Jump to content

Multiple Bad Image Messages


gfc
 Share

Recommended Posts

Hi There,

 

I have had major problems as well regarding multiple bad image messages. Very similar to this post: http://forums.pcpitstop.com/index.php?/topic/196031-bad-image-error-on-start-up-and-over-and-over-again/page__pid__1727748&do=findComment&comment=1727748

 

I have tried installing windows security essentials, which did find something, and removed it. The initial message appeared to be in googleupdater, so I uninstalled chrome, but its appearing in a whole lot of other programs now too.

 

I've also tried uninstalling avg when I installed the windows essentials, but got too many messages and couldn't complete it at first though this was done eventually. Following another post, I also tried uninstalling java, but I think I need to stop doing that now!

 

I've posted the results of the hijack this scan that one of the advisors kindly told me to do, please see below for log.

 

 

Can you help?!?!

 

Many thanks,

 

Regards,

 

Gemma

 

 

 

 

 

Logfile of Trend Micro HijackThis v2.0.2

Scan saved at 7:00:04 p.m., on 2/08/2011

Platform: Windows XP SP3 (WinNT 5.01.2600)

MSIE: Internet Explorer v7.00 (7.00.6000.17098)

Boot mode: Normal

 

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\svchost.exe

c:\Program Files\Microsoft Security Client\Antimalware\MsMpEng.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\Explorer.EXE

C:\WINDOWS\system32\spoolsv.exe

C:\Program Files\Synaptics\SynTP\SynTPLpr.exe

C:\Program Files\Synaptics\SynTP\SynTPEnh.exe

C:\Program Files\PowerISO\PWRISOVM.EXE

C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\fppdis2a.exe

C:\WINDOWS\system32\igfxtray.exe

C:\Program Files\HP\HP Software Update\HPWuSchd2.exe

C:\WINDOWS\system32\hkcmd.exe

C:\Program Files\Real\RealPlayer\update\realsched.exe

C:\Program Files\QuickTime\QTTask.exe

C:\Program Files\iTunes\iTunesHelper.exe

C:\Program Files\Microsoft Security Client\msseces.exe

C:\WINDOWS\system32\ctfmon.exe

C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe

C:\Program Files\PIXELA\MediaBrowser LE\MBCameraMonitor.exe

C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe

C:\Program Files\OpenOffice.org 3\program\soffice.exe

C:\Program Files\OpenOffice.org 3\program\soffice.bin

C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe

C:\Program Files\Bonjour\mDNSResponder.exe

C:\WINDOWS\system32\cisvc.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\system32\svchost.exe

C:\Program Files\Internet Explorer\iexplore.exe

C:\Program Files\HP\Smart Web Printing\hpswp_clipbook.exe

C:\Program Files\iPod\bin\iPodService.exe

C:\WINDOWS\System32\svchost.exe

C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe

C:\WINDOWS\system32\cidaemon.exe

C:\WINDOWS\system32\wuauclt.exe

C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

 

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iesearch&locale=EN_AU&c=Q105&bd=pavilion&pf=laptop

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://google.com/

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157

R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=EN_AU&c=Q105&bd=pavilion&pf=laptop

R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local

R3 - URLSearchHook: (no name) - {A3BC75A2-1F87-4686-AA43-5347D756017C} - (no file)

F2 - REG:system.ini: UserInit=C:\WINDOWS\system32\userinit.exe,C:\Program Files\LeechLLC:mstorr.exe,

O2 - BHO: HP Print Enhancer - {0347C33E-8762-4905-BF09-768834316C61} - C:\Program Files\HP\Smart Web Printing\hpswp_printenhancer.dll

O2 - BHO: HP Print Clips - {053F9267-DC04-4294-A72C-58F732D338C0} - C:\Program Files\HP\Smart Web Printing\hpswp_framework.dll

O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll

O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Documents and Settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\IE\rpbrowserrecordplugin.dll

O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll

O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)

O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

O2 - BHO: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll (file missing)

O3 - Toolbar: (no name) - {BA52B914-B692-46c4-B683-905236F6F655} - (no file)

O3 - Toolbar: (no name) - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - (no file)

O4 - HKLM\..\Run: [synTPLpr] C:\Program Files\Synaptics\SynTP\SynTPLpr.exe

O4 - HKLM\..\Run: [synTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe

O4 - HKLM\..\Run: [PWRISOVM.EXE] C:\Program Files\PowerISO\PWRISOVM.EXE

O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC

O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName

O4 - HKLM\..\Run: [pdfFactory Dispatcher v2] "C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\fppdis2a.exe" /source=HKLM

O4 - HKLM\..\Run: [MSPY2002] C:\WINDOWS\system32\IME\PINTLGNT\ImScInst.exe /SYNC

O4 - HKLM\..\Run: [iMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32

O4 - HKLM\..\Run: [iMEKRMIG6.1] C:\WINDOWS\ime\imkr6_1\IMEKRMIG.EXE

O4 - HKLM\..\Run: [igfxTray] C:\WINDOWS\system32\igfxtray.exe

O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe

O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe

O4 - HKLM\..\Run: [Cpqset] C:\Program Files\HPQ\Default Settings\cpqset.exe

O4 - HKLM\..\Run: [nvcpl] C:\Program Files\LeechLLC:mstorr.exe

O4 - HKLM\..\Run: [NielsenOnline] C:\Program Files\NetRatingsNetSight\NetSight\NielsenOnline.exe

O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"

O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"

O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Real\RealPlayer\update\realsched.exe" -osboot

O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime

O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"

O4 - HKLM\..\Run: [MSC] "c:\Program Files\Microsoft Security Client\msseces.exe" -hide -runkey

O4 - HKLM\..\RunOnce: [AvgUninstallURL] cmd.exe /c start http://www.avg.com/ww.special-uninstallation-feedback-appf?lic=OUFWRlJFRS1WWllGOC1DSzdRRy05VUJVUi03U1VMUy00NEtSMi1GS1NV"&"inst=NzctNTQyNDQ2NDQ2LVQxLUJBKzEtS1YzKzctVUNBTEwrMS1VQ0FMTDIrMi1UQjgrMi1GTCs4LUY4TTExQysxLVVQRysyMDExLUZMMTArMS1UVUcrMy1MSUMrOS1ERFQrMA"&"prod=90"&"ver=10.0.1390

O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe

O4 - HKCU\..\Run: [spybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe

O4 - HKCU\..\Run: [Google Update] "C:\Documents and Settings\CAROLYN\Local Settings\Application Data\Google\Update\GoogleUpdate.exe" /c

O4 - HKCU\..\Run: [wefi] C:\Program Files\WeFi\WeFi.exe

O4 - HKUS\S-1-5-18\..\Run: [DWQueuedReporting] "C:\PROGRA~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" -t (User 'SYSTEM')

O4 - HKUS\.DEFAULT\..\Run: [DWQueuedReporting] "C:\PROGRA~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" -t (User 'Default user')

O4 - Startup: OpenOffice.org 3.3.lnk = C:\Program Files\OpenOffice.org 3\program\quickstart.exe

O4 - Global Startup: Device Monitor LE.lnk = ?

O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe

O8 - Extra context menu item: &Search - ?p=ZRfox000

O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~4\OFFICE11\EXCEL.EXE/3000

O9 - Extra button: HP Clipbook - {58ECB495-38F0-49cb-A538-10282ABF65E7} - C:\Program Files\HP\Smart Web Printing\hpswp_extensions.dll

O9 - Extra button: HP Smart Select - {700259D7-1666-479a-93B1-3250410481E8} - C:\Program Files\HP\Smart Web Printing\hpswp_extensions.dll

O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~4\OFFICE11\REFIEBAR.DLL

O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll

O9 - Extra 'Tools' menuitem: Spybot - Search && Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll

O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe

O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe

O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe

O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe

O10 - Unknown file in Winsock LSP: c:\windows\system32\lsptqe.dll

O14 - IERESET.INF: START_PAGE_URL=http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=EN_AU&c=Q105&bd=pavilion&pf=laptop

O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab

O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab

O16 - DPF: {EF791A6B-FC12-4C68-99EF-FB9E207A39E6} (McFreeScan Class) - http://download.mcafee.com/molbin/iss-loc/mcfscan/2,2,0,5257/mcfscan.cab

O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL

O20 - Winlogon Notify: efcccda - efcccda.dll (file missing)

O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe

O23 - Service: Bytemobile Web Configurator (bmwebcfg) - Unknown owner - C:\WINDOWS\system32\bmwebcfg.exe (file missing)

O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe

O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe

O23 - Service: Google Update Service (gupdate) (gupdate) - Unknown owner - C:\Program Files\Google\Update\GoogleUpdate.exe (file missing)

O23 - Service: Google Update Service (gupdatem) (gupdatem) - Unknown owner - C:\Program Files\Google\Update\GoogleUpdate.exe (file missing)

O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe

O23 - Service: McAfee WSC Integration (McDetect.exe) - Unknown owner - c:\program files\mcafee.com\agent\mcdetect.exe (file missing)

O23 - Service: McAfee Task Scheduler (McTskshd.exe) - Unknown owner - c:\PROGRA~1\mcafee.com\agent\mctskshd.exe (file missing)

O23 - Service: ServiceLayer - Nokia. - C:\Program Files\PC Connectivity Solution\ServiceLayer.exe

 

--

End of file - 10847 bytes

Link to comment
Share on other sites

**In any case where you happen to be busy or unable to give us a reply, we would be grateful if you keep us informed in advance and we will be more than happy to wait. Failure to do so we will have your thread closed in THREE(3) days.

:)

Hello there, gfc

 

:wp:

 

I'm Conspire, I'll be glad to help you with your computer problems.

 

Please observe these rules while we work:

  • Read the entire procedure
  • It is important to perform ALL actions in sequence.
  • If you don't know, stop and ask! Don't keep going on.
  • Please reply to this thread. Do not start a new topic.
  • Stick with me till you're given the all clear.
  • Remember, absence of symptoms does not mean the infection is all gone.
  • Don't attempt to clean your computer with any tools other than the ones I ask you to use during the cleanup process.

IMPORTANT NOTE : Please do not delete anything unless instructed to. Remember to backup all your important data(if possible) before moving on.

Link to comment
Share on other sites

Hello there,

 

Please download DDS by sUBs from one of the following links and save it to your desktop.

  • Disable any script blocking protection (How to Disable your Security Programs)
  • Double click DDS icon to run the tool (may take up to 3 minutes to run)
  • When done, DDS.txt will open.
  • After a few moments, attach.txt will open in a second window.
  • Save both reports to your desktop.
---------------------------------------------------
  • Post the contents of the DDS.txt report in your next reply
  • Attach the Attach.txt report to your post by scroling down to the Attachments area and then clicking Browse. Browse to where you saved the file, and click Open and then click UPLOAD.
===================================================

 

Posted Image

  • Please download GMER from one of the following locations, and save it to your desktop:

  • Main Mirror

    This version will download a randomly named file (Recommended)

  • Zip Mirror

    This version will download a zip file you will need to extract first. If you use this mirror, please extract the zip file to your desktop.

  • Extract the contents of the zipped file to desktop (applicable only to Zip mirror) .
  • Double click Posted Image or Posted Image on your desktop.
  • If it gives you a warning about rootkit activity and asks if you want to run scan...click on NO.

    Posted Image

     

    Posted Image

    Click the image to enlarge it

  • In the right panel, you will see several boxes that have been checked. Uncheck the following ...
    • IAT/EAT
    • Drives/Partition other than Systemdrive (typically C:\)
    • Show All (don't miss this one)
  • Then click the Scan button & wait for it to finish.
  • Once done click on the [save..] button, and in the File name area, type in "Gmer.txt" or it will save as a .log file which cannot be uploaded to your post.

  • Save it where you can easily find it, such as your desktop, and attach it in your reply.
**Caution**

Rootkit scans often produce false positives. Do NOT take any action on any "<--- ROOKIT" entries

 

===================================================

 

Download Security Check by screen317 from here or here.

  • Save it to your Desktop.
  • Double click SecurityCheck.exe and follow the onscreen instructions inside of the black box.
  • A Notepad document should open automatically called checkup.txt; please post the contents of that document.
===================================================

 

On your next reply please post :

DDS log

GMER log

Checkup log

Let me know if you have any problems in performing with the steps above or any questions you may have.

 

Good Day!

Link to comment
Share on other sites

Hi there.

 

I'm experiencing difficulty getting the DDS txt log as my computer just freezes when I try to run it. All the anti-virus has definitely been removed so I don't think that's the problem. My laptop is very old and I think it's just struggling to keep up.

 

Any ideas?

 

Many thanks

 

Gemma

Link to comment
Share on other sites

We will use other tool and see what we got.

 

  • Download OTL to your desktop.
  • Double click on the icon to run it. Make sure all other windows are closed and to let it run uninterrupted.
  • When the window appears, underneath Output at the top change it to Minimal Output.
  • Check the boxes beside LOP Check and Purity Check.
  • Click the Run Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long.

  • When the scan completes, it will open two notepad windows. OTL.Txt and Extras.Txt.

    Note:These logs can be located in the OTL. folder on you C:\ drive if they fail to open automatically.

  • Please copy (Edit->Select All, Edit->Copy) the contents of these files, one at a time, and post it with your next reply. You may need two posts to fit them both in.
Link to comment
Share on other sites

Thanks conspire! It worked perfectly. Please find the logs below:

 

Kind regards

 

Gemma

 

OTL Extras logfile created on: 5/08/2011 12:12:54 p.m. - Run 1

OTL by OldTimer - Version 3.2.26.1 Folder = C:\Documents and Settings\CAROLYN\Desktop

Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation

Internet Explorer (Version = 7.0.5730.13)

Locale: 00001409 | Country: New Zealand | Language: ENZ | Date Format: d/MM/yyyy

 

1.22 Gb Total Physical Memory | 0.77 Gb Available Physical Memory | 63.42% Memory free

1.41 Gb Paging File | 1.15 Gb Available in Paging File | 81.86% Paging File free

Paging file location(s): C:\pagefile.sys 336 672 [binary data]

 

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files

Drive C: | 37.05 Gb Total Space | 9.53 Gb Free Space | 25.73% Space Free | Partition Type: NTFS

 

Computer Name: DKC | User Name: CAROLYN | Logged in as Administrator.

Boot Mode: Normal | Scan Mode: Current user

Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

 

========== Extra Registry (SafeList) ==========

 

 

========== File Associations ==========

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]

.cpl [@ = cplfile] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*

.html [@ = Reg Error: Value error.] -- Reg Error: Key error. File not found

.url [@ = InternetShortcut] -- rundll32.exe ieframe.dll,OpenURL %l

 

========== Shell Spawning ==========

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]

batfile [open] -- "%1" %*

cmdfile [open] -- "%1" %*

comfile [open] -- "%1" %*

cplfile [cplopen] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*

exefile [open] -- "%1" %*

htmlfile [edit] -- Reg Error: Key error.

http [open] -- "C:\Program Files\Mozilla Firefox\firefox.exe" -requestPending -osint -url "%1"

https [open] -- "C:\Program Files\Mozilla Firefox\firefox.exe" -requestPending -osint -url "%1"

InternetShortcut [open] -- rundll32.exe ieframe.dll,OpenURL %l

piffile [open] -- "%1" %*

regfile [merge] -- Reg Error: Key error.

scrfile [config] -- "%1"

scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l

scrfile [open] -- "%1" /S

txtfile [edit] -- Reg Error: Key error.

Unknown [openas] -- C:\Program Files\SpeedMaxPc\SpeedMaxPc\noapp.exe %1 (SpeedMaxPc)

Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation)

Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation)

Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

 

========== Security Center Settings ==========

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]

"FirstRunDisabled" = 1

"AntiVirusDisableNotify" = 0

"FirewallDisableNotify" = 0

"UpdatesDisableNotify" = 0

"AntiVirusOverride" = 0

"FirewallOverride" = 0

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

"DisableMonitoring" = 1

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]

"DisableMonitoring" = 1

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]

"DisableMonitoring" = 1

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]

 

========== System Restore Settings ==========

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows NT\SystemRestore]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]

"DisableSR" = 0

 

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Sr]

"Start" = 0

 

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SrService]

"Start" = 2

 

========== Firewall Settings ==========

 

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]

"EnableFirewall" = 1

"DisableNotifications" = 0

"DoNotAllowExceptions" = 0

 

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]

"EnableFirewall" = 1

"DoNotAllowExceptions" = 0

"DisableNotifications" = 0

 

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]

"16609:TCP" = 16609:TCP:*:Enabled:BitComet 16609 TCP

"16609:UDP" = 16609:UDP:*:Enabled:BitComet 16609 UDP

"1900:UDP" = 1900:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22007

"2869:TCP" = 2869:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22008

"139:TCP" = 139:TCP:LocalSubNet:Disabled:@xpsp2res.dll,-22004

"445:TCP" = 445:TCP:LocalSubNet:Disabled:@xpsp2res.dll,-22005

"137:UDP" = 137:UDP:LocalSubNet:Disabled:@xpsp2res.dll,-22001

"138:UDP" = 138:UDP:LocalSubNet:Disabled:@xpsp2res.dll,-22002

 

========== Authorized Applications List ==========

 

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]

 

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]

"C:\Program Files\Huawei technologies\Huawei UMTS Data Card\3 USB Modem.exe" = C:\Program Files\Huawei technologies\Huawei UMTS Data Card\3 USB Modem.exe:*:Enabled:3 USB Modem -- (Huawei Technologies)

"C:\Program Files\BitLord\BitLord.exe" = C:\Program Files\BitLord\BitLord.exe:*:Enabled:BitLord

"C:\Program Files\Kontiki\KService.exe" = C:\Program Files\Kontiki\KService.exe:*:Enabled:Delivery Manager Service

"C:\Program Files\Mozilla Firefox\firefox.exe" = C:\Program Files\Mozilla Firefox\firefox.exe:*:Enabled:Firefox

"C:\Program Files\Vuze\Azureus.exe" = C:\Program Files\Vuze\Azureus.exe:*:Enabled:Azureus

"C:\Program Files\Spotify\spotify.exe" = C:\Program Files\Spotify\spotify.exe:*:Enabled:Spotify -- (Spotify Ltd)

"C:\Program Files\BitComet\BitComet.exe" = C:\Program Files\BitComet\BitComet.exe:*:Enabled:BitComet.exe

"C:\Program Files\AVG\AVG10\avgmfapx.exe" = C:\Program Files\AVG\AVG10\avgmfapx.exe:*:Enabled:AVG Installer

 

 

========== HKEY_LOCAL_MACHINE Uninstall List ==========

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]

"{10E1E87C-656C-4D08-86D6-5443D28583BE}" = TrayApp

"{13F00518-807A-4B3A-83B0-A7CD90F3A398}" = MarketResearch

"{1753255A-0AEB-4220-8C75-607B73F0C133}" = Copy

"{1CB92574-96F2-467B-B793-5CEB35C40C29}" = Image Resizer Powertoy for Windows XP

"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148

"{20C11E32-103F-429F-98A4-DA24486D140F}" = MediaBrowser LE

"{28C2DED6-325B-4CC7-983A-1777C8F7FBAB}" = RealUpgrade 1.1

"{29FA38B4-0AE4-4D0D-8A51-6165BB990BB0}" = WebReg

"{2A697B53-0DE3-42DA-B41D-C3F804B1C538}" = iTunes

"{2A981294-F14C-4F0F-9627-D793270922F8}" = Bonjour

"{2DC94AFD-A6E2-4AB4-9132-4A3F8E07B386}" = Apple Application Support

"{2F28B3C9-2C89-4206-8B33-8ADC9577C49B}" = Scan

"{350C97B0-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP

"{3E171899-0175-47CC-84C4-562ACDD4C021}" = OpenOffice.org 3.3

"{415CDA53-9100-476F-A7B2-476691E117C7}" = HP Smart Web Printing

"{416D80BA-6F6D-4672-B7CF-F54DA2F80B44}" = Microsoft Works

"{487B0B9B-DCD4-440D-89A0-A6EDE1A545A3}" = HPSSupply

"{508CE775-4BA4-4748-82DF-FE28DA9F03B0}" = Windows Live Messenger

"{543E938C-BDC4-4933-A612-01293996845F}" = UnloadSupport

"{57752979-A1C9-4C02-856B-FBB27AC4E02C}" = QuickTime

"{5C82DAE5-6EB0-4374-9254-BE3319BA4E82}" = Skype™ 3.8

"{66E6CE0C-5A1E-430C-B40A-0C90FF1804A8}" = eSupportQFolder

"{6956856F-B6B3-4BE0-BA0B-8F495BE32033}" = Apple Software Update

"{6F5E2F4A-377D-4700-B0E3-8F7F7507EA15}" = CustomerResearchQFolder

"{706BB40A-4102-4c89-8107-DC68C4EBD19B}" = HP Deskjet All-In-One Software 9.0

"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable

"{755C5628-7C85-C99A-4035-1B89D6D43BD8}" = TweetDeck

"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053

"{7770E71B-2D43-4800-9CB3-5B6CAAEBEBEA}" = RealNetworks - Microsoft Visual C++ 2008 Runtime

"{824D3839-DAA1-4315-A822-7AE3E620E528}" = VideoToolkit01

"{8389382B-53BA-4A87-8854-91E3D80A5AC7}" = HP Photosmart Essential2.01

"{86CE85E6-DBAC-3FFD-B977-E4B79F83C909}" = Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570

"{8A708DD8-A5E6-11D4-A706-000629E95E20}" = Intel® Extreme Graphics 2 Driver

"{8C6027FD-53DC-446D-BB75-CACD7028A134}" = HP Update

"{90110409-6000-11D3-8CFE-0150048383C9}" = Microsoft Office Professional Edition 2003

"{90140000-2005-0000-0000-0000000FF1CE}" = Microsoft Office File Validation Add-In

"{91110409-6000-11D3-8CFE-0150048383C9}" = Microsoft Office Professional Edition 2003

"{91810AFC-A4F8-4EBA-A5AA-B198BBC81144}" = InterVideo WinDVD

"{93F54611-2701-454e-94AB-623F458D9E6B}" = DeviceDiscovery

"{9422C8EA-B0C6-4197-B8FC-DC797658CA00}" = Windows Live Sign-in Assistant

"{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting

"{95774351-6087-3A3B-8CA8-70BEE49D2BD5}" = Google Gears

"{99A40651-0BC2-4095-8F9A-A40FAB224FEF}" = PC Connectivity Solution

"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161

"{A2BCA9F1-566C-4805-97D1-7FDC93386723}" = Adobe AIR

"{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}" = Microsoft .NET Framework 3.0 Service Pack 2

"{A7E4ECCA-4A8E-4258-8EC8-2DCCF5B11320}" = Windows Live installer

"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper

"{A9C365A3-06C0-43b4-A2DB-EDF0A6079AA9}" = DJ_AIO_Software

"{AB5D51AE-EBC3-438D-872C-705C7C2084B0}" = DeviceManagementQFolder

"{AC76BA86-7AD7-1033-7B44-A94000000001}" = Adobe Reader 9.4.5

"{AEA07F97-9088-497c-8821-0F36BD5DC251}" = HPProductAssistant

"{AF7FC1CA-79DF-43c3-90A3-33EFEB9294CE}" = AIO_Scan

"{B4B1F18B-5CED-4f8f-8A8F-1BD0503C222E}" = DJ_AIO_ProductContext

"{B6B69D92-6CD8-4086-8D1D-7945BDA4AE5A}" = F4100_Help

"{BCD6CD1A-0DBE-412E-9F25-3B500D1E6BA1}" = SolutionCenter

"{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}" = Microsoft .NET Framework 2.0 Service Pack 2

"{C73F2967-062E-48F2-A462-D335B8950183}" = Safari

"{C9D88AF8-7B0A-4200-BFBC-7827A7535096}" = F4100_doccd

"{CACAEB5F-174D-4C7C-AC56-A33289A807CA}" = Apple Mobile Device Support

"{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1

"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1

"{D0E39A1D-0CEE-4D85-B4A2-E3BE990D075E}" = Destination Component

"{DB518BA6-CB74-4EB6-9ABD-880B6D6E1F38}" = HpSdpAppCoreApp

"{E2662C24-B31E-4349-A084-32EB76E8B760}" = BufferChm

"{E34B59B8-F34F-404e-A0BE-61AC51B9F3DB}" = SpeedMaxPc SpeedMaxPc

"{E9C18EBD-85BE-47D0-AA73-3FEDCC976B04}" = Toolbox

"{F1E63043-54FC-429B-AB2C-31AF9FBA4BC7}" = 32 Bit HP CIO Components Installer

"{F56D6F46-1D62-4734-BF12-6457A1ED17BD}" = DJ_AIO_Software_min

"{F72E2DDC-3DB8-4190-A21D-63883D955FE7}" = PSSWCORE

"{F8FED11D-3584-4a72-8B26-E0951B655797}" = F4100

"{FD8D8B04-BEAD-4A55-AA1D-62D2373E7DEA}" = Status

"3 USB Modem" = 3 USB Modem

"Adobe AIR" = Adobe AIR

"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX

"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin

"CNXT_MODEM_PCI_VEN_8086&DEV_24C6&SUBSYS_3080103C" = SoftV92 Data Fax Modem with SmartCP

"Conexant PCI Audio" = Conexant AC-Link Audio

"FXpansion DR-008" = FXpansion DR-008

"HijackThis" = HijackThis 2.0.2

"HP Imaging Device Functions" = HP Imaging Device Functions 9.0

"HP Photosmart Essential" = HP Photosmart Essential 2.01

"HP Solution Center & Imaging Support Tools" = HP Solution Center 9.0

"HPExtendedCapabilities" = HP Customer Participation Program 9.0

"IDNMitigationAPIs" = Microsoft Internationalized Domain Names Mitigation APIs

"ie7" = Windows Internet Explorer 7

"Microsoft .NET Framework 1.1 (1033)" = Microsoft .NET Framework 1.1

"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1

"Money2005b" = Microsoft Money

"MSCompPackV1" = Microsoft Compression Client Pack 1.0 for Windows XP

"MSNINST" = MSN

"NetSight" = Nielsen//NetRatings

"NLSDownlevelMapping" = Microsoft National Language Support Downlevel APIs

"pdfFactory" = pdfFactory

"PowerISO" = PowerISO

"RealPlayer 12.0" = RealPlayer

"Security Task Manager" = Security Task Manager 1.7e

"Spotify" = Spotify

"SynTPDeinstKey" = Synaptics Pointing Device Driver

"TweetDeckFast.FFF259DC0CE2657847BBB4AFF0E62062EFC56543.1" = TweetDeck

"Windows Media Format Runtime" = Windows Media Format 11 runtime

"Windows Media Player" = Windows Media Player 11

"Windows XP Service Pack" = Windows XP Service Pack 3

"WinRAR archiver" = WinRAR archiver

"WMFDist11" = Windows Media Format 11 runtime

"wmp11" = Windows Media Player 11

"Wudf01005" = Microsoft User-Mode Driver Framework Feature Pack 1.5

 

========== HKEY_CURRENT_USER Uninstall List ==========

 

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]

 

========== Last 10 Event Log Errors ==========

 

[ Application Events ]

Error - 12/07/2011 2:32:45 p.m. | Computer Name = DKC | Source = Bonjour Service | ID = 100

Description = Task Scheduling Error: Continuously busy for more than a second

 

Error - 12/07/2011 2:32:45 p.m. | Computer Name = DKC | Source = Bonjour Service | ID = 100

Description = Task Scheduling Error: m->NextScheduledEvent 5562

 

Error - 12/07/2011 2:32:45 p.m. | Computer Name = DKC | Source = Bonjour Service | ID = 100

Description = Task Scheduling Error: m->NextScheduledSPRetry 5562

 

Error - 12/07/2011 3:02:59 p.m. | Computer Name = DKC | Source = Bonjour Service | ID = 100

Description = Task Scheduling Error: Continuously busy for more than a second

 

Error - 12/07/2011 3:02:59 p.m. | Computer Name = DKC | Source = Bonjour Service | ID = 100

Description = Task Scheduling Error: m->NextScheduledEvent 2922

 

Error - 12/07/2011 3:02:59 p.m. | Computer Name = DKC | Source = Bonjour Service | ID = 100

Description = Task Scheduling Error: m->NextScheduledSPRetry 2922

 

Error - 17/07/2011 8:29:54 a.m. | Computer Name = DKC | Source = Application Error | ID = 1000

Description = Faulting application chrome.exe, version 0.0.0.0, faulting module

chrome.dll, version 12.0.742.122, fault address 0x0000c2d9.

 

Error - 27/07/2011 4:34:48 p.m. | Computer Name = DKC | Source = crypt32 | ID = 131080

Description = Failed auto update retrieval of third-party root list sequence number

from: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootseq.txt>

with error: This operation returned because the timeout period expired.

 

Error - 31/07/2011 5:57:16 a.m. | Computer Name = DKC | Source = MPSampleSubmission | ID = 5000

Description =

 

Error - 3/08/2011 6:14:34 p.m. | Computer Name = DKC | Source = Microsoft Security Client | ID = 1001

Description =

 

[ System Events ]

Error - 4/08/2011 12:53:08 p.m. | Computer Name = DKC | Source = Service Control Manager | ID = 7000

Description = The Bytemobile Web Configurator service failed to start due to the

following error: %%2

 

Error - 4/08/2011 12:53:08 p.m. | Computer Name = DKC | Source = Service Control Manager | ID = 7000

Description = The Google Update Service (gupdate) service failed to start due to

the following error: %%2

 

Error - 4/08/2011 12:53:08 p.m. | Computer Name = DKC | Source = Service Control Manager | ID = 7000

Description = The McAfee WSC Integration service failed to start due to the following

error: %%2

 

Error - 4/08/2011 12:53:08 p.m. | Computer Name = DKC | Source = Service Control Manager | ID = 7000

Description = The McAfee Task Scheduler service failed to start due to the following

error: %%3

 

Error - 4/08/2011 1:24:29 p.m. | Computer Name = DKC | Source = Tcpip | ID = 4199

Description = The system detected an address conflict for IP address 192.168.1.3

with the system having network hardware address 00:23:4E:9E:7B:E3. Network operations

on this system may be disrupted as a result.

 

Error - 5/08/2011 7:02:48 a.m. | Computer Name = DKC | Source = Dhcp | ID = 1002

Description = The IP address lease 192.168.1.3 for the Network Card with network

address 0012F042F73F has been denied by the DHCP server 101.219.32.1 (The DHCP Server

sent a DHCPNACK message).

 

Error - 5/08/2011 7:02:55 a.m. | Computer Name = DKC | Source = Service Control Manager | ID = 7000

Description = The Bytemobile Web Configurator service failed to start due to the

following error: %%2

 

Error - 5/08/2011 7:02:55 a.m. | Computer Name = DKC | Source = Service Control Manager | ID = 7000

Description = The Google Update Service (gupdate) service failed to start due to

the following error: %%2

 

Error - 5/08/2011 7:02:55 a.m. | Computer Name = DKC | Source = Service Control Manager | ID = 7000

Description = The McAfee WSC Integration service failed to start due to the following

error: %%2

 

Error - 5/08/2011 7:02:55 a.m. | Computer Name = DKC | Source = Service Control Manager | ID = 7000

Description = The McAfee Task Scheduler service failed to start due to the following

error: %%3

 

 

< End of report >

OTL logfile created on: 5/08/2011 12:12:54 p.m. - Run 1

OTL by OldTimer - Version 3.2.26.1 Folder = C:\Documents and Settings\CAROLYN\Desktop

Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation

Internet Explorer (Version = 7.0.5730.13)

Locale: 00001409 | Country: New Zealand | Language: ENZ | Date Format: d/MM/yyyy

 

1.22 Gb Total Physical Memory | 0.77 Gb Available Physical Memory | 63.42% Memory free

1.41 Gb Paging File | 1.15 Gb Available in Paging File | 81.86% Paging File free

Paging file location(s): C:\pagefile.sys 336 672 [binary data]

 

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files

Drive C: | 37.05 Gb Total Space | 9.53 Gb Free Space | 25.73% Space Free | Partition Type: NTFS

 

Computer Name: DKC | User Name: CAROLYN | Logged in as Administrator.

Boot Mode: Normal | Scan Mode: Current user

Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

 

========== Processes (SafeList) ==========

 

PRC - C:\Documents and Settings\CAROLYN\Desktop\OTL.exe (OldTimer Tools)

PRC - C:\Program Files\Real\RealPlayer\Update\realsched.exe (RealNetworks, Inc.)

PRC - C:\Program Files\OpenOffice.org 3\program\soffice.exe (OpenOffice.org)

PRC - C:\Program Files\OpenOffice.org 3\program\soffice.bin (OpenOffice.org)

PRC - C:\Program Files\PIXELA\MediaBrowser LE\MBCameraMonitor.exe (PIXELA CORPORATION)

PRC - C:\WINDOWS\explorer.exe (Microsoft Corporation)

PRC - C:\Program Files\PowerISO\PWRISOVM.EXE (PowerISO Computing, Inc.)

PRC - C:\WINDOWS\system32\spool\drivers\w32x86\3\fppdis2a.exe (FinePrint Software, LLC)

PRC - C:\Program Files\Synaptics\SynTP\SynTPLpr.exe (Synaptics, Inc.)

 

 

========== Modules (SafeList) ==========

 

MOD - C:\Documents and Settings\CAROLYN\Desktop\OTL.exe (OldTimer Tools)

MOD - C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.6028_x-ww_61e65202\comctl32.dll (Microsoft Corporation)

MOD - C:\WINDOWS\system32\SynTPFcs.dll (Synaptics, Inc.)

 

 

========== Win32 Services (SafeList) ==========

 

SRV - (McTskshd.exe) -- File not found

SRV - (McDetect.exe) -- File not found

SRV - (gupdatem) Google Update Service (gupdatem) -- File not found

SRV - (gupdate) Google Update Service (gupdate) -- File not found

SRV - (bmwebcfg) -- File not found

SRV - (AppMgmt) -- File not found

SRV - (FLEXnet Licensing Service) -- C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe (Macrovision Europe Ltd.)

SRV - (ServiceLayer) -- C:\Program Files\PC Connectivity Solution\ServiceLayer.exe (Nokia.)

 

 

========== Driver Services (SafeList) ==========

 

DRV - (mf) -- C:\WINDOWS\system32\drivers\mf.sys (Microsoft Corporation)

DRV - (SCDEmu) -- C:\WINDOWS\System32\drivers\scdemu.sys (PowerISO Computing, Inc.)

DRV - (s3017unic) Sony Ericsson Device 3017 USB Ethernet Emulation SEMC3017 (WDM) -- C:\WINDOWS\system32\drivers\s3017unic.sys (MCCI Corporation)

DRV - (s3017obex) -- C:\WINDOWS\system32\drivers\s3017obex.sys (MCCI Corporation)

DRV - (s3017mgmt) Sony Ericsson Device 3017 USB WMC Device Management Drivers (WDM) -- C:\WINDOWS\system32\drivers\s3017mgmt.sys (MCCI Corporation)

DRV - (s3017nd5) Sony Ericsson Device 3017 USB Ethernet Emulation SEMC3017 (NDIS) -- C:\WINDOWS\system32\drivers\s3017nd5.sys (MCCI Corporation)

DRV - (s3017mdm) -- C:\WINDOWS\system32\drivers\s3017mdm.sys (MCCI Corporation)

DRV - (s3017mdfl) -- C:\WINDOWS\system32\drivers\s3017mdfl.sys (MCCI Corporation)

DRV - (s3017bus) Sony Ericsson Device 3017 driver (WDM) -- C:\WINDOWS\system32\drivers\s3017bus.sys (MCCI Corporation)

DRV - (hwdatacard) -- C:\WINDOWS\system32\drivers\ewusbmdm.sys (Huawei Technologies Co., Ltd.)

DRV - (CAMCHALA) -- C:\WINDOWS\system32\drivers\camchal.sys (Conexant Systems Inc.)

DRV - (CAMCAUD) -- C:\WINDOWS\system32\drivers\camcaud.sys (Conexant Systems Inc.)

DRV - (w29n51) Intel® -- C:\WINDOWS\system32\drivers\w29n51.sys (Intel® Corporation)

DRV - (BTWUSB) -- C:\WINDOWS\system32\drivers\btwusb.sys (WIDCOMM, Inc.)

DRV - (RTL8023xp) -- C:\WINDOWS\system32\drivers\Rtlnicxp.sys (Realtek Semiconductor Corporation )

DRV - (eabfiltr) -- C:\WINDOWS\system32\drivers\eabfiltr.sys (Hewlett-Packard Company)

DRV - (HSFHWICH) -- C:\WINDOWS\system32\drivers\HSFHWICH.sys (Conexant Systems, Inc.)

DRV - (winachsf) -- C:\WINDOWS\system32\drivers\HSF_CNXT.sys (Conexant Systems, Inc.)

DRV - (HSF_DP) -- C:\WINDOWS\system32\drivers\HSF_DP.sys (Conexant Systems, Inc.)

DRV - (SMCIRDA) -- C:\WINDOWS\system32\drivers\smcirda.sys (SMC)

 

 

========== Standard Registry (SafeList) ==========

 

 

========== Internet Explorer ==========

 

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm

 

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iesearch&locale=EN_AU&c=Q105&bd=pavilion&pf=laptop

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com/

IE - HKCU\..\URLSearchHook: {A3BC75A2-1F87-4686-AA43-5347D756017C} - Reg Error: Key error. File not found

IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

 

========== FireFox ==========

 

FF - prefs.js..browser.search.defaultenginename: "Yahoo! Search"

FF - prefs.js..browser.search.selectedEngine: "Google"

FF - prefs.js..browser.search.useDBForOrder: true

FF - prefs.js..browser.startup.homepage: "http://www.google.co.uk/"

FF - prefs.js..extensions.enabledItems: avg@igeared:3.011.025.005

FF - prefs.js..extensions.enabledItems: en-GB@dictionaries.addons.mozilla.org:1.19

FF - prefs.js..extensions.enabledItems: {9ee802e8-c931-47ab-b570-aa8f791598ca}:1.5.46.0

FF - prefs.js..extensions.enabledItems: {B13721C7-F507-4982-B2E5-502A71474FED}:2.2.0.102

FF - prefs.js..extensions.enabledItems: {AE93811A-5C9A-4d34-8462-F7B864FC4696}:3.64

FF - prefs.js..keyword.URL: "http://uk.yhs.search.yahoo.com/avg/search?fr=yhs-avg&type=yahoo_avg_hs2-tb-web_uk&p="

 

FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\WINDOWS\system32\Macromed\Flash\NPSWF32.dll ()

FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found

FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()

FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)

FF - HKLM\Software\MozillaPlugins\@real.com/nppl3260;version=12.0.1.633: C:\Program Files\Real\RealPlayer\Netscape6\nppl3260.dll (RealNetworks, Inc.)

FF - HKLM\Software\MozillaPlugins\@real.com/nprjplug;version=12.0.1.633: C:\Program Files\Real\RealPlayer\Netscape6\nprjplug.dll (RealNetworks, Inc.)

FF - HKLM\Software\MozillaPlugins\@real.com/nprphtml5videoshim;version=12.0.1.633: C:\Documents and Settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprphtml5videoshim.dll (RealNetworks, Inc.)

FF - HKLM\Software\MozillaPlugins\@real.com/nprpjplug;version=12.0.1.633: C:\Program Files\Real\RealPlayer\Netscape6\nprpjplug.dll (RealNetworks, Inc.)

FF - HKLM\Software\MozillaPlugins\@real.com/nsJSRealPlayerPlugin;version=: File not found

FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.57\npGoogleUpdate3.dll File not found

FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.57\npGoogleUpdate3.dll File not found

FF - HKLM\Software\MozillaPlugins\@videoegg.com/Publisher,version=1.5: C:\Documents and Settings\CAROLYN\Application Data\VideoEgg\Loader\4665\npvideoegg-loader.dll File not found

FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 9.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)

FF - HKCU\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\WINDOWS\system32\Macromed\Flash\NPSWF32.dll ()

FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Documents and Settings\CAROLYN\Local Settings\Application Data\Google\Update\1.3.21.57\npGoogleUpdate3.dll File not found

FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Documents and Settings\CAROLYN\Local Settings\Application Data\Google\Update\1.3.21.57\npGoogleUpdate3.dll File not found

FF - HKCU\Software\MozillaPlugins\@videoegg.com/Publisher,version=1.5: C:\Documents and Settings\CAROLYN\Application Data\VideoEgg\Loader\4665\npvideoegg-loader.dll File not found

 

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{ABDE892B-13A8-4d1b-88E6-365A6E755758}: C:\Documents and Settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\Firefox\Ext [2011/03/20 20:56:51 | 000,000,000 | ---D | M]

 

[2008/09/14 16:45:54 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\CAROLYN\Application Data\Mozilla\Extensions

[2010/09/08 11:37:44 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\CAROLYN\Application Data\Mozilla\Firefox\Profiles\vyech33j.default\extensions

[2008/10/16 18:53:35 | 000,000,000 | ---D | M] (eMusic Toolbar) -- C:\Documents and Settings\CAROLYN\Application Data\Mozilla\Firefox\Profiles\vyech33j.default\extensions\{9ee802e8-c931-47ab-b570-aa8f791598ca}

[2010/06/22 21:06:59 | 000,000,000 | ---D | M] ("StumbleUpon") -- C:\Documents and Settings\CAROLYN\Application Data\Mozilla\Firefox\Profiles\vyech33j.default\extensions\{AE93811A-5C9A-4d34-8462-F7B864FC4696}

[2008/06/18 11:26:47 | 000,000,000 | ---D | M] (British English Dictionary) -- C:\Documents and Settings\CAROLYN\Application Data\Mozilla\Firefox\Profiles\vyech33j.default\extensions\en-GB@dictionaries.addons.mozilla.org

[2008/06/03 20:20:28 | 000,000,000 | ---D | M] (ALOT eMusic Toolbar) -- C:\Documents and Settings\CAROLYN\Application Data\Mozilla\Firefox\Profiles\vyech33j.default\extensions\toolbar@alot.com

[2008/06/18 11:26:50 | 000,002,027 | ---- | M] () -- C:\Documents and Settings\CAROLYN\Application Data\Mozilla\Firefox\Profiles\vyech33j.default\searchplugins\alotcom.xml

[2010/11/08 00:39:42 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions

File not found (No name found) -- C:\PROGRAM FILES\AVG\AVG8\TOOLBAR\FIREFOX\AVG@IGEARED

[2009/06/22 10:48:16 | 000,115,552 | ---- | M] (Keynote Systems) -- C:\Program Files\mozilla firefox\components\FFConnectorLauncher.dll

[2009/06/22 10:48:18 | 000,239,968 | ---- | M] (Keynote Systems) -- C:\Program Files\mozilla firefox\components\FFSource.dll

 

O1 HOSTS File: ([2009/08/15 21:43:12 | 000,000,727 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts

O1 - Hosts: 127.0.0.1 localhost

O2 - BHO: (HP Print Enhancer) - {0347C33E-8762-4905-BF09-768834316C61} - C:\Program Files\HP\Smart Web Printing\hpswp_printenhancer.dll (Hewlett-Packard Co.)

O2 - BHO: (HP Print Clips) - {053F9267-DC04-4294-A72C-58F732D338C0} - C:\Program Files\HP\Smart Web Printing\hpswp_framework.dll (Hewlett-Packard Co.)

O2 - BHO: (RealPlayer Download and Record Plugin for Internet Explorer) - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Documents and Settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\IE\rpbrowserrecordplugin.dll (RealPlayer)

O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - No CLSID value found.

O2 - BHO: (Java Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - File not found

O3 - HKLM\..\Toolbar: (no name) - {BA52B914-B692-46c4-B683-905236F6F655} - No CLSID value found.

O3 - HKLM\..\Toolbar: (no name) - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - No CLSID value found.

O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - No CLSID value found.

O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {A057A204-BACC-4D26-9990-79A187E2698E} - No CLSID value found.

O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - No CLSID value found.

O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {D4027C7F-154A-4066-A1AD-4243D8127440} - No CLSID value found.

O4 - HKLM..\Run: [Cpqset] C:\Program Files\HPQ\Default Settings\Cpqset.exe ()

O4 - HKLM..\Run: [iMEKRMIG6.1] C:\WINDOWS\ime\imkr6_1\imekrmig.exe (Microsoft Corporation)

O4 - HKLM..\Run: [iMJPMIG8.1] C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE (Microsoft Corporation)

O4 - HKLM..\Run: [MSPY2002] C:\WINDOWS\System32\IME\PINTLGNT\ImScInst.exe ()

O4 - HKLM..\Run: [NielsenOnline] File not found

O4 - HKLM..\Run: [nvcpl] C:\Program Files\LeechLLC [2011/07/31 11:27:38 | 000,000,000 | -HSD | M]

O4 - HKLM..\Run: [pdfFactory Dispatcher v2] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\fppdis2a.exe (FinePrint Software, LLC)

O4 - HKLM..\Run: [PHIME2002A] C:\WINDOWS\System32\IME\TINTLGNT\TINTSETP.EXE (Microsoft Corporation)

O4 - HKLM..\Run: [PHIME2002ASync] C:\WINDOWS\System32\IME\TINTLGNT\TINTSETP.EXE (Microsoft Corporation)

O4 - HKLM..\Run: [PWRISOVM.EXE] C:\Program Files\PowerISO\PWRISOVM.EXE (PowerISO Computing, Inc.)

O4 - HKLM..\Run: [synTPLpr] C:\Program Files\Synaptics\SynTP\SynTPLpr.exe (Synaptics, Inc.)

O4 - HKLM..\Run: [TkBellExe] C:\Program Files\Real\RealPlayer\update\realsched.exe (RealNetworks, Inc.)

O4 - HKCU..\Run: [Google Update] File not found

O4 - HKCU..\Run: [wefi] File not found

O4 - HKLM..\RunOnce: [AvgUninstallURL] C:\WINDOWS\System32\cmd.exe (Microsoft Corporation)

O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Device Monitor LE.lnk = C:\Program Files\PIXELA\MediaBrowser LE\MBCameraMonitor.exe (PIXELA CORPORATION)

O4 - Startup: C:\Documents and Settings\CAROLYN\Start Menu\Programs\Startup\OpenOffice.org 3.3.lnk = C:\Program Files\OpenOffice.org 3\program\quickstart.exe ()

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0

O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145

O9 - Extra Button: HP Clipbook - {58ECB495-38F0-49cb-A538-10282ABF65E7} - C:\Program Files\HP\Smart Web Printing\hpswp_extensions.dll (Hewlett-Packard Co.)

O9 - Extra Button: HP Smart Select - {700259D7-1666-479a-93B1-3250410481E8} - C:\Program Files\HP\Smart Web Printing\hpswp_extensions.dll (Hewlett-Packard Co.)

O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\WINDOWS\system32\LSPTQE.DLL ()

O10 - NameSpace_Catalog5\Catalog_Entries\000000000005 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)

O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} http://fpdownload.macromedia.com/get/flashplayer/current/ultrashim.cab (Reg Error: Key error.)

O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object)

O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.)

O16 - DPF: {EF791A6B-FC12-4C68-99EF-FB9E207A39E6} http://download.mcafee.com/molbin/iss-loc/mcfscan/2,2,0,5257/mcfscan.cab (McFreeScan Class)

O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1

O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)

O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)

O20 - HKLM Winlogon: UserInit - (C:\Program Files\LeechLLC:mstorr.exe) - C:\Program Files\LeechLLC [2011/07/31 11:27:38 | 000,000,000 | -HSD | M]

O20 - Winlogon\Notify\efcccda: DllName - efcccda.dll - File not found

O20 - Winlogon\Notify\igfxcui: DllName - igfxsrvc.dll - C:\WINDOWS\System32\igfxsrvc.dll (Intel Corporation)

O24 - Desktop WallPaper: C:\Documents and Settings\CAROLYN\Local Settings\Application Data\Microsoft\Wallpaper1.bmp

O24 - Desktop BackupWallPaper: C:\Documents and Settings\CAROLYN\Local Settings\Application Data\Microsoft\Wallpaper1.bmp

O28 - HKLM ShellExecuteHooks: {E9383002-FC55-4330-B9C9-67E03BC5C840} - File not found

O30 - LSA: Authentication Packages - (C:\WINDOWS\system32\jkkji.dll) - File not found

O32 - HKLM CDRom: AutoRun - 1

O33 - MountPoints2\{7a24dedc-14ed-11e0-904c-0012f042f73f}\Shell\AutoRun\command - "" = H:\install.exe

O33 - MountPoints2\{8908303c-ba50-11dc-8bec-00c09f8c54a5}\Shell - "" = AutoRun

O33 - MountPoints2\{8908303c-ba50-11dc-8bec-00c09f8c54a5}\Shell\AutoRun - "" = Auto&Play

O33 - MountPoints2\{8908303c-ba50-11dc-8bec-00c09f8c54a5}\Shell\AutoRun\command - "" = E:\AutoRun.exe

O33 - MountPoints2\{8908303d-ba50-11dc-8bec-00c09f8c54a5}\Shell - "" = AutoRun

O33 - MountPoints2\{8908303d-ba50-11dc-8bec-00c09f8c54a5}\Shell\AutoRun - "" = Auto&Play

O33 - MountPoints2\{8908303d-ba50-11dc-8bec-00c09f8c54a5}\Shell\AutoRun\command - "" = F:\AutoRun.exe

O33 - MountPoints2\{f2969b04-ba3d-11dc-8be7-00c09f8c54a5}\Shell - "" = AutoRun

O33 - MountPoints2\{f2969b04-ba3d-11dc-8be7-00c09f8c54a5}\Shell\AutoRun - "" = Auto&Play

O33 - MountPoints2\{f2969b04-ba3d-11dc-8be7-00c09f8c54a5}\Shell\AutoRun\command - "" = F:\AutoRun.exe

O34 - HKLM BootExecute: (autocheck autochk *) - File not found

O35 - HKLM\..comfile [open] -- "%1" %*

O35 - HKLM\..exefile [open] -- "%1" %*

O37 - HKLM\...com [@ = comfile] -- "%1" %*

O37 - HKLM\...exe [@ = exefile] -- "%1" %*

 

========== Files/Folders - Created Within 30 Days ==========

 

[2011/08/05 12:08:53 | 000,579,584 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\CAROLYN\Desktop\OTL.exe

[2011/08/04 17:46:27 | 000,607,017 | R--- | C] (Swearware) -- C:\Documents and Settings\CAROLYN\Desktop\dds.com

[2011/07/31 10:59:35 | 000,222,080 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\MpSigStub.exe

[2011/07/30 20:04:27 | 000,116,224 | ---- | C] (Xerox) -- C:\WINDOWS\System32\dllcache\xrxwiadr.dll

[2011/07/30 20:04:18 | 000,023,040 | ---- | C] (Xerox Corporation) -- C:\WINDOWS\System32\dllcache\xrxwbtmp.dll

[2011/07/30 20:03:56 | 000,004,608 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\xrxflnch.exe

[2011/07/30 20:03:41 | 000,099,865 | ---- | C] (Eicon Technology) -- C:\WINDOWS\System32\dllcache\xlog.exe

[2011/07/30 20:03:30 | 000,016,970 | ---- | C] (US Robotics MCD (Megahertz)) -- C:\WINDOWS\System32\dllcache\xem336n5.sys

[2011/07/30 20:03:25 | 000,019,455 | ---- | C] (Intel® Corporation) -- C:\WINDOWS\System32\dllcache\wvchntxx.sys

[2011/07/30 20:03:15 | 000,019,200 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\wstcodec.sys

[2011/07/30 20:03:12 | 000,012,063 | ---- | C] (Intel® Corporation) -- C:\WINDOWS\System32\dllcache\wsiintxx.sys

[2011/07/30 20:01:12 | 000,154,624 | ---- | C] (Lucent Technologies) -- C:\WINDOWS\System32\dllcache\wlluc48.sys

[2011/07/30 20:01:01 | 000,034,890 | ---- | C] (Raytheon Corp.) -- C:\WINDOWS\System32\dllcache\wlandrv2.sys

[2011/07/30 20:00:41 | 000,771,581 | ---- | C] (Rockwell) -- C:\WINDOWS\System32\dllcache\winacisa.sys

[2011/07/30 20:00:22 | 000,053,760 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\wiamsmud.dll

[2011/07/30 20:00:13 | 000,087,040 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\wiafbdrv.dll

[2011/07/30 20:00:11 | 000,031,232 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\weitekp9.sys

[2011/07/30 20:00:10 | 000,041,600 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\weitekp9.dll

[2011/07/30 20:00:00 | 000,701,386 | ---- | C] (3Com Corporation) -- C:\WINDOWS\System32\dllcache\wdhaalba.sys

[2011/07/30 19:59:57 | 000,023,615 | ---- | C] (Intel® Corporation) -- C:\WINDOWS\System32\dllcache\wch7xxnt.sys

[2011/07/30 19:59:54 | 000,031,744 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\wceusbsh.sys

[2011/07/30 19:59:45 | 000,035,871 | ---- | C] (Winbond Electronics Corp.) -- C:\WINDOWS\System32\dllcache\wbfirdma.sys

[2011/07/30 19:59:35 | 000,033,599 | ---- | C] (Intel® Corporation) -- C:\WINDOWS\System32\dllcache\watv04nt.sys

[2011/07/30 19:59:32 | 000,019,551 | ---- | C] (Intel® Corporation) -- C:\WINDOWS\System32\dllcache\watv02nt.sys

[2011/07/30 19:59:29 | 000,029,311 | ---- | C] (Intel® Corporation) -- C:\WINDOWS\System32\dllcache\watv01nt.sys

[2011/07/30 19:59:25 | 000,011,775 | ---- | C] (Intel® Corporation) -- C:\WINDOWS\System32\dllcache\wadv05nt.sys

[2011/07/30 19:59:23 | 000,012,127 | ---- | C] (Intel® Corporation) -- C:\WINDOWS\System32\dllcache\wadv02nt.sys

[2011/07/30 19:59:20 | 000,012,415 | ---- | C] (Intel® Corporation) -- C:\WINDOWS\System32\dllcache\wadv01nt.sys

[2011/07/30 19:59:09 | 000,016,925 | ---- | C] (Winbond Electronics Corporation) -- C:\WINDOWS\System32\dllcache\w940nd.sys

[2011/07/30 19:59:00 | 000,019,016 | ---- | C] (Winbond Electronics Corporation) -- C:\WINDOWS\System32\dllcache\w926nd.sys

[2011/07/30 19:58:51 | 000,019,528 | ---- | C] (Winbond Electronics Corporation) -- C:\WINDOWS\System32\dllcache\w840nd.sys

[2011/07/30 19:58:50 | 000,048,256 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\w32.dll

[2011/07/30 19:58:41 | 000,064,605 | ---- | C] (PCtel, Inc.) -- C:\WINDOWS\System32\dllcache\vvoice.sys

[2011/07/30 19:58:29 | 000,397,502 | ---- | C] (PCtel, Inc.) -- C:\WINDOWS\System32\dllcache\vpctcom.sys

[2011/07/30 19:58:20 | 000,604,253 | ---- | C] (PCTEL, INC.) -- C:\WINDOWS\System32\dllcache\vmodem.sys

[2011/07/30 19:58:10 | 000,249,402 | ---- | C] (Xircom) -- C:\WINDOWS\System32\dllcache\vinwm.sys

[2011/07/30 19:58:01 | 000,024,576 | ---- | C] (VIA Technologies, Inc.) -- C:\WINDOWS\System32\dllcache\viairda.sys

[2011/07/30 19:57:54 | 000,053,760 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\vfwwdm32.dll

[2011/07/30 19:57:43 | 000,687,999 | ---- | C] (U.S. Robotics Corporation) -- C:\WINDOWS\System32\dllcache\usrwdxjs.sys

[2011/07/30 19:57:33 | 000,765,884 | ---- | C] (U.S. Robotics, Inc.) -- C:\WINDOWS\System32\dllcache\usrti.sys

[2011/07/30 19:57:23 | 000,113,762 | ---- | C] (U.S. Robotics Corporation) -- C:\WINDOWS\System32\dllcache\usrpda.sys

[2011/07/30 19:57:14 | 000,007,556 | ---- | C] (U.S. Robotics Corporation) -- C:\WINDOWS\System32\dllcache\usroslba.sys

[2011/07/30 19:57:02 | 000,224,802 | ---- | C] (U.S. Robotics Corporation) -- C:\WINDOWS\System32\dllcache\usr1807a.sys

[2011/07/30 19:56:53 | 000,794,399 | ---- | C] (U.S. Robotics, Inc.) -- C:\WINDOWS\System32\dllcache\usr1806v.sys

[2011/07/30 19:56:44 | 000,793,598 | ---- | C] (U.S. Robotics, Inc.) -- C:\WINDOWS\System32\dllcache\usr1806.sys

[2011/07/30 19:56:35 | 000,794,654 | ---- | C] (U.S. Robotics, Inc.) -- C:\WINDOWS\System32\dllcache\usr1801.sys

[2011/07/30 19:56:30 | 000,026,112 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\usbser.sys

[2011/07/30 19:56:27 | 000,017,152 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\usbohci.sys

[2011/07/30 19:56:23 | 000,060,032 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\usbaudio.sys

[2011/07/30 19:56:19 | 000,032,384 | ---- | C] (KLSI USA, Inc.) -- C:\WINDOWS\System32\dllcache\usb101et.sys

[2011/07/30 19:56:06 | 000,094,720 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\umaxud32.dll

[2011/07/30 19:55:57 | 000,028,160 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\umaxu40.dll

[2011/07/30 19:55:48 | 000,026,624 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\umaxu22.dll

[2011/07/30 19:55:39 | 000,069,632 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\umaxu12.dll

[2011/07/30 19:55:30 | 000,050,688 | ---- | C] (UMAX DATA SYSTEMS INC.) -- C:\WINDOWS\System32\dllcache\umaxscan.dll

[2011/07/30 19:55:21 | 000,022,912 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\umaxpcls.sys

[2011/07/30 19:55:12 | 000,050,176 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\umaxp60.dll

[2011/07/30 19:55:03 | 000,047,616 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\umaxcam.dll

[2011/07/30 19:54:54 | 000,211,968 | ---- | C] (UMAX Data Systems Inc.) -- C:\WINDOWS\System32\dllcache\um54scan.dll

[2011/07/30 19:54:45 | 000,216,064 | ---- | C] (UMAX Data Systems Inc.) -- C:\WINDOWS\System32\dllcache\um34scan.dll

[2011/07/30 19:54:36 | 000,036,736 | ---- | C] (Promise Technology, Inc.) -- C:\WINDOWS\System32\dllcache\ultra.sys

[2011/07/30 19:54:25 | 000,011,520 | ---- | C] (IBM Corporation) -- C:\WINDOWS\System32\dllcache\twotrack.sys

[2011/07/30 19:54:23 | 000,014,336 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\tsprof.exe

[2011/07/30 19:54:12 | 000,166,784 | ---- | C] (Trident Microsystems Inc.) -- C:\WINDOWS\System32\dllcache\tridxpm.sys

[2011/07/30 19:54:03 | 000,525,568 | ---- | C] (Trident Microsystems Inc.) -- C:\WINDOWS\System32\dllcache\tridxp.dll

[2011/07/30 19:53:54 | 000,159,232 | ---- | C] (Trident Microsystems Inc.) -- C:\WINDOWS\System32\dllcache\tridkbm.sys

[2011/07/30 19:53:45 | 000,440,576 | ---- | C] (Trident Microsystems Inc.) -- C:\WINDOWS\System32\dllcache\tridkb.dll

[2011/07/30 19:53:36 | 000,222,336 | ---- | C] (Trident Microsystems Inc.) -- C:\WINDOWS\System32\dllcache\trid3dm.sys

[2011/07/30 19:53:27 | 000,315,520 | ---- | C] (Trident Microsystems Inc.) -- C:\WINDOWS\System32\dllcache\trid3d.dll

[2011/07/30 19:53:17 | 000,034,375 | ---- | C] (Intel Corporation) -- C:\WINDOWS\System32\dllcache\tpro4.sys

[2011/07/30 19:53:08 | 000,042,496 | ---- | C] (IBM Corporation) -- C:\WINDOWS\System32\dllcache\tp4res.dll

[2011/07/30 19:53:06 | 000,082,944 | ---- | C] (IBM Corporation) -- C:\WINDOWS\System32\dllcache\tp4mon.exe

[2011/07/30 19:52:56 | 000,031,744 | ---- | C] (IBM Corporation) -- C:\WINDOWS\System32\dllcache\tp4.dll

[2011/07/30 19:52:46 | 000,004,992 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\toside.sys

[2011/07/30 19:52:37 | 000,230,912 | ---- | C] (Toshiba Corporation) -- C:\WINDOWS\System32\dllcache\tosdvd03.sys

[2011/07/30 19:52:28 | 000,241,664 | ---- | C] (Toshiba Corporation) -- C:\WINDOWS\System32\dllcache\tosdvd02.sys

[2011/07/30 19:52:19 | 000,028,232 | ---- | C] (TOSHIBA Corporation) -- C:\WINDOWS\System32\dllcache\tos4mo.sys

[2011/07/30 19:52:10 | 000,123,995 | ---- | C] (Tiger Jet Network) -- C:\WINDOWS\System32\dllcache\tjisdn.sys

[2011/07/30 19:51:59 | 000,138,528 | ---- | C] (Trident Microsystems Inc.) -- C:\WINDOWS\System32\dllcache\tgiulnt5.sys

[2011/07/30 19:51:50 | 000,081,408 | ---- | C] (Trident Microsystems Inc.) -- C:\WINDOWS\System32\dllcache\tgiul50.dll

[2011/07/30 19:51:48 | 000,149,376 | ---- | C] (M-Systems) -- C:\WINDOWS\System32\dllcache\tffsport.sys

[2011/07/30 19:51:46 | 000,019,464 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\tdspx.sys

[2011/07/30 19:51:37 | 000,017,129 | ---- | C] (TDK Corporation) -- C:\WINDOWS\System32\dllcache\tdkcd31.sys

[2011/07/30 19:51:29 | 000,037,961 | ---- | C] (TDK Corporation) -- C:\WINDOWS\System32\dllcache\tdk100b.sys

[2011/07/30 19:51:28 | 000,021,896 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\tdipx.sys

[2011/07/30 19:51:27 | 000,013,192 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\tdasync.sys

[2011/07/30 19:51:17 | 000,030,464 | ---- | C] (Toshiba Corporation) -- C:\WINDOWS\System32\dllcache\tbatm155.sys

[2011/07/30 19:51:07 | 000,007,040 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\tandqic.sys

[2011/07/30 19:50:58 | 000,036,640 | ---- | C] (Number Nine Visual Technology Corp.) -- C:\WINDOWS\System32\dllcache\t2r4mini.sys

[2011/07/30 19:50:49 | 000,172,768 | ---- | C] (Number Nine Visual Technology) -- C:\WINDOWS\System32\dllcache\t2r4disp.dll

[2011/07/30 19:50:36 | 000,032,640 | ---- | C] (LSI Logic) -- C:\WINDOWS\System32\dllcache\symc8xx.sys

[2011/07/30 19:50:28 | 000,016,256 | ---- | C] (Symbios Logic Inc.) -- C:\WINDOWS\System32\dllcache\symc810.sys

[2011/07/30 19:50:20 | 000,030,688 | ---- | C] (LSI Logic) -- C:\WINDOWS\System32\dllcache\sym_u3.sys

[2011/07/30 19:50:11 | 000,028,384 | ---- | C] (LSI Logic) -- C:\WINDOWS\System32\dllcache\sym_hi.sys

[2011/07/30 19:50:03 | 000,094,293 | ---- | C] (Perle Systems Ltd. ) -- C:\WINDOWS\System32\dllcache\sxports.dll

[2011/07/30 19:49:55 | 000,103,936 | ---- | C] (Perle Systems Ltd. ) -- C:\WINDOWS\System32\dllcache\sx.sys

[2011/07/30 19:49:47 | 000,003,968 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\swusbflt.sys

[2011/07/30 19:49:39 | 000,010,240 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\swpidflt.dll

[2011/07/30 19:49:31 | 000,010,240 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\swpdflt2.dll

[2011/07/30 19:49:22 | 000,053,760 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\sw_wheel.dll

[2011/07/30 19:49:14 | 000,041,472 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\sw_effct.dll

[2011/07/30 19:49:11 | 000,015,232 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\streamip.sys

[2011/07/30 19:49:02 | 000,155,648 | ---- | C] (Stallion Technologies) -- C:\WINDOWS\System32\dllcache\stlnprop.dll

[2011/07/30 19:48:54 | 000,053,248 | ---- | C] (Stallion Technologies) -- C:\WINDOWS\System32\dllcache\stlncoin.dll

[2011/07/30 19:48:46 | 000,285,760 | ---- | C] (Stallion Technologies) -- C:\WINDOWS\System32\dllcache\stlnata.sys

[2011/07/30 19:48:37 | 000,016,896 | ---- | C] (SCM Microsystems, Inc.) -- C:\WINDOWS\System32\dllcache\stcusb.sys

[2011/07/30 19:48:24 | 000,048,736 | ---- | C] (3Com) -- C:\WINDOWS\System32\dllcache\srwlnd5.sys

[2011/07/30 19:48:15 | 000,099,328 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\srusd.dll

[2011/07/30 19:48:14 | 000,101,376 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\srusbusd.dll

[2011/07/30 19:48:01 | 000,024,660 | ---- | C] (Perle Systems Ltd.) -- C:\WINDOWS\System32\dllcache\spxupchk.dll

[2011/07/30 19:47:50 | 000,061,824 | ---- | C] (Perle Systems Ltd.) -- C:\WINDOWS\System32\dllcache\speed.sys

[2011/07/30 19:47:42 | 000,106,584 | ---- | C] (Perle Systems Ltd.) -- C:\WINDOWS\System32\dllcache\spdports.dll

[2011/07/30 19:47:34 | 000,019,072 | ---- | C] (Adaptec, Inc.) -- C:\WINDOWS\System32\dllcache\sparrow.sys

[2011/07/30 19:47:24 | 000,007,552 | ---- | C] (Sony Corporation) -- C:\WINDOWS\System32\dllcache\sonypvu1.sys

[2011/07/30 19:47:16 | 000,037,040 | ---- | C] (Sony Corporation) -- C:\WINDOWS\System32\dllcache\sonypi.sys

[2011/07/30 19:47:08 | 000,114,688 | ---- | C] (Sony Corporation) -- C:\WINDOWS\System32\dllcache\sonypi.dll

[2011/07/30 19:47:01 | 000,020,752 | ---- | C] (Sony Corporation) -- C:\WINDOWS\System32\dllcache\sonync.sys

[2011/07/30 19:46:52 | 000,009,600 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\sonymc.sys

[2011/07/30 19:46:49 | 000,007,552 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\sonyait.sys

[2011/07/30 19:46:41 | 000,007,040 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\snyaitmc.sys

[2011/07/30 19:46:40 | 000,007,168 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\EXCH_snprfdll.dll

[2011/07/30 19:46:39 | 000,010,240 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\snmpstup.dll

[2011/07/30 19:46:33 | 000,012,288 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\EXCH_smtpctrs.dll

[2011/07/30 19:46:32 | 000,005,632 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\smimsgif.dll

[2011/07/30 19:46:24 | 000,058,368 | ---- | C] (Silicon Motion Inc.) -- C:\WINDOWS\System32\dllcache\smiminib.sys

[2011/07/30 19:46:23 | 000,015,872 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\smierrsm.dll

[2011/07/30 19:46:23 | 000,005,632 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\smierrsy.dll

[2011/07/30 19:46:15 | 000,147,200 | ---- | C] (Silicon Motion Inc.) -- C:\WINDOWS\System32\dllcache\smidispb.dll

[2011/07/30 19:45:49 | 000,025,034 | ---- | C] (SMC Networks, Inc.) -- C:\WINDOWS\System32\dllcache\smcpwr2n.sys

[2011/07/30 19:45:41 | 000,024,576 | ---- | C] (SMC Networks, Inc.) -- C:\WINDOWS\System32\dllcache\smc8000n.sys

[2011/07/30 19:45:33 | 000,006,784 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\smbhc.sys

[2011/07/30 19:45:30 | 000,006,912 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\smbclass.sys

[2011/07/30 19:45:27 | 000,031,744 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\smb6w.dll

[2011/07/30 19:45:27 | 000,016,000 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\smbbatt.sys

[2011/07/30 19:45:19 | 000,045,568 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\smb3w.dll

[2011/07/30 19:45:11 | 000,033,792 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\smb0w.dll

[2011/07/30 19:45:10 | 000,031,744 | ---- | C] (Microsoft Corporation) -- C:\W

Link to comment
Share on other sites

Hi there Conspire

 

Oops, you'l have to excuse me, I'm a bit of a luddite. Please find the Gmer and security check logs below.

 

Thank again, your help is much appreciated!

 

Kind regards

 

Gemma

 

 

 

GMER 1.0.15.15641 - http://www.gmer.net

 

Rootkit scan 2011-08-05 14:56:47

 

Windows 5.1.2600 Service Pack 3

 

Running: main mirror.exe; Driver: C:\DOCUME~1\CAROLYN\LOCALS~1\Temp\pxtdapow.sys

 

 

 

---- User code sections - GMER 1.0.15 ----

 

.text C:\Program Files\Internet Explorer\iexplore.exe[216] USER32.dll!DialogBoxParamW 7E4247AB 5 Bytes JMP 3E1DF4B9 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)

 

.text C:\Program Files\Internet Explorer\iexplore.exe[216] USER32.dll!DialogBoxIndirectParamW 7E432072 5 Bytes JMP 3E35277E C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)

 

.text C:\Program Files\Internet Explorer\iexplore.exe[216] USER32.dll!MessageBoxIndirectA 7E43A082 5 Bytes JMP 3E3526FF C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)

 

.text C:\Program Files\Internet Explorer\iexplore.exe[216] USER32.dll!DialogBoxParamA 7E43B144 5 Bytes JMP 3E352743 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)

 

.text C:\Program Files\Internet Explorer\iexplore.exe[216] USER32.dll!MessageBoxExW 7E450838 5 Bytes JMP 3E35268B C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)

 

.text C:\Program Files\Internet Explorer\iexplore.exe[216] USER32.dll!MessageBoxExA 7E45085C 5 Bytes JMP 3E3526C5 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)

 

.text C:\Program Files\Internet Explorer\iexplore.exe[216] USER32.dll!DialogBoxIndirectParamA 7E456D7D 5 Bytes JMP 3E3527B9 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)

 

.text C:\Program Files\Internet Explorer\iexplore.exe[216] USER32.dll!MessageBoxIndirectW 7E4664D5 5 Bytes JMP 3E201762 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)

 

.text C:\Program Files\Internet Explorer\iexplore.exe[216] ole32.dll!OleLoadFromStream 7752981B 5 Bytes JMP 3E352994 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)

 

.text C:\Program Files\Real\RealPlayer\update\realsched.exe[1248] kernel32.dll!SetUnhandledExceptionFilter 7C84495D 5 Bytes [33, C0, C2, 04, 00] {XOR EAX, EAX; RET 0x4}

 

---- Devices - GMER 1.0.15 ----

 

AttachedDevice \Driver\Kbdclass \Device\KeyboardClass0 SynTP.sys (Synaptics Touchpad Driver/Synaptics, Inc.)

 

AttachedDevice \Driver\Kbdclass \Device\KeyboardClass0 EABFiltr.sys (QLB PS/2 Keyboard filter driver/Hewlett-Packard Company)

 

AttachedDevice \Driver\Kbdclass \Device\KeyboardClass1 SynTP.sys (Synaptics Touchpad Driver/Synaptics, Inc.)

 

AttachedDevice \Driver\Kbdclass \Device\KeyboardClass1 EABFiltr.sys (QLB PS/2 Keyboard filter driver/Hewlett-Packard Company)

 

---- EOF - GMER 1.0.15 ----

 

 

 

Results of screen317's Security Check version 0.99.18

Windows XP Service Pack 3 (UAC is disabled!)

Internet Explorer 7 Out of date!

``````````````````````````````

Antivirus/Firewall Check:

Windows Firewall Enabled!

```````````````````````````````

Anti-malware/Other Utilities Check:

HijackThis 2.0.2

Flash Player Out of Date!

Adobe Flash Player 10.0.42.34

````````````````````````````````

Process Check:

objlist.exe by Laurent

``````````End of Log````````````

Link to comment
Share on other sites

No worries :)

 

Please read through these instructions to familarize yourself with what to expect when this tool runs

 

Refer to the ComboFix User's Guide

 

Download ComboFix from one of these locations:

 

Link 1

Link 2

 

 

* IMPORTANT !!! Save ComboFix.exe to your Desktop

 

  • Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools. Note: If you are having difficulty properly disabling your protective programs, or are unsure as to what programs need to be disabled, please refer to the information available through this link : How to Disable your Security Programs

     

    **********************************************

  • Double click on ComboFix.exe & follow the prompts.

  • As part of it's process, ComboFix will check to see if the Microsoft Windows Recovery Console is installed. With malware infections being as they are today, it's strongly recommended to have this pre-installed on your machine before doing any malware removal. It will allow you to boot up into a special recovery/repair mode that will allow us to more easily help you should your computer have a problem after an attempted removal of malware.

  • Follow the prompts to allow ComboFix to download and install the Microsoft Windows Recovery Console, and when prompted, agree to the End-User License Agreement to install the Microsoft Windows Recovery Console.

**Please note: If the Microsoft Windows Recovery Console is already installed, ComboFix will continue it's malware removal procedures.

 

Posted Image

Once the Microsoft Windows Recovery Console is installed using ComboFix, you should see the following message:

 

Posted Image

 

Click on Yes, to continue scanning for malware.

 

When finished, it shall produce a log for you. Please include the C:\ComboFix.txt in your next reply.

 

Notes:

 

1.Do not mouse-click Combofix's window while it is running. That may cause it to stall.

2. ComboFix may reset a number of Internet Explorer's settings, including making I-E the default browser.

3. Combofix prevents autorun of ALL CD, floppy and USB devices to assist with malware removal & increase security. If this is an issue or makes it difficult for you -- please tell your helper.

4. CF disconnects your machine from the internet. The connection is automatically restored before CF completes its run. If CF runs into difficulty and terminates prematurely, the connection can be manually restored by restarting your machine.

Link to comment
Share on other sites

Hello again,

My laptop is having difficulties with combofix. I left it running for about an hour and a half and all it does is crash. It gets as far as the blue DOS window that tells me how long to exect it to take. Once again, I think my laptop is just too old and slow to handle the software.

 

Do you know of any alternatives?

 

Thanks again

 

Gemma

Link to comment
Share on other sites

We can try running it in Safe Mode. Let me know again if it doesn't work.

 

Reboot your computer in Safe Mode

  • If the computer is running, shut down Windows, and then turn off the power.
  • Wait 30 seconds, and then turn the computer on.
  • Start tapping the F8 key. The Windows Advanced Options Menu appears. If you begin tapping the F8 key too soon, some computers display a "keyboard error" message. To resolve this, restart the computer and try again.
  • Ensure that the Safe Mode option is selected.
  • Press Enter. The computer then begins to start in Safe mode.
  • Login on your usual account.
Tutorial if you need it How to boot into Safemode
Link to comment
Share on other sites

Don't lose hope just yet. :)

 

Run OTL.exe

  • Copy/paste the following text written inside of the code box into the Custom Scans/Fixes box located at the bottom of OTL

     

    :OTL
    O20 - HKLM Winlogon: UserInit - (C:\Program Files\LeechLLC:mstorr.exe) - C:\Program Files\LeechLLC [2011/07/31 11:27:38 | 000,000,000 | -HSD | M]
    O20 - Winlogon\Notify\efcccda: DllName - efcccda.dll - File not found
    O30 - LSA: Authentication Packages - (C:\WINDOWS\system32\jkkji.dll) - File not found
    
    :Commands
    [REBOOT]
    [CREATERESTOREPOINT]
    
  • Then click the Run Fix button at the top
  • Let the program run unhindered, reboot when it is done
  • Then post Fix OTL log as well as a new OTL log by rerunning it after reboot.
Link to comment
Share on other sites

Hi there

 

I did this but no Fix OTL log popped up. The new OTL log can be found below. Do you still need the Fix OTL log? If so, would you mind telling me how to find this?

 

Thanks again Conspire!

OTL logfile created on: 7/08/2011 5:52:35 p.m. - Run 2

 

OTL by OldTimer - Version 3.2.26.1 Folder = C:\Documents and Settings\CAROLYN\Desktop

 

Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation

 

Internet Explorer (Version = 7.0.5730.13)

 

Locale: 00001409 | Country: New Zealand | Language: ENZ | Date Format: d/MM/yyyy

 

 

 

1.22 Gb Total Physical Memory | 0.67 Gb Available Physical Memory | 55.19% Memory free

 

1.41 Gb Paging File | 1.04 Gb Available in Paging File | 74.26% Paging File free

 

Paging file location(s): C:\pagefile.sys 336 672 [binary data]

 

 

 

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files

 

Drive C: | 37.05 Gb Total Space | 9.83 Gb Free Space | 26.54% Space Free | Partition Type: NTFS

 

 

 

Computer Name: DKC | User Name: CAROLYN | Logged in as Administrator.

 

Boot Mode: Normal | Scan Mode: Current user

 

Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

 

 

 

========== Processes (SafeList) ==========

 

 

 

PRC - C:\Documents and Settings\CAROLYN\Desktop\OTL.exe (OldTimer Tools)

 

PRC - C:\Program Files\Real\RealPlayer\Update\realsched.exe (RealNetworks, Inc.)

 

PRC - C:\Program Files\OpenOffice.org 3\program\soffice.exe (OpenOffice.org)

 

PRC - C:\Program Files\OpenOffice.org 3\program\soffice.bin (OpenOffice.org)

 

PRC - C:\Program Files\PIXELA\MediaBrowser LE\MBCameraMonitor.exe (PIXELA CORPORATION)

 

PRC - C:\WINDOWS\explorer.exe (Microsoft Corporation)

 

PRC - C:\Program Files\PowerISO\PWRISOVM.EXE (PowerISO Computing, Inc.)

 

PRC - C:\WINDOWS\system32\spool\drivers\w32x86\3\fppdis2a.exe (FinePrint Software, LLC)

 

PRC - C:\Program Files\Synaptics\SynTP\SynTPLpr.exe (Synaptics, Inc.)

 

 

 

 

 

========== Modules (SafeList) ==========

 

 

 

MOD - C:\Documents and Settings\CAROLYN\Desktop\OTL.exe (OldTimer Tools)

 

MOD - C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.6028_x-ww_61e65202\comctl32.dll (Microsoft Corporation)

 

MOD - C:\WINDOWS\system32\SynTPFcs.dll (Synaptics, Inc.)

 

 

 

 

 

========== Win32 Services (SafeList) ==========

 

 

 

SRV - (wuauserv) -- File not found

 

SRV - (PEVSystemStart) -- File not found

 

SRV - (McTskshd.exe) -- File not found

 

SRV - (McDetect.exe) -- File not found

 

SRV - (gupdatem) Google Update Service (gupdatem) -- File not found

 

SRV - (gupdate) Google Update Service (gupdate) -- File not found

 

SRV - (bmwebcfg) -- File not found

 

SRV - (AppMgmt) -- File not found

 

SRV - (FLEXnet Licensing Service) -- C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe (Macrovision Europe Ltd.)

 

SRV - (ServiceLayer) -- C:\Program Files\PC Connectivity Solution\ServiceLayer.exe (Nokia.)

 

 

 

 

 

========== Driver Services (SafeList) ==========

 

 

 

DRV - (mf) -- C:\WINDOWS\system32\drivers\mf.sys (Microsoft Corporation)

 

DRV - (SCDEmu) -- C:\WINDOWS\System32\drivers\scdemu.sys (PowerISO Computing, Inc.)

 

DRV - (s3017unic) Sony Ericsson Device 3017 USB Ethernet Emulation SEMC3017 (WDM) -- C:\WINDOWS\system32\drivers\s3017unic.sys (MCCI Corporation)

 

DRV - (s3017obex) -- C:\WINDOWS\system32\drivers\s3017obex.sys (MCCI Corporation)

 

DRV - (s3017mgmt) Sony Ericsson Device 3017 USB WMC Device Management Drivers (WDM) -- C:\WINDOWS\system32\drivers\s3017mgmt.sys (MCCI Corporation)

 

DRV - (s3017nd5) Sony Ericsson Device 3017 USB Ethernet Emulation SEMC3017 (NDIS) -- C:\WINDOWS\system32\drivers\s3017nd5.sys (MCCI Corporation)

 

DRV - (s3017mdm) -- C:\WINDOWS\system32\drivers\s3017mdm.sys (MCCI Corporation)

 

DRV - (s3017mdfl) -- C:\WINDOWS\system32\drivers\s3017mdfl.sys (MCCI Corporation)

 

DRV - (s3017bus) Sony Ericsson Device 3017 driver (WDM) -- C:\WINDOWS\system32\drivers\s3017bus.sys (MCCI Corporation)

 

DRV - (hwdatacard) -- C:\WINDOWS\system32\drivers\ewusbmdm.sys (Huawei Technologies Co., Ltd.)

 

DRV - (CAMCHALA) -- C:\WINDOWS\system32\drivers\camchal.sys (Conexant Systems Inc.)

 

DRV - (CAMCAUD) -- C:\WINDOWS\system32\drivers\camcaud.sys (Conexant Systems Inc.)

 

DRV - (w29n51) Intel® -- C:\WINDOWS\system32\drivers\w29n51.sys (Intel® Corporation)

 

DRV - (BTWUSB) -- C:\WINDOWS\system32\drivers\btwusb.sys (WIDCOMM, Inc.)

 

DRV - (RTL8023xp) -- C:\WINDOWS\system32\drivers\Rtlnicxp.sys (Realtek Semiconductor Corporation )

 

DRV - (eabfiltr) -- C:\WINDOWS\system32\drivers\eabfiltr.sys (Hewlett-Packard Company)

 

DRV - (HSFHWICH) -- C:\WINDOWS\system32\drivers\HSFHWICH.sys (Conexant Systems, Inc.)

 

DRV - (winachsf) -- C:\WINDOWS\system32\drivers\HSF_CNXT.sys (Conexant Systems, Inc.)

 

DRV - (HSF_DP) -- C:\WINDOWS\system32\drivers\HSF_DP.sys (Conexant Systems, Inc.)

 

DRV - (SMCIRDA) -- C:\WINDOWS\system32\drivers\smcirda.sys (SMC)

 

 

 

 

 

========== Standard Registry (SafeList) ==========

 

 

 

 

 

========== Internet Explorer ==========

 

 

 

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm

 

 

 

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iesearch&locale=EN_AU&c=Q105&bd=pavilion&pf=laptop

 

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com/

 

IE - HKCU\..\URLSearchHook: {A3BC75A2-1F87-4686-AA43-5347D756017C} - Reg Error: Key error. File not found

 

IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

 

IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

 

 

 

========== FireFox ==========

 

 

 

FF - prefs.js..browser.search.defaultenginename: "Yahoo! Search"

 

FF - prefs.js..browser.search.selectedEngine: "Google"

 

FF - prefs.js..browser.search.useDBForOrder: true

 

FF - prefs.js..browser.startup.homepage: "http://www.google.co.uk/"

 

FF - prefs.js..extensions.enabledItems: avg@igeared:3.011.025.005

 

FF - prefs.js..extensions.enabledItems: en-GB@dictionaries.addons.mozilla.org:1.19

 

FF - prefs.js..extensions.enabledItems: {9ee802e8-c931-47ab-b570-aa8f791598ca}:1.5.46.0

 

FF - prefs.js..extensions.enabledItems: {B13721C7-F507-4982-B2E5-502A71474FED}:2.2.0.102

 

FF - prefs.js..extensions.enabledItems: {AE93811A-5C9A-4d34-8462-F7B864FC4696}:3.64

 

FF - prefs.js..keyword.URL: "http://uk.yhs.search.yahoo.com/avg/search?fr=yhs-avg&type=yahoo_avg_hs2-tb-web_uk&p="

 

 

 

FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\WINDOWS\system32\Macromed\Flash\NPSWF32.dll ()

 

FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found

 

FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()

 

FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)

 

FF - HKLM\Software\MozillaPlugins\@real.com/nppl3260;version=12.0.1.633: C:\Program Files\Real\RealPlayer\Netscape6\nppl3260.dll (RealNetworks, Inc.)

 

FF - HKLM\Software\MozillaPlugins\@real.com/nprjplug;version=12.0.1.633: C:\Program Files\Real\RealPlayer\Netscape6\nprjplug.dll (RealNetworks, Inc.)

 

FF - HKLM\Software\MozillaPlugins\@real.com/nprphtml5videoshim;version=12.0.1.633: C:\Documents and Settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprphtml5videoshim.dll (RealNetworks, Inc.)

 

FF - HKLM\Software\MozillaPlugins\@real.com/nprpjplug;version=12.0.1.633: C:\Program Files\Real\RealPlayer\Netscape6\nprpjplug.dll (RealNetworks, Inc.)

 

FF - HKLM\Software\MozillaPlugins\@real.com/nsJSRealPlayerPlugin;version=: File not found

 

FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.57\npGoogleUpdate3.dll File not found

 

FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.57\npGoogleUpdate3.dll File not found

 

FF - HKLM\Software\MozillaPlugins\@videoegg.com/Publisher,version=1.5: C:\Documents and Settings\CAROLYN\Application Data\VideoEgg\Loader\4665\npvideoegg-loader.dll File not found

 

FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 9.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)

 

FF - HKCU\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\WINDOWS\system32\Macromed\Flash\NPSWF32.dll ()

 

FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Documents and Settings\CAROLYN\Local Settings\Application Data\Google\Update\1.3.21.57\npGoogleUpdate3.dll File not found

 

FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Documents and Settings\CAROLYN\Local Settings\Application Data\Google\Update\1.3.21.57\npGoogleUpdate3.dll File not found

 

FF - HKCU\Software\MozillaPlugins\@videoegg.com/Publisher,version=1.5: C:\Documents and Settings\CAROLYN\Application Data\VideoEgg\Loader\4665\npvideoegg-loader.dll File not found

 

 

 

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{ABDE892B-13A8-4d1b-88E6-365A6E755758}: C:\Documents and Settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\Firefox\Ext [2011/03/20 20:56:51 | 000,000,000 | ---D | M]

 

 

 

[2008/09/14 16:45:54 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\CAROLYN\Application Data\Mozilla\Extensions

 

[2010/09/08 11:37:44 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\CAROLYN\Application Data\Mozilla\Firefox\Profiles\vyech33j.default\extensions

 

[2008/10/16 18:53:35 | 000,000,000 | ---D | M] (eMusic Toolbar) -- C:\Documents and Settings\CAROLYN\Application Data\Mozilla\Firefox\Profiles\vyech33j.default\extensions\{9ee802e8-c931-47ab-b570-aa8f791598ca}

 

[2010/06/22 21:06:59 | 000,000,000 | ---D | M] ("StumbleUpon") -- C:\Documents and Settings\CAROLYN\Application Data\Mozilla\Firefox\Profiles\vyech33j.default\extensions\{AE93811A-5C9A-4d34-8462-F7B864FC4696}

 

[2008/06/18 11:26:47 | 000,000,000 | ---D | M] (British English Dictionary) -- C:\Documents and Settings\CAROLYN\Application Data\Mozilla\Firefox\Profiles\vyech33j.default\extensions\en-GB@dictionaries.addons.mozilla.org

 

[2008/06/03 20:20:28 | 000,000,000 | ---D | M] (ALOT eMusic Toolbar) -- C:\Documents and Settings\CAROLYN\Application Data\Mozilla\Firefox\Profiles\vyech33j.default\extensions\toolbar@alot.com

 

[2008/06/18 11:26:50 | 000,002,027 | ---- | M] () -- C:\Documents and Settings\CAROLYN\Application Data\Mozilla\Firefox\Profiles\vyech33j.default\searchplugins\alotcom.xml

 

[2010/11/08 00:39:42 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions

 

File not found (No name found) -- C:\PROGRAM FILES\AVG\AVG8\TOOLBAR\FIREFOX\AVG@IGEARED

 

[2009/06/22 10:48:16 | 000,115,552 | ---- | M] (Keynote Systems) -- C:\Program Files\mozilla firefox\components\FFConnectorLauncher.dll

 

[2009/06/22 10:48:18 | 000,239,968 | ---- | M] (Keynote Systems) -- C:\Program Files\mozilla firefox\components\FFSource.dll

 

 

 

O1 HOSTS File: ([2009/08/15 21:43:12 | 000,000,727 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts

 

O1 - Hosts: 127.0.0.1 localhost

 

O2 - BHO: (HP Print Enhancer) - {0347C33E-8762-4905-BF09-768834316C61} - C:\Program Files\HP\Smart Web Printing\hpswp_printenhancer.dll (Hewlett-Packard Co.)

 

O2 - BHO: (HP Print Clips) - {053F9267-DC04-4294-A72C-58F732D338C0} - C:\Program Files\HP\Smart Web Printing\hpswp_framework.dll (Hewlett-Packard Co.)

 

O2 - BHO: (RealPlayer Download and Record Plugin for Internet Explorer) - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Documents and Settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\IE\rpbrowserrecordplugin.dll (RealPlayer)

 

O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - No CLSID value found.

 

O2 - BHO: (Java Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - File not found

 

O3 - HKLM\..\Toolbar: (no name) - {BA52B914-B692-46c4-B683-905236F6F655} - No CLSID value found.

 

O3 - HKLM\..\Toolbar: (no name) - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - No CLSID value found.

 

O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - No CLSID value found.

 

O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {A057A204-BACC-4D26-9990-79A187E2698E} - No CLSID value found.

 

O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - No CLSID value found.

 

O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {D4027C7F-154A-4066-A1AD-4243D8127440} - No CLSID value found.

 

O4 - HKLM..\Run: [Cpqset] C:\Program Files\HPQ\Default Settings\Cpqset.exe ()

 

O4 - HKLM..\Run: [iMEKRMIG6.1] C:\WINDOWS\ime\imkr6_1\imekrmig.exe (Microsoft Corporation)

 

O4 - HKLM..\Run: [iMJPMIG8.1] C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE (Microsoft Corporation)

 

O4 - HKLM..\Run: [MSPY2002] C:\WINDOWS\System32\IME\PINTLGNT\ImScInst.exe ()

 

O4 - HKLM..\Run: [NielsenOnline] File not found

 

O4 - HKLM..\Run: [nvcpl] File not found

 

O4 - HKLM..\Run: [pdfFactory Dispatcher v2] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\fppdis2a.exe (FinePrint Software, LLC)

 

O4 - HKLM..\Run: [PHIME2002A] C:\WINDOWS\System32\IME\TINTLGNT\TINTSETP.EXE (Microsoft Corporation)

 

O4 - HKLM..\Run: [PHIME2002ASync] C:\WINDOWS\System32\IME\TINTLGNT\TINTSETP.EXE (Microsoft Corporation)

 

O4 - HKLM..\Run: [PWRISOVM.EXE] C:\Program Files\PowerISO\PWRISOVM.EXE (PowerISO Computing, Inc.)

 

O4 - HKLM..\Run: [synTPLpr] C:\Program Files\Synaptics\SynTP\SynTPLpr.exe (Synaptics, Inc.)

 

O4 - HKLM..\Run: [TkBellExe] C:\Program Files\Real\RealPlayer\update\realsched.exe (RealNetworks, Inc.)

 

O4 - HKCU..\Run: [Google Update] File not found

 

O4 - HKCU..\Run: [wefi] File not found

 

O4 - HKLM..\RunOnce: [AvgUninstallURL] C:\WINDOWS\System32\cmd.exe (Microsoft Corporation)

 

O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Device Monitor LE.lnk = C:\Program Files\PIXELA\MediaBrowser LE\MBCameraMonitor.exe (PIXELA CORPORATION)

 

O4 - Startup: C:\Documents and Settings\CAROLYN\Start Menu\Programs\Startup\OpenOffice.org 3.3.lnk = C:\Program Files\OpenOffice.org 3\program\quickstart.exe ()

 

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1

 

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863

 

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323

 

O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323

 

O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863

 

O9 - Extra Button: HP Clipbook - {58ECB495-38F0-49cb-A538-10282ABF65E7} - C:\Program Files\HP\Smart Web Printing\hpswp_extensions.dll (Hewlett-Packard Co.)

 

O9 - Extra Button: HP Smart Select - {700259D7-1666-479a-93B1-3250410481E8} - C:\Program Files\HP\Smart Web Printing\hpswp_extensions.dll (Hewlett-Packard Co.)

 

O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\WINDOWS\system32\LSPTQE.DLL ()

 

O10 - NameSpace_Catalog5\Catalog_Entries\000000000005 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)

 

O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} http://fpdownload.macromedia.com/get/flashplayer/current/ultrashim.cab (Reg Error: Key error.)

 

O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object)

 

O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.)

 

O16 - DPF: {EF791A6B-FC12-4C68-99EF-FB9E207A39E6} http://download.mcafee.com/molbin/iss-loc/mcfscan/2,2,0,5257/mcfscan.cab (McFreeScan Class)

 

O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1

 

O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)

 

O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)

 

O20 - Winlogon\Notify\igfxcui: DllName - igfxsrvc.dll - C:\WINDOWS\System32\igfxsrvc.dll (Intel Corporation)

 

O24 - Desktop WallPaper: C:\Documents and Settings\CAROLYN\Local Settings\Application Data\Microsoft\Wallpaper1.bmp

 

O24 - Desktop BackupWallPaper: C:\Documents and Settings\CAROLYN\Local Settings\Application Data\Microsoft\Wallpaper1.bmp

 

O28 - HKLM ShellExecuteHooks: {E9383002-FC55-4330-B9C9-67E03BC5C840} - File not found

 

O32 - HKLM CDRom: AutoRun - 1

 

O33 - MountPoints2\{7a24dedc-14ed-11e0-904c-0012f042f73f}\Shell\AutoRun\command - "" = H:\install.exe

 

O33 - MountPoints2\{8908303c-ba50-11dc-8bec-00c09f8c54a5}\Shell - "" = AutoRun

 

O33 - MountPoints2\{8908303c-ba50-11dc-8bec-00c09f8c54a5}\Shell\AutoRun - "" = Auto&Play

 

O33 - MountPoints2\{8908303c-ba50-11dc-8bec-00c09f8c54a5}\Shell\AutoRun\command - "" = E:\AutoRun.exe

 

O33 - MountPoints2\{8908303d-ba50-11dc-8bec-00c09f8c54a5}\Shell - "" = AutoRun

 

O33 - MountPoints2\{8908303d-ba50-11dc-8bec-00c09f8c54a5}\Shell\AutoRun - "" = Auto&Play

 

O33 - MountPoints2\{8908303d-ba50-11dc-8bec-00c09f8c54a5}\Shell\AutoRun\command - "" = F:\AutoRun.exe

 

O33 - MountPoints2\{f2969b04-ba3d-11dc-8be7-00c09f8c54a5}\Shell - "" = AutoRun

 

O33 - MountPoints2\{f2969b04-ba3d-11dc-8be7-00c09f8c54a5}\Shell\AutoRun - "" = Auto&Play

 

O33 - MountPoints2\{f2969b04-ba3d-11dc-8be7-00c09f8c54a5}\Shell\AutoRun\command - "" = F:\AutoRun.exe

 

O34 - HKLM BootExecute: (autocheck autochk *) - File not found

 

O35 - HKLM\..comfile [open] -- "%1" %*

 

O35 - HKLM\..exefile [open] -- "%1" %*

 

O37 - HKLM\...com [@ = comfile] -- "%1" %*

 

O37 - HKLM\...exe [@ = exefile] -- "%1" %*

 

 

 

========== Files/Folders - Created Within 30 Days ==========

 

 

 

[2011/08/07 17:47:17 | 000,000,000 | ---D | C] -- C:\_OTL

 

[2011/08/06 16:56:11 | 000,000,000 | --SD | C] -- C:\ComboFix

 

[2011/08/05 19:51:13 | 004,165,468 | R--- | C] (Swearware) -- C:\Documents and Settings\CAROLYN\Desktop\ComboFix1.exe

 

[2011/08/05 16:48:17 | 000,000,000 | RHSD | C] -- C:\cmdcons

 

[2011/08/05 16:41:03 | 000,518,144 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWREG.exe

 

[2011/08/05 16:41:03 | 000,406,528 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWSC.exe

 

[2011/08/05 16:41:03 | 000,212,480 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWXCACLS.exe

 

[2011/08/05 16:41:03 | 000,060,416 | ---- | C] (NirSoft) -- C:\WINDOWS\NIRCMD.exe

 

[2011/08/05 16:40:53 | 000,000,000 | ---D | C] -- C:\WINDOWS\ERDNT

 

[2011/08/05 16:40:47 | 000,000,000 | ---D | C] -- C:\Qoobox

 

[2011/08/05 16:37:10 | 004,164,630 | R--- | C] (Swearware) -- C:\Documents and Settings\CAROLYN\Desktop\ComboFix.exe

 

[2011/08/05 12:08:53 | 000,579,584 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\CAROLYN\Desktop\OTL.exe

 

[2011/08/04 17:46:27 | 000,607,017 | R--- | C] (Swearware) -- C:\Documents and Settings\CAROLYN\Desktop\dds.com

 

[2011/07/31 10:59:35 | 000,222,080 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\MpSigStub.exe

 

[2011/07/30 20:04:27 | 000,116,224 | ---- | C] (Xerox) -- C:\WINDOWS\System32\dllcache\xrxwiadr.dll

 

[2011/07/30 20:04:18 | 000,023,040 | ---- | C] (Xerox Corporation) -- C:\WINDOWS\System32\dllcache\xrxwbtmp.dll

 

[2011/07/30 20:03:56 | 000,004,608 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\xrxflnch.exe

 

[2011/07/30 20:03:41 | 000,099,865 | ---- | C] (Eicon Technology) -- C:\WINDOWS\System32\dllcache\xlog.exe

 

[2011/07/30 20:03:30 | 000,016,970 | ---- | C] (US Robotics MCD (Megahertz)) -- C:\WINDOWS\System32\dllcache\xem336n5.sys

 

[2011/07/30 20:03:25 | 000,019,455 | ---- | C] (Intel® Corporation) -- C:\WINDOWS\System32\dllcache\wvchntxx.sys

 

[2011/07/30 20:03:15 | 000,019,200 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\wstcodec.sys

 

[2011/07/30 20:03:12 | 000,012,063 | ---- | C] (Intel® Corporation) -- C:\WINDOWS\System32\dllcache\wsiintxx.sys

 

[2011/07/30 20:01:12 | 000,154,624 | ---- | C] (Lucent Technologies) -- C:\WINDOWS\System32\dllcache\wlluc48.sys

 

[2011/07/30 20:01:01 | 000,034,890 | ---- | C] (Raytheon Corp.) -- C:\WINDOWS\System32\dllcache\wlandrv2.sys

 

[2011/07/30 20:00:41 | 000,771,581 | ---- | C] (Rockwell) -- C:\WINDOWS\System32\dllcache\winacisa.sys

 

[2011/07/30 20:00:22 | 000,053,760 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\wiamsmud.dll

 

[2011/07/30 20:00:13 | 000,087,040 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\wiafbdrv.dll

 

[2011/07/30 20:00:11 | 000,031,232 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\weitekp9.sys

 

[2011/07/30 20:00:10 | 000,041,600 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\weitekp9.dll

 

[2011/07/30 20:00:00 | 000,701,386 | ---- | C] (3Com Corporation) -- C:\WINDOWS\System32\dllcache\wdhaalba.sys

 

[2011/07/30 19:59:57 | 000,023,615 | ---- | C] (Intel® Corporation) -- C:\WINDOWS\System32\dllcache\wch7xxnt.sys

 

[2011/07/30 19:59:54 | 000,031,744 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\wceusbsh.sys

 

[2011/07/30 19:59:45 | 000,035,871 | ---- | C] (Winbond Electronics Corp.) -- C:\WINDOWS\System32\dllcache\wbfirdma.sys

 

[2011/07/30 19:59:35 | 000,033,599 | ---- | C] (Intel® Corporation) -- C:\WINDOWS\System32\dllcache\watv04nt.sys

 

[2011/07/30 19:59:32 | 000,019,551 | ---- | C] (Intel® Corporation) -- C:\WINDOWS\System32\dllcache\watv02nt.sys

 

[2011/07/30 19:59:29 | 000,029,311 | ---- | C] (Intel® Corporation) -- C:\WINDOWS\System32\dllcache\watv01nt.sys

 

[2011/07/30 19:59:25 | 000,011,775 | ---- | C] (Intel® Corporation) -- C:\WINDOWS\System32\dllcache\wadv05nt.sys

 

[2011/07/30 19:59:23 | 000,012,127 | ---- | C] (Intel® Corporation) -- C:\WINDOWS\System32\dllcache\wadv02nt.sys

 

[2011/07/30 19:59:20 | 000,012,415 | ---- | C] (Intel® Corporation) -- C:\WINDOWS\System32\dllcache\wadv01nt.sys

 

[2011/07/30 19:59:09 | 000,016,925 | ---- | C] (Winbond Electronics Corporation) -- C:\WINDOWS\System32\dllcache\w940nd.sys

 

[2011/07/30 19:59:00 | 000,019,016 | ---- | C] (Winbond Electronics Corporation) -- C:\WINDOWS\System32\dllcache\w926nd.sys

 

[2011/07/30 19:58:51 | 000,019,528 | ---- | C] (Winbond Electronics Corporation) -- C:\WINDOWS\System32\dllcache\w840nd.sys

 

[2011/07/30 19:58:50 | 000,048,256 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\w32.dll

 

[2011/07/30 19:58:41 | 000,064,605 | ---- | C] (PCtel, Inc.) -- C:\WINDOWS\System32\dllcache\vvoice.sys

 

[2011/07/30 19:58:29 | 000,397,502 | ---- | C] (PCtel, Inc.) -- C:\WINDOWS\System32\dllcache\vpctcom.sys

 

[2011/07/30 19:58:20 | 000,604,253 | ---- | C] (PCTEL, INC.) -- C:\WINDOWS\System32\dllcache\vmodem.sys

 

[2011/07/30 19:58:10 | 000,249,402 | ---- | C] (Xircom) -- C:\WINDOWS\System32\dllcache\vinwm.sys

 

[2011/07/30 19:58:01 | 000,024,576 | ---- | C] (VIA Technologies, Inc.) -- C:\WINDOWS\System32\dllcache\viairda.sys

 

[2011/07/30 19:57:54 | 000,053,760 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\vfwwdm32.dll

 

[2011/07/30 19:57:43 | 000,687,999 | ---- | C] (U.S. Robotics Corporation) -- C:\WINDOWS\System32\dllcache\usrwdxjs.sys

 

[2011/07/30 19:57:33 | 000,765,884 | ---- | C] (U.S. Robotics, Inc.) -- C:\WINDOWS\System32\dllcache\usrti.sys

 

[2011/07/30 19:57:23 | 000,113,762 | ---- | C] (U.S. Robotics Corporation) -- C:\WINDOWS\System32\dllcache\usrpda.sys

 

[2011/07/30 19:57:14 | 000,007,556 | ---- | C] (U.S. Robotics Corporation) -- C:\WINDOWS\System32\dllcache\usroslba.sys

 

[2011/07/30 19:57:02 | 000,224,802 | ---- | C] (U.S. Robotics Corporation) -- C:\WINDOWS\System32\dllcache\usr1807a.sys

 

[2011/07/30 19:56:53 | 000,794,399 | ---- | C] (U.S. Robotics, Inc.) -- C:\WINDOWS\System32\dllcache\usr1806v.sys

 

[2011/07/30 19:56:44 | 000,793,598 | ---- | C] (U.S. Robotics, Inc.) -- C:\WINDOWS\System32\dllcache\usr1806.sys

 

[2011/07/30 19:56:35 | 000,794,654 | ---- | C] (U.S. Robotics, Inc.) -- C:\WINDOWS\System32\dllcache\usr1801.sys

 

[2011/07/30 19:56:30 | 000,026,112 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\usbser.sys

 

[2011/07/30 19:56:27 | 000,017,152 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\usbohci.sys

 

[2011/07/30 19:56:23 | 000,060,032 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\usbaudio.sys

 

[2011/07/30 19:56:19 | 000,032,384 | ---- | C] (KLSI USA, Inc.) -- C:\WINDOWS\System32\dllcache\usb101et.sys

 

[2011/07/30 19:56:06 | 000,094,720 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\umaxud32.dll

 

[2011/07/30 19:55:57 | 000,028,160 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\umaxu40.dll

 

[2011/07/30 19:55:48 | 000,026,624 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\umaxu22.dll

 

[2011/07/30 19:55:39 | 000,069,632 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\umaxu12.dll

 

[2011/07/30 19:55:30 | 000,050,688 | ---- | C] (UMAX DATA SYSTEMS INC.) -- C:\WINDOWS\System32\dllcache\umaxscan.dll

 

[2011/07/30 19:55:21 | 000,022,912 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\umaxpcls.sys

 

[2011/07/30 19:55:12 | 000,050,176 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\umaxp60.dll

 

[2011/07/30 19:55:03 | 000,047,616 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\umaxcam.dll

 

[2011/07/30 19:54:54 | 000,211,968 | ---- | C] (UMAX Data Systems Inc.) -- C:\WINDOWS\System32\dllcache\um54scan.dll

 

[2011/07/30 19:54:45 | 000,216,064 | ---- | C] (UMAX Data Systems Inc.) -- C:\WINDOWS\System32\dllcache\um34scan.dll

 

[2011/07/30 19:54:36 | 000,036,736 | ---- | C] (Promise Technology, Inc.) -- C:\WINDOWS\System32\dllcache\ultra.sys

 

[2011/07/30 19:54:25 | 000,011,520 | ---- | C] (IBM Corporation) -- C:\WINDOWS\System32\dllcache\twotrack.sys

 

[2011/07/30 19:54:23 | 000,014,336 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\tsprof.exe

 

[2011/07/30 19:54:12 | 000,166,784 | ---- | C] (Trident Microsystems Inc.) -- C:\WINDOWS\System32\dllcache\tridxpm.sys

 

[2011/07/30 19:54:03 | 000,525,568 | ---- | C] (Trident Microsystems Inc.) -- C:\WINDOWS\System32\dllcache\tridxp.dll

 

[2011/07/30 19:53:54 | 000,159,232 | ---- | C] (Trident Microsystems Inc.) -- C:\WINDOWS\System32\dllcache\tridkbm.sys

 

[2011/07/30 19:53:45 | 000,440,576 | ---- | C] (Trident Microsystems Inc.) -- C:\WINDOWS\System32\dllcache\tridkb.dll

 

[2011/07/30 19:53:36 | 000,222,336 | ---- | C] (Trident Microsystems Inc.) -- C:\WINDOWS\System32\dllcache\trid3dm.sys

 

[2011/07/30 19:53:27 | 000,315,520 | ---- | C] (Trident Microsystems Inc.) -- C:\WINDOWS\System32\dllcache\trid3d.dll

 

[2011/07/30 19:53:17 | 000,034,375 | ---- | C] (Intel Corporation) -- C:\WINDOWS\System32\dllcache\tpro4.sys

 

[2011/07/30 19:53:08 | 000,042,496 | ---- | C] (IBM Corporation) -- C:\WINDOWS\System32\dllcache\tp4res.dll

 

[2011/07/30 19:53:06 | 000,082,944 | ---- | C] (IBM Corporation) -- C:\WINDOWS\System32\dllcache\tp4mon.exe

 

[2011/07/30 19:52:56 | 000,031,744 | ---- | C] (IBM Corporation) -- C:\WINDOWS\System32\dllcache\tp4.dll

 

[2011/07/30 19:52:46 | 000,004,992 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\toside.sys

 

[2011/07/30 19:52:37 | 000,230,912 | ---- | C] (Toshiba Corporation) -- C:\WINDOWS\System32\dllcache\tosdvd03.sys

 

[2011/07/30 19:52:28 | 000,241,664 | ---- | C] (Toshiba Corporation) -- C:\WINDOWS\System32\dllcache\tosdvd02.sys

 

[2011/07/30 19:52:19 | 000,028,232 | ---- | C] (TOSHIBA Corporation) -- C:\WINDOWS\System32\dllcache\tos4mo.sys

 

[2011/07/30 19:52:10 | 000,123,995 | ---- | C] (Tiger Jet Network) -- C:\WINDOWS\System32\dllcache\tjisdn.sys

 

[2011/07/30 19:51:59 | 000,138,528 | ---- | C] (Trident Microsystems Inc.) -- C:\WINDOWS\System32\dllcache\tgiulnt5.sys

 

[2011/07/30 19:51:50 | 000,081,408 | ---- | C] (Trident Microsystems Inc.) -- C:\WINDOWS\System32\dllcache\tgiul50.dll

 

[2011/07/30 19:51:48 | 000,149,376 | ---- | C] (M-Systems) -- C:\WINDOWS\System32\dllcache\tffsport.sys

 

[2011/07/30 19:51:46 | 000,019,464 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\tdspx.sys

 

[2011/07/30 19:51:37 | 000,017,129 | ---- | C] (TDK Corporation) -- C:\WINDOWS\System32\dllcache\tdkcd31.sys

 

[2011/07/30 19:51:29 | 000,037,961 | ---- | C] (TDK Corporation) -- C:\WINDOWS\System32\dllcache\tdk100b.sys

 

[2011/07/30 19:51:28 | 000,021,896 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\tdipx.sys

 

[2011/07/30 19:51:27 | 000,013,192 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\tdasync.sys

 

[2011/07/30 19:51:17 | 000,030,464 | ---- | C] (Toshiba Corporation) -- C:\WINDOWS\System32\dllcache\tbatm155.sys

 

[2011/07/30 19:51:07 | 000,007,040 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\tandqic.sys

 

[2011/07/30 19:50:58 | 000,036,640 | ---- | C] (Number Nine Visual Technology Corp.) -- C:\WINDOWS\System32\dllcache\t2r4mini.sys

 

[2011/07/30 19:50:49 | 000,172,768 | ---- | C] (Number Nine Visual Technology) -- C:\WINDOWS\System32\dllcache\t2r4disp.dll

 

[2011/07/30 19:50:36 | 000,032,640 | ---- | C] (LSI Logic) -- C:\WINDOWS\System32\dllcache\symc8xx.sys

 

[2011/07/30 19:50:28 | 000,016,256 | ---- | C] (Symbios Logic Inc.) -- C:\WINDOWS\System32\dllcache\symc810.sys

 

[2011/07/30 19:50:20 | 000,030,688 | ---- | C] (LSI Logic) -- C:\WINDOWS\System32\dllcache\sym_u3.sys

 

[2011/07/30 19:50:11 | 000,028,384 | ---- | C] (LSI Logic) -- C:\WINDOWS\System32\dllcache\sym_hi.sys

 

[2011/07/30 19:50:03 | 000,094,293 | ---- | C] (Perle Systems Ltd. ) -- C:\WINDOWS\System32\dllcache\sxports.dll

 

[2011/07/30 19:49:55 | 000,103,936 | ---- | C] (Perle Systems Ltd. ) -- C:\WINDOWS\System32\dllcache\sx.sys

 

[2011/07/30 19:49:47 | 000,003,968 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\swusbflt.sys

 

[2011/07/30 19:49:39 | 000,010,240 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\swpidflt.dll

 

[2011/07/30 19:49:31 | 000,010,240 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\swpdflt2.dll

 

[2011/07/30 19:49:22 | 000,053,760 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\sw_wheel.dll

 

[2011/07/30 19:49:14 | 000,041,472 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\sw_effct.dll

 

[2011/07/30 19:49:11 | 000,015,232 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\streamip.sys

 

[2011/07/30 19:49:02 | 000,155,648 | ---- | C] (Stallion Technologies) -- C:\WINDOWS\System32\dllcache\stlnprop.dll

 

[2011/07/30 19:48:54 | 000,053,248 | ---- | C] (Stallion Technologies) -- C:\WINDOWS\System32\dllcache\stlncoin.dll

 

[2011/07/30 19:48:46 | 000,285,760 | ---- | C] (Stallion Technologies) -- C:\WINDOWS\System32\dllcache\stlnata.sys

 

[2011/07/30 19:48:37 | 000,016,896 | ---- | C] (SCM Microsystems, Inc.) -- C:\WINDOWS\System32\dllcache\stcusb.sys

 

[2011/07/30 19:48:24 | 000,048,736 | ---- | C] (3Com) -- C:\WINDOWS\System32\dllcache\srwlnd5.sys

 

[2011/07/30 19:48:15 | 000,099,328 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\srusd.dll

 

[2011/07/30 19:48:14 | 000,101,376 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\srusbusd.dll

 

[2011/07/30 19:48:01 | 000,024,660 | ---- | C] (Perle Systems Ltd.) -- C:\WINDOWS\System32\dllcache\spxupchk.dll

 

[2011/07/30 19:47:50 | 000,061,824 | ---- | C] (Perle Systems Ltd.) -- C:\WINDOWS\System32\dllcache\speed.sys

 

[2011/07/30 19:47:42 | 000,106,584 | ---- | C] (Perle Systems Ltd.) -- C:\WINDOWS\System32\dllcache\spdports.dll

 

[2011/07/30 19:47:34 | 000,019,072 | ---- | C] (Adaptec, Inc.) -- C:\WINDOWS\System32\dllcache\sparrow.sys

 

[2011/07/30 19:47:24 | 000,007,552 | ---- | C] (Sony Corporation) -- C:\WINDOWS\System32\dllcache\sonypvu1.sys

 

[2011/07/30 19:47:16 | 000,037,040 | ---- | C] (Sony Corporation) -- C:\WINDOWS\System32\dllcache\sonypi.sys

 

[2011/07/30 19:47:08 | 000,114,688 | ---- | C] (Sony Corporation) -- C:\WINDOWS\System32\dllcache\sonypi.dll

 

[2011/07/30 19:47:01 | 000,020,752 | ---- | C] (Sony Corporation) -- C:\WINDOWS\System32\dllcache\sonync.sys

 

[2011/07/30 19:46:52 | 000,009,600 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\sonymc.sys

 

[2011/07/30 19:46:49 | 000,007,552 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\sonyait.sys

 

[2011/07/30 19:46:41 | 000,007,040 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\snyaitmc.sys

 

[2011/07/30 19:46:40 | 000,007,168 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\EXCH_snprfdll.dll

 

[2011/07/30 19:46:39 | 000,010,240 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\snmpstup.dll

 

[2011/07/30 19:46:33 | 000,012,288 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\EXCH_smtpctrs.dll

 

[2011/07/30 19:46:32 | 000,005,632 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\smimsgif.dll

 

[2011/07/30 19:46:24 | 000,058,368 | ---- | C] (Silicon Motion Inc.) -- C:\WINDOWS\System32\dllcache\smiminib.sys

 

[2011/07/30 19:46:23 | 000,015,872 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\smierrsm.dll

 

[2011/07/30 19:46:23 | 000,005,632 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\smierrsy.dll

 

[2011/07/30 19:46:15 | 000,147,200 | ---- | C] (Silicon Motion Inc.) -- C:\WINDOWS\System32\dllcache\smidispb.dll

 

[2011/07/30 19:45:49 | 000,025,034 | ---- | C] (SMC Networks, Inc.) -- C:\WINDOWS\System32\dllcache\smcpwr2n.sys

 

[2011/07/30 19:45:41 | 000,024,576 | ---- | C] (SMC Networks, Inc.) -- C:\WINDOWS\System32\dllcache\smc8000n.sys

 

[2011/07/30 19:45:33 | 000,006,784 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\smbhc.sys

 

[2011/07/30 19:45:30 | 000,006,912 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\smbclass.sys

 

[2011/07/30 19:45:27 | 000,031,744 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\smb6w.dll

 

[2011/07/30 19:45:27 | 000,016,000 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\smbbatt.sys

 

[2011/07/30 19:45:19 | 000,045,568 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\smb3w.dll

 

[2011/07/30 19:45:11 | 000,033,792 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\smb0w.dll

 

[2011/07/30 19:45:10 | 000,031,744 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\sma3w.dll

 

[2011/07/30 19:45:02 | 000,028,672 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\sma0w.dll

 

[2011/07/30 19:45:01 | 000,038,912 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\sm9aw.dll

 

[2011/07/30 19:45:01 | 000,026,624 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\sm93w.dll

 

[2011/07/30 19:45:00 | 000,026,624 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\sm92w.dll

 

[2011/07/30 19:44:53 | 000,028,160 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\sm91w.dll

 

[2011/07/30 19:44:52 | 000,026,112 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\sm90w.dll

 

[2011/07/30 19:44:52 | 000,026,112 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\sm8dw.dll

 

[2011/07/30 19:44:51 | 000,029,184 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\sm8cw.dll

 

[2011/07/30 19:44:51 | 000,026,112 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\sm8aw.dll

 

[2011/07/30 19:44:50 | 000,030,208 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\sm87w.dll

 

[2011/07/30 19:44:50 | 000,026,112 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\sm89w.dll

 

[2011/07/30 19:44:49 | 000,030,208 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\sm81w.dll

 

[2011/07/30 19:44:49 | 000,025,088 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\sm59w.dll

 

[2011/07/30 19:44:45 | 000,011,136 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\slip.sys

 

[2011/07/30 19:44:42 | 000,063,547 | ---- | C] (Symbol Technologies) -- C:\WINDOWS\System32\dllcache\sla30nd5.sys

 

[2011/07/30 19:44:34 | 000,091,294 | ---- | C] (SysKonnect, a business unit of Schneider & Koch & Co. Datensysteme GmbH.) -- C:\WINDOWS\System32\dllcache\skfpwin.sys

 

[2011/07/30 19:44:26 | 000,094,698 | ---- | C] (SysKonnect GmbH.) -- C:\WINDOWS\System32\dllcache\sk98xwin.sys

 

[2011/07/30 19:44:18 | 000,157,696 | ---- | C] (Silicon Integrated Systems Corporation) -- C:\WINDOWS\System32\dllcache\sisv256.dll

 

[2011/07/30 19:44:10 | 000,050,432 | ---- | C] (Silicon Integrated Systems Corporation) -- C:\WINDOWS\System32\dllcache\sisv.sys

 

[2011/07/30 19:44:07 | 000,032,768 | ---- | C] (SiS Corporation) -- C:\WINDOWS\System32\dllcache\sisnic.sys

 

[2011/07/30 19:44:00 | 000,238,592 | ---- | C] (Silicon Integrated Systems Corporation) -- C:\WINDOWS\System32\dllcache\sisgrv.dll

 

[2011/07/30 19:43:52 | 000,104,064 | ---- | C] (Silicon Integrated Systems Corporation) -- C:\WINDOWS\System32\dllcache\sisgrp.sys

 

[2011/07/30 19:43:44 | 000,150,144 | ---- | C] (Silicon Integrated Systems Corporation) -- C:\WINDOWS\System32\dllcache\sis6306v.dll

 

[2011/07/30 19:43:36 | 000,068,608 | ---- | C] (Silicon Integrated Systems Corporation) -- C:\WINDOWS\System32\dllcache\sis6306p.sys

 

[2011/07/30 19:43:28 | 000,252,032 | ---- | C] (Silicon Integrated Systems Corporation) -- C:\WINDOWS\System32\dllcache\sis300iv.dll

 

[2011/07/30 19:43:20 | 000,101,760 | ---- | C] (Silicon Integrated Systems Corporation) -- C:\WINDOWS\System32\dllcache\sis300ip.sys

 

[2011/07/30 19:43:19 | 000,018,944 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\simptcp.dll

 

[2011/07/30 19:42:56 | 000,161,568 | ---- | C] (Micro Systemation) -- C:\WINDOWS\System32\dllcache\sgsmusb.sys

 

[2011/07/30 19:42:48 | 000,018,400 | ---- | C] (Micro Systemation) -- C:\WINDOWS\System32\dllcache\sgsmld.sys

 

[2011/07/30 19:42:40 | 000,098,080 | ---- | C] (Trident Microsystems Inc.) -- C:\WINDOWS\System32\dllcache\sgiulnt5.sys

 

[2011/07/30 19:42:32 | 000,386,560 | ---- | C] (Trident Microsystems Inc.) -- C:\WINDOWS\System32\dllcache\sgiul50.dll

 

[2011/07/30 19:42:24 | 000,036,480 | ---- | C] (Creative Technology Ltd.) -- C:\WINDOWS\System32\dllcache\sfmanm.sys

 

[2011/07/30 19:42:13 | 000,006,784 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\serscan.sys

 

[2011/07/30 19:42:05 | 000,017,664 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\sermouse.sys

 

[2011/07/30 19:42:04 | 000,026,112 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\EXCH_seos.dll

 

[2011/07/30 19:41:55 | 000,006,912 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\seaddsmc.sys

 

[2011/07/30 19:41:52 | 000,011,520 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\scsiscan.sys

 

[2011/07/30 19:41:44 | 000,011,648 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\scsiprnt.sys

 

[2011/07/30 19:41:43 | 000,057,856 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\EXCH_scripto.dll

 

[2011/07/30 19:41:34 | 000,017,280 | ---- | C] (SCM Microsystems) -- C:\WINDOWS\System32\dllcache\scr111.sys

 

[2011/07/30 19:41:26 | 000,016,640 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\scmstcs.sys

 

[2011/07/30 19:41:17 | 000,023,936 | ---- | C] (OMNIKEY AG) -- C:\WINDOWS\System32\dllcache\sccmusbm.sys

 

[2011/07/30 19:41:10 | 000,023,936 | ---- | C] (OMNIKEY AG) -- C:\WINDOWS\System32\dllcache\sccmn50m.sys

 

[2011/07/30 19:41:06 | 000,043,904 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\sbp2port.sys

 

[2011/07/30 19:40:58 | 000,495,616 | ---- | C] (Creative Technology Ltd.) -- C:\WINDOWS\System32\dllcache\sblfx.dll

 

[2011/07/30 19:40:48 | 000,075,392 | ---- | C] (S3 Graphics, Inc.) -- C:\WINDOWS\System32\dllcache\s3savmxm.sys

 

[2011/07/30 19:40:40 | 000,245,632 | ---- | C] (S3 Graphics, Inc.) -- C:\WINDOWS\System32\dllcache\s3savmx.dll

 

[2011/07/30 19:40:32 | 000,077,824 | ---- | C] (S3 Incorporated) -- C:\WINDOWS\System32\dllcache\s3sav4m.sys

 

[2011/07/30 19:40:24 | 000,198,400 | ---- | C] (S3 Incorporated) -- C:\WINDOWS\System32\dllcache\s3sav4.dll

 

[2011/07/30 19:40:16 | 000,061,504 | ---- | C] (S3 Incorporated) -- C:\WINDOWS\System32\dllcache\s3sav3dm.sys

 

[2011/07/30 19:40:08 | 000,179,264 | ---- | C] (S3 Incorporated) -- C:\WINDOWS\System32\dllcache\s3sav3d.dll

 

[2011/07/30 19:40:00 | 000,210,496 | ---- | C] (S3 Incorporated) -- C:\WINDOWS\System32\dllcache\s3mvirge.dll

 

[2011/07/30 19:39:51 | 000,062,496 | ---- | C] (S3 Incorporated) -- C:\WINDOWS\System32\dllcache\s3mtrio.dll

 

[2011/07/30 19:39:43 | 000,041,216 | ---- | C] (S3 Incorporated) -- C:\WINDOWS\System32\dllcache\s3mt3d.sys

 

[2011/07/30 19:39:36 | 000,182,272 | ---- | C] (S3 Incorporated) -- C:\WINDOWS\System32\dllcache\s3mt3d.dll

 

[2011/07/30 19:39:28 | 000,166,720 | ---- | C] (S3 Incorporated) -- C:\WINDOWS\System32\dllcache\s3m.sys

 

[2011/07/30 19:39:20 | 000,065,664 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\s3legacy.sys

 

[2011/07/30 19:39:11 | 000,082,432 | ---- | C] (Ricoh Co., Ltd.) -- C:\WINDOWS\System32\dllcache\rwia450.dll

 

[2011/07/30 19:39:04 | 000,079,872 | ---- | C] (Ricoh Co., Ltd.) -- C:\WINDOWS\System32\dllcache\rwia430.dll

 

[2011/07/30 19:39:03 | 000,079,872 | ---- | C] (Ricoh Co., Ltd.) -- C:\WINDOWS\System32\dllcache\rwia330.dll

 

[2011/07/30 19:39:03 | 000,079,872 | ---- | C] (Ricoh Co., Ltd.) -- C:\WINDOWS\System32\dllcache\rwia001.dll

 

[2011/07/30 19:39:00 | 000,029,696 | ---- | C] (Ricoh Co., Ltd.) -- C:\WINDOWS\System32\dllcache\rw450ext.dll

 

[2011/07/30 19:38:58 | 000,027,648 | ---- | C] (Ricoh Co., Ltd.) -- C:\WINDOWS\System32\dllcache\rw430ext.dll

 

[2011/07/30 19:38:53 | 000,020,992 | ---- | C] (Realtek Semiconductor Corporation) -- C:\WINDOWS\System32\dllcache\rtl8139.sys

 

[2011/07/30 19:38:45 | 000,019,017 | ---- | C] (Realtek Semiconductor Corporation) -- C:\WINDOWS\System32\dllcache\rtl8029.sys

 

[2011/07/30 19:38:38 | 000,030,720 | ---- | C] (Conexant Systems Inc.) -- C:\WINDOWS\System32\dllcache\rthwcls.sys

 

[2011/07/30 19:38:28 | 000,009,216 | ---- | C] (Brother Industries, Ltd.) -- C:\WINDOWS\System32\dllcache\rsmgrstr.dll

 

[2011/07/30 19:38:19 | 000,003,840 | ---- | C] (Conexant Systems Inc.) -- C:\WINDOWS\System32\dllcache\rpfun.sys

 

[2011/07/30 19:38:15 | 000,079,104 | ---- | C] (Comtrol Corporation) -- C:\WINDOWS\System32\dllcache\rocket.sys

 

[2011/07/30 19:38:05 | 000,037,563 | ---- | C] (RadioLAN) -- C:\WINDOWS\System32\dllcache\rlnet5.sys

 

[2011/07/30 19:37:56 | 000,086,097 | ---- | C] (Xircom) -- C:\WINDOWS\System32\dllcache\reslog32.dll

 

[2011/07/30 19:37:54 | 000,023,040 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\EXCH_regtrace.exe

 

[2011/07/30 19:37:53 | 000,014,848 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\register.exe

 

[2011/07/30 19:37:35 | 000,714,762 | ---- | C] (Xircom, Inc.) -- C:\WINDOWS\System32\dllcache\r2mdmkxx.sys

 

[2011/07/30 19:37:28 | 000,899,146 | ---- | C] (Xircom, Inc.) -- C:\WINDOWS\System32\dllcache\r2mdkxga.sys

 

[2011/07/30 19:37:20 | 000,041,472 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\qvusd.dll

 

[2011/07/30 19:37:11 | 000,003,328 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\qv2kux.sys

 

[2011/07/30 19:37:10 | 000,016,384 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\quser.exe

 

[2011/07/30 19:37:09 | 000,009,728 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\query.exe

 

[2011/07/30 19:36:58 | 000,049,024 | ---- | C] (QLogic Corporation) -- C:\WINDOWS\System32\dllcache\ql1280.sys

 

[2011/07/30 19:36:50 | 000,040,448 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\ql1240.sys

 

[2011/07/30 19:36:41 | 000,045,312 | ---- | C] (QLogic Corporation) -- C:\WINDOWS\System32\dllcache\ql12160.sys

 

[2011/07/30 19:36:34 | 000,033,152 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\ql10wnt.sys

 

[2011/07/30 19:36:25 | 000,040,320 | ---- | C] (QLogic Corporation) -- C:\WINDOWS\System32\dllcache\ql1080.sys

 

[2011/07/30 19:36:23 | 000,006,016 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\qic157.sys

 

[2011/07/30 19:36:12 | 000,130,942 | ---- | C] (PCTEL, INC.) -- C:\WINDOWS\System32\dllcache\ptserlv.sys

 

[2011/07/30 19:36:04 | 000,112,574 | ---- | C] (PCTEL, INC.) -- C:\WINDOWS\System32\dllcache\ptserlp.sys

 

[2011/07/30 19:35:57 | 000,128,286 | ---- | C] (PCTEL, INC.) -- C:\WINDOWS\System32\dllcache\ptserli.sys

 

[2011/07/30 19:35:54 | 000,159,232 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\ptpusd.dll

 

[2011/07/30 19:35:47 | 000,005,632 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\ptpusb.dll

 

[2011/07/30 19:35:34 | 000,035,328 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\psisload.dll

 

[2011/07/30 19:35:23 | 000,016,128 | ---- | C] (SCM Microsystems, Inc.) -- C:\WINDOWS\System32\dllcache\pscr.sys

 

[2011/07/30 19:35:18 | 000,017,664 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\ppa3.sys

 

[2011/07/30 19:35:09 | 000,017,792 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\ppa.sys

 

[2011/07/30 19:35:07 | 000,008,832 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\powerfil.sys

 

[2011/07/30 19:34:56 | 000,007,168 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\pnrmc.sys

 

[2011/07/30 19:34:55 | 000,131,584 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\pmxviceo.dll

 

[2011/07/30 19:34:54 | 000,011,264 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\pmxmcro.dll

 

[2011/07/30 19:34:54 | 000,006,144 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\pmxgl.dll

 

[2011/07/30 19:34:44 | 000,121,344 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\phvfwext.dll

 

[2011/07/30 19:34:36 | 000,019,840 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\philtune.sys

 

[2011/07/30 19:34:28 | 000,092,416 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\phildec.sys

 

[2011/07/30 19:34:20 | 000,173,696 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\philcam2.sys

 

[2011/07/30 19:34:12 | 000,075,776 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\philcam1.sys

 

[2011/07/30 19:34:05 | 000,016,384 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\philcam1.dll

 

[2011/07/30 19:33:57 | 000,105,984 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\phdsext.ax

 

[2011/07/30 19:33:55 | 000,259,328 | ---- | C] (Microsoft Corp., 3Dlabs Inc. Ltd.) -- C:\WINDOWS\System32\dllcache\perm3dd.dll

 

[2011/07/30 19:33:53 | 000,028,032 | ---- | C] (Microsoft Corp., 3Dlabs Inc. Ltd.) -- C:\WINDOWS\System32\dllcache\perm3.sys

 

[2011/07/30 19:33:50 | 000,211,584 | ---- | C] (Microsoft Corp., 3Dlabs Inc. Ltd.) -- C:\WINDOWS\System32\dllcache\perm2dll.dll

 

[2011/07/30 19:33:48 | 000,027,904 | ---- | C] (Microsoft Corp., 3Dlabs Inc. Ltd.) -- C:\WINDOWS\System32\dllcache\perm2.sys

 

[2011/07/30 19:33:40 | 000,005,504 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\perc2hib.sys

 

[2011/07/30 19:33:32 | 000,027,296 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\perc2.sys

 

[2011/07/30 19:33:29 | 000,169,984 | ---- | C] (Cisco Systems) -- C:\WINDOWS\System32\dllcache\pcx500.sys

 

[2011/07/30 19:33:22 | 000,086,016 | ---- | C] (PCtel, Inc.) -- C:\WINDOWS\System32\dllcache\pctspk.exe

 

[2011/07/30 19:33:14 | 000,035,328 | ---- | C] (AMD Inc.) -- C:\WINDOWS\System32\dllcache\pcntpci5.sys

 

[2011/07/30 19:33:07 | 000,029,769 | ---- | C] (AMD Inc.) -- C:\WINDOWS\System32\dllcache\pcntn5m.sys

 

[2011/07/30 19:32:59 | 000,030,282 | ---- | C] (AMD Inc.) -- C:\WINDOWS\System32\dllcache\pcntn5hl.sys

 

[2011/07/30 19:32:50 | 000,026,153 | ---- | C] (Linksys) -- C:\WINDOWS\System32\dllcache\pcmlm56.sys

 

[2011/07/30 19:32:47 | 000,029,502 | ---- | C] (Marconi Communications, Inc.) -- C:\WINDOWS\System32\dllcache\pca200e.sys

 

[2011/07/30 19:32:39 | 000,030,495 | ---- | C] (Linksys) -- C:\WINDOWS\System32\dllcache\pc100nds.sys

 

[2011/07/30 19:32:29 | 000,041,984 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\ovui2rc.dll

 

[2011/07/30 19:32:20 | 000,044,544 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\ovui2.dll

 

[2011/07/30 19:32:12 | 000,025,216 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\ovsound2.sys

 

[2011/07/30 19:32:05 | 000,039,424 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\ovcoms.exe

 

[2011/07/30 19:31:57 | 000,020,480 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\ovcomc.dll

 

[2011/07/30 19:31:49 | 000,351,616 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\ovcodek2.sys

 

[2011/07/30 19:31:41 | 000,116,736 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\ovcodec2.dll

 

[2011/07/30 19:31:32 | 000,031,872 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\ovce.sys

 

[2011/07/30 19:31:25 | 000,028,032 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\ovcd.sys

 

[2011/07/30 19:31:17 | 000,048,000 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\ovcam2.sys

 

[2011/07/30 19:31:10 | 000,025,088 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\ovca.sys

 

[2011/07/30 19:31:02 | 000,054,186 | ---- | C] (Ositech Communications, Inc.) -- C:\WINDOWS\System32\dllcache\otcsercb.sys

 

[2011/07/30 19:30:54 | 000,043,689 | ---- | C] (Ositech Communications, Inc.) -- C:\WINDOWS\System32\dllcache\otceth5.sys

 

 

Link to comment
Share on other sites

That's a bit odd.

 

The OTL fix log can be found at C:\_OTL\MovedFiles It will have a file name consisting of numbers that reflect the date and time stamp the fix was ran. It will be something similar to c:\_OTL\MovedFiles\mmddyyyy_hhmmss.log. Please copy and paste the contents into your next reply.

 

Try running CF again. Give it about an hour or two to finish.

Edited by Conspire
Link to comment
Share on other sites

Hi there

 

Tried combofix again and left to run overnight to no avail. Heres the only log I can find in the C drive. Hope this helps?

 

Thanks again

 

========== OTL ==========

Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\\UserInit:C:\Program Files\LeechLLC:mstorr.exe deleted successfully.

File C:\Program Files\LeechLLC not found.

Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\efcccda\ not found.

Registry value HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\Authentication Packages:C:\WINDOWS\system32\jkkji.dll deleted successfully.

========== COMMANDS ==========

Restore point Set: OTL Restore Point (0)

 

OTL by OldTimer - Version 3.2.26.1 log created on 08072011_175940

Link to comment
Share on other sites

Seems like you've been removing a lot of programs.

 

Here's what I want you to do now, we will get MBAM to iron out any entries which I may not be able to see from the log and then get a fresh OTL log again for a re-evaluation.

 

Malwarebytes' Anti-Malware

Download Malwarebytes' Anti-Malware here and save to your desktop.

  • Double-click mbam-setup.exe and follow the prompts to install the program. (Note to Vista users, please right-click and select Run as Administrator.)
  • At the end, be sure a checkmark is placed next to:
    • Update Malwarebytes' Anti-Malware
    • Launch Malwarebytes' Anti-Malware
  • Then click Finish.
  • If an update is found, it will download and install the latest version.
  • Once the program has loaded, select Perform quick scan, then click Scan.
  • When the scan is complete, click OK, then Show Results to view the results.
  • Be sure that everything is checked, and click Remove Selected.
  • When completed, a log will open in Notepad. Please copy and paste the log back into your next reply
Note:
  • The log can also be found here:

    C:\Documents and Settings\Username\Application Data\Malwarebytes\Malwarebytes' Anti-Malware\Logs\mbam-log-date (time).txt

  • Or via the Logs tab when Malwarebytes' Anti-Malware is started.
Note: If MBAM encounters a file that is difficult to remove, you will be presented with 1 of 2 prompts.

Click OK to either and let MBAM proceed with the disinfection process.

If asked to restart the computer, please do so. Failure to reboot will prevent MBAM from removing all the malware.

 

===================================================

 

Please get a new OTL scan log. Please set OTL up this way for the scan.

 

  • Double click on OTL.exe to run it. Make sure all other windows are closed and to let it run uninterrupted.
  • When the window appears, underneath Output at the top change it to Minimal Output
  • UNCheck the boxes beside LOP Check and Purity Check.
  • Click the Run Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long.
===================================================

 

On your next reply please post :

MBAM log

Fresh OTL log

 

Let me know if you have any problems in performing with the steps above or any questions you may have.

 

Good Day!

Link to comment
Share on other sites

Hi Conspire,

 

Please find the logs below;

 

Many thanks

 

OTL logfile created on: 9/08/2011 4:24:09 p.m. - Run 3

OTL by OldTimer - Version 3.2.26.1 Folder = C:\Documents and Settings\CAROLYN\Desktop

Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation

Internet Explorer (Version = 7.0.5730.13)

Locale: 00001409 | Country: New Zealand | Language: ENZ | Date Format: d/MM/yyyy

 

1.22 Gb Total Physical Memory | 0.77 Gb Available Physical Memory | 63.57% Memory free

1.41 Gb Paging File | 1.16 Gb Available in Paging File | 82.14% Paging File free

Paging file location(s): C:\pagefile.sys 336 672 [binary data]

 

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files

Drive C: | 37.05 Gb Total Space | 9.86 Gb Free Space | 26.62% Space Free | Partition Type: NTFS

 

Computer Name: DKC | User Name: CAROLYN | Logged in as Administrator.

Boot Mode: Normal | Scan Mode: Current user

Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

 

========== Processes (SafeList) ==========

 

PRC - C:\Documents and Settings\CAROLYN\Desktop\OTL.exe (OldTimer Tools)

PRC - C:\Program Files\Real\RealPlayer\Update\realsched.exe (RealNetworks, Inc.)

PRC - C:\Program Files\OpenOffice.org 3\program\soffice.exe (OpenOffice.org)

PRC - C:\Program Files\OpenOffice.org 3\program\soffice.bin (OpenOffice.org)

PRC - C:\Program Files\PIXELA\MediaBrowser LE\MBCameraMonitor.exe (PIXELA CORPORATION)

PRC - C:\WINDOWS\explorer.exe (Microsoft Corporation)

PRC - C:\Program Files\PowerISO\PWRISOVM.EXE (PowerISO Computing, Inc.)

PRC - C:\WINDOWS\system32\spool\drivers\w32x86\3\fppdis2a.exe (FinePrint Software, LLC)

PRC - C:\Program Files\Synaptics\SynTP\SynTPLpr.exe (Synaptics, Inc.)

 

 

========== Modules (SafeList) ==========

 

MOD - C:\Documents and Settings\CAROLYN\Desktop\OTL.exe (OldTimer Tools)

MOD - C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.6028_x-ww_61e65202\comctl32.dll (Microsoft Corporation)

MOD - C:\WINDOWS\system32\SynTPFcs.dll (Synaptics, Inc.)

 

 

========== Win32 Services (SafeList) ==========

 

SRV - (wuauserv) -- File not found

SRV - (McTskshd.exe) -- File not found

SRV - (McDetect.exe) -- File not found

SRV - (gupdatem) Google Update Service (gupdatem) -- File not found

SRV - (gupdate) Google Update Service (gupdate) -- File not found

SRV - (bmwebcfg) -- File not found

SRV - (AppMgmt) -- File not found

SRV - (FLEXnet Licensing Service) -- C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe (Macrovision Europe Ltd.)

SRV - (ServiceLayer) -- C:\Program Files\PC Connectivity Solution\ServiceLayer.exe (Nokia.)

 

 

========== Driver Services (SafeList) ==========

 

DRV - (MBAMSwissArmy) -- C:\WINDOWS\system32\drivers\mbamswissarmy.sys (Malwarebytes Corporation)

DRV - (mf) -- C:\WINDOWS\system32\drivers\mf.sys (Microsoft Corporation)

DRV - (SCDEmu) -- C:\WINDOWS\System32\drivers\scdemu.sys (PowerISO Computing, Inc.)

DRV - (s3017unic) Sony Ericsson Device 3017 USB Ethernet Emulation SEMC3017 (WDM) -- C:\WINDOWS\system32\drivers\s3017unic.sys (MCCI Corporation)

DRV - (s3017obex) -- C:\WINDOWS\system32\drivers\s3017obex.sys (MCCI Corporation)

DRV - (s3017mgmt) Sony Ericsson Device 3017 USB WMC Device Management Drivers (WDM) -- C:\WINDOWS\system32\drivers\s3017mgmt.sys (MCCI Corporation)

DRV - (s3017nd5) Sony Ericsson Device 3017 USB Ethernet Emulation SEMC3017 (NDIS) -- C:\WINDOWS\system32\drivers\s3017nd5.sys (MCCI Corporation)

DRV - (s3017mdm) -- C:\WINDOWS\system32\drivers\s3017mdm.sys (MCCI Corporation)

DRV - (s3017mdfl) -- C:\WINDOWS\system32\drivers\s3017mdfl.sys (MCCI Corporation)

DRV - (s3017bus) Sony Ericsson Device 3017 driver (WDM) -- C:\WINDOWS\system32\drivers\s3017bus.sys (MCCI Corporation)

DRV - (hwdatacard) -- C:\WINDOWS\system32\drivers\ewusbmdm.sys (Huawei Technologies Co., Ltd.)

DRV - (CAMCHALA) -- C:\WINDOWS\system32\drivers\camchal.sys (Conexant Systems Inc.)

DRV - (CAMCAUD) -- C:\WINDOWS\system32\drivers\camcaud.sys (Conexant Systems Inc.)

DRV - (w29n51) Intel® -- C:\WINDOWS\system32\drivers\w29n51.sys (Intel® Corporation)

DRV - (BTWUSB) -- C:\WINDOWS\system32\drivers\btwusb.sys (WIDCOMM, Inc.)

DRV - (RTL8023xp) -- C:\WINDOWS\system32\drivers\Rtlnicxp.sys (Realtek Semiconductor Corporation )

DRV - (eabfiltr) -- C:\WINDOWS\system32\drivers\eabfiltr.sys (Hewlett-Packard Company)

DRV - (HSFHWICH) -- C:\WINDOWS\system32\drivers\HSFHWICH.sys (Conexant Systems, Inc.)

DRV - (winachsf) -- C:\WINDOWS\system32\drivers\HSF_CNXT.sys (Conexant Systems, Inc.)

DRV - (HSF_DP) -- C:\WINDOWS\system32\drivers\HSF_DP.sys (Conexant Systems, Inc.)

DRV - (SMCIRDA) -- C:\WINDOWS\system32\drivers\smcirda.sys (SMC)

 

 

========== Standard Registry (SafeList) ==========

 

 

========== Internet Explorer ==========

 

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm

 

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iesearch&locale=EN_AU&c=Q105&bd=pavilion&pf=laptop

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com/

IE - HKCU\..\URLSearchHook: {A3BC75A2-1F87-4686-AA43-5347D756017C} - Reg Error: Key error. File not found

IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

 

========== FireFox ==========

 

FF - prefs.js..browser.search.defaultenginename: "Yahoo! Search"

FF - prefs.js..browser.search.selectedEngine: "Google"

FF - prefs.js..browser.search.useDBForOrder: true

FF - prefs.js..browser.startup.homepage: "http://www.google.co.uk/"

FF - prefs.js..extensions.enabledItems: avg@igeared:3.011.025.005

FF - prefs.js..extensions.enabledItems: en-GB@dictionaries.addons.mozilla.org:1.19

FF - prefs.js..extensions.enabledItems: {9ee802e8-c931-47ab-b570-aa8f791598ca}:1.5.46.0

FF - prefs.js..extensions.enabledItems: {B13721C7-F507-4982-B2E5-502A71474FED}:2.2.0.102

FF - prefs.js..extensions.enabledItems: {AE93811A-5C9A-4d34-8462-F7B864FC4696}:3.64

FF - prefs.js..keyword.URL: "http://uk.yhs.search.yahoo.com/avg/search?fr=yhs-avg&type=yahoo_avg_hs2-tb-web_uk&p="

 

FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\WINDOWS\system32\Macromed\Flash\NPSWF32.dll ()

FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found

FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()

FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)

FF - HKLM\Software\MozillaPlugins\@real.com/nppl3260;version=12.0.1.633: C:\Program Files\Real\RealPlayer\Netscape6\nppl3260.dll (RealNetworks, Inc.)

FF - HKLM\Software\MozillaPlugins\@real.com/nprjplug;version=12.0.1.633: C:\Program Files\Real\RealPlayer\Netscape6\nprjplug.dll (RealNetworks, Inc.)

FF - HKLM\Software\MozillaPlugins\@real.com/nprphtml5videoshim;version=12.0.1.633: C:\Documents and Settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprphtml5videoshim.dll (RealNetworks, Inc.)

FF - HKLM\Software\MozillaPlugins\@real.com/nprpjplug;version=12.0.1.633: C:\Program Files\Real\RealPlayer\Netscape6\nprpjplug.dll (RealNetworks, Inc.)

FF - HKLM\Software\MozillaPlugins\@real.com/nsJSRealPlayerPlugin;version=: File not found

FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.57\npGoogleUpdate3.dll File not found

FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.57\npGoogleUpdate3.dll File not found

FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 9.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)

FF - HKCU\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\WINDOWS\system32\Macromed\Flash\NPSWF32.dll ()

FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Documents and Settings\CAROLYN\Local Settings\Application Data\Google\Update\1.3.21.57\npGoogleUpdate3.dll File not found

FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Documents and Settings\CAROLYN\Local Settings\Application Data\Google\Update\1.3.21.57\npGoogleUpdate3.dll File not found

 

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{ABDE892B-13A8-4d1b-88E6-365A6E755758}: C:\Documents and Settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\Firefox\Ext [2011/03/20 20:56:51 | 000,000,000 | ---D | M]

 

[2008/09/14 16:45:54 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\CAROLYN\Application Data\Mozilla\Extensions

[2010/09/08 11:37:44 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\CAROLYN\Application Data\Mozilla\Firefox\Profiles\vyech33j.default\extensions

[2008/10/16 18:53:35 | 000,000,000 | ---D | M] (eMusic Toolbar) -- C:\Documents and Settings\CAROLYN\Application Data\Mozilla\Firefox\Profiles\vyech33j.default\extensions\{9ee802e8-c931-47ab-b570-aa8f791598ca}

[2010/06/22 21:06:59 | 000,000,000 | ---D | M] ("StumbleUpon") -- C:\Documents and Settings\CAROLYN\Application Data\Mozilla\Firefox\Profiles\vyech33j.default\extensions\{AE93811A-5C9A-4d34-8462-F7B864FC4696}

[2008/06/18 11:26:47 | 000,000,000 | ---D | M] (British English Dictionary) -- C:\Documents and Settings\CAROLYN\Application Data\Mozilla\Firefox\Profiles\vyech33j.default\extensions\en-GB@dictionaries.addons.mozilla.org

[2008/06/03 20:20:28 | 000,000,000 | ---D | M] (ALOT eMusic Toolbar) -- C:\Documents and Settings\CAROLYN\Application Data\Mozilla\Firefox\Profiles\vyech33j.default\extensions\toolbar@alot.com

[2008/06/18 11:26:50 | 000,002,027 | ---- | M] () -- C:\Documents and Settings\CAROLYN\Application Data\Mozilla\Firefox\Profiles\vyech33j.default\searchplugins\alotcom.xml

[2010/11/08 00:39:42 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions

File not found (No name found) -- C:\PROGRAM FILES\AVG\AVG8\TOOLBAR\FIREFOX\AVG@IGEARED

[2009/06/22 10:48:16 | 000,115,552 | ---- | M] (Keynote Systems) -- C:\Program Files\mozilla firefox\components\FFConnectorLauncher.dll

[2009/06/22 10:48:18 | 000,239,968 | ---- | M] (Keynote Systems) -- C:\Program Files\mozilla firefox\components\FFSource.dll

 

O1 HOSTS File: ([2009/08/15 21:43:12 | 000,000,727 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts

O1 - Hosts: 127.0.0.1 localhost

O2 - BHO: (HP Print Enhancer) - {0347C33E-8762-4905-BF09-768834316C61} - C:\Program Files\HP\Smart Web Printing\hpswp_printenhancer.dll (Hewlett-Packard Co.)

O2 - BHO: (HP Print Clips) - {053F9267-DC04-4294-A72C-58F732D338C0} - C:\Program Files\HP\Smart Web Printing\hpswp_framework.dll (Hewlett-Packard Co.)

O2 - BHO: (RealPlayer Download and Record Plugin for Internet Explorer) - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Documents and Settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\IE\rpbrowserrecordplugin.dll (RealPlayer)

O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - No CLSID value found.

O2 - BHO: (Java Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - File not found

O3 - HKLM\..\Toolbar: (no name) - {BA52B914-B692-46c4-B683-905236F6F655} - No CLSID value found.

O3 - HKLM\..\Toolbar: (no name) - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - No CLSID value found.

O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - No CLSID value found.

O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {A057A204-BACC-4D26-9990-79A187E2698E} - No CLSID value found.

O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - No CLSID value found.

O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {D4027C7F-154A-4066-A1AD-4243D8127440} - No CLSID value found.

O4 - HKLM..\Run: [Cpqset] C:\Program Files\HPQ\Default Settings\Cpqset.exe ()

O4 - HKLM..\Run: [iMEKRMIG6.1] C:\WINDOWS\ime\imkr6_1\imekrmig.exe (Microsoft Corporation)

O4 - HKLM..\Run: [iMJPMIG8.1] C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE (Microsoft Corporation)

O4 - HKLM..\Run: [MSPY2002] C:\WINDOWS\System32\IME\PINTLGNT\ImScInst.exe ()

O4 - HKLM..\Run: [NielsenOnline] File not found

O4 - HKLM..\Run: [nvcpl] File not found

O4 - HKLM..\Run: [pdfFactory Dispatcher v2] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\fppdis2a.exe (FinePrint Software, LLC)

O4 - HKLM..\Run: [PHIME2002A] C:\WINDOWS\System32\IME\TINTLGNT\TINTSETP.EXE (Microsoft Corporation)

O4 - HKLM..\Run: [PHIME2002ASync] C:\WINDOWS\System32\IME\TINTLGNT\TINTSETP.EXE (Microsoft Corporation)

O4 - HKLM..\Run: [PWRISOVM.EXE] C:\Program Files\PowerISO\PWRISOVM.EXE (PowerISO Computing, Inc.)

O4 - HKLM..\Run: [synTPLpr] C:\Program Files\Synaptics\SynTP\SynTPLpr.exe (Synaptics, Inc.)

O4 - HKLM..\Run: [TkBellExe] C:\Program Files\Real\RealPlayer\update\realsched.exe (RealNetworks, Inc.)

O4 - HKCU..\Run: [Google Update] File not found

O4 - HKCU..\Run: [wefi] File not found

O4 - HKLM..\RunOnce: [AvgUninstallURL] C:\WINDOWS\System32\cmd.exe (Microsoft Corporation)

O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Device Monitor LE.lnk = C:\Program Files\PIXELA\MediaBrowser LE\MBCameraMonitor.exe (PIXELA CORPORATION)

O4 - Startup: C:\Documents and Settings\CAROLYN\Start Menu\Programs\Startup\OpenOffice.org 3.3.lnk = C:\Program Files\OpenOffice.org 3\program\quickstart.exe ()

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323

O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323

O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863

O9 - Extra Button: HP Clipbook - {58ECB495-38F0-49cb-A538-10282ABF65E7} - C:\Program Files\HP\Smart Web Printing\hpswp_extensions.dll (Hewlett-Packard Co.)

O9 - Extra Button: HP Smart Select - {700259D7-1666-479a-93B1-3250410481E8} - C:\Program Files\HP\Smart Web Printing\hpswp_extensions.dll (Hewlett-Packard Co.)

O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\WINDOWS\system32\LSPTQE.DLL ()

O10 - NameSpace_Catalog5\Catalog_Entries\000000000005 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)

O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} http://fpdownload.macromedia.com/get/flashplayer/current/ultrashim.cab (Reg Error: Key error.)

O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object)

O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.)

O16 - DPF: {EF791A6B-FC12-4C68-99EF-FB9E207A39E6} http://download.mcafee.com/molbin/iss-loc/mcfscan/2,2,0,5257/mcfscan.cab (McFreeScan Class)

O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1

O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)

O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)

O20 - Winlogon\Notify\igfxcui: DllName - igfxsrvc.dll - C:\WINDOWS\System32\igfxsrvc.dll (Intel Corporation)

O24 - Desktop WallPaper: C:\Documents and Settings\CAROLYN\Local Settings\Application Data\Microsoft\Wallpaper1.bmp

O24 - Desktop BackupWallPaper: C:\Documents and Settings\CAROLYN\Local Settings\Application Data\Microsoft\Wallpaper1.bmp

O32 - HKLM CDRom: AutoRun - 1

O33 - MountPoints2\{7a24dedc-14ed-11e0-904c-0012f042f73f}\Shell\AutoRun\command - "" = H:\install.exe

O33 - MountPoints2\{8908303c-ba50-11dc-8bec-00c09f8c54a5}\Shell - "" = AutoRun

O33 - MountPoints2\{8908303c-ba50-11dc-8bec-00c09f8c54a5}\Shell\AutoRun - "" = Auto&Play

O33 - MountPoints2\{8908303c-ba50-11dc-8bec-00c09f8c54a5}\Shell\AutoRun\command - "" = E:\AutoRun.exe

O33 - MountPoints2\{8908303d-ba50-11dc-8bec-00c09f8c54a5}\Shell - "" = AutoRun

O33 - MountPoints2\{8908303d-ba50-11dc-8bec-00c09f8c54a5}\Shell\AutoRun - "" = Auto&Play

O33 - MountPoints2\{8908303d-ba50-11dc-8bec-00c09f8c54a5}\Shell\AutoRun\command - "" = F:\AutoRun.exe

O33 - MountPoints2\{f2969b04-ba3d-11dc-8be7-00c09f8c54a5}\Shell - "" = AutoRun

O33 - MountPoints2\{f2969b04-ba3d-11dc-8be7-00c09f8c54a5}\Shell\AutoRun - "" = Auto&Play

O33 - MountPoints2\{f2969b04-ba3d-11dc-8be7-00c09f8c54a5}\Shell\AutoRun\command - "" = F:\AutoRun.exe

O34 - HKLM BootExecute: (autocheck autochk *) - File not found

O35 - HKLM\..comfile [open] -- "%1" %*

O35 - HKLM\..exefile [open] -- "%1" %*

O37 - HKLM\...com [@ = comfile] -- "%1" %*

O37 - HKLM\...exe [@ = exefile] -- "%1" %*

 

========== Files/Folders - Created Within 30 Days ==========

 

[2011/08/09 15:52:42 | 000,000,000 | ---D | C] -- C:\Documents and Settings\CAROLYN\Application Data\Malwarebytes

[2011/08/09 15:52:31 | 000,041,272 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys

[2011/08/09 15:52:31 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Malwarebytes' Anti-Malware

[2011/08/09 15:52:30 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Malwarebytes

[2011/08/09 15:52:27 | 000,022,712 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys

[2011/08/09 15:52:26 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware

[2011/08/09 15:50:52 | 009,466,208 | ---- | C] (Malwarebytes Corporation ) -- C:\Documents and Settings\CAROLYN\Desktop\mbam-setup-1.51.1.1800.exe

[2011/08/08 11:43:28 | 000,000,000 | --SD | C] -- C:\ComboFix

[2011/08/07 17:47:17 | 000,000,000 | ---D | C] -- C:\_OTL

[2011/08/05 19:51:13 | 004,165,468 | R--- | C] (Swearware) -- C:\Documents and Settings\CAROLYN\Desktop\ComboFix1.exe

[2011/08/05 16:48:17 | 000,000,000 | RHSD | C] -- C:\cmdcons

[2011/08/05 16:41:03 | 000,518,144 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWREG.exe

[2011/08/05 16:41:03 | 000,406,528 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWSC.exe

[2011/08/05 16:41:03 | 000,212,480 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWXCACLS.exe

[2011/08/05 16:41:03 | 000,060,416 | ---- | C] (NirSoft) -- C:\WINDOWS\NIRCMD.exe

[2011/08/05 16:40:53 | 000,000,000 | ---D | C] -- C:\WINDOWS\ERDNT

[2011/08/05 16:40:47 | 000,000,000 | ---D | C] -- C:\Qoobox

[2011/08/05 16:37:10 | 004,165,965 | R--- | C] (Swearware) -- C:\Documents and Settings\CAROLYN\Desktop\ComboFix.exe

[2011/08/05 12:08:53 | 000,579,584 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\CAROLYN\Desktop\OTL.exe

[2011/08/04 17:46:27 | 000,607,017 | R--- | C] (Swearware) -- C:\Documents and Settings\CAROLYN\Desktop\dds.com

[2011/07/31 10:59:35 | 000,222,080 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\MpSigStub.exe

[2011/07/30 20:04:27 | 000,116,224 | ---- | C] (Xerox) -- C:\WINDOWS\System32\dllcache\xrxwiadr.dll

[2011/07/30 20:04:18 | 000,023,040 | ---- | C] (Xerox Corporation) -- C:\WINDOWS\System32\dllcache\xrxwbtmp.dll

[2011/07/30 20:03:56 | 000,004,608 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\xrxflnch.exe

[2011/07/30 20:03:41 | 000,099,865 | ---- | C] (Eicon Technology) -- C:\WINDOWS\System32\dllcache\xlog.exe

[2011/07/30 20:03:30 | 000,016,970 | ---- | C] (US Robotics MCD (Megahertz)) -- C:\WINDOWS\System32\dllcache\xem336n5.sys

[2011/07/30 20:03:25 | 000,019,455 | ---- | C] (Intel® Corporation) -- C:\WINDOWS\System32\dllcache\wvchntxx.sys

[2011/07/30 20:03:15 | 000,019,200 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\wstcodec.sys

[2011/07/30 20:03:12 | 000,012,063 | ---- | C] (Intel® Corporation) -- C:\WINDOWS\System32\dllcache\wsiintxx.sys

[2011/07/30 20:01:12 | 000,154,624 | ---- | C] (Lucent Technologies) -- C:\WINDOWS\System32\dllcache\wlluc48.sys

[2011/07/30 20:01:01 | 000,034,890 | ---- | C] (Raytheon Corp.) -- C:\WINDOWS\System32\dllcache\wlandrv2.sys

[2011/07/30 20:00:41 | 000,771,581 | ---- | C] (Rockwell) -- C:\WINDOWS\System32\dllcache\winacisa.sys

[2011/07/30 20:00:22 | 000,053,760 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\wiamsmud.dll

[2011/07/30 20:00:13 | 000,087,040 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\wiafbdrv.dll

[2011/07/30 20:00:11 | 000,031,232 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\weitekp9.sys

[2011/07/30 20:00:10 | 000,041,600 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\weitekp9.dll

[2011/07/30 20:00:00 | 000,701,386 | ---- | C] (3Com Corporation) -- C:\WINDOWS\System32\dllcache\wdhaalba.sys

[2011/07/30 19:59:57 | 000,023,615 | ---- | C] (Intel® Corporation) -- C:\WINDOWS\System32\dllcache\wch7xxnt.sys

[2011/07/30 19:59:54 | 000,031,744 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\wceusbsh.sys

[2011/07/30 19:59:45 | 000,035,871 | ---- | C] (Winbond Electronics Corp.) -- C:\WINDOWS\System32\dllcache\wbfirdma.sys

[2011/07/30 19:59:35 | 000,033,599 | ---- | C] (Intel® Corporation) -- C:\WINDOWS\System32\dllcache\watv04nt.sys

[2011/07/30 19:59:32 | 000,019,551 | ---- | C] (Intel® Corporation) -- C:\WINDOWS\System32\dllcache\watv02nt.sys

[2011/07/30 19:59:29 | 000,029,311 | ---- | C] (Intel® Corporation) -- C:\WINDOWS\System32\dllcache\watv01nt.sys

[2011/07/30 19:59:25 | 000,011,775 | ---- | C] (Intel® Corporation) -- C:\WINDOWS\System32\dllcache\wadv05nt.sys

[2011/07/30 19:59:23 | 000,012,127 | ---- | C] (Intel® Corporation) -- C:\WINDOWS\System32\dllcache\wadv02nt.sys

[2011/07/30 19:59:20 | 000,012,415 | ---- | C] (Intel® Corporation) -- C:\WINDOWS\System32\dllcache\wadv01nt.sys

[2011/07/30 19:59:09 | 000,016,925 | ---- | C] (Winbond Electronics Corporation) -- C:\WINDOWS\System32\dllcache\w940nd.sys

[2011/07/30 19:59:00 | 000,019,016 | ---- | C] (Winbond Electronics Corporation) -- C:\WINDOWS\System32\dllcache\w926nd.sys

[2011/07/30 19:58:51 | 000,019,528 | ---- | C] (Winbond Electronics Corporation) -- C:\WINDOWS\System32\dllcache\w840nd.sys

[2011/07/30 19:58:50 | 000,048,256 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\w32.dll

[2011/07/30 19:58:41 | 000,064,605 | ---- | C] (PCtel, Inc.) -- C:\WINDOWS\System32\dllcache\vvoice.sys

[2011/07/30 19:58:29 | 000,397,502 | ---- | C] (PCtel, Inc.) -- C:\WINDOWS\System32\dllcache\vpctcom.sys

[2011/07/30 19:58:20 | 000,604,253 | ---- | C] (PCTEL, INC.) -- C:\WINDOWS\System32\dllcache\vmodem.sys

[2011/07/30 19:58:10 | 000,249,402 | ---- | C] (Xircom) -- C:\WINDOWS\System32\dllcache\vinwm.sys

[2011/07/30 19:58:01 | 000,024,576 | ---- | C] (VIA Technologies, Inc.) -- C:\WINDOWS\System32\dllcache\viairda.sys

[2011/07/30 19:57:54 | 000,053,760 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\vfwwdm32.dll

[2011/07/30 19:57:43 | 000,687,999 | ---- | C] (U.S. Robotics Corporation) -- C:\WINDOWS\System32\dllcache\usrwdxjs.sys

[2011/07/30 19:57:33 | 000,765,884 | ---- | C] (U.S. Robotics, Inc.) -- C:\WINDOWS\System32\dllcache\usrti.sys

[2011/07/30 19:57:23 | 000,113,762 | ---- | C] (U.S. Robotics Corporation) -- C:\WINDOWS\System32\dllcache\usrpda.sys

[2011/07/30 19:57:14 | 000,007,556 | ---- | C] (U.S. Robotics Corporation) -- C:\WINDOWS\System32\dllcache\usroslba.sys

[2011/07/30 19:57:02 | 000,224,802 | ---- | C] (U.S. Robotics Corporation) -- C:\WINDOWS\System32\dllcache\usr1807a.sys

[2011/07/30 19:56:53 | 000,794,399 | ---- | C] (U.S. Robotics, Inc.) -- C:\WINDOWS\System32\dllcache\usr1806v.sys

[2011/07/30 19:56:44 | 000,793,598 | ---- | C] (U.S. Robotics, Inc.) -- C:\WINDOWS\System32\dllcache\usr1806.sys

[2011/07/30 19:56:35 | 000,794,654 | ---- | C] (U.S. Robotics, Inc.) -- C:\WINDOWS\System32\dllcache\usr1801.sys

[2011/07/30 19:56:30 | 000,026,112 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\usbser.sys

[2011/07/30 19:56:27 | 000,017,152 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\usbohci.sys

[2011/07/30 19:56:23 | 000,060,032 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\usbaudio.sys

[2011/07/30 19:56:19 | 000,032,384 | ---- | C] (KLSI USA, Inc.) -- C:\WINDOWS\System32\dllcache\usb101et.sys

[2011/07/30 19:56:06 | 000,094,720 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\umaxud32.dll

[2011/07/30 19:55:57 | 000,028,160 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\umaxu40.dll

[2011/07/30 19:55:48 | 000,026,624 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\umaxu22.dll

[2011/07/30 19:55:39 | 000,069,632 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\umaxu12.dll

[2011/07/30 19:55:30 | 000,050,688 | ---- | C] (UMAX DATA SYSTEMS INC.) -- C:\WINDOWS\System32\dllcache\umaxscan.dll

[2011/07/30 19:55:21 | 000,022,912 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\umaxpcls.sys

[2011/07/30 19:55:12 | 000,050,176 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\umaxp60.dll

[2011/07/30 19:55:03 | 000,047,616 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\umaxcam.dll

[2011/07/30 19:54:54 | 000,211,968 | ---- | C] (UMAX Data Systems Inc.) -- C:\WINDOWS\System32\dllcache\um54scan.dll

[2011/07/30 19:54:45 | 000,216,064 | ---- | C] (UMAX Data Systems Inc.) -- C:\WINDOWS\System32\dllcache\um34scan.dll

[2011/07/30 19:54:36 | 000,036,736 | ---- | C] (Promise Technology, Inc.) -- C:\WINDOWS\System32\dllcache\ultra.sys

[2011/07/30 19:54:25 | 000,011,520 | ---- | C] (IBM Corporation) -- C:\WINDOWS\System32\dllcache\twotrack.sys

[2011/07/30 19:54:23 | 000,014,336 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\tsprof.exe

[2011/07/30 19:54:12 | 000,166,784 | ---- | C] (Trident Microsystems Inc.) -- C:\WINDOWS\System32\dllcache\tridxpm.sys

[2011/07/30 19:54:03 | 000,525,568 | ---- | C] (Trident Microsystems Inc.) -- C:\WINDOWS\System32\dllcache\tridxp.dll

[2011/07/30 19:53:54 | 000,159,232 | ---- | C] (Trident Microsystems Inc.) -- C:\WINDOWS\System32\dllcache\tridkbm.sys

[2011/07/30 19:53:45 | 000,440,576 | ---- | C] (Trident Microsystems Inc.) -- C:\WINDOWS\System32\dllcache\tridkb.dll

[2011/07/30 19:53:36 | 000,222,336 | ---- | C] (Trident Microsystems Inc.) -- C:\WINDOWS\System32\dllcache\trid3dm.sys

[2011/07/30 19:53:27 | 000,315,520 | ---- | C] (Trident Microsystems Inc.) -- C:\WINDOWS\System32\dllcache\trid3d.dll

[2011/07/30 19:53:17 | 000,034,375 | ---- | C] (Intel Corporation) -- C:\WINDOWS\System32\dllcache\tpro4.sys

[2011/07/30 19:53:08 | 000,042,496 | ---- | C] (IBM Corporation) -- C:\WINDOWS\System32\dllcache\tp4res.dll

[2011/07/30 19:53:06 | 000,082,944 | ---- | C] (IBM Corporation) -- C:\WINDOWS\System32\dllcache\tp4mon.exe

[2011/07/30 19:52:56 | 000,031,744 | ---- | C] (IBM Corporation) -- C:\WINDOWS\System32\dllcache\tp4.dll

[2011/07/30 19:52:46 | 000,004,992 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\toside.sys

[2011/07/30 19:52:37 | 000,230,912 | ---- | C] (Toshiba Corporation) -- C:\WINDOWS\System32\dllcache\tosdvd03.sys

[2011/07/30 19:52:28 | 000,241,664 | ---- | C] (Toshiba Corporation) -- C:\WINDOWS\System32\dllcache\tosdvd02.sys

[2011/07/30 19:52:19 | 000,028,232 | ---- | C] (TOSHIBA Corporation) -- C:\WINDOWS\System32\dllcache\tos4mo.sys

[2011/07/30 19:52:10 | 000,123,995 | ---- | C] (Tiger Jet Network) -- C:\WINDOWS\System32\dllcache\tjisdn.sys

[2011/07/30 19:51:59 | 000,138,528 | ---- | C] (Trident Microsystems Inc.) -- C:\WINDOWS\System32\dllcache\tgiulnt5.sys

[2011/07/30 19:51:50 | 000,081,408 | ---- | C] (Trident Microsystems Inc.) -- C:\WINDOWS\System32\dllcache\tgiul50.dll

[2011/07/30 19:51:48 | 000,149,376 | ---- | C] (M-Systems) -- C:\WINDOWS\System32\dllcache\tffsport.sys

[2011/07/30 19:51:46 | 000,019,464 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\tdspx.sys

[2011/07/30 19:51:37 | 000,017,129 | ---- | C] (TDK Corporation) -- C:\WINDOWS\System32\dllcache\tdkcd31.sys

[2011/07/30 19:51:29 | 000,037,961 | ---- | C] (TDK Corporation) -- C:\WINDOWS\System32\dllcache\tdk100b.sys

[2011/07/30 19:51:28 | 000,021,896 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\tdipx.sys

[2011/07/30 19:51:27 | 000,013,192 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\tdasync.sys

[2011/07/30 19:51:17 | 000,030,464 | ---- | C] (Toshiba Corporation) -- C:\WINDOWS\System32\dllcache\tbatm155.sys

[2011/07/30 19:51:07 | 000,007,040 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\tandqic.sys

[2011/07/30 19:50:58 | 000,036,640 | ---- | C] (Number Nine Visual Technology Corp.) -- C:\WINDOWS\System32\dllcache\t2r4mini.sys

[2011/07/30 19:50:49 | 000,172,768 | ---- | C] (Number Nine Visual Technology) -- C:\WINDOWS\System32\dllcache\t2r4disp.dll

[2011/07/30 19:50:36 | 000,032,640 | ---- | C] (LSI Logic) -- C:\WINDOWS\System32\dllcache\symc8xx.sys

[2011/07/30 19:50:28 | 000,016,256 | ---- | C] (Symbios Logic Inc.) -- C:\WINDOWS\System32\dllcache\symc810.sys

[2011/07/30 19:50:20 | 000,030,688 | ---- | C] (LSI Logic) -- C:\WINDOWS\System32\dllcache\sym_u3.sys

[2011/07/30 19:50:11 | 000,028,384 | ---- | C] (LSI Logic) -- C:\WINDOWS\System32\dllcache\sym_hi.sys

[2011/07/30 19:50:03 | 000,094,293 | ---- | C] (Perle Systems Ltd. ) -- C:\WINDOWS\System32\dllcache\sxports.dll

[2011/07/30 19:49:55 | 000,103,936 | ---- | C] (Perle Systems Ltd. ) -- C:\WINDOWS\System32\dllcache\sx.sys

[2011/07/30 19:49:47 | 000,003,968 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\swusbflt.sys

[2011/07/30 19:49:39 | 000,010,240 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\swpidflt.dll

[2011/07/30 19:49:31 | 000,010,240 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\swpdflt2.dll

[2011/07/30 19:49:22 | 000,053,760 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\sw_wheel.dll

[2011/07/30 19:49:14 | 000,041,472 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\sw_effct.dll

[2011/07/30 19:49:11 | 000,015,232 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\streamip.sys

[2011/07/30 19:49:02 | 000,155,648 | ---- | C] (Stallion Technologies) -- C:\WINDOWS\System32\dllcache\stlnprop.dll

[2011/07/30 19:48:54 | 000,053,248 | ---- | C] (Stallion Technologies) -- C:\WINDOWS\System32\dllcache\stlncoin.dll

[2011/07/30 19:48:46 | 000,285,760 | ---- | C] (Stallion Technologies) -- C:\WINDOWS\System32\dllcache\stlnata.sys

[2011/07/30 19:48:37 | 000,016,896 | ---- | C] (SCM Microsystems, Inc.) -- C:\WINDOWS\System32\dllcache\stcusb.sys

[2011/07/30 19:48:24 | 000,048,736 | ---- | C] (3Com) -- C:\WINDOWS\System32\dllcache\srwlnd5.sys

[2011/07/30 19:48:15 | 000,099,328 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\srusd.dll

[2011/07/30 19:48:14 | 000,101,376 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\srusbusd.dll

[2011/07/30 19:48:01 | 000,024,660 | ---- | C] (Perle Systems Ltd.) -- C:\WINDOWS\System32\dllcache\spxupchk.dll

[2011/07/30 19:47:50 | 000,061,824 | ---- | C] (Perle Systems Ltd.) -- C:\WINDOWS\System32\dllcache\speed.sys

[2011/07/30 19:47:42 | 000,106,584 | ---- | C] (Perle Systems Ltd.) -- C:\WINDOWS\System32\dllcache\spdports.dll

[2011/07/30 19:47:34 | 000,019,072 | ---- | C] (Adaptec, Inc.) -- C:\WINDOWS\System32\dllcache\sparrow.sys

[2011/07/30 19:47:24 | 000,007,552 | ---- | C] (Sony Corporation) -- C:\WINDOWS\System32\dllcache\sonypvu1.sys

[2011/07/30 19:47:16 | 000,037,040 | ---- | C] (Sony Corporation) -- C:\WINDOWS\System32\dllcache\sonypi.sys

[2011/07/30 19:47:08 | 000,114,688 | ---- | C] (Sony Corporation) -- C:\WINDOWS\System32\dllcache\sonypi.dll

[2011/07/30 19:47:01 | 000,020,752 | ---- | C] (Sony Corporation) -- C:\WINDOWS\System32\dllcache\sonync.sys

[2011/07/30 19:46:52 | 000,009,600 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\sonymc.sys

[2011/07/30 19:46:49 | 000,007,552 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\sonyait.sys

[2011/07/30 19:46:41 | 000,007,040 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\snyaitmc.sys

[2011/07/30 19:46:40 | 000,007,168 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\EXCH_snprfdll.dll

[2011/07/30 19:46:39 | 000,010,240 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\snmpstup.dll

[2011/07/30 19:46:33 | 000,012,288 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\EXCH_smtpctrs.dll

[2011/07/30 19:46:32 | 000,005,632 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\smimsgif.dll

[2011/07/30 19:46:24 | 000,058,368 | ---- | C] (Silicon Motion Inc.) -- C:\WINDOWS\System32\dllcache\smiminib.sys

[2011/07/30 19:46:23 | 000,015,872 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\smierrsm.dll

[2011/07/30 19:46:23 | 000,005,632 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\smierrsy.dll

[2011/07/30 19:46:15 | 000,147,200 | ---- | C] (Silicon Motion Inc.) -- C:\WINDOWS\System32\dllcache\smidispb.dll

[2011/07/30 19:45:49 | 000,025,034 | ---- | C] (SMC Networks, Inc.) -- C:\WINDOWS\System32\dllcache\smcpwr2n.sys

[2011/07/30 19:45:41 | 000,024,576 | ---- | C] (SMC Networks, Inc.) -- C:\WINDOWS\System32\dllcache\smc8000n.sys

[2011/07/30 19:45:33 | 000,006,784 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\smbhc.sys

[2011/07/30 19:45:30 | 000,006,912 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\smbclass.sys

[2011/07/30 19:45:27 | 000,031,744 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\smb6w.dll

[2011/07/30 19:45:27 | 000,016,000 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\smbbatt.sys

[2011/07/30 19:45:19 | 000,045,568 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\smb3w.dll

[2011/07/30 19:45:11 | 000,033,792 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\smb0w.dll

[2011/07/30 19:45:10 | 000,031,744 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\sma3w.dll

[2011/07/30 19:45:02 | 000,028,672 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\sma0w.dll

[2011/07/30 19:45:01 | 000,038,912 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\sm9aw.dll

[2011/07/30 19:45:01 | 000,026,624 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\sm93w.dll

[2011/07/30 19:45:00 | 000,026,624 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\sm92w.dll

[2011/07/30 19:44:53 | 000,028,160 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\sm91w.dll

[2011/07/30 19:44:52 | 000,026,112 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\sm90w.dll

[2011/07/30 19:44:52 | 000,026,112 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\sm8dw.dll

[2011/07/30 19:44:51 | 000,029,184 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\sm8cw.dll

[2011/07/30 19:44:51 | 000,026,112 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\sm8aw.dll

[2011/07/30 19:44:50 | 000,030,208 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\sm87w.dll

[2011/07/30 19:44:50 | 000,026,112 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\sm89w.dll

[2011/07/30 19:44:49 | 000,030,208 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\sm81w.dll

[2011/07/30 19:44:49 | 000,025,088 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\sm59w.dll

[2011/07/30 19:44:45 | 000,011,136 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\slip.sys

[2011/07/30 19:44:42 | 000,063,547 | ---- | C] (Symbol Technologies) -- C:\WINDOWS\System32\dllcache\sla30nd5.sys

[2011/07/30 19:44:34 | 000,091,294 | ---- | C] (SysKonnect, a business unit of Schneider & Koch & Co. Datensysteme GmbH.) -- C:\WINDOWS\System32\dllcache\skfpwin.sys

[2011/07/30 19:44:26 | 000,094,698 | ---- | C] (SysKonnect GmbH.) -- C:\WINDOWS\System32\dllcache\sk98xwin.sys

[2011/07/30 19:44:18 | 000,157,696 | ---- | C] (Silicon Integrated Systems Corporation) -- C:\WINDOWS\System32\dllcache\sisv256.dll

[2011/07/30 19:44:10 | 000,050,432 | ---- | C] (Silicon Integrated Systems Corporation) -- C:\WINDOWS\System32\dllcache\sisv.sys

[2011/07/30 19:44:07 | 000,032,768 | ---- | C] (SiS Corporation) -- C:\WINDOWS\System32\dllcache\sisnic.sys

[2011/07/30 19:44:00 | 000,238,592 | ---- | C] (Silicon Integrated Systems Corporation) -- C:\WINDOWS\System32\dllcache\sisgrv.dll

[2011/07/30 19:43:52 | 000,104,064 | ---- | C] (Silicon Integrated Systems Corporation) -- C:\WINDOWS\System32\dllcache\sisgrp.sys

[2011/07/30 19:43:44 | 000,150,144 | ---- | C] (Silicon Integrated Systems Corporation) -- C:\WINDOWS\System32\dllcache\sis6306v.dll

[2011/07/30 19:43:36 | 000,068,608 | ---- | C] (Silicon Integrated Systems Corporation) -- C:\WINDOWS\System32\dllcache\sis6306p.sys

[2011/07/30 19:43:28 | 000,252,032 | ---- | C] (Silicon Integrated Systems Corporation) -- C:\WINDOWS\System32\dllcache\sis300iv.dll

[2011/07/30 19:43:20 | 000,101,760 | ---- | C] (Silicon Integrated Systems Corporation) -- C:\WINDOWS\System32\dllcache\sis300ip.sys

[2011/07/30 19:43:19 | 000,018,944 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\simptcp.dll

[2011/07/30 19:42:56 | 000,161,568 | ---- | C] (Micro Systemation) -- C:\WINDOWS\System32\dllcache\sgsmusb.sys

[2011/07/30 19:42:48 | 000,018,400 | ---- | C] (Micro Systemation) -- C:\WINDOWS\System32\dllcache\sgsmld.sys

[2011/07/30 19:42:40 | 000,098,080 | ---- | C] (Trident Microsystems Inc.) -- C:\WINDOWS\System32\dllcache\sgiulnt5.sys

[2011/07/30 19:42:32 | 000,386,560 | ---- | C] (Trident Microsystems Inc.) -- C:\WINDOWS\System32\dllcache\sgiul50.dll

[2011/07/30 19:42:24 | 000,036,480 | ---- | C] (Creative Technology Ltd.) -- C:\WINDOWS\System32\dllcache\sfmanm.sys

[2011/07/30 19:42:13 | 000,006,784 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\serscan.sys

[2011/07/30 19:42:05 | 000,017,664 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\sermouse.sys

[2011/07/30 19:42:04 | 000,026,112 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\EXCH_seos.dll

[2011/07/30 19:41:55 | 000,006,912 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\seaddsmc.sys

[2011/07/30 19:41:52 | 000,011,520 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\scsiscan.sys

[2011/07/30 19:41:44 | 000,011,648 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\scsiprnt.sys

[2011/07/30 19:41:43 | 000,057,856 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\EXCH_scripto.dll

[2011/07/30 19:41:34 | 000,017,280 | ---- | C] (SCM Microsystems) -- C:\WINDOWS\System32\dllcache\scr111.sys

[2011/07/30 19:41:26 | 000,016,640 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\scmstcs.sys

[2011/07/30 19:41:17 | 000,023,936 | ---- | C] (OMNIKEY AG) -- C:\WINDOWS\System32\dllcache\sccmusbm.sys

[2011/07/30 19:41:10 | 000,023,936 | ---- | C] (OMNIKEY AG) -- C:\WINDOWS\System32\dllcache\sccmn50m.sys

[2011/07/30 19:41:06 | 000,043,904 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\sbp2port.sys

[2011/07/30 19:40:58 | 000,495,616 | ---- | C] (Creative Technology Ltd.) -- C:\WINDOWS\System32\dllcache\sblfx.dll

[2011/07/30 19:40:48 | 000,075,392 | ---- | C] (S3 Graphics, Inc.) -- C:\WINDOWS\System32\dllcache\s3savmxm.sys

[2011/07/30 19:40:40 | 000,245,632 | ---- | C] (S3 Graphics, Inc.) -- C:\WINDOWS\System32\dllcache\s3savmx.dll

[2011/07/30 19:40:32 | 000,077,824 | ---- | C] (S3 Incorporated) -- C:\WINDOWS\System32\dllcache\s3sav4m.sys

[2011/07/30 19:40:24 | 000,198,400 | ---- | C] (S3 Incorporated) -- C:\WINDOWS\System32\dllcache\s3sav4.dll

[2011/07/30 19:40:16 | 000,061,504 | ---- | C] (S3 Incorporated) -- C:\WINDOWS\System32\dllcache\s3sav3dm.sys

[2011/07/30 19:40:08 | 000,179,264 | ---- | C] (S3 Incorporated) -- C:\WINDOWS\System32\dllcache\s3sav3d.dll

[2011/07/30 19:40:00 | 000,210,496 | ---- | C] (S3 Incorporated) -- C:\WINDOWS\System32\dllcache\s3mvirge.dll

[2011/07/30 19:39:51 | 000,062,496 | ---- | C] (S3 Incorporated) -- C:\WINDOWS\System32\dllcache\s3mtrio.dll

[2011/07/30 19:39:43 | 000,041,216 | ---- | C] (S3 Incorporated) -- C:\WINDOWS\System32\dllcache\s3mt3d.sys

[2011/07/30 19:39:36 | 000,182,272 | ---- | C] (S3 Incorporated) -- C:\WINDOWS\System32\dllcache\s3mt3d.dll

[2011/07/30 19:39:28 | 000,166,720 | ---- | C] (S3 Incorporated) -- C:\WINDOWS\System32\dllcache\s3m.sys

[2011/07/30 19:39:20 | 000,065,664 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\s3legacy.sys

[2011/07/30 19:39:11 | 000,082,432 | ---- | C] (Ricoh Co., Ltd.) -- C:\WINDOWS\System32\dllcache\rwia450.dll

[2011/07/30 19:39:04 | 000,079,872 | ---- | C] (Ricoh Co., Ltd.) -- C:\WINDOWS\System32\dllcache\rwia430.dll

[2011/07/30 19:39:03 | 000,079,872 | ---- | C] (Ricoh Co., Ltd.) -- C:\WINDOWS\System32\dllcache\rwia330.dll

[2011/07/30 19:39:03 | 000,079,872 | ---- | C] (Ricoh Co., Ltd.) -- C:\WINDOWS\System32\dllcache\rwia001.dll

[2011/07/30 19:39:00 | 000,029,696 | ---- | C] (Ricoh Co., Ltd.) -- C:\WINDOWS\System32\dllcache\rw450ext.dll

[2011/07/30 19:38:58 | 000,027,648 | ---- | C] (Ricoh Co., Ltd.) -- C:\WINDOWS\System32\dllcache\rw430ext.dll

[2011/07/30 19:38:53 | 000,020,992 | ---- | C] (Realtek Semiconductor Corporation) -- C:\WINDOWS\System32\dllcache\rtl8139.sys

[2011/07/30 19:38:45 | 000,019,017 | ---- | C] (Realtek Semiconductor Corporation) -- C:\WINDOWS\System32\dllcache\rtl8029.sys

[2011/07/30 19:38:38 | 000,030,720 | ---- | C] (Conexant Systems Inc.) -- C:\WINDOWS\System32\dllcache\rthwcls.sys

[2011/07/30 19:38:28 | 000,009,216 | ---- | C] (Brother Industries, Ltd.) -- C:\WINDOWS\System32\dllcache\rsmgrstr.dll

[2011/07/30 19:38:19 | 000,003,840 | ---- | C] (Conexant Systems Inc.) -- C:\WINDOWS\System32\dllcache\rpfun.sys

[2011/07/30 19:38:15 | 000,079,104 | ---- | C] (Comtrol Corporation) -- C:\WINDOWS\System32\dllcache\rocket.sys

[2011/07/30 19:38:05 | 000,037,563 | ---- | C] (RadioLAN) -- C:\WINDOWS\System32\dllcache\rlnet5.sys

[2011/07/30 19:37:56 | 000,086,097 | ---- | C] (Xircom) -- C:\WINDOWS\System32\dllcache\reslog32.dll

[2011/07/30 19:37:54 | 000,023,040 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\EXCH_regtrace.exe

[2011/07/30 19:37:53 | 000,014,848 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\register.exe

[2011/07/30 19:37:35 | 000,714,762 | ---- | C] (Xircom, Inc.) -- C:\WINDOWS\System32\dllcache\r2mdmkxx.sys

[2011/07/30 19:37:28 | 000,899,146 | ---- | C] (Xircom, Inc.) -- C:\WINDOWS\System32\dllcache\r2mdkxga.sys

[2011/07/30 19:37:20 | 000,041,472 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\qvusd.dll

[2011/07/30 19:37:11 | 000,003,328 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\qv2kux.sys

[2011/07/30 19:37:10 | 000,016,384 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\quser.exe

[2011/07/30 19:37:09 | 000,009,728 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\query.exe

[2011/07/30 19:36:58 | 000,049,024 | ---- | C] (QLogic Corporation) -- C:\WINDOWS\System32\dllcache\ql1280.sys

[2011/07/30 19:36:50 | 000,040,448 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\ql1240.sys

[2011/07/30 19:36:41 | 000,045,312 | ---- | C] (QLogic Corporation) -- C:\WINDOWS\System32\dllcache\ql12160.sys

[2011/07/30 19:36:34 | 000,033,152 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\ql10wnt.sys

[2011/07/30 19:36:25 | 000,040,320 | ---- | C] (QLogic Corporation) -- C:\WINDOWS\System32\dllcache\ql1080.sys

[2011/07/30 19:36:23 | 000,006,016 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\qic157.sys

[2011/07/30 19:36:12 | 000,130,942 | ---- | C] (PCTEL, INC.) -- C:\WINDOWS\System32\dllcache\ptserlv.sys

[2011/07/30 19:36:04 | 000,112,574 | ---- | C] (PCTEL, INC.) -- C:\WINDOWS\System32\dllcache\ptserlp.sys

[2011/07/30 19:35:57 | 000,128,286 | ---- | C] (PCTEL, INC.) -- C:\WINDOWS\System32\dllcache\ptserli.sys

[2011/07/30 19:35:54 | 000,159,232 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\ptpusd.dll

[2011/07/30 19:35:47 | 000,005,632 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\ptpusb.dll

[2011/07/30 19:35:34 | 000,035,328 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\psisload.dll

[2011/07/30 19:35:23 | 000,016,128 | ---- | C] (SCM Microsystems, Inc.) -- C:\WINDOWS\System32\dllcache\pscr.sys

[2011/07/30 19:35:18 | 000,017,664 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\ppa3.sys

[2011/07/30 19:35:09 | 000,017,792 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\ppa.sys

[2011/07/30 19:35:07 | 000,008,832 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\powerfil.sys

[2011/07/30 19:34:56 | 000,007,168 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\pnrmc.sys

[2011/07/30 19:34:55 | 000,131,584 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\pmxviceo.dll

[2011/07/30 19:34:54 | 000,011,264 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\pmxmcro.dll

[2011/07/30 19:34:54 | 000,006,144 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\pmxgl.dll

[2011/07/30 19:34:44 | 000,121,344 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\phvfwext.dll

[2011/07/30 19:34:36 | 000,019,840 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\philtune.sys

[2011/07/30 19:34:28 | 000,092,416 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\phildec.sys

[2011/07/30 19:34:20 | 000,173,696 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\philcam2.sys

[2011/07/30 19:34:12 | 000,075,776 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\philcam1.sys

[2011/07/30 19:34:05 | 000,016,384 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\philcam1.dll

[2011/07/30 19:33:57 | 000,105,984 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\phdsext.ax

[2011/07/30 19:33:55 | 000,259,328 | ---- | C] (Microsoft Corp., 3Dlabs Inc. Ltd.) -- C:\WINDOWS\System32\dllcache\perm3dd.dll

[2011/07/30 19:33:53 | 000,028,032 | ---- | C] (Microsoft Corp., 3Dlabs Inc. Ltd.) -- C:\WINDOWS\System32\dllcache\perm3.sys

[2011/07/30 19:33:50 | 000,211,584 | ---- | C] (Microsoft Corp., 3Dlabs Inc. Ltd.) -- C:\WINDOWS\System32\dllcache\perm2dll.dll

[2011/07/30 19:33:48 | 000,027,904 | ---- | C] (Microsoft Corp., 3Dlabs Inc. Ltd.) -- C:\WINDOWS\System32\dllcache\perm2.sys

[2011/07/30 19:33:40 | 000,005,504 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\perc2hib.sys

[2011/07/30 19:33:32 | 000,027,296 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\perc2.sys

[2011/07/30 19:33:29 | 000,169,984 | ---- | C] (Cisco Systems) -- C:\WINDOWS\System32\dllcache\pcx500.sys

[2011/07/30 19:33:22 | 000,086,016 | ---- | C] (PCtel, Inc.) -- C:\WINDOWS\System32\dllcache\pctspk.exe

[2011/07/30 19:33:14 | 000,035,328 | ---- | C] (AMD Inc.) -- C:\WINDOWS\System32\dllcache\pcntpci5.sys

[2011/07/30 19:33:07 | 000,029,769 | ---- | C] (AMD Inc.) -- C:\WINDOWS\System32\dllcache\pcntn5m.sys

[2011/07/30 19:32:59 | 000,030,282 | ---- | C] (AMD Inc.) -- C:\WINDOWS\System32\dllcache\pcntn5hl.sys

[2011/07/30 19:32:50 | 000,026,153 | ---- | C] (Linksys) -- C:\WINDOWS\System32\dllcache\pcmlm56.sys

[2011/07/30 19:32:47 | 000,029,502 | ---- | C] (Marconi Communications, Inc.) -- C:\WINDOWS\System32\dllcache\pca200e.sys

[2011/07/30 19:32:39 | 000,030,495 | ---- | C] (Linksys) -- C:\WINDOWS\System32\dllcache\pc100nds.sys

[2011/07/30 19:32:29 | 000,041,984 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\ovui2rc.dll

[2011/07/30 19:32:20 | 000,044,544 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\ovui2.dll

[2011/07/30 19:32:12 | 000,025,216 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\ovsound2.sys

[2011/07/30 19:32:05 | 000,039,424 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\ovcoms.exe

[2011/07/30 19:31:57 | 000,020,480 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\ovcomc.dll

[2011/07/30 19:31:49 | 000,351,616 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\ovcodek2.sys

[2011/07/30 19:31:41 | 000,116,736 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\ovcodec2.dll

[2011/07/30 19:31:32 | 000,031,872 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\ovce.sys

[2011/07/30 19:31:25 | 000,028,032 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\ovcd.sys

[2011/07/30 19:31:17 | 000,048,000 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\ovcam2.sys

[2011/07/30 19:31:10 | 000,025,088 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\ovca.sys

[2011/07/30 19:31:02 | 000,054,186 | ---- | C] (Ositech Communications, Inc.) -- C:\WINDOWS\System32\dllcache\otcsercb.sys

[2011/07/30 19:30:54 | 000,043,689 | ---- | C] (Ositech Communications, Inc.) -- C:\WINDOWS\System32\dllcache\otceth5.sys

[2011/07/30 19:30:46 | 000,027,209 | ---- | C] (Ositech Communications, Inc.) -- C:\WINDOWS\System32\dllcache\otc06x5.sys

[2011/07/30 19:30:37 | 000,054,528 | ---- | C] (Yamaha Corp.) -- C:\WINDOWS\System32\dllcache\opl3sax.sys

[2011/07/30 19:30:16 | 000,198,144 | ---- | C] (NVIDIA Corporation) -- C:\WINDOWS\System32\dllcache\nv3.sys

[2011/07/30 19:30:05 | 000,123,776 | ---- | C] (NVIDIA Corporation) -- C:\WINDOWS\System32\dllcache\nv3.dll

[2011/07/30 19:29:47 | 000,051,552 | ---- | C] (Kensington Technology Group) -- C:\WINDOWS\System32\dllcache\ntgrip.sys

[2011/07/30 19:29:47 | 000,038,912 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\EXCH_ntfsdrv.dll

[2011/07/30 19:29:38 | 000,009,344 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\ntapm.sys

[2011/07/30 19:29:31 | 000,007,552 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\nsmmc.sys

[2011/07/30 19:29:29 | 000,028,672 | ---- | C] (National Semiconductor Corporation) -- C:\WINDOWS\System32\dllcache\nscirda.sys

[2011/07/30 19:29:18 | 000,087,040 | ---- | C] (NeoMagic Corporation) -- C:\WINDOWS\System32\dllcache\nm6wdm.sys

[2011/07/30 19:29:11 | 000,126,080 | ---- | C] (NeoMagic Corporation) -- C:\WINDOWS\System32\dllcache\nm5a2wdm.sys

[2011/07/30 19:29:02 | 000,032,840 | ---- | C] (NETGEAR Corporation.) -- C:\WINDOWS\System32\dllcache\ngrpci.sys

[2011/07/30 19:29:00 | 000,132,695 | ---- | C] (802.11b) -- C:\WINDOWS\System32\dllcache\netwlan5.sys

[2011/07/30 19:28:48 | 000,065,278 | ---- | C] (Compaq Computer Corporation) -- C:\WINDOWS\System32\dllcache\netflx3.sys

[2011/07/30 19:28:40 | 000,039,264 | ---- | C] (NeoMagic Corporation) -- C:\WINDOWS\System32\dllcache\neo20xx.sys

[2011/07/30 19:28:32 | 000,060,480 | ---- | C] (NeoMagic Corporation) -- C:\WINDOWS\System32\dllcache\neo20xx.dll

[2011/07/30 19:28:25 | 000,015,872 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\ne2000.sys

[2011/07/30 19:28:21 | 000,010,880 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\ndisip.sys

[2011/07/30 19:28:16 | 000,085,248 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\nabtsfec.sys

[2011/07/30 19:28:

Link to comment
Share on other sites

Hi there,

 

Go to My Computer-> Tools-> Folder Options-> View tab:

  • Under the Hidden files and folders heading:
  • Select - Show hidden files and folders.
  • Uncheck- Hide protected operating system files (recommended) option.
  • Also, make sure there is no checkmark beside Hide file extensions for known file types.
  • Click OK. (Remember to Hide files and folders once done)

Please go to one of the below sites to scan the following files:

Virus Total (Recommended)

jotti.org

VirScan

 

 

click on Browse, and upload the following file for analysis:

C:\WINDOWS\LOOP.exe

 

Then click Submit. Allow the file to be scanned, and then please copy and paste the results link(for Virus Total) here for me to see.

If it says already scanned -- click "reanalyze now"

Please post the results in your next reply.

 

===================================================

 

Run OTL.exe

  • Copy/paste the following text written inside of the code box into the Custom Scans/Fixes box located at the bottom of OTL

     

    :OTL
    [2008/10/16 18:53:35 | 000,000,000 | ---D | M] (eMusic Toolbar) -- C:\Documents and Settings\CAROLYN\Application Data\Mozilla\Firefox\Profiles\vyech33j.default\extensions\{9ee802e8-c931-47ab-b570-aa8f791598ca}
    [2008/06/03 20:20:28 | 000,000,000 | ---D | M] (ALOT eMusic Toolbar) -- C:\Documents and Settings\CAROLYN\Application Data\Mozilla\Firefox\Profiles\vyech33j.default\extensions\toolbar@alot.com
    [2008/06/18 11:26:50 | 000,002,027 | ---- | M] () -- C:\Documents and Settings\CAROLYN\Application Data\Mozilla\Firefox\Profiles\vyech33j.default\searchplugins\alotcom.xml
    O3 - HKLM\..\Toolbar: (no name) - {BA52B914-B692-46c4-B683-905236F6F655} - No CLSID value found.
    O3 - HKLM\..\Toolbar: (no name) - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - No CLSID value found.
    O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - No CLSID value found.
    O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {A057A204-BACC-4D26-9990-79A187E2698E} - No CLSID value found.
    O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - No CLSID value found.
    O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {D4027C7F-154A-4066-A1AD-4243D8127440} - No CLSID value found.
    O4 - HKLM..\Run: [NielsenOnline] File not found
    O4 - HKLM..\Run: [nvcpl] File not found
    O4 - HKCU..\Run: [Google Update] File not found
    O4 - HKCU..\Run: [wefi] File not found
    O33 - MountPoints2\{7a24dedc-14ed-11e0-904c-0012f042f73f}\Shell\AutoRun\command - "" = H:\install.exe
    O33 - MountPoints2\{8908303c-ba50-11dc-8bec-00c09f8c54a5}\Shell - "" = AutoRun
    O33 - MountPoints2\{8908303c-ba50-11dc-8bec-00c09f8c54a5}\Shell\AutoRun - "" = Auto&Play
    O33 - MountPoints2\{8908303c-ba50-11dc-8bec-00c09f8c54a5}\Shell\AutoRun\command - "" = E:\AutoRun.exe
    O33 - MountPoints2\{8908303d-ba50-11dc-8bec-00c09f8c54a5}\Shell - "" = AutoRun
    O33 - MountPoints2\{8908303d-ba50-11dc-8bec-00c09f8c54a5}\Shell\AutoRun - "" = Auto&Play
    O33 - MountPoints2\{8908303d-ba50-11dc-8bec-00c09f8c54a5}\Shell\AutoRun\command - "" = F:\AutoRun.exe
    O33 - MountPoints2\{f2969b04-ba3d-11dc-8be7-00c09f8c54a5}\Shell - "" = AutoRun
    O33 - MountPoints2\{f2969b04-ba3d-11dc-8be7-00c09f8c54a5}\Shell\AutoRun - "" = Auto&Play
    O33 - MountPoints2\{f2969b04-ba3d-11dc-8be7-00c09f8c54a5}\Shell\AutoRun\command - "" = F:\AutoRun.exe
    [2008/04/07 11:49:54 | 000,705,634 | -HS- | C] () -- C:\WINDOWS\System32\tsxpdqcx.ini
    [2008/04/06 10:42:31 | 000,693,108 | -HS- | C] () -- C:\WINDOWS\System32\swruymof.ini
    [2008/04/05 21:56:45 | 000,163,840 | ---- | C] () -- C:\WINDOWS\System32\ArtFfct.dll
    [2008/04/05 10:28:59 | 000,693,048 | -HS- | C] () -- C:\WINDOWS\System32\yvsxakvm.ini
    [2008/04/04 10:23:22 | 000,748,908 | -HS- | C] () -- C:\WINDOWS\System32\ddjccinm.ini
    [2008/04/03 07:39:24 | 000,700,355 | -HS- | C] () -- C:\WINDOWS\System32\efgusrek.ini
    [2008/03/27 19:02:28 | 000,000,354 | -HS- | C] () -- C:\WINDOWS\System32\wjcyykgw.ini
    [2008/03/26 13:02:14 | 000,000,294 | -HS- | C] () -- C:\WINDOWS\System32\urhcvlxs.ini
    
    :Commands
    [EMPTYFLASH]
    [EMPTYTEMP]
    [CREATERESTOREPOINT]
    
  • Then click the Run Fix button at the top
  • Let the program run unhindered, reboot when it is done
  • Then post Fix OTL log as well as a new OTL log by rerunning it after reboot without custom scans script.
===================================================

 

On your next reply please post :

File scanner report

Fix OTL log

Fresh OTL log

 

Let me know if you have any problems in performing with the steps above or any questions you may have.

 

Good Day!

Link to comment
Share on other sites

Hi Conspire

 

All done! Please find the logs below.

 

Thanks again

 

Gemma

 

 

All processes killed

========== OTL ==========

C:\Documents and Settings\CAROLYN\Application Data\Mozilla\Firefox\Profiles\vyech33j.default\extensions\{9ee802e8-c931-47ab-b570-aa8f791598ca}\searchplugin folder moved successfully.

C:\Documents and Settings\CAROLYN\Application Data\Mozilla\Firefox\Profiles\vyech33j.default\extensions\{9ee802e8-c931-47ab-b570-aa8f791598ca}\defaults folder moved successfully.

C:\Documents and Settings\CAROLYN\Application Data\Mozilla\Firefox\Profiles\vyech33j.default\extensions\{9ee802e8-c931-47ab-b570-aa8f791598ca}\components folder moved successfully.

C:\Documents and Settings\CAROLYN\Application Data\Mozilla\Firefox\Profiles\vyech33j.default\extensions\{9ee802e8-c931-47ab-b570-aa8f791598ca}\chrome folder moved successfully.

C:\Documents and Settings\CAROLYN\Application Data\Mozilla\Firefox\Profiles\vyech33j.default\extensions\{9ee802e8-c931-47ab-b570-aa8f791598ca} folder moved successfully.

C:\Documents and Settings\CAROLYN\Application Data\Mozilla\Firefox\Profiles\vyech33j.default\extensions\toolbar@alot.com\META-INF folder moved successfully.

C:\Documents and Settings\CAROLYN\Application Data\Mozilla\Firefox\Profiles\vyech33j.default\extensions\toolbar@alot.com\defaults\preferences folder moved successfully.

C:\Documents and Settings\CAROLYN\Application Data\Mozilla\Firefox\Profiles\vyech33j.default\extensions\toolbar@alot.com\defaults folder moved successfully.

C:\Documents and Settings\CAROLYN\Application Data\Mozilla\Firefox\Profiles\vyech33j.default\extensions\toolbar@alot.com\config\plugin folder moved successfully.

C:\Documents and Settings\CAROLYN\Application Data\Mozilla\Firefox\Profiles\vyech33j.default\extensions\toolbar@alot.com\config\cache folder moved successfully.

C:\Documents and Settings\CAROLYN\Application Data\Mozilla\Firefox\Profiles\vyech33j.default\extensions\toolbar@alot.com\config folder moved successfully.

C:\Documents and Settings\CAROLYN\Application Data\Mozilla\Firefox\Profiles\vyech33j.default\extensions\toolbar@alot.com\components folder moved successfully.

C:\Documents and Settings\CAROLYN\Application Data\Mozilla\Firefox\Profiles\vyech33j.default\extensions\toolbar@alot.com\chrome folder moved successfully.

C:\Documents and Settings\CAROLYN\Application Data\Mozilla\Firefox\Profiles\vyech33j.default\extensions\toolbar@alot.com folder moved successfully.

C:\Documents and Settings\CAROLYN\Application Data\Mozilla\Firefox\Profiles\vyech33j.default\searchplugins\alotcom.xml moved successfully.

Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\{BA52B914-B692-46c4-B683-905236F6F655} deleted successfully.

Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{BA52B914-B692-46c4-B683-905236F6F655}\ not found.

Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\{CCC7A320-B3CA-4199-B1A6-9F516DD69829} deleted successfully.

Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CCC7A320-B3CA-4199-B1A6-9F516DD69829}\ not found.

Registry value HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} deleted successfully.

Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6}\ not found.

Registry value HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{A057A204-BACC-4D26-9990-79A187E2698E} deleted successfully.

Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{A057A204-BACC-4D26-9990-79A187E2698E}\ not found.

Registry value HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{CCC7A320-B3CA-4199-B1A6-9F516DD69829} deleted successfully.

Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CCC7A320-B3CA-4199-B1A6-9F516DD69829}\ not found.

Registry value HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{D4027C7F-154A-4066-A1AD-4243D8127440} deleted successfully.

Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{D4027C7F-154A-4066-A1AD-4243D8127440}\ not found.

Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\NielsenOnline deleted successfully.

Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\nvcpl deleted successfully.

Registry value HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run\\Google Update deleted successfully.

Registry value HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run\\wefi deleted successfully.

Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{7a24dedc-14ed-11e0-904c-0012f042f73f}\ deleted successfully.

Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{7a24dedc-14ed-11e0-904c-0012f042f73f}\ not found.

File H:\install.exe not found.

Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{8908303c-ba50-11dc-8bec-00c09f8c54a5}\ deleted successfully.

Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{8908303c-ba50-11dc-8bec-00c09f8c54a5}\ not found.

Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{8908303c-ba50-11dc-8bec-00c09f8c54a5}\ not found.

Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{8908303c-ba50-11dc-8bec-00c09f8c54a5}\ not found.

Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{8908303c-ba50-11dc-8bec-00c09f8c54a5}\ not found.

Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{8908303c-ba50-11dc-8bec-00c09f8c54a5}\ not found.

File E:\AutoRun.exe not found.

Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{8908303d-ba50-11dc-8bec-00c09f8c54a5}\ deleted successfully.

Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{8908303d-ba50-11dc-8bec-00c09f8c54a5}\ not found.

Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{8908303d-ba50-11dc-8bec-00c09f8c54a5}\ not found.

Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{8908303d-ba50-11dc-8bec-00c09f8c54a5}\ not found.

Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{8908303d-ba50-11dc-8bec-00c09f8c54a5}\ not found.

Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{8908303d-ba50-11dc-8bec-00c09f8c54a5}\ not found.

File F:\AutoRun.exe not found.

Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{f2969b04-ba3d-11dc-8be7-00c09f8c54a5}\ deleted successfully.

Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{f2969b04-ba3d-11dc-8be7-00c09f8c54a5}\ not found.

Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{f2969b04-ba3d-11dc-8be7-00c09f8c54a5}\ not found.

Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{f2969b04-ba3d-11dc-8be7-00c09f8c54a5}\ not found.

Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{f2969b04-ba3d-11dc-8be7-00c09f8c54a5}\ not found.

Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{f2969b04-ba3d-11dc-8be7-00c09f8c54a5}\ not found.

File F:\AutoRun.exe not found.

C:\WINDOWS\system32\tsxpdqcx.ini moved successfully.

C:\WINDOWS\system32\swruymof.ini moved successfully.

C:\WINDOWS\system32\ArtFfct.dll moved successfully.

C:\WINDOWS\system32\yvsxakvm.ini moved successfully.

C:\WINDOWS\system32\ddjccinm.ini moved successfully.

C:\WINDOWS\system32\efgusrek.ini moved successfully.

C:\WINDOWS\system32\wjcyykgw.ini moved successfully.

C:\WINDOWS\system32\urhcvlxs.ini moved successfully.

========== COMMANDS ==========

 

[EMPTYFLASH]

 

User: Administrator

->Flash cache emptied: 2836 bytes

 

User: Administrator.DKC

->Flash cache emptied: 41620 bytes

 

User: All Users

 

User: CAROLYN

->Flash cache emptied: 2122870 bytes

 

User: Default User

->Flash cache emptied: 41620 bytes

 

User: LocalService

 

User: NetworkService

 

Total Flash Files Cleaned = 2.00 mb

 

 

[EMPTYTEMP]

 

User: Administrator

->Temporary Internet Files folder emptied: 215125 bytes

->Flash cache emptied: 0 bytes

 

User: Administrator.DKC

->Temp folder emptied: 0 bytes

->Temporary Internet Files folder emptied: 32902 bytes

->Flash cache emptied: 0 bytes

 

User: All Users

 

User: CAROLYN

->Temp folder emptied: 460381296 bytes

->Temporary Internet Files folder emptied: 47048307 bytes

->Java cache emptied: 32254394 bytes

->FireFox cache emptied: 85828561 bytes

->Google Chrome cache emptied: 89498669 bytes

->Apple Safari cache emptied: 143083520 bytes

->Flash cache emptied: 0 bytes

 

User: Default User

->Temp folder emptied: 0 bytes

->Temporary Internet Files folder emptied: 32902 bytes

->Flash cache emptied: 0 bytes

 

User: LocalService

->Temp folder emptied: 66016 bytes

->Temporary Internet Files folder emptied: 49554 bytes

->FireFox cache emptied: 3334169 bytes

 

User: NetworkService

->Temp folder emptied: 490426 bytes

->Temporary Internet Files folder emptied: 304107320 bytes

 

%systemdrive% .tmp files removed: 10 bytes

%systemroot% .tmp files removed: 182982 bytes

%systemroot%\System32 .tmp files removed: 3770897 bytes

%systemroot%\System32\dllcache .tmp files removed: 0 bytes

%systemroot%\System32\drivers .tmp files removed: 0 bytes

Windows Temp folder emptied: 150322961 bytes

%systemroot%\system32\config\systemprofile\Local Settings\Temp folder emptied: 116899272 bytes

%systemroot%\system32\config\systemprofile\Local Settings\Temporary Internet Files folder emptied: 33170 bytes

RecycleBin emptied: 0 bytes

 

Total Files Cleaned = 1,371.00 mb

 

Restore point Set: OTL Restore Point (0)

 

OTL by OldTimer - Version 3.2.26.1 log created on 08102011_131541

 

Files\Folders moved on Reboot...

 

Registry entries deleted on Reboot...

 

AhnLab-V32011.08.10.012011.08.10-AntiVir7.11.13.92011.08.10-Antiy-AVL2.0.3.72011.08.10-Avast4.8.1351.02011.08.10-Avast55.0.677.02011.08.10-AVG10.0.0.11902011.08.09-BitDefender7.22011.08.10-CAT-QuickHeal11.002011.08.10(Suspicious) - DNAScanClamAV0.97.0.02011.08.10-Commtouch5.3.2.62011.08.10-Comodo96942011.08.10-DrWeb5.0.2.033002011.08.10-Emsisoft5.1.0.82011.08.10-eSafe7.0.17.02011.08.09Win32.TrojanHorseeTrust-Vet36.1.84942011.08.10-F-Prot4.6.2.1172011.08.10-F-Secure9.0.16440.02011.08.10-Fortinet4.2.257.02011.08.10-GData222011.08.10-IkarusT3.1.1.107.02011.08.10-Jiangmin13.0.9002011.08.09-K7AntiVirus9.109.49982011.08.10-Kaspersky9.0.0.8372011.08.10-McAfee5.400.0.11582011.08.10-McAfee-GW-Edition2010.1D2011.08.10-Microsoft1.71042011.08.10-NOD3263652011.08.10-Norman6.07.102011.08.10-nProtect2011-08-10.032011.08.10-Panda10.0.3.52011.08.10-PCTools8.0.0.52011.08.10-Prevx3.02011.08.10-Rising23.70.02.032011.08.10-Sophos4.67.02011.08.10-SUPERAntiSpyware4.40.0.10062011.08.10-Symantec20111.2.0.822011.08.10-TheHacker6.7.0.1.2752011.08.09-TrendMicro9.500.0.10082011.08.10-TrendMicro-HouseCall9.500.0.10082011.08.10-VBA323.12.16.42011.08.08-VIPRE101242011.08.10-ViRobot2011.8.10.46152011.08.10-VirusBuster14.0.161.02011.08.10-Additional informationShow allMD5 : f82a6b9441dd7c88a68532b5a67db9c8SHA1 : 1d71a44fab0600f417374066e41233c45f6da542SHA256: 64c153f9e18ae0c5a14d857b6f4b2c2bc50d2d67f12659d1329097f2e92c7e3bssdeep: 6144:AomEwhr4UQ1WnzJLYSQ9BACld+olDOxtXA87tgS99Ccq9M/c4oZgTy:NmECQ1WzFjQ9BjE

gDY5A8S699q9MhoRFile size : 311295 bytesFirst seen: 2007-01-22 16:24:20Last seen : 2011-08-10 12:05:51Magic: PE32 executable for MS Windows (GUI) Intel 80386 32-bitTrID:

42.3% (.EXE) Win32 Executable Generic (8527/13/3)

37.6% (.DLL) Win32 Dynamic Link Library (generic) (7583/30/2)

9.9% (.EXE) Generic Win/DOS Executable (2002/3)

9.9% (.EXE) DOS Executable Generic (2000/1)

0.0% (.CEL) Autodesk FLIC Image File (extensions: flc, fli, cel) (7/3)sigcheck:

publisher....: n/a

copyright....: n/a

product......: n/a

description..: n/a

original name: n/a

internal name: n/a

file version.: n/a

comments.....: n/a

signers......: -

signing date.: -

verified.....: Unsigned

PEiD: NeoLite v2.0packers (F-Prot): Neolitepackers (Kaspersky): NeoLitePEInfo: PE structure information

 

[[ basic data ]]

entrypointaddress: 0x5B104

timedatestamp....: 0x3F56FFAB (Thu Sep 04 09:02:35 2003)

machinetype......: 0x14C (Intel I386)

 

[[ 6 section(s) ]]

name, viradd, virsiz, rawdsiz, ntropy, md5

.text, 0x1000, 0x10600, 0x10600, 7.82, 8edacf62de267aedcd4f442ad97269c7

.rdata, 0x12000, 0x800, 0x800, 2.99, 2fff9577d6014d1521e5314b6d483d5c

.data, 0x13000, 0xAF2C, 0x7000, 7.59, db25d2cbc7b82f0e76fb02c2e0f0f575

.data1, 0x1E000, 0x600, 0x200, 0.0, bf619eac0cdf3f68d496ea9344137e8b

.rsrc, 0x1F000, 0x3BC68, 0x3BE00, 7.93, 0b0b840af98a63ea8620f2f9ae65fadb

.neolit, 0x5B000, 0x6104, 0x1A14, 6.61, 3680e5e27ea161a153e634126e2e3970

 

[[ 4 import(s) ]]

kernel32.dll: LoadLibraryA, GetProcAddress

msvcrt.dll: floor

user32.dll: TranslateMessage

winmm.dll: waveOutWrite

Prevx Info:

http://info.prevx.com/aboutprogramtext.asp?PX5=236D0823FF7A94BBBFA804476E4D3C00A4C7D9F9CWSandbox:

http://research.sunbelt-software.com/partnerresource/MD5.aspx?md5=f82a6b9441dd7c88a68532b5a67db9c8ThreatExpert:

http://www.threatexpert.com/report.aspx?md5=f82a6b9441dd7c88a68532b5a67db9c8Androguard:

-ExifTool:

file metadata

CodeSize: 25088

EntryPoint: 0x5b104

FileSize: 304 kB

FileType: Win32 EXE

ImageVersion: 0.0

InitializedDataSize: 246784

LinkerVersion: 5.12

MIMEType: application/octet-stream

MachineType: Intel 386 or later, and compatibles

OSVersion: 4.0

PEType: PE32

Subsystem: Windows GUI

SubsystemVersion: 4.0

TimeStamp: 2003:09:04 11:02:35+02:00

UninitializedDataSize: 114176

Symantec reputation:Suspicious.Insight

Link to comment
Share on other sites

Oops! Thought it was one... I'll try again:

 

OTL logfile created on: 10/08/2011 3:36:40 p.m. - Run 4

OTL by OldTimer - Version 3.2.26.1 Folder = C:\Documents and Settings\CAROLYN\Desktop

Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation

Internet Explorer (Version = 7.0.5730.13)

Locale: 00001409 | Country: New Zealand | Language: ENZ | Date Format: d/MM/yyyy

 

1.22 Gb Total Physical Memory | 0.58 Gb Available Physical Memory | 47.87% Memory free

1.41 Gb Paging File | 0.85 Gb Available in Paging File | 60.22% Paging File free

Paging file location(s): C:\pagefile.sys 336 672 [binary data]

 

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files

Drive C: | 37.05 Gb Total Space | 10.74 Gb Free Space | 28.99% Space Free | Partition Type: NTFS

 

Computer Name: DKC | User Name: CAROLYN | Logged in as Administrator.

Boot Mode: Normal | Scan Mode: Current user

Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

 

========== Processes (SafeList) ==========

 

PRC - C:\Documents and Settings\CAROLYN\Local Settings\Application Data\Google\Chrome\Application\chrome.exe (Google Inc.)

PRC - C:\Documents and Settings\CAROLYN\Desktop\OTL.exe (OldTimer Tools)

PRC - C:\Program Files\Microsoft Security Client\msseces.exe (Microsoft Corporation)

PRC - c:\Program Files\Microsoft Security Client\Antimalware\MsMpEng.exe (Microsoft Corporation)

PRC - C:\Program Files\Real\RealPlayer\Update\realsched.exe (RealNetworks, Inc.)

PRC - C:\Program Files\OpenOffice.org 3\program\soffice.exe (OpenOffice.org)

PRC - C:\Program Files\OpenOffice.org 3\program\soffice.bin (OpenOffice.org)

PRC - C:\Program Files\PIXELA\MediaBrowser LE\MBCameraMonitor.exe (PIXELA CORPORATION)

PRC - C:\WINDOWS\explorer.exe (Microsoft Corporation)

PRC - C:\Program Files\PowerISO\PWRISOVM.EXE (PowerISO Computing, Inc.)

PRC - C:\WINDOWS\system32\spool\drivers\w32x86\3\fppdis2a.exe (FinePrint Software, LLC)

PRC - C:\Program Files\Synaptics\SynTP\SynTPLpr.exe (Synaptics, Inc.)

 

 

========== Modules (SafeList) ==========

 

MOD - C:\Documents and Settings\CAROLYN\Desktop\OTL.exe (OldTimer Tools)

MOD - C:\WINDOWS\WinSxS\x86_Microsoft.VC90.CRT_1fc8b3b9a1e18e3b_9.0.30729.6161_x-ww_31a54e43\msvcr90.dll (Microsoft Corporation)

MOD - C:\WINDOWS\WinSxS\x86_Microsoft.VC90.CRT_1fc8b3b9a1e18e3b_9.0.30729.6161_x-ww_31a54e43\msvcp90.dll (Microsoft Corporation)

MOD - C:\Documents and Settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\Chrome\Hook\rpchromebrowserrecordhelper.dll (RealNetworks, Inc.)

MOD - C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.6028_x-ww_61e65202\comctl32.dll (Microsoft Corporation)

MOD - C:\WINDOWS\system32\SynTPFcs.dll (Synaptics, Inc.)

 

 

========== Win32 Services (SafeList) ==========

 

SRV - (wuauserv) -- File not found

SRV - (McTskshd.exe) -- File not found

SRV - (McDetect.exe) -- File not found

SRV - (gupdatem) Google Update Service (gupdatem) -- File not found

SRV - (gupdate) Google Update Service (gupdate) -- File not found

SRV - (bmwebcfg) -- File not found

SRV - (AppMgmt) -- File not found

SRV - (MsMpSvc) -- c:\Program Files\Microsoft Security Client\Antimalware\MsMpEng.exe (Microsoft Corporation)

SRV - (FLEXnet Licensing Service) -- C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe (Macrovision Europe Ltd.)

SRV - (ServiceLayer) -- C:\Program Files\PC Connectivity Solution\ServiceLayer.exe (Nokia.)

 

 

========== Driver Services (SafeList) ==========

 

DRV - (MpKsl033e095e) -- c:\Documents and Settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{7FCC2CBB-F92B-4995-BCB6-55DEF86C8AD4}\MpKsl033e095e.sys (Microsoft Corporation)

DRV - (MpKslc8d2b943) -- c:\Documents and Settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{7FCC2CBB-F92B-4995-BCB6-55DEF86C8AD4}\MpKslc8d2b943.sys (Microsoft Corporation)

DRV - (MBAMSwissArmy) -- C:\WINDOWS\system32\drivers\mbamswissarmy.sys (Malwarebytes Corporation)

DRV - (mf) -- C:\WINDOWS\system32\drivers\mf.sys (Microsoft Corporation)

DRV - (SCDEmu) -- C:\WINDOWS\System32\drivers\scdemu.sys (PowerISO Computing, Inc.)

DRV - (s3017unic) Sony Ericsson Device 3017 USB Ethernet Emulation SEMC3017 (WDM) -- C:\WINDOWS\system32\drivers\s3017unic.sys (MCCI Corporation)

DRV - (s3017obex) -- C:\WINDOWS\system32\drivers\s3017obex.sys (MCCI Corporation)

DRV - (s3017mgmt) Sony Ericsson Device 3017 USB WMC Device Management Drivers (WDM) -- C:\WINDOWS\system32\drivers\s3017mgmt.sys (MCCI Corporation)

DRV - (s3017nd5) Sony Ericsson Device 3017 USB Ethernet Emulation SEMC3017 (NDIS) -- C:\WINDOWS\system32\drivers\s3017nd5.sys (MCCI Corporation)

DRV - (s3017mdm) -- C:\WINDOWS\system32\drivers\s3017mdm.sys (MCCI Corporation)

DRV - (s3017mdfl) -- C:\WINDOWS\system32\drivers\s3017mdfl.sys (MCCI Corporation)

DRV - (s3017bus) Sony Ericsson Device 3017 driver (WDM) -- C:\WINDOWS\system32\drivers\s3017bus.sys (MCCI Corporation)

DRV - (hwdatacard) -- C:\WINDOWS\system32\drivers\ewusbmdm.sys (Huawei Technologies Co., Ltd.)

DRV - (CAMCHALA) -- C:\WINDOWS\system32\drivers\camchal.sys (Conexant Systems Inc.)

DRV - (CAMCAUD) -- C:\WINDOWS\system32\drivers\camcaud.sys (Conexant Systems Inc.)

DRV - (w29n51) Intel® -- C:\WINDOWS\system32\drivers\w29n51.sys (Intel® Corporation)

DRV - (BTWUSB) -- C:\WINDOWS\system32\drivers\btwusb.sys (WIDCOMM, Inc.)

DRV - (RTL8023xp) -- C:\WINDOWS\system32\drivers\Rtlnicxp.sys (Realtek Semiconductor Corporation )

DRV - (eabfiltr) -- C:\WINDOWS\system32\drivers\eabfiltr.sys (Hewlett-Packard Company)

DRV - (HSFHWICH) -- C:\WINDOWS\system32\drivers\HSFHWICH.sys (Conexant Systems, Inc.)

DRV - (winachsf) -- C:\WINDOWS\system32\drivers\HSF_CNXT.sys (Conexant Systems, Inc.)

DRV - (HSF_DP) -- C:\WINDOWS\system32\drivers\HSF_DP.sys (Conexant Systems, Inc.)

DRV - (SMCIRDA) -- C:\WINDOWS\system32\drivers\smcirda.sys (SMC)

 

 

========== Standard Registry (SafeList) ==========

 

 

========== Internet Explorer ==========

 

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm

 

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iesearch&locale=EN_AU&c=Q105&bd=pavilion&pf=laptop

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com/

IE - HKCU\..\URLSearchHook: {A3BC75A2-1F87-4686-AA43-5347D756017C} - Reg Error: Key error. File not found

IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

 

========== FireFox ==========

 

FF - prefs.js..browser.search.defaultenginename: "Yahoo! Search"

FF - prefs.js..browser.search.selectedEngine: "Google"

FF - prefs.js..browser.search.useDBForOrder: true

FF - prefs.js..browser.startup.homepage: "http://www.google.co.uk/"

FF - prefs.js..extensions.enabledItems: avg@igeared:3.011.025.005

FF - prefs.js..extensions.enabledItems: en-GB@dictionaries.addons.mozilla.org:1.19

FF - prefs.js..extensions.enabledItems: {9ee802e8-c931-47ab-b570-aa8f791598ca}:1.5.46.0

FF - prefs.js..extensions.enabledItems: {B13721C7-F507-4982-B2E5-502A71474FED}:2.2.0.102

FF - prefs.js..extensions.enabledItems: {AE93811A-5C9A-4d34-8462-F7B864FC4696}:3.64

FF - prefs.js..keyword.URL: "http://uk.yhs.search.yahoo.com/avg/search?fr=yhs-avg&type=yahoo_avg_hs2-tb-web_uk&p="

 

FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\WINDOWS\system32\Macromed\Flash\NPSWF32.dll ()

FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found

FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()

FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)

FF - HKLM\Software\MozillaPlugins\@real.com/nppl3260;version=12.0.1.633: C:\Program Files\Real\RealPlayer\Netscape6\nppl3260.dll (RealNetworks, Inc.)

FF - HKLM\Software\MozillaPlugins\@real.com/nprjplug;version=12.0.1.633: C:\Program Files\Real\RealPlayer\Netscape6\nprjplug.dll (RealNetworks, Inc.)

FF - HKLM\Software\MozillaPlugins\@real.com/nprphtml5videoshim;version=12.0.1.633: C:\Documents and Settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprphtml5videoshim.dll (RealNetworks, Inc.)

FF - HKLM\Software\MozillaPlugins\@real.com/nprpjplug;version=12.0.1.633: C:\Program Files\Real\RealPlayer\Netscape6\nprpjplug.dll (RealNetworks, Inc.)

FF - HKLM\Software\MozillaPlugins\@real.com/nsJSRealPlayerPlugin;version=: File not found

FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.57\npGoogleUpdate3.dll File not found

FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.57\npGoogleUpdate3.dll File not found

FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 9.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)

FF - HKCU\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\WINDOWS\system32\Macromed\Flash\NPSWF32.dll ()

FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Documents and Settings\CAROLYN\Local Settings\Application Data\Google\Update\1.3.21.65\npGoogleUpdate3.dll (Google Inc.)

FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Documents and Settings\CAROLYN\Local Settings\Application Data\Google\Update\1.3.21.65\npGoogleUpdate3.dll (Google Inc.)

 

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{ABDE892B-13A8-4d1b-88E6-365A6E755758}: C:\Documents and Settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\Firefox\Ext [2011/03/20 20:56:51 | 000,000,000 | ---D | M]

 

[2008/09/14 16:45:54 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\CAROLYN\Application Data\Mozilla\Extensions

[2011/08/10 13:15:44 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\CAROLYN\Application Data\Mozilla\Firefox\Profiles\vyech33j.default\extensions

[2010/06/22 21:06:59 | 000,000,000 | ---D | M] ("StumbleUpon") -- C:\Documents and Settings\CAROLYN\Application Data\Mozilla\Firefox\Profiles\vyech33j.default\extensions\{AE93811A-5C9A-4d34-8462-F7B864FC4696}

[2008/06/18 11:26:47 | 000,000,000 | ---D | M] (British English Dictionary) -- C:\Documents and Settings\CAROLYN\Application Data\Mozilla\Firefox\Profiles\vyech33j.default\extensions\en-GB@dictionaries.addons.mozilla.org

[2010/11/08 00:39:42 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions

File not found (No name found) -- C:\DOCUMENTS AND SETTINGS\CAROLYN\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\VYECH33J.DEFAULT\EXTENSIONS\{9EE802E8-C931-47AB-B570-AA8F791598CA}

File not found (No name found) -- C:\PROGRAM FILES\AVG\AVG8\TOOLBAR\FIREFOX\AVG@IGEARED

[2009/06/22 10:48:16 | 000,115,552 | ---- | M] (Keynote Systems) -- C:\Program Files\mozilla firefox\components\FFConnectorLauncher.dll

[2009/06/22 10:48:18 | 000,239,968 | ---- | M] (Keynote Systems) -- C:\Program Files\mozilla firefox\components\FFSource.dll

 

O1 HOSTS File: ([2009/08/15 21:43:12 | 000,000,727 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts

O1 - Hosts: 127.0.0.1 localhost

O2 - BHO: (HP Print Enhancer) - {0347C33E-8762-4905-BF09-768834316C61} - C:\Program Files\HP\Smart Web Printing\hpswp_printenhancer.dll (Hewlett-Packard Co.)

O2 - BHO: (HP Print Clips) - {053F9267-DC04-4294-A72C-58F732D338C0} - C:\Program Files\HP\Smart Web Printing\hpswp_framework.dll (Hewlett-Packard Co.)

O2 - BHO: (RealPlayer Download and Record Plugin for Internet Explorer) - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Documents and Settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\IE\rpbrowserrecordplugin.dll (RealPlayer)

O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - No CLSID value found.

O2 - BHO: (Java Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - File not found

O4 - HKLM..\Run: [Cpqset] C:\Program Files\HPQ\Default Settings\Cpqset.exe ()

O4 - HKLM..\Run: [iMEKRMIG6.1] C:\WINDOWS\ime\imkr6_1\imekrmig.exe (Microsoft Corporation)

O4 - HKLM..\Run: [iMJPMIG8.1] C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE (Microsoft Corporation)

O4 - HKLM..\Run: [MSC] c:\Program Files\Microsoft Security Client\msseces.exe (Microsoft Corporation)

O4 - HKLM..\Run: [MSPY2002] C:\WINDOWS\System32\IME\PINTLGNT\ImScInst.exe ()

O4 - HKLM..\Run: [pdfFactory Dispatcher v2] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\fppdis2a.exe (FinePrint Software, LLC)

O4 - HKLM..\Run: [PHIME2002A] C:\WINDOWS\System32\IME\TINTLGNT\TINTSETP.EXE (Microsoft Corporation)

O4 - HKLM..\Run: [PHIME2002ASync] C:\WINDOWS\System32\IME\TINTLGNT\TINTSETP.EXE (Microsoft Corporation)

O4 - HKLM..\Run: [PWRISOVM.EXE] C:\Program Files\PowerISO\PWRISOVM.EXE (PowerISO Computing, Inc.)

O4 - HKLM..\Run: [synTPLpr] C:\Program Files\Synaptics\SynTP\SynTPLpr.exe (Synaptics, Inc.)

O4 - HKLM..\Run: [TkBellExe] C:\Program Files\Real\RealPlayer\update\realsched.exe (RealNetworks, Inc.)

O4 - HKLM..\RunOnce: [AvgUninstallURL] C:\WINDOWS\System32\cmd.exe (Microsoft Corporation)

O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Device Monitor LE.lnk = C:\Program Files\PIXELA\MediaBrowser LE\MBCameraMonitor.exe (PIXELA CORPORATION)

O4 - Startup: C:\Documents and Settings\CAROLYN\Start Menu\Programs\Startup\OpenOffice.org 3.3.lnk = C:\Program Files\OpenOffice.org 3\program\quickstart.exe ()

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323

O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323

O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863

O9 - Extra Button: HP Clipbook - {58ECB495-38F0-49cb-A538-10282ABF65E7} - C:\Program Files\HP\Smart Web Printing\hpswp_extensions.dll (Hewlett-Packard Co.)

O9 - Extra Button: HP Smart Select - {700259D7-1666-479a-93B1-3250410481E8} - C:\Program Files\HP\Smart Web Printing\hpswp_extensions.dll (Hewlett-Packard Co.)

O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\WINDOWS\system32\LSPTQE.DLL ()

O10 - NameSpace_Catalog5\Catalog_Entries\000000000005 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)

O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} http://fpdownload.macromedia.com/get/flashplayer/current/ultrashim.cab (Reg Error: Key error.)

O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object)

O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.)

O16 - DPF: {EF791A6B-FC12-4C68-99EF-FB9E207A39E6} http://download.mcafee.com/molbin/iss-loc/mcfscan/2,2,0,5257/mcfscan.cab (McFreeScan Class)

O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1

O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)

O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)

O20 - Winlogon\Notify\igfxcui: DllName - igfxsrvc.dll - C:\WINDOWS\System32\igfxsrvc.dll (Intel Corporation)

O24 - Desktop WallPaper: C:\Documents and Settings\CAROLYN\Local Settings\Application Data\Microsoft\Wallpaper1.bmp

O24 - Desktop BackupWallPaper: C:\Documents and Settings\CAROLYN\Local Settings\Application Data\Microsoft\Wallpaper1.bmp

O32 - HKLM CDRom: AutoRun - 1

O34 - HKLM BootExecute: (autocheck autochk *) - File not found

O35 - HKLM\..comfile [open] -- "%1" %*

O35 - HKLM\..exefile [open] -- "%1" %*

O37 - HKLM\...com [@ = comfile] -- "%1" %*

O37 - HKLM\...exe [@ = exefile] -- "%1" %*

 

========== Files/Folders - Created Within 30 Days ==========

 

[2011/08/09 18:05:38 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft Security Client

[2011/08/09 16:53:28 | 000,000,000 | ---D | C] -- C:\Documents and Settings\CAROLYN\Start Menu\Programs\Google Chrome

[2011/08/09 16:52:35 | 000,000,000 | ---D | C] -- C:\Documents and Settings\CAROLYN\Local Settings\Application Data\Google

[2011/08/09 16:51:27 | 000,000,000 | ---D | C] -- C:\Documents and Settings\CAROLYN\Local Settings\Application Data\Deployment

[2011/08/09 15:52:42 | 000,000,000 | ---D | C] -- C:\Documents and Settings\CAROLYN\Application Data\Malwarebytes

[2011/08/09 15:52:31 | 000,041,272 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys

[2011/08/09 15:52:31 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Malwarebytes' Anti-Malware

[2011/08/09 15:52:30 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Malwarebytes

[2011/08/09 15:52:27 | 000,022,712 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys

[2011/08/09 15:52:26 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware

[2011/08/09 15:50:52 | 009,466,208 | ---- | C] (Malwarebytes Corporation ) -- C:\Documents and Settings\CAROLYN\Desktop\mbam-setup-1.51.1.1800.exe

[2011/08/08 11:43:28 | 000,000,000 | --SD | C] -- C:\ComboFix

[2011/08/07 17:47:17 | 000,000,000 | ---D | C] -- C:\_OTL

[2011/08/05 19:51:13 | 004,165,468 | R--- | C] (Swearware) -- C:\Documents and Settings\CAROLYN\Desktop\ComboFix1.exe

[2011/08/05 16:48:17 | 000,000,000 | RHSD | C] -- C:\cmdcons

[2011/08/05 16:41:03 | 000,518,144 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWREG.exe

[2011/08/05 16:41:03 | 000,406,528 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWSC.exe

[2011/08/05 16:41:03 | 000,212,480 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWXCACLS.exe

[2011/08/05 16:41:03 | 000,060,416 | ---- | C] (NirSoft) -- C:\WINDOWS\NIRCMD.exe

[2011/08/05 16:40:53 | 000,000,000 | ---D | C] -- C:\WINDOWS\ERDNT

[2011/08/05 16:40:47 | 000,000,000 | ---D | C] -- C:\Qoobox

[2011/08/05 16:37:10 | 004,165,965 | R--- | C] (Swearware) -- C:\Documents and Settings\CAROLYN\Desktop\ComboFix.exe

[2011/08/05 12:08:53 | 000,579,584 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\CAROLYN\Desktop\OTL.exe

[2011/08/04 17:46:27 | 000,607,017 | R--- | C] (Swearware) -- C:\Documents and Settings\CAROLYN\Desktop\dds.com

[2011/07/31 10:59:35 | 000,222,080 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\MpSigStub.exe

[2011/07/30 20:04:27 | 000,116,224 | ---- | C] (Xerox) -- C:\WINDOWS\System32\dllcache\xrxwiadr.dll

[2011/07/30 20:04:18 | 000,023,040 | ---- | C] (Xerox Corporation) -- C:\WINDOWS\System32\dllcache\xrxwbtmp.dll

[2011/07/30 20:03:56 | 000,004,608 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\xrxflnch.exe

[2011/07/30 20:03:41 | 000,099,865 | ---- | C] (Eicon Technology) -- C:\WINDOWS\System32\dllcache\xlog.exe

[2011/07/30 20:03:30 | 000,016,970 | ---- | C] (US Robotics MCD (Megahertz)) -- C:\WINDOWS\System32\dllcache\xem336n5.sys

[2011/07/30 20:03:25 | 000,019,455 | ---- | C] (Intel® Corporation) -- C:\WINDOWS\System32\dllcache\wvchntxx.sys

[2011/07/30 20:03:15 | 000,019,200 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\wstcodec.sys

[2011/07/30 20:03:12 | 000,012,063 | ---- | C] (Intel® Corporation) -- C:\WINDOWS\System32\dllcache\wsiintxx.sys

[2011/07/30 20:01:12 | 000,154,624 | ---- | C] (Lucent Technologies) -- C:\WINDOWS\System32\dllcache\wlluc48.sys

[2011/07/30 20:01:01 | 000,034,890 | ---- | C] (Raytheon Corp.) -- C:\WINDOWS\System32\dllcache\wlandrv2.sys

[2011/07/30 20:00:41 | 000,771,581 | ---- | C] (Rockwell) -- C:\WINDOWS\System32\dllcache\winacisa.sys

[2011/07/30 20:00:22 | 000,053,760 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\wiamsmud.dll

[2011/07/30 20:00:13 | 000,087,040 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\wiafbdrv.dll

[2011/07/30 20:00:11 | 000,031,232 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\weitekp9.sys

[2011/07/30 20:00:10 | 000,041,600 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\weitekp9.dll

[2011/07/30 20:00:00 | 000,701,386 | ---- | C] (3Com Corporation) -- C:\WINDOWS\System32\dllcache\wdhaalba.sys

[2011/07/30 19:59:57 | 000,023,615 | ---- | C] (Intel® Corporation) -- C:\WINDOWS\System32\dllcache\wch7xxnt.sys

[2011/07/30 19:59:54 | 000,031,744 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\wceusbsh.sys

[2011/07/30 19:59:45 | 000,035,871 | ---- | C] (Winbond Electronics Corp.) -- C:\WINDOWS\System32\dllcache\wbfirdma.sys

[2011/07/30 19:59:35 | 000,033,599 | ---- | C] (Intel® Corporation) -- C:\WINDOWS\System32\dllcache\watv04nt.sys

[2011/07/30 19:59:32 | 000,019,551 | ---- | C] (Intel® Corporation) -- C:\WINDOWS\System32\dllcache\watv02nt.sys

[2011/07/30 19:59:29 | 000,029,311 | ---- | C] (Intel® Corporation) -- C:\WINDOWS\System32\dllcache\watv01nt.sys

[2011/07/30 19:59:25 | 000,011,775 | ---- | C] (Intel® Corporation) -- C:\WINDOWS\System32\dllcache\wadv05nt.sys

[2011/07/30 19:59:23 | 000,012,127 | ---- | C] (Intel® Corporation) -- C:\WINDOWS\System32\dllcache\wadv02nt.sys

[2011/07/30 19:59:20 | 000,012,415 | ---- | C] (Intel® Corporation) -- C:\WINDOWS\System32\dllcache\wadv01nt.sys

[2011/07/30 19:59:09 | 000,016,925 | ---- | C] (Winbond Electronics Corporation) -- C:\WINDOWS\System32\dllcache\w940nd.sys

[2011/07/30 19:59:00 | 000,019,016 | ---- | C] (Winbond Electronics Corporation) -- C:\WINDOWS\System32\dllcache\w926nd.sys

[2011/07/30 19:58:51 | 000,019,528 | ---- | C] (Winbond Electronics Corporation) -- C:\WINDOWS\System32\dllcache\w840nd.sys

[2011/07/30 19:58:50 | 000,048,256 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\w32.dll

[2011/07/30 19:58:41 | 000,064,605 | ---- | C] (PCtel, Inc.) -- C:\WINDOWS\System32\dllcache\vvoice.sys

[2011/07/30 19:58:29 | 000,397,502 | ---- | C] (PCtel, Inc.) -- C:\WINDOWS\System32\dllcache\vpctcom.sys

[2011/07/30 19:58:20 | 000,604,253 | ---- | C] (PCTEL, INC.) -- C:\WINDOWS\System32\dllcache\vmodem.sys

[2011/07/30 19:58:10 | 000,249,402 | ---- | C] (Xircom) -- C:\WINDOWS\System32\dllcache\vinwm.sys

[2011/07/30 19:58:01 | 000,024,576 | ---- | C] (VIA Technologies, Inc.) -- C:\WINDOWS\System32\dllcache\viairda.sys

[2011/07/30 19:57:54 | 000,053,760 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\vfwwdm32.dll

[2011/07/30 19:57:43 | 000,687,999 | ---- | C] (U.S. Robotics Corporation) -- C:\WINDOWS\System32\dllcache\usrwdxjs.sys

[2011/07/30 19:57:33 | 000,765,884 | ---- | C] (U.S. Robotics, Inc.) -- C:\WINDOWS\System32\dllcache\usrti.sys

[2011/07/30 19:57:23 | 000,113,762 | ---- | C] (U.S. Robotics Corporation) -- C:\WINDOWS\System32\dllcache\usrpda.sys

[2011/07/30 19:57:14 | 000,007,556 | ---- | C] (U.S. Robotics Corporation) -- C:\WINDOWS\System32\dllcache\usroslba.sys

[2011/07/30 19:57:02 | 000,224,802 | ---- | C] (U.S. Robotics Corporation) -- C:\WINDOWS\System32\dllcache\usr1807a.sys

[2011/07/30 19:56:53 | 000,794,399 | ---- | C] (U.S. Robotics, Inc.) -- C:\WINDOWS\System32\dllcache\usr1806v.sys

[2011/07/30 19:56:44 | 000,793,598 | ---- | C] (U.S. Robotics, Inc.) -- C:\WINDOWS\System32\dllcache\usr1806.sys

[2011/07/30 19:56:35 | 000,794,654 | ---- | C] (U.S. Robotics, Inc.) -- C:\WINDOWS\System32\dllcache\usr1801.sys

[2011/07/30 19:56:30 | 000,026,112 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\usbser.sys

[2011/07/30 19:56:27 | 000,017,152 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\usbohci.sys

[2011/07/30 19:56:23 | 000,060,032 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\usbaudio.sys

[2011/07/30 19:56:19 | 000,032,384 | ---- | C] (KLSI USA, Inc.) -- C:\WINDOWS\System32\dllcache\usb101et.sys

[2011/07/30 19:56:06 | 000,094,720 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\umaxud32.dll

[2011/07/30 19:55:57 | 000,028,160 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\umaxu40.dll

[2011/07/30 19:55:48 | 000,026,624 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\umaxu22.dll

[2011/07/30 19:55:39 | 000,069,632 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\umaxu12.dll

[2011/07/30 19:55:30 | 000,050,688 | ---- | C] (UMAX DATA SYSTEMS INC.) -- C:\WINDOWS\System32\dllcache\umaxscan.dll

[2011/07/30 19:55:21 | 000,022,912 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\umaxpcls.sys

[2011/07/30 19:55:12 | 000,050,176 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\umaxp60.dll

[2011/07/30 19:55:03 | 000,047,616 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\umaxcam.dll

[2011/07/30 19:54:54 | 000,211,968 | ---- | C] (UMAX Data Systems Inc.) -- C:\WINDOWS\System32\dllcache\um54scan.dll

[2011/07/30 19:54:45 | 000,216,064 | ---- | C] (UMAX Data Systems Inc.) -- C:\WINDOWS\System32\dllcache\um34scan.dll

[2011/07/30 19:54:36 | 000,036,736 | ---- | C] (Promise Technology, Inc.) -- C:\WINDOWS\System32\dllcache\ultra.sys

[2011/07/30 19:54:25 | 000,011,520 | ---- | C] (IBM Corporation) -- C:\WINDOWS\System32\dllcache\twotrack.sys

[2011/07/30 19:54:23 | 000,014,336 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\tsprof.exe

[2011/07/30 19:54:12 | 000,166,784 | ---- | C] (Trident Microsystems Inc.) -- C:\WINDOWS\System32\dllcache\tridxpm.sys

[2011/07/30 19:54:03 | 000,525,568 | ---- | C] (Trident Microsystems Inc.) -- C:\WINDOWS\System32\dllcache\tridxp.dll

[2011/07/30 19:53:54 | 000,159,232 | ---- | C] (Trident Microsystems Inc.) -- C:\WINDOWS\System32\dllcache\tridkbm.sys

[2011/07/30 19:53:45 | 000,440,576 | ---- | C] (Trident Microsystems Inc.) -- C:\WINDOWS\System32\dllcache\tridkb.dll

[2011/07/30 19:53:36 | 000,222,336 | ---- | C] (Trident Microsystems Inc.) -- C:\WINDOWS\System32\dllcache\trid3dm.sys

[2011/07/30 19:53:27 | 000,315,520 | ---- | C] (Trident Microsystems Inc.) -- C:\WINDOWS\System32\dllcache\trid3d.dll

[2011/07/30 19:53:17 | 000,034,375 | ---- | C] (Intel Corporation) -- C:\WINDOWS\System32\dllcache\tpro4.sys

[2011/07/30 19:53:08 | 000,042,496 | ---- | C] (IBM Corporation) -- C:\WINDOWS\System32\dllcache\tp4res.dll

[2011/07/30 19:53:06 | 000,082,944 | ---- | C] (IBM Corporation) -- C:\WINDOWS\System32\dllcache\tp4mon.exe

[2011/07/30 19:52:56 | 000,031,744 | ---- | C] (IBM Corporation) -- C:\WINDOWS\System32\dllcache\tp4.dll

[2011/07/30 19:52:46 | 000,004,992 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\toside.sys

[2011/07/30 19:52:37 | 000,230,912 | ---- | C] (Toshiba Corporation) -- C:\WINDOWS\System32\dllcache\tosdvd03.sys

[2011/07/30 19:52:28 | 000,241,664 | ---- | C] (Toshiba Corporation) -- C:\WINDOWS\System32\dllcache\tosdvd02.sys

[2011/07/30 19:52:19 | 000,028,232 | ---- | C] (TOSHIBA Corporation) -- C:\WINDOWS\System32\dllcache\tos4mo.sys

[2011/07/30 19:52:10 | 000,123,995 | ---- | C] (Tiger Jet Network) -- C:\WINDOWS\System32\dllcache\tjisdn.sys

[2011/07/30 19:51:59 | 000,138,528 | ---- | C] (Trident Microsystems Inc.) -- C:\WINDOWS\System32\dllcache\tgiulnt5.sys

[2011/07/30 19:51:50 | 000,081,408 | ---- | C] (Trident Microsystems Inc.) -- C:\WINDOWS\System32\dllcache\tgiul50.dll

[2011/07/30 19:51:48 | 000,149,376 | ---- | C] (M-Systems) -- C:\WINDOWS\System32\dllcache\tffsport.sys

[2011/07/30 19:51:46 | 000,019,464 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\tdspx.sys

[2011/07/30 19:51:37 | 000,017,129 | ---- | C] (TDK Corporation) -- C:\WINDOWS\System32\dllcache\tdkcd31.sys

[2011/07/30 19:51:29 | 000,037,961 | ---- | C] (TDK Corporation) -- C:\WINDOWS\System32\dllcache\tdk100b.sys

[2011/07/30 19:51:28 | 000,021,896 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\tdipx.sys

[2011/07/30 19:51:27 | 000,013,192 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\tdasync.sys

[2011/07/30 19:51:17 | 000,030,464 | ---- | C] (Toshiba Corporation) -- C:\WINDOWS\System32\dllcache\tbatm155.sys

[2011/07/30 19:51:07 | 000,007,040 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\tandqic.sys

[2011/07/30 19:50:58 | 000,036,640 | ---- | C] (Number Nine Visual Technology Corp.) -- C:\WINDOWS\System32\dllcache\t2r4mini.sys

[2011/07/30 19:50:49 | 000,172,768 | ---- | C] (Number Nine Visual Technology) -- C:\WINDOWS\System32\dllcache\t2r4disp.dll

[2011/07/30 19:50:36 | 000,032,640 | ---- | C] (LSI Logic) -- C:\WINDOWS\System32\dllcache\symc8xx.sys

[2011/07/30 19:50:28 | 000,016,256 | ---- | C] (Symbios Logic Inc.) -- C:\WINDOWS\System32\dllcache\symc810.sys

[2011/07/30 19:50:20 | 000,030,688 | ---- | C] (LSI Logic) -- C:\WINDOWS\System32\dllcache\sym_u3.sys

[2011/07/30 19:50:11 | 000,028,384 | ---- | C] (LSI Logic) -- C:\WINDOWS\System32\dllcache\sym_hi.sys

[2011/07/30 19:50:03 | 000,094,293 | ---- | C] (Perle Systems Ltd. ) -- C:\WINDOWS\System32\dllcache\sxports.dll

[2011/07/30 19:49:55 | 000,103,936 | ---- | C] (Perle Systems Ltd. ) -- C:\WINDOWS\System32\dllcache\sx.sys

[2011/07/30 19:49:47 | 000,003,968 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\swusbflt.sys

[2011/07/30 19:49:39 | 000,010,240 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\swpidflt.dll

[2011/07/30 19:49:31 | 000,010,240 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\swpdflt2.dll

[2011/07/30 19:49:22 | 000,053,760 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\sw_wheel.dll

[2011/07/30 19:49:14 | 000,041,472 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\sw_effct.dll

[2011/07/30 19:49:11 | 000,015,232 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\streamip.sys

[2011/07/30 19:49:02 | 000,155,648 | ---- | C] (Stallion Technologies) -- C:\WINDOWS\System32\dllcache\stlnprop.dll

[2011/07/30 19:48:54 | 000,053,248 | ---- | C] (Stallion Technologies) -- C:\WINDOWS\System32\dllcache\stlncoin.dll

[2011/07/30 19:48:46 | 000,285,760 | ---- | C] (Stallion Technologies) -- C:\WINDOWS\System32\dllcache\stlnata.sys

[2011/07/30 19:48:37 | 000,016,896 | ---- | C] (SCM Microsystems, Inc.) -- C:\WINDOWS\System32\dllcache\stcusb.sys

[2011/07/30 19:48:24 | 000,048,736 | ---- | C] (3Com) -- C:\WINDOWS\System32\dllcache\srwlnd5.sys

[2011/07/30 19:48:15 | 000,099,328 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\srusd.dll

[2011/07/30 19:48:14 | 000,101,376 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\srusbusd.dll

[2011/07/30 19:48:01 | 000,024,660 | ---- | C] (Perle Systems Ltd.) -- C:\WINDOWS\System32\dllcache\spxupchk.dll

[2011/07/30 19:47:50 | 000,061,824 | ---- | C] (Perle Systems Ltd.) -- C:\WINDOWS\System32\dllcache\speed.sys

[2011/07/30 19:47:42 | 000,106,584 | ---- | C] (Perle Systems Ltd.) -- C:\WINDOWS\System32\dllcache\spdports.dll

[2011/07/30 19:47:34 | 000,019,072 | ---- | C] (Adaptec, Inc.) -- C:\WINDOWS\System32\dllcache\sparrow.sys

[2011/07/30 19:47:24 | 000,007,552 | ---- | C] (Sony Corporation) -- C:\WINDOWS\System32\dllcache\sonypvu1.sys

[2011/07/30 19:47:16 | 000,037,040 | ---- | C] (Sony Corporation) -- C:\WINDOWS\System32\dllcache\sonypi.sys

[2011/07/30 19:47:08 | 000,114,688 | ---- | C] (Sony Corporation) -- C:\WINDOWS\System32\dllcache\sonypi.dll

[2011/07/30 19:47:01 | 000,020,752 | ---- | C] (Sony Corporation) -- C:\WINDOWS\System32\dllcache\sonync.sys

[2011/07/30 19:46:52 | 000,009,600 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\sonymc.sys

[2011/07/30 19:46:49 | 000,007,552 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\sonyait.sys

[2011/07/30 19:46:41 | 000,007,040 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\snyaitmc.sys

[2011/07/30 19:46:40 | 000,007,168 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\EXCH_snprfdll.dll

[2011/07/30 19:46:39 | 000,010,240 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\snmpstup.dll

[2011/07/30 19:46:33 | 000,012,288 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\EXCH_smtpctrs.dll

[2011/07/30 19:46:32 | 000,005,632 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\smimsgif.dll

[2011/07/30 19:46:24 | 000,058,368 | ---- | C] (Silicon Motion Inc.) -- C:\WINDOWS\System32\dllcache\smiminib.sys

[2011/07/30 19:46:23 | 000,015,872 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\smierrsm.dll

[2011/07/30 19:46:23 | 000,005,632 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\smierrsy.dll

[2011/07/30 19:46:15 | 000,147,200 | ---- | C] (Silicon Motion Inc.) -- C:\WINDOWS\System32\dllcache\smidispb.dll

[2011/07/30 19:45:49 | 000,025,034 | ---- | C] (SMC Networks, Inc.) -- C:\WINDOWS\System32\dllcache\smcpwr2n.sys

[2011/07/30 19:45:41 | 000,024,576 | ---- | C] (SMC Networks, Inc.) -- C:\WINDOWS\System32\dllcache\smc8000n.sys

[2011/07/30 19:45:33 | 000,006,784 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\smbhc.sys

[2011/07/30 19:45:30 | 000,006,912 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\smbclass.sys

[2011/07/30 19:45:27 | 000,031,744 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\smb6w.dll

[2011/07/30 19:45:27 | 000,016,000 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\smbbatt.sys

[2011/07/30 19:45:19 | 000,045,568 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\smb3w.dll

[2011/07/30 19:45:11 | 000,033,792 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\smb0w.dll

[2011/07/30 19:45:10 | 000,031,744 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\sma3w.dll

[2011/07/30 19:45:02 | 000,028,672 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\sma0w.dll

[2011/07/30 19:45:01 | 000,038,912 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\sm9aw.dll

[2011/07/30 19:45:01 | 000,026,624 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\sm93w.dll

[2011/07/30 19:45:00 | 000,026,624 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\sm92w.dll

[2011/07/30 19:44:53 | 000,028,160 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\sm91w.dll

[2011/07/30 19:44:52 | 000,026,112 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\sm90w.dll

[2011/07/30 19:44:52 | 000,026,112 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\sm8dw.dll

[2011/07/30 19:44:51 | 000,029,184 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\sm8cw.dll

[2011/07/30 19:44:51 | 000,026,112 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\sm8aw.dll

[2011/07/30 19:44:50 | 000,030,208 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\sm87w.dll

[2011/07/30 19:44:50 | 000,026,112 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\sm89w.dll

[2011/07/30 19:44:49 | 000,030,208 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\sm81w.dll

[2011/07/30 19:44:49 | 000,025,088 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\sm59w.dll

[2011/07/30 19:44:45 | 000,011,136 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\slip.sys

[2011/07/30 19:44:42 | 000,063,547 | ---- | C] (Symbol Technologies) -- C:\WINDOWS\System32\dllcache\sla30nd5.sys

[2011/07/30 19:44:34 | 000,091,294 | ---- | C] (SysKonnect, a business unit of Schneider & Koch & Co. Datensysteme GmbH.) -- C:\WINDOWS\System32\dllcache\skfpwin.sys

[2011/07/30 19:44:26 | 000,094,698 | ---- | C] (SysKonnect GmbH.) -- C:\WINDOWS\System32\dllcache\sk98xwin.sys

[2011/07/30 19:44:18 | 000,157,696 | ---- | C] (Silicon Integrated Systems Corporation) -- C:\WINDOWS\System32\dllcache\sisv256.dll

[2011/07/30 19:44:10 | 000,050,432 | ---- | C] (Silicon Integrated Systems Corporation) -- C:\WINDOWS\System32\dllcache\sisv.sys

[2011/07/30 19:44:07 | 000,032,768 | ---- | C] (SiS Corporation) -- C:\WINDOWS\System32\dllcache\sisnic.sys

[2011/07/30 19:44:00 | 000,238,592 | ---- | C] (Silicon Integrated Systems Corporation) -- C:\WINDOWS\System32\dllcache\sisgrv.dll

[2011/07/30 19:43:52 | 000,104,064 | ---- | C] (Silicon Integrated Systems Corporation) -- C:\WINDOWS\System32\dllcache\sisgrp.sys

[2011/07/30 19:43:44 | 000,150,144 | ---- | C] (Silicon Integrated Systems Corporation) -- C:\WINDOWS\System32\dllcache\sis6306v.dll

[2011/07/30 19:43:36 | 000,068,608 | ---- | C] (Silicon Integrated Systems Corporation) -- C:\WINDOWS\System32\dllcache\sis6306p.sys

[2011/07/30 19:43:28 | 000,252,032 | ---- | C] (Silicon Integrated Systems Corporation) -- C:\WINDOWS\System32\dllcache\sis300iv.dll

[2011/07/30 19:43:20 | 000,101,760 | ---- | C] (Silicon Integrated Systems Corporation) -- C:\WINDOWS\System32\dllcache\sis300ip.sys

[2011/07/30 19:43:19 | 000,018,944 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\simptcp.dll

[2011/07/30 19:42:56 | 000,161,568 | ---- | C] (Micro Systemation) -- C:\WINDOWS\System32\dllcache\sgsmusb.sys

[2011/07/30 19:42:48 | 000,018,400 | ---- | C] (Micro Systemation) -- C:\WINDOWS\System32\dllcache\sgsmld.sys

[2011/07/30 19:42:40 | 000,098,080 | ---- | C] (Trident Microsystems Inc.) -- C:\WINDOWS\System32\dllcache\sgiulnt5.sys

[2011/07/30 19:42:32 | 000,386,560 | ---- | C] (Trident Microsystems Inc.) -- C:\WINDOWS\System32\dllcache\sgiul50.dll

[2011/07/30 19:42:24 | 000,036,480 | ---- | C] (Creative Technology Ltd.) -- C:\WINDOWS\System32\dllcache\sfmanm.sys

[2011/07/30 19:42:13 | 000,006,784 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\serscan.sys

[2011/07/30 19:42:05 | 000,017,664 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\sermouse.sys

[2011/07/30 19:42:04 | 000,026,112 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\EXCH_seos.dll

[2011/07/30 19:41:55 | 000,006,912 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\seaddsmc.sys

[2011/07/30 19:41:52 | 000,011,520 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\scsiscan.sys

[2011/07/30 19:41:44 | 000,011,648 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\scsiprnt.sys

[2011/07/30 19:41:43 | 000,057,856 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\EXCH_scripto.dll

[2011/07/30 19:41:34 | 000,017,280 | ---- | C] (SCM Microsystems) -- C:\WINDOWS\System32\dllcache\scr111.sys

[2011/07/30 19:41:26 | 000,016,640 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\scmstcs.sys

[2011/07/30 19:41:17 | 000,023,936 | ---- | C] (OMNIKEY AG) -- C:\WINDOWS\System32\dllcache\sccmusbm.sys

[2011/07/30 19:41:10 | 000,023,936 | ---- | C] (OMNIKEY AG) -- C:\WINDOWS\System32\dllcache\sccmn50m.sys

[2011/07/30 19:41:06 | 000,043,904 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\sbp2port.sys

[2011/07/30 19:40:58 | 000,495,616 | ---- | C] (Creative Technology Ltd.) -- C:\WINDOWS\System32\dllcache\sblfx.dll

[2011/07/30 19:40:48 | 000,075,392 | ---- | C] (S3 Graphics, Inc.) -- C:\WINDOWS\System32\dllcache\s3savmxm.sys

[2011/07/30 19:40:40 | 000,245,632 | ---- | C] (S3 Graphics, Inc.) -- C:\WINDOWS\System32\dllcache\s3savmx.dll

[2011/07/30 19:40:32 | 000,077,824 | ---- | C] (S3 Incorporated) -- C:\WINDOWS\System32\dllcache\s3sav4m.sys

[2011/07/30 19:40:24 | 000,198,400 | ---- | C] (S3 Incorporated) -- C:\WINDOWS\System32\dllcache\s3sav4.dll

[2011/07/30 19:40:16 | 000,061,504 | ---- | C] (S3 Incorporated) -- C:\WINDOWS\System32\dllcache\s3sav3dm.sys

[2011/07/30 19:40:08 | 000,179,264 | ---- | C] (S3 Incorporated) -- C:\WINDOWS\System32\dllcache\s3sav3d.dll

[2011/07/30 19:40:00 | 000,210,496 | ---- | C] (S3 Incorporated) -- C:\WINDOWS\System32\dllcache\s3mvirge.dll

[2011/07/30 19:39:51 | 000,062,496 | ---- | C] (S3 Incorporated) -- C:\WINDOWS\System32\dllcache\s3mtrio.dll

[2011/07/30 19:39:43 | 000,041,216 | ---- | C] (S3 Incorporated) -- C:\WINDOWS\System32\dllcache\s3mt3d.sys

[2011/07/30 19:39:36 | 000,182,272 | ---- | C] (S3 Incorporated) -- C:\WINDOWS\System32\dllcache\s3mt3d.dll

[2011/07/30 19:39:28 | 000,166,720 | ---- | C] (S3 Incorporated) -- C:\WINDOWS\System32\dllcache\s3m.sys

[2011/07/30 19:39:20 | 000,065,664 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\s3legacy.sys

[2011/07/30 19:39:11 | 000,082,432 | ---- | C] (Ricoh Co., Ltd.) -- C:\WINDOWS\System32\dllcache\rwia450.dll

[2011/07/30 19:39:04 | 000,079,872 | ---- | C] (Ricoh Co., Ltd.) -- C:\WINDOWS\System32\dllcache\rwia430.dll

[2011/07/30 19:39:03 | 000,079,872 | ---- | C] (Ricoh Co., Ltd.) -- C:\WINDOWS\System32\dllcache\rwia330.dll

[2011/07/30 19:39:03 | 000,079,872 | ---- | C] (Ricoh Co., Ltd.) -- C:\WINDOWS\System32\dllcache\rwia001.dll

[2011/07/30 19:39:00 | 000,029,696 | ---- | C] (Ricoh Co., Ltd.) -- C:\WINDOWS\System32\dllcache\rw450ext.dll

[2011/07/30 19:38:58 | 000,027,648 | ---- | C] (Ricoh Co., Ltd.) -- C:\WINDOWS\System32\dllcache\rw430ext.dll

[2011/07/30 19:38:53 | 000,020,992 | ---- | C] (Realtek Semiconductor Corporation) -- C:\WINDOWS\System32\dllcache\rtl8139.sys

[2011/07/30 19:38:45 | 000,019,017 | ---- | C] (Realtek Semiconductor Corporation) -- C:\WINDOWS\System32\dllcache\rtl8029.sys

[2011/07/30 19:38:38 | 000,030,720 | ---- | C] (Conexant Systems Inc.) -- C:\WINDOWS\System32\dllcache\rthwcls.sys

[2011/07/30 19:38:28 | 000,009,216 | ---- | C] (Brother Industries, Ltd.) -- C:\WINDOWS\System32\dllcache\rsmgrstr.dll

[2011/07/30 19:38:19 | 000,003,840 | ---- | C] (Conexant Systems Inc.) -- C:\WINDOWS\System32\dllcache\rpfun.sys

[2011/07/30 19:38:15 | 000,079,104 | ---- | C] (Comtrol Corporation) -- C:\WINDOWS\System32\dllcache\rocket.sys

[2011/07/30 19:38:05 | 000,037,563 | ---- | C] (RadioLAN) -- C:\WINDOWS\System32\dllcache\rlnet5.sys

[2011/07/30 19:37:56 | 000,086,097 | ---- | C] (Xircom) -- C:\WINDOWS\System32\dllcache\reslog32.dll

[2011/07/30 19:37:54 | 000,023,040 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\EXCH_regtrace.exe

[2011/07/30 19:37:53 | 000,014,848 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\register.exe

[2011/07/30 19:37:35 | 000,714,762 | ---- | C] (Xircom, Inc.) -- C:\WINDOWS\System32\dllcache\r2mdmkxx.sys

[2011/07/30 19:37:28 | 000,899,146 | ---- | C] (Xircom, Inc.) -- C:\WINDOWS\System32\dllcache\r2mdkxga.sys

[2011/07/30 19:37:20 | 000,041,472 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\qvusd.dll

[2011/07/30 19:37:11 | 000,003,328 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\qv2kux.sys

[2011/07/30 19:37:10 | 000,016,384 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\quser.exe

[2011/07/30 19:37:09 | 000,009,728 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\query.exe

[2011/07/30 19:36:58 | 000,049,024 | ---- | C] (QLogic Corporation) -- C:\WINDOWS\System32\dllcache\ql1280.sys

[2011/07/30 19:36:50 | 000,040,448 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\ql1240.sys

[2011/07/30 19:36:41 | 000,045,312 | ---- | C] (QLogic Corporation) -- C:\WINDOWS\System32\dllcache\ql12160.sys

[2011/07/30 19:36:34 | 000,033,152 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\ql10wnt.sys

[2011/07/30 19:36:25 | 000,040,320 | ---- | C] (QLogic Corporation) -- C:\WINDOWS\System32\dllcache\ql1080.sys

[2011/07/30 19:36:23 | 000,006,016 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\qic157.sys

[2011/07/30 19:36:12 | 000,130,942 | ---- | C] (PCTEL, INC.) -- C:\WINDOWS\System32\dllcache\ptserlv.sys

[2011/07/30 19:36:04 | 000,112,574 | ---- | C] (PCTEL, INC.) -- C:\WINDOWS\System32\dllcache\ptserlp.sys

[2011/07/30 19:35:57 | 000,128,286 | ---- | C] (PCTEL, INC.) -- C:\WINDOWS\System32\dllcache\ptserli.sys

[2011/07/30 19:35:54 | 000,159,232 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\ptpusd.dll

[2011/07/30 19:35:47 | 000,005,632 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\ptpusb.dll

[2011/07/30 19:35:34 | 000,035,328 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\psisload.dll

[2011/07/30 19:35:23 | 000,016,128 | ---- | C] (SCM Microsystems, Inc.) -- C:\WINDOWS\System32\dllcache\pscr.sys

[2011/07/30 19:35:18 | 000,017,664 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\ppa3.sys

[2011/07/30 19:35:09 | 000,017,792 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\ppa.sys

[2011/07/30 19:35:07 | 000,008,832 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\powerfil.sys

[2011/07/30 19:34:56 | 000,007,168 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\pnrmc.sys

[2011/07/30 19:34:55 | 000,131,584 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\pmxviceo.dll

[2011/07/30 19:34:54 | 000,011,264 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\pmxmcro.dll

[2011/07/30 19:34:54 | 000,006,144 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\pmxgl.dll

[2011/07/30 19:34:44 | 000,121,344 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\phvfwext.dll

[2011/07/30 19:34:36 | 000,019,840 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\philtune.sys

[2011/07/30 19:34:28 | 000,092,416 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\phildec.sys

[2011/07/30 19:34:20 | 000,173,696 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\philcam2.sys

[2011/07/30 19:34:12 | 000,075,776 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\philcam1.sys

[2011/07/30 19:34:05 | 000,016,384 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\philcam1.dll

[2011/07/30 19:33:57 | 000,105,984 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\phdsext.ax

[2011/07/30 19:33:55 | 000,259,328 | ---- | C] (Microsoft Corp., 3Dlabs Inc. Ltd.) -- C:\WINDOWS\System32\dllcache\perm3dd.dll

[2011/07/30 19:33:53 | 000,028,032 | ---- | C] (Microsoft Corp., 3Dlabs Inc. Ltd.) -- C:\WINDOWS\System32\dllcache\perm3.sys

[2011/07/30 19:33:50 | 000,211,584 | ---- | C] (Microsoft Corp., 3Dlabs Inc. Ltd.) -- C:\WINDOWS\System32\dllcache\perm2dll.dll

[2011/07/30 19:33:48 | 000,027,904 | ---- | C] (Microsoft Corp., 3Dlabs Inc. Ltd.) -- C:\WINDOWS\System32\dllcache\perm2.sys

[2011/07/30 19:33:40 | 000,005,504 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\perc2hib.sys

[2011/07/30 19:33:32 | 000,027,296 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\perc2.sys

[2011/07/30 19:33:29 | 000,169,984 | ---- | C] (Cisco Systems) -- C:\WINDOWS\System32\dllcache\pcx500.sys

[2011/07/30 19:33:22 | 000,086,016 | ---- | C] (PCtel, Inc.) -- C:\WINDOWS\System32\dllcache\pctspk.exe

[2011/07/30 19:33:14 | 000,035,328 | ---- | C] (AMD Inc.) -- C:\WINDOWS\System32\dllcache\pcntpci5.sys

[2011/07/30 19:33:07 | 000,029,769 | ---- | C] (AMD Inc.) -- C:\WINDOWS\System32\dllcache\pcntn5m.sys

[2011/07/30 19:32:59 | 000,030,282 | ---- | C] (AMD Inc.) -- C:\WINDOWS\System32\dllcache\pcntn5hl.sys

[2011/07/30 19:32:50 | 000,026,153 | ---- | C] (Linksys) -- C:\WINDOWS\System32\dllcache\pcmlm56.sys

[2011/07/30 19:32:47 | 000,029,502 | ---- | C] (Marconi Communications, Inc.) -- C:\WINDOWS\System32\dllcache\pca200e.sys

[2011/07/30 19:32:39 | 000,030,495 | ---- | C] (Linksys) -- C:\WINDOWS\System32\dllcache\pc100nds.sys

[2011/07/30 19:32:29 | 000,041,984 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\ovui2rc.dll

[2011/07/30 19:32:20 | 000,044,544 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\ovui2.dll

[2011/07/30 19:32:12 | 000,025,216 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\ovsound2.sys

[2011/07/30 19:32:05 | 000,039,424 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\ovcoms.exe

[2011/07/30 19:31:57 | 000,020,480 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\ovcomc.dll

[2011/07/30 19:31:49 | 000,351,616 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\ovcodek2.sys

[2011/07/30 19:31:41 | 000,116,736 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\ovcodec2.dll

[2011/07/30 19:31:32 | 000,031,872 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\ovce.sys

[2011/07/30 19:31:25 | 000,028,032 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\ovcd.sys

[2011/07/30 19:31:17 | 000,048,000 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\ovcam2.sys

[2011/07/30 19:31:10 | 000,025,088 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\ovca.sys

[2011/07/30 19:31:02 | 000,054,186 | ---- | C] (Ositech Communications, Inc.) -- C:\WINDOWS\System32\dllcache\otcsercb.sys

[2011/07/30 19:30:54 | 000,043,689 | ---- | C] (Ositech Communications, Inc.) -- C:\WINDOWS\System32\dllcache\otceth5.sys

[2011/07/30 19:30:46 | 000,027,209 | ---- | C] (Ositech Communications, Inc.) -- C:\WINDOWS\System32\dllcache\otc06x5.sys

[2011/07/30 19:30:37 | 000,054,528 | ---- | C] (Yamaha Corp.) -- C:\WINDOWS\System32\dllcache\opl3sax.sys

[2011/07/30 19:30:16 | 000,198,144 | ---- | C] (NVIDIA Corporation) -- C:\WINDOWS\System32\dllcache\nv3.sys

[2011/07/30 19:30:05 | 000,123,776 | ---- | C] (NVIDIA Corporation) -- C:\WINDOWS\System32\dllcache\nv3.dll

[2011/07/30 19:29:47 | 000,051,552 | ---- | C] (Kensington Technology Group) -- C:\WINDOWS\System32\dllcache\ntgrip.sys

[2011/07/30 19:29:47 | 000,038,912 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\EXCH_ntfsdrv.dll

[2011/07/30 19:29:38 | 000,009,344 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\ntapm.sys

[2011/07/30 19:29:31 | 000,007,552 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\nsmmc.sys

[2011/07/30 19:29:29 | 000,028,672 | ---- | C] (National Semiconductor Corporation) -- C:\WINDOWS\System32\dllcache\nscirda.sys

[2011/07/30 19:29:18 | 000,087,040 | ---- | C] (NeoMagic Corporation) -- C:\WINDOWS\System32\dllcache\nm6wdm.sys

[2011/07/30 19:29:11 | 000,126,080 | ---- | C] (NeoMagic Corporation) -- C:\WINDOWS\System32\dllcache\nm5a2wdm.sys

[2011/07/30 19:29:02 | 000,032,840 | ---- | C] (NETGEAR Corporation.) -- C:\WINDOWS\System32\dllcache\ngrpci.sys

[2011/07/30 19:29:00 | 000,132,695 | ---- | C] (802.11b) -- C:\WINDOWS\System32\dllcache\netwlan5.sys

[2011/07/30 19:28:48 | 000,065,278 | ---- | C] (Compaq Computer Corporation) -- C:\WINDOWS\System32\dllcache\netflx3.sys

[2011/07/30 19:28:40 | 000,039,264 | ---- | C] (NeoMagic Corporation) -- C:\WINDOWS\System32\dllcache\neo20xx.sys

[2011/07/30 19:28:32 | 000,060,480 | ---- | C] (NeoMagic Corporation) -- C:\WINDOWS\System32\dllcache\neo20xx.dll

[2011/07/30 19:28:25 | 000,015,872 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\ne2000.sys

[2011/07/30 19:28:21 | 000,010,880 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\ndisip.sys

[2011/07/30 19:28:16 | 000,085,248 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\nabtsfec.sys

[2011/07/30 19:28:09 | 000,091,488 | ---- | C] (Number Nine Visual Technology Corp.) -- C:\WINDOWS\System32\dllcache\n9i3disp.dll

[2011/07/30 19:28:02 | 000,027,936 | ---- | C] (Number Nine Visual Technology Corp.) -- C:\WINDOWS\System32\dllcache\n9i3d.sys

[2011/07/30 19:27:55 | 000,033,088 | ---- | C] (Number Nine Visual Technology Corp.) -- C:\WINDOWS\System32\dllcache\n9i128v2.sys

[2011/07/30 19:27:48 | 000,059,104 | ---- | C] (Number Nine Visual Technology Corp.) -- C:\WINDOWS\System32\dllcache\n9i128v2.dll

[2011/07/30 19:27:40 | 000,013,664 | ---- | C] (Number Nine Visual Te

Link to comment
Share on other sites

You did it correctly just lack of one log. :P

 

Anyways, how are things running for you?

 

ESET Online Scanner

I'd like us to scan your machine with ESET OnlineScan

 

Note: If you are using Windows Vista/7, open your browser by right-clicking on its icon and select 'Run as administrator' to perform this scan.

 

*Note

It is recommended to disable onboard antivirus program and antispyware programs while performing scans so there are no conflicts and it will speed up scan time.

Please don't go surfing while your resident protection is disabled!

Once the scan is finished remember to re-enable your antivirus along with your antispyware programs.

 

  • Hold down Control and click on the following link to open ESET OnlineScan in a new window.

    ESET OnlineScan

  • Click the Posted Image button.
  • For alternate browsers only: (Microsoft Internet Explorer users can skip these steps)
    • Click on Posted Image to download the ESET Smart Installer. Save it to your desktop.
    • Double click on the Posted Image icon on your desktop.
  • Check Posted Image
  • Click the Posted Image button.
  • Accept any security warnings from your browser.
  • Check Posted Image
  • Make sure that the option "Remove found threats" is Unchecked
  • Push the Start button.
  • ESET will then download updates for itself, install itself, and begin

    scanning your computer. Please be patient as this can take some time.

  • Look for report in C:\Program Files\ESET\ESET Online Scanner\log.txt. Include the contents of this report in your next reply.
  • Select Uninstall application on close check box and push Posted Image
Link to comment
Share on other sites

Hi Conpire

 

Things are running much the same. Re-installed google chrome as I needed a fast connection the other night due to London Riots and I still get the error message. Here's the log you asked for:

 

Thanks again! Gemma

 

 

ESETSmartInstaller@High as downloader log:

all ok

# version=7

# OnlineScannerApp.exe=1.0.0.1

# OnlineScanner.ocx=1.0.0.6528

# api_version=3.0.2

# EOSSerial=6cd35b9837b2ee4f8de37eb06333db18

# end=finished

# remove_checked=false

# archives_checked=true

# unwanted_checked=true

# unsafe_checked=false

# antistealth_checked=true

# utc_time=2011-08-11 01:58:04

# local_time=2011-08-11 02:58:04 (+0000, GMT Daylight Time)

# country="New Zealand"

# lang=1033

# osver=5.1.2600 NT Service Pack 3

# compatibility_mode=512 16777215 100 0 4212004 4212004 0 0

# compatibility_mode=1024 16777215 100 0 15440219 15440219 0 0

# compatibility_mode=5891 16776869 42 87 918 9936589 0 0

# compatibility_mode=8192 67108863 100 0 148 148 0 0

# scanned=83942

# found=10

# cleaned=0

# scan_time=5368

C:\Documents and Settings\All Users\Application Data\SecTaskMan\MWSBAR.DLL.q_1397D059_q a variant of Win32/Toolbar.MyWebSearch.K application (unable to clean) 00000000000000000000000000000000 I

C:\Documents and Settings\All Users\Application Data\SecTaskMan\MWSSRCAS.DLL.q_1EFAE000_q Win32/Toolbar.MyWebSearch application (unable to clean) 00000000000000000000000000000000 I

C:\Program Files\??mantec\??mantec\ctxad-576.0000 probably a variant of Win32/Small.BEWRNPY trojan (unable to clean) 00000000000000000000000000000000 I

C:\_OTL\MovedFiles\08102011_131541\C_WINDOWS\system32\ddjccinm.ini Win32/Adware.Virtumonde.NEO application (unable to clean) 00000000000000000000000000000000 I

C:\_OTL\MovedFiles\08102011_131541\C_WINDOWS\system32\efgusrek.ini Win32/Adware.Virtumonde.NEO application (unable to clean) 00000000000000000000000000000000 I

C:\_OTL\MovedFiles\08102011_131541\C_WINDOWS\system32\swruymof.ini Win32/Adware.Virtumonde.NEO application (unable to clean) 00000000000000000000000000000000 I

C:\_OTL\MovedFiles\08102011_131541\C_WINDOWS\system32\tsxpdqcx.ini Win32/Adware.Virtumonde.NEO application (unable to clean) 00000000000000000000000000000000 I

C:\_OTL\MovedFiles\08102011_131541\C_WINDOWS\system32\urhcvlxs.ini Win32/Adware.Virtumonde.NEO application (unable to clean) 00000000000000000000000000000000 I

C:\_OTL\MovedFiles\08102011_131541\C_WINDOWS\system32\wjcyykgw.ini Win32/Adware.Virtumonde.NEO application (unable to clean) 00000000000000000000000000000000 I

C:\_OTL\MovedFiles\08102011_131541\C_WINDOWS\system32\yvsxakvm.ini Win32/Adware.Virtumonde.NEO application (unable to clean) 00000000000000000000000000000000 I

Link to comment
Share on other sites

I heard things are starting to get settled down. There this badminton tournament going on and a riot. Very chaotic.

 

Ok, we will remove what ESET found and see if the same thing is occuring.

 

Run OTL.exe

  • Copy/paste the following text written inside of the code box into the Custom Scans/Fixes box located at the bottom of OTL

     

    :Files
    C:\Documents and Settings\All Users\Application Data\SecTaskMan
    C:\Program Files\??mantec
    
    :Commands
    [REBOOT]
    [CREATERESTOREPOINT]
    
  • Then click the Run Fix button at the top
  • Let the program run unhindered, reboot when it is done
  • Then post Fix OTL log as well as a new OTL log by rerunning it after reboot without custom scans script.
Edited by Conspire
Link to comment
Share on other sites

Guest
This topic is now closed to further replies.
 Share

×
×
  • Create New...