Jump to content

Multiple Bad Image Messages


gfc
 Share

Recommended Posts

Yes! Things much better now. Nothing on my street is on fire any more so that's a positive!

 

Please find the fix and then the scan log below. No joy yet as the error message is still occurring.

 

Thanks again Conspire!

 

Gemma

 

 

========== FILES ==========

C:\Documents and Settings\All Users\Application Data\SecTaskMan folder moved successfully.

C:\Program Files\Ѕуmantec\Ѕуmantec folder moved successfully.

C:\Program Files\Ѕуmantec folder moved successfully.

========== COMMANDS ==========

Restore point Set: OTL Restore Point (0)

 

OTL by OldTimer - Version 3.2.26.1 log created on 08112011_234404

 

 

OTL logfile created on: 11/08/2011 11:50:04 p.m. - Run 5

OTL by OldTimer - Version 3.2.26.1 Folder = C:\Documents and Settings\CAROLYN\Desktop

Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation

Internet Explorer (Version = 7.0.5730.13)

Locale: 00001409 | Country: New Zealand | Language: ENZ | Date Format: d/MM/yyyy

 

1.22 Gb Total Physical Memory | 0.59 Gb Available Physical Memory | 48.50% Memory free

1.41 Gb Paging File | 0.80 Gb Available in Paging File | 56.98% Paging File free

Paging file location(s): C:\pagefile.sys 336 672 [binary data]

 

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files

Drive C: | 37.05 Gb Total Space | 10.56 Gb Free Space | 28.51% Space Free | Partition Type: NTFS

 

Computer Name: DKC | User Name: CAROLYN | Logged in as Administrator.

Boot Mode: Normal | Scan Mode: Current user

Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

 

========== Processes (SafeList) ==========

 

PRC - C:\Documents and Settings\CAROLYN\Local Settings\Application Data\Google\Chrome\Application\chrome.exe (Google Inc.)

PRC - C:\Documents and Settings\CAROLYN\Desktop\OTL.exe (OldTimer Tools)

PRC - C:\Program Files\Microsoft Security Client\msseces.exe (Microsoft Corporation)

PRC - c:\Program Files\Microsoft Security Client\Antimalware\MsMpEng.exe (Microsoft Corporation)

PRC - C:\Program Files\Real\RealPlayer\Update\realsched.exe (RealNetworks, Inc.)

PRC - C:\Program Files\OpenOffice.org 3\program\soffice.exe (OpenOffice.org)

PRC - C:\Program Files\OpenOffice.org 3\program\soffice.bin (OpenOffice.org)

PRC - C:\Program Files\PIXELA\MediaBrowser LE\MBCameraMonitor.exe (PIXELA CORPORATION)

PRC - C:\WINDOWS\explorer.exe (Microsoft Corporation)

PRC - C:\Program Files\PowerISO\PWRISOVM.EXE (PowerISO Computing, Inc.)

PRC - C:\WINDOWS\system32\spool\drivers\w32x86\3\fppdis2a.exe (FinePrint Software, LLC)

PRC - C:\Program Files\Synaptics\SynTP\SynTPLpr.exe (Synaptics, Inc.)

 

 

========== Modules (SafeList) ==========

 

MOD - C:\Documents and Settings\CAROLYN\Desktop\OTL.exe (OldTimer Tools)

MOD - C:\WINDOWS\WinSxS\x86_Microsoft.VC90.CRT_1fc8b3b9a1e18e3b_9.0.30729.6161_x-ww_31a54e43\msvcr90.dll (Microsoft Corporation)

MOD - C:\WINDOWS\WinSxS\x86_Microsoft.VC90.CRT_1fc8b3b9a1e18e3b_9.0.30729.6161_x-ww_31a54e43\msvcp90.dll (Microsoft Corporation)

MOD - C:\Documents and Settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\Chrome\Hook\rpchromebrowserrecordhelper.dll (RealNetworks, Inc.)

MOD - C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.6028_x-ww_61e65202\comctl32.dll (Microsoft Corporation)

MOD - C:\WINDOWS\system32\SynTPFcs.dll (Synaptics, Inc.)

 

 

========== Win32 Services (SafeList) ==========

 

SRV - (wuauserv) -- File not found

SRV - (McTskshd.exe) -- File not found

SRV - (McDetect.exe) -- File not found

SRV - (gupdatem) Google Update Service (gupdatem) -- File not found

SRV - (gupdate) Google Update Service (gupdate) -- File not found

SRV - (bmwebcfg) -- File not found

SRV - (AppMgmt) -- File not found

SRV - (MsMpSvc) -- c:\Program Files\Microsoft Security Client\Antimalware\MsMpEng.exe (Microsoft Corporation)

SRV - (FLEXnet Licensing Service) -- C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe (Macrovision Europe Ltd.)

SRV - (ServiceLayer) -- C:\Program Files\PC Connectivity Solution\ServiceLayer.exe (Nokia.)

 

 

========== Driver Services (SafeList) ==========

 

DRV - (MBAMSwissArmy) -- C:\WINDOWS\system32\drivers\mbamswissarmy.sys (Malwarebytes Corporation)

DRV - (mf) -- C:\WINDOWS\system32\drivers\mf.sys (Microsoft Corporation)

DRV - (SCDEmu) -- C:\WINDOWS\System32\drivers\scdemu.sys (PowerISO Computing, Inc.)

DRV - (s3017unic) Sony Ericsson Device 3017 USB Ethernet Emulation SEMC3017 (WDM) -- C:\WINDOWS\system32\drivers\s3017unic.sys (MCCI Corporation)

DRV - (s3017obex) -- C:\WINDOWS\system32\drivers\s3017obex.sys (MCCI Corporation)

DRV - (s3017mgmt) Sony Ericsson Device 3017 USB WMC Device Management Drivers (WDM) -- C:\WINDOWS\system32\drivers\s3017mgmt.sys (MCCI Corporation)

DRV - (s3017nd5) Sony Ericsson Device 3017 USB Ethernet Emulation SEMC3017 (NDIS) -- C:\WINDOWS\system32\drivers\s3017nd5.sys (MCCI Corporation)

DRV - (s3017mdm) -- C:\WINDOWS\system32\drivers\s3017mdm.sys (MCCI Corporation)

DRV - (s3017mdfl) -- C:\WINDOWS\system32\drivers\s3017mdfl.sys (MCCI Corporation)

DRV - (s3017bus) Sony Ericsson Device 3017 driver (WDM) -- C:\WINDOWS\system32\drivers\s3017bus.sys (MCCI Corporation)

DRV - (hwdatacard) -- C:\WINDOWS\system32\drivers\ewusbmdm.sys (Huawei Technologies Co., Ltd.)

DRV - (CAMCHALA) -- C:\WINDOWS\system32\drivers\camchal.sys (Conexant Systems Inc.)

DRV - (CAMCAUD) -- C:\WINDOWS\system32\drivers\camcaud.sys (Conexant Systems Inc.)

DRV - (w29n51) Intel® -- C:\WINDOWS\system32\drivers\w29n51.sys (Intel® Corporation)

DRV - (BTWUSB) -- C:\WINDOWS\system32\drivers\btwusb.sys (WIDCOMM, Inc.)

DRV - (RTL8023xp) -- C:\WINDOWS\system32\drivers\Rtlnicxp.sys (Realtek Semiconductor Corporation )

DRV - (eabfiltr) -- C:\WINDOWS\system32\drivers\eabfiltr.sys (Hewlett-Packard Company)

DRV - (HSFHWICH) -- C:\WINDOWS\system32\drivers\HSFHWICH.sys (Conexant Systems, Inc.)

DRV - (winachsf) -- C:\WINDOWS\system32\drivers\HSF_CNXT.sys (Conexant Systems, Inc.)

DRV - (HSF_DP) -- C:\WINDOWS\system32\drivers\HSF_DP.sys (Conexant Systems, Inc.)

DRV - (SMCIRDA) -- C:\WINDOWS\system32\drivers\smcirda.sys (SMC)

 

 

========== Standard Registry (SafeList) ==========

 

 

========== Internet Explorer ==========

 

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm

 

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iesearch&locale=EN_AU&c=Q105&bd=pavilion&pf=laptop

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com/

IE - HKCU\..\URLSearchHook: {A3BC75A2-1F87-4686-AA43-5347D756017C} - Reg Error: Key error. File not found

IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

 

========== FireFox ==========

 

FF - prefs.js..browser.search.defaultenginename: "Yahoo! Search"

FF - prefs.js..browser.search.selectedEngine: "Google"

FF - prefs.js..browser.search.useDBForOrder: true

FF - prefs.js..browser.startup.homepage: "http://www.google.co.uk/"

FF - prefs.js..extensions.enabledItems: avg@igeared:3.011.025.005

FF - prefs.js..extensions.enabledItems: en-GB@dictionaries.addons.mozilla.org:1.19

FF - prefs.js..extensions.enabledItems: {9ee802e8-c931-47ab-b570-aa8f791598ca}:1.5.46.0

FF - prefs.js..extensions.enabledItems: {B13721C7-F507-4982-B2E5-502A71474FED}:2.2.0.102

FF - prefs.js..extensions.enabledItems: {AE93811A-5C9A-4d34-8462-F7B864FC4696}:3.64

FF - prefs.js..keyword.URL: "http://uk.yhs.search.yahoo.com/avg/search?fr=yhs-avg&type=yahoo_avg_hs2-tb-web_uk&p="

 

FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\WINDOWS\system32\Macromed\Flash\NPSWF32.dll ()

FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found

FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()

FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)

FF - HKLM\Software\MozillaPlugins\@real.com/nppl3260;version=12.0.1.633: C:\Program Files\Real\RealPlayer\Netscape6\nppl3260.dll (RealNetworks, Inc.)

FF - HKLM\Software\MozillaPlugins\@real.com/nprjplug;version=12.0.1.633: C:\Program Files\Real\RealPlayer\Netscape6\nprjplug.dll (RealNetworks, Inc.)

FF - HKLM\Software\MozillaPlugins\@real.com/nprphtml5videoshim;version=12.0.1.633: C:\Documents and Settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprphtml5videoshim.dll (RealNetworks, Inc.)

FF - HKLM\Software\MozillaPlugins\@real.com/nprpjplug;version=12.0.1.633: C:\Program Files\Real\RealPlayer\Netscape6\nprpjplug.dll (RealNetworks, Inc.)

FF - HKLM\Software\MozillaPlugins\@real.com/nsJSRealPlayerPlugin;version=: File not found

FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.57\npGoogleUpdate3.dll File not found

FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.57\npGoogleUpdate3.dll File not found

FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 9.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)

FF - HKCU\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\WINDOWS\system32\Macromed\Flash\NPSWF32.dll ()

FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Documents and Settings\CAROLYN\Local Settings\Application Data\Google\Update\1.3.21.65\npGoogleUpdate3.dll (Google Inc.)

FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Documents and Settings\CAROLYN\Local Settings\Application Data\Google\Update\1.3.21.65\npGoogleUpdate3.dll (Google Inc.)

 

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{ABDE892B-13A8-4d1b-88E6-365A6E755758}: C:\Documents and Settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\Firefox\Ext [2011/03/20 20:56:51 | 000,000,000 | ---D | M]

 

[2008/09/14 16:45:54 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\CAROLYN\Application Data\Mozilla\Extensions

[2011/08/10 13:15:44 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\CAROLYN\Application Data\Mozilla\Firefox\Profiles\vyech33j.default\extensions

[2010/06/22 21:06:59 | 000,000,000 | ---D | M] ("StumbleUpon") -- C:\Documents and Settings\CAROLYN\Application Data\Mozilla\Firefox\Profiles\vyech33j.default\extensions\{AE93811A-5C9A-4d34-8462-F7B864FC4696}

[2008/06/18 11:26:47 | 000,000,000 | ---D | M] (British English Dictionary) -- C:\Documents and Settings\CAROLYN\Application Data\Mozilla\Firefox\Profiles\vyech33j.default\extensions\en-GB@dictionaries.addons.mozilla.org

[2010/11/08 00:39:42 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions

File not found (No name found) -- C:\DOCUMENTS AND SETTINGS\CAROLYN\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\VYECH33J.DEFAULT\EXTENSIONS\{9EE802E8-C931-47AB-B570-AA8F791598CA}

File not found (No name found) -- C:\PROGRAM FILES\AVG\AVG8\TOOLBAR\FIREFOX\AVG@IGEARED

[2009/06/22 10:48:16 | 000,115,552 | ---- | M] (Keynote Systems) -- C:\Program Files\mozilla firefox\components\FFConnectorLauncher.dll

[2009/06/22 10:48:18 | 000,239,968 | ---- | M] (Keynote Systems) -- C:\Program Files\mozilla firefox\components\FFSource.dll

 

O1 HOSTS File: ([2009/08/15 21:43:12 | 000,000,727 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts

O1 - Hosts: 127.0.0.1 localhost

O2 - BHO: (HP Print Enhancer) - {0347C33E-8762-4905-BF09-768834316C61} - C:\Program Files\HP\Smart Web Printing\hpswp_printenhancer.dll (Hewlett-Packard Co.)

O2 - BHO: (HP Print Clips) - {053F9267-DC04-4294-A72C-58F732D338C0} - C:\Program Files\HP\Smart Web Printing\hpswp_framework.dll (Hewlett-Packard Co.)

O2 - BHO: (RealPlayer Download and Record Plugin for Internet Explorer) - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Documents and Settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\IE\rpbrowserrecordplugin.dll (RealPlayer)

O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - No CLSID value found.

O2 - BHO: (Java Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - File not found

O4 - HKLM..\Run: [Cpqset] C:\Program Files\HPQ\Default Settings\Cpqset.exe ()

O4 - HKLM..\Run: [iMEKRMIG6.1] C:\WINDOWS\ime\imkr6_1\imekrmig.exe (Microsoft Corporation)

O4 - HKLM..\Run: [iMJPMIG8.1] C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE (Microsoft Corporation)

O4 - HKLM..\Run: [MSC] c:\Program Files\Microsoft Security Client\msseces.exe (Microsoft Corporation)

O4 - HKLM..\Run: [MSPY2002] C:\WINDOWS\System32\IME\PINTLGNT\ImScInst.exe ()

O4 - HKLM..\Run: [pdfFactory Dispatcher v2] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\fppdis2a.exe (FinePrint Software, LLC)

O4 - HKLM..\Run: [PHIME2002A] C:\WINDOWS\System32\IME\TINTLGNT\TINTSETP.EXE (Microsoft Corporation)

O4 - HKLM..\Run: [PHIME2002ASync] C:\WINDOWS\System32\IME\TINTLGNT\TINTSETP.EXE (Microsoft Corporation)

O4 - HKLM..\Run: [PWRISOVM.EXE] C:\Program Files\PowerISO\PWRISOVM.EXE (PowerISO Computing, Inc.)

O4 - HKLM..\Run: [synTPLpr] C:\Program Files\Synaptics\SynTP\SynTPLpr.exe (Synaptics, Inc.)

O4 - HKLM..\Run: [TkBellExe] C:\Program Files\Real\RealPlayer\update\realsched.exe (RealNetworks, Inc.)

O4 - HKLM..\RunOnce: [AvgUninstallURL] C:\WINDOWS\System32\cmd.exe (Microsoft Corporation)

O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Device Monitor LE.lnk = C:\Program Files\PIXELA\MediaBrowser LE\MBCameraMonitor.exe (PIXELA CORPORATION)

O4 - Startup: C:\Documents and Settings\CAROLYN\Start Menu\Programs\Startup\OpenOffice.org 3.3.lnk = C:\Program Files\OpenOffice.org 3\program\quickstart.exe ()

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323

O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323

O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863

O9 - Extra Button: HP Clipbook - {58ECB495-38F0-49cb-A538-10282ABF65E7} - C:\Program Files\HP\Smart Web Printing\hpswp_extensions.dll (Hewlett-Packard Co.)

O9 - Extra Button: HP Smart Select - {700259D7-1666-479a-93B1-3250410481E8} - C:\Program Files\HP\Smart Web Printing\hpswp_extensions.dll (Hewlett-Packard Co.)

O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\WINDOWS\system32\LSPTQE.DLL ()

O10 - NameSpace_Catalog5\Catalog_Entries\000000000005 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)

O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} http://fpdownload.macromedia.com/get/flashplayer/current/ultrashim.cab (Reg Error: Key error.)

O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object)

O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.)

O16 - DPF: {EF791A6B-FC12-4C68-99EF-FB9E207A39E6} http://download.mcafee.com/molbin/iss-loc/mcfscan/2,2,0,5257/mcfscan.cab (McFreeScan Class)

O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1

O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)

O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)

O20 - Winlogon\Notify\igfxcui: DllName - igfxsrvc.dll - C:\WINDOWS\System32\igfxsrvc.dll (Intel Corporation)

O24 - Desktop WallPaper: C:\Documents and Settings\CAROLYN\Local Settings\Application Data\Microsoft\Wallpaper1.bmp

O24 - Desktop BackupWallPaper: C:\Documents and Settings\CAROLYN\Local Settings\Application Data\Microsoft\Wallpaper1.bmp

O32 - HKLM CDRom: AutoRun - 1

O34 - HKLM BootExecute: (autocheck autochk *) - File not found

O35 - HKLM\..comfile [open] -- "%1" %*

O35 - HKLM\..exefile [open] -- "%1" %*

O37 - HKLM\...com [@ = comfile] -- "%1" %*

O37 - HKLM\...exe [@ = exefile] -- "%1" %*

 

========== Files/Folders - Created Within 30 Days ==========

 

[2011/08/11 13:26:11 | 000,000,000 | ---D | C] -- C:\Program Files\ESET

[2011/08/09 18:05:38 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft Security Client

[2011/08/09 16:53:28 | 000,000,000 | ---D | C] -- C:\Documents and Settings\CAROLYN\Start Menu\Programs\Google Chrome

[2011/08/09 16:52:35 | 000,000,000 | ---D | C] -- C:\Documents and Settings\CAROLYN\Local Settings\Application Data\Google

[2011/08/09 16:51:27 | 000,000,000 | ---D | C] -- C:\Documents and Settings\CAROLYN\Local Settings\Application Data\Deployment

[2011/08/09 15:52:42 | 000,000,000 | ---D | C] -- C:\Documents and Settings\CAROLYN\Application Data\Malwarebytes

[2011/08/09 15:52:31 | 000,041,272 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys

[2011/08/09 15:52:31 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Malwarebytes' Anti-Malware

[2011/08/09 15:52:30 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Malwarebytes

[2011/08/09 15:52:27 | 000,022,712 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys

[2011/08/09 15:52:26 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware

[2011/08/09 15:50:52 | 009,466,208 | ---- | C] (Malwarebytes Corporation ) -- C:\Documents and Settings\CAROLYN\Desktop\mbam-setup-1.51.1.1800.exe

[2011/08/08 11:43:28 | 000,000,000 | --SD | C] -- C:\ComboFix

[2011/08/07 17:47:17 | 000,000,000 | ---D | C] -- C:\_OTL

[2011/08/05 19:51:13 | 004,165,468 | R--- | C] (Swearware) -- C:\Documents and Settings\CAROLYN\Desktop\ComboFix1.exe

[2011/08/05 16:48:17 | 000,000,000 | RHSD | C] -- C:\cmdcons

[2011/08/05 16:41:03 | 000,518,144 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWREG.exe

[2011/08/05 16:41:03 | 000,406,528 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWSC.exe

[2011/08/05 16:41:03 | 000,212,480 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWXCACLS.exe

[2011/08/05 16:41:03 | 000,060,416 | ---- | C] (NirSoft) -- C:\WINDOWS\NIRCMD.exe

[2011/08/05 16:40:53 | 000,000,000 | ---D | C] -- C:\WINDOWS\ERDNT

[2011/08/05 16:40:47 | 000,000,000 | ---D | C] -- C:\Qoobox

[2011/08/05 16:37:10 | 004,165,965 | R--- | C] (Swearware) -- C:\Documents and Settings\CAROLYN\Desktop\ComboFix.exe

[2011/08/05 12:08:53 | 000,579,584 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\CAROLYN\Desktop\OTL.exe

[2011/08/04 17:46:27 | 000,607,017 | R--- | C] (Swearware) -- C:\Documents and Settings\CAROLYN\Desktop\dds.com

[2011/07/31 10:59:35 | 000,222,080 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\MpSigStub.exe

[2011/07/30 20:04:27 | 000,116,224 | ---- | C] (Xerox) -- C:\WINDOWS\System32\dllcache\xrxwiadr.dll

[2011/07/30 20:04:18 | 000,023,040 | ---- | C] (Xerox Corporation) -- C:\WINDOWS\System32\dllcache\xrxwbtmp.dll

[2011/07/30 20:03:56 | 000,004,608 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\xrxflnch.exe

[2011/07/30 20:03:41 | 000,099,865 | ---- | C] (Eicon Technology) -- C:\WINDOWS\System32\dllcache\xlog.exe

[2011/07/30 20:03:30 | 000,016,970 | ---- | C] (US Robotics MCD (Megahertz)) -- C:\WINDOWS\System32\dllcache\xem336n5.sys

[2011/07/30 20:03:25 | 000,019,455 | ---- | C] (Intel® Corporation) -- C:\WINDOWS\System32\dllcache\wvchntxx.sys

[2011/07/30 20:03:15 | 000,019,200 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\wstcodec.sys

[2011/07/30 20:03:12 | 000,012,063 | ---- | C] (Intel® Corporation) -- C:\WINDOWS\System32\dllcache\wsiintxx.sys

[2011/07/30 20:01:12 | 000,154,624 | ---- | C] (Lucent Technologies) -- C:\WINDOWS\System32\dllcache\wlluc48.sys

[2011/07/30 20:01:01 | 000,034,890 | ---- | C] (Raytheon Corp.) -- C:\WINDOWS\System32\dllcache\wlandrv2.sys

[2011/07/30 20:00:41 | 000,771,581 | ---- | C] (Rockwell) -- C:\WINDOWS\System32\dllcache\winacisa.sys

[2011/07/30 20:00:22 | 000,053,760 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\wiamsmud.dll

[2011/07/30 20:00:13 | 000,087,040 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\wiafbdrv.dll

[2011/07/30 20:00:11 | 000,031,232 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\weitekp9.sys

[2011/07/30 20:00:10 | 000,041,600 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\weitekp9.dll

[2011/07/30 20:00:00 | 000,701,386 | ---- | C] (3Com Corporation) -- C:\WINDOWS\System32\dllcache\wdhaalba.sys

[2011/07/30 19:59:57 | 000,023,615 | ---- | C] (Intel® Corporation) -- C:\WINDOWS\System32\dllcache\wch7xxnt.sys

[2011/07/30 19:59:54 | 000,031,744 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\wceusbsh.sys

[2011/07/30 19:59:45 | 000,035,871 | ---- | C] (Winbond Electronics Corp.) -- C:\WINDOWS\System32\dllcache\wbfirdma.sys

[2011/07/30 19:59:35 | 000,033,599 | ---- | C] (Intel® Corporation) -- C:\WINDOWS\System32\dllcache\watv04nt.sys

[2011/07/30 19:59:32 | 000,019,551 | ---- | C] (Intel® Corporation) -- C:\WINDOWS\System32\dllcache\watv02nt.sys

[2011/07/30 19:59:29 | 000,029,311 | ---- | C] (Intel® Corporation) -- C:\WINDOWS\System32\dllcache\watv01nt.sys

[2011/07/30 19:59:25 | 000,011,775 | ---- | C] (Intel® Corporation) -- C:\WINDOWS\System32\dllcache\wadv05nt.sys

[2011/07/30 19:59:23 | 000,012,127 | ---- | C] (Intel® Corporation) -- C:\WINDOWS\System32\dllcache\wadv02nt.sys

[2011/07/30 19:59:20 | 000,012,415 | ---- | C] (Intel® Corporation) -- C:\WINDOWS\System32\dllcache\wadv01nt.sys

[2011/07/30 19:59:09 | 000,016,925 | ---- | C] (Winbond Electronics Corporation) -- C:\WINDOWS\System32\dllcache\w940nd.sys

[2011/07/30 19:59:00 | 000,019,016 | ---- | C] (Winbond Electronics Corporation) -- C:\WINDOWS\System32\dllcache\w926nd.sys

[2011/07/30 19:58:51 | 000,019,528 | ---- | C] (Winbond Electronics Corporation) -- C:\WINDOWS\System32\dllcache\w840nd.sys

[2011/07/30 19:58:50 | 000,048,256 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\w32.dll

[2011/07/30 19:58:41 | 000,064,605 | ---- | C] (PCtel, Inc.) -- C:\WINDOWS\System32\dllcache\vvoice.sys

[2011/07/30 19:58:29 | 000,397,502 | ---- | C] (PCtel, Inc.) -- C:\WINDOWS\System32\dllcache\vpctcom.sys

[2011/07/30 19:58:20 | 000,604,253 | ---- | C] (PCTEL, INC.) -- C:\WINDOWS\System32\dllcache\vmodem.sys

[2011/07/30 19:58:10 | 000,249,402 | ---- | C] (Xircom) -- C:\WINDOWS\System32\dllcache\vinwm.sys

[2011/07/30 19:58:01 | 000,024,576 | ---- | C] (VIA Technologies, Inc.) -- C:\WINDOWS\System32\dllcache\viairda.sys

[2011/07/30 19:57:54 | 000,053,760 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\vfwwdm32.dll

[2011/07/30 19:57:43 | 000,687,999 | ---- | C] (U.S. Robotics Corporation) -- C:\WINDOWS\System32\dllcache\usrwdxjs.sys

[2011/07/30 19:57:33 | 000,765,884 | ---- | C] (U.S. Robotics, Inc.) -- C:\WINDOWS\System32\dllcache\usrti.sys

[2011/07/30 19:57:23 | 000,113,762 | ---- | C] (U.S. Robotics Corporation) -- C:\WINDOWS\System32\dllcache\usrpda.sys

[2011/07/30 19:57:14 | 000,007,556 | ---- | C] (U.S. Robotics Corporation) -- C:\WINDOWS\System32\dllcache\usroslba.sys

[2011/07/30 19:57:02 | 000,224,802 | ---- | C] (U.S. Robotics Corporation) -- C:\WINDOWS\System32\dllcache\usr1807a.sys

[2011/07/30 19:56:53 | 000,794,399 | ---- | C] (U.S. Robotics, Inc.) -- C:\WINDOWS\System32\dllcache\usr1806v.sys

[2011/07/30 19:56:44 | 000,793,598 | ---- | C] (U.S. Robotics, Inc.) -- C:\WINDOWS\System32\dllcache\usr1806.sys

[2011/07/30 19:56:35 | 000,794,654 | ---- | C] (U.S. Robotics, Inc.) -- C:\WINDOWS\System32\dllcache\usr1801.sys

[2011/07/30 19:56:30 | 000,026,112 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\usbser.sys

[2011/07/30 19:56:27 | 000,017,152 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\usbohci.sys

[2011/07/30 19:56:23 | 000,060,032 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\usbaudio.sys

[2011/07/30 19:56:19 | 000,032,384 | ---- | C] (KLSI USA, Inc.) -- C:\WINDOWS\System32\dllcache\usb101et.sys

[2011/07/30 19:56:06 | 000,094,720 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\umaxud32.dll

[2011/07/30 19:55:57 | 000,028,160 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\umaxu40.dll

[2011/07/30 19:55:48 | 000,026,624 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\umaxu22.dll

[2011/07/30 19:55:39 | 000,069,632 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\umaxu12.dll

[2011/07/30 19:55:30 | 000,050,688 | ---- | C] (UMAX DATA SYSTEMS INC.) -- C:\WINDOWS\System32\dllcache\umaxscan.dll

[2011/07/30 19:55:21 | 000,022,912 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\umaxpcls.sys

[2011/07/30 19:55:12 | 000,050,176 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\umaxp60.dll

[2011/07/30 19:55:03 | 000,047,616 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\umaxcam.dll

[2011/07/30 19:54:54 | 000,211,968 | ---- | C] (UMAX Data Systems Inc.) -- C:\WINDOWS\System32\dllcache\um54scan.dll

[2011/07/30 19:54:45 | 000,216,064 | ---- | C] (UMAX Data Systems Inc.) -- C:\WINDOWS\System32\dllcache\um34scan.dll

[2011/07/30 19:54:36 | 000,036,736 | ---- | C] (Promise Technology, Inc.) -- C:\WINDOWS\System32\dllcache\ultra.sys

[2011/07/30 19:54:25 | 000,011,520 | ---- | C] (IBM Corporation) -- C:\WINDOWS\System32\dllcache\twotrack.sys

[2011/07/30 19:54:23 | 000,014,336 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\tsprof.exe

[2011/07/30 19:54:12 | 000,166,784 | ---- | C] (Trident Microsystems Inc.) -- C:\WINDOWS\System32\dllcache\tridxpm.sys

[2011/07/30 19:54:03 | 000,525,568 | ---- | C] (Trident Microsystems Inc.) -- C:\WINDOWS\System32\dllcache\tridxp.dll

[2011/07/30 19:53:54 | 000,159,232 | ---- | C] (Trident Microsystems Inc.) -- C:\WINDOWS\System32\dllcache\tridkbm.sys

[2011/07/30 19:53:45 | 000,440,576 | ---- | C] (Trident Microsystems Inc.) -- C:\WINDOWS\System32\dllcache\tridkb.dll

[2011/07/30 19:53:36 | 000,222,336 | ---- | C] (Trident Microsystems Inc.) -- C:\WINDOWS\System32\dllcache\trid3dm.sys

[2011/07/30 19:53:27 | 000,315,520 | ---- | C] (Trident Microsystems Inc.) -- C:\WINDOWS\System32\dllcache\trid3d.dll

[2011/07/30 19:53:17 | 000,034,375 | ---- | C] (Intel Corporation) -- C:\WINDOWS\System32\dllcache\tpro4.sys

[2011/07/30 19:53:08 | 000,042,496 | ---- | C] (IBM Corporation) -- C:\WINDOWS\System32\dllcache\tp4res.dll

[2011/07/30 19:53:06 | 000,082,944 | ---- | C] (IBM Corporation) -- C:\WINDOWS\System32\dllcache\tp4mon.exe

[2011/07/30 19:52:56 | 000,031,744 | ---- | C] (IBM Corporation) -- C:\WINDOWS\System32\dllcache\tp4.dll

[2011/07/30 19:52:46 | 000,004,992 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\toside.sys

[2011/07/30 19:52:37 | 000,230,912 | ---- | C] (Toshiba Corporation) -- C:\WINDOWS\System32\dllcache\tosdvd03.sys

[2011/07/30 19:52:28 | 000,241,664 | ---- | C] (Toshiba Corporation) -- C:\WINDOWS\System32\dllcache\tosdvd02.sys

[2011/07/30 19:52:19 | 000,028,232 | ---- | C] (TOSHIBA Corporation) -- C:\WINDOWS\System32\dllcache\tos4mo.sys

[2011/07/30 19:52:10 | 000,123,995 | ---- | C] (Tiger Jet Network) -- C:\WINDOWS\System32\dllcache\tjisdn.sys

[2011/07/30 19:51:59 | 000,138,528 | ---- | C] (Trident Microsystems Inc.) -- C:\WINDOWS\System32\dllcache\tgiulnt5.sys

[2011/07/30 19:51:50 | 000,081,408 | ---- | C] (Trident Microsystems Inc.) -- C:\WINDOWS\System32\dllcache\tgiul50.dll

[2011/07/30 19:51:48 | 000,149,376 | ---- | C] (M-Systems) -- C:\WINDOWS\System32\dllcache\tffsport.sys

[2011/07/30 19:51:46 | 000,019,464 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\tdspx.sys

[2011/07/30 19:51:37 | 000,017,129 | ---- | C] (TDK Corporation) -- C:\WINDOWS\System32\dllcache\tdkcd31.sys

[2011/07/30 19:51:29 | 000,037,961 | ---- | C] (TDK Corporation) -- C:\WINDOWS\System32\dllcache\tdk100b.sys

[2011/07/30 19:51:28 | 000,021,896 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\tdipx.sys

[2011/07/30 19:51:27 | 000,013,192 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\tdasync.sys

[2011/07/30 19:51:17 | 000,030,464 | ---- | C] (Toshiba Corporation) -- C:\WINDOWS\System32\dllcache\tbatm155.sys

[2011/07/30 19:51:07 | 000,007,040 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\tandqic.sys

[2011/07/30 19:50:58 | 000,036,640 | ---- | C] (Number Nine Visual Technology Corp.) -- C:\WINDOWS\System32\dllcache\t2r4mini.sys

[2011/07/30 19:50:49 | 000,172,768 | ---- | C] (Number Nine Visual Technology) -- C:\WINDOWS\System32\dllcache\t2r4disp.dll

[2011/07/30 19:50:36 | 000,032,640 | ---- | C] (LSI Logic) -- C:\WINDOWS\System32\dllcache\symc8xx.sys

[2011/07/30 19:50:28 | 000,016,256 | ---- | C] (Symbios Logic Inc.) -- C:\WINDOWS\System32\dllcache\symc810.sys

[2011/07/30 19:50:20 | 000,030,688 | ---- | C] (LSI Logic) -- C:\WINDOWS\System32\dllcache\sym_u3.sys

[2011/07/30 19:50:11 | 000,028,384 | ---- | C] (LSI Logic) -- C:\WINDOWS\System32\dllcache\sym_hi.sys

[2011/07/30 19:50:03 | 000,094,293 | ---- | C] (Perle Systems Ltd. ) -- C:\WINDOWS\System32\dllcache\sxports.dll

[2011/07/30 19:49:55 | 000,103,936 | ---- | C] (Perle Systems Ltd. ) -- C:\WINDOWS\System32\dllcache\sx.sys

[2011/07/30 19:49:47 | 000,003,968 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\swusbflt.sys

[2011/07/30 19:49:39 | 000,010,240 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\swpidflt.dll

[2011/07/30 19:49:31 | 000,010,240 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\swpdflt2.dll

[2011/07/30 19:49:22 | 000,053,760 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\sw_wheel.dll

[2011/07/30 19:49:14 | 000,041,472 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\sw_effct.dll

[2011/07/30 19:49:11 | 000,015,232 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\streamip.sys

[2011/07/30 19:49:02 | 000,155,648 | ---- | C] (Stallion Technologies) -- C:\WINDOWS\System32\dllcache\stlnprop.dll

[2011/07/30 19:48:54 | 000,053,248 | ---- | C] (Stallion Technologies) -- C:\WINDOWS\System32\dllcache\stlncoin.dll

[2011/07/30 19:48:46 | 000,285,760 | ---- | C] (Stallion Technologies) -- C:\WINDOWS\System32\dllcache\stlnata.sys

[2011/07/30 19:48:37 | 000,016,896 | ---- | C] (SCM Microsystems, Inc.) -- C:\WINDOWS\System32\dllcache\stcusb.sys

[2011/07/30 19:48:24 | 000,048,736 | ---- | C] (3Com) -- C:\WINDOWS\System32\dllcache\srwlnd5.sys

[2011/07/30 19:48:15 | 000,099,328 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\srusd.dll

[2011/07/30 19:48:14 | 000,101,376 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\srusbusd.dll

[2011/07/30 19:48:01 | 000,024,660 | ---- | C] (Perle Systems Ltd.) -- C:\WINDOWS\System32\dllcache\spxupchk.dll

[2011/07/30 19:47:50 | 000,061,824 | ---- | C] (Perle Systems Ltd.) -- C:\WINDOWS\System32\dllcache\speed.sys

[2011/07/30 19:47:42 | 000,106,584 | ---- | C] (Perle Systems Ltd.) -- C:\WINDOWS\System32\dllcache\spdports.dll

[2011/07/30 19:47:34 | 000,019,072 | ---- | C] (Adaptec, Inc.) -- C:\WINDOWS\System32\dllcache\sparrow.sys

[2011/07/30 19:47:24 | 000,007,552 | ---- | C] (Sony Corporation) -- C:\WINDOWS\System32\dllcache\sonypvu1.sys

[2011/07/30 19:47:16 | 000,037,040 | ---- | C] (Sony Corporation) -- C:\WINDOWS\System32\dllcache\sonypi.sys

[2011/07/30 19:47:08 | 000,114,688 | ---- | C] (Sony Corporation) -- C:\WINDOWS\System32\dllcache\sonypi.dll

[2011/07/30 19:47:01 | 000,020,752 | ---- | C] (Sony Corporation) -- C:\WINDOWS\System32\dllcache\sonync.sys

[2011/07/30 19:46:52 | 000,009,600 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\sonymc.sys

[2011/07/30 19:46:49 | 000,007,552 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\sonyait.sys

[2011/07/30 19:46:41 | 000,007,040 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\snyaitmc.sys

[2011/07/30 19:46:40 | 000,007,168 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\EXCH_snprfdll.dll

[2011/07/30 19:46:39 | 000,010,240 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\snmpstup.dll

[2011/07/30 19:46:33 | 000,012,288 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\EXCH_smtpctrs.dll

[2011/07/30 19:46:32 | 000,005,632 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\smimsgif.dll

[2011/07/30 19:46:24 | 000,058,368 | ---- | C] (Silicon Motion Inc.) -- C:\WINDOWS\System32\dllcache\smiminib.sys

[2011/07/30 19:46:23 | 000,015,872 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\smierrsm.dll

[2011/07/30 19:46:23 | 000,005,632 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\smierrsy.dll

[2011/07/30 19:46:15 | 000,147,200 | ---- | C] (Silicon Motion Inc.) -- C:\WINDOWS\System32\dllcache\smidispb.dll

[2011/07/30 19:45:49 | 000,025,034 | ---- | C] (SMC Networks, Inc.) -- C:\WINDOWS\System32\dllcache\smcpwr2n.sys

[2011/07/30 19:45:41 | 000,024,576 | ---- | C] (SMC Networks, Inc.) -- C:\WINDOWS\System32\dllcache\smc8000n.sys

[2011/07/30 19:45:33 | 000,006,784 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\smbhc.sys

[2011/07/30 19:45:30 | 000,006,912 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\smbclass.sys

[2011/07/30 19:45:27 | 000,031,744 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\smb6w.dll

[2011/07/30 19:45:27 | 000,016,000 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\smbbatt.sys

[2011/07/30 19:45:19 | 000,045,568 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\smb3w.dll

[2011/07/30 19:45:11 | 000,033,792 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\smb0w.dll

[2011/07/30 19:45:10 | 000,031,744 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\sma3w.dll

[2011/07/30 19:45:02 | 000,028,672 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\sma0w.dll

[2011/07/30 19:45:01 | 000,038,912 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\sm9aw.dll

[2011/07/30 19:45:01 | 000,026,624 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\sm93w.dll

[2011/07/30 19:45:00 | 000,026,624 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\sm92w.dll

[2011/07/30 19:44:53 | 000,028,160 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\sm91w.dll

[2011/07/30 19:44:52 | 000,026,112 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\sm90w.dll

[2011/07/30 19:44:52 | 000,026,112 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\sm8dw.dll

[2011/07/30 19:44:51 | 000,029,184 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\sm8cw.dll

[2011/07/30 19:44:51 | 000,026,112 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\sm8aw.dll

[2011/07/30 19:44:50 | 000,030,208 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\sm87w.dll

[2011/07/30 19:44:50 | 000,026,112 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\sm89w.dll

[2011/07/30 19:44:49 | 000,030,208 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\sm81w.dll

[2011/07/30 19:44:49 | 000,025,088 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\sm59w.dll

[2011/07/30 19:44:45 | 000,011,136 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\slip.sys

[2011/07/30 19:44:42 | 000,063,547 | ---- | C] (Symbol Technologies) -- C:\WINDOWS\System32\dllcache\sla30nd5.sys

[2011/07/30 19:44:34 | 000,091,294 | ---- | C] (SysKonnect, a business unit of Schneider & Koch & Co. Datensysteme GmbH.) -- C:\WINDOWS\System32\dllcache\skfpwin.sys

[2011/07/30 19:44:26 | 000,094,698 | ---- | C] (SysKonnect GmbH.) -- C:\WINDOWS\System32\dllcache\sk98xwin.sys

[2011/07/30 19:44:18 | 000,157,696 | ---- | C] (Silicon Integrated Systems Corporation) -- C:\WINDOWS\System32\dllcache\sisv256.dll

[2011/07/30 19:44:10 | 000,050,432 | ---- | C] (Silicon Integrated Systems Corporation) -- C:\WINDOWS\System32\dllcache\sisv.sys

[2011/07/30 19:44:07 | 000,032,768 | ---- | C] (SiS Corporation) -- C:\WINDOWS\System32\dllcache\sisnic.sys

[2011/07/30 19:44:00 | 000,238,592 | ---- | C] (Silicon Integrated Systems Corporation) -- C:\WINDOWS\System32\dllcache\sisgrv.dll

[2011/07/30 19:43:52 | 000,104,064 | ---- | C] (Silicon Integrated Systems Corporation) -- C:\WINDOWS\System32\dllcache\sisgrp.sys

[2011/07/30 19:43:44 | 000,150,144 | ---- | C] (Silicon Integrated Systems Corporation) -- C:\WINDOWS\System32\dllcache\sis6306v.dll

[2011/07/30 19:43:36 | 000,068,608 | ---- | C] (Silicon Integrated Systems Corporation) -- C:\WINDOWS\System32\dllcache\sis6306p.sys

[2011/07/30 19:43:28 | 000,252,032 | ---- | C] (Silicon Integrated Systems Corporation) -- C:\WINDOWS\System32\dllcache\sis300iv.dll

[2011/07/30 19:43:20 | 000,101,760 | ---- | C] (Silicon Integrated Systems Corporation) -- C:\WINDOWS\System32\dllcache\sis300ip.sys

[2011/07/30 19:43:19 | 000,018,944 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\simptcp.dll

[2011/07/30 19:42:56 | 000,161,568 | ---- | C] (Micro Systemation) -- C:\WINDOWS\System32\dllcache\sgsmusb.sys

[2011/07/30 19:42:48 | 000,018,400 | ---- | C] (Micro Systemation) -- C:\WINDOWS\System32\dllcache\sgsmld.sys

[2011/07/30 19:42:40 | 000,098,080 | ---- | C] (Trident Microsystems Inc.) -- C:\WINDOWS\System32\dllcache\sgiulnt5.sys

[2011/07/30 19:42:32 | 000,386,560 | ---- | C] (Trident Microsystems Inc.) -- C:\WINDOWS\System32\dllcache\sgiul50.dll

[2011/07/30 19:42:24 | 000,036,480 | ---- | C] (Creative Technology Ltd.) -- C:\WINDOWS\System32\dllcache\sfmanm.sys

[2011/07/30 19:42:13 | 000,006,784 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\serscan.sys

[2011/07/30 19:42:05 | 000,017,664 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\sermouse.sys

[2011/07/30 19:42:04 | 000,026,112 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\EXCH_seos.dll

[2011/07/30 19:41:55 | 000,006,912 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\seaddsmc.sys

[2011/07/30 19:41:52 | 000,011,520 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\scsiscan.sys

[2011/07/30 19:41:44 | 000,011,648 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\scsiprnt.sys

[2011/07/30 19:41:43 | 000,057,856 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\EXCH_scripto.dll

[2011/07/30 19:41:34 | 000,017,280 | ---- | C] (SCM Microsystems) -- C:\WINDOWS\System32\dllcache\scr111.sys

[2011/07/30 19:41:26 | 000,016,640 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\scmstcs.sys

[2011/07/30 19:41:17 | 000,023,936 | ---- | C] (OMNIKEY AG) -- C:\WINDOWS\System32\dllcache\sccmusbm.sys

[2011/07/30 19:41:10 | 000,023,936 | ---- | C] (OMNIKEY AG) -- C:\WINDOWS\System32\dllcache\sccmn50m.sys

[2011/07/30 19:41:06 | 000,043,904 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\sbp2port.sys

[2011/07/30 19:40:58 | 000,495,616 | ---- | C] (Creative Technology Ltd.) -- C:\WINDOWS\System32\dllcache\sblfx.dll

[2011/07/30 19:40:48 | 000,075,392 | ---- | C] (S3 Graphics, Inc.) -- C:\WINDOWS\System32\dllcache\s3savmxm.sys

[2011/07/30 19:40:40 | 000,245,632 | ---- | C] (S3 Graphics, Inc.) -- C:\WINDOWS\System32\dllcache\s3savmx.dll

[2011/07/30 19:40:32 | 000,077,824 | ---- | C] (S3 Incorporated) -- C:\WINDOWS\System32\dllcache\s3sav4m.sys

[2011/07/30 19:40:24 | 000,198,400 | ---- | C] (S3 Incorporated) -- C:\WINDOWS\System32\dllcache\s3sav4.dll

[2011/07/30 19:40:16 | 000,061,504 | ---- | C] (S3 Incorporated) -- C:\WINDOWS\System32\dllcache\s3sav3dm.sys

[2011/07/30 19:40:08 | 000,179,264 | ---- | C] (S3 Incorporated) -- C:\WINDOWS\System32\dllcache\s3sav3d.dll

[2011/07/30 19:40:00 | 000,210,496 | ---- | C] (S3 Incorporated) -- C:\WINDOWS\System32\dllcache\s3mvirge.dll

[2011/07/30 19:39:51 | 000,062,496 | ---- | C] (S3 Incorporated) -- C:\WINDOWS\System32\dllcache\s3mtrio.dll

[2011/07/30 19:39:43 | 000,041,216 | ---- | C] (S3 Incorporated) -- C:\WINDOWS\System32\dllcache\s3mt3d.sys

[2011/07/30 19:39:36 | 000,182,272 | ---- | C] (S3 Incorporated) -- C:\WINDOWS\System32\dllcache\s3mt3d.dll

[2011/07/30 19:39:28 | 000,166,720 | ---- | C] (S3 Incorporated) -- C:\WINDOWS\System32\dllcache\s3m.sys

[2011/07/30 19:39:20 | 000,065,664 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\s3legacy.sys

[2011/07/30 19:39:11 | 000,082,432 | ---- | C] (Ricoh Co., Ltd.) -- C:\WINDOWS\System32\dllcache\rwia450.dll

[2011/07/30 19:39:04 | 000,079,872 | ---- | C] (Ricoh Co., Ltd.) -- C:\WINDOWS\System32\dllcache\rwia430.dll

[2011/07/30 19:39:03 | 000,079,872 | ---- | C] (Ricoh Co., Ltd.) -- C:\WINDOWS\System32\dllcache\rwia330.dll

[2011/07/30 19:39:03 | 000,079,872 | ---- | C] (Ricoh Co., Ltd.) -- C:\WINDOWS\System32\dllcache\rwia001.dll

[2011/07/30 19:39:00 | 000,029,696 | ---- | C] (Ricoh Co., Ltd.) -- C:\WINDOWS\System32\dllcache\rw450ext.dll

[2011/07/30 19:38:58 | 000,027,648 | ---- | C] (Ricoh Co., Ltd.) -- C:\WINDOWS\System32\dllcache\rw430ext.dll

[2011/07/30 19:38:53 | 000,020,992 | ---- | C] (Realtek Semiconductor Corporation) -- C:\WINDOWS\System32\dllcache\rtl8139.sys

[2011/07/30 19:38:45 | 000,019,017 | ---- | C] (Realtek Semiconductor Corporation) -- C:\WINDOWS\System32\dllcache\rtl8029.sys

[2011/07/30 19:38:38 | 000,030,720 | ---- | C] (Conexant Systems Inc.) -- C:\WINDOWS\System32\dllcache\rthwcls.sys

[2011/07/30 19:38:28 | 000,009,216 | ---- | C] (Brother Industries, Ltd.) -- C:\WINDOWS\System32\dllcache\rsmgrstr.dll

[2011/07/30 19:38:19 | 000,003,840 | ---- | C] (Conexant Systems Inc.) -- C:\WINDOWS\System32\dllcache\rpfun.sys

[2011/07/30 19:38:15 | 000,079,104 | ---- | C] (Comtrol Corporation) -- C:\WINDOWS\System32\dllcache\rocket.sys

[2011/07/30 19:38:05 | 000,037,563 | ---- | C] (RadioLAN) -- C:\WINDOWS\System32\dllcache\rlnet5.sys

[2011/07/30 19:37:56 | 000,086,097 | ---- | C] (Xircom) -- C:\WINDOWS\System32\dllcache\reslog32.dll

[2011/07/30 19:37:54 | 000,023,040 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\EXCH_regtrace.exe

[2011/07/30 19:37:53 | 000,014,848 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\register.exe

[2011/07/30 19:37:35 | 000,714,762 | ---- | C] (Xircom, Inc.) -- C:\WINDOWS\System32\dllcache\r2mdmkxx.sys

[2011/07/30 19:37:28 | 000,899,146 | ---- | C] (Xircom, Inc.) -- C:\WINDOWS\System32\dllcache\r2mdkxga.sys

[2011/07/30 19:37:20 | 000,041,472 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\qvusd.dll

[2011/07/30 19:37:11 | 000,003,328 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\qv2kux.sys

[2011/07/30 19:37:10 | 000,016,384 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\quser.exe

[2011/07/30 19:37:09 | 000,009,728 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\query.exe

[2011/07/30 19:36:58 | 000,049,024 | ---- | C] (QLogic Corporation) -- C:\WINDOWS\System32\dllcache\ql1280.sys

[2011/07/30 19:36:50 | 000,040,448 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\ql1240.sys

[2011/07/30 19:36:41 | 000,045,312 | ---- | C] (QLogic Corporation) -- C:\WINDOWS\System32\dllcache\ql12160.sys

[2011/07/30 19:36:34 | 000,033,152 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\ql10wnt.sys

[2011/07/30 19:36:25 | 000,040,320 | ---- | C] (QLogic Corporation) -- C:\WINDOWS\System32\dllcache\ql1080.sys

[2011/07/30 19:36:23 | 000,006,016 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\qic157.sys

[2011/07/30 19:36:12 | 000,130,942 | ---- | C] (PCTEL, INC.) -- C:\WINDOWS\System32\dllcache\ptserlv.sys

[2011/07/30 19:36:04 | 000,112,574 | ---- | C] (PCTEL, INC.) -- C:\WINDOWS\System32\dllcache\ptserlp.sys

[2011/07/30 19:35:57 | 000,128,286 | ---- | C] (PCTEL, INC.) -- C:\WINDOWS\System32\dllcache\ptserli.sys

[2011/07/30 19:35:54 | 000,159,232 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\ptpusd.dll

[2011/07/30 19:35:47 | 000,005,632 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\ptpusb.dll

[2011/07/30 19:35:34 | 000,035,328 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\psisload.dll

[2011/07/30 19:35:23 | 000,016,128 | ---- | C] (SCM Microsystems, Inc.) -- C:\WINDOWS\System32\dllcache\pscr.sys

[2011/07/30 19:35:18 | 000,017,664 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\ppa3.sys

[2011/07/30 19:35:09 | 000,017,792 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\ppa.sys

[2011/07/30 19:35:07 | 000,008,832 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\powerfil.sys

[2011/07/30 19:34:56 | 000,007,168 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\pnrmc.sys

[2011/07/30 19:34:55 | 000,131,584 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\pmxviceo.dll

[2011/07/30 19:34:54 | 000,011,264 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\pmxmcro.dll

[2011/07/30 19:34:54 | 000,006,144 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\pmxgl.dll

[2011/07/30 19:34:44 | 000,121,344 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\phvfwext.dll

[2011/07/30 19:34:36 | 000,019,840 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\philtune.sys

[2011/07/30 19:34:28 | 000,092,416 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\phildec.sys

[2011/07/30 19:34:20 | 000,173,696 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\philcam2.sys

[2011/07/30 19:34:12 | 000,075,776 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\philcam1.sys

[2011/07/30 19:34:05 | 000,016,384 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\philcam1.dll

[2011/07/30 19:33:57 | 000,105,984 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\phdsext.ax

[2011/07/30 19:33:55 | 000,259,328 | ---- | C] (Microsoft Corp., 3Dlabs Inc. Ltd.) -- C:\WINDOWS\System32\dllcache\perm3dd.dll

[2011/07/30 19:33:53 | 000,028,032 | ---- | C] (Microsoft Corp., 3Dlabs Inc. Ltd.) -- C:\WINDOWS\System32\dllcache\perm3.sys

[2011/07/30 19:33:50 | 000,211,584 | ---- | C] (Microsoft Corp., 3Dlabs Inc. Ltd.) -- C:\WINDOWS\System32\dllcache\perm2dll.dll

[2011/07/30 19:33:48 | 000,027,904 | ---- | C] (Microsoft Corp., 3Dlabs Inc. Ltd.) -- C:\WINDOWS\System32\dllcache\perm2.sys

[2011/07/30 19:33:40 | 000,005,504 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\perc2hib.sys

[2011/07/30 19:33:32 | 000,027,296 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\perc2.sys

[2011/07/30 19:33:29 | 000,169,984 | ---- | C] (Cisco Systems) -- C:\WINDOWS\System32\dllcache\pcx500.sys

[2011/07/30 19:33:22 | 000,086,016 | ---- | C] (PCtel, Inc.) -- C:\WINDOWS\System32\dllcache\pctspk.exe

[2011/07/30 19:33:14 | 000,035,328 | ---- | C] (AMD Inc.) -- C:\WINDOWS\System32\dllcache\pcntpci5.sys

[2011/07/30 19:33:07 | 000,029,769 | ---- | C] (AMD Inc.) -- C:\WINDOWS\System32\dllcache\pcntn5m.sys

[2011/07/30 19:32:59 | 000,030,282 | ---- | C] (AMD Inc.) -- C:\WINDOWS\System32\dllcache\pcntn5hl.sys

[2011/07/30 19:32:50 | 000,026,153 | ---- | C] (Linksys) -- C:\WINDOWS\System32\dllcache\pcmlm56.sys

[2011/07/30 19:32:47 | 000,029,502 | ---- | C] (Marconi Communications, Inc.) -- C:\WINDOWS\System32\dllcache\pca200e.sys

[2011/07/30 19:32:39 | 000,030,495 | ---- | C] (Linksys) -- C:\WINDOWS\System32\dllcache\pc100nds.sys

[2011/07/30 19:32:29 | 000,041,984 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\ovui2rc.dll

[2011/07/30 19:32:20 | 000,044,544 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\ovui2.dll

[2011/07/30 19:32:12 | 000,025,216 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\ovsound2.sys

[2011/07/30 19:32:05 | 000,039,424 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\ovcoms.exe

[2011/07/30 19:31:57 | 000,020,480 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\ovcomc.dll

[2011/07/30 19:31:49 | 000,351,616 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\ovcodek2.sys

[2011/07/30 19:31:41 | 000,116,736 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\ovcodec2.dll

[2011/07/30 19:31:32 | 000,031,872 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\ovce.sys

[2011/07/30 19:31:25 | 000,028,032 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\ovcd.sys

[2011/07/30 19:31:17 | 000,048,000 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\ovcam2.sys

[2011/07/30 19:31:10 | 000,025,088 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\ovca.sys

[2011/07/30 19:31:02 | 000,054,186 | ---- | C] (Ositech Communications, Inc.) -- C:\WINDOWS\System32\dllcache\otcsercb.sys

[2011/07/30 19:30:54 | 000,043,689 | ---- | C] (Ositech Communications, Inc.) -- C:\WINDOWS\System32\dllcache\otceth5.sys

[2011/07/30 19:30:46 | 000,027,209 | ---- | C] (Ositech Communications, Inc.) -- C:\WINDOWS\System32\dllcache\otc06x5.sys

[2011/07/30 19:30:37 | 000,054,528 | ---- | C] (Yamaha Corp.) -- C:\WINDOWS\System32\dllcache\opl3sax.sys

[2011/07/30 19:30:16 | 000,198,144 | ---- | C] (NVIDIA Corporation) -- C:\WINDOWS\System32\dllcache\nv3.sys

[2011/07/30 19:30:05 | 000,123,776 | ---- | C] (NVIDIA Corporation) -- C:\WINDOWS\System32\dllcache\nv3.dll

[2011/07/30 19:29:47 | 000,051,552 | ---- | C] (Kensington Technology Group) -- C:\WINDOWS\System32\dllcache\ntgrip.sys

[2011/07/30 19:29:47 | 000,038,912 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\EXCH_ntfsdrv.dll

[2011/07/30 19:29:38 | 000,009,344 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\ntapm.sys

[2011/07/30 19:29:31 | 000,007,552 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\nsmmc.sys

[2011/07/30 19:29:29 | 000,028,672 | ---- | C] (National Semiconductor Corporation) -- C:\WINDOWS\System32\dllcache\nscirda.sys

[2011/07/30 19:29:18 | 000,087,040 | ---- | C] (NeoMagic Corporation) -- C:\WINDOWS\System32\dllcache\nm6wdm.sys

[2011/07/30 19:29:11 | 000,126,080 | ---- | C] (NeoMagic Corporation) -- C:\WINDOWS\System32\dllcache\nm5a2wdm.sys

[2011/07/30 19:29:02 | 000,032,840 | ---- | C] (NETGEAR Corporation.) -- C:\WINDOWS\System32\dllcache\ngrpci.sys

[2011/07/30 19:29:00 | 000,132,695 | ---- | C] (802.11b) -- C:\WINDOWS\System32\dllcache\netwlan5.sys

[2011/07/30 19:28:48 | 000,065,278 | ---- | C] (Compaq Computer Corporation) -- C:\WINDOWS\System32\dllcache\netflx3.sys

[2011/07/30 19:28:40 | 000,039,264 | ---- | C] (NeoMagic Corporation) -- C:\WINDOWS\System32\dllcache\neo20xx.sys

[2011/07/30 19:28:32 | 000,060,480 | ---- | C] (NeoMagic Corporation) -- C:\WINDOWS\System32\dllcache\neo20xx.dll

[2011/07/30 19:28:25 | 000,015,872 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\ne2000.sys

[2011/07/30 19:28:21 | 000,010,880 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\ndisip.sys

[2011/07/30 19:28:16 | 000,085,248 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\nabtsfec.sys

[2011/07/30 19:28:09 | 000,091,488 | ---- | C] (Number Nine Visual Technology Corp.) -- C:\WINDOWS\System32\dllcache\n9i3disp.dll

[2011/07/30 19:28:02 | 000,027,936 | ---- | C] (Number Nine Visual Technology Corp.) -- C:\WINDOWS\System32\dllcache\n9i3d.sys

[2011/07/30 19:27:55 | 000,033,088 | ---- | C] (Number

Link to comment
Share on other sites

All done, here's the log:

Many thanks

Gemma

 

 

ComboFix 11-08-07.03 - CAROLYN 12/08/2011 11:10:17.1.1 - x86

Microsoft Windows XP Home Edition 5.1.2600.3.1252.64.1033.18.1246.729 [GMT 1:00]

Running from: c:\documents and settings\CAROLYN\Desktop\ComboFix.exe

Command switches used :: /nombr

AV: Microsoft Security Essentials *Disabled/Updated* {EDB4FA23-53B8-4AFA-8C5D-99752CCA7095}

.

.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))

.

.

c:\documents and settings\CAROLYN\WINDOWS

c:\temp\sanR24

c:\temp\sanR24\lDii.log

C:\UNWISE.EXE

c:\windows\system32\AutoRun.inf

c:\windows\system32\LSPTQE.DLL

.

.

((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))

.

.

-------\Service_usnjsvc

.

.

((((((((((((((((((((((((( Files Created from 2011-07-12 to 2011-08-12 )))))))))))))))))))))))))))))))

.

.

2011-08-11 12:26 . 2011-08-11 12:26 -------- d-----w- c:\program files\ESET

2011-08-09 17:11 . 2011-07-20 08:44 6881616 ----a-w- c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{7FCC2CBB-F92B-4995-BCB6-55DEF86C8AD4}\mpengine.dll

2011-08-09 17:05 . 2011-08-09 17:06 -------- d-----w- c:\program files\Microsoft Security Client

2011-08-09 15:52 . 2011-08-09 15:53 -------- d-----w- c:\documents and settings\CAROLYN\Local Settings\Application Data\Google

2011-08-09 15:51 . 2011-08-09 15:52 -------- d-----w- c:\documents and settings\CAROLYN\Local Settings\Application Data\Deployment

2011-08-09 14:52 . 2011-08-09 14:52 -------- d-----w- c:\documents and settings\CAROLYN\Application Data\Malwarebytes

2011-08-09 14:52 . 2011-07-06 18:52 41272 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys

2011-08-09 14:52 . 2011-08-09 14:52 -------- dc----w- c:\documents and settings\All Users\Application Data\Malwarebytes

2011-08-09 14:52 . 2011-07-06 18:52 22712 ----a-w- c:\windows\system32\drivers\mbam.sys

2011-08-09 14:52 . 2011-08-09 14:52 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware

2011-08-07 16:47 . 2011-08-07 16:47 -------- dc----w- C:\_OTL

2011-08-06 15:07 . 2011-08-06 15:07 -------- dc----w- c:\documents and settings\Administrator.DKC

2011-07-31 09:59 . 2011-05-24 18:14 222080 ------w- c:\windows\system32\MpSigStub.exe

2011-07-30 18:46 . 2001-08-17 21:36 7168 ----a-w- c:\windows\system32\dllcache\EXCH_snprfdll.dll

2011-07-30 18:46 . 2001-08-17 21:36 12288 ----a-w- c:\windows\system32\dllcache\EXCH_smtpctrs.dll

2011-07-30 18:42 . 2001-08-17 21:36 26112 ----a-w- c:\windows\system32\dllcache\EXCH_seos.dll

2011-07-30 18:41 . 2001-08-17 21:36 57856 ----a-w- c:\windows\system32\dllcache\EXCH_scripto.dll

2011-07-30 18:37 . 2001-08-17 21:36 23040 ----a-w- c:\windows\system32\dllcache\EXCH_regtrace.exe

2011-07-30 18:29 . 2001-08-17 21:36 38912 ----a-w- c:\windows\system32\dllcache\EXCH_ntfsdrv.dll

2011-07-30 18:23 . 2001-08-17 21:36 65536 ----a-w- c:\windows\system32\dllcache\EXCH_mailmsg.dll

2011-07-30 18:11 . 2004-08-03 20:31 34173 ----a-w- c:\windows\system32\dllcache\forehe.sys

2011-07-30 18:11 . 2001-08-17 21:36 71680 ----a-w- c:\windows\system32\dllcache\fnfilter.dll

2011-07-30 18:11 . 2004-08-04 13:00 14848 ----a-w- c:\windows\system32\dllcache\flattemp.exe

2011-07-30 18:11 . 2001-08-17 11:13 27165 ----a-w- c:\windows\system32\dllcache\fetnd5.sys

2011-07-30 18:11 . 2001-08-17 11:10 22090 ----a-w- c:\windows\system32\dllcache\fem556n5.sys

2011-07-30 18:11 . 2001-08-17 21:36 43520 ----a-w- c:\windows\system32\dllcache\EXCH_fcachdll.dll

2011-07-30 18:11 . 2001-08-17 11:12 24618 ----a-w- c:\windows\system32\dllcache\fa410nd5.sys

2011-07-30 18:11 . 2001-08-17 11:12 16074 ----a-w- c:\windows\system32\dllcache\fa312nd5.sys

2011-07-30 18:09 . 2001-08-17 12:28 595647 ----a-w- c:\windows\system32\dllcache\es56cvmp.sys

2011-07-30 18:09 . 2001-08-17 11:19 174464 ----a-w- c:\windows\system32\dllcache\es198x.sys

2011-07-30 18:09 . 2001-08-17 11:19 72192 ----a-w- c:\windows\system32\dllcache\es1969.sys

2011-07-30 18:09 . 2001-08-17 11:19 40704 ----a-w- c:\windows\system32\dllcache\es1371mp.sys

2011-07-30 18:09 . 2001-08-17 11:19 37120 ----a-w- c:\windows\system32\dllcache\es1370mp.sys

2011-07-30 18:09 . 2001-08-17 21:36 61952 ----a-w- c:\windows\system32\dllcache\eqnloop.exe

2011-07-30 18:09 . 2001-08-17 21:36 51200 ----a-w- c:\windows\system32\dllcache\eqnlogr.exe

2011-07-30 18:09 . 2001-08-17 21:36 53248 ----a-w- c:\windows\system32\dllcache\eqndiag.exe

2011-07-30 18:09 . 2001-08-17 11:17 629952 ----a-w- c:\windows\system32\dllcache\eqn.sys

2011-07-30 18:09 . 2001-08-17 12:50 114944 ----a-w- c:\windows\system32\dllcache\epstw2k.sys

2011-07-30 18:09 . 2001-08-17 11:12 18503 ----a-w- c:\windows\system32\dllcache\epro4.sys

2011-07-30 18:09 . 2001-08-17 12:50 144896 ----a-w- c:\windows\system32\dllcache\epcfw2k.sys

2011-07-30 18:09 . 2001-08-17 11:19 283904 ----a-w- c:\windows\system32\dllcache\emu10k1m.sys

2011-07-30 18:07 . 2001-08-17 11:10 44103 ----a-w- c:\windows\system32\dllcache\el515.sys

2011-07-30 18:07 . 2004-08-04 13:00 514587 ----a-w- c:\windows\system32\dllcache\edb500.dll

2011-07-30 18:07 . 2001-08-17 11:12 19594 ----a-w- c:\windows\system32\dllcache\e100isa4.sys

2011-07-30 18:07 . 2001-08-17 11:12 117760 ----a-w- c:\windows\system32\dllcache\e100b325.sys

2011-07-30 18:07 . 2001-08-17 11:12 50719 ----a-w- c:\windows\system32\dllcache\e1000nt5.sys

2011-07-30 18:07 . 2001-08-17 11:20 334208 ----a-w- c:\windows\system32\dllcache\ds1wdm.sys

2011-07-30 18:07 . 2001-08-17 13:07 20192 ----a-w- c:\windows\system32\dllcache\dpti2o.sys

2011-07-30 18:07 . 2001-08-17 11:12 28062 ----a-w- c:\windows\system32\dllcache\dp83820.sys

2011-07-30 18:07 . 2001-08-17 12:47 23808 ----a-w- c:\windows\system32\dllcache\dot4usb.sys

2011-07-30 18:07 . 2001-08-17 12:47 8704 ----a-w- c:\windows\system32\dllcache\dot4scan.sys

2011-07-30 18:05 . 2001-08-17 21:36 102484 ----a-w- c:\windows\system32\dllcache\digiinf.dll

2011-07-30 18:04 . 2001-08-17 21:36 80896 ----a-w- c:\windows\system32\dllcache\dc210usd.dll

2011-07-30 18:03 . 2001-08-17 11:19 96256 ----a-w- c:\windows\system32\dllcache\ctlsb16.sys

2011-07-30 18:02 . 2004-08-04 13:00 15872 ----a-w- c:\windows\system32\dllcache\chgport.exe

2011-07-30 18:01 . 2001-08-17 12:51 13824 ----a-w- c:\windows\system32\dllcache\bulltlp3.sys

2011-07-30 18:00 . 2001-08-17 11:11 66557 ----a-w- c:\windows\system32\dllcache\bcm42u.sys

2011-07-30 17:59 . 2001-08-17 21:36 5632 ----a-w- c:\windows\system32\dllcache\EXCH_adsiisex.dll

2011-07-21 20:07 . 2011-07-27 21:14 -------- d-----w- c:\documents and settings\LocalService\Local Settings\Application Data\Adobe

.

.

.

(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2011-06-02 14:02 . 2004-08-04 08:00 1858944 ----a-w- c:\windows\system32\win32k.sys

2009-06-22 09:48 . 2009-06-22 09:48 115552 ----a-w- c:\program files\mozilla firefox\components\FFConnectorLauncher.dll

2009-06-22 09:48 . 2009-06-22 09:48 239968 ----a-w- c:\program files\mozilla firefox\components\FFSource.dll

.

.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))

.

.

*Note* empty entries & legit default entries are not shown

REGEDIT4

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"SynTPLpr"="c:\program files\Synaptics\SynTP\SynTPLpr.exe" [2004-10-05 98394]

"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2004-10-05 688218]

"PWRISOVM.EXE"="c:\program files\PowerISO\PWRISOVM.EXE" [2008-03-14 233472]

"PHIME2002ASync"="c:\windows\system32\IME\TINTLGNT\TINTSETP.EXE" [2004-08-04 455168]

"PHIME2002A"="c:\windows\system32\IME\TINTLGNT\TINTSETP.EXE" [2004-08-04 455168]

"pdfFactory Dispatcher v2"="c:\windows\System32\spool\DRIVERS\W32X86\3\fppdis2a.exe" [2006-04-05 499712]

"MSPY2002"="c:\windows\system32\IME\PINTLGNT\ImScInst.exe" [2004-08-04 59392]

"IMJPMIG8.1"="c:\windows\IME\imjp8_1\IMJPMIG.EXE" [2004-08-04 208952]

"IMEKRMIG6.1"="c:\windows\ime\imkr6_1\IMEKRMIG.EXE" [2004-08-04 44032]

"IgfxTray"="c:\windows\system32\igfxtray.exe" [2004-06-17 155648]

"HP Software Update"="c:\program files\HP\HP Software Update\HPWuSchd2.exe" [2007-03-11 49152]

"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2004-06-17 118784]

"Cpqset"="c:\program files\HPQ\Default Settings\cpqset.exe" [2004-10-13 229438]

"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2011-06-08 37296]

"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2011-03-30 937920]

"TkBellExe"="c:\program files\Real\RealPlayer\update\realsched.exe" [2011-03-20 273544]

"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2010-11-29 421888]

"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2011-03-07 421160]

"MSC"="c:\program files\Microsoft Security Client\msseces.exe" [2011-06-15 997920]

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce]

"AvgUninstallURL"="start http://www.avg.com/ww.special-uninstallation-feedback-appf?lic=OUFWRlJFRS1WWllGOC1DSzdRRy05VUJVUi03U1VMUy00NEtSMi1GS1NV&inst=NzctNTQyNDQ2NDQ2LVQxLUJBKzEtS1YzKzctVUNBTEwrMS1VQ0FMTDIrMi1UQjgrMi1GTCs4LUY4TTExQysxLVVQRysyMDExLUZMMTArMS1UVUcrMy1MSUMrOS1ERFQrMA&prod=90&ver=10.0.1390" [?]

.

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]

"DWQueuedReporting"="c:\progra~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" [2007-02-26 437160]

.

c:\documents and settings\CAROLYN\Start Menu\Programs\Startup\

OpenOffice.org 3.3.lnk - c:\program files\OpenOffice.org 3\program\quickstart.exe [2010-12-13 1198592]

.

c:\documents and settings\All Users\Start Menu\Programs\Startup\

Device Monitor LE.lnk - c:\program files\PIXELA\MediaBrowser LE\MBCameraMonitor.exe [2010-12-31 271640]

HP Digital Imaging Monitor.lnk - c:\program files\HP\Digital Imaging\bin\hpqtra08.exe [2007-3-11 210520]

.

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc]

@="Service"

.

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]

"DisableMonitoring"=dword:00000001

.

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]

"DisableMonitoring"=dword:00000001

.

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]

"DisableMonitoring"=dword:00000001

.

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]

"EnableFirewall"= 0 (0x0)

.

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]

"%windir%\\system32\\sessmgr.exe"=

"c:\\Program Files\\Messenger\\msmsgs.exe"=

"c:\\Program Files\\Huawei technologies\\Huawei UMTS Data Card\\3 USB Modem.exe"=

"%windir%\\Network Diagnostic\\xpnetdiag.exe"=

"c:\\Program Files\\Skype\\Phone\\Skype.exe"=

"c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=

"c:\\Program Files\\Windows Live\\Messenger\\livecall.exe"=

"c:\\Program Files\\Spotify\\spotify.exe"=

"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=

"c:\\Program Files\\iTunes\\iTunes.exe"=

.

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]

"16609:TCP"= 16609:TCP:BitComet 16609 TCP

"16609:UDP"= 16609:UDP:BitComet 16609 UDP

.

S1 MpKslc26dc8e8;MpKslc26dc8e8;\??\c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{E72CFD10-34BC-4850-BCD0-65C5A23C9D84}\MpKslc26dc8e8.sys --> c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{E72CFD10-34BC-4850-BCD0-65C5A23C9D84}\MpKslc26dc8e8.sys [?]

S1 MpKslf1cc18db;MpKslf1cc18db;\??\c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{E72CFD10-34BC-4850-BCD0-65C5A23C9D84}\MpKslf1cc18db.sys --> c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{E72CFD10-34BC-4850-BCD0-65C5A23C9D84}\MpKslf1cc18db.sys [?]

S2 gupdate;Google Update Service (gupdate);c:\program files\Google\Update\GoogleUpdate.exe /svc --> c:\program files\Google\Update\GoogleUpdate.exe [?]

S3 gupdatem;Google Update Service (gupdatem);c:\program files\Google\Update\GoogleUpdate.exe /medsvc --> c:\program files\Google\Update\GoogleUpdate.exe [?]

S3 MBAMSwissArmy;MBAMSwissArmy;c:\windows\system32\drivers\mbamswissarmy.sys [9/08/2011 3:52 p.m. 41272]

S3 s3017bus;Sony Ericsson Device 3017 driver (WDM);c:\windows\system32\drivers\s3017bus.sys [7/11/2008 7:43 p.m. 83880]

S3 s3017mdfl;Sony Ericsson Device 3017 USB WMC Modem Filter;c:\windows\system32\drivers\s3017mdfl.sys [7/11/2008 7:43 p.m. 15016]

S3 s3017mdm;Sony Ericsson Device 3017 USB WMC Modem Driver;c:\windows\system32\drivers\s3017mdm.sys [7/11/2008 7:43 p.m. 110632]

S3 s3017mgmt;Sony Ericsson Device 3017 USB WMC Device Management Drivers (WDM);c:\windows\system32\drivers\s3017mgmt.sys [7/11/2008 7:44 p.m. 104616]

S3 s3017nd5;Sony Ericsson Device 3017 USB Ethernet Emulation SEMC3017 (NDIS);c:\windows\system32\drivers\s3017nd5.sys [7/11/2008 7:43 p.m. 25512]

S3 s3017obex;Sony Ericsson Device 3017 USB WMC OBEX Interface;c:\windows\system32\drivers\s3017obex.sys [7/11/2008 7:44 p.m. 100648]

S3 s3017unic;Sony Ericsson Device 3017 USB Ethernet Emulation SEMC3017 (WDM);c:\windows\system32\drivers\s3017unic.sys [7/11/2008 7:44 p.m. 110120]

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]

HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12

hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc

.

Contents of the 'Scheduled Tasks' folder

.

2011-06-29 c:\windows\Tasks\AppleSoftwareUpdate.job

- c:\program files\Apple Software Update\SoftwareUpdate.exe [2007-08-29 11:34]

.

2011-08-09 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2012471123-1072920522-3341227606-1006Core.job

- c:\documents and settings\CAROLYN\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2011-08-09 15:52]

.

2011-08-11 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2012471123-1072920522-3341227606-1006UA.job

- c:\documents and settings\CAROLYN\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2011-08-09 15:52]

.

2011-08-12 c:\windows\Tasks\MP Scheduled Scan.job

- c:\program files\Microsoft Security Client\Antimalware\MpCmdRun.exe [2011-04-27 14:39]

.

2011-08-12 c:\windows\Tasks\RealUpgradeLogonTaskS-1-5-21-2012471123-1072920522-3341227606-1006.job

- c:\program files\Real\RealUpgrade\realupgrade.exe [2011-01-24 14:25]

.

2011-08-11 c:\windows\Tasks\RealUpgradeScheduledTaskS-1-5-21-2012471123-1072920522-3341227606-1006.job

- c:\program files\Real\RealUpgrade\realupgrade.exe [2011-01-24 14:25]

.

2011-06-23 c:\windows\Tasks\SpeedMaxPc Defrag.job

- c:\program files\SpeedMaxPc\SpeedMaxPc\speedmaxpc.exe [2011-01-25 23:10]

.

2011-08-09 c:\windows\Tasks\SpeedMaxPc Registration3.job

- c:\program files\Common Files\SpeedMaxPc\UUS3\UUS3.dll [2010-11-02 18:09]

.

2011-06-23 c:\windows\Tasks\SpeedMaxPc Update3.job

- c:\program files\Common Files\SpeedMaxPc\UUS3\Update3.exe [2010-11-02 18:09]

.

2011-06-23 c:\windows\Tasks\SpeedMaxPc.job

- c:\program files\SpeedMaxPc\SpeedMaxPc\speedmaxpc.exe [2011-01-25 23:10]

.

.

------- Supplementary Scan -------

.

uStart Page = hxxp://www.google.com/

uInternet Connection Wizard,ShellNext = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=EN_AU&c=Q105&bd=pavilion&pf=laptop

uInternet Settings,ProxyOverride = *.local

IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~4\OFFICE11\EXCEL.EXE/3000

TCP: DhcpNameServer = 192.168.1.1

.

- - - - ORPHANS REMOVED - - - -

.

URLSearchHooks-{A3BC75A2-1F87-4686-AA43-5347D756017C} - (no file)

AddRemove-NetSight - c:\progra~1\NETRAT~1\NetSight\NSSetup.exe

.

.

.

**************************************************************************

.

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net

Rootkit scan 2011-08-12 11:21

Windows 5.1.2600 Service Pack 3 NTFS

.

scanning hidden processes ...

.

scanning hidden autostart entries ...

.

HKLM\Software\Microsoft\Windows\CurrentVersion\Run

Cpqset = c:\program files\HPQ\Default Settings\cpqset.exe????????9?2?0?5??????? ???B?????????????H<C? ??????

.

scanning hidden files ...

.

scan completed successfully

hidden files: 0

.

**************************************************************************

.

--------------------- DLLs Loaded Under Running Processes ---------------------

.

- - - - - - - > 'explorer.exe'(3508)

c:\windows\system32\WININET.dll

c:\progra~1\WINDOW~1\wmpband.dll

c:\windows\system32\ieframe.dll

c:\windows\system32\WPDShServiceObj.dll

c:\windows\system32\PortableDeviceTypes.dll

c:\windows\system32\PortableDeviceApi.dll

.

------------------------ Other Running Processes ------------------------

.

c:\program files\Microsoft Security Client\Antimalware\MsMpEng.exe

c:\program files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe

c:\program files\Bonjour\mDNSResponder.exe

c:\windows\system32\wscntfy.exe

c:\program files\OpenOffice.org 3\program\soffice.exe

c:\program files\OpenOffice.org 3\program\soffice.bin

c:\program files\iPod\bin\iPodService.exe

c:\program files\HP\Digital Imaging\bin\hpqSTE08.exe

.

**************************************************************************

.

Completion time: 2011-08-12 11:29:55 - machine was rebooted

ComboFix-quarantined-files.txt 2011-08-12 10:29

.

Pre-Run: 11,298,414,592 bytes free

Post-Run: 11,249,455,104 bytes free

.

- - End Of File - - BDF578DA9B4FC79906B6FB52ABC8C8BC

Link to comment
Share on other sites

This might take quite a while.

 

Please download SystemLook from one of the links below and save it to your Desktop.

Download Mirror #1

Download Mirror #2

  • Double-click SystemLook.exe to run it.
  • Copy the content of the following codebox into the main textfield:

    :filefind
    EXCH_snprfdll.dll
    EXCH_smtpctrs.dll
    EXCH_seos.dll
    EXCH_scripto.dll
    EXCH_regtrace.exe
    EXCH_ntfsdrv.dll
    EXCH_mailmsg.dll
    forehe.sys
    fnfilter.dll
    flattemp.exe
    fetnd5.sys
    fem556n5.sys
    EXCH_fcachdll.dll
    fa410nd5.sys
    fa312nd5.sys
    es56cvmp.sys
    es198x.sys
    es1969.sys
    es1371mp.sys
    es1370mp.sys
    eqnloop.exe
    eqnlogr.exe
    eqndiag.exe
    eqn.sys
    epstw2k.sys
    epro4.sys
    epcfw2k.sys
    emu10k1m.sys
    el515.sys
    edb500.dll
    e100isa4.sys
    e100b325.sys
    e1000nt5.sys
    ds1wdm.sys
    dpti2o.sys
    dp83820.sys
    dot4usb.sys
    dot4scan.sys
    digiinf.dll
    dc210usd.dll
    ctlsb16.sys
    chgport.exe
    bulltlp3.sys
    bcm42u.sys
    EXCH_adsiisex.dll
    
  • Click the Look button to start the scan.
  • When finished, a notepad window will open with the results of the scan. Please post this log in your next reply.
Note: The log can also be found on your Desktop entitled SystemLook.txt
Link to comment
Share on other sites

I do indeed!

 

Thanks for your patience, I've been away from my computer for a couple of days.

 

Please find log below

 

Many thanks:

 

SystemLook 30.07.11 by jpshortstuff

Log created at 19:37 on 16/08/2011 by CAROLYN

Administrator - Elevation successful

 

========== filefind ==========

 

Searching for "EXCH_snprfdll.dll "

C:\WINDOWS\system32\dllcache\EXCH_snprfdll.dll --a---- 7168 bytes [18:46 30/07/2011] [21:36 17/08/2001] 2686A3462805BDD858BCDA4A051BD8C8

 

Searching for "EXCH_smtpctrs.dll "

C:\WINDOWS\system32\dllcache\EXCH_smtpctrs.dll --a---- 12288 bytes [18:46 30/07/2011] [21:36 17/08/2001] 1136F3F9B7CB44E738EC79363A69894D

 

Searching for "EXCH_seos.dll "

C:\WINDOWS\system32\dllcache\EXCH_seos.dll --a---- 26112 bytes [18:42 30/07/2011] [21:36 17/08/2001] 0628529994F453CBCE9E6E680A529E48

 

Searching for "EXCH_scripto.dll "

C:\WINDOWS\system32\dllcache\EXCH_scripto.dll --a---- 57856 bytes [18:41 30/07/2011] [21:36 17/08/2001] 58220583C9A183DA498D7CEDF21CDB4A

 

Searching for "EXCH_regtrace.exe "

C:\WINDOWS\system32\dllcache\EXCH_regtrace.exe --a---- 23040 bytes [18:37 30/07/2011] [21:36 17/08/2001] 5BDD05AC1AFBAB931EC1DE0AB40D15F4

 

Searching for "EXCH_ntfsdrv.dll "

C:\WINDOWS\system32\dllcache\EXCH_ntfsdrv.dll --a---- 38912 bytes [18:29 30/07/2011] [21:36 17/08/2001] EEE6EFD0A1861B8322D0BF9B0060A8D5

 

Searching for "EXCH_mailmsg.dll "

C:\WINDOWS\system32\dllcache\EXCH_mailmsg.dll --a---- 65536 bytes [18:23 30/07/2011] [21:36 17/08/2001] C983CBCF269AE56BFAD04039780C45E6

 

Searching for "forehe.sys "

C:\WINDOWS\ServicePackFiles\i386\forehe.sys ------- 34173 bytes [19:45 22/08/2008] [21:31 03/08/2004] B94D57F1D16BB5A66F6083140346B4AA

C:\WINDOWS\system32\dllcache\forehe.sys --a---- 34173 bytes [18:11 30/07/2011] [20:31 03/08/2004] B94D57F1D16BB5A66F6083140346B4AA

 

Searching for "fnfilter.dll "

C:\WINDOWS\system32\dllcache\fnfilter.dll --a---- 71680 bytes [18:11 30/07/2011] [21:36 17/08/2001] 0E00D5F21AF72352547C0C0068F1051F

 

Searching for "flattemp.exe "

C:\WINDOWS\system32\dllcache\flattemp.exe --a---- 14848 bytes [18:11 30/07/2011] [13:00 04/08/2004] 87D3ED1916265ADA35B898DAEEFBBB73

 

Searching for "fetnd5.sys "

C:\WINDOWS\system32\dllcache\fetnd5.sys --a---- 27165 bytes [18:11 30/07/2011] [11:13 17/08/2001] E9648254056BCE81A85380C0C3647DC4

 

Searching for "fem556n5.sys "

C:\WINDOWS\system32\dllcache\fem556n5.sys --a---- 22090 bytes [18:11 30/07/2011] [11:10 17/08/2001] D083354E0341CE23009BF75BBF744343

 

Searching for "EXCH_fcachdll.dll "

C:\WINDOWS\system32\dllcache\EXCH_fcachdll.dll --a---- 43520 bytes [18:11 30/07/2011] [21:36 17/08/2001] A2AB8BA0D91306C1AEB4235DD1D16A5E

 

Searching for "fa410nd5.sys "

C:\WINDOWS\system32\dllcache\fa410nd5.sys --a---- 24618 bytes [18:11 30/07/2011] [11:12 17/08/2001] B64A76D3C444C8A24B6CEFE8658CF62D

 

Searching for "fa312nd5.sys "

C:\WINDOWS\system32\dllcache\fa312nd5.sys --a---- 16074 bytes [18:11 30/07/2011] [11:12 17/08/2001] AA855FB8A866281AACB393C1FEAB91AE

 

Searching for "es56cvmp.sys "

C:\WINDOWS\system32\dllcache\es56cvmp.sys --a---- 595647 bytes [18:09 30/07/2011] [12:28 17/08/2001] 643B3B3D9ADDFFC1AA7606CB80A104AC

 

Searching for "es198x.sys "

C:\WINDOWS\system32\dllcache\es198x.sys --a---- 174464 bytes [18:09 30/07/2011] [11:19 17/08/2001] BC129F409AF5FCF46E978C1C144E31BE

 

Searching for "es1969.sys "

C:\WINDOWS\system32\dllcache\es1969.sys --a---- 72192 bytes [18:09 30/07/2011] [11:19 17/08/2001] B9F03760AF557348E17A5BB5FFEB73C0

 

Searching for "es1371mp.sys "

C:\WINDOWS\system32\dllcache\es1371mp.sys --a---- 40704 bytes [18:09 30/07/2011] [11:19 17/08/2001] A55DD7D8CED5D2624A9EE2DDA7BE0319

 

Searching for "es1370mp.sys "

C:\WINDOWS\system32\dllcache\es1370mp.sys --a---- 37120 bytes [18:09 30/07/2011] [11:19 17/08/2001] E8A3A647FFFEB18D8FACE656CE756C4B

 

Searching for "eqnloop.exe "

C:\WINDOWS\system32\dllcache\eqnloop.exe --a---- 61952 bytes [18:09 30/07/2011] [21:36 17/08/2001] 021D499BEA86D4E3CDBA22DA6378B8DA

 

Searching for "eqnlogr.exe "

C:\WINDOWS\system32\dllcache\eqnlogr.exe --a---- 51200 bytes [18:09 30/07/2011] [21:36 17/08/2001] 2099CB022C4F3A32A4148D294CF7572F

 

Searching for "eqndiag.exe "

C:\WINDOWS\system32\dllcache\eqndiag.exe --a---- 53248 bytes [18:09 30/07/2011] [21:36 17/08/2001] 290EBBE5E50FDBBF64FEFE4A496E3FAF

 

Searching for "eqn.sys "

C:\WINDOWS\system32\dllcache\eqn.sys --a---- 629952 bytes [18:09 30/07/2011] [11:17 17/08/2001] 7523787840D369BC2679F34B2F75CFE1

 

Searching for "epstw2k.sys "

C:\WINDOWS\system32\dllcache\epstw2k.sys --a---- 114944 bytes [18:09 30/07/2011] [12:50 17/08/2001] AFF9BC3DA54AA48BF212443F769699C7

 

Searching for "epro4.sys "

C:\WINDOWS\system32\dllcache\epro4.sys --a---- 18503 bytes [18:09 30/07/2011] [11:12 17/08/2001] 8D2766A5495E38ED6B0C0FE96C7CFB4A

 

Searching for "epcfw2k.sys "

C:\WINDOWS\system32\dllcache\epcfw2k.sys --a---- 144896 bytes [18:09 30/07/2011] [12:50 17/08/2001] 094998886BD5E91BBEEA02EF08099697

 

Searching for "emu10k1m.sys "

C:\WINDOWS\system32\dllcache\emu10k1m.sys --a---- 283904 bytes [18:09 30/07/2011] [11:19 17/08/2001] 01F83E1B5DCE05F5CB7D99113CA9E890

 

Searching for "el515.sys "

C:\WINDOWS\system32\dllcache\el515.sys --a---- 44103 bytes [18:07 30/07/2011] [11:10 17/08/2001] BF5685157BDFDD2080BFBAD0C9FDB259

 

Searching for "edb500.dll "

C:\WINDOWS\system32\dllcache\edb500.dll --a---- 514587 bytes [18:07 30/07/2011] [13:00 04/08/2004] D177E174BBA4349CAB132AA801FB430E

 

Searching for "e100isa4.sys "

C:\WINDOWS\system32\dllcache\e100isa4.sys --a---- 19594 bytes [18:07 30/07/2011] [11:12 17/08/2001] B471B27B6BC79C2BB90F3F120667B875

 

Searching for "e100b325.sys "

C:\WINDOWS\system32\dllcache\e100b325.sys --a---- 117760 bytes [18:07 30/07/2011] [11:12 17/08/2001] 3FCA03CBCA11269F973B70FA483C88EF

 

Searching for "e1000nt5.sys "

C:\WINDOWS\system32\dllcache\e1000nt5.sys --a---- 50719 bytes [18:07 30/07/2011] [11:12 17/08/2001] 8C0A85DF01DFC02377DDEC3ABC09A357

 

Searching for "ds1wdm.sys "

C:\WINDOWS\system32\dllcache\ds1wdm.sys --a---- 334208 bytes [18:07 30/07/2011] [11:20 17/08/2001] 6CF04C9FB5BC974C0A472BC81FD56366

 

Searching for "dpti2o.sys "

C:\WINDOWS\system32\dllcache\dpti2o.sys --a---- 20192 bytes [18:07 30/07/2011] [13:07 17/08/2001] 40F3B93B4E5B0126F2F5C0A7A5E22660

 

Searching for "dp83820.sys "

C:\WINDOWS\system32\dllcache\dp83820.sys --a---- 28062 bytes [18:07 30/07/2011] [11:12 17/08/2001] 7AC361ECC27F864B744798C39F05C9EB

 

Searching for "dot4usb.sys "

C:\WINDOWS\system32\dllcache\dot4usb.sys --a---- 23808 bytes [18:07 30/07/2011] [12:47 17/08/2001] 6EC3AF6BB5B30E488A0C559921F012E1

 

Searching for "dot4scan.sys "

C:\WINDOWS\system32\dllcache\dot4scan.sys --a---- 8704 bytes [18:07 30/07/2011] [12:47 17/08/2001] BD05306428DA63369692477DDC0F6F5F

 

Searching for "digiinf.dll "

C:\WINDOWS\system32\dllcache\digiinf.dll --a---- 102484 bytes [18:05 30/07/2011] [21:36 17/08/2001] 8BADECC1C510D85927224ACFB5FA5818

 

Searching for "dc210usd.dll "

C:\WINDOWS\system32\dllcache\dc210usd.dll --a---- 80896 bytes [18:04 30/07/2011] [21:36 17/08/2001] 366D697EEDB8283CEC370EB701F45F12

 

Searching for "ctlsb16.sys "

C:\WINDOWS\system32\dllcache\ctlsb16.sys --a---- 96256 bytes [18:03 30/07/2011] [11:19 17/08/2001] E2B1AEDB62845581D848037F0A614EE6

 

Searching for "chgport.exe "

C:\WINDOWS\system32\dllcache\chgport.exe --a---- 15872 bytes [18:02 30/07/2011] [13:00 04/08/2004] 4C7E7570DA312657D58FEBB5735AA04A

 

Searching for "bulltlp3.sys "

C:\WINDOWS\system32\dllcache\bulltlp3.sys --a---- 13824 bytes [18:01 30/07/2011] [12:51 17/08/2001] 16BD1F979461F154801727864F654CEC

 

Searching for "bcm42u.sys "

C:\WINDOWS\system32\dllcache\bcm42u.sys --a---- 66557 bytes [18:00 30/07/2011] [11:11 17/08/2001] FF90A6B43830A42F989111C53FA11436

 

Searching for "EXCH_adsiisex.dll"

C:\WINDOWS\system32\dllcache\EXCH_adsiisex.dll --a---- 5632 bytes [17:59 30/07/2011] [21:36 17/08/2001] 74225903D1DAD268CD9D45F3FCD0660A

 

-= EOF =-

Link to comment
Share on other sites

You're welcome. Glad to hear that :)

 

Follow these steps to uninstall Combofix

  • Click START then RUN
  • Now copy/paste the code into the runbox and click OK. Note the space between the ..X and the /U, it needs to be there.
Combofix /Uninstall
Posted Image

 

===================================================

 

Clean up with OTL:

  • Double-click OTL.exe to start the program.
  • Close all other programs apart from OTL as this step will require a reboot
  • On the OTL main screen, press the CLEANUP button
  • Say Yes to the prompt and then allow the program to reboot your computer.
===================================================

 

Thank you for your patience, and performing all of the procedures requested. I would also like to take this opportunity to apologize for any delay that may have occurred.

 

--------------------------------------------------------------------------------------------------------------

 

MICROSOFT UPDATES

It is very important that you get all of the critical updates for your Operating System and Internet Explorer. Keeping your OS and browser up to date will help make you less susceptible to attacks by Trojans and viruses. Please go to Microsoft and download all the critical updates to help prevent possible re-infection.

 

 

Passwords

It is good security practice to change your passwords to all your online accounts on a fairly regular basis, this is especially true after an infection. Refer to this Microsoft article

Strong passwords: How to create and use them and consider a password keeper, to keep all your passwords safe.

 

 

SPYWARE PREVENTION

This is a good time to set up protection against further attacks. In light of your recent problem, I'm sure you'd like to avoid any future infections. Please read these well written articles:

To help protect your computer in the future I recommend that you get the following free programs if you do not already have them:

  • WOT, Web of Trust, warns you about risky websites that try to scam visitors, deliver malware or send spam. Protect your computer against online threats by using WOT as your front-line layer of protection when browsing or searching in unfamiliar territory. WOT's color-coded icons show you ratings for 21 million websites, helping you avoid the dangerous sites:

  • Green to go
  • Yellow for caution
  • Red to stop

WOT has an add-on available for both Firefox and IE.

  • SpywareBlaster prevents the installation of ActiveX-based malware, blocks cookies, and restricts the actions of "bad" sites. See tutorial here
  • MVPS HOSTS FILE replaces your current HOSTS file with one that will restrict known ad sites from serving you unsolicited advertisements. It basically prevents your computer from connecting to those sites by redirecting the attempted connections to 127.0.0.1, which is the IP of your local computer. See guide here and for Windows Vista here

  • Download Host.zip and Save it to your Desktop.
  • Right-click hosts.zip and select 'Extract all files' or 'Extract files...'.
  • Follow the prompts and click 'Finish'.
  • This will open the newly created hosts folder on your Desktop.
  • Double-click on the included mvps.bat file, this will rename the existing HOSTS file to HOSTS.MVP, then it will copy the included updated HOSTS file to the correct location on your machine.
  • Once updated you should see another prompt that the task was completed.
Follow this list and keep your antivirus program and antispyware programs updated and scan with them on a regular basis. By doing so, your potential for being infected again will reduce dramatically.

 

Hopefully this should take care of your problems! Good luck.

 

Do you have any questions or problems to ask? Please do not hesitate to do so.

 

**Please respond this one more time to ensure it is resolved and close this topic.

Link to comment
Share on other sites

Guest
This topic is now closed to further replies.
 Share

×
×
  • Create New...