Jump to content

Welcome to Geeks to Go - Register now for FREE

Need help with your computer or device? Want to learn new tech skills? You're in the right place!
Geeks to Go is a friendly community of tech experts who can solve any problem you have. Just create a free account and post your question. Our volunteers will reply quickly and guide you through the steps. Don't let tech troubles stop you. Join Geeks to Go now and get the support you need!

How it Works Create Account
Photo

Gmer scan not completing

Started by brodigan , Oct 19 2010 10:37 AM

  • Please log in to reply

#46
RKinner
Posted 26 October 2010 - 06:05 PM

RKinner

    Malware Expert

  • Expert
  • 24,627 posts
  • MVP
yes
  • 0

Advertisements

#47
brodigan
Posted 26 October 2010 - 06:19 PM

brodigan

    Member

  • Topic Starter
  • Member
  • PipPip
  • 73 posts
mbr log


Stealth MBR rootkit/Mebroot/Sinowal detector 0.3.7 by Gmer, http://www.gmer.net

device: opened successfully
user: MBR read successfully
kernel: MBR read successfully
user & kernel MBR OK
  • 0

#48
RKinner
Posted 26 October 2010 - 06:24 PM

RKinner

    Malware Expert

  • Expert
  • 24,627 posts
  • MVP
That looks good. I think it's clean. Something that loads at startup is causing GMER to crash but I don't think it's an infection.

Ron
  • 0

#49
brodigan
Posted 26 October 2010 - 06:27 PM

brodigan

    Member

  • Topic Starter
  • Member
  • PipPip
  • 73 posts
Ok Ron,

Do you think that we need any other checks or anything?
Like the MBRCheck log?

Or are you happy enough to finish up?
  • 0

#50
RKinner
Posted 26 October 2010 - 06:31 PM

RKinner

    Malware Expert

  • Expert
  • 24,627 posts
  • MVP
The MBRCheck log is not going to change. It's going to say non standard or infected but MBRCheck is still a work in progress and it doesn't know all of the MBRs yet. Tell you what. Run MBRCheck and then do Y and dump the MBR to a file called mbr.txt then attach the file to your next post. I'll send it to the guy who wrote MBRCheck and see what he says.

Also post the latest MBCCheck log.

Ron
  • 0

#51
brodigan
Posted 26 October 2010 - 06:35 PM

brodigan

    Member

  • Topic Starter
  • Member
  • PipPip
  • 73 posts
Run MBRCheck and then do Y and dump the MBR to a file called mbr.txt

Hi Ron, I'm sorry I don't know what this means.
  • 0

#52
RKinner
Posted 26 October 2010 - 06:40 PM

RKinner

    Malware Expert

  • Expert
  • 24,627 posts
  • MVP
Run MBRCheck

It will tell you to say Y to continue or N to Exit. Tell it Y then Enter

Then you will have a menu. The top option says:

[1] Dump the MBR of a physical disk to file.

so you type in 1 and hit Enter. It will ask you which drive. Usually it is
0
Then you have to tell it what file to use.

Let's call it

mbrdump.txt

to make it clear what it is. That should create a file on your desktop of the same name.

Open a reply then click on Browse and point it at mbrdump.txt then Attach this file and finish by Add Reply.

Ron
  • 0

#53
brodigan
Posted 26 October 2010 - 06:45 PM

brodigan

    Member

  • Topic Starter
  • Member
  • PipPip
  • 73 posts
MbrDump.txt

Attached Files


Edited by brodigan, 26 October 2010 - 06:50 PM.

  • 0

#54
brodigan
Posted 26 October 2010 - 06:49 PM

brodigan

    Member

  • Topic Starter
  • Member
  • PipPip
  • 73 posts
Also this is the latest MbrCheck log.

Attached Files


  • 0

#55
RKinner
Posted 26 October 2010 - 06:52 PM

RKinner

    Malware Expert

  • Expert
  • 24,627 posts
  • MVP
Don't see the mbrdump.txt attachment
  • 0

Advertisements

#56
brodigan
Posted 26 October 2010 - 06:57 PM

brodigan

    Member

  • Topic Starter
  • Member
  • PipPip
  • 73 posts
attached now
  • 0

#57
RKinner
Posted 26 October 2010 - 07:13 PM

RKinner

    Malware Expert

  • Expert
  • 24,627 posts
  • MVP
I posted your dump and log on our experts forum but don't know when I will hear from them.

Ron
  • 0

#58
RKinner
Posted 26 October 2010 - 11:59 PM

RKinner

    Malware Expert

  • Expert
  • 24,627 posts
  • MVP
I have a reply from a guru on your MBR.

"Just two references in the executable code that have in the past been related to Whistler, at blocks 5A-5C (E8 D8 FF) and 60-62 (E8 D2 FF) - though not where you'd expect to see Whistler code, "

He goes on to ask for a copy of

c:\windows\system32\dmadmin.exe

You will probably have to zip it up in order to attach it. May even need to rename it to dmadmin.txt first.

We can do a preliminary check on it with OTL. Guess you will need to download it again if you have removed it.

http://oldtimer.geekstogo.com/OTL.exe

Copy the following 3 lines:

/md5start
dmadmin.exe
/md5stop

Then run OTL and paste the above into the custom scan/fix boz and then hit the Quick Scan button

It shouldn't reboot or anything just produce a log. Copy and paste the log.

Ron
  • 0

#59
brodigan
Posted 27 October 2010 - 08:54 AM

brodigan

    Member

  • Topic Starter
  • Member
  • PipPip
  • 73 posts
OTL Scan;

OTL logfile created on: 27/10/2010 15:40:36 - Run 3
OTL by OldTimer - Version 3.2.17.0 Folder = C:\Documents and Settings\Maureen\Desktop
Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00001809 | Country: Ireland | Language: ENI | Date Format: dd/MM/yyyy

375.00 Mb Total Physical Memory | 97.00 Mb Available Physical Memory | 26.00% Memory free
713.00 Mb Paging File | 347.00 Mb Available in Paging File | 49.00% Paging File free
Paging file location(s): C:\pagefile.sys 372 744 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 74.53 Gb Total Space | 54.75 Gb Free Space | 73.47% Space Free | Partition Type: NTFS

Computer Name: YOUR-E641889C92 | User Name: Maureen | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2010/10/24 13:18:07 | 000,575,488 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Maureen\Desktop\OTL.exe
PRC - [2010/09/15 04:34:02 | 001,094,224 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft Security Essentials\msseces.exe
PRC - [2010/04/11 10:40:05 | 000,307,672 | ---- | M] (Mozilla Corporation) -- C:\Program Files\Mozilla Firefox\firefox.exe
PRC - [2010/03/25 21:40:44 | 000,017,904 | ---- | M] (Microsoft Corporation) -- c:\Program Files\Microsoft Security Essentials\MsMpEng.exe
PRC - [2008/04/14 01:12:36 | 000,073,796 | ---- | M] (Smart Link) -- C:\WINDOWS\system32\slserv.exe
PRC - [2008/04/14 01:12:19 | 001,033,728 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
PRC - [2008/03/25 04:28:02 | 000,144,784 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Java\jre1.6.0_06\bin\jusched.exe
PRC - [2005/10/28 15:12:04 | 000,155,648 | ---- | M] (Sony Corporation) -- C:\Program Files\Sony\Sony Picture Utility\VolumeWatcher\SPUVolumeWatcher.exe
PRC - [2005/06/02 16:54:34 | 000,086,606 | ---- | M] (Canon Inc.) -- C:\Program Files\Canon\CAL\CALMAIN.exe
PRC - [2004/07/06 09:05:48 | 002,550,272 | ---- | M] (RealTek Semicoductor Corp.) -- C:\WINDOWS\ALCWZRD.EXE
PRC - [2004/07/02 02:58:14 | 000,073,728 | ---- | M] (Realtek Semiconductor Corp.) -- C:\WINDOWS\SOUNDMAN.EXE
PRC - [2004/05/18 01:30:04 | 000,543,232 | ---- | M] () -- C:\WINDOWS\zHotkey.exe
PRC - [2004/03/11 22:18:54 | 000,135,168 | ---- | M] (Alcor Micro, Corp.) -- C:\Program Files\Digital Media Reader\shwiconEM.exe
PRC - [2003/08/19 16:00:40 | 000,053,248 | ---- | M] (Lexmark International, Inc.) -- C:\Program Files\Lexmark X1100 Series\lxbkbmon.exe
PRC - [2003/08/19 15:43:48 | 000,057,344 | ---- | M] (Lexmark International, Inc.) -- C:\Program Files\Lexmark X1100 Series\lxbkbmgr.exe


========== Modules (SafeList) ==========

MOD - [2010/10/24 13:18:07 | 000,575,488 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Maureen\Desktop\OTL.exe
MOD - [2010/08/23 17:12:02 | 001,054,208 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.6028_x-ww_61e65202\comctl32.dll
MOD - [2001/07/03 03:36:30 | 000,024,576 | ---- | M] () -- C:\WINDOWS\HKNTDLL.dll


========== Win32 Services (SafeList) ==========

SRV - [2010/03/25 21:40:44 | 000,017,904 | ---- | M] (Microsoft Corporation) [Auto | Running] -- c:\Program Files\Microsoft Security Essentials\MsMpEng.exe -- (MsMpSvc)
SRV - [2008/04/14 01:12:36 | 000,073,796 | ---- | M] (Smart Link) [Auto | Running] -- C:\WINDOWS\System32\slserv.exe -- (SLService)
SRV - [2005/06/02 16:54:34 | 000,086,606 | ---- | M] (Canon Inc.) [Auto | Running] -- C:\Program Files\Canon\CAL\CALMAIN.exe -- (CCALib8)
SRV - [2002/07/23 06:45:12 | 000,065,536 | ---- | M] (Sony Corporation) [On_Demand | Stopped] -- C:\Program Files\Common Files\Sony Shared\AVLib\SPTISRV.exe -- (SPTISRV)


========== Driver Services (SafeList) ==========

DRV - File not found [Kernel | On_Demand | Stopped] -- C:\WINDOWS\System32\DRIVERS\wanatw4.sys -- (wanatw) WAN Miniport (ATW)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\DOCUME~1\Maureen\LOCALS~1\Temp\catchme.sys -- (catchme)
DRV - [2004/09/30 01:27:00 | 000,016,880 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ctpdusb.sys -- (Jukebox3)
DRV - [2004/09/02 03:57:21 | 000,008,552 | ---- | M] (Windows ® 2000 DDK provider) [Kernel | Auto | Running] -- C:\WINDOWS\System32\drivers\asctrm.sys -- (ASCTRM)
DRV - [2004/08/03 22:41:46 | 000,095,424 | ---- | M] (Smart Link) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\slnthal.sys -- (SlNtHal)
DRV - [2004/08/03 22:41:46 | 000,013,240 | ---- | M] (Smart Link) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\slwdmsup.sys -- (SlWdmSup)
DRV - [2004/08/03 22:41:44 | 000,404,990 | ---- | M] (Smart Link) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\slntamr.sys -- (Slntamr)
DRV - [2004/08/03 22:41:40 | 000,180,360 | ---- | M] (Smart Link) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ntmtlfax.sys -- (NtMtlFax)
DRV - [2004/08/03 22:41:40 | 000,126,686 | ---- | M] (Smart Link) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\mtlmnt5.sys -- (Mtlmnt5)
DRV - [2004/08/03 22:41:40 | 000,013,776 | ---- | M] (Smart Link) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\RecAgent.sys -- (RecAgent)
DRV - [2004/08/03 22:41:38 | 001,309,184 | ---- | M] (Smart Link) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\mtlstrm.sys -- (Mtlstrm)
DRV - [2004/07/07 07:59:44 | 002,185,408 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\RtkHDAud.sys -- (IntcAzAudAddService) Service for Realtek HD Audio (WDM)
DRV - [2004/03/22 18:27:20 | 000,042,936 | ---- | M] (Alcor Micro Corp.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\Sunkfilt39.sys -- (SunkFilt39)
DRV - [2004/03/22 18:01:38 | 000,040,564 | ---- | M] (Alcor Micro Corp.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\Sunkfilt.sys -- (SunkFilt)
DRV - [2004/03/17 22:12:12 | 000,135,168 | ---- | M] (Windows ® Server 2003 DDK provider) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\Hdaudbus.sys -- (HDAudBus)
DRV - [2004/03/17 22:10:40 | 000,113,664 | ---- | M] (Windows ® Server 2003 DDK provider) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\Hdaudio.sys -- (HdAudAddService)
DRV - [2002/08/08 16:51:32 | 000,038,951 | ---- | M] (Sony Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\NETMDUSB.sys -- (NETMDUSB)
DRV - [2001/08/17 14:46:40 | 000,006,400 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\enum1394.sys -- (ENUM1394)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========


IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com/
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = <local>

========== FireFox ==========

FF - prefs.js..browser.startup.homepage: "http://www.google.com/"
FF - prefs.js..extensions.enabledItems: {e001c731-5e37-4538-a5cb-8168736a2360}:0.9.9.50

FF - HKLM\software\mozilla\Mozilla Firefox 3.0.19\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2010/04/11 10:40:33 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.0.19\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2010/10/24 18:16:17 | 000,000,000 | ---D | M]

[2009/02/13 23:42:40 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Maureen\Application Data\Mozilla\Extensions
[2010/10/27 15:39:49 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Maureen\Application Data\Mozilla\Firefox\Profiles\c08hsf6b.default\extensions
[2010/10/27 15:39:49 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Documents and Settings\Maureen\Application Data\Mozilla\Firefox\Profiles\c08hsf6b.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2010/10/27 15:39:47 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Maureen\Application Data\Mozilla\Firefox\Profiles\c08hsf6b.default\extensions\{e001c731-5e37-4538-a5cb-8168736a2360}
[2009/01/11 18:48:30 | 000,000,000 | ---D | M] -- C:\Program Files\Mozilla Firefox\extensions
[2010/02/28 13:48:25 | 000,001,538 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\amazon-en-GB.xml
[2010/02/28 13:48:25 | 000,000,947 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\chambers-en-GB.xml
[2010/02/28 13:48:25 | 000,000,759 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\eBay-en-GB.xml
[2010/02/28 13:48:25 | 000,000,831 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\yahoo-en-GB.xml

O1 HOSTS File: ([2010/10/24 18:16:52 | 000,000,027 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O2 - BHO: (SSVHelper Class) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_06\bin\ssv.dll (Sun Microsystems, Inc.)
O4 - HKLM..\Run: [Adobe Reader Speed Launcher] C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [AlcWzrd] C:\WINDOWS\ALCWZRD.EXE (RealTek Semicoductor Corp.)
O4 - HKLM..\Run: [CHotkey] C:\WINDOWS\zHotkey.exe ()
O4 - HKLM..\Run: [High Definition Audio Property Page Shortcut] C:\WINDOWS\System32\Hdaudpropshortcut.exe (Windows ® Server 2003 DDK provider)
O4 - HKLM..\Run: [Lexmark X1100 Series] C:\Program Files\Lexmark X1100 Series\lxbkbmgr.exe (Lexmark International, Inc.)
O4 - HKLM..\Run: [MSSE] c:\Program Files\Microsoft Security Essentials\msseces.exe (Microsoft Corporation)
O4 - HKLM..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe (Ahead Software Gmbh)
O4 - HKLM..\Run: [ShowWnd] C:\WINDOWS\ShowWnd.exe ()
O4 - HKLM..\Run: [SoundMan] C:\WINDOWS\SOUNDMAN.EXE (Realtek Semiconductor Corp.)
O4 - HKLM..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.6.0_06\bin\jusched.exe (Sun Microsystems, Inc.)
O4 - HKLM..\Run: [SunKistEM] C:\Program Files\Digital Media Reader\shwiconEM.exe (Alcor Micro, Corp.)
O4 - HKCU..\Run: [MoneyAgent] C:\Program Files\Microsoft Money\System\mnyexpr.exe (Microsoft Corp.)
O4 - Startup: C:\Documents and Settings\Maureen\Start Menu\Programs\Startup\Cyber-shot Viewer Media Check Tool.lnk = C:\Program Files\Sony\Sony Picture Utility\VolumeWatcher\SPUVolumeWatcher.exe (Sony Corporation)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 36
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = FF FF FF FF [binary data]
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O9 - Extra 'Tools' menuitem : Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_06\bin\npjpi160_06.dll (Sun Microsystems, Inc.)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://dl8-cdn-01.su...ows-i586-jc.cab (Java Plug-in 1.6.0_06)
O16 - DPF: {CAFEEFAC-0016-0000-0006-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_06)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_06)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 10.0.0.1
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - Winlogon\Notify\igfxcui: DllName - igfxsrvc.dll - C:\WINDOWS\System32\igfxsrvc.dll (Intel Corporation)
O24 - Desktop WallPaper: C:\WINDOWS\Web\Wallpaper\emachines.bmp
O24 - Desktop BackupWallPaper: C:\WINDOWS\Web\Wallpaper\emachines.bmp
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2010/10/24 18:54:59 | 000,000,000 | RHSD | M] - C:\autorun.inf -- [ NTFS ]
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

========== Files/Folders - Created Within 30 Days ==========

[2010/10/26 22:00:37 | 000,000,000 | ---D | C] -- C:\WINDOWS\pss
[2010/10/26 00:18:11 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Maureen\Desktop\IceSword122en
[2010/10/25 19:31:05 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NetworkService\Local Settings\Application Data\PCHealth
[2010/10/24 21:55:32 | 000,061,440 | ---- | C] ( ) -- C:\Documents and Settings\Maureen\Desktop\VEW.exe
[2010/10/24 21:43:22 | 000,116,224 | ---- | C] (Xerox) -- C:\WINDOWS\System32\dllcache\xrxwiadr.dll
[2010/10/24 21:43:18 | 000,023,040 | ---- | C] (Xerox Corporation) -- C:\WINDOWS\System32\dllcache\xrxwbtmp.dll
[2010/10/24 21:43:03 | 000,099,865 | ---- | C] (Eicon Technology) -- C:\WINDOWS\System32\dllcache\xlog.exe
[2010/10/24 21:42:58 | 000,016,970 | ---- | C] (US Robotics MCD (Megahertz)) -- C:\WINDOWS\System32\dllcache\xem336n5.sys
[2010/10/24 21:42:01 | 000,154,624 | ---- | C] (Lucent Technologies) -- C:\WINDOWS\System32\dllcache\wlluc48.sys
[2010/10/24 21:41:57 | 000,034,890 | ---- | C] (Raytheon Corp.) -- C:\WINDOWS\System32\dllcache\wlandrv2.sys
[2010/10/24 21:41:44 | 000,771,581 | ---- | C] (Rockwell) -- C:\WINDOWS\System32\dllcache\winacisa.sys
[2010/10/24 21:41:25 | 000,035,871 | ---- | C] (Winbond Electronics Corp.) -- C:\WINDOWS\System32\dllcache\wbfirdma.sys
[2010/10/24 21:41:11 | 000,016,925 | ---- | C] (Winbond Electronics Corporation) -- C:\WINDOWS\System32\dllcache\w940nd.sys
[2010/10/24 21:41:07 | 000,019,016 | ---- | C] (Winbond Electronics Corporation) -- C:\WINDOWS\System32\dllcache\w926nd.sys
[2010/10/24 21:41:03 | 000,019,528 | ---- | C] (Winbond Electronics Corporation) -- C:\WINDOWS\System32\dllcache\w840nd.sys
[2010/10/24 21:40:59 | 000,064,605 | ---- | C] (PCtel, Inc.) -- C:\WINDOWS\System32\dllcache\vvoice.sys
[2010/10/24 21:40:54 | 000,397,502 | ---- | C] (PCtel, Inc.) -- C:\WINDOWS\System32\dllcache\vpctcom.sys
[2010/10/24 21:40:49 | 000,604,253 | ---- | C] (PCTEL, INC.) -- C:\WINDOWS\System32\dllcache\vmodem.sys
[2010/10/24 21:40:45 | 000,249,402 | ---- | C] (Xircom) -- C:\WINDOWS\System32\dllcache\vinwm.sys
[2010/10/24 21:40:29 | 000,765,884 | ---- | C] (U.S. Robotics, Inc.) -- C:\WINDOWS\System32\dllcache\usrti.sys
[2010/10/24 21:40:12 | 000,794,399 | ---- | C] (U.S. Robotics, Inc.) -- C:\WINDOWS\System32\dllcache\usr1806v.sys
[2010/10/24 21:40:08 | 000,793,598 | ---- | C] (U.S. Robotics, Inc.) -- C:\WINDOWS\System32\dllcache\usr1806.sys
[2010/10/24 21:40:04 | 000,794,654 | ---- | C] (U.S. Robotics, Inc.) -- C:\WINDOWS\System32\dllcache\usr1801.sys
[2010/10/24 21:39:49 | 000,032,384 | ---- | C] (KLSI USA, Inc.) -- C:\WINDOWS\System32\dllcache\usb101et.sys
[2010/10/24 21:39:27 | 000,050,688 | ---- | C] (UMAX DATA SYSTEMS INC.) -- C:\WINDOWS\System32\dllcache\umaxscan.dll
[2010/10/24 21:39:12 | 000,211,968 | ---- | C] (UMAX Data Systems Inc.) -- C:\WINDOWS\System32\dllcache\um54scan.dll
[2010/10/24 21:39:08 | 000,216,064 | ---- | C] (UMAX Data Systems Inc.) -- C:\WINDOWS\System32\dllcache\um34scan.dll
[2010/10/24 21:38:49 | 000,166,784 | ---- | C] (Trident Microsystems Inc.) -- C:\WINDOWS\System32\dllcache\tridxpm.sys
[2010/10/24 21:38:45 | 000,525,568 | ---- | C] (Trident Microsystems Inc.) -- C:\WINDOWS\System32\dllcache\tridxp.dll
[2010/10/24 21:38:42 | 000,159,232 | ---- | C] (Trident Microsystems Inc.) -- C:\WINDOWS\System32\dllcache\tridkbm.sys
[2010/10/24 21:38:38 | 000,440,576 | ---- | C] (Trident Microsystems Inc.) -- C:\WINDOWS\System32\dllcache\tridkb.dll
[2010/10/24 21:38:34 | 000,222,336 | ---- | C] (Trident Microsystems Inc.) -- C:\WINDOWS\System32\dllcache\trid3dm.sys
[2010/10/24 21:38:30 | 000,315,520 | ---- | C] (Trident Microsystems Inc.) -- C:\WINDOWS\System32\dllcache\trid3d.dll
[2010/10/24 21:37:52 | 000,123,995 | ---- | C] (Tiger Jet Network) -- C:\WINDOWS\System32\dllcache\tjisdn.sys
[2010/10/24 21:37:45 | 000,138,528 | ---- | C] (Trident Microsystems Inc.) -- C:\WINDOWS\System32\dllcache\tgiulnt5.sys
[2010/10/24 21:37:41 | 000,081,408 | ---- | C] (Trident Microsystems Inc.) -- C:\WINDOWS\System32\dllcache\tgiul50.dll
[2010/10/24 21:37:40 | 000,149,376 | ---- | C] (M-Systems) -- C:\WINDOWS\System32\dllcache\tffsport.sys
[2010/10/24 21:37:35 | 000,017,129 | ---- | C] (TDK Corporation) -- C:\WINDOWS\System32\dllcache\tdkcd31.sys
[2010/10/24 21:37:31 | 000,037,961 | ---- | C] (TDK Corporation) -- C:\WINDOWS\System32\dllcache\tdk100b.sys
[2010/10/24 21:37:17 | 000,036,640 | ---- | C] (Number Nine Visual Technology Corp.) -- C:\WINDOWS\System32\dllcache\t2r4mini.sys
[2010/10/24 21:37:12 | 000,172,768 | ---- | C] (Number Nine Visual Technology) -- C:\WINDOWS\System32\dllcache\t2r4disp.dll
[2010/10/24 21:36:16 | 000,155,648 | ---- | C] (Stallion Technologies) -- C:\WINDOWS\System32\dllcache\stlnprop.dll
[2010/10/24 21:36:12 | 000,053,248 | ---- | C] (Stallion Technologies) -- C:\WINDOWS\System32\dllcache\stlncoin.dll
[2010/10/24 21:36:09 | 000,285,760 | ---- | C] (Stallion Technologies) -- C:\WINDOWS\System32\dllcache\stlnata.sys
[2010/10/24 21:36:04 | 000,016,896 | ---- | C] (SCM Microsystems, Inc.) -- C:\WINDOWS\System32\dllcache\stcusb.sys
[2010/10/24 21:35:57 | 000,048,736 | ---- | C] (3Com) -- C:\WINDOWS\System32\dllcache\srwlnd5.sys
[2010/10/24 21:35:30 | 000,019,072 | ---- | C] (Adaptec, Inc.) -- C:\WINDOWS\System32\dllcache\sparrow.sys
[2010/10/24 21:34:55 | 000,058,368 | ---- | C] (Silicon Motion Inc.) -- C:\WINDOWS\System32\dllcache\smiminib.sys
[2010/10/24 21:34:51 | 000,147,200 | ---- | C] (Silicon Motion Inc.) -- C:\WINDOWS\System32\dllcache\smidispb.dll
[2010/10/24 21:34:47 | 000,025,034 | ---- | C] (SMC Networks, Inc.) -- C:\WINDOWS\System32\dllcache\smcpwr2n.sys
[2010/10/24 21:34:44 | 000,035,913 | ---- | C] (SMC) -- C:\WINDOWS\System32\dllcache\smcirda.sys
[2010/10/24 21:34:40 | 000,024,576 | ---- | C] (SMC Networks, Inc.) -- C:\WINDOWS\System32\dllcache\smc8000n.sys
[2010/10/24 21:33:42 | 000,063,547 | ---- | C] (Symbol Technologies) -- C:\WINDOWS\System32\dllcache\sla30nd5.sys
[2010/10/24 21:33:38 | 000,091,294 | ---- | C] (SysKonnect, a business unit of Schneider & Koch & Co. Datensysteme GmbH.) -- C:\WINDOWS\System32\dllcache\skfpwin.sys
[2010/10/24 21:33:35 | 000,094,698 | ---- | C] (SysKonnect GmbH.) -- C:\WINDOWS\System32\dllcache\sk98xwin.sys
[2010/10/24 21:33:27 | 000,032,768 | ---- | C] (SiS Corporation) -- C:\WINDOWS\System32\dllcache\sisnic.sys
[2010/10/24 21:32:55 | 000,161,568 | ---- | C] (Micro Systemation) -- C:\WINDOWS\System32\dllcache\sgsmusb.sys
[2010/10/24 21:32:52 | 000,018,400 | ---- | C] (Micro Systemation) -- C:\WINDOWS\System32\dllcache\sgsmld.sys
[2010/10/24 21:32:48 | 000,098,080 | ---- | C] (Trident Microsystems Inc.) -- C:\WINDOWS\System32\dllcache\sgiulnt5.sys
[2010/10/24 21:32:45 | 000,386,560 | ---- | C] (Trident Microsystems Inc.) -- C:\WINDOWS\System32\dllcache\sgiul50.dll
[2010/10/24 21:32:14 | 000,017,280 | ---- | C] (SCM Microsystems) -- C:\WINDOWS\System32\dllcache\scr111.sys
[2010/10/24 21:32:06 | 000,023,936 | ---- | C] (OMNIKEY AG) -- C:\WINDOWS\System32\dllcache\sccmusbm.sys
[2010/10/24 21:32:03 | 000,023,936 | ---- | C] (OMNIKEY AG) -- C:\WINDOWS\System32\dllcache\sccmn50m.sys
[2010/10/24 21:31:43 | 000,077,824 | ---- | C] (S3 Incorporated) -- C:\WINDOWS\System32\dllcache\s3sav4m.sys
[2010/10/24 21:31:40 | 000,198,400 | ---- | C] (S3 Incorporated) -- C:\WINDOWS\System32\dllcache\s3sav4.dll
[2010/10/24 21:31:37 | 000,061,504 | ---- | C] (S3 Incorporated) -- C:\WINDOWS\System32\dllcache\s3sav3dm.sys
[2010/10/24 21:31:33 | 000,179,264 | ---- | C] (S3 Incorporated) -- C:\WINDOWS\System32\dllcache\s3sav3d.dll
[2010/10/24 21:31:30 | 000,210,496 | ---- | C] (S3 Incorporated) -- C:\WINDOWS\System32\dllcache\s3mvirge.dll
[2010/10/24 21:31:27 | 000,062,496 | ---- | C] (S3 Incorporated) -- C:\WINDOWS\System32\dllcache\s3mtrio.dll
[2010/10/24 21:31:23 | 000,041,216 | ---- | C] (S3 Incorporated) -- C:\WINDOWS\System32\dllcache\s3mt3d.sys
[2010/10/24 21:31:20 | 000,182,272 | ---- | C] (S3 Incorporated) -- C:\WINDOWS\System32\dllcache\s3mt3d.dll
[2010/10/24 21:31:17 | 000,166,720 | ---- | C] (S3 Incorporated) -- C:\WINDOWS\System32\dllcache\s3m.sys
[2010/10/24 21:31:09 | 000,082,432 | ---- | C] (Ricoh Co., Ltd.) -- C:\WINDOWS\System32\dllcache\rwia450.dll
[2010/10/24 21:31:06 | 000,079,872 | ---- | C] (Ricoh Co., Ltd.) -- C:\WINDOWS\System32\dllcache\rwia430.dll
[2010/10/24 21:31:06 | 000,079,872 | ---- | C] (Ricoh Co., Ltd.) -- C:\WINDOWS\System32\dllcache\rwia330.dll
[2010/10/24 21:31:05 | 000,079,872 | ---- | C] (Ricoh Co., Ltd.) -- C:\WINDOWS\System32\dllcache\rwia001.dll
[2010/10/24 21:31:04 | 000,029,696 | ---- | C] (Ricoh Co., Ltd.) -- C:\WINDOWS\System32\dllcache\rw450ext.dll
[2010/10/24 21:31:03 | 000,027,648 | ---- | C] (Ricoh Co., Ltd.) -- C:\WINDOWS\System32\dllcache\rw430ext.dll
[2010/10/24 21:30:48 | 000,009,216 | ---- | C] (Brother Industries, Ltd.) -- C:\WINDOWS\System32\dllcache\rsmgrstr.dll
[2010/10/24 21:30:40 | 000,079,104 | ---- | C] (Comtrol Corporation) -- C:\WINDOWS\System32\dllcache\rocket.sys
[2010/10/24 21:30:36 | 000,037,563 | ---- | C] (RadioLAN) -- C:\WINDOWS\System32\dllcache\rlnet5.sys
[2010/10/24 21:30:31 | 000,086,097 | ---- | C] (Xircom) -- C:\WINDOWS\System32\dllcache\reslog32.dll
[2010/10/24 21:30:11 | 000,714,762 | ---- | C] (Xircom, Inc.) -- C:\WINDOWS\System32\dllcache\r2mdmkxx.sys
[2010/10/24 21:30:08 | 000,899,146 | ---- | C] (Xircom, Inc.) -- C:\WINDOWS\System32\dllcache\r2mdkxga.sys
[2010/10/24 21:29:29 | 000,130,942 | ---- | C] (PCTEL, INC.) -- C:\WINDOWS\System32\dllcache\ptserlv.sys
[2010/10/24 21:29:26 | 000,112,574 | ---- | C] (PCTEL, INC.) -- C:\WINDOWS\System32\dllcache\ptserlp.sys
[2010/10/24 21:29:23 | 000,128,286 | ---- | C] (PCTEL, INC.) -- C:\WINDOWS\System32\dllcache\ptserli.sys
[2010/10/24 21:29:09 | 000,016,128 | ---- | C] (SCM Microsystems, Inc.) -- C:\WINDOWS\System32\dllcache\pscr.sys
[2010/10/24 21:28:09 | 000,086,016 | ---- | C] (PCtel, Inc.) -- C:\WINDOWS\System32\dllcache\pctspk.exe
[2010/10/24 21:27:55 | 000,026,153 | ---- | C] (Linksys) -- C:\WINDOWS\System32\dllcache\pcmlm56.sys
[2010/10/24 21:27:42 | 000,029,502 | ---- | C] (Marconi Communications, Inc.) -- C:\WINDOWS\System32\dllcache\pca200e.sys
[2010/10/24 21:27:39 | 000,030,495 | ---- | C] (Linksys) -- C:\WINDOWS\System32\dllcache\pc100nds.sys
[2010/10/24 21:26:55 | 000,054,186 | ---- | C] (Ositech Communications, Inc.) -- C:\WINDOWS\System32\dllcache\otcsercb.sys
[2010/10/24 21:26:52 | 000,043,689 | ---- | C] (Ositech Communications, Inc.) -- C:\WINDOWS\System32\dllcache\otceth5.sys
[2010/10/24 21:26:48 | 000,027,209 | ---- | C] (Ositech Communications, Inc.) -- C:\WINDOWS\System32\dllcache\otc06x5.sys
[2010/10/24 21:26:44 | 000,054,528 | ---- | C] (Yamaha Corp.) -- C:\WINDOWS\System32\dllcache\opl3sax.sys
[2010/10/24 21:26:11 | 000,051,552 | ---- | C] (Kensington Technology Group) -- C:\WINDOWS\System32\dllcache\ntgrip.sys
[2010/10/24 21:25:56 | 000,087,040 | ---- | C] (NeoMagic Corporation) -- C:\WINDOWS\System32\dllcache\nm6wdm.sys
[2010/10/24 21:25:52 | 000,126,080 | ---- | C] (NeoMagic Corporation) -- C:\WINDOWS\System32\dllcache\nm5a2wdm.sys
[2010/10/24 21:25:46 | 000,132,695 | ---- | C] (802.11b) -- C:\WINDOWS\System32\dllcache\netwlan5.sys
[2010/10/24 21:25:32 | 000,039,264 | ---- | C] (NeoMagic Corporation) -- C:\WINDOWS\System32\dllcache\neo20xx.sys
[2010/10/24 21:25:29 | 000,060,480 | ---- | C] (NeoMagic Corporation) -- C:\WINDOWS\System32\dllcache\neo20xx.dll
[2010/10/24 21:25:18 | 000,091,488 | ---- | C] (Number Nine Visual Technology Corp.) -- C:\WINDOWS\System32\dllcache\n9i3disp.dll
[2010/10/24 21:25:14 | 000,027,936 | ---- | C] (Number Nine Visual Technology Corp.) -- C:\WINDOWS\System32\dllcache\n9i3d.sys
[2010/10/24 21:25:11 | 000,033,088 | ---- | C] (Number Nine Visual Technology Corp.) -- C:\WINDOWS\System32\dllcache\n9i128v2.sys
[2010/10/24 21:25:08 | 000,059,104 | ---- | C] (Number Nine Visual Technology Corp.) -- C:\WINDOWS\System32\dllcache\n9i128v2.dll
[2010/10/24 21:25:05 | 000,013,664 | ---- | C] (Number Nine Visual Technology Corp.) -- C:\WINDOWS\System32\dllcache\n9i128.sys
[2010/10/24 21:25:02 | 000,035,392 | ---- | C] (Number Nine Visual Technology Corp.) -- C:\WINDOWS\System32\dllcache\n9i128.dll
[2010/10/24 21:24:52 | 000,075,520 | ---- | C] (Moxa Technologies Co., Ltd.) -- C:\WINDOWS\System32\dllcache\mxport.sys
[2010/10/24 21:24:49 | 000,007,168 | ---- | C] (Moxa Technologies Co., Ltd) -- C:\WINDOWS\System32\dllcache\mxport.dll
[2010/10/24 21:24:46 | 000,019,968 | ---- | C] (Macronix International Co., Ltd. ) -- C:\WINDOWS\System32\dllcache\mxnic.sys
[2010/10/24 21:24:43 | 000,019,968 | ---- | C] (Moxa Technologies Co., Ltd) -- C:\WINDOWS\System32\dllcache\mxicfg.dll
[2010/10/24 21:24:40 | 000,021,888 | ---- | C] (Moxa Technologies Co., Ltd.) -- C:\WINDOWS\System32\dllcache\mxcard.sys
[2010/10/24 21:23:05 | 000,017,280 | ---- | C] (American Megatrends Inc.) -- C:\WINDOWS\System32\dllcache\mraid35x.sys
[2010/10/24 21:20:47 | 000,164,586 | ---- | C] (Madge Networks Ltd) -- C:\WINDOWS\System32\dllcache\mdgndis5.sys
[2010/10/24 21:20:21 | 000,797,500 | ---- | C] (LT) -- C:\WINDOWS\System32\dllcache\ltsmt.sys
[2010/10/24 21:20:18 | 000,802,683 | ---- | C] (Lucent Technologies) -- C:\WINDOWS\System32\dllcache\ltsm.sys
[2010/10/24 21:20:17 | 000,420,992 | ---- | C] (LT) -- C:\WINDOWS\System32\dllcache\ltmdmntt.sys
[2010/10/24 21:20:14 | 000,576,746 | ---- | C] (LT) -- C:\WINDOWS\System32\dllcache\ltmdmntl.sys
[2010/10/24 21:20:13 | 000,606,684 | ---- | C] (LT) -- C:\WINDOWS\System32\dllcache\ltmdmnt.sys
[2010/10/24 21:20:10 | 000,727,786 | ---- | C] (Xircom, Inc.) -- C:\WINDOWS\System32\dllcache\ltck000c.sys
[2010/10/24 21:20:01 | 000,070,730 | ---- | C] (Linksys Group, Inc.) -- C:\WINDOWS\System32\dllcache\lne100tx.sys
[2010/10/24 21:19:58 | 000,020,573 | ---- | C] (The Linksts Group ) -- C:\WINDOWS\System32\dllcache\lne100.sys
[2010/10/24 21:19:55 | 000,025,065 | ---- | C] (D-Link) -- C:\WINDOWS\System32\dllcache\lmndis3.sys
[2010/10/24 21:19:52 | 000,015,744 | ---- | C] (Litronic Industries) -- C:\WINDOWS\System32\dllcache\lit220p.sys
[2010/10/24 21:19:45 | 000,026,442 | ---- | C] (SMSC) -- C:\WINDOWS\System32\dllcache\lanepic5.sys
[2010/10/24 21:19:42 | 000,019,016 | ---- | C] (Kingston Technology Company ) -- C:\WINDOWS\System32\dllcache\ktc111.sys
[2010/10/24 21:18:50 | 000,023,552 | ---- | C] (MKNet Corporation) -- C:\WINDOWS\System32\dllcache\irmk7.sys
[2010/10/24 21:18:08 | 000,372,824 | ---- | C] (Xircom) -- C:\WINDOWS\System32\dllcache\iconf32.dll
[2010/10/24 21:16:19 | 000,068,608 | ---- | C] (Avisioin) -- C:\WINDOWS\System32\dllcache\hpgt53tk.dll
[2010/10/24 21:16:08 | 000,126,976 | ---- | C] (Hewlett Packard) -- C:\WINDOWS\System32\dllcache\hpgt34tk.dll
[2010/10/24 21:15:35 | 000,028,288 | ---- | C] (Gemplus) -- C:\WINDOWS\System32\dllcache\grserial.sys
[2010/10/24 21:15:33 | 000,082,304 | ---- | C] (Gemplus) -- C:\WINDOWS\System32\dllcache\grclass.sys
[2010/10/24 21:15:30 | 000,017,408 | ---- | C] (Gemplus) -- C:\WINDOWS\System32\dllcache\gpr400.sys
[2010/10/24 21:15:17 | 000,454,912 | ---- | C] (AVM GmbH) -- C:\WINDOWS\System32\dllcache\fxusbase.sys
[2010/10/24 21:15:05 | 000,455,296 | ---- | C] (AVM GmbH) -- C:\WINDOWS\System32\dllcache\fusbbase.sys
[2010/10/24 21:15:03 | 000,455,680 | ---- | C] (AVM GmbH) -- C:\WINDOWS\System32\dllcache\fus2base.sys
[2010/10/24 21:14:59 | 000,442,240 | ---- | C] (AVM GmbH) -- C:\WINDOWS\System32\dllcache\fpnpbase.sys
[2010/10/24 21:14:56 | 000,441,728 | ---- | C] (AVM GmbH) -- C:\WINDOWS\System32\dllcache\fpcmbase.sys
[2010/10/24 21:14:54 | 000,444,416 | ---- | C] (AVM GmbH) -- C:\WINDOWS\System32\dllcache\fpcibase.sys
[2010/10/24 21:14:53 | 000,034,173 | ---- | C] (Marconi Communications, Inc.) -- C:\WINDOWS\System32\dllcache\forehe.sys
[2010/10/24 21:14:37 | 000,024,618 | ---- | C] (NETGEAR) -- C:\WINDOWS\System32\dllcache\fa410nd5.sys
[2010/10/24 21:14:33 | 000,011,850 | ---- | C] (FUJITSU LIMITED) -- C:\WINDOWS\System32\dllcache\f3ab18xj.sys
[2010/10/24 21:14:31 | 000,012,362 | ---- | C] (FUJITSU LIMITED) -- C:\WINDOWS\System32\dllcache\f3ab18xi.sys
[2010/10/24 21:13:02 | 000,334,208 | ---- | C] (Yamaha Corp.) -- C:\WINDOWS\System32\dllcache\ds1wdm.sys
[2010/10/24 21:12:55 | 000,028,062 | ---- | C] (National Semiconductor Coproration) -- C:\WINDOWS\System32\dllcache\dp83820.sys
[2010/10/24 21:12:44 | 000,029,696 | ---- | C] (CNet Technology, Inc. ) -- C:\WINDOWS\System32\dllcache\dm9pci5.sys
[2010/10/24 21:12:42 | 000,026,698 | ---- | C] (D-Link Corporation) -- C:\WINDOWS\System32\dllcache\dlh5xnd5.sys
[2010/10/24 21:12:41 | 000,952,007 | ---- | C] (Eicon Technology) -- C:\WINDOWS\System32\dllcache\diwan.sys
[2010/10/24 21:12:36 | 000,236,060 | ---- | C] (Eicon Technology) -- C:\WINDOWS\System32\dllcache\ditrace.exe
[2010/10/24 21:12:34 | 000,038,985 | ---- | C] (Eicon Technology) -- C:\WINDOWS\System32\dllcache\disrvsu.dll
[2010/10/24 21:12:33 | 000,031,305 | ---- | C] (Eicon Technology) -- C:\WINDOWS\System32\dllcache\disrvpp.dll
[2010/10/24 21:12:32 | 000,006,729 | ---- | C] (Eicon Technology) -- C:\WINDOWS\System32\dllcache\disrvci.dll
[2010/10/24 21:12:29 | 000,091,305 | ---- | C] (Eicon Technology) -- C:\WINDOWS\System32\dllcache\dimaint.sys
[2010/10/24 21:12:06 | 000,024,649 | ---- | C] (D-Link) -- C:\WINDOWS\System32\dllcache\dfe650d.sys
[2010/10/24 21:12:04 | 000,024,648 | ---- | C] (D-Link) -- C:\WINDOWS\System32\dllcache\dfe650.sys
[2010/10/24 21:12:00 | 000,020,928 | ---- | C] (Digital Networks, LLC) -- C:\WINDOWS\System32\dllcache\defpa.sys
[2010/10/24 21:11:34 | 000,048,640 | ---- | C] (Crystal Semiconductor Corp.) -- C:\WINDOWS\System32\dllcache\cwrwdm.sys
[2010/10/24 21:11:33 | 000,093,952 | ---- | C] (Crystal Semiconductor Corp.) -- C:\WINDOWS\System32\dllcache\cwcwdm.sys
[2010/10/24 21:11:31 | 000,111,872 | ---- | C] (Crystal Semiconductor Corp.) -- C:\WINDOWS\System32\dllcache\cwcspud.sys
[2010/10/24 21:11:30 | 000,003,584 | ---- | C] (Crystal Semiconductor Corp.) -- C:\WINDOWS\System32\dllcache\cwcosnt5.sys
[2010/10/24 21:11:29 | 000,072,832 | ---- | C] (Crystal Semiconductor Corp.) -- C:\WINDOWS\System32\dllcache\cwbwdm.sys
[2010/10/24 21:11:28 | 000,003,072 | ---- | C] (Crystal Semiconductor Corp.) -- C:\WINDOWS\System32\dllcache\cwbmidi.sys
[2010/10/24 21:11:27 | 000,003,072 | ---- | C] (Crystal Semiconductor Corp.) -- C:\WINDOWS\System32\dllcache\cwbase.sys
[2010/10/24 21:11:24 | 000,249,856 | ---- | C] (Comtrol® Corporation) -- C:\WINDOWS\System32\dllcache\ctmasetp.dll
[2010/10/24 21:11:17 | 000,216,064 | ---- | C] (COMPAQ Inc.) -- C:\WINDOWS\System32\dllcache\cpscan.dll
[2010/10/24 21:11:03 | 000,020,736 | ---- | C] (OMNIKEY AG) -- C:\WINDOWS\System32\dllcache\cmbp0wdm.sys
[2010/10/24 21:10:54 | 000,980,034 | ---- | C] (Xircom) -- C:\WINDOWS\System32\dllcache\cicap.sys
[2010/10/24 21:10:44 | 000,049,182 | ---- | C] (Xircom, Inc.) -- C:\WINDOWS\System32\dllcache\cem56n5.sys
[2010/10/24 21:10:43 | 000,022,044 | ---- | C] (Xircom, Inc.) -- C:\WINDOWS\System32\dllcache\cem33n5.sys
[2010/10/24 21:10:42 | 000,027,164 | ---- | C] (Xircom, Inc.) -- C:\WINDOWS\System32\dllcache\ce3n5.sys
[2010/10/24 21:10:42 | 000,022,044 | ---- | C] (Xircom, Inc.) -- C:\WINDOWS\System32\dllcache\cem28n5.sys
[2010/10/24 21:10:41 | 000,021,530 | ---- | C] (Xircom, Inc.) -- C:\WINDOWS\System32\dllcache\ce2n5.sys
[2010/10/24 21:10:38 | 000,714,698 | ---- | C] (Xircom, Inc.) -- C:\WINDOWS\System32\dllcache\cbmdmkxx.sys
[2010/10/24 21:10:37 | 000,046,108 | ---- | C] (Xircom, Inc.) -- C:\WINDOWS\System32\dllcache\cben5.sys
[2010/10/24 21:10:36 | 000,039,680 | ---- | C] (Silicom Ltd.) -- C:\WINDOWS\System32\dllcache\cb325.sys
[2010/10/24 21:10:35 | 000,037,916 | ---- | C] (Fast Ethernet Controller Provider) -- C:\WINDOWS\System32\dllcache\cb102.sys
[2010/10/24 21:10:33 | 000,032,256 | ---- | C] (Eicon Technology Corporation) -- C:\WINDOWS\System32\dllcache\diapi2NT.dll
[2010/10/24 21:10:32 | 000,164,923 | ---- | C] (Eicon Technology) -- C:\WINDOWS\System32\dllcache\diapi2.sys
[2010/10/24 21:10:31 | 000,054,528 | ---- | C] (Philips Semiconductors GmbH) -- C:\WINDOWS\System32\dllcache\cap7146.sys
[2010/10/24 21:09:52 | 000,031,529 | ---- | C] (BreezeCOM) -- C:\WINDOWS\System32\dllcache\brzwlan.sys
[2010/10/24 21:09:52 | 000,010,368 | ---- | C] (Brother Industries Ltd.) -- C:\WINDOWS\System32\dllcache\brusbscn.sys
[2010/10/24 21:09:51 | 000,011,008 | ---- | C] (Brother Industries Ltd.) -- C:\WINDOWS\System32\dllcache\brusbmdm.sys
[2010/10/24 21:09:50 | 000,060,416 | ---- | C] (Brother Industries Ltd.) -- C:\WINDOWS\System32\dllcache\brserwdm.sys
[2010/10/24 21:09:50 | 000,009,728 | ---- | C] (Brother Industries, Ltd.) -- C:\WINDOWS\System32\dllcache\brserif.dll
[2010/10/24 21:09:49 | 000,005,120 | ---- | C] (Brother Industries,Ltd.) -- C:\WINDOWS\System32\dllcache\brscnrsm.dll
[2010/10/24 21:09:48 | 000,039,552 | ---- | C] (Brother Industries Ltd.) -- C:\WINDOWS\System32\dllcache\brparwdm.sys
[2010/10/24 21:09:47 | 000,003,168 | ---- | C] (Brother Industries Ltd.) -- C:\WINDOWS\System32\dllcache\brparimg.sys
[2010/10/24 21:09:45 | 000,041,472 | ---- | C] (Brother Industries, Ltd.) -- C:\WINDOWS\System32\dllcache\brmfusb.dll
[2010/10/24 21:09:45 | 000,032,256 | ---- | C] (Brother Industries, Ltd.) -- C:\WINDOWS\System32\dllcache\brmfrsmg.exe
[2010/10/24 21:09:44 | 000,029,696 | ---- | C] (Brother Industries, Ltd.) -- C:\WINDOWS\System32\dllcache\brmflpt.dll
[2010/10/24 21:09:42 | 000,015,360 | ---- | C] (Brother Industries, Ltd.) -- C:\WINDOWS\System32\dllcache\brmfbidi.dll
[2010/10/24 21:09:42 | 000,003,968 | ---- | C] (Brother Industries, Ltd.) -- C:\WINDOWS\System32\dllcache\brfiltup.sys
[2010/10/24 21:09:41 | 000,012,160 | ---- | C] (Brother Industries, Ltd.) -- C:\WINDOWS\System32\dllcache\brfiltlo.sys
[2010/10/24 21:09:40 | 000,002,944 | ---- | C] (Brother Industries Ltd.) -- C:\WINDOWS\System32\dllcache\brfilt.sys
[2010/10/24 21:09:39 | 000,012,800 | ---- | C] (Brother Industries, Ltd.) -- C:\WINDOWS\System32\dllcache\brevif.dll
[2010/10/24 21:09:39 | 000,009,728 | ---- | C] (Brother Industries Ltd.) -- C:\WINDOWS\System32\dllcache\brcoinst.dll
[2010/10/24 21:09:38 | 000,019,456 | ---- | C] (Brother Industries, Ltd.) -- C:\WINDOWS\System32\dllcache\brbidiif.dll
[2010/10/24 21:09:30 | 000,871,388 | ---- | C] (BCM) -- C:\WINDOWS\System32\dllcache\bcmdm.sys
[2010/10/24 21:09:26 | 000,342,336 | ---- | C] (3Dfx Interactive, Inc.) -- C:\WINDOWS\System32\dllcache\banshee.dll
[2010/10/24 21:09:26 | 000,036,128 | ---- | C] (3Dfx Interactive, Inc.) -- C:\WINDOWS\System32\dllcache\banshee.sys
[2010/10/24 21:09:24 | 000,089,952 | ---- | C] (AVM GmbH) -- C:\WINDOWS\System32\dllcache\b1cbase.sys
[2010/10/24 21:09:24 | 000,036,992 | ---- | C] (Aztech Systems Ltd) -- C:\WINDOWS\System32\dllcache\aztw2320.sys
[2010/10/24 21:09:23 | 000,037,568 | ---- | C] (AVM GmbH) -- C:\WINDOWS\System32\dllcache\avmwan.sys
[2010/10/24 21:09:22 | 000,144,384 | ---- | C] (AVM GmbH) -- C:\WINDOWS\System32\dllcache\avmenum.dll
[2010/10/24 21:09:21 | 000,087,552 | ---- | C] (AVM GmbH) -- C:\WINDOWS\System32\dllcache\avmcoxp.dll
[2010/10/24 21:08:59 | 000,097,354 | ---- | C] (Bay Networks, Inc.) -- C:\WINDOWS\System32\dllcache\aspndis3.sys
[2010/10/24 21:08:53 | 000,016,969 | ---- | C] (AmbiCom, Inc.) -- C:\WINDOWS\System32\dllcache\amb8002.sys
[2010/10/24 21:08:39 | 000,046,112 | ---- | C] (Adaptec, Inc ) -- C:\WINDOWS\System32\dllcache\adptsf50.sys
[2010/10/24 21:08:38 | 000,010,880 | ---- | C] (Aureal, Inc.) -- C:\WINDOWS\System32\dllcache\admjoy.sys
[2010/10/24 21:08:37 | 000,747,392 | ---- | C] (Aureal, Inc.) -- C:\WINDOWS\System32\dllcache\adm8830.sys
[2010/10/24 21:08:37 | 000,553,984 | ---- | C] (Aureal, Inc.) -- C:\WINDOWS\System32\dllcache\adm8820.sys
[2010/10/24 21:08:36 | 000,584,448 | ---- | C] (Aureal, Inc.) -- C:\WINDOWS\System32\dllcache\adm8810.sys
[2010/10/24 21:08:34 | 000,061,440 | ---- | C] (Color Flatbed Scanner) -- C:\WINDOWS\System32\dllcache\acerscad.dll
[2010/10/24 21:08:31 | 000,462,848 | ---- | C] (Aureal Inc.) -- C:\WINDOWS\System32\dllcache\a3dapi.dll
[2010/10/24 21:08:30 | 000,098,304 | ---- | C] (Aureal Semiconductor) -- C:\WINDOWS\System32\dllcache\a3d.dll
[2010/10/24 21:08:29 | 000,148,352 | ---- | C] (3dfx Interactive, Inc.) -- C:\WINDOWS\System32\dllcache\3dfxvsm.sys
[2010/10/24 21:08:28 | 000,762,780 | ---- | C] (3Com, Inc.) -- C:\WINDOWS\System32\dllcache\3cwmcru.sys
[2010/10/24 21:08:28 | 000,689,216 | ---- | C] (3dfx Interactive, Inc.) -- C:\WINDOWS\System32\dllcache\3dfxvs.dll
[2010/10/24 20:01:42 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Maureen\Application Data\QuickScan
[2010/10/24 19:49:13 | 000,000,000 | -HSD | C] -- C:\Documents and Settings\Maureen\IECompatCache
[2010/10/24 19:39:27 | 000,000,000 | -HSD | C] -- C:\Documents and Settings\Maureen\UserData
[2010/10/24 18:54:59 | 000,000,000 | RHSD | C] -- C:\autorun.inf
[2010/10/24 18:50:35 | 001,325,656 | ---- | C] (Kaspersky Lab ZAO) -- C:\Documents and Settings\Maureen\Desktop\TDSSKiller.exe
[2010/10/24 18:34:57 | 000,472,064 | ---- | C] ( ) -- C:\Documents and Settings\Maureen\Desktop\RootRepeal.exe
[2010/10/24 18:21:41 | 000,000,000 | ---D | C] -- C:\WINDOWS\temp
[2010/10/24 18:09:05 | 000,000,000 | RHSD | C] -- C:\cmdcons
[2010/10/24 18:06:47 | 000,212,480 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWXCACLS.exe
[2010/10/24 18:06:47 | 000,161,792 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWREG.exe
[2010/10/24 18:06:47 | 000,136,704 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWSC.exe
[2010/10/24 18:06:47 | 000,031,232 | ---- | C] (NirSoft) -- C:\WINDOWS\NIRCMD.exe
[2010/10/24 18:06:08 | 000,000,000 | ---D | C] -- C:\Qoobox
[2010/10/24 17:39:16 | 000,000,000 | ---D | C] -- C:\_OTL
[2010/10/24 13:17:54 | 000,575,488 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Maureen\Desktop\OTL.exe
[2010/10/19 17:19:00 | 000,038,224 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys
[2010/10/19 17:18:55 | 000,020,952 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
[2010/10/19 17:18:55 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2010/10/19 17:16:19 | 006,153,384 | ---- | C] (Malwarebytes Corporation ) -- C:\Documents and Settings\Maureen\Desktop\mbam-setup(2).exe
[2010/10/14 13:33:52 | 006,153,384 | ---- | C] (Malwarebytes Corporation ) -- C:\Documents and Settings\Maureen\Desktop\mbam-setup.exe
[2010/10/14 13:31:07 | 000,791,393 | ---- | C] (Lars Hederer ) -- C:\Documents and Settings\Maureen\Desktop\erunt-setup.exe
[2010/09/28 23:16:55 | 000,000,000 | -HSD | C] -- C:\Documents and Settings\Maureen\PrivacIE
[2010/09/28 15:05:39 | 000,000,000 | ---D | C] -- C:\WINDOWS\ie8updates
[2010/09/27 23:33:00 | 000,000,000 | ---D | C] -- C:\WINDOWS\Prefetch
[2010/09/27 23:02:59 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\scripting
[2010/09/27 23:02:59 | 000,000,000 | ---D | C] -- C:\WINDOWS\l2schemas
[2010/09/27 23:02:57 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\en
[2010/09/27 23:02:57 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\bits
[2010/09/27 22:51:29 | 000,000,000 | -H-D | C] -- C:\WINDOWS\$NtServicePackUninstall$
[2010/09/27 22:51:23 | 000,000,000 | ---D | C] -- C:\WINDOWS\EHome
[2010/09/27 19:07:04 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft Security Essentials
[2010/09/27 18:52:59 | 000,000,000 | -HSD | C] -- C:\Documents and Settings\Maureen\IETldCache
[2010/09/27 18:25:55 | 000,000,000 | -H-D | C] -- C:\WINDOWS\ie8
[2010/09/27 18:07:07 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Maureen\Application Data\Malwarebytes
[2010/09/27 18:06:55 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Malwarebytes
[2010/09/27 18:04:12 | 000,000,000 | ---D | C] -- C:\WINDOWS\ERDNT
[2010/09/27 17:54:24 | 000,446,464 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Maureen\Desktop\TFC.exe
[2004/09/02 04:38:12 | 000,014,968 | ---- | C] ( ) -- C:\WINDOWS\System32\drivers\winddx.sys

========== Files - Modified Within 30 Days ==========

[2010/10/27 14:58:00 | 000,000,978 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-3973658002-517912522-2237625449-1010UA.job
[2010/10/27 13:16:16 | 000,000,408 | -H-- | M] () -- C:\WINDOWS\tasks\MP Scheduled Scan.job
[2010/10/27 13:11:01 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2010/10/27 01:10:38 | 000,000,299 | RHS- | M] () -- C:\boot.ini
[2010/10/26 00:13:09 | 002,205,157 | ---- | M] () -- C:\Documents and Settings\Maureen\Desktop\IceSword122en.zip
[2010/10/24 22:02:02 | 000,077,312 | ---- | M] () -- C:\Documents and Settings\Maureen\Desktop\mbr.exe
[2010/10/24 21:55:37 | 000,061,440 | ---- | M] ( ) -- C:\Documents and Settings\Maureen\Desktop\VEW.exe
[2010/10/24 19:52:20 | 000,001,158 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2010/10/24 18:54:04 | 000,132,597 | ---- | M] () -- C:\Documents and Settings\Maureen\Desktop\Flash_Disinfector.exe
[2010/10/24 18:49:59 | 001,211,285 | ---- | M] () -- C:\Documents and Settings\Maureen\Desktop\tdsskiller.zip
[2010/10/24 18:35:54 | 000,000,015 | ---- | M] () -- C:\Documents and Settings\Maureen\Desktop\settings.dat
[2010/10/24 18:34:25 | 000,464,491 | ---- | M] () -- C:\Documents and Settings\Maureen\Desktop\RootRepeal.zip
[2010/10/24 18:29:19 | 000,080,384 | ---- | M] () -- C:\Documents and Settings\Maureen\Desktop\MBRCheck.exe
[2010/10/24 18:16:52 | 000,000,027 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts
[2010/10/24 18:04:15 | 003,883,109 | R--- | M] () -- C:\Documents and Settings\Maureen\Desktop\george.exe
[2010/10/24 13:18:07 | 000,575,488 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Maureen\Desktop\OTL.exe
[2010/10/24 04:58:00 | 000,000,926 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-3973658002-517912522-2237625449-1010Core.job
[2010/10/19 17:19:04 | 000,000,696 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes' Anti-Malware.lnk
[2010/10/19 17:17:07 | 006,153,384 | ---- | M] (Malwarebytes Corporation ) -- C:\Documents and Settings\Maureen\Desktop\mbam-setup(2).exe
[2010/10/14 16:14:31 | 000,285,168 | ---- | M] () -- C:\Documents and Settings\Maureen\Desktop\gmer.zip
[2010/10/14 13:34:58 | 006,153,384 | ---- | M] (Malwarebytes Corporation ) -- C:\Documents and Settings\Maureen\Desktop\mbam-setup.exe
[2010/10/14 13:31:36 | 000,791,393 | ---- | M] (Lars Hederer ) -- C:\Documents and Settings\Maureen\Desktop\erunt-setup.exe
[2010/10/14 13:20:55 | 000,272,576 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2010/10/14 13:16:02 | 000,001,393 | ---- | M] () -- C:\WINDOWS\imsins.BAK
[2010/10/14 13:14:36 | 000,000,820 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Microsoft Security Essentials.lnk
[2010/10/14 13:02:16 | 000,435,396 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2010/10/14 13:02:16 | 000,068,292 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2010/10/14 12:29:30 | 000,001,409 | ---- | M] () -- C:\WINDOWS\QTFont.for
[2010/10/14 12:29:29 | 000,054,156 | -H-- | M] () -- C:\WINDOWS\QTFont.qfn
[2010/10/14 12:29:03 | 000,002,155 | ---- | M] () -- C:\Documents and Settings\Maureen\Application Data\Microsoft\Internet Explorer\Quick Launch\iTunes.lnk
[2010/10/13 13:50:00 | 000,293,376 | ---- | M] () -- C:\Documents and Settings\Maureen\Desktop\gmer.exe
[2010/10/04 09:08:00 | 001,325,656 | ---- | M] (Kaspersky Lab ZAO) -- C:\Documents and Settings\Maureen\Desktop\TDSSKiller.exe
[2010/09/27 22:55:53 | 000,250,048 | RHS- | M] () -- C:\ntldr
[2010/09/27 18:53:01 | 000,000,815 | ---- | M] () -- C:\Documents and Settings\Maureen\Application Data\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser.lnk
[2010/09/27 17:58:56 | 000,001,602 | ---- | M] () -- C:\Documents and Settings\Maureen\Application Data\Microsoft\Internet Explorer\Quick Launch\Mozilla Firefox.lnk
[2010/09/27 17:54:25 | 000,446,464 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Maureen\Desktop\TFC.exe

========== Files Created - No Company Name ==========

[2010/10/27 01:10:58 | 000,001,939 | ---- | C] () -- C:\Documents and Settings\Maureen\Start Menu\Programs\Startup\Cyber-shot Viewer Media Check Tool.lnk
[2010/10/26 00:12:37 | 002,205,157 | ---- | C] () -- C:\Documents and Settings\Maureen\Desktop\IceSword122en.zip
[2010/10/25 20:37:17 | 000,003,184 | ---- | C] () -- C:\Documents and Settings\Maureen\reset.log
[2010/10/24 22:02:01 | 000,077,312 | ---- | C] () -- C:\Documents and Settings\Maureen\Desktop\mbr.exe
[2010/10/24 21:43:17 | 000,018,944 | ---- | C] () -- C:\WINDOWS\System32\dllcache\xrxscnui.dll
[2010/10/24 21:43:13 | 000,027,648 | ---- | C] () -- C:\WINDOWS\System32\dllcache\xrxftplt.exe
[2010/10/24 21:29:17 | 000,033,280 | ---- | C] () -- C:\WINDOWS\System32\dllcache\psisrndr.ax
[2010/10/24 21:29:12 | 000,363,520 | ---- | C] () -- C:\WINDOWS\System32\dllcache\psisdecd.dll
[2010/10/24 21:23:16 | 000,056,832 | ---- | C] () -- C:\WINDOWS\System32\dllcache\msdvbnp.ax
[2010/10/24 21:19:33 | 001,158,818 | ---- | C] () -- C:\WINDOWS\System32\dllcache\korwbrkr.lex
[2010/10/24 21:18:16 | 000,134,339 | ---- | C] () -- C:\WINDOWS\System32\dllcache\imekr.lex
[2010/10/24 21:16:17 | 000,165,888 | ---- | C] () -- C:\WINDOWS\System32\dllcache\hpgt53.dll
[2010/10/24 21:16:11 | 000,093,696 | ---- | C] () -- C:\WINDOWS\System32\dllcache\hpgt42.dll
[2010/10/24 21:16:05 | 000,101,376 | ---- | C] () -- C:\WINDOWS\System32\dllcache\hpgt34.dll
[2010/10/24 21:16:00 | 000,089,088 | ---- | C] () -- C:\WINDOWS\System32\dllcache\hpgt33.dll
[2010/10/24 21:15:53 | 000,083,968 | ---- | C] () -- C:\WINDOWS\System32\dllcache\hpgt21.dll
[2010/10/24 21:15:36 | 000,108,827 | ---- | C] () -- C:\WINDOWS\System32\dllcache\hanja.lex
[2010/10/24 21:12:40 | 000,029,768 | ---- | C] () -- C:\WINDOWS\System32\dllcache\divasu.dll
[2010/10/24 21:12:38 | 000,037,962 | ---- | C] () -- C:\WINDOWS\System32\dllcache\divaprop.dll
[2010/10/24 21:12:37 | 000,006,216 | ---- | C] () -- C:\WINDOWS\System32\dllcache\divaci.dll
[2010/10/24 21:09:17 | 000,023,552 | ---- | C] () -- C:\WINDOWS\System32\dllcache\atixbar.sys
[2010/10/24 21:09:16 | 000,026,624 | ---- | C] () -- C:\WINDOWS\System32\dllcache\ativxbar.sys
[2010/10/24 21:09:15 | 000,019,456 | ---- | C] () -- C:\WINDOWS\System32\dllcache\ativttxx.sys
[2010/10/24 21:09:14 | 000,017,152 | ---- | C] () -- C:\WINDOWS\System32\dllcache\atitvsnd.sys
[2010/10/24 21:09:14 | 000,009,472 | ---- | C] () -- C:\WINDOWS\System32\dllcache\ativmdcd.sys
[2010/10/24 21:09:13 | 000,017,152 | ---- | C] () -- C:\WINDOWS\System32\dllcache\atitunep.sys
[2010/10/24 21:09:12 | 000,049,920 | ---- | C] () -- C:\WINDOWS\System32\dllcache\atirtcap.sys
[2010/10/24 21:09:12 | 000,026,880 | ---- | C] () -- C:\WINDOWS\System32\dllcache\atirtsnd.sys
[2010/10/24 21:09:10 | 000,010,240 | ---- | C] () -- C:\WINDOWS\System32\dllcache\atipcxxx.sys
[2010/10/24 21:09:04 | 000,046,464 | ---- | C] () -- C:\WINDOWS\System32\dllcache\atibt829.sys
[2010/10/24 18:54:02 | 000,132,597 | ---- | C] () -- C:\Documents and Settings\Maureen\Desktop\Flash_Disinfector.exe
[2010/10/24 18:49:40 | 001,211,285 | ---- | C] () -- C:\Documents and Settings\Maureen\Desktop\tdsskiller.zip
[2010/10/24 18:35:30 | 000,000,015 | ---- | C] () -- C:\Documents and Settings\Maureen\Desktop\settings.dat
[2010/10/24 18:34:20 | 000,464,491 | ---- | C] () -- C:\Documents and Settings\Maureen\Desktop\RootRepeal.zip
[2010/10/24 18:29:10 | 000,080,384 | ---- | C] () -- C:\Documents and Settings\Maureen\Desktop\MBRCheck.exe
[2010/10/24 18:09:11 | 000,000,184 | ---- | C] () -- C:\Boot.bak
[2010/10/24 18:09:09 | 000,260,272 | RHS- | C] () -- C:\cmldr
[2010/10/24 18:06:47 | 000,256,512 | ---- | C] () -- C:\WINDOWS\PEV.exe
[2010/10/24 18:06:47 | 000,098,816 | ---- | C] () -- C:\WINDOWS\sed.exe
[2010/10/24 18:06:47 | 000,080,412 | ---- | C] () -- C:\WINDOWS\grep.exe
[2010/10/24 18:06:47 | 000,077,312 | ---- | C] () -- C:\WINDOWS\MBR.exe
[2010/10/24 18:06:47 | 000,068,096 | ---- | C] () -- C:\WINDOWS\zip.exe
[2010/10/24 18:03:58 | 003,883,109 | R--- | C] () -- C:\Documents and Settings\Maureen\Desktop\george.exe
[2010/10/19 17:19:04 | 000,000,696 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes' Anti-Malware.lnk
[2010/10/15 12:25:52 | 000,293,376 | ---- | C] () -- C:\Documents and Settings\Maureen\Desktop\gmer.exe
[2010/10/14 16:14:18 | 000,285,168 | ---- | C] () -- C:\Documents and Settings\Maureen\Desktop\gmer.zip
[2010/10/14 13:14:35 | 000,000,820 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Microsoft Security Essentials.lnk
[2010/10/14 12:29:30 | 000,001,409 | ---- | C] () -- C:\WINDOWS\QTFont.for
[2010/10/14 12:29:29 | 000,054,156 | -H-- | C] () -- C:\WINDOWS\QTFont.qfn
[2010/09/27 19:12:25 | 000,000,408 | -H-- | C] () -- C:\WINDOWS\tasks\MP Scheduled Scan.job
[2010/09/27 17:58:56 | 000,001,602 | ---- | C] () -- C:\Documents and Settings\Maureen\Application Data\Microsoft\Internet Explorer\Quick Launch\Mozilla Firefox.lnk
[2007/05/13 16:03:52 | 000,007,168 | ---- | C] () -- C:\Documents and Settings\Maureen\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2007/05/13 15:49:34 | 000,003,654 | ---- | C] () -- C:\WINDOWS\System32\drivers\Sonyhcp.dll
[2006/12/28 13:14:05 | 000,000,112 | ---- | C] () -- C:\WINDOWS\ActiveSkin.INI
[2006/11/30 22:05:18 | 000,000,000 | ---- | C] () -- C:\WINDOWS\OpPrintServer.INI
[2006/10/18 21:18:53 | 000,028,672 | ---- | C] () -- C:\WINDOWS\System32\PdeSrvps.dll
[2006/04/16 16:45:10 | 000,000,754 | ---- | C] () -- C:\WINDOWS\WORDPAD.INI
[2006/01/26 13:26:37 | 000,262,416 | ---- | C] () -- C:\WINDOWS\System32\ASFV2.DLL
[2006/01/26 13:24:47 | 000,524,288 | ---- | C] () -- C:\WINDOWS\System32\TDI-SonyOMG.dll
[2005/03/05 16:22:17 | 000,000,049 | ---- | C] () -- C:\WINDOWS\NeroDigital.ini
[2005/02/01 18:06:28 | 000,000,002 | ---- | C] () -- C:\WINDOWS\msoffice.ini
[2005/01/31 01:03:25 | 000,000,202 | ---- | C] () -- C:\WINDOWS\WORDSTOK.INI
[2005/01/31 00:34:06 | 000,000,035 | ---- | C] () -- C:\WINDOWS\A4W.INI
[2005/01/30 21:41:05 | 000,000,372 | ---- | C] () -- C:\WINDOWS\lexstat.ini
[2005/01/29 20:58:05 | 000,000,000 | ---- | C] () -- C:\WINDOWS\MSDraw.ini
[2004/09/02 11:29:24 | 000,049,152 | ---- | C] () -- C:\WINDOWS\System32\coinst.dll
[2004/09/02 11:29:22 | 000,012,288 | ---- | C] () -- C:\WINDOWS\System32\e100bmsg.dll
[2004/09/02 11:29:02 | 000,001,432 | ---- | C] () -- C:\WINDOWS\System32\oeminfo.ini
[2004/09/02 11:29:02 | 000,000,456 | ---- | C] () -- C:\WINDOWS\System32\emver.ini
[2004/09/02 04:38:12 | 000,528,384 | ---- | C] () -- C:\WINDOWS\System32\SLLights.dll
[2004/09/02 04:38:12 | 000,208,896 | ---- | C] () -- C:\WINDOWS\System32\amr_cpl.dll
[2004/09/02 04:38:12 | 000,135,168 | ---- | C] () -- C:\WINDOWS\System32\SLMOHServ.dll
[2004/09/02 04:36:11 | 000,004,161 | ---- | C] () -- C:\WINDOWS\ODBCINST.INI
[2004/09/02 04:25:27 | 000,000,061 | ---- | C] () -- C:\WINDOWS\smscfg.ini
[2004/09/02 03:54:14 | 000,532,544 | ---- | C] () -- C:\WINDOWS\PIC.dll
[2004/09/02 03:54:14 | 000,024,576 | ---- | C] () -- C:\WINDOWS\HKNTDLL.dll
[2004/09/02 03:50:20 | 000,156,160 | ---- | C] () -- C:\WINDOWS\System32\RTLCPAPI.dll
[2003/08/18 15:46:38 | 000,077,824 | ---- | C] () -- C:\WINDOWS\System32\LXBKLCNP.DLL
[2002/11/13 20:40:22 | 000,040,960 | ---- | C] () -- C:\WINDOWS\System32\lxbkvs.dll
[2002/09/13 16:40:06 | 000,000,266 | ---- | C] () -- C:\WINDOWS\System32\lxbkcoin.ini
[2002/03/21 15:39:02 | 000,073,728 | ---- | C] () -- C:\WINDOWS\System32\UNACEV2.DLL

========== LOP Check ==========

[2008/10/03 17:29:15 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\ACD Systems
[2006/01/26 13:38:35 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\BVRP Software
[2004/09/10 06:28:59 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Viewpoint
[2009/04/18 12:16:39 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Maureen\Application Data\ACD Systems
[2010/10/24 20:02:36 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Maureen\Application Data\QuickScan
[2005/01/29 20:55:20 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Maureen\Application Data\Template
[2010/10/27 13:16:16 | 000,000,408 | -H-- | M] () -- C:\WINDOWS\Tasks\MP Scheduled Scan.job

========== Purity Check ==========



========== Custom Scans ==========



< MD5 for: DMADMIN.EXE >
[2004/08/04 13:00:00 | 000,224,768 | ---- | M] (Microsoft Corp., Veritas Software) MD5=554C7CB178FE3BD12450B81AD63ADBC3 -- C:\WINDOWS\$NtServicePackUninstall$\dmadmin.exe
[2008/04/14 01:12:17 | 000,224,768 | ---- | M] (Microsoft Corp., Veritas Software) MD5=E46050330BD42F33609117F861E32D3C -- C:\WINDOWS\ServicePackFiles\i386\dmadmin.exe
[2008/04/14 01:12:17 | 000,224,768 | ---- | M] (Microsoft Corp., Veritas Software) MD5=E46050330BD42F33609117F861E32D3C -- C:\WINDOWS\SoftwareDistribution\Download\cf8ec753e88561d2ddb53e183dc05c3e\dmadmin.exe
[2008/04/14 01:12:17 | 000,224,768 | ---- | M] (Microsoft Corp., Veritas Software) MD5=E46050330BD42F33609117F861E32D3C -- C:\WINDOWS\system32\dllcache\dmadmin.exe
[2008/04/14 01:12:17 | 000,224,768 | ---- | M] (Microsoft Corp., Veritas Software) MD5=E46050330BD42F33609117F861E32D3C -- C:\WINDOWS\system32\dmadmin.exe

< End of report >
  • 0

#60
brodigan
Posted 27 October 2010 - 08:58 AM

brodigan

    Member

  • Topic Starter
  • Member
  • PipPip
  • 73 posts
Ron,

When zipping the dmadmin.exe file can I just zip it in the system32 folder or do I need to copy it to desktop first or anything?
  • 0
Back to Virus, Spyware, Malware Removal · Next Unread Topic →




Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

  1. Geeks to Go Community
  2. Security
  3. Virus, Spyware, Malware Removal

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP