Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Windows Rights MNGT & SP3 files R wrong..Freezes constantly..


  • This topic is locked This topic is locked
18 replies to this topic

#1 chancelot

chancelot

  • Members
  • 9 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:LOS ANGELES
  • Local time:09:44 AM

Posted 26 June 2012 - 03:48 PM



I HAVE A GATEWAY LT20 X86 BASED PC MINI LAPTOP/NET-BOOK RUNNING WINDOWS XP PRO THAT RAN REALLY WELL AND STARTED SPORADICALLY CRASHING OR FREEZING WHILE ONLY A MAX OF THREE PROGRAMS. IT STARTED TAKING A MUCH LONGER TIME TO BOOT UP, SHUT DOWN, AND STARTING ANY BROWSER OR PROGRAM . IT WAS USUALLY ONLY USED FOR CHECKING EMAIL AND MEDIA (PICTURES AND MUSIC)
THE PAST THREE MONTHS A FRIEND BORROWED IT TO BE ABLE TO GO ONLINE AND STATED IT BEGAN TO HAPPEN MORE FREQUENTLY AND WHEN THE VIRUS PROGRAM REFUSED TO TAKE THE UPDATES SHE RETURNED IT. i THEN REMOVED MICROSOFT SECURITY ESSENTIALS AND REPLACED IT WITH AVG 2012 FOR DAILY VIRUS PROTECTION.





WHAT MY COMPUTER IS DOING :

*FREEZES WITH MORE THAN TWO PROGRAMS RUNNING AND IT HAS TO BE FORCED SHUT OFF IF THE VIRUS PROGRAM TRIES TO SCAN A FILE OR UPDATE WHILE A BROWSER WINDOW IS OPEN

-WHEN IT BOOTS UP A FULL DLL FILE NAME/PATH FLASHES ON THE WINDOWS SCREEN RIGHT BEFORE IT BECOMES THE DESKTOP SCREEN

-WINDOWS UPDATE HAS BEEN TRYING TO UPDATE THE SAME TWO FILES FOR MONTHS2411 NOW AND NO NEW UPDATES HAVE BEEN ATTEMPTED. SAME TWO EVERYDAY BEGIN THE DOWNLOAD PROCESS THEN ILL GET A MESSAGE SAYING THE DOWNLOAD OR INSTAL FAILED AND TRY AGAIN LATER
-WINDOWS XP SECURITY UPDATE (KB241109)
-MICROSOFT OFFICE 2010 32 BIT UPDATE (KB2553141)

-I WAS ORIGINALLY USING MICROSOFT SECURITY ESSENTIALS AS MY ACTIVE VIRUS AND FIREWALL PROTECTION BUT IT KEPT FREEZING NON STOP, AND EVENTUALLY COULD NOT UPDATE. EVERY ATTEMPT ON AND OFFLINE WAS ALWAYS STOPPED BY FREEZING PROGRAM OR COMPUTER. SO I REPLACED IT WITH 2012 AVG

-2012 AVG ALWAYS UPDATES BUT TO RUN A SCAN ALL OTHER FILES MUST BE CLOSED OR THE SCREEN FREEZES AND ANY OPEN FILES ARE REFUSE TO CLOSE AND SOMETIMES EVEN IMPOSSIBLE TO FORCE SHUT DOWN WITH TASK MANAGER. WE NOTICED MOST CRASHES WITH BROWSERS OCCURRED WITH "'IE"" ORR '"FIREFOX"" NOT WITH OPERA OR CHROME. i KNOW IT COULD HAVE BEEN MANY OTHER VARIABLES BUT STILL I STOPPED USING THEM.

*IF A SCHEDULED VIRUS SCANS ATEMPT TO RUN WHILE I AM WORKING ON ANYTHING ...IT FORCES THE AVG INTRFACE TO THE FRONT AND IT WILL ALWAYS FREEZE AND LOCK UP HALFWAY THRU THE TRANSITION. THIS LEAVES A SCREENSHOT THAT AROUND THE ENTIRE OUTSIDE YOU SEE THE AVG INTERFACE BUT THE MIDDLE OF THE SCREEN WOULD BE WHATEVER APPLICATION I WAS USING ITUNES, WORD, PICASSA, ETC. AT FIRST PULLING UP TASK MANAGER AND FORCE QUITTING THE VIRUS PROGRAM WOULD WORK BUT SLOWLY THE "FORCE QUIT" WOULD NOT WORK AND WE WOULD HAVE TO SHUT DOWN. BUT LATELY "CTRL ALT DEL" WOULD NOT EVEN BRING UP TASK MANAGER AND HARD RESETS IS ONLY OPTION.

* ALONG WITH THE FREEZING AND CRASHING THE ENTIRE COMPUTER SEEMED TO GET SLUGGISH AND WORSE WITH EACH PASSING DAY AND MOST NOTICEABLE DURING SHUT DOWN AND BOOT UP.

-ITS CONSTANTLY RUNNING WITH 65+ PROCESSES AND AT CPU LEVEL OF 75-80% AT ALL TIMES.

-IT RANDOMLY CLAIMS FILES HAVE BEEN CHANGED IN WINDOWS RIGHTS MANAGEMENT AND DEMANDS THE WINDOWS XP SERVICE PACK 3 INSTAL DISC. A REQUEST WHICH IS ALWAYS ANSWERED BY AN ATTEMPT TO CLOSE THE DIALOG BOX BY HITTING THE X (IN CASE THIS DIALOG IS PART OF PROBLEM)
BUT THIS ACTION DOES NOT ALWAYS CLOSE THE ORIGINAL BOX
-BUT LAST TWO TIMES I TRIED CLOSING THE ABOVE BOX I IMMEDIATELY GOT THIS DIALOG BOX STATING
THAT WITHOUT THE SERVICE PACK 3 INSTALL DISC I AM ACCEPTING THE NEW FILES TO REPLACE THE OLD AND A CHOICE OF YES OR NO (WITH THE YES HIGHLIGHTED)
BOTH TIMES I HAVE PULLED THESE BOXES TO A CORNER AND RESTART COMPUTER IN FEAR HITTING YES OR NO COULD SPREAD ANYTHING

I AM INCLUDING MY DDS BELOW AND AM ATTACHING THE ATTACH.TEXT, AND AN "AVG COMMAND LINE SCANNER LOG"" AND ""COMBOFIX LOG" (RAN IN SAFE MODE) I ALSO AS PREVIOUSLY STATED HAVE "CURE IT LOG" BUT ITS TOO BIG TO ADD NOW


WHAT IVE DONE TO FIND OR NARROW DOWN THE POSSIBILITIES

I HAVE UPGRADED MY RAM TO THE MAX OF 2GB AND SAW NO REAL NOTICEABLE IMPROVEMENT.

SO I TRIED ANTI MALWARE AND ANTI-ROOT KITS PROGRAMS BY AVG, SPYBOT AND THEY ALL CAME BACK WITH NOTHING BUT AN OCCASIONAL AD-WARE FILE.

I HAVE RAN SEVERAL DEFRAG, DISC CHECK AND UTILITY PROGRAMS TO MAKE SURE IT WASN'T A CLUTTER OR MAINTENANCE ISSUE. IT ALSO HAD NO EFFECT.

I ALSO TRIED THREE UTILITY AND CLEANING PROGRAMS over the last few months SYSTEM MECHANIC, CC CLEANER AND TUNE UP UTILITIES 2012. THEY ALL DID WHAT THEY CLAIMED TO DO BUT IT HAD NO REAL EFFECT ON THE SPEED OR UNSTABILITY OF THE SYSTEM. SINCE IT WASNT THE SOLUTION I UNINSTALLED THOSE PROGRAMS SHORTLY AFTER .
[/sub]
I HAVE BEEN USING AVG 2012 FOR DAILY VIRUS PROTECTION AND HAVE BEEN TRYING SEVERAL RECOMMENDATIONS OF EMERGENCY VIRUS PROGRAMS OVER THE PAST FEW MONTHS SUCH AS AVAST, SYMANTEC,
NORTON,
DOCTOR WEB CURE IT(CURE IT LOG WAS ATTATCHED BUT FILE TOO LARGE BUT IF IT CAN HELP ILL SPLIT IT AND SEND IT)
AVG COMMAND LINE SCANNER (SAFEMODE LOG IS ATTATCHED)
EVERY PROGRAM IVE TRIED CLAIMS THERE NOTHING WRONG AND I DONT KOW WHAT ELSE TO TRY.

I WAS JUST GIVEN "COMBO FIX" FROM A FRIEND AND WAS ONLY INSTRUCTED TO RUN IT IN SAFE MODE. SO I DID. UPON THE LOG COMPLETING I REALIZED I WAS CLUELESS IN UNDERSTANDING THE REPORT, SO I BEGAN SEARCHING FOR ANY GUIDES OR ANY FORM OF EXPLANATION ON HOW TO READ THE REPORTS CORRECTLY.


I INSTEAD FOUND NUMEROUS WARNINGS AND INSTRUCTIONS FOR THE USE OF ACTUAL PROGRAM! THIS IS WHERE MY PART 2 OF QUESTIONS STARTS. I FOLLOWED THE INSTRUCTIONS I WAS GIVEN OF "RUN IT IN SAFE MODE"" ... NOW IM WORRIED ABOUT HOW TO PROCEED SINCE I DID NOT RUN IT THE WAY IT IS INSTRUCTED ONLINE. ARE MY RESULTS ACCURATE? WILLI NEED TO RUN ITAGAIN?



AND DURING THE TEST IT TOLD ME I NEEDED TO INSTALL A RECOVERY CONSOLE BUT THEN IT WAS UNEXPECTED AND I DIDNT HAVE CAPABILITY DUE TO SAFE MODE SO I JUST IGNORED IT AND IT FINISHED.

BUT AFTER READING THE INSTRUCTIONS I SEE I CAN DO IT MANUALLY OR CAN IT ONLY BE DONE WHILE RUNNING THE COMBO FIX? SHOULD I INSTALL IT (CONSOLE) NOW OR RUN TEST AGAIN AND THEN INSTALL OR NONE OF THE ABOVE.

PLEASE HELP ME I DONT KNOW WHAT ELSE TO DO

.
DDS (Ver_2011-08-26.01) - NTFSx86
Internet Explorer: 8.0.6001.18702 BrowserJavaVersion: 10.5.1
Run by chance at 13:55:30 on 2012-06-25
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.2038.1461 [GMT -7:00]
.
.
============== Running Processes ===============
.
C:\PROGRA~1\AVG\AVG2012\avgrsx.exe
C:\Program Files\AVG\AVG2012\avgcsrvx.exe
C:\WINDOWS\system32\svchost.exe -k DcomLaunch
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
svchost.exe
svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\AVG\AVG2012\avgwdsvc.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\WINDOWS\RTHDCPL.EXE
C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTMon.exe
C:\Program Files\Intel\Intel Matrix Storage Manager\iaanotif.exe
C:\Program Files\Common Files\Intuit\Update Service\IntuitUpdateService.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\AVG\AVG2012\avgnsx.exe
C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\system32\igfxpers.exe
C:\Program Files\AVG\AVG2012\avgemcx.exe
C:\WINDOWS\PLFSetL.exe
C:\WINDOWS\system32\igfxsrvc.exe
C:\Program Files\Epson Software\Event Manager\EEventManager.exe
C:\Program Files\AVG\AVG2012\avgtray.exe
C:\Program Files\AVG Secure Search\vprot.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Common Files\Intuit\Update Service v4\IntuitUpdateService.exe
C:\Program Files\Oracle\JavaFX 2.1 Runtime\bin\jqs.exe
C:\Program Files\CDBurnerXP\NMSAccessU.exe
C:\QUALCOMM\QDLService\QDLService.exe
C:\WINDOWS\system32\svchost.exe -k imgsvc
C:\Program Files\UPHClean\uphclean.exe
C:\Program Files\Common Files\AVG Secure Search\vToolbarUpdater\11.1.0\ToolbarUpdater.exe
C:\Program Files\AVG\AVG2012\avgidsagent.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Opera\opera.exe
C:\WINDOWS\System32\svchost.exe -k HTTPFilter
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://www.google.com/
uInternet Settings,ProxyOverride = *.local
uSearchAssistant = hxxp://www.google.com/ie
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: AVG Do Not Track: {31332eef-cb9f-458f-afeb-d30e9a66b6ba} - c:\program files\avg\avg2012\avgdtiex.dll
BHO: BitComet Helper: {39f7e362-828a-4b5a-bcaf-5b79bfdfea60} - c:\program files\bitcomet\tools\BitCometBHO_1.5.4.11.dll
BHO: AVG Safe Search: {3ca2f312-6f6e-4b53-a66e-4e65e497c8c0} - c:\program files\avg\avg2012\avgssie.dll
BHO: Java™ Plug-In SSV Helper: {761497bb-d6f0-462c-b6eb-d4daf1d92d43} - c:\program files\oracle\javafx 2.1 runtime\bin\ssv.dll
BHO: AVG Security Toolbar: {95b7759c-8c7f-4bf1-b163-73684a933233} - c:\program files\avg secure search\11.1.0.7\AVG Secure Search_toolbar.dll
BHO: Google Toolbar Helper: {aa58ed58-01dd-4d91-8333-cf10577473f7} - c:\program files\google\google toolbar\GoogleToolbar_32.dll
BHO: Google Toolbar Notifier BHO: {af69de43-7d58-4638-b6fa-ce66b5ad205d} - c:\program files\google\googletoolbarnotifier\5.7.7227.1100\swg.dll
BHO: Java™ Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\oracle\javafx 2.1 runtime\bin\jp2ssv.dll
BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
TB: Google Toolbar: {2318c2b1-4965-11d4-9b18-009027a5cd4f} - c:\program files\google\google toolbar\GoogleToolbar_32.dll
TB: AVG Security Toolbar: {95b7759c-8c7f-4bf1-b163-73684a933233} - c:\program files\avg secure search\11.1.0.7\AVG Secure Search_toolbar.dll
TB: {21FA44EF-376D-4D53-9B0F-8A89D3229068} - No File
{e7df6bff-55a5-4eb7-a673-4ed3e9456d39}
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
uRun: [Adobe Reader Synchronizer] "c:\program files\adobe\reader 10.0\reader\AdobeCollabSync.exe"
mRun: [IMJPMIG8.1] "c:\windows\ime\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
mRun: [PHIME2002ASync] c:\windows\system32\ime\tintlgnt\TINTSETP.EXE /SYNC
mRun: [PHIME2002A] c:\windows\system32\ime\tintlgnt\TINTSETP.EXE /IMEName
mRun: [RTHDCPL] RTHDCPL.EXE
mRun: [AzMixerSel] c:\program files\realtek\audio\drivers\AzMixerSel.exe
mRun: [IAAnotif] c:\program files\intel\intel matrix storage manager\iaanotif.exe
mRun: [snp2uvc] rundll32.exe c:\windows\system32\csnp2uvc.dll,ResetCIDS
mRun: [SynTPEnh] c:\program files\synaptics\syntp\SynTPEnh.exe
mRun: [IgfxTray] c:\windows\system32\igfxtray.exe
mRun: [HotKeysCmds] c:\windows\system32\hkcmd.exe
mRun: [Persistence] c:\windows\system32\igfxpers.exe
mRun: [PLFSetL] c:\windows\PLFSetL.exe
mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe"
mRun: [EEventManager] "c:\program files\epson software\event manager\EEventManager.exe"
mRun: [AVG_TRAY] "c:\program files\avg\avg2012\avgtray.exe"
mRun: [vProt] "c:\program files\avg secure search\vprot.exe"
mRun: [APSDaemon] "c:\program files\common files\apple\apple application support\APSDaemon.exe"
mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe"
mRun: [SunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe"
dRun: [CTFMON.EXE] c:\windows\system32\CTFMON.EXE
dRun: [DWQueuedReporting] "c:\progra~1\common~1\micros~1\dw\dwtrig20.exe" -t
dRunOnce: [_nltide_3] rundll32 advpack.dll,LaunchINFSectionEx nLite.inf,C,,4,N
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\window~1.lnk - c:\program files\windows desktop search\WindowsSearch.exe
uPolicies-explorer: MaxRecentDocs = 18 (0x12)
uPolicies-explorer: NoSMConfigurePrograms = 1 (0x1)
uPolicies-explorer: NoRecentDocsNetHood = 1 (0x1)
uPolicies-explorer: MemCheckBoxInRunDlg = 1 (0x1)
mPolicies-explorer: NoDesktopCleanupWizard = 1 (0x1)
IE: &D&ownload &with BitComet - c:\program files\bitcomet\BitComet.exe/AddLink.htm
IE: &D&ownload all with BitComet - c:\program files\bitcomet\BitComet.exe/AddAllLink.htm
IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200
IE: {D18A0B52-D63C-4ed0-AFC6-C1E3DC1AF43A} - res://c:\program files\bitcomet\tools\BitCometBHO_1.5.4.11.dll/206
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - c:\program files\windows live\writer\WriterBrowserExtension.dll
IE: {68BCFFE1-A2DA-4B40-9068-87ECBFC19D16} - {68BCFFE1-A2DA-4B40-9068-87ECBFC19D16} - c:\program files\avg\avg2012\avgdtiex.dll
Trusted Zone: intuit.com\ttlc
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_33-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0033-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_33-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_33-windows-i586.cab
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
TCP: DhcpNameServer = 209.18.47.61 209.18.47.62
TCP: Interfaces\{466D0D9B-5292-4F4D-86AF-28AE871003DE} : DhcpNameServer = 209.18.47.61 209.18.47.62
Handler: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - c:\program files\avg\avg2012\avgpp.dll
Handler: viprotocol - {B658800C-F66E-4EF3-AB85-6C0C227862A9} - c:\program files\common files\avg secure search\viprotocolinstaller\11.1.0\ViProtocol.dll
Notify: igfxcui - igfxdev.dll
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll
SEH: Windows Desktop Search Namespace Manager: {56f9679e-7826-4c84-81f3-532071a8bcc5} - c:\program files\windows desktop search\MSNLNamespaceMgr.dll
.
================= FIREFOX ===================
.
FF - ProfilePath - c:\documents and settings\administrator\application data\mozilla\firefox\profiles\zio4ubwt.default\
FF - prefs.js: keyword.URL - hxxp://isearch.avg.com/search?cid=%7B45612aae-bd96-4e28-8ecf-9a557eb348a5%7D&mid=&ds=AVG&v=11.1.0.7&lang=en&pr=fr&d=2012-06-18%2010%3A58%3A51&sap=ku&q=
FF - prefs.js: network.proxy.type - 0
FF - plugin: c:\documents and settings\administrator\application data\mozilla\plugins\npgoogletalk.dll
FF - plugin: c:\documents and settings\administrator\application data\mozilla\plugins\npgtpo3dautoplugin.dll
FF - plugin: c:\documents and settings\administrator\local settings\application data\google\update\1.3.21.111\npGoogleUpdate3.dll
FF - plugin: c:\progra~1\mi1933~1\office14\NPSPWRAP.DLL
FF - plugin: c:\program files\adobe\reader 10.0\reader\air\nppdf32.dll
FF - plugin: c:\program files\common files\avg secure search\sitesafetyinstaller\11.1.0\npsitesafety.dll
FF - plugin: c:\program files\google\picasa3\npPicasa3.dll
FF - plugin: c:\program files\google\update\1.3.21.111\npGoogleUpdate3.dll
FF - plugin: c:\program files\oracle\javafx 2.1 runtime\bin\dtplugin\npdeployJava1.dll
FF - plugin: c:\program files\oracle\javafx 2.1 runtime\bin\plugin2\npjp2.dll
FF - plugin: c:\program files\windows live\photo gallery\NPWLPG.dll
FF - plugin: c:\windows\system32\macromed\flash\NPSWF32_11_3_300_262.dll
.
============= SERVICES / DRIVERS ===============
.
R0 AVGIDSHX;AVGIDSHX;c:\windows\system32\drivers\avgidshx.sys [2012-4-19 24896]
R0 Avgrkx86;AVG Anti-Rootkit Driver;c:\windows\system32\drivers\avgrkx86.sys [2012-1-31 31952]
R0 iastor78;iastor78;c:\windows\system32\drivers\iastor78.sys [2009-1-24 308248]
R1 Avgldx86;AVG AVI Loader Driver;c:\windows\system32\drivers\avgldx86.sys [2012-2-22 235216]
R1 Avgmfx86;AVG Mini-Filter Resident Anti-Virus Shield;c:\windows\system32\drivers\avgmfx86.sys [2011-12-23 41040]
R1 Avgtdix;AVG TDI Driver;c:\windows\system32\drivers\avgtdix.sys [2012-3-19 301248]
R2 AVGIDSAgent;AVGIDSAgent;c:\program files\avg\avg2012\avgidsagent.exe [2012-4-30 5106744]
R2 avgwd;AVG WatchDog;c:\program files\avg\avg2012\avgwdsvc.exe [2012-2-14 193288]
R2 IntuitUpdateServiceV4;Intuit Update Service v4;c:\program files\common files\intuit\update service v4\IntuitUpdateService.exe [2011-8-25 13672]
R2 QDLService;Qualcomm Gobi Download Service;c:\qualcomm\qdlservice\QDLService.exe [2008-11-10 345336]
R2 vToolbarUpdater11.1.0;vToolbarUpdater11.1.0;c:\program files\common files\avg secure search\vtoolbarupdater\11.1.0\ToolbarUpdater.exe [2012-6-19 935480]
R3 AVGIDSDriver;AVGIDSDriver;c:\windows\system32\drivers\avgidsdriverx.sys [2011-12-23 139856]
R3 AVGIDSFilter;AVGIDSFilter;c:\windows\system32\drivers\avgidsfilterx.sys [2011-12-23 24144]
R3 AVGIDSShim;AVGIDSShim;c:\windows\system32\drivers\avgidsshimx.sys [2011-12-23 17232]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\microsoft.net\framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 gupdate;Google Update Service (gupdate);c:\program files\google\update\GoogleUpdate.exe [2012-6-3 136176]
S3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:\windows\system32\macromed\flash\FlashPlayerUpdateService.exe [2012-4-27 250056]
S3 Ambfilt;Ambfilt;c:\windows\system32\drivers\Ambfilt.sys [2011-8-28 1684736]
S3 gupdatem;Google Update Service (gupdatem);c:\program files\google\update\GoogleUpdate.exe [2012-6-3 136176]
S3 L1c;NDIS Miniport Driver for Atheros AR8131/AR8132 PCI-E Ethernet Controller;c:\windows\system32\drivers\l1c51x86.sys [2011-8-28 38912]
S3 MozillaMaintenance;Mozilla Maintenance Service;c:\program files\mozilla maintenance service\maintenanceservice.exe [2012-6-18 129976]
S3 pneteth;PdaNet Broadband;c:\windows\system32\drivers\pneteth.sys [2011-8-28 13312]
S3 pwdrvio;pwdrvio;c:\windows\system32\pwdrvio.sys [2011-8-28 16472]
S3 pwdspio;pwdspio;c:\windows\system32\pwdspio.sys [2011-8-28 11104]
S3 QCFilterGAD;Gobi AD USB Composite Device Filter Driver;c:\windows\system32\drivers\qcfilterGAD.sys [2011-8-28 5248]
S3 qcusbnetGAD;Gobi AD USB-NDIS miniport;c:\windows\system32\drivers\qcusbnetGAD.sys [2011-8-28 115200]
S3 qcusbserGAD;Gobi AD USB Device for Legacy Serial Communication;c:\windows\system32\drivers\qcusbserGAD.sys [2011-8-28 103680]
S3 RSUSBSTOR;RtsUStor.Sys Realtek USB Card Reader;c:\windows\system32\drivers\RtsUStor.sys [2011-9-1 162816]
S3 Rts516xIR;Realtek IR Driver;c:\windows\system32\drivers\rts516xir.sys --> c:\windows\system32\drivers\Rts516xIR.sys [?]
S3 SMSIVZAM5;SMSIVZAM5 NDIS Protocol Driver;c:\progra~1\verizo~1\vzacce~1\SMSIVZAM5.SYS [2009-3-20 32408]
S3 ssadbus;SAMSUNG Android USB Composite Device driver (WDM);c:\windows\system32\drivers\ssadbus.sys [2011-8-28 121192]
S3 TSUsbKey;TSUSbKey.Sys;c:\windows\system32\drivers\TSUsbKey.sys [2012-2-15 9300]
S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\microsoft.net\framework\v4.0.30319\wpf\WPFFontCache_v0400.exe [2010-3-18 753504]
.
=============== Created Last 30 ================
.
2012-06-25 13:40:49 -------- d-----w- c:\program files\Oracle
2012-06-25 11:47:39 -------- d-----w- c:\program files\VideoLAN
2012-06-24 23:38:37 49664 ----a-w- c:\windows\system32\CamCodec.dll
2012-06-24 23:38:37 -------- d-----w- c:\program files\CamStudio 2.6b
2012-06-24 22:57:16 -------- d-----w- c:\documents and settings\administrator\local settings\application data\Apple Computer
2012-06-24 22:56:58 26600 ----a-w- c:\windows\system32\drivers\GEARAspiWDM.sys
2012-06-24 22:56:58 107368 ----a-w- c:\windows\system32\GEARAspi.dll
2012-06-24 22:56:00 -------- d-----w- c:\program files\iPod
2012-06-24 22:55:54 -------- d-----w- c:\program files\iTunes
2012-06-24 22:55:54 -------- d-----w- c:\documents and settings\all users\application data\{429CAD59-35B1-4DBC-BB6D-1DB246563521}
2012-06-24 22:55:04 -------- d-----w- c:\documents and settings\administrator\local settings\application data\Apple
2012-06-24 22:54:47 4547944 ----a-w- c:\windows\system32\usbaaplrc.dll
2012-06-24 22:54:47 43520 ----a-w- c:\windows\system32\drivers\usbaapl.sys
2012-06-24 22:54:21 -------- d-----w- c:\program files\Bonjour
2012-06-24 07:25:34 -------- d-----w- c:\program files\HTC
2012-06-24 04:13:22 -------- d-----w- c:\documents and settings\administrator\local settings\application data\Intuit
2012-06-24 04:10:07 -------- d-----w- c:\documents and settings\administrator\application data\Intuit
2012-06-24 04:10:02 -------- d-----w- c:\program files\common files\AnswerWorks 5.0
2012-06-24 04:05:48 -------- d-----w- c:\documents and settings\administrator\local settings\application data\IsolatedStorage
2012-06-24 04:05:45 -------- d-----w- c:\program files\common files\Intuit
2012-06-24 04:05:14 -------- d-----w- c:\program files\TurboTax
2012-06-24 04:03:52 -------- d-----w- c:\documents and settings\all users\application data\Intuit
2012-06-20 19:07:46 83968 ----a-w- c:\windows\system32\spool\prtprocs\w32x86\CNMPPAT.DLL
2012-06-20 19:07:45 29184 ----a-w- c:\windows\system32\spool\prtprocs\w32x86\CNMPDAT.DLL
2012-06-20 19:07:44 310272 ----a-w- c:\windows\system32\CNMLMAT.DLL
2012-06-20 19:01:40 323584 ----a-w- c:\windows\system32\CNC_ATL.dll
2012-06-20 19:01:40 286720 ----a-w- c:\windows\system32\CNC_ATC.dll
2012-06-20 19:01:40 15872 ----a-w- c:\windows\system32\CNHMCA.dll
2012-06-20 19:01:40 114688 ----a-w- c:\windows\system32\CNC_ATU.dll
2012-06-20 19:01:40 114688 ----a-w- c:\windows\system32\CNC_ATI.dll
2012-06-20 03:41:48 -------- d-----w- c:\windows\system32\cache
2012-06-19 11:15:43 -------- d-----w- c:\program files\BitComet
2012-06-19 09:15:51 -------- d-----w- c:\documents and settings\administrator\application data\TuneUp Software
2012-06-19 09:15:29 -------- d-----w- c:\documents and settings\all users\application data\TuneUp Software
2012-06-19 09:02:36 -------- d-----w- c:\windows\system32\wbem\snmp
2012-06-19 09:02:35 -------- d-----w- c:\windows\system32\xircom
2012-06-19 09:02:35 -------- d-----w- c:\windows\system32\oobe
2012-06-19 09:02:35 -------- d-----w- c:\windows\system32\inetsrv
2012-06-19 09:02:35 -------- d-----w- c:\program files\windows nt
2012-06-19 09:02:35 -------- d-----w- c:\program files\msn gaming zone
2012-06-19 00:16:16 -------- d-----w- c:\documents and settings\administrator\DoctorWeb
2012-06-19 00:01:04 98816 ----a-w- c:\windows\sed.exe
2012-06-19 00:01:04 518144 ----a-w- c:\windows\SWREG.exe
2012-06-19 00:01:04 256000 ----a-w- c:\windows\PEV.exe
2012-06-19 00:01:04 208896 ----a-w- c:\windows\MBR.exe
2012-06-18 21:46:26 476936 ----a-w- c:\windows\system32\npdeployJava1.dll
2012-06-18 18:07:43 -------- d-sh--w- c:\documents and settings\all users\application data\{32364CEA-7855-4A3C-B674-53D8E9B97936}
2012-06-18 18:00:19 -------- d-----w- c:\documents and settings\administrator\application data\AVG2012
2012-06-18 17:59:15 -------- d--h--w- c:\documents and settings\all users\application data\Common Files
2012-06-18 17:59:01 -------- d-----w- c:\documents and settings\administrator\local settings\application data\AVG Secure Search
2012-06-18 17:58:54 -------- d-----w- c:\documents and settings\administrator\application data\AVG Secure Search
2012-06-18 17:58:51 -------- d-----w- c:\documents and settings\all users\application data\AVG Secure Search
2012-06-18 17:58:49 -------- d-----w- c:\program files\common files\AVG Secure Search
2012-06-18 17:58:48 -------- d-----w- c:\program files\AVG Secure Search
2012-06-18 17:57:48 -------- d-----w- c:\windows\system32\drivers\AVG
2012-06-18 17:57:48 -------- d-----w- c:\documents and settings\all users\application data\AVG2012
2012-06-18 17:57:48 -------- d-----w- C:\$AVG
2012-06-18 17:56:50 -------- d-----w- c:\program files\AVG
2012-06-18 17:50:17 -------- d-----w- c:\documents and settings\all users\application data\MFAData
2012-06-18 17:30:36 -------- d-----w- c:\documents and settings\administrator\local settings\application data\Opera
2012-06-15 02:54:05 521728 ------w- c:\windows\system32\dllcache\jsdbgui.dll
.
==================== Find3M ====================
.
2012-06-23 10:50:17 70344 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2012-06-23 10:50:17 426184 ----a-w- c:\windows\system32\FlashPlayerApp.exe
2012-06-02 22:19:44 22040 ----a-w- c:\windows\system32\wucltui.dll.mui
2012-06-02 22:19:38 219160 ----a-w- c:\windows\system32\wuaucpl.cpl
2012-06-02 22:19:38 15384 ----a-w- c:\windows\system32\wuaucpl.cpl.mui
2012-06-02 22:19:34 15384 ----a-w- c:\windows\system32\wuapi.dll.mui
2012-06-02 22:19:30 17944 ----a-w- c:\windows\system32\wuaueng.dll.mui
2012-06-02 22:18:58 275696 ----a-w- c:\windows\system32\mucltui.dll
2012-06-02 22:18:58 214256 ----a-w- c:\windows\system32\muweb.dll
2012-06-02 22:18:58 17136 ----a-w- c:\windows\system32\mucltui.dll.mui
2012-05-31 13:19:37 599552 ----a-w- c:\windows\system32\crypt32.dll
2012-05-16 15:08:26 916992 ----a-w- c:\windows\system32\wininet.dll
2012-05-15 13:27:44 1872128 ----a-w- c:\windows\system32\win32k.sys
2012-05-11 14:42:33 43520 ----a-w- c:\windows\system32\licmgr10.dll
2012-05-11 14:42:33 1469440 ----a-w- c:\windows\system32\inetcpl.cpl
2012-05-11 11:38:02 385024 ----a-w- c:\windows\system32\html.iec
2012-05-05 02:29:50 143872 ----a-w- c:\windows\system32\javacpl.cpl
2012-05-05 02:29:16 687504 ----a-w- c:\windows\system32\deployJava1.dll
2012-05-04 13:24:46 2148352 ----a-w- c:\windows\system32\ntoskrnl.exe
2012-05-04 12:41:08 2026496 ----a-w- c:\windows\system32\ntkrnlpa.exe
2012-05-02 13:45:55 139656 ----a-w- c:\windows\system32\drivers\rdpwd.sys
2012-04-19 11:50:26 24896 ----a-w- c:\windows\system32\drivers\avgidshx.sys
.
============= FINISH: 13:56:21.75 ===============

Attached Files


Edited by chancelot, 26 June 2012 - 10:43 PM.


BC AdBot (Login to Remove)

 


#2 HelpBot

HelpBot

    Bleepin' Binary Bot


  • Bots
  • 12,769 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:12:44 PM

Posted 01 July 2012 - 03:50 PM

Hello and welcome to Bleeping Computer!

I am HelpBot: an automated program designed to help the Bleeping Computer Staff better assist you! This message contains very important information, so please read through all of it before doing anything.

We apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help. No one is ignored here.

To help Bleeping Computer better assist you please perform the following steps:

***************************************************

Posted Image In order to continue receiving help at BleepingComputer.com, YOU MUST tell me if you still need help or if your issue has already been resolved on your own or through another resource! To tell me this, please click on the following link and follow the instructions there.

CLICK THIS LINK >>> http://www.bleepingcomputer.com/logreply/458429 <<< CLICK THIS LINK



If you no longer need help, then all you needed to do was the previous instructions of telling me so. You can skip the rest of this post. If you do need help please continue with Step 2 below.

***************************************************

Posted Image If you still need help, I would like you to post a Reply to this topic (click the "Add Reply" button in the lower right hand of this page). In that reply, please include the following information:

  • If you have not done so already, include a clear description of the problems you're having, along with any steps you may have performed so far.
  • A new DDS and GMER log. For your convenience, you will find the instructions for generating these logs repeated at the bottom of this post.
    • Please do this even if you have previously posted logs for us.
    • If you were unable to produce the logs originally please try once more.
    • If you are unable to create a log please provide detailed information about your installed Windows Operating System including the Version, Edition and if it is a 32bit or a 64bit system.
    • If you are unsure about any of these characteristics just post what you can and we will guide you.
  • Please tell us if you have your original Windows CD/DVD available.
  • Upon completing the above steps and posting a reply, another staff member will review your topic and do their best to resolve your issues.

Thank you for your patience, and again sorry for the delay.

***************************************************

We need to see some information about what is happening in your machine. Please perform the following scan again:

  • Download DDS by sUBs from one of the following links if you no longer have it available. Save it to your desktop.
  • Double click on the DDS icon, allow it to run.
  • A small box will open, with an explanation about the tool. No input is needed, the scan is running.
  • Notepad will open with the results.
  • Follow the instructions that pop up for posting the results.
  • Close the program window, and delete the program from your desktop.
Please note: You may have to disable any script protection running if the scan fails to run. After downloading the tool, disconnect from the internet and disable all antivirus protection. Run the scan, enable your A/V and reconnect to the internet.

Information on A/V control HERE


We also need a new log from the GMER anti-rootkit Scanner.

Please note that if you are running a 64-bit version of Windows, you should not bother creating a GMER log.

Please first disable any CD emulation programs using the steps found in this topic:

Why we request you disable CD Emulation when receiving Malware Removal Advice


Then create another GMER log and post it as an attachment to the reply where you post your new DDS log. Instructions on how to properly create a GMER log can be found here:

How to create a GMER log


As I am just a silly little program running on the BleepingComputer.com servers, please do not send me private messages as I do not know how to read and reply to them! Thanks!

#3 chancelot

chancelot
  • Topic Starter

  • Members
  • 9 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:LOS ANGELES
  • Local time:09:44 AM

Posted 02 July 2012 - 06:11 PM

Attached File  ark.txt   5.69KB   1 downloadsAttached File  attach.zip   5.56KB   1 downloadsAttached File  ark.txt   5.69KB   1 downloads.
DDS (Ver_2011-08-26.01) - NTFSx86
Internet Explorer: 8.0.6001.18702 BrowserJavaVersion: 10.5.1
Run by chance at 13:31:56 on 2012-07-02
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.2038.1431 [GMT -7:00]
.
.
============== Running Processes ===============
.
C:\WINDOWS\system32\svchost.exe -k DcomLaunch
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
svchost.exe
svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\RTHDCPL.EXE
C:\Program Files\Intel\Intel Matrix Storage Manager\iaanotif.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\system32\igfxpers.exe
C:\WINDOWS\system32\igfxsrvc.exe
C:\WINDOWS\PLFSetL.exe
C:\Program Files\Epson Software\Event Manager\EEventManager.exe
C:\Program Files\AVG Secure Search\vprot.exe
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\Program Files\Guard-ICQ\GuardICQ.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Guard-ICQ\GuardICQ.exe
C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTMon.exe
C:\Program Files\ICQ6Toolbar\ICQ Service.exe
C:\Program Files\Common Files\Intuit\Update Service\IntuitUpdateService.exe
C:\Program Files\Common Files\Intuit\Update Service v4\IntuitUpdateService.exe
C:\Program Files\Oracle\JavaFX 2.1 Runtime\bin\jqs.exe
C:\Program Files\CDBurnerXP\NMSAccessU.exe
C:\QUALCOMM\QDLService\QDLService.exe
C:\Program Files\Secunia\PSI\PSIA.exe
C:\WINDOWS\system32\svchost.exe -k imgsvc
C:\Program Files\UPHClean\uphclean.exe
C:\Program Files\Common Files\AVG Secure Search\vToolbarUpdater\11.1.0\ToolbarUpdater.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Secunia\PSI\sua.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\AVG\AVG2012\avgwdsvc.exe
C:\Program Files\AVG\AVG2012\avgtray.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://start.icq.com/sk27211/
uInternet Settings,ProxyOverride = *.local
uSearchAssistant = hxxp://www.google.com/ie
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
uURLSearchHooks: ICQToolBar: {855f3b16-6d32-4fe6-8a56-bbb695989046} - c:\program files\icq6toolbar\ICQToolBar.dll
uURLSearchHooks: H - No File
mURLSearchHooks: ICQToolBar: {855f3b16-6d32-4fe6-8a56-bbb695989046} - c:\program files\icq6toolbar\ICQToolBar.dll
mURLSearchHooks: H - No File
mURLSearchHooks: ICQToolBar: {855f3b16-6d32-4fe6-8a56-bbb695989046} - c:\program files\icq6toolbar\ICQToolBar.dll
mURLSearchHooks: H - No File
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: AVG Do Not Track: {31332eef-cb9f-458f-afeb-d30e9a66b6ba} - c:\program files\avg\avg2012\avgdtiex.dll
BHO: BitComet Helper: {39f7e362-828a-4b5a-bcaf-5b79bfdfea60} - c:\program files\bitcomet\tools\BitCometBHO_1.5.4.11.dll
BHO: AVG Safe Search: {3ca2f312-6f6e-4b53-a66e-4e65e497c8c0} - c:\program files\avg\avg2012\avgssie.dll
BHO: Java™ Plug-In SSV Helper: {761497bb-d6f0-462c-b6eb-d4daf1d92d43} - c:\program files\oracle\javafx 2.1 runtime\bin\ssv.dll
BHO: AVG Security Toolbar: {95b7759c-8c7f-4bf1-b163-73684a933233} - c:\program files\avg secure search\11.1.0.7\AVG Secure Search_toolbar.dll
BHO: Java™ Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\oracle\javafx 2.1 runtime\bin\jp2ssv.dll
BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
TB: AVG Security Toolbar: {95b7759c-8c7f-4bf1-b163-73684a933233} - c:\program files\avg secure search\11.1.0.7\AVG Secure Search_toolbar.dll
TB: ICQToolBar: {855f3b16-6d32-4fe6-8a56-bbb695989046} - c:\program files\icq6toolbar\ICQToolBar.dll
TB: {21FA44EF-376D-4D53-9B0F-8A89D3229068} - No File
TB: {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No File
{e7df6bff-55a5-4eb7-a673-4ed3e9456d39}
EB: ICQToolBar: {855f3b16-6d32-4fe6-8a56-bbb695989046} - c:\program files\icq6toolbar\ICQToolBar.dll
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
uRun: [Adobe Reader Synchronizer] "c:\program files\adobe\reader 10.0\reader\AdobeCollabSync.exe"
uRun: [ICQ] "c:\program files\icq7m\ICQ.exe" silent loginmode=4
mRun: [IMJPMIG8.1] "c:\windows\ime\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
mRun: [PHIME2002ASync] c:\windows\system32\ime\tintlgnt\TINTSETP.EXE /SYNC
mRun: [PHIME2002A] c:\windows\system32\ime\tintlgnt\TINTSETP.EXE /IMEName
mRun: [RTHDCPL] RTHDCPL.EXE
mRun: [AzMixerSel] c:\program files\realtek\audio\drivers\AzMixerSel.exe
mRun: [IAAnotif] c:\program files\intel\intel matrix storage manager\iaanotif.exe
mRun: [snp2uvc] rundll32.exe c:\windows\system32\csnp2uvc.dll,ResetCIDS
mRun: [SynTPEnh] c:\program files\synaptics\syntp\SynTPEnh.exe
mRun: [IgfxTray] c:\windows\system32\igfxtray.exe
mRun: [HotKeysCmds] c:\windows\system32\hkcmd.exe
mRun: [Persistence] c:\windows\system32\igfxpers.exe
mRun: [PLFSetL] c:\windows\PLFSetL.exe
mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe"
mRun: [EEventManager] "c:\program files\epson software\event manager\EEventManager.exe"
mRun: [AVG_TRAY] "c:\program files\avg\avg2012\avgtray.exe"
mRun: [vProt] "c:\program files\avg secure search\vprot.exe"
mRun: [SunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe"
mRun: [Guard.Mail.ru.gui] "c:\program files\guard-icq\GuardICQ.exe" /gui
mRun: [APSDaemon] "c:\program files\common files\apple\apple application support\APSDaemon.exe"
mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe"
dRun: [CTFMON.EXE] c:\windows\system32\CTFMON.EXE
dRun: [DWQueuedReporting] "c:\progra~1\common~1\micros~1\dw\dwtrig20.exe" -t
dRunOnce: [_nltide_3] rundll32 advpack.dll,LaunchINFSectionEx nLite.inf,C,,4,N
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\secuni~1.lnk - c:\program files\secunia\psi\psi_tray.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\window~1.lnk - c:\program files\windows desktop search\WindowsSearch.exe
uPolicies-explorer: MaxRecentDocs = 18 (0x12)
uPolicies-explorer: NoSMConfigurePrograms = 1 (0x1)
uPolicies-explorer: NoRecentDocsNetHood = 1 (0x1)
uPolicies-explorer: MemCheckBoxInRunDlg = 1 (0x1)
mPolicies-explorer: NoDesktopCleanupWizard = 1 (0x1)
IE: &D&ownload &with BitComet - c:\program files\bitcomet\BitComet.exe/AddLink.htm
IE: &D&ownload all with BitComet - c:\program files\bitcomet\BitComet.exe/AddAllLink.htm
IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200
IE: {781B39EC-2E18-41FC-9B00-B84E4FFCA85F} - c:\program files\icq7m\ICQ.exe
IE: {D18A0B52-D63C-4ed0-AFC6-C1E3DC1AF43A} - res://c:\program files\bitcomet\tools\BitCometBHO_1.5.4.11.dll/206
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - c:\program files\windows live\writer\WriterBrowserExtension.dll
IE: {68BCFFE1-A2DA-4B40-9068-87ECBFC19D16} - {68BCFFE1-A2DA-4B40-9068-87ECBFC19D16} - c:\program files\avg\avg2012\avgdtiex.dll
Trusted Zone: intuit.com\ttlc
DPF: {5AE58FCF-6F6A-49B2-B064-02492C66E3F4} - hxxp://catalog.update.microsoft.com/v7/site/ClientControl/en/x86/MuCatalogWebControl.cab?1340778409671
DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} - hxxp://www.update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1340775988609
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_33-windows-i586.cab
DPF: {B479199A-1242-4E3C-AD81-7F0DF801B4AE} - hxxp://download.microsoft.com/download/C/9/C/C9C3D86D-84AC-4AF0-8584-842756A66467/MicrosoftDownloadManager.cab
DPF: {CAFEEFAC-0016-0000-0033-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_33-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_33-windows-i586.cab
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
Handler: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - c:\program files\avg\avg2012\avgpp.dll
Handler: viprotocol - {B658800C-F66E-4EF3-AB85-6C0C227862A9} - c:\program files\common files\avg secure search\viprotocolinstaller\11.1.0\ViProtocol.dll
Notify: igfxcui - igfxdev.dll
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll
SEH: Windows Desktop Search Namespace Manager: {56f9679e-7826-4c84-81f3-532071a8bcc5} - c:\program files\windows desktop search\MSNLNamespaceMgr.dll
.
============= SERVICES / DRIVERS ===============
.
R0 AVGIDSHX;AVGIDSHX;c:\windows\system32\drivers\avgidshx.sys [2012-4-19 24896]
R0 Avgrkx86;AVG Anti-Rootkit Driver;c:\windows\system32\drivers\avgrkx86.sys [2012-1-31 31952]
R0 iastor78;iastor78;c:\windows\system32\drivers\iastor78.sys [2009-1-24 308248]
R1 Avgldx86;AVG AVI Loader Driver;c:\windows\system32\drivers\avgldx86.sys [2012-2-22 235216]
R1 Avgmfx86;AVG Mini-Filter Resident Anti-Virus Shield;c:\windows\system32\drivers\avgmfx86.sys [2011-12-23 41040]
R1 Avgtdix;AVG TDI Driver;c:\windows\system32\drivers\avgtdix.sys [2012-3-19 301248]
R2 avgwd;AVG WatchDog;c:\program files\avg\avg2012\avgwdsvc.exe [2012-2-14 193288]
R2 Guard.Mail.ru;Guard.Mail.ru;c:\program files\guard-icq\GuardICQ.exe [2012-6-25 1564368]
R2 ICQ Service;ICQ Service;c:\program files\icq6toolbar\ICQ Service.exe [2012-6-25 247096]
R2 IntuitUpdateServiceV4;Intuit Update Service v4;c:\program files\common files\intuit\update service v4\IntuitUpdateService.exe [2011-8-25 13672]
R2 QDLService;Qualcomm Gobi Download Service;c:\qualcomm\qdlservice\QDLService.exe [2008-11-10 345336]
R2 Secunia PSI Agent;Secunia PSI Agent;c:\program files\secunia\psi\psia.exe [2011-10-13 994360]
R2 Secunia Update Agent;Secunia Update Agent;c:\program files\secunia\psi\sua.exe [2011-10-13 399416]
R2 vToolbarUpdater11.1.0;vToolbarUpdater11.1.0;c:\program files\common files\avg secure search\vtoolbarupdater\11.1.0\ToolbarUpdater.exe [2012-6-19 935480]
R3 AVGIDSDriver;AVGIDSDriver;c:\windows\system32\drivers\avgidsdriverx.sys [2011-12-23 139856]
R3 AVGIDSFilter;AVGIDSFilter;c:\windows\system32\drivers\avgidsfilterx.sys [2011-12-23 24144]
R3 AVGIDSShim;AVGIDSShim;c:\windows\system32\drivers\avgidsshimx.sys [2011-12-23 17232]
R3 PSI;PSI;c:\windows\system32\drivers\psi_mf.sys [2010-9-1 15544]
S2 AVGIDSAgent;AVGIDSAgent;c:\program files\avg\avg2012\avgidsagent.exe [2012-6-13 5161080]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\microsoft.net\framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 gupdate;Google Update Service (gupdate);c:\program files\google\update\GoogleUpdate.exe [2012-6-3 136176]
S3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:\windows\system32\macromed\flash\FlashPlayerUpdateService.exe [2012-4-27 250056]
S3 Ambfilt;Ambfilt;c:\windows\system32\drivers\Ambfilt.sys [2011-8-28 1684736]
S3 gupdatem;Google Update Service (gupdatem);c:\program files\google\update\GoogleUpdate.exe [2012-6-3 136176]
S3 L1c;NDIS Miniport Driver for Atheros AR8131/AR8132 PCI-E Ethernet Controller;c:\windows\system32\drivers\l1c51x86.sys [2011-8-28 38912]
S3 pneteth;PdaNet Broadband;c:\windows\system32\drivers\pneteth.sys [2011-8-28 13312]
S3 pwdrvio;pwdrvio;c:\windows\system32\pwdrvio.sys [2011-8-28 16472]
S3 pwdspio;pwdspio;c:\windows\system32\pwdspio.sys [2011-8-28 11104]
S3 QCFilterGAD;Gobi AD USB Composite Device Filter Driver;c:\windows\system32\drivers\qcfilterGAD.sys [2011-8-28 5248]
S3 qcusbnetGAD;Gobi AD USB-NDIS miniport;c:\windows\system32\drivers\qcusbnetGAD.sys [2011-8-28 115200]
S3 qcusbserGAD;Gobi AD USB Device for Legacy Serial Communication;c:\windows\system32\drivers\qcusbserGAD.sys [2011-8-28 103680]
S3 RSUSBSTOR;RtsUStor.Sys Realtek USB Card Reader;c:\windows\system32\drivers\RtsUStor.sys [2011-9-1 162816]
S3 Rts516xIR;Realtek IR Driver;c:\windows\system32\drivers\rts516xir.sys --> c:\windows\system32\drivers\Rts516xIR.sys [?]
S3 SMSIVZAM5;SMSIVZAM5 NDIS Protocol Driver;c:\progra~1\verizo~1\vzacce~1\SMSIVZAM5.SYS [2009-3-20 32408]
S3 ssadbus;SAMSUNG Android USB Composite Device driver (WDM);c:\windows\system32\drivers\ssadbus.sys [2011-8-28 121192]
S3 TSUsbKey;TSUSbKey.Sys;c:\windows\system32\drivers\TSUsbKey.sys [2012-2-15 9300]
S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\microsoft.net\framework\v4.0.30319\wpf\WPFFontCache_v0400.exe [2010-3-18 753504]
.
=============== Created Last 30 ================
.
2012-07-01 17:19:11 -------- d-----w- c:\documents and settings\administrator\local settings\application data\Sun
2012-06-28 23:11:50 40960 ----a-r- c:\documents and settings\administrator\application data\microsoft\installer\{aff1ea96-9c23-4249-b7d4-cd4b54d4582f}\NewShortcut3_2E7595EC4FB14E2993D49083C8A9B107.exe
2012-06-28 23:11:40 -------- d-----w- c:\program files\ItsDeductible2006
2012-06-28 20:28:50 -------- d-----w- c:\program files\common files\AnswerWorks 4.0
2012-06-28 20:28:41 696320 ----a-w- c:\program files\common files\installshield\professional\runtime\0701\intel32\iKernel.dll
2012-06-28 20:28:41 57344 ----a-w- c:\program files\common files\installshield\professional\runtime\0701\intel32\ctor.dll
2012-06-28 20:28:41 5632 ----a-w- c:\program files\common files\installshield\professional\runtime\0701\intel32\DotNetInstaller.exe
2012-06-28 20:28:41 237568 ----a-w- c:\program files\common files\installshield\professional\runtime\0701\intel32\iscript.dll
2012-06-28 20:28:41 155648 ----a-w- c:\program files\common files\installshield\professional\runtime\0701\intel32\iuser.dll
2012-06-28 20:28:40 163972 ----a-w- c:\program files\common files\installshield\professional\runtime\0701\intel32\iGdi.dll
2012-06-28 20:28:39 282756 ----a-w- c:\program files\common files\installshield\professional\runtime\0701\intel32\setup.dll
2012-06-28 20:25:58 69714 ----a-w- c:\program files\common files\installshield\professional\runtime\11\00\intel32\ctor.dll
2012-06-28 20:25:58 274432 ----a-w- c:\program files\common files\installshield\professional\runtime\11\00\intel32\iscript.dll
2012-06-28 20:25:58 184320 ----a-w- c:\program files\common files\installshield\professional\runtime\11\00\intel32\iuser.dll
2012-06-28 20:25:57 753664 ----a-w- c:\program files\common files\installshield\professional\runtime\11\00\intel32\iKernel.dll
2012-06-28 20:25:57 5632 ----a-w- c:\program files\common files\installshield\professional\runtime\11\00\intel32\DotNetInstaller.exe
2012-06-28 20:25:56 331908 ----a-w- c:\program files\common files\installshield\professional\runtime\11\00\intel32\setup.dll
2012-06-28 20:25:56 200836 ----a-w- c:\program files\common files\installshield\professional\runtime\11\00\intel32\iGdi.dll
2012-06-28 17:07:26 -------- d-----w- c:\program files\iPod
2012-06-28 17:07:19 -------- d-----w- c:\program files\iTunes
2012-06-27 06:00:03 -------- d-----w- c:\program files\Microsoft Download Manager
2012-06-27 05:19:01 -------- d-----w- c:\documents and settings\administrator\local settings\application data\Secunia PSI
2012-06-27 04:16:06 -------- d-----w- c:\program files\Secunia
2012-06-25 21:53:07 -------- d-----w- c:\program files\ICQ6Toolbar
2012-06-25 21:53:07 -------- d-----w- c:\documents and settings\all users\application data\ICQ
2012-06-25 21:25:07 -------- d-----w- c:\documents and settings\administrator\application data\ICQ Search
2012-06-25 21:15:06 -------- d-----w- c:\program files\Guard-ICQ
2012-06-25 21:14:03 -------- d-----w- c:\program files\ICQ7M
2012-06-25 13:40:49 -------- d-----w- c:\program files\Oracle
2012-06-25 11:47:39 -------- d-----w- c:\program files\VideoLAN
2012-06-24 23:38:37 49664 ----a-w- c:\windows\system32\CamCodec.dll
2012-06-24 23:38:37 -------- d-----w- c:\program files\CamStudio 2.6b
2012-06-24 22:57:16 -------- d-----w- c:\documents and settings\administrator\local settings\application data\Apple Computer
2012-06-24 22:56:58 26600 ----a-w- c:\windows\system32\drivers\GEARAspiWDM.sys
2012-06-24 22:56:58 107368 ----a-w- c:\windows\system32\GEARAspi.dll
2012-06-24 22:55:54 -------- d-----w- c:\documents and settings\all users\application data\{429CAD59-35B1-4DBC-BB6D-1DB246563521}
2012-06-24 22:55:04 -------- d-----w- c:\documents and settings\administrator\local settings\application data\Apple
2012-06-24 22:54:47 4547944 ----a-w- c:\windows\system32\usbaaplrc.dll
2012-06-24 22:54:47 43520 ----a-w- c:\windows\system32\drivers\usbaapl.sys
2012-06-24 22:54:21 -------- d-----w- c:\program files\Bonjour
2012-06-24 07:25:34 -------- d-----w- c:\program files\HTC
2012-06-24 04:13:22 -------- d-----w- c:\documents and settings\administrator\local settings\application data\Intuit
2012-06-24 04:10:07 -------- d-----w- c:\documents and settings\administrator\application data\Intuit
2012-06-24 04:10:02 -------- d-----w- c:\program files\common files\AnswerWorks 5.0
2012-06-24 04:05:48 -------- d-----w- c:\documents and settings\administrator\local settings\application data\IsolatedStorage
2012-06-24 04:05:45 -------- d-----w- c:\program files\common files\Intuit
2012-06-24 04:05:14 -------- d-----w- c:\program files\TurboTax
2012-06-24 04:03:52 -------- d-----w- c:\documents and settings\all users\application data\Intuit
2012-06-20 19:07:46 83968 ----a-w- c:\windows\system32\spool\prtprocs\w32x86\CNMPPAT.DLL
2012-06-20 19:07:45 29184 ----a-w- c:\windows\system32\spool\prtprocs\w32x86\CNMPDAT.DLL
2012-06-20 19:07:44 310272 ----a-w- c:\windows\system32\CNMLMAT.DLL
2012-06-20 19:01:40 323584 ----a-w- c:\windows\system32\CNC_ATL.dll
2012-06-20 19:01:40 286720 ----a-w- c:\windows\system32\CNC_ATC.dll
2012-06-20 19:01:40 15872 ----a-w- c:\windows\system32\CNHMCA.dll
2012-06-20 19:01:40 114688 ----a-w- c:\windows\system32\CNC_ATU.dll
2012-06-20 19:01:40 114688 ----a-w- c:\windows\system32\CNC_ATI.dll
2012-06-20 03:41:48 -------- d-----w- c:\windows\system32\cache
2012-06-19 11:15:43 -------- d-----w- c:\program files\BitComet
2012-06-19 09:15:51 -------- d-----w- c:\documents and settings\administrator\application data\TuneUp Software
2012-06-19 09:15:29 -------- d-----w- c:\documents and settings\all users\application data\TuneUp Software
2012-06-19 09:02:36 -------- d-----w- c:\windows\system32\wbem\snmp
2012-06-19 09:02:35 -------- d-----w- c:\windows\system32\xircom
2012-06-19 09:02:35 -------- d-----w- c:\windows\system32\oobe
2012-06-19 09:02:35 -------- d-----w- c:\windows\system32\inetsrv
2012-06-19 09:02:35 -------- d-----w- c:\program files\windows nt
2012-06-19 09:02:35 -------- d-----w- c:\program files\msn gaming zone
2012-06-19 00:16:16 -------- d-----w- c:\documents and settings\administrator\DoctorWeb
2012-06-19 00:01:04 98816 ----a-w- c:\windows\sed.exe
2012-06-19 00:01:04 518144 ----a-w- c:\windows\SWREG.exe
2012-06-19 00:01:04 256000 ----a-w- c:\windows\PEV.exe
2012-06-19 00:01:04 208896 ----a-w- c:\windows\MBR.exe
2012-06-18 21:46:26 476936 ----a-w- c:\windows\system32\npdeployJava1.dll
2012-06-18 18:07:43 -------- d-sh--w- c:\documents and settings\all users\application data\{32364CEA-7855-4A3C-B674-53D8E9B97936}
2012-06-18 18:00:19 -------- d-----w- c:\documents and settings\administrator\application data\AVG2012
2012-06-18 17:59:15 -------- d--h--w- c:\documents and settings\all users\application data\Common Files
2012-06-18 17:59:01 -------- d-----w- c:\documents and settings\administrator\local settings\application data\AVG Secure Search
2012-06-18 17:58:54 -------- d-----w- c:\documents and settings\administrator\application data\AVG Secure Search
2012-06-18 17:58:51 -------- d-----w- c:\documents and settings\all users\application data\AVG Secure Search
2012-06-18 17:58:49 -------- d-----w- c:\program files\common files\AVG Secure Search
2012-06-18 17:58:48 -------- d-----w- c:\program files\AVG Secure Search
2012-06-18 17:57:48 -------- d--h--w- C:\$AVG
2012-06-18 17:57:48 -------- d-----w- c:\windows\system32\drivers\AVG
2012-06-18 17:57:48 -------- d-----w- c:\documents and settings\all users\application data\AVG2012
2012-06-18 17:56:50 -------- d-----w- c:\program files\AVG
2012-06-18 17:50:17 -------- d-----w- c:\documents and settings\all users\application data\MFAData
2012-06-18 17:30:36 -------- d-----w- c:\documents and settings\administrator\local settings\application data\Opera
2012-06-15 02:54:05 521728 ------w- c:\windows\system32\dllcache\jsdbgui.dll
.
==================== Find3M ====================
.
2012-06-23 10:50:17 70344 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2012-06-23 10:50:17 426184 ----a-w- c:\windows\system32\FlashPlayerApp.exe
2012-06-05 00:35:26 222448 ----a-w- c:\windows\system32\muweb.dll
2012-06-02 22:19:44 22040 ----a-w- c:\windows\system32\wucltui.dll.mui
2012-06-02 22:19:38 219160 ----a-w- c:\windows\system32\wuaucpl.cpl
2012-06-02 22:19:38 15384 ----a-w- c:\windows\system32\wuaucpl.cpl.mui
2012-06-02 22:19:34 15384 ----a-w- c:\windows\system32\wuapi.dll.mui
2012-06-02 22:19:30 17944 ----a-w- c:\windows\system32\wuaueng.dll.mui
2012-06-02 22:18:58 275696 ----a-w- c:\windows\system32\mucltui.dll
2012-06-02 22:18:58 17136 ----a-w- c:\windows\system32\mucltui.dll.mui
2012-05-31 13:19:37 599552 ----a-w- c:\windows\system32\crypt32.dll
2012-05-16 15:08:26 916992 ----a-w- c:\windows\system32\wininet.dll
2012-05-15 13:27:44 1872128 ----a-w- c:\windows\system32\win32k.sys
2012-05-11 14:42:33 43520 ----a-w- c:\windows\system32\licmgr10.dll
2012-05-11 14:42:33 1469440 ----a-w- c:\windows\system32\inetcpl.cpl
2012-05-11 11:38:02 385024 ----a-w- c:\windows\system32\html.iec
2012-05-05 02:29:50 143872 ----a-w- c:\windows\system32\javacpl.cpl
2012-05-05 02:29:16 687504 ----a-w- c:\windows\system32\deployJava1.dll
2012-05-04 13:24:46 2148352 ----a-w- c:\windows\system32\ntoskrnl.exe
2012-05-04 12:41:08 2026496 ----a-w- c:\windows\system32\ntkrnlpa.exe
2012-05-02 13:45:55 139656 ----a-w- c:\windows\system32\drivers\rdpwd.sys
2012-05-01 16:36:48 140376 ----a-w- c:\windows\system32\MicrosoftUpdateCatalogWebControl.dll
2012-04-19 11:50:26 24896 ----a-w- c:\windows\system32\drivers\avgidshx.sys
.
============= FINISH: 13:32:40.01 ===============





i have no instal disk and have tried to purchase one thru gateway but they only have the gateway restore disk which is not working

Edited by chancelot, 02 July 2012 - 06:27 PM.


#4 m0le

m0le

    Can U Dig It?


  • Malware Response Team
  • 34,527 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:London, UK
  • Local time:04:44 PM

Posted 04 July 2012 - 06:31 PM

Hi,

Welcome to Bleeping Computer. My name is m0le and I will be helping you with your log.
  • Please subscribe to this topic, if you haven't already. Click the Watch This Topic button at the top on the right.

  • Please avoid installing/uninstalling or updating any programs and attempting any unsupervised fixes or scans. This can make helping you impossible.

  • Please reply to this post so I know you are there.
The forum is busy and we need to have replies as soon as possible. If I haven't had a reply after 3 days I will bump the topic and if you do not reply by the following day after that then I will close the topic.

----------------------------------------------

Please download aswMBR ( 511KB ) to your desktop.
  • Double click the aswMBR.exe icon to run it
  • Click the Scan button to start the scan
  • On completion of the scan, click the save log button, save it to your desktop and post it in your next reply.

Posted Image
m0le is a proud member of UNITE

#5 chancelot

chancelot
  • Topic Starter

  • Members
  • 9 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:LOS ANGELES
  • Local time:09:44 AM

Posted 04 July 2012 - 07:23 PM

aswMBR version 0.9.9.1665 Copyright© 2011 AVAST Software
Run date: 2012-07-04 16:58:49
-----------------------------
16:58:49.218 OS Version: Windows 5.1.2600 Service Pack 3
16:58:49.218 Number of processors: 2 586 0x1C02
16:58:49.218 ComputerName: CHANCELOT UserName: chance
16:58:50.546 Initialize success
17:09:36.500 AVAST engine defs: 12070401
17:13:01.968 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-0
17:13:01.984 Disk 0 Vendor: Hitachi_ PBBO Size: 152627MB BusType: 3
17:13:02.000 Disk 0 MBR read successfully
17:13:02.000 Disk 0 MBR scan
17:13:02.078 Disk 0 Windows XP default MBR code
17:13:02.078 Disk 0 Partition 1 00 17 Hidd HPFS/NTFS NTFS 10244 MB offset 63
17:13:02.109 Disk 0 Partition 2 80 (A) 07 HPFS/NTFS NTFS 142380 MB offset 20980890
17:13:02.140 Disk 0 scanning sectors +312576705
17:13:02.250 Disk 0 scanning C:\WINDOWS\system32\drivers
17:13:19.953 Service scanning
17:13:57.765 Modules scanning
17:14:30.218 Disk 0 trace - called modules:
17:14:30.250 ntoskrnl.exe CLASSPNP.SYS disk.sys ACPI.sys hal.dll iaStor.sys
17:14:30.265 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0x8aa23030]
17:14:30.265 3 CLASSPNP.SYS[f7637fd7] -> nt!IofCallDriver -> \Device\0000006e[0x8aa24b28]
17:14:30.281 5 ACPI.sys[f75ae620] -> nt!IofCallDriver -> \Device\Ide\IAAStorageDevice-0[0x8a9e9030]
17:14:31.187 AVAST engine scan C:\WINDOWS
17:14:45.265 AVAST engine scan C:\WINDOWS\system32
17:21:08.187 AVAST engine scan C:\WINDOWS\system32\drivers
17:21:34.500 AVAST engine scan C:\Documents and Settings\Administrator
17:24:22.703 Disk 0 MBR has been saved successfully to "C:\Documents and Settings\Administrator\Desktop\MBR.dat"
17:24:22.718 The log file has been saved successfully to "C:\Documents and Settings\Administrator\Desktop\7412aswMBR.txt"

#6 m0le

m0le

    Can U Dig It?


  • Malware Response Team
  • 34,527 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:London, UK
  • Local time:04:44 PM

Posted 04 July 2012 - 07:31 PM

Okay, uninstall the Combofix program you have currently by doing the following
  • Disable any realtime antivirus or antispyware programs.
  • Please press the Windows Key and R on your keyboard. This will bring up the Run... command.
    (For Vista/Windows 7 please click Start -> All Programs -> Accessories -> Run)
  • Now type in Combofix /Uninstall in the runbox and click OK. (Notice the space between "Combofix" and "/")
  • Please follow the prompts to uninstall Combofix.
  • You will then receive a message saying Combofix was uninstalled successfully once it's done uninstalling itself.
This will uninstall Combofix and anything associated with it.


Now follow these instructions to run Combofix. You run this in normal mode.

Please download ComboFix from one of these locations:* IMPORTANT !!! Save ComboFix.exe to your Desktop making sure you rename it comfix.exe
  • Disable your AntiVirus and AntiSpyware applications including Firewalls, usually via a right click on the System Tray icon. They may otherwise interfere with our tools. (Click on this link to see a list of programs that should be disabled. The list is not all inclusive.)
  • Double click on Comfix.exe & follow the prompts.
  • As part of it's process, ComboFix will check to see if the Microsoft Windows Recovery Console is installed. With malware infections being as they are today, it's strongly recommended to have this pre-installed on your machine before doing any malware removal. It will allow you to boot up into a special recovery/repair mode that will allow us to more easily help you should your computer have a problem after an attempted removal of malware.
  • Follow the prompts to allow ComboFix to download and install the Microsoft Windows Recovery Console, and when prompted, agree to the End-User License Agreement to install the Microsoft Windows Recovery Console.
**Please note: If the Microsoft Windows Recovery Console is already installed, ComboFix will continue it's malware removal procedures.

Posted Image


Once the Microsoft Windows Recovery Console is installed using ComboFix, you should see the following message:

Posted Image


Click on Yes, to continue scanning for malware.

When finished, it shall produce a log for you. Please include the C:\ComboFix.txt in your next reply.
Posted Image
m0le is a proud member of UNITE

#7 chancelot

chancelot
  • Topic Starter

  • Members
  • 9 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:LOS ANGELES
  • Local time:09:44 AM

Posted 04 July 2012 - 11:12 PM

ComboFix 12-07-04.04 - chance 07/04/2012 20:53:58.3.2 - x86
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.2038.1275 [GMT -7:00]
Running from: c:\documents and settings\Administrator\Desktop\ComFix.exe
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\documents and settings\All Users\Application Data\TEMP
c:\windows\system32\Cache
c:\windows\system32\Cache\16f7f689d12811b1.fb
c:\windows\system32\Cache\272512937d9e61a4.fb
c:\windows\system32\Cache\287204568329e189.fb
c:\windows\system32\Cache\28bc8f716fd76a47.fb
c:\windows\system32\Cache\2c53092c95605355.fb
c:\windows\system32\Cache\31a0997e9a5b5eb3.fb
c:\windows\system32\Cache\32c84fe32bb74d60.fb
c:\windows\system32\Cache\3917078cb68ec657.fb
c:\windows\system32\Cache\590ba23ce359fd0c.fb
c:\windows\system32\Cache\610289e025a3ee9a.fb
c:\windows\system32\Cache\651c5d3cdbfb8bd1.fb
c:\windows\system32\Cache\6c59ac5e7e7a3ad0.fb
c:\windows\system32\Cache\6d03dad1035885d3.fb
c:\windows\system32\Cache\a8556537add6dfc5.fb
c:\windows\system32\Cache\ad10a52aff5e038d.fb
c:\windows\system32\Cache\c1fa887b03019701.fb
c:\windows\system32\Cache\c4d28dca2e7648be.fb
c:\windows\system32\Cache\d201ef9910cd39de.fb
c:\windows\system32\Cache\d2e94710a5708128.fb
c:\windows\system32\Cache\d79b9dfe81484ec4.fb
c:\windows\system32\Cache\f998975c9cc711ee.fb
.
.
((((((((((((((((((((((((( Files Created from 2012-06-05 to 2012-07-05 )))))))))))))))))))))))))))))))
.
.
2012-07-03 03:18 . 2012-07-03 04:12 -------- d-----w- c:\windows\LastGood
2012-07-01 17:19 . 2012-07-01 17:19 -------- d-----w- c:\documents and settings\Administrator\Local Settings\Application Data\Sun
2012-06-28 23:11 . 2012-06-28 23:11 40960 ----a-r- c:\documents and settings\Administrator\Application Data\Microsoft\Installer\{AFF1EA96-9C23-4249-B7D4-CD4B54D4582F}\NewShortcut3_2E7595EC4FB14E2993D49083C8A9B107.exe
2012-06-28 23:11 . 2012-06-28 23:11 -------- d-----w- c:\program files\ItsDeductible2006
2012-06-28 20:28 . 2012-06-28 20:28 -------- d-----w- c:\program files\Common Files\AnswerWorks 4.0
2012-06-28 20:28 . 2003-02-27 23:12 696320 ----a-w- c:\program files\Common Files\InstallShield\Professional\RunTime\0701\Intel32\iKernel.dll
2012-06-28 20:28 . 2002-12-05 21:10 155648 ----a-w- c:\program files\Common Files\InstallShield\Professional\RunTime\0701\Intel32\iuser.dll
2012-06-28 20:28 . 2002-12-02 22:22 5632 ----a-w- c:\program files\Common Files\InstallShield\Professional\RunTime\0701\Intel32\DotNetInstaller.exe
2012-06-28 20:28 . 2002-12-02 20:33 57344 ----a-w- c:\program files\Common Files\InstallShield\Professional\RunTime\0701\Intel32\ctor.dll
2012-06-28 20:28 . 2002-12-02 20:33 237568 ----a-w- c:\program files\Common Files\InstallShield\Professional\RunTime\0701\Intel32\iscript.dll
2012-06-28 20:28 . 2012-06-28 20:28 163972 ----a-w- c:\program files\Common Files\InstallShield\Professional\RunTime\0701\Intel32\iGdi.dll
2012-06-28 20:28 . 2012-06-28 20:28 282756 ----a-w- c:\program files\Common Files\InstallShield\Professional\RunTime\0701\Intel32\setup.dll
2012-06-28 20:25 . 2005-04-04 06:02 69714 ----a-w- c:\program files\Common Files\InstallShield\Professional\RunTime\11\00\Intel32\ctor.dll
2012-06-28 20:25 . 2005-04-04 06:01 274432 ----a-w- c:\program files\Common Files\InstallShield\Professional\RunTime\11\00\Intel32\iscript.dll
2012-06-28 20:25 . 2005-04-04 06:00 184320 ----a-w- c:\program files\Common Files\InstallShield\Professional\RunTime\11\00\Intel32\iuser.dll
2012-06-28 20:25 . 2005-04-04 06:02 753664 ----a-w- c:\program files\Common Files\InstallShield\Professional\RunTime\11\00\Intel32\iKernel.dll
2012-06-28 20:25 . 2005-04-04 05:59 5632 ----a-w- c:\program files\Common Files\InstallShield\Professional\RunTime\11\00\Intel32\DotNetInstaller.exe
2012-06-28 20:25 . 2012-06-28 20:25 331908 ----a-w- c:\program files\Common Files\InstallShield\Professional\RunTime\11\00\Intel32\setup.dll
2012-06-28 20:25 . 2012-06-28 20:25 200836 ----a-w- c:\program files\Common Files\InstallShield\Professional\RunTime\11\00\Intel32\iGdi.dll
2012-06-28 17:07 . 2012-06-28 17:07 -------- d-----w- c:\program files\iPod
2012-06-28 17:07 . 2012-06-28 17:08 -------- d-----w- c:\program files\iTunes
2012-06-27 06:00 . 2012-06-27 06:00 -------- d-----w- c:\program files\Microsoft Download Manager
2012-06-27 05:19 . 2012-06-27 05:19 -------- d-----w- c:\documents and settings\Administrator\Local Settings\Application Data\Secunia PSI
2012-06-27 04:16 . 2012-06-27 04:16 -------- d-----w- c:\program files\Secunia
2012-06-26 00:48 . 2012-06-26 00:48 -------- d-----w- c:\documents and settings\NetworkService\Local Settings\Application Data\Apple
2012-06-25 21:53 . 2012-06-25 21:53 -------- d-----w- c:\program files\ICQ6Toolbar
2012-06-25 21:53 . 2012-06-25 21:53 -------- d-----w- c:\documents and settings\All Users\Application Data\ICQ
2012-06-25 21:25 . 2012-06-25 21:25 -------- d-----w- c:\documents and settings\Administrator\Application Data\ICQ Search
2012-06-25 21:15 . 2012-06-25 21:15 -------- d-----w- c:\documents and settings\LocalService\Application Data\{DCD48218-E972-4d0c-9E5F-43462BC13E3B}
2012-06-25 21:15 . 2012-06-25 21:15 -------- d-----w- c:\program files\Guard-ICQ
2012-06-25 21:14 . 2012-07-03 02:49 -------- d-----w- c:\documents and settings\Administrator\Application Data\ICQ
2012-06-25 21:14 . 2012-06-25 21:44 -------- d-----w- c:\program files\ICQ7M
2012-06-25 18:57 . 2012-06-25 18:57 -------- d-----w- c:\program files\Common Files\Java
2012-06-25 13:40 . 2012-06-25 13:40 -------- d-----w- c:\program files\Oracle
2012-06-25 13:40 . 2012-06-25 13:40 -------- d-----w- c:\documents and settings\Administrator\Application Data\Oracle
2012-06-25 11:49 . 2012-07-02 00:05 -------- d-----w- c:\documents and settings\Administrator\Application Data\vlc
2012-06-25 11:47 . 2012-06-25 11:47 -------- d-----w- c:\program files\VideoLAN
2012-06-24 23:38 . 2012-06-24 23:38 -------- d-----w- c:\program files\CamStudio 2.6b
2012-06-24 23:38 . 2010-10-24 07:56 49664 ----a-w- c:\windows\system32\CamCodec.dll
2012-06-24 22:57 . 2012-06-25 01:32 -------- d-----w- c:\documents and settings\Administrator\Application Data\Apple Computer
2012-06-24 22:57 . 2012-06-24 22:57 -------- d-----w- c:\documents and settings\Administrator\Local Settings\Application Data\Apple Computer
2012-06-24 22:56 . 2009-05-18 20:17 26600 ----a-w- c:\windows\system32\drivers\GEARAspiWDM.sys
2012-06-24 22:56 . 2008-04-17 19:12 107368 ----a-w- c:\windows\system32\GEARAspi.dll
2012-06-24 22:55 . 2012-06-24 22:56 -------- d-----w- c:\documents and settings\All Users\Application Data\{429CAD59-35B1-4DBC-BB6D-1DB246563521}
2012-06-24 22:55 . 2012-06-24 22:55 -------- d-----w- c:\documents and settings\Administrator\Local Settings\Application Data\Apple
2012-06-24 22:54 . 2012-06-24 22:54 -------- d-----w- c:\program files\Apple Software Update
2012-06-24 22:54 . 2012-06-24 22:54 -------- d-----w- c:\documents and settings\LocalService\Application Data\Apple Computer
2012-06-24 22:54 . 2012-02-15 18:01 4547944 ----a-w- c:\windows\system32\usbaaplrc.dll
2012-06-24 22:54 . 2012-02-15 18:01 43520 ----a-w- c:\windows\system32\drivers\usbaapl.sys
2012-06-24 22:54 . 2012-07-03 03:19 -------- d-----w- c:\program files\Bonjour
2012-06-24 22:54 . 2012-06-28 17:07 -------- d-----w- c:\program files\Common Files\Apple
2012-06-24 22:54 . 2012-06-24 22:54 -------- d-----w- c:\documents and settings\All Users\Application Data\Apple
2012-06-24 07:25 . 2012-06-24 07:25 -------- d-----w- c:\program files\HTC
2012-06-24 04:13 . 2012-06-24 04:13 -------- d-----w- c:\documents and settings\LocalService\Local Settings\Application Data\IsolatedStorage
2012-06-24 04:13 . 2012-06-24 04:13 -------- d-----w- c:\documents and settings\Administrator\Local Settings\Application Data\Intuit
2012-06-24 04:10 . 2012-06-24 04:10 -------- d-----w- c:\documents and settings\Administrator\Application Data\Intuit
2012-06-24 04:10 . 2012-06-24 04:10 -------- d-----w- c:\program files\Common Files\AnswerWorks 5.0
2012-06-24 04:05 . 2012-06-24 04:05 -------- d-----w- c:\documents and settings\Administrator\Local Settings\Application Data\IsolatedStorage
2012-06-24 04:05 . 2012-06-24 04:37 -------- d-----w- c:\program files\Common Files\Intuit
2012-06-24 04:05 . 2012-06-28 23:09 -------- d-----w- c:\program files\TurboTax
2012-06-24 04:03 . 2012-06-24 04:07 -------- d-----w- c:\documents and settings\All Users\Application Data\Intuit
2012-06-20 19:08 . 2012-06-20 19:08 -------- d--h--w- c:\windows\system32\CanonIJ Uninstaller Information
2012-06-20 19:08 . 2012-06-20 19:08 -------- d--h--w- c:\documents and settings\All Users\Application Data\CanonBJ
2012-06-20 19:07 . 2011-05-23 12:00 83968 ----a-w- c:\windows\system32\Spool\prtprocs\w32x86\CNMPPAT.DLL
2012-06-20 19:07 . 2011-05-23 12:00 29184 ----a-w- c:\windows\system32\Spool\prtprocs\w32x86\CNMPDAT.DLL
2012-06-20 19:07 . 2011-05-23 12:00 310272 ----a-w- c:\windows\system32\CNMLMAT.DLL
2012-06-20 19:01 . 2011-03-31 17:07 114688 ----a-w- c:\windows\system32\CNC_ATU.dll
2012-06-20 19:01 . 2011-03-31 17:05 286720 ----a-w- c:\windows\system32\CNC_ATC.dll
2012-06-20 19:01 . 2011-03-31 17:05 114688 ----a-w- c:\windows\system32\CNC_ATI.dll
2012-06-20 19:01 . 2011-03-30 19:54 323584 ----a-w- c:\windows\system32\CNC_ATL.dll
2012-06-20 19:01 . 2008-08-26 01:02 15872 ----a-w- c:\windows\system32\CNHMCA.dll
2012-06-19 11:15 . 2012-06-19 11:15 -------- d-----w- c:\program files\BitComet
2012-06-19 09:44 . 2012-06-19 09:44 -------- d-----w- c:\documents and settings\LocalService\Application Data\TuneUp Software
2012-06-19 09:15 . 2012-06-19 09:15 -------- d-----w- c:\documents and settings\Administrator\Application Data\TuneUp Software
2012-06-19 09:15 . 2012-06-19 09:16 -------- d-----w- c:\documents and settings\All Users\Application Data\TuneUp Software
2012-06-19 09:02 . 2012-06-19 09:02 -------- d-----w- c:\windows\system32\wbem\snmp
2012-06-19 09:02 . 2012-06-19 09:02 -------- d-----w- c:\windows\system32\xircom
2012-06-19 09:02 . 2012-06-19 09:02 -------- d-----w- c:\windows\system32\oobe
2012-06-19 09:02 . 2012-06-19 09:02 -------- d-----w- c:\program files\microsoft frontpage
2012-06-18 21:46 . 2012-06-18 21:46 476936 ----a-w- c:\windows\system32\npdeployJava1.dll
2012-06-18 18:07 . 2012-06-18 18:07 -------- d-sh--w- c:\documents and settings\All Users\Application Data\{32364CEA-7855-4A3C-B674-53D8E9B97936}
2012-06-18 18:00 . 2012-06-18 18:00 -------- d-----w- c:\documents and settings\Administrator\Application Data\AVG2012
2012-06-18 17:59 . 2012-06-18 17:59 -------- d--h--w- c:\documents and settings\All Users\Application Data\Common Files
2012-06-18 17:59 . 2012-06-18 17:59 -------- d-----w- c:\documents and settings\Administrator\Local Settings\Application Data\AVG Secure Search
2012-06-18 17:58 . 2012-06-18 17:58 -------- d-----w- c:\documents and settings\Administrator\Application Data\AVG Secure Search
2012-06-18 17:58 . 2012-06-20 09:30 -------- d-----w- c:\documents and settings\All Users\Application Data\AVG Secure Search
2012-06-18 17:58 . 2012-06-18 17:58 -------- d-----w- c:\program files\Common Files\AVG Secure Search
2012-06-18 17:58 . 2012-06-20 03:41 -------- d-----w- c:\program files\AVG Secure Search
2012-06-18 17:57 . 2012-07-05 02:06 -------- d-----w- c:\windows\system32\drivers\AVG
2012-06-18 17:57 . 2012-06-18 18:11 -------- d-----w- c:\documents and settings\All Users\Application Data\AVG2012
2012-06-18 17:57 . 2012-06-18 17:57 -------- d-----w- C:\$AVG
2012-06-18 17:56 . 2012-06-18 17:56 -------- d-----w- c:\program files\AVG
2012-06-18 17:50 . 2012-07-05 02:06 -------- d-----w- c:\documents and settings\All Users\Application Data\MFAData
2012-06-18 17:30 . 2012-06-18 17:30 -------- d-----w- c:\documents and settings\Administrator\Local Settings\Application Data\Opera
2012-06-18 17:30 . 2012-06-18 17:30 -------- d-----w- c:\program files\Opera
2012-06-15 02:54 . 2012-05-11 14:42 521728 ------w- c:\windows\system32\dllcache\jsdbgui.dll
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-07-03 03:06 . 2012-04-27 07:50 426184 ----a-w- c:\windows\system32\FlashPlayerApp.exe
2012-07-03 03:06 . 2012-01-01 13:55 70344 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2012-06-05 00:35 . 2011-08-28 21:37 222448 ----a-w- c:\windows\system32\muweb.dll
2012-06-02 22:19 . 2009-01-24 14:01 22040 ----a-w- c:\windows\system32\wucltui.dll.mui
2012-06-02 22:19 . 2011-08-28 21:39 329240 ----a-w- c:\windows\system32\wucltui.dll
2012-06-02 22:19 . 2011-08-28 21:39 210968 ----a-w- c:\windows\system32\wuweb.dll
2012-06-02 22:19 . 2011-08-28 21:39 219160 ----a-w- c:\windows\system32\wuaucpl.cpl
2012-06-02 22:19 . 2009-01-24 14:01 15384 ----a-w- c:\windows\system32\wuaucpl.cpl.mui
2012-06-02 22:19 . 2011-08-28 21:39 53784 ----a-w- c:\windows\system32\wuauclt.exe
2012-06-02 22:19 . 2011-08-28 21:39 35864 ----a-w- c:\windows\system32\wups.dll
2012-06-02 22:19 . 2009-01-24 14:01 45080 ----a-w- c:\windows\system32\wups2.dll
2012-06-02 22:19 . 2009-01-24 14:01 15384 ----a-w- c:\windows\system32\wuapi.dll.mui
2012-06-02 22:19 . 2009-01-24 13:56 97304 ----a-w- c:\windows\system32\cdm.dll
2012-06-02 22:19 . 2009-01-24 14:01 17944 ----a-w- c:\windows\system32\wuaueng.dll.mui
2012-06-02 22:19 . 2011-08-28 21:39 577048 ----a-w- c:\windows\system32\wuapi.dll
2012-06-02 22:19 . 2011-08-28 21:39 1933848 ----a-w- c:\windows\system32\wuaueng.dll
2012-06-02 22:18 . 2011-08-28 21:37 275696 ----a-w- c:\windows\system32\mucltui.dll
2012-06-02 22:18 . 2011-08-28 21:37 17136 ----a-w- c:\windows\system32\mucltui.dll.mui
2012-05-31 13:19 . 2009-01-24 13:56 599552 ----a-w- c:\windows\system32\crypt32.dll
2012-05-16 15:08 . 2009-01-24 13:57 916992 ----a-w- c:\windows\system32\wininet.dll
2012-05-15 13:27 . 2009-01-24 13:57 1872128 ----a-w- c:\windows\system32\win32k.sys
2012-05-11 14:42 . 2009-01-24 13:56 43520 ----a-w- c:\windows\system32\licmgr10.dll
2012-05-11 14:42 . 2009-01-24 13:56 1469440 ----a-w- c:\windows\system32\inetcpl.cpl
2012-05-11 11:38 . 2009-01-24 13:56 385024 ----a-w- c:\windows\system32\html.iec
2012-05-05 02:29 . 2011-08-28 21:52 143872 ----a-w- c:\windows\system32\javacpl.cpl
2012-05-05 02:29 . 2011-08-30 01:29 687504 ----a-w- c:\windows\system32\deployJava1.dll
2012-05-04 13:24 . 2009-01-24 13:57 2148352 ----a-w- c:\windows\system32\ntoskrnl.exe
2012-05-04 12:41 . 2008-08-14 10:09 2026496 ----a-w- c:\windows\system32\ntkrnlpa.exe
2012-05-02 13:45 . 2011-08-28 21:36 139656 ----a-w- c:\windows\system32\drivers\rdpwd.sys
2012-05-01 16:36 . 2011-08-28 21:37 140376 ----a-w- c:\windows\system32\MicrosoftUpdateCatalogWebControl.dll
2012-04-19 11:50 . 2012-04-19 11:50 24896 ----a-w- c:\windows\system32\drivers\avgidshx.sys
.
.
------- Sigcheck -------
Note: Unsigned files aren't necessarily malware.
.
[-] 2009-01-24 . BA8C046D98345129723E6BCAA1E8AB99 . 361600 . . [5.1.2600.5649] . . c:\windows\system32\drivers\tcpip.sys
[7] 2008-06-20 . AD978A1B783B5719720CFF204B666C8E . 361600 . . [5.1.2600.5625] . . c:\windows\system32\dllcache\tcpip.sys
.
[-] 2009-01-24 . 2547D2CF090AC7636898F16957EBCEDC . 502272 . . [1.0626.6002.16497] . . c:\windows\system32\usp10.dll
.
((((((((((((((((((((((((((((( SnapShot@2012-06-19_00.11.58 )))))))))))))))))))))))))))))))))))))))))
.
+ 2012-06-24 05:24 . 2012-06-24 05:24 45416 c:\windows\WinSxS\MSIL_Intuit.Spc.Esd.WinClient.Application.Update_540d4816ead86321_3.1.31.0_x-ww_46ee423f\Intuit.Spc.Esd.WinClient.Application.Update.exe
+ 2012-06-24 04:07 . 2012-06-24 04:07 45344 c:\windows\WinSxS\MSIL_Intuit.Spc.Esd.WinClient.Application.Update_540d4816ead86321_3.0.335.0_x-ww_e51d7605\Intuit.Spc.Esd.WinClient.Application.Update.exe
+ 2012-06-29 19:29 . 2012-06-29 19:29 44832 c:\windows\WinSxS\MSIL_Intuit.Spc.Esd.WinClient.Application.Update_540d4816ead86321_2.1.72.22_x-ww_c5eae641\Intuit.Spc.Esd.WinClient.Application.Update.exe
+ 2012-06-24 05:46 . 2012-06-24 05:46 45928 c:\windows\WinSxS\MSIL_Intuit.Spc.Esd.WinClient.Application.Update_3ff6b78e2989595a_4.0.66.0_x-ww_d938aa2c\Intuit.Spc.Esd.WinClient.Application.Update.exe
+ 2012-06-24 05:46 . 2012-06-24 05:46 40808 c:\windows\WinSxS\MSIL_Intuit.Spc.Esd.WinClient.Application.ConfigUXv4_3ff6b78e2989595a_4.0.66.0_x-ww_7acf93b2\Intuit.Spc.Esd.WinClient.Application.ConfigUXv4.exe
+ 2012-06-24 05:24 . 2012-06-24 05:24 40296 c:\windows\WinSxS\MSIL_Intuit.Spc.Esd.WinClient.Application.ConfigUXv2_540d4816ead86321_3.1.31.0_x-ww_8b778a47\Intuit.Spc.Esd.WinClient.Application.ConfigUXv2.exe
+ 2012-06-24 04:07 . 2012-06-24 04:07 40224 c:\windows\WinSxS\MSIL_Intuit.Spc.Esd.WinClient.Application.ConfigUXv2_540d4816ead86321_3.0.335.0_x-ww_29a6be0d\Intuit.Spc.Esd.WinClient.Application.ConfigUXv2.exe
+ 2012-06-29 19:29 . 2012-06-29 19:29 40224 c:\windows\WinSxS\MSIL_Intuit.Spc.Esd.WinClient.Application.ConfigUXv2_540d4816ead86321_2.1.72.22_x-ww_a742e49\Intuit.Spc.Esd.WinClient.Application.ConfigUXv2.exe
+ 2012-06-20 19:01 . 2011-03-08 15:18 98304 c:\windows\twain_32\MG5300 series\SG_THA.dll
+ 2012-06-20 19:01 . 2011-03-08 15:18 77824 c:\windows\twain_32\MG5300 series\SG_KOR.dll
+ 2012-06-20 19:01 . 2011-03-08 15:18 73728 c:\windows\twain_32\MG5300 series\SG_JPN.dll
+ 2012-06-20 19:01 . 2011-03-08 15:18 65536 c:\windows\twain_32\MG5300 series\SG_CHT.dll
+ 2012-06-20 19:01 . 2011-03-08 15:18 65536 c:\windows\twain_32\MG5300 series\SG_CHS.dll
+ 2012-06-20 19:01 . 2009-09-15 21:13 98304 c:\windows\twain_32\MG5300 series\MC2Plus.dll
+ 2012-06-20 19:01 . 2007-12-06 20:46 73728 c:\windows\twain_32\MG5300 series\IJFSHLIB.dll
+ 2012-06-20 19:01 . 2007-11-09 15:48 53248 c:\windows\twain_32\MG5300 series\HSL.DLL
+ 2012-06-20 19:01 . 2008-11-19 20:31 73728 c:\windows\twain_32\MG5300 series\DDT.dll
+ 2010-11-18 13:15 . 2010-11-18 13:15 98304 c:\windows\twain_32\MG5300 series\cncisco6.dll
+ 2010-11-18 13:15 . 2010-11-18 13:15 90112 c:\windows\twain_32\MG5300 series\cncisco3.dll
+ 2012-06-20 19:01 . 2011-02-09 00:36 30720 c:\windows\twain_32\MG5300 series\CNC_389H.DAT
+ 2012-06-20 19:01 . 2005-04-15 22:34 57344 c:\windows\twain_32\MG5300 series\BaLCo.dll
+ 2012-07-03 02:46 . 2012-07-03 02:46 16384 c:\windows\temp\Perflib_Perfdata_cec.dat
+ 2012-06-20 19:07 . 2011-05-23 12:00 14848 c:\windows\system32\spool\drivers\w32x86\canonmg5300_series98e7\CNMW3AT.DLL
+ 2012-06-20 19:07 . 2011-05-23 12:00 62064 c:\windows\system32\spool\drivers\w32x86\canonmg5300_series98e7\CNMVSAT.EXE
+ 2012-06-20 19:07 . 2011-05-23 12:00 14336 c:\windows\system32\spool\drivers\w32x86\canonmg5300_series98e7\CNMVSAT.DLL
+ 2012-06-20 19:07 . 2011-05-23 12:00 80384 c:\windows\system32\spool\drivers\w32x86\canonmg5300_series98e7\CNMSRAT.DLL
+ 2012-06-20 19:07 . 2011-05-23 12:00 89600 c:\windows\system32\spool\drivers\w32x86\canonmg5300_series98e7\CNMSQAT.DLL
+ 2012-06-20 19:07 . 2011-05-23 12:00 20592 c:\windows\system32\spool\drivers\w32x86\canonmg5300_series98e7\CNMSEAT.EXE
+ 2012-06-20 19:07 . 2011-05-23 12:00 93696 c:\windows\system32\spool\drivers\w32x86\canonmg5300_series98e7\CNMSDAT.DLL
+ 2012-06-20 19:07 . 2011-05-23 07:00 30320 c:\windows\system32\spool\drivers\w32x86\canonmg5300_series98e7\CNMP2AT.DAT
+ 2012-06-20 19:07 . 2011-05-23 07:00 27140 c:\windows\system32\spool\drivers\w32x86\canonmg5300_series98e7\CNMP1AT.DAT
+ 2012-06-20 19:07 . 2011-05-23 07:00 23280 c:\windows\system32\spool\drivers\w32x86\canonmg5300_series98e7\CNMP0AT.DAT
+ 2012-06-20 19:07 . 2011-05-23 12:00 25600 c:\windows\system32\spool\drivers\w32x86\canonmg5300_series98e7\CNMOPAT.DLL
+ 2012-06-20 19:07 . 2011-05-23 12:00 75264 c:\windows\system32\spool\drivers\w32x86\canonmg5300_series98e7\CNMLHAT.DLL
+ 2012-06-20 19:07 . 2011-05-23 12:00 54272 c:\windows\system32\spool\drivers\w32x86\canonmg5300_series98e7\CNMDCAT.DLL
+ 2012-06-20 19:07 . 2011-05-23 12:00 13824 c:\windows\system32\spool\drivers\w32x86\canonmg5300_series98e7\CNMBU3AT.DLL
+ 2012-06-20 19:07 . 2011-05-23 12:00 66048 c:\windows\system32\spool\drivers\w32x86\canonmg5300_series98e7\CNMBS3AT.DLL
+ 2012-06-20 19:07 . 2011-05-23 12:00 14848 c:\windows\system32\spool\drivers\w32x86\canonmg5300_series98e7\CNMBM3AT.DLL
+ 2012-06-20 19:07 . 2011-05-23 12:00 14848 c:\windows\system32\spool\drivers\w32x86\3\CNMW3AT.DLL
+ 2012-06-20 19:07 . 2011-05-23 12:00 62064 c:\windows\system32\spool\drivers\w32x86\3\CNMVSAT.EXE
+ 2012-06-20 19:07 . 2011-05-23 12:00 14336 c:\windows\system32\spool\drivers\w32x86\3\CNMVSAT.DLL
+ 2012-06-20 19:07 . 2011-05-23 12:00 80384 c:\windows\system32\spool\drivers\w32x86\3\CNMSRAT.DLL
+ 2012-06-20 19:07 . 2011-05-23 12:00 89600 c:\windows\system32\spool\drivers\w32x86\3\CNMSQAT.DLL
+ 2012-06-20 19:07 . 2011-05-23 12:00 20592 c:\windows\system32\spool\drivers\w32x86\3\CNMSEAT.EXE
+ 2012-06-20 19:07 . 2011-05-23 12:00 93696 c:\windows\system32\spool\drivers\w32x86\3\CNMSDAT.DLL
+ 2012-06-20 19:07 . 2011-05-23 07:00 30320 c:\windows\system32\spool\drivers\w32x86\3\CNMP2AT.DAT
+ 2012-06-20 19:07 . 2011-05-23 07:00 27140 c:\windows\system32\spool\drivers\w32x86\3\CNMP1AT.DAT
+ 2012-06-20 19:07 . 2011-05-23 07:00 23280 c:\windows\system32\spool\drivers\w32x86\3\CNMP0AT.DAT
+ 2012-06-20 19:07 . 2011-05-23 12:00 25600 c:\windows\system32\spool\drivers\w32x86\3\CNMOPAT.DLL
+ 2012-06-20 19:07 . 2011-05-23 12:00 75264 c:\windows\system32\spool\drivers\w32x86\3\CNMLHAT.DLL
+ 2012-06-20 19:07 . 2011-05-23 12:00 54272 c:\windows\system32\spool\drivers\w32x86\3\CNMDCAT.DLL
+ 2012-06-20 19:07 . 2011-05-23 12:00 13824 c:\windows\system32\spool\drivers\w32x86\3\CNMBU3AT.DLL
+ 2012-06-20 19:07 . 2011-05-23 12:00 66048 c:\windows\system32\spool\drivers\w32x86\3\CNMBS3AT.DLL
+ 2012-06-20 19:07 . 2011-05-23 12:00 14848 c:\windows\system32\spool\drivers\w32x86\3\CNMBM3AT.DLL
+ 2012-06-19 11:43 . 2012-06-02 22:19 45080 c:\windows\system32\SoftwareDistribution\Setup\ServiceStartup\wups2.dll\7.6.7600.256\wups2.dll
+ 2012-06-19 11:43 . 2012-06-02 22:19 35864 c:\windows\system32\SoftwareDistribution\Setup\ServiceStartup\wups.dll\7.6.7600.256\wups.dll
+ 2012-06-25 00:13 . 2012-06-25 00:13 19884 c:\windows\system32\mlfcache.dat
+ 2011-08-31 06:05 . 2011-08-31 06:05 50536 c:\windows\system32\jdns_sd.dll
+ 2012-07-03 03:18 . 2012-02-15 18:01 43520 c:\windows\system32\DRVSTORE\usbaapl_B97845F10E79901A09404408F15C6BE616AF6019\usbaapl.sys
+ 2012-07-03 03:18 . 2011-08-02 23:38 18432 c:\windows\system32\DRVSTORE\netaapl_1F790C9610312AF553B3EA281673A397475297FA\netaapl.sys
+ 2012-06-24 22:56 . 2009-05-18 20:17 26600 c:\windows\system32\DRVSTORE\GEARAspiWD_3B7AACF0636A2C042EB7AD2AFF76D37B27BDD28C\x86\GEARAspiWDM.sys
- 2012-01-13 13:56 . 2008-04-14 07:15 15104 c:\windows\system32\drivers\usbscan.sys
+ 2012-01-13 13:56 . 2008-04-14 06:15 15104 c:\windows\system32\drivers\usbscan.sys
+ 2010-09-01 08:30 . 2010-09-01 08:30 15544 c:\windows\system32\drivers\psi_mf.sys
+ 2011-08-31 06:05 . 2011-08-31 06:05 73064 c:\windows\system32\dnssd.dll
+ 2011-08-31 06:05 . 2011-08-31 06:05 83816 c:\windows\system32\dns-sd.exe
+ 2011-08-28 21:39 . 2012-06-02 22:19 35864 c:\windows\system32\dllcache\wups.dll
- 2011-08-28 21:42 . 2012-06-04 15:24 32768 c:\windows\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\index.dat
+ 2011-08-28 21:42 . 2012-06-20 03:41 32768 c:\windows\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\index.dat
+ 2011-08-28 21:42 . 2012-06-20 03:41 16384 c:\windows\system32\config\systemprofile\Local Settings\History\History.IE5\index.dat
- 2011-08-28 21:42 . 2012-06-04 15:24 16384 c:\windows\system32\config\systemprofile\Local Settings\History\History.IE5\index.dat
+ 2012-06-20 03:41 . 2012-06-20 03:41 16384 c:\windows\system32\config\systemprofile\Cookies\index.dat
- 2011-08-28 21:42 . 2012-06-04 15:24 16384 c:\windows\system32\config\systemprofile\Cookies\index.dat
+ 2010-11-18 13:15 . 2010-11-18 13:15 90112 c:\windows\system32\CNC_ATO.dll
+ 2012-06-20 19:08 . 2011-02-03 16:17 78336 c:\windows\system32\CanonIJ Uninstaller Information\{1199FAD5-9546-44f3-81CF-FFDB8040B7BF}_Canon_MG5300_series\RES\DLL\IJInstJP.dll
+ 2012-01-24 16:51 . 2012-06-25 13:30 87952 c:\windows\system32\Adobe\Shockwave 11\uninstaller.exe
- 2011-11-22 13:34 . 2011-11-22 13:34 86016 c:\windows\system32\Adobe\Shockwave 11\SwMenu.dll
+ 2012-04-26 13:05 . 2012-04-26 13:05 86016 c:\windows\system32\Adobe\Shockwave 11\SwMenu.dll
- 2011-11-22 13:19 . 2011-11-22 13:19 73408 c:\windows\system32\Adobe\Shockwave 11\gtapi.dll
+ 2012-04-26 12:50 . 2012-04-26 12:50 73408 c:\windows\system32\Adobe\Shockwave 11\gtapi.dll
- 2011-11-22 13:19 . 2011-11-22 13:19 64512 c:\windows\system32\Adobe\Shockwave 11\gcapi_dll.dll
+ 2012-04-26 12:50 . 2012-04-26 12:50 64512 c:\windows\system32\Adobe\Shockwave 11\gcapi_dll.dll
+ 2012-04-26 13:06 . 2012-04-26 13:06 12800 c:\windows\system32\Adobe\Shockwave 11\DynaPlayer.dll
- 2011-11-22 13:36 . 2011-11-22 13:36 12800 c:\windows\system32\Adobe\Shockwave 11\DynaPlayer.dll
+ 2012-06-24 05:46 . 2012-06-24 05:46 50024 c:\windows\Microsoft.NET\assembly\GAC_MSIL\Intuit.Spc.Map.QuickBaseClient\v4.0_6.0.28.0__30bbd97113d631f1\Intuit.Spc.Map.QuickBaseClient.dll
+ 2012-06-24 05:46 . 2012-06-24 05:46 57704 c:\windows\Microsoft.NET\assembly\GAC_MSIL\Intuit.Spc.Map.Metrix.XmlSerializers\v4.0_6.0.28.0__30bbd97113d631f1\Intuit.Spc.Map.Metrix.XmlSerializers.dll
+ 2012-06-24 05:46 . 2012-06-24 05:46 79208 c:\windows\Microsoft.NET\assembly\GAC_MSIL\Intuit.Spc.Map.Core\v4.0_6.0.28.0__30bbd97113d631f1\Intuit.Spc.Map.Core.dll
+ 2012-06-24 05:46 . 2012-06-24 05:46 58728 c:\windows\Microsoft.NET\assembly\GAC_MSIL\Intuit.Spc.Map.3rdParty.MajesticHtmlParser\v4.0_6.0.28.0__30bbd97113d631f1\Intuit.Spc.Map.3rdParty.MajesticHTMLParser.dll
+ 2012-06-24 05:46 . 2012-06-24 05:46 18792 c:\windows\Microsoft.NET\assembly\GAC_MSIL\Intuit.Spc.Esd.WinClient.Ipc.Remoting.UpdateServiceWorker\v4.0_4.0.66.0__3ff6b78e2989595a\Intuit.Spc.Esd.WinClient.Ipc.Remoting.UpdateServiceWorker.dll
+ 2012-06-24 05:46 . 2012-06-24 05:46 47464 c:\windows\Microsoft.NET\assembly\GAC_MSIL\Intuit.Spc.Esd.WinClient.Application.UpdateServicePlugin\v4.0_4.0.66.0__3ff6b78e2989595a\Intuit.Spc.Esd.WinClient.Application.UpdateServicePlugin.dll
+ 2012-06-24 04:38 . 2012-06-24 04:38 18944 c:\windows\Microsoft.NET\assembly\GAC_MSIL\Intuit.Spc.Esd.WinClient.Application.UpdateService\v4.0_4.0.0.0__3ff6b78e2989595a\Intuit.Spc.Esd.WinClient.Application.UpdateService.dll
+ 2012-06-24 05:46 . 2012-06-24 05:46 45928 c:\windows\Microsoft.NET\assembly\GAC_MSIL\Intuit.Spc.Esd.WinClient.Application.Update\v4.0_4.0.66.0__3ff6b78e2989595a\Intuit.Spc.Esd.WinClient.Application.Update.exe
+ 2012-06-24 05:46 . 2012-06-24 05:46 40808 c:\windows\Microsoft.NET\assembly\GAC_MSIL\Intuit.Spc.Esd.WinClient.Application.ConfigUXv4\v4.0_4.0.66.0__3ff6b78e2989595a\Intuit.Spc.Esd.WinClient.Application.ConfigUXv4.exe
+ 2012-06-24 05:46 . 2012-06-24 05:46 44392 c:\windows\Microsoft.NET\assembly\GAC_MSIL\Intuit.Spc.Esd.Client.DataAccess.XmlSerializers\v4.0_4.0.66.0__3ff6b78e2989595a\Intuit.Spc.Esd.Client.DataAccess.XmlSerializers.dll
+ 2012-06-24 05:46 . 2012-06-24 05:46 71016 c:\windows\Microsoft.NET\assembly\GAC_MSIL\Intuit.Spc.Esd.Client.Common\v4.0_4.0.66.0__3ff6b78e2989595a\Intuit.Spc.Esd.Client.Common.dll
+ 2012-06-28 02:51 . 2012-06-28 02:51 75776 c:\windows\Installer\f8f304.msi
+ 2012-06-28 20:39 . 2012-06-28 20:39 20992 c:\windows\Installer\e00a40.msi
+ 2012-06-28 20:39 . 2012-06-28 20:39 52736 c:\windows\Installer\e00a3c.msi
+ 2012-06-28 20:39 . 2012-06-28 20:39 60928 c:\windows\Installer\e00a38.msi
+ 2012-06-28 20:39 . 2012-06-28 20:39 32256 c:\windows\Installer\e00a34.msi
+ 2012-06-28 20:36 . 2012-06-28 20:36 22528 c:\windows\Installer\e00a23.msi
+ 2012-06-27 05:52 . 2012-06-27 05:52 28672 c:\windows\Installer\7625db1.msi
+ 2011-02-08 01:04 . 2011-02-08 01:04 67584 c:\windows\Installer\714279.msp
+ 2009-05-27 01:33 . 2009-05-27 01:33 19456 c:\windows\Installer\5d173dd.msp
+ 2012-06-24 05:22 . 2012-06-24 05:22 25088 c:\windows\Installer\5bee31.msi
+ 2012-06-24 04:37 . 2012-06-24 04:37 27136 c:\windows\Installer\3283c6.msi
+ 2012-06-27 23:02 . 2012-06-27 23:02 27648 c:\windows\Installer\249494.msi
+ 2012-06-24 04:09 . 2012-06-24 04:09 97792 c:\windows\Installer\163453.msi
+ 2012-06-24 04:09 . 2012-06-24 04:09 69120 c:\windows\Installer\16344e.msi
+ 2012-06-24 04:06 . 2012-06-24 04:06 23040 c:\windows\Installer\163446.msi
+ 2012-06-28 03:43 . 2012-06-28 03:43 73216 c:\windows\Installer\12ccf37.msi
+ 2012-06-24 22:55 . 2012-07-03 03:19 27136 c:\windows\Installer\{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}\AppleSoftwareUpdateIco.exe
+ 2012-06-28 20:37 . 2012-06-28 20:37 44320 c:\windows\assembly\temp\V00ZQUM1OW\Intuit.Spc.Esd.WinClient.Application.Update.exe
+ 2012-06-28 20:37 . 2012-06-28 20:37 86016 c:\windows\assembly\temp\S8QKHSTYQZ\Intuit.Spc.Map.Core.dll
+ 2012-06-28 20:37 . 2012-06-28 20:37 72480 c:\windows\assembly\temp\B04PC83ZPE\Intuit.Spc.Esd.Client.Common.dll
+ 2012-06-28 20:37 . 2012-06-28 20:37 16384 c:\windows\assembly\temp\9HW218P5PG\Intuit.Spc.Map.SharedUIToolkit.dll
+ 2012-06-24 04:45 . 2012-06-24 04:45 14848 c:\windows\assembly\NativeImages_v4.0.30319_32\TVM\92a7dd15a8edbbb0c73b6024990972ed\TVM.ni.dll
+ 2012-06-24 04:11 . 2012-06-24 04:11 19968 c:\windows\assembly\NativeImages_v2.0.50727_32\TVM\426f561dc9393d8e0b1b18f843d78f72\TVM.ni.dll
+ 2012-06-24 05:26 . 2012-06-24 05:26 22016 c:\windows\assembly\NativeImages_v2.0.50727_32\TVM\1e1d5c3b6848fd15b770242a95807860\TVM.ni.dll
+ 2012-06-24 04:11 . 2012-06-24 04:11 68608 c:\windows\assembly\NativeImages_v2.0.50727_32\Intuit.Ctg.Wte.Inte#\ddc79271bff3b14674141a24b319fa66\Intuit.Ctg.Wte.InterviewControlLibrary.ni.dll
+ 2012-06-24 04:08 . 2012-06-24 04:08 57344 c:\windows\assembly\GAC_MSIL\Intuit.Spc.Oip.Messaging.Client.ExternalApi\2.1.2.4__540d4816ead86321\Intuit.Spc.Oip.Messaging.Client.ExternalApi.dll
+ 2012-06-24 05:24 . 2012-06-24 05:24 21864 c:\windows\assembly\GAC_MSIL\Intuit.Spc.Map.SharedUIToolkit\5.0.136.0__7ce6deabcb36a8ea\Intuit.Spc.Map.SharedUIToolkit.dll
+ 2012-06-24 04:08 . 2012-06-24 04:08 16384 c:\windows\assembly\GAC_MSIL\Intuit.Spc.Map.SharedUIToolkit\5.0.104.0__7ce6deabcb36a8ea\Intuit.Spc.Map.SharedUIToolkit.dll
+ 2012-06-29 19:29 . 2012-06-29 19:29 16384 c:\windows\assembly\GAC_MSIL\Intuit.Spc.Map.SharedUIToolkit\4.0.114.0__7ce6deabcb36a8ea\Intuit.Spc.Map.SharedUIToolkit.dll
+ 2012-06-24 05:24 . 2012-06-24 05:24 49000 c:\windows\assembly\GAC_MSIL\Intuit.Spc.Map.QuickBaseClient\5.0.136.0__7ce6deabcb36a8ea\Intuit.Spc.Map.QuickBaseClient.dll
+ 2012-06-24 04:08 . 2012-06-24 04:08 43520 c:\windows\assembly\GAC_MSIL\Intuit.Spc.Map.QuickBaseClient\5.0.104.0__7ce6deabcb36a8ea\Intuit.Spc.Map.QuickBaseClient.dll
+ 2012-06-24 05:24 . 2012-06-24 05:24 58728 c:\windows\assembly\GAC_MSIL\Intuit.Spc.Map.Metrix.XmlSerializers\5.0.136.0__7ce6deabcb36a8ea\Intuit.Spc.Map.Metrix.XmlSerializers.dll
+ 2012-06-24 04:08 . 2012-06-24 04:08 53248 c:\windows\assembly\GAC_MSIL\Intuit.Spc.Map.Metrix.XmlSerializers\5.0.104.0__7ce6deabcb36a8ea\Intuit.Spc.Map.Metrix.XmlSerializers.dll
+ 2012-06-24 05:24 . 2012-06-24 05:24 79208 c:\windows\assembly\GAC_MSIL\Intuit.Spc.Map.Core\5.0.136.0__7ce6deabcb36a8ea\Intuit.Spc.Map.Core.dll
+ 2012-06-24 04:08 . 2012-06-24 04:08 73728 c:\windows\assembly\GAC_MSIL\Intuit.Spc.Map.Core\5.0.104.0__7ce6deabcb36a8ea\Intuit.Spc.Map.Core.dll
+ 2012-06-29 19:29 . 2012-06-29 19:29 86016 c:\windows\assembly\GAC_MSIL\Intuit.Spc.Map.Core\4.0.114.0__7ce6deabcb36a8ea\Intuit.Spc.Map.Core.dll
+ 2012-06-29 19:29 . 2012-06-29 19:29 47104 c:\windows\assembly\GAC_MSIL\Intuit.Spc.Map.3rdParty.ObjectBuilder\4.0.114.0__7ce6deabcb36a8ea\Intuit.Spc.Map.3rdParty.ObjectBuilder.dll
+ 2012-06-24 05:24 . 2012-06-24 05:24 58728 c:\windows\assembly\GAC_MSIL\Intuit.Spc.Map.3rdParty.MajesticHTMLParser\5.0.136.0__7ce6deabcb36a8ea\Intuit.Spc.Map.3rdParty.MajesticHTMLParser.dll
+ 2012-06-24 04:07 . 2012-06-24 04:07 53248 c:\windows\assembly\GAC_MSIL\Intuit.Spc.Map.3rdParty.MajesticHTMLParser\5.0.104.0__7ce6deabcb36a8ea\Intuit.Spc.Map.3rdParty.MajesticHTMLParser.dll
+ 2012-06-29 19:29 . 2012-06-29 19:29 53248 c:\windows\assembly\GAC_MSIL\Intuit.Spc.Map.3rdParty.MajesticHTMLParser\4.0.114.0__7ce6deabcb36a8ea\Intuit.Spc.Map.3rdParty.MajesticHTMLParser.dll
+ 2012-06-24 04:07 . 2012-06-24 04:07 45056 c:\windows\assembly\GAC_MSIL\Intuit.Spc.Foundations.Subsystem.RestServices\3.1.2.2__540d4816ead86321\Intuit.Spc.Foundations.Subsystem.RestServices.dll
+ 2012-06-24 04:07 . 2012-06-24 04:07 53248 c:\windows\assembly\GAC_MSIL\Intuit.Spc.Foundations.Subsystem.Repository\3.1.2.2__540d4816ead86321\Intuit.Spc.Foundations.Subsystem.Repository.dll
+ 2012-06-24 04:07 . 2012-06-24 04:07 69632 c:\windows\assembly\GAC_MSIL\Intuit.Spc.Foundations.Subsystem.OrchestrationUtil\3.1.2.2__540d4816ead86321\Intuit.Spc.Foundations.Subsystem.OrchestrationUtil.dll
+ 2012-06-24 04:07 . 2012-06-24 04:07 94208 c:\windows\assembly\GAC_MSIL\Intuit.Spc.Foundations.Subsystem.Orchestration\3.1.2.2__540d4816ead86321\Intuit.Spc.Foundations.Subsystem.Orchestration.dll
+ 2012-06-24 04:07 . 2012-06-24 04:07 45056 c:\windows\assembly\GAC_MSIL\Intuit.Spc.Foundations.Subsystem.Installer\3.1.2.2__540d4816ead86321\Intuit.Spc.Foundations.Subsystem.Installer.dll
+ 2012-06-24 04:07 . 2012-06-24 04:07 94208 c:\windows\assembly\GAC_MSIL\Intuit.Spc.Foundations.Subsystem.DataAccessUtil\3.1.2.2__540d4816ead86321\Intuit.Spc.Foundations.Subsystem.DataAccessUtil.dll
+ 2012-06-24 04:07 . 2012-06-24 04:07 53248 c:\windows\assembly\GAC_MSIL\Intuit.Spc.Foundations.Subsystem.ClientUtil\3.1.2.2__540d4816ead86321\Intuit.Spc.Foundations.Subsystem.ClientUtil.dll
+ 2012-06-24 04:07 . 2012-06-24 04:07 20480 c:\windows\assembly\GAC_MSIL\Intuit.Spc.Foundations.Primary\3.1.2.2__540d4816ead86321\Intuit.Spc.Foundations.Primary.dll
+ 2012-06-24 04:07 . 2012-06-24 04:07 45056 c:\windows\assembly\GAC_MSIL\Intuit.Spc.Foundations.Primary.Xml\3.1.2.2__540d4816ead86321\Intuit.Spc.Foundations.Primary.Xml.dll
+ 2012-06-24 04:07 . 2012-06-24 04:07 15360 c:\windows\assembly\GAC_MSIL\Intuit.Spc.Foundations.Primary.VersionManager\3.1.2.2__540d4816ead86321\Intuit.Spc.Foundations.Primary.VersionManager.dll
+ 2012-06-24 04:07 . 2012-06-24 04:07 65536 c:\windows\assembly\GAC_MSIL\Intuit.Spc.Foundations.Primary.Serialization\3.1.2.2__540d4816ead86321\Intuit.Spc.Foundations.Primary.Serialization.dll
+ 2012-06-24 04:07 . 2012-06-24 04:07 45056 c:\windows\assembly\GAC_MSIL\Intuit.Spc.Foundations.Primary.Logging\3.1.2.2__540d4816ead86321\Intuit.Spc.Foundations.Primary.Logging.dll
+ 2012-06-24 04:07 . 2012-06-24 04:07 65536 c:\windows\assembly\GAC_MSIL\Intuit.Spc.Foundations.Primary.ExceptionHandling\3.1.2.2__540d4816ead86321\Intuit.Spc.Foundations.Primary.ExceptionHandling.dll
+ 2012-06-24 04:07 . 2012-06-24 04:07 73728 c:\windows\assembly\GAC_MSIL\Intuit.Spc.Foundations.Primary.Config\3.1.2.2__540d4816ead86321\Intuit.Spc.Foundations.Primary.Config.dll
+ 2012-06-24 04:07 . 2012-06-24 04:07 10752 c:\windows\assembly\GAC_MSIL\Intuit.Spc.Foundations.PortabilitySpecific30\3.1.2.2__540d4816ead86321\Intuit.Spc.Foundations.PortabilitySpecific30.dll
+ 2012-06-24 05:24 . 2012-06-24 05:24 18792 c:\windows\assembly\GAC_MSIL\Intuit.Spc.Esd.WinClient.Ipc.Remoting.UpdateServiceWorker\3.1.31.0__540d4816ead86321\Intuit.Spc.Esd.WinClient.Ipc.Remoting.UpdateServiceWorker.dll
+ 2012-06-24 04:07 . 2012-06-24 04:07 18720 c:\windows\assembly\GAC_MSIL\Intuit.Spc.Esd.WinClient.Ipc.Remoting.UpdateServiceWorker\3.0.335.0__540d4816ead86321\Intuit.Spc.Esd.WinClient.Ipc.Remoting.UpdateServiceWorker.dll
+ 2012-06-29 19:29 . 2012-06-29 19:29 18720 c:\windows\assembly\GAC_MSIL\Intuit.Spc.Esd.WinClient.Ipc.Remoting.UpdateServiceWorker\2.1.72.22__540d4816ead86321\Intuit.Spc.Esd.WinClient.Ipc.Remoting.UpdateServiceWorker.dll
+ 2012-06-24 05:24 . 2012-06-24 05:24 46952 c:\windows\assembly\GAC_MSIL\Intuit.Spc.Esd.WinClient.Application.UpdateServicePlugin\3.1.31.0__540d4816ead86321\Intuit.Spc.Esd.WinClient.Application.UpdateServicePlugin.dll
+ 2012-06-24 04:07 . 2012-06-24 04:07 46880 c:\windows\assembly\GAC_MSIL\Intuit.Spc.Esd.WinClient.Application.UpdateServicePlugin\3.0.335.0__540d4816ead86321\Intuit.Spc.Esd.WinClient.Application.UpdateServicePlugin.dll
+ 2012-06-29 19:29 . 2012-06-29 19:29 47392 c:\windows\assembly\GAC_MSIL\Intuit.Spc.Esd.WinClient.Application.UpdateServicePlugin\2.1.72.22__540d4816ead86321\Intuit.Spc.Esd.WinClient.Application.UpdateServicePlugin.dll
+ 2012-06-24 05:24 . 2012-06-24 05:24 23912 c:\windows\assembly\GAC_MSIL\Intuit.Spc.Esd.WinClient.Application.UpdateService\1.0.0.0__540d4816ead86321\Intuit.Spc.Esd.WinClient.Application.UpdateService.dll
+ 2012-06-24 05:24 . 2012-06-24 05:24 12136 c:\windows\assembly\GAC_MSIL\Intuit.Spc.Esd.WinClient.Application.UpdateService.PluginContract\1.0.0.0__540d4816ead86321\Intuit.Spc.Esd.WinClient.Application.UpdateService.PluginContract.dll
+ 2012-06-24 05:24 . 2012-06-24 05:24 45416 c:\windows\assembly\GAC_MSIL\Intuit.Spc.Esd.WinClient.Application.Update\3.1.31.0__540d4816ead86321\Intuit.Spc.Esd.WinClient.Application.Update.exe
+ 2012-06-24 04:07 . 2012-06-24 04:07 45344 c:\windows\assembly\GAC_MSIL\Intuit.Spc.Esd.WinClient.Application.Update\3.0.335.0__540d4816ead86321\Intuit.Spc.Esd.WinClient.Application.Update.exe
+ 2012-06-29 19:29 . 2012-06-29 19:29 44832 c:\windows\assembly\GAC_MSIL\Intuit.Spc.Esd.WinClient.Application.Update\2.1.72.22__540d4816ead86321\Intuit.Spc.Esd.WinClient.Application.Update.exe
+ 2012-06-24 05:24 . 2012-06-24 05:24 40296 c:\windows\assembly\GAC_MSIL\Intuit.Spc.Esd.WinClient.Application.ConfigUXv2\3.1.31.0__540d4816ead86321\Intuit.Spc.Esd.WinClient.Application.ConfigUXv2.exe
+ 2012-06-24 04:07 . 2012-06-24 04:07 40224 c:\windows\assembly\GAC_MSIL\Intuit.Spc.Esd.WinClient.Application.ConfigUXv2\3.0.335.0__540d4816ead86321\Intuit.Spc.Esd.WinClient.Application.ConfigUXv2.exe
+ 2012-06-29 19:29 . 2012-06-29 19:29 40224 c:\windows\assembly\GAC_MSIL\Intuit.Spc.Esd.WinClient.Application.ConfigUXv2\2.1.72.22__540d4816ead86321\Intuit.Spc.Esd.WinClient.Application.ConfigUXv2.exe
+ 2012-06-24 05:24 . 2012-06-24 05:24 54632 c:\windows\assembly\GAC_MSIL\Intuit.Spc.Esd.Client.DataAccess.XmlSerializers\3.1.31.0__540d4816ead86321\Intuit.Spc.Esd.Client.DataAccess.XmlSerializers.dll
+ 2012-06-24 04:07 . 2012-06-24 04:07 54560 c:\windows\assembly\GAC_MSIL\Intuit.Spc.Esd.Client.DataAccess.XmlSerializers\3.0.335.0__540d4816ead86321\Intuit.Spc.Esd.Client.DataAccess.XmlSerializers.dll
+ 2012-06-29 19:29 . 2012-06-29 19:29 54560 c:\windows\assembly\GAC_MSIL\Intuit.Spc.Esd.Client.DataAccess.XmlSerializers\2.1.72.22__540d4816ead86321\Intuit.Spc.Esd.Client.DataAccess.XmlSerializers.dll
+ 2012-06-24 05:24 . 2012-06-24 05:24 70504 c:\windows\assembly\GAC_MSIL\Intuit.Spc.Esd.Client.Common\3.1.31.0__540d4816ead86321\Intuit.Spc.Esd.Client.Common.dll
+ 2012-06-24 04:07 . 2012-06-24 04:07 70432 c:\windows\assembly\GAC_MSIL\Intuit.Spc.Esd.Client.Common\3.0.335.0__540d4816ead86321\Intuit.Spc.Esd.Client.Common.dll
+ 2012-06-29 19:29 . 2012-06-29 19:29 72992 c:\windows\assembly\GAC_MSIL\Intuit.Spc.Esd.Client.Common\2.1.72.22__540d4816ead86321\Intuit.Spc.Esd.Client.Common.dll
+ 2012-06-24 04:07 . 2012-06-24 04:07 32768 c:\windows\assembly\GAC_MSIL\Iesi.Collections\1.0.0.3__aa95f207798dfdb4\Iesi.Collections.dll
+ 2012-06-24 04:07 . 2012-06-24 04:07 77824 c:\windows\assembly\GAC_MSIL\Castle.DynamicProxy\1.1.5.0__407dd0808d44fbdc\Castle.DynamicProxy.dll
+ 2012-06-24 04:07 . 2012-06-24 04:07 10240 c:\windows\assembly\GAC_MSIL\BackgroundCopyManager\1.0.0.0__9e3a83f3f863854b\BackgroundCopyManager.dll
+ 2012-06-24 04:07 . 2012-06-24 04:07 28672 c:\windows\assembly\GAC\Common.Logging\1.2.0.0__af08829b84f0328e\Common.Logging.dll
+ 2012-06-20 19:01 . 2010-11-16 17:13 6159 c:\windows\twain_32\MG5300 series\SCNDB.DAT
+ 2012-06-20 19:01 . 2011-02-09 00:28 9040 c:\windows\twain_32\MG5300 series\CNC_389T.DAT
+ 2012-06-20 19:01 . 2011-02-08 23:59 1888 c:\windows\twain_32\MG5300 series\CNC_389M.DAT
+ 2012-06-20 19:07 . 2011-05-23 12:00 8704 c:\windows\system32\spool\drivers\w32x86\canonmg5300_series98e7\CNML2AT.DLL
+ 2012-06-20 19:07 . 2011-05-23 12:00 9728 c:\windows\system32\spool\drivers\w32x86\canonmg5300_series98e7\CNMFUAT.DLL
+ 2012-06-20 19:07 . 2011-05-23 12:00 8704 c:\windows\system32\spool\drivers\w32x86\3\CNML2AT.DLL
+ 2012-06-20 19:07 . 2011-05-23 12:00 9728 c:\windows\system32\spool\drivers\w32x86\3\CNMFUAT.DLL
+ 2011-08-31 22:28 . 2011-08-16 10:45 6144 c:\windows\system32\dllcache\iecompat.dll
+ 2012-06-24 04:38 . 2012-06-24 04:38 6656 c:\windows\Microsoft.NET\assembly\GAC_MSIL\Intuit.Spc.Esd.WinClient.Application.UpdateService.PluginContract\v4.0_4.0.0.0__3ff6b78e2989595a\Intuit.Spc.Esd.WinClient.Application.UpdateService.PluginContract.dll
+ 2012-06-27 06:07 . 2010-10-18 11:10 7680 c:\windows\ie8updates\KB2598845-IE8\iecompat.dll
+ 2012-06-20 19:01 . 2009-03-11 23:20 487424 c:\windows\twain_32\MG5300 series\usip.dll
+ 2012-06-20 19:01 . 2011-05-19 20:31 245760 c:\windows\twain_32\MG5300 series\TPM.dll
+ 2012-06-20 19:01 . 2010-11-09 23:17 147456 c:\windows\twain_32\MG5300 series\TDGLIB.dll
+ 2012-06-20 19:01 . 2009-01-21 18:41 122880 c:\windows\twain_32\MG5300 series\softfare.dll
+ 2012-06-20 19:01 . 2011-03-08 15:18 102400 c:\windows\twain_32\MG5300 series\SG_TRK.dll
+ 2012-06-20 19:01 . 2011-03-08 15:18 106496 c:\windows\twain_32\MG5300 series\SG_SVE.dll
+ 2012-06-20 19:01 . 2011-03-08 15:18 110592 c:\windows\twain_32\MG5300 series\SG_RUS.dll
+ 2012-06-20 19:01 . 2011-03-08 15:18 114688 c:\windows\twain_32\MG5300 series\SG_PTB.dll
+ 2012-06-20 19:01 . 2011-03-08 15:18 110592 c:\windows\twain_32\MG5300 series\SG_PLK.dll
+ 2012-06-20 19:01 . 2011-03-08 15:18 106496 c:\windows\twain_32\MG5300 series\SG_NOR.dll
+ 2012-06-20 19:01 . 2011-03-08 15:18 114688 c:\windows\twain_32\MG5300 series\SG_NLD.dll
+ 2012-06-20 19:01 . 2011-03-08 15:18 118784 c:\windows\twain_32\MG5300 series\SG_ITA.dll
+ 2012-06-20 19:01 . 2011-03-08 15:18 106496 c:\windows\twain_32\MG5300 series\SG_IND.dll
+ 2012-06-20 19:01 . 2011-03-08 15:18 110592 c:\windows\twain_32\MG5300 series\SG_HUN.dll
+ 2012-06-20 19:01 . 2011-03-08 15:18 118784 c:\windows\twain_32\MG5300 series\SG_FRA.dll
+ 2012-06-20 19:01 . 2011-03-08 15:18 106496 c:\windows\twain_32\MG5300 series\SG_FIN.dll
+ 2012-06-20 19:01 . 2011-03-08 15:18 118784 c:\windows\twain_32\MG5300 series\SG_ESP.dll
+ 2012-06-20 19:01 . 2011-03-08 15:18 102400 c:\windows\twain_32\MG5300 series\SG_ENU.dll
+ 2012-06-20 19:01 . 2011-03-08 15:18 118784 c:\windows\twain_32\MG5300 series\SG_ELL.dll
+ 2012-06-20 19:01 . 2011-03-08 15:18 114688 c:\windows\twain_32\MG5300 series\SG_DEU.dll
+ 2012-06-20 19:01 . 2011-03-08 15:18 106496 c:\windows\twain_32\MG5300 series\SG_DAN.dll
+ 2012-06-20 19:01 . 2011-03-08 15:18 106496 c:\windows\twain_32\MG5300 series\SG_CSY.dll
+ 2012-06-20 19:01 . 2011-03-08 15:18 102400 c:\windows\twain_32\MG5300 series\SG_ARA.dll
+ 2012-06-20 19:01 . 2007-07-02 18:04 114688 c:\windows\twain_32\MG5300 series\scrprmvl.dll
+ 2012-06-20 19:01 . 2010-01-14 17:55 118784 c:\windows\twain_32\MG5300 series\SCRPRMV.DLL
+ 2012-06-20 19:01 . 2011-05-19 20:31 122880 c:\windows\twain_32\MG5300 series\SCNIF.dll
+ 2012-06-20 19:01 . 2011-05-19 20:31 339968 c:\windows\twain_32\MG5300 series\SCNFLW.dll
+ 2012-06-20 19:01 . 2011-05-19 20:30 212992 c:\windows\twain_32\MG5300 series\SCNDB.dll
+ 2012-06-20 19:01 . 2010-09-17 23:52 135168 c:\windows\twain_32\MG5300 series\rstcol.dll
+ 2012-06-20 19:01 . 2008-01-23 23:45 454656 c:\windows\twain_32\MG5300 series\RACSLIB.dll
+ 2012-06-20 19:01 . 2009-10-30 02:18 143360 c:\windows\twain_32\MG5300 series\MC2.dll
+ 2012-06-20 19:01 . 2004-06-07 19:58 290816 c:\windows\twain_32\MG5300 series\libBLC.dll
+ 2012-06-20 19:01 . 2008-11-07 21:20 176128 c:\windows\twain_32\MG5300 series\CUBS.dll
+ 2012-06-20 19:01 . 2010-11-12 19:10 177648 c:\windows\twain_32\MG5300 series\CNC_389P.DAT
+ 2012-06-20 19:01 . 2005-08-24 22:51 126976 c:\windows\twain_32\MG5300 series\CFine2.dll
+ 2012-06-20 19:01 . 2008-11-05 17:10 118784 c:\windows\twain_32\MG5300 series\CAPS.dll
+ 2012-06-20 19:01 . 2009-11-26 18:32 118784 c:\windows\twain_32\MG5300 series\AG.dll
+ 2012-06-20 19:07 . 2011-05-23 12:00 472576 c:\windows\system32\spool\drivers\w32x86\canonmg5300_series98e7\CNMURAT.DLL
+ 2012-06-20 19:07 . 2011-05-23 12:00 826368 c:\windows\system32\spool\drivers\w32x86\canonmg5300_series98e7\CNMSMAT.DLL
+ 2012-06-20 19:07 . 2011-05-23 12:00 965632 c:\windows\system32\spool\drivers\w32x86\canonmg5300_series98e7\CNMSBAT.DLL
+ 2012-06-20 19:07 . 2011-05-23 12:00 185856 c:\windows\system32\spool\drivers\w32x86\canonmg5300_series98e7\CNMPVAT.DLL
+ 2012-06-20 19:07 . 2011-05-23 12:00 242688 c:\windows\system32\spool\drivers\w32x86\canonmg5300_series98e7\CNMLRAT.DLL
+ 2012-06-20 19:07 . 2011-05-23 12:00 130560 c:\windows\system32\spool\drivers\w32x86\canonmg5300_series98e7\CNMICAT.DLL
+ 2012-06-20 19:07 . 2011-05-23 12:00 120320 c:\windows\system32\spool\drivers\w32x86\canonmg5300_series98e7\CNMHOAT.DLL
+ 2012-06-20 19:07 . 2011-05-23 12:00 154112 c:\windows\system32\spool\drivers\w32x86\canonmg5300_series98e7\CNMEIAT.DLL
+ 2012-06-20 19:07 . 2011-05-23 12:00 637952 c:\windows\system32\spool\drivers\w32x86\canonmg5300_series98e7\CNMDRAT.DLL
+ 2012-06-20 19:07 . 2011-05-23 12:00 321024 c:\windows\system32\spool\drivers\w32x86\canonmg5300_series98e7\CNMD5AT.DLL
+ 2012-06-20 19:07 . 2011-05-23 12:00 112640 c:\windows\system32\spool\drivers\w32x86\canonmg5300_series98e7\CNMCPAT.DLL
+ 2012-06-20 19:07 . 2011-05-23 12:00 472576 c:\windows\system32\spool\drivers\w32x86\3\CNMURAT.DLL
+ 2012-06-20 19:07 . 2011-05-23 12:00 826368 c:\windows\system32\spool\drivers\w32x86\3\CNMSMAT.DLL
+ 2012-06-20 19:07 . 2011-05-23 12:00 965632 c:\windows\system32\spool\drivers\w32x86\3\CNMSBAT.DLL
+ 2012-06-20 19:07 . 2011-05-23 12:00 185856 c:\windows\system32\spool\drivers\w32x86\3\CNMPVAT.DLL
+ 2012-06-20 19:07 . 2011-05-23 12:00 242688 c:\windows\system32\spool\drivers\w32x86\3\CNMLRAT.DLL
+ 2012-06-20 19:07 . 2011-05-23 12:00 130560 c:\windows\system32\spool\drivers\w32x86\3\CNMICAT.DLL
+ 2012-06-20 19:07 . 2011-05-23 12:00 120320 c:\windows\system32\spool\drivers\w32x86\3\CNMHOAT.DLL
+ 2012-06-20 19:07 . 2011-05-23 12:00 154112 c:\windows\system32\spool\drivers\w32x86\3\CNMEIAT.DLL
+ 2012-06-20 19:07 . 2011-05-23 12:00 637952 c:\windows\system32\spool\drivers\w32x86\3\CNMDRAT.DLL
+ 2012-06-20 19:07 . 2011-05-23 12:00 321024 c:\windows\system32\spool\drivers\w32x86\3\CNMD5AT.DLL
+ 2012-06-20 19:07 . 2011-05-23 12:00 112640 c:\windows\system32\spool\drivers\w32x86\3\CNMCPAT.DLL
+ 2008-04-14 11:00 . 2012-07-03 02:51 610194 c:\windows\system32\perfh009.dat
+ 2008-04-14 11:00 . 2012-07-03 02:51 117332 c:\windows\system32\perfc009.dat
+ 2012-06-23 10:50 . 2012-06-23 10:50 686280 c:\windows\system32\Macromed\Flash\FlashUtil32_11_3_300_262_Plugin.exe
+ 2012-07-03 03:06 . 2012-07-03 03:06 686280 c:\windows\system32\Macromed\Flash\FlashUtil32_11_3_300_257_ActiveX.exe
+ 2012-07-03 03:06 . 2012-07-03 03:06 465096 c:\windows\system32\Macromed\Flash\FlashUtil32_11_3_300_257_ActiveX.dll
+ 2012-04-27 07:50 . 2012-07-03 03:06 257224 c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe
- 2009-01-24 13:56 . 2011-03-04 06:37 726528 c:\windows\system32\jscript.dll
+ 2009-01-24 13:56 . 2011-10-28 16:07 726528 c:\windows\system32\jscript.dll
+ 2012-06-25 13:40 . 2012-05-05 02:29 227720 c:\windows\system32\javaws.exe
+ 2012-06-25 13:40 . 2012-06-25 13:40 174064 c:\windows\system32\javaw.exe
+ 2012-06-25 13:40 . 2012-06-25 13:40 174064 c:\windows\system32\java.exe
+ 2011-08-28 23:28 . 2012-06-24 18:44 131688 c:\windows\system32\FNTCACHE.DAT
+ 2012-06-24 07:34 . 2009-01-24 08:36 103424 c:\windows\system32\DRVSTORE\qcusbser_514EB92F9103422A646F8D24CF57C0109F1E81BC\qcserxp.sys
+ 2012-06-24 07:34 . 2009-01-24 08:36 103424 c:\windows\system32\DRVSTORE\qcusbser_514EB92F9103422A646F8D24CF57C0109F1E81BC\qcser2k.sys
+ 2012-06-24 07:34 . 2009-10-27 04:57 105984 c:\windows\system32\DRVSTORE\qcusbmdm_9A58A8ED12E6FC90CB37A7F5780F7B85DC72292E\qcmdmxp.sys
+ 2012-06-24 07:34 . 2010-12-15 07:06 128512 c:\windows\system32\DRVSTORE\htcusbnet_F950DBD9A03F73438AA39C74C8CC88AFDBDDC056\htcusbnet.sys
+ 2012-06-24 22:56 . 2008-04-17 19:12 107368 c:\windows\system32\DRVSTORE\GEARAspiWD_3B7AACF0636A2C042EB7AD2AFF76D37B27BDD28C\x86\GEARAspi.dll
+ 2011-08-31 06:05 . 2011-08-31 06:05 178536 c:\windows\system32\dnssdX.dll
- 2011-08-30 01:29 . 2011-03-04 06:37 726528 c:\windows\system32\dllcache\jscript.dll
+ 2011-08-30 01:29 . 2011-10-28 16:07 726528 c:\windows\system32\dllcache\jscript.dll
+ 2011-02-03 07:20 . 2011-02-03 07:20 184320 c:\windows\system32\CNMIUAT.DLL
+ 2012-06-20 19:08 . 2011-02-03 16:17 107520 c:\windows\system32\CanonIJ Uninstaller Information\{1199FAD5-9546-44f3-81CF-FFDB8040B7BF}_Canon_MG5300_series\RES\DLL\IJInstUS.dll
+ 2012-06-20 19:08 . 2011-03-03 21:42 115712 c:\windows\system32\CanonIJ Uninstaller Information\{1199FAD5-9546-44f3-81CF-FFDB8040B7BF}_Canon_MG5300_series\RES\DLL\IJInstUK.dll
+ 2012-06-20 19:08 . 2011-02-18 16:36 107520 c:\windows\system32\CanonIJ Uninstaller Information\{1199FAD5-9546-44f3-81CF-FFDB8040B7BF}_Canon_MG5300_series\RES\DLL\IJInstTW.dll
+ 2012-06-20 19:08 . 2011-02-07 21:54 111104 c:\windows\system32\CanonIJ Uninstaller Information\{1199FAD5-9546-44f3-81CF-FFDB8040B7BF}_Canon_MG5300_series\RES\DLL\IJInstTR.dll
+ 2012-06-20 19:08 . 2011-02-18 16:51 107520 c:\windows\system32\CanonIJ Uninstaller Information\{1199FAD5-9546-44f3-81CF-FFDB8040B7BF}_Canon_MG5300_series\RES\DLL\IJInstTH.dll
+ 2012-06-20 19:08 . 2011-03-03 21:55 114688 c:\windows\system32\CanonIJ Uninstaller Information\{1199FAD5-9546-44f3-81CF-FFDB8040B7BF}_Canon_MG5300_series\RES\DLL\IJInstSL.dll
+ 2012-06-20 19:08 . 2011-02-25 02:12 115712 c:\windows\system32\CanonIJ Uninstaller Information\{1199FAD5-9546-44f3-81CF-FFDB8040B7BF}_Canon_MG5300_series\RES\DLL\IJInstSK.dll
+ 2012-06-20 19:08 . 2011-02-07 21:53 112128 c:\windows\system32\CanonIJ Uninstaller Information\{1199FAD5-9546-44f3-81CF-FFDB8040B7BF}_Canon_MG5300_series\RES\DLL\IJInstSE.dll
+ 2012-06-20 19:08 . 2011-03-03 21:38 114688 c:\windows\system32\CanonIJ Uninstaller Information\{1199FAD5-9546-44f3-81CF-FFDB8040B7BF}_Canon_MG5300_series\RES\DLL\IJInstRU.dll
+ 2012-06-20 19:08 . 2011-02-25 02:14 120320 c:\windows\system32\CanonIJ Uninstaller Information\{1199FAD5-9546-44f3-81CF-FFDB8040B7BF}_Canon_MG5300_series\RES\DLL\IJInstRO.dll
+ 2012-06-20 19:08 . 2011-02-07 21:51 115712 c:\windows\system32\CanonIJ Uninstaller Information\{1199FAD5-9546-44f3-81CF-FFDB8040B7BF}_Canon_MG5300_series\RES\DLL\IJInstPT.dll
+ 2012-06-20 19:08 . 2011-03-03 16:50 118784 c:\windows\system32\CanonIJ Uninstaller Information\{1199FAD5-9546-44f3-81CF-FFDB8040B7BF}_Canon_MG5300_series\RES\DLL\IJInstPL.dll
+ 2012-06-20 19:08 . 2011-02-07 21:47 110592 c:\windows\system32\CanonIJ Uninstaller Information\{1199FAD5-9546-44f3-81CF-FFDB8040B7BF}_Canon_MG5300_series\RES\DLL\IJInstNO.dll
+ 2012-06-20 19:08 . 2011-02-07 21:46 119808 c:\windows\system32\CanonIJ Uninstaller Information\{1199FAD5-9546-44f3-81CF-FFDB8040B7BF}_Canon_MG5300_series\RES\DLL\IJInstNL.dll
+ 2012-06-20 19:08 . 2011-03-03 20:58 117760 c:\windows\system32\CanonIJ Uninstaller Information\{1199FAD5-9546-44f3-81CF-FFDB8040B7BF}_Canon_MG5300_series\RES\DLL\IJInstLV.dll
+ 2012-06-20 19:08 . 2011-02-25 02:10 114688 c:\windows\system32\CanonIJ Uninstaller Information\{1199FAD5-9546-44f3-81CF-FFDB8040B7BF}_Canon_MG5300_series\RES\DLL\IJInstLT.dll
+ 2012-06-20 19:08 . 2011-02-18 16:10 107520 c:\windows\system32\CanonIJ Uninstaller Information\{1199FAD5-9546-44f3-81CF-FFDB8040B7BF}_Canon_MG5300_series\RES\DLL\IJInstKR.dll
+ 2012-06-20 19:08 . 2011-02-07 20:17 120832 c:\windows\system32\CanonIJ Uninstaller Information\{1199FAD5-9546-44f3-81CF-FFDB8040B7BF}_Canon_MG5300_series\RES\DLL\IJInstIT.dll
+ 2012-06-20 19:08 . 2011-02-18 17:55 112128 c:\windows\system32\CanonIJ Uninstaller Information\{1199FAD5-9546-44f3-81CF-FFDB8040B7BF}_Canon_MG5300_series\RES\DLL\IJInstID.dll
+ 2012-06-20 19:08 . 2011-02-07 20:16 117248 c:\windows\system32\CanonIJ Uninstaller Information\{1199FAD5-9546-44f3-81CF-FFDB8040B7BF}_Canon_MG5300_series\RES\DLL\IJInstHU.dll
+ 2012-06-20 19:08 . 2011-03-03 02:05 131072 c:\windows\system32\CanonIJ Uninstaller Information\{1199FAD5-9546-44f3-81CF-FFDB8040B7BF}_Canon_MG5300_series\RES\DLL\IJInstGR.dll
+ 2012-06-20 19:08 . 2011-03-03 22:19 122368 c:\windows\system32\CanonIJ Uninstaller Information\{1199FAD5-9546-44f3-81CF-FFDB8040B7BF}_Canon_MG5300_series\RES\DLL\IJInstFR.dll
+ 2012-06-20 19:08 . 2011-03-09 02:17 109056 c:\windows\system32\CanonIJ Uninstaller Information\{1199FAD5-9546-44f3-81CF-FFDB8040B7BF}_Canon_MG5300_series\RES\DLL\IJInstFI.dll
+ 2012-06-20 19:08 . 2011-03-09 02:36 109056 c:\windows\system32\CanonIJ Uninstaller Information\{1199FAD5-9546-44f3-81CF-FFDB8040B7BF}_Canon_MG5300_series\RES\DLL\IJInstET.dll
+ 2012-06-20 19:08 . 2011-01-06 21:42 123392 c:\windows\system32\CanonIJ Uninstaller Information\{1199FAD5-9546-44f3-81CF-FFDB8040B7BF}_Canon_MG5300_series\RES\DLL\IJInstES.dll
+ 2012-06-20 19:08 . 2011-02-07 20:13 113664 c:\windows\system32\CanonIJ Uninstaller Information\{1199FAD5-9546-44f3-81CF-FFDB8040B7BF}_Canon_MG5300_series\RES\DLL\IJInstDK.dll
+ 2012-06-20 19:08 . 2011-02-07 20:11 126464 c:\windows\system32\CanonIJ Uninstaller Information\{1199FAD5-9546-44f3-81CF-FFDB8040B7BF}_Canon_MG5300_series\RES\DLL\IJInstDE.dll
+ 2012-06-20 19:08 . 2011-03-03 16:53 111616 c:\windows\system32\CanonIJ Uninstaller Information\{1199FAD5-9546-44f3-81CF-FFDB8040B7BF}_Canon_MG5300_series\RES\DLL\IJInstCZ.dll
+ 2012-06-20 19:08 . 2011-02-18 16:56 107520 c:\windows\system32\CanonIJ Uninstaller Information\{1199FAD5-9546-44f3-81CF-FFDB8040B7BF}_Canon_MG5300_series\RES\DLL\IJInstCN.dll
+ 2012-06-20 19:08 . 2011-02-25 02:16 118784 c:\windows\system32\CanonIJ Uninstaller Information\{1199FAD5-9546-44f3-81CF-FFDB8040B7BF}_Canon_MG5300_series\RES\DLL\IJInstBG.dll
+ 2012-06-20 19:08 . 2011-03-03 01:04 107520 c:\windows\system32\CanonIJ Uninstaller Information\{1199FAD5-9546-44f3-81CF-FFDB8040B7BF}_Canon_MG5300_series\RES\DLL\IJInstAR.dll
+ 2012-06-20 19:08 . 2011-02-03 17:00 474528 c:\windows\system32\CanonIJ Uninstaller Information\{1199FAD5-9546-44f3-81CF-FFDB8040B7BF}_Canon_MG5300_series\DelDrv.exe
+ 2012-04-26 12:50 . 2012-04-26 12:50 284088 c:\windows\system32\Adobe\Shockwave 11\SymCCIS.dll
+ 2012-04-26 13:05 . 2012-04-26 13:05 114176 c:\windows\system32\Adobe\Shockwave 11\SwInit.exe
- 2011-11-22 13:34 . 2011-11-22 13:34 114176 c:\windows\system32\Adobe\Shockwave 11\SwInit.exe
+ 2012-04-26 13:06 . 2012-04-26 13:06 434176 c:\windows\system32\Adobe\Shockwave 11\Proj.dll
- 2011-11-22 13:36 . 2011-11-22 13:36 434176 c:\windows\system32\Adobe\Shockwave 11\Proj.dll
+ 2012-04-26 13:06 . 2012-04-26 13:06 366592 c:\windows\system32\Adobe\Shockwave 11\Plugin.dll
+ 2012-04-26 12:54 . 2012-04-26 12:54 990208 c:\windows\system32\Adobe\Shockwave 11\iml32.dll
- 2011-11-22 13:23 . 2011-11-22 13:23 990208 c:\windows\system32\Adobe\Shockwave 11\iml32.dll
+ 2012-04-26 13:05 . 2012-04-26 13:05 544256 c:\windows\system32\Adobe\Shockwave 11\Control.dll
+ 2012-04-26 13:12 . 2012-04-26 13:12 113592 c:\windows\system32\Adobe\Director\SWDNLD.EXE
+ 2012-04-26 13:12 . 2012-04-26 13:12 281016 c:\windows\system32\Adobe\Director\SwDir.dll
+ 2012-04-26 13:06 . 2012-04-26 13:06 145920 c:\windows\system32\Adobe\Director\np32dsw.dll
- 2011-11-22 13:36 . 2011-11-22 13:36 145920 c:\windows\system32\Adobe\Director\np32dsw.dll
+ 2012-07-03 02:42 . 2012-06-28 15:57 220074 c:\windows\pchealth\helpctr\Config\Cache\Professional_32_1033.dat
+ 2011-10-18 05:46 . 2011-10-18 05:46 217736 c:\windows\npMSDM.dll
+ 2012-06-24 05:46 . 2012-06-24 05:46 113512 c:\windows\Microsoft.NET\assembly\GAC_MSIL\Intuit.Spc.Map.Search\v4.0_6.0.28.0__30bbd97113d631f1\Intuit.Spc.Map.Search.dll
+ 2012-06-24 05:46 . 2012-06-24 05:46 480616 c:\windows\Microsoft.NET\assembly\GAC_MSIL\Intuit.Spc.Map.Reporter\v4.0_6.0.28.0__30bbd97113d631f1\Intuit.Spc.Map.Reporter.dll
+ 2012-06-24 05:46 . 2012-06-24 05:46 212840 c:\windows\Microsoft.NET\assembly\GAC_MSIL\Intuit.Spc.Map.Reporter.XmlSerializers\v4.0_6.0.28.0__30bbd97113d631f1\Intuit.Spc.Map.Reporter.XmlSerializers.dll
+ 2012-06-24 05:46 . 2012-06-24 05:46 205160 c:\windows\Microsoft.NET\assembly\GAC_MSIL\Intuit.Spc.Map.QuickBaseClient.XmlSerializers\v4.0_6.0.28.0__30bbd97113d631f1\Intuit.Spc.Map.QuickBaseClient.XmlSerializers.dll
+ 2012-06-24 05:46 . 2012-06-24 05:46 135016 c:\windows\Microsoft.NET\assembly\GAC_MSIL\Intuit.Spc.Map.Metrix\v4.0_6.0.28.0__30bbd97113d631f1\Intuit.Spc.Map.Metrix.dll
+ 2012-06-24 05:46 . 2012-06-24 05:46 181608 c:\windows\Microsoft.NET\assembly\GAC_MSIL\Intuit.Spc.Map.3rdParty.SharpZipLib\v4.0_6.0.28.0__30bbd97113d631f1\Intuit.Spc.Map.3rdParty.SharpZipLib.dll
+ 2012-06-24 05:46 . 2012-06-24 05:46 402792 c:\windows\Microsoft.NET\assembly\GAC_MSIL\Intuit.Spc.Map.3rdParty.Lucene\v4.0_6.0.28.0__30bbd97113d631f1\Intuit.Spc.Map.3rdParty.Lucene.dll
+ 2012-06-24 05:46 . 2012-06-24 05:46 361832 c:\windows\Microsoft.NET\assembly\GAC_MSIL\Intuit.Spc.Esd.WinClient.Application.UX\v4.0_4.0.66.0__3ff6b78e2989595a\Intuit.Spc.Esd.WinClient.Application.UX.dll
+ 2012-06-24 05:46 . 2012-06-24 05:46 423784 c:\windows\Microsoft.NET\assembly\GAC_MSIL\Intuit.Spc.Esd.WinClient.Api.Net\v4.0_4.0.66.0__3ff6b78e2989595a\Intuit.Spc.Esd.WinClient.Api.Net.dll
+ 2012-06-24 05:46 . 2012-06-24 05:46 272744 c:\windows\Microsoft.NET\assembly\GAC_MSIL\Intuit.Spc.Esd.Core\v4.0_4.0.22.0__3ff6b78e2989595a\Intuit.Spc.Esd.Core.dll
+ 2012-06-24 05:46 . 2012-06-24 05:46 196968 c:\windows\Microsoft.NET\assembly\GAC_MSIL\Intuit.Spc.Esd.Core.XmlSerializers\v4.0_4.0.22.0__3ff6b78e2989595a\Intuit.Spc.Esd.Core.XmlSerializers.dll
+ 2012-06-24 05:46 . 2012-06-24 05:46 100200 c:\windows\Microsoft.NET\assembly\GAC_MSIL\Intuit.Spc.Esd.Client.DataAccess\v4.0_4.0.66.0__3ff6b78e2989595a\Intuit.Spc.Esd.Client.DataAccess.dll
+ 2012-06-24 05:46 . 2012-06-24 05:46 129896 c:\windows\Microsoft.NET\assembly\GAC_MSIL\Intuit.Spc.Esd.Client.BusinessLogic\v4.0_4.0.66.0__3ff6b78e2989595a\Intuit.Spc.Esd.Client.BusinessLogic.dll
+ 2012-06-24 05:46 . 2012-06-24 05:46 375296 c:\windows\Microsoft.NET\assembly\GAC_32\Intuit.Spc.Map.WindowsFirewallUtilities\v4.0_6.0.28.0__30bbd97113d631f1\Intuit.Spc.Map.WindowsFirewallUtilities.dll
+ 2012-06-28 20:40 . 2012-06-28 20:40 201728 c:\windows\Installer\e00a44.msi
+ 2012-06-27 06:00 . 2012-06-27 06:00 585216 c:\windows\Installer\7625dc1.msi
+ 2012-02-21 01:15 . 2012-02-21 01:15 332800 c:\windows\Installer\71353a.msp
+ 2009-05-27 01:32 . 2009-05-27 01:32 325120 c:\windows\Installer\5d173ee.msp
+ 2009-03-20 02:35 . 2009-03-20 02:35 141312 c:\windows\Installer\5d173d5.msp
+ 2012-06-24 05:25 . 2012-06-24 05:25 115712 c:\windows\Installer\5bee4a.msi
+ 2012-06-24 05:24 . 2012-06-24 05:24 113664 c:\windows\Installer\5bee40.msi
+ 2012-06-25 19:10 . 2012-06-25 19:10 348160 c:\windows\Installer\472bc50.msi
+ 2012-06-25 18:57 . 2012-06-25 18:57 176128 c:\windows\Installer\466abf7.msi
+ 2012-06-25 13:40 . 2012-06-25 13:40 457216 c:\windows\Installer\335db39.msi
+ 2012-06-25 13:40 . 2012-06-25 13:40 863744 c:\windows\Installer\335db35.msi
+ 2012-06-24 04:41 . 2012-06-24 04:41 135680 c:\windows\Installer\3283d4.msi
+ 2012-06-24 04:40 . 2012-06-24 04:40 148992 c:\windows\Installer\3283ce.msi
+ 2009-12-15 00:48 . 2009-12-15 00:48 317440 c:\windows\Installer\163797.msp
+ 2012-06-29 19:29 . 2012-06-29 19:29 332552 c:\windows\Installer\{88214092-836F-4E22-A5AC-569AC9EE6A0F}\TurboTax.exe
+ 2012-06-28 17:09 . 2012-06-28 17:09 380928 c:\windows\Installer\{23B8A91D-680B-462B-87AD-3D70F7341731}\iTunesIco.exe
+ 2012-06-27 06:08 . 2010-07-05 13:16 382840 c:\windows\ie8updates\KB2632503-IE8\spuninst\updspapi.dll
+ 2012-06-27 06:08 . 2010-07-05 13:15 231288 c:\windows\ie8updates\KB2632503-IE8\spuninst\spuninst.exe
+ 2012-06-27 06:08 . 2011-03-04 06:37 726528 c:\windows\ie8updates\KB2632503-IE8\jscript.dll
+ 2012-06-27 06:07 . 2010-07-05 13:16 382840 c:\windows\ie8updates\KB2598845-IE8\spuninst\updspapi.dll
+ 2012-06-27 06:07 . 2010-07-05 13:15 231288 c:\windows\ie8updates\KB2598845-IE8\spuninst\spuninst.exe
+ 2012-06-28 20:37 . 2012-06-28 20:37 120608 c:\windows\assembly\temp\ZJ5E76YE4A\Intuit.Spc.Esd.Client.DataAccess.dll
+ 2012-06-28 20:37 . 2012-06-28 20:37 217376 c:\windows\assembly\temp\OXOTRAEP2M\Intuit.Spc.Esd.Core.dll
+ 2012-06-28 20:37 . 2012-06-28 20:37 197920 c:\windows\assembly\temp\HWQKIKZY79\Intuit.Spc.Esd.Core.XmlSerializers.dll
+ 2012-06-28 20:37 . 2012-06-28 20:37 400672 c:\windows\assembly\temp\FXQKR4EP8B\Intuit.Spc.Esd.WinClient.Api.Net.dll
+ 2012-06-28 20:37 . 2012-06-28 20:37 130848 c:\windows\assembly\temp\EANI7EW8MB\Intuit.Spc.Esd.Client.BusinessLogic.dll
+ 2012-06-28 20:37 . 2012-06-28 20:37 176128 c:\windows\assembly\temp\C3XMZPQ6MR\Intuit.Spc.Map.3rdParty.SharpZipLib.dll
+ 2012-06-28 20:37 . 2012-06-28 20:37 341792 c:\windows\assembly\temp\AD3ZHCW38W\Intuit.Spc.Esd.WinClient.Application.UX.dll
+ 2012-06-28 20:37 . 2012-06-28 20:37 471040 c:\windows\assembly\temp\1XJNG3TUIT\Intuit.Spc.Map.Reporter.dll
+ 2012-06-24 04:45 . 2012-06-24 04:45 121856 c:\windows\assembly\NativeImages_v4.0.30319_32\System.Windows.Inte#\fe1472e3c5f919479dc6d8653e0d98b8\System.Windows.Interactivity.ni.dll
+ 2012-06-24 04:44 . 2012-06-24 04:44 969728 c:\windows\assembly\NativeImages_v4.0.30319_32\Intuit.Ctg.Wte.Serv#\540668d2dacf1e44ea27aada8a0a4bc5\Intuit.Ctg.Wte.Service.Interface.ni.dll
+ 2012-06-24 04:44 . 2012-06-24 04:44 198656 c:\windows\assembly\NativeImages_v4.0.30319_32\IKVM.Runtime.JNI\62049e35dcf60ea97cf048fbcaf8dec6\IKVM.Runtime.JNI.ni.dll
+ 2012-06-24 04:44 . 2012-06-24 04:44 697856 c:\windows\assembly\NativeImages_v4.0.30319_32\IKVM.OpenJDK.XML.API\efa360d0f3d79414f0eec72c19991fd5\IKVM.OpenJDK.XML.API.ni.dll
+ 2012-06-24 04:44 . 2012-06-24 04:44 250880 c:\windows\assembly\NativeImages_v4.0.30319_32\common-utility\4c1261fdd3077d7169a296b7a4b5955e\common-utility.ni.dll
+ 2012-06-24 05:26 . 2012-06-24 05:26 116736 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Inte#\221112d506ad3bb04a64660eab5e44da\System.Windows.Interactivity.ni.dll
+ 2012-06-24 04:11 . 2012-06-24 04:11 696320 c:\windows\assembly\NativeImages_v2.0.50727_32\log4net\cb360d948d3a415eed4a9924b14c98e5\log4net.ni.dll
+ 2012-06-24 05:26 . 2012-06-24 05:26 946176 c:\windows\assembly\NativeImages_v2.0.50727_32\Intuit.Ctg.Wte.Serv#\c3e87bcac6ffd1aadceaa48f12a3e1b7\Intuit.Ctg.Wte.Service.Interface.ni.dll
+ 2012-06-24 04:11 . 2012-06-24 04:11 651264 c:\windows\assembly\NativeImages_v2.0.50727_32\Intuit.Ctg.Wte.Serv#\6ed00a5ec771c097031f4c2a7d41b086\Intuit.Ctg.Wte.Service.Interface.ni.dll
+ 2012-06-24 04:11 . 2012-06-24 04:11 802304 c:\windows\assembly\NativeImages_v2.0.50727_32\Infragistics2.Share#\82b21fc907a5e6292e4f3a8178081a8c\Infragistics2.Shared.v8.2.ni.dll
+ 2012-06-24 04:08 . 2012-06-24 04:08 174080 c:\windows\assembly\GAC_MSIL\System.Data.SQLite.Linq\2.0.38.0__db937bc2d44ff139\System.Data.SQLite.Linq.dll
+ 2012-06-24 04:08 . 2012-06-24 04:08 602112 c:\windows\assembly\GAC_MSIL\Spring.Core\1.1.0.2__65e474d141e25e07\Spring.Core.dll
+ 2012-06-24 04:08 . 2012-06-24 04:08 143360 c:\windows\assembly\GAC_MSIL\Spring.Aop\1.1.0.2__65e474d141e25e07\Spring.Aop.dll
+ 2012-06-24 04:08 . 2012-06-24 04:08 884736 c:\windows\assembly\GAC_MSIL\Microsoft.Web.Services3\3.0.0.0__31bf3856ad364e35\Microsoft.Web.Services3.dll
+ 2012-06-24 04:08 . 2012-06-24 04:08 270336 c:\windows\assembly\GAC_MSIL\log4net\1.2.10.0__1b44e1d426115821\log4net.dll
+ 2012-06-24 04:08 . 2012-06-24 04:08 221184 c:\windows\assembly\GAC_MSIL\Intuit.Spc.Oip.Messaging.Client.Protocol\2.1.2.4__540d4816ead86321\Intuit.Spc.Oip.Messaging.Client.Protocol.dll
+ 2012-06-24 04:08 . 2012-06-24 04:08 114688 c:\windows\assembly\GAC_MSIL\Intuit.Spc.Oip.Messaging.Client.Core\2.1.2.4__540d4816ead86321\Intuit.Spc.Oip.Messaging.Client.Core.dll
+ 2012-06-24 05:24 . 2012-06-24 05:24 409960 c:\windows\assembly\GAC_MSIL\Intuit.Spc.Map.WindowsFirewallUtilities\5.0.136.0__7ce6deabcb36a8ea\Intuit.Spc.Map.WindowsFirewallUtilities.dll
+ 2012-06-24 04:08 . 2012-06-24 04:08 403456 c:\windows\assembly\GAC_MSIL\Intuit.Spc.Map.WindowsFirewallUtilities\5.0.104.0__7ce6deabcb36a8ea\Intuit.Spc.Map.WindowsFirewallUtilities.dll
+ 2012-06-24 05:24 . 2012-06-24 05:24 114024 c:\windows\assembly\GAC_MSIL\Intuit.Spc.Map.Search\5.0.136.0__7ce6deabcb36a8ea\Intuit.Spc.Map.Search.dll
+ 2012-06-24 04:08 . 2012-06-24 04:08 108544 c:\windows\assembly\GAC_MSIL\Intuit.Spc.Map.Search\5.0.104.0__7ce6deabcb36a8ea\Intuit.Spc.Map.Search.dll
+ 2012-06-29 19:29 . 2012-06-29 19:29 108544 c:\windows\assembly\GAC_MSIL\Intuit.Spc.Map.Search\4.0.114.0__7ce6deabcb36a8ea\Intuit.Spc.Map.Search.dll
+ 2012-06-24 05:24 . 2012-06-24 05:24 476520 c:\windows\assembly\GAC_MSIL\Intuit.Spc.Map.Reporter\5.0.136.0__7ce6deabcb36a8ea\Intuit.Spc.Map.Reporter.dll
+ 2012-06-24 04:08 . 2012-06-24 04:08 471040 c:\windows\assembly\GAC_MSIL\Intuit.Spc.Map.Reporter\5.0.104.0__7ce6deabcb36a8ea\Intuit.Spc.Map.Reporter.dll
+ 2012-06-29 19:29 . 2012-06-29 19:29 471040 c:\windows\assembly\GAC_MSIL\Intuit.Spc.Map.Reporter\4.0.114.0__7ce6deabcb36a8ea\Intuit.Spc.Map.Reporter.dll
+ 2012-06-24 05:24 . 2012-06-24 05:24 226664 c:\windows\assembly\GAC_MSIL\Intuit.Spc.Map.Reporter.XmlSerializers\5.0.136.0__7ce6deabcb36a8ea\Intuit.Spc.Map.Reporter.XmlSerializers.dll
+ 2012-06-24 04:08 . 2012-06-24 04:08 221184 c:\windows\assembly\GAC_MSIL\Intuit.Spc.Map.Reporter.XmlSerializers\5.0.104.0__7ce6deabcb36a8ea\Intuit.Spc.Map.Reporter.XmlSerializers.dll
+ 2012-06-24 05:24 . 2012-06-24 05:24 214376 c:\windows\assembly\GAC_MSIL\Intuit.Spc.Map.QuickBaseClient.XmlSerializers\5.0.136.0__7ce6deabcb36a8ea\Intuit.Spc.Map.QuickBaseClient.XmlSerializers.dll
+ 2012-06-24 04:08 . 2012-06-24 04:08 208896 c:\windows\assembly\GAC_MSIL\Intuit.Spc.Map.QuickBaseClient.XmlSerializers\5.0.104.0__7ce6deabcb36a8ea\Intuit.Spc.Map.QuickBaseClient.XmlSerializers.dll
+ 2012-06-24 05:24 . 2012-06-24 05:24 122728 c:\windows\assembly\GAC_MSIL\Intuit.Spc.Map.Metrix\5.0.136.0__7ce6deabcb36a8ea\Intuit.Spc.Map.Metrix.dll
+ 2012-06-24 04:08 . 2012-06-24 04:08 116736 c:\windows\assembly\GAC_MSIL\Intuit.Spc.Map.Metrix\5.0.104.0__7ce6deabcb36a8ea\Intuit.Spc.Map.Metrix.dll
+ 2012-06-29 19:29 . 2012-06-29 19:29 162816 c:\windows\assembly\GAC_MSIL\Intuit.Spc.Map.Core.Plugin\4.0.114.0__7ce6deabcb36a8ea\Intuit.Spc.Map.Core.Plugin.dll
+ 2012-06-24 05:24 . 2012-06-24 05:24 181608 c:\windows\assembly\GAC_MSIL\Intuit.Spc.Map.3rdParty.SharpZipLib\5.0.136.0__7ce6deabcb36a8ea\Intuit.Spc.Map.3rdParty.SharpZipLib.dll
+ 2012-06-24 04:08 . 2012-06-24 04:08 176128 c:\windows\assembly\GAC_MSIL\Intuit.Spc.Map.3rdParty.SharpZipLib\5.0.104.0__7ce6deabcb36a8ea\Intuit.Spc.Map.3rdParty.SharpZipLib.dll
+ 2012-06-29 19:29 . 2012-06-29 19:29 176128 c:\windows\assembly\GAC_MSIL\Intuit.Spc.Map.3rdParty.SharpZipLib\4.0.114.0__7ce6deabcb36a8ea\Intuit.Spc.Map.3rdParty.SharpZipLib.dll
+ 2012-06-24 05:24 . 2012-06-24 05:24 402792 c:\windows\assembly\GAC_MSIL\Intuit.Spc.Map.3rdParty.Lucene\5.0.136.0__7ce6deabcb36a8ea\Intuit.Spc.Map.3rdParty.Lucene.dll
+ 2012-06-24 04:07 . 2012-06-24 04:07 397312 c:\windows\assembly\GAC_MSIL\Intuit.Spc.Map.3rdParty.Lucene\5.0.104.0__7ce6deabcb36a8ea\Intuit.Spc.Map.3rdParty.Lucene.dll
+ 2012-06-29 19:29 . 2012-06-29 19:29 397312 c:\windows\assembly\GAC_MSIL\Intuit.Spc.Map.3rdParty.Lucene\4.0.114.0__7ce6deabcb36a8ea\Intuit.Spc.Map.3rdParty.Lucene.dll
+ 2012-06-24 04:07 . 2012-06-24 04:07 106496 c:\windows\assembly\GAC_MSIL\Intuit.Spc.Foundations.Subsystem.Provider.PreferencesSpecific\3.1.2.2__540d4816ead86321\Intuit.Spc.Foundations.Subsystem.Provider.PreferencesSpecific.dll
+ 2012-06-24 04:07 . 2012-06-24 04:07 217088 c:\windows\assembly\GAC_MSIL\Intuit.Spc.Foundations.Subsystem.DataAccess\3.1.2.2__540d4816ead86321\Intuit.Spc.Foundations.Subsystem.DataAccess.dll
+ 2012-06-24 04:07 . 2012-06-24 04:07 651264 c:\windows\assembly\GAC_MSIL\Intuit.Spc.Foundations.Subsystem.DataAccess.Entity\3.1.2.2__540d4816ead86321\Intuit.Spc.Foundations.Subsystem.DataAccess.Entity.dll
+ 2012-06-24 04:07 . 2012-06-24 04:07 458752 c:\windows\assembly\GAC_MSIL\Intuit.Spc.Foundations.Portability\3.1.2.2__540d4816ead86321\Intuit.Spc.Foundations.Portability.dll
+ 2012-06-24 04:07 . 2012-06-24 04:07 106496 c:\windows\assembly\GAC_MSIL\Intuit.Spc.Foundations.Component\3.1.2.2__540d4816ead86321\Intuit.Spc.Foundations.Component.dll
+ 2012-06-24 05:24 . 2012-06-24 05:24 357736 c:\windows\assembly\GAC_MSIL\Intuit.Spc.Esd.WinClient.Application.UX\3.1.31.0__540d4816ead86321\Intuit.Spc.Esd.WinClient.Application.UX.dll
+ 2012-06-24 04:07 . 2012-06-24 04:07 356640 c:\windows\assembly\GAC_MSIL\Intuit.Spc.Esd.WinClient.Application.UX\3.0.335.0__540d4816ead86321\Intuit.Spc.Esd.WinClient.Application.UX.dll
+ 2012-06-29 19:29 . 2012-06-29 19:29 342304 c:\windows\assembly\GAC_MSIL\Intuit.Spc.Esd.WinClient.Application.UX\2.1.72.22__540d4816ead86321\Intuit.Spc.Esd.WinClient.Application.UX.dll
+ 2012-06-24 05:24 . 2012-06-24 05:24 421224 c:\windows\assembly\GAC_MSIL\Intuit.Spc.Esd.WinClient.Api.Net\3.1.31.0__540d4816ead86321\Intuit.Spc.Esd.WinClient.Api.Net.dll
+ 2012-06-24 04:07 . 2012-06-24 04:07 419616 c:\windows\assembly\GAC_MSIL\Intuit.Spc.Esd.WinClient.Api.Net\3.0.335.0__540d4816ead86321\Intuit.Spc.Esd.WinClient.Api.Net.dll
+ 2012-06-29 19:29 . 2012-06-29 19:29 402208 c:\windows\assembly\GAC_MSIL\Intuit.Spc.Esd.WinClient.Api.Net\2.1.72.22__540d4816ead86321\Intuit.Spc.Esd.WinClient.Api.Net.dll
+ 2012-06-24 05:24 . 2012-06-24 05:24 269672 c:\windows\assembly\GAC_MSIL\Intuit.Spc.Esd.Core\3.1.26.0__540d4816ead86321\Intuit.Spc.Esd.Core.dll
+ 2012-06-24 04:07 . 2012-06-24 04:07 270112 c:\windows\assembly\GAC_MSIL\Intuit.Spc.Esd.Core\2.0.445.0__540d4816ead86321\Intuit.Spc.Esd.Core.dll
+ 2012-06-29 19:29 . 2012-06-29 19:29 238368 c:\windows\assembly\GAC_MSIL\Intuit.Spc.Esd.Core\2.0.145.4__540d4816ead86321\Intuit.Spc.Esd.Core.dll
+ 2012-06-24 05:24 . 2012-06-24 05:24 206184 c:\windows\assembly\GAC_MSIL\Intuit.Spc.Esd.Core.XmlSerializers\3.1.26.0__540d4816ead86321\Intuit.Spc.Esd.Core.XmlSerializers.dll
+ 2012-06-24 04:07 . 2012-06-24 04:07 206112 c:\windows\assembly\GAC_MSIL\Intuit.Spc.Esd.Core.XmlSerializers\2.0.445.0__540d4816ead86321\Intuit.Spc.Esd.Core.XmlSerializers.dll
+ 2012-06-29 19:29 . 2012-06-29 19:29 202016 c:\windows\assembly\GAC_MSIL\Intuit.Spc.Esd.Core.XmlSerializers\2.0.145.4__540d4816ead86321\Intuit.Spc.Esd.Core.XmlSerializers.dll
+ 2012-06-24 05:24 . 2012-06-24 05:24 120168 c:\windows\assembly\GAC_MSIL\Intuit.Spc.Esd.Client.DataAccess\3.1.31.0__540d4816ead86321\Intuit.Spc.Esd.Client.DataAccess.dll
+ 2012-06-24 04:07 . 2012-06-24 04:07 120096 c:\windows\assembly\GAC_MSIL\Intuit.Spc.Esd.Client.DataAccess\3.0.335.0__540d4816ead86321\Intuit.Spc.Esd.Client.DataAccess.dll
+ 2012-06-29 19:29 . 2012-06-29 19:29 120608 c:\windows\assembly\GAC_MSIL\Intuit.Spc.Esd.Client.DataAccess\2.1.72.22__540d4816ead86321\Intuit.Spc.Esd.Client.DataAccess.dll
+ 2012-06-24 05:24 . 2012-06-24 05:24 121704 c:\windows\assembly\GAC_MSIL\Intuit.Spc.Esd.Client.BusinessLogic\3.1.31.0__540d4816ead86321\Intuit.Spc.Esd.Client.BusinessLogic.dll
+ 2012-06-24 04:07 . 2012-06-24 04:07 121632 c:\windows\assembly\GAC_MSIL\Intuit.Spc.Esd.Client.BusinessLogic\3.0.335.0__540d4816ead86321\Intuit.Spc.Esd.Client.BusinessLogic.dll
+ 2012-06-29 19:29 . 2012-06-29 19:29 130848 c:\windows\assembly\GAC_MSIL\Intuit.Spc.Esd.Client.BusinessLogic\2.1.72.22__540d4816ead86321\Intuit.Spc.Esd.Client.BusinessLogic.dll
+ 2012-06-24 04:07 . 2012-06-24 04:07 106496 c:\windows\assembly\GAC_MSIL\antlr.runtime\2.7.6.2__65e474d141e25e07\antlr.runtime.dll
+ 2012-06-24 04:08 . 2012-06-24 04:08 854016 c:\windows\assembly\GAC_32\System.Data.SQLite\1.0.61.0__db937bc2d44ff139\System.Data.SQLite.DLL
+ 2012-06-28 20:37 . 2012-06-28 20:37 755712 c:\windows\assembly\GAC_32\System.Data.SQLite\1.0.56.0__28c9bcd4dddc48a1\System.Data.SQLite.DLL
+ 2012-06-20 19:01 . 2008-12-26 17:57 1159168 c:\windows\twain_32\MG5300 series\SGCFLTR.dll
+ 2012-06-20 19:01 . 2011-05-19 20:32 1253376 c:\windows\twain_32\MG5300 series\SG_IMG.dll
+ 2012-06-20 19:01 . 2011-05-19 20:34 1097728 c:\windows\twain_32\MG5300 series\SCNUI.dll
+ 2012-06-20 19:01 . 2010-11-17 18:44 1355776 c:\windows\twain_32\MG5300 series\IB.dll
+ 2012-06-20 19:01 . 2011-02-09 00:41 2102320 c:\windows\twain_32\MG5300 series\CNC_389R.DAT
- 2011-08-29 05:39 . 2008-07-08 02:55 1112288 c:\windows\system32\WdfCoInstaller01007.dll
+ 2011-08-29 05:39 . 2009-11-08 00:41 1112288 c:\windows\system32\WdfCoInstaller01007.dll
+ 2012-06-20 19:07 . 2011-05-23 12:00 3526144 c:\windows\system32\spool\drivers\w32x86\canonmg5300_series98e7\CNMUIAT.DLL
+ 2012-06-20 19:07 . 2011-05-23 12:00 1091584 c:\windows\system32\spool\drivers\w32x86\canonmg5300_series98e7\CNMUBAT.DLL
+ 2012-06-20 19:07 . 2011-05-23 12:00 2308608 c:\windows\system32\spool\drivers\w32x86\canonmg5300_series98e7\CNMCBAT.DLL
+ 2012-06-20 19:07 . 2011-05-23 12:00 3526144 c:\windows\system32\spool\drivers\w32x86\3\CNMUIAT.DLL
+ 2012-06-20 19:07 . 2011-05-23 12:00 1091584 c:\windows\system32\spool\drivers\w32x86\3\CNMUBAT.DLL
+ 2012-06-20 19:07 . 2011-05-23 12:00 2308608 c:\windows\system32\spool\drivers\w32x86\3\CNMCBAT.DLL
+ 2012-06-23 10:50 . 2012-06-23 10:50 9459912 c:\windows\system32\Macromed\Flash\NPSWF32_11_3_300_262.dll
+ 2009-11-03 18:33 . 2009-11-03 18:33 1716297 c:\windows\system32\InetClnt.dll
+ 2012-07-03 03:18 . 2012-02-15 18:01 4547944 c:\windows\system32\DRVSTORE\usbaapl_B97845F10E79901A09404408F15C6BE616AF6019\usbaaplrc.dll
+ 2012-07-03 03:18 . 2011-08-02 23:38 1461992 c:\windows\system32\DRVSTORE\netaapl_1F790C9610312AF553B3EA281673A397475297FA\wdfcoinstaller01009.dll
+ 2012-04-26 13:11 . 2012-04-26 13:11 1040824 c:\windows\system32\Adobe\Shockwave 11\SwHelper_1165635.exe
+ 2012-04-26 12:50 . 2012-04-26 12:50 2376368 c:\windows\system32\Adobe\Shockwave 11\gt.exe
- 2011-11-22 13:19 . 2011-11-22 13:19 2376368 c:\windows\system32\Adobe\Shockwave 11\gt.exe
+ 2012-04-26 12:50 . 2012-04-26 12:50 1231360 c:\windows\system32\Adobe\Shockwave 11\gi.dll
+ 2012-04-26 12:55 . 2012-04-26 12:55 1742336 c:\windows\system32\Adobe\Shockwave 11\dirapi.dll
- 2011-11-22 13:24 . 2011-11-22 13:24 1742336 c:\windows\system32\Adobe\Shockwave 11\dirapi.dll
+ 2012-06-26 00:02 . 2012-06-26 00:02 2101760 c:\windows\Installer\f8f2ff.msp
+ 2012-06-28 20:38 . 2012-06-28 20:38 2335744 c:\windows\Installer\e00a30.msi
+ 2012-07-02 20:13 . 2012-07-02 20:13 5163520 c:\windows\Installer\7c35b.msi
+ 2012-06-28 17:09 . 2012-06-28 17:09 4288000 c:\windows\Installer\7998d.msi
+ 2011-04-26 01:56 . 2011-04-26 01:56 5834752 c:\windows\Installer\7142fd.msp
+ 2012-05-21 23:58 . 2012-05-21 23:58 2111488 c:\windows\Installer\71426c.msp
+ 2011-10-03 20:56 . 2011-10-03 20:56 8469504 c:\windows\Installer\714210.msp
+ 2012-05-21 23:56 . 2012-05-21 23:56 8033280 c:\windows\Installer\713c4d.msp
+ 2011-09-14 01:25 . 2011-09-14 01:25 1507840 c:\windows\Installer\713601.msp
+ 2012-04-24 00:47 . 2012-04-24 00:47 5928960 c:\windows\Installer\7135cb.msp
+ 2009-05-27 01:30 . 2009-05-27 01:30 6992896 c:\windows\Installer\5d177f7.msp
+ 2009-05-27 01:31 . 2009-05-27 01:31 5363200 c:\windows\Installer\5d176c8.msp
+ 2009-07-09 21:25 . 2009-07-09 21:25 5174272 c:\windows\Installer\5d173b5.msp
+ 2012-06-24 05:24 . 2012-06-24 05:24 3262976 c:\windows\Installer\5bee3c.msi
+ 2012-06-24 04:38 . 2012-06-24 04:38 2675712 c:\windows\Installer\3283ca.msi
+ 2012-07-03 03:18 . 2012-07-03 03:18 1718784 c:\windows\Installer\181faf.msi
+ 2012-07-03 03:12 . 2012-07-03 03:12 1530368 c:\windows\Installer\181f82.msi
+ 2012-06-28 23:11 . 2012-06-28 23:11 9472512 c:\windows\Installer\1774c5e.msi
+ 2010-03-23 06:03 . 2010-03-23 06:03 4301312 c:\windows\Installer\163811.msp
+ 2010-08-24 02:06 . 2010-08-24 02:06 3330560 c:\windows\Installer\16378c.msp
+ 2010-08-26 00:35 . 2010-08-26 00:35 7658496 c:\windows\Installer\163769.msp
+ 2012-06-24 04:08 . 2012-06-24 04:08 3205120 c:\windows\Installer\16344a.msi
+ 2012-06-24 22:55 . 2012-06-24 22:55 1769984 c:\windows\Installer\15b738.msi
+ 2012-06-24 22:54 . 2012-06-24 22:54 2002432 c:\windows\Installer\15b72e.msi
+ 2012-06-24 05:46 . 2012-06-24 05:46 1923920 c:\windows\Installer\{E463E171-4082-4744-A466-F7CBE8502789}\TurboTax.exe
+ 2012-06-24 05:52 . 2012-06-24 05:52 1982784 c:\windows\Installer\{A525E00B-6609-442E-9DCD-64453C233E8D}\TurboTax.exe
+ 2012-06-24 04:17 . 2012-06-24 04:17 1959232 c:\windows\Installer\{38975F50-EAA2-012B-ADB4-000000000000}\TurboTax.exe
+ 2012-06-28 20:37 . 2012-06-28 20:37 1058304 c:\windows\assembly\temp\VB2F1K3SWH\Intuit.Spc.Map.WindowsFirewallUtilities.dll
+ 2012-06-24 04:42 . 2012-06-24 04:42 3346432 c:\windows\assembly\NativeImages_v4.0.30319_32\ttax\7447fe02db7d9e40e76ba55d4fcba040\ttax.ni.dll
+ 2012-06-24 04:42 . 2012-06-24 04:42 9876992 c:\windows\assembly\NativeImages_v4.0.30319_32\print-engine\a5844bc0961f4caac5a74913662b7dae\print-engine.ni.dll
+ 2012-06-24 04:45 . 2012-06-24 04:45 1676800 c:\windows\assembly\NativeImages_v4.0.30319_32\Intuit.Ctg.Map\d83035c4e229708e3bd67fbef5aaceb8\Intuit.Ctg.Map.ni.dll
+ 2012-06-24 04:42 . 2012-06-24 04:42 2120704 c:\windows\assembly\NativeImages_v4.0.30319_32\IKVM.Runtime\c29c906cf213de61e7f6ac952cabde9a\IKVM.Runtime.ni.dll
+ 2012-06-24 04:43 . 2012-06-24 04:43 4390912 c:\windows\assembly\NativeImages_v4.0.30319_32\IKVM.OpenJDK.Util\a578b6d17d83b914a92d18002ce34564\IKVM.OpenJDK.Util.ni.dll
+ 2012-06-24 04:43 . 2012-06-24 04:43 1371136 c:\windows\assembly\NativeImages_v4.0.30319_32\IKVM.OpenJDK.Text\e89622383a59e925c5222bbbb101ccc8\IKVM.OpenJDK.Text.ni.dll
+ 2012-06-24 04:44 . 2012-06-24 04:44 6602240 c:\windows\assembly\NativeImages_v4.0.30319_32\IKVM.OpenJDK.Securi#\82ae300ce77744990921b39e6a84afc8\IKVM.OpenJDK.Security.ni.dll
+ 2012-06-24 04:43 . 2012-06-24 04:43 8305664 c:\windows\assembly\NativeImages_v4.0.30319_32\IKVM.OpenJDK.Core\d794343a7a654d5a19fc17abc210db52\IKVM.OpenJDK.Core.ni.dll
+ 2012-06-24 04:11 . 2012-06-24 04:11 4119552 c:\windows\assembly\NativeImages_v2.0.50727_32\ttax\93f23b3458991841a15a3c4d291463b1\ttax.ni.dll
+ 2012-06-24 05:26 . 2012-06-24 05:26 3369472 c:\windows\assembly\NativeImages_v2.0.50727_32\ttax\7f056df0c708c333fafaf47339e637ef\ttax.ni.dll
+ 2012-06-24 04:11 . 2012-06-24 04:11 1305600 c:\windows\assembly\NativeImages_v2.0.50727_32\Intuit.Ctg.Map\e4035366889019d05543dbff6ed56fad\Intuit.Ctg.Map.ni.dll
+ 2012-06-24 05:26 . 2012-06-24 05:26 1486336 c:\windows\assembly\NativeImages_v2.0.50727_32\Intuit.Ctg.Map\c547dc60fb26f052d7347d49ab28e075\Intuit.Ctg.Map.ni.dll
+ 2012-06-24 04:11 . 2012-06-24 04:11 2597376 c:\windows\assembly\NativeImages_v2.0.50727_32\Infragistics2.Win.M#\f33268e989b6601d934334159af3e692\Infragistics2.Win.Misc.v8.2.ni.dll
+ 2012-06-24 04:08 . 2012-06-24 04:08 1085440 c:\windows\assembly\GAC_MSIL\NHibernate\1.2.0.4000__aa95f207798dfdb4\NHibernate.dll
+ 2012-06-29 19:29 . 2012-06-29 19:29 1058304 c:\windows\assembly\GAC_MSIL\Intuit.Spc.Map.WindowsFirewallUtilities\4.0.114.0__7ce6deabcb36a8ea\Intuit.Spc.Map.WindowsFirewallUtilities.dll
+ 2012-06-24 04:44 . 2012-06-24 04:44 10001408 c:\windows\assembly\NativeImages_v4.0.30319_32\itext\883ec784500cc56998285cb6a16288c2\itext.ni.dll
+ 2012-06-24 04:44 . 2012-06-24 04:44 14787072 c:\windows\assembly\NativeImages_v4.0.30319_32\IKVM.OpenJDK.SwingA#\fa86f683b89912e302c2d96a0b9ac783\IKVM.OpenJDK.SwingAWT.ni.dll
+ 2012-06-24 04:12 . 2012-06-24 04:12 10334208 c:\windows\assembly\NativeImages_v2.0.50727_32\Infragistics2.Win.v#\3ea4e0967e86e593bf1336361a992b4e\Infragistics2.Win.v8.2.ni.dll
.
-- Snapshot reset to current date --
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{95B7759C-8C7F-4BF1-B163-73684A933233}]
2012-06-20 03:41 2068536 ----a-w- c:\program files\AVG Secure Search\11.1.0.7\AVG Secure Search_toolbar.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{95B7759C-8C7F-4BF1-B163-73684A933233}"= "c:\program files\AVG Secure Search\11.1.0.7\AVG Secure Search_toolbar.dll" [2012-06-20 2068536]
.
[HKEY_CLASSES_ROOT\clsid\{95b7759c-8c7f-4bf1-b163-73684a933233}]
[HKEY_CLASSES_ROOT\AVG Secure Search.PugiObj.1]
[HKEY_CLASSES_ROOT\AVG Secure Search.PugiObj]
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Adobe Reader Synchronizer"="c:\program files\Adobe\Reader 10.0\Reader\AdobeCollabSync.exe" [2012-04-04 1261472]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IMJPMIG8.1"="c:\windows\IME\imjp8_1\IMJPMIG.EXE" [2008-04-14 208952]
"PHIME2002ASync"="c:\windows\system32\IME\TINTLGNT\TINTSETP.EXE" [2008-04-14 455168]
"PHIME2002A"="c:\windows\system32\IME\TINTLGNT\TINTSETP.EXE" [2008-04-14 455168]
"RTHDCPL"="RTHDCPL.EXE" [2009-02-24 17529856]
"AzMixerSel"="c:\program files\Realtek\Audio\Drivers\AzMixerSel.exe" [2006-01-25 53248]
"IAAnotif"="c:\program files\Intel\Intel Matrix Storage Manager\iaanotif.exe" [2008-04-15 178712]
"snp2uvc"="c:\windows\system32\csnp2uvc.dll" [2009-02-16 196608]
"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2009-02-06 1430824]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2008-02-28 141848]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2008-02-28 166424]
"Persistence"="c:\windows\system32\igfxpers.exe" [2008-02-28 137752]
"PLFSetL"="c:\windows\PLFSetL.exe" [2008-07-03 94208]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-01-03 843712]
"EEventManager"="c:\program files\Epson Software\Event Manager\EEventManager.exe" [2009-12-03 976320]
"AVG_TRAY"="c:\program files\AVG\AVG2012\avgtray.exe" [2012-04-05 2587008]
"vProt"="c:\program files\AVG Secure Search\vprot.exe" [2012-06-20 1104440]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2012-01-17 252296]
"Guard.Mail.ru.gui"="c:\program files\Guard-ICQ\GuardICQ.exe" [2012-06-25 1564368]
"APSDaemon"="c:\program files\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2012-05-31 59280]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2012-03-27 421736]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]
"DWQueuedReporting"="c:\progra~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" [2010-02-28 519584]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"_nltide_3"="advpack.dll" [2009-03-08 128512]
.
c:\documents and settings\All Users\Start Menu\Programs\Startup\
Windows Search.lnk - c:\program files\Windows Desktop Search\WindowsSearch.exe [2008-5-26 123904]
.
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
"MaxRecentDocs"= 18 (0x12)
"NoSMConfigurePrograms"= 1 (0x1)
"NoRecentDocsNetHood"= 1 (0x1)
"MemCheckBoxInRunDlg"= 1 (0x1)
.
[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{56F9679E-7826-4C84-81F3-532071A8BCC5}"= "c:\program files\Windows Desktop Search\MSNLNamespaceMgr.dll" [2009-05-25 304128]
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute REG_MULTI_SZ autocheck autochk *\0c:\progra~1\AVG\AVG2012\avgrsx.exe /sync /restart
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"c:\\WINDOWS\\system32\\sessmgr.exe"=
"c:\\Program Files\\BitComet\\BitComet.exe"=
"c:\\Program Files\\Epson Software\\Event Manager\\EEventManager.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=
"c:\\Program Files\\ICQ7M\\ICQ.exe"=
"c:\\Program Files\\AVG\\AVG2012\\avgnsx.exe"=
"c:\\Program Files\\AVG\\AVG2012\\avgdiagex.exe"=
"c:\\Program Files\\AVG\\AVG2012\\avgemcx.exe"=
"c:\\Documents and Settings\\Administrator\\Local Settings\\Application Data\\Google\\Google Talk Plugin\\googletalkplugin.exe"=
"c:\\Program Files\\Common Files\\Apple\\Apple Application Support\\WebKit2WebProcess.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"25304:TCP"= 25304:TCP:BitComet 25304 TCP
"25304:UDP"= 25304:UDP:BitComet 25304 UDP
.
R0 AVGIDSHX;AVGIDSHX;c:\windows\system32\drivers\avgidshx.sys [4/19/2012 4:50 AM 24896]
R0 Avgrkx86;AVG Anti-Rootkit Driver;c:\windows\system32\drivers\avgrkx86.sys [1/31/2012 4:46 AM 31952]
R0 iastor78;iastor78;c:\windows\system32\drivers\iastor78.sys [1/24/2009 7:08 AM 308248]
R1 Avgldx86;AVG AVI Loader Driver;c:\windows\system32\drivers\avgldx86.sys [2/22/2012 5:25 AM 235216]
R1 Avgtdix;AVG TDI Driver;c:\windows\system32\drivers\avgtdix.sys [3/19/2012 5:17 AM 301248]
R2 avgwd;AVG WatchDog;c:\program files\AVG\AVG2012\avgwdsvc.exe [2/14/2012 4:53 AM 193288]
R2 ICQ Service;ICQ Service;c:\program files\ICQ6Toolbar\ICQ Service.exe [6/25/2012 2:53 PM 247096]
R2 IntuitUpdateServiceV4;Intuit Update Service v4;c:\program files\Common Files\Intuit\Update Service v4\IntuitUpdateService.exe [8/25/2011 5:53 PM 13672]
R2 QDLService;Qualcomm Gobi Download Service;c:\qualcomm\QDLService\QDLService.exe [11/10/2008 12:43 AM 345336]
R2 Secunia Update Agent;Secunia Update Agent;c:\program files\Secunia\PSI\sua.exe [10/13/2011 11:01 PM 399416]
R2 vToolbarUpdater11.1.0;vToolbarUpdater11.1.0;c:\program files\Common Files\AVG Secure Search\vToolbarUpdater\11.1.0\ToolbarUpdater.exe [6/19/2012 8:41 PM 935480]
R3 AVGIDSDriver;AVGIDSDriver;c:\windows\system32\drivers\avgidsdriverx.sys [12/23/2011 1:32 PM 139856]
R3 AVGIDSFilter;AVGIDSFilter;c:\windows\system32\drivers\avgidsfilterx.sys [12/23/2011 1:32 PM 24144]
R3 AVGIDSShim;AVGIDSShim;c:\windows\system32\drivers\avgidsshimx.sys [12/23/2011 1:32 PM 17232]
S2 AVGIDSAgent;AVGIDSAgent;c:\program files\AVG\AVG2012\avgidsagent.exe [6/13/2012 3:47 AM 5161080]
S2 Guard.Mail.ru;Guard.Mail.ru;c:\program files\Guard-ICQ\GuardICQ.exe [6/25/2012 2:15 PM 1564368]
S2 gupdate;Google Update Service (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [6/3/2012 7:14 PM 136176]
S3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [4/27/2012 12:50 AM 257224]
S3 Ambfilt;Ambfilt;c:\windows\system32\drivers\Ambfilt.sys [8/28/2011 3:08 PM 1684736]
S3 gupdatem;Google Update Service (gupdatem);c:\program files\Google\Update\GoogleUpdate.exe [6/3/2012 7:14 PM 136176]
S3 L1c;NDIS Miniport Driver for Atheros AR8131/AR8132 PCI-E Ethernet Controller;c:\windows\system32\drivers\l1c51x86.sys [8/28/2011 3:02 PM 38912]
S3 pneteth;PdaNet Broadband;c:\windows\system32\drivers\pneteth.sys [8/28/2011 10:39 PM 13312]
S3 PSI;PSI;c:\windows\system32\drivers\psi_mf.sys [9/1/2010 1:30 AM 15544]
S3 pwdrvio;pwdrvio;c:\windows\system32\pwdrvio.sys [8/28/2011 3:40 PM 16472]
S3 pwdspio;pwdspio;c:\windows\system32\pwdspio.sys [8/28/2011 3:40 PM 11104]
S3 QCFilterGAD;Gobi AD USB Composite Device Filter Driver;c:\windows\system32\drivers\qcfilterGAD.sys [8/28/2011 3:21 PM 5248]
S3 qcusbnetGAD;Gobi AD USB-NDIS miniport;c:\windows\system32\drivers\qcusbnetGAD.sys [8/28/2011 3:21 PM 115200]
S3 qcusbserGAD;Gobi AD USB Device for Legacy Serial Communication;c:\windows\system32\drivers\qcusbserGAD.sys [8/28/2011 3:21 PM 103680]
S3 RSUSBSTOR;RtsUStor.Sys Realtek USB Card Reader;c:\windows\system32\drivers\RtsUStor.sys [9/1/2011 5:28 AM 162816]
S3 Rts516xIR;Realtek IR Driver;c:\windows\system32\DRIVERS\Rts516xIR.sys --> c:\windows\system32\DRIVERS\Rts516xIR.sys [?]
S3 Secunia PSI Agent;Secunia PSI Agent;c:\program files\Secunia\PSI\psia.exe [10/13/2011 11:01 PM 994360]
S3 SMSIVZAM5;SMSIVZAM5 NDIS Protocol Driver;c:\progra~1\VERIZO~1\VZACCE~1\SMSIVZAM5.SYS [3/20/2009 10:03 AM 32408]
S3 ssadbus;SAMSUNG Android USB Composite Device driver (WDM);c:\windows\system32\drivers\ssadbus.sys [8/28/2011 10:39 PM 121192]
S3 TSUsbKey;TSUSbKey.Sys;c:\windows\system32\drivers\TSUsbKey.sys [2/15/2012 8:33 PM 9300]
.
--- Other Services/Drivers In Memory ---
.
*NewlyCreated* - ASWMBR
*Deregistered* - aswMBR
*Deregistered* - uphcleanhlp
.
Contents of the 'Scheduled Tasks' folder
.
2012-07-04 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2012-04-27 03:06]
.
2012-07-03 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2011-06-02 00:57]
.
2012-07-04 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2012-06-04 02:14]
.
2012-07-05 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2012-06-04 02:14]
.
2012-07-04 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-725345543-1383384898-527237240-500Core.job
- c:\documents and settings\Administrator\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2012-01-13 13:55]
.
2012-07-05 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-725345543-1383384898-527237240-500UA.job
- c:\documents and settings\Administrator\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2012-01-13 13:55]
.
2012-07-04 c:\windows\Tasks\User_Feed_Synchronization-{3CC6951D-BF5B-43CA-8AEF-55013C750779}.job
- c:\windows\system32\msfeedssync.exe [2009-01-24 02:31]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://start.icq.com/sk27211/
uInternet Settings,ProxyOverride = *.local
uSearchAssistant = hxxp://www.google.com/ie
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
IE: &D&ownload &with BitComet - c:\program files\BitComet\BitComet.exe/AddLink.htm
IE: &D&ownload all with BitComet - c:\program files\BitComet\BitComet.exe/AddAllLink.htm
IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200
IE: {{781B39EC-2E18-41FC-9B00-B84E4FFCA85F} - c:\program files\ICQ7M\ICQ.exe
Trusted Zone: intuit.com\ttlc
TCP: DhcpNameServer = 209.18.47.61 209.18.47.62
Handler: viprotocol - {B658800C-F66E-4EF3-AB85-6C0C227862A9} - c:\program files\Common Files\AVG Secure Search\ViProtocolInstaller\11.1.0\ViProtocol.dll
.
- - - - ORPHANS REMOVED - - - -
.
WebBrowser-{E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39} - (no file)
.
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2012-07-04 21:01
Windows 5.1.2600 Service Pack 3 NTFS
.
scanning hidden processes ...
.
scanning hidden autostart entries ...
.
scanning hidden files ...
.
scan completed successfully
hidden files: 0
.
**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_USERS\S-1-5-21-725345543-1383384898-527237240-500\Software\Microsoft\Internet Explorer\User Preferences]
@Denied: (2) (Administrator)
"88D7D0879DAB32E14DE5B3A805A34F98AFF34F5977"=hex:01,00,00,00,d0,8c,9d,df,01,15,
d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,7d,7d,5c,d4,b2,b5,3e,47,b8,bc,cd,\
"2D53CFFC5C1A3DD2E97B7979AC2A92BD59BC839E81"=hex:01,00,00,00,d0,8c,9d,df,01,15,
d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,7d,7d,5c,d4,b2,b5,3e,47,b8,bc,cd,\
.
[HKEY_USERS\S-1-5-21-725345543-1383384898-527237240-500\Software\Microsoft\SystemCertificates\AddressBook*]
@Allowed: (Read) (RestrictedCode)
@Allowed: (Read) (RestrictedCode)
.
[HKEY_USERS\S-1-5-21-725345543-1383384898-527237240-500\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{115E0A26-6C28-90DC-4FE9-ED3AB42733DD}*]
@Allowed: (Read) (RestrictedCode)
@Allowed: (Read) (RestrictedCode)
.
[HKEY_LOCAL_MACHINE\software\Microsoft\Internet Explorer\User Preferences]
@Denied: (2) (Administrator)
"88D7D0879DAB32E14DE5B3A805A34F98AFF34F5977"=hex:01,00,00,00,d0,8c,9d,df,01,15,
d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,f5,a1,45,7e,36,82,dd,42,83,f0,ae,\
"6256FFB019F8FDFBD36745B06F4540E9AEAF222A25"=hex:01,00,00,00,d0,8c,9d,df,01,15,
d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,f5,a1,45,7e,36,82,dd,42,83,f0,ae,\
.
--------------------- DLLs Loaded Under Running Processes ---------------------
.
- - - - - - - > 'winlogon.exe'(1232)
c:\windows\system32\igfxdev.dll
.
Completion time: 2012-07-04 21:03:47
ComboFix-quarantined-files.txt 2012-07-05 04:03
ComboFix2.txt 2012-06-19 00:14
.
Pre-Run: 60,071,841,792 bytes free
Post-Run: 60,387,020,800 bytes free
.
WindowsXP-KB310994-SP2-Pro-BootDisk-ENU.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(2)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
UnsupportedDebug="do not select this" /debug
multi(0)disk(0)rdisk(0)partition(2)\WINDOWS="Microsoft Windows XP Professional" /noexecute=optin /fastdetect
.
- - End Of File - - 60CAB49522AE2ED8E27BA51230F532BC

#8 m0le

m0le

    Can U Dig It?


  • Malware Response Team
  • 34,527 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:London, UK
  • Local time:04:44 PM

Posted 05 July 2012 - 05:35 PM

This is supposed to be a new version of Combofix running for the first time. This log shows that this is the third run of the tool. Do you know why that might be?
Posted Image
m0le is a proud member of UNITE

#9 chancelot

chancelot
  • Topic Starter

  • Members
  • 9 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:LOS ANGELES
  • Local time:09:44 AM

Posted 05 July 2012 - 11:17 PM

 BEFORE STARTING I MADE SURE IT WAS DELETED AND IT WAS AND I DELETED ALL OLD LOGS AND DELETED THE EXECUTABLE FILE.  BUT EVEN BEFORE I ONLY RAN IT ONCE. BUT IT WAS ALL DELETED AND I   DOWNLOADED  COMBOFIX FROM BLEEPING LAST NIGHT AND RAN IT THE ONE TIME ONLY. 

Edited by chancelot, 06 July 2012 - 04:54 PM.


#10 m0le

m0le

    Can U Dig It?


  • Malware Response Team
  • 34,527 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:London, UK
  • Local time:04:44 PM

Posted 06 July 2012 - 06:06 PM

Can you do an online scan from ESET

I'd like us to scan your machine with ESET OnlineScan
  • Hold down Control and click on the following link to open ESET OnlineScan in a new window.
    ESET OnlineScan
  • Click the Posted Image button.
  • For alternate browsers only: (Microsoft Internet Explorer users can skip these steps)
    • Click on Posted Image to download the ESET Smart Installer. Save it to your desktop.
    • Double click on the Posted Image icon on your desktop.
  • Check Posted Image
  • Click the Posted Image button.
  • Accept any security warnings from your browser.
  • Under scan settings, check Posted Image and check Remove found threats
  • Click Advanced settings and select the following:
    • Scan potentially unwanted applications
    • Scan for potentially unsafe applications
    • Enable Anti-Stealth technology
  • ESET will then download updates for itself, install itself, and begin scanning your computer. Please be patient as this can take some time.
  • Copy and paste the resulting log in your next reply
If no log is generated that means nothing was found. Please let me know if this happens.

If you think a log should have been generated then go to C:\Program Files\ESET\ESET Online Scanner\log.txt to find it.
Posted Image
m0le is a proud member of UNITE

#11 chancelot

chancelot
  • Topic Starter

  • Members
  • 9 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:LOS ANGELES
  • Local time:09:44 AM

Posted 07 July 2012 - 12:06 PM

i left eset open im unsure if i chose the option to delete quarantined files and/or to uninstall eset.




The files i downloaded like hirens were downloaded after the onset of problems.




C:\Documents and Settings\Administrator\My Documents\Downloads\webbrowserpassview.zip Win32/PSWTool.WebBrowserPassView.B application deleted - quarantined


C:\Documents and Settings\Administrator\My Documents\Downloads\video streaming recording programs\cdbxp_setup_4.4.0.2905.exe Win32/OpenCandy application cleaned by deleting - quarantined
C:\Downloads\HBCD-15.1\hbcd-15.1-Restored-V1.0-dvd-proteus.iso Win32/PSWTool.KonBoot.A application deleted - quarantined
C:\Downloads\HBCD-15.1\hbcd-15.1-Restored-V1.0-dvd-proteus.iso.zip Win32/PSWTool.KonBoot.A application deleted - quarantined
C:\Downloads\HBCD-15.1\hbcd-15.1-Restored-V1.0-dvd-proteus.zip Win32/PSWTool.KonBoot.A application deleted - quarantined
C:\Downloads\HBCD-15.1\hbcd-15.1-Restored-V1.0-dvd-proteus\HBCD\Boot\konboot.gz Win32/PSWTool.KonBoot.A application deleted - quarantined
C:\Downloads\Hirens.BootCD.15.1\Hiren's.BootCD.15.1.iso Win32/PSWTool.KonBoot.A application deleted - quarantined
C:\Downloads\Hirens.BootCD.15.1\Hirens.BootCD.15.1.zip Win32/PSWTool.KonBoot.A application deleted - quarantined
C:\System Volume Information\_restore{142A4564-F61F-4E8B-BC8F-4F244FDCEE51}\RP211\A0035823.exe    Win32/OpenCandy application    cleaned by deleting - quarantined

Edited by chancelot, 07 July 2012 - 12:11 PM.


#12 m0le

m0le

    Can U Dig It?


  • Malware Response Team
  • 34,527 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:London, UK
  • Local time:04:44 PM

Posted 07 July 2012 - 07:29 PM

Yes, nothing really malicious there at all.

Can you run FSS and then MiniToolBox - these two tools are system diagnosis programs

Please download Farbar Service Scanner (FSS) and run it on the computer with the issue.
  • Make sure the following options are checked:
    • Internet Services
    • Windows Firewall
    • System Restore
    • Security Center
    • Windows Update
  • Press "Scan".
  • It will create a log (FSS.txt) in the same directory the tool is run.
  • Please copy and paste the log to your reply.

And

Please download MiniToolBox, save it to your desktop and run it.

Checkmark the following checkboxes:
  • Flush DNS
  • Report IE Proxy Settings
  • Reset IE Proxy Settings
  • Report FF Proxy Settings
  • Reset FF Proxy Settings
  • List content of Hosts
  • List IP configuration
  • List Winsock Entries
  • List last 10 Event Viewer log
  • List Installed Programs
  • List Devices
  • List Users, Partitions and Memory size.
  • List Minidump Files
Click Go and post the result (Result.txt). A copy of Result.txt will be saved in the same directory the tool is run.

Note: When using "Reset FF Proxy Settings" option Firefox should be closed.
Posted Image
m0le is a proud member of UNITE

#13 chancelot

chancelot
  • Topic Starter

  • Members
  • 9 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:LOS ANGELES
  • Local time:09:44 AM

Posted 08 July 2012 - 04:35 PM

Farbar Service Scanner Version: 08-07-2012
Ran by chance (administrator) on 08-07-2012 at 14:32:00
Running from "C:\Documents and Settings\Administrator\Desktop"
Microsoft Windows XP Professional Service Pack 3 (X86)
Boot Mode: Normal
****************************************************************

Internet Services:
============

Connection Status:
==============
Localhost is accessible.
LAN connected.
Google IP is accessible.
Google.com is accessible.
Yahoo IP is accessible.
Yahoo.com is accessible.


Windows Firewall:
=============

Firewall Disabled Policy:
==================


System Restore:
============

System Restore Disabled Policy:
========================


Security Center:
============
wscsvc Service is not running. Checking service configuration:
The start type of wscsvc service is OK.
The ImagePath of wscsvc service is OK.
The ServiceDll of wscsvc service is OK.


Windows Update:
============

Windows Autoupdate Disabled Policy:
============================


File Check:
========
C:\WINDOWS\system32\dhcpcsvc.dll
[2009-01-24 06:56] - [2009-01-24 06:56] - 0126976 ____A (Microsoft Corporation) C51DE19619D50CBD03708647ACA10E70

C:\WINDOWS\system32\Drivers\afd.sys => MD5 is legit
C:\WINDOWS\system32\Drivers\netbt.sys => MD5 is legit
C:\WINDOWS\system32\Drivers\tcpip.sys
[2009-01-24 07:03] - [2009-01-24 07:03] - 0361600 ____A (Microsoft Corporation) BA8C046D98345129723E6BCAA1E8AB99

C:\WINDOWS\system32\Drivers\ipsec.sys => MD5 is legit
C:\WINDOWS\system32\dnsrslvr.dll => MD5 is legit
C:\WINDOWS\system32\ipnathlp.dll
[2009-01-24 06:56] - [2009-01-24 06:56] - 0330752 ____A (Microsoft Corporation) 4F10A2FA76B5BD54CD68AFA94E8ADB39

C:\WINDOWS\system32\netman.dll => MD5 is legit
C:\WINDOWS\system32\wbem\WMIsvc.dll => MD5 is legit
C:\WINDOWS\system32\srsvc.dll => MD5 is legit
C:\WINDOWS\system32\Drivers\sr.sys => MD5 is legit

ATTENTION!=====> C:\WINDOWS\system32\wscsvc.dll FILE IS MISSING AND SHOULD BE RESTORED.

C:\WINDOWS\system32\wbem\WMIsvc.dll => MD5 is legit
C:\WINDOWS\system32\wuauserv.dll
[2011-08-28 14:39] - [2009-01-24 06:58] - 0023576 ____A (Microsoft Corporation) AAE1A6FFBA2B0436E91795120F48C461

C:\WINDOWS\system32\qmgr.dll => MD5 is legit
C:\WINDOWS\system32\es.dll
[2009-01-24 06:56] - [2009-01-24 06:56] - 0253952 ____A (Microsoft Corporation) F17F6226BDC0CD5F0BEF0DAF84D29BEC

C:\WINDOWS\system32\cryptsvc.dll => MD5 is legit
C:\WINDOWS\system32\svchost.exe => MD5 is legit
C:\WINDOWS\system32\rpcss.dll => MD5 is legit
C:\WINDOWS\system32\services.exe => MD5 is legit

Extra List:
=======
Avgtdix(9) Gpc(6) IPSec(4) NetBT(5) PSched(7) Tcpip(3)
0x09000000040000000100000002000000030000000900000005000000060000000700000008000000
IpSec Tag value is correct.

**** End of log ****

MiniToolBox by Farbar Version: 25-06-2012
Ran by chance (administrator) on 08-07-2012 at 14:35:40
Microsoft Windows XP Professional Service Pack 3 (X86)
Boot Mode: Normal
***************************************************************************

========================= Flush DNS: ===================================


Windows IP Configuration



Successfully flushed the DNS Resolver Cache.


========================= IE Proxy Settings: ==============================

Proxy is not enabled.
No Proxy Server is set.

"Reset IE Proxy Settings": IE Proxy Settings were reset.

========================= FF Proxy Settings: ==============================

"network.proxy.type", 0

"Reset FF Proxy Settings": Firefox Proxy settings were reset.

========================= Hosts content: =================================

127.0.0.1 localhost

========================= IP Configuration: ================================

Atheros AR8132 PCI-E Fast Ethernet Controller = Local Area Connection 2 (Disconnected)
Atheros AR5B95 Wireless Network Adapter = Wireless Network Connection (Connected)


# ----------------------------------
# Interface IP Configuration
# ----------------------------------
pushd interface ip


# Interface IP Configuration for "Wireless Network Connection"

set address name="Wireless Network Connection" source=dhcp
set dns name="Wireless Network Connection" source=dhcp register=PRIMARY
set wins name="Wireless Network Connection" source=dhcp


popd
# End of interface IP configuration




Windows IP Configuration



Host Name . . . . . . . . . . . . : CHANCELOT

Primary Dns Suffix . . . . . . . :

Node Type . . . . . . . . . . . . : Broadcast

IP Routing Enabled. . . . . . . . : No

WINS Proxy Enabled. . . . . . . . : No



Ethernet adapter Wireless Network Connection:



Connection-specific DNS Suffix . :

Description . . . . . . . . . . . : Atheros AR5B95 Wireless Network Adapter

Physical Address. . . . . . . . . : 90-4C-E5-17-20-22

Dhcp Enabled. . . . . . . . . . . : Yes

Autoconfiguration Enabled . . . . : Yes

IP Address. . . . . . . . . . . . : 192.168.0.6

Subnet Mask . . . . . . . . . . . : 255.255.255.0

Default Gateway . . . . . . . . . : 192.168.0.1

DHCP Server . . . . . . . . . . . : 192.168.0.1

DNS Servers . . . . . . . . . . . : 209.18.47.61

209.18.47.62

Lease Obtained. . . . . . . . . . : Sunday, July 08, 2012 2:09:53 PM

Lease Expires . . . . . . . . . . : Sunday, July 08, 2012 3:09:53 PM

Server: dns-cac-lb-01.rr.com
Address: 209.18.47.61

Name: google.com
Addresses: 74.125.224.227, 74.125.224.228, 74.125.224.229, 74.125.224.230
74.125.224.231, 74.125.224.232, 74.125.224.233, 74.125.224.238, 74.125.224.224
74.125.224.225, 74.125.224.226



Pinging google.com [74.125.224.238] with 32 bytes of data:



Reply from 74.125.224.238: bytes=32 time=18ms TTL=55

Reply from 74.125.224.238: bytes=32 time=17ms TTL=55



Ping statistics for 74.125.224.238:

Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),

Approximate round trip times in milli-seconds:

Minimum = 17ms, Maximum = 18ms, Average = 17ms

Server: dns-cac-lb-01.rr.com
Address: 209.18.47.61

Name: yahoo.com
Addresses: 209.191.122.70, 72.30.38.140, 98.139.183.24



Pinging yahoo.com [72.30.38.140] with 32 bytes of data:



Reply from 72.30.38.140: bytes=32 time=36ms TTL=53

Reply from 72.30.38.140: bytes=32 time=42ms TTL=53



Ping statistics for 72.30.38.140:

Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),

Approximate round trip times in milli-seconds:

Minimum = 36ms, Maximum = 42ms, Average = 39ms

Server: dns-cac-lb-01.rr.com
Address: 209.18.47.61

Name: bleepingcomputer.com
Address: 208.43.87.2



Pinging bleepingcomputer.com [208.43.87.2] with 32 bytes of data:



Reply from 208.43.87.2: Destination host unreachable.

Reply from 208.43.87.2: Destination host unreachable.



Ping statistics for 208.43.87.2:

Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),

Approximate round trip times in milli-seconds:

Minimum = 0ms, Maximum = 0ms, Average = 0ms



Pinging 127.0.0.1 with 32 bytes of data:



Reply from 127.0.0.1: bytes=32 time<1ms TTL=128

Reply from 127.0.0.1: bytes=32 time<1ms TTL=128



Ping statistics for 127.0.0.1:

Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),

Approximate round trip times in milli-seconds:

Minimum = 0ms, Maximum = 0ms, Average = 0ms

===========================================================================
Interface List
0x1 ........................... MS TCP Loopback interface
0x2 ...90 4c e5 17 20 22 ...... Atheros AR5B95 Wireless Network Adapter - Packet Scheduler Miniport
===========================================================================
===========================================================================
Active Routes:
Network Destination Netmask Gateway Interface Metric
0.0.0.0 0.0.0.0 192.168.0.1 192.168.0.6 25
127.0.0.0 255.0.0.0 127.0.0.1 127.0.0.1 1
169.254.0.0 255.255.0.0 192.168.0.6 192.168.0.6 20
192.168.0.0 255.255.255.0 192.168.0.6 192.168.0.6 25
192.168.0.6 255.255.255.255 127.0.0.1 127.0.0.1 25
192.168.0.255 255.255.255.255 192.168.0.6 192.168.0.6 25
224.0.0.0 240.0.0.0 192.168.0.6 192.168.0.6 25
255.255.255.255 255.255.255.255 192.168.0.6 192.168.0.6 1
Default Gateway: 192.168.0.1
===========================================================================
Persistent Routes:
None
========================= Winsock entries =====================================

Catalog5 01 C:\Windows\System32\mswsock.dll [245248] (Microsoft Corporation)
Catalog5 02 C:\Windows\System32\winrnr.dll [16896] (Microsoft Corporation)
Catalog5 03 C:\Windows\System32\mswsock.dll [245248] (Microsoft Corporation)
Catalog5 04 C:\Program Files\Bonjour\mdnsNSP.dll [121704] (Apple Inc.)
Catalog9 01 C:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 02 C:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 03 C:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 04 C:\Windows\system32\rsvpsp.dll [92672] (Microsoft Corporation)
Catalog9 05 C:\Windows\system32\rsvpsp.dll [92672] (Microsoft Corporation)
Catalog9 06 C:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 07 C:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 08 C:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 09 C:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 10 C:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 11 C:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 12 C:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 13 C:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 14 C:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 15 C:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 16 C:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 17 C:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation)

========================= Event log errors: ===============================

Application errors:
==================
Error: (07/07/2012 02:53:09 AM) (Source: crypt32) (User: )
Description: Failed auto update retrieval of third-party root list sequence number from: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootseq.txt> with error: This operation returned because the timeout period expired.

Error: (07/06/2012 01:23:36 AM) (Source: Bonjour Service) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 7062

Error: (07/06/2012 01:23:36 AM) (Source: Bonjour Service) (User: )
Description: Task Scheduling Error: m->NextScheduledEvent 7062

Error: (07/06/2012 01:23:36 AM) (Source: Bonjour Service) (User: )
Description: Task Scheduling Error: Continuously busy for more than a second

Error: (07/06/2012 01:23:34 AM) (Source: Bonjour Service) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 5047

Error: (07/06/2012 01:23:34 AM) (Source: Bonjour Service) (User: )
Description: Task Scheduling Error: m->NextScheduledEvent 5047

Error: (07/06/2012 01:23:34 AM) (Source: Bonjour Service) (User: )
Description: Task Scheduling Error: Continuously busy for more than a second

Error: (07/06/2012 01:23:32 AM) (Source: Bonjour Service) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 2984

Error: (07/06/2012 01:23:32 AM) (Source: Bonjour Service) (User: )
Description: Task Scheduling Error: m->NextScheduledEvent 2984

Error: (07/06/2012 01:23:32 AM) (Source: Bonjour Service) (User: )
Description: Task Scheduling Error: Continuously busy for more than a second


System errors:
=============
Error: (07/07/2012 02:40:22 AM) (Source: Service Control Manager) (User: )
Description: The wscsvc service failed to start due to the following error:
%%1083

Error: (07/07/2012 02:39:01 AM) (Source: Print) (User: NT AUTHORITY)
Description: Printer Send To OneNote 2010 failed to initialize because a suitable Send To Microsoft OneNote 2010 Driver driver could not be found.

Error: (07/07/2012 02:39:01 AM) (Source: Print) (User: NT AUTHORITY)
Description: Printer EPSON NX420 Series failed to initialize because a suitable EPSON NX420 Series driver could not be found.

Error: (07/07/2012 02:38:38 AM) (Source: 0) (User: )
Description: 0xC0000001HarddiskVolume2

Error: (07/06/2012 05:16:23 PM) (Source: Dhcp) (User: )
Description: Your computer has lost the lease to its IP address 192.168.0.6 on the
Network Card with network address 904CE5172022.

Error: (07/06/2012 02:51:24 PM) (Source: Dhcp) (User: )
Description: Your computer has lost the lease to its IP address 192.168.0.6 on the
Network Card with network address 904CE5172022.

Error: (07/06/2012 01:23:18 AM) (Source: Dhcp) (User: )
Description: Your computer has lost the lease to its IP address 192.168.0.6 on the
Network Card with network address 904CE5172022.

Error: (07/05/2012 09:12:40 PM) (Source: Dhcp) (User: )
Description: Your computer has lost the lease to its IP address 192.168.0.6 on the
Network Card with network address 904CE5172022.

Error: (07/04/2012 11:41:03 PM) (Source: Dhcp) (User: )
Description: Your computer has lost the lease to its IP address 192.168.0.6 on the
Network Card with network address 904CE5172022.

Error: (07/04/2012 08:38:07 PM) (Source: Service Control Manager) (User: )
Description: The Guard.Mail.ru service terminated unexpectedly. It has done this 1 time(s).


Microsoft Office Sessions:
=========================
Error: (07/07/2012 02:53:09 AM) (Source: crypt32)(User: )
Description: http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootseq.txtThis operation returned because the timeout period expired.

Error: (07/06/2012 01:23:36 AM) (Source: Bonjour Service)(User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 7062

Error: (07/06/2012 01:23:36 AM) (Source: Bonjour Service)(User: )
Description: Task Scheduling Error: m->NextScheduledEvent 7062

Error: (07/06/2012 01:23:36 AM) (Source: Bonjour Service)(User: )
Description: Task Scheduling Error: Continuously busy for more than a second

Error: (07/06/2012 01:23:34 AM) (Source: Bonjour Service)(User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 5047

Error: (07/06/2012 01:23:34 AM) (Source: Bonjour Service)(User: )
Description: Task Scheduling Error: m->NextScheduledEvent 5047

Error: (07/06/2012 01:23:34 AM) (Source: Bonjour Service)(User: )
Description: Task Scheduling Error: Continuously busy for more than a second

Error: (07/06/2012 01:23:32 AM) (Source: Bonjour Service)(User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 2984

Error: (07/06/2012 01:23:32 AM) (Source: Bonjour Service)(User: )
Description: Task Scheduling Error: m->NextScheduledEvent 2984

Error: (07/06/2012 01:23:32 AM) (Source: Bonjour Service)(User: )
Description: Task Scheduling Error: Continuously busy for more than a second


=========================== Installed Programs ============================

7-Zip 4.64
Acrobat.com (Version: 0.0.0)
Acrobat.com (Version: 1.1.377)
Adobe AIR (Version: 3.3.0.3650)
Adobe Flash Player 11 ActiveX (Version: 11.3.300.257)
Adobe Flash Player 11 Plugin (Version: 11.3.300.262)
Adobe Reader X (10.1.3) (Version: 10.1.3)
Adobe Shockwave Player 11.6 (Version: 11.6.5.635)
AnswerWorks 5.0 English Runtime (Version: 008.000.0003)
Any DVD Converter Professional 4.2.5
Apple Application Support (Version: 2.1.9)
Apple Mobile Device Support (Version: 5.2.0.6)
Apple Software Update (Version: 2.1.3.127)
Atheros Communications Inc.® AR81Family Gigabit/Fast Ethernet Driver (Version: 1.0.0.16)
Atheros Driver Installation Program (Version: 7.6.1.224)
AVG 2012 (Version: 12.0.2195)
AVG 2012 (Version: 12.0.2437)
AVG 2012 (Version: 2012.0.2195)
BitComet 1.31 (Version: 1.31)
Bonjour (Version: 3.0.0.10)
Broadcom Driver v5.10.79.14_Foxconn Installation Program (Version: 5.10.79.14)
CamStudio OSS Desktop Recorder (Version: 2.6 Beta r294)
Canon MG5300 series MP Drivers
CCleaner (remove only)
CDBurnerXP (Version: 4.4.0.2905)
Choice Guard (Version: 1.2.87.0)
Epson Event Manager (Version: 2.40.0001)
EPSON NX420 Series Printer Uninstall
EPSON Scan
Gateway ScreenSaver (Version: 1.1.0722)
Google Chrome (Version: 20.0.1132.47)
Google Talk Plugin (Version: 3.1.4.8140)
Google Update Helper (Version: 1.3.21.111)
Guard.ICQ
HashCheck Shell Extension (x86-32) (Version: 2.1.7.0)
ICQ Toolbar (Version: 3.0.0)
ICQ7M (Version: 7.8)
Intel® Graphics Media Accelerator Driver
Intel® Matrix Storage Manager
iTunes (Version: 10.6.1.7)
Java Auto Updater (Version: 2.1.6.0)
Java™ 6 Update 33 (Version: 6.0.330)
Java™ 7 Update 5 (Version: 7.0.50)
JavaFX 2.1.1 (Version: 2.1.1)
K-Lite Codec Pack 4.5.3 (Full) (Version: 4.5.3)
MediaLooks QuickTime Source 1.7.0.3 (DirectShow Filter) (Version: 1.7.0.3)
Microsoft .NET Framework 1.1 Security Update (KB2656353)
Microsoft .NET Framework 1.1 Security Update (KB2656370)
Microsoft .NET Framework 1.1 Service Pack 1 (Version: 1.1.4322)
Microsoft .NET Framework 2.0 Service Pack 2 (Version: 2.2.30729)
Microsoft .NET Framework 3.0 Service Pack 2 (Version: 3.2.30729)
Microsoft .NET Framework 3.5 SP1
Microsoft .NET Framework 3.5 SP1 (Version: 3.5.30729)
Microsoft .NET Framework 4 Client Profile (Version: 4.0.30319)
Microsoft .NET Framework 4 Extended (Version: 4.0.30319)
Microsoft Application Error Reporting (Version: 12.0.6012.5000)
Microsoft AppLocale (Version: 1.0.0)
Microsoft Download Manager (Version: 1.2.1)
Microsoft Kernel-Mode Driver Framework Feature Pack 1.7
Microsoft Money Essentials (Version: 16)
Microsoft Money Shared Libraries (Version: 16.0.0.705)
Microsoft Office Click-to-Run 2010 (Version: 14.0.4763.1000)
Microsoft Office Home and Student 2010 - English (Version: 14.0.6114.5002)
Microsoft Silverlight (Version: 2.0.31005.0)
Microsoft SQL Server 2005 Compact Edition [ENU] (Version: 3.1.0000)
Microsoft Sync Framework Services Native v1.0 (x86) (Version: 1.0.1215.0)
Microsoft Visual C++ 2005 Redistributable (Version: 8.0.61001)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (Version: 9.0.30729.4148)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (Version: 9.0.30729.6161)
Microsoft Windows Application Compatibility Database
Microsoft WinUsb 1.0
MSR705 (Version: 1.00.0000)
MSVCRT (Version: 14.0.1468.721)
MSXML 4.0 SP2 (KB954430) (Version: 4.20.9870.0)
MSXML 4.0 SP2 (KB973688) (Version: 4.20.9876.0)
Open Command Prompt Shell Extension (x86-32) (Version: 1.1.10 (2009/01/13))
Opera 12.00 (Version: 12.00.1467)
Picasa 3 (Version: 3.8)
PL-2303 USB-to-Serial
Qualcomm Gobi Driver Package (Version: 1.0.14)
Qualcomm Gobi Images (Version: 1.0.24)
QuickTime Alternative 2.8.0 (Version: 2.8.0)
Real Alternative 1.9.0 (Version: 1.9.0)
Realtek High Definition Audio Driver (Version: 5.10.0.5798)
Remo Recover (Version: 3.0.0.105)
Secunia PSI (2.0.0.4003) (Version: 2.0.0.4003)
Segoe UI (Version: 14.0.4327.805)
swMSM (Version: 12.0.0.1)
Synaptics Pointing Device Driver (Version: 12.2.2.0)
TurboTax 2008
TurboTax 2008 WinPerFedFormset (Version: 008.000.0341)
TurboTax 2008 WinPerProgramHelp (Version: 008.000.0219)
TurboTax 2008 WinPerReleaseEngine (Version: 008.000.0197)
TurboTax 2008 WinPerTaxSupport (Version: 008.000.1007)
TurboTax 2008 WinPerUserEducation (Version: 008.000.0433)
TurboTax 2008 wrapper (Version: 008.000.0065)
TurboTax 2009
TurboTax 2009 wcaiper (Version: 009.000.1050)
TurboTax 2009 WinPerFedFormset (Version: 009.000.2881)
TurboTax 2009 WinPerReleaseEngine (Version: 009.000.0328)
TurboTax 2009 WinPerTaxSupport (Version: 009.000.0245)
TurboTax 2009 wrapper (Version: 009.000.0145)
TurboTax 2010
TurboTax 2010 wcaiper (Version: 010.000.1924)
TurboTax 2010 WinPerFedFormset (Version: 010.000.5821)
TurboTax 2010 WinPerReleaseEngine (Version: 010.000.0501)
TurboTax 2010 WinPerTaxSupport (Version: 010.000.0222)
TurboTax 2010 wrapper (Version: 010.000.0157)
TurboTax 2011
TurboTax 2011 wcaiper (Version: 011.000.1647)
TurboTax 2011 WinPerFedFormset (Version: 011.000.3351)
TurboTax 2011 WinPerReleaseEngine (Version: 011.000.0496)
TurboTax 2011 WinPerTaxSupport (Version: 011.000.0222)
TurboTax 2011 wrapper (Version: 011.000.0121)
TurboTax ItsDeductible 2006 (Version: 10.00.0000)
TurboTax Premier 2005
TurboTax Premier Investments 2006
Unlocker 1.8.7 (Version: 1.8.7)
Update for Microsoft .NET Framework 3.5 SP1 (KB963707) (Version: 1)
Update for Microsoft .NET Framework 4 Client Profile (KB2533523) (Version: 1)
Update for Microsoft .NET Framework 4 Extended (KB2533523) (Version: 1)
Update for Microsoft Windows (KB971513)
Update for Windows Internet Explorer 8 (KB2447568) (Version: 1)
Update for Windows Internet Explorer 8 (KB2598845) (Version: 1)
Update for Windows Internet Explorer 8 (KB2632503) (Version: 1)
Update for Windows XP (KB2345886) (Version: 1)
Update for Windows XP (KB2492386) (Version: 1)
Update for Windows XP (KB2541763) (Version: 1)
Update for Windows XP (KB2607712) (Version: 1)
Update for Windows XP (KB2616676-v2) (Version: 2)
Update for Windows XP (KB2641690) (Version: 1)
Update for Windows XP (KB2718704) (Version: 1)
Update for Windows XP (KB955759) (Version: 1)
Update for Windows XP (KB968389) (Version: 1)
Update for Windows XP (KB971029) (Version: 1)
Update for Windows XP (KB971737) (Version: 1)
Update for Windows XP (KB973687) (Version: 1)
Update for Windows XP (KB973815) (Version: 1)
USB2.0 Card Reader Software (Version: 6.0.6000.81)
User Profile Hive Cleanup Service (Version: 1.6.30)
VLC media player 2.0.1 (Version: 2.0.1)
VZAccess Manager (Version: 7.0.107)
WebCam (Version: 5.8.52.004)
WebFldrs XP (Version: 9.50.7523)
WexTech AnswerWorks (Version: 1.00.000)
Windows Feature Pack for Storage (32-bit) - IMAPI update for Blu-Ray (Version: 1.0)
Windows Genuine Advantage Notifications (KB905474) (Version: 1.9.0040.0)
Windows Internet Explorer 8 (Version: 20090308.140743)
Windows Live Communications Platform (Version: 14.0.8050.1202)
Windows Live Essentials (Version: 14.0.8050.1202)
Windows Live Photo Gallery (Version: 14.0.8051.1204)
Windows Live Sync (Version: 14.0.8050.1202)
Windows Live Upload Tool (Version: 14.0.8014.1029)
Windows Live Writer (Version: 14.0.8050.1202)
Windows Management Framework Core
Windows Rights Management Client Backwards Compatibility SP2 (Version: 5.2.95)
Windows Rights Management Client with Service Pack 2 (Version: 5.2.95)
Windows Search 4.0 (Version: 04.00.6001.503)
WinRAR 4.10 (32-bit) (Version: 4.10.0)
WModem Driver Installer (Version: 2.0.6.9)

========================= Devices: ================================

Name: Atheros AR8132 PCI-E Fast Ethernet Controller
Description: Atheros AR8132 PCI-E Fast Ethernet Controller
Class Guid: {4D36E972-E325-11CE-BFC1-08002BE10318}
Manufacturer: Atheros
Service: L1c
Problem: : This device is disabled. (Code 22)
Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions.


========================= Memory info: ===================================

Percentage of memory in use: 39%
Total physical RAM: 2037.87 MB
Available physical RAM: 1232.8 MB
Total Pagefile: 3933.02 MB
Available Pagefile: 3207.43 MB
Total Virtual: 2047.88 MB
Available Virtual: 1973.16 MB

========================= Partitions: =====================================

1 Drive c: ( 1) (Fixed) (Total:139.04 GB) (Free:68.15 GB) NTFS

========================= Users: ========================================

User accounts for \\CHANCELOT

ASPNET chance Guest

========================= Minidump Files ==================================

No minidump file found


**** End of log ****










#14 m0le

m0le

    Can U Dig It?


  • Malware Response Team
  • 34,527 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:London, UK
  • Local time:04:44 PM

Posted 08 July 2012 - 06:01 PM

The following steps involve registry editing. Please create new restore point before proceeding.

Backup Your Registry with ERUNTClick Erunt.exe to backup your registry to the folder of your choice.

Note: to restore your registry, go to the folder and start ERDNT.exe


Please go to Start and then Run, type regedit and click OK.

Navigate to HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\Root

Right-Click Root and select Permissions...

Under Security type while Everyone is selected put a check mark in the box under Allow next to Full Control.

Click Apply and OK.

Download XP.zip file from here:

Unzip it.

You'll find several files inside.

Double-click legacy_wscsvc.reg and confirm the prompt.
Double-click wscsvc.reg and confirm the prompt.

Please go back to the the Root key again while Everyone is selected remove check mark in the box under Allow next to Full Control and close the registry.

Restart the computer.

Now rerun FSS and post the log
Posted Image
m0le is a proud member of UNITE

#15 chancelot

chancelot
  • Topic Starter

  • Members
  • 9 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:LOS ANGELES
  • Local time:09:44 AM

Posted 10 July 2012 - 03:46 PM

Farbar Service Scanner Version: 08-07-2012
Ran by chance (administrator) on 10-07-2012 at 13:41:24
Running from "C:\Documents and Settings\Administrator\Desktop"
Microsoft Windows XP Professional Service Pack 3 (X86)
Boot Mode: Normal
****************************************************************

Internet Services:
============

Connection Status:
==============
Localhost is accessible.
LAN connected.
Google IP is accessible.
Google.com is accessible.
Yahoo IP is accessible.
Yahoo.com is accessible.


Windows Firewall:
=============

Firewall Disabled Policy:
==================


System Restore:
============

System Restore Disabled Policy:
========================


Security Center:
============
wscsvc Service is not running. Checking service configuration:
The start type of wscsvc service is OK.
The ImagePath of wscsvc service is OK.
The ServiceDll of wscsvc service is OK.


Windows Update:
============

Windows Autoupdate Disabled Policy:
============================


File Check:
========
C:\WINDOWS\system32\dhcpcsvc.dll
[2009-01-24 06:56] - [2009-01-24 06:56] - 0126976 ____A (Microsoft Corporation) C51DE19619D50CBD03708647ACA10E70

C:\WINDOWS\system32\Drivers\afd.sys => MD5 is legit
C:\WINDOWS\system32\Drivers\netbt.sys => MD5 is legit
C:\WINDOWS\system32\Drivers\tcpip.sys
[2009-01-24 07:03] - [2009-01-24 07:03] - 0361600 ____A (Microsoft Corporation) BA8C046D98345129723E6BCAA1E8AB99

C:\WINDOWS\system32\Drivers\ipsec.sys => MD5 is legit
C:\WINDOWS\system32\dnsrslvr.dll => MD5 is legit
C:\WINDOWS\system32\ipnathlp.dll
[2009-01-24 06:56] - [2009-01-24 06:56] - 0330752 ____A (Microsoft Corporation) 4F10A2FA76B5BD54CD68AFA94E8ADB39

C:\WINDOWS\system32\netman.dll => MD5 is legit
C:\WINDOWS\system32\wbem\WMIsvc.dll => MD5 is legit
C:\WINDOWS\system32\srsvc.dll => MD5 is legit
C:\WINDOWS\system32\Drivers\sr.sys => MD5 is legit

ATTENTION!=====> C:\WINDOWS\system32\wscsvc.dll FILE IS MISSING AND SHOULD BE RESTORED.

C:\WINDOWS\system32\wbem\WMIsvc.dll => MD5 is legit
C:\WINDOWS\system32\wuauserv.dll
[2011-08-28 14:39] - [2009-01-24 06:58] - 0023576 ____A (Microsoft Corporation) AAE1A6FFBA2B0436E91795120F48C461

C:\WINDOWS\system32\qmgr.dll => MD5 is legit
C:\WINDOWS\system32\es.dll
[2009-01-24 06:56] - [2009-01-24 06:56] - 0253952 ____A (Microsoft Corporation) F17F6226BDC0CD5F0BEF0DAF84D29BEC

C:\WINDOWS\system32\cryptsvc.dll => MD5 is legit
C:\WINDOWS\system32\svchost.exe => MD5 is legit
C:\WINDOWS\system32\rpcss.dll => MD5 is legit
C:\WINDOWS\system32\services.exe => MD5 is legit

Extra List:
=======
Avgtdix(9) Gpc(6) IPSec(4) NetBT(5) PSched(7) Tcpip(3)
0x09000000040000000100000002000000030000000900000005000000060000000700000008000000
IpSec Tag value is correct.

**** End of log ****




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users