Jump to content

Welcome to Geeks to Go - Register now for FREE

Geeks To Go is a helpful hub, where thousands of volunteer geeks quickly serve friendly answers and support. Check out the forums and get free advice from the experts. Register now to gain access to all of our features, it's FREE and only takes one minute. Once registered and logged in, you will be able to create topics, post replies to existing threads, give reputation to your fellow members, get your own private messenger, post status updates, manage your profile and so much more.

Create Account How it Works
Photo

Redirect Browser Hijacker Keeps Coming Back - Help!


  • Please log in to reply

#1
sheperd06

sheperd06

    Member

  • Member
  • PipPip
  • 20 posts
After running a number of virus removal tools (Combofix, tdsskiller, Malwarebytes, ect.), I was able to remove a browser hijacker or so I thought. Unfortunately, it keeps coming back and I've run out of solutions! :confused: I ran the OldTimer Tool (OTL) and listed are the results. Please know any assistance in resolving this issue will be greatly appreciated. I'm totally stumped!

Thanks so much! :)

OTL logfile created on: 1/5/2012 11:21:57 AM - Run 1
OTL by OldTimer - Version 3.2.31.0 Folder = C:\Documents and Settings\AdminFolder\Desktop
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 6.0.2900.5512)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

1.98 Gb Total Physical Memory | 1.49 Gb Available Physical Memory | 75.03% Memory free
3.84 Gb Paging File | 3.60 Gb Available in Paging File | 93.92% Paging File free
Paging file location(s): c:\pagefile.sys 2046 4092 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 298.08 Gb Total Space | 282.31 Gb Free Space | 94.71% Space Free | Partition Type: NTFS

Computer Name: ADMINFOL-A78534 | User Name: AdminFolder | Logged in as Administrator.
Boot Mode: SafeMode with Networking | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2012/01/05 10:57:43 | 000,584,192 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\AdminFolder\desktop\OTL.exe
PRC - [2011/12/13 07:31:50 | 000,912,856 | ---- | M] (Mozilla Corporation) -- C:\Program Files\Mozilla Firefox\firefox.exe
PRC - [2008/04/14 07:00:00 | 001,033,728 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe


========== Modules (No Company Name) ==========

MOD - [2012/01/04 23:59:41 | 008,527,008 | ---- | M] () -- C:\WINDOWS\system32\Macromed\Flash\NPSWF32.dll
MOD - [2011/12/13 07:31:52 | 000,849,368 | ---- | M] () -- C:\Program Files\Mozilla Firefox\js3250.dll


========== Win32 Services (SafeList) ==========

SRV - File not found [Disabled | Stopped] -- -- (HidServ)
SRV - File not found [Disabled | Stopped] -- -- (FXYTYVI)
SRV - [2011/11/28 13:01:23 | 000,127,192 | ---- | M] (AVAST Software) [Auto | Stopped] -- C:\Program Files\AVAST Software\Avast\afwServ.exe -- (avast! Firewall)
SRV - [2011/11/28 13:01:23 | 000,044,768 | ---- | M] (AVAST Software) [Auto | Stopped] -- C:\Program Files\AVAST Software\Avast\AvastSvc.exe -- (avast! Antivirus)
SRV - [2010/12/20 17:08:58 | 000,363,344 | ---- | M] (Malwarebytes Corporation) [Disabled | Stopped] -- C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe -- (MBAMService)
SRV - [2010/12/14 11:06:04 | 000,015,592 | ---- | M] (Secure Backup and Share) [Disabled | Stopped] -- C:\Program Files\SecureBackupShare\ComcastSecureBackupSharebackup.exe -- (ComcastSecureBackupSharebackup)
SRV - [2009/11/07 14:57:40 | 000,239,336 | ---- | M] (Systweak Inc.) [On_Demand | Stopped] -- C:\Program Files\Advanced System Optimizer 3\ASO3DefragSrv.exe -- (ASO3DiskOptimizer)
SRV - [2007/11/26 13:47:40 | 000,598,856 | ---- | M] (Webroot Software, Inc.) [On_Demand | Stopped] -- C:\Program Files\Webroot\Washer\WasherSvc.exe -- (wwEngineSvc)
SRV - [2005/03/14 12:05:02 | 000,069,632 | ---- | M] (HP) [Disabled | Stopped] -- C:\WINDOWS\system32\HPZipm12.exe -- (Pml Driver HPZ12)


========== Driver Services (SafeList) ==========

DRV - [2011/11/28 12:54:38 | 000,111,320 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\aswFW.sys -- (aswFW)
DRV - [2011/11/28 12:53:53 | 000,435,032 | ---- | M] (AVAST Software) [File_System | System | Stopped] -- C:\WINDOWS\System32\drivers\aswSnx.sys -- (aswSnx)
DRV - [2011/11/28 12:53:35 | 000,314,456 | ---- | M] (AVAST Software) [Kernel | System | Stopped] -- C:\WINDOWS\System32\drivers\aswSP.sys -- (aswSP)
DRV - [2011/11/28 12:53:22 | 000,195,416 | ---- | M] (AVAST Software) [Kernel | Boot | Running] -- C:\WINDOWS\System32\drivers\aswNdis2.sys -- (aswNdis2)
DRV - [2011/11/28 12:52:19 | 000,034,392 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\aswRdr.sys -- (aswRdr)
DRV - [2011/11/28 12:52:16 | 000,052,952 | ---- | M] (AVAST Software) [Kernel | System | Stopped] -- C:\WINDOWS\System32\drivers\aswTdi.sys -- (aswTdi)
DRV - [2011/11/28 12:52:02 | 000,111,320 | ---- | M] (AVAST Software) [File_System | Auto | Stopped] -- C:\WINDOWS\System32\drivers\aswmon2.sys -- (aswMon2)
DRV - [2011/11/28 12:51:50 | 000,020,568 | ---- | M] (AVAST Software) [File_System | Auto | Stopped] -- C:\WINDOWS\System32\drivers\aswFsBlk.sys -- (aswFsBlk)
DRV - [2011/11/28 12:48:49 | 000,030,808 | ---- | M] (AVAST Software) [Kernel | System | Stopped] -- C:\WINDOWS\System32\drivers\aavmker4.sys -- (Aavmker4)
DRV - [2011/11/28 12:26:19 | 000,012,112 | ---- | M] (ALWIL Software) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\aswNdis.sys -- (aswNdis)
DRV - [2010/12/20 17:08:40 | 000,020,952 | ---- | M] (Malwarebytes Corporation) [File_System | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\mbam.sys -- (MBAMProtector)
DRV - [2010/12/14 11:05:58 | 000,054,776 | ---- | M] (Mozy, Inc.) [File_System | System | Stopped] -- C:\WINDOWS\system32\drivers\ComcastSecureBackupShare.sys -- (ComcastSecureBackupShareFilter)
DRV - [2010/05/10 13:41:30 | 000,067,656 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Stopped] -- C:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS -- (SASKUTIL)
DRV - [2010/02/17 13:25:48 | 000,012,872 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Stopped] -- C:\Program Files\SUPERAntiSpyware\sasdifsv.sys -- (SASDIFSV)
DRV - [2009/12/30 10:20:54 | 000,027,064 | ---- | M] (VS Revo Group) [File_System | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\revoflt.sys -- (Revoflt)
DRV - [2004/08/28 12:54:38 | 000,033,995 | ---- | M] (Sonic Focus, Inc) [Kernel | System | Stopped] -- C:\WINDOWS\system32\drivers\sf.sys -- (sf)
DRV - [2004/04/26 09:49:56 | 000,381,056 | ---- | M] (Sensaura) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\senfilt.sys -- (senfilt)
DRV - [2002/09/20 10:53:34 | 000,235,100 | ---- | M] (Analog Devices Inc) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\MidiSyn.sys -- (MidiSyn)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm

IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

========== FireFox ==========

FF - prefs.js..browser.startup.homepage: "msn.com"
FF - prefs.js..extensions.enabledItems: {d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}:2.0.2
FF - prefs.js..extensions.enabledItems: {a0d7ccb3-214d-498b-b4aa-0e8fda9a7bf7}:20111107
FF - prefs.js..extensions.enabledItems: [email protected]:1.1.3
FF - prefs.js..extensions.enabledItems: {73a6fe31-595d-460b-a920-fcc0f8843232}:2.2.5
FF - prefs.js..extensions.enabledItems: [email protected]:1.2.10.1
FF - prefs.js..extensions.enabledItems: {bb6bc1bb-f824-4702-90cd-35e2fb24f25d}:1.5.1
FF - prefs.js..extensions.enabledItems: [email protected]:6.0.1367

FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\WINDOWS\system32\Macromed\Flash\NPSWF32.dll ()
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: File not found

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\[email protected]: C:\Program Files\AVAST Software\Avast\WebRep\FF [2012/01/03 14:38:17 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 3.6.25\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2012/01/03 14:44:16 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 3.6.25\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2012/01/03 14:44:07 | 000,000,000 | ---D | M]

[2012/01/03 14:44:22 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\AdminFolder\Application Data\Mozilla\Extensions
[2012/01/05 00:07:21 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\AdminFolder\Application Data\Mozilla\Firefox\Profiles\5myzoqn7.default\extensions
[2012/01/03 14:51:31 | 000,000,000 | ---D | M] (NoScript) -- C:\Documents and Settings\AdminFolder\Application Data\Mozilla\Firefox\Profiles\5myzoqn7.default\extensions\{73a6fe31-595d-460b-a920-fcc0f8843232}
[2012/01/03 14:51:34 | 000,000,000 | ---D | M] (WOT) -- C:\Documents and Settings\AdminFolder\Application Data\Mozilla\Firefox\Profiles\5myzoqn7.default\extensions\{a0d7ccb3-214d-498b-b4aa-0e8fda9a7bf7}
[2012/01/03 14:51:31 | 000,000,000 | ---D | M] (Cookies Manager+) -- C:\Documents and Settings\AdminFolder\Application Data\Mozilla\Firefox\Profiles\5myzoqn7.default\extensions\{bb6bc1bb-f824-4702-90cd-35e2fb24f25d}
[2012/01/03 14:51:35 | 000,000,000 | ---D | M] (Adblock Plus) -- C:\Documents and Settings\AdminFolder\Application Data\Mozilla\Firefox\Profiles\5myzoqn7.default\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}
[2012/01/03 14:51:34 | 000,000,000 | ---D | M] (BrowserProtect) -- C:\Documents and Settings\AdminFolder\Application Data\Mozilla\Firefox\Profiles\5myzoqn7.default\extensions\[email protected]
[2012/01/03 14:51:33 | 000,000,000 | ---D | M] (Form History Control) -- C:\Documents and Settings\AdminFolder\Application Data\Mozilla\Firefox\Profiles\5myzoqn7.default\extensions\[email protected]
[2012/01/03 14:44:08 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
[2012/01/03 14:38:17 | 000,000,000 | ---D | M] (avast! WebRep) -- C:\PROGRAM FILES\AVAST SOFTWARE\AVAST\WEBREP\FF

O1 HOSTS File: ([2012/01/03 14:01:06 | 000,000,009 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - No CLSID value found.
O4 - HKCU..\Run: [WinPatrol System Monitor] C:\Program Files\BillP Studios\WinPatrol\WinPatrol.exe (BillP Studios)
O4 - HKCU..\RunOnce: [Privacy Suite] C:\Program Files\CyberScrub Privacy Suite\CSPSeraser.exe (CyberScrub LLC)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O9 - Extra 'Tools' menuitem : Spybot - Search && Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000001 [] - C:\WINDOWS\system32\nwprovau.dll (Microsoft Corporation)
O16 - DPF: {33564D57-9980-0010-8000-00AA00389B71} http://download.micr...D0C/wmv9dmo.cab (Reg Error: Key error.)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_30)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_30)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.0.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{5264225F-006B-4264-A3A9-C0B43DD2D2CC}: DhcpNameServer = 192.168.0.1
O20 - HKLM Winlogon: Shell - (Explorer.exe) -C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\WINDOWS\system32\userinit.exe) -C:\WINDOWS\system32\userinit.exe (Microsoft Corporation)
O28 - HKLM ShellExecuteHooks: {5AE067D3-9AFB-48E0-853A-EBB7F4A000DA} - C:\Program Files\SUPERAntiSpyware\SASSEH.DLL (SuperAdBlocker.com)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2011/06/25 22:52:53 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *)
O34 - HKLM BootExecute: (Partizan)
O34 - HKLM BootExecute: (sasnative32)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

========== Files/Folders - Created Within 30 Days ==========

[2012/01/05 10:59:29 | 000,071,398 | ---- | C] (jpshortstuff) -- C:\Documents and Settings\AdminFolder\Desktop\GooredFix.exe
[2012/01/05 10:57:43 | 000,584,192 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\AdminFolder\Desktop\OTL.exe
[2012/01/05 10:36:58 | 000,094,896 | ---- | C] (Kaspersky Lab, GERT) -- C:\WINDOWS\System32\drivers\10934858.sys
[2012/01/05 10:19:17 | 000,000,000 | ---D | C] -- C:\WINDOWS\CSC
[2012/01/05 01:01:42 | 000,000,000 | RH-D | C] -- C:\Documents and Settings\AdminFolder\Recent
[2012/01/05 00:30:41 | 000,000,000 | -HSD | C] -- C:\System Volume Information
[2012/01/05 00:26:50 | 000,000,000 | ---D | C] -- C:\WINDOWS\Drivers
[2012/01/05 00:25:28 | 000,000,000 | ---D | C] -- C:\SWSETUP
[2012/01/04 23:39:41 | 000,094,896 | ---- | C] (Kaspersky Lab, GERT) -- C:\WINDOWS\System32\drivers\36750365.sys
[2012/01/04 14:48:52 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Microsoft Bootvis
[2012/01/04 14:48:51 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft Bootvis
[2012/01/04 13:40:29 | 000,272,128 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\bthport.sys
[2012/01/04 13:40:03 | 000,456,320 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\mrxsmb.sys
[2012/01/04 13:38:26 | 002,192,768 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\ntoskrnl.exe
[2012/01/04 13:38:26 | 002,148,864 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\ntkrnlmp.exe
[2012/01/04 13:38:25 | 002,027,008 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\ntkrpamp.exe
[2012/01/04 13:31:37 | 000,135,168 | ---- | C] (Intel Corporation) -- C:\WINDOWS\System32\igfxres.dll
[2012/01/04 13:26:52 | 000,000,000 | ---D | C] -- C:\WINDOWS\Prefetch
[2012/01/04 13:24:01 | 000,156,672 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\winzm.ime
[2012/01/04 13:24:00 | 000,156,672 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\winsp.ime
[2012/01/04 13:24:00 | 000,156,672 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\winpy.ime
[2012/01/04 13:24:00 | 000,065,536 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\winime.ime
[2012/01/04 13:23:59 | 000,079,360 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\winar30.ime
[2012/01/04 13:23:59 | 000,072,704 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\wingb.ime
[2012/01/04 13:23:58 | 000,041,600 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\weitekp9.dll
[2012/01/04 13:23:58 | 000,031,232 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\weitekp9.sys
[2012/01/04 13:23:57 | 000,076,800 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\wam51.dll
[2012/01/04 13:23:57 | 000,053,248 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\wamreg51.dll
[2012/01/04 13:23:57 | 000,009,216 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\wamps51.dll
[2012/01/04 13:23:56 | 000,364,032 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\w3svc.dll
[2012/01/04 13:23:56 | 000,073,728 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\w3ext.dll
[2012/01/04 13:23:56 | 000,005,632 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\w3svapi.dll
[2012/01/04 13:23:56 | 000,004,608 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\w3ctrs51.dll
[2012/01/04 13:23:55 | 000,426,041 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\voicepad.dll
[2012/01/04 13:23:55 | 000,086,073 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\voicesub.dll
[2012/01/04 13:23:55 | 000,048,256 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\w32.dll
[2012/01/04 13:23:52 | 000,103,424 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\uihelper.dll
[2012/01/04 13:23:52 | 000,076,288 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\uniime.dll
[2012/01/04 13:23:52 | 000,065,024 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\unicdime.ime
[2012/01/04 13:23:51 | 000,014,336 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\tsprof.exe
[2012/01/04 13:23:50 | 000,033,792 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\tools.dll
[2012/01/04 13:23:49 | 000,571,392 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\tintlgnt.ime
[2012/01/04 13:23:49 | 000,455,168 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\tintsetp.exe
[2012/01/04 13:23:49 | 000,044,032 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\tintlphr.exe
[2012/01/04 13:23:49 | 000,010,240 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\tmigrate.dll
[2012/01/04 13:23:48 | 000,185,344 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\thawbrkr.dll
[2012/01/04 13:23:48 | 000,021,896 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\tdipx.sys
[2012/01/04 13:23:48 | 000,019,464 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\tdspx.sys
[2012/01/04 13:23:48 | 000,013,192 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\tdasync.sys
[2012/01/04 13:23:46 | 000,046,592 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\svcext51.dll
[2012/01/04 13:23:45 | 000,046,592 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\sspifilt.dll
[2012/01/04 13:23:45 | 000,045,056 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\ssinc51.dll
[2012/01/04 13:23:45 | 000,016,896 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\status.dll
[2012/01/04 13:23:44 | 000,101,376 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\srusbusd.dll
[2012/01/04 13:23:42 | 000,143,422 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\softkey.dll
[2012/01/04 13:23:41 | 000,358,400 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\snmpincl.dll
[2012/01/04 13:23:41 | 000,188,416 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\snmpsmir.dll
[2012/01/04 13:23:41 | 000,039,936 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\snmpthrd.dll
[2012/01/04 13:23:41 | 000,010,240 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\snmpstup.dll
[2012/01/04 13:23:41 | 000,008,704 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\snmptrap.exe
[2012/01/04 13:23:41 | 000,007,168 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\EXCH_snprfdll.dll
[2012/01/04 13:23:41 | 000,006,144 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\snmpmib.dll
[2012/01/04 13:23:40 | 000,456,192 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\smtpsvc.dll
[2012/01/04 13:23:40 | 000,259,072 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\snmpcl.dll
[2012/01/04 13:23:40 | 000,033,280 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\snmp.exe
[2012/01/04 13:23:39 | 000,015,872 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\smierrsm.dll
[2012/01/04 13:23:39 | 000,012,288 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\EXCH_smtpctrs.dll
[2012/01/04 13:23:39 | 000,010,752 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\smtpapi.dll
[2012/01/04 13:23:39 | 000,005,632 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\smimsgif.dll
[2012/01/04 13:23:39 | 000,005,632 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\smierrsy.dll
[2012/01/04 13:23:38 | 000,236,544 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\smi2smir.exe
[2012/01/04 13:23:38 | 000,038,912 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\sm9aw.dll
[2012/01/04 13:23:38 | 000,031,744 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\smb6w.dll
[2012/01/04 13:23:38 | 000,031,744 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\sma3w.dll
[2012/01/04 13:23:38 | 000,026,624 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\sm93w.dll
[2012/01/04 13:23:38 | 000,026,624 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\sm92w.dll
[2012/01/04 13:23:38 | 000,026,112 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\sm90w.dll
[2012/01/04 13:23:38 | 000,026,112 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\sm8dw.dll
[2012/01/04 13:23:37 | 000,030,208 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\sm87w.dll
[2012/01/04 13:23:37 | 000,030,208 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\sm81w.dll
[2012/01/04 13:23:37 | 000,029,184 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\sm8cw.dll
[2012/01/04 13:23:37 | 000,026,112 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\sm8aw.dll
[2012/01/04 13:23:37 | 000,026,112 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\sm89w.dll
[2012/01/04 13:23:37 | 000,025,088 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\sm59w.dll
[2012/01/04 13:23:36 | 000,018,944 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\simptcp.dll
[2012/01/04 13:23:33 | 000,221,696 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\seo.dll
[2012/01/04 13:23:33 | 000,026,112 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\EXCH_seos.dll
[2012/01/04 13:23:32 | 000,057,856 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\EXCH_scripto.dll
[2012/01/04 13:23:32 | 000,009,728 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\rwnh.dll
[2012/01/04 13:23:31 | 000,079,872 | ---- | C] (Ricoh Co., Ltd.) -- C:\WINDOWS\System32\dllcache\rwia330.dll
[2012/01/04 13:23:31 | 000,079,872 | ---- | C] (Ricoh Co., Ltd.) -- C:\WINDOWS\System32\dllcache\rwia001.dll
[2012/01/04 13:23:31 | 000,029,184 | ---- | C] (Ricoh Co., Ltd.) -- C:\WINDOWS\System32\dllcache\rw330ext.dll
[2012/01/04 13:23:31 | 000,027,648 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\rw001ext.dll
[2012/01/04 13:23:30 | 000,026,112 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\romanime.ime
[2012/01/04 13:23:30 | 000,004,096 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\rpcref.dll
[2012/01/04 13:23:29 | 000,023,040 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\EXCH_regtrace.exe
[2012/01/04 13:23:29 | 000,014,848 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\register.exe
[2012/01/04 13:23:27 | 000,020,736 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\ramdisk.sys
[2012/01/04 13:23:27 | 000,016,384 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\quser.exe
[2012/01/04 13:23:26 | 000,077,824 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\quick.ime
[2012/01/04 13:23:26 | 000,009,728 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\query.exe
[2012/01/04 13:23:25 | 000,007,680 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\pwsdata.dll
[2012/01/04 13:23:24 | 000,131,584 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\pmxviceo.dll
[2012/01/04 13:23:24 | 000,011,264 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\pmxmcro.dll
[2012/01/04 13:23:24 | 000,006,144 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\pmxgl.dll
[2012/01/04 13:23:23 | 000,482,304 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\pintlgnt.ime
[2012/01/04 13:23:23 | 000,070,144 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\pintlphr.exe
[2012/01/04 13:23:23 | 000,067,584 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\pmigrate.dll
[2012/01/04 13:23:23 | 000,053,760 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\pintlcsd.dll
[2012/01/04 13:23:22 | 000,079,360 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\phon.ime
[2012/01/04 13:23:22 | 000,020,992 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\permchk.dll
[2012/01/04 13:23:21 | 000,031,744 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\pagecnt.dll
[2012/01/04 13:23:21 | 000,015,360 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\padrs804.dll
[2012/01/04 13:23:21 | 000,014,336 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\padrs412.dll
[2012/01/04 13:23:20 | 000,036,927 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\padrs411.dll
[2012/01/04 13:23:20 | 000,015,872 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\padrs404.dll
[2012/01/04 13:23:17 | 000,044,544 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\nsepm.dll
[2012/01/04 13:23:17 | 000,038,912 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\EXCH_ntfsdrv.dll
[2012/01/04 13:23:16 | 000,053,248 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\nextlink.dll
[2012/01/04 13:23:13 | 000,229,439 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\multibox.dll
[2012/01/04 13:23:13 | 000,119,808 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\mtstocom.exe
[2012/01/04 13:23:09 | 001,875,968 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\msir3jp.lex
[2012/01/04 13:23:09 | 000,098,304 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\msir3jp.dll
[2012/01/04 13:23:02 | 000,007,680 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\migregdb.exe
[2012/01/04 13:23:01 | 000,092,416 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\mga.sys
[2012/01/04 13:23:01 | 000,092,032 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\mga.dll
[2012/01/04 13:23:01 | 000,085,504 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\metada51.dll
[2012/01/04 13:23:01 | 000,026,624 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\mdsync.dll
[2012/01/04 13:23:00 | 000,037,888 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\md5filt.dll
[2012/01/04 13:22:59 | 000,065,536 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\EXCH_mailmsg.dll
[2012/01/04 13:22:59 | 000,022,528 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\lpdsvc.dll
[2012/01/04 13:22:59 | 000,018,944 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\lprmon.dll
[2012/01/04 13:22:58 | 000,022,016 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\logscrpt.dll
[2012/01/04 13:22:58 | 000,013,312 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\lonsint.dll
[2012/01/04 13:22:57 | 000,033,792 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\lmmib2.dll
[2012/01/04 13:22:56 | 000,070,656 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\korwbrkr.dll
[2012/01/04 13:22:55 | 000,006,144 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kbdth3.dll
[2012/01/04 13:22:55 | 000,006,144 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kbdth2.dll
[2012/01/04 13:22:55 | 000,005,632 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kbdvntc.dll
[2012/01/04 13:22:55 | 000,005,632 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kbdusa.dll
[2012/01/04 13:22:55 | 000,005,632 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kbdurdu.dll
[2012/01/04 13:22:54 | 000,009,216 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kbdnecat.dll
[2012/01/04 13:22:54 | 000,007,680 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kbdnecnt.dll
[2012/01/04 13:22:54 | 000,005,632 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kbdth1.dll
[2012/01/04 13:22:54 | 000,005,632 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kbdth0.dll
[2012/01/04 13:22:54 | 000,005,632 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kbdsyr2.dll
[2012/01/04 13:22:54 | 000,005,632 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kbdsyr1.dll
[2012/01/04 13:22:53 | 000,007,168 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kbdnec95.dll
[2012/01/04 13:22:53 | 000,006,656 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kbdlk41a.dll
[2012/01/04 13:22:53 | 000,006,144 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kbdlk41j.dll
[2012/01/04 13:22:53 | 000,005,632 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kbdintel.dll
[2012/01/04 13:22:53 | 000,005,632 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kbdintam.dll
[2012/01/04 13:22:52 | 000,007,168 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kbdibm02.dll
[2012/01/04 13:22:52 | 000,006,144 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kbdinpun.dll
[2012/01/04 13:22:52 | 000,005,632 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kbdinmar.dll
[2012/01/04 13:22:52 | 000,005,632 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kbdinkan.dll
[2012/01/04 13:22:52 | 000,005,632 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kbdinhin.dll
[2012/01/04 13:22:52 | 000,005,632 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kbdinguj.dll
[2012/01/04 13:22:52 | 000,005,632 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kbdindev.dll
[2012/01/04 13:22:51 | 000,005,632 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kbdheb.dll
[2012/01/04 13:22:51 | 000,005,632 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kbdfa.dll
[2012/01/04 13:22:51 | 000,005,632 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kbddiv2.dll
[2012/01/04 13:22:51 | 000,005,632 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kbddiv1.dll
[2012/01/04 13:22:51 | 000,005,120 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kbdgeo.dll
[2012/01/04 13:22:50 | 000,006,144 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kbdax2.dll
[2012/01/04 13:22:50 | 000,005,632 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kbda3.dll
[2012/01/04 13:22:50 | 000,005,632 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kbda2.dll
[2012/01/04 13:22:50 | 000,005,120 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kbdarmw.dll
[2012/01/04 13:22:50 | 000,005,120 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kbdarme.dll
[2012/01/04 13:22:49 | 000,018,432 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\jupiw.dll
[2012/01/04 13:22:49 | 000,009,216 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\iwrps.dll
[2012/01/04 13:22:49 | 000,006,144 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kbd106n.dll
[2012/01/04 13:22:49 | 000,006,144 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kbd101a.dll
[2012/01/04 13:22:49 | 000,006,144 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kbd101.dll
[2012/01/04 13:22:49 | 000,005,632 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kbda1.dll
[2012/01/04 13:22:48 | 000,035,328 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\iprip.dll
[2012/01/04 13:22:48 | 000,026,624 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\iscomlog.dll
[2012/01/04 13:22:48 | 000,007,168 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\isapips.dll
[2012/01/04 13:22:47 | 000,257,024 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\infocomm.dll
[2012/01/04 13:22:47 | 000,008,704 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\infoctrs.dll
[2012/01/04 13:22:46 | 000,471,102 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\imskdic.dll
[2012/01/04 13:22:46 | 000,315,455 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\imskf.dll
[2012/01/04 13:22:46 | 000,015,360 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\inetin51.exe
[2012/01/04 13:22:45 | 000,274,489 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\imjputyc.dll
[2012/01/04 13:22:45 | 000,262,200 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\imjputy.exe
[2012/01/04 13:22:45 | 000,102,456 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\imlang.dll
[2012/01/04 13:22:45 | 000,059,904 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\imkrinst.exe
[2012/01/04 13:22:45 | 000,045,109 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\imjpuex.exe
[2012/01/04 13:22:44 | 000,307,257 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\imjpdct.exe
[2012/01/04 13:22:44 | 000,233,527 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\imjprw.exe
[2012/01/04 13:22:44 | 000,208,952 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\imjpmig.exe
[2012/01/04 13:22:44 | 000,155,705 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\imjpdsvr.exe
[2012/01/04 13:22:44 | 000,081,976 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\imjpdct.dll
[2012/01/04 13:22:44 | 000,057,398 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\imjpdadm.exe
[2012/01/04 13:22:43 | 000,811,064 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\imjp81k.dll
[2012/01/04 13:22:43 | 000,716,856 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\imjpcus.dll
[2012/01/04 13:22:43 | 000,368,696 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\imjpcic.dll
[2012/01/04 13:22:42 | 000,340,023 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\imjp81.ime
[2012/01/04 13:22:42 | 000,311,359 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\imepadsv.exe
[2012/01/04 13:22:42 | 000,106,496 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\imekrcic.dll
[2012/01/04 13:22:42 | 000,102,463 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\imepadsm.dll
[2012/01/04 13:22:42 | 000,094,720 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\imekr61.ime
[2012/01/04 13:22:42 | 000,086,016 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\imekrmbx.dll
[2012/01/04 13:22:42 | 000,044,032 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\imekrmig.exe
[2012/01/04 13:22:41 | 000,079,872 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\iislog51.dll
[2012/01/04 13:22:41 | 000,060,928 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\iisclex4.dll
[2012/01/04 13:22:41 | 000,019,456 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\iiscrmap.dll
[2012/01/04 13:22:41 | 000,007,168 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\iisfecnv.dll
[2012/01/04 13:22:41 | 000,006,656 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\iissync.exe
[2012/01/04 13:22:41 | 000,003,584 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\iismui.dll
[2012/01/04 13:22:40 | 000,145,408 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\iische51.dll
[2012/01/04 13:22:40 | 000,025,088 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\iisadmin.dll
[2012/01/04 13:22:36 | 010,129,408 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\hwxkor.dll
[2012/01/04 13:22:28 | 010,096,640 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\hwxcht.dll
[2012/01/04 13:22:28 | 000,061,440 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\httpod51.dll
[2012/01/04 13:22:27 | 000,268,288 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\httpext.dll
[2012/01/04 13:22:27 | 000,039,936 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\hostmib.dll
[2012/01/04 13:22:27 | 000,008,192 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\httpmb51.dll
[2012/01/04 13:22:26 | 000,036,864 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\hanjadic.dll
[2012/01/04 13:22:25 | 000,032,256 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\gzip.dll
[2012/01/04 13:22:24 | 000,400,384 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\fxsxp32.dll
[2012/01/04 13:22:24 | 000,397,312 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\fxstiff.dll
[2012/01/04 13:22:24 | 000,267,776 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\fxssvc.exe
[2012/01/04 13:22:24 | 000,246,272 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\fxst30.dll
[2012/01/04 13:22:24 | 000,192,512 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\fxswzrd.dll
[2012/01/04 13:22:24 | 000,154,112 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\fxsui.dll
[2012/01/04 13:22:23 | 000,562,176 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\fxsst.dll
[2012/01/04 13:22:23 | 000,055,296 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\fxsevent.dll
[2012/01/04 13:22:23 | 000,031,744 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\fxsroute.dll
[2012/01/04 13:22:23 | 000,026,624 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\fxsdrv.dll
[2012/01/04 13:22:23 | 000,023,552 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\fxsmon.dll
[2012/01/04 13:22:23 | 000,023,552 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\fxsext32.dll
[2012/01/04 13:22:23 | 000,011,264 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\fxssend.exe
[2012/01/04 13:22:23 | 000,008,704 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\fxsperf.dll
[2012/01/04 13:22:23 | 000,006,656 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\fxsres.dll
[2012/01/04 13:22:22 | 000,451,584 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\fxsapi.dll
[2012/01/04 13:22:22 | 000,285,184 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\fxscomex.dll
[2012/01/04 13:22:22 | 000,229,376 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\fxscover.exe
[2012/01/04 13:22:22 | 000,142,848 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\fxsclnt.exe
[2012/01/04 13:22:22 | 000,132,608 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\fxsclntr.dll
[2012/01/04 13:22:22 | 000,111,104 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\fxscfgwz.dll
[2012/01/04 13:22:22 | 000,072,192 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\fxscom.dll
[2012/01/04 13:22:21 | 000,125,952 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\ftpsv251.dll
[2012/01/04 13:22:21 | 000,007,680 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\ftpctrs2.dll
[2012/01/04 13:22:21 | 000,006,144 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\ftpmib.dll
[2012/01/04 13:22:21 | 000,006,144 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\ftlx041e.dll
[2012/01/04 13:22:20 | 000,024,632 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\fpadmcgi.exe
[2012/01/04 13:22:20 | 000,020,541 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\fpadmdll.dll
[2012/01/04 13:22:19 | 000,014,848 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\flattemp.exe
[2012/01/04 13:22:18 | 000,043,520 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\EXCH_fcachdll.dll
[2012/01/04 13:22:18 | 000,014,336 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\exstrace.dll
[2012/01/04 13:22:18 | 000,007,168 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\f3ahvoas.dll
[2012/01/04 13:22:17 | 000,101,888 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\evntagnt.dll
[2012/01/04 13:22:17 | 000,092,160 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\evntwin.exe
[2012/01/04 13:22:17 | 000,045,056 | ---- | C] (SEIKO EPSON CORP.) -- C:\WINDOWS\System32\dllcache\esunid.dll
[2012/01/04 13:22:17 | 000,025,856 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\et4000.sys
[2012/01/04 13:22:17 | 000,024,064 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\evntcmd.exe
[2012/01/04 13:22:16 | 000,057,856 | ---- | C] (SEIKO EPSON CORP.) -- C:\WINDOWS\System32\dllcache\esuimgd.dll
[2012/01/04 13:22:16 | 000,031,744 | ---- | C] (SEIKO EPSON CORP.) -- C:\WINDOWS\System32\dllcache\esucmd.dll
[2012/01/04 13:22:09 | 000,078,848 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\dayi.ime
[2012/01/04 13:22:08 | 000,042,496 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\davcdata.exe
[2012/01/04 13:22:07 | 000,057,399 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\cplexe.exe
[2012/01/04 13:22:07 | 000,018,944 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\cprofile.exe
[2012/01/04 13:22:06 | 000,056,320 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\convlog.exe
[2012/01/04 13:22:06 | 000,033,792 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\controt.dll
[2012/01/04 13:22:06 | 000,020,480 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\counters.dll
[2012/01/04 13:22:05 | 000,024,064 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\compfilt.dll
[2012/01/04 13:22:04 | 000,480,256 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\cintsetp.exe
[2012/01/04 13:22:03 | 000,198,656 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\cintime.dll
[2012/01/04 13:22:03 | 000,097,792 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\chtmbx.dll
[2012/01/04 13:22:03 | 000,056,320 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\chtskdic.dll
[2012/01/04 13:22:03 | 000,021,504 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\cintlgnt.ime
[2012/01/04 13:22:02 | 001,677,824 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\chsbrkr.dll
[2012/01/04 13:22:02 | 000,838,144 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\chtbrkr.dll
[2012/01/04 13:22:01 | 000,078,336 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\chajei.ime
[2012/01/04 13:22:01 | 000,015,872 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\chgport.exe
[2012/01/04 13:22:01 | 000,014,336 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\chgusr.exe
[2012/01/04 13:22:01 | 000,013,312 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\chglogon.exe
[2012/01/04 13:22:01 | 000,009,728 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\change.exe
[2012/01/04 13:22:00 | 000,054,528 | ---- | C] (Philips Semiconductors GmbH) -- C:\WINDOWS\System32\dllcache\cap7146.sys
[2012/01/04 13:21:59 | 000,218,112 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\c_g18030.dll
[2012/01/04 13:21:59 | 000,010,752 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\c_iscii.dll
[2012/01/04 13:21:59 | 000,006,656 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\c_is2022.dll
[2012/01/04 13:21:51 | 000,045,568 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\browscap.dll
[2012/01/04 13:21:49 | 000,009,216 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\authfilt.dll
[2012/01/04 13:21:48 | 000,029,184 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\asptxn.dll
[2012/01/04 13:21:48 | 000,010,240 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\aspperf.dll
[2012/01/04 13:21:47 | 000,369,664 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\asp51.dll
[2012/01/04 13:21:47 | 000,331,264 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\aqueue.dll
[2012/01/04 13:21:46 | 000,108,544 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\appconf.dll
[2012/01/04 13:21:46 | 000,045,056 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\EXCH_aqadmin.dll
[2012/01/04 13:21:45 | 000,019,456 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\agt0804.dll
[2012/01/04 13:21:45 | 000,019,456 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\agt0412.dll
[2012/01/04 13:21:45 | 000,019,456 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\agt0411.dll
[2012/01/04 13:21:45 | 000,019,456 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\agt040d.dll
[2012/01/04 13:21:45 | 000,019,456 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\agt0404.dll
[2012/01/04 13:21:44 | 000,019,456 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\agt0401.dll
[2012/01/04 13:21:43 | 000,049,664 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\adrot.dll
[2012/01/04 13:21:43 | 000,006,144 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\admxprox.dll
[2012/01/04 13:21:43 | 000,005,632 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\EXCH_adsiisex.dll
[2012/01/04 13:21:42 | 000,029,696 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\admexs.dll
[2012/01/04 13:21:38 | 000,016,384 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\tcptsat.dll
[2012/01/04 13:21:38 | 000,007,168 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\wamregps.dll
[2012/01/04 13:21:37 | 002,134,528 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\smtpsnap.dll
[2012/01/04 13:21:37 | 000,032,827 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\tcptest.exe
[2012/01/04 13:21:37 | 000,008,192 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\staxmem.dll
[2012/01/04 13:21:36 | 000,189,440 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\smtpadm.dll
[2012/01/04 13:21:36 | 000,020,536 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\shtml.dll
[2012/01/04 13:21:36 | 000,016,437 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\shtml.exe
[2012/01/04 13:21:32 | 000,076,800 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\logui.ocx
[2012/01/04 13:21:31 | 000,068,608 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\isatq.dll
[2012/01/04 13:21:31 | 000,019,968 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\inetsloc.dll
[2012/01/04 13:21:31 | 000,013,312 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\infoadmn.dll
[2012/01/04 13:21:31 | 000,007,680 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\inetmgr.exe
[2012/01/04 13:21:30 | 000,829,440 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\inetmgr.dll
[2012/01/04 13:21:30 | 000,169,984 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\iisui.dll
[2012/01/04 13:21:30 | 000,133,632 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\iisrtl.dll
[2012/01/04 13:21:30 | 000,030,720 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\iisrstas.exe
[2012/01/04 13:21:30 | 000,014,336 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\iisreset.exe
[2012/01/04 13:21:30 | 000,005,632 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\iisrstap.dll
[2012/01/04 13:21:29 | 000,068,608 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\iisext51.dll
[2012/01/04 13:21:29 | 000,064,512 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\iismap.dll
[2012/01/04 13:21:29 | 000,020,538 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\fpremadm.exe
[2012/01/04 13:21:29 | 000,006,144 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\ftpsapi2.dll
[2012/01/04 13:21:28 | 000,598,071 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\fpmmc.dll
[2012/01/04 13:21:28 | 000,208,896 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\fpmmcsat.dll
[2012/01/04 13:21:28 | 000,188,494 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\fpcount.exe
[2012/01/04 13:21:28 | 000,109,328 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\fp98swin.exe
[2012/01/04 13:21:28 | 000,020,541 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\fpexedll.dll
[2012/01/04 13:21:27 | 000,876,653 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\fp4awel.dll
[2012/01/04 13:21:27 | 000,102,509 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\fp4atxt.dll
[2012/01/04 13:21:27 | 000,049,212 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\fp4awebs.dll
[2012/01/04 13:21:27 | 000,049,210 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\fp4areg.dll
[2012/01/04 13:21:27 | 000,041,020 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\fp4avnb.dll
[2012/01/04 13:21:27 | 000,032,826 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\fp4avss.dll
[2012/01/04 13:21:27 | 000,014,608 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\fp98sadm.exe
[2012/01/04 13:21:26 | 000,184,435 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\fp4amsft.dll
[2012/01/04 13:21:26 | 000,147,513 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\fp4apws.dll
[2012/01/04 13:21:26 | 000,082,035 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\fp4anscp.dll
[2012/01/04 13:21:25 | 000,275,968 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\certwiz.ocx
[2012/01/04 13:21:25 | 000,188,480 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\cfgwiz.exe
[2012/01/04 13:21:25 | 000,076,288 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\cnfgprts.ocx
[2012/01/04 13:21:25 | 000,046,592 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\coadmin.dll
[2012/01/04 13:21:24 | 000,094,720 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\certmap.ocx
[2012/01/04 13:21:24 | 000,020,540 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\author.dll
[2012/01/04 13:21:24 | 000,016,439 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\author.exe
[2012/01/04 13:21:23 | 000,290,816 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\adsiis51.dll
[2012/01/04 13:21:23 | 000,043,520 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\admwprox.dll
[2012/01/04 13:21:23 | 000,016,439 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\admin.exe
[2012/01/04 13:21:21 | 000,020,540 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\admin.dll
[2012/01/04 13:19:31 | 000,000,000 | -H-D | C] -- C:\Program Files\WindowsUpdate
[2012/01/04 13:19:21 | 000,016,384 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\isignup.exe
[2012/01/04 13:07:49 | 000,024,661 | ---- | C] (Perle Systems Ltd.) -- C:\WINDOWS\System32\spxcoins.dll
[2012/01/04 13:07:49 | 000,024,661 | ---- | C] (Perle Systems Ltd.) -- C:\WINDOWS\System32\dllcache\spxcoins.dll
[2012/01/04 13:07:49 | 000,013,312 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\irclass.dll
[2012/01/04 13:07:49 | 000,013,312 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\irclass.dll
[2012/01/03 17:20:13 | 000,000,000 | ---D | C] -- C:\WINDOWS\Dell
[2012/01/03 14:44:14 | 000,000,000 | ---D | C] -- C:\Documents and Settings\AdminFolder\Application Data\Mozilla
[2012/01/03 14:44:10 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Mozilla Firefox
[2012/01/03 14:44:05 | 000,000,000 | ---D | C] -- C:\Program Files\Mozilla Firefox
[2012/01/03 14:38:55 | 000,020,568 | ---- | C] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswFsBlk.sys
[2012/01/03 14:38:55 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\avast! Internet Security
[2012/01/03 14:38:54 | 000,314,456 | ---- | C] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswSP.sys
[2012/01/03 14:38:52 | 000,111,320 | ---- | C] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswFW.sys
[2012/01/03 14:38:35 | 000,195,416 | ---- | C] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswNdis2.sys
[2012/01/03 14:38:35 | 000,034,392 | ---- | C] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswRdr.sys
[2012/01/03 14:38:34 | 000,435,032 | ---- | C] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswSnx.sys
[2012/01/03 14:38:34 | 000,111,320 | ---- | C] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswmon2.sys
[2012/01/03 14:38:34 | 000,105,176 | ---- | C] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswmon.sys
[2012/01/03 14:38:34 | 000,052,952 | ---- | C] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswTdi.sys
[2012/01/03 14:38:33 | 000,030,808 | ---- | C] (AVAST Software) -- C:\WINDOWS\System32\drivers\aavmker4.sys
[2012/01/03 14:38:15 | 000,041,184 | ---- | C] (AVAST Software) -- C:\WINDOWS\avastSS.scr
[2012/01/03 14:38:15 | 000,012,112 | ---- | C] (ALWIL Software) -- C:\WINDOWS\System32\drivers\aswNdis.sys
[2012/01/03 14:38:14 | 000,199,816 | ---- | C] (AVAST Software) -- C:\WINDOWS\System32\aswBoot.exe
[2012/01/03 14:11:22 | 000,098,392 | ---- | C] (Sunbelt Software) -- C:\WINDOWS\System32\drivers\SBREDrv.sys
[2012/01/03 14:11:22 | 000,027,984 | ---- | C] (Sunbelt Software) -- C:\WINDOWS\System32\sbbd.exe
[2012/01/03 14:11:10 | 000,000,000 | ---D | C] -- C:\VIPRERESCUE
[2012/01/03 12:44:37 | 000,000,000 | ---D | C] -- C:\WINDOWS\TEMP
[2012/01/03 12:21:26 | 000,000,000 | -HSD | C] -- C:\RECYCLER
[2012/01/02 23:43:22 | 000,094,896 | ---- | C] (Kaspersky Lab, GERT) -- C:\WINDOWS\System32\drivers\00204924.sys
[2012/01/02 21:36:53 | 000,094,896 | ---- | C] (Kaspersky Lab, GERT) -- C:\WINDOWS\System32\drivers\92589504.sys
[2012/01/02 20:18:59 | 000,000,000 | RHSD | C] -- C:\cmdcons
[2012/01/02 14:05:39 | 000,000,000 | ---D | C] -- C:\Documents and Settings\AdminFolder\My Documents\Downloads
[2012/01/02 14:02:30 | 000,000,000 | ---D | C] -- C:\Documents and Settings\AdminFolder\My Documents\Personal
[2012/01/02 13:56:33 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Glary Utilities
[2012/01/02 13:56:28 | 000,000,000 | ---D | C] -- C:\Program Files\Glary Utilities
[2012/01/01 23:03:25 | 000,094,896 | ---- | C] (Kaspersky Lab, GERT) -- C:\WINDOWS\System32\drivers\95987715.sys
[2011/12/31 17:01:37 | 000,157,472 | ---- | C] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\javaws.exe
[2011/12/31 17:01:37 | 000,149,280 | ---- | C] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\javaw.exe
[2011/12/31 17:01:37 | 000,149,280 | ---- | C] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\java.exe
[2011/12/30 20:58:12 | 000,026,872 | ---- | C] (Symantec Corporation) -- C:\WINDOWS\System32\drivers\FixTDSS.sys
[2011/12/28 22:00:28 | 000,000,000 | ---D | C] -- C:\Documents and Settings\AdminFolder\My Documents\ConvertXToDVD
[2011/12/21 14:49:33 | 000,000,000 | ---D | C] -- C:\Program Files\AVAST Software
[2011/12/13 09:19:05 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Microsoft Office
[2011/12/13 09:18:26 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft Works
[2011/12/13 09:18:08 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft Visual Studio
[2011/12/13 09:14:57 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft Office
[2011/12/13 09:14:34 | 000,000,000 | R--D | C] -- C:\MSOCache
[2011/12/12 19:50:25 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\PowerISO
[2011/12/12 19:49:56 | 000,000,000 | ---D | C] -- C:\Program Files\PowerISO
[2011/09/26 20:40:06 | 000,585,728 | ---- | C] ( ) -- C:\WINDOWS\System32\dlbalmpm.dll
[2011/06/27 17:38:05 | 000,659,456 | ---- | C] (Speed Guide Inc.) -- C:\Program Files\TCPOptimizer.exe

========== Files - Modified Within 30 Days ==========

[2012/01/05 10:59:29 | 000,071,398 | ---- | M] (jpshortstuff) -- C:\Documents and Settings\AdminFolder\Desktop\GooredFix.exe
[2012/01/05 10:57:43 | 000,584,192 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\AdminFolder\Desktop\OTL.exe
[2012/01/05 10:39:40 | 000,069,662 | ---- | M] () -- C:\Documents and Settings\AdminFolder\Desktop\PageDefrag.zip
[2012/01/05 10:36:58 | 000,094,896 | ---- | M] (Kaspersky Lab, GERT) -- C:\WINDOWS\System32\drivers\10934858.sys
[2012/01/05 10:19:13 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2012/01/05 00:23:21 | 000,002,206 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2012/01/04 23:59:41 | 000,414,368 | ---- | M] (Adobe Systems Incorporated) -- C:\WINDOWS\System32\FlashPlayerCPLApp.cpl
[2012/01/04 23:50:33 | 022,515,712 | ---- | M] () -- C:\WINDOWS\System32\BWUZS
[2012/01/04 23:39:41 | 000,094,896 | ---- | M] (Kaspersky Lab, GERT) -- C:\WINDOWS\System32\drivers\36750365.sys
[2012/01/04 23:24:06 | 000,002,459 | ---- | M] () -- C:\Documents and Settings\AdminFolder\Desktop\HiJackThis.lnk
[2012/01/04 14:27:24 | 000,000,221 | -HS- | M] () -- C:\boot.ini
[2012/01/04 14:27:10 | 000,434,638 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2012/01/04 14:27:10 | 000,068,832 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2012/01/04 14:07:15 | 000,216,856 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2012/01/04 13:24:45 | 000,000,287 | ---- | M] () -- C:\WINDOWS\System32\$winnt$.inf
[2012/01/04 13:20:49 | 000,316,640 | ---- | M] () -- C:\WINDOWS\WMSysPr9.prx
[2012/01/04 13:20:47 | 000,023,392 | ---- | M] () -- C:\WINDOWS\System32\nscompat.tlb
[2012/01/04 13:20:47 | 000,016,832 | ---- | M] () -- C:\WINDOWS\System32\amcompat.tlb
[2012/01/04 13:20:35 | 000,004,161 | ---- | M] () -- C:\WINDOWS\ODBCINST.INI
[2012/01/04 13:18:13 | 000,022,748 | ---- | M] () -- C:\WINDOWS\System32\emptyregdb.dat
[2012/01/03 14:44:11 | 000,001,620 | ---- | M] () -- C:\Documents and Settings\AdminFolder\Application Data\Microsoft\Internet Explorer\Quick Launch\Mozilla Firefox.lnk
[2012/01/03 14:44:10 | 000,001,602 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Mozilla Firefox.lnk
[2012/01/03 14:38:55 | 000,001,689 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\avast! Internet Security.lnk
[2012/01/03 14:38:34 | 000,002,625 | ---- | M] () -- C:\WINDOWS\System32\CONFIG.NT
[2012/01/03 14:01:06 | 000,000,009 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts
[2012/01/03 09:56:56 | 000,000,664 | ---- | M] () -- C:\WINDOWS\System32\d3d9caps.dat
[2012/01/02 23:43:22 | 000,094,896 | ---- | M] (Kaspersky Lab, GERT) -- C:\WINDOWS\System32\drivers\00204924.sys
[2012/01/02 21:36:53 | 000,094,896 | ---- | M] (Kaspersky Lab, GERT) -- C:\WINDOWS\System32\drivers\92589504.sys
[2012/01/02 13:56:34 | 000,000,741 | ---- | M] () -- C:\Documents and Settings\AdminFolder\Desktop\Glary Utilities.lnk
[2012/01/01 23:03:25 | 000,094,896 | ---- | M] (Kaspersky Lab, GERT) -- C:\WINDOWS\System32\drivers\95987715.sys
[2012/01/01 00:51:07 | 001,558,406 | ---- | M] () -- C:\Documents and Settings\AdminFolder\Desktop\tdsskiller.zip
[2011/12/30 20:58:12 | 000,026,872 | ---- | M] (Symantec Corporation) -- C:\WINDOWS\System32\drivers\FixTDSS.sys
[2011/12/29 21:18:23 | 000,001,908 | ---- | M] () -- C:\WINDOWS\diagwrn.xml
[2011/12/29 21:18:23 | 000,001,908 | ---- | M] () -- C:\WINDOWS\diagerr.xml
[2011/12/23 08:39:01 | 000,000,682 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\CCleaner.lnk
[2011/12/19 00:48:12 | 000,025,992 | ---- | M] (Sysinternals - www.sysinternals.com) -- C:\WINDOWS\System32\pgdfgsvc.exe
[2011/12/13 21:19:03 | 000,001,552 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\ImgBurn.lnk
[2011/12/12 21:46:33 | 000,000,804 | ---- | M] () -- C:\Documents and Settings\AdminFolder\Application Data\Microsoft\Internet Explorer\Quick Launch\Windows Media Player.lnk
[2011/12/12 19:50:25 | 000,000,682 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\PowerISO.lnk

========== Files Created - No Company Name ==========

[2012/01/05 10:39:39 | 000,069,662 | ---- | C] () -- C:\Documents and Settings\AdminFolder\Desktop\PageDefrag.zip
[2012/01/04 23:49:59 | 022,515,712 | ---- | C] () -- C:\WINDOWS\System32\BWUZS
[2012/01/04 13:23:22 | 000,175,104 | ---- | C] () -- C:\WINDOWS\System32\dllcache\pintlcsa.dll
[2012/01/04 13:22:56 | 001,158,818 | ---- | C] () -- C:\WINDOWS\System32\dllcache\korwbrkr.lex
[2012/01/04 13:22:45 | 000,059,392 | ---- | C] () -- C:\WINDOWS\System32\dllcache\imscinst.exe
[2012/01/04 13:22:44 | 000,196,665 | ---- | C] () -- C:\WINDOWS\System32\dllcache\imjpinst.exe
[2012/01/04 13:22:42 | 000,134,339 | ---- | C] () -- C:\WINDOWS\System32\dllcache\imekr.lex
[2012/01/04 13:22:31 | 013,463,552 | ---- | C] () -- C:\WINDOWS\System32\dllcache\hwxjpn.dll
[2012/01/04 13:22:26 | 000,108,827 | ---- | C] () -- C:\WINDOWS\System32\dllcache\hanja.lex
[2012/01/04 13:22:20 | 000,094,208 | ---- | C] () -- C:\WINDOWS\System32\dllcache\fpencode.dll
[2012/01/04 13:22:03 | 000,173,568 | ---- | C] () -- C:\WINDOWS\System32\dllcache\chtskf.dll
[2012/01/04 13:07:57 | 000,004,161 | ---- | C] () -- C:\WINDOWS\ODBCINST.INI
[2012/01/04 13:07:26 | 000,399,645 | ---- | C] () -- C:\WINDOWS\System32\dllcache\MAPIMIG.CAT
[2012/01/04 13:07:26 | 000,144,484 | ---- | C] () -- C:\WINDOWS\System32\dllcache\netfx.cat
[2012/01/04 13:07:26 | 000,112,918 | ---- | C] () -- C:\WINDOWS\System32\dllcache\tabletpc.cat
[2012/01/04 13:07:26 | 000,037,484 | ---- | C] () -- C:\WINDOWS\System32\dllcache\MW770.CAT
[2012/01/04 13:07:26 | 000,034,747 | ---- | C] () -- C:\WINDOWS\System32\dllcache\mediactr.cat
[2012/01/04 13:07:26 | 000,034,063 | ---- | C] () -- C:\WINDOWS\System32\dllcache\FP4.CAT
[2012/01/04 13:07:26 | 000,026,991 | ---- | C] () -- C:\WINDOWS\System32\dllcache\msn7.cat
[2012/01/04 13:07:26 | 000,016,535 | ---- | C] () -- C:\WINDOWS\System32\dllcache\IMS.CAT
[2012/01/04 13:07:26 | 000,014,433 | ---- | C] () -- C:\WINDOWS\System32\dllcache\msn9.cat
[2012/01/04 13:07:26 | 000,013,472 | ---- | C] () -- C:\WINDOWS\System32\dllcache\HPCRDP.CAT
[2012/01/04 13:07:26 | 000,012,363 | ---- | C] () -- C:\WINDOWS\System32\dllcache\MSMSGS.CAT
[2012/01/04 13:07:26 | 000,010,027 | ---- | C] () -- C:\WINDOWS\System32\dllcache\MSTSWEB.CAT
[2012/01/04 13:07:26 | 000,008,574 | ---- | C] () -- C:\WINDOWS\System32\dllcache\IASNT4.CAT
[2012/01/04 13:07:26 | 000,007,382 | ---- | C] () -- C:\WINDOWS\System32\dllcache\OEMBIOS.CAT
[2012/01/04 13:07:25 | 002,144,487 | ---- | C] () -- C:\WINDOWS\System32\dllcache\NT5.CAT
[2012/01/04 13:07:25 | 001,296,669 | ---- | C] () -- C:\WINDOWS\System32\dllcache\SP3.CAT
[2012/01/04 13:07:25 | 000,797,189 | ---- | C] () -- C:\WINDOWS\System32\dllcache\NT5IIS.CAT
[2012/01/04 13:07:25 | 000,522,220 | ---- | C] () -- C:\WINDOWS\System32\dllcache\NT5INF.CAT
[2012/01/03 14:44:11 | 000,001,620 | ---- | C] () -- C:\Documents and Settings\AdminFolder\Application Data\Microsoft\Internet Explorer\Quick Launch\Mozilla Firefox.lnk
[2012/01/03 14:44:10 | 000,001,602 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Mozilla Firefox.lnk
[2012/01/03 14:38:55 | 000,001,689 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\avast! Internet Security.lnk
[2012/01/02 13:56:34 | 000,000,741 | ---- | C] () -- C:\Documents and Settings\AdminFolder\Desktop\Glary Utilities.lnk
[2012/01/01 00:51:03 | 001,558,406 | ---- | C] () -- C:\Documents and Settings\AdminFolder\Desktop\tdsskiller.zip
[2011/12/30 20:52:36 | 000,001,986 | ---- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\MSN.lnk
[2011/12/23 08:39:01 | 000,000,682 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\CCleaner.lnk
[2011/12/15 21:04:01 | 000,001,908 | ---- | C] () -- C:\WINDOWS\diagwrn.xml
[2011/12/15 21:04:01 | 000,001,908 | ---- | C] () -- C:\WINDOWS\diagerr.xml
[2011/12/12 21:46:33 | 000,000,804 | ---- | C] () -- C:\Documents and Settings\AdminFolder\Application Data\Microsoft\Internet Explorer\Quick Launch\Windows Media Player.lnk
[2011/12/12 19:49:58 | 000,000,682 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\PowerISO.lnk
[2011/11/29 22:42:16 | 000,001,708 | ---- | C] () -- C:\Program Files\sg_backup_2011-11-29-2242.spg
[2011/11/27 19:47:19 | 000,216,856 | ---- | C] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2011/11/21 00:16:00 | 000,001,708 | ---- | C] () -- C:\Program Files\sg_backup_2011-11-21-0016.spg
[2011/11/15 12:17:00 | 000,000,664 | ---- | C] () -- C:\WINDOWS\System32\d3d9caps.dat
[2011/11/13 23:09:41 | 000,001,708 | ---- | C] () -- C:\Program Files\sg_backup_2011-11-13-2309.spg
[2011/11/13 23:09:41 | 000,001,708 | ---- | C] () -- C:\Program Files\FirstBackup.spg
[2011/11/06 10:54:08 | 000,102,859 | ---- | C] () -- C:\WINDOWS\HPFins09.dat
[2011/11/06 10:54:08 | 000,003,732 | ---- | C] () -- C:\WINDOWS\hpfmdl09.dat
[2011/11/06 10:53:32 | 000,077,824 | ---- | C] () -- C:\WINDOWS\System32\hpzids01.dll
[2011/10/15 17:49:43 | 000,837,192 | ---- | C] () -- C:\WINDOWS\System32\pbsvc.exe
[2011/09/28 20:06:26 | 000,017,136 | ---- | C] () -- C:\WINDOWS\System32\sasnative32.exe
[2011/09/27 20:03:34 | 000,000,082 | ---- | C] () -- C:\WINDOWS\wininit.ini
[2011/09/20 20:55:02 | 000,000,000 | ---- | C] () -- C:\WINDOWS\vtpwra.INI
[2011/09/20 20:07:28 | 000,269,312 | ---- | C] () -- C:\WINDOWS\System32\FPXIG.DLL
[2011/09/20 20:07:28 | 000,068,096 | ---- | C] () -- C:\WINDOWS\System32\IGFPX32P.DLL
[2011/09/20 20:07:28 | 000,065,024 | ---- | C] () -- C:\WINDOWS\System32\JPEGACC.DLL
[2011/09/20 20:07:05 | 000,101,376 | ---- | C] () -- C:\WINDOWS\System32\WELSOF32.DLL
[2011/07/02 12:28:48 | 000,175,616 | ---- | C] () -- C:\WINDOWS\System32\unrar.dll
[2011/07/01 09:39:58 | 000,002,432 | ---- | C] () -- C:\WINDOWS\System32\ASOROSet.bin
[2011/06/27 17:35:17 | 000,000,000 | ---- | C] () -- C:\WINDOWS\exctrlst.INI
[2011/06/26 13:42:24 | 000,000,084 | ---- | C] () -- C:\WINDOWS\csact.ini
[2011/06/26 09:27:14 | 000,000,000 | ---- | C] () -- C:\WINDOWS\nsreg.dat
[2011/06/26 08:52:19 | 000,000,552 | ---- | C] () -- C:\WINDOWS\System32\d3d8caps.dat
[2011/06/25 22:55:16 | 000,002,048 | --S- | C] () -- C:\WINDOWS\bootstat.dat
[2011/06/25 22:49:36 | 000,022,748 | ---- | C] () -- C:\WINDOWS\System32\emptyregdb.dat
[2008/04/14 07:00:00 | 013,107,200 | ---- | C] () -- C:\WINDOWS\System32\oembios.bin
[2008/04/14 07:00:00 | 000,673,088 | ---- | C] () -- C:\WINDOWS\System32\mlang.dat
[2008/04/14 07:00:00 | 000,434,638 | ---- | C] () -- C:\WINDOWS\System32\perfh009.dat
[2008/04/14 07:00:00 | 000,272,128 | ---- | C] () -- C:\WINDOWS\System32\perfi009.dat
[2008/04/14 07:00:00 | 000,218,003 | ---- | C] () -- C:\WINDOWS\System32\dssec.dat
[2008/04/14 07:00:00 | 000,068,832 | ---- | C] () -- C:\WINDOWS\System32\perfc009.dat
[2008/04/14 07:00:00 | 000,046,258 | ---- | C] () -- C:\WINDOWS\System32\mib.bin
[2008/04/14 07:00:00 | 000,028,626 | ---- | C] () -- C:\WINDOWS\System32\perfd009.dat
[2008/04/14 07:00:00 | 000,004,569 | ---- | C] () -- C:\WINDOWS\System32\secupd.dat
[2008/04/14 07:00:00 | 000,004,463 | ---- | C] () -- C:\WINDOWS\System32\oembios.dat
[2008/04/14 07:00:00 | 000,001,804 | ---- | C] () -- C:\WINDOWS\System32\Dcache.bin
[2008/04/14 07:00:00 | 000,000,741 | ---- | C] () -- C:\WINDOWS\System32\noise.dat
[2002/10/08 16:24:44 | 000,000,177 | ---- | C] () -- C:\WINDOWS\System32\dlbacoin.ini

< End of report >

OTL Extras logfile created on: 1/5/2012 11:21:57 AM - Run 1
OTL by OldTimer - Version 3.2.31.0 Folder = C:\Documents and Settings\AdminFolder\Desktop
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 6.0.2900.5512)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

1.98 Gb Total Physical Memory | 1.49 Gb Available Physical Memory | 75.03% Memory free
3.84 Gb Paging File | 3.60 Gb Available in Paging File | 93.92% Paging File free
Paging file location(s): c:\pagefile.sys 2046 4092 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 298.08 Gb Total Space | 282.31 Gb Free Space | 94.71% Space Free | Partition Type: NTFS

Computer Name: ADMINFOL-A78534 | User Name: AdminFolder | Logged in as Administrator.
Boot Mode: SafeMode with Networking | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Extra Registry (SafeList) ==========


========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
.url [@ = InternetShortcut] -- rundll32.exe shdocvw.dll,OpenURL %l

[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
exefile [open] -- "%1" %*

Edited by sheperd06, 05 January 2012 - 12:44 PM.

  • 0

Advertisements


#2
sheperd06

sheperd06

    Member

  • Topic Starter
  • Member
  • PipPip
  • 20 posts
I am still needing help with this issue. Thanks so much1
  • 0

#3
Gammo

Gammo

    Trusted Helper

  • Malware Removal
  • 2,299 posts
Hello and welcome to Geekstogo!

We apologize for the delay in responding to your request for help.
If you have since resolved the original problem you were having, we would appreciate you letting us know. If not please perform the following steps below.





Please note: ComboFix is an extremely powerful tool which should only be used when instructed to do so by someone who has been properly trained. ComboFix is intended by its creator to be "used under the guidance and supervision of an expert". It is NOT for unsupervised use. Please read Combofix's Disclaimer.

Using this tool incorrectly could lead to disastrous problems with your operating system such as preventing it from ever starting again.





First please delete your copy('s) of ComboFix.exe and TDSSKiller from your Desktop.



Run OTL
  • Under the Custom Scans/Fixes box at the bottom, paste in the following

    :OTL
    SRV - File not found [Disabled | Stopped] -- -- (FXYTYVI)
    
    :Services
    
    :Reg
    
    :Files
    ipconfig /flushdns /c
    
    :Commands
    [purity]
    [resethosts]
    [emptytemp]
    [emptyflash]
    [createrestorepoint]
    [reboot]
  • Then click the Run Fix button at the top
  • Let the program run unhindered, reboot the PC when it is done





Download the latest version of TDSSKiller from here and save it to your Desktop.


  • Doubleclick on TDSSKiller.exe to run the application, then click on Change parameters.

    Posted Image
  • Check the boxes beside Verify Driver Digital Signature and Detect TDLFS file system, then click OK.

    Posted Image
  • Click the Start Scan button.

    Posted Image
  • If a suspicious object is detected, the default action will be Skip, click on Continue.

    Posted Image
  • If malicious objects are found, they will show in the Scan results and offer three (3) options.
  • Ensure Cure is selected, then click Continue => Reboot now to finish the cleaning process.

    Posted Image
  • Note: If Cure is not available, please choose Skip instead, do not choose Delete unless instructed.

A report will be created in your root directory, (usually C:\ folder) in the form of "TDSSKiller.[Version]_[Date]_[Time]_log.txt". Please copy and paste its contents on your next reply.





Please download MBRCheck.exe to your Desktop. Run the application.

If no infection is found, it will produce a report on the desktop. Post that report in your next reply.

If an infection is found, you will be presented with the following dialog:

Enter 'Y' and hit ENTER for more options, or 'N' to exit:


Type N and press Enter. A report will be produced on the desktop. Post that report in your next reply.





Download and Install Combofix

Download ComboFix from one of the following locations:

Link 1
Link 2

VERY IMPORTANT !!! Save ComboFix.exe to your Desktop *

IMPORTANT - Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools. If you have difficulty properly disabling your protective programs, refer to this link here

  • Double click on ComboFix.exe & follow the prompts.
  • Accept the disclaimer and allow to update if it asks

    Posted Image

    Posted Image
  • When finished, it shall produce a log for you.
  • Please include the C:\ComboFix.txt in your next reply.

Notes:
1. Do not mouse-click Combofix's window while it is running. That may cause it to stall.
2. Do not "re-run" Combofix. If you have a problem, reply back for further instructions.


Please make sure you include the ComboFix log in your next reply as well as describe how your computer is running now
  • 0

#4
sheperd06

sheperd06

    Member

  • Topic Starter
  • Member
  • PipPip
  • 20 posts
Thank you so much for responding. Upon following your directive, this issue has been resolved. :cheers:
  • 0

#5
Gammo

Gammo

    Trusted Helper

  • Malware Removal
  • 2,299 posts
I'd like to confirm that.

Can you please post the log file I requested in my previous post? :thumbsup:
  • 0

#6
sheperd06

sheperd06

    Member

  • Topic Starter
  • Member
  • PipPip
  • 20 posts
Looks like the problem still exists so I should probably go back to the beginning, follow your instructions carefully, and submit all logs (per your request) for review. :blush: This is truly frustrating!

Edited by sheperd06, 19 January 2012 - 09:48 PM.

  • 0

#7
sheperd06

sheperd06

    Member

  • Topic Starter
  • Member
  • PipPip
  • 20 posts
I am submitting the following logs per your request. Please let me know if you would like me to submit any further information.

OTL

will not run so I am unable to submit a report

TDSSKiller Reultst
- Cure was not available
00:15:25.0578 5400 TDSS rootkit removing tool 2.7.6.0 Jan 19 2012 13:09:04
00:15:25.0921 5400 ============================================================
00:15:25.0921 5400 Current date / time: 2012/01/20 00:15:25.0921
00:15:25.0921 5400 SystemInfo:
00:15:25.0921 5400
00:15:25.0921 5400 OS Version: 5.1.2600 ServicePack: 3.0
00:15:25.0921 5400 Product type: Workstation
00:15:25.0921 5400 ComputerName: USERPC-459978CE
00:15:25.0921 5400 UserName: HomeUser
00:15:25.0921 5400 Windows directory: C:\WINDOWS
00:15:25.0921 5400 System windows directory: C:\WINDOWS
00:15:25.0921 5400 Processor architecture: Intel x86
00:15:25.0921 5400 Number of processors: 1
00:15:25.0921 5400 Page size: 0x1000
00:15:25.0921 5400 Boot type: Normal boot
00:15:25.0921 5400 ============================================================
00:15:27.0812 5400 Drive \Device\Harddisk0\DR0 - Size: 0x4A85D56000 (298.09 Gb), SectorSize: 0x200, Cylinders: 0x9801, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000054
00:15:27.0828 5400 Drive \Device\Harddisk1\DR2 - Size: 0xEEB00000 (3.73 Gb), SectorSize: 0x200, Cylinders: 0x1E6, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'W'
00:15:27.0843 5400 Initialize success
00:15:35.0906 1188 ============================================================
00:15:35.0906 1188 Scan started
00:15:35.0906 1188 Mode: Manual; SigCheck; TDLFS;
00:15:35.0906 1188 ============================================================
00:15:36.0296 1188 Aavmker4 (b6de0336f9f4b687b4ff57939f7b657a) C:\WINDOWS\system32\drivers\Aavmker4.sys
00:15:36.0453 1188 Aavmker4 - ok
00:15:36.0593 1188 Abiosdsk - ok
00:15:36.0609 1188 abp480n5 - ok
00:15:36.0656 1188 ACPI (8fd99680a539792a30e97944fdaecf17) C:\WINDOWS\system32\DRIVERS\ACPI.sys
00:15:36.0906 1188 ACPI - ok
00:15:37.0078 1188 ACPIEC (9859c0f6936e723e4892d7141b1327d5) C:\WINDOWS\system32\drivers\ACPIEC.sys
00:15:37.0218 1188 ACPIEC - ok
00:15:37.0343 1188 ADASPROT (e9b047e166480f67fb6d50b3eec8bd35) C:\Program Files\Advanced System Optimizer 3\adasprot32.sys
00:15:37.0375 1188 ADASPROT ( UnsignedFile.Multi.Generic ) - warning
00:15:37.0375 1188 ADASPROT - detected UnsignedFile.Multi.Generic (1)
00:15:37.0562 1188 adpu160m - ok
00:15:37.0625 1188 aeaudio (cde1f62fe63631b932ace2249fb11da0) C:\WINDOWS\system32\drivers\aeaudio.sys
00:15:37.0640 1188 aeaudio ( UnsignedFile.Multi.Generic ) - warning
00:15:37.0640 1188 aeaudio - detected UnsignedFile.Multi.Generic (1)
00:15:37.0781 1188 aec (8bed39e3c35d6a489438b8141717a557) C:\WINDOWS\system32\drivers\aec.sys
00:15:37.0921 1188 aec - ok
00:15:38.0093 1188 AFD (1e44bc1e83d8fd2305f8d452db109cf9) C:\WINDOWS\System32\drivers\afd.sys
00:15:38.0140 1188 AFD - ok
00:15:38.0281 1188 Aha154x - ok
00:15:38.0296 1188 aic78u2 - ok
00:15:38.0312 1188 aic78xx - ok
00:15:38.0328 1188 AliIde - ok
00:15:38.0359 1188 amsint - ok
00:15:38.0375 1188 asc - ok
00:15:38.0390 1188 asc3350p - ok
00:15:38.0406 1188 asc3550 - ok
00:15:38.0453 1188 aswFsBlk (054df24c92b55427e0757cfff160e4f2) C:\WINDOWS\system32\drivers\aswFsBlk.sys
00:15:38.0468 1188 aswFsBlk - ok
00:15:38.0609 1188 aswFW (9b88d53227e0bc1ce62a981b2fcd67c8) C:\WINDOWS\system32\drivers\aswFW.sys
00:15:38.0625 1188 aswFW - ok
00:15:38.0765 1188 aswMon2 (ef0e9ad83380724bd6fbbb51d2d0f5b8) C:\WINDOWS\system32\drivers\aswMon2.sys
00:15:38.0781 1188 aswMon2 - ok
00:15:38.0937 1188 aswNdis (7b948e3657bea62e437bc46ca6ef6012) C:\WINDOWS\system32\DRIVERS\aswNdis.sys
00:15:38.0937 1188 aswNdis - ok
00:15:39.0078 1188 aswNdis2 (2d26aaee48a48e64129b4ae1d0ab3a3b) C:\WINDOWS\system32\drivers\aswNdis2.sys
00:15:39.0093 1188 aswNdis2 - ok
00:15:39.0234 1188 aswRdr (352d5a48ebab35a7693b048679304831) C:\WINDOWS\system32\drivers\aswRdr.sys
00:15:39.0250 1188 aswRdr - ok
00:15:39.0406 1188 aswSnx (8d34d2b24297e27d93e847319abfdec4) C:\WINDOWS\system32\drivers\aswSnx.sys
00:15:39.0437 1188 aswSnx - ok
00:15:39.0625 1188 aswSP (010012597333da1f46c3243f33f8409e) C:\WINDOWS\system32\drivers\aswSP.sys
00:15:39.0640 1188 aswSP - ok
00:15:39.0828 1188 aswTdi (f9f84364416658e9786235904d448d37) C:\WINDOWS\system32\drivers\aswTdi.sys
00:15:39.0843 1188 aswTdi - ok
00:15:40.0000 1188 AsyncMac (b153affac761e7f5fcfa822b9c4e97bc) C:\WINDOWS\system32\DRIVERS\asyncmac.sys
00:15:40.0140 1188 AsyncMac - ok
00:15:40.0281 1188 atapi (9f3a2f5aa6875c72bf062c712cfa2674) C:\WINDOWS\system32\DRIVERS\atapi.sys
00:15:40.0437 1188 atapi - ok
00:15:40.0562 1188 Atdisk - ok
00:15:40.0593 1188 Atmarpc (9916c1225104ba14794209cfa8012159) C:\WINDOWS\system32\DRIVERS\atmarpc.sys
00:15:40.0750 1188 Atmarpc - ok
00:15:40.0906 1188 audstub (d9f724aa26c010a217c97606b160ed68) C:\WINDOWS\system32\DRIVERS\audstub.sys
00:15:41.0046 1188 audstub - ok
00:15:41.0234 1188 Beep (da1f27d85e0d1525f6621372e7b685e9) C:\WINDOWS\system32\drivers\Beep.sys
00:15:41.0375 1188 Beep - ok
00:15:41.0484 1188 catchme - ok
00:15:41.0656 1188 cbidf2k (90a673fc8e12a79afbed2576f6a7aaf9) C:\WINDOWS\system32\drivers\cbidf2k.sys
00:15:41.0812 1188 cbidf2k - ok
00:15:41.0921 1188 cd20xrnt - ok
00:15:41.0968 1188 Cdaudio (c1b486a7658353d33a10cc15211a873b) C:\WINDOWS\system32\drivers\Cdaudio.sys
00:15:42.0109 1188 Cdaudio - ok
00:15:42.0265 1188 Cdfs (c885b02847f5d2fd45a24e219ed93b32) C:\WINDOWS\system32\drivers\Cdfs.sys
00:15:42.0406 1188 Cdfs - ok
00:15:42.0609 1188 Cdrom (1f4260cc5b42272d71f79e570a27a4fe) C:\WINDOWS\system32\DRIVERS\cdrom.sys
00:15:42.0765 1188 Cdrom - ok
00:15:42.0906 1188 Changer - ok
00:15:42.0937 1188 CmdIde - ok
00:15:42.0968 1188 Cpqarray - ok
00:15:42.0984 1188 dac2w2k - ok
00:15:43.0000 1188 dac960nt - ok
00:15:43.0046 1188 Disk (044452051f3e02e7963599fc8f4f3e25) C:\WINDOWS\system32\DRIVERS\disk.sys
00:15:43.0203 1188 Disk - ok
00:15:43.0343 1188 dmboot (d992fe1274bde0f84ad826acae022a41) C:\WINDOWS\system32\drivers\dmboot.sys
00:15:43.0531 1188 dmboot - ok
00:15:43.0718 1188 dmio (7c824cf7bbde77d95c08005717a95f6f) C:\WINDOWS\system32\drivers\dmio.sys
00:15:43.0859 1188 dmio - ok
00:15:44.0031 1188 dmload (e9317282a63ca4d188c0df5e09c6ac5f) C:\WINDOWS\system32\drivers\dmload.sys
00:15:44.0171 1188 dmload - ok
00:15:44.0312 1188 DMusic (8a208dfcf89792a484e76c40e5f50b45) C:\WINDOWS\system32\drivers\DMusic.sys
00:15:44.0437 1188 DMusic - ok
00:15:44.0578 1188 dpti2o - ok
00:15:44.0609 1188 drmkaud (8f5fcff8e8848afac920905fbd9d33c8) C:\WINDOWS\system32\drivers\drmkaud.sys
00:15:44.0750 1188 drmkaud - ok
00:15:44.0906 1188 E100B (5c940a174dfb2c42b9f6ba6edc2baa0b) C:\WINDOWS\system32\DRIVERS\e100b325.sys
00:15:44.0921 1188 E100B - ok
00:15:45.0078 1188 Fastfat (38d332a6d56af32635675f132548343e) C:\WINDOWS\system32\drivers\Fastfat.sys
00:15:45.0234 1188 Fastfat - ok
00:15:45.0421 1188 Fdc (92cdd60b6730b9f50f6a1a0c1f8cdc81) C:\WINDOWS\system32\DRIVERS\fdc.sys
00:15:45.0562 1188 Fdc - ok
00:15:45.0765 1188 Fips (d45926117eb9fa946a6af572fbe1caa3) C:\WINDOWS\system32\drivers\Fips.sys
00:15:45.0921 1188 Fips - ok
00:15:46.0078 1188 Flpydisk (9d27e7b80bfcdf1cdd9b555862d5e7f0) C:\WINDOWS\system32\DRIVERS\flpydisk.sys
00:15:46.0218 1188 Flpydisk - ok
00:15:46.0390 1188 FltMgr (b2cf4b0786f8212cb92ed2b50c6db6b0) C:\WINDOWS\system32\DRIVERS\fltMgr.sys
00:15:46.0546 1188 FltMgr - ok
00:15:46.0703 1188 Fs_Rec (3e1e2bd4f39b0e2b7dc4f4d2bcc2779a) C:\WINDOWS\system32\drivers\Fs_Rec.sys
00:15:46.0843 1188 Fs_Rec - ok
00:15:46.0984 1188 Ftdisk (6ac26732762483366c3969c9e4d2259d) C:\WINDOWS\system32\DRIVERS\ftdisk.sys
00:15:47.0140 1188 Ftdisk - ok
00:15:47.0312 1188 Gpc (0a02c63c8b144bd8c86b103dee7c86a2) C:\WINDOWS\system32\DRIVERS\msgpc.sys
00:15:47.0468 1188 Gpc - ok
00:15:47.0656 1188 hidusb (ccf82c5ec8a7326c3066de870c06daf1) C:\WINDOWS\system32\DRIVERS\hidusb.sys
00:15:47.0875 1188 hidusb - ok
00:15:48.0125 1188 hpn - ok
00:15:48.0234 1188 HPZid412 (30ca91e657cede2f95359d6ef186f650) C:\WINDOWS\system32\DRIVERS\HPZid412.sys
00:15:48.0281 1188 HPZid412 - ok
00:15:48.0406 1188 HPZipr12 (efd31afa752aa7c7bbb57bcbe2b01c78) C:\WINDOWS\system32\DRIVERS\HPZipr12.sys
00:15:48.0468 1188 HPZipr12 - ok
00:15:48.0625 1188 HPZius12 (7ac43c38ca8fd7ed0b0a4466f753e06e) C:\WINDOWS\system32\DRIVERS\HPZius12.sys
00:15:48.0671 1188 HPZius12 - ok
00:15:48.0828 1188 HTTP (f80a415ef82cd06ffaf0d971528ead38) C:\WINDOWS\system32\Drivers\HTTP.sys
00:15:48.0890 1188 HTTP - ok
00:15:49.0062 1188 i2omgmt - ok
00:15:49.0078 1188 i2omp - ok
00:15:49.0140 1188 i8042prt (4a0b06aa8943c1e332520f7440c0aa30) C:\WINDOWS\system32\DRIVERS\i8042prt.sys
00:15:49.0281 1188 i8042prt - ok
00:15:49.0437 1188 ialm (9a883c3c4d91292c0d09de7c728e781c) C:\WINDOWS\system32\DRIVERS\ialmnt5.sys
00:15:49.0562 1188 ialm - ok
00:15:49.0734 1188 Imapi (083a052659f5310dd8b6a6cb05edcf8e) C:\WINDOWS\system32\DRIVERS\imapi.sys
00:15:49.0875 1188 Imapi - ok
00:15:50.0031 1188 ini910u - ok
00:15:50.0062 1188 IntelIde (b5466a9250342a7aa0cd1fba13420678) C:\WINDOWS\system32\DRIVERS\intelide.sys
00:15:50.0218 1188 IntelIde - ok
00:15:50.0390 1188 intelppm (8c953733d8f36eb2133f5bb58808b66b) C:\WINDOWS\system32\DRIVERS\intelppm.sys
00:15:50.0562 1188 intelppm - ok
00:15:50.0718 1188 Ip6Fw (3bb22519a194418d5fec05d800a19ad0) C:\WINDOWS\system32\DRIVERS\Ip6Fw.sys
00:15:50.0890 1188 Ip6Fw - ok
00:15:51.0187 1188 IpFilterDriver (731f22ba402ee4b62748adaf6363c182) C:\WINDOWS\system32\DRIVERS\ipfltdrv.sys
00:15:51.0343 1188 IpFilterDriver - ok
00:15:51.0515 1188 IpInIp (b87ab476dcf76e72010632b5550955f5) C:\WINDOWS\system32\DRIVERS\ipinip.sys
00:15:51.0656 1188 IpInIp - ok
00:15:51.0828 1188 IpNat (cc748ea12c6effde940ee98098bf96bb) C:\WINDOWS\system32\DRIVERS\ipnat.sys
00:15:51.0968 1188 IpNat - ok
00:15:52.0156 1188 IPSec (23c74d75e36e7158768dd63d92789a91) C:\WINDOWS\system32\DRIVERS\ipsec.sys
00:15:52.0515 1188 IPSec - ok
00:15:52.0687 1188 IRENUM (c93c9ff7b04d772627a3646d89f7bf89) C:\WINDOWS\system32\DRIVERS\irenum.sys
00:15:52.0765 1188 IRENUM - ok
00:15:52.0984 1188 isapnp (05a299ec56e52649b1cf2fc52d20f2d7) C:\WINDOWS\system32\DRIVERS\isapnp.sys
00:15:53.0125 1188 isapnp - ok
00:15:53.0312 1188 Kbdclass (463c1ec80cd17420a542b7f36a36f128) C:\WINDOWS\system32\DRIVERS\kbdclass.sys
00:15:53.0468 1188 Kbdclass - ok
00:15:53.0656 1188 kmixer (692bcf44383d056aed41b045a323d378) C:\WINDOWS\system32\drivers\kmixer.sys
00:15:53.0796 1188 kmixer - ok
00:15:53.0984 1188 KSecDD (b467646c54cc746128904e1654c750c1) C:\WINDOWS\system32\drivers\KSecDD.sys
00:15:54.0015 1188 KSecDD - ok
00:15:54.0125 1188 lbrtfdc - ok
00:15:54.0156 1188 MBAMProtector (b7ca8cc3f978201856b6ab82f40953c3) C:\WINDOWS\system32\drivers\mbam.sys
00:15:54.0171 1188 MBAMProtector - ok
00:15:54.0328 1188 MidiSyn (63c34814492aa65fc517b002de77b191) C:\WINDOWS\system32\drivers\MidiSyn.sys
00:15:54.0359 1188 MidiSyn - ok
00:15:54.0531 1188 mnmdd (4ae068242760a1fb6e1a44bf4e16afa6) C:\WINDOWS\system32\drivers\mnmdd.sys
00:15:54.0687 1188 mnmdd - ok
00:15:54.0859 1188 Modem (dfcbad3cec1c5f964962ae10e0bcc8e1) C:\WINDOWS\system32\drivers\Modem.sys
00:15:55.0015 1188 Modem - ok
00:15:55.0390 1188 Mouclass (35c9e97194c8cfb8430125f8dbc34d04) C:\WINDOWS\system32\DRIVERS\mouclass.sys
00:15:55.0578 1188 Mouclass - ok
00:15:55.0765 1188 mouhid (b1c303e17fb9d46e87a98e4ba6769685) C:\WINDOWS\system32\DRIVERS\mouhid.sys
00:15:55.0906 1188 mouhid - ok
00:15:56.0078 1188 MountMgr (a80b9a0bad1b73637dbcbba7df72d3fd) C:\WINDOWS\system32\drivers\MountMgr.sys
00:15:56.0218 1188 MountMgr - ok
00:15:56.0375 1188 mraid35x - ok
00:15:56.0500 1188 MRxDAV (11d42bb6206f33fbb3ba0288d3ef81bd) C:\WINDOWS\system32\DRIVERS\mrxdav.sys
00:15:56.0640 1188 MRxDAV - ok
00:15:56.0828 1188 MRxSmb (7d304a5eb4344ebeeab53a2fe3ffb9f0) C:\WINDOWS\system32\DRIVERS\mrxsmb.sys
00:15:56.0921 1188 MRxSmb - ok
00:15:57.0109 1188 Msfs (c941ea2454ba8350021d774daf0f1027) C:\WINDOWS\system32\drivers\Msfs.sys
00:15:57.0265 1188 Msfs - ok
00:15:57.0453 1188 MSKSSRV (d1575e71568f4d9e14ca56b7b0453bf1) C:\WINDOWS\system32\drivers\MSKSSRV.sys
00:15:57.0687 1188 MSKSSRV - ok
00:15:57.0890 1188 MSPCLOCK (325bb26842fc7ccc1fcce2c457317f3e) C:\WINDOWS\system32\drivers\MSPCLOCK.sys
00:15:58.0015 1188 MSPCLOCK - ok
00:15:58.0171 1188 MSPQM (bad59648ba099da4a17680b39730cb3d) C:\WINDOWS\system32\drivers\MSPQM.sys
00:15:58.0312 1188 MSPQM - ok
00:15:58.0500 1188 mssmbios (af5f4f3f14a8ea2c26de30f7a1e17136) C:\WINDOWS\system32\DRIVERS\mssmbios.sys
00:15:58.0656 1188 mssmbios - ok
00:15:58.0843 1188 Mup (de6a75f5c270e756c5508d94b6cf68f5) C:\WINDOWS\system32\drivers\Mup.sys
00:15:58.0859 1188 Mup - ok
00:15:59.0031 1188 NDIS (1df7f42665c94b825322fae71721130d) C:\WINDOWS\system32\drivers\NDIS.sys
00:15:59.0171 1188 NDIS - ok
00:15:59.0343 1188 NdisTapi (0109c4f3850dfbab279542515386ae22) C:\WINDOWS\system32\DRIVERS\ndistapi.sys
00:15:59.0562 1188 NdisTapi - ok
00:15:59.0718 1188 Ndisuio (f927a4434c5028758a842943ef1a3849) C:\WINDOWS\system32\DRIVERS\ndisuio.sys
00:15:59.0875 1188 Ndisuio - ok
00:16:00.0062 1188 NdisWan (edc1531a49c80614b2cfda43ca8659ab) C:\WINDOWS\system32\DRIVERS\ndiswan.sys
00:16:00.0218 1188 NdisWan - ok
00:16:00.0406 1188 NDProxy (9282bd12dfb069d3889eb3fcc1000a9b) C:\WINDOWS\system32\drivers\NDProxy.sys
00:16:00.0453 1188 NDProxy - ok
00:16:00.0640 1188 NetBIOS (5d81cf9a2f1a3a756b66cf684911cdf0) C:\WINDOWS\system32\DRIVERS\netbios.sys
00:16:00.0781 1188 NetBIOS - ok
00:16:00.0968 1188 NetBT (74b2b2f5bea5e9a3dc021d685551bd3d) C:\WINDOWS\system32\DRIVERS\netbt.sys
00:16:01.0109 1188 NetBT - ok
00:16:01.0296 1188 Npfs (3182d64ae053d6fb034f44b6def8034a) C:\WINDOWS\system32\drivers\Npfs.sys
00:16:01.0453 1188 Npfs - ok
00:16:01.0640 1188 Ntfs (78a08dd6a8d65e697c18e1db01c5cdca) C:\WINDOWS\system32\drivers\Ntfs.sys
00:16:01.0828 1188 Ntfs - ok
00:16:02.0031 1188 Null (73c1e1f395918bc2c6dd67af7591a3ad) C:\WINDOWS\system32\drivers\Null.sys
00:16:02.0187 1188 Null - ok
00:16:02.0359 1188 NwlnkFlt (b305f3fad35083837ef46a0bbce2fc57) C:\WINDOWS\system32\DRIVERS\nwlnkflt.sys
00:16:02.0515 1188 NwlnkFlt - ok
00:16:02.0703 1188 NwlnkFwd (c99b3415198d1aab7227f2c88fd664b9) C:\WINDOWS\system32\DRIVERS\nwlnkfwd.sys
00:16:02.0859 1188 NwlnkFwd - ok
00:16:03.0125 1188 Parport (5575faf8f97ce5e713d108c2a58d7c7c) C:\WINDOWS\system32\DRIVERS\parport.sys
00:16:03.0328 1188 Parport - ok
00:16:03.0578 1188 PartMgr (beb3ba25197665d82ec7065b724171c6) C:\WINDOWS\system32\drivers\PartMgr.sys
00:16:03.0718 1188 PartMgr - ok
00:16:03.0921 1188 ParVdm (70e98b3fd8e963a6a46a2e6247e0bea1) C:\WINDOWS\system32\drivers\ParVdm.sys
00:16:04.0062 1188 ParVdm - ok
00:16:04.0265 1188 PCI (a219903ccf74233761d92bef471a07b1) C:\WINDOWS\system32\DRIVERS\pci.sys
00:16:04.0406 1188 PCI - ok
00:16:04.0593 1188 PCIDump - ok
00:16:04.0781 1188 PCIIde (ccf5f451bb1a5a2a522a76e670000ff0) C:\WINDOWS\system32\drivers\PCIIde.sys
00:16:04.0921 1188 PCIIde - ok
00:16:05.0109 1188 Pcmcia (9e89ef60e9ee05e3f2eef2da7397f1c1) C:\WINDOWS\system32\drivers\Pcmcia.sys
00:16:05.0281 1188 Pcmcia - ok
00:16:05.0453 1188 perc2 - ok
00:16:05.0625 1188 perc2hib - ok
00:16:05.0859 1188 PptpMiniport (efeec01b1d3cf84f16ddd24d9d9d8f99) C:\WINDOWS\system32\DRIVERS\raspptp.sys
00:16:06.0000 1188 PptpMiniport - ok
00:16:06.0187 1188 PSched (09298ec810b07e5d582cb3a3f9255424) C:\WINDOWS\system32\DRIVERS\psched.sys
00:16:06.0343 1188 PSched - ok
00:16:06.0515 1188 Ptilink (80d317bd1c3dbc5d4fe7b1678c60cadd) C:\WINDOWS\system32\DRIVERS\ptilink.sys
00:16:06.0656 1188 Ptilink - ok
00:16:06.0843 1188 ql1080 - ok
00:16:07.0015 1188 Ql10wnt - ok
00:16:07.0171 1188 ql12160 - ok
00:16:07.0343 1188 ql1240 - ok
00:16:07.0515 1188 ql1280 - ok
00:16:07.0718 1188 RasAcd (fe0d99d6f31e4fad8159f690d68ded9c) C:\WINDOWS\system32\DRIVERS\rasacd.sys
00:16:07.0859 1188 RasAcd - ok
00:16:08.0062 1188 Rasl2tp (11b4a627bc9614b885c4969bfa5ff8a6) C:\WINDOWS\system32\DRIVERS\rasl2tp.sys
00:16:08.0218 1188 Rasl2tp - ok
00:16:08.0390 1188 RasPppoe (5bc962f2654137c9909c3d4603587dee) C:\WINDOWS\system32\DRIVERS\raspppoe.sys
00:16:08.0531 1188 RasPppoe - ok
00:16:08.0734 1188 Raspti (fdbb1d60066fcfbb7452fd8f9829b242) C:\WINDOWS\system32\DRIVERS\raspti.sys
00:16:08.0875 1188 Raspti - ok
00:16:09.0078 1188 Rdbss (7ad224ad1a1437fe28d89cf22b17780a) C:\WINDOWS\system32\DRIVERS\rdbss.sys
00:16:09.0218 1188 Rdbss - ok
00:16:09.0390 1188 RDPCDD (4912d5b403614ce99c28420f75353332) C:\WINDOWS\system32\DRIVERS\RDPCDD.sys
00:16:09.0546 1188 RDPCDD - ok
00:16:09.0781 1188 rdpdr (15cabd0f7c00c47c70124907916af3f1) C:\WINDOWS\system32\DRIVERS\rdpdr.sys
00:16:09.0921 1188 rdpdr - ok
00:16:10.0109 1188 RDPWD (fc105dd312ed64eb66bff111e8ec6eac) C:\WINDOWS\system32\drivers\RDPWD.sys
00:16:10.0156 1188 RDPWD - ok
00:16:10.0359 1188 redbook (f828dd7e1419b6653894a8f97a0094c5) C:\WINDOWS\system32\DRIVERS\redbook.sys
00:16:10.0500 1188 redbook - ok
00:16:10.0703 1188 Revoflt (8b5b8a11306190c6963d3473f052d3c8) C:\WINDOWS\system32\DRIVERS\revoflt.sys
00:16:10.0718 1188 Revoflt - ok
00:16:10.0937 1188 Secdrv (90a3935d05b494a5a39d37e71f09a677) C:\WINDOWS\system32\DRIVERS\secdrv.sys
00:16:11.0015 1188 Secdrv - ok
00:16:11.0218 1188 senfilt (9a4c4a4b191200f12085d188be70e4e3) C:\WINDOWS\system32\drivers\senfilt.sys
00:16:11.0250 1188 senfilt ( UnsignedFile.Multi.Generic ) - warning
00:16:11.0250 1188 senfilt - detected UnsignedFile.Multi.Generic (1)
00:16:11.0437 1188 serenum (0f29512ccd6bead730039fb4bd2c85ce) C:\WINDOWS\system32\DRIVERS\serenum.sys
00:16:11.0578 1188 serenum - ok
00:16:11.0781 1188 Serial (cca207a8896d4c6a0c9ce29a4ae411a7) C:\WINDOWS\system32\DRIVERS\serial.sys
00:16:11.0921 1188 Serial - ok
00:16:12.0109 1188 sf (8da9c7feedba52cfd91ee2e2113df6a9) C:\WINDOWS\system32\drivers\sf.sys
00:16:12.0125 1188 sf ( UnsignedFile.Multi.Generic ) - warning
00:16:12.0125 1188 sf - detected UnsignedFile.Multi.Generic (1)
00:16:12.0375 1188 Sfloppy (8e6b8c671615d126fdc553d1e2de5562) C:\WINDOWS\system32\drivers\Sfloppy.sys
00:16:12.0515 1188 Sfloppy - ok
00:16:12.0687 1188 Simbad - ok
00:16:12.0890 1188 smwdm (ce52bffebfaf1e59553e2885cab80b52) C:\WINDOWS\system32\drivers\smwdm.sys
00:16:12.0921 1188 smwdm ( UnsignedFile.Multi.Generic ) - warning
00:16:12.0921 1188 smwdm - detected UnsignedFile.Multi.Generic (1)
00:16:13.0109 1188 Sparrow - ok
00:16:13.0296 1188 splitter (ab8b92451ecb048a4d1de7c3ffcb4a9f) C:\WINDOWS\system32\drivers\splitter.sys
00:16:13.0453 1188 splitter - ok
00:16:13.0656 1188 sr (76bb022c2fb6902fd5bdd4f78fc13a5d) C:\WINDOWS\system32\DRIVERS\sr.sys
00:16:13.0718 1188 sr - ok
00:16:13.0906 1188 Srv (47ddfc2f003f7f9f0592c6874962a2e7) C:\WINDOWS\system32\DRIVERS\srv.sys
00:16:13.0921 1188 Srv - ok
00:16:14.0125 1188 swenum (3941d127aef12e93addf6fe6ee027e0f) C:\WINDOWS\system32\DRIVERS\swenum.sys
00:16:14.0265 1188 swenum - ok
00:16:14.0453 1188 swmidi (8ce882bcc6cf8a62f2b2323d95cb3d01) C:\WINDOWS\system32\drivers\swmidi.sys
00:16:14.0593 1188 swmidi - ok
00:16:14.0781 1188 symc810 - ok
00:16:14.0953 1188 symc8xx - ok
00:16:15.0125 1188 sym_hi - ok
00:16:15.0281 1188 sym_u3 - ok
00:16:15.0484 1188 sysaudio (8b83f3ed0f1688b4958f77cd6d2bf290) C:\WINDOWS\system32\drivers\sysaudio.sys
00:16:15.0640 1188 sysaudio - ok
00:16:15.0843 1188 Tcpip (9aefa14bd6b182d61e3119fa5f436d3d) C:\WINDOWS\system32\DRIVERS\tcpip.sys
00:16:15.0906 1188 Tcpip - ok
00:16:16.0078 1188 TDPIPE (6471a66807f5e104e4885f5b67349397) C:\WINDOWS\system32\drivers\TDPIPE.sys
00:16:16.0218 1188 TDPIPE - ok
00:16:16.0390 1188 TDTCP (c56b6d0402371cf3700eb322ef3aaf61) C:\WINDOWS\system32\drivers\TDTCP.sys
00:16:16.0546 1188 TDTCP - ok
00:16:16.0750 1188 TermDD (88155247177638048422893737429d9e) C:\WINDOWS\system32\DRIVERS\termdd.sys
00:16:16.0890 1188 TermDD - ok
00:16:17.0062 1188 TosIde - ok
00:16:17.0265 1188 Udfs (5787b80c2e3c5e2f56c2a233d91fa2c9) C:\WINDOWS\system32\drivers\Udfs.sys
00:16:17.0421 1188 Udfs - ok
00:16:17.0656 1188 ultra - ok
00:16:17.0750 1188 Update (402ddc88356b1bac0ee3dd1580c76a31) C:\WINDOWS\system32\DRIVERS\update.sys
00:16:17.0906 1188 Update - ok
00:16:18.0093 1188 usbccgp (173f317ce0db8e21322e71b7e60a27e8) C:\WINDOWS\system32\DRIVERS\usbccgp.sys
00:16:18.0234 1188 usbccgp - ok
00:16:18.0421 1188 usbehci (65dcf09d0e37d4c6b11b5b0b76d470a7) C:\WINDOWS\system32\DRIVERS\usbehci.sys
00:16:18.0562 1188 usbehci - ok
00:16:18.0765 1188 usbhub (1ab3cdde553b6e064d2e754efe20285c) C:\WINDOWS\system32\DRIVERS\usbhub.sys
00:16:18.0906 1188 usbhub - ok
00:16:19.0093 1188 usbprint (a717c8721046828520c9edf31288fc00) C:\WINDOWS\system32\DRIVERS\usbprint.sys
00:16:19.0234 1188 usbprint - ok
00:16:19.0437 1188 USBSTOR (a32426d9b14a089eaa1d922e0c5801a9) C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS
00:16:19.0578 1188 USBSTOR - ok
00:16:19.0765 1188 usbuhci (26496f9dee2d787fc3e61ad54821ffe6) C:\WINDOWS\system32\DRIVERS\usbuhci.sys
00:16:19.0906 1188 usbuhci - ok
00:16:20.0109 1188 VgaSave (0d3a8fafceacd8b7625cd549757a7df1) C:\WINDOWS\System32\drivers\vga.sys
00:16:20.0250 1188 VgaSave - ok
00:16:20.0406 1188 ViaIde - ok
00:16:20.0609 1188 VolSnap (4c8fcb5cc53aab716d810740fe59d025) C:\WINDOWS\system32\drivers\VolSnap.sys
00:16:20.0750 1188 VolSnap - ok
00:16:20.0953 1188 Wanarp (e20b95baedb550f32dd489265c1da1f6) C:\WINDOWS\system32\DRIVERS\wanarp.sys
00:16:21.0093 1188 Wanarp - ok
00:16:21.0265 1188 wdmaud (6768acf64b18196494413695f0c3a00f) C:\WINDOWS\system32\drivers\wdmaud.sys
00:16:21.0406 1188 wdmaud - ok
00:16:21.0625 1188 WS2IFSL (6abe6e225adb5a751622a9cc3bc19ce8) C:\WINDOWS\System32\drivers\ws2ifsl.sys
00:16:21.0781 1188 WS2IFSL - ok
00:16:21.0812 1188 MBR (0x1B8) (8f558eb6672622401da993e1e865c861) \Device\Harddisk0\DR0
00:16:22.0250 1188 \Device\Harddisk0\DR0 - ok
00:16:22.0265 1188 MBR (0x1B8) (5fb38429d5d77768867c76dcbdb35194) \Device\Harddisk1\DR2
00:16:22.0437 1188 \Device\Harddisk1\DR2 - ok
00:16:22.0437 1188 Boot (0x1200) (30f1ef57d6aa5cea1a2b0bd565ab272e) \Device\Harddisk0\DR0\Partition0
00:16:22.0437 1188 \Device\Harddisk0\DR0\Partition0 - ok
00:16:22.0468 1188 Boot (0x1200) (57e912f8d95fd1353eee94f39f66d733) \Device\Harddisk1\DR2\Partition0
00:16:22.0468 1188 \Device\Harddisk1\DR2\Partition0 - ok
00:16:22.0484 1188 ============================================================
00:16:22.0484 1188 Scan finished
00:16:22.0484 1188 ============================================================
00:16:22.0593 5460 Detected object count: 5
00:16:22.0593 5460 Actual detected object count: 5
00:16:27.0156 5460 ADASPROT ( UnsignedFile.Multi.Generic ) - skipped by user
00:16:27.0156 5460 ADASPROT ( UnsignedFile.Multi.Generic ) - User select action: Skip
00:16:27.0156 5460 aeaudio ( UnsignedFile.Multi.Generic ) - skipped by user
00:16:27.0156 5460 aeaudio ( UnsignedFile.Multi.Generic ) - User select action: Skip
00:16:27.0156 5460 senfilt ( UnsignedFile.Multi.Generic ) - skipped by user
00:16:27.0156 5460 senfilt ( UnsignedFile.Multi.Generic ) - User select action: Skip
00:16:27.0156 5460 sf ( UnsignedFile.Multi.Generic ) - skipped by user
00:16:27.0156 5460 sf ( UnsignedFile.Multi.Generic ) - User select action: Skip
00:16:27.0156 5460 smwdm ( UnsignedFile.Multi.Generic ) - skipped by user
00:16:27.0156 5460 smwdm ( UnsignedFile.Multi.Generic ) - User select action: Skip
00:16:50.0250 4976 ============================================================
00:16:50.0250 4976 Scan started
00:16:50.0250 4976 Mode: Manual; SigCheck; TDLFS;
00:16:50.0250 4976 ============================================================
00:16:50.0593 4976 Aavmker4 (b6de0336f9f4b687b4ff57939f7b657a) C:\WINDOWS\system32\drivers\Aavmker4.sys
00:16:50.0609 4976 Aavmker4 - ok
00:16:50.0734 4976 Abiosdsk - ok
00:16:50.0750 4976 abp480n5 - ok
00:16:50.0796 4976 ACPI (8fd99680a539792a30e97944fdaecf17) C:\WINDOWS\system32\DRIVERS\ACPI.sys
00:16:50.0937 4976 ACPI - ok
00:16:51.0078 4976 ACPIEC (9859c0f6936e723e4892d7141b1327d5) C:\WINDOWS\system32\drivers\ACPIEC.sys
00:16:51.0218 4976 ACPIEC - ok
00:16:51.0328 4976 ADASPROT (e9b047e166480f67fb6d50b3eec8bd35) C:\Program Files\Advanced System Optimizer 3\adasprot32.sys
00:16:51.0343 4976 ADASPROT ( UnsignedFile.Multi.Generic ) - warning
00:16:51.0343 4976 ADASPROT - detected UnsignedFile.Multi.Generic (1)
00:16:51.0500 4976 adpu160m - ok
00:16:51.0546 4976 aeaudio (cde1f62fe63631b932ace2249fb11da0) C:\WINDOWS\system32\drivers\aeaudio.sys
00:16:51.0562 4976 aeaudio ( UnsignedFile.Multi.Generic ) - warning
00:16:51.0562 4976 aeaudio - detected UnsignedFile.Multi.Generic (1)
00:16:51.0703 4976 aec (8bed39e3c35d6a489438b8141717a557) C:\WINDOWS\system32\drivers\aec.sys
00:16:51.0843 4976 aec - ok
00:16:51.0968 4976 AFD (1e44bc1e83d8fd2305f8d452db109cf9) C:\WINDOWS\System32\drivers\afd.sys
00:16:51.0984 4976 AFD - ok
00:16:52.0109 4976 Aha154x - ok
00:16:52.0125 4976 aic78u2 - ok
00:16:52.0140 4976 aic78xx - ok
00:16:52.0156 4976 AliIde - ok
00:16:52.0171 4976 amsint - ok
00:16:52.0203 4976 asc - ok
00:16:52.0218 4976 asc3350p - ok
00:16:52.0234 4976 asc3550 - ok
00:16:52.0281 4976 aswFsBlk (054df24c92b55427e0757cfff160e4f2) C:\WINDOWS\system32\drivers\aswFsBlk.sys
00:16:52.0296 4976 aswFsBlk - ok
00:16:52.0421 4976 aswFW (9b88d53227e0bc1ce62a981b2fcd67c8) C:\WINDOWS\system32\drivers\aswFW.sys
00:16:52.0437 4976 aswFW - ok
00:16:52.0578 4976 aswMon2 (ef0e9ad83380724bd6fbbb51d2d0f5b8) C:\WINDOWS\system32\drivers\aswMon2.sys
00:16:52.0593 4976 aswMon2 - ok
00:16:52.0765 4976 aswNdis (7b948e3657bea62e437bc46ca6ef6012) C:\WINDOWS\system32\DRIVERS\aswNdis.sys
00:16:52.0781 4976 aswNdis - ok
00:16:52.0921 4976 aswNdis2 (2d26aaee48a48e64129b4ae1d0ab3a3b) C:\WINDOWS\system32\drivers\aswNdis2.sys
00:16:52.0937 4976 aswNdis2 - ok
00:16:53.0109 4976 aswRdr (352d5a48ebab35a7693b048679304831) C:\WINDOWS\system32\drivers\aswRdr.sys
00:16:53.0125 4976 aswRdr - ok
00:16:53.0265 4976 aswSnx (8d34d2b24297e27d93e847319abfdec4) C:\WINDOWS\system32\drivers\aswSnx.sys
00:16:53.0296 4976 aswSnx - ok
00:16:53.0453 4976 aswSP (010012597333da1f46c3243f33f8409e) C:\WINDOWS\system32\drivers\aswSP.sys
00:16:53.0468 4976 aswSP - ok
00:16:53.0640 4976 aswTdi (f9f84364416658e9786235904d448d37) C:\WINDOWS\system32\drivers\aswTdi.sys
00:16:53.0656 4976 aswTdi - ok
00:16:53.0812 4976 AsyncMac (b153affac761e7f5fcfa822b9c4e97bc) C:\WINDOWS\system32\DRIVERS\asyncmac.sys
00:16:53.0953 4976 AsyncMac - ok
00:16:54.0078 4976 atapi (9f3a2f5aa6875c72bf062c712cfa2674) C:\WINDOWS\system32\DRIVERS\atapi.sys
00:16:54.0203 4976 atapi - ok
00:16:54.0312 4976 Atdisk - ok
00:16:54.0359 4976 Atmarpc (9916c1225104ba14794209cfa8012159) C:\WINDOWS\system32\DRIVERS\atmarpc.sys
00:16:54.0500 4976 Atmarpc - ok
00:16:54.0671 4976 audstub (d9f724aa26c010a217c97606b160ed68) C:\WINDOWS\system32\DRIVERS\audstub.sys
00:16:54.0796 4976 audstub - ok
00:16:54.0953 4976 Beep (da1f27d85e0d1525f6621372e7b685e9) C:\WINDOWS\system32\drivers\Beep.sys
00:16:55.0078 4976 Beep - ok
00:16:55.0203 4976 catchme - ok
00:16:55.0375 4976 cbidf2k (90a673fc8e12a79afbed2576f6a7aaf9) C:\WINDOWS\system32\drivers\cbidf2k.sys
00:16:55.0500 4976 cbidf2k - ok
00:16:55.0593 4976 cd20xrnt - ok
00:16:55.0625 4976 Cdaudio (c1b486a7658353d33a10cc15211a873b) C:\WINDOWS\system32\drivers\Cdaudio.sys
00:16:55.0765 4976 Cdaudio - ok
00:16:55.0875 4976 Cdfs (c885b02847f5d2fd45a24e219ed93b32) C:\WINDOWS\system32\drivers\Cdfs.sys
00:16:56.0000 4976 Cdfs - ok
00:16:56.0140 4976 Cdrom (1f4260cc5b42272d71f79e570a27a4fe) C:\WINDOWS\system32\DRIVERS\cdrom.sys
00:16:56.0281 4976 Cdrom - ok
00:16:56.0375 4976 Changer - ok
00:16:56.0406 4976 CmdIde - ok
00:16:56.0437 4976 Cpqarray - ok
00:16:56.0453 4976 dac2w2k - ok
00:16:56.0468 4976 dac960nt - ok
00:16:56.0531 4976 Disk (044452051f3e02e7963599fc8f4f3e25) C:\WINDOWS\system32\DRIVERS\disk.sys
00:16:56.0671 4976 Disk - ok
00:16:56.0812 4976 dmboot (d992fe1274bde0f84ad826acae022a41) C:\WINDOWS\system32\drivers\dmboot.sys
00:16:56.0953 4976 dmboot - ok
00:16:57.0109 4976 dmio (7c824cf7bbde77d95c08005717a95f6f) C:\WINDOWS\system32\drivers\dmio.sys
00:16:57.0250 4976 dmio - ok
00:16:57.0390 4976 dmload (e9317282a63ca4d188c0df5e09c6ac5f) C:\WINDOWS\system32\drivers\dmload.sys
00:16:57.0515 4976 dmload - ok
00:16:57.0671 4976 DMusic (8a208dfcf89792a484e76c40e5f50b45) C:\WINDOWS\system32\drivers\DMusic.sys
00:16:57.0812 4976 DMusic - ok
00:16:57.0921 4976 dpti2o - ok
00:16:57.0968 4976 drmkaud (8f5fcff8e8848afac920905fbd9d33c8) C:\WINDOWS\system32\drivers\drmkaud.sys
00:16:58.0093 4976 drmkaud - ok
00:16:58.0234 4976 E100B (5c940a174dfb2c42b9f6ba6edc2baa0b) C:\WINDOWS\system32\DRIVERS\e100b325.sys
00:16:58.0250 4976 E100B - ok
00:16:58.0437 4976 Fastfat (38d332a6d56af32635675f132548343e) C:\WINDOWS\system32\drivers\Fastfat.sys
00:16:58.0578 4976 Fastfat - ok
00:16:58.0718 4976 Fdc (92cdd60b6730b9f50f6a1a0c1f8cdc81) C:\WINDOWS\system32\DRIVERS\fdc.sys
00:16:58.0859 4976 Fdc - ok
00:16:59.0000 4976 Fips (d45926117eb9fa946a6af572fbe1caa3) C:\WINDOWS\system32\drivers\Fips.sys
00:16:59.0125 4976 Fips - ok
00:16:59.0265 4976 Flpydisk (9d27e7b80bfcdf1cdd9b555862d5e7f0) C:\WINDOWS\system32\DRIVERS\flpydisk.sys
00:16:59.0406 4976 Flpydisk - ok
00:16:59.0546 4976 FltMgr (b2cf4b0786f8212cb92ed2b50c6db6b0) C:\WINDOWS\system32\DRIVERS\fltMgr.sys
00:16:59.0687 4976 FltMgr - ok
00:16:59.0843 4976 Fs_Rec (3e1e2bd4f39b0e2b7dc4f4d2bcc2779a) C:\WINDOWS\system32\drivers\Fs_Rec.sys
00:16:59.0968 4976 Fs_Rec - ok
00:17:00.0109 4976 Ftdisk (6ac26732762483366c3969c9e4d2259d) C:\WINDOWS\system32\DRIVERS\ftdisk.sys
00:17:00.0250 4976 Ftdisk - ok
00:17:00.0390 4976 Gpc (0a02c63c8b144bd8c86b103dee7c86a2) C:\WINDOWS\system32\DRIVERS\msgpc.sys
00:17:00.0531 4976 Gpc - ok
00:17:00.0687 4976 hidusb (ccf82c5ec8a7326c3066de870c06daf1) C:\WINDOWS\system32\DRIVERS\hidusb.sys
00:17:00.0812 4976 hidusb - ok
00:17:00.0937 4976 hpn - ok
00:17:00.0968 4976 HPZid412 (30ca91e657cede2f95359d6ef186f650) C:\WINDOWS\system32\DRIVERS\HPZid412.sys
00:17:01.0000 4976 HPZid412 - ok
00:17:01.0140 4976 HPZipr12 (efd31afa752aa7c7bbb57bcbe2b01c78) C:\WINDOWS\system32\DRIVERS\HPZipr12.sys
00:17:01.0156 4976 HPZipr12 - ok
00:17:01.0296 4976 HPZius12 (7ac43c38ca8fd7ed0b0a4466f753e06e) C:\WINDOWS\system32\DRIVERS\HPZius12.sys
00:17:01.0312 4976 HPZius12 - ok
00:17:01.0453 4976 HTTP (f80a415ef82cd06ffaf0d971528ead38) C:\WINDOWS\system32\Drivers\HTTP.sys
00:17:01.0468 4976 HTTP - ok
00:17:01.0609 4976 i2omgmt - ok
00:17:01.0625 4976 i2omp - ok
00:17:01.0671 4976 i8042prt (4a0b06aa8943c1e332520f7440c0aa30) C:\WINDOWS\system32\DRIVERS\i8042prt.sys
00:17:01.0796 4976 i8042prt - ok
00:17:01.0953 4976 ialm (9a883c3c4d91292c0d09de7c728e781c) C:\WINDOWS\system32\DRIVERS\ialmnt5.sys
00:17:02.0031 4976 ialm - ok
00:17:02.0171 4976 Imapi (083a052659f5310dd8b6a6cb05edcf8e) C:\WINDOWS\system32\DRIVERS\imapi.sys
00:17:02.0312 4976 Imapi - ok
00:17:02.0437 4976 ini910u - ok
00:17:02.0484 4976 IntelIde (b5466a9250342a7aa0cd1fba13420678) C:\WINDOWS\system32\DRIVERS\intelide.sys
00:17:02.0625 4976 IntelIde - ok
00:17:02.0765 4976 intelppm (8c953733d8f36eb2133f5bb58808b66b) C:\WINDOWS\system32\DRIVERS\intelppm.sys
00:17:02.0906 4976 intelppm - ok
00:17:03.0031 4976 Ip6Fw (3bb22519a194418d5fec05d800a19ad0) C:\WINDOWS\system32\DRIVERS\Ip6Fw.sys
00:17:03.0156 4976 Ip6Fw - ok
00:17:03.0312 4976 IpFilterDriver (731f22ba402ee4b62748adaf6363c182) C:\WINDOWS\system32\DRIVERS\ipfltdrv.sys
00:17:03.0437 4976 IpFilterDriver - ok
00:17:03.0578 4976 IpInIp (b87ab476dcf76e72010632b5550955f5) C:\WINDOWS\system32\DRIVERS\ipinip.sys
00:17:03.0703 4976 IpInIp - ok
00:17:03.0859 4976 IpNat (cc748ea12c6effde940ee98098bf96bb) C:\WINDOWS\system32\DRIVERS\ipnat.sys
00:17:04.0000 4976 IpNat - ok
00:17:04.0140 4976 IPSec (23c74d75e36e7158768dd63d92789a91) C:\WINDOWS\system32\DRIVERS\ipsec.sys
00:17:04.0281 4976 IPSec - ok
00:17:04.0390 4976 IRENUM (c93c9ff7b04d772627a3646d89f7bf89) C:\WINDOWS\system32\DRIVERS\irenum.sys
00:17:04.0453 4976 IRENUM - ok
00:17:04.0609 4976 isapnp (05a299ec56e52649b1cf2fc52d20f2d7) C:\WINDOWS\system32\DRIVERS\isapnp.sys
00:17:04.0750 4976 isapnp - ok
00:17:04.0906 4976 Kbdclass (463c1ec80cd17420a542b7f36a36f128) C:\WINDOWS\system32\DRIVERS\kbdclass.sys
00:17:05.0031 4976 Kbdclass - ok
00:17:05.0187 4976 kmixer (692bcf44383d056aed41b045a323d378) C:\WINDOWS\system32\drivers\kmixer.sys
00:17:05.0328 4976 kmixer - ok
00:17:05.0468 4976 KSecDD (b467646c54cc746128904e1654c750c1) C:\WINDOWS\system32\drivers\KSecDD.sys
00:17:05.0484 4976 KSecDD - ok
00:17:05.0625 4976 lbrtfdc - ok
00:17:05.0656 4976 MBAMProtector (b7ca8cc3f978201856b6ab82f40953c3) C:\WINDOWS\system32\drivers\mbam.sys
00:17:05.0671 4976 MBAMProtector - ok
00:17:05.0828 4976 MidiSyn (63c34814492aa65fc517b002de77b191) C:\WINDOWS\system32\drivers\MidiSyn.sys
00:17:05.0859 4976 MidiSyn - ok
00:17:06.0000 4976 mnmdd (4ae068242760a1fb6e1a44bf4e16afa6) C:\WINDOWS\system32\drivers\mnmdd.sys
00:17:06.0125 4976 mnmdd - ok
00:17:06.0265 4976 Modem (dfcbad3cec1c5f964962ae10e0bcc8e1) C:\WINDOWS\system32\drivers\Modem.sys
00:17:06.0406 4976 Modem - ok
00:17:06.0562 4976 Mouclass (35c9e97194c8cfb8430125f8dbc34d04) C:\WINDOWS\system32\DRIVERS\mouclass.sys
00:17:06.0687 4976 Mouclass - ok
00:17:06.0843 4976 mouhid (b1c303e17fb9d46e87a98e4ba6769685) C:\WINDOWS\system32\DRIVERS\mouhid.sys
00:17:06.0968 4976 mouhid - ok
00:17:07.0109 4976 MountMgr (a80b9a0bad1b73637dbcbba7df72d3fd) C:\WINDOWS\system32\drivers\MountMgr.sys
00:17:07.0250 4976 MountMgr - ok
00:17:07.0375 4976 mraid35x - ok
00:17:07.0421 4976 MRxDAV (11d42bb6206f33fbb3ba0288d3ef81bd) C:\WINDOWS\system32\DRIVERS\mrxdav.sys
00:17:07.0562 4976 MRxDAV - ok
00:17:07.0703 4976 MRxSmb (7d304a5eb4344ebeeab53a2fe3ffb9f0) C:\WINDOWS\system32\DRIVERS\mrxsmb.sys
00:17:07.0718 4976 MRxSmb - ok
00:17:07.0859 4976 Msfs (c941ea2454ba8350021d774daf0f1027) C:\WINDOWS\system32\drivers\Msfs.sys
00:17:08.0000 4976 Msfs - ok
00:17:08.0125 4976 MSKSSRV (d1575e71568f4d9e14ca56b7b0453bf1) C:\WINDOWS\system32\drivers\MSKSSRV.sys
00:17:08.0265 4976 MSKSSRV - ok
00:17:08.0390 4976 MSPCLOCK (325bb26842fc7ccc1fcce2c457317f3e) C:\WINDOWS\system32\drivers\MSPCLOCK.sys
00:17:08.0515 4976 MSPCLOCK - ok
00:17:08.0640 4976 MSPQM (bad59648ba099da4a17680b39730cb3d) C:\WINDOWS\system32\drivers\MSPQM.sys
00:17:08.0781 4976 MSPQM - ok
00:17:08.0828 4976 mssmbios (af5f4f3f14a8ea2c26de30f7a1e17136) C:\WINDOWS\system32\DRIVERS\mssmbios.sys
00:17:08.0953 4976 mssmbios - ok
00:17:09.0078 4976 Mup (de6a75f5c270e756c5508d94b6cf68f5) C:\WINDOWS\system32\drivers\Mup.sys
00:17:09.0093 4976 Mup - ok
00:17:09.0250 4976 NDIS (1df7f42665c94b825322fae71721130d) C:\WINDOWS\system32\drivers\NDIS.sys
00:17:09.0390 4976 NDIS - ok
00:17:09.0531 4976 NdisTapi (0109c4f3850dfbab279542515386ae22) C:\WINDOWS\system32\DRIVERS\ndistapi.sys
00:17:09.0546 4976 NdisTapi - ok
00:17:09.0687 4976 Ndisuio (f927a4434c5028758a842943ef1a3849) C:\WINDOWS\system32\DRIVERS\ndisuio.sys
00:17:09.0828 4976 Ndisuio - ok
00:17:09.0953 4976 NdisWan (edc1531a49c80614b2cfda43ca8659ab) C:\WINDOWS\system32\DRIVERS\ndiswan.sys
00:17:10.0093 4976 NdisWan - ok
00:17:10.0218 4976 NDProxy (9282bd12dfb069d3889eb3fcc1000a9b) C:\WINDOWS\system32\drivers\NDProxy.sys
00:17:10.0234 4976 NDProxy - ok
00:17:10.0390 4976 NetBIOS (5d81cf9a2f1a3a756b66cf684911cdf0) C:\WINDOWS\system32\DRIVERS\netbios.sys
00:17:10.0531 4976 NetBIOS - ok
00:17:10.0671 4976 NetBT (74b2b2f5bea5e9a3dc021d685551bd3d) C:\WINDOWS\system32\DRIVERS\netbt.sys
00:17:10.0812 4976 NetBT - ok
00:17:10.0968 4976 Npfs (3182d64ae053d6fb034f44b6def8034a) C:\WINDOWS\system32\drivers\Npfs.sys
00:17:11.0093 4976 Npfs - ok
00:17:11.0250 4976 Ntfs (78a08dd6a8d65e697c18e1db01c5cdca) C:\WINDOWS\system32\drivers\Ntfs.sys
00:17:11.0390 4976 Ntfs - ok
00:17:11.0546 4976 Null (73c1e1f395918bc2c6dd67af7591a3ad) C:\WINDOWS\system32\drivers\Null.sys
00:17:11.0687 4976 Null - ok
00:17:11.0843 4976 NwlnkFlt (b305f3fad35083837ef46a0bbce2fc57) C:\WINDOWS\system32\DRIVERS\nwlnkflt.sys
00:17:11.0953 4976 NwlnkFlt - ok
00:17:12.0109 4976 NwlnkFwd (c99b3415198d1aab7227f2c88fd664b9) C:\WINDOWS\system32\DRIVERS\nwlnkfwd.sys
00:17:12.0234 4976 NwlnkFwd - ok
00:17:12.0390 4976 Parport (5575faf8f97ce5e713d108c2a58d7c7c) C:\WINDOWS\system32\DRIVERS\parport.sys
00:17:12.0515 4976 Parport - ok
00:17:12.0671 4976 PartMgr (beb3ba25197665d82ec7065b724171c6) C:\WINDOWS\system32\drivers\PartMgr.sys
00:17:12.0812 4976 PartMgr - ok
00:17:12.0937 4976 ParVdm (70e98b3fd8e963a6a46a2e6247e0bea1) C:\WINDOWS\system32\drivers\ParVdm.sys
00:17:13.0062 4976 ParVdm - ok
00:17:13.0203 4976 PCI (a219903ccf74233761d92bef471a07b1) C:\WINDOWS\system32\DRIVERS\pci.sys
00:17:13.0343 4976 PCI - ok
00:17:13.0453 4976 PCIDump - ok
00:17:13.0500 4976 PCIIde (ccf5f451bb1a5a2a522a76e670000ff0) C:\WINDOWS\system32\drivers\PCIIde.sys
00:17:13.0625 4976 PCIIde - ok
00:17:13.0765 4976 Pcmcia (9e89ef60e9ee05e3f2eef2da7397f1c1) C:\WINDOWS\system32\drivers\Pcmcia.sys
00:17:13.0906 4976 Pcmcia - ok
00:17:14.0031 4976 perc2 - ok
00:17:14.0046 4976 perc2hib - ok
00:17:14.0125 4976 PptpMiniport (efeec01b1d3cf84f16ddd24d9d9d8f99) C:\WINDOWS\system32\DRIVERS\raspptp.sys
00:17:14.0250 4976 PptpMiniport - ok
00:17:14.0390 4976 PSched (09298ec810b07e5d582cb3a3f9255424) C:\WINDOWS\system32\DRIVERS\psched.sys
00:17:14.0515 4976 PSched - ok
00:17:14.0656 4976 Ptilink (80d317bd1c3dbc5d4fe7b1678c60cadd) C:\WINDOWS\system32\DRIVERS\ptilink.sys
00:17:14.0781 4976 Ptilink - ok
00:17:14.0875 4976 ql1080 - ok
00:17:14.0890 4976 Ql10wnt - ok
00:17:14.0906 4976 ql12160 - ok
00:17:14.0921 4976 ql1240 - ok
00:17:14.0937 4976 ql1280 - ok
00:17:14.0984 4976 RasAcd (fe0d99d6f31e4fad8159f690d68ded9c) C:\WINDOWS\system32\DRIVERS\rasacd.sys
00:17:15.0125 4976 RasAcd - ok
00:17:15.0187 4976 Rasl2tp (11b4a627bc9614b885c4969bfa5ff8a6) C:\WINDOWS\system32\DRIVERS\rasl2tp.sys
00:17:15.0312 4976 Rasl2tp - ok
00:17:15.0437 4976 RasPppoe (5bc962f2654137c9909c3d4603587dee) C:\WINDOWS\system32\DRIVERS\raspppoe.sys
00:17:15.0562 4976 RasPppoe - ok
00:17:15.0703 4976 Raspti (fdbb1d60066fcfbb7452fd8f9829b242) C:\WINDOWS\system32\DRIVERS\raspti.sys
00:17:15.0828 4976 Raspti - ok
00:17:15.0968 4976 Rdbss (7ad224ad1a1437fe28d89cf22b17780a) C:\WINDOWS\system32\DRIVERS\rdbss.sys
00:17:16.0125 4976 Rdbss - ok
00:17:16.0265 4976 RDPCDD (4912d5b403614ce99c28420f75353332) C:\WINDOWS\system32\DRIVERS\RDPCDD.sys
00:17:16.0390 4976 RDPCDD - ok
00:17:16.0546 4976 rdpdr (15cabd0f7c00c47c70124907916af3f1) C:\WINDOWS\system32\DRIVERS\rdpdr.sys
00:17:16.0687 4976 rdpdr - ok
00:17:16.0828 4976 RDPWD (fc105dd312ed64eb66bff111e8ec6eac) C:\WINDOWS\system32\drivers\RDPWD.sys
00:17:16.0843 4976 RDPWD - ok
00:17:17.0000 4976 redbook (f828dd7e1419b6653894a8f97a0094c5) C:\WINDOWS\system32\DRIVERS\redbook.sys
00:17:17.0125 4976 redbook - ok
00:17:17.0281 4976 Revoflt (8b5b8a11306190c6963d3473f052d3c8) C:\WINDOWS\system32\DRIVERS\revoflt.sys
00:17:17.0281 4976 Revoflt - ok
00:17:17.0453 4976 Secdrv (90a3935d05b494a5a39d37e71f09a677) C:\WINDOWS\system32\DRIVERS\secdrv.sys
00:17:17.0515 4976 Secdrv - ok
00:17:17.0703 4976 senfilt (9a4c4a4b191200f12085d188be70e4e3) C:\WINDOWS\system32\drivers\senfilt.sys
00:17:17.0734 4976 senfilt ( UnsignedFile.Multi.Generic ) - warning
00:17:17.0734 4976 senfilt - detected UnsignedFile.Multi.Generic (1)
00:17:17.0906 4976 serenum (0f29512ccd6bead730039fb4bd2c85ce) C:\WINDOWS\system32\DRIVERS\serenum.sys
00:17:18.0031 4976 serenum - ok
00:17:18.0171 4976 Serial (cca207a8896d4c6a0c9ce29a4ae411a7) C:\WINDOWS\system32\DRIVERS\serial.sys
00:17:18.0296 4976 Serial - ok
00:17:18.0437 4976 sf (8da9c7feedba52cfd91ee2e2113df6a9) C:\WINDOWS\system32\drivers\sf.sys
00:17:18.0453 4976 sf ( UnsignedFile.Multi.Generic ) - warning
00:17:18.0453 4976 sf - detected UnsignedFile.Multi.Generic (1)
00:17:18.0578 4976 Sfloppy (8e6b8c671615d126fdc553d1e2de5562) C:\WINDOWS\system32\drivers\Sfloppy.sys
00:17:18.0703 4976 Sfloppy - ok
00:17:18.0828 4976 Simbad - ok
00:17:18.0875 4976 smwdm (ce52bffebfaf1e59553e2885cab80b52) C:\WINDOWS\system32\drivers\smwdm.sys
00:17:18.0875 4976 smwdm ( UnsignedFile.Multi.Generic ) - warning
00:17:18.0875 4976 smwdm - detected UnsignedFile.Multi.Generic (1)
00:17:19.0000 4976 Sparrow - ok
00:17:19.0031 4976 splitter (ab8b92451ecb048a4d1de7c3ffcb4a9f) C:\WINDOWS\system32\drivers\splitter.sys
00:17:19.0171 4976 splitter - ok
00:17:19.0328 4976 sr (76bb022c2fb6902fd5bdd4f78fc13a5d) C:\WINDOWS\system32\DRIVERS\sr.sys
00:17:19.0390 4976 sr - ok
00:17:19.0531 4976 Srv (47ddfc2f003f7f9f0592c6874962a2e7) C:\WINDOWS\system32\DRIVERS\srv.sys
00:17:19.0562 4976 Srv - ok
00:17:19.0734 4976 swenum (3941d127aef12e93addf6fe6ee027e0f) C:\WINDOWS\system32\DRIVERS\swenum.sys
00:17:19.0859 4976 swenum - ok
00:17:20.0000 4976 swmidi (8ce882bcc6cf8a62f2b2323d95cb3d01) C:\WINDOWS\system32\drivers\swmidi.sys
00:17:20.0140 4976 swmidi - ok
00:17:20.0250 4976 symc810 - ok
00:17:20.0265 4976 symc8xx - ok
00:17:20.0281 4976 sym_hi - ok
00:17:20.0312 4976 sym_u3 - ok
00:17:20.0359 4976 sysaudio (8b83f3ed0f1688b4958f77cd6d2bf290) C:\WINDOWS\system32\drivers\sysaudio.sys
00:17:20.0484 4976 sysaudio - ok
00:17:20.0656 4976 Tcpip (9aefa14bd6b182d61e3119fa5f436d3d) C:\WINDOWS\system32\DRIVERS\tcpip.sys
00:17:20.0687 4976 Tcpip - ok
00:17:20.0828 4976 TDPIPE (6471a66807f5e104e4885f5b67349397) C:\WINDOWS\system32\drivers\TDPIPE.sys
00:17:20.0953 4976 TDPIPE - ok
00:17:21.0078 4976 TDTCP (c56b6d0402371cf3700eb322ef3aaf61) C:\WINDOWS\system32\drivers\TDTCP.sys
00:17:21.0218 4976 TDTCP - ok
00:17:21.0375 4976 TermDD (88155247177638048422893737429d9e) C:\WINDOWS\system32\DRIVERS\termdd.sys
00:17:21.0515 4976 TermDD - ok
00:17:21.0640 4976 TosIde - ok
00:17:21.0687 4976 Udfs (5787b80c2e3c5e2f56c2a233d91fa2c9) C:\WINDOWS\system32\drivers\Udfs.sys
00:17:21.0828 4976 Udfs - ok
00:17:21.0937 4976 ultra - ok
00:17:22.0000 4976 Update (402ddc88356b1bac0ee3dd1580c76a31) C:\WINDOWS\system32\DRIVERS\update.sys
00:17:22.0140 4976 Update - ok
00:17:22.0296 4976 usbccgp (173f317ce0db8e21322e71b7e60a27e8) C:\WINDOWS\system32\DRIVERS\usbccgp.sys
00:17:22.0437 4976 usbccgp - ok
00:17:22.0609 4976 usbehci (65dcf09d0e37d4c6b11b5b0b76d470a7) C:\WINDOWS\system32\DRIVERS\usbehci.sys
00:17:22.0750 4976 usbehci - ok
00:17:22.0890 4976 usbhub (1ab3cdde553b6e064d2e754efe20285c) C:\WINDOWS\system32\DRIVERS\usbhub.sys
00:17:23.0015 4976 usbhub - ok
00:17:23.0156 4976 usbprint (a717c8721046828520c9edf31288fc00) C:\WINDOWS\system32\DRIVERS\usbprint.sys
00:17:23.0281 4976 usbprint - ok
00:17:23.0437 4976 USBSTOR (a32426d9b14a089eaa1d922e0c5801a9) C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS
00:17:23.0562 4976 USBSTOR - ok
00:17:23.0718 4976 usbuhci (26496f9dee2d787fc3e61ad54821ffe6) C:\WINDOWS\system32\DRIVERS\usbuhci.sys
00:17:23.0843 4976 usbuhci - ok
00:17:24.0000 4976 VgaSave (0d3a8fafceacd8b7625cd549757a7df1) C:\WINDOWS\System32\drivers\vga.sys
00:17:24.0125 4976 VgaSave - ok
00:17:24.0250 4976 ViaIde - ok
00:17:24.0281 4976 VolSnap (4c8fcb5cc53aab716d810740fe59d025) C:\WINDOWS\system32\drivers\VolSnap.sys
00:17:24.0421 4976 VolSnap - ok
00:17:24.0578 4976 Wanarp (e20b95baedb550f32dd489265c1da1f6) C:\WINDOWS\system32\DRIVERS\wanarp.sys
00:17:24.0718 4976 Wanarp - ok
00:17:24.0859 4976 wdmaud (6768acf64b18196494413695f0c3a00f) C:\WINDOWS\system32\drivers\wdmaud.sys
00:17:24.0984 4976 wdmaud - ok
00:17:25.0171 4976 WS2IFSL (6abe6e225adb5a751622a9cc3bc19ce8) C:\WINDOWS\System32\drivers\ws2ifsl.sys
00:17:25.0281 4976 WS2IFSL - ok
00:17:25.0328 4976 MBR (0x1B8) (8f558eb6672622401da993e1e865c861) \Device\Harddisk0\DR0
00:17:25.0609 4976 \Device\Harddisk0\DR0 - ok
00:17:25.0625 4976 MBR (0x1B8) (5fb38429d5d77768867c76dcbdb35194) \Device\Harddisk1\DR2
00:17:25.0781 4976 \Device\Harddisk1\DR2 - ok
00:17:25.0781 4976 Boot (0x1200) (30f1ef57d6aa5cea1a2b0bd565ab272e) \Device\Harddisk0\DR0\Partition0
00:17:25.0781 4976 \Device\Harddisk0\DR0\Partition0 - ok
00:17:25.0796 4976 Boot (0x1200) (57e912f8d95fd1353eee94f39f66d733) \Device\Harddisk1\DR2\Partition0
00:17:25.0796 4976 \Device\Harddisk1\DR2\Partition0 - ok
00:17:25.0796 4976 ============================================================
00:17:25.0796 4976 Scan finished
00:17:25.0796 4976 ============================================================
00:17:25.0812 5128 Detected object count: 5
00:17:25.0812 5128 Actual detected object count: 5
00:17:27.0390 5128 ADASPROT ( UnsignedFile.Multi.Generic ) - skipped by user
00:17:27.0390 5128 ADASPROT ( UnsignedFile.Multi.Generic ) - User select action: Skip
00:17:27.0390 5128 aeaudio ( UnsignedFile.Multi.Generic ) - skipped by user
00:17:27.0390 5128 aeaudio ( UnsignedFile.Multi.Generic ) - User select action: Skip
00:17:27.0390 5128 senfilt ( UnsignedFile.Multi.Generic ) - skipped by user
00:17:27.0390 5128 senfilt ( UnsignedFile.Multi.Generic ) - User select action: Skip
00:17:27.0406 5128 sf ( UnsignedFile.Multi.Generic ) - skipped by user
00:17:27.0406 5128 sf ( UnsignedFile.Multi.Generic ) - User select action: Skip
00:17:27.0406 5128 smwdm ( UnsignedFile.Multi.Generic ) - skipped by user
00:17:27.0406 5128 smwdm ( UnsignedFile.Multi.Generic ) - User select action: Skip
00:18:00.0453 5380 Deinitialize success

MBRCheck Results
MBRCheck, version 1.2.3
© 2010, AD

Command-line:
Windows Version: Windows XP Professional
Windows Information: Service Pack 3 (build 2600)
Logical Drives Mask: 0x0000001d

Kernel Drivers (total 130):
0x804D7000 \WINDOWS\system32\ntoskrnl.exe
0x806EF000 \WINDOWS\system32\hal.dll
0xF7987000 \WINDOWS\system32\KDCOM.DLL
0xF7897000 \WINDOWS\system32\BOOTVID.dll
0xF75A8000 ACPI.sys
0xF7989000 \WINDOWS\system32\DRIVERS\WMILIB.SYS
0xF7597000 pci.sys
0xF75F7000 isapnp.sys
0xF7A4F000 PCIIde.sys
0xF7707000 \WINDOWS\System32\Drivers\PCIIDEX.SYS
0xF798B000 intelide.sys
0xF7607000 MountMgr.sys
0xF74D8000 ftdisk.sys
0xF798D000 dmload.sys
0xF74B2000 dmio.sys
0xF770F000 PartMgr.sys
0xF7617000 VolSnap.sys
0xF749A000 atapi.sys
0xF7627000 disk.sys
0xF7637000 \WINDOWS\system32\DRIVERS\CLASSPNP.SYS
0xF747A000 fltMgr.sys
0xF7468000 sr.sys
0xF7451000 KSecDD.sys
0xF7B52000 Ntfs.sys
0xF7424000 NDIS.sys
0xF7869000 aswNdis2.sys
0xF798F000 aswNdis.sys
0xF740A000 Mup.sys
0xF7557000 \SystemRoot\system32\DRIVERS\intelppm.sys
0xBA446000 \SystemRoot\system32\DRIVERS\ialmnt5.sys
0xBA41B000 \SystemRoot\system32\DRIVERS\VIDEOPRT.SYS
0xF776F000 \SystemRoot\system32\DRIVERS\usbuhci.sys
0xBA3F7000 \SystemRoot\system32\DRIVERS\USBPORT.SYS
0xF7777000 \SystemRoot\system32\DRIVERS\usbehci.sys
0xBA3D0000 \SystemRoot\system32\DRIVERS\e100b325.sys
0xF7547000 \SystemRoot\system32\DRIVERS\i8042prt.sys
0xF777F000 \SystemRoot\system32\DRIVERS\kbdclass.sys
0xF7787000 \SystemRoot\system32\DRIVERS\fdc.sys
0xF7537000 \SystemRoot\system32\DRIVERS\serial.sys
0xF7923000 \SystemRoot\system32\DRIVERS\serenum.sys
0xBA3BC000 \SystemRoot\system32\DRIVERS\parport.sys
0xF7527000 \SystemRoot\system32\DRIVERS\imapi.sys
0xF7517000 \SystemRoot\system32\DRIVERS\cdrom.sys
0xF7507000 \SystemRoot\system32\DRIVERS\redbook.sys
0xBA399000 \SystemRoot\system32\DRIVERS\ks.sys
0xBA359000 \SystemRoot\system32\drivers\smwdm.sys
0xBA335000 \SystemRoot\system32\drivers\portcls.sys
0xF74F7000 \SystemRoot\system32\drivers\drmk.sys
0xBA315000 \SystemRoot\system32\drivers\aeaudio.sys
0xBA2B7000 \SystemRoot\system32\drivers\senfilt.sys
0xF778F000 \SystemRoot\system32\drivers\sf.sys
0xF7A87000 \SystemRoot\system32\DRIVERS\audstub.sys
0xBA7A0000 \SystemRoot\system32\DRIVERS\rasl2tp.sys
0xF792B000 \SystemRoot\system32\DRIVERS\ndistapi.sys
0xBA282000 \SystemRoot\system32\DRIVERS\ndiswan.sys
0xBA790000 \SystemRoot\system32\DRIVERS\raspppoe.sys
0xBA780000 \SystemRoot\system32\DRIVERS\raspptp.sys
0xF7797000 \SystemRoot\system32\DRIVERS\TDI.SYS
0xBA271000 \SystemRoot\system32\DRIVERS\psched.sys
0xBA770000 \SystemRoot\system32\DRIVERS\msgpc.sys
0xF779F000 \SystemRoot\system32\DRIVERS\ptilink.sys
0xF77A7000 \SystemRoot\system32\DRIVERS\raspti.sys
0xBA1A1000 \SystemRoot\system32\DRIVERS\rdpdr.sys
0xBA760000 \SystemRoot\system32\DRIVERS\termdd.sys
0xF77AF000 \SystemRoot\system32\DRIVERS\mouclass.sys
0xF7997000 \SystemRoot\system32\DRIVERS\swenum.sys
0xBA11B000 \SystemRoot\system32\DRIVERS\update.sys
0xF7943000 \SystemRoot\system32\DRIVERS\mssmbios.sys
0xBA750000 \SystemRoot\System32\Drivers\NDProxy.SYS
0xBA730000 \SystemRoot\system32\DRIVERS\usbhub.sys
0xF799B000 \SystemRoot\system32\DRIVERS\USBD.SYS
0xF77BF000 \SystemRoot\system32\DRIVERS\flpydisk.sys
0xF799D000 \SystemRoot\System32\Drivers\Fs_Rec.SYS
0xBA06E000 \SystemRoot\System32\Drivers\Null.SYS
0xF799F000 \SystemRoot\System32\Drivers\Beep.SYS
0xF77CF000 \SystemRoot\System32\drivers\vga.sys
0xF79A1000 \SystemRoot\System32\Drivers\mnmdd.SYS
0xF79A3000 \SystemRoot\System32\DRIVERS\RDPCDD.sys
0xF77D7000 \SystemRoot\System32\Drivers\Msfs.SYS
0xF77DF000 \SystemRoot\System32\Drivers\Npfs.SYS
0xBA7C4000 \SystemRoot\system32\DRIVERS\rasacd.sys
0xB1EBF000 \SystemRoot\system32\DRIVERS\ipsec.sys
0xB1E66000 \SystemRoot\system32\DRIVERS\tcpip.sys
0xB1E4C000 \SystemRoot\System32\Drivers\aswFW.SYS
0xBA710000 \SystemRoot\System32\Drivers\aswTdi.SYS
0xB1E24000 \SystemRoot\system32\DRIVERS\netbt.sys
0xF77E7000 \SystemRoot\System32\Drivers\aswRdr.SYS
0xB1E02000 \SystemRoot\System32\drivers\afd.sys
0xF7667000 \SystemRoot\system32\DRIVERS\netbios.sys
0xB1DD7000 \SystemRoot\system32\DRIVERS\rdbss.sys
0xB1D67000 \SystemRoot\system32\DRIVERS\mrxsmb.sys
0xF7677000 \SystemRoot\System32\Drivers\Fips.SYS
0xB1D41000 \SystemRoot\system32\DRIVERS\ipnat.sys
0xF7687000 \SystemRoot\system32\DRIVERS\wanarp.sys
0xBA199000 \SystemRoot\system32\DRIVERS\hidusb.sys
0xF7697000 \SystemRoot\system32\DRIVERS\HIDCLASS.SYS
0xF77EF000 \SystemRoot\system32\DRIVERS\HIDPARSE.SYS
0xB1C56000 \SystemRoot\System32\Drivers\aswSP.SYS
0xB1BC1000 \SystemRoot\System32\Drivers\aswSnx.SYS
0xF77FF000 \SystemRoot\System32\Drivers\Aavmker4.SYS
0xF780F000 \SystemRoot\system32\DRIVERS\usbccgp.sys
0xF7817000 \SystemRoot\system32\DRIVERS\USBSTOR.SYS
0xF76B7000 \SystemRoot\System32\Drivers\Cdfs.SYS
0xB1F1E000 \SystemRoot\system32\DRIVERS\mouhid.sys
0xF781F000 \SystemRoot\system32\DRIVERS\usbprint.sys
0xF773F000 \SystemRoot\system32\DRIVERS\HPZius12.sys
0xF76C7000 \SystemRoot\system32\DRIVERS\HPZid412.sys
0xB1F1A000 \SystemRoot\system32\DRIVERS\HPZipr12.sys
0xB1B31000 \SystemRoot\System32\Drivers\dump_atapi.sys
0xF79B1000 \SystemRoot\System32\Drivers\dump_WMILIB.SYS
0xBF800000 \SystemRoot\System32\win32k.sys
0xBA7E4000 \SystemRoot\System32\drivers\Dxapi.sys
0xF7747000 \SystemRoot\System32\watchdog.sys
0xBF000000 \SystemRoot\System32\drivers\dxg.sys
0xF7A53000 \SystemRoot\System32\drivers\dxgthk.sys
0xBF020000 \SystemRoot\System32\ialmdnt5.dll
0xBF012000 \SystemRoot\System32\ialmrnt5.dll
0xBF042000 \SystemRoot\System32\ialmdev5.DLL
0xBF077000 \SystemRoot\System32\ialmdd5.DLL
0xBA7E0000 \SystemRoot\System32\Drivers\aswFsBlk.SYS
0xB1897000 \SystemRoot\System32\Drivers\aswMon2.SYS
0xB1693000 \SystemRoot\System32\Drivers\Fastfat.SYS
0xB159E000 \SystemRoot\system32\DRIVERS\mrxdav.sys
0xF79DB000 \SystemRoot\System32\Drivers\ParVdm.SYS
0xB1539000 \SystemRoot\system32\drivers\wdmaud.sys
0xB176F000 \SystemRoot\system32\drivers\sysaudio.sys
0xB08CC000 \SystemRoot\System32\Drivers\IsDrv122.sys
0xF79ED000 \??\C:\WINDOWS\system32\Drivers\PROCEXP113.SYS
0xB1B81000 \??\C:\DOCUME~1\HomeUser\LOCALS~1\Temp\catchme.sys
0x7C900000 \WINDOWS\system32\ntdll.dll

Processes (total 24):
0 System Idle Process
4 System
892 C:\WINDOWS\system32\smss.exe
1004 csrss.exe
1028 C:\WINDOWS\system32\winlogon.exe
1072 C:\WINDOWS\system32\services.exe
1084 C:\WINDOWS\system32\lsass.exe
1248 C:\WINDOWS\system32\svchost.exe
1332 svchost.exe
1456 C:\WINDOWS\system32\svchost.exe
1504 svchost.exe
828 C:\WINDOWS\system32\spoolsv.exe
964 svchost.exe
1224 C:\WINDOWS\system32\HPZipm12.exe
1372 C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
1664 C:\Program Files\AVAST Software\Avast\AvastUI.exe
2032 C:\Program Files\BillP Studios\WinPatrol\WinPatrol.exe
1624 alg.exe
6020 C:\WINDOWS\explorer.exe
2548 C:\Program Files\AVAST Software\Avast\afwServ.exe
4240 C:\Program Files\Mozilla Firefox\firefox.exe
2908 C:\Program Files\AVAST Software\Avast\AvastSvc.exe
5312 C:\WINDOWS\system32\notepad.exe
5736 C:\Documents and Settings\HomeUser\desktop\MBRCheck.exe

\\.\C: --> \\.\PhysicalDrive0 at offset 0x00000000`00007e00 (NTFS)

PhysicalDrive0 Model Number: WDCWD3200AAJB-00J3A0, Rev: 01.03E01

Size Device Name MBR Status
--------------------------------------------
298 GB \\.\PhysicalDrive0 Windows XP MBR code detected
SHA1: DA38B874B7713D1B51CBC449F4EF809B0DEC644A

Done!

Combofix Reults
ComboFix 12-01-19.02 - HomeUser 01/19/2012 23:57:19.1.1 - x86
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.2031.1679 [GMT -5:00]
Running from: c:\documents and settings\HomeUser\Desktop\ComboFix.exe
AV: avast! Internet Security *Disabled/Updated* {7591DB91-41F0-48A3-B128-1A293FD8233D}
FW: avast! Internet Security *Disabled* {7591DB91-41F0-48A3-B128-1A293FD8233D}
.
.
((((((((((((((((((((((((( Files Created from 2011-12-20 to 2012-01-20 )))))))))))))))))))))))))))))))
.
.
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-11-25 21:57 . 2008-04-14 12:00 293376 ----a-w- c:\windows\system32\winsrv.dll
2011-11-23 13:25 . 2008-04-14 12:00 1859584 ----a-w- c:\windows\system32\win32k.sys
2011-11-18 12:35 . 2008-04-14 12:00 60416 ----a-w- c:\windows\system32\packager.exe
2011-11-16 14:21 . 2008-04-14 12:00 354816 ----a-w- c:\windows\system32\winhttp.dll
2011-11-16 14:21 . 2008-04-14 12:00 152064 ----a-w- c:\windows\system32\schannel.dll
2011-11-03 15:28 . 2008-04-14 12:00 386048 ----a-w- c:\windows\system32\qdvd.dll
2011-11-03 15:28 . 2008-04-14 12:00 1292288 ----a-w- c:\windows\system32\quartz.dll
2011-11-01 20:35 . 2008-04-14 12:00 81920 ----a-w- c:\windows\system32\ieencode.dll
2011-11-01 20:35 . 2008-04-14 12:00 667136 ----a-w- c:\windows\system32\wininet.dll
2011-11-01 20:35 . 2008-04-14 12:00 61952 ----a-w- c:\windows\system32\tdc.ocx
2011-11-01 16:07 . 2008-04-14 12:00 1288704 ----a-w- c:\windows\system32\ole32.dll
2011-11-01 15:02 . 2008-04-14 12:00 369664 ----a-w- c:\windows\system32\html.iec
2011-10-28 05:31 . 2008-04-14 12:00 33280 ----a-w- c:\windows\system32\csrsrv.dll
2011-10-25 13:33 . 2008-04-14 12:00 2192768 ----a-w- c:\windows\system32\ntoskrnl.exe
2011-10-25 12:52 . 2008-04-14 00:01 2069376 ----a-w- c:\windows\system32\ntkrnlpa.exe
.
.
------- Sigcheck -------
Note: Unsigned files aren't necessarily malware.
.
[-] 2009-05-10 . 362BC5AF8EAF712832C58CC13AE05750 . 1614848 . . [5.1.2600.5512] . . c:\windows\system32\sfcfiles.dll
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\00avast]
@="{472083B0-C522-11CF-8763-00608CC02F24}"
[HKEY_CLASSES_ROOT\CLSID\{472083B0-C522-11CF-8763-00608CC02F24}]
2011-11-28 18:01 122512 ----a-w- c:\program files\AVAST Software\Avast\ashShell.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"avast"="c:\program files\AVAST Software\Avast\avastUI.exe" [2011-11-28 3744552]
"WinPatrol"="c:\program files\BillP Studios\WinPatrol\winpatrol.exe" [2010-10-01 329096]
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute REG_MULTI_SZ autocheck autochk *\0sasnative32
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"%windir%\\system32\\sessmgr.exe"=
.
R0 aswNdis;avast! Firewall NDIS Filter Service;c:\windows\system32\drivers\aswNdis.sys [1/17/2012 2:26 PM 12112]
R0 aswNdis2;avast! Firewall Core Firewall Service;c:\windows\system32\drivers\aswNdis2.sys [1/17/2012 2:26 PM 195416]
R1 aswFW;avast! TDI Firewall driver;c:\windows\system32\drivers\aswFW.sys [1/17/2012 2:26 PM 111320]
R1 aswSnx;aswSnx;c:\windows\system32\drivers\aswSnx.sys [1/17/2012 2:26 PM 435032]
R1 aswSP;aswSP;c:\windows\system32\drivers\aswSP.sys [1/17/2012 2:26 PM 314456]
R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [1/17/2012 2:26 PM 20568]
S2 avast! Firewall;avast! Firewall;c:\program files\AVAST Software\Avast\afwServ.exe [1/17/2012 2:26 PM 127192]
S3 ADASPROT;SYSTWEAKASO;c:\program files\Advanced System Optimizer 3\adasprot32.sys [1/17/2012 8:19 PM 6656]
S3 ASO3DiskOptimizer;ASO3DiskOptimizer;c:\program files\Advanced System Optimizer 3\ASO3DefragSrv.exe [1/17/2012 8:19 PM 239336]
S3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [1/17/2012 8:13 PM 20464]
S3 MBAMService;MBAMService;c:\program files\Malwarebytes' Anti-Malware\mbamservice.exe [1/17/2012 8:13 PM 652872]
S3 Revoflt;Revoflt;c:\windows\system32\drivers\revoflt.sys [1/17/2012 8:16 PM 27064]
S3 wwEngineSvc;Window Washer Engine;c:\program files\Webroot\Washer\WasherSvc.exe [1/17/2012 8:25 PM 598856]
.
Contents of the 'Scheduled Tasks' folder
.
2012-01-18 c:\windows\Tasks\ASOService.job
- c:\program files\Advanced System Optimizer 3\ASO3.exe [2012-01-18 20:57]
.
.
------- Supplementary Scan -------
.
TCP: DhcpNameServer = 192.168.0.1
FF - ProfilePath - c:\documents and settings\HomeUser\Application Data\Mozilla\Firefox\Profiles\zieqt3yb.default\
FF - prefs.js: browser.search.selectedEngine - WOT Safe Search
FF - prefs.js: browser.startup.homepage - msn.com
FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0030-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0030-ABCDEFFEDCBA}
FF - Ext: Adblock Plus: {d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d} - %profile%\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}
FF - Ext: NoScript: {73a6fe31-595d-460b-a920-fcc0f8843232} - %profile%\extensions\{73a6fe31-595d-460b-a920-fcc0f8843232}
FF - Ext: WOT: {a0d7ccb3-214d-498b-b4aa-0e8fda9a7bf7} - %profile%\extensions\{a0d7ccb3-214d-498b-b4aa-0e8fda9a7bf7}
FF - Ext: BetterPrivacy: {d40f5e7b-d2cf-4856-b441-cc613eeffbe3} - %profile%\extensions\{d40f5e7b-d2cf-4856-b441-cc613eeffbe3}
FF - Ext: Beef Taco (Targeted Advertising Cookie Opt-Out): [email protected] - %profile%\extensions\[email protected]
FF - Ext: BugMeNot: {987311C6-B504-4aa2-90BF-60CC49808D42} - %profile%\extensions\{987311C6-B504-4aa2-90BF-60CC49808D42}
FF - Ext: OptimizeGoogle: [email protected] - %profile%\extensions\[email protected]
FF - Ext: Java Quick Starter: [email protected] - c:\program files\Java\jre6\lib\deploy\jqs\ff
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2012-01-20 00:02
Windows 5.1.2600 Service Pack 3 NTFS
.
scanning hidden processes ...
.
scanning hidden autostart entries ...
.
scanning hidden files ...
.
.
C:\## aswSnx private storage
.
scan completed successfully
hidden files: 1
.
**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------
.
- - - - - - - > 'explorer.exe'(6020)
c:\program files\BillP Studios\WinPatrol\PATROLPRO.DLL
.
Completion time: 2012-01-20 00:05:14
ComboFix-quarantined-files.txt 2012-01-20 05:05
.
Pre-Run: 313,737,535,488 bytes free
Post-Run: 313,729,024,000 bytes free
.
- - End Of File - - 39B09AF4D940D0DE022ED4E2CE698E06
  • 0

#8
Gammo

Gammo

    Trusted Helper

  • Malware Removal
  • 2,299 posts
Download aswMBR.exe to your desktop.

Double click the aswMBR.exe to run it

If you're asked whether you want to download the latest Avast virus definitions, choose "Yes".

Click the "Scan" button to start scan
Posted Image

On completion of the scan click save log, save it to your desktop and post in your next reply
Posted Image
  • 0

#9
sheperd06

sheperd06

    Member

  • Topic Starter
  • Member
  • PipPip
  • 20 posts
aswMBR Results - was not asked to download the latest Avast virus definitions; definitions appear to be up-to-date. Thanks!

aswMBR version 0.9.9.1297 Copyright© 2011 AVAST Software
Run date: 2012-01-20 10:54:52
-----------------------------
10:54:52.093 OS Version: Windows 5.1.2600 Service Pack 3
10:54:52.093 Number of processors: 1 586 0x401
10:54:52.093 ComputerName: USERPC-459978CE UserName: HomeUser
10:54:52.765 Initialize success
10:54:52.843 AVAST engine defs: 12012000
10:56:25.843 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-3
10:56:25.843 Disk 0 Vendor: WDC_WD3200AAJB-00J3A0 01.03E01 Size: 305245MB BusType: 3
10:56:25.859 Disk 0 MBR read successfully
10:56:25.859 Disk 0 MBR scan
10:56:25.859 Disk 0 Windows XP default MBR code
10:56:25.859 Disk 0 Partition 1 80 (A) 07 HPFS/NTFS NTFS 305234 MB offset 63
10:56:25.875 Disk 0 scanning sectors +625121280
10:56:25.984 Disk 0 scanning C:\WINDOWS\system32\drivers
10:56:34.984 Service scanning
10:56:35.937 Modules scanning
10:56:46.875 Disk 0 trace - called modules:
10:56:46.906 ntoskrnl.exe CLASSPNP.SYS disk.sys ACPI.sys hal.dll atapi.sys intelide.sys PCIIDEX.SYS
10:56:46.906 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0x89ba1ab8]
10:56:46.906 3 CLASSPNP.SYS[f7637fd7] -> nt!IofCallDriver -> \Device\00000061[0x89baff18]
10:56:46.906 5 ACPI.sys[f75ae620] -> nt!IofCallDriver -> \Device\Ide\IdeDeviceP0T0L0-3[0x89be8940]
10:56:47.609 AVAST engine scan C:\WINDOWS
10:57:04.875 AVAST engine scan C:\WINDOWS\system32
10:58:57.515 AVAST engine scan C:\WINDOWS\system32\drivers
10:59:26.828 AVAST engine scan C:\Documents and Settings\HomeUser
10:59:59.437 AVAST engine scan C:\Documents and Settings\All Users
11:00:07.109 Scan finished successfully
11:00:23.671 Disk 0 MBR has been saved successfully to "C:\Documents and Settings\HomeUser\Desktop\MBR.dat"
11:00:23.671 The log file has been saved successfully to "C:\Documents and Settings\HomeUser\Desktop\aswMBR.txt"
  • 0

#10
Gammo

Gammo

    Trusted Helper

  • Malware Removal
  • 2,299 posts
Download TFC to your desktop
  • Open the file and close any other windows.
  • It will close all programs itself when run, make sure to let it run uninterrupted.
  • Click the Start button to begin the process. The program should not take long to finish its job
  • Once its finished it should reboot your machine, if not, do this yourself to ensure a complete clean

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

Please download Malwarebytes' Anti-Malware

Double Click mbam-setup.exe to install the application.
  • Make sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
  • If an update is found, it will download and install the latest version.
  • Once the program has loaded, click the "Update" tab and click the "Check For updates" button.
  • Once the updates were downloaded, click the "Scanner" tab, select "Perform Quick Scan", then click Scan.
  • The scan may take some time to finish,so please be patient.
  • When the scan is complete, click OK, then Show Results to view the results.
  • Make sure that everything is checked, and click Remove Selected.
  • When disinfection is completed, a log will open in Notepad and you may be prompted to Restart.(See Extra Note)
  • The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
  • Copy&Paste the entire report in your next reply.
Extra Note:
If MBAM encounters a file that is difficult to remove,you will be presented with 1 of 2 prompts,click OK to either and let MBAM proceed with the disinfection process,if asked to restart the computer,please do so immediatly.

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

ESET Online Scanner:

Note: You can use either Internet Explorer or Mozilla FireFox for this scan. You will however need to disable your current installed Anti-Virus, how to do so can be read here.

Vista users: You will need to to right-click on the either the IE or FF icon in the Start Menu or Quick Launch Bar on the Taskbar and select Run as Administrator from the context menu.

  • Please go here then click on: Posted Image

    Note: If using Mozilla Firefox you will need to download esetsmartinstaller_enu.exe when prompted then double click on it to install.
    All of the below instructions are compatible with either Internet Explorer or Mozilla FireFox.

  • Select the option YES, I accept the Terms of Use then click on: Posted Image
  • When prompted allow the Add-On/Active X to install.
  • Make sure that the option Scan archives is checked.
  • Now click on Advanced Settings and select the following:
    • Scan for potentially unwanted applications
    • Scan for potentially unsafe applications
    • Enable Anti-Stealth Technology
  • Now click on: Posted Image
  • The virus signature database... will begin to download. Be patient this make take some time depending on the speed of your Internet Connection.
  • When completed the Online Scan will begin automatically. The scan may take several hours.
  • Do not touch either the Mouse or keyboard during the scan otherwise it may stall.
  • When completed select Uninstall application on close if you so wish, make sure you copy the logfile first!
  • Now click on: Posted Image
  • Use notepad to open the logfile located at C:\Program Files\ESET\EsetOnlineScanner\log.txt.
  • Copy and paste that log as a reply to this topic.
Note: Do not forget to re-enable your Anti-Virus application after running the above scan!
  • 0

#11
sheperd06

sheperd06

    Member

  • Topic Starter
  • Member
  • PipPip
  • 20 posts
My computer continues to run in a sluggish manner (especially when on the internet), I am unable to open a number of exe program files, and when I open the internet, the message "Firefox is not currently set as your default browser; would you like to make it your default browser"? continually appears.

Listed are requested logs:
Malwarebytes Log
Malwarebytes Anti-Malware (PRO) 1.60.0.1800
www.malwarebytes.org

Database version: v2012.01.18.01

Windows XP Service Pack 3 x86 NTFS (Safe Mode)
Internet Explorer 6.0.2900.5512
HomeUser :: USERPC-459978CE [administrator]

Protection: Disabled

1/21/2012 11:24:47 PM
mbam-log-2012-01-21 (23-24-47).txt

Scan type: Full scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 180298
Time elapsed: 21 minute(s), 49 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 0
(No malicious items detected)

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 0
(No malicious items detected)

Files Detected: 0
(No malicious items detected)

(end)

Eset Log
[email protected] as downloader log:
all ok
# version=7
# OnlineScannerApp.exe=1.0.0.1
# OnlineScanner.ocx=1.0.0.6583
# api_version=3.0.2
# EOSSerial=60b943dc768af747bc2ea5de2eb9cf1b
# end=finished
# remove_checked=false
# archives_checked=true
# unwanted_checked=true
# unsafe_checked=true
# antistealth_checked=true
# utc_time=2012-01-20 08:56:43
# local_time=2012-01-20 03:56:43 (-0500, Eastern Standard Time)
# country="United States"
# lang=1033
# osver=5.1.2600 NT Service Pack 3
# compatibility_mode=512 16777215 100 0 0 0 0 0
# compatibility_mode=8192 67108863 100 0 0 0 0 0
# scanned=19057
# found=0
# cleaned=0
# scan_time=623
# version=7
# OnlineScannerApp.exe=1.0.0.1
# OnlineScanner.ocx=1.0.0.6583
# api_version=3.0.2
# EOSSerial=60b943dc768af747bc2ea5de2eb9cf1b
# end=finished
# remove_checked=false
# archives_checked=true
# unwanted_checked=true
# unsafe_checked=true
# antistealth_checked=true
# utc_time=2012-01-22 05:53:21
# local_time=2012-01-22 12:53:21 (-0500, Eastern Standard Time)
# country="United States"
# lang=1033
# osver=5.1.2600 NT Service Pack 3
# compatibility_mode=512 16777215 100 0 0 0 0 0
# compatibility_mode=8192 67108863 100 0 32377 32377 0 0
# scanned=19280
# found=0
# cleaned=0
# scan_time=622

TFC Cleaner
Ran TFC Cleaner as instructed.
  • 0

#12
Gammo

Gammo

    Trusted Helper

  • Malware Removal
  • 2,299 posts
Your logs appear to be clean now. There is only a bit of cleanup that we will deal with in this post, as well as prevention from future infections. ^_^

Since you're still experiencing some problems I suggest you start a new topic about them here. Your malware logs are clean, so it's very unlikely being caused by malware.

Remove Combofix now that we're done with it.
  • Please press the Windows Key and R on your keyboard. This will bring up the Run... command.
  • Now type in Combofix /Uninstall in the runbox and click OK. (Notice the space between the "x" and "/")
    Posted Image
  • Please follow the prompts to uninstall Combofix.
  • You will then recieve a message saying Combofix was uninstalled successfully once it's done uninstalling itself.

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

  • Download OTC to your desktop and run it
  • A list of tool components used in the Cleanup of malware will be downloaded.
  • If your Firewall or Real Time protection attempts to block OTC to reach the Internet, please allow the application to do so.
  • Click Yes to begin the Cleanup process and remove these components, including this application.
  • You will be asked to reboot the machine to finish the Cleanup process. If you are asked to reboot the machine choose Yes.

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

Keep a backup of your important files
Now, more than ever, it's especially important to protect your digital files and memories. This article is full of good information on alternatives for home backup solutions.

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

Make proper use of your anti-virus and firewall
You should keep your anti-virus and firewall guard enabled at all times, don't shut them off unless there's a specific reason to do so.

Also, regularly performing a full system scan with your anti-virus program is a good idea to make sure nothing has slipped through your protection. Once every two weeks works well for many people. You can set the scan to run during a time when you don't plan to use the computer and just leave it to complete on its own.

Keep in mind that anti-virus programs are far from perfect. They don't protect you against every piece of malware that's out there, so don't trust them blindly. If an anti-virus reports a file as 'clean' then it's doesn't necessarily has to mean it is.

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

Keep all your software updated
It is important to keep up on system updates from Microsoft by regularly checking their website at: http://windowsupdate.microsoft.com/, as these patch critical security vulnerabilities and help to keep you safe.

It's also important to keep programs up to date so that malware doesn't exploit any old security flaws. FileHippo Update Checker is an extremely helpful program that will tell you which of your programs need to be updated. Java and Adobe Reader are two of the main security vulnerabilities. You can find the latest version of Java here, you will want the Java SE Runtime Environment (JRE) one. You can find the latest version of Adobe Reader here.

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

Use a safer web browser
Internet Explorer is not the most secure tool for browsing the web. It has been known to be very susceptible to infection, and there are a couple good free alternatives: Firefox and Opera. Both are excellent faster, safer, more powerful and functional free alternatives to Internet Explorer. It's definitely worth the short period of adjustment to start using one of these. If you wish to continue using Internet Explorer, it would be a good idea to follow the tutorial here which will help you to make IE much safer.

If you decide to use the Firefox browser, the McAfee SiteAdvisor add-on will nicely help to enhance your security. This add-on tells you whether the sites you are about to visit are safe or not. A must if you do a lot of Googling.

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

Some other security programs

It is wise these days to have a few security programs installed and running on your machine except from just an anti-virus and a firewall. I will list some of them.
  • A good anti-spyware program installed on your pc is very important to help remove any spyware that may have gotten on your computer. I highly recommend Malwarebytes' Anti-Malware.
  • SpywareBlaster to help prevent spyware from installing in the first place.
  • MVPS Hosts file replaces your current HOSTS file with one containing well known ad sites and other bad sites. This prevents your computer from connecting to those sites in the future.

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

Be careful
Having security programs installed is very helpful to you, but none of them have the gift of human thought. The best way to make sure you don't get infected is to exercise common sense. Be careful of what websites you visit - if a site looks suspicious, trust your instincts and get out of there. Be careful of what attachments you open in emails and files you download from websites - check them over carefully to make sure that you know what you're getting.

Using peer-to-peer programs (eg: LimeWire, BitTorrent, uTorrent, Kazaa) or downloading cracks and keygens is something else to avoid. These are the most common way to get infected. Malware writers use these programs to spread infections as it is the easiest way for them. The majority of infections we see in the Malware Removal forum are due to people using p2p programs to download cracks/keygens/warez. These are not only illegal, but will always contain some form of malware. You have no way of verifying that the things you download are legitimate or that they don't contain malware. Even with an up to date anti-virus and firewall, some of these things will still infect you. It is highly recommend that you uninstall all peer-to-peer programs. It just isn't worth it.

Other common ways of getting infected are dis-reputable sites forcing you to download and install a codec. Or viruses using Instant Messaging programs (Windows Live Messenger, MSN Messenger, AIM) to send a file claiming it to be "photos" from a friend, only for it to turn out to be a virus.

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

Slow computer?
If your computer begins to slow down in the future for no particular reason, your first step should not be to come to the malware forum. As your computer ages and is used, it's parts wear, files and programs accumulate, and its performance can decrease. To restore your computer's performance to its best possible level, follow the steps in this page written by malware expert Miekiemoes.

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

I'll leave this thread open for a couple days in case you come across any lingering problems that need fixing, then I'll close it up. If you need it reopened for any reason just shoot me a PM. It's been a pleasure working with you, now best of luck!

Cheers,
Gammo :cool:
  • 0

#13
sheperd06

sheperd06

    Member

  • Topic Starter
  • Member
  • PipPip
  • 20 posts
I posted in the malware forum because I was concerned about virus activity. Please keep in mind I ran a number of programs per your suggestion but did not save the logs (my mistake) so I repeated the process. Unfortunately, we have no indication that the initial logs were clean. Also, the inability to open exe files such as OTL, clearly indicates a real problem. Maybe malware is preventing exe programs from opening? Further, isn't it true that a virus can be so vicious that it may not be detected by using standard virus removal tools or appear in designated logs? Also, I took it upon myself to run a Superantispyware portable scan this morning and a trojan agent was detected.

I do know my computer well and have been infected with a virus or two over the years. My machine's performance is indicative to one that is infected. Wear and tear has not been an issue to date, as the machine has recently been nicely upgraded and isn't bogged down with excessive installed programs.

I thank you for your help and I sincerely appreciate your taking the time to lend assistance. As I am still most concerned, I will look further for possible solutions.

Thanks again! :)
  • 0






Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP