bytes JMP 001503FC
.text C:\Program Files\LogMeIn\x86\LMIGuardian.exe[2956] kernel32.dll!GetBinaryTypeW + 80 7C868D8C 1 Byte [62]
.text C:\Program Files\LogMeIn\x86\LMIGuardian.exe[2956] ADVAPI32.dll!SetServiceObjectSecurity 77E36D81 5 Bytes JMP 00B81014
.text C:\Program Files\LogMeIn\x86\LMIGuardian.exe[2956] ADVAPI32.dll!ChangeServiceConfigA 77E36E69 5 Bytes JMP 00B80804
.text C:\Program Files\LogMeIn\x86\LMIGuardian.exe[2956] ADVAPI32.dll!ChangeServiceConfigW 77E37001 5 Bytes JMP 00B80A08
.text C:\Program Files\LogMeIn\x86\LMIGuardian.exe[2956] ADVAPI32.dll!ChangeServiceConfig2A 77E37101 5 Bytes JMP 00B80C0C
.text C:\Program Files\LogMeIn\x86\LMIGuardian.exe[2956] ADVAPI32.dll!ChangeServiceConfig2W 77E37189 5 Bytes JMP 00B80E10
.text C:\Program Files\LogMeIn\x86\LMIGuardian.exe[2956] ADVAPI32.dll!CreateServiceA 77E37211 5 Bytes JMP 00B801F8
.text C:\Program Files\LogMeIn\x86\LMIGuardian.exe[2956] ADVAPI32.dll!CreateServiceW 77E373A9 5 Bytes JMP 00B803FC
.text C:\Program Files\LogMeIn\x86\LMIGuardian.exe[2956] ADVAPI32.dll!DeleteService 77E374B1 5 Bytes JMP 00B80600
.text C:\Program Files\IDrive\IDrivePlugin.exe[3012] ntdll.dll!LdrLoadDll 7C91632D 5 Bytes JMP 001401F8
.text C:\Program Files\IDrive\IDrivePlugin.exe[3012] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62]
.text C:\Program Files\IDrive\IDrivePlugin.exe[3012] ntdll.dll!LdrUnloadDll 7C9171CD 5 Bytes JMP 001403FC
.text C:\Program Files\IDrive\IDrivePlugin.exe[3012] kernel32.dll!GetBinaryTypeW + 80 7C868D8C 1 Byte [62]
.text C:\Program Files\IDrive\IDrivePlugin.exe[3012] USER32.dll!SetWindowsHookExW 7E42820F 5 Bytes JMP 00380804
.text C:\Program Files\IDrive\IDrivePlugin.exe[3012] USER32.dll!UnhookWindowsHookEx 7E42D5F3 5 Bytes JMP 00380A08
.text C:\Program Files\IDrive\IDrivePlugin.exe[3012] USER32.dll!SetWindowsHookExA 7E431211 5 Bytes JMP 00380600
.text C:\Program Files\IDrive\IDrivePlugin.exe[3012] USER32.dll!SetWinEventHook 7E4317F7 5 Bytes JMP 003801F8
.text C:\Program Files\IDrive\IDrivePlugin.exe[3012] USER32.dll!UnhookWinEvent 7E4318AC 5 Bytes JMP 003803FC
.text C:\Program Files\IDrive\IDrivePlugin.exe[3012] ADVAPI32.dll!SetServiceObjectSecurity 77E36D81 5 Bytes JMP 00391014
.text C:\Program Files\IDrive\IDrivePlugin.exe[3012] ADVAPI32.dll!ChangeServiceConfigA 77E36E69 5 Bytes JMP 00390804
.text C:\Program Files\IDrive\IDrivePlugin.exe[3012] ADVAPI32.dll!ChangeServiceConfigW 77E37001 5 Bytes JMP 00390A08
.text C:\Program Files\IDrive\IDrivePlugin.exe[3012] ADVAPI32.dll!ChangeServiceConfig2A 77E37101 5 Bytes JMP 00390C0C
.text C:\Program Files\IDrive\IDrivePlugin.exe[3012] ADVAPI32.dll!ChangeServiceConfig2W 77E37189 5 Bytes JMP 00390E10
.text C:\Program Files\IDrive\IDrivePlugin.exe[3012] ADVAPI32.dll!CreateServiceA 77E37211 5 Bytes JMP 003901F8
.text C:\Program Files\IDrive\IDrivePlugin.exe[3012] ADVAPI32.dll!CreateServiceW 77E373A9 5 Bytes JMP 003903FC
.text C:\Program Files\IDrive\IDrivePlugin.exe[3012] ADVAPI32.dll!DeleteService 77E374B1 5 Bytes JMP 00390600
.text C:\Program Files\Motorola\MotoHelper\MotoHelperAgent.exe[3196] ntdll.dll!LdrLoadDll 7C91632D 5 Bytes JMP 001501F8
.text C:\Program Files\Motorola\MotoHelper\MotoHelperAgent.exe[3196] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62]
.text C:\Program Files\Motorola\MotoHelper\MotoHelperAgent.exe[3196] ntdll.dll!LdrUnloadDll 7C9171CD 5 Bytes JMP 001503FC
.text C:\Program Files\Motorola\MotoHelper\MotoHelperAgent.exe[3196] kernel32.dll!GetBinaryTypeW + 80 7C868D8C 1 Byte [62]
.text C:\Program Files\Motorola\MotoHelper\MotoHelperAgent.exe[3196] ADVAPI32.dll!SetServiceObjectSecurity 77E36D81 5 Bytes JMP 003A1014
.text C:\Program Files\Motorola\MotoHelper\MotoHelperAgent.exe[3196] ADVAPI32.dll!ChangeServiceConfigA 77E36E69 5 Bytes JMP 003A0804
.text C:\Program Files\Motorola\MotoHelper\MotoHelperAgent.exe[3196] ADVAPI32.dll!ChangeServiceConfigW 77E37001 5 Bytes JMP 003A0A08
.text C:\Program Files\Motorola\MotoHelper\MotoHelperAgent.exe[3196] ADVAPI32.dll!ChangeServiceConfig2A 77E37101 5 Bytes JMP 003A0C0C
.text C:\Program Files\Motorola\MotoHelper\MotoHelperAgent.exe[3196] ADVAPI32.dll!ChangeServiceConfig2W 77E37189 5 Bytes JMP 003A0E10
.text C:\Program Files\Motorola\MotoHelper\MotoHelperAgent.exe[3196] ADVAPI32.dll!CreateServiceA 77E37211 5 Bytes JMP 003A01F8
.text C:\Program Files\Motorola\MotoHelper\MotoHelperAgent.exe[3196] ADVAPI32.dll!CreateServiceW 77E373A9 5 Bytes JMP 003A03FC
.text C:\Program Files\Motorola\MotoHelper\MotoHelperAgent.exe[3196] ADVAPI32.dll!DeleteService 77E374B1 5 Bytes JMP 003A0600
.text C:\Program Files\Motorola\MotoHelper\MotoHelperAgent.exe[3196] USER32.dll!SetWindowsHookExW 7E42820F 5 Bytes JMP 003B0804
.text C:\Program Files\Motorola\MotoHelper\MotoHelperAgent.exe[3196] USER32.dll!UnhookWindowsHookEx 7E42D5F3 5 Bytes JMP 003B0A08
.text C:\Program Files\Motorola\MotoHelper\MotoHelperAgent.exe[3196] USER32.dll!SetWindowsHookExA 7E431211 5 Bytes JMP 003B0600
.text C:\Program Files\Motorola\MotoHelper\MotoHelperAgent.exe[3196] USER32.dll!SetWinEventHook 7E4317F7 5 Bytes JMP 003B01F8
.text C:\Program Files\Motorola\MotoHelper\MotoHelperAgent.exe[3196] USER32.dll!UnhookWinEvent 7E4318AC 5 Bytes JMP 003B03FC
.text C:\Program Files\NetLimiter 2 Monitor\nlsvc.exe[3200] ntdll.dll!LdrLoadDll 7C91632D 5 Bytes JMP 001501F8
.text C:\Program Files\NetLimiter 2 Monitor\nlsvc.exe[3200] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62]
.text C:\Program Files\NetLimiter 2 Monitor\nlsvc.exe[3200] ntdll.dll!LdrUnloadDll 7C9171CD 5 Bytes JMP 001503FC
.text C:\Program Files\NetLimiter 2 Monitor\nlsvc.exe[3200] kernel32.dll!GetBinaryTypeW + 80 7C868D8C 1 Byte [62]
.text C:\Program Files\NetLimiter 2 Monitor\nlsvc.exe[3200] ADVAPI32.dll!SetServiceObjectSecurity 77E36D81 5 Bytes JMP 00391014
.text C:\Program Files\NetLimiter 2 Monitor\nlsvc.exe[3200] ADVAPI32.dll!ChangeServiceConfigA 77E36E69 5 Bytes JMP 00390804
.text C:\Program Files\NetLimiter 2 Monitor\nlsvc.exe[3200] ADVAPI32.dll!ChangeServiceConfigW 77E37001 5 Bytes JMP 00390A08
.text C:\Program Files\NetLimiter 2 Monitor\nlsvc.exe[3200] ADVAPI32.dll!ChangeServiceConfig2A 77E37101 5 Bytes JMP 00390C0C
.text C:\Program Files\NetLimiter 2 Monitor\nlsvc.exe[3200] ADVAPI32.dll!ChangeServiceConfig2W 77E37189 5 Bytes JMP 00390E10
.text C:\Program Files\NetLimiter 2 Monitor\nlsvc.exe[3200] ADVAPI32.dll!CreateServiceA 77E37211 5 Bytes JMP 003901F8
.text C:\Program Files\NetLimiter 2 Monitor\nlsvc.exe[3200] ADVAPI32.dll!CreateServiceW 77E373A9 5 Bytes JMP 003903FC
.text C:\Program Files\NetLimiter 2 Monitor\nlsvc.exe[3200] ADVAPI32.dll!DeleteService 77E374B1 5 Bytes JMP 00390600
.text C:\Program Files\NetLimiter 2 Monitor\nlsvc.exe[3200] USER32.dll!SetWindowsHookExW 7E42820F 5 Bytes JMP 003A0804
.text C:\Program Files\NetLimiter 2 Monitor\nlsvc.exe[3200] USER32.dll!UnhookWindowsHookEx 7E42D5F3 5 Bytes JMP 003A0A08
.text C:\Program Files\NetLimiter 2 Monitor\nlsvc.exe[3200] USER32.dll!SetWindowsHookExA 7E431211 5 Bytes JMP 003A0600
.text C:\Program Files\NetLimiter 2 Monitor\nlsvc.exe[3200] USER32.dll!SetWinEventHook 7E4317F7 5 Bytes JMP 003A01F8
.text C:\Program Files\NetLimiter 2 Monitor\nlsvc.exe[3200] USER32.dll!UnhookWinEvent 7E4318AC 5 Bytes JMP 003A03FC
.text C:\program files\companionlink\companionlink.exe[3224] ntdll.dll!LdrLoadDll 7C91632D 5 Bytes JMP 001501F8
.text C:\program files\companionlink\companionlink.exe[3224] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62]
.text C:\program files\companionlink\companionlink.exe[3224] ntdll.dll!LdrUnloadDll 7C9171CD 5 Bytes JMP 001503FC
.text C:\program files\companionlink\companionlink.exe[3224] kernel32.dll!GetBinaryTypeW + 80 7C868D8C 1 Byte [62]
.text C:\program files\companionlink\companionlink.exe[3224] ADVAPI32.dll!SetServiceObjectSecurity 77E36D81 5 Bytes JMP 003A1014
.text C:\program files\companionlink\companionlink.exe[3224] ADVAPI32.dll!ChangeServiceConfigA 77E36E69 5 Bytes JMP 003A0804
.text C:\program files\companionlink\companionlink.exe[3224] ADVAPI32.dll!ChangeServiceConfigW 77E37001 5 Bytes JMP 003A0A08
.text C:\program files\companionlink\companionlink.exe[3224] ADVAPI32.dll!ChangeServiceConfig2A 77E37101 5 Bytes JMP 003A0C0C
.text C:\program files\companionlink\companionlink.exe[3224] ADVAPI32.dll!ChangeServiceConfig2W 77E37189 5 Bytes JMP 003A0E10
.text C:\program files\companionlink\companionlink.exe[3224] ADVAPI32.dll!CreateServiceA 77E37211 5 Bytes JMP 003A01F8
.text C:\program files\companionlink\companionlink.exe[3224] ADVAPI32.dll!CreateServiceW 77E373A9 5 Bytes JMP 003A03FC
.text C:\program files\companionlink\companionlink.exe[3224] ADVAPI32.dll!DeleteService 77E374B1 5 Bytes JMP 003A0600
.text C:\program files\companionlink\companionlink.exe[3224] USER32.dll!SetWindowsHookExW 7E42820F 5 Bytes JMP 003B0804
.text C:\program files\companionlink\companionlink.exe[3224] USER32.dll!UnhookWindowsHookEx 7E42D5F3 5 Bytes JMP 003B0A08
.text C:\program files\companionlink\companionlink.exe[3224] USER32.dll!SetWindowsHookExA 7E431211 5 Bytes JMP 003B0600
.text C:\program files\companionlink\companionlink.exe[3224] USER32.dll!SetWinEventHook 7E4317F7 5 Bytes JMP 003B01F8
.text C:\program files\companionlink\companionlink.exe[3224] USER32.dll!UnhookWinEvent 7E4318AC 5 Bytes JMP 003B03FC
.text C:\WINDOWS\System32\alg.exe[3456] ntdll.dll!LdrLoadDll 7C91632D 5 Bytes JMP 000901F8
.text C:\WINDOWS\System32\alg.exe[3456] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62]
.text C:\WINDOWS\System32\alg.exe[3456] ntdll.dll!LdrUnloadDll 7C9171CD 5 Bytes JMP 000903FC
.text C:\WINDOWS\System32\alg.exe[3456] kernel32.dll!GetBinaryTypeW + 80 7C868D8C 1 Byte [62]
.text C:\WINDOWS\System32\alg.exe[3456] USER32.dll!SetWindowsHookExW 7E42820F 5 Bytes JMP 002B0804
.text C:\WINDOWS\System32\alg.exe[3456] USER32.dll!UnhookWindowsHookEx 7E42D5F3 5 Bytes JMP 002B0A08
.text C:\WINDOWS\System32\alg.exe[3456] USER32.dll!SetWindowsHookExA 7E431211 5 Bytes JMP 002B0600
.text C:\WINDOWS\System32\alg.exe[3456] USER32.dll!SetWinEventHook 7E4317F7 5 Bytes JMP 002B01F8
.text C:\WINDOWS\System32\alg.exe[3456] USER32.dll!UnhookWinEvent 7E4318AC 5 Bytes JMP 002B03FC
.text C:\WINDOWS\System32\alg.exe[3456] ADVAPI32.dll!SetServiceObjectSecurity 77E36D81 5 Bytes JMP 002C1014
.text C:\WINDOWS\System32\alg.exe[3456] ADVAPI32.dll!ChangeServiceConfigA 77E36E69 5 Bytes JMP 002C0804
.text C:\WINDOWS\System32\alg.exe[3456] ADVAPI32.dll!ChangeServiceConfigW 77E37001 5 Bytes JMP 002C0A08
.text C:\WINDOWS\System32\alg.exe[3456] ADVAPI32.dll!ChangeServiceConfig2A 77E37101 5 Bytes JMP 002C0C0C
.text C:\WINDOWS\System32\alg.exe[3456] ADVAPI32.dll!ChangeServiceConfig2W 77E37189 5 Bytes JMP 002C0E10
.text C:\WINDOWS\System32\alg.exe[3456] ADVAPI32.dll!CreateServiceA 77E37211 5 Bytes JMP 002C01F8
.text C:\WINDOWS\System32\alg.exe[3456] ADVAPI32.dll!CreateServiceW 77E373A9 5 Bytes JMP 002C03FC
.text C:\WINDOWS\System32\alg.exe[3456] ADVAPI32.dll!DeleteService 77E374B1 5 Bytes JMP 002C0600
.text C:\Program Files\IDrive\IDriveSDBManager.exe[3484] ntdll.dll!LdrLoadDll 7C91632D 5 Bytes JMP 001401F8
.text C:\Program Files\IDrive\IDriveSDBManager.exe[3484] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62]
.text C:\Program Files\IDrive\IDriveSDBManager.exe[3484] ntdll.dll!LdrUnloadDll 7C9171CD 5 Bytes JMP 001403FC
.text C:\Program Files\IDrive\IDriveSDBManager.exe[3484] kernel32.dll!GetBinaryTypeW + 80 7C868D8C 1 Byte [62]
.text C:\Program Files\IDrive\IDriveSDBManager.exe[3484] USER32.dll!SetWindowsHookExW 7E42820F 5 Bytes JMP 00380804
.text C:\Program Files\IDrive\IDriveSDBManager.exe[3484] USER32.dll!UnhookWindowsHookEx 7E42D5F3 5 Bytes JMP 00380A08
.text C:\Program Files\IDrive\IDriveSDBManager.exe[3484] USER32.dll!SetWindowsHookExA 7E431211 5 Bytes JMP 00380600
.text C:\Program Files\IDrive\IDriveSDBManager.exe[3484] USER32.dll!SetWinEventHook 7E4317F7 5 Bytes JMP 003801F8
.text C:\Program Files\IDrive\IDriveSDBManager.exe[3484] USER32.dll!UnhookWinEvent 7E4318AC 5 Bytes JMP 003803FC
.text C:\Program Files\IDrive\IDriveSDBManager.exe[3484] ADVAPI32.dll!SetServiceObjectSecurity 77E36D81 5 Bytes JMP 00391014
.text C:\Program Files\IDrive\IDriveSDBManager.exe[3484] ADVAPI32.dll!ChangeServiceConfigA 77E36E69 5 Bytes JMP 00390804
.text C:\Program Files\IDrive\IDriveSDBManager.exe[3484] ADVAPI32.dll!ChangeServiceConfigW 77E37001 5 Bytes JMP 00390A08
.text C:\Program Files\IDrive\IDriveSDBManager.exe[3484] ADVAPI32.dll!ChangeServiceConfig2A 77E37101 5 Bytes JMP 00390C0C
.text C:\Program Files\IDrive\IDriveSDBManager.exe[3484] ADVAPI32.dll!ChangeServiceConfig2W 77E37189 5 Bytes JMP 00390E10
.text C:\Program Files\IDrive\IDriveSDBManager.exe[3484] ADVAPI32.dll!CreateServiceA 77E37211 5 Bytes JMP 003901F8
.text C:\Program Files\IDrive\IDriveSDBManager.exe[3484] ADVAPI32.dll!CreateServiceW 77E373A9 5 Bytes JMP 003903FC
.text C:\Program Files\IDrive\IDriveSDBManager.exe[3484] ADVAPI32.dll!DeleteService 77E374B1 5 Bytes JMP 00390600
.text C:\WINDOWS\system32\wuauclt.exe[3520] ntdll.dll!LdrLoadDll 7C91632D 5 Bytes JMP 000A01F8
.text C:\WINDOWS\system32\wuauclt.exe[3520] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62]
.text C:\WINDOWS\system32\wuauclt.exe[3520] ntdll.dll!LdrUnloadDll 7C9171CD 5 Bytes JMP 000A03FC
.text C:\WINDOWS\system32\wuauclt.exe[3520] kernel32.dll!GetBinaryTypeW + 80 7C868D8C 1 Byte [62]
.text C:\WINDOWS\system32\wuauclt.exe[3520] ADVAPI32.dll!SetServiceObjectSecurity 77E36D81 5 Bytes JMP 002C1014
.text C:\WINDOWS\system32\wuauclt.exe[3520] ADVAPI32.dll!ChangeServiceConfigA 77E36E69 5 Bytes JMP 002C0804
.text C:\WINDOWS\system32\wuauclt.exe[3520] ADVAPI32.dll!ChangeServiceConfigW 77E37001 5 Bytes JMP 002C0A08
.text C:\WINDOWS\system32\wuauclt.exe[3520] ADVAPI32.dll!ChangeServiceConfig2A 77E37101 5 Bytes JMP 002C0C0C
.text C:\WINDOWS\system32\wuauclt.exe[3520] ADVAPI32.dll!ChangeServiceConfig2W 77E37189 5 Bytes JMP 002C0E10
.text C:\WINDOWS\system32\wuauclt.exe[3520] ADVAPI32.dll!CreateServiceA 77E37211 5 Bytes JMP 002C01F8
.text C:\WINDOWS\system32\wuauclt.exe[3520] ADVAPI32.dll!CreateServiceW 77E373A9 5 Bytes JMP 002C03FC
.text C:\WINDOWS\system32\wuauclt.exe[3520] ADVAPI32.dll!DeleteService 77E374B1 5 Bytes JMP 002C0600
.text C:\WINDOWS\system32\wuauclt.exe[3520] USER32.dll!SetWindowsHookExW 7E42820F 5 Bytes JMP 002D0804
.text C:\WINDOWS\system32\wuauclt.exe[3520] USER32.dll!UnhookWindowsHookEx 7E42D5F3 5 Bytes JMP 002D0A08
.text C:\WINDOWS\system32\wuauclt.exe[3520] USER32.dll!SetWindowsHookExA 7E431211 5 Bytes JMP 002D0600
.text C:\WINDOWS\system32\wuauclt.exe[3520] USER32.dll!SetWinEventHook 7E4317F7 5 Bytes JMP 002D01F8
.text C:\WINDOWS\system32\wuauclt.exe[3520] USER32.dll!UnhookWinEvent 7E4318AC 5 Bytes JMP 002D03FC
.text C:\Program Files\IDrive\IDriveETray.exe[4068] ntdll.dll!LdrLoadDll 7C91632D 5 Bytes JMP 001401F8
.text C:\Program Files\IDrive\IDriveETray.exe[4068] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62]
.text C:\Program Files\IDrive\IDriveETray.exe[4068] ntdll.dll!LdrUnloadDll 7C9171CD 5 Bytes JMP 001403FC
.text C:\Program Files\IDrive\IDriveETray.exe[4068] kernel32.dll!GetBinaryTypeW + 80 7C868D8C 1 Byte [62]
.text C:\Program Files\IDrive\IDriveETray.exe[4068] USER32.dll!SetWindowsHookExW 7E42820F 5 Bytes JMP 00380804
.text C:\Program Files\IDrive\IDriveETray.exe[4068] USER32.dll!UnhookWindowsHookEx 7E42D5F3 5 Bytes JMP 00380A08
.text C:\Program Files\IDrive\IDriveETray.exe[4068] USER32.dll!SetWindowsHookExA 7E431211 5 Bytes JMP 00380600
.text C:\Program Files\IDrive\IDriveETray.exe[4068] USER32.dll!SetWinEventHook 7E4317F7 5 Bytes JMP 003801F8
.text C:\Program Files\IDrive\IDriveETray.exe[4068] USER32.dll!UnhookWinEvent 7E4318AC 5 Bytes JMP 003803FC
.text C:\Program Files\IDrive\IDriveETray.exe[4068] ADVAPI32.dll!SetServiceObjectSecurity 77E36D81 5 Bytes JMP 00391014
.text C:\Program Files\IDrive\IDriveETray.exe[4068] ADVAPI32.dll!ChangeServiceConfigA 77E36E69 5 Bytes JMP 00390804
.text C:\Program Files\IDrive\IDriveETray.exe[4068] ADVAPI32.dll!ChangeServiceConfigW 77E37001 5 Bytes JMP 00390A08
.text C:\Program Files\IDrive\IDriveETray.exe[4068] ADVAPI32.dll!ChangeServiceConfig2A 77E37101 5 Bytes JMP 00390C0C
.text C:\Program Files\IDrive\IDriveETray.exe[4068] ADVAPI32.dll!ChangeServiceConfig2W 77E37189 5 Bytes JMP 00390E10
.text C:\Program Files\IDrive\IDriveETray.exe[4068] ADVAPI32.dll!CreateServiceA 77E37211 5 Bytes JMP 003901F8
.text C:\Program Files\IDrive\IDriveETray.exe[4068] ADVAPI32.dll!CreateServiceW 77E373A9 5 Bytes JMP 003903FC
.text C:\Program Files\IDrive\IDriveETray.exe[4068] ADVAPI32.dll!DeleteService 77E374B1 5 Bytes JMP 00390600

---- Devices - GMER 1.0.15 ----

Device \FileSystem\Ntfs \Ntfs aswSP.SYS (avast! self protection module/AVAST Software)

AttachedDevice \FileSystem\Ntfs \Ntfs aswMon2.SYS (avast! File System Filter Driver for Windows XP/AVAST Software)
AttachedDevice \Driver\Tcpip \Device\Ip aswTdi.SYS (avast! TDI Filter Driver/AVAST Software)
AttachedDevice \Driver\Tcpip \Device\Ip nltdi.sys (NetLimiter Driver/Locktime Software)
AttachedDevice \Driver\Tcpip \Device\Tcp aswTdi.SYS (avast! TDI Filter Driver/AVAST Software)
AttachedDevice \Driver\Tcpip \Device\Tcp nltdi.sys (NetLimiter Driver/Locktime Software)
AttachedDevice \Driver\Tcpip \Device\Udp aswTdi.SYS (avast! TDI Filter Driver/AVAST Software)
AttachedDevice \Driver\Tcpip \Device\Udp nltdi.sys (NetLimiter Driver/Locktime Software)
AttachedDevice \Driver\Tcpip \Device\RawIp aswTdi.SYS (avast! TDI Filter Driver/AVAST Software)
AttachedDevice \Driver\Tcpip \Device\RawIp nltdi.sys (NetLimiter Driver/Locktime Software)

Device \FileSystem\Fastfat \Fat B5A01D20
Device \FileSystem\Fastfat \Fat B59FE7B4

AttachedDevice \FileSystem\Fastfat \Fat fltmgr.sys (Microsoft Filesystem Filter Manager/Microsoft Corporation)
AttachedDevice \FileSystem\Fastfat \Fat aswMon2.SYS (avast! File System Filter Driver for Windows XP/AVAST Software)

---- EOF - GMER 1.0.15 ----



OTL logfile created on: 11/12/2011 2:22:35 AM - Run 1
OTL by OldTimer - Version 3.2.31.0 Folder = C:\Documents and Settings\freddy\My Documents\AAADownloads\Programs to Save\OTL
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

1023.29 Mb Total Physical Memory | 578.69 Mb Available Physical Memory | 56.55% Memory free
3.84 Gb Paging File | 3.39 Gb Available in Paging File | 88.26% Paging File free
Paging file location(s): D:\pagefile.sys 3000 4096 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 931.50 Gb Total Space | 769.29 Gb Free Space | 82.59% Space Free | Partition Type: NTFS
Drive D: | 279.48 Gb Total Space | 11.77 Gb Free Space | 4.21% Space Free | Partition Type: NTFS

Computer Name: HP | User Name: freddy | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2011/11/10 21:31:28 | 000,584,192 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\freddy\My Documents\AAADownloads\Programs to Save\OTL\OTL.exe
PRC - [2011/10/26 00:10:47 | 001,036,344 | ---- | M] (Google Inc.) -- C:\Documents and Settings\freddy\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
PRC - [2011/09/20 06:58:36 | 049,424,384 | ---- | M] (CompanionLink Software, Inc.) -- C:\Program Files\CompanionLink\CompanionLink.exe
PRC - [2011/08/10 11:35:20 | 000,227,184 | ---- | M] () -- C:\Program Files\Motorola\MotoHelper\MotoHelperService.exe
PRC - [2011/08/08 14:11:06 | 000,681,840 | ---- | M] () -- C:\Program Files\Motorola\MotoHelper\MotoHelperAgent.exe
PRC - [2011/07/04 03:43:54 | 003,493,720 | ---- | M] (AVAST Software) -- C:\Program Files\Alwil Software\Avast5\AvastUI.exe
PRC - [2011/07/04 03:43:51 | 000,042,184 | ---- | M] (AVAST Software) -- C:\Program Files\Alwil Software\Avast5\AvastSvc.exe
PRC - [2011/06/24 14:56:16 | 000,157,128 | ---- | M] (Pro Softnet Corporation) -- C:\Program Files\IDrive\IDriveE Service.exe
PRC - [2011/06/08 18:04:20 | 000,267,688 | ---- | M] ( ) -- C:\Program Files\IDrive\IDrivePlugin.exe
PRC - [2010/03/25 00:45:44 | 000,495,616 | ---- | M] (Locktime Software) -- C:\Program Files\NetLimiter 2 Monitor\nlsvc.exe
PRC - [2009/09/05 10:23:04 | 000,116,032 | ---- | M] (LogMeIn, Inc.) -- C:\Program Files\LogMeIn\x86\ramaint.exe
PRC - [2009/09/05 10:22:58 | 000,378,176 | ---- | M] (LogMeIn, Inc.) -- C:\Program Files\LogMeIn\x86\LMIGuardian.exe
PRC - [2008/08/11 11:41:00 | 000,063,048 | ---- | M] (LogMeIn, Inc.) -- C:\Program Files\LogMeIn\x86\LogMeInSystray.exe
PRC - [2008/08/11 11:41:00 | 000,063,040 | ---- | M] (LogMeIn, Inc.) -- C:\Program Files\LogMeIn\x86\LogMeIn.exe
PRC - [2008/04/13 16:12:22 | 000,015,360 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\inetsrv\inetinfo.exe
PRC - [2008/04/13 16:12:19 | 001,033,728 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
PRC - [2003/03/19 17:43:00 | 000,065,536 | ---- | M] (Brother Industries, Ltd.) -- C:\WINDOWS\system32\Brmfrmps.exe
PRC - [2001/08/17 20:36:38 | 000,032,256 | ---- | M] (Brother Industries, Ltd.) -- C:\WINDOWS\system32\BrmfRsmg.exe


========== Modules (No Company Name) ==========

MOD - [2011/11/11 12:00:54 | 001,614,336 | ---- | M] () -- C:\Program Files\Alwil Software\Avast5\defs\11111101\algo.dll
MOD - [2011/11/11 09:19:04 | 000,240,992 | ---- | M] () -- C:\Program Files\Alwil Software\Avast5\defs\11111101\aswRep.dll
MOD - [2011/10/26 00:10:46 | 000,420,920 | ---- | M] () -- C:\Documents and Settings\freddy\Local Settings\Application Data\Google\Chrome\Application\15.0.874.106\ppgooglenaclpluginchrome.dll
MOD - [2011/10/26 00:10:45 | 003,702,840 | ---- | M] () -- C:\Documents and Settings\freddy\Local Settings\Application Data\Google\Chrome\Application\15.0.874.106\pdf.dll
MOD - [2011/10/26 00:09:09 | 000,122,952 | ---- | M] () -- C:\Documents and Settings\freddy\Local Settings\Application Data\Google\Chrome\Application\15.0.874.106\avutil-51.dll
MOD - [2011/10/26 00:09:07 | 000,222,280 | ---- | M] () -- C:\Documents and Settings\freddy\Local Settings\Application Data\Google\Chrome\Application\15.0.874.106\avformat-53.dll
MOD - [2011/10/26 00:09:06 | 001,745,992 | ---- | M] () -- C:\Documents and Settings\freddy\Local Settings\Application Data\Google\Chrome\Application\15.0.874.106\avcodec-53.dll
MOD - [2011/10/25 21:14:43 | 008,587,936 | ---- | M] () -- C:\Documents and Settings\freddy\Local Settings\Application Data\Google\Chrome\Application\15.0.874.106\gcswf32.dll
MOD - [2011/08/10 11:35:20 | 000,227,184 | ---- | M] () -- C:\Program Files\Motorola\MotoHelper\MotoHelperService.exe
MOD - [2011/08/08 14:11:06 | 000,681,840 | ---- | M] () -- C:\Program Files\Motorola\MotoHelper\MotoHelperAgent.exe
MOD - [2009/08/06 12:14:12 | 001,063,248 | ---- | M] () -- C:\Program Files\LogMeIn\x86\ICSAgent32.dll
MOD - [2008/05/14 11:21:52 | 000,441,705 | ---- | M] () -- C:\Program Files\IDrive\sqlite3.dll


========== Win32 Services (SafeList) ==========

SRV - [2011/08/10 11:35:20 | 000,227,184 | ---- | M] () [Auto | Running] -- C:\Program Files\Motorola\MotoHelper\MotoHelperService.exe -- (MotoHelper)
SRV - [2011/07/04 03:43:51 | 000,042,184 | ---- | M] (AVAST Software) [Auto | Running] -- C:\Program Files\Alwil Software\Avast5\AvastSvc.exe -- (avast! Antivirus)
SRV - [2011/06/24 14:56:16 | 000,157,128 | ---- | M] (Pro Softnet Corporation) [Auto | Running] -- C:\Program Files\IDrive\IDriveE Service.exe -- (IDriveE Service)
SRV - [2010/03/25 00:45:44 | 000,495,616 | ---- | M] (Locktime Software) [Auto | Running] -- C:\Program Files\NetLimiter 2 Monitor\nlsvc.exe -- (nlsvc)
SRV - [2009/09/15 22:01:07 | 000,651,720 | ---- | M] (Macrovision Europe Ltd.) [On_Demand | Stopped] -- C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe -- (FLEXnet Licensing Service)
SRV - [2009/09/05 10:23:04 | 000,116,032 | ---- | M] (LogMeIn, Inc.) [Auto | Running] -- C:\Program Files\LogMeIn\x86\RaMaint.exe -- (LMIMaint)
SRV - [2008/08/11 11:41:00 | 000,063,040 | ---- | M] (LogMeIn, Inc.) [Auto | Running] -- C:\Program Files\LogMeIn\x86\LogMeIn.exe -- (LogMeIn)
SRV - [2008/04/13 16:12:22 | 000,015,360 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\WINDOWS\system32\inetsrv\inetinfo.exe -- (W3SVC)
SRV - [2008/04/13 16:12:22 | 000,015,360 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\WINDOWS\system32\inetsrv\inetinfo.exe -- (SMTPSVC) Simple Mail Transfer Protocol (SMTP)
SRV - [2008/04/13 16:12:22 | 000,015,360 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\WINDOWS\system32\inetsrv\inetinfo.exe -- (IISADMIN)
SRV - [2003/03/19 17:43:00 | 000,065,536 | ---- | M] (Brother Industries, Ltd.) [Auto | Running] -- C:\WINDOWS\System32\Brmfrmps.exe -- (brmfrmps)


========== Driver Services (SafeList) ==========

DRV - [2011/07/04 03:36:43 | 000,441,176 | ---- | M] (AVAST Software) [File_System | System | Running] -- C:\WINDOWS\System32\drivers\aswSnx.sys -- (aswSnx)
DRV - [2011/07/04 03:36:32 | 000,309,848 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\aswSP.sys -- (aswSP)
DRV - [2011/07/04 03:35:23 | 000,043,608 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\aswTdi.sys -- (aswTdi)
DRV - [2011/07/04 03:35:12 | 000,102,616 | ---- | M] (AVAST Software) [File_System | Auto | Running] -- C:\WINDOWS\System32\drivers\aswmon2.sys -- (aswMon2)
DRV - [2011/07/04 03:32:32 | 000,025,432 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\aswRdr.sys -- (aswRdr)
DRV - [2011/07/04 03:32:13 | 000,030,808 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\aavmker4.sys -- (Aavmker4)
DRV - [2011/07/04 03:32:12 | 000,019,544 | ---- | M] (AVAST Software) [File_System | Auto | Running] -- C:\WINDOWS\System32\drivers\aswFsBlk.sys -- (aswFsBlk)
DRV - [2011/03/09 18:29:18 | 000,006,656 | ---- | M] (Windows ® Codename Longhorn DDK provider) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\iPodDrv.sys -- (iPodDrv)
DRV - [2010/03/25 00:49:06 | 000,082,360 | ---- | M] (Locktime Software) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\nltdi.sys -- (nltdi)
DRV - [2009/09/05 10:23:34 | 000,083,288 | ---- | M] (LogMeIn, Inc.) [File_System | Disabled | Stopped] -- C:\WINDOWS\System32\LMIRfsClientNP.dll -- (LMIRfsClientNP)
DRV - [2009/03/25 05:29:52 | 000,130,432 | ---- | M] (Realtek Semiconductor Corporation ) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\Rtnicxp.sys -- (RTL8023xp)
DRV - [2009/03/18 16:35:40 | 000,026,176 | -H-- | M] (LogMeIn, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\hamachi.sys -- (hamachi)
DRV - [2008/08/11 11:41:00 | 000,047,640 | ---- | M] (LogMeIn, Inc.) [File_System | Auto | Running] -- C:\WINDOWS\system32\drivers\LMIRfsDriver.sys -- (LMIRfsDriver)
DRV - [2008/08/11 11:41:00 | 000,012,856 | ---- | M] (LogMeIn, Inc.) [Kernel | Auto | Running] -- C:\Program Files\LogMeIn\x86\rainfo.sys -- (LMIInfo)
DRV - [2008/04/13 10:36:41 | 000,063,744 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\mf.sys -- (mf)
DRV - [2008/01/14 02:06:32 | 000,021,632 | ---- | M] (ManyCam LLC.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ManyCam.sys -- (ManyCam)
DRV - [2007/12/04 17:10:30 | 000,016,640 | R--- | M] (PalmSource, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\PalmUSBD.sys -- (PalmUSBD)
DRV - [2007/09/05 12:04:34 | 000,079,408 | ---- | M] (PACE Anti-Piracy, Inc.) [Kernel | Boot | Running] -- C:\WINDOWS\System32\drivers\TPkd.sys -- (TPkd)
DRV - [2006/02/21 19:46:26 | 001,505,792 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ati2mtag.sys -- (ati2mtag)
DRV - [2004/10/01 09:24:02 | 002,279,424 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ALCXWDM.SYS -- (ALCXWDM) Service for Realtek AC97 Audio (WDM)
DRV - [2004/08/03 21:31:32 | 000,020,992 | ---- | M] (Realtek Semiconductor Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\rtl8139.sys -- (rtl8139) Realtek RTL8139(A/B/C)
DRV - [2004/08/03 21:29:51 | 000,166,912 | ---- | M] (S3 Graphics, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\s3gnbm.sys -- (S3Psddr)
DRV - [2004/08/03 21:29:29 | 000,014,336 | ---- | M] (ATI Technologies Inc.) [Kernel | Auto | Stopped] -- C:\WINDOWS\system32\drivers\atinpdxx.sys -- (PCDCODEC)
DRV - [2003/12/12 18:03:10 | 000,652,689 | ---- | M] (Agere Systems) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ltmdmnt.sys -- (ltmodem5)
DRV - [2003/02/27 01:19:50 | 000,260,736 | ---- | M] (Silicon Integrated Systems Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\sisgrp.sys -- (SiS315)
DRV - [2003/02/23 02:55:26 | 000,141,824 | ---- | M] (Promise Technology, Inc.) [Kernel | Boot | Running] -- C:\WINDOWS\System32\DRIVERS\fasttx2k.sys -- (fasttx2k)
DRV - [2002/12/27 17:41:00 | 000,026,880 | ---- | M] (VIA Technologies, Inc.) [Kernel | Boot | Running] -- C:\WINDOWS\System32\DRIVERS\viaagp1.sys -- (viaagp1)
DRV - [2002/12/25 04:09:48 | 000,030,848 | ---- | M] (Silicon Integrated Systems Corporation) [Kernel | Boot | Running] -- C:\WINDOWS\System32\DRIVERS\SISAGPX.sys -- (SISAGP)
DRV - [2002/10/01 08:22:32 | 000,009,856 | ---- | M] (Padus, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\pfc.sys -- (pfc)
DRV - [2002/09/23 23:37:00 | 000,080,896 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\NVENET.sys -- (NVENET)
DRV - [2002/09/20 00:15:42 | 000,472,396 | R--- | M] (Logitech Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\lvcm.sys -- (QCMerced)
DRV - [2002/09/11 08:17:14 | 000,100,671 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\atinrvxx.sys -- (atinrvxx)
DRV - [2002/09/11 08:17:14 | 000,059,647 | ---- | M] (ATI Technologies Inc.) [Kernel | Auto | Stopped] -- C:\WINDOWS\system32\drivers\atinxsxx.sys -- (ATIXSAudio)
DRV - [2002/09/11 08:17:14 | 000,048,399 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\atinraxx.sys -- (ativraxx)
DRV - [2002/09/11 08:17:14 | 000,036,911 | ---- | M] (ATI Technologies Inc.) [Kernel | Auto | Stopped] -- C:\WINDOWS\system32\drivers\atintuxx.sys -- (ATITUNEP)
DRV - [2002/09/11 08:17:14 | 000,012,415 | ---- | M] (ATI Technologies Inc.) [Kernel | Auto | Stopped] -- C:\WINDOWS\system32\drivers\atinmdxx.sys -- (MVDCODEC)
DRV - [2002/09/07 00:24:00 | 000,013,568 | ---- | M] (NVIDIA Corporation) [Kernel | Boot | Running] -- C:\WINDOWS\System32\DRIVERS\nv_agp.sys -- (nv_agp)
DRV - [2001/08/17 12:12:22 | 000,010,368 | ---- | M] (Brother Industries Ltd.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\BrUsbScn.sys -- (BrUsbScn)
DRV - [2001/08/17 12:12:12 | 000,002,944 | ---- | M] (Brother Industries Ltd.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\BrFilt.sys -- (brfilt)
DRV - [2001/06/04 20:00:00 | 000,014,112 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\PS2.sys -- (Ps2)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar = http://srch-us8.hpwis.com/


IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-19\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-19\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = <local>
IE - HKU\S-1-5-19\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "AutoConfigURL" = http://proxy.ucla.edu/cgi/proxy

IE - HKU\S-1-5-20\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-21-4113586923-2583412229-520591771-1007\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.google.com/ie
IE - HKU\S-1-5-21-4113586923-2583412229-520591771-1007\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.msnbc.msn.com/
IE - HKU\S-1-5-21-4113586923-2583412229-520591771-1007\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Search_URL = http://www.google.com/ie
IE - HKU\S-1-5-21-4113586923-2583412229-520591771-1007\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.google.com/ie
IE - HKU\S-1-5-21-4113586923-2583412229-520591771-1007\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-21-4113586923-2583412229-520591771-1007\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = 192.168.*.*;<local>
IE - HKU\S-1-5-21-4113586923-2583412229-520591771-1007\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "AutoConfigURL" = http://proxy.ucla.edu/cgi/proxy

FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\WINDOWS\system32\Macromed\Flash\NPSWF32.dll ()
FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\WINDOWS\system32\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.)
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@doubletwist.com/NPPodcast: C:\Program Files\Common Files\doubleTwist\NPPodcast.dll (doubleTwist Corporation)
FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF - HKLM\Software\MozillaPlugins\@google.com/npPicasa3,version=3.0.0: C:\Program Files\Google\Picasa3\npPicasa3.dll (Google, Inc.)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\4.0.60831.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@palmsource.com/installer,version=1.0: C:\PROGRA~1\Palm\PACKAG~1\NPInstal.dll ()
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.79\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.79\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\Adobe Acrobat: C:\Program Files\Adobe\Acrobat 9.0\Acrobat\Air\nppdf32.dll (Adobe Systems Inc.)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Documents and Settings\freddy\Local Settings\Application Data\Google\Update\1.3.21.79\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Documents and Settings\freddy\Local Settings\Application Data\Google\Update\1.3.21.79\npGoogleUpdate3.dll (Google Inc.)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{A580ADAB-A578-4DB5-9B07-510AC9442829}: C:\Documents and Settings\freddy\Local Settings\Application Data\{A580ADAB-A578-4DB5-9B07-510AC9442829} [2011/01/20 15:49:48 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 3.5.7\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2011/11/04 09:27:39 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 3.5.7\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2011/07/13 10:34:25 | 000,000,000 | ---D | M]

[2010/04/09 14:10:21 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\freddy\Application Data\Mozilla\Extensions
[2010/04/09 14:10:21 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\freddy\Application Data\Mozilla\Extensions\[email protected]
[2011/06/02 15:28:05 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\freddy\Application Data\Mozilla\Firefox\Profiles\fz5pq15l.freddy\extensions
[2011/02/10 21:40:45 | 000,000,000 | ---D | M] (DownloadHelper) -- C:\Documents and Settings\freddy\Application Data\Mozilla\Firefox\Profiles\fz5pq15l.freddy\extensions\{b9db16a4-6edc-47ec-a1f4-b86292ed211d}
[2009/12/09 10:25:41 | 000,000,000 | ---D | M] ("Tab Mix Plus") -- C:\Documents and Settings\freddy\Application Data\Mozilla\Firefox\Profiles\fz5pq15l.freddy\extensions\{dc572301-7619-498c-a57d-39143191b318}
[2010/03/03 09:44:07 | 000,000,000 | ---D | M] ("Xmarks") -- C:\Documents and Settings\freddy\Application Data\Mozilla\Firefox\Profiles\fz5pq15l.freddy\extensions\[email protected]
[2010/02/11 17:11:45 | 000,000,000 | ---D | M] (LogMeIn, Inc. Remote Access Plugin) -- C:\Documents and Settings\freddy\Application Data\Mozilla\Firefox\Profiles\fz5pq15l.freddy\extensions\[email protected]
[2011/02/10 21:40:45 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\freddy\Application Data\Mozilla\Firefox\Profiles\fz5pq15l.freddy\extensions\staged-xpis
[2011/06/27 22:41:34 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
[2011/06/27 12:04:28 | 000,000,000 | ---D | M] (Skype extension) -- C:\Program Files\Mozilla Firefox\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}
[2011/06/27 22:41:34 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA}
[2010/02/21 02:22:32 | 000,712,704 | ---- | M] (BitComet) -- C:\Program Files\mozilla firefox\plugins\npBitCometAgent.dll
[2011/06/27 22:41:21 | 000,476,904 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\mozilla firefox\plugins\npdeployJava1.dll

========== Chrome ==========

CHR - default_search_provider: Google (Enabled)
CHR - default_search_provider: search_url = {google:baseURL}search?{google:RLZ}{google:acceptedSuggestion}{google:originalQueryForSuggestion}{google:searchFieldtrialParameter}{google:instantFieldTrialGroupParameter}sourceid=chrome&ie={inputEncoding}&q={searchTerms}
CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}{google:instantFieldTrialGroupParameter}client=chrome&hl={language}&q={searchTerms}
CHR - plugin: Shockwave Flash (Enabled) = C:\Documents and Settings\freddy\Local Settings\Application Data\Google\Chrome\Application\15.0.874.106\gcswf32.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\WINDOWS\system32\Macromed\Flash\NPSWF32.dll
CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin.dll
CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin2.dll
CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin3.dll
CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin4.dll
CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin5.dll
CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin6.dll
CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin7.dll
CHR - plugin: Java Deployment Toolkit 6.0.260.3 (Enabled) = C:\Program Files\Java\jre6\bin\new_plugin\npdeployJava1.dll
CHR - plugin: Java™ Platform SE 6 U26 (Enabled) = C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll
CHR - plugin: Adobe Acrobat (Disabled) = C:\Program Files\Adobe\Acrobat 9.0\Acrobat\Browser\nppdf32.dll
CHR - plugin: Silverlight Plug-In (Enabled) = c:\Program Files\Microsoft Silverlight\4.0.60531.0\npctrl.dll
CHR - plugin: Shockwave for Director (Enabled) = C:\WINDOWS\system32\Adobe\Director\np32dsw.dll
CHR - plugin: Windows Media Player Plug-in Dynamic Link Library (Enabled) = C:\Program Files\Windows Media Player\npdsplay.dll
CHR - plugin: Microsoft Office 2003 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\NPOFFICE.DLL
CHR - plugin: Remoting Viewer (Enabled) = internal-remoting-viewer
CHR - plugin: Native Client (Enabled) = C:\Documents and Settings\freddy\Local Settings\Application Data\Google\Chrome\Application\15.0.874.106\ppGoogleNaClPluginChrome.dll
CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Documents and Settings\freddy\Local Settings\Application Data\Google\Chrome\Application\15.0.874.106\pdf.dll
CHR - plugin: ActiveTouch General Plugin Container (Enabled) = C:\Documents and Settings\freddy\Local Settings\Application Data\Google\Chrome\Application\plugins\npatgpc.dll
CHR - plugin: BitCometAgent (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npBitCometAgent.dll
CHR - plugin: Microsoft\u00AE DRM (Enabled) = C:\Program Files\Windows Media Player\npdrmv2.dll
CHR - plugin: Microsoft\u00AE DRM (Enabled) = C:\Program Files\Windows Media Player\npwmsdrm.dll
CHR - plugin: Google Update (Enabled) = C:\Documents and Settings\freddy\Local Settings\Application Data\Google\Update\1.3.21.69\npGoogleUpdate3.dll
CHR - plugin: PalmSource Package Installer (Enabled) = C:\PROGRA~1\Palm\PACKAG~1\NPInstal.dll
CHR - plugin: Google Earth Plugin (Enabled) = C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll
CHR - plugin: Picasa (Enabled) = C:\Program Files\Google\Picasa3\npPicasa3.dll
CHR - plugin: iTunes Application Detector (Enabled) = C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll
CHR - plugin: Windows Presentation Foundation (Enabled) = c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll
CHR - plugin: Default Plug-in (Enabled) = default_plugin
CHR - Extension: Email this page (by Google) = C:\Documents and Settings\freddy\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\dbeoemfhkdniadbojeencpkgmobndpai\1.2.5_0\
CHR - Extension: Select To Get Maps = C:\Documents and Settings\freddy\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\hinehgnhgiohbfpbpgkjnelkcgdkcgha\1.1.1_0\

Hosts file not found
O2 - BHO: (ContributeBHO Class) - {074C1DC5-9320-4A9A-947D-C042949C6216} - C:\Program Files\Adobe\/Adobe Contribute CS3/contributeieplugin.dll ()
O2 - BHO: (PodcastBHO Class) - {65134FDF-F8A5-4B3D-91D9-CDF273CFD578} - C:\Program Files\Common Files\doubleTwist\IEPodcastPlugin.dll (doubleTwist Corporation)
O2 - BHO: (Adobe PDF Conversion Toolbar Helper) - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O2 - BHO: (Skype Browser Helper) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O2 - BHO: (SmartSelect Class) - {F4971EE7-DAA0-4053-9964-665D8EE6A077} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O3 - HKLM\..\Toolbar: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O3 - HKLM\..\Toolbar: (Contribute Toolbar) - {517BDDE4-E3A7-4570-B21E-2B52B6139FC7} - C:\Program Files\Adobe\/Adobe Contribute CS3/contributeieplugin.dll ()
O3 - HKU\S-1-5-21-4113586923-2583412229-520591771-1007\..\Toolbar\ShellBrowser: (no name) - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - No CLSID value found.
O3 - HKU\S-1-5-21-4113586923-2583412229-520591771-1007\..\Toolbar\ShellBrowser: (no name) - {B2847E28-5D7D-4DEB-8B67-05D28BCF79F5} - No CLSID value found.
O3 - HKU\S-1-5-21-4113586923-2583412229-520591771-1007\..\Toolbar\WebBrowser: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O4 - HKLM..\Run: [avast5] C:\Program Files\Alwil Software\Avast5\AvastUI.exe (AVAST Software)
O4 - HKLM..\Run: [LogMeIn GUI] C:\Program Files\LogMeIn\x86\LogMeInSystray.exe (LogMeIn, Inc.)
O4 - HKU\S-1-5-21-4113586923-2583412229-520591771-1007..\Run: [CompanionLink] c:\program files\companionlink\companionlink.exe (CompanionLink Software, Inc.)
O4 - HKU\S-1-5-21-4113586923-2583412229-520591771-1007..\Run: [IDriveE Startup] C:\Program Files\IDrive\IDrvieEStartup.exe (Pro Softnet Corporation)
O4 - Startup: C:\Documents and Settings\freddy\Start Menu\Programs\Startup\IDrive Tray.lnk = C:\Program Files\IDrive\IDriveEReg2ini.exe (Pro Softnet Corp.)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoCDBurning = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 43 01 00 00 [binary data]
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 43 01 00 00 [binary data]
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-21-4113586923-2583412229-520591771-1007\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-4113586923-2583412229-520591771-1007\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKU\S-1-5-21-4113586923-2583412229-520591771-1007\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKU\S-1-5-21-4113586923-2583412229-520591771-1007\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O8 - Extra context menu item: Add to Google Photos Screensa&ver - C:\WINDOWS\System32\GPhotos.scr (Google Inc.)
O8 - Extra context menu item: Append Link Target to Existing PDF - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Append to Existing PDF - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Convert Link Target to Adobe PDF - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Convert to Adobe PDF - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O9 - Extra Button: ATI TV - {44226DFF-747E-4edc-B30C-78752E50CD0C} - C:\Program Files\ATI Multimedia\TV\EXPLBAR.DLL (ATI Technologies Inc.)
O9 - Extra Button: Skype Plug-In - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O9 - Extra 'Tools' menuitem : Skype Plug-In - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O15 - HKU\S-1-5-21-4113586923-2583412229-520591771-1007\..Trusted Domains: localhost ([]http in Local intranet)
O15 - HKU\S-1-5-21-4113586923-2583412229-520591771-1007\..Trusted Domains: skyviewcafe.com ([www] http in Trusted sites)
O15 - HKU\S-1-5-21-4113586923-2583412229-520591771-1007\..Trusted Ranges: GD ([http] in Local intranet)
O16 - DPF: {493ACF15-5CD9-4474-82A6-91670C3DD66E} http://www.linkedin....nderControl.cab (LinkedIn ContactFinderControl)
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} http://update.micros...b?1252903274312 (WUWebControl Class)
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} http://update.micros...b?1252989889015 (MUWebControl Class)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_26)
O16 - DPF: {8BE5651C-D60B-4B59-B5B2-F0EB93733D17} https://www36.verizo...l/VCAVMUtil.CAB (IOBIVMUtil.VMDecoder)
O16 - DPF: {CAFEEFAC-0016-0000-0019-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_19)
O16 - DPF: {CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_26)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_26)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload2.m...ash/swflash.cab (Shockwave Flash Object)
O16 - DPF: {DAF7E6E6-D53A-439A-B28D-12271406B8A9} http://mobileapps.bl...re/AxLoader.cab (RIM AxLoader)
O16 - DPF: {FD0B6769-6490-4A91-AA0A-B5AE0DC75AC9} https://secure.logme...trl.cab?lmi=100 (Performance Viewer Activex Control)
O16 - DPF: DirectAnimation Java Classes file://C:\WINDOWS\Java\classes\dajava.cab (Reg Error: Key error.)
O16 - DPF: Microsoft XML Parser for Java file://C:\WINDOWS\Java\classes\xmldso.cab (Reg Error: Key error.)
O16 - DPF: vzTCPConfig http://my.verizon.co...vzTCPConfig.CAB (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{1A98B31B-1E9E-4E5D-8B52-B7BDB7EF8D02}: DhcpNameServer = 192.168.1.1
O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O20 - HKLM Winlogon: Shell - (Explorer.exe) -C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\WINDOWS\system32\userinit.exe) -C:\WINDOWS\system32\userinit.exe (Microsoft Corporation)
O20 - Winlogon\Notify\AtiExtEvent: DllName - (Ati2evxx.dll) - C:\WINDOWS\System32\ati2evxx.dll (ATI Technologies Inc.)
O20 - Winlogon\Notify\igfxcui: DllName - (igfxsrvc.dll) - C:\WINDOWS\System32\igfxsrvc.dll (Intel Corporation)
O20 - Winlogon\Notify\LMIinit: DllName - (LMIinit.dll) - C:\WINDOWS\System32\LMIinit.dll (LogMeIn, Inc.)
O24 - Desktop WallPaper: C:\Documents and Settings\freddy\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O24 - Desktop BackupWallPaper: C:\Documents and Settings\freddy\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2003/04/24 01:01:37 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O33 - MountPoints2\{ff2f7e7c-e8d8-11e0-a4fa-000c6eaad8e0}\Shell - "" = AutoRun
O33 - MountPoints2\{ff2f7e7c-e8d8-11e0-a4fa-000c6eaad8e0}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{ff2f7e7c-e8d8-11e0-a4fa-000c6eaad8e0}\Shell\AutoRun\command - "" = G:\setup.exe -a
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

========== Files/Folders - Created Within 30 Days ==========

[2011/11/04 09:29:28 | 000,000,000 | ---D | C] -- C:\Documents and Settings\freddy\My Documents\My Google Gadgets
[2011/11/04 09:28:24 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Google Desktop
[2011/11/04 01:33:25 | 000,000,000 | ---D | C] -- C:\PUMedFiles
[2011/11/04 01:32:46 | 000,000,000 | ---D | C] -- C:\Program Files\UbicMedia
[2011/11/04 01:32:45 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\UbicMedia
[2011/10/28 00:30:23 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Motorola
[2011/10/27 23:54:13 | 000,000,000 | ---D | C] -- C:\Documents and Settings\freddy\My Documents\Subscriptions
[2011/10/27 23:54:13 | 000,000,000 | ---D | C] -- C:\Documents and Settings\freddy\My Documents\My Videos
[2011/10/15 22:37:57 | 000,116,224 | ---- | C] (Xerox) -- C:\WINDOWS\System32\dllcache\xrxwiadr.dll
[2011/10/15 22:37:56 | 000,023,040 | ---- | C] (Xerox Corporation) -- C:\WINDOWS\System32\dllcache\xrxwbtmp.dll
[2011/10/15 22:37:53 | 000,004,608 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\xrxflnch.exe
[2011/10/15 22:37:37 | 000,099,865 | ---- | C] (Eicon Technology) -- C:\WINDOWS\System32\dllcache\xlog.exe
[2011/10/15 22:37:35 | 000,016,970 | ---- | C] (US Robotics MCD (Megahertz)) -- C:\WINDOWS\System32\dllcache\xem336n5.sys
[2011/10/15 22:37:33 | 000,019,455 | ---- | C] (Intel® Corporation) -- C:\WINDOWS\System32\dllcache\wvchntxx.sys
[2011/10/15 22:37:29 | 000,012,063 | ---- | C] (Intel® Corporation) -- C:\WINDOWS\System32\dllcache\wsiintxx.sys
[2011/10/15 22:37:27 | 000,008,192 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\wshirda.dll
[2011/10/15 22:37:09 | 000,008,832 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\wmiacpi.sys
[2011/10/15 22:37:01 | 000,154,624 | ---- | C] (Lucent Technologies) -- C:\WINDOWS\System32\dllcache\wlluc48.sys
[2011/10/15 22:37:00 | 000,034,890 | ---- | C] (Raytheon Corp.) -- C:\WINDOWS\System32\dllcache\wlandrv2.sys
[2011/10/15 22:36:52 | 000,771,581 | ---- | C] (Rockwell) -- C:\WINDOWS\System32\dllcache\winacisa.sys
[2011/10/15 22:36:49 | 000,053,760 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\wiamsmud.dll
[2011/10/15 22:36:48 | 000,087,040 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\wiafbdrv.dll
[2011/10/15 22:36:44 | 000,701,386 | ---- | C] (3Com Corporation) -- C:\WINDOWS\System32\dllcache\wdhaalba.sys
[2011/10/15 22:36:42 | 000,023,615 | ---- | C] (Intel® Corporation) -- C:\WINDOWS\System32\dllcache\wch7xxnt.sys
[2011/10/15 22:36:41 | 000,031,744 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\wceusbsh.sys
[2011/10/15 22:36:40 | 000,035,871 | ---- | C] (Winbond Electronics Corp.) -- C:\WINDOWS\System32\dllcache\wbfirdma.sys
[2011/10/15 22:36:36 | 000,033,599 | ---- | C] (Intel® Corporation) -- C:\WINDOWS\System32\dllcache\watv04nt.sys
[2011/10/15 22:36:35 | 000,019,551 | ---- | C] (Intel® Corporation) -- C:\WINDOWS\System32\dllcache\watv02nt.sys
[2011/10/15 22:36:33 | 000,029,311 | ---- | C] (Intel® Corporation) -- C:\WINDOWS\System32\dllcache\watv01nt.sys
[2011/10/15 22:36:31 | 000,011,775 | ---- | C] (Intel® Corporation) -- C:\WINDOWS\System32\dllcache\wadv05nt.sys
[2011/10/15 22:36:29 | 000,012,127 | ---- | C] (Intel® Corporation) -- C:\WINDOWS\System32\dllcache\wadv02nt.sys
[2011/10/15 22:36:27 | 000,012,415 | ---- | C] (Intel® Corporation) -- C:\WINDOWS\System32\dllcache\wadv01nt.sys
[2011/10/15 22:36:26 | 000,016,925 | ---- | C] (Winbond Electronics Corporation) -- C:\WINDOWS\System32\dllcache\w940nd.sys
[2011/10/15 22:36:25 | 000,019,016 | ---- | C] (Winbond Electronics Corporation) -- C:\WINDOWS\System32\dllcache\w926nd.sys
[2011/10/15 22:36:24 | 000,019,528 | ---- | C] (Winbond Electronics Corporation) -- C:\WINDOWS\System32\dllcache\w840nd.sys
[2011/10/15 22:36:22 | 000,064,605 | ---- | C] (PCtel, Inc.) -- C:\WINDOWS\System32\dllcache\vvoice.sys
[2011/10/15 22:36:20 | 000,397,502 | ---- | C] (PCtel, Inc.) -- C:\WINDOWS\System32\dllcache\vpctcom.sys
[2011/10/15 22:36:18 | 000,604,253 | ---- | C] (PCTEL, INC.) -- C:\WINDOWS\System32\dllcache\vmodem.sys
[2011/10/15 22:36:16 | 000,249,402 | ---- | C] (Xircom) -- C:\WINDOWS\System32\dllcache\vinwm.sys
[2011/10/15 22:36:16 | 000,024,576 | ---- | C] (VIA Technologies, Inc.) -- C:\WINDOWS\System32\dllcache\viairda.sys
[2011/10/15 22:36:12 | 000,687,999 | ---- | C] (U.S. Robotics Corporation) -- C:\WINDOWS\System32\dllcache\usrwdxjs.sys
[2011/10/15 22:36:11 | 000,765,884 | ---- | C] (U.S. Robotics, Inc.) -- C:\WINDOWS\System32\dllcache\usrti.sys
[2011/10/15 22:36:10 | 000,113,762 | ---- | C] (U.S. Robotics Corporation) -- C:\WINDOWS\System32\dllcache\usrpda.sys
[2011/10/15 22:36:09 | 000,007,556 | ---- | C] (U.S. Robotics Corporation) -- C:\WINDOWS\System32\dllcache\usroslba.sys
[2011/10/15 22:36:08 | 000,224,802 | ---- | C] (U.S. Robotics Corporation) -- C:\WINDOWS\System32\dllcache\usr1807a.sys
[2011/10/15 22:36:07 | 000,794,399 | ---- | C] (U.S. Robotics, Inc.) -- C:\WINDOWS\System32\dllcache\usr1806v.sys
[2011/10/15 22:36:06 | 000,793,598 | ---- | C] (U.S. Robotics, Inc.) -- C:\WINDOWS\System32\dllcache\usr1806.sys
[2011/10/15 22:36:05 | 000,794,654 | ---- | C] (U.S. Robotics, Inc.) -- C:\WINDOWS\System32\dllcache\usr1801.sys
[2011/10/15 22:36:02 | 000,026,112 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\usbser.sys
[2011/10/15 22:36:01 | 000,015,104 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\usbscan.sys
[2011/10/15 22:35:58 | 000,032,384 | ---- | C] (KLSI USA, Inc.) -- C:\WINDOWS\System32\dllcache\usb101et.sys
[2011/10/15 22:35:53 | 000,094,720 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\umaxud32.dll
[2011/10/15 22:35:52 | 000,028,160 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\umaxu40.dll
[2011/10/15 22:35:52 | 000,026,624 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\umaxu22.dll
[2011/10/15 22:35:51 | 000,069,632 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\umaxu12.dll
[2011/10/15 22:35:51 | 000,050,688 | ---- | C] (UMAX DATA SYSTEMS INC.) -- C:\WINDOWS\System32\dllcache\umaxscan.dll
[2011/10/15 22:35:50 | 000,022,912 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\umaxpcls.sys
[2011/10/15 22:35:49 | 000,050,176 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\umaxp60.dll
[2011/10/15 22:35:49 | 000,047,616 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\umaxcam.dll
[2011/10/15 22:35:48 | 000,211,968 | ---- | C] (UMAX Data Systems Inc.) -- C:\WINDOWS\System32\dllcache\um54scan.dll
[2011/10/15 22:35:47 | 000,216,064 | ---- | C] (UMAX Data Systems Inc.) -- C:\WINDOWS\System32\dllcache\um34scan.dll
[2011/10/15 22:35:46 | 000,036,736 | ---- | C] (Promise Technology, Inc.) -- C:\WINDOWS\System32\dllcache\ultra.sys
[2011/10/15 22:35:44 | 000,011,520 | ---- | C] (IBM Corporation) -- C:\WINDOWS\System32\dllcache\twotrack.sys
[2011/10/15 22:35:40 | 000,525,568 | ---- | C] (Trident Microsystems Inc.) -- C:\WINDOWS\System32\dllcache\tridxp.dll
[2011/10/15 22:35:40 | 000,166,784 | ---- | C] (Trident Microsystems Inc.) -- C:\WINDOWS\System32\dllcache\tridxpm.sys
[2011/10/15 22:35:39 | 000,159,232 | ---- | C] (Trident Microsystems Inc.) -- C:\WINDOWS\System32\dllcache\tridkbm.sys
[2011/10/15 22:35:38 | 000,440,576 | ---- | C] (Trident Microsystems Inc.) -- C:\WINDOWS\System32\dllcache\tridkb.dll
[2011/10/15 22:35:38 | 000,222,336 | ---- | C] (Trident Microsystems Inc.) -- C:\WINDOWS\System32\dllcache\trid3dm.sys
[2011/10/15 22:35:37 | 000,315,520 | ---- | C] (Trident Microsystems Inc.) -- C:\WINDOWS\System32\dllcache\trid3d.dll
[2011/10/15 22:35:36 | 000,034,375 | ---- | C] (Intel Corporation) -- C:\WINDOWS\System32\dllcache\tpro4.sys
[2011/10/15 22:35:35 | 000,042,496 | ---- | C] (IBM Corporation) -- C:\WINDOWS\System32\dllcache\tp4res.dll
[2011/10/15 22:35:33 | 000,082,944 | ---- | C] (IBM Corporation) -- C:\WINDOWS\System32\dllcache\tp4mon.exe
[2011/10/15 22:35:32 | 000,031,744 | ---- | C] (IBM Corporation) -- C:\WINDOWS\System32\dllcache\tp4.dll
[2011/10/15 22:35:31 | 000,004,992 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\toside.sys
[2011/10/15 22:35:30 | 000,230,912 | ---- | C] (Toshiba Corporation) -- C:\WINDOWS\System32\dllcache\tosdvd03.sys
[2011/10/15 22:35:29 | 000,241,664 | ---- | C] (Toshiba Corporation) -- C:\WINDOWS\System32\dllcache\tosdvd02.sys
[2011/10/15 22:35:28 | 000,028,232 | ---- | C] (TOSHIBA Corporation) -- C:\WINDOWS\System32\dllcache\tos4mo.sys
[2011/10/15 22:35:26 | 000,123,995 | ---- | C] (Tiger Jet Network) -- C:\WINDOWS\System32\dllcache\tjisdn.sys
[2011/10/15 22:35:23 | 000,138,528 | ---- | C] (Trident Microsystems Inc.) -- C:\WINDOWS\System32\dllcache\tgiulnt5.sys
[2011/10/15 22:35:22 | 000,081,408 | ---- | C] (Trident Microsystems Inc.) -- C:\WINDOWS\System32\dllcache\tgiul50.dll
[2011/10/15 22:35:20 | 000,149,376 | ---- | C] (M-Systems) -- C:\WINDOWS\System32\dllcache\tffsport.sys
[2011/10/15 22:35:18 | 000,017,129 | ---- | C] (TDK Corporation) -- C:\WINDOWS\System32\dllcache\tdkcd31.sys
[2011/10/15 22:35:17 | 000,037,961 | ---- | C] (TDK Corporation) -- C:\WINDOWS\System32\dllcache\tdk100b.sys
[2011/10/15 22:35:13 | 000,030,464 | ---- | C] (Toshiba Corporation) -- C:\WINDOWS\System32\dllcache\tbatm155.sys
[2011/10/15 22:35:11 | 000,007,040 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\tandqic.sys
[2011/10/15 22:35:10 | 000,172,768 | ---- | C] (Number Nine Visual Technology) -- C:\WINDOWS\System32\dllcache\t2r4disp.dll
[2011/10/15 22:35:10 | 000,036,640 | ---- | C] (Number Nine Visual Technology Corp.) -- C:\WINDOWS\System32\dllcache\t2r4mini.sys
[2011/10/15 22:35:06 | 000,032,640 | ---- | C] (LSI Logic) -- C:\WINDOWS\System32\dllcache\symc8xx.sys
[2011/10/15 22:35:06 | 000,016,256 | ---- | C] (Symbios Logic Inc.) -- C:\WINDOWS\System32\dllcache\symc810.sys
[2011/10/15 22:35:05 | 000,030,688 | ---- | C] (LSI Logic) -- C:\WINDOWS\System32\dllcache\sym_u3.sys
[2011/10/15 22:35:04 | 000,028,384 | ---- | C] (LSI Logic) -- C:\WINDOWS\System32\dllcache\sym_hi.sys
[2011/10/15 22:35:03 | 000,103,936 | ---- | C] (Perle Systems Ltd. ) -- C:\WINDOWS\System32\dllcache\sx.sys
[2011/10/15 22:35:03 | 000,094,293 | ---- | C] (Perle Systems Ltd. ) -- C:\WINDOWS\System32\dllcache\sxports.dll
[2011/10/15 22:35:02 | 000,003,968 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\swusbflt.sys
[2011/10/15 22:35:01 | 000,010,240 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\swpidflt.dll
[2011/10/15 22:35:01 | 000,010,240 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\swpdflt2.dll
[2011/10/15 22:35:00 | 000,053,760 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\sw_wheel.dll
[2011/10/15 22:34:59 | 000,041,472 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\sw_effct.dll
[2011/10/15 22:34:57 | 000,155,648 | ---- | C] (Stallion Technologies) -- C:\WINDOWS\System32\dllcache\stlnprop.dll
[2011/10/15 22:34:56 | 000,285,760 | ---- | C] (Stallion Technologies) -- C:\WINDOWS\System32\dllcache\stlnata.sys
[2011/10/15 22:34:56 | 000,053,248 | ---- | C] (Stallion Technologies) -- C:\WINDOWS\System32\dllcache\stlncoin.dll
[2011/10/15 22:34:54 | 000,016,896 | ---- | C] (SCM Microsystems, Inc.) -- C:\WINDOWS\System32\dllcache\stcusb.sys
[2011/10/15 22:34:52 | 000,048,736 | ---- | C] (3Com) -- C:\WINDOWS\System32\dllcache\srwlnd5.sys
[2011/10/15 22:34:51 | 000,099,328 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\srusd.dll
[2011/10/15 22:34:47 | 000,024,660 | ---- | C] (Perle Systems Ltd.) -- C:\WINDOWS\System32\dllcache\spxupchk.dll
[2011/10/15 22:34:44 | 000,061,824 | ---- | C] (Perle Systems Ltd.) -- C:\WINDOWS\System32\dllcache\speed.sys
[2011/10/15 22:34:43 | 000,106,584 | ---- | C] (Perle Systems Ltd.) -- C:\WINDOWS\System32\dllcache\spdports.dll
[2011/10/15 22:34:42 | 000,019,072 | ---- | C] (Adaptec, Inc.) -- C:\WINDOWS\System32\dllcache\sparrow.sys
[2011/10/15 22:34:41 | 000,007,552 | ---- | C] (Sony Corporation) -- C:\WINDOWS\System32\dllcache\sonypvu1.sys
[2011/10/15 22:34:40 | 000,037,040 | ---- | C] (Sony Corporation) -- C:\WINDOWS\System32\dllcache\sonypi.sys
[2011/10/15 22:34:39 | 000,114,688 | ---- | C] (Sony Corporation) -- C:\WINDOWS\System32\dllcache\sonypi.dll
[2011/10/15 22:34:38 | 000,020,752 | ---- | C] (Sony Corporation) -- C:\WINDOWS\System32\dllcache\sonync.sys
[2011/10/15 22:34:38 | 000,009,600 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\sonymc.sys
[2011/10/15 22:34:36 | 000,007,552 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\sonyait.sys
[2011/10/15 22:34:35 | 000,143,422 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\softkey.dll
[2011/10/15 22:34:34 | 000,007,040 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\snyaitmc.sys
[2011/10/15 22:34:28 | 000,058,368 | ---- | C] (Silicon Motion Inc.) -- C:\WINDOWS\System32\dllcache\smiminib.sys
[2011/10/15 22:34:25 | 000,147,200 | ---- | C] (Silicon Motion Inc.) -- C:\WINDOWS\System32\dllcache\smidispb.dll
[2011/10/15 22:34:24 | 000,025,034 | ---- | C] (SMC Networks, Inc.) -- C:\WINDOWS\System32\dllcache\smcpwr2n.sys
[2011/10/15 22:34:23 | 000,035,913 | ---- | C] (SMC) -- C:\WINDOWS\System32\dllcache\smcirda.sys
[2011/10/15 22:34:23 | 000,024,576 | ---- | C] (SMC Networks, Inc.) -- C:\WINDOWS\System32\dllcache\smc8000n.sys
[2011/10/15 22:34:22 | 000,006,784 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\smbhc.sys
[2011/10/15 22:34:20 | 000,006,912 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\smbclass.sys
[2011/10/15 22:34:19 | 000,016,000 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\smbbatt.sys
[2011/10/15 22:34:18 | 000,045,568 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\smb3w.dll
[2011/10/15 22:34:17 | 000,033,792 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\smb0w.dll
[2011/10/15 22:34:16 | 000,028,672 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\sma0w.dll
[2011/10/15 22:34:14 | 000,028,160 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\sm91w.dll
[2011/10/15 22:34:06 | 000,091,294 | ---- | C] (SysKonnect, a business unit of Schneider & Koch & Co. Datensysteme GmbH.) -- C:\WINDOWS\System32\dllcache\skfpwin.sys
[2011/10/15 22:34:06 | 000,063,547 | ---- | C] (Symbol Technologies) -- C:\WINDOWS\System32\dllcache\sla30nd5.sys
[2011/10/15 22:34:05 | 000,094,698 | ---- | C] (SysKonnect GmbH.) -- C:\WINDOWS\System32\dllcache\sk98xwin.sys
[2011/10/15 22:34:04 | 000,157,696 | ---- | C] (Silicon Integrated Systems Corporation) -- C:\WINDOWS\System32\dllcache\sisv256.dll
[2011/10/15 22:34:03 | 000,050,432 | ---- | C] (Silicon Integrated Systems Corporation) -- C:\WINDOWS\System32\dllcache\sisv.sys
[2011/10/15 22:34:02 | 000,032,768 | ---- | C] (SiS Corporation) -- C:\WINDOWS\System32\dllcache\sisnic.sys
[2011/10/15 22:34:00 | 000,150,144 | ---- | C] (Silicon Integrated Systems Corporation) -- C:\WINDOWS\System32\dllcache\sis6306v.dll
[2011/10/15 22:34:00 | 000,068,608 | ---- | C] (Silicon Integrated Systems Corporation) -- C:\WINDOWS\System32\dllcache\sis6306p.sys
[2011/10/15 22:33:59 | 000,252,032 | ---- | C] (Silicon Integrated Systems Corporation) -- C:\WINDOWS\System32\dllcache\sis300iv.dll
[2011/10/15 22:33:58 | 000,101,760 | ---- | C] (Silicon Integrated Systems Corporation) -- C:\WINDOWS\System32\dllcache\sis300ip.sys
[2011/10/15 22:33:50 | 000,161,568 | ---- | C] (Micro Systemation) -- C:\WINDOWS\System32\dllcache\sgsmusb.sys
[2011/10/15 22:33:49 | 000,018,400 | ---- | C] (Micro Systemation) -- C:\WINDOWS\System32\dllcache\sgsmld.sys
[2011/10/15 22:33:48 | 000,098,080 | ---- | C] (Trident Microsystems Inc.) -- C:\WINDOWS\System32\dllcache\sgiulnt5.sys
[2011/10/15 22:33:47 | 000,386,560 | ---- | C] (Trident Microsystems Inc.) -- C:\WINDOWS\System32\dllcache\sgiul50.dll
[2011/10/15 22:33:47 | 000,036,480 | ---- | C] (Creative Technology Ltd.) -- C:\WINDOWS\System32\dllcache\sfmanm.sys
[2011/10/15 22:33:44 | 000,006,784 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\serscan.sys
[2011/10/15 22:33:43 | 000,017,664 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\sermouse.sys
[2011/10/15 22:33:41 | 000,006,912 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\seaddsmc.sys
[2011/10/15 22:33:39 | 000,011,648 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\scsiprnt.sys
[2011/10/15 22:33:39 | 000,011,520 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\scsiscan.sys
[2011/10/15 22:33:37 | 000,017,280 | ---- | C] (SCM Microsystems) -- C:\WINDOWS\System32\dllcache\scr111.sys
[2011/10/15 22:33:36 | 000,016,640 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\scmstcs.sys
[2011/10/15 22:33:35 | 000,023,936 | ---- | C] (OMNIKEY AG) -- C:\WINDOWS\System32\dllcache\sccmusbm.sys
[2011/10/15 22:33:34 | 000,023,936 | ---- | C] (OMNIKEY AG) -- C:\WINDOWS\System32\dllcache\sccmn50m.sys
[2011/10/15 22:33:33 | 000,495,616 | ---- | C] (Creative Technology Ltd.) -- C:\WINDOWS\System32\dllcache\sblfx.dll
[2011/10/15 22:33:31 | 000,075,392 | ---- | C] (S3 Graphics, Inc.) -- C:\WINDOWS\System32\dllcache\s3savmxm.sys
[2011/10/15 22:33:30 | 000,245,632 | ---- | C] (S3 Graphics, Inc.) -- C:\WINDOWS\System32\dllcache\s3savmx.dll
[2011/10/15 22:33:29 | 000,198,400 | ---- | C] (S3 Incorporated) -- C:\WINDOWS\System32\dllcache\s3sav4.dll
[2011/10/15 22:33:29 | 000,077,824 | ---- | C] (S3 Incorporated) -- C:\WINDOWS\System32\dllcache\s3sav4m.sys
[2011/10/15 22:33:28 | 000,061,504 | ---- | C] (S3 Incorporated) -- C:\WINDOWS\System32\dllcache\s3sav3dm.sys
[2011/10/15 22:33:27 | 000,179,264 | ---- | C] (S3 Incorporated) -- C:\WINDOWS\System32\dllcache\s3sav3d.dll
[2011/10/15 22:33:26 | 000,210,496 | ---- | C] (S3 Incorporated) -- C:\WINDOWS\System32\dllcache\s3mvirge.dll
[2011/10/15 22:33:26 | 000,062,496 | ---- | C] (S3 Incorporated) -- C:\WINDOWS\System32\dllcache\s3mtrio.dll
[2011/10/15 22:33:25 | 000,041,216 | ---- | C] (S3 Incorporated) -- C:\WINDOWS\System32\dllcache\s3mt3d.sys
[2011/10/15 22:33:24 | 000,182,272 | ---- | C] (S3 Incorporated) -- C:\WINDOWS\System32\dllcache\s3mt3d.dll
[2011/10/15 22:33:24 | 000,166,720 | ---- | C] (S3 Incorporated) -- C:\WINDOWS\System32\dllcache\s3m.sys
[2011/10/15 22:33:23 | 000,065,664 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\s3legacy.sys
[2011/10/15 22:33:22 | 000,082,432 | ---- | C] (Ricoh Co., Ltd.) -- C:\WINDOWS\System32\dllcache\rwia450.dll
[2011/10/15 22:33:21 | 000,079,872 | ---- | C] (Ricoh Co., Ltd.) -- C:\WINDOWS\System32\dllcache\rwia430.dll
[2011/10/15 22:33:19 | 000,029,696 | ---- | C] (Ricoh Co., Ltd.) -- C:\WINDOWS\System32\dllcache\rw450ext.dll
[2011/10/15 22:33:17 | 000,027,648 | ---- | C] (Ricoh Co., Ltd.) -- C:\WINDOWS\System32\dllcache\rw430ext.dll
[2011/10/15 22:33:14 | 000,019,017 | ---- | C] (Realtek Semiconductor Corporation) -- C:\WINDOWS\System32\dllcache\rtl8029.sys
[2011/10/15 22:33:13 | 000,030,720 | ---- | C] (Conexant Systems Inc.) -- C:\WINDOWS\System32\dllcache\rthwcls.sys
[2011/10/15 22:33:10 | 000,003,840 | ---- | C] (Conexant Systems Inc.) -- C:\WINDOWS\System32\dllcache\rpfun.sys
[2011/10/15 22:33:06 | 000,079,104 | ---- | C] (Comtrol Corporation) -- C:\WINDOWS\System32\dllcache\rocket.sys
[2011/10/15 22:33:05 | 000,037,563 | ---- | C] (RadioLAN) -- C:\WINDOWS\System32\dllcache\rlnet5.sys
[2011/10/15 22:33:03 | 000,086,097 | ---- | C] (Xircom) -- C:\WINDOWS\System32\dllcache\reslog32.dll
[2011/10/15 22:32:55 | 000,019,584 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\rasirda.sys
[2011/10/15 22:32:52 | 000,714,762 | ---- | C] (Xircom, Inc.) -- C:\WINDOWS\System32\dllcache\r2mdmkxx.sys
[2011/10/15 22:32:51 | 000,899,146 | ---- | C] (Xircom, Inc.) -- C:\WINDOWS\System32\dllcache\r2mdkxga.sys
[2011/10/15 22:32:50 | 000,041,472 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\qvusd.dll
[2011/10/15 22:32:49 | 000,003,328 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\qv2kux.sys
[2011/10/15 22:32:45 | 000,049,024 | ---- | C] (QLogic Corporation) -- C:\WINDOWS\System32\dllcache\ql1280.sys
[2011/10/15 22:32:45 | 000,040,448 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\ql1240.sys
[2011/10/15 22:32:44 | 000,045,312 | ---- | C] (QLogic Corporation) -- C:\WINDOWS\System32\dllcache\ql12160.sys
[2011/10/15 22:32:43 | 000,033,152 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\ql10wnt.sys
[2011/10/15 22:32:42 | 000,040,320 | ---- | C] (QLogic Corporation) -- C:\WINDOWS\System32\dllcache\ql1080.sys
[2011/10/15 22:32:41 | 000,006,016 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\qic157.sys
[2011/10/15 22:32:39 | 000,130,942 | ---- | C] (PCTEL, INC.) -- C:\WINDOWS\System32\dllcache\ptserlv.sys
[2011/10/15 22:32:38 | 000,128,286 | ---- | C] (PCTEL, INC.) -- C:\WINDOWS\System32\dllcache\ptserli.sys
[2011/10/15 22:32:38 | 000,112,574 | ---- | C] (PCTEL, INC.) -- C:\WINDOWS\System32\dllcache\ptserlp.sys
[2011/10/15 22:32:36 | 000,159,232 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\ptpusd.dll
[2011/10/15 22:32:36 | 000,005,632 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\ptpusb.dll
[2011/10/15 22:32:35 | 000,035,328 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\psisload.dll
[2011/10/15 22:32:33 | 000,016,128 | ---- | C] (SCM Microsystems, Inc.) -- C:\WINDOWS\System32\dllcache\pscr.sys
[2011/10/15 22:32:29 | 000,017,664 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\ppa3.sys
[2011/10/15 22:32:28 | 000,017,792 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\ppa.sys
[2011/10/15 22:32:27 | 000,008,832 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\powerfil.sys
[2011/10/15 22:32:25 | 000,007,168 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\pnrmc.sys
[2011/10/15 22:32:19 | 000,121,344 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\phvfwext.dll
[2011/10/15 22:32:18 | 000,019,840 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\philtune.sys
[2011/10/15 22:32:17 | 000,173,696 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\philcam2.sys
[2011/10/15 22:32:17 | 000,092,416 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\phildec.sys
[2011/10/15 22:32:16 | 000,075,776 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\philcam1.sys
[2011/10/15 22:32:15 | 000,016,384 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\philcam1.dll
[2011/10/15 22:32:14 | 000,105,984 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\phdsext.ax
[2011/10/15 22:32:13 | 000,259,328 | ---- | C] (Microsoft Corp., 3Dlabs Inc. Ltd.) -- C:\WINDOWS\System32\dllcache\perm3dd.dll
[2011/10/15 22:32:11 | 000,028,032 | ---- | C] (Microsoft Corp., 3Dlabs Inc. Ltd.) -- C:\WINDOWS\System32\dllcache\perm3.sys
[2011/10/15 22:32:10 | 000,211,584 | ---- | C] (Microsoft Corp., 3Dlabs Inc. Ltd.) -- C:\WINDOWS\System32\dllcache\perm2dll.dll
[2011/10/15 22:32:09 | 000,027,904 | ---- | C] (Microsoft Corp., 3Dlabs Inc. Ltd.) -- C:\WINDOWS\System32\dllcache\perm2.sys
[2011/10/15 22:32:07 | 000,005,504 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\perc2hib.sys
[2011/10/15 22:32:06 | 000,027,296 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\perc2.sys
[2011/10/15 22:32:04 | 000,169,984 | ---- | C] (Cisco Systems) -- C:\WINDOWS\System32\dllcache\pcx500.sys
[2011/10/15 22:32:04 | 000,086,016 | ---- | C] (PCtel, Inc.) -- C:\WINDOWS\System32\dllcache\pctspk.exe
[2011/10/15 22:32:03 | 000,035,328 | ---- | C] (AMD Inc.) -- C:\WINDOWS\System32\dllcache\pcntpci5.sys
[2011/10/15 22:32:02 | 000,030,282 | ---- | C] (AMD Inc.) -- C:\WINDOWS\System32\dllcache\pcntn5hl.sys
[2011/10/15 22:32:02 | 000,029,769 | ---- | C] (AMD Inc.) -- C:\WINDOWS\System32\dllcache\pcntn5m.sys
[2011/10/15 22:32:01 | 000,026,153 | ---- | C] (Linksys) -- C:\WINDOWS\System32\dllcache\pcmlm56.sys
[2011/10/15 22:31:59 | 000,029,502 | ---- | C] (Marconi Communications, Inc.) -- C:\WINDOWS\System32\dllcache\pca200e.sys
[2011/10/15 22:31:58 | 000,030,495 | ---- | C] (Linksys) -- C:\WINDOWS\System32\dllcache\pc100nds.sys
[2011/10/15 22:31:56 | 000,014,336 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\padrs412.dll
[2011/10/15 22:31:55 | 000,036,927 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\padrs411.dll
[2011/10/15 22:31:53 | 000,044,544 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\ovui2.dll
[2011/10/15 22:31:53 | 000,041,984 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\ovui2rc.dll
[2011/10/15 22:31:52 | 000,039,424 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\ovcoms.exe
[2011/10/15 22:31:52 | 000,025,216 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\ovsound2.sys
[2011/10/15 22:31:51 | 000,351,616 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\ovcodek2.sys
[2011/10/15 22:31:51 | 000,020,480 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\ovcomc.dll
[2011/10/15 22:31:50 | 000,116,736 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\ovcodec2.dll
[2011/10/15 22:31:49 | 000,031,872 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\ovce.sys
[2011/10/15 22:31:49 | 000,028,032 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\ovcd.sys
[2011/10/15 22:31:48 | 000,048,000 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\ovcam2.sys
[2011/10/15 22:31:46 | 000,054,186 | ---- | C] (Ositech Communications, Inc.) -- C:\WINDOWS\System32\dllcache\otcsercb.sys
[2011/10/15 22:31:46 | 000,025,088 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\ovca.sys
[2011/10/15 22:31:45 | 000,043,689 | ---- | C] (Ositech Communications, Inc.) -- C:\WINDOWS\System32\dllcache\otceth5.sys
[2011/10/15 22:31:45 | 000,027,209 | ---- | C] (Ositech Communications, Inc.) -- C:\WINDOWS\System32\dllcache\otc06x5.sys
[2011/10/15 22:31:44 | 000,054,528 | ---- | C] (Yamaha Corp.) -- C:\WINDOWS\System32\dllcache\opl3sax.sys
[2011/10/15 22:31:38 | 000,198,144 | ---- | C] (NVIDIA Corporation) -- C:\WINDOWS\System32\dllcache\nv3.sys
[2011/10/15 22:31:37 | 000,123,776 | ---- | C] (NVIDIA Corporation) -- C:\WINDOWS\System32\dllcache\nv3.dll
[2011/10/15 22:31:33 | 000,051,552 | ---- | C] (Kensington Technology Group) -- C:\WINDOWS\System32\dllcache\ntgrip.sys
[2011/10/15 22:31:32 | 000,009,344 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\ntapm.sys
[2011/10/15 22:31:31 | 000,007,552 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\nsmmc.sys
[2011/10/15 22:31:30 | 000,028,672 | ---- | C] (National Semiconductor Corporation) -- C:\WINDOWS\System32\dllcache\nscirda.sys
[2011/10/15 22:31:29 | 000,087,040 | ---- | C] (NeoMagic Corporation) -- C:\WINDOWS\System32\dllcache\nm6wdm.sys
[2011/10/15 22:31:28 | 000,126,080 | ---- | C] (NeoMagic Corporation) -- C:\WINDOWS\System32\dllcache\nm5a2wdm.sys
[2011/10/15 22:31:27 | 000,032,840 | ---- | C] (NETGEAR Corporation.) -- C:\WINDOWS\System32\dllcache\ngrpci.sys
[2011/10/15 22:31:26 | 000,132,695 | ---- | C] (802.11b) -- C:\WINDOWS\System32\dllcache\netwlan5.sys
[2011/10/15 22:31:24 | 000,065,278 | ---- | C] (Compaq Computer Corporation) -- C:\WINDOWS\System32\dllcache\netflx3.sys
[2011/10/15 22:31:22 | 000,060,480 | ---- | C] (NeoMagic Corporation) -- C:\WINDOWS\System32\dllcache\neo20xx.dll
[2011/10/15 22:31:22 | 000,039,264 | ---- | C] (NeoMagic Corporation) -- C:\WINDOWS\System32\dllcache\neo20xx.sys
[2011/10/15 22:31:21 | 000,015,872 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\ne2000.sys
[2011/10/15 22:31:19 | 000,091,488 | ---- | C] (Number Nine Visual Technology Corp.) -- C:\WINDOWS\System32\dllcache\n9i3disp.dll
[2011/10/15 22:31:18 | 000,033,088 | ---- | C] (Number Nine Visual Technology Corp.) -- C:\WINDOWS\System32\dllcache\n9i128v2.sys
[2011/10/15 22:31:18 | 000,027,936 | ---- | C] (Number Nine Visual Technology Corp.) -- C:\WINDOWS\System32\dllcache\n9i3d.sys
[2011/10/15 22:31:17 | 000,059,104 | ---- | C] (Number Nine Visual Technology Corp.) -- C:\WINDOWS\System32\dllcache\n9i128v2.dll
[2011/10/15 22:31:17 | 000,013,664 | ---- | C] (Number Nine Visual Technology Corp.) -- C:\WINDOWS\System32\dllcache\n9i128.sys
[2011/10/15 22:31:16 | 000,128,000 | ---- | C] (Compaq Computer Corporation) -- C:\WINDOWS\System32\dllcache\n100325.sys
[2011/10/15 22:31:16 | 000,035,392 | ---- | C] (Number Nine Visual Technology Corp.) -- C:\WINDOWS\System32\dllcache\n9i128.dll
[2011/10/15 22:31:15 | 000,075,520 | ---- | C] (Moxa Technologies Co., Ltd.) -- C:\WINDOWS\System32\dllcache\mxport.sys
[2011/10/15 22:31:15 | 000,052,255 | ---- | C] (Compaq Computer Corporation) -- C:\WINDOWS\System32\dllcache\n1000nt5.sys
[2011/10/15 22:31:14 | 000,019,968 | ---- | C] (Macronix International Co., Ltd. ) -- C:\WINDOWS\System32\dllcache\mxnic.sys
[2011/10/15 22:31:14 | 000,007,168 | ---- | C] (Moxa Technologies Co., Ltd) -- C:\WINDOWS\System32\dllcache\mxport.dll
[2011/10/15 22:31:13 | 000,021,888 | ---- | C] (Moxa Technologies Co., Ltd.) -- C:\WINDOWS\System32\dllcache\mxcard.sys
[2011/10/15 22:31:13 | 000,019,968 | ---- | C] (Moxa Technologies Co., Ltd) -- C:\WINDOWS\System32\dllcache\mxicfg.dll
[2011/10/15 22:31:12 | 000,229,439 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\multibox.dll
[2011/10/15 22:31:12 | 000,103,296 | ---- | C] (Matrox Graphics Inc) -- C:\WINDOWS\System32\dllcache\mtxvideo.sys
[2011/10/15 22:31:04 | 000,049,024 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\mstape.sys
[2011/10/15 22:31:01 | 000,012,416 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\msriffwv.sys
[2011/10/15 22:30:58 | 000,002,944 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\msmpu401.sys
[2011/10/15 22:30:56 | 001,875,968 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\msir3jp.lex
[2011/10/15 22:30:56 | 000,022,016 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\msircomm.sys
[2011/10/15 22:30:55 | 000,098,304 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\msir3jp.dll
[2011/10/15 22:30:51 | 000,035,200 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\msgame.sys
[2011/10/15 22:30:50 | 000,006,016 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\msfsio.sys
[2011/10/15 22:30:45 | 000,017,280 | ---- | C] (American Megatrends Inc.) -- C:\WINDOWS\System32\dllcache\mraid35x.sys
[2011/10/15 22:30:39 | 000,016,128 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\modemcsa.sys
[2011/10/15 22:30:36 | 000,006,528 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\miniqic.sys
[2011/10/15 22:30:34 | 000,320,384 | ---- | C] (Matrox Graphics Inc.) -- C:\WINDOWS\System32\dllcache\mgaum.sys
[2011/10/15 22:30:34 | 000,235,648 | ---- | C] (Matrox Graphics Inc.) -- C:\WINDOWS\System32\dllcache\mgaud.dll
[2011/10/15 22:30:32 | 000,047,616 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\memgrp.dll
[2011/10/15 22:30:32 | 000,026,112 | ---- | C] (Sony Corporation) -- C:\WINDOWS\System32\dllcache\memstpci.sys
[2011/10/15 22:30:31 | 000,008,320 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\memcard.sys
[2011/10/15 22:30:30 | 000,164,586 | ---- | C] (Madge Networks Ltd) -- C:\WINDOWS\System32\dllcache\mdgndis5.sys
[2011/10/15 22:30:28 | 000,007,424 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\mammoth.sys
[2011/10/15 22:30:27 | 000,058,880 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\m3092dc.dll
[2011/10/15 22:30:27 | 000,048,768 | ---- | C] (ESS Technology, Inc.) -- C:\WINDOWS\System32\dllcache\maestro.sys
[2011/10/15 22:30:26 | 000,058,368 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\m3091dc.dll
[2011/10/15 22:30:26 | 000,022,848 | ---- | C] (Logitech Inc.) -- C:\WINDOWS\System32\dllcache\lwusbhid.sys
[2011/10/15 22:30:25 | 000,020,864 | ---- | C] (Logitech Inc.) -- C:\WINDOWS\System32\dllcache\lwadihid.sys
[2011/10/15 22:30:24 | 000,802,683 | ---- | C] (Lucent Technologies) -- C:\WINDOWS\System32\dllcache\ltsm.sys
[2011/10/15 22:30:24 | 000,797,500 | ---- | C] (LT) -- C:\WINDOWS\System32\dllcache\ltsmt.sys
[2011/10/15 22:30:23 | 000,007,040 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\ltotape.sys
[2011/10/15 22:30:22 | 000,576,746 | ---- | C] (LT) -- C:\WINDOWS\System32\dllcache\ltmdmntl.sys
[2011/10/15 22:30:22 | 000,420,992 | ---- | C] (LT) -- C:\WINDOWS\System32\dllcache\ltmdmntt.sys
[2011/10/15 22:30:21 | 000,727,786 | ---- | C] (Xircom, Inc.) -- C:\WINDOWS\System32\dllcache\ltck000c.sys
[2011/10/15 22:30:19 | 000,004,992 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\loop.sys
[2011/10/15 22:30:17 | 000,070,730 | ---- | C] (Linksys Group, Inc.) -- C:\WINDOWS\System32\dllcache\lne100tx.sys
[2011/10/15 22:30:17 | 000,020,573 | ---- | C] (The Linksts Group ) -- C:\WINDOWS\System32\dllcache\lne100.sys
[2011/10/15 22:30:16 | 000,025,065 | ---- | C] (D-Link) -- C:\WINDOWS\System32\dllcache\lmndis3.sys
[2011/10/15 22:30:16 | 000,015,744 | ---- | C] (Litronic Industries) -- C:\WINDOWS\System32\dllcache\lit220p.sys
[2011/10/15 22:30:14 | 000,034,688 | ---- | C] (Toshiba Corp.) -- C:\WINDOWS\System32\dllcache\lbrtfdc.sys
[2011/10/15 22:30:14 | 000,026,442 | ---- | C] (SMSC) -- C:\WINDOWS\System32\dllcache\lanepic5.sys
[2011/10/15 22:30:13 | 000,019,016 | ---- | C] (Kingston Technology Company ) -- C:\WINDOWS\System32\dllcache\ktc111.sys
[2011/10/15 22:30:11 | 000,070,656 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\korwbrkr.dll
[2011/10/15 22:30:11 | 000,037,376 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kousd.dll
[2011/10/15 22:30:09 | 000,253,952 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kdsusd.dll
[2011/10/15 22:30:09 | 000,048,640 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kdsui.dll
[2011/10/15 22:30:00 | 000,008,192 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kbdkor.dll
[2011/10/15 22:29:59 | 000,008,704 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kbdjpn.dll
[2011/10/15 22:29:55 | 000,014,592 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kbdhid.sys
[2011/10/15 22:29:47 | 000,006,144 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kbd106.dll
[2011/10/15 22:29:46 | 000,006,144 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kbd101c.dll
[2011/10/15 22:29:46 | 000,005,632 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kbd103.dll
[2011/10/15 22:29:45 | 000,006,144 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kbd101b.dll
[2011/10/15 22:29:42 | 000,026,624 | ---- | C] (SigmaTel, Inc.) -- C:\WINDOWS\System32\dllcache\irstusb.sys
[2011/10/15 22:29:42 | 000,018,688 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\irsir.sys
[2011/10/15 22:29:41 | 000,028,160 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\irmon.dll
[2011/10/15 22:29:41 | 000,023,552 | ---- | C] (MKNet Corporation) -- C:\WINDOWS\System32\dllcache\irmk7.sys
[2011/10/15 22:29:40 | 000,151,552 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\irftp.exe
[2011/10/15 22:29:40 | 000,088,192 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\irda.sys
[2011/10/15 22:29:37 | 000,045,632 | ---- | C] (Interphase ® Corporation a Windows ® 2000 DDK Driver Provider) -- C:\WINDOWS\System32\dllcache\ip5515.sys
[2011/10/15 22:29:36 | 000,090,200 | ---- | C] (Perle Systems Ltd. ) -- C:\WINDOWS\System32\dllcache\io8ports.dll
[2011/10/15 22:29:36 | 000,038,784 | ---- | C] (Perle Systems Ltd. ) -- C:\WINDOWS\System32\dllcache\io8.sys
[2011/10/15 22:29:35 | 000,013,056 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\inport.sys
[2011/10/15 22:29:34 | 000,016,000 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\ini910u.sys
[2011/10/15 22:29:31 | 000,471,102 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\imskdic.dll
[2011/10/15 22:29:30 | 000,059,904 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\imkrinst.exe
[2011/10/15 22:29:29 | 000,045,109 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\imjpuex.exe
[2011/10/15 22:29:27 | 000,057,398 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\imjpdadm.exe
[2011/10/15 22:29:25 | 000,311,359 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\imepadsv.exe
[2011/10/15 22:29:25 | 000,102,463 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\imepadsm.dll
[2011/10/15 22:29:25 | 000,044,032 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\imekrmig.exe
[2011/10/15 22:29:10 | 000,372,824 | ---- | C] (Xircom) -- C:\WINDOWS\System32\dllcache\iconf32.dll
[2011/10/15 22:29:09 | 000,100,992 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\icam5usb.sys
[2011/10/15 22:29:09 | 000,020,480 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\icam5ext.dll
[2011/10/15 22:29:08 | 000,154,496 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\icam4usb.sys
[2011/10/15 22:29:08 | 000,045,056 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\icam5com.dll
[2011/10/15 22:29:07 | 000,091,136 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\icam4com.dll
[2011/10/15 22:29:07 | 000,061,952 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\icam4ext.dll
[2011/10/15 22:29:07 | 000,026,624 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\icam3ext.dll
[2011/10/15 22:29:06 | 000,141,056 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\icam3.sys
[2011/10/15 22:29:06 | 000,038,528 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\ibmvcap.sys
[2011/10/15 22:29:05 | 000,109,085 | ---- | C] (IBM Corporation) -- C:\WINDOWS\System32\dllcache\ibmtrp.sys
[2011/10/15 22:29:05 | 000,100,936 | ---- | C] (IBM Corporation) -- C:\WINDOWS\System32\dllcache\ibmtok.sys
[2011/10/15 22:29:04 | 000,028,700 | ---- | C] (IBM Corp.) -- C:\WINDOWS\System32\dllcache\ibmexmp.sys
[2011/10/15 22:29:04 | 000,009,216 | ---- | C] (IBM Corporation) -- C:\WINDOWS\System32\dllcache\ibmsgnet.dll
[2011/10/15 22:29:02 | 000,702,845 | ---- | C] (Intel® Corporation) -- C:\WINDOWS\System32\dllcache\i81xdnt5.dll
[2011/10/15 22:29:02 | 000,161,020 | ---- | C] (Intel® Corporation) -- C:\WINDOWS\System32\dllcache\i81xnt5.sys
[2011/10/15 22:29:01 | 000,353,184 | ---- | C] (Intel Corporation) -- C:\WINDOWS\System32\dllcache\i740dnt5.dll
[2011/10/15 22:29:01 | 000,058,592 | ---- | C] (Intel Corporation) -- C:\WINDOWS\System32\dllcache\i740nt5.sys
[2011/10/15 22:29:00 | 000,018,560 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\i2omp.sys
[2011/10/15 22:28:59 | 000,008,576 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\i2omgmt.sys
[2011/10/15 22:28:58 | 010,129,408 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\hwxkor.dll
[2011/10/15 22:28:55 | 010,096,640 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\hwxcht.dll
[2011/10/15 22:28:53 | 000,488,383 | ---- | C] (Conexant) -- C:\WINDOWS\System32\dllcache\hsf_v124.sys
[2011/10/15 22:28:53 | 000,050,751 | ---- | C] (Conexant) -- C:\WINDOWS\System32\dllcache\hsf_tone.sys
[2011/10/15 22:28:52 | 000,073,279 | ---- | C] (Conexant) -- C:\WINDOWS\System32\dllcache\hsf_spkp.sys
[2011/10/15 22:28:52 | 000,044,863 | ---- | C] (Conexant) -- C:\WINDOWS\System32\dllcache\hsf_soar.sys
[2011/10/15 22:28:51 | 000,542,879 | ---- | C] (Conexant) -- C:\WINDOWS\System32\dllcache\hsf_msft.sys
[2011/10/15 22:28:51 | 000,057,471 | ---- | C] (Conexant) -- C:\WINDOWS\System32\dllcache\hsf_samp.sys
[2011/10/15 22:28:50 | 000,391,199 | ---- | C] (Conexant) -- C:\WINDOWS\System32\dllcache\hsf_k56k.sys
[2011/10/15 22:28:50 | 000,115,807 | ---- | C] (Conexant) -- C:\WINDOWS\System32\dllcache\hsf_fsks.sys
[2011/10/15 22:28:50 | 000,009,759 | ---- | C] (Conexant) -- C:\WINDOWS\System32\dllcache\hsf_inst.dll
[2011/10/15 22:28:49 | 000,289,887 | ---- | C] (Conexant) -- C:\WINDOWS\System32\dllcache\hsf_fall.sys
[2011/10/15 22:28:49 | 000,199,711 | ---- | C] (Conexant) -- C:\WINDOWS\System32\dllcache\hsf_faxx.sys
[2011/10/15 22:28:48 | 000,150,239 | ---- | C] (Conexant) -- C:\WINDOWS\System32\dllcache\hsf_amos.sys
[2011/10/15 22:28:48 | 000,067,167 | ---- | C] (Conexant) -- C:\WINDOWS\System32\dllcache\hsf_bsc2.sys
[2011/10/15 22:28:46 | 000,019,456 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\hr1w.dll
[2011/10/15 22:28:46 | 000,005,760 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\hpt4qic.sys
[2011/10/15 22:28:45 | 000,324,608 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\hpojwia.dll
[2011/10/15 22:28:45 | 000,013,312 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\hpsjmcro.dll
[2011/10/15 22:28:44 | 000,068,608 | ---- | C] (Avisioin) -- C:\WINDOWS\System32\dllcache\hpgt53tk.dll
[2011/10/15 22:28:44 | 000,032,768 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\hpgtmcro.dll
[2011/10/15 22:28:44 | 000,025,952 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\hpn.sys
[2011/10/15 22:28:43 | 000,031,232 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\hpgt42tk.dll
[2011/10/15 22:28:42 | 000,126,976 | ---- | C] (Hewlett Packard) -- C:\WINDOWS\System32\dllcache\hpgt34tk.dll
[2011/10/15 22:28:41 | 000,048,128 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\hpgt33tk.dll
[2011/10/15 22:28:40 | 000,123,392 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\hpgt21tk.dll
[2011/10/15 22:28:39 | 000,119,296 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\hpdigwia.dll
[2011/10/15 22:28:38 | 000,002,688 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\hidswvd.sys
[2011/10/15 22:28:37 | 000,008,576 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\hidgame.sys
[2011/10/15 22:28:36 | 000,020,352 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\hidbatt.sys
[2011/10/15 22:28:35 | 000,907,456 | ---- | C] (Conexant) -- C:\WINDOWS\System32\dllcache\hcf_msft.sys
[2011/10/15 22:28:34 | 000,036,864 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\hanjadic.dll
[2011/10/15 22:28:33 | 000,028,288 | ---- | C] (Gemplus) -- C:\WINDOWS\System32\dllcache\grserial.sys
[2011/10/15 22:28:32 | 000,082,304 | ---- | C] (Gemplus) -- C:\WINDOWS\System32\dllcache\grclass.sys
[2011/10/15 22:28:31 | 000,017,408 | ---- | C] (Gemplus) -- C:\WINDOWS\System32\dllcache\gpr400.sys
[2011/10/15 22:28:30 | 000,059,136 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\gckernel.sys
[2011/10/15 22:28:29 | 000,322,432 | ---- | C] (Matrox Graphics Inc.) -- C:\WINDOWS\System32\dllcache\g400m.sys
[2011/10/15 22:28:29 | 000,010,624 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\gameenum.sys
[2011/10/15 22:28:28 | 001,733,120 | ---- | C] (Matrox Graphics Inc.) -- C:\WINDOWS\System32\dllcache\g400d.dll
[2011/10/15 22:28:27 | 000,470,144 | ---- | C] (Matrox Graphics Inc.) -- C:\WINDOWS\System32\dllcache\g200d.dll
[2011/10/15 22:28:27 | 000,320,384 | ---- | C] (Matrox Graphics Inc.) -- C:\WINDOWS\System32\dllcache\g200m.sys
[2011/10/15 22:28:26 | 000,454,912 | ---- | C] (AVM GmbH) -- C:\WINDOWS\System32\dllcache\fxusbase.sys
[2011/10/15 22:28:24 | 000,092,160 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\fuusd.dll
[2011/10/15 22:28:23 | 000,455,680 | ---- | C] (AVM GmbH) -- C:\WINDOWS\System32\dllcache\fus2base.sys
[2011/10/15 22:28:23 | 000,455,296 | ---- | C] (AVM GmbH) -- C:\WINDOWS\System32\dllcache\fusbbase.sys
[2011/10/15 22:28:20 | 000,442,240 | ---- | C] (AVM GmbH) -- C:\WINDOWS\System32\dllcache\fpnpbase.sys
[2011/10/15 22:28:19 | 000,441,728 | ---- | C] (AVM GmbH) -- C:\WINDOWS\System32\dllcache\fpcmbase.sys
[2011/10/15 22:28:18 | 000,444,416 | ---- | C] (AVM GmbH) -- C:\WINDOWS\System32\dllcache\fpcibase.sys
[2011/10/15 22:28:17 | 000,071,680 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\fnfilter.dll
[2011/10/15 22:28:17 | 000,034,173 | ---- | C] (Marconi Communications, Inc.) -- C:\WINDOWS\System32\dllcache\forehe.sys
[2011/10/15 22:28:15 | 000,027,165 | ---- | C] (VIA Technologies, Inc. ) -- C:\WINDOWS\System32\dllcache\fetnd5.sys
[2011/10/15 22:28:13 | 000,022,090 | ---- | C] (3Com Corporation) -- C:\WINDOWS\System32\dllcache\fem556n5.sys
[2011/10/15 22:28:12 | 000,024,618 | ---- | C] (NETGEAR) -- C:\WINDOWS\System32\dllcache\fa410nd5.sys
[2011/10/15 22:28:11 | 000,016,074 | ---- | C] (NETGEAR Corp.) -- C:\WINDOWS\System32\dllcache\fa312nd5.sys
[2011/10/15 22:28:11 | 000,011,850 | ---- | C] (FUJITSU LIMITED) -- C:\WINDOWS\System32\dllcache\f3ab18xj.sys
[2011/10/15 22:28:10 | 000,012,362 | ---- | C] (FUJITSU LIMITED) -- C:\WINDOWS\System32\dllcache\f3ab18xi.sys
[2011/10/15 22:28:09 | 000,016,998 | ---- | C] (Intel Corporation) -- C:\WINDOWS\System32\dllcache\ex10.sys
[2011/10/15 22:28:09 | 000,007,040 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\exabyte2.sys
[2011/10/15 22:28:06 | 000,045,568 | ---- | C] (SEIKO EPSON CORP.) -- C:\WINDOWS\System32\dllcache\esunib.dll
[2011/10/15 22:28:06 | 000,045,568 | ---- | C] (SEIKO EPSON CORP.) -- C:\WINDOWS\System32\dllcache\esuni.dll
[2011/10/15 22:28:05 | 000,034,816 | ---- | C] (SEIKO EPSON CORP.) -- C:\WINDOWS\System32\dllcache\esuimg.dll
[2011/10/15 22:28:04 | 000,137,088 | ---- | C] (ESS Technology, Inc.) -- C:\WINDOWS\System32\dllcache\essm2e.sys
[2011/10/15 22:28:04 | 000,043,008 | ---- | C] (SEIKO EPSON CORP.) -- C:\WINDOWS\System32\dllcache\esucm.dll
[2011/10/15 22:28:03 | 000,063,360 | ---- | C] (ESS Technology, Inc.) -- C:\WINDOWS\System32\dllcache\ess.sys
[2011/10/15 22:28:02 | 000,594,238 | ---- | C] (ESS Technology, Inc.) -- C:\WINDOWS\System32\dllcache\es56hpi.sys
[2011/10/15 22:28:02 | 000,347,550 | ---- | C] (ESS Technology, Inc.) -- C:\WINDOWS\System32\dllcache\es56tpi.sys
[2011/10/15 22:28:01 | 000,595,647 | ---- | C] (ESS Technology, Inc.) -- C:\WINDOWS\System32\dllcache\es56cvmp.sys
[2011/10/15 22:28:01 | 000,174,464 | ---- | C] (ESS Technology, Inc.) -- C:\WINDOWS\System32\dllcache\es198x.sys
[2011/10/15 22:28:00 | 000,072,192 | ---- | C] (ESS Technology Inc.) -- C:\WINDOWS\System32\dllcache\es1969.sys
[2011/10/15 22:28:00 | 000,040,704 | ---- | C] (Creative Technology Ltd.) -- C:\WINDOWS\System32\dllcache\es1371mp.sys
[2011/10/15 22:27:59 | 000,061,952 | ---- | C] (Equinox Systems Inc.) -- C:\WINDOWS\System32\dllcache\eqnloop.exe
[2011/10/15 22:27:59 | 000,037,120 | ---- | C] (Creative Technology Ltd.) -- C:\WINDOWS\System32\dllcache\es1370mp.sys
[2011/10/15 22:27:58 | 000,053,248 | ---- | C] (Equinox Systems Inc.) -- C:\WINDOWS\System32\dllcache\eqndiag.exe
[2011/10/15 22:27:58 | 000,051,200 | ---- | C] (Equinox Systems Inc.) -- C:\WINDOWS\System32\dllcache\eqnlogr.exe
[2011/10/15 22:27:57 | 000,629,952 | ---- | C] (Equinox Systems Inc.) -- C:\WINDOWS\System32\dllcache\eqn.sys
[2011/10/15 22:27:57 | 000,114,944 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\epstw2k.sys
[2011/10/15 22:27:56 | 000,144,896 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\epcfw2k.sys
[2011/10/15 22:27:56 | 000,018,503 | ---- | C] (Intel Corporation) -- C:\WINDOWS\System32\dllcache\epro4.sys
[2011/10/15 22:27:55 | 000,283,904 | ---- | C] (Creative Technology Ltd.) -- C:\WINDOWS\System32\dllcache\emu10k1m.sys
[2011/10/15 22:27:54 | 000,025,159 | ---- | C] (3Com Corporation) -- C:\WINDOWS\System32\dllcache\elnk3.sys
[2011/10/15 22:27:54 | 000,019,996 | ---- | C] (3Com Corporation) -- C:\WINDOWS\System32\dllcache\em556n4.sys
[2011/10/15 22:27:53 | 000,171,520 | ---- | C] (3Com Corporation) -- C:\WINDOWS\System32\dllcache\el99xn51.sys
[2011/10/15 22:27:53 | 000,007,296 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\elmsmc.sys
[2011/10/15 22:27:52 | 000,455,199 | ---- | C] (3Com Corporation.) -- C:\WINDOWS\System32\dllcache\el985n51.sys
[2011/10/15 22:27:52 | 000,070,174 | ---- | C] (3Com Corporation) -- C:\WINDOWS\System32\dllcache\el98xn5.sys
[2011/10/15 22:27:51 | 000,153,631 | ---- | C] (3Com Corporation) -- C:\WINDOWS\System32\dllcache\el90xnd5.sys
[2011/10/15 22:27:51 | 000,066,591 | ---- | C] (3Com Corporation) -- C:\WINDOWS\System32\dllcache\el90xbc5.sys
[2011/10/15 22:27:50 | 000,241,206 | ---- | C] (3Com Corporation) -- C:\WINDOWS\System32\dllcache\el656se5.sys
[2011/10/15 22:27:50 | 000,077,386 | ---- | C] (3Com Corporation) -- C:\WINDOWS\System32\dllcache\el656nd5.sys
[2011/10/15 22:27:49 | 000,634,134 | ---- | C] (3Com Corporation) -- C:\WINDOWS\System32\dllcache\el656ct5.sys
[2011/10/15 22:27:48 | 000,069,194 | ---- | C] (3Com Corporation) -- C:\WINDOWS\System32\dllcache\el656cd5.sys
[2011/10/15 22:27:47 | 000,069,692 | ---- | C] (3Com Corporation) -- C:\WINDOWS\System32\dllcache\el575nd5.sys
[2011/10/15 22:27:47 | 000,026,141 | ---- | C] (3Com Corporation) -- C:\WINDOWS\System32\dllcache\el589nd5.sys
[2011/10/15 22:27:46 | 000,055,999 | ---- | C] (3Com Corporation) -- C:\WINDOWS\System32\dllcache\el556nd5.sys
[2011/10/15 22:27:46 | 000,024,653 | ---- | C] (3Com Corporation) -- C:\WINDOWS\System32\dllcache\el574nd4.sys
[2011/10/15 22:27:45 | 000,044,103 | ---- | C] (3Com Corporation) -- C:\WINDOWS\System32\dllcache\el515.sys
[2011/10/15 22:27:43 | 000,019,594 | ---- | C] (Intel Corporation) -- C:\WINDOWS\System32\dllcache\e100isa4.sys
[2011/10/15 22:27:42 | 000,117,760 | ---- | C] (Intel Corporation) -- C:\WINDOWS\System32\dllcache\e100b325.sys
[2011/10/15 22:27:41 | 000,050,719 | ---- | C] (Intel Corporation) -- C:\WINDOWS\System32\dllcache\e1000nt5.sys
[2011/10/15 22:27:36 | 000,020,992 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\dshowext.ax
[2011/10/15 22:27:35 | 000,334,208 | ---- | C] (Yamaha Corp.) -- C:\WINDOWS\System32\dllcache\ds1wdm.sys
[2011/10/15 22:27:33 | 000,020,192 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\dpti2o.sys
[2011/10/15 22:27:30 | 000,028,062 | ---- | C] (National Semiconductor Coproration) -- C:\WINDOWS\System32\dllcache\dp83820.sys
[2011/10/15 22:27:29 | 000,023,808 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\dot4usb.sys
[2011/10/15 22:27:28 | 000,008,704 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\dot4scan.sys
[2011/10/15 22:27:27 | 000,012,928 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\dot4prt.sys
[2011/10/15 22:27:26 | 000,206,976 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\dot4.sys
[2011/10/15 22:27:17 | 000,029,696 | ---- | C] (CNet Technology, Inc. ) -- C:\WINDOWS\System32\dllcache\dm9pci5.sys
[2011/10/15 22:27:17 | 000,008,320 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\dlttape.sys
[2011/10/15 22:27:16 | 000,026,698 | ---- | C] (D-Link Corporation) -- C:\WINDOWS\System32\dllcache\dlh5xnd5.sys
[2011/10/15 22:27:15 | 000,952,007 | ---- | C] (Eicon Technology) -- C:\WINDOWS\System32\dllcache\diwan.sys
[2011/10/15 22:27:13 | 000,236,060 | ---- | C] (Eicon Technology) -- C:\WINDOWS\System32\dllcache\ditrace.exe
[2011/10/15 22:27:12 | 000,038,985 | ---- | C] (Eicon Technology) -- C:\WINDOWS\System32\dllcache\disrvsu.dll
[2011/10/15 22:27:11 | 000,031,305 | ---- | C] (Eicon Technology) -- C:\WINDOWS\System32\dllcache\disrvpp.dll
[2011/10/15 22:27:11 | 000,006,729 | ---- | C] (Eicon Technology) -- C:\WINDOWS\System32\dllcache\disrvci.dll
[2011/10/15 22:27:09 | 000,091,305 | ---- | C] (Eicon Technology) -- C:\WINDOWS\System32\dllcache\dimaint.sys
[2011/10/15 22:27:08 | 000,614,429 | ---- | C] (Digi International Inc.) -- C:\WINDOWS\System32\dllcache\digiview.exe
[2011/10/15 22:27:07 | 000,110,621 | ---- | C] (Digi International, Inc.) -- C:\WINDOWS\System32\dllcache\digirlpt.dll
[2011/10/15 22:27:07 | 000,042,432 | ---- | C] (Digi International, Inc.) -- C:\WINDOWS\System32\dllcache\digirlpt.sys
[2011/10/15 22:27:06 | 000,021,606 | ---- | C] (Digi International Inc.) -- C:\WINDOWS\System32\dllcache\digiisdn.sys
[2011/10/15 22:27:05 | 000,102,484 | ---- | C] (Digi International Inc.) -- C:\WINDOWS\System32\dllcache\digiinf.dll
[2011/10/15 22:27:05 | 000,041,046 | ---- | C] (Digi International Inc.) -- C:\WINDOWS\System32\dllcache\digiisdn.dll
[2011/10/15 22:27:04 | 000,159,828 | ---- | C] (Digi International Inc.) -- C:\WINDOWS\System32\dllcache\digihlc.dll
[2011/10/15 22:27:03 | 000,229,462 | ---- | C] (Digi International Inc.) -- C:\WINDOWS\System32\dllcache\digifwrk.dll
[2011/10/15 22:27:02 | 000,103,044 | ---- | C] (Digi International Inc.) -- C:\WINDOWS\System32\dllcache\digidxb.sys
[2011/10/15 22:27:02 | 000,090,525 | ---- | C] (Digi International Inc.) -- C:\WINDOWS\System32\dllcache\digifep5.sys
[2011/10/15 22:27:01 | 000,131,156 | ---- | C] (Digi International Inc.) -- C:\WINDOWS\System32\dllcache\digidbp.dll
[2011/10/15 22:27:00 | 000,065,622 | ---- | C] (Digi International Inc.) -- C:\WINDOWS\System32\dllcache\digiasyn.dll
[2011/10/15 22:27:00 | 000,037,735 | ---- | C] (Digi International Inc.) -- C:\WINDOWS\System32\dllcache\digiasyn.sys
[2011/10/15 22:26:57 | 000,419,357 | ---- | C] (Digi International) -- C:\WINDOWS\System32\dllcache\dgconfig.dll
[2011/10/15 22:26:57 | 000,029,531 | ---- | C] (Digi International Inc.) -- C:\WINDOWS\System32\dllcache\dgapci.sys
[2011/10/15 22:26:56 | 000,024,649 | ---- | C] (D-Link) -- C:\WINDOWS\System32\dllcache\dfe650d.sys
[2011/10/15 22:26:55 | 000,024,648 | ---- | C] (D-Link) -- C:\WINDOWS\System32\dllcache\dfe650.sys
[2011/10/15 22:26:54 | 000,024,064 | ---- | C] (Creative Technology Ltd.) -- C:\WINDOWS\System32\dllcache\devldr32.exe
[2011/10/15 22:26:53 | 000,256,512 | ---- | C] (Creative Technology Ltd.) -- C:\WINDOWS\System32\dllcache\devcon32.dll
[2011/10/15 22:26:52 | 000,020,928 | ---- | C] (Digital Networks, LLC) -- C:\WINDOWS\System32\dllcache\defpa.sys
[2011/10/15 22:26:51 | 000,007,424 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\ddsmc.sys
[2011/10/15 22:26:50 | 000,110,592 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\dc260usd.dll
[2011/10/15 22:26:49 | 000,086,016 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\dc240usd.dll
[2011/10/15 22:26:49 | 000,063,208 | ---- | C] (Intel Corporation.) -- C:\WINDOWS\System32\dllcache\dc21x4.sys
[2011/10/15 22:26:48 | 000,080,896 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\dc210usd.dll
[2011/10/15 22:26:47 | 000,025,600 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\dc210_32.dll
[2011/10/15 22:26:44 | 000,179,584 | ---- | C] (Mylex Corporation) -- C:\WINDOWS\System32\dllcache\dac2w2k.sys
[2011/10/15 22:26:44 | 000,014,720 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\dac960nt.sys
[2011/10/15 22:26:41 | 000,117,760 | ---- | C] (Intel Corporation) -- C:\WINDOWS\System32\dllcache\d100ib5.sys
[2011/10/15 22:26:41 | 000,027,648 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\cyzports.dll
[2011/10/15 22:26:40 | 000,049,792 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\cyzport.sys
[2011/10/15 22:26:39 | 000,027,648 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\cyyports.dll
[2011/10/15 22:26:39 | 000,027,136 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\cyzcoins.dll
[2011/10/15 22:26:38 | 000,050,176 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\cyyport.sys
[2011/10/15 22:26:37 | 000,028,672 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\cyycoins.dll
[2011/10/15 22:26:37 | 000,014,848 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\cyclom-y.sys
[2011/10/15 22:26:36 | 000,048,640 | ---- | C] (Crystal Semiconductor Corp.) -- C:\WINDOWS\System32\dllcache\cwrwdm.sys
[2011/10/15 22:26:36 | 000,017,152 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\cyclad-z.sys
[2011/10/15 22:26:35 | 000,093,952 | ---- | C] (Crystal Semiconductor Corp.) -- C:\WINDOWS\System32\dllcache\cwcwdm.sys
[2011/10/15 22:26:34 | 000,111,872 | ---- | C] (Crystal Semiconductor Corp.) -- C:\WINDOWS\System32\dllcache\cwcspud.sys
[2011/10/15 22:26:34 | 000,003,584 | ---- | C] (Crystal Semiconductor Corp.) -- C:\WINDOWS\System32\dllcache\cwcosnt5.sys
[2011/10/15 22:26:33 | 000,072,832 | ---- | C] (Crystal Semiconductor Corp.) -- C:\WINDOWS\System32\dllcache\cwbwdm.sys
[2011/10/15 22:26:32 | 000,003,072 | ---- | C] (Crystal Semiconductor Corp.) -- C:\WINDOWS\System32\dllcache\cwbmidi.sys
[2011/10/15 22:26:32 | 000,003,072 | ---- | C] (Crystal Semiconductor Corp.) -- C:\WINDOWS\System32\dllcache\cwbase.sys
[2011/10/15 22:26:31 | 000,004,096 | ---- | C] (Creative Technology Ltd.) -- C:\WINDOWS\System32\dllcache\ctwdm32.dll
[2011/10/15 22:26:30 | 000,249,856 | ---- | C] (Comtrol® Corporation) -- C:\WINDOWS\System32\dllcache\ctmasetp.dll
[2011/10/15 22:26:29 | 000,096,256 | ---- | C] (Copyright © Creative Technology Ltd. 1994-2001) -- C:\WINDOWS\System32\dllcache\ctlsb16.sys
[2011/10/15 22:26:29 | 000,003,712 | ---- | C] (Creative Technology Ltd.) -- C:\WINDOWS\System32\dllcache\ctljystk.sys
[2011/10/15 22:26:28 | 000,006,912 | ---- | C] (Creative Technology Ltd.) -- C:\WINDOWS\System32\dllcache\ctlfacem.sys
[2011/10/15 22:26:26 | 000,175,104 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\csamsp.dll
[2011/10/15 22:26:25 | 000,216,064 | ---- | C] (COMPAQ Inc.) -- C:\WINDOWS\System32\dllcache\cpscan.dll
[2011/10/15 22:26:25 | 000,042,112 | ---- | C] (Conexant Systems Inc.) -- C:\WINDOWS\System32\dllcache\crtaud.sys
[2011/10/15 22:26:23 | 000,060,970 | ---- | C] (Compaq Computer Corp.) -- C:\WINDOWS\System32\dllcache\cpqtrnd5.sys
[2011/10/15 22:26:23 | 000,021,533 | ---- | C] (Compaq Computer Corporation) -- C:\WINDOWS\System32\dllcache\cpqndis5.sys
[2011/10/15 22:26:22 | 000,014,976 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\cpqarray.sys
[2011/10/15 22:26:17 | 000,010,240 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\compbatt.sys
[2011/10/15 22:26:15 | 000,039,936 | ---- | C] (Conexant Systems, Inc.) -- C:\WINDOWS\System32\dllcache\cnxt1803.sys
[2011/10/15 22:26:14 | 000,044,032 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\cnusd.dll
[2011/10/15 22:26:10 | 000,006,656 | ---- | C] (CMD Technology, Inc.) -- C:\WINDOWS\System32\dllcache\cmdide.sys
[2011/10/15 22:26:07 | 000,020,736 | ---- | C] (OMNIKEY AG) -- C:\WINDOWS\System32\dllcache\cmbp0wdm.sys
[2011/10/15 22:26:07 | 000,013,952 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\cmbatt.sys
[2011/10/15 22:26:05 | 000,248,064 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\cl546xm.sys
[2011/10/15 22:26:04 | 000,170,880 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\cl546x.dll
[2011/10/15 22:26:03 | 000,111,232 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\cl5465.dll
[2011/10/15 22:25:55 | 000,045,696 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\cirrus.sys
[2011/10/15 22:25:53 | 000,091,264 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\cirrus.dll
[2011/10/15 22:25:49 | 000,272,640 | ---- | C] (RAVISENT Technologies Inc.) -- C:\WINDOWS\System32\dllcache\cinemclc.sys
[2011/10/15 22:25:46 | 000,980,034 | ---- | C] (Xircom) -- C:\WINDOWS\System32\dllcache\cicap.sys
[2011/10/15 22:25:43 | 000,838,144 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\chtbrkr.dll
[2011/10/15 22:25:42 | 001,677,824 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\chsbrkr.dll
[2011/10/15 22:25:35 | 000,008,192 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\changer.sys
[2011/10/15 22:25:32 | 000,049,182 | ---- | C] (Xircom, Inc.) -- C:\WINDOWS\System32\dllcache\cem56n5.sys
[2011/10/15 22:25:31 | 000,022,044 | ---- | C] (Xircom, Inc.) -- C:\WINDOWS\System32\dllcache\cem33n5.sys
[2011/10/15 22:25:30 | 000,027,164 | ---- | C] (Xircom, Inc.) -- C:\WINDOWS\System32\dllcache\ce3n5.sys
[2011/10/15 22:25:30 | 000,022,044 | ---- | C] (Xircom, Inc.) -- C:\WINDOWS\System32\dllcache\cem28n5.sys
[2011/10/15 22:25:29 | 000,021,530 | ---- | C] (Xircom, Inc.) -- C:\WINDOWS\System32\dllcache\ce2n5.sys
[2011/10/15 22:25:26 | 000,007,680 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\cd20xrnt.sys
[2011/10/15 22:25:25 | 000,714,698 | ---- | C] (Xircom, Inc.) -- C:\WINDOWS\System32\dllcache\cbmdmkxx.sys
[2011/10/15 22:25:24 | 000,046,108 | ---- | C] (Xircom, Inc.) -- C:\WINDOWS\System32\dllcache\cben5.sys
[2011/10/15 22:25:23 | 000,039,680 | ---- | C] (Silicom Ltd.) -- C:\WINDOWS\System32\dllcache\cb325.sys
[2011/10/15 22:25:22 | 000,037,916 | ---- | C] (Fast Ethernet Controller Provider) -- C:\WINDOWS\System32\dllcache\cb102.sys
[2011/10/15 22:25:19 | 000,032,256 | ---- | C] (Eicon Technology Corporation) -- C:\WINDOWS\System32\dllcache\diapi2NT.dll
[2011/10/15 22:25:18 | 000,164,923 | ---- | C] (Eicon Technology) -- C:\WINDOWS\System32\dllcache\diapi2.sys
[2011/10/15 22:25:16 | 000,121,856 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\camext30.dll
[2011/10/15 22:25:15 | 000,236,032 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\camext20.dll
[2011/10/15 22:25:15 | 000,116,736 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\camext30.ax
[2011/10/15 22:25:14 | 000,244,224 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\camext20.ax
[2011/10/15 22:25:13 | 000,074,240 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\camexo20.dll
[2011/10/15 22:25:12 | 000,073,216 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\camexo20.ax
[2011/10/15 22:25:11 | 000,223,232 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\camdrv21.sys
[2011/10/15 22:25:11 | 000,171,264 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\camdrv30.sys
[2011/10/15 22:25:10 | 000,314,752 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\camdro21.sys
[2011/10/15 22:24:30 | 000,013,824 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\bulltlp3.sys
[2011/10/15 22:24:28 | 000,031,529 | ---- | C] (BreezeCOM) -- C:\WINDOWS\System32\dllcache\brzwlan.sys
[2011/10/15 22:24:26 | 000,039,552 | ---- | C] (Brother Industries Ltd.) -- C:\WINDOWS\System32\dllcache\brparwdm.sys
[2011/10/15 22:24:25 | 000,003,168 | ---- | C] (Brother Industries Ltd.) -- C:\WINDOWS\System32\dllcache\brparimg.sys
[2011/10/15 22:24:23 | 000,081,408 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\brmfcwia.dll
[2011/10/15 22:24:22 | 000,003,968 | ---- | C] (Brother Industries, Ltd.) -- C:\WINDOWS\System32\dllcache\brfiltup.sys
[2011/10/15 22:24:21 | 000,012,160 | ---- | C] (Brother Industries, Ltd.) -- C:\WINDOWS\System32\dllcache\brfiltlo.sys
[2011/10/15 22:24:12 | 000,102,400 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\binlsvc.dll
[2011/10/15 22:24:11 | 000,871,388 | ---- | C] (BCM) -- C:\WINDOWS\System32\dllcache\bcmdm.sys
[2011/10/15 22:24:10 | 000,026,568 | ---- | C] (Broadcom Corporation) -- C:\WINDOWS\System32\dllcache\bcm4e5.sys
[2011/10/15 22:24:09 | 000,054,271 | ---- | C] (Broadcom Corporation) -- C:\WINDOWS\System32\dllcache\bcm42xx5.sys
[2011/10/15 22:24:08 | 000,066,557 | ---- | C] (Broadcom Corporation) -- C:\WINDOWS\System32\dllcache\bcm42u.sys
[2011/10/15 22:24:05 | 000,014,208 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\battc.sys
[2011/10/15 22:24:04 | 000,342,336 | ---- | C] (3Dfx Interactive, Inc.) -- C:\WINDOWS\System32\dllcache\banshee.dll
[2011/10/15 22:24:04 | 000,036,128 | ---- | C] (3Dfx Interactive, Inc.) -- C:\WINDOWS\System32\dllcache\banshee.sys
[2011/10/15 22:24:03 | 000,096,640 | ---- | C] (Broadcom Corporation) -- C:\WINDOWS\System32\dllcache\b57xp32.sys
[2011/10/15 22:24:02 | 000,089,952 | ---- | C] (AVM GmbH) -- C:\WINDOWS\System32\dllcache\b1cbase.sys
[2011/10/15 22:24:01 | 000,036,992 | ---- | C] (Aztech Systems Ltd) -- C:\WINDOWS\System32\dllcache\aztw2320.sys
[2011/10/15 22:24:00 | 000,037,568 | ---- | C] (AVM GmbH) -- C:\WINDOWS\System32\dllcache\avmwan.sys
[2011/10/15 22:23:59 | 000,144,384 | ---- | C] (AVM GmbH) -- C:\WINDOWS\System32\dllcache\avmenum.dll
[2011/10/15 22:23:59 | 000,087,552 | ---- | C] (AVM GmbH) -- C:\WINDOWS\System32\dllcache\avmcoxp.dll
[2011/10/15 22:23:57 | 000,013,696 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\avcstrm.sys
[2011/10/15 22:23:56 | 000,036,096 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\avcaudio.sys
[2011/10/15 22:23:55 | 000,038,912 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\avc.sys
[2011/10/15 22:23:45 | 000,070,528 | ---- | C] (ATI Technologies Inc.) -- C:\WINDOWS\System32\dllcache\atiragem.sys
[2011/10/15 22:23:44 | 000,104,832 | ---- | C] (ATI Technologies Inc.) -- C:\WINDOWS\System32\dllcache\atiraged.dll
[2011/10/15 22:23:41 | 000,281,600 | ---- | C] (ATI Technologies Inc.) -- C:\WINDOWS\System32\dllcache\atimtai.sys
[2011/10/15 22:23:41 | 000,075,136 | ---- | C] (ATI Technologies Inc.) -- C:\WINDOWS\System32\dllcache\atimpae.sys
[2011/10/15 22:23:40 | 000,289,664 | ---- | C] (ATI Technologies Inc.) -- C:\WINDOWS\System32\dllcache\atimpab.sys
[2011/10/15 22:23:39 | 000,037,376 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\atievxx.exe
[2011/10/15 22:23:38 | 000,268,160 | ---- | C] (ATI Technologies Inc.) -- C:\WINDOWS\System32\dllcache\atidvai.dll
[2011/10/15 22:23:38 | 000,137,216 | ---- | C] (ATI Technologies Inc.) -- C:\WINDOWS\System32\dllcache\atidrae.dll
[2011/10/15 22:23:37 | 000,382,592 | ---- | C] (ATI Technologies Inc.) -- C:\WINDOWS\System32\dllcache\atidrab.dll
[2011/10/15 22:23:32 | 000,077,568 | ---- | C] (ATI Technologies, Inc.) -- C:\WINDOWS\System32\dllcache\ati.sys
[2011/10/15 22:23:31 | 000,096,128 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\ati.dll
[2011/10/15 22:23:29 | 000,097,354 | ---- | C] (Bay Networks, Inc.) -- C:\WINDOWS\System32\dllcache\aspndis3.sys
[2011/10/15 22:23:27 | 000,022,400 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\asc3350p.sys
[2011/10/15 22:23:27 | 000,014,848 | ---- | C] (Advanced System Products, Inc.) -- C:\WINDOWS\System32\dllcache\asc3550.sys
[2011/10/15 22:23:26 | 000,026,496 | ---- | C] (Advanced System Products, Inc.) -- C:\WINDOWS\System32\dllcache\asc.sys
[2011/10/15 22:23:23 | 000,006,272 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\apmbatt.sys
[2011/10/15 22:23:22 | 000,036,224 | ---- | C] (ADMtek Incorporated.) -- C:\WINDOWS\System32\dllcache\an983.sys
[2011/10/15 22:23:21 | 000,012,032 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\amsint.sys
[2011/10/15 22:23:20 | 000,016,969 | ---- | C] (AmbiCom, Inc.) -- C:\WINDOWS\System32\dllcache\amb8002.sys
[2011/10/15 22:23:19 | 000,005,248 | ---- | C] (Acer Laboratories Inc.) -- C:\WINDOWS\System32\dllcache\aliide.sys
[2011/10/15 22:23:18 | 000,026,624 | ---- | C] (Acer Laboratories Inc.) -- C:\WINDOWS\System32\dllcache\alifir.sys
[2011/10/15 22:23:17 | 000,027,678 | ---- | C] (Acer Laboratories Inc.) -- C:\WINDOWS\System32\dllcache\ali5261.sys
[2011/10/15 22:23:16 | 000,056,960 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\aic78xx.sys
[2011/10/15 22:23:15 | 000,055,168 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\aic78u2.sys
[2011/10/15 22:23:15 | 000,012,800 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\aha154x.sys
[2011/10/15 22:23:08 | 000,024,576 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\agcgauge.ax
[2011/10/15 22:23:03 | 000,101,888 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\adpu160m.sys
[2011/10/15 22:23:02 | 000,046,112 | ---- | C] (Adaptec, Inc ) -- C:\WINDOWS\System32\dllcache\adptsf50.sys
[2011/10/15 22:23:00 | 000,010,880 | ---- | C] (Aureal, Inc.) -- C:\WINDOWS\System32\dllcache\admjoy.sys
[2011/10/15 22:22:59 | 000,747,392 | ---- | C] (Aureal, Inc.) -- C:\WINDOWS\System32\dllcache\adm8830.sys
[2011/10/15 22:22:58 | 000,553,984 | ---- | C] (Aureal, Inc.) -- C:\WINDOWS\System32\dllcache\adm8820.sys
[2011/10/15 22:22:57 | 000,584,448 | ---- | C] (Aureal, Inc.) -- C:\WINDOWS\System32\dllcache\adm8810.sys
[2011/10/15 22:22:57 | 000,020,160 | ---- | C] (ADMtek Incorporated) -- C:\WINDOWS\System32\dllcache\adm8511.sys
[2011/10/15 22:22:56 | 000,007,424 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\adicvls.sys
[2011/10/15 22:22:54 | 000,061,440 | ---- | C] (Color Flatbed Scanner) -- C:\WINDOWS\System32\dllcache\acerscad.dll
[2011/10/15 22:22:53 | 000,084,480 | ---- | C] (VIA Technologies, Inc.) -- C:\WINDOWS\System32\dllcache\ac97via.sys
[2011/10/15 22:22:52 | 000,297,728 | ---- | C] (Silicon Integrated Systems Corp.) -- C:\WINDOWS\System32\dllcache\ac97sis.sys
[2011/10/15 22:22:51 | 000,231,552 | ---- | C] (Acer Laboratories Inc.) -- C:\WINDOWS\System32\dllcache\ac97ali.sys
[2011/10/15 22:22:51 | 000,096,256 | ---- | C] (Intel Corporation) -- C:\WINDOWS\System32\dllcache\ac97intc.sys
[2011/10/15 22:22:50 | 000,023,552 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\abp480n5.sys
[2011/10/15 22:22:49 | 000,462,848 | ---- | C] (Aureal Inc.) -- C:\WINDOWS\System32\dllcache\a3dapi.dll
[2011/10/15 22:22:48 | 000,038,400 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\8514a.dll
[2011/10/15 22:22:47 | 000,048,128 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\61883.sys
[2011/10/15 22:22:47 | 000,012,288 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\4mmdat.sys
[2011/10/15 22:22:46 | 000,148,352 | ---- | C] (3dfx Interactive, Inc.) -- C:\WINDOWS\System32\dllcache\3dfxvsm.sys
[2011/10/15 22:22:45 | 000,689,216 | ---- | C] (3dfx Interactive, Inc.) -- C:\WINDOWS\System32\dllcache\3dfxvs.dll
[2011/10/15 22:22:44 | 000,762,780 | ---- | C] (3Com, Inc.) -- C:\WINDOWS\System32\dllcache\3cwmcru.sys
[2011/10/15 22:22:44 | 000,011,264 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\1394vdbg.sys
[2011/10/15 22:21:39 | 000,066,048 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\s3legacy.dll
[2004/04/05 07:44:22 | 000,053,248 | ---- | C] ( ) -- C:\WINDOWS\System32\RCCOLLAB.DLL

========== Files - Modified Within 30 Days ==========

[2011/11/12 01:58:05 | 000,000,978 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-4113586923-2583412229-520591771-1007UA.job
[2011/11/12 01:54:03 | 000,000,884 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job
[2011/11/12 01:32:35 | 000,000,354 | ---- | M] () -- C:\WINDOWS\tasks\MotoHelper Routing.job
[2011/11/11 23:58:57 | 000,002,491 | ---- | M] () -- C:\Documents and Settings\freddy\Application Data\Microsoft\Internet Explorer\Quick Launch\Word.lnk
[2011/11/11 20:18:15 | 000,001,158 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2011/11/11 20:16:20 | 000,002,160 | ---- | M] () -- C:\WINDOWS\BrmfBidi.ini
[2011/11/11 20:14:22 | 000,000,880 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job
[2011/11/11 20:13:12 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2011/11/11 20:13:01 | 1073,074,176 | -HS- | M] () -- C:\hiberfil.sys
[2011/11/11 18:40:03 | 000,151,733 | ---- | M] () -- C:\Documents and Settings\freddy\Desktop\Sharna Retina 2002.pdf
[2011/11/11 17:10:48 | 000,000,422 | -H-- | M] () -- C:\WINDOWS\tasks\User_Feed_Synchronization-{00299ACB-10BC-49D6-88A3-64F230036414}.job
[2011/11/11 10:58:05 | 000,000,926 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-4113586923-2583412229-520591771-1007Core.job
[2011/11/07 09:31:30 | 000,501,660 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2011/11/07 09:31:30 | 000,092,640 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2011/11/05 01:31:25 | 000,058,880 | ---- | M] () -- C:\Documents and Settings\freddy\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2011/11/04 09:28:25 | 000,000,947 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Google Desktop.lnk
[2011/11/04 01:32:57 | 000,000,715 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\PUMit Reader.lnk
[2011/11/02 21:48:10 | 000,004,193 | ---- | M] () -- C:\Documents and Settings\freddy\Desktop\course (1).jnlp
[2011/10/30 11:24:47 | 000,004,259 | ---- | M] () -- C:\Documents and Settings\freddy\Desktop\cvs_alphacor.gif
[2011/10/28 21:33:55 | 000,075,739 | ---- | M] () -- C:\Documents and Settings\freddy\My Documents\Facebook Revolution - 2 Pager.pdf
[2011/10/28 00:32:48 | 000,000,000 | -H-- | M] () -- C:\WINDOWS\System32\drivers\Msft_Kernel_motmodem_01007.Wdf
[2011/10/28 00:31:53 | 000,000,370 | ---- | M] () -- C:\WINDOWS\tasks\MotoHelper Update.job
[2011/10/28 00:31:52 | 000,000,358 | ---- | M] () -- C:\WINDOWS\tasks\MotoHelper MUM.job
[2011/10/27 23:14:35 | 000,000,000 | -H-- | M] () -- C:\WINDOWS\System32\drivers\UMDF\Msft_User_WpdMtpDr_01_00_00.Wdf
[2011/10/27 00:59:08 | 000,000,240 | ---- | M] () -- C:\WINDOWS\ActiveAct.INI
[2011/10/26 13:19:08 | 000,005,909 | ---- | M] () -- C:\Documents and Settings\freddy\My Documents\phone.fmt
[2011/10/16 07:33:34 | 000,000,796 | ---- | M] () -- C:\Documents and Settings\freddy\Application Data\Microsoft\Internet Explorer\Quick Launch\Launch Microsoft Office Outlook.lnk
[2011/10/15 22:18:40 | 000,355,360 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2011/10/15 22:07:51 | 000,001,393 | ---- | M] () -- C:\WINDOWS\imsins.BAK

========== Files Created - No Company Name ==========

[2011/11/11 18:40:47 | 000,151,733 | ---- | C] () -- C:\Documents and Settings\freddy\Desktop\Sharna Retina 2002.pdf
[2011/11/04 09:28:25 | 000,000,947 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Google Desktop.lnk
[2011/11/04 01:32:57 | 000,000,715 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\PUMit Reader.lnk
[2011/11/02 21:48:13 | 000,004,193 | ---- | C] () -- C:\Documents and Settings\freddy\Desktop\course (1).jnlp
[2011/10/30 11:24:51 | 000,004,259 | ---- | C] () -- C:\Documents and Settings\freddy\Desktop\cvs_alphacor.gif
[2011/10/28 21:33:01 | 000,075,739 | ---- | C] () -- C:\Documents and Settings\freddy\My Documents\Facebook Revolution - 2 Pager.pdf
[2011/10/28 00:32:48 | 000,000,000 | -H-- | C] () -- C:\WINDOWS\System32\drivers\Msft_Kernel_motmodem_01007.Wdf
[2011/10/28 00:31:53 | 000,000,370 | ---- | C] () -- C:\WINDOWS\tasks\MotoHelper Update.job
[2011/10/28 00:31:52 | 000,000,358 | ---- | C] () -- C:\WINDOWS\tasks\MotoHelper MUM.job
[2011/10/28 00:31:51 | 000,000,354 | ---- | C] () -- C:\WINDOWS\tasks\MotoHelper Routing.job
[2011/10/15 22:37:55 | 000,018,944 | ---- | C] () -- C:\WINDOWS\System32\dllcache\xrxscnui.dll
[2011/10/15 22:37:54 | 000,027,648 | ---- | C] () -- C:\WINDOWS\System32\dllcache\xrxftplt.exe
[2011/10/15 22:30:11 | 001,158,818 | ---- | C] () -- C:\WINDOWS\System32\dllcache\korwbrkr.lex
[2011/10/15 22:29:24 | 000,134,339 | ---- | C] () -- C:\WINDOWS\System32\dllcache\imekr.lex
[2011/10/15 22:28:43 | 000,165,888 | ---- | C] () -- C:\WINDOWS\System32\dllcache\hpgt53.dll
[2011/10/15 22:28:42 | 000,101,376 | ---- | C] () -- C:\WINDOWS\System32\dllcache\hpgt34.dll
[2011/10/15 22:28:42 | 000,093,696 | ---- | C] () -- C:\WINDOWS\System32\dllcache\hpgt42.dll
[2011/10/15 22:28:41 | 000,089,088 | ---- | C] () -- C:\WINDOWS\System32\dllcache\hpgt33.dll
[2011/10/15 22:28:40 | 000,083,968 | ---- | C] () -- C:\WINDOWS\System32\dllcache\hpgt21.dll
[2011/10/15 22:28:34 | 000,108,827 | ---- | C] () -- C:\WINDOWS\System32\dllcache\hanja.lex
[2011/10/15 22:27:14 | 000,037,962 | ---- | C] () -- C:\WINDOWS\System32\dllcache\divaprop.dll
[2011/10/15 22:27:14 | 000,029,768 | ---- | C] () -- C:\WINDOWS\System32\dllcache\divasu.dll
[2011/10/15 22:27:13 | 000,006,216 | ---- | C] () -- C:\WINDOWS\System32\dllcache\divaci.dll
[2011/10/15 22:23:51 | 000,026,624 | ---- | C] () -- C:\WINDOWS\System32\dllcache\ativxbar.sys
[2011/10/15 22:23:51 | 000,023,552 | ---- | C] () -- C:\WINDOWS\System32\dllcache\atixbar.sys
[2011/10/15 22:23:49 | 000,019,456 | ---- | C] () -- C:\WINDOWS\System32\dllcache\ativttxx.sys
[2011/10/15 22:23:49 | 000,009,472 | ---- | C] () -- C:\WINDOWS\System32\dllcache\ativmdcd.sys
[2011/10/15 22:23:48 | 000,017,152 | ---- | C] () -- C:\WINDOWS\System32\dllcache\atitvsnd.sys
[2011/10/15 22:23:47 | 000,017,152 | ---- | C] () -- C:\WINDOWS\System32\dllcache\atitunep.sys
[2011/10/15 22:23:46 | 000,026,880 | ---- | C] () -- C:\WINDOWS\System32\dllcache\atirtsnd.sys
[2011/10/15 22:23:45 | 000,049,920 | ---- | C] () -- C:\WINDOWS\System32\dllcache\atirtcap.sys
[2011/10/15 22:23:43 | 000,010,240 | ---- | C] () -- C:\WINDOWS\System32\dllcache\atipcxxx.sys
[2011/10/15 22:23:36 | 000,046,464 | ---- | C] () -- C:\WINDOWS\System32\dllcache\atibt829.sys
[2011/10/15 22:03:42 | 000,001,393 | ---- | C] () -- C:\WINDOWS\imsins.BAK
[2011/10/09 00:12:42 | 000,000,031 | ---- | C] () -- C:\WINDOWS\ Connection to the server failed.IDriveE.ini
[2011/10/05 21:25:18 | 000,049,744 | ---- | C] () -- C:\Documents and Settings\LocalService\Local Settings\Application Data\FontCache3.0.0.0.dat
[2011/09/27 11:23:00 | 000,057,344 | ---- | C] () -- C:\WINDOWS\System32\ff_vfw.dll
[2011/07/11 22:29:41 | 000,026,032 | ---- | C] () -- C:\WINDOWS\System32\IDriveEXceedCryReg.exe
[2011/01/20 15:49:49 | 000,000,120 | ---- | C] () -- C:\WINDOWS\Mbere.dat
[2011/01/20 15:49:49 | 000,000,000 | ---- | C] () -- C:\WINDOWS\Kxoqoxosokarade.bin
[2010/10/26 14:46:35 | 023,330,364 | ---- | C] () -- C:\Program Files\Mendeley-Desktop-0.9.8.1-win32.exe
[2010/06/04 10:28:21 | 000,256,512 | ---- | C] () -- C:\WINDOWS\PEV.exe
[2010/06/04 10:28:21 | 000,098,816 | ---- | C] () -- C:\WINDOWS\sed.exe
[2010/06/04 10:28:21 | 000,080,412 | ---- | C] () -- C:\WINDOWS\grep.exe
[2010/06/04 10:28:21 | 000,077,312 | ---- | C] () -- C:\WINDOWS\MBR.exe
[2010/06/04 10:28:21 | 000,068,096 | ---- | C] () -- C:\WINDOWS\zip.exe
[2010/04/30 12:45:18 | 000,000,133 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\Microsoft.SqlServer.Compact.351.32.bc
[2010/04/29 10:35:51 | 000,000,943 | ---- | C] () -- C:\WINDOWS\TATCALL.INI
[2010/04/29 10:35:51 | 000,000,260 | ---- | C] () -- C:\WINDOWS\TATUNINS.INI
[2010/04/29 10:35:51 | 000,000,020 | ---- | C] () -- C:\WINDOWS\TATVER.INI
[2010/03/03 19:41:02 | 000,225,456 | ---- | C] () -- C:\Documents and Settings\freddy\Local Settings\Application Data\rx_image.Cache
[2010/03/03 19:41:02 | 000,002,108 | ---- | C] () -- C:\Documents and Settings\freddy\Local Settings\Application Data\rx_audio.Cache
[2010/02/25 09:14:09 | 000,000,240 | ---- | C] () -- C:\WINDOWS\ActiveAct.INI
[2010/02/24 13:02:44 | 000,000,023 | -H-- | C] () -- C:\Documents and Settings\All Users\Application Data\.119889580931711767808769176
[2010/02/24 13:00:31 | 000,000,021 | -H-- | C] () -- C:\Documents and Settings\All Users\Application Data\.24554863501262644635642126105
[2010/02/16 20:03:16 | 000,000,081 | ---- | C] () -- C:\WINDOWS\PARSONS.INI
[2010/01/25 10:58:06 | 000,462,848 | ---- | C] () -- C:\WINDOWS\System32\ractrlkeyhook.dll
[2010/01/18 17:33:52 | 000,058,880 | ---- | C] () -- C:\Documents and Settings\freddy\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2009/11/06 10:54:47 | 000,073,908 | -H-- | C] () -- C:\WINDOWS\System32\mlfcache.dat
[2009/10/27 09:14:47 | 000,000,664 | ---- | C] () -- C:\WINDOWS\System32\d3d9caps.dat
[2009/10/04 06:38:37 | 000,000,081 | ---- | C] () -- C:\WINDOWS\ImportClient.INI
[2009/10/04 06:35:49 | 000,000,040 | ---- | C] () -- C:\WINDOWS\opt_2460.ini
[2009/10/04 06:35:46 | 000,000,050 | ---- | C] () -- C:\WINDOWS\brmx2001.ini
[2009/09/27 08:38:33 | 000,055,808 | ---- | C] () -- C:\WINDOWS\System32\zlib1.dll
[2009/09/23 00:10:48 | 000,002,160 | ---- | C] () -- C:\WINDOWS\BrmfBidi.ini
[2009/09/23 00:10:32 | 000,000,236 | ---- | C] () -- C:\WINDOWS\Brpfx04a.ini
[2009/09/23 00:10:32 | 000,000,092 | ---- | C] () -- C:\WINDOWS\brpcfx.ini
[2009/09/23 00:10:32 | 000,000,050 | ---- | C] () -- C:\WINDOWS\System32\m8840def.dat
[2009/09/23 00:10:03 | 000,000,052 | ---- | C] () -- C:\WINDOWS\BRPP2KA.INI
[2009/09/23 00:10:03 | 000,000,000 | ---- | C] () -- C:\WINDOWS\brwmark.ini
[2009/09/23 00:09:50 | 000,000,256 | ---- | C] () -- C:\WINDOWS\System32\BRMSL07F.BIN
[2009/09/23 00:09:42 | 000,000,000 | ---- | C] () -- C:\WINDOWS\brdfxspd.dat
[2009/09/17 20:27:56 | 000,000,074 | ---- | C] () -- C:\WINDOWS\MPLAYER.INI
[2009/09/17 20:27:30 | 000,338,944 | ---- | C] () -- C:\WINDOWS\System32\lffpx7.dll
[2009/09/17 20:27:30 | 000,122,880 | ---- | C] () -- C:\WINDOWS\System32\LFKODAK.DLL
[2009/09/17 20:20:11 | 000,000,256 | ---- | C] () -- C:\WINDOWS\System32\pool.bin
[2009/09/17 20:01:00 | 000,116,640 | ---- | C] () -- C:\WINDOWS\System32\Ptsaci40.dll
[2009/09/17 20:00:59 | 000,030,080 | ---- | C] () -- C:\WINDOWS\System32\Ptabimp3.exe
[2009/09/15 22:23:02 | 000,000,000 | ---- | C] () -- C:\WINDOWS\nsreg.dat
[2009/09/15 21:17:12 | 000,192,590 | ---- | C] () -- C:\WINDOWS\System32\ActExt.dll
[2009/09/15 21:17:12 | 000,159,744 | ---- | C] () -- C:\WINDOWS\System32\ActAB32.dll
[2009/09/15 21:17:07 | 000,192,512 | ---- | C] () -- C:\WINDOWS\System32\EmailShared.dll
[2009/09/15 20:38:43 | 000,010,628 | R--- | C] () -- C:\WINDOWS\System32\lvcoinst.ini
[2009/09/15 20:32:45 | 000,000,000 | ---- | C] () -- C:\WINDOWS\OpPrintServer.INI
[2009/09/15 17:40:53 | 000,006,656 | ---- | C] () -- C:\WINDOWS\System32\CNMVS56.DLL
[2009/09/14 20:22:15 | 000,000,376 | ---- | C] () -- C:\WINDOWS\ODBC.INI
[2009/09/13 22:11:10 | 000,000,000 | ---- | C] () -- C:\WINDOWS\ATIMMC.INI
[2009/09/13 20:55:41 | 000,004,569 | ---- | C] () -- C:\WINDOWS\System32\secupd.dat
[2009/09/13 19:13:28 | 000,021,791 | ---- | C] () -- C:\WINDOWS\System32\smtpctrs.ini
[2009/09/13 19:13:28 | 000,001,037 | ---- | C] () -- C:\WINDOWS\System32\ntfsdrct.ini
[2009/09/13 19:13:16 | 000,038,576 | ---- | C] () -- C:\WINDOWS\System32\w3ctrs.ini
[2009/09/13 19:13:16 | 000,011,435 | ---- | C] () -- C:\WINDOWS\System32\infoctrs.ini
[2009/09/13 19:13:16 | 000,010,225 | ---- | C] () -- C:\WINDOWS\System32\axperf.ini
[2009/09/13 18:49:41 | 000,019,968 | ---- | C] () -- C:\WINDOWS\System32\cpuinf32.dll
[2009/09/13 18:39:07 | 000,272,128 | ---- | C] () -- C:\WINDOWS\System32\perfi009.dat
[2009/09/13 18:39:07 | 000,028,626 | ---- | C] () -- C:\WINDOWS\System32\perfd009.dat
[2009/09/13 18:39:04 | 000,004,490 | ---- | C] () -- C:\WINDOWS\System32\oembios.dat
[2009/09/13 18:39:00 | 013,107,200 | ---- | C] () -- C:\WINDOWS\System32\oembios.bin
[2009/09/13 18:38:54 | 000,000,741 | ---- | C] () -- C:\WINDOWS\System32\noise.dat
[2009/09/13 18:38:35 | 000,673,088 | ---- | C] () -- C:\WINDOWS\System32\mlang.dat
[2009/09/13 18:38:34 | 000,046,258 | ---- | C] () -- C:\WINDOWS\System32\mib.bin
[2009/09/13 18:37:34 | 000,218,003 | ---- | C] () -- C:\WINDOWS\System32\dssec.dat
[2009/09/13 18:37:07 | 000,001,804 | ---- | C] () -- C:\WINDOWS\System32\dcache.bin
[2009/03/03 11:18:04 | 000,073,728 | ---- | C] () -- C:\WINDOWS\System32\RtNicProp32.dll
[2005/01/18 14:05:36 | 000,121,995 | ---- | C] () -- C:\WINDOWS\System32\atiicdxx.dat
[2003/09/24 01:40:16 | 000,066,560 | ---- | C] () -- C:\WINDOWS\System32\atiyuv12.dll
[2003/09/24 01:40:16 | 000,056,832 | ---- | C] () -- C:\WINDOWS\System32\Iyvu9_32.dll
[2003/09/24 01:40:15 | 000,013,373 | ---- | C] () -- C:\WINDOWS\System32\vctest.ini
[2003/09/24 01:40:14 | 000,009,136 | ---- | C] () -- C:\WINDOWS\System32\INETWH16.DLL
[2003/04/24 11:50:58 | 000,000,061 | ---- | C] () -- C:\WINDOWS\smscfg.ini
[2003/04/24 11:49:57 | 000,000,000 | ---- | C] () -- C:\WINDOWS\System32\iAlmcoin.dll
[2003/04/24 11:29:26 | 000,000,051 | ---- | C] () -- C:\WINDOWS\System32\mshrml.ini
[2003/04/24 09:45:10 | 000,000,000 | ---- | C] () -- C:\WINDOWS\System32\sunistlog.ini
[2003/04/24 09:45:09 | 000,000,438 | ---- | C] () -- C:\WINDOWS\System32\1_ssetup.ini
[2003/04/24 03:57:03 | 000,167,936 | ---- | C] () -- C:\WINDOWS\System32\PCDrJNI_1_1.dll
[2003/04/24 03:52:56 | 000,024,576 | ---- | C] () -- C:\WINDOWS\System32\syscontr.dll
[2003/04/24 03:52:55 | 000,045,056 | ---- | C] () -- C:\WINDOWS\System32\hpreg.dll
[2003/04/24 03:37:50 | 000,000,165 | ---- | C] () -- C:\WINDOWS\QUICKEN.INI
[2003/04/24 02:42:31 | 000,001,793 | ---- | C] () -- C:\WINDOWS\System32\fxsperf.ini
[2003/04/24 02:31:13 | 000,049,152 | ---- | C] () -- C:\WINDOWS\System32\sis740.bin
[2003/04/24 02:31:13 | 000,049,152 | ---- | C] () -- C:\WINDOWS\System32\sis650.bin
[2003/04/24 02:24:24 | 000,001,024 | ---- | C] () -- C:\WINDOWS\System32\drivers\jedih2rx.bin
[2003/04/24 02:24:24 | 000,000,122 | ---- | C] () -- C:\WINDOWS\System32\drivers\ramsed.bin
[2003/04/24 02:18:48 | 000,363,520 | ---- | C] () -- C:\WINDOWS\System32\psisdecd.dll
[2003/04/24 02:08:08 | 000,299,073 | ---- | C] () -- C:\WINDOWS\System32\PythonCOM22.dll
[2003/04/24 02:08:08 | 000,065,536 | ---- | C] () -- C:\WINDOWS\System32\PyWinTypes22.dll
[2003/04/24 02:07:39 | 000,016,896 | ---- | C] () -- C:\WINDOWS\System32\bcbmm.dll
[2003/04/24 01:07:22 | 000,000,813 | ---- | C] () -- C:\WINDOWS\orun32.ini
[2003/04/24 01:05:13 | 000,002,048 | --S- | C] () -- C:\WINDOWS\bootstat.dat
[2003/04/24 00:57:55 | 000,021,640 | ---- | C] () -- C:\WINDOWS\System32\emptyregdb.dat
[2003/04/24 00:46:00 | 000,000,659 | ---- | C] () -- C:\WINDOWS\System32\oeminfo.ini
[2003/04/24 00:44:49 | 000,501,660 | ---- | C] () -- C:\WINDOWS\System32\perfh009.dat
[2003/04/24 00:44:49 | 000,092,640 | ---- | C] () -- C:\WINDOWS\System32\perfc009.dat
[2003/04/23 17:52:07 | 000,004,161 | ---- | C] () -- C:\WINDOWS\ODBCINST.INI
[2003/04/23 17:50:58 | 000,355,360 | ---- | C] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2003/03/19 22:50:18 | 000,000,000 | ---- | C] () -- C:\WINDOWS\System32\px.ini
[2003/01/07 14:05:08 | 000,002,695 | ---- | C] () -- C:\WINDOWS\System32\OUTLPERF.INI
[2002/11/14 14:09:12 | 000,036,864 | ---- | C] () -- C:\WINDOWS\hpfsched.exe
[2002/11/14 14:08:26 | 000,004,760 | ---- | C] () -- C:\WINDOWS\hphmdl11.dat
[2002/05/24 14:00:00 | 000,208,896 | ---- | C] () -- C:\WINDOWS\System32\lockout.dll
[2002/05/24 14:00:00 | 000,045,056 | ---- | C] () -- C:\WINDOWS\System32\lockres.dll
[1999/01/22 10:46:56 | 000,065,536 | ---- | C] () -- C:\WINDOWS\System32\MSRTEDIT.DLL

========== Alternate Data Streams ==========

@Alternate Data Stream - 1320 bytes -> C:\Documents and Settings\freddy\Cookies:FPvRREkzyvHHldOxGgLE
@Alternate Data Stream - 1285 bytes -> C:\Documents and Settings\All Users\Application Data\Microsoft:crcOtBPs6BgK2U4gh64n4
@Alternate Data Stream - 1271 bytes -> C:\Documents and Settings\All Users\Application Data\Microsoft:y7Ptm0uJ35xHxz2YSVxCdKvPC7sw
@Alternate Data Stream - 1172 bytes -> C:\Documents and Settings\freddy\Cookies:4VeaJIEaMc5HZ7Qjt8lMFnnGfHid

< End of report >

OTL Extras logfile created on: 11/12/2011 2:22:35 AM - Run 1
OTL by OldTimer - Version 3.2.31.0 Folder = C:\Documents and Settings\freddy\My Documents\AAADownloads\Programs to Save\OTL
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

1023.29 Mb Total Physical Memory | 578.69 Mb Available Physical Memory | 56.55% Memory free
3.84 Gb Paging File | 3.39 Gb Available in Paging File | 88.26% Paging File free
Paging file location(s): D:\pagefile.sys 3000 4096 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 931.50 Gb Total Space | 769.29 Gb Free Space | 82.59% Space Free | Partition Type: NTFS
Drive D: | 279.48 Gb Total Space | 11.77 Gb Free Space | 4.21% Space Free | Partition Type: NTFS

Computer Name: HP | User Name: freddy | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Extra Registry (SafeList) ==========


========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
.html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)
.url [@ = InternetShortcut] -- rundll32.exe ieframe.dll,OpenURL %l

[HKEY_USERS\S-1-5-21-4113586923-2583412229-520591771-1007\SOFTWARE\Classes\<extension>]
.html [@ = ChromeHTML] -- Reg Error: Key error. File not found

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
exefile [open] -- "%1" %*
https [open] -- "C:\Program Files\Mozilla Firefox\firefox.exe" -requestPending -osint -url "%1" (Mozilla Corporation)
InternetShortcut [open] -- rundll32.exe ieframe.dll,OpenURL %l
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"AntiVirusDisableNotify" = 0
"FirewallDisableNotify" = 0
"UpdatesDisableNotify" = 0
"AntiVirusOverride" = 0
"FirewallOverride" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]

========== System Restore Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"DisableSR" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Sr]
"Start" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SrService]
"Start" = 2

========== Firewall Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\List]
"139:TCP" = 139:TCP:*:Enabled:@xpsp2res.dll,-22004
"445:TCP" = 445:TCP:*:Enabled:@xpsp2res.dll,-22005
"137:UDP" = 137:UDP:*:Enabled:@xpsp2res.dll,-22001
"138:UDP" = 138:UDP:*:Enabled:@xpsp2res.dll,-22002

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 0
"DisableNotifications" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
"139:TCP" = 139:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22004
"445:TCP" = 445:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22005
"137:UDP" = 137:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22001
"138:UDP" = 138:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22002

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]


========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{00010409-78E1-11D2-B60F-006097C998E7}" = Microsoft Office 2000 SR-1 Professional
"{04AF207D-9A77-465A-8B76-991F6AB66245}" = Adobe Help Viewer CS3
"{07287123-B8AC-41CE-8346-3D777245C35B}" = Bonjour
"{08B32819-6EEF-4057-AEDA-5AB681A36A23}" = Adobe Bridge Start Meeting
"{0BEDBD4E-2D34-47B5-9973-57E62B29307C}" = ATI Control Panel
"{1199FAD5-9546-44f3-81CF-FFDB8040B7BF}_Canon_iP4500_series" = Canon iP4500 series
"{11C10759-3BCC-4BF4-8EE6-9B545CB00E32}" = Adobe Setup
"{121634B0-2F4B-11D3-ADA3-00C04F52DD52}" = Windows Installer Clean Up
"{1451DE6B-ABE1-4F62-BE9A-B363A17588A2}" = QuickTime
"{15C77FC3-8137-4A5E-8F81-F559045DD6B0}" = Shipping Assistant 3.6
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{218BBBE3-FE63-4BB2-81A8-7435575A84FA}" = PhotoStitch
"{24D7346D-D4B4-45E8-98EA-75EC14B42DD8}" = Adobe ExtendScript Toolkit 2
"{26A24AE4-039D-4CA4-87B4-2F83216026FF}" = Java™ 6 Update 26
"{27CC6AB1-E72B-4179-AF1A-EAE507EBAF51}_is1" = ConvertHelper 2.2
"{2811B04D-5AAB-4117-8FF8-79529D54634F}" = RemoteCapture Task 1.0
"{350C97B0-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP
"{3DD1FE66-5536-41E3-B786-70068887B3F4}" = The Print Shop 12
"{3FA365DF-2D68-45ED-8F83-8C8A33E65143}" = Apple Application Support
"{48964EF3-7ABD-45B0-B913-520CAB136771}" = SmartFTP Client
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4D612FB2-1AE7-4E46-9377-35BB2F06A787}" = Roxio Media Manager
"{4E2EFD3E-D491-487E-88F4-C6937020CD1D}" = ATI Multimedia Center 7.9.15.0
"{612C34C7-5E90-47D8-9B5C-0F717DD82726}" = swMSM
"{61962B4F-0F34-4755-B6E8-27E9D9601898}" = ACT-Outlook Synchronizer
"{6956856F-B6B3-4BE0-BA0B-8F495BE32033}" = Apple Software Update
"{6FF5DD7A-FE28-4439-B8CF-1E9AF4EA0A61}" = Adobe Asset Services CS3
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{71FD03B5-E653-4CB8-9B56-A466ABC9FCA9}" = Brother MFL-Pro Suite
"{74BE7519-41A7-45A8-8AA6-78C7907A4808}" = EOS Capture 1.2
"{750CF8D7-4B04-404F-AFA2-14C129C42373}" = EOS Viewer Utility 1.2.1
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{78D62D17-D970-42DA-B8CF-5E5576293B33}" = Final Draft 7
"{8214CC02-6271-4DC8-B8DD-779933450264}" = RecordNow
"{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable
"{84713778-D9A9-4130-A811-DF3187827B05}" = LogMeIn
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8A708DD8-A5E6-11D4-A706-000629E95E20}" = Intel® Extreme Graphics Driver
"{8E6808E2-613D-4FCD-81A2-6C8FA8E03312}" = Adobe Type Support
"{90120000-0020-0409-0000-0000000FF1CE}" = Compatibility Pack for the 2007 Office system
"{90176341-0A8B-4CCC-A78D-F862228A6B95}" = Adobe Anchor Service CS3
"{901A0409-6000-11D3-8CFE-0150048383C9}" = Microsoft Office Outlook 2003
"{94CAC2F1-C856-47F4-AF24-65A1E75AEDB9}" = MotoHelper MergeModules
"{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting
"{98E8A2EF-4EAE-43B8-A172-74842B764777}" = InterVideo WinDVD Player
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{9C9824D9-9000-4373-A6A5-D0E5D4831394}" = Adobe Bridge CS3
"{A17EABB6-D0C6-44E5-820C-72DC7F495064}" = PaperPort
"{A2B242BD-FF8D-4840-9DAA-9170EABEC59C}" = Adobe CMaps
"{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}" = Microsoft .NET Framework 3.0 Service Pack 2
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{A9F6CFB0-806D-11E0-8EA1-B8AC6F97B88E}" = Google Earth Plug-in
"{AADEA55D-C834-4BCB-98A3-4B8D1C18F4EE}" = Apple Mobile Device Support
"{AC76BA86-1033-0000-7760-000000000004}" = Adobe Acrobat 9 Pro
"{AC76BA86-1033-0000-7760-000000000004}_945" = Adobe Acrobat 9.4.5 - CPSID_83708
"{AC76BA86-1033-0000-7760-000000000004}{AC76BA86-1033-0000-7760-000000000004}" = Adobe Acrobat 9 Pro
"{AE7256DA-04C1-4AF4-B131-9BD697845164}" = AttachmentOptions
"{B06CC379-BA38-4572-9539-CDB0C544AA1E}" = BlackBerry Desktop Software 5.0
"{B3BF6689-A81D-40D8-9A86-4AC4ACD9FC1C}" = Adobe Camera Raw 4.0
"{B3C02EC1-A7B0-4987-9A43-8789426AAA7D}" = Adobe Setup
"{B43357AA-3A6D-4D94-B56E-43C44D09E548}" = Microsoft .NET Framework (English)
"{B6CF2967-C81E-40C0-9815-C05774FEF120}" = Skype Toolbars
"{B9B35331-B7E4-4E5C-BF4C-7BC87856124D}" = Adobe Default Language CS3
"{BFE903DE-4845-4387-9C6C-98B21B8445A3}" = GMATPrep™
"{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}" = Microsoft .NET Framework 2.0 Service Pack 2
"{C1D76D7A-F3BB-47EA-A746-5B1E2FFC1DF2}" = Canon Utilities ZoomBrowser EX
"{CD8B8A40-DC1E-48FB-9510-3829614C96D7}" = CompanionLink
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{D0DFF92A-492E-4C40-B862-A74A173C25C5}" = Adobe Version Cue CS3 Client
"{D2559B88-CC9D-4B48-81BB-F492BAA9C48C}" = Adobe PDF Library Files
"{D6F879CC-59D6-4D4B-AE9B-D761E48D25ED}" = Skype™ 5.3
"{DBCC73BA-C69A-4BF5-B4BF-F07501EE7039}" = AnswerWorks 5.0 English Runtime
"{DC10C616-22E5-40AD-A3EA-3E7A957ECDC7}" = Movie Magic Screenwriter 6
"{DF6A13C0-77DF-41FE-BD05-6D5201EB0CE7}_is1" = Auslogics Disk Defrag
"{E69AE897-9E0B-485C-8552-7841F48D42D8}" = Adobe Update Manager CS3
"{EC2A8F27-4FBF-4E41-B27B-FE822511B761}" = iTunes
"{ED2A3C11-3EA8-4380-B59C-F2C1832731B0}" = Quicken 2009
"{ED9775A0-383E-4EAA-8DA5-8CC6860D60A3}" = Canon Camera WIA Driver
"{FAF0DAD8-1EA7-4FEF-80E5-8D8D6EBD5A23}" = RAW Image Task
"{FC3EEA54-C009-4D75-B753-3CD871BF3EBA}" = Camera Window
"{FC9E08AA-CD59-4C59-BEF9-87E05B9E37D7}" = Adobe Contribute CS3
"{FD6034A3-655C-49F0-B496-D4CBFD74D7A7}" = Palm Desktop by ACCESS
"{FE4BD9BD-4A26-4F39-B12C-19336204B100}" = EndNote X.0.2
"ACT!" = ACT!
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"Adobe Photoshop 6.0" = Adobe Photoshop 6.0
"Adobe Shockwave Player" = Adobe Shockwave Player 11.6
"Adobe SVG Viewer" = Adobe SVG Viewer
"Adobe_3e054d2218e7aa282c2369d939e58ff" = Adobe ExtendScript Toolkit 2
"Adobe_c4c00451d35772e88ad87152169b2f3" = Adobe Contribute CS3
"ATI Display Driver" = ATI Display Driver
"avast" = avast! Free Antivirus
"BlackBerry_{B06CC379-BA38-4572-9539-CDB0C544AA1E}" = BlackBerry Desktop Software 5.0
"Cisco Connect" = Cisco Connect
"Core FTP LE 2.1" = Core FTP LE 2.1
"doubleTwist" = doubleTwist
"ERUNT_is1" = ERUNT 1.1j
"Exact Audio Copy" = Exact Audio Copy 0.99pb5
"Family Tree Maker" = Family Tree Maker 9.0
"ffdshow_is1" = ffdshow [rev 2527] [2008-12-19]
"IDrive_is1" = IDrive version 3.4.1 July 08, 2011
"ie8" = Windows Internet Explorer 8
"InstallShield_{218BBBE3-FE63-4BB2-81A8-7435575A84FA}" = Canon Utilities PhotoStitch 3.1
"InstallShield_{2811B04D-5AAB-4117-8FF8-79529D54634F}" = Canon RemoteCapture Task for ZoomBrowser EX
"InstallShield_{74BE7519-41A7-45A8-8AA6-78C7907A4808}" = Canon Utilities EOS Capture 1.2
"InstallShield_{750CF8D7-4B04-404F-AFA2-14C129C42373}" = Canon Utilities EOS Viewer Utility 1.2
"InstallShield_{ED9775A0-383E-4EAA-8DA5-8CC6860D60A3}" = Canon EOS 20D WIA Driver
"InstallShield_{FAF0DAD8-1EA7-4FEF-80E5-8D8D6EBD5A23}" = Canon RAW Image Task for ZoomBrowser EX
"InstallShield_{FC3EEA54-C009-4D75-B753-3CD871BF3EBA}" = Canon Camera Window for ZoomBrowser EX
"ISI ResearchSoft - Export Helper" = ISI ResearchSoft - Export Helper
"M8 Free Clipboard" = M8 Free Clipboard
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware version 1.51.2.1300
"ManyCam" = ManyCam 2.4 (remove only)
"MediaNavigation.CDLabelPrint" = CD-LabelPrint
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Microsoft .NET Framework Full v1.0.3705 (1033)" = Microsoft .NET Framework (English) v1.0.3705
"Mozilla Firefox (3.5.7)" = Mozilla Firefox (3.5.7)
"MSCompPackV1" = Microsoft Compression Client Pack 1.0 for Windows XP
"MSTTS" = Microsoft Text-to-Speech Engine 4.0 (English)
"NetLimiter 2 Monitor" = NetLimiter 2 Monitor (remove only)
"NVIDIA" = NVIDIA Windows 2000/XP Display Drivers
"Picasa 3" = Picasa 3
"S3Display" = S3Display
"S3Gamma2" = S3Gamma2
"S3Info2" = S3Info2
"Shockwave" = Shockwave
"Toshiba AutoTask" = Toshiba AutoTask
"Verizon High Speed Internet_is1" = Verizon High Speed Internet
"Wdf01007" = Microsoft Kernel-Mode Driver Framework Feature Pack 1.7
"WebPost" = Microsoft Web Publishing Wizard 1.52
"Windows Media Format Runtime" = Windows Media Format 11 runtime
"Windows Media Player" = Windows Media Player 11
"Windows XP Service Pack" = Windows XP Service Pack 3
"WMFDist11" = Windows Media Format 11 runtime
"wmp11" = Windows Media Player 11
"Wudf01000" = Microsoft User-Mode Driver Framework Feature Pack 1.0

========== HKEY_USERS Uninstall List ==========

[HKEY_USERS\S-1-5-21-4113586923-2583412229-520591771-1007\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Google Chrome" = Google Chrome

========== Last 10 Event Log Errors ==========

[ Application Events ]
Error - 11/5/2011 2:28:25 PM | Computer Name = HP | Source = Application Error | ID = 1000
Description = Faulting application excel.exe, version 9.0.0.3822, faulting module
excel.exe, version 9.0.0.3822, fault address 0x00601937.

Error - 11/5/2011 2:28:48 PM | Computer Name = HP | Source = Application Error | ID = 1000
Description = Faulting application excel.exe, version 9.0.0.3822, faulting module
excel.exe, version 9.0.0.3822, fault address 0x00601937.

Error - 11/5/2011 2:29:04 PM | Computer Name = HP | Source = Application Error | ID = 1000
Description = Faulting application excel.exe, version 9.0.0.3822, faulting module
excel.exe, version 9.0.0.3822, fault address 0x00601937.

Error - 11/5/2011 2:29:20 PM | Computer Name = HP | Source = Application Error | ID = 1000
Description = Faulting application excel.exe, version 9.0.0.3822, faulting module
excel.exe, version 9.0.0.3822, fault address 0x00601937.

Error - 11/5/2011 2:29:40 PM | Computer Name = HP | Source = Application Error | ID = 1000
Description = Faulting application excel.exe, version 9.0.0.3822, faulting module
excel.exe, version 9.0.0.3822, fault address 0x00601937.

Error - 11/5/2011 2:30:37 PM | Computer Name = HP | Source = Application Error | ID = 1000
Description = Faulting application excel.exe, version 9.0.0.3822, faulting module
excel.exe, version 9.0.0.3822, fault address 0x00601937.

Error - 11/12/2011 12:11:35 AM | Computer Name = HP | Source = EventSystem | ID = 4614
Description = The COM+ Event System detected an inconsistency in its internal state.
The assertion "GetLastError() == 122L" failed at line 162 of d:\comxp_sp3\com\com1x\src\events\shared\sectools.cpp.
Please contact Microsoft Product Support Services to report this erro

[ System Events ]
Error - 11/12/2011 12:16:50 AM | Computer Name = HP | Source = Service Control Manager | ID = 7000
Description = The ATI WDM TV Audio Crossbar service failed to start due to the following
error: %%1058

Error - 11/12/2011 12:16:50 AM | Computer Name = HP | Source = Service Control Manager | ID = 7000
Description = The ATI WDM Specialized MVD Codec service failed to start due to the
following error: %%1058

Error - 11/12/2011 12:16:50 AM | Computer Name = HP | Source = Service Control Manager | ID = 7000
Description = The ATI WDM Specialized PCD Codec service failed to start due to the
following error: %%1058

Error - 11/12/2011 12:16:50 AM | Computer Name = HP | Source = Service Control Manager | ID = 7009
Description = Timeout (30000 milliseconds) waiting for the Roxio Hard Drive Watcher
9 service to connect.

Error - 11/12/2011 12:18:57 AM | Computer Name = HP | Source = Service Control Manager | ID = 7009
Description = Timeout (30000 milliseconds) waiting for the Application Layer Gateway
Service service to connect.

Error - 11/12/2011 12:19:01 AM | Computer Name = HP | Source = Service Control Manager | ID = 7000
Description = The Application Layer Gateway Service service failed to start due
to the following error: %%1053

Error - 11/12/2011 5:29:26 AM | Computer Name = HP | Source = VolSnap | ID = 393228
Description = The shadow copy of volume D: became low on diff area space before
it was properly installed.

Error - 11/12/2011 5:29:42 AM | Computer Name = HP | Source = VolSnap | ID = 393228
Description = The shadow copy of volume C: became low on diff area space before
it was properly installed.

Error - 11/12/2011 5:31:40 AM | Computer Name = HP | Source = VolSnap | ID = 393241
Description = The shadow copy of volume D: was aborted because the diff area file
could not grow in time. Consider reducing the IO load on this system to avoid this
problem in the future.

Error - 11/12/2011 5:31:45 AM | Computer Name = HP | Source = VolSnap | ID = 393241
Description = The shadow copy of volume C: was aborted because the diff area file
could not grow in time. Consider reducing the IO load on this system to avoid this
problem in the future.


< End of report >
  • 0

#6
SweetTech

SweetTech

    Sir SpamAlot

  • Retired Staff
  • 7,671 posts
Hi writer99!

Thanks for the update on things.

OTL Fix

We need to run an OTL Fix
  • Please reopen Posted Image on your desktop.
  • Copy and Paste the following code into the Posted Image textbox.
    :Services
    :Processes
    KILLALLPROCESSES
    :OTL
    O3 - HKU\S-1-5-21-4113586923-2583412229-520591771-1007\..\Toolbar\ShellBrowser: (no name) - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - No CLSID value found.
    O3 - HKU\S-1-5-21-4113586923-2583412229-520591771-1007\..\Toolbar\ShellBrowser: (no name) - {B2847E28-5D7D-4DEB-8B67-05D28BCF79F5} - No CLSID value found.
    O16 - DPF: {CAFEEFAC-0016-0000-0019-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_19)
    O16 - DPF: DirectAnimation Java Classes file://C:\WINDOWS\Java\classes\dajava.cab (Reg Error: Key error.)
    O16 - DPF: Microsoft XML Parser for Java file://C:\WINDOWS\Java\classes\xmldso.cab (Reg Error: Key error.)
    O16 - DPF: vzTCPConfig http://my.verizon.co...vzTCPConfig.CAB (Reg Error: Key error.)
    O33 - MountPoints2\{ff2f7e7c-e8d8-11e0-a4fa-000c6eaad8e0}\Shell - "" = AutoRun
    O33 - MountPoints2\{ff2f7e7c-e8d8-11e0-a4fa-000c6eaad8e0}\Shell\AutoRun - "" = Auto&Play
    O33 - MountPoints2\{ff2f7e7c-e8d8-11e0-a4fa-000c6eaad8e0}\Shell\AutoRun\command - "" = G:\setup.exe -a
    [2011/01/20 15:49:49 | 000,000,120 | ---- | C] () -- C:\WINDOWS\Mbere.dat
    [2011/01/20 15:49:49 | 000,000,000 | ---- | C] () -- C:\WINDOWS\Kxoqoxosokarade.bin
    [2010/10/26 14:46:35 | 023,330,364 | ---- | C] () -- C:\Program Files\Mendeley-Desktop-0.9.8.1-win32.exe
    [2010/02/24 13:02:44 | 000,000,023 | -H-- | C] () -- C:\Documents and Settings\All Users\Application Data\.119889580931711767808769176
    [2010/02/24 13:00:31 | 000,000,021 | -H-- | C] () -- C:\Documents and Settings\All Users\Application Data\.24554863501262644635642126105
    @Alternate Data Stream - 1320 bytes -> C:\Documents and Settings\freddy\Cookies:FPvRREkzyvHHldOxGgLE
    @Alternate Data Stream - 1285 bytes -> C:\Documents and Settings\All Users\Application Data\Microsoft:crcOtBPs6BgK2U4gh64n4
    @Alternate Data Stream - 1271 bytes -> C:\Documents and Settings\All Users\Application Data\Microsoft:y7Ptm0uJ35xHxz2YSVxCdKvPC7sw
    @Alternate Data Stream - 1172 bytes -> C:\Documents and Settings\freddy\Cookies:4VeaJIEaMc5HZ7Qjt8lMFnnGfHid
    
    :Reg
    
    :Files
    echo,Y|cacls "%WinDir%\system32\drivers\etc\hosts" /G everyone:f /c
    ipconfig /flushdns /c
    :Commands
    [purity]
    [resethosts]
    [CreateRestorePoint]
    [emptytemp]
    [EMPTYFLASH]
    
  • Push Posted Image
  • OTL may ask to reboot the machine. Please do so if asked.
  • Click the OK button.
  • A report will open. Copy and Paste that report in your next reply.
  • If the machine reboots, the log will be located at C:\_OTL\MovedFiles\mmddyyyy_hhmmss.log, where mmddyyyy_hhmmss is the date of the tool run.


NEXT:



Running ComboFix

Download ComboFix from one of the following locations:
Link 1
Link 2

VERY IMPORTANT !!! Save ComboFix.exe to your Desktop
* IMPORTANT - Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon.
They may otherwise interfere with our tools. If you have difficulty properly disabling your protective programs, refer to this link here

  • Double click on ComboFix.exe & follow the prompts.
  • Accept the disclaimer and allow to update if it asks
    Posted Image
    Posted Image
  • When finished, it shall produce a log for you.
  • Please include the C:\ComboFix.txt in your next reply.

Notes:
1. Do not mouse-click Combofix's window while it is running. That may cause it to stall.
2. Do not "re-run" Combofix. If you have a problem, reply back for further instructions.


Please make sure you include the ComboFix log in your next reply as well as describe how your computer is running now
  • 0

#7
writer99

writer99

    Member

  • Topic Starter
  • Member
  • PipPip
  • 11 posts
ST,
Thanks!
First, is there a way I can get an email notification when you post to the thread? I set up my email notification in my settings, but it doesn't seem to be working.
Second, is there an obvious problem that you see from my logs, or are we just doing general cleanup. I'd love to understand what exactly it is that we're fixing with combofix and OTL, so that maybe I can stop it from happening again, or even fix it if it happens again. However, if it would take too long to explain it, as it sounds like there are a lot of people that need help, I completely understand. Just trying to get an idea if I'm infected with malware, or if my registry is just full of junk, or if it's some other problem.
Thanks ST!
Logs are below.


All processes killed
========== SERVICES/DRIVERS ==========
========== PROCESSES ==========
========== OTL ==========
Registry value HKEY_USERS\S-1-5-21-4113586923-2583412229-520591771-1007\Software\Microsoft\Internet Explorer\Toolbar\ShellBrowser\\{42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6}\ not found.
Registry value HKEY_USERS\S-1-5-21-4113586923-2583412229-520591771-1007\Software\Microsoft\Internet Explorer\Toolbar\ShellBrowser\\{B2847E28-5D7D-4DEB-8B67-05D28BCF79F5} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{B2847E28-5D7D-4DEB-8B67-05D28BCF79F5}\ not found.
Starting removal of ActiveX control {CAFEEFAC-0016-0000-0019-ABCDEFFEDCBA}
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{CAFEEFAC-0016-0000-0019-ABCDEFFEDCBA}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0019-ABCDEFFEDCBA}\ deleted successfully.
Registry key HKEY_CURRENT_USER\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0019-ABCDEFFEDCBA}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{CAFEEFAC-0016-0000-0019-ABCDEFFEDCBA}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0019-ABCDEFFEDCBA}\ not found.
File Animation Java Classes file://C:\WINDOWS\Java\classes\dajava.cab not found.
Starting removal of ActiveX control DirectAnimation Java Classes
Registry error reading value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\DirectAnimation Java Classes\DownloadInformation\\INF .
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\DirectAnimation Java Classes\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\DirectAnimation Java Classes\ not found.
File oft XML Parser for Java file://C:\WINDOWS\Java\classes\xmldso.cab not found.
Starting removal of ActiveX control Microsoft XML Parser for Java
Registry error reading value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\Microsoft XML Parser for Java\DownloadInformation\\INF .
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\Microsoft XML Parser for Java\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\Microsoft XML Parser for Java\ not found.
Starting removal of ActiveX control vzTCPConfig
Registry error reading value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\vzTCPConfig\DownloadInformation\\INF .
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\vzTCPConfig\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\vzTCPConfig\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{ff2f7e7c-e8d8-11e0-a4fa-000c6eaad8e0}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{ff2f7e7c-e8d8-11e0-a4fa-000c6eaad8e0}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{ff2f7e7c-e8d8-11e0-a4fa-000c6eaad8e0}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{ff2f7e7c-e8d8-11e0-a4fa-000c6eaad8e0}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{ff2f7e7c-e8d8-11e0-a4fa-000c6eaad8e0}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{ff2f7e7c-e8d8-11e0-a4fa-000c6eaad8e0}\ not found.
File G:\setup.exe -a not found.
C:\WINDOWS\Mbere.dat moved successfully.
C:\WINDOWS\Kxoqoxosokarade.bin moved successfully.
C:\Program Files\Mendeley-Desktop-0.9.8.1-win32.exe moved successfully.
C:\Documents and Settings\All Users\Application Data\.119889580931711767808769176 moved successfully.
C:\Documents and Settings\All Users\Application Data\.24554863501262644635642126105 moved successfully.
ADS C:\Documents and Settings\freddy\Cookies:FPvRREkzyvHHldOxGgLE deleted successfully.
ADS C:\Documents and Settings\All Users\Application Data\Microsoft:crcOtBPs6BgK2U4gh64n4 deleted successfully.
ADS C:\Documents and Settings\All Users\Application Data\Microsoft:y7Ptm0uJ35xHxz2YSVxCdKvPC7sw deleted successfully.
ADS C:\Documents and Settings\freddy\Cookies:4VeaJIEaMc5HZ7Qjt8lMFnnGfHid deleted successfully.
========== REGISTRY ==========
========== FILES ==========
< echo,Y|cacls "%WinDir%\system32\drivers\etc\hosts" /G everyone:f /c >
Are you sure (Y/N)?
C:\Documents and Settings\freddy\Desktop\cmd.bat deleted successfully.
C:\Documents and Settings\freddy\Desktop\cmd.txt deleted successfully.
< ipconfig /flushdns /c >
Windows IP Configuration
Successfully flushed the DNS Resolver Cache.
C:\Documents and Settings\freddy\Desktop\cmd.bat deleted successfully.
C:\Documents and Settings\freddy\Desktop\cmd.txt deleted successfully.
========== COMMANDS ==========
HOSTS file reset successfully
Error starting restore point: 1016
Error closing restore point: The sequence number is invalid.

[EMPTYTEMP]

User: Administrator
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 0 bytes

User: All Users

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes

User: LocalService
->Temp folder emptied: 66016 bytes
->Temporary Internet Files folder emptied: 33170 bytes

User: freddy
->Temp folder emptied: 45307291 bytes
->Temporary Internet Files folder emptied: 45534702 bytes
->Java cache emptied: 13772749 bytes
->FireFox cache emptied: 0 bytes
->Google Chrome cache emptied: 233734525 bytes
->Flash cache emptied: 21591 bytes

User: NetworkService
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 33170 bytes

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32\dllcache .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 189513 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temp folder emptied: 0 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temporary Internet Files folder emptied: 0 bytes
RecycleBin emptied: 1287150899 bytes

Total Files Cleaned = 1,551.00 mb


[EMPTYFLASH]

User: Administrator
->Flash cache emptied: 0 bytes

User: All Users

User: Default User

User: LocalService

User: freddy
->Flash cache emptied: 0 bytes

User: NetworkService

Total Flash Files Cleaned = 0.00 mb


OTL by OldTimer - Version 3.2.31.0 log created on 11142011_174127

ComboFix 10-06-03.01 - freddy 06/04/2010 13:05:50.2.2 - x86
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.1023.507 [GMT -7:00]
Running from: c:\documents and settings\freddy\My Documents\AAADownloads\Junk\ComboFix.exe
AV: avast! antivirus 4.8.1351 [VPS 100604-1] *On-access scanning disabled* (Updated) {7591DB91-41F0-48A3-B128-1A293FD8233D}
.

((((((((((((((((((((((((( Files Created from 2010-05-04 to 2010-06-04 )))))))))))))))))))))))))))))))
.

2010-05-21 23:59 . 2010-05-31 15:37 -------- d-----w- c:\documents and settings\freddy\EurekaLog
2010-05-12 17:05 . 2010-05-12 17:06 -------- d-----w- c:\documents and settings\freddy\Application Data\U3
2010-05-11 19:07 . 2010-05-11 19:07 4096 ----a-r- c:\documents and settings\freddy\Application Data\Microsoft\Installer\{61962B4F-0F34-4755-B6E8-27E9D9601898}\Icon61962B4F5.exe
2010-05-11 19:06 . 2010-05-11 19:07 -------- d-----w- c:\program files\ACT-Outlook Synchronizer 6.0
2010-05-11 02:16 . 2010-05-11 18:41 -------- d-----w- c:\program files\ACT-Outlook Synchronizer 7.0
2010-05-07 09:21 . 2008-04-14 00:12 26624 ----a-w- c:\documents and settings\LocalService\Application Data\Microsoft\UPnP Device Host\upnphost\udhisapi.dll
2010-05-07 09:19 . 2010-05-07 09:19 -------- d-----w- c:\program files\Windows Media Connect 2
2010-05-07 09:17 . 2010-05-07 09:18 -------- d-----w- c:\windows\system32\drivers\UMDF

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-06-04 17:57 . 2009-11-06 18:54 73908 ---ha-w- c:\windows\system32\mlfcache.dat
2010-06-04 09:47 . 2009-09-27 16:38 -------- d-----w- c:\program files\IDrive
2010-06-04 08:17 . 2009-09-16 06:06 -------- d-----w- c:\program files\LogMeIn
2010-05-24 20:48 . 2010-04-09 22:57 -------- d-----w- c:\documents and settings\freddy\Application Data\BitComet
2010-05-23 20:29 . 2009-11-04 05:07 -------- d-----w- c:\documents and settings\freddy\Application Data\CoreFTP
2010-05-11 19:06 . 2009-09-18 03:53 -------- d-----w- c:\program files\Common Files\Wise Installation Wizard
2010-05-06 01:04 . 2009-09-18 04:20 256 ----a-w- c:\windows\system32\pool.bin
2010-04-30 20:44 . 2010-04-30 20:44 -------- d-----w- c:\program files\USPS
2010-04-29 18:35 . 2010-04-29 18:35 -------- d-----w- c:\program files\AutoTask
2010-04-14 05:36 . 2010-04-14 05:34 -------- d-----w- c:\program files\ManyCam 2.4
2010-04-14 05:36 . 2010-04-14 05:34 -------- d-----w- c:\documents and settings\freddy\Application Data\ManyCam
2010-04-09 22:57 . 2010-04-09 22:57 -------- d-----w- c:\program files\BitComet
2010-04-09 22:57 . 2010-04-09 22:57 1036288 ----a-w- c:\documents and settings\freddy\Application Data\Mozilla\Firefox\Profiles\fz5pq15l.freddy\extensions\{B042753D-F57E-4e8e-A01B-7379A6D4CEFB}\components\IBitCometExtension.dll
2010-04-09 22:51 . 2010-04-09 22:51 -------- d-----w- c:\documents and settings\freddy\Application Data\FrostWire
2010-04-09 22:30 . 2010-04-09 22:30 -------- d-----w- c:\program files\Common Files\Java
2010-04-09 22:27 . 2009-09-25 16:53 411368 ----a-w- c:\windows\system32\deploytk.dll
2010-04-05 21:48 . 2010-04-03 05:26 -------- d-----w- c:\documents and settings\freddy\Application Data\Lala Music Mover
2010-03-10 06:15 . 2009-09-14 02:39 420352 ----a-w- c:\windows\system32\vbscript.dll
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"msnmsgr"="c:\program files\Windows Live\Messenger\msnmsgr.exe" [2009-07-26 3883856]
"IDriveE Startup"="c:\program files\IDrive\IDrvieEStartup.exe" [2009-09-22 173520]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"LogMeIn GUI"="c:\program files\LogMeIn\x86\LogMeInSystray.exe" [2008-08-11 63048]
"avast!"="c:\progra~1\ALWILS~1\Avast4\ashDisp.exe" [2009-08-17 81000]
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2009-11-11 417792]
"AutoTask"="c:\program files\AutoTask\AutoTask.exe" [2009-06-22 335872]
"ACT-Bckgrnd-Sync"="c:\program files\ACT-Outlook Synchronizer 6.0\Background_Sync.exe" [2005-03-14 106496]

c:\documents and settings\freddy\Start Menu\Programs\Startup\
IDrive Tray.lnk - c:\program files\IDrive\IDriveEReg2ini.exe [2009-9-27 286720]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\LMIinit]
2009-09-05 18:23 87352 ----a-w- c:\windows\system32\LMIinit.dll

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Adobe Gamma Loader.exe.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Adobe Gamma Loader.exe.lnk
backup=c:\windows\pss\Adobe Gamma Loader.exe.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^HotSync Manager.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\HotSync Manager.lnk
backup=c:\windows\pss\HotSync Manager.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Microsoft Office.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Microsoft Office.lnk
backup=c:\windows\pss\Microsoft Office.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LTMSG]
LTMSG.exe 7 [X]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Acrobat Assistant 8.0]
2010-04-03 23:44 640440 ----a-w- c:\program files\Adobe\Acrobat 9.0\Acrobat\acrotray.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Acrobat Speed Launcher]
2010-04-04 05:32 38840 ----a-w- c:\program files\Adobe\Acrobat 9.0\Acrobat\acrobat_sl.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe ARM]
2010-03-24 18:17 952768 ----a-w- c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AlcxMonitor]
2004-09-07 20:47 57344 ----a-w- c:\windows\ALCXMNTR.EXE

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BlackBerryAutoUpdate]
2009-07-02 06:13 623960 ----a-w- c:\program files\Common Files\Research In Motion\Auto Update\RIMAutoUpdate.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ControlCenter2.0]
2004-07-20 17:34 851968 ------w- c:\program files\Brother\ControlCenter2\brctrcen.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ctfmon.exe]
2008-04-14 00:12 15360 ----a-w- c:\windows\system32\ctfmon.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HotKeysCmds]
2003-03-12 07:11 114688 ----a-w- c:\windows\system32\hkcmd.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\hpsysdrv]
1998-05-08 06:04 52736 ----a-w- c:\windows\system\hpsysdrv.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IndexSearch]
2004-04-14 23:04 40960 ----a-w- c:\program files\ScanSoft\PaperPort\IndexSearch.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ISUSPM]
2008-10-24 16:14 206112 ----a-w- c:\program files\Common Files\InstallShield\UpdateService\ISUSPM.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
2009-09-09 04:09 305440 ----a-w- c:\program files\iTunes\iTunesHelper.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PaperPort PTD]
2004-04-14 22:46 57393 ----a-w- c:\program files\ScanSoft\PaperPort\pptd40nt.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
2009-11-11 07:08 417792 ----a-w- c:\program files\QuickTime\QTTask.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Recguard]
2002-09-14 11:42 212992 ----a-w- c:\windows\SMINST\Recguard.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RoxWatchTray]
2009-04-11 21:17 236016 ----a-w- c:\program files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatchTray9.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SetDefPrt]
2004-05-25 17:16 49152 ------w- c:\program files\Brother\Brmfl04e\BrStDvPt.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SSBkgdUpdate]
2003-10-14 18:22 155648 ----a-r- c:\program files\Common Files\ScanSoft Shared\SSBkgdUpdate\SSBkgdUpdate.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
2010-02-18 18:43 248040 ----a-w- c:\program files\Common Files\Java\Java Update\jusched.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Xmarks]
2009-11-13 00:00 1007616 ----a-w- c:\program files\Xmarks\IE Extension\xmarkssync.exe

[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"FirewallOverride"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\wlcsdk.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"c:\\Program Files\\SmartFTP Client\\SmartFTP.exe"=
"c:\\Program Files\\Mozilla Firefox\\firefox.exe"=
"c:\\Program Files\\Adobe\\Adobe Contribute CS3\\Contribute.exe"=
"c:\\Program Files\\BitComet\\BitComet.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"3389:TCP"= 3389:TCP:@xpsp2res.dll,-22009
"18304:TCP"= 18304:TCP:BitComet 18304 TCP
"18304:UDP"= 18304:UDP:BitComet 18304 UDP

R1 aswSP;avast! Self Protection;c:\windows\system32\drivers\aswSP.sys [9/22/2009 10:18 PM 114768]
R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [9/22/2009 10:18 PM 20560]
R2 IDriveE Service;IDriveE Service;c:\program files\IDrive\IDriveE Service.exe [9/27/2009 9:38 AM 148944]
R2 IDriveWebM;IDrive WebManager;c:\program files\IDrive\IDriveWebM.exe [9/27/2009 9:38 AM 118784]
R3 brfilt;Brother MFC Filter Driver;c:\windows\system32\drivers\BrFilt.sys [9/13/2009 7:51 PM 2944]
R3 BrSerWDM;Brother WDM Serial driver;c:\windows\system32\drivers\BrSerWdm.sys [3/13/2003 11:04 PM 61952]
R3 BrUsbMdm;Brother MFC USB Fax Only Modem;c:\windows\system32\drivers\BrUsbMdm.sys [9/13/2009 7:51 PM 11008]
R3 BrUsbScn;Brother MFC USB Scanner driver;c:\windows\system32\drivers\BrUsbScn.sys [9/13/2009 8:15 PM 10368]
R3 ManyCam;ManyCam Virtual Webcam, WDM Video Capture Driver;c:\windows\system32\drivers\ManyCam.sys [1/14/2008 3:06 AM 21632]
S2 LMIInfo;LogMeIn Kernel Information Provider;c:\program files\LogMeIn\x86\rainfo.sys [8/11/2008 12:41 PM 12856]
.
Contents of the 'Scheduled Tasks' folder

2010-06-04 c:\windows\Tasks\User_Feed_Synchronization-{00299ACB-10BC-49D6-88A3-64F230036414}.job
- c:\windows\system32\msfeedssync.exe [2009-03-08 12:31]
.
.
------- Supplementary Scan -------
.
uDefault_Search_URL = hxxp://www.google.com/ie
mSearch Bar = hxxp://srch-us8.hpwis.com/
uInternet Settings,ProxyOverride = 127.0.0.1;*.local
uSearchAssistant = hxxp://www.google.com/ie
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200
IE: Append Link Target to Existing PDF - c:\program files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
IE: Append to Existing PDF - c:\program files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert Link Target to Adobe PDF - c:\program files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
IE: Convert to Adobe PDF - c:\program files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECapture.html
Name-Space Handler: ftp\* - {419A0123-4312-1122-A0C0-434FDA6DA542} - c:\program files\CoreFTP\pftpns.dll
DPF: DirectAnimation Java Classes - file://c:\windows\Java\classes\dajava.cab
DPF: Microsoft XML Parser for Java - file://c:\windows\Java\classes\xmldso.cab
DPF: {F27237D7-93C8-44C2-AC6E-D6057B9A918F} - hxxps://juniper.net/dana-cached/sc/JuniperSetupClient.cab
FF - ProfilePath - c:\documents and settings\freddy\Application Data\Mozilla\Firefox\Profiles\fz5pq15l.freddy\
FF - prefs.js: browser.startup.homepage - hxxp://www.msnbc.msn.com/
FF - component: c:\documents and settings\freddy\Application Data\Mozilla\Firefox\Profiles\fz5pq15l.freddy\extensions\{B042753D-F57E-4e8e-A01B-7379A6D4CEFB}\components\IBitCometExtension.dll
FF - plugin: c:\progra~1\Palm\PACKAG~1\NPInstal.dll
FF - plugin: c:\program files\Google\Picasa3\npPicasa3.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\nplalaDl.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\
.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-06-04 13:13
Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'winlogon.exe'(888)
c:\windows\system32\Ati2evxx.dll
c:\windows\system32\LMIinit.dll

- - - - - - - > 'explorer.exe'(4660)
c:\windows\system32\WININET.dll
c:\program files\SmartFTP Client\en-US\sfShellTools.dll.mui
c:\windows\system32\ieframe.dll
c:\windows\system32\webcheck.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
Completion time: 2010-06-04 13:15:11
ComboFix-quarantined-files.txt 2010-06-04 20:15
ComboFix2.txt 2010-06-04 18:45

Pre-Run: 877,475,966,976 bytes free
Post-Run: 877,482,586,112 bytes free

- - End Of File - - 1B30FA90470EF05DFBBAE4D2B187276E
  • 0

#8
SweetTech

SweetTech

    Sir SpamAlot

  • Retired Staff
  • 7,671 posts
Hi writer99!

Yes, there is a way. To get an e-mail notification when I reply to your thread, you can do so by going to this link:

http://www.geekstogo...&area=topicsubs

Place a checkmark next to your thread under Virus, Spyware, Malware Removal.

Click the drop down menu and select Change to: Instant Notification followed by clicking on with selected


-------

In regards to what exactly the scans are doing, well with the OTL scan we are removing some orphaned entries in the registry, as well as dealing with some malicious files that need to be removed.

With ComboFix we were seeing if it detected any malicious files or folders.

Your logs are looking better, but I'd like to see what these scans below find (if anything)


Malwarebytes' Anti-Malware

I see that you have Malwarebytes' Anti-Malware installed on your computer could you please do a scan using these settings:

  • Open Malwarebytes' Anti-Malware
  • Select the Update tab
  • Click Check for Updates
  • After the update have been completed, Select the Scanner tab.
  • Select Perform quick scan, then click on Scan
  • Leave the default options as it is and click on Start Scan
  • When done, you will be prompted. Click OK, then click on Show Results
  • Checked (ticked) all items and click on Remove Selected
  • After it has removed the items, Notepad will open. Please post this log in your next reply. You can also find the log in the Logs tab. The bottom most log is the latest
Extra Note: If MBAM encounters a file that is difficult to remove, you will be presented with 1 of 2 prompts, click OK to either and let MBAM proceed with the disinfection process, if asked to restart the computer, please do so immediately.



NEXT:



ESET Online Scanner
I'd like us to scan your machine with ESET Online Scan

Note: It is recommended to disable on-board anti-virus program and anti-spyware programs while performing scans so there are no conflicts and it will speed up scan time.
Please don't go surfing while your resident protection is disabled!
Once the scan is finished remember to re-enable your anti-virus along with your anti-spyware programs.



  • Hold down Control and click on the following link to open ESET OnlineScan in a new window.
    ESET OnlineScan
  • Click the Posted Image button.
  • For alternate browsers only: (Microsoft Internet Explorer users can skip these steps)
    • Click on Posted Image to download the ESET Smart Installer. Save it to your desktop.
    • Double click on the Posted Image icon on your desktop.
  • Check Posted Image
  • Click the Posted Image button.
  • Accept any security warnings from your browser.
  • Check Posted Image
  • Make sure that the option "Remove found threats" is Unchecked
  • When the Computer scan settings display shows, click the Advanced option, the place a check next to the following (if it is not already checked):
    • Enable Anti-Stealth technology
  • Push the Start button.
  • ESET will then download updates for itself, install itself, and begin
    scanning your computer. Please be patient as this can take some time.
  • When the scan completes, push Posted Image
  • Push Posted Image, and save the file to your desktop using a unique name, such as
    ESETScan. Include the contents of this report in your next reply.
  • Push the Posted Image button.
  • Push Posted Image


NEXT:



Security Check
Download Security Check by screen317 from here or here.
  • Save it to your Desktop.
  • Double click SecurityCheck.exe and follow the onscreen instructions inside of the black box.
  • A Notepad document should open automatically called checkup.txt; please post the contents of that document.

  • 0

#9
writer99

writer99

    Member

  • Topic Starter
  • Member
  • PipPip
  • 11 posts
Thanks! Logs are below:


Malwarebytes' Anti-Malware 1.51.2.1300
www.malwarebytes.org

Database version: 8171

Windows 5.1.2600 Service Pack 3
Internet Explorer 8.0.6001.18702

11/15/2011 3:01:58 PM
mbam-log-2011-11-15 (15-01-58).txt

Scan type: Quick scan
Objects scanned: 181571
Time elapsed: 12 minute(s), 10 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)


C:\Documents and Settings\freddy\My Documents\Current 1\PTG LLC\Marketing\Website\Website Backup\2010.12.14\PTG\images\image.php PHP/Kryptik.AB trojan
C:\Documents and Settings\freddy\My Documents\Current 1\PTG LLC\Marketing\Website\Website Backup\2010.12.14\PTG\includes\skins\aqua\images\image.php PHP/Kryptik.AB trojan
C:\Documents and Settings\freddy\My Documents\Current 1\PTG LLC\Marketing\Website\Website Backup\2010.12.14\PTG\includes\skins\arktic\images\image.php PHP/Kryptik.AB trojan
C:\Documents and Settings\freddy\My Documents\Current 1\PTG LLC\Marketing\Website\Website Backup\2010.12.14\PTG\includes\skins\formal\images\image.php PHP/Kryptik.AB trojan
C:\Documents and Settings\freddy\My Documents\Current 1\PTG LLC\Marketing\Website\Website Backup\2010.12.14\PTG\includes\skins\kollection\images\image.php PHP/Kryptik.AB trojan
C:\Documents and Settings\freddy\My Documents\Current 1\PTG LLC\Marketing\Website\Website Backup\2010.12.14\PTG\includes\skins\none\images\image.php PHP/Kryptik.AB trojan
C:\Documents and Settings\freddy\My Documents\Current 1\PTG LLC\Marketing\Website\Website Backup\2010.12.14\PTG\jcb\images\image.php PHP/Kryptik.AB trojan
C:\Documents and Settings\freddy\My Documents\Current 1\PTG LLC\Marketing\Website\Website Backup\2010.12.14\PTG\press\images\image.php PHP/Kryptik.AB trojan
C:\Documents and Settings\freddy\My Documents\Current 1\PTG LLC\Marketing\Website\Website Backup\2010.12.14\PTG\press\press_photos\images\image.php PHP/Kryptik.AB trojan
C:\Documents and Settings\freddy\My Documents\Current 1\anime films\Website\Backup\2010.12.14\images\image.php PHP/Kryptik.AB trojan
C:\Documents and Settings\freddy\My Documents\Current 1\anime films\Website\Backup\2010.12.14\includes\skins\aqua\images\image.php PHP/Kryptik.AB trojan
C:\Documents and Settings\freddy\My Documents\Current 1\anime films\Website\Backup\2010.12.14\includes\skins\arktic\images\image.php PHP/Kryptik.AB trojan
C:\Documents and Settings\freddy\My Documents\Current 1\anime films\Website\Backup\2010.12.14\includes\skins\formal\images\image.php PHP/Kryptik.AB trojan
C:\Documents and Settings\freddy\My Documents\Current 1\anime films\Website\Backup\2010.12.14\includes\skins\kollection\images\image.php PHP/Kryptik.AB trojan
C:\Documents and Settings\freddy\My Documents\Current 1\anime films\Website\Backup\2010.12.14\includes\skins\none\images\image.php PHP/Kryptik.AB trojan
C:\Documents and Settings\freddy\My Documents\Current 1\anime films\Website\Backup\2010.12.14\WA_iRite\editor\css\images\image.php PHP/Kryptik.AB trojan
C:\Documents and Settings\freddy\My Documents\Current 1\anime films\Website\Backup\2010.12.14\WA_iRite\editor\dialog\common\images\image.php PHP/Kryptik.AB trojan
C:\Documents and Settings\freddy\My Documents\Current 1\anime films\Website\Backup\2010.12.14\WA_iRite\editor\dialog\fck_template\images\image.php PHP/Kryptik.AB trojan
C:\Documents and Settings\freddy\My Documents\Current 1\anime films\Website\Backup\2010.12.14\WA_iRite\editor\images\image.php PHP/Kryptik.AB trojan
C:\Documents and Settings\freddy\My Documents\Current 1\anime films\Website\Backup\2010.12.14\WA_iRite\editor\skins\default\images\image.php PHP/Kryptik.AB trojan
C:\Documents and Settings\freddy\My Documents\Current 1\anime films\Website\Backup\2010.12.14\WA_iRite\editor\skins\office2003\images\image.php PHP/Kryptik.AB trojan
C:\Documents and Settings\freddy\My Documents\Current 1\anime films\Website\Backup\2010.12.14\WA_iRite\editor\skins\silver\images\image.php PHP/Kryptik.AB trojan

Results of screen317's Security Check version 0.99.26
Windows XP Service Pack 3 x86
Internet Explorer 8
``````````````````````````````
Antivirus/Firewall Check:

Windows Firewall Disabled!
avast! Free Antivirus
ESET Online Scanner v3
Antivirus up to date!
```````````````````````````````
Anti-malware/Other Utilities Check:

Malwarebytes' Anti-Malware
Java™ 6 Update 26
Out of date Java installed!
Adobe Flash Player ( 10.0.45.2) Flash Player Out of Date!
Mozilla Firefox ((3.5.7)) Firefox Out of Date!
````````````````````````````````
Process Check:
objlist.exe by Laurent

Alwil Software Avast5 AvastSvc.exe
ALWILS~1 Avast5 avastUI.exe
``````````End of Log````````````

Edited by writer99, 15 November 2011 - 11:37 PM.

  • 0

#10
SweetTech

SweetTech

    Sir SpamAlot

  • Retired Staff
  • 7,671 posts
Hi writer99!

It looks like ESET detected threats in the following files:

C:\Documents and Settings\freddy\My Documents\Current 1\PTG LLC\Marketing\Website\Website Backup\2010.12.14\PTG\images\image.php PHP/Kryptik.AB trojan
C:\Documents and Settings\freddy\My Documents\Current 1\PTG LLC\Marketing\Website\Website Backup\2010.12.14\PTG\includes\skins\aqua\images\image.php PHP/Kryptik.AB trojan
C:\Documents and Settings\freddy\My Documents\Current 1\PTG LLC\Marketing\Website\Website Backup\2010.12.14\PTG\includes\skins\arktic\images\image.php PHP/Kryptik.AB trojan
C:\Documents and Settings\freddy\My Documents\Current 1\PTG LLC\Marketing\Website\Website Backup\2010.12.14\PTG\includes\skins\formal\images\image.php PHP/Kryptik.AB trojan
C:\Documents and Settings\freddy\My Documents\Current 1\PTG LLC\Marketing\Website\Website Backup\2010.12.14\PTG\includes\skins\kollection\images\image.php PHP/Kryptik.AB trojan
C:\Documents and Settings\freddy\My Documents\Current 1\PTG LLC\Marketing\Website\Website Backup\2010.12.14\PTG\includes\skins\none\images\image.php PHP/Kryptik.AB trojan
C:\Documents and Settings\freddy\My Documents\Current 1\PTG LLC\Marketing\Website\Website Backup\2010.12.14\PTG\jcb\images\image.php PHP/Kryptik.AB trojan
C:\Documents and Settings\freddy\My Documents\Current 1\PTG LLC\Marketing\Website\Website Backup\2010.12.14\PTG\press\images\image.php PHP/Kryptik.AB trojan
C:\Documents and Settings\freddy\My Documents\Current 1\PTG LLC\Marketing\Website\Website Backup\2010.12.14\PTG\press\press_photos\images\image.php PHP/Kryptik.AB trojan
C:\Documents and Settings\freddy\My Documents\Current 1\anime films\Website\Backup\2010.12.14\images\image.php PHP/Kryptik.AB trojan
C:\Documents and Settings\freddy\My Documents\Current 1\anime films\Website\Backup\2010.12.14\includes\skins\aqua\images\image.php PHP/Kryptik.AB trojan
C:\Documents and Settings\freddy\My Documents\Current 1\anime films\Website\Backup\2010.12.14\includes\skins\arktic\images\image.php PHP/Kryptik.AB trojan
C:\Documents and Settings\freddy\My Documents\Current 1\anime films\Website\Backup\2010.12.14\includes\skins\formal\images\image.php PHP/Kryptik.AB trojan
C:\Documents and Settings\freddy\My Documents\Current 1\anime films\Website\Backup\2010.12.14\includes\skins\kollection\images\image.php PHP/Kryptik.AB trojan
C:\Documents and Settings\freddy\My Documents\Current 1\anime films\Website\Backup\2010.12.14\includes\skins\none\images\image.php PHP/Kryptik.AB trojan
C:\Documents and Settings\freddy\My Documents\Current 1\anime films\Website\Backup\2010.12.14\WA_iRite\editor\css\images\image.php PHP/Kryptik.AB trojan
C:\Documents and Settings\freddy\My Documents\Current 1\anime films\Website\Backup\2010.12.14\WA_iRite\editor\dialog\common\images\image.php PHP/Kryptik.AB trojan
C:\Documents and Settings\freddy\My Documents\Current 1\anime films\Website\Backup\2010.12.14\WA_iRite\editor\dialog\fck_template\images\image.php PHP/Kryptik.AB trojan
C:\Documents and Settings\freddy\My Documents\Current 1\anime films\Website\Backup\2010.12.14\WA_iRite\editor\images\image.php PHP/Kryptik.AB trojan
C:\Documents and Settings\freddy\My Documents\Current 1\anime films\Website\Backup\2010.12.14\WA_iRite\editor\skins\default\images\image.php PHP/Kryptik.AB trojan
C:\Documents and Settings\freddy\My Documents\Current 1\anime films\Website\Backup\2010.12.14\WA_iRite\editor\skins\office2003\images\image.php PHP/Kryptik.AB trojan
C:\Documents and Settings\freddy\My Documents\Current 1\anime films\Website\Backup\2010.12.14\WA_iRite\editor\skins\silver\images\image.php PHP/Kryptik.AB trojan

Do you need these files or can we go ahead and remove them?

____________________________________________________


From the looks of your SecurityCheck log, I can see that we have some outdated programs that need to be updated.

Lets address those programs that need updating now!

Your SecurityCheck log indicates that your version of Flash Player is outdated. This is a vulnerability that needs to be addressed. Please remove the outdated version of Flash Player and then install the latest version.

Java Outdated

Important Note: Your version of Java is out of date. Older versions have vulnerabilities that malicious sites can use to exploit and infect your system.Please follow these steps to remove older version Java components and update:
  • Download the latest version of Java Runtime Environment (JRE) Version 7 and save it to your desktop.
  • Look for "Java Platform, Standard Edition".
  • Click the "Download JRE" button to the right.
  • Read the License Agreement, and then check the box that says: "Accept License Agreement".
  • From the list, select your OS and Platform:
    • 32-bit Select: Windows x86 Offline.
    • 64-bit Select: Windows x64.
  • If a download for an Offline Installation is available, it is recommended to choose that and save the file to your desktop.
  • Close any programs you may have running - especially your web browser.
Go to Posted Image > Control Panel, double-click on Add/Remove Programs or Programs and Features in Vista/Windows 7 and remove all older versions of Java.
  • Check (highlight) any item with Java Runtime Environment (JRE or J2SE) in the name.
  • Click the Remove or Change/Remove button and follow the onscreen instructions for the Java uninstaller.
  • Repeat as many times as necessary to remove each Java versions.
  • Reboot your computer once all Java components are removed.
  • Then from your desktop double-click on jre-7-windows-i586.exe to install the newest version.
  • If using Windows 7 or Vista and the installer refuses to launch due to insufficient user permissions, then Run As Administrator.
  • When the Java Setup - Welcome window opens, click the Install > button.
  • If offered to install a Toolbar, just uncheck the box before continuing unless you want it.
  • The McAfee Security Scan Plus tool is installed by default unless you uncheck the McAfee installation box when updating Java.
Note: The Java Quick Starter (JQS.exe) adds a service to improve the initial startup time of Java applets and applications but it's not necessary.
To disable the JQS service if you don't want to use it:
  • Go to Start > Control Panel > Java > Advanced > Miscellaneous and uncheck the box for Java Quick Starter.
  • Click Ok and reboot your computer.


NEXT



Update FireFox
You're currently using an outdated version of Firefox. The latest version of Firefox is 8.0.

You can get the latest version of Firefox by accessing the Posted Image menu in Firefox and then selecting Posted Image.

Please make sure that you Posted Image again after updating to the latest version to make sure that you have in fact received the latest version.
  • 0

Advertisements


#11
writer99

writer99

    Member

  • Topic Starter
  • Member
  • PipPip
  • 11 posts
I'd prefer not to delete those files if possible. I researched online, and it seems as if those trojans are typically seen as false positives on PHP websites. Plus I never really access those files, but I DO need to save them just in case. Is that OK?

Installed the latest java.

I don't use Firefox anymore, so I'd rather not update it. If necessary, I'd prefer to just delete it.

Thanks!
  • 0

#12
SweetTech

SweetTech

    Sir SpamAlot

  • Retired Staff
  • 7,671 posts
Good Evening.

I'd prefer not to delete those files if possible. I researched online, and it seems as if those trojans are typically seen as false positives on PHP websites. Plus I never really access those files, but I DO need to save them just in case. Is that OK?

That should be fine.

Would you mind if I grabbed a sample of those files from you, so that I can analyze them a little more?

If you wouldn't mind, I'll provide a script to automatically do so a little later in this post.

Installed the latest java.

Great! This is one program that you should make sure you keep updated at all times. Having an outdated version, can allow an exploit to come into your system and infect you. I'll provide a suggestion for a utility that helps check your computer for outdated programs, and then will prompt you with a list of what's outdated, what the version you have installed is, and what the latest version is, as well as a download link to install the latest version. This is something that will be provided in my All Clean speech later.

I don't use Firefox anymore, so I'd rather not update it. If necessary, I'd prefer to just delete it.

Okay.

You can go ahead and remove Firefox via Add/Remove programs now.

If you wouldn't mind providing me with a sample of those .php files, please run the following script for me.


Please download ZipIt from here:
Download Link
  • Double-click ZipIt! to run it. (Windows Vista & 7 users need to right click and Run as Administrator)
  • Then copy the content of the following codebox into the textfield:

    ::info:: Files for Analysis.--ST
    ::bleeping::102
    C:\Documents and Settings\freddy\My Documents\Current 1\PTG LLC\Marketing\Website\Website Backup\2010.12.14\PTG\images\image.php
    C:\Documents and Settings\freddy\My Documents\Current 1\PTG LLC\Marketing\Website\Website Backup\2010.12.14\PTG\includes\skins\aqua\images\image.php
    C:\Documents and Settings\freddy\My Documents\Current 1\PTG LLC\Marketing\Website\Website Backup\2010.12.14\PTG\includes\skins\arktic\images\image.php
    C:\Documents and Settings\freddy\My Documents\Current 1\PTG LLC\Marketing\Website\Website Backup\2010.12.14\PTG\includes\skins\formal\images\image.php
    C:\Documents and Settings\freddy\My Documents\Current 1\PTG LLC\Marketing\Website\Website Backup\2010.12.14\PTG\includes\skins\kollection\images\image.php
    C:\Documents and Settings\freddy\My Documents\Current 1\PTG LLC\Marketing\Website\Website Backup\2010.12.14\PTG\includes\skins\none\images\image.php
    C:\Documents and Settings\freddy\My Documents\Current 1\PTG LLC\Marketing\Website\Website Backup\2010.12.14\PTG\jcb\images\image.php
    C:\Documents and Settings\freddy\My Documents\Current 1\PTG LLC\Marketing\Website\Website Backup\2010.12.14\PTG\press\images\image.php
    C:\Documents and Settings\freddy\My Documents\Current 1\PTG LLC\Marketing\Website\Website Backup\2010.12.14\PTG\press\press_photos\images\image.php
    C:\Documents and Settings\freddy\My Documents\Current 1\anime films\Website\Backup\2010.12.14\images\image.php
    C:\Documents and Settings\freddy\My Documents\Current 1\anime films\Website\Backup\2010.12.14\includes\skins\aqua\images\image.php
    C:\Documents and Settings\freddy\My Documents\Current 1\anime films\Website\Backup\2010.12.14\includes\skins\arktic\images\image.php
    C:\Documents and Settings\freddy\My Documents\Current 1\anime films\Website\Backup\2010.12.14\includes\skins\formal\images\image.php
    C:\Documents and Settings\freddy\My Documents\Current 1\anime films\Website\Backup\2010.12.14\includes\skins\kollection\images\image.php
    C:\Documents and Settings\freddy\My Documents\Current 1\anime films\Website\Backup\2010.12.14\includes\skins\none\images\image.php
    C:\Documents and Settings\freddy\My Documents\Current 1\anime films\Website\Backup\2010.12.14\WA_iRite\editor\css\images\image.php
    C:\Documents and Settings\freddy\My Documents\Current 1\anime films\Website\Backup\2010.12.14\WA_iRite\editor\dialog\common\images\image.php
    C:\Documents and Settings\freddy\My Documents\Current 1\anime films\Website\Backup\2010.12.14\WA_iRite\editor\dialog\fck_template\images\image.php
    C:\Documents and Settings\freddy\My Documents\Current 1\anime films\Website\Backup\2010.12.14\WA_iRite\editor\images\image.php
    C:\Documents and Settings\freddy\My Documents\Current 1\anime films\Website\Backup\2010.12.14\WA_iRite\editor\skins\default\images\image.php
    C:\Documents and Settings\freddy\My Documents\Current 1\anime films\Website\Backup\2010.12.14\WA_iRite\editor\skins\office2003\images\image.php
    C:\Documents and Settings\freddy\My Documents\Current 1\anime films\Website\Backup\2010.12.14\WA_iRite\editor\skins\silver\images\image.php
    
  • Then, just click the Zip button.
  • When finished, and if successful, it should automatically submit a file for me, so that it may be analyzed further. You should also see that a new .zip file has been created on your Desktop. You will be notified of what the file name is when the process has been completed.


NEXT:




OTL Fix

We need to run an OTL Fix
  • Please reopen Posted Image on your desktop.
  • Copy and Paste the following code into the Posted Image textbox.
    :Services
    :Processes
    KILLALLPROCESSES
    :OTL
    
    :Reg
    
    :Files
    echo,Y|cacls "%WinDir%\system32\drivers\etc\hosts" /G everyone:f /c
    ipconfig /flushdns /c
    :Commands
    [purity]
    [resethosts]
    [CreateRestorePoint]
    [emptytemp]
    [EMPTYFLASH]
    
  • Push Posted Image
  • OTL may ask to reboot the machine. Please do so if asked.
  • Click the OK button.
  • A report will open. Copy and Paste that report in your next reply.
  • If the machine reboots, the log will be located at C:\_OTL\MovedFiles\mmddyyyy_hhmmss.log, where mmddyyyy_hhmmss is the date of the tool run.


NEXT:


OTL Custom Scan

We need to run an OTL Custom Scan
  • Please reopen Posted Image on your desktop.
  • Copy and Paste the following code into the Posted Image textbox.


    netsvcs
    drivers32
    hklm\software\clients\startmenuinternet|command /rs
    %USERPROFILE%\AppData\Local\Google\Chrome\User Data\*.* /s
    HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install|LastSuccessTime /rs

  • Push the Quick Scan button.
  • A report will open. Copy and Paste that report in your next reply.


NEXT:



What outstanding issues (if any) are you still experiencing with your computer?
  • 0

#13
writer99

writer99

    Member

  • Topic Starter
  • Member
  • PipPip
  • 11 posts
Thanks. I'd rather not upload my files if it's not critical.

OUTSTANDING ISSUES: Still very slow. I haven't seen any change in speed at all yet.

Logs below:


All processes killed
========== SERVICES/DRIVERS ==========
========== PROCESSES ==========
========== OTL ==========
========== REGISTRY ==========
========== FILES ==========
< echo,Y|cacls "%WinDir%\system32\drivers\etc\hosts" /G everyone:f /c >
Are you sure (Y/N)?processed file: C:\WINDOWS\system32\drivers\etc\Hosts
C:\Documents and Settings\freddy\Desktop\cmd.bat deleted successfully.
C:\Documents and Settings\freddy\Desktop\cmd.txt deleted successfully.
< ipconfig /flushdns /c >
Windows IP Configuration
Successfully flushed the DNS Resolver Cache.
C:\Documents and Settings\freddy\Desktop\cmd.bat deleted successfully.
C:\Documents and Settings\freddy\Desktop\cmd.txt deleted successfully.
========== COMMANDS ==========
C:\WINDOWS\System32\drivers\etc\Hosts moved successfully.
HOSTS file reset successfully
Restore point Set: OTL Restore Point (0)

[EMPTYTEMP]

User: Administrator
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 0 bytes

User: All Users

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes

User: LocalService
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes

User: freddy
->Temp folder emptied: 54847456 bytes
->Temporary Internet Files folder emptied: 12079512 bytes
->Java cache emptied: 0 bytes
->FireFox cache emptied: 0 bytes
->Google Chrome cache emptied: 367574899 bytes
->Flash cache emptied: 14453 bytes

User: NetworkService
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 33170 bytes

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32\dllcache .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 1307279 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temp folder emptied: 43518738 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temporary Internet Files folder emptied: 0 bytes
RecycleBin emptied: 308737384 bytes

Total Files Cleaned = 752.00 mb


[EMPTYFLASH]

User: Administrator
->Flash cache emptied: 0 bytes

User: All Users

User: Default User

User: LocalService

User: freddy
->Flash cache emptied: 0 bytes

User: NetworkService

Total Flash Files Cleaned = 0.00 mb


OTL by OldTimer - Version 3.2.31.0 log created on 11232011_144605

Files\Folders moved on Reboot...
File\Folder C:\WINDOWS\temp\_avast_\Webshlock.txt not found!

Registry entries deleted on Reboot...




OTL logfile created on: 11/23/2011 2:59:16 PM - Run 1
OTL by OldTimer - Version 3.2.31.0 Folder = C:\Documents and Settings\freddy\Desktop
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

1023.29 Mb Total Physical Memory | 99.81 Mb Available Physical Memory | 9.75% Memory free
3.84 Gb Paging File | 3.11 Gb Available in Paging File | 81.04% Paging File free
Paging file location(s): D:\pagefile.sys 3000 4096 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 931.50 Gb Total Space | 770.40 Gb Free Space | 82.70% Space Free | Partition Type: NTFS
Drive D: | 279.48 Gb Total Space | 11.27 Gb Free Space | 4.03% Space Free | Partition Type: NTFS

Computer Name: HP | User Name: freddy | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2011/11/20 22:41:35 | 000,161,664 | ---- | M] (Oracle Corporation) -- C:\Program Files\Java\jre7\bin\jqs.exe
PRC - [2011/11/14 21:39:56 | 001,036,344 | ---- | M] (Google Inc.) -- C:\Documents and Settings\freddy\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
PRC - [2011/11/10 21:31:28 | 000,584,192 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\freddy\Desktop\OTL.exe
PRC - [2011/09/20 06:58:36 | 049,424,384 | ---- | M] (CompanionLink Software, Inc.) -- C:\Program Files\CompanionLink\CompanionLink.exe
PRC - [2011/09/06 13:45:30 | 003,722,416 | ---- | M] (AVAST Software) -- C:\Program Files\Alwil Software\Avast5\AvastUI.exe
PRC - [2011/09/06 13:45:28 | 000,044,768 | ---- | M] (AVAST Software) -- C:\Program Files\Alwil Software\Avast5\AvastSvc.exe
PRC - [2011/08/10 11:35:20 | 000,227,184 | ---- | M] () -- C:\Program Files\Motorola\MotoHelper\MotoHelperService.exe
PRC - [2011/08/08 14:11:06 | 000,681,840 | ---- | M] () -- C:\Program Files\Motorola\MotoHelper\MotoHelperAgent.exe
PRC - [2011/07/08 15:43:58 | 002,012,616 | ---- | M] (Pro-Softnet Corporation, U.S.A) -- C:\Program Files\IDrive\IDriveEClsClient.exe
PRC - [2011/06/24 14:56:40 | 000,050,632 | ---- | M] (Pro-SoftNet Corp, U.S.A) -- C:\Program Files\IDrive\IDriveEBackground.exe
PRC - [2011/06/24 14:56:16 | 000,157,128 | ---- | M] (Pro Softnet Corporation) -- C:\Program Files\IDrive\IDriveE Service.exe
PRC - [2011/06/24 14:54:34 | 002,491,848 | ---- | M] (Pro Softnet Corp.) -- C:\Program Files\IDrive\IDriveETray.exe
PRC - [2011/06/08 18:04:20 | 000,267,688 | ---- | M] ( ) -- C:\Program Files\IDrive\IDrivePlugin.exe
PRC - [2010/03/25 00:45:44 | 000,495,616 | ---- | M] (Locktime Software) -- C:\Program Files\NetLimiter 2 Monitor\nlsvc.exe
PRC - [2009/09/05 10:23:04 | 000,116,032 | ---- | M] (LogMeIn, Inc.) -- C:\Program Files\LogMeIn\x86\ramaint.exe
PRC - [2009/09/05 10:22:58 | 000,378,176 | ---- | M] (LogMeIn, Inc.) -- C:\Program Files\LogMeIn\x86\LMIGuardian.exe
PRC - [2008/08/11 11:41:00 | 000,063,048 | ---- | M] (LogMeIn, Inc.) -- C:\Program Files\LogMeIn\x86\LogMeInSystray.exe
PRC - [2008/08/11 11:41:00 | 000,063,040 | ---- | M] (LogMeIn, Inc.) -- C:\Program Files\LogMeIn\x86\LogMeIn.exe
PRC - [2008/04/13 16:12:22 | 000,015,360 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\inetsrv\inetinfo.exe
PRC - [2008/04/13 16:12:19 | 001,033,728 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
PRC - [2003/03/19 17:43:00 | 000,065,536 | ---- | M] (Brother Industries, Ltd.) -- C:\WINDOWS\system32\Brmfrmps.exe
PRC - [2001/08/17 20:36:38 | 000,032,256 | ---- | M] (Brother Industries, Ltd.) -- C:\WINDOWS\system32\BrmfRsmg.exe


========== Modules (No Company Name) ==========

MOD - [2011/11/23 11:39:20 | 001,618,432 | ---- | M] () -- C:\Program Files\Alwil Software\Avast5\defs\11112302\algo.dll
MOD - [2011/11/21 11:46:14 | 000,241,528 | ---- | M] () -- C:\Program Files\Alwil Software\Avast5\defs\11112302\aswRep.dll
MOD - [2011/11/14 21:39:54 | 000,420,920 | ---- | M] () -- C:\Documents and Settings\freddy\Local Settings\Application Data\Google\Chrome\Application\15.0.874.121\ppgooglenaclpluginchrome.dll
MOD - [2011/11/14 21:39:53 | 003,702,840 | ---- | M] () -- C:\Documents and Settings\freddy\Local Settings\Application Data\Google\Chrome\Application\15.0.874.121\pdf.dll
MOD - [2011/11/14 21:38:16 | 000,122,952 | ---- | M] () -- C:\Documents and Settings\freddy\Local Settings\Application Data\Google\Chrome\Application\15.0.874.121\avutil-51.dll
MOD - [2011/11/14 21:38:15 | 000,222,280 | ---- | M] () -- C:\Documents and Settings\freddy\Local Settings\Application Data\Google\Chrome\Application\15.0.874.121\avformat-53.dll
MOD - [2011/11/14 21:38:14 | 001,746,504 | ---- | M] () -- C:\Documents and Settings\freddy\Local Settings\Application Data\Google\Chrome\Application\15.0.874.121\avcodec-53.dll
MOD - [2011/11/14 18:36:18 | 008,593,056 | ---- | M] () -- C:\Documents and Settings\freddy\Local Settings\Application Data\Google\Chrome\Application\15.0.874.121\gcswf32.dll
MOD - [2011/08/10 11:35:20 | 000,227,184 | ---- | M] () -- C:\Program Files\Motorola\MotoHelper\MotoHelperService.exe
MOD - [2011/08/08 14:11:06 | 000,681,840 | ---- | M] () -- C:\Program Files\Motorola\MotoHelper\MotoHelperAgent.exe
MOD - [2009/08/06 12:14:12 | 001,063,248 | ---- | M] () -- C:\Program Files\LogMeIn\x86\ICSAgent32.dll
MOD - [2008/05/14 11:21:52 | 000,441,705 | ---- | M] () -- C:\Program Files\IDrive\sqlite3.dll
MOD - [2007/02/20 00:04:20 | 000,057,344 | ---- | M] () -- C:\Program Files\IDrive\GetMailPaths.dll
MOD - [2005/05/04 08:02:54 | 000,055,808 | ---- | M] () -- C:\WINDOWS\system32\zlib1.dll
MOD - [2003/03/17 07:23:00 | 000,159,744 | ---- | M] () -- C:\Program Files\IDrive\ssleay32.dll
MOD - [2003/03/17 07:22:00 | 000,872,448 | ---- | M] () -- C:\Program Files\IDrive\libeay32.dll


========== Win32 Services (SafeList) ==========

SRV - [2011/11/20 22:41:35 | 000,161,664 | ---- | M] (Oracle Corporation) [Auto | Running] -- C:\Program Files\Java\jre7\bin\jqs.exe -- (JavaQuickStarterService)
SRV - [2011/09/06 13:45:28 | 000,044,768 | ---- | M] (AVAST Software) [Auto | Running] -- C:\Program Files\Alwil Software\Avast5\AvastSvc.exe -- (avast! Antivirus)
SRV - [2011/08/10 11:35:20 | 000,227,184 | ---- | M] () [Auto | Running] -- C:\Program Files\Motorola\MotoHelper\MotoHelperService.exe -- (MotoHelper)
SRV - [2011/06/24 14:56:16 | 000,157,128 | ---- | M] (Pro Softnet Corporation) [Auto | Running] -- C:\Program Files\IDrive\IDriveE Service.exe -- (IDriveE Service)
SRV - [2010/03/25 00:45:44 | 000,495,616 | ---- | M] (Locktime Software) [Auto | Running] -- C:\Program Files\NetLimiter 2 Monitor\nlsvc.exe -- (nlsvc)
SRV - [2009/09/15 22:01:07 | 000,651,720 | ---- | M] (Macrovision Europe Ltd.) [On_Demand | Stopped] -- C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe -- (FLEXnet Licensing Service)
SRV - [2009/09/05 10:23:04 | 000,116,032 | ---- | M] (LogMeIn, Inc.) [Auto | Running] -- C:\Program Files\LogMeIn\x86\RaMaint.exe -- (LMIMaint)
SRV - [2008/08/11 11:41:00 | 000,063,040 | ---- | M] (LogMeIn, Inc.) [Auto | Running] -- C:\Program Files\LogMeIn\x86\LogMeIn.exe -- (LogMeIn)
SRV - [2008/04/13 16:12:22 | 000,015,360 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\WINDOWS\system32\inetsrv\inetinfo.exe -- (W3SVC)
SRV - [2008/04/13 16:12:22 | 000,015,360 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\WINDOWS\system32\inetsrv\inetinfo.exe -- (SMTPSVC) Simple Mail Transfer Protocol (SMTP)
SRV - [2008/04/13 16:12:22 | 000,015,360 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\WINDOWS\system32\inetsrv\inetinfo.exe -- (IISADMIN)
SRV - [2003/03/19 17:43:00 | 000,065,536 | ---- | M] (Brother Industries, Ltd.) [Auto | Running] -- C:\WINDOWS\System32\Brmfrmps.exe -- (brmfrmps)


========== Driver Services (SafeList) ==========

DRV - [2011/09/06 13:38:05 | 000,442,200 | ---- | M] (AVAST Software) [File_System | System | Running] -- C:\WINDOWS\System32\drivers\aswSnx.sys -- (aswSnx)
DRV - [2011/09/06 13:37:53 | 000,320,856 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\aswSP.sys -- (aswSP)
DRV - [2011/09/06 13:36:38 | 000,034,392 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\aswRdr.sys -- (aswRdr)
DRV - [2011/09/06 13:36:36 | 000,052,568 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\aswTdi.sys -- (aswTdi)
DRV - [2011/09/06 13:36:23 | 000,110,552 | ---- | M] (AVAST Software) [File_System | Auto | Running] -- C:\WINDOWS\System32\drivers\aswmon2.sys -- (aswMon2)
DRV - [2011/09/06 13:36:12 | 000,020,568 | ---- | M] (AVAST Software) [File_System | Auto | Running] -- C:\WINDOWS\System32\drivers\aswFsBlk.sys -- (aswFsBlk)
DRV - [2011/09/06 13:33:11 | 000,030,808 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\aavmker4.sys -- (Aavmker4)
DRV - [2011/03/09 18:29:18 | 000,006,656 | ---- | M] (Windows ® Codename Longhorn DDK provider) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\iPodDrv.sys -- (iPodDrv)
DRV - [2010/03/25 00:49:06 | 000,082,360 | ---- | M] (Locktime Software) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\nltdi.sys -- (nltdi)
DRV - [2009/09/05 10:23:34 | 000,083,288 | ---- | M] (LogMeIn, Inc.) [File_System | Disabled | Stopped] -- C:\WINDOWS\System32\LMIRfsClientNP.dll -- (LMIRfsClientNP)
DRV - [2009/03/25 05:29:52 | 000,130,432 | ---- | M] (Realtek Semiconductor Corporation ) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\Rtnicxp.sys -- (RTL8023xp)
DRV - [2009/03/18 16:35:40 | 000,026,176 | -H-- | M] (LogMeIn, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\hamachi.sys -- (hamachi)
DRV - [2008/08/11 11:41:00 | 000,047,640 | ---- | M] (LogMeIn, Inc.) [File_System | Auto | Running] -- C:\WINDOWS\system32\drivers\LMIRfsDriver.sys -- (LMIRfsDriver)
DRV - [2008/08/11 11:41:00 | 000,012,856 | ---- | M] (LogMeIn, Inc.) [Kernel | Auto | Running] -- C:\Program Files\LogMeIn\x86\rainfo.sys -- (LMIInfo)
DRV - [2008/04/13 10:36:41 | 000,063,744 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\mf.sys -- (mf)
DRV - [2008/01/14 02:06:32 | 000,021,632 | ---- | M] (ManyCam LLC.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ManyCam.sys -- (ManyCam)
DRV - [2007/12/04 17:10:30 | 000,016,640 | R--- | M] (PalmSource, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\PalmUSBD.sys -- (PalmUSBD)
DRV - [2007/09/05 12:04:34 | 000,079,408 | ---- | M] (PACE Anti-Piracy, Inc.) [Kernel | Boot | Running] -- C:\WINDOWS\System32\drivers\TPkd.sys -- (TPkd)
DRV - [2006/02/21 19:46:26 | 001,505,792 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ati2mtag.sys -- (ati2mtag)
DRV - [2004/10/01 09:24:02 | 002,279,424 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ALCXWDM.SYS -- (ALCXWDM) Service for Realtek AC97 Audio (WDM)
DRV - [2004/08/03 21:31:32 | 000,020,992 | ---- | M] (Realtek Semiconductor Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\rtl8139.sys -- (rtl8139) Realtek RTL8139(A/B/C)
DRV - [2004/08/03 21:29:51 | 000,166,912 | ---- | M] (S3 Graphics, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\s3gnbm.sys -- (S3Psddr)
DRV - [2004/08/03 21:29:29 | 000,014,336 | ---- | M] (ATI Technologies Inc.) [Kernel | Auto | Stopped] -- C:\WINDOWS\system32\drivers\atinpdxx.sys -- (PCDCODEC)
DRV - [2003/12/12 18:03:10 | 000,652,689 | ---- | M] (Agere Systems) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ltmdmnt.sys -- (ltmodem5)
DRV - [2003/02/27 01:19:50 | 000,260,736 | ---- | M] (Silicon Integrated Systems Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\sisgrp.sys -- (SiS315)
DRV - [2003/02/23 02:55:26 | 000,141,824 | ---- | M] (Promise Technology, Inc.) [Kernel | Boot | Running] -- C:\WINDOWS\System32\DRIVERS\fasttx2k.sys -- (fasttx2k)
DRV - [2002/12/27 17:41:00 | 000,026,880 | ---- | M] (VIA Technologies, Inc.) [Kernel | Boot | Running] -- C:\WINDOWS\System32\DRIVERS\viaagp1.sys -- (viaagp1)
DRV - [2002/12/25 04:09:48 | 000,030,848 | ---- | M] (Silicon Integrated Systems Corporation) [Kernel | Boot | Running] -- C:\WINDOWS\System32\DRIVERS\SISAGPX.sys -- (SISAGP)
DRV - [2002/10/01 08:22:32 | 000,009,856 | ---- | M] (Padus, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\pfc.sys -- (pfc)
DRV - [2002/09/23 23:37:00 | 000,080,896 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\NVENET.sys -- (NVENET)
DRV - [2002/09/20 00:15:42 | 000,472,396 | R--- | M] (Logitech Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\lvcm.sys -- (QCMerced)
DRV - [2002/09/11 08:17:14 | 000,100,671 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\atinrvxx.sys -- (atinrvxx)
DRV - [2002/09/11 08:17:14 | 000,059,647 | ---- | M] (ATI Technologies Inc.) [Kernel | Auto | Stopped] -- C:\WINDOWS\system32\drivers\atinxsxx.sys -- (ATIXSAudio)
DRV - [2002/09/11 08:17:14 | 000,048,399 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\atinraxx.sys -- (ativraxx)
DRV - [2002/09/11 08:17:14 | 000,036,911 | ---- | M] (ATI Technologies Inc.) [Kernel | Auto | Stopped] -- C:\WINDOWS\system32\drivers\atintuxx.sys -- (ATITUNEP)
DRV - [2002/09/11 08:17:14 | 000,012,415 | ---- | M] (ATI Technologies Inc.) [Kernel | Auto | Stopped] -- C:\WINDOWS\system32\drivers\atinmdxx.sys -- (MVDCODEC)
DRV - [2002/09/07 00:24:00 | 000,013,568 | ---- | M] (NVIDIA Corporation) [Kernel | Boot | Running] -- C:\WINDOWS\System32\DRIVERS\nv_agp.sys -- (nv_agp)
DRV - [2001/08/17 12:12:22 | 000,010,368 | ---- | M] (Brother Industries Ltd.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\BrUsbScn.sys -- (BrUsbScn)
DRV - [2001/08/17 12:12:12 | 000,002,944 | ---- | M] (Brother Industries Ltd.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\BrFilt.sys -- (brfilt)
DRV - [2001/06/04 20:00:00 | 000,014,112 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\PS2.sys -- (Ps2)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar = http://srch-us8.hpwis.com/

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.google.com/ie
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.msnbc.msn.com/
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Search_URL = http://www.google.com/ie
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.google.com/ie
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = 192.168.*.*;<local>
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "AutoConfigURL" = http://proxy.ucla.edu/cgi/proxy

FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\WINDOWS\system32\Macromed\Flash\NPSWF32.dll ()
FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\WINDOWS\system32\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.)
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@doubletwist.com/NPPodcast: C:\Program Files\Common Files\doubleTwist\NPPodcast.dll (doubleTwist Corporation)
FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF - HKLM\Software\MozillaPlugins\@google.com/npPicasa3,version=3.0.0: C:\Program Files\Google\Picasa3\npPicasa3.dll (Google, Inc.)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre7\bin\new_plugin\npjp2.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\4.0.60831.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@palmsource.com/installer,version=1.0: C:\PROGRA~1\Palm\PACKAG~1\NPInstal.dll ()
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.79\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.79\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\Adobe Acrobat: C:\Program Files\Adobe\Acrobat 9.0\Acrobat\Air\nppdf32.dll (Adobe Systems Inc.)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Documents and Settings\freddy\Local Settings\Application Data\Google\Update\1.3.21.79\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Documents and Settings\freddy\Local Settings\Application Data\Google\Update\1.3.21.79\npGoogleUpdate3.dll (Google Inc.)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{A580ADAB-A578-4DB5-9B07-510AC9442829}: C:\Documents and Settings\freddy\Local Settings\Application Data\{A580ADAB-A578-4DB5-9B07-510AC9442829} [2011/01/20 15:49:48 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 3.5.7\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2011/11/04 09:27:39 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 3.5.7\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2011/07/13 10:34:25 | 000,000,000 | ---D | M]

[2010/04/09 14:10:21 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\freddy\Application Data\Mozilla\Extensions
[2010/04/09 14:10:21 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\freddy\Application Data\Mozilla\Extensions\[email protected]
[2011/06/02 15:28:05 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\freddy\Application Data\Mozilla\Firefox\Profiles\fz5pq15l.freddy\extensions
[2011/02/10 21:40:45 | 000,000,000 | ---D | M] (DownloadHelper) -- C:\Documents and Settings\freddy\Application Data\Mozilla\Firefox\Profiles\fz5pq15l.freddy\extensions\{b9db16a4-6edc-47ec-a1f4-b86292ed211d}
[2009/12/09 10:25:41 | 000,000,000 | ---D | M] ("Tab Mix Plus") -- C:\Documents and Settings\freddy\Application Data\Mozilla\Firefox\Profiles\fz5pq15l.freddy\extensions\{dc572301-7619-498c-a57d-39143191b318}
[2010/03/03 09:44:07 | 000,000,000 | ---D | M] ("Xmarks") -- C:\Documents and Settings\freddy\Application Data\Mozilla\Firefox\Profiles\fz5pq15l.freddy\extensions\[email protected]
[2010/02/11 17:11:45 | 000,000,000 | ---D | M] (LogMeIn, Inc. Remote Access Plugin) -- C:\Documents and Settings\freddy\Application Data\Mozilla\Firefox\Profiles\fz5pq15l.freddy\extensions\[email protected]
[2011/02/10 21:40:45 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\freddy\Application Data\Mozilla\Firefox\Profiles\fz5pq15l.freddy\extensions\staged-xpis
[2011/11/20 22:42:38 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
[2011/06/27 12:04:28 | 000,000,000 | ---D | M] (Skype extension) -- C:\Program Files\Mozilla Firefox\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}
[2011/11/20 22:42:20 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0017-0000-0001-ABCDEFFEDCBA}
[2010/02/21 02:22:32 | 000,712,704 | ---- | M] (BitComet) -- C:\Program Files\mozilla firefox\plugins\npBitCometAgent.dll
[2011/11/20 22:41:37 | 000,611,224 | ---- | M] (Oracle Corporation) -- C:\Program Files\mozilla firefox\plugins\npdeployJava1.dll

========== Chrome ==========

CHR - default_search_provider: Google (Enabled)
CHR - default_search_provider: search_url = {google:baseURL}search?{google:RLZ}{google:acceptedSuggestion}{google:originalQueryForSuggestion}{google:searchFieldtrialParameter}{google:instantFieldTrialGroupParameter}sourceid=chrome&ie={inputEncoding}&q={searchTerms}
CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}{google:instantFieldTrialGroupParameter}client=chrome&hl={language}&q={searchTerms}
CHR - plugin: Shockwave Flash (Enabled) = C:\Documents and Settings\freddy\Local Settings\Application Data\Google\Chrome\Application\15.0.874.121\gcswf32.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\WINDOWS\system32\Macromed\Flash\NPSWF32.dll
CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin.dll
CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin2.dll
CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin3.dll
CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin4.dll
CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin5.dll
CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin6.dll
CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin7.dll
CHR - plugin: Java Deployment Toolkit 6.0.260.3 (Enabled) = C:\Program Files\Java\jre6\bin\new_plugin\npdeployJava1.dll
CHR - plugin: Java™ Platform SE 6 U26 (Enabled) = C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll
CHR - plugin: Adobe Acrobat (Disabled) = C:\Program Files\Adobe\Acrobat 9.0\Acrobat\Browser\nppdf32.dll
CHR - plugin: Silverlight Plug-In (Enabled) = c:\Program Files\Microsoft Silverlight\4.0.60531.0\npctrl.dll
CHR - plugin: Shockwave for Director (Enabled) = C:\WINDOWS\system32\Adobe\Director\np32dsw.dll
CHR - plugin: Windows Media Player Plug-in Dynamic Link Library (Enabled) = C:\Program Files\Windows Media Player\npdsplay.dll
CHR - plugin: Microsoft Office 2003 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\NPOFFICE.DLL
CHR - plugin: Remoting Viewer (Enabled) = internal-remoting-viewer
CHR - plugin: Native Client (Enabled) = C:\Documents and Settings\freddy\Local Settings\Application Data\Google\Chrome\Application\15.0.874.121\ppGoogleNaClPluginChrome.dll
CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Documents and Settings\freddy\Local Settings\Application Data\Google\Chrome\Application\15.0.874.121\pdf.dll
CHR - plugin: ActiveTouch General Plugin Container (Enabled) = C:\Documents and Settings\freddy\Local Settings\Application Data\Google\Chrome\Application\plugins\npatgpc.dll
CHR - plugin: BitCometAgent (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npBitCometAgent.dll
CHR - plugin: Microsoft\u00AE DRM (Enabled) = C:\Program Files\Windows Media Player\npdrmv2.dll
CHR - plugin: Microsoft\u00AE DRM (Enabled) = C:\Program Files\Windows Media Player\npwmsdrm.dll
CHR - plugin: Google Update (Enabled) = C:\Documents and Settings\freddy\Local Settings\Application Data\Google\Update\1.3.21.69\npGoogleUpdate3.dll
CHR - plugin: PalmSource Package Installer (Enabled) = C:\PROGRA~1\Palm\PACKAG~1\NPInstal.dll
CHR - plugin: Google Earth Plugin (Enabled) = C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll
CHR - plugin: Picasa (Enabled) = C:\Program Files\Google\Picasa3\npPicasa3.dll
CHR - plugin: iTunes Application Detector (Enabled) = C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll
CHR - plugin: Windows Presentation Foundation (Enabled) = c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll
CHR - plugin: Default Plug-in (Enabled) = default_plugin
CHR - Extension: Email this page (by Google) = C:\Documents and Settings\freddy\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\dbeoemfhkdniadbojeencpkgmobndpai\1.2.5_0\
CHR - Extension: Select To Get Maps = C:\Documents and Settings\freddy\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\hinehgnhgiohbfpbpgkjnelkcgdkcgha\1.1.1_0\

O1 HOSTS File: ([2011/11/23 14:46:31 | 000,000,098 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\Hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: ::1 localhost
O2 - BHO: (ContributeBHO Class) - {074C1DC5-9320-4A9A-947D-C042949C6216} - C:\Program Files\Adobe\/Adobe Contribute CS3/contributeieplugin.dll ()
O2 - BHO: (PodcastBHO Class) - {65134FDF-F8A5-4B3D-91D9-CDF273CFD578} - C:\Program Files\Common Files\doubleTwist\IEPodcastPlugin.dll (doubleTwist Corporation)
O2 - BHO: (Adobe PDF Conversion Toolbar Helper) - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O2 - BHO: (Skype Browser Helper) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O2 - BHO: (Java™ Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
O2 - BHO: (SmartSelect Class) - {F4971EE7-DAA0-4053-9964-665D8EE6A077} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O3 - HKLM\..\Toolbar: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O3 - HKLM\..\Toolbar: (Contribute Toolbar) - {517BDDE4-E3A7-4570-B21E-2B52B6139FC7} - C:\Program Files\Adobe\/Adobe Contribute CS3/contributeieplugin.dll ()
O3 - HKCU\..\Toolbar\WebBrowser: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O4 - HKLM..\Run: [avast5] C:\Program Files\Alwil Software\Avast5\AvastUI.exe (AVAST Software)
O4 - HKLM..\Run: [LogMeIn GUI] C:\Program Files\LogMeIn\x86\LogMeInSystray.exe (LogMeIn, Inc.)
O4 - HKCU..\Run: [CompanionLink] c:\program files\companionlink\companionlink.exe (CompanionLink Software, Inc.)
O4 - HKCU..\Run: [IDriveE Startup] C:\Program Files\IDrive\IDrvieEStartup.exe (Pro Softnet Corporation)
O4 - Startup: C:\Documents and Settings\freddy\Start Menu\Programs\Startup\IDrive Tray.lnk = C:\Program Files\IDrive\IDriveEReg2ini.exe (Pro Softnet Corp.)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoCDBurning = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O8 - Extra context menu item: Add to Google Photos Screensa&ver - C:\WINDOWS\System32\GPhotos.scr (Google Inc.)
O8 - Extra context menu item: Append Link Target to Existing PDF - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Append to Existing PDF - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Convert Link Target to Adobe PDF - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Convert to Adobe PDF - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O9 - Extra Button: ATI TV - {44226DFF-747E-4edc-B30C-78752E50CD0C} - C:\Program Files\ATI Multimedia\TV\EXPLBAR.DLL (ATI Technologies Inc.)
O9 - Extra Button: Skype Plug-In - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O9 - Extra 'Tools' menuitem : Skype Plug-In - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O15 - HKCU\..Trusted Domains: localhost ([]http in Local intranet)
O15 - HKCU\..Trusted Domains: skyviewcafe.com ([www] http in Trusted sites)
O15 - HKCU\..Trusted Ranges: GD ([http] in Local intranet)
O16 - DPF: {493ACF15-5CD9-4474-82A6-91670C3DD66E} http://www.linkedin....nderControl.cab (LinkedIn ContactFinderControl)
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} http://update.micros...b?1252903274312 (WUWebControl Class)
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} http://update.micros...b?1252989889015 (MUWebControl Class)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.7.0_01)
O16 - DPF: {8BE5651C-D60B-4B59-B5B2-F0EB93733D17} https://www36.verizo...l/VCAVMUtil.CAB (IOBIVMUtil.VMDecoder)
O16 - DPF: {CAFEEFAC-0016-0000-0019-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0017-0000-0001-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.7.0_01)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.7.0_01)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload2.m...ash/swflash.cab (Shockwave Flash Object)
O16 - DPF: {DAF7E6E6-D53A-439A-B28D-12271406B8A9} http://mobileapps.bl...re/AxLoader.cab (RIM AxLoader)
O16 - DPF: {FD0B6769-6490-4A91-AA0A-B5AE0DC75AC9} https://secure.logme...trl.cab?lmi=100 (Performance Viewer Activex Control)
O16 - DPF: DirectAnimation Java Classes file://C:\WINDOWS\Java\classes\dajava.cab (Reg Error: Key error.)
O16 - DPF: Microsoft XML Parser for Java file://C:\WINDOWS\Java\classes\xmldso.cab (Reg Error: Key error.)
O16 - DPF: vzTCPConfig http://my.verizon.co...vzTCPConfig.CAB (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{1A98B31B-1E9E-4E5D-8B52-B7BDB7EF8D02}: DhcpNameServer = 192.168.1.1
O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O20 - HKLM Winlogon: Shell - (Explorer.exe) -C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\WINDOWS\system32\userinit.exe) -C:\WINDOWS\system32\userinit.exe (Microsoft Corporation)
O20 - Winlogon\Notify\AtiExtEvent: DllName - (Ati2evxx.dll) - C:\WINDOWS\System32\ati2evxx.dll (ATI Technologies Inc.)
O20 - Winlogon\Notify\igfxcui: DllName - (igfxsrvc.dll) - C:\WINDOWS\System32\igfxsrvc.dll (Intel Corporation)
O20 - Winlogon\Notify\LMIinit: DllName - (LMIinit.dll) - C:\WINDOWS\System32\LMIinit.dll (LogMeIn, Inc.)
O24 - Desktop WallPaper: C:\Documents and Settings\freddy\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O24 - Desktop BackupWallPaper: C:\Documents and Settings\freddy\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2003/04/24 01:01:37 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

NetSvcs: 6to4 - File not found
NetSvcs: Ias - File not found
NetSvcs: Iprip - File not found
NetSvcs: Irmon - File not found
NetSvcs: NWCWorkstation - File not found
NetSvcs: Nwsapagent - File not found
NetSvcs: WmdmPmSp - File not found

Drivers32: msacm.iac2 - C:\WINDOWS\System32\iac25_32.ax (Intel Corporation)
Drivers32: msacm.l3acm - C:\WINDOWS\system32\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
Drivers32: msacm.sl_anet - C:\WINDOWS\System32\sl_anet.acm (Sipro Lab Telecom Inc.)
Drivers32: msacm.trspch - C:\WINDOWS\System32\tssoft32.acm (DSP GROUP, INC.)
Drivers32: MSVideo - C:\WINDOWS\System32\vfwwdm32.dll (Microsoft Corporation)
Drivers32: MSVideo8 - C:\WINDOWS\System32\vfwwdm32.dll (Microsoft Corporation)
Drivers32: vidc.cvid - C:\WINDOWS\System32\iccvid.dll (Radius Inc.)
Drivers32: VIDC.DRAW - DVIDEO.DLL File not found
Drivers32: VIDC.FFDS - C:\WINDOWS\System32\ff_vfw.dll ()
Drivers32: vidc.iv31 - C:\WINDOWS\System32\ir32_32.dll ()
Drivers32: vidc.iv32 - C:\WINDOWS\System32\ir32_32.dll ()
Drivers32: vidc.iv41 - C:\WINDOWS\System32\ir41_32.ax (Intel Corporation)
Drivers32: vidc.iv50 - C:\WINDOWS\System32\ir50_32.dll (Intel Corporation)
Drivers32: VIDC.VCR1 - ATIVCR1.DLL File not found
Drivers32: VIDC.VCR2 - ATIVCR2.DLL File not found
Drivers32: VIDC.YV12 - C:\WINDOWS\System32\atiyuv12.dll ()

========== Files/Folders - Created Within 30 Days ==========

[2011/11/21 15:08:06 | 000,000,000 | ---D | C] -- C:\Documents and Settings\freddy\Local Settings\Application Data\Sun
[2011/11/15 15:08:19 | 000,000,000 | ---D | C] -- C:\Program Files\ESET
[2011/11/15 08:58:12 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Google Earth
[2011/11/14 17:56:44 | 000,000,000 | --SD | C] -- C:\ComboFix
[2011/11/14 17:55:19 | 000,000,000 | R--D | C] -- C:\Documents and Settings\freddy\Start Menu\Programs\Administrative Tools
[2011/11/14 17:54:50 | 000,000,000 | --SD | C] -- C:\32788R22FWJFW
[2011/11/14 17:41:50 | 004,293,495 | R--- | C] (Swearware) -- C:\Documents and Settings\freddy\Desktop\ComboFix.exe
[2011/11/14 17:41:27 | 000,000,000 | ---D | C] -- C:\_OTL
[2011/11/10 21:31:35 | 000,584,192 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\freddy\Desktop\OTL.exe
[2011/11/04 09:29:28 | 000,000,000 | ---D | C] -- C:\Documents and Settings\freddy\My Documents\My Google Gadgets
[2011/11/04 09:28:24 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Google Desktop
[2011/11/04 01:33:25 | 000,000,000 | ---D | C] -- C:\PUMedFiles
[2011/11/04 01:32:46 | 000,000,000 | ---D | C] -- C:\Program Files\UbicMedia
[2011/11/04 01:32:45 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\UbicMedia
[2011/10/28 00:30:23 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Motorola
[2011/10/27 23:54:13 | 000,000,000 | ---D | C] -- C:\Documents and Settings\freddy\My Documents\Subscriptions
[2011/10/27 23:54:13 | 000,000,000 | ---D | C] -- C:\Documents and Settings\freddy\My Documents\My Videos
[2004/04/05 07:44:22 | 000,053,248 | ---- | C] ( ) -- C:\WINDOWS\System32\RCCOLLAB.DLL

========== Files - Modified Within 30 Days ==========

[2011/11/23 14:58:11 | 000,000,978 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-4113586923-2583412229-520591771-1007UA.job
[2011/11/23 14:54:57 | 000,001,158 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2011/11/23 14:54:02 | 000,000,884 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job
[2011/11/23 14:53:14 | 000,002,160 | ---- | M] () -- C:\WINDOWS\BrmfBidi.ini
[2011/11/23 14:49:43 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2011/11/23 14:49:31 | 1073,074,176 | -HS- | M] () -- C:\hiberfil.sys
[2011/11/23 14:46:31 | 000,000,098 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\Hosts
[2011/11/23 10:58:03 | 000,000,926 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-4113586923-2583412229-520591771-1007Core.job
[2011/11/23 02:10:10 | 000,000,422 | -H-- | M] () -- C:\WINDOWS\tasks\User_Feed_Synchronization-{00299ACB-10BC-49D6-88A3-64F230036414}.job
[2011/11/23 01:31:20 | 000,000,354 | ---- | M] () -- C:\WINDOWS\tasks\MotoHelper Routing.job
[2011/11/22 23:08:54 | 000,002,491 | ---- | M] () -- C:\Documents and Settings\freddy\Application Data\Microsoft\Internet Explorer\Quick Launch\Word.lnk
[2011/11/22 18:54:00 | 000,000,880 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job
[2011/11/18 11:07:21 | 000,002,626 | ---- | M] () -- C:\WINDOWS\System32\CONFIG.NT
[2011/11/14 17:43:17 | 004,293,495 | R--- | M] (Swearware) -- C:\Documents and Settings\freddy\Desktop\ComboFix.exe
[2011/11/11 18:40:03 | 000,151,733 | ---- | M] () -- C:\Documents and Settings\freddy\Desktop\Sharna Retina 2002.pdf
[2011/11/10 21:31:28 | 000,584,192 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\freddy\Desktop\OTL.exe
[2011/11/07 09:31:30 | 000,501,660 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2011/11/07 09:31:30 | 000,092,640 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2011/11/05 01:31:25 | 000,058,880 | ---- | M] () -- C:\Documents and Settings\freddy\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2011/11/04 09:28:25 | 000,000,947 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Google Desktop.lnk
[2011/11/04 01:32:57 | 000,000,715 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\PUMit Reader.lnk
[2011/11/02 21:48:10 | 000,004,193 | ---- | M] () -- C:\Documents and Settings\freddy\Desktop\course (1).jnlp
[2011/10/30 11:24:47 | 000,004,259 | ---- | M] () -- C:\Documents and Settings\freddy\Desktop\cvs_alphacor.gif
[2011/10/28 21:33:55 | 000,075,739 | ---- | M] () -- C:\Documents and Settings\freddy\My Documents\Facebook Revolution - 2 Pager.pdf
[2011/10/28 00:32:48 | 000,000,000 | -H-- | M] () -- C:\WINDOWS\System32\drivers\Msft_Kernel_motmodem_01007.Wdf
[2011/10/28 00:31:53 | 000,000,370 | ---- | M] () -- C:\WINDOWS\tasks\MotoHelper Update.job
[2011/10/28 00:31:52 | 000,000,358 | ---- | M] () -- C:\WINDOWS\tasks\MotoHelper MUM.job
[2011/10/27 23:14:35 | 000,000,000 | -H-- | M] () -- C:\WINDOWS\System32\drivers\UMDF\Msft_User_WpdMtpDr_01_00_00.Wdf
[2011/10/27 00:59:08 | 000,000,240 | ---- | M] () -- C:\WINDOWS\ActiveAct.INI
[2011/10/26 13:19:08 | 000,005,909 | ---- | M] () -- C:\Documents and Settings\freddy\My Documents\phone.fmt

========== Files Created - No Company Name ==========

[2011/11/11 18:40:47 | 000,151,733 | ---- | C] () -- C:\Documents and Settings\freddy\Desktop\Sharna Retina 2002.pdf
[2011/11/04 09:28:25 | 000,000,947 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Google Desktop.lnk
[2011/11/04 01:32:57 | 000,000,715 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\PUMit Reader.lnk
[2011/11/02 21:48:13 | 000,004,193 | ---- | C] () -- C:\Documents and Settings\freddy\Desktop\course (1).jnlp
[2011/10/30 11:24:51 | 000,004,259 | ---- | C] () -- C:\Documents and Settings\freddy\Desktop\cvs_alphacor.gif
[2011/10/28 21:33:01 | 000,075,739 | ---- | C] () -- C:\Documents and Settings\freddy\My Documents\Facebook Revolution - 2 Pager.pdf
[2011/10/28 00:32:48 | 000,000,000 | -H-- | C] () -- C:\WINDOWS\System32\drivers\Msft_Kernel_motmodem_01007.Wdf
[2011/10/28 00:31:53 | 000,000,370 | ---- | C] () -- C:\WINDOWS\tasks\MotoHelper Update.job
[2011/10/28 00:31:52 | 000,000,358 | ---- | C] () -- C:\WINDOWS\tasks\MotoHelper MUM.job
[2011/10/28 00:31:51 | 000,000,354 | ---- | C] () -- C:\WINDOWS\tasks\MotoHelper Routing.job
[2011/10/09 00:12:42 | 000,000,031 | ---- | C] () -- C:\WINDOWS\ Connection to the server failed.IDriveE.ini
[2011/10/05 21:25:18 | 000,049,744 | ---- | C] () -- C:\Documents and Settings\LocalService\Local Settings\Application Data\FontCache3.0.0.0.dat
[2011/09/27 11:23:00 | 000,057,344 | ---- | C] () -- C:\WINDOWS\System32\ff_vfw.dll
[2011/07/11 22:29:41 | 000,026,032 | ---- | C] () -- C:\WINDOWS\System32\IDriveEXceedCryReg.exe
[2010/06/04 10:28:21 | 000,256,512 | ---- | C] () -- C:\WINDOWS\PEV.exe
[2010/06/04 10:28:21 | 000,098,816 | ---- | C] () -- C:\WINDOWS\sed.exe
[2010/06/04 10:28:21 | 000,080,412 | ---- | C] () -- C:\WINDOWS\grep.exe
[2010/06/04 10:28:21 | 000,077,312 | ---- | C] () -- C:\WINDOWS\MBR.exe
[2010/06/04 10:28:21 | 000,068,096 | ---- | C] () -- C:\WINDOWS\zip.exe
[2010/04/30 12:45:18 | 000,000,133 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\Microsoft.SqlServer.Compact.351.32.bc
[2010/04/29 10:35:51 | 000,000,943 | ---- | C] () -- C:\WINDOWS\TATCALL.INI
[2010/04/29 10:35:51 | 000,000,260 | ---- | C] () -- C:\WINDOWS\TATUNINS.INI
[2010/04/29 10:35:51 | 000,000,020 | ---- | C] () -- C:\WINDOWS\TATVER.INI
[2010/03/03 19:41:02 | 000,225,456 | ---- | C] () -- C:\Documents and Settings\freddy\Local Settings\Application Data\rx_image.Cache
[2010/03/03 19:41:02 | 000,002,108 | ---- | C] () -- C:\Documents and Settings\freddy\Local Settings\Application Data\rx_audio.Cache
[2010/02/25 09:14:09 | 000,000,240 | ---- | C] () -- C:\WINDOWS\ActiveAct.INI
[2010/02/16 20:03:16 | 000,000,081 | ---- | C] () -- C:\WINDOWS\PARSONS.INI
[2010/01/25 10:58:06 | 000,462,848 | ---- | C] () -- C:\WINDOWS\System32\ractrlkeyhook.dll
[2010/01/18 17:33:52 | 000,058,880 | ---- | C] () -- C:\Documents and Settings\freddy\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2009/11/06 10:54:47 | 000,073,908 | -H-- | C] () -- C:\WINDOWS\System32\mlfcache.dat
[2009/10/27 09:14:47 | 000,000,664 | ---- | C] () -- C:\WINDOWS\System32\d3d9caps.dat
[2009/10/04 06:38:37 | 000,000,081 | ---- | C] () -- C:\WINDOWS\ImportClient.INI
[2009/10/04 06:35:49 | 000,000,040 | ---- | C] () -- C:\WINDOWS\opt_2460.ini
[2009/10/04 06:35:46 | 000,000,050 | ---- | C] () -- C:\WINDOWS\brmx2001.ini
[2009/09/27 08:38:33 | 000,055,808 | ---- | C] () -- C:\WINDOWS\System32\zlib1.dll
[2009/09/23 00:10:48 | 000,002,160 | ---- | C] () -- C:\WINDOWS\BrmfBidi.ini
[2009/09/23 00:10:32 | 000,000,236 | ---- | C] () -- C:\WINDOWS\Brpfx04a.ini
[2009/09/23 00:10:32 | 000,000,092 | ---- | C] () -- C:\WINDOWS\brpcfx.ini
[2009/09/23 00:10:32 | 000,000,050 | ---- | C] () -- C:\WINDOWS\System32\m8840def.dat
[2009/09/23 00:10:03 | 000,000,052 | ---- | C] () -- C:\WINDOWS\BRPP2KA.INI
[2009/09/23 00:10:03 | 000,000,000 | ---- | C] () -- C:\WINDOWS\brwmark.ini
[2009/09/23 00:09:50 | 000,000,256 | ---- | C] () -- C:\WINDOWS\System32\BRMSL07F.BIN
[2009/09/23 00:09:42 | 000,000,000 | ---- | C] () -- C:\WINDOWS\brdfxspd.dat
[2009/09/17 20:27:56 | 000,000,074 | ---- | C] () -- C:\WINDOWS\MPLAYER.INI
[2009/09/17 20:27:30 | 000,338,944 | ---- | C] () -- C:\WINDOWS\System32\lffpx7.dll
[2009/09/17 20:27:30 | 000,122,880 | ---- | C] () -- C:\WINDOWS\System32\LFKODAK.DLL
[2009/09/17 20:20:11 | 000,000,256 | ---- | C] () -- C:\WINDOWS\System32\pool.bin
[2009/09/17 20:01:00 | 000,116,640 | ---- | C] () -- C:\WINDOWS\System32\Ptsaci40.dll
[2009/09/17 20:00:59 | 000,030,080 | ---- | C] () -- C:\WINDOWS\System32\Ptabimp3.exe
[2009/09/15 22:23:02 | 000,000,000 | ---- | C] () -- C:\WINDOWS\nsreg.dat
[2009/09/15 21:17:12 | 000,192,590 | ---- | C] () -- C:\WINDOWS\System32\ActExt.dll
[2009/09/15 21:17:12 | 000,159,744 | ---- | C] () -- C:\WINDOWS\System32\ActAB32.dll
[2009/09/15 21:17:07 | 000,192,512 | ---- | C] () -- C:\WINDOWS\System32\EmailShared.dll
[2009/09/15 20:38:43 | 000,010,628 | R--- | C] () -- C:\WINDOWS\System32\lvcoinst.ini
[2009/09/15 20:32:45 | 000,000,000 | ---- | C] () -- C:\WINDOWS\OpPrintServer.INI
[2009/09/15 17:40:53 | 000,006,656 | ---- | C] () -- C:\WINDOWS\System32\CNMVS56.DLL
[2009/09/14 20:22:15 | 000,000,376 | ---- | C] () -- C:\WINDOWS\ODBC.INI
[2009/09/13 22:11:10 | 000,000,000 | ---- | C] () -- C:\WINDOWS\ATIMMC.INI
[2009/09/13 20:55:41 | 000,004,569 | ---- | C] () -- C:\WINDOWS\System32\secupd.dat
[2009/09/13 19:13:28 | 000,021,791 | ---- | C] () -- C:\WINDOWS\System32\smtpctrs.ini
[2009/09/13 19:13:28 | 000,001,037 | ---- | C] () -- C:\WINDOWS\System32\ntfsdrct.ini
[2009/09/13 19:13:16 | 000,038,576 | ---- | C] () -- C:\WINDOWS\System32\w3ctrs.ini
[2009/09/13 19:13:16 | 000,011,435 | ---- | C] () -- C:\WINDOWS\System32\infoctrs.ini
[2009/09/13 19:13:16 | 000,010,225 | ---- | C] () -- C:\WINDOWS\System32\axperf.ini
[2009/09/13 18:49:41 | 000,019,968 | ---- | C] () -- C:\WINDOWS\System32\cpuinf32.dll
[2009/09/13 18:39:07 | 000,272,128 | ---- | C] () -- C:\WINDOWS\System32\perfi009.dat
[2009/09/13 18:39:07 | 000,028,626 | ---- | C] () -- C:\WINDOWS\System32\perfd009.dat
[2009/09/13 18:39:04 | 000,004,490 | ---- | C] () -- C:\WINDOWS\System32\oembios.dat
[2009/09/13 18:39:00 | 013,107,200 | ---- | C] () -- C:\WINDOWS\System32\oembios.bin
[2009/09/13 18:38:54 | 000,000,741 | ---- | C] () -- C:\WINDOWS\System32\noise.dat
[2009/09/13 18:38:35 | 000,673,088 | ---- | C] () -- C:\WINDOWS\System32\mlang.dat
[2009/09/13 18:38:34 | 000,046,258 | ---- | C] () -- C:\WINDOWS\System32\mib.bin
[2009/09/13 18:37:34 | 000,218,003 | ---- | C] () -- C:\WINDOWS\System32\dssec.dat
[2009/09/13 18:37:07 | 000,001,804 | ---- | C] () -- C:\WINDOWS\System32\dcache.bin
[2009/03/03 11:18:04 | 000,073,728 | ---- | C] () -- C:\WINDOWS\System32\RtNicProp32.dll
[2005/01/18 14:05:36 | 000,121,995 | ---- | C] () -- C:\WINDOWS\System32\atiicdxx.dat
[2003/09/24 01:40:16 | 000,066,560 | ---- | C] () -- C:\WINDOWS\System32\atiyuv12.dll
[2003/09/24 01:40:16 | 000,056,832 | ---- | C] () -- C:\WINDOWS\System32\Iyvu9_32.dll
[2003/09/24 01:40:15 | 000,013,373 | ---- | C] () -- C:\WINDOWS\System32\vctest.ini
[2003/09/24 01:40:14 | 000,009,136 | ---- | C] () -- C:\WINDOWS\System32\INETWH16.DLL
[2003/04/24 11:50:58 | 000,000,061 | ---- | C] () -- C:\WINDOWS\smscfg.ini
[2003/04/24 11:49:57 | 000,000,000 | ---- | C] () -- C:\WINDOWS\System32\iAlmcoin.dll
[2003/04/24 11:29:26 | 000,000,051 | ---- | C] () -- C:\WINDOWS\System32\mshrml.ini
[2003/04/24 09:45:10 | 000,000,000 | ---- | C] () -- C:\WINDOWS\System32\sunistlog.ini
[2003/04/24 09:45:09 | 000,000,438 | ---- | C] () -- C:\WINDOWS\System32\1_ssetup.ini
[2003/04/24 03:57:03 | 000,167,936 | ---- | C] () -- C:\WINDOWS\System32\PCDrJNI_1_1.dll
[2003/04/24 03:52:56 | 000,024,576 | ---- | C] () -- C:\WINDOWS\System32\syscontr.dll
[2003/04/24 03:52:55 | 000,045,056 | ---- | C] () -- C:\WINDOWS\System32\hpreg.dll
[2003/04/24 03:37:50 | 000,000,165 | ---- | C] () -- C:\WINDOWS\QUICKEN.INI
[2003/04/24 02:42:31 | 000,001,793 | ---- | C] () -- C:\WINDOWS\System32\fxsperf.ini
[2003/04/24 02:31:13 | 000,049,152 | ---- | C] () -- C:\WINDOWS\System32\sis740.bin
[2003/04/24 02:31:13 | 000,049,152 | ---- | C] () -- C:\WINDOWS\System32\sis650.bin
[2003/04/24 02:24:24 | 000,001,024 | ---- | C] () -- C:\WINDOWS\System32\drivers\jedih2rx.bin
[2003/04/24 02:24:24 | 000,000,122 | ---- | C] () -- C:\WINDOWS\System32\drivers\ramsed.bin
[2003/04/24 02:18:48 | 000,363,520 | ---- | C] () -- C:\WINDOWS\System32\psisdecd.dll
[2003/04/24 02:08:08 | 000,299,073 | ---- | C] () -- C:\WINDOWS\System32\PythonCOM22.dll
[2003/04/24 02:08:08 | 000,065,536 | ---- | C] () -- C:\WINDOWS\System32\PyWinTypes22.dll
[2003/04/24 02:07:39 | 000,016,896 | ---- | C] () -- C:\WINDOWS\System32\bcbmm.dll
[2003/04/24 01:07:22 | 000,000,813 | ---- | C] () -- C:\WINDOWS\orun32.ini
[2003/04/24 01:05:13 | 000,002,048 | --S- | C] () -- C:\WINDOWS\bootstat.dat
[2003/04/24 00:57:55 | 000,021,640 | ---- | C] () -- C:\WINDOWS\System32\emptyregdb.dat
[2003/04/24 00:46:00 | 000,000,659 | ---- | C] () -- C:\WINDOWS\System32\oeminfo.ini
[2003/04/24 00:44:49 | 000,501,660 | ---- | C] () -- C:\WINDOWS\System32\perfh009.dat
[2003/04/24 00:44:49 | 000,092,640 | ---- | C] () -- C:\WINDOWS\System32\perfc009.dat
[2003/04/23 17:52:07 | 000,004,161 | ---- | C] () -- C:\WINDOWS\ODBCINST.INI
[2003/04/23 17:50:58 | 000,355,360 | ---- | C] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2003/03/19 22:50:18 | 000,000,000 | ---- | C] () -- C:\WINDOWS\System32\px.ini
[2003/01/07 14:05:08 | 000,002,695 | ---- | C] () -- C:\WINDOWS\System32\OUTLPERF.INI
[2002/11/14 14:09:12 | 000,036,864 | ---- | C] () -- C:\WINDOWS\hpfsched.exe
[2002/11/14 14:08:26 | 000,004,760 | ---- | C] () -- C:\WINDOWS\hphmdl11.dat
[2002/05/24 14:00:00 | 000,208,896 | ---- | C] () -- C:\WINDOWS\System32\lockout.dll
[2002/05/24 14:00:00 | 000,045,056 | ---- | C] () -- C:\WINDOWS\System32\lockres.dll
[1999/01/22 10:46:56 | 000,065,536 | ---- | C] () -- C:\WINDOWS\System32\MSRTEDIT.DLL

========== LOP Check ==========

[2010/07/14 11:53:27 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Alwil Software
[2009/12/05 13:04:45 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\All Users\Application Data\CanonBJ
[2010/10/07 19:55:15 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Cisco Systems
[2010/02/24 13:02:27 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Final Draft
[2010/01/21 11:46:46 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\HotSync
[2009/10/12 08:56:24 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Juniper Networks
[2010/10/13 19:33:02 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Locktime
[2009/09/15 22:07:05 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\LogMeIn
[2010/01/12 19:01:40 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\PACE Anti-Piracy
[2011/07/11 23:34:00 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\ScanSoft
[2009/09/17 22:26:45 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\{755AC846-7372-4AC8-8550-C52491DAA8BD}
[2010/08/09 12:06:22 | 000,000,000 | ---D | M] -- C:\Documents and Settings\freddy\Application Data\Auslogics
[2010/05/24 12:48:00 | 000,000,000 | ---D | M] -- C:\Documents and Settings\freddy\Application Data\BitComet
[2010/01/06 11:21:43 | 000,000,000 | ---D | M] -- C:\Documents and Settings\freddy\Application Data\CD-LabelPrint
[2011/10/05 21:53:41 | 000,000,000 | ---D | M] -- C:\Documents and Settings\freddy\Application Data\CompanionLink
[2011/11/09 10:59:03 | 000,000,000 | ---D | M] -- C:\Documents and Settings\freddy\Application Data\CoreFTP
[2010/02/04 23:24:27 | 000,000,000 | ---D | M] -- C:\Documents and Settings\freddy\Application Data\DigiDelivery
[2011/03/03 17:06:31 | 000,000,000 | ---D | M] -- C:\Documents and Settings\freddy\Application Data\Elluminate
[2010/01/27 16:58:31 | 000,000,000 | ---D | M] -- C:\Documents and Settings\freddy\Application Data\EndNote
[2010/02/24 13:02:51 | 000,000,000 | ---D | M] -- C:\Documents and Settings\freddy\Application Data\Final Draft
[2010/04/09 14:51:21 | 000,000,000 | ---D | M] -- C:\Documents and Settings\freddy\Application Data\FrostWire
[2010/01/21 11:46:46 | 000,000,000 | ---D | M] -- C:\Documents and Settings\freddy\Application Data\HotSync
[2009/09/15 21:24:51 | 000,000,000 | ---D | M] -- C:\Documents and Settings\freddy\Application Data\Interact Commerce
[2003/04/24 11:29:26 | 000,000,000 | ---D | M] -- C:\Documents and Settings\freddy\Application Data\interMute
[2003/04/24 03:30:35 | 000,000,000 | ---D | M] -- C:\Documents and Settings\freddy\Application Data\InterTrust
[2009/10/30 14:34:19 | 000,000,000 | ---D | M] -- C:\Documents and Settings\freddy\Application Data\InterVideo
[2011/08/23 22:59:22 | 000,000,000 | ---D | M] -- C:\Documents and Settings\freddy\Application Data\IObit
[2011/05/12 20:11:10 | 000,000,000 | ---D | M] -- C:\Documents and Settings\freddy\Application Data\Juniper Networks
[2011/05/12 20:10:42 | 000,000,000 | ---D | M] -- C:\Documents and Settings\freddy\Application Data\Lala Music Mover
[2010/10/13 19:33:35 | 000,000,000 | ---D | M] -- C:\Documents and Settings\freddy\Application Data\Locktime
[2011/07/18 14:23:36 | 000,000,000 | ---D | M] -- C:\Documents and Settings\freddy\Application Data\M8 Software
[2010/04/13 21:36:42 | 000,000,000 | ---D | M] -- C:\Documents and Settings\freddy\Application Data\ManyCam
[2010/01/12 19:01:40 | 000,000,000 | ---D | M] -- C:\Documents and Settings\freddy\Application Data\PACE Anti-Piracy
[2011/11/10 23:49:04 | 000,000,000 | ---D | M] -- C:\Documents and Settings\freddy\Application Data\Research In Motion
[2003/04/24 03:54:03 | 000,000,000 | ---D | M] -- C:\Documents and Settings\freddy\Application Data\SampleView
[2011/01/30 17:50:59 | 000,000,000 | ---D | M] -- C:\Documents and Settings\freddy\Application Data\ScanSoft
[2009/12/26 19:08:44 | 000,000,000 | ---D | M] -- C:\Documents and Settings\freddy\Application Data\VERITAS
[2011/10/28 00:31:52 | 000,000,358 | ---- | M] () -- C:\WINDOWS\Tasks\MotoHelper MUM.job
[2011/11/23 01:31:20 | 000,000,354 | ---- | M] () -- C:\WINDOWS\Tasks\MotoHelper Routing.job
[2011/10/28 00:31:53 | 000,000,370 | ---- | M] () -- C:\WINDOWS\Tasks\MotoHelper Update.job
[2011/11/23 02:10:10 | 000,000,422 | -H-- | M] () -- C:\WINDOWS\Tasks\User_Feed_Synchronization-{00299ACB-10BC-49D6-88A3-64F230036414}.job

========== Purity Check ==========



========== Custom Scans ==========


< hklm\software\clients\startmenuinternet|command /rs >
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\chrome.exe\shell\open\command\\: "C:\Documents and Settings\freddy\Local Settings\Application Data\Google\Chrome\Application\chrome.exe" [2011/11/14 21:39:56 | 001,036,344 | ---- | M] (Google Inc.)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\InstallInfo\\HideIconsCommand: "C:\Program Files\Mozilla Firefox\uninstall\helper.exe" /HideShortcuts [2010/01/08 17:22:49 | 000,552,160 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\InstallInfo\\ShowIconsCommand: "C:\Program Files\Mozilla Firefox\uninstall\helper.exe" /ShowShortcuts [2010/01/08 17:22:49 | 000,552,160 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\InstallInfo\\ReinstallCommand: "C:\Program Files\Mozilla Firefox\uninstall\helper.exe" /SetAsDefaultAppGlobal [2010/01/08 17:22:49 | 000,552,160 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\shell\open\command\\: C:\Program Files\Mozilla Firefox\firefox.exe [2010/01/08 17:22:47 | 000,908,248 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\shell\properties\command\\: "C:\Program Files\Mozilla Firefox\firefox.exe" -preferences [2010/01/08 17:22:47 | 000,908,248 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\shell\safemode\command\\: "C:\Program Files\Mozilla Firefox\firefox.exe" -safe-mode [2010/01/08 17:22:47 | 000,908,248 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\Google Chrome\InstallInfo\\ShowIconsCommand: "C:\Documents and Settings\freddy\Local Settings\Application Data\Google\Chrome\Application\chrome.exe" --show-icons [2011/11/14 21:39:56 | 001,036,344 | ---- | M] (Google Inc.)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\Google Chrome\InstallInfo\\HideIconsCommand: "C:\Documents and Settings\freddy\Local Settings\Application Data\Google\Chrome\Application\chrome.exe" --hide-icons [2011/11/14 21:39:56 | 001,036,344 | ---- | M] (Google Inc.)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\Google Chrome\InstallInfo\\ReinstallCommand: "C:\Documents and Settings\freddy\Local Settings\Application Data\Google\Chrome\Application\chrome.exe" --make-default-browser [2011/11/14 21:39:56 | 001,036,344 | ---- | M] (Google Inc.)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\Google Chrome\shell\open\command\\: "C:\Documents and Settings\freddy\Local Settings\Application Data\Google\Chrome\Application\chrome.exe" [2011/11/14 21:39:56 | 001,036,344 | ---- | M] (Google Inc.)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\ReinstallCommand: "C:\WINDOWS\system32\ie4uinit.exe" -reinstall [2011/08/22 03:56:56 | 000,174,080 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\HideIconsCommand: "C:\WINDOWS\system32\ie4uinit.exe" -hide [2011/08/22 03:56:56 | 000,174,080 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\ShowIconsCommand: "C:\WINDOWS\system32\ie4uinit.exe" -show [2011/08/22 03:56:56 | 000,174,080 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\shell\naom\command\\: "C:\Program Files\Internet Explorer\iexplore.exe" -extoff [2009/03/08 14:09:26 | 000,638,816 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\shell\open\command\\: "C:\Program Files\Internet Explorer\IEXPLORE.EXE" [2009/03/08 14:09:26 | 000,638,816 | ---- | M] (Microsoft Corporation)

< %USERPROFILE%\AppData\Local\Google\Chrome\User Data\*.* /s >

< HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU >

< HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install|LastSuccessTime /rs >
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install\\LastSuccessTime: 2011-10-16 06:14:26

< End of report >



OTL Extras logfile created on: 11/23/2011 2:59:16 PM - Run 1
OTL by OldTimer - Version 3.2.31.0 Folder = C:\Documents and Settings\freddy\Desktop
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

1023.29 Mb Total Physical Memory | 99.81 Mb Available Physical Memory | 9.75% Memory free
3.84 Gb Paging File | 3.11 Gb Available in Paging File | 81.04% Paging File free
Paging file location(s): D:\pagefile.sys 3000 4096 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 931.50 Gb Total Space | 770.40 Gb Free Space | 82.70% Space Free | Partition Type: NTFS
Drive D: | 279.48 Gb Total Space | 11.27 Gb Free Space | 4.03% Space Free | Partition Type: NTFS

Computer Name: HP | User Name: freddy | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Extra Registry (SafeList) ==========


========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
.html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)
.url [@ = InternetShortcut] -- rundll32.exe ieframe.dll,OpenURL %l

[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = ChromeHTML] -- Reg Error: Key error. File not found

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
exefile [open] -- "%1" %*
https [open] -- "C:\Program Files\Mozilla Firefox\firefox.exe" -requestPending -osint -url "%1" (Mozilla Corporation)
InternetShortcut [open] -- rundll32.exe ieframe.dll,OpenURL %l
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"AntiVirusDisableNotify" = 0
"FirewallDisableNotify" = 0
"UpdatesDisableNotify" = 0
"AntiVirusOverride" = 0
"FirewallOverride" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]

========== System Restore Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"DisableSR" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Sr]
"Start" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SrService]
"Start" = 2

========== Firewall Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\List]
"139:TCP" = 139:TCP:*:Enabled:@xpsp2res.dll,-22004
"445:TCP" = 445:TCP:*:Enabled:@xpsp2res.dll,-22005
"137:UDP" = 137:UDP:*:Enabled:@xpsp2res.dll,-22001
"138:UDP" = 138:UDP:*:Enabled:@xpsp2res.dll,-22002

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 0
"DisableNotifications" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
"139:TCP" = 139:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22004
"445:TCP" = 445:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22005
"137:UDP" = 137:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22001
"138:UDP" = 138:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22002

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]


========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{00010409-78E1-11D2-B60F-006097C998E7}" = Microsoft Office 2000 SR-1 Professional
"{04AF207D-9A77-465A-8B76-991F6AB66245}" = Adobe Help Viewer CS3
"{07287123-B8AC-41CE-8346-3D777245C35B}" = Bonjour
"{08B32819-6EEF-4057-AEDA-5AB681A36A23}" = Adobe Bridge Start Meeting
"{0BEDBD4E-2D34-47B5-9973-57E62B29307C}" = ATI Control Panel
"{1199FAD5-9546-44f3-81CF-FFDB8040B7BF}_Canon_iP4500_series" = Canon iP4500 series
"{11C10759-3BCC-4BF4-8EE6-9B545CB00E32}" = Adobe Setup
"{121634B0-2F4B-11D3-ADA3-00C04F52DD52}" = Windows Installer Clean Up
"{1451DE6B-ABE1-4F62-BE9A-B363A17588A2}" = QuickTime
"{15C77FC3-8137-4A5E-8F81-F559045DD6B0}" = Shipping Assistant 3.6
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{218BBBE3-FE63-4BB2-81A8-7435575A84FA}" = PhotoStitch
"{24D7346D-D4B4-45E8-98EA-75EC14B42DD8}" = Adobe ExtendScript Toolkit 2
"{26A24AE4-039D-4CA4-87B4-2F83217001FF}" = Java™ 7 Update 1
"{27CC6AB1-E72B-4179-AF1A-EAE507EBAF51}_is1" = ConvertHelper 2.2
"{2811B04D-5AAB-4117-8FF8-79529D54634F}" = RemoteCapture Task 1.0
"{2934DCB0-F8EE-11E0-A4A5-B8AC6F97B88E}" = Google Earth Plug-in
"{350C97B0-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP
"{3DD1FE66-5536-41E3-B786-70068887B3F4}" = The Print Shop 12
"{3FA365DF-2D68-45ED-8F83-8C8A33E65143}" = Apple Application Support
"{48964EF3-7ABD-45B0-B913-520CAB136771}" = SmartFTP Client
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4D612FB2-1AE7-4E46-9377-35BB2F06A787}" = Roxio Media Manager
"{4E2EFD3E-D491-487E-88F4-C6937020CD1D}" = ATI Multimedia Center 7.9.15.0
"{612C34C7-5E90-47D8-9B5C-0F717DD82726}" = swMSM
"{61962B4F-0F34-4755-B6E8-27E9D9601898}" = ACT-Outlook Synchronizer
"{6956856F-B6B3-4BE0-BA0B-8F495BE32033}" = Apple Software Update
"{6FF5DD7A-FE28-4439-B8CF-1E9AF4EA0A61}" = Adobe Asset Services CS3
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{71FD03B5-E653-4CB8-9B56-A466ABC9FCA9}" = Brother MFL-Pro Suite
"{74BE7519-41A7-45A8-8AA6-78C7907A4808}" = EOS Capture 1.2
"{750CF8D7-4B04-404F-AFA2-14C129C42373}" = EOS Viewer Utility 1.2.1
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{78D62D17-D970-42DA-B8CF-5E5576293B33}" = Final Draft 7
"{8214CC02-6271-4DC8-B8DD-779933450264}" = RecordNow
"{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable
"{84713778-D9A9-4130-A811-DF3187827B05}" = LogMeIn
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8A708DD8-A5E6-11D4-A706-000629E95E20}" = Intel® Extreme Graphics Driver
"{8E6808E2-613D-4FCD-81A2-6C8FA8E03312}" = Adobe Type Support
"{90120000-0020-0409-0000-0000000FF1CE}" = Compatibility Pack for the 2007 Office system
"{90176341-0A8B-4CCC-A78D-F862228A6B95}" = Adobe Anchor Service CS3
"{901A0409-6000-11D3-8CFE-0150048383C9}" = Microsoft Office Outlook 2003
"{94CAC2F1-C856-47F4-AF24-65A1E75AEDB9}" = MotoHelper MergeModules
"{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting
"{98E8A2EF-4EAE-43B8-A172-74842B764777}" = InterVideo WinDVD Player
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{9C9824D9-9000-4373-A6A5-D0E5D4831394}" = Adobe Bridge CS3
"{A17EABB6-D0C6-44E5-820C-72DC7F495064}" = PaperPort
"{A2B242BD-FF8D-4840-9DAA-9170EABEC59C}" = Adobe CMaps
"{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}" = Microsoft .NET Framework 3.0 Service Pack 2
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{AADEA55D-C834-4BCB-98A3-4B8D1C18F4EE}" = Apple Mobile Device Support
"{AC76BA86-1033-0000-7760-000000000004}" = Adobe Acrobat 9 Pro
"{AC76BA86-1033-0000-7760-000000000004}_945" = Adobe Acrobat 9.4.5 - CPSID_83708
"{AC76BA86-1033-0000-7760-000000000004}{AC76BA86-1033-0000-7760-000000000004}" = Adobe Acrobat 9 Pro
"{AE7256DA-04C1-4AF4-B131-9BD697845164}" = AttachmentOptions
"{B06CC379-BA38-4572-9539-CDB0C544AA1E}" = BlackBerry Desktop Software 5.0
"{B3BF6689-A81D-40D8-9A86-4AC4ACD9FC1C}" = Adobe Camera Raw 4.0
"{B3C02EC1-A7B0-4987-9A43-8789426AAA7D}" = Adobe Setup
"{B43357AA-3A6D-4D94-B56E-43C44D09E548}" = Microsoft .NET Framework (English)
"{B6CF2967-C81E-40C0-9815-C05774FEF120}" = Skype Toolbars
"{B9B35331-B7E4-4E5C-BF4C-7BC87856124D}" = Adobe Default Language CS3
"{BFE903DE-4845-4387-9C6C-98B21B8445A3}" = GMATPrep™
"{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}" = Microsoft .NET Framework 2.0 Service Pack 2
"{C1D76D7A-F3BB-47EA-A746-5B1E2FFC1DF2}" = Canon Utilities ZoomBrowser EX
"{CD8B8A40-DC1E-48FB-9510-3829614C96D7}" = CompanionLink
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{D0DFF92A-492E-4C40-B862-A74A173C25C5}" = Adobe Version Cue CS3 Client
"{D2559B88-CC9D-4B48-81BB-F492BAA9C48C}" = Adobe PDF Library Files
"{D6F879CC-59D6-4D4B-AE9B-D761E48D25ED}" = Skype™ 5.3
"{DBCC73BA-C69A-4BF5-B4BF-F07501EE7039}" = AnswerWorks 5.0 English Runtime
"{DC10C616-22E5-40AD-A3EA-3E7A957ECDC7}" = Movie Magic Screenwriter 6
"{DF6A13C0-77DF-41FE-BD05-6D5201EB0CE7}_is1" = Auslogics Disk Defrag
"{E69AE897-9E0B-485C-8552-7841F48D42D8}" = Adobe Update Manager CS3
"{EC2A8F27-4FBF-4E41-B27B-FE822511B761}" = iTunes
"{ED2A3C11-3EA8-4380-B59C-F2C1832731B0}" = Quicken 2009
"{ED9775A0-383E-4EAA-8DA5-8CC6860D60A3}" = Canon Camera WIA Driver
"{FAF0DAD8-1EA7-4FEF-80E5-8D8D6EBD5A23}" = RAW Image Task
"{FC3EEA54-C009-4D75-B753-3CD871BF3EBA}" = Camera Window
"{FC9E08AA-CD59-4C59-BEF9-87E05B9E37D7}" = Adobe Contribute CS3
"{FD6034A3-655C-49F0-B496-D4CBFD74D7A7}" = Palm Desktop by ACCESS
"{FE4BD9BD-4A26-4F39-B12C-19336204B100}" = EndNote X.0.2
"ACT!" = ACT!
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"Adobe Photoshop 6.0" = Adobe Photoshop 6.0
"Adobe Shockwave Player" = Adobe Shockwave Player 11.6
"Adobe SVG Viewer" = Adobe SVG Viewer
"Adobe_3e054d2218e7aa282c2369d939e58ff" = Adobe ExtendScript Toolkit 2
"Adobe_c4c00451d35772e88ad87152169b2f3" = Adobe Contribute CS3
"ATI Display Driver" = ATI Display Driver
"avast" = avast! Free Antivirus
"BlackBerry_{B06CC379-BA38-4572-9539-CDB0C544AA1E}" = BlackBerry Desktop Software 5.0
"Cisco Connect" = Cisco Connect
"Core FTP LE 2.1" = Core FTP LE 2.1
"doubleTwist" = doubleTwist
"ERUNT_is1" = ERUNT 1.1j
"ESET Online Scanner" = ESET Online Scanner v3
"Exact Audio Copy" = Exact Audio Copy 0.99pb5
"Family Tree Maker" = Family Tree Maker 9.0
"ffdshow_is1" = ffdshow [rev 2527] [2008-12-19]
"IDrive_is1" = IDrive version 3.4.1 July 08, 2011
"ie8" = Windows Internet Explorer 8
"InstallShield_{218BBBE3-FE63-4BB2-81A8-7435575A84FA}" = Canon Utilities PhotoStitch 3.1
"InstallShield_{2811B04D-5AAB-4117-8FF8-79529D54634F}" = Canon RemoteCapture Task for ZoomBrowser EX
"InstallShield_{74BE7519-41A7-45A8-8AA6-78C7907A4808}" = Canon Utilities EOS Capture 1.2
"InstallShield_{750CF8D7-4B04-404F-AFA2-14C129C42373}" = Canon Utilities EOS Viewer Utility 1.2
"InstallShield_{ED9775A0-383E-4EAA-8DA5-8CC6860D60A3}" = Canon EOS 20D WIA Driver
"InstallShield_{FAF0DAD8-1EA7-4FEF-80E5-8D8D6EBD5A23}" = Canon RAW Image Task for ZoomBrowser EX
"InstallShield_{FC3EEA54-C009-4D75-B753-3CD871BF3EBA}" = Canon Camera Window for ZoomBrowser EX
"ISI ResearchSoft - Export Helper" = ISI ResearchSoft - Export Helper
"M8 Free Clipboard" = M8 Free Clipboard
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware version 1.51.2.1300
"ManyCam" = ManyCam 2.4 (remove only)
"MediaNavigation.CDLabelPrint" = CD-LabelPrint
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Microsoft .NET Framework Full v1.0.3705 (1033)" = Microsoft .NET Framework (English) v1.0.3705
"Mozilla Firefox (3.5.7)" = Mozilla Firefox (3.5.7)
"MSCompPackV1" = Microsoft Compression Client Pack 1.0 for Windows XP
"MSTTS" = Microsoft Text-to-Speech Engine 4.0 (English)
"NetLimiter 2 Monitor" = NetLimiter 2 Monitor (remove only)
"NVIDIA" = NVIDIA Windows 2000/XP Display Drivers
"Picasa 3" = Picasa 3
"S3Display" = S3Display
"S3Gamma2" = S3Gamma2
"S3Info2" = S3Info2
"Shockwave" = Shockwave
"Toshiba AutoTask" = Toshiba AutoTask
"Verizon High Speed Internet_is1" = Verizon High Speed Internet
"Wdf01007" = Microsoft Kernel-Mode Driver Framework Feature Pack 1.7
"WebPost" = Microsoft Web Publishing Wizard 1.52
"Windows Media Format Runtime" = Windows Media Format 11 runtime
"Windows Media Player" = Windows Media Player 11
"Windows XP Service Pack" = Windows XP Service Pack 3
"WMFDist11" = Windows Media Format 11 runtime
"wmp11" = Windows Media Player 11
"Wudf01000" = Microsoft User-Mode Driver Framework Feature Pack 1.0

========== HKEY_CURRENT_USER Uninstall List ==========

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Google Chrome" = Google Chrome

========== Last 10 Event Log Errors ==========

[ Application Events ]
Error - 11/5/2011 2:28:48 PM | Computer Name = HP | Source = Application Error | ID = 1000
Description = Faulting application excel.exe, version 9.0.0.3822, faulting module
excel.exe, version 9.0.0.3822, fault address 0x00601937.

Error - 11/5/2011 2:29:04 PM | Computer Name = HP | Source = Application Error | ID = 1000
Description = Faulting application excel.exe, version 9.0.0.3822, faulting module
excel.exe, version 9.0.0.3822, fault address 0x00601937.

Error - 11/5/2011 2:29:20 PM | Computer Name = HP | Source = Application Error | ID = 1000
Description = Faulting application excel.exe, version 9.0.0.3822, faulting module
excel.exe, version 9.0.0.3822, fault address 0x00601937.

Error - 11/5/2011 2:29:40 PM | Computer Name = HP | Source = Application Error | ID = 1000
Description = Faulting application excel.exe, version 9.0.0.3822, faulting module
excel.exe, version 9.0.0.3822, fault address 0x00601937.

Error - 11/5/2011 2:30:37 PM | Computer Name = HP | Source = Application Error | ID = 1000
Description = Faulting application excel.exe, version 9.0.0.3822, faulting module
excel.exe, version 9.0.0.3822, fault address 0x00601937.

Error - 11/12/2011 12:11:35 AM | Computer Name = HP | Source = EventSystem | ID = 4614
Description = The COM+ Event System detected an inconsistency in its internal state.
The assertion "GetLastError() == 122L" failed at line 162 of d:\comxp_sp3\com\com1x\src\events\shared\sectools.cpp.
Please contact Microsoft Product Support Services to report this erro

Error - 11/14/2011 1:42:04 AM | Computer Name = HP | Source = Application Error | ID = 1000
Description = Faulting application companionlink.exe, version 5.0.0.0, faulting
module companionlink.exe, version 5.0.0.0, fault address 0x00030aef.

Error - 11/14/2011 1:42:44 AM | Computer Name = HP | Source = Application Error | ID = 1000
Description = Faulting application companionlink.exe, version 5.0.0.0, faulting
module companionlink.exe, version 5.0.0.0, fault address 0x00042732.

Error - 11/21/2011 7:14:34 PM | Computer Name = HP | Source = Application Error | ID = 1000
Description = Faulting application companionlink.exe, version 5.0.0.0, faulting
module companionlink.exe, version 5.0.0.0, fault address 0x00042732.

Error - 11/23/2011 3:08:24 AM | Computer Name = HP | Source = Application Error | ID = 1000
Description = Faulting application winword.exe, version 9.0.0.3822, faulting module
mso9.dll, version 9.0.0.3821, fault address 0x000103c8.

[ System Events ]
Error - 11/23/2011 6:46:10 PM | Computer Name = HP | Source = Service Control Manager | ID = 7031
Description = The MotoHelper Service service terminated unexpectedly. It has done
this 1 time(s). The following corrective action will be taken in 1000 milliseconds:
Restart the service.

Error - 11/23/2011 6:46:21 PM | Computer Name = HP | Source = Service Control Manager | ID = 7034
Description = The iPod Service service terminated unexpectedly. It has done this
1 time(s).

Error - 11/23/2011 6:46:21 PM | Computer Name = HP | Source = Service Control Manager | ID = 7034
Description = The Java Quick Starter service terminated unexpectedly. It has done
this 1 time(s).

Error - 11/23/2011 6:46:21 PM | Computer Name = HP | Source = Service Control Manager | ID = 7034
Description = The FLEXnet Licensing Service service terminated unexpectedly. It
has done this 1 time(s).

Error - 11/23/2011 6:53:21 PM | Computer Name = HP | Source = Service Control Manager | ID = 7000
Description = The ATI WDM TV Tuner service failed to start due to the following
error: %%1058

Error - 11/23/2011 6:53:21 PM | Computer Name = HP | Source = Service Control Manager | ID = 7000
Description = The ATI WDM TV Audio Crossbar service failed to start due to the following
error: %%1058

Error - 11/23/2011 6:53:22 PM | Computer Name = HP | Source = Service Control Manager | ID = 7000
Description = The ATI WDM Specialized MVD Codec service failed to start due to the
following error: %%1058

Error - 11/23/2011 6:53:22 PM | Computer Name = HP | Source = Service Control Manager | ID = 7000
Description = The ATI WDM Specialized PCD Codec service failed to start due to the
following error: %%1058

Error - 11/23/2011 6:53:22 PM | Computer Name = HP | Source = Service Control Manager | ID = 7009
Description = Timeout (30000 milliseconds) waiting for the Roxio Hard Drive Watcher
9 service to connect.

Error - 11/23/2011 7:15:56 PM | Computer Name = HP | Source = MRxSmb | ID = 8003
Description = The master browser has received a server announcement from the computer
animeLAPTOP that believes that it is the master browser for the domain on transport
NetBT_Tcpip_{1A98B31B-1E9E-4E. The master browser is stopping or an election is
being forced.


< End of report >
  • 0

#14
SweetTech

SweetTech

    Sir SpamAlot

  • Retired Staff
  • 7,671 posts
Hi,

Okay.

From a malware stand point, your logs appear to be clean, aside from those files that were detected as infected by ESET.

I'm going to suggest that you post in our Windows XP forum and see what the techs have to say about the issues you are currently experincing with your computer.

I'd ask that you include a link to this thread in your new topic.

But before I have you post there we need to clean up our tools.

Your logs appear to be clean, so if you have no further issues with your computer, then please proceed with the following housekeeping procedures outlined below.



Time for some housekeeping
The following will implement some cleanup procedures as well as reset System Restore points:

Click Start > Run and copy/paste the following bolded text into the Run box and click OK: ComboFix /Uninstall



NEXT:



OTL Fix

We need to run an OTL Fix
  • Please reopen Posted Image on your desktop.
  • Copy and Paste the following code into the Posted Image textbox.
    :Commands
    [ClearAllRestorePoints]
    
  • Push Posted Image
  • OTL may ask to reboot the machine. Please do so if asked.
  • Click the OK button.
  • A report will open. Copy and Paste that report in your next reply.


NEXT:



OTL Clean-Up

We Need to Clean Up our Mess
Our work on your machine has left considerable leftovers on your box. Let's clean those up real quick:
  • Reopen Posted Image on your desktop.
  • Click on Posted Image
  • You will be prompted to reboot your system. Please do so.
If you still have any tools or logs leftover on your computer you can go ahead and delete those off of your computer now.


NEXT:



All Clean Speech

===> Make sure you've re-enabled any Security Programs that we may have disabled during the malware removal process. <===



Below I have included a number of recommendations for how to protect your computer against malware infections.


Updated Anti-Virus Program
It's essential that you have an updated anti-virus program running on your computer. You don't want to run more than one as it can cause program conflicts, as well as false positives

You can view an excellent list of Free Security Software programs that has been compiled by GeekstoGo.


Avoid P2P Programs

Remember that no matter how clean the program you're using for peer-to-peer filesharing may be, it offers no guarantees regarding the cleanliness of files you may choose to download. All files available via p2p filesharing carry a high risk, particularly those that offer you illegitimate methods of using legitimate software programs without paying for them. Some further readings on this subject, along the included links, are as follows: File-Sharing, otherwise known as Peer To Peer and Risks of File-Sharing Technology.

If you have any of these programs installed then I highly suggest you uninstall them.

NOTE: Take care when answering any questions posed by an uninstaller. Some questions may be worded to deceive you into keeping the program.


Internet Browsers

Many of the users that I assist here on the forums, ask me which programs they can use to prevent themselves from getting infected again in the future. The best answer I can give you is too practice safe browsing.

Please consider using an alternative browser such as Google Chrome or Opera. They are both much more secure than Internet Explorer, immune to almost all known browser hijackers, and also have great built-in pop-up blockers.

I also suggest you make your Internet Explore more secure.


Make Internet Explorer more secure

  • Click Start > Run
  • Type Inetcpl.cpl & click OK
  • Click on the Security tab
  • Click Reset all zones to default level
  • Make sure the Internet Zone is selected & Click Custom level
  • In the ActiveX section, set the first two options ("Download signed and unsigned ActiveX controls) to "Prompt", and ("Initialize and Script ActiveX controls not marked as safe") to "Disable".
  • Next Click OK, then Apply button and then OK to exit the Internet Properties page.



Extra Goodies

  • It is good security practice to change your passwords to all your online accounts on a fairly regular basis, this is especially true after an infection. Refer to this Microsoft article
    Strong passwords: How to create and use them
    then consider a password keeper, to keep all your passwords safe.
  • Keep Windows updated by regularly checking their website at: http://windowsupdate.microsoft.com/
    This will ensure your computer has always the latest security updates available installed on your computer.
  • You should run an updated scan with MalwareBytes' Anti-Malware weekly. Instructions are included below:

    • Open Malwarebytes' Anti-Malware
    • Select the Update tab
    • Click Check for Updates

  • Be weary of e-mails from unknown senders. Keep the following in mind as well: If it's to good to be true, then it more than likely is.

  • FileHippo Update Checker is an extremely helpful program that will tell you which of your programs need to be updated. Its important to keep programs up to date so that malware doesn't exploit any old security flaws.
  • WOT, Web of Trust, warns you about risky websites that try to scam visitors, deliver malware or send spam. Protect your computer against online threats by using WOT as your front-line layer of protection when browsing or searching in unfamiliar territory. WOT's color-coded icons show you ratings for 21 million websites, helping you avoid the dangerous sites:
    • Green to go
    • Yellow for caution
    • Red to stop
    WOT has an addon available for Chrome and Opera.
  • Keep a backup of your important files - Now, more than ever, it's especially important to protect your digital files and memories. This article is full of good information on alternatives for home backup solutions.
  • In light of your recent issue, I'm sure you'd like to avoid any future infections. Please take a look at these well written articles:
    Think Prevention.
    PC Safety and Security--What Do I Need?.
**Be very wary with any security software that is advertised in popups or in other ways. They are not only usually of no use, but often have malware in them.

Thank you for your patience, and performing all of the procedures requested.

Please respond one last time so we can consider the thread resolved and close it, thank-you.

Cheers,
SweetTech.
  • 0

#15
writer99

writer99

    Member

  • Topic Starter
  • Member
  • PipPip
  • 11 posts
Thanks for the assistance. I appreciate you trying to help!
  • 0






Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP