nekote

I tried renaming those suspicious looking files to .bad Didn't make any difference. Upon investigating further, I discovered it was smss.exe That virus is pretty easy to kill. I'm all set. You can close the thread, if that is something done.

I can't edit the previous post, but I do need to add a detail. Somewhere in this process, I used Process Explorer to spot and kill a process from a "company" with 2 groups of non-sensical letters. ZoneAlarm also had a request from the same application, to connect to the Internet, which was denied. I'm a bit (over?) anxious / eager to try to get this fixed, so I went ahead and burned a reatogo / OLT disk, booted it up and ran the scan. In addition to getting this fixed, I would greatly like to find Anti-Virus software, so this bad thing won't come back, probably further improved, for a fourth round. Notron 360 has been mentioned a "good". Any comment or suggestions? Some suspicious characters, here (possibly from reatogo / OTL?): [2099/01/01 12:00:00 | 00,061,952 | -HS- | M] () -- C:\WINDOWS\System32\lekefoji.dll [2099/01/01 12:00:00 | 00,055,296 | -HS- | M] () -- C:\WINDOWS\System32\zehekilo.dll [2099/01/01 12:00:00 | 00,055,296 | -HS- | M] () -- C:\WINDOWS\System32\woyobizi.dll [2099/01/01 12:00:00 | 00,055,296 | -HS- | M] () -- C:\WINDOWS\System32\guhegesi.dll [2099/01/01 12:00:00 | 00,049,152 | -HS- | M] () -- C:\WINDOWS\System32\sayiwido.dll [2026/02/17 08:19:10 | 00,003,120 | ---- | M] () -- C:\WINDOWS\System32\ALLFSAF6a.ocx Thanks, again, for the time and the assistance! Best Regards. OTL.txt Extras.txt

I hope I've got the right forum, this time! <Genuine apologies dumb faux pas!> My neighbor's computer, again. Third time. MBAM hidden and cannot run. The AVG Anti-Virus and ZoneAlarm (free versions) don't seem to be doing the job. What will? Norton 360? I have run the GMER scan, with the standard default options. Doesn't look like it picked up anything, except ZoneAlarm. Ran RootRepealer also. Didn't spot any villain, there, either. What's next? ComboFix? OLT? ... TYIA GMER 1.0.15.15281 - http://www.gmer.net Rootkit scan 2010-01-27 12:36:22 Windows 5.1.2600 Service Pack 3 Running: 4bobgt7w.exe; Driver: C:\DOCUME~1\JOHNAD~1\LOCALS~1\Temp\kwliapoc.sys ---- System - GMER 1.0.15 ---- SSDT \SystemRoot\System32\vsdatant.sys (TrueVector Device Driver/Check Point Software Technologies LTD) ZwConnectPort [0xEDCE2FC0] SSDT \SystemRoot\System32\vsdatant.sys (TrueVector Device Driver/Check Point Software Technologies LTD) ZwCreateFile [0xEDCDFC80] SSDT \SystemRoot\System32\vsdatant.sys (TrueVector Device Driver/Check Point Software Technologies LTD) ZwCreateKey [0xEDCFA170] SSDT \SystemRoot\System32\vsdatant.sys (TrueVector Device Driver/Check Point Software Technologies LTD) ZwCreatePort [0xEDCE3580] SSDT \SystemRoot\System32\vsdatant.sys (TrueVector Device Driver/Check Point Software Technologies LTD) ZwCreateProcess [0xEDCF7900] SSDT \SystemRoot\System32\vsdatant.sys (TrueVector Device Driver/Check Point Software Technologies LTD) ZwCreateProcessEx [0xEDCF7B10] SSDT \SystemRoot\System32\vsdatant.sys (TrueVector Device Driver/Check Point Software Technologies LTD) ZwCreateSection [0xEDCFBB10] SSDT \SystemRoot\System32\vsdatant.sys (TrueVector Device Driver/Check Point Software Technologies LTD) ZwCreateWaitablePort [0xEDCE3670] SSDT \SystemRoot\System32\vsdatant.sys (TrueVector Device Driver/Check Point Software Technologies LTD) ZwDeleteFile [0xEDCE0210] SSDT \SystemRoot\System32\vsdatant.sys (TrueVector Device Driver/Check Point Software Technologies LTD) ZwDeleteKey [0xEDCFA9F0] SSDT \SystemRoot\System32\vsdatant.sys (TrueVector Device Driver/Check Point Software Technologies LTD) ZwDeleteValueKey [0xEDCFA7A0] SSDT \SystemRoot\System32\vsdatant.sys (TrueVector Device Driver/Check Point Software Technologies LTD) ZwDuplicateObject [0xEDCF7280] SSDT \SystemRoot\System32\vsdatant.sys (TrueVector Device Driver/Check Point Software Technologies LTD) ZwLoadKey [0xEDCFAF10] SSDT \SystemRoot\System32\vsdatant.sys (TrueVector Device Driver/Check Point Software Technologies LTD) ZwLoadKey2 [0xEDCFAF90] SSDT \SystemRoot\System32\vsdatant.sys (TrueVector Device Driver/Check Point Software Technologies LTD) ZwOpenFile [0xEDCE0070] SSDT \SystemRoot\System32\vsdatant.sys (TrueVector Device Driver/Check Point Software Technologies LTD) ZwOpenProcess [0xEDCF9180] SSDT \SystemRoot\System32\vsdatant.sys (TrueVector Device Driver/Check Point Software Technologies LTD) ZwOpenThread [0xEDCF8F40] SSDT \SystemRoot\System32\vsdatant.sys (TrueVector Device Driver/Check Point Software Technologies LTD) ZwRenameKey [0xEDCFB6F0] SSDT \SystemRoot\System32\vsdatant.sys (TrueVector Device Driver/Check Point Software Technologies LTD) ZwReplaceKey [0xEDCFB150] SSDT \SystemRoot\System32\vsdatant.sys (TrueVector Device Driver/Check Point Software Technologies LTD) ZwRequestWaitReplyPort [0xEDCE2BE0] SSDT \SystemRoot\System32\vsdatant.sys (TrueVector Device Driver/Check Point Software Technologies LTD) ZwRestoreKey [0xEDCFB540] SSDT \SystemRoot\System32\vsdatant.sys (TrueVector Device Driver/Check Point Software Technologies LTD) ZwSecureConnectPort [0xEDCE3190] SSDT \SystemRoot\System32\vsdatant.sys (TrueVector Device Driver/Check Point Software Technologies LTD) ZwSetInformationFile [0xEDCE0440] SSDT \SystemRoot\System32\vsdatant.sys (TrueVector Device Driver/Check Point Software Technologies LTD) ZwSetValueKey [0xEDCFA4E0] SSDT \SystemRoot\System32\vsdatant.sys (TrueVector Device Driver/Check Point Software Technologies LTD) ZwSystemDebugControl [0xEDCF8200] SSDT \SystemRoot\System32\vsdatant.sys (TrueVector Device Driver/Check Point Software Technologies LTD) ZwTerminateProcess [0xEDCF8080] Code \SystemRoot\system32\DRIVERS\css-dvp.sys (Dynamic Virus Protection/Command Software Systems, Inc.) ZwClose [0xECFC4B4C] Code \SystemRoot\system32\DRIVERS\css-dvp.sys (Dynamic Virus Protection/Command Software Systems, Inc.) ZwCreateSection [0xECFC4DB7] Code \SystemRoot\system32\DRIVERS\css-dvp.sys (Dynamic Virus Protection/Command Software Systems, Inc.) ZwSetInformationFile [0xECFC4235] Code \SystemRoot\system32\DRIVERS\css-dvp.sys (Dynamic Virus Protection/Command Software Systems, Inc.) ZwWriteFile [0xECFC3E81] Code \SystemRoot\system32\DRIVERS\css-dvp.sys (Dynamic Virus Protection/Command Software Systems, Inc.) IoCreateFile Code \SystemRoot\system32\DRIVERS\css-dvp.sys (Dynamic Virus Protection/Command Software Systems, Inc.) NtClose Code \SystemRoot\system32\DRIVERS\css-dvp.sys (Dynamic Virus Protection/Command Software Systems, Inc.) NtCreateSection Code \SystemRoot\system32\DRIVERS\css-dvp.sys (Dynamic Virus Protection/Command Software Systems, Inc.) NtSetInformationFile Code \SystemRoot\system32\DRIVERS\css-dvp.sys (Dynamic Virus Protection/Command Software Systems, Inc.) NtWriteFile ---- Kernel code sections - GMER 1.0.15 ---- .text ntoskrnl.exe!_abnormal_termination + 104 804E2760 12 Bytes [80, 35, CE, ED, 00, 79, CF, ...] {XOR BYTE [0x7900edce], 0xcf; IN EAX, DX; ADC [EBX-0x31], BH; IN EAX, DX} PAGE ntoskrnl.exe!NtCreateSection 805652B3 7 Bytes JMP ECFC4DBB \SystemRoot\system32\DRIVERS\css-dvp.sys (Dynamic Virus Protection/Command Software Systems, Inc.) PAGE ntoskrnl.exe!NtClose 80567A6D 5 Bytes JMP ECFC4B50 \SystemRoot\system32\DRIVERS\css-dvp.sys (Dynamic Virus Protection/Command Software Systems, Inc.) PAGE ntoskrnl.exe!IoCreateFile 8056F4AB 5 Bytes JMP ECFC39AA \SystemRoot\system32\DRIVERS\css-dvp.sys (Dynamic Virus Protection/Command Software Systems, Inc.) PAGE ntoskrnl.exe!NtSetInformationFile 80576CA4 5 Bytes JMP ECFC4239 \SystemRoot\system32\DRIVERS\css-dvp.sys (Dynamic Virus Protection/Command Software Systems, Inc.) PAGE ntoskrnl.exe!NtWriteFile 80576F4D 7 Bytes JMP ECFC3E85 \SystemRoot\system32\DRIVERS\css-dvp.sys (Dynamic Virus Protection/Command Software Systems, Inc.) ? srescan.sys The system cannot find the file specified. ! PAGE Fastfat.SYS ECF6A9C8 7 Bytes JMP ECFC539E \SystemRoot\system32\DRIVERS\css-dvp.sys (Dynamic Virus Protection/Command Software Systems, Inc.) ---- Kernel IAT/EAT - GMER 1.0.15 ---- IAT \SystemRoot\System32\DRIVERS\raspppoe.sys[NDIS.SYS!NdisRegisterProtocol] [EDCE7B20] \SystemRoot\System32\vsdatant.sys (TrueVector Device Driver/Check Point Software Technologies LTD) IAT \SystemRoot\System32\DRIVERS\raspppoe.sys[NDIS.SYS!NdisOpenAdapter] [EDCE7930] \SystemRoot\System32\vsdatant.sys (TrueVector Device Driver/Check Point Software Technologies LTD) IAT \SystemRoot\System32\DRIVERS\raspppoe.sys[NDIS.SYS!NdisCloseAdapter] [EDCE8260] \SystemRoot\System32\vsdatant.sys (TrueVector Device Driver/Check Point Software Technologies LTD) IAT \SystemRoot\System32\DRIVERS\raspppoe.sys[NDIS.SYS!NdisDeregisterProtocol] [EDCE5E90] \SystemRoot\System32\vsdatant.sys (TrueVector Device Driver/Check Point Software Technologies LTD) IAT \SystemRoot\System32\DRIVERS\psched.sys[NDIS.SYS!NdisDeregisterProtocol] [EDCE5E90] \SystemRoot\System32\vsdatant.sys (TrueVector Device Driver/Check Point Software Technologies LTD) IAT \SystemRoot\System32\DRIVERS\psched.sys[NDIS.SYS!NdisRegisterProtocol] [EDCE7B20] \SystemRoot\System32\vsdatant.sys (TrueVector Device Driver/Check Point Software Technologies LTD) IAT \SystemRoot\System32\DRIVERS\psched.sys[NDIS.SYS!NdisOpenAdapter] [EDCE7930] \SystemRoot\System32\vsdatant.sys (TrueVector Device Driver/Check Point Software Technologies LTD) IAT \SystemRoot\System32\DRIVERS\psched.sys[NDIS.SYS!NdisCloseAdapter] [EDCE8260] \SystemRoot\System32\vsdatant.sys (TrueVector Device Driver/Check Point Software Technologies LTD) IAT \SystemRoot\System32\Drivers\NDProxy.SYS[NDIS.SYS!NdisRegisterProtocol] [EDCE7B20] \SystemRoot\System32\vsdatant.sys (TrueVector Device Driver/Check Point Software Technologies LTD) IAT \SystemRoot\System32\Drivers\NDProxy.SYS[NDIS.SYS!NdisDeregisterProtocol] [EDCE5E90] \SystemRoot\System32\vsdatant.sys (TrueVector Device Driver/Check Point Software Technologies LTD) IAT \SystemRoot\System32\Drivers\NDProxy.SYS[NDIS.SYS!NdisCloseAdapter] [EDCE8260] \SystemRoot\System32\vsdatant.sys (TrueVector Device Driver/Check Point Software Technologies LTD) IAT \SystemRoot\System32\Drivers\NDProxy.SYS[NDIS.SYS!NdisOpenAdapter] [EDCE7930] \SystemRoot\System32\vsdatant.sys (TrueVector Device Driver/Check Point Software Technologies LTD) IAT \SystemRoot\System32\DRIVERS\tcpip.sys[NDIS.SYS!NdisCloseAdapter] [EDCE8260] \SystemRoot\System32\vsdatant.sys (TrueVector Device Driver/Check Point Software Technologies LTD) IAT \SystemRoot\System32\DRIVERS\tcpip.sys[NDIS.SYS!NdisOpenAdapter] [EDCE7930] \SystemRoot\System32\vsdatant.sys (TrueVector Device Driver/Check Point Software Technologies LTD) IAT \SystemRoot\System32\DRIVERS\tcpip.sys[NDIS.SYS!NdisRegisterProtocol] [EDCE7B20] \SystemRoot\System32\vsdatant.sys (TrueVector Device Driver/Check Point Software Technologies LTD) IAT \SystemRoot\System32\drivers\afd.sys[ntoskrnl.exe!IoCreateFile] [EDD00B30] \SystemRoot\System32\vsdatant.sys (TrueVector Device Driver/Check Point Software Technologies LTD) IAT \SystemRoot\System32\DRIVERS\wanarp.sys[NDIS.SYS!NdisDeregisterProtocol] [EDCE5E90] \SystemRoot\System32\vsdatant.sys (TrueVector Device Driver/Check Point Software Technologies LTD) IAT \SystemRoot\System32\DRIVERS\wanarp.sys[NDIS.SYS!NdisRegisterProtocol] [EDCE7B20] \SystemRoot\System32\vsdatant.sys (TrueVector Device Driver/Check Point Software Technologies LTD) IAT \SystemRoot\System32\DRIVERS\wanarp.sys[NDIS.SYS!NdisOpenAdapter] [EDCE7930] \SystemRoot\System32\vsdatant.sys (TrueVector Device Driver/Check Point Software Technologies LTD) IAT \SystemRoot\System32\DRIVERS\wanarp.sys[NDIS.SYS!NdisCloseAdapter] [EDCE8260] \SystemRoot\System32\vsdatant.sys (TrueVector Device Driver/Check Point Software Technologies LTD) IAT \SystemRoot\System32\DRIVERS\ndisuio.sys[NDIS.SYS!NdisRegisterProtocol] [EDCE7B20] \SystemRoot\System32\vsdatant.sys (TrueVector Device Driver/Check Point Software Technologies LTD) IAT \SystemRoot\System32\DRIVERS\ndisuio.sys[NDIS.SYS!NdisDeregisterProtocol] [EDCE5E90] \SystemRoot\System32\vsdatant.sys (TrueVector Device Driver/Check Point Software Technologies LTD) IAT \SystemRoot\System32\DRIVERS\ndisuio.sys[NDIS.SYS!NdisCloseAdapter] [EDCE8260] \SystemRoot\System32\vsdatant.sys (TrueVector Device Driver/Check Point Software Technologies LTD) IAT \SystemRoot\System32\DRIVERS\ndisuio.sys[NDIS.SYS!NdisOpenAdapter] [EDCE7930] \SystemRoot\System32\vsdatant.sys (TrueVector Device Driver/Check Point Software Technologies LTD) IAT \SystemRoot\System32\DRIVERS\srv.sys[ntoskrnl.exe!NtSetInformationFile] [EDCE08D0] \SystemRoot\System32\vsdatant.sys (TrueVector Device Driver/Check Point Software Technologies LTD) IAT \SystemRoot\System32\DRIVERS\srv.sys[ntoskrnl.exe!IoCreateFile] [EDCE0A80] \SystemRoot\System32\vsdatant.sys (TrueVector Device Driver/Check Point Software Technologies LTD) IAT \SystemRoot\System32\DRIVERS\srv.sys[ntoskrnl.exe!NtCreateFile] [EDCE05E0] \SystemRoot\System32\vsdatant.sys (TrueVector Device Driver/Check Point Software Technologies LTD) IAT \SystemRoot\System32\DRIVERS\srv.sys[ntoskrnl.exe!NtOpenFile] [EDCE0980] \SystemRoot\System32\vsdatant.sys (TrueVector Device Driver/Check Point Software Technologies LTD) ---- Devices - GMER 1.0.15 ---- Device \Driver\Tcpip \Device\Ip vsdatant.sys (TrueVector Device Driver/Check Point Software Technologies LTD) Device \Driver\Tcpip \Device\Tcp vsdatant.sys (TrueVector Device Driver/Check Point Software Technologies LTD) Device \Driver\Tcpip \Device\Udp vsdatant.sys (TrueVector Device Driver/Check Point Software Technologies LTD) Device \Driver\Tcpip \Device\RawIp vsdatant.sys (TrueVector Device Driver/Check Point Software Technologies LTD) Device \Driver\Tcpip \Device\IPMULTICAST vsdatant.sys (TrueVector Device Driver/Check Point Software Technologies LTD) AttachedDevice \FileSystem\Fastfat \Fat fltmgr.sys (Microsoft Filesystem Filter Manager/Microsoft Corporation) Device \FileSystem\Fs_Rec \FileSystem\UdfsCdRomRecognizer tfsnifs.sys (Drive Letter Access Component/Sonic Solutions) Device \FileSystem\Fs_Rec \FileSystem\CdfsRecognizer tfsnifs.sys (Drive Letter Access Component/Sonic Solutions) Device \FileSystem\Fs_Rec \FileSystem\FatCdRomRecognizer tfsnifs.sys (Drive Letter Access Component/Sonic Solutions) Device \FileSystem\Fs_Rec \FileSystem\FatDiskRecognizer tfsnifs.sys (Drive Letter Access Component/Sonic Solutions) Device \FileSystem\Fs_Rec \FileSystem\UdfsDiskRecognizer tfsnifs.sys (Drive Letter Access Component/Sonic Solutions) Device \FileSystem\Cdfs \Cdfs tfsnifs.sys (Drive Letter Access Component/Sonic Solutions) ---- Files - GMER 1.0.15 ---- File C:\WINDOWS\temp\0475ab9d-7a77-41a1-abf1-a3ef56f0a626.tmp 0 bytes ---- EOF - GMER 1.0.15 ---- --------------------------------------------------------------------------------------------------------------------------- ROOTREPEAL © AD, 2007-2009 ================================================== Scan Start Time: 2010/01/27 15:44 Program Version: Version 1.3.5.0 Windows Version: Windows XP SP3 ================================================== Hidden/Locked Files ------------------- Path: C:\hiberfil.sys Status: Locked to the Windows API! Path: C:\WINDOWS\Minidump\Minidump Status: Locked to the Windows API! Path: C:\WINDOWS\MUI\MUI Status: Locked to the Windows API! Path: C:\WINDOWS\PIF\PIF Status: Locked to the Windows API! Path: C:\WINDOWS\Config\Config Status: Locked to the Windows API! Path: C:\WINDOWS\Connection Wizard\Connection Wizard Status: Locked to the Windows API! Path: C:\WINDOWS\SECURITY\LOGS\LOGS Status: Locked to the Windows API! Path: C:\WINDOWS\MSAPPS\MSINFO\MSINFO Status: Locked to the Windows API! Path: C:\WINDOWS\IME\IMEJP98\IMEJP98 Status: Locked to the Windows API! Path: C:\WINDOWS\Java\TrustLib\TrustLib Status: Locked to the Windows API! Path: C:\WINDOWS\WinSxS\InstallTemp\InstallTemp Status: Locked to the Windows API! Path: C:\WINDOWS\Registration\CRMLog\CRMLog Status: Locked to the Windows API! Path: C:\WINDOWS\Debug\UserMode\UserMode Status: Locked to the Windows API! Path: C:\WINDOWS\$hf_mig$\KB932168\KB932168 Status: Locked to the Windows API! Path: C:\WINDOWS\$hf_mig$\KB933729\KB933729 Status: Locked to the Windows API! Path: C:\WINDOWS\$hf_mig$\KB943460\KB943460 Status: Locked to the Windows API! Path: C:\WINDOWS\assembly\tmp\tmp Status: Locked to the Windows API! Path: C:\WINDOWS\Cache\Adobe Reader 6.0\Adobe Reader 6.0 Status: Locked to the Windows API! Path: c:\documents and settings\johnadmin\local settings\temp\~df247d.tmp Status: Allocation size mismatch (API: 16384, Raw: 0) Path: c:\documents and settings\johnadmin\local settings\temp\~df36ed.tmp Status: Allocation size mismatch (API: 16384, Raw: 0) Path: C:\WINDOWS\SoftwareDistribution\AuthCabs\Downloaded\Downloaded Status: Locked to the Windows API! Path: C:\WINDOWS\REPAIR\Backup\ServiceState\ServiceState Status: Locked to the Windows API! Path: C:\WINDOWS\IME\CHSIME\APPLETS\APPLETS Status: Locked to the Windows API! Path: C:\WINDOWS\IME\CHTIME\Applets\Applets Status: Locked to the Windows API! Path: C:\WINDOWS\IME\IMEJP\APPLETS\APPLETS Status: Locked to the Windows API! Path: C:\WINDOWS\IME\IMJP8_1\APPLETS\APPLETS Status: Locked to the Windows API! Path: C:\WINDOWS\IME\IMKR6_1\APPLETS\APPLETS Status: Locked to the Windows API! Path: C:\WINDOWS\IME\IMKR6_1\DICTS\DICTS Status: Locked to the Windows API! Path: C:\WINDOWS\IME\SHARED\RES\RES Status: Locked to the Windows API! Path: C:\WINDOWS\PCHealth\ERRORREP\QHEADLES\QHEADLES Status: Locked to the Windows API! Path: C:\WINDOWS\PCHealth\ERRORREP\QSIGNOFF\QSIGNOFF Status: Locked to the Windows API! Path: C:\WINDOWS\PCHealth\HelpCtr\BATCH\BATCH Status: Locked to the Windows API! Path: C:\WINDOWS\PCHealth\HelpCtr\HelpFiles\HelpFiles Status: Locked to the Windows API! Path: C:\WINDOWS\PCHealth\HelpCtr\InstalledSKUs\InstalledSKUs Status: Locked to the Windows API! Path: C:\WINDOWS\PCHealth\HelpCtr\Temp\Temp Status: Locked to the Windows API! Path: C:\WINDOWS\Sun\Java\Deployment\Deployment Status: Locked to the Windows API! Path: C:\Documents and Settings\All Users\Application Data\avg9\Log\avgrs.log Status: Locked to the Windows API! Path: C:\WINDOWS\SoftwareDistribution\Download\355f788b6de8a3ec79e9aa172e6317f1\backup\backup Status: Locked to the Windows API! Path: C:\WINDOWS\SoftwareDistribution\Download\467d56591ed085161e5bb3d2f520fada\update\update Status: Locked to the Windows API! Path: C:\WINDOWS\SoftwareDistribution\Download\5cfa09586faf6d9470f0c817d855bb6b\backup\backup Status: Locked to the Windows API! Path: C:\WINDOWS\SoftwareDistribution\Download\85947e1a809663c7f480717673587a59\backup\backup Status: Locked to the Windows API! Path: C:\WINDOWS\SoftwareDistribution\Download\9868363812bbe4a0a4d814b7943ba906\backup\backup Status: Locked to the Windows API! Path: C:\WINDOWS\SoftwareDistribution\Download\d3767eab8f4479a8d252b47e8ec225c8\backup\backup Status: Locked to the Windows API! Path: C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\Temporary ASP.NET Files\Temporary ASP.NET Files Status: Locked to the Windows API! Path: C:\WINDOWS\PCHealth\HelpCtr\System\DFS\DFS Status: Locked to the Windows API! Path: C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\Temp\ZAP13D.tmp\ZAP13D.tmp Status: Locked to the Windows API! Path: C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\Temp\ZAP1B2.tmp\ZAP1B2.tmp Status: Locked to the Windows API! Path: C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\Temp\ZAP2C6.tmp\ZAP2C6.tmp Status: Locked to the Windows API! Path: C:\Documents and Settings\Pedro\Local Settings\Application Data\Microsoft\Outlook\Outlook.pst:Mozy.RDADS.TMP Status: Visible to the Windows API, but not on disk. Path: C:\WINDOWS\Help\SBSI\Training\WXPPer\Cbz\Cbz Status: Locked to the Windows API! Path: C:\WINDOWS\Help\SBSI\Training\WXPPer\Lib\Lib Status: Locked to the Windows API! Path: C:\WINDOWS\Help\SBSI\Training\WXPPer\Wave\Wave Status: Locked to the Windows API! Path: C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\Temporary ASP.NET Files\Bind Logs\Bind Logs Status: Locked to the Windows API! Path: C:\WINDOWS\Installer\$PatchCache$\Managed\0DC1503A46F231838AD88BCDDC8E8F7C\3.2.30729\3.2.30729 Status: Locked to the Windows API! Path: C:\WINDOWS\Installer\$PatchCache$\Managed\D7314F9862C648A4DB8BE2A5B47BE100\1.0.0\1.0.0 Status: Locked to the Windows API! Path: C:\WINDOWS\Installer\$PatchCache$\Managed\DC3BF90CC0D3D2F398A9A6D1762F70F3\2.2.30729\2.2.30729 Status: Locked to the Windows API!

My neighbor's computer, again. Third time. MBAM hidden and cannot run. The AVG Anti-Virus and ZoneAlarm (free versions) don't seem to be doing the job. What will? Norton 360? I have run the GMER scan, with the standard default options. Doesn't look like it picked up anything, except ZoneAlarm. What's next? ComboFix? OLT? ... TYIA GMER 1.0.15.15281 - http://www.gmer.net Rootkit scan 2010-01-27 12:36:22 Windows 5.1.2600 Service Pack 3 Running: 4bobgt7w.exe; Driver: C:\DOCUME~1\JOHNAD~1\LOCALS~1\Temp\kwliapoc.sys ---- System - GMER 1.0.15 ---- SSDT \SystemRoot\System32\vsdatant.sys (TrueVector Device Driver/Check Point Software Technologies LTD) ZwConnectPort [0xEDCE2FC0] SSDT \SystemRoot\System32\vsdatant.sys (TrueVector Device Driver/Check Point Software Technologies LTD) ZwCreateFile [0xEDCDFC80] SSDT \SystemRoot\System32\vsdatant.sys (TrueVector Device Driver/Check Point Software Technologies LTD) ZwCreateKey [0xEDCFA170] SSDT \SystemRoot\System32\vsdatant.sys (TrueVector Device Driver/Check Point Software Technologies LTD) ZwCreatePort [0xEDCE3580] SSDT \SystemRoot\System32\vsdatant.sys (TrueVector Device Driver/Check Point Software Technologies LTD) ZwCreateProcess [0xEDCF7900] SSDT \SystemRoot\System32\vsdatant.sys (TrueVector Device Driver/Check Point Software Technologies LTD) ZwCreateProcessEx [0xEDCF7B10] SSDT \SystemRoot\System32\vsdatant.sys (TrueVector Device Driver/Check Point Software Technologies LTD) ZwCreateSection [0xEDCFBB10] SSDT \SystemRoot\System32\vsdatant.sys (TrueVector Device Driver/Check Point Software Technologies LTD) ZwCreateWaitablePort [0xEDCE3670] SSDT \SystemRoot\System32\vsdatant.sys (TrueVector Device Driver/Check Point Software Technologies LTD) ZwDeleteFile [0xEDCE0210] SSDT \SystemRoot\System32\vsdatant.sys (TrueVector Device Driver/Check Point Software Technologies LTD) ZwDeleteKey [0xEDCFA9F0] SSDT \SystemRoot\System32\vsdatant.sys (TrueVector Device Driver/Check Point Software Technologies LTD) ZwDeleteValueKey [0xEDCFA7A0] SSDT \SystemRoot\System32\vsdatant.sys (TrueVector Device Driver/Check Point Software Technologies LTD) ZwDuplicateObject [0xEDCF7280] SSDT \SystemRoot\System32\vsdatant.sys (TrueVector Device Driver/Check Point Software Technologies LTD) ZwLoadKey [0xEDCFAF10] SSDT \SystemRoot\System32\vsdatant.sys (TrueVector Device Driver/Check Point Software Technologies LTD) ZwLoadKey2 [0xEDCFAF90] SSDT \SystemRoot\System32\vsdatant.sys (TrueVector Device Driver/Check Point Software Technologies LTD) ZwOpenFile [0xEDCE0070] SSDT \SystemRoot\System32\vsdatant.sys (TrueVector Device Driver/Check Point Software Technologies LTD) ZwOpenProcess [0xEDCF9180] SSDT \SystemRoot\System32\vsdatant.sys (TrueVector Device Driver/Check Point Software Technologies LTD) ZwOpenThread [0xEDCF8F40] SSDT \SystemRoot\System32\vsdatant.sys (TrueVector Device Driver/Check Point Software Technologies LTD) ZwRenameKey [0xEDCFB6F0] SSDT \SystemRoot\System32\vsdatant.sys (TrueVector Device Driver/Check Point Software Technologies LTD) ZwReplaceKey [0xEDCFB150] SSDT \SystemRoot\System32\vsdatant.sys (TrueVector Device Driver/Check Point Software Technologies LTD) ZwRequestWaitReplyPort [0xEDCE2BE0] SSDT \SystemRoot\System32\vsdatant.sys (TrueVector Device Driver/Check Point Software Technologies LTD) ZwRestoreKey [0xEDCFB540] SSDT \SystemRoot\System32\vsdatant.sys (TrueVector Device Driver/Check Point Software Technologies LTD) ZwSecureConnectPort [0xEDCE3190] SSDT \SystemRoot\System32\vsdatant.sys (TrueVector Device Driver/Check Point Software Technologies LTD) ZwSetInformationFile [0xEDCE0440] SSDT \SystemRoot\System32\vsdatant.sys (TrueVector Device Driver/Check Point Software Technologies LTD) ZwSetValueKey [0xEDCFA4E0] SSDT \SystemRoot\System32\vsdatant.sys (TrueVector Device Driver/Check Point Software Technologies LTD) ZwSystemDebugControl [0xEDCF8200] SSDT \SystemRoot\System32\vsdatant.sys (TrueVector Device Driver/Check Point Software Technologies LTD) ZwTerminateProcess [0xEDCF8080] Code \SystemRoot\system32\DRIVERS\css-dvp.sys (Dynamic Virus Protection/Command Software Systems, Inc.) ZwClose [0xECFC4B4C] Code \SystemRoot\system32\DRIVERS\css-dvp.sys (Dynamic Virus Protection/Command Software Systems, Inc.) ZwCreateSection [0xECFC4DB7] Code \SystemRoot\system32\DRIVERS\css-dvp.sys (Dynamic Virus Protection/Command Software Systems, Inc.) ZwSetInformationFile [0xECFC4235] Code \SystemRoot\system32\DRIVERS\css-dvp.sys (Dynamic Virus Protection/Command Software Systems, Inc.) ZwWriteFile [0xECFC3E81] Code \SystemRoot\system32\DRIVERS\css-dvp.sys (Dynamic Virus Protection/Command Software Systems, Inc.) IoCreateFile Code \SystemRoot\system32\DRIVERS\css-dvp.sys (Dynamic Virus Protection/Command Software Systems, Inc.) NtClose Code \SystemRoot\system32\DRIVERS\css-dvp.sys (Dynamic Virus Protection/Command Software Systems, Inc.) NtCreateSection Code \SystemRoot\system32\DRIVERS\css-dvp.sys (Dynamic Virus Protection/Command Software Systems, Inc.) NtSetInformationFile Code \SystemRoot\system32\DRIVERS\css-dvp.sys (Dynamic Virus Protection/Command Software Systems, Inc.) NtWriteFile ---- Kernel code sections - GMER 1.0.15 ---- .text ntoskrnl.exe!_abnormal_termination + 104 804E2760 12 Bytes [80, 35, CE, ED, 00, 79, CF, ...] {XOR BYTE [0x7900edce], 0xcf; IN EAX, DX; ADC [EBX-0x31], BH; IN EAX, DX} PAGE ntoskrnl.exe!NtCreateSection 805652B3 7 Bytes JMP ECFC4DBB \SystemRoot\system32\DRIVERS\css-dvp.sys (Dynamic Virus Protection/Command Software Systems, Inc.) PAGE ntoskrnl.exe!NtClose 80567A6D 5 Bytes JMP ECFC4B50 \SystemRoot\system32\DRIVERS\css-dvp.sys (Dynamic Virus Protection/Command Software Systems, Inc.) PAGE ntoskrnl.exe!IoCreateFile 8056F4AB 5 Bytes JMP ECFC39AA \SystemRoot\system32\DRIVERS\css-dvp.sys (Dynamic Virus Protection/Command Software Systems, Inc.) PAGE ntoskrnl.exe!NtSetInformationFile 80576CA4 5 Bytes JMP ECFC4239 \SystemRoot\system32\DRIVERS\css-dvp.sys (Dynamic Virus Protection/Command Software Systems, Inc.) PAGE ntoskrnl.exe!NtWriteFile 80576F4D 7 Bytes JMP ECFC3E85 \SystemRoot\system32\DRIVERS\css-dvp.sys (Dynamic Virus Protection/Command Software Systems, Inc.) ? srescan.sys The system cannot find the file specified. ! PAGE Fastfat.SYS ECF6A9C8 7 Bytes JMP ECFC539E \SystemRoot\system32\DRIVERS\css-dvp.sys (Dynamic Virus Protection/Command Software Systems, Inc.) ---- Kernel IAT/EAT - GMER 1.0.15 ---- IAT \SystemRoot\System32\DRIVERS\raspppoe.sys[NDIS.SYS!NdisRegisterProtocol] [EDCE7B20] \SystemRoot\System32\vsdatant.sys (TrueVector Device Driver/Check Point Software Technologies LTD) IAT \SystemRoot\System32\DRIVERS\raspppoe.sys[NDIS.SYS!NdisOpenAdapter] [EDCE7930] \SystemRoot\System32\vsdatant.sys (TrueVector Device Driver/Check Point Software Technologies LTD) IAT \SystemRoot\System32\DRIVERS\raspppoe.sys[NDIS.SYS!NdisCloseAdapter] [EDCE8260] \SystemRoot\System32\vsdatant.sys (TrueVector Device Driver/Check Point Software Technologies LTD) IAT \SystemRoot\System32\DRIVERS\raspppoe.sys[NDIS.SYS!NdisDeregisterProtocol] [EDCE5E90] \SystemRoot\System32\vsdatant.sys (TrueVector Device Driver/Check Point Software Technologies LTD) IAT \SystemRoot\System32\DRIVERS\psched.sys[NDIS.SYS!NdisDeregisterProtocol] [EDCE5E90] \SystemRoot\System32\vsdatant.sys (TrueVector Device Driver/Check Point Software Technologies LTD) IAT \SystemRoot\System32\DRIVERS\psched.sys[NDIS.SYS!NdisRegisterProtocol] [EDCE7B20] \SystemRoot\System32\vsdatant.sys (TrueVector Device Driver/Check Point Software Technologies LTD) IAT \SystemRoot\System32\DRIVERS\psched.sys[NDIS.SYS!NdisOpenAdapter] [EDCE7930] \SystemRoot\System32\vsdatant.sys (TrueVector Device Driver/Check Point Software Technologies LTD) IAT \SystemRoot\System32\DRIVERS\psched.sys[NDIS.SYS!NdisCloseAdapter] [EDCE8260] \SystemRoot\System32\vsdatant.sys (TrueVector Device Driver/Check Point Software Technologies LTD) IAT \SystemRoot\System32\Drivers\NDProxy.SYS[NDIS.SYS!NdisRegisterProtocol] [EDCE7B20] \SystemRoot\System32\vsdatant.sys (TrueVector Device Driver/Check Point Software Technologies LTD) IAT \SystemRoot\System32\Drivers\NDProxy.SYS[NDIS.SYS!NdisDeregisterProtocol] [EDCE5E90] \SystemRoot\System32\vsdatant.sys (TrueVector Device Driver/Check Point Software Technologies LTD) IAT \SystemRoot\System32\Drivers\NDProxy.SYS[NDIS.SYS!NdisCloseAdapter] [EDCE8260] \SystemRoot\System32\vsdatant.sys (TrueVector Device Driver/Check Point Software Technologies LTD) IAT \SystemRoot\System32\Drivers\NDProxy.SYS[NDIS.SYS!NdisOpenAdapter] [EDCE7930] \SystemRoot\System32\vsdatant.sys (TrueVector Device Driver/Check Point Software Technologies LTD) IAT \SystemRoot\System32\DRIVERS\tcpip.sys[NDIS.SYS!NdisCloseAdapter] [EDCE8260] \SystemRoot\System32\vsdatant.sys (TrueVector Device Driver/Check Point Software Technologies LTD) IAT \SystemRoot\System32\DRIVERS\tcpip.sys[NDIS.SYS!NdisOpenAdapter] [EDCE7930] \SystemRoot\System32\vsdatant.sys (TrueVector Device Driver/Check Point Software Technologies LTD) IAT \SystemRoot\System32\DRIVERS\tcpip.sys[NDIS.SYS!NdisRegisterProtocol] [EDCE7B20] \SystemRoot\System32\vsdatant.sys (TrueVector Device Driver/Check Point Software Technologies LTD) IAT \SystemRoot\System32\drivers\afd.sys[ntoskrnl.exe!IoCreateFile] [EDD00B30] \SystemRoot\System32\vsdatant.sys (TrueVector Device Driver/Check Point Software Technologies LTD) IAT \SystemRoot\System32\DRIVERS\wanarp.sys[NDIS.SYS!NdisDeregisterProtocol] [EDCE5E90] \SystemRoot\System32\vsdatant.sys (TrueVector Device Driver/Check Point Software Technologies LTD) IAT \SystemRoot\System32\DRIVERS\wanarp.sys[NDIS.SYS!NdisRegisterProtocol] [EDCE7B20] \SystemRoot\System32\vsdatant.sys (TrueVector Device Driver/Check Point Software Technologies LTD) IAT \SystemRoot\System32\DRIVERS\wanarp.sys[NDIS.SYS!NdisOpenAdapter] [EDCE7930] \SystemRoot\System32\vsdatant.sys (TrueVector Device Driver/Check Point Software Technologies LTD) IAT \SystemRoot\System32\DRIVERS\wanarp.sys[NDIS.SYS!NdisCloseAdapter] [EDCE8260] \SystemRoot\System32\vsdatant.sys (TrueVector Device Driver/Check Point Software Technologies LTD) IAT \SystemRoot\System32\DRIVERS\ndisuio.sys[NDIS.SYS!NdisRegisterProtocol] [EDCE7B20] \SystemRoot\System32\vsdatant.sys (TrueVector Device Driver/Check Point Software Technologies LTD) IAT \SystemRoot\System32\DRIVERS\ndisuio.sys[NDIS.SYS!NdisDeregisterProtocol] [EDCE5E90] \SystemRoot\System32\vsdatant.sys (TrueVector Device Driver/Check Point Software Technologies LTD) IAT \SystemRoot\System32\DRIVERS\ndisuio.sys[NDIS.SYS!NdisCloseAdapter] [EDCE8260] \SystemRoot\System32\vsdatant.sys (TrueVector Device Driver/Check Point Software Technologies LTD) IAT \SystemRoot\System32\DRIVERS\ndisuio.sys[NDIS.SYS!NdisOpenAdapter] [EDCE7930] \SystemRoot\System32\vsdatant.sys (TrueVector Device Driver/Check Point Software Technologies LTD) IAT \SystemRoot\System32\DRIVERS\srv.sys[ntoskrnl.exe!NtSetInformationFile] [EDCE08D0] \SystemRoot\System32\vsdatant.sys (TrueVector Device Driver/Check Point Software Technologies LTD) IAT \SystemRoot\System32\DRIVERS\srv.sys[ntoskrnl.exe!IoCreateFile] [EDCE0A80] \SystemRoot\System32\vsdatant.sys (TrueVector Device Driver/Check Point Software Technologies LTD) IAT \SystemRoot\System32\DRIVERS\srv.sys[ntoskrnl.exe!NtCreateFile] [EDCE05E0] \SystemRoot\System32\vsdatant.sys (TrueVector Device Driver/Check Point Software Technologies LTD) IAT \SystemRoot\System32\DRIVERS\srv.sys[ntoskrnl.exe!NtOpenFile] [EDCE0980] \SystemRoot\System32\vsdatant.sys (TrueVector Device Driver/Check Point Software Technologies LTD) ---- Devices - GMER 1.0.15 ---- Device \Driver\Tcpip \Device\Ip vsdatant.sys (TrueVector Device Driver/Check Point Software Technologies LTD) Device \Driver\Tcpip \Device\Tcp vsdatant.sys (TrueVector Device Driver/Check Point Software Technologies LTD) Device \Driver\Tcpip \Device\Udp vsdatant.sys (TrueVector Device Driver/Check Point Software Technologies LTD) Device \Driver\Tcpip \Device\RawIp vsdatant.sys (TrueVector Device Driver/Check Point Software Technologies LTD) Device \Driver\Tcpip \Device\IPMULTICAST vsdatant.sys (TrueVector Device Driver/Check Point Software Technologies LTD) AttachedDevice \FileSystem\Fastfat \Fat fltmgr.sys (Microsoft Filesystem Filter Manager/Microsoft Corporation) Device \FileSystem\Fs_Rec \FileSystem\UdfsCdRomRecognizer tfsnifs.sys (Drive Letter Access Component/Sonic Solutions) Device \FileSystem\Fs_Rec \FileSystem\CdfsRecognizer tfsnifs.sys (Drive Letter Access Component/Sonic Solutions) Device \FileSystem\Fs_Rec \FileSystem\FatCdRomRecognizer tfsnifs.sys (Drive Letter Access Component/Sonic Solutions) Device \FileSystem\Fs_Rec \FileSystem\FatDiskRecognizer tfsnifs.sys (Drive Letter Access Component/Sonic Solutions) Device \FileSystem\Fs_Rec \FileSystem\UdfsDiskRecognizer tfsnifs.sys (Drive Letter Access Component/Sonic Solutions) Device \FileSystem\Cdfs \Cdfs tfsnifs.sys (Drive Letter Access Component/Sonic Solutions) ---- Files - GMER 1.0.15 ---- File C:\WINDOWS\temp\0475ab9d-7a77-41a1-abf1-a3ef56f0a626.tmp 0 bytes ---- EOF - GMER 1.0.15 ----

Nope. So long as that very painful malady doesn't return, we're good to go. Thank you. Very much. And very sincerely. I hope this can help the next poor soul.

"client" was a generic / poor / inaccurate choice of words. It is my friend and neighbor, about 5 houses away. It worked, like a charm. (Though it was just "hpoddt01.exe", rather than "hpoddt01.exe.lnk") And, the printer still worked. Was that file "hpoddt01.exe" infected?

Trying to upload, to cut one submission / response cycle. Let's see if just naming it .txt, instead of .exe.copy will fool the software. he, he, he, it worked! hpotdd01.txt (hpotdd01.exe) uploaded successfully. hpotdd01.txt

In the Common Startup: C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpotdd01.exe Causes the 2 "Install" popup windows to briefly appear. FWIW, I attached a copy of that file. Correction, "Upload failed. You are not permitted to upload this type of file" If you wish, I can send / uploaded it, as you direct. I would *NOT* expect such a file to be causing "Install". Especially, 2 of them, in rapid succession. Client does have a HP2200 InkJet (Googling suggests file possibly for HP2170)

The "Install" popups do *NOT* occur after the login, when booted up in safe mode. So, I took no further action. Next?

Unfortunately, I am still receiving the 2 "Install" alerts flashing for moment, after login. So, IMHO, the damn bad stuff is still there. I do not to turn off my re-name trick, with what I think are bad boys, still lurking. And get re-infected, for a third time. You need to specify how long is "too long", before PM (Private Messaging). 72 hours? (3 days) 120 hours (5 days) Posters don't have any good barometer of how "busy" things are. And I certainly don't want to be "demanding", in *any* way! Also, I had hopes I was helping the Internet world further zero in on this painful virus. Did I? Or, have I just used your time for this particular case, without wider utility / significance?

ComboFix 09-11-14.03 - JohnAdmin 11/14/2009 10:06.7.1 - FAT32x86 Running from: c:\documents and settings\JohnAdmin\Desktop\raynman.exe Command switches used :: c:\documents and settings\JohnAdmin\Desktop\CFScript.txt AV: AVG Anti-Virus Free *On-access scanning disabled* (Updated) {17DDD097-36FF-435F-9E1B-52D74245D6BF} FW: ZoneAlarm Firewall *enabled* {829BDA32-94B3-44F4-8446-F8FCFF809F8B} * Created a new restore point FILE :: "c:\windows\system32\11.tmp" . ((((((((((((((((((((((((((((((((((((((( Other Deletions ))))))))))))))))))))))))))))))))))))))))))))))))) . c:\windows\system32\drivers\etc\lmhosts . . . . failed to delete . ((((((((((((((((((((((((((((((((((((((( Drivers/Services ))))))))))))))))))))))))))))))))))))))))))))))))) . -------\Legacy_MEMSWEEP2 -------\Legacy_QOPZP -------\Service_MEMSWEEP2 -------\Service_QOPZP ((((((((((((((((((((((((( Files Created from 2009-10-14 to 2009-11-14 ))))))))))))))))))))))))))))))) . 2009-11-12 13:58 . 2009-11-09 17:04 4026136 ----a-w- c:\documents and settings\All Users\Application Data\avg9\update\backup\avgui.exe 2009-11-12 13:58 . 2009-11-09 17:04 2016536 ----a-w- c:\documents and settings\All Users\Application Data\avg9\update\backup\avgtray.exe 2009-11-12 13:58 . 2009-11-09 17:04 1257240 ----a-w- c:\documents and settings\All Users\Application Data\avg9\update\backup\avgfrw.exe 2009-11-12 13:58 . 2009-11-06 15:08 600344 ----a-w- c:\documents and settings\All Users\Application Data\avg9\update\backup\avgnsx.exe 2009-11-12 13:58 . 2009-11-09 17:03 3963672 ----a-w- c:\documents and settings\All Users\Application Data\avg9\update\backup\avgcorex.dll 2009-11-12 13:58 . 2009-11-06 15:08 496920 ----a-w- c:\documents and settings\All Users\Application Data\avg9\update\backup\avgchjwx.dll 2009-11-07 01:56 . 2009-11-07 01:56 4212 ---ha-w- c:\windows\system32\zllictbl.dat 2009-11-07 01:56 . 2009-02-16 05:10 69000 ----a-w- c:\windows\system32\zlcomm.dll 2009-11-07 01:56 . 2009-02-16 05:10 103816 ----a-w- c:\windows\system32\zlcommdb.dll 2009-11-07 01:55 . 2009-02-16 05:10 1221512 ----a-w- c:\windows\system32\zpeng25.dll 2009-11-07 01:55 . 2009-11-07 01:56 -------- d-----w- c:\windows\system32\ZoneLabs 2009-11-07 01:55 . 2009-11-07 01:55 -------- d-----w- c:\program files\Zone Labs 2009-11-07 01:53 . 2009-11-14 15:53 -------- d-----w- c:\windows\Internet Logs 2009-11-06 16:01 . 2009-11-06 16:01 -------- d-----w- c:\documents and settings\JohnAdmin\Application Data\FastSum 2009-11-06 16:01 . 2009-11-06 16:25 -------- d---a-w- c:\documents and settings\All Users\Application Data\TEMP 2009-11-06 16:00 . 2009-11-06 16:00 -------- d-----w- c:\program files\FastSum 2009-11-06 15:10 . 2009-11-09 17:04 360584 ----a-w- c:\windows\system32\drivers\avgtdix.sys 2009-11-06 15:08 . 2009-11-06 15:08 -------- d-----w- c:\documents and settings\All Users\Application Data\avg9 2009-11-06 15:07 . 2009-11-06 15:17 -------- d-----w- c:\windows\SxsCaPendDel 2009-11-06 14:46 . 2009-11-06 14:46 -------- d-sh--w- c:\documents and settings\Administrator.DELL2400\IETldCache 2009-11-06 14:30 . 2008-04-14 00:12 1033728 ------w- c:\windows\explorer.exe 2009-11-05 21:40 . 2009-11-05 21:40 -------- d-----w- C:\rayman28989r 2009-11-05 21:35 . 2009-11-05 21:35 -------- d-----w- C:\rayman 2009-11-04 16:48 . 2009-11-04 16:48 -------- d-----w- C:\$AVG 2009-11-03 22:55 . 2009-11-05 23:43 -------- d-----w- c:\documents and settings\Pedro\Local Settings\Application Data\fpmjai 2009-11-02 00:53 . 2009-11-02 00:53 -------- d-----w- c:\documents and settings\NetworkService\Local Settings\Application Data\Temp 2009-11-02 00:53 . 2009-11-02 00:53 -------- d-----w- c:\documents and settings\NetworkService\Local Settings\Application Data\Google 2009-11-02 00:48 . 2009-11-12 13:59 -------- d-----w- c:\documents and settings\Pedro\Local Settings\Application Data\Temp 2009-10-25 13:24 . 2009-10-25 13:24 -------- d-----w- c:\program files\Fast Duplicate File Finder 2009-10-25 13:21 . 2009-10-25 13:21 -------- d-sh--w- c:\documents and settings\Pedro\IECompatCache 2009-10-24 14:00 . 2008-04-14 00:12 1033728 ----a-w- c:\windows\zexplorer.exe 2009-10-24 13:59 . 2009-10-24 13:59 -------- d-----w- c:\documents and settings\JohnAdmin\Local Settings\Application Data\Adobe 2009-10-24 12:58 . 2009-10-24 12:58 -------- d-----w- c:\program files\Trend Micro 2009-10-24 12:23 . 2009-10-24 12:23 -------- d-----w- c:\documents and settings\JohnAdmin\Local Settings\Application Data\LogMeIn 2009-10-23 02:12 . 2009-10-23 02:12 -------- d-----w- c:\program files\Sophos 2009-10-23 02:05 . 2009-10-23 02:05 -------- d-sh--w- c:\documents and settings\JohnAdmin\PrivacIE 2009-10-23 02:05 . 2009-10-23 02:05 -------- d-sh--w- c:\documents and settings\JohnAdmin\IECompatCache 2009-10-22 23:09 . 2009-10-22 23:09 -------- d-sh--w- c:\documents and settings\JohnAdmin\IETldCache 2009-10-22 00:40 . 2009-10-22 17:47 0 ----a-r- c:\windows\Nminobuzogazin.bin 2009-10-22 00:40 . 2009-10-22 17:47 120 ----a-w- c:\windows\Tpoyerafiq.dat 2009-10-22 00:40 . 2009-10-22 23:14 -------- d-----w- c:\documents and settings\Pedro\Local Settings\Application Data\{B7A0D991-030D-4106-A6B0-B097DCCC3A5C} 2009-10-16 23:41 . 2009-10-16 23:41 -------- d-sh--w- c:\documents and settings\LocalService\IETldCache 2009-10-16 23:00 . 2009-10-16 23:00 -------- d-sh--w- c:\documents and settings\Pedro\PrivacIE 2009-10-16 22:57 . 2009-10-16 22:57 -------- d-sh--w- c:\documents and settings\Pedro\IETldCache 2009-10-16 22:05 . 2009-08-29 08:08 12800 ------w- c:\windows\system32\dllcache\xpshims.dll 2009-10-16 22:05 . 2009-08-29 08:08 246272 ------w- c:\windows\system32\dllcache\ieproxy.dll 2009-10-16 22:04 . 2009-10-16 22:12 -------- d-----w- c:\windows\ie8updates 2009-10-16 21:59 . 2009-08-07 08:48 100352 ------w- c:\windows\system32\dllcache\iecompat.dll 2009-10-16 21:50 . 2009-10-16 21:59 -------- dc-h--w- c:\windows\ie8 2009-10-16 21:26 . 2009-10-16 21:26 -------- d-----w- c:\documents and settings\Pedro\Local Settings\Application Data\LogMeIn 2009-10-16 21:26 . 2009-10-16 21:26 -------- d-----w- c:\documents and settings\All Users\Application Data\LogMeIn 2009-10-16 21:26 . 2009-10-16 21:26 -------- d-----w- c:\documents and settings\LocalService\Local Settings\Application Data\ICS 2009-10-16 21:25 . 2009-09-28 23:34 28984 ----a-w- c:\windows\system32\LMIport.dll 2009-10-16 21:25 . 2009-09-28 23:34 83288 ----a-w- c:\windows\system32\LMIRfsClientNP.dll 2009-10-16 21:25 . 2008-08-11 16:41 47640 ----a-w- c:\windows\system32\drivers\LMIRfsDriver.sys 2009-10-16 21:24 . 2009-09-28 23:34 87352 ----a-w- c:\windows\system32\LMIinit.dll 2009-10-16 21:23 . 2009-11-14 14:47 -------- d-----w- c:\program files\LogMeIn 2009-10-15 23:36 . 2009-10-15 23:36 -------- d-----w- c:\program files\WinDirStat 2009-10-15 23:29 . 2009-10-15 23:29 -------- d-----w- c:\documents and settings\All Users\Application Data\Canneverbe Limited 2009-10-15 23:29 . 2009-09-29 00:57 7168 ----a-w- c:\windows\system32\drivers\StarOpen.sys 2009-10-15 21:10 . 2008-04-14 01:12 116224 ----a-w- c:\windows\system32\dllcache\xrxwiadr.dll 2009-10-15 21:10 . 2001-08-18 03:36 23040 ----a-w- c:\windows\system32\dllcache\xrxwbtmp.dll 2009-10-15 21:10 . 2008-04-14 01:12 18944 ----a-w- c:\windows\system32\dllcache\xrxscnui.dll 2009-10-15 21:10 . 2001-08-18 03:37 4608 ----a-w- c:\windows\system32\dllcache\xrxflnch.exe 2009-10-15 21:10 . 2001-08-18 03:37 27648 ----a-w- c:\windows\system32\dllcache\xrxftplt.exe 2009-10-15 21:10 . 2001-08-18 03:37 99865 ----a-w- c:\windows\system32\dllcache\xlog.exe 2009-10-15 21:10 . 2001-08-17 17:11 16970 ----a-w- c:\windows\system32\dllcache\xem336n5.sys 2009-10-15 21:10 . 2008-04-14 01:12 8192 ----a-w- c:\windows\system32\dllcache\wshirda.dll 2009-10-15 21:09 . 2008-04-13 19:36 8832 ----a-w- c:\windows\system32\dllcache\wmiacpi.sys 2009-10-15 21:09 . 2002-08-29 03:59 154624 ----a-w- c:\windows\system32\dllcache\wlluc48.sys 2009-10-15 21:09 . 2001-08-17 17:12 34890 ----a-w- c:\windows\system32\dllcache\wlandrv2.sys 2009-10-15 21:09 . 2001-08-17 18:28 771581 ----a-w- c:\windows\system32\dllcache\winacisa.sys 2009-10-15 21:09 . 2001-08-18 03:36 87040 ----a-w- c:\windows\system32\dllcache\wiafbdrv.dll 2009-10-15 21:09 . 2001-08-18 03:36 53760 ----a-w- c:\windows\system32\dllcache\wiamsmud.dll 2009-10-15 21:09 . 2002-08-29 11:00 41600 ----a-w- c:\windows\system32\dllcache\weitekp9.dll 2009-10-15 21:09 . 2002-08-29 11:00 31232 ----a-w- c:\windows\system32\dllcache\weitekp9.sys 2009-10-15 21:09 . 2001-08-17 18:28 701386 ----a-w- c:\windows\system32\dllcache\wdhaalba.sys 2009-10-15 21:09 . 2008-04-13 19:45 31744 ----a-w- c:\windows\system32\dllcache\wceusbsh.sys 2009-10-15 21:09 . 2001-08-17 17:10 35871 ----a-w- c:\windows\system32\dllcache\wbfirdma.sys 2009-10-15 21:07 . 2002-08-29 11:00 13192 ----a-w- c:\windows\system32\dllcache\tdasync.sys 2009-10-15 21:06 . 2001-08-17 19:56 252032 ----a-w- c:\windows\system32\dllcache\sis300iv.dll 2009-10-15 21:05 . 2001-08-17 18:28 714762 ----a-w- c:\windows\system32\dllcache\r2mdmkxx.sys 2009-10-15 21:04 . 2001-08-18 03:36 38912 ----a-w- c:\windows\system32\dllcache\EXCH_ntfsdrv.dll 2009-10-15 21:03 . 2001-08-17 19:02 35200 ----a-w- c:\windows\system32\dllcache\msgame.sys 2009-10-15 21:02 . 2001-08-18 03:36 8192 ----a-w- c:\windows\system32\dllcache\kbdkor.dll 2009-10-15 21:01 . 2001-08-17 19:56 353184 ----a-w- c:\windows\system32\dllcache\i740dnt5.dll 2009-10-15 21:00 . 2001-08-17 17:12 16998 ----a-w- c:\windows\system32\dllcache\ex10.sys 2009-10-15 20:59 . 2001-08-17 17:11 24649 ----a-w- c:\windows\system32\dllcache\dfe650d.sys 2009-10-15 20:58 . 2001-08-17 18:51 13824 ----a-w- c:\windows\system32\dllcache\bulltlp3.sys 2009-10-15 20:57 . 2001-08-17 19:55 96128 ----a-w- c:\windows\system32\dllcache\ati.dll . (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2009-11-14 15:48 . 2008-10-29 15:32 -------- d-----w- c:\documents and settings\All Users\Application Data\Google Updater 2009-11-08 19:22 . 2006-06-15 02:24 94896 ----a-w- c:\documents and settings\JohnAdmin\Local Settings\Application Data\GDIPFONTCACHEV1.DAT 2009-11-06 15:30 . 2009-09-06 18:14 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware 2009-11-06 15:11 . 2008-07-21 17:00 -------- d-----w- c:\documents and settings\All Users\Application Data\Avg8 2009-11-06 15:10 . 2009-02-01 01:51 12464 ----a-w- c:\windows\system32\avgrsstx.dll 2009-11-06 15:10 . 2008-07-21 17:06 333192 ----a-w- c:\windows\system32\drivers\avgldx86.sys 2009-11-06 15:10 . 2008-07-21 17:06 28424 ----a-w- c:\windows\system32\drivers\avgmfx86.sys 2009-11-06 15:08 . 2008-05-31 00:33 -------- d-----w- c:\program files\AVG 2009-11-06 02:55 . 2006-06-04 01:10 -------- d-----w- c:\program files\CCleaner 2009-11-02 00:51 . 2003-12-01 16:21 -------- d-----w- c:\program files\Google 2009-10-31 22:32 . 2009-04-04 00:06 -------- d-----w- c:\program files\CDBurnerXP 2009-10-14 13:33 . 2009-10-14 13:33 16331 ----a-w- c:\windows\usemawocyn.dat 2009-10-14 13:33 . 2009-10-14 13:33 11611 ----a-w- c:\documents and settings\All Users\Application Data\syny.dat 2009-10-14 13:33 . 2009-10-14 13:33 11377 ----a-w- c:\documents and settings\All Users\Application Data\eqepohytuh.dat 2009-10-13 20:24 . 2009-10-13 20:24 136 ----a-w- C:\bqefoh.dat 2009-10-02 21:12 . 2003-12-01 15:55 94896 ----a-w- c:\documents and settings\Pedro\Local Settings\Application Data\GDIPFONTCACHEV1.DAT 2009-09-24 22:15 . 2009-09-23 18:14 -------- d-----w- c:\program files\Microsoft Silverlight 2009-09-23 18:14 . 2009-09-23 18:07 -------- d-----w- c:\program files\Windows Live 2009-09-23 18:13 . 2009-09-23 18:13 -------- d-----w- c:\program files\Microsoft SQL Server Compact Edition 2009-09-23 18:08 . 2009-09-23 18:08 -------- d-----w- c:\program files\Microsoft 2009-09-23 18:08 . 2009-09-23 18:08 -------- d-----w- c:\program files\Windows Live SkyDrive 2009-09-23 17:53 . 2009-09-23 17:53 -------- d-----w- c:\program files\Common Files\Windows Live 2009-09-11 14:18 . 2002-08-29 11:00 136192 ----a-w- c:\windows\system32\msv1_0.dll 2009-09-10 18:54 . 2009-09-06 18:15 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys 2009-09-10 18:53 . 2009-09-06 18:14 19160 ----a-w- c:\windows\system32\drivers\mbam.sys 2009-09-04 21:03 . 2002-08-29 11:00 58880 ----a-w- c:\windows\system32\msasn1.dll 2009-08-30 22:38 . 2006-01-08 16:23 20 ---h--w- c:\documents and settings\All Users\Application Data\PKP_DLec.DAT 2009-08-29 08:08 . 2004-12-07 21:37 916480 ------w- c:\windows\system32\wininet.dll 2009-08-26 08:00 . 2002-08-29 11:00 247326 ----a-w- c:\windows\system32\strmdll.dll . ((((((((((((((((((((((((((((( SnapShot_2009-11-08_19.04.36 ))))))))))))))))))))))))))))))))))))))))) . - 2003-11-06 01:48 . 2009-11-01 13:17 72576 c:\windows\SYSTEM32\PERFC009.DAT + 2003-11-06 01:48 . 2009-11-11 16:50 72576 c:\windows\SYSTEM32\PERFC009.DAT + 2004-01-04 21:39 . 2009-11-11 02:55 23040 c:\windows\Installer\{91120409-6000-11D3-8CFE-0150048383C9}\unbndico.exe - 2004-01-04 21:39 . 2009-10-16 08:26 23040 c:\windows\Installer\{91120409-6000-11D3-8CFE-0150048383C9}\unbndico.exe - 2004-01-04 21:39 . 2009-10-16 08:26 27136 c:\windows\Installer\{91120409-6000-11D3-8CFE-0150048383C9}\oisicon.exe + 2004-01-04 21:39 . 2009-11-11 02:55 27136 c:\windows\Installer\{91120409-6000-11D3-8CFE-0150048383C9}\oisicon.exe - 2004-01-04 21:39 . 2009-10-16 08:26 11264 c:\windows\Installer\{91120409-6000-11D3-8CFE-0150048383C9}\mspicons.exe + 2004-01-04 21:39 . 2009-11-11 02:55 11264 c:\windows\Installer\{91120409-6000-11D3-8CFE-0150048383C9}\mspicons.exe - 2004-01-04 21:39 . 2009-10-16 08:26 12288 c:\windows\Installer\{91120409-6000-11D3-8CFE-0150048383C9}\cagicon.exe + 2004-01-04 21:39 . 2009-11-11 02:55 12288 c:\windows\Installer\{91120409-6000-11D3-8CFE-0150048383C9}\cagicon.exe + 2006-11-18 15:55 . 2009-11-11 02:53 23040 c:\windows\Installer\{90110409-6000-11D3-8CFE-0150048383C9}\unbndico.exe - 2006-11-18 15:55 . 2009-10-16 08:23 23040 c:\windows\Installer\{90110409-6000-11D3-8CFE-0150048383C9}\unbndico.exe - 2006-11-18 15:55 . 2009-10-16 08:23 61440 c:\windows\Installer\{90110409-6000-11D3-8CFE-0150048383C9}\pubs.exe + 2006-11-18 15:55 . 2009-11-11 02:53 61440 c:\windows\Installer\{90110409-6000-11D3-8CFE-0150048383C9}\pubs.exe - 2006-11-18 15:55 . 2009-10-16 08:23 27136 c:\windows\Installer\{90110409-6000-11D3-8CFE-0150048383C9}\oisicon.exe + 2006-11-18 15:55 . 2009-11-11 02:53 27136 c:\windows\Installer\{90110409-6000-11D3-8CFE-0150048383C9}\oisicon.exe + 2006-11-18 15:55 . 2009-11-11 02:53 11264 c:\windows\Installer\{90110409-6000-11D3-8CFE-0150048383C9}\mspicons.exe - 2006-11-18 15:55 . 2009-10-16 08:23 11264 c:\windows\Installer\{90110409-6000-11D3-8CFE-0150048383C9}\mspicons.exe + 2006-11-18 15:55 . 2009-11-11 02:53 86016 c:\windows\Installer\{90110409-6000-11D3-8CFE-0150048383C9}\inficon.exe - 2006-11-18 15:55 . 2009-10-16 08:23 86016 c:\windows\Installer\{90110409-6000-11D3-8CFE-0150048383C9}\inficon.exe + 2006-11-18 15:55 . 2009-11-11 02:53 12288 c:\windows\Installer\{90110409-6000-11D3-8CFE-0150048383C9}\cagicon.exe - 2006-11-18 15:55 . 2009-10-16 08:23 12288 c:\windows\Installer\{90110409-6000-11D3-8CFE-0150048383C9}\cagicon.exe - 2004-01-04 21:39 . 2009-10-16 08:26 4096 c:\windows\Installer\{91120409-6000-11D3-8CFE-0150048383C9}\opwicon.exe + 2004-01-04 21:39 . 2009-11-11 02:55 4096 c:\windows\Installer\{91120409-6000-11D3-8CFE-0150048383C9}\opwicon.exe + 2006-11-18 15:55 . 2009-11-11 02:53 4096 c:\windows\Installer\{90110409-6000-11D3-8CFE-0150048383C9}\opwicon.exe - 2006-11-18 15:55 . 2009-10-16 08:23 4096 c:\windows\Installer\{90110409-6000-11D3-8CFE-0150048383C9}\opwicon.exe + 2003-11-06 01:48 . 2009-11-11 16:50 445370 c:\windows\SYSTEM32\PERFH009.DAT - 2003-11-06 01:48 . 2009-11-01 13:17 445370 c:\windows\SYSTEM32\PERFH009.DAT + 2002-09-03 15:05 . 2009-11-11 15:47 328296 c:\windows\SYSTEM32\FNTCACHE.DAT - 2002-09-03 15:05 . 2009-09-25 15:27 328296 c:\windows\SYSTEM32\FNTCACHE.DAT + 2004-01-04 21:39 . 2009-11-11 02:55 409600 c:\windows\Installer\{91120409-6000-11D3-8CFE-0150048383C9}\xlicons.exe - 2004-01-04 21:39 . 2009-10-16 08:26 409600 c:\windows\Installer\{91120409-6000-11D3-8CFE-0150048383C9}\xlicons.exe + 2004-01-04 21:39 . 2009-11-11 02:55 286720 c:\windows\Installer\{91120409-6000-11D3-8CFE-0150048383C9}\wordicon.exe - 2004-01-04 21:39 . 2009-10-16 08:26 286720 c:\windows\Installer\{91120409-6000-11D3-8CFE-0150048383C9}\wordicon.exe - 2004-01-04 21:39 . 2009-10-16 08:26 249856 c:\windows\Installer\{91120409-6000-11D3-8CFE-0150048383C9}\pptico.exe + 2004-01-04 21:39 . 2009-11-11 02:55 249856 c:\windows\Installer\{91120409-6000-11D3-8CFE-0150048383C9}\pptico.exe + 2004-01-04 21:39 . 2009-11-11 02:55 794624 c:\windows\Installer\{91120409-6000-11D3-8CFE-0150048383C9}\outicon.exe - 2004-01-04 21:39 . 2009-10-16 08:26 794624 c:\windows\Installer\{91120409-6000-11D3-8CFE-0150048383C9}\outicon.exe + 2004-01-04 21:39 . 2009-11-11 02:55 135168 c:\windows\Installer\{91120409-6000-11D3-8CFE-0150048383C9}\misc.exe - 2004-01-04 21:39 . 2009-10-16 08:26 135168 c:\windows\Installer\{91120409-6000-11D3-8CFE-0150048383C9}\misc.exe - 2006-11-18 15:55 . 2009-10-16 08:23 409600 c:\windows\Installer\{90110409-6000-11D3-8CFE-0150048383C9}\xlicons.exe + 2006-11-18 15:55 . 2009-11-11 02:53 409600 c:\windows\Installer\{90110409-6000-11D3-8CFE-0150048383C9}\xlicons.exe - 2006-11-18 15:55 . 2009-10-16 08:23 286720 c:\windows\Installer\{90110409-6000-11D3-8CFE-0150048383C9}\wordicon.exe + 2006-11-18 15:55 . 2009-11-11 02:53 286720 c:\windows\Installer\{90110409-6000-11D3-8CFE-0150048383C9}\wordicon.exe + 2006-11-18 15:55 . 2009-11-11 02:53 249856 c:\windows\Installer\{90110409-6000-11D3-8CFE-0150048383C9}\pptico.exe - 2006-11-18 15:55 . 2009-10-16 08:23 249856 c:\windows\Installer\{90110409-6000-11D3-8CFE-0150048383C9}\pptico.exe + 2006-11-18 15:55 . 2009-11-11 02:53 794624 c:\windows\Installer\{90110409-6000-11D3-8CFE-0150048383C9}\outicon.exe - 2006-11-18 15:55 . 2009-10-16 08:23 794624 c:\windows\Installer\{90110409-6000-11D3-8CFE-0150048383C9}\outicon.exe + 2006-11-18 15:55 . 2009-11-11 02:53 135168 c:\windows\Installer\{90110409-6000-11D3-8CFE-0150048383C9}\misc.exe - 2006-11-18 15:55 . 2009-10-16 08:23 135168 c:\windows\Installer\{90110409-6000-11D3-8CFE-0150048383C9}\misc.exe + 2006-11-18 15:55 . 2009-11-11 02:53 593920 c:\windows\Installer\{90110409-6000-11D3-8CFE-0150048383C9}\accicons.exe - 2006-11-18 15:55 . 2009-10-16 08:23 593920 c:\windows\Installer\{90110409-6000-11D3-8CFE-0150048383C9}\accicons.exe + 2002-08-29 11:00 . 2009-08-14 13:21 1850624 c:\windows\SYSTEM32\win32k.sys + 2002-08-29 11:00 . 2009-08-14 13:21 1850624 c:\windows\SYSTEM32\DLLCACHE\win32k.sys + 2009-10-22 17:46 . 2009-10-22 17:46 6821888 c:\windows\Installer\51fc77.msp + 2009-10-06 23:40 . 2009-10-06 23:40 7681024 c:\windows\Installer\51fc52.msp + 2009-10-22 17:28 . 2009-10-22 17:28 5521408 c:\windows\Installer\51fc2d.msp + 2009-11-11 02:47 . 2009-11-05 14:36 26768832 c:\windows\SYSTEM32\MRT.exe . -- Snapshot reset to current date -- . ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) . . *Note* empty entries & legit default entries are not shown REGEDIT4 [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2007-06-08 68856] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "dla"="c:\windows\system32\dla\tfswctrl.exe" [2003-08-06 114741] "ISUSScheduler"="c:\program files\Common Files\InstallShield\UpdateService\issch.exe" [2004-07-27 81920] "LogMeIn GUI"="c:\program files\LogMeIn\x86\LogMeInSystray.exe" [2008-08-11 63048] "AVG9_TRAY"="c:\progra~1\AVG\AVG9\avgtray.exe" [2009-11-12 2020120] "ZoneAlarm Client"="c:\program files\Zone Labs\ZoneAlarm\zlclient.exe" [2009-02-16 981384] [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run] "swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2007-06-08 68856] c:\documents and settings\All Users\Start Menu\Programs\Startup\ hpoddt01.exe.lnk - c:\program files\Hewlett-Packard\Digital Imaging\bin\hpotdd01.exe [2003-4-9 28672] Image Transfer.lnk - c:\program files\Sony Corporation\Image Transfer\SonyTray.exe [2004-7-10 73728] NkbMonitor.exe.lnk - c:\program files\Nikon\PictureProject\NkbMonitor.exe [2006-1-8 118784] [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\avgrsstarter] 2009-11-06 15:10 12464 ----a-w- c:\windows\SYSTEM32\avgrsstx.dll [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\LMIinit] 2009-09-28 23:34 87352 ----a-w- c:\windows\SYSTEM32\LMIinit.dll [HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Adobe Reader Speed Launch.lnk] path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Adobe Reader Speed Launch.lnk backup=c:\windows\pss\Adobe Reader Speed Launch.lnkCommon Startup [HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^America Online 9.0 Tray Icon.lnk] path=c:\documents and settings\All Users\Start Menu\Programs\Startup\America Online 9.0 Tray Icon.lnk backup=c:\windows\pss\America Online 9.0 Tray Icon.lnkCommon Startup [HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Digital Line Detect.lnk] path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Digital Line Detect.lnk backup=c:\windows\pss\Digital Line Detect.lnkCommon Startup [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\ZoneLabsFirewall] "DisableMonitoring"=dword:00000001 [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile] "EnableFirewall"= 0 (0x0) [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List] "%windir%\\system32\\sessmgr.exe"= "c:\\WINDOWS\\SYSTEM32\\dpvsetup.exe"= "c:\\Program Files\\Messenger\\msmsgs.exe"= "c:\\Program Files\\iTunes\\iTunes.exe"= "%windir%\\Network Diagnostic\\xpnetdiag.exe"= "c:\\Program Files\\Real\\RealPlayer\\realplay.exe"= "c:\\WINDOWS\\PCHealth\\HelpCtr\\Binaries\\helpctr.exe"= "c:\\Program Files\\Google\\Google Talk\\googletalk.exe"= "c:\\Program Files\\Photo Story 3 for Windows\\PhotoStory3.exe"= "c:\\Program Files\\Windows Live\\Messenger\\wlcsdk.exe"= "c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"= "c:\\Program Files\\Windows Live\\Sync\\WindowsLiveSync.exe"= "c:\\Program Files\\AVG\\AVG9\\avgupd.exe"= "c:\\Program Files\\AVG\\AVG9\\avgnsx.exe"= R2 gupdate;Google Update Service (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [2009-11-02 133104] R4 LMIRfsClientNP;LMIRfsClientNP; [x] S1 AvgLdx86;AVG Free AVI Loader Driver x86;c:\windows\System32\Drivers\avgldx86.sys [2009-11-06 333192] S1 AvgTdiX;AVG Free Network Redirector;c:\windows\System32\Drivers\avgtdix.sys [2009-11-09 360584] S2 avg9wd;AVG Free WatchDog;c:\program files\AVG\AVG9\avgwdsvc.exe [2009-11-06 285392] S2 LMIInfo;LogMeIn Kernel Information Provider;c:\program files\LogMeIn\x86\RaInfo.sys [2008-08-11 12856] S2 LMIRfsDriver;LogMeIn Remote File System Driver;c:\windows\system32\drivers\LMIRfsDriver.sys [2008-08-11 47640] S2 Viewpoint Manager Service;Viewpoint Manager Service;c:\program files\Viewpoint\Common\ViewpointService.exe [2007-01-04 24652] --- Other Services/Drivers In Memory --- *Deregistered* - mbr . Contents of the 'Scheduled Tasks' folder 2009-11-14 c:\windows\Tasks\Google Software Updater.job - c:\program files\Google\Common\Google Updater\GoogleUpdaterService.exe [2006-12-20 21:03] 2009-11-14 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job - c:\program files\Google\Update\GoogleUpdate.exe [2009-11-02 00:47] 2009-11-14 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job - c:\program files\Google\Update\GoogleUpdate.exe [2009-11-02 00:47] . . ------- Supplementary Scan ------- . uStart Page = about:blank uInternet Connection Wizard,ShellNext = hxxp://www.dellnet.com/ IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200 Trusted Zone: musicmatch.com\online DPF: Microsoft XML Parser for Java - file:///C:/WINDOWS/Java/classes/xmldso.cab . ************************************************************************** catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2009-11-14 10:50 Windows 5.1.2600 Service Pack 3 NTFS scanning hidden processes ... scanning hidden autostart entries ... scanning hidden files ... scan completed successfully hidden files: 0 ************************************************************************** . --------------------- DLLs Loaded Under Running Processes --------------------- - - - - - - - > 'winlogon.exe'(644) c:\windows\system32\LMIinit.dll - - - - - - - > 'explorer.exe'(2356) c:\windows\system32\WININET.dll c:\windows\system32\ieframe.dll c:\windows\system32\webcheck.dll c:\windows\system32\WPDShServiceObj.dll c:\program files\ArcSoft\PhotoImpression 5\share\pihook.dll c:\windows\system32\PortableDeviceTypes.dll c:\windows\system32\PortableDeviceApi.dll c:\windows\system32\LMIRfsClientNP.dll . ------------------------ Other Running Processes ------------------------ . c:\program files\AVG\AVG9\avgchsvx.exe c:\program files\AVG\AVG9\avgrsx.exe c:\program files\AVG\AVG9\avgcsrvx.exe c:\program files\Common Files\Command Software\dvpapi.exe c:\program files\LogMeIn\x86\RaMaint.exe c:\program files\LogMeIn\x86\LogMeIn.exe c:\program files\LogMeIn\x86\LMIGuardian.exe c:\program files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE c:\program files\CDBurnerXP\NMSAccessU.exe c:\windows\system32\MsPMSPSv.exe c:\program files\AVG\AVG9\avgnsx.exe c:\program files\Viewpoint\Viewpoint Manager\ViewMgr.exe c:\program files\LogMeIn\x86\LogMeIn.exe c:\windows\system32\wscntfy.exe c:\program files\LogMeIn\x86\LMIGuardian.exe c:\windows\system32\msiexec.exe . ************************************************************************** . Completion time: 2009-11-14 11:01 - machine was rebooted ComboFix-quarantined-files.txt 2009-11-14 16:01 ComboFix2.txt 2009-11-08 19:21 ComboFix3.txt 2009-11-06 02:31 ComboFix4.txt 2009-11-05 23:18 ComboFix5.txt 2009-11-14 14:59 Pre-Run: 30,079,201,280 bytes free Post-Run: 30,104,793,088 bytes free - - End Of File - - C5AD5D0F8BE34A58C80B1B93DABC82B2 ------------------------------------------------------------------------------------------------------------------------------------- Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 11:06:56 AM, on 11/14/2009 Platform: Windows XP SP3 (WinNT 5.01.2600) MSIE: Internet Explorer v8.00 (8.00.6001.18702) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\Program Files\AVG\AVG9\avgchsvx.exe C:\Program Files\AVG\AVG9\avgrsx.exe C:\Program Files\AVG\AVG9\avgcsrvx.exe C:\WINDOWS\SYSTEM32\ZoneLabs\vsmon.exe C:\WINDOWS\system32\spoolsv.exe C:\Program Files\AVG\AVG9\avgwdsvc.exe C:\Program Files\Common Files\Command Software\dvpapi.exe C:\Program Files\LogMeIn\x86\RaMaint.exe C:\Program Files\LogMeIn\x86\LogMeIn.exe C:\Program Files\LogMeIn\x86\LMIGuardian.exe C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE C:\Program Files\CDBurnerXP\NMSAccessU.exe C:\WINDOWS\System32\svchost.exe C:\Program Files\Viewpoint\Common\ViewpointService.exe C:\WINDOWS\system32\MsPMSPSv.exe C:\Program Files\AVG\AVG9\avgnsx.exe C:\WINDOWS\system32\svchost.exe C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe C:\Program Files\LogMeIn\x86\LogMeIn.exe C:\WINDOWS\system32\dla\tfswctrl.exe C:\Program Files\LogMeIn\x86\LogMeInSystray.exe C:\PROGRA~1\AVG\AVG9\avgtray.exe C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe C:\Program Files\LogMeIn\x86\LMIGuardian.exe C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpotdd01.exe C:\Program Files\Nikon\PictureProject\NkbMonitor.exe C:\WINDOWS\explorer.exe C:\WINDOWS\system32\ctfmon.exe C:\Program Files\Trend Micro\HijackThis\HijackThis.exe C:\Program Files\Internet Explorer\IEXPLORE.EXE C:\Program Files\Internet Explorer\IEXPLORE.EXE R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://www.dellnet.com/ O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG9\avgssie.dll O2 - BHO: MyBHO Class - {46B9D770-1B7D-45D1-81B4-AC07B2F127EF} - C:\PROGRA~1\FLASHS~1\FlashBHO.dll O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.3.4501.1418\swg.dll O2 - BHO: MSNToolBandBHO - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Apps\MSN Toolbar\MSN Toolbar\01.02.5000.1021\en-us\msntb.dll O2 - BHO: Google Dictionary Compression sdch - {C84D72FE-E17D-4195-BB24-76C02E2E7C4E} - C:\Program Files\Google\Google Toolbar\Component\fastsearch_B7C5AC242193BB3E.dll O3 - Toolbar: Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll O4 - HKLM\..\Run: [dla] C:\WINDOWS\system32\dla\tfswctrl.exe O4 - HKLM\..\Run: [iSUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start O4 - HKLM\..\Run: [LogMeIn GUI] "C:\Program Files\LogMeIn\x86\LogMeInSystray.exe" O4 - HKLM\..\Run: [AVG9_TRAY] C:\PROGRA~1\AVG\AVG9\avgtray.exe O4 - HKLM\..\Run: [ZoneAlarm Client] "C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe" O4 - HKCU\..\Run: [swg] "C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe O4 - HKUS\S-1-5-21-556913826-2705911766-1470531376-1012\..\Run: [swg] "C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" (User '?') O4 - HKUS\S-1-5-21-556913826-2705911766-1470531376-1012\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe (User '?') O4 - HKUS\S-1-5-18\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe (User '?') O4 - HKUS\.DEFAULT\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe (User 'Default user') O4 - Global Startup: hpoddt01.exe.lnk = ? O4 - Global Startup: Image Transfer.lnk = ? O4 - Global Startup: NkbMonitor.exe.lnk = C:\Program Files\Nikon\PictureProject\NkbMonitor.exe O8 - Extra context menu item: Add to Google Photos Screensa&ver - res://C:\WINDOWS\system32\GPhotos.scr/200 O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\system32\msjava.dll O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\system32\msjava.dll O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~4\OFFICE11\REFIEBAR.DLL O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O16 - DPF: {01113300-3E00-11D2-8470-0060089874ED} (Support.com Configuration Class) - https://activatemyfios.verizon.net/sdcCommo...oad/tgctlcm.cab O16 - DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} (QuickTime Object) - http://a1540.g.akamai.net/7/1540/52/200705...ex/qtplugin.cab O16 - DPF: {156BF4B7-AE3A-4365-BD88-95A75AF8F09D} (HPSDDX Class) - http://www.hp.com/cpso-support-new/SDD/hpsddObjSigned.cab O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?LinkId=39204&clcid=0x409 O16 - DPF: {FD0B6769-6490-4A91-AA0A-B5AE0DC75AC9} (Performance Viewer Activex Control) - https://secure.logmein.com/activex/ractrl.cab?lmi=100 O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG9\avgpp.dll O20 - Winlogon Notify: avgrsstarter - C:\WINDOWS\SYSTEM32\avgrsstx.dll O23 - Service: AVG Free WatchDog (avg9wd) - AVG Technologies CZ, s.r.o. - C:\Program Files\AVG\AVG9\avgwdsvc.exe O23 - Service: DvpApi (dvpapi) - Command Software Systems, Inc. - C:\Program Files\Common Files\Command Software\dvpapi.exe O23 - Service: Google Update Service (gupdate) (gupdate) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe O23 - Service: iPodService - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe O23 - Service: LogMeIn Maintenance Service (LMIMaint) - LogMeIn, Inc. - C:\Program Files\LogMeIn\x86\RaMaint.exe O23 - Service: LogMeIn - LogMeIn, Inc. - C:\Program Files\LogMeIn\x86\LogMeIn.exe O23 - Service: NMSAccessU - Unknown owner - C:\Program Files\CDBurnerXP\NMSAccessU.exe O23 - Service: Viewpoint Manager Service - Viewpoint Corporation - C:\Program Files\Viewpoint\Common\ViewpointService.exe O23 - Service: TrueVector Internet Monitor (vsmon) - Check Point Software Technologies LTD - C:\WINDOWS\SYSTEM32\ZoneLabs\vsmon.exe -- End of file - 7988 bytes

. bump Hello, anybody there?

part 2 - again - SORRY + 2009-11-02 00:50 . 2009-11-02 00:50 25214 c:\windows\Installer\{3A05B900-A3E7-11DE-A9B7-005056806466}\UNINST_Uninstall_G_F6A848FB884248E6A4CDCBDCF41F6A74_1.exe + 2009-11-02 00:50 . 2009-11-02 00:50 25214 c:\windows\Installer\{3A05B900-A3E7-11DE-A9B7-005056806466}\UNINST_Uninstall_G_F6A848FB884248E6A4CDCBDCF41F6A74.exe + 2009-11-02 00:50 . 2009-11-02 00:50 25214 c:\windows\Installer\{3A05B900-A3E7-11DE-A9B7-005056806466}\ShortcutOGL_EB071909B9884F8CBF3D6115D4ADEE5E.exe + 2009-11-02 00:50 . 2009-11-02 00:50 25214 c:\windows\Installer\{3A05B900-A3E7-11DE-A9B7-005056806466}\ShortcutDX_EB071909B9884F8CBF3D6115D4ADEE5E.exe + 2009-11-02 00:50 . 2009-11-02 00:50 25214 c:\windows\Installer\{3A05B900-A3E7-11DE-A9B7-005056806466}\googleearth.exe1_F6A848FB884248E6A4CDCBDCF41F6A74.exe + 2009-11-02 00:50 . 2009-11-02 00:50 25214 c:\windows\Installer\{3A05B900-A3E7-11DE-A9B7-005056806466}\googleearth.exe_F6A848FB884248E6A4CDCBDCF41F6A74.exe + 2009-11-02 00:50 . 2009-11-02 00:50 25214 c:\windows\Installer\{3A05B900-A3E7-11DE-A9B7-005056806466}\ARPPRODUCTICON.exe + 2009-11-07 01:55 . 2009-02-16 05:10 9608 c:\windows\SYSTEM32\ZoneLabs\lib\oem_1460.zip.dll + 2009-10-15 21:08 . 2001-08-17 18:28 7556 c:\windows\SYSTEM32\DLLCACHE\usroslba.sys - 2009-10-15 21:08 . 2001-08-17 17:28 7556 c:\windows\SYSTEM32\DLLCACHE\usroslba.sys - 2009-10-15 21:07 . 2001-08-17 17:52 7040 c:\windows\SYSTEM32\DLLCACHE\tandqic.sys + 2009-10-15 21:07 . 2001-08-17 18:52 7040 c:\windows\SYSTEM32\DLLCACHE\tandqic.sys - 2009-10-15 21:07 . 2001-08-17 18:02 3968 c:\windows\SYSTEM32\DLLCACHE\swusbflt.sys + 2009-10-15 21:07 . 2001-08-17 19:02 3968 c:\windows\SYSTEM32\DLLCACHE\swusbflt.sys - 2009-10-15 21:07 . 2001-08-17 17:53 9600 c:\windows\SYSTEM32\DLLCACHE\sonymc.sys + 2009-10-15 21:07 . 2001-08-17 18:53 9600 c:\windows\SYSTEM32\DLLCACHE\sonymc.sys + 2009-10-15 21:07 . 2008-04-13 19:40 7552 c:\windows\SYSTEM32\DLLCACHE\sonyait.sys - 2009-10-15 21:07 . 2008-04-13 18:40 7552 c:\windows\SYSTEM32\DLLCACHE\sonyait.sys - 2009-10-15 21:07 . 2001-08-17 17:53 7040 c:\windows\SYSTEM32\DLLCACHE\snyaitmc.sys + 2009-10-15 21:07 . 2001-08-17 18:53 7040 c:\windows\SYSTEM32\DLLCACHE\snyaitmc.sys - 2009-10-15 21:07 . 2001-08-17 17:57 6784 c:\windows\SYSTEM32\DLLCACHE\smbhc.sys + 2009-10-15 21:07 . 2001-08-17 18:57 6784 c:\windows\SYSTEM32\DLLCACHE\smbhc.sys - 2009-10-15 21:07 . 2008-04-13 18:36 6912 c:\windows\SYSTEM32\DLLCACHE\smbclass.sys + 2009-10-15 21:07 . 2008-04-13 19:36 6912 c:\windows\SYSTEM32\DLLCACHE\smbclass.sys - 2009-10-15 21:06 . 2001-08-17 17:53 6784 c:\windows\SYSTEM32\DLLCACHE\serscan.sys + 2009-10-15 21:06 . 2001-08-17 18:53 6784 c:\windows\SYSTEM32\DLLCACHE\serscan.sys + 2009-10-15 21:06 . 2001-08-17 18:53 6912 c:\windows\SYSTEM32\DLLCACHE\seaddsmc.sys - 2009-10-15 21:06 . 2001-08-17 17:53 6912 c:\windows\SYSTEM32\DLLCACHE\seaddsmc.sys - 2009-10-15 21:06 . 2001-08-18 02:36 9216 c:\windows\SYSTEM32\DLLCACHE\rsmgrstr.dll + 2009-10-15 21:06 . 2001-08-18 03:36 9216 c:\windows\SYSTEM32\DLLCACHE\rsmgrstr.dll - 2009-10-15 21:06 . 2001-08-17 16:19 3840 c:\windows\SYSTEM32\DLLCACHE\rpfun.sys + 2009-10-15 21:06 . 2001-08-17 17:19 3840 c:\windows\SYSTEM32\DLLCACHE\rpfun.sys - 2009-10-15 21:05 . 2001-08-17 17:53 3328 c:\windows\SYSTEM32\DLLCACHE\qv2kux.sys + 2009-10-15 21:05 . 2001-08-17 18:53 3328 c:\windows\SYSTEM32\DLLCACHE\qv2kux.sys + 2009-10-15 21:05 . 2008-04-13 19:40 6016 c:\windows\SYSTEM32\DLLCACHE\qic157.sys - 2009-10-15 21:05 . 2008-04-13 18:40 6016 c:\windows\SYSTEM32\DLLCACHE\qic157.sys - 2009-10-15 21:05 . 2001-08-18 02:36 5632 c:\windows\SYSTEM32\DLLCACHE\ptpusb.dll + 2009-10-15 21:05 . 2001-08-18 03:36 5632 c:\windows\SYSTEM32\DLLCACHE\ptpusb.dll + 2009-10-15 21:05 . 2008-04-13 19:40 8832 c:\windows\SYSTEM32\DLLCACHE\powerfil.sys - 2009-10-15 21:05 . 2008-04-13 18:40 8832 c:\windows\SYSTEM32\DLLCACHE\powerfil.sys + 2009-10-15 21:05 . 2001-08-17 18:53 7168 c:\windows\SYSTEM32\DLLCACHE\pnrmc.sys - 2009-10-15 21:05 . 2001-08-17 17:53 7168 c:\windows\SYSTEM32\DLLCACHE\pnrmc.sys + 2009-10-15 21:04 . 2001-08-17 18:47 9344 c:\windows\SYSTEM32\DLLCACHE\ntapm.sys - 2009-10-15 21:04 . 2001-08-17 17:47 9344 c:\windows\SYSTEM32\DLLCACHE\ntapm.sys - 2009-10-15 21:04 . 2001-08-17 17:53 7552 c:\windows\SYSTEM32\DLLCACHE\nsmmc.sys + 2009-10-15 21:04 . 2001-08-17 18:53 7552 c:\windows\SYSTEM32\DLLCACHE\nsmmc.sys - 2009-10-15 21:04 . 2001-08-18 02:36 7168 c:\windows\SYSTEM32\DLLCACHE\mxport.dll + 2009-10-15 21:04 . 2001-08-18 03:36 7168 c:\windows\SYSTEM32\DLLCACHE\mxport.dll - 2009-10-15 21:04 . 2001-08-17 18:00 2944 c:\windows\SYSTEM32\DLLCACHE\msmpu401.sys + 2009-10-15 21:04 . 2001-08-17 19:00 2944 c:\windows\SYSTEM32\DLLCACHE\msmpu401.sys + 2009-10-15 21:03 . 2001-08-17 18:48 6016 c:\windows\SYSTEM32\DLLCACHE\msfsio.sys - 2009-10-15 21:03 . 2001-08-17 17:48 6016 c:\windows\SYSTEM32\DLLCACHE\msfsio.sys - 2009-10-15 21:03 . 2001-08-17 17:52 6528 c:\windows\SYSTEM32\DLLCACHE\miniqic.sys + 2009-10-15 21:03 . 2001-08-17 18:52 6528 c:\windows\SYSTEM32\DLLCACHE\miniqic.sys - 2009-10-15 21:03 . 2001-08-17 17:58 8320 c:\windows\SYSTEM32\DLLCACHE\memcard.sys + 2009-10-15 21:03 . 2001-08-17 18:58 8320 c:\windows\SYSTEM32\DLLCACHE\memcard.sys + 2009-10-15 21:03 . 2001-08-17 18:52 7424 c:\windows\SYSTEM32\DLLCACHE\mammoth.sys - 2009-10-15 21:03 . 2001-08-17 17:52 7424 c:\windows\SYSTEM32\DLLCACHE\mammoth.sys + 2009-10-15 21:03 . 2008-04-13 19:40 7040 c:\windows\SYSTEM32\DLLCACHE\ltotape.sys - 2009-10-15 21:03 . 2008-04-13 18:40 7040 c:\windows\SYSTEM32\DLLCACHE\ltotape.sys - 2009-10-15 21:03 . 2001-08-17 17:53 4992 c:\windows\SYSTEM32\DLLCACHE\loop.sys + 2009-10-15 21:03 . 2001-08-17 18:53 4992 c:\windows\SYSTEM32\DLLCACHE\loop.sys - 2009-10-15 21:02 . 2001-08-18 02:36 8704 c:\windows\SYSTEM32\DLLCACHE\kbdjpn.dll + 2009-10-15 21:02 . 2001-08-18 03:36 8704 c:\windows\SYSTEM32\DLLCACHE\kbdjpn.dll - 2009-10-15 21:02 . 2008-04-14 00:09 6144 c:\windows\SYSTEM32\DLLCACHE\kbd106.dll + 2009-10-15 21:02 . 2008-04-14 01:09 6144 c:\windows\SYSTEM32\DLLCACHE\kbd106.dll - 2009-10-15 21:02 . 2001-08-17 18:55 5632 c:\windows\SYSTEM32\DLLCACHE\kbd103.dll + 2009-10-15 21:02 . 2001-08-17 19:55 5632 c:\windows\SYSTEM32\DLLCACHE\kbd103.dll - 2009-10-15 21:02 . 2001-08-17 18:55 6144 c:\windows\SYSTEM32\DLLCACHE\kbd101c.dll + 2009-10-15 21:02 . 2001-08-17 19:55 6144 c:\windows\SYSTEM32\DLLCACHE\kbd101c.dll + 2009-10-15 21:02 . 2001-08-17 19:55 6144 c:\windows\SYSTEM32\DLLCACHE\kbd101b.dll - 2009-10-15 21:02 . 2001-08-17 18:55 6144 c:\windows\SYSTEM32\DLLCACHE\kbd101b.dll - 2009-10-15 21:02 . 2001-08-18 02:34 9216 c:\windows\SYSTEM32\DLLCACHE\ibmsgnet.dll + 2009-10-15 21:02 . 2001-08-18 03:34 9216 c:\windows\SYSTEM32\DLLCACHE\ibmsgnet.dll + 2009-10-15 21:01 . 2001-08-18 03:36 9759 c:\windows\SYSTEM32\DLLCACHE\hsf_inst.dll - 2009-10-15 21:01 . 2001-08-18 02:36 9759 c:\windows\SYSTEM32\DLLCACHE\hsf_inst.dll - 2009-10-15 21:01 . 2001-08-17 17:52 5760 c:\windows\SYSTEM32\DLLCACHE\hpt4qic.sys + 2009-10-15 21:01 . 2001-08-17 18:52 5760 c:\windows\SYSTEM32\DLLCACHE\hpt4qic.sys + 2009-10-15 21:01 . 2001-08-17 19:02 2688 c:\windows\SYSTEM32\DLLCACHE\hidswvd.sys - 2009-10-15 21:01 . 2001-08-17 18:02 2688 c:\windows\SYSTEM32\DLLCACHE\hidswvd.sys - 2009-10-15 21:01 . 2001-08-17 18:02 8576 c:\windows\SYSTEM32\DLLCACHE\hidgame.sys + 2009-10-15 21:01 . 2001-08-17 19:02 8576 c:\windows\SYSTEM32\DLLCACHE\hidgame.sys - 2009-10-15 21:07 . 2001-08-18 02:36 7168 c:\windows\SYSTEM32\DLLCACHE\EXCH_snprfdll.dll + 2009-10-15 21:07 . 2001-08-18 03:36 7168 c:\windows\SYSTEM32\DLLCACHE\EXCH_snprfdll.dll - 2009-10-15 20:57 . 2001-08-18 02:36 5632 c:\windows\SYSTEM32\DLLCACHE\EXCH_adsiisex.dll + 2009-10-15 20:57 . 2001-08-18 03:36 5632 c:\windows\SYSTEM32\DLLCACHE\EXCH_adsiisex.dll + 2009-10-15 21:01 . 2001-08-17 18:52 7040 c:\windows\SYSTEM32\DLLCACHE\exabyte2.sys - 2009-10-15 21:01 . 2001-08-17 17:52 7040 c:\windows\SYSTEM32\DLLCACHE\exabyte2.sys + 2009-10-15 21:00 . 2001-08-17 18:46 6400 c:\windows\SYSTEM32\DLLCACHE\enum1394.sys - 2009-10-15 21:00 . 2001-08-17 17:46 6400 c:\windows\SYSTEM32\DLLCACHE\enum1394.sys - 2009-10-15 21:00 . 2001-08-17 17:53 7296 c:\windows\SYSTEM32\DLLCACHE\elmsmc.sys + 2009-10-15 21:00 . 2001-08-17 18:53 7296 c:\windows\SYSTEM32\DLLCACHE\elmsmc.sys + 2009-10-15 21:00 . 2001-08-17 18:47 8704 c:\windows\SYSTEM32\DLLCACHE\dot4scan.sys - 2009-10-15 21:00 . 2001-08-17 17:47 8704 c:\windows\SYSTEM32\DLLCACHE\dot4scan.sys - 2009-10-15 21:00 . 2008-04-13 18:40 8320 c:\windows\SYSTEM32\DLLCACHE\dlttape.sys + 2009-10-15 21:00 . 2008-04-13 19:40 8320 c:\windows\SYSTEM32\DLLCACHE\dlttape.sys - 2009-10-15 21:00 . 2001-08-18 02:36 6216 c:\windows\SYSTEM32\DLLCACHE\divaci.dll + 2009-10-15 21:00 . 2001-08-18 03:36 6216 c:\windows\SYSTEM32\DLLCACHE\divaci.dll - 2009-10-15 21:00 . 2001-08-18 02:36 6729 c:\windows\SYSTEM32\DLLCACHE\disrvci.dll + 2009-10-15 21:00 . 2001-08-18 03:36 6729 c:\windows\SYSTEM32\DLLCACHE\disrvci.dll + 2009-10-15 20:59 . 2001-08-17 18:52 7424 c:\windows\SYSTEM32\DLLCACHE\ddsmc.sys - 2009-10-15 20:59 . 2001-08-17 17:52 7424 c:\windows\SYSTEM32\DLLCACHE\ddsmc.sys + 2009-10-15 20:59 . 2001-08-17 17:19 3584 c:\windows\SYSTEM32\DLLCACHE\cwcosnt5.sys - 2009-10-15 20:59 . 2001-08-17 16:19 3584 c:\windows\SYSTEM32\DLLCACHE\cwcosnt5.sys + 2009-10-15 20:59 . 2001-08-17 17:19 3072 c:\windows\SYSTEM32\DLLCACHE\cwbmidi.sys - 2009-10-15 20:59 . 2001-08-17 16:19 3072 c:\windows\SYSTEM32\DLLCACHE\cwbmidi.sys + 2009-10-15 20:59 . 2001-08-17 17:19 3072 c:\windows\SYSTEM32\DLLCACHE\cwbase.sys - 2009-10-15 20:59 . 2001-08-17 16:19 3072 c:\windows\SYSTEM32\DLLCACHE\cwbase.sys - 2009-10-15 20:59 . 2001-08-18 02:36 4096 c:\windows\SYSTEM32\DLLCACHE\ctwdm32.dll + 2009-10-15 20:59 . 2001-08-18 03:36 4096 c:\windows\SYSTEM32\DLLCACHE\ctwdm32.dll + 2009-10-15 20:59 . 2001-08-17 17:19 3712 c:\windows\SYSTEM32\DLLCACHE\ctljystk.sys - 2009-10-15 20:59 . 2001-08-17 16:19 3712 c:\windows\SYSTEM32\DLLCACHE\ctljystk.sys - 2009-10-15 20:59 . 2001-08-17 16:19 6912 c:\windows\SYSTEM32\DLLCACHE\ctlfacem.sys + 2009-10-15 20:59 . 2001-08-17 17:19 6912 c:\windows\SYSTEM32\DLLCACHE\ctlfacem.sys - 2009-10-15 20:59 . 2008-04-13 18:40 8192 c:\windows\SYSTEM32\DLLCACHE\changer.sys + 2009-10-15 20:59 . 2008-04-13 19:40 8192 c:\windows\SYSTEM32\DLLCACHE\changer.sys - 2009-10-15 20:58 . 2001-08-18 02:36 9728 c:\windows\SYSTEM32\DLLCACHE\brserif.dll + 2009-10-15 20:58 . 2001-08-18 03:36 9728 c:\windows\SYSTEM32\DLLCACHE\brserif.dll - 2009-10-15 20:58 . 2001-08-18 02:36 5120 c:\windows\SYSTEM32\DLLCACHE\brscnrsm.dll + 2009-10-15 20:58 . 2001-08-18 03:36 5120 c:\windows\SYSTEM32\DLLCACHE\brscnrsm.dll + 2009-10-15 20:58 . 2001-08-17 18:12 3168 c:\windows\SYSTEM32\DLLCACHE\brparimg.sys - 2009-10-15 20:58 . 2001-08-17 17:12 3168 c:\windows\SYSTEM32\DLLCACHE\brparimg.sys + 2009-10-15 20:58 . 2001-08-17 18:12 3968 c:\windows\SYSTEM32\DLLCACHE\brfiltup.sys - 2009-10-15 20:58 . 2001-08-17 17:12 3968 c:\windows\SYSTEM32\DLLCACHE\brfiltup.sys - 2009-10-15 20:58 . 2001-08-17 17:12 2944 c:\windows\SYSTEM32\DLLCACHE\brfilt.sys + 2009-10-15 20:58 . 2001-08-17 18:12 2944 c:\windows\SYSTEM32\DLLCACHE\brfilt.sys + 2009-10-15 20:58 . 2001-08-18 03:36 9728 c:\windows\SYSTEM32\DLLCACHE\brcoinst.dll - 2009-10-15 20:58 . 2001-08-18 02:36 9728 c:\windows\SYSTEM32\DLLCACHE\brcoinst.dll + 2009-10-15 20:58 . 2001-08-17 17:49 9472 c:\windows\SYSTEM32\DLLCACHE\ativmdcd.sys - 2009-10-15 20:58 . 2001-08-17 16:49 9472 c:\windows\SYSTEM32\DLLCACHE\ativmdcd.sys - 2009-10-15 20:57 . 2001-08-17 17:47 6272 c:\windows\SYSTEM32\DLLCACHE\apmbatt.sys + 2009-10-15 20:57 . 2001-08-17 18:47 6272 c:\windows\SYSTEM32\DLLCACHE\apmbatt.sys - 2009-10-15 20:57 . 2001-08-17 17:53 7424 c:\windows\SYSTEM32\DLLCACHE\adicvls.sys + 2009-10-15 20:57 . 2001-08-17 18:53 7424 c:\windows\SYSTEM32\DLLCACHE\adicvls.sys + 2008-07-29 13:05 . 2008-07-29 13:05 655872 c:\windows\WinSxS\x86_Microsoft.VC90.CRT_1fc8b3b9a1e18e3b_9.0.30729.1_x-ww_6f74963e\msvcr90.dll + 2008-07-29 13:05 . 2008-07-29 13:05 572928 c:\windows\WinSxS\x86_Microsoft.VC90.CRT_1fc8b3b9a1e18e3b_9.0.30729.1_x-ww_6f74963e\msvcp90.dll + 2008-07-29 08:54 . 2008-07-29 08:54 225280 c:\windows\WinSxS\x86_Microsoft.VC90.CRT_1fc8b3b9a1e18e3b_9.0.30729.1_x-ww_6f74963e\msvcm90.dll + 2009-07-12 06:12 . 2009-07-12 06:12 632656 c:\windows\WinSxS\x86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0.50727.4053_x-ww_e6967989\msvcr80.dll + 2009-07-12 06:09 . 2009-07-12 06:09 554832 c:\windows\WinSxS\x86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0.50727.4053_x-ww_e6967989\msvcp80.dll + 2009-07-12 06:08 . 2009-07-12 06:08 479232 c:\windows\WinSxS\x86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0.50727.4053_x-ww_e6967989\msvcm80.dll + 2008-07-29 10:23 . 2008-07-29 10:23 626688 c:\windows\WinSxS\amd64_Microsoft.VC90.CRT_1fc8b3b9a1e18e3b_9.0.30729.1_x-ww_a17e7c1e\msvcr90.dll + 2008-07-29 10:23 . 2008-07-29 10:23 856576 c:\windows\WinSxS\amd64_Microsoft.VC90.CRT_1fc8b3b9a1e18e3b_9.0.30729.1_x-ww_a17e7c1e\msvcp90.dll + 2008-07-29 08:51 . 2008-07-29 08:51 245760 c:\windows\WinSxS\amd64_Microsoft.VC90.CRT_1fc8b3b9a1e18e3b_9.0.30729.1_x-ww_a17e7c1e\msvcm90.dll + 2009-11-07 01:56 . 2009-02-16 05:10 108424 c:\windows\SYSTEM32\ZoneLabs\zlupdate.dll + 2009-11-07 01:56 . 2009-02-16 05:10 302472 c:\windows\SYSTEM32\ZoneLabs\zlsre.dll + 2009-11-07 01:56 . 2009-02-16 05:10 178568 c:\windows\SYSTEM32\ZoneLabs\zlparser.dll + 2009-11-07 01:56 . 2009-02-16 05:10 172936 c:\windows\SYSTEM32\ZoneLabs\vsvault.dll + 2009-11-07 01:53 . 2009-02-16 05:10 108424 c:\windows\SYSTEM32\ZoneLabs\vsdb.dll + 2009-11-07 01:56 . 2009-02-16 05:10 176520 c:\windows\SYSTEM32\ZoneLabs\updclient.exe + 2009-11-07 01:56 . 2007-10-11 21:51 832984 c:\windows\SYSTEM32\ZoneLabs\updating.dll + 2009-11-07 01:56 . 2009-02-16 05:10 431496 c:\windows\SYSTEM32\ZoneLabs\ssleay32.dll + 2009-11-07 01:56 . 2009-02-16 05:10 134536 c:\windows\SYSTEM32\ZoneLabs\scheduler.dll + 2009-11-07 01:56 . 2008-11-17 07:23 796128 c:\windows\SYSTEM32\ZoneLabs\qrsrecl.dll + 2009-11-07 01:56 . 2008-11-17 07:23 722400 c:\windows\SYSTEM32\ZoneLabs\qrbase.dll + 2009-11-07 01:56 . 2009-02-16 05:10 118664 c:\windows\SYSTEM32\ZoneLabs\lib\zui.zip.dll + 2009-11-07 01:56 . 2009-02-16 05:10 151944 c:\windows\SYSTEM32\ZoneLabs\lib\ztv.zip.dll + 2009-11-07 01:55 . 2009-02-16 05:10 188808 c:\windows\SYSTEM32\ZoneLabs\lib\Overview.zip.dll + 2009-11-07 01:55 . 2009-02-16 05:10 344968 c:\windows\SYSTEM32\ZoneLabs\lib\LicenseUI.zip.dll + 2009-11-07 01:55 . 2009-02-16 05:10 136584 c:\windows\SYSTEM32\ZoneLabs\lib\DashBoard.zip.dll + 2009-11-07 01:55 . 2009-02-16 05:10 344456 c:\windows\SYSTEM32\ZoneLabs\lib\ConfigWizard.zip.dll + 2009-11-07 01:53 . 2009-02-04 23:27 548128 c:\windows\SYSTEM32\ZoneLabs\icslta.dll + 2009-11-07 01:56 . 2009-02-16 05:10 159112 c:\windows\SYSTEM32\ZoneLabs\httpblocker.dll + 2009-11-07 01:56 . 2008-03-17 21:52 813568 c:\windows\SYSTEM32\ZoneLabs\dbghelp.dll + 2009-11-07 01:55 . 2009-02-16 05:10 109960 c:\windows\SYSTEM32\vsxml.dll + 2009-11-07 01:53 . 2009-02-16 05:10 482184 c:\windows\SYSTEM32\vsutil.dll + 2009-11-07 01:55 . 2009-02-16 05:10 309128 c:\windows\SYSTEM32\vspubapi.dll + 2009-11-07 01:55 . 2009-02-16 05:10 107912 c:\windows\SYSTEM32\vsmonapi.dll + 2009-11-07 01:53 . 2009-02-16 05:10 229256 c:\windows\SYSTEM32\vsinit.dll + 2009-11-07 01:55 . 2009-02-16 05:10 353672 c:\windows\SYSTEM32\vsdatant.sys + 2009-11-07 01:53 . 2009-02-16 05:10 110472 c:\windows\SYSTEM32\vsdata.dll - 2003-11-06 01:48 . 2009-10-16 08:44 445370 c:\windows\SYSTEM32\PERFH009.DAT + 2003-11-06 01:48 . 2009-11-01 13:17 445370 c:\windows\SYSTEM32\PERFH009.DAT - 2009-10-15 21:08 . 2001-08-17 17:28 397502 c:\windows\SYSTEM32\DLLCACHE\vpctcom.sys + 2009-10-15 21:08 . 2001-08-17 18:28 397502 c:\windows\SYSTEM32\DLLCACHE\vpctcom.sys - 2009-10-15 21:08 . 2001-08-17 17:28 604253 c:\windows\SYSTEM32\DLLCACHE\vmodem.sys + 2009-10-15 21:08 . 2001-08-17 18:28 604253 c:\windows\SYSTEM32\DLLCACHE\vmodem.sys - 2009-10-15 21:08 . 2001-08-17 16:14 249402 c:\windows\SYSTEM32\DLLCACHE\vinwm.sys + 2009-10-15 21:08 . 2001-08-17 17:14 249402 c:\windows\SYSTEM32\DLLCACHE\vinwm.sys - 2009-10-15 21:08 . 2001-08-17 17:28 687999 c:\windows\SYSTEM32\DLLCACHE\usrwdxjs.sys + 2009-10-15 21:08 . 2001-08-17 18:28 687999 c:\windows\SYSTEM32\DLLCACHE\usrwdxjs.sys + 2009-10-15 21:08 . 2001-08-17 18:28 765884 c:\windows\SYSTEM32\DLLCACHE\usrti.sys - 2009-10-15 21:08 . 2001-08-17 17:28 765884 c:\windows\SYSTEM32\DLLCACHE\usrti.sys - 2009-10-15 21:08 . 2001-08-17 17:28 113762 c:\windows\SYSTEM32\DLLCACHE\usrpda.sys + 2009-10-15 21:08 . 2001-08-17 18:28 113762 c:\windows\SYSTEM32\DLLCACHE\usrpda.sys - 2009-10-15 21:08 . 2001-08-17 17:28 224802 c:\windows\SYSTEM32\DLLCACHE\usr1807a.sys + 2009-10-15 21:08 . 2001-08-17 18:28 224802 c:\windows\SYSTEM32\DLLCACHE\usr1807a.sys - 2009-10-15 21:08 . 2001-08-17 17:28 794399 c:\windows\SYSTEM32\DLLCACHE\usr1806v.sys + 2009-10-15 21:08 . 2001-08-17 18:28 794399 c:\windows\SYSTEM32\DLLCACHE\usr1806v.sys - 2009-10-15 21:08 . 2001-08-17 17:28 793598 c:\windows\SYSTEM32\DLLCACHE\usr1806.sys + 2009-10-15 21:08 . 2001-08-17 18:28 793598 c:\windows\SYSTEM32\DLLCACHE\usr1806.sys - 2009-10-15 21:08 . 2001-08-17 17:28 794654 c:\windows\SYSTEM32\DLLCACHE\usr1801.sys + 2009-10-15 21:08 . 2001-08-17 18:28 794654 c:\windows\SYSTEM32\DLLCACHE\usr1801.sys + 2009-10-15 21:08 . 2001-08-18 03:36 211968 c:\windows\SYSTEM32\DLLCACHE\um54scan.dll - 2009-10-15 21:08 . 2001-08-18 02:36 211968 c:\windows\SYSTEM32\DLLCACHE\um54scan.dll - 2009-10-15 21:08 . 2001-08-18 02:36 216064 c:\windows\SYSTEM32\DLLCACHE\um34scan.dll + 2009-10-15 21:08 . 2001-08-18 03:36 216064 c:\windows\SYSTEM32\DLLCACHE\um34scan.dll + 2009-10-15 21:08 . 2001-08-17 17:51 166784 c:\windows\SYSTEM32\DLLCACHE\tridxpm.sys - 2009-10-15 21:08 . 2001-08-17 16:51 166784 c:\windows\SYSTEM32\DLLCACHE\tridxpm.sys - 2009-10-15 21:08 . 2001-08-18 02:36 525568 c:\windows\SYSTEM32\DLLCACHE\tridxp.dll + 2009-10-15 21:08 . 2001-08-18 03:36 525568 c:\windows\SYSTEM32\DLLCACHE\tridxp.dll - 2009-10-15 21:08 . 2001-08-17 16:51 159232 c:\windows\SYSTEM32\DLLCACHE\tridkbm.sys + 2009-10-15 21:08 . 2001-08-17 17:51 159232 c:\windows\SYSTEM32\DLLCACHE\tridkbm.sys - 2009-10-15 21:08 . 2001-08-17 18:56 440576 c:\windows\SYSTEM32\DLLCACHE\tridkb.dll + 2009-10-15 21:08 . 2001-08-17 19:56 440576 c:\windows\SYSTEM32\DLLCACHE\tridkb.dll - 2009-10-15 21:08 . 2001-08-17 16:51 222336 c:\windows\SYSTEM32\DLLCACHE\trid3dm.sys + 2009-10-15 21:08 . 2001-08-17 17:51 222336 c:\windows\SYSTEM32\DLLCACHE\trid3dm.sys - 2009-10-15 21:08 . 2001-08-17 18:56 315520 c:\windows\SYSTEM32\DLLCACHE\trid3d.dll + 2009-10-15 21:08 . 2001-08-17 19:56 315520 c:\windows\SYSTEM32\DLLCACHE\trid3d.dll - 2009-10-15 21:08 . 2001-08-17 18:02 230912 c:\windows\SYSTEM32\DLLCACHE\tosdvd03.sys + 2009-10-15 21:08 . 2001-08-17 19:02 230912 c:\windows\SYSTEM32\DLLCACHE\tosdvd03.sys - 2009-10-15 21:08 . 2001-08-17 18:01 241664 c:\windows\SYSTEM32\DLLCACHE\tosdvd02.sys + 2009-10-15 21:08 . 2001-08-17 19:01 241664 c:\windows\SYSTEM32\DLLCACHE\tosdvd02.sys - 2009-10-15 21:08 . 2001-08-17 16:14 123995 c:\windows\SYSTEM32\DLLCACHE\tjisdn.sys + 2009-10-15 21:08 . 2001-08-17 17:14 123995 c:\windows\SYSTEM32\DLLCACHE\tjisdn.sys - 2009-10-15 21:08 . 2001-08-17 16:51 138528 c:\windows\SYSTEM32\DLLCACHE\tgiulnt5.sys + 2009-10-15 21:08 . 2001-08-17 17:51 138528 c:\windows\SYSTEM32\DLLCACHE\tgiulnt5.sys + 2009-10-15 21:08 . 2008-04-13 19:40 149376 c:\windows\SYSTEM32\DLLCACHE\tffsport.sys - 2009-10-15 21:08 . 2008-04-13 18:40 149376 c:\windows\SYSTEM32\DLLCACHE\tffsport.sys - 2009-10-15 21:07 . 2001-08-17 18:56 172768 c:\windows\SYSTEM32\DLLCACHE\t2r4disp.dll + 2009-10-15 21:07 . 2001-08-17 19:56 172768 c:\windows\SYSTEM32\DLLCACHE\t2r4disp.dll + 2009-10-15 21:07 . 2001-08-17 18:50 103936 c:\windows\SYSTEM32\DLLCACHE\sx.sys - 2009-10-15 21:07 . 2001-08-17 17:50 103936 c:\windows\SYSTEM32\DLLCACHE\sx.sys + 2009-10-15 21:07 . 2001-08-18 03:36 155648 c:\windows\SYSTEM32\DLLCACHE\stlnprop.dll - 2009-10-15 21:07 . 2001-08-18 02:36 155648 c:\windows\SYSTEM32\DLLCACHE\stlnprop.dll - 2009-10-15 21:07 . 2001-08-17 16:18 285760 c:\windows\SYSTEM32\DLLCACHE\stlnata.sys + 2009-10-15 21:07 . 2001-08-17 17:18 285760 c:\windows\SYSTEM32\DLLCACHE\stlnata.sys - 2009-10-15 21:07 . 2001-08-18 02:36 106584 c:\windows\SYSTEM32\DLLCACHE\spdports.dll + 2009-10-15 21:07 . 2001-08-18 03:36 106584 c:\windows\SYSTEM32\DLLCACHE\spdports.dll - 2009-10-15 21:07 . 2001-08-18 02:36 114688 c:\windows\SYSTEM32\DLLCACHE\sonypi.dll + 2009-10-15 21:07 . 2001-08-18 03:36 114688 c:\windows\SYSTEM32\DLLCACHE\sonypi.dll - 2009-10-15 21:07 . 2001-08-17 18:56 147200 c:\windows\SYSTEM32\DLLCACHE\smidispb.dll + 2009-10-15 21:07 . 2001-08-17 19:56 147200 c:\windows\SYSTEM32\DLLCACHE\smidispb.dll + 2009-10-15 21:07 . 2001-08-17 19:56 157696 c:\windows\SYSTEM32\DLLCACHE\sisv256.dll - 2009-10-15 21:07 . 2001-08-17 18:56 157696 c:\windows\SYSTEM32\DLLCACHE\sisv256.dll + 2009-10-15 21:07 . 2001-08-18 03:36 238592 c:\windows\SYSTEM32\DLLCACHE\sisgrv.dll - 2009-10-15 21:07 . 2001-08-18 02:36 238592 c:\windows\SYSTEM32\DLLCACHE\sisgrv.dll - 2009-10-15 21:07 . 2001-08-17 16:50 104064 c:\windows\SYSTEM32\DLLCACHE\sisgrp.sys + 2009-10-15 21:07 . 2001-08-17 17:50 104064 c:\windows\SYSTEM32\DLLCACHE\sisgrp.sys - 2009-10-15 21:06 . 2001-08-17 18:56 150144 c:\windows\SYSTEM32\DLLCACHE\sis6306v.dll + 2009-10-15 21:06 . 2001-08-17 19:56 150144 c:\windows\SYSTEM32\DLLCACHE\sis6306v.dll + 2009-10-15 21:06 . 2001-08-17 17:50 101760 c:\windows\SYSTEM32\DLLCACHE\sis300ip.sys - 2009-10-15 21:06 . 2001-08-17 16:50 101760 c:\windows\SYSTEM32\DLLCACHE\sis300ip.sys + 2009-10-15 21:06 . 2001-07-21 19:29 161568 c:\windows\SYSTEM32\DLLCACHE\sgsmusb.sys - 2009-10-15 21:06 . 2001-07-21 18:29 161568 c:\windows\SYSTEM32\DLLCACHE\sgsmusb.sys - 2009-10-15 21:06 . 2001-08-18 02:36 386560 c:\windows\SYSTEM32\DLLCACHE\sgiul50.dll + 2009-10-15 21:06 . 2001-08-18 03:36 386560 c:\windows\SYSTEM32\DLLCACHE\sgiul50.dll - 2009-10-15 21:06 . 2001-08-18 02:36 495616 c:\windows\SYSTEM32\DLLCACHE\sblfx.dll + 2009-10-15 21:06 . 2001-08-18 03:36 495616 c:\windows\SYSTEM32\DLLCACHE\sblfx.dll + 2009-10-15 21:06 . 2001-08-17 19:56 245632 c:\windows\SYSTEM32\DLLCACHE\s3savmx.dll - 2009-10-15 21:06 . 2001-08-17 18:56 245632 c:\windows\SYSTEM32\DLLCACHE\s3savmx.dll + 2009-10-15 21:06 . 2001-08-17 19:56 198400 c:\windows\SYSTEM32\DLLCACHE\s3sav4.dll - 2009-10-15 21:06 . 2001-08-17 18:56 198400 c:\windows\SYSTEM32\DLLCACHE\s3sav4.dll + 2009-10-15 21:06 . 2001-08-17 19:56 179264 c:\windows\SYSTEM32\DLLCACHE\s3sav3d.dll - 2009-10-15 21:06 . 2001-08-17 18:56 179264 c:\windows\SYSTEM32\DLLCACHE\s3sav3d.dll - 2009-10-15 21:06 . 2001-08-17 18:56 210496 c:\windows\SYSTEM32\DLLCACHE\s3mvirge.dll + 2009-10-15 21:06 . 2001-08-17 19:56 210496 c:\windows\SYSTEM32\DLLCACHE\s3mvirge.dll - 2009-10-15 21:06 . 2001-08-17 18:56 182272 c:\windows\SYSTEM32\DLLCACHE\s3mt3d.dll + 2009-10-15 21:06 . 2001-08-17 19:56 182272 c:\windows\SYSTEM32\DLLCACHE\s3mt3d.dll - 2009-10-15 21:06 . 2001-08-17 16:50 166720 c:\windows\SYSTEM32\DLLCACHE\s3m.sys + 2009-10-15 21:06 . 2001-08-17 17:50 166720 c:\windows\SYSTEM32\DLLCACHE\s3m.sys + 2009-10-15 21:05 . 2001-08-17 18:28 899146 c:\windows\SYSTEM32\DLLCACHE\r2mdkxga.sys - 2009-10-15 21:05 . 2001-08-17 17:28 899146 c:\windows\SYSTEM32\DLLCACHE\r2mdkxga.sys + 2009-10-15 21:05 . 2001-08-17 18:28 130942 c:\windows\SYSTEM32\DLLCACHE\ptserlv.sys - 2009-10-15 21:05 . 2001-08-17 17:28 130942 c:\windows\SYSTEM32\DLLCACHE\ptserlv.sys + 2009-10-15 21:05 . 2001-08-17 18:28 112574 c:\windows\SYSTEM32\DLLCACHE\ptserlp.sys - 2009-10-15 21:05 . 2001-08-17 17:28 112574 c:\windows\SYSTEM32\DLLCACHE\ptserlp.sys + 2009-10-15 21:05 . 2001-08-17 18:28 128286 c:\windows\SYSTEM32\DLLCACHE\ptserli.sys - 2009-10-15 21:05 . 2001-08-17 17:28 128286 c:\windows\SYSTEM32\DLLCACHE\ptserli.sys - 2009-10-15 21:05 . 2008-04-14 00:12 159232 c:\windows\SYSTEM32\DLLCACHE\ptpusd.dll + 2009-10-15 21:05 . 2008-04-14 01:12 159232 c:\windows\SYSTEM32\DLLCACHE\ptpusd.dll - 2009-10-15 21:05 . 2001-08-18 02:36 121344 c:\windows\SYSTEM32\DLLCACHE\phvfwext.dll + 2009-10-15 21:05 . 2001-08-18 03:36 121344 c:\windows\SYSTEM32\DLLCACHE\phvfwext.dll + 2009-10-15 21:05 . 2001-08-17 19:04 173696 c:\windows\SYSTEM32\DLLCACHE\philcam2.sys - 2009-10-15 21:05 . 2001-08-17 18:04 173696 c:\windows\SYSTEM32\DLLCACHE\philcam2.sys - 2009-10-15 21:05 . 2008-04-14 00:10 259328 c:\windows\SYSTEM32\DLLCACHE\perm3dd.dll + 2009-10-15 21:05 . 2008-04-14 01:10 259328 c:\windows\SYSTEM32\DLLCACHE\perm3dd.dll + 2009-10-15 21:05 . 2008-04-14 01:10 211584 c:\windows\SYSTEM32\DLLCACHE\perm2dll.dll - 2009-10-15 21:05 . 2008-04-14 00:10 211584 c:\windows\SYSTEM32\DLLCACHE\perm2dll.dll - 2009-10-15 21:05 . 2002-08-29 02:59 169984 c:\windows\SYSTEM32\DLLCACHE\pcx500.sys + 2009-10-15 21:05 . 2002-08-29 03:59 169984 c:\windows\SYSTEM32\DLLCACHE\pcx500.sys + 2009-10-15 21:05 . 2001-08-17 19:05 351616 c:\windows\SYSTEM32\DLLCACHE\ovcodek2.sys - 2009-10-15 21:05 . 2001-08-17 18:05 351616 c:\windows\SYSTEM32\DLLCACHE\ovcodek2.sys + 2009-10-15 21:05 . 2001-08-18 03:36 116736 c:\windows\SYSTEM32\DLLCACHE\ovcodec2.dll - 2009-10-15 21:05 . 2001-08-18 02:36 116736 c:\windows\SYSTEM32\DLLCACHE\ovcodec2.dll - 2009-10-15 21:05 . 2001-08-17 16:50 198144 c:\windows\SYSTEM32\DLLCACHE\nv3.sys + 2009-10-15 21:05 . 2001-08-17 17:50 198144 c:\windows\SYSTEM32\DLLCACHE\nv3.sys + 2009-10-15 21:05 . 2001-08-18 03:36 123776 c:\windows\SYSTEM32\DLLCACHE\nv3.dll - 2009-10-15 21:05 . 2001-08-18 02:36 123776 c:\windows\SYSTEM32\DLLCACHE\nv3.dll - 2009-10-15 21:04 . 2001-08-17 16:20 126080 c:\windows\SYSTEM32\DLLCACHE\nm5a2wdm.sys + 2009-10-15 21:04 . 2001-08-17 17:20 126080 c:\windows\SYSTEM32\DLLCACHE\nm5a2wdm.sys + 2009-10-15 21:04 . 2002-08-29 03:59 132695 c:\windows\SYSTEM32\DLLCACHE\netwlan5.sys - 2009-10-15 21:04 . 2002-08-29 02:59 132695 c:\windows\SYSTEM32\DLLCACHE\netwlan5.sys + 2009-10-15 21:04 . 2001-08-17 17:11 128000 c:\windows\SYSTEM32\DLLCACHE\n100325.sys - 2009-10-15 21:04 . 2001-08-17 16:11 128000 c:\windows\SYSTEM32\DLLCACHE\n100325.sys + 2009-10-15 21:04 . 2001-08-17 17:50 103296 c:\windows\SYSTEM32\DLLCACHE\mtxvideo.sys - 2009-10-15 21:04 . 2001-08-17 16:50 103296 c:\windows\SYSTEM32\DLLCACHE\mtxvideo.sys + 2009-10-15 21:03 . 2001-08-17 17:50 320384 c:\windows\SYSTEM32\DLLCACHE\mgaum.sys - 2009-10-15 21:03 . 2001-08-17 16:50 320384 c:\windows\SYSTEM32\DLLCACHE\mgaum.sys - 2009-10-15 21:03 . 2001-08-17 18:56 235648 c:\windows\SYSTEM32\DLLCACHE\mgaud.dll + 2009-10-15 21:03 . 2001-08-17 19:56 235648 c:\windows\SYSTEM32\DLLCACHE\mgaud.dll + 2009-10-15 21:03 . 2001-08-17 17:12 164586 c:\windows\SYSTEM32\DLLCACHE\mdgndis5.sys - 2009-10-15 21:03 . 2001-08-17 16:12 164586 c:\windows\SYSTEM32\DLLCACHE\mdgndis5.sys - 2009-10-15 21:03 . 2001-08-17 17:28 797500 c:\windows\SYSTEM32\DLLCACHE\ltsmt.sys + 2009-10-15 21:03 . 2001-08-17 18:28 797500 c:\windows\SYSTEM32\DLLCACHE\ltsmt.sys + 2009-10-15 21:03 . 2001-08-17 18:28 802683 c:\windows\SYSTEM32\DLLCACHE\ltsm.sys - 2009-10-15 21:03 . 2001-08-17 17:28 802683 c:\windows\SYSTEM32\DLLCACHE\ltsm.sys + 2009-10-15 21:03 . 2002-08-29 04:34 420992 c:\windows\SYSTEM32\DLLCACHE\ltmdmntt.sys - 2009-10-15 21:03 . 2002-08-29 03:34 420992 c:\windows\SYSTEM32\DLLCACHE\ltmdmntt.sys + 2009-10-15 21:03 . 2001-08-17 18:28 576746 c:\windows\SYSTEM32\DLLCACHE\ltmdmntl.sys - 2009-10-15 21:03 . 2001-08-17 17:28 576746 c:\windows\SYSTEM32\DLLCACHE\ltmdmntl.sys + 2009-10-15 21:03 . 2004-08-04 06:41 606684 c:\windows\SYSTEM32\DLLCACHE\ltmdmnt.sys - 2009-10-15 21:03 . 2004-08-04 05:41 606684 c:\windows\SYSTEM32\DLLCACHE\ltmdmnt.sys - 2009-10-15 21:03 . 2001-08-17 17:28 727786 c:\windows\SYSTEM32\DLLCACHE\ltck000c.sys + 2009-10-15 21:03 . 2001-08-17 18:28 727786 c:\windows\SYSTEM32\DLLCACHE\ltck000c.sys + 2009-10-15 21:03 . 2008-04-14 01:11 253952 c:\windows\SYSTEM32\DLLCACHE\kdsusd.dll - 2009-10-15 21:03 . 2008-04-14 00:11 253952 c:\windows\SYSTEM32\DLLCACHE\kdsusd.dll + 2009-10-15 21:02 . 2008-04-14 01:12 151552 c:\windows\SYSTEM32\DLLCACHE\irftp.exe - 2009-10-15 21:02 . 2008-04-14 00:12 151552 c:\windows\SYSTEM32\DLLCACHE\irftp.exe - 2009-10-15 21:02 . 2001-08-18 02:36 372824 c:\windows\SYSTEM32\DLLCACHE\iconf32.dll + 2009-10-15 21:02 . 2001-08-18 03:36 372824 c:\windows\SYSTEM32\DLLCACHE\iconf32.dll + 2009-10-15 21:02 . 2001-08-17 19:06 100992 c:\windows\SYSTEM32\DLLCACHE\icam5usb.sys - 2009-10-15 21:02 . 2001-08-17 18:06 100992 c:\windows\SYSTEM32\DLLCACHE\icam5usb.sys + 2009-10-15 21:02 . 2001-08-17 19:06 154496 c:\windows\SYSTEM32\DLLCACHE\icam4usb.sys - 2009-10-15 21:02 . 2001-08-17 18:06 154496 c:\windows\SYSTEM32\DLLCACHE\icam4usb.sys - 2009-10-15 21:02 . 2001-08-17 18:05 141056 c:\windows\SYSTEM32\DLLCACHE\icam3.sys + 2009-10-15 21:02 . 2001-08-17 19:05 141056 c:\windows\SYSTEM32\DLLCACHE\icam3.sys - 2009-10-15 21:02 . 2001-08-17 16:12 109085 c:\windows\SYSTEM32\DLLCACHE\ibmtrp.sys + 2009-10-15 21:02 . 2001-08-17 17:12 109085 c:\windows\SYSTEM32\DLLCACHE\ibmtrp.sys - 2009-10-15 21:02 . 2001-08-17 16:12 100936 c:\windows\SYSTEM32\DLLCACHE\ibmtok.sys + 2009-10-15 21:02 . 2001-08-17 17:12 100936 c:\windows\SYSTEM32\DLLCACHE\ibmtok.sys - 2009-10-15 21:01 . 2001-08-17 17:28 488383 c:\windows\SYSTEM32\DLLCACHE\hsf_v124.sys + 2009-10-15 21:01 . 2001-08-17 18:28 488383 c:\windows\SYSTEM32\DLLCACHE\hsf_v124.sys - 2009-10-15 21:01 . 2001-08-17 17:28 542879 c:\windows\SYSTEM32\DLLCACHE\hsf_msft.sys + 2009-10-15 21:01 . 2001-08-17 18:28 542879 c:\windows\SYSTEM32\DLLCACHE\hsf_msft.sys - 2009-10-15 21:01 . 2001-08-17 17:28 391199 c:\windows\SYSTEM32\DLLCACHE\hsf_k56k.sys + 2009-10-15 21:01 . 2001-08-17 18:28 391199 c:\windows\SYSTEM32\DLLCACHE\hsf_k56k.sys + 2009-10-15 21:01 . 2001-08-17 18:28 115807 c:\windows\SYSTEM32\DLLCACHE\hsf_fsks.sys - 2009-10-15 21:01 . 2001-08-17 17:28 115807 c:\windows\SYSTEM32\DLLCACHE\hsf_fsks.sys + 2009-10-15 21:01 . 2001-08-17 18:28 199711 c:\windows\SYSTEM32\DLLCACHE\hsf_faxx.sys - 2009-10-15 21:01 . 2001-08-17 17:28 199711 c:\windows\SYSTEM32\DLLCACHE\hsf_faxx.sys - 2009-10-15 21:01 . 2001-08-17 17:28 289887 c:\windows\SYSTEM32\DLLCACHE\hsf_fall.sys + 2009-10-15 21:01 . 2001-08-17 18:28 289887 c:\windows\SYSTEM32\DLLCACHE\hsf_fall.sys - 2009-10-15 21:01 . 2001-08-17 17:28 150239 c:\windows\SYSTEM32\DLLCACHE\hsf_amos.sys + 2009-10-15 21:01 . 2001-08-17 18:28 150239 c:\windows\SYSTEM32\DLLCACHE\hsf_amos.sys - 2009-10-15 21:01 . 2001-08-18 02:36 324608 c:\windows\SYSTEM32\DLLCACHE\hpojwia.dll + 2009-10-15 21:01 . 2001-08-18 03:36 324608 c:\windows\SYSTEM32\DLLCACHE\hpojwia.dll + 2009-10-15 21:01 . 2001-08-18 03:36 165888 c:\windows\SYSTEM32\DLLCACHE\hpgt53.dll - 2009-10-15 21:01 . 2001-08-18 02:36 165888 c:\windows\SYSTEM32\DLLCACHE\hpgt53.dll + 2009-10-15 21:01 . 2001-08-18 03:36 126976 c:\windows\SYSTEM32\DLLCACHE\hpgt34tk.dll - 2009-10-15 21:01 . 2001-08-18 02:36 126976 c:\windows\SYSTEM32\DLLCACHE\hpgt34tk.dll + 2009-10-15 21:01 . 2001-08-18 03:36 101376 c:\windows\SYSTEM32\DLLCACHE\hpgt34.dll - 2009-10-15 21:01 . 2001-08-18 02:36 101376 c:\windows\SYSTEM32\DLLCACHE\hpgt34.dll - 2009-10-15 21:01 . 2001-08-18 02:36 123392 c:\windows\SYSTEM32\DLLCACHE\hpgt21tk.dll + 2009-10-15 21:01 . 2001-08-18 03:36 123392 c:\windows\SYSTEM32\DLLCACHE\hpgt21tk.dll - 2009-10-15 21:01 . 2001-08-18 02:36 119296 c:\windows\SYSTEM32\DLLCACHE\hpdigwia.dll + 2009-10-15 21:01 . 2001-08-18 03:36 119296 c:\windows\SYSTEM32\DLLCACHE\hpdigwia.dll + 2009-10-15 21:01 . 2001-08-17 18:28 907456 c:\windows\SYSTEM32\DLLCACHE\hcf_msft.sys - 2009-10-15 21:01 . 2001-08-17 17:28 907456 c:\windows\SYSTEM32\DLLCACHE\hcf_msft.sys - 2009-10-15 21:01 . 2001-08-17 16:49 322432 c:\windows\SYSTEM32\DLLCACHE\g400m.sys + 2009-10-15 21:01 . 2001-08-17 17:49 322432 c:\windows\SYSTEM32\DLLCACHE\g400m.sys + 2009-10-15 21:01 . 2001-08-17 17:49 320384 c:\windows\SYSTEM32\DLLCACHE\g200m.sys - 2009-10-15 21:01 . 2001-08-17 16:49 320384 c:\windows\SYSTEM32\DLLCACHE\g200m.sys - 2009-10-15 21:01 . 2001-08-17 18:56 470144 c:\windows\SYSTEM32\DLLCACHE\g200d.dll + 2009-10-15 21:01 . 2001-08-17 19:56 470144 c:\windows\SYSTEM32\DLLCACHE\g200d.dll + 2009-10-15 21:01 . 2001-08-17 17:15 454912 c:\windows\SYSTEM32\DLLCACHE\fxusbase.sys - 2009-10-15 21:01 . 2001-08-17 16:15 454912 c:\windows\SYSTEM32\DLLCACHE\fxusbase.sys + 2009-10-15 21:01 . 2001-08-17 17:15 455296 c:\windows\SYSTEM32\DLLCACHE\fusbbase.sys - 2009-10-15 21:01 . 2001-08-17 16:15 455296 c:\windows\SYSTEM32\DLLCACHE\fusbbase.sys + 2009-10-15 21:01 . 2001-08-17 17:15 455680 c:\windows\SYSTEM32\DLLCACHE\fus2base.sys - 2009-10-15 21:01 . 2001-08-17 16:15 455680 c:\windows\SYSTEM32\DLLCACHE\fus2base.sys - 2009-10-15 21:01 . 2001-08-17 16:15 442240 c:\windows\SYSTEM32\DLLCACHE\fpnpbase.sys + 2009-10-15 21:01 . 2001-08-17 17:15 442240 c:\windows\SYSTEM32\DLLCACHE\fpnpbase.sys + 2009-10-15 21:01 . 2001-08-17 17:14 441728 c:\windows\SYSTEM32\DLLCACHE\fpcmbase.sys - 2009-10-15 21:01 . 2001-08-17 16:14 441728 c:\windows\SYSTEM32\DLLCACHE\fpcmbase.sys - 2009-10-15 21:01 . 2001-08-17 16:14 444416 c:\windows\SYSTEM32\DLLCACHE\fpcibase.sys + 2009-10-15 21:01 . 2001-08-17 17:14 444416 c:\windows\SYSTEM32\DLLCACHE\fpcibase.sys + 2009-10-15 21:00 . 2002-08-29 04:00 137088 c:\windows\SYSTEM32\DLLCACHE\essm2e.sys - 2009-10-15 21:00 . 2002-08-29 03:00 137088 c:\windows\SYSTEM32\DLLCACHE\essm2e.sys - 2009-10-15 21:00 . 2001-08-17 17:28 347550 c:\windows\SYSTEM32\DLLCACHE\es56tpi.sys + 2009-10-15 21:00 . 2001-08-17 18:28 347550 c:\windows\SYSTEM32\DLLCACHE\es56tpi.sys - 2009-10-15 21:00 . 2001-08-17 17:28 594238 c:\windows\SYSTEM32\DLLCACHE\es56hpi.sys + 2009-10-15 21:00 . 2001-08-17 18:28 594238 c:\windows\SYSTEM32\DLLCACHE\es56hpi.sys + 2009-10-15 21:00 . 2001-08-17 18:28 595647 c:\windows\SYSTEM32\DLLCACHE\es56cvmp.sys - 2009-10-15 21:00 . 2001-08-17 17:28 595647 c:\windows\SYSTEM32\DLLCACHE\es56cvmp.sys - 2009-10-15 21:00 . 2001-08-17 16:19 174464 c:\windows\SYSTEM32\DLLCACHE\es198x.sys + 2009-10-15 21:00 . 2001-08-17 17:19 174464 c:\windows\SYSTEM32\DLLCACHE\es198x.sys + 2009-10-15 21:00 . 2001-08-17 17:17 629952 c:\windows\SYSTEM32\DLLCACHE\eqn.sys - 2009-10-15 21:00 . 2001-08-17 16:17 629952 c:\windows\SYSTEM32\DLLCACHE\eqn.sys + 2009-10-15 21:00 . 2001-08-17 18:50 114944 c:\windows\SYSTEM32\DLLCACHE\epstw2k.sys - 2009-10-15 21:00 . 2001-08-17 17:50 114944 c:\windows\SYSTEM32\DLLCACHE\epstw2k.sys - 2009-10-15 21:00 . 2001-08-17 17:50 144896 c:\windows\SYSTEM32\DLLCACHE\epcfw2k.sys + 2009-10-15 21:00 . 2001-08-17 18:50 144896 c:\windows\SYSTEM32\DLLCACHE\epcfw2k.sys - 2009-10-15 21:00 . 2001-08-17 16:19 283904 c:\windows\SYSTEM32\DLLCACHE\emu10k1m.sys + 2009-10-15 21:00 . 2001-08-17 17:19 283904 c:\windows\SYSTEM32\DLLCACHE\emu10k1m.sys + 2009-10-15 21:00 . 2001-08-17 17:11 171520 c:\windows\SYSTEM32\DLLCACHE\el99xn51.sys - 2009-10-15 21:00 . 2001-08-17 16:11 171520 c:\windows\SYSTEM32\DLLCACHE\el99xn51.sys - 2009-10-15 21:00 . 2001-08-17 16:11 455199 c:\windows\SYSTEM32\DLLCACHE\el985n51.sys + 2009-10-15 21:00 . 2001-08-17 17:11 455199 c:\windows\SYSTEM32\DLLCACHE\el985n51.sys + 2009-10-15 21:00 . 2001-08-17 17:11 153631 c:\windows\SYSTEM32\DLLCACHE\el90xnd5.sys - 2009-10-15 21:00 . 2001-08-17 16:11 153631 c:\windows\SYSTEM32\DLLCACHE\el90xnd5.sys + 2009-10-15 21:00 . 2001-08-17 18:28 241206 c:\windows\SYSTEM32\DLLCACHE\el656se5.sys - 2009-10-15 21:00 . 2001-08-17 17:28 241206 c:\windows\SYSTEM32\DLLCACHE\el656se5.sys - 2009-10-15 21:00 . 2001-08-17 17:28 634134 c:\windows\SYSTEM32\DLLCACHE\el656ct5.sys + 2009-10-15 21:00 . 2001-08-17 18:28 634134 c:\windows\SYSTEM32\DLLCACHE\el656ct5.sys + 2009-10-15 21:00 . 2001-08-17 17:12 117760 c:\windows\SYSTEM32\DLLCACHE\e100b325.sys - 2009-10-15 21:00 . 2001-08-17 16:12 117760 c:\windows\SYSTEM32\DLLCACHE\e100b325.sys - 2009-10-15 21:00 . 2001-08-17 16:20 334208 c:\windows\SYSTEM32\DLLCACHE\ds1wdm.sys + 2009-10-15 21:00 . 2001-08-17 17:20 334208 c:\windows\SYSTEM32\DLLCACHE\ds1wdm.sys - 2009-10-15 21:00 . 2008-04-13 18:39 206976 c:\windows\SYSTEM32\DLLCACHE\dot4.sys + 2009-10-15 21:00 . 2008-04-13 19:39 206976 c:\windows\SYSTEM32\DLLCACHE\dot4.sys + 2009-10-15 21:00 . 2001-08-17 17:14 952007 c:\windows\SYSTEM32\DLLCACHE\diwan.sys - 2009-10-15 21:00 . 2001-08-17 16:14 952007 c:\windows\SYSTEM32\DLLCACHE\diwan.sys - 2009-10-15 21:00 . 2001-08-18 02:36 236060 c:\windows\SYSTEM32\DLLCACHE\ditrace.exe + 2009-10-15 21:00 . 2001-08-18 03:36 236060 c:\windows\SYSTEM32\DLLCACHE\ditrace.exe + 2009-10-15 21:00 . 2001-08-18 03:36 614429 c:\windows\SYSTEM32\DLLCACHE\digiview.exe - 2009-10-15 21:00 . 2001-08-18 02:36 614429 c:\windows\SYSTEM32\DLLCACHE\digiview.exe + 2009-10-15 21:00 . 2001-08-18 03:36 110621 c:\windows\SYSTEM32\DLLCACHE\digirlpt.dll - 2009-10-15 21:00 . 2001-08-18 02:36 110621 c:\windows\SYSTEM32\DLLCACHE\digirlpt.dll - 2009-10-15 21:00 . 2001-08-18 02:36 102484 c:\windows\SYSTEM32\DLLCACHE\digiinf.dll + 2009-10-15 21:00 . 2001-08-18 03:36 102484 c:\windows\SYSTEM32\DLLCACHE\digiinf.dll - 2009-10-15 21:00 . 2001-08-18 02:36 159828 c:\windows\SYSTEM32\DLLCACHE\digihlc.dll + 2009-10-15 21:00 . 2001-08-18 03:36 159828 c:\windows\SYSTEM32\DLLCACHE\digihlc.dll + 2009-10-15 21:00 . 2001-08-18 03:36 229462 c:\windows\SYSTEM32\DLLCACHE\digifwrk.dll - 2009-10-15 21:00 . 2001-08-18 02:36 229462 c:\windows\SYSTEM32\DLLCACHE\digifwrk.dll + 2009-10-15 21:00 . 2001-08-17 17:13 103044 c:\windows\SYSTEM32\DLLCACHE\digidxb.sys - 2009-10-15 21:00 . 2001-08-17 16:13 103044 c:\windows\SYSTEM32\DLLCACHE\digidxb.sys - 2009-10-15 21:00 . 2001-08-18 02:36 131156 c:\windows\SYSTEM32\DLLCACHE\digidbp.dll + 2009-10-15 21:00 . 2001-08-18 03:36 131156 c:\windows\SYSTEM32\DLLCACHE\digidbp.dll + 2009-10-15 20:59 . 2001-08-17 17:13 164923 c:\windows\SYSTEM32\DLLCACHE\diapi2.sys - 2009-10-15 20:59 . 2001-08-17 16:13 164923 c:\windows\SYSTEM32\DLLCACHE\diapi2.sys + 2009-10-15 21:00 . 2001-08-18 03:36 419357 c:\windows\SYSTEM32\DLLCACHE\dgconfig.dll - 2009-10-15 21:00 . 2001-08-18 02:36 419357 c:\windows\SYSTEM32\DLLCACHE\dgconfig.dll + 2009-10-15 20:59 . 2001-08-18 03:36 256512 c:\windows\SYSTEM32\DLLCACHE\devcon32.dll - 2009-10-15 20:59 . 2001-08-18 02:36 256512 c:\windows\SYSTEM32\DLLCACHE\devcon32.dll + 2009-10-15 20:59 . 2001-08-18 03:36 110592 c:\windows\SYSTEM32\DLLCACHE\dc260usd.dll - 2009-10-15 20:59 . 2001-08-18 02:36 110592 c:\windows\SYSTEM32\DLLCACHE\dc260usd.dll + 2009-10-15 20:59 . 2001-08-17 17:12 117760 c:\windows\SYSTEM32\DLLCACHE\d100ib5.sys - 2009-10-15 20:59 . 2001-08-17 16:12 117760 c:\windows\SYSTEM32\DLLCACHE\d100ib5.sys + 2009-10-15 20:59 . 2001-08-17 17:19 111872 c:\windows\SYSTEM32\DLLCACHE\cwcspud.sys - 2009-10-15 20:59 . 2001-08-17 16:19 111872 c:\windows\SYSTEM32\DLLCACHE\cwcspud.sys - 2009-10-15 20:59 . 2008-04-14 00:11 249856 c:\windows\SYSTEM32\DLLCACHE\ctmasetp.dll + 2009-10-15 20:59 . 2008-04-14 01:11 249856 c:\windows\SYSTEM32\DLLCACHE\ctmasetp.dll - 2009-10-15 20:59 . 2001-08-18 02:36 175104 c:\windows\SYSTEM32\DLLCACHE\csamsp.dll + 2009-10-15 20:59 . 2001-08-18 03:36 175104 c:\windows\SYSTEM32\DLLCACHE\csamsp.dll + 2009-10-15 20:59 . 2001-08-18 03:36 216064 c:\windows\SYSTEM32\DLLCACHE\cpscan.dll - 2009-10-15 20:59 . 2001-08-18 02:36 216064 c:\windows\SYSTEM32\DLLCACHE\cpscan.dll + 2009-10-15 20:59 . 2001-08-17 18:57 248064 c:\windows\SYSTEM32\DLLCACHE\cl546xm.sys - 2009-10-15 20:59 . 2001-08-17 17:57 248064 c:\windows\SYSTEM32\DLLCACHE\cl546xm.sys - 2009-10-15 20:59 . 2001-08-17 18:56 170880 c:\windows\SYSTEM32\DLLCACHE\cl546x.dll + 2009-10-15 20:59 . 2001-08-17 19:56 170880 c:\windows\SYSTEM32\DLLCACHE\cl546x.dll - 2009-10-15 20:59 . 2001-08-17 18:56 111232 c:\windows\SYSTEM32\DLLCACHE\cl5465.dll + 2009-10-15 20:59 . 2001-08-17 19:56 111232 c:\windows\SYSTEM32\DLLCACHE\cl5465.dll + 2009-10-15 20:59 . 2001-08-17 19:02 272640 c:\windows\SYSTEM32\DLLCACHE\cinemclc.sys - 2009-10-15 20:59 . 2001-08-17 18:02 272640 c:\windows\SYSTEM32\DLLCACHE\cinemclc.sys - 2009-10-15 20:59 . 2001-08-17 16:13 980034 c:\windows\SYSTEM32\DLLCACHE\cicap.sys + 2009-10-15 20:59 . 2001-08-17 17:13 980034 c:\windows\SYSTEM32\DLLCACHE\cicap.sys - 2009-10-15 20:59 . 2001-08-17 17:28 714698 c:\windows\SYSTEM32\DLLCACHE\cbmdmkxx.sys + 2009-10-15 20:59 . 2001-08-17 18:28 714698 c:\windows\SYSTEM32\DLLCACHE\cbmdmkxx.sys + 2009-10-15 20:59 . 2008-04-14 01:11 121856 c:\windows\SYSTEM32\DLLCACHE\camext30.dll - 2009-10-15 20:59 . 2008-04-14 00:11 121856 c:\windows\SYSTEM32\DLLCACHE\camext30.dll + 2009-10-15 20:59 . 2001-08-18 03:36 236032 c:\windows\SYSTEM32\DLLCACHE\camext20.dll - 2009-10-15 20:59 . 2001-08-18 02:36 236032 c:\windows\SYSTEM32\DLLCACHE\camext20.dll - 2009-10-15 20:59 . 2001-08-17 18:04 171264 c:\windows\SYSTEM32\DLLCACHE\camdrv30.sys + 2009-10-15 20:59 . 2001-08-17 19:04 171264 c:\windows\SYSTEM32\DLLCACHE\camdrv30.sys - 2009-10-15 20:59 . 2001-08-17 18:04 223232 c:\windows\SYSTEM32\DLLCACHE\camdrv21.sys + 2009-10-15 20:59 . 2001-08-17 19:04 223232 c:\windows\SYSTEM32\DLLCACHE\camdrv21.sys + 2009-10-15 20:59 . 2001-08-17 19:05 314752 c:\windows\SYSTEM32\DLLCACHE\camdro21.sys - 2009-10-15 20:59 . 2001-08-17 18:05 314752 c:\windows\SYSTEM32\DLLCACHE\camdro21.sys + 2009-10-15 20:58 . 2001-08-18 03:36 102400 c:\windows\SYSTEM32\DLLCACHE\binlsvc.dll - 2009-10-15 20:58 . 2001-08-18 02:36 102400 c:\windows\SYSTEM32\DLLCACHE\binlsvc.dll + 2009-10-15 20:58 . 2001-08-17 18:28 871388 c:\windows\SYSTEM32\DLLCACHE\bcmdm.sys - 2009-10-15 20:58 . 2001-08-17 17:28 871388 c:\windows\SYSTEM32\DLLCACHE\bcmdm.sys + 2009-10-15 20:58 . 2001-08-17 19:56 342336 c:\windows\SYSTEM32\DLLCACHE\banshee.dll - 2009-10-15 20:58 . 2001-08-17 18:56 342336 c:\windows\SYSTEM32\DLLCACHE\banshee.dll - 2009-10-15 20:58 . 2001-08-18 02:36 144384 c:\windows\SYSTEM32\DLLCACHE\avmenum.dll + 2009-10-15 20:58 . 2001-08-18 03:36 144384 c:\windows\SYSTEM32\DLLCACHE\avmenum.dll + 2009-10-15 20:58 . 2001-08-17 19:56 104832 c:\windows\SYSTEM32\DLLCACHE\atiraged.dll - 2009-10-15 20:58 . 2001-08-17 18:56 104832 c:\windows\SYSTEM32\DLLCACHE\atiraged.dll - 2009-10-15 20:58 . 2001-08-17 16:48 281600 c:\windows\SYSTEM32\DLLCACHE\atimtai.sys + 2009-10-15 20:58 . 2001-08-17 17:48 281600 c:\windows\SYSTEM32\DLLCACHE\atimtai.sys - 2009-10-15 20:58 . 2001-08-17 16:48 289664 c:\windows\SYSTEM32\DLLCACHE\atimpab.sys + 2009-10-15 20:58 . 2001-08-17 17:48 289664 c:\windows\SYSTEM32\DLLCACHE\atimpab.sys - 2009-10-15 20:58 . 2001-08-17 18:56 268160 c:\windows\SYSTEM32\DLLCACHE\atidvai.dll + 2009-10-15 20:58 . 2001-08-17 19:56 268160 c:\windows\SYSTEM32\DLLCACHE\atidvai.dll - 2009-10-15 20:58 . 2001-08-17 18:56 137216 c:\windows\SYSTEM32\DLLCACHE\atidrae.dll + 2009-10-15 20:58 . 2001-08-17 19:56 137216 c:\windows\SYSTEM32\DLLCACHE\atidrae.dll + 2009-10-15 20:58 . 2001-08-17 19:55 382592 c:\windows\SYSTEM32\DLLCACHE\atidrab.dll - 2009-10-15 20:58 . 2001-08-17 18:55 382592 c:\windows\SYSTEM32\DLLCACHE\atidrab.dll + 2009-10-15 20:57 . 2001-08-17 17:19 747392 c:\windows\SYSTEM32\DLLCACHE\adm8830.sys - 2009-10-15 20:57 . 2001-08-17 16:19 747392 c:\windows\SYSTEM32\DLLCACHE\adm8830.sys + 2009-10-15 20:57 . 2001-08-17 17:19 553984 c:\windows\SYSTEM32\DLLCACHE\adm8820.sys - 2009-10-15 20:57 . 2001-08-17 16:19 553984 c:\windows\SYSTEM32\DLLCACHE\adm8820.sys - 2009-10-15 20:57 . 2001-08-17 16:19 584448 c:\windows\SYSTEM32\DLLCACHE\adm8810.sys + 2009-10-15 20:57 . 2001-08-17 17:19 584448 c:\windows\SYSTEM32\DLLCACHE\adm8810.sys + 2009-10-15 20:57 . 2001-08-17 17:20 297728 c:\windows\SYSTEM32\DLLCACHE\ac97sis.sys - 2009-10-15 20:57 . 2001-08-17 16:20 297728 c:\windows\SYSTEM32\DLLCACHE\ac97sis.sys + 2009-10-15 20:57 . 2002-08-29 04:00 231552 c:\windows\SYSTEM32\DLLCACHE\ac97ali.sys - 2009-10-15 20:57 . 2002-08-29 03:00 231552 c:\windows\SYSTEM32\DLLCACHE\ac97ali.sys + 2009-10-15 20:57 . 2001-08-18 03:36 462848 c:\windows\SYSTEM32\DLLCACHE\a3dapi.dll - 2009-10-15 20:57 . 2001-08-18 02:36 462848 c:\windows\SYSTEM32\DLLCACHE\a3dapi.dll + 2009-10-15 20:57 . 2001-08-17 17:48 148352 c:\windows\SYSTEM32\DLLCACHE\3dfxvsm.sys - 2009-10-15 20:57 . 2001-08-17 16:48 148352 c:\windows\SYSTEM32\DLLCACHE\3dfxvsm.sys - 2009-10-15 20:57 . 2001-08-17 18:55 689216 c:\windows\SYSTEM32\DLLCACHE\3dfxvs.dll + 2009-10-15 20:57 . 2001-08-17 19:55 689216 c:\windows\SYSTEM32\DLLCACHE\3dfxvs.dll + 2009-10-15 20:57 . 2001-08-17 18:28 762780 c:\windows\SYSTEM32\DLLCACHE\3cwmcru.sys - 2009-10-15 20:57 . 2001-08-17 17:28 762780 c:\windows\SYSTEM32\DLLCACHE\3cwmcru.sys + 2009-11-06 15:07 . 2009-11-06 15:07 424448 c:\windows\Installer\cf27c.msi + 2009-11-06 03:08 . 2008-07-08 13:02 382840 c:\windows\ie8updates\KB976749-IE8\spuninst\updspapi.dll + 2009-11-06 03:08 . 2008-07-08 13:02 231288 c:\windows\ie8updates\KB976749-IE8\spuninst\spuninst.exe + 2009-07-12 01:46 . 2009-07-12 01:46 1093120 c:\windows\WinSxS\x86_Microsoft.VC80.MFC_1fc8b3b9a1e18e3b_8.0.50727.4053_x-ww_b77cec8e\mfc80u.dll + 2009-07-12 01:46 . 2009-07-12 01:46 1105920 c:\windows\WinSxS\x86_Microsoft.VC80.MFC_1fc8b3b9a1e18e3b_8.0.50727.4053_x-ww_b77cec8e\mfc80.dll + 2009-11-07 01:56 . 2009-02-16 05:10 1648520 c:\windows\SYSTEM32\ZoneLabs\vsruledb.dll + 2009-11-07 01:55 . 2009-02-16 05:10 2402184 c:\windows\SYSTEM32\ZoneLabs\vsmon.exe + 2009-11-07 01:56 . 2008-11-17 07:23 1512928 c:\windows\SYSTEM32\ZoneLabs\srescan.dll + 2009-11-07 01:55 . 2009-02-16 05:10 1536392 c:\windows\SYSTEM32\ZoneLabs\lib\zpy.zip.dll + 2005-01-27 20:35 . 2009-10-22 09:19 5939712 c:\windows\SYSTEM32\mshtml.dll + 2005-01-27 20:35 . 2009-10-22 09:19 5939712 c:\windows\SYSTEM32\DLLCACHE\mshtml.dll - 2009-10-15 21:01 . 2001-08-17 18:56 1733120 c:\windows\SYSTEM32\DLLCACHE\g400d.dll + 2009-10-15 21:01 . 2001-08-17 19:56 1733120 c:\windows\SYSTEM32\DLLCACHE\g400d.dll + 2009-11-02 00:50 . 2009-11-02 00:50 1258496 c:\windows\Installer\62e72a.msi + 2009-11-06 03:08 . 2009-08-29 08:08 5940224 c:\windows\ie8updates\KB976749-IE8\mshtml.dll + 2009-11-07 01:56 . 2008-12-15 06:11 10465257 c:\windows\SYSTEM32\ZoneLabs\zlasdbup.dat + 2009-11-07 01:56 . 2008-12-15 06:11 10465257 c:\windows\SYSTEM32\ZoneLabs\spyware.dat . -- Snapshot reset to current date -- . ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) . . *Note* empty entries & legit default entries are not shown REGEDIT4 [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2007-06-08 68856] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "dla"="c:\windows\system32\dla\tfswctrl.exe" [2003-08-06 114741] "ISUSScheduler"="c:\program files\Common Files\InstallShield\UpdateService\issch.exe" [2004-07-27 81920] "LogMeIn GUI"="c:\program files\LogMeIn\x86\LogMeInSystray.exe" [2008-08-11 63048] "QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2007-05-17 282624] "Malwarebytes Anti-Malware (reboot)"="c:\documents and settings\JohnAdmin\Desktop\Malwarebytes' Anti-Malware\newyork.exe" [2009-09-09 1312080] "AVG9_TRAY"="c:\progra~1\AVG\AVG9\avgtray.exe" [2009-11-06 2010904] "ZoneAlarm Client"="c:\program files\Zone Labs\ZoneAlarm\zlclient.exe" [2009-02-16 981384] [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run] "swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2007-06-08 68856] c:\documents and settings\All Users\Start Menu\Programs\Startup\ hpoddt01.exe.lnk - c:\program files\Hewlett-Packard\Digital Imaging\bin\hpotdd01.exe [2003-4-9 28672] Image Transfer.lnk - c:\program files\Sony Corporation\Image Transfer\SonyTray.exe [2004-7-10 73728] NkbMonitor.exe.lnk - c:\program files\Nikon\PictureProject\NkbMonitor.exe [2006-1-8 118784] [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\avgrsstarter] 2009-11-06 15:10 12464 ----a-w- c:\windows\SYSTEM32\avgrsstx.dll [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\LMIinit] 2009-09-28 23:34 87352 ----a-w- c:\windows\SYSTEM32\LMIinit.dll [HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Adobe Reader Speed Launch.lnk] path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Adobe Reader Speed Launch.lnk backup=c:\windows\pss\Adobe Reader Speed Launch.lnkCommon Startup [HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^America Online 9.0 Tray Icon.lnk] path=c:\documents and settings\All Users\Start Menu\Programs\Startup\America Online 9.0 Tray Icon.lnk backup=c:\windows\pss\America Online 9.0 Tray Icon.lnkCommon Startup [HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Digital Line Detect.lnk] path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Digital Line Detect.lnk backup=c:\windows\pss\Digital Line Detect.lnkCommon Startup [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\ZoneLabsFirewall] "DisableMonitoring"=dword:00000001 [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile] "EnableFirewall"= 0 (0x0) [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List] "%windir%\\system32\\sessmgr.exe"= "c:\\WINDOWS\\SYSTEM32\\dpvsetup.exe"= "c:\\Program Files\\Messenger\\msmsgs.exe"= "c:\\Program Files\\iTunes\\iTunes.exe"= "%windir%\\Network Diagnostic\\xpnetdiag.exe"= "c:\\Program Files\\Real\\RealPlayer\\realplay.exe"= "c:\\WINDOWS\\PCHealth\\HelpCtr\\Binaries\\helpctr.exe"= "c:\\Program Files\\Google\\Google Talk\\googletalk.exe"= "c:\\Program Files\\Photo Story 3 for Windows\\PhotoStory3.exe"= "c:\\Program Files\\Windows Live\\Messenger\\wlcsdk.exe"= "c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"= "c:\\Program Files\\Windows Live\\Sync\\WindowsLiveSync.exe"= "c:\\Program Files\\AVG\\AVG9\\avgupd.exe"= "c:\\Program Files\\AVG\\AVG9\\avgnsx.exe"= R2 gupdate;Google Update Service (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [2009-11-02 133104] R3 MEMSWEEP2;MEMSWEEP2;c:\windows\system32\11.tmp [x] R4 LMIRfsClientNP;LMIRfsClientNP; [x] R4 QOPZP;QOPZP;c:\docume~1\JOHNAD~1\LOCALS~1\Temp\QOPZP.exe [x] S1 AvgLdx86;AVG Free AVI Loader Driver x86;c:\windows\System32\Drivers\avgldx86.sys [2009-11-06 333192] S1 AvgTdiX;AVG Free Network Redirector;c:\windows\System32\Drivers\avgtdix.sys [2009-11-06 360584] S2 avg9wd;AVG Free WatchDog;c:\program files\AVG\AVG9\avgwdsvc.exe [2009-11-06 285392] S2 LMIInfo;LogMeIn Kernel Information Provider;c:\program files\LogMeIn\x86\RaInfo.sys [2008-08-11 12856] S2 LMIRfsDriver;LogMeIn Remote File System Driver;c:\windows\system32\drivers\LMIRfsDriver.sys [2008-08-11 47640] S2 Viewpoint Manager Service;Viewpoint Manager Service;c:\program files\Viewpoint\Common\ViewpointService.exe [2007-01-04 24652] --- Other Services/Drivers In Memory --- *Deregistered* - mbr . Contents of the 'Scheduled Tasks' folder 2009-11-08 c:\windows\Tasks\Google Software Updater.job - c:\program files\Google\Common\Google Updater\GoogleUpdaterService.exe [2006-12-20 21:03] 2009-11-08 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job - c:\program files\Google\Update\GoogleUpdate.exe [2009-11-02 00:47] 2009-11-07 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job - c:\program files\Google\Update\GoogleUpdate.exe [2009-11-02 00:47] . . ------- Supplementary Scan ------- . uStart Page = about:blank uInternet Connection Wizard,ShellNext = hxxp://www.dellnet.com/ IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200 Trusted Zone: musicmatch.com\online DPF: Microsoft XML Parser for Java - file:///C:/WINDOWS/Java/classes/xmldso.cab . ************************************************************************** catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2009-11-08 14:03 Windows 5.1.2600 Service Pack 3 NTFS scanning hidden processes ... scanning hidden autostart entries ... scanning hidden files ... scan completed successfully hidden files: 0 ************************************************************************** [HKEY_LOCAL_MACHINE\System\ControlSet001\Services\MEMSWEEP2] "ImagePath"="\??\c:\windows\system32\11.tmp" . --------------------- DLLs Loaded Under Running Processes --------------------- - - - - - - - > 'winlogon.exe'(644) c:\windows\system32\LMIinit.dll - - - - - - - > 'explorer.exe'(3200) c:\windows\system32\WININET.dll c:\windows\system32\ieframe.dll c:\windows\system32\webcheck.dll c:\windows\system32\WPDShServiceObj.dll c:\program files\ArcSoft\PhotoImpression 5\share\pihook.dll c:\windows\system32\PortableDeviceTypes.dll c:\windows\system32\PortableDeviceApi.dll c:\windows\system32\LMIRfsClientNP.dll . ------------------------ Other Running Processes ------------------------ . c:\program files\AVG\AVG9\avgchsvx.exe c:\program files\AVG\AVG9\avgrsx.exe c:\program files\AVG\AVG9\avgcsrvx.exe c:\program files\Common Files\Command Software\dvpapi.exe c:\program files\LogMeIn\x86\RaMaint.exe c:\program files\LogMeIn\x86\LogMeIn.exe c:\program files\LogMeIn\x86\LMIGuardian.exe c:\program files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE c:\program files\CDBurnerXP\NMSAccessU.exe c:\program files\AVG\AVG9\avgnsx.exe c:\windows\system32\MsPMSPSv.exe c:\windows\system32\wscntfy.exe c:\program files\Viewpoint\Viewpoint Manager\ViewMgr.exe c:\program files\LogMeIn\x86\LMIGuardian.exe . ************************************************************************** . Completion time: 2009-11-08 14:21 - machine was rebooted ComboFix-quarantined-files.txt 2009-11-08 19:21 ComboFix2.txt 2009-11-06 02:31 ComboFix3.txt 2009-11-05 23:18 ComboFix4.txt 2009-10-24 14:12 ComboFix5.txt 2009-11-08 17:52 Pre-Run: 29,910,990,848 bytes free Post-Run: 30,195,888,128 bytes free - - End Of File - - 95DFC29001C34BFB5392C84401A3EE33

too long to post; splitting in multiple posts - SORRY! ComboFix 09-11-07.04 - JohnAdmin 11/08/2009 12:59.6.1 - NTFSx86 Running from: c:\documents and settings\JohnAdmin\Desktop\raynman.exe AV: AVG Anti-Virus Free *On-access scanning disabled* (Updated) {17DDD097-36FF-435F-9E1B-52D74245D6BF} FW: ZoneAlarm Firewall *enabled* {829BDA32-94B3-44F4-8446-F8FCFF809F8B} * Created a new restore point . ((((((((((((((((((((((((((((((((((((((( Other Deletions ))))))))))))))))))))))))))))))))))))))))))))))))) . c:\documents and settings\LocalService\Application Data\Hotbar c:\windows\system32\drivers\etc\lmhosts . . . . failed to delete . ((((((((((((((((((((((((( Files Created from 2009-10-08 to 2009-11-08 ))))))))))))))))))))))))))))))) . 2009-11-07 01:56 . 2009-11-07 01:56 4212 ---ha-w- c:\windows\system32\zllictbl.dat 2009-11-07 01:56 . 2009-02-16 05:10 69000 ----a-w- c:\windows\system32\zlcomm.dll 2009-11-07 01:56 . 2009-02-16 05:10 103816 ----a-w- c:\windows\system32\zlcommdb.dll 2009-11-07 01:55 . 2009-02-16 05:10 1221512 ----a-w- c:\windows\system32\zpeng25.dll 2009-11-07 01:55 . 2009-11-07 01:56 -------- d-----w- c:\windows\system32\ZoneLabs 2009-11-07 01:55 . 2009-11-07 01:55 -------- d-----w- c:\program files\Zone Labs 2009-11-07 01:53 . 2009-11-08 19:06 -------- d-----w- c:\windows\Internet Logs 2009-11-06 16:01 . 2009-11-06 16:01 -------- d-----w- c:\documents and settings\JohnAdmin\Application Data\FastSum 2009-11-06 16:01 . 2009-11-06 16:25 -------- d---a-w- c:\documents and settings\All Users\Application Data\TEMP 2009-11-06 16:00 . 2009-11-06 16:00 -------- d-----w- c:\program files\FastSum 2009-11-06 15:10 . 2009-11-06 15:10 360584 ----a-w- c:\windows\system32\drivers\avgtdix.sys 2009-11-06 15:08 . 2009-11-06 15:08 -------- d-----w- c:\documents and settings\All Users\Application Data\avg9 2009-11-06 15:07 . 2009-11-06 15:17 -------- d-----w- c:\windows\SxsCaPendDel 2009-11-06 14:46 . 2009-11-06 14:46 -------- d-sh--w- c:\documents and settings\Administrator.DELL2400\IETldCache 2009-11-06 14:30 . 2008-04-14 00:12 1033728 ----a-w- c:\windows\explorer.exe 2009-11-05 21:40 . 2009-11-05 21:40 -------- d-----w- C:\rayman28989r 2009-11-05 21:35 . 2009-11-05 21:35 -------- d-----w- C:\rayman 2009-11-04 16:48 . 2009-11-04 16:48 -------- d-----w- C:\$AVG 2009-11-03 22:55 . 2009-11-05 23:43 -------- d-----w- c:\documents and settings\Pedro\Local Settings\Application Data\fpmjai 2009-11-02 00:53 . 2009-11-02 00:53 -------- d-----w- c:\documents and settings\NetworkService\Local Settings\Application Data\Temp 2009-11-02 00:53 . 2009-11-02 00:53 -------- d-----w- c:\documents and settings\NetworkService\Local Settings\Application Data\Google 2009-11-02 00:48 . 2009-11-02 00:48 -------- d-----w- c:\documents and settings\Pedro\Local Settings\Application Data\Temp 2009-10-25 13:24 . 2009-10-25 13:24 -------- d-----w- c:\program files\Fast Duplicate File Finder 2009-10-25 13:21 . 2009-10-25 13:21 -------- d-sh--w- c:\documents and settings\Pedro\IECompatCache 2009-10-24 14:00 . 2008-04-14 00:12 1033728 ----a-w- c:\windows\zexplorer.exe 2009-10-24 13:59 . 2009-10-24 13:59 -------- d-----w- c:\documents and settings\JohnAdmin\Local Settings\Application Data\Adobe 2009-10-24 12:58 . 2009-10-24 12:58 -------- d-----w- c:\program files\Trend Micro 2009-10-24 12:23 . 2009-10-24 12:23 -------- d-----w- c:\documents and settings\JohnAdmin\Local Settings\Application Data\LogMeIn 2009-10-23 02:12 . 2009-10-23 02:12 -------- d-----w- c:\program files\Sophos 2009-10-23 02:05 . 2009-10-23 02:05 -------- d-sh--w- c:\documents and settings\JohnAdmin\PrivacIE 2009-10-23 02:05 . 2009-10-23 02:05 -------- d-sh--w- c:\documents and settings\JohnAdmin\IECompatCache 2009-10-22 23:09 . 2009-10-22 23:09 -------- d-sh--w- c:\documents and settings\JohnAdmin\IETldCache 2009-10-22 00:40 . 2009-10-22 17:47 0 ----a-r- c:\windows\Nminobuzogazin.bin 2009-10-22 00:40 . 2009-10-22 17:47 120 ----a-w- c:\windows\Tpoyerafiq.dat 2009-10-22 00:40 . 2009-10-22 23:14 -------- d-----w- c:\documents and settings\Pedro\Local Settings\Application Data\{B7A0D991-030D-4106-A6B0-B097DCCC3A5C} 2009-10-16 23:41 . 2009-10-16 23:41 -------- d-sh--w- c:\documents and settings\LocalService\IETldCache 2009-10-16 23:00 . 2009-10-16 23:00 -------- d-sh--w- c:\documents and settings\Pedro\PrivacIE 2009-10-16 22:57 . 2009-10-16 22:57 -------- d-sh--w- c:\documents and settings\Pedro\IETldCache 2009-10-16 22:05 . 2009-08-29 08:08 12800 ------w- c:\windows\system32\dllcache\xpshims.dll 2009-10-16 22:05 . 2009-08-29 08:08 246272 ------w- c:\windows\system32\dllcache\ieproxy.dll 2009-10-16 22:04 . 2009-10-16 22:12 -------- d-----w- c:\windows\ie8updates 2009-10-16 21:59 . 2009-08-07 08:48 100352 ------w- c:\windows\system32\dllcache\iecompat.dll 2009-10-16 21:50 . 2009-10-16 21:59 -------- dc-h--w- c:\windows\ie8 2009-10-16 21:26 . 2009-10-16 21:26 -------- d-----w- c:\documents and settings\Pedro\Local Settings\Application Data\LogMeIn 2009-10-16 21:26 . 2009-10-16 21:26 -------- d-----w- c:\documents and settings\All Users\Application Data\LogMeIn 2009-10-16 21:26 . 2009-10-16 21:26 -------- d-----w- c:\documents and settings\LocalService\Local Settings\Application Data\ICS 2009-10-16 21:25 . 2009-09-28 23:34 28984 ----a-w- c:\windows\system32\LMIport.dll 2009-10-16 21:25 . 2009-09-28 23:34 83288 ----a-w- c:\windows\system32\LMIRfsClientNP.dll 2009-10-16 21:25 . 2008-08-11 16:41 47640 ----a-w- c:\windows\system32\drivers\LMIRfsDriver.sys 2009-10-16 21:24 . 2009-09-28 23:34 87352 ----a-w- c:\windows\system32\LMIinit.dll 2009-10-16 21:23 . 2009-11-08 17:09 -------- d-----w- c:\program files\LogMeIn 2009-10-15 23:36 . 2009-10-15 23:36 -------- d-----w- c:\program files\WinDirStat 2009-10-15 23:29 . 2009-10-15 23:29 -------- d-----w- c:\documents and settings\All Users\Application Data\Canneverbe Limited 2009-10-15 23:29 . 2009-09-29 00:57 7168 ----a-w- c:\windows\system32\drivers\StarOpen.sys 2009-10-15 21:10 . 2008-04-14 01:12 116224 ----a-w- c:\windows\system32\dllcache\xrxwiadr.dll 2009-10-15 21:10 . 2001-08-18 03:36 23040 ----a-w- c:\windows\system32\dllcache\xrxwbtmp.dll 2009-10-15 21:10 . 2008-04-14 01:12 18944 ----a-w- c:\windows\system32\dllcache\xrxscnui.dll 2009-10-15 21:10 . 2001-08-18 03:37 4608 ----a-w- c:\windows\system32\dllcache\xrxflnch.exe 2009-10-15 21:10 . 2001-08-18 03:37 27648 ----a-w- c:\windows\system32\dllcache\xrxftplt.exe 2009-10-15 21:10 . 2001-08-18 03:37 99865 ----a-w- c:\windows\system32\dllcache\xlog.exe 2009-10-15 21:10 . 2001-08-17 17:11 16970 ----a-w- c:\windows\system32\dllcache\xem336n5.sys 2009-10-15 21:10 . 2008-04-14 01:12 8192 ----a-w- c:\windows\system32\dllcache\wshirda.dll 2009-10-15 21:09 . 2008-04-13 19:36 8832 ----a-w- c:\windows\system32\dllcache\wmiacpi.sys 2009-10-15 21:09 . 2002-08-29 03:59 154624 ----a-w- c:\windows\system32\dllcache\wlluc48.sys 2009-10-15 21:09 . 2001-08-17 17:12 34890 ----a-w- c:\windows\system32\dllcache\wlandrv2.sys 2009-10-15 21:09 . 2001-08-17 18:28 771581 ----a-w- c:\windows\system32\dllcache\winacisa.sys 2009-10-15 21:09 . 2001-08-18 03:36 87040 ----a-w- c:\windows\system32\dllcache\wiafbdrv.dll 2009-10-15 21:09 . 2001-08-18 03:36 53760 ----a-w- c:\windows\system32\dllcache\wiamsmud.dll 2009-10-15 21:09 . 2002-08-29 11:00 41600 ----a-w- c:\windows\system32\dllcache\weitekp9.dll 2009-10-15 21:09 . 2002-08-29 11:00 31232 ----a-w- c:\windows\system32\dllcache\weitekp9.sys 2009-10-15 21:09 . 2001-08-17 18:28 701386 ----a-w- c:\windows\system32\dllcache\wdhaalba.sys 2009-10-15 21:09 . 2008-04-13 19:45 31744 ----a-w- c:\windows\system32\dllcache\wceusbsh.sys 2009-10-15 21:09 . 2001-08-17 17:10 35871 ----a-w- c:\windows\system32\dllcache\wbfirdma.sys 2009-10-15 21:07 . 2002-08-29 11:00 13192 ----a-w- c:\windows\system32\dllcache\tdasync.sys 2009-10-15 21:06 . 2001-08-17 19:56 252032 ----a-w- c:\windows\system32\dllcache\sis300iv.dll 2009-10-15 21:05 . 2001-08-17 18:28 714762 ----a-w- c:\windows\system32\dllcache\r2mdmkxx.sys 2009-10-15 21:04 . 2001-08-18 03:36 38912 ----a-w- c:\windows\system32\dllcache\EXCH_ntfsdrv.dll 2009-10-15 21:03 . 2001-08-17 19:02 35200 ----a-w- c:\windows\system32\dllcache\msgame.sys 2009-10-15 21:02 . 2001-08-18 03:36 8192 ----a-w- c:\windows\system32\dllcache\kbdkor.dll 2009-10-15 21:01 . 2001-08-17 19:56 353184 ----a-w- c:\windows\system32\dllcache\i740dnt5.dll 2009-10-15 21:00 . 2001-08-17 17:12 16998 ----a-w- c:\windows\system32\dllcache\ex10.sys 2009-10-15 20:59 . 2001-08-17 17:11 24649 ----a-w- c:\windows\system32\dllcache\dfe650d.sys 2009-10-15 20:58 . 2001-08-17 18:51 13824 ----a-w- c:\windows\system32\dllcache\bulltlp3.sys 2009-10-15 20:57 . 2001-08-17 19:55 96128 ----a-w- c:\windows\system32\dllcache\ati.dll 2009-10-14 13:33 . 2009-10-14 13:33 16331 ----a-w- c:\windows\usemawocyn.dat 2009-10-13 20:24 . 2009-10-13 20:24 136 ----a-w- C:\bqefoh.dat . (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2009-11-08 17:10 . 2008-10-29 15:32 -------- d-----w- c:\documents and settings\All Users\Application Data\Google Updater 2009-11-06 15:30 . 2009-09-06 18:14 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware 2009-11-06 15:11 . 2008-07-21 17:00 -------- d-----w- c:\documents and settings\All Users\Application Data\Avg8 2009-11-06 15:10 . 2009-02-01 01:51 12464 ----a-w- c:\windows\system32\avgrsstx.dll 2009-11-06 15:10 . 2008-07-21 17:06 333192 ----a-w- c:\windows\system32\drivers\avgldx86.sys 2009-11-06 15:10 . 2008-07-21 17:06 28424 ----a-w- c:\windows\system32\drivers\avgmfx86.sys 2009-11-06 15:08 . 2008-05-31 00:33 -------- d-----w- c:\program files\AVG 2009-11-06 02:55 . 2006-06-04 01:10 -------- d-----w- c:\program files\CCleaner 2009-11-02 00:51 . 2003-12-01 16:21 -------- d-----w- c:\program files\Google 2009-10-31 22:32 . 2009-04-04 00:06 -------- d-----w- c:\program files\CDBurnerXP 2009-10-14 13:33 . 2009-10-14 13:33 11611 ----a-w- c:\documents and settings\All Users\Application Data\syny.dat 2009-10-14 13:33 . 2009-10-14 13:33 11377 ----a-w- c:\documents and settings\All Users\Application Data\eqepohytuh.dat 2009-10-02 21:12 . 2003-12-01 15:55 94896 ----a-w- c:\documents and settings\Pedro\Local Settings\Application Data\GDIPFONTCACHEV1.DAT 2009-09-24 22:15 . 2009-09-23 18:14 -------- d-----w- c:\program files\Microsoft Silverlight 2009-09-23 18:14 . 2009-09-23 18:07 -------- d-----w- c:\program files\Windows Live 2009-09-23 18:13 . 2009-09-23 18:13 -------- d-----w- c:\program files\Microsoft SQL Server Compact Edition 2009-09-23 18:08 . 2009-09-23 18:08 -------- d-----w- c:\program files\Microsoft 2009-09-23 18:08 . 2009-09-23 18:08 -------- d-----w- c:\program files\Windows Live SkyDrive 2009-09-23 17:53 . 2009-09-23 17:53 -------- d-----w- c:\program files\Common Files\Windows Live 2009-09-11 14:18 . 2002-08-29 11:00 136192 ----a-w- c:\windows\system32\msv1_0.dll 2009-09-10 19:04 . 2009-09-10 01:31 -------- d-----w- c:\program files\xejvpw 2009-09-10 18:54 . 2009-09-06 18:15 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys 2009-09-10 18:53 . 2009-09-06 18:14 19160 ----a-w- c:\windows\system32\drivers\mbam.sys 2009-09-10 18:28 . 2009-09-10 18:28 -------- d-----w- c:\documents and settings\JohnAdmin\Application Data\Malwarebytes 2009-09-04 21:03 . 2002-08-29 11:00 58880 ----a-w- c:\windows\system32\msasn1.dll 2009-08-30 22:38 . 2006-01-08 16:23 20 ---h--w- c:\documents and settings\All Users\Application Data\PKP_DLec.DAT 2009-08-29 08:08 . 2004-12-07 21:37 916480 ------w- c:\windows\system32\wininet.dll 2009-08-26 08:00 . 2002-08-29 11:00 247326 ----a-w- c:\windows\system32\strmdll.dll . ((((((((((((((((((((((((((((( SnapShot_2009-10-24_14.04.21 ))))))))))))))))))))))))))))))))))))))))) . + 2009-07-12 01:54 . 2009-07-12 01:54 65536 c:\windows\WinSxS\x86_Microsoft.VC80.OpenMP_1fc8b3b9a1e18e3b_8.0.50727.4053_x-ww_e79c4723\vcomp.dll + 2009-07-12 01:32 . 2009-07-12 01:32 49152 c:\windows\WinSxS\x86_Microsoft.VC80.MFCLOC_1fc8b3b9a1e18e3b_8.0.50727.4053_x-ww_0ccc058c\mfc80KOR.dll + 2009-07-12 01:32 . 2009-07-12 01:32 49152 c:\windows\WinSxS\x86_Microsoft.VC80.MFCLOC_1fc8b3b9a1e18e3b_8.0.50727.4053_x-ww_0ccc058c\mfc80JPN.dll + 2009-07-12 01:32 . 2009-07-12 01:32 61440 c:\windows\WinSxS\x86_Microsoft.VC80.MFCLOC_1fc8b3b9a1e18e3b_8.0.50727.4053_x-ww_0ccc058c\mfc80ITA.dll + 2009-07-12 01:32 . 2009-07-12 01:32 61440 c:\windows\WinSxS\x86_Microsoft.VC80.MFCLOC_1fc8b3b9a1e18e3b_8.0.50727.4053_x-ww_0ccc058c\mfc80FRA.dll + 2009-07-12 01:32 . 2009-07-12 01:32 61440 c:\windows\WinSxS\x86_Microsoft.VC80.MFCLOC_1fc8b3b9a1e18e3b_8.0.50727.4053_x-ww_0ccc058c\mfc80ESP.dll + 2009-07-12 01:32 . 2009-07-12 01:32 57344 c:\windows\WinSxS\x86_Microsoft.VC80.MFCLOC_1fc8b3b9a1e18e3b_8.0.50727.4053_x-ww_0ccc058c\mfc80ENU.dll + 2009-07-12 01:32 . 2009-07-12 01:32 65536 c:\windows\WinSxS\x86_Microsoft.VC80.MFCLOC_1fc8b3b9a1e18e3b_8.0.50727.4053_x-ww_0ccc058c\mfc80DEU.dll + 2009-07-12 01:32 . 2009-07-12 01:32 45056 c:\windows\WinSxS\x86_Microsoft.VC80.MFCLOC_1fc8b3b9a1e18e3b_8.0.50727.4053_x-ww_0ccc058c\mfc80CHT.dll + 2009-07-12 01:32 . 2009-07-12 01:32 40960 c:\windows\WinSxS\x86_Microsoft.VC80.MFCLOC_1fc8b3b9a1e18e3b_8.0.50727.4053_x-ww_0ccc058c\mfc80CHS.dll + 2009-07-12 06:07 . 2009-07-12 06:07 57856 c:\windows\WinSxS\x86_Microsoft.VC80.MFC_1fc8b3b9a1e18e3b_8.0.50727.4053_x-ww_b77cec8e\mfcm80u.dll + 2009-07-12 06:19 . 2009-07-12 06:19 69632 c:\windows\WinSxS\x86_Microsoft.VC80.MFC_1fc8b3b9a1e18e3b_8.0.50727.4053_x-ww_b77cec8e\mfcm80.dll + 2009-11-07 01:56 . 2009-02-16 05:10 97672 c:\windows\SYSTEM32\ZoneLabs\zlquarantine.dll + 2009-11-07 01:56 . 2008-11-17 07:24 51688 c:\windows\SYSTEM32\ZoneLabs\srescan.sys + 2009-11-07 01:56 . 2009-02-16 05:10 94088 c:\windows\SYSTEM32\ZoneLabs\lib\zvpn.zip.dll + 2009-11-07 01:55 . 2009-02-16 05:10 20360 c:\windows\SYSTEM32\ZoneLabs\lib\zsys.zip.dll + 2009-11-07 01:55 . 2009-02-16 05:10 59272 c:\windows\SYSTEM32\ZoneLabs\lib\zpdp.zip.dll + 2009-11-07 01:55 . 2009-02-16 05:10 14216 c:\windows\SYSTEM32\ZoneLabs\lib\zmenu.zip.dll + 2009-11-07 01:55 . 2009-02-16 05:10 24968 c:\windows\SYSTEM32\ZoneLabs\lib\zic.zip.dll + 2009-11-07 01:55 . 2009-02-16 05:10 84872 c:\windows\SYSTEM32\ZoneLabs\lib\ZAlert.zip.dll + 2009-11-07 01:55 . 2009-02-16 05:10 34696 c:\windows\SYSTEM32\ZoneLabs\lib\UpdateUI.zip.dll + 2009-11-07 01:55 . 2009-02-16 05:10 17800 c:\windows\SYSTEM32\ZoneLabs\lib\oem_1466.zip.dll + 2009-11-07 01:55 . 2009-02-16 05:10 10120 c:\windows\SYSTEM32\ZoneLabs\lib\oem_1454.zip.dll + 2009-11-07 01:55 . 2009-02-16 05:10 10632 c:\windows\SYSTEM32\ZoneLabs\lib\oem_1445.zip.dll + 2009-11-07 01:55 . 2009-02-16 05:10 13704 c:\windows\SYSTEM32\ZoneLabs\lib\oem_1440.zip.dll + 2009-11-07 01:55 . 2009-02-16 05:10 11656 c:\windows\SYSTEM32\ZoneLabs\lib\oem_1413.zip.dll + 2009-11-07 01:55 . 2009-02-16 05:10 11144 c:\windows\SYSTEM32\ZoneLabs\lib\oem_1010.zip.dll + 2009-11-07 01:55 . 2009-02-16 05:10 29576 c:\windows\SYSTEM32\ZoneLabs\lib\NavBar.zip.dll + 2009-11-07 01:55 . 2009-02-16 05:10 12168 c:\windows\SYSTEM32\ZoneLabs\lib\MainLoop.zip.dll + 2009-11-07 01:55 . 2009-02-16 05:10 35720 c:\windows\SYSTEM32\ZoneLabs\lib\Alert.zip.dll + 2009-11-07 01:56 . 2009-02-16 05:10 38280 c:\windows\SYSTEM32\ZoneLabs\featuremap.dll + 2009-11-07 01:56 . 2009-02-16 05:10 98184 c:\windows\SYSTEM32\ZoneLabs\fbl.dll + 2009-11-07 01:56 . 2009-02-16 05:10 74632 c:\windows\SYSTEM32\ZoneLabs\camupd.dll + 2009-11-07 01:56 . 2009-02-16 05:10 35208 c:\windows\SYSTEM32\vswmi.dll + 2009-11-07 01:56 . 2009-02-16 05:10 58248 c:\windows\SYSTEM32\vsregexp.dll + 2003-11-06 01:48 . 2009-11-01 13:17 72576 c:\windows\SYSTEM32\PERFC009.DAT - 2003-11-06 01:48 . 2009-10-16 08:44 72576 c:\windows\SYSTEM32\PERFC009.DAT - 2009-10-15 21:08 . 2001-08-17 16:13 16925 c:\windows\SYSTEM32\DLLCACHE\w940nd.sys + 2009-10-15 21:08 . 2001-08-17 17:13 16925 c:\windows\SYSTEM32\DLLCACHE\w940nd.sys - 2009-10-15 21:08 . 2001-08-17 16:13 19016 c:\windows\SYSTEM32\DLLCACHE\w926nd.sys + 2009-10-15 21:08 . 2001-08-17 17:13 19016 c:\windows\SYSTEM32\DLLCACHE\w926nd.sys + 2009-10-15 21:08 . 2001-08-17 17:13 19528 c:\windows\SYSTEM32\DLLCACHE\w840nd.sys - 2009-10-15 21:08 . 2001-08-17 16:13 19528 c:\windows\SYSTEM32\DLLCACHE\w840nd.sys - 2009-10-15 21:08 . 2001-08-17 17:28 64605 c:\windows\SYSTEM32\DLLCACHE\vvoice.sys + 2009-10-15 21:08 . 2001-08-17 18:28 64605 c:\windows\SYSTEM32\DLLCACHE\vvoice.sys + 2009-10-15 21:08 . 2001-08-17 18:49 24576 c:\windows\SYSTEM32\DLLCACHE\viairda.sys - 2009-10-15 21:08 . 2001-08-17 17:49 24576 c:\windows\SYSTEM32\DLLCACHE\viairda.sys + 2009-10-15 21:08 . 2008-04-13 19:45 26112 c:\windows\SYSTEM32\DLLCACHE\usbser.sys - 2009-10-15 21:08 . 2008-04-13 18:45 26112 c:\windows\SYSTEM32\DLLCACHE\usbser.sys + 2009-10-15 21:08 . 2008-04-13 19:45 17152 c:\windows\SYSTEM32\DLLCACHE\usbohci.sys - 2009-10-15 21:08 . 2008-04-13 18:45 17152 c:\windows\SYSTEM32\DLLCACHE\usbohci.sys - 2009-10-15 21:08 . 2002-08-29 02:59 32384 c:\windows\SYSTEM32\DLLCACHE\usb101et.sys + 2009-10-15 21:08 . 2002-08-29 03:59 32384 c:\windows\SYSTEM32\DLLCACHE\usb101et.sys + 2009-10-15 21:08 . 2001-08-18 03:36 94720 c:\windows\SYSTEM32\DLLCACHE\umaxud32.dll - 2009-10-15 21:08 . 2001-08-18 02:36 94720 c:\windows\SYSTEM32\DLLCACHE\umaxud32.dll + 2009-10-15 21:08 . 2001-08-18 03:36 28160 c:\windows\SYSTEM32\DLLCACHE\umaxu40.dll - 2009-10-15 21:08 . 2001-08-18 02:36 28160 c:\windows\SYSTEM32\DLLCACHE\umaxu40.dll - 2009-10-15 21:08 . 2001-08-18 02:36 26624 c:\windows\SYSTEM32\DLLCACHE\umaxu22.dll + 2009-10-15 21:08 . 2001-08-18 03:36 26624 c:\windows\SYSTEM32\DLLCACHE\umaxu22.dll + 2009-10-15 21:08 . 2001-08-18 03:36 69632 c:\windows\SYSTEM32\DLLCACHE\umaxu12.dll - 2009-10-15 21:08 . 2001-08-18 02:36 69632 c:\windows\SYSTEM32\DLLCACHE\umaxu12.dll - 2009-10-15 21:08 . 2001-08-18 02:36 50688 c:\windows\SYSTEM32\DLLCACHE\umaxscan.dll + 2009-10-15 21:08 . 2001-08-18 03:36 50688 c:\windows\SYSTEM32\DLLCACHE\umaxscan.dll + 2009-10-15 21:08 . 2001-08-17 18:58 22912 c:\windows\SYSTEM32\DLLCACHE\umaxpcls.sys - 2009-10-15 21:08 . 2001-08-17 17:58 22912 c:\windows\SYSTEM32\DLLCACHE\umaxpcls.sys + 2009-10-15 21:08 . 2001-08-18 03:36 50176 c:\windows\SYSTEM32\DLLCACHE\umaxp60.dll - 2009-10-15 21:08 . 2001-08-18 02:36 50176 c:\windows\SYSTEM32\DLLCACHE\umaxp60.dll + 2009-10-15 21:08 . 2001-08-18 03:36 47616 c:\windows\SYSTEM32\DLLCACHE\umaxcam.dll - 2009-10-15 21:08 . 2001-08-18 02:36 47616 c:\windows\SYSTEM32\DLLCACHE\umaxcam.dll + 2009-10-15 21:08 . 2001-08-17 18:48 11520 c:\windows\SYSTEM32\DLLCACHE\twotrack.sys - 2009-10-15 21:08 . 2001-08-17 17:48 11520 c:\windows\SYSTEM32\DLLCACHE\twotrack.sys - 2009-10-15 21:08 . 2001-08-17 16:12 34375 c:\windows\SYSTEM32\DLLCACHE\tpro4.sys + 2009-10-15 21:08 . 2001-08-17 17:12 34375 c:\windows\SYSTEM32\DLLCACHE\tpro4.sys + 2009-10-15 21:08 . 2001-08-18 03:35 42496 c:\windows\SYSTEM32\DLLCACHE\tp4res.dll - 2009-10-15 21:08 . 2001-08-18 02:35 42496 c:\windows\SYSTEM32\DLLCACHE\tp4res.dll - 2009-10-15 21:08 . 2008-04-14 00:12 82944 c:\windows\SYSTEM32\DLLCACHE\tp4mon.exe + 2009-10-15 21:08 . 2008-04-14 01:12 82944 c:\windows\SYSTEM32\DLLCACHE\tp4mon.exe + 2009-10-15 21:08 . 2001-08-18 03:36 31744 c:\windows\SYSTEM32\DLLCACHE\tp4.dll - 2009-10-15 21:08 . 2001-08-18 02:36 31744 c:\windows\SYSTEM32\DLLCACHE\tp4.dll + 2009-10-15 21:08 . 2001-08-17 17:10 28232 c:\windows\SYSTEM32\DLLCACHE\tos4mo.sys - 2009-10-15 21:08 . 2001-08-17 16:10 28232 c:\windows\SYSTEM32\DLLCACHE\tos4mo.sys - 2009-10-15 21:08 . 2001-08-17 18:56 81408 c:\windows\SYSTEM32\DLLCACHE\tgiul50.dll + 2009-10-15 21:08 . 2001-08-17 19:56 81408 c:\windows\SYSTEM32\DLLCACHE\tgiul50.dll - 2009-10-15 21:08 . 2001-08-17 16:13 17129 c:\windows\SYSTEM32\DLLCACHE\tdkcd31.sys + 2009-10-15 21:08 . 2001-08-17 17:13 17129 c:\windows\SYSTEM32\DLLCACHE\tdkcd31.sys - 2009-10-15 21:08 . 2001-08-17 16:13 37961 c:\windows\SYSTEM32\DLLCACHE\tdk100b.sys + 2009-10-15 21:08 . 2001-08-17 17:13 37961 c:\windows\SYSTEM32\DLLCACHE\tdk100b.sys + 2009-10-15 21:07 . 2001-08-17 18:49 30464 c:\windows\SYSTEM32\DLLCACHE\tbatm155.sys - 2009-10-15 21:07 . 2001-08-17 17:49 30464 c:\windows\SYSTEM32\DLLCACHE\tbatm155.sys - 2009-10-15 21:07 . 2001-08-17 16:50 36640 c:\windows\SYSTEM32\DLLCACHE\t2r4mini.sys + 2009-10-15 21:07 . 2001-08-17 17:50 36640 c:\windows\SYSTEM32\DLLCACHE\t2r4mini.sys - 2009-10-15 21:07 . 2001-08-18 02:36 94293 c:\windows\SYSTEM32\DLLCACHE\sxports.dll + 2009-10-15 21:07 . 2001-08-18 03:36 94293 c:\windows\SYSTEM32\DLLCACHE\sxports.dll - 2009-10-15 21:07 . 2001-08-18 02:36 10240 c:\windows\SYSTEM32\DLLCACHE\swpidflt.dll + 2009-10-15 21:07 . 2001-08-18 03:36 10240 c:\windows\SYSTEM32\DLLCACHE\swpidflt.dll - 2009-10-15 21:07 . 2001-08-18 02:36 10240 c:\windows\SYSTEM32\DLLCACHE\swpdflt2.dll + 2009-10-15 21:07 . 2001-08-18 03:36 10240 c:\windows\SYSTEM32\DLLCACHE\swpdflt2.dll + 2009-10-15 21:07 . 2001-08-18 03:36 53760 c:\windows\SYSTEM32\DLLCACHE\sw_wheel.dll - 2009-10-15 21:07 . 2001-08-18 02:36 53760 c:\windows\SYSTEM32\DLLCACHE\sw_wheel.dll + 2009-10-15 21:07 . 2001-08-18 03:36 41472 c:\windows\SYSTEM32\DLLCACHE\sw_effct.dll - 2009-10-15 21:07 . 2001-08-18 02:36 41472 c:\windows\SYSTEM32\DLLCACHE\sw_effct.dll + 2009-10-15 21:07 . 2001-08-18 03:36 53248 c:\windows\SYSTEM32\DLLCACHE\stlncoin.dll - 2009-10-15 21:07 . 2001-08-18 02:36 53248 c:\windows\SYSTEM32\DLLCACHE\stlncoin.dll - 2009-10-15 21:07 . 2001-08-17 17:51 16896 c:\windows\SYSTEM32\DLLCACHE\stcusb.sys + 2009-10-15 21:07 . 2001-08-17 18:51 16896 c:\windows\SYSTEM32\DLLCACHE\stcusb.sys + 2009-10-15 21:07 . 2001-08-17 17:11 48736 c:\windows\SYSTEM32\DLLCACHE\srwlnd5.sys - 2009-10-15 21:07 . 2001-08-17 16:11 48736 c:\windows\SYSTEM32\DLLCACHE\srwlnd5.sys + 2009-10-15 21:07 . 2001-08-18 03:36 99328 c:\windows\SYSTEM32\DLLCACHE\srusd.dll - 2009-10-15 21:07 . 2001-08-18 02:36 99328 c:\windows\SYSTEM32\DLLCACHE\srusd.dll + 2009-10-15 21:07 . 2001-08-18 03:36 24660 c:\windows\SYSTEM32\DLLCACHE\spxupchk.dll - 2009-10-15 21:07 . 2001-08-18 02:36 24660 c:\windows\SYSTEM32\DLLCACHE\spxupchk.dll + 2009-10-15 21:07 . 2001-08-17 18:51 61824 c:\windows\SYSTEM32\DLLCACHE\speed.sys - 2009-10-15 21:07 . 2001-08-17 17:51 61824 c:\windows\SYSTEM32\DLLCACHE\speed.sys - 2009-10-15 21:07 . 2001-08-17 16:51 37040 c:\windows\SYSTEM32\DLLCACHE\sonypi.sys + 2009-10-15 21:07 . 2001-08-17 17:51 37040 c:\windows\SYSTEM32\DLLCACHE\sonypi.sys - 2009-10-15 21:07 . 2001-08-17 16:51 20752 c:\windows\SYSTEM32\DLLCACHE\sonync.sys + 2009-10-15 21:07 . 2001-08-17 17:51 20752 c:\windows\SYSTEM32\DLLCACHE\sonync.sys - 2009-10-15 21:07 . 2001-08-17 16:51 58368 c:\windows\SYSTEM32\DLLCACHE\smiminib.sys + 2009-10-15 21:07 . 2001-08-17 17:51 58368 c:\windows\SYSTEM32\DLLCACHE\smiminib.sys + 2009-10-15 21:07 . 2001-08-17 17:12 25034 c:\windows\SYSTEM32\DLLCACHE\smcpwr2n.sys - 2009-10-15 21:07 . 2001-08-17 16:12 25034 c:\windows\SYSTEM32\DLLCACHE\smcpwr2n.sys + 2009-10-15 21:07 . 2001-08-17 17:10 35913 c:\windows\SYSTEM32\DLLCACHE\smcirda.sys - 2009-10-15 21:07 . 2001-08-17 16:10 35913 c:\windows\SYSTEM32\DLLCACHE\smcirda.sys - 2009-10-15 21:07 . 2001-08-17 16:12 24576 c:\windows\SYSTEM32\DLLCACHE\smc8000n.sys + 2009-10-15 21:07 . 2001-08-17 17:12 24576 c:\windows\SYSTEM32\DLLCACHE\smc8000n.sys + 2009-10-15 21:07 . 2008-04-13 19:36 16000 c:\windows\SYSTEM32\DLLCACHE\smbbatt.sys - 2009-10-15 21:07 . 2008-04-13 18:36 16000 c:\windows\SYSTEM32\DLLCACHE\smbbatt.sys + 2009-10-15 21:07 . 2001-08-18 03:36 45568 c:\windows\SYSTEM32\DLLCACHE\smb3w.dll - 2009-10-15 21:07 . 2001-08-18 02:36 45568 c:\windows\SYSTEM32\DLLCACHE\smb3w.dll - 2009-10-15 21:07 . 2001-08-18 02:36 33792 c:\windows\SYSTEM32\DLLCACHE\smb0w.dll + 2009-10-15 21:07 . 2001-08-18 03:36 33792 c:\windows\SYSTEM32\DLLCACHE\smb0w.dll + 2009-10-15 21:07 . 2001-08-18 03:36 28672 c:\windows\SYSTEM32\DLLCACHE\sma0w.dll - 2009-10-15 21:07 . 2001-08-18 02:36 28672 c:\windows\SYSTEM32\DLLCACHE\sma0w.dll - 2009-10-15 21:07 . 2001-08-18 02:36 28160 c:\windows\SYSTEM32\DLLCACHE\sm91w.dll + 2009-10-15 21:07 . 2001-08-18 03:36 28160 c:\windows\SYSTEM32\DLLCACHE\sm91w.dll - 2009-10-15 21:07 . 2002-08-29 02:59 63547 c:\windows\SYSTEM32\DLLCACHE\sla30nd5.sys + 2009-10-15 21:07 . 2002-08-29 03:59 63547 c:\windows\SYSTEM32\DLLCACHE\sla30nd5.sys + 2009-10-15 21:07 . 2001-08-17 17:12 91294 c:\windows\SYSTEM32\DLLCACHE\skfpwin.sys - 2009-10-15 21:07 . 2001-08-17 16:12 91294 c:\windows\SYSTEM32\DLLCACHE\skfpwin.sys - 2009-10-15 21:07 . 2001-08-17 16:12 94698 c:\windows\SYSTEM32\DLLCACHE\sk98xwin.sys + 2009-10-15 21:07 . 2001-08-17 17:12 94698 c:\windows\SYSTEM32\DLLCACHE\sk98xwin.sys + 2009-10-15 21:07 . 2001-08-17 17:50 50432 c:\windows\SYSTEM32\DLLCACHE\sisv.sys - 2009-10-15 21:07 . 2001-08-17 16:50 50432 c:\windows\SYSTEM32\DLLCACHE\sisv.sys + 2009-10-15 21:07 . 2004-08-04 06:31 32768 c:\windows\SYSTEM32\DLLCACHE\sisnic.sys - 2009-10-15 21:07 . 2004-08-04 05:31 32768 c:\windows\SYSTEM32\DLLCACHE\sisnic.sys - 2009-10-15 21:06 . 2001-08-17 16:50 68608 c:\windows\SYSTEM32\DLLCACHE\sis6306p.sys + 2009-10-15 21:06 . 2001-08-17 17:50 68608 c:\windows\SYSTEM32\DLLCACHE\sis6306p.sys + 2009-10-15 21:06 . 2001-07-21 19:29 18400 c:\windows\SYSTEM32\DLLCACHE\sgsmld.sys - 2009-10-15 21:06 . 2001-07-21 18:29 18400 c:\windows\SYSTEM32\DLLCACHE\sgsmld.sys + 2009-10-15 21:06 . 2001-08-17 17:51 98080 c:\windows\SYSTEM32\DLLCACHE\sgiulnt5.sys - 2009-10-15 21:06 . 2001-08-17 16:51 98080 c:\windows\SYSTEM32\DLLCACHE\sgiulnt5.sys + 2009-10-15 21:06 . 2001-08-17 17:19 36480 c:\windows\SYSTEM32\DLLCACHE\sfmanm.sys - 2009-10-15 21:06 . 2001-08-17 16:19 36480 c:\windows\SYSTEM32\DLLCACHE\sfmanm.sys + 2009-10-15 21:06 . 2001-08-17 18:48 17664 c:\windows\SYSTEM32\DLLCACHE\sermouse.sys - 2009-10-15 21:06 . 2001-08-17 17:48 17664 c:\windows\SYSTEM32\DLLCACHE\sermouse.sys + 2009-10-15 21:06 . 2008-04-13 19:45 11520 c:\windows\SYSTEM32\DLLCACHE\scsiscan.sys - 2009-10-15 21:06 . 2008-04-13 18:45 11520 c:\windows\SYSTEM32\DLLCACHE\scsiscan.sys + 2009-10-15 21:06 . 2001-08-17 18:52 11648 c:\windows\SYSTEM32\DLLCACHE\scsiprnt.sys - 2009-10-15 21:06 . 2001-08-17 17:52 11648 c:\windows\SYSTEM32\DLLCACHE\scsiprnt.sys + 2009-10-15 21:06 . 2001-08-17 18:51 17280 c:\windows\SYSTEM32\DLLCACHE\scr111.sys - 2009-10-15 21:06 . 2001-08-17 17:51 17280 c:\windows\SYSTEM32\DLLCACHE\scr111.sys + 2009-10-15 21:06 . 2001-08-17 18:51 16640 c:\windows\SYSTEM32\DLLCACHE\scmstcs.sys - 2009-10-15 21:06 . 2001-08-17 17:51 16640 c:\windows\SYSTEM32\DLLCACHE\scmstcs.sys + 2009-10-15 21:06 . 2001-08-17 18:51 23936 c:\windows\SYSTEM32\DLLCACHE\sccmusbm.sys - 2009-10-15 21:06 . 2001-08-17 17:51 23936 c:\windows\SYSTEM32\DLLCACHE\sccmusbm.sys + 2009-10-15 21:06 . 2001-08-17 18:51 23936 c:\windows\SYSTEM32\DLLCACHE\sccmn50m.sys - 2009-10-15 21:06 . 2001-08-17 17:51 23936 c:\windows\SYSTEM32\DLLCACHE\sccmn50m.sys - 2009-10-15 21:06 . 2008-04-13 18:40 43904 c:\windows\SYSTEM32\DLLCACHE\sbp2port.sys + 2009-10-15 21:06 . 2008-04-13 19:40 43904 c:\windows\SYSTEM32\DLLCACHE\sbp2port.sys - 2009-10-15 21:06 . 2001-08-17 16:50 75392 c:\windows\SYSTEM32\DLLCACHE\s3savmxm.sys + 2009-10-15 21:06 . 2001-08-17 17:50 75392 c:\windows\SYSTEM32\DLLCACHE\s3savmxm.sys - 2009-10-15 21:06 . 2001-08-17 16:50 77824 c:\windows\SYSTEM32\DLLCACHE\s3sav4m.sys + 2009-10-15 21:06 . 2001-08-17 17:50 77824 c:\windows\SYSTEM32\DLLCACHE\s3sav4m.sys + 2009-10-15 21:06 . 2001-08-17 17:50 61504 c:\windows\SYSTEM32\DLLCACHE\s3sav3dm.sys - 2009-10-15 21:06 . 2001-08-17 16:50 61504 c:\windows\SYSTEM32\DLLCACHE\s3sav3dm.sys - 2009-10-15 21:06 . 2001-08-18 02:36 62496 c:\windows\SYSTEM32\DLLCACHE\s3mtrio.dll + 2009-10-15 21:06 . 2001-08-18 03:36 62496 c:\windows\SYSTEM32\DLLCACHE\s3mtrio.dll + 2009-10-15 21:06 . 2001-08-17 17:50 41216 c:\windows\SYSTEM32\DLLCACHE\s3mt3d.sys - 2009-10-15 21:06 . 2001-08-17 16:50 41216 c:\windows\SYSTEM32\DLLCACHE\s3mt3d.sys - 2009-10-15 21:06 . 2001-08-17 17:57 65664 c:\windows\SYSTEM32\DLLCACHE\s3legacy.sys + 2009-10-15 21:06 . 2001-08-17 18:57 65664 c:\windows\SYSTEM32\DLLCACHE\s3legacy.sys + 2009-10-15 20:57 . 2001-08-17 19:56 66048 c:\windows\SYSTEM32\DLLCACHE\s3legacy.dll - 2009-10-15 20:57 . 2001-08-17 18:56 66048 c:\windows\SYSTEM32\DLLCACHE\s3legacy.dll - 2009-10-15 21:06 . 2001-08-18 02:36 82432 c:\windows\SYSTEM32\DLLCACHE\rwia450.dll + 2009-10-15 21:06 . 2001-08-18 03:36 82432 c:\windows\SYSTEM32\DLLCACHE\rwia450.dll + 2009-10-15 21:06 . 2001-08-18 03:36 79872 c:\windows\SYSTEM32\DLLCACHE\rwia430.dll - 2009-10-15 21:06 . 2001-08-18 02:36 79872 c:\windows\SYSTEM32\DLLCACHE\rwia430.dll + 2009-10-15 21:06 . 2008-04-14 01:12 29696 c:\windows\SYSTEM32\DLLCACHE\rw450ext.dll - 2009-10-15 21:06 . 2008-04-14 00:12 29696 c:\windows\SYSTEM32\DLLCACHE\rw450ext.dll + 2009-10-15 21:06 . 2008-04-14 01:12 27648 c:\windows\SYSTEM32\DLLCACHE\rw430ext.dll - 2009-10-15 21:06 . 2008-04-14 00:12 27648 c:\windows\SYSTEM32\DLLCACHE\rw430ext.dll + 2009-10-15 21:06 . 2004-08-04 06:31 20992 c:\windows\SYSTEM32\DLLCACHE\rtl8139.sys - 2009-10-15 21:06 . 2004-08-04 05:31 20992 c:\windows\SYSTEM32\DLLCACHE\rtl8139.sys - 2009-10-15 21:06 . 2001-08-17 16:12 19017 c:\windows\SYSTEM32\DLLCACHE\rtl8029.sys + 2009-10-15 21:06 . 2001-08-17 17:12 19017 c:\windows\SYSTEM32\DLLCACHE\rtl8029.sys - 2009-10-15 21:06 . 2001-08-17 16:19 30720 c:\windows\SYSTEM32\DLLCACHE\rthwcls.sys + 2009-10-15 21:06 . 2001-08-17 17:19 30720 c:\windows\SYSTEM32\DLLCACHE\rthwcls.sys + 2009-10-15 21:06 . 2008-04-13 19:40 79104 c:\windows\SYSTEM32\DLLCACHE\rocket.sys - 2009-10-15 21:06 . 2008-04-13 18:40 79104 c:\windows\SYSTEM32\DLLCACHE\rocket.sys - 2009-10-15 21:06 . 2001-08-17 16:12 37563 c:\windows\SYSTEM32\DLLCACHE\rlnet5.sys + 2009-10-15 21:06 . 2001-08-17 17:12 37563 c:\windows\SYSTEM32\DLLCACHE\rlnet5.sys + 2009-10-15 21:06 . 2001-08-18 03:36 86097 c:\windows\SYSTEM32\DLLCACHE\reslog32.dll - 2009-10-15 21:06 . 2001-08-18 02:36 86097 c:\windows\SYSTEM32\DLLCACHE\reslog32.dll - 2009-10-15 21:06 . 2001-08-17 17:51 19584 c:\windows\SYSTEM32\DLLCACHE\rasirda.sys + 2009-10-15 21:06 . 2001-08-17 18:51 19584 c:\windows\SYSTEM32\DLLCACHE\rasirda.sys - 2009-10-15 21:05 . 2001-08-18 02:36 41472 c:\windows\SYSTEM32\DLLCACHE\qvusd.dll + 2009-10-15 21:05 . 2001-08-18 03:36 41472 c:\windows\SYSTEM32\DLLCACHE\qvusd.dll + 2009-10-15 21:05 . 2001-08-18 03:36 35328 c:\windows\SYSTEM32\DLLCACHE\psisload.dll - 2009-10-15 21:05 . 2001-08-18 02:36 35328 c:\windows\SYSTEM32\DLLCACHE\psisload.dll - 2009-10-15 21:05 . 2001-08-17 17:51 16128 c:\windows\SYSTEM32\DLLCACHE\pscr.sys + 2009-10-15 21:05 . 2001-08-17 18:51 16128 c:\windows\SYSTEM32\DLLCACHE\pscr.sys + 2009-10-15 21:05 . 2008-04-13 19:41 17664 c:\windows\SYSTEM32\DLLCACHE\ppa3.sys - 2009-10-15 21:05 . 2008-04-13 18:41 17664 c:\windows\SYSTEM32\DLLCACHE\ppa3.sys + 2009-10-15 21:05 . 2001-08-17 18:53 17792 c:\windows\SYSTEM32\DLLCACHE\ppa.sys - 2009-10-15 21:05 . 2001-08-17 17:53 17792 c:\windows\SYSTEM32\DLLCACHE\ppa.sys + 2009-10-15 21:05 . 2001-08-17 19:07 19840 c:\windows\SYSTEM32\DLLCACHE\philtune.sys - 2009-10-15 21:05 . 2001-08-17 18:07 19840 c:\windows\SYSTEM32\DLLCACHE\philtune.sys + 2009-10-15 21:05 . 2001-08-17 19:04 92416 c:\windows\SYSTEM32\DLLCACHE\phildec.sys - 2009-10-15 21:05 . 2001-08-17 18:04 92416 c:\windows\SYSTEM32\DLLCACHE\phildec.sys - 2009-10-15 21:05 . 2001-08-17 18:04 75776 c:\windows\SYSTEM32\DLLCACHE\philcam1.sys + 2009-10-15 21:05 . 2001-08-17 19:04 75776 c:\windows\SYSTEM32\DLLCACHE\philcam1.sys - 2009-10-15 21:05 . 2001-08-18 02:36 16384 c:\windows\SYSTEM32\DLLCACHE\philcam1.dll + 2009-10-15 21:05 . 2001-08-18 03:36 16384 c:\windows\SYSTEM32\DLLCACHE\philcam1.dll + 2009-10-15 21:05 . 2008-04-13 19:44 28032 c:\windows\SYSTEM32\DLLCACHE\perm3.sys - 2009-10-15 21:05 . 2008-04-13 18:44 28032 c:\windows\SYSTEM32\DLLCACHE\perm3.sys - 2009-10-15 21:05 . 2008-04-13 18:44 27904 c:\windows\SYSTEM32\DLLCACHE\perm2.sys + 2009-10-15 21:05 . 2008-04-13 19:44 27904 c:\windows\SYSTEM32\DLLCACHE\perm2.sys + 2009-10-15 21:05 . 2001-08-18 03:36 86016 c:\windows\SYSTEM32\DLLCACHE\pctspk.exe - 2009-10-15 21:05 . 2001-08-18 02:36 86016 c:\windows\SYSTEM32\DLLCACHE\pctspk.exe - 2009-10-15 21:05 . 2001-08-17 16:11 35328 c:\windows\SYSTEM32\DLLCACHE\pcntpci5.sys + 2009-10-15 21:05 . 2001-08-17 17:11 35328 c:\windows\SYSTEM32\DLLCACHE\pcntpci5.sys - 2009-10-15 21:05 . 2001-08-17 16:11 29769 c:\windows\SYSTEM32\DLLCACHE\pcntn5m.sys + 2009-10-15 21:05 . 2001-08-17 17:11 29769 c:\windows\SYSTEM32\DLLCACHE\pcntn5m.sys + 2009-10-15 21:05 . 2001-08-17 17:11 30282 c:\windows\SYSTEM32\DLLCACHE\pcntn5hl.sys - 2009-10-15 21:05 . 2001-08-17 16:11 30282 c:\windows\SYSTEM32\DLLCACHE\pcntn5hl.sys - 2009-10-15 21:05 . 2001-08-17 16:12 26153 c:\windows\SYSTEM32\DLLCACHE\pcmlm56.sys + 2009-10-15 21:05 . 2001-08-17 17:12 26153 c:\windows\SYSTEM32\DLLCACHE\pcmlm56.sys + 2009-10-15 21:05 . 2004-08-04 06:31 29502 c:\windows\SYSTEM32\DLLCACHE\pca200e.sys - 2009-10-15 21:05 . 2004-08-04 05:31 29502 c:\windows\SYSTEM32\DLLCACHE\pca200e.sys + 2009-10-15 21:05 . 2001-08-17 17:12 30495 c:\windows\SYSTEM32\DLLCACHE\pc100nds.sys - 2009-10-15 21:05 . 2001-08-17 16:12 30495 c:\windows\SYSTEM32\DLLCACHE\pc100nds.sys + 2009-10-15 21:05 . 2001-08-18 03:36 41984 c:\windows\SYSTEM32\DLLCACHE\ovui2rc.dll - 2009-10-15 21:05 . 2001-08-18 02:36 41984 c:\windows\SYSTEM32\DLLCACHE\ovui2rc.dll + 2009-10-15 21:05 . 2001-08-18 03:36 44544 c:\windows\SYSTEM32\DLLCACHE\ovui2.dll - 2009-10-15 21:05 . 2001-08-18 02:36 44544 c:\windows\SYSTEM32\DLLCACHE\ovui2.dll + 2009-10-15 21:05 . 2001-08-17 19:05 25216 c:\windows\SYSTEM32\DLLCACHE\ovsound2.sys - 2009-10-15 21:05 . 2001-08-17 18:05 25216 c:\windows\SYSTEM32\DLLCACHE\ovsound2.sys - 2009-10-15 21:05 . 2001-08-18 02:36 39424 c:\windows\SYSTEM32\DLLCACHE\ovcoms.exe + 2009-10-15 21:05 . 2001-08-18 03:36 39424 c:\windows\SYSTEM32\DLLCACHE\ovcoms.exe - 2009-10-15 21:05 . 2001-08-18 02:36 20480 c:\windows\SYSTEM32\DLLCACHE\ovcomc.dll + 2009-10-15 21:05 . 2001-08-18 03:36 20480 c:\windows\SYSTEM32\DLLCACHE\ovcomc.dll - 2009-10-15 21:05 . 2001-08-17 18:05 31872 c:\windows\SYSTEM32\DLLCACHE\ovce.sys + 2009-10-15 21:05 . 2001-08-17 19:05 31872 c:\windows\SYSTEM32\DLLCACHE\ovce.sys - 2009-10-15 21:05 . 2001-08-17 18:05 28032 c:\windows\SYSTEM32\DLLCACHE\ovcd.sys + 2009-10-15 21:05 . 2001-08-17 19:05 28032 c:\windows\SYSTEM32\DLLCACHE\ovcd.sys + 2009-10-15 21:05 . 2001-08-17 19:05 48000 c:\windows\SYSTEM32\DLLCACHE\ovcam2.sys - 2009-10-15 21:05 . 2001-08-17 18:05 48000 c:\windows\SYSTEM32\DLLCACHE\ovcam2.sys + 2009-10-15 21:05 . 2001-08-17 19:05 25088 c:\windows\SYSTEM32\DLLCACHE\ovca.sys - 2009-10-15 21:05 . 2001-08-17 18:05 25088 c:\windows\SYSTEM32\DLLCACHE\ovca.sys + 2009-10-15 21:05 . 2001-08-17 18:28 54186 c:\windows\SYSTEM32\DLLCACHE\otcsercb.sys - 2009-10-15 21:05 . 2001-08-17 17:28 54186 c:\windows\SYSTEM32\DLLCACHE\otcsercb.sys - 2009-10-15 21:05 . 2001-08-17 16:12 43689 c:\windows\SYSTEM32\DLLCACHE\otceth5.sys + 2009-10-15 21:05 . 2001-08-17 17:12 43689 c:\windows\SYSTEM32\DLLCACHE\otceth5.sys + 2009-10-15 21:05 . 2001-08-17 17:12 27209 c:\windows\SYSTEM32\DLLCACHE\otc06x5.sys - 2009-10-15 21:05 . 2001-08-17 16:12 27209 c:\windows\SYSTEM32\DLLCACHE\otc06x5.sys - 2009-10-15 21:05 . 2001-08-17 16:20 54528 c:\windows\SYSTEM32\DLLCACHE\opl3sax.sys + 2009-10-15 21:05 . 2001-08-17 17:20 54528 c:\windows\SYSTEM32\DLLCACHE\opl3sax.sys + 2009-10-15 21:05 . 2008-04-13 19:46 61696 c:\windows\SYSTEM32\DLLCACHE\ohci1394.sys - 2009-10-15 21:05 . 2008-04-13 18:46 61696 c:\windows\SYSTEM32\DLLCACHE\ohci1394.sys + 2009-10-15 21:04 . 2001-08-17 17:49 51552 c:\windows\SYSTEM32\DLLCACHE\ntgrip.sys - 2009-10-15 21:04 . 2001-08-17 16:49 51552 c:\windows\SYSTEM32\DLLCACHE\ntgrip.sys + 2009-10-15 21:04 . 2008-04-13 19:54 28672 c:\windows\SYSTEM32\DLLCACHE\nscirda.sys - 2009-10-15 21:04 . 2008-04-13 18:54 28672 c:\windows\SYSTEM32\DLLCACHE\nscirda.sys - 2009-10-15 21:04 . 2001-08-17 16:20 87040 c:\windows\SYSTEM32\DLLCACHE\nm6wdm.sys + 2009-10-15 21:04 . 2001-08-17 17:20 87040 c:\windows\SYSTEM32\DLLCACHE\nm6wdm.sys - 2009-10-15 21:04 . 2001-08-17 16:12 32840 c:\windows\SYSTEM32\DLLCACHE\ngrpci.sys + 2009-10-15 21:04 . 2001-08-17 17:12 32840 c:\windows\SYSTEM32\DLLCACHE\ngrpci.sys + 2009-10-15 21:04 . 2001-08-17 17:11 65278 c:\windows\SYSTEM32\DLLCACHE\netflx3.sys - 2009-10-15 21:04 . 2001-08-17 16:11 65278 c:\windows\SYSTEM32\DLLCACHE\netflx3.sys + 2009-10-15 21:04 . 2001-08-17 17:50 39264 c:\windows\SYSTEM32\DLLCACHE\neo20xx.sys - 2009-10-15 21:04 . 2001-08-17 16:50 39264 c:\windows\SYSTEM32\DLLCACHE\neo20xx.sys - 2009-10-15 21:04 . 2001-08-18 02:36 60480 c:\windows\SYSTEM32\DLLCACHE\neo20xx.dll + 2009-10-15 21:04 . 2001-08-18 03:36 60480 c:\windows\SYSTEM32\DLLCACHE\neo20xx.dll - 2009-10-15 21:04 . 2001-08-17 17:49 15872 c:\windows\SYSTEM32\DLLCACHE\ne2000.sys + 2009-10-15 21:04 . 2001-08-17 18:49 15872 c:\windows\SYSTEM32\DLLCACHE\ne2000.sys + 2009-10-15 21:04 . 2001-08-17 19:56 91488 c:\windows\SYSTEM32\DLLCACHE\n9i3disp.dll - 2009-10-15 21:04 . 2001-08-17 18:56 91488 c:\windows\SYSTEM32\DLLCACHE\n9i3disp.dll + 2009-10-15 21:04 . 2001-08-17 17:50 27936 c:\windows\SYSTEM32\DLLCACHE\n9i3d.sys - 2009-10-15 21:04 . 2001-08-17 16:50 27936 c:\windows\SYSTEM32\DLLCACHE\n9i3d.sys + 2009-10-15 21:04 . 2001-08-17 17:50 33088 c:\windows\SYSTEM32\DLLCACHE\n9i128v2.sys - 2009-10-15 21:04 . 2001-08-17 16:50 33088 c:\windows\SYSTEM32\DLLCACHE\n9i128v2.sys + 2009-10-15 21:04 . 2001-08-18 03:36 59104 c:\windows\SYSTEM32\DLLCACHE\n9i128v2.dll - 2009-10-15 21:04 . 2001-08-18 02:36 59104 c:\windows\SYSTEM32\DLLCACHE\n9i128v2.dll - 2009-10-15 21:04 . 2001-08-17 16:50 13664 c:\windows\SYSTEM32\DLLCACHE\n9i128.sys + 2009-10-15 21:04 . 2001-08-17 17:50 13664 c:\windows\SYSTEM32\DLLCACHE\n9i128.sys - 2009-10-15 21:04 . 2001-08-17 18:56 35392 c:\windows\SYSTEM32\DLLCACHE\n9i128.dll + 2009-10-15 21:04 . 2001-08-17 19:56 35392 c:\windows\SYSTEM32\DLLCACHE\n9i128.dll + 2009-10-15 21:04 . 2001-08-17 17:11 52255 c:\windows\SYSTEM32\DLLCACHE\n1000nt5.sys - 2009-10-15 21:04 . 2001-08-17 16:11 52255 c:\windows\SYSTEM32\DLLCACHE\n1000nt5.sys + 2009-10-15 21:04 . 2001-08-17 18:50 75520 c:\windows\SYSTEM32\DLLCACHE\mxport.sys - 2009-10-15 21:04 . 2001-08-17 17:50 75520 c:\windows\SYSTEM32\DLLCACHE\mxport.sys - 2009-10-15 21:04 . 2001-08-17 17:49 19968 c:\windows\SYSTEM32\DLLCACHE\mxnic.sys + 2009-10-15 21:04 . 2001-08-17 18:49 19968 c:\windows\SYSTEM32\DLLCACHE\mxnic.sys - 2009-10-15 21:04 . 2001-08-18 02:36 19968 c:\windows\SYSTEM32\DLLCACHE\mxicfg.dll + 2009-10-15 21:04 . 2001-08-18 03:36 19968 c:\windows\SYSTEM32\DLLCACHE\mxicfg.dll + 2009-10-15 21:04 . 2001-08-17 18:50 21888 c:\windows\SYSTEM32\DLLCACHE\mxcard.sys - 2009-10-15 21:04 . 2001-08-17 17:50 21888 c:\windows\SYSTEM32\DLLCACHE\mxcard.sys - 2009-10-15 21:04 . 2008-04-13 18:46 49024 c:\windows\SYSTEM32\DLLCACHE\mstape.sys + 2009-10-15 21:04 . 2008-04-13 19:46 49024 c:\windows\SYSTEM32\DLLCACHE\mstape.sys + 2009-10-15 21:04 . 2001-08-17 18:48 12416 c:\windows\SYSTEM32\DLLCACHE\msriffwv.sys - 2009-10-15 21:04 . 2001-08-17 17:48 12416 c:\windows\SYSTEM32\DLLCACHE\msriffwv.sys - 2009-10-15 21:04 . 2008-04-13 18:54 22016 c:\windows\SYSTEM32\DLLCACHE\msircomm.sys + 2009-10-15 21:04 . 2008-04-13 19:54 22016 c:\windows\SYSTEM32\DLLCACHE\msircomm.sys - 2009-10-15 21:03 . 2001-08-17 17:48 12160 c:\windows\SYSTEM32\DLLCACHE\mouhid.sys + 2009-10-15 21:03 . 2001-08-17 18:48 12160 c:\windows\SYSTEM32\DLLCACHE\mouhid.sys + 2009-10-15 21:03 . 2008-04-13 19:41 26112 c:\windows\SYSTEM32\DLLCACHE\memstpci.sys - 2009-10-15 21:03 . 2008-04-13 18:41 26112 c:\windows\SYSTEM32\DLLCACHE\memstpci.sys - 2009-10-15 21:03 . 2001-08-18 02:36 47616 c:\windows\SYSTEM32\DLLCACHE\memgrp.dll + 2009-10-15 21:03 . 2001-08-18 03:36 47616 c:\windows\SYSTEM32\DLLCACHE\memgrp.dll - 2009-10-15 21:03 . 2001-08-17 16:19 48768 c:\windows\SYSTEM32\DLLCACHE\maestro.sys + 2009-10-15 21:03 . 2001-08-17 17:19 48768 c:\windows\SYSTEM32\DLLCACHE\maestro.sys - 2009-10-15 21:03 . 2001-08-18 02:36 58880 c:\windows\SYSTEM32\DLLCACHE\m3092dc.dll + 2009-10-15 21:03 . 2001-08-18 03:36 58880 c:\windows\SYSTEM32\DLLCACHE\m3092dc.dll + 2009-10-15 21:03 . 2001-08-18 03:36 58368 c:\windows\SYSTEM32\DLLCACHE\m3091dc.dll - 2009-10-15 21:03 . 2001-08-18 02:36 58368 c:\windows\SYSTEM32\DLLCACHE\m3091dc.dll + 2009-10-15 21:03 . 2001-08-17 17:49 22848 c:\windows\SYSTEM32\DLLCACHE\lwusbhid.sys - 2009-10-15 21:03 . 2001-08-17 16:49 22848 c:\windows\SYSTEM32\DLLCACHE\lwusbhid.sys + 2009-10-15 21:03 . 2002-08-29 04:16 20864 c:\windows\SYSTEM32\DLLCACHE\lwadihid.sys - 2009-10-15 21:03 . 2002-08-29 03:16 20864 c:\windows\SYSTEM32\DLLCACHE\lwadihid.sys + 2009-10-15 21:03 . 2001-08-17 17:12 70730 c:\windows\SYSTEM32\DLLCACHE\lne100tx.sys - 2009-10-15 21:03 . 2001-08-17 16:12 70730 c:\windows\SYSTEM32\DLLCACHE\lne100tx.sys - 2009-10-15 21:03 . 2001-08-17 16:12 20573 c:\windows\SYSTEM32\DLLCACHE\lne100.sys + 2009-10-15 21:03 . 2001-08-17 17:12 20573 c:\windows\SYSTEM32\DLLCACHE\lne100.sys + 2009-10-15 21:03 . 2001-08-17 17:11 25065 c:\windows\SYSTEM32\DLLCACHE\lmndis3.sys - 2009-10-15 21:03 . 2001-08-17 16:11 25065 c:\windows\SYSTEM32\DLLCACHE\lmndis3.sys - 2009-10-15 21:03 . 2001-08-17 17:51 15744 c:\windows\SYSTEM32\DLLCACHE\lit220p.sys + 2009-10-15 21:03 . 2001-08-17 18:51 15744 c:\windows\SYSTEM32\DLLCACHE\lit220p.sys + 2009-10-15 21:03 . 2008-04-13 19:40 34688 c:\windows\SYSTEM32\DLLCACHE\lbrtfdc.sys - 2009-10-15 21:03 . 2008-04-13 18:40 34688 c:\windows\SYSTEM32\DLLCACHE\lbrtfdc.sys + 2009-10-15 21:03 . 2001-08-17 17:12 26442 c:\windows\SYSTEM32\DLLCACHE\lanepic5.sys - 2009-10-15 21:03 . 2001-08-17 16:12 26442 c:\windows\SYSTEM32\DLLCACHE\lanepic5.sys - 2009-10-15 21:03 . 2001-08-17 16:12 19016 c:\windows\SYSTEM32\DLLCACHE\ktc111.sys + 2009-10-15 21:03 . 2001-08-17 17:12 19016 c:\windows\SYSTEM32\DLLCACHE\ktc111.sys + 2009-10-15 21:03 . 2001-08-18 03:36 37376 c:\windows\SYSTEM32\DLLCACHE\kousd.dll - 2009-10-15 21:03 . 2001-08-18 02:36 37376 c:\windows\SYSTEM32\DLLCACHE\kousd.dll + 2009-10-15 21:03 . 2008-04-14 01:11 48640 c:\windows\SYSTEM32\DLLCACHE\kdsui.dll - 2009-10-15 21:03 . 2008-04-14 00:11 48640 c:\windows\SYSTEM32\DLLCACHE\kdsui.dll + 2009-10-15 21:02 . 2008-04-13 19:39 14592 c:\windows\SYSTEM32\DLLCACHE\kbdhid.sys - 2009-10-15 21:02 . 2008-04-13 18:39 14592 c:\windows\SYSTEM32\DLLCACHE\kbdhid.sys + 2009-10-15 21:02 . 2001-08-17 18:49 26624 c:\windows\SYSTEM32\DLLCACHE\irstusb.sys - 2009-10-15 21:02 . 2001-08-17 17:49 26624 c:\windows\SYSTEM32\DLLCACHE\irstusb.sys + 2009-10-15 21:02 . 2001-08-17 18:51 18688 c:\windows\SYSTEM32\DLLCACHE\irsir.sys - 2009-10-15 21:02 . 2001-08-17 17:51 18688 c:\windows\SYSTEM32\DLLCACHE\irsir.sys - 2009-10-15 21:02 . 2008-04-14 00:11 28160 c:\windows\SYSTEM32\DLLCACHE\irmon.dll + 2009-10-15 21:02 . 2008-04-14 01:11 28160 c:\windows\SYSTEM32\DLLCACHE\irmon.dll + 2009-10-15 21:02 . 2001-08-17 18:49 23552 c:\windows\SYSTEM32\DLLCACHE\irmk7.sys - 2009-10-15 21:02 . 2001-08-17 17:49 23552 c:\windows\SYSTEM32\DLLCACHE\irmk7.sys + 2009-10-15 21:02 . 2008-04-13 19:54 88192 c:\windows\SYSTEM32\DLLCACHE\irda.sys - 2009-10-15 21:02 . 2008-04-13 18:54 88192 c:\windows\SYSTEM32\DLLCACHE\irda.sys - 2009-10-15 21:02 . 2001-08-17 16:12 45632 c:\windows\SYSTEM32\DLLCACHE\ip5515.sys + 2009-10-15 21:02 . 2001-08-17 17:12 45632 c:\windows\SYSTEM32\DLLCACHE\ip5515.sys - 2009-10-15 21:02 . 2001-08-18 02:36 90200 c:\windows\SYSTEM32\DLLCACHE\io8ports.dll + 2009-10-15 21:02 . 2001-08-18 03:36 90200 c:\windows\SYSTEM32\DLLCACHE\io8ports.dll + 2009-10-15 21:02 . 2001-08-17 18:50 38784 c:\windows\SYSTEM32\DLLCACHE\io8.sys - 2009-10-15 21:02 . 2001-08-17 17:50 38784 c:\windows\SYSTEM32\DLLCACHE\io8.sys - 2009-10-15 21:02 . 2001-08-17 17:47 13056 c:\windows\SYSTEM32\DLLCACHE\inport.sys + 2009-10-15 21:02 . 2001-08-17 18:47 13056 c:\windows\SYSTEM32\DLLCACHE\inport.sys + 2004-08-04 07:56 . 2008-04-14 00:11 81920 c:\windows\SYSTEM32\DLLCACHE\ieencode.dll - 2009-10-15 21:02 . 2001-08-18 02:36 20480 c:\windows\SYSTEM32\DLLCACHE\icam5ext.dll + 2009-10-15 21:02 . 2001-08-18 03:36 20480 c:\windows\SYSTEM32\DLLCACHE\icam5ext.dll - 2009-10-15 21:02 . 2001-08-18 02:36 45056 c:\windows\SYSTEM32\DLLCACHE\icam5com.dll + 2009-10-15 21:02 . 2001-08-18 03:36 45056 c:\windows\SYSTEM32\DLLCACHE\icam5com.dll + 2009-10-15 21:02 . 2001-08-18 03:36 61952 c:\windows\SYSTEM32\DLLCACHE\icam4ext.dll - 2009-10-15 21:02 . 2001-08-18 02:36 61952 c:\windows\SYSTEM32\DLLCACHE\icam4ext.dll + 2009-10-15 21:02 . 2001-08-18 03:36 91136 c:\windows\SYSTEM32\DLLCACHE\icam4com.dll - 2009-10-15 21:02 . 2001-08-18 02:36 91136 c:\windows\SYSTEM32\DLLCACHE\icam4com.dll + 2009-10-15 21:02 . 2001-08-18 03:36 26624 c:\windows\SYSTEM32\DLLCACHE\icam3ext.dll - 2009-10-15 21:02 . 2001-08-18 02:36 26624 c:\windows\SYSTEM32\DLLCACHE\icam3ext.dll - 2009-10-15 21:02 . 2001-08-17 18:06 38528 c:\windows\SYSTEM32\DLLCACHE\ibmvcap.sys + 2009-10-15 21:02 . 2001-08-17 19:06 38528 c:\windows\SYSTEM32\DLLCACHE\ibmvcap.sys + 2009-10-15 21:02 . 2001-08-17 17:11 28700 c:\windows\SYSTEM32\DLLCACHE\ibmexmp.sys - 2009-10-15 21:02 . 2001-08-17 16:11 28700 c:\windows\SYSTEM32\DLLCACHE\ibmexmp.sys - 2009-10-15 21:01 . 2001-08-17 16:49 58592 c:\windows\SYSTEM32\DLLCACHE\i740nt5.sys + 2009-10-15 21:01 . 2001-08-17 17:49 58592 c:\windows\SYSTEM32\DLLCACHE\i740nt5.sys + 2009-10-15 21:01 . 2001-08-17 18:28 50751 c:\windows\SYSTEM32\DLLCACHE\hsf_tone.sys - 2009-10-15 21:01 . 2001-08-17 17:28 50751 c:\windows\SYSTEM32\DLLCACHE\hsf_tone.sys - 2009-10-15 21:01 . 2001-08-17 17:28 73279 c:\windows\SYSTEM32\DLLCACHE\hsf_spkp.sys + 2009-10-15 21:01 . 2001-08-17 18:28 73279 c:\windows\SYSTEM32\DLLCACHE\hsf_spkp.sys - 2009-10-15 21:01 . 2001-08-17 17:28 44863 c:\windows\SYSTEM32\DLLCACHE\hsf_soar.sys + 2009-10-15 21:01 . 2001-08-17 18:28 44863 c:\windows\SYSTEM32\DLLCACHE\hsf_soar.sys + 2009-10-15 21:01 . 2001-08-17 18:28 57471 c:\windows\SYSTEM32\DLLCACHE\hsf_samp.sys - 2009-10-15 21:01 . 2001-08-17 17:28 57471 c:\windows\SYSTEM32\DLLCACHE\hsf_samp.sys + 2009-10-15 21:01 . 2001-08-17 18:28 67167 c:\windows\SYSTEM32\DLLCACHE\hsf_bsc2.sys - 2009-10-15 21:01 . 2001-08-17 17:28 67167 c:\windows\SYSTEM32\DLLCACHE\hsf_bsc2.sys + 2009-10-15 21:01 . 2001-08-18 03:36 19456 c:\windows\SYSTEM32\DLLCACHE\hr1w.dll - 2009-10-15 21:01 . 2001-08-18 02:36 19456 c:\windows\SYSTEM32\DLLCACHE\hr1w.dll + 2009-10-15 21:01 . 2001-08-18 03:36 13312 c:\windows\SYSTEM32\DLLCACHE\hpsjmcro.dll - 2009-10-15 21:01 . 2001-08-18 02:36 13312 c:\windows\SYSTEM32\DLLCACHE\hpsjmcro.dll + 2009-10-15 21:01 . 2001-08-18 03:36 32768 c:\windows\SYSTEM32\DLLCACHE\hpgtmcro.dll - 2009-10-15 21:01 . 2001-08-18 02:36 32768 c:\windows\SYSTEM32\DLLCACHE\hpgtmcro.dll + 2009-10-15 21:01 . 2001-08-18 03:36 68608 c:\windows\SYSTEM32\DLLCACHE\hpgt53tk.dll - 2009-10-15 21:01 . 2001-08-18 02:36 68608 c:\windows\SYSTEM32\DLLCACHE\hpgt53tk.dll + 2009-10-15 21:01 . 2001-08-18 03:36 31232 c:\windows\SYSTEM32\DLLCACHE\hpgt42tk.dll - 2009-10-15 21:01 . 2001-08-18 02:36 31232 c:\windows\SYSTEM32\DLLCACHE\hpgt42tk.dll - 2009-10-15 21:01 . 2001-08-18 02:36 93696 c:\windows\SYSTEM32\DLLCACHE\hpgt42.dll + 2009-10-15 21:01 . 2001-08-18 03:36 93696 c:\windows\SYSTEM32\DLLCACHE\hpgt42.dll - 2009-10-15 21:01 . 2001-08-18 02:36 48128 c:\windows\SYSTEM32\DLLCACHE\hpgt33tk.dll + 2009-10-15 21:01 . 2001-08-18 03:36 48128 c:\windows\SYSTEM32\DLLCACHE\hpgt33tk.dll + 2009-10-15 21:01 . 2001-08-18 03:36 89088 c:\windows\SYSTEM32\DLLCACHE\hpgt33.dll - 2009-10-15 21:01 . 2001-08-18 02:36 89088 c:\windows\SYSTEM32\DLLCACHE\hpgt33.dll + 2009-10-15 21:01 . 2001-08-18 03:36 83968 c:\windows\SYSTEM32\DLLCACHE\hpgt21.dll - 2009-10-15 21:01 . 2001-08-18 02:36 83968 c:\windows\SYSTEM32\DLLCACHE\hpgt21.dll - 2009-10-15 21:01 . 2008-04-13 18:45 10368 c:\windows\SYSTEM32\DLLCACHE\hidusb.sys + 2009-10-15 21:01 . 2008-04-13 19:45 10368 c:\windows\SYSTEM32\DLLCACHE\hidusb.sys - 2009-10-15 21:01 . 2008-04-14 00:11 21504 c:\windows\SYSTEM32\DLLCACHE\hidserv.dll + 2009-10-15 21:01 . 2008-04-14 01:11 21504 c:\windows\SYSTEM32\DLLCACHE\hidserv.dll - 2009-10-15 21:01 . 2008-04-13 18:36 20352 c:\windows\SYSTEM32\DLLCACHE\hidbatt.sys + 2009-10-15 21:01 . 2008-04-13 19:36 20352 c:\windows\SYSTEM32\DLLCACHE\hidbatt.sys + 2009-10-15 21:01 . 2008-04-13 19:40 28288 c:\windows\SYSTEM32\DLLCACHE\grserial.sys - 2009-10-15 21:01 . 2008-04-13 18:40 28288 c:\windows\SYSTEM32\DLLCACHE\grserial.sys + 2009-10-15 21:01 . 2001-08-17 18:51 82304 c:\windows\SYSTEM32\DLLCACHE\grclass.sys - 2009-10-15 21:01 . 2001-08-17 17:51 82304 c:\windows\SYSTEM32\DLLCACHE\grclass.sys - 2009-10-15 21:01 . 2001-08-17 17:51 17408 c:\windows\SYSTEM32\DLLCACHE\gpr400.sys + 2009-10-15 21:01 . 2001-08-17 18:51 17408 c:\windows\SYSTEM32\DLLCACHE\gpr400.sys + 2009-10-15 21:01 . 2008-04-13 19:45 59136 c:\windows\SYSTEM32\DLLCACHE\gckernel.sys - 2009-10-15 21:01 . 2008-04-13 18:45 59136 c:\windows\SYSTEM32\DLLCACHE\gckernel.sys - 2009-10-15 21:01 . 2008-04-13 18:45 10624 c:\windows\SYSTEM32\DLLCACHE\gameenum.sys + 2009-10-15 21:01 . 2008-04-13 19:45 10624 c:\windows\SYSTEM32\DLLCACHE\gameenum.sys + 2009-10-15 21:01 . 2001-08-18 03:36 92160 c:\windows\SYSTEM32\DLLCACHE\fuusd.dll - 2009-10-15 21:01 . 2001-08-18 02:36 92160 c:\windows\SYSTEM32\DLLCACHE\fuusd.dll - 2009-10-15 21:01 . 2004-08-04 05:31 34173 c:\windows\SYSTEM32\DLLCACHE\forehe.sys + 2009-10-15 21:01 . 2004-08-04 06:31 34173 c:\windows\SYSTEM32\DLLCACHE\forehe.sys + 2009-10-15 21:01 . 2001-08-18 03:36 71680 c:\windows\SYSTEM32\DLLCACHE\fnfilter.dll - 2009-10-15 21:01 . 2001-08-18 02:36 71680 c:\windows\SYSTEM32\DLLCACHE\fnfilter.dll - 2009-10-15 21:01 . 2001-08-17 16:13 27165 c:\windows\SYSTEM32\DLLCACHE\fetnd5.sys + 2009-10-15 21:01 . 2001-08-17 17:13 27165 c:\windows\SYSTEM32\DLLCACHE\fetnd5.sys + 2009-10-15 21:01 . 2001-08-17 17:10 22090 c:\windows\SYSTEM32\DLLCACHE\fem556n5.sys - 2009-10-15 21:01 . 2001-08-17 16:10 22090 c:\windows\SYSTEM32\DLLCACHE\fem556n5.sys - 2009-10-15 21:01 . 2001-08-17 16:12 24618 c:\windows\SYSTEM32\DLLCACHE\fa410nd5.sys + 2009-10-15 21:01 . 2001-08-17 17:12 24618 c:\windows\SYSTEM32\DLLCACHE\fa410nd5.sys - 2009-10-15 21:01 . 2001-08-17 16:12 16074 c:\windows\SYSTEM32\DLLCACHE\fa312nd5.sys + 2009-10-15 21:01 . 2001-08-17 17:12 16074 c:\windows\SYSTEM32\DLLCACHE\fa312nd5.sys + 2009-10-15 21:01 . 2001-08-17 17:11 11850 c:\windows\SYSTEM32\DLLCACHE\f3ab18xj.sys - 2009-10-15 21:01 . 2001-08-17 16:11 11850 c:\windows\SYSTEM32\DLLCACHE\f3ab18xj.sys - 2009-10-15 21:01 . 2001-08-17 16:11 12362 c:\windows\SYSTEM32\DLLCACHE\f3ab18xi.sys + 2009-10-15 21:01 . 2001-08-17 17:11 12362 c:\windows\SYSTEM32\DLLCACHE\f3ab18xi.sys - 2009-10-15 21:07 . 2001-08-18 02:36 12288 c:\windows\SYSTEM32\DLLCACHE\EXCH_smtpctrs.dll + 2009-10-15 21:07 . 2001-08-18 03:36 12288 c:\windows\SYSTEM32\DLLCACHE\EXCH_smtpctrs.dll - 2009-10-15 21:06 . 2001-08-18 02:36 26112 c:\windows\SYSTEM32\DLLCACHE\EXCH_seos.dll + 2009-10-15 21:06 . 2001-08-18 03:36 26112 c:\windows\SYSTEM32\DLLCACHE\EXCH_seos.dll - 2009-10-15 21:06 . 2001-08-18 02:36 57856 c:\windows\SYSTEM32\DLLCACHE\EXCH_scripto.dll + 2009-10-15 21:06 . 2001-08-18 03:36 57856 c:\windows\SYSTEM32\DLLCACHE\EXCH_scripto.dll - 2009-10-15 21:06 . 2001-08-18 02:36 23040 c:\windows\SYSTEM32\DLLCACHE\EXCH_regtrace.exe + 2009-10-15 21:06 . 2001-08-18 03:36 23040 c:\windows\SYSTEM32\DLLCACHE\EXCH_regtrace.exe + 2009-10-15 21:03 . 2001-08-18 03:36 65536 c:\windows\SYSTEM32\DLLCACHE\EXCH_mailmsg.dll - 2009-10-15 21:03 . 2001-08-18 02:36 65536 c:\windows\SYSTEM32\DLLCACHE\EXCH_mailmsg.dll + 2009-10-15 21:01 . 2001-08-18 03:36 43520 c:\windows\SYSTEM32\DLLCACHE\EXCH_fcachdll.dll - 2009-10-15 21:01 . 2001-08-18 02:36 43520 c:\windows\SYSTEM32\DLLCACHE\EXCH_fcachdll.dll - 2009-10-15 20:57 . 2001-08-18 02:36 45056 c:\windows\SYSTEM32\DLLCACHE\EXCH_aqadmin.dll + 2009-10-15 20:57 . 2001-08-18 03:36 45056 c:\windows\SYSTEM32\DLLCACHE\EXCH_aqadmin.dll + 2009-10-15 21:00 . 2001-08-18 03:36 45568 c:\windows\SYSTEM32\DLLCACHE\esunib.dll - 2009-10-15 21:00 . 2001-08-18 02:36 45568 c:\windows\SYSTEM32\DLLCACHE\esunib.dll + 2009-10-15 21:00 . 2001-08-17 17:19 63360 c:\windows\SYSTEM32\DLLCACHE\ess.sys - 2009-10-15 21:00 . 2001-08-17 16:19 63360 c:\windows\SYSTEM32\DLLCACHE\ess.sys - 2009-10-15 21:00 . 2001-08-17 16:19 72192 c:\windows\SYSTEM32\DLLCACHE\es1969.sys + 2009-10-15 21:00 . 2001-08-17 17:19 72192 c:\windows\SYSTEM32\DLLCACHE\es1969.sys + 2009-10-15 21:00 . 2001-08-17 17:19 40704 c:\windows\SYSTEM32\DLLCACHE\es1371mp.sys - 2009-10-15 21:00 . 2001-08-17 16:19 40704 c:\windows\SYSTEM32\DLLCACHE\es1371mp.sys + 2009-10-15 21:00 . 2001-08-17 17:19 37120 c:\windows\SYSTEM32\DLLCACHE\es1370mp.sys - 2009-10-15 21:00 . 2001-08-17 16:19 37120 c:\windows\SYSTEM32\DLLCACHE\es1370mp.sys + 2009-10-15 21:00 . 2001-08-18 03:36 61952 c:\windows\SYSTEM32\DLLCACHE\eqnloop.exe - 2009-10-15 21:00 . 2001-08-18 02:36 61952 c:\windows\SYSTEM32\DLLCACHE\eqnloop.exe + 2009-10-15 21:00 . 2001-08-18 03:36 51200 c:\windows\SYSTEM32\DLLCACHE\eqnlogr.exe - 2009-10-15 21:00 . 2001-08-18 02:36 51200 c:\windows\SYSTEM32\DLLCACHE\eqnlogr.exe - 2009-10-15 21:00 . 2001-08-18 02:36 53248 c:\windows\SYSTEM32\DLLCACHE\eqndiag.exe + 2009-10-15 21:00 . 2001-08-18 03:36 53248 c:\windows\SYSTEM32\DLLCACHE\eqndiag.exe - 2009-10-15 21:00 . 2001-08-17 16:12 18503 c:\windows\SYSTEM32\DLLCACHE\epro4.sys + 2009-10-15 21:00 . 2001-08-17 17:12 18503 c:\windows\SYSTEM32\DLLCACHE\epro4.sys - 2009-10-15 21:00 . 2001-08-17 16:10 19996 c:\windows\SYSTEM32\DLLCACHE\em556n4.sys + 2009-10-15 21:00 . 2001-08-17 17:10 19996 c:\windows\SYSTEM32\DLLCACHE\em556n4.sys + 2009-10-15 21:00 . 2001-08-17 17:10 25159 c:\windows\SYSTEM32\DLLCACHE\elnk3.sys - 2009-10-15 21:00 . 2001-08-17 16:10 25159 c:\windows\SYSTEM32\DLLCACHE\elnk3.sys - 2009-10-15 21:00 . 2001-08-17 16:11 70174 c:\windows\SYSTEM32\DLLCACHE\el98xn5.sys + 2009-10-15 21:00 . 2001-08-17 17:11 70174 c:\windows\SYSTEM32\DLLCACHE\el98xn5.sys - 2009-10-15 21:00 . 2001-08-17 16:11 77386 c:\windows\SYSTEM32\DLLCACHE\el656nd5.sys + 2009-10-15 21:00 . 2001-08-17 17:11 77386 c:\windows\SYSTEM32\DLLCACHE\el656nd5.sys - 2009-10-15 21:00 . 2001-08-17 16:11 69194 c:\windows\SYSTEM32\DLLCACHE\el656cd5.sys + 2009-10-15 21:00 . 2001-08-17 17:11 69194 c:\windows\SYSTEM32\DLLCACHE\el656cd5.sys + 2009-10-15 21:00 . 2001-08-17 17:10 26141 c:\windows\SYSTEM32\DLLCACHE\el589nd5.sys - 2009-10-15 21:00 . 2001-08-17 16:10 26141 c:\windows\SYSTEM32\DLLCACHE\el589nd5.sys - 2009-10-15 21:00 . 2001-08-17 16:10 69692 c:\windows\SYSTEM32\DLLCACHE\el575nd5.sys + 2009-10-15 21:00 . 2001-08-17 17:10 69692 c:\windows\SYSTEM32\DLLCACHE\el575nd5.sys - 2009-10-15 21:00 . 2001-08-17 16:10 24653 c:\windows\SYSTEM32\DLLCACHE\el574nd4.sys + 2009-10-15 21:00 . 2001-08-17 17:10 24653 c:\windows\SYSTEM32\DLLCACHE\el574nd4.sys - 2009-10-15 21:00 . 2001-08-17 16:10 55999 c:\windows\SYSTEM32\DLLCACHE\el556nd5.sys + 2009-10-15 21:00 . 2001-08-17 17:10 55999 c:\windows\SYSTEM32\DLLCACHE\el556nd5.sys - 2009-10-15 21:00 . 2001-08-17 16:10 44103 c:\windows\SYSTEM32\DLLCACHE\el515.sys + 2009-10-15 21:00 . 2001-08-17 17:10 44103 c:\windows\SYSTEM32\DLLCACHE\el515.sys + 2009-10-15 21:00 . 2001-08-17 17:12 19594 c:\windows\SYSTEM32\DLLCACHE\e100isa4.sys - 2009-10-15 21:00 . 2001-08-17 16:12 19594 c:\windows\SYSTEM32\DLLCACHE\e100isa4.sys + 2009-10-15 21:00 . 2001-08-17 17:12 50719 c:\windows\SYSTEM32\DLLCACHE\e1000nt5.sys - 2009-10-15 21:00 . 2001-08-17 16:12 50719 c:\windows\SYSTEM32\DLLCACHE\e1000nt5.sys + 2009-10-15 21:00 . 2001-08-17 17:12 28062 c:\windows\SYSTEM32\DLLCACHE\dp83820.sys - 2009-10-15 21:00 . 2001-08-17 16:12 28062 c:\windows\SYSTEM32\DLLCACHE\dp83820.sys + 2009-10-15 21:00 . 2001-08-17 18:47 23808 c:\windows\SYSTEM32\DLLCACHE\dot4usb.sys - 2009-10-15 21:00 . 2001-08-17 17:47 23808 c:\windows\SYSTEM32\DLLCACHE\dot4usb.sys - 2009-10-15 21:00 . 2001-08-17 17:47 12928 c:\windows\SYSTEM32\DLLCACHE\dot4prt.sys + 2009-10-15 21:00 . 2001-08-17 18:47 12928 c:\windows\SYSTEM32\DLLCACHE\dot4prt.sys + 2009-10-15 21:00 . 2001-08-17 17:11 29696 c:\windows\SYSTEM32\DLLCACHE\dm9pci5.sys - 2009-10-15 21:00 . 2001-08-17 16:11 29696 c:\windows\SYSTEM32\DLLCACHE\dm9pci5.sys - 2009-10-15 21:00 . 2001-08-17 16:11 26698 c:\windows\SYSTEM32\DLLCACHE\dlh5xnd5.sys + 2009-10-15 21:00 . 2001-08-17 17:11 26698 c:\windows\SYSTEM32\DLLCACHE\dlh5xnd5.sys - 2009-10-15 21:00 . 2001-08-18 02:36 29768 c:\windows\SYSTEM32\DLLCACHE\divasu.dll + 2009-10-15 21:00 . 2001-08-18 03:36 29768 c:\windows\SYSTEM32\DLLCACHE\divasu.dll - 2009-10-15 21:00 . 2001-08-18 02:36 37962 c:\windows\SYSTEM32\DLLCACHE\divaprop.dll + 2009-10-15 21:00 . 2001-08-18 03:36 37962 c:\windows\SYSTEM32\DLLCACHE\divaprop.dll + 2009-10-15 21:00 . 2001-08-18 03:36 38985 c:\windows\SYSTEM32\DLLCACHE\disrvsu.dll - 2009-10-15 21:00 . 2001-08-18 02:36 38985 c:\windows\SYSTEM32\DLLCACHE\disrvsu.dll + 2009-10-15 21:00 . 2001-08-18 03:36 31305 c:\windows\SYSTEM32\DLLCACHE\disrvpp.dll - 2009-10-15 21:00 . 2001-08-18 02:36 31305 c:\windows\SYSTEM32\DLLCACHE\disrvpp.dll - 2009-10-15 21:00 . 2001-08-17 16:13 91305 c:\windows\SYSTEM32\DLLCACHE\dimaint.sys + 2009-10-15 21:00 . 2001-08-17 17:13 91305 c:\windows\SYSTEM32\DLLCACHE\dimaint.sys - 2009-10-15 21:00 . 2001-08-17 16:17 42432 c:\windows\SYSTEM32\DLLCACHE\digirlpt.sys + 2009-10-15 21:00 . 2001-08-17 17:17 42432 c:\windows\SYSTEM32\DLLCACHE\digirlpt.sys + 2009-10-15 21:00 . 2001-08-17 17:14 21606 c:\windows\SYSTEM32\DLLCACHE\digiisdn.sys - 2009-10-15 21:00 . 2001-08-17 16:14 21606 c:\windows\SYSTEM32\DLLCACHE\digiisdn.sys + 2009-10-15 21:00 . 2001-08-18 03:36 41046 c:\windows\SYSTEM32\DLLCACHE\digiisdn.dll - 2009-10-15 21:00 . 2001-08-18 02:36 41046 c:\windows\SYSTEM32\DLLCACHE\digiisdn.dll - 2009-10-15 21:00 . 2001-08-17 16:17 90525 c:\windows\SYSTEM32\DLLCACHE\digifep5.sys + 2009-10-15 21:00 . 2001-08-17 17:17 90525 c:\windows\SYSTEM32\DLLCACHE\digifep5.sys + 2009-10-15 21:00 . 2001-08-17 17:13 37735 c:\windows\SYSTEM32\DLLCACHE\digiasyn.sys - 2009-10-15 21:00 . 2001-08-17 16:13 37735 c:\windows\SYSTEM32\DLLCACHE\digiasyn.sys - 2009-10-15 21:00 . 2001-08-18 02:36 65622 c:\windows\SYSTEM32\DLLCACHE\digiasyn.dll + 2009-10-15 21:00 . 2001-08-18 03:36 65622 c:\windows\SYSTEM32\DLLCACHE\digiasyn.dll - 2009-10-15 20:59 . 2001-08-18 02:36 32256 c:\windows\SYSTEM32\DLLCACHE\diapi2NT.dll + 2009-10-15 20:59 . 2001-08-18 03:36 32256 c:\windows\SYSTEM32\DLLCACHE\diapi2NT.dll + 2009-10-15 21:00 . 2001-08-17 17:17 29531 c:\windows\SYSTEM32\DLLCACHE\dgapci.sys - 2009-10-15 21:00 . 2001-08-17 16:17 29531 c:\windows\SYSTEM32\DLLCACHE\dgapci.sys - 2009-10-15 20:59 . 2001-08-17 16:11 24648 c:\windows\SYSTEM32\DLLCACHE\dfe650.sys + 2009-10-15 20:59 . 2001-08-17 17:11 24648 c:\windows\SYSTEM32\DLLCACHE\dfe650.sys + 2009-10-15 20:59 . 2001-08-18 03:36 24064 c:\windows\SYSTEM32\DLLCACHE\devldr32.exe - 2009-10-15 20:59 . 2001-08-18 02:36 24064 c:\windows\SYSTEM32\DLLCACHE\devldr32.exe - 2009-10-15 20:59 . 2001-08-17 16:11 20928 c:\windows\SYSTEM32\DLLCACHE\defpa.sys + 2009-10-15 20:59 . 2001-08-17 17:11 20928 c:\windows\SYSTEM32\DLLCACHE\defpa.sys - 2009-10-15 20:59 . 2001-08-18 02:36 86016 c:\windows\SYSTEM32\DLLCACHE\dc240usd.dll + 2009-10-15 20:59 . 2001-08-18 03:36 86016 c:\windows\SYSTEM32\DLLCACHE\dc240usd.dll - 2009-10-15 20:59 . 2001-08-17 16:12 63208 c:\windows\SYSTEM32\DLLCACHE\dc21x4.sys + 2009-10-15 20:59 . 2001-08-17 17:12 63208 c:\windows\SYSTEM32\DLLCACHE\dc21x4.sys - 2009-10-15 20:59 . 2001-08-18 02:36 80896 c:\windows\SYSTEM32\DLLCACHE\dc210usd.dll + 2009-10-15 20:59 . 2001-08-18 03:36 80896 c:\windows\SYSTEM32\DLLCACHE\dc210usd.dll - 2009-10-15 20:59 . 2001-08-18 02:36 25600 c:\windows\SYSTEM32\DLLCACHE\dc210_32.dll + 2009-10-15 20:59 . 2001-08-18 03:36 25600 c:\windows\SYSTEM32\DLLCACHE\dc210_32.dll + 2009-10-15 20:59 . 2001-08-18 03:36 27648 c:\windows\SYSTEM32\DLLCACHE\cyzports.dll - 2009-10-15 20:59 . 2001-08-18 02:36 27648 c:\windows\SYSTEM32\DLLCACHE\cyzports.dll + 2009-10-15 20:59 . 2001-08-17 18:50 49792 c:\windows\SYSTEM32\DLLCACHE\cyzport.sys - 2009-10-15 20:59 . 2001-08-17 17:50 49792 c:\windows\SYSTEM32\DLLCACHE\cyzport.sys - 2009-10-15 20:59 . 2001-08-18 02:36 27136 c:\windows\SYSTEM32\DLLCACHE\cyzcoins.dll + 2009-10-15 20:59 . 2001-08-18 03:36 27136 c:\windows\SYSTEM32\DLLCACHE\cyzcoins.dll - 2009-10-15 20:59 . 2001-08-18 02:36 27648 c:\windows\SYSTEM32\DLLCACHE\cyyports.dll + 2009-10-15 20:59 . 2001-08-18 03:36 27648 c:\windows\SYSTEM32\DLLCACHE\cyyports.dll - 2009-10-15 20:59 . 2001-08-17 17:50 50176 c:\windows\SYSTEM32\DLLCACHE\cyyport.sys + 2009-10-15 20:59 . 2001-08-17 18:50 50176 c:\windows\SYSTEM32\DLLCACHE\cyyport.sys + 2009-10-15 20:59 . 2001-08-18 03:36 28672 c:\windows\SYSTEM32\DLLCACHE\cyycoins.dll - 2009-10-15 20:59 . 2001-08-18 02:36 28672 c:\windows\SYSTEM32\DLLCACHE\cyycoins.dll - 2009-10-15 20:59 . 2001-08-17 17:50 14848 c:\windows\SYSTEM32\DLLCACHE\cyclom-y.sys + 2009-10-15 20:59 . 2001-08-17 18:50 14848 c:\windows\SYSTEM32\DLLCACHE\cyclom-y.sys + 2009-10-15 20:59 . 2001-08-17 18:50 17152 c:\windows\SYSTEM32\DLLCACHE\cyclad-z.sys - 2009-10-15 20:59 . 2001-08-17 17:50 17152 c:\windows\SYSTEM32\DLLCACHE\cyclad-z.sys + 2009-10-15 20:59 . 2004-08-04 06:32 48640 c:\windows\SYSTEM32\DLLCACHE\cwrwdm.sys - 2009-10-15 20:59 . 2004-08-04 05:32 48640 c:\windows\SYSTEM32\DLLCACHE\cwrwdm.sys + 2009-10-15 20:59 . 2001-08-17 17:19 93952 c:\windows\SYSTEM32\DLLCACHE\cwcwdm.sys - 2009-10-15 20:59 . 2001-08-17 16:19 93952 c:\windows\SYSTEM32\DLLCACHE\cwcwdm.sys - 2009-10-15 20:59 . 2001-08-17 16:19 72832 c:\windows\SYSTEM32\DLLCACHE\cwbwdm.sys + 2009-10-15 20:59 . 2001-08-17 17:19 72832 c:\windows\SYSTEM32\DLLCACHE\cwbwdm.sys + 2009-10-15 20:59 . 2001-08-17 17:19 96256 c:\windows\SYSTEM32\DLLCACHE\ctlsb16.sys - 2009-10-15 20:59 . 2001-08-17 16:19 96256 c:\windows\SYSTEM32\DLLCACHE\ctlsb16.sys - 2009-10-15 20:59 . 2001-08-17 16:19 42112 c:\windows\SYSTEM32\DLLCACHE\crtaud.sys + 2009-10-15 20:59 . 2001-08-17 17:19 42112 c:\windows\SYSTEM32\DLLCACHE\crtaud.sys + 2009-10-15 20:59 . 2001-08-17 17:11 60970 c:\windows\SYSTEM32\DLLCACHE\cpqtrnd5.sys - 2009-10-15 20:59 . 2001-08-17 16:11 60970 c:\windows\SYSTEM32\DLLCACHE\cpqtrnd5.sys + 2009-10-15 20:59 . 2001-08-17 17:13 21533 c:\windows\SYSTEM32\DLLCACHE\cpqndis5.sys - 2009-10-15 20:59 . 2001-08-17 16:13 21533 c:\windows\SYSTEM32\DLLCACHE\cpqndis5.sys + 2009-10-15 20:59 . 2008-04-13 19:36 10240 c:\windows\SYSTEM32\DLLCACHE\compbatt.sys - 2009-10-15 20:59 . 2008-04-13 18:36 10240 c:\windows\SYSTEM32\DLLCACHE\compbatt.sys + 2009-10-15 20:59 . 2001-08-17 17:11 39936 c:\windows\SYSTEM32\DLLCACHE\cnxt1803.sys - 2009-10-15 20:59 . 2001-08-17 16:11 39936 c:\windows\SYSTEM32\DLLCACHE\cnxt1803.sys - 2009-10-15 20:59 . 2001-08-18 02:36 44032 c:\windows\SYSTEM32\DLLCACHE\cnusd.dll + 2009-10-15 20:59 . 2001-08-18 03:36 44032 c:\windows\SYSTEM32\DLLCACHE\cnusd.dll - 2009-10-15 20:59 . 2001-08-17 17:51 20736 c:\windows\SYSTEM32\DLLCACHE\cmbp0wdm.sys + 2009-10-15 20:59 . 2001-08-17 18:51 20736 c:\windows\SYSTEM32\DLLCACHE\cmbp0wdm.sys - 2009-10-15 20:59 . 2008-04-13 18:36 13952 c:\windows\SYSTEM32\DLLCACHE\cmbatt.sys + 2009-10-15 20:59 . 2008-04-13 19:36 13952 c:\windows\SYSTEM32\DLLCACHE\cmbatt.sys + 2009-10-15 20:59 . 2001-08-17 18:57 45696 c:\windows\SYSTEM32\DLLCACHE\cirrus.sys - 2009-10-15 20:59 . 2001-08-17 17:57 45696 c:\windows\SYSTEM32\DLLCACHE\cirrus.sys + 2009-10-15 20:59 . 2001-08-17 19:56 91264 c:\windows\SYSTEM32\DLLCACHE\cirrus.dll - 2009-10-15 20:59 . 2001-08-17 18:56 91264 c:\windows\SYSTEM32\DLLCACHE\cirrus.dll - 2009-10-15 20:59 . 2001-08-17 16:13 49182 c:\windows\SYSTEM32\DLLCACHE\cem56n5.sys + 2009-10-15 20:59 . 2001-08-17 17:13 49182 c:\windows\SYSTEM32\DLLCACHE\cem56n5.sys - 2009-10-15 20:59 . 2001-08-17 16:13 22044 c:\windows\SYSTEM32\DLLCACHE\cem33n5.sys + 2009-10-15 20:59 . 2001-08-17 17:13 22044 c:\windows\SYSTEM32\DLLCACHE\cem33n5.sys + 2009-10-15 20:59 . 2001-08-17 17:13 22044 c:\windows\SYSTEM32\DLLCACHE\cem28n5.sys - 2009-10-15 20:59 . 2001-08-17 16:13 22044 c:\windows\SYSTEM32\DLLCACHE\cem28n5.sys + 2009-10-15 20:59 . 2001-08-17 17:13 27164 c:\windows\SYSTEM32\DLLCACHE\ce3n5.sys - 2009-10-15 20:59 . 2001-08-17 16:13 27164 c:\windows\SYSTEM32\DLLCACHE\ce3n5.sys + 2009-10-15 20:59 . 2001-08-17 17:13 21530 c:\windows\SYSTEM32\DLLCACHE\ce2n5.sys - 2009-10-15 20:59 . 2001-08-17 16:13 21530 c:\windows\SYSTEM32\DLLCACHE\ce2n5.sys + 2009-10-15 20:59 . 2001-08-17 17:13 46108 c:\windows\SYSTEM32\DLLCACHE\cben5.sys - 2009-10-15 20:59 . 2001-08-17 16:13 46108 c:\windows\SYSTEM32\DLLCACHE\cben5.sys - 2009-10-15 20:59 . 2001-08-17 16:12 39680 c:\windows\SYSTEM32\DLLCACHE\cb325.sys + 2009-10-15 20:59 . 2001-08-17 17:12 39680 c:\windows\SYSTEM32\DLLCACHE\cb325.sys + 2009-10-15 20:59 . 2001-08-17 17:12 37916 c:\windows\SYSTEM32\DLLCACHE\cb102.sys - 2009-10-15 20:59 . 2001-08-17 16:12 37916 c:\windows\SYSTEM32\DLLCACHE\cb102.sys + 2009-10-15 20:59 . 2001-08-18 03:36 74240 c:\windows\SYSTEM32\DLLCACHE\camexo20.dll - 2009-10-15 20:59 . 2001-08-18 02:36 74240 c:\windows\SYSTEM32\DLLCACHE\camexo20.dll - 2009-10-15 20:58 . 2001-08-17 16:11 31529 c:\windows\SYSTEM32\DLLCACHE\brzwlan.sys + 2009-10-15 20:58 . 2001-08-17 17:11 31529 c:\windows\SYSTEM32\DLLCACHE\brzwlan.sys + 2009-10-15 20:58 . 2001-08-17 18:12 10368 c:\windows\SYSTEM32\DLLCACHE\brusbscn.sys - 2009-10-15 20:58 . 2001-08-17 17:12 10368 c:\windows\SYSTEM32\DLLCACHE\brusbscn.sys - 2009-10-15 20:58 . 2001-08-17 17:12 11008 c:\windows\SYSTEM32\DLLCACHE\brusbmdm.sys + 2009-10-15 20:58 . 2001-08-17 18:12 11008 c:\windows\SYSTEM32\DLLCACHE\brusbmdm.sys - 2009-10-15 20:58 . 2001-08-17 17:12 60416 c:\windows\SYSTEM32\DLLCACHE\brserwdm.sys + 2009-10-15 20:58 . 2001-08-17 18:12 60416 c:\windows\SYSTEM32\DLLCACHE\brserwdm.sys + 2009-10-15 20:58 . 2001-08-17 18:12 39552 c:\windows\SYSTEM32\DLLCACHE\brparwdm.sys - 2009-10-15 20:58 . 2001-08-17 17:12 39552 c:\windows\SYSTEM32\DLLCACHE\brparwdm.sys + 2009-10-15 20:58 . 2001-08-18 03:36 41472 c:\windows\SYSTEM32\DLLCACHE\brmfusb.dll - 2009-10-15 20:58 . 2001-08-18 02:36 41472 c:\windows\SYSTEM32\DLLCACHE\brmfusb.dll + 2009-10-15 20:58 . 2001-08-18 03:36 32256 c:\windows\SYSTEM32\DLLCACHE\brmfrsmg.exe - 2009-10-15 20:58 . 2001-08-18 02:36 32256 c:\windows\SYSTEM32\DLLCACHE\brmfrsmg.exe + 2009-10-15 20:58 . 2001-08-18 03:36 29696 c:\windows\SYSTEM32\DLLCACHE\brmflpt.dll - 2009-10-15 20:58 . 2001-08-18 02:36 29696 c:\windows\SYSTEM32\DLLCACHE\brmflpt.dll - 2009-10-15 20:58 . 2001-08-18 02:36 81408 c:\windows\SYSTEM32\DLLCACHE\brmfcwia.dll + 2009-10-15 20:58 . 2001-08-18 03:36 81408 c:\windows\SYSTEM32\DLLCACHE\brmfcwia.dll + 2009-10-15 20:58 . 2001-08-18 03:36 15360 c:\windows\SYSTEM32\DLLCACHE\brmfbidi.dll - 2009-10-15 20:58 . 2001-08-18 02:36 15360 c:\windows\SYSTEM32\DLLCACHE\brmfbidi.dll + 2009-10-15 20:58 . 2001-08-17 18:12 12160 c:\windows\SYSTEM32\DLLCACHE\brfiltlo.sys - 2009-10-15 20:58 . 2001-08-17 17:12 12160 c:\windows\SYSTEM32\DLLCACHE\brfiltlo.sys + 2009-10-15 20:58 . 2001-08-18 03:36 12800 c:\windows\SYSTEM32\DLLCACHE\brevif.dll - 2009-10-15 20:58 . 2001-08-18 02:36 12800 c:\windows\SYSTEM32\DLLCACHE\brevif.dll - 2009-10-15 20:58 . 2001-08-18 02:36 19456 c:\windows\SYSTEM32\DLLCACHE\brbidiif.dll + 2009-10-15 20:58 . 2001-08-18 03:36 19456 c:\windows\SYSTEM32\DLLCACHE\brbidiif.dll + 2009-10-15 20:58 . 2001-08-17 17:11 26568 c:\windows\SYSTEM32\DLLCACHE\bcm4e5.sys - 2009-10-15 20:58 . 2001-08-17 16:11 26568 c:\windows\SYSTEM32\DLLCACHE\bcm4e5.sys + 2009-10-15 20:58 . 2001-08-17 17:11 54271 c:\windows\SYSTEM32\DLLCACHE\bcm42xx5.sys - 2009-10-15 20:58 . 2001-08-17 16:11 54271 c:\windows\SYSTEM32\DLLCACHE\bcm42xx5.sys + 2009-10-15 20:58 . 2001-08-17 17:11 66557 c:\windows\SYSTEM32\DLLCACHE\bcm42u.sys - 2009-10-15 20:58 . 2001-08-17 16:11 66557 c:\windows\SYSTEM32\DLLCACHE\bcm42u.sys - 2009-10-15 20:58 . 2008-04-13 18:36 14208 c:\windows\SYSTEM32\DLLCACHE\battc.sys + 2009-10-15 20:58 . 2008-04-13 19:36 14208 c:\windows\SYSTEM32\DLLCACHE\battc.sys + 2009-10-15 20:58 . 2001-08-17 17:48 36128 c:\windows\SYSTEM32\DLLCACHE\banshee.sys - 2009-10-15 20:58 . 2001-08-17 16:48 36128 c:\windows\SYSTEM32\DLLCACHE\banshee.sys - 2009-10-15 20:58 . 2001-08-17 16:11 96640 c:\windows\SYSTEM32\DLLCACHE\b57xp32.sys + 2009-10-15 20:58 . 2001-08-17 17:11 96640 c:\windows\SYSTEM32\DLLCACHE\b57xp32.sys - 2009-10-15 20:58 . 2001-08-17 16:13 89952 c:\windows\SYSTEM32\DLLCACHE\b1cbase.sys + 2009-10-15 20:58 . 2001-08-17 17:13 89952 c:\windows\SYSTEM32\DLLCACHE\b1cbase.sys + 2009-10-15 20:58 . 2001-08-17 17:19 36992 c:\windows\SYSTEM32\DLLCACHE\aztw2320.sys - 2009-10-15 20:58 . 2001-08-17 16:19 36992 c:\windows\SYSTEM32\DLLCACHE\aztw2320.sys - 2009-10-15 20:58 . 2001-08-17 16:13 37568 c:\windows\SYSTEM32\DLLCACHE\avmwan.sys + 2009-10-15 20:58 . 2001-08-17 17:13 37568 c:\windows\SYSTEM32\DLLCACHE\avmwan.sys + 2009-10-15 20:58 . 2001-08-18 03:36 87552 c:\windows\SYSTEM32\DLLCACHE\avmcoxp.dll - 2009-10-15 20:58 . 2001-08-18 02:36 87552 c:\windows\SYSTEM32\DLLCACHE\avmcoxp.dll + 2009-10-15 20:58 . 2008-04-13 19:46 13696 c:\windows\SYSTEM32\DLLCACHE\avcstrm.sys - 2009-10-15 20:58 . 2008-04-13 18:46 13696 c:\windows\SYSTEM32\DLLCACHE\avcstrm.sys - 2009-10-15 20:58 . 2001-08-17 18:01 36096 c:\windows\SYSTEM32\DLLCACHE\avcaudio.sys + 2009-10-15 20:58 . 2001-08-17 19:01 36096 c:\windows\SYSTEM32\DLLCACHE\avcaudio.sys - 2009-10-15 20:58 . 2008-04-13 18:46 38912 c:\windows\SYSTEM32\DLLCACHE\avc.sys + 2009-10-15 20:58 . 2008-04-13 19:46 38912 c:\windows\SYSTEM32\DLLCACHE\avc.sys - 2009-10-15 20:58 . 2001-08-17 16:49 23552 c:\windows\SYSTEM32\DLLCACHE\atixbar.sys + 2009-10-15 20:58 . 2001-08-17 17:49 23552 c:\windows\SYSTEM32\DLLCACHE\atixbar.sys + 2009-10-15 20:58 . 2001-08-17 17:49 26624 c:\windows\SYSTEM32\DLLCACHE\ativxbar.sys - 2009-10-15 20:58 . 2001-08-17 16:49 26624 c:\windows\SYSTEM32\DLLCACHE\ativxbar.sys - 2009-10-15 20:58 . 2001-08-17 16:49 19456 c:\windows\SYSTEM32\DLLCACHE\ativttxx.sys + 2009-10-15 20:58 . 2001-08-17 17:49 19456 c:\windows\SYSTEM32\DLLCACHE\ativttxx.sys + 2009-10-15 20:58 . 2001-08-17 17:49 17152 c:\windows\SYSTEM32\DLLCACHE\atitvsnd.sys - 2009-10-15 20:58 . 2001-08-17 16:49 17152 c:\windows\SYSTEM32\DLLCACHE\atitvsnd.sys + 2009-10-15 20:58 . 2001-08-17 17:49 17152 c:\windows\SYSTEM32\DLLCACHE\atitunep.sys - 2009-10-15 20:58 . 2001-08-17 16:49 17152 c:\windows\SYSTEM32\DLLCACHE\atitunep.sys + 2009-10-15 20:58 . 2001-08-17 17:49 26880 c:\windows\SYSTEM32\DLLCACHE\atirtsnd.sys - 2009-10-15 20:58 . 2001-08-17 16:49 26880 c:\windows\SYSTEM32\DLLCACHE\atirtsnd.sys + 2009-10-15 20:58 . 2001-08-17 17:49 49920 c:\windows\SYSTEM32\DLLCACHE\atirtcap.sys - 2009-10-15 20:58 . 2001-08-17 16:49 49920 c:\windows\SYSTEM32\DLLCACHE\atirtcap.sys + 2009-10-15 20:58 . 2001-08-17 17:48 70528 c:\windows\SYSTEM32\DLLCACHE\atiragem.sys - 2009-10-15 20:58 . 2001-08-17 16:48 70528 c:\windows\SYSTEM32\DLLCACHE\atiragem.sys - 2009-10-15 20:58 . 2001-08-17 16:49 10240 c:\windows\SYSTEM32\DLLCACHE\atipcxxx.sys + 2009-10-15 20:58 . 2001-08-17 17:49 10240 c:\windows\SYSTEM32\DLLCACHE\atipcxxx.sys - 2009-10-15 20:58 . 2001-08-17 16:49 75136 c:\windows\SYSTEM32\DLLCACHE\atimpae.sys + 2009-10-15 20:58 . 2001-08-17 17:49 75136 c:\windows\SYSTEM32\DLLCACHE\atimpae.sys - 2009-10-15 20:58 . 2001-08-18 02:36 37376 c:\windows\SYSTEM32\DLLCACHE\atievxx.exe + 2009-10-15 20:58 . 2001-08-18 03:36 37376 c:\windows\SYSTEM32\DLLCACHE\atievxx.exe - 2009-10-15 20:58 . 2001-08-17 16:49 46464 c:\windows\SYSTEM32\DLLCACHE\atibt829.sys + 2009-10-15 20:58 . 2001-08-17 17:49 46464 c:\windows\SYSTEM32\DLLCACHE\atibt829.sys + 2009-10-15 20:57 . 2001-08-17 18:57 77568 c:\windows\SYSTEM32\DLLCACHE\ati.sys - 2009-10-15 20:57 . 2001-08-17 17:57 77568 c:\windows\SYSTEM32\DLLCACHE\ati.sys + 2009-10-15 20:57 . 2001-08-17 17:12 97354 c:\windows\SYSTEM32\DLLCACHE\aspndis3.sys - 2009-10-15 20:57 . 2001-08-17 16:12 97354 c:\windows\SYSTEM32\DLLCACHE\aspndis3.sys - 2009-10-15 20:57 . 2002-08-29 02:59 36224 c:\windows\SYSTEM32\DLLCACHE\an983.sys + 2009-10-15 20:57 . 2002-08-29 03:59 36224 c:\windows\SYSTEM32\DLLCACHE\an983.sys - 2009-10-15 20:57 . 2001-08-17 16:11 16969 c:\windows\SYSTEM32\DLLCACHE\amb8002.sys + 2009-10-15 20:57 . 2001-08-17 17:11 16969 c:\windows\SYSTEM32\DLLCACHE\amb8002.sys + 2009-10-15 20:57 . 2001-08-17 18:49 26624 c:\windows\SYSTEM32\DLLCACHE\alifir.sys - 2009-10-15 20:57 . 2001-08-17 17:49 26624 c:\windows\SYSTEM32\DLLCACHE\alifir.sys + 2009-10-15 20:57 . 2001-08-17 17:11 27678 c:\windows\SYSTEM32\DLLCACHE\ali5261.sys - 2009-10-15 20:57 . 2001-08-17 16:11 27678 c:\windows\SYSTEM32\DLLCACHE\ali5261.sys - 2009-10-15 20:57 . 2001-08-17 16:11 46112 c:\windows\SYSTEM32\DLLCACHE\adptsf50.sys + 2009-10-15 20:57 . 2001-08-17 17:11 46112 c:\windows\SYSTEM32\DLLCACHE\adptsf50.sys + 2009-10-15 20:57 . 2002-08-29 04:00 10880 c:\windows\SYSTEM32\DLLCACHE\admjoy.sys - 2009-10-15 20:57 . 2002-08-29 03:00 10880 c:\windows\SYSTEM32\DLLCACHE\admjoy.sys + 2009-10-15 20:57 . 2001-08-17 17:11 20160 c:\windows\SYSTEM32\DLLCACHE\adm8511.sys - 2009-10-15 20:57 . 2001-08-17 16:11 20160 c:\windows\SYSTEM32\DLLCACHE\adm8511.sys + 2009-10-15 20:57 . 2001-08-18 03:36 61440 c:\windows\SYSTEM32\DLLCACHE\acerscad.dll - 2009-10-15 20:57 . 2001-08-18 02:36 61440 c:\windows\SYSTEM32\DLLCACHE\acerscad.dll - 2009-10-15 20:57 . 2002-08-29 03:00 84480 c:\windows\SYSTEM32\DLLCACHE\ac97via.sys + 2009-10-15 20:57 . 2002-08-29 04:00 84480 c:\windows\SYSTEM32\DLLCACHE\ac97via.sys - 2009-10-15 20:57 . 2001-08-17 16:20 96256 c:\windows\SYSTEM32\DLLCACHE\ac97intc.sys + 2009-10-15 20:57 . 2001-08-17 17:20 96256 c:\windows\SYSTEM32\DLLCACHE\ac97intc.sys - 2009-10-15 20:57 . 2001-08-17 18:55 38400 c:\windows\SYSTEM32\DLLCACHE\8514a.dll + 2009-10-15 20:57 . 2001-08-17 19:55 38400 c:\windows\SYSTEM32\DLLCACHE\8514a.dll - 2009-10-15 20:57 . 2008-04-13 18:46 48128 c:\windows\SYSTEM32\DLLCACHE\61883.sys + 2009-10-15 20:57 . 2008-04-13 19:46 48128 c:\windows\SYSTEM32\DLLCACHE\61883.sys - 2009-10-15 20:57 . 2008-04-13 18:40 12288 c:\windows\SYSTEM32\DLLCACHE\4mmdat.sys + 2009-10-15 20:57 . 2008-04-13 19:40 12288 c:\windows\SYSTEM32\DLLCACHE\4mmdat.sys + 2009-10-15 20:57 . 2001-08-17 19:06 11264 c:\windows\SYSTEM32\DLLCACHE\1394vdbg.sys - 2009-10-15 20:57 . 2001-08-17 18:06 11264 c:\windows\SYSTEM32\DLLCACHE\1394vdbg.sys + 2009-10-15 20:57 . 2008-04-13 19:46 53376 c:\windows\SYSTEM32\DLLCACHE\1394bus.sys - 2009-10-15 20:57 . 2008-04-13 18:46 53376 c:\windows\SYSTEM32\DLLCACHE\1394bus.sys + 2009-11-02 00:54 . 2009-11-02 00:54 22528 c:\windows\Installer\62e72f.msi + 2009-11-07 01:53 . 2009-11-07 01:53 62464 c:\windows\Installer\2471240.msi

Malwarebytes' Anti-Malware 1.41 Database version: 3126 Windows 5.1.2600 Service Pack 3 11/8/2009 12:45:31 PM mbam-log-2009-11-08 (12-45-31).txt Scan type: Quick Scan Objects scanned: 124275 Time elapsed: 10 minute(s), 42 second(s) Memory Processes Infected: 0 Memory Modules Infected: 0 Registry Keys Infected: 0 Registry Values Infected: 0 Registry Data Items Infected: 0 Folders Infected: 0 Files Infected: 0 Memory Processes Infected: (No malicious items detected) Memory Modules Infected: (No malicious items detected) Registry Keys Infected: (No malicious items detected) Registry Values Infected: (No malicious items detected) Registry Data Items Infected: (No malicious items detected) Folders Infected: (No malicious items detected) Files Infected: (No malicious items detected) -------------------------------------------------------------------------------------------------------------------------------- combofix working, will paste in next post

Will arrange, ASAP.

I did not submit any post for assistance. Soldiered on and have come this far. A terribly nagging rogue anti-virus. Spyware Pro 2009 or some such? This seems to be (one?) of its signature hallmarks, for the moment: O1 - Hosts: ::1 localhost O1 - Hosts: 91.212.127.226 winguard2009.microsoft.com O1 - Hosts: 91.212.127.226 winguard-2009.com O1 - Hosts: 91.212.127.226 www.winguard-2009.com combofix, malwarebytes, HiJackThis, antivir, OTL, GMER, AVG ... Finally get an all clear. And yet the damn thing still came back. And was more virulent - safe mode boot would crash; no taskbar or desktop; wouldn't run almost any program; popping up browsers to porno.com and viagra.com, if I remember correctly. Running on a pretty slow old Dell 2400, I could see a box flash Tittled: "Windows Installer" with text in the box of "Preparing to install" and otherwise blank, for just a moment. Actually, 2, in rapid succession. Luckily, in a real time race, I was able to get Microsoft's SysInternals "Process Explorer" up and running quickly enough, before it too was disabled from starting. And spotted 2 sub-processes to an svchost process both identified as wmiprvse.exe. And as fast as I could, did a right click and Suspend to stop their on going execution / infecting. On one occassion, the rootkit revealers showed that mbam.exe was already hidden. Along with about 100 other files, some of which were the various other anti-virus / virus removal tools / scanners. And the hosts file already tampered with. However, I had made a copy of mbam.exe named as newyork.exe as suggested somewhere in my searches. You probably might want to pick your own name, so the bastards reading this won't start hiding newyork.exe. To prevent further re-infection though, I used the Windows Recovery Console on boot up (kindly installed by combofix). Have to be quick there, too. The Recovery Console option is only there for 2 or 3 seconds! Navigate to: C:\Windows\system32\wbem and renamed wmiprvse.exe to a different name - again, pick what you like, that you can easily revert, if necessary. My guess is that wmiprvse.exe isn't actually infected. But, rather, being utilized to somehow install the infection. For me, the system now appears to run normally, without wmiprvse.exe. Your mileage may vary. After bootup and the user logs in, the 2 "Windows Installer" "Preparing to install" alerts both still pop up, but no wmiprvse.exe starts, AFAIK. System seems to be remaining free from re-infection. Even though I believe the core bad stuff is still there, undetected by anything I've used, yet. Just waiting for its chance to "phone home" and get a new, ever more "improved" virulent version. Unfortunately, I don't have the specific experience at debugging windows to know how to determine the origin of the sequence leading to wmiprvse.exe. I had considered trying to use "Process Monitor", but I've already spent 2.5 days getting this far. If any experts would like to contact me, I'm sure I'm capable and can greatly assist in discovering the as yet undetected core. I would dearly like to truly kill this one, once and for all. I'm keeping my fingers crossed. These bad boys are obviously watching the various public sites, like this one. And morphing / "upgrading" their stuff, as a result. IMHO Which means some of the communication, initially, as to specifics really needs to be non-public. So as to be able to improve the removal / detection without tipping them off.

ComboFix did the trick, for me, re-fixing the "not a valid Windows image" popups. Tip: After downloading ComboFix, reboot in Safe Mode, *with* Networking. Safe mode turned off my AVG anti-virus that I couldn't kill otherwise. And Networking permits ComboFix to download and install the MS Recovery Console, if it is not already installed, so it can do the most thorough job.

By using a flash memory stick with an image of an intact Malware Program Files directory, I was able, after multiple passes, including safe mode, to kill SecurityTool. I think ! But now, it would seem there was further damaje done by the the rogue AV Security Tools / Trojan Vundo or Vundo.H . In particular, all sorts of programs including MBAM, start with an error alert of the sort tittled: mbam.exe with a message body negonuze (or nanenipu) {2 of the bad Vundo files} ... "not a valid Windows image" ... The MS program start software altered by Vundo to start up one of its components parts? Or, some number of program .exe files tampered with an need a repair? Responding by clicking on the alert box's OK button, repeatedly, as necessary, allows everything to seemingly proceed normally.