Jump to content

Infected by Virus: Explorer.exe & logon.exe Infected plus some more?


Recommended Posts

Hello,

I noticed my avast starting to popup a few virus alerts and then my computer started to restart the odd time randomly and then explorer.exe did not start up.

I ran antivirus avast, and Viruses it mentioned were called: system32/ini:cycbot-gen and system32/winlogon.exe and one time for this Tango toolbar called system32/mshta. But could not be deleted as they are vital to the system or something.

I seem to be having the same issue as this post:

http://forums.malwarebytes.org/index.php?showtopic=101723

and I have downloaded and run combofix as outlined in post #8 of the above page.

I see that one of the forum admins then posted a "kill code" or something to put in a text file which then goes into combofix.

Does anyone happen to know which code will fix my problem? My most recent log file is below from combofix: (I also see babylon toolbar as a virus in the log files but the A/V did catch it, maybe it could not remove it...)

ComboFix 12-03-17.01 - Christian 03/17/2012 21:03:03.2.1 - x86

Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.3071.2476 [GMT -7:00]

Running from: c:\documents and settings\Christian\Desktop\ComboFix.exe

AV: avast! Antivirus *Disabled/Updated* {7591DB91-41F0-48A3-B128-1A293FD8233D}

AV: Microsoft Security Essentials *Enabled/Updated* {BCF43643-A118-4432-AEDE-D861FCBCFCDF}

.

.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))

.

.

c:\documents and settings\Christian\Local Settings\Application Data\{96FEE677-8B8A-4720-8E4A-D887ADB2CE1C}

c:\documents and settings\Christian\Local Settings\Application Data\{96FEE677-8B8A-4720-8E4A-D887ADB2CE1C}\chrome.manifest

c:\documents and settings\Christian\Local Settings\Application Data\{96FEE677-8B8A-4720-8E4A-D887ADB2CE1C}\chrome\content\_cfg.js

c:\documents and settings\Christian\Local Settings\Application Data\{96FEE677-8B8A-4720-8E4A-D887ADB2CE1C}\chrome\content\overlay.xul

c:\documents and settings\Christian\Local Settings\Application Data\{96FEE677-8B8A-4720-8E4A-D887ADB2CE1C}\install.rdf

.

c:\windows\explorer.exe . . . is infected!!

.

.

((((((((((((((((((((((((( Files Created from 2012-02-18 to 2012-03-18 )))))))))))))))))))))))))))))))

.

.

2012-03-18 02:53 . 2012-03-06 23:03 337880 ----a-w- c:\windows\system32\drivers\aswSP.sys

2012-03-18 02:53 . 2012-03-06 23:01 20696 ----a-w- c:\windows\system32\drivers\aswFsBlk.sys

2012-03-18 02:53 . 2012-03-06 23:02 35672 ----a-w- c:\windows\system32\drivers\aswRdr.sys

2012-03-18 02:53 . 2012-03-06 23:01 53848 ----a-w- c:\windows\system32\drivers\aswTdi.sys

2012-03-18 02:53 . 2012-03-06 23:03 612184 ----a-w- c:\windows\system32\drivers\aswSnx.sys

2012-03-18 02:53 . 2012-03-06 23:01 95704 ----a-w- c:\windows\system32\drivers\aswmon2.sys

2012-03-18 02:53 . 2012-03-06 23:01 89048 ----a-w- c:\windows\system32\drivers\aswmon.sys

2012-03-18 02:53 . 2012-03-06 22:58 24920 ----a-w- c:\windows\system32\drivers\aavmker4.sys

2012-03-18 02:53 . 2012-03-06 23:15 41184 ----a-w- c:\windows\avastSS.scr

2012-03-18 02:52 . 2012-03-06 23:15 201352 ----a-w- c:\windows\system32\aswBoot.exe

2012-03-18 02:52 . 2012-03-18 02:52 -------- d-----w- c:\program files\AVAST Software

2012-03-18 02:52 . 2012-03-18 02:52 -------- d-----w- c:\documents and settings\All Users\Application Data\AVAST Software

2012-03-18 01:16 . 2012-03-18 01:16 28752 ----a-w- c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{55F9E85C-6E15-494E-87E3-8A989BB2D4F7}\MpKsl0444bcd2.sys

2012-03-18 00:48 . 2012-03-18 00:48 -------- d-----w- c:\documents and settings\Christian\Application Data\SUPERAntiSpyware.com

2012-03-18 00:44 . 2012-03-18 00:48 -------- d-----w- c:\program files\SUPERAntiSpyware

2012-03-18 00:44 . 2012-03-18 00:44 -------- d-----w- c:\documents and settings\All Users\Application Data\SUPERAntiSpyware.com

2012-03-17 23:06 . 2012-03-17 23:06 -------- d-----w- c:\windows\system32\wbem\Repository

2012-03-17 23:06 . 2012-03-17 23:06 -------- d-----w- c:\documents and settings\Christian\Application Data\TuneUpMedia

2012-03-17 23:05 . 2012-03-18 00:00 -------- d-----w- c:\documents and settings\All Users\Application Data\TuneUpMedia

2012-03-17 23:05 . 2012-03-17 23:06 -------- d-----w- c:\program files\TuneUpMedia

2012-03-17 23:03 . 2012-03-17 23:03 -------- d-----w- c:\documents and settings\Christian\Local Settings\Application Data\Babylon

2012-03-17 23:03 . 2012-03-17 23:03 -------- d-----w- c:\documents and settings\Christian\Application Data\Babylon

2012-03-17 23:03 . 2012-03-17 23:03 -------- d-----w- c:\documents and settings\All Users\Application Data\Babylon

2012-03-14 04:08 . 2012-03-14 04:08 -------- d-----w- c:\documents and settings\Christian\Local Settings\Application Data\AskToolbar

.

.

.

(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2012-03-10 18:45 . 2006-12-30 02:17 60416 -c--a-w- c:\windows\ALCFDRTM.VER

2012-02-03 09:22 . 2004-08-04 12:00 1860096 ----a-w- c:\windows\system32\win32k.sys

2012-01-11 19:06 . 2012-02-15 03:16 3072 ------w- c:\windows\system32\iacenc.dll

2012-01-09 16:20 . 2006-12-30 01:51 139784 ----a-w- c:\windows\system32\drivers\rdpwd.sys

2012-02-19 06:35 . 2011-04-03 04:17 134104 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll

.

.

------- Sigcheck -------

Note: Unsigned files aren't necessarily malware.

.

[-] 2008-04-14 . 8CDCE5C34EF646C997869B59B79186CC . 1033728 . . [6.00.2900.5512] . . c:\windows\explorer.exe

[7] 2008-04-14 . 12896823FB95BFB3DC9B46BCAEDC9923 . 1033728 . . [6.00.2900.5512] . . c:\windows\ServicePackFiles\i386\explorer.exe

[-] 2007-06-13 . 7712DF0CDDE3A5AC89843E61CD5B3658 . 1033216 . . [6.00.2900.3156] . . c:\windows\$hf_mig$\KB938828\SP2QFE\explorer.exe

[-] 2007-06-13 . 97BD6515465659FF8F3B7BE375B2EA87 . 1033216 . . [6.00.2900.3156] . . c:\windows\$NtServicePackUninstall$\explorer.exe

[7] 2004-08-04 . A0732187050030AE399B241436565E64 . 1032192 . . [6.00.2900.2180] . . c:\windows\$NtUninstallKB938828$\explorer.exe

.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))

.

.

*Note* empty entries & legit default entries are not shown

REGEDIT4

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\00avast]

@="{472083B0-C522-11CF-8763-00608CC02F24}"

[HKEY_CLASSES_ROOT\CLSID\{472083B0-C522-11CF-8763-00608CC02F24}]

2012-03-06 23:15 123536 ----a-w- c:\program files\AVAST Software\Avast\ashShell.dll

.

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"Advanced SystemCare 5"="c:\program files\IObit\Advanced SystemCare 5\ASCTray.exe" [2011-12-30 620376]

"DWQueuedReporting"="c:\progra~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" [2010-12-21 519584]

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"SoundMan"="SOUNDMAN.EXE" [2004-06-18 67584]

"InCD"="c:\program files\Ahead\InCD\InCD.exe" [2005-07-08 1397760]

"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2012-01-04 37296]

"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-01-02 843712]

"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2010-08-10 421888]

"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2010-05-14 248552]

"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2011-12-08 421736]

"HP Software Update"="c:\program files\HP\HP Software Update\HPWuSchd2.exe" [2011-05-10 49208]

"APSDaemon"="c:\program files\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2011-11-02 59240]

"Acrobat Assistant 7.0"="c:\program files\Adobe\Acrobat 7.0\Distillr\Acrotray.exe" [2008-04-23 483328]

"avast"="c:\program files\AVAST Software\Avast\avastUI.exe" [2012-03-06 4241512]

.

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]

"DWQueuedReporting"="c:\progra~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" [2010-12-21 519584]

.

c:\documents and settings\All Users\Start Menu\Programs\Startup\

Adobe Acrobat Speed Launcher.lnk - c:\windows\Installer\{AC76BA86-1033-0000-7760-000000000002}\SC_Acrobat.exe [2011-11-11 25214]

HP Digital Imaging Monitor.lnk - c:\program files\HP\Digital Imaging\bin\hpqtra08.exe [2005-12-15 282624]

Windows Search.lnk - c:\program files\Windows Desktop Search\WindowsSearch.exe [N/A]

.

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]

"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "c:\program files\SUPERAntiSpyware\SASSEH.DLL" [2011-07-19 113024]

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]

2011-05-04 17:54 551296 ----a-w- c:\program files\SUPERAntiSpyware\SASWINLO.DLL

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]

"mixer"=DrvTrNTm.dll

"wave"=DrvTrNTm.dll

.

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\!SASCORE]

@=""

.

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc]

@="Service"

.

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]

"DisableMonitoring"=dword:00000001

.

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]

"DisableMonitoring"=dword:00000001

.

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]

"DisableMonitoring"=dword:00000001

.

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]

"%windir%\\system32\\sessmgr.exe"=

"c:\\Program Files\\Messenger\\msmsgs.exe"=

"%windir%\\Network Diagnostic\\xpnetdiag.exe"=

"c:\\Program Files\\AvRack\\rtlrack.exe"=

"c:\\Program Files\\Mozilla Firefox\\firefox.exe"=

"c:\\Program Files\\uTorrent\\uTorrent.exe"=

"c:\\Program Files\\Java\\jre6\\bin\\java.exe"=

"c:\\Program Files\\VideoLAN\\VLC\\vlc.exe"=

"c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=

"c:\\Program Files\\Windows Live\\Sync\\WindowsLiveSync.exe"=

"c:\\Program Files\\VirtualDJ\\virtualdj.exe"=

"c:\\Program Files\\Microsoft Office\\Office12\\ONENOTE.EXE"=

"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqtra08.exe"=

"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqste08.exe"=

"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpofxm08.exe"=

"c:\\Program Files\\HP\\Digital Imaging\\bin\\hposfx08.exe"=

"c:\\Program Files\\HP\\Digital Imaging\\bin\\hposid01.exe"=

"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqscnvw.exe"=

"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqkygrp.exe"=

"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqCopy.exe"=

"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpfccopy.exe"=

"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpzwiz01.exe"=

"c:\\Program Files\\HP\\Digital Imaging\\Unload\\HpqPhUnl.exe"=

"c:\\Program Files\\HP\\Digital Imaging\\Unload\\HpqDIA.exe"=

"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpoews01.exe"=

"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqnrs08.exe"=

"c:\\Program Files\\Common Files\\Apple\\Apple Application Support\\WebKit2WebProcess.exe"=

"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=

"c:\\Program Files\\iTunes\\iTunes.exe"=

.

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]

"5985:TCP"= 5985:TCP:*:Disabled:Windows Remote Management

.

R0 sptd;sptd;c:\windows\system32\drivers\sptd.sys [7/31/2011 05:27 PM 436792]

R1 aswSP;aswSP;c:\windows\system32\drivers\aswSP.sys [3/17/2012 07:53 PM 337880]

R1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\sasdifsv.sys [7/22/2011 09:27 AM 12880]

R1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL.SYS [7/12/2011 02:55 PM 67664]

R1 SBRE;SBRE;c:\windows\system32\drivers\SBREDrv.sys [8/15/2010 09:27 PM 95024]

R2 !SASCORE;SAS Core Service;c:\program files\SUPERAntiSpyware\SASCore.exe [8/11/2011 04:38 PM 116608]

R2 AdvancedSystemCareService5;Advanced SystemCare Service 5;c:\program files\IObit\Advanced SystemCare 5\ASCService.exe [11/28/2011 09:38 PM 497496]

R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [3/17/2012 07:53 PM 20696]

R2 nlsX86cc;NLS Service;c:\windows\system32\NLSSRV32.EXE [9/24/2011 03:03 PM 68928]

R3 TotRec7;Total Recorder WDM audio driver;c:\windows\system32\drivers\TotRec7.sys [2/28/2011 10:42 PM 120472]

S0 Lbd;Lbd;c:\windows\system32\DRIVERS\Lbd.sys --> c:\windows\system32\DRIVERS\Lbd.sys [?]

S1 aswSnx;aswSnx;c:\windows\system32\drivers\aswSnx.sys [3/17/2012 07:53 PM 612184]

S1 MpKsl36624047;MpKsl36624047;\??\c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{55F9E85C-6E15-494E-87E3-8A989BB2D4F7}\MpKsl36624047.sys --> c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{55F9E85C-6E15-494E-87E3-8A989BB2D4F7}\MpKsl36624047.sys [?]

S1 MpKsl6aa231d0;MpKsl6aa231d0;\??\c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{55F9E85C-6E15-494E-87E3-8A989BB2D4F7}\MpKsl6aa231d0.sys --> c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{55F9E85C-6E15-494E-87E3-8A989BB2D4F7}\MpKsl6aa231d0.sys [?]

S1 MpKsl75385543;MpKsl75385543;\??\c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{55F9E85C-6E15-494E-87E3-8A989BB2D4F7}\MpKsl75385543.sys --> c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{55F9E85C-6E15-494E-87E3-8A989BB2D4F7}\MpKsl75385543.sys [?]

S1 MpKsld5de23f2;MpKsld5de23f2;\??\c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{F8728CE0-9AB6-4B9F-A7CB-D2D5574D1F2D}\MpKsld5de23f2.sys --> c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{F8728CE0-9AB6-4B9F-A7CB-D2D5574D1F2D}\MpKsld5de23f2.sys [?]

S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [3/18/2010 01:16 PM 130384]

S3 cpuz130;cpuz130;\??\c:\docume~1\CHRIST~1\LOCALS~1\Temp\cpuz130\cpuz_x32.sys --> c:\docume~1\CHRIST~1\LOCALS~1\Temp\cpuz130\cpuz_x32.sys [?]

S3 EagleXNt;EagleXNt;\??\c:\windows\system32\drivers\EagleXNt.sys --> c:\windows\system32\drivers\EagleXNt.sys [?]

S3 Lavasoft Kernexplorer;Lavasoft helper driver;\??\c:\program files\Lavasoft\Ad-Aware\KernExplorer.sys --> c:\program files\Lavasoft\Ad-Aware\KernExplorer.sys [?]

S3 osppsvc;Office Software Protection Platform;c:\program files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [1/9/2010 09:37 PM 4640000]

S3 pcouffin;VSO Software pcouffin;c:\windows\system32\drivers\pcouffin.sys [8/5/2007 12:23 PM 47360]

S3 TotRec8;Total Recorder WDM audio filter driver;\??\c:\windows\system32\drivers\TotRec8.sys --> c:\windows\system32\drivers\TotRec8.sys [?]

S3 WinRM;Windows Remote Management (WS-Management);c:\windows\system32\svchost.exe -k WINRM [8/4/2004 05:00 AM 14336]

S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe [3/18/2010 01:16 PM 753504]

.

--- Other Services/Drivers In Memory ---

.

*NewlyCreated* - AVAST!_ANTIVIRUS

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]

WINRM REG_MULTI_SZ WINRM

.

Contents of the 'Scheduled Tasks' folder

.

2012-03-18 c:\windows\Tasks\User_Feed_Synchronization-{3D21ED30-8301-4C6F-8979-CA64B5D7EF82}.job

- c:\windows\system32\msfeedssync.exe [2006-10-17 11:31]

.

.

------- Supplementary Scan -------

.

uStart Page = hxxp://www.google.ca/

mSearch Bar = hxxp://www.google.com

uInternet Connection Wizard,ShellNext = iexplore

uInternet Settings,ProxyOverride = *.local

IE: Convert link target to Adobe PDF - c:\program files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html

IE: Convert link target to existing PDF - c:\program files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html

IE: Convert selected links to Adobe PDF - c:\program files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html

IE: Convert selected links to existing PDF - c:\program files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html

IE: Convert selection to Adobe PDF - c:\program files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html

IE: Convert selection to existing PDF - c:\program files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html

IE: Convert to Adobe PDF - c:\program files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html

IE: Convert to existing PDF - c:\program files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html

IE: Download with x-ipod-magic-platinum - c:\program files\Xilisoft\iPod Magic Platinum\upod_link.HTM

IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000

IE: Open with &ZipScan - c:\progra~1\ZIPSCA~1\zs_ie.htm

Trusted Zone: flyboyzclan.com

Trusted Zone: xdrive.com\plus

Trusted Zone: xdrive.com\www

TCP: DhcpNameServer = 192.168.1.254 192.168.1.254

DPF: {C9386579-3C0F-4713-82C6-5BA8088C7C8D} - hxxps://secure.shared.live.com/Pa6vGqB728AxD-ckvrPc0A/etc/Microsoft.Live.Folders.RichUpload.cab

FF - ProfilePath - c:\documents and settings\Christian\Application Data\Mozilla\Firefox\Profiles\x5v8pyxz.default\

FF - prefs.js: browser.startup.homepage - hxxp://www.google.ca/

FF - prefs.js: network.proxy.type - 4

FF - user.js: extensions.BabylonToolbar_i.babTrack - affID=101641

FF - user.js: extensions.BabylonToolbar_i.babExt -

FF - user.js: extensions.BabylonToolbar_i.srcExt - ss

FF - user.js: extensions.BabylonToolbar_i.id - c4ee01f20000000000000015f2889cb1

FF - user.js: extensions.BabylonToolbar_i.hardId - c4ee01f20000000000000015f2889cb1

FF - user.js: extensions.BabylonToolbar_i.instlDay - 15351

FF - user.js: extensions.BabylonToolbar_i.vrsn - 1.5.3.17

FF - user.js: extensions.BabylonToolbar_i.vrsni - 1.5.3.17

FF - user.js: extensions.BabylonToolbar_i.vrsnTs - 1.5.3.170:05

FF - user.js: extensions.BabylonToolbar_i.prtnrId - babylon

FF - user.js: extensions.BabylonToolbar_i.prdct - BabylonToolbar

FF - user.js: extensions.BabylonToolbar_i.aflt - babsst

FF - user.js: extensions.BabylonToolbar_i.smplGrp - none

FF - user.js: extensions.BabylonToolbar_i.tlbrId - base

FF - user.js: extensions.BabylonToolbar_i.instlRef - sst

.

.

**************************************************************************

.

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net

Rootkit scan 2012-03-17 21:08

Windows 5.1.2600 Service Pack 3 NTFS

.

scanning hidden processes ...

.

scanning hidden autostart entries ...

.

scanning hidden files ...

.

scan completed successfully

hidden files: 0

.

**************************************************************************

.

--------------------- DLLs Loaded Under Running Processes ---------------------

.

- - - - - - - > 'winlogon.exe'(800)

c:\program files\SUPERAntiSpyware\SASWINLO.DLL

c:\windows\system32\WININET.dll

.

Completion time: 2012-03-17 21:11:56

ComboFix-quarantined-files.txt 2012-03-18 04:11

ComboFix2.txt 2012-03-18 02:34

.

Pre-Run: 36,019,945,472 bytes free

Post-Run: 36,007,710,720 bytes free

.

WindowsXP-KB310994-SP2-Home-BootDisk-ENU.exe

[boot loader]

timeout=2

default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS

[operating systems]

c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons

UnsupportedDebug="do not select this" /debug

multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Home Edition" /noexecute=optin /fastdetect

.

- - End Of File - - 19801D21D49B519126556D8E4AE72DFA

Thanks a lot for your help, I think I've taken out some of the virus already but as im typing explorer.exe is not running...

Chris

Link to post
Share on other sites

Hello chris478,

If you want guided help, then stop running any tools on your own & follow my guidance. You took a big risk in running Combofix on your own.

It may have resulted in turning your system non-functional.

Do as much as you can of my list below. Do NOT do any changes (adds, removes, or anything else) without checking first with me.

Step 1

1. Go >> Here << and download ERUNT

(ERUNT (Emergency Recovery Utility NT) is a free program that allows you to keep a complete backup of your registry and restore it when needed.)

2. Install ERUNT by following the prompts

(use the default install settings but say no to the portion that asks you to add ERUNT to the start-up folder, if you like you can enable this option later)

3. Start ERUNT

(either by double clicking on the desktop icon or choosing to start the program at the end of the setup)

4. Choose a location for the backup

(the default location is C:\WINDOWS\ERDNT which is acceptable).

5. Make sure that at least the first two check boxes are ticked

6. Press OK

7. Press YES to create the folder.

Step 2

Set Windows to show all files and all folders.

On your Desktop, double click My Computer, from the menu options, select tools, then Folder Options, and then select VIEW Tab and look at all of settings listed.

"CHECK" (turn on) Display the contents of system folders.

Under column, Hidden files and folders----choose ( *select* ) Show hidden files and folders.

Next, un-check Hide extensions for known file types.

Next un-check Hide protected operating system files.

Step 3

Download Random's System Information Tool (RSIT) by random/random from here and save it to your desktop.

  • Double click on RSIT.exe to run RSIT.
  • Click Continue at the disclaimer screen.
  • Once it has finished, two logs will open. Please post the contents of both log.txt (<<will be maximized) and info.txt (<<will be minimized)

Step 4

Download Security Check by screen317 and save it to your Desktop: here or here

  • Run Security Check
  • Follow the onscreen instructions inside of the command window.
  • A Notepad document should open automatically called checkup.txt; close Notepad. We will need this log, too, so remember where you've saved it!

Step 5
Close all open browsers at this point.
Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools
For directions on how, see How To Temporarily Disable Your Anti-virus, Firewall And Anti-malware Programs
Do NOT turn off the firewall
Start Internet Explorer
Using Internet Explorer browser only, go to BitDefender Quickscan website:
http://quickscan.bitdefender.com
and click "Start Scan".
Observe your browser in case it shows a notice/message bar to allow download and installation of a tool.
Allow the download and install of qsax.cab from BitDefender. Right-click the IE info bar and select Install to install the BitDefender quick scan module.
If prompted, reply yes to allow it to run.
Press the Allow button and follow prompts.
Press the "Start Scan" once more.
You'll see the EULA in a pop-up window. Click the I accept & then the OK button
Note: The FAQ is here --> http://quickscan.bitdefender.com/faq/
and that QuickScan has no removal capability.
The site boasts a 60-second scan. Do have patience as it likely will take longer.
It may seem to stall at moments, but have patience; it will move on.
You'll see a progress bar at top right of window.
Hopefully you will see a No infections found in the bar-winddow. Press the View Log button.
The log report will show in your text editor. Save the log.
Do a Select ALL, Copy. Then paste contents into your next reply.
Step 6
  • Download & SAVE to your Desktop >> Tigzy's RogueKillerfrom here << or
    >> from here <<
  • Quit all programs that you may have started.
  • For Vista or Windows 7, do a right-click on the program, select Run as Administrator to start, & when prompted Allow to run.
    For Windows XP, double-click to start.
  • Wait until Prescan has finished ...
  • Click on Scan.
  • Click on Report and copy/paste the content of the notepad into your next reply.

Step 7

RE-Enable your antivirus program.

Copy & Paste contents of Log.txt & Info.txt & Checkup.txt & log from Bitdefender & RogueKiller log.

Use separate replies as needed if logs do not fit into one reply box.

Link to post
Share on other sites

Thanks a lot Maurice! Here are the logs. Tigzy scanner found one hkey, and online bitdefender found no problems. I'll break up the log reports in separate posts.

Log.txt

Logfile of random's system information tool 1.09 (written by random/random)

Run by ffffffff at 2012-03-18 12:52:13

Microsoft Windows XP Home Edition Service Pack 3

System drive C: has 36 GB (24%) free of 153 GB

Total RAM: 3071 MB (81% free)

Logfile of Trend Micro HijackThis v2.0.4

Scan saved at 12:53:00 PM, on 3/18/2012

Platform: Windows XP SP3 (WinNT 5.01.2600)

MSIE: Internet Explorer v8.00 (8.00.6001.18702)

Boot mode: Normal

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\Program Files\Ahead\InCD\InCDsrv.exe

C:\Program Files\AVAST Software\Avast\AvastSvc.exe

C:\WINDOWS\system32\spoolsv.exe

C:\WINDOWS\Explorer.EXE

C:\Program Files\SUPERAntiSpyware\SASCORE.EXE

C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe

C:\Program Files\Bonjour\mDNSResponder.exe

C:\Program Files\Java\jre6\bin\jqs.exe

C:\Program Files\Common Files\Motive\McciCMService.exe

C:\WINDOWS\system32\NLSSRV32.EXE

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\SOUNDMAN.EXE

C:\Program Files\Ahead\InCD\InCD.exe

C:\Program Files\Common Files\Java\Java Update\jusched.exe

C:\Program Files\iTunes\iTunesHelper.exe

C:\Program Files\HP\HP Software Update\HPWuSchd2.exe

C:\Program Files\iPod\bin\iPodService.exe

C:\WINDOWS\system32\taskmgr.exe

C:\Program Files\Adobe\Acrobat 7.0\Distillr\Acrotray.exe

C:\Program Files\AVAST Software\Avast\avastUI.exe

C:\WINDOWS\system32\ctfmon.exe

C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe

C:\Program Files\Mozilla Firefox\firefox.exe

C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe

C:\Program Files\Common Files\Java\Java Update\jucheck.exe

C:\Program Files\Mozilla Firefox\plugin-container.exe

C:\Program Files\The KMPlayer\KMPlayer.exe

C:\Documents and Settings\ffffffff\Desktop\RSIT.exe

C:\Program Files\trend micro\ffffffff.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.ca/

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157

R3 - URLSearchHook: (no name) - {472734EA-242A-422b-ADF8-83D1E48CC825} - (no file)

O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (file missing)

O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll

O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file)

O2 - BHO: NCO 2.0 IE BHO - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - (no file)

O2 - BHO: Symantec Intrusion Prevention - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - (no file)

O2 - BHO: avast! WebRep - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll

O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

O2 - BHO: Adobe PDF Conversion Toolbar Helper - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll

O2 - BHO: URLRedirectionBHO - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\PROGRA~1\MICROS~2\Office14\URLREDIR.DLL

O2 - BHO: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll

O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll

O3 - Toolbar: (no name) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - (no file)

O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll

O3 - Toolbar: avast! WebRep - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll

O4 - HKLM\..\Run: [soundMan] SOUNDMAN.EXE

O4 - HKLM\..\Run: [inCD] C:\Program Files\Ahead\InCD\InCD.exe

O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"

O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"

O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime

O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Program Files\Common Files\Java\Java Update\jusched.exe"

O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"

O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe

O4 - HKLM\..\Run: [HitmanPro35] "C:\Program Files\Hitman Pro 3.5\HitmanPro35[1].exe" /scan:boot

O4 - HKLM\..\Run: [APSDaemon] "C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe"

O4 - HKLM\..\Run: [Acrobat Assistant 7.0] "C:\Program Files\Adobe\Acrobat 7.0\Distillr\Acrotray.exe"

O4 - HKLM\..\Run: [avast] "C:\Program Files\AVAST Software\Avast\avastUI.exe" /nogui

O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe

O4 - HKCU\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime

O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background

O4 - HKUS\S-1-5-18\..\Run: [DWQueuedReporting] "C:\PROGRA~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" -t (User 'SYSTEM')

O4 - HKUS\.DEFAULT\..\Run: [DWQueuedReporting] "C:\PROGRA~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" -t (User 'Default user')

O4 - Global Startup: Adobe Acrobat Speed Launcher.lnk = ?

O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe

O4 - Global Startup: Windows Search.lnk = C:\Program Files\Windows Desktop Search\WindowsSearch.exe

O8 - Extra context menu item: Convert link target to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html

O8 - Extra context menu item: Convert link target to existing PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html

O8 - Extra context menu item: Convert selected links to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html

O8 - Extra context menu item: Convert selected links to existing PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html

O8 - Extra context menu item: Convert selection to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html

O8 - Extra context menu item: Convert selection to existing PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html

O8 - Extra context menu item: Convert to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html

O8 - Extra context menu item: Convert to existing PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html

O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000

O9 - Extra button: Blog This - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll

O9 - Extra 'Tools' menuitem: &Blog This in Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll

O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll

O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll

O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL

O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe

O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe

O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe

O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe

O16 - DPF: {2BC66F54-93A8-11D3-BEB6-00105AA9B6AE} (Symantec AntiVirus scanner) - http://security.symantec.com/sscv6/SharedContent/vc/bin/AvSniff.cab

O16 - DPF: {37A273C2-5129-11D5-BF37-00A0CCE8754B} (TTestGenXInstallObject) - http://asp.mathxl.com/wizmodules/testgen/installers/TestGenXInstall.cab

O16 - DPF: {4D7F48C0-CB49-4EA6-97D4-04F4EACC2F3B} (InstallShield Setup Player 2K2) - http://www.xdrive.com/downloads/std_install/setup.exe

O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://gfx1.hotmail.com/mail/w2/resources/MSNPUpld.cab

O16 - DPF: {5ED80217-570B-4DA9-BF44-BE107C0EC166} (Windows Live Safety Center Base Module) - http://cdn.scan.onecare.live.com/resource/download/scanner/wlscbase6662.cab

O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1167444609234

O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility Class) - http://security.symantec.com/sscv6/SharedContent/common/bin/cabsa.cab

O16 - DPF: {67A5F8DC-1A4B-4D66-9F24-A704AD929EEE} (System Requirements Lab) - http://www.systemrequirementslab.com/sysreqlab2.cab

O16 - DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} - http://download.divx.com/player/DivXBrowserPlugin.cab

O16 - DPF: {6A344D34-5231-452A-8A57-D064AC9B7862} (Symantec Download Manager) - https://webdl.symantec.com/activex/symdlmgr.cab

O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1170086687796

O16 - DPF: {917623D1-D8E5-11D2-BE8B-00104B06BDE3} (CamImage Class) - http://towercam.arts.ubc.ca/activex/AxisCamControl.cab

O16 - DPF: {95D88B35-A521-472B-A182-BB1A98356421} (Pearson Installation Assistant 2) - http://asp.mathxl.com/books/_Players/PearsonInstallAsst2.cab

O16 - DPF: {C9386579-3C0F-4713-82C6-5BA8088C7C8D} (Windows Live SkyDrive Upload Tool) - https://secure.shared.live.com/Pa6vGqB728AxD-ckvrPc0A/etc/Microsoft.Live.Folders.RichUpload.cab

O16 - DPF: {D1E7CBDA-E60E-4970-A01C-37301EF7BF98} - http://service.intelcapabilitiesforum.net/global/FMSI.cab

O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab

O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab

O16 - DPF: {EEC9DBCC-04AD-4A1B-BEA7-C6DAD9515D5A} (Pearson MyEconLab Player Control) - http://asp.mathxl.com/books/_Players/EconPlayer.cab

O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.DLL

O22 - SharedTaskScheduler: Browseui preloader - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\system32\browseui.dll

O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\system32\browseui.dll

O23 - Service: SAS Core Service (!SASCORE) - SUPERAntiSpyware.com - C:\Program Files\SUPERAntiSpyware\SASCORE.EXE

O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe

O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe

O23 - Service: avast! Antivirus - AVAST Software - C:\Program Files\AVAST Software\Avast\AvastSvc.exe

O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe

O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe

O23 - Service: InCD Helper (InCDsrv) - Nero AG - C:\Program Files\Ahead\InCD\InCDsrv.exe

O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe

O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe

O23 - Service: McciCMService - Motive Communications, Inc. - C:\Program Files\Common Files\Motive\McciCMService.exe

O23 - Service: Microsoft Antimalware Service (MsMpSvc) - Unknown owner - c:\Program Files\Microsoft Security Essentials\MsMpEng.exe (file missing)

O23 - Service: NLS Service (nlsX86cc) - Nalpeiron Ltd. - C:\WINDOWS\system32\NLSSRV32.EXE

O23 - Service: NMSAccess - Unknown owner - C:\Program Files\Blaze Media Pro\NMSAccess32.exe (file missing)

O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe

O23 - Service: Symantec Core LC - Unknown owner - C:\PROGRA~1\COMMON~1\SYMANT~1\CCPD-LC\symlcsvc.exe

--

End of file - 13155 bytes

======Scheduled tasks folder======

C:\WINDOWS\tasks\User_Feed_Synchronization-{3D21ED30-8301-4C6F-8979-CA64B5D7EF82}.job

=========Mozilla firefox=========

ProfilePath - C:\Documents and Settings\ffffffff\Application Data\Mozilla\Firefox\Profiles\y31x9w8y.default

prefs.js - "browser.startup.homepage" - "http://www.google.ca/"

prefs.js - "extensions.enabledItems" - "{CAFEEFAC-0016-0000-0012-ABCDEFFEDCBA}:6.0.12, {CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA}:6.0.13, {CAFEEFAC-0016-0000-0015-ABCDEFFEDCBA}:6.0.15, {CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA}:6.0.17, {20a82645-c095-46ed-80e3-08825760534b}:1.2.1, {96FEE677-8B8A-4720-8E4A-D887ADB2CE1C}:1.9.1, {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}:6.0.21, jqs@sun.com:1.0, {972ce4c6-7e08-4474-a285-3208198ce6fd}:3.6.13"

"{20a82645-c095-46ed-80e3-08825760534b}"=c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\

"jqs@sun.com"=C:\Program Files\Java\jre6\lib\deploy\jqs\ff

"wrc@avast.com"=C:\Program Files\AVAST Software\Avast\WebRep\FF

[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@adobe.com/FlashPlayer]

"Description"=Adobe® Flash® Player 10.1 Plugin

"Path"=C:\WINDOWS\system32\Macromed\Flash\NPSWF32.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@Apple.com/iTunes,version=]

"Description"=iTunes Detector Plug-in

"Path"=

[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@Apple.com/iTunes,version=1.0]

"Description"=

"Path"=C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@java.com/JavaPlugin]

"Description"=Oracle® Next Generation Java™ Plug-In

"Path"=C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0]

"Description"=Ag Player Plugin

"Path"=c:\Program Files\Microsoft Silverlight\4.1.10111.0\npctrl.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0]

"Description"=Office Authorization plug-in for NPAPI browsers

"Path"=C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL

[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@microsoft.com/SharePoint,version=14.0]

"Description"=Microsoft SharePoint Plug-in for Firefox

"Path"=C:\PROGRA~1\MICROS~2\Office14\NPSPWRAP.DLL

[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@microsoft.com/WLPG,version=14.0.8117.0416]

"Description"=WLPG Install MIME type

"Path"=C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@microsoft.com/WPF,version=3.5]

"Description"=Windows Presentation Foundation plug-in for Mozilla browsers

"Path"=c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\Adobe Reader]

"Description"=Handles PDFs in-place in Firefox

"Path"=C:\Program Files\Adobe\Reader 9.0\Reader\AIR\nppdf32.dll

C:\Program Files\Mozilla Firefox\extensions\

{972ce4c6-7e08-4474-a285-3208198ce6fd}

C:\Program Files\Mozilla Firefox\components\

binary.manifest

browsercomps.dll

nsIQTScriptablePlugin.xpt

C:\Program Files\Mozilla Firefox\plugins\

npdeployJava1.dll

NPOFF12.DLL

nppdf32.dll

npqtplugin.dll

npqtplugin2.dll

npqtplugin3.dll

npqtplugin4.dll

npqtplugin5.dll

npqtplugin6.dll

npqtplugin7.dll

QuickTimePlugin.class

C:\Program Files\Mozilla Firefox\searchplugins\

amazondotcom.xml

answers.xml

avg_igeared.xml

bing.xml

creativecommons.xml

eBay.xml

google.xml

twitter.xml

wikipedia.xml

yahoo.xml

C:\Documents and Settings\ffffffff\Application Data\Mozilla\Firefox\Profiles\y31x9w8y.default\extensions\

{20a82645-c095-46ed-80e3-08825760534b}

======Registry dump======

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}]

Adobe PDF Reader Link Helper - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll []

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{18DF081C-E8AD-4283-A596-FA578C2EBDC3}]

Adobe PDF Link Helper - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll [2012-01-03 75200]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{5C255C8A-E604-49b4-9D64-90988571CECB}]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{602ADB0E-4AFF-4217-8AA1-95DAC4DFA408}]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{6D53EC84-6AAE-4787-AEEE-F4628F01010C}]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{8E5E2654-AD2D-48bf-AC2D-D17F00898D06}]

avast! WebRep - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll [2012-03-06 1003704]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{9030D464-4C02-4ABF-8ECC-5164760863C6}]

Windows Live Sign-in Helper - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2009-02-17 408440]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AE7CD045-E861-484f-8273-0445EE161910}]

Adobe PDF Conversion Toolbar Helper - C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll [2006-12-18 231160]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{B4F3A835-0E21-4959-BA22-42B3008E02FF}]

Office Document Cache Handler - C:\PROGRA~1\MICROS~2\Office14\URLREDIR.DLL [2010-12-21 561552]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}]

Java Plug-In 2 SSV Helper - C:\Program Files\Java\jre6\bin\jp2ssv.dll [2010-10-01 41760]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{E7E6F031-17CE-4C07-BC86-EABFE594F69C}]

JQSIEStartDetectorImpl Class - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll [2010-10-01 79648]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]

{7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA}

{47833539-D0C5-4125-9FA8-0819E2EAAC93} - Adobe PDF - C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll [2006-12-18 231160]

{8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - avast! WebRep - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll [2012-03-06 1003704]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]

"SoundMan"=C:\WINDOWS\SOUNDMAN.EXE [2004-06-18 67584]

"InCD"=C:\Program Files\Ahead\InCD\InCD.exe [2005-07-08 1397760]

"Adobe Reader Speed Launcher"=C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe [2012-01-03 37296]

"Adobe ARM"=C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2012-01-02 843712]

"QuickTime Task"=C:\Program Files\QuickTime\qttask.exe [2010-08-10 421888]

"SunJavaUpdateSched"=C:\Program Files\Common Files\Java\Java Update\jusched.exe [2010-05-14 248552]

"iTunesHelper"=C:\Program Files\iTunes\iTunesHelper.exe [2011-12-08 421736]

"HP Software Update"=C:\Program Files\HP\HP Software Update\HPWuSchd2.exe [2011-05-10 49208]

"HitmanPro35"=C:\Program Files\Hitman Pro 3.5\HitmanPro35[1].exe [2012-03-18 7149168]

"APSDaemon"=C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe [2011-11-02 59240]

"Acrobat Assistant 7.0"=C:\Program Files\Adobe\Acrobat 7.0\Distillr\Acrotray.exe [2008-04-23 483328]

"avast"=C:\Program Files\AVAST Software\Avast\avastUI.exe [2012-03-06 4241512]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]

"ctfmon.exe"=C:\WINDOWS\system32\ctfmon.exe [2008-04-13 15360]

"QuickTime Task"=C:\Program Files\QuickTime\qttask.exe [2010-08-10 421888]

"msnmsgr"=C:\Program Files\Windows Live\Messenger\msnmsgr.exe [2010-04-16 3872080]

C:\Documents and Settings\All Users\Start Menu\Programs\Startup

Adobe Acrobat Speed Launcher.lnk - C:\WINDOWS\Installer\{AC76BA86-1033-0000-7760-000000000002}\SC_Acrobat.exe

HP Digital Imaging Monitor.lnk - C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe

Windows Search.lnk - C:\Program Files\Windows Desktop Search\WindowsSearch.exe

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\!SASWinLogon]

C:\Program Files\SUPERAntiSpyware\SASWINLO.DLL [2011-05-04 551296]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\WgaLogon]

C:\WINDOWS\system32\WgaLogon.dll [2007-02-15 236928]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]

WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll [2006-10-18 133632]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]

"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"=C:\Program Files\SUPERAntiSpyware\SASSEH.DLL [2011-07-18 113024]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\!SASCORE]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\!SASCORE]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\hitmanpro35]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\hitmanpro35.sys]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\HitmanPro35Crusader]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\hitmanpro36]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\hitmanpro36.sys]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\MsMpSvc]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]

"dontdisplaylastusername"=0

"legalnoticecaption"=

"legalnoticetext"=

"shutdownwithoutlogon"=1

"undockwithoutlogon"=1

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]

"NoDriveTypeAutoRun"=145

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]

"HonorAutoRunSetting"=1

"NoResolveSearch"=1

"NoDriveAutoRun"=67108863

"NoDriveTypeAutoRun"=323

"NoDrives"=0

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]

"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"

"C:\Program Files\Messenger\msmsgs.exe"="C:\Program Files\Messenger\msmsgs.exe:*:Enabled:Windows Messenger"

"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"

"C:\Program Files\AvRack\rtlrack.exe"="C:\Program Files\AvRack\rtlrack.exe:*:Enabled:AvRack"

"C:\Program Files\Mozilla Firefox\firefox.exe"="C:\Program Files\Mozilla Firefox\firefox.exe:*:Enabled:Firefox"

"C:\Program Files\uTorrent\uTorrent.exe"="C:\Program Files\uTorrent\uTorrent.exe:*:Enabled:µTorrent"

"C:\Program Files\Java\jre6\bin\java.exe"="C:\Program Files\Java\jre6\bin\java.exe:*:Enabled:Java Platform SE binary"

"C:\Program Files\VideoLAN\VLC\vlc.exe"="C:\Program Files\VideoLAN\VLC\vlc.exe:*:Enabled:VLC media player"

"C:\Program Files\Windows Live\Messenger\msnmsgr.exe"="C:\Program Files\Windows Live\Messenger\msnmsgr.exe:*:Enabled:Windows Live Messenger"

"C:\Program Files\Windows Live\Sync\WindowsLiveSync.exe"="C:\Program Files\Windows Live\Sync\WindowsLiveSync.exe:*:Enabled:Windows Live Sync"

"C:\Program Files\VirtualDJ\virtualdj.exe"="C:\Program Files\VirtualDJ\virtualdj.exe:*:Enabled:VirtualDJ"

"C:\Program Files\Microsoft Office\Office12\ONENOTE.EXE"="C:\Program Files\Microsoft Office\Office12\ONENOTE.EXE:*:Enabled:Microsoft Office OneNote"

"C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe"="C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe:*:Enabled:hpqtra08.exe"

"C:\Program Files\HP\Digital Imaging\bin\hpqste08.exe"="C:\Program Files\HP\Digital Imaging\bin\hpqste08.exe:*:Enabled:hpqste08.exe"

"C:\Program Files\HP\Digital Imaging\bin\hpofxm08.exe"="C:\Program Files\HP\Digital Imaging\bin\hpofxm08.exe:*:Enabled:hpofxm08.exe"

"C:\Program Files\HP\Digital Imaging\bin\hposfx08.exe"="C:\Program Files\HP\Digital Imaging\bin\hposfx08.exe:*:Enabled:hposfx08.exe"

"C:\Program Files\HP\Digital Imaging\bin\hposid01.exe"="C:\Program Files\HP\Digital Imaging\bin\hposid01.exe:*:Enabled:hposid01.exe"

"C:\Program Files\HP\Digital Imaging\bin\hpqscnvw.exe"="C:\Program Files\HP\Digital Imaging\bin\hpqscnvw.exe:*:Enabled:hpqscnvw.exe"

"C:\Program Files\HP\Digital Imaging\bin\hpqkygrp.exe"="C:\Program Files\HP\Digital Imaging\bin\hpqkygrp.exe:*:Enabled:hpqkygrp.exe"

"C:\Program Files\HP\Digital Imaging\bin\hpqCopy.exe"="C:\Program Files\HP\Digital Imaging\bin\hpqCopy.exe:*:Enabled:hpqcopy.exe"

"C:\Program Files\HP\Digital Imaging\bin\hpfccopy.exe"="C:\Program Files\HP\Digital Imaging\bin\hpfccopy.exe:*:Enabled:hpfccopy.exe"

"C:\Program Files\HP\Digital Imaging\bin\hpzwiz01.exe"="C:\Program Files\HP\Digital Imaging\bin\hpzwiz01.exe:*:Enabled:hpzwiz01.exe"

"C:\Program Files\HP\Digital Imaging\Unload\HpqPhUnl.exe"="C:\Program Files\HP\Digital Imaging\Unload\HpqPhUnl.exe:*:Enabled:hpqphunl.exe"

"C:\Program Files\HP\Digital Imaging\Unload\HpqDIA.exe"="C:\Program Files\HP\Digital Imaging\Unload\HpqDIA.exe:*:Enabled:hpqdia.exe"

"C:\Program Files\HP\Digital Imaging\bin\hpoews01.exe"="C:\Program Files\HP\Digital Imaging\bin\hpoews01.exe:*:Enabled:hpoews01.exe"

"C:\Program Files\HP\Digital Imaging\bin\hpqnrs08.exe"="C:\Program Files\HP\Digital Imaging\bin\hpqnrs08.exe:*:Enabled:hpqnrs08.exe"

"C:\Program Files\Common Files\Apple\Apple Application Support\WebKit2WebProcess.exe"="C:\Program Files\Common Files\Apple\Apple Application Support\WebKit2WebProcess.exe:*:Enabled:WebKit"

"C:\Program Files\Bonjour\mDNSResponder.exe"="C:\Program Files\Bonjour\mDNSResponder.exe:*:Enabled:Bonjour Service"

"C:\Program Files\iTunes\iTunes.exe"="C:\Program Files\iTunes\iTunes.exe:*:Enabled:iTunes"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]

"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"

"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"

"C:\Program Files\Windows Live\Messenger\msnmsgr.exe"="C:\Program Files\Windows Live\Messenger\msnmsgr.exe:*:Enabled:Windows Live Messenger"

"C:\Program Files\Windows Live\Sync\WindowsLiveSync.exe"="C:\Program Files\Windows Live\Sync\WindowsLiveSync.exe:*:Enabled:Windows Live Sync"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Drivers32]

"midimapper"=midimap.dll

"msacm.imaadpcm"=imaadp32.acm

"msacm.msadpcm"=msadp32.acm

"msacm.msg711"=msg711.acm

"msacm.msgsm610"=msgsm32.acm

"msacm.trspch"=tssoft32.acm

"vidc.cvid"=iccvid.dll

"vidc.I420"=msh263.drv

"vidc.iv31"=ir32_32.dll

"vidc.iv32"=ir32_32.dll

"vidc.iv41"=ir41_32.ax

"vidc.iyuv"=iyuv_32.dll

"vidc.mrle"=msrle32.dll

"vidc.msvc"=msvidc32.dll

"vidc.uyvy"=msyuv.dll

"vidc.yuy2"=msyuv.dll

"vidc.yvu9"=tsbyuv.dll

"vidc.yvyu"=msyuv.dll

"wavemapper"=msacm32.drv

"midi"=wdmaud.drv

"msacm.msg723"=msg723.acm

"vidc.M263"=msh263.drv

"vidc.M261"=msh261.drv

"msacm.msaudio1"=msaud32.acm

"msacm.sl_anet"=sl_anet.acm

"msacm.iac2"=C:\WINDOWS\system32\iac25_32.ax

"vidc.iv50"=ir50_32.dll

"msacm.l3acm"=C:\WINDOWS\system32\l3codeca.acm

"midi1"=wdmaud.drv

"msacm.siren"=sirenacm.dll

"msacm.voxacm160"=vct3216.acm

"msacm.scg726"=scg726.acm

"msacm.alf2cd"=alf2cd.acm

"msacm.ac3acm"=AC3ACM.acm

"vidc.dvsd"=mcdvd_32.dll

"vidc.DIVX"=DivX.dll

"vidc.mpg4"=mpg4c32.dll

"vidc.mp42"=mpg4c32.dll

"vidc.mp43"=mpg4c32.dll

"mixer"=DrvTrNTm.dll

"mixer1"=wdmaud.drv

"wave"=DrvTrNTm.dll

"wave1"=wdmaud.drv

"wave2"=wdmaud.drv

"mixer2"=wdmaud.drv

======List of files/folders created in the last 1 month======

2012-03-18 12:52:14 ----D---- C:\Program Files\trend micro

2012-03-18 12:52:13 ----D---- C:\rsit

2012-03-18 12:48:52 ----D---- C:\Program Files\ERUNT

2012-03-18 11:54:41 ----D---- C:\Documents and Settings\All Users\Application Data\HitmanPro

2012-03-18 11:36:08 ----ASH---- C:\hiberfil.sys

2012-03-18 00:05:31 ----SHD---- C:\RECYCLER

2012-03-17 21:11:57 ----A---- C:\ComboFix.txt

2012-03-17 21:00:01 ----A---- C:\Boot.bak

2012-03-17 20:59:57 ----RASHD---- C:\cmdcons

2012-03-17 20:52:02 ----D---- C:\ComboFix

2012-03-17 19:53:45 ----A---- C:\WINDOWS\system32\drivers\aswSP.sys

2012-03-17 19:53:45 ----A---- C:\WINDOWS\system32\drivers\aswFsBlk.sys

2012-03-17 19:53:44 ----A---- C:\WINDOWS\system32\drivers\aswTdi.sys

2012-03-17 19:53:44 ----A---- C:\WINDOWS\system32\drivers\aswRdr.sys

2012-03-17 19:53:43 ----A---- C:\WINDOWS\system32\drivers\aswSnx.sys

2012-03-17 19:53:43 ----A---- C:\WINDOWS\system32\drivers\aswmon2.sys

2012-03-17 19:53:43 ----A---- C:\WINDOWS\system32\drivers\aswmon.sys

2012-03-17 19:53:43 ----A---- C:\WINDOWS\system32\drivers\aavmker4.sys

2012-03-17 19:53:00 ----A---- C:\WINDOWS\avastSS.scr

2012-03-17 19:52:58 ----A---- C:\WINDOWS\system32\aswBoot.exe

2012-03-17 19:52:39 ----D---- C:\Program Files\AVAST Software

2012-03-17 19:52:39 ----D---- C:\Documents and Settings\All Users\Application Data\AVAST Software

2012-03-17 19:02:48 ----D---- C:\WINDOWS\temp

2012-03-17 18:51:19 ----A---- C:\WINDOWS\zip.exe

2012-03-17 18:51:19 ----A---- C:\WINDOWS\SWXCACLS.exe

2012-03-17 18:51:19 ----A---- C:\WINDOWS\SWSC.exe

2012-03-17 18:51:19 ----A---- C:\WINDOWS\SWREG.exe

2012-03-17 18:51:19 ----A---- C:\WINDOWS\sed.exe

2012-03-17 18:51:19 ----A---- C:\WINDOWS\PEV.exe

2012-03-17 18:51:19 ----A---- C:\WINDOWS\NIRCMD.exe

2012-03-17 18:51:19 ----A---- C:\WINDOWS\MBR.exe

2012-03-17 18:51:19 ----A---- C:\WINDOWS\grep.exe

2012-03-17 18:51:13 ----D---- C:\WINDOWS\ERDNT

2012-03-17 18:12:47 ----D---- C:\Qoobox

2012-03-17 17:44:04 ----D---- C:\Program Files\SUPERAntiSpyware

2012-03-17 17:44:04 ----D---- C:\Documents and Settings\All Users\Application Data\SUPERAntiSpyware.com

2012-03-17 17:00:45 ----A---- C:\WINDOWS\imsins.BAK

2012-03-17 16:05:58 ----D---- C:\Program Files\TuneUpMedia

2012-03-17 16:05:58 ----D---- C:\Documents and Settings\All Users\Application Data\TuneUpMedia

2012-03-17 16:04:05 ----D---- C:\Program Files\YouTube Downloader

2012-03-17 16:04:05 ----D---- C:\Program Files\hkSFV

2012-03-17 16:04:05 ----D---- C:\Program Files\Grisoft

2012-03-17 16:04:05 ----D---- C:\Program Files\Google

2012-03-17 16:04:05 ----D---- C:\Program Files\Free mp3 Wma Converter

2012-03-17 16:04:05 ----D---- C:\Program Files\DivX

2012-03-17 16:04:05 ----D---- C:\Program Files\DFG

2012-03-17 16:04:05 ----D---- C:\Program Files\ComPlus Applications

2012-03-17 16:04:04 ----D---- C:\Program Files\WindSolutions

2012-03-17 16:04:04 ----D---- C:\Program Files\PCPitstop

2012-03-17 16:04:04 ----D---- C:\Program Files\OpenOffice.org 3

2012-03-17 16:04:04 ----D---- C:\Program Files\Online Services

2012-03-17 16:04:04 ----D---- C:\Program Files\Nitro PDF

2012-03-17 16:04:04 ----D---- C:\Program Files\NCH Software

2012-03-17 16:04:04 ----D---- C:\Program Files\BearFlix

2012-03-17 16:04:02 ----D---- C:\Program Files\Microsoft Games

2012-03-17 16:04:02 ----D---- C:\Program Files\Hitman Pro 3.5

2012-03-17 16:03:34 ----D---- C:\Documents and Settings\All Users\Application Data\Babylon

2012-03-17 13:53:46 ----A---- C:\WINDOWS\ntbtlog.txt

2012-03-13 22:41:22 ----HDC---- C:\WINDOWS\$NtUninstallKB2641653$

2012-03-13 22:38:15 ----HDC---- C:\WINDOWS\$NtUninstallKB2621440$

2012-03-13 22:38:01 ----HDC---- C:\WINDOWS\$NtUninstallKB2647518$

2012-03-13 22:27:07 ----D---- C:\Program Files\TuneUpMedia(2)

2012-03-13 22:26:44 ----D---- C:\Documents and Settings\All Users\Application Data\TuneUpMedia(2)

======List of files/folders modified in the last 1 month======

2012-03-18 12:52:14 ----D---- C:\Program Files

2012-03-18 12:18:34 ----D---- C:\Program Files\Mozilla Firefox

2012-03-18 12:03:38 ----D---- C:\Documents and Settings\ffffffff\Application Data\vlc

2012-03-18 11:55:22 ----D---- C:\WINDOWS\system32\drivers

2012-03-18 11:33:25 ----D---- C:\WINDOWS\system32

2012-03-18 00:43:46 ----D---- C:\WINDOWS\system32\CatRoot2

2012-03-17 21:08:42 ----N---- C:\WINDOWS\system.ini

2012-03-17 21:08:42 ----AD---- C:\WINDOWS

2012-03-17 21:08:35 ----D---- C:\WINDOWS\system32\drivers\etc

2012-03-17 21:06:14 ----D---- C:\WINDOWS\AppPatch

2012-03-17 21:06:12 ----D---- C:\Program Files\Common Files

2012-03-17 21:00:01 ----RASH---- C:\boot.ini

2012-03-17 20:52:33 ----A---- C:\WINDOWS\SchedLgU.Txt

2012-03-17 20:04:08 ----SHD---- C:\WINDOWS\Installer

2012-03-17 20:04:08 ----SD---- C:\WINDOWS\Tasks

2012-03-17 19:53:39 ----D---- C:\Config.Msi

2012-03-17 19:53:38 ----D---- C:\WINDOWS\WinSxS

2012-03-17 19:23:13 ----D---- C:\WINDOWS\Prefetch

2012-03-17 17:32:33 ----N---- C:\WINDOWS\win.ini

2012-03-17 17:26:21 ----D---- C:\WINDOWS\pss

2012-03-17 17:20:04 ----HD---- C:\WINDOWS\inf

2012-03-17 17:16:31 ----RSHDC---- C:\WINDOWS\system32\dllcache

2012-03-17 17:01:33 ----D---- C:\WINDOWS\Debug

2012-03-17 17:01:22 ----A---- C:\WINDOWS\system32\MRT.exe

2012-03-17 16:58:27 ----D---- C:\WINDOWS\system32\CatRoot

2012-03-17 16:58:26 ----D---- C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy

2012-03-17 16:57:01 ----D---- C:\Documents and Settings\All Users\Application Data\Microsoft Help

2012-03-17 16:20:43 ----D---- C:\Program Files\DVDFab Gold

2012-03-17 16:13:26 ----A---- C:\WINDOWS\system32\PerfStringBackup.INI

2012-03-17 16:07:10 ----D---- C:\WINDOWS\system32\config

2012-03-17 16:06:37 ----D---- C:\WINDOWS\system32\wbem

2012-03-17 16:06:37 ----D---- C:\WINDOWS\Registration

2012-03-17 16:06:18 ----D---- C:\Program Files\PKR

2012-03-17 16:03:18 ----D---- C:\WINDOWS\system32\Restore

2012-03-13 22:41:17 ----HD---- C:\WINDOWS\$hf_mig$

2012-03-11 22:25:05 ----D---- C:\My Downloads

2012-03-07 23:47:54 ----RSD---- C:\WINDOWS\assembly

2012-03-07 23:46:39 ----D---- C:\Program Files\Common Files\Microsoft Shared

2012-02-27 18:17:06 ----D---- C:\Program Files\uTorrent

2012-02-21 00:02:59 ----D---- C:\WINDOWS\ie8updates

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R0 nv_agp;NVIDIA nForce AGP Bus Filter; C:\WINDOWS\system32\DRIVERS\nv_agp.sys [2003-10-28 21120]

R0 nvatabus;nvatabus; C:\WINDOWS\SYSTEM32\DRIVERS\NVATABUS.SYS [2010-08-13 79360]

R0 sptd;sptd; C:\WINDOWS\System32\Drivers\sptd.sys [2011-07-31 436792]

R1 Aavmker4;avast! Asynchronous Virus Monitor; C:\WINDOWS\system32\drivers\Aavmker4.sys [2012-03-06 24920]

R1 AmdPPM;AMD HwPState Processor Driver; C:\WINDOWS\system32\DRIVERS\AmdPPM.sys [2007-04-16 33792]

R1 aslm75;aslm75; \??\C:\WINDOWS\system32\drivers\aslm75.sys []

R1 AswRdr;aswRdr; C:\WINDOWS\system32\drivers\AswRdr.sys [2012-03-06 35672]

R1 aswSnx;aswSnx; C:\WINDOWS\system32\drivers\aswSnx.sys [2012-03-06 612184]

R1 aswSP;aswSP; C:\WINDOWS\system32\drivers\aswSP.sys [2012-03-06 337880]

R1 aswTdi;avast! Network Shield Support; C:\WINDOWS\system32\drivers\aswTdi.sys [2012-03-06 53848]

R1 InCDPass;InCDPass; C:\WINDOWS\System32\DRIVERS\InCDPass.sys [2005-07-08 29696]

R1 incdrm;InCD Reader; C:\WINDOWS\system32\drivers\incdrm.sys [2005-07-08 28672]

R1 MpFilter;Microsoft Malware Protection Driver; C:\WINDOWS\system32\DRIVERS\MpFilter.sys [2010-03-25 151216]

R1 SASDIFSV;SASDIFSV; \??\C:\Program Files\SUPERAntiSpyware\SASDIFSV.SYS []

R1 SASKUTIL;SASKUTIL; \??\C:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS []

R1 SBRE;SBRE; \??\C:\WINDOWS\system32\drivers\SBREdrv.sys []

R1 WS2IFSL;Windows Socket 2.0 Non-IFS Service Provider Support Environment; C:\WINDOWS\System32\drivers\ws2ifsl.sys [2004-08-04 12032]

R2 aswFsBlk;aswFsBlk; C:\WINDOWS\system32\drivers\aswFsBlk.sys [2012-03-06 20696]

R2 aswMon2;avast! Standard Shield Support; C:\WINDOWS\system32\drivers\aswMon2.sys [2012-03-06 95704]

R3 ALCXSENS;Service for WDM 3D Audio Driver; C:\WINDOWS\system32\drivers\ALCXSENS.SYS [2004-02-23 400384]

R3 ALCXWDM;Service for Realtek AC97 Audio (WDM); C:\WINDOWS\system32\drivers\ALCXWDM.SYS [2004-06-21 626204]

R3 GEARAspiWDM;GEAR ASPI Filter Driver; C:\WINDOWS\System32\Drivers\GEARAspiWDM.sys [2009-05-18 26600]

R3 ms_mpu401;Microsoft MPU-401 MIDI UART Driver; C:\WINDOWS\system32\drivers\msmpu401.sys [2001-08-17 2944]

R3 nv;nv; C:\WINDOWS\system32\DRIVERS\nv4_mini.sys [2004-08-03 1897408]

R3 NVENETFD;NVIDIA nForce Networking Controller Driver; C:\WINDOWS\system32\DRIVERS\NVENETFD.sys [2004-07-28 33024]

R3 nvnetbus;NVIDIA Network Bus Enumerator; C:\WINDOWS\system32\DRIVERS\nvnetbus.sys [2004-07-28 12928]

R3 rtl8139;Realtek RTL8139(A/B/C)-based PCI Fast Ethernet Adapter NT Driver; C:\WINDOWS\system32\DRIVERS\RTL8139.SYS [2004-08-03 20992]

R3 TotRec7;Total Recorder WDM audio driver; C:\WINDOWS\system32\drivers\TotRec7.sys [2008-04-17 120472]

R4 InCDfs;InCD File System; C:\WINDOWS\system32\drivers\InCDfs.sys [2005-07-08 99584]

S0 Lbd;Lbd; C:\WINDOWS\system32\DRIVERS\Lbd.sys []

S1 MpKsl36624047;MpKsl36624047; \??\C:\Documents and Settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{55F9E85C-6E15-494E-87E3-8A989BB2D4F7}\MpKsl36624047.sys []

S1 MpKsl6aa231d0;MpKsl6aa231d0; \??\C:\Documents and Settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{55F9E85C-6E15-494E-87E3-8A989BB2D4F7}\MpKsl6aa231d0.sys []

S1 MpKsl75385543;MpKsl75385543; \??\C:\Documents and Settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{55F9E85C-6E15-494E-87E3-8A989BB2D4F7}\MpKsl75385543.sys []

S1 MpKsld5de23f2;MpKsld5de23f2; \??\C:\Documents and Settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{F8728CE0-9AB6-4B9F-A7CB-D2D5574D1F2D}\MpKsld5de23f2.sys []

S3 catchme;catchme; \??\C:\ComboFix\catchme.sys []

S3 cpuz130;cpuz130; \??\C:\DOCUME~1\CHRIST~1\LOCALS~1\Temp\cpuz130\cpuz_x32.sys []

S3 EagleNT;EagleNT; \??\C:\WINDOWS\system32\drivers\EagleNT.sys []

S3 EagleXNt;EagleXNt; \??\C:\WINDOWS\system32\drivers\EagleXNt.sys []

S3 ENTECH;ENTECH; \??\C:\WINDOWS\system32\DRIVERS\ENTECH.sys []

S3 HidUsb;Microsoft HID Class Driver; C:\WINDOWS\system32\DRIVERS\hidusb.sys [2008-04-13 10368]

S3 HPZid412;IEEE-1284.4 Driver HPZid412; C:\WINDOWS\system32\DRIVERS\HPZid412.sys [2005-10-27 49664]

S3 HPZipr12;Print Class Driver for IEEE-1284.4 HPZipr12; C:\WINDOWS\system32\DRIVERS\HPZipr12.sys [2005-10-27 16496]

S3 HPZius12;USB to IEEE-1284.4 Translation Driver HPZius12; C:\WINDOWS\system32\DRIVERS\HPZius12.sys [2005-10-27 21568]

S3 Lavasoft Kernexplorer;Lavasoft helper driver; \??\C:\Program Files\Lavasoft\Ad-Aware\KernExplorer.sys []

S3 mouhid;Mouse HID Driver; C:\WINDOWS\system32\DRIVERS\mouhid.sys [2001-08-17 12160]

S3 MREMP50;MREMP50 NDIS Protocol Driver; \??\C:\PROGRA~1\COMMON~1\Motive\MREMP50.SYS []

S3 MRESP50;MRESP50 NDIS Protocol Driver; \??\C:\PROGRA~1\COMMON~1\Motive\MRESP50.SYS []

S3 NCHSSVAD;SoundTap Recorder (32 Bit); C:\WINDOWS\system32\drivers\nchssvad.sys [2009-12-31 33848]

S3 pcouffin;VSO Software pcouffin; C:\WINDOWS\System32\Drivers\pcouffin.sys [2010-06-04 47360]

S3 StarOpen;StarOpen; C:\WINDOWS\system32\drivers\StarOpen.sys []

S3 TotRec8;Total Recorder WDM audio filter driver; \??\C:\WINDOWS\system32\drivers\TotRec8.sys []

S3 USBAAPL;Apple Mobile USB Driver; C:\WINDOWS\System32\Drivers\usbaapl.sys [2011-08-02 42496]

S3 usbccgp;Microsoft USB Generic Parent Driver; C:\WINDOWS\system32\DRIVERS\usbccgp.sys [2008-04-13 32128]

S3 usbprint;Microsoft USB PRINTER Class; C:\WINDOWS\system32\DRIVERS\usbprint.sys [2008-04-13 25856]

S3 usbscan;USB Scanner Driver; C:\WINDOWS\system32\DRIVERS\usbscan.sys [2008-04-13 15104]

S3 USBSTOR;USB Mass Storage Driver; C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS [2008-04-13 26368]

S3 VClone;VClone; C:\WINDOWS\system32\DRIVERS\VClone.sys [2011-01-15 30208]

S3 WudfPf;Windows Driver Foundation - User-mode Driver Framework Platform Driver; C:\WINDOWS\system32\DRIVERS\WudfPf.sys [2006-09-28 77568]

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R2 !SASCORE;SAS Core Service; C:\Program Files\SUPERAntiSpyware\SASCORE.EXE [2011-08-11 116608]

R2 Apple Mobile Device;Apple Mobile Device; C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe [2011-10-24 55144]

R2 avast! Antivirus;avast! Antivirus; C:\Program Files\AVAST Software\Avast\AvastSvc.exe [2012-03-06 44768]

R2 Bonjour Service;Bonjour Service; C:\Program Files\Bonjour\mDNSResponder.exe [2011-08-31 390504]

R2 InCDsrv;InCD Helper; C:\Program Files\Ahead\InCD\InCDsrv.exe [2005-07-08 871424]

R2 JavaQuickStarterService;Java Quick Starter; C:\Program Files\Java\jre6\bin\jqs.exe [2010-10-01 153376]

R2 McciCMService;McciCMService; C:\Program Files\Common Files\Motive\McciCMService.exe [2007-09-26 303104]

R2 nlsX86cc;NLS Service; C:\WINDOWS\system32\NLSSRV32.EXE [2011-09-24 68928]

R3 iPod Service;iPod Service; C:\Program Files\iPod\bin\iPodService.exe [2011-12-08 821608]

S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86; C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]

S2 MsMpSvc;Microsoft Antimalware Service; c:\Program Files\Microsoft Security Essentials\MsMpEng.exe []

S2 NMSAccess;NMSAccess; C:\Program Files\Blaze Media Pro\NMSAccess32.exe []

S2 Pml Driver HPZ12;Pml Driver HPZ12; C:\WINDOWS\system32\HPZipm12.exe [2007-08-09 73728]

S3 Adobe LM Service;Adobe LM Service; C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe [2011-11-11 69632]

S3 aspnet_state;ASP.NET State Service; C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\aspnet_state.exe [2010-03-18 35160]

S3 clr_optimization_v2.0.50727_32;.NET Runtime Optimization Service v2.0.50727_X86; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe [2008-07-25 69632]

S3 FontCache3.0.0.0;Windows Presentation Foundation Font Cache 3.0.0.0; c:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe [2008-07-29 46104]

S3 IDriverT;InstallDriver Table Manager; C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe [2005-04-04 69632]

S3 odserv;Microsoft Office Diagnostics Service; C:\Program Files\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE [2011-07-20 440696]

S3 ose;Office Source Engine; C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2010-01-09 149352]

S3 osppsvc;Office Software Protection Platform; C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2010-01-09 4640000]

S3 Symantec Core LC;Symantec Core LC; C:\PROGRA~1\COMMON~1\SYMANT~1\CCPD-LC\symlcsvc.exe [2007-12-08 1246088]

S3 WinRM;Windows Remote Management (WS-Management); C:\WINDOWS\system32\svchost.exe [2008-04-13 14336]

S3 WMPNetworkSvc;Windows Media Player Network Sharing Service; C:\Program Files\Windows Media Player\WMPNetwk.exe [2006-10-18 913408]

S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0; C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe [2010-03-18 753504]

S3 WudfSvc;Windows Driver Foundation - User-mode Driver Framework; C:\WINDOWS\system32\svchost.exe [2008-04-13 14336]

S4 idsvc;Windows CardSpace; c:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe [2008-07-29 881664]

S4 NetTcpPortSharing;Net.Tcp Port Sharing Service; C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\SMSvcHost.exe [2010-03-18 124240]

S4 PnkBstrA;PnkBstrA; C:\WINDOWS\system32\PnkBstrA.exe [2007-08-06 66872]

-----------------EOF-----------------

Link to post
Share on other sites

Info.txt File:

info.txt logfile of random's system information tool 1.09 2012-03-18 12:53:04

======Uninstall list======

-->rundll32.exe setupapi.dll,InstallHinfSection DefaultUninstall 132 C:\WINDOWS\INF\PCHealth.inf

µTorrent-->"C:\Program Files\uTorrent\uTorrent.exe" /UNINSTALL

Adobe Acrobat 7.1.0 Professional-->msiexec /I {AC76BA86-1033-0000-7760-000000000002}

Adobe AIR-->c:\Program Files\Common Files\Adobe AIR\Versions\1.0\Resources\Adobe AIR Updater.exe -arp:uninstall

Adobe Flash Player 10 ActiveX-->C:\WINDOWS\system32\Macromed\Flash\FlashUtil10l_ActiveX.exe -maintain activex

Adobe Flash Player 11 Plugin-->C:\WINDOWS\system32\Macromed\Flash\FlashUtil11c_Plugin.exe -maintain plugin

Apple Application Support-->MsiExec.exe /I{343666E2-A059-48AC-AD67-230BF74E2DB2}

Apple Mobile Device Support-->MsiExec.exe /I{8153ED9A-C94A-426E-9880-5E6775C08B62}

Apple Software Update-->MsiExec.exe /I{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}

avast! Free Antivirus-->C:\Program Files\AVAST Software\Avast\aswRunDll.exe "C:\Program Files\AVAST Software\Avast\Setup\setiface.dll" RunSetup

Bonjour-->MsiExec.exe /X{79155F2B-9895-49D7-8612-D92580E0DE5B}

CCleaner-->"C:\Program Files\CCleaner\uninst.exe"

CoreAVC Professional Edition (remove only)-->"C:\Program Files\CoreCodec\CoreAVC Professional Edition\CoreAVC Professional Edition-uninstall.exe"

Critical Update for Windows Media Player 11 (KB959772)-->"C:\WINDOWS\$NtUninstallKB959772_WM11$\spuninst\spuninst.exe"

ERUNT 1.1j-->"C:\Program Files\ERUNT\unins000.exe"

EVEREST Ultimate Edition v5.30-->"C:\Program Files\Lavalys\EVEREST Ultimate Edition\unins000.exe"

Hotfix for Windows Internet Explorer 7 (KB947864)-->"C:\WINDOWS\ie7updates\KB947864-IE7\spuninst\spuninst.exe"

Hotfix for Windows Media Format 11 SDK (KB929399)-->"C:\WINDOWS\$NtUninstallKB929399$\spuninst\spuninst.exe"

Hotfix for Windows Media Player 11 (KB939683)-->"C:\WINDOWS\$NtUninstallKB939683$\spuninst\spuninst.exe"

Hotfix for Windows XP (KB2158563)-->"C:\WINDOWS\$NtUninstallKB2158563$\spuninst\spuninst.exe"

Hotfix for Windows XP (KB2443685)-->"C:\WINDOWS\$NtUninstallKB2443685$\spuninst\spuninst.exe"

Hotfix for Windows XP (KB2570791)-->"C:\WINDOWS\$NtUninstallKB2570791$\spuninst\spuninst.exe"

Hotfix for Windows XP (KB2633952)-->"C:\WINDOWS\$NtUninstallKB2633952$\spuninst\spuninst.exe"

Hotfix for Windows XP (KB915800-v4)-->"C:\WINDOWS\$NtUninstallKB915800-v4$\spuninst\spuninst.exe"

Hotfix for Windows XP (KB952287)-->"C:\WINDOWS\$NtUninstallKB952287$\spuninst\spuninst.exe"

Hotfix for Windows XP (KB954708)-->"C:\WINDOWS\$NtUninstallKB954708$\spuninst\spuninst.exe"

Hotfix for Windows XP (KB961118)-->"C:\WINDOWS\$NtUninstallKB961118$\spuninst\spuninst.exe"

Hotfix for Windows XP (KB970653-v3)-->"C:\WINDOWS\$NtUninstallKB970653-v3$\spuninst\spuninst.exe"

Hotfix for Windows XP (KB976098-v2)-->"C:\WINDOWS\$NtUninstallKB976098-v2$\spuninst\spuninst.exe"

Hotfix for Windows XP (KB979306)-->"C:\WINDOWS\$NtUninstallKB979306$\spuninst\spuninst.exe"

Hotfix for Windows XP (KB981793)-->"C:\WINDOWS\$NtUninstallKB981793$\spuninst\spuninst.exe"

HP Extended Capabilities 6.1-->C:\Program Files\HP\Digital Imaging\ExtCapUninstall\hpzscr01.exe -datfile hpqhsc01.dat

HP Imaging Device Functions 6.1-->C:\Program Files\HP\Digital Imaging\DigitalImagingMonitor\hpzscr01.exe -datfile hpqbud01.dat

HP Solution Center and Imaging Support Tools 6.1-->C:\Program Files\HP\Digital Imaging\eSupport\hpzscr01.exe -datfile hpqbud05.dat

HP Update-->MsiExec.exe /X{2EFA4E4C-7B5F-48F7-A1C0-1AA882B7A9C3}

InCD-->C:\WINDOWS\NuNInst.exe /UNINSTALL

iPod for Windows 2005-09-23-->C:\Program Files\Common Files\InstallShield\Driver\8\Intel 32\IDriver.exe /M{D4936AAF-FFD0-44A1-A7EA-A2DB41CEB5BC} /l1033

Java 6 Update 21-->MsiExec.exe /X{26A24AE4-039D-4CA4-87B4-2F83216021FF}

Junk Mail filter update-->MsiExec.exe /I{8E5233E1-7495-44FB-8DEB-4BE906D59619}

Malwarebytes Anti-Malware version 1.60.1.1000-->"C:\Program Files\Malwarebytes' Anti-Malware\unins000.exe"

Microsoft .NET Framework 1.1 Security Update (KB2656353)-->"C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\Updates\hotfix.exe" "C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\Updates\M2656353\M2656353Uninstall.msp"

Microsoft .NET Framework 1.1 Security Update (KB979906)-->"C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\Updates\hotfix.exe" "C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\Updates\M979906\M979906Uninstall.msp"

Microsoft .NET Framework 1.1-->msiexec.exe /X {CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}

Microsoft .NET Framework 3.5 SP1-->C:\WINDOWS\Microsoft.NET\Framework\v3.5\Microsoft .NET Framework 3.5 SP1\setup.exe

Microsoft .NET Framework 4 Client Profile-->C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\SetupCache\Client\Setup.exe /repair /x86 /parameterfolder Client

Microsoft .NET Framework 4 Client Profile-->MsiExec.exe /X{3C3901C5-3455-3E0A-A214-0B093A5070A6}

Microsoft .NET Framework 4 Extended-->C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\SetupCache\Extended\Setup.exe /repair /x86 /parameterfolder Extended

Microsoft .NET Framework 4 Extended-->MsiExec.exe /X{0A0CADCF-78DA-33C4-A350-CD51849B9702}

Microsoft Base Smart Card Cryptographic Service Provider Package-->"C:\WINDOWS\$NtUninstallbasecsp$\spuninst\spuninst.exe"

Microsoft Compression Client Pack 1.0 for Windows XP-->"C:\WINDOWS\$NtUninstallMSCompPackV1$\spuninst\spuninst.exe"

Microsoft Internationalized Domain Names Mitigation APIs-->"C:\WINDOWS\$NtServicePackUninstallIDNMitigationAPIs$\spuninst\spuninst.exe"

Microsoft National Language Support Downlevel APIs-->"C:\WINDOWS\$NtServicePackUninstallNLSDownlevelMapping$\spuninst\spuninst.exe"

Microsoft Office 2007 Service Pack 3 (SP3)-->msiexec /package {90120000-0016-0409-0000-0000000FF1CE} /uninstall {AAA19365-932B-49BD-8138-BE28CEE9C4B4}

Microsoft Office 2007 Service Pack 3 (SP3)-->msiexec /package {90120000-0018-0409-0000-0000000FF1CE} /uninstall {AAA19365-932B-49BD-8138-BE28CEE9C4B4}

Microsoft Office 2007 Service Pack 3 (SP3)-->msiexec /package {90120000-001B-0409-0000-0000000FF1CE} /uninstall {AAA19365-932B-49BD-8138-BE28CEE9C4B4}

Microsoft Office 2007 Service Pack 3 (SP3)-->msiexec /package {90120000-006E-0409-0000-0000000FF1CE} /uninstall {98333358-268C-4164-B6D4-C96DF5153727}

Microsoft Office 2007 Service Pack 3 (SP3)-->msiexec /package {90120000-00A1-0409-0000-0000000FF1CE} /uninstall {AAA19365-932B-49BD-8138-BE28CEE9C4B4}

Microsoft Office 2007 Service Pack 3 (SP3)-->msiexec /package {90120000-0115-0409-0000-0000000FF1CE} /uninstall {98333358-268C-4164-B6D4-C96DF5153727}

Microsoft Office 2010 Language Pack Service Pack 1 (SP1)-->"C:\Program Files\Common Files\Microsoft Shared\OFFICE14\Oarpmany.exe" /removereleaseinpatch "{90140000-0054-0409-0000-0000000FF1CE}" "{CDC4310F-8189-485F-B47D-D972217CE173}" "1033" "0"

Microsoft Office 2010 Service Pack 1 (SP1)-->"C:\Program Files\Common Files\Microsoft Shared\OFFICE14\Oarpmany.exe" /removereleaseinpatch "{90140000-001F-0409-0000-0000000FF1CE}" "{99ACCA38-6DD3-48A8-96AE-A283C9759279}" "1033" "0"

Microsoft Office 2010 Service Pack 1 (SP1)-->"C:\Program Files\Common Files\Microsoft Shared\OFFICE14\Oarpmany.exe" /removereleaseinpatch "{90140000-001F-0409-0000-0000000FF1CE}" "{99ACCA38-6DD3-48A8-96AE-A283C9759279}" "1033" "0"

Microsoft Office 2010 Service Pack 1 (SP1)-->"C:\Program Files\Common Files\Microsoft Shared\OFFICE14\Oarpmany.exe" /removereleaseinpatch "{90140000-001F-040C-0000-0000000FF1CE}" "{46298F6A-1E7E-4D4A-B5F5-106A4F0E48C6}" "1033" "0"

Microsoft Office 2010 Service Pack 1 (SP1)-->"C:\Program Files\Common Files\Microsoft Shared\OFFICE14\Oarpmany.exe" /removereleaseinpatch "{90140000-001F-040C-0000-0000000FF1CE}" "{46298F6A-1E7E-4D4A-B5F5-106A4F0E48C6}" "1033" "0"

Microsoft Office 2010 Service Pack 1 (SP1)-->"C:\Program Files\Common Files\Microsoft Shared\OFFICE14\Oarpmany.exe" /removereleaseinpatch "{90140000-001F-0C0A-0000-0000000FF1CE}" "{DEA87BE2-FFCC-4F33-9946-FCBE55A1E998}" "1033" "0"

Microsoft Office 2010 Service Pack 1 (SP1)-->"C:\Program Files\Common Files\Microsoft Shared\OFFICE14\Oarpmany.exe" /removereleaseinpatch "{90140000-001F-0C0A-0000-0000000FF1CE}" "{DEA87BE2-FFCC-4F33-9946-FCBE55A1E998}" "1033" "0"

Microsoft Office 2010 Service Pack 1 (SP1)-->"C:\Program Files\Common Files\Microsoft Shared\OFFICE14\Oarpmany.exe" /removereleaseinpatch "{90140000-002C-0409-0000-0000000FF1CE}" "{7CA93DF4-8902-449E-A42E-4C5923CFBDE3}" "1033" "0"

Microsoft Office 2010 Service Pack 1 (SP1)-->"C:\Program Files\Common Files\Microsoft Shared\OFFICE14\Oarpmany.exe" /removereleaseinpatch "{90140000-006E-0409-0000-0000000FF1CE}" "{4560037C-E356-444A-A015-D21F487D809E}" "1033" "0"

Microsoft Office 2010 Service Pack 1 (SP1)-->"C:\Program Files\Common Files\Microsoft Shared\OFFICE14\Oarpmany.exe" /removereleaseinpatch "{90140000-006E-0409-0000-0000000FF1CE}" "{4560037C-E356-444A-A015-D21F487D809E}" "1033" "0"

Microsoft Office 2010 Service Pack 1 (SP1)-->"C:\Program Files\Common Files\Microsoft Shared\OFFICE14\Oarpmany.exe" /removereleaseinpatch "{90140000-0115-0409-0000-0000000FF1CE}" "{4560037C-E356-444A-A015-D21F487D809E}" "1033" "0"

Microsoft Office Excel MUI (English) 2007-->MsiExec.exe /X{90120000-0016-0409-0000-0000000FF1CE}

Microsoft Office File Validation Add-In-->MsiExec.exe /I{90140000-2005-0000-0000-0000000FF1CE}

Microsoft Office Home and Student 2007-->"C:\Program Files\Common Files\Microsoft Shared\OFFICE12\Office Setup Controller\setup.exe" /uninstall HOMESTUDENTR /dll OSETUP.DLL

Microsoft Office OneNote MUI (English) 2007-->MsiExec.exe /X{90120000-00A1-0409-0000-0000000FF1CE}

Microsoft Office PowerPoint MUI (English) 2007-->MsiExec.exe /X{90120000-0018-0409-0000-0000000FF1CE}

Microsoft Office Project MUI (English) 2010-->MsiExec.exe /X{90140000-00B4-0409-0000-0000000FF1CE}

Microsoft Office Proof (English) 2007-->MsiExec.exe /X{90120000-001F-0409-0000-0000000FF1CE}

Microsoft Office Proof (English) 2010-->MsiExec.exe /X{90140000-001F-0409-0000-0000000FF1CE}

Microsoft Office Proof (French) 2007-->MsiExec.exe /X{90120000-001F-040C-0000-0000000FF1CE}

Microsoft Office Proof (French) 2010-->MsiExec.exe /X{90140000-001F-040C-0000-0000000FF1CE}

Microsoft Office Proof (Spanish) 2007-->MsiExec.exe /X{90120000-001F-0C0A-0000-0000000FF1CE}

Microsoft Office Proof (Spanish) 2010-->MsiExec.exe /X{90140000-001F-0C0A-0000-0000000FF1CE}

Microsoft Office Proofing (English) 2007-->MsiExec.exe /X{90120000-002C-0409-0000-0000000FF1CE}

Microsoft Office Proofing (English) 2010-->MsiExec.exe /X{90140000-002C-0409-0000-0000000FF1CE}

Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)-->msiexec /package {90120000-001F-0409-0000-0000000FF1CE} /uninstall {1FF96026-A04A-4C3E-B50A-BB7022654D0F}

Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)-->msiexec /package {90120000-001F-040C-0000-0000000FF1CE} /uninstall {71F055E8-E2C6-4214-BB3D-BFE03561B89E}

Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)-->msiexec /package {90120000-001F-0C0A-0000-0000000FF1CE} /uninstall {2314F9A1-126F-45CC-8A5E-DFAF866F3FBC}

Microsoft Office Shared MUI (English) 2007-->MsiExec.exe /X{90120000-006E-0409-0000-0000000FF1CE}

Microsoft Office Shared MUI (English) 2010-->MsiExec.exe /X{90140000-006E-0409-0000-0000000FF1CE}

Microsoft Office Shared Setup Metadata MUI (English) 2007-->MsiExec.exe /X{90120000-0115-0409-0000-0000000FF1CE}

Microsoft Office Shared Setup Metadata MUI (English) 2010-->MsiExec.exe /X{90140000-0115-0409-0000-0000000FF1CE}

Microsoft Office Visio MUI (English) 2010-->MsiExec.exe /X{90140000-0054-0409-0000-0000000FF1CE}

Microsoft Office Word MUI (English) 2007-->MsiExec.exe /X{90120000-001B-0409-0000-0000000FF1CE}

Microsoft Project 2010 Service Pack 1 (SP1)-->"C:\Program Files\Common Files\Microsoft Shared\OFFICE14\Oarpmany.exe" /removereleaseinpatch "{90140000-00B4-0409-0000-0000000FF1CE}" "{18A0C151-8F8A-4B68-A960-60C464B94329}" "1033" "0"

Microsoft Project Professional 2010-->"C:\Program Files\Common Files\Microsoft Shared\OFFICE14\Office Setup Controller\setup.exe" /uninstall PRJPROR /dll OSETUP.DLL

Microsoft Silverlight-->MsiExec.exe /X{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}

Microsoft User-Mode Driver Framework Feature Pack 1.0-->"C:\WINDOWS\$NtUninstallWudf01000$\spuninst\spuninst.exe"

Microsoft Visio Premium 2010-->"C:\Program Files\Common Files\Microsoft Shared\OFFICE14\Office Setup Controller\setup.exe" /uninstall VISIOR /dll OSETUP.DLL

Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053-->MsiExec.exe /X{770657D0-A123-3C07-8E44-1C83EC895118}

Microsoft Visual C++ 2005 Redistributable-->MsiExec.exe /X{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}

Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570-->MsiExec.exe /X{86CE85E6-DBAC-3FFD-B977-E4B79F83C909}

Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148-->MsiExec.exe /X{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}

Mozilla Firefox 10.0.2 (x86 en-US)-->C:\Program Files\Mozilla Firefox\uninstall\helper.exe

MSN-->C:\Program Files\MSN\MsnInstaller\msninst.exe /Action:ARP

MSVCRT-->MsiExec.exe /I{22B775E7-6C42-4FC5-8E10-9A5E3257BD94}

MSXML 4.0 SP2 (KB927978)-->MsiExec.exe /I{37477865-A3F1-4772-AD43-AAFC6BCFF99F}

MSXML 4.0 SP2 (KB954430)-->MsiExec.exe /I{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}

MSXML 4.0 SP2 Parser and SDK-->MsiExec.exe /I{716E0306-8318-4364-8B8F-0CC4E9376BAC}

neroxml-->MsiExec.exe /I{56C049BE-79E9-4502-BEA7-9754A3E60F9B}

PKR-->"C:\Program Files\PKR\uninstall-pkr.exe"

Security Update for CAPICOM (KB931906)-->MsiExec.exe /I{0EFDF2F9-836D-4EB7-A32D-038BD3F1FB2A}

Security Update for CAPICOM (KB931906)-->MsiExec.exe /X{0EFDF2F9-836D-4EB7-A32D-038BD3F1FB2A}

Security Update for Microsoft .NET Framework 4 Client Profile (KB2446708)-->C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\SetupCache\Client\setup.exe /uninstallpatch {3E0806DB-3085-378A-840A-F0D3AE3609D1} /parameterfolder Client

Security Update for Microsoft .NET Framework 4 Client Profile (KB2478663)-->C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\SetupCache\Client\setup.exe /uninstallpatch {728D9A6A-2206-31E8-9F65-C3EABEFCF53E} /parameterfolder Client

Security Update for Microsoft .NET Framework 4 Client Profile (KB2518870)-->C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\SetupCache\Client\setup.exe /uninstallpatch {2CE2EB39-45C8-32D4-8A99-5529C38F1B99} /parameterfolder Client

Security Update for Microsoft .NET Framework 4 Client Profile (KB2539636)-->C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\SetupCache\Client\setup.exe /uninstallpatch {7E97AB83-C1FE-38DE-B848-877E0A4BD81E} /parameterfolder Client

Security Update for Microsoft .NET Framework 4 Client Profile (KB2572078)-->C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\SetupCache\Client\setup.exe /uninstallpatch {DB31DEDD-BF95-31E7-A9B7-5480561CEFF3} /parameterfolder Client

Security Update for Microsoft .NET Framework 4 Client Profile (KB2633870)-->C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\SetupCache\Client\setup.exe /uninstallpatch {8DDEFC7E-0C61-3D11-AFC6-5414F2DAFD01} /parameterfolder Client

Security Update for Microsoft .NET Framework 4 Client Profile (KB2656351)-->C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\SetupCache\Client\setup.exe /uninstallpatch {4952F442-5C1A-38EB-8C23-B18EFE77E20C} /parameterfolder Client

Security Update for Microsoft .NET Framework 4 Extended (KB2416472)-->c:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\SetupCache\Extended\setup.exe /uninstallpatch {7A2C18A1-D2A2-3177-82F1-5FE9CC08ECB0} /parameterfolder Extended

Security Update for Microsoft .NET Framework 4 Extended (KB2487367)-->c:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\SetupCache\Extended\setup.exe /uninstallpatch {42A3562E-8B4E-39A4-B82D-CC12F82889E3} /parameterfolder Extended

Security Update for Microsoft .NET Framework 4 Extended (KB2656351)-->c:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\SetupCache\Extended\setup.exe /uninstallpatch {4952F442-5C1A-38EB-8C23-B18EFE77E20C} /parameterfolder Extended

Security Update for Microsoft Windows (KB2564958)-->"C:\WINDOWS\$NtUninstallKB2564958$\spuninst\spuninst.exe"

Security Update for Windows Internet Explorer 7 (KB2183461)-->"C:\WINDOWS\ie7updates\KB2183461-IE7\spuninst\spuninst.exe"

Security Update for Windows Internet Explorer 7 (KB928090)-->"C:\WINDOWS\ie7updates\KB928090-IE7\spuninst\spuninst.exe"

Security Update for Windows Internet Explorer 7 (KB929969)-->"C:\WINDOWS\ie7updates\KB929969\spuninst\spuninst.exe"

Security Update for Windows Internet Explorer 7 (KB931768)-->"C:\WINDOWS\ie7updates\KB931768-IE7\spuninst\spuninst.exe"

Security Update for Windows Internet Explorer 7 (KB933566)-->"C:\WINDOWS\ie7updates\KB933566-IE7\spuninst\spuninst.exe"

Security Update for Windows Internet Explorer 7 (KB937143)-->"C:\WINDOWS\ie7updates\KB937143-IE7\spuninst\spuninst.exe"

Security Update for Windows Internet Explorer 7 (KB938127)-->"C:\WINDOWS\ie7updates\KB938127-IE7\spuninst\spuninst.exe"

Security Update for Windows Internet Explorer 7 (KB939653)-->"C:\WINDOWS\ie7updates\KB939653-IE7\spuninst\spuninst.exe"

Security Update for Windows Internet Explorer 7 (KB942615)-->"C:\WINDOWS\ie7updates\KB942615-IE7\spuninst\spuninst.exe"

Security Update for Windows Internet Explorer 7 (KB944533)-->"C:\WINDOWS\ie7updates\KB944533-IE7\spuninst\spuninst.exe"

Security Update for Windows Internet Explorer 7 (KB950759)-->"C:\WINDOWS\ie7updates\KB950759-IE7\spuninst\spuninst.exe"

Security Update for Windows Internet Explorer 7 (KB953838)-->"C:\WINDOWS\ie7updates\KB953838-IE7\spuninst\spuninst.exe"

Security Update for Windows Internet Explorer 7 (KB956390)-->"C:\WINDOWS\ie7updates\KB956390-IE7\spuninst\spuninst.exe"

Security Update for Windows Internet Explorer 7 (KB958215)-->"C:\WINDOWS\ie7updates\KB958215-IE7\spuninst\spuninst.exe"

Security Update for Windows Internet Explorer 7 (KB960714)-->"C:\WINDOWS\ie7updates\KB960714-IE7\spuninst\spuninst.exe"

Security Update for Windows Internet Explorer 7 (KB961260)-->"C:\WINDOWS\ie7updates\KB961260-IE7\spuninst\spuninst.exe"

Security Update for Windows Internet Explorer 7 (KB963027)-->"C:\WINDOWS\ie7updates\KB963027-IE7\spuninst\spuninst.exe"

Security Update for Windows Internet Explorer 7 (KB969897)-->"C:\WINDOWS\ie7updates\KB969897-IE7\spuninst\spuninst.exe"

Security Update for Windows Internet Explorer 7 (KB972260)-->"C:\WINDOWS\ie7updates\KB972260-IE7\spuninst\spuninst.exe"

Security Update for Windows Internet Explorer 7 (KB974455)-->"C:\WINDOWS\ie7updates\KB974455-IE7\spuninst\spuninst.exe"

Security Update for Windows Internet Explorer 7 (KB976325)-->"C:\WINDOWS\ie7updates\KB976325-IE7\spuninst\spuninst.exe"

Security Update for Windows Internet Explorer 7 (KB978207)-->"C:\WINDOWS\ie7updates\KB978207-IE7\spuninst\spuninst.exe"

Security Update for Windows Internet Explorer 7 (KB982381)-->"C:\WINDOWS\ie7updates\KB982381-IE7\spuninst\spuninst.exe"

Security Update for Windows Internet Explorer 8 (KB2497640)-->"C:\WINDOWS\ie8updates\KB2497640-IE8\spuninst\spuninst.exe"

Security Update for Windows Internet Explorer 8 (KB2510531)-->"C:\WINDOWS\ie8updates\KB2510531-IE8\spuninst\spuninst.exe"

Security Update for Windows Internet Explorer 8 (KB2530548)-->"C:\WINDOWS\ie8updates\KB2530548-IE8\spuninst\spuninst.exe"

Security Update for Windows Internet Explorer 8 (KB2544521)-->"C:\WINDOWS\ie8updates\KB2544521-IE8\spuninst\spuninst.exe"

Security Update for Windows Internet Explorer 8 (KB2559049)-->"C:\WINDOWS\ie8updates\KB2559049-IE8\spuninst\spuninst.exe"

Security Update for Windows Internet Explorer 8 (KB2586448)-->"C:\WINDOWS\ie8updates\KB2586448-IE8\spuninst\spuninst.exe"

Security Update for Windows Internet Explorer 8 (KB2618444)-->"C:\WINDOWS\ie8updates\KB2618444-IE8\spuninst\spuninst.exe"

Security Update for Windows Internet Explorer 8 (KB2647516)-->"C:\WINDOWS\ie8updates\KB2647516-IE8\spuninst\spuninst.exe"

Security Update for Windows Media Player (KB2378111)-->"C:\WINDOWS\$NtUninstallKB2378111_WM9$\spuninst\spuninst.exe"

Security Update for Windows Media Player (KB952069)-->"C:\WINDOWS\$NtUninstallKB952069_WM9$\spuninst\spuninst.exe"

Security Update for Windows Media Player (KB954155)-->"C:\WINDOWS\$NtUninstallKB954155_WM9$\spuninst\spuninst.exe"

Security Update for Windows Media Player (KB968816)-->"C:\WINDOWS\$NtUninstallKB968816_WM9$\spuninst\spuninst.exe"

Security Update for Windows Media Player (KB973540)-->"C:\WINDOWS\$NtUninstallKB973540_WM9$\spuninst\spuninst.exe"

Security Update for Windows Media Player (KB975558)-->"C:\WINDOWS\$NtUninstallKB975558_WM8$\spuninst\spuninst.exe"

Security Update for Windows Media Player (KB978695)-->"C:\WINDOWS\$NtUninstallKB978695_WM9$\spuninst\spuninst.exe"

Security Update for Windows Media Player 11 (KB936782)-->"C:\WINDOWS\$NtUninstallKB936782_WMP11$\spuninst\spuninst.exe"

Security Update for Windows Media Player 11 (KB954154)-->"C:\WINDOWS\$NtUninstallKB954154_WM11$\spuninst\spuninst.exe"

Security Update for Windows Media Player 9 (KB917734)-->"C:\WINDOWS\$NtUninstallKB917734_WMP9$\spuninst\spuninst.exe"

Security Update for Windows Search 4 - KB963093-->"C:\WINDOWS\$NtUninstallKB963093$\spuninst\spuninst.exe"

Security Update for Windows XP (KB2079403)-->"C:\WINDOWS\$NtUninstallKB2079403$\spuninst\spuninst.exe"

Security Update for Windows XP (KB2121546)-->"C:\WINDOWS\$NtUninstallKB2121546$\spuninst\spuninst.exe"

Security Update for Windows XP (KB2160329)-->"C:\WINDOWS\$NtUninstallKB2160329$\spuninst\spuninst.exe"

Security Update for Windows XP (KB2229593)-->"C:\WINDOWS\$NtUninstallKB2229593$\spuninst\spuninst.exe"

Security Update for Windows XP (KB2259922)-->"C:\WINDOWS\$NtUninstallKB2259922$\spuninst\spuninst.exe"

Security Update for Windows XP (KB2279986)-->"C:\WINDOWS\$NtUninstallKB2279986$\spuninst\spuninst.exe"

Security Update for Windows XP (KB2286198)-->"C:\WINDOWS\$NtUninstallKB2286198$\spuninst\spuninst.exe"

Security Update for Windows XP (KB2296011)-->"C:\WINDOWS\$NtUninstallKB2296011$\spuninst\spuninst.exe"

Security Update for Windows XP (KB2296199)-->"C:\WINDOWS\$NtUninstallKB2296199$\spuninst\spuninst.exe"

Security Update for Windows XP (KB2347290)-->"C:\WINDOWS\$NtUninstallKB2347290$\spuninst\spuninst.exe"

Security Update for Windows XP (KB2360937)-->"C:\WINDOWS\$NtUninstallKB2360937$\spuninst\spuninst.exe"

Security Update for Windows XP (KB2387149)-->"C:\WINDOWS\$NtUninstallKB2387149$\spuninst\spuninst.exe"

Security Update for Windows XP (KB2393802)-->"C:\WINDOWS\$NtUninstallKB2393802$\spuninst\spuninst.exe"

Security Update for Windows XP (KB2412687)-->"C:\WINDOWS\$NtUninstallKB2412687$\spuninst\spuninst.exe"

Security Update for Windows XP (KB2419632)-->"C:\WINDOWS\$NtUninstallKB2419632$\spuninst\spuninst.exe"

Security Update for Windows XP (KB2423089)-->"C:\WINDOWS\$NtUninstallKB2423089$\spuninst\spuninst.exe"

Security Update for Windows XP (KB2436673)-->"C:\WINDOWS\$NtUninstallKB2436673$\spuninst\spuninst.exe"

Security Update for Windows XP (KB2440591)-->"C:\WINDOWS\$NtUninstallKB2440591$\spuninst\spuninst.exe"

Security Update for Windows XP (KB2443105)-->"C:\WINDOWS\$NtUninstallKB2443105$\spuninst\spuninst.exe"

Security Update for Windows XP (KB2476490)-->"C:\WINDOWS\$NtUninstallKB2476490$\spuninst\spuninst.exe"

Security Update for Windows XP (KB2476687)-->"C:\WINDOWS\$NtUninstallKB2476687$\spuninst\spuninst.exe"

Security Update for Windows XP (KB2478960)-->"C:\WINDOWS\$NtUninstallKB2478960$\spuninst\spuninst.exe"

Security Update for Windows XP (KB2478971)-->"C:\WINDOWS\$NtUninstallKB2478971$\spuninst\spuninst.exe"

Security Update for Windows XP (KB2479628)-->"C:\WINDOWS\$NtUninstallKB2479628$\spuninst\spuninst.exe"

Security Update for Windows XP (KB2479943)-->"C:\WINDOWS\$NtUninstallKB2479943$\spuninst\spuninst.exe"

Security Update for Windows XP (KB2481109)-->"C:\WINDOWS\$NtUninstallKB2481109$\spuninst\spuninst.exe"

Security Update for Windows XP (KB2483185)-->"C:\WINDOWS\$NtUninstallKB2483185$\spuninst\spuninst.exe"

Security Update for Windows XP (KB2485376)-->"C:\WINDOWS\$NtUninstallKB2485376$\spuninst\spuninst.exe"

Security Update for Windows XP (KB2485663)-->"C:\WINDOWS\$NtUninstallKB2485663$\spuninst\spuninst.exe"

Security Update for Windows XP (KB2503658)-->"C:\WINDOWS\$NtUninstallKB2503658$\spuninst\spuninst.exe"

Security Update for Windows XP (KB2503665)-->"C:\WINDOWS\$NtUninstallKB2503665$\spuninst\spuninst.exe"

Security Update for Windows XP (KB2506212)-->"C:\WINDOWS\$NtUninstallKB2506212$\spuninst\spuninst.exe"

Security Update for Windows XP (KB2506223)-->"C:\WINDOWS\$NtUninstallKB2506223$\spuninst\spuninst.exe"

Security Update for Windows XP (KB2507618)-->"C:\WINDOWS\$NtUninstallKB2507618$\spuninst\spuninst.exe"

Security Update for Windows XP (KB2507938)-->"C:\WINDOWS\$NtUninstallKB2507938$\spuninst\spuninst.exe"

Security Update for Windows XP (KB2508272)-->"C:\WINDOWS\$NtUninstallKB2508272$\spuninst\spuninst.exe"

Security Update for Windows XP (KB2508429)-->"C:\WINDOWS\$NtUninstallKB2508429$\spuninst\spuninst.exe"

Security Update for Windows XP (KB2509553)-->"C:\WINDOWS\$NtUninstallKB2509553$\spuninst\spuninst.exe"

Security Update for Windows XP (KB2511455)-->"C:\WINDOWS\$NtUninstallKB2511455$\spuninst\spuninst.exe"

Security Update for Windows XP (KB2524375)-->"C:\WINDOWS\$NtUninstallKB2524375$\spuninst\spuninst.exe"

Security Update for Windows XP (KB2535512)-->"C:\WINDOWS\$NtUninstallKB2535512$\spuninst\spuninst.exe"

Security Update for Windows XP (KB2536276)-->"C:\WINDOWS\$NtUninstallKB2536276$\spuninst\spuninst.exe"

Security Update for Windows XP (KB2536276-v2)-->"C:\WINDOWS\$NtUninstallKB2536276-v2$\spuninst\spuninst.exe"

Security Update for Windows XP (KB2544893)-->"C:\WINDOWS\$NtUninstallKB2544893$\spuninst\spuninst.exe"

Security Update for Windows XP (KB2544893-v2)-->"C:\WINDOWS\$NtUninstallKB2544893-v2$\spuninst\spuninst.exe"

Security Update for Windows XP (KB2555917)-->"C:\WINDOWS\$NtUninstallKB2555917$\spuninst\spuninst.exe"

Security Update for Windows XP (KB2562937)-->"C:\WINDOWS\$NtUninstallKB2562937$\spuninst\spuninst.exe"

Security Update for Windows XP (KB2566454)-->"C:\WINDOWS\$NtUninstallKB2566454$\spuninst\spuninst.exe"

Security Update for Windows XP (KB2567053)-->"C:\WINDOWS\$NtUninstallKB2567053$\spuninst\spuninst.exe"

Security Update for Windows XP (KB2567680)-->"C:\WINDOWS\$NtUninstallKB2567680$\spuninst\spuninst.exe"

Security Update for Windows XP (KB2570222)-->"C:\WINDOWS\$NtUninstallKB2570222$\spuninst\spuninst.exe"

Security Update for Windows XP (KB2570947)-->"C:\WINDOWS\$NtUninstallKB2570947$\spuninst\spuninst.exe"

Security Update for Windows XP (KB2584146)-->"C:\WINDOWS\$NtUninstallKB2584146$\spuninst\spuninst.exe"

Security Update for Windows XP (KB2585542)-->"C:\WINDOWS\$NtUninstallKB2585542$\spuninst\spuninst.exe"

Security Update for Windows XP (KB2592799)-->"C:\WINDOWS\$NtUninstallKB2592799$\spuninst\spuninst.exe"

Security Update for Windows XP (KB2598479)-->"C:\WINDOWS\$NtUninstallKB2598479$\spuninst\spuninst.exe"

Security Update for Windows XP (KB2603381)-->"C:\WINDOWS\$NtUninstallKB2603381$\spuninst\spuninst.exe"

Security Update for Windows XP (KB2618451)-->"C:\WINDOWS\$NtUninstallKB2618451$\spuninst\spuninst.exe"

Security Update for Windows XP (KB2619339)-->"C:\WINDOWS\$NtUninstallKB2619339$\spuninst\spuninst.exe"

Security Update for Windows XP (KB2620712)-->"C:\WINDOWS\$NtUninstallKB2620712$\spuninst\spuninst.exe"

Security Update for Windows XP (KB2621440)-->"C:\WINDOWS\$NtUninstallKB2621440$\spuninst\spuninst.exe"

Security Update for Windows XP (KB2624667)-->"C:\WINDOWS\$NtUninstallKB2624667$\spuninst\spuninst.exe"

Security Update for Windows XP (KB2631813)-->"C:\WINDOWS\$NtUninstallKB2631813$\spuninst\spuninst.exe"

Security Update for Windows XP (KB2633171)-->"C:\WINDOWS\$NtUninstallKB2633171$\spuninst\spuninst.exe"

Security Update for Windows XP (KB2639417)-->"C:\WINDOWS\$NtUninstallKB2639417$\spuninst\spuninst.exe"

Security Update for Windows XP (KB2641653)-->"C:\WINDOWS\$NtUninstallKB2641653$\spuninst\spuninst.exe"

Security Update for Windows XP (KB2646524)-->"C:\WINDOWS\$NtUninstallKB2646524$\spuninst\spuninst.exe"

Security Update for Windows XP (KB2647518)-->"C:\WINDOWS\$NtUninstallKB2647518$\spuninst\spuninst.exe"

Security Update for Windows XP (KB2660465)-->"C:\WINDOWS\$NtUninstallKB2660465$\spuninst\spuninst.exe"

Security Update for Windows XP (KB2661637)-->"C:\WINDOWS\$NtUninstallKB2661637$\spuninst\spuninst.exe"

Security Update for Windows XP (KB923561)-->"C:\WINDOWS\$NtUninstallKB923561$\spuninst\spuninst.exe"

Security Update for Windows XP (KB923789)-->C:\WINDOWS\system32\MacroMed\Flash\genuinst.exe C:\WINDOWS\system32\MacroMed\Flash\KB923789.inf

Security Update for Windows XP (KB938464)-->"C:\WINDOWS\$NtUninstallKB938464$\spuninst\spuninst.exe"

Security Update for Windows XP (KB941569)-->"C:\WINDOWS\$NtUninstallKB941569$\spuninst\spuninst.exe"

Security Update for Windows XP (KB946648)-->"C:\WINDOWS\$NtUninstallKB946648$\spuninst\spuninst.exe"

Security Update for Windows XP (KB950760)-->"C:\WINDOWS\$NtUninstallKB950760$\spuninst\spuninst.exe"

Security Update for Windows XP (KB950762)-->"C:\WINDOWS\$NtUninstallKB950762$\spuninst\spuninst.exe"

Security Update for Windows XP (KB950974)-->"C:\WINDOWS\$NtUninstallKB950974$\spuninst\spuninst.exe"

Security Update for Windows XP (KB951066)-->"C:\WINDOWS\$NtUninstallKB951066$\spuninst\spuninst.exe"

Security Update for Windows XP (KB951376)-->"C:\WINDOWS\$NtUninstallKB951376$\spuninst\spuninst.exe"

Security Update for Windows XP (KB951376-v2)-->"C:\WINDOWS\$NtUninstallKB951376-v2$\spuninst\spuninst.exe"

Security Update for Windows XP (KB951698)-->"C:\WINDOWS\$NtUninstallKB951698$\spuninst\spuninst.exe"

Security Update for Windows XP (KB951748)-->"C:\WINDOWS\$NtUninstallKB951748$\spuninst\spuninst.exe"

Security Update for Windows XP (KB952004)-->"C:\WINDOWS\$NtUninstallKB952004$\spuninst\spuninst.exe"

Security Update for Windows XP (KB952954)-->"C:\WINDOWS\$NtUninstallKB952954$\spuninst\spuninst.exe"

Security Update for Windows XP (KB953839)-->"C:\WINDOWS\$NtUninstallKB953839$\spuninst\spuninst.exe"

Security Update for Windows XP (KB954211)-->"C:\WINDOWS\$NtUninstallKB954211$\spuninst\spuninst.exe"

Security Update for Windows XP (KB954459)-->"C:\WINDOWS\$NtUninstallKB954459$\spuninst\spuninst.exe"

Security Update for Windows XP (KB954600)-->"C:\WINDOWS\$NtUninstallKB954600$\spuninst\spuninst.exe"

Security Update for Windows XP (KB955069)-->"C:\WINDOWS\$NtUninstallKB955069$\spuninst\spuninst.exe"

Security Update for Windows XP (KB956391)-->"C:\WINDOWS\$NtUninstallKB956391$\spuninst\spuninst.exe"

Security Update for Windows XP (KB956572)-->"C:\WINDOWS\$NtUninstallKB956572$\spuninst\spuninst.exe"

Security Update for Windows XP (KB956744)-->"C:\WINDOWS\$NtUninstallKB956744$\spuninst\spuninst.exe"

Security Update for Windows XP (KB956802)-->"C:\WINDOWS\$NtUninstallKB956802$\spuninst\spuninst.exe"

Security Update for Windows XP (KB956803)-->"C:\WINDOWS\$NtUninstallKB956803$\spuninst\spuninst.exe"

Security Update for Windows XP (KB956841)-->"C:\WINDOWS\$NtUninstallKB956841$\spuninst\spuninst.exe"

Security Update for Windows XP (KB956844)-->"C:\WINDOWS\$NtUninstallKB956844$\spuninst\spuninst.exe"

Security Update for Windows XP (KB957095)-->"C:\WINDOWS\$NtUninstallKB957095$\spuninst\spuninst.exe"

Security Update for Windows XP (KB957097)-->"C:\WINDOWS\$NtUninstallKB957097$\spuninst\spuninst.exe"

Security Update for Windows XP (KB958644)-->"C:\WINDOWS\$NtUninstallKB958644$\spuninst\spuninst.exe"

Security Update for Windows XP (KB958687)-->"C:\WINDOWS\$NtUninstallKB958687$\spuninst\spuninst.exe"

Security Update for Windows XP (KB958690)-->"C:\WINDOWS\$NtUninstallKB958690$\spuninst\spuninst.exe"

Security Update for Windows XP (KB958869)-->"C:\WINDOWS\$NtUninstallKB958869$\spuninst\spuninst.exe"

Security Update for Windows XP (KB959426)-->"C:\WINDOWS\$NtUninstallKB959426$\spuninst\spuninst.exe"

Security Update for Windows XP (KB960225)-->"C:\WINDOWS\$NtUninstallKB960225$\spuninst\spuninst.exe"

Security Update for Windows XP (KB960715)-->"C:\WINDOWS\$NtUninstallKB960715$\spuninst\spuninst.exe"

Security Update for Windows XP (KB960803)-->"C:\WINDOWS\$NtUninstallKB960803$\spuninst\spuninst.exe"

Security Update for Windows XP (KB960859)-->"C:\WINDOWS\$NtUninstallKB960859$\spuninst\spuninst.exe"

Security Update for Windows XP (KB961371)-->"C:\WINDOWS\$NtUninstallKB961371$\spuninst\spuninst.exe"

Security Update for Windows XP (KB961373)-->"C:\WINDOWS\$NtUninstallKB961373$\spuninst\spuninst.exe"

Security Update for Windows XP (KB961501)-->"C:\WINDOWS\$NtUninstallKB961501$\spuninst\spuninst.exe"

Security Update for Windows XP (KB968537)-->"C:\WINDOWS\$NtUninstallKB968537$\spuninst\spuninst.exe"

Security Update for Windows XP (KB969059)-->"C:\WINDOWS\$NtUninstallKB969059$\spuninst\spuninst.exe"

Security Update for Windows XP (KB969898)-->"C:\WINDOWS\$NtUninstallKB969898$\spuninst\spuninst.exe"

Security Update for Windows XP (KB969947)-->"C:\WINDOWS\$NtUninstallKB969947$\spuninst\spuninst.exe"

Security Update for Windows XP (KB970238)-->"C:\WINDOWS\$NtUninstallKB970238$\spuninst\spuninst.exe"

Security Update for Windows XP (KB970430)-->"C:\WINDOWS\$NtUninstallKB970430$\spuninst\spuninst.exe"

Security Update for Windows XP (KB971468)-->"C:\WINDOWS\$NtUninstallKB971468$\spuninst\spuninst.exe"

Security Update for Windows XP (KB971486)-->"C:\WINDOWS\$NtUninstallKB971486$\spuninst\spuninst.exe"

Security Update for Windows XP (KB971557)-->"C:\WINDOWS\$NtUninstallKB971557$\spuninst\spuninst.exe"

Security Update for Windows XP (KB971633)-->"C:\WINDOWS\$NtUninstallKB971633$\spuninst\spuninst.exe"

Security Update for Windows XP (KB971657)-->"C:\WINDOWS\$NtUninstallKB971657$\spuninst\spuninst.exe"

Security Update for Windows XP (KB971961)-->"C:\WINDOWS\$NtUninstallKB971961$\spuninst\spuninst.exe"

Security Update for Windows XP (KB972270)-->"C:\WINDOWS\$NtUninstallKB972270$\spuninst\spuninst.exe"

Security Update for Windows XP (KB973346)-->"C:\WINDOWS\$NtUninstallKB973346$\spuninst\spuninst.exe"

Security Update for Windows XP (KB973354)-->"C:\WINDOWS\$NtUninstallKB973354$\spuninst\spuninst.exe"

Security Update for Windows XP (KB973507)-->"C:\WINDOWS\$NtUninstallKB973507$\spuninst\spuninst.exe"

Security Update for Windows XP (KB973525)-->"C:\WINDOWS\$NtUninstallKB973525$\spuninst\spuninst.exe"

Security Update for Windows XP (KB973869)-->"C:\WINDOWS\$NtUninstallKB973869$\spuninst\spuninst.exe"

Security Update for Windows XP (KB973904)-->"C:\WINDOWS\$NtUninstallKB973904$\spuninst\spuninst.exe"

Security Update for Windows XP (KB974112)-->"C:\WINDOWS\$NtUninstallKB974112$\spuninst\spuninst.exe"

Security Update for Windows XP (KB974318)-->"C:\WINDOWS\$NtUninstallKB974318$\spuninst\spuninst.exe"

Security Update for Windows XP (KB974392)-->"C:\WINDOWS\$NtUninstallKB974392$\spuninst\spuninst.exe"

Security Update for Windows XP (KB974571)-->"C:\WINDOWS\$NtUninstallKB974571$\spuninst\spuninst.exe"

Security Update for Windows XP (KB975025)-->"C:\WINDOWS\$NtUninstallKB975025$\spuninst\spuninst.exe"

Security Update for Windows XP (KB975467)-->"C:\WINDOWS\$NtUninstallKB975467$\spuninst\spuninst.exe"

Security Update for Windows XP (KB975560)-->"C:\WINDOWS\$NtUninstallKB975560$\spuninst\spuninst.exe"

Security Update for Windows XP (KB975561)-->"C:\WINDOWS\$NtUninstallKB975561$\spuninst\spuninst.exe"

Security Update for Windows XP (KB975562)-->"C:\WINDOWS\$NtUninstallKB975562$\spuninst\spuninst.exe"

Security Update for Windows XP (KB975713)-->"C:\WINDOWS\$NtUninstallKB975713$\spuninst\spuninst.exe"

Security Update for Windows XP (KB977165)-->"C:\WINDOWS\$NtUninstallKB977165$\spuninst\spuninst.exe"

Security Update for Windows XP (KB977816)-->"C:\WINDOWS\$NtUninstallKB977816$\spuninst\spuninst.exe"

Security Update for Windows XP (KB977914)-->"C:\WINDOWS\$NtUninstallKB977914$\spuninst\spuninst.exe"

Security Update for Windows XP (KB978037)-->"C:\WINDOWS\$NtUninstallKB978037$\spuninst\spuninst.exe"

Security Update for Windows XP (KB978251)-->"C:\WINDOWS\$NtUninstallKB978251$\spuninst\spuninst.exe"

Security Update for Windows XP (KB978262)-->"C:\WINDOWS\$NtUninstallKB978262$\spuninst\spuninst.exe"

Security Update for Windows XP (KB978338)-->"C:\WINDOWS\$NtUninstallKB978338$\spuninst\spuninst.exe"

Security Update for Windows XP (KB978542)-->"C:\WINDOWS\$NtUninstallKB978542$\spuninst\spuninst.exe"

Security Update for Windows XP (KB978601)-->"C:\WINDOWS\$NtUninstallKB978601$\spuninst\spuninst.exe"

Security Update for Windows XP (KB978706)-->"C:\WINDOWS\$NtUninstallKB978706$\spuninst\spuninst.exe"

Security Update for Windows XP (KB979309)-->"C:\WINDOWS\$NtUninstallKB979309$\spuninst\spuninst.exe"

Security Update for Windows XP (KB979482)-->"C:\WINDOWS\$NtUninstallKB979482$\spuninst\spuninst.exe"

Security Update for Windows XP (KB979559)-->"C:\WINDOWS\$NtUninstallKB979559$\spuninst\spuninst.exe"

Security Update for Windows XP (KB979683)-->"C:\WINDOWS\$NtUninstallKB979683$\spuninst\spuninst.exe"

Security Update for Windows XP (KB979687)-->"C:\WINDOWS\$NtUninstallKB979687$\spuninst\spuninst.exe"

Security Update for Windows XP (KB980195)-->"C:\WINDOWS\$NtUninstallKB980195$\spuninst\spuninst.exe"

Security Update for Windows XP (KB980218)-->"C:\WINDOWS\$NtUninstallKB980218$\spuninst\spuninst.exe"

Security Update for Windows XP (KB980232)-->"C:\WINDOWS\$NtUninstallKB980232$\spuninst\spuninst.exe"

Security Update for Windows XP (KB980436)-->"C:\WINDOWS\$NtUninstallKB980436$\spuninst\spuninst.exe"

Security Update for Windows XP (KB981322)-->"C:\WINDOWS\$NtUninstallKB981322$\spuninst\spuninst.exe"

Security Update for Windows XP (KB981349)-->"C:\WINDOWS\$NtUninstallKB981349$\spuninst\spuninst.exe"

Security Update for Windows XP (KB981852)-->"C:\WINDOWS\$NtUninstallKB981852$\spuninst\spuninst.exe"

Security Update for Windows XP (KB981957)-->"C:\WINDOWS\$NtUninstallKB981957$\spuninst\spuninst.exe"

Security Update for Windows XP (KB981997)-->"C:\WINDOWS\$NtUninstallKB981997$\spuninst\spuninst.exe"

Security Update for Windows XP (KB982132)-->"C:\WINDOWS\$NtUninstallKB982132$\spuninst\spuninst.exe"

Security Update for Windows XP (KB982214)-->"C:\WINDOWS\$NtUninstallKB982214$\spuninst\spuninst.exe"

Security Update for Windows XP (KB982665)-->"C:\WINDOWS\$NtUninstallKB982665$\spuninst\spuninst.exe"

Security Update for Windows XP (KB982802)-->"C:\WINDOWS\$NtUninstallKB982802$\spuninst\spuninst.exe"

System Requirements Lab-->C:\Program Files\SystemRequirementsLab\Uninstall.exe

The KMPlayer (remove only)-->"C:\Program Files\The KMPlayer\uninstall.exe"

Total Recorder 7.0-->"C:\Program Files\HighCriteria\TotalRecorder\setup.exe" U

TuneUp Companion 2.2.7-->C:\Program Files\TuneUpMedia\Uninstall.exe

Update for Microsoft .NET Framework 4 Client Profile (KB2468871)-->C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\SetupCache\Client\setup.exe /uninstallpatch {5E9CF3A4-ADB3-3080-A8BF-976A28340758} /parameterfolder Client

Update for Microsoft .NET Framework 4 Client Profile (KB2533523)-->C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\SetupCache\Client\setup.exe /uninstallpatch {81EBB9D7-173C-32E3-B477-149C8DE075E4} /parameterfolder Client

Update for Microsoft .NET Framework 4 Extended (KB2468871)-->c:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\SetupCache\Extended\setup.exe /uninstallpatch {5E9CF3A4-ADB3-3080-A8BF-976A28340758} /parameterfolder Extended

Update for Microsoft .NET Framework 4 Extended (KB2533523)-->c:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\SetupCache\Extended\setup.exe /uninstallpatch {81EBB9D7-173C-32E3-B477-149C8DE075E4} /parameterfolder Extended

Update for Microsoft Office 2010 (KB2553270) 32-Bit Edition-->"C:\Program Files\Common Files\Microsoft Shared\OFFICE14\Oarpmany.exe" /removereleaseinpatch "{90140000-001F-0409-0000-0000000FF1CE}" "{17E7B9AB-2DD2-457D-8D8E-CD14ACA973FE}" "1033" "0"

Update for Microsoft Office 2010 (KB2553270) 32-Bit Edition-->"C:\Program Files\Common Files\Microsoft Shared\OFFICE14\Oarpmany.exe" /removereleaseinpatch "{90140000-001F-0409-0000-0000000FF1CE}" "{17E7B9AB-2DD2-457D-8D8E-CD14ACA973FE}" "1033" "0"

Update for Microsoft Office 2010 (KB2553270) 32-Bit Edition-->"C:\Program Files\Common Files\Microsoft Shared\OFFICE14\Oarpmany.exe" /removereleaseinpatch "{90140000-001F-040C-0000-0000000FF1CE}" "{15058154-469F-4794-ACD5-94F8420F9B80}" "1033" "0"

Update for Microsoft Office 2010 (KB2553270) 32-Bit Edition-->"C:\Program Files\Common Files\Microsoft Shared\OFFICE14\Oarpmany.exe" /removereleaseinpatch "{90140000-001F-040C-0000-0000000FF1CE}" "{15058154-469F-4794-ACD5-94F8420F9B80}" "1033" "0"

Update for Microsoft Office 2010 (KB2553270) 32-Bit Edition-->"C:\Program Files\Common Files\Microsoft Shared\OFFICE14\Oarpmany.exe" /removereleaseinpatch "{90140000-001F-0C0A-0000-0000000FF1CE}" "{995A7832-B512-46D5-87C9-2D71FB541435}" "1033" "0"

Update for Microsoft Office 2010 (KB2553270) 32-Bit Edition-->"C:\Program Files\Common Files\Microsoft Shared\OFFICE14\Oarpmany.exe" /removereleaseinpatch "{90140000-001F-0C0A-0000-0000000FF1CE}" "{995A7832-B512-46D5-87C9-2D71FB541435}" "1033" "0"

Update for Microsoft Office 2010 (KB2553310) 32-Bit Edition-->"C:\Program Files\Common Files\Microsoft Shared\OFFICE14\Oarpmany.exe" /removereleaseinpatch "{90140000-006E-0409-0000-0000000FF1CE}" "{73E67A3A-8D61-44EF-90C2-1697C3DBE668}" "1033" "0"

Update for Microsoft Office 2010 (KB2553310) 32-Bit Edition-->"C:\Program Files\Common Files\Microsoft Shared\OFFICE14\Oarpmany.exe" /removereleaseinpatch "{90140000-006E-0409-0000-0000000FF1CE}" "{73E67A3A-8D61-44EF-90C2-1697C3DBE668}" "1033" "0"

Update for Microsoft Windows (KB971513)-->"C:\WINDOWS\$NtUninstallKB971513$\spuninst\spuninst.exe"

Update for Windows Internet Explorer 7 (KB976749)-->"C:\WINDOWS\ie7updates\KB976749-IE7\spuninst\spuninst.exe"

Update for Windows Internet Explorer 7 (KB980182)-->"C:\WINDOWS\ie7updates\KB980182-IE7\spuninst\spuninst.exe"

Update for Windows Internet Explorer 8 (KB2598845)-->"C:\WINDOWS\ie8updates\KB2598845-IE8\spuninst\spuninst.exe"

Update for Windows Internet Explorer 8 (KB2632503)-->"C:\WINDOWS\ie8updates\KB2632503-IE8\spuninst\spuninst.exe"

Update for Windows XP (KB2141007)-->"C:\WINDOWS\$NtUninstallKB2141007$\spuninst\spuninst.exe"

Update for Windows XP (KB2345886)-->"C:\WINDOWS\$NtUninstallKB2345886$\spuninst\spuninst.exe"

Update for Windows XP (KB2467659)-->"C:\WINDOWS\$NtUninstallKB2467659$\spuninst\spuninst.exe"

Update for Windows XP (KB2492386)-->"C:\WINDOWS\$NtUninstallKB2492386$\spuninst\spuninst.exe"

Update for Windows XP (KB2541763)-->"C:\WINDOWS\$NtUninstallKB2541763$\spuninst\spuninst.exe"

Update for Windows XP (KB2607712)-->"C:\WINDOWS\$NtUninstallKB2607712$\spuninst\spuninst.exe"

Update for Windows XP (KB2616676)-->"C:\WINDOWS\$NtUninstallKB2616676$\spuninst\spuninst.exe"

Update for Windows XP (KB2641690)-->"C:\WINDOWS\$NtUninstallKB2641690$\spuninst\spuninst.exe"

Update for Windows XP (KB951072-v2)-->"C:\WINDOWS\$NtUninstallKB951072-v2$\spuninst\spuninst.exe"

Update for Windows XP (KB951978)-->"C:\WINDOWS\$NtUninstallKB951978$\spuninst\spuninst.exe"

Update for Windows XP (KB955759)-->"C:\WINDOWS\$NtUninstallKB955759$\spuninst\spuninst.exe"

Update for Windows XP (KB955839)-->"C:\WINDOWS\$NtUninstallKB955839$\spuninst\spuninst.exe"

Update for Windows XP (KB961503)-->"C:\WINDOWS\$NtUninstallKB961503$\spuninst\spuninst.exe"

Update for Windows XP (KB967715)-->"C:\WINDOWS\$NtUninstallKB967715$\spuninst\spuninst.exe"

Update for Windows XP (KB968389)-->"C:\WINDOWS\$NtUninstallKB968389$\spuninst\spuninst.exe"

Update for Windows XP (KB971029)-->"C:\WINDOWS\$NtUninstallKB971029$\spuninst\spuninst.exe"

Update for Windows XP (KB971737)-->"C:\WINDOWS\$NtUninstallKB971737$\spuninst\spuninst.exe"

Update for Windows XP (KB973687)-->"C:\WINDOWS\$NtUninstallKB973687$\spuninst\spuninst.exe"

Update for Windows XP (KB973815)-->"C:\WINDOWS\$NtUninstallKB973815$\spuninst\spuninst.exe"

Virtual DJ - Atomix Productions-->C:\PROGRA~1\VIRTUA~1\UNWISE.EXE C:\PROGRA~1\VIRTUA~1\INSTALL.LOG

VLC media player 1.0.2-->C:\Program Files\VideoLAN\VLC\uninstall.exe

WAV to MP3 Encoder-->C:\PROGRA~1\WAVTOM~1\UNWISE.EXE C:\PROGRA~1\WAVTOM~1\INSTALL.LOG

Windows Easy Transfer-->"C:\WINDOWS\$NtUninstallWETCable$\spuninst\spuninst.exe"

Windows Internet Explorer 8-->"C:\WINDOWS\ie8\spuninst\spuninst.exe"

Windows Live Communications Platform-->MsiExec.exe /I{3175E049-F9A9-4A3D-8F19-AC9FB04514D1}

Windows Live Essentials-->C:\Program Files\Windows Live\Installer\wlarp.exe

Windows Live Essentials-->MsiExec.exe /I{474F25F5-BDC9-40E5-B1B6-F6BF23FC106F}

Windows Live Mail-->MsiExec.exe /I{6412CECE-8172-4BE5-935B-6CECACD2CA87}

Windows Live OneCare safety scanner-->RunDll32.exe "C:\Program Files\Windows Live Safety Center\wlscCore.dll",UninstallFunction WLSC_SCANNER_PRODUCT

Windows Live Upload Tool-->MsiExec.exe /I{205C6BDD-7B73-42DE-8505-9A093F35A238}

Windows Live Writer-->MsiExec.exe /X{178832DE-9DE0-4C87-9F82-9315A9B03985}

Windows Management Framework Core-->"C:\WINDOWS\$968930Uinstall_KB968930$\spuninst\spuninst.exe"

Windows Media Format 11 runtime-->"C:\Program Files\Windows Media Player\wmsetsdk.exe" /UninstallAll

Windows Media Format 11 runtime-->"C:\WINDOWS\$NtUninstallWMFDist11$\spuninst\spuninst.exe"

Windows Media Player 11-->"C:\Program Files\Windows Media Player\Setup_wm.exe" /Uninstall

Windows Media Player 11-->"C:\WINDOWS\$NtUninstallwmp11$\spuninst\spuninst.exe"

Windows XP Service Pack 3-->"C:\WINDOWS\$NtServicePackUninstall$\spuninst\spuninst.exe"

WinRAR archiver-->C:\Program Files\WinRAR\uninstall.exe

======Security center information======

AV: avast! Antivirus

AV: Microsoft Security Essentials

======System event log======

Computer Name: USER-0F914895E2

Event Code: 7026

Message: The following boot-start or system-start driver(s) failed to load:

Lbd

Record Number: 823655

Source Name: Service Control Manager

Time Written: 20120216194905.000000-480

Event Type: error

User:

Computer Name: USER-0F914895E2

Event Code: 5101

Message:

Record Number: 823654

Source Name: Microsoft Antimalware

Time Written: 20120216194811.000000-480

Event Type: error

User:

Computer Name: USER-0F914895E2

Event Code: 7023

Message: The Microsoft Antimalware Service service terminated with the following error:

%%2147949456

Record Number: 823635

Source Name: Service Control Manager

Time Written: 20120216183329.000000-480

Event Type: error

User:

Computer Name: USER-0F914895E2

Event Code: 7026

Message: The following boot-start or system-start driver(s) failed to load:

Lbd

Record Number: 823625

Source Name: Service Control Manager

Time Written: 20120216183302.000000-480

Event Type: error

User:

Computer Name: USER-0F914895E2

Event Code: 5101

Message:

Record Number: 823624

Source Name: Microsoft Antimalware

Time Written: 20120216183203.000000-480

Event Type: error

User:

=====Application event log=====

Computer Name: USER-0F914895E2

Event Code: 100

Message: Task Scheduling Error: Continuously busy for more than a second

Record Number: 1800

Source Name: Bonjour Service

Time Written: 20120303175858.000000-480

Event Type: error

User:

Computer Name: USER-0F914895E2

Event Code: 100

Message: Task Scheduling Error: m->NextScheduledSPRetry 2515

Record Number: 1799

Source Name: Bonjour Service

Time Written: 20120303175340.000000-480

Event Type: error

User:

Computer Name: USER-0F914895E2

Event Code: 100

Message: Task Scheduling Error: m->NextScheduledEvent 2515

Record Number: 1798

Source Name: Bonjour Service

Time Written: 20120303175340.000000-480

Event Type: error

User:

Computer Name: USER-0F914895E2

Event Code: 100

Message: Task Scheduling Error: Continuously busy for more than a second

Record Number: 1797

Source Name: Bonjour Service

Time Written: 20120303175340.000000-480

Event Type: error

User:

Computer Name: USER-0F914895E2

Event Code: 3

Message: Failed auto update retrieval of third-party root list cab from: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab> with error: This operation returned because the timeout period expired.

Record Number: 1795

Source Name: crypt32

Time Written: 20120303103054.000000-480

Event Type: error

User:

======Environment variables======

"asl.log"=Destination=file;OnFirstLog=command,environment

"CLASSPATH"=.;C:\Program Files\Java\jre6\lib\ext\QTJava.zip

"ComSpec"=%SystemRoot%\system32\cmd.exe

"FP_NO_HOST_CHECK"=NO

"NUMBER_OF_PROCESSORS"=1

"OS"=Windows_NT

"Path"=%SystemRoot%\system32;%SystemRoot%;%SystemRoot%\system32\wbem;C:\WINDOWS\system32\WindowsPowerShell\v1.0;C:\Program Files\QuickTime\QTSystem

"PATHEXT"=.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH;.PSC1

"PROCESSOR_ARCHITECTURE"=x86

"PROCESSOR_IDENTIFIER"=x86 Family 15 Model 12 Stepping 0, AuthenticAMD

"PROCESSOR_LEVEL"=15

"PROCESSOR_REVISION"=0c00

"PSModulePath"=C:\WINDOWS\system32\WindowsPowerShell\v1.0\Modules\

"QTJAVA"=C:\Program Files\Java\jre6\lib\ext\QTJava.zip

"TEMP"=%SystemRoot%\TEMP

"TMP"=%SystemRoot%\TEMP

"windir"=%SystemRoot%

-----------------EOF-----------------

Link to post
Share on other sites

Checkup.txt file:

Results of screen317's Security Check version 0.99.31

Windows XP Service Pack 3 x86

Internet Explorer 8

``````````````````````````````

Antivirus/Firewall Check:

Windows Firewall Enabled!

avast! Free Antivirus

```````````````````````````````

Anti-malware/Other Utilities Check:

Spybot - Search & Destroy

SUPERAntiSpyware

TuneUp Companion 2.2.7

CCleaner

Java 6 Update 21

Java version out of date!

Adobe Flash Player 11.0.1.152

Adobe Reader 9 Adobe Reader out of date!

Mozilla Firefox (10.0.2)

````````````````````````````````

Process Check:

objlist.exe by Laurent

AVAST Software Avast AvastSvc.exe

AVAST Software Avast avastUI.exe

``````````End of Log````````````

Link to post
Share on other sites

Bitdefender:

QuickScan 32-bit v0.9.9.111

---------------------------

Scan date: Sun Mar 18 13:02:58 2012

Machine ID: C4EE01F2

No infection found.

-------------------

Processes

---------

hpwuSchd Application 2560 C:\Program Files\HP\HP Software Update\hpwuschd2.exe

AcroTray - Adobe Acrobat Distiller help 3508 C:\Program Files\Adobe\Acrobat 7.0\Distillr\acrotray.exe

avast! Antivirus 1720 C:\Program Files\AVAST Software\Avast\AvastSvc.exe

avast! Antivirus 3552 C:\Program Files\AVAST Software\Avast\AvastUI.exe

Bonjour 452 C:\Program Files\Bonjour\mDNSResponder.exe

Core Service 348 C:\Program Files\SUPERAntiSpyware\SASCore.exe

hp digital imaging 3216 C:\Program Files\HP\Digital Imaging\bin\hpqste08.exe

hp digital imaging 2780 C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe

iTunes 3076 C:\Program Files\iPod\bin\iPodService.exe

iTunes 2532 C:\Program Files\iTunes\iTunesHelper.exe

Java Platform SE 6 U21 1056 C:\Program Files\Java\jre6\bin\jqs.exe

Java Platform SE Auto Updater 2 0 2328 C:\Program Files\Common Files\Java\Java Update\jucheck.exe

Java Platform SE Auto Updater 2 0 2520 C:\Program Files\Common Files\Java\Java Update\jusched.exe

mcci+McciCMService 1228 C:\Program Files\Common Files\Motive\McciCMService.exe

Microsoft® Windows® Operating System 320 C:\WINDOWS\explorer.exe

Microsoft® Windows® Operating System 2892 C:\WINDOWS\system32\notepad.exe

Microsoft® Windows® Operating System 1768 C:\WINDOWS\system32\spoolsv.exe

Microsoft® Windows® Operating System 3220 C:\WINDOWS\system32\taskmgr.exe

MobileDeviceService 384 C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe

Nalpeiron License Management 1264 C:\WINDOWS\system32\NLSSRV32.EXE

Nero AG InCD 2316 C:\Program Files\Ahead\InCD\InCD.exe

Nero AG incdsrv 1348 C:\Program Files\Ahead\InCD\InCDsrv.exe

Realtek Sound Manager 2008 C:\WINDOWS\SOUNDMAN.EXE

The KMPlayer 3804 C:\Program Files\The KMPlayer\KMPlayer.exe

(verified) Microsoft® Windows® Operating System 2744 C:\WINDOWS\system32\alg.exe

(verified) Microsoft® Windows® Operating System 820 C:\WINDOWS\system32\csrss.exe

(verified) Microsoft® Windows® Operating System 3656 C:\WINDOWS\system32\ctfmon.exe

(verified) Microsoft® Windows® Operating System 900 C:\WINDOWS\system32\lsass.exe

(verified) Microsoft® Windows® Operating System 888 C:\WINDOWS\system32\services.exe

(verified) Microsoft® Windows® Operating System 732 C:\WINDOWS\system32\smss.exe

(verified) Microsoft® Windows® Operating System 2308 C:\WINDOWS\system32\svchost.exe

(verified) Microsoft® Windows® Operating System 1512 C:\WINDOWS\system32\svchost.exe

(verified) Microsoft® Windows® Operating System 1328 C:\WINDOWS\system32\svchost.exe

(verified) Microsoft® Windows® Operating System 1312 C:\WINDOWS\system32\svchost.exe

(verified) Microsoft® Windows® Operating System 1184 C:\WINDOWS\system32\svchost.exe

(verified) Microsoft® Windows® Operating System 1100 C:\WINDOWS\system32\svchost.exe

(verified) Microsoft® Windows® Operating System 844 C:\WINDOWS\system32\winlogon.exe

(verified) Windows® Internet Explorer 2116 C:\Program Files\Internet Explorer\iexplore.exe

(verified) Windows® Internet Explorer 3172 C:\Program Files\Internet Explorer\iexplore.exe

Network activity

----------------

Process iexplore.exe (2116) connected on port 80 (HTTP) --> 69.192.95.139

Process iexplore.exe (2116) connected on port 80 (HTTP) --> 173.194.33.33

Process iexplore.exe (2116) connected on port 80 (HTTP) --> 206.108.207.162

Process svchost.exe (1184) listens on ports: 135 (RPC)

Autoruns and critical files

---------------------------

hpwuSchd Application C:\Program Files\HP\HP Software Update\hpwuschd2.exe

AcroTray - Adobe Acrobat Distiller help C:\Program Files\Adobe\Acrobat 7.0\Distillr\acrotray.exe

Adobe Acrobat C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe

Adobe Reader and Acrobat Manager C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe

Apple Push C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe

avast! Antivirus C:\Program Files\AVAST Software\Avast\AvastUI.exe

HitmanPro C:\Program Files\Hitman Pro 3.5\HitmanPro35[1].exe

hp digital imaging C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe

iTunes C:\Program Files\iTunes\iTunesHelper.exe

Java Platform SE Auto Updater 2 0 C:\Program Files\Common Files\Java\Java Update\jusched.exe

Microsoft® Windows® Operating System C:\WINDOWS\system32\CRYPT32.dll

Microsoft® Windows® Operating System C:\WINDOWS\system32\cryptnet.dll

Microsoft® Windows® Operating System C:\WINDOWS\System32\CSCDLL.dll

Microsoft® Windows® Operating System C:\WINDOWS\System32\dimsntfy.dll

Microsoft® Windows® Operating System C:\WINDOWS\system32\logon.scr

Microsoft® Windows® Operating System C:\WINDOWS\system32\SHELL32.dll

Microsoft® Windows® Operating System c:\windows\system32\userinit.exe

Microsoft® Windows® Operating System C:\WINDOWS\system32\WlNotify.dll

Nero AG InCD C:\Program Files\Ahead\InCD\InCD.exe

QuickTime C:\Program Files\QuickTime\qttask.exe

Realtek Sound Manager C:\WINDOWS\SOUNDMAN.EXE

SuperAntiSpyware C:\Program Files\SUPERAntiSpyware\SASSEH.DLL

SUPERAntiSpyware WinLogon Processor C:\Program Files\SUPERAntiSpyware\SASWINLO.DLL

Windows Genuine Advantage C:\WINDOWS\system32\WgaLogon.dll

Windows Live Messenger C:\Program Files\Windows Live\Messenger\msnmsgr.exe

(verified) Microsoft® Windows® Operating System C:\WINDOWS\system32\BROWSEUI.dll

(verified) Microsoft® Windows® Operating System C:\WINDOWS\system32\ctfmon.exe

(verified) Microsoft® Windows® Operating System C:\WINDOWS\system32\logonui.exe

(verified) Microsoft® Windows® Operating System C:\WINDOWS\system32\sclgntfy.dll

(verified) Microsoft® Windows® Operating System C:\WINDOWS\system32\stobject.dll

(verified) Microsoft® Windows® Operating System C:\WINDOWS\system32\WPDShServiceObj.dll

(verified) Windows® Internet Explorer C:\WINDOWS\system32\msfeedssync.exe

(verified) Windows® Internet Explorer C:\WINDOWS\system32\webcheck.dll

Browser plugins

---------------

2007 Microsoft Office system C:\Program Files\Mozilla Firefox\plugins\NPOFF12.DLL

AcroIEHelperShim Library C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll

Adobe Acrobat C:\Program Files\Adobe\Reader 9.0\Reader\AIR\nppdf32.dll

Adobe Acrobat C:\Program Files\Internet Explorer\plugins\nppdf32.dll

Adobe Acrobat C:\Program Files\Mozilla Firefox\plugins\nppdf32.dll

Adobe IE plugin c:\program files\adobe\acrobat 7.0\acrobat\acroiefavclient.dll

ATLCamImage Module C:\WINDOWS\Downloaded Program Files\AxisCamControl.ocx

avast! WebRep C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll

Bitdefender QuickScan C:\WINDOWS\Downloaded Program Files\qsax.dll

Bonjour C:\Program Files\Bonjour\mdnsNSP.dll

CamCli Module C:\WINDOWS\Downloaded Program Files\CamCli.dll

ECOM Loader C:\WINDOWS\Downloaded Program Files\ecmldr32.dll

ECOM Server C:\WINDOWS\Downloaded Program Files\ecmsvr32.dll

EconPlayer.ocx C:\WINDOWS\Downloaded Program Files\EconPlayer.ocx

InstallShield ® C:\WINDOWS\Downloaded Program Files\setup.exe

Intel® JPEG Library C:\WINDOWS\Downloaded Program Files\ijl11.dll

Java Deployment Toolkit 6.0.210.7 C:\Program Files\Mozilla Firefox\plugins\npdeployJava1.dll

Java Platform SE 6 U21 c:\program files\java\jre6\bin\jp2ssv.dll

Java Platform SE 6 U21 C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll

Java Platform SE 6 U21 C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll

Messenger C:\Program Files\Messenger\msmsgs.exe

Microsoft Office 2010 C:\Program Files\Microsoft Office\Office14\NPAUTHZ.DLL

Microsoft Office 2010 C:\Program Files\Microsoft Office\Office14\NPSPWRAP.DLL

Microsoft Office 2010 C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL

Microsoft® Windows Live OneCare C:\WINDOWS\Downloaded Program Files\wlscBase.dll

Microsoft® Windows® Operating System C:\WINDOWS\system32\mswsock.dll

Microsoft® Windows® Operating System C:\WINDOWS\system32\rsvpsp.dll

Microsoft® Windows® Operating System C:\WINDOWS\System32\winrnr.dll

MSN Photo Upload Control C:\WINDOWS\Downloaded Program Files\MsnPUpld.dll

MSN Photo Upload Control C:\WINDOWS\Downloaded Program Files\PURen-ca.dll

MSN Photo Upload Control C:\WINDOWS\Downloaded Program Files\PURen-us.dll

NAVAPI C:\WINDOWS\Downloaded Program Files\navapi32.dll

npitunes.dll C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll

NPSWF32.dll C:\WINDOWS\system32\Macromed\Flash\NPSWF32.dll

PearsonInstallAsst2.ocx C:\WINDOWS\Downloaded Program Files\PearsonInstallAsst2.ocx

QuickTime Plug-in 7.6.7 C:\Program Files\Internet Explorer\plugins\npqtplugin.dll

QuickTime Plug-in 7.6.7 C:\Program Files\Internet Explorer\plugins\npqtplugin2.dll

QuickTime Plug-in 7.6.7 C:\Program Files\Internet Explorer\plugins\npqtplugin3.dll

QuickTime Plug-in 7.6.7 C:\Program Files\Internet Explorer\plugins\npqtplugin4.dll

QuickTime Plug-in 7.6.7 C:\Program Files\Internet Explorer\plugins\npqtplugin5.dll

QuickTime Plug-in 7.6.7 C:\Program Files\Internet Explorer\plugins\npqtplugin6.dll

QuickTime Plug-in 7.6.7 C:\Program Files\Internet Explorer\plugins\npqtplugin7.dll

QuickTime Plug-in 7.6.7 C:\Program Files\Mozilla Firefox\plugins\npqtplugin.dll

QuickTime Plug-in 7.6.7 C:\Program Files\Mozilla Firefox\plugins\npqtplugin2.dll

QuickTime Plug-in 7.6.7 C:\Program Files\Mozilla Firefox\plugins\npqtplugin3.dll

QuickTime Plug-in 7.6.7 C:\Program Files\Mozilla Firefox\plugins\npqtplugin4.dll

QuickTime Plug-in 7.6.7 C:\Program Files\Mozilla Firefox\plugins\npqtplugin5.dll

QuickTime Plug-in 7.6.7 C:\Program Files\Mozilla Firefox\plugins\npqtplugin6.dll

QuickTime Plug-in 7.6.7 C:\Program Files\Mozilla Firefox\plugins\npqtplugin7.dll

Silverlight Plug-In c:\Program Files\Microsoft Silverlight\4.1.10111.0\npctrl.dll

Symantec Antivirus Engine C:\WINDOWS\Downloaded Program Files\naveng32.dll

Symantec Antivirus Engine C:\WINDOWS\Downloaded Program Files\navex32a.dll

Symantec Security Check C:\WINDOWS\Downloaded Program Files\avsniff.dll

Symantec Security Check C:\WINDOWS\Downloaded Program Files\rufsi.dll

Symantec Shared Components C:\WINDOWS\Downloaded Program Files\symdlmgr.dll

System Requirements Lab C:\WINDOWS\Downloaded Program Files\sysreqlab2.dll

TestGen Plug-in 7.3 C:\Program Files\Internet Explorer\plugins\nptgeqplugin.dll

TestGenXInstall.dll C:\WINDOWS\Downloaded Program Files\TestGenXInstall.dll

TODO: <Product name> C:\WINDOWS\Downloaded Program Files\avsniffdlgs.dll

WholeSecurity Confidence Online for C:\WINDOWS\Downloaded Program Files\AXXPEE.dll

Windows Live ® C:\WINDOWS\Downloaded Program Files\Microsoft.Live.Folders.RichUpload.dll

Windows Live® Photo Gallery C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll

Windows Presentation Foundation c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll

Windows® Internet Explorer C:\WINDOWS\system32\ieframe.dll

xwrapper.ocx C:\Program Files\Internet Explorer\plugins\xwrapper.ocx

(verified) Microsoft® Windows Live Login Helper C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

(verified) Microsoft® Windows® Operating System C:\WINDOWS\Network Diagnostic\xpnetdiag.exe

Missing files

-------------

File not found: c:\program files\common files\adobe\acrobat\activex\acroiehelper.dll

--> HKLM\Software\Classes\CLSID\{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}\InprocServer32\"(default)"

Scan

----

MD5: f72f179a6a23c77988f31cee8c5d2326 C:\Program Files\Adobe\Acrobat 7.0\Acrobat Elements\ContextMenu.dll

MD5: 00aa6df95e24de4c616127ee739897f4 c:\program files\adobe\acrobat 7.0\acrobat\acroiefavclient.dll

MD5: b985665b63e92d8df8859eae21e7b52f C:\Program Files\Adobe\Acrobat 7.0\Distillr\acrotray.exe

MD5: 464b90532560c8c439c99cfbe1d7b7fd C:\Program Files\Adobe\Acrobat 7.0\Distillr\ADIST32.dll

MD5: c32e446ef72d89b592ab030f48596acc C:\Program Files\Adobe\Acrobat 7.0\Distillr\adistres.dll

MD5: 1fa3b42da40d0f387a7899a9731a2e94 C:\Program Files\Adobe\Reader 9.0\Reader\AIR\nppdf32.dll

MD5: 505f022493d471025add399a4162208b C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe

MD5: cf508a3971deceec1ce575dddca4a019 C:\Program Files\Ahead\InCD\InCD.exe

MD5: d1c70e9c8cc2e3a9fce79d6d74a3edfd C:\Program Files\Ahead\InCD\InCdApi.dll

MD5: 6b2eff917ed193d3f8a828dda2aaaa17 C:\Program Files\Ahead\InCD\incdshx.dll

MD5: e9372a17c22fc4e5c9fd8798a97775fc C:\Program Files\Ahead\InCD\InCDsrv.exe

MD5: 53f02d0b63c0581cc75b59feb8727868 C:\Program Files\AVAST Software\Avast\1033\Base.dll

MD5: e4483e1ad553b637fff75270db6ceab3 C:\Program Files\AVAST Software\Avast\1033\UILangRes.dll

MD5: c7cec19606f6c6bcef7dbd5056f93724 C:\Program Files\AVAST Software\Avast\Aavm4h.dll

MD5: b678403bb3864b7288676764d9f3bd05 C:\Program Files\AVAST Software\Avast\AavmRpch.dll

MD5: 5fa711c78fceb7ba5f34c31ade5707ae C:\Program Files\AVAST Software\Avast\AhResBhv.dll

MD5: 710d1e35c7904f5b39fe46348dcf1141 C:\Program Files\AVAST Software\Avast\AhResJs.dll

MD5: 9ad0825d4e06e4059d4b60656cdeb2b5 C:\Program Files\AVAST Software\Avast\AhResMai.dll

MD5: 5c1d7208e37719966fdc447d135eeadd C:\Program Files\AVAST Software\Avast\AhResMes.dll

MD5: 51a5228a3a5888c916f3df20075a0873 C:\Program Files\AVAST Software\Avast\AhResNS.dll

MD5: 0fd1252cb6091d4b2c4da60bcaed8e7a C:\Program Files\AVAST Software\Avast\AhResP2P.dll

MD5: bb3972c96fc1feceeca79e81433e6be1 C:\Program Files\AVAST Software\Avast\AhResStd.dll

MD5: 0e6bc5d5ebe89ca95d29963de785277a C:\Program Files\AVAST Software\Avast\AhResWS.dll

MD5: 23f655904edbe354cacec16148073d1c C:\Program Files\AVAST Software\Avast\ashBase.dll

MD5: 1b34989ddfd77861d3bfc7bdb0ae45ea C:\Program Files\AVAST Software\Avast\ashServ.dll

MD5: 751c5383f3995f6d6b3fa24ef89c9446 C:\Program Files\AVAST Software\Avast\ashShell.dll

MD5: 309391d362fa6036f92919cda11957f7 C:\Program Files\AVAST Software\Avast\ashTask.dll

MD5: 9765a954bc96d5444a55aacbac91a7c4 C:\Program Files\AVAST Software\Avast\ashTaskEx.dll

MD5: 90111518c52523789635e09d80c53584 C:\Program Files\AVAST Software\Avast\aswAra.dll

MD5: 0b8c72a9be02f1f1c6d2876b78f270ad C:\Program Files\AVAST Software\Avast\aswAux.dll

MD5: 153c55e9f84bf079a276c0d350806dc5 C:\Program Files\AVAST Software\Avast\aswCmnBS.dll

MD5: c1101c9f70c136106c80c7de073a7801 C:\Program Files\AVAST Software\Avast\aswCmnIS.dll

MD5: d07f23592281202d8f0bed99dfaf3db2 C:\Program Files\AVAST Software\Avast\aswCmnOS.dll

MD5: a43709d69b819285970de820d3ce0df4 C:\Program Files\AVAST Software\Avast\aswData.dll

MD5: aa8b84990d8605565c31daca9903067e C:\Program Files\AVAST Software\Avast\aswDld.dll

MD5: c0c17ab13efe021d09e278e127560944 C:\Program Files\AVAST Software\Avast\aswEngLdr.dll

MD5: 172c234f9c72a9bb2c939851acad734b C:\Program Files\AVAST Software\Avast\aswIdle.dll

MD5: 0bf206e2eac174e9b607fb90930c2477 C:\Program Files\AVAST Software\Avast\aswLog.dll

MD5: a21f1d4883777c8f2b918b9a33988f52 C:\Program Files\AVAST Software\Avast\aswProperty.dll

MD5: a218dc737865366494df73601a7b4626 C:\Program Files\AVAST Software\Avast\aswSqLt.dll

MD5: 7d634bb1b2bc4249e0e00ef39ddd5aab C:\Program Files\AVAST Software\Avast\aswStrm.dll

MD5: 0db949d42fc8b02cee4fd2a32f9b0910 C:\Program Files\AVAST Software\Avast\aswUtil.dll

MD5: 1d55d89c711cddc0ddff4665656e13f8 C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll

MD5: 4041d31508a2a084dfb42c595854090f C:\Program Files\AVAST Software\Avast\AvastSvc.exe

MD5: 782fef655dbf8653c9f2722bebf7a8a6 C:\Program Files\AVAST Software\Avast\AvastUI.exe

MD5: 5de753d819b3ed72bfb9ce4c57d3d047 C:\Program Files\AVAST Software\Avast\CommonRes.dll

MD5: 2e2a95923b69243d59ed185446c65095 C:\Program Files\AVAST Software\Avast\defs\12031800\algo.dll

MD5: cac074d89b94d80cea752a814d2ce9a2 C:\Program Files\AVAST Software\Avast\defs\12031800\aswCmnBS.dll

MD5: 63cc80647043e5533b85cbc201766e43 C:\Program Files\AVAST Software\Avast\defs\12031800\aswCmnIS.dll

MD5: a3b38412facf15bf52f84bb1bab5fa6b C:\Program Files\AVAST Software\Avast\defs\12031800\aswCmnOS.dll

MD5: 4bad48f68ef88e69d36304792e51b299 C:\Program Files\AVAST Software\Avast\defs\12031800\aswEngin.dll

MD5: ec0897691aa5603c8bc4243266923c73 C:\Program Files\AVAST Software\Avast\defs\12031800\aswFiDb.dll

MD5: 7547d83e56b7030b75e15a3ff38a1625 C:\Program Files\AVAST Software\Avast\defs\12031800\aswRep.dll

MD5: 2048d802152567734a5cb3a749b67184 C:\Program Files\AVAST Software\Avast\defs\12031800\aswScan.dll

MD5: 98b8468bfecdd2a6d7db586a8818163c C:\Program Files\AVAST Software\Avast\defs\12031800\uiExt.dll

MD5: 026c3bd6f2f2fdc676eced82062c9f47 C:\Program Files\AVAST Software\Avast\snxhk.dll

MD5: 40947436a70e0034e41123df5a0a7702 C:\Program Files\Bonjour\mdnsNSP.dll

MD5: db5bea73edaf19ac68b2c0fad0f92b1a C:\Program Files\Bonjour\mDNSResponder.exe

MD5: 6d182c31acf16213407f2768f1107fe3 C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe

MD5: 1f9b3487739b31c3d770728cb157a54d C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll

MD5: b8e421c0890356cd4a793d8a346d9096 C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe

MD5: 8222b430226e2ea622c58a4b5ad6f441 C:\Program Files\Common Files\Ahead\Lib\DriveLocker.dll

MD5: 1f3ff6c062b311fe410ec89f6bfac213 C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe

MD5: 37cf2461cb5e40c4cfab82c8fc79a2bc C:\Program Files\Common Files\Apple\Apple Application Support\ASL.dll

MD5: 5d76c8cc87d0efbe0b4a3bef6b67ebf0 C:\Program Files\Common Files\Apple\Apple Application Support\CFNetwork.dll

MD5: 6fe3e3a215e55c76a811b9b56a5aeb09 C:\Program Files\Common Files\Apple\Apple Application Support\CoreFoundation.dll

MD5: 149d74e1128a86dc9cfb2851fbea11eb C:\Program Files\Common Files\Apple\Apple Application Support\icudt46.dll

MD5: 250bf888ddbe88d61eb19a9d4957c794 C:\Program Files\Common Files\Apple\Apple Application Support\libdispatch.dll

MD5: 5a963c340de1a01ba6e24945ce05d16a C:\Program Files\Common Files\Apple\Apple Application Support\libicuin.dll

MD5: f4bc62990e7e5c29799a895b80fc3177 C:\Program Files\Common Files\Apple\Apple Application Support\libicuuc.dll

MD5: 5e33c164dc7fa74728d8a83036c438bb C:\Program Files\Common Files\Apple\Apple Application Support\libxml2.dll

MD5: 794950db77aa590c2964eca0a5874a09 C:\Program Files\Common Files\Apple\Apple Application Support\objc.dll

MD5: 8ba9851e671e8b5e49e303748ffd530c C:\Program Files\Common Files\Apple\Apple Application Support\SQLite3.dll

MD5: 2503287bd19ae52e36e9de42834a2ac0 C:\Program Files\Common Files\Apple\Apple Application Support\YSCrashDump.dll

MD5: 2e14406e05789f91c9282ae7cfca3a07 C:\Program Files\Common Files\Apple\Apple Application Support\zlib1.dll

MD5: 3debbecf665dcdde3a95d9b902010817 C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe

MD5: 1224bc6de919f8cd8c1c945280e63852 C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService_main.dll

MD5: 06a4250c9e3606cae3f68da45702f342 C:\Program Files\Common Files\Apple\Mobile Device Support\iTunesMobileDevice.dll

MD5: 905b5bf5be0a86e8412801bf20357195 C:\Program Files\Common Files\Apple\Mobile Device Support\MobileDevice.dll

MD5: db1a23ee7dd2e5e04e7de071a6bef699 C:\Program Files\Common Files\Java\Java Update\jucheck.exe

MD5: 785f487a64950f3cb8e9f16253ba3b7b C:\Program Files\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE

MD5: 7cfc00b4501a14cf369f869ab8e79e68 C:\Program Files\Common Files\Microsoft Shared\Windows Live\msidcrl40.dll

MD5: 4f74184920b2d6e33024409b4c5c57c1 C:\Program Files\Common Files\Motive\McciCMService.exe

MD5: 518ae5b18240f58e068392f4d30fae68 C:\Program Files\Hitman Pro 3.5\HitmanPro35[1].exe

MD5: eaac0198e3080c5c6da80dcd7d8f6b01 C:\Program Files\HP\Digital Imaging\bin\hpocxi08.dll

MD5: bed2e90115298488caefce39fc6cc5f8 C:\Program Files\HP\Digital Imaging\bin\hpoddcomm09.dll

MD5: 86fe4e3665328396c0c49b16cf60b500 C:\Program Files\HP\Digital Imaging\bin\hpodio08.dll

MD5: ca988683efb05808a79fad61a9030e67 C:\Program Files\HP\Digital Imaging\bin\hpodvd09.dll

MD5: b12c4496bbf10b6dddd10efef643feae C:\Program Files\HP\Digital Imaging\bin\hpotra08.dll

MD5: 0b996332f7501273e50e7e2f80a47025 C:\Program Files\HP\Digital Imaging\bin\hpotra08.rsc

MD5: e4832c938869ce5fd9b873cfcfda18c8 C:\Program Files\HP\Digital Imaging\bin\hpotradd.dll

MD5: 2e99e853f602244776f46700871df523 C:\Program Files\HP\Digital Imaging\bin\hpqcob08.dll

MD5: b489361079d13991ef2c3792fa658646 C:\Program Files\HP\Digital Imaging\bin\hpqcxm08.dll

MD5: 9fea589f36ca4babd1d96473a36bf5a9 C:\Program Files\HP\Digital Imaging\bin\hpqmfc09.dll

MD5: 7c15fa1d63ad0d01e1cde8117cd7a4fe C:\Program Files\HP\Digital Imaging\bin\hpqmif08.dll

MD5: e646ff345d8a98078401356133277a02 C:\Program Files\HP\Digital Imaging\bin\hpqrif08.dll

MD5: 9825f3da0d2b12fd0cc757aa9cd597bc C:\Program Files\HP\Digital Imaging\bin\hpqsem08.rsc

MD5: 0313129323aaefadb820082d014f4dac C:\Program Files\HP\Digital Imaging\bin\hpqste08.exe

MD5: 35ed8dc1e8d5ed9479de8e83e6162259 C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.rsc

MD5: 7009d06839febc21f29f3c9019af8575 C:\Program Files\HP\Digital Imaging\bin\hpqsti08.dll

MD5: bc08af60ba3a867d99aa1cf3613722f7 C:\Program Files\HP\Digital Imaging\bin\hpqstp08.dll

MD5: 9669358a3de454884caa5f6bd3e49d67 C:\Program Files\HP\Digital Imaging\bin\hpqtao08.dll

MD5: b293486f10a288edf33b8af115595af4 C:\Program Files\HP\Digital Imaging\bin\hpqtap08.dll

MD5: a9d65ceeec7844c9a0c6b445bcbe7823 C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe

MD5: 6893d2f2c2bab9c4dbada52dfb8b3ad6 C:\Program Files\HP\Digital Imaging\bin\hpqtra08.rsc

MD5: 2d7689e3a09c582100e824bd9224203c C:\Program Files\HP\Digital Imaging\bin\hpquio08.dll

MD5: a90749a9fed785a461d3f5b0ad6eec38 C:\Program Files\HP\Digital Imaging\bin\hpqusg.dll

MD5: c637fc4638a96165256b28d38de7b953 C:\Program Files\HP\HP Software Update\hpwuschd2.exe

MD5: 630a79b805ce654edb42d27ed0269a0e C:\Program Files\Internet Explorer\ieproxy.dll

MD5: 1fa3b42da40d0f387a7899a9731a2e94 C:\Program Files\Internet Explorer\plugins\nppdf32.dll

MD5: 2e3c5c95f80244b20631e38168b4f2ce C:\Program Files\Internet Explorer\plugins\npqtplugin.dll

MD5: 2e3c5c95f80244b20631e38168b4f2ce C:\Program Files\Internet Explorer\plugins\npqtplugin2.dll

MD5: 2e3c5c95f80244b20631e38168b4f2ce C:\Program Files\Internet Explorer\plugins\npqtplugin3.dll

MD5: 2e3c5c95f80244b20631e38168b4f2ce C:\Program Files\Internet Explorer\plugins\npqtplugin4.dll

MD5: 2e3c5c95f80244b20631e38168b4f2ce C:\Program Files\Internet Explorer\plugins\npqtplugin5.dll

MD5: 2e3c5c95f80244b20631e38168b4f2ce C:\Program Files\Internet Explorer\plugins\npqtplugin6.dll

MD5: 2e3c5c95f80244b20631e38168b4f2ce C:\Program Files\Internet Explorer\plugins\npqtplugin7.dll

MD5: dcefc06a923943cff59749fcf7dc01bf C:\Program Files\Internet Explorer\plugins\nptgeqplugin.dll

MD5: 4b8fe2760e9b7c91b4d1e64231f6b00c C:\Program Files\Internet Explorer\plugins\xwrapper.ocx

MD5: d99e62c440b4a0463baa47b1256ff0a7 C:\Program Files\Internet Explorer\xpshims.dll

MD5: 178fe38b7740f598391eb2f51ae4ccac C:\Program Files\iPod\bin\iPodService.exe

MD5: 7732270d44bb0f8c3111848f9e1a0b53 C:\Program Files\iPod\bin\iPodService.Resources\en.lproj\iPodServiceLocalized.DLL

MD5: b8a7305083996a333089119e63c29d51 C:\Program Files\iPod\bin\iPodService.Resources\iPodService.DLL

MD5: bbf53397690ba8931c21352d246c744c C:\Program Files\iTunes\iTunesHelper.dll

MD5: 444eb38a256be60f2013488c49d2ab3f C:\Program Files\iTunes\iTunesHelper.exe

MD5: f70af9eb44cc52c2da23ba23a69ae977 C:\Program Files\iTunes\iTunesHelper.Resources\en.lproj\iTunesHelperLocalized.DLL

MD5: ca4674baeb26baee4e54ae588c2c74fb C:\Program Files\iTunes\iTunesHelper.Resources\iTunesHelper.DLL

MD5: 64151c0799431e0304ae1bd6202131a7 C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll

MD5: 2d5394ff0e31ffefb5049f0911e91d89 C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll

MD5: 3e930c641079443d4de036167a69caa2 C:\Program Files\Messenger\msmsgs.exe

MD5: 47fc5a4a45e883a36aff884b3e6073b1 C:\Program Files\Microsoft Office\Office14\MSOHEV.DLL

MD5: a5d08b86e8a437aa6deaf7a187bf6ca5 C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL

MD5: ed327201724ea05d509b7939abe49e98 c:\Program Files\Microsoft Silverlight\4.1.10111.0\npctrl.dll

MD5: 9a6101f29e2e9d41b99cbcc8f106e8fe C:\Program Files\Mozilla Firefox\plugins\NPOFF12.DLL

MD5: 1fa3b42da40d0f387a7899a9731a2e94 C:\Program Files\Mozilla Firefox\plugins\nppdf32.dll

MD5: 2e3c5c95f80244b20631e38168b4f2ce C:\Program Files\Mozilla Firefox\plugins\npqtplugin.dll

MD5: 2e3c5c95f80244b20631e38168b4f2ce C:\Program Files\Mozilla Firefox\plugins\npqtplugin2.dll

MD5: 2e3c5c95f80244b20631e38168b4f2ce C:\Program Files\Mozilla Firefox\plugins\npqtplugin3.dll

MD5: 2e3c5c95f80244b20631e38168b4f2ce C:\Program Files\Mozilla Firefox\plugins\npqtplugin4.dll

MD5: 2e3c5c95f80244b20631e38168b4f2ce C:\Program Files\Mozilla Firefox\plugins\npqtplugin5.dll

MD5: 2e3c5c95f80244b20631e38168b4f2ce C:\Program Files\Mozilla Firefox\plugins\npqtplugin6.dll

MD5: 2e3c5c95f80244b20631e38168b4f2ce C:\Program Files\Mozilla Firefox\plugins\npqtplugin7.dll

MD5: 49385afee6edfa0a0177be6651aadd77 C:\Program Files\QuickTime\qttask.exe

MD5: c0393eb99a6c72c6bef9bfc4a72b33a6 C:\Program Files\SUPERAntiSpyware\SASCore.exe

MD5: 39763504067962108505bff25f024345 C:\Program Files\SUPERAntiSpyware\SASDIFSV.SYS

MD5: 77b9fc20084b48408ad3e87570eb4a85 C:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS

MD5: 2975c66459c426c20bc22d639df6b611 C:\Program Files\SUPERAntiSpyware\SASSEH.DLL

MD5: 2ab3a3c80c935bc6c86f3880f8f34bcc C:\Program Files\SUPERAntiSpyware\SASWINLO.DLL

MD5: 41bf6d5f62ae9355a92386a9492e3e85 C:\Program Files\The KMPlayer\DSMSplitter.ax

MD5: 2faa8520058538e54c0a0d17a7167c16 C:\Program Files\The KMPlayer\KMPlayer.exe

MD5: 02af4ec7021e1bcb0864cb4a2a6912f9 C:\Program Files\The KMPlayer\libcodec.dll

MD5: d6819e1da3ef61aff44c674d3b944905 C:\Program Files\The KMPlayer\LibDTS.dll

MD5: 29091b4504f77565f13df883e028b034 C:\Program Files\The KMPlayer\libmad.dll

MD5: 1717d4849e6fc1c6a8e1822273c54adf C:\Program Files\The KMPlayer\libmplay.dll

MD5: 382f62101995463209775554265a03c6 C:\Program Files\The KMPlayer\PProcDLL.dll

MD5: 80b2ec735495823ae5771a5f603e73bd C:\PROGRA~1\COMMON~1\Motive\MREMP50.SYS

MD5: 37d7c22f7e26da90e2d2d260e5d27846 C:\PROGRA~1\COMMON~1\Motive\MRESP50.SYS

MD5: 5efbd13cc9c28d8ebefa3dea4c580d51 C:\PROGRA~1\COMMON~1\SYMANT~1\CCPD-LC\symlcsvc.exe

MD5: 310c15fd8358b2c4cd7a5b98a112883f C:\WINDOWS\AppPatch\AcGenral.DLL

MD5: 77e6673a112c98f99ef44776f4de2e4d C:\WINDOWS\AppPatch\AcLayers.DLL

MD5: a5e06a91cf82d97985c90b12fee33a01 C:\WINDOWS\Downloaded Program Files\avsniff.dll

MD5: 457af40a5dbd3a0a8a3d968dee7d27ea C:\WINDOWS\Downloaded Program Files\avsniffdlgs.dll

MD5: 85284d40568ae8d20718c4ae34f673ab C:\WINDOWS\Downloaded Program Files\AxisCamControl.ocx

MD5: 9c2410960d8425bb70161787ff2fd8a1 C:\WINDOWS\Downloaded Program Files\AXXPEE.dll

MD5: 8eaac7186c4f356c6fb1192653ce32e3 C:\WINDOWS\Downloaded Program Files\CamCli.dll

MD5: 03ca4a509e1b0e59005a731f54eb9481 C:\WINDOWS\Downloaded Program Files\ecmldr32.dll

MD5: 7eae24337088a1c78753bc2b6579b006 C:\WINDOWS\Downloaded Program Files\ecmsvr32.dll

MD5: 5c84f5f54ad02d64fc50e838d23f5808 C:\WINDOWS\Downloaded Program Files\EconPlayer.ocx

MD5: a0ce0247d48fecaac607edb1e2d87fd8 C:\WINDOWS\Downloaded Program Files\ijl11.dll

MD5: b90bd208cce1191abe5edbf5eeddd3b4 C:\WINDOWS\Downloaded Program Files\Microsoft.Live.Folders.RichUpload.dll

MD5: d2fb109c3f0daaaa4a73e5921656db3e C:\WINDOWS\Downloaded Program Files\MsnPUpld.dll

MD5: ca74a39806ecd04fd412eabcb70473c9 C:\WINDOWS\Downloaded Program Files\navapi32.dll

MD5: 99231269603d0cacf945fc10b971e50e C:\WINDOWS\Downloaded Program Files\naveng32.dll

MD5: 6b679452bd10d65220d937fae5ac7d80 C:\WINDOWS\Downloaded Program Files\navex32a.dll

MD5: f8deb38f965876664468fb2dbc3b4644 C:\WINDOWS\Downloaded Program Files\PearsonInstallAsst2.ocx

MD5: 03f57e8a00774d831926dac89b21bb2d C:\WINDOWS\Downloaded Program Files\PURen-ca.dll

MD5: f06a42348dafd569a82df4a61f57b8e4 C:\WINDOWS\Downloaded Program Files\PURen-us.dll

MD5: 4334ac34536737bb13dc47b07b7a0c42 C:\WINDOWS\Downloaded Program Files\qsax.dll

MD5: d9021b7c1d765851774fd9a753aec435 C:\WINDOWS\Downloaded Program Files\rufsi.dll

MD5: cafb55aa463c6df8802122838d50d2bb C:\WINDOWS\Downloaded Program Files\setup.exe

MD5: 2c58372f36fa9ac9937a188fae31ec06 C:\WINDOWS\Downloaded Program Files\symdlmgr.dll

MD5: 9274e9256a8773431c2040f7a34dcb9f C:\WINDOWS\Downloaded Program Files\sysreqlab2.dll

MD5: b43771342bde83a1e0b414cdec24bf33 C:\WINDOWS\Downloaded Program Files\TestGenXInstall.dll

MD5: 3d6124e95d5351cd62d414caf9148bd7 C:\WINDOWS\Downloaded Program Files\wlscBase.dll

MD5: 8cdce5c34ef646c997869b59b79186cc C:\WINDOWS\explorer.exe

MD5: ab87eeffd18f2baafc274e7075ea6c67 c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll

MD5: e0584ee5e7f07f04a879b19a37465588 C:\WINDOWS\SOUNDMAN.EXE

MD5: f100ee264165cac6a784a313d47a2819 C:\WINDOWS\system32\AdobePDF.dll

MD5: 93afb83fbc1f9443cac722fca63d73bf C:\WINDOWS\system32\comctl32.dll

MD5: ed0c0df222209e43ad9afbf3fe87dde0 C:\WINDOWS\system32\comsvcs.dll

MD5: 8fcf03e4d7be9b5587ccf11719959006 C:\WINDOWS\system32\corpol.dll

MD5: a90e118f12d355f9946dfb30a8f94609 C:\WINDOWS\system32\CRYPT32.dll

MD5: c14350fc0d47d806699c4f907fc6785b C:\WINDOWS\system32\cryptnet.dll

MD5: 515a7fae2070c2b0242b2353443e2f11 C:\WINDOWS\System32\CSCDLL.dll

MD5: dd40363abad230a84c5e2178b11efa88 C:\WINDOWS\system32\CSRSRV.dll

MD5: e2092f0a1d7abc243f9c2362483d150d C:\WINDOWS\System32\dimsntfy.dll

MD5: 389496118b3b03c2328024af320132ac C:\WINDOWS\system32\DNSAPI.dll

MD5: 5f7e24fa9eab896051ffb87f840730d2 c:\windows\system32\dnsrslvr.dll

MD5: 062373995eae5f0eac9eaa9192136bfb C:\WINDOWS\system32\dnssd.dll

MD5: 1e44bc1e83d8fd2305f8d452db109cf9 C:\WINDOWS\System32\drivers\afd.sys

MD5: ba88534a3ceb6161e7432438b9ea4f54 C:\WINDOWS\system32\drivers\ALCXSENS.SYS

MD5: 5ff6f7e58c798f1474c0bbffc23cb78d C:\WINDOWS\system32\drivers\ALCXWDM.SYS

MD5: 033448d435e65c4bd72e70521fd05c76 C:\WINDOWS\system32\DRIVERS\AmdPPM.sys

MD5: 71356a1370739e25375a1d17b6ae318f C:\WINDOWS\system32\drivers\aslm75.sys

MD5: 16ebd8bf1d5090923694cc972c7ce1b4 C:\WINDOWS\system32\DRIVERS\ENTECH.sys

MD5: 30ca91e657cede2f95359d6ef186f650 C:\WINDOWS\system32\DRIVERS\HPZid412.sys

MD5: efd31afa752aa7c7bbb57bcbe2b01c78 C:\WINDOWS\system32\DRIVERS\HPZipr12.sys

MD5: 7ac43c38ca8fd7ed0b0a4466f753e06e C:\WINDOWS\system32\DRIVERS\HPZius12.sys

MD5: 2e878405128ec98886eb9c2216ac7bd6 C:\WINDOWS\System32\DRIVERS\InCDPass.sys

MD5: 7d304a5eb4344ebeeab53a2fe3ffb9f0 C:\WINDOWS\system32\DRIVERS\mrxsmb.sys

MD5: ca3e22598f411199adc2dfee76cd0ae0 C:\WINDOWS\system32\drivers\msmpu401.sys

MD5: e78ce4b8e70ccc1a6e63008c3660867c C:\WINDOWS\system32\drivers\nchssvad.sys

MD5: 0109c4f3850dfbab279542515386ae22 C:\WINDOWS\system32\DRIVERS\ndistapi.sys

MD5: c0fcd544a1c4eea6d11a0ae6a07dac9d C:\WINDOWS\system32\DRIVERS\nv_agp.sys

MD5: 46deed4c6c5fa765f9a2c723be60348d C:\WINDOWS\SYSTEM32\DRIVERS\NVATABUS.SYS

MD5: f87d81c2a99a3796b5e4db6d38b8e706 C:\WINDOWS\system32\DRIVERS\NVENETFD.sys

MD5: 1602abc3fc9f8ca6a5b2c9cb466720b5 C:\WINDOWS\system32\DRIVERS\nvnetbus.sys

MD5: a199171385be17973fd800fa91f8f78a C:\WINDOWS\System32\Drivers\sptd.sys

MD5: 47ddfc2f003f7f9f0592c6874962a2e7 C:\WINDOWS\system32\DRIVERS\srv.sys

MD5: 7e55cbc1f285258c0475a8337f5ba324 C:\WINDOWS\system32\drivers\TotRec7.sys

MD5: 83cafcb53201bbac04d822f32438e244 C:\WINDOWS\System32\Drivers\usbaapl.sys

MD5: fce98c43b5c5db8e0da8ea0e2b45e044 C:\WINDOWS\system32\DRIVERS\VClone.sys

MD5: ff34f3f26774beef8d7c27205a6cf05a C:\WINDOWS\system32\DrvTrNTl.dll

MD5: 695e05c2c7e111bfba1f321ee0672769 C:\WINDOWS\system32\DrvTrNTm.dll

MD5: ea84c76c6b55b3f5ae1d0baf5ad204d6 C:\WINDOWS\system32\dsdmo.dll

MD5: f5b754cdea20bbb3a31e16a776ede6d6 c:\windows\system32\ESENT.dll

MD5: e5a93f799298147e169d689969d5c73f C:\WINDOWS\system32\hptcpmib.dll

MD5: e965160b09675e027ef8235ef90eb405 C:\WINDOWS\system32\HpTcpMon.dll

MD5: 219541b30b162b7bd1202a252c56f941 C:\WINDOWS\system32\HPTcpMUI.dll

MD5: 2d091a99624fb9e7eef0a86d872ec0c3 C:\WINDOWS\system32\HPZipm12.exe

MD5: 9c2e4b463daaa7a8508f6dbba3c3eb85 C:\WINDOWS\system32\hpzipr12.dll

MD5: b85ec14c7a5f7b2c8d70d4443486dd77 C:\WINDOWS\system32\hpzjrd01.dll

MD5: 8de42b399da44bfc936f7d850613fc72 C:\WINDOWS\system32\hpzll43a.dll

MD5: 2c849ef63c0086287e427bf65fc64d09 C:\WINDOWS\system32\ieframe.dll

MD5: b43140c2edc49c4b7c140f1f4e3f6877 C:\WINDOWS\system32\iepeers.dll

MD5: e236ecb439a9e824fab18c49d6526136 C:\WINDOWS\system32\iertutil.dll

MD5: 1e6c47b63cd2f812de0f4a9f610fabb4 C:\WINDOWS\system32\jscript.dll

MD5: a525c96c51d55111fdf3bea9ffffc7ae C:\WINDOWS\system32\kerberos.dll

MD5: 20fa028cb6506591a99c51432a3c0174 C:\WINDOWS\system32\LangWrbk.dll

MD5: 9fad7dff67555ff1e06bc4a3893024a7 C:\WINDOWS\system32\logon.scr

MD5: bd31dc6dbe9333c4fbd4bdf0899f2160 C:\WINDOWS\system32\LSASRV.dll

MD5: 3306893c1944eaa156e9173c5a1a080e C:\WINDOWS\system32\Macromed\Flash\NPSWF32.dll

MD5: 521f1463e9733fd867e097727dd90177 C:\WINDOWS\system32\mcdvd_32.dll

MD5: 76848cb1aa5818db47d5f5986e0a7485 C:\WINDOWS\system32\MFC42.DLL

MD5: f35a584e947a5b401feb0fe01db4a0d7 C:\WINDOWS\system32\MFC71.DLL

MD5: dbf3c1a401b5a373655153d1a699e0af C:\WINDOWS\system32\MFC71ENU.DLL

MD5: 1e744353bd534405187a404667da3dc3 C:\WINDOWS\system32\mgmtapi.dll

MD5: 3f790874a85819e94574f3e7af9c5806 C:\WINDOWS\system32\msctfime.ime

MD5: 2aee8855ac827608803bb0dee9995c32 C:\WINDOWS\system32\msfeeds.dll

MD5: a9259cd226283cd4f798c00909754a94 C:\WINDOWS\system32\mshtml.dll

MD5: d3f72d50de53f9f1f55240115af4d42e C:\WINDOWS\system32\msi.dll

MD5: c52ce534397e1d3a442fb4c88a3cbe42 C:\WINDOWS\system32\msonpmon.dll

MD5: 943337d786a56729263071623bbb9de5 C:\WINDOWS\system32\mswsock.dll

MD5: 2b8b64aa14f817bdf3e3204fb041a61d C:\WINDOWS\System32\mtxoci.dll

MD5: 062f837c1fbdb6a0a75f82efc2ee8e74 C:\WINDOWS\system32\NETSHELL.dll

MD5: 7bfa0c5d8a4a2f1c46a6a3a698bde3e5 C:\WINDOWS\system32\NLSSRV32.EXE

MD5: 5e28284f9b5f9097640d58a73d38ad4c C:\WINDOWS\system32\notepad.exe

MD5: f8f0d25ca553e39dde485d8fc7fcce89 C:\WINDOWS\system32\ntdll.dll

MD5: 40b0f98bad16ad5def894e88c3ef8014 C:\WINDOWS\system32\ODBC32.dll

MD5: 6bad1bed9872e62049e487fb91ae2f3a C:\WINDOWS\system32\ole32.dll

MD5: 20200ee3cfe10e9f0c028d8653be11c6 C:\WINDOWS\system32\OLEACC.dll

MD5: 1b2be5777f69a71778f52ffee1c798d6 C:\WINDOWS\system32\OLEAUT32.dll

MD5: 831883b107684301f48ace752c963984 C:\WINDOWS\system32\PnkBstrA.exe

MD5: 4e48ea036f83bd5286578f44ddb4a6b2 C:\WINDOWS\system32\qasf.dll

MD5: 33d2057b1b253aa95e3c0de8f0df2199 C:\WINDOWS\system32\qdvd.dll

MD5: 34ffb6aba2da398bb33422e1e9275ba9 C:\WINDOWS\system32\quartz.dll

MD5: d4502f124289a31976130cccb014c9aa C:\WINDOWS\system32\RPCRT4.dll

MD5: 72451fd61ddbb0a1fb071b7c3cde5594 C:\WINDOWS\system32\rsvpsp.dll

MD5: a645a78fcdabad67067324d7e6cd9f79 C:\WINDOWS\system32\schannel.dll

MD5: 26cb10fa893f940ab09713ff46dcdade C:\WINDOWS\system32\SHDOCVW.dll

MD5: e86423aa9aa8c382af02b94a058dc2aa C:\WINDOWS\system32\SHELL32.dll

MD5: 99bc0b50f511924348be19c7c7313bbf C:\WINDOWS\system32\SHSVCS.dll

MD5: ea1b063208e4ae322bdf3f2fa235cc9d C:\WINDOWS\System32\spool\PRTPROCS\W32X86\hpzpp43a.dll

MD5: 60784f891563fb1b767f70117fc2428f C:\WINDOWS\system32\spoolsv.exe

MD5: 3a7c3cbe5d96b8ae96ce81f0b22fb527 c:\windows\system32\srvsvc.dll

MD5: 3caeae7608f1bd7ba873a3b02895b106 C:\WINDOWS\system32\sti.dll

MD5: 2cd1c3506a85b38e2d17e61aded175c4 C:\WINDOWS\system32\taskmgr.exe

MD5: 407bc2813b30bc2f8a341d5091828caa C:\WINDOWS\system32\urlmon.dll

MD5: c2d7189cdd37453234a9bbcb58e50883 C:\WINDOWS\system32\usbui.dll

MD5: a93aee1928a9d7ce3e16d24ec7380f89 c:\windows\system32\userinit.exe

MD5: 9e03dc5ab51cfd0190541ce2038d819d C:\WINDOWS\system32\USP10.dll

MD5: 9d39d9e07c180127252e176ec2b41487 C:\WINDOWS\system32\UTILDLL.dll

MD5: 0dfa4d5e8205614eda53394e637812e4 C:\WINDOWS\system32\VDMDBG.dll

MD5: 6404807abc7af52fa3792697ae638b50 C:\WINDOWS\system32\wbem\wbemcons.dll

MD5: 627b55fad15c6b03b44198afbeebab1a C:\WINDOWS\system32\WgaLogon.dll

MD5: 684559a03cbc1d05ba120a18b0d8ba5d C:\WINDOWS\system32\WINHTTP.dll

MD5: f362d50fbdc6e34918df41bde1770e5c C:\WINDOWS\system32\WININET.dll

MD5: 4a953f13942867ba8fb41f141ec1b80c C:\WINDOWS\system32\WINMM.dll

MD5: d72b9ec3337b247a666f098f3d6b43de C:\WINDOWS\System32\winrnr.dll

MD5: 8c7dca4b158bf16894120786a7a5f366 C:\WINDOWS\system32\winsrv.dll

MD5: 2cc34e8bb667eef78899546e12649196 C:\WINDOWS\system32\WlNotify.dll

MD5: ba26ddbb7c725c2914d125377777e24f C:\WINDOWS\system32\WMVDECOD.dll

MD5: 60b8c0db5a8e4d7b4712df66d6ff2788 C:\WINDOWS\system32\Wship6.dll

MD5: 277f3e3333f1d10ca428568197fcce70 C:\WINDOWS\system32\wsnmp32.dll

MD5: 7facb452456ef5c053af3ee4b228fe0d C:\WINDOWS\System32\XPOB2RES.DLL

MD5: 16403217ab6fc5c30c14c6b12098ad4b C:\WINDOWS\system32\xpsp2res.dll

MD5: 0b3595a4ff0b36d68e5fc67fd7d70fdc C:\WINDOWS\WinSxS\x86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0.50727.6195_x-ww_44262b86\MSVCP80.dll

MD5: c9564cf4976e7e96b4052737aa2492b4 C:\WINDOWS\WinSxS\x86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0.50727.6195_x-ww_44262b86\MSVCR80.dll

MD5: 4c39358ebdd2ffcd9132a30e1ec31e16 C:\WINDOWS\WinSxS\x86_Microsoft.VC90.CRT_1fc8b3b9a1e18e3b_9.0.30729.6161_x-ww_31a54e43\MSVCP90.dll

MD5: cdbe9690cf2b8409facad94fac9479c9 C:\WINDOWS\WinSxS\x86_Microsoft.VC90.CRT_1fc8b3b9a1e18e3b_9.0.30729.6161_x-ww_31a54e43\MSVCR90.dll

MD5: ca6ade4f7761bb15b3325356dc3b82bb C:\WINDOWS\WinSxS\x86_Microsoft.VC90.MFC_1fc8b3b9a1e18e3b_9.0.30729.6161_x-ww_028bc148\mfc90u.dll

MD5: fbfca1a574d47ee575448b719cbbf2e4 C:\WINDOWS\WinSxS\x86_Microsoft.VC90.MFCLOC_1fc8b3b9a1e18e3b_9.0.30729.6161_x-ww_730c3508\MFC90ENU.DLL

MD5: 736b12b725aeb2b07f0241a9f680cb10 C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.6028_x-ww_61e65202\comctl32.dll

MD5: 33d9b7bb7ba323bafe489df033dac824 C:\WINDOWS\WinSxS\x86_Microsoft.Windows.GdiPlus_6595b64144ccf1df_1.0.6002.22509_x-ww_c7dad023\gdiplus.dll

No file uploaded.

Scan finished - communication took 3 sec

Total traffic - 0.01 MB sent, 1.19 KB recvd

Scanned 715 files and modules - 129 seconds

==============================================================================

Link to post
Share on other sites

RogueKiller V7.3.1 [03/10/2012] by Tigzy

mail: tigzyRK<at>gmail<dot>com

Feedback: http://www.geekstogo.com/forum/files/file/413-roguekiller/

Blog: http://tigzyrk.blogspot.com

Operating System: Windows XP (5.1.2600 Service Pack 3) 32 bits version

Started in : Normal mode

User: ffffffff [Admin rights]

Mode: Scan -- Date: 03/18/2012 13:07:36

¤¤¤ Bad processes: 0 ¤¤¤

¤¤¤ Registry Entries: 1 ¤¤¤

[HJ] HKLM\[...]\NewStartPanel : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> FOUND

¤¤¤ Particular Files / Folders: ¤¤¤

[FAKED] ati1rvxx.sys : c:\windows\system32\drivers\ati1rvxx.sys --> CANNOT FIX

[FAKED] ati2mtaa.sys : c:\windows\system32\drivers\ati2mtaa.sys --> CANNOT FIX

[FAKED] atinxsxx.sys : c:\windows\system32\drivers\atinxsxx.sys --> CANNOT FIX

[FAKED] mtlstrm.sys : c:\windows\system32\drivers\mtlstrm.sys --> CANNOT FIX

[FAKED] slnt7554.sys : c:\windows\system32\drivers\slnt7554.sys --> CANNOT FIX

¤¤¤ Driver: [LOADED] ¤¤¤

¤¤¤ Infection : ¤¤¤

¤¤¤ HOSTS File: ¤¤¤

127.0.0.1 localhost

¤¤¤ MBR Check: ¤¤¤

+++++ PhysicalDrive0: WDC WD1600JB-00GVA0 +++++

--- User ---

[MBR] 6960460e98cc7827edfe55055973fcf7

[bSP] 90b85e22a22a8998fad844ec3cef6748 : Windows XP MBR Code

Partition table:

0 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 63 | Size: 152617 Mo

Error reading LL1 MBR!

Error reading LL2 MBR!

Finished : << RKreport[1].txt >>

RKreport[1].txt

Link to post
Share on other sites

Next, I suggest you run Windows' System File checker.

Temporarily turn off your antivirus

How To Temporarily Disable Your Anti-virus, Firewall And Anti-malware Programs

Also, turn off Hitmanpro

Insure to disable Spybot-S&D temporarily

Start Spybot-S&D, switch to the Advanced mode via the menu bar item Mode

then select Advanced Mode

On the left hand side, slect Tools

Then click on the Resident icon in the list

Uncheck Resident TeaTimer and OK any prompts.

Step 2

  • Double-Click RogueKiller.
  • Wait until Prescan finishes.
  • On the RogueKiller console, click the Registry tab.
  • Then press the Delete button.
  • When done, logoff & Restart the system.

Step 3

Temporarily turn off your antivirus

How To Temporarily Disable Your Anti-virus, Firewall And Anti-malware Programs

Also, turn off Hitmanpro

Press the Windows Start key & select RUN:

in the text box at bottom, type in

cmd

and press ENTER key

Next, you will see a black box window (command prompt)

it should show "c:\Windows\system32>

there type in

sfc /scannow

and press ENTER key

It will say Beginning system scan. This process will take some time.

Let it run and observe it from time to time.

I need to know what message you see when it is done.

P.s. The sfc /scannow command scans all protected system files and replaces incorrect versions with correct Microsoft versions....if possible.

Step 4

Download OTL by OldTimer and SAVE to your desktop: http://oldtimer.geekstogo.com/OTL.exe

Please close any of your open windows/programs and exit; saving any open work you have.

I'd like to have you do a special run of OTL to generate some searches & a new log-report.

  • Please double-click OTL.exe otlDesktopIcon.png to run it. (Note: If you are running on Vista or Windows 7, right-click on the file and choose Run As Administrator).
  • Copy all the lines in between the **** stars lines **** below to the clipboard by highlighting ALL of them and pressing CTRL + C (or, after highlighting, right-click and choose Copy):
    *****************************************************************
    netsvcs
    msconfig
    safebootminimal
    safebootnetwork
    activex
    drivers32
    %ALLUSERSPROFILE%\Application Data\*.
    %ALLUSERSPROFILE%\Application Data\*.exe /s
    %APPDATA%\*.
    %APPDATA%\*.exe /s
    %SYSTEMDRIVE%\*.exe
    /md5start
    ati1rvxx.sys
    ati2mtaa.sys
    atinxsxx.sys
    mtlstrm.sys
    slnt7554.sys
    beep.sys
    userinit.exe
    eventlog.dll
    scecli.dll
    netlogon.dll
    cngaudit.dll
    sceclt.dll
    ntelogon.dll
    logevent.dll
    iaStor.sys
    nvstor.sys
    atapi.sys
    IdeChnDr.sys
    viasraid.sys
    AGP440.sys
    vaxscsi.sys
    nvatabus.sys
    viamraid.sys
    nvata.sys
    nvgts.sys
    iastorv.sys
    ViPrt.sys
    eNetHook.dll
    ahcix86.sys
    KR10N.sys
    nvstor32.sys
    ahcix86s.sys
    /md5stop
    %systemroot%\system32\drivers\*.sys /lockedfiles
    %systemroot%\System32\config\*.sav
    %systemroot%\*. /mp /s
    %systemroot%\system32\*.dll /lockedfiles
    CREATERESTOREPOINT
    *****************************************************************
  • Return to OTL. Right click in the "Custom Scans/Fixes" window (under the aqua-blue bar) and choose Paste.
  • Close any browser(s) windows that may be open.
  • Using your mouse, click on Run Scan.
  • The scan won't take long.
    When the scan completes, it will open two notepad windows. OTL.Txt and Extras.Txt.
    These are saved in the same location as OTL.
  • Please copy (Edit->Select All, Edit->Copy) & Paste the contents of just OTL.txt into a reply

Link to post
Share on other sites

Hi Maurice,

Here is the contents of OTL.txt. While the cmd prompt did its scan it asked to input the windows xp cd to copy "Files that are required for windows to run properly must be copied to the DLL cache. Insert your xp home edition now". While oldtimer was doing its scan, the process winlogon.exe was going around 100% cpu usage.

Link to post
Share on other sites

OTL logfile created on: 3/18/2012 3:55:49 PM - Run 1

OTL by OldTimer - Version 3.2.39.1 Folder = C:\Documents and Settings\ffffffff\Desktop

Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation

Internet Explorer (Version = 8.0.6001.18702)

Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

3.00 Gb Total Physical Memory | 2.58 Gb Available Physical Memory | 85.94% Memory free

3.82 Gb Paging File | 3.59 Gb Available in Paging File | 94.02% Paging File free

Paging file location(s): C:\pagefile.sys 1000 1536 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files

Drive C: | 149.04 Gb Total Space | 34.02 Gb Free Space | 22.83% Space Free | Partition Type: NTFS

Drive D: | 556.69 Mb Total Space | 0.00 Mb Free Space | 0.00% Space Free | Partition Type: CDFS

Computer Name: USER-0F914895E2 | User Name: ffffffff | Logged in as Administrator.

Boot Mode: Normal | Scan Mode: Current user

Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2012/03/18 14:25:32 | 000,594,432 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\ffffffff\Desktop\OTL.exe

PRC - [2012/03/06 16:15:17 | 004,241,512 | ---- | M] (AVAST Software) -- C:\Program Files\AVAST Software\Avast\AvastUI.exe

PRC - [2012/03/06 16:15:14 | 000,044,768 | ---- | M] (AVAST Software) -- C:\Program Files\AVAST Software\Avast\AvastSvc.exe

PRC - [2011/09/24 15:03:42 | 000,068,928 | ---- | M] (Nalpeiron Ltd.) -- C:\WINDOWS\system32\NLSSRV32.EXE

PRC - [2011/08/11 16:38:07 | 000,116,608 | ---- | M] (SUPERAntiSpyware.com) -- C:\Program Files\SUPERAntiSpyware\SASCore.exe

PRC - [2007/08/09 00:27:52 | 000,073,728 | ---- | M] (HP) -- C:\WINDOWS\system32\HPZipm12.exe

PRC - [2005/07/08 18:24:46 | 000,871,424 | ---- | M] (Nero AG) -- C:\Program Files\Ahead\InCD\InCDsrv.exe

========== Modules (No Company Name) ==========

MOD - [2012/03/18 12:06:59 | 001,744,896 | ---- | M] () -- C:\Program Files\AVAST Software\Avast\defs\12031801\algo.dll

MOD - [2011/11/02 00:26:32 | 000,087,912 | ---- | M] () -- C:\Program Files\Common Files\Apple\Apple Application Support\zlib1.dll

MOD - [2011/11/02 00:26:12 | 001,242,472 | ---- | M] () -- C:\Program Files\Common Files\Apple\Apple Application Support\libxml2.dll

========== Win32 Services (SafeList) ==========

SRV - File not found [Auto | Stopped] -- C:\Program Files\Blaze Media Pro\NMSAccess32.exe -- (NMSAccess)

SRV - File not found [Auto | Stopped] -- c:\Program Files\Microsoft Security Essentials\MsMpEng.exe -- (MsMpSvc)

SRV - File not found [On_Demand | Stopped] -- %SystemRoot%\System32\appmgmts.dll -- (AppMgmt)

SRV - [2012/03/06 16:15:14 | 000,044,768 | ---- | M] (AVAST Software) [Auto | Running] -- C:\Program Files\AVAST Software\Avast\AvastSvc.exe -- (avast! Antivirus)

SRV - [2011/09/24 15:03:42 | 000,068,928 | ---- | M] (Nalpeiron Ltd.) [Auto | Running] -- C:\WINDOWS\system32\NLSSRV32.EXE -- (nlsX86cc)

SRV - [2011/08/11 16:38:07 | 000,116,608 | ---- | M] (SUPERAntiSpyware.com) [Auto | Running] -- C:\Program Files\SUPERAntiSpyware\SASCore.exe -- (!SASCORE)

SRV - [2007/12/08 12:45:13 | 001,246,088 | ---- | M] () [On_Demand | Stopped] -- C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe -- (Symantec Core LC)

SRV - [2007/08/09 00:27:52 | 000,073,728 | ---- | M] (HP) [Auto | Running] -- C:\WINDOWS\system32\HPZipm12.exe -- (Pml Driver HPZ12)

SRV - [2005/07/08 18:24:46 | 000,871,424 | ---- | M] (Nero AG) [Auto | Running] -- C:\Program Files\Ahead\InCD\InCDsrv.exe -- (InCDsrv)

========== Driver Services (SafeList) ==========

DRV - File not found [Kernel | On_Demand | Stopped] -- -- (WDICA)

DRV - File not found [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\TotRec8.sys -- (TotRec8)

DRV - File not found [File_System | On_Demand | Stopped] -- -- (StarOpen)

DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDRFRAME)

DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDRELI)

DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDFRAME)

DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDCOMP)

DRV - File not found [Kernel | System | Stopped] -- -- (PCIDump)

DRV - File not found [Kernel | System | Stopped] -- C:\Documents and Settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{F8728CE0-9AB6-4B9F-A7CB-D2D5574D1F2D}\MpKsld5de23f2.sys -- (MpKsld5de23f2)

DRV - File not found [Kernel | System | Stopped] -- C:\Documents and Settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{55F9E85C-6E15-494E-87E3-8A989BB2D4F7}\MpKsl75385543.sys -- (MpKsl75385543)

DRV - File not found [Kernel | System | Stopped] -- C:\Documents and Settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{55F9E85C-6E15-494E-87E3-8A989BB2D4F7}\MpKsl6aa231d0.sys -- (MpKsl6aa231d0)

DRV - File not found [Kernel | System | Stopped] -- C:\Documents and Settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{55F9E85C-6E15-494E-87E3-8A989BB2D4F7}\MpKsl36624047.sys -- (MpKsl36624047)

DRV - File not found [File_System | Boot | Stopped] -- system32\DRIVERS\Lbd.sys -- (Lbd)

DRV - File not found [Kernel | On_Demand | Stopped] -- C:\Program Files\Lavasoft\Ad-Aware\KernExplorer.sys -- (Lavasoft Kernexplorer)

DRV - File not found [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\EagleXNt.sys -- (EagleXNt)

DRV - File not found [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\EagleNT.sys -- (EagleNT)

DRV - File not found [Kernel | On_Demand | Stopped] -- C:\DOCUME~1\CHRIST~1\LOCALS~1\Temp\cpuz130\cpuz_x32.sys -- (cpuz130)

DRV - File not found [Kernel | On_Demand | Stopped] -- C:\ComboFix\catchme.sys -- (catchme)

DRV - [2012/03/06 16:03:51 | 000,612,184 | ---- | M] (AVAST Software) [File_System | System | Running] -- C:\WINDOWS\System32\drivers\aswSnx.sys -- (aswSnx)

DRV - [2012/03/06 16:03:38 | 000,337,880 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\aswSP.sys -- (aswSP)

DRV - [2012/03/06 16:02:00 | 000,035,672 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\aswRdr.sys -- (AswRdr)

DRV - [2012/03/06 16:01:53 | 000,053,848 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\aswTdi.sys -- (aswTdi)

DRV - [2012/03/06 16:01:39 | 000,095,704 | ---- | M] (AVAST Software) [File_System | Auto | Running] -- C:\WINDOWS\System32\drivers\aswmon2.sys -- (aswMon2)

DRV - [2012/03/06 16:01:30 | 000,020,696 | ---- | M] (AVAST Software) [File_System | Auto | Running] -- C:\WINDOWS\System32\drivers\aswFsBlk.sys -- (aswFsBlk)

DRV - [2012/03/06 15:58:29 | 000,024,920 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\aavmker4.sys -- (Aavmker4)

DRV - [2011/07/31 17:27:03 | 000,436,792 | ---- | M] () [Kernel | Boot | Running] -- C:\WINDOWS\system32\drivers\sptd.sys -- (sptd)

DRV - [2011/07/22 09:27:02 | 000,012,880 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Running] -- C:\Program Files\SUPERAntiSpyware\sasdifsv.sys -- (SASDIFSV)

DRV - [2011/07/12 14:55:22 | 000,067,664 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Running] -- C:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS -- (SASKUTIL)

DRV - [2010/08/15 21:27:33 | 000,095,024 | ---- | M] (Sunbelt Software) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\SBREDrv.sys -- (SBRE)

DRV - [2010/08/13 21:50:25 | 000,079,360 | ---- | M] (NVIDIA Corporation) [Kernel | Boot | Running] -- C:\WINDOWS\system32\drivers\NVATABUS.SYS -- (nvatabus)

DRV - [2009/12/31 21:53:17 | 000,033,848 | ---- | M] (NCH Swift Sound) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\nchssvad.sys -- (NCHSSVAD) SoundTap Recorder (32 Bit)

DRV - [2008/04/17 02:34:04 | 000,120,472 | ---- | M] (High Criteria inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\TotRec7.sys -- (TotRec7)

DRV - [2008/04/13 11:45:29 | 000,010,624 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\gameenum.sys -- (gameenum)

DRV - [2008/04/13 11:40:58 | 000,008,192 | ---- | M] (Microsoft Corporation) [Kernel | System | Stopped] -- C:\WINDOWS\System32\drivers\Changer.sys -- (Changer)

DRV - [2008/04/13 11:40:26 | 000,034,688 | ---- | M] (Toshiba Corp.) [Kernel | System | Stopped] -- C:\WINDOWS\System32\drivers\lbrtfdc.sys -- (lbrtfdc)

DRV - [2007/09/26 10:43:15 | 000,019,712 | ---- | M] (Printing Communications Assoc., Inc. (PCAUSA)) [Kernel | On_Demand | Stopped] -- C:\Program Files\Common Files\Motive\mremp50.sys -- (MREMP50)

DRV - [2007/09/26 10:43:13 | 000,018,304 | ---- | M] (Printing Communications Assoc., Inc. (PCAUSA)) [Kernel | On_Demand | Stopped] -- C:\Program Files\Common Files\Motive\mresp50.sys -- (MRESP50)

DRV - [2007/04/16 22:46:00 | 000,033,792 | ---- | M] (Advanced Micro Devices) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\AmdPPM.sys -- (AmdPPM)

DRV - [2005/07/08 18:17:56 | 000,008,704 | ---- | M] (Nero AG) [Recognizer | System | Unknown] -- C:\WINDOWS\System32\drivers\InCDrec.sys -- (InCDrec)

DRV - [2005/07/08 18:17:54 | 000,099,584 | ---- | M] (Nero AG) [File_System | Disabled | Running] -- C:\WINDOWS\System32\drivers\InCDfs.sys -- (InCDfs)

DRV - [2005/07/08 18:17:36 | 000,029,696 | ---- | M] (Nero AG) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\InCDpass.sys -- (InCDPass)

DRV - [2005/07/08 07:17:32 | 000,028,672 | ---- | M] (Nero AG) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\InCDrm.sys -- (incdrm)

DRV - [2004/08/03 23:31:34 | 000,020,992 | ---- | M] (Realtek Semiconductor Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\rtl8139.sys -- (rtl8139) Realtek RTL8139(A/B/C)

DRV - [2004/07/28 00:15:38 | 000,012,928 | R--- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\nvnetbus.sys -- (nvnetbus)

DRV - [2004/07/28 00:15:36 | 000,033,024 | R--- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\NVENETFD.sys -- (NVENETFD)

DRV - [2004/06/21 01:53:20 | 000,626,204 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ALCXWDM.SYS -- (ALCXWDM) Service for Realtek AC97 Audio (WDM)

DRV - [2004/02/23 20:08:52 | 000,400,384 | ---- | M] (Sensaura) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ALCXSENS.SYS -- (ALCXSENS)

DRV - [2003/10/28 22:02:00 | 000,021,120 | R--- | M] (NVIDIA Corporation) [Kernel | Boot | Running] -- C:\WINDOWS\system32\drivers\nv_agp.SYS -- (nv_agp)

DRV - [2001/08/17 07:00:04 | 000,002,944 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\msmpu401.sys -- (ms_mpu401)

DRV - [1997/04/22 11:16:00 | 000,006,272 | ---- | M] () [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\ASLM75.SYS -- (aslm75)

========== Standard Registry (SafeList) ==========

========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar = http://www.google.com

IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}

IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://search.live.com/results.aspx?q={searchTerms}&src={referrer:source?}

IE - HKLM\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7

IE - HKLM\..\SearchScopes\{73CE15B3-4479-4D0F-9C10-1C41E726657E}: "URL" = http://www.tangosearch.com/?q={searchTerms}&a=SEARCH

IE - HKLM\..\SearchScopes\{CCC7A320-B3CA-4199-B1A6-9F516DD69829}: "URL" = http://us.yhs.search.yahoo.com/avg/search?fr=yhs-avg-chrome&type=yahoo_avg_hs2-tb-web_chrome_us&p={searchTerms}

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.ca/

IE - HKCU\..\URLSearchHook: {472734EA-242A-422b-ADF8-83D1E48CC825} - No CLSID value found

IE - HKCU\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}

IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://search.live.com/results.aspx?q={searchTerms}&src=IE-SearchBox&Form=IE8SRC

IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

========== FireFox ==========

FF - prefs.js..browser.startup.homepage: "http://www.google.ca/"

FF - prefs.js..extensions.enabledItems: {96FEE677-8B8A-4720-8E4A-D887ADB2CE1C}:1.9.1

FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}:6.0.21

FF - prefs.js..extensions.enabledItems: jqs@sun.com:1.0

FF - user.js - File not found

FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\WINDOWS\system32\Macromed\Flash\NPSWF32.dll ()

FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found

FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()

FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)

FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\4.1.10111.0\npctrl.dll ( Microsoft Corporation)

FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL (Microsoft Corporation)

FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\PROGRA~1\MICROS~2\Office14\NPSPWRAP.DLL (Microsoft Corporation)

FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=14.0.8117.0416: C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)

FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)

FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 9.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\wrc@avast.com: C:\Program Files\AVAST Software\Avast\WebRep\FF [2012/03/17 19:53:31 | 000,000,000 | ---D | M]

FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 10.0.2\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2012/02/18 23:35:17 | 000,000,000 | ---D | M]

FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 10.0.2\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2012/01/27 20:35:05 | 000,000,000 | ---D | M]

[2010/09/19 12:21:20 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\ffffffff\Application Data\Mozilla\Extensions

[2011/02/06 21:59:41 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\ffffffff\Application Data\Mozilla\Firefox\Profiles\y31x9w8y.default\extensions

[2010/12/10 20:02:56 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Documents and Settings\ffffffff\Application Data\Mozilla\Firefox\Profiles\y31x9w8y.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}

[2011/11/09 16:04:12 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions

[2010/10/01 22:17:24 | 000,000,000 | ---D | M] (Java Quick Starter) -- C:\PROGRAM FILES\JAVA\JRE6\LIB\DEPLOY\JQS\FF

[2012/02/18 23:35:17 | 000,134,104 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browsercomps.dll

[2010/10/01 22:17:24 | 000,423,656 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\mozilla firefox\plugins\npdeployJava1.dll

[2012/02/18 00:53:45 | 000,002,252 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\bing.xml

[2012/02/18 00:53:45 | 000,002,040 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\twitter.xml

O1 HOSTS File: ([2012/03/17 21:08:35 | 000,000,027 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts

O1 - Hosts: 127.0.0.1 localhost

O2 - BHO: (Adobe PDF Reader Link Helper) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll File not found

O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found.

O2 - BHO: (no name) - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - No CLSID value found.

O2 - BHO: (no name) - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - No CLSID value found.

O2 - BHO: (avast! WebRep) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)

O2 - BHO: (Adobe PDF Conversion Toolbar Helper) - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)

O2 - BHO: (Office Document Cache Handler) - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)

O3 - HKLM\..\Toolbar: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)

O3 - HKLM\..\Toolbar: (no name) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - No CLSID value found.

O3 - HKLM\..\Toolbar: (avast! WebRep) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)

O3 - HKCU\..\Toolbar\WebBrowser: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)

O4 - HKLM..\Run: [Acrobat Assistant 7.0] C:\Program Files\Adobe\Acrobat 7.0\Distillr\Acrotray.exe (Adobe Systems Inc.)

O4 - HKLM..\Run: [APSDaemon] C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.)

O4 - HKLM..\Run: [avast] C:\Program Files\AVAST Software\Avast\avastUI.exe (AVAST Software)

O4 - HKLM..\Run: [HitmanPro35] "C:\Program Files\Hitman Pro 3.5\HitmanPro35[1].exe" /scan:boot File not found

O4 - HKLM..\Run: [inCD] C:\Program Files\Ahead\InCD\InCD.exe (Nero AG)

O4 - HKLM..\Run: [soundMan] C:\WINDOWS\SOUNDMAN.EXE (Realtek Semiconductor Corp.)

O4 - HKCU..\RunOnce: [FlashPlayerUpdate] C:\WINDOWS\System32\Macromed\Flash\FlashUtil11c_Plugin.exe (Adobe Systems, Inc.)

O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Adobe Acrobat Speed Launcher.lnk = C:\WINDOWS\Installer\{AC76BA86-1033-0000-7760-000000000002}\SC_Acrobat.exe ()

O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Windows Search.lnk = File not found

O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Infodelivery present

O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: LinkResolveIgnoreLinkInfo = 0

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoResolveSearch = 1

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0

O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145

O8 - Extra context menu item: Convert link target to Adobe PDF - C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)

O8 - Extra context menu item: Convert link target to existing PDF - C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)

O8 - Extra context menu item: Convert selected links to Adobe PDF - C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)

O8 - Extra context menu item: Convert selected links to existing PDF - C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)

O8 - Extra context menu item: Convert selection to Adobe PDF - C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)

O8 - Extra context menu item: Convert selection to existing PDF - C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)

O8 - Extra context menu item: Convert to Adobe PDF - C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)

O8 - Extra context menu item: Convert to existing PDF - C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)

O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)

O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} http://fpdownload.macromedia.com/get/shockwave/cabs/director/sw.cab (Reg Error: Value error.)

O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} http://download.microsoft.com/download/E/5/6/E5611B10-0D6D-4117-8430-A67417AA88CD/LegitCheckControl.cab (Windows Genuine Advantage Validation Tool)

O16 - DPF: {2BC66F54-93A8-11D3-BEB6-00105AA9B6AE} http://security.symantec.com/sscv6/SharedContent/vc/bin/AvSniff.cab (Symantec AntiVirus scanner)

O16 - DPF: {37A273C2-5129-11D5-BF37-00A0CCE8754B} http://asp.mathxl.com/wizmodules/testgen/installers/TestGenXInstall.cab (TTestGenXInstallObject)

O16 - DPF: {4B54A9DE-EF1C-4EBE-A328-7C28EA3B433A} http://quickscan.bitdefender.com/qsax/qsax.cab (Bitdefender QuickScan Control)

O16 - DPF: {4D7F48C0-CB49-4EA6-97D4-04F4EACC2F3B} http://www.xdrive.com/downloads/std_install/setup.exe (InstallShield Setup Player 2K2)

O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} http://gfx1.hotmail.com/mail/w2/resources/MSNPUpld.cab (MSN Photo Upload Tool)

O16 - DPF: {5ED80217-570B-4DA9-BF44-BE107C0EC166} http://cdn.scan.onecare.live.com/resource/download/scanner/wlscbase6662.cab (Windows Live Safety Center Base Module)

O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} http://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1167444609234 (WUWebControl Class)

O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} http://security.symantec.com/sscv6/SharedContent/common/bin/cabsa.cab (Symantec RuFSI Utility Class)

O16 - DPF: {67A5F8DC-1A4B-4D66-9F24-A704AD929EEE} http://www.systemrequirementslab.com/sysreqlab2.cab (System Requirements Lab Class)

O16 - DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} http://download.divx.com/player/DivXBrowserPlugin.cab (Reg Error: Value error.)

O16 - DPF: {6A344D34-5231-452A-8A57-D064AC9B7862} https://webdl.symantec.com/activex/symdlmgr.cab (Symantec Download Manager)

O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1170086687796 (MUWebControl Class)

O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_21-windows-i586.cab (Java Plug-in 1.6.0_21)

O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} http://fpdownload.macromedia.com/get/flashplayer/current/ultrashim.cab (Reg Error: Value error.)

O16 - DPF: {917623D1-D8E5-11D2-BE8B-00104B06BDE3} http://towercam.arts.ubc.ca/activex/AxisCamControl.cab (CamImage Class)

O16 - DPF: {95D88B35-A521-472B-A182-BB1A98356421} http://asp.mathxl.com/books/_Players/PearsonInstallAsst2.cab (Pearson Installation Assistant 2)

O16 - DPF: {C9386579-3C0F-4713-82C6-5BA8088C7C8D} https://secure.shared.live.com/Pa6vGqB728AxD-ckvrPc0A/etc/Microsoft.Live.Folders.RichUpload.cab (Windows Live SkyDrive Upload Tool)

O16 - DPF: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_21-windows-i586.cab (Java Plug-in 1.6.0_21)

O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_21-windows-i586.cab (Java Plug-in 1.6.0_21)

O16 - DPF: {D1E7CBDA-E60E-4970-A01C-37301EF7BF98} http://service.intelcapabilitiesforum.net/global/FMSI.cab (Reg Error: Value error.)

O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object)

O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Value error.)

O16 - DPF: {EEC9DBCC-04AD-4A1B-BEA7-C6DAD9515D5A} http://asp.mathxl.com/books/_Players/EconPlayer.cab (Pearson MyEconLab Player Control)

O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.254 192.168.1.254

O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{4829A299-0B0A-42C6-84C8-D324D5E6AF92}: DhcpNameServer = 192.168.1.254 192.168.1.254

O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)

O20 - HKLM Winlogon: UserInit - (C:\WINDOWS\system32\userinit.exe) - C:\WINDOWS\system32\userinit.exe (Microsoft Corporation)

O20 - Winlogon\Notify\!SASWinLogon: DllName - (C:\Program Files\SUPERAntiSpyware\SASWINLO.DLL) - C:\Program Files\SUPERAntiSpyware\SASWINLO.DLL (SUPERAntiSpyware.com)

O24 - Desktop WallPaper: C:\Documents and Settings\ffffffff\Local Settings\Application Data\Microsoft\Wallpaper1.bmp

O24 - Desktop BackupWallPaper: C:\Documents and Settings\ffffffff\Local Settings\Application Data\Microsoft\Wallpaper1.bmp

O28 - HKLM ShellExecuteHooks: {5AE067D3-9AFB-48E0-853A-EBB7F4A000DA} - C:\Program Files\SUPERAntiSpyware\SASSEH.DLL (SuperAdBlocker.com)

O32 - HKLM CDRom: AutoRun - 1

O32 - AutoRun File - [2006/12/29 18:55:23 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]

O32 - AutoRun File - [2004/08/04 05:00:00 | 000,000,110 | R--- | M] () - D:\AUTORUN.INF -- [ CDFS ]

O33 - MountPoints2\{e3cf591c-8c7f-11df-a18a-0015f2889cb1}\Shell - "" = AutoRun

O33 - MountPoints2\{e3cf591c-8c7f-11df-a18a-0015f2889cb1}\Shell\AutoRun - "" = Auto&Play

O33 - MountPoints2\{e3cf591c-8c7f-11df-a18a-0015f2889cb1}\Shell\AutoRun\command - "" = E:\LaunchU3.exe -a

O34 - HKLM BootExecute: (autocheck autochk *)

O35 - HKLM\..comfile [open] -- "%1" %*

O35 - HKLM\..exefile [open] -- "%1" %*

O37 - HKLM\...com [@ = ComFile] -- "%1" %*

O37 - HKLM\...exe [@ = exefile] -- "%1" %*

NetSvcs: 6to4 - File not found

NetSvcs: AppMgmt - %SystemRoot%\System32\appmgmts.dll File not found

NetSvcs: Ias - File not found

NetSvcs: Iprip - File not found

NetSvcs: Irmon - File not found

NetSvcs: NWCWorkstation - File not found

NetSvcs: Nwsapagent - File not found

NetSvcs: WmdmPmSp - File not found

MsConfig - State: "system.ini" - 0

MsConfig - State: "win.ini" - 0

MsConfig - State: "bootini" - 0

MsConfig - State: "services" - 0

MsConfig - State: "startup" - 0

SafeBootMin: !SASCORE - C:\Program Files\SUPERAntiSpyware\SASCore.exe (SUPERAntiSpyware.com)

SafeBootMin: AppMgmt - %SystemRoot%\System32\appmgmts.dll File not found

SafeBootMin: Base - Driver Group

SafeBootMin: Boot Bus Extender - Driver Group

SafeBootMin: Boot file system - Driver Group

SafeBootMin: File system - Driver Group

SafeBootMin: Filter - Driver Group

SafeBootMin: MsMpSvc - c:\Program Files\Microsoft Security Essentials\MsMpEng.exe File not found

SafeBootMin: PCI Configuration - Driver Group

SafeBootMin: PNP Filter - Driver Group

SafeBootMin: Primary disk - Driver Group

SafeBootMin: SCSI Class - Driver Group

SafeBootMin: sermouse.sys - Driver

SafeBootMin: System Bus Extender - Driver Group

SafeBootMin: vds - Service

SafeBootMin: vga.sys - Driver

SafeBootMin: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers

SafeBootMin: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive

SafeBootMin: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive

SafeBootMin: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller

SafeBootMin: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc

SafeBootMin: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard

SafeBootMin: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse

SafeBootMin: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters

SafeBootMin: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter

SafeBootMin: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System

SafeBootMin: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive

SafeBootMin: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy

SafeBootMin: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume

SafeBootMin: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices

SafeBootNet: !SASCORE - C:\Program Files\SUPERAntiSpyware\SASCore.exe (SUPERAntiSpyware.com)

SafeBootNet: AppMgmt - %SystemRoot%\System32\appmgmts.dll File not found

SafeBootNet: Base - Driver Group

SafeBootNet: Boot Bus Extender - Driver Group

SafeBootNet: Boot file system - Driver Group

SafeBootNet: File system - Driver Group

SafeBootNet: Filter - Driver Group

SafeBootNet: hitmanpro35 - Reg Error: Value error.

SafeBootNet: hitmanpro35.sys - Reg Error: Value error.

SafeBootNet: HitmanPro35Crusader - Reg Error: Value error.

SafeBootNet: hitmanpro36 - Reg Error: Value error.

SafeBootNet: hitmanpro36.sys - Reg Error: Value error.

SafeBootNet: MsMpSvc - c:\Program Files\Microsoft Security Essentials\MsMpEng.exe File not found

SafeBootNet: NDIS Wrapper - Driver Group

SafeBootNet: NetBIOSGroup - Driver Group

SafeBootNet: NetDDEGroup - Driver Group

SafeBootNet: Network - Driver Group

SafeBootNet: NetworkProvider - Driver Group

SafeBootNet: PCI Configuration - Driver Group

SafeBootNet: PNP Filter - Driver Group

SafeBootNet: PNP_TDI - Driver Group

SafeBootNet: Primary disk - Driver Group

SafeBootNet: SCSI Class - Driver Group

SafeBootNet: sermouse.sys - Driver

SafeBootNet: Streams Drivers - Driver Group

SafeBootNet: System Bus Extender - Driver Group

SafeBootNet: TDI - Driver Group

SafeBootNet: vga.sys - Driver

SafeBootNet: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers

SafeBootNet: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive

SafeBootNet: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive

SafeBootNet: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller

SafeBootNet: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc

SafeBootNet: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard

SafeBootNet: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse

SafeBootNet: {4D36E972-E325-11CE-BFC1-08002BE10318} - Net

SafeBootNet: {4D36E973-E325-11CE-BFC1-08002BE10318} - NetClient

SafeBootNet: {4D36E974-E325-11CE-BFC1-08002BE10318} - NetService

SafeBootNet: {4D36E975-E325-11CE-BFC1-08002BE10318} - NetTrans

SafeBootNet: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters

SafeBootNet: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter

SafeBootNet: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System

SafeBootNet: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive

SafeBootNet: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume

SafeBootNet: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices

ActiveX: {0213C6AF-5562-4D09-884C-2ADCFC8C2F35} - Microsoft .NET Framework 1.1 Security Update (KB2656353)

ActiveX: {08B0E5C0-4FCB-11CF-AAA5-00401C608500} - Java (Sun)

ActiveX: {10072CEC-8CC1-11D1-986E-00A0C955B42F} - Vector Graphics Rendering (VML)

ActiveX: {2179C5D3-EBFF-11CF-B6FD-00AA00B4E220} - NetShow

ActiveX: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Microsoft Windows Media Player 6.4

ActiveX: {283807B5-2C60-11D0-A31D-00AA00B92C03} - DirectAnimation

ActiveX: {2A3320D6-C805-4280-B423-B665BDE33D8F} - Microsoft .NET Framework 1.1 Security Update (KB979906)

ActiveX: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll

ActiveX: {36f8ec70-c29a-11d1-b5c7-0000f8051515} - Dynamic HTML Data Binding for Java

ActiveX: {3af36230-a269-11d1-b5bf-0000f8051515} - Offline Browsing Pack

ActiveX: {3bf42070-b3b1-11d1-b5c5-0000f8051515} - Uniscribe

ActiveX: {3C3901C5-3455-3E0A-A214-0B093A5070A6} - .NET Framework

ActiveX: {411EDCF7-755D-414E-A74B-3DCD6583F589} - Microsoft .NET Framework 1.1 Service Pack 1 (KB867460)

ActiveX: {4278c270-a269-11d1-b5bf-0000f8051515} - Advanced Authoring

ActiveX: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles%\Outlook Express\setup50.exe" /APP:OE /CALLER:WINNT /user /install

ActiveX: {44BBA842-CC51-11CF-AAFA-00AA00B6015B} - rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\msnetmtg.inf,NetMtg.Install.PerUser.NT

ActiveX: {44BBA848-CC51-11CF-AAFA-00AA00B6015C} - DirectShow

ActiveX: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx

ActiveX: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer Help

ActiveX: {4f216970-c90c-11d1-b5c7-0000f8051515} - DirectAnimation Java Classes

ActiveX: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.8

ActiveX: {5056b317-8d4c-43ee-8543-b9d1e234b8f4} - Security Update for Windows XP (KB923789)

ActiveX: {5945c046-1e7d-11d1-bc44-00c04fd912be} - rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\msmsgs.inf,BLC.QuietInstall.PerUser

ActiveX: {5A8D6EE0-3E18-11D0-821E-444553540000} - ICW

ActiveX: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools

ActiveX: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsing Enhancements

ActiveX: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - Microsoft Windows Media Player

ActiveX: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - MSN Site Access

ActiveX: {7131646D-CD3C-40F4-97B9-CD9E4E6262EF} - .NET Framework

ActiveX: {73FA19D0-2D75-11D2-995D-00C04F98BBC9} - Web Folders

ActiveX: {7790769C-0471-11d2-AF11-00C04FA35D02} - "%ProgramFiles%\Outlook Express\setup50.exe" /APP:WAB /CALLER:WINNT /user /install

ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll

ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4383} - C:\WINDOWS\system32\ie4uinit.exe -BaseSettings

ActiveX: {89B4C1CD-B018-4511-B0A1-5476DBF70820} - c:\WINDOWS\system32\Rundll32.exe c:\WINDOWS\system32\mscories.dll,Install

ActiveX: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML Data Binding

ActiveX: {B508B3F1-A24A-32C0-B310-85786919EF28} - .NET Framework

ActiveX: {C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F} - .NET Framework

ActiveX: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer Core Fonts

ActiveX: {CAA16A24-EFEB-3AB8-DAC2-7AA90DFDB386} - Microsoft Windows Media Player 6.4

ActiveX: {CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1} - .NET Framework

ActiveX: {CC2A9BA0-3BDD-11D0-821E-444553540000} - Task Scheduler

ActiveX: {CDD7975E-60F8-41d5-8149-19E51D6F71D0} - Windows Movie Maker v2.1

ActiveX: {D27CDB6E-AE6D-11cf-96B8-444553540000} - Adobe Flash Player

ActiveX: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML Help

ActiveX: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface

ActiveX: {EF289A85-8E57-408d-BE47-73B55609861A} - RootsUpdate

ActiveX: <{12d0ed0d-0ee0-4f90-8827-78cefb8f4988} - C:\WINDOWS\system32\ieudinit.exe

ActiveX: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - C:\WINDOWS\inf\unregmp2.exe /ShowWMP

ActiveX: >{26923b43-4d38-484f-9b9e-de460746276c} - C:\WINDOWS\system32\ie4uinit.exe -UserIconConfig

ActiveX: >{60B49E34-C7CC-11D0-8953-00A0C90347FF} - "C:\WINDOWS\system32\rundll32.exe" "C:\WINDOWS\system32\iedkcs32.dll",BrandIEActiveSetup SIGNUP

ActiveX: >{60B49E34-C7CC-11D0-8953-00A0C90347FF}MICROS - RunDLL32 IEDKCS32.DLL,BrandIE4 SIGNUP

ActiveX: >{881dd1c5-3dcf-431b-b061-f3f88e8be88a} - %systemroot%\system32\shmgrate.exe OCInstallUserConfigOE

ActiveX: Microsoft Base Smart Card Crypto Provider Package -

Drivers32: mixer - C:\WINDOWS\System32\DrvTrNTm.dll (High Criteria inc.)

Drivers32: msacm.ac3acm - C:\WINDOWS\System32\AC3ACM.acm (fccHandler)

Drivers32: msacm.alf2cd - C:\WINDOWS\System32\alf2cd.acm (NCT Company)

Drivers32: msacm.iac2 - C:\WINDOWS\system32\iac25_32.ax (Intel Corporation)

Drivers32: msacm.l3acm - C:\WINDOWS\system32\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)

Drivers32: msacm.scg726 - C:\WINDOWS\System32\Scg726.acm (SHARP Corporation)

Drivers32: msacm.sl_anet - C:\WINDOWS\System32\sl_anet.acm (Sipro Lab Telecom Inc.)

Drivers32: msacm.trspch - C:\WINDOWS\System32\tssoft32.acm (DSP GROUP, INC.)

Drivers32: msacm.voxacm160 - C:\WINDOWS\System32\vct3216.acm (Voxware, Inc.)

Drivers32: vidc.cvid - C:\WINDOWS\System32\iccvid.dll (Radius Inc.)

Drivers32: vidc.DIVX - C:\WINDOWS\System32\divx.dll (DivXNetworks, Inc.)

Drivers32: vidc.dvsd - C:\WINDOWS\System32\mcdvd_32.dll (MainConcept)

Drivers32: vidc.iv31 - C:\WINDOWS\System32\ir32_32.dll ()

Drivers32: vidc.iv32 - C:\WINDOWS\System32\ir32_32.dll ()

Drivers32: vidc.iv41 - C:\WINDOWS\System32\ir41_32.ax (Intel Corporation)

Drivers32: vidc.iv50 - C:\WINDOWS\System32\ir50_32.dll (Intel Corporation)

Drivers32: wave - C:\WINDOWS\System32\DrvTrNTm.dll (High Criteria inc.)

CREATERESTOREPOINT

Restore point Set: OTL Restore Point

========== Files/Folders - Created Within 30 Days ==========

[2012/03/18 15:23:25 | 000,116,224 | ---- | C] (Xerox) -- C:\WINDOWS\System32\dllcache\xrxwiadr.dll

[2012/03/18 15:23:21 | 000,023,040 | ---- | C] (Xerox Corporation) -- C:\WINDOWS\System32\dllcache\xrxwbtmp.dll

[2012/03/18 15:23:12 | 000,004,608 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\xrxflnch.exe

[2012/03/18 15:23:07 | 000,099,865 | ---- | C] (Eicon Technology) -- C:\WINDOWS\System32\dllcache\xlog.exe

[2012/03/18 15:23:03 | 000,016,970 | ---- | C] (US Robotics MCD (Megahertz)) -- C:\WINDOWS\System32\dllcache\xem336n5.sys

[2012/03/18 15:23:01 | 000,019,455 | ---- | C] (Intel® Corporation) -- C:\WINDOWS\System32\dllcache\wvchntxx.sys

[2012/03/18 15:22:59 | 000,019,200 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\wstcodec.sys

[2012/03/18 15:22:58 | 000,012,063 | ---- | C] (Intel® Corporation) -- C:\WINDOWS\System32\dllcache\wsiintxx.sys

[2012/03/18 15:22:56 | 000,008,192 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\wshirda.dll

[2012/03/18 15:22:46 | 000,008,832 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\wmiacpi.sys

[2012/03/18 15:22:44 | 000,154,624 | ---- | C] (Lucent Technologies) -- C:\WINDOWS\System32\dllcache\wlluc48.sys

[2012/03/18 15:22:40 | 000,034,890 | ---- | C] (Raytheon Corp.) -- C:\WINDOWS\System32\dllcache\wlandrv2.sys

[2012/03/18 15:22:32 | 000,771,581 | ---- | C] (Rockwell) -- C:\WINDOWS\System32\dllcache\winacisa.sys

[2012/03/18 15:22:27 | 000,053,760 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\wiamsmud.dll

[2012/03/18 15:22:24 | 000,087,040 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\wiafbdrv.dll

[2012/03/18 15:22:19 | 000,701,386 | ---- | C] (3Com Corporation) -- C:\WINDOWS\System32\dllcache\wdhaalba.sys

[2012/03/18 15:22:18 | 000,023,615 | ---- | C] (Intel® Corporation) -- C:\WINDOWS\System32\dllcache\wch7xxnt.sys

[2012/03/18 15:22:17 | 000,031,744 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\wceusbsh.sys

[2012/03/18 15:22:13 | 000,035,871 | ---- | C] (Winbond Electronics Corp.) -- C:\WINDOWS\System32\dllcache\wbfirdma.sys

[2012/03/18 15:22:11 | 000,033,599 | ---- | C] (Intel® Corporation) -- C:\WINDOWS\System32\dllcache\watv04nt.sys

[2012/03/18 15:22:10 | 000,019,551 | ---- | C] (Intel® Corporation) -- C:\WINDOWS\System32\dllcache\watv02nt.sys

[2012/03/18 15:22:09 | 000,029,311 | ---- | C] (Intel® Corporation) -- C:\WINDOWS\System32\dllcache\watv01nt.sys

[2012/03/18 15:22:08 | 000,011,775 | ---- | C] (Intel® Corporation) -- C:\WINDOWS\System32\dllcache\wadv05nt.sys

[2012/03/18 15:22:07 | 000,012,127 | ---- | C] (Intel® Corporation) -- C:\WINDOWS\System32\dllcache\wadv02nt.sys

[2012/03/18 15:22:06 | 000,012,415 | ---- | C] (Intel® Corporation) -- C:\WINDOWS\System32\dllcache\wadv01nt.sys

[2012/03/18 15:22:01 | 000,016,925 | ---- | C] (Winbond Electronics Corporation) -- C:\WINDOWS\System32\dllcache\w940nd.sys

[2012/03/18 15:21:58 | 000,019,016 | ---- | C] (Winbond Electronics Corporation) -- C:\WINDOWS\System32\dllcache\w926nd.sys

[2012/03/18 15:21:54 | 000,019,528 | ---- | C] (Winbond Electronics Corporation) -- C:\WINDOWS\System32\dllcache\w840nd.sys

[2012/03/18 15:21:48 | 000,064,605 | ---- | C] (PCtel, Inc.) -- C:\WINDOWS\System32\dllcache\vvoice.sys

[2012/03/18 15:21:43 | 000,397,502 | ---- | C] (PCtel, Inc.) -- C:\WINDOWS\System32\dllcache\vpctcom.sys

[2012/03/18 15:21:39 | 000,604,253 | ---- | C] (PCTEL, INC.) -- C:\WINDOWS\System32\dllcache\vmodem.sys

[2012/03/18 15:21:35 | 000,249,402 | ---- | C] (Xircom) -- C:\WINDOWS\System32\dllcache\vinwm.sys

[2012/03/18 15:21:31 | 000,024,576 | ---- | C] (VIA Technologies, Inc.) -- C:\WINDOWS\System32\dllcache\viairda.sys

[2012/03/18 15:21:30 | 000,005,376 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\viaide.sys

[2012/03/18 15:21:29 | 000,053,760 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\vfwwdm32.dll

[2012/03/18 15:21:24 | 000,687,999 | ---- | C] (U.S. Robotics Corporation) -- C:\WINDOWS\System32\dllcache\usrwdxjs.sys

[2012/03/18 15:21:21 | 000,765,884 | ---- | C] (U.S. Robotics, Inc.) -- C:\WINDOWS\System32\dllcache\usrti.sys

[2012/03/18 15:21:17 | 000,113,762 | ---- | C] (U.S. Robotics Corporation) -- C:\WINDOWS\System32\dllcache\usrpda.sys

[2012/03/18 15:21:13 | 000,007,556 | ---- | C] (U.S. Robotics Corporation) -- C:\WINDOWS\System32\dllcache\usroslba.sys

[2012/03/18 15:21:09 | 000,224,802 | ---- | C] (U.S. Robotics Corporation) -- C:\WINDOWS\System32\dllcache\usr1807a.sys

[2012/03/18 15:21:06 | 000,794,399 | ---- | C] (U.S. Robotics, Inc.) -- C:\WINDOWS\System32\dllcache\usr1806v.sys

[2012/03/18 15:21:02 | 000,793,598 | ---- | C] (U.S. Robotics, Inc.) -- C:\WINDOWS\System32\dllcache\usr1806.sys

[2012/03/18 15:20:58 | 000,794,654 | ---- | C] (U.S. Robotics, Inc.) -- C:\WINDOWS\System32\dllcache\usr1801.sys

[2012/03/18 15:20:57 | 000,020,608 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\usbuhci.sys

[2012/03/18 15:20:56 | 000,026,112 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\usbser.sys

[2012/03/18 15:20:54 | 000,060,032 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\usbaudio.sys

[2012/03/18 15:20:53 | 000,032,384 | ---- | C] (KLSI USA, Inc.) -- C:\WINDOWS\System32\dllcache\usb101et.sys

[2012/03/18 15:20:48 | 000,094,720 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\umaxud32.dll

[2012/03/18 15:20:44 | 000,028,160 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\umaxu40.dll

[2012/03/18 15:20:41 | 000,026,624 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\umaxu22.dll

[2012/03/18 15:20:37 | 000,069,632 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\umaxu12.dll

[2012/03/18 15:20:33 | 000,050,688 | ---- | C] (UMAX DATA SYSTEMS INC.) -- C:\WINDOWS\System32\dllcache\umaxscan.dll

[2012/03/18 15:20:30 | 000,022,912 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\umaxpcls.sys

[2012/03/18 15:20:26 | 000,050,176 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\umaxp60.dll

[2012/03/18 15:20:23 | 000,047,616 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\umaxcam.dll

[2012/03/18 15:20:19 | 000,211,968 | ---- | C] (UMAX Data Systems Inc.) -- C:\WINDOWS\System32\dllcache\um54scan.dll

[2012/03/18 15:20:15 | 000,216,064 | ---- | C] (UMAX Data Systems Inc.) -- C:\WINDOWS\System32\dllcache\um34scan.dll

[2012/03/18 15:20:12 | 000,036,736 | ---- | C] (Promise Technology, Inc.) -- C:\WINDOWS\System32\dllcache\ultra.sys

[2012/03/18 15:20:08 | 000,011,520 | ---- | C] (IBM Corporation) -- C:\WINDOWS\System32\dllcache\twotrack.sys

[2012/03/18 15:20:03 | 000,166,784 | ---- | C] (Trident Microsystems Inc.) -- C:\WINDOWS\System32\dllcache\tridxpm.sys

[2012/03/18 15:19:59 | 000,525,568 | ---- | C] (Trident Microsystems Inc.) -- C:\WINDOWS\System32\dllcache\tridxp.dll

[2012/03/18 15:19:55 | 000,159,232 | ---- | C] (Trident Microsystems Inc.) -- C:\WINDOWS\System32\dllcache\tridkbm.sys

[2012/03/18 15:19:52 | 000,440,576 | ---- | C] (Trident Microsystems Inc.) -- C:\WINDOWS\System32\dllcache\tridkb.dll

[2012/03/18 15:19:48 | 000,222,336 | ---- | C] (Trident Microsystems Inc.) -- C:\WINDOWS\System32\dllcache\trid3dm.sys

[2012/03/18 15:19:45 | 000,315,520 | ---- | C] (Trident Microsystems Inc.) -- C:\WINDOWS\System32\dllcache\trid3d.dll

[2012/03/18 15:19:41 | 000,034,375 | ---- | C] (Intel Corporation) -- C:\WINDOWS\System32\dllcache\tpro4.sys

[2012/03/18 15:19:37 | 000,042,496 | ---- | C] (IBM Corporation) -- C:\WINDOWS\System32\dllcache\tp4res.dll

[2012/03/18 15:19:36 | 000,082,944 | ---- | C] (IBM Corporation) -- C:\WINDOWS\System32\dllcache\tp4mon.exe

[2012/03/18 15:19:33 | 000,031,744 | ---- | C] (IBM Corporation) -- C:\WINDOWS\System32\dllcache\tp4.dll

[2012/03/18 15:19:28 | 000,004,992 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\toside.sys

[2012/03/18 15:19:25 | 000,230,912 | ---- | C] (Toshiba Corporation) -- C:\WINDOWS\System32\dllcache\tosdvd03.sys

[2012/03/18 15:19:21 | 000,241,664 | ---- | C] (Toshiba Corporation) -- C:\WINDOWS\System32\dllcache\tosdvd02.sys

[2012/03/18 15:19:17 | 000,028,232 | ---- | C] (TOSHIBA Corporation) -- C:\WINDOWS\System32\dllcache\tos4mo.sys

[2012/03/18 15:19:13 | 000,123,995 | ---- | C] (Tiger Jet Network) -- C:\WINDOWS\System32\dllcache\tjisdn.sys

[2012/03/18 15:19:08 | 000,138,528 | ---- | C] (Trident Microsystems Inc.) -- C:\WINDOWS\System32\dllcache\tgiulnt5.sys

[2012/03/18 15:19:05 | 000,081,408 | ---- | C] (Trident Microsystems Inc.) -- C:\WINDOWS\System32\dllcache\tgiul50.dll

[2012/03/18 15:19:04 | 000,149,376 | ---- | C] (M-Systems) -- C:\WINDOWS\System32\dllcache\tffsport.sys

[2012/03/18 15:19:00 | 000,017,129 | ---- | C] (TDK Corporation) -- C:\WINDOWS\System32\dllcache\tdkcd31.sys

[2012/03/18 15:18:56 | 000,037,961 | ---- | C] (TDK Corporation) -- C:\WINDOWS\System32\dllcache\tdk100b.sys

[2012/03/18 15:18:50 | 000,030,464 | ---- | C] (Toshiba Corporation) -- C:\WINDOWS\System32\dllcache\tbatm155.sys

[2012/03/18 15:18:46 | 000,007,040 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\tandqic.sys

[2012/03/18 15:18:43 | 000,036,640 | ---- | C] (Number Nine Visual Technology Corp.) -- C:\WINDOWS\System32\dllcache\t2r4mini.sys

[2012/03/18 15:18:39 | 000,172,768 | ---- | C] (Number Nine Visual Technology) -- C:\WINDOWS\System32\dllcache\t2r4disp.dll

[2012/03/18 15:18:34 | 000,032,640 | ---- | C] (LSI Logic) -- C:\WINDOWS\System32\dllcache\symc8xx.sys

[2012/03/18 15:18:31 | 000,016,256 | ---- | C] (Symbios Logic Inc.) -- C:\WINDOWS\System32\dllcache\symc810.sys

[2012/03/18 15:18:28 | 000,030,688 | ---- | C] (LSI Logic) -- C:\WINDOWS\System32\dllcache\sym_u3.sys

[2012/03/18 15:18:25 | 000,028,384 | ---- | C] (LSI Logic) -- C:\WINDOWS\System32\dllcache\sym_hi.sys

[2012/03/18 15:18:21 | 000,094,293 | ---- | C] (Perle Systems Ltd. ) -- C:\WINDOWS\System32\dllcache\sxports.dll

[2012/03/18 15:18:18 | 000,103,936 | ---- | C] (Perle Systems Ltd. ) -- C:\WINDOWS\System32\dllcache\sx.sys

[2012/03/18 15:18:15 | 000,003,968 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\swusbflt.sys

[2012/03/18 15:18:11 | 000,010,240 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\swpidflt.dll

[2012/03/18 15:18:08 | 000,010,240 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\swpdflt2.dll

[2012/03/18 15:18:05 | 000,053,760 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\sw_wheel.dll

[2012/03/18 15:18:02 | 000,041,472 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\sw_effct.dll

[2012/03/18 15:18:01 | 000,015,232 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\streamip.sys

[2012/03/18 15:17:57 | 000,155,648 | ---- | C] (Stallion Technologies) -- C:\WINDOWS\System32\dllcache\stlnprop.dll

[2012/03/18 15:17:54 | 000,053,248 | ---- | C] (Stallion Technologies) -- C:\WINDOWS\System32\dllcache\stlncoin.dll

[2012/03/18 15:17:50 | 000,285,760 | ---- | C] (Stallion Technologies) -- C:\WINDOWS\System32\dllcache\stlnata.sys

[2012/03/18 15:17:47 | 000,016,896 | ---- | C] (SCM Microsystems, Inc.) -- C:\WINDOWS\System32\dllcache\stcusb.sys

[2012/03/18 15:17:42 | 000,048,736 | ---- | C] (3Com) -- C:\WINDOWS\System32\dllcache\srwlnd5.sys

[2012/03/18 15:17:39 | 000,099,328 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\srusd.dll

[2012/03/18 15:17:34 | 000,024,660 | ---- | C] (Perle Systems Ltd.) -- C:\WINDOWS\System32\dllcache\spxupchk.dll

[2012/03/18 15:17:29 | 000,061,824 | ---- | C] (Perle Systems Ltd.) -- C:\WINDOWS\System32\dllcache\speed.sys

[2012/03/18 15:17:26 | 000,106,584 | ---- | C] (Perle Systems Ltd.) -- C:\WINDOWS\System32\dllcache\spdports.dll

[2012/03/18 15:17:23 | 000,019,072 | ---- | C] (Adaptec, Inc.) -- C:\WINDOWS\System32\dllcache\sparrow.sys

[2012/03/18 15:17:19 | 000,007,552 | ---- | C] (Sony Corporation) -- C:\WINDOWS\System32\dllcache\sonypvu1.sys

[2012/03/18 15:17:16 | 000,037,040 | ---- | C] (Sony Corporation) -- C:\WINDOWS\System32\dllcache\sonypi.sys

[2012/03/18 15:17:13 | 000,114,688 | ---- | C] (Sony Corporation) -- C:\WINDOWS\System32\dllcache\sonypi.dll

[2012/03/18 15:17:10 | 000,020,752 | ---- | C] (Sony Corporation) -- C:\WINDOWS\System32\dllcache\sonync.sys

[2012/03/18 15:17:06 | 000,009,600 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\sonymc.sys

[2012/03/18 15:17:05 | 000,007,552 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\sonyait.sys

[2012/03/18 15:17:01 | 000,007,040 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\snyaitmc.sys

[2012/03/18 15:16:54 | 000,058,368 | ---- | C] (Silicon Motion Inc.) -- C:\WINDOWS\System32\dllcache\smiminib.sys

[2012/03/18 15:16:50 | 000,147,200 | ---- | C] (Silicon Motion Inc.) -- C:\WINDOWS\System32\dllcache\smidispb.dll

[2012/03/18 15:16:46 | 000,025,034 | ---- | C] (SMC Networks, Inc.) -- C:\WINDOWS\System32\dllcache\smcpwr2n.sys

[2012/03/18 15:16:43 | 000,035,913 | ---- | C] (SMC) -- C:\WINDOWS\System32\dllcache\smcirda.sys

[2012/03/18 15:16:40 | 000,024,576 | ---- | C] (SMC Networks, Inc.) -- C:\WINDOWS\System32\dllcache\smc8000n.sys

[2012/03/18 15:16:37 | 000,006,784 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\smbhc.sys

[2012/03/18 15:16:36 | 000,006,912 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\smbclass.sys

[2012/03/18 15:16:35 | 000,016,000 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\smbbatt.sys

[2012/03/18 15:16:31 | 000,045,568 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\smb3w.dll

[2012/03/18 15:16:28 | 000,033,792 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\smb0w.dll

[2012/03/18 15:16:24 | 000,028,672 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\sma0w.dll

[2012/03/18 15:16:20 | 000,028,160 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\sm91w.dll

[2012/03/18 15:16:16 | 000,011,136 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\slip.sys

[2012/03/18 15:16:15 | 000,063,547 | ---- | C] (Symbol Technologies) -- C:\WINDOWS\System32\dllcache\sla30nd5.sys

[2012/03/18 15:16:12 | 000,091,294 | ---- | C] (SysKonnect, a business unit of Schneider & Koch & Co. Datensysteme GmbH.) -- C:\WINDOWS\System32\dllcache\skfpwin.sys

[2012/03/18 15:16:09 | 000,094,698 | ---- | C] (SysKonnect GmbH.) -- C:\WINDOWS\System32\dllcache\sk98xwin.sys

[2012/03/18 15:16:05 | 000,157,696 | ---- | C] (Silicon Integrated Systems Corporation) -- C:\WINDOWS\System32\dllcache\sisv256.dll

[2012/03/18 15:16:02 | 000,050,432 | ---- | C] (Silicon Integrated Systems Corporation) -- C:\WINDOWS\System32\dllcache\sisv.sys

[2012/03/18 15:16:01 | 000,032,768 | ---- | C] (SiS Corporation) -- C:\WINDOWS\System32\dllcache\sisnic.sys

[2012/03/18 15:15:58 | 000,238,592 | ---- | C] (Silicon Integrated Systems Corporation) -- C:\WINDOWS\System32\dllcache\sisgrv.dll

[2012/03/18 15:15:55 | 000,104,064 | ---- | C] (Silicon Integrated Systems Corporation) -- C:\WINDOWS\System32\dllcache\sisgrp.sys

[2012/03/18 15:15:51 | 000,150,144 | ---- | C] (Silicon Integrated Systems Corporation) -- C:\WINDOWS\System32\dllcache\sis6306v.dll

[2012/03/18 15:15:48 | 000,068,608 | ---- | C] (Silicon Integrated Systems Corporation) -- C:\WINDOWS\System32\dllcache\sis6306p.sys

[2012/03/18 15:15:45 | 000,252,032 | ---- | C] (Silicon Integrated Systems Corporation) -- C:\WINDOWS\System32\dllcache\sis300iv.dll

[2012/03/18 15:15:41 | 000,101,760 | ---- | C] (Silicon Integrated Systems Corporation) -- C:\WINDOWS\System32\dllcache\sis300ip.sys

[2012/03/18 15:15:34 | 000,161,568 | ---- | C] (Micro Systemation) -- C:\WINDOWS\System32\dllcache\sgsmusb.sys

[2012/03/18 15:15:31 | 000,018,400 | ---- | C] (Micro Systemation) -- C:\WINDOWS\System32\dllcache\sgsmld.sys

[2012/03/18 15:15:28 | 000,098,080 | ---- | C] (Trident Microsystems Inc.) -- C:\WINDOWS\System32\dllcache\sgiulnt5.sys

[2012/03/18 15:15:24 | 000,386,560 | ---- | C] (Trident Microsystems Inc.) -- C:\WINDOWS\System32\dllcache\sgiul50.dll

[2012/03/18 15:15:21 | 000,036,480 | ---- | C] (Creative Technology Ltd.) -- C:\WINDOWS\System32\dllcache\sfmanm.sys

[2012/03/18 15:15:17 | 000,006,784 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\serscan.sys

[2012/03/18 15:15:13 | 000,017,664 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\sermouse.sys

[2012/03/18 15:15:07 | 000,006,912 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\seaddsmc.sys

[2012/03/18 15:15:06 | 000,011,520 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\scsiscan.sys

[2012/03/18 15:15:02 | 000,011,648 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\scsiprnt.sys

[2012/03/18 15:14:58 | 000,017,280 | ---- | C] (SCM Microsystems) -- C:\WINDOWS\System32\dllcache\scr111.sys

[2012/03/18 15:14:54 | 000,016,640 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\scmstcs.sys

[2012/03/18 15:14:50 | 000,023,936 | ---- | C] (OMNIKEY AG) -- C:\WINDOWS\System32\dllcache\sccmusbm.sys

[2012/03/18 15:14:46 | 000,023,936 | ---- | C] (OMNIKEY AG) -- C:\WINDOWS\System32\dllcache\sccmn50m.sys

[2012/03/18 15:14:45 | 000,043,904 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\sbp2port.sys

[2012/03/18 15:14:41 | 000,495,616 | ---- | C] (Creative Technology Ltd.) -- C:\WINDOWS\System32\dllcache\sblfx.dll

[2012/03/18 15:14:37 | 000,075,392 | ---- | C] (S3 Graphics, Inc.) -- C:\WINDOWS\System32\dllcache\s3savmxm.sys

[2012/03/18 15:14:33 | 000,245,632 | ---- | C] (S3 Graphics, Inc.) -- C:\WINDOWS\System32\dllcache\s3savmx.dll

[2012/03/18 15:14:29 | 000,077,824 | ---- | C] (S3 Incorporated) -- C:\WINDOWS\System32\dllcache\s3sav4m.sys

[2012/03/18 15:14:26 | 000,198,400 | ---- | C] (S3 Incorporated) -- C:\WINDOWS\System32\dllcache\s3sav4.dll

[2012/03/18 15:14:22 | 000,061,504 | ---- | C] (S3 Incorporated) -- C:\WINDOWS\System32\dllcache\s3sav3dm.sys

[2012/03/18 15:14:19 | 000,179,264 | ---- | C] (S3 Incorporated) -- C:\WINDOWS\System32\dllcache\s3sav3d.dll

[2012/03/18 15:14:15 | 000,210,496 | ---- | C] (S3 Incorporated) -- C:\WINDOWS\System32\dllcache\s3mvirge.dll

[2012/03/18 15:14:11 | 000,062,496 | ---- | C] (S3 Incorporated) -- C:\WINDOWS\System32\dllcache\s3mtrio.dll

[2012/03/18 15:14:08 | 000,041,216 | ---- | C] (S3 Incorporated) -- C:\WINDOWS\System32\dllcache\s3mt3d.sys

[2012/03/18 15:14:04 | 000,182,272 | ---- | C] (S3 Incorporated) -- C:\WINDOWS\System32\dllcache\s3mt3d.dll

[2012/03/18 15:14:01 | 000,166,720 | ---- | C] (S3 Incorporated) -- C:\WINDOWS\System32\dllcache\s3m.sys

[2012/03/18 15:13:57 | 000,065,664 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\s3legacy.sys

[2012/03/18 15:13:54 | 000,082,432 | ---- | C] (Ricoh Co., Ltd.) -- C:\WINDOWS\System32\dllcache\rwia450.dll

[2012/03/18 15:13:51 | 000,079,872 | ---- | C] (Ricoh Co., Ltd.) -- C:\WINDOWS\System32\dllcache\rwia430.dll

[2012/03/18 15:13:49 | 000,029,696 | ---- | C] (Ricoh Co., Ltd.) -- C:\WINDOWS\System32\dllcache\rw450ext.dll

[2012/03/18 15:13:48 | 000,027,648 | ---- | C] (Ricoh Co., Ltd.) -- C:\WINDOWS\System32\dllcache\rw430ext.dll

[2012/03/18 15:13:44 | 000,019,017 | ---- | C] (Realtek Semiconductor Corporation) -- C:\WINDOWS\System32\dllcache\rtl8029.sys

[2012/03/18 15:13:41 | 000,030,720 | ---- | C] (Conexant Systems Inc.) -- C:\WINDOWS\System32\dllcache\rthwcls.sys

[2012/03/18 15:13:37 | 000,009,216 | ---- | C] (Brother Industries, Ltd.) -- C:\WINDOWS\System32\dllcache\rsmgrstr.dll

[2012/03/18 15:13:33 | 000,003,840 | ---- | C] (Conexant Systems Inc.) -- C:\WINDOWS\System32\dllcache\rpfun.sys

[2012/03/18 15:13:31 | 000,079,104 | ---- | C] (Comtrol Corporation) -- C:\WINDOWS\System32\dllcache\rocket.sys

[2012/03/18 15:13:28 | 000,037,563 | ---- | C] (RadioLAN) -- C:\WINDOWS\System32\dllcache\rlnet5.sys

[2012/03/18 15:13:25 | 000,086,097 | ---- | C] (Xircom) -- C:\WINDOWS\System32\dllcache\reslog32.dll

[2012/03/18 15:13:18 | 000,019,584 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\rasirda.sys

[2012/03/18 15:13:14 | 000,714,762 | ---- | C] (Xircom, Inc.) -- C:\WINDOWS\System32\dllcache\r2mdmkxx.sys

[2012/03/18 15:13:11 | 000,899,146 | ---- | C] (Xircom, Inc.) -- C:\WINDOWS\System32\dllcache\r2mdkxga.sys

[2012/03/18 15:13:08 | 000,041,472 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\qvusd.dll

[2012/03/18 15:13:04 | 000,003,328 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\qv2kux.sys

[2012/03/18 15:12:59 | 000,049,024 | ---- | C] (QLogic Corporation) -- C:\WINDOWS\System32\dllcache\ql1280.sys

[2012/03/18 15:12:56 | 000,040,448 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\ql1240.sys

[2012/03/18 15:12:53 | 000,045,312 | ---- | C] (QLogic Corporation) -- C:\WINDOWS\System32\dllcache\ql12160.sys

[2012/03/18 15:12:50 | 000,033,152 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\ql10wnt.sys

[2012/03/18 15:12:47 | 000,040,320 | ---- | C] (QLogic Corporation) -- C:\WINDOWS\System32\dllcache\ql1080.sys

[2012/03/18 15:12:45 | 000,006,016 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\qic157.sys

[2012/03/18 15:12:42 | 000,130,942 | ---- | C] (PCTEL, INC.) -- C:\WINDOWS\System32\dllcache\ptserlv.sys

[2012/03/18 15:12:39 | 000,112,574 | ---- | C] (PCTEL, INC.) -- C:\WINDOWS\System32\dllcache\ptserlp.sys

[2012/03/18 15:12:36 | 000,128,286 | ---- | C] (PCTEL, INC.) -- C:\WINDOWS\System32\dllcache\ptserli.sys

[2012/03/18 15:12:35 | 000,159,232 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\ptpusd.dll

[2012/03/18 15:12:32 | 000,005,632 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\ptpusb.dll

[2012/03/18 15:12:27 | 000,035,328 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\psisload.dll

[2012/03/18 15:12:23 | 000,016,128 | ---- | C] (SCM Microsystems, Inc.) -- C:\WINDOWS\System32\dllcache\pscr.sys

[2012/03/18 15:12:21 | 000,017,664 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\ppa3.sys

[2012/03/18 15:12:17 | 000,017,792 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\ppa.sys

[2012/03/18 15:12:16 | 000,008,832 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\powerfil.sys

[2012/03/18 15:12:13 | 000,007,168 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\pnrmc.sys

[2012/03/18 15:12:02 | 000,121,344 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\phvfwext.dll

[2012/03/18 15:11:59 | 000,019,840 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\philtune.sys

[2012/03/18 15:11:55 | 000,092,416 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\phildec.sys

[2012/03/18 15:11:52 | 000,173,696 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\philcam2.sys

[2012/03/18 15:11:49 | 000,075,776 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\philcam1.sys

[2012/03/18 15:11:46 | 000,016,384 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\philcam1.dll

[2012/03/18 15:11:43 | 000,105,984 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\phdsext.ax

[2012/03/18 15:11:42 | 000,259,328 | ---- | C] (Microsoft Corp., 3Dlabs Inc. Ltd.) -- C:\WINDOWS\System32\dllcache\perm3dd.dll

[2012/03/18 15:11:41 | 000,028,032 | ---- | C] (Microsoft Corp., 3Dlabs Inc. Ltd.) -- C:\WINDOWS\System32\dllcache\perm3.sys

[2012/03/18 15:11:40 | 000,211,584 | ---- | C] (Microsoft Corp., 3Dlabs Inc. Ltd.) -- C:\WINDOWS\System32\dllcache\perm2dll.dll

[2012/03/18 15:11:39 | 000,027,904 | ---- | C] (Microsoft Corp., 3Dlabs Inc. Ltd.) -- C:\WINDOWS\System32\dllcache\perm2.sys

[2012/03/18 15:11:36 | 000,005,504 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\perc2hib.sys

[2012/03/18 15:11:32 | 000,027,296 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\perc2.sys

[2012/03/18 15:11:31 | 000,169,984 | ---- | C] (Cisco Systems) -- C:\WINDOWS\System32\dllcache\pcx500.sys

[2012/03/18 15:11:28 | 000,086,016 | ---- | C] (PCtel, Inc.) -- C:\WINDOWS\System32\dllcache\pctspk.exe

[2012/03/18 15:11:25 | 000,035,328 | ---- | C] (AMD Inc.) -- C:\WINDOWS\System32\dllcache\pcntpci5.sys

[2012/03/18 15:11:22 | 000,029,769 | ---- | C] (AMD Inc.) -- C:\WINDOWS\System32\dllcache\pcntn5m.sys

[2012/03/18 15:11:19 | 000,030,282 | ---- | C] (AMD Inc.) -- C:\WINDOWS\System32\dllcache\pcntn5hl.sys

[2012/03/18 15:11:16 | 000,026,153 | ---- | C] (Linksys) -- C:\WINDOWS\System32\dllcache\pcmlm56.sys

[2012/03/18 15:11:15 | 000,029,502 | ---- | C] (Marconi Communications, Inc.) -- C:\WINDOWS\System32\dllcache\pca200e.sys

[2012/03/18 15:11:11 | 000,030,495 | ---- | C] (Linksys) -- C:\WINDOWS\System32\dllcache\pc100nds.sys

[2012/03/18 15:11:06 | 000,041,984 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\ovui2rc.dll

[2012/03/18 15:11:03 | 000,044,544 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\ovui2.dll

[2012/03/18 15:11:00 | 000,025,216 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\ovsound2.sys

[2012/03/18 15:10:57 | 000,039,424 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\ovcoms.exe

[2012/03/18 15:10:54 | 000,020,480 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\ovcomc.dll

[2012/03/18 15:10:51 | 000,351,616 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\ovcodek2.sys

[2012/03/18 15:10:48 | 000,116,736 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\ovcodec2.dll

[2012/03/18 15:10:45 | 000,031,872 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\ovce.sys

[2012/03/18 15:10:42 | 000,028,032 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\ovcd.sys

[2012/03/18 15:10:38 | 000,048,000 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\ovcam2.sys

[2012/03/18 15:10:35 | 000,025,088 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\ovca.sys

[2012/03/18 15:10:32 | 000,054,186 | ---- | C] (Ositech Communications, Inc.) -- C:\WINDOWS\System32\dllcache\otcsercb.sys

[2012/03/18 15:10:28 | 000,043,689 | ---- | C] (Ositech Communications, Inc.) -- C:\WINDOWS\System32\dllcache\otceth5.sys

[2012/03/18 15:10:25 | 000,027,209 | ---- | C] (Ositech Communications, Inc.) -- C:\WINDOWS\System32\dllcache\otc06x5.sys

[2012/03/18 15:10:22 | 000,054,528 | ---- | C] (Yamaha Corp.) -- C:\WINDOWS\System32\dllcache\opl3sax.sys

[2012/03/18 15:10:18 | 000,061,696 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\ohci1394.sys

[2012/03/18 15:10:05 | 000,198,144 | ---- | C] (NVIDIA Corporation) -- C:\WINDOWS\System32\dllcache\nv3.sys

[2012/03/18 15:10:02 | 000,123,776 | ---- | C] (NVIDIA Corporation) -- C:\WINDOWS\System32\dllcache\nv3.dll

[2012/03/18 15:09:48 | 000,051,552 | ---- | C] (Kensington Technology Group) -- C:\WINDOWS\System32\dllcache\ntgrip.sys

[2012/03/18 15:09:44 | 000,009,344 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\ntapm.sys

[2012/03/18 15:09:40 | 000,007,552 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\nsmmc.sys

[2012/03/18 15:09:38 | 000,028,672 | ---- | C] (National Semiconductor Corporation) -- C:\WINDOWS\System32\dllcache\nscirda.sys

[2012/03/18 15:09:28 | 000,087,040 | ---- | C] (NeoMagic Corporation) -- C:\WINDOWS\System32\dllcache\nm6wdm.sys

[2012/03/18 15:09:24 | 000,126,080 | ---- | C] (NeoMagic Corporation) -- C:\WINDOWS\System32\dllcache\nm5a2wdm.sys

[2012/03/18 15:09:19 | 000,032,840 | ---- | C] (NETGEAR Corporation.) -- C:\WINDOWS\System32\dllcache\ngrpci.sys

[2012/03/18 15:09:18 | 000,132,695 | ---- | C] (802.11b) -- C:\WINDOWS\System32\dllcache\netwlan5.sys

[2012/03/18 15:09:09 | 000,065,278 | ---- | C] (Compaq Computer Corporation) -- C:\WINDOWS\System32\dllcache\netflx3.sys

[2012/03/18 15:09:03 | 000,039,264 | ---- | C] (NeoMagic Corporation) -- C:\WINDOWS\System32\dllcache\neo20xx.sys

[2012/03/18 15:09:00 | 000,060,480 | ---- | C] (NeoMagic Corporation) -- C:\WINDOWS\System32\dllcache\neo20xx.dll

[2012/03/18 15:08:56 | 000,015,872 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\ne2000.sys

[2012/03/18 15:08:53 | 000,010,880 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\ndisip.sys

[2012/03/18 15:08:47 | 000,085,248 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\nabtsfec.sys

[2012/03/18 15:08:44 | 000,091,488 | ---- | C] (Number Nine Visual Technology Corp.) -- C:\WINDOWS\System32\dllcache\n9i3disp.dll

[2012/03/18 15:08:41 | 000,027,936 | ---- | C] (Number Nine Visual Technology Corp.) -- C:\WINDOWS\System32\dllcache\n9i3d.sys

[2012/03/18 15:08:38 | 000,033,088 | ---- | C] (Number Nine Visual Technology Corp.) -- C:\WINDOWS\System32\dllcache\n9i128v2.sys

[2012/03/18 15:08:35 | 000,059,104 | ---- | C] (Number Nine Visual Technology Corp.) -- C:\WINDOWS\System32\dllcache\n9i128v2.dll

[2012/03/18 15:08:31 | 000,013,664 | ---- | C] (Number Nine Visual Technology Corp.) -- C:\WINDOWS\System32\dllcache\n9i128.sys

Link to post
Share on other sites

[2012/03/18 15:08:28 | 000,035,392 | ---- | C] (Number Nine Visual Technology Corp.) -- C:\WINDOWS\System32\dllcache\n9i128.dll

[2012/03/18 15:08:25 | 000,128,000 | ---- | C] (Compaq Computer Corporation) -- C:\WINDOWS\System32\dllcache\n100325.sys

[2012/03/18 15:08:22 | 000,052,255 | ---- | C] (Compaq Computer Corporation) -- C:\WINDOWS\System32\dllcache\n1000nt5.sys

[2012/03/18 15:08:18 | 000,075,520 | ---- | C] (Moxa Technologies Co., Ltd.) -- C:\WINDOWS\System32\dllcache\mxport.sys

[2012/03/18 15:08:15 | 000,007,168 | ---- | C] (Moxa Technologies Co., Ltd) -- C:\WINDOWS\System32\dllcache\mxport.dll

[2012/03/18 15:08:11 | 000,019,968 | ---- | C] (Macronix International Co., Ltd. ) -- C:\WINDOWS\System32\dllcache\mxnic.sys

[2012/03/18 15:08:08 | 000,019,968 | ---- | C] (Moxa Technologies Co., Ltd) -- C:\WINDOWS\System32\dllcache\mxicfg.dll

[2012/03/18 15:08:05 | 000,021,888 | ---- | C] (Moxa Technologies Co., Ltd.) -- C:\WINDOWS\System32\dllcache\mxcard.sys

[2012/03/18 15:07:58 | 000,103,296 | ---- | C] (Matrox Graphics Inc) -- C:\WINDOWS\System32\dllcache\mtxvideo.sys

[2012/03/18 15:07:40 | 000,005,504 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\mstee.sys

[2012/03/18 15:07:39 | 000,049,024 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\mstape.sys

[2012/03/18 15:07:30 | 000,012,416 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\msriffwv.sys

[2012/03/18 15:07:17 | 000,022,016 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\msircomm.sys

[2012/03/18 15:06:57 | 000,035,200 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\msgame.sys

[2012/03/18 15:06:52 | 000,006,016 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\msfsio.sys

[2012/03/18 15:06:50 | 000,051,200 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\msdv.sys

[2012/03/18 15:06:38 | 000,017,280 | ---- | C] (American Megatrends Inc.) -- C:\WINDOWS\System32\dllcache\mraid35x.sys

[2012/03/18 15:06:34 | 000,015,232 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\mpe.sys

[2012/03/18 15:06:24 | 000,016,128 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\modemcsa.sys

[2012/03/18 15:06:13 | 000,006,528 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\miniqic.sys

[2012/03/18 15:06:01 | 000,320,384 | ---- | C] (Matrox Graphics Inc.) -- C:\WINDOWS\System32\dllcache\mgaum.sys

[2012/03/18 15:05:58 | 000,235,648 | ---- | C] (Matrox Graphics Inc.) -- C:\WINDOWS\System32\dllcache\mgaud.dll

[2012/03/18 15:05:53 | 000,026,112 | ---- | C] (Sony Corporation) -- C:\WINDOWS\System32\dllcache\memstpci.sys

[2012/03/18 15:05:50 | 000,047,616 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\memgrp.dll

[2012/03/18 15:05:46 | 000,008,320 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\memcard.sys

[2012/03/18 15:05:42 | 000,164,586 | ---- | C] (Madge Networks Ltd) -- C:\WINDOWS\System32\dllcache\mdgndis5.sys

[2012/03/18 15:05:36 | 000,007,424 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\mammoth.sys

[2012/03/18 15:05:30 | 000,048,768 | ---- | C] (ESS Technology, Inc.) -- C:\WINDOWS\System32\dllcache\maestro.sys

[2012/03/18 15:05:26 | 000,058,880 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\m3092dc.dll

[2012/03/18 15:05:23 | 000,058,368 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\m3091dc.dll

[2012/03/18 15:05:19 | 000,022,848 | ---- | C] (Logitech Inc.) -- C:\WINDOWS\System32\dllcache\lwusbhid.sys

[2012/03/18 15:05:18 | 000,020,864 | ---- | C] (Logitech Inc.) -- C:\WINDOWS\System32\dllcache\lwadihid.sys

[2012/03/18 15:05:14 | 000,797,500 | ---- | C] (LT) -- C:\WINDOWS\System32\dllcache\ltsmt.sys

[2012/03/18 15:05:10 | 000,802,683 | ---- | C] (Lucent Technologies) -- C:\WINDOWS\System32\dllcache\ltsm.sys

[2012/03/18 15:05:09 | 000,007,040 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\ltotape.sys

[2012/03/18 15:05:07 | 000,420,992 | ---- | C] (LT) -- C:\WINDOWS\System32\dllcache\ltmdmntt.sys

[2012/03/18 15:05:03 | 000,576,746 | ---- | C] (LT) -- C:\WINDOWS\System32\dllcache\ltmdmntl.sys

[2012/03/18 15:05:01 | 000,606,684 | ---- | C] (LT) -- C:\WINDOWS\System32\dllcache\ltmdmnt.sys

[2012/03/18 15:04:57 | 000,727,786 | ---- | C] (Xircom, Inc.) -- C:\WINDOWS\System32\dllcache\ltck000c.sys

[2012/03/18 15:04:49 | 000,004,992 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\loop.sys

[2012/03/18 15:04:38 | 000,070,730 | ---- | C] (Linksys Group, Inc.) -- C:\WINDOWS\System32\dllcache\lne100tx.sys

[2012/03/18 15:04:34 | 000,020,573 | ---- | C] (The Linksts Group ) -- C:\WINDOWS\System32\dllcache\lne100.sys

[2012/03/18 15:04:30 | 000,025,065 | ---- | C] (D-Link) -- C:\WINDOWS\System32\dllcache\lmndis3.sys

[2012/03/18 15:04:26 | 000,015,744 | ---- | C] (Litronic Industries) -- C:\WINDOWS\System32\dllcache\lit220p.sys

[2012/03/18 15:04:20 | 000,026,442 | ---- | C] (SMSC) -- C:\WINDOWS\System32\dllcache\lanepic5.sys

[2012/03/18 15:04:15 | 000,019,016 | ---- | C] (Kingston Technology Company ) -- C:\WINDOWS\System32\dllcache\ktc111.sys

[2012/03/18 15:04:14 | 000,043,008 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\ksxbar.ax

[2012/03/18 15:04:13 | 000,091,136 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kswdmcap.ax

[2012/03/18 15:04:13 | 000,061,952 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kstvtune.ax

[2012/03/18 15:04:08 | 000,037,376 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kousd.dll

[2012/03/18 15:04:04 | 000,253,952 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kdsusd.dll

[2012/03/18 15:04:03 | 000,048,640 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kdsui.dll

[2012/03/18 15:03:50 | 000,008,192 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kbdkor.dll

[2012/03/18 15:03:47 | 000,008,704 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kbdjpn.dll

[2012/03/18 15:03:42 | 000,014,592 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kbdhid.sys

[2012/03/18 15:03:32 | 000,006,144 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kbd106.dll

[2012/03/18 15:03:30 | 000,005,632 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kbd103.dll

[2012/03/18 15:03:27 | 000,006,144 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kbd101c.dll

[2012/03/18 15:03:24 | 000,006,144 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kbd101b.dll

[2012/03/18 15:03:14 | 000,026,624 | ---- | C] (SigmaTel, Inc.) -- C:\WINDOWS\System32\dllcache\irstusb.sys

[2012/03/18 15:03:11 | 000,018,688 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\irsir.sys

[2012/03/18 15:03:10 | 000,028,160 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\irmon.dll

[2012/03/18 15:03:07 | 000,023,552 | ---- | C] (MKNet Corporation) -- C:\WINDOWS\System32\dllcache\irmk7.sys

[2012/03/18 15:03:06 | 000,151,552 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\irftp.exe

[2012/03/18 15:03:05 | 000,088,192 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\irda.sys

[2012/03/18 15:03:01 | 000,016,384 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\ipsink.ax

[2012/03/18 15:02:50 | 000,045,632 | ---- | C] (Interphase ® Corporation a Windows ® 2000 DDK Driver Provider) -- C:\WINDOWS\System32\dllcache\ip5515.sys

[2012/03/18 15:02:48 | 000,090,200 | ---- | C] (Perle Systems Ltd. ) -- C:\WINDOWS\System32\dllcache\io8ports.dll

[2012/03/18 15:02:45 | 000,038,784 | ---- | C] (Perle Systems Ltd. ) -- C:\WINDOWS\System32\dllcache\io8.sys

[2012/03/18 15:02:43 | 000,005,504 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\intelide.sys

[2012/03/18 15:02:40 | 000,013,056 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\inport.sys

[2012/03/18 15:02:37 | 000,016,000 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\ini910u.sys

[2012/03/18 15:01:32 | 000,372,824 | ---- | C] (Xircom) -- C:\WINDOWS\System32\dllcache\iconf32.dll

[2012/03/18 15:01:27 | 000,100,992 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\icam5usb.sys

[2012/03/18 15:01:25 | 000,020,480 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\icam5ext.dll

[2012/03/18 15:01:22 | 000,045,056 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\icam5com.dll

[2012/03/18 15:01:19 | 000,154,496 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\icam4usb.sys

[2012/03/18 15:01:17 | 000,061,952 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\icam4ext.dll

[2012/03/18 15:01:14 | 000,091,136 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\icam4com.dll

[2012/03/18 15:01:11 | 000,026,624 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\icam3ext.dll

[2012/03/18 15:01:09 | 000,141,056 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\icam3.sys

[2012/03/18 15:01:06 | 000,038,528 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\ibmvcap.sys

[2012/03/18 15:01:03 | 000,109,085 | ---- | C] (IBM Corporation) -- C:\WINDOWS\System32\dllcache\ibmtrp.sys

[2012/03/18 15:01:00 | 000,100,936 | ---- | C] (IBM Corporation) -- C:\WINDOWS\System32\dllcache\ibmtok.sys

[2012/03/18 15:00:57 | 000,009,216 | ---- | C] (IBM Corporation) -- C:\WINDOWS\System32\dllcache\ibmsgnet.dll

[2012/03/18 15:00:54 | 000,028,700 | ---- | C] (IBM Corp.) -- C:\WINDOWS\System32\dllcache\ibmexmp.sys

[2012/03/18 15:00:52 | 000,161,020 | ---- | C] (Intel® Corporation) -- C:\WINDOWS\System32\dllcache\i81xnt5.sys

[2012/03/18 15:00:51 | 000,702,845 | ---- | C] (Intel® Corporation) -- C:\WINDOWS\System32\dllcache\i81xdnt5.dll

[2012/03/18 15:00:48 | 000,058,592 | ---- | C] (Intel Corporation) -- C:\WINDOWS\System32\dllcache\i740nt5.sys

[2012/03/18 15:00:45 | 000,353,184 | ---- | C] (Intel Corporation) -- C:\WINDOWS\System32\dllcache\i740dnt5.dll

[2012/03/18 15:00:44 | 000,018,560 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\i2omp.sys

[2012/03/18 15:00:17 | 000,488,383 | ---- | C] (Conexant) -- C:\WINDOWS\System32\dllcache\hsf_v124.sys

[2012/03/18 15:00:13 | 000,050,751 | ---- | C] (Conexant) -- C:\WINDOWS\System32\dllcache\hsf_tone.sys

[2012/03/18 15:00:10 | 000,073,279 | ---- | C] (Conexant) -- C:\WINDOWS\System32\dllcache\hsf_spkp.sys

[2012/03/18 15:00:07 | 000,044,863 | ---- | C] (Conexant) -- C:\WINDOWS\System32\dllcache\hsf_soar.sys

[2012/03/18 15:00:03 | 000,057,471 | ---- | C] (Conexant) -- C:\WINDOWS\System32\dllcache\hsf_samp.sys

[2012/03/18 15:00:00 | 000,542,879 | ---- | C] (Conexant) -- C:\WINDOWS\System32\dllcache\hsf_msft.sys

[2012/03/18 14:59:57 | 000,391,199 | ---- | C] (Conexant) -- C:\WINDOWS\System32\dllcache\hsf_k56k.sys

[2012/03/18 14:59:54 | 000,009,759 | ---- | C] (Conexant) -- C:\WINDOWS\System32\dllcache\hsf_inst.dll

[2012/03/18 14:59:52 | 000,115,807 | ---- | C] (Conexant) -- C:\WINDOWS\System32\dllcache\hsf_fsks.sys

[2012/03/18 14:59:49 | 000,199,711 | ---- | C] (Conexant) -- C:\WINDOWS\System32\dllcache\hsf_faxx.sys

[2012/03/18 14:59:46 | 000,289,887 | ---- | C] (Conexant) -- C:\WINDOWS\System32\dllcache\hsf_fall.sys

[2012/03/18 14:59:43 | 000,067,167 | ---- | C] (Conexant) -- C:\WINDOWS\System32\dllcache\hsf_bsc2.sys

[2012/03/18 14:59:40 | 000,150,239 | ---- | C] (Conexant) -- C:\WINDOWS\System32\dllcache\hsf_amos.sys

[2012/03/18 14:59:35 | 000,019,456 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\hr1w.dll

[2012/03/18 14:59:33 | 000,005,760 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\hpt4qic.sys

[2012/03/18 14:59:30 | 000,013,312 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\hpsjmcro.dll

[2012/03/18 14:59:28 | 000,324,608 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\hpojwia.dll

[2012/03/18 14:59:25 | 000,025,952 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\hpn.sys

[2012/03/18 14:59:23 | 000,032,768 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\hpgtmcro.dll

[2012/03/18 14:59:20 | 000,068,608 | ---- | C] (Avisioin) -- C:\WINDOWS\System32\dllcache\hpgt53tk.dll

[2012/03/18 14:59:16 | 000,031,232 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\hpgt42tk.dll

[2012/03/18 14:59:11 | 000,126,976 | ---- | C] (Hewlett Packard) -- C:\WINDOWS\System32\dllcache\hpgt34tk.dll

[2012/03/18 14:59:06 | 000,048,128 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\hpgt33tk.dll

[2012/03/18 14:59:01 | 000,123,392 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\hpgt21tk.dll

[2012/03/18 14:58:57 | 000,119,296 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\hpdigwia.dll

[2012/03/18 14:58:51 | 000,002,688 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\hidswvd.sys

[2012/03/18 14:58:47 | 000,008,576 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\hidgame.sys

[2012/03/18 14:58:46 | 000,020,352 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\hidbatt.sys

[2012/03/18 14:58:36 | 000,907,456 | ---- | C] (Conexant) -- C:\WINDOWS\System32\dllcache\hcf_msft.sys

[2012/03/18 14:58:33 | 000,028,288 | ---- | C] (Gemplus) -- C:\WINDOWS\System32\dllcache\grserial.sys

[2012/03/18 14:58:30 | 000,082,304 | ---- | C] (Gemplus) -- C:\WINDOWS\System32\dllcache\grclass.sys

[2012/03/18 14:58:27 | 000,017,408 | ---- | C] (Gemplus) -- C:\WINDOWS\System32\dllcache\gpr400.sys

[2012/03/18 14:58:25 | 000,059,136 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\gckernel.sys

[2012/03/18 14:58:20 | 000,322,432 | ---- | C] (Matrox Graphics Inc.) -- C:\WINDOWS\System32\dllcache\g400m.sys

[2012/03/18 14:58:17 | 001,733,120 | ---- | C] (Matrox Graphics Inc.) -- C:\WINDOWS\System32\dllcache\g400d.dll

[2012/03/18 14:58:15 | 000,320,384 | ---- | C] (Matrox Graphics Inc.) -- C:\WINDOWS\System32\dllcache\g200m.sys

[2012/03/18 14:58:12 | 000,470,144 | ---- | C] (Matrox Graphics Inc.) -- C:\WINDOWS\System32\dllcache\g200d.dll

[2012/03/18 14:58:10 | 000,454,912 | ---- | C] (AVM GmbH) -- C:\WINDOWS\System32\dllcache\fxusbase.sys

[2012/03/18 14:57:58 | 000,092,160 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\fuusd.dll

[2012/03/18 14:57:55 | 000,455,296 | ---- | C] (AVM GmbH) -- C:\WINDOWS\System32\dllcache\fusbbase.sys

[2012/03/18 14:57:53 | 000,455,680 | ---- | C] (AVM GmbH) -- C:\WINDOWS\System32\dllcache\fus2base.sys

[2012/03/18 14:57:44 | 000,442,240 | ---- | C] (AVM GmbH) -- C:\WINDOWS\System32\dllcache\fpnpbase.sys

[2012/03/18 14:57:41 | 000,441,728 | ---- | C] (AVM GmbH) -- C:\WINDOWS\System32\dllcache\fpcmbase.sys

[2012/03/18 14:57:39 | 000,444,416 | ---- | C] (AVM GmbH) -- C:\WINDOWS\System32\dllcache\fpcibase.sys

[2012/03/18 14:57:36 | 000,034,173 | ---- | C] (Marconi Communications, Inc.) -- C:\WINDOWS\System32\dllcache\forehe.sys

[2012/03/18 14:57:33 | 000,071,680 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\fnfilter.dll

[2012/03/18 14:57:24 | 000,027,165 | ---- | C] (VIA Technologies, Inc. ) -- C:\WINDOWS\System32\dllcache\fetnd5.sys

[2012/03/18 14:57:17 | 000,022,090 | ---- | C] (3Com Corporation) -- C:\WINDOWS\System32\dllcache\fem556n5.sys

[2012/03/18 14:57:12 | 000,024,618 | ---- | C] (NETGEAR) -- C:\WINDOWS\System32\dllcache\fa410nd5.sys

[2012/03/18 14:57:10 | 000,016,074 | ---- | C] (NETGEAR Corp.) -- C:\WINDOWS\System32\dllcache\fa312nd5.sys

[2012/03/18 14:57:07 | 000,011,850 | ---- | C] (FUJITSU LIMITED) -- C:\WINDOWS\System32\dllcache\f3ab18xj.sys

[2012/03/18 14:57:05 | 000,012,362 | ---- | C] (FUJITSU LIMITED) -- C:\WINDOWS\System32\dllcache\f3ab18xi.sys

[2012/03/18 14:57:00 | 000,007,040 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\exabyte2.sys

[2012/03/18 14:56:58 | 000,016,998 | ---- | C] (Intel Corporation) -- C:\WINDOWS\System32\dllcache\ex10.sys

[2012/03/18 14:56:51 | 000,045,568 | ---- | C] (SEIKO EPSON CORP.) -- C:\WINDOWS\System32\dllcache\esunib.dll

[2012/03/18 14:56:49 | 000,045,568 | ---- | C] (SEIKO EPSON CORP.) -- C:\WINDOWS\System32\dllcache\esuni.dll

[2012/03/18 14:56:47 | 000,034,816 | ---- | C] (SEIKO EPSON CORP.) -- C:\WINDOWS\System32\dllcache\esuimg.dll

[2012/03/18 14:56:41 | 000,137,088 | ---- | C] (ESS Technology, Inc.) -- C:\WINDOWS\System32\dllcache\essm2e.sys

[2012/03/18 14:56:41 | 000,043,008 | ---- | C] (SEIKO EPSON CORP.) -- C:\WINDOWS\System32\dllcache\esucm.dll

[2012/03/18 14:56:38 | 000,063,360 | ---- | C] (ESS Technology, Inc.) -- C:\WINDOWS\System32\dllcache\ess.sys

[2012/03/18 14:56:34 | 000,347,550 | ---- | C] (ESS Technology, Inc.) -- C:\WINDOWS\System32\dllcache\es56tpi.sys

[2012/03/18 14:56:31 | 000,594,238 | ---- | C] (ESS Technology, Inc.) -- C:\WINDOWS\System32\dllcache\es56hpi.sys

[2012/03/18 14:56:29 | 000,595,647 | ---- | C] (ESS Technology, Inc.) -- C:\WINDOWS\System32\dllcache\es56cvmp.sys

[2012/03/18 14:56:27 | 000,174,464 | ---- | C] (ESS Technology, Inc.) -- C:\WINDOWS\System32\dllcache\es198x.sys

[2012/03/18 14:56:25 | 000,072,192 | ---- | C] (ESS Technology Inc.) -- C:\WINDOWS\System32\dllcache\es1969.sys

[2012/03/18 14:56:22 | 000,040,704 | ---- | C] (Creative Technology Ltd.) -- C:\WINDOWS\System32\dllcache\es1371mp.sys

[2012/03/18 14:56:20 | 000,037,120 | ---- | C] (Creative Technology Ltd.) -- C:\WINDOWS\System32\dllcache\es1370mp.sys

[2012/03/18 14:56:18 | 000,061,952 | ---- | C] (Equinox Systems Inc.) -- C:\WINDOWS\System32\dllcache\eqnloop.exe

[2012/03/18 14:56:16 | 000,051,200 | ---- | C] (Equinox Systems Inc.) -- C:\WINDOWS\System32\dllcache\eqnlogr.exe

[2012/03/18 14:56:13 | 000,053,248 | ---- | C] (Equinox Systems Inc.) -- C:\WINDOWS\System32\dllcache\eqndiag.exe

[2012/03/18 14:56:11 | 000,629,952 | ---- | C] (Equinox Systems Inc.) -- C:\WINDOWS\System32\dllcache\eqn.sys

[2012/03/18 14:56:08 | 000,114,944 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\epstw2k.sys

[2012/03/18 14:56:06 | 000,018,503 | ---- | C] (Intel Corporation) -- C:\WINDOWS\System32\dllcache\epro4.sys

[2012/03/18 14:56:05 | 000,144,896 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\epcfw2k.sys

[2012/03/18 14:56:02 | 000,006,400 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\enum1394.sys

[2012/03/18 14:56:00 | 000,283,904 | ---- | C] (Creative Technology Ltd.) -- C:\WINDOWS\System32\dllcache\emu10k1m.sys

[2012/03/18 14:55:55 | 000,019,996 | ---- | C] (3Com Corporation) -- C:\WINDOWS\System32\dllcache\em556n4.sys

[2012/03/18 14:55:54 | 000,025,159 | ---- | C] (3Com Corporation) -- C:\WINDOWS\System32\dllcache\elnk3.sys

[2012/03/18 14:55:52 | 000,007,296 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\elmsmc.sys

[2012/03/18 14:55:50 | 000,171,520 | ---- | C] (3Com Corporation) -- C:\WINDOWS\System32\dllcache\el99xn51.sys

[2012/03/18 14:55:49 | 000,070,174 | ---- | C] (3Com Corporation) -- C:\WINDOWS\System32\dllcache\el98xn5.sys

[2012/03/18 14:55:47 | 000,455,199 | ---- | C] (3Com Corporation.) -- C:\WINDOWS\System32\dllcache\el985n51.sys

[2012/03/18 14:55:45 | 000,153,631 | ---- | C] (3Com Corporation) -- C:\WINDOWS\System32\dllcache\el90xnd5.sys

[2012/03/18 14:55:43 | 000,066,591 | ---- | C] (3Com Corporation) -- C:\WINDOWS\System32\dllcache\el90xbc5.sys

[2012/03/18 14:55:42 | 000,241,206 | ---- | C] (3Com Corporation) -- C:\WINDOWS\System32\dllcache\el656se5.sys

[2012/03/18 14:55:40 | 000,077,386 | ---- | C] (3Com Corporation) -- C:\WINDOWS\System32\dllcache\el656nd5.sys

[2012/03/18 14:55:38 | 000,634,134 | ---- | C] (3Com Corporation) -- C:\WINDOWS\System32\dllcache\el656ct5.sys

[2012/03/18 14:55:36 | 000,069,194 | ---- | C] (3Com Corporation) -- C:\WINDOWS\System32\dllcache\el656cd5.sys

[2012/03/18 14:55:35 | 000,026,141 | ---- | C] (3Com Corporation) -- C:\WINDOWS\System32\dllcache\el589nd5.sys

[2012/03/18 14:55:33 | 000,069,692 | ---- | C] (3Com Corporation) -- C:\WINDOWS\System32\dllcache\el575nd5.sys

[2012/03/18 14:55:30 | 000,024,653 | ---- | C] (3Com Corporation) -- C:\WINDOWS\System32\dllcache\el574nd4.sys

[2012/03/18 14:55:29 | 000,055,999 | ---- | C] (3Com Corporation) -- C:\WINDOWS\System32\dllcache\el556nd5.sys

[2012/03/18 14:55:27 | 000,044,103 | ---- | C] (3Com Corporation) -- C:\WINDOWS\System32\dllcache\el515.sys

[2012/03/18 14:55:19 | 000,019,594 | ---- | C] (Intel Corporation) -- C:\WINDOWS\System32\dllcache\e100isa4.sys

[2012/03/18 14:55:17 | 000,117,760 | ---- | C] (Intel Corporation) -- C:\WINDOWS\System32\dllcache\e100b325.sys

[2012/03/18 14:55:15 | 000,050,719 | ---- | C] (Intel Corporation) -- C:\WINDOWS\System32\dllcache\e1000nt5.sys

[2012/03/18 14:55:06 | 000,020,992 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\dshowext.ax

[2012/03/18 14:55:04 | 000,334,208 | ---- | C] (Yamaha Corp.) -- C:\WINDOWS\System32\dllcache\ds1wdm.sys

[2012/03/18 14:54:58 | 000,020,192 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\dpti2o.sys

[2012/03/18 14:54:54 | 000,028,062 | ---- | C] (National Semiconductor Coproration) -- C:\WINDOWS\System32\dllcache\dp83820.sys

[2012/03/18 14:54:52 | 000,023,808 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\dot4usb.sys

[2012/03/18 14:54:51 | 000,008,704 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\dot4scan.sys

[2012/03/18 14:54:49 | 000,012,928 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\dot4prt.sys

[2012/03/18 14:54:48 | 000,206,976 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\dot4.sys

[2012/03/18 14:54:39 | 000,029,696 | ---- | C] (CNet Technology, Inc. ) -- C:\WINDOWS\System32\dllcache\dm9pci5.sys

[2012/03/18 14:54:38 | 000,008,320 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\dlttape.sys

[2012/03/18 14:54:36 | 000,026,698 | ---- | C] (D-Link Corporation) -- C:\WINDOWS\System32\dllcache\dlh5xnd5.sys

[2012/03/18 14:54:34 | 000,952,007 | ---- | C] (Eicon Technology) -- C:\WINDOWS\System32\dllcache\diwan.sys

[2012/03/18 14:54:29 | 000,236,060 | ---- | C] (Eicon Technology) -- C:\WINDOWS\System32\dllcache\ditrace.exe

[2012/03/18 14:54:28 | 000,038,985 | ---- | C] (Eicon Technology) -- C:\WINDOWS\System32\dllcache\disrvsu.dll

[2012/03/18 14:54:27 | 000,031,305 | ---- | C] (Eicon Technology) -- C:\WINDOWS\System32\dllcache\disrvpp.dll

[2012/03/18 14:54:25 | 000,006,729 | ---- | C] (Eicon Technology) -- C:\WINDOWS\System32\dllcache\disrvci.dll

[2012/03/18 14:54:20 | 000,091,305 | ---- | C] (Eicon Technology) -- C:\WINDOWS\System32\dllcache\dimaint.sys

[2012/03/18 14:54:19 | 000,614,429 | ---- | C] (Digi International Inc.) -- C:\WINDOWS\System32\dllcache\digiview.exe

[2012/03/18 14:54:17 | 000,042,432 | ---- | C] (Digi International, Inc.) -- C:\WINDOWS\System32\dllcache\digirlpt.sys

[2012/03/18 14:54:16 | 000,110,621 | ---- | C] (Digi International, Inc.) -- C:\WINDOWS\System32\dllcache\digirlpt.dll

[2012/03/18 14:54:15 | 000,021,606 | ---- | C] (Digi International Inc.) -- C:\WINDOWS\System32\dllcache\digiisdn.sys

[2012/03/18 14:54:13 | 000,041,046 | ---- | C] (Digi International Inc.) -- C:\WINDOWS\System32\dllcache\digiisdn.dll

[2012/03/18 14:54:12 | 000,102,484 | ---- | C] (Digi International Inc.) -- C:\WINDOWS\System32\dllcache\digiinf.dll

[2012/03/18 14:54:11 | 000,159,828 | ---- | C] (Digi International Inc.) -- C:\WINDOWS\System32\dllcache\digihlc.dll

[2012/03/18 14:54:10 | 000,229,462 | ---- | C] (Digi International Inc.) -- C:\WINDOWS\System32\dllcache\digifwrk.dll

[2012/03/18 14:54:08 | 000,090,525 | ---- | C] (Digi International Inc.) -- C:\WINDOWS\System32\dllcache\digifep5.sys

[2012/03/18 14:54:07 | 000,103,044 | ---- | C] (Digi International Inc.) -- C:\WINDOWS\System32\dllcache\digidxb.sys

[2012/03/18 14:54:06 | 000,131,156 | ---- | C] (Digi International Inc.) -- C:\WINDOWS\System32\dllcache\digidbp.dll

[2012/03/18 14:54:04 | 000,037,735 | ---- | C] (Digi International Inc.) -- C:\WINDOWS\System32\dllcache\digiasyn.sys

[2012/03/18 14:54:03 | 000,065,622 | ---- | C] (Digi International Inc.) -- C:\WINDOWS\System32\dllcache\digiasyn.dll

[2012/03/18 14:53:58 | 000,419,357 | ---- | C] (Digi International) -- C:\WINDOWS\System32\dllcache\dgconfig.dll

[2012/03/18 14:53:57 | 000,029,531 | ---- | C] (Digi International Inc.) -- C:\WINDOWS\System32\dllcache\dgapci.sys

[2012/03/18 14:53:53 | 000,024,649 | ---- | C] (D-Link) -- C:\WINDOWS\System32\dllcache\dfe650d.sys

[2012/03/18 14:53:52 | 000,024,648 | ---- | C] (D-Link) -- C:\WINDOWS\System32\dllcache\dfe650.sys

[2012/03/18 14:53:50 | 000,024,064 | ---- | C] (Creative Technology Ltd.) -- C:\WINDOWS\System32\dllcache\devldr32.exe

[2012/03/18 14:53:49 | 000,256,512 | ---- | C] (Creative Technology Ltd.) -- C:\WINDOWS\System32\dllcache\devcon32.dll

[2012/03/18 14:53:47 | 000,020,928 | ---- | C] (Digital Networks, LLC) -- C:\WINDOWS\System32\dllcache\defpa.sys

[2012/03/18 14:53:45 | 000,007,424 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\ddsmc.sys

[2012/03/18 14:53:42 | 000,110,592 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\dc260usd.dll

[2012/03/18 14:53:41 | 000,086,016 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\dc240usd.dll

[2012/03/18 14:53:39 | 000,063,208 | ---- | C] (Intel Corporation.) -- C:\WINDOWS\System32\dllcache\dc21x4.sys

[2012/03/18 14:53:38 | 000,080,896 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\dc210usd.dll

[2012/03/18 14:53:37 | 000,025,600 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\dc210_32.dll

[2012/03/18 14:53:34 | 000,014,720 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\dac960nt.sys

[2012/03/18 14:53:32 | 000,179,584 | ---- | C] (Mylex Corporation) -- C:\WINDOWS\System32\dllcache\dac2w2k.sys

[2012/03/18 14:53:28 | 000,117,760 | ---- | C] (Intel Corporation) -- C:\WINDOWS\System32\dllcache\d100ib5.sys

[2012/03/18 14:53:27 | 000,027,648 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\cyzports.dll

[2012/03/18 14:53:26 | 000,049,792 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\cyzport.sys

[2012/03/18 14:53:25 | 000,027,136 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\cyzcoins.dll

[2012/03/18 14:53:24 | 000,027,648 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\cyyports.dll

[2012/03/18 14:53:22 | 000,050,176 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\cyyport.sys

[2012/03/18 14:53:21 | 000,028,672 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\cyycoins.dll

[2012/03/18 14:53:20 | 000,014,848 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\cyclom-y.sys

[2012/03/18 14:53:18 | 000,017,152 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\cyclad-z.sys

[2012/03/18 14:53:17 | 000,048,640 | ---- | C] (Crystal Semiconductor Corp.) -- C:\WINDOWS\System32\dllcache\cwrwdm.sys

[2012/03/18 14:53:16 | 000,093,952 | ---- | C] (Crystal Semiconductor Corp.) -- C:\WINDOWS\System32\dllcache\cwcwdm.sys

[2012/03/18 14:53:14 | 000,111,872 | ---- | C] (Crystal Semiconductor Corp.) -- C:\WINDOWS\System32\dllcache\cwcspud.sys

[2012/03/18 14:53:13 | 000,003,584 | ---- | C] (Crystal Semiconductor Corp.) -- C:\WINDOWS\System32\dllcache\cwcosnt5.sys

[2012/03/18 14:53:12 | 000,072,832 | ---- | C] (Crystal Semiconductor Corp.) -- C:\WINDOWS\System32\dllcache\cwbwdm.sys

[2012/03/18 14:53:11 | 000,003,072 | ---- | C] (Crystal Semiconductor Corp.) -- C:\WINDOWS\System32\dllcache\cwbmidi.sys

[2012/03/18 14:53:10 | 000,003,072 | ---- | C] (Crystal Semiconductor Corp.) -- C:\WINDOWS\System32\dllcache\cwbase.sys

[2012/03/18 14:53:08 | 000,249,856 | ---- | C] (Comtrol® Corporation) -- C:\WINDOWS\System32\dllcache\ctmasetp.dll

[2012/03/18 14:53:08 | 000,004,096 | ---- | C] (Creative Technology Ltd.) -- C:\WINDOWS\System32\dllcache\ctwdm32.dll

[2012/03/18 14:53:06 | 000,096,256 | ---- | C] (Copyright © Creative Technology Ltd. 1994-2001) -- C:\WINDOWS\System32\dllcache\ctlsb16.sys

[2012/03/18 14:53:05 | 000,003,712 | ---- | C] (Creative Technology Ltd.) -- C:\WINDOWS\System32\dllcache\ctljystk.sys

[2012/03/18 14:53:04 | 000,006,912 | ---- | C] (Creative Technology Ltd.) -- C:\WINDOWS\System32\dllcache\ctlfacem.sys

[2012/03/18 14:53:01 | 000,175,104 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\csamsp.dll

[2012/03/18 14:52:59 | 000,042,112 | ---- | C] (Conexant Systems Inc.) -- C:\WINDOWS\System32\dllcache\crtaud.sys

[2012/03/18 14:52:57 | 000,216,064 | ---- | C] (COMPAQ Inc.) -- C:\WINDOWS\System32\dllcache\cpscan.dll

[2012/03/18 14:52:55 | 000,060,970 | ---- | C] (Compaq Computer Corp.) -- C:\WINDOWS\System32\dllcache\cpqtrnd5.sys

[2012/03/18 14:52:54 | 000,021,533 | ---- | C] (Compaq Computer Corporation) -- C:\WINDOWS\System32\dllcache\cpqndis5.sys

[2012/03/18 14:52:52 | 000,014,976 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\cpqarray.sys

[2012/03/18 14:52:43 | 000,010,240 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\compbatt.sys

[2012/03/18 14:52:40 | 000,039,936 | ---- | C] (Conexant Systems, Inc.) -- C:\WINDOWS\System32\dllcache\cnxt1803.sys

[2012/03/18 14:52:39 | 000,044,032 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\cnusd.dll

[2012/03/18 14:52:34 | 000,006,656 | ---- | C] (CMD Technology, Inc.) -- C:\WINDOWS\System32\dllcache\cmdide.sys

[2012/03/18 14:52:33 | 000,020,736 | ---- | C] (OMNIKEY AG) -- C:\WINDOWS\System32\dllcache\cmbp0wdm.sys

[2012/03/18 14:52:32 | 000,013,952 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\cmbatt.sys

[2012/03/18 14:52:28 | 000,248,064 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\cl546xm.sys

[2012/03/18 14:52:28 | 000,170,880 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\cl546x.dll

[2012/03/18 14:52:27 | 000,111,232 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\cl5465.dll

[2012/03/18 14:52:25 | 000,045,696 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\cirrus.sys

[2012/03/18 14:52:24 | 000,091,264 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\cirrus.dll

[2012/03/18 14:52:20 | 000,272,640 | ---- | C] (RAVISENT Technologies Inc.) -- C:\WINDOWS\System32\dllcache\cinemclc.sys

[2012/03/18 14:52:17 | 000,980,034 | ---- | C] (Xircom) -- C:\WINDOWS\System32\dllcache\cicap.sys

[2012/03/18 14:52:01 | 000,049,182 | ---- | C] (Xircom, Inc.) -- C:\WINDOWS\System32\dllcache\cem56n5.sys

[2012/03/18 14:52:00 | 000,022,044 | ---- | C] (Xircom, Inc.) -- C:\WINDOWS\System32\dllcache\cem33n5.sys

[2012/03/18 14:52:00 | 000,022,044 | ---- | C] (Xircom, Inc.) -- C:\WINDOWS\System32\dllcache\cem28n5.sys

[2012/03/18 14:51:59 | 000,027,164 | ---- | C] (Xircom, Inc.) -- C:\WINDOWS\System32\dllcache\ce3n5.sys

[2012/03/18 14:51:58 | 000,021,530 | ---- | C] (Xircom, Inc.) -- C:\WINDOWS\System32\dllcache\ce2n5.sys

[2012/03/18 14:51:54 | 000,017,024 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\ccdecode.sys

[2012/03/18 14:51:54 | 000,007,680 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\cd20xrnt.sys

[2012/03/18 14:51:52 | 000,714,698 | ---- | C] (Xircom, Inc.) -- C:\WINDOWS\System32\dllcache\cbmdmkxx.sys

[2012/03/18 14:51:51 | 000,046,108 | ---- | C] (Xircom, Inc.) -- C:\WINDOWS\System32\dllcache\cben5.sys

[2012/03/18 14:51:50 | 000,039,680 | ---- | C] (Silicom Ltd.) -- C:\WINDOWS\System32\dllcache\cb325.sys

[2012/03/18 14:51:48 | 000,037,916 | ---- | C] (Fast Ethernet Controller Provider) -- C:\WINDOWS\System32\dllcache\cb102.sys

[2012/03/18 14:51:46 | 000,032,256 | ---- | C] (Eicon Technology Corporation) -- C:\WINDOWS\System32\dllcache\diapi2NT.dll

[2012/03/18 14:51:45 | 000,164,923 | ---- | C] (Eicon Technology) -- C:\WINDOWS\System32\dllcache\diapi2.sys

[2012/03/18 14:51:43 | 000,121,856 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\camext30.dll

[2012/03/18 14:51:43 | 000,116,736 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\camext30.ax

[2012/03/18 14:51:42 | 000,236,032 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\camext20.dll

[2012/03/18 14:51:41 | 000,244,224 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\camext20.ax

[2012/03/18 14:51:40 | 000,074,240 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\camexo20.dll

[2012/03/18 14:51:40 | 000,073,216 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\camexo20.ax

[2012/03/18 14:51:39 | 000,171,264 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\camdrv30.sys

[2012/03/18 14:51:38 | 000,223,232 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\camdrv21.sys

[2012/03/18 14:51:37 | 000,314,752 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\camdro21.sys

[2012/03/18 14:48:55 | 000,013,824 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\bulltlp3.sys

[2012/03/18 14:48:50 | 000,031,529 | ---- | C] (BreezeCOM) -- C:\WINDOWS\System32\dllcache\brzwlan.sys

[2012/03/18 14:48:49 | 000,010,368 | ---- | C] (Brother Industries Ltd.) -- C:\WINDOWS\System32\dllcache\brusbscn.sys

[2012/03/18 14:48:48 | 000,011,008 | ---- | C] (Brother Industries Ltd.) -- C:\WINDOWS\System32\dllcache\brusbmdm.sys

[2012/03/18 14:48:47 | 000,060,416 | ---- | C] (Brother Industries Ltd.) -- C:\WINDOWS\System32\dllcache\brserwdm.sys

[2012/03/18 14:48:46 | 000,009,728 | ---- | C] (Brother Industries, Ltd.) -- C:\WINDOWS\System32\dllcache\brserif.dll

[2012/03/18 14:48:46 | 000,005,120 | ---- | C] (Brother Industries,Ltd.) -- C:\WINDOWS\System32\dllcache\brscnrsm.dll

[2012/03/18 14:48:45 | 000,039,552 | ---- | C] (Brother Industries Ltd.) -- C:\WINDOWS\System32\dllcache\brparwdm.sys

[2012/03/18 14:48:44 | 000,003,168 | ---- | C] (Brother Industries Ltd.) -- C:\WINDOWS\System32\dllcache\brparimg.sys

[2012/03/18 14:48:42 | 000,041,472 | ---- | C] (Brother Industries, Ltd.) -- C:\WINDOWS\System32\dllcache\brmfusb.dll

[2012/03/18 14:48:41 | 000,032,256 | ---- | C] (Brother Industries, Ltd.) -- C:\WINDOWS\System32\dllcache\brmfrsmg.exe

[2012/03/18 14:48:41 | 000,029,696 | ---- | C] (Brother Industries, Ltd.) -- C:\WINDOWS\System32\dllcache\brmflpt.dll

[2012/03/18 14:48:40 | 000,081,408 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\brmfcwia.dll

[2012/03/18 14:48:40 | 000,015,360 | ---- | C] (Brother Industries, Ltd.) -- C:\WINDOWS\System32\dllcache\brmfbidi.dll

[2012/03/18 14:48:38 | 000,003,968 | ---- | C] (Brother Industries, Ltd.) -- C:\WINDOWS\System32\dllcache\brfiltup.sys

[2012/03/18 14:48:37 | 000,012,160 | ---- | C] (Brother Industries, Ltd.) -- C:\WINDOWS\System32\dllcache\brfiltlo.sys

[2012/03/18 14:48:36 | 000,012,800 | ---- | C] (Brother Industries, Ltd.) -- C:\WINDOWS\System32\dllcache\brevif.dll

[2012/03/18 14:48:36 | 000,002,944 | ---- | C] (Brother Industries Ltd.) -- C:\WINDOWS\System32\dllcache\brfilt.sys

[2012/03/18 14:48:35 | 000,019,456 | ---- | C] (Brother Industries, Ltd.) -- C:\WINDOWS\System32\dllcache\brbidiif.dll

[2012/03/18 14:48:35 | 000,009,728 | ---- | C] (Brother Industries Ltd.) -- C:\WINDOWS\System32\dllcache\brcoinst.dll

[2012/03/18 14:48:18 | 000,102,400 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\binlsvc.dll

[2012/03/18 14:48:11 | 000,018,432 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\bdaplgin.ax

[2012/03/18 14:48:11 | 000,011,776 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\bdasup.sys

[2012/03/18 14:48:10 | 000,871,388 | ---- | C] (BCM) -- C:\WINDOWS\System32\dllcache\bcmdm.sys

[2012/03/18 14:48:09 | 000,026,568 | ---- | C] (Broadcom Corporation) -- C:\WINDOWS\System32\dllcache\bcm4e5.sys

[2012/03/18 14:48:08 | 000,066,557 | ---- | C] (Broadcom Corporation) -- C:\WINDOWS\System32\dllcache\bcm42u.sys

[2012/03/18 14:48:08 | 000,054,271 | ---- | C] (Broadcom Corporation) -- C:\WINDOWS\System32\dllcache\bcm42xx5.sys

[2012/03/18 14:48:05 | 000,014,208 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\battc.sys

[2012/03/18 14:48:04 | 000,342,336 | ---- | C] (3Dfx Interactive, Inc.) -- C:\WINDOWS\System32\dllcache\banshee.dll

[2012/03/18 14:48:04 | 000,036,128 | ---- | C] (3Dfx Interactive, Inc.) -- C:\WINDOWS\System32\dllcache\banshee.sys

[2012/03/18 14:48:03 | 000,096,640 | ---- | C] (Broadcom Corporation) -- C:\WINDOWS\System32\dllcache\b57xp32.sys

[2012/03/18 14:48:02 | 000,089,952 | ---- | C] (AVM GmbH) -- C:\WINDOWS\System32\dllcache\b1cbase.sys

[2012/03/18 14:48:01 | 000,036,992 | ---- | C] (Aztech Systems Ltd) -- C:\WINDOWS\System32\dllcache\aztw2320.sys

[2012/03/18 14:48:00 | 000,144,384 | ---- | C] (AVM GmbH) -- C:\WINDOWS\System32\dllcache\avmenum.dll

[2012/03/18 14:48:00 | 000,037,568 | ---- | C] (AVM GmbH) -- C:\WINDOWS\System32\dllcache\avmwan.sys

[2012/03/18 14:47:59 | 000,087,552 | ---- | C] (AVM GmbH) -- C:\WINDOWS\System32\dllcache\avmcoxp.dll

[2012/03/18 14:47:58 | 000,013,696 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\avcstrm.sys

[2012/03/18 14:47:57 | 000,036,096 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\avcaudio.sys

[2012/03/18 14:47:56 | 000,038,912 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\avc.sys

[2012/03/18 14:47:39 | 000,104,832 | ---- | C] (ATI Technologies Inc.) -- C:\WINDOWS\System32\dllcache\atiraged.dll

[2012/03/18 14:47:39 | 000,070,528 | ---- | C] (ATI Technologies Inc.) -- C:\WINDOWS\System32\dllcache\atiragem.sys

[2012/03/18 14:47:27 | 000,281,600 | ---- | C] (ATI Technologies Inc.) -- C:\WINDOWS\System32\dllcache\atimtai.sys

[2012/03/18 14:47:27 | 000,075,136 | ---- | C] (ATI Technologies Inc.) -- C:\WINDOWS\System32\dllcache\atimpae.sys

[2012/03/18 14:47:26 | 000,289,664 | ---- | C] (ATI Technologies Inc.) -- C:\WINDOWS\System32\dllcache\atimpab.sys

[2012/03/18 14:47:25 | 000,037,376 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\atievxx.exe

[2012/03/18 14:47:24 | 000,268,160 | ---- | C] (ATI Technologies Inc.) -- C:\WINDOWS\System32\dllcache\atidvai.dll

[2012/03/18 14:47:24 | 000,137,216 | ---- | C] (ATI Technologies Inc.) -- C:\WINDOWS\System32\dllcache\atidrae.dll

[2012/03/18 14:47:23 | 000,382,592 | ---- | C] (ATI Technologies Inc.) -- C:\WINDOWS\System32\dllcache\atidrab.dll

[2012/03/18 14:47:08 | 000,077,568 | ---- | C] (ATI Technologies, Inc.) -- C:\WINDOWS\System32\dllcache\ati.sys

[2012/03/18 14:47:07 | 000,096,128 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\ati.dll

[2012/03/18 14:47:05 | 000,097,354 | ---- | C] (Bay Networks, Inc.) -- C:\WINDOWS\System32\dllcache\aspndis3.sys

[2012/03/18 14:47:04 | 000,014,848 | ---- | C] (Advanced System Products, Inc.) -- C:\WINDOWS\System32\dllcache\asc3550.sys

[2012/03/18 14:47:03 | 000,022,400 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\asc3350p.sys

[2012/03/18 14:47:02 | 000,026,496 | ---- | C] (Advanced System Products, Inc.) -- C:\WINDOWS\System32\dllcache\asc.sys

[2012/03/18 14:46:54 | 000,006,272 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\apmbatt.sys

[2012/03/18 14:46:53 | 000,036,224 | ---- | C] (ADMtek Incorporated.) -- C:\WINDOWS\System32\dllcache\an983.sys

[2012/03/18 14:46:52 | 000,012,032 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\amsint.sys

[2012/03/18 14:46:49 | 000,016,969 | ---- | C] (AmbiCom, Inc.) -- C:\WINDOWS\System32\dllcache\amb8002.sys

[2012/03/18 14:46:47 | 000,005,248 | ---- | C] (Acer Laboratories Inc.) -- C:\WINDOWS\System32\dllcache\aliide.sys

[2012/03/18 14:46:46 | 000,027,678 | ---- | C] (Acer Laboratories Inc.) -- C:\WINDOWS\System32\dllcache\ali5261.sys

[2012/03/18 14:46:46 | 000,026,624 | ---- | C] (Acer Laboratories Inc.) -- C:\WINDOWS\System32\dllcache\alifir.sys

[2012/03/18 14:46:45 | 000,056,960 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\aic78xx.sys

[2012/03/18 14:46:44 | 000,055,168 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\aic78u2.sys

[2012/03/18 14:46:43 | 000,012,800 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\aha154x.sys

[2012/03/18 14:46:34 | 000,024,576 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\agcgauge.ax

[2012/03/18 14:33:58 | 000,101,888 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\adpu160m.sys

[2012/03/18 14:33:58 | 000,046,112 | ---- | C] (Adaptec, Inc ) -- C:\WINDOWS\System32\dllcache\adptsf50.sys

[2012/03/18 14:33:57 | 000,010,880 | ---- | C] (Aureal, Inc.) -- C:\WINDOWS\System32\dllcache\admjoy.sys

[2012/03/18 14:33:56 | 000,747,392 | ---- | C] (Aureal, Inc.) -- C:\WINDOWS\System32\dllcache\adm8830.sys

[2012/03/18 14:33:55 | 000,553,984 | ---- | C] (Aureal, Inc.) -- C:\WINDOWS\System32\dllcache\adm8820.sys

[2012/03/18 14:33:54 | 000,584,448 | ---- | C] (Aureal, Inc.) -- C:\WINDOWS\System32\dllcache\adm8810.sys

[2012/03/18 14:33:53 | 000,020,160 | ---- | C] (ADMtek Incorporated) -- C:\WINDOWS\System32\dllcache\adm8511.sys

[2012/03/18 14:33:53 | 000,007,424 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\adicvls.sys

[2012/03/18 14:33:50 | 000,061,440 | ---- | C] (Color Flatbed Scanner) -- C:\WINDOWS\System32\dllcache\acerscad.dll

[2012/03/18 14:33:49 | 000,084,480 | ---- | C] (VIA Technologies, Inc.) -- C:\WINDOWS\System32\dllcache\ac97via.sys

[2012/03/18 14:33:48 | 000,297,728 | ---- | C] (Silicon Integrated Systems Corp.) -- C:\WINDOWS\System32\dllcache\ac97sis.sys

[2012/03/18 14:33:47 | 000,096,256 | ---- | C] (Intel Corporation) -- C:\WINDOWS\System32\dllcache\ac97intc.sys

[2012/03/18 14:33:46 | 000,231,552 | ---- | C] (Acer Laboratories Inc.) -- C:\WINDOWS\System32\dllcache\ac97ali.sys

[2012/03/18 14:33:46 | 000,023,552 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\abp480n5.sys

[2012/03/18 14:33:45 | 000,462,848 | ---- | C] (Aureal Inc.) -- C:\WINDOWS\System32\dllcache\a3dapi.dll

[2012/03/18 14:33:44 | 000,048,128 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\61883.sys

[2012/03/18 14:33:44 | 000,038,400 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\8514a.dll

[2012/03/18 14:33:43 | 000,012,288 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\4mmdat.sys

[2012/03/18 14:33:42 | 000,689,216 | ---- | C] (3dfx Interactive, Inc.) -- C:\WINDOWS\System32\dllcache\3dfxvs.dll

[2012/03/18 14:33:42 | 000,148,352 | ---- | C] (3dfx Interactive, Inc.) -- C:\WINDOWS\System32\dllcache\3dfxvsm.sys

[2012/03/18 14:33:41 | 000,762,780 | ---- | C] (3Com, Inc.) -- C:\WINDOWS\System32\dllcache\3cwmcru.sys

[2012/03/18 14:33:40 | 000,053,376 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\1394bus.sys

[2012/03/18 14:33:40 | 000,011,264 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\1394vdbg.sys

[2012/03/18 14:33:06 | 000,066,048 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\s3legacy.dll

[2012/03/18 14:32:59 | 000,000,000 | ---D | C] -- C:\WINDOWS\LastGood

[2012/03/18 14:25:24 | 000,594,432 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\ffffffff\Desktop\OTL.exe

[2012/03/18 14:20:59 | 000,000,000 | ---D | C] -- C:\Program Files\HitmanPro

[2012/03/18 13:06:49 | 000,000,000 | ---D | C] -- C:\Documents and Settings\ffffffff\Desktop\RK_Quarantine

[2012/03/18 13:02:54 | 000,000,000 | ---D | C] -- C:\Documents and Settings\ffffffff\Application Data\QuickScan

[2012/03/18 12:52:14 | 000,000,000 | ---D | C] -- C:\Program Files\trend micro

[2012/03/18 12:52:13 | 000,000,000 | ---D | C] -- C:\rsit

[2012/03/18 12:48:53 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\ERUNT

[2012/03/18 12:48:52 | 000,000,000 | ---D | C] -- C:\Program Files\ERUNT

[2012/03/18 11:58:18 | 004,438,697 | R--- | C] (Swearware) -- C:\Documents and Settings\ffffffff\Desktop\ComboFix.exe

[2012/03/18 11:54:41 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\HitmanPro

[2012/03/18 00:05:31 | 000,000,000 | -HSD | C] -- C:\RECYCLER

[2012/03/17 20:59:57 | 000,000,000 | RHSD | C] -- C:\cmdcons

[2012/03/17 20:52:02 | 000,000,000 | ---D | C] -- C:\ComboFix

[2012/03/17 19:53:45 | 000,337,880 | ---- | C] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswSP.sys

[2012/03/17 19:53:45 | 000,020,696 | ---- | C] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswFsBlk.sys

[2012/03/17 19:53:45 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\avast! Free Antivirus

[2012/03/17 19:53:44 | 000,053,848 | ---- | C] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswTdi.sys

[2012/03/17 19:53:44 | 000,035,672 | ---- | C] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswRdr.sys

[2012/03/17 19:53:43 | 000,612,184 | ---- | C] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswSnx.sys

[2012/03/17 19:53:43 | 000,095,704 | ---- | C] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswmon2.sys

[2012/03/17 19:53:43 | 000,089,048 | ---- | C] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswmon.sys

[2012/03/17 19:53:43 | 000,024,920 | ---- | C] (AVAST Software) -- C:\WINDOWS\System32\drivers\aavmker4.sys

[2012/03/17 19:53:00 | 000,041,184 | ---- | C] (AVAST Software) -- C:\WINDOWS\avastSS.scr

[2012/03/17 19:52:58 | 000,201,352 | ---- | C] (AVAST Software) -- C:\WINDOWS\System32\aswBoot.exe

[2012/03/17 19:52:39 | 000,000,000 | ---D | C] -- C:\Program Files\AVAST Software

[2012/03/17 19:52:39 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\AVAST Software

[2012/03/17 19:02:48 | 000,000,000 | ---D | C] -- C:\WINDOWS\temp

[2012/03/17 18:51:19 | 000,518,144 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWREG.exe

[2012/03/17 18:51:19 | 000,406,528 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWSC.exe

[2012/03/17 18:51:19 | 000,212,480 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWXCACLS.exe

[2012/03/17 18:51:19 | 000,060,416 | ---- | C] (NirSoft) -- C:\WINDOWS\NIRCMD.exe

[2012/03/17 18:51:13 | 000,000,000 | ---D | C] -- C:\WINDOWS\ERDNT

[2012/03/17 18:12:47 | 000,000,000 | ---D | C] -- C:\Qoobox

[2012/03/17 17:44:09 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\SUPERAntiSpyware

[2012/03/17 17:44:04 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\SUPERAntiSpyware.com

[2012/03/17 17:44:04 | 000,000,000 | ---D | C] -- C:\Program Files\SUPERAntiSpyware

[2012/03/17 16:06:01 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\TuneUp Companion

[2012/03/17 16:05:58 | 000,000,000 | ---D | C] -- C:\Program Files\TuneUpMedia

[2012/03/17 16:05:58 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\TuneUpMedia

[2012/03/17 16:04:05 | 000,000,000 | ---D | C] -- C:\Program Files\YouTube Downloader

[2012/03/17 16:04:05 | 000,000,000 | ---D | C] -- C:\Program Files\hkSFV

[2012/03/17 16:04:05 | 000,000,000 | ---D | C] -- C:\Program Files\Grisoft

[2012/03/17 16:04:05 | 000,000,000 | ---D | C] -- C:\Program Files\Google

[2012/03/17 16:04:05 | 000,000,000 | ---D | C] -- C:\Program Files\Free mp3 Wma Converter

[2012/03/17 16:04:05 | 000,000,000 | ---D | C] -- C:\Program Files\DivX

[2012/03/17 16:04:05 | 000,000,000 | ---D | C] -- C:\Program Files\DFG

[2012/03/17 16:04:05 | 000,000,000 | ---D | C] -- C:\Program Files\ComPlus Applications

[2012/03/17 16:04:04 | 000,000,000 | ---D | C] -- C:\Program Files\WindSolutions

[2012/03/17 16:04:04 | 000,000,000 | ---D | C] -- C:\Program Files\PCPitstop

[2012/03/17 16:04:04 | 000,000,000 | ---D | C] -- C:\Program Files\OpenOffice.org 3

[2012/03/17 16:04:04 | 000,000,000 | ---D | C] -- C:\Program Files\Online Services

[2012/03/17 16:04:04 | 000,000,000 | ---D | C] -- C:\Program Files\Nitro PDF

[2012/03/17 16:04:04 | 000,000,000 | ---D | C] -- C:\Program Files\NCH Software

[2012/03/17 16:04:04 | 000,000,000 | ---D | C] -- C:\Program Files\BearFlix

[2012/03/17 16:04:02 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft Games

[2012/03/17 16:03:34 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Babylon

[2012/03/13 22:27:07 | 000,000,000 | ---D | C] -- C:\Program Files\TuneUpMedia(2)

[2012/03/13 22:26:44 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\TuneUpMedia(2)

[3 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]

[1263 C:\WINDOWS\System32\dllcache\*.tmp files -> C:\WINDOWS\System32\dllcache\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2012/03/18 15:56:00 | 000,000,430 | -H-- | M] () -- C:\WINDOWS\tasks\User_Feed_Synchronization-{3D21ED30-8301-4C6F-8979-CA64B5D7EF82}.job

[2012/03/18 14:30:42 | 000,013,646 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl

[2012/03/18 14:29:56 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat

[2012/03/18 14:29:54 | 3220,557,824 | -HS- | M] () -- C:\hiberfil.sys

[2012/03/18 14:25:32 | 000,594,432 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\ffffffff\Desktop\OTL.exe

[2012/03/18 14:19:02 | 000,123,392 | ---- | M] () -- C:\Documents and Settings\ffffffff\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini

[2012/03/18 13:00:02 | 001,219,072 | ---- | M] () -- C:\Documents and Settings\ffffffff\Desktop\RogueKiller.exe

[2012/03/18 12:56:08 | 000,879,700 | ---- | M] () -- C:\Documents and Settings\ffffffff\Desktop\SecurityCheck.exe

[2012/03/18 12:51:33 | 000,781,383 | ---- | M] () -- C:\Documents and Settings\ffffffff\Desktop\RSIT.exe

[2012/03/18 12:48:53 | 000,000,611 | ---- | M] () -- C:\Documents and Settings\ffffffff\Desktop\NTREGOPT.lnk

[2012/03/18 12:48:53 | 000,000,592 | ---- | M] () -- C:\Documents and Settings\ffffffff\Desktop\ERUNT.lnk

[2012/03/18 11:51:23 | 000,002,335 | ---- | M] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Adobe Acrobat Speed Launcher.lnk

[2012/03/18 11:33:25 | 000,001,324 | ---- | M] () -- C:\WINDOWS\System32\d3d9caps.dat

[2012/03/17 21:08:35 | 000,000,027 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts

[2012/03/17 21:00:01 | 000,000,327 | RHS- | M] () -- C:\boot.ini

[2012/03/17 20:00:07 | 000,002,625 | ---- | M] () -- C:\WINDOWS\System32\CONFIG.NT

[2012/03/17 17:47:38 | 004,438,697 | R--- | M] (Swearware) -- C:\Documents and Settings\ffffffff\Desktop\ComboFix.exe

[2012/03/17 17:32:33 | 000,000,211 | ---- | M] () -- C:\Boot.bak

[2012/03/17 17:21:41 | 000,299,640 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT

[2012/03/17 17:01:16 | 000,001,374 | ---- | M] () -- C:\WINDOWS\imsins.BAK

[2012/03/17 16:13:26 | 000,503,200 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat

[2012/03/17 16:13:26 | 000,088,786 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat

[2012/03/10 11:45:22 | 000,060,416 | ---- | M] (Realtek Semiconductor Corp.) -- C:\WINDOWS\ALCFDRTM.VER

[2012/03/06 16:15:19 | 000,041,184 | ---- | M] (AVAST Software) -- C:\WINDOWS\avastSS.scr

[2012/03/06 16:15:14 | 000,201,352 | ---- | M] (AVAST Software) -- C:\WINDOWS\System32\aswBoot.exe

[2012/03/06 16:03:51 | 000,612,184 | ---- | M] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswSnx.sys

[2012/03/06 16:03:38 | 000,337,880 | ---- | M] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswSP.sys

[2012/03/06 16:02:00 | 000,035,672 | ---- | M] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswRdr.sys

[2012/03/06 16:01:53 | 000,053,848 | ---- | M] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswTdi.sys

[2012/03/06 16:01:39 | 000,095,704 | ---- | M] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswmon2.sys

[2012/03/06 16:01:35 | 000,089,048 | ---- | M] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswmon.sys

[2012/03/06 16:01:30 | 000,020,696 | ---- | M] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswFsBlk.sys

[2012/03/06 15:58:29 | 000,024,920 | ---- | M] (AVAST Software) -- C:\WINDOWS\System32\drivers\aavmker4.sys

[2012/02/18 00:06:35 | 000,000,038 | ---- | M] () -- C:\WINDOWS\AviSplitter.INI

[3 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]

[1263 C:\WINDOWS\System32\dllcache\*.tmp files -> C:\WINDOWS\System32\dllcache\*.tmp -> ]

========== Files Created - No Company Name ==========

[2012/03/18 15:23:20 | 000,018,944 | ---- | C] () -- C:\WINDOWS\System32\dllcache\xrxscnui.dll

[2012/03/18 15:23:16 | 000,027,648 | ---- | C] () -- C:\WINDOWS\System32\dllcache\xrxftplt.exe

[2012/03/18 15:12:30 | 000,033,280 | ---- | C] () -- C:\WINDOWS\System32\dllcache\psisrndr.ax

[2012/03/18 15:12:26 | 000,363,520 | ---- | C] () -- C:\WINDOWS\System32\dllcache\psisdecd.dll

[2012/03/18 15:06:51 | 000,056,832 | ---- | C] () -- C:\WINDOWS\System32\dllcache\msdvbnp.ax

[2012/03/18 14:59:18 | 000,165,888 | ---- | C] () -- C:\WINDOWS\System32\dllcache\hpgt53.dll

[2012/03/18 14:59:13 | 000,093,696 | ---- | C] () -- C:\WINDOWS\System32\dllcache\hpgt42.dll

[2012/03/18 14:59:09 | 000,101,376 | ---- | C] () -- C:\WINDOWS\System32\dllcache\hpgt34.dll

[2012/03/18 14:59:04 | 000,089,088 | ---- | C] () -- C:\WINDOWS\System32\dllcache\hpgt33.dll

[2012/03/18 14:58:59 | 000,083,968 | ---- | C] () -- C:\WINDOWS\System32\dllcache\hpgt21.dll

[2012/03/18 14:54:33 | 000,029,768 | ---- | C] () -- C:\WINDOWS\System32\dllcache\divasu.dll

[2012/03/18 14:54:32 | 000,037,962 | ---- | C] () -- C:\WINDOWS\System32\dllcache\divaprop.dll

[2012/03/18 14:54:30 | 000,006,216 | ---- | C] () -- C:\WINDOWS\System32\dllcache\divaci.dll

[2012/03/18 14:47:46 | 000,023,552 | ---- | C] () -- C:\WINDOWS\System32\dllcache\atixbar.sys

[2012/03/18 14:47:45 | 000,026,624 | ---- | C] () -- C:\WINDOWS\System32\dllcache\ativxbar.sys

[2012/03/18 14:47:44 | 000,019,456 | ---- | C] () -- C:\WINDOWS\System32\dllcache\ativttxx.sys

[2012/03/18 14:47:43 | 000,009,472 | ---- | C] () -- C:\WINDOWS\System32\dllcache\ativmdcd.sys

[2012/03/18 14:47:42 | 000,017,152 | ---- | C] () -- C:\WINDOWS\System32\dllcache\atitvsnd.sys

[2012/03/18 14:47:42 | 000,017,152 | ---- | C] () -- C:\WINDOWS\System32\dllcache\atitunep.sys

[2012/03/18 14:47:41 | 000,026,880 | ---- | C] () -- C:\WINDOWS\System32\dllcache\atirtsnd.sys

[2012/03/18 14:47:40 | 000,049,920 | ---- | C] () -- C:\WINDOWS\System32\dllcache\atirtcap.sys

[2012/03/18 14:47:38 | 000,010,240 | ---- | C] () -- C:\WINDOWS\System32\dllcache\atipcxxx.sys

[2012/03/18 14:47:23 | 000,046,464 | ---- | C] () -- C:\WINDOWS\System32\dllcache\atibt829.sys

[2012/03/18 13:00:01 | 001,219,072 | ---- | C] () -- C:\Documents and Settings\ffffffff\Desktop\RogueKiller.exe

[2012/03/18 12:56:05 | 000,879,700 | ---- | C] () -- C:\Documents and Settings\ffffffff\Desktop\SecurityCheck.exe

[2012/03/18 12:51:31 | 000,781,383 | ---- | C] () -- C:\Documents and Settings\ffffffff\Desktop\RSIT.exe

[2012/03/18 12:48:53 | 000,000,611 | ---- | C] () -- C:\Documents and Settings\ffffffff\Desktop\NTREGOPT.lnk

[2012/03/18 12:48:53 | 000,000,592 | ---- | C] () -- C:\Documents and Settings\ffffffff\Desktop\ERUNT.lnk

[2012/03/18 11:36:08 | 3220,557,824 | -HS- | C] () -- C:\hiberfil.sys

[2012/03/17 21:00:01 | 000,000,211 | ---- | C] () -- C:\Boot.bak

[2012/03/17 20:59:58 | 000,260,272 | RHS- | C] () -- C:\cmldr

[2012/03/17 20:01:22 | 000,000,730 | ---- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Mozilla Firefox.lnk

[2012/03/17 18:51:19 | 000,256,000 | ---- | C] () -- C:\WINDOWS\PEV.exe

[2012/03/17 18:51:19 | 000,208,896 | ---- | C] () -- C:\WINDOWS\MBR.exe

[2012/03/17 18:51:19 | 000,098,816 | ---- | C] () -- C:\WINDOWS\sed.exe

[2012/03/17 18:51:19 | 000,080,412 | ---- | C] () -- C:\WINDOWS\grep.exe

[2012/03/17 18:51:19 | 000,068,096 | ---- | C] () -- C:\WINDOWS\zip.exe

[2012/03/17 17:26:21 | 000,002,335 | ---- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Adobe Acrobat Speed Launcher.lnk

[2012/03/17 17:26:21 | 000,001,808 | ---- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Startup\HP Digital Imaging Monitor.lnk

[2012/03/17 17:26:21 | 000,001,787 | ---- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Windows Search.lnk

[2012/03/17 17:00:45 | 000,001,374 | ---- | C] () -- C:\WINDOWS\imsins.BAK

[2012/02/18 00:06:34 | 000,000,038 | ---- | C] () -- C:\WINDOWS\AviSplitter.INI

[2012/02/14 20:16:16 | 000,003,072 | ---- | C] () -- C:\WINDOWS\System32\iacenc.dll

[2011/12/29 20:45:31 | 000,020,312 | ---- | C] () -- C:\WINDOWS\System32\RegistryDefragBootTime.exe

[2011/11/24 23:27:59 | 000,110,031 | ---- | C] () -- C:\WINDOWS\hpoins08.dat

[2011/11/24 23:27:59 | 000,007,577 | ---- | C] () -- C:\WINDOWS\hpomdl08.dat

[2011/10/27 22:44:26 | 000,180,624 | ---- | C] () -- C:\WINDOWS\System32\Primomonnt.dll

[2011/10/14 22:30:38 | 000,000,288 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\PDF2XL-4-12.TrialData

[2011/10/14 22:30:38 | 000,000,288 | ---- | C] () -- C:\Documents and Settings\ffffffff\Application Data\MSKmisc.dat

[2011/09/23 20:33:52 | 000,346,800 | ---- | C] () -- C:\WINDOWS\System32\SpoonUninstall.exe

[2010/09/18 20:33:00 | 000,123,392 | ---- | C] () -- C:\Documents and Settings\ffffffff\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini

[2010/08/30 22:31:25 | 000,103,090 | ---- | C] () -- C:\WINDOWS\hpoins08.dat.temp

[2010/08/30 22:31:25 | 000,004,445 | ---- | C] () -- C:\WINDOWS\hpomdl08.dat.temp

[2010/08/16 20:25:35 | 000,040,960 | ---- | C] () -- C:\WINDOWS\System32\swsc.exe

[2010/08/15 20:58:44 | 000,000,120 | ---- | C] () -- C:\WINDOWS\Djamevetecof.dat

[2010/08/15 20:58:44 | 000,000,000 | ---- | C] () -- C:\WINDOWS\Mquqitej.bin

[2010/08/14 22:19:18 | 000,016,968 | ---- | C] () -- C:\WINDOWS\System32\drivers\hitmanpro35.sys

[2010/08/13 20:44:37 | 000,001,324 | ---- | C] () -- C:\WINDOWS\System32\d3d9caps.dat

========== Custom Scans ==========

< %ALLUSERSPROFILE%\Application Data\*. >

[2011/10/27 22:42:23 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Adobe

[2011/11/11 21:12:20 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Adobe Systems

[2011/02/01 22:29:56 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Alwil Software

[2011/12/30 00:17:36 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Apple

[2007/01/03 23:21:01 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Apple Computer

[2012/03/17 19:52:39 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\AVAST Software

[2007/12/19 17:39:07 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\AVS4YOU

[2009/01/10 22:25:59 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Azureus

[2012/03/17 16:03:34 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Babylon

[2010/03/31 17:16:01 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Canneverbe Limited

[2007/01/06 18:13:16 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\CyberLink

[2010/01/11 11:40:31 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Decisioneering

[2007/03/18 08:25:54 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Google

[2007/12/25 15:24:56 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Gtek

[2010/08/14 22:43:46 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Hitman Pro

[2012/03/18 11:54:57 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\HitmanPro

[2007/01/03 22:03:31 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\HP

[2011/11/28 21:42:19 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\IObit

[2011/01/30 16:06:12 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Kaspersky Lab Setup Files

[2010/08/25 13:38:10 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Lavasoft

[2009/10/04 20:05:34 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Malwarebytes

[2011/10/17 10:41:55 | 000,000,000 | --SD | M] -- C:\Documents and Settings\All Users\Application Data\Microsoft

[2012/03/17 16:57:01 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Microsoft Help

[2008/12/05 14:33:09 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Motive

[2011/03/03 21:54:15 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\NCH Swift Sound

[2010/06/08 22:30:16 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Nero

[2011/10/27 22:48:50 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Nitro PDF

[2010/04/07 13:15:59 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Oracle

[2010/12/12 12:46:17 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\PC Tools

[2011/10/27 22:30:31 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\regid.1986-12.com.adobe

[2009/10/24 22:53:26 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Skype

[2012/03/17 16:58:26 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy

[2010/01/26 20:53:23 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Sun

[2010/06/23 20:49:03 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Sunbelt

[2012/03/17 17:44:04 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\SUPERAntiSpyware.com

[2007/12/30 18:40:24 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Symantec

[2012/03/17 17:00:21 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\TuneUpMedia

[2012/03/13 22:29:25 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\TuneUpMedia(2)

[2007/01/03 20:38:51 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Windows Genuine Advantage

[2008/02/28 19:01:14 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\WLInstaller

[2009/03/13 13:49:45 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\{00D89592-F643-4D8D-8F0F-AFAE0F14D4C3}

[2010/04/19 08:20:41 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\{429CAD59-35B1-4DBC-BB6D-1DB246563521}

[2009/09/18 16:38:52 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\{755AC846-7372-4AC8-8550-C52491DAA8BD}

[2009/04/13 21:29:08 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\{8CD7F5AF-ECFA-4793-BF40-D8F42DBFF906}

< %ALLUSERSPROFILE%\Application Data\*.exe /s >

[2009/02/04 14:56:14 | 000,075,112 | ---- | M] (GEAR Software, Inc.) -- C:\Documents and Settings\All Users\Application Data\{429CAD59-35B1-4DBC-BB6D-1DB246563521}\x86\DifXInstall32.exe

[2012/01/03 00:37:53 | 000,320,456 | ---- | M] (Adobe Systems Incorporated) -- C:\Documents and Settings\All Users\Application Data\Adobe\Reader\9.4\ARM\23445\AcrobatUpdater.exe

[2012/01/03 00:37:53 | 000,843,712 | ---- | M] (Adobe Systems Incorporated) -- C:\Documents and Settings\All Users\Application Data\Adobe\Reader\9.4\ARM\23445\AdobeARM.exe

[2012/01/03 00:37:53 | 000,320,456 | ---- | M] (Adobe Systems Incorporated) -- C:\Documents and Settings\All Users\Application Data\Adobe\Reader\9.4\ARM\23445\AdobeARMHelper.exe

[2012/01/03 00:37:53 | 000,320,456 | ---- | M] (Adobe Systems Incorporated) -- C:\Documents and Settings\All Users\Application Data\Adobe\Reader\9.4\ARM\23445\ReaderUpdater.exe

[2012/01/03 10:46:15 | 000,345,520 | ---- | M] (Adobe Systems Incorporated) -- C:\Documents and Settings\All Users\Application Data\Adobe\Setup\{AC76BA86-7AD7-1033-7B44-A95000000001}\Setup.exe

[2011/12/08 15:51:08 | 000,073,584 | ---- | M] (Apple Inc.) -- C:\Documents and Settings\All Users\Application Data\Apple Computer\Installer Cache\iTunes 10.5.2.11\SetupAdmin.exe

[2010/07/07 01:46:48 | 000,068,256 | ---- | M] (Kaspersky Lab) -- C:\Documents and Settings\All Users\Application Data\Kaspersky Lab Setup Files\Kaspersky Internet Security 2011 11.0.1.400\English\setup.exe

[2012/02/18 00:54:23 | 009,502,424 | ---- | M] (Malwarebytes Corporation ) -- C:\Documents and Settings\All Users\Application Data\Malwarebytes\Malwarebytes' Anti-Malware\mbam-setup.exe

[2010/12/12 12:06:13 | 038,430,152 | ---- | M] (PC Tools ) -- C:\Documents and Settings\All Users\Application Data\PC Tools\DownloadManager\Spyware Doctor8.0\sdsetup_en_dl.exe

< %APPDATA%\*. >

[2011/11/29 13:27:10 | 000,000,000 | ---D | M] -- C:\Documents and Settings\ffffffff\Application Data\Adobe

[2011/11/13 16:04:19 | 000,000,000 | ---D | M] -- C:\Documents and Settings\ffffffff\Application Data\AdobeUM

[2012/01/02 11:15:10 | 000,000,000 | ---D | M] -- C:\Documents and Settings\ffffffff\Application Data\Apple Computer

[2011/10/27 22:56:10 | 000,000,000 | ---D | M] -- C:\Documents and Settings\ffffffff\Application Data\Cogniview

[2011/10/27 22:47:33 | 000,000,000 | ---D | M] -- C:\Documents and Settings\ffffffff\Application Data\Downloaded Installations

[2011/11/16 12:08:55 | 000,000,000 | ---D | M] -- C:\Documents and Settings\ffffffff\Application Data\HP

[2010/09/18 19:09:13 | 000,000,000 | ---D | M] -- C:\Documents and Settings\ffffffff\Application Data\Identities

[2011/05/19 17:03:44 | 000,000,000 | ---D | M] -- C:\Documents and Settings\ffffffff\Application Data\IObit

[2009/12/20 22:05:56 | 000,000,000 | ---D | M] -- C:\Documents and Settings\ffffffff\Application Data\Macromedia

[2010/10/06 13:18:15 | 000,000,000 | ---D | M] -- C:\Documents and Settings\ffffffff\Application Data\Malwarebytes

[2011/10/27 22:50:23 | 000,000,000 | --SD | M] -- C:\Documents and Settings\ffffffff\Application Data\Microsoft

[2010/09/19 12:21:20 | 000,000,000 | ---D | M] -- C:\Documents and Settings\ffffffff\Application Data\Mozilla

[2011/10/27 22:51:08 | 000,000,000 | ---D | M] -- C:\Documents and Settings\ffffffff\Application Data\Nitro PDF

[2011/10/27 22:46:44 | 000,000,000 | ---D | M] -- C:\Documents and Settings\ffffffff\Application Data\PrimoPDF

[2012/03/18 13:02:58 | 000,000,000 | ---D | M] -- C:\Documents and Settings\ffffffff\Application Data\QuickScan

[2010/10/02 22:26:18 | 000,000,000 | ---D | M] -- C:\Documents and Settings\ffffffff\Application Data\Sun

[2010/10/30 17:54:00 | 000,000,000 | ---D | M] -- C:\Documents and Settings\ffffffff\Application Data\U3

[2012/03/18 13:59:39 | 000,000,000 | ---D | M] -- C:\Documents and Settings\ffffffff\Application Data\vlc

[2010/11/08 15:21:23 | 000,000,000 | ---D | M] -- C:\Documents and Settings\ffffffff\Application Data\WinRAR

< %APPDATA%\*.exe /s >

[2006/12/07 10:45:12 | 000,110,592 | ---- | M] () -- C:\Documents and Settings\ffffffff\Application Data\U3\temp\cleanup.exe

[2006/12/07 10:45:12 | 003,096,576 | -H-- | M] (SanDisk Corporation) -- C:\Documents and Settings\ffffffff\Application Data\U3\temp\Launchpad Removal.exe

< %SYSTEMDRIVE%\*.exe >

< MD5 for: AGP440.SYS >

[2004/08/04 05:00:00 | 018,738,937 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp2.cab:AGP440.sys

[2008/05/19 15:25:19 | 023,852,652 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp3.cab:AGP440.sys

[2008/05/19 15:25:19 | 023,852,652 | ---- | M] () .cab file -- C:\WINDOWS\ServicePackFiles\i386\sp3.cab:AGP440.sys

[2008/04/13 11:36:38 | 000,042,368 | ---- | M] (Microsoft Corporation) MD5=08FD04AA961BDC77FB983F328334E3D7 -- C:\WINDOWS\ERDNT\cache\agp440.sys

[2008/04/13 11:36:38 | 000,042,368 | ---- | M] (Microsoft Corporation) MD5=08FD04AA961BDC77FB983F328334E3D7 -- C:\WINDOWS\ServicePackFiles\i386\agp440.sys

[2008/04/13 11:36:38 | 000,042,368 | ---- | M] (Microsoft Corporation) MD5=08FD04AA961BDC77FB983F328334E3D7 -- C:\WINDOWS\system32\dllcache\agp440.sys

[2008/04/13 11:36:38 | 000,042,368 | ---- | M] (Microsoft Corporation) MD5=08FD04AA961BDC77FB983F328334E3D7 -- C:\WINDOWS\system32\drivers\agp440.sys

< MD5 for: ATAPI.SYS >

[2004/08/04 05:00:00 | 018,738,937 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp2.cab:atapi.sys

[2008/05/19 15:25:19 | 023,852,652 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp3.cab:atapi.sys

[2008/05/19 15:25:19 | 023,852,652 | ---- | M] () .cab file -- C:\WINDOWS\ServicePackFiles\i386\sp3.cab:atapi.sys

[2008/04/13 11:40:30 | 000,096,512 | ---- | M] (Microsoft Corporation) MD5=9F3A2F5AA6875C72BF062C712CFA2674 -- C:\WINDOWS\ERDNT\cache\atapi.sys

[2008/04/13 11:40:30 | 000,096,512 | ---- | M] (Microsoft Corporation) MD5=9F3A2F5AA6875C72BF062C712CFA2674 -- C:\WINDOWS\ServicePackFiles\i386\atapi.sys

[2008/04/13 11:40:30 | 000,096,512 | ---- | M] (Microsoft Corporation) MD5=9F3A2F5AA6875C72BF062C712CFA2674 -- C:\WINDOWS\system32\dllcache\atapi.sys

[2008/04/13 11:40:30 | 000,096,512 | ---- | M] (Microsoft Corporation) MD5=9F3A2F5AA6875C72BF062C712CFA2674 -- C:\WINDOWS\system32\drivers\atapi.sys

[2004/08/04 05:00:00 | 000,095,360 | ---- | M] (Microsoft Corporation) MD5=CDFE4411A69C224BD1D11B2DA92DAC51 -- C:\WINDOWS\$NtServicePackUninstall$\atapi.sys

[2004/08/04 05:00:00 | 000,095,360 | ---- | M] (Microsoft Corporation) MD5=CDFE4411A69C224BD1D11B2DA92DAC51 -- C:\WINDOWS\system32\ReinstallBackups\0001\DriverFiles\i386\atapi.sys

[2004/08/04 05:00:00 | 000,095,360 | ---- | M] (Microsoft Corporation) MD5=CDFE4411A69C224BD1D11B2DA92DAC51 -- C:\WINDOWS\system32\ReinstallBackups\0002\DriverFiles\i386\atapi.sys

< MD5 for: ATI1RVXX.SYS >

[2004/08/04 05:00:00 | 018,738,937 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp2.cab:ati1rvxx.sys

[2008/05/19 15:25:19 | 023,852,652 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp3.cab:ati1rvxx.sys

[2008/05/19 15:25:19 | 023,852,652 | ---- | M] () .cab file -- C:\WINDOWS\ServicePackFiles\i386\sp3.cab:ati1rvxx.sys

[2004/08/03 22:29:32 | 000,063,663 | ---- | M] (ATI Technologies Inc.) MD5=BCAF267B10620F8C93F6E87AB726E145 -- C:\WINDOWS\ServicePackFiles\i386\ati1rvxx.sys

[2004/08/03 22:29:32 | 000,063,663 | ---- | M] (ATI Technologies Inc.) MD5=BCAF267B10620F8C93F6E87AB726E145 -- C:\WINDOWS\system32\dllcache\ati1rvxx.sys

[2004/08/03 22:29:32 | 000,063,663 | ---- | M] (ATI Technologies Inc.) MD5=BCAF267B10620F8C93F6E87AB726E145 -- C:\WINDOWS\system32\drivers\ati1rvxx.sys

< MD5 for: ATI2MTAA.SYS >

[2004/08/04 05:00:00 | 018,738,937 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp2.cab:ati2mtaa.sys

[2008/05/19 15:25:19 | 023,852,652 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp3.cab:ati2mtaa.sys

[2008/05/19 15:25:19 | 023,852,652 | ---- | M] () .cab file -- C:\WINDOWS\ServicePackFiles\i386\sp3.cab:ati2mtaa.sys

[2004/08/03 22:29:28 | 000,327,040 | ---- | M] (ATI Technologies Inc.) MD5=2D030C2F6B036CA0BC243E1B16D924D1 -- C:\WINDOWS\ServicePackFiles\i386\ati2mtaa.sys

[2004/08/03 22:29:28 | 000,327,040 | ---- | M] (ATI Technologies Inc.) MD5=2D030C2F6B036CA0BC243E1B16D924D1 -- C:\WINDOWS\system32\dllcache\ati2mtaa.sys

[2004/08/03 22:29:28 | 000,327,040 | ---- | M] (ATI Technologies Inc.) MD5=2D030C2F6B036CA0BC243E1B16D924D1 -- C:\WINDOWS\system32\drivers\ati2mtaa.sys

< MD5 for: ATINXSXX.SYS >

[2004/08/04 05:00:00 | 018,738,937 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp2.cab:atinxsxx.sys

[2008/05/19 15:25:19 | 023,852,652 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp3.cab:atinxsxx.sys

[2008/05/19 15:25:19 | 023,852,652 | ---- | M] () .cab file -- C:\WINDOWS\ServicePackFiles\i386\sp3.cab:atinxsxx.sys

[2004/08/03 22:29:32 | 000,063,488 | ---- | M] (ATI Technologies Inc.) MD5=77B575D7AAB35D5908AE6CE681608D62 -- C:\WINDOWS\ServicePackFiles\i386\atinxsxx.sys

[2004/08/03 22:29:32 | 000,063,488 | ---- | M] (ATI Technologies Inc.) MD5=77B575D7AAB35D5908AE6CE681608D62 -- C:\WINDOWS\system32\dllcache\atinxsxx.sys

[2004/08/03 22:29:32 | 000,063,488 | ---- | M] (ATI Technologies Inc.) MD5=77B575D7AAB35D5908AE6CE681608D62 -- C:\WINDOWS\system32\drivers\atinxsxx.sys

< MD5 for: BEEP.SYS >

[2004/08/04 05:00:00 | 000,004,224 | ---- | M] (Microsoft Corporation) MD5=DA1F27D85E0D1525F6621372E7B685E9 -- C:\WINDOWS\ERDNT\cache\beep.sys

[2004/08/04 05:00:00 | 000,004,224 | ---- | M] (Microsoft Corporation) MD5=DA1F27D85E0D1525F6621372E7B685E9 -- C:\WINDOWS\system32\dllcache\beep.sys

[2004/08/04 05:00:00 | 000,004,224 | ---- | M] (Microsoft Corporation) MD5=DA1F27D85E0D1525F6621372E7B685E9 -- C:\WINDOWS\system32\drivers\beep.sys

< MD5 for: EVENTLOG.DLL >

[2008/04/13 17:11:53 | 000,056,320 | ---- | M] (Microsoft Corporation) MD5=6D4FEB43EE538FC5428CC7F0565AA656 -- C:\WINDOWS\ERDNT\cache\eventlog.dll

[2008/04/13 17:11:53 | 000,056,320 | ---- | M] (Microsoft Corporation) MD5=6D4FEB43EE538FC5428CC7F0565AA656 -- C:\WINDOWS\ServicePackFiles\i386\eventlog.dll

[2008/04/13 17:11:53 | 000,056,320 | ---- | M] (Microsoft Corporation) MD5=6D4FEB43EE538FC5428CC7F0565AA656 -- C:\WINDOWS\system32\dllcache\eventlog.dll

[2008/04/13 17:11:53 | 000,056,320 | ---- | M] (Microsoft Corporation) MD5=6D4FEB43EE538FC5428CC7F0565AA656 -- C:\WINDOWS\system32\eventlog.dll

[2004/08/04 05:00:00 | 000,055,808 | ---- | M] (Microsoft Corporation) MD5=82B24CB70E5944E6E34662205A2A5B78 -- C:\WINDOWS\$NtServicePackUninstall$\eventlog.dll

< MD5 for: MTLSTRM.SYS >

[2004/08/04 05:00:00 | 018,738,937 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp2.cab:mtlstrm.sys

[2008/05/19 15:25:19 | 023,852,652 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp3.cab:mtlstrm.sys

[2008/05/19 15:25:19 | 023,852,652 | ---- | M] () .cab file -- C:\WINDOWS\ServicePackFiles\i386\sp3.cab:mtlstrm.sys

[2004/08/03 22:41:38 | 001,309,184 | ---- | M] (Smart Link) MD5=54886A652BF5685192141DF304E923FD -- C:\WINDOWS\ServicePackFiles\i386\mtlstrm.sys

[2004/08/03 22:41:38 | 001,309,184 | ---- | M] (Smart Link) MD5=54886A652BF5685192141DF304E923FD -- C:\WINDOWS\system32\dllcache\mtlstrm.sys

[2004/08/03 22:41:38 | 001,309,184 | ---- | M] (Smart Link) MD5=54886A652BF5685192141DF304E923FD -- C:\WINDOWS\system32\drivers\mtlstrm.sys

< MD5 for: NETLOGON.DLL >

[2008/04/13 17:12:01 | 000,407,040 | ---- | M] (Microsoft Corporation) MD5=1B7F071C51B77C272875C3A23E1E4550 -- C:\WINDOWS\ERDNT\cache\netlogon.dll

[2008/04/13 17:12:01 | 000,407,040 | ---- | M] (Microsoft Corporation) MD5=1B7F071C51B77C272875C3A23E1E4550 -- C:\WINDOWS\ServicePackFiles\i386\netlogon.dll

[2008/04/13 17:12:01 | 000,407,040 | ---- | M] (Microsoft Corporation) MD5=1B7F071C51B77C272875C3A23E1E4550 -- C:\WINDOWS\system32\dllcache\netlogon.dll

[2008/04/13 17:12:01 | 000,407,040 | ---- | M] (Microsoft Corporation) MD5=1B7F071C51B77C272875C3A23E1E4550 -- C:\WINDOWS\system32\netlogon.dll

[2004/08/04 05:00:00 | 000,407,040 | ---- | M] (Microsoft Corporation) MD5=96353FCECBA774BB8DA74A1C6507015A -- C:\WINDOWS\$NtServicePackUninstall$\netlogon.dll

< MD5 for: NVATABUS.SYS >

[2010/08/13 21:50:25 | 000,079,360 | ---- | M] (NVIDIA Corporation) MD5=46DEED4C6C5FA765F9A2C723BE60348D -- C:\WINDOWS\system32\drivers\NVATABUS.SYS

< MD5 for: SCECLI.DLL >

[2004/08/04 05:00:00 | 000,180,224 | ---- | M] (Microsoft Corporation) MD5=0F78E27F563F2AAF74B91A49E2ABF19A -- C:\WINDOWS\$NtServicePackUninstall$\scecli.dll

[2008/04/13 17:12:05 | 000,181,248 | ---- | M] (Microsoft Corporation) MD5=A86BB5E61BF3E39B62AB4C7E7085A084 -- C:\WINDOWS\ERDNT\cache\scecli.dll

[2008/04/13 17:12:05 | 000,181,248 | ---- | M] (Microsoft Corporation) MD5=A86BB5E61BF3E39B62AB4C7E7085A084 -- C:\WINDOWS\ServicePackFiles\i386\scecli.dll

[2008/04/13 17:12:05 | 000,181,248 | ---- | M] (Microsoft Corporation) MD5=A86BB5E61BF3E39B62AB4C7E7085A084 -- C:\WINDOWS\system32\dllcache\scecli.dll

[2008/04/13 17:12:05 | 000,181,248 | ---- | M] (Microsoft Corporation) MD5=A86BB5E61BF3E39B62AB4C7E7085A084 -- C:\WINDOWS\system32\scecli.dll

< MD5 for: SLNT7554.SYS >

[2004/08/04 05:00:00 | 018,738,937 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp2.cab:slnt7554.sys

[2008/05/19 15:25:19 | 023,852,652 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp3.cab:slnt7554.sys

[2008/05/19 15:25:19 | 023,852,652 | ---- | M] () .cab file -- C:\WINDOWS\ServicePackFiles\i386\sp3.cab:slnt7554.sys

[2004/08/03 22:41:42 | 000,129,535 | ---- | M] (Smart Link) MD5=D9673011648A71ED1E1F77B831BC85E6 -- C:\WINDOWS\ServicePackFiles\i386\slnt7554.sys

[2004/08/03 22:41:42 | 000,129,535 | ---- | M] (Smart Link) MD5=D9673011648A71ED1E1F77B831BC85E6 -- C:\WINDOWS\system32\dllcache\slnt7554.sys

[2004/08/03 22:41:42 | 000,129,535 | ---- | M] (Smart Link) MD5=D9673011648A71ED1E1F77B831BC85E6 -- C:\WINDOWS\system32\drivers\slnt7554.sys

< MD5 for: USERINIT.EXE >

[2004/08/04 05:00:00 | 000,024,576 | ---- | M] (Microsoft Corporation) MD5=39B1FFB03C2296323832ACBAE50D2AFF -- C:\WINDOWS\$NtServicePackUninstall$\userinit.exe

[2008/04/13 17:12:38 | 000,026,112 | ---- | M] (Microsoft Corporation) MD5=A93AEE1928A9D7CE3E16D24EC7380F89 -- C:\WINDOWS\ERDNT\cache\userinit.exe

[2008/04/13 17:12:38 | 000,026,112 | ---- | M] (Microsoft Corporation) MD5=A93AEE1928A9D7CE3E16D24EC7380F89 -- C:\WINDOWS\ServicePackFiles\i386\userinit.exe

[2008/04/13 17:12:38 | 000,026,112 | ---- | M] (Microsoft Corporation) MD5=A93AEE1928A9D7CE3E16D24EC7380F89 -- C:\WINDOWS\system32\dllcache\userinit.exe

[2008/04/13 17:12:38 | 000,026,112 | ---- | M] (Microsoft Corporation) MD5=A93AEE1928A9D7CE3E16D24EC7380F89 -- C:\WINDOWS\system32\userinit.exe

< %systemroot%\system32\drivers\*.sys /lockedfiles >

[2011/07/31 17:27:03 | 000,436,792 | ---- | M] () Unable to obtain MD5 -- C:\WINDOWS\system32\drivers\sptd.sys

< %systemroot%\System32\config\*.sav >

[2006/12/29 10:41:53 | 000,094,208 | ---- | M] () -- C:\WINDOWS\System32\config\default.sav

[2006/12/29 10:41:53 | 000,634,880 | ---- | M] () -- C:\WINDOWS\System32\config\software.sav

[2006/12/29 10:41:52 | 000,884,736 | ---- | M] () -- C:\WINDOWS\System32\config\system.sav

< %systemroot%\*. /mp /s >

< %systemroot%\system32\*.dll /lockedfiles >

< End of report >

Link to post
Share on other sites

Your logs showed some peer-to-peer filesharing apps: Azureus Remove (de-install) Azurues & any other P-2-P programs. Such filesharing/downloading from unknown sources is one of the leading causes of transmission of malware.

Risks of File-Sharing Technology.

P2P file sharing: Know the risks

I need positive confirmation that Azureus & any other such app is removed !

Step 2

Turn OFF SUPERAntiSpyware so it does not start with Windows startup.

Step 3

To disable CD Emulation programs using DeFogger please perform these steps:

Please download >> DeFogger <<and Save it to your Desktop.

  • Once downloaded, double-click on the DeFogger icon to start the tool.
  • The application window will appear.
  • You should now click on the Disable button to disable your CD Emulation drivers.
  • When it prompts you whether or not you want to continue, please click on the Yes button to continue.
  • When the program has completed you will see a Finished! message. Click on the OK button to exit the program.
  • If CD Emulation programs are present and have been disabled, DeFogger will now ask you to reboot the machine. Please allow it to do so by
    clicking on the OK button.

Step 4

Turn OFF Avast so it does not interfere with fixes.

How To Temporarily Disable Your Anti-virus, Firewall And Anti-malware Programs

Leave the firewall on.

Step 5

Download to your Desktop FixPolicies.exe, by Bill Castner, MS-MVP, a self-extracting ZIP archive from

>>> here <<<

  • Double-click FixPolicies.exe.
  • Click the "Install" button on the bottom toolbar of the box that will open.
  • The program will create a new Folder called FixPolicies.
  • Double-click to Open the new Folder, and then double-click the file within: Fix_Policies.cmd.
  • A black box will briefly appear and then close.
  • This fix may prove temporary. Active malware may revert these changes at your next startup. You can safely run the utility again.

Step 6

1. Close any open browsers.

2. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

3. Open Notepad and copy/paste the text in the quotebox below into it (ALL the lines including the blank ones):

KILLALL::

FCopy::

c:\windows\ServicePackFiles\i386\explorer.exe | C:\windows\explorer.exe

c:\windows\ServicePackFiles\i386\explorer.exe | c:\windows\system32\dllcache\explorer.exe

c:\windows\ServicePackFiles\i386\winlogon.exe | C:\windows\system32\winlogon.exe

c:\windows\ServicePackFiles\i386\winlogon.exe | c:\windows\system32\dllcache\winlogon.exe

Save this as CFScript.txt, to your DESKTOP

CFScriptB-4.gif

Refering to the picture above, drag CFScript into ComboFix.exe

Have infinite patience while Combofix runs. Do not run any other jobs. Wait for Combofix to finish.

When finished, it shall produce a log for you at C:\ComboFix.txt which I will require in your next reply.

Edited by Maurice Naggar
Link to post
Share on other sites

ComboFix 12-03-17.01 - ffffffff 03/19/2012 20:18:02.3.1 - x86

Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.3071.2508 [GMT -7:00]

Running from: c:\documents and settings\ffffffff\Desktop\ComboFix.exe

Command switches used :: c:\documents and settings\ffffffff\Desktop\CFScript.txt

AV: avast! Antivirus *Disabled/Updated* {7591DB91-41F0-48A3-B128-1A293FD8233D}

AV: Microsoft Security Essentials *Enabled/Updated* {BCF43643-A118-4432-AEDE-D861FCBCFCDF}

.

ADS - WINDOWS: deleted 0 bytes in 1 streams.

.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))

.

.

.

--------------- FCopy ---------------

.

c:\windows\ServicePackFiles\i386\explorer.exe --> c:\windows\explorer.exe

c:\windows\ServicePackFiles\i386\explorer.exe --> c:\windows\system32\dllcache\explorer.exe

c:\windows\ServicePackFiles\i386\winlogon.exe --> c:\windows\system32\winlogon.exe

c:\windows\ServicePackFiles\i386\winlogon.exe --> c:\windows\system32\dllcache\winlogon.exe

.

((((((((((((((((((((((((( Files Created from 2012-02-20 to 2012-03-20 )))))))))))))))))))))))))))))))

.

.

2012-03-18 23:40 . 2012-03-18 23:40 -------- d-----w- c:\program files\Common Files\Java

2012-03-18 23:39 . 2012-03-18 23:39 73728 ----a-w- c:\windows\system32\javacpl.cpl

2012-03-18 22:21 . 2001-08-17 19:13 19016 -c--a-w- c:\windows\system32\dllcache\w926nd.sys

2012-03-18 22:20 . 2001-08-17 20:28 794654 -c--a-w- c:\windows\system32\dllcache\usr1801.sys

2012-03-18 22:19 . 2001-08-18 05:36 525568 -c--a-w- c:\windows\system32\dllcache\tridxp.dll

2012-03-18 22:18 . 2001-08-17 19:13 37961 -c--a-w- c:\windows\system32\dllcache\tdk100b.sys

2012-03-18 22:17 . 2001-08-18 05:36 155648 -c--a-w- c:\windows\system32\dllcache\stlnprop.dll

2012-03-18 22:16 . 2001-08-17 19:51 58368 -c--a-w- c:\windows\system32\dllcache\smiminib.sys

2012-03-18 22:15 . 2001-08-18 05:36 238592 -c--a-w- c:\windows\system32\dllcache\sisgrv.dll

2012-03-18 22:14 . 2001-08-17 20:51 17280 -c--a-w- c:\windows\system32\dllcache\scr111.sys

2012-03-18 22:13 . 2001-08-17 20:57 65664 -c--a-w- c:\windows\system32\dllcache\s3legacy.sys

2012-03-18 22:12 . 2001-08-17 20:52 49024 -c--a-w- c:\windows\system32\dllcache\ql1280.sys

2012-03-18 22:11 . 2001-08-17 21:07 19840 -c--a-w- c:\windows\system32\dllcache\philtune.sys

2012-03-18 22:10 . 2001-08-18 05:36 39424 -c--a-w- c:\windows\system32\dllcache\ovcoms.exe

2012-03-18 22:09 . 2001-08-17 19:49 51552 -c--a-w- c:\windows\system32\dllcache\ntgrip.sys

2012-03-18 22:09 . 2001-08-17 20:47 9344 -c--a-w- c:\windows\system32\dllcache\ntapm.sys

2012-03-18 22:09 . 2001-08-17 20:53 7552 -c--a-w- c:\windows\system32\dllcache\nsmmc.sys

2012-03-18 22:09 . 2008-04-13 18:54 28672 -c--a-w- c:\windows\system32\dllcache\nscirda.sys

2012-03-18 22:09 . 2001-08-17 19:20 87040 -c--a-w- c:\windows\system32\dllcache\nm6wdm.sys

2012-03-18 22:09 . 2001-08-17 19:20 126080 -c--a-w- c:\windows\system32\dllcache\nm5a2wdm.sys

2012-03-18 22:09 . 2001-08-17 19:12 32840 -c--a-w- c:\windows\system32\dllcache\ngrpci.sys

2012-03-18 22:09 . 2004-08-04 05:31 132695 -c--a-w- c:\windows\system32\dllcache\netwlan5.sys

2012-03-18 22:09 . 2001-08-17 19:11 65278 -c--a-w- c:\windows\system32\dllcache\netflx3.sys

2012-03-18 22:09 . 2001-08-17 19:50 39264 -c--a-w- c:\windows\system32\dllcache\neo20xx.sys

2012-03-18 22:09 . 2001-08-18 05:36 60480 -c--a-w- c:\windows\system32\dllcache\neo20xx.dll

2012-03-18 22:07 . 2001-08-17 19:50 103296 -c--a-w- c:\windows\system32\dllcache\mtxvideo.sys

2012-03-18 22:07 . 2008-04-13 18:39 5504 -c--a-w- c:\windows\system32\dllcache\mstee.sys

2012-03-18 22:07 . 2008-04-13 18:46 49024 -c--a-w- c:\windows\system32\dllcache\mstape.sys

2012-03-18 22:07 . 2001-08-17 20:48 12416 -c--a-w- c:\windows\system32\dllcache\msriffwv.sys

2012-03-18 22:07 . 2008-04-13 18:54 22016 -c--a-w- c:\windows\system32\dllcache\msircomm.sys

2012-03-18 22:06 . 2001-08-17 21:02 35200 -c--a-w- c:\windows\system32\dllcache\msgame.sys

2012-03-18 22:06 . 2001-08-17 20:48 6016 -c--a-w- c:\windows\system32\dllcache\msfsio.sys

2012-03-18 22:06 . 2008-04-13 18:46 51200 -c--a-w- c:\windows\system32\dllcache\msdv.sys

2012-03-18 22:06 . 2001-08-17 20:52 17280 -c--a-w- c:\windows\system32\dllcache\mraid35x.sys

2012-03-18 22:06 . 2008-04-13 18:46 15232 -c--a-w- c:\windows\system32\dllcache\mpe.sys

2012-03-18 22:06 . 2001-08-17 20:57 16128 -c--a-w- c:\windows\system32\dllcache\modemcsa.sys

2012-03-18 22:06 . 2001-08-17 20:52 6528 -c--a-w- c:\windows\system32\dllcache\miniqic.sys

2012-03-18 22:06 . 2001-08-17 19:50 320384 -c--a-w- c:\windows\system32\dllcache\mgaum.sys

2012-03-18 22:04 . 2001-08-17 20:28 727786 -c--a-w- c:\windows\system32\dllcache\ltck000c.sys

2012-03-18 22:04 . 2001-08-17 20:53 4992 -c--a-w- c:\windows\system32\dllcache\loop.sys

2012-03-18 22:04 . 2001-08-17 19:12 70730 -c--a-w- c:\windows\system32\dllcache\lne100tx.sys

2012-03-18 22:04 . 2001-08-17 19:12 20573 -c--a-w- c:\windows\system32\dllcache\lne100.sys

2012-03-18 22:04 . 2001-08-17 19:11 25065 -c--a-w- c:\windows\system32\dllcache\lmndis3.sys

2012-03-18 22:04 . 2001-08-17 20:51 15744 -c--a-w- c:\windows\system32\dllcache\lit220p.sys

2012-03-18 22:04 . 2001-08-17 19:12 26442 -c--a-w- c:\windows\system32\dllcache\lanepic5.sys

2012-03-18 22:04 . 2001-08-17 19:12 19016 -c--a-w- c:\windows\system32\dllcache\ktc111.sys

2012-03-18 22:04 . 2001-08-18 05:36 37376 -c--a-w- c:\windows\system32\dllcache\kousd.dll

2012-03-18 22:04 . 2008-04-14 00:11 253952 -c--a-w- c:\windows\system32\dllcache\kdsusd.dll

2012-03-18 22:04 . 2008-04-14 00:11 48640 -c--a-w- c:\windows\system32\dllcache\kdsui.dll

2012-03-18 22:02 . 2001-08-17 19:12 45632 -c--a-w- c:\windows\system32\dllcache\ip5515.sys

2012-03-18 22:02 . 2001-08-18 05:36 90200 -c--a-w- c:\windows\system32\dllcache\io8ports.dll

2012-03-18 22:02 . 2001-08-17 20:50 38784 -c--a-w- c:\windows\system32\dllcache\io8.sys

2012-03-18 22:02 . 2008-04-13 18:40 5504 -c--a-w- c:\windows\system32\dllcache\intelide.sys

2012-03-18 22:02 . 2001-08-17 20:47 13056 -c--a-w- c:\windows\system32\dllcache\inport.sys

2012-03-18 22:02 . 2001-08-17 20:52 16000 -c--a-w- c:\windows\system32\dllcache\ini910u.sys

2012-03-18 22:01 . 2001-08-18 05:36 372824 -c--a-w- c:\windows\system32\dllcache\iconf32.dll

2012-03-18 22:01 . 2001-08-17 21:06 100992 -c--a-w- c:\windows\system32\dllcache\icam5usb.sys

2012-03-18 22:01 . 2001-08-18 05:36 20480 -c--a-w- c:\windows\system32\dllcache\icam5ext.dll

2012-03-18 22:01 . 2001-08-18 05:36 45056 -c--a-w- c:\windows\system32\dllcache\icam5com.dll

2012-03-18 22:01 . 2001-08-17 21:06 154496 -c--a-w- c:\windows\system32\dllcache\icam4usb.sys

2012-03-18 22:01 . 2001-08-18 05:36 61952 -c--a-w- c:\windows\system32\dllcache\icam4ext.dll

2012-03-18 22:01 . 2001-08-18 05:36 91136 -c--a-w- c:\windows\system32\dllcache\icam4com.dll

2012-03-18 22:01 . 2001-08-18 05:36 26624 -c--a-w- c:\windows\system32\dllcache\icam3ext.dll

2012-03-18 22:01 . 2001-08-17 21:05 141056 -c--a-w- c:\windows\system32\dllcache\icam3.sys

2012-03-18 22:01 . 2001-08-17 21:06 38528 -c--a-w- c:\windows\system32\dllcache\ibmvcap.sys

2012-03-18 22:01 . 2001-08-17 19:12 109085 -c--a-w- c:\windows\system32\dllcache\ibmtrp.sys

2012-03-18 22:01 . 2001-08-17 19:12 100936 -c--a-w- c:\windows\system32\dllcache\ibmtok.sys

2012-03-18 21:59 . 2001-08-17 20:28 391199 -c--a-w- c:\windows\system32\dllcache\hsf_k56k.sys

2012-03-18 21:58 . 2001-08-18 05:36 83968 -c--a-w- c:\windows\system32\dllcache\hpgt21.dll

2012-03-18 21:57 . 2001-08-18 05:36 92160 -c--a-w- c:\windows\system32\dllcache\fuusd.dll

2012-03-18 21:56 . 2001-08-17 19:12 16998 -c--a-w- c:\windows\system32\dllcache\ex10.sys

2012-03-18 21:55 . 2001-08-17 19:10 19996 -c--a-w- c:\windows\system32\dllcache\em556n4.sys

2012-03-18 21:54 . 2001-08-17 21:07 20192 -c--a-w- c:\windows\system32\dllcache\dpti2o.sys

2012-03-18 21:53 . 2001-08-18 05:36 419357 -c--a-w- c:\windows\system32\dllcache\dgconfig.dll

2012-03-18 21:52 . 2001-08-17 19:19 42112 -c--a-w- c:\windows\system32\dllcache\crtaud.sys

2012-03-18 21:51 . 2001-08-17 19:13 27164 -c--a-w- c:\windows\system32\dllcache\ce3n5.sys

2012-03-18 21:48 . 2001-08-17 20:51 13824 -c--a-w- c:\windows\system32\dllcache\bulltlp3.sys

2012-03-18 21:47 . 2001-08-18 05:36 87552 -c--a-w- c:\windows\system32\dllcache\avmcoxp.dll

2012-03-18 21:46 . 2001-08-17 20:47 6272 -c--a-w- c:\windows\system32\dllcache\apmbatt.sys

2012-03-18 21:46 . 2004-08-04 05:31 36224 -c--a-w- c:\windows\system32\dllcache\an983.sys

2012-03-18 21:46 . 2001-08-17 20:52 12032 -c--a-w- c:\windows\system32\dllcache\amsint.sys

2012-03-18 21:46 . 2001-08-17 19:11 16969 -c--a-w- c:\windows\system32\dllcache\amb8002.sys

2012-03-18 21:46 . 2001-08-17 20:51 5248 -c--a-w- c:\windows\system32\dllcache\aliide.sys

2012-03-18 21:46 . 2001-08-17 20:49 26624 -c--a-w- c:\windows\system32\dllcache\alifir.sys

2012-03-18 21:46 . 2001-08-17 19:11 27678 -c--a-w- c:\windows\system32\dllcache\ali5261.sys

2012-03-18 21:46 . 2001-08-17 21:07 56960 -c--a-w- c:\windows\system32\dllcache\aic78xx.sys

2012-03-18 21:46 . 2001-08-17 21:07 55168 -c--a-w- c:\windows\system32\dllcache\aic78u2.sys

2012-03-18 21:46 . 2001-08-17 20:52 12800 -c--a-w- c:\windows\system32\dllcache\aha154x.sys

2012-03-18 21:20 . 2012-03-18 21:20 -------- d-----w- c:\program files\HitmanPro

2012-03-18 20:02 . 2012-03-18 20:02 -------- d-----w- c:\documents and settings\ffffffff\Application Data\QuickScan

2012-03-18 19:52 . 2012-03-18 19:53 -------- d-----w- c:\program files\trend micro

2012-03-18 19:52 . 2012-03-18 19:53 -------- d-----w- C:\rsit

2012-03-18 19:48 . 2012-03-18 19:49 -------- d-----w- c:\program files\ERUNT

2012-03-18 18:54 . 2012-03-18 18:54 -------- d-----w- c:\documents and settings\All Users\Application Data\HitmanPro

2012-03-18 02:53 . 2012-03-06 23:03 337880 ----a-w- c:\windows\system32\drivers\aswSP.sys

2012-03-18 02:53 . 2012-03-06 23:01 20696 ----a-w- c:\windows\system32\drivers\aswFsBlk.sys

2012-03-18 02:53 . 2012-03-06 23:02 35672 ----a-w- c:\windows\system32\drivers\aswRdr.sys

2012-03-18 02:53 . 2012-03-06 23:01 53848 ----a-w- c:\windows\system32\drivers\aswTdi.sys

2012-03-18 02:53 . 2012-03-06 23:03 612184 ----a-w- c:\windows\system32\drivers\aswSnx.sys

2012-03-18 02:53 . 2012-03-06 23:01 95704 ----a-w- c:\windows\system32\drivers\aswmon2.sys

2012-03-18 02:53 . 2012-03-06 23:01 89048 ----a-w- c:\windows\system32\drivers\aswmon.sys

2012-03-18 02:53 . 2012-03-06 22:58 24920 ----a-w- c:\windows\system32\drivers\aavmker4.sys

2012-03-18 02:53 . 2012-03-06 23:15 41184 ----a-w- c:\windows\avastSS.scr

2012-03-18 02:52 . 2012-03-06 23:15 201352 ----a-w- c:\windows\system32\aswBoot.exe

2012-03-18 02:52 . 2012-03-18 02:52 -------- d-----w- c:\program files\AVAST Software

2012-03-18 02:52 . 2012-03-18 02:52 -------- d-----w- c:\documents and settings\All Users\Application Data\AVAST Software

2012-03-18 01:16 . 2012-03-18 01:16 28752 ----a-w- c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{55F9E85C-6E15-494E-87E3-8A989BB2D4F7}\MpKsl0444bcd2.sys

2012-03-18 00:44 . 2012-03-18 00:48 -------- d-----w- c:\program files\SUPERAntiSpyware

2012-03-18 00:44 . 2012-03-18 00:44 -------- d-----w- c:\documents and settings\All Users\Application Data\SUPERAntiSpyware.com

2012-03-17 23:06 . 2012-03-17 23:06 -------- d-----w- c:\windows\system32\wbem\Repository

2012-03-17 23:05 . 2012-03-18 00:00 -------- d-----w- c:\documents and settings\All Users\Application Data\TuneUpMedia

2012-03-17 23:05 . 2012-03-17 23:06 -------- d-----w- c:\program files\TuneUpMedia

2012-03-17 23:03 . 2012-03-17 23:03 -------- d-----w- c:\documents and settings\All Users\Application Data\Babylon

.

.

.

(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2012-03-19 00:54 . 2011-06-28 18:55 414368 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl

2012-03-18 23:39 . 2010-10-02 05:18 472808 ----a-w- c:\windows\system32\deployJava1.dll

2012-03-10 18:45 . 2006-12-30 02:17 60416 -c--a-w- c:\windows\ALCFDRTM.VER

2012-02-03 09:22 . 2004-08-04 12:00 1860096 ----a-w- c:\windows\system32\win32k.sys

2012-01-11 19:06 . 2012-02-15 03:16 3072 ------w- c:\windows\system32\iacenc.dll

2012-01-09 16:20 . 2006-12-30 01:51 139784 ----a-w- c:\windows\system32\drivers\rdpwd.sys

2012-02-19 06:35 . 2011-04-03 04:17 134104 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll

.

.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))

.

.

*Note* empty entries & legit default entries are not shown

REGEDIT4

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\00avast]

@="{472083B0-C522-11CF-8763-00608CC02F24}"

[HKEY_CLASSES_ROOT\CLSID\{472083B0-C522-11CF-8763-00608CC02F24}]

2012-03-06 23:15 123536 ----a-w- c:\program files\AVAST Software\Avast\ashShell.dll

.

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2010-08-10 421888]

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"SoundMan"="SOUNDMAN.EXE" [2004-06-18 67584]

"InCD"="c:\program files\Ahead\InCD\InCD.exe" [2005-07-08 1397760]

"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2012-01-04 37296]

"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-01-02 843712]

"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2010-08-10 421888]

"Acrobat Assistant 7.0"="c:\program files\Adobe\Acrobat 7.0\Distillr\Acrotray.exe" [2008-04-23 483328]

"avast"="c:\program files\AVAST Software\Avast\avastUI.exe" [2012-03-06 4241512]

"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2012-01-18 254696]

.

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]

"DWQueuedReporting"="c:\progra~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" [2010-12-21 519584]

.

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]

"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "c:\program files\SUPERAntiSpyware\SASSEH.DLL" [2011-07-19 113024]

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]

2011-05-04 17:54 551296 ----a-w- c:\program files\SUPERAntiSpyware\SASWINLO.DLL

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]

"mixer"=DrvTrNTm.dll

"wave"=DrvTrNTm.dll

.

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\!SASCORE]

@=""

.

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc]

@="Service"

.

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Adobe Acrobat Speed Launcher.lnk]

path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Adobe Acrobat Speed Launcher.lnk

backup=c:\windows\pss\Adobe Acrobat Speed Launcher.lnkCommon Startup

.

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^HP Digital Imaging Monitor.lnk]

path=c:\documents and settings\All Users\Start Menu\Programs\Startup\HP Digital Imaging Monitor.lnk

backup=c:\windows\pss\HP Digital Imaging Monitor.lnkCommon Startup

.

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Windows Search.lnk]

path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Windows Search.lnk

backup=c:\windows\pss\Windows Search.lnkCommon Startup

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\APSDaemon]

2011-11-02 07:25 59240 ----a-w- c:\program files\Common Files\Apple\Apple Application Support\APSDaemon.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HP Software Update]

2011-05-10 10:41 49208 ----a-w- c:\program files\HP\HP Software Update\hpwuschd2.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]

2011-12-08 09:36 421736 ----a-w- c:\program files\iTunes\iTunesHelper.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\msnmsgr]

2010-04-17 06:12 3872080 ----a-w- c:\program files\Windows Live\Messenger\msnmsgr.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]

"DisableMonitoring"=dword:00000001

.

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]

"DisableMonitoring"=dword:00000001

.

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]

"DisableMonitoring"=dword:00000001

.

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]

"%windir%\\system32\\sessmgr.exe"=

"c:\\Program Files\\Messenger\\msmsgs.exe"=

"%windir%\\Network Diagnostic\\xpnetdiag.exe"=

"c:\\Program Files\\AvRack\\rtlrack.exe"=

"c:\\Program Files\\Mozilla Firefox\\firefox.exe"=

"c:\\Program Files\\uTorrent\\uTorrent.exe"=

"c:\\Program Files\\Java\\jre6\\bin\\java.exe"=

"c:\\Program Files\\VideoLAN\\VLC\\vlc.exe"=

"c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=

"c:\\Program Files\\Windows Live\\Sync\\WindowsLiveSync.exe"=

"c:\\Program Files\\VirtualDJ\\virtualdj.exe"=

"c:\\Program Files\\Microsoft Office\\Office12\\ONENOTE.EXE"=

"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqtra08.exe"=

"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqste08.exe"=

"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpofxm08.exe"=

"c:\\Program Files\\HP\\Digital Imaging\\bin\\hposfx08.exe"=

"c:\\Program Files\\HP\\Digital Imaging\\bin\\hposid01.exe"=

"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqscnvw.exe"=

"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqkygrp.exe"=

"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqCopy.exe"=

"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpfccopy.exe"=

"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpzwiz01.exe"=

"c:\\Program Files\\HP\\Digital Imaging\\Unload\\HpqPhUnl.exe"=

"c:\\Program Files\\HP\\Digital Imaging\\Unload\\HpqDIA.exe"=

"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpoews01.exe"=

"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqnrs08.exe"=

"c:\\Program Files\\Common Files\\Apple\\Apple Application Support\\WebKit2WebProcess.exe"=

"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=

"c:\\Program Files\\iTunes\\iTunes.exe"=

.

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]

"5985:TCP"= 5985:TCP:*:Disabled:Windows Remote Management

.

R1 aswSnx;aswSnx;c:\windows\system32\drivers\aswSnx.sys [3/17/2012 7:53 PM 612184]

R1 aswSP;aswSP;c:\windows\system32\drivers\aswSP.sys [3/17/2012 7:53 PM 337880]

R1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\sasdifsv.sys [7/22/2011 9:27 AM 12880]

R1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL.SYS [7/12/2011 2:55 PM 67664]

R1 SBRE;SBRE;c:\windows\system32\drivers\SBREDrv.sys [8/15/2010 9:27 PM 95024]

R2 !SASCORE;SAS Core Service;c:\program files\SUPERAntiSpyware\SASCore.exe [8/11/2011 4:38 PM 116608]

R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [3/17/2012 7:53 PM 20696]

R2 nlsX86cc;NLS Service;c:\windows\system32\NLSSRV32.EXE [9/24/2011 3:03 PM 68928]

R3 TotRec7;Total Recorder WDM audio driver;c:\windows\system32\drivers\TotRec7.sys [2/28/2011 10:42 PM 120472]

S0 Lbd;Lbd;c:\windows\system32\DRIVERS\Lbd.sys --> c:\windows\system32\DRIVERS\Lbd.sys [?]

S1 MpKsl36624047;MpKsl36624047;\??\c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{55F9E85C-6E15-494E-87E3-8A989BB2D4F7}\MpKsl36624047.sys --> c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{55F9E85C-6E15-494E-87E3-8A989BB2D4F7}\MpKsl36624047.sys [?]

S1 MpKsl6aa231d0;MpKsl6aa231d0;\??\c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{55F9E85C-6E15-494E-87E3-8A989BB2D4F7}\MpKsl6aa231d0.sys --> c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{55F9E85C-6E15-494E-87E3-8A989BB2D4F7}\MpKsl6aa231d0.sys [?]

S1 MpKsl75385543;MpKsl75385543;\??\c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{55F9E85C-6E15-494E-87E3-8A989BB2D4F7}\MpKsl75385543.sys --> c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{55F9E85C-6E15-494E-87E3-8A989BB2D4F7}\MpKsl75385543.sys [?]

S1 MpKsld5de23f2;MpKsld5de23f2;\??\c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{F8728CE0-9AB6-4B9F-A7CB-D2D5574D1F2D}\MpKsld5de23f2.sys --> c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{F8728CE0-9AB6-4B9F-A7CB-D2D5574D1F2D}\MpKsld5de23f2.sys [?]

S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [3/18/2010 1:16 PM 130384]

S3 cpuz130;cpuz130;\??\c:\docume~1\CHRIST~1\LOCALS~1\Temp\cpuz130\cpuz_x32.sys --> c:\docume~1\CHRIST~1\LOCALS~1\Temp\cpuz130\cpuz_x32.sys [?]

S3 EagleXNt;EagleXNt;\??\c:\windows\system32\drivers\EagleXNt.sys --> c:\windows\system32\drivers\EagleXNt.sys [?]

S3 Lavasoft Kernexplorer;Lavasoft helper driver;\??\c:\program files\Lavasoft\Ad-Aware\KernExplorer.sys --> c:\program files\Lavasoft\Ad-Aware\KernExplorer.sys [?]

S3 osppsvc;Office Software Protection Platform;c:\program files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [1/9/2010 9:37 PM 4640000]

S3 pcouffin;VSO Software pcouffin;c:\windows\system32\drivers\pcouffin.sys [8/5/2007 12:23 PM 47360]

S3 TotRec8;Total Recorder WDM audio filter driver;\??\c:\windows\system32\drivers\TotRec8.sys --> c:\windows\system32\drivers\TotRec8.sys [?]

S3 WinRM;Windows Remote Management (WS-Management);c:\windows\system32\svchost.exe -k WINRM [8/4/2004 5:00 AM 14336]

S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe [3/18/2010 1:16 PM 753504]

S4 sptd;sptd;c:\windows\system32\drivers\sptd.sys [7/31/2011 5:27 PM 436792]

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]

WINRM REG_MULTI_SZ WINRM

.

Contents of the 'Scheduled Tasks' folder

.

2012-03-20 c:\windows\Tasks\User_Feed_Synchronization-{3D21ED30-8301-4C6F-8979-CA64B5D7EF82}.job

- c:\windows\system32\msfeedssync.exe [2006-10-17 11:31]

.

.

------- Supplementary Scan -------

.

uStart Page = hxxp://www.google.ca/

mSearch Bar = hxxp://www.google.com

uInternet Connection Wizard,ShellNext = iexplore

IE: Convert link target to Adobe PDF - c:\program files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html

IE: Convert link target to existing PDF - c:\program files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html

IE: Convert selected links to Adobe PDF - c:\program files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html

IE: Convert selected links to existing PDF - c:\program files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html

IE: Convert selection to Adobe PDF - c:\program files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html

IE: Convert selection to existing PDF - c:\program files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html

IE: Convert to Adobe PDF - c:\program files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html

IE: Convert to existing PDF - c:\program files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html

IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000

TCP: DhcpNameServer = 192.168.1.254 192.168.1.254

DPF: {C9386579-3C0F-4713-82C6-5BA8088C7C8D} - hxxps://secure.shared.live.com/Pa6vGqB728AxD-ckvrPc0A/etc/Microsoft.Live.Folders.RichUpload.cab

FF - ProfilePath - c:\documents and settings\ffffffff\Application Data\Mozilla\Firefox\Profiles\y31x9w8y.default\

FF - prefs.js: browser.startup.homepage - hxxp://www.google.ca/

.

- - - - ORPHANS REMOVED - - - -

.

WebBrowser-{D4027C7F-154A-4066-A1AD-4243D8127440} - (no file)

MSConfigStartUp-HitmanPro35 - c:\program files\Hitman Pro 3.5\HitmanPro35[1].exe

.

.

.

**************************************************************************

scanning hidden processes ...

.

scanning hidden autostart entries ...

.

scanning hidden files ...

.

scan completed successfully

hidden files:

.

**************************************************************************

.

--------------------- DLLs Loaded Under Running Processes ---------------------

.

- - - - - - - > 'winlogon.exe'(820)

c:\program files\SUPERAntiSpyware\SASWINLO.DLL

c:\windows\system32\WININET.dll

.

- - - - - - - > 'explorer.exe'(3900)

c:\windows\system32\WININET.dll

c:\windows\system32\ieframe.dll

c:\windows\system32\webcheck.dll

c:\windows\system32\WPDShServiceObj.dll

c:\windows\system32\PortableDeviceTypes.dll

c:\windows\system32\PortableDeviceApi.dll

.

------------------------ Other Running Processes ------------------------

.

c:\program files\Ahead\InCD\InCDsrv.exe

c:\program files\AVAST Software\Avast\AvastSvc.exe

c:\program files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe

c:\program files\Bonjour\mDNSResponder.exe

c:\program files\Java\jre6\bin\jqs.exe

c:\program files\Common Files\Motive\McciCMService.exe

c:\windows\system32\HPZipm12.exe

c:\windows\SOUNDMAN.EXE

c:\windows\system32\taskmgr.exe

.

**************************************************************************

.

Completion time: 2012-03-19 20:42:31 - machine was rebooted

ComboFix-quarantined-files.txt 2012-03-20 03:42

ComboFix2.txt 2012-03-18 04:11

ComboFix3.txt 2012-03-18 02:34

.

Pre-Run: 38,158,929,920 bytes free

Post-Run: 38,148,038,656 bytes free

.

- - End Of File - - D2CD47A176FC3B4D1857C424B61EC059

Link to post
Share on other sites

When I ran combofix it did its shutdown, the computer just hung up on the "windows is shuttng down screen" so I hit restart manually after 10 minutes in a stalled state.

The rest on restart, Combofix ran fine.

The issues with explorer.exe seemed to be fixed before your last instructions. I ran Avast and it only saw a file in system restore volume which it was able to remove. At that stage it no longer detected winlogon.exe and explorer.exe as infected.

Could you see any malicious files still alive that warranted these final steps?

And are there any of these programs that I may run in the future that may help get rid of certain viruses? (without needing a thorough knowledge of the tasks)

And thank you very much for your help, this saved a ton of time and worked excellent. Thank you very much!

Link to post
Share on other sites

The Combofix with scripted copies was what fixed the issue of Explorer & winlogon.

I used Combofix to copy known good copies to the proper folders. That is what cured the main issue of yours.

How to reduce your odds of re-infection: Stay away from dodgy file downloads, and certainly do not use peer-to-peer file sharing.

Practice safer computing: see the tips below.

javaicon.gif

Your Java runtime is out of date. Older versions have vulnerabilities that malware can use to infect your system. Please follow these steps to remove older version Java components and update.

  • Download the latest version of >> Windows 7/XP/Vista/2000/2003/2008 Offline << from here and save it to your desktop.
  • Close any programs you may have running - especially your web browser.
  • Go to Start > Settings > Control Panel, select Add/Remove Programs and remove all older versions of Java.
  • Check (highlight) any item with Java Runtime Environment (JRE or J2SE or Java) in the name.
  • Click the Remove or Change/Remove button.
  • Repeat as many times as necessary to remove each Java versions.
  • Reboot your computer once all Java components are removed.
  • Then from your desktop double-click on jre-6u31-windows-i586-s.exe to install the newest version.

  • After the install is complete, go into the Control Panel (using Classic View) and double-click the Java Icon. (looks like a coffee cup) javaicon.gif
    • On the General tab, under Temporary Internet Files, click the Settings button.
    • Next, click on the Delete Files button
    • There are two options in the window to clear the cache - Leave BOTH Checked
      • Applications and Applets
        Trace and Log Files

      [*]Click OK on Delete Temporary Files Window

      Note: This deletes ALL the Downloaded Applications and Applets from the CACHE.

      [*]Click OK to leave the Temporary Files Window

Small tweaks for Java runtime, since most all users do not need to load Java at each Windows startup:

Click Advanced Tab. Expand the Miscellaneous item.

UN-check the line Java quick starter

Press Apply then OK. Close the applet when done.

To test your Java Run-time, you may go to this page http://www.java.com/en/download/help/testvm.xml

When all is well, you should see Java Version: Java 6 Update 31 from Sun Microsystems Inc.

Older versions of Adobe Reader pose a potential security risk.

De-install your Adobe Reader: Use Control Panel's Add-Remove programs, Remove Adobe Reader.

Get latest Adobe Reader version

http://get.adobe.com/reader/

Be sure to un-check the box for Free McAfee Security Scan or any "toolbar" (if offered )

To re-enable CD Emulation programs using DeFogger please perform these steps:

Please download >> DeFogger <<and save it to your desktop.

  • Once downloaded, double-click on the DeFogger icon to start the tool.
  • The application window will appear.
  • You should now click on the Enable button to re-enable your CD Emulation drivers.
  • When it prompts you whether or not you want to continue, please click on the Yes button to continue.
  • When the program has completed you will see a Finished! message. Click on the OK button to exit the program.
  • If CD Emulation programs are present and have been enabled, DeFogger will now ask you to reboot the machine. Please allow it to do so by clicking on the OK button.

I see that you are clear of your original issues.

If you have a problem with these steps, or something does not quite work here, do let me know.

The following few steps will remove tools we used.

We have to remove Combofix and all its associated folders. By whichever name you named it, ( you had named it combofix icon_exclaim.gif), put that name in the RUN box stated just below.

The "/uninstall" in the Run line below is to start Combofix for it's cleanup & removal function.

Note the space after Combofix and before the slash mark.

The utility must be removed to prevent any un-intentional or accidental usage, PLUS, to free up much space on your hard disk.

  • Click Start, then click Run.
    In the text box that opens, type or copy/paste ComboFix /uninstall and then click OK.

IF in the case Combofix un-install has an issue, skip that step.

  • Download OTC to your desktop and run it
  • Click Yes to beginning the Cleanup process and remove these components, including this application.
  • You will be asked to reboot the machine to finish the Cleanup process. Choose Yes.

ERUNT you should keep, and use periodically to backup the Windows registry.

Delete Roguekiller.exe if still present.

Safer computing practices

We are finished here. Best regards.

Edited by Maurice Naggar
Link to post
Share on other sites

Guest
This topic is now closed to further replies.
  • Recently Browsing   0 members

    • No registered users viewing this page.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.