1. You are viewing our forum as a guest. For full access please Register. WindowsBBS.com is completely free, paid for by advertisers and donations.

Solved System Restore not working

Discussion in 'Malware and Virus Removal Archive' started by Mr Dit, 2012/01/03.

  1. 2012/01/03
    Mr Dit

    Mr Dit Inactive Thread Starter

    Joined:
    2012/01/02
    Messages:
    37
    Likes Received:
    0
    [Resolved] System Restore not working

    Tried unsuccessfully to follow each step. All tries with GMER (including from Safe Mode) resulted in a re-boot prior to the 'click to Save'.

    The aswMBR would not download. I made it to the download site twice but both times it hung at 1MB (out of 4).

    MBAM log as follows:

    Malwarebytes Anti-Malware 1.60.0.1800
    www.malwarebytes.org

    Database version: v2011.12.28.01

    Windows XP Service Pack 3 x86 NTFS
    Internet Explorer 7.0.5730.13
    Administrator :: DITMAN [administrator]

    1/3/2012 5:40:22 PM
    mbam-log-2012-01-03 (17-40-22).txt

    Scan type: Quick scan
    Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
    Scan options disabled: P2P
    Objects scanned: 174587
    Time elapsed: 4 minute(s), 42 second(s)

    Memory Processes Detected: 0
    (No malicious items detected)

    Memory Modules Detected: 0
    (No malicious items detected)

    Registry Keys Detected: 0
    (No malicious items detected)

    Registry Values Detected: 0
    (No malicious items detected)

    Registry Data Items Detected: 1
    HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced|HideIcons (PUM.Hidden.Desktop) -> Bad: (1) Good: (0) -> Quarantined and repaired successfully.

    Folders Detected: 0
    (No malicious items detected)

    Files Detected: 1
    C:\Documents and Settings\Administrator\My Documents\Downloads\SoftonicDownloader_for_photoscape.exe (PUP.BundleOffer.Downloader.S) -> Quarantined and deleted successfully.

    (end)


    DDS.txt file follows:

    .
    DDS (Ver_2011-08-26.01) - NTFSx86
    Internet Explorer: 7.0.5730.13 BrowserJavaVersion: 1.6.0_20
    Run by Administrator at 18:12:49 on 2012-01-03
    Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.3036.2394 [GMT 7:00]
    .
    AV: AVG Anti-Virus Free Edition 2012 *Enabled/Updated* {17DDD097-36FF-435F-9E1B-52D74245D6BF}
    .
    ============== Running Processes ===============
    .
    C:\PROGRA~1\AVG\AVG2012\avgrsx.exe
    C:\Program Files\AVG\AVG2012\avgcsrvx.exe
    C:\WINDOWS\System32\svchost.exe -k Cognizance
    C:\WINDOWS\system32\svchost -k DcomLaunch
    svchost.exe
    C:\WINDOWS\system32\svchost.exe -k WudfServiceGroup
    C:\WINDOWS\system32\svchost.exe -k netsvcs
    svchost.exe
    C:\WINDOWS\Explorer.EXE
    C:\Program Files\Mozilla Firefox\firefox.exe
    C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe
    C:\WINDOWS\system32\rundll32.exe
    .
    ============== Pseudo HJT Report ===============
    .
    uStart Page = hxxp://www.yahoo.com/
    uSearch Page = hxxp://us.rd.yahoo.com/customize/ie/defaults/sp/msgr8/*http://www.yahoo.com
    uDefault_Page_URL = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=en_us&c=83&bd=all&pf=cmnb
    uSearchMigratedDefaultURL = hxxp://search.yahoo.com/search?p={searchTerms}&ei=utf-8&fr=b1ie7
    uSearch Bar = hxxp://us.rd.yahoo.com/customize/ie/defaults/sb/msgr8/*http://www.yahoo.com/ext/search/search.html
    mDefault_Page_URL = hxxp://www.yahoo.com/
    mDefault_Search_URL = hxxp://us.rd.yahoo.com/customize/ie/defaults/su/msgr8/*http://www.yahoo.com
    mSearch Page = hxxp://us.rd.yahoo.com/customize/ie/defaults/sp/msgr8/*http://www.yahoo.com
    mStart Page = hxxp://www.yahoo.com/
    mSearch Bar = hxxp://us.rd.yahoo.com/customize/ie/defaults/sb/msgr8/*http://www.yahoo.com/ext/search/search.html
    uInternet Connection Wizard,ShellNext = iexplore
    uInternet Settings,ProxyOverride = *.local
    uSearchURL,(Default) = hxxp://us.rd.yahoo.com/customize/ie/defaults/su/msgr8/*http://www.yahoo.com
    uURLSearchHooks: H - No File
    BHO: {02478D38-C3F9-4efb-9B51-7695ECA05670} - No File
    BHO: vShare Plugin: {043c5167-00bb-4324-af7e-62013faedacf} - c:\program files\vshare\vshare_toolbar.dll
    BHO: AskBar BHO: {201f27d4-3704-41d6-89c1-aa35e39143ed} - c:\program files\askbardis\bar\bin\askBar.dll
    BHO: Conduit Engine : {30f9b915-b755-4826-820b-08fba6bd249d} - c:\program files\conduitengine\prxConduitEngin0.dll
    BHO: AVG Safe Search: {3ca2f312-6f6e-4b53-a66e-4e65e497c8c0} - c:\program files\avg\avg2012\avgssie.dll
    BHO: Spybot-S&D IE Protection: {53707962-6f74-2d53-2644-206d7942484f} - c:\progra~1\spybot~1\SDHelper.dll
    BHO: AOL Toolbar BHO: {7c554162-8cb7-45a4-b8f4-8ea1c75885f9} - AOL Toolbar BHO
    BHO: Skype Browser Helper: {ae805869-2e5c-4ed4-8f7b-f1f7851a4497} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll
    BHO: Vuze Remote Toolbar: {ba14329e-9550-4989-b3f2-9732e92d17cc} - c:\program files\vuze_remote\prxtbVuz0.dll
    BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
    BHO: Credential Manager for HP ProtectTools: {df21f1db-80c6-11d3-9483-b03d0ec10000} - c:\program files\hewlett-packard\iam\bin\ItIEAddIn.dll
    BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
    BHO: Radio TV 1 Toolbar: {f29557fd-78aa-40e6-aba8-9fa219764018} - c:\program files\radio_tv_1\prxtbRad0.dll
    TB: AOL Toolbar: {de9c389f-3316-41a7-809b-aa305ed9d922} -
    TB: Ask Toolbar: {3041d03e-fd4b-44e0-b742-2d9b88305f98} - c:\program files\askbardis\bar\bin\askBar.dll
    TB: Copernic Desktop Search 2: {968631b6-4729-440d-9bf4-251f5593ec9a} - c:\program files\copernic desktop search\DesktopSearchBand203000030.dll
    TB: vShare Plugin: {043c5167-00bb-4324-af7e-62013faedacf} - c:\program files\vshare\vshare_toolbar.dll
    TB: Radio TV 1 Toolbar: {f29557fd-78aa-40e6-aba8-9fa219764018} - c:\program files\radio_tv_1\prxtbRad0.dll
    TB: Conduit Engine : {30f9b915-b755-4826-820b-08fba6bd249d} - c:\program files\conduitengine\prxConduitEngin0.dll
    TB: Vuze Remote Toolbar: {ba14329e-9550-4989-b3f2-9732e92d17cc} - c:\program files\vuze_remote\prxtbVuz0.dll
    TB: {47833539-D0C5-4125-9FA8-0819E2EAAC93} - No File
    TB: {EF99BD32-C1FB-11D2-892F-0090271D4F88} - No File
    EB: Copernic Desktop Search 2: {968631b6-4729-440d-9bf4-251f5593ec9a} - c:\program files\copernic desktop search\DesktopSearchBand203000030.dll
    EB: Copernic Desktop Search 2: {9c3fca1f-99e3-48f2-a7f4-dd3931b2f99a} - c:\program files\copernic desktop search\DesktopSearchBand203000030.dll
    mRun: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
    uPolicies-system: NoDispAppearancePage = 0 (0x0)
    IE: &AOL Toolbar Search - c:\documents and settings\all users\application data\aol\ietoolbar\resources\en-us\local\search.html
    IE: Append Link Target to Existing PDF - c:\program files\common files\adobe\acrobat\activex\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
    IE: E&xport to Microsoft Excel - c:\progra~1\micros~2\office12\EXCEL.EXE/3000
    IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
    IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
    IE: {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll
    IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~2\office12\REFIEBAR.DLL
    IE: {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - {53707962-6F74-2D53-2644-206D7942484F} - c:\progra~1\spybot~1\SDHelper.dll
    Trusted Zone: intuit.com\ttlc
    Trusted Zone: turbotax.com
    DPF: {1851174C-97BD-4217-A0CC-E908F60D5B7A} - hxxp://h50203.www5.hp.com/HPISWeb/Customer/cabs/HPISDataManager.CAB
    DPF: {1E54D648-B804-468d-BC78-4AFFED8E262F} - hxxp://www.nvidia.com/content/DriverDownload/srl/3.0.0.4/srl_bin/sysreqlab_nvd.cab
    DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} - hxxp://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1255715996405
    DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab
    DPF: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab
    DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab
    TCP: DhcpNameServer = 202.151.160.12 202.151.160.17 8.8.8.8
    TCP: Interfaces\{9B806F75-A956-49FD-8129-19874C155C5C} : DhcpNameServer = 202.151.160.12 202.151.160.17 8.8.8.8
    Handler: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - c:\program files\avg\avg2012\avgpp.dll
    Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll
    Handler: vsharechrome - {3F3A4B8A-86FC-43A4-BB00-6D7EBE9D4484} - c:\program files\vshare\vshare_toolbar.dll
    Notify: ackpbsc - c:\windows\system32\ackpbsc.dll
    Notify: acunlock - c:\program files\actividentity\activclient\acunlock.dll
    Notify: AtiExtEvent - Ati2evxx.dll
    Notify: OneCard - c:\program files\hewlett-packard\iam\bin\ASWLNPkg.dll
    AppInit_DLLs: APSHook.dll
    SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll
    LSA: Notification Packages = scecli ASWLNPkg
    .
    ================= FIREFOX ===================
    .
    FF - ProfilePath - c:\documents and settings\administrator\application data\mozilla\firefox\profiles\ejmcltht.default\
    FF - prefs.js: browser.search.defaulturl - hxxp://search.yahoo.com/search?fr=ffsp1&p=
    FF - prefs.js: browser.search.selectedEngine - Google
    FF - prefs.js: browser.startup.homepage - hxxp://www.yahoo.com/
    FF - prefs.js: keyword.URL - hxxp://search.yahoo.com/search?fr=ffds1&p=
    FF - prefs.js: network.proxy.type - 0
    FF - plugin: c:\documents and settings\administrator\application data\move networks\plugins\npqmp071505000010.dll
    FF - plugin: c:\program files\adobe\reader 10.0\reader\air\nppdf32.dll
    FF - plugin: c:\program files\google\google earth\plugin\npgeplugin.dll
    FF - plugin: c:\program files\google\update\1.2.183.13\npGoogleOneClick8.dll
    FF - plugin: c:\program files\java\jre7\bin\new_plugin\npdeployJava1.dll
    FF - plugin: c:\program files\microsoft silverlight\4.0.50826.0\npctrlui.dll
    FF - plugin: c:\program files\mozilla firefox\plugins\npdeployJava1.dll
    FF - plugin: c:\program files\mozilla firefox\plugins\npPandoWebInst.dll
    FF - plugin: c:\program files\tvuplayer\npTVUAx.dll
    FF - plugin: c:\program files\veetle\player\npvlc.dll
    FF - plugin: c:\program files\veetle\plugins\npVeetle.dll
    .
    ---- FIREFOX POLICIES ----
    FF - user.js: yahoo.ytff.general.dontshowhpoffer - true
    ============= SERVICES / DRIVERS ===============
    .
    R0 AVGIDSEH;AVGIDSEH;c:\windows\system32\drivers\AVGIDSEH.sys [2011-7-11 23120]
    R0 Avgrkx86;AVG Anti-Rootkit Driver;c:\windows\system32\drivers\avgrkx86.sys [2011-9-13 32592]
    R0 RapportKELL;RapportKELL;c:\windows\system32\drivers\RapportKELL.sys [2011-11-7 56208]
    R0 SafeBoot;SafeBoot;c:\windows\system32\drivers\SafeBoot.sys [2008-7-12 109184]
    R0 SbAlg;SbAlg;c:\windows\system32\drivers\SbAlg.sys [2008-7-12 51376]
    R0 SbFsLock;SbFsLock;c:\windows\system32\drivers\SbFsLock.sys [2008-7-12 12928]
    R0 SFAUDIO;Sonic Focus DSP Driver;c:\windows\system32\drivers\sfaudio.sys [2008-3-28 24064]
    R1 Avgldx86;AVG AVI Loader Driver;c:\windows\system32\drivers\avgldx86.sys [2011-7-11 230608]
    R1 Avgmfx86;AVG Mini-Filter Resident Anti-Virus Shield;c:\windows\system32\drivers\avgmfx86.sys [2011-8-8 40016]
    R1 Avgtdix;AVG TDI Driver;c:\windows\system32\drivers\avgtdix.sys [2011-7-11 295248]
    R1 RapportCerberus_34302;RapportCerberus_34302;c:\documents and settings\all users\application data\trusteer\rapport\store\exts\rapportcerberus\34302\RapportCerberus32_34302.sys [2011-12-15 228208]
    R1 RapportEI;RapportEI;c:\program files\trusteer\rapport\bin\RapportEI.sys [2011-11-7 71440]
    R1 RapportPG;RapportPG;c:\program files\trusteer\rapport\bin\RapportPG.sys [2011-11-7 164112]
    R1 RsvLock;RsvLock;c:\windows\system32\drivers\rsvlock.sys [2008-7-12 12496]
    R2 ASChannel;Local Communication Channel;c:\windows\system32\svchost.exe -k Cognizance [2004-8-4 14336]
    R2 SBKUPNT;SBKUPNT;c:\windows\system32\drivers\SBKUPNT.SYS [2010-2-16 14976]
    R3 ATSwpWDF;AuthenTec TruePrint USB WDF Driver;c:\windows\system32\drivers\ATSwpWDF.sys [2008-6-13 477696]
    R3 e1yexpress;Intel(R) Gigabit Network Connections Driver;c:\windows\system32\drivers\e1y5132.sys [2008-3-27 244368]
    R3 IFXTPM;IFXTPM;c:\windows\system32\drivers\ifxtpm.sys [2007-4-5 41216]
    R3 MBAMSwissArmy;MBAMSwissArmy;c:\windows\system32\drivers\mbamswissarmy.sys [2012-1-3 40776]
    R3 rismc32;RICOH Smart Card Reader;c:\windows\system32\drivers\rismc32.sys [2008-9-10 47616]
    S2 MSSQLServerADHelper100;SQL Active Directory Helper Service;c:\program files\microsoft sql server\100\shared\sqladhlp.exe [2009-3-31 47128]
    S2 SQLAgent$FV_SQL_SERVER;SQL Server Agent (FV_SQL_SERVER);c:\program files\microsoft sql server\mssql10.fv_sql_server\mssql\binn\SQLAGENT.EXE [2009-3-30 366936]
    S3 ACSSCR;ACR38 Smart Card Reader;c:\windows\system32\drivers\a38usb.sys [2009-12-15 37632]
    S3 AVGIDSDriver;AVGIDSDriver;c:\windows\system32\drivers\AVGIDSDriver.sys [2011-7-11 134608]
    S3 AVGIDSFilter;AVGIDSFilter;c:\windows\system32\drivers\AVGIDSFilter.sys [2011-7-11 24272]
    S3 AVGIDSShim;AVGIDSShim;c:\windows\system32\drivers\AVGIDSShim.sys [2011-7-11 16720]
    S3 EagleXNt;EagleXNt;\??\c:\windows\system32\drivers\eaglexnt.sys --> c:\windows\system32\drivers\EagleXNt.sys [?]
    S3 EZUSB;EZUSB PC/SC Smart Card Reader;c:\windows\system32\drivers\ezusb.sys [2011-7-22 57356]
    S4 accoca;ActivClient Middleware Service;c:\program files\actividentity\activclient\accoca.exe [2007-5-16 182576]
    S4 ASBroker;Logon Session Broker;c:\windows\system32\svchost.exe -k Cognizance [2004-8-4 14336]
    S4 ASKService;ASKService;c:\program files\askbardis\bar\bin\AskService.exe [2010-1-1 464264]
    S4 ASKUpgrade;ASKUpgrade;c:\program files\askbardis\bar\bin\ASKUpgrade.exe [2010-1-1 234888]
    S4 ATService;AuthenTec Fingerprint Service;c:\program files\fingerprint sensor\AtService.exe [2008-6-13 1164536]
    S4 AVGIDSAgent;AVGIDSAgent;c:\program files\avg\avg2012\AVGIDSAgent.exe [2011-10-12 4433248]
    S4 avgwd;AVG WatchDog;c:\program files\avg\avg2012\avgwdsvc.exe [2011-8-2 192776]
    S4 Com4QLBEx;Com4QLBEx;c:\program files\hewlett-packard\hp quick launch buttons\Com4QLBEx.exe [2008-9-10 193840]
    S4 FreeAgentGoNext Service;Seagate Service;c:\program files\seagate\seagatemanager\sync\FreeAgentService.exe [2009-5-2 181544]
    S4 gupdate;Google Update Service (gupdate);c:\program files\google\update\GoogleUpdate.exe [2011-12-26 135664]
    S4 HP ProtectTools Service;HP ProtectTools Service;c:\program files\hewlett-packard\hp protecttools security manager\PTChangeFilterService.exe [2008-7-9 19968]
    S4 HpFkCryptService;Drive Encryption Service;c:\program files\hewlett-packard\drive encryption\HpFkCrypt.exe [2008-7-12 256512]
    S4 MSSQL$FV_SQL_SERVER;SQL Server (FV_SQL_SERVER);c:\program files\microsoft sql server\mssql10.fv_sql_server\mssql\binn\sqlservr.exe [2009-3-30 43010392]
    S4 MSSQL$JMPS_SQL_SERVER;MSSQL$JMPS_SQL_SERVER;c:\program files\microsoft sql server\mssql$jmps_sql_server\binn\sqlservr.exe [2005-5-4 9150464]
    S4 PCToolsSSDMonitorSvc;PC Tools Startup and Shutdown Monitor service;c:\program files\common files\pc tools\smonitor\StartManSvc.exe [2010-7-13 793048]
    S4 RapportMgmtService;Rapport Management Service;c:\program files\trusteer\rapport\bin\RapportMgmtService.exe [2011-11-7 931640]
    S4 RsFx0103;RsFx0103 Driver;c:\windows\system32\drivers\RsFx0103.sys [2009-3-30 239336]
    S4 SQLAgent$JMPS_SQL_SERVER;SQLAgent$JMPS_SQL_SERVER;c:\program files\microsoft sql server\mssql$jmps_sql_server\binn\sqlagent.EXE [2005-5-3 323584]
    .
    =============== Created Last 30 ================
    .
    2073-04-14 03:17:26 203576 ------w- c:\program files\microsoft games\age of empires iii\autopatcher2.exe
    2012-01-03 11:09:06 40776 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
    2012-01-03 03:24:02 -------- d-----w- c:\documents and settings\all users\Uniblue
    2012-01-03 03:22:35 -------- d-----w- c:\program files\SIW
    2012-01-03 03:22:35 -------- d-----w- c:\documents and settings\administrator\application data\OpenCandy
    2012-01-03 02:52:38 -------- d-----w- c:\program files\GiPo@Utilities
    2012-01-03 02:52:38 -------- d-----w- c:\program files\common files\Gibinsoft Shared
    2012-01-02 09:45:50 -------- d-----w- c:\program files\PFPS
    2011-12-30 11:15:43 -------- d-----w- C:\Pfps
    2011-12-29 06:28:53 -------- d-----w- c:\documents and settings\administrator\application data\ElevatedDiagnostics
    2011-12-29 05:22:41 628976 ----a-w- C:\WindowsXP-KB884882-v3-x86-ENU.exe
    2011-12-28 06:35:55 116224 ----a-w- c:\windows\system32\dllcache\xrxwiadr.dll
    2011-12-28 06:35:53 23040 ----a-w- c:\windows\system32\dllcache\xrxwbtmp.dll
    2011-12-28 06:35:52 18944 ----a-w- c:\windows\system32\dllcache\xrxscnui.dll
    2011-12-28 06:35:50 27648 ----a-w- c:\windows\system32\dllcache\xrxftplt.exe
    2011-12-28 06:35:47 4608 ----a-w- c:\windows\system32\dllcache\xrxflnch.exe
    2011-12-28 06:35:31 99865 ----a-w- c:\windows\system32\dllcache\xlog.exe
    2011-12-28 06:35:28 16970 ----a-w- c:\windows\system32\dllcache\xem336n5.sys
    2011-12-28 06:35:27 19455 ----a-w- c:\windows\system32\dllcache\wvchntxx.sys
    2011-12-28 06:35:23 12063 ----a-w- c:\windows\system32\dllcache\wsiintxx.sys
    2011-12-28 06:35:09 154624 ----a-w- c:\windows\system32\dllcache\wlluc48.sys
    2011-12-28 06:35:06 34890 ----a-w- c:\windows\system32\dllcache\wlandrv2.sys
    2011-12-28 06:35:02 771581 ----a-w- c:\windows\system32\dllcache\winacisa.sys
    2011-12-28 06:33:59 794654 ----a-w- c:\windows\system32\dllcache\usr1801.sys
    2011-12-28 06:32:57 4992 ----a-w- c:\windows\system32\dllcache\toside.sys
    2011-12-28 06:31:58 155648 ----a-w- c:\windows\system32\dllcache\stlnprop.dll
    2011-12-28 06:30:58 29184 ----a-w- c:\windows\system32\dllcache\sm8cw.dll
    2011-12-28 06:29:59 495616 ----a-w- c:\windows\system32\dllcache\sblfx.dll
    2011-12-28 06:28:56 49024 ----a-w- c:\windows\system32\dllcache\ql1280.sys
    2011-12-28 06:27:58 29769 ----a-w- c:\windows\system32\dllcache\pcntn5m.sys
    2011-12-28 06:26:57 9344 ----a-w- c:\windows\system32\dllcache\ntapm.sys
    2011-12-28 06:25:56 49024 ----a-w- c:\windows\system32\dllcache\mstape.sys
    2011-12-28 06:24:58 8320 ----a-w- c:\windows\system32\dllcache\memcard.sys
    2011-12-28 06:23:58 90200 ----a-w- c:\windows\system32\dllcache\io8ports.dll
    2011-12-28 06:22:59 488383 ----a-w- c:\windows\system32\dllcache\hsf_v124.sys
    2011-12-28 06:21:58 17408 ----a-w- c:\windows\system32\dllcache\gpr400.sys
    2011-12-28 06:20:58 40704 ----a-w- c:\windows\system32\dllcache\es1371mp.sys
    2011-12-28 06:19:59 41046 ----a-w- c:\windows\system32\dllcache\digiisdn.dll
    2011-12-28 06:18:53 13824 ----a-w- c:\windows\system32\dllcache\bulltlp3.sys
    2011-12-28 06:17:52 7680 ----a-w- c:\windows\system32\dllcache\inetmgr.exe
    2011-12-28 06:17:52 19968 ----a-w- c:\windows\system32\dllcache\inetsloc.dll
    2011-12-28 06:17:52 169984 ----a-w- c:\windows\system32\dllcache\iisui.dll
    2011-12-28 06:17:51 6144 ----a-w- c:\windows\system32\dllcache\ftpsapi2.dll
    2011-12-28 06:17:51 5632 ----a-w- c:\windows\system32\dllcache\iisrstap.dll
    2011-12-28 06:17:51 14336 ----a-w- c:\windows\system32\dllcache\iisreset.exe
    2011-12-28 03:43:19 -------- d-----w- c:\program files\UPHClean
    2011-12-26 13:18:18 -------- d-----w- c:\documents and settings\administrator\application data\PhotoScape
    .
    ==================== Find3M ====================
    .
    2011-12-10 08:24:06 20464 ----a-w- c:\windows\system32\drivers\mbam.sys
    2011-11-07 14:28:38 56208 ----a-w- c:\windows\system32\drivers\RapportKELL.sys
    2011-10-25 23:22:42 414368 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
    2011-10-25 06:44:44 37336 ----a-w- c:\windows\system32\CleanMFT32.exe
    2011-10-06 23:23:48 230608 ----a-w- c:\windows\system32\drivers\avgldx86.sys
    2010-02-09 01:04:04 5844992 ----a-w- c:\program files\Esdrw.exe
    2009-12-16 13:36:50 217088 ----a-w- c:\program files\esdrwstt.exe
    2005-03-29 20:53:08 811008 ----a-w- c:\program files\cximagecrt.dll
    .
    ============= FINISH: 18:14:08.26 ===============


    DDS Attach.txt file follows:

    .
    UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
    IF REQUESTED, ZIP IT UP & ATTACH IT
    .
    DDS (Ver_2011-08-26.01)
    .
    Microsoft Windows XP Professional
    Boot Device: \Device\HarddiskVolume1
    Install Date: 8/18/2009 12:05:02 PM
    System Uptime: 1/3/2012 5:47:35 PM (1 hours ago)
    .
    Motherboard: Hewlett-Packard | | 30EC
    Processor: Intel Pentium III Xeon processor | Intel(R) Genuine processor | 2527/266mhz
    .
    ==== Disk Partitions =========================
    .
    C: is FIXED (NTFS) - 232 GiB total, 71.327 GiB free.
    D: is FIXED (FAT32) - 1 GiB total, 0.977 GiB free.
    E: is CDROM ()
    .
    ==== Disabled Device Manager Items =============
    .
    ==== System Restore Points ===================
    .
    RP2: 12/29/2011 5:52:14 PM - System Checkpoint
    RP3: 12/29/2011 7:09:12 PM - Removed Adobe Acrobat 9 Pro.
    RP4: 12/29/2011 7:14:56 PM - Configured PFPS
    RP5: 12/30/2011 11:18:14 AM - Configured PFPS
    RP6: 12/30/2011 11:26:43 AM - Configured PFPS
    RP7: 12/30/2011 11:36:06 AM - Configured PFPS
    RP8: 12/30/2011 11:40:09 AM - Configured HandHeld PFPS AWE
    RP9: 12/30/2011 11:44:47 AM - Configured PFPS
    RP10: 12/30/2011 11:51:59 AM - Configured PFPS
    RP11: 12/30/2011 12:03:49 PM - Installed PFPS
    RP12: 12/30/2011 12:12:59 PM - Configured HandHeld PFPS AWE
    RP13: 12/30/2011 4:28:47 PM - Created by PC Tools Registry Mechanic
    RP14: 12/30/2011 5:55:15 PM - Configured PFPS
    RP15: 12/30/2011 5:59:15 PM - Configured HandHeld PFPS AWE
    RP16: 12/30/2011 5:59:47 PM - Configured PFPS
    RP17: 12/30/2011 6:14:48 PM - Installed PFPS
    RP18: 1/2/2012 4:31:53 PM - Configured PFPS
    RP19: 1/2/2012 4:40:52 PM - Created by PC Tools Registry Mechanic
    RP20: 1/2/2012 4:44:40 PM - Installed FalconView 4.2.1
    RP21: 1/2/2012 4:50:35 PM - Installed Windows XP KB942288-v3.
    RP22: 1/2/2012 4:57:12 PM - Installed PFPS
    RP23: 1/2/2012 7:09:06 PM - Software Distribution Service 3.0
    RP24: 1/3/2012 9:52:37 AM - Installed GiPo@MoveOnBoot 1.9.5
    .
    ==== Installed Programs ======================
    .
    .
    2007 Microsoft Office system
    Activation Assistant for the 2007 Microsoft Office suites
    ActivClient 6.1 x86
    Adobe AIR
    Adobe Anchor Service CS4
    Adobe Bridge CS4
    Adobe CMaps CS4
    Adobe Color - Photoshop Specific CS4
    Adobe Color EU Extra Settings CS4
    Adobe Color JA Extra Settings CS4
    Adobe Color NA Recommended Settings CS4
    Adobe Color Video Profiles CS CS4
    Adobe CSI CS4
    Adobe Default Language CS4
    Adobe Device Central CS4
    Adobe Drive CS4
    Adobe ExtendScript Toolkit CS4
    Adobe Extension Manager CS4
    Adobe Flash Player 10 ActiveX
    Adobe Flash Player 11 Plugin
    Adobe Fonts All
    Adobe Linguistics CS4
    Adobe Media Player
    Adobe Output Module
    Adobe PDF Library Files CS4
    Adobe Photoshop CS4
    Adobe Photoshop CS4 Support
    Adobe Search for Help
    Adobe Service Manager Extension
    Adobe Setup
    Adobe Shockwave Player 11.5
    Adobe Type Support CS4
    Adobe Update Manager CS4
    Adobe WinSoft Linguistics Plugin
    Adobe XMP Panels CS4
    AdobeColorCommonSetCMYK
    AdobeColorCommonSetRGB
    Age of Empires III
    Agere Systems HDA Modem
    Apple Application Support
    Apple Mobile Device Support
    Apple Software Update
    ATI Catalyst Control Center
    ATI Display Driver
    AuthenTec Fingerprint System
    AVG 2012
    AVG PC Tuneup 2011
    BDEInstall
    Bonjour
    Bookworm Adventures Deluxe 1.00
    Catalyst Control Center - Branding
    Catalyst Control Center Core Implementation
    Catalyst Control Center Graphics Full Existing
    Catalyst Control Center Graphics Full New
    Catalyst Control Center Graphics Light
    Catalyst Control Center Localization Chinese Standard
    Catalyst Control Center Localization Chinese Traditional
    Catalyst Control Center Localization Czech
    Catalyst Control Center Localization Danish
    Catalyst Control Center Localization Dutch
    Catalyst Control Center Localization Finnish
    Catalyst Control Center Localization French
    Catalyst Control Center Localization German
    Catalyst Control Center Localization Greek
    Catalyst Control Center Localization Hungarian
    Catalyst Control Center Localization Italian
    Catalyst Control Center Localization Japanese
    Catalyst Control Center Localization Korean
    Catalyst Control Center Localization Norwegian
    Catalyst Control Center Localization Polish
    Catalyst Control Center Localization Portuguese
    Catalyst Control Center Localization Russian
    Catalyst Control Center Localization Spanish
    Catalyst Control Center Localization Swedish
    Catalyst Control Center Localization Thai
    Catalyst Control Center Localization Turkish
    ccc-core-preinstall
    ccc-core-static
    ccc-utility
    CCC Help Chinese Standard
    CCC Help Chinese Traditional
    CCC Help Czech
    CCC Help Danish
    CCC Help Dutch
    CCC Help English
    CCC Help Finnish
    CCC Help French
    CCC Help German
    CCC Help Greek
    CCC Help Hungarian
    CCC Help Italian
    CCC Help Japanese
    CCC Help Korean
    CCC Help Norwegian
    CCC Help Polish
    CCC Help Portuguese
    CCC Help Russian
    CCC Help Spanish
    CCC Help Swedish
    CCC Help Thai
    CCC Help Turkish
    CCleaner
    CleanUp!
    Click to Call with Skype
    CompuApps SwissKnife V3
    Conduit Engine
    Connect
    Convert AVI to MP4 1.3
    Copernic Desktop Search 2
    Credential Manager for HP ProtectTools
    DiskAid 3.24
    Drive Encryption for HP ProtectTools
    FalconView 4.2.1
    ffdshow v1.1.3721 [2011-01-07]
    FileMagnet
    FireGL driver for 3D Studio MAX/VIZ
    FOX News Live Stream
    Free CD to MP3 Converter
    Free Easy Burner V 5.0
    Freez FLV to AVI/MPEG/WMV Converter
    GiPo@MoveOnBoot 1.9.5
    Google Update Helper
    Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)
    Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)
    HP 3D DriveGuard
    HP Doc Viewer
    HP Help and Support
    HP JavaCard for HP ProtectTools
    HP ProtectTools Security Manager
    HP ProtectTools Security Manager Suite
    HP Quick Launch Buttons 6.40 F1
    HP QuickLook 2
    HP Software Setup 5.00.A.7
    HP User Guide Bluetooth Addendum 0062
    HP User Guides 0104
    HP Wallpaper
    HP Wireless Assistant
    iLivid
    Intel® Matrix Storage Manager
    iSEEK AnswerWorks English Runtime
    iTunes
    Java Auto Updater
    Java(TM) 6 Update 20
    kuler
    Lac Viet mtd9 EVA
    MakeUp Pilot Trial 4.4.1
    Malwarebytes Anti-Malware version 1.60.0.1800
    MediaChest
    Microsoft .NET Framework 1.1
    Microsoft .NET Framework 1.1 Security Update (KB953297)
    Microsoft .NET Framework 2.0 Service Pack 2
    Microsoft .NET Framework 3.0 Service Pack 2
    Microsoft .NET Framework 3.5 SP1
    Microsoft Access 2000 Runtime
    Microsoft Application Error Reporting
    Microsoft Compression Client Pack 1.0 for Windows XP
    Microsoft Internationalized Domain Names Mitigation APIs
    Microsoft Kernel-Mode Driver Framework Feature Pack 1.5
    Microsoft National Language Support Downlevel APIs
    Microsoft Office 2007 Service Pack 2 (SP2)
    Microsoft Office Access MUI (English) 2007
    Microsoft Office Access Setup Metadata MUI (English) 2007
    Microsoft Office Excel MUI (English) 2007
    Microsoft Office Outlook MUI (English) 2007
    Microsoft Office PowerPoint MUI (English) 2007
    Microsoft Office Professional Hybrid 2007
    Microsoft Office Proof (English) 2007
    Microsoft Office Proof (French) 2007
    Microsoft Office Proof (Spanish) 2007
    Microsoft Office Proofing (English) 2007
    Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
    Microsoft Office Publisher MUI (English) 2007
    Microsoft Office Shared MUI (English) 2007
    Microsoft Office Shared Setup Metadata MUI (English) 2007
    Microsoft Office Word MUI (English) 2007
    Microsoft Silverlight
    Microsoft Software Update for Web Folders (English) 12
    Microsoft SQL Server 2008
    Microsoft SQL Server 2008 Browser
    Microsoft SQL Server 2008 Common Files
    Microsoft SQL Server 2008 Database Engine Services
    Microsoft SQL Server 2008 Database Engine Shared
    Microsoft SQL Server 2008 Native Client
    Microsoft SQL Server 2008 RsFx Driver
    Microsoft SQL Server 2008 Setup Support Files
    Microsoft SQL Server Desktop Engine (JMPS_SQL_SERVER)
    Microsoft SQL Server VSS Writer
    Microsoft Text-to-Speech Engine 4.0 (English)
    Microsoft User-Mode Driver Framework Feature Pack 1.0
    Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
    Microsoft Visual C++ 2005 Redistributable
    Microsoft Visual C++ 2005 Redistributable - KB2467175
    Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
    Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
    Mobipocket Reader 6.2
    Move Media Player
    Mozilla Firefox 8.0 (x86 en-US)
    Mozilla Thunderbird (2.0.0.24)
    MSXML 4.0 SP2 (KB927978)
    MSXML 4.0 SP2 (KB954430)
    MSXML 4.0 SP2 (KB973688)
    MSXML 6 Service Pack 2 (KB954459)
    Pando Media Booster
    Paradox Converter 1.21
    PC Tools Registry Mechanic 11.0
    PDF Settings CS4
    PFPS
    PFPS 4.0.1 Service Patch 1.0
    PFPS 4.0.1 Service Patch 2.0
    Photoshop Camera Raw
    QuickTime
    Radio TV 1 Toolbar
    Rapport
    Seagate Manager Installer
    Security Update for 2007 Microsoft Office System (KB2277947)
    Security Update for 2007 Microsoft Office System (KB969559)
    Security Update for 2007 Microsoft Office System (KB976321)
    Security Update for 2007 Microsoft Office System (KB982312)
    Security Update for 2007 Microsoft Office System (KB982331)
    Security Update for Microsoft Office Access 2007 (KB979440)
    Security Update for Microsoft Office Excel 2007 (KB982308)
    Security Update for Microsoft Office Outlook 2007 (KB980376)
    Security Update for Microsoft Office PowerPoint 2007 (KB982158)
    Security Update for Microsoft Office Publisher 2007 (KB980470)
    Security Update for Microsoft Office system 2007 (972581)
    Security Update for Microsoft Office system 2007 (KB974234)
    Security Update for Microsoft Office Visio Viewer 2007 (KB973709)
    Security Update for Microsoft Office Word 2007 (KB2251419)
    Security Update for Windows Internet Explorer 7 (KB2183461)
    Security Update for Windows Internet Explorer 7 (KB938127-v2)
    Security Update for Windows Internet Explorer 7 (KB974455)
    Security Update for Windows Internet Explorer 7 (KB976325)
    Security Update for Windows Internet Explorer 7 (KB978207)
    Security Update for Windows XP (KB2360937)
    Security Update for Windows XP (KB923789)
    Service Pack 1 for SQL Server 2008 (KB968369)
    SIM Card Editor V1.1
    SIW version 2011.10.29
    Skins
    SopCast 3.4.0
    SoundMAX
    Spybot - Search & Destroy
    Sql Server Customer Experience Improvement Program
    StarCraft II
    Suite Shared Configuration CS4
    Synaptics Pointing Device Driver
    The Eagle (remove only)
    TurboTax 2009
    TurboTax 2009 whiiper
    TurboTax 2009 WinPerFedFormset
    TurboTax 2009 WinPerReleaseEngine
    TurboTax 2009 WinPerTaxSupport
    TurboTax 2009 wrapper
    TVUPlayer 2.5.3.1
    Tweak UI
    Uniblue DriverScanner
    Uniblue SpeedUpMyPC
    UniKey 3.63
    Unlock Access MDE Design 2.2.5 Demo
    Update for 2007 Microsoft Office System (KB967642)
    Update for Microsoft .NET Framework 3.5 SP1 (KB963707)
    Update for Microsoft Office InfoPath 2007 (KB976416)
    Update for Outlook 2007 Junk Email Filter (kb2279264)
    Update for Windows Internet Explorer 7 (KB976749)
    Update for Windows Internet Explorer 7 (KB980182)
    User Profile Hive Cleanup Service
    Veetle TV 0.9.18
    VERITAS RecordNow
    VERITAS RecordNow Update Manager
    VLC media player 1.0.5
    vShare Plugin
    Vuze
    Vuze Remote Toolbar
    Vuze Toolbar
    WebFldrs XP
    wGXe Data Recovery
    Winamp
    Windows Installer Clean Up
    Windows Internet Explorer 7
    Windows Media Format 11 runtime
    Windows Media Player 11
    Windows Media Player Firefox Plugin
    Windows PowerShell(TM) 1.0
    Windows XP Service Pack 3
    WinZip 12.1
    Yahoo! Messenger
    Zero Assumption Recovery Version 8.4
    .
    ==== End Of File ===========================
     
  2. 2012/01/03
    PeteC

    PeteC SuperGeek Staff

    Joined:
    2002/05/10
    Messages:
    28,889
    Likes Received:
    386
    Welcome to WindowsBBS :)

    It is essential that you post details of the issues you are experiencing in as much detail as possible - bald analaysis logs without the above create additional work for our (extremely) busy malware analyst.

    Admin: and you'll also want to use a useful topic title!
     

  3. to hide this advert.

  4. 2012/01/03
    Admin.

    Admin. Administrator Administrator Staff

    Joined:
    2001/12/30
    Messages:
    6,680
    Likes Received:
    104
    I see you have P2P software ( Azures, Limewire, BitTorrent, uTorrent etc…) installed on your machine. We are not here to pass judgment on file-sharing as a concept. However, we will warn you that engaging in this activity and having this kind of software installed on your machine will always make you more susceptible to re-infections. It may be contributing to your current situation. This page will give you further information.

    Please note: Even if you are using a "safe" P2P program, it is only the program that is safe. You will be sharing files from uncertified sources, and these are often infected. The bad guys use P2P filesharing as a major conduit to spread their wares and their infections.

    References for the risk of these programs are here, and here.

    I would strongly recommend that you uninstall them, and read the links above for educational value!

    Note: Please be advised that continued use of these programs after being warned of the danger of infections from them, may result in the discontinued help of future cleaning of your system here at WindowsBBS Malware and Virus removal.

    A Malware expert will have a look at your log in due course.
     
  5. 2012/01/03
    Mr Dit

    Mr Dit Inactive Thread Starter

    Joined:
    2012/01/02
    Messages:
    37
    Likes Received:
    0
    I've never used a BBS so I'm trying to get your rules down. I was searching for topics related to problems I've been having (not wanting to post any details until I exhausted my search) when the following Alert popped up on top of your BBS site:

    Read this topic before posting a log. <=== IF YOU DON'T FOLLOW THESE INSTRUCTIONS YOU WILL RISK RECEIVING NO HELP!!!

    I was thinking that, down the line, I may try to post a problem I'm having, so I'd better take the all caps advise and follow the instructions. I thought it was a little unusual since I was only searching for related problems.

    What I will continue to search for are any threads associated with 'Restore System'. I get a blank box where the calendar should be and when I attempt to create a restore point, the same blank box appears and my only option is to cancel. 'Back' does not work. Another odd thing when I try to create, I cannot place my cursor into the 'Restore point description' box.

    If I can't figure it out through earlier threads, I'll post under the correct topic.

    Sorry for the misunderstanding.

    Dit
     
  6. 2012/01/03
    Mr Dit

    Mr Dit Inactive Thread Starter

    Joined:
    2012/01/02
    Messages:
    37
    Likes Received:
    0
    My 3rd year college aged daughter used to use this laptop before I bought her a new one. I looked under Add or Remove Programs and didn't see any of the P2P software you mentioned above.

    Thanks for the heads up.

    Admin: You have Vuze installed
     
  7. 2012/01/03
    Admin.

    Admin. Administrator Administrator Staff

    Joined:
    2001/12/30
    Messages:
    6,680
    Likes Received:
    104
    Well, you started a topic and it does look your system has some 'critters'. I've changed your title, now just wait for a Malware expert to reply & give you further instructions.
     
  8. 2012/01/03
    Mr Dit

    Mr Dit Inactive Thread Starter

    Joined:
    2012/01/02
    Messages:
    37
    Likes Received:
    0
    Vuse and Vuse Toolbar gone.
     
  9. 2012/01/03
    broni

    broni Moderator Malware Analyst

    Joined:
    2002/08/01
    Messages:
    21,701
    Likes Received:
    116
    Welcome aboard [​IMG]

    Please, observe following rules:
    • Read all of my instructions very carefully. Your mistakes during cleaning process may have very serious consequences, like unbootable computer.
    • If you're stuck, or you're not sure about certain step, always ask before doing anything else.
    • Please refrain from running tools or applying updates other than those I suggest.
    • Never run more than one scan at a time.
    • Keep updating me regarding your computer behavior, good, or bad.
    • The cleaning process, once started, has to be completed. Even if your computer appears to act better, it may still be infected. Once the computer is totally clean, I'll certainly let you know.
    • If you leave the topic without explanation in the middle of a cleaning process, you may not be eligible to receive any more help in malware removal forum.
    • I close my topics if you have not replied in 5 days. If you need more time, simply let me know. If I closed your topic and you need it to be reopened, simply PM me.

    ==============================================================

    Please update MBAM, run "Quick scan" and post new log.

    Download Bootkit Remover to your Desktop.

    • Unzip downloaded file to your Desktop.
    • Double-click on boot_cleaner.exe to run the program (Vista/7 users,right click on boot_cleaner.exe and click Run As Administrator).
    • It will show a Black screen with some data on it.
    • Right click on the screen and click Select All.
    • Press CTRL+C
    • Open a Notepad and press CTRL+V
    • Post the output back here.
     
  10. 2012/01/04
    Mr Dit

    Mr Dit Inactive Thread Starter

    Joined:
    2012/01/02
    Messages:
    37
    Likes Received:
    0
    Thank you.

    I've updated MBAM and run the quick scan.

    I've also downloaded Bootkit Remover but before I run it, I need to point out that I have been having trouble with getting a response to 'Right Click' on my desktop. Two days ago, I ran 'regsvr32 jscript.dll' to clear up another problem and rebooted. All of my desktop icons reappeared on my desktop but I was able to 'Right Click' the desktop. I prefer a blank desktop screen so I hid them by right clicking, selecting 'Arrange Icons By', and then unchecking 'Show Desktop Icons'. Since then, right-clicking on my blank desktop screen has no effect.

    I just wanted to check in case the right click required on the blank screen after running boot-cleaner might be related to this problem.

    Thanks

    The new MBAM txt file follows:


    Malwarebytes Anti-Malware 1.60.0.1800
    www.malwarebytes.org

    Database version: v2012.01.04.01

    Windows XP Service Pack 3 x86 NTFS
    Internet Explorer 7.0.5730.13
    Administrator :: DITMAN [administrator]

    1/4/2012 4:51:23 PM
    mbam-log-2012-01-04 (16-51-23).txt

    Scan type: Quick scan
    Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
    Scan options disabled: P2P
    Objects scanned: 175859
    Time elapsed: 4 minute(s), 26 second(s)

    Memory Processes Detected: 0
    (No malicious items detected)

    Memory Modules Detected: 0
    (No malicious items detected)

    Registry Keys Detected: 0
    (No malicious items detected)

    Registry Values Detected: 0
    (No malicious items detected)

    Registry Data Items Detected: 0
    (No malicious items detected)

    Folders Detected: 0
    (No malicious items detected)

    Files Detected: 0
    (No malicious items detected)

    (end)
     
  11. 2012/01/04
    broni

    broni Moderator Malware Analyst

    Joined:
    2002/08/01
    Messages:
    21,701
    Likes Received:
    116
    I'm not sure if I understand...
     
  12. 2012/01/04
    Mr Dit

    Mr Dit Inactive Thread Starter

    Joined:
    2012/01/02
    Messages:
    37
    Likes Received:
    0
    Bootkit Remover
    (c) 2009 Esage Lab
    www.esagelab.com

    Program version: 1.2.0.1
    OS Version: Microsoft Windows XP Professional Service Pack 3 (build 2600)

    System volume is \\.\C:
    \\.\C: -> \\.\PhysicalDrive0 at offset 0x00000000`00007e00

    Size Device Name MBR Status
    --------------------------------------------
    232 GB \\.\PhysicalDrive0 Controlled by rootkit!

    Boot code on some of your physical disks is hidden by a rootkit.
    To disinfect the master boot sector, use the following command:
    remover.exe fix <device_name>
    To inspect the boot code manually, dump the master boot sector:
    remover.exe dump <device_name> [output_file]


    Done;
    Press any key to quit...
     
  13. 2012/01/04
    broni

    broni Moderator Malware Analyst

    Joined:
    2002/08/01
    Messages:
    21,701
    Likes Received:
    116
    For x32 (x86) bit systems download Farbar Recovery Scan Tool and save it to your desktop.
    For x64 bit systems download Farbar Recovery Scan Tool x64 and save it to your desktop.

    • Double click on downloaded file to run it.
    • When the tool opens click Yes to disclaimer.
    • Press Scan button.
    • It will produce a log (FRST.txt) on your desktop.
    • Please copy and paste it to your reply.
     
  14. 2012/01/05
    Mr Dit

    Mr Dit Inactive Thread Starter

    Joined:
    2012/01/02
    Messages:
    37
    Likes Received:
    0
    Scan result of Farbars's Recovery Tool (FRST written by farbar) Version 2.3.2
    Ran by Administrator at 2012-01-05 13:21:40
    Running from C:\Documents and Settings\Administrator\My Documents\Downloads
    Service Pack 3 (X86) OS Language: English(US)
    Attention: Could not load system hive.
    Error: The process cannot access the file because it is being used by another process.
    ========================== Registry (Whitelisted) =============

    HKLM\...\Winlogon: [Userinit] [x]
    HKLM\...\Winlogon: [Shell]

    ================================ Services (Whitelisted) ==================


    ========================== Drivers (Whitelisted) =============


    ========================== NetSvcs (Whitelisted) ===========

    ============ One Month Created Files and Folders ==============

    2012-01-05 13:21 - 2012-01-05 13:21 - 0000000 ____D C:\FRST
    2012-01-05 11:22 - 2012-01-05 11:22 - 0000000 ____D C:\Program Files\DIFX
    2012-01-05 11:22 - 2012-01-05 11:22 - 0000000 ____D C:\Program Files\ACR38_100_122 PCSC Driver
    2012-01-03 17:30 - 2012-01-03 17:30 - 0094208 ____A C:\Windows\Minidump\Mini010312-01.dmp
    2012-01-03 17:30 - 2012-01-03 17:30 - 0000000 ____D C:\Windows\Minidump
    2012-01-03 10:27 - 2012-01-03 10:27 - 0000228 ____A C:\Windows\Tasks\DriverScanner.job
    2012-01-03 10:22 - 2012-01-03 10:22 - 0000000 ____D C:\Program Files\SIW
    2012-01-02 19:09 - 2012-01-02 19:09 - 0009154 ____A C:\Windows\KB2360937.log
    2012-01-02 19:09 - 2012-01-02 19:09 - 0000816 ____A C:\Windows\updspapi.log
    2012-01-02 19:09 - 2012-01-02 19:09 - 0000000 __HDC C:\Windows\$NtUninstallKB2360937$
    2012-01-02 16:50 - 2012-01-02 16:50 - 0000787 ____A C:\Windows\KB942288-v4.log
    2012-01-02 16:45 - 2012-01-02 17:00 - 0000000 ____D C:\Program Files\PFPS
    2011-12-30 18:15 - 2012-01-02 17:02 - 0000000 ____D C:\Pfps
    2011-12-30 15:09 - 2012-01-05 11:44 - 3183751168 __ASH C:\hiberfil.sys
    2011-12-30 10:56 - 2012-01-03 17:30 - 0000000 __SHD C:\Windows\CSC
    2011-12-29 17:36 - 2012-01-05 11:44 - 0112400 ____A C:\Windows\EventSystem.log
    2011-12-29 14:28 - 2011-12-29 14:28 - 0009744 ____A C:\Windows\KB952069.log
    2011-12-29 14:24 - 2011-12-29 14:24 - 0000637 ____A C:\Windows\KB823980.log
    2011-12-29 14:24 - 2011-12-29 14:24 - 0000532 ____A C:\Windows\xpsp1hfm.log
    2011-12-29 13:26 - 2011-12-31 10:09 - 0065536 ____A C:\Windows\System32\config\WindowsPowerShell.evt
    2011-12-29 13:26 - 2011-12-29 13:26 - 0000183 ____A C:\Windows\spupdsvc.log
    2011-12-29 13:25 - 2011-12-29 13:26 - 0030662 ____A C:\Windows\KB926139-v2.log
    2011-12-29 13:25 - 2011-12-29 13:26 - 0000000 __HDC C:\Windows\$NtUninstallKB926139-v2$
    2011-12-29 13:25 - 2011-12-29 13:25 - 0000000 ____D C:\Windows\System32\windowspowershell
    2011-12-29 12:29 - 2011-12-29 12:29 - 0000872 ____A C:\Windows\KB884882.log
    2011-12-29 12:22 - 2005-11-09 14:26 - 0628976 ____A (Microsoft Corporation) C:\WindowsXP-KB884882-v3-x86-ENU.exe
    2011-12-28 13:35 - 2008-04-13 17:12 - 0116224 ____A (Xerox) C:\Windows\System32\dllcache\xrxwiadr.dll
    2011-12-28 13:35 - 2008-04-13 17:12 - 0018944 ____A () C:\Windows\System32\dllcache\xrxscnui.dll
    2011-12-28 13:35 - 2004-08-03 22:31 - 0154624 ____A (Lucent Technologies) C:\Windows\System32\dllcache\wlluc48.sys
    2011-12-28 13:35 - 2004-08-03 22:29 - 0019455 ____A (Intel(R) Corporation) C:\Windows\System32\dllcache\wvchntxx.sys
    2011-12-28 13:35 - 2004-08-03 22:29 - 0012063 ____A (Intel(R) Corporation) C:\Windows\System32\dllcache\wsiintxx.sys
    2011-12-28 13:35 - 2001-08-17 22:37 - 0099865 ____A (Eicon Technology) C:\Windows\System32\dllcache\xlog.exe
    2011-12-28 13:35 - 2001-08-17 22:37 - 0027648 ____A () C:\Windows\System32\dllcache\xrxftplt.exe
    2011-12-28 13:35 - 2001-08-17 22:37 - 0004608 ____A (Microsoft Corporation) C:\Windows\System32\dllcache\xrxflnch.exe
    2011-12-28 13:35 - 2001-08-17 22:36 - 0023040 ____A (Xerox Corporation) C:\Windows\System32\dllcache\xrxwbtmp.dll
    2011-12-28 13:35 - 2001-08-17 13:28 - 0771581 ____A (Rockwell) C:\Windows\System32\dllcache\winacisa.sys
    2011-12-28 13:35 - 2001-08-17 12:12 - 0034890 ____A (Raytheon Corp.) C:\Windows\System32\dllcache\wlandrv2.sys
    2011-12-28 13:35 - 2001-08-17 12:11 - 0016970 ____A (US Robotics MCD (Megahertz)) C:\Windows\System32\dllcache\xem336n5.sys
    2011-12-28 13:34 - 2008-04-13 17:12 - 0053760 ____A (Microsoft Corporation) C:\Windows\System32\dllcache\vfwwdm32.dll
    2011-12-28 13:34 - 2008-04-13 11:45 - 0031744 ____A (Microsoft Corporation) C:\Windows\System32\dllcache\wceusbsh.sys
    2011-12-28 13:34 - 2004-08-04 20:00 - 0073728 ____A (Microsoft Corporation) C:\Windows\System32\dllcache\w3ext.dll
    2011-12-28 13:34 - 2004-08-04 20:00 - 0048256 ____A (Microsoft Corporation) C:\Windows\System32\dllcache\w32.dll
    2011-12-28 13:34 - 2004-08-04 20:00 - 0041600 ____A (Microsoft Corporation) C:\Windows\System32\dllcache\weitekp9.dll
    2011-12-28 13:34 - 2004-08-04 20:00 - 0031232 ____A (Microsoft Corporation) C:\Windows\System32\dllcache\weitekp9.sys
    2011-12-28 13:34 - 2004-08-04 20:00 - 0009216 ____A (Microsoft Corporation) C:\Windows\System32\dllcache\wamps51.dll
    2011-12-28 13:34 - 2004-08-04 20:00 - 0005632 ____A (Microsoft Corporation) C:\Windows\System32\dllcache\w3svapi.dll
    2011-12-28 13:34 - 2004-08-04 20:00 - 0004608 ____A (Microsoft Corporation) C:\Windows\System32\dllcache\w3ctrs51.dll
    2011-12-28 13:34 - 2004-08-03 22:29 - 0033599 ____A (Intel(R) Corporation) C:\Windows\System32\dllcache\watv04nt.sys
    2011-12-28 13:34 - 2004-08-03 22:29 - 0029311 ____A (Intel(R) Corporation) C:\Windows\System32\dllcache\watv01nt.sys
    2011-12-28 13:34 - 2004-08-03 22:29 - 0023615 ____A (Intel(R) Corporation) C:\Windows\System32\dllcache\wch7xxnt.sys
    2011-12-28 13:34 - 2004-08-03 22:29 - 0019551 ____A (Intel(R) Corporation) C:\Windows\System32\dllcache\watv02nt.sys
    2011-12-28 13:34 - 2004-08-03 22:29 - 0012415 ____A (Intel(R) Corporation) C:\Windows\System32\dllcache\wadv01nt.sys
    2011-12-28 13:34 - 2004-08-03 22:29 - 0012127 ____A (Intel(R) Corporation) C:\Windows\System32\dllcache\wadv02nt.sys
    2011-12-28 13:34 - 2004-08-03 22:29 - 0011775 ____A (Intel(R) Corporation) C:\Windows\System32\dllcache\wadv05nt.sys
    2011-12-28 13:34 - 2001-08-17 22:36 - 0087040 ____A (Microsoft Corporation) C:\Windows\System32\dllcache\wiafbdrv.dll
    2011-12-28 13:34 - 2001-08-17 22:36 - 0053760 ____A (Microsoft Corporation) C:\Windows\System32\dllcache\wiamsmud.dll
    2011-12-28 13:34 - 2001-08-17 13:49 - 0024576 ____A (VIA Technologies, Inc.) C:\Windows\System32\dllcache\viairda.sys
    2011-12-28 13:34 - 2001-08-17 13:28 - 0794399 ____A (U.S. Robotics, Inc.) C:\Windows\System32\dllcache\usr1806v.sys
    2011-12-28 13:34 - 2001-08-17 13:28 - 0793598 ____A (U.S. Robotics, Inc.) C:\Windows\System32\dllcache\usr1806.sys
    2011-12-28 13:34 - 2001-08-17 13:28 - 0765884 ____A (U.S. Robotics, Inc.) C:\Windows\System32\dllcache\usrti.sys
    2011-12-28 13:34 - 2001-08-17 13:28 - 0701386 ____A (3Com Corporation) C:\Windows\System32\dllcache\wdhaalba.sys
    2011-12-28 13:34 - 2001-08-17 13:28 - 0687999 ____A (U.S. Robotics Corporation) C:\Windows\System32\dllcache\usrwdxjs.sys
    2011-12-28 13:34 - 2001-08-17 13:28 - 0604253 ____A (PCTEL, INC.) C:\Windows\System32\dllcache\vmodem.sys
    2011-12-28 13:34 - 2001-08-17 13:28 - 0397502 ____A (PCtel, Inc.) C:\Windows\System32\dllcache\vpctcom.sys
    2011-12-28 13:34 - 2001-08-17 13:28 - 0224802 ____A (U.S. Robotics Corporation) C:\Windows\System32\dllcache\usr1807a.sys
    2011-12-28 13:34 - 2001-08-17 13:28 - 0113762 ____A (U.S. Robotics Corporation) C:\Windows\System32\dllcache\usrpda.sys
    2011-12-28 13:34 - 2001-08-17 13:28 - 0064605 ____A (PCtel, Inc.) C:\Windows\System32\dllcache\vvoice.sys
    2011-12-28 13:34 - 2001-08-17 13:28 - 0007556 ____A (U.S. Robotics Corporation) C:\Windows\System32\dllcache\usroslba.sys
    2011-12-28 13:34 - 2001-08-17 12:14 - 0249402 ____A (Xircom) C:\Windows\System32\dllcache\vinwm.sys
    2011-12-28 13:34 - 2001-08-17 12:13 - 0019528 ____A (Winbond Electronics Corporation) C:\Windows\System32\dllcache\w840nd.sys
    2011-12-28 13:34 - 2001-08-17 12:13 - 0019016 ____A (Winbond Electronics Corporation) C:\Windows\System32\dllcache\w926nd.sys
    2011-12-28 13:34 - 2001-08-17 12:13 - 0016925 ____A (Winbond Electronics Corporation) C:\Windows\System32\dllcache\w940nd.sys
    2011-12-28 13:34 - 2001-08-17 12:10 - 0035871 ____A (Winbond Electronics Corp.) C:\Windows\System32\dllcache\wbfirdma.sys
    2011-12-28 13:33 - 2008-04-13 17:12 - 0082944 ____A (IBM Corporation) C:\Windows\System32\dllcache\tp4mon.exe
    2011-12-28 13:33 - 2008-04-13 11:47 - 0025856 ____A (Microsoft Corporation) C:\Windows\System32\dllcache\usbprint.sys
    2011-12-28 13:33 - 2008-04-13 11:45 - 0060032 ____A (Microsoft Corporation) C:\Windows\System32\dllcache\usbaudio.sys
    2011-12-28 13:33 - 2008-04-13 11:45 - 0032128 ____A (Microsoft Corporation) C:\Windows\System32\dllcache\usbccgp.sys
    2011-12-28 13:33 - 2008-04-13 11:45 - 0026112 ____A (Microsoft Corporation) C:\Windows\System32\dllcache\usbser.sys
    2011-12-28 13:33 - 2008-04-13 11:45 - 0017152 ____A (Microsoft Corporation) C:\Windows\System32\dllcache\usbohci.sys
    2011-12-28 13:33 - 2004-08-04 20:00 - 0014336 ____A (Microsoft Corporation) C:\Windows\System32\dllcache\tsprof.exe
    2011-12-28 13:33 - 2004-08-03 22:31 - 0032384 ____A (KLSI USA, Inc.) C:\Windows\System32\dllcache\usb101et.sys
    2011-12-28 13:33 - 2001-08-17 22:36 - 0525568 ____A (Trident Microsystems Inc.) C:\Windows\System32\dllcache\tridxp.dll
    2011-12-28 13:33 - 2001-08-17 22:36 - 0216064 ____A (UMAX Data Systems Inc.) C:\Windows\System32\dllcache\um34scan.dll
    2011-12-28 13:33 - 2001-08-17 22:36 - 0211968 ____A (UMAX Data Systems Inc.) C:\Windows\System32\dllcache\um54scan.dll
    2011-12-28 13:33 - 2001-08-17 22:36 - 0094720 ____A (Microsoft Corporation) C:\Windows\System32\dllcache\umaxud32.dll
    2011-12-28 13:33 - 2001-08-17 22:36 - 0069632 ____A (Microsoft Corporation) C:\Windows\System32\dllcache\umaxu12.dll
    2011-12-28 13:33 - 2001-08-17 22:36 - 0050688 ____A (UMAX DATA SYSTEMS INC.) C:\Windows\System32\dllcache\umaxscan.dll
    2011-12-28 13:33 - 2001-08-17 22:36 - 0050176 ____A (Microsoft Corporation) C:\Windows\System32\dllcache\umaxp60.dll
    2011-12-28 13:33 - 2001-08-17 22:36 - 0047616 ____A (Microsoft Corporation) C:\Windows\System32\dllcache\umaxcam.dll
    2011-12-28 13:33 - 2001-08-17 22:36 - 0031744 ____A (IBM Corporation) C:\Windows\System32\dllcache\tp4.dll
    2011-12-28 13:33 - 2001-08-17 22:36 - 0028160 ____A (Microsoft Corporation) C:\Windows\System32\dllcache\umaxu40.dll
    2011-12-28 13:33 - 2001-08-17 22:36 - 0026624 ____A (Microsoft Corporation) C:\Windows\System32\dllcache\umaxu22.dll
    2011-12-28 13:33 - 2001-08-17 22:35 - 0042496 ____A (IBM Corporation) C:\Windows\System32\dllcache\tp4res.dll
    2011-12-28 13:33 - 2001-08-17 14:56 - 0440576 ____A (Trident Microsystems Inc.) C:\Windows\System32\dllcache\tridkb.dll
    2011-12-28 13:33 - 2001-08-17 14:56 - 0315520 ____A (Trident Microsystems Inc.) C:\Windows\System32\dllcache\trid3d.dll
    2011-12-28 13:33 - 2001-08-17 13:58 - 0022912 ____A (Microsoft Corporation) C:\Windows\System32\dllcache\umaxpcls.sys
    2011-12-28 13:33 - 2001-08-17 13:52 - 0036736 ____A (Promise Technology, Inc.) C:\Windows\System32\dllcache\ultra.sys
    2011-12-28 13:33 - 2001-08-17 13:48 - 0011520 ____A (IBM Corporation) C:\Windows\System32\dllcache\twotrack.sys
    2011-12-28 13:33 - 2001-08-17 13:28 - 0794654 ____A (U.S. Robotics, Inc.) C:\Windows\System32\dllcache\usr1801.sys
    2011-12-28 13:33 - 2001-08-17 12:51 - 0222336 ____A (Trident Microsystems Inc.) C:\Windows\System32\dllcache\trid3dm.sys
    2011-12-28 13:33 - 2001-08-17 12:51 - 0166784 ____A (Trident Microsystems Inc.) C:\Windows\System32\dllcache\tridxpm.sys
    2011-12-28 13:33 - 2001-08-17 12:51 - 0159232 ____A (Trident Microsystems Inc.) C:\Windows\System32\dllcache\tridkbm.sys
    2011-12-28 13:33 - 2001-08-17 12:12 - 0034375 ____A (Intel Corporation) C:\Windows\System32\dllcache\tpro4.sys
    2011-12-28 13:32 - 2008-04-13 11:40 - 0149376 ____A (M-Systems) C:\Windows\System32\dllcache\tffsport.sys
    2011-12-28 13:32 - 2004-08-04 20:00 - 0021896 ____A (Microsoft Corporation) C:\Windows\System32\dllcache\tdipx.sys
    2011-12-28 13:32 - 2004-08-04 20:00 - 0019464 ____A (Microsoft Corporation) C:\Windows\System32\dllcache\tdspx.sys
    2011-12-28 13:32 - 2004-08-04 20:00 - 0013192 ____A (Microsoft Corporation) C:\Windows\System32\dllcache\tdasync.sys
    2011-12-28 13:32 - 2001-08-17 22:36 - 0094293 ____A (Perle Systems Ltd. ) C:\Windows\System32\dllcache\sxports.dll
    2011-12-28 13:32 - 2001-08-17 22:36 - 0053760 ____A (Microsoft Corporation) C:\Windows\System32\dllcache\sw_wheel.dll
    2011-12-28 13:32 - 2001-08-17 22:36 - 0041472 ____A (Microsoft Corporation) C:\Windows\System32\dllcache\sw_effct.dll
    2011-12-28 13:32 - 2001-08-17 22:36 - 0010240 ____A (Microsoft Corporation) C:\Windows\System32\dllcache\swpidflt.dll
    2011-12-28 13:32 - 2001-08-17 22:36 - 0010240 ____A (Microsoft Corporation) C:\Windows\System32\dllcache\swpdflt2.dll
    2011-12-28 13:32 - 2001-08-17 14:56 - 0172768 ____A (Number Nine Visual Technology) C:\Windows\System32\dllcache\t2r4disp.dll
    2011-12-28 13:32 - 2001-08-17 14:56 - 0081408 ____A (Trident Microsystems Inc.) C:\Windows\System32\dllcache\tgiul50.dll
    2011-12-28 13:32 - 2001-08-17 14:07 - 0032640 ____A (LSI Logic) C:\Windows\System32\dllcache\symc8xx.sys
    2011-12-28 13:32 - 2001-08-17 14:07 - 0030688 ____A (LSI Logic) C:\Windows\System32\dllcache\sym_u3.sys
    2011-12-28 13:32 - 2001-08-17 14:07 - 0028384 ____A (LSI Logic) C:\Windows\System32\dllcache\sym_hi.sys
    2011-12-28 13:32 - 2001-08-17 14:07 - 0016256 ____A (Symbios Logic Inc.) C:\Windows\System32\dllcache\symc810.sys
    2011-12-28 13:32 - 2001-08-17 14:02 - 0230912 ____A (Toshiba Corporation) C:\Windows\System32\dllcache\tosdvd03.sys
    2011-12-28 13:32 - 2001-08-17 14:02 - 0003968 ____A (Microsoft Corporation) C:\Windows\System32\dllcache\swusbflt.sys
    2011-12-28 13:32 - 2001-08-17 14:01 - 0241664 ____A (Toshiba Corporation) C:\Windows\System32\dllcache\tosdvd02.sys
    2011-12-28 13:32 - 2001-08-17 13:52 - 0007040 ____A (Microsoft Corporation) C:\Windows\System32\dllcache\tandqic.sys
    2011-12-28 13:32 - 2001-08-17 13:51 - 0004992 ____A (Microsoft Corporation) C:\Windows\System32\dllcache\toside.sys
    2011-12-28 13:32 - 2001-08-17 13:50 - 0103936 ____A (Perle Systems Ltd. ) C:\Windows\System32\dllcache\sx.sys
    2011-12-28 13:32 - 2001-08-17 13:49 - 0030464 ____A (Toshiba Corporation) C:\Windows\System32\dllcache\tbatm155.sys
    2011-12-28 13:32 - 2001-08-17 12:51 - 0138528 ____A (Trident Microsystems Inc.) C:\Windows\System32\dllcache\tgiulnt5.sys
    2011-12-28 13:32 - 2001-08-17 12:50 - 0036640 ____A (Number Nine Visual Technology Corp.) C:\Windows\System32\dllcache\t2r4mini.sys
    2011-12-28 13:32 - 2001-08-17 12:14 - 0123995 ____A (Tiger Jet Network) C:\Windows\System32\dllcache\tjisdn.sys
    2011-12-28 13:32 - 2001-08-17 12:13 - 0037961 ____A (TDK Corporation) C:\Windows\System32\dllcache\tdk100b.sys
    2011-12-28 13:32 - 2001-08-17 12:13 - 0017129 ____A (TDK Corporation) C:\Windows\System32\dllcache\tdkcd31.sys
    2011-12-28 13:32 - 2001-08-17 12:10 - 0028232 ____A (TOSHIBA Corporation) C:\Windows\System32\dllcache\tos4mo.sys
    2011-12-28 13:31 - 2008-04-13 11:40 - 0007552 ____A (Microsoft Corporation) C:\Windows\System32\dllcache\sonyait.sys
    2011-12-28 13:31 - 2008-04-13 11:36 - 0016000 ____A (Microsoft Corporation) C:\Windows\System32\dllcache\smbbatt.sys
    2011-12-28 13:31 - 2008-04-13 11:36 - 0006912 ____A (Microsoft Corporation) C:\Windows\System32\dllcache\smbclass.sys
    2011-12-28 13:31 - 2004-08-04 20:00 - 0101376 ____A (Microsoft Corporation) C:\Windows\System32\dllcache\srusbusd.dll
    2011-12-28 13:31 - 2004-08-04 20:00 - 0038912 ____A (Microsoft Corporation) C:\Windows\System32\dllcache\sm9aw.dll
    2011-12-28 13:31 - 2004-08-04 20:00 - 0031744 ____A (Microsoft Corporation) C:\Windows\System32\dllcache\smb6w.dll
    2011-12-28 13:31 - 2004-08-04 20:00 - 0031744 ____A (Microsoft Corporation) C:\Windows\System32\dllcache\sma3w.dll
    2011-12-28 13:31 - 2004-08-04 20:00 - 0026624 ____A (Microsoft Corporation) C:\Windows\System32\dllcache\sm93w.dll
    2011-12-28 13:31 - 2004-08-04 20:00 - 0026624 ____A (Microsoft Corporation) C:\Windows\System32\dllcache\sm92w.dll
    2011-12-28 13:31 - 2004-08-04 20:00 - 0016896 ____A (Microsoft Corporation) C:\Windows\System32\dllcache\status.dll
    2011-12-28 13:31 - 2004-08-04 20:00 - 0015872 ____A (Microsoft Corporation) C:\Windows\System32\dllcache\smierrsm.dll
    2011-12-28 13:31 - 2004-08-04 20:00 - 0010240 ____A (Microsoft Corporation) C:\Windows\System32\dllcache\snmpstup.dll
    2011-12-28 13:31 - 2004-08-04 20:00 - 0005632 ____A (Microsoft Corporation) C:\Windows\System32\dllcache\smimsgif.dll
    2011-12-28 13:31 - 2004-08-04 20:00 - 0005632 ____A (Microsoft Corporation) C:\Windows\System32\dllcache\smierrsy.dll
    2011-12-28 13:31 - 2001-08-17 22:36 - 0155648 ____A (Stallion Technologies) C:\Windows\System32\dllcache\stlnprop.dll
    2011-12-28 13:31 - 2001-08-17 22:36 - 0114688 ____A (Sony Corporation) C:\Windows\System32\dllcache\sonypi.dll
    2011-12-28 13:31 - 2001-08-17 22:36 - 0106584 ____A (Perle Systems Ltd.) C:\Windows\System32\dllcache\spdports.dll
    2011-12-28 13:31 - 2001-08-17 22:36 - 0099328 ____A (Microsoft Corporation) C:\Windows\System32\dllcache\srusd.dll
    2011-12-28 13:31 - 2001-08-17 22:36 - 0053248 ____A (Stallion Technologies) C:\Windows\System32\dllcache\stlncoin.dll
    2011-12-28 13:31 - 2001-08-17 22:36 - 0045568 ____A (Microsoft Corporation) C:\Windows\System32\dllcache\smb3w.dll
    2011-12-28 13:31 - 2001-08-17 22:36 - 0033792 ____A (Microsoft Corporation) C:\Windows\System32\dllcache\smb0w.dll
    2011-12-28 13:31 - 2001-08-17 22:36 - 0028672 ____A (Microsoft Corporation) C:\Windows\System32\dllcache\sma0w.dll
    2011-12-28 13:31 - 2001-08-17 22:36 - 0024660 ____A (Perle Systems Ltd.) C:\Windows\System32\dllcache\spxupchk.dll
    2011-12-28 13:31 - 2001-08-17 22:36 - 0012288 ____A (Microsoft Corporation) C:\Windows\System32\dllcache\EXCH_smtpctrs.dll
    2011-12-28 13:31 - 2001-08-17 22:36 - 0007168 ____A (Microsoft Corporation) C:\Windows\System32\dllcache\EXCH_snprfdll.dll
    2011-12-28 13:31 - 2001-08-17 14:56 - 0147200 ____A (Silicon Motion Inc.) C:\Windows\System32\dllcache\smidispb.dll
    2011-12-28 13:31 - 2001-08-17 14:07 - 0019072 ____A (Adaptec, Inc.) C:\Windows\System32\dllcache\sparrow.sys
    2011-12-28 13:31 - 2001-08-17 13:57 - 0006784 ____A (Microsoft Corporation) C:\Windows\System32\dllcache\smbhc.sys
    2011-12-28 13:31 - 2001-08-17 13:53 - 0009600 ____A (Microsoft Corporation) C:\Windows\System32\dllcache\sonymc.sys
    2011-12-28 13:31 - 2001-08-17 13:53 - 0007040 ____A (Microsoft Corporation) C:\Windows\System32\dllcache\snyaitmc.sys
    2011-12-28 13:31 - 2001-08-17 13:51 - 0061824 ____A (Perle Systems Ltd.) C:\Windows\System32\dllcache\speed.sys
    2011-12-28 13:31 - 2001-08-17 13:51 - 0016896 ____A (SCM Microsystems, Inc.) C:\Windows\System32\dllcache\stcusb.sys
    2011-12-28 13:31 - 2001-08-17 12:51 - 0058368 ____A (Silicon Motion Inc.) C:\Windows\System32\dllcache\smiminib.sys
    2011-12-28 13:31 - 2001-08-17 12:51 - 0037040 ____A (Sony Corporation) C:\Windows\System32\dllcache\sonypi.sys
    2011-12-28 13:31 - 2001-08-17 12:51 - 0020752 ____A (Sony Corporation) C:\Windows\System32\dllcache\sonync.sys
    2011-12-28 13:31 - 2001-08-17 12:18 - 0285760 ____A (Stallion Technologies) C:\Windows\System32\dllcache\stlnata.sys
    2011-12-28 13:31 - 2001-08-17 12:12 - 0025034 ____A (SMC Networks, Inc.) C:\Windows\System32\dllcache\smcpwr2n.sys
    2011-12-28 13:31 - 2001-08-17 12:12 - 0024576 ____A (SMC Networks, Inc.) C:\Windows\System32\dllcache\smc8000n.sys
    2011-12-28 13:31 - 2001-08-17 12:11 - 0048736 ____A (3Com) C:\Windows\System32\dllcache\srwlnd5.sys
    2011-12-28 13:30 - 2008-04-13 11:45 - 0011520 ____A (Microsoft Corporation) C:\Windows\System32\dllcache\scsiscan.sys
    2011-12-28 13:30 - 2008-04-13 11:40 - 0043904 ____A (Microsoft Corporation) C:\Windows\System32\dllcache\sbp2port.sys
    2011-12-28 13:30 - 2004-08-04 20:00 - 0030208 ____A (Microsoft Corporation) C:\Windows\System32\dllcache\sm87w.dll
    2011-12-28 13:30 - 2004-08-04 20:00 - 0030208 ____A (Microsoft Corporation) C:\Windows\System32\dllcache\sm81w.dll
    2011-12-28 13:30 - 2004-08-04 20:00 - 0029184 ____A (Microsoft Corporation) C:\Windows\System32\dllcache\sm8cw.dll
    2011-12-28 13:30 - 2004-08-04 20:00 - 0026112 ____A (Microsoft Corporation) C:\Windows\System32\dllcache\sm90w.dll
    2011-12-28 13:30 - 2004-08-04 20:00 - 0026112 ____A (Microsoft Corporation) C:\Windows\System32\dllcache\sm8dw.dll
    2011-12-28 13:30 - 2004-08-04 20:00 - 0026112 ____A (Microsoft Corporation) C:\Windows\System32\dllcache\sm8aw.dll
    2011-12-28 13:30 - 2004-08-04 20:00 - 0026112 ____A (Microsoft Corporation) C:\Windows\System32\dllcache\sm89w.dll
    2011-12-28 13:30 - 2004-08-04 20:00 - 0025088 ____A (Microsoft Corporation) C:\Windows\System32\dllcache\sm59w.dll
    2011-12-28 13:30 - 2004-08-04 20:00 - 0018944 ____A (Microsoft Corporation) C:\Windows\System32\dllcache\simptcp.dll
    2011-12-28 13:30 - 2004-08-03 22:31 - 0063547 ____A (Symbol Technologies) C:\Windows\System32\dllcache\sla30nd5.sys
    2011-12-28 13:30 - 2004-08-03 22:31 - 0032768 ____A (SiS Corporation) C:\Windows\System32\dllcache\sisnic.sys
    2011-12-28 13:30 - 2001-08-17 22:36 - 0386560 ____A (Trident Microsystems Inc.) C:\Windows\System32\dllcache\sgiul50.dll
    2011-12-28 13:30 - 2001-08-17 22:36 - 0238592 ____A (Silicon Integrated Systems Corporation) C:\Windows\System32\dllcache\sisgrv.dll
    2011-12-28 13:30 - 2001-08-17 22:36 - 0057856 ____A (Microsoft Corporation) C:\Windows\System32\dllcache\EXCH_scripto.dll
    2011-12-28 13:30 - 2001-08-17 22:36 - 0028160 ____A (Microsoft Corporation) C:\Windows\System32\dllcache\sm91w.dll
    2011-12-28 13:30 - 2001-08-17 22:36 - 0026112 ____A (Microsoft Corporation) C:\Windows\System32\dllcache\EXCH_seos.dll
    2011-12-28 13:30 - 2001-08-17 14:56 - 0252032 ____A (Silicon Integrated Systems Corporation) C:\Windows\System32\dllcache\sis300iv.dll
    2011-12-28 13:30 - 2001-08-17 14:56 - 0157696 ____A (Silicon Integrated Systems Corporation) C:\Windows\System32\dllcache\sisv256.dll
    2011-12-28 13:30 - 2001-08-17 14:56 - 0150144 ____A (Silicon Integrated Systems Corporation) C:\Windows\System32\dllcache\sis6306v.dll
    2011-12-28 13:30 - 2001-08-17 13:53 - 0006912 ____A (Microsoft Corporation) C:\Windows\System32\dllcache\seaddsmc.sys
    2011-12-28 13:30 - 2001-08-17 13:52 - 0011648 ____A (Microsoft Corporation) C:\Windows\System32\dllcache\scsiprnt.sys
    2011-12-28 13:30 - 2001-08-17 13:51 - 0023936 ____A (OMNIKEY AG) C:\Windows\System32\dllcache\sccmusbm.sys
    2011-12-28 13:30 - 2001-08-17 13:51 - 0023936 ____A (OMNIKEY AG) C:\Windows\System32\dllcache\sccmn50m.sys
    2011-12-28 13:30 - 2001-08-17 13:51 - 0017280 ____A (SCM Microsystems) C:\Windows\System32\dllcache\scr111.sys
    2011-12-28 13:30 - 2001-08-17 13:51 - 0016640 ____A (Microsoft Corporation) C:\Windows\System32\dllcache\scmstcs.sys
    2011-12-28 13:30 - 2001-08-17 13:48 - 0017664 ____A (Microsoft Corporation) C:\Windows\System32\dllcache\sermouse.sys
    2011-12-28 13:30 - 2001-08-17 12:51 - 0098080 ____A (Trident Microsystems Inc.) C:\Windows\System32\dllcache\sgiulnt5.sys
    2011-12-28 13:30 - 2001-08-17 12:50 - 0104064 ____A (Silicon Integrated Systems Corporation) C:\Windows\System32\dllcache\sisgrp.sys
    2011-12-28 13:30 - 2001-08-17 12:50 - 0101760 ____A (Silicon Integrated Systems Corporation) C:\Windows\System32\dllcache\sis300ip.sys
    2011-12-28 13:30 - 2001-08-17 12:50 - 0068608 ____A (Silicon Integrated Systems Corporation) C:\Windows\System32\dllcache\sis6306p.sys
    2011-12-28 13:30 - 2001-08-17 12:50 - 0050432 ____A (Silicon Integrated Systems Corporation) C:\Windows\System32\dllcache\sisv.sys
    2011-12-28 13:30 - 2001-08-17 12:19 - 0036480 ____A (Creative Technology Ltd.) C:\Windows\System32\dllcache\sfmanm.sys
    2011-12-28 13:30 - 2001-08-17 12:12 - 0094698 ____A (SysKonnect GmbH.) C:\Windows\System32\dllcache\sk98xwin.sys
    2011-12-28 13:30 - 2001-08-17 12:12 - 0091294 ____A (SysKonnect, a business unit of Schneider & Koch & Co. Datensysteme GmbH.) C:\Windows\System32\dllcache\skfpwin.sys
    2011-12-28 13:30 - 2001-07-21 14:29 - 0161568 ____A (Micro Systemation) C:\Windows\System32\dllcache\sgsmusb.sys
    2011-12-28 13:30 - 2001-07-21 14:29 - 0018400 ____A (Micro Systemation) C:\Windows\System32\dllcache\sgsmld.sys
    2011-12-28 13:29 - 2008-04-13 17:12 - 0029696 ____A (Ricoh Co., Ltd.) C:\Windows\System32\dllcache\rw450ext.dll
    2011-12-28 13:29 - 2008-04-13 17:12 - 0027648 ____A (Ricoh Co., Ltd.) C:\Windows\System32\dllcache\rw430ext.dll
    2011-12-28 13:29 - 2008-04-13 11:40 - 0079104 ____A (Comtrol Corporation) C:\Windows\System32\dllcache\rocket.sys
    2011-12-28 13:29 - 2004-08-04 20:00 - 0079872 ____A (Ricoh Co., Ltd.) C:\Windows\System32\dllcache\rwia330.dll
    2011-12-28 13:29 - 2004-08-04 20:00 - 0079872 ____A (Ricoh Co., Ltd.) C:\Windows\System32\dllcache\rwia001.dll
    2011-12-28 13:29 - 2004-08-04 20:00 - 0016384 ____A (Microsoft Corporation) C:\Windows\System32\dllcache\quser.exe
    2011-12-28 13:29 - 2004-08-04 20:00 - 0014848 ____A (Microsoft Corporation) C:\Windows\System32\dllcache\register.exe
    2011-12-28 13:29 - 2004-08-04 20:00 - 0009728 ____A (Microsoft Corporation) C:\Windows\System32\dllcache\query.exe
    2011-12-28 13:29 - 2004-08-03 22:31 - 0020992 ____A (Realtek Semiconductor Corporation) C:\Windows\System32\dllcache\rtl8139.sys
    2011-12-28 13:29 - 2001-08-17 22:36 - 0495616 ____A (Creative Technology Ltd.) C:\Windows\System32\dllcache\sblfx.dll
    2011-12-28 13:29 - 2001-08-17 22:36 - 0086097 ____A (Xircom) C:\Windows\System32\dllcache\reslog32.dll
    2011-12-28 13:29 - 2001-08-17 22:36 - 0082432 ____A (Ricoh Co., Ltd.) C:\Windows\System32\dllcache\rwia450.dll
    2011-12-28 13:29 - 2001-08-17 22:36 - 0079872 ____A (Ricoh Co., Ltd.) C:\Windows\System32\dllcache\rwia430.dll
    2011-12-28 13:29 - 2001-08-17 22:36 - 0062496 ____A (S3 Incorporated) C:\Windows\System32\dllcache\s3mtrio.dll
    2011-12-28 13:29 - 2001-08-17 22:36 - 0041472 ____A (Microsoft Corporation) C:\Windows\System32\dllcache\qvusd.dll
    2011-12-28 13:29 - 2001-08-17 22:36 - 0023040 ____A (Microsoft Corporation) C:\Windows\System32\dllcache\EXCH_regtrace.exe
    2011-12-28 13:29 - 2001-08-17 22:36 - 0009216 ____A (Brother Industries, Ltd.) C:\Windows\System32\dllcache\rsmgrstr.dll
    2011-12-28 13:29 - 2001-08-17 14:56 - 0245632 ____A (S3 Graphics, Inc.) C:\Windows\System32\dllcache\s3savmx.dll
    2011-12-28 13:29 - 2001-08-17 14:56 - 0210496 ____A (S3 Incorporated) C:\Windows\System32\dllcache\s3mvirge.dll
    2011-12-28 13:29 - 2001-08-17 14:56 - 0198400 ____A (S3 Incorporated) C:\Windows\System32\dllcache\s3sav4.dll
    2011-12-28 13:29 - 2001-08-17 14:56 - 0182272 ____A (S3 Incorporated) C:\Windows\System32\dllcache\s3mt3d.dll
    2011-12-28 13:29 - 2001-08-17 14:56 - 0179264 ____A (S3 Incorporated) C:\Windows\System32\dllcache\s3sav3d.dll
    2011-12-28 13:29 - 2001-08-17 13:57 - 0065664 ____A (Microsoft Corporation) C:\Windows\System32\dllcache\s3legacy.sys
    2011-12-28 13:29 - 2001-08-17 13:53 - 0003328 ____A (Microsoft Corporation) C:\Windows\System32\dllcache\qv2kux.sys
    2011-12-28 13:29 - 2001-08-17 13:28 - 0899146 ____A (Xircom, Inc.) C:\Windows\System32\dllcache\r2mdkxga.sys
    2011-12-28 13:29 - 2001-08-17 13:28 - 0714762 ____A (Xircom, Inc.) C:\Windows\System32\dllcache\r2mdmkxx.sys
    2011-12-28 13:29 - 2001-08-17 12:50 - 0166720 ____A (S3 Incorporated) C:\Windows\System32\dllcache\s3m.sys
    2011-12-28 13:29 - 2001-08-17 12:50 - 0077824 ____A (S3 Incorporated) C:\Windows\System32\dllcache\s3sav4m.sys
    2011-12-28 13:29 - 2001-08-17 12:50 - 0075392 ____A (S3 Graphics, Inc.) C:\Windows\System32\dllcache\s3savmxm.sys
    2011-12-28 13:29 - 2001-08-17 12:50 - 0061504 ____A (S3 Incorporated) C:\Windows\System32\dllcache\s3sav3dm.sys
    2011-12-28 13:29 - 2001-08-17 12:50 - 0041216 ____A (S3 Incorporated) C:\Windows\System32\dllcache\s3mt3d.sys
    2011-12-28 13:29 - 2001-08-17 12:19 - 0030720 ____A (Conexant Systems Inc.) C:\Windows\System32\dllcache\rthwcls.sys
    2011-12-28 13:29 - 2001-08-17 12:19 - 0003840 ____A (Conexant Systems Inc.) C:\Windows\System32\dllcache\rpfun.sys
    2011-12-28 13:29 - 2001-08-17 12:12 - 0037563 ____A (RadioLAN) C:\Windows\System32\dllcache\rlnet5.sys
    2011-12-28 13:29 - 2001-08-17 12:12 - 0019017 ____A (Realtek Semiconductor Corporation) C:\Windows\System32\dllcache\rtl8029.sys
    2011-12-28 13:28 - 2008-04-13 17:12 - 0159232 ____A (Microsoft Corporation) C:\Windows\System32\dllcache\ptpusd.dll
    2011-12-28 13:28 - 2008-04-13 17:10 - 0259328 ____A (Microsoft Corp., 3Dlabs Inc. Ltd.) C:\Windows\System32\dllcache\perm3dd.dll
    2011-12-28 13:28 - 2008-04-13 17:10 - 0211584 ____A (Microsoft Corp., 3Dlabs Inc. Ltd.) C:\Windows\System32\dllcache\perm2dll.dll
    2011-12-28 13:28 - 2008-04-13 11:44 - 0028032 ____A (Microsoft Corp., 3Dlabs Inc. Ltd.) C:\Windows\System32\dllcache\perm3.sys
    2011-12-28 13:28 - 2008-04-13 11:44 - 0027904 ____A (Microsoft Corp., 3Dlabs Inc. Ltd.) C:\Windows\System32\dllcache\perm2.sys
    2011-12-28 13:28 - 2008-04-13 11:41 - 0017664 ____A (Microsoft Corporation) C:\Windows\System32\dllcache\ppa3.sys
    2011-12-28 13:28 - 2008-04-13 11:40 - 0008832 ____A (Microsoft Corporation) C:\Windows\System32\dllcache\powerfil.sys
    2011-12-28 13:28 - 2008-04-13 11:40 - 0006016 ____A (Microsoft Corporation) C:\Windows\System32\dllcache\qic157.sys
    2011-12-28 13:28 - 2004-08-04 20:00 - 0131584 ____A (Microsoft Corporation) C:\Windows\System32\dllcache\pmxviceo.dll
    2011-12-28 13:28 - 2004-08-04 20:00 - 0020992 ____A (Microsoft Corporation) C:\Windows\System32\dllcache\permchk.dll
    2011-12-28 13:28 - 2004-08-04 20:00 - 0011264 ____A (Microsoft Corporation) C:\Windows\System32\dllcache\pmxmcro.dll
    2011-12-28 13:28 - 2004-08-04 20:00 - 0006144 ____A (Microsoft Corporation) C:\Windows\System32\dllcache\pmxgl.dll
    2011-12-28 13:28 - 2004-08-03 22:06 - 0169984 ____A (Cisco Systems) C:\Windows\System32\dllcache\pcx500.sys
    2011-12-28 13:28 - 2001-08-17 22:37 - 0105984 ____A (Microsoft Corporation) C:\Windows\System32\dllcache\phdsext.ax
    2011-12-28 13:28 - 2001-08-17 22:36 - 0121344 ____A (Microsoft Corporation) C:\Windows\System32\dllcache\phvfwext.dll
    2011-12-28 13:28 - 2001-08-17 22:36 - 0086016 ____A (PCtel, Inc.) C:\Windows\System32\dllcache\pctspk.exe
    2011-12-28 13:28 - 2001-08-17 22:36 - 0035328 ____A (Microsoft Corporation) C:\Windows\System32\dllcache\psisload.dll
    2011-12-28 13:28 - 2001-08-17 22:36 - 0016384 ____A (Microsoft Corporation) C:\Windows\System32\dllcache\philcam1.dll
    2011-12-28 13:28 - 2001-08-17 22:36 - 0005632 ____A (Microsoft Corporation) C:\Windows\System32\dllcache\ptpusb.dll
    2011-12-28 13:28 - 2001-08-17 14:07 - 0027296 ____A (Microsoft Corporation) C:\Windows\System32\dllcache\perc2.sys
    2011-12-28 13:28 - 2001-08-17 14:07 - 0019840 ____A (Microsoft Corporation) C:\Windows\System32\dllcache\philtune.sys
    2011-12-28 13:28 - 2001-08-17 14:07 - 0005504 ____A (Microsoft Corporation) C:\Windows\System32\dllcache\perc2hib.sys
    2011-12-28 13:28 - 2001-08-17 14:04 - 0173696 ____A (Microsoft Corporation) C:\Windows\System32\dllcache\philcam2.sys
    2011-12-28 13:28 - 2001-08-17 14:04 - 0092416 ____A (Microsoft Corporation) C:\Windows\System32\dllcache\phildec.sys
    2011-12-28 13:28 - 2001-08-17 14:04 - 0075776 ____A (Microsoft Corporation) C:\Windows\System32\dllcache\philcam1.sys
    2011-12-28 13:28 - 2001-08-17 13:53 - 0017792 ____A (Microsoft Corporation) C:\Windows\System32\dllcache\ppa.sys
    2011-12-28 13:28 - 2001-08-17 13:53 - 0007168 ____A (Microsoft Corporation) C:\Windows\System32\dllcache\pnrmc.sys
    2011-12-28 13:28 - 2001-08-17 13:52 - 0049024 ____A (QLogic Corporation) C:\Windows\System32\dllcache\ql1280.sys
    2011-12-28 13:28 - 2001-08-17 13:52 - 0045312 ____A (QLogic Corporation) C:\Windows\System32\dllcache\ql12160.sys
    2011-12-28 13:28 - 2001-08-17 13:52 - 0040448 ____A (Microsoft Corporation) C:\Windows\System32\dllcache\ql1240.sys
    2011-12-28 13:28 - 2001-08-17 13:52 - 0040320 ____A (QLogic Corporation) C:\Windows\System32\dllcache\ql1080.sys
    2011-12-28 13:28 - 2001-08-17 13:52 - 0033152 ____A (Microsoft Corporation) C:\Windows\System32\dllcache\ql10wnt.sys
    2011-12-28 13:28 - 2001-08-17 13:51 - 0016128 ____A (SCM Microsystems, Inc.) C:\Windows\System32\dllcache\pscr.sys
    2011-12-28 13:28 - 2001-08-17 13:28 - 0130942 ____A (PCTEL, INC.) C:\Windows\System32\dllcache\ptserlv.sys
    2011-12-28 13:28 - 2001-08-17 13:28 - 0128286 ____A (PCTEL, INC.) C:\Windows\System32\dllcache\ptserli.sys
    2011-12-28 13:28 - 2001-08-17 13:28 - 0112574 ____A (PCTEL, INC.) C:\Windows\System32\dllcache\ptserlp.sys
    2011-12-28 13:28 - 2001-08-17 12:11 - 0035328 ____A (AMD Inc.) C:\Windows\System32\dllcache\pcntpci5.sys
    2011-12-28 13:27 - 2004-08-04 20:00 - 0031744 ____A (Microsoft Corporation) C:\Windows\System32\dllcache\pagecnt.dll
    2011-12-28 13:27 - 2004-08-03 22:31 - 0029502 ____A (Marconi Communications, Inc.) C:\Windows\System32\dllcache\pca200e.sys
    2011-12-28 13:27 - 2001-08-17 22:36 - 0123776 ____A (NVIDIA Corporation) C:\Windows\System32\dllcache\nv3.dll
    2011-12-28 13:27 - 2001-08-17 22:36 - 0116736 ____A (Microsoft Corporation) C:\Windows\System32\dllcache\ovcodec2.dll
    2011-12-28 13:27 - 2001-08-17 22:36 - 0044544 ____A (Microsoft Corporation) C:\Windows\System32\dllcache\ovui2.dll
    2011-12-28 13:27 - 2001-08-17 22:36 - 0041984 ____A (Microsoft Corporation) C:\Windows\System32\dllcache\ovui2rc.dll
    2011-12-28 13:27 - 2001-08-17 22:36 - 0039424 ____A (Microsoft Corporation) C:\Windows\System32\dllcache\ovcoms.exe
    2011-12-28 13:27 - 2001-08-17 22:36 - 0038912 ____A (Microsoft Corporation) C:\Windows\System32\dllcache\EXCH_ntfsdrv.dll
    2011-12-28 13:27 - 2001-08-17 22:36 - 0020480 ____A (Microsoft Corporation) C:\Windows\System32\dllcache\ovcomc.dll
    2011-12-28 13:27 - 2001-08-17 14:05 - 0351616 ____A (Microsoft Corporation) C:\Windows\System32\dllcache\ovcodek2.sys
    2011-12-28 13:27 - 2001-08-17 14:05 - 0048000 ____A (Microsoft Corporation) C:\Windows\System32\dllcache\ovcam2.sys
    2011-12-28 13:27 - 2001-08-17 14:05 - 0031872 ____A (Microsoft Corporation) C:\Windows\System32\dllcache\ovce.sys
    2011-12-28 13:27 - 2001-08-17 14:05 - 0028032 ____A (Microsoft Corporation) C:\Windows\System32\dllcache\ovcd.sys
    2011-12-28 13:27 - 2001-08-17 14:05 - 0025216 ____A (Microsoft Corporation) C:\Windows\System32\dllcache\ovsound2.sys
    2011-12-28 13:27 - 2001-08-17 14:05 - 0025088 ____A (Microsoft Corporation) C:\Windows\System32\dllcache\ovca.sys
    2011-12-28 13:27 - 2001-08-17 13:28 - 0054186 ____A (Ositech Communications, Inc.) C:\Windows\System32\dllcache\otcsercb.sys
    2011-12-28 13:27 - 2001-08-17 12:50 - 0198144 ____A (NVIDIA Corporation) C:\Windows\System32\dllcache\nv3.sys
    2011-12-28 13:27 - 2001-08-17 12:49 - 0051552 ____A (Kensington Technology Group) C:\Windows\System32\dllcache\ntgrip.sys
    2011-12-28 13:27 - 2001-08-17 12:20 - 0054528 ____A (Yamaha Corp.) C:\Windows\System32\dllcache\opl3sax.sys
    2011-12-28 13:27 - 2001-08-17 12:12 - 0043689 ____A (Ositech Communications, Inc.) C:\Windows\System32\dllcache\otceth5.sys
    2011-12-28 13:27 - 2001-08-17 12:12 - 0030495 ____A (Linksys) C:\Windows\System32\dllcache\pc100nds.sys
    2011-12-28 13:27 - 2001-08-17 12:12 - 0027209 ____A (Ositech Communications, Inc.) C:\Windows\System32\dllcache\otc06x5.sys
    2011-12-28 13:27 - 2001-08-17 12:12 - 0026153 ____A (Linksys) C:\Windows\System32\dllcache\pcmlm56.sys
    2011-12-28 13:27 - 2001-08-17 12:11 - 0030282 ____A (AMD Inc.) C:\Windows\System32\dllcache\pcntn5hl.sys
    2011-12-28 13:27 - 2001-08-17 12:11 - 0029769 ____A (AMD Inc.) C:\Windows\System32\dllcache\pcntn5m.sys
    2011-12-28 13:26 - 2008-04-13 11:54 - 0028672 ____A (National Semiconductor Corporation) C:\Windows\System32\dllcache\nscirda.sys
    2011-12-28 13:26 - 2004-08-04 20:00 - 0053248 ____A (Microsoft Corporation) C:\Windows\System32\dllcache\nextlink.dll
    2011-12-28 13:26 - 2004-08-03 22:31 - 0132695 ____A (802.11b) C:\Windows\System32\dllcache\netwlan5.sys
    2011-12-28 13:26 - 2001-08-17 22:36 - 0060480 ____A (NeoMagic Corporation) C:\Windows\System32\dllcache\neo20xx.dll
    2011-12-28 13:26 - 2001-08-17 22:36 - 0059104 ____A (Number Nine Visual Technology Corp.) C:\Windows\System32\dllcache\n9i128v2.dll
    2011-12-28 13:26 - 2001-08-17 22:36 - 0019968 ____A (Moxa Technologies Co., Ltd) C:\Windows\System32\dllcache\mxicfg.dll
    2011-12-28 13:26 - 2001-08-17 22:36 - 0007168 ____A (Moxa Technologies Co., Ltd) C:\Windows\System32\dllcache\mxport.dll
    2011-12-28 13:26 - 2001-08-17 14:56 - 0091488 ____A (Number Nine Visual Technology Corp.) C:\Windows\System32\dllcache\n9i3disp.dll
    2011-12-28 13:26 - 2001-08-17 14:56 - 0035392 ____A (Number Nine Visual Technology Corp.) C:\Windows\System32\dllcache\n9i128.dll
    2011-12-28 13:26 - 2001-08-17 13:53 - 0007552 ____A (Microsoft Corporation) C:\Windows\System32\dllcache\nsmmc.sys
    2011-12-28 13:26 - 2001-08-17 13:50 - 0075520 ____A (Moxa Technologies Co., Ltd.) C:\Windows\System32\dllcache\mxport.sys
    2011-12-28 13:26 - 2001-08-17 13:50 - 0021888 ____A (Moxa Technologies Co., Ltd.) C:\Windows\System32\dllcache\mxcard.sys
    2011-12-28 13:26 - 2001-08-17 13:49 - 0019968 ____A (Macronix International Co., Ltd. ) C:\Windows\System32\dllcache\mxnic.sys
    2011-12-28 13:26 - 2001-08-17 13:49 - 0015872 ____A (Microsoft Corporation) C:\Windows\System32\dllcache\ne2000.sys
    2011-12-28 13:26 - 2001-08-17 13:47 - 0009344 ____A (Microsoft Corporation) C:\Windows\System32\dllcache\ntapm.sys
    2011-12-28 13:26 - 2001-08-17 12:50 - 0103296 ____A (Matrox Graphics Inc) C:\Windows\System32\dllcache\mtxvideo.sys
    2011-12-28 13:26 - 2001-08-17 12:50 - 0039264 ____A (NeoMagic Corporation) C:\Windows\System32\dllcache\neo20xx.sys
    2011-12-28 13:26 - 2001-08-17 12:50 - 0033088 ____A (Number Nine Visual Technology Corp.) C:\Windows\System32\dllcache\n9i128v2.sys
    2011-12-28 13:26 - 2001-08-17 12:50 - 0027936 ____A (Number Nine Visual Technology Corp.) C:\Windows\System32\dllcache\n9i3d.sys
    2011-12-28 13:26 - 2001-08-17 12:50 - 0013664 ____A (Number Nine Visual Technology Corp.) C:\Windows\System32\dllcache\n9i128.sys
    2011-12-28 13:26 - 2001-08-17 12:20 - 0126080 ____A (NeoMagic Corporation) C:\Windows\System32\dllcache\nm5a2wdm.sys
    2011-12-28 13:26 - 2001-08-17 12:20 - 0087040 ____A (NeoMagic Corporation) C:\Windows\System32\dllcache\nm6wdm.sys
    2011-12-28 13:26 - 2001-08-17 12:12 - 0032840 ____A (NETGEAR Corporation.) C:\Windows\System32\dllcache\ngrpci.sys
    2011-12-28 13:26 - 2001-08-17 12:11 - 0128000 ____A (Compaq Computer Corporation) C:\Windows\System32\dllcache\n100325.sys
    2011-12-28 13:26 - 2001-08-17 12:11 - 0065278 ____A (Compaq Computer Corporation) C:\Windows\System32\dllcache\netflx3.sys
    2011-12-28 13:26 - 2001-08-17 12:11 - 0052255 ____A (Compaq Computer Corporation) C:\Windows\System32\dllcache\n1000nt5.sys
    2011-12-28 13:25 - 2008-04-13 11:54 - 0022016 ____A (Microsoft Corporation) C:\Windows\System32\dllcache\msircomm.sys
    2011-12-28 13:25 - 2008-04-13 11:46 - 0049024 ____A (Microsoft Corporation) C:\Windows\System32\dllcache\mstape.sys
    2011-12-28 13:25 - 2008-04-13 11:41 - 0026112 ____A (Sony Corporation) C:\Windows\System32\dllcache\memstpci.sys
    2011-12-28 13:25 - 2004-08-04 20:00 - 0092416 ____A (Microsoft Corporation) C:\Windows\System32\dllcache\mga.sys
    2011-12-28 13:25 - 2004-08-04 20:00 - 0092032 ____A (Microsoft Corporation) C:\Windows\System32\dllcache\mga.dll
    2011-12-28 13:25 - 2004-08-04 20:00 - 0034304 ____A (Microsoft Corporation) C:\Windows\System32\dllcache\migisol.exe
    2011-12-28 13:25 - 2001-08-17 22:36 - 0047616 ____A (Microsoft Corporation) C:\Windows\System32\dllcache\memgrp.dll
    2011-12-28 13:25 - 2001-08-17 14:56 - 0235648 ____A (Matrox Graphics Inc.) C:\Windows\System32\dllcache\mgaud.dll
    2011-12-28 13:25 - 2001-08-17 14:02 - 0035200 ____A (Microsoft Corporation) C:\Windows\System32\dllcache\msgame.sys
    2011-12-28 13:25 - 2001-08-17 14:00 - 0002944 ____A (Microsoft Corporation) C:\Windows\System32\dllcache\msmpu401.sys
    2011-12-28 13:25 - 2001-08-17 13:57 - 0016128 ____A (Microsoft Corporation) C:\Windows\System32\dllcache\modemcsa.sys
    2011-12-28 13:25 - 2001-08-17 13:52 - 0017280 ____A (American Megatrends Inc.) C:\Windows\System32\dllcache\mraid35x.sys
    2011-12-28 13:25 - 2001-08-17 13:52 - 0006528 ____A (Microsoft Corporation) C:\Windows\System32\dllcache\miniqic.sys
    2011-12-28 13:25 - 2001-08-17 13:48 - 0012416 ____A (Microsoft Corporation) C:\Windows\System32\dllcache\msriffwv.sys
    2011-12-28 13:25 - 2001-08-17 13:48 - 0006016 ____A (Microsoft Corporation) C:\Windows\System32\dllcache\msfsio.sys
    2011-12-28 13:25 - 2001-08-17 12:50 - 0320384 ____A (Matrox Graphics Inc.) C:\Windows\System32\dllcache\mgaum.sys
    2011-12-28 13:24 - 2008-04-13 17:11 - 0253952 ____A (Microsoft Corporation) C:\Windows\System32\dllcache\kdsusd.dll
    2011-12-28 13:24 - 2008-04-13 17:11 - 0048640 ____A (Microsoft Corporation) C:\Windows\System32\dllcache\kdsui.dll
    2011-12-28 13:24 - 2008-04-13 11:40 - 0034688 ____A (Toshiba Corp.) C:\Windows\System32\dllcache\lbrtfdc.sys
    2011-12-28 13:24 - 2008-04-13 11:40 - 0007040 ____A (Microsoft Corporation) C:\Windows\System32\dllcache\ltotape.sys
    2011-12-28 13:24 - 2004-08-04 20:00 - 0026624 ____A (Microsoft Corporation) C:\Windows\System32\dllcache\mdsync.dll
    2011-12-28 13:24 - 2004-08-04 20:00 - 0022016 ____A (Microsoft Corporation) C:\Windows\System32\dllcache\logscrpt.dll
    2011-12-28 13:24 - 2004-08-04 20:00 - 0018432 ____A (Microsoft Corporation) C:\Windows\System32\dllcache\jupiw.dll
    2011-12-28 13:24 - 2004-08-04 20:00 - 0009216 ____A (Microsoft Corporation) C:\Windows\System32\dllcache\iwrps.dll
    2011-12-28 13:24 - 2004-08-04 20:00 - 0007168 ____A (Microsoft Corporation) C:\Windows\System32\dllcache\isapips.dll
    2011-12-28 13:24 - 2004-08-03 22:41 - 0606684 ____A (LT) C:\Windows\System32\dllcache\ltmdmnt.sys
    2011-12-28 13:24 - 2004-08-03 22:41 - 0420992 ____A (LT) C:\Windows\System32\dllcache\ltmdmntt.sys
    2011-12-28 13:24 - 2004-08-03 22:39 - 0020864 ____A (Logitech Inc.) C:\Windows\System32\dllcache\lwadihid.sys
    2011-12-28 13:24 - 2001-08-17 22:36 - 0065536 ____A (Microsoft Corporation) C:\Windows\System32\dllcache\EXCH_mailmsg.dll
    2011-12-28 13:24 - 2001-08-17 22:36 - 0058880 ____A (Microsoft Corporation) C:\Windows\System32\dllcache\m3092dc.dll
    2011-12-28 13:24 - 2001-08-17 22:36 - 0058368 ____A (Microsoft Corporation) C:\Windows\System32\dllcache\m3091dc.dll
    2011-12-28 13:24 - 2001-08-17 13:58 - 0008320 ____A (Microsoft Corporation) C:\Windows\System32\dllcache\memcard.sys
    2011-12-28 13:24 - 2001-08-17 13:53 - 0004992 ____A (Microsoft Corporation) C:\Windows\System32\dllcache\loop.sys
    2011-12-28 13:24 - 2001-08-17 13:52 - 0007424 ____A (Microsoft Corporation) C:\Windows\System32\dllcache\mammoth.sys
    2011-12-28 13:24 - 2001-08-17 13:51 - 0018688 ____A (Microsoft Corporation) C:\Windows\System32\dllcache\irsir.sys
    2011-12-28 13:24 - 2001-08-17 13:51 - 0015744 ____A (Litronic Industries) C:\Windows\System32\dllcache\lit220p.sys
    2011-12-28 13:24 - 2001-08-17 13:49 - 0026624 ____A (SigmaTel, Inc.) C:\Windows\System32\dllcache\irstusb.sys
    2011-12-28 13:24 - 2001-08-17 13:49 - 0023552 ____A (MKNet Corporation) C:\Windows\System32\dllcache\irmk7.sys
    2011-12-28 13:24 - 2001-08-17 13:28 - 0802683 ____A (Lucent Technologies) C:\Windows\System32\dllcache\ltsm.sys
    2011-12-28 13:24 - 2001-08-17 13:28 - 0797500 ____A (LT) C:\Windows\System32\dllcache\ltsmt.sys
    2011-12-28 13:24 - 2001-08-17 13:28 - 0727786 ____A (Xircom, Inc.) C:\Windows\System32\dllcache\ltck000c.sys
    2011-12-28 13:24 - 2001-08-17 13:28 - 0576746 ____A (LT) C:\Windows\System32\dllcache\ltmdmntl.sys
    2011-12-28 13:24 - 2001-08-17 12:49 - 0022848 ____A (Logitech Inc.) C:\Windows\System32\dllcache\lwusbhid.sys
    2011-12-28 13:24 - 2001-08-17 12:19 - 0048768 ____A (ESS Technology, Inc.) C:\Windows\System32\dllcache\maestro.sys
    2011-12-28 13:24 - 2001-08-17 12:12 - 0164586 ____A (Madge Networks Ltd) C:\Windows\System32\dllcache\mdgndis5.sys
    2011-12-28 13:24 - 2001-08-17 12:12 - 0070730 ____A (Linksys Group, Inc.) C:\Windows\System32\dllcache\lne100tx.sys
    2011-12-28 13:24 - 2001-08-17 12:12 - 0045632 ____A (Interphase (R) Corporation a Windows (R) 2000 DDK Driver Provider) C:\Windows\System32\dllcache\ip5515.sys
    2011-12-28 13:24 - 2001-08-17 12:12 - 0026442 ____A (SMSC) C:\Windows\System32\dllcache\lanepic5.sys
    2011-12-28 13:24 - 2001-08-17 12:12 - 0020573 ____A (The Linksts Group ) C:\Windows\System32\dllcache\lne100.sys
    2011-12-28 13:24 - 2001-08-17 12:12 - 0019016 ____A (Kingston Technology Company ) C:\Windows\System32\dllcache\ktc111.sys
    2011-12-28 13:24 - 2001-08-17 12:11 - 0025065 ____A (D-Link) C:\Windows\System32\dllcache\lmndis3.sys
    2011-12-28 13:23 - 2008-04-13 17:11 - 0702845 ____A (Intel(R) Corporation) C:\Windows\System32\dllcache\i81xdnt5.dll
    2011-12-28 13:23 - 2008-04-13 11:41 - 0018560 ____A (Microsoft Corporation) C:\Windows\System32\dllcache\i2omp.sys
    2011-12-28 13:23 - 2008-04-13 11:41 - 0008576 ____A (Microsoft Corporation) C:\Windows\System32\dllcache\i2omgmt.sys
    2011-12-28 13:23 - 2004-08-04 20:00 - 0060928 ____A (Microsoft Corporation) C:\Windows\System32\dllcache\iisclex4.dll
    2011-12-28 13:23 - 2004-08-04 20:00 - 0019456 ____A (Microsoft Corporation) C:\Windows\System32\dllcache\iiscrmap.dll
    2011-12-28 13:23 - 2004-08-04 20:00 - 0008704 ____A (Microsoft Corporation) C:\Windows\System32\dllcache\infoctrs.dll
    2011-12-28 13:23 - 2004-08-04 20:00 - 0006656 ____A (Microsoft Corporation) C:\Windows\System32\dllcache\iissync.exe
    2011-12-28 13:23 - 2004-08-04 20:00 - 0003584 ____A (Microsoft Corporation) C:\Windows\System32\dllcache\iismui.dll
    2011-12-28 13:23 - 2004-08-03 22:29 - 0161020 ____A (Intel(R) Corporation) C:\Windows\System32\dllcache\i81xnt5.sys
    2011-12-28 13:23 - 2001-08-17 22:36 - 0372824 ____A (Xircom) C:\Windows\System32\dllcache\iconf32.dll
    2011-12-28 13:23 - 2001-08-17 22:36 - 0091136 ____A (Microsoft Corporation) C:\Windows\System32\dllcache\icam4com.dll
    2011-12-28 13:23 - 2001-08-17 22:36 - 0090200 ____A (Perle Systems Ltd. ) C:\Windows\System32\dllcache\io8ports.dll
    2011-12-28 13:23 - 2001-08-17 22:36 - 0061952 ____A (Microsoft Corporation) C:\Windows\System32\dllcache\icam4ext.dll
    2011-12-28 13:23 - 2001-08-17 22:36 - 0045056 ____A (Microsoft Corporation) C:\Windows\System32\dllcache\icam5com.dll
    2011-12-28 13:23 - 2001-08-17 22:36 - 0026624 ____A (Microsoft Corporation) C:\Windows\System32\dllcache\icam3ext.dll
    2011-12-28 13:23 - 2001-08-17 22:36 - 0020480 ____A (Microsoft Corporation) C:\Windows\System32\dllcache\icam5ext.dll
    2011-12-28 13:23 - 2001-08-17 22:34 - 0009216 ____A (IBM Corporation) C:\Windows\System32\dllcache\ibmsgnet.dll
    2011-12-28 13:23 - 2001-08-17 14:56 - 0353184 ____A (Intel Corporation) C:\Windows\System32\dllcache\i740dnt5.dll
    2011-12-28 13:23 - 2001-08-17 14:06 - 0154496 ____A (Microsoft Corporation) C:\Windows\System32\dllcache\icam4usb.sys
    2011-12-28 13:23 - 2001-08-17 14:06 - 0100992 ____A (Microsoft Corporation) C:\Windows\System32\dllcache\icam5usb.sys
    2011-12-28 13:23 - 2001-08-17 14:06 - 0038528 ____A (Microsoft Corporation) C:\Windows\System32\dllcache\ibmvcap.sys
    2011-12-28 13:23 - 2001-08-17 14:05 - 0141056 ____A (Microsoft Corporation) C:\Windows\System32\dllcache\icam3.sys
    2011-12-28 13:23 - 2001-08-17 13:52 - 0016000 ____A (Microsoft Corporation) C:\Windows\System32\dllcache\ini910u.sys
    2011-12-28 13:23 - 2001-08-17 13:50 - 0038784 ____A (Perle Systems Ltd. ) C:\Windows\System32\dllcache\io8.sys
    2011-12-28 13:23 - 2001-08-17 13:47 - 0013056 ____A (Microsoft Corporation) C:\Windows\System32\dllcache\inport.sys
    2011-12-28 13:23 - 2001-08-17 12:49 - 0058592 ____A (Intel Corporation) C:\Windows\System32\dllcache\i740nt5.sys
    2011-12-28 13:23 - 2001-08-17 12:12 - 0109085 ____A (IBM Corporation) C:\Windows\System32\dllcache\ibmtrp.sys
    2011-12-28 13:23 - 2001-08-17 12:12 - 0100936 ____A (IBM Corporation) C:\Windows\System32\dllcache\ibmtok.sys
    2011-12-28 13:23 - 2001-08-17 12:11 - 0028700 ____A (IBM Corp.) C:\Windows\System32\dllcache\ibmexmp.sys
    2011-12-28 13:22 - 2008-04-13 17:11 - 0021504 ____A (Microsoft Corporation) C:\Windows\System32\dllcache\hidserv.dll
    2011-12-28 13:22 - 2008-04-13 11:40 - 0028288 ____A (Gemplus) C:\Windows\System32\dllcache\grserial.sys
    2011-12-28 13:22 - 2008-04-13 11:36 - 0020352 ____A (Microsoft Corporation) C:\Windows\System32\dllcache\hidbatt.sys
    2011-12-28 13:22 - 2001-08-17 22:36 - 0324608 ____A (Microsoft Corporation) C:\Windows\System32\dllcache\hpojwia.dll
    2011-12-28 13:22 - 2001-08-17 22:36 - 0165888 ____A () C:\Windows\System32\dllcache\hpgt53.dll
    2011-12-28 13:22 - 2001-08-17 22:36 - 0126976 ____A (Hewlett Packard) C:\Windows\System32\dllcache\hpgt34tk.dll
    2011-12-28 13:22 - 2001-08-17 22:36 - 0123392 ____A (Microsoft Corporation) C:\Windows\System32\dllcache\hpgt21tk.dll
    2011-12-28 13:22 - 2001-08-17 22:36 - 0119296 ____A (Microsoft Corporation) C:\Windows\System32\dllcache\hpdigwia.dll
    2011-12-28 13:22 - 2001-08-17 22:36 - 0101376 ____A () C:\Windows\System32\dllcache\hpgt34.dll
    2011-12-28 13:22 - 2001-08-17 22:36 - 0093696 ____A () C:\Windows\System32\dllcache\hpgt42.dll
    2011-12-28 13:22 - 2001-08-17 22:36 - 0089088 ____A () C:\Windows\System32\dllcache\hpgt33.dll
    2011-12-28 13:22 - 2001-08-17 22:36 - 0083968 ____A () C:\Windows\System32\dllcache\hpgt21.dll
    2011-12-28 13:22 - 2001-08-17 22:36 - 0068608 ____A (Avisioin) C:\Windows\System32\dllcache\hpgt53tk.dll
    2011-12-28 13:22 - 2001-08-17 22:36 - 0048128 ____A (Microsoft Corporation) C:\Windows\System32\dllcache\hpgt33tk.dll
    2011-12-28 13:22 - 2001-08-17 22:36 - 0032768 ____A (Microsoft Corporation) C:\Windows\System32\dllcache\hpgtmcro.dll
    2011-12-28 13:22 - 2001-08-17 22:36 - 0031232 ____A (Microsoft Corporation) C:\Windows\System32\dllcache\hpgt42tk.dll
    2011-12-28 13:22 - 2001-08-17 22:36 - 0019456 ____A (Microsoft Corporation) C:\Windows\System32\dllcache\hr1w.dll
    2011-12-28 13:22 - 2001-08-17 22:36 - 0013312 ____A (Microsoft Corporation) C:\Windows\System32\dllcache\hpsjmcro.dll
    2011-12-28 13:22 - 2001-08-17 22:36 - 0009759 ____A (Conexant) C:\Windows\System32\dllcache\hsf_inst.dll
    2011-12-28 13:22 - 2001-08-17 14:07 - 0025952 ____A (Microsoft Corporation) C:\Windows\System32\dllcache\hpn.sys
    2011-12-28 13:22 - 2001-08-17 14:02 - 0008576 ____A (Microsoft Corporation) C:\Windows\System32\dllcache\hidgame.sys
    2011-12-28 13:22 - 2001-08-17 14:02 - 0002688 ____A (Microsoft Corporation) C:\Windows\System32\dllcache\hidswvd.sys
    2011-12-28 13:22 - 2001-08-17 13:52 - 0005760 ____A (Microsoft Corporation) C:\Windows\System32\dllcache\hpt4qic.sys
    2011-12-28 13:22 - 2001-08-17 13:51 - 0082304 ____A (Gemplus) C:\Windows\System32\dllcache\grclass.sys
    2011-12-28 13:22 - 2001-08-17 13:28 - 0907456 ____A (Conexant) C:\Windows\System32\dllcache\hcf_msft.sys
    2011-12-28 13:22 - 2001-08-17 13:28 - 0542879 ____A (Conexant) C:\Windows\System32\dllcache\hsf_msft.sys
    2011-12-28 13:22 - 2001-08-17 13:28 - 0488383 ____A (Conexant) C:\Windows\System32\dllcache\hsf_v124.sys
    2011-12-28 13:22 - 2001-08-17 13:28 - 0391199 ____A (Conexant) C:\Windows\System32\dllcache\hsf_k56k.sys
    2011-12-28 13:22 - 2001-08-17 13:28 - 0289887 ____A (Conexant) C:\Windows\System32\dllcache\hsf_fall.sys
    2011-12-28 13:22 - 2001-08-17 13:28 - 0199711 ____A (Conexant) C:\Windows\System32\dllcache\hsf_faxx.sys
    2011-12-28 13:22 - 2001-08-17 13:28 - 0150239 ____A (Conexant) C:\Windows\System32\dllcache\hsf_amos.sys
    2011-12-28 13:22 - 2001-08-17 13:28 - 0115807 ____A (Conexant) C:\Windows\System32\dllcache\hsf_fsks.sys
    2011-12-28 13:22 - 2001-08-17 13:28 - 0073279 ____A (Conexant) C:\Windows\System32\dllcache\hsf_spkp.sys
    2011-12-28 13:22 - 2001-08-17 13:28 - 0067167 ____A (Conexant) C:\Windows\System32\dllcache\hsf_bsc2.sys
    2011-12-28 13:22 - 2001-08-17 13:28 - 0057471 ____A (Conexant) C:\Windows\System32\dllcache\hsf_samp.sys
    2011-12-28 13:22 - 2001-08-17 13:28 - 0050751 ____A (Conexant) C:\Windows\System32\dllcache\hsf_tone.sys
    2011-12-28 13:22 - 2001-08-17 13:28 - 0044863 ____A (Conexant) C:\Windows\System32\dllcache\hsf_soar.sys
     
  15. 2012/01/05
    Mr Dit

    Mr Dit Inactive Thread Starter

    Joined:
    2012/01/02
    Messages:
    37
    Likes Received:
    0
    2nd section follows:

    2011-12-28 13:21 - 2008-04-13 11:45 - 0059136 ____A (Microsoft Corporation) C:\Windows\System32\dllcache\gckernel.sys
    2011-12-28 13:21 - 2008-04-13 11:45 - 0010624 ____A (Microsoft Corporation) C:\Windows\System32\dllcache\gameenum.sys
    2011-12-28 13:21 - 2004-08-04 20:00 - 0132608 ____A (Microsoft Corporation) C:\Windows\System32\dllcache\fxsclntr.dll
    2011-12-28 13:21 - 2004-08-04 20:00 - 0111104 ____A (Microsoft Corporation) C:\Windows\System32\dllcache\fxscfgwz.dll
    2011-12-28 13:21 - 2004-08-04 20:00 - 0057856 ____A (SEIKO EPSON CORP.) C:\Windows\System32\dllcache\esuimgd.dll
    2011-12-28 13:21 - 2004-08-04 20:00 - 0045056 ____A (SEIKO EPSON CORP.) C:\Windows\System32\dllcache\esunid.dll
    2011-12-28 13:21 - 2004-08-04 20:00 - 0031744 ____A (SEIKO EPSON CORP.) C:\Windows\System32\dllcache\esucmd.dll
    2011-12-28 13:21 - 2004-08-04 20:00 - 0031744 ____A (Microsoft Corporation) C:\Windows\System32\dllcache\fxsroute.dll
    2011-12-28 13:21 - 2004-08-04 20:00 - 0025856 ____A (Microsoft Corporation) C:\Windows\System32\dllcache\et4000.sys
    2011-12-28 13:21 - 2004-08-04 20:00 - 0014848 ____A (Microsoft Corporation) C:\Windows\System32\dllcache\flattemp.exe
    2011-12-28 13:21 - 2004-08-04 20:00 - 0011264 ____A (Microsoft Corporation) C:\Windows\System32\dllcache\fxssend.exe
    2011-12-28 13:21 - 2004-08-04 20:00 - 0007680 ____A (Microsoft Corporation) C:\Windows\System32\dllcache\ftpctrs2.dll
    2011-12-28 13:21 - 2004-08-03 22:32 - 0137088 ____A (ESS Technology, Inc.) C:\Windows\System32\dllcache\essm2e.sys
    2011-12-28 13:21 - 2004-08-03 22:31 - 0034173 ____A (Marconi Communications, Inc.) C:\Windows\System32\dllcache\forehe.sys
    2011-12-28 13:21 - 2001-08-17 22:36 - 0092160 ____A (Microsoft Corporation) C:\Windows\System32\dllcache\fuusd.dll
    2011-12-28 13:21 - 2001-08-17 22:36 - 0045568 ____A (SEIKO EPSON CORP.) C:\Windows\System32\dllcache\esunib.dll
    2011-12-28 13:21 - 2001-08-17 22:36 - 0045568 ____A (SEIKO EPSON CORP.) C:\Windows\System32\dllcache\esuni.dll
    2011-12-28 13:21 - 2001-08-17 22:36 - 0043520 ____A (Microsoft Corporation) C:\Windows\System32\dllcache\EXCH_fcachdll.dll
    2011-12-28 13:21 - 2001-08-17 22:36 - 0043008 ____A (SEIKO EPSON CORP.) C:\Windows\System32\dllcache\esucm.dll
    2011-12-28 13:21 - 2001-08-17 22:36 - 0034816 ____A (SEIKO EPSON CORP.) C:\Windows\System32\dllcache\esuimg.dll
    2011-12-28 13:21 - 2001-08-17 14:56 - 1733120 ____A (Matrox Graphics Inc.) C:\Windows\System32\dllcache\g400d.dll
    2011-12-28 13:21 - 2001-08-17 14:56 - 0470144 ____A (Matrox Graphics Inc.) C:\Windows\System32\dllcache\g200d.dll
    2011-12-28 13:21 - 2001-08-17 13:52 - 0007040 ____A (Microsoft Corporation) C:\Windows\System32\dllcache\exabyte2.sys
    2011-12-28 13:21 - 2001-08-17 13:51 - 0017408 ____A (Gemplus) C:\Windows\System32\dllcache\gpr400.sys
    2011-12-28 13:21 - 2001-08-17 13:28 - 0595647 ____A (ESS Technology, Inc.) C:\Windows\System32\dllcache\es56cvmp.sys
    2011-12-28 13:21 - 2001-08-17 13:28 - 0594238 ____A (ESS Technology, Inc.) C:\Windows\System32\dllcache\es56hpi.sys
    2011-12-28 13:21 - 2001-08-17 13:28 - 0347550 ____A (ESS Technology, Inc.) C:\Windows\System32\dllcache\es56tpi.sys
    2011-12-28 13:21 - 2001-08-17 12:49 - 0322432 ____A (Matrox Graphics Inc.) C:\Windows\System32\dllcache\g400m.sys
    2011-12-28 13:21 - 2001-08-17 12:49 - 0320384 ____A (Matrox Graphics Inc.) C:\Windows\System32\dllcache\g200m.sys
    2011-12-28 13:21 - 2001-08-17 12:19 - 0174464 ____A (ESS Technology, Inc.) C:\Windows\System32\dllcache\es198x.sys
    2011-12-28 13:21 - 2001-08-17 12:19 - 0072192 ____A (ESS Technology Inc.) C:\Windows\System32\dllcache\es1969.sys
    2011-12-28 13:21 - 2001-08-17 12:19 - 0063360 ____A (ESS Technology, Inc.) C:\Windows\System32\dllcache\ess.sys
    2011-12-28 13:21 - 2001-08-17 12:15 - 0455680 ____A (AVM GmbH) C:\Windows\System32\dllcache\fus2base.sys
    2011-12-28 13:21 - 2001-08-17 12:15 - 0455296 ____A (AVM GmbH) C:\Windows\System32\dllcache\fusbbase.sys
    2011-12-28 13:21 - 2001-08-17 12:15 - 0454912 ____A (AVM GmbH) C:\Windows\System32\dllcache\fxusbase.sys
    2011-12-28 13:21 - 2001-08-17 12:15 - 0442240 ____A (AVM GmbH) C:\Windows\System32\dllcache\fpnpbase.sys
    2011-12-28 13:21 - 2001-08-17 12:14 - 0444416 ____A (AVM GmbH) C:\Windows\System32\dllcache\fpcibase.sys
    2011-12-28 13:21 - 2001-08-17 12:14 - 0441728 ____A (AVM GmbH) C:\Windows\System32\dllcache\fpcmbase.sys
    2011-12-28 13:21 - 2001-08-17 12:13 - 0027165 ____A (VIA Technologies, Inc. ) C:\Windows\System32\dllcache\fetnd5.sys
    2011-12-28 13:21 - 2001-08-17 12:12 - 0024618 ____A (NETGEAR) C:\Windows\System32\dllcache\fa410nd5.sys
    2011-12-28 13:21 - 2001-08-17 12:12 - 0016998 ____A (Intel Corporation) C:\Windows\System32\dllcache\ex10.sys
    2011-12-28 13:21 - 2001-08-17 12:12 - 0016074 ____A (NETGEAR Corp.) C:\Windows\System32\dllcache\fa312nd5.sys
    2011-12-28 13:21 - 2001-08-17 12:11 - 0012362 ____A (FUJITSU LIMITED) C:\Windows\System32\dllcache\f3ab18xi.sys
    2011-12-28 13:21 - 2001-08-17 12:11 - 0011850 ____A (FUJITSU LIMITED) C:\Windows\System32\dllcache\f3ab18xj.sys
    2011-12-28 13:21 - 2001-08-17 12:10 - 0022090 ____A (3Com Corporation) C:\Windows\System32\dllcache\fem556n5.sys
    2011-12-28 13:20 - 2008-04-13 17:12 - 0020992 ____A (Microsoft Corporation) C:\Windows\System32\dllcache\dshowext.ax
    2011-12-28 13:20 - 2008-04-13 11:40 - 0008320 ____A (Microsoft Corporation) C:\Windows\System32\dllcache\dlttape.sys
    2011-12-28 13:20 - 2008-04-13 11:39 - 0206976 ____A (Microsoft Corporation) C:\Windows\System32\dllcache\dot4.sys
    2011-12-28 13:20 - 2004-08-04 20:00 - 0514587 ____A (Microsoft Corporation) C:\Windows\System32\dllcache\edb500.dll
    2011-12-28 13:20 - 2001-08-17 22:36 - 0614429 ____A (Digi International Inc.) C:\Windows\System32\dllcache\digiview.exe
    2011-12-28 13:20 - 2001-08-17 22:36 - 0236060 ____A (Eicon Technology) C:\Windows\System32\dllcache\ditrace.exe
    2011-12-28 13:20 - 2001-08-17 22:36 - 0110621 ____A (Digi International, Inc.) C:\Windows\System32\dllcache\digirlpt.dll
    2011-12-28 13:20 - 2001-08-17 22:36 - 0061952 ____A (Equinox Systems Inc.) C:\Windows\System32\dllcache\eqnloop.exe
    2011-12-28 13:20 - 2001-08-17 22:36 - 0053248 ____A (Equinox Systems Inc.) C:\Windows\System32\dllcache\eqndiag.exe
    2011-12-28 13:20 - 2001-08-17 22:36 - 0051200 ____A (Equinox Systems Inc.) C:\Windows\System32\dllcache\eqnlogr.exe
    2011-12-28 13:20 - 2001-08-17 22:36 - 0038985 ____A (Eicon Technology) C:\Windows\System32\dllcache\disrvsu.dll
    2011-12-28 13:20 - 2001-08-17 22:36 - 0037962 ____A C:\Windows\System32\dllcache\divaprop.dll
    2011-12-28 13:20 - 2001-08-17 22:36 - 0031305 ____A (Eicon Technology) C:\Windows\System32\dllcache\disrvpp.dll
    2011-12-28 13:20 - 2001-08-17 22:36 - 0029768 ____A C:\Windows\System32\dllcache\divasu.dll
    2011-12-28 13:20 - 2001-08-17 22:36 - 0006729 ____A (Eicon Technology) C:\Windows\System32\dllcache\disrvci.dll
    2011-12-28 13:20 - 2001-08-17 22:36 - 0006216 ____A C:\Windows\System32\dllcache\divaci.dll
    2011-12-28 13:20 - 2001-08-17 14:07 - 0020192 ____A (Microsoft Corporation) C:\Windows\System32\dllcache\dpti2o.sys
    2011-12-28 13:20 - 2001-08-17 13:53 - 0007296 ____A (Microsoft Corporation) C:\Windows\System32\dllcache\elmsmc.sys
    2011-12-28 13:20 - 2001-08-17 13:50 - 0144896 ____A (Microsoft Corporation) C:\Windows\System32\dllcache\epcfw2k.sys
    2011-12-28 13:20 - 2001-08-17 13:50 - 0114944 ____A (Microsoft Corporation) C:\Windows\System32\dllcache\epstw2k.sys
    2011-12-28 13:20 - 2001-08-17 13:47 - 0023808 ____A (Microsoft Corporation) C:\Windows\System32\dllcache\dot4usb.sys
    2011-12-28 13:20 - 2001-08-17 13:47 - 0012928 ____A (Microsoft Corporation) C:\Windows\System32\dllcache\dot4prt.sys
    2011-12-28 13:20 - 2001-08-17 13:47 - 0008704 ____A (Microsoft Corporation) C:\Windows\System32\dllcache\dot4scan.sys
    2011-12-28 13:20 - 2001-08-17 13:28 - 0634134 ____A (3Com Corporation) C:\Windows\System32\dllcache\el656ct5.sys
    2011-12-28 13:20 - 2001-08-17 13:28 - 0241206 ____A (3Com Corporation) C:\Windows\System32\dllcache\el656se5.sys
    2011-12-28 13:20 - 2001-08-17 12:20 - 0334208 ____A (Yamaha Corp.) C:\Windows\System32\dllcache\ds1wdm.sys
    2011-12-28 13:20 - 2001-08-17 12:19 - 0283904 ____A (Creative Technology Ltd.) C:\Windows\System32\dllcache\emu10k1m.sys
    2011-12-28 13:20 - 2001-08-17 12:19 - 0040704 ____A (Creative Technology Ltd.) C:\Windows\System32\dllcache\es1371mp.sys
    2011-12-28 13:20 - 2001-08-17 12:19 - 0037120 ____A (Creative Technology Ltd.) C:\Windows\System32\dllcache\es1370mp.sys
    2011-12-28 13:20 - 2001-08-17 12:17 - 0629952 ____A (Equinox Systems Inc.) C:\Windows\System32\dllcache\eqn.sys
    2011-12-28 13:20 - 2001-08-17 12:17 - 0042432 ____A (Digi International, Inc.) C:\Windows\System32\dllcache\digirlpt.sys
    2011-12-28 13:20 - 2001-08-17 12:14 - 0952007 ____A (Eicon Technology) C:\Windows\System32\dllcache\diwan.sys
    2011-12-28 13:20 - 2001-08-17 12:14 - 0021606 ____A (Digi International Inc.) C:\Windows\System32\dllcache\digiisdn.sys
    2011-12-28 13:20 - 2001-08-17 12:13 - 0091305 ____A (Eicon Technology) C:\Windows\System32\dllcache\dimaint.sys
    2011-12-28 13:20 - 2001-08-17 12:12 - 0117760 ____A (Intel Corporation) C:\Windows\System32\dllcache\e100b325.sys
    2011-12-28 13:20 - 2001-08-17 12:12 - 0050719 ____A (Intel Corporation) C:\Windows\System32\dllcache\e1000nt5.sys
    2011-12-28 13:20 - 2001-08-17 12:12 - 0028062 ____A (National Semiconductor Coproration) C:\Windows\System32\dllcache\dp83820.sys
    2011-12-28 13:20 - 2001-08-17 12:12 - 0019594 ____A (Intel Corporation) C:\Windows\System32\dllcache\e100isa4.sys
    2011-12-28 13:20 - 2001-08-17 12:12 - 0018503 ____A (Intel Corporation) C:\Windows\System32\dllcache\epro4.sys
    2011-12-28 13:20 - 2001-08-17 12:11 - 0455199 ____A (3Com Corporation.) C:\Windows\System32\dllcache\el985n51.sys
    2011-12-28 13:20 - 2001-08-17 12:11 - 0171520 ____A (3Com Corporation) C:\Windows\System32\dllcache\el99xn51.sys
    2011-12-28 13:20 - 2001-08-17 12:11 - 0153631 ____A (3Com Corporation) C:\Windows\System32\dllcache\el90xnd5.sys
    2011-12-28 13:20 - 2001-08-17 12:11 - 0077386 ____A (3Com Corporation) C:\Windows\System32\dllcache\el656nd5.sys
    2011-12-28 13:20 - 2001-08-17 12:11 - 0070174 ____A (3Com Corporation) C:\Windows\System32\dllcache\el98xn5.sys
    2011-12-28 13:20 - 2001-08-17 12:11 - 0069194 ____A (3Com Corporation) C:\Windows\System32\dllcache\el656cd5.sys
    2011-12-28 13:20 - 2001-08-17 12:11 - 0066591 ____A (3Com Corporation) C:\Windows\System32\dllcache\el90xbc5.sys
    2011-12-28 13:20 - 2001-08-17 12:11 - 0029696 ____A (CNet Technology, Inc. ) C:\Windows\System32\dllcache\dm9pci5.sys
    2011-12-28 13:20 - 2001-08-17 12:11 - 0026698 ____A (D-Link Corporation) C:\Windows\System32\dllcache\dlh5xnd5.sys
    2011-12-28 13:20 - 2001-08-17 12:10 - 0069692 ____A (3Com Corporation) C:\Windows\System32\dllcache\el575nd5.sys
    2011-12-28 13:20 - 2001-08-17 12:10 - 0055999 ____A (3Com Corporation) C:\Windows\System32\dllcache\el556nd5.sys
    2011-12-28 13:20 - 2001-08-17 12:10 - 0044103 ____A (3Com Corporation) C:\Windows\System32\dllcache\el515.sys
    2011-12-28 13:20 - 2001-08-17 12:10 - 0026141 ____A (3Com Corporation) C:\Windows\System32\dllcache\el589nd5.sys
    2011-12-28 13:20 - 2001-08-17 12:10 - 0025159 ____A (3Com Corporation) C:\Windows\System32\dllcache\elnk3.sys
    2011-12-28 13:20 - 2001-08-17 12:10 - 0024653 ____A (3Com Corporation) C:\Windows\System32\dllcache\el574nd4.sys
    2011-12-28 13:20 - 2001-08-17 12:10 - 0019996 ____A (3Com Corporation) C:\Windows\System32\dllcache\em556n4.sys
    2011-12-28 13:19 - 2008-04-13 17:11 - 0249856 ____A (Comtrol® Corporation) C:\Windows\System32\dllcache\ctmasetp.dll
    2011-12-28 13:19 - 2008-04-13 17:11 - 0121856 ____A (Microsoft Corporation) C:\Windows\System32\dllcache\camext30.dll
    2011-12-28 13:19 - 2008-04-13 11:40 - 0008192 ____A (Microsoft Corporation) C:\Windows\System32\dllcache\changer.sys
    2011-12-28 13:19 - 2004-08-04 20:00 - 0056320 ____A (Microsoft Corporation) C:\Windows\System32\dllcache\convlog.exe
    2011-12-28 13:19 - 2004-08-04 20:00 - 0054528 ____A (Philips Semiconductors GmbH) C:\Windows\System32\dllcache\cap7146.sys
    2011-12-28 13:19 - 2004-08-04 20:00 - 0033792 ____A (Microsoft Corporation) C:\Windows\System32\dllcache\controt.dll
    2011-12-28 13:19 - 2004-08-04 20:00 - 0020480 ____A (Microsoft Corporation) C:\Windows\System32\dllcache\counters.dll
    2011-12-28 13:19 - 2004-08-04 20:00 - 0018944 ____A (Microsoft Corporation) C:\Windows\System32\dllcache\cprofile.exe
    2011-12-28 13:19 - 2004-08-04 20:00 - 0015872 ____A (Microsoft Corporation) C:\Windows\System32\dllcache\chgport.exe
    2011-12-28 13:19 - 2004-08-04 20:00 - 0014336 ____A (Microsoft Corporation) C:\Windows\System32\dllcache\chgusr.exe
    2011-12-28 13:19 - 2004-08-04 20:00 - 0013312 ____A (Microsoft Corporation) C:\Windows\System32\dllcache\chglogon.exe
    2011-12-28 13:19 - 2004-08-04 20:00 - 0009728 ____A (Microsoft Corporation) C:\Windows\System32\dllcache\change.exe
    2011-12-28 13:19 - 2004-08-03 22:32 - 0048640 ____A (Crystal Semiconductor Corp.) C:\Windows\System32\dllcache\cwrwdm.sys
    2011-12-28 13:19 - 2001-08-17 22:37 - 0244224 ____A (Microsoft Corporation) C:\Windows\System32\dllcache\camext20.ax
    2011-12-28 13:19 - 2001-08-17 22:37 - 0116736 ____A (Microsoft Corporation) C:\Windows\System32\dllcache\camext30.ax
    2011-12-28 13:19 - 2001-08-17 22:37 - 0073216 ____A (Microsoft Corporation) C:\Windows\System32\dllcache\camexo20.ax
    2011-12-28 13:19 - 2001-08-17 22:36 - 0419357 ____A (Digi International) C:\Windows\System32\dllcache\dgconfig.dll
    2011-12-28 13:19 - 2001-08-17 22:36 - 0256512 ____A (Creative Technology Ltd.) C:\Windows\System32\dllcache\devcon32.dll
    2011-12-28 13:19 - 2001-08-17 22:36 - 0236032 ____A (Microsoft Corporation) C:\Windows\System32\dllcache\camext20.dll
    2011-12-28 13:19 - 2001-08-17 22:36 - 0229462 ____A (Digi International Inc.) C:\Windows\System32\dllcache\digifwrk.dll
    2011-12-28 13:19 - 2001-08-17 22:36 - 0216064 ____A (COMPAQ Inc.) C:\Windows\System32\dllcache\cpscan.dll
    2011-12-28 13:19 - 2001-08-17 22:36 - 0175104 ____A (Microsoft Corporation) C:\Windows\System32\dllcache\csamsp.dll
    2011-12-28 13:19 - 2001-08-17 22:36 - 0159828 ____A (Digi International Inc.) C:\Windows\System32\dllcache\digihlc.dll
    2011-12-28 13:19 - 2001-08-17 22:36 - 0131156 ____A (Digi International Inc.) C:\Windows\System32\dllcache\digidbp.dll
    2011-12-28 13:19 - 2001-08-17 22:36 - 0110592 ____A (Microsoft Corporation) C:\Windows\System32\dllcache\dc260usd.dll
    2011-12-28 13:19 - 2001-08-17 22:36 - 0102484 ____A (Digi International Inc.) C:\Windows\System32\dllcache\digiinf.dll
    2011-12-28 13:19 - 2001-08-17 22:36 - 0086016 ____A (Microsoft Corporation) C:\Windows\System32\dllcache\dc240usd.dll
    2011-12-28 13:19 - 2001-08-17 22:36 - 0080896 ____A (Microsoft Corporation) C:\Windows\System32\dllcache\dc210usd.dll
    2011-12-28 13:19 - 2001-08-17 22:36 - 0074240 ____A (Microsoft Corporation) C:\Windows\System32\dllcache\camexo20.dll
    2011-12-28 13:19 - 2001-08-17 22:36 - 0065622 ____A (Digi International Inc.) C:\Windows\System32\dllcache\digiasyn.dll
    2011-12-28 13:19 - 2001-08-17 22:36 - 0044032 ____A (Microsoft Corporation) C:\Windows\System32\dllcache\cnusd.dll
    2011-12-28 13:19 - 2001-08-17 22:36 - 0041046 ____A (Digi International Inc.) C:\Windows\System32\dllcache\digiisdn.dll
    2011-12-28 13:19 - 2001-08-17 22:36 - 0032256 ____A (Eicon Technology Corporation) C:\Windows\System32\dllcache\diapi2NT.dll
    2011-12-28 13:19 - 2001-08-17 22:36 - 0028672 ____A (Microsoft Corporation) C:\Windows\System32\dllcache\cyycoins.dll
    2011-12-28 13:19 - 2001-08-17 22:36 - 0027648 ____A (Microsoft Corporation) C:\Windows\System32\dllcache\cyzports.dll
    2011-12-28 13:19 - 2001-08-17 22:36 - 0027648 ____A (Microsoft Corporation) C:\Windows\System32\dllcache\cyyports.dll
    2011-12-28 13:19 - 2001-08-17 22:36 - 0027136 ____A (Microsoft Corporation) C:\Windows\System32\dllcache\cyzcoins.dll
    2011-12-28 13:19 - 2001-08-17 22:36 - 0025600 ____A (Microsoft Corporation) C:\Windows\System32\dllcache\dc210_32.dll
    2011-12-28 13:19 - 2001-08-17 22:36 - 0024064 ____A (Creative Technology Ltd.) C:\Windows\System32\dllcache\devldr32.exe
    2011-12-28 13:19 - 2001-08-17 22:36 - 0004096 ____A (Creative Technology Ltd.) C:\Windows\System32\dllcache\ctwdm32.dll
    2011-12-28 13:19 - 2001-08-17 14:56 - 0170880 ____A (Microsoft Corporation) C:\Windows\System32\dllcache\cl546x.dll
    2011-12-28 13:19 - 2001-08-17 14:56 - 0111232 ____A (Microsoft Corporation) C:\Windows\System32\dllcache\cl5465.dll
    2011-12-28 13:19 - 2001-08-17 14:56 - 0091264 ____A (Microsoft Corporation) C:\Windows\System32\dllcache\cirrus.dll
    2011-12-28 13:19 - 2001-08-17 14:05 - 0314752 ____A (Microsoft Corporation) C:\Windows\System32\dllcache\camdro21.sys
    2011-12-28 13:19 - 2001-08-17 14:04 - 0223232 ____A (Microsoft Corporation) C:\Windows\System32\dllcache\camdrv21.sys
    2011-12-28 13:19 - 2001-08-17 14:04 - 0171264 ____A (Microsoft Corporation) C:\Windows\System32\dllcache\camdrv30.sys
    2011-12-28 13:19 - 2001-08-17 14:02 - 0272640 ____A (RAVISENT Technologies Inc.) C:\Windows\System32\dllcache\cinemclc.sys
    2011-12-28 13:19 - 2001-08-17 13:57 - 0248064 ____A (Microsoft Corporation) C:\Windows\System32\dllcache\cl546xm.sys
    2011-12-28 13:19 - 2001-08-17 13:57 - 0045696 ____A (Microsoft Corporation) C:\Windows\System32\dllcache\cirrus.sys
    2011-12-28 13:19 - 2001-08-17 13:52 - 0179584 ____A (Mylex Corporation) C:\Windows\System32\dllcache\dac2w2k.sys
    2011-12-28 13:19 - 2001-08-17 13:52 - 0014976 ____A (Microsoft Corporation) C:\Windows\System32\dllcache\cpqarray.sys
    2011-12-28 13:19 - 2001-08-17 13:52 - 0014720 ____A (Microsoft Corporation) C:\Windows\System32\dllcache\dac960nt.sys
    2011-12-28 13:19 - 2001-08-17 13:52 - 0007680 ____A (Microsoft Corporation) C:\Windows\System32\dllcache\cd20xrnt.sys
    2011-12-28 13:19 - 2001-08-17 13:52 - 0007424 ____A (Microsoft Corporation) C:\Windows\System32\dllcache\ddsmc.sys
    2011-12-28 13:19 - 2001-08-17 13:51 - 0020736 ____A (OMNIKEY AG) C:\Windows\System32\dllcache\cmbp0wdm.sys
    2011-12-28 13:19 - 2001-08-17 13:51 - 0006656 ____A (CMD Technology, Inc.) C:\Windows\System32\dllcache\cmdide.sys
    2011-12-28 13:19 - 2001-08-17 13:50 - 0050176 ____A (Microsoft Corporation) C:\Windows\System32\dllcache\cyyport.sys
    2011-12-28 13:19 - 2001-08-17 13:50 - 0049792 ____A (Microsoft Corporation) C:\Windows\System32\dllcache\cyzport.sys
    2011-12-28 13:19 - 2001-08-17 13:50 - 0017152 ____A (Microsoft Corporation) C:\Windows\System32\dllcache\cyclad-z.sys
    2011-12-28 13:19 - 2001-08-17 13:50 - 0014848 ____A (Microsoft Corporation) C:\Windows\System32\dllcache\cyclom-y.sys
    2011-12-28 13:19 - 2001-08-17 13:28 - 0714698 ____A (Xircom, Inc.) C:\Windows\System32\dllcache\cbmdmkxx.sys
    2011-12-28 13:19 - 2001-08-17 12:19 - 0111872 ____A (Crystal Semiconductor Corp.) C:\Windows\System32\dllcache\cwcspud.sys
    2011-12-28 13:19 - 2001-08-17 12:19 - 0096256 ____A (Copyright (C) Creative Technology Ltd. 1994-2001) C:\Windows\System32\dllcache\ctlsb16.sys
    2011-12-28 13:19 - 2001-08-17 12:19 - 0093952 ____A (Crystal Semiconductor Corp.) C:\Windows\System32\dllcache\cwcwdm.sys
    2011-12-28 13:19 - 2001-08-17 12:19 - 0072832 ____A (Crystal Semiconductor Corp.) C:\Windows\System32\dllcache\cwbwdm.sys
    2011-12-28 13:19 - 2001-08-17 12:19 - 0042112 ____A (Conexant Systems Inc.) C:\Windows\System32\dllcache\crtaud.sys
    2011-12-28 13:19 - 2001-08-17 12:19 - 0006912 ____A (Creative Technology Ltd.) C:\Windows\System32\dllcache\ctlfacem.sys
    2011-12-28 13:19 - 2001-08-17 12:19 - 0003712 ____A (Creative Technology Ltd.) C:\Windows\System32\dllcache\ctljystk.sys
    2011-12-28 13:19 - 2001-08-17 12:19 - 0003584 ____A (Crystal Semiconductor Corp.) C:\Windows\System32\dllcache\cwcosnt5.sys
    2011-12-28 13:19 - 2001-08-17 12:19 - 0003072 ____A (Crystal Semiconductor Corp.) C:\Windows\System32\dllcache\cwbmidi.sys
    2011-12-28 13:19 - 2001-08-17 12:19 - 0003072 ____A (Crystal Semiconductor Corp.) C:\Windows\System32\dllcache\cwbase.sys
    2011-12-28 13:19 - 2001-08-17 12:17 - 0090525 ____A (Digi International Inc.) C:\Windows\System32\dllcache\digifep5.sys
    2011-12-28 13:19 - 2001-08-17 12:17 - 0029531 ____A (Digi International Inc.) C:\Windows\System32\dllcache\dgapci.sys
    2011-12-28 13:19 - 2001-08-17 12:13 - 0980034 ____A (Xircom) C:\Windows\System32\dllcache\cicap.sys
    2011-12-28 13:19 - 2001-08-17 12:13 - 0164923 ____A (Eicon Technology) C:\Windows\System32\dllcache\diapi2.sys
    2011-12-28 13:19 - 2001-08-17 12:13 - 0103044 ____A (Digi International Inc.) C:\Windows\System32\dllcache\digidxb.sys
    2011-12-28 13:19 - 2001-08-17 12:13 - 0049182 ____A (Xircom, Inc.) C:\Windows\System32\dllcache\cem56n5.sys
    2011-12-28 13:19 - 2001-08-17 12:13 - 0046108 ____A (Xircom, Inc.) C:\Windows\System32\dllcache\cben5.sys
    2011-12-28 13:19 - 2001-08-17 12:13 - 0037735 ____A (Digi International Inc.) C:\Windows\System32\dllcache\digiasyn.sys
    2011-12-28 13:19 - 2001-08-17 12:13 - 0027164 ____A (Xircom, Inc.) C:\Windows\System32\dllcache\ce3n5.sys
    2011-12-28 13:19 - 2001-08-17 12:13 - 0022044 ____A (Xircom, Inc.) C:\Windows\System32\dllcache\cem33n5.sys
    2011-12-28 13:19 - 2001-08-17 12:13 - 0022044 ____A (Xircom, Inc.) C:\Windows\System32\dllcache\cem28n5.sys
    2011-12-28 13:19 - 2001-08-17 12:13 - 0021533 ____A (Compaq Computer Corporation) C:\Windows\System32\dllcache\cpqndis5.sys
    2011-12-28 13:19 - 2001-08-17 12:13 - 0021530 ____A (Xircom, Inc.) C:\Windows\System32\dllcache\ce2n5.sys
    2011-12-28 13:19 - 2001-08-17 12:12 - 0117760 ____A (Intel Corporation) C:\Windows\System32\dllcache\d100ib5.sys
    2011-12-28 13:19 - 2001-08-17 12:12 - 0063208 ____A (Intel Corporation.) C:\Windows\System32\dllcache\dc21x4.sys
    2011-12-28 13:19 - 2001-08-17 12:12 - 0039680 ____A (Silicom Ltd.) C:\Windows\System32\dllcache\cb325.sys
    2011-12-28 13:19 - 2001-08-17 12:12 - 0037916 ____A (Fast Ethernet Controller Provider) C:\Windows\System32\dllcache\cb102.sys
    2011-12-28 13:19 - 2001-08-17 12:11 - 0060970 ____A (Compaq Computer Corp.) C:\Windows\System32\dllcache\cpqtrnd5.sys
    2011-12-28 13:19 - 2001-08-17 12:11 - 0039936 ____A (Conexant Systems, Inc.) C:\Windows\System32\dllcache\cnxt1803.sys
    2011-12-28 13:19 - 2001-08-17 12:11 - 0024649 ____A (D-Link) C:\Windows\System32\dllcache\dfe650d.sys
    2011-12-28 13:19 - 2001-08-17 12:11 - 0024648 ____A (D-Link) C:\Windows\System32\dllcache\dfe650.sys
    2011-12-28 13:19 - 2001-08-17 12:11 - 0020928 ____A (Digital Networks, LLC) C:\Windows\System32\dllcache\defpa.sys
    2011-12-28 13:18 - 2008-04-13 11:46 - 0048128 ____A (Microsoft Corporation) C:\Windows\System32\dllcache\61883.sys
    2011-12-28 13:18 - 2008-04-13 11:46 - 0038912 ____A (Microsoft Corporation) C:\Windows\System32\dllcache\avc.sys
    2011-12-28 13:18 - 2008-04-13 11:46 - 0013696 ____A (Microsoft Corporation) C:\Windows\System32\dllcache\avcstrm.sys
    2011-12-28 13:18 - 2008-04-13 11:40 - 0012288 ____A (Microsoft Corporation) C:\Windows\System32\dllcache\4mmdat.sys
    2011-12-28 13:18 - 2004-08-04 20:00 - 0187938 ____A C:\Windows\System32\dllcache\c_20005.nls
    2011-12-28 13:18 - 2004-08-04 20:00 - 0186402 ____A C:\Windows\System32\dllcache\c_20001.nls
    2011-12-28 13:18 - 2004-08-04 20:00 - 0185378 ____A C:\Windows\System32\dllcache\c_20003.nls
    2011-12-28 13:18 - 2004-08-04 20:00 - 0180258 ____A C:\Windows\System32\dllcache\c_20004.nls
    2011-12-28 13:18 - 2004-08-04 20:00 - 0173602 ____A C:\Windows\System32\dllcache\c_20002.nls
    2011-12-28 13:18 - 2004-08-04 20:00 - 0066594 ____A C:\Windows\System32\dllcache\c_858.nls
    2011-12-28 13:18 - 2004-08-04 20:00 - 0066082 ____A C:\Windows\System32\dllcache\c_870.nls
    2011-12-28 13:18 - 2004-08-04 20:00 - 0066082 ____A C:\Windows\System32\dllcache\c_21025.nls
    2011-12-28 13:18 - 2004-08-04 20:00 - 0066082 ____A C:\Windows\System32\dllcache\c_20924.nls
    2011-12-28 13:18 - 2004-08-04 20:00 - 0066082 ____A C:\Windows\System32\dllcache\c_20880.nls
    2011-12-28 13:18 - 2004-08-04 20:00 - 0066082 ____A C:\Windows\System32\dllcache\c_20871.nls
    2011-12-28 13:18 - 2004-08-04 20:00 - 0066082 ____A C:\Windows\System32\dllcache\c_20838.nls
    2011-12-28 13:18 - 2004-08-04 20:00 - 0066082 ____A C:\Windows\System32\dllcache\c_20833.nls
    2011-12-28 13:18 - 2004-08-04 20:00 - 0066082 ____A C:\Windows\System32\dllcache\c_20424.nls
    2011-12-28 13:18 - 2004-08-04 20:00 - 0066082 ____A C:\Windows\System32\dllcache\c_20423.nls
    2011-12-28 13:18 - 2004-08-04 20:00 - 0066082 ____A C:\Windows\System32\dllcache\c_20420.nls
    2011-12-28 13:18 - 2004-08-04 20:00 - 0066082 ____A C:\Windows\System32\dllcache\c_20297.nls
    2011-12-28 13:18 - 2004-08-04 20:00 - 0066082 ____A C:\Windows\System32\dllcache\c_20285.nls
    2011-12-28 13:18 - 2004-08-04 20:00 - 0066082 ____A C:\Windows\System32\dllcache\c_20284.nls
    2011-12-28 13:18 - 2004-08-04 20:00 - 0066082 ____A C:\Windows\System32\dllcache\c_20280.nls
    2011-12-28 13:18 - 2004-08-04 20:00 - 0066082 ____A C:\Windows\System32\dllcache\c_20278.nls
    2011-12-28 13:18 - 2004-08-04 20:00 - 0066082 ____A C:\Windows\System32\dllcache\c_20277.nls
    2011-12-28 13:18 - 2004-08-04 20:00 - 0066082 ____A C:\Windows\System32\dllcache\c_20273.nls
    2011-12-28 13:18 - 2004-08-04 20:00 - 0066082 ____A C:\Windows\System32\dllcache\c_20269.nls
    2011-12-28 13:18 - 2004-08-04 20:00 - 0066082 ____A C:\Windows\System32\dllcache\c_20108.nls
    2011-12-28 13:18 - 2004-08-04 20:00 - 0066082 ____A C:\Windows\System32\dllcache\c_20107.nls
    2011-12-28 13:18 - 2004-08-04 20:00 - 0066082 ____A C:\Windows\System32\dllcache\c_20106.nls
    2011-12-28 13:18 - 2004-08-04 20:00 - 0066082 ____A C:\Windows\System32\dllcache\c_20105.nls
    2011-12-28 13:18 - 2004-08-04 20:00 - 0066082 ____A C:\Windows\System32\dllcache\c_1149.nls
    2011-12-28 13:18 - 2004-08-04 20:00 - 0066082 ____A C:\Windows\System32\dllcache\c_1148.nls
    2011-12-28 13:18 - 2004-08-04 20:00 - 0066082 ____A C:\Windows\System32\dllcache\c_1147.nls
    2011-12-28 13:18 - 2004-08-04 20:00 - 0066082 ____A C:\Windows\System32\dllcache\c_1146.nls
    2011-12-28 13:18 - 2004-08-04 20:00 - 0066082 ____A C:\Windows\System32\dllcache\c_1145.nls
    2011-12-28 13:18 - 2004-08-04 20:00 - 0066082 ____A C:\Windows\System32\dllcache\c_1144.nls
    2011-12-28 13:18 - 2004-08-04 20:00 - 0066082 ____A C:\Windows\System32\dllcache\c_1143.nls
    2011-12-28 13:18 - 2004-08-04 20:00 - 0066082 ____A C:\Windows\System32\dllcache\c_1142.nls
    2011-12-28 13:18 - 2004-08-04 20:00 - 0066082 ____A C:\Windows\System32\dllcache\c_1141.nls
    2011-12-28 13:18 - 2004-08-04 20:00 - 0066082 ____A C:\Windows\System32\dllcache\c_1140.nls
    2011-12-28 13:18 - 2004-08-04 20:00 - 0066082 ____A C:\Windows\System32\dllcache\c_1047.nls
    2011-12-28 13:18 - 2004-08-04 20:00 - 0049664 ____A (Microsoft Corporation) C:\Windows\System32\dllcache\adrot.dll
    2011-12-28 13:18 - 2004-08-04 20:00 - 0045568 ____A (Microsoft Corporation) C:\Windows\System32\dllcache\browscap.dll
    2011-12-28 13:18 - 2004-08-04 20:00 - 0029184 ____A (Microsoft Corporation) C:\Windows\System32\dllcache\asptxn.dll
    2011-12-28 13:18 - 2004-08-04 20:00 - 0010240 ____A (Microsoft Corporation) C:\Windows\System32\dllcache\aspperf.dll
    2011-12-28 13:18 - 2004-08-04 20:00 - 0009216 ____A (Microsoft Corporation) C:\Windows\System32\dllcache\authfilt.dll
    2011-12-28 13:18 - 2004-08-04 20:00 - 0007168 ____A (Microsoft Corporation) C:\Windows\System32\dllcache\wamregps.dll
    2011-12-28 13:18 - 2004-08-04 20:00 - 0006144 ____A (Microsoft Corporation) C:\Windows\System32\dllcache\admxprox.dll
    2011-12-28 13:18 - 2004-08-03 22:32 - 0231552 ____A (Acer Laboratories Inc.) C:\Windows\System32\dllcache\ac97ali.sys
    2011-12-28 13:18 - 2004-08-03 22:32 - 0084480 ____A (VIA Technologies, Inc.) C:\Windows\System32\dllcache\ac97via.sys
    2011-12-28 13:18 - 2004-08-03 22:32 - 0010880 ____A (Aureal, Inc.) C:\Windows\System32\dllcache\admjoy.sys
    2011-12-28 13:18 - 2004-08-03 22:31 - 0036224 ____A (ADMtek Incorporated.) C:\Windows\System32\dllcache\an983.sys
    2011-12-28 13:18 - 2001-08-17 22:37 - 0024576 ____A (Microsoft Corporation) C:\Windows\System32\dllcache\agcgauge.ax
    2011-12-28 13:18 - 2001-08-17 22:36 - 0462848 ____A (Aureal Inc.) C:\Windows\System32\dllcache\a3dapi.dll
    2011-12-28 13:18 - 2001-08-17 22:36 - 0144384 ____A (AVM GmbH) C:\Windows\System32\dllcache\avmenum.dll
    2011-12-28 13:18 - 2001-08-17 22:36 - 0102400 ____A (Microsoft Corporation) C:\Windows\System32\dllcache\binlsvc.dll
    2011-12-28 13:18 - 2001-08-17 22:36 - 0098304 ____A (Aureal Semiconductor) C:\Windows\System32\dllcache\a3d.dll
    2011-12-28 13:18 - 2001-08-17 22:36 - 0087552 ____A (AVM GmbH) C:\Windows\System32\dllcache\avmcoxp.dll
    2011-12-28 13:18 - 2001-08-17 22:36 - 0081408 ____A (Microsoft Corporation) C:\Windows\System32\dllcache\brmfcwia.dll
    2011-12-28 13:18 - 2001-08-17 22:36 - 0061440 ____A (Color Flatbed Scanner) C:\Windows\System32\dllcache\acerscad.dll
    2011-12-28 13:18 - 2001-08-17 22:36 - 0045056 ____A (Microsoft Corporation) C:\Windows\System32\dllcache\EXCH_aqadmin.dll
    2011-12-28 13:18 - 2001-08-17 22:36 - 0041472 ____A (Brother Industries, Ltd.) C:\Windows\System32\dllcache\brmfusb.dll
    2011-12-28 13:18 - 2001-08-17 22:36 - 0037376 ____A (Microsoft Corporation) C:\Windows\System32\dllcache\atievxx.exe
    2011-12-28 13:18 - 2001-08-17 22:36 - 0032256 ____A (Brother Industries, Ltd.) C:\Windows\System32\dllcache\brmfrsmg.exe
    2011-12-28 13:18 - 2001-08-17 22:36 - 0029696 ____A (Brother Industries, Ltd.) C:\Windows\System32\dllcache\brmflpt.dll
    2011-12-28 13:18 - 2001-08-17 22:36 - 0019456 ____A (Brother Industries, Ltd.) C:\Windows\System32\dllcache\brbidiif.dll
    2011-12-28 13:18 - 2001-08-17 22:36 - 0015360 ____A (Brother Industries, Ltd.) C:\Windows\System32\dllcache\brmfbidi.dll
    2011-12-28 13:18 - 2001-08-17 22:36 - 0012800 ____A (Brother Industries, Ltd.) C:\Windows\System32\dllcache\brevif.dll
    2011-12-28 13:18 - 2001-08-17 22:36 - 0009728 ____A (Brother Industries, Ltd.) C:\Windows\System32\dllcache\brserif.dll
    2011-12-28 13:18 - 2001-08-17 22:36 - 0009728 ____A (Brother Industries Ltd.) C:\Windows\System32\dllcache\brcoinst.dll
    2011-12-28 13:18 - 2001-08-17 22:36 - 0005632 ____A (Microsoft Corporation) C:\Windows\System32\dllcache\EXCH_adsiisex.dll
    2011-12-28 13:18 - 2001-08-17 22:36 - 0005120 ____A (Brother Industries,Ltd.) C:\Windows\System32\dllcache\brscnrsm.dll
    2011-12-28 13:18 - 2001-08-17 14:56 - 0342336 ____A (3Dfx Interactive, Inc.) C:\Windows\System32\dllcache\banshee.dll
    2011-12-28 13:18 - 2001-08-17 14:56 - 0268160 ____A (ATI Technologies Inc.) C:\Windows\System32\dllcache\atidvai.dll
    2011-12-28 13:18 - 2001-08-17 14:56 - 0137216 ____A (ATI Technologies Inc.) C:\Windows\System32\dllcache\atidrae.dll
    2011-12-28 13:18 - 2001-08-17 14:56 - 0104832 ____A (ATI Technologies Inc.) C:\Windows\System32\dllcache\atiraged.dll
    2011-12-28 13:18 - 2001-08-17 14:56 - 0066048 ____A (Microsoft Corporation) C:\Windows\System32\dllcache\s3legacy.dll
    2011-12-28 13:18 - 2001-08-17 14:55 - 0689216 ____A (3dfx Interactive, Inc.) C:\Windows\System32\dllcache\3dfxvs.dll
    2011-12-28 13:18 - 2001-08-17 14:55 - 0382592 ____A (ATI Technologies Inc.) C:\Windows\System32\dllcache\atidrab.dll
    2011-12-28 13:18 - 2001-08-17 14:55 - 0096128 ____A (Microsoft Corporation) C:\Windows\System32\dllcache\ati.dll
    2011-12-28 13:18 - 2001-08-17 14:55 - 0038400 ____A (Microsoft Corporation) C:\Windows\System32\dllcache\8514a.dll
    2011-12-28 13:18 - 2001-08-17 14:07 - 0101888 ____A (Microsoft Corporation) C:\Windows\System32\dllcache\adpu160m.sys
    2011-12-28 13:18 - 2001-08-17 14:07 - 0056960 ____A (Microsoft Corporation) C:\Windows\System32\dllcache\aic78xx.sys
    2011-12-28 13:18 - 2001-08-17 14:07 - 0055168 ____A (Microsoft Corporation) C:\Windows\System32\dllcache\aic78u2.sys
    2011-12-28 13:18 - 2001-08-17 14:06 - 0011264 ____A (Microsoft Corporation) C:\Windows\System32\dllcache\1394vdbg.sys
    2011-12-28 13:18 - 2001-08-17 14:01 - 0036096 ____A (Microsoft Corporation) C:\Windows\System32\dllcache\avcaudio.sys
    2011-12-28 13:18 - 2001-08-17 13:57 - 0077568 ____A (ATI Technologies, Inc.) C:\Windows\System32\dllcache\ati.sys
    2011-12-28 13:18 - 2001-08-17 13:53 - 0007424 ____A (Microsoft Corporation) C:\Windows\System32\dllcache\adicvls.sys
    2011-12-28 13:18 - 2001-08-17 13:52 - 0026496 ____A (Advanced System Products, Inc.) C:\Windows\System32\dllcache\asc.sys
    2011-12-28 13:18 - 2001-08-17 13:52 - 0023552 ____A (Microsoft Corporation) C:\Windows\System32\dllcache\abp480n5.sys
    2011-12-28 13:18 - 2001-08-17 13:52 - 0022400 ____A (Microsoft Corporation) C:\Windows\System32\dllcache\asc3350p.sys
    2011-12-28 13:18 - 2001-08-17 13:52 - 0012800 ____A (Microsoft Corporation) C:\Windows\System32\dllcache\aha154x.sys
    2011-12-28 13:18 - 2001-08-17 13:52 - 0012032 ____A (Microsoft Corporation) C:\Windows\System32\dllcache\amsint.sys
    2011-12-28 13:18 - 2001-08-17 13:51 - 0014848 ____A (Advanced System Products, Inc.) C:\Windows\System32\dllcache\asc3550.sys
    2011-12-28 13:18 - 2001-08-17 13:51 - 0013824 ____A (Microsoft Corporation) C:\Windows\System32\dllcache\bulltlp3.sys
    2011-12-28 13:18 - 2001-08-17 13:49 - 0026624 ____A (Acer Laboratories Inc.) C:\Windows\System32\dllcache\alifir.sys
    2011-12-28 13:18 - 2001-08-17 13:47 - 0006272 ____A (Microsoft Corporation) C:\Windows\System32\dllcache\apmbatt.sys
    2011-12-28 13:18 - 2001-08-17 13:28 - 0871388 ____A (BCM) C:\Windows\System32\dllcache\bcmdm.sys
    2011-12-28 13:18 - 2001-08-17 13:28 - 0762780 ____A (3Com, Inc.) C:\Windows\System32\dllcache\3cwmcru.sys
    2011-12-28 13:18 - 2001-08-17 13:12 - 0060416 ____A (Brother Industries Ltd.) C:\Windows\System32\dllcache\brserwdm.sys
    2011-12-28 13:18 - 2001-08-17 13:12 - 0039552 ____A (Brother Industries Ltd.) C:\Windows\System32\dllcache\brparwdm.sys
    2011-12-28 13:18 - 2001-08-17 13:12 - 0012160 ____A (Brother Industries, Ltd.) C:\Windows\System32\dllcache\brfiltlo.sys
    2011-12-28 13:18 - 2001-08-17 13:12 - 0011008 ____A (Brother Industries Ltd.) C:\Windows\System32\dllcache\brusbmdm.sys
    2011-12-28 13:18 - 2001-08-17 13:12 - 0010368 ____A (Brother Industries Ltd.) C:\Windows\System32\dllcache\brusbscn.sys
    2011-12-28 13:18 - 2001-08-17 13:12 - 0003968 ____A (Brother Industries, Ltd.) C:\Windows\System32\dllcache\brfiltup.sys
    2011-12-28 13:18 - 2001-08-17 13:12 - 0003168 ____A (Brother Industries Ltd.) C:\Windows\System32\dllcache\brparimg.sys
    2011-12-28 13:18 - 2001-08-17 13:12 - 0002944 ____A (Brother Industries Ltd.) C:\Windows\System32\dllcache\brfilt.sys
    2011-12-28 13:18 - 2001-08-17 12:49 - 0075136 ____A (ATI Technologies Inc.) C:\Windows\System32\dllcache\atimpae.sys
    2011-12-28 13:18 - 2001-08-17 12:49 - 0049920 ____A C:\Windows\System32\dllcache\atirtcap.sys
    2011-12-28 13:18 - 2001-08-17 12:49 - 0046464 ____A C:\Windows\System32\dllcache\atibt829.sys
    2011-12-28 13:18 - 2001-08-17 12:49 - 0026880 ____A C:\Windows\System32\dllcache\atirtsnd.sys
    2011-12-28 13:18 - 2001-08-17 12:49 - 0026624 ____A C:\Windows\System32\dllcache\ativxbar.sys
    2011-12-28 13:18 - 2001-08-17 12:49 - 0023552 ____A C:\Windows\System32\dllcache\atixbar.sys
    2011-12-28 13:18 - 2001-08-17 12:49 - 0019456 ____A C:\Windows\System32\dllcache\ativttxx.sys
    2011-12-28 13:18 - 2001-08-17 12:49 - 0017152 ____A C:\Windows\System32\dllcache\atitvsnd.sys
    2011-12-28 13:18 - 2001-08-17 12:49 - 0017152 ____A C:\Windows\System32\dllcache\atitunep.sys
    2011-12-28 13:18 - 2001-08-17 12:49 - 0010240 ____A C:\Windows\System32\dllcache\atipcxxx.sys
    2011-12-28 13:18 - 2001-08-17 12:49 - 0009472 ____A C:\Windows\System32\dllcache\ativmdcd.sys
    2011-12-28 13:18 - 2001-08-17 12:48 - 0289664 ____A (ATI Technologies Inc.) C:\Windows\System32\dllcache\atimpab.sys
    2011-12-28 13:18 - 2001-08-17 12:48 - 0281600 ____A (ATI Technologies Inc.) C:\Windows\System32\dllcache\atimtai.sys
    2011-12-28 13:18 - 2001-08-17 12:48 - 0148352 ____A (3dfx Interactive, Inc.) C:\Windows\System32\dllcache\3dfxvsm.sys
    2011-12-28 13:18 - 2001-08-17 12:48 - 0070528 ____A (ATI Technologies Inc.) C:\Windows\System32\dllcache\atiragem.sys
    2011-12-28 13:18 - 2001-08-17 12:48 - 0036128 ____A (3Dfx Interactive, Inc.) C:\Windows\System32\dllcache\banshee.sys
    2011-12-28 13:18 - 2001-08-17 12:20 - 0297728 ____A (Silicon Integrated Systems Corp.) C:\Windows\System32\dllcache\ac97sis.sys
    2011-12-28 13:18 - 2001-08-17 12:20 - 0096256 ____A (Intel Corporation) C:\Windows\System32\dllcache\ac97intc.sys
    2011-12-28 13:18 - 2001-08-17 12:19 - 0747392 ____A (Aureal, Inc.) C:\Windows\System32\dllcache\adm8830.sys
    2011-12-28 13:18 - 2001-08-17 12:19 - 0584448 ____A (Aureal, Inc.) C:\Windows\System32\dllcache\adm8810.sys
    2011-12-28 13:18 - 2001-08-17 12:19 - 0553984 ____A (Aureal, Inc.) C:\Windows\System32\dllcache\adm8820.sys
    2011-12-28 13:18 - 2001-08-17 12:19 - 0036992 ____A (Aztech Systems Ltd) C:\Windows\System32\dllcache\aztw2320.sys
    2011-12-28 13:18 - 2001-08-17 12:13 - 0089952 ____A (AVM GmbH) C:\Windows\System32\dllcache\b1cbase.sys
    2011-12-28 13:18 - 2001-08-17 12:13 - 0037568 ____A (AVM GmbH) C:\Windows\System32\dllcache\avmwan.sys
    2011-12-28 13:18 - 2001-08-17 12:12 - 0097354 ____A (Bay Networks, Inc.) C:\Windows\System32\dllcache\aspndis3.sys
    2011-12-28 13:18 - 2001-08-17 12:11 - 0096640 ____A (Broadcom Corporation) C:\Windows\System32\dllcache\b57xp32.sys
    2011-12-28 13:18 - 2001-08-17 12:11 - 0066557 ____A (Broadcom Corporation) C:\Windows\System32\dllcache\bcm42u.sys
    2011-12-28 13:18 - 2001-08-17 12:11 - 0054271 ____A (Broadcom Corporation) C:\Windows\System32\dllcache\bcm42xx5.sys
    2011-12-28 13:18 - 2001-08-17 12:11 - 0046112 ____A (Adaptec, Inc ) C:\Windows\System32\dllcache\adptsf50.sys
    2011-12-28 13:18 - 2001-08-17 12:11 - 0031529 ____A (BreezeCOM) C:\Windows\System32\dllcache\brzwlan.sys
    2011-12-28 13:18 - 2001-08-17 12:11 - 0027678 ____A (Acer Laboratories Inc.) C:\Windows\System32\dllcache\ali5261.sys
    2011-12-28 13:18 - 2001-08-17 12:11 - 0026568 ____A (Broadcom Corporation) C:\Windows\System32\dllcache\bcm4e5.sys
    2011-12-28 13:18 - 2001-08-17 12:11 - 0020160 ____A (ADMtek Incorporated) C:\Windows\System32\dllcache\adm8511.sys
    2011-12-28 13:18 - 2001-08-17 12:11 - 0016969 ____A (AmbiCom, Inc.) C:\Windows\System32\dllcache\amb8002.sys
    2011-12-28 13:17 - 2004-08-04 20:00 - 0169984 ____A (Microsoft Corporation) C:\Windows\System32\dllcache\iisui.dll
    2011-12-28 13:17 - 2004-08-04 20:00 - 0094720 ____A (Microsoft Corporation) C:\Windows\System32\dllcache\certmap.ocx
    2011-12-28 13:17 - 2004-08-04 20:00 - 0019968 ____A (Microsoft Corporation) C:\Windows\System32\dllcache\inetsloc.dll
    2011-12-28 13:17 - 2004-08-04 20:00 - 0014336 ____A (Microsoft Corporation) C:\Windows\System32\dllcache\iisreset.exe
    2011-12-28 13:17 - 2004-08-04 20:00 - 0007680 ____A (Microsoft Corporation) C:\Windows\System32\dllcache\inetmgr.exe
    2011-12-28 13:17 - 2004-08-04 20:00 - 0006144 ____A (Microsoft Corporation) C:\Windows\System32\dllcache\ftpsapi2.dll
    2011-12-28 13:17 - 2004-08-04 20:00 - 0005632 ____A (Microsoft Corporation) C:\Windows\System32\dllcache\iisrstap.dll
    2011-12-28 10:45 - 2011-12-28 10:45 - 0262144 ____A C:\Windows\System32\default_user_class.dat
    2011-12-28 10:45 - 2011-12-28 10:45 - 0001024 ___AH C:\Windows\System32\default_user_class.dat.LOG
    2011-12-28 10:43 - 2011-12-29 12:03 - 0000000 ____D C:\Program Files\UPHClean
    2011-12-27 21:12 - 2012-01-03 18:27 - 0018164 ____A C:\Windows\KB942288-v3.log
    2011-12-26 20:17 - 2012-01-02 18:22 - 0000900 ____A C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
    2011-12-26 20:17 - 2011-12-29 12:36 - 0000896 ____A C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
     
  16. 2012/01/05
    Mr Dit

    Mr Dit Inactive Thread Starter

    Joined:
    2012/01/02
    Messages:
    37
    Likes Received:
    0
    3rd (final) section follows:

    ============ 3 Months Modified Files and Folders ===============

    2012-01-05 11:46 - 2004-08-07 20:19 - 1348344 ____A C:\Windows\WindowsUpdate.log
    2012-01-05 11:45 - 2004-08-07 20:19 - 0001158 ____A C:\Windows\System32\wpa.dbl
    2012-01-05 11:44 - 2011-12-30 15:09 - 3183751168 __ASH C:\hiberfil.sys
    2012-01-05 11:44 - 2011-12-29 17:36 - 0112400 ____A C:\Windows\EventSystem.log
    2012-01-05 11:43 - 2004-08-07 20:03 - 0000677 ____A C:\Windows\win.ini
    2012-01-05 11:43 - 2004-08-07 19:57 - 0000211 __ASH C:\boot.ini
    2012-01-05 11:43 - 2004-08-07 12:53 - 0000227 ____A C:\Windows\system.ini
    2012-01-05 11:23 - 2011-11-03 17:27 - 0072872 ____A C:\Windows\setupapi.log
    2012-01-05 11:22 - 2012-01-05 11:22 - 0000000 ____D C:\Program Files\DIFX
    2012-01-05 11:22 - 2012-01-05 11:22 - 0000000 ____D C:\Program Files\ACR38_100_122 PCSC Driver
    2012-01-05 11:22 - 2010-02-14 15:30 - 0000000 ____D C:\Config.Msi
    2012-01-05 11:11 - 2009-12-06 16:12 - 0000000 ____D C:\Program Files\Mozilla Thunderbird
    2012-01-03 18:56 - 2010-01-01 00:33 - 0000000 ____D C:\Program Files\Vuze
    2012-01-03 18:27 - 2011-12-27 21:12 - 0018164 ____A C:\Windows\KB942288-v3.log
    2012-01-03 17:47 - 2008-09-10 16:06 - 0000000 ___SD C:\Windows\Downloaded Program Files
    2012-01-03 17:30 - 2012-01-03 17:30 - 0094208 ____A C:\Windows\Minidump\Mini010312-01.dmp
    2012-01-03 17:30 - 2012-01-03 17:30 - 0000000 ____D C:\Windows\Minidump
    2012-01-03 17:30 - 2011-12-30 10:56 - 0000000 __SHD C:\Windows\CSC
    2012-01-03 16:12 - 2009-12-24 23:23 - 0013030 ____A C:\PDOXUSRS.NET
    2012-01-03 12:23 - 2009-12-08 02:22 - 0000073 ____A C:\Windows\iltwain.ini
    2012-01-03 10:27 - 2012-01-03 10:27 - 0000228 ____A C:\Windows\Tasks\DriverScanner.job
    2012-01-03 10:23 - 2010-04-30 00:30 - 0000000 ____D C:\Program Files\Uniblue
    2012-01-03 10:22 - 2012-01-03 10:22 - 0000000 ____D C:\Program Files\SIW
    2012-01-03 09:44 - 2004-08-07 12:57 - 0000400 ____A C:\Windows\wiadebug.log
    2012-01-03 09:44 - 2004-08-07 12:57 - 0000048 ____A C:\Windows\wiaservc.log
    2012-01-03 08:13 - 2011-11-03 18:19 - 0000000 ____D C:\Windows\System32\Drivers\AVG
    2012-01-02 19:09 - 2012-01-02 19:09 - 0009154 ____A C:\Windows\KB2360937.log
    2012-01-02 19:09 - 2012-01-02 19:09 - 0000816 ____A C:\Windows\updspapi.log
    2012-01-02 19:09 - 2012-01-02 19:09 - 0000000 __HDC C:\Windows\$NtUninstallKB2360937$
    2012-01-02 19:09 - 2011-11-02 17:52 - 0053516 ____A C:\Windows\iis6.log
    2012-01-02 19:09 - 2011-11-02 17:52 - 0053106 ____A C:\Windows\FaxSetup.log
    2012-01-02 19:09 - 2011-11-02 17:52 - 0040572 ____A C:\Windows\ocgen.log
    2012-01-02 19:09 - 2011-11-02 17:52 - 0033188 ____A C:\Windows\tsoc.log
    2012-01-02 19:09 - 2011-11-02 17:52 - 0018899 ____A C:\Windows\comsetup.log
    2012-01-02 19:09 - 2011-11-02 17:52 - 0018658 ____A C:\Windows\msmqinst.log
    2012-01-02 19:09 - 2011-11-02 17:52 - 0013203 ____A C:\Windows\ntdtcsetup.log
    2012-01-02 19:09 - 2011-11-02 17:52 - 0011718 ____A C:\Windows\netfxocm.log
    2012-01-02 19:09 - 2011-11-02 17:52 - 0005164 ____A C:\Windows\MedCtrOC.log
    2012-01-02 19:09 - 2011-11-02 17:52 - 0003234 ____A C:\Windows\ocmsn.log
    2012-01-02 19:09 - 2011-11-02 17:52 - 0003198 ____A C:\Windows\msgsocm.log
    2012-01-02 19:09 - 2011-11-02 17:52 - 0002488 ____A C:\Windows\tabletoc.log
    2012-01-02 19:09 - 2011-11-02 17:52 - 0001355 ____A C:\Windows\imsins.log
    2012-01-02 19:09 - 2008-09-10 16:22 - 0000000 ___HD C:\Windows\$hf_mig$
    2012-01-02 19:06 - 2009-12-06 16:14 - 0000000 ____D C:\Program Files\Registry Mechanic
    2012-01-02 18:22 - 2011-12-26 20:17 - 0000900 ____A C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
    2012-01-02 18:06 - 2011-10-26 06:16 - 0000268 ____A C:\Windows\Tasks\RMSchedule.job
    2012-01-02 18:06 - 2004-08-07 20:19 - 0000006 ___AH C:\Windows\Tasks\SA.DAT
    2012-01-02 17:04 - 2008-09-10 16:21 - 0000000 ___HD C:\Program Files\InstallShield Installation Information
    2012-01-02 17:02 - 2011-12-30 18:15 - 0000000 ____D C:\Pfps
    2012-01-02 17:00 - 2012-01-02 16:45 - 0000000 ____D C:\Program Files\PFPS
    2012-01-02 16:50 - 2012-01-02 16:50 - 0000787 ____A C:\Windows\KB942288-v4.log
    2011-12-31 10:09 - 2011-12-29 13:26 - 0065536 ____A C:\Windows\System32\config\WindowsPowerShell.evt
    2011-12-30 17:59 - 2011-11-30 09:37 - 0000000 ____D C:\Program Files\Common Files\Crystal Decisions
    2011-12-30 15:05 - 2011-11-02 16:19 - 1595284 ____A C:\Windows\ntbtlog.txt
    2011-12-30 15:03 - 2008-09-10 16:06 - 0000000 ____D C:\Windows\security
    2011-12-30 12:13 - 2008-09-10 16:06 - 0000000 ____D C:\Windows\Help
    2011-12-30 10:42 - 2004-08-07 20:07 - 2436888 ____A C:\Windows\System32\FNTCACHE.DAT
    2011-12-30 09:56 - 2004-08-07 20:19 - 0032608 ____A C:\Windows\SchedLgU.Txt
    2011-12-29 19:11 - 2009-08-18 12:46 - 0000000 ____D C:\Program Files\Adobe
    2011-12-29 19:10 - 2009-08-18 12:46 - 0000000 ____D C:\Program Files\Common Files\Adobe
    2011-12-29 17:52 - 2008-09-10 16:06 - 0000000 ____D C:\Windows\System32\Restore
    2011-12-29 14:28 - 2011-12-29 14:28 - 0009744 ____A C:\Windows\KB952069.log
    2011-12-29 14:24 - 2011-12-29 14:24 - 0000637 ____A C:\Windows\KB823980.log
    2011-12-29 14:24 - 2011-12-29 14:24 - 0000532 ____A C:\Windows\xpsp1hfm.log
    2011-12-29 13:47 - 2008-09-10 16:06 - 0000000 ____D C:\Windows\Microsoft.NET
    2011-12-29 13:26 - 2011-12-29 13:26 - 0000183 ____A C:\Windows\spupdsvc.log
    2011-12-29 13:26 - 2011-12-29 13:25 - 0030662 ____A C:\Windows\KB926139-v2.log
    2011-12-29 13:26 - 2011-12-29 13:25 - 0000000 __HDC C:\Windows\$NtUninstallKB926139-v2$
    2011-12-29 13:26 - 2011-11-02 17:52 - 0001393 ____A C:\Windows\imsins.BAK
    2011-12-29 13:25 - 2011-12-29 13:25 - 0000000 ____D C:\Windows\System32\windowspowershell
    2011-12-29 12:36 - 2011-12-26 20:17 - 0000896 ____A C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
    2011-12-29 12:29 - 2011-12-29 12:29 - 0000872 ____A C:\Windows\KB884882.log
    2011-12-29 12:03 - 2011-12-28 10:43 - 0000000 ____D C:\Program Files\UPHClean
    2011-12-29 11:16 - 2011-10-26 06:16 - 0000460 ____A C:\Windows\Tasks\RMSmartUpdate.job
    2011-12-29 10:47 - 2011-11-02 17:52 - 0000906 ____A C:\Windows\setupact.log
    2011-12-29 10:45 - 2011-11-09 19:00 - 0000390 ____A C:\Windows\System32\AppLog.log
    2011-12-28 10:45 - 2011-12-28 10:45 - 0262144 ____A C:\Windows\System32\default_user_class.dat
    2011-12-28 10:45 - 2011-12-28 10:45 - 0001024 ___AH C:\Windows\System32\default_user_class.dat.LOG
    2011-12-28 10:22 - 2009-12-06 16:09 - 0000000 ____D C:\Program Files\Malwarebytes' Anti-Malware
    2011-12-28 10:07 - 2011-01-06 03:38 - 0000000 ____D C:\Program Files\Radio_TV_1
    2011-12-27 20:21 - 2009-11-28 00:51 - 0000000 ____D C:\Windows\pss
    2011-12-26 20:17 - 2009-12-06 16:09 - 0000000 ____D C:\Program Files\Google
    2011-12-22 18:09 - 2011-09-24 06:28 - 0000284 ____A C:\Windows\Tasks\AppleSoftwareUpdate.job
    2011-12-10 15:24 - 2009-12-08 06:14 - 0020464 ____A (Malwarebytes Corporation) C:\Windows\System32\Drivers\mbam.sys
    2011-11-30 09:33 - 2008-09-10 17:30 - 0000000 ____D C:\Windows\Downloaded Installations
    2011-11-30 09:31 - 2004-08-07 20:14 - 0629548 ____A C:\Windows\System32\PerfStringBackup.INI
    2011-11-30 09:30 - 2009-12-07 11:50 - 0000000 ____D C:\Program Files\Microsoft SQL Server
    2011-11-29 21:37 - 2011-09-24 06:20 - 0000664 ____A C:\Windows\System32\d3d9caps.dat
    2011-11-22 20:28 - 2011-11-22 20:28 - 0000000 ____D C:\Program Files\Two Pilots
    2011-11-22 20:28 - 2011-11-22 20:28 - 0000000 ____D C:\Program Files\MakeUp Pilot
    2011-11-22 15:32 - 2008-09-10 16:06 - 0000000 ____D C:\Windows\System32\ias
    2011-11-22 15:11 - 2011-11-22 15:11 - 0000000 ____D C:\Program Files\FileMagnet
    2011-11-16 09:28 - 2009-12-06 16:04 - 0000000 ____D C:\BrightLight 2000
    2011-11-11 18:34 - 2009-12-06 16:12 - 0000000 ____D C:\Program Files\Mozilla Firefox
    2011-11-07 21:28 - 2011-11-07 21:28 - 0056208 ____A (Trusteer Ltd.) C:\Windows\System32\Drivers\RapportKELL.sys
    2011-11-04 16:58 - 2009-11-26 02:04 - 0000000 ____D C:\aPFPS
    2011-11-04 16:12 - 2011-10-05 05:34 - 0000000 ____D C:\Program Files\iTunes
    2011-11-04 16:11 - 2011-10-05 05:34 - 0000000 ____D C:\Program Files\QuickTime
    2011-11-04 16:07 - 2011-10-05 05:34 - 0000000 ____D C:\Program Files\iPod
    2011-11-04 11:09 - 2011-11-03 18:18 - 0000000 ____D C:\Program Files\AVG
    2011-11-03 17:52 - 2011-11-03 17:52 - 0000000 ____D C:\AVG PC Tuneup 2011
    2011-11-02 21:03 - 2011-10-14 20:19 - 0000000 ____D C:\Program Files\Yahoo!
    2011-11-02 17:52 - 2011-11-02 17:52 - 0000000 ____A C:\Windows\setuperr.log
    2011-11-02 17:46 - 2011-11-02 17:46 - 0000000 ____D C:\Program Files\CCleaner
    2011-10-27 18:39 - 2008-09-10 16:57 - 0196608 ____A C:\Windows\System32\config\Credenti.evt
    2011-10-26 06:22 - 2011-07-28 02:37 - 0414368 ____A (Adobe Systems Incorporated) C:\Windows\System32\FlashPlayerCPLApp.cpl
    2011-10-26 06:16 - 2010-07-13 08:39 - 0000000 ____D C:\Program Files\Common Files\PC Tools
    2011-10-26 06:06 - 2011-10-26 06:06 - 0311296 ____A C:\Windows\System32\config\default.rrr
    2011-10-26 06:06 - 2011-10-26 06:04 - 47190016 ____A C:\Windows\System32\config\software.rrr
    2011-10-25 13:44 - 2011-10-26 06:16 - 0037336 ____A C:\Windows\System32\CleanMFT32.exe


    ========================= Known DLLs (Whitelisted) ============


    ========================= Bamital & volsnap Check ============

    C:\Windows\explorer.exe => MD5 is legit

    C:\Windows\System32\winlogon.exe => MD5 is legit

    C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit

    ==================== Restore Points (XP) =====================

    RP: -> 2011-12-30 11:36 - 028672 _restore{A80475B6-CF6D-4B3A-BD21-B16C67DB5304}\RP7

    RP: -> 2011-12-30 11:18 - 028672 _restore{A80475B6-CF6D-4B3A-BD21-B16C67DB5304}\RP5

    RP: -> 2011-12-29 19:14 - 028672 _restore{A80475B6-CF6D-4B3A-BD21-B16C67DB5304}\RP4

    RP: -> 2011-12-29 19:09 - 028672 _restore{A80475B6-CF6D-4B3A-BD21-B16C67DB5304}\RP3

    RP: -> 2012-01-05 11:22 - 028672 _restore{A80475B6-CF6D-4B3A-BD21-B16C67DB5304}\RP27

    RP: -> 2012-01-03 18:28 - 028672 _restore{A80475B6-CF6D-4B3A-BD21-B16C67DB5304}\RP26

    RP: -> 2012-01-03 18:27 - 028672 _restore{A80475B6-CF6D-4B3A-BD21-B16C67DB5304}\RP25

    RP: -> 2012-01-03 09:52 - 028672 _restore{A80475B6-CF6D-4B3A-BD21-B16C67DB5304}\RP24

    RP: -> 2012-01-02 19:09 - 028672 _restore{A80475B6-CF6D-4B3A-BD21-B16C67DB5304}\RP23

    RP: -> 2012-01-02 16:57 - 028672 _restore{A80475B6-CF6D-4B3A-BD21-B16C67DB5304}\RP22

    RP: -> 2012-01-02 16:50 - 028672 _restore{A80475B6-CF6D-4B3A-BD21-B16C67DB5304}\RP21

    RP: -> 2012-01-02 16:44 - 028672 _restore{A80475B6-CF6D-4B3A-BD21-B16C67DB5304}\RP20

    RP: -> 2011-12-29 17:52 - 028672 _restore{A80475B6-CF6D-4B3A-BD21-B16C67DB5304}\RP2

    RP: -> 2012-01-02 16:40 - 028672 _restore{A80475B6-CF6D-4B3A-BD21-B16C67DB5304}\RP19

    RP: -> 2012-01-02 16:31 - 028672 _restore{A80475B6-CF6D-4B3A-BD21-B16C67DB5304}\RP18

    RP: -> 2011-12-30 18:14 - 028672 _restore{A80475B6-CF6D-4B3A-BD21-B16C67DB5304}\RP17

    RP: -> 2011-12-30 17:59 - 028672 _restore{A80475B6-CF6D-4B3A-BD21-B16C67DB5304}\RP16

    RP: -> 2011-12-30 17:59 - 028672 _restore{A80475B6-CF6D-4B3A-BD21-B16C67DB5304}\RP15

    RP: -> 2011-12-30 16:28 - 028672 _restore{A80475B6-CF6D-4B3A-BD21-B16C67DB5304}\RP13

    RP: -> 2011-12-30 12:12 - 028672 _restore{A80475B6-CF6D-4B3A-BD21-B16C67DB5304}\RP12

    RP: -> 2011-12-30 12:03 - 028672 _restore{A80475B6-CF6D-4B3A-BD21-B16C67DB5304}\RP11

    RP: -> 2011-12-30 11:51 - 028672 _restore{A80475B6-CF6D-4B3A-BD21-B16C67DB5304}\RP10


    ========================= Memory info ======================

    Percentage of memory in use: 21%
    Total physical RAM: 3036.19 MB
    Available physical RAM: 2398.11 MB
    Total Pagefile: 5944.17 MB
    Available Pagefile: 5424.43 MB
    Total Virtual: 2047.88 MB
    Available Virtual: 1993.9 MB

    ======================= Partitions =========================

    1 Drive c: () (Fixed) (Total:231.87 GB) (Free:71.2 GB) NTFS
    2 Drive d: (HP_TOOLS) (Fixed) (Total:1 GB) (Free:0.98 GB) FAT32

    The disk management services could not complete the operation.
     
  17. 2012/01/05
    broni

    broni Moderator Malware Analyst

    Joined:
    2002/08/01
    Messages:
    21,701
    Likes Received:
    116
    Download the FixTDSS.exe

    Save the file to your Windows desktop.
    Close all running programs.
    If you are running Windows XP, turn off System Restore. How to turn off or turn on Windows XP System Restore
    Double-click the FixTDSS.exe file to start the removal tool.
    Click Start to begin the process, and then allow the tool to run.
    OK any security prompts.
    Restart the computer when prompted by the tool.
    After the computer has started, the tool will inform you of the state of infection (make sure to let me know what it said)
    If you are running Windows XP, re-enable System Restore.
     
  18. 2012/01/05
    Mr Dit

    Mr Dit Inactive Thread Starter

    Joined:
    2012/01/02
    Messages:
    37
    Likes Received:
    0
    It said, "Infected MBR detected"
    "Repair successful "
     
  19. 2012/01/05
    broni

    broni Moderator Malware Analyst

    Joined:
    2002/08/01
    Messages:
    21,701
    Likes Received:
    116
    Very well.

    Post fresh Bootkit Remover log.

    Then...

    Download aswMBR to your desktop.
    Double click the aswMBR.exe to run it.
    If you see this question: Would you like to download latest Avast! virus definitions?" say "Yes ".
    Click the "Scan" button to start scan.
    On completion of the scan click "Save log ", save it to your desktop and post in your next reply.

    NOTE. aswMBR will create MBR.dat file on your desktop. This is a copy of your MBR. Do NOT delete it.

    ===============================================================

    Please download ComboFix from [color= "Red"]Here[/color] or [color= "#FF0000"]Here[/color] to your Desktop.

    [color= "Blue"]**Note: In the event you already have Combofix, this is a new version that I need you to download. It is important that it is saved directly to your desktop**[/color]
    1. Please, never rename Combofix unless instructed.
    2. Close any open browsers.
    3. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.
      • Very Important! Temporarily disable your anti-virus, script blocking and any anti-malware real-time protection before performing a scan. They can interfere with ComboFix or remove some of its embedded files which may cause "unpredictable results ".
      • Click on [color= "Red"]this link[/color] to see a list of programs that should be disabled. The list is not all inclusive. If yours is not listed and you don't know how to disable it, please ask.
      NOTE1. If Combofix asks you to install Recovery Console, please allow it.
      NOTE 2. If Combofix asks you to update the program, always do so.
      • Close any open browsers.
      • [color= "Red"]WARNING:[/color] Combofix will disconnect your machine from the Internet as soon as it starts
      • Please do not attempt to re-connect your machine back to the Internet until Combofix has completely finished.
      • If there is no internet connection after running Combofix, then restart your computer to restore back your connection.
    4. Double click on combofix.exe & follow the prompts.
    5. When finished, it will produce a report for you.
    6. Please post the "C:\ComboFix.txt"
    **Note 1: Do not mouseclick combofix's window while it's running. That may cause it to stall
    **Note 2 for AVG and CA Internet Security users: ComboFix will not run until AVG/CA Internet Security is uninstalled as a protective measure against the anti-virus. This is because AVG/CA Internet Security "falsely" detects ComboFix (or its embedded files) as a threat and may remove them resulting in the tool not working correctly which in turn can cause "unpredictable results ". Since AVG/CA Internet Security cannot be effectively disabled before running ComboFix, the author recommends you to uninstall AVG/CA Internet Security first.
    Use AppRemover to uninstall it: http://www.appremover.com/
    We can reinstall it when we're done with CF.

    **Note 3: If you receive an error "Illegal operation attempted on a registery key that has been marked for deletion ", restart computer to fix the issue.



    Make sure, you re-enable your security programs, when you're done with Combofix.

    ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

    NOTE.
    If, for some reason, Combofix refuses to run, try one of the following:

    1. Run Combofix from Safe Mode (How to...)

    2. Delete Combofix file, download fresh one, but rename combofix.exe to yourname.exe BEFORE saving it to your desktop.
    Do NOT run it yet.

    Please download and run the below tool named Rkill (courtesy of BleepingComputer.com) which may help allow other programs to run.

    There are 4 different versions. If one of them won't run then download and try to run the other one.

    Vista and Win7 users need to right click Rkill and choose Run as Administrator

    You only need to get one of these to run, not all of them. You may get warnings from your antivirus about this tool, ignore them or shutdown your antivirus.

    Rkill.com
    Rkill.scr
    Rkill.exe

    • Double-click on the Rkill desktop icon to run the tool.
    • If using Vista or Windows 7 right-click on it and choose Run As Administrator.
    • A black DOS box will briefly flash and then disappear. This is normal and indicates the tool ran successfully.
    • If not, delete the file, then download and use the one provided in Link 2.
    • If it does not work, repeat the process and attempt to use one of the remaining links until the tool runs.
    • Do not reboot until instructed.
    • If the tool does not run from any of the links provided, please let me know.

    Once you've gotten one of them to run, immediately run your_name.exe by double clicking on it.

    If normal mode still doesn't work, run BOTH tools from safe mode.

    In case #2, please post BOTH logs, rKill and Combofix.

    DO NOT make any other changes to your computer (like installing programs, using other cleaning tools, etc.), until it's officially declared clean!!!
     
  20. 2012/01/05
    Mr Dit

    Mr Dit Inactive Thread Starter

    Joined:
    2012/01/02
    Messages:
    37
    Likes Received:
    0
    Bootkit Remover
    (c) 2009 Esage Lab
    www.esagelab.com

    Program version: 1.2.0.1
    OS Version: Microsoft Windows XP Professional Service Pack 3 (build 2600)

    System volume is \\.\C:
    \\.\C: -> \\.\PhysicalDrive0 at offset 0x00000000`00007e00
    Boot sector MD5 is: 15288f155f9b90d37dac7f52fe7acd82

    Size Device Name MBR Status
    --------------------------------------------
    232 GB \\.\PhysicalDrive0 Unknown boot code

    Unknown boot code has been found on some of your physical disks.
    To inspect the boot code manually, dump the master boot sector:
    remover.exe dump <device_name> [output_file]
    To disinfect the master boot sector, use the following command:
    remover.exe fix <device_name>


    Done;
    Press any key to quit...
     
  21. 2012/01/05
    broni

    broni Moderator Malware Analyst

    Joined:
    2002/08/01
    Messages:
    21,701
    Likes Received:
    116
    Good.
    Go on....
     

Share This Page

  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.