Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

iexplore.exe and chrome.exe


  • This topic is locked This topic is locked
52 replies to this topic

#1 Phil from Atlanta

Phil from Atlanta

  • Members
  • 23 posts
  • OFFLINE
  •  
  • Local time:02:36 PM

Posted 09 August 2012 - 05:24 PM

I am new to bleepingcomputer. I have multiple instances of iexplore.exe and chrome.exe running. iexplore.exe runs two instances at all times in the task manager, however, I do not use Internet explorer at all and no windows are open. These two instances are there as soon as the desktop is loaded. Like other threads, once I end task in the task manager, the program appears again within seconds. I also have two instances of chrome running whenever I have just one chrome window open. This may be normal but just thought I would check. Lastly I have about five instances of svchost.exe which I'm not sure is normal. I would like someone to help me get rid of these background programs if they are a form of a virus or just unnecessary.

Thanks

BC AdBot (Login to Remove)

 


#2 Orange Blossom

Orange Blossom

    OBleepin Investigator


  • Moderator
  • 36,842 posts
  • OFFLINE
  •  
  • Gender:Not Telling
  • Location:Bloomington, IN
  • Local time:03:36 PM

Posted 10 August 2012 - 06:22 AM

Hello,

Please follow the instructions in ==>This Guide<== starting at step 6. If you cannot complete a step, skip it and continue.

Once the proper logs are created, then post them in a reply to this topic by using the Add Reply button.

If you can produce at least some of the logs, then please create the post and explain what happens when you try to create the log(s) that you couldn't get. If you cannot produce any of the logs, then still post the reply and explain that you followed the Prep. Guide, were unable to create the logs, and describe what happens when you try to create the logs.

Please note that I am not a member of the Malware Removal Team and will not be assisting you in removing the infection. I'm simply helping you to post the information they need in order to assist you.

If HelpBot replies to your topic, PLEASE follow Step One so it will report your topic to the team members.

Orange Blossom :cherry:
Help us help you. If HelpBot replies, you MUST follow step 1 in its reply so we know you need help.

Orange Blossom

An ounce of prevention is worth a pound of cure

SpywareBlaster, WinPatrol Plus, ESET Smart Security, Malwarebytes' Anti-Malware, NoScript Firefox ext., Norton noscript

#3 HelpBot

HelpBot

    Bleepin' Binary Bot


  • Bots
  • 12,600 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:03:36 PM

Posted 14 August 2012 - 05:25 PM

Hello and welcome to Bleeping Computer!

I am HelpBot: an automated program designed to help the Bleeping Computer Staff better assist you! This message contains very important information, so please read through all of it before doing anything.

We apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help. No one is ignored here.

To help Bleeping Computer better assist you please perform the following steps:

***************************************************

Posted Image In order to continue receiving help at BleepingComputer.com, YOU MUST tell me if you still need help or if your issue has already been resolved on your own or through another resource! To tell me this, please click on the following link and follow the instructions there.

CLICK THIS LINK >>> http://www.bleepingcomputer.com/logreply/464565 <<< CLICK THIS LINK



If you no longer need help, then all you needed to do was the previous instructions of telling me so. You can skip the rest of this post. If you do need help please continue with Step 2 below.

***************************************************

Posted Image If you still need help, I would like you to post a Reply to this topic (click the "Add Reply" button in the lower right hand of this page). In that reply, please include the following information:

  • If you have not done so already, include a clear description of the problems you're having, along with any steps you may have performed so far.
  • A new DDS and GMER log. For your convenience, you will find the instructions for generating these logs repeated at the bottom of this post.
    • Please do this even if you have previously posted logs for us.
    • If you were unable to produce the logs originally please try once more.
    • If you are unable to create a log please provide detailed information about your installed Windows Operating System including the Version, Edition and if it is a 32bit or a 64bit system.
    • If you are unsure about any of these characteristics just post what you can and we will guide you.
  • Please tell us if you have your original Windows CD/DVD available.
  • Upon completing the above steps and posting a reply, another staff member will review your topic and do their best to resolve your issues.

Thank you for your patience, and again sorry for the delay.

***************************************************

We need to see some information about what is happening in your machine. Please perform the following scan again:

  • Download DDS by sUBs from one of the following links if you no longer have it available. Save it to your desktop.
  • Double click on the DDS icon, allow it to run.
  • A small box will open, with an explanation about the tool. No input is needed, the scan is running.
  • Notepad will open with the results.
  • Follow the instructions that pop up for posting the results.
  • Close the program window, and delete the program from your desktop.
Please note: You may have to disable any script protection running if the scan fails to run. After downloading the tool, disconnect from the internet and disable all antivirus protection. Run the scan, enable your A/V and reconnect to the internet.

Information on A/V control HERE


We also need a new log from the GMER anti-rootkit Scanner.

Please note that if you are running a 64-bit version of Windows, you should not bother creating a GMER log.

Please first disable any CD emulation programs using the steps found in this topic:

Why we request you disable CD Emulation when receiving Malware Removal Advice


Then create another GMER log and post it as an attachment to the reply where you post your new DDS log. Instructions on how to properly create a GMER log can be found here:

How to create a GMER log


As I am just a silly little program running on the BleepingComputer.com servers, please do not send me private messages as I do not know how to read and reply to them! Thanks!

#4 Phil from Atlanta

Phil from Atlanta
  • Topic Starter

  • Members
  • 23 posts
  • OFFLINE
  •  
  • Local time:02:36 PM

Posted 14 August 2012 - 10:03 PM

.
DDS (Ver_2011-08-26.01) - NTFSx86
Internet Explorer: 8.0.6001.18702
Run by Administrator at 19:24:03 on 2012-08-14
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.510.200 [GMT -4:00]
.
.
============== Running Processes ===============
.
C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
C:\WINDOWS\system32\svchost.exe -k WudfServiceGroup
svchost.exe
svchost.exe
C:\WINDOWS\system32\spoolsv.exe
svchost.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\system32\igfxtray.exe
C:\WINDOWS\system32\hkcmd.exe
C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd.exe
C:\Program Files\HP\hpcoretech\hpcmpmgr.exe
C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb09.exe
C:\WINDOWS\system32\rundll32.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\CleanMyPC\Registry Cleaner\RCHelper.exe
C:\Program Files\FreeAlarmClock\FreeAlarmClock.exe
C:\WINDOWS\system32\notepad.exe
C:\Program Files\Common Files\Java\Java Update\jucheck.exe
C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
C:\Program Files\Microsoft Office\Office12\OUTLOOK.EXE
C:\WINDOWS\system32\taskmgr.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://www.google.com/
uInternet Connection Wizard,ShellNext = wmplayer.exe //ICWLaunch
uInternet Settings,ProxyOverride = <local>
uURLSearchHooks: uTorrentBar Toolbar: {bf7380fa-e3b4-4db2-af3e-9d8783a45bfc} - c:\program files\utorrentbar\prxtbuTo2.dll
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: Groove GFS Browser Helper: {72853161-30c5-4d22-b7f9-0bbc1d38a37e} - c:\program files\microsoft office\office12\GrooveShellExtensions.dll
BHO: Java™ Plug-In SSV Helper: {761497bb-d6f0-462c-b6eb-d4daf1d92d43} - c:\program files\java\jre6\bin\ssv.dll
BHO: Search Toolbar: {9d425283-d487-4337-bab6-ab8354a81457} - c:\program files\search toolbar\SearchToolbar.dll
BHO: uTorrentBar Toolbar: {bf7380fa-e3b4-4db2-af3e-9d8783a45bfc} - c:\program files\utorrentbar\prxtbuTo2.dll
BHO: Java™ Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
BHO: Yontoo: {fd72061e-9fde-484d-a58a-0bab4151cad8} - c:\program files\yontoo\YontooIEClient.dll
TB: uTorrentBar Toolbar: {bf7380fa-e3b4-4db2-af3e-9d8783a45bfc} - c:\program files\utorrentbar\prxtbuTo2.dll
TB: Search Toolbar: {9d425283-d487-4337-bab6-ab8354a81457} - c:\program files\search toolbar\SearchToolbar.dll
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
uRun: [Google Update] "c:\documents and settings\administrator\local settings\application data\google\update\GoogleUpdate.exe" /c
uRun: [Registry Cleaner Scheduler] "c:\program files\cleanmypc\registry cleaner\RCHelper.exe" /startup
uRun: [FreeAC] c:\program files\freealarmclock\FreeAlarmClock.exe -autorun
mRun: [IgfxTray] c:\windows\system32\igfxtray.exe
mRun: [HotKeysCmds] c:\windows\system32\hkcmd.exe
mRun: [GrooveMonitor] "c:\program files\microsoft office\office12\GrooveMonitor.exe"
mRun: [SunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe"
mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 9.0\reader\Reader_sl.exe"
mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe"
mRun: [HP Software Update] "c:\program files\hewlett-packard\hp software update\HPWuSchd.exe"
mRun: [HP Component Manager] "c:\program files\hp\hpcoretech\hpcmpmgr.exe"
mRun: [HPDJ Taskbar Utility] c:\windows\system32\spool\drivers\w32x86\3\hpztsb09.exe
mRun: [ormgp] rundll32.exe "c:\documents and settings\administrator\application data\ormgp.dll",CreateEnumFormatEtc
mRun: [wuipi] "c:\windows\system32\rundll32.exe" "c:\documents and settings\administrator\application data\wuipi.dll",Method_Function
dRun: [DWQueuedReporting] "c:\progra~1\common~1\micros~1\dw\dwtrig20.exe" -t
IE: E&xport to Microsoft Excel - c:\progra~1\micros~3\office12\EXCEL.EXE/3000
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FA9B9510-9FCB-4ca0-818C-5D0987B47C4D} - c:\program files\pokerstars.net\PokerStarsUpdate.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - c:\progra~1\micros~3\office12\ONBttnIE.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~3\office12\REFIEBAR.DLL
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab
DPF: {A8F2B9BD-A6A0-486A-9744-18920D898429} - hxxp://www.sibelius.com/download/software/win/ActiveXPlugin.cab
DPF: {CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab
TCP: DhcpNameServer = 192.168.2.1
TCP: Interfaces\{9F0AAB9A-1175-411E-99EF-D4D52FA0CEF6} : DhcpNameServer = 192.168.2.1
Handler: cetihpz - {CF184AD3-CDCB-4168-A3F7-8E447D129300} - c:\program files\hp\hpcoretech\comp\hpuiprot.dll
Handler: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - c:\program files\microsoft office\office12\GrooveSystemServices.dll
Notify: igfxcui - igfxsrvc.dll
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll
SEH: Groove GFS Stub Execution Hook: {b5a7f190-dda6-4420-b3ba-52453494e6cd} - c:\program files\microsoft office\office12\GrooveShellExtensions.dll
mASetup: {10880D85-AAD9-4558-ABDC-2AB1552D831F} - "c:\program files\common files\lightscribe\LSRunOnce.exe"
.
================= FIREFOX ===================
.
FF - ProfilePath - c:\documents and settings\administrator\application data\mozilla\firefox\profiles\5v4d6cr9.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.google.com/
FF - plugin: c:\documents and settings\administrator\application data\mozilla\plugins\npgoogletalk.dll
FF - plugin: c:\documents and settings\administrator\application data\mozilla\plugins\npgtpo3dautoplugin.dll
FF - plugin: c:\documents and settings\administrator\local settings\application data\google\update\1.3.21.115\npGoogleUpdate3.dll
FF - plugin: c:\program files\adobe\reader 9.0\reader\air\nppdf32.dll
FF - plugin: c:\program files\java\jre6\bin\plugin2\npdeployJava1.dll
FF - plugin: c:\program files\java\jre6\bin\plugin2\npjp2.dll
FF - plugin: c:\windows\system32\macromed\flash\NPSWF32_11_3_300_268.dll
.
============= SERVICES / DRIVERS ===============
.
S3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:\windows\system32\macromed\flash\FlashPlayerUpdateService.exe [2012-5-28 250056]
S3 androidusb;ADB Interface Driver;c:\windows\system32\drivers\smhwadb.sys [2011-4-26 25728]
S3 FsUsbExDisk;FsUsbExDisk;c:\windows\system32\FsUsbExDisk.Sys [2011-3-3 36608]
S3 MozillaMaintenance;Mozilla Maintenance Service;c:\program files\mozilla maintenance service\maintenanceservice.exe [2012-6-17 113120]
S3 smhwdev;SmartPhone dummy USB PNP Device (Normal);c:\windows\system32\drivers\smhwdev.sys [2011-4-26 100864]
S3 smhwser;USB Device for Legacy Serial Communication (Normal);c:\windows\system32\drivers\smhwser.sys [2011-4-26 108032]
.
=============== Created Last 30 ================
.
2012-08-09 10:35:47 -------- d-----w- c:\program files\FreeAlarmClock
2012-07-31 02:24:30 -------- d-----w- c:\documents and settings\administrator\local settings\application data\{D3ED423F-DAB6-11E1-8270-B8AC6F996F26}
2012-07-31 02:24:30 -------- d-----w- c:\documents and settings\administrator\local settings\application data\{D3ED0C62-DAB6-11E1-8270-B8AC6F996F26}
2012-07-31 02:24:27 438784 ----a-w- c:\documents and settings\administrator\application data\wuipi.dll
2012-07-31 02:23:25 140288 ----a-w- c:\documents and settings\administrator\application data\ormgp.dll
2012-07-30 18:47:45 -------- d-----w- c:\program files\Sarm Software
.
==================== Find3M ====================
.
2012-08-03 05:31:22 70344 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2012-08-03 05:31:22 426184 ----a-w- c:\windows\system32\FlashPlayerApp.exe
2012-07-03 17:46:44 22344 ----a-w- c:\windows\system32\drivers\mbam.sys
2012-06-13 13:19:59 1866112 ----a-w- c:\windows\system32\win32k.sys
2012-06-05 15:50:25 1372672 ----a-w- c:\windows\system32\msxml6.dll
2012-06-05 15:50:25 1172480 ----a-w- c:\windows\system32\msxml3.dll
2012-06-04 04:32:08 152576 ----a-w- c:\windows\system32\schannel.dll
2012-06-02 19:19:44 22040 ----a-w- c:\windows\system32\wucltui.dll.mui
2012-06-02 19:19:38 219160 ----a-w- c:\windows\system32\wuaucpl.cpl
2012-06-02 19:19:38 15384 ----a-w- c:\windows\system32\wuaucpl.cpl.mui
2012-06-02 19:19:34 15384 ----a-w- c:\windows\system32\wuapi.dll.mui
2012-06-02 19:19:30 17944 ----a-w- c:\windows\system32\wuaueng.dll.mui
2012-06-02 19:18:58 275696 ----a-w- c:\windows\system32\mucltui.dll
2012-06-02 19:18:58 214256 ----a-w- c:\windows\system32\muweb.dll
2012-06-02 19:18:58 17136 ----a-w- c:\windows\system32\mucltui.dll.mui
2012-05-31 13:22:09 599040 ----a-w- c:\windows\system32\crypt32.dll
.
============= FINISH: 19:25:25.75 ===============

Attached File  attach.txt   13.52KB   1 downloads

I tried twice to run a GMER scan but the first time I tried, my computer froze completely. The second time I tried, I got a blue screen that said "Windows encountered an error and needs to restart..." and some script that I could not recognize that filled the rest of the screen. Just wanted to let you know that the GMER was not downloaded to the desktop but to a slave drive (G:). I have never had a problem with that drive in particular. When it was downloaded, I didn't have a choice of where to save it to because I had assigned that folder for downloads in google chrome. After it finished downloading, it ran automatically and since I didn't see any differences compared to the tutorial, I went ahead and ran it with the setting as pictured. Secondly, I wanted make it clear that I did not download the GMER.zip file but took the GMER "download now" option as I did not read the instructions well enough. I was scared to run it again after I got the blue screen.

#5 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:03:36 PM

Posted 15 August 2012 - 10:20 AM

Greetings and Welcome to The Forums!!

My name is Gringo and I'll be glad to help you with your computer problems.

I have put together somethings for you to keep in mind while I am helping you to make things go easier and faster for both of us

  • Please do not run any tools unless instructed to do so.
    • We ask you to run different tools in a specific order to ensure the malware is completely removed from your machine, and running any additional tools may detect false positives, interfere with our tools, or cause unforeseen damage or system instability.
  • Please do not attach logs or use code boxes, just copy and paste the text.
    • Due to the high volume of logs we receive it helps to receive everything in the same format, and code boxes make the logs very difficult to read. Also, attachments require us to download and open the reports when it is easier to just read the reports in your post.
  • Please read every post completely before doing anything.
    • Pay special attention to the NOTE: lines, these entries identify an individual issue or important step in the cleanup process.
  • Please provide feedback about your experience as we go.
    • A short statement describing how the computer is working helps us understand where to go next, for example: I am still getting redirected, the computer is running normally, etc. Please do not describe the computer as "the same", this requires the extra step of looking back at your previous post.
NOTE: At the top of your post, click on the Watch Topic Button, select Immediate Notification, and click on Proceed. This will send you an e-mail as soon as I reply to your topic, allowing us to resolve the issue faster.

NOTE: Backup any files that cannot be replaced. Removing malware can be unpredictable and this step can save a lot of hartaches if things don't go as planed. You can put them on a CD/DVD, external drive or a pen drive, anywhere except on the computer.

NOTE: It is good practice to copy and paste the instructions into notepad and print them in case it is necessary for you to go offline during the cleanup process. To open notepad, navigate to Start Menu > All Programs > Accessories > Notepad. Please remember to copy the entire post so you do not miss any instructions.

Security Check

  • Download Security Check by screen317 from here.
  • Save it to your Desktop.
  • Double click SecurityCheck.exe and follow the onscreen instructions inside of the black box.
  • A Notepad document should open automatically called checkup.txt; please post the contents of that document.



Run Combofix:

You may be asked to install or update the Recovery Console (Win XP Only) if this happens please allow it to do so (you will need to be connected to the internet for this)

Before you run Combofix I will need you to turn off any security software you have running, If you do not know how to do this you can find out >here< or >here<

Combofix may need to reboot your computer more than once to do its job this is normal.

You can download Combofix from one of these links.
Link 1
Link 2
Link 3
1. Close any open browsers or any other programs that are open.
2. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

Double click on combofix.exe & follow the prompts.
When finished, it will produce a report for you.

Note 1: Do not mouseclick combofix's window while it's running. That may cause it to stall

Note 2: If you recieve an error "Illegal operation attempted on a registery key that has been marked for deletion." Please restart the computer

"information and logs"

  • In your next post I need the following
  • Log from Combofix
  • let me know of any problems you may have had
  • How is the computer doing now?

Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#6 Phil from Atlanta

Phil from Atlanta
  • Topic Starter

  • Members
  • 23 posts
  • OFFLINE
  •  
  • Local time:02:36 PM

Posted 15 August 2012 - 06:48 PM

Results of screen317's Security Check version 0.99.43
Windows XP Service Pack 3 x86
Internet Explorer 8
``````````````Antivirus/Firewall Check:``````````````
Windows Firewall Enabled!
WMI entry may not exist for antivirus; attempting automatic update.
`````````Anti-malware/Other Utilities Check:`````````
Malwarebytes Anti-Malware version 1.62.0.1300
CCleaner
CleanMyPC - Registry Cleaner
Java™ 6 Update 31
Java version out of Date!
Adobe Flash Player 11.3.300.270
Adobe Reader 9 Adobe Reader out of Date!
Mozilla Firefox (Firefox,. Firefox out of Date!
````````Process Check: objlist.exe by Laurent````````
`````````````````System Health check`````````````````
Total Fragmentation on Drive C:: 6%
````````````````````End of Log``````````````````````




ComboFix 12-08-15.01 - Administrator 08/15/2012 17:39:58.1.1 - x86
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.510.168 [GMT -4:00]
Running from: g:\temp\ComboFix.exe
.
WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\documents and settings\Administrator\Application Data\ormgp.dll
c:\documents and settings\Administrator\Application Data\PriceGong
c:\documents and settings\Administrator\Application Data\PriceGong\Data\1.xml
c:\documents and settings\Administrator\Application Data\PriceGong\Data\a.xml
c:\documents and settings\Administrator\Application Data\PriceGong\Data\b.xml
c:\documents and settings\Administrator\Application Data\PriceGong\Data\c.xml
c:\documents and settings\Administrator\Application Data\PriceGong\Data\d.xml
c:\documents and settings\Administrator\Application Data\PriceGong\Data\e.xml
c:\documents and settings\Administrator\Application Data\PriceGong\Data\f.xml
c:\documents and settings\Administrator\Application Data\PriceGong\Data\g.xml
c:\documents and settings\Administrator\Application Data\PriceGong\Data\h.xml
c:\documents and settings\Administrator\Application Data\PriceGong\Data\i.xml
c:\documents and settings\Administrator\Application Data\PriceGong\Data\J.xml
c:\documents and settings\Administrator\Application Data\PriceGong\Data\k.xml
c:\documents and settings\Administrator\Application Data\PriceGong\Data\l.xml
c:\documents and settings\Administrator\Application Data\PriceGong\Data\m.xml
c:\documents and settings\Administrator\Application Data\PriceGong\Data\mru.xml
c:\documents and settings\Administrator\Application Data\PriceGong\Data\n.xml
c:\documents and settings\Administrator\Application Data\PriceGong\Data\o.xml
c:\documents and settings\Administrator\Application Data\PriceGong\Data\p.xml
c:\documents and settings\Administrator\Application Data\PriceGong\Data\q.xml
c:\documents and settings\Administrator\Application Data\PriceGong\Data\r.xml
c:\documents and settings\Administrator\Application Data\PriceGong\Data\s.xml
c:\documents and settings\Administrator\Application Data\PriceGong\Data\t.xml
c:\documents and settings\Administrator\Application Data\PriceGong\Data\u.xml
c:\documents and settings\Administrator\Application Data\PriceGong\Data\v.xml
c:\documents and settings\Administrator\Application Data\PriceGong\Data\w.xml
c:\documents and settings\Administrator\Application Data\PriceGong\Data\x.xml
c:\documents and settings\Administrator\Application Data\PriceGong\Data\y.xml
c:\documents and settings\Administrator\Application Data\PriceGong\Data\z.xml
c:\documents and settings\Administrator\Application Data\wuipi.dll
c:\documents and settings\All Users\Application Data\TEMP
c:\program files\Search Toolbar
c:\program files\Search Toolbar\icon.ico
c:\program files\Search Toolbar\SearchToolbar.dll
c:\program files\Search Toolbar\SearchToolbarUninstall.exe
c:\program files\Search Toolbar\SearchToolbarUpdater.exe
c:\windows\system32\SET237.tmp
c:\windows\system32\SET243.tmp
F:\Autorun.inf
.
.
((((((((((((((((((((((((( Files Created from 2012-07-15 to 2012-08-15 )))))))))))))))))))))))))))))))
.
.
2012-08-15 18:27 . 2012-08-15 18:27 -------- d-----w- c:\windows\LastGood
2012-08-09 10:35 . 2012-08-09 10:35 -------- d-----w- c:\program files\FreeAlarmClock
2012-07-31 02:24 . 2012-07-31 02:24 -------- d-----w- c:\documents and settings\Administrator\Local Settings\Application Data\{D3ED423F-DAB6-11E1-8270-B8AC6F996F26}
2012-07-31 02:24 . 2012-07-31 02:24 -------- d-----w- c:\documents and settings\Administrator\Local Settings\Application Data\{D3ED0C62-DAB6-11E1-8270-B8AC6F996F26}
2012-07-30 18:47 . 2012-07-30 18:47 -------- d-----w- c:\program files\Sarm Software
2012-07-20 23:18 . 2012-07-20 23:18 -------- d-----w- c:\documents and settings\All Users\Application Data\McAfee
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-08-03 05:31 . 2012-05-28 13:50 426184 ----a-w- c:\windows\system32\FlashPlayerApp.exe
2012-08-03 05:31 . 2012-03-02 00:49 70344 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2012-07-03 17:46 . 2011-01-25 23:08 22344 ----a-w- c:\windows\system32\drivers\mbam.sys
2012-06-13 13:19 . 2008-04-14 05:00 1866112 ----a-w- c:\windows\system32\win32k.sys
2012-06-05 15:50 . 2008-04-14 09:42 1372672 ----a-w- c:\windows\system32\msxml6.dll
2012-06-05 15:50 . 2008-04-14 09:42 1172480 ----a-w- c:\windows\system32\msxml3.dll
2012-06-04 04:32 . 2008-04-14 09:42 152576 ----a-w- c:\windows\system32\schannel.dll
2012-06-02 19:19 . 2009-08-07 00:24 22040 ----a-w- c:\windows\system32\wucltui.dll.mui
2012-06-02 19:19 . 2011-01-25 22:36 329240 ----a-w- c:\windows\system32\wucltui.dll
2012-06-02 19:19 . 2011-01-25 22:36 210968 ----a-w- c:\windows\system32\wuweb.dll
2012-06-02 19:19 . 2011-01-25 22:36 219160 ----a-w- c:\windows\system32\wuaucpl.cpl
2012-06-02 19:19 . 2009-08-07 00:24 15384 ----a-w- c:\windows\system32\wuaucpl.cpl.mui
2012-06-02 19:19 . 2011-01-25 22:36 35864 ----a-w- c:\windows\system32\wups.dll
2012-06-02 19:19 . 2011-01-25 22:36 53784 ----a-w- c:\windows\system32\wuauclt.exe
2012-06-02 19:19 . 2009-08-07 00:24 45080 ----a-w- c:\windows\system32\wups2.dll
2012-06-02 19:19 . 2009-08-07 00:24 15384 ----a-w- c:\windows\system32\wuapi.dll.mui
2012-06-02 19:19 . 2008-04-14 09:41 97304 ----a-w- c:\windows\system32\cdm.dll
2012-06-02 19:19 . 2009-08-07 00:24 17944 ----a-w- c:\windows\system32\wuaueng.dll.mui
2012-06-02 19:19 . 2011-01-25 22:36 577048 ----a-w- c:\windows\system32\wuapi.dll
2012-06-02 19:19 . 2011-01-25 22:36 1933848 ----a-w- c:\windows\system32\wuaueng.dll
2012-06-02 19:18 . 2011-02-17 21:02 275696 ----a-w- c:\windows\system32\mucltui.dll
2012-06-02 19:18 . 2011-02-17 21:02 214256 ----a-w- c:\windows\system32\muweb.dll
2012-06-02 19:18 . 2011-02-17 21:02 17136 ----a-w- c:\windows\system32\mucltui.dll.mui
2012-05-31 13:22 . 2008-04-14 09:41 599040 ----a-w- c:\windows\system32\crypt32.dll
2012-07-31 20:33 . 2012-06-17 22:18 136672 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
"{bf7380fa-e3b4-4db2-af3e-9d8783a45bfc}"= "c:\program files\uTorrentBar\prxtbuTo2.dll" [2011-05-09 176936]
.
[HKEY_CLASSES_ROOT\clsid\{bf7380fa-e3b4-4db2-af3e-9d8783a45bfc}]
.
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{bf7380fa-e3b4-4db2-af3e-9d8783a45bfc}]
2011-05-09 09:49 176936 ----a-w- c:\program files\uTorrentBar\prxtbuTo2.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{bf7380fa-e3b4-4db2-af3e-9d8783a45bfc}"= "c:\program files\uTorrentBar\prxtbuTo2.dll" [2011-05-09 176936]
.
[HKEY_CLASSES_ROOT\clsid\{bf7380fa-e3b4-4db2-af3e-9d8783a45bfc}]
.
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser]
"{BF7380FA-E3B4-4DB2-AF3E-9D8783A45BFC}"= "c:\program files\uTorrentBar\prxtbuTo2.dll" [2011-05-09 176936]
.
[HKEY_CLASSES_ROOT\clsid\{bf7380fa-e3b4-4db2-af3e-9d8783a45bfc}]
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Registry Cleaner Scheduler"="c:\program files\CleanMyPC\Registry Cleaner\RCHelper.exe" [2011-10-06 1401224]
"FreeAC"="c:\program files\FreeAlarmClock\FreeAlarmClock.exe" [2012-04-25 1328976]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2005-06-21 155648]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2005-06-21 126976]
"GrooveMonitor"="c:\program files\Microsoft Office\Office12\GrooveMonitor.exe" [2009-02-26 30040]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2012-01-18 254696]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2012-03-27 37296]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-01-02 843712]
"HP Software Update"="c:\program files\Hewlett-Packard\HP Software Update\HPWuSchd.exe" [2003-06-25 49152]
"HP Component Manager"="c:\program files\HP\hpcoretech\hpcmpmgr.exe" [2003-10-23 233472]
"HPDJ Taskbar Utility"="c:\windows\system32\spool\drivers\w32x86\3\hpztsb09.exe" [2006-01-13 188416]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"DWQueuedReporting"="c:\progra~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" [2011-07-27 434080]
.
[HKLM\~\startupfolder\C:^Documents and Settings^Administrator^Start Menu^Programs^Startup^OpenOffice.org 3.2.lnk]
path=c:\documents and settings\Administrator\Start Menu\Programs\Startup\OpenOffice.org 3.2.lnk
backup=c:\windows\pss\OpenOffice.org 3.2.lnkStartup
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
2012-03-27 12:41 37296 ----a-w- c:\program files\Adobe\Reader 9.0\Reader\reader_sl.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LightScribe Control Panel]
2007-04-19 18:26 484904 ----a-w- c:\program files\Common Files\LightScribe\LightScribeControlPanel.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS]
2008-04-14 10:42 1695232 ------w- c:\program files\Messenger\msmsgs.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
2012-01-18 18:02 254696 ----a-w- c:\program files\Common Files\Java\Java Update\jusched.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"JavaQuickStarterService"=2 (0x2)
"LightScribeService"=2 (0x2)
"NMIndexingService"=3 (0x3)
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\uTorrent\\uTorrent.exe"=
"c:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"=
"c:\\Program Files\\Microsoft Office\\Office12\\GROOVE.EXE"=
"c:\\Program Files\\Microsoft Office\\Office12\\ONENOTE.EXE"=
"c:\\Program Files\\Rosetta Stone\\Rosetta Stone Version 3\\support\\bin\\win\\RosettaStoneLtdServices.exe"=
"c:\\Program Files\\Rosetta Stone\\Rosetta Stone Version 3\\RosettaStoneVersion3.exe"=
"c:\\Documents and Settings\\Administrator\\Local Settings\\Application Data\\Google\\Google Talk Plugin\\googletalkplugin.exe"=
.
S3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [5/28/2012 9:50 AM 250056]
S3 androidusb;ADB Interface Driver;c:\windows\system32\drivers\smhwadb.sys [4/26/2011 9:35 PM 25728]
S3 FsUsbExDisk;FsUsbExDisk;c:\windows\system32\FsUsbExDisk.Sys [3/3/2011 1:11 AM 36608]
S3 MozillaMaintenance;Mozilla Maintenance Service;c:\program files\Mozilla Maintenance Service\maintenanceservice.exe [6/17/2012 6:18 PM 113120]
S3 smhwdev;SmartPhone dummy USB PNP Device (Normal);c:\windows\system32\drivers\smhwdev.sys [4/26/2011 9:35 PM 100864]
S3 smhwser;USB Device for Legacy Serial Communication (Normal);c:\windows\system32\drivers\smhwser.sys [4/26/2011 9:35 PM 108032]
.
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{10880D85-AAD9-4558-ABDC-2AB1552D831F}]
2007-04-19 18:23 452136 ----a-w- c:\program files\Common Files\LightScribe\LSRunOnce.exe
.
Contents of the 'Scheduled Tasks' folder
.
2012-08-15 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2012-05-28 05:31]
.
2012-08-15 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1004336348-1979792683-1606980848-500Core.job
- c:\documents and settings\Administrator\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2012-01-23 16:10]
.
2012-08-15 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1004336348-1979792683-1606980848-500UA.job
- c:\documents and settings\Administrator\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2012-01-23 16:10]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.google.com/
uInternet Connection Wizard,ShellNext = wmplayer.exe //ICWLaunch
uInternet Settings,ProxyOverride = <local>
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~3\Office12\EXCEL.EXE/3000
TCP: DhcpNameServer = 192.168.2.1
FF - ProfilePath - c:\documents and settings\Administrator\Application Data\Mozilla\Firefox\Profiles\5v4d6cr9.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.google.com/
.
- - - - ORPHANS REMOVED - - - -
.
HKLM-Run-ormgp - c:\documents and settings\Administrator\Application Data\ormgp.dll
HKLM-Run-wuipi - c:\documents and settings\Administrator\Application Data\wuipi.dll
MSConfigStartUp-NeroFilterCheck - c:\program files\Common Files\Ahead\Lib\NeroCheck.exe
AddRemove-Search Toolbar - c:\program files\Search Toolbar\SearchToolbarUninstall.exe
AddRemove-01_Simmental - c:\program files\Samsung\USB Drivers\01_Simmental\Uninstall.exe
AddRemove-02_Siberian - c:\program files\Samsung\USB Drivers\02_Siberian\Uninstall.exe
AddRemove-03_Swallowtail - c:\program files\Samsung\USB Drivers\03_Swallowtail\Uninstall.exe
AddRemove-04_semseyite - c:\program files\Samsung\USB Drivers\04_semseyite\Uninstall.exe
AddRemove-05_Sloan - c:\program files\Samsung\USB Drivers\05_Sloan\Uninstall.exe
AddRemove-06_Spencer - c:\program files\Samsung\USB Drivers\06_Spencer\Uninstall.exe
AddRemove-07_Schorl - c:\program files\Samsung\USB Drivers\07_Schorl\Uninstall.exe
AddRemove-08_EMPChipset - c:\program files\Samsung\USB Drivers\08_EMPChipset\Uninstall.exe
AddRemove-09_Hsp - c:\program files\Samsung\USB Drivers\09_Hsp\Uninstall.exe
AddRemove-11_HSP_Plus_Default - c:\program files\Samsung\USB Drivers\11_HSP_Plus_Default\Uninstall.exe
AddRemove-16_Shrewsbury - c:\program files\Samsung\USB Drivers\16_Shrewsbury\Uninstall.exe
AddRemove-17_EMP_Chipset2 - c:\program files\Samsung\USB Drivers\17_EMP_Chipset2\Uninstall.exe
AddRemove-18_Zinia_Serial_Driver - c:\program files\Samsung\USB Drivers\18_Zinia_Serial_Driver\Uninstall.exe
AddRemove-19_VIA_driver - c:\program files\Samsung\USB Drivers\19_VIA_driver\Uninstall.exe
AddRemove-20_NXP_Driver - c:\program files\Samsung\USB Drivers\20_NXP_Driver\Uninstall.exe
AddRemove-21_Searsburg - c:\program files\Samsung\USB Drivers\21_Searsburg\Uninstall.exe
AddRemove-22_WiBro_WiMAX - c:\program files\Samsung\USB Drivers\22_WiBro_WiMAX\Uninstall.exe
.
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2012-08-15 17:58
Windows 5.1.2600 Service Pack 3 NTFS
.
scanning hidden processes ...
.
scanning hidden autostart entries ...
.
scanning hidden files ...
.
scan completed successfully
hidden files: 0
.
**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_USERS\S-1-5-21-1004336348-1979792683-1606980848-500\Software\Microsoft\Internet Explorer\User Preferences]
@Denied: (2) (Administrator)
"88D7D0879DAB32E14DE5B3A805A34F98AFF34F5977"=hex:01,00,00,00,d0,8c,9d,df,01,15,
d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,6b,0b,43,0f,82,dc,38,4a,ae,76,a5,\
"2D53CFFC5C1A3DD2E97B7979AC2A92BD59BC839E81"=hex:01,00,00,00,d0,8c,9d,df,01,15,
d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,6b,0b,43,0f,82,dc,38,4a,ae,76,a5,\
.
Completion time: 2012-08-15 18:04:09
ComboFix-quarantined-files.txt 2012-08-15 22:03
.
Pre-Run: 9,587,568,640 bytes free
Post-Run: 10,105,909,248 bytes free
.
- - End Of File - - 09BF0E7ABAE1704F4E322AD9DC5D34AF



The first post is from security check and the second is from combo boost. Had no problems running either program. The internet explorer seems to have disappeared from the task manager so hopefully that means it's fixed. The google chrome however, still shows multiple instances in the task manager. Example is right now I have one google chrome/ tab open (which ever you want to call it) being this window for the reply I'm writing you. In the task manager, it shows 3 instances of google chrome.

#7 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:03:36 PM

Posted 15 August 2012 - 07:16 PM

Greetings

the deal with chrome is normal - I just started chrome on my computer and without opening any tabs and had three running in task manager

I want you to run these next,

tdsskiller:

Please read carefully and follow these steps.
  • Download TDSSKiller and save it to your Desktop.
  • doubleclick on TDSSKiller.exe to run the application, then on Start Scan.
  • If an infected file is detected, the default action will be Cure, click on Continue.
  • If a suspicious file is detected, the default action will be Skip, click on Continue.
  • It may ask you to reboot the computer to complete the process. Click on Reboot Now.
  • If no reboot is require, click on Report. A log file should appear. Please copy and paste the contents of that file here.
  • If a reboot is required, the report can also be found in your root directory, (usually C:\ folder) in the form of "TDSSKiller.[Version]_[Date]_[Time]_log.txt". Please copy and paste the contents of that file here.

Please download aswMBR to your desktop.
  • Double click the aswMBR.exe icon to run it
  • it will ask to download extra definitions - ALLOW IT
  • Click the Scan button to start the scan
  • On completion of the scan, click the save log button, save it to your desktop and post it in your next reply.

If you have any problems running either one come back and let me know

please reply with the reports from TDSSKiller and aswMBR

Gringo

Edited by gringo_pr, 15 August 2012 - 07:17 PM.

I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#8 Phil from Atlanta

Phil from Atlanta
  • Topic Starter

  • Members
  • 23 posts
  • OFFLINE
  •  
  • Local time:02:36 PM

Posted 15 August 2012 - 08:29 PM

21:12:08.0522 0760 TDSS rootkit removing tool 2.8.6.0 Aug 13 2012 17:24:05
21:12:09.0116 0760 ============================================================
21:12:09.0116 0760 Current date / time: 2012/08/15 21:12:09.0116
21:12:09.0116 0760 SystemInfo:
21:12:09.0116 0760
21:12:09.0116 0760 OS Version: 5.1.2600 ServicePack: 3.0
21:12:09.0116 0760 Product type: Workstation
21:12:09.0116 0760 ComputerName: USER-0586DB66CF
21:12:09.0116 0760 UserName: Administrator
21:12:09.0116 0760 Windows directory: C:\WINDOWS
21:12:09.0116 0760 System windows directory: C:\WINDOWS
21:12:09.0116 0760 Processor architecture: Intel x86
21:12:09.0116 0760 Number of processors: 1
21:12:09.0116 0760 Page size: 0x1000
21:12:09.0116 0760 Boot type: Normal boot
21:12:09.0116 0760 ============================================================
21:12:11.0272 0760 Drive \Device\Harddisk0\DR0 - Size: 0x9516AE000 (37.27 Gb), SectorSize: 0x200, Cylinders: 0x1301, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000054
21:12:11.0272 0760 Drive \Device\Harddisk1\DR1 - Size: 0x25433D6000 (149.05 Gb), SectorSize: 0x200, Cylinders: 0x4C01, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000054
21:12:11.0287 0760 Drive \Device\Harddisk2\DR2 - Size: 0x6FD590000 (27.96 Gb), SectorSize: 0x200, Cylinders: 0xE41, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000054
21:12:11.0287 0760 Drive \Device\Harddisk3\DR7 - Size: 0x76C00000 (1.86 Gb), SectorSize: 0x200, Cylinders: 0xF2, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'W'
21:12:11.0287 0760 ============================================================
21:12:11.0287 0760 \Device\Harddisk0\DR0:
21:12:11.0287 0760 MBR partitions:
21:12:11.0287 0760 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x3F, BlocksNum 0x4A852C1
21:12:11.0287 0760 \Device\Harddisk1\DR1:
21:12:11.0287 0760 MBR partitions:
21:12:11.0287 0760 \Device\Harddisk1\DR1\Partition1: MBR, Type 0xB, StartLBA 0x3F, BlocksNum 0x829521
21:12:11.0287 0760 \Device\Harddisk1\DR1\Partition2: MBR, Type 0x7, StartLBA 0x829560, BlocksNum 0x121EB6A0
21:12:11.0287 0760 \Device\Harddisk2\DR2:
21:12:11.0287 0760 MBR partitions:
21:12:11.0287 0760 \Device\Harddisk2\DR2\Partition1: MBR, Type 0xC, StartLBA 0x3F, BlocksNum 0x37E7CC2
21:12:11.0287 0760 \Device\Harddisk3\DR7:
21:12:11.0287 0760 MBR partitions:
21:12:11.0287 0760 \Device\Harddisk3\DR7\Partition1: MBR, Type 0x7, StartLBA 0x200, BlocksNum 0x3B5E00
21:12:11.0287 0760 ============================================================
21:12:11.0334 0760 C: <-> \Device\Harddisk0\DR0\Partition1
21:12:11.0334 0760 E: <-> \Device\Harddisk1\DR1\Partition2
21:12:11.0334 0760 F: <-> \Device\Harddisk1\DR1\Partition1
21:12:11.0334 0760 G: <-> \Device\Harddisk2\DR2\Partition1
21:12:11.0334 0760 ============================================================
21:12:11.0334 0760 Initialize success
21:12:11.0334 0760 ============================================================
21:12:58.0553 2284 ============================================================
21:12:58.0553 2284 Scan started
21:12:58.0553 2284 Mode: Manual;
21:12:58.0553 2284 ============================================================
21:12:59.0694 2284 ================ Scan services =============================
21:13:00.0053 2284 Abiosdsk - ok
21:13:00.0069 2284 abp480n5 - ok
21:13:00.0194 2284 [ 8fd99680a539792a30e97944fdaecf17 ] ACPI C:\WINDOWS\system32\DRIVERS\ACPI.sys
21:13:00.0397 2284 ACPI - ok
21:13:00.0444 2284 [ 9859c0f6936e723e4892d7141b1327d5 ] ACPIEC C:\WINDOWS\system32\drivers\ACPIEC.sys
21:13:00.0459 2284 ACPIEC - ok
21:13:00.0647 2284 [ f19c98ad81d2c0e1bbfd8153d2c80ee8 ] AdobeFlashPlayerUpdateSvc C:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService.exe
21:13:00.0741 2284 AdobeFlashPlayerUpdateSvc - ok
21:13:00.0756 2284 adpu160m - ok
21:13:00.0803 2284 [ 11c04b17ed2abbb4833694bcd644ac90 ] aeaudio C:\WINDOWS\system32\drivers\aeaudio.sys
21:13:00.0819 2284 aeaudio - ok
21:13:00.0897 2284 [ 8bed39e3c35d6a489438b8141717a557 ] aec C:\WINDOWS\system32\drivers\aec.sys
21:13:00.0944 2284 aec - ok
21:13:01.0053 2284 [ 1e44bc1e83d8fd2305f8d452db109cf9 ] AFD C:\WINDOWS\System32\drivers\afd.sys
21:13:01.0100 2284 AFD - ok
21:13:01.0131 2284 Aha154x - ok
21:13:01.0147 2284 aic78u2 - ok
21:13:01.0162 2284 aic78xx - ok
21:13:01.0209 2284 [ a9a3daa780ca6c9671a19d52456705b4 ] Alerter C:\WINDOWS\system32\alrsvc.dll
21:13:01.0225 2284 Alerter - ok
21:13:01.0272 2284 [ 8c515081584a38aa007909cd02020b3d ] ALG C:\WINDOWS\System32\alg.exe
21:13:01.0428 2284 ALG - ok
21:13:01.0444 2284 AliIde - ok
21:13:01.0475 2284 amsint - ok
21:13:01.0522 2284 [ e94e2ea7faaa05c776a711edb198b9fd ] androidusb C:\WINDOWS\system32\Drivers\smhwadb.sys
21:13:01.0537 2284 androidusb - ok
21:13:01.0631 2284 [ d8849f77c0b66226335a59d26cb4edc6 ] AppMgmt C:\WINDOWS\System32\appmgmts.dll
21:13:01.0694 2284 AppMgmt - ok
21:13:01.0709 2284 asc - ok
21:13:01.0741 2284 asc3350p - ok
21:13:01.0756 2284 asc3550 - ok
21:13:01.0912 2284 [ 0e5e4957549056e2bf2c49f4f6b601ad ] aspnet_state C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe
21:13:01.0959 2284 aspnet_state - ok
21:13:02.0022 2284 [ b153affac761e7f5fcfa822b9c4e97bc ] AsyncMac C:\WINDOWS\system32\DRIVERS\asyncmac.sys
21:13:02.0022 2284 AsyncMac - ok
21:13:02.0100 2284 [ 9f3a2f5aa6875c72bf062c712cfa2674 ] atapi C:\WINDOWS\system32\DRIVERS\atapi.sys
21:13:02.0100 2284 atapi - ok
21:13:02.0131 2284 Atdisk - ok
21:13:02.0162 2284 [ 9916c1225104ba14794209cfa8012159 ] Atmarpc C:\WINDOWS\system32\DRIVERS\atmarpc.sys
21:13:02.0194 2284 Atmarpc - ok
21:13:02.0256 2284 [ def7a7882bec100fe0b2ce2549188f9d ] AudioSrv C:\WINDOWS\System32\audiosrv.dll
21:13:02.0272 2284 AudioSrv - ok
21:13:02.0459 2284 [ d9f724aa26c010a217c97606b160ed68 ] audstub C:\WINDOWS\system32\DRIVERS\audstub.sys
21:13:02.0475 2284 audstub - ok
21:13:02.0522 2284 [ da1f27d85e0d1525f6621372e7b685e9 ] Beep C:\WINDOWS\system32\drivers\Beep.sys
21:13:02.0537 2284 Beep - ok
21:13:02.0725 2284 [ 574738f61fca2935f5265dc4e5691314 ] BITS C:\WINDOWS\system32\qmgr.dll
21:13:02.0912 2284 BITS - ok
21:13:02.0991 2284 [ a06ce3399d16db864f55faeb1f1927a9 ] Browser C:\WINDOWS\System32\browser.dll
21:13:03.0022 2284 Browser - ok
21:13:03.0147 2284 catchme - ok
21:13:03.0209 2284 [ 90a673fc8e12a79afbed2576f6a7aaf9 ] cbidf2k C:\WINDOWS\system32\drivers\cbidf2k.sys
21:13:03.0209 2284 cbidf2k - ok
21:13:03.0225 2284 cd20xrnt - ok
21:13:03.0287 2284 [ c1b486a7658353d33a10cc15211a873b ] Cdaudio C:\WINDOWS\system32\drivers\Cdaudio.sys
21:13:03.0287 2284 Cdaudio - ok
21:13:03.0506 2284 [ c885b02847f5d2fd45a24e219ed93b32 ] Cdfs C:\WINDOWS\system32\drivers\Cdfs.sys
21:13:03.0522 2284 Cdfs - ok
21:13:03.0631 2284 [ 1f4260cc5b42272d71f79e570a27a4fe ] Cdrom C:\WINDOWS\system32\DRIVERS\cdrom.sys
21:13:03.0662 2284 Cdrom - ok
21:13:03.0678 2284 Changer - ok
21:13:03.0725 2284 [ 1cfe720eb8d93a7158a4ebc3ab178bde ] CiSvc C:\WINDOWS\system32\cisvc.exe
21:13:03.0725 2284 CiSvc - ok
21:13:03.0772 2284 [ 34cbe729f38138217f9c80212a2a0c82 ] ClipSrv C:\WINDOWS\system32\clipsrv.exe
21:13:03.0787 2284 ClipSrv - ok
21:13:03.0850 2284 [ d87acaed61e417bba546ced5e7e36d9c ] clr_optimization_v2.0.50727_32 C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
21:13:03.0944 2284 clr_optimization_v2.0.50727_32 - ok
21:13:03.0959 2284 CmdIde - ok
21:13:03.0991 2284 COMSysApp - ok
21:13:04.0022 2284 Cpqarray - ok
21:13:04.0100 2284 [ 3d4e199942e29207970e04315d02ad3b ] CryptSvc C:\WINDOWS\System32\cryptsvc.dll
21:13:04.0131 2284 CryptSvc - ok
21:13:04.0131 2284 dac2w2k - ok
21:13:04.0162 2284 dac960nt - ok
21:13:04.0491 2284 [ 6b27a5c03dfb94b4245739065431322c ] DcomLaunch C:\WINDOWS\system32\rpcss.dll
21:13:04.0662 2284 DcomLaunch - ok
21:13:04.0756 2284 [ 5e38d7684a49cacfb752b046357e0589 ] Dhcp C:\WINDOWS\System32\dhcpcsvc.dll
21:13:04.0803 2284 Dhcp - ok
21:13:04.0850 2284 [ 044452051f3e02e7963599fc8f4f3e25 ] Disk C:\WINDOWS\system32\DRIVERS\disk.sys
21:13:04.0866 2284 Disk - ok
21:13:04.0866 2284 dmadmin - ok
21:13:05.0225 2284 [ d992fe1274bde0f84ad826acae022a41 ] dmboot C:\WINDOWS\system32\drivers\dmboot.sys
21:13:05.0678 2284 dmboot - ok
21:13:05.0756 2284 [ 7c824cf7bbde77d95c08005717a95f6f ] dmio C:\WINDOWS\system32\drivers\dmio.sys
21:13:05.0819 2284 dmio - ok
21:13:05.0850 2284 [ e9317282a63ca4d188c0df5e09c6ac5f ] dmload C:\WINDOWS\system32\drivers\dmload.sys
21:13:05.0850 2284 dmload - ok
21:13:05.0897 2284 [ 57edec2e5f59f0335e92f35184bc8631 ] dmserver C:\WINDOWS\System32\dmserver.dll
21:13:05.0912 2284 dmserver - ok
21:13:06.0006 2284 [ 8a208dfcf89792a484e76c40e5f50b45 ] DMusic C:\WINDOWS\system32\drivers\DMusic.sys
21:13:06.0037 2284 DMusic - ok
21:13:06.0100 2284 [ 5f7e24fa9eab896051ffb87f840730d2 ] Dnscache C:\WINDOWS\System32\dnsrslvr.dll
21:13:06.0131 2284 Dnscache - ok
21:13:06.0256 2284 [ 0f0f6e687e5e15579ef4da8dd6945814 ] Dot3svc C:\WINDOWS\System32\dot3svc.dll
21:13:06.0303 2284 Dot3svc - ok
21:13:06.0334 2284 dpti2o - ok
21:13:06.0397 2284 [ 8f5fcff8e8848afac920905fbd9d33c8 ] drmkaud C:\WINDOWS\system32\drivers\drmkaud.sys
21:13:06.0537 2284 drmkaud - ok
21:13:06.0631 2284 [ a8b3ec8ee13cbe14f067c72110155a1b ] E1000 C:\WINDOWS\system32\DRIVERS\e1000325.sys
21:13:06.0678 2284 E1000 - ok
21:13:06.0741 2284 [ 2187855a7703adef0cef9ee4285182cc ] EapHost C:\WINDOWS\System32\eapsvc.dll
21:13:06.0756 2284 EapHost - ok
21:13:06.0834 2284 [ bc93b4a066477954555966d77fec9ecb ] ERSvc C:\WINDOWS\System32\ersvc.dll
21:13:06.0834 2284 ERSvc - ok
21:13:06.0928 2284 [ 65df52f5b8b6e9bbd183505225c37315 ] Eventlog C:\WINDOWS\system32\services.exe
21:13:06.0975 2284 Eventlog - ok
21:13:07.0131 2284 [ d4991d98f2db73c60d042f1aef79efae ] EventSystem C:\WINDOWS\system32\es.dll
21:13:07.0225 2284 EventSystem - ok
21:13:07.0334 2284 [ 38d332a6d56af32635675f132548343e ] Fastfat C:\WINDOWS\system32\drivers\Fastfat.sys
21:13:07.0397 2284 Fastfat - ok
21:13:07.0647 2284 [ 99bc0b50f511924348be19c7c7313bbf ] FastUserSwitchingCompatibility C:\WINDOWS\System32\shsvcs.dll
21:13:07.0694 2284 FastUserSwitchingCompatibility - ok
21:13:07.0756 2284 [ 92cdd60b6730b9f50f6a1a0c1f8cdc81 ] Fdc C:\WINDOWS\system32\DRIVERS\fdc.sys
21:13:07.0772 2284 Fdc - ok
21:13:07.0819 2284 [ d45926117eb9fa946a6af572fbe1caa3 ] Fips C:\WINDOWS\system32\drivers\Fips.sys
21:13:07.0834 2284 Fips - ok
21:13:08.0178 2284 [ bb0667b0171b632b97ea759515476f07 ] FLEXnet Licensing Service C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
21:13:08.0569 2284 FLEXnet Licensing Service - ok
21:13:08.0631 2284 [ 9d27e7b80bfcdf1cdd9b555862d5e7f0 ] Flpydisk C:\WINDOWS\system32\DRIVERS\flpydisk.sys
21:13:08.0662 2284 Flpydisk - ok
21:13:08.0772 2284 [ b2cf4b0786f8212cb92ed2b50c6db6b0 ] FltMgr C:\WINDOWS\system32\DRIVERS\fltMgr.sys
21:13:08.0819 2284 FltMgr - ok
21:13:08.0912 2284 [ 8ba7c024070f2b7fdd98ed8a4ba41789 ] FontCache3.0.0.0 C:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe
21:13:08.0928 2284 FontCache3.0.0.0 - ok
21:13:08.0991 2284 [ cbe5f69a5e5b918225f420ba748f3742 ] FsUsbExDisk C:\WINDOWS\system32\FsUsbExDisk.SYS
21:13:09.0006 2284 FsUsbExDisk - ok
21:13:09.0037 2284 [ 3e1e2bd4f39b0e2b7dc4f4d2bcc2779a ] Fs_Rec C:\WINDOWS\system32\drivers\Fs_Rec.sys
21:13:09.0037 2284 Fs_Rec - ok
21:13:09.0116 2284 [ 6ac26732762483366c3969c9e4d2259d ] Ftdisk C:\WINDOWS\system32\DRIVERS\ftdisk.sys
21:13:09.0162 2284 Ftdisk - ok
21:13:09.0209 2284 [ 0a02c63c8b144bd8c86b103dee7c86a2 ] Gpc C:\WINDOWS\system32\DRIVERS\msgpc.sys
21:13:09.0209 2284 Gpc - ok
21:13:09.0319 2284 [ 4fcca060dfe0c51a09dd5c3843888bcd ] helpsvc C:\WINDOWS\PCHealth\HelpCtr\Binaries\pchsvc.dll
21:13:09.0334 2284 helpsvc - ok
21:13:09.0397 2284 [ deb04da35cc871b6d309b77e1443c796 ] HidServ C:\WINDOWS\System32\hidserv.dll
21:13:09.0397 2284 HidServ - ok
21:13:09.0444 2284 [ ccf82c5ec8a7326c3066de870c06daf1 ] hidusb C:\WINDOWS\system32\DRIVERS\hidusb.sys
21:13:09.0459 2284 hidusb - ok
21:13:09.0678 2284 [ 8878bd685e490239777bfe51320b88e9 ] hkmsvc C:\WINDOWS\System32\kmsvc.dll
21:13:09.0694 2284 hkmsvc - ok
21:13:09.0725 2284 hpn - ok
21:13:09.0866 2284 [ f80a415ef82cd06ffaf0d971528ead38 ] HTTP C:\WINDOWS\system32\Drivers\HTTP.sys
21:13:09.0959 2284 HTTP - ok
21:13:10.0006 2284 [ 6100a808600f44d999cebdef8841c7a3 ] HTTPFilter C:\WINDOWS\System32\w3ssl.dll
21:13:10.0022 2284 HTTPFilter - ok
21:13:10.0037 2284 i2omgmt - ok
21:13:10.0053 2284 i2omp - ok
21:13:10.0100 2284 [ 4a0b06aa8943c1e332520f7440c0aa30 ] i8042prt C:\WINDOWS\system32\DRIVERS\i8042prt.sys
21:13:10.0131 2284 i8042prt - ok
21:13:10.0491 2284 [ 44b7d5a4f2bd9fe21aea0bb0bace38c4 ] ialm C:\WINDOWS\system32\DRIVERS\ialmnt5.sys
21:13:10.0944 2284 ialm - ok
21:13:11.0334 2284 [ c01ac32dc5c03076cfb852cb5da5229c ] idsvc C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe
21:13:12.0209 2284 idsvc - ok
21:13:12.0319 2284 [ 083a052659f5310dd8b6a6cb05edcf8e ] Imapi C:\WINDOWS\system32\DRIVERS\imapi.sys
21:13:12.0334 2284 Imapi - ok
21:13:12.0459 2284 [ 30deaf54a9755bb8546168cfe8a6b5e1 ] ImapiService C:\WINDOWS\system32\imapi.exe
21:13:12.0506 2284 ImapiService - ok
21:13:12.0522 2284 ini910u - ok
21:13:12.0584 2284 [ b5466a9250342a7aa0cd1fba13420678 ] IntelIde C:\WINDOWS\system32\DRIVERS\intelide.sys
21:13:12.0584 2284 IntelIde - ok
21:13:12.0803 2284 [ 8c953733d8f36eb2133f5bb58808b66b ] intelppm C:\WINDOWS\system32\DRIVERS\intelppm.sys
21:13:12.0819 2284 intelppm - ok
21:13:12.0866 2284 [ 3bb22519a194418d5fec05d800a19ad0 ] Ip6Fw C:\WINDOWS\system32\DRIVERS\Ip6Fw.sys
21:13:12.0881 2284 Ip6Fw - ok
21:13:12.0944 2284 [ 731f22ba402ee4b62748adaf6363c182 ] IpFilterDriver C:\WINDOWS\system32\DRIVERS\ipfltdrv.sys
21:13:12.0959 2284 IpFilterDriver - ok
21:13:12.0991 2284 [ b87ab476dcf76e72010632b5550955f5 ] IpInIp C:\WINDOWS\system32\DRIVERS\ipinip.sys
21:13:12.0991 2284 IpInIp - ok
21:13:13.0084 2284 [ cc748ea12c6effde940ee98098bf96bb ] IpNat C:\WINDOWS\system32\DRIVERS\ipnat.sys
21:13:13.0147 2284 IpNat - ok
21:13:13.0225 2284 [ 23c74d75e36e7158768dd63d92789a91 ] IPSec C:\WINDOWS\system32\DRIVERS\ipsec.sys
21:13:13.0256 2284 IPSec - ok
21:13:13.0303 2284 [ c93c9ff7b04d772627a3646d89f7bf89 ] IRENUM C:\WINDOWS\system32\DRIVERS\irenum.sys
21:13:13.0319 2284 IRENUM - ok
21:13:13.0366 2284 [ 05a299ec56e52649b1cf2fc52d20f2d7 ] isapnp C:\WINDOWS\system32\DRIVERS\isapnp.sys
21:13:13.0381 2284 isapnp - ok
21:13:13.0522 2284 [ 0a5709543986843d37a92290b7838340 ] JavaQuickStarterService C:\Program Files\Java\jre6\bin\jqs.exe
21:13:13.0584 2284 JavaQuickStarterService - ok
21:13:13.0819 2284 [ 463c1ec80cd17420a542b7f36a36f128 ] Kbdclass C:\WINDOWS\system32\DRIVERS\kbdclass.sys
21:13:13.0834 2284 Kbdclass - ok
21:13:13.0866 2284 [ 9ef487a186dea361aa06913a75b3fa99 ] kbdhid C:\WINDOWS\system32\DRIVERS\kbdhid.sys
21:13:13.0866 2284 kbdhid - ok
21:13:13.0975 2284 [ 692bcf44383d056aed41b045a323d378 ] kmixer C:\WINDOWS\system32\drivers\kmixer.sys
21:13:14.0037 2284 kmixer - ok
21:13:14.0116 2284 [ b467646c54cc746128904e1654c750c1 ] KSecDD C:\WINDOWS\system32\drivers\KSecDD.sys
21:13:14.0147 2284 KSecDD - ok
21:13:14.0241 2284 [ 3a7c3cbe5d96b8ae96ce81f0b22fb527 ] LanmanServer C:\WINDOWS\System32\srvsvc.dll
21:13:14.0272 2284 LanmanServer - ok
21:13:14.0381 2284 [ a8888a5327621856c0cec4e385f69309 ] lanmanworkstation C:\WINDOWS\System32\wkssvc.dll
21:13:14.0428 2284 lanmanworkstation - ok
21:13:14.0459 2284 lbrtfdc - ok
21:13:14.0553 2284 [ 31d8b705dcd5f2366186e731f87c7a71 ] LightScribeService C:\Program Files\Common Files\LightScribe\LSSrvc.exe
21:13:14.0584 2284 LightScribeService - ok
21:13:14.0787 2284 [ a7db739ae99a796d91580147e919cc59 ] LmHosts C:\WINDOWS\System32\lmhsvc.dll
21:13:14.0819 2284 LmHosts - ok
21:13:14.0866 2284 [ 986b1ff5814366d71e0ac5755c88f2d3 ] Messenger C:\WINDOWS\System32\msgsvc.dll
21:13:14.0881 2284 Messenger - ok
21:13:15.0022 2284 [ 123271bd5237ab991dc5c21fdf8835eb ] Microsoft Office Groove Audit Service C:\Program Files\Microsoft Office\Office12\GrooveAuditService.exe
21:13:15.0069 2284 Microsoft Office Groove Audit Service - ok
21:13:15.0116 2284 [ 4ae068242760a1fb6e1a44bf4e16afa6 ] mnmdd C:\WINDOWS\system32\drivers\mnmdd.sys
21:13:15.0116 2284 mnmdd - ok
21:13:15.0194 2284 [ d18f1f0c101d06a1c1adf26eed16fcdd ] mnmsrvc C:\WINDOWS\system32\mnmsrvc.exe
21:13:15.0194 2284 mnmsrvc - ok
21:13:15.0241 2284 [ dfcbad3cec1c5f964962ae10e0bcc8e1 ] Modem C:\WINDOWS\system32\drivers\Modem.sys
21:13:15.0256 2284 Modem - ok
21:13:15.0287 2284 [ 35c9e97194c8cfb8430125f8dbc34d04 ] Mouclass C:\WINDOWS\system32\DRIVERS\mouclass.sys
21:13:15.0287 2284 Mouclass - ok
21:13:15.0319 2284 [ b1c303e17fb9d46e87a98e4ba6769685 ] mouhid C:\WINDOWS\system32\DRIVERS\mouhid.sys
21:13:15.0334 2284 mouhid - ok
21:13:15.0397 2284 [ a80b9a0bad1b73637dbcbba7df72d3fd ] MountMgr C:\WINDOWS\system32\drivers\MountMgr.sys
21:13:15.0412 2284 MountMgr - ok
21:13:15.0506 2284 [ 46297fa8e30a6007f14118fc2b942fbc ] MozillaMaintenance C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe
21:13:15.0553 2284 MozillaMaintenance - ok
21:13:15.0569 2284 mraid35x - ok
21:13:15.0787 2284 [ 11d42bb6206f33fbb3ba0288d3ef81bd ] MRxDAV C:\WINDOWS\system32\DRIVERS\mrxdav.sys
21:13:15.0881 2284 MRxDAV - ok
21:13:16.0116 2284 [ 7d304a5eb4344ebeeab53a2fe3ffb9f0 ] MRxSmb C:\WINDOWS\system32\DRIVERS\mrxsmb.sys
21:13:16.0303 2284 MRxSmb - ok
21:13:16.0350 2284 [ a137f1470499a205abbb9aafb3b6f2b1 ] MSDTC C:\WINDOWS\system32\msdtc.exe
21:13:16.0366 2284 MSDTC - ok
21:13:16.0412 2284 [ c941ea2454ba8350021d774daf0f1027 ] Msfs C:\WINDOWS\system32\drivers\Msfs.sys
21:13:16.0428 2284 Msfs - ok
21:13:16.0444 2284 MSIServer - ok
21:13:16.0491 2284 [ d1575e71568f4d9e14ca56b7b0453bf1 ] MSKSSRV C:\WINDOWS\system32\drivers\MSKSSRV.sys
21:13:16.0491 2284 MSKSSRV - ok
21:13:16.0522 2284 [ 325bb26842fc7ccc1fcce2c457317f3e ] MSPCLOCK C:\WINDOWS\system32\drivers\MSPCLOCK.sys
21:13:16.0522 2284 MSPCLOCK - ok
21:13:16.0553 2284 [ bad59648ba099da4a17680b39730cb3d ] MSPQM C:\WINDOWS\system32\drivers\MSPQM.sys
21:13:16.0553 2284 MSPQM - ok
21:13:16.0616 2284 [ af5f4f3f14a8ea2c26de30f7a1e17136 ] mssmbios C:\WINDOWS\system32\DRIVERS\mssmbios.sys
21:13:16.0616 2284 mssmbios - ok
21:13:16.0881 2284 [ de6a75f5c270e756c5508d94b6cf68f5 ] Mup C:\WINDOWS\system32\drivers\Mup.sys
21:13:16.0912 2284 Mup - ok
21:13:17.0131 2284 [ 0102140028fad045756796e1c685d695 ] napagent C:\WINDOWS\System32\qagentrt.dll
21:13:17.0256 2284 napagent - ok
21:13:17.0350 2284 [ 1df7f42665c94b825322fae71721130d ] NDIS C:\WINDOWS\system32\drivers\NDIS.sys
21:13:17.0428 2284 NDIS - ok
21:13:17.0475 2284 [ 0109c4f3850dfbab279542515386ae22 ] NdisTapi C:\WINDOWS\system32\DRIVERS\ndistapi.sys
21:13:17.0491 2284 NdisTapi - ok
21:13:17.0537 2284 [ f927a4434c5028758a842943ef1a3849 ] Ndisuio C:\WINDOWS\system32\DRIVERS\ndisuio.sys
21:13:17.0537 2284 Ndisuio - ok
21:13:17.0631 2284 [ edc1531a49c80614b2cfda43ca8659ab ] NdisWan C:\WINDOWS\system32\DRIVERS\ndiswan.sys
21:13:17.0850 2284 NdisWan - ok
21:13:17.0912 2284 [ 9282bd12dfb069d3889eb3fcc1000a9b ] NDProxy C:\WINDOWS\system32\drivers\NDProxy.sys
21:13:17.0928 2284 NDProxy - ok
21:13:17.0975 2284 [ 5d81cf9a2f1a3a756b66cf684911cdf0 ] NetBIOS C:\WINDOWS\system32\DRIVERS\netbios.sys
21:13:17.0991 2284 NetBIOS - ok
21:13:18.0069 2284 [ 74b2b2f5bea5e9a3dc021d685551bd3d ] NetBT C:\WINDOWS\system32\DRIVERS\netbt.sys
21:13:18.0131 2284 NetBT - ok
21:13:18.0209 2284 [ b857ba82860d7ff85ae29b095645563b ] NetDDE C:\WINDOWS\system32\netdde.exe
21:13:18.0256 2284 NetDDE - ok
21:13:18.0319 2284 [ b857ba82860d7ff85ae29b095645563b ] NetDDEdsdm C:\WINDOWS\system32\netdde.exe
21:13:18.0319 2284 NetDDEdsdm - ok
21:13:18.0366 2284 [ bf2466b3e18e970d8a976fb95fc1ca85 ] Netlogon C:\WINDOWS\system32\lsass.exe
21:13:18.0381 2284 Netlogon - ok
21:13:18.0506 2284 [ 13e67b55b3abd7bf3fe7aae5a0f9a9de ] Netman C:\WINDOWS\System32\netman.dll
21:13:18.0584 2284 Netman - ok
21:13:18.0866 2284 [ d34612c5d02d026535b3095d620626ae ] NetTcpPortSharing C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe
21:13:18.0912 2284 NetTcpPortSharing - ok
21:13:19.0053 2284 [ 943337d786a56729263071623bbb9de5 ] Nla C:\WINDOWS\System32\mswsock.dll
21:13:19.0162 2284 Nla - ok
21:13:19.0241 2284 NMIndexingService - ok
21:13:19.0287 2284 [ 3182d64ae053d6fb034f44b6def8034a ] Npfs C:\WINDOWS\system32\drivers\Npfs.sys
21:13:19.0303 2284 Npfs - ok
21:13:19.0569 2284 [ 78a08dd6a8d65e697c18e1db01c5cdca ] Ntfs C:\WINDOWS\system32\drivers\Ntfs.sys
21:13:19.0928 2284 Ntfs - ok
21:13:19.0959 2284 [ bf2466b3e18e970d8a976fb95fc1ca85 ] NtLmSsp C:\WINDOWS\system32\lsass.exe
21:13:19.0975 2284 NtLmSsp - ok
21:13:20.0162 2284 [ 156f64a3345bd23c600655fb4d10bc08 ] NtmsSvc C:\WINDOWS\system32\ntmssvc.dll
21:13:20.0334 2284 NtmsSvc - ok
21:13:20.0366 2284 [ 73c1e1f395918bc2c6dd67af7591a3ad ] Null C:\WINDOWS\system32\drivers\Null.sys
21:13:20.0366 2284 Null - ok
21:13:20.0428 2284 [ b305f3fad35083837ef46a0bbce2fc57 ] NwlnkFlt C:\WINDOWS\system32\DRIVERS\nwlnkflt.sys
21:13:20.0444 2284 NwlnkFlt - ok
21:13:20.0475 2284 [ c99b3415198d1aab7227f2c88fd664b9 ] NwlnkFwd C:\WINDOWS\system32\DRIVERS\nwlnkfwd.sys
21:13:20.0475 2284 NwlnkFwd - ok
21:13:20.0897 2284 [ 785f487a64950f3cb8e9f16253ba3b7b ] odserv C:\Program Files\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE
21:13:21.0100 2284 odserv - ok
21:13:21.0209 2284 [ 5a432a042dae460abe7199b758e8606c ] ose C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE
21:13:21.0272 2284 ose - ok
21:13:21.0350 2284 [ 5575faf8f97ce5e713d108c2a58d7c7c ] Parport C:\WINDOWS\system32\DRIVERS\parport.sys
21:13:21.0381 2284 Parport - ok
21:13:21.0412 2284 [ beb3ba25197665d82ec7065b724171c6 ] PartMgr C:\WINDOWS\system32\drivers\PartMgr.sys
21:13:21.0412 2284 PartMgr - ok
21:13:21.0475 2284 [ 70e98b3fd8e963a6a46a2e6247e0bea1 ] ParVdm C:\WINDOWS\system32\drivers\ParVdm.sys
21:13:21.0475 2284 ParVdm - ok
21:13:21.0522 2284 [ a219903ccf74233761d92bef471a07b1 ] PCI C:\WINDOWS\system32\DRIVERS\pci.sys
21:13:21.0553 2284 PCI - ok
21:13:21.0569 2284 PCIDump - ok
21:13:21.0584 2284 [ ccf5f451bb1a5a2a522a76e670000ff0 ] PCIIde C:\WINDOWS\system32\drivers\PCIIde.sys
21:13:21.0600 2284 PCIIde - ok
21:13:21.0678 2284 [ 9e89ef60e9ee05e3f2eef2da7397f1c1 ] Pcmcia C:\WINDOWS\system32\drivers\Pcmcia.sys
21:13:21.0725 2284 Pcmcia - ok
21:13:21.0741 2284 PDCOMP - ok
21:13:21.0756 2284 PDFRAME - ok
21:13:21.0928 2284 PDRELI - ok
21:13:21.0944 2284 PDRFRAME - ok
21:13:21.0959 2284 perc2 - ok
21:13:21.0975 2284 perc2hib - ok
21:13:22.0100 2284 [ 65df52f5b8b6e9bbd183505225c37315 ] PlugPlay C:\WINDOWS\system32\services.exe
21:13:22.0100 2284 PlugPlay - ok
21:13:22.0131 2284 [ bf2466b3e18e970d8a976fb95fc1ca85 ] PolicyAgent C:\WINDOWS\system32\lsass.exe
21:13:22.0131 2284 PolicyAgent - ok
21:13:22.0162 2284 [ efeec01b1d3cf84f16ddd24d9d9d8f99 ] PptpMiniport C:\WINDOWS\system32\DRIVERS\raspptp.sys
21:13:22.0194 2284 PptpMiniport - ok
21:13:22.0209 2284 [ bf2466b3e18e970d8a976fb95fc1ca85 ] ProtectedStorage C:\WINDOWS\system32\lsass.exe
21:13:22.0209 2284 ProtectedStorage - ok
21:13:22.0256 2284 [ 09298ec810b07e5d582cb3a3f9255424 ] PSched C:\WINDOWS\system32\DRIVERS\psched.sys
21:13:22.0287 2284 PSched - ok
21:13:22.0319 2284 [ 80d317bd1c3dbc5d4fe7b1678c60cadd ] Ptilink C:\WINDOWS\system32\DRIVERS\ptilink.sys
21:13:22.0319 2284 Ptilink - ok
21:13:22.0334 2284 ql1080 - ok
21:13:22.0350 2284 Ql10wnt - ok
21:13:22.0381 2284 ql12160 - ok
21:13:22.0397 2284 ql1240 - ok
21:13:22.0412 2284 ql1280 - ok
21:13:22.0428 2284 [ fe0d99d6f31e4fad8159f690d68ded9c ] RasAcd C:\WINDOWS\system32\DRIVERS\rasacd.sys
21:13:22.0444 2284 RasAcd - ok
21:13:22.0522 2284 [ ad188be7bdf94e8df4ca0a55c00a5073 ] RasAuto C:\WINDOWS\System32\rasauto.dll
21:13:22.0569 2284 RasAuto - ok
21:13:22.0616 2284 [ 11b4a627bc9614b885c4969bfa5ff8a6 ] Rasl2tp C:\WINDOWS\system32\DRIVERS\rasl2tp.sys
21:13:22.0631 2284 Rasl2tp - ok
21:13:22.0741 2284 [ 76a9a3cbeadd68cc57cda5e1d7448235 ] RasMan C:\WINDOWS\System32\rasmans.dll
21:13:22.0803 2284 RasMan - ok
21:13:22.0834 2284 [ 5bc962f2654137c9909c3d4603587dee ] RasPppoe C:\WINDOWS\system32\DRIVERS\raspppoe.sys
21:13:22.0850 2284 RasPppoe - ok
21:13:23.0053 2284 [ fdbb1d60066fcfbb7452fd8f9829b242 ] Raspti C:\WINDOWS\system32\DRIVERS\raspti.sys
21:13:23.0053 2284 Raspti - ok
21:13:23.0131 2284 [ 7ad224ad1a1437fe28d89cf22b17780a ] Rdbss C:\WINDOWS\system32\DRIVERS\rdbss.sys
21:13:23.0194 2284 Rdbss - ok
21:13:23.0209 2284 [ 4912d5b403614ce99c28420f75353332 ] RDPCDD C:\WINDOWS\system32\DRIVERS\RDPCDD.sys
21:13:23.0225 2284 RDPCDD - ok
21:13:23.0350 2284 [ 15cabd0f7c00c47c70124907916af3f1 ] rdpdr C:\WINDOWS\system32\DRIVERS\rdpdr.sys
21:13:23.0428 2284 rdpdr - ok
21:13:23.0522 2284 [ 6589db6e5969f8eee594cf71171c5028 ] RDPWD C:\WINDOWS\system32\drivers\RDPWD.sys
21:13:23.0584 2284 RDPWD - ok
21:13:23.0662 2284 [ 3c37bf86641bda977c3bf8a840f3b7fa ] RDSessMgr C:\WINDOWS\system32\sessmgr.exe
21:13:23.0725 2284 RDSessMgr - ok
21:13:23.0756 2284 [ f828dd7e1419b6653894a8f97a0094c5 ] redbook C:\WINDOWS\system32\DRIVERS\redbook.sys
21:13:23.0787 2284 redbook - ok
21:13:23.0881 2284 [ 7e699ff5f59b5d9de5390e3c34c67cf5 ] RemoteAccess C:\WINDOWS\System32\mprdim.dll
21:13:23.0897 2284 RemoteAccess - ok
21:13:24.0100 2284 [ 5b19b557b0c188210a56a6b699d90b8f ] RemoteRegistry C:\WINDOWS\system32\regsvc.dll
21:13:24.0131 2284 RemoteRegistry - ok
21:13:24.0194 2284 [ aaed593f84afa419bbae8572af87cf6a ] RpcLocator C:\WINDOWS\system32\locator.exe
21:13:24.0225 2284 RpcLocator - ok
21:13:24.0412 2284 [ 6b27a5c03dfb94b4245739065431322c ] RpcSs C:\WINDOWS\System32\rpcss.dll
21:13:24.0428 2284 RpcSs - ok
21:13:24.0522 2284 [ 471b3f9741d762abe75e9deea4787e47 ] RSVP C:\WINDOWS\system32\rsvp.exe
21:13:24.0569 2284 RSVP - ok
21:13:24.0616 2284 [ bf2466b3e18e970d8a976fb95fc1ca85 ] SamSs C:\WINDOWS\system32\lsass.exe
21:13:24.0616 2284 SamSs - ok
21:13:24.0709 2284 [ 86d007e7a654b9a71d1d7d856b104353 ] SCardSvr C:\WINDOWS\System32\SCardSvr.exe
21:13:24.0741 2284 SCardSvr - ok
21:13:24.0819 2284 [ ee7a1b6e155258288d99be61190e1112 ] SCDEmu C:\WINDOWS\system32\drivers\SCDEmu.sys
21:13:24.0834 2284 SCDEmu - ok
21:13:25.0084 2284 [ 0a9a7365a1ca4319aa7c1d6cd8e4eafa ] Schedule C:\WINDOWS\system32\schedsvc.dll
21:13:25.0194 2284 Schedule - ok
21:13:25.0241 2284 [ 90a3935d05b494a5a39d37e71f09a677 ] Secdrv C:\WINDOWS\system32\DRIVERS\secdrv.sys
21:13:25.0256 2284 Secdrv - ok
21:13:25.0303 2284 [ cbe612e2bb6a10e3563336191eda1250 ] seclogon C:\WINDOWS\System32\seclogon.dll
21:13:25.0303 2284 seclogon - ok
21:13:25.0350 2284 [ 7fdd5d0684eca8c1f68b4d99d124dcd0 ] SENS C:\WINDOWS\system32\sens.dll
21:13:25.0366 2284 SENS - ok
21:13:25.0397 2284 [ 0f29512ccd6bead730039fb4bd2c85ce ] serenum C:\WINDOWS\system32\DRIVERS\serenum.sys
21:13:25.0397 2284 serenum - ok
21:13:25.0444 2284 [ cca207a8896d4c6a0c9ce29a4ae411a7 ] Serial C:\WINDOWS\system32\DRIVERS\serial.sys
21:13:25.0475 2284 Serial - ok
21:13:25.0522 2284 [ 8e6b8c671615d126fdc553d1e2de5562 ] Sfloppy C:\WINDOWS\system32\drivers\Sfloppy.sys
21:13:25.0522 2284 Sfloppy - ok
21:13:25.0678 2284 [ 83f41d0d89645d7235c051ab1d9523ac ] SharedAccess C:\WINDOWS\System32\ipnathlp.dll
21:13:25.0803 2284 SharedAccess - ok
21:13:25.0881 2284 [ 99bc0b50f511924348be19c7c7313bbf ] ShellHWDetection C:\WINDOWS\System32\shsvcs.dll
21:13:25.0881 2284 ShellHWDetection - ok
21:13:25.0897 2284 Simbad - ok
21:13:25.0975 2284 [ 2a0bde6dd58ac2935a80f984b3af0b0e ] smhwdev C:\WINDOWS\system32\DRIVERS\smhwdev.sys
21:13:26.0178 2284 smhwdev - ok
21:13:26.0256 2284 [ 54b5dd15eef72aee8d1c765ab2235610 ] smhwser C:\WINDOWS\system32\DRIVERS\smhwser.sys
21:13:26.0303 2284 smhwser - ok
21:13:26.0553 2284 [ 70b8dd8707dbf6142530c106365df67d ] smwdm C:\WINDOWS\system32\drivers\smwdm.sys
21:13:26.0787 2284 smwdm - ok
21:13:26.0803 2284 Sparrow - ok
21:13:26.0850 2284 [ ab8b92451ecb048a4d1de7c3ffcb4a9f ] splitter C:\WINDOWS\system32\drivers\splitter.sys
21:13:26.0850 2284 splitter - ok
21:13:26.0897 2284 [ 60784f891563fb1b767f70117fc2428f ] Spooler C:\WINDOWS\system32\spoolsv.exe
21:13:26.0928 2284 Spooler - ok
21:13:27.0006 2284 [ 76bb022c2fb6902fd5bdd4f78fc13a5d ] sr C:\WINDOWS\system32\DRIVERS\sr.sys
21:13:27.0178 2284 sr - ok
21:13:27.0287 2284 [ 3805df0ac4296a34ba4bf93b346cc378 ] srservice C:\WINDOWS\system32\srsvc.dll
21:13:27.0350 2284 srservice - ok
21:13:27.0522 2284 [ 47ddfc2f003f7f9f0592c6874962a2e7 ] Srv C:\WINDOWS\system32\DRIVERS\srv.sys
21:13:27.0662 2284 Srv - ok
21:13:27.0756 2284 [ ffe42941e0326c322f40b0b79a46493c ] sscdbus C:\WINDOWS\system32\DRIVERS\sscdbus.sys
21:13:27.0787 2284 sscdbus - ok
21:13:27.0834 2284 [ a68e7d87adfbb8c50d88cd58230c6819 ] sscdmdfl C:\WINDOWS\system32\DRIVERS\sscdmdfl.sys
21:13:27.0834 2284 sscdmdfl - ok
21:13:27.0928 2284 [ b534b24151281856ec2f69ed3d6d60dd ] sscdmdm C:\WINDOWS\system32\DRIVERS\sscdmdm.sys
21:13:28.0037 2284 sscdmdm - ok
21:13:28.0241 2284 [ d04bd59f28c78e2e66632092cafc0a2b ] sscdserd C:\WINDOWS\system32\DRIVERS\sscdserd.sys
21:13:28.0272 2284 sscdserd - ok
21:13:28.0444 2284 [ 0a5679b3714edab99e357057ee88fca6 ] SSDPSRV C:\WINDOWS\System32\ssdpsrv.dll
21:13:28.0475 2284 SSDPSRV - ok
21:13:28.0709 2284 [ 8bad69cbac032d4bbacfce0306174c30 ] stisvc C:\WINDOWS\system32\wiaservc.dll
21:13:28.0850 2284 stisvc - ok
21:13:28.0897 2284 [ 3941d127aef12e93addf6fe6ee027e0f ] swenum C:\WINDOWS\system32\DRIVERS\swenum.sys
21:13:28.0897 2284 swenum - ok
21:13:28.0959 2284 [ 8ce882bcc6cf8a62f2b2323d95cb3d01 ] swmidi C:\WINDOWS\system32\drivers\swmidi.sys
21:13:28.0975 2284 swmidi - ok
21:13:29.0006 2284 SwPrv - ok
21:13:29.0022 2284 symc810 - ok
21:13:29.0037 2284 symc8xx - ok
21:13:29.0209 2284 sym_hi - ok
21:13:29.0241 2284 sym_u3 - ok
21:13:29.0287 2284 [ 8b83f3ed0f1688b4958f77cd6d2bf290 ] sysaudio C:\WINDOWS\system32\drivers\sysaudio.sys
21:13:29.0303 2284 sysaudio - ok
21:13:29.0397 2284 [ c7abbc59b43274b1109df6b24d617051 ] SysmonLog C:\WINDOWS\system32\smlogsvc.exe
21:13:29.0428 2284 SysmonLog - ok
21:13:29.0553 2284 [ 3cb78c17bb664637787c9a1c98f79c38 ] TapiSrv C:\WINDOWS\System32\tapisrv.dll
21:13:29.0647 2284 TapiSrv - ok
21:13:29.0834 2284 [ 9aefa14bd6b182d61e3119fa5f436d3d ] Tcpip C:\WINDOWS\system32\DRIVERS\tcpip.sys
21:13:29.0975 2284 Tcpip - ok
21:13:30.0037 2284 [ 6471a66807f5e104e4885f5b67349397 ] TDPIPE C:\WINDOWS\system32\drivers\TDPIPE.sys
21:13:30.0037 2284 TDPIPE - ok
21:13:30.0225 2284 [ c56b6d0402371cf3700eb322ef3aaf61 ] TDTCP C:\WINDOWS\system32\drivers\TDTCP.sys
21:13:30.0241 2284 TDTCP - ok
21:13:30.0287 2284 [ 88155247177638048422893737429d9e ] TermDD C:\WINDOWS\system32\DRIVERS\termdd.sys
21:13:30.0303 2284 TermDD - ok
21:13:30.0444 2284 [ ff3477c03be7201c294c35f684b3479f ] TermService C:\WINDOWS\System32\termsrv.dll
21:13:30.0569 2284 TermService - ok
21:13:30.0631 2284 [ 99bc0b50f511924348be19c7c7313bbf ] Themes C:\WINDOWS\System32\shsvcs.dll
21:13:30.0647 2284 Themes - ok
21:13:30.0725 2284 [ db7205804759ff62c34e3efd8a4cc76a ] TlntSvr C:\WINDOWS\system32\tlntsvr.exe
21:13:30.0741 2284 TlntSvr - ok
21:13:30.0772 2284 TosIde - ok
21:13:30.0834 2284 [ 55bca12f7f523d35ca3cb833c725f54e ] TrkWks C:\WINDOWS\system32\trkwks.dll
21:13:30.0866 2284 TrkWks - ok
21:13:30.0928 2284 [ 5787b80c2e3c5e2f56c2a233d91fa2c9 ] Udfs C:\WINDOWS\system32\drivers\Udfs.sys
21:13:30.0959 2284 Udfs - ok
21:13:30.0975 2284 ultra - ok
21:13:31.0319 2284 [ 402ddc88356b1bac0ee3dd1580c76a31 ] Update C:\WINDOWS\system32\DRIVERS\update.sys
21:13:31.0459 2284 Update - ok
21:13:31.0553 2284 [ 1ebafeb9a3fbdc41b8d9c7f0f687ad91 ] upnphost C:\WINDOWS\System32\upnphost.dll
21:13:31.0631 2284 upnphost - ok
21:13:31.0678 2284 [ 05365fb38fca1e98f7a566aaaf5d1815 ] UPS C:\WINDOWS\System32\ups.exe
21:13:31.0694 2284 UPS - ok
21:13:31.0741 2284 [ 173f317ce0db8e21322e71b7e60a27e8 ] usbccgp C:\WINDOWS\system32\DRIVERS\usbccgp.sys
21:13:31.0756 2284 usbccgp - ok
21:13:31.0803 2284 [ 65dcf09d0e37d4c6b11b5b0b76d470a7 ] usbehci C:\WINDOWS\system32\DRIVERS\usbehci.sys
21:13:31.0803 2284 usbehci - ok
21:13:31.0850 2284 [ 1ab3cdde553b6e064d2e754efe20285c ] usbhub C:\WINDOWS\system32\DRIVERS\usbhub.sys
21:13:31.0881 2284 usbhub - ok
21:13:31.0928 2284 [ a717c8721046828520c9edf31288fc00 ] usbprint C:\WINDOWS\system32\DRIVERS\usbprint.sys
21:13:31.0944 2284 usbprint - ok
21:13:32.0006 2284 [ a32426d9b14a089eaa1d922e0c5801a9 ] USBSTOR C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS
21:13:32.0022 2284 USBSTOR - ok
21:13:32.0084 2284 [ 26496f9dee2d787fc3e61ad54821ffe6 ] usbuhci C:\WINDOWS\system32\DRIVERS\usbuhci.sys
21:13:32.0100 2284 usbuhci - ok
21:13:32.0131 2284 [ 0d3a8fafceacd8b7625cd549757a7df1 ] VgaSave C:\WINDOWS\System32\drivers\vga.sys
21:13:32.0319 2284 VgaSave - ok
21:13:32.0319 2284 ViaIde - ok
21:13:32.0506 2284 [ 4c8fcb5cc53aab716d810740fe59d025 ] VolSnap C:\WINDOWS\system32\drivers\VolSnap.sys
21:13:32.0522 2284 VolSnap - ok
21:13:32.0694 2284 [ 7a9db3a67c333bf0bd42e42b8596854b ] VSS C:\WINDOWS\System32\vssvc.exe
21:13:32.0803 2284 VSS - ok
21:13:32.0912 2284 [ 54af4b1d5459500ef0937f6d33b1914f ] W32Time C:\WINDOWS\system32\w32time.dll
21:13:32.0991 2284 W32Time - ok
21:13:33.0022 2284 [ e20b95baedb550f32dd489265c1da1f6 ] Wanarp C:\WINDOWS\system32\DRIVERS\wanarp.sys
21:13:33.0037 2284 Wanarp - ok
21:13:33.0444 2284 [ fd47474bd21794508af449d9d91af6e6 ] Wdf01000 C:\WINDOWS\system32\DRIVERS\Wdf01000.sys
21:13:33.0647 2284 Wdf01000 - ok
21:13:33.0662 2284 WDICA - ok
21:13:33.0725 2284 [ 6768acf64b18196494413695f0c3a00f ] wdmaud C:\WINDOWS\system32\drivers\wdmaud.sys
21:13:33.0756 2284 wdmaud - ok
21:13:33.0819 2284 [ 77a354e28153ad2d5e120a5a8687bc06 ] WebClient C:\WINDOWS\System32\webclnt.dll
21:13:33.0850 2284 WebClient - ok
21:13:34.0022 2284 [ 2d0e4ed081963804ccc196a0929275b5 ] winmgmt C:\WINDOWS\system32\wbem\WMIsvc.dll
21:13:34.0084 2284 winmgmt - ok
21:13:34.0178 2284 [ c51b4a5c05a5475708e3c81c7765b71d ] WmdmPmSN C:\WINDOWS\system32\MsPMSNSv.dll
21:13:34.0178 2284 WmdmPmSN - ok
21:13:34.0647 2284 [ e76f8807070ed04e7408a86d6d3a6137 ] Wmi C:\WINDOWS\System32\advapi32.dll
21:13:34.0897 2284 Wmi - ok
21:13:35.0006 2284 [ e0673f1106e62a68d2257e376079f821 ] WmiApSrv C:\WINDOWS\system32\wbem\wmiapsrv.exe
21:13:35.0053 2284 WmiApSrv - ok
21:13:35.0116 2284 [ cf4def1bf66f06964dc0d91844239104 ] WpdUsb C:\WINDOWS\system32\DRIVERS\wpdusb.sys
21:13:35.0147 2284 WpdUsb - ok
21:13:35.0194 2284 [ 6abe6e225adb5a751622a9cc3bc19ce8 ] WS2IFSL C:\WINDOWS\System32\drivers\ws2ifsl.sys
21:13:35.0209 2284 WS2IFSL - ok
21:13:35.0428 2284 [ 7c278e6408d1dce642230c0585a854d5 ] wscsvc C:\WINDOWS\system32\wscsvc.dll
21:13:35.0459 2284 wscsvc - ok
21:13:35.0522 2284 [ 35321fb577cdc98ce3eb3a3eb9e4610a ] wuauserv C:\WINDOWS\system32\wuauserv.dll
21:13:35.0522 2284 wuauserv - ok
21:13:35.0600 2284 [ f15feafffbb3644ccc80c5da584e6311 ] WudfPf C:\WINDOWS\system32\DRIVERS\WudfPf.sys
21:13:35.0631 2284 WudfPf - ok
21:13:35.0725 2284 [ 28b524262bce6de1f7ef9f510ba3985b ] WudfRd C:\WINDOWS\system32\DRIVERS\wudfrd.sys
21:13:35.0756 2284 WudfRd - ok
21:13:35.0834 2284 [ 05231c04253c5bc30b26cbaae680ed89 ] WudfSvc C:\WINDOWS\System32\WUDFSvc.dll
21:13:35.0850 2284 WudfSvc - ok
21:13:36.0084 2284 [ 81dc3f549f44b1c1fff022dec9ecf30b ] WZCSVC C:\WINDOWS\System32\wzcsvc.dll
21:13:36.0412 2284 WZCSVC - ok
21:13:36.0522 2284 [ 295d21f14c335b53cb8154e5b1f892b9 ] xmlprov C:\WINDOWS\System32\xmlprov.dll
21:13:36.0569 2284 xmlprov - ok
21:13:36.0584 2284 ================ Scan global ===============================
21:13:36.0631 2284 (42f1f4c0afb08410e5f02d4b13ebb623) C:\WINDOWS\system32\basesrv.dll
21:13:36.0803 2284 (8c7dca4b158bf16894120786a7a5f366) C:\WINDOWS\system32\winsrv.dll
21:13:37.0053 2284 (8c7dca4b158bf16894120786a7a5f366) C:\WINDOWS\system32\winsrv.dll
21:13:37.0100 2284 (65df52f5b8b6e9bbd183505225c37315) C:\WINDOWS\system32\services.exe
21:13:37.0100 2284 [Global] - ok
21:13:37.0100 2284 ================ Scan MBR ==================================
21:13:37.0147 2284 MBR (0x1B8) (8f558eb6672622401da993e1e865c861) \Device\Harddisk0\DR0
21:13:37.0616 2284 \Device\Harddisk0\DR0 - ok
21:13:37.0631 2284 MBR (0x1B8) (bad0263fbe81b49f5f07b32dc9d198b3) \Device\Harddisk1\DR1
21:13:37.0819 2284 \Device\Harddisk1\DR1 - ok
21:13:37.0850 2284 MBR (0x1B8) (3c60716662c74ae773fbb2dde3807cde) \Device\Harddisk2\DR2
21:13:50.0569 2284 \Device\Harddisk2\DR2 - ok
21:13:50.0584 2284 MBR (0x1B8) (a36c5e4f47e84449ff07ed3517b43a31) \Device\Harddisk3\DR7
21:13:51.0272 2284 \Device\Harddisk3\DR7 - ok
21:13:51.0272 2284 ================ Scan VBR ==================================
21:13:51.0287 2284 Boot (0x1200) (22758a86ed1cd0e8e2ebbca4fd073e93) \Device\Harddisk0\DR0\Partition1
21:13:51.0287 2284 \Device\Harddisk0\DR0\Partition1 - ok
21:13:51.0303 2284 Boot (0x1200) (23ef8225dd1ace037bbdb89fe3955775) \Device\Harddisk1\DR1\Partition1
21:13:51.0303 2284 \Device\Harddisk1\DR1\Partition1 - ok
21:13:51.0334 2284 Boot (0x1200) (190d923698f762576cc3ce529662d175) \Device\Harddisk1\DR1\Partition2
21:13:51.0334 2284 \Device\Harddisk1\DR1\Partition2 - ok
21:13:51.0350 2284 Boot (0x1200) (f310cfad72e4778b8112b88f9cf6aca2) \Device\Harddisk2\DR2\Partition1
21:13:51.0366 2284 \Device\Harddisk2\DR2\Partition1 - ok
21:13:51.0381 2284 Boot (0x1200) (a1f8108982114aabada7072dec0efc18) \Device\Harddisk3\DR7\Partition1
21:13:51.0381 2284 \Device\Harddisk3\DR7\Partition1 - ok
21:13:51.0381 2284 ============================================================
21:13:51.0381 2284 Scan finished
21:13:51.0381 2284 ============================================================
21:13:51.0412 2660 Detected object count: 0
21:13:51.0412 2660 Actual detected object count: 0







aswMBR version 0.9.9.1665 Copyright© 2011 AVAST Software
Run date: 2012-08-15 21:15:42
-----------------------------
21:15:42.131 OS Version: Windows 5.1.2600 Service Pack 3
21:15:42.131 Number of processors: 1 586 0x207
21:15:42.131 ComputerName: USER-0586DB66CF UserName: Administrator
21:15:43.209 Initialize success
21:17:40.272 AVAST engine defs: 12081503
21:17:51.006 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-4
21:17:51.006 Disk 0 Vendor: ST340016A 3.19 Size: 38166MB BusType: 3
21:17:51.006 Disk 1 \Device\Harddisk1\DR1 -> \Device\Ide\IdeDeviceP0T1L0-c
21:17:51.006 Disk 1 Vendor: WDC_WD1600BB-22FTA0 15.05R15 Size: 152627MB BusType: 3
21:17:51.006 Disk 2 \Device\Harddisk2\DR2 -> \Device\Ide\IdeDeviceP1T1L0-20
21:17:51.006 Disk 2 Vendor: QUANTUM_FIREBALLlct20_30 APL.0900 Size: 28629MB BusType: 3
21:17:52.053 Disk 0 MBR read successfully
21:17:52.053 Disk 0 MBR scan
21:17:52.553 Disk 0 Windows XP default MBR code found via API
21:17:52.553 Disk 0 unknown MBR code
21:17:52.553 Disk 0 MBR hidden
21:17:52.553 Disk 0 Partition 1 80 (A) 0C FAT32 LBA MSDOS5.0 28623 MB offset 63
21:17:52.741 Disk 0 scanning sectors +78140160
21:17:53.834 Disk 0 scanning C:\WINDOWS\system32\drivers
21:17:53.850 Service scanning
21:18:50.756 Modules scanning
21:18:50.959 Disk 0 trace - called modules:
21:18:50.991 ntoskrnl.exe catchme.sys CLASSPNP.SYS disk.sys atapi.sys hal.dll intelide.sys
21:18:50.991 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0x82366ab8]
21:18:51.006 3 CLASSPNP.SYS[f8578fd7] -> nt!IofCallDriver -> \Device\Ide\IdeDeviceP0T0L0-4[0x823e4b00]
21:18:51.834 AVAST engine scan C:\WINDOWS
21:18:52.834 AVAST engine scan C:\WINDOWS\system32
21:18:54.725 AVAST engine scan C:\WINDOWS\system32\drivers
21:18:55.662 AVAST engine scan C:\Documents and Settings\Administrator
21:18:56.600 AVAST engine scan C:\Documents and Settings\All Users
21:18:56.600 Scan finished successfully
21:24:25.787 Disk 0 MBR has been saved successfully to "C:\Documents and Settings\Administrator\Desktop\MBR.dat"
21:24:25.787 The log file has been saved successfully to "C:\Documents and Settings\Administrator\Desktop\aswMBR.txt"

#9 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:03:36 PM

Posted 15 August 2012 - 08:49 PM

Greetings

At this time I would like you to run this script for me and it is a good time to check out the computer to see if there is anything else that needs to be addressed.

:Run CFScript:

Open Notepad and copy/paste the text in the box into the window:

ClearJavaCache::

Folder::
c:\program files\uTorrentBar

Save it to your desktop as CFScript.txt

Refering to the picture above, drag CFScript.txt into ComboFix.exe
Posted Image
This will let ComboFix run again.
Restart if you have to.
Save the produced logfile to your desktop.

Note: Do not mouseclick combofix's window whilst it's running. That may cause it to stall

Note 2: If you recieve an error "Illegal operation attempted on a registery key that has been marked for deletion." Please restart the computer

"information and logs"

  • In your next post I need the following

  • report from Combofix
  • let me know of any problems you may have had
  • How is the computer doing now after running the script?

Gringo

I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#10 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:03:36 PM

Posted 17 August 2012 - 11:19 PM

Greetings


I have not heard from you in a couple of days so I am coming by to check on you to see if you are having problems or you just need some more time.

Also to remind you that it is very important that we finish the process completely so as to not get reinfected. I will let you know when we are complete and I will ask to remove our tools




Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#11 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:03:36 PM

Posted 21 August 2012 - 12:26 AM

Hello

48 Hour bump

It has been more than 48 hours since my last post.

  • do you still need help with this?
  • do you need more time?
  • are you having problems following my instructions?
  • if after 48hrs you have not replied to this thread then it will have to be closed!

Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#12 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:03:36 PM

Posted 23 August 2012 - 11:20 PM

Due to the lack of feedback, this topic is now closed.In the event you still have problems, please send me or any Moderator a Private Message and ask them to reopen this topic within the next 5 days. Please include a link to your topic in the Private Message. Thank you.
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#13 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:03:36 PM

Posted 24 August 2012 - 08:53 PM

go ahead and run me the reports from post 9when you are ready


gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#14 Phil from Atlanta

Phil from Atlanta
  • Topic Starter

  • Members
  • 23 posts
  • OFFLINE
  •  
  • Local time:02:36 PM

Posted 26 August 2012 - 01:18 PM

ComboFix 12-08-15.01 - Administrator 08/26/2012 13:07:10.2.1 - x86
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.510.205 [GMT -4:00]
Running from: c:\documents and settings\Administrator\Desktop\ComboFix.exe
Command switches used :: c:\documents and settings\Administrator\Desktop\CFScript.txt
.
WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\documents and settings\All Users\Application Data\TEMP
c:\program files\uTorrentBar
c:\program files\uTorrentBar\GottenAppsContextMenu.xml
c:\program files\uTorrentBar\INSTALL.LOG
c:\program files\uTorrentBar\ldrtbuTo0.dll
c:\program files\uTorrentBar\ldrtbuTo2.dll
c:\program files\uTorrentBar\OtherAppsContextMenu.xml
c:\program files\uTorrentBar\prxtbuTo0.dll
c:\program files\uTorrentBar\prxtbuTo2.dll
c:\program files\uTorrentBar\SharedAppsContextMenu.xml
c:\program files\uTorrentBar\tbuTo0.dll
c:\program files\uTorrentBar\tbuTo1.dll
c:\program files\uTorrentBar\tbuTo2.dll
c:\program files\uTorrentBar\tbuTor.dll
c:\program files\uTorrentBar\toolbar.cfg
c:\program files\uTorrentBar\ToolbarContextMenu.xml
c:\program files\uTorrentBar\uninstall.exe
c:\program files\uTorrentBar\UNWISE.EXE
c:\program files\uTorrentBar\uTorrentBarToolbarHelper.exe
c:\program files\uTorrentBar\uTorrentBarToolbarHelper1.exe
c:\windows\system32\URTTemp
c:\windows\system32\URTTemp\regtlib.exe
.
.
((((((((((((((((((((((((( Files Created from 2012-07-26 to 2012-08-26 )))))))))))))))))))))))))))))))
.
.
2012-08-23 00:59 . 2012-08-23 00:59 -------- d-----w- c:\documents and settings\Administrator\Local Settings\Application Data\Amazon
2012-08-23 00:57 . 2012-08-23 00:59 -------- d-----w- c:\program files\Amazon
2012-08-22 20:33 . 2012-08-22 20:33 -------- d-----w- c:\program files\WinDjView
2012-08-21 13:07 . 2012-08-21 13:07 -------- d-----w- c:\program files\Bagatrix
2012-08-21 09:04 . 2012-08-26 01:10 -------- d-----w- c:\documents and settings\Administrator\Local Settings\Application Data\ApplicationHistory
2012-08-09 10:35 . 2012-08-09 10:35 -------- d-----w- c:\program files\FreeAlarmClock
2012-07-31 02:24 . 2012-07-31 02:24 -------- d-----w- c:\documents and settings\Administrator\Local Settings\Application Data\{D3ED423F-DAB6-11E1-8270-B8AC6F996F26}
2012-07-31 02:24 . 2012-07-31 02:24 -------- d-----w- c:\documents and settings\Administrator\Local Settings\Application Data\{D3ED0C62-DAB6-11E1-8270-B8AC6F996F26}
2012-07-30 21:52 . 2012-07-30 21:52 103904 ----a-w- c:\program files\Mozilla Firefox\plugins\nppdf32.dll
2012-07-30 18:47 . 2012-07-30 18:47 -------- d-----w- c:\program files\Sarm Software
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-08-24 00:21 . 2012-05-28 13:50 696520 ----a-w- c:\windows\system32\FlashPlayerApp.exe
2012-08-24 00:21 . 2012-03-02 00:49 73416 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2012-08-21 13:07 . 2012-08-21 13:07 61440 ----a-r- c:\documents and settings\Administrator\Application Data\Microsoft\Installer\{8DE78A52-B79D-4574-9D2A-A56C90CEEA8D}\NewShortcut2_8DE78A52B79D45749D2AA56C90CEEA8D.exe
2012-08-21 13:07 . 2012-08-21 13:07 61440 ----a-r- c:\documents and settings\Administrator\Application Data\Microsoft\Installer\{8DE78A52-B79D-4574-9D2A-A56C90CEEA8D}\NewShortcut1_8DE78A52B79D45749D2AA56C90CEEA8D.exe
2012-07-06 13:58 . 2008-04-14 09:41 78336 ----a-w- c:\windows\system32\browser.dll
2012-07-04 14:05 . 2011-01-25 22:34 139784 ----a-w- c:\windows\system32\drivers\rdpwd.sys
2012-07-03 17:46 . 2011-01-25 23:08 22344 ----a-w- c:\windows\system32\drivers\mbam.sys
2012-07-03 13:40 . 2008-04-14 05:00 1866112 ----a-w- c:\windows\system32\win32k.sys
2012-07-02 17:49 . 2008-04-14 09:42 916992 ----a-w- c:\windows\system32\wininet.dll
2012-07-02 17:49 . 2008-04-14 09:42 1469440 ------w- c:\windows\system32\inetcpl.cpl
2012-07-02 17:49 . 2008-04-14 09:41 43520 ------w- c:\windows\system32\licmgr10.dll
2012-07-02 12:05 . 2008-04-14 04:07 385024 ------w- c:\windows\system32\html.iec
2012-06-07 00:59 . 2012-06-07 00:59 1070152 ----a-w- c:\windows\system32\MSCOMCTL.OCX
2012-06-05 15:50 . 2008-04-14 09:42 1372672 ----a-w- c:\windows\system32\msxml6.dll
2012-06-05 15:50 . 2008-04-14 09:42 1172480 ----a-w- c:\windows\system32\msxml3.dll
2012-06-04 04:32 . 2008-04-14 09:42 152576 ----a-w- c:\windows\system32\schannel.dll
2012-06-02 19:19 . 2009-08-07 00:24 22040 ----a-w- c:\windows\system32\wucltui.dll.mui
2012-06-02 19:19 . 2011-01-25 22:36 329240 ----a-w- c:\windows\system32\wucltui.dll
2012-06-02 19:19 . 2011-01-25 22:36 210968 ----a-w- c:\windows\system32\wuweb.dll
2012-06-02 19:19 . 2011-01-25 22:36 219160 ----a-w- c:\windows\system32\wuaucpl.cpl
2012-06-02 19:19 . 2009-08-07 00:24 15384 ----a-w- c:\windows\system32\wuaucpl.cpl.mui
2012-06-02 19:19 . 2011-01-25 22:36 35864 ----a-w- c:\windows\system32\wups.dll
2012-06-02 19:19 . 2011-01-25 22:36 53784 ----a-w- c:\windows\system32\wuauclt.exe
2012-06-02 19:19 . 2009-08-07 00:24 45080 ----a-w- c:\windows\system32\wups2.dll
2012-06-02 19:19 . 2009-08-07 00:24 15384 ----a-w- c:\windows\system32\wuapi.dll.mui
2012-06-02 19:19 . 2008-04-14 09:41 97304 ----a-w- c:\windows\system32\cdm.dll
2012-06-02 19:19 . 2009-08-07 00:24 17944 ----a-w- c:\windows\system32\wuaueng.dll.mui
2012-06-02 19:19 . 2011-01-25 22:36 577048 ----a-w- c:\windows\system32\wuapi.dll
2012-06-02 19:19 . 2011-01-25 22:36 1933848 ----a-w- c:\windows\system32\wuaueng.dll
2012-06-02 19:18 . 2011-02-17 21:02 275696 ----a-w- c:\windows\system32\mucltui.dll
2012-06-02 19:18 . 2011-02-17 21:02 214256 ----a-w- c:\windows\system32\muweb.dll
2012-06-02 19:18 . 2011-02-17 21:02 17136 ----a-w- c:\windows\system32\mucltui.dll.mui
2012-05-31 13:22 . 2008-04-14 09:41 599040 ----a-w- c:\windows\system32\crypt32.dll
2012-07-31 20:33 . 2012-06-17 22:18 136672 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll
.
.
((((((((((((((((((((((((((((( SnapShot@2012-08-15_21.58.28 )))))))))))))))))))))))))))))))))))))))))
.
- 2012-08-15 02:48 . 2012-08-15 02:48 16384 c:\windows\Temp\Perflib_Perfdata_634.dat
+ 2012-08-26 01:07 . 2012-08-26 01:07 16384 c:\windows\Temp\Perflib_Perfdata_634.dat
+ 2004-08-04 11:00 . 2012-08-21 09:02 72404 c:\windows\system32\perfc009.dat
+ 2008-04-14 09:42 . 2012-07-02 17:49 67072 c:\windows\system32\mshtmled.dll
- 2008-04-14 09:42 . 2012-05-11 14:42 67072 c:\windows\system32\mshtmled.dll
- 2009-03-08 09:31 . 2012-05-11 14:42 55296 c:\windows\system32\msfeedsbs.dll
+ 2009-03-08 09:31 . 2012-07-02 17:49 55296 c:\windows\system32\msfeedsbs.dll
- 2008-04-14 09:41 . 2012-05-11 14:42 25600 c:\windows\system32\jsproxy.dll
+ 2008-04-14 09:41 . 2012-07-02 17:49 25600 c:\windows\system32\jsproxy.dll
+ 2011-01-25 23:10 . 2012-07-02 17:49 12800 c:\windows\system32\dllcache\xpshims.dll
- 2011-01-25 23:10 . 2012-05-11 14:42 12800 c:\windows\system32\dllcache\xpshims.dll
+ 2008-04-14 09:42 . 2012-07-02 17:49 67072 c:\windows\system32\dllcache\mshtmled.dll
- 2008-04-14 09:42 . 2012-05-11 14:42 67072 c:\windows\system32\dllcache\mshtmled.dll
- 2011-01-25 23:10 . 2012-05-11 14:42 55296 c:\windows\system32\dllcache\msfeedsbs.dll
+ 2011-01-25 23:10 . 2012-07-02 17:49 55296 c:\windows\system32\dllcache\msfeedsbs.dll
- 2008-04-14 09:41 . 2012-05-11 14:42 43520 c:\windows\system32\dllcache\licmgr10.dll
+ 2008-04-14 09:41 . 2012-07-02 17:49 43520 c:\windows\system32\dllcache\licmgr10.dll
- 2008-04-14 09:41 . 2012-05-11 14:42 25600 c:\windows\system32\dllcache\jsproxy.dll
+ 2008-04-14 09:41 . 2012-07-02 17:49 25600 c:\windows\system32\dllcache\jsproxy.dll
+ 2008-04-14 09:41 . 2012-07-06 13:58 78336 c:\windows\system32\dllcache\browser.dll
+ 2004-07-15 06:11 . 2004-07-15 06:11 31744 c:\windows\Microsoft.NET\Framework\v1.1.4322\WMINet_Utils.dll
+ 2009-06-24 23:56 . 2009-06-24 23:56 73728 c:\windows\Microsoft.NET\Framework\v1.1.4322\Updates\hotfix.exe
+ 2004-07-15 18:28 . 2004-07-15 18:28 57344 c:\windows\Microsoft.NET\Framework\v1.1.4322\System.Web.RegularExpressions.dll
+ 2011-12-25 15:07 . 2011-12-25 15:07 81920 c:\windows\Microsoft.NET\Framework\v1.1.4322\System.Security.dll
+ 2004-07-15 04:35 . 2004-07-15 04:35 66560 c:\windows\Microsoft.NET\Framework\v1.1.4322\System.EnterpriseServices.Thunk.dll
+ 2003-02-21 11:26 . 2003-02-21 11:26 65536 c:\windows\Microsoft.NET\Framework\v1.1.4322\System.Drawing.Design.dll
+ 2004-07-15 18:28 . 2004-07-15 18:28 90112 c:\windows\Microsoft.NET\Framework\v1.1.4322\System.DirectoryServices.dll
+ 2003-02-21 11:26 . 2003-02-21 11:26 77824 c:\windows\Microsoft.NET\Framework\v1.1.4322\System.Configuration.Install.dll
+ 2003-02-21 11:25 . 2003-02-21 11:25 12288 c:\windows\Microsoft.NET\Framework\v1.1.4322\RegSvcs.exe
+ 2004-07-15 18:28 . 2004-07-15 18:28 32768 c:\windows\Microsoft.NET\Framework\v1.1.4322\RegCode.dll
+ 2003-02-21 11:25 . 2003-02-21 11:25 28672 c:\windows\Microsoft.NET\Framework\v1.1.4322\RegAsm.exe
+ 2004-07-15 04:34 . 2004-07-15 04:34 94208 c:\windows\Microsoft.NET\Framework\v1.1.4322\PerfCounter.dll
+ 2003-02-20 23:09 . 2003-02-20 23:09 73728 c:\windows\Microsoft.NET\Framework\v1.1.4322\ngen.exe
+ 2003-02-20 22:43 . 2003-02-20 22:43 22528 c:\windows\Microsoft.NET\Framework\v1.1.4322\MUI\0409\mscorsecr.dll
+ 2003-02-20 23:18 . 2003-02-20 23:18 20480 c:\windows\Microsoft.NET\Framework\v1.1.4322\mtxoci8.dll
+ 2011-12-25 02:55 . 2011-12-25 02:55 77824 c:\windows\Microsoft.NET\Framework\v1.1.4322\mscorsn.dll
+ 2004-07-15 04:33 . 2004-07-15 04:33 81920 c:\windows\Microsoft.NET\Framework\v1.1.4322\mscorsec.dll
+ 2003-02-20 23:06 . 2003-02-20 23:06 65536 c:\windows\Microsoft.NET\Framework\v1.1.4322\mscorpe.dll
+ 2011-12-25 02:55 . 2011-12-25 02:55 86016 c:\windows\Microsoft.NET\Framework\v1.1.4322\mscorie.dll
+ 2004-07-15 04:32 . 2004-07-15 04:32 86016 c:\windows\Microsoft.NET\Framework\v1.1.4322\mscordbc.dll
+ 2004-07-15 18:28 . 2004-07-15 18:28 49152 c:\windows\Microsoft.NET\Framework\v1.1.4322\MigPolWin.exe
+ 2004-07-15 18:28 . 2004-07-15 18:28 49152 c:\windows\Microsoft.NET\Framework\v1.1.4322\MigPol.exe
+ 2003-02-21 11:25 . 2003-02-21 11:25 11264 c:\windows\Microsoft.NET\Framework\v1.1.4322\Microsoft.Vsa.Vb.CodeDOMProcessor.dll
+ 2003-02-21 11:24 . 2003-02-21 11:24 32768 c:\windows\Microsoft.NET\Framework\v1.1.4322\Microsoft.Vsa.dll
+ 2003-02-21 11:24 . 2003-02-21 11:24 28672 c:\windows\Microsoft.NET\Framework\v1.1.4322\Microsoft.VisualBasic.Vsa.dll
+ 2003-02-21 11:24 . 2003-02-21 11:24 40960 c:\windows\Microsoft.NET\Framework\v1.1.4322\jsc.exe
+ 2003-02-21 11:24 . 2003-02-21 11:24 26112 c:\windows\Microsoft.NET\Framework\v1.1.4322\ISymWrapper.dll
+ 2003-02-20 23:22 . 2003-02-20 23:22 40960 c:\windows\Microsoft.NET\Framework\v1.1.4322\InstallUtilLib.dll
+ 2003-02-21 11:24 . 2003-02-21 11:24 15872 c:\windows\Microsoft.NET\Framework\v1.1.4322\InstallUtil.exe
+ 2004-07-15 18:31 . 2004-07-15 18:31 32768 c:\windows\Microsoft.NET\Framework\v1.1.4322\IEHost.dll
+ 2003-10-08 18:30 . 2003-10-08 18:30 81920 c:\windows\Microsoft.NET\Framework\v1.1.4322\gacutil.exe
+ 2003-02-21 08:12 . 2003-02-21 08:12 28672 c:\windows\Microsoft.NET\Framework\v1.1.4322\cvtres.exe
+ 2003-02-21 11:24 . 2003-02-21 11:24 33792 c:\windows\Microsoft.NET\Framework\v1.1.4322\CustomMarshalers.dll
+ 2003-02-21 11:24 . 2003-02-21 11:24 12288 c:\windows\Microsoft.NET\Framework\v1.1.4322\cscompmgd.dll
+ 2004-07-15 15:23 . 2004-07-15 15:23 49152 c:\windows\Microsoft.NET\Framework\v1.1.4322\csc.exe
+ 2011-12-25 02:55 . 2011-12-25 02:55 81920 c:\windows\Microsoft.NET\Framework\v1.1.4322\CORPerfMonExt.dll
+ 2003-02-21 11:24 . 2003-02-21 11:24 49152 c:\windows\Microsoft.NET\Framework\v1.1.4322\ConfigWizards.exe
+ 2003-02-21 11:24 . 2003-02-21 11:24 94208 c:\windows\Microsoft.NET\Framework\v1.1.4322\CasPol.exe
+ 2011-12-25 03:49 . 2011-12-25 03:49 32768 c:\windows\Microsoft.NET\Framework\v1.1.4322\aspnet_wp.exe
+ 2004-07-15 05:49 . 2004-07-15 05:49 32768 c:\windows\Microsoft.NET\Framework\v1.1.4322\aspnet_state.exe
+ 2004-07-15 05:49 . 2004-07-15 05:49 20480 c:\windows\Microsoft.NET\Framework\v1.1.4322\aspnet_regiis.exe
+ 2003-02-20 23:19 . 2003-02-20 23:19 40960 c:\windows\Microsoft.NET\Framework\v1.1.4322\aspnet_rc.dll
+ 2011-12-25 03:49 . 2011-12-25 03:49 24576 c:\windows\Microsoft.NET\Framework\v1.1.4322\aspnet_filter.dll
+ 2003-02-21 09:00 . 2003-02-21 09:00 98304 c:\windows\Microsoft.NET\Framework\v1.1.4322\alink.dll
+ 2003-02-21 07:55 . 2003-02-21 07:55 94208 c:\windows\Microsoft.NET\Framework\v1.1.4322\1033\cscompui.dll
+ 2003-02-21 06:59 . 2003-02-21 06:59 16896 c:\windows\Microsoft.NET\Framework\v1.1.4322\1033\alinkui.dll
- 2011-03-16 00:12 . 2012-07-20 15:59 35088 c:\windows\Installer\{90120000-0030-0000-0000-0000000FF1CE}\oisicon.exe
+ 2011-03-16 00:12 . 2012-08-17 16:44 35088 c:\windows\Installer\{90120000-0030-0000-0000-0000000FF1CE}\oisicon.exe
+ 2011-03-16 00:12 . 2012-08-17 16:44 18704 c:\windows\Installer\{90120000-0030-0000-0000-0000000FF1CE}\mspicons.exe
- 2011-03-16 00:12 . 2012-07-20 15:59 18704 c:\windows\Installer\{90120000-0030-0000-0000-0000000FF1CE}\mspicons.exe
- 2011-03-16 00:12 . 2012-07-20 15:59 20240 c:\windows\Installer\{90120000-0030-0000-0000-0000000FF1CE}\cagicon.exe
+ 2011-03-16 00:12 . 2012-08-17 16:44 20240 c:\windows\Installer\{90120000-0030-0000-0000-0000000FF1CE}\cagicon.exe
+ 2012-08-17 16:27 . 2012-05-11 14:42 12800 c:\windows\ie8updates\KB2722913-IE8\xpshims.dll
+ 2012-08-17 16:27 . 2012-05-11 14:42 67072 c:\windows\ie8updates\KB2722913-IE8\mshtmled.dll
+ 2012-08-17 16:27 . 2012-05-11 14:42 55296 c:\windows\ie8updates\KB2722913-IE8\msfeedsbs.dll
+ 2012-08-17 16:27 . 2012-05-11 14:42 43520 c:\windows\ie8updates\KB2722913-IE8\licmgr10.dll
+ 2012-08-17 16:27 . 2012-05-11 14:42 25600 c:\windows\ie8updates\KB2722913-IE8\jsproxy.dll
+ 2012-08-26 01:07 . 2012-08-26 01:07 90112 c:\windows\assembly\NativeImages1_v1.1.4322\System.Drawing.Design\1.0.5000.0__b03f5f7f11d50a3a_82d025a0\System.Drawing.Design.dll
+ 2012-08-26 01:07 . 2012-08-26 01:07 61440 c:\windows\assembly\NativeImages1_v1.1.4322\CustomMarshalers\1.0.5000.0__b03f5f7f11d50a3a_eaf8d13e\CustomMarshalers.dll
+ 2012-08-21 09:03 . 2012-08-21 09:03 57344 c:\windows\assembly\GAC\System.Web.RegularExpressions\1.0.5000.0__b03f5f7f11d50a3a\System.Web.RegularExpressions.dll
+ 2012-08-25 13:42 . 2012-08-25 13:42 81920 c:\windows\assembly\GAC\System.Security\1.0.5000.0__b03f5f7f11d50a3a\System.Security.dll
+ 2012-08-21 09:03 . 2012-08-21 09:03 66560 c:\windows\assembly\GAC\System.EnterpriseServices\1.0.5000.0__b03f5f7f11d50a3a\System.EnterpriseServices.Thunk.dll
+ 2012-08-21 08:55 . 2012-08-21 08:55 65536 c:\windows\assembly\GAC\System.Drawing.Design\1.0.5000.0__b03f5f7f11d50a3a\System.Drawing.Design.dll
+ 2012-08-21 09:03 . 2012-08-21 09:03 90112 c:\windows\assembly\GAC\System.DirectoryServices\1.0.5000.0__b03f5f7f11d50a3a\System.DirectoryServices.dll
+ 2012-08-21 08:55 . 2012-08-21 08:55 77824 c:\windows\assembly\GAC\System.Configuration.Install\1.0.5000.0__b03f5f7f11d50a3a\System.Configuration.Install.dll
+ 2012-08-21 09:03 . 2012-08-21 09:03 32768 c:\windows\assembly\GAC\Regcode\1.0.5000.0__b03f5f7f11d50a3a\RegCode.dll
+ 2012-08-21 08:54 . 2012-08-21 08:54 32768 c:\windows\assembly\GAC\Microsoft.Vsa\7.0.5000.0__b03f5f7f11d50a3a\Microsoft.Vsa.dll
+ 2012-08-21 08:54 . 2012-08-21 08:54 11264 c:\windows\assembly\GAC\Microsoft.Vsa.Vb.CodeDOMProcessor\7.0.5000.0__b03f5f7f11d50a3a\Microsoft.Vsa.Vb.CodeDOMProcessor.dll
+ 2012-08-21 08:54 . 2012-08-21 08:54 28672 c:\windows\assembly\GAC\Microsoft.VisualBasic.Vsa\7.0.5000.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.Vsa.dll
+ 2012-08-21 08:55 . 2012-08-21 08:55 26112 c:\windows\assembly\GAC\ISymWrapper\1.0.5000.0__b03f5f7f11d50a3a\ISymWrapper.dll
+ 2012-08-21 09:03 . 2012-08-21 09:03 32768 c:\windows\assembly\GAC\IEHost\1.0.5000.0__b03f5f7f11d50a3a\IEHost.dll
+ 2012-08-21 08:55 . 2012-08-21 08:55 33792 c:\windows\assembly\GAC\CustomMarshalers\1.0.5000.0__b03f5f7f11d50a3a\CustomMarshalers.dll
+ 2012-08-21 08:54 . 2012-08-21 08:54 12288 c:\windows\assembly\GAC\cscompmgd\7.0.5000.0__b03f5f7f11d50a3a\cscompmgd.dll
+ 2003-02-20 22:43 . 2003-02-20 22:43 4096 c:\windows\system32\mui\0409\mscoreer.dll
+ 2003-02-20 23:09 . 2003-02-20 23:09 9216 c:\windows\Microsoft.NET\Framework\v1.1.4322\mscortim.dll
+ 2003-02-21 11:25 . 2003-02-21 11:25 6656 c:\windows\Microsoft.NET\Framework\v1.1.4322\Microsoft_VsaVb.dll
+ 2003-02-21 11:25 . 2003-02-21 11:25 6144 c:\windows\Microsoft.NET\Framework\v1.1.4322\Microsoft.VisualC.Dll
+ 2003-02-21 11:24 . 2003-02-21 11:24 4608 c:\windows\Microsoft.NET\Framework\v1.1.4322\IIEHost.dll
+ 2004-07-15 18:31 . 2004-07-15 18:31 8192 c:\windows\Microsoft.NET\Framework\v1.1.4322\IEExecRemote.dll
+ 2003-02-21 11:24 . 2003-02-21 11:24 7680 c:\windows\Microsoft.NET\Framework\v1.1.4322\IEExec.exe
+ 2003-02-21 11:24 . 2003-02-21 11:24 7680 c:\windows\Microsoft.NET\Framework\v1.1.4322\Accessibility.dll
+ 2012-08-21 08:54 . 2012-08-21 08:54 6656 c:\windows\assembly\GAC\Microsoft_VsaVb\7.0.5000.0__b03f5f7f11d50a3a\Microsoft_VsaVb.dll
+ 2012-08-21 08:54 . 2012-08-21 08:54 6144 c:\windows\assembly\GAC\Microsoft.VisualC\7.0.5000.0__b03f5f7f11d50a3a\Microsoft.VisualC.dll
+ 2012-08-21 08:55 . 2012-08-21 08:55 4608 c:\windows\assembly\GAC\IIEHost\1.0.5000.0__b03f5f7f11d50a3a\IIEHost.dll
+ 2012-08-21 09:03 . 2012-08-21 09:03 8192 c:\windows\assembly\GAC\IEExecRemote\1.0.5000.0__b03f5f7f11d50a3a\IEExecRemote.dll
+ 2012-08-21 08:55 . 2012-08-21 08:55 7680 c:\windows\assembly\GAC\Accessibility\1.0.5000.0__b03f5f7f11d50a3a\Accessibility.dll
- 2008-04-14 09:42 . 2012-05-11 14:42 105984 c:\windows\system32\url.dll
+ 2008-04-14 09:42 . 2012-07-02 17:49 105984 c:\windows\system32\url.dll
+ 2004-08-04 11:00 . 2012-08-21 09:02 444146 c:\windows\system32\perfh009.dat
+ 2008-04-14 09:42 . 2012-07-02 17:49 206848 c:\windows\system32\occache.dll
- 2008-04-14 09:42 . 2012-05-11 14:42 206848 c:\windows\system32\occache.dll
+ 2008-04-14 09:42 . 2012-07-06 13:58 337920 c:\windows\system32\netapi32.dll
+ 2008-04-14 09:42 . 2012-07-02 17:49 611840 c:\windows\system32\mstime.dll
- 2008-04-14 09:42 . 2012-05-11 14:42 611840 c:\windows\system32\mstime.dll
- 2009-03-08 09:32 . 2012-05-11 14:42 629760 c:\windows\system32\msfeeds.dll
+ 2009-03-08 09:32 . 2012-07-02 17:49 629760 c:\windows\system32\msfeeds.dll
+ 2012-08-24 00:21 . 2012-08-24 00:21 690888 c:\windows\system32\Macromed\Flash\FlashUtil32_11_4_402_265_Plugin.exe
+ 2012-05-28 13:50 . 2012-08-24 00:21 250568 c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe
+ 2008-04-14 09:41 . 2012-05-14 09:22 345600 c:\windows\system32\localspl.dll
- 2008-04-14 09:41 . 2009-05-07 15:32 345600 c:\windows\system32\localspl.dll
- 2008-04-14 09:41 . 2012-05-11 14:42 184320 c:\windows\system32\iepeers.dll
+ 2008-04-14 09:41 . 2012-07-02 17:49 184320 c:\windows\system32\iepeers.dll
+ 2008-04-14 09:41 . 2012-07-02 17:49 387584 c:\windows\system32\iedkcs32.dll
- 2008-04-14 09:41 . 2012-05-11 14:42 387584 c:\windows\system32\iedkcs32.dll
+ 2008-04-14 09:42 . 2012-07-02 12:05 174080 c:\windows\system32\ie4uinit.exe
- 2008-04-14 09:42 . 2012-05-11 11:38 174080 c:\windows\system32\ie4uinit.exe
+ 2011-01-25 17:28 . 2012-08-24 00:16 319544 c:\windows\system32\FNTCACHE.DAT
- 2008-04-14 09:42 . 2012-05-16 15:08 916992 c:\windows\system32\dllcache\wininet.dll
+ 2008-04-14 09:42 . 2012-07-02 17:49 916992 c:\windows\system32\dllcache\wininet.dll
+ 2008-04-14 09:42 . 2012-07-02 17:49 105984 c:\windows\system32\dllcache\url.dll
- 2008-04-14 09:42 . 2012-05-11 14:42 105984 c:\windows\system32\dllcache\url.dll
+ 2011-01-25 22:34 . 2012-07-04 14:05 139784 c:\windows\system32\dllcache\rdpwd.sys
- 2008-04-14 09:42 . 2012-05-11 14:42 206848 c:\windows\system32\dllcache\occache.dll
+ 2008-04-14 09:42 . 2012-07-02 17:49 206848 c:\windows\system32\dllcache\occache.dll
+ 2008-04-14 09:42 . 2012-07-06 13:58 337920 c:\windows\system32\dllcache\netapi32.dll
+ 2008-04-14 09:42 . 2012-07-02 17:49 611840 c:\windows\system32\dllcache\mstime.dll
- 2008-04-14 09:42 . 2012-05-11 14:42 611840 c:\windows\system32\dllcache\mstime.dll
- 2011-01-25 23:10 . 2012-05-11 14:42 629760 c:\windows\system32\dllcache\msfeeds.dll
+ 2011-01-25 23:10 . 2012-07-02 17:49 629760 c:\windows\system32\dllcache\msfeeds.dll
- 2008-04-14 09:41 . 2009-05-07 15:32 345600 c:\windows\system32\dllcache\localspl.dll
+ 2008-04-14 09:41 . 2012-05-14 09:22 345600 c:\windows\system32\dllcache\localspl.dll
+ 2012-06-14 03:32 . 2012-07-02 17:49 521728 c:\windows\system32\dllcache\jsdbgui.dll
- 2012-06-14 03:32 . 2012-05-11 14:42 521728 c:\windows\system32\dllcache\jsdbgui.dll
+ 2011-01-25 23:10 . 2012-07-02 17:49 247808 c:\windows\system32\dllcache\ieproxy.dll
- 2011-01-25 23:10 . 2012-05-11 14:42 247808 c:\windows\system32\dllcache\ieproxy.dll
- 2008-04-14 09:41 . 2012-05-11 14:42 184320 c:\windows\system32\dllcache\iepeers.dll
+ 2008-04-14 09:41 . 2012-07-02 17:49 184320 c:\windows\system32\dllcache\iepeers.dll
+ 2011-01-25 23:10 . 2012-07-02 17:49 743424 c:\windows\system32\dllcache\iedvtool.dll
- 2011-01-25 23:10 . 2012-05-11 14:42 743424 c:\windows\system32\dllcache\iedvtool.dll
+ 2008-04-14 09:41 . 2012-07-02 17:49 387584 c:\windows\system32\dllcache\iedkcs32.dll
- 2008-04-14 09:41 . 2012-05-11 14:42 387584 c:\windows\system32\dllcache\iedkcs32.dll
+ 2008-04-14 09:42 . 2012-07-02 12:05 174080 c:\windows\system32\dllcache\ie4uinit.exe
- 2008-04-14 09:42 . 2012-05-11 11:38 174080 c:\windows\system32\dllcache\ie4uinit.exe
+ 2004-07-15 15:23 . 2004-07-15 15:23 737280 c:\windows\Microsoft.NET\Framework\v1.1.4322\vbc.exe
+ 2004-07-15 18:31 . 2004-07-15 18:31 573440 c:\windows\Microsoft.NET\Framework\v1.1.4322\System.Web.Services.dll
+ 2004-07-15 18:28 . 2004-07-15 18:28 819200 c:\windows\Microsoft.NET\Framework\v1.1.4322\System.Web.Mobile.dll
+ 2004-07-15 18:28 . 2004-07-15 18:28 126976 c:\windows\Microsoft.NET\Framework\v1.1.4322\System.ServiceProcess.dll
+ 2004-07-15 18:31 . 2004-07-15 18:31 131072 c:\windows\Microsoft.NET\Framework\v1.1.4322\System.Runtime.Serialization.Formatters.Soap.dll
+ 2004-07-15 18:28 . 2004-07-15 18:28 323584 c:\windows\Microsoft.NET\Framework\v1.1.4322\System.Runtime.Remoting.dll
+ 2004-07-15 18:31 . 2004-07-15 18:31 241664 c:\windows\Microsoft.NET\Framework\v1.1.4322\System.Messaging.dll
+ 2004-07-15 18:31 . 2004-07-15 18:31 372736 c:\windows\Microsoft.NET\Framework\v1.1.4322\System.Management.dll
+ 2004-07-15 18:28 . 2004-07-15 18:28 241664 c:\windows\Microsoft.NET\Framework\v1.1.4322\System.EnterpriseServices.dll
+ 2012-04-25 21:45 . 2012-04-25 21:45 471040 c:\windows\Microsoft.NET\Framework\v1.1.4322\System.Drawing.dll
+ 2004-07-15 18:31 . 2004-07-15 18:31 303104 c:\windows\Microsoft.NET\Framework\v1.1.4322\System.Data.OracleClient.dll
+ 2004-07-15 04:35 . 2004-07-15 04:35 319488 c:\windows\Microsoft.NET\Framework\v1.1.4322\SOS.dll
+ 2003-02-20 23:09 . 2003-02-20 23:09 122880 c:\windows\Microsoft.NET\Framework\v1.1.4322\shfusres.dll
+ 2003-02-20 23:09 . 2003-02-20 23:09 253952 c:\windows\Microsoft.NET\Framework\v1.1.4322\shfusion.dll
+ 2004-08-10 20:20 . 2004-08-10 20:20 106496 c:\windows\Microsoft.NET\Framework\v1.1.4322\netfxupdate.exe
+ 2003-02-21 08:42 . 2003-02-21 08:42 348160 c:\windows\Microsoft.NET\Framework\v1.1.4322\msvcr71.dll
+ 2004-07-15 04:33 . 2004-07-15 04:33 143360 c:\windows\Microsoft.NET\Framework\v1.1.4322\mscorrc.dll
+ 2003-02-20 22:43 . 2003-02-20 22:43 131072 c:\windows\Microsoft.NET\Framework\v1.1.4322\mscormmc.dll
+ 2011-12-25 02:55 . 2011-12-25 02:55 102400 c:\windows\Microsoft.NET\Framework\v1.1.4322\mscorld.dll
+ 2011-12-25 02:53 . 2011-12-25 02:53 315392 c:\windows\Microsoft.NET\Framework\v1.1.4322\mscorjit.dll
+ 2004-07-15 04:32 . 2004-07-15 04:32 233472 c:\windows\Microsoft.NET\Framework\v1.1.4322\mscordbi.dll
+ 2004-07-15 18:28 . 2004-07-15 18:28 299008 c:\windows\Microsoft.NET\Framework\v1.1.4322\Microsoft.VisualBasic.dll
+ 2004-07-15 18:28 . 2004-07-15 18:28 720896 c:\windows\Microsoft.NET\Framework\v1.1.4322\Microsoft.JScript.dll
+ 2004-07-15 04:35 . 2004-07-15 04:35 196608 c:\windows\Microsoft.NET\Framework\v1.1.4322\ilasm.exe
+ 2004-07-15 04:24 . 2004-07-15 04:24 282624 c:\windows\Microsoft.NET\Framework\v1.1.4322\fusion.dll
+ 2003-02-20 23:16 . 2003-02-20 23:16 798720 c:\windows\Microsoft.NET\Framework\v1.1.4322\EventLogMessages.dll
+ 2003-02-21 14:21 . 2003-02-21 14:21 524288 c:\windows\Microsoft.NET\Framework\v1.1.4322\diasymreader.dll
+ 2004-07-15 15:23 . 2004-07-15 15:23 626688 c:\windows\Microsoft.NET\Framework\v1.1.4322\cscomp.dll
+ 2002-07-29 15:11 . 2002-07-29 15:11 219136 c:\windows\Microsoft.NET\Framework\v1.1.4322\c_g18030.dll
+ 2011-12-25 03:49 . 2011-12-25 03:49 258048 c:\windows\Microsoft.NET\Framework\v1.1.4322\aspnet_isapi.dll
+ 2003-02-21 09:04 . 2003-02-21 09:04 155648 c:\windows\Microsoft.NET\Framework\v1.1.4322\1033\Vsavb7rtUI.dll
+ 2003-02-21 07:02 . 2003-02-21 07:02 131072 c:\windows\Microsoft.NET\Framework\v1.1.4322\1033\vbc7ui.dll
+ 2012-07-18 19:46 . 2012-07-18 19:46 593408 c:\windows\Installer\9a864.msp
- 2011-03-16 00:12 . 2012-07-20 15:59 888080 c:\windows\Installer\{90120000-0030-0000-0000-0000000FF1CE}\wordicon.exe
+ 2011-03-16 00:12 . 2012-08-17 16:44 888080 c:\windows\Installer\{90120000-0030-0000-0000-0000000FF1CE}\wordicon.exe
- 2011-03-16 00:12 . 2012-07-20 15:59 272648 c:\windows\Installer\{90120000-0030-0000-0000-0000000FF1CE}\pubs.exe
+ 2011-03-16 00:12 . 2012-08-17 16:44 272648 c:\windows\Installer\{90120000-0030-0000-0000-0000000FF1CE}\pubs.exe
- 2011-03-16 00:12 . 2012-07-20 15:59 922384 c:\windows\Installer\{90120000-0030-0000-0000-0000000FF1CE}\pptico.exe
+ 2011-03-16 00:12 . 2012-08-17 16:44 922384 c:\windows\Installer\{90120000-0030-0000-0000-0000000FF1CE}\pptico.exe
- 2011-03-16 00:12 . 2012-07-20 15:59 845584 c:\windows\Installer\{90120000-0030-0000-0000-0000000FF1CE}\outicon.exe
+ 2011-03-16 00:12 . 2012-08-17 16:44 845584 c:\windows\Installer\{90120000-0030-0000-0000-0000000FF1CE}\outicon.exe
+ 2011-03-16 00:12 . 2012-08-17 16:44 217864 c:\windows\Installer\{90120000-0030-0000-0000-0000000FF1CE}\misc.exe
- 2011-03-16 00:12 . 2012-07-20 15:59 217864 c:\windows\Installer\{90120000-0030-0000-0000-0000000FF1CE}\misc.exe
- 2011-03-16 00:12 . 2012-07-20 15:59 184080 c:\windows\Installer\{90120000-0030-0000-0000-0000000FF1CE}\joticon.exe
+ 2011-03-16 00:12 . 2012-08-17 16:44 184080 c:\windows\Installer\{90120000-0030-0000-0000-0000000FF1CE}\joticon.exe
- 2011-03-16 00:12 . 2012-07-20 15:59 159504 c:\windows\Installer\{90120000-0030-0000-0000-0000000FF1CE}\inficon.exe
+ 2011-03-16 00:12 . 2012-08-17 16:44 159504 c:\windows\Installer\{90120000-0030-0000-0000-0000000FF1CE}\inficon.exe
+ 2011-04-22 17:26 . 2011-04-22 17:26 688128 c:\windows\Installer\$PatchCache$\Managed\68AB67CA7DA73301B7449A0500000010\9.5.0\JP2KLib.dll
+ 2009-01-18 20:00 . 2009-01-18 20:00 598016 c:\windows\Installer\$PatchCache$\Managed\68AB67CA7DA73301B7449A0500000010\9.5.0\AXSLE.dll
+ 2012-01-03 07:37 . 2012-01-03 07:37 320456 c:\windows\Installer\$PatchCache$\Managed\68AB67CA7DA73301B7449A0500000010\9.5.0\adobearmhelper.exe
+ 2012-01-02 14:07 . 2012-01-02 14:07 843712 c:\windows\Installer\$PatchCache$\Managed\68AB67CA7DA73301B7449A0500000010\9.5.0\adobearm.exe
+ 2011-06-23 13:54 . 2011-06-23 13:54 119160 c:\windows\Installer\$PatchCache$\Managed\00002109030000000000000000F01FEC\12.0.6612\MSCONV97.DLL
+ 2012-08-17 16:27 . 2012-05-16 15:08 916992 c:\windows\ie8updates\KB2722913-IE8\wininet.dll
+ 2012-08-17 16:27 . 2012-05-11 14:42 105984 c:\windows\ie8updates\KB2722913-IE8\url.dll
+ 2012-08-17 16:27 . 2010-07-05 13:16 382840 c:\windows\ie8updates\KB2722913-IE8\spuninst\updspapi.dll
+ 2012-08-17 16:27 . 2010-07-05 13:15 231288 c:\windows\ie8updates\KB2722913-IE8\spuninst\spuninst.exe
+ 2012-08-17 16:27 . 2012-05-11 14:42 206848 c:\windows\ie8updates\KB2722913-IE8\occache.dll
+ 2012-08-17 16:27 . 2012-05-11 14:42 611840 c:\windows\ie8updates\KB2722913-IE8\mstime.dll
+ 2012-08-17 16:27 . 2012-05-11 14:42 629760 c:\windows\ie8updates\KB2722913-IE8\msfeeds.dll
+ 2012-08-17 16:27 . 2012-05-11 14:42 521728 c:\windows\ie8updates\KB2722913-IE8\jsdbgui.dll
+ 2012-08-17 16:27 . 2012-05-11 14:42 247808 c:\windows\ie8updates\KB2722913-IE8\ieproxy.dll
+ 2012-08-17 16:27 . 2012-05-11 14:42 184320 c:\windows\ie8updates\KB2722913-IE8\iepeers.dll
+ 2012-08-17 16:27 . 2012-05-11 14:42 743424 c:\windows\ie8updates\KB2722913-IE8\iedvtool.dll
+ 2012-08-17 16:27 . 2012-05-11 14:42 387584 c:\windows\ie8updates\KB2722913-IE8\iedkcs32.dll
+ 2012-08-17 16:27 . 2012-05-11 11:38 174080 c:\windows\ie8updates\KB2722913-IE8\ie4uinit.exe
+ 2012-08-26 01:09 . 2012-08-26 01:09 843776 c:\windows\assembly\NativeImages1_v1.1.4322\System.Drawing\1.0.5000.0__b03f5f7f11d50a3a_8e6ff526\System.Drawing.dll
+ 2012-08-26 01:09 . 2012-08-26 01:09 192512 c:\windows\assembly\NativeImages1_v1.1.4322\System.Drawing.Design\1.0.5000.0__b03f5f7f11d50a3a_0380c350\System.Drawing.Design.dll
+ 2012-08-26 01:09 . 2012-08-26 01:09 118784 c:\windows\assembly\NativeImages1_v1.1.4322\CustomMarshalers\1.0.5000.0__b03f5f7f11d50a3a_a2329613\CustomMarshalers.dll
+ 2012-08-21 09:03 . 2012-08-21 09:03 573440 c:\windows\assembly\GAC\System.Web.Services\1.0.5000.0__b03f5f7f11d50a3a\System.Web.Services.dll
+ 2012-08-21 09:03 . 2012-08-21 09:03 819200 c:\windows\assembly\GAC\System.Web.Mobile\1.0.5000.0__b03f5f7f11d50a3a\System.Web.Mobile.dll
+ 2012-08-21 09:03 . 2012-08-21 09:03 126976 c:\windows\assembly\GAC\System.ServiceProcess\1.0.5000.0__b03f5f7f11d50a3a\System.ServiceProcess.dll
+ 2012-08-21 09:03 . 2012-08-21 09:03 131072 c:\windows\assembly\GAC\System.Runtime.Serialization.Formatters.Soap\1.0.5000.0__b03f5f7f11d50a3a\System.Runtime.Serialization.Formatters.Soap.dll
+ 2012-08-21 09:03 . 2012-08-21 09:03 323584 c:\windows\assembly\GAC\System.Runtime.Remoting\1.0.5000.0__b77a5c561934e089\System.Runtime.Remoting.dll
+ 2012-08-21 09:03 . 2012-08-21 09:03 241664 c:\windows\assembly\GAC\System.Messaging\1.0.5000.0__b03f5f7f11d50a3a\System.Messaging.dll
+ 2012-08-21 09:03 . 2012-08-21 09:03 372736 c:\windows\assembly\GAC\System.Management\1.0.5000.0__b03f5f7f11d50a3a\System.Management.dll
+ 2012-08-21 09:03 . 2012-08-21 09:03 241664 c:\windows\assembly\GAC\System.EnterpriseServices\1.0.5000.0__b03f5f7f11d50a3a\System.EnterpriseServices.dll
+ 2012-08-25 13:39 . 2012-08-25 13:39 471040 c:\windows\assembly\GAC\System.Drawing\1.0.5000.0__b03f5f7f11d50a3a\System.Drawing.dll
+ 2012-08-21 09:03 . 2012-08-21 09:03 303104 c:\windows\assembly\GAC\System.Data.OracleClient\1.0.5000.0__b77a5c561934e089\System.Data.OracleClient.dll
+ 2012-08-21 09:03 . 2012-08-21 09:03 299008 c:\windows\assembly\GAC\Microsoft.VisualBasic\7.0.5000.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.dll
+ 2012-08-21 09:03 . 2012-08-21 09:03 720896 c:\windows\assembly\GAC\Microsoft.JScript\7.0.5000.0__b03f5f7f11d50a3a\Microsoft.JScript.dll
+ 2008-04-14 09:42 . 2012-07-02 17:49 1212416 c:\windows\system32\urlmon.dll
- 2008-04-14 09:42 . 2012-05-11 14:42 1212416 c:\windows\system32\urlmon.dll
+ 2008-04-14 09:42 . 2012-07-02 17:49 6008320 c:\windows\system32\mshtml.dll
+ 2012-08-24 00:21 . 2012-08-24 00:21 9813704 c:\windows\system32\Macromed\Flash\NPSWF32_11_4_402_265.dll
+ 2009-03-08 09:32 . 2012-07-02 17:49 2000384 c:\windows\system32\iertutil.dll
- 2009-03-08 09:32 . 2012-05-11 14:42 2000384 c:\windows\system32\iertutil.dll
+ 2008-04-14 05:00 . 2012-07-03 13:40 1866112 c:\windows\system32\dllcache\win32k.sys
- 2008-04-14 05:00 . 2012-06-13 13:19 1866112 c:\windows\system32\dllcache\win32k.sys
- 2008-04-14 09:42 . 2012-05-11 14:42 1212416 c:\windows\system32\dllcache\urlmon.dll
+ 2008-04-14 09:42 . 2012-07-02 17:49 1212416 c:\windows\system32\dllcache\urlmon.dll
+ 2008-04-14 09:42 . 2012-07-02 17:49 6008320 c:\windows\system32\dllcache\mshtml.dll
- 2011-01-25 23:10 . 2012-05-11 14:42 2000384 c:\windows\system32\dllcache\iertutil.dll
+ 2011-01-25 23:10 . 2012-07-02 17:49 2000384 c:\windows\system32\dllcache\iertutil.dll
+ 2004-07-15 12:15 . 2004-07-15 12:15 1032192 c:\windows\Microsoft.NET\Framework\v1.1.4322\VsaVb7rt.dll
+ 2012-04-26 06:32 . 2012-04-26 06:32 6385664 c:\windows\Microsoft.NET\Framework\v1.1.4322\Updates\M2656370\M2656370Uninstall.msp
+ 2004-07-15 18:29 . 2004-07-15 18:29 1339392 c:\windows\Microsoft.NET\Framework\v1.1.4322\System.XML.dll
+ 2011-12-25 15:07 . 2011-12-25 15:07 2064384 c:\windows\Microsoft.NET\Framework\v1.1.4322\System.Windows.Forms.dll
+ 2011-12-25 15:06 . 2011-12-25 15:06 1269760 c:\windows\Microsoft.NET\Framework\v1.1.4322\System.Web.dll
+ 2011-12-25 15:06 . 2011-12-25 15:06 1232896 c:\windows\Microsoft.NET\Framework\v1.1.4322\System.dll
+ 2004-07-15 18:29 . 2004-07-15 18:29 1703936 c:\windows\Microsoft.NET\Framework\v1.1.4322\System.Design.dll
+ 2004-07-15 18:32 . 2004-07-15 18:32 1294336 c:\windows\Microsoft.NET\Framework\v1.1.4322\System.Data.dll
+ 2011-12-25 02:54 . 2011-12-25 02:54 2514944 c:\windows\Microsoft.NET\Framework\v1.1.4322\mscorwks.dll
+ 2011-12-25 02:53 . 2011-12-25 02:53 2527232 c:\windows\Microsoft.NET\Framework\v1.1.4322\mscorsvr.dll
+ 2011-12-25 15:06 . 2011-12-25 15:06 2142208 c:\windows\Microsoft.NET\Framework\v1.1.4322\mscorlib.dll
+ 2003-02-21 11:25 . 2003-02-21 11:25 1564672 c:\windows\Microsoft.NET\Framework\v1.1.4322\mscorcfg.dll
+ 2012-07-31 16:18 . 2012-07-31 16:18 5018624 c:\windows\Installer\aa44340.msp
+ 2012-06-26 22:03 . 2012-06-26 22:03 3875840 c:\windows\Installer\9a896.msp
+ 2012-07-18 19:53 . 2012-07-18 19:53 5009920 c:\windows\Installer\9a832.msp
+ 2012-04-25 23:32 . 2012-04-25 23:32 7069184 c:\windows\Installer\8058e9c.msp
+ 2012-08-21 13:07 . 2012-08-21 13:07 1231872 c:\windows\Installer\128e578b.msi
+ 2012-08-21 08:57 . 2012-08-21 08:57 3443712 c:\windows\Installer\128e573e.msi
+ 2011-03-16 00:12 . 2012-08-17 16:44 1172240 c:\windows\Installer\{90120000-0030-0000-0000-0000000FF1CE}\xlicons.exe
- 2011-03-16 00:12 . 2012-07-20 15:59 1172240 c:\windows\Installer\{90120000-0030-0000-0000-0000000FF1CE}\xlicons.exe
+ 2011-03-16 00:12 . 2012-08-17 16:44 1165584 c:\windows\Installer\{90120000-0030-0000-0000-0000000FF1CE}\accicons.exe
- 2011-03-16 00:12 . 2012-07-20 15:59 1165584 c:\windows\Installer\{90120000-0030-0000-0000-0000000FF1CE}\accicons.exe
+ 2011-01-31 01:16 . 2011-01-31 01:16 5713408 c:\windows\Installer\$PatchCache$\Managed\68AB67CA7DA73301B7449A0500000010\9.5.0\AGM.dll
+ 2012-08-17 16:27 . 2012-05-11 14:42 1212416 c:\windows\ie8updates\KB2722913-IE8\urlmon.dll
+ 2012-08-17 16:27 . 2012-05-11 14:42 6007808 c:\windows\ie8updates\KB2722913-IE8\mshtml.dll
+ 2012-08-17 16:27 . 2012-05-11 14:42 2000384 c:\windows\ie8updates\KB2722913-IE8\iertutil.dll
+ 2012-08-25 13:42 . 2012-08-25 13:42 1966080 c:\windows\assembly\NativeImages1_v1.1.4322\System\1.0.5000.0__b77a5c561934e089_c53a8066\System.dll
+ 2012-08-26 01:09 . 2012-08-26 01:09 4792320 c:\windows\assembly\NativeImages1_v1.1.4322\System\1.0.5000.0__b77a5c561934e089_34fb0d9c\System.dll
+ 2012-08-26 01:10 . 2012-08-26 01:10 5513216 c:\windows\assembly\NativeImages1_v1.1.4322\System.Xml\1.0.5000.0__b77a5c561934e089_59f8b11f\System.Xml.dll
+ 2012-08-26 01:08 . 2012-08-26 01:08 2088960 c:\windows\assembly\NativeImages1_v1.1.4322\System.Xml\1.0.5000.0__b77a5c561934e089_049bc3dd\System.Xml.dll
+ 2012-08-26 01:08 . 2012-08-26 01:08 3035136 c:\windows\assembly\NativeImages1_v1.1.4322\System.Windows.Forms\1.0.5000.0__b77a5c561934e089_6cbe8de3\System.Windows.Forms.dll
+ 2012-08-26 01:10 . 2012-08-26 01:10 7917568 c:\windows\assembly\NativeImages1_v1.1.4322\System.Windows.Forms\1.0.5000.0__b77a5c561934e089_22f25b6f\System.Windows.Forms.dll
+ 2012-08-26 01:10 . 2012-08-26 01:10 2252800 c:\windows\assembly\NativeImages1_v1.1.4322\System.Drawing\1.0.5000.0__b03f5f7f11d50a3a_959fffcf\System.Drawing.dll
+ 2012-08-26 01:09 . 2012-08-26 01:09 1470464 c:\windows\assembly\NativeImages1_v1.1.4322\System.Design\1.0.5000.0__b03f5f7f11d50a3a_faece34b\System.Design.dll
+ 2012-08-26 01:10 . 2012-08-26 01:10 3395584 c:\windows\assembly\NativeImages1_v1.1.4322\System.Design\1.0.5000.0__b03f5f7f11d50a3a_420dbc35\System.Design.dll
+ 2012-08-26 01:09 . 2012-08-26 01:09 3391488 c:\windows\assembly\NativeImages1_v1.1.4322\mscorlib\1.0.5000.0__b77a5c561934e089_89a427ec\mscorlib.dll
+ 2012-08-26 01:10 . 2012-08-26 01:10 8908800 c:\windows\assembly\NativeImages1_v1.1.4322\mscorlib\1.0.5000.0__b77a5c561934e089_767c7768\mscorlib.dll
+ 2012-08-25 13:42 . 2012-08-25 13:42 1232896 c:\windows\assembly\GAC\System\1.0.5000.0__b77a5c561934e089\System.dll
+ 2012-08-21 09:03 . 2012-08-21 09:03 1339392 c:\windows\assembly\GAC\System.Xml\1.0.5000.0__b77a5c561934e089\System.XML.dll
+ 2012-08-25 13:42 . 2012-08-25 13:42 2064384 c:\windows\assembly\GAC\System.Windows.Forms\1.0.5000.0__b77a5c561934e089\System.Windows.Forms.dll
+ 2012-08-25 13:42 . 2012-08-25 13:42 1269760 c:\windows\assembly\GAC\System.Web\1.0.5000.0__b03f5f7f11d50a3a\System.Web.dll
+ 2012-08-21 09:03 . 2012-08-21 09:03 1703936 c:\windows\assembly\GAC\System.Design\1.0.5000.0__b03f5f7f11d50a3a\System.Design.dll
+ 2012-08-21 09:03 . 2012-08-21 09:03 1294336 c:\windows\assembly\GAC\System.Data\1.0.5000.0__b77a5c561934e089\System.Data.dll
+ 2012-08-21 08:55 . 2012-08-21 08:55 1564672 c:\windows\assembly\GAC\mscorcfg\1.0.5000.0__b03f5f7f11d50a3a\mscorcfg.dll
+ 2011-01-25 23:13 . 2012-08-17 16:36 59884088 c:\windows\system32\MRT.exe
- 2009-03-08 09:39 . 2012-05-12 00:12 11111424 c:\windows\system32\ieframe.dll
+ 2009-03-08 09:39 . 2012-07-03 03:19 11111424 c:\windows\system32\ieframe.dll
- 2011-01-25 23:10 . 2012-05-12 00:12 11111424 c:\windows\system32\dllcache\ieframe.dll
+ 2011-01-25 23:10 . 2012-07-03 03:19 11111424 c:\windows\system32\dllcache\ieframe.dll
+ 2011-12-26 21:02 . 2011-12-26 21:02 12482048 c:\windows\Microsoft.NET\Framework\v1.1.4322\Updates\M2656353\M2656353Uninstall.msp
+ 2012-07-25 20:59 . 2012-07-25 20:59 11032064 c:\windows\Installer\9a87d.msp
+ 2012-07-18 19:53 . 2012-07-18 19:53 10937344 c:\windows\Installer\9a84b.msp
+ 2011-12-26 13:02 . 2011-12-26 13:02 19677184 c:\windows\Installer\8058eb6.msp
+ 2012-08-21 09:01 . 2012-08-21 09:01 19210240 c:\windows\Installer\128e5787.msp
+ 2011-08-03 23:53 . 2011-08-03 23:53 17324928 c:\windows\Installer\$PatchCache$\Managed\00002109030000000000000000F01FEC\12.0.6612\MSO.DLL
+ 2012-08-17 16:27 . 2012-05-12 00:12 11111424 c:\windows\ie8updates\KB2722913-IE8\ieframe.dll
.
-- Snapshot reset to current date --
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Registry Cleaner Scheduler"="c:\program files\CleanMyPC\Registry Cleaner\RCHelper.exe" [2011-10-06 1401224]
"FreeAC"="c:\program files\FreeAlarmClock\FreeAlarmClock.exe" [2012-04-25 1328976]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2005-06-21 155648]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2005-06-21 126976]
"GrooveMonitor"="c:\program files\Microsoft Office\Office12\GrooveMonitor.exe" [2009-02-26 30040]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2012-01-18 254696]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2012-07-31 38872]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-07-11 919008]
"HP Software Update"="c:\program files\Hewlett-Packard\HP Software Update\HPWuSchd.exe" [2003-06-25 49152]
"HP Component Manager"="c:\program files\HP\hpcoretech\hpcmpmgr.exe" [2003-10-23 233472]
"HPDJ Taskbar Utility"="c:\windows\system32\spool\drivers\w32x86\3\hpztsb09.exe" [2006-01-13 188416]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"DWQueuedReporting"="c:\progra~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" [2011-07-27 434080]
.
[HKLM\~\startupfolder\C:^Documents and Settings^Administrator^Start Menu^Programs^Startup^OpenOffice.org 3.2.lnk]
path=c:\documents and settings\Administrator\Start Menu\Programs\Startup\OpenOffice.org 3.2.lnk
backup=c:\windows\pss\OpenOffice.org 3.2.lnkStartup
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
2012-07-31 11:20 38872 ----a-w- c:\program files\Adobe\Reader 9.0\Reader\reader_sl.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LightScribe Control Panel]
2007-04-19 18:26 484904 ----a-w- c:\program files\Common Files\LightScribe\LightScribeControlPanel.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS]
2008-04-14 10:42 1695232 ------w- c:\program files\Messenger\msmsgs.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
2012-01-18 18:02 254696 ----a-w- c:\program files\Common Files\Java\Java Update\jusched.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"JavaQuickStarterService"=2 (0x2)
"LightScribeService"=2 (0x2)
"NMIndexingService"=3 (0x3)
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\uTorrent\\uTorrent.exe"=
"c:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"=
"c:\\Program Files\\Microsoft Office\\Office12\\GROOVE.EXE"=
"c:\\Program Files\\Microsoft Office\\Office12\\ONENOTE.EXE"=
"c:\\Program Files\\Rosetta Stone\\Rosetta Stone Version 3\\support\\bin\\win\\RosettaStoneLtdServices.exe"=
"c:\\Program Files\\Rosetta Stone\\Rosetta Stone Version 3\\RosettaStoneVersion3.exe"=
"c:\\Documents and Settings\\Administrator\\Local Settings\\Application Data\\Google\\Google Talk Plugin\\googletalkplugin.exe"=
.
S3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [5/28/2012 9:50 AM 250568]
S3 androidusb;ADB Interface Driver;c:\windows\system32\drivers\smhwadb.sys [4/26/2011 9:35 PM 25728]
S3 FsUsbExDisk;FsUsbExDisk;c:\windows\system32\FsUsbExDisk.Sys [3/3/2011 1:11 AM 36608]
S3 MozillaMaintenance;Mozilla Maintenance Service;c:\program files\Mozilla Maintenance Service\maintenanceservice.exe [6/17/2012 6:18 PM 113120]
S3 smhwdev;SmartPhone dummy USB PNP Device (Normal);c:\windows\system32\drivers\smhwdev.sys [4/26/2011 9:35 PM 100864]
S3 smhwser;USB Device for Legacy Serial Communication (Normal);c:\windows\system32\drivers\smhwser.sys [4/26/2011 9:35 PM 108032]
.
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{10880D85-AAD9-4558-ABDC-2AB1552D831F}]
2007-04-19 18:23 452136 ----a-w- c:\program files\Common Files\LightScribe\LSRunOnce.exe
.
Contents of the 'Scheduled Tasks' folder
.
2012-08-26 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2012-05-28 00:21]
.
2012-08-26 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1004336348-1979792683-1606980848-500Core.job
- c:\documents and settings\Administrator\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2012-01-23 16:10]
.
2012-08-26 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1004336348-1979792683-1606980848-500UA.job
- c:\documents and settings\Administrator\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2012-01-23 16:10]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.google.com/
uInternet Connection Wizard,ShellNext = wmplayer.exe //ICWLaunch
uInternet Settings,ProxyOverride = <local>
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~3\Office12\EXCEL.EXE/3000
TCP: DhcpNameServer = 192.168.2.1
FF - ProfilePath - c:\documents and settings\Administrator\Application Data\Mozilla\Firefox\Profiles\5v4d6cr9.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.google.com/
.
- - - - ORPHANS REMOVED - - - -
.
URLSearchHooks-{bf7380fa-e3b4-4db2-af3e-9d8783a45bfc} - c:\program files\uTorrentBar\prxtbuTo2.dll
BHO-{bf7380fa-e3b4-4db2-af3e-9d8783a45bfc} - c:\program files\uTorrentBar\prxtbuTo2.dll
Toolbar-{bf7380fa-e3b4-4db2-af3e-9d8783a45bfc} - c:\program files\uTorrentBar\prxtbuTo2.dll
WebBrowser-{BF7380FA-E3B4-4DB2-AF3E-9D8783A45BFC} - c:\program files\uTorrentBar\prxtbuTo2.dll
AddRemove-uTorrentBar Toolbar - c:\program files\uTorrentBar\uninstall.exe
.
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2012-08-26 13:24
Windows 5.1.2600 Service Pack 3 NTFS
.
scanning hidden processes ...
.
scanning hidden autostart entries ...
.
scanning hidden files ...
.
scan completed successfully
hidden files: 0
.
**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_USERS\S-1-5-21-1004336348-1979792683-1606980848-500\Software\Microsoft\Internet Explorer\User Preferences]
@Denied: (2) (Administrator)
"88D7D0879DAB32E14DE5B3A805A34F98AFF34F5977"=hex:01,00,00,00,d0,8c,9d,df,01,15,
d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,6b,0b,43,0f,82,dc,38,4a,ae,76,a5,\
"2D53CFFC5C1A3DD2E97B7979AC2A92BD59BC839E81"=hex:01,00,00,00,d0,8c,9d,df,01,15,
d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,6b,0b,43,0f,82,dc,38,4a,ae,76,a5,\
.
--------------------- DLLs Loaded Under Running Processes ---------------------
.
- - - - - - - > 'winlogon.exe'(480)
c:\windows\system32\igfxsrvc.dll
c:\windows\system32\hccutils.DLL
.
Completion time: 2012-08-26 13:30:43
ComboFix-quarantined-files.txt 2012-08-26 17:30
ComboFix2.txt 2012-08-15 22:04
.
Pre-Run: 9,183,346,688 bytes free
Post-Run: 9,354,518,528 bytes free
.
- - End Of File - - 7870718F32674FD72F42EC1E032E17AB

So the computer seems to be ok just really slow sometimes. I'm not sure if it is because of something concrete like the hardware capacity, amount of things on it, system settings or something that can be worked on. Example: Youtube lags continuously, even if it is the only program (other than the default stuff in the background) running.

#15 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:03:36 PM

Posted 26 August 2012 - 03:19 PM

Greetings Phil from Atlanta

I want you to run these next,

tdsskiller:

Please read carefully and follow these steps.
  • Download TDSSKiller and save it to your Desktop.
  • doubleclick on TDSSKiller.exe to run the application, then on Start Scan.
  • If an infected file is detected, the default action will be Cure, click on Continue.
  • If a suspicious file is detected, the default action will be Skip, click on Continue.
  • It may ask you to reboot the computer to complete the process. Click on Reboot Now.
  • If no reboot is require, click on Report. A log file should appear. Please copy and paste the contents of that file here.
  • If a reboot is required, the report can also be found in your root directory, (usually C:\ folder) in the form of "TDSSKiller.[Version]_[Date]_[Time]_log.txt". Please copy and paste the contents of that file here.

Please download aswMBR to your desktop.
  • Double click the aswMBR.exe icon to run it
  • it will ask to download extra definitions - ALLOW IT
  • Click the Scan button to start the scan
  • On completion of the scan, click the save log button, save it to your desktop and post it in your next reply.

If you have any problems running either one come back and let me know

please reply with the reports from TDSSKiller and aswMBR

Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University




1 user(s) are reading this topic

0 members, 1 guests, 0 anonymous users