Javascript Disabled Detected

You currently have javascript disabled. Several functions may not work. Please re-enable javascript to access full functionality.

Generic Dropper.P, perhaps? - WMI not working properly folders not dis

Started by RichofCamelot , Jun 16 2012 06:20 AM

This topic is locked

#16
RichofCamelot

Posted 24 June 2012 - 09:47 AM

Member

Topic Starter
Member
46 posts

Hello Render,

Many thanks.

Please find the new report here:

ComboFix 12-06-23.06 - RichardS 24/06/12 16:11:56.4.2 - x86
Microsoft Windows XP Professional 5.1.2600.3.1252.44.1033.18.1022.401 [GMT 1:00]
Running from: c:\documents and settings\richards\Desktop\ComboFix.exe
Command switches used :: c:\documents and settings\richards\Desktop\cfscript.txt
AV: McAfee Anti-Virus and Anti-Spyware *Disabled/Updated* {84B5EE75-6421-4CDE-A33A-DD43BA9FAD83}
FW: McAfee Firewall *Disabled* {94894B63-8C7F-4050-BDA4-813CA00DA3E8}
.
.
((((((((((((((((((((((((( Files Created from 2012-05-24 to 2012-06-24 )))))))))))))))))))))))))))))))
.
.
2012-06-21 11:35 . 2008-04-14 00:12 39424 ----a-w- c:\windows\system32\grpconv.exe
2012-06-21 08:25 . 2012-06-21 08:25 -------- d-----w- C:\TDSSKiller_Quarantine
2012-06-16 10:02 . 2012-06-16 10:02 -------- d-----w- c:\documents and settings\richards\Application Data\DriverCure
2012-06-16 10:02 . 2012-06-16 10:02 -------- d-----w- c:\documents and settings\richards\Application Data\SpeedMaxPc
2012-06-16 10:01 . 2012-06-16 10:37 -------- d-----w- c:\documents and settings\All Users\Application Data\SpeedMaxPc
2012-06-16 09:07 . 2012-06-16 09:08 -------- d-----w- C:\WMI Diagnostics
2012-06-16 07:04 . 2012-06-16 07:04 -------- d-----w- c:\documents and settings\Administrator\Local Settings\Application Data\FixItCenter
2012-06-14 14:02 . 2001-08-17 21:36 27648 ----a-w- c:\windows\system32\dllcache\cyzports.dll
2012-06-14 14:02 . 2001-08-17 12:50 49792 ----a-w- c:\windows\system32\dllcache\cyzport.sys
2012-06-14 14:02 . 2001-08-17 21:36 27136 ----a-w- c:\windows\system32\dllcache\cyzcoins.dll
2012-06-14 14:02 . 2001-08-17 21:36 27648 ----a-w- c:\windows\system32\dllcache\cyyports.dll
2012-06-14 14:02 . 2001-08-17 12:50 50176 ----a-w- c:\windows\system32\dllcache\cyyport.sys
2012-06-14 14:02 . 2001-08-17 21:36 28672 ----a-w- c:\windows\system32\dllcache\cyycoins.dll
2012-06-14 14:00 . 2004-08-04 04:00 780885 ----a-w- c:\windows\system32\dllcache\chkrres.dll
2012-06-14 13:59 . 2001-08-17 12:51 13824 ----a-w- c:\windows\system32\dllcache\bulltlp3.sys
2012-06-14 13:58 . 2001-08-17 11:49 23552 ----a-w- c:\windows\system32\dllcache\atixbar.sys
2012-06-14 13:57 . 2001-08-17 11:11 46112 ----a-w- c:\windows\system32\dllcache\adptsf50.sys
2012-06-14 13:39 . 2012-06-14 13:39 -------- d-----w- c:\windows\system32\wbem\Repository
2012-06-14 12:15 . 2012-06-14 12:15 14664 ----a-w- c:\windows\stinger.sys
2012-06-14 12:14 . 2012-06-14 12:52 -------- d-----w- c:\program files\stinger
2012-06-13 09:07 . 2012-06-13 09:07 -------- d-----w- c:\documents and settings\All Users\Application Data\{6AD8E59C-250C-4201-B5BA-56ADEF76FF46}
2012-06-13 09:02 . 2012-06-13 09:02 -------- d-----w- c:\documents and settings\richards\Local Settings\Application Data\PackageAware
2012-06-12 22:44 . 2012-06-12 22:44 -------- d-----w- c:\documents and settings\richards\Phone Browser
2012-06-12 17:57 . 2012-06-12 17:57 -------- d-----w- c:\documents and settings\richards\Local Settings\Application Data\FixItCenter
2012-06-12 17:49 . 2012-06-12 17:49 -------- d-----w- c:\windows\MATS
2012-06-12 17:49 . 2012-06-12 17:49 -------- d-----w- c:\program files\Microsoft Fix it Center
2012-06-12 08:57 . 2012-06-12 08:57 -------- d-----w- c:\documents and settings\Administrator\Local Settings\Application Data\PCHealth
2012-06-11 07:43 . 2012-03-20 12:06 29272 ----a-w- c:\program files\Mozilla Firefox\distribution\bundles\{D19CA586-DD6C-4a0a-96F8-14644F340D60}\components\scriptff.dll
2012-06-11 07:43 . 2012-02-22 12:29 9608 ----a-w- c:\windows\system32\drivers\mfeclnk.sys
2012-06-11 07:42 . 2012-06-14 12:14 87656 ----a-w- c:\windows\system32\drivers\mferkdet.sys
2012-06-11 07:42 . 2012-02-22 12:29 89792 ----a-w- c:\windows\system32\drivers\mfetdi2k.sys
2012-06-11 07:42 . 2012-02-22 12:29 83856 ----a-w- c:\windows\system32\drivers\mfendisk.sys
2012-06-11 07:42 . 2012-02-22 12:29 59456 ----a-w- c:\windows\system32\drivers\mfebopk.sys
2012-06-11 07:42 . 2012-02-22 12:29 340920 ----a-w- c:\windows\system32\drivers\mfefirek.sys
2012-06-11 07:42 . 2012-02-22 12:29 57600 ----a-w- c:\windows\system32\drivers\cfwids.sys
2012-06-11 07:42 . 2012-02-22 12:29 180848 ----a-w- c:\windows\system32\drivers\mfeavfk.sys
2012-06-11 07:42 . 2012-06-12 08:50 -------- d-----w- c:\program files\Common Files\Mcafee
2012-06-11 07:42 . 2012-06-12 08:49 -------- d-----w- c:\program files\McAfee.com
2012-06-11 07:33 . 2012-06-14 12:14 159608 ----a-w- c:\windows\system32\mfevtps.exe
2012-06-04 22:26 . 2012-06-04 22:26 -------- d-----w- c:\documents and settings\richards\Local Settings\Application Data\Citrix
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-06-14 12:14 . 2012-02-22 12:29 475704 ----a-w- c:\windows\system32\drivers\mfehidk.sys
2012-06-02 14:19 . 2007-06-22 06:24 22040 ----a-w- c:\windows\system32\wucltui.dll.mui
2012-06-02 14:19 . 2007-06-22 06:24 15384 ----a-w- c:\windows\system32\wuaucpl.cpl.mui
2012-06-02 14:19 . 2004-08-11 16:12 329240 ----a-w- c:\windows\system32\wucltui.dll
2012-06-02 14:19 . 2004-08-11 16:12 219160 ----a-w- c:\windows\system32\wuaucpl.cpl
2012-06-02 14:19 . 2004-08-11 16:12 210968 ----a-w- c:\windows\system32\wuweb.dll
2012-06-02 14:19 . 2007-06-22 06:24 15384 ----a-w- c:\windows\system32\wuapi.dll.mui
2012-06-02 14:19 . 2005-05-26 03:16 45080 ----a-w- c:\windows\system32\wups2.dll
2012-06-02 14:19 . 2004-08-11 16:12 53784 ----a-w- c:\windows\system32\wuauclt.exe
2012-06-02 14:19 . 2004-08-11 16:12 35864 ----a-w- c:\windows\system32\wups.dll
2012-06-02 14:19 . 2004-08-11 16:00 97304 ----a-w- c:\windows\system32\cdm.dll
2012-06-02 14:19 . 2007-06-22 06:24 17944 ----a-w- c:\windows\system32\wuaueng.dll.mui
2012-06-02 14:19 . 2004-08-11 16:12 577048 ----a-w- c:\windows\system32\wuapi.dll
2012-06-02 14:19 . 2004-08-11 16:12 1933848 ----a-w- c:\windows\system32\wuaueng.dll
2012-06-02 14:18 . 2010-07-31 09:52 275696 ----a-w- c:\windows\system32\mucltui.dll
2012-06-02 14:18 . 2010-07-31 09:52 17136 ----a-w- c:\windows\system32\mucltui.dll.mui
2012-06-02 14:18 . 2009-08-06 18:23 214256 ----a-w- c:\windows\system32\muweb.dll
2012-05-31 13:22 . 2004-08-11 16:00 599040 ----a-w- c:\windows\system32\crypt32.dll
2012-05-18 06:27 . 2012-05-18 06:27 419488 ----a-w- c:\windows\system32\FlashPlayerApp.exe
2012-05-18 06:27 . 2011-06-05 07:05 70304 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2012-05-16 15:08 . 2004-08-11 16:00 916992 ----a-w- c:\windows\system32\wininet.dll
2012-05-15 13:20 . 2004-08-11 16:00 1863168 ----a-w- c:\windows\system32\win32k.sys
2012-05-11 14:42 . 2004-08-11 16:00 43520 ----a-w- c:\windows\system32\licmgr10.dll
2012-05-11 14:42 . 2004-08-11 16:00 1469440 ------w- c:\windows\system32\inetcpl.cpl
2012-05-11 11:38 . 2004-08-11 16:00 385024 ----a-w- c:\windows\system32\html.iec
2012-05-04 13:16 . 2004-08-11 16:00 2148352 ----a-w- c:\windows\system32\ntoskrnl.exe
2012-05-04 12:32 . 2004-08-03 21:59 2026496 ----a-w- c:\windows\system32\ntkrnlpa.exe
2012-05-02 13:46 . 2004-08-11 16:11 139656 ----a-w- c:\windows\system32\drivers\rdpwd.sys
2010-08-02 15:07 . 2010-08-02 15:07 607744 ----a-w- c:\program files\MBLOBPSetup.msi
2011-04-14 13:01 . 2010-08-09 17:22 24376 ----a-w- c:\program files\mozilla firefox\components\Scriptff.dll
.
.
((((((((((((((((((((((((((((( SnapShot@2012-06-22_07.28.14 )))))))))))))))))))))))))))))))))))))))))
.
+ 2012-06-24 08:16 . 2012-06-24 08:16 16384 c:\windows\Temp\Perflib_Perfdata_ac0.dat
+ 2012-06-24 08:16 . 2012-06-24 08:16 16384 c:\windows\Temp\Perflib_Perfdata_648.dat
+ 2012-06-24 08:16 . 2012-06-24 08:16 16384 c:\windows\Temp\Perflib_Perfdata_40c.dat
+ 2012-06-24 08:16 . 2012-06-24 08:16 16384 c:\windows\Temp\Perflib_Perfdata_3ec.dat
+ 2012-06-24 08:16 . 2012-06-24 08:16 16384 c:\windows\Temp\Perflib_Perfdata_3d0.dat
- 2012-06-19 15:32 . 2012-06-22 06:41 32768 c:\windows\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\index.dat
+ 2012-06-19 15:32 . 2012-06-24 13:59 32768 c:\windows\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\index.dat
+ 2012-06-19 15:32 . 2012-06-24 13:59 16384 c:\windows\system32\config\systemprofile\Local Settings\History\History.IE5\index.dat
- 2012-06-19 15:32 . 2012-06-22 06:41 16384 c:\windows\system32\config\systemprofile\Local Settings\History\History.IE5\index.dat
+ 2012-06-19 15:32 . 2012-06-24 13:59 16384 c:\windows\system32\config\systemprofile\IETldCache\index.dat
- 2012-06-19 15:32 . 2012-06-22 06:41 16384 c:\windows\system32\config\systemprofile\IETldCache\index.dat
+ 2012-06-24 09:32 . 2012-06-24 13:59 32768 c:\windows\system32\config\systemprofile\Cookies\index.dat
+ 2004-08-11 16:00 . 2012-06-24 08:22 764018 c:\windows\system32\perfh009.dat
- 2004-08-11 16:00 . 2012-06-22 06:32 764018 c:\windows\system32\perfh009.dat
- 2004-08-11 16:00 . 2012-06-22 06:32 186770 c:\windows\system32\perfc009.dat
+ 2004-08-11 16:00 . 2012-06-24 08:22 186770 c:\windows\system32\perfc009.dat
+ 2012-06-03 13:45 . 2012-06-24 08:20 224895 c:\windows\system32\inetsrv\MetaBase.bin
- 2010-04-20 10:42 . 2010-02-12 10:03 293376 c:\windows\system32\browserchoice.exe
+ 2010-04-17 11:59 . 2010-02-12 10:03 293376 c:\windows\system32\browserchoice.exe
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"TrueCrypt"="c:\program files\TrueCrypt\TrueCrypt.exe" [2009-09-25 1369792]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2006-01-19 7401472]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2009-12-22 35760]
"MobileConnect"="c:\program files\Vodafone\Vodafone Mobile Connect\Bin\MobileConnect.exe" [2009-09-18 2412032]
"btbb_McciTrayApp"="c:\program files\BT Business Broadband Desktop Help\btbb\BTHelpNotifier.exe" [2009-12-07 1584640]
"CanonSolutionMenu"="c:\program files\Canon\SolutionMenu\CNSLMAIN.exe" [2008-12-12 722256]
"ArcSoft Connection Service"="c:\program files\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe" [2010-10-27 207424]
"Halifax GI - Intermediaries"="c:\program files\Halifax GI - Intermediaries\Halifax GI - Intermediaries.exe" [2012-06-16 3667456]
"HP Software Update"="c:\program files\Hp\HP Software Update\HPWuSchd2.exe" [2010-06-09 49208]
"APSDaemon"="c:\program files\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2012-02-20 59240]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2012-03-06 421736]
"mcui_exe"="c:\program files\McAfee.com\Agent\mcagent.exe" [2012-03-21 1318816]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer]
"NoWelcomeScreen"= 1 (0x1)
.
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
"EditLevel"= 0 (0x0)
"NoCommonGroups"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Authentication Packages REG_MULTI_SZ msv1_0 wvauth
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\mcmscsvc]
@=""
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS]
@=""
.
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^EMBASSY Trust Suite Secure Update.lnk.disabled]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\EMBASSY Trust Suite Secure Update.lnk.disabled
backup=c:\windows\pss\EMBASSY Trust Suite Secure Update.lnk.disabledCommon Startup
.
[HKLM\~\startupfolder\C:^Documents and Settings^richards.LFS^Start Menu^Programs^Startup^SpywareGuard.lnk]
path=c:\documents and settings\richards.LFS\Start Menu\Programs\Startup\SpywareGuard.lnk
backup=c:\windows\pss\SpywareGuard.lnkStartup
.
[HKLM\~\startupfolder\C:^Documents and Settings^richards.LFS^Start Menu^Programs^Startup^TomTom HOME.lnk.disabled]
path=c:\documents and settings\richards.LFS\Start Menu\Programs\Startup\TomTom HOME.lnk.disabled
backup=c:\windows\pss\TomTom HOME.lnk.disabledStartup
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
2009-12-22 01:57 35760 ----a-w- c:\program files\Adobe\Reader 9.0\Reader\reader_sl.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
2012-03-06 19:05 421736 ----a-w- c:\program files\iTunes\iTunesHelper.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MobileConnect]
2009-09-18 17:48 2412032 ----a-w- c:\program files\Vodafone\Vodafone Mobile Connect\Bin\mobileconnect.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PCSuiteTrayApplication]
2007-06-18 15:10 271360 ----a-w- c:\program files\Nokia\Nokia PC Suite 6\launchapplication.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Skype]
2012-02-29 07:55 17148552 ----a-r- c:\program files\Skype\Phone\Skype.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"MSK80Service"=2 (0x2)
"MpfService"=2 (0x2)
"McSysmon"=3 (0x3)
"McShield"=2 (0x2)
"McProxy"=2 (0x2)
"McODS"=3 (0x3)
"McNASvc"=2 (0x2)
"mcmscsvc"=2 (0x2)
"McAfee SiteAdvisor Service"=2 (0x2)
"iPod Service"=3 (0x3)
"CCALib8"=2 (0x2)
"Canon Driver Information Assist Service"=2 (0x2)
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-]
"Dell QuickSet"=c:\program files\dell\quickset\quickset.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeAntiVirus]
"DisableMonitoring"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeFirewall]
"DisableMonitoring"=dword:00000001
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"1723:TCP"= 1723:TCP:@xpsp2res.dll,-22015
"1701:UDP"= 1701:UDP:@xpsp2res.dll,-22016
"500:UDP"= 500:UDP:@xpsp2res.dll,-22017
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\IcmpSettings]
"AllowInboundEchoRequest"= 0 (0x0)
.
R0 sptd;sptd;c:\windows\system32\drivers\sptd.sys [25/09/09 10:12 717296]
R1 mfetdi2k;McAfee Inc. mfetdi2k;c:\windows\system32\drivers\mfetdi2k.sys [11/06/12 08:42 89792]
R2 Iprip;RIP Listener;c:\windows\System32\svchost.exe -k netsvcs [11/08/04 17:00 14336]
R2 MBServiceHost;MB Service Host;c:\mbl\MBrain\Software\Mortgage Brain Framework 1.0\bin\mbServiceHost.exe [30/11/10 14:16 29184]
R2 McAfee SiteAdvisor Service;McAfee SiteAdvisor Service;"c:\program files\Common Files\Mcafee\McSvcHost\McSvHost.exe" /McCoreSvc [11/06/12 08:42 214904]
R2 McMPFSvc;McAfee Personal Firewall Service;"c:\program files\Common Files\Mcafee\McSvcHost\McSvHost.exe" /McCoreSvc [11/06/12 08:42 214904]
R2 McNaiAnn;McAfee VirusScan Announcer;"c:\program files\Common Files\Mcafee\McSvcHost\McSvHost.exe" /McCoreSvc [11/06/12 08:42 214904]
R2 mfefire;McAfee Firewall Core Service;c:\program files\Common Files\Mcafee\SystemCore\mfefire.exe [11/06/12 08:43 161632]
R2 mfevtp;McAfee Validation Trust Protection Service;c:\windows\system32\mfevtps.exe [11/06/12 08:33 159608]
R2 MSSQL$ETI;SQL Server (ETI);c:\program files\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe [10/12/10 19:29 29293408]
R2 MSSQL$MBRAIN;SQL Server (MBRAIN);c:\program files\Microsoft SQL Server\MSSQL.2\MSSQL\Binn\sqlservr.exe [10/12/10 19:29 29293408]
R2 MSSQL$OTP;MSSQL$OTP;c:\program files\Microsoft SQL Server\MSSQL$OTP\Binn\sqlservr.exe [04/05/05 01:04 9158656]
R2 VMCService;Vodafone Mobile Connect Service;c:\program files\Vodafone\Vodafone Mobile Connect\Bin\VMCService.exe [18/09/09 19:48 10752]
R3 cfwids;McAfee Inc. cfwids;c:\windows\system32\drivers\cfwids.sys [11/06/12 08:42 57600]
R3 mfefirek;McAfee Inc. mfefirek;c:\windows\system32\drivers\mfefirek.sys [11/06/12 08:42 340920]
R3 mfendiskmp;mfendiskmp;c:\windows\system32\drivers\mfendisk.sys [11/06/12 08:42 83856]
S2 ddnt;ddnt;c:\windows\system32\drivers\ddnt.sys [13/12/06 08:44 8544]
S2 gupdate;Google Update Service (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [27/09/10 23:10 136176]
S2 NokiaSuite3;NokiaSuite3;c:\windows\system32\drivers\NokiaSuite3.sys [26/05/06 07:39 837696]
S2 SkypeUpdate;Skype Updater;c:\program files\Skype\Updater\Updater.exe [29/02/12 08:50 158856]
S3 ewusbnet;HUAWEI USB-NDIS miniport;c:\windows\system32\drivers\ewusbnet.sys [25/01/10 15:45 112640]
S3 gupdatem;Google Update Service (gupdatem);c:\program files\Google\Update\GoogleUpdate.exe [27/09/10 23:10 136176]
S3 hwusbfake;Huawei DataCard USB Fake;c:\windows\system32\drivers\ewusbfake.sys [25/01/10 15:47 100480]
S3 MatSvc;Microsoft Automated Troubleshooting Service;c:\program files\Microsoft Fix it Center\Matsvc.exe [13/06/11 22:09 267568]
S3 mfendisk;McAfee Core NDIS Intermediate Filter;c:\windows\system32\drivers\mfendisk.sys [11/06/12 08:42 83856]
S3 mferkdet;McAfee Inc. mferkdet;c:\windows\system32\drivers\mferkdet.sys [11/06/12 08:42 87656]
S3 SQLAgent$OTP;SQLAgent$OTP;c:\program files\Microsoft SQL Server\MSSQL$OTP\Binn\sqlagent.EXE [03/05/05 22:42 323584]
S3 tfju17xkb.sys;tfju17xkb.sys;\??\c:\windows\system32\drivers\tfju17xkb.sys --> c:\windows\system32\drivers\tfju17xkb.sys [?]
.
--- Other Services/Drivers In Memory ---
.
*Deregistered* - mfeavfk01
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
p2psvc REG_MULTI_SZ p2psvc p2pimsvc p2pgasvc PNRPSvc
.
Contents of the 'Scheduled Tasks' folder
.
2012-06-18 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2011-06-01 16:57]
.
2012-06-21 c:\windows\Tasks\GoogleUpdateTaskMachineCore1cb6bc3a10a49e1.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-09-27 22:10]
.
2012-06-24 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-09-27 22:10]
.
2007-09-28 c:\windows\Tasks\Microsoft_Hardware_Launch_LifeExp_exe.job
- c:\program files\Microsoft LifeCam\LifeExp.exe [2007-01-13 01:48]
.
2008-05-30 c:\windows\Tasks\Microsoft_Hardware_Launch_vVX3000_exe.job
- c:\windows\vVX3000.exe [2007-09-28 23:38]
.
2010-07-30 c:\windows\Tasks\OGALogon.job
- c:\windows\system32\OGAEXEC.exe [2009-08-03 14:07]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.google.co.uk/
uInternet Settings,ProxyOverride = *.local
Trusted Zone: aegonse.co.uk\www
Trusted Zone: logmeinrescue.com\secure
Trusted Zone: uk.com\apps.openwork
Trusted Zone: uk.com\prodexternaldpos.openwork
Trusted Zone: uk.com\prodexternaltandc.openwork
Trusted Zone: uk.com\www.openwork
Trusted Zone: unipass.co.uk\www
TCP: DhcpNameServer = 192.168.1.254
FF - ProfilePath - c:\documents and settings\richards\Application Data\Mozilla\Firefox\Profiles\bd1egsa0.default\
FF - prefs.js: browser.search.selectedEngine - Secure Search
FF - prefs.js: browser.startup.homepage - hxxp://www.btbroadbandoffice.com/homepage
FF - prefs.js: keyword.URL - hxxp://uk.search.yahoo.com/search?fr=mcafee&p=
FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
FF - Ext: Skype Click to Call: {82AF8DCA-6DE9-405D-BD5E-43525BDAD38A} - c:\program files\Mozilla Firefox\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}
FF - Ext: McAfee SiteAdvisor: {4ED1F68A-5463-4931-9384-8FFF5ED91D92} - c:\program files\McAfee\SiteAdvisor
FF - user.js: dom.disable_open_during_load - true // Popupblocker control handled by McAfee Privacy Service
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2012-06-24 16:31
Windows 5.1.2600 Service Pack 3 NTFS
.
scanning hidden processes ...
.
scanning hidden autostart entries ...
.
scanning hidden files ...
.
scan completed successfully
hidden files: 0
.
**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_USERS\S-1-5-21-3533930121-66260186-3188412238-1135\Software\Microsoft\SystemCertificates\AddressBook*]
@Allowed: (Read) (RestrictedCode)
@Allowed: (Read) (RestrictedCode)
.
[HKEY_LOCAL_MACHINE\software\DeterministicNetworks\DNE\Parameters]
"SymbolicLinkValue"=hex(6):5c,00,52,00,65,00,67,00,69,00,73,00,74,00,72,00,79,
00,5c,00,4d,00,41,00,43,00,48,00,49,00,4e,00,45,00,5c,00,53,00,79,00,73,00,\
.
[HKEY_LOCAL_MACHINE\software\Intel\Wireless\Folders\¸*¬ 0 ]
"Path"="c:\\WINDOWS\\system32\\config\\systemprofile\\Application Data\\Intel\\Wireless\\"
.
--------------------- DLLs Loaded Under Running Processes ---------------------
.
- - - - - - - > 'lsass.exe'(556)
c:\windows\system32\wvauth.dll
c:\windows\system32\biolsp.dll
.
- - - - - - - > 'explorer.exe'(5528)
c:\windows\system32\WININET.dll
c:\windows\system32\ieframe.dll
c:\windows\system32\mshtml.dll
c:\windows\system32\msls31.dll
c:\windows\system32\webcheck.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
Completion time: 2012-06-24 16:38:30
ComboFix-quarantined-files.txt 2012-06-24 15:38
ComboFix2.txt 2012-06-24 09:04
ComboFix3.txt 2012-06-22 07:35
.
Pre-Run: 41,400,762,368 bytes free
Post-Run: 41,350,586,368 bytes free
.
- - End Of File - - A7C45628F1112C461EF3BC562C0AA4C7

#17
Render

Posted 24 June 2012 - 09:50 AM

Trusted Helper

Malware Removal
4,195 posts

Make sure to use Internet Explorer for this
Please go to VirSCAN.org FREE on-line scan service
Click on the Browse button near "Suspicious files to scan" box on the top of the page and navigate to the file below:
- c:\windows\system32\drivers\tfju17xkb.sys
Click on Open and then on the Upload button
If a pop-up appears saying the file has been scanned already, please select the ReScan button.
Once the Scan is completed, click on the "Copy to Clipboard" button. This will copy the link of the report into the Clipboard.
Paste the contents of the Clipboard in your next reply.

#18
RichofCamelot

Posted 24 June 2012 - 10:13 AM

Member

Topic Starter
Member
46 posts

Hi Render,

Thanks for the post, BUT c:\windows\system32\drivers\tfju17xkb.sys does not appear to exist so cannot scan it.

What next?

Many thanks

#19
Render

Posted 24 June 2012 - 10:16 AM

Trusted Helper

Malware Removal
4,195 posts

We should proceed with general antimalware scan which can take quite a long time so please be patient.

Download Virus Removal Tool (VRT) from Here to your desktop
(You have to enter your e-mail address and click on Submit Form button. Please download latest English version of this tool)

Run the programme you have just downloaded to your desktop (it will be randomly named )

First we will run a virus scan

Click the cog in the upper right
Posted Image

Select down to and including your main drive, once done select the Automatic scan tab and press Start Scan
(Please be patient as this scan can take a few hours)
Posted Image

Allow VRT to delete all infections found
Once it has finished select report tab (last tab)
Select Detected threads report from the left and press Save button
Save it to your desktop and attach to your next post

Now the Analysis

Rerun VRT and select the Manual Disinfection tab and press Start Gathering System Information

Posted Image

On completion click the link to locate the zip file to upload and attach to your next post

Posted Image

#20
RichofCamelot

Posted 24 June 2012 - 04:59 PM

Member

Topic Starter
Member
46 posts

Hi Render,

Thanks for this.

I ran the tool as instructed which took a fair time as suggested. It appeared to find 7 items which it deleted on request.

When I clicked to get the sysinfo.zip the computer seems to crash with a blank blue screen and nothing visible. after waiting a while \I decidedd to sht the machine down and started it again. VRT loaded and I clicked th file again and it appears to have found the file it produced earlier. I hope the result is as expected.

Here is the first txt file:

Status: Deleted (events: 6)
24/06/12 18:26:45 Deleted Trojan program Trojan.Win32.Siscos.re C:\AA new backup of userfiles\TBR richards\Desktop\TOOLS\Setup Programs\TrojanHunter.exe//data0004//UPX High
24/06/12 18:26:45 Deleted Trojan program Trojan.Win32.Siscos.re C:\AA new backup of userfiles\TBR richards\Desktop\TOOLS\Setup Programs\TrojanHunter.exe//data0004 High
24/06/12 18:26:45 Deleted Trojan program Trojan.Win32.Siscos.re C:\AA new backup of userfiles\TBR richards\Desktop\TOOLS\Setup Programs\TrojanHunter.exe High
24/06/12 20:45:50 Deleted Trojan program Trojan.Win32.Siscos.re C:\System Volume Information\_restore{46DE8921-1D39-44D2-A9E9-64119261F211}\RP754\A0401308.exe//data0004//UPX High
24/06/12 20:45:50 Deleted Trojan program Trojan.Win32.Siscos.re C:\System Volume Information\_restore{46DE8921-1D39-44D2-A9E9-64119261F211}\RP754\A0401308.exe//data0004 High
24/06/12 20:45:50 Deleted Trojan program Trojan.Win32.Siscos.re C:\System Volume Information\_restore{46DE8921-1D39-44D2-A9E9-64119261F211}\RP754\A0401308.exe High
Status: Disinfected (events: 8)
24/06/12 18:26:30 Disinfected Trojan program Exploit.Java.CVE-2009-3867.e C:\AA new backup of userfiles\TBR richards.lfs\Application Data\Sun\Java\Deployment\cache\6.0\10\3e4cacca-1f43ac11/seopack.class High
24/06/12 18:26:43 Disinfected Trojan program Trojan-Downloader.Java.Agent.gv C:\AA new backup of userfiles\TBR richards.lfs\Application Data\Sun\Java\Deployment\cache\6.0\49\13e7a931-63c4c639/KAK/NED/NOD32.class High
24/06/12 18:26:30 Disinfected Trojan program Exploit.Java.CVE-2009-3867.e C:\AA new backup of userfiles\TBR richards.lfs\Application Data\Sun\Java\Deployment\cache\6.0\10\3e4cacca-1f43ac11 High
24/06/12 18:26:43 Disinfected Trojan program Trojan-Downloader.Java.Agent.gw C:\AA new backup of userfiles\TBR richards.lfs\Application Data\Sun\Java\Deployment\cache\6.0\49\13e7a931-63c4c639/KAK/NED/sexxxy.class High
24/06/12 18:26:43 Disinfected Trojan program Trojan-Downloader.Java.Agent.gu C:\AA new backup of userfiles\TBR richards.lfs\Application Data\Sun\Java\Deployment\cache\6.0\49\13e7a931-63c4c639/KAK/NED/crime4u.class High
24/06/12 18:26:43 Disinfected Trojan program Trojan-Downloader.Java.Agent.gu C:\AA new backup of userfiles\TBR richards.lfs\Application Data\Sun\Java\Deployment\cache\6.0\49\13e7a931-63c4c639 High
24/06/12 18:26:54 Disinfected Trojan program Trojan-Downloader.Java.Agent.ki C:\AA new backup of userfiles\TBR richards.lfs\Application Data\Sun\Java\Deployment\cache\6.0\61\527d367d-59bc1402/sob.class High
24/06/12 18:26:54 Disinfected Trojan program Trojan-Downloader.Java.Agent.ki C:\AA new backup of userfiles\TBR richards.lfs\Application Data\Sun\Java\Deployment\cache\6.0\61\527d367d-59bc1402 High

I will now attach zip file

Good luck with this and thank you

PS just as I am wrriting this Mcafee quaranteened a trojan "Artemis!B3B53637F9CB" from combofix ?

Off to bed now, I will be available in 8 hours Thank you very much

Attached Files

avptool_sysinfo.zip 34.01KB 76 downloads

#21
Render

Posted 24 June 2012 - 05:16 PM

Trusted Helper

Malware Removal
4,195 posts

PS just as I am wrriting this Mcafee quaranteened a trojan "Artemis!B3B53637F9CB" from combofix ?

Please tell me where is this file located.

Please do the following:

Posted Image

OTL Custom Scan

Double click on the icon to run it.
Make sure all other windows are closed and to let it run uninterrupted.
When the window appears, underneath Output at the top, make sure Stadard output is selected.
Select Scan all users
Check the boxes beside LOP Check and Purity Check.

Under the Custom Scans/Fixes box copy and paste this in:

netsvcs
%SYSTEMDRIVE%\*.exe
/md5start
explorer.exe
winlogon.exe
Userinit.exe
svchost.exe
consrv.dll
/md5stop
%systemroot%\*. /mp /s
hklm\software\clients\startmenuinternet|command /rs
hklm\software\clients\startmenuinternet|command /64 /rs
CREATERESTOREPOINT

Click the button. Do not change any settings unless otherwise told to do so. The scan wont take long.
When the scan completes, it will open OTL.Txt in Notepad window.
Please copy (Edit->Select All, Edit->Copy) the content of this file and post it with your next reply.

#22
RichofCamelot

Posted 24 June 2012 - 06:10 PM

Member

Topic Starter
Member
46 posts

Hi Render,

You just caught me, must go to bed now but see below.

The combofix.exe file was on the desktop but is no linger there as it was quaranteened.

OTL run as instructed and text follows below.

Thanks again, is this as serious as it seems?

netsvcs
%SYSTEMDRIVE%\*.exe
/md5start
explorer.exe
winlogon.exe
Userinit.exe
svchost.exe
consrv.dll
/md5stop
%systemroot%\*. /mp /s
hklm\software\clients\startmenuinternet|command /rs
hklm\software\clients\startmenuinternet|command /64 /rs
CREATERESTOREPOINT

#23
RichofCamelot

Posted 24 June 2012 - 06:12 PM

Member

Topic Starter
Member
46 posts

Hi Render

Obvoiously tired but here the text really is:

OTL logfile created on: 25/06/12 00:25:36 - Run 2
OTL by OldTimer - Version 3.2.49.0 Folder = C:\Documents and Settings\richards\Desktop\TOOLS\Tools Downloads
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000809 | Country: United Kingdom | Language: ENG | Date Format: dd/MM/yy

1021.99 Mb Total Physical Memory | 555.30 Mb Available Physical Memory | 54.34% Memory free
2.07 Gb Paging File | 1.32 Gb Available in Paging File | 63.59% Paging File free
Paging file location(s): C:\pagefile.sys 1200 2400 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 93.06 Gb Total Space | 38.32 Gb Free Space | 41.18% Space Free | Partition Type: NTFS

Computer Name: CAMELOT | User Name: RichardS | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2012/06/16 11:42:37 | 000,595,968 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\richards\Desktop\TOOLS\Tools Downloads\OTL.exe
PRC - [2012/06/14 13:14:30 | 000,159,608 | ---- | M] (McAfee, Inc.) -- C:\WINDOWS\system32\mfevtps.exe
PRC - [2012/03/21 21:16:10 | 001,318,816 | ---- | M] (McAfee, Inc.) -- C:\Program Files\McAfee.com\Agent\mcagent.exe
PRC - [2012/03/20 13:05:00 | 000,161,632 | ---- | M] (McAfee, Inc.) -- C:\Program Files\Common Files\Mcafee\SystemCore\mfefire.exe
PRC - [2012/03/20 13:04:32 | 000,166,288 | ---- | M] (McAfee, Inc.) -- C:\Program Files\Common Files\Mcafee\SystemCore\mcshield.exe
PRC - [2011/11/11 17:26:16 | 000,010,752 | ---- | M] (Vodafone) -- C:\Program Files\Vodafone\Vodafone Mobile Connect\Bin\VMCService.exe
PRC - [2011/11/11 17:26:06 | 000,188,416 | ---- | M] () -- C:\Program Files\NTRU Cryptosystems\NTRU Hybrid TSS v2.0.7\bin\tcsd_win32.exe
PRC - [2011/11/11 17:25:40 | 000,380,928 | ---- | M] (Dell Inc.) -- C:\Program Files\Dell\QuickSet\NicConfigSvc.exe
PRC - [2011/11/11 17:24:23 | 000,315,392 | ---- | M] (Wave Systems Corp.) -- C:\Program Files\Wave Systems Corp\common\DataServer.exe
PRC - [2011/11/11 17:24:21 | 001,433,616 | ---- | M] (Cisco Systems, Inc.) -- C:\Program Files\Cisco Systems\VPN Client\cvpnd.exe
PRC - [2011/11/11 17:24:16 | 000,113,152 | ---- | M] (ArcSoft Inc.) -- C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe
PRC - [2011/11/11 17:24:14 | 000,262,217 | ---- | M] (Intel® Corporation) -- C:\Program Files\Intel\Wireless\Bin\WLKEEPER.exe
PRC - [2011/01/27 18:28:14 | 000,214,904 | ---- | M] (McAfee, Inc.) -- C:\Program Files\Common Files\Mcafee\McSvcHost\McSvHost.exe
PRC - [2010/11/30 14:16:18 | 000,029,184 | ---- | M] () -- C:\MBL\MBrain\Software\Mortgage Brain Framework 1.0\bin\mbServiceHost.exe
PRC - [2010/10/27 20:17:52 | 000,207,424 | ---- | M] (ArcSoft Inc.) -- C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe
PRC - [2010/08/25 11:27:44 | 000,309,824 | ---- | M] (ArcSoft Inc.) -- C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ArcCon.ac
PRC - [2009/12/07 12:56:00 | 001,584,640 | ---- | M] (Alcatel-Lucent) -- C:\Program Files\BT Business Broadband Desktop Help\btbb\BTHelpNotifier.exe
PRC - [2009/09/25 10:14:37 | 001,369,792 | ---- | M] (TrueCrypt Foundation) -- C:\Program Files\TrueCrypt\truecrypt.exe
PRC - [2009/09/18 18:48:34 | 002,412,032 | ---- | M] (Vodafone) -- C:\Program Files\Vodafone\Vodafone Mobile Connect\Bin\mobileconnect.exe
PRC - [2008/04/14 01:12:22 | 000,015,360 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\inetsrv\inetinfo.exe
PRC - [2008/04/14 01:12:19 | 001,033,728 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe

========== Modules (No Company Name) ==========

MOD - [2012/06/14 13:28:03 | 000,212,992 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.ServiceProce#\8b84bb74d7724e147a642a1d5358feb7\System.ServiceProcess.ni.dll
MOD - [2012/06/14 09:18:13 | 001,712,128 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\Microsoft.VisualBas#\359fd69eb60e9844ffd497e92345178c\Microsoft.VisualBasic.ni.dll
MOD - [2012/06/14 08:41:37 | 012,433,920 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\01abbadafaf265d9f4ac9bbb247acb98\System.Windows.Forms.ni.dll
MOD - [2012/06/14 08:41:14 | 001,592,320 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Drawing\d86f2038209a4cf0d0f5b30f6375c9b2\System.Drawing.ni.dll
MOD - [2012/06/14 08:36:56 | 003,186,688 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\System\2.0.0.0__b77a5c561934e089\System.dll
MOD - [2012/06/14 08:36:50 | 002,933,248 | ---- | M] () -- C:\WINDOWS\assembly\GAC_32\System.Data\2.0.0.0__b77a5c561934e089\System.Data.dll
MOD - [2012/06/14 08:36:48 | 000,425,984 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\System.Configuration\2.0.0.0__b03f5f7f11d50a3a\System.Configuration.dll
MOD - [2012/06/14 08:36:28 | 000,303,104 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\System.Runtime.Remoting\2.0.0.0__b77a5c561934e089\System.Runtime.Remoting.dll
MOD - [2012/06/14 08:36:23 | 000,258,048 | ---- | M] () -- C:\WINDOWS\assembly\GAC_32\System.EnterpriseServices\2.0.0.0__b03f5f7f11d50a3a\System.EnterpriseServices.dll
MOD - [2012/06/14 08:36:21 | 000,261,632 | ---- | M] () -- C:\WINDOWS\assembly\GAC_32\System.Transactions\2.0.0.0__b77a5c561934e089\System.Transactions.dll
MOD - [2012/06/14 08:36:18 | 002,048,000 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\System.Xml\2.0.0.0__b77a5c561934e089\System.Xml.dll
MOD - [2012/06/14 08:36:11 | 000,659,456 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\Microsoft.VisualBasic\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.dll
MOD - [2012/06/14 08:35:56 | 000,839,680 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\System.Web.Services\2.0.0.0__b03f5f7f11d50a3a\System.Web.Services.dll
MOD - [2012/06/14 08:35:52 | 005,246,976 | ---- | M] () -- C:\WINDOWS\assembly\GAC_32\System.Web\2.0.0.0__b03f5f7f11d50a3a\System.Web.dll
MOD - [2012/05/12 17:42:17 | 000,627,200 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Transactions\41f6f6dd0c8427d4a8e6fd3915505a6b\System.Transactions.ni.dll
MOD - [2012/05/12 17:41:57 | 000,998,400 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Management\9080c8e8e7b6dfb502c1328673d636f8\System.Management.ni.dll
MOD - [2012/05/12 17:39:02 | 000,679,936 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Security\129b15861e200613ff78ae15581f9093\System.Security.ni.dll
MOD - [2012/05/12 17:38:55 | 000,971,264 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Configuration\3d5b7368bde0f65aa15d9f46b498cc89\System.Configuration.ni.dll
MOD - [2012/05/12 08:35:27 | 005,450,752 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Xml\3bba1b8b0b5ef0be238b011cc7a0575e\System.Xml.ni.dll
MOD - [2012/05/12 08:34:05 | 006,616,576 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Data\12c6fe8d4dd78f9bddf847d3b2821c03\System.Data.ni.dll
MOD - [2012/05/12 08:32:37 | 007,953,408 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System\e4b5afc4da43b1c576f9322f9f2e1bfe\System.ni.dll
MOD - [2012/05/12 08:32:26 | 011,492,352 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\mscorlib\e337c89bc9f81b69d7237aa70e935900\mscorlib.ni.dll
MOD - [2012/03/05 21:03:44 | 000,175,616 | ---- | M] () -- C:\Documents and Settings\NetworkService\Local Settings\Application Data\assembly\dl3\Y1M0X5PK.LRL\JT1B59VE.JDJ\fb87e9e7\00ad4c0b_aa97cb01\MBSchemeManager.DLL
MOD - [2012/03/05 21:03:44 | 000,016,384 | ---- | M] () -- C:\Documents and Settings\NetworkService\Local Settings\Application Data\assembly\dl3\Y1M0X5PK.LRL\JT1B59VE.JDJ\6d6eb4e6\004d5d2a_0b3acb01\MBQuickCalculatorManager.DLL
MOD - [2012/03/05 21:03:43 | 000,061,440 | ---- | M] () -- C:\Documents and Settings\NetworkService\Local Settings\Application Data\assembly\dl3\Y1M0X5PK.LRL\JT1B59VE.JDJ\638a1b1b\002960ec_0a3acb01\MBLenderPanelData.DLL
MOD - [2012/03/05 21:03:43 | 000,053,248 | ---- | M] () -- C:\Documents and Settings\NetworkService\Local Settings\Application Data\assembly\dl3\Y1M0X5PK.LRL\JT1B59VE.JDJ\de46c531\003ddfcd_7b59cb01\MBSettingsData.DLL
MOD - [2012/03/05 21:03:43 | 000,045,056 | ---- | M] () -- C:\Documents and Settings\NetworkService\Local Settings\Application Data\assembly\dl3\Y1M0X5PK.LRL\JT1B59VE.JDJ\1087cab2\0091e9f5_0a3acb01\MBProcFeeData.DLL
MOD - [2012/03/05 21:03:43 | 000,029,696 | ---- | M] () -- C:\Documents and Settings\NetworkService\Local Settings\Application Data\assembly\dl3\Y1M0X5PK.LRL\JT1B59VE.JDJ\a94a4ec5\005671f0_7b59cb01\MBSettingsManager.DLL
MOD - [2012/03/05 21:03:42 | 000,168,960 | ---- | M] () -- C:\Documents and Settings\NetworkService\Local Settings\Application Data\assembly\dl3\Y1M0X5PK.LRL\JT1B59VE.JDJ\21540dac\00791824_17accb01\MBScheme.DLL
MOD - [2012/03/05 21:03:42 | 000,065,536 | ---- | M] () -- C:\Documents and Settings\NetworkService\Local Settings\Application Data\assembly\dl3\Y1M0X5PK.LRL\JT1B59VE.JDJ\3d264949\00f1c3cf_0a3acb01\MBCompanyData.DLL
MOD - [2012/03/05 21:03:42 | 000,028,160 | ---- | M] () -- C:\Documents and Settings\NetworkService\Local Settings\Application Data\assembly\dl3\Y1M0X5PK.LRL\JT1B59VE.JDJ\52053979\000287c5_7b59cb01\MBKFIData.DLL
MOD - [2012/03/05 21:03:41 | 000,413,696 | ---- | M] () -- C:\Documents and Settings\NetworkService\Local Settings\Application Data\assembly\dl3\Y1M0X5PK.LRL\JT1B59VE.JDJ\c7e46120\00a202ee_f45fcb01\MBKFIManager.DLL
MOD - [2012/03/05 21:03:40 | 000,065,536 | ---- | M] () -- C:\Documents and Settings\NetworkService\Local Settings\Application Data\assembly\dl3\Y1M0X5PK.LRL\JT1B59VE.JDJ\1a6e6ad9\0048a0eb_f45fcb01\MBDocumentManager.DLL
MOD - [2012/03/05 21:03:40 | 000,040,960 | ---- | M] () -- C:\Documents and Settings\NetworkService\Local Settings\Application Data\assembly\dl3\Y1M0X5PK.LRL\JT1B59VE.JDJ\cea5eacc\00120522_0b3acb01\MBProcFeeManager.DLL
MOD - [2012/03/05 21:03:40 | 000,031,232 | ---- | M] () -- C:\Documents and Settings\NetworkService\Local Settings\Application Data\assembly\dl3\Y1M0X5PK.LRL\JT1B59VE.JDJ\78139e24\002fdf8a_1075cb01\mbMTEForms.DLL
MOD - [2012/03/05 21:03:40 | 000,028,672 | ---- | M] () -- C:\Documents and Settings\NetworkService\Local Settings\Application Data\assembly\dl3\Y1M0X5PK.LRL\JT1B59VE.JDJ\1a9d2087\004ee984_1075cb01\MBLenderManager.DLL
MOD - [2012/03/05 21:03:39 | 000,049,152 | ---- | M] () -- C:\Documents and Settings\NetworkService\Local Settings\Application Data\assembly\dl3\Y1M0X5PK.LRL\JT1B59VE.JDJ\29e0446b\00e5d320_0b3acb01\MBLenderPanelManager.DLL
MOD - [2012/03/05 21:03:39 | 000,049,152 | ---- | M] () -- C:\Documents and Settings\NetworkService\Local Settings\Application Data\assembly\dl3\Y1M0X5PK.LRL\JT1B59VE.JDJ\14981b07\002fd8c3_0a3acb01\MBEventLogManager.DLL
MOD - [2012/03/05 21:03:37 | 000,017,408 | ---- | M] () -- C:\Documents and Settings\NetworkService\Local Settings\Application Data\assembly\dl3\Y1M0X5PK.LRL\JT1B59VE.JDJ\4d71d4fe\00ee196e_571fcb01\mbHost.DLL
MOD - [2012/03/05 21:02:42 | 000,065,536 | ---- | M] () -- C:\Documents and Settings\NetworkService\Local Settings\Application Data\assembly\dl3\Y1M0X5PK.LRL\JT1B59VE.JDJ\a7d2e126\00d575c1_0a3acb01\mbGeneric.DLL
MOD - [2012/03/05 21:02:41 | 000,028,160 | ---- | M] () -- C:\Documents and Settings\NetworkService\Local Settings\Application Data\assembly\dl3\Y1M0X5PK.LRL\JT1B59VE.JDJ\0e4a2cdb\001b4b6f_571fcb01\mbSystemManager.DLL
MOD - [2011/11/11 17:26:06 | 000,188,416 | ---- | M] () -- C:\Program Files\NTRU Cryptosystems\NTRU Hybrid TSS v2.0.7\bin\tcsd_win32.exe
MOD - [2011/11/02 00:26:32 | 000,087,912 | ---- | M] () -- C:\Program Files\Common Files\Apple\Apple Application Support\zlib1.dll
MOD - [2011/11/02 00:26:12 | 001,242,472 | ---- | M] () -- C:\Program Files\Common Files\Apple\Apple Application Support\libxml2.dll
MOD - [2010/11/30 14:16:18 | 000,029,184 | ---- | M] () -- C:\MBL\MBrain\Software\Mortgage Brain Framework 1.0\bin\mbServiceHost.exe
MOD - [2010/06/11 07:59:37 | 005,967,872 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\System.ServiceModel\3.0.0.0__b77a5c561934e089\System.ServiceModel.dll
MOD - [2010/06/11 07:59:35 | 000,970,752 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\System.Runtime.Serialization\3.0.0.0__b77a5c561934e089\System.Runtime.Serialization.dll
MOD - [2010/06/11 07:59:34 | 000,438,272 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\System.IdentityModel\3.0.0.0__b77a5c561934e089\System.IdentityModel.dll
MOD - [2010/06/11 07:59:34 | 000,110,592 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\SMDiagnostics\3.0.0.0__b77a5c561934e089\SMDiagnostics.dll
MOD - [2009/08/15 03:17:06 | 000,507,904 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\System.WorkflowServices\3.5.0.0__31bf3856ad364e35\System.WorkflowServices.dll
MOD - [2009/08/15 03:17:05 | 000,569,344 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\System.ServiceModel.Web\3.5.0.0__31bf3856ad364e35\System.ServiceModel.Web.dll
MOD - [2008/03/25 05:50:40 | 000,355,112 | ---- | M] () -- C:\WINDOWS\system32\msjetoledb40.dll
MOD - [2005/12/28 12:11:34 | 000,876,544 | ---- | M] () -- C:\Program Files\Intel\Wireless\Bin\Libeay32.dll
MOD - [2005/12/28 12:11:34 | 000,208,965 | ---- | M] () -- C:\Program Files\Intel\Wireless\Bin\iWMSProv.dll
MOD - [2005/12/28 12:11:34 | 000,053,322 | ---- | M] () -- C:\Program Files\Intel\Wireless\Bin\IntStngs.dll
MOD - [2005/11/30 13:33:06 | 000,348,160 | ---- | M] () -- C:\WINDOWS\system32\Tsp.dll
MOD - [2005/11/30 13:33:06 | 000,024,576 | ---- | M] () -- C:\WINDOWS\system32\TspPopup_ENU.dll
MOD - [2004/07/20 17:04:02 | 000,094,208 | ---- | M] () -- C:\WINDOWS\system32\TosBtHcrpAPI.dll

========== Win32 Services (SafeList) ==========

SRV - File not found [Auto | Stopped] -- C:\Program Files\Microsoft LifeCam\MSCamS32.exe -- (MSCamSvc)
SRV - File not found [Disabled | Stopped] -- %SystemRoot%\System32\hidserv.dll -- (HidServ)
SRV - [2012/06/14 13:14:30 | 000,159,608 | ---- | M] (McAfee, Inc.) [Auto | Running] -- C:\WINDOWS\system32\mfevtps.exe -- (mfevtp)
SRV - [2012/04/19 08:21:16 | 000,361,976 | ---- | M] (McAfee, Inc.) [On_Demand | Stopped] -- C:\Program Files\McAfee\VirusScan\mcods.exe -- (McODS)
SRV - [2012/03/20 13:05:00 | 000,161,632 | ---- | M] () [Auto | Running] -- C:\Program Files\Common Files\McAfee\SystemCore\\mfefire.exe -- (mfefire)
SRV - [2012/03/20 13:04:32 | 000,166,288 | ---- | M] () [Auto | Running] -- C:\Program Files\Common Files\McAfee\SystemCore\\mcshield.exe -- (McShield)
SRV - [2012/02/29 08:50:48 | 000,158,856 | R--- | M] (Skype Technologies) [Auto | Stopped] -- C:\Program Files\Skype\Updater\Updater.exe -- (SkypeUpdate)
SRV - [2011/11/11 17:26:16 | 000,010,752 | ---- | M] (Vodafone) [Auto | Running] -- C:\Program Files\Vodafone\Vodafone Mobile Connect\Bin\VMCService.exe -- (VMCService)
SRV - [2011/11/11 17:26:06 | 000,188,416 | ---- | M] () [Auto | Running] -- C:\Program Files\NTRU Cryptosystems\NTRU Hybrid TSS v2.0.7\bin\tcsd_win32.exe -- (tcsd_win32.exe)
SRV - [2011/11/11 17:25:40 | 000,380,928 | ---- | M] (Dell Inc.) [Auto | Running] -- C:\Program Files\Dell\QuickSet\NicConfigSvc.exe -- (NICCONFIGSVC)
SRV - [2011/11/11 17:24:23 | 000,315,392 | ---- | M] (Wave Systems Corp.) [Auto | Running] -- C:\Program Files\Wave Systems Corp\common\DataServer.exe -- (DataSvr2)
SRV - [2011/11/11 17:24:21 | 001,433,616 | ---- | M] (Cisco Systems, Inc.) [Auto | Running] -- C:\Program Files\Cisco Systems\VPN Client\cvpnd.exe -- (CVPND)
SRV - [2011/11/11 17:24:19 | 003,883,432 | ---- | M] (CANON INC.) [Disabled | Stopped] -- C:\Program Files\Canon\DIAS\CnxDIAS.exe -- (Canon Driver Information Assist Service)
SRV - [2011/11/11 17:24:16 | 000,113,152 | ---- | M] (ArcSoft Inc.) [Auto | Running] -- C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe -- (ACDaemon)
SRV - [2011/11/11 17:24:14 | 000,262,217 | ---- | M] (Intel® Corporation) [Auto | Running] -- C:\Program Files\Intel\Wireless\Bin\WLKEEPER.exe -- (WLANKEEPER) Intel®
SRV - [2011/06/13 22:09:22 | 000,267,568 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Microsoft Fix it Center\Matsvc.exe -- (MatSvc)
SRV - [2011/01/27 18:28:14 | 000,214,904 | ---- | M] (McAfee, Inc.) [Auto | Running] -- C:\Program Files\Common Files\Mcafee\McSvcHost\McSvHost.exe -- (MSK80Service)
SRV - [2011/01/27 18:28:14 | 000,214,904 | ---- | M] (McAfee, Inc.) [Auto | Running] -- C:\Program Files\Common Files\Mcafee\McSvcHost\McSvHost.exe -- (McProxy)
SRV - [2011/01/27 18:28:14 | 000,214,904 | ---- | M] (McAfee, Inc.) [Auto | Running] -- C:\Program Files\Common Files\Mcafee\McSvcHost\McSvHost.exe -- (McNASvc)
SRV - [2011/01/27 18:28:14 | 000,214,904 | ---- | M] (McAfee, Inc.) [Auto | Running] -- C:\Program Files\Common Files\Mcafee\McSvcHost\McSvHost.exe -- (McNaiAnn)
SRV - [2011/01/27 18:28:14 | 000,214,904 | ---- | M] (McAfee, Inc.) [Auto | Running] -- C:\Program Files\Common Files\Mcafee\McSvcHost\McSvHost.exe -- (mcmscsvc)
SRV - [2011/01/27 18:28:14 | 000,214,904 | ---- | M] (McAfee, Inc.) [Auto | Running] -- C:\Program Files\Common Files\Mcafee\McSvcHost\McSvHost.exe -- (McMPFSvc)
SRV - [2011/01/27 18:28:14 | 000,214,904 | ---- | M] (McAfee, Inc.) [Auto | Running] -- C:\Program Files\Common Files\Mcafee\McSvcHost\McSvHost.exe -- (McAfee SiteAdvisor Service)
SRV - [2010/11/30 14:16:18 | 000,029,184 | ---- | M] () [Auto | Running] -- C:\MBL\MBrain\Software\Mortgage Brain Framework 1.0\bin\mbServiceHost.exe -- (MBServiceHost)
SRV - [2008/04/14 01:12:22 | 000,015,360 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\WINDOWS\system32\inetsrv\inetinfo.exe -- (W3SVC)
SRV - [2008/04/14 01:12:22 | 000,015,360 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\WINDOWS\system32\inetsrv\inetinfo.exe -- (SMTPSVC) Simple Mail Transfer Protocol (SMTP)
SRV - [2008/04/14 01:12:22 | 000,015,360 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\WINDOWS\system32\inetsrv\inetinfo.exe -- (IISADMIN)
SRV - [2008/04/14 01:12:02 | 000,105,472 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\WINDOWS\system32\p2pgasvc.dll -- (p2pgasvc)
SRV - [2008/04/14 01:11:55 | 000,035,328 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\WINDOWS\system32\iprip.dll -- (Iprip)
SRV - [2007/06/15 17:55:00 | 000,300,544 | ---- | M] (Nokia.) [On_Demand | Stopped] -- C:\Program Files\PC Connectivity Solution\ServiceLayer.exe -- (ServiceLayer)
SRV - [2005/09/30 19:22:50 | 000,096,341 | ---- | M] (Canon Inc.) [Disabled | Stopped] -- C:\Program Files\Canon\CAL\CALMAIN.exe -- (CCALib8)
SRV - [2005/08/30 17:36:00 | 000,188,416 | ---- | M] (Cambridge Silicon Radio) [Disabled | Stopped] -- C:\Program Files\BlueTooth\HidSwitchService\HidSw.exe -- (Bluetooth Hid Switch Service)
SRV - [2000/02/10 12:04:34 | 000,356,352 | ---- | M] (Iomega Corporation) [Auto | Stopped] -- C:\WINDOWS\System32\ZipToA.exe -- (ZipToA)

========== Driver Services (SafeList) ==========

DRV - File not found [Kernel | On_Demand | Stopped] -- -- (WDICA)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\tfju17xkb.sys -- (tfju17xkb.sys)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDRFRAME)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDRELI)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDFRAME)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDCOMP)
DRV - File not found [Kernel | System | Stopped] -- -- (PCIDump)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\PROGRA~1\COMMON~1\Motive\MRENDIS5.SYS -- (MRENDIS5)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\PROGRA~1\COMMON~1\Motive\MREMPR5.SYS -- (MREMPR5)
DRV - File not found [Kernel | On_Demand | Unknown] -- -- (mfeavfk01)
DRV - File not found [Kernel | System | Stopped] -- -- (lbrtfdc)
DRV - File not found [Kernel | System | Stopped] -- -- (Changer)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\DOCUME~1\richards\LOCALS~1\Temp\catchme.sys -- (catchme)
DRV - [2012/06/14 13:14:30 | 000,475,704 | ---- | M] (McAfee, Inc.) [Kernel | Boot | Running] -- C:\WINDOWS\system32\drivers\mfehidk.sys -- (mfehidk)
DRV - [2012/06/14 13:14:30 | 000,087,656 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\mferkdet.sys -- (mferkdet)
DRV - [2012/02/22 13:29:46 | 000,340,920 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\mfefirek.sys -- (mfefirek)
DRV - [2012/02/22 13:29:46 | 000,180,848 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\mfeavfk.sys -- (mfeavfk)
DRV - [2012/02/22 13:29:46 | 000,121,544 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\mfeapfk.sys -- (mfeapfk)
DRV - [2012/02/22 13:29:46 | 000,089,792 | ---- | M] (McAfee, Inc.) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\mfetdi2k.sys -- (mfetdi2k)
DRV - [2012/02/22 13:29:46 | 000,083,856 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\mfendisk.sys -- (mfendiskmp)
DRV - [2012/02/22 13:29:46 | 000,083,856 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\mfendisk.sys -- (mfendisk)
DRV - [2012/02/22 13:29:46 | 000,059,456 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\mfebopk.sys -- (mfebopk)
DRV - [2012/02/22 13:29:46 | 000,057,600 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\cfwids.sys -- (cfwids)
DRV - [2010/05/19 17:00:24 | 000,021,248 | ---- | M] (Printing Communications Assoc., Inc. (PCAUSA)) [Kernel | On_Demand | Stopped] -- C:\Program Files\Common Files\Motive\MREMP50.sys -- (MREMP50)
DRV - [2010/05/19 17:00:22 | 000,020,096 | ---- | M] (Printing Communications Assoc., Inc. (PCAUSA)) [Kernel | On_Demand | Stopped] -- C:\Program Files\Common Files\Motive\MRESP50.sys -- (MRESP50)
DRV - [2010/02/11 13:02:15 | 000,226,880 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\tcpip6.sys -- (Tcpip6)
DRV - [2009/09/25 10:14:37 | 000,217,664 | ---- | M] (TrueCrypt Foundation) [Kernel | Boot | Running] -- C:\WINDOWS\system32\drivers\truecrypt.sys -- (truecrypt)
DRV - [2009/09/25 10:12:30 | 000,717,296 | ---- | M] () [Kernel | Boot | Running] -- C:\WINDOWS\system32\drivers\sptd.sys -- (sptd)
DRV - [2009/07/23 13:57:22 | 000,112,640 | R--- | M] (Huawei Technologies Co., Ltd.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ewusbnet.sys -- (ewusbnet)
DRV - [2009/07/23 13:57:22 | 000,102,528 | R--- | M] (Huawei Technologies Co., Ltd.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ewusbmdm.sys -- (hwdatacard)
DRV - [2009/07/23 13:57:22 | 000,100,480 | R--- | M] (Huawei Technologies Co., Ltd.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ewusbfake.sys -- (hwusbfake)
DRV - [2008/05/08 15:02:52 | 000,203,136 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\rmcast.sys -- (RMCAST)
DRV - [2008/04/13 19:39:44 | 000,092,544 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\mqac.sys -- (MQAC)
DRV - [2008/02/27 14:49:00 | 000,003,840 | ---- | M] () [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\BANTExt.sys -- (BANTExt)
DRV - [2006/12/13 08:44:49 | 000,008,544 | ---- | M] () [Kernel | Auto | Stopped] -- C:\WINDOWS\system32\drivers\ddnt.sys -- (ddnt)
DRV - [2006/12/06 00:39:13 | 001,964,064 | R--- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\VX3000.sys -- (VX3000)
DRV - [2006/02/10 03:31:00 | 000,039,936 | ---- | M] (TOSHIBA CORPORATION) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\tosrfusb.sys -- (Tosrfusb)
DRV - [2006/01/20 23:08:00 | 000,108,928 | ---- | M] (TOSHIBA CORPORATION) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\tosrfbd.sys -- (Tosrfbd)
DRV - [2006/01/11 23:29:42 | 000,062,848 | ---- | M] (TOSHIBA Corporation.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\tosrfhid.sys -- (Tosrfhid)
DRV - [2005/12/28 13:22:08 | 000,013,568 | ---- | M] (Intel Corporation) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\s24trans.sys -- (s24trans)
DRV - [2005/12/09 15:35:00 | 000,018,816 | ---- | M] (Dell Inc) [Kernel | Boot | Running] -- C:\WINDOWS\system32\drivers\PBADRV.sys -- (PBADRV)
DRV - [2005/12/05 06:55:30 | 001,428,096 | ---- | M] (Intel® Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\w39n51.sys -- (w39n51) Intel®
DRV - [2005/11/22 15:47:00 | 000,047,104 | ---- | M] (TOSHIBA Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\tosporte.sys -- (tosporte)
DRV - [2005/11/16 21:36:00 | 001,047,816 | ---- | M] (SigmaTel, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\sthda.sys -- (STHDA)
DRV - [2005/11/10 16:25:14 | 000,142,720 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\b57xp32.sys -- (b57w2k)
DRV - [2005/09/29 01:57:18 | 000,113,847 | R--- | M] (Alps Electric Co., Ltd.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\Apfiltr.sys -- (ApfiltrService)
DRV - [2005/09/15 23:06:08 | 000,036,480 | ---- | M] (TOSHIBA Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\tosrfbnp.sys -- (Tosrfbnp)
DRV - [2005/08/12 17:50:46 | 000,016,128 | ---- | M] (Dell Inc) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\APPDRV.SYS -- (APPDRV)
DRV - [2005/08/01 21:45:08 | 000,064,896 | ---- | M] (TOSHIBA Corporation) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\tosrfcom.sys -- (Tosrfcom)
DRV - [2005/07/11 23:58:56 | 000,003,712 | ---- | M] (TOSHIBA Corporation.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\toshidpt.sys -- (toshidpt)
DRV - [2005/05/13 22:27:56 | 000,028,672 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\usbccid.sys -- (USBCCID)
DRV - [2005/04/06 14:54:44 | 000,050,048 | ---- | M] (TOSHIBA Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\tosrfsnd.sys -- (TosRfSnd) Bluetooth Audio Device (WDM)
DRV - [2005/01/06 19:42:42 | 000,018,612 | ---- | M] (TOSHIBA Corporation.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\tosrfnds.sys -- (tosrfnds)
DRV - [2004/07/22 18:21:38 | 000,268,874 | ---- | M] (Cisco Systems, Inc.) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\CVPNDRVA.sys -- (CVPNDRVA)
DRV - [2003/08/28 22:40:26 | 000,189,792 | ---- | M] (Zone Labs Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\vsdatant.sys -- (vsdatant)
DRV - [2003/07/24 19:55:50 | 000,139,604 | ---- | M] (Deterministic Networks, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\dne2000.sys -- (DNE)
DRV - [2003/05/01 14:26:34 | 000,005,220 | ---- | M] (Cisco Systems, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\CVirtA.sys -- (CVirtA)
DRV - [1998/09/12 09:59:48 | 000,837,696 | ---- | M] (Nokia Mobile Phones Ltd.) [Kernel | Auto | Stopped] -- C:\WINDOWS\System32\drivers\NokiaSuite3.sys -- (NokiaSuite3)

========== Standard Registry (SafeList) ==========

========== Internet Explorer ==========

IE - HKLM\..\SearchScopes,DefaultScope = {6A1806CD-94D4-4689-BA73-E35EA1EA9990}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://search.live.c...ferrer:source?}
IE - HKLM\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.google.co...g}&sourceid=ie7

IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

IE - HKU\S-1-5-19\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-21-3533930121-66260186-3188412238-1135\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.co.uk/
IE - HKU\S-1-5-21-3533930121-66260186-3188412238-1135\..\SearchScopes,DefaultScope = {5C751A3C-901B-45E2-AEF3-E7FC7ADDC77D}
IE - HKU\S-1-5-21-3533930121-66260186-3188412238-1135\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://search.live.c...Box&Form=IE8SRC
IE - HKU\S-1-5-21-3533930121-66260186-3188412238-1135\..\SearchScopes\{5C751A3C-901B-45E2-AEF3-E7FC7ADDC77D}: "URL" = http://www.google.co...&rlz=1I7ADFA_en
IE - HKU\S-1-5-21-3533930121-66260186-3188412238-1135\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-21-3533930121-66260186-3188412238-1135\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

========== FireFox ==========

FF - prefs.js..browser.search.defaultenginename: "Secure Search"
FF - prefs.js..browser.search.selectedEngine: "Secure Search"
FF - prefs.js..browser.startup.homepage: "http://www.btbroadba...e.com/homepage"
FF - prefs.js..extensions.enabledItems: {4ED1F68A-5463-4931-9384-8FFF5ED91D92}:3.4.1.195
FF - prefs.js..extensions.enabledItems: {82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}:5.9.0.9216
FF - prefs.js..keyword.URL: "http://uk.search.yah...h?fr=mcafee&p="
FF - prefs.js..network.proxy.http: "127.0.0.1"
FF - prefs.js..network.proxy.http_port: 58727

FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\WINDOWS\system32\Macromed\Flash\NPSWF32.dll ()
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@mcafee.com/MSC,version=10: c:\progra~1\mcafee\msc\npmcsn~1.dll ()
FF - HKLM\Software\MozillaPlugins\@mcafee.com/MVT: C:\Program Files\McAfee\Supportability\MVT\npmvtplugin.dll (McAfee, Inc.)
FF - HKLM\Software\MozillaPlugins\@mcafee.com/SAFFPlugin: C:\Program Files\McAfee\SiteAdvisor\npmcffplg32.dll (McAfee, Inc.)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\5.1.10411.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@Motive.com/NpMotive,version=1.0: C:\Program Files\Common Files\Motive\npMotive.dll (Motive, Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.111\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.111\npGoogleUpdate3.dll (Google Inc.)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{4ED1F68A-5463-4931-9384-8FFF5ED91D92}: C:\Program Files\McAfee\SiteAdvisor [2012/06/13 11:54:04 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 3.6\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2011/10/10 16:54:21 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 3.6\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2012/01/11 12:04:31 | 000,000,000 | ---D | M]

[2010/03/11 15:56:45 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\richards\Application Data\Mozilla\Extensions
[2010/09/22 15:37:08 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\richards\Application Data\Mozilla\Firefox\Profiles\bd1egsa0.default\extensions
[2010/08/04 15:52:54 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Documents and Settings\richards\Application Data\Mozilla\Firefox\Profiles\bd1egsa0.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2012/06/22 07:54:52 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
[2012/05/02 11:18:40 | 000,000,000 | ---D | M] (Skype Click to Call) -- C:\Program Files\Mozilla Firefox\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}
[2012/06/13 11:54:04 | 000,000,000 | ---D | M] (McAfee SiteAdvisor) -- C:\PROGRAM FILES\MCAFEE\SITEADVISOR
[2011/04/14 14:01:38 | 000,024,376 | ---- | M] (McAfee, Inc.) -- C:\Program Files\mozilla firefox\components\Scriptff.dll
[2007/02/05 00:02:56 | 001,642,496 | ---- | M] (LizardTech) -- C:\Program Files\mozilla firefox\plugins\npdjvu.dll
[2010/01/16 01:55:13 | 000,001,538 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\amazon-en-GB.xml
[2010/01/16 01:55:13 | 000,000,947 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\chambers-en-GB.xml
[2010/01/16 01:55:13 | 000,000,769 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\eBay-en-GB.xml
[2011/09/15 12:47:35 | 000,002,027 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\McSiteAdvisor.xml
[2010/01/16 01:55:13 | 000,001,135 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\yahoo-en-GB.xml

O1 HOSTS File: ([2012/06/24 09:57:40 | 000,000,027 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (McAfee Phishing Filter) - {27B4851A-3207-45A2-B947-BE8AFE6163AB} - c:\progra~1\mcafee\msk\mskapbho.dll File not found
O2 - BHO: (scriptproxy) - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - C:\Program Files\Common Files\Mcafee\SystemCore\ScriptSn.20120611084309.dll (McAfee, Inc.)
O2 - BHO: (Skype Browser Helper) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O2 - BHO: (McAfee SiteAdvisor BHO) - {B164E929-A1B6-4A06-B104-2CD0E90A88FF} - c:\Program Files\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)
O3 - HKLM\..\Toolbar: (McAfee SiteAdvisor Toolbar) - {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\Program Files\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)
O3 - HKU\S-1-5-21-3533930121-66260186-3188412238-1135\..\Toolbar\WebBrowser: (no name) - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - No CLSID value found.
O4 - HKLM..\Run: [APSDaemon] C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.)
O4 - HKLM..\Run: [ArcSoft Connection Service] C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe (ArcSoft Inc.)
O4 - HKLM..\Run: [btbb_McciTrayApp] C:\Program Files\BT Business Broadband Desktop Help\btbb\BTHelpNotifier.exe (Alcatel-Lucent)
O4 - HKLM..\Run: [CanonSolutionMenu] C:\Program Files\Canon\SolutionMenu\CNSLMAIN.exe (CANON INC.)
O4 - HKLM..\Run: [Halifax GI - Intermediaries] c:\Program Files\Halifax GI - Intermediaries\Halifax GI - Intermediaries.exe (F1 Computer System Limited)
O4 - HKLM..\Run: [mcui_exe] C:\Program Files\McAfee.com\Agent\mcagent.exe (McAfee, Inc.)
O4 - HKLM..\Run: [MobileConnect] C:\Program Files\Vodafone\Vodafone Mobile Connect\Bin\MobileConnect.exe (Vodafone)
O4 - HKLM..\Run: [NvCplDaemon] C:\WINDOWS\System32\NvCpl.dll (NVIDIA Corporation)
O4 - HKU\S-1-5-21-3533930121-66260186-3188412238-1135..\Run: [TrueCrypt] C:\Program Files\TrueCrypt\TrueCrypt.exe (TrueCrypt Foundation)
O4 - Startup: C:\Documents and Settings\richards\Start Menu\Programs\Startup\_uninst_44341505.lnk = C:\Documents and Settings\richards\Local Settings\temp\_uninst_44341505.bat ()
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoWelcomeScreen = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoControlPanel = 0
O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-3533930121-66260186-3188412238-1135\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-3533930121-66260186-3188412238-1135\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: CDRAutoRun = 0
O7 - HKU\S-1-5-21-3533930121-66260186-3188412238-1135\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: EditLevel = 0
O7 - HKU\S-1-5-21-3533930121-66260186-3188412238-1135\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoFileMenu = 0
O7 - HKU\S-1-5-21-3533930121-66260186-3188412238-1135\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoCommonGroups = 0
O7 - HKU\S-1-5-21-3533930121-66260186-3188412238-1135\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKU\S-1-5-21-3533930121-66260186-3188412238-1135\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKU\S-1-5-21-3533930121-66260186-3188412238-1135\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O9 - Extra Button: Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O9 - Extra 'Tools' menuitem : Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\Program Files\Microsoft Outlook\OFFICE11\REFIEBAR.DLL (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000006 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O15 - HKU\.DEFAULT\..Trusted Domains: aegonse.co.uk ([www] http in Trusted sites)
O15 - HKU\.DEFAULT\..Trusted Domains: internet ([]about in Trusted sites)
O15 - HKU\.DEFAULT\..Trusted Domains: mcafee.com ([]http in Trusted sites)
O15 - HKU\.DEFAULT\..Trusted Domains: mcafee.com ([]https in Trusted sites)
O15 - HKU\.DEFAULT\..Trusted Domains: unipass.co.uk ([www] http in Trusted sites)
O15 - HKU\.DEFAULT\..Trusted Domains: unipass.co.uk ([www] https in Trusted sites)
O15 - HKU\S-1-5-18\..Trusted Domains: aegonse.co.uk ([www] http in Trusted sites)
O15 - HKU\S-1-5-18\..Trusted Domains: internet ([]about in Trusted sites)
O15 - HKU\S-1-5-18\..Trusted Domains: mcafee.com ([]http in Trusted sites)
O15 - HKU\S-1-5-18\..Trusted Domains: mcafee.com ([]https in Trusted sites)
O15 - HKU\S-1-5-18\..Trusted Domains: unipass.co.uk ([www] http in Trusted sites)
O15 - HKU\S-1-5-18\..Trusted Domains: unipass.co.uk ([www] https in Trusted sites)
O15 - HKU\S-1-5-21-3533930121-66260186-3188412238-1135\..Trusted Domains: aegonse.co.uk ([www] http in Trusted sites)
O15 - HKU\S-1-5-21-3533930121-66260186-3188412238-1135\..Trusted Domains: logmeinrescue.com ([secure] https in Trusted sites)
O15 - HKU\S-1-5-21-3533930121-66260186-3188412238-1135\..Trusted Domains: Servant ([]file in Local intranet)
O15 - HKU\S-1-5-21-3533930121-66260186-3188412238-1135\..Trusted Domains: uk.com ([apps.openwork] https in Trusted sites)
O15 - HKU\S-1-5-21-3533930121-66260186-3188412238-1135\..Trusted Domains: uk.com ([prodexternaldpos.openwork] https in Trusted sites)
O15 - HKU\S-1-5-21-3533930121-66260186-3188412238-1135\..Trusted Domains: uk.com ([prodexternaltandc.openwork] https in Trusted sites)
O15 - HKU\S-1-5-21-3533930121-66260186-3188412238-1135\..Trusted Domains: uk.com ([www.openwork] https in Trusted sites)
O15 - HKU\S-1-5-21-3533930121-66260186-3188412238-1135\..Trusted Domains: unipass.co.uk ([www] http in Trusted sites)
O15 - HKU\S-1-5-21-3533930121-66260186-3188412238-1135\..Trusted Domains: unipass.co.uk ([www] https in Trusted sites)
O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} Reg Error: Value error. (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.254
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: Domain = LFS.local
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{83CC34E2-6410-4E26-A9DD-CF65FA965E5E}: DhcpNameServer = 192.168.1.254
O18 - Protocol\Handler\belarc {6318E0AB-2E93-11D1-B8ED-00608CC9A71F} - C:\Program Files\Belarc\Advisor\System\BAVoilaX.dll (Belarc, Inc.)
O18 - Protocol\Handler\dssrequest {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)
O18 - Protocol\Handler\sacore {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O18 - Protocol\Filter\application/x-mfe-ipt {3EF5086B-5478-4598-A054-786C45D75692} - c:\Program Files\McAfee\MSC\McSnIePl.dll (McAfee, Inc.)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\WINDOWS\system32\userinit.exe) - C:\WINDOWS\system32\userinit.exe (Microsoft Corporation)
O30 - LSA: Authentication Packages - (wvauth) - C:\WINDOWS\System32\wvauth.dll (Wave Systems Corp.)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2004/08/11 17:15:00 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)

NetSvcs: HidServ - %SystemRoot%\System32\hidserv.dll File not found
NetSvcs: Ias - File not found
NetSvcs: Iprip - C:\WINDOWS\system32\iprip.dll (Microsoft Corporation)
NetSvcs: Irmon - File not found
NetSvcs: NWCWorkstation - File not found
NetSvcs: Nwsapagent - File not found
NetSvcs: WmdmPmSp - File not found

CREATERESTOREPOINT
Restore point Set: OTL Restore Point

========== Files/Folders - Created Within 30 Days ==========

[2012/06/24 23:39:11 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\McAfee
[2012/06/24 23:33:47 | 000,000,000 | ---D | C] -- C:\WINDOWS\LastGood
[2012/06/22 07:55:21 | 000,000,000 | ---D | C] -- C:\Documents and Settings\richards\My Documents\Downloads
[2012/06/21 19:34:03 | 004,731,392 | ---- | C] (AVAST Software) -- C:\Documents and Settings\richards\Desktop\aswMBR.exe
[2012/06/21 19:34:00 | 000,450,352 | ---- | C] (Microsoft Corporation) -- C:\Documents and Settings\richards\Desktop\FixitCenter_Run.exe
[2012/06/21 19:33:58 | 002,128,472 | ---- | C] (Kaspersky Lab ZAO) -- C:\Documents and Settings\richards\Desktop\tdsskiller.exe
[2012/06/21 14:37:48 | 000,000,000 | ---D | C] -- C:\Documents and Settings\richards\Desktop\Malware repair 210612
[2012/06/21 12:35:28 | 000,039,424 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\grpconv.exe
[2012/06/21 12:35:28 | 000,039,424 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\grpconv.exe
[2012/06/21 11:09:29 | 000,000,000 | RHSD | C] -- C:\cmdcons
[2012/06/21 11:07:09 | 000,518,144 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWREG.exe
[2012/06/21 11:07:09 | 000,406,528 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWSC.exe
[2012/06/21 11:07:09 | 000,212,480 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWXCACLS.exe
[2012/06/21 11:07:09 | 000,060,416 | ---- | C] (NirSoft) -- C:\WINDOWS\NIRCMD.exe
[2012/06/21 11:06:33 | 000,000,000 | ---D | C] -- C:\Qoobox
[2012/06/21 11:06:18 | 000,000,000 | R--D | C] -- C:\Documents and Settings\richards\My Documents\My Videos
[2012/06/21 11:05:54 | 000,000,000 | ---D | C] -- C:\WINDOWS\erdnt
[2012/06/21 09:25:18 | 000,000,000 | ---D | C] -- C:\TDSSKiller_Quarantine
[2012/06/16 11:02:08 | 000,000,000 | ---D | C] -- C:\Documents and Settings\richards\Application Data\DriverCure
[2012/06/16 11:02:07 | 000,000,000 | ---D | C] -- C:\Documents and Settings\richards\Application Data\SpeedMaxPc
[2012/06/16 11:01:39 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\SpeedMaxPc
[2012/06/16 10:07:55 | 000,000,000 | ---D | C] -- C:\WMI Diagnostics
[2012/06/14 15:42:12 | 000,113,222 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\zoneclim.dll
[2012/06/14 15:42:12 | 000,013,894 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\zonelibm.dll
[2012/06/14 15:42:11 | 000,029,760 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\znetm.dll
[2012/06/14 15:42:11 | 000,004,677 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\zeeverm.dll
[2012/06/14 15:42:10 | 000,041,029 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\zcorem.dll
[2012/06/14 15:42:08 | 000,036,937 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\zclientm.exe
[2012/06/14 15:42:07 | 000,116,224 | ---- | C] (Xerox) -- C:\WINDOWS\System32\dllcache\xrxwiadr.dll
[2012/06/14 15:42:03 | 000,023,040 | ---- | C] (Xerox Corporation) -- C:\WINDOWS\System32\dllcache\xrxwbtmp.dll
[2012/06/14 15:41:53 | 000,004,608 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\xrxflnch.exe
[2012/06/14 15:39:11 | 000,099,865 | ---- | C] (Eicon Technology) -- C:\WINDOWS\System32\dllcache\xlog.exe
[2012/06/14 15:39:07 | 000,016,970 | ---- | C] (US Robotics MCD (Megahertz)) -- C:\WINDOWS\System32\dllcache\xem336n5.sys
[2012/06/14 15:39:04 | 000,019,455 | ---- | C] (Intel® Corporation) -- C:\WINDOWS\System32\dllcache\wvchntxx.sys
[2012/06/14 15:38:54 | 000,012,063 | ---- | C] (Intel® Corporation) -- C:\WINDOWS\System32\dllcache\wsiintxx.sys
[2012/06/14 15:38:52 | 000,008,192 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\wshirda.dll
[2012/06/14 15:38:01 | 000,154,624 | ---- | C] (Lucent Technologies) -- C:\WINDOWS\System32\dllcache\wlluc48.sys
[2012/06/14 15:37:57 | 000,034,890 | ---- | C] (Raytheon Corp.) -- C:\WINDOWS\System32\dllcache\wlandrv2.sys
[2012/06/14 15:37:43 | 000,771,581 | ---- | C] (Rockwell) -- C:\WINDOWS\System32\dllcache\winacisa.sys
[2012/06/14 15:37:34 | 000,053,760 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\wiamsmud.dll
[2012/06/14 15:37:30 | 000,087,040 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\wiafbdrv.dll
[2012/06/14 15:37:28 | 000,041,600 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\weitekp9.dll
[2012/06/14 15:37:28 | 000,031,232 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\weitekp9.sys
[2012/06/14 15:37:23 | 000,701,386 | ---- | C] (3Com Corporation) -- C:\WINDOWS\System32\dllcache\wdhaalba.sys
[2012/06/14 15:37:22 | 000,023,615 | ---- | C] (Intel® Corporation) -- C:\WINDOWS\System32\dllcache\wch7xxnt.sys
[2012/06/14 15:37:20 | 000,031,744 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\wceusbsh.sys
[2012/06/14 15:37:17 | 000,035,871 | ---- | C] (Winbond Electronics Corp.) -- C:\WINDOWS\System32\dllcache\wbfirdma.sys
[2012/06/14 15:37:11 | 000,033,599 | ---- | C] (Intel® Corporation) -- C:\WINDOWS\System32\dllcache\watv04nt.sys
[2012/06/14 15:37:10 | 000,019,551 | ---- | C] (Intel® Corporation) -- C:\WINDOWS\System32\dllcache\watv02nt.sys
[2012/06/14 15:37:09 | 000,029,311 | ---- | C] (Intel® Corporation) -- C:\WINDOWS\System32\dllcache\watv01nt.sys
[2012/06/14 15:37:05 | 000,012,127 | ---- | C] (Intel® Corporation) -- C:\WINDOWS\System32\dllcache\wadv02nt.sys
[2012/06/14 15:37:05 | 000,011,775 | ---- | C] (Intel® Corporation) -- C:\WINDOWS\System32\dllcache\wadv05nt.sys
[2012/06/14 15:37:04 | 000,012,415 | ---- | C] (Intel® Corporation) -- C:\WINDOWS\System32\dllcache\wadv01nt.sys
[2012/06/14 15:36:58 | 000,016,925 | ---- | C] (Winbond Electronics Corporation) -- C:\WINDOWS\System32\dllcache\w940nd.sys
[2012/06/14 15:36:54 | 000,019,016 | ---- | C] (Winbond Electronics Corporation) -- C:\WINDOWS\System32\dllcache\w926nd.sys
[2012/06/14 15:36:50 | 000,019,528 | ---- | C] (Winbond Electronics Corporation) -- C:\WINDOWS\System32\dllcache\w840nd.sys
[2012/06/14 15:36:48 | 000,048,256 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\w32.dll
[2012/06/14 15:36:43 | 000,064,605 | ---- | C] (PCtel, Inc.) -- C:\WINDOWS\System32\dllcache\vvoice.sys
[2012/06/14 15:36:38 | 000,397,502 | ---- | C] (PCtel, Inc.) -- C:\WINDOWS\System32\dllcache\vpctcom.sys
[2012/06/14 15:36:33 | 000,604,253 | ---- | C] (PCTEL, INC.) -- C:\WINDOWS\System32\dllcache\vmodem.sys
[2012/06/14 15:36:29 | 000,249,402 | ---- | C] (Xircom) -- C:\WINDOWS\System32\dllcache\vinwm.sys
[2012/06/14 15:36:24 | 000,024,576 | ---- | C] (VIA Technologies, Inc.) -- C:\WINDOWS\System32\dllcache\viairda.sys
[2012/06/14 15:36:12 | 000,687,999 | ---- | C] (U.S. Robotics Corporation) -- C:\WINDOWS\System32\dllcache\usrwdxjs.sys
[2012/06/14 15:36:07 | 000,765,884 | ---- | C] (U.S. Robotics, Inc.) -- C:\WINDOWS\System32\dllcache\usrti.sys
[2012/06/14 15:36:02 | 000,113,762 | ---- | C] (U.S. Robotics Corporation) -- C:\WINDOWS\System32\dllcache\usrpda.sys
[2012/06/14 15:35:58 | 000,007,556 | ---- | C] (U.S. Robotics Corporation) -- C:\WINDOWS\System32\dllcache\usroslba.sys
[2012/06/14 15:35:50 | 000,224,802 | ---- | C] (U.S. Robotics Corporation) -- C:\WINDOWS\System32\dllcache\usr1807a.sys
[2012/06/14 15:35:46 | 000,794,399 | ---- | C] (U.S. Robotics, Inc.) -- C:\WINDOWS\System32\dllcache\usr1806v.sys
[2012/06/14 15:35:42 | 000,793,598 | ---- | C] (U.S. Robotics, Inc.) -- C:\WINDOWS\System32\dllcache\usr1806.sys
[2012/06/14 15:35:38 | 000,794,654 | ---- | C] (U.S. Robotics, Inc.) -- C:\WINDOWS\System32\dllcache\usr1801.sys
[2012/06/14 15:35:31 | 000,026,112 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\usbser.sys
[2012/06/14 15:35:28 | 000,017,152 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\usbohci.sys
[2012/06/14 15:35:21 | 000,032,384 | ---- | C] (KLSI USA, Inc.) -- C:\WINDOWS\System32\dllcache\usb101et.sys
[2012/06/14 15:35:09 | 000,032,339 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\uniansi.dll
[2012/06/14 15:35:05 | 000,094,720 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\umaxud32.dll
[2012/06/14 15:35:01 | 000,028,160 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\umaxu40.dll
[2012/06/14 15:34:58 | 000,026,624 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\umaxu22.dll
[2012/06/14 15:34:54 | 000,069,632 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\umaxu12.dll
[2012/06/14 15:34:51 | 000,050,688 | ---- | C] (UMAX DATA SYSTEMS INC.) -- C:\WINDOWS\System32\dllcache\umaxscan.dll
[2012/06/14 15:34:47 | 000,022,912 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\umaxpcls.sys
[2012/06/14 15:34:44 | 000,050,176 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\umaxp60.dll
[2012/06/14 15:34:40 | 000,047,616 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\umaxcam.dll
[2012/06/14 15:34:37 | 000,211,968 | ---- | C] (UMAX Data Systems Inc.) -- C:\WINDOWS\System32\dllcache\um54scan.dll
[2012/06/14 15:34:33 | 000,216,064 | ---- | C] (UMAX Data Systems Inc.) -- C:\WINDOWS\System32\dllcache\um34scan.dll
[2012/06/14 15:34:26 | 000,011,520 | ---- | C] (IBM Corporation) -- C:\WINDOWS\System32\dllcache\twotrack.sys
[2012/06/14 15:34:24 | 000,014,336 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\tsprof.exe
[2012/06/14 15:34:15 | 000,166,784 | ---- | C] (Trident Microsystems Inc.) -- C:\WINDOWS\System32\dllcache\tridxpm.sys
[2012/06/14 15:34:11 | 000,525,568 | ---- | C] (Trident Microsystems Inc.) -- C:\WINDOWS\System32\dllcache\tridxp.dll
[2012/06/14 15:34:07 | 000,159,232 | ---- | C] (Trident Microsystems Inc.) -- C:\WINDOWS\System32\dllcache\tridkbm.sys
[2012/06/14 15:34:04 | 000,440,576 | ---- | C] (Trident Microsystems Inc.) -- C:\WINDOWS\System32\dllcache\tridkb.dll
[2012/06/14 15:34:00 | 000,222,336 | ---- | C] (Trident Microsystems Inc.) -- C:\WINDOWS\System32\dllcache\trid3dm.sys
[2012/06/14 15:33:57 | 000,315,520 | ---- | C] (Trident Microsystems Inc.) -- C:\WINDOWS\System32\dllcache\trid3d.dll
[2012/06/14 15:33:52 | 000,034,375 | ---- | C] (Intel Corporation) -- C:\WINDOWS\System32\dllcache\tpro4.sys
[2012/06/14 15:33:48 | 000,042,496 | ---- | C] (IBM Corporation) -- C:\WINDOWS\System32\dllcache\tp4res.dll
[2012/06/14 15:33:47 | 000,082,944 | ---- | C] (IBM Corporation) -- C:\WINDOWS\System32\dllcache\tp4mon.exe
[2012/06/14 15:33:44 | 000,031,744 | ---- | C] (IBM Corporation) -- C:\WINDOWS\System32\dllcache\tp4.dll
[2012/06/14 15:33:32 | 000,230,912 | ---- | C] (Toshiba Corporation) -- C:\WINDOWS\System32\dllcache\tosdvd03.sys
[2012/06/14 15:33:28 | 000,241,664 | ---- | C] (Toshiba Corporation) -- C:\WINDOWS\System32\dllcache\tosdvd02.sys
[2012/06/14 15:33:24 | 000,028,232 | ---- | C] (TOSHIBA Corporation) -- C:\WINDOWS\System32\dllcache\tos4mo.sys
[2012/06/14 15:33:18 | 000,123,995 | ---- | C] (Tiger Jet Network) -- C:\WINDOWS\System32\dllcache\tjisdn.sys
[2012/06/14 15:33:12 | 000,185,344 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\thawbrkr.dll
[2012/06/14 15:33:08 | 000,138,528 | ---- | C] (Trident Microsystems Inc.) -- C:\WINDOWS\System32\dllcache\tgiulnt5.sys
[2012/06/14 15:33:05 | 000,081,408 | ---- | C] (Trident Microsystems Inc.) -- C:\WINDOWS\System32\dllcache\tgiul50.dll
[2012/06/14 15:32:58 | 000,149,376 | ---- | C] (M-Systems) -- C:\WINDOWS\System32\dllcache\tffsport.sys
[2012/06/14 15:32:55 | 000,019,464 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\tdspx.sys
[2012/06/14 15:32:52 | 000,017,129 | ---- | C] (TDK Corporation) -- C:\WINDOWS\System32\dllcache\tdkcd31.sys
[2012/06/14 15:32:48 | 000,037,961 | ---- | C] (TDK Corporation) -- C:\WINDOWS\System32\dllcache\tdk100b.sys
[2012/06/14 15:32:48 | 000,021,896 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\tdipx.sys
[2012/06/14 15:32:48 | 000,013,192 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\tdasync.sys
[2012/06/14 15:32:41 | 000,030,464 | ---- | C] (Toshiba Corporation) -- C:\WINDOWS\System32\dllcache\tbatm155.sys
[2012/06/14 15:32:34 | 000,007,040 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\tandqic.sys
[2012/06/14 15:32:30 | 000,036,640 | ---- | C] (Number Nine Visual Technology Corp.) -- C:\WINDOWS\System32\dllcache\t2r4mini.sys
[2012/06/14 15:32:27 | 000,172,768 | ---- | C] (Number Nine Visual Technology) -- C:\WINDOWS\System32\dllcache\t2r4disp.dll
[2012/06/14 15:31:56 | 000,094,293 | ---- | C] (Perle Systems Ltd. ) -- C:\WINDOWS\System32\dllcache\sxports.dll
[2012/06/14 15:31:47 | 000,103,936 | ---- | C] (Perle Systems Ltd. ) -- C:\WINDOWS\System32\dllcache\sx.sys
[2012/06/14 15:31:39 | 000,003,968 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\swusbflt.sys
[2012/06/14 15:31:36 | 000,010,240 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\swpidflt.dll
[2012/06/14 15:31:32 | 000,010,240 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\swpdflt2.dll
[2012/06/14 15:31:28 | 000,053,760 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\sw_wheel.dll
[2012/06/14 15:31:25 | 000,041,472 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\sw_effct.dll
[2012/06/14 15:31:18 | 000,155,648 | ---- | C] (Stallion Technologies) -- C:\WINDOWS\System32\dllcache\stlnprop.dll
[2012/06/14 15:31:15 | 000,053,248 | ---- | C] (Stallion Technologies) -- C:\WINDOWS\System32\dllcache\stlncoin.dll
[2012/06/14 15:31:12 | 000,285,760 | ---- | C] (Stallion Technologies) -- C:\WINDOWS\System32\dllcache\stlnata.sys
[2012/06/14 15:31:00 | 000,016,896 | ---- | C] (SCM Microsystems, Inc.) -- C:\WINDOWS\System32\dllcache\stcusb.sys
[2012/06/14 15:30:47 | 000,048,736 | ---- | C] (3Com) -- C:\WINDOWS\System32\dllcache\srwlnd5.sys
[2012/06/14 15:30:37 | 000,101,376 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\srusbusd.dll
[2012/06/14 15:30:37 | 000,099,328 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\srusd.dll
[2012/06/14 15:30:28 | 000,024,660 | ---- | C] (Perle Systems Ltd.) -- C:\WINDOWS\System32\dllcache\spxupchk.dll
[2012/06/14 15:30:09 | 000,061,824 | ---- | C] (Perle Systems Ltd.) -- C:\WINDOWS\System32\dllcache\speed.sys
[2012/06/14 15:30:06 | 000,106,584 | ---- | C] (Perle Systems Ltd.) -- C:\WINDOWS\System32\dllcache\spdports.dll
[2012/06/14 15:30:00 | 000,007,552 | ---- | C] (Sony Corporation) -- C:\WINDOWS\System32\dllcache\sonypvu1.sys
[2012/06/14 15:29:51 | 000,037,040 | ---- | C] (Sony Corporation) -- C:\WINDOWS\System32\dllcache\sonypi.sys
[2012/06/14 15:29:48 | 000,114,688 | ---- | C] (Sony Corporation) -- C:\WINDOWS\System32\dllcache\sonypi.dll
[2012/06/14 15:29:39 | 000,020,752 | ---- | C] (Sony Corporation) -- C:\WINDOWS\System32\dllcache\sonync.sys
[2012/06/14 15:29:31 | 000,009,600 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\sonymc.sys
[2012/06/14 15:29:29 | 000,007,552 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\sonyait.sys
[2012/06/14 15:29:19 | 000,007,040 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\snyaitmc.sys
[2012/06/14 15:29:04 | 000,058,368 | ---- | C] (Silicon Motion Inc.) -- C:\WINDOWS\System32\dllcache\smiminib.sys
[2012/06/14 15:29:00 | 000,147,200 | ---- | C] (Silicon Motion Inc.) -- C:\WINDOWS\System32\dllcache\smidispb.dll
[2012/06/14 15:28:50 | 000,025,034 | ---- | C] (SMC Networks, Inc.) -- C:\WINDOWS\System32\dllcache\smcpwr2n.sys
[2012/06/14 15:28:41 | 000,035,913 | ---- | C] (SMC) -- C:\WINDOWS\System32\dllcache\smcirda.sys
[2012/06/14 15:28:32 | 000,024,576 | ---- | C] (SMC Networks, Inc.) -- C:\WINDOWS\System32\dllcache\smc8000n.sys
[2012/06/14 15:28:23 | 000,006,784 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\smbhc.sys
[2012/06/14 15:28:22 | 000,006,912 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\smbclass.sys
[2012/06/14 15:28:21 | 000,016,000 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\smbbatt.sys
[2012/06/14 15:28:20 | 000,031,744 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\smb6w.dll
[2012/06/14 15:28:17 | 000,045,568 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\smb3w.dll
[2012/06/14 15:28:13 | 000,033,792 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\smb0w.dll
[2012/06/14 15:28:13 | 000,031,744 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\sma3w.dll
[2012/06/14 15:28:10 | 000,038,912 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\sm9aw.dll
[2012/06/14 15:28:10 | 000,028,672 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\sma0w.dll
[2012/06/14 15:28:10 | 000,026,624 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\sm93w.dll
[2012/06/14 15:28:09 | 000,026,624 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\sm92w.dll
[2012/06/14 15:28:06 | 000,029,184 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\sm8cw.dll
[2012/06/14 15:28:06 | 000,028,160 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\sm91w.dll
[2012/06/14 15:28:06 | 000,026,112 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\sm90w.dll
[2012/06/14 15:28:06 | 000,026,112 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\sm8dw.dll
[2012/06/14 15:28:05 | 000,030,208 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\sm87w.dll
[2012/06/14 15:28:05 | 000,030,208 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\sm81w.dll
[2012/06/14 15:28:05 | 000,026,112 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\sm8aw.dll
[2012/06/14 15:28:05 | 000,026,112 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\sm89w.dll
[2012/06/14 15:28:04 | 000,025,088 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\sm59w.dll
[2012/06/14 15:28:03 | 000,032,866 | ---- | C] (Smart Link) -- C:\WINDOWS\System32\dllcache\slrundll.exe
[2012/06/14 15:27:58 | 000,063,547 | ---- | C] (Symbol Technologies) -- C:\WINDOWS\System32\dllcache\sla30nd5.sys
[2012/06/14 15:27:49 | 000,091,294 | ---- | C] (SysKonnect, a business unit of Schneider & Koch & Co. Datensysteme GmbH.) -- C:\WINDOWS\System32\dllcache\skfpwin.sys
[2012/06/14 15:27:40 | 000,094,698 | ---- | C] (SysKonnect GmbH.) -- C:\WINDOWS\System32\dllcache\sk98xwin.sys
[2012/06/14 15:27:37 | 000,157,696 | ---- | C] (Silicon Integrated Systems Corporation) -- C:\WINDOWS\System32\dllcache\sisv256.dll
[2012/06/14 15:27:28 | 000,050,432 | ---- | C] (Silicon Integrated Systems Corporation) -- C:\WINDOWS\System32\dllcache\sisv.sys
[2012/06/14 15:27:23 | 000,032,768 | ---- | C] (SiS Corporation) -- C:\WINDOWS\System32\dllcache\sisnic.sys
[2012/06/14 15:27:19 | 000,238,592 | ---- | C] (Silicon Integrated Systems Corporation) -- C:\WINDOWS\System32\dllcache\sisgrv.dll
[2012/06/14 15:27:10 | 000,104,064 | ---- | C] (Silicon Integrated Systems Corporation) -- C:\WINDOWS\System32\dllcache\sisgrp.sys
[2012/06/14 15:27:07 | 000,150,144 | ---- | C] (Silicon Integrated Systems Corporation) -- C:\WINDOWS\System32\dllcache\sis6306v.dll
[2012/06/14 15:26:57 | 000,068,608 | ---- | C] (Silicon Integrated Systems Corporation) -- C:\WINDOWS\System32\dllcache\sis6306p.sys
[2012/06/14 15:26:54 | 000,252,032 | ---- | C] (Silicon Integrated Systems Corporation) -- C:\WINDOWS\System32\dllcache\sis300iv.dll
[2012/06/14 15:26:45 | 000,101,760 | ---- | C] (Silicon Integrated Systems Corporation) -- C:\WINDOWS\System32\dllcache\sis300ip.sys
[2012/06/14 15:26:44 | 000,042,573 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\shvlzm.exe
[2012/06/14 15:26:43 | 002,178,131 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\shvlres.dll
[2012/06/14 15:26:43 | 000,066,113 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\shvl.dll
[2012/06/14 15:26:23 | 000,161,568 | ---- | C] (Micro Systemation) -- C:\WINDOWS\System32\dllcache\sgsmusb.sys
[2012/06/14 15:26:14 | 000,018,400 | ---- | C] (Micro Systemation) -- C:\WINDOWS\System32\dllcache\sgsmld.sys
[2012/06/14 15:26:05 | 000,098,080 | ---- | C] (Trident Microsystems Inc.) -- C:\WINDOWS\System32\dllcache\sgiulnt5.sys
[2012/06/14 15:26:02 | 000,386,560 | ---- | C] (Trident Microsystems Inc.) -- C:\WINDOWS\System32\dllcache\sgiul50.dll
[2012/06/14 15:25:53 | 000,036,480 | ---- | C] (Creative Technology Ltd.) -- C:\WINDOWS\System32\dllcache\sfmanm.sys
[2012/06/14 15:25:33 | 000,017,664 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\sermouse.sys
[2012/06/14 15:25:18 | 000,006,912 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\seaddsmc.sys
[2012/06/14 15:25:16 | 000,011,520 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\scsiscan.sys
[2012/06/14 15:25:08 | 000,011,648 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\scsiprnt.sys
[2012/06/14 15:25:02 | 000,017,280 | ---- | C] (SCM Microsystems) -- C:\WINDOWS\System32\dllcache\scr111.sys
[2012/06/14 15:24:54 | 000,016,640 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\scmstcs.sys
[2012/06/14 15:24:42 | 000,023,936 | ---- | C] (OMNIKEY AG) -- C:\WINDOWS\System32\dllcache\sccmusbm.sys
[2012/06/14 15:24:34 | 000,023,936 | ---- | C] (OMNIKEY AG) -- C:\WINDOWS\System32\dllcache\sccmn50m.sys
[2012/06/14 15:24:30 | 000,043,904 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\sbp2port.sys
[2012/06/14 15:24:27 | 000,495,616 | ---- | C] (Creative Technology Ltd.) -- C:\WINDOWS\System32\dllcache\sblfx.dll
[2012/06/14 15:24:16 | 000,075,392 | ---- | C] (S3 Graphics, Inc.) -- C:\WINDOWS\System32\dllcache\s3savmxm.sys
[2012/06/14 15:24:13 | 000,245,632 | ---- | C] (S3 Graphics, Inc.) -- C:\WINDOWS\System32\dllcache\s3savmx.dll
[2012/06/14 15:24:04 | 000,077,824 | ---- | C] (S3 Incorporated) -- C:\WINDOWS\System32\dllcache\s3sav4m.sys
[2012/06/14 15:24:01 | 000,198,400 | ---- | C] (S3 Incorporated) -- C:\WINDOWS\System32\dllcache\s3sav4.dll
[2012/06/14 15:23:52 | 000,061,504 | ---- | C] (S3 Incorporated) -- C:\WINDOWS\System32\dllcache\s3sav3dm.sys
[2012/06/14 15:23:49 | 000,179,264 | ---- | C] (S3 Incorporated) -- C:\WINDOWS\System32\dllcache\s3sav3d.dll
[2012/06/14 15:23:46 | 000,210,496 | ---- | C] (S3 Incorporated) -- C:\WINDOWS\System32\dllcache\s3mvirge.dll
[2012/06/14 15:23:43 | 000,062,496 | ---- | C] (S3 Incorporated) -- C:\WINDOWS\System32\dllcache\s3mtrio.dll
[2012/06/14 15:23:33 | 000,041,216 | ---- | C] (S3 Incorporated) -- C:\WINDOWS\System32\dllcache\s3mt3d.sys
[2012/06/14 15:23:30 | 000,182,272 | ---- | C] (S3 Incorporated) -- C:\WINDOWS\System32\dllcache\s3mt3d.dll
[2012/06/14 15:23:21 | 000,166,720 | ---- | C] (S3 Incorporated) -- C:\WINDOWS\System32\dllcache\s3m.sys
[2012/06/14 15:23:12 | 000,065,664 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\s3legacy.sys
[2012/06/14 15:23:06 | 000,082,432 | ---- | C] (Ricoh Co., Ltd.) -- C:\WINDOWS\System32\dllcache\rwia450.dll
[2012/06/14 15:23:03 | 000,079,872 | ---- | C] (Ricoh Co., Ltd.) -- C:\WINDOWS\System32\dllcache\rwia430.dll
[2012/06/14 15:23:03 | 000,079,872 | ---- | C] (Ricoh Co., Ltd.) -- C:\WINDOWS\System32\dllcache\rwia330.dll
[2012/06/14 15:23:03 | 000,079,872 | ---- | C] (Ricoh Co., Ltd.) -- C:\WINDOWS\System32\dllcache\rwia001.dll
[2012/06/14 15:23:02 | 000,029,696 | ---- | C] (Ricoh Co., Ltd.) -- C:\WINDOWS\System32\dllcache\rw450ext.dll
[2012/06/14 15:23:01 | 000,027,648 | ---- | C] (Ricoh Co., Ltd.) -- C:\WINDOWS\System32\dllcache\rw430ext.dll
[2012/06/14 15:23:00 | 000,753,236 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\rvseres.dll
[2012/06/14 15:23:00 | 000,048,706 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\rvse.dll
[2012/06/14 15:23:00 | 000,042,574 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\rvsezm.exe
[2012/06/14 15:22:58 | 000,020,992 | ---- | C] (Realtek Semiconductor Corporation) -- C:\WINDOWS\System32\dllcache\rtl8139.sys
[2012/06/14 15:22:54 | 000,019,017 | ---- | C] (Realtek Semiconductor Corporation) -- C:\WINDOWS\System32\dllcache\rtl8029.sys
[2012/06/14 15:22:49 | 000,030,720 | ---- | C] (Conexant Systems Inc.) -- C:\WINDOWS\System32\dllcache\rthwcls.sys
[2012/06/14 15:22:42 | 000,009,216 | ---- | C] (Brother Industries, Ltd.) -- C:\WINDOWS\System32\dllcache\rsmgrstr.dll
[2012/06/14 15:22:37 | 000,003,840 | ---- | C] (Conexant Systems Inc.) -- C:\WINDOWS\System32\dllcache\rpfun.sys
[2012/06/14 15:22:30 | 000,079,104 | ---- | C] (Comtrol Corporation) -- C:\WINDOWS\System32\dllcache\rocket.sys
[2012/06/14 15:22:24 | 000,037,563 | ---- | C] (RadioLAN) -- C:\WINDOWS\System32\dllcache\rlnet5.sys
[2012/06/14 15:22:14 | 000,086,097 | ---- | C] (Xircom) -- C:\WINDOWS\System32\dllcache\reslog32.dll
[2012/06/14 15:22:09 | 000,014,848 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\register.exe
[2012/06/14 15:21:53 | 000,019,584 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\rasirda.sys
[2012/06/14 15:21:46 | 000,714,762 | ---- | C] (Xircom, Inc.) -- C:\WINDOWS\System32\dllcache\r2mdmkxx.sys
[2012/06/14 15:21:43 | 000,899,146 | ---- | C] (Xircom, Inc.) -- C:\WINDOWS\System32\dllcache\r2mdkxga.sys
[2012/06/14 15:21:38 | 000,041,472 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\qvusd.dll
[2012/06/14 15:21:35 | 000,016,384 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\quser.exe
[2012/06/14 15:21:35 | 000,009,728 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\query.exe
[2012/06/14 15:21:35 | 000,003,328 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\qv2kux.sys
[2012/06/14 15:21:29 | 000,006,016 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\qic157.sys
[2012/06/14 15:21:21 | 000,130,942 | ---- | C] (PCTEL, INC.) -- C:\WINDOWS\System32\dllcache\ptserlv.sys
[2012/06/14 15:21:18 | 000,112,574 | ---- | C] (PCTEL, INC.) -- C:\WINDOWS\System32\dllcache\ptserlp.sys
[2012/06/14 15:21:15 | 000,128,286 | ---- | C] (PCTEL, INC.) -- C:\WINDOWS\System32\dllcache\ptserli.sys
[2012/06/14 15:21:14 | 000,159,232 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\ptpusd.dll
[2012/06/14 15:21:11 | 000,005,632 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\ptpusb.dll
[2012/06/14 15:21:05 | 000,035,328 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\psisload.dll
[2012/06/14 15:21:01 | 000,016,128 | ---- | C] (SCM Microsystems, Inc.) -- C:\WINDOWS\System32\dllcache\pscr.sys
[2012/06/14 15:20:55 | 000,017,664 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\ppa3.sys
[2012/06/14 15:20:52 | 000,017,792 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\ppa.sys
[2012/06/14 15:20:50 | 000,008,832 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\powerfil.sys
[2012/06/14 15:20:44 | 000,007,168 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\pnrmc.sys
[2012/06/14 15:20:43 | 000,131,584 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\pmxviceo.dll
[2012/06/14 15:20:43 | 000,011,264 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\pmxmcro.dll
[2012/06/14 15:20:43 | 000,006,144 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\pmxgl.dll
[2012/06/14 15:20:34 | 000,121,344 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\phvfwext.dll
[2012/06/14 15:20:30 | 000,019,840 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\philtune.sys
[2012/06/14 15:20:27 | 000,092,416 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\phildec.sys
[2012/06/14 15:20:23 | 000,173,696 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\philcam2.sys
[2012/06/14 15:20:20 | 000,075,776 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\philcam1.sys
[2012/06/14 15:20:17 | 000,016,384 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\philcam1.dll
[2012/06/14 15:20:14 | 000,105,984 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\phdsext.ax
[2012/06/14 15:20:13 | 000,259,328 | ---- | C] (Microsoft Corp., 3Dlabs Inc. Ltd.) -- C:\WINDOWS\System32\dllcache\perm3dd.dll
[2012/06/14 15:20:12 | 000,028,032 | ---- | C] (Microsoft Corp., 3Dlabs Inc. Ltd.) -- C:\WINDOWS\System32\dllcache\perm3.sys
[2012/06/14 15:20:11 | 000,211,584 | ---- | C] (Microsoft Corp., 3Dlabs Inc. Ltd.) -- C:\WINDOWS\System32\dllcache\perm2dll.dll
[2012/06/14 15:20:10 | 000,027,904 | ---- | C] (Microsoft Corp., 3Dlabs Inc. Ltd.) -- C:\WINDOWS\System32\dllcache\perm2.sys
[2012/06/14 15:20:07 | 000,169,984 | ---- | C] (Cisco Systems) -- C:\WINDOWS\System32\dllcache\pcx500.sys
[2012/06/14 15:20:04 | 000,086,016 | ---- | C] (PCtel, Inc.) -- C:\WINDOWS\System32\dllcache\pctspk.exe
[2012/06/14 15:20:01 | 000,035,328 | ---- | C] (AMD Inc.) -- C:\WINDOWS\System32\dllcache\pcntpci5.sys
[2012/06/14 15:19:58 | 000,029,769 | ---- | C] (AMD Inc.) -- C:\WINDOWS\System32\dllcache\pcntn5m.sys
[2012/06/14 15:19:55 | 000,030,282 | ---- | C] (AMD Inc.) -- C:\WINDOWS\System32\dllcache\pcntn5hl.sys
[2012/06/14 15:19:52 | 000,026,153 | ---- | C] (Linksys) -- C:\WINDOWS\System32\dllcache\pcmlm56.sys
[2012/06/14 15:19:50 | 000,029,502 | ---- | C] (Marconi Communications, Inc.) -- C:\WINDOWS\System32\dllcache\pca200e.sys
[2012/06/14 15:19:47 | 000,030,495 | ---- | C] (Linksys) -- C:\WINDOWS\System32\dllcache\pc100nds.sys
[2012/06/14 15:19:40 | 000,041,984 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\ovui2rc.dll
[2012/06/14 15:19:37 | 000,044,544 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\ovui2.dll
[2012/06/14 15:19:34 | 000,025,216 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\ovsound2.sys
[2012/06/14 15:19:31 | 000,039,424 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\ovcoms.exe
[2012/06/14 15:19:28 | 000,020,480 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\ovcomc.dll
[2012/06/14 15:19:25 | 000,351,616 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\ovcodek2.sys
[2012/06/14 15:19:22 | 000,116,736 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\ovcodec2.dll
[2012/06/14 15:19:19 | 000,031,872 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\ovce.sys
[2012/06/14 15:19:16 | 000,028,032 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\ovcd.sys
[2012/06/14 15:19:13 | 000,048,000 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\ovcam2.sys
[2012/06/14 15:19:10 | 000,025,088 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\ovca.sys
[2012/06/14 15:19:07 | 000,054,186 | ---- | C] (Ositech Communications, Inc.) -- C:\WINDOWS\System32\dllcache\otcsercb.sys
[2012/06/14 15:19:04 | 000,043,689 | ---- | C] (Ositech Communications, Inc.) -- C:\WINDOWS\System32\dllcache\otceth5.sys
[2012/06/14 15:19:01 | 000,027,209 | ---- | C] (Ositech Communications, Inc.) -- C:\WINDOWS\System32\dllcache\otc06x5.sys
[2012/06/14 15:18:57 | 000,054,528 | ---- | C] (Yamaha Corp.) -- C:\WINDOWS\System32\dllcache\opl3sax.sys
[2012/06/14 15:18:42 | 000,198,144 | ---- | C] (NVIDIA Corporation) -- C:\WINDOWS\System32\dllcache\nv3.sys
[2012/06/14 15:18:39 | 000,123,776 | ---- | C] (NVIDIA Corporation) -- C:\WINDOWS\System32\dllcache\nv3.dll
[2012/06/14 15:18:30 | 000,051,552 | ---- | C] (Kensington Technology Group) -- C:\WINDOWS\System32\dllcache\ntgrip.sys
[2012/06/14 15:18:25 | 000,009,344 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\ntapm.sys
[2012/06/14 15:18:22 | 000,007,552 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\nsmmc.sys
[2012/06/14 15:18:21 | 000,028,672 | ---- | C] (National Semiconductor Corporation) -- C:\WINDOWS\System32\dllcache\nscirda.sys
[2012/06/14 15:18:16 | 000,087,040 | ---- | C] (NeoMagic Corporation) -- C:\WINDOWS\System32\dllcache\nm6wdm.sys
[2012/06/14 15:18:13 | 000,126,080 | ---- | C] (NeoMagic Corporation) -- C:\WINDOWS\System32\dllcache\nm5a2wdm.sys
[2012/06/14 15:18:08 | 000,032,840 | ---- | C] (NETGEAR Corporation.) -- C:\WINDOWS\System32\dllcache\ngrpci.sys
[2012/06/14 15:18:07 | 000,132,695 | ---- | C] (802.11b) -- C:\WINDOWS\System32\dllcache\netwlan5.sys
[2012/06/14 15:18:00 | 000,065,278 | ---- | C] (Compaq Computer Corporation) -- C:\WINDOWS\System32\dllcache\netflx3.sys
[2012/06/14 15:17:56 | 000,039,264 | ---- | C] (NeoMagic Corporation) -- C:\WINDOWS\System32\dllcache\neo20xx.sys
[2012/06/14 15:17:53 | 000,060,480 | ---- | C] (NeoMagic Corporation) -- C:\WINDOWS\System32\dllcache\neo20xx.dll
[2012/06/14 15:17:50 | 000,015,872 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\ne2000.sys
[2012/06/14 15:17:43 | 000,091,488 | ---- | C] (Number Nine Visual Technology Corp.) -- C:\WINDOWS\System32\dllcache\n9i3disp.dll
[2012/06/14 15:17:40 | 000,027,936 | ---- | C] (Number Nine Visual Technology Corp.) -- C:\WINDOWS\System32\dllcache\n9i3d.sys
[2012/06/14 15:17:37 | 000,033,088 | ---- | C] (Number Nine Visual Technology Corp.) -- C:\WINDOWS\System32\dllcache\n9i128v2.sys
[2012/06/14 15:17:35 | 000,059,104 | ---- | C] (Number Nine Visual Technology Corp.) -- C:\WINDOWS\System32\dllcache\n9i128v2.dll
[2012/06/14 15:17:32 | 000,013,664 | ---- | C] (Number Nine Visual Technology Corp.) -- C:\WINDOWS\System32\dllcache\n9i128.sys
[2012/06/14 15:17:29 | 000,035,392 | ---- | C] (Number Nine Visual Technology Corp.) -- C:\WINDOWS\System32\dllcache\n9i128.dll
[2012/06/14 15:17:26 | 000,128,000 | ---- | C] (Compaq Computer Corporation) -- C:\WINDOWS\System32\dllcache\n100325.sys
[2012/06/14 15:17:23 | 000,052,255 | ---- | C] (Compaq Computer Corporation) -- C:\WINDOWS\System32\dllcache\n1000nt5.sys
[2012/06/14 15:17:20 | 000,075,520 | ---- | C] (Moxa Technologies Co., Ltd.) -- C:\WINDOWS\System32\dllcache\mxport.sys
[2012/06/14 15:17:17 | 000,007,168 | ---- | C] (Moxa Technologies Co., Ltd) -- C:\WINDOWS\System32\dllcache\mxport.dll
[2012/06/14 15:17:14 | 000,019,968 | ---- | C] (Macronix International Co., Ltd. ) -- C:\WINDOWS\System32\dllcache\mxnic.sys
[2012/06/14 15:17:12 | 000,019,968 | ---- | C] (Moxa Technologies Co., Ltd) -- C:\WINDOWS\System32\dllcache\mxicfg.dll
[2012/06/14 15:17:09 | 000,021,888 | ---- | C] (Moxa Technologies Co., Ltd.) -- C:\WINDOWS\System32\dllcache\mxcard.sys
[2012/06/14 15:17:05 | 000,103,296 | ---- | C] (Matrox Graphics Inc) -- C:\WINDOWS\System32\dllcache\mtxvideo.sys
[2012/06/14 15:16:50 | 000,049,024 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\mstape.sys
[2012/06/14 15:16:44 | 000,012,416 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\msriffwv.sys
[2012/06/14 15:16:35 | 000,002,944 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\msmpu401.sys
[2012/06/14 15:16:33 | 000,022,016 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\msircomm.sys
[2012/06/14 15:16:21 | 000,035,200 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\msgame.sys
[2012/06/14 15:16:18 | 000,006,016 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\msfsio.sys
[2012/06/14 15:16:17 | 000,051,200 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\msdv.sys
[2012/06/14 15:16:03 | 000,015,232 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\mpe.sys
[2012/06/14 15:15:54 | 000,016,128 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\modemcsa.sys
[2012/06/14 15:15:46 | 000,006,528 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\miniqic.sys
[2012/06/14 15:15:44 | 000,034,304 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\migisol.exe
[2012/06/14 15:15:41 | 000,320,384 | ---- | C] (Matrox Graphics Inc.) -- C:\WINDOWS\System32\dllcache\mgaum.sys
[2012/06/14 15:15:38 | 000,235,648 | ---- | C] (Matrox Graphics Inc.) -- C:\WINDOWS\System32\dllcache\mgaud.dll
[2012/06/14 15:15:38 | 000,092,416 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\mga.sys
[2012/06/14 15:15:38 | 000,092,032 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\mga.dll
[2012/06/14 15:15:36 | 000,026,112 | ---- | C] (Sony Corporation) -- C:\WINDOWS\System32\dllcache\memstpci.sys
[2012/06/14 15:15:33 | 000,047,616 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\memgrp.dll
[2012/06/14 15:15:30 | 000,008,320 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\memcard.sys
[2012/06/14 15:15:26 | 000,164,586 | ---- | C] (Madge Networks Ltd) -- C:\WINDOWS\System32\dllcache\mdgndis5.sys
[2012/06/14 15:15:18 | 000,007,424 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\mammoth.sys
[2012/06/14 15:15:12 | 000,048,768 | ---- | C] (ESS Technology, Inc.) -- C:\WINDOWS\System32\dllcache\maestro.sys
[2012/06/14 15:15:09 | 000,058,880 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\m3092dc.dll
[2012/06/14 15:15:04 | 000,058,368 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\m3091dc.dll
[2012/06/14 15:15:01 | 000,022,848 | ---- | C] (Logitech Inc.) -- C:\WINDOWS\System32\dllcache\lwusbhid.sys
[2012/06/14 15:15:01 | 000,020,864 | ---- | C] (Logitech Inc.) -- C:\WINDOWS\System32\dllcache\lwadihid.sys
[2012/06/14 15:14:53 | 000,797,500 | ---- | C] (LT) -- C:\WINDOWS\System32\dllcache\ltsmt.sys
[2012/06/14 15:14:51 | 000,802,683 | ---- | C] (Lucent Technologies) -- C:\WINDOWS\System32\dllcache\ltsm.sys
[2012/06/14 15:14:50 | 000,007,040 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\ltotape.sys
[2012/06/14 15:14:49 | 000,420,992 | ---- | C] (LT) -- C:\WINDOWS\System32\dllcache\ltmdmntt.sys
[2012/06/14 15:14:47 | 000,576,746 | ---- | C] (LT) -- C:\WINDOWS\System32\dllcache\ltmdmntl.sys
[2012/06/14 15:14:46 | 000,606,684 | ---- | C] (LT) -- C:\WINDOWS\System32\dllcache\ltmdmnt.sys
[2012/06/14 15:14:43 | 000,727,786 | ---- | C] (Xircom, Inc.) -- C:\WINDOWS\System32\dllcache\ltck000c.sys
[2012/06/14 15:14:38 | 000,004,992 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\loop.sys
[2012/06/14 15:14:31 | 000,070,730 | ---- | C] (Linksys Group, Inc.) -- C:\WINDOWS\System32\dllcache\lne100tx.sys
[2012/06/14 15:14:28 | 000,020,573 | ---- | C] (The Linksts Group ) -- C:\WINDOWS\System32\dllcache\lne100.sys
[2012/06/14 15:14:23 | 000,025,065 | ---- | C] (D-Link) -- C:\WINDOWS\System32\dllcache\lmndis3.sys
[2012/06/14 15:14:20 | 000,015,744 | ---- | C] (Litronic Industries) -- C:\WINDOWS\System32\dllcache\lit220p.sys
[2012/06/14 15:14:17 | 000,034,688 | ---- | C] (Toshiba Corp.) -- C:\WINDOWS\System32\dllcache\lbrtfdc.sys
[2012/06/14 15:14:14 | 000,026,442 | ---- | C] (SMSC) -- C:\WINDOWS\System32\dllcache\lanepic5.sys
[2012/06/14 15:14:11 | 000,019,016 | ---- | C] (Kingston Technology Company ) -- C:\WINDOWS\System32\dllcache\ktc111.sys
[2012/06/14 15:14:04 | 000,037,376 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kousd.dll
[2012/06/14 15:14:01 | 000,253,952 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kdsusd.dll
[2012/06/14 15:14:01 | 000,048,640 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kdsui.dll
[2012/06/14 15:13:58 | 000,005,632 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kbdusa.dll
[2012/06/14 15:13:44 | 000,014,592 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kbdhid.sys
[2012/06/14 15:13:30 | 000,018,432 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\jupiw.dll
[2012/06/14 15:13:23 | 000,026,624 | ---- | C] (SigmaTel, Inc.) -- C:\WINDOWS\System32\dllcache\irstusb.sys
[2012/06/14 15:13:20 | 000,018,688 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\irsir.sys
[2012/06/14 15:13:19 | 000,028,160 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\irmon.dll
[2012/06/14 15:13:16 | 000,151,552 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\irftp.exe
[2012/06/14 15:13:16 | 000,023,552 | ---- | C] (MKNet Corporation) -- C:\WINDOWS\System32\dllcache\irmk7.sys
[2012/06/14 15:13:15 | 000,088,192 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\irda.sys
[2012/06/14 15:13:05 | 000,045,632 | ---- | C] (Interphase ® Corporation a Windows ® 2000 DDK Driver Provider) -- C:\WINDOWS\System32\dllcache\ip5515.sys
[2012/06/14 15:13:02 | 000,090,200 | ---- | C] (Perle Systems Ltd. ) -- C:\WINDOWS\System32\dllcache\io8ports.dll
[2012/06/14 15:13:00 | 000,038,784 | ---- | C] (Perle Systems Ltd. ) -- C:\WINDOWS\System32\dllcache\io8.sys
[2012/06/14 15:12:55 | 000,013,056 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\inport.sys
[2012/06/14 15:12:23 | 000,372,824 | ---- | C] (Xircom) -- C:\WINDOWS\System32\dllcache\iconf32.dll
[2012/06/14 15:12:19 | 000,100,992 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\icam5usb.sys
[2012/06/14 15:12:16 | 000,020,480 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\icam5ext.dll
[2012/06/14 15:12:14 | 000,045,056 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\icam5com.dll
[2012/06/14 15:12:11 | 000,154,496 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\icam4usb.sys
[2012/06/14 15:12:09 | 000,061,952 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\icam4ext.dll
[2012/06/14 15:12:06 | 000,091,136 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\icam4com.dll
[2012/06/14 15:12:04 | 000,026,624 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\icam3ext.dll
[2012/06/14 15:12:01 | 000,141,056 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\icam3.sys
[2012/06/14 15:11:58 | 000,038,528 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\ibmvcap.sys
[2012/06/14 15:11:55 | 000,109,085 | ---- | C] (IBM Corporation) -- C:\WINDOWS\System32\dllcache\ibmtrp.sys
[2012/06/14 15:11:53 | 000,100,936 | ---- | C] (IBM Corporation) -- C:\WINDOWS\System32\dllcache\ibmtok.sys
[2012/06/14 15:11:50 | 000,009,216 | ---- | C] (IBM Corporation) -- C:\WINDOWS\System32\dllcache\ibmsgnet.dll
[2012/06/14 15:11:47 | 000,028,700 | ---- | C] (IBM Corp.) -- C:\WINDOWS\System32\dllcache\ibmexmp.sys
[2012/06/14 15:11:45 | 000,161,020 | ---- | C] (Intel® Corporation) -- C:\WINDOWS\System32\dllcache\i81xnt5.sys
[2012/06/14 15:11:43 | 000,702,845 | ---- | C] (Intel® Corporation) -- C:\WINDOWS\System32\dllcache\i81xdnt5.dll
[2012/06/14 15:11:40 | 000,058,592 | ---- | C] (Intel Corporation) -- C:\WINDOWS\System32\dllcache\i740nt5.sys
[2012/06/14 15:11:38 | 000,353,184 | ---- | C] (Intel Corporation) -- C:\WINDOWS\System32\dllcache\i740dnt5.dll
[2012/06/14 15:11:13 | 000,488,383 | ---- | C] (Conexant) -- C:\WINDOWS\System32\dllcache\hsf_v124.sys
[2012/06/14 15:11:11 | 000,050,751 | ---- | C] (Conexant) -- C:\WINDOWS\System32\dllcache\hsf_tone.sys
[2012/06/14 15:11:08 | 000,073,279 | ---- | C] (Conexant) -- C:\WINDOWS\System32\dllcache\hsf_spkp.sys
[2012/06/14 15:11:06 | 000,044,863 | ---- | C] (Conexant) -- C:\WINDOWS\System32\dllcache\hsf_soar.sys
[2012/06/14 15:11:03 | 000,057,471 | ---- | C] (Conexant) -- C:\WINDOWS\System32\dllcache\hsf_samp.sys
[2012/06/14 15:11:00 | 000,542,879 | ---- | C] (Conexant) -- C:\WINDOWS\System32\dllcache\hsf_msft.sys
[2012/06/14 15:10:58 | 000,391,199 | ---- | C] (Conexant) -- C:\WINDOWS\System32\dllcache\hsf_k56k.sys
[2012/06/14 15:10:55 | 000,009,759 | ---- | C] (Conexant) -- C:\WINDOWS\System32\dllcache\hsf_inst.dll
[2012/06/14 15:10:53 | 000,115,807 | ---- | C] (Conexant) -- C:\WINDOWS\System32\dllcache\hsf_fsks.sys
[2012/06/14 15:10:51 | 000,199,711 | ---- | C] (Conexant) -- C:\WINDOWS\System32\dllcache\hsf_faxx.sys
[2012/06/14 15:10:48 | 000,289,887 | ---- | C] (Conexant) -- C:\WINDOWS\System32\dllcache\hsf_fall.sys
[2012/06/14 15:10:46 | 000,067,167 | ---- | C] (Conexant) -- C:\WINDOWS\System32\dllcache\hsf_bsc2.sys
[2012/06/14 15:10:43 | 000,150,239 | ---- | C] (Conexant) -- C:\WINDOWS\System32\dllcache\hsf_amos.sys
[2012/06/14 15:10:42 | 001,175,635 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\hrtzres.dll
[2012/06/14 15:10:42 | 000,057,409 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\hrtz.dll
[2012/06/14 15:10:42 | 000,042,573 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\hrtzzm.exe
[2012/06/14 15:10:39 | 000,019,456 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\hr1w.dll
[2012/06/14 15:10:36 | 000,005,760 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\hpt4qic.sys
[2012/06/14 15:10:34 | 000,013,312 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\hpsjmcro.dll
[2012/06/14 15:10:32 | 000,324,608 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\hpojwia.dll
[2012/06/14 15:10:29 | 000,032,768 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\hpgtmcro.dll
[2012/06/14 15:10:27 | 000,068,608 | ---- | C] (Avisioin) -- C:\WINDOWS\System32\dllcache\hpgt53tk.dll
[2012/06/14 15:10:22 | 000,031,232 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\hpgt42tk.dll
[2012/06/14 15:10:17 | 000,126,976 | ---- | C] (Hewlett Packard) -- C:\WINDOWS\System32\dllcache\hpgt34tk.dll
[2012/06/14 15:10:12 | 000,048,128 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\hpgt33tk.dll
[2012/06/14 15:10:08 | 000,123,392 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\hpgt21tk.dll
[2012/06/14 15:10:01 | 000,119,296 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\hpdigwia.dll
[2012/06/14 15:09:51 | 000,021,504 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\hidserv.dll
[2012/06/14 15:09:51 | 000,002,688 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\hidswvd.sys
[2012/06/14 15:09:48 | 000,008,576 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\hidgame.sys
[2012/06/14 15:09:47 | 000,020,352 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\hidbatt.sys
[2012/06/14 15:09:37 | 000,907,456 | ---- | C] (Conexant) -- C:\WINDOWS\System32\dllcache\hcf_msft.sys
[2012/06/14 15:09:33 | 000,028,288 | ---- | C] (Gemplus) -- C:\WINDOWS\System32\dllcache\grserial.sys
[2012/06/14 15:09:23 | 000,082,304 | ---- | C] (Gemplus) -- C:\WINDOWS\System32\dllcache\grclass.sys
[2012/06/14 15:09:20 | 000,017,408 | ---- | C] (Gemplus) -- C:\WINDOWS\System32\dllcache\gpr400.sys
[2012/06/14 15:09:07 | 000,059,136 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\gckernel.sys
[2012/06/14 15:09:06 | 000,010,624 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\gameenum.sys
[2012/06/14 15:09:03 | 000,322,432 | ---- | C] (Matrox Graphics Inc.) -- C:\WINDOWS\System32\dllcache\g400m.sys
[2012/06/14 15:09:01 | 001,733,120 | ---- | C] (Matrox Graphics Inc.) -- C:\WINDOWS\System32\dllcache\g400d.dll
[2012/06/14 15:08:59 | 000,320,384 | ---- | C] (Matrox Graphics Inc.) -- C:\WINDOWS\System32\dllcache\g200m.sys
[2012/06/14 15:08:57 | 000,470,144 | ---- | C] (Matrox Graphics Inc.) -- C:\WINDOWS\System32\dllcache\g200d.dll
[2012/06/14 15:08:55 | 000,454,912 | ---- | C] (AVM GmbH) -- C:\WINDOWS\System32\dllcache\fxusbase.sys
[2012/06/14 15:08:36 | 000,092,160 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\fuusd.dll
[2012/06/14 15:08:34 | 000,455,296 | ---- | C] (AVM GmbH) -- C:\WINDOWS\System32\dllcache\fusbbase.sys
[2012/06/14 15:08:32 | 000,455,680 | ---- | C] (AVM GmbH) -- C:\WINDOWS\System32\dllcache\fus2base.sys
[2012/06/14 15:08:31 | 000,007,680 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\ftpctrs2.dll
[2012/06/14 15:08:29 | 000,006,144 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\ftlx041e.dll
[2012/06/14 15:08:22 | 000,442,240 | ---- | C] (AVM GmbH) -- C:\WINDOWS\System32\dllcache\fpnpbase.sys
[2012/06/14 15:08:20 | 000,441,728 | ---- | C] (AVM GmbH) -- C:\WINDOWS\System32\dllcache\fpcmbase.sys
[2012/06/14 15:08:17 | 000,444,416 | ---- | C] (AVM GmbH) -- C:\WINDOWS\System32\dllcache\fpcibase.sys
[2012/06/14 15:08:11 | 000,034,173 | ---- | C] (Marconi Communications, Inc.) -- C:\WINDOWS\System32\dllcache\forehe.sys
[2012/06/14 15:08:07 | 000,071,680 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\fnfilter.dll
[2012/06/14 15:08:05 | 000,014,848 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\flattemp.exe
[2012/06/14 15:07:59 | 000,027,165 | ---- | C] (VIA Technologies, Inc. ) -- C:\WINDOWS\System32\dllcache\fetnd5.sys
[2012/06/14 15:07:53 | 000,022,090 | ---- | C] (3Com Corporation) -- C:\WINDOWS\System32\dllcache\fem556n5.sys
[2012/06/14 15:07:47 | 000,024,618 | ---- | C] (NETGEAR) -- C:\WINDOWS\System32\dllcache\fa410nd5.sys
[2012/06/14 15:07:45 | 000,016,074 | ---- | C] (NETGEAR Corp.) -- C:\WINDOWS\System32\dllcache\fa312nd5.sys
[2012/06/14 15:07:42 | 000,011,850 | ---- | C] (FUJITSU LIMITED) -- C:\WINDOWS\System32\dllcache\f3ab18xj.sys
[2012/06/14 15:07:39 | 000,012,362 | ---- | C] (FUJITSU LIMITED) -- C:\WINDOWS\System32\dllcache\f3ab18xi.sys
[2012/06/14 15:07:32 | 000,007,040 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\exabyte2.sys
[2012/06/14 15:07:30 | 000,016,998 | ---- | C] (Intel Corporation) -- C:\WINDOWS\System32\dllcache\ex10.sys
[2012/06/14 15:07:26 | 000,045,056 | ---- | C] (SEIKO EPSON CORP.) -- C:\WINDOWS\System32\dllcache\esunid.dll
[2012/06/14 15:07:26 | 000,025,856 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\et4000.sys
[2012/06/14 15:07:24 | 000,045,568 | ---- | C] (SEIKO EPSON CORP.) -- C:\WINDOWS\System32\dllcache\esunib.dll
[2012/06/14 15:07:22 | 000,057,856 | ---- | C] (SEIKO EPSON CORP.) -- C:\WINDOWS\System32\dllcache\esuimgd.dll
[2012/06/14 15:07:22 | 000,045,568 | ---- | C] (SEIKO EPSON CORP.) -- C:\WINDOWS\System32\dllcache\esuni.dll
[2012/06/14 15:07:20 | 000,034,816 | ---- | C] (SEIKO EPSON CORP.) -- C:\WINDOWS\System32\dllcache\esuimg.dll
[2012/06/14 15:07:20 | 000,031,744 | ---- | C] (SEIKO EPSON CORP.) -- C:\WINDOWS\System32\dllcache\esucmd.dll
[2012/06/14 15:07:18 | 000,043,008 | ---- | C] (SEIKO EPSON CORP.) -- C:\WINDOWS\System32\dllcache\esucm.dll
[2012/06/14 15:07:16 | 000,137,088 | ---- | C] (ESS Technology, Inc.) -- C:\WINDOWS\System32\dllcache\essm2e.sys
[2012/06/14 15:07:12 | 000,063,360 | ---- | C] (ESS Technology, Inc.) -- C:\WINDOWS\System32\dllcache\ess.sys
[2012/06/14 15:07:06 | 000,347,550 | ---- | C] (ESS Technology, Inc.) -- C:\WINDOWS\System32\dllcache\es56tpi.sys
[2012/06/14 15:07:04 | 000,594,238 | ---- | C] (ESS Technology, Inc.) -- C:\WINDOWS\System32\dllcache\es56hpi.sys
[2012/06/14 15:07:02 | 000,595,647 | ---- | C] (ESS Technology, Inc.) -- C:\WINDOWS\System32\dllcache\es56cvmp.sys
[2012/06/14 15:07:00 | 000,174,464 | ---- | C] (ESS Technology, Inc.) -- C:\WINDOWS\System32\dllcache\es198x.sys
[2012/06/14 15:06:58 | 000,072,192 | ---- | C] (ESS Technology Inc.) -- C:\WINDOWS\System32\dllcache\es1969.sys
[2012/06/14 15:06:55 | 000,040,704 | ---- | C] (Creative Technology Ltd.) -- C:\WINDOWS\System32\dllcache\es1371mp.sys
[2012/06/14 15:06:54 | 000,037,120 | ---- | C] (Creative Technology Ltd.) -- C:\WINDOWS\System32\dllcache\es1370mp.sys
[2012/06/14 15:06:51 | 000,061,952 | ---- | C] (Equinox Systems Inc.) -- C:\WINDOWS\System32\dllcache\eqnloop.exe
[2012/06/14 15:06:49 | 000,051,200 | ---- | C] (Equinox Systems Inc.) -- C:\WINDOWS\System32\dllcache\eqnlogr.exe
[2012/06/14 15:06:46 | 000,053,248 | ---- | C] (Equinox Systems Inc.) -- C:\WINDOWS\System32\dllcache\eqndiag.exe
[2012/06/14 15:06:44 | 000,629,952 | ---- | C] (Equinox Systems Inc.) -- C:\WINDOWS\System32\dllcache\eqn.sys
[2012/06/14 15:06:42 | 000,114,944 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\epstw2k.sys
[2012/06/14 15:06:35 | 000,018,503 | ---- | C] (Intel Corporation) -- C:\WINDOWS\System32\dllcache\epro4.sys
[2012/06/14 15:06:28 | 000,144,896 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\epcfw2k.sys
[2012/06/14 15:06:25 | 000,283,904 | ---- | C] (Creative Technology Ltd.) -- C:\WINDOWS\System32\dllcache\emu10k1m.sys
[2012/06/14 15:05:58 | 000,019,996 | ---- | C] (3Com Corporation) -- C:\WINDOWS\System32\dllcache\em556n4.sys
[2012/06/14 15:05:50 | 000,025,159 | ---- | C] (3Com Corporation) -- C:\WINDOWS\System32\dllcache\elnk3.sys
[2012/06/14 15:05:43 | 000,007,296 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\elmsmc.sys
[2012/06/14 15:05:36 | 000,171,520 | ---- | C] (3Com Corporation) -- C:\WINDOWS\System32\dllcache\el99xn51.sys
[2012/06/14 15:05:29 | 000,070,174 | ---- | C] (3Com Corporation) -- C:\WINDOWS\System32\dllcache\el98xn5.sys
[2012/06/14 15:05:23 | 000,455,199 | ---- | C] (3Com Corporation.) -- C:\WINDOWS\System32\dllcache\el985n51.sys
[2012/06/14 15:05:21 | 000,153,631 | ---- | C] (3Com Corporation) -- C:\WINDOWS\System32\dllcache\el90xnd5.sys
[2012/06/14 15:05:20 | 000,066,591 | ---- | C] (3Com Corporation) -- C:\WINDOWS\System32\dllcache\el90xbc5.sys
[2012/06/14 15:05:13 | 000,241,206 | ---- | C] (3Com Corporation) -- C:\WINDOWS\System32\dllcache\el656se5.sys
[2012/06/14 15:05:12 | 000,077,386 | ---- | C] (3Com Corporation) -- C:\WINDOWS\System32\dllcache\el656nd5.sys
[2012/06/14 15:05:10 | 000,634,134 | ---- | C] (3Com Corporation) -- C:\WINDOWS\System32\dllcache\el656ct5.sys
[2012/06/14 15:05:09 | 000,069,194 | ---- | C] (3Com Corporation) -- C:\WINDOWS\System32\dllcache\el656cd5.sys
[2012/06/14 15:05:02 | 000,026,141 | ---- | C] (3Com Corporation) -- C:\WINDOWS\System32\dllcache\el589nd5.sys
[2012/06/14 15:04:55 | 000,069,692 | ---- | C] (3Com Corporation) -- C:\WINDOWS\System32\dllcache\el575nd5.sys
[2012/06/14 15:04:48 | 000,024,653 | ---- | C] (3Com Corporation) -- C:\WINDOWS\System32\dllcache\el574nd4.sys
[2012/06/14 15:04:41 | 000,055,999 | ---- | C] (3Com Corporation) -- C:\WINDOWS\System32\dllcache\el556nd5.sys
[2012/06/14 15:04:34 | 000,044,103 | ---- | C] (3Com Corporation) -- C:\WINDOWS\System32\dllcache\el515.sys
[2012/06/14 15:04:32 | 000,514,587 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\edb500.dll
[2012/06/14 15:04:21 | 000,019,594 | ---- | C] (Intel Corporation) -- C:\WINDOWS\System32\dllcache\e100isa4.sys
[2012/06/14 15:04:18 | 000,050,719 | ---- | C] (Intel Corporation) -- C:\WINDOWS\System32\dllcache\e1000nt5.sys
[2012/06/14 15:03:53 | 000,020,992 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\dshowext.ax
[2012/06/14 15:03:50 | 000,334,208 | ---- | C] (Yamaha Corp.) -- C:\WINDOWS\System32\dllcache\ds1wdm.sys
[2012/06/14 15:03:34 | 000,028,062 | ---- | C] (National Semiconductor Coproration) -- C:\WINDOWS\System32\dllcache\dp83820.sys
[2012/06/14 15:03:32 | 000,023,808 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\dot4usb.sys
[2012/06/14 15:03:31 | 000,008,704 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\dot4scan.sys
[2012/06/14 15:03:30 | 000,012,928 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\dot4prt.sys
[2012/06/14 15:03:29 | 000,206,976 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\dot4.sys
[2012/06/14 15:03:16 | 000,029,696 | ---- | C] (CNet Technology, Inc. ) -- C:\WINDOWS\System32\dllcache\dm9pci5.sys
[2012/06/14 15:03:15 | 000,008,320 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\dlttape.sys
[2012/06/14 15:03:14 | 000,026,698 | ---- | C] (D-Link Corporation) -- C:\WINDOWS\System32\dllcache\dlh5xnd5.sys
[2012/06/14 15:03:13 | 000,952,007 | ---- | C] (Eicon Technology) -- C:\WINDOWS\System32\dllcache\diwan.sys
[2012/06/14 15:03:08 | 000,236,060 | ---- | C] (Eicon Technology) -- C:\WINDOWS\System32\dllcache\ditrace.exe
[2012/06/14 15:03:07 | 000,038,985 | ---- | C] (Eicon Technology) -- C:\WINDOWS\System32\dllcache\disrvsu.dll
[2012/06/14 15:03:05 | 000,031,305 | ---- | C] (Eicon Technology) -- C:\WINDOWS\System32\dllcache\disrvpp.dll
[2012/06/14 15:03:04 | 000,006,729 | ---- | C] (Eicon Technology) -- C:\WINDOWS\System32\dllcache\disrvci.dll
[2012/06/14 15:03:00 | 000,091,305 | ---- | C] (Eicon Technology) -- C:\WINDOWS\System32\dllcache\dimaint.sys
[2012/06/14 15:02:58 | 000,614,429 | ---- | C] (Digi International Inc.) -- C:\WINDOWS\System32\dllcache\digiview.exe
[2012/06/14 15:02:57 | 000,042,432 | ---- | C] (Digi International, Inc.) -- C:\WINDOWS\System32\dllcache\digirlpt.sys
[2012/06/14 15:02:55 | 000,110,621 | ---- | C] (Digi International, Inc.) -- C:\WINDOWS\System32\dllcache\digirlpt.dll
[2012/06/14 15:02:54 | 000,021,606 | ---- | C] (Digi International Inc.) -- C:\WINDOWS\System32\dllcache\digiisdn.sys
[2012/06/14 15:02:53 | 000,041,046 | ---- | C] (Digi International Inc.) -- C:\WINDOWS\System32\dllcache\digiisdn.dll
[2012/06/14 15:02:52 | 000,102,484 | ---- | C] (Digi International Inc.) -- C:\WINDOWS\System32\dllcache\digiinf.dll
[2012/06/14 15:02:51 | 000,159,828 | ---- | C] (Digi International Inc.) -- C:\WINDOWS\System32\dllcache\digihlc.dll
[2012/06/14 15:02:49 | 000,229,462 | ---- | C] (Digi International Inc.) -- C:\WINDOWS\System32\dllcache\digifwrk.dll
[2012/06/14 15:02:48 | 000,090,525 | ---- | C] (Digi International Inc.) -- C:\WINDOWS\System32\dllcache\digifep5.sys
[2012/06/14 15:02:47 | 000,103,044 | ---- | C] (Digi International Inc.) -- C:\WINDOWS\System32\dllcache\digidxb.sys
[2012/06/14 15:02:45 | 000,131,156 | ---- | C] (Digi International Inc.) -- C:\WINDOWS\System32\dllcache\digidbp.dll
[2012/06/14 15:02:44 | 000,037,735 | ---- | C] (Digi International Inc.) -- C:\WINDOWS\System32\dllcache\digiasyn.sys
[2012/06/14 15:02:43 | 000,065,622 | ---- | C] (Digi International Inc.) -- C:\WINDOWS\System32\dllcache\digiasyn.dll
[2012/06/14 15:02:38 | 000,419,357 | ---- | C] (Digi International) -- C:\WINDOWS\System32\dllcache\dgconfig.dll
[2012/06/14 15:02:37 | 000,029,531 | ---- | C] (Digi International Inc.) -- C:\WINDOWS\System32\dllcache\dgapci.sys
[2012/06/14 15:02:34 | 000,024,649 | ---- | C] (D-Link) -- C:\WINDOWS\System32\dllcache\dfe650d.sys
[2012/06/14 15:02:33 | 000,024,648 | ---- | C] (D-Link) -- C:\WINDOWS\System32\dllcache\dfe650.sys
[2012/06/14 15:02:31 | 000,024,064 | ---- | C] (Creative Technology Ltd.) -- C:\WINDOWS\System32\dllcache\devldr32.exe
[2012/06/14 15:02:30 | 000,256,512 | ---- | C] (Creative Technology Ltd.) -- C:\WINDOWS\System32\dllcache\devcon32.dll
[2012/06/14 15:02:28 | 000,020,928 | ---- | C] (Digital Networks, LLC) -- C:\WINDOWS\System32\dllcache\defpa.sys
[2012/06/14 15:02:26 | 000,007,424 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\ddsmc.sys
[2012/06/14 15:02:23 | 000,110,592 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\dc260usd.dll
[2012/06/14 15:02:22 | 000,086,016 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\dc240usd.dll
[2012/06/14 15:02:21 | 000,063,208 | ---- | C] (Intel Corporation.) -- C:\WINDOWS\System32\dllcache\dc21x4.sys
[2012/06/14 15:02:20 | 000,080,896 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\dc210usd.dll
[2012/06/14 15:02:18 | 000,025,600 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\dc210_32.dll
[2012/06/14 15:02:08 | 000,117,760 | ---- | C] (Intel Corporation) -- C:\WINDOWS\System32\dllcache\d100ib5.sys
[2012/06/14 15:02:07 | 000,027,648 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\cyzports.dll
[2012/06/14 15:02:05 | 000,049,792 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\cyzport.sys
[2012/06/14 15:02:03 | 000,027,136 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\cyzcoins.dll
[2012/06/14 15:02:02 | 000,027,648 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\cyyports.dll
[2012/06/14 15:02:01 | 000,050,176 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\cyyport.sys
[2012/06/14 15:02:00 | 000,028,672 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\cyycoins.dll
[2012/06/14 15:01:59 | 000,014,848 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\cyclom-y.sys
[2012/06/14 15:01:57 | 000,048,640 | ---- | C] (Crystal Semiconductor Corp.) -- C:\WINDOWS\System32\dllcache\cwrwdm.sys
[2012/06/14 15:01:57 | 000,017,152 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\cyclad-z.sys
[2012/06/14 15:01:56 | 000,093,952 | ---- | C] (Crystal Semiconductor Corp.) -- C:\WINDOWS\System32\dllcache\cwcwdm.sys
[2012/06/14 15:01:55 | 000,111,872 | ---- | C] (Crystal Semiconductor Corp.) -- C:\WINDOWS\System32\dllcache\cwcspud.sys
[2012/06/14 15:01:53 | 000,003,584 | ---- | C] (Crystal Semiconductor Corp.) -- C:\WINDOWS\System32\dllcache\cwcosnt5.sys
[2012/06/14 15:01:52 | 000,072,832 | ---- | C] (Crystal Semiconductor Corp.) -- C:\WINDOWS\System32\dllcache\cwbwdm.sys
[2012/06/14 15:01:51 | 000,003,072 | ---- | C] (Crystal Semiconductor Corp.) -- C:\WINDOWS\System32\dllcache\cwbmidi.sys
[2012/06/14 15:01:50 | 000,003,072 | ---- | C] (Crystal Semiconductor Corp.) -- C:\WINDOWS\System32\dllcache\cwbase.sys
[2012/06/14 15:01:48 | 000,249,856 | ---- | C] (Comtrol® Corporation) -- C:\WINDOWS\System32\dllcache\ctmasetp.dll
[2012/06/14 15:01:48 | 000,004,096 | ---- | C] (Creative Technology Ltd.) -- C:\WINDOWS\System32\dllcache\ctwdm32.dll
[2012/06/14 15:01:47 | 000,096,256 | ---- | C] (Copyright © Creative Technology Ltd. 1994-2001) -- C:\WINDOWS\System32\dllcache\ctlsb16.sys
[2012/06/14 15:01:46 | 000,003,712 | ---- | C] (Creative Technology Ltd.) -- C:\WINDOWS\System32\dllcache\ctljystk.sys
[2012/06/14 15:01:44 | 000,006,912 | ---- | C] (Creative Technology Ltd.) -- C:\WINDOWS\System32\dllcache\ctlfacem.sys
[2012/06/14 15:01:41 | 000,175,104 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\csamsp.dll
[2012/06/14 15:01:39 | 000,042,112 | ---- | C] (Conexant Systems Inc.) -- C:\WINDOWS\System32\dllcache\crtaud.sys
[2012/06/14 15:01:37 | 000,216,064 | ---- | C] (COMPAQ Inc.) -- C:\WINDOWS\System32\dllcache\cpscan.dll
[2012/06/14 15:01:37 | 000,018,944 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\cprofile.exe
[2012/06/14 15:01:36 | 000,060,970 | ---- | C] (Compaq Computer Corp.) -- C:\WINDOWS\System32\dllcache\cpqtrnd5.sys
[2012/06/14 15:01:34 | 000,021,533 | ---- | C] (Compaq Computer Corporation) -- C:\WINDOWS\System32\dllcache\cpqndis5.sys
[2012/06/14 15:01:22 | 000,039,936 | ---- | C] (Conexant Systems, Inc.) -- C:\WINDOWS\System32\dllcache\cnxt1803.sys
[2012/06/14 15:01:21 | 000,044,032 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\cnusd.dll
[2012/06/14 15:01:19 | 001,039,955 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\cmnresm.dll
[2012/06/14 15:01:19 | 000,217,160 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\cmnclim.dll
[2012/06/14 15:01:15 | 000,020,736 | ---- | C] (OMNIKEY AG) -- C:\WINDOWS\System32\dllcache\cmbp0wdm.sys
[2012/06/14 15:01:11 | 000,248,064 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\cl546xm.sys
[2012/06/14 15:01:11 | 000,170,880 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\cl546x.dll
[2012/06/14 15:01:10 | 000,111,232 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\cl5465.dll
[2012/06/14 15:01:09 | 000,045,696 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\cirrus.sys
[2012/06/14 15:01:08 | 000,091,264 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\cirrus.dll
[2012/06/14 15:01:05 | 000,272,640 | ---- | C] (RAVISENT Technologies Inc.) -- C:\WINDOWS\System32\dllcache\cinemclc.sys
[2012/06/14 15:01:02 | 000,980,034 | ---- | C] (Xircom) -- C:\WINDOWS\System32\dllcache\cicap.sys
[2012/06/14 15:00:56 | 000,780,885 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\chkrres.dll
[2012/06/14 15:00:56 | 000,042,575 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\chkrzm.exe
[2012/06/14 15:00:55 | 000,040,515 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\chkr.dll
[2012/06/14 15:00:54 | 000,014,336 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\chgusr.exe
[2012/06/14 15:00:53 | 000,015,872 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\chgport.exe
[2012/06/14 15:00:53 | 000,013,312 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\chglogon.exe
[2012/06/14 15:00:52 | 000,009,728 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\change.exe
[2012/06/14 15:00:52 | 000,008,192 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\changer.sys
[2012/06/14 15:00:49 | 000,049,182 | ---- | C] (Xircom, Inc.) -- C:\WINDOWS\System32\dllcache\cem56n5.sys
[2012/06/14 15:00:48 | 000,022,044 | ---- | C] (Xircom, Inc.) -- C:\WINDOWS\System32\dllcache\cem33n5.sys
[2012/06/14 15:00:47 | 000,022,044 | ---- | C] (Xircom, Inc.) -- C:\WINDOWS\System32\dllcache\cem28n5.sys
[2012/06/14 15:00:46 | 000,027,164 | ---- | C] (Xircom, Inc.) -- C:\WINDOWS\System32\dllcache\ce3n5.sys
[2012/06/14 15:00:46 | 000,021,530 | ---- | C] (Xircom, Inc.) -- C:\WINDOWS\System32\dllcache\ce2n5.sys
[2012/06/14 15:00:40 | 000,714,698 | ---- | C] (Xircom, Inc.) -- C:\WINDOWS\System32\dllcache\cbmdmkxx.sys
[2012/06/14 15:00:39 | 000,046,108 | ---- | C] (Xircom, Inc.) -- C:\WINDOWS\System32\dllcache\cben5.sys
[2012/06/14 15:00:38 | 000,039,680 | ---- | C] (Silicom Ltd.) -- C:\WINDOWS\System32\dllcache\cb325.sys
[2012/06/14 15:00:37 | 000,037,916 | ---- | C] (Fast Ethernet Controller Provider) -- C:\WINDOWS\System32\dllcache\cb102.sys
[2012/06/14 15:00:34 | 000,032,256 | ---- | C] (Eicon Technology Corporation) -- C:\WINDOWS\System32\dllcache\diapi2NT.dll
[2012/06/14 15:00:33 | 000,164,923 | ---- | C] (Eicon Technology) -- C:\WINDOWS\System32\dllcache\diapi2.sys
[2012/06/14 15:00:32 | 000,054,528 | ---- | C] (Philips Semiconductors GmbH) -- C:\WINDOWS\System32\dllcache\cap7146.sys
[2012/06/14 15:00:31 | 000,121,856 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\camext30.dll
[2012/06/14 15:00:30 | 000,116,736 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\camext30.ax
[2012/06/14 15:00:29 | 000,244,224 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\camext20.ax
[2012/06/14 15:00:29 | 000,236,032 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\camext20.dll
[2012/06/14 15:00:28 | 000,074,240 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\camexo20.dll
[2012/06/14 15:00:27 | 000,073,216 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\camexo20.ax
[2012/06/14 15:00:26 | 000,223,232 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\camdrv21.sys
[2012/06/14 15:00:26 | 000,171,264 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\camdrv30.sys
[2012/06/14 15:00:25 | 000,314,752 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\camdro21.sys
[2012/06/14 15:00:23 | 000,010,752 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\c_iscii.dll
[2012/06/14 14:59:55 | 000,013,824 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\bulltlp3.sys
[2012/06/14 14:59:51 | 000,031,529 | ---- | C] (BreezeCOM) -- C:\WINDOWS\System32\dllcache\brzwlan.sys
[2012/06/14 14:59:50 | 000,011,008 | ---- | C] (Brother Industries Ltd.) -- C:\WINDOWS\System32\dllcache\brusbmdm.sys
[2012/06/14 14:59:50 | 000,010,368 | ---- | C] (Brother Industries Ltd.) -- C:\WINDOWS\System32\dllcache\brusbscn.sys
[2012/06/14 14:59:49 | 000,060,416 | ---- | C] (Brother Industries Ltd.) -- C:\WINDOWS\System32\dllcache\brserwdm.sys
[2012/06/14 14:59:48 | 000,009,728 | ---- | C] (Brother Industries, Ltd.) -- C:\WINDOWS\System32\dllcache\brserif.dll
[2012/06/14 14:59:48 | 000,005,120 | ---- | C] (Brother Industries,Ltd.) -- C:\WINDOWS\System32\dllcache\brscnrsm.dll
[2012/06/14 14:59:46 | 000,039,552 | ---- | C] (Brother Industries Ltd.) -- C:\WINDOWS\System32\dllcache\brparwdm.sys
[2012/06/14 14:59:46 | 000,003,168 | ---- | C] (Brother Industries Ltd.) -- C:\WINDOWS\System32\dllcache\brparimg.sys
[2012/06/14 14:59:43 | 000,041,472 | ---- | C] (Brother Industries, Ltd.) -- C:\WINDOWS\System32\dllcache\brmfusb.dll
[2012/06/14 14:59:43 | 000,032,256 | ---- | C] (Brother Industries, Ltd.) -- C:\WINDOWS\System32\dllcache\brmfrsmg.exe
[2012/06/14 14:59:42 | 000,029,696 | ---- | C] (Brother Industries, Ltd.) -- C:\WINDOWS\System32\dllcache\brmflpt.dll
[2012/06/14 14:59:41 | 000,081,408 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\brmfcwia.dll
[2012/06/14 14:59:41 | 000,015,360 | ---- | C] (Brother Industries, Ltd.) -- C:\WINDOWS\System32\dllcache\brmfbidi.dll
[2012/06/14 14:59:40 | 000,003,968 | ---- | C] (Brother Industries, Ltd.) -- C:\WINDOWS\System32\dllcache\brfiltup.sys
[2012/06/14 14:59:39 | 000,012,160 | ---- | C] (Brother Industries, Ltd.) -- C:\WINDOWS\System32\dllcache\brfiltlo.sys
[2012/06/14 14:59:38 | 000,002,944 | ---- | C] (Brother Industries Ltd.) -- C:\WINDOWS\System32\dllcache\brfilt.sys
[2012/06/14 14:59:37 | 000,012,800 | ---- | C] (Brother Industries, Ltd.) -- C:\WINDOWS\System32\dllcache\brevif.dll
[2012/06/14 14:59:37 | 000,009,728 | ---- | C] (Brother Industries Ltd.) -- C:\WINDOWS\System32\dllcache\brcoinst.dll
[2012/06/14 14:59:36 | 000,019,456 | ---- | C] (Brother Industries, Ltd.) -- C:\WINDOWS\System32\dllcache\brbidiif.dll
[2012/06/14 14:59:30 | 000,102,400 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\binlsvc.dll
[2012/06/14 14:59:28 | 000,018,432 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\bdaplgin.ax
[2012/06/14 14:59:28 | 000,011,776 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\bdasup.sys
[2012/06/14 14:59:26 | 000,871,388 | ---- | C] (BCM) -- C:\WINDOWS\System32\dllcache\bcmdm.sys
[2012/06/14 14:59:25 | 000,054,271 | ---- | C] (Broadcom Corporation) -- C:\WINDOWS\System32\dllcache\bcm42xx5.sys
[2012/06/14 14:59:25 | 000,026,568 | ---- | C] (Broadcom Corporation) -- C:\WINDOWS\System32\dllcache\bcm4e5.sys
[2012/06/14 14:59:24 | 000,066,557 | ---- | C] (Broadcom Corporation) -- C:\WINDOWS\System32\dllcache\bcm42u.sys
[2012/06/14 14:59:23 | 001,817,687 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\bckgres.dll
[2012/06/14 14:59:23 | 000,082,501 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\bckg.dll
[2012/06/14 14:59:23 | 000,042,577 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\bckgzm.exe
[2012/06/14 14:59:20 | 000,036,128 | ---- | C] (3Dfx Interactive, Inc.) -- C:\WINDOWS\System32\dllcache\banshee.sys
[2012/06/14 14:59:18 | 000,342,336 | ---- | C] (3Dfx Interactive, Inc.) -- C:\WINDOWS\System32\dllcache\banshee.dll
[2012/06/14 14:59:16 | 000,089,952 | ---- | C] (AVM GmbH) -- C:\WINDOWS\System32\dllcache\b1cbase.sys
[2012/06/14 14:59:16 | 000,036,992 | ---- | C] (Aztech Systems Ltd) -- C:\WINDOWS\System32\dllcache\aztw2320.sys
[2012/06/14 14:59:14 | 000,037,568 | ---- | C] (AVM GmbH) -- C:\WINDOWS\System32\dllcache\avmwan.sys
[2012/06/14 14:59:13 | 000,144,384 | ---- | C] (AVM GmbH) -- C:\WINDOWS\System32\dllcache\avmenum.dll
[2012/06/14 14:59:12 | 000,087,552 | ---- | C] (AVM GmbH) -- C:\WINDOWS\System32\dllcache\avmcoxp.dll
[2012/06/14 14:59:10 | 000,036,096 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\avcaudio.sys
[2012/06/14 14:59:10 | 000,013,696 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\avcstrm.sys
[2012/06/14 14:59:09 | 000,038,912 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\avc.sys
[2012/06/14 14:58:48 | 000,104,832 | ---- | C] (ATI Technologies Inc.) -- C:\WINDOWS\System32\dllcache\atiraged.dll
[2012/06/14 14:58:48 | 000,070,528 | ---- | C] (ATI Technologies Inc.) -- C:\WINDOWS\System32\dllcache\atiragem.sys
[2012/06/14 14:58:43 | 000,281,600 | ---- | C] (ATI Technologies Inc.) -- C:\WINDOWS\System32\dllcache\atimtai.sys
[2012/06/14 14:58:43 | 000,075,136 | ---- | C] (ATI Technologies Inc.) -- C:\WINDOWS\System32\dllcache\atimpae.sys
[2012/06/14 14:58:42 | 000,289,664 | ---- | C] (ATI Technologies Inc.) -- C:\WINDOWS\System32\dllcache\atimpab.sys
[2012/06/14 14:58:42 | 000,037,376 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\atievxx.exe
[2012/06/14 14:58:41 | 000,268,160 | ---- | C] (ATI Technologies Inc.) -- C:\WINDOWS\System32\dllcache\atidvai.dll
[2012/06/14 14:58:41 | 000,137,216 | ---- | C] (ATI Technologies Inc.) -- C:\WINDOWS\System32\dllcache\atidrae.dll
[2012/06/14 14:58:40 | 000,382,592 | ---- | C] (ATI Technologies Inc.) -- C:\WINDOWS\System32\dllcache\atidrab.dll
[2012/06/14 14:58:31 | 000,096,128 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\ati.dll
[2012/06/14 14:58:31 | 000,077,568 | ---- | C] (ATI Technologies, Inc.) -- C:\WINDOWS\System32\dllcache\ati.sys
[2012/06/14 14:58:26 | 000,097,354 | ---- | C] (Bay Networks, Inc.) -- C:\WINDOWS\System32\dllcache\aspndis3.sys
[2012/06/14 14:58:18 | 000,006,272 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\apmbatt.sys
[2012/06/14 14:58:17 | 000,036,224 | ---- | C] (ADMtek Incorporated.) -- C:\WINDOWS\System32\dllcache\an983.sys
[2012/06/14 14:58:15 | 000,016,969 | ---- | C] (AmbiCom, Inc.) -- C:\WINDOWS\System32\dllcache\amb8002.sys
[2012/06/14 14:58:13 | 000,027,678 | ---- | C] (Acer Laboratories Inc.) -- C:\WINDOWS\System32\dllcache\ali5261.sys
[2012/06/14 14:58:13 | 000,026,624 | ---- | C] (Acer Laboratories Inc.) -- C:\WINDOWS\System32\dllcache\alifir.sys
[2012/06/14 14:58:02 | 000,024,576 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\agcgauge.ax
[2012/06/14 14:57:53 | 000,046,112 | ---- | C] (Adaptec, Inc ) -- C:\WINDOWS\System32\dllcache\adptsf50.sys
[2012/06/14 14:57:51 | 000,747,392 | ---- | C] (Aureal, Inc.) -- C:\WINDOWS\System32\dllcache\adm8830.sys
[2012/06/14 14:57:51 | 000,010,880 | ---- | C] (Aureal, Inc.) -- C:\WINDOWS\System32\dllcache\admjoy.sys
[2012/06/14 14:57:50 | 000,553,984 | ---- | C] (Aureal, Inc.) -- C:\WINDOWS\System32\dllcache\adm8820.sys
[2012/06/14 14:57:49 | 000,584,448 | ---- | C] (Aureal, Inc.) -- C:\WINDOWS\System32\dllcache\adm8810.sys
[2012/06/14 14:57:49 | 000,020,160 | ---- | C] (ADMtek Incorporated) -- C:\WINDOWS\System32\dllcache\adm8511.sys
[2012/06/14 14:57:48 | 000,007,424 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\adicvls.sys
[2012/06/14 14:57:45 | 000,061,440 | ---- | C] (Color Flatbed Scanner) -- C:\WINDOWS\System32\dllcache\acerscad.dll
[2012/06/14 14:57:43 | 000,297,728 | ---- | C] (Silicon Integrated Systems Corp.) -- C:\WINDOWS\System32\dllcache\ac97sis.sys
[2012/06/14 14:57:43 | 000,084,480 | ---- | C] (VIA Technologies, Inc.) -- C:\WINDOWS\System32\dllcache\ac97via.sys
[2012/06/14 14:57:42 | 000,231,552 | ---- | C] (Acer Laboratories Inc.) -- C:\WINDOWS\System32\dllcache\ac97ali.sys
[2012/06/14 14:57:42 | 000,096,256 | ---- | C] (Intel Corporation) -- C:\WINDOWS\System32\dllcache\ac97intc.sys
[2012/06/14 14:57:41 | 000,462,848 | ---- | C] (Aureal Inc.) -- C:\WINDOWS\System32\dllcache\a3dapi.dll
[2012/06/14 14:57:41 | 000,098,304 | ---- | C] (Aureal Semiconductor) -- C:\WINDOWS\System32\dllcache\a3d.dll
[2012/06/14 14:57:40 | 000,048,128 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\61883.sys
[2012/06/14 14:57:40 | 000,038,400 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\8514a.dll
[2012/06/14 14:57:40 | 000,012,288 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\4mmdat.sys
[2012/06/14 14:57:39 | 000,762,780 | ---- | C] (3Com, Inc.) -- C:\WINDOWS\System32\dllcache\3cwmcru.sys
[2012/06/14 14:57:39 | 000,689,216 | ---- | C] (3dfx Interactive, Inc.) -- C:\WINDOWS\System32\dllcache\3dfxvs.dll
[2012/06/14 14:57:39 | 000,148,352 | ---- | C] (3dfx Interactive, Inc.) -- C:\WINDOWS\System32\dllcache\3dfxvsm.sys
[2012/06/14 14:57:38 | 000,011,264 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\1394vdbg.sys
[2012/06/14 14:56:44 | 000,066,048 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\s3legacy.dll
[2012/06/14 13:15:47 | 000,014,664 | ---- | C] (McAfee, Inc.) -- C:\WINDOWS\stinger.sys
[2012/06/14 13:14:06 | 000,000,000 | ---D | C] -- C:\Program Files\stinger
[2012/06/13 10:07:44 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\{6AD8E59C-250C-4201-B5BA-56ADEF76FF46}
[2012/06/13 10:02:22 | 000,000,000 | ---D | C] -- C:\Documents and Settings\richards\Local Settings\Application Data\PackageAware
[2012/06/13 08:16:22 | 000,521,728 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\jsdbgui.dll
[2012/06/12 23:44:07 | 000,000,000 | ---D | C] -- C:\Documents and Settings\richards\Phone Browser
[2012/06/12 18:57:02 | 000,000,000 | ---D | C] -- C:\Documents and Settings\richards\Local Settings\Application Data\FixItCenter
[2012/06/12 18:49:43 | 000,000,000 | ---D | C] -- C:\WINDOWS\MATS
[2012/06/12 18:49:41 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft Fix it Center
[2012/06/12 09:50:18 | 000,000,000 | ---D | C] -- C:\Documents and Settings\richards\Desktop\PDF Edit
[2012/06/11 10:50:03 | 000,000,000 | ---D | C] -- C:\Documents and Settings\richards\Desktop\Focus Business solutions downloads
[2012/06/11 08:43:07 | 000,009,608 | ---- | C] (McAfee, Inc.) -- C:\WINDOWS\System32\drivers\mfeclnk.sys
[2012/06/11 08:42:55 | 000,340,920 | ---- | C] (McAfee, Inc.) -- C:\WINDOWS\System32\drivers\mfefirek.sys
[2012/06/11 08:42:55 | 000,089,792 | ---- | C] (McAfee, Inc.) -- C:\WINDOWS\System32\drivers\mfetdi2k.sys
[2012/06/11 08:42:55 | 000,087,656 | ---- | C] (McAfee, Inc.) -- C:\WINDOWS\System32\drivers\mferkdet.sys
[2012/06/11 08:42:55 | 000,083,856 | ---- | C] (McAfee, Inc.) -- C:\WINDOWS\System32\drivers\mfendisk.sys
[2012/06/11 08:42:55 | 000,059,456 | ---- | C] (McAfee, Inc.) -- C:\WINDOWS\System32\drivers\mfebopk.sys
[2012/06/11 08:42:54 | 000,180,848 | ---- | C] (McAfee, Inc.) -- C:\WINDOWS\System32\drivers\mfeavfk.sys
[2012/06/11 08:42:54 | 000,057,600 | ---- | C] (McAfee, Inc.) -- C:\WINDOWS\System32\drivers\cfwids.sys
[2012/06/11 08:42:43 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Mcafee
[2012/06/11 08:42:40 | 000,000,000 | ---D | C] -- C:\Program Files\McAfee.com
[2012/06/11 08:33:17 | 000,159,608 | ---- | C] (McAfee, Inc.) -- C:\WINDOWS\System32\mfevtps.exe
[2012/06/04 23:26:55 | 000,000,000 | ---D | C] -- C:\Documents and Settings\richards\Local Settings\Application Data\Citrix
[2012/06/04 11:42:09 | 000,000,000 | ---D | C] -- C:\Documents and Settings\richards\Application Data\Macromedia
[3 C:\WINDOWS\System32\dllcache\*.tmp files -> C:\WINDOWS\System32\dllcache\*.tmp -> ]
[1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2012/06/24 23:54:02 | 000,000,890 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job
[2012/06/24 23:35:52 | 000,764,018 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2012/06/24 23:35:51 | 000,186,770 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2012/06/24 23:33:08 | 000,047,334 | ---- | M] () -- C:\WINDOWS\System32\nvModes.001
[2012/06/24 23:33:08 | 000,000,000 | ---- | M] () -- C:\WINDOWS\System32\NvwsApps.xml
[2012/06/24 23:32:50 | 000,002,206 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2012/06/24 17:32:04 | 000,000,823 | ---- | M] () -- C:\Documents and Settings\richards\Start Menu\Programs\Startup\_uninst_44341505.lnk
[2012/06/24 17:28:44 | 137,663,072 | ---- | M] () -- C:\Documents and Settings\richards\Desktop\setup_11.0.0.1245.x01_2012_06_24_18_42.exe
[2012/06/24 09:57:40 | 000,000,027 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts
[2012/06/22 07:52:26 | 000,014,797 | ---- | M] () -- C:\Documents and Settings\richards\Desktop\accrestore.zip
[2012/06/21 19:44:29 | 000,000,008 | RHS- | M] () -- C:\Documents and Settings\richards\ntuser.pol
[2012/06/21 14:20:53 | 000,011,050 | RHS- | M] () -- C:\Documents and Settings\All Users\ntuser.pol
[2012/06/21 11:09:36 | 000,000,327 | RHS- | M] () -- C:\boot.ini
[2012/06/21 09:22:20 | 000,080,384 | ---- | M] () -- C:\Documents and Settings\richards\Desktop\MBRCheck.exe
[2012/06/21 09:18:59 | 002,128,472 | ---- | M] (Kaspersky Lab ZAO) -- C:\Documents and Settings\richards\Desktop\tdsskiller.exe
[2012/06/21 08:47:39 | 000,000,542 | ---- | M] () -- C:\Documents and Settings\richards\Desktop\MBR.zip
[2012/06/21 08:36:59 | 000,000,512 | ---- | M] () -- C:\Documents and Settings\richards\Desktop\MBR.dat
[2012/06/21 08:31:19 | 004,731,392 | ---- | M] (AVAST Software) -- C:\Documents and Settings\richards\Desktop\aswMBR.exe
[2012/06/21 05:54:01 | 000,000,882 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore1cb6bc3a10a49e1.job
[2012/06/20 22:34:37 | 000,002,257 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\BankTree Personal Finance 2.0.lnk
[2012/06/19 17:36:47 | 000,047,334 | ---- | M] () -- C:\WINDOWS\System32\nvModes.dat
[2012/06/18 16:06:04 | 000,000,284 | ---- | M] () -- C:\WINDOWS\tasks\AppleSoftwareUpdate.job
[2012/06/16 11:08:44 | 000,001,691 | ---- | M] () -- C:\Documents and Settings\richards\Desktop\Pensions work.lnk
[2012/06/14 13:15:47 | 000,014,664 | ---- | M] (McAfee, Inc.) -- C:\WINDOWS\stinger.sys
[2012/06/14 13:14:30 | 000,475,704 | ---- | M] (McAfee, Inc.) -- C:\WINDOWS\System32\drivers\mfehidk.sys
[2012/06/14 13:14:30 | 000,159,608 | ---- | M] (McAfee, Inc.) -- C:\WINDOWS\System32\mfevtps.exe
[2012/06/14 13:14:30 | 000,087,656 | ---- | M] (McAfee, Inc.) -- C:\WINDOWS\System32\drivers\mferkdet.sys
[2012/06/14 08:47:17 | 000,249,496 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2012/06/14 08:39:55 | 000,001,374 | ---- | M] () -- C:\WINDOWS\imsins.BAK
[2012/06/12 18:49:45 | 000,000,720 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Microsoft Fix it Center.lnk
[2012/06/12 18:48:44 | 000,450,352 | ---- | M] (Microsoft Corporation) -- C:\Documents and Settings\richards\Desktop\FixitCenter_Run.exe
[2012/06/08 16:09:22 | 000,061,353 | ---- | M] () -- C:\Documents and Settings\richards\Desktop\Sterling ISA SIA full and Partial Surrender Form.pdf
[2012/06/08 09:05:32 | 000,000,548 | ---- | M] () -- C:\WINDOWS\psm.ini
[2012/06/04 18:10:23 | 000,016,419 | ---- | M] () -- C:\Documents and Settings\richards\Desktop\MVTHealthCheck_Deviation.html
[2012/06/02 15:19:44 | 000,022,040 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\wucltui.dll.mui
[2012/06/02 15:19:38 | 000,329,240 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\wucltui.dll
[2012/06/02 15:19:38 | 000,329,240 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\wucltui.dll
[2012/06/02 15:19:38 | 000,219,160 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\wuaucpl.cpl
[2012/06/02 15:19:38 | 000,210,968 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\wuweb.dll
[2012/06/02 15:19:34 | 000,097,304 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\cdm.dll
[2012/06/02 15:19:34 | 000,097,304 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\cdm.dll
[2012/06/02 15:19:34 | 000,053,784 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\wuauclt.exe
[2012/06/02 15:19:34 | 000,045,080 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\wups2.dll
[2012/06/02 15:19:34 | 000,035,864 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\wups.dll
[2012/06/02 15:19:34 | 000,035,864 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\wups.dll
[2012/06/02 15:19:34 | 000,015,384 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\wuapi.dll.mui
[2012/06/02 15:19:24 | 000,577,048 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\wuapi.dll
[2012/06/02 15:19:24 | 000,577,048 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\wuapi.dll
[2012/06/02 15:19:18 | 001,933,848 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\wuaueng.dll
[2012/06/02 15:18:58 | 000,275,696 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\mucltui.dll
[2012/06/02 15:18:58 | 000,017,136 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\mucltui.dll.mui
[2012/05/31 14:22:09 | 000,599,040 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\crypt32.dll
[3 C:\WINDOWS\System32\dllcache\*.tmp files -> C:\WINDOWS\System32\dllcache\*.tmp -> ]
[1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]

========== Files Created - No Company Name ==========

[2012/06/24 17:32:04 | 000,000,823 | ---- | C] () -- C:\Documents and Settings\richards\Start Menu\Programs\Startup\_uninst_44341505.lnk
[2012/06/24 17:28:36 | 137,663,072 | ---- | C] () -- C:\Documents and Settings\richards\Desktop\setup_11.0.0.1245.x01_2012_06_24_18_42.exe
[2012/06/22 07:52:25 | 000,014,797 | ---- | C] () -- C:\Documents and Settings\richards\Desktop\accrestore.zip
[2012/06/21 19:33:59 | 000,080,384 | ---- | C] () -- C:\Documents and Settings\richards\Desktop\MBRCheck.exe
[2012/06/21 19:33:59 | 000,000,542 | ---- | C] () -- C:\Documents and Settings\richards\Desktop\MBR.zip
[2012/06/21 19:33:59 | 000,000,512 | ---- | C] () -- C:\Documents and Settings\richards\Desktop\MBR.dat
[2012/06/21 11:09:36 | 000,000,211 | ---- | C] () -- C:\Boot.bak
[2012/06/21 11:09:32 | 000,260,272 | RHS- | C] () -- C:\cmldr
[2012/06/21 11:07:09 | 000,256,000 | ---- | C] () -- C:\WINDOWS\PEV.exe
[2012/06/21 11:07:09 | 000,208,896 | ---- | C] () -- C:\WINDOWS\MBR.exe
[2012/06/21 11:07:09 | 000,098,816 | ---- | C] () -- C:\WINDOWS\sed.exe
[2012/06/21 11:07:09 | 000,080,412 | ---- | C] () -- C:\WINDOWS\grep.exe
[2012/06/21 11:07:09 | 000,068,096 | ---- | C] () -- C:\WINDOWS\zip.exe
[2012/06/14 15:42:02 | 000,018,944 | ---- | C] () -- C:\WINDOWS\System32\dllcache\xrxscnui.dll
[2012/06/14 15:41:58 | 000,027,648 | ---- | C] () -- C:\WINDOWS\System32\dllcache\xrxftplt.exe
[2012/06/14 15:21:08 | 000,033,280 | ---- | C] () -- C:\WINDOWS\System32\dllcache\psisrndr.ax
[2012/06/14 15:21:04 | 000,363,520 | ---- | C] () -- C:\WINDOWS\System32\dllcache\psisdecd.dll
[2012/06/14 15:16:17 | 000,056,832 | ---- | C] () -- C:\WINDOWS\System32\dllcache\msdvbnp.ax
[2012/06/14 15:10:24 | 000,165,888 | ---- | C] () -- C:\WINDOWS\System32\dllcache\hpgt53.dll
[2012/06/14 15:10:20 | 000,093,696 | ---- | C] () -- C:\WINDOWS\System32\dllcache\hpgt42.dll
[2012/06/14 15:10:15 | 000,101,376 | ---- | C] () -- C:\WINDOWS\System32\dllcache\hpgt34.dll
[2012/06/14 15:10:10 | 000,089,088 | ---- | C] () -- C:\WINDOWS\System32\dllcache\hpgt33.dll
[2012/06/14 15:10:05 | 000,083,968 | ---- | C] () -- C:\WINDOWS\System32\dllcache\hpgt21.dll
[2012/06/14 15:03:11 | 000,029,768 | ---- | C] () -- C:\WINDOWS\System32\dllcache\divasu.dll
[2012/06/14 15:03:10 | 000,037,962 | ---- | C] () -- C:\WINDOWS\System32\dllcache\divaprop.dll
[2012/06/14 15:03:09 | 000,006,216 | ---- | C] () -- C:\WINDOWS\System32\dllcache\divaci.dll
[2012/06/14 14:58:56 | 000,023,552 | ---- | C] () -- C:\WINDOWS\System32\dllcache\atixbar.sys
[2012/06/14 14:58:55 | 000,026,624 | ---- | C] () -- C:\WINDOWS\System32\dllcache\ativxbar.sys
[2012/06/14 14:58:53 | 000,019,456 | ---- | C] () -- C:\WINDOWS\System32\dllcache\ativttxx.sys
[2012/06/14 14:58:52 | 000,009,472 | ---- | C] () -- C:\WINDOWS\System32\dllcache\ativmdcd.sys
[2012/06/14 14:58:51 | 000,017,152 | ---- | C] () -- C:\WINDOWS\System32\dllcache\atitvsnd.sys
[2012/06/14 14:58:50 | 000,017,152 | ---- | C] () -- C:\WINDOWS\System32\dllcache\atitunep.sys
[2012/06/14 14:58:49 | 000,049,920 | ---- | C] () -- C:\WINDOWS\System32\dllcache\atirtcap.sys
[2012/06/14 14:58:49 | 000,026,880 | ---- | C] () -- C:\WINDOWS\System32\dllcache\atirtsnd.sys
[2012/06/14 14:58:47 | 000,010,240 | ---- | C] () -- C:\WINDOWS\System32\dllcache\atipcxxx.sys
[2012/06/14 14:58:40 | 000,046,464 | ---- | C] () -- C:\WINDOWS\System32\dllcache\atibt829.sys
[2012/06/12 18:49:45 | 000,000,726 | ---- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Microsoft Fix it Center.lnk
[2012/06/12 18:49:45 | 000,000,720 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Microsoft Fix it Center.lnk
[2012/06/08 16:09:22 | 000,061,353 | ---- | C] () -- C:\Documents and Settings\richards\Desktop\Sterling ISA SIA full and Partial Surrender Form.pdf
[2012/06/04 18:10:23 | 000,016,419 | ---- | C] () -- C:\Documents and Settings\richards\Desktop\MVTHealthCheck_Deviation.html
[2012/06/04 18:03:02 | 000,001,775 | ---- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\McAfee Virtual Technician.lnk
[2012/06/02 07:56:44 | 000,141,392 | ---- | C] () -- C:\Documents and Settings\LocalService\Local Settings\Application Data\FontCache3.0.0.0.dat
[2012/05/04 17:58:31 | 000,000,052 | ---- | C] () -- C:\Documents and Settings\richards\Application Data\mbam.context.scan
[2012/03/02 00:13:49 | 000,000,664 | ---- | C] () -- C:\WINDOWS\System32\d3d9caps.dat
[2012/02/16 08:28:29 | 000,003,072 | ---- | C] () -- C:\WINDOWS\System32\iacenc.dll
[2010/08/08 11:56:42 | 000,348,160 | ---- | C] () -- C:\WINDOWS\System32\Tsp.dll
[2010/08/08 11:56:42 | 000,024,576 | ---- | C] () -- C:\WINDOWS\System32\TspPopup_ENU.dll
[2010/08/02 16:09:41 | 000,002,688 | ---- | C] () -- C:\Program Files\00000000-0000-0000-0000-000000000000.dtsll
[2010/08/02 16:07:19 | 000,607,744 | ---- | C] () -- C:\Program Files\MBLOBPSetup.msi

========== LOP Check ==========

[2007/12/31 02:01:53 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\Grisoft
[2010/08/08 13:10:34 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\PC Suite
[2011/06/28 07:57:29 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\Vodafone
[2011/06/28 18:25:20 | 000,000,000 | ---D | M] -- C:\Documents and Settings\administrator.LFS\Application Data\Vodafone
[2010/04/04 01:25:52 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\avG
[2011/10/18 14:02:53 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Canon
[2008/12/27 23:15:43 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\All Users\Application Data\CanonBJ
[2009/06/02 11:39:10 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\All Users\Application Data\CanonIJEGV
[2008/12/27 23:50:01 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\All Users\Application Data\CanonIJEPPEX
[2008/12/27 23:48:10 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\All Users\Application Data\CanonIJMyPrinter
[2010/09/11 21:22:07 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\All Users\Application Data\CanonIJScan
[2010/04/26 13:07:54 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Citrix
[2007/12/31 01:47:49 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Grisoft
[2009/05/22 12:46:09 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\HBOS
[2011/06/27 13:45:33 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\HMRC
[2007/11/15 19:46:32 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Installations
[2010/06/17 11:24:04 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Logic Software
[2007/10/12 18:35:00 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Northern Rock
[2007/11/15 20:02:52 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\PC Suite
[2012/06/16 11:37:12 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\SpeedMaxPc
[2009/09/25 10:22:46 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\TrueCrypt
[2009/09/21 17:16:04 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Utimaco
[2010/04/12 10:23:10 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Vodafone
[2006/05/21 18:00:45 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Wave Systems Corp
[2010/07/12 11:16:31 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\{429CAD59-35B1-4DBC-BB6D-1DB246563521}
[2012/06/13 10:07:44 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\{6AD8E59C-250C-4201-B5BA-56ADEF76FF46}
[2010/01/26 21:11:00 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\{755AC846-7372-4AC8-8550-C52491DAA8BD}
[2008/10/01 08:08:51 | 000,000,000 | ---D | M] -- C:\Documents and Settings\LocalService\Application Data\SACore
[2010/01/25 15:44:40 | 000,000,000 | ---D | M] -- C:\Documents and Settings\LocalService\Application Data\Vodafone
[2011/12/05 13:40:55 | 000,000,000 | ---D | M] -- C:\Documents and Settings\NetworkService\Application Data\Vodafone
[2007/07/15 19:06:42 | 000,000,000 | ---D | M] -- C:\Documents and Settings\richards\Application Data\Canon
[2010/02/17 23:23:03 | 000,000,000 | ---D | M] -- C:\Documents and Settings\richards\Application Data\CD-LabelPrint
[2006/09/07 11:09:17 | 000,000,000 | ---D | M] -- C:\Documents and Settings\richards\Application Data\DataLayer
[2012/06/16 11:02:08 | 000,000,000 | ---D | M] -- C:\Documents and Settings\richards\Application Data\DriverCure
[2012/03/05 18:28:58 | 000,000,000 | ---D | M] -- C:\Documents and Settings\richards\Application Data\ElevatedDiagnostics
[2007/07/30 13:38:17 | 000,000,000 | ---D | M] -- C:\Documents and Settings\richards\Application Data\FileMaker
[2007/12/31 01:48:03 | 000,000,000 | ---D | M] -- C:\Documents and Settings\richards\Application Data\Grisoft
[2011/04/06 22:50:14 | 000,000,000 | ---D | M] -- C:\Documents and Settings\richards\Application Data\HMRC
[2001/12/21 11:16:03 | 000,000,000 | ---D | M] -- C:\Documents and Settings\richards\Application Data\InterTrust
[2005/10/24 14:22:52 | 000,000,000 | ---D | M] -- C:\Documents and Settings\richards\Application Data\Leadertech
[2012/06/23 14:22:24 | 000,000,000 | ---D | M] -- C:\Documents and Settings\richards\Application Data\LFSSystem FE
[2005/11/29 17:46:10 | 000,000,000 | ---D | M] -- C:\Documents and Settings\richards\Application Data\mytemp
[2007/11/15 20:00:23 | 000,000,000 | ---D | M] -- C:\Documents and Settings\richards\Application Data\Nokia
[2009/06/20 16:28:25 | 000,000,000 | ---D | M] -- C:\Documents and Settings\richards\Application Data\Nokia Multimedia Player
[2007/11/15 20:03:33 | 000,000,000 | ---D | M] -- C:\Documents and Settings\richards\Application Data\PC Suite
[2012/06/16 11:02:07 | 000,000,000 | ---D | M] -- C:\Documents and Settings\richards\Application Data\SpeedMaxPc
[2012/05/23 19:14:42 | 000,000,000 | ---D | M] -- C:\Documents and Settings\richards\Application Data\TrueCrypt
[2010/01/25 15:46:07 | 000,000,000 | ---D | M] -- C:\Documents and Settings\richards\Application Data\Vodafone
[2010/07/30 17:34:38 | 000,000,236 | ---- | M] () -- C:\WINDOWS\Tasks\OGALogon.job

========== Purity Check ==========

========== Custom Scans ==========

< %SYSTEMDRIVE%\*.exe >

< MD5 for: EXPLORER.EXE >
[2008/04/14 01:12:19 | 001,033,728 | ---- | M] (Microsoft Corporation) MD5=12896823FB95BFB3DC9B46BCAEDC9923 -- C:\WINDOWS\erdnt\cache\explorer.exe
[2008/04/14 01:12:19 | 001,033,728 | ---- | M] (Microsoft Corporation) MD5=12896823FB95BFB3DC9B46BCAEDC9923 -- C:\WINDOWS\explorer.exe
[2008/04/14 01:12:19 | 001,033,728 | ---- | M] (Microsoft Corporation) MD5=12896823FB95BFB3DC9B46BCAEDC9923 -- C:\WINDOWS\ServicePackFiles\i386\explorer.exe
[2008/04/14 01:12:19 | 001,033,728 | ---- | M] (Microsoft Corporation) MD5=12896823FB95BFB3DC9B46BCAEDC9923 -- C:\WINDOWS\system32\dllcache\explorer.exe
[2007/06/13 12:26:03 | 001,033,216 | ---- | M] (Microsoft Corporation) MD5=7712DF0CDDE3A5AC89843E61CD5B3658 -- C:\WINDOWS\$hf_mig$\KB938828\SP2QFE\explorer.exe
[2007/06/13 11:23:07 | 001,033,216 | ---- | M] (Microsoft Corporation) MD5=97BD6515465659FF8F3B7BE375B2EA87 -- C:\WINDOWS\$NtServicePackUninstall$\explorer.exe
[2004/08/04 05:00:00 | 001,032,192 | ---- | M] (Microsoft Corporation) MD5=A0732187050030AE399B241436565E64 -- C:\pebuilder3110a\BartPE\I386\EXPLORER.EXE
[2004/08/04 05:00:00 | 001,032,192 | ---- | M] (Microsoft Corporation) MD5=A0732187050030AE399B241436565E64 -- C:\WINDOWS\$NtUninstallKB938828$\explorer.exe

< MD5 for: SVCHOST.EXE >
[2008/04/14 01:12:36 | 000,014,336 | ---- | M] (Microsoft Corporation) MD5=27C6D03BCDB8CFEB96B716F3D8BE3E18 -- C:\WINDOWS\erdnt\cache\svchost.exe
[2008/04/14 01:12:36 | 000,014,336 | ---- | M] (Microsoft Corporation) MD5=27C6D03BCDB8CFEB96B716F3D8BE3E18 -- C:\WINDOWS\ServicePackFiles\i386\svchost.exe
[2008/04/14 01:12:36 | 000,014,336 | ---- | M] (Microsoft Corporation) MD5=27C6D03BCDB8CFEB96B716F3D8BE3E18 -- C:\WINDOWS\system32\dllcache\svchost.exe
[2008/04/14 01:12:36 | 000,014,336 | ---- | M] (Microsoft Corporation) MD5=27C6D03BCDB8CFEB96B716F3D8BE3E18 -- C:\WINDOWS\system32\svchost.exe
[2004/08/04 05:00:00 | 000,014,336 | ---- | M] (Microsoft Corporation) MD5=8F078AE4ED187AAABC0A305146DE6716 -- C:\i386\svchost.exe
[2004/08/04 05:00:00 | 000,014,336 | ---- | M] (Microsoft Corporation) MD5=8F078AE4ED187AAABC0A305146DE6716 -- C:\pebuilder3110a\BartPE\I386\SYSTEM32\SVCHOST.EXE
[2004/08/04 05:00:00 | 000,014,336 | ---- | M] (Microsoft Corporation) MD5=8F078AE4ED187AAABC0A305146DE6716 -- C:\WINDOWS\$NtServicePackUninstall$\svchost.exe

< MD5 for: USERINIT.EXE >
[2004/08/04 05:00:00 | 000,024,576 | ---- | M] (Microsoft Corporation) MD5=39B1FFB03C2296323832ACBAE50D2AFF -- C:\i386\userinit.exe
[2004/08/04 05:00:00 | 000,024,576 | ---- | M] (Microsoft Corporation) MD5=39B1FFB03C2296323832ACBAE50D2AFF -- C:\pebuilder3110a\BartPE\I386\SYSTEM32\USERINIT.EXE
[2004/08/04 05:00:00 | 000,024,576 | ---- | M] (Microsoft Corporation) MD5=39B1FFB03C2296323832ACBAE50D2AFF -- C:\WINDOWS\$NtServicePackUninstall$\userinit.exe
[2008/04/14 01:12:38 | 000,026,112 | ---- | M] (Microsoft Corporation) MD5=A93AEE1928A9D7CE3E16D24EC7380F89 -- C:\WINDOWS\erdnt\cache\userinit.exe
[2008/04/14 01:12:38 | 000,026,112 | ---- | M] (Microsoft Corporation) MD5=A93AEE1928A9D7CE3E16D24EC7380F89 -- C:\WINDOWS\ServicePackFiles\i386\userinit.exe
[2008/04/14 01:12:38 | 000,026,112 | ---- | M] (Microsoft Corporation) MD5=A93AEE1928A9D7CE3E16D24EC7380F89 -- C:\WINDOWS\system32\dllcache\userinit.exe
[2008/04/14 01:12:38 | 000,026,112 | ---- | M] (Microsoft Corporation) MD5=A93AEE1928A9D7CE3E16D24EC7380F89 -- C:\WINDOWS\system32\userinit.exe

< MD5 for: WINLOGON.EXE >
[2004/08/04 05:00:00 | 000,502,272 | ---- | M] (Microsoft Corporation) MD5=01C3346C241652F43AED8E2149881BFE -- C:\i386\winlogon.exe
[2004/08/04 05:00:00 | 000,502,272 | ---- | M] (Microsoft Corporation) MD5=01C3346C241652F43AED8E2149881BFE -- C:\pebuilder3110a\BartPE\I386\SYSTEM32\WINLOGON.EXE
[2004/08/04 05:00:00 | 000,502,272 | ---- | M] (Microsoft Corporation) MD5=01C3346C241652F43AED8E2149881BFE -- C:\WINDOWS\$NtServicePackUninstall$\winlogon.exe
[2008/04/14 01:12:39 | 000,507,904 | ---- | M] (Microsoft Corporation) MD5=ED0EF0A136DEC83DF69F04118870003E -- C:\WINDOWS\erdnt\cache\winlogon.exe
[2008/04/14 01:12:39 | 000,507,904 | ---- | M] (Microsoft Corporation) MD5=ED0EF0A136DEC83DF69F04118870003E -- C:\WINDOWS\ServicePackFiles\i386\winlogon.exe
[2008/04/14 01:12:39 | 000,507,904 | ---- | M] (Microsoft Corporation) MD5=ED0EF0A136DEC83DF69F04118870003E -- C:\WINDOWS\system32\dllcache\winlogon.exe
[2008/04/14 01:12:39 | 000,507,904 | ---- | M] (Microsoft Corporation) MD5=ED0EF0A136DEC83DF69F04118870003E -- C:\WINDOWS\system32\winlogon.exe

< %systemroot%\*. /mp /s >

< hklm\software\clients\startmenuinternet|command /rs >
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\InstallInfo\\HideIconsCommand: "C:\Program Files\Mozilla Firefox\uninstall\helper.exe" /HideShortcuts [2010/01/16 04:12:28 | 000,552,096 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\InstallInfo\\ShowIconsCommand: "C:\Program Files\Mozilla Firefox\uninstall\helper.exe" /ShowShortcuts [2010/01/16 04:12:28 | 000,552,096 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\InstallInfo\\ReinstallCommand: "C:\Program Files\Mozilla Firefox\uninstall\helper.exe" /SetAsDefaultAppGlobal [2010/01/16 04:12:28 | 000,552,096 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\shell\open\command\\: firefox.exe
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\shell\properties\command\\: "C:\Program Files\Mozilla Firefox\firefox.exe" -preferences [2010/01/16 04:12:29 | 000,910,296 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\shell\safemode\command\\: firefox.exe -safe-mode
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\ReinstallCommand: "C:\WINDOWS\system32\ie4uinit.exe" -reinstall [2012/05/11 12:38:19 | 000,174,080 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\HideIconsCommand: "C:\WINDOWS\system32\ie4uinit.exe" -hide [2012/05/11 12:38:19 | 000,174,080 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\ShowIconsCommand: "C:\WINDOWS\system32\ie4uinit.exe" -show [2012/05/11 12:38:19 | 000,174,080 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\shell\naom\command\\: "C:\Program Files\Internet Explorer\iexplore.exe" -extoff [2009/03/08 14:09:26 | 000,638,816 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\shell\open\command\\: "C:\Program Files\Internet Explorer\iexplore.exe" [2009/03/08 14:09:26 | 000,638,816 | ---- | M] (Microsoft Corporation)

< hklm\software\clients\startmenuinternet|command /64 /rs >
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\InstallInfo\\HideIconsCommand: "C:\Program Files\Mozilla Firefox\uninstall\helper.exe" /HideShortcuts [2010/01/16 04:12:28 | 000,552,096 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\InstallInfo\\ShowIconsCommand: "C:\Program Files\Mozilla Firefox\uninstall\helper.exe" /ShowShortcuts [2010/01/16 04:12:28 | 000,552,096 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\InstallInfo\\ReinstallCommand: "C:\Program Files\Mozilla Firefox\uninstall\helper.exe" /SetAsDefaultAppGlobal [2010/01/16 04:12:28 | 000,552,096 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\shell\open\command\\: firefox.exe
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\shell\properties\command\\: "C:\Program Files\Mozilla Firefox\firefox.exe" -preferences [2010/01/16 04:12:29 | 000,910,296 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\shell\safemode\command\\: firefox.exe -safe-mode
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\ReinstallCommand: "C:\WINDOWS\system32\ie4uinit.exe" -reinstall [2012/05/11 12:38:19 | 000,174,080 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\HideIconsCommand: "C:\WINDOWS\system32\ie4uinit.exe" -hide [2012/05/11 12:38:19 | 000,174,080 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\ShowIconsCommand: "C:\WINDOWS\system32\ie4uinit.exe" -show [2012/05/11 12:38:19 | 000,174,080 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\shell\naom\command\\: "C:\Program Files\Internet Explorer\iexplore.exe" -extoff [2009/03/08 14:09:26 | 000,638,816 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\shell\open\command\\: "C:\Program Files\Internet Explorer\iexplore.exe" [2009/03/08 14:09:26 | 000,638,816 | ---- | M] (Microsoft Corporation)

< >

< >

< End of report >

#24
Render

Posted 25 June 2012 - 04:45 AM

Trusted Helper

Malware Removal
4,195 posts

Most AV's detect CF as a malware, but it is false positive.

How is your computer running now? What problems remains?

#25
RichofCamelot

Posted 25 June 2012 - 04:50 AM

Member

Topic Starter
Member
46 posts

Hi Render,

It seems alright now, were the reports from yeasterday satisfactory and do you think it is now clean?

Looking forward to your positive comments.

Thank you

Rich

#26
Render

Posted 25 June 2012 - 05:12 AM

Trusted Helper

Malware Removal
4,195 posts

Logs looks clean. Are you aware of these domains below in trusted zone?

O15 - HKU\.DEFAULT\..Trusted Domains: aegonse.co.uk ([www] http in Trusted sites)
O15 - HKU\.DEFAULT\..Trusted Domains: internet ([]about in Trusted sites)
O15 - HKU\.DEFAULT\..Trusted Domains: mcafee.com ([]http in Trusted sites)
O15 - HKU\.DEFAULT\..Trusted Domains: mcafee.com ([]https in Trusted sites)
O15 - HKU\.DEFAULT\..Trusted Domains: unipass.co.uk ([www] http in Trusted sites)
O15 - HKU\.DEFAULT\..Trusted Domains: unipass.co.uk ([www] https in Trusted sites)
O15 - HKU\S-1-5-18\..Trusted Domains: aegonse.co.uk ([www] http in Trusted sites)
O15 - HKU\S-1-5-18\..Trusted Domains: internet ([]about in Trusted sites)
O15 - HKU\S-1-5-18\..Trusted Domains: mcafee.com ([]http in Trusted sites)
O15 - HKU\S-1-5-18\..Trusted Domains: mcafee.com ([]https in Trusted sites)
O15 - HKU\S-1-5-18\..Trusted Domains: unipass.co.uk ([www] http in Trusted sites)
O15 - HKU\S-1-5-18\..Trusted Domains: unipass.co.uk ([www] https in Trusted sites)
O15 - HKU\S-1-5-21-3533930121-66260186-3188412238-1135\..Trusted Domains: aegonse.co.uk ([www] http in Trusted sites)
O15 - HKU\S-1-5-21-3533930121-66260186-3188412238-1135\..Trusted Domains: logmeinrescue.com ([secure] https in Trusted sites)
O15 - HKU\S-1-5-21-3533930121-66260186-3188412238-1135\..Trusted Domains: Servant ([]file in Local intranet)
O15 - HKU\S-1-5-21-3533930121-66260186-3188412238-1135\..Trusted Domains: uk.com ([apps.openwork] https in Trusted sites)
O15 - HKU\S-1-5-21-3533930121-66260186-3188412238-1135\..Trusted Domains: uk.com ([prodexternaldpos.openwork] https in Trusted sites)
O15 - HKU\S-1-5-21-3533930121-66260186-3188412238-1135\..Trusted Domains: uk.com ([prodexternaltandc.openwork] https in Trusted sites)
O15 - HKU\S-1-5-21-3533930121-66260186-3188412238-1135\..Trusted Domains: uk.com ([www.openwork] https in Trusted sites)
O15 - HKU\S-1-5-21-3533930121-66260186-3188412238-1135\..Trusted Domains: unipass.co.uk ([www] http in Trusted sites)
O15 - HKU\S-1-5-21-3533930121-66260186-3188412238-1135\..Trusted Domains: unipass.co.uk ([www] https in Trusted sites)

#27
RichofCamelot

Posted 25 June 2012 - 05:29 AM

Member

Topic Starter
Member
46 posts

Hi Render,

That is all sounding good.

Most of the the trusted domains are probably correct:

Aegonse - a trusted supplier
Mcafee - the virus software I use (Why after this?)
Unipass - a special certificate to access many suppliers
Logmeinrescue - an IT help site used by my organisation
Openwork - the organisation I work with

Servant is the name of my companies server but I do not knowif this is correct, I would imagine so

I do not know "internet ([]About in trusted sites)" and this could be a problem but I do not know, your advice would be helpful.

I tend to clean the junk files in my system with cleanup.exe (Temp Internet; history; cookies etc) which leaves me without too much junk and trust this is still sensible.

Is this all OK then?

Thanks for all your help

Rich

#28
Render

Posted 25 June 2012 - 07:06 AM

Trusted Helper

Malware Removal
4,195 posts

Are you using Internet Explorer as your main browser?

We will run CF once again. Please follow the steps below:

Posted Image

Please download ComboFix from one of these locations:

Bleepingcomputer
ForoSpyware

Notes:

Do not mouse-click Combofix's window while it is running. That may cause it to stall.
ComboFix may reset a number of Internet Explorer's settings, including making Internet Explorer the default browser.
Combofix prevents autorun of ALL CD, floppy and USB devices to assist with malware removal & increase security. If this is an issue or makes it difficult for you -- please tell your helper.
CF disconnects your machine from the internet. The connection is automatically restored before CF completes its run. If CF runs into difficulty and terminates prematurely, the connection can be manually restored by restarting your machine.
If you are using personal certificates I recommend you to export them before running ComboFix and save them to external media.

Please carefully follow all steps below:

Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools. (Click on this link to see a list of programs that should be disabled. The list is not all inclusive.)
Double click on Combofix.exe and follow the prompts.
Notes: Combofix will run without the Recovery Console installed. Skip the Recovery Console part if you're running Vista or Windows 7.
As part of it's process, ComboFix will check to see if the Microsoft Windows Recovery Console is installed. With malware infections being as they are today, it's strongly recommended to have this pre-installed on your machine before doing any malware removal. It will allow you to boot up into a special recovery/repair mode that will allow us to more easily help you should your computer have a problem after an attempted removal of malware.
Follow the prompts to allow ComboFix to download and install the Microsoft Windows Recovery Console, and when prompted, agree to the End-User License Agreement to install the Microsoft Windows Recovery Console.

Please note: If the Microsoft Windows Recovery Console is already installed, or if you are running Vista, ComboFix will continue it's malware removal procedures.

Posted Image

Once the Microsoft Windows Recovery Console is installed using ComboFix, you should see the following message:

Click on Yes. ComboFix will now start scanning your computer for known infections. This procedure can take some time, so please be patient.
When finished, it shall produce a log for you. Please include the C:\ComboFix.txt in your next reply.

Give it at least 20-30 minutes to finish if needed.

Please do not attach the scan results from Combofix. Use copy/paste.

Also please describe how your computer behaves at the moment.

#29
RichofCamelot

Posted 25 June 2012 - 08:19 AM

Member

Topic Starter
Member
46 posts

Hi Render,

Yes IE8 is my normal browser.

Many thanks

Here is the conbofix, good luck with this one:

ComboFix 12-06-25.03 - richards 25/06/12 14:43:25.6.2 - x86
Microsoft Windows XP Professional 5.1.2600.3.1252.44.1033.18.1022.256 [GMT 1:00]
Running from: c:\documents and settings\richards\Desktop\ComboFix.exe
AV: McAfee Anti-Virus and Anti-Spyware *Disabled/Updated* {84B5EE75-6421-4CDE-A33A-DD43BA9FAD83}
FW: McAfee Firewall *Disabled* {94894B63-8C7F-4050-BDA4-813CA00DA3E8}
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\documents and settings\NetworkService\Local Settings\Application Data\assembly\tmp
c:\documents and settings\richards\Local Settings\Temporary Internet Files\mcc63.tmp
.
.
((((((((((((((((((((((((( Files Created from 2012-05-25 to 2012-06-25 )))))))))))))))))))))))))))))))
.
.
2012-06-21 11:35 . 2008-04-14 00:12 39424 ----a-w- c:\windows\system32\grpconv.exe
2012-06-21 08:25 . 2012-06-21 08:25 -------- d-----w- C:\TDSSKiller_Quarantine
2012-06-16 10:02 . 2012-06-16 10:02 -------- d-----w- c:\documents and settings\richards\Application Data\DriverCure
2012-06-16 10:02 . 2012-06-16 10:02 -------- d-----w- c:\documents and settings\richards\Application Data\SpeedMaxPc
2012-06-16 10:01 . 2012-06-16 10:37 -------- d-----w- c:\documents and settings\All Users\Application Data\SpeedMaxPc
2012-06-16 09:07 . 2012-06-16 09:08 -------- d-----w- C:\WMI Diagnostics
2012-06-16 07:04 . 2012-06-16 07:04 -------- d-----w- c:\documents and settings\Administrator\Local Settings\Application Data\FixItCenter
2012-06-14 14:02 . 2001-08-17 12:50 50176 ----a-w- c:\windows\system32\dllcache\cyyport.sys
2012-06-14 14:02 . 2001-08-17 21:36 28672 ----a-w- c:\windows\system32\dllcache\cyycoins.dll
2012-06-14 14:00 . 2004-08-04 04:00 780885 ----a-w- c:\windows\system32\dllcache\chkrres.dll
2012-06-14 13:59 . 2001-08-17 12:51 13824 ----a-w- c:\windows\system32\dllcache\bulltlp3.sys
2012-06-14 13:58 . 2001-08-17 11:49 23552 ----a-w- c:\windows\system32\dllcache\atixbar.sys
2012-06-14 13:57 . 2001-08-17 11:11 46112 ----a-w- c:\windows\system32\dllcache\adptsf50.sys
2012-06-14 13:39 . 2012-06-14 13:39 -------- d-----w- c:\windows\system32\wbem\Repository
2012-06-14 12:15 . 2012-06-14 12:15 14664 ----a-w- c:\windows\stinger.sys
2012-06-14 12:14 . 2012-06-14 12:52 -------- d-----w- c:\program files\stinger
2012-06-13 09:07 . 2012-06-13 09:07 -------- d-----w- c:\documents and settings\All Users\Application Data\{6AD8E59C-250C-4201-B5BA-56ADEF76FF46}
2012-06-13 09:02 . 2012-06-13 09:02 -------- d-----w- c:\documents and settings\richards\Local Settings\Application Data\PackageAware
2012-06-12 22:44 . 2012-06-12 22:44 -------- d-----w- c:\documents and settings\richards\Phone Browser
2012-06-12 17:57 . 2012-06-12 17:57 -------- d-----w- c:\documents and settings\richards\Local Settings\Application Data\FixItCenter
2012-06-12 17:49 . 2012-06-12 17:49 -------- d-----w- c:\windows\MATS
2012-06-12 17:49 . 2012-06-12 17:49 -------- d-----w- c:\program files\Microsoft Fix it Center
2012-06-12 08:57 . 2012-06-12 08:57 -------- d-----w- c:\documents and settings\Administrator\Local Settings\Application Data\PCHealth
2012-06-11 07:43 . 2012-03-20 12:06 29272 ----a-w- c:\program files\Mozilla Firefox\distribution\bundles\{D19CA586-DD6C-4a0a-96F8-14644F340D60}\components\scriptff.dll
2012-06-11 07:43 . 2012-02-22 12:29 9608 ----a-w- c:\windows\system32\drivers\mfeclnk.sys
2012-06-11 07:42 . 2012-06-14 12:14 87656 ----a-w- c:\windows\system32\drivers\mferkdet.sys
2012-06-11 07:42 . 2012-02-22 12:29 89792 ----a-w- c:\windows\system32\drivers\mfetdi2k.sys
2012-06-11 07:42 . 2012-02-22 12:29 83856 ----a-w- c:\windows\system32\drivers\mfendisk.sys
2012-06-11 07:42 . 2012-02-22 12:29 59456 ----a-w- c:\windows\system32\drivers\mfebopk.sys
2012-06-11 07:42 . 2012-02-22 12:29 340920 ----a-w- c:\windows\system32\drivers\mfefirek.sys
2012-06-11 07:42 . 2012-02-22 12:29 57600 ----a-w- c:\windows\system32\drivers\cfwids.sys
2012-06-11 07:42 . 2012-02-22 12:29 180848 ----a-w- c:\windows\system32\drivers\mfeavfk.sys
2012-06-11 07:42 . 2012-06-12 08:50 -------- d-----w- c:\program files\Common Files\Mcafee
2012-06-11 07:42 . 2012-06-12 08:49 -------- d-----w- c:\program files\McAfee.com
2012-06-11 07:33 . 2012-06-14 12:14 159608 ----a-w- c:\windows\system32\mfevtps.exe
2012-06-04 22:26 . 2012-06-04 22:26 -------- d-----w- c:\documents and settings\richards\Local Settings\Application Data\Citrix
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-06-14 12:14 . 2012-02-22 12:29 475704 ----a-w- c:\windows\system32\drivers\mfehidk.sys
2012-06-02 14:19 . 2007-06-22 06:24 22040 ----a-w- c:\windows\system32\wucltui.dll.mui
2012-06-02 14:19 . 2007-06-22 06:24 15384 ----a-w- c:\windows\system32\wuaucpl.cpl.mui
2012-06-02 14:19 . 2004-08-11 16:12 329240 ----a-w- c:\windows\system32\wucltui.dll
2012-06-02 14:19 . 2004-08-11 16:12 219160 ----a-w- c:\windows\system32\wuaucpl.cpl
2012-06-02 14:19 . 2004-08-11 16:12 210968 ----a-w- c:\windows\system32\wuweb.dll
2012-06-02 14:19 . 2007-06-22 06:24 15384 ----a-w- c:\windows\system32\wuapi.dll.mui
2012-06-02 14:19 . 2005-05-26 03:16 45080 ----a-w- c:\windows\system32\wups2.dll
2012-06-02 14:19 . 2004-08-11 16:12 53784 ----a-w- c:\windows\system32\wuauclt.exe
2012-06-02 14:19 . 2004-08-11 16:12 35864 ----a-w- c:\windows\system32\wups.dll
2012-06-02 14:19 . 2004-08-11 16:00 97304 ----a-w- c:\windows\system32\cdm.dll
2012-06-02 14:19 . 2007-06-22 06:24 17944 ----a-w- c:\windows\system32\wuaueng.dll.mui
2012-06-02 14:19 . 2004-08-11 16:12 577048 ----a-w- c:\windows\system32\wuapi.dll
2012-06-02 14:19 . 2004-08-11 16:12 1933848 ----a-w- c:\windows\system32\wuaueng.dll
2012-06-02 14:18 . 2010-07-31 09:52 275696 ----a-w- c:\windows\system32\mucltui.dll
2012-06-02 14:18 . 2010-07-31 09:52 17136 ----a-w- c:\windows\system32\mucltui.dll.mui
2012-06-02 14:18 . 2009-08-06 18:23 214256 ----a-w- c:\windows\system32\muweb.dll
2012-05-31 13:22 . 2004-08-11 16:00 599040 ----a-w- c:\windows\system32\crypt32.dll
2012-05-18 06:27 . 2012-05-18 06:27 419488 ----a-w- c:\windows\system32\FlashPlayerApp.exe
2012-05-18 06:27 . 2011-06-05 07:05 70304 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2012-05-16 15:08 . 2004-08-11 16:00 916992 ----a-w- c:\windows\system32\wininet.dll
2012-05-15 13:20 . 2004-08-11 16:00 1863168 ----a-w- c:\windows\system32\win32k.sys
2012-05-11 14:42 . 2004-08-11 16:00 43520 ----a-w- c:\windows\system32\licmgr10.dll
2012-05-11 14:42 . 2004-08-11 16:00 1469440 ------w- c:\windows\system32\inetcpl.cpl
2012-05-11 11:38 . 2004-08-11 16:00 385024 ----a-w- c:\windows\system32\html.iec
2012-05-04 13:16 . 2004-08-11 16:00 2148352 ----a-w- c:\windows\system32\ntoskrnl.exe
2012-05-04 12:32 . 2004-08-03 21:59 2026496 ----a-w- c:\windows\system32\ntkrnlpa.exe
2012-05-02 13:46 . 2004-08-11 16:11 139656 ----a-w- c:\windows\system32\drivers\rdpwd.sys
2010-08-02 15:07 . 2010-08-02 15:07 607744 ----a-w- c:\program files\MBLOBPSetup.msi
2011-04-14 13:01 . 2010-08-09 17:22 24376 ----a-w- c:\program files\mozilla firefox\components\Scriptff.dll
.
.
((((((((((((((((((((((((((((( SnapShot@2012-06-22_07.28.14 )))))))))))))))))))))))))))))))))))))))))
.
+ 2012-06-25 13:31 . 2012-06-25 13:31 16384 c:\windows\Temp\Perflib_Perfdata_a10.dat
+ 2012-06-25 13:31 . 2012-06-25 13:31 16384 c:\windows\Temp\Perflib_Perfdata_4cc.dat
+ 2012-06-25 13:31 . 2012-06-25 13:31 16384 c:\windows\Temp\Perflib_Perfdata_428.dat
+ 2012-06-25 13:31 . 2012-06-25 13:31 16384 c:\windows\Temp\Perflib_Perfdata_404.dat
+ 2012-06-25 13:31 . 2012-06-25 13:31 16384 c:\windows\Temp\Perflib_Perfdata_384.dat
+ 2012-06-19 15:32 . 2012-06-25 10:42 32768 c:\windows\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\index.dat
- 2012-06-19 15:32 . 2012-06-22 06:41 32768 c:\windows\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\index.dat
- 2012-06-19 15:32 . 2012-06-22 06:41 16384 c:\windows\system32\config\systemprofile\Local Settings\History\History.IE5\index.dat
+ 2012-06-19 15:32 . 2012-06-25 10:42 16384 c:\windows\system32\config\systemprofile\Local Settings\History\History.IE5\index.dat
- 2012-06-19 15:32 . 2012-06-22 06:41 16384 c:\windows\system32\config\systemprofile\IETldCache\index.dat
+ 2012-06-19 15:32 . 2012-06-25 10:42 16384 c:\windows\system32\config\systemprofile\IETldCache\index.dat
+ 2012-06-24 19:47 . 2012-06-25 10:42 32768 c:\windows\system32\config\systemprofile\Cookies\index.dat
+ 2004-08-11 16:00 . 2012-06-25 13:35 764018 c:\windows\system32\perfh009.dat
- 2004-08-11 16:00 . 2012-06-22 06:32 764018 c:\windows\system32\perfh009.dat
- 2004-08-11 16:00 . 2012-06-22 06:32 186770 c:\windows\system32\perfc009.dat
+ 2004-08-11 16:00 . 2012-06-25 13:35 186770 c:\windows\system32\perfc009.dat
+ 2012-06-03 13:45 . 2012-06-25 13:34 224895 c:\windows\system32\inetsrv\MetaBase.bin
- 2010-04-20 10:42 . 2010-02-12 10:03 293376 c:\windows\system32\browserchoice.exe
+ 2010-04-17 11:59 . 2010-02-12 10:03 293376 c:\windows\system32\browserchoice.exe
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"TrueCrypt"="c:\program files\TrueCrypt\TrueCrypt.exe" [2009-09-25 1369792]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2006-01-19 7401472]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2009-12-22 35760]
"MobileConnect"="c:\program files\Vodafone\Vodafone Mobile Connect\Bin\MobileConnect.exe" [2009-09-18 2412032]
"btbb_McciTrayApp"="c:\program files\BT Business Broadband Desktop Help\btbb\BTHelpNotifier.exe" [2009-12-07 1584640]
"CanonSolutionMenu"="c:\program files\Canon\SolutionMenu\CNSLMAIN.exe" [2008-12-12 722256]
"ArcSoft Connection Service"="c:\program files\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe" [2010-10-27 207424]
"Halifax GI - Intermediaries"="c:\program files\Halifax GI - Intermediaries\Halifax GI - Intermediaries.exe" [2012-06-16 3667456]
"HP Software Update"="c:\program files\Hp\HP Software Update\HPWuSchd2.exe" [2010-06-09 49208]
"APSDaemon"="c:\program files\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2012-02-20 59240]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2012-03-06 421736]
"mcui_exe"="c:\program files\McAfee.com\Agent\mcagent.exe" [2012-03-21 1318816]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer]
"NoWelcomeScreen"= 1 (0x1)
.
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
"EditLevel"= 0 (0x0)
"NoCommonGroups"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Authentication Packages REG_MULTI_SZ msv1_0 wvauth
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\mcmscsvc]
@=""
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS]
@=""
.
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^EMBASSY Trust Suite Secure Update.lnk.disabled]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\EMBASSY Trust Suite Secure Update.lnk.disabled
backup=c:\windows\pss\EMBASSY Trust Suite Secure Update.lnk.disabledCommon Startup
.
[HKLM\~\startupfolder\C:^Documents and Settings^richards.LFS^Start Menu^Programs^Startup^SpywareGuard.lnk]
path=c:\documents and settings\richards.LFS\Start Menu\Programs\Startup\SpywareGuard.lnk
backup=c:\windows\pss\SpywareGuard.lnkStartup
.
[HKLM\~\startupfolder\C:^Documents and Settings^richards.LFS^Start Menu^Programs^Startup^TomTom HOME.lnk.disabled]
path=c:\documents and settings\richards.LFS\Start Menu\Programs\Startup\TomTom HOME.lnk.disabled
backup=c:\windows\pss\TomTom HOME.lnk.disabledStartup
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
2009-12-22 01:57 35760 ----a-w- c:\program files\Adobe\Reader 9.0\Reader\reader_sl.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
2012-03-06 19:05 421736 ----a-w- c:\program files\iTunes\iTunesHelper.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MobileConnect]
2009-09-18 17:48 2412032 ----a-w- c:\program files\Vodafone\Vodafone Mobile Connect\Bin\mobileconnect.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PCSuiteTrayApplication]
2007-06-18 15:10 271360 ----a-w- c:\program files\Nokia\Nokia PC Suite 6\launchapplication.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Skype]
2012-02-29 07:55 17148552 ----a-r- c:\program files\Skype\Phone\Skype.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"MSK80Service"=2 (0x2)
"MpfService"=2 (0x2)
"McSysmon"=3 (0x3)
"McShield"=2 (0x2)
"McProxy"=2 (0x2)
"McODS"=3 (0x3)
"McNASvc"=2 (0x2)
"mcmscsvc"=2 (0x2)
"McAfee SiteAdvisor Service"=2 (0x2)
"iPod Service"=3 (0x3)
"CCALib8"=2 (0x2)
"Canon Driver Information Assist Service"=2 (0x2)
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-]
"Dell QuickSet"=c:\program files\dell\quickset\quickset.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeAntiVirus]
"DisableMonitoring"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeFirewall]
"DisableMonitoring"=dword:00000001
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"1723:TCP"= 1723:TCP:@xpsp2res.dll,-22015
"1701:UDP"= 1701:UDP:@xpsp2res.dll,-22016
"500:UDP"= 500:UDP:@xpsp2res.dll,-22017
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\IcmpSettings]
"AllowInboundEchoRequest"= 0 (0x0)
.
R0 sptd;sptd;c:\windows\system32\drivers\sptd.sys [25/09/09 10:12 717296]
R1 mfetdi2k;McAfee Inc. mfetdi2k;c:\windows\system32\drivers\mfetdi2k.sys [11/06/12 08:42 89792]
R2 Iprip;RIP Listener;c:\windows\System32\svchost.exe -k netsvcs [11/08/04 17:00 14336]
R2 MBServiceHost;MB Service Host;c:\mbl\MBrain\Software\Mortgage Brain Framework 1.0\bin\mbServiceHost.exe [30/11/10 14:16 29184]
R2 McAfee SiteAdvisor Service;McAfee SiteAdvisor Service;"c:\program files\Common Files\Mcafee\McSvcHost\McSvHost.exe" /McCoreSvc [11/06/12 08:42 214904]
R2 McMPFSvc;McAfee Personal Firewall Service;"c:\program files\Common Files\Mcafee\McSvcHost\McSvHost.exe" /McCoreSvc [11/06/12 08:42 214904]
R2 McNaiAnn;McAfee VirusScan Announcer;"c:\program files\Common Files\Mcafee\McSvcHost\McSvHost.exe" /McCoreSvc [11/06/12 08:42 214904]
R2 mfefire;McAfee Firewall Core Service;c:\program files\Common Files\Mcafee\SystemCore\mfefire.exe [11/06/12 08:43 161632]
R2 mfevtp;McAfee Validation Trust Protection Service;c:\windows\system32\mfevtps.exe [11/06/12 08:33 159608]
R2 MSSQL$ETI;SQL Server (ETI);c:\program files\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe [10/12/10 19:29 29293408]
R2 MSSQL$MBRAIN;SQL Server (MBRAIN);c:\program files\Microsoft SQL Server\MSSQL.2\MSSQL\Binn\sqlservr.exe [10/12/10 19:29 29293408]
R2 MSSQL$OTP;MSSQL$OTP;c:\program files\Microsoft SQL Server\MSSQL$OTP\Binn\sqlservr.exe [04/05/05 01:04 9158656]
R2 VMCService;Vodafone Mobile Connect Service;c:\program files\Vodafone\Vodafone Mobile Connect\Bin\VMCService.exe [18/09/09 19:48 10752]
R3 cfwids;McAfee Inc. cfwids;c:\windows\system32\drivers\cfwids.sys [11/06/12 08:42 57600]
R3 mfefirek;McAfee Inc. mfefirek;c:\windows\system32\drivers\mfefirek.sys [11/06/12 08:42 340920]
R3 mfendiskmp;mfendiskmp;c:\windows\system32\drivers\mfendisk.sys [11/06/12 08:42 83856]
S2 ddnt;ddnt;c:\windows\system32\drivers\ddnt.sys [13/12/06 08:44 8544]
S2 gupdate;Google Update Service (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [27/09/10 23:10 136176]
S2 NokiaSuite3;NokiaSuite3;c:\windows\system32\drivers\NokiaSuite3.sys [26/05/06 07:39 837696]
S2 SkypeUpdate;Skype Updater;c:\program files\Skype\Updater\Updater.exe [29/02/12 08:50 158856]
S3 ewusbnet;HUAWEI USB-NDIS miniport;c:\windows\system32\drivers\ewusbnet.sys [25/01/10 15:45 112640]
S3 gupdatem;Google Update Service (gupdatem);c:\program files\Google\Update\GoogleUpdate.exe [27/09/10 23:10 136176]
S3 hwusbfake;Huawei DataCard USB Fake;c:\windows\system32\drivers\ewusbfake.sys [25/01/10 15:47 100480]
S3 MatSvc;Microsoft Automated Troubleshooting Service;c:\program files\Microsoft Fix it Center\Matsvc.exe [13/06/11 22:09 267568]
S3 mfendisk;McAfee Core NDIS Intermediate Filter;c:\windows\system32\drivers\mfendisk.sys [11/06/12 08:42 83856]
S3 mferkdet;McAfee Inc. mferkdet;c:\windows\system32\drivers\mferkdet.sys [11/06/12 08:42 87656]
S3 SQLAgent$OTP;SQLAgent$OTP;c:\program files\Microsoft SQL Server\MSSQL$OTP\Binn\sqlagent.EXE [03/05/05 22:42 323584]
S3 tfju17xkb.sys;tfju17xkb.sys;\??\c:\windows\system32\drivers\tfju17xkb.sys --> c:\windows\system32\drivers\tfju17xkb.sys [?]
.
--- Other Services/Drivers In Memory ---
.
*Deregistered* - mfeavfk01
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
p2psvc REG_MULTI_SZ p2psvc p2pimsvc p2pgasvc PNRPSvc
.
Contents of the 'Scheduled Tasks' folder
.
2012-06-18 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2011-06-01 16:57]
.
2012-06-25 c:\windows\Tasks\GoogleUpdateTaskMachineCore1cb6bc3a10a49e1.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-09-27 22:10]
.
2012-06-25 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-09-27 22:10]
.
2007-09-28 c:\windows\Tasks\Microsoft_Hardware_Launch_LifeExp_exe.job
- c:\program files\Microsoft LifeCam\LifeExp.exe [2007-01-13 01:48]
.
2008-05-30 c:\windows\Tasks\Microsoft_Hardware_Launch_vVX3000_exe.job
- c:\windows\vVX3000.exe [2007-09-28 23:38]
.
2010-07-30 c:\windows\Tasks\OGALogon.job
- c:\windows\system32\OGAEXEC.exe [2009-08-03 14:07]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.google.co.uk/
uInternet Settings,ProxyOverride = *.local
Trusted Zone: aegonse.co.uk\www
Trusted Zone: logmeinrescue.com\secure
Trusted Zone: uk.com\apps.openwork
Trusted Zone: uk.com\prodexternaldpos.openwork
Trusted Zone: uk.com\prodexternaltandc.openwork
Trusted Zone: uk.com\www.openwork
Trusted Zone: unipass.co.uk\www
TCP: DhcpNameServer = 192.168.1.1
FF - ProfilePath - c:\documents and settings\richards\Application Data\Mozilla\Firefox\Profiles\bd1egsa0.default\
FF - prefs.js: browser.search.selectedEngine - Secure Search
FF - prefs.js: browser.startup.homepage - hxxp://www.btbroadbandoffice.com/homepage
FF - prefs.js: keyword.URL - hxxp://uk.search.yahoo.com/search?fr=mcafee&p=
FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
FF - Ext: Skype Click to Call: {82AF8DCA-6DE9-405D-BD5E-43525BDAD38A} - c:\program files\Mozilla Firefox\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}
FF - Ext: McAfee SiteAdvisor: {4ED1F68A-5463-4931-9384-8FFF5ED91D92} - c:\program files\McAfee\SiteAdvisor
FF - user.js: dom.disable_open_during_load - true // Popupblocker control handled by McAfee Privacy Service
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2012-06-25 15:02
Windows 5.1.2600 Service Pack 3 NTFS
.
scanning hidden processes ...
.
scanning hidden autostart entries ...
.
scanning hidden files ...
.
scan completed successfully
hidden files: 0
.
**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_USERS\S-1-5-21-3533930121-66260186-3188412238-1135\Software\Microsoft\SystemCertificates\AddressBook*]
@Allowed: (Read) (RestrictedCode)
@Allowed: (Read) (RestrictedCode)
.
[HKEY_LOCAL_MACHINE\software\DeterministicNetworks\DNE\Parameters]
"SymbolicLinkValue"=hex(6):5c,00,52,00,65,00,67,00,69,00,73,00,74,00,72,00,79,
00,5c,00,4d,00,41,00,43,00,48,00,49,00,4e,00,45,00,5c,00,53,00,79,00,73,00,\
.
[HKEY_LOCAL_MACHINE\software\Intel\Wireless\Folders\¸*¬ 0 ]
"Path"="c:\\WINDOWS\\system32\\config\\systemprofile\\Application Data\\Intel\\Wireless\\"
.
--------------------- DLLs Loaded Under Running Processes ---------------------
.
- - - - - - - > 'lsass.exe'(556)
c:\windows\system32\wvauth.dll
c:\windows\system32\biolsp.dll
.
Completion time: 2012-06-25 15:09:02
ComboFix-quarantined-files.txt 2012-06-25 14:08
ComboFix2.txt 2012-06-24 15:38
ComboFix3.txt 2012-06-24 09:04
ComboFix4.txt 2012-06-22 07:35
.
Pre-Run: 41,273,446,400 bytes free
Post-Run: 41,225,166,848 bytes free
.
- - End Of File - - 687A690FA5D5CAC79A25DB7DE9267349

#30
Render

Posted 25 June 2012 - 09:03 AM

Trusted Helper

Malware Removal
4,195 posts

Please enable McAfee security programs.

Your logs shows that your system is clean. If you have no further issues with your computer, then please proceed with the following housekeeping procedures outlined below.

Removing the tools we used:

Uninstall ComboFix

Remove Combofix now that we're done with it.

Please press the Windows Key and R on your keyboard. This will bring up the Run... command.
Now copy/paste this: ComboFix /Uninstall in the runbox and click OK. Note the space between the X and the /Uninstall, it needs to be there.
Please follow the prompts to uninstall Combofix.
This will uninstall Combofix, delete its related folders and files, reset your clock settings, hide file extensions, hide the system/hidden files and resets System Restore again.
You will then recieve a message saying Combofix was uninstalled successfully once it's done uninstalling itself.

NEXT...

OTL Clean-Up:

Reopen on your desktop.
Click on
You will be prompted to reboot your system. Please do so.

If you still have any tools or logs leftover on your computer you can go ahead and delete those off of your computer now.

There are a few things I recommend you to do once your computer is completely clean:

Updates for Windows - One of the essentials is to keep your computer updated with the latest operating system patches and security fixes. Windows Updates are constantly being revised to combat the newest hacks and threats, Microsoft releases security updates that help your computer from becoming vulnerable. It is best if you have these set to download automatically.

How to turn on Automatic Updates for Windows:

Windows XP

Updates for other installed software

A common attack method for hacking attempts and malware installs is to exploit known vulnerabilities in programs that are commonly installed on a person's computer. These vulnerabilities could allow a remote user or malware developer to install malware, keyloggers, and backdoors on to your computer without your knowledge or permission.
Some of the programs that are commonly exploited include Adobe Shockwave, Adobe Reader, Sun Java, Adobe Flash, and even Windows itself. Therefore it is crucial that everyone remain vigilant as to when a security vulnerability is found in our installed programs and to update it when a security update is released. Unfortunately, no one has the time to stay on top of these updates, which can happen frequently.

I highly recommend you to install Secunia Personal Software Inspector (PSI) that can be used to scan your computer for known vulnerable programs, provide information on the vulnerability, and provide a location to an update for the vulnerable program. A tutorial on how to use Secunia Personal Software Inspector (PSI) can be found here: Keep Software Updated with Secunia PSI.

Web Browsers - Picking the right internet browser is very important. You need to find one that suits your needs but that is also safe. All browsers listed below are far more secure than Internet Explorer, immune to almost all known browser hijackers, and also have the best built-in pop up blockers.

Although, if you prefer staying with Internet Explorer I highly recommend you do this :

Make Internet Explorer more secure:

Click Start > Run
Type Inetcpl.cpl & click OK
Click on the Security tab
Click Reset all zones to default level
Make sure the Internet Zone is selected & Click Custom level
In the ActiveX section, set the options Download signed and unsigned ActiveX controls to Prompt, and Initialize and Script ActiveX controls not marked as safe to Disable.
Next click OK, then Apply button and then OK to exit the Internet Properties page.

Tips to protect yourself against malware and reduce the potential for re-infection:

Now after all these steps, your PC will be more secure. However it is important to note that you can still get infected if you are not careful. One of the best security programs you can have is common sense. As malware gets more sophisticated, you need to be more wary. If you do get caught though and the above steps can't help prevent it, we will be here to help you out.

Stay secure and thank you for choosing GeeksToGo.