Darkness Posted December 6, 2011 ID:501738 Share Posted December 6, 2011 When I start up my computer, avast told me that there is a rootkit so I click on Delete File after the computer restarts, the same exact message show up and I went to ran full-scan in MalwareBytes. After that I ran DDS but my computer hanged at round 70 to 80 % completed then I went to force shutdown and restart my computer but avast doesn't show me the message again.(Note: The computer time somehow got reset.)MBAM Log:Malwarebytes' Anti-Malware 1.51.2.1300www.malwarebytes.orgDatabase version: 8322Windows 5.1.2600 Service Pack 3Internet Explorer 8.0.6001.1870212/1/2011 3:45:14 AMmbam-log-2011-12-01 (03-45-14).txtScan type: Full scan (C:\|D:\|)Objects scanned: 90272Time elapsed: 1 hour(s), 17 minute(s), 34 second(s)Memory Processes Infected: 0Memory Modules Infected: 0Registry Keys Infected: 0Registry Values Infected: 0Registry Data Items Infected: 0Folders Infected: 0Files Infected: 0Memory Processes Infected:(No malicious items detected)Memory Modules Infected:(No malicious items detected)Registry Keys Infected:(No malicious items detected)Registry Values Infected:(No malicious items detected)Registry Data Items Infected:(No malicious items detected)Folders Infected:(No malicious items detected)Files Infected:(No malicious items detected) Link to post Share on other sites More sharing options...
Darkness Posted December 11, 2011 Author ID:503566 Share Posted December 11, 2011 Up up up? Link to post Share on other sites More sharing options...
Elise Posted December 11, 2011 ID:503634 Share Posted December 11, 2011 Hello and Can you give me the exact message Avast displays?We need to see some information about what is happening in your machine. Please perform the following scan:Download DDS by sUBs from one of the following links. Save it to your desktop.DDS.scrDDS.pif[*]Double click on the DDS icon, allow it to run.[*]A small box will open, with an explaination about the tool. No input is needed, the scan is running.[*]Notepad will open with the results.[*]Follow the instructions that pop up for posting the results.[*]Close the program window, and delete the program from your desktop.Please note: You may have to disable any script protection running if the scan fails to run. After downloading the tool, disconnect from the internet and disable all antivirus protection. Run the scan, enable your A/V and reconnect to the internet. Information on A/V control HERE Link to post Share on other sites More sharing options...
Darkness Posted December 13, 2011 Author ID:504391 Share Posted December 13, 2011 Avast doesn't seem to display that message anymore (When I first saw it it was located at system32/drivers and it is a 'Hidden Rookit' as the rootkit name) after I did a force shutdown and then restart the system after DDS made my whole computer hang.DDS and the computer always hangs when: Link to post Share on other sites More sharing options...
Elise Posted December 13, 2011 ID:504575 Share Posted December 13, 2011 Please try the following scan instead.OTL-----Please download OTL from one of the following mirrors:This is THE Mirror[*]Save it to your desktop.[*]Double click on the icon on your desktop.[*]Click the "Scan All Users" checkbox.[*]Push the button.[*]Two reports will open, copy and paste them in a reply here:OTL.txt <-- Will be openedExtra.txt <-- Will be minimized Link to post Share on other sites More sharing options...
Darkness Posted December 14, 2011 Author ID:504921 Share Posted December 14, 2011 Extras.txt did not appear.OTL logfile created on: 12/9/2011 7:08:52 PM - Run 2OTL by OldTimer - Version 3.2.31.0 Folder = C:\Documents and Settings\kelvin\DesktopWindows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstationInternet Explorer (Version = 8.0.6001.18702)Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy758.42 Mb Total Physical Memory | 231.53 Mb Available Physical Memory | 30.53% Memory free1.06 Gb Paging File | 0.59 Gb Available in Paging File | 55.27% Paging File freePaging file location(s): C:\pagefile.sys 372 744 [binary data]%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program FilesDrive C: | 15.14 Gb Total Space | 0.44 Gb Free Space | 2.91% Space Free | Partition Type: NTFSDrive D: | 20.00 Gb Total Space | 7.63 Gb Free Space | 38.16% Space Free | Partition Type: NTFSComputer Name: JUSTIN-743CC739 | User Name: kelvin | Logged in as Administrator.Boot Mode: Normal | Scan Mode: All usersCompany Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days========== Processes (SafeList) ==========PRC - [2011/12/09 19:57:35 | 000,584,192 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\kelvin\Desktop\OTL.exePRC - [2011/11/29 02:01:24 | 003,744,552 | ---- | M] (AVAST Software) -- C:\Program Files\AVAST Software\Avast\AvastUI.exePRC - [2011/11/29 02:01:23 | 000,044,768 | ---- | M] (AVAST Software) -- C:\Program Files\AVAST Software\Avast\AvastSvc.exePRC - [2008/07/04 12:52:18 | 000,014,336 | ---- | M] (Vodafone) -- C:\Program Files\Vodafone\Vodafone Mobile Connect\Bin\VMCService.exePRC - [2008/04/14 08:12:19 | 001,033,728 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exePRC - [2005/11/08 10:45:52 | 000,069,632 | ---- | M] (Wistron) -- C:\Program Files\Launch Manager\HotkeyApp.exePRC - [2005/11/08 10:19:28 | 000,081,920 | ---- | M] () -- C:\Program Files\Launch Manager\WButton.exePRC - [2005/07/25 13:36:40 | 000,032,768 | ---- | M] () -- C:\Program Files\Launch Manager\LaunchAp.exePRC - [2005/07/25 10:45:00 | 000,241,664 | ---- | M] () -- C:\Program Files\Launch Manager\OSDCtrl.exePRC - [2005/04/15 11:01:46 | 000,077,824 | R--- | M] (Realtek Semiconductor Corp.) -- C:\WINDOWS\SOUNDMAN.EXEPRC - [2005/02/04 11:12:58 | 000,102,490 | ---- | M] (Synaptics, Inc.) -- C:\Program Files\Synaptics\SynTP\SynTPLpr.exePRC - [2002/08/30 15:02:48 | 000,094,208 | ---- | M] () -- C:\Program Files\Launch Manager\Powerkey.exe========== Modules (No Company Name) ==========MOD - [2011/12/14 15:36:58 | 001,646,592 | ---- | M] () -- C:\Program Files\AVAST Software\Avast\defs\11121400\algo.dllMOD - [2011/12/13 17:07:21 | 001,646,080 | ---- | M] () -- C:\Program Files\AVAST Software\Avast\defs\11121300\algo.dllMOD - [2011/12/12 23:57:38 | 000,241,528 | ---- | M] () -- C:\Program Files\AVAST Software\Avast\defs\11121400\aswRep.dllMOD - [2011/12/12 23:57:38 | 000,241,528 | ---- | M] () -- C:\Program Files\AVAST Software\Avast\defs\11121300\aswRep.dllMOD - [2011/10/14 20:09:44 | 000,998,400 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Management\90b90e700e59d73d6d692cf74e1ba16e\System.Management.ni.dllMOD - [2011/10/14 01:04:05 | 005,450,752 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Xml\70cacc44f0b4257f6037eda7a59a0aeb\System.Xml.ni.dllMOD - [2011/10/14 01:03:47 | 000,971,264 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Configuration\bce0720436dc6cb76006377f295ea365\System.Configuration.ni.dllMOD - [2011/10/14 01:03:43 | 000,212,992 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.ServiceProce#\abef85f2fb8ba830eda73e2d12e8d41e\System.ServiceProcess.ni.dllMOD - [2011/10/14 01:02:42 | 007,950,848 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System\af39f6e644af02873b9bae319f2bfb13\System.ni.dllMOD - [2011/10/14 01:02:13 | 011,490,816 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\mscorlib\ca87ba84221991839abbe7d4bc9c6721\mscorlib.ni.dllMOD - [2005/11/08 10:19:28 | 000,081,920 | ---- | M] () -- C:\Program Files\Launch Manager\WButton.exeMOD - [2005/07/25 13:36:40 | 000,032,768 | ---- | M] () -- C:\Program Files\Launch Manager\LaunchAp.exeMOD - [2005/07/25 10:45:00 | 000,241,664 | ---- | M] () -- C:\Program Files\Launch Manager\OSDCtrl.exeMOD - [2002/08/30 15:02:48 | 000,094,208 | ---- | M] () -- C:\Program Files\Launch Manager\Powerkey.exe========== Win32 Services (SafeList) ==========SRV - [2011/11/29 02:01:23 | 000,044,768 | ---- | M] (AVAST Software) [Auto | Running] -- C:\Program Files\AVAST Software\Avast\AvastSvc.exe -- (avast! Antivirus)SRV - [2010/04/10 17:05:58 | 000,266,544 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Microsoft Fix it Center\Matsvc.exe -- (MatSvc)SRV - [2009/11/17 12:55:00 | 003,436,188 | ---- | M] (INCA Internet Co., Ltd.) [On_Demand | Stopped] -- C:\WINDOWS\System32\GameMon.des -- (npggsvc)SRV - [2008/07/04 12:52:18 | 000,014,336 | ---- | M] (Vodafone) [Auto | Running] -- C:\Program Files\Vodafone\Vodafone Mobile Connect\Bin\VMCService.exe -- (VMCService)SRV - [2006/11/03 19:19:58 | 000,013,592 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Program Files\Windows Defender\MsMpEng.exe -- (WinDefend)========== Driver Services (SafeList) ==========DRV - [2011/11/29 01:53:53 | 000,435,032 | ---- | M] (AVAST Software) [File_System | System | Running] -- C:\WINDOWS\System32\drivers\aswSnx.sys -- (aswSnx)DRV - [2011/11/29 01:53:35 | 000,314,456 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\aswSP.sys -- (aswSP)DRV - [2011/11/29 01:52:19 | 000,034,392 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\aswRdr.sys -- (aswRdr)DRV - [2011/11/29 01:52:16 | 000,052,952 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\aswTdi.sys -- (aswTdi)DRV - [2011/11/29 01:52:02 | 000,111,320 | ---- | M] (AVAST Software) [File_System | Auto | Running] -- C:\WINDOWS\System32\drivers\aswmon2.sys -- (aswMon2)DRV - [2011/11/29 01:51:50 | 000,020,568 | ---- | M] (AVAST Software) [File_System | Auto | Running] -- C:\WINDOWS\System32\drivers\aswFsBlk.sys -- (aswFsBlk)DRV - [2011/11/29 01:48:49 | 000,030,808 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\aavmker4.sys -- (Aavmker4)DRV - [2009/10/13 17:50:00 | 000,133,632 | ---- | M] (AhnLab, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\Mkd2kfNT.sys -- (Mkd2kfNt)DRV - [2009/07/13 17:37:00 | 000,079,360 | ---- | M] (AhnLab, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\Mkd2Nadr.sys -- (Mkd2Nadr)DRV - [2008/03/17 11:03:46 | 000,101,376 | R--- | M] (Huawei Technologies Co., Ltd.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ewusbmdm.sys -- (hwdatacard)DRV - [2007/06/01 14:28:38 | 000,095,488 | ---- | M] (Realtek Semiconductor Corporation ) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\Rtnicxp.sys -- (RTL8023xp)DRV - [2005/11/08 15:12:00 | 000,997,376 | R--- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\HSF_DPV.sys -- (HSF_DPV)DRV - [2005/11/08 15:11:00 | 000,723,712 | R--- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\HSF_CNXT.sys -- (winachsf)DRV - [2005/11/08 15:11:00 | 000,242,048 | R--- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\HSFHWICH.sys -- (HSFHWICH)DRV - [2005/04/19 10:40:52 | 002,317,504 | R--- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ALCXWDM.SYS -- (ALCXWDM) Service for Realtek AC97 Audio (WDM)DRV - [2005/01/09 23:47:14 | 000,449,888 | R--- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ar5211.sys -- (AR5211)DRV - [2004/08/04 06:31:34 | 000,020,992 | ---- | M] (Realtek Semiconductor Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\RTL8139.sys -- (rtl8139) Realtek RTL8139(A/B/C)DRV - [2003/04/28 11:27:06 | 000,009,867 | ---- | M] () [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\HOTKEY.sys -- (Hotkey)DRV - [2001/08/17 14:04:46 | 000,223,232 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\camdrv21.sys -- (camvid20)DRV - [2000/12/19 18:29:52 | 000,002,343 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Program Files\Launch Manager\POWERKEY.SYS -- (POWERKEY)========== Standard Registry (SafeList) ==================== Internet Explorer ==========IE - HKU\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\WINDOWS\pchealth\helpctr\System\panels\blank.htmIE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0IE - HKU\S-1-5-18\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\WINDOWS\pchealth\helpctr\System\panels\blank.htmIE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0IE - HKU\S-1-5-20\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0IE - HKU\S-1-5-21-1957994488-1637723038-682003330-1005\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://sg.yahoo.com/IE - HKU\S-1-5-21-1957994488-1637723038-682003330-1005\..\URLSearchHook: {EF99BD32-C1FB-11D2-892F-0090271D4F88} - No CLSID value foundIE - HKU\S-1-5-21-1957994488-1637723038-682003330-1005\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0========== FireFox ==========FF - prefs.js..browser.search.useDBForOrder: trueFF - prefs.js..browser.startup.homepage: "http://sg.yahoo.com/"FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}:6.0.22FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\WINDOWS\system32\Macromed\Flash\NPSWF32.dll ()FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\WINDOWS\system32\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.)FF - HKLM\Software\MozillaPlugins\@ahnlab.com/asp/npaosmgr.1: C:\Program Files\AhnLab\ASP\Components\aosmgr\conflict_221\npaosmgr.dll (AhnLab, Inc.)FF - HKLM\Software\MozillaPlugins\@ahnlab.com/asp/npmkd25aos: C:\Program Files\AhnLab\ASP\MyKeyDefense 2.5\npmkd25aos.dll (AhnLab, Inc.)FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files\Microsoft Silverlight\4.0.60831.0\npctrl.dll ( Microsoft Corporation)FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: C:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)FF - HKLM\Software\MozillaPlugins\@real.com/nppl3260;version=6.0.11.2571: File not foundFF - HKLM\Software\MozillaPlugins\@real.com/nprpjplug;version=6.0.12.1739: File not foundFF - HKLM\Software\MozillaPlugins\@real.com/nsJSRealPlayerPlugin;version=: File not foundFF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.79\npGoogleUpdate3.dll (Google Inc.)FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.79\npGoogleUpdate3.dll (Google Inc.)FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)FF - HKCU\Software\MozillaPlugins\@ahnlab.com/asp/npmkd25aos: C:\Program Files\AhnLab\ASP\MyKeyDefense 2.5\npmkd25aos.dll (AhnLab, Inc.)FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\wrc@avast.com: C:\Program Files\AVAST Software\Avast\WebRep\FF [2011/12/09 19:16:27 | 000,000,000 | ---D | M]FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 4.0\extensions\\Components: D:\AsiaSoft Online\firefox\components [2011/03/26 08:43:53 | 000,000,000 | ---D | M]FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 4.0\extensions\\Plugins: D:\AsiaSoft Online\firefox\plugins[2009/06/10 08:04:04 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\kelvin\Application Data\Mozilla\Extensions[2011/03/03 20:20:10 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\kelvin\Application Data\Mozilla\Firefox\Profiles\jnwwztep.default\extensions[2010/06/20 11:04:16 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Documents and Settings\kelvin\Application Data\Mozilla\Firefox\Profiles\jnwwztep.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}[2010/06/20 11:04:15 | 000,000,000 | ---D | M] (ReminderFox) -- C:\Documents and Settings\kelvin\Application Data\Mozilla\Firefox\Profiles\jnwwztep.default\extensions\{ada4b710-8346-4b82-8199-5de2b400a6ae}[2009/06/20 18:59:45 | 000,000,000 | ---D | M] (MR Tech Link Wrapper) -- C:\Documents and Settings\kelvin\Application Data\Mozilla\Firefox\Profiles\jnwwztep.default\extensions\{AE7FD9A4-892A-4DE0-B635-4C58D0B0E09F}() (No name found) -- C:\DOCUMENTS AND SETTINGS\KELVIN\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\JNWWZTEP.DEFAULT\EXTENSIONS\TESTPILOT@LABS.MOZILLA.COM.XPI[2011/12/09 19:16:27 | 000,000,000 | ---D | M] (avast! WebRep) -- C:\PROGRAM FILES\AVAST SOFTWARE\AVAST\WEBREP\FF[2010/02/02 21:00:05 | 000,000,000 | ---D | M] (Java Quick Starter) -- C:\PROGRAM FILES\JAVA\JRE6\LIB\DEPLOY\JQS\FF[2011/01/22 09:17:19 | 000,000,000 | ---D | M] (Java Console) -- D:\ASIASOFT ONLINE\FIREFOX\EXTENSIONS\{CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}[2011/03/07 18:02:16 | 000,000,000 | ---D | M] (Java Console) -- D:\ASIASOFT ONLINE\FIREFOX\EXTENSIONS\{CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}O1 HOSTS File: ([2011/08/27 11:17:33 | 000,000,798 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hostsO1 - Hosts: 127.0.0.1 localhostO2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - No CLSID value found.O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found.O2 - BHO: (avast! WebRep) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)O3 - HKLM\..\Toolbar: (avast! WebRep) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.O4 - HKLM..\Run: [avast] C:\Program Files\AVAST Software\Avast\avastUI.exe (AVAST Software)O4 - HKLM..\Run: [CtrlVol] C:\Program Files\Launch Manager\CtrlVol.exe (Wistron)O4 - HKLM..\Run: [iMJPMIG8.1] C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE (Microsoft Corporation)O4 - HKLM..\Run: [LaunchAp] C:\Program Files\Launch Manager\LaunchAp.exe ()O4 - HKLM..\Run: [LManager] C:\Program Files\Launch Manager\HotkeyApp.exe (Wistron)O4 - HKLM..\Run: [LMgrOSD] C:\Program Files\Launch Manager\OSDCtrl.exe ()O4 - HKLM..\Run: [MSPY2002] C:\WINDOWS\System32\IME\PINTLGNT\ImScInst.exe ()O4 - HKLM..\Run: [PHIME2002A] C:\WINDOWS\System32\IME\TINTLGNT\TINTSETP.EXE (Microsoft Corporation)O4 - HKLM..\Run: [PHIME2002ASync] C:\WINDOWS\System32\IME\TINTLGNT\TINTSETP.EXE (Microsoft Corporation)O4 - HKLM..\Run: [PowerKey] C:\Program Files\Launch Manager\PowerKey.exe ()O4 - HKLM..\Run: [soundMan] C:\WINDOWS\SOUNDMAN.EXE (Realtek Semiconductor Corp.)O4 - HKLM..\Run: [synTPLpr] C:\Program Files\Synaptics\SynTP\SynTPLpr.exe (Synaptics, Inc.)O4 - HKLM..\Run: [Wbutton] C:\Program Files\Launch Manager\Wbutton.exe ()O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145O7 - HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145O7 - HKU\S-1-5-21-1957994488-1637723038-682003330-1005\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 255O16 - DPF: {00000055-9980-0010-8000-00AA00389B71} http://codecs.microsoft.com/codecs/i386/fhg.CAB (Reg Error: Key error.)O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} http://download.microsoft.com/download/E/5/6/E5611B10-0D6D-4117-8430-A67417AA88CD/LegitCheckControl.cab (Windows Genuine Advantage Validation Tool)O16 - DPF: {233C1507-6A77-46A4-9443-F871F945D258} http://download.macromedia.com/pub/shockwave/cabs/director/sw.cab (Shockwave ActiveX Control)O16 - DPF: {3AC7F64E-6154-47B0-82B5-764ED4077F77} http://txn.hkjc.com/BetSlip/object/HKJCSecKey.cab (DataStorage Class)O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab (Java Plug-in 1.6.0_24)O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} http://fpdownload.macromedia.com/get/flashplayer/current/polarbear/ultrashim.cab (Reg Error: Key error.)O16 - DPF: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab (Java Plug-in 1.6.0_24)O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab (Java Plug-in 1.6.0_24)O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.)O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.254O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{C118DB71-E6F6-4D0C-A432-113656ED5CDE}: DhcpNameServer = 192.168.1.254O20 - HKLM Winlogon: Shell - (Explorer.exe) -C:\WINDOWS\explorer.exe (Microsoft Corporation)O20 - HKLM Winlogon: UserInit - (C:\WINDOWS\system32\userinit.exe) -C:\WINDOWS\system32\userinit.exe (Microsoft Corporation)O24 - Desktop WallPaper: C:\WINDOWS\Web\Wallpaper\Bliss.bmpO24 - Desktop BackupWallPaper: C:\WINDOWS\Web\Wallpaper\Bliss.bmpO28 - HKLM ShellExecuteHooks: {091EB208-39DD-417D-A5DD-7E2C2D8FB9CB} - C:\Program Files\Windows Defender\MpShHook.dll (Microsoft Corporation)O32 - HKLM CDRom: AutoRun - 1O32 - AutoRun File - [2006/05/29 22:53:20 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]O33 - MountPoints2\{a9e59fd2-b511-11db-92ba-0016ce3eac1e}\Shell - "" = AutoRunO33 - MountPoints2\{a9e59fd2-b511-11db-92ba-0016ce3eac1e}\Shell\AutoRun - "" = Auto&PlayO33 - MountPoints2\{a9e59fd2-b511-11db-92ba-0016ce3eac1e}\Shell\AutoRun\command - "" = E:\VMC_PBStarter.exeO33 - MountPoints2\{a9e59fd3-b511-11db-92ba-0016ce3eac1e}\Shell - "" = AutoRunO33 - MountPoints2\{a9e59fd3-b511-11db-92ba-0016ce3eac1e}\Shell\AutoRun - "" = Auto&PlayO33 - MountPoints2\{a9e59fd3-b511-11db-92ba-0016ce3eac1e}\Shell\AutoRun\command - "" = E:\VMC_PBStarter.exeO33 - MountPoints2\{a9e59fd4-b511-11db-92ba-0016ce3eac1e}\Shell - "" = AutoRunO33 - MountPoints2\{a9e59fd4-b511-11db-92ba-0016ce3eac1e}\Shell\AutoRun - "" = Auto&PlayO33 - MountPoints2\{a9e59fd4-b511-11db-92ba-0016ce3eac1e}\Shell\AutoRun\command - "" = E:\VMC_PBStarter.exeO33 - MountPoints2\{a9e59fd5-b511-11db-92ba-0016ce3eac1e}\Shell - "" = AutoRunO33 - MountPoints2\{a9e59fd5-b511-11db-92ba-0016ce3eac1e}\Shell\AutoRun - "" = Auto&PlayO33 - MountPoints2\{a9e59fd5-b511-11db-92ba-0016ce3eac1e}\Shell\AutoRun\command - "" = F:\VMC_PBStarter.exeO33 - MountPoints2\{aae171d8-93be-11df-8737-0016ce3eac1e}\Shell - "" = AutoRunO33 - MountPoints2\{aae171d8-93be-11df-8737-0016ce3eac1e}\Shell\AutoRun - "" = Auto&PlayO33 - MountPoints2\{aae171d8-93be-11df-8737-0016ce3eac1e}\Shell\AutoRun\command - "" = E:\setup_vmc_lite.exe /checkApplicationPresenceO34 - HKLM BootExecute: (autocheck autochk *)O35 - HKLM\..comfile [open] -- "%1" %*O35 - HKLM\..exefile [open] -- "%1" %*O37 - HKLM\...com [@ = comfile] -- "%1" %*O37 - HKLM\...exe [@ = exefile] -- "%1" %*========== Files/Folders - Created Within 30 Days ==========[2011/12/09 19:57:18 | 000,584,192 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\kelvin\Desktop\OTL.exe[2011/12/09 19:11:38 | 000,607,017 | R--- | C] (Swearware) -- C:\Documents and Settings\kelvin\Desktop\dds.pif[2011/12/01 03:48:10 | 000,000,000 | R--D | C] -- C:\Documents and Settings\kelvin\Start Menu\Programs\Administrative Tools[2011/12/01 03:46:34 | 000,607,260 | R--- | C] (Swearware) -- C:\Documents and Settings\kelvin\Desktop\dds.scr[2011/11/24 20:52:50 | 000,000,000 | ---D | C] -- C:\Documents and Settings\kelvin\Desktop\clientcontainer[2011/11/24 15:34:22 | 000,414,368 | ---- | C] (Adobe Systems Incorporated) -- C:\WINDOWS\System32\FlashPlayerCPLApp.cpl[2011/11/11 20:14:43 | 000,000,000 | -HSD | C] -- C:\WINDOWS\ftpcache[5 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ][1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]========== Files - Modified Within 30 Days ==========[2011/12/09 19:57:35 | 000,584,192 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\kelvin\Desktop\OTL.exe[2011/12/09 19:45:14 | 000,001,734 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Adobe Reader X.lnk[2011/12/09 19:16:30 | 000,002,625 | ---- | M] () -- C:\WINDOWS\System32\CONFIG.NT[2011/12/09 19:13:00 | 000,000,886 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job[2011/12/09 19:11:58 | 000,607,017 | R--- | M] (Swearware) -- C:\Documents and Settings\kelvin\Desktop\dds.pif[2011/12/09 19:08:00 | 000,013,646 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl[2011/12/09 19:07:47 | 000,000,882 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job[2011/12/09 19:07:24 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat[2011/12/01 04:11:41 | 000,000,182 | ---- | M] () -- C:\Documents and Settings\kelvin\Local Settings\Application Data\starterapplet.properties[2011/12/01 04:02:51 | 000,000,122 | ---- | M] () -- C:\Documents and Settings\kelvin\.ewanapi_cookie[2011/12/01 03:46:39 | 000,607,260 | R--- | M] (Swearware) -- C:\Documents and Settings\kelvin\Desktop\dds.scr[2011/11/29 02:01:25 | 000,041,184 | ---- | M] (AVAST Software) -- C:\WINDOWS\avastSS.scr[2011/11/29 02:01:23 | 000,199,816 | ---- | M] (AVAST Software) -- C:\WINDOWS\System32\aswBoot.exe[2011/11/29 01:53:53 | 000,435,032 | ---- | M] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswSnx.sys[2011/11/29 01:53:35 | 000,314,456 | ---- | M] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswSP.sys[2011/11/29 01:52:19 | 000,034,392 | ---- | M] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswRdr.sys[2011/11/29 01:52:16 | 000,052,952 | ---- | M] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswTdi.sys[2011/11/29 01:52:02 | 000,111,320 | ---- | M] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswmon2.sys[2011/11/29 01:51:59 | 000,105,176 | ---- | M] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswmon.sys[2011/11/29 01:51:50 | 000,020,568 | ---- | M] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswFsBlk.sys[2011/11/29 01:48:49 | 000,030,808 | ---- | M] (AVAST Software) -- C:\WINDOWS\System32\drivers\aavmker4.sys[2011/11/25 23:50:54 | 000,000,815 | ---- | M] () -- C:\Documents and Settings\kelvin\Application Data\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser.lnk[2011/11/24 15:34:22 | 000,414,368 | ---- | M] (Adobe Systems Incorporated) -- C:\WINDOWS\System32\FlashPlayerCPLApp.cpl[2011/11/16 10:09:21 | 000,034,902 | ---- | M] () -- C:\Documents and Settings\kelvin\My Documents\www.apps.asiapacific.hsbc.com-1-2-!ut-p-kcxml-04_Sj9SPy.tif[2011/11/15 09:12:04 | 000,004,462 | ---- | M] () -- C:\Documents and Settings\kelvin\My Documents\Payslip.pdf[2011/11/09 23:28:54 | 000,001,374 | ---- | M] () -- C:\WINDOWS\imsins.BAK[5 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ][1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]========== Files Created - No Company Name ==========[2011/12/09 19:45:11 | 000,001,734 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Adobe Reader X.lnk[2011/12/09 19:45:10 | 000,002,347 | ---- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Adobe Reader X.lnk[2011/11/16 10:09:21 | 000,034,902 | ---- | C] () -- C:\Documents and Settings\kelvin\My Documents\www.apps.asiapacific.hsbc.com-1-2-!ut-p-kcxml-04_Sj9SPy.tif[2011/11/15 09:11:54 | 000,004,462 | ---- | C] () -- C:\Documents and Settings\kelvin\My Documents\Payslip.pdf[2011/10/05 22:05:24 | 000,001,596 | ---- | C] () -- C:\Documents and Settings\kelvin\Local Settings\Application Data\session.properties[2011/02/22 13:59:24 | 000,021,036 | ---- | C] () -- C:\WINDOWS\System32\SIntfNT.dll[2011/02/22 13:59:23 | 000,015,132 | ---- | C] () -- C:\WINDOWS\System32\SIntf32.dll[2011/02/22 13:59:23 | 000,012,067 | ---- | C] () -- C:\WINDOWS\System32\SIntf16.dll[2010/12/02 10:22:07 | 000,000,113 | ---- | C] () -- C:\WINDOWS\(null)toolkit.ini[2010/10/29 16:52:54 | 000,140,392 | ---- | C] () -- C:\Documents and Settings\LocalService\Local Settings\Application Data\FontCache3.0.0.0.dat[2010/10/28 22:12:50 | 000,051,548 | -H-- | C] () -- C:\WINDOWS\System32\mlfcache.dat[2010/06/19 09:03:33 | 000,204,800 | ---- | C] () -- C:\WINDOWS\System32\igfxCoIn_v4764.dll[2010/02/24 10:13:47 | 000,000,634 | ---- | C] () -- C:\Documents and Settings\kelvin\Local Settings\Application Data\fw_start.bat[2008/10/10 16:54:03 | 000,000,182 | ---- | C] () -- C:\Documents and Settings\kelvin\Local Settings\Application Data\starterapplet.properties[2008/06/23 13:02:02 | 000,097,410 | R--- | C] () -- C:\Documents and Settings\All Users\Application Data\DeviceManager.xml.rc4[2008/05/23 17:48:50 | 000,020,270 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\DeviceInstaller.xml[2007/10/08 19:29:17 | 000,001,353 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\QTSBandwidthCache[2007/05/13 15:44:35 | 000,765,952 | ---- | C] () -- C:\WINDOWS\System32\xvidcore.dll[2007/05/13 15:44:34 | 000,180,224 | ---- | C] () -- C:\WINDOWS\System32\xvidvfw.dll[2007/05/13 15:44:33 | 003,596,288 | ---- | C] () -- C:\WINDOWS\System32\qt-dx331.dll[2007/05/13 15:44:29 | 000,010,752 | ---- | C] () -- C:\WINDOWS\System32\ff_vfw.dll[2007/02/18 17:41:32 | 000,012,288 | ---- | C] () -- C:\Documents and Settings\kelvin\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini[2006/10/10 19:23:20 | 000,000,333 | ---- | C] () -- C:\WINDOWS\wininit.ini[2006/10/10 19:20:50 | 000,000,000 | ---- | C] () -- C:\WINDOWS\nsreg.dat[2006/10/10 19:20:26 | 000,002,914 | ---- | C] () -- C:\WINDOWS\mozver.dat[2006/08/09 17:18:41 | 000,009,867 | ---- | C] () -- C:\WINDOWS\System32\drivers\HOTKEY.sys[2006/08/09 17:17:16 | 000,192,512 | ---- | C] () -- C:\WINDOWS\System32\AegisI5.exe[2006/08/09 17:17:16 | 000,065,536 | ---- | C] () -- C:\WINDOWS\System32\WLTRYSVC.EXE[2006/06/11 19:35:49 | 000,156,672 | R--- | C] () -- C:\WINDOWS\System32\RTLCPAPI.dll[2006/05/30 22:46:25 | 000,000,376 | ---- | C] () -- C:\WINDOWS\ODBC.INI[2006/05/30 06:43:42 | 000,004,161 | ---- | C] () -- C:\WINDOWS\ODBCINST.INI[2006/05/30 06:42:31 | 000,239,144 | ---- | C] () -- C:\WINDOWS\System32\FNTCACHE.DAT[2006/05/29 23:07:16 | 000,001,048 | ---- | C] () -- C:\WINDOWS\System32\drivers\alcxinit.dat[2006/05/29 22:56:41 | 000,002,048 | --S- | C] () -- C:\WINDOWS\bootstat.dat[2006/05/29 22:50:03 | 000,021,640 | ---- | C] () -- C:\WINDOWS\System32\emptyregdb.dat[2004/08/04 20:00:00 | 013,107,200 | ---- | C] () -- C:\WINDOWS\System32\oembios.bin[2004/08/04 20:00:00 | 000,673,088 | ---- | C] () -- C:\WINDOWS\System32\mlang.dat[2004/08/04 20:00:00 | 000,462,886 | ---- | C] () -- C:\WINDOWS\System32\perfh009.dat[2004/08/04 20:00:00 | 000,272,128 | ---- | C] () -- C:\WINDOWS\System32\perfi009.dat[2004/08/04 20:00:00 | 000,218,003 | ---- | C] () -- C:\WINDOWS\System32\dssec.dat[2004/08/04 20:00:00 | 000,080,518 | ---- | C] () -- C:\WINDOWS\System32\perfc009.dat[2004/08/04 20:00:00 | 000,046,258 | ---- | C] () -- C:\WINDOWS\System32\mib.bin[2004/08/04 20:00:00 | 000,028,626 | ---- | C] () -- C:\WINDOWS\System32\perfd009.dat[2004/08/04 20:00:00 | 000,004,569 | ---- | C] () -- C:\WINDOWS\System32\secupd.dat[2004/08/04 20:00:00 | 000,004,461 | ---- | C] () -- C:\WINDOWS\System32\oembios.dat[2004/08/04 20:00:00 | 000,001,804 | ---- | C] () -- C:\WINDOWS\System32\dcache.bin[2004/08/04 20:00:00 | 000,000,741 | ---- | C] () -- C:\WINDOWS\System32\noise.dat[2003/01/07 15:05:08 | 000,002,695 | ---- | C] () -- C:\WINDOWS\System32\OUTLPERF.INI========== Alternate Data Streams ==========@Alternate Data Stream - 111 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:53C9FE0C< End of report > Link to post Share on other sites More sharing options...
Elise Posted December 14, 2011 ID:504923 Share Posted December 14, 2011 Hi again,Please download the TDSS Rootkit Removing Tool (TDSSKiller.exe) and save it to your Desktop. <-Important!!!Double-click on TDSSKiller.exe to run the tool for known TDSS variants.Vista/Windows 7 users right-click and select Run As Administrator.If TDSSKiller does not run, try renaming it. To do this, right-click on TDSSKiller.exe, select Rename and give it a random name with the .com file extension (i.e. 123abc.com). If you do not see the file extension, please refer to How to change the file extension.Click the Start Scan button.Do not use the computer during the scanIf the scan completes with nothing found, click Close to exit.If malicious objects are found, they will show in the Scan results - Select action for found objects and offer three options.Ensure Cure (default) is selected, then click Continue > Reboot now to finish the cleaning process.A log file named TDSSKiller_version_date_time_log.txt (i.e. TDSSKiller.2.4.0.0_27.07.2010_09.o7.26_log.txt) will be created and saved to the root directory (usually Local Disk C:).Copy and paste the contents of that file in your next reply. Link to post Share on other sites More sharing options...
Darkness Posted December 15, 2011 Author ID:505270 Share Posted December 15, 2011 20:00:25.0812 2028 TDSS rootkit removing tool 2.6.23.0 Dec 13 2011 10:39:3120:00:27.0468 2028 ============================================================20:00:27.0468 2028 Current date / time: 2011/12/09 20:00:27.046820:00:27.0468 2028 SystemInfo:20:00:27.0484 2028 20:00:27.0484 2028 OS Version: 5.1.2600 ServicePack: 3.020:00:27.0484 2028 Product type: Workstation20:00:27.0484 2028 ComputerName: JUSTIN-743CC73920:00:27.0484 2028 UserName: kelvin20:00:27.0484 2028 Windows directory: C:\WINDOWS20:00:27.0484 2028 System windows directory: C:\WINDOWS20:00:27.0484 2028 Processor architecture: Intel x8620:00:27.0484 2028 Number of processors: 120:00:27.0484 2028 Page size: 0x100020:00:27.0484 2028 Boot type: Normal boot20:00:27.0484 2028 ============================================================20:00:30.0421 2028 Initialize success20:00:34.0031 4088 ============================================================20:00:34.0031 4088 Scan started20:00:34.0031 4088 Mode: Manual; 20:00:34.0031 4088 ============================================================20:00:36.0656 4088 Aavmker4 (b6de0336f9f4b687b4ff57939f7b657a) C:\WINDOWS\system32\drivers\Aavmker4.sys20:00:36.0656 4088 Aavmker4 - ok20:00:36.0734 4088 Abiosdsk - ok20:00:36.0812 4088 abp480n5 - ok20:00:36.0937 4088 ACPI (8fd99680a539792a30e97944fdaecf17) C:\WINDOWS\system32\DRIVERS\ACPI.sys20:00:36.0937 4088 ACPI - ok20:00:37.0078 4088 ACPIEC (9859c0f6936e723e4892d7141b1327d5) C:\WINDOWS\system32\DRIVERS\ACPIEC.sys20:00:37.0078 4088 ACPIEC - ok20:00:37.0140 4088 adpu160m - ok20:00:37.0250 4088 aec (8bed39e3c35d6a489438b8141717a557) C:\WINDOWS\system32\drivers\aec.sys20:00:37.0250 4088 aec - ok20:00:37.0359 4088 AegisP (2c5c22990156a1063e19ad162191dc1d) C:\WINDOWS\system32\DRIVERS\AegisP.sys20:00:37.0359 4088 AegisP - ok20:00:37.0468 4088 AFD (1e44bc1e83d8fd2305f8d452db109cf9) C:\WINDOWS\System32\drivers\afd.sys20:00:37.0484 4088 AFD - ok20:00:37.0562 4088 Aha154x - ok20:00:37.0640 4088 aic78u2 - ok20:00:37.0734 4088 aic78xx - ok20:00:37.0953 4088 ALCXWDM (95aa37bec6c72c277c2caeaee736dd2d) C:\WINDOWS\system32\drivers\ALCXWDM.SYS20:00:38.0062 4088 ALCXWDM - ok20:00:38.0156 4088 AliIde - ok20:00:38.0234 4088 amsint - ok20:00:38.0375 4088 AR5211 (67f7d2c3a9265ee0534e36fe952f2ac4) C:\WINDOWS\system32\DRIVERS\ar5211.sys20:00:38.0390 4088 AR5211 - ok20:00:38.0484 4088 asc - ok20:00:38.0531 4088 asc3350p - ok20:00:38.0593 4088 asc3550 - ok20:00:38.0703 4088 aswFsBlk (054df24c92b55427e0757cfff160e4f2) C:\WINDOWS\system32\drivers\aswFsBlk.sys20:00:38.0703 4088 aswFsBlk - ok20:00:38.0828 4088 aswMon2 (ef0e9ad83380724bd6fbbb51d2d0f5b8) C:\WINDOWS\system32\drivers\aswMon2.sys20:00:38.0828 4088 aswMon2 - ok20:00:38.0937 4088 aswRdr (352d5a48ebab35a7693b048679304831) C:\WINDOWS\system32\drivers\aswRdr.sys20:00:38.0937 4088 aswRdr - ok20:00:39.0109 4088 aswSnx (8d34d2b24297e27d93e847319abfdec4) C:\WINDOWS\system32\drivers\aswSnx.sys20:00:39.0125 4088 aswSnx - ok20:00:39.0250 4088 aswSP (010012597333da1f46c3243f33f8409e) C:\WINDOWS\system32\drivers\aswSP.sys20:00:39.0281 4088 aswSP - ok20:00:39.0390 4088 aswTdi (f9f84364416658e9786235904d448d37) C:\WINDOWS\system32\drivers\aswTdi.sys20:00:39.0390 4088 aswTdi - ok20:00:39.0515 4088 AsyncMac (b153affac761e7f5fcfa822b9c4e97bc) C:\WINDOWS\system32\DRIVERS\asyncmac.sys20:00:39.0515 4088 AsyncMac - ok20:00:39.0625 4088 atapi (9f3a2f5aa6875c72bf062c712cfa2674) C:\WINDOWS\system32\DRIVERS\atapi.sys20:00:39.0625 4088 atapi - ok20:00:39.0703 4088 Atdisk - ok20:00:39.0812 4088 Atmarpc (9916c1225104ba14794209cfa8012159) C:\WINDOWS\system32\DRIVERS\atmarpc.sys20:00:39.0812 4088 Atmarpc - ok20:00:39.0921 4088 audstub (d9f724aa26c010a217c97606b160ed68) C:\WINDOWS\system32\DRIVERS\audstub.sys20:00:39.0921 4088 audstub - ok20:00:40.0046 4088 Beep (da1f27d85e0d1525f6621372e7b685e9) C:\WINDOWS\system32\drivers\Beep.sys20:00:40.0046 4088 Beep - ok20:00:40.0187 4088 camvid20 (5f68a3ab60262e3bf5b5c6c926e53525) C:\WINDOWS\system32\DRIVERS\camdrv21.sys20:00:40.0203 4088 camvid20 - ok20:00:40.0312 4088 cbidf2k (90a673fc8e12a79afbed2576f6a7aaf9) C:\WINDOWS\system32\drivers\cbidf2k.sys20:00:40.0312 4088 cbidf2k - ok20:00:40.0437 4088 CCDECODE (0be5aef125be881c4f854c554f2b025c) C:\WINDOWS\system32\DRIVERS\CCDECODE.sys20:00:40.0437 4088 CCDECODE - ok20:00:40.0531 4088 cd20xrnt - ok20:00:40.0625 4088 Cdaudio (c1b486a7658353d33a10cc15211a873b) C:\WINDOWS\system32\drivers\Cdaudio.sys20:00:40.0625 4088 Cdaudio - ok20:00:40.0750 4088 Cdfs (c885b02847f5d2fd45a24e219ed93b32) C:\WINDOWS\system32\drivers\Cdfs.sys20:00:40.0750 4088 Cdfs - ok20:00:40.0875 4088 Cdrom (1f4260cc5b42272d71f79e570a27a4fe) C:\WINDOWS\system32\DRIVERS\cdrom.sys20:00:40.0875 4088 Cdrom - ok20:00:40.0953 4088 Changer - ok20:00:41.0062 4088 CmBatt (0f6c187d38d98f8df904589a5f94d411) C:\WINDOWS\system32\DRIVERS\CmBatt.sys20:00:41.0062 4088 CmBatt - ok20:00:41.0140 4088 CmdIde - ok20:00:41.0250 4088 Compbatt (6e4c9f21f0fae8940661144f41b13203) C:\WINDOWS\system32\DRIVERS\compbatt.sys20:00:41.0250 4088 Compbatt - ok20:00:41.0343 4088 Cpqarray - ok20:00:41.0421 4088 dac2w2k - ok20:00:41.0484 4088 dac960nt - ok20:00:41.0578 4088 Disk (044452051f3e02e7963599fc8f4f3e25) C:\WINDOWS\system32\DRIVERS\disk.sys20:00:41.0578 4088 Disk - ok20:00:41.0734 4088 dmboot (d992fe1274bde0f84ad826acae022a41) C:\WINDOWS\system32\drivers\dmboot.sys20:00:41.0781 4088 dmboot - ok20:00:41.0890 4088 dmio (7c824cf7bbde77d95c08005717a95f6f) C:\WINDOWS\system32\drivers\dmio.sys20:00:41.0890 4088 dmio - ok20:00:42.0015 4088 dmload (e9317282a63ca4d188c0df5e09c6ac5f) C:\WINDOWS\system32\drivers\dmload.sys20:00:42.0015 4088 dmload - ok20:00:42.0125 4088 DMusic (8a208dfcf89792a484e76c40e5f50b45) C:\WINDOWS\system32\drivers\DMusic.sys20:00:42.0125 4088 DMusic - ok20:00:42.0218 4088 dpti2o - ok20:00:42.0328 4088 drmkaud (8f5fcff8e8848afac920905fbd9d33c8) C:\WINDOWS\system32\drivers\drmkaud.sys20:00:42.0343 4088 drmkaud - ok20:00:42.0406 4088 EagleNT - ok20:00:42.0718 4088 EagleXNt - ok20:00:42.0875 4088 Fastfat (38d332a6d56af32635675f132548343e) C:\WINDOWS\system32\drivers\Fastfat.sys20:00:42.0890 4088 Fastfat - ok20:00:43.0000 4088 Fdc (92cdd60b6730b9f50f6a1a0c1f8cdc81) C:\WINDOWS\system32\drivers\Fdc.sys20:00:43.0000 4088 Fdc - ok20:00:43.0109 4088 Fips (d45926117eb9fa946a6af572fbe1caa3) C:\WINDOWS\system32\drivers\Fips.sys20:00:43.0109 4088 Fips - ok20:00:43.0218 4088 Flpydisk (9d27e7b80bfcdf1cdd9b555862d5e7f0) C:\WINDOWS\system32\drivers\Flpydisk.sys20:00:43.0218 4088 Flpydisk - ok20:00:43.0343 4088 FltMgr (b2cf4b0786f8212cb92ed2b50c6db6b0) C:\WINDOWS\system32\drivers\fltmgr.sys20:00:43.0343 4088 FltMgr - ok20:00:43.0453 4088 Fs_Rec (3e1e2bd4f39b0e2b7dc4f4d2bcc2779a) C:\WINDOWS\system32\drivers\Fs_Rec.sys20:00:43.0453 4088 Fs_Rec - ok20:00:43.0859 4088 Ftdisk (6ac26732762483366c3969c9e4d2259d) C:\WINDOWS\system32\DRIVERS\ftdisk.sys20:00:43.0859 4088 Ftdisk - ok20:00:43.0968 4088 Gpc (0a02c63c8b144bd8c86b103dee7c86a2) C:\WINDOWS\system32\DRIVERS\msgpc.sys20:00:43.0968 4088 Gpc - ok20:00:44.0109 4088 HidUsb (ccf82c5ec8a7326c3066de870c06daf1) C:\WINDOWS\system32\DRIVERS\hidusb.sys20:00:44.0109 4088 HidUsb - ok20:00:44.0234 4088 Hotkey (8b566ea71d5b76157a9cdb78f25a5731) C:\WINDOWS\system32\drivers\Hotkey.sys20:00:44.0234 4088 Hotkey - ok20:00:44.0312 4088 hpn - ok20:00:44.0437 4088 HSFHWICH (9e99aad9cfea338cef2eb6bcf2d9b524) C:\WINDOWS\system32\DRIVERS\HSFHWICH.sys20:00:44.0468 4088 HSFHWICH - ok20:00:44.0609 4088 HSF_DPV (5a5a7721d9c62d77fc0faba9b2cf5be9) C:\WINDOWS\system32\DRIVERS\HSF_DPV.sys20:00:44.0671 4088 HSF_DPV - ok20:00:45.0359 4088 HTTP (f80a415ef82cd06ffaf0d971528ead38) C:\WINDOWS\system32\Drivers\HTTP.sys20:00:45.0468 4088 HTTP - ok20:00:45.0640 4088 hwdatacard (07853191b1bdee5b39be4cfcfe3b9ad4) C:\WINDOWS\system32\DRIVERS\ewusbmdm.sys20:00:45.0656 4088 hwdatacard - ok20:00:46.0390 4088 i2omgmt - ok20:00:46.0468 4088 i2omp - ok20:00:46.0593 4088 i8042prt (5502b58eef7486ee6f93f3f164dcb808) C:\WINDOWS\system32\DRIVERS\i8042prt.sys20:00:46.0593 4088 i8042prt - ok20:00:47.0250 4088 ialm (2aae7be67911f4aec9ad28e9cfb9096f) C:\WINDOWS\system32\DRIVERS\igxpmp32.sys20:00:47.0968 4088 ialm - ok20:00:48.0078 4088 Imapi (083a052659f5310dd8b6a6cb05edcf8e) C:\WINDOWS\system32\DRIVERS\imapi.sys20:00:48.0078 4088 Imapi - ok20:00:48.0203 4088 ini910u - ok20:00:48.0312 4088 IntelIde (b5466a9250342a7aa0cd1fba13420678) C:\WINDOWS\system32\DRIVERS\intelide.sys20:00:48.0328 4088 IntelIde - ok20:00:48.0406 4088 intelppm (8c953733d8f36eb2133f5bb58808b66b) C:\WINDOWS\system32\DRIVERS\intelppm.sys20:00:48.0406 4088 intelppm - ok20:00:48.0515 4088 Ip6Fw (3bb22519a194418d5fec05d800a19ad0) C:\WINDOWS\system32\drivers\ip6fw.sys20:00:48.0515 4088 Ip6Fw - ok20:00:48.0609 4088 IpFilterDriver (731f22ba402ee4b62748adaf6363c182) C:\WINDOWS\system32\DRIVERS\ipfltdrv.sys20:00:48.0625 4088 IpFilterDriver - ok20:00:48.0718 4088 IpInIp (b87ab476dcf76e72010632b5550955f5) C:\WINDOWS\system32\DRIVERS\ipinip.sys20:00:48.0718 4088 IpInIp - ok20:00:48.0859 4088 IpNat (cc748ea12c6effde940ee98098bf96bb) C:\WINDOWS\system32\DRIVERS\ipnat.sys20:00:48.0859 4088 IpNat - ok20:00:49.0562 4088 IPSec (23c74d75e36e7158768dd63d92789a91) C:\WINDOWS\system32\DRIVERS\ipsec.sys20:00:49.0562 4088 IPSec - ok20:00:49.0671 4088 IRENUM (c93c9ff7b04d772627a3646d89f7bf89) C:\WINDOWS\system32\DRIVERS\irenum.sys20:00:49.0687 4088 IRENUM - ok20:00:49.0796 4088 isapnp (e504f706ccb699c2596e9a3da1596e87) C:\WINDOWS\system32\DRIVERS\isapnp.sys20:00:49.0796 4088 isapnp - ok20:00:50.0515 4088 Kbdclass (463c1ec80cd17420a542b7f36a36f128) C:\WINDOWS\system32\DRIVERS\kbdclass.sys20:00:50.0515 4088 Kbdclass - ok20:00:50.0890 4088 kbdhid (9ef487a186dea361aa06913a75b3fa99) C:\WINDOWS\system32\DRIVERS\kbdhid.sys20:00:50.0890 4088 kbdhid - ok20:00:51.0078 4088 kmixer (692bcf44383d056aed41b045a323d378) C:\WINDOWS\system32\drivers\kmixer.sys20:00:51.0093 4088 kmixer - ok20:00:51.0203 4088 KSecDD (b467646c54cc746128904e1654c750c1) C:\WINDOWS\system32\drivers\KSecDD.sys20:00:51.0203 4088 KSecDD - ok20:00:51.0281 4088 lbrtfdc - ok20:00:51.0343 4088 mailKmd - ok20:00:51.0437 4088 mdmxsdk (e246a32c445056996074a397da56e815) C:\WINDOWS\system32\DRIVERS\mdmxsdk.sys20:00:51.0437 4088 mdmxsdk - ok20:00:51.0640 4088 Mkd2kfNt (6f4d79ea861137ef2f9078e265c2aa83) C:\WINDOWS\system32\drivers\Mkd2kfNt.sys20:00:51.0640 4088 Mkd2kfNt - ok20:00:51.0750 4088 Mkd2Nadr (fe7925784f6801e983b41ec118ef62ac) C:\WINDOWS\system32\drivers\Mkd2Nadr.sys20:00:51.0765 4088 Mkd2Nadr - ok20:00:51.0875 4088 mnmdd (4ae068242760a1fb6e1a44bf4e16afa6) C:\WINDOWS\system32\drivers\mnmdd.sys20:00:51.0875 4088 mnmdd - ok20:00:52.0015 4088 Modem (dfcbad3cec1c5f964962ae10e0bcc8e1) C:\WINDOWS\system32\drivers\Modem.sys20:00:52.0015 4088 Modem - ok20:00:52.0125 4088 Mouclass (35c9e97194c8cfb8430125f8dbc34d04) C:\WINDOWS\system32\DRIVERS\mouclass.sys20:00:52.0125 4088 Mouclass - ok20:00:52.0218 4088 mouhid (b1c303e17fb9d46e87a98e4ba6769685) C:\WINDOWS\system32\DRIVERS\mouhid.sys20:00:52.0218 4088 mouhid - ok20:00:52.0312 4088 MountMgr (a80b9a0bad1b73637dbcbba7df72d3fd) C:\WINDOWS\system32\drivers\MountMgr.sys20:00:52.0312 4088 MountMgr - ok20:00:52.0390 4088 mraid35x - ok20:00:52.0515 4088 MRxDAV (11d42bb6206f33fbb3ba0288d3ef81bd) C:\WINDOWS\system32\DRIVERS\mrxdav.sys20:00:52.0531 4088 MRxDAV - ok20:00:52.0656 4088 MRxSmb (7d304a5eb4344ebeeab53a2fe3ffb9f0) C:\WINDOWS\system32\DRIVERS\mrxsmb.sys20:00:52.0656 4088 MRxSmb - ok20:00:52.0781 4088 Msfs (c941ea2454ba8350021d774daf0f1027) C:\WINDOWS\system32\drivers\Msfs.sys20:00:52.0781 4088 Msfs - ok20:00:52.0906 4088 MSKSSRV (d1575e71568f4d9e14ca56b7b0453bf1) C:\WINDOWS\system32\drivers\MSKSSRV.sys20:00:52.0906 4088 MSKSSRV - ok20:00:53.0187 4088 MSPCLOCK (325bb26842fc7ccc1fcce2c457317f3e) C:\WINDOWS\system32\drivers\MSPCLOCK.sys20:00:53.0187 4088 MSPCLOCK - ok20:00:53.0296 4088 MSPQM (bad59648ba099da4a17680b39730cb3d) C:\WINDOWS\system32\drivers\MSPQM.sys20:00:53.0296 4088 MSPQM - ok20:00:53.0390 4088 mssmbios (af5f4f3f14a8ea2c26de30f7a1e17136) C:\WINDOWS\system32\DRIVERS\mssmbios.sys20:00:53.0390 4088 mssmbios - ok20:00:53.0500 4088 MSTEE (e53736a9e30c45fa9e7b5eac55056d1d) C:\WINDOWS\system32\drivers\MSTEE.sys20:00:53.0500 4088 MSTEE - ok20:00:53.0609 4088 Mup (de6a75f5c270e756c5508d94b6cf68f5) C:\WINDOWS\system32\drivers\Mup.sys20:00:53.0625 4088 Mup - ok20:00:53.0734 4088 NABTSFEC (5b50f1b2a2ed47d560577b221da734db) C:\WINDOWS\system32\DRIVERS\NABTSFEC.sys20:00:53.0734 4088 NABTSFEC - ok20:00:53.0953 4088 NDIS (1df7f42665c94b825322fae71721130d) C:\WINDOWS\system32\drivers\NDIS.sys20:00:53.0968 4088 NDIS - ok20:00:54.0078 4088 NdisIP (7ff1f1fd8609c149aa432f95a8163d97) C:\WINDOWS\system32\DRIVERS\NdisIP.sys20:00:54.0078 4088 NdisIP - ok20:00:54.0281 4088 NdisTapi (0109c4f3850dfbab279542515386ae22) C:\WINDOWS\system32\DRIVERS\ndistapi.sys20:00:54.0281 4088 NdisTapi - ok20:00:54.0390 4088 Ndisuio (f927a4434c5028758a842943ef1a3849) C:\WINDOWS\system32\DRIVERS\ndisuio.sys20:00:54.0390 4088 Ndisuio - ok20:00:54.0781 4088 NdisWan (edc1531a49c80614b2cfda43ca8659ab) C:\WINDOWS\system32\DRIVERS\ndiswan.sys20:00:54.0781 4088 NdisWan - ok20:00:54.0890 4088 NDProxy (9282bd12dfb069d3889eb3fcc1000a9b) C:\WINDOWS\system32\drivers\NDProxy.sys20:00:54.0906 4088 NDProxy - ok20:00:55.0000 4088 NetBIOS (5d81cf9a2f1a3a756b66cf684911cdf0) C:\WINDOWS\system32\DRIVERS\netbios.sys20:00:55.0015 4088 NetBIOS - ok20:00:55.0125 4088 NetBT (74b2b2f5bea5e9a3dc021d685551bd3d) C:\WINDOWS\system32\DRIVERS\netbt.sys20:00:55.0125 4088 NetBT - ok20:00:55.0281 4088 Npfs (3182d64ae053d6fb034f44b6def8034a) C:\WINDOWS\system32\drivers\Npfs.sys20:00:55.0281 4088 Npfs - ok20:00:55.0359 4088 npkcrypt - ok20:00:55.0500 4088 Ntfs (78a08dd6a8d65e697c18e1db01c5cdca) C:\WINDOWS\system32\drivers\Ntfs.sys20:00:55.0531 4088 Ntfs - ok20:00:55.0640 4088 Null (73c1e1f395918bc2c6dd67af7591a3ad) C:\WINDOWS\system32\drivers\Null.sys20:00:55.0640 4088 Null - ok20:00:55.0750 4088 NwlnkFlt (b305f3fad35083837ef46a0bbce2fc57) C:\WINDOWS\system32\DRIVERS\nwlnkflt.sys20:00:55.0750 4088 NwlnkFlt - ok20:00:55.0890 4088 NwlnkFwd (c99b3415198d1aab7227f2c88fd664b9) C:\WINDOWS\system32\DRIVERS\nwlnkfwd.sys20:00:55.0890 4088 NwlnkFwd - ok20:00:56.0000 4088 Parport (5575faf8f97ce5e713d108c2a58d7c7c) C:\WINDOWS\system32\drivers\Parport.sys20:00:56.0015 4088 Parport - ok20:00:56.0125 4088 PartMgr (beb3ba25197665d82ec7065b724171c6) C:\WINDOWS\system32\drivers\PartMgr.sys20:00:56.0125 4088 PartMgr - ok20:00:56.0218 4088 ParVdm (70e98b3fd8e963a6a46a2e6247e0bea1) C:\WINDOWS\system32\drivers\ParVdm.sys20:00:56.0218 4088 ParVdm - ok20:00:56.0343 4088 PCI (8086d9979234b603ad5bc2f5d890b234) C:\WINDOWS\system32\DRIVERS\pci.sys20:00:56.0343 4088 PCI - ok20:00:56.0421 4088 PCIDump - ok20:00:56.0531 4088 PCIIde (ccf5f451bb1a5a2a522a76e670000ff0) C:\WINDOWS\system32\DRIVERS\pciide.sys20:00:56.0531 4088 PCIIde - ok20:00:56.0656 4088 Pcmcia (9e89ef60e9ee05e3f2eef2da7397f1c1) C:\WINDOWS\system32\DRIVERS\pcmcia.sys20:00:56.0656 4088 Pcmcia - ok20:00:56.0750 4088 PDCOMP - ok20:00:56.0828 4088 PDFRAME - ok20:00:56.0906 4088 PDRELI - ok20:00:56.0984 4088 PDRFRAME - ok20:00:57.0062 4088 perc2 - ok20:00:57.0140 4088 perc2hib - ok20:00:57.0281 4088 POWERKEY (582099b89753bdc29db151e73c3fd4d9) C:\Program Files\Launch Manager\POWERKEY.sys20:00:57.0281 4088 POWERKEY - ok20:00:57.0390 4088 PptpMiniport (efeec01b1d3cf84f16ddd24d9d9d8f99) C:\WINDOWS\system32\DRIVERS\raspptp.sys20:00:57.0390 4088 PptpMiniport - ok20:00:57.0500 4088 PSched (09298ec810b07e5d582cb3a3f9255424) C:\WINDOWS\system32\DRIVERS\psched.sys20:00:57.0500 4088 PSched - ok20:00:57.0609 4088 Ptilink (80d317bd1c3dbc5d4fe7b1678c60cadd) C:\WINDOWS\system32\DRIVERS\ptilink.sys20:00:57.0609 4088 Ptilink - ok20:00:57.0687 4088 ql1080 - ok20:00:57.0781 4088 Ql10wnt - ok20:00:57.0875 4088 ql12160 - ok20:00:57.0953 4088 ql1240 - ok20:00:58.0031 4088 ql1280 - ok20:00:58.0140 4088 RasAcd (fe0d99d6f31e4fad8159f690d68ded9c) C:\WINDOWS\system32\DRIVERS\rasacd.sys20:00:58.0140 4088 RasAcd - ok20:00:58.0265 4088 Rasl2tp (11b4a627bc9614b885c4969bfa5ff8a6) C:\WINDOWS\system32\DRIVERS\rasl2tp.sys20:00:58.0265 4088 Rasl2tp - ok20:00:58.0375 4088 RasPppoe (5bc962f2654137c9909c3d4603587dee) C:\WINDOWS\system32\DRIVERS\raspppoe.sys20:00:58.0375 4088 RasPppoe - ok20:00:58.0484 4088 Raspti (fdbb1d60066fcfbb7452fd8f9829b242) C:\WINDOWS\system32\DRIVERS\raspti.sys20:00:58.0484 4088 Raspti - ok20:00:58.0593 4088 Rdbss (7ad224ad1a1437fe28d89cf22b17780a) C:\WINDOWS\system32\DRIVERS\rdbss.sys20:00:58.0593 4088 Rdbss - ok20:00:58.0687 4088 RDPCDD (4912d5b403614ce99c28420f75353332) C:\WINDOWS\system32\DRIVERS\RDPCDD.sys20:00:58.0687 4088 RDPCDD - ok20:00:58.0828 4088 RDPWD (fc105dd312ed64eb66bff111e8ec6eac) C:\WINDOWS\system32\drivers\RDPWD.sys20:00:58.0843 4088 RDPWD - ok20:00:58.0953 4088 redbook (f828dd7e1419b6653894a8f97a0094c5) C:\WINDOWS\system32\DRIVERS\redbook.sys20:00:58.0953 4088 redbook - ok20:00:59.0093 4088 RTL8023xp (38fac1b0058bbe460de2b7900182bbda) C:\WINDOWS\system32\DRIVERS\Rtnicxp.sys20:00:59.0093 4088 RTL8023xp - ok20:00:59.0218 4088 rtl8139 (d507c1400284176573224903819ffda3) C:\WINDOWS\system32\DRIVERS\RTL8139.SYS20:00:59.0218 4088 rtl8139 - ok20:00:59.0578 4088 Secdrv (90a3935d05b494a5a39d37e71f09a677) C:\WINDOWS\system32\DRIVERS\secdrv.sys20:00:59.0578 4088 Secdrv - ok20:00:59.0703 4088 Serial (cca207a8896d4c6a0c9ce29a4ae411a7) C:\WINDOWS\system32\drivers\Serial.sys20:00:59.0703 4088 Serial - ok20:00:59.0828 4088 Sfloppy (8e6b8c671615d126fdc553d1e2de5562) C:\WINDOWS\system32\drivers\Sfloppy.sys20:00:59.0828 4088 Sfloppy - ok20:00:59.0906 4088 Simbad - ok20:01:00.0000 4088 SLIP (866d538ebe33709a5c9f5c62b73b7d14) C:\WINDOWS\system32\DRIVERS\SLIP.sys20:01:00.0000 4088 SLIP - ok20:01:00.0078 4088 Sparrow - ok20:01:00.0156 4088 splitter (ab8b92451ecb048a4d1de7c3ffcb4a9f) C:\WINDOWS\system32\drivers\splitter.sys20:01:00.0171 4088 splitter - ok20:01:00.0437 4088 sr (76bb022c2fb6902fd5bdd4f78fc13a5d) C:\WINDOWS\system32\DRIVERS\sr.sys20:01:00.0437 4088 sr - ok20:01:00.0703 4088 Srv (47ddfc2f003f7f9f0592c6874962a2e7) C:\WINDOWS\system32\DRIVERS\srv.sys20:01:00.0734 4088 Srv - ok20:01:00.0843 4088 streamip (77813007ba6265c4b6098187e6ed79d2) C:\WINDOWS\system32\DRIVERS\StreamIP.sys20:01:00.0843 4088 streamip - ok20:01:00.0953 4088 swenum (3941d127aef12e93addf6fe6ee027e0f) C:\WINDOWS\system32\DRIVERS\swenum.sys20:01:00.0968 4088 swenum - ok20:01:01.0062 4088 swmidi (94abc808fc4b6d7d2bbf42b85e25bb4d) C:\WINDOWS\system32\drivers\swmidi.sys20:01:01.0078 4088 swmidi - ok20:01:01.0156 4088 symc810 - ok20:01:01.0234 4088 symc8xx - ok20:01:01.0312 4088 sym_hi - ok20:01:01.0390 4088 sym_u3 - ok20:01:01.0765 4088 SynTP (062e75f20d9bdca40344d85262f74748) C:\WINDOWS\system32\DRIVERS\SynTP.sys20:01:01.0765 4088 SynTP - ok20:01:01.0875 4088 sysaudio (650ad082d46bac0e64c9c0e0928492fd) C:\WINDOWS\system32\drivers\sysaudio.sys20:01:01.0875 4088 sysaudio - ok20:01:02.0015 4088 Tcpip (9aefa14bd6b182d61e3119fa5f436d3d) C:\WINDOWS\system32\DRIVERS\tcpip.sys20:01:02.0031 4088 Tcpip - ok20:01:02.0140 4088 TDPIPE (6471a66807f5e104e4885f5b67349397) C:\WINDOWS\system32\drivers\TDPIPE.sys20:01:02.0140 4088 TDPIPE - ok20:01:02.0250 4088 TDTCP (c56b6d0402371cf3700eb322ef3aaf61) C:\WINDOWS\system32\drivers\TDTCP.sys20:01:02.0250 4088 TDTCP - ok20:01:02.0359 4088 TermDD (88155247177638048422893737429d9e) C:\WINDOWS\system32\DRIVERS\termdd.sys20:01:02.0359 4088 TermDD - ok20:01:02.0453 4088 TosIde - ok20:01:02.0578 4088 Udfs (5787b80c2e3c5e2f56c2a233d91fa2c9) C:\WINDOWS\system32\drivers\Udfs.sys20:01:02.0578 4088 Udfs - ok20:01:02.0640 4088 ultra - ok20:01:02.0765 4088 Update (402ddc88356b1bac0ee3dd1580c76a31) C:\WINDOWS\system32\DRIVERS\update.sys20:01:02.0796 4088 Update - ok20:01:02.0906 4088 usbaudio (45a0d14b26c35497ad93bce7e15c9941) C:\WINDOWS\system32\drivers\usbaudio.sys20:01:02.0921 4088 usbaudio - ok20:01:03.0015 4088 usbccgp (173f317ce0db8e21322e71b7e60a27e8) C:\WINDOWS\system32\DRIVERS\usbccgp.sys20:01:03.0015 4088 usbccgp - ok20:01:03.0109 4088 usbehci (65dcf09d0e37d4c6b11b5b0b76d470a7) C:\WINDOWS\system32\DRIVERS\usbehci.sys20:01:03.0125 4088 usbehci - ok20:01:03.0218 4088 usbhub (1ab3cdde553b6e064d2e754efe20285c) C:\WINDOWS\system32\DRIVERS\usbhub.sys20:01:03.0218 4088 usbhub - ok20:01:03.0328 4088 USBSTOR (a32426d9b14a089eaa1d922e0c5801a9) C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS20:01:03.0328 4088 USBSTOR - ok20:01:03.0484 4088 usbuhci (f8fd1400092e23c8f2f31406ef06167b) C:\WINDOWS\system32\DRIVERS\usbuhci.sys20:01:03.0484 4088 usbuhci - ok20:01:03.0609 4088 VgaSave (0d3a8fafceacd8b7625cd549757a7df1) C:\WINDOWS\System32\drivers\vga.sys20:01:03.0609 4088 VgaSave - ok20:01:03.0687 4088 ViaIde - ok20:01:03.0812 4088 VolSnap (4c8fcb5cc53aab716d810740fe59d025) C:\WINDOWS\system32\drivers\VolSnap.sys20:01:03.0828 4088 VolSnap - ok20:01:03.0953 4088 Wanarp (e20b95baedb550f32dd489265c1da1f6) C:\WINDOWS\system32\DRIVERS\wanarp.sys20:01:03.0953 4088 Wanarp - ok20:01:04.0015 4088 Wbutton - ok20:01:04.0078 4088 WDICA - ok20:01:04.0171 4088 wdmaud (6768acf64b18196494413695f0c3a00f) C:\WINDOWS\system32\drivers\wdmaud.sys20:01:04.0484 4088 wdmaud - ok20:01:04.0750 4088 winachsf (e0a00b06ea067c84e124b407dffa1af1) C:\WINDOWS\system32\DRIVERS\HSF_CNXT.sys20:01:05.0109 4088 winachsf - ok20:01:05.0343 4088 WmiAcpi (c42584fd66ce9e17403aebca199f7bdb) C:\WINDOWS\system32\DRIVERS\wmiacpi.sys20:01:05.0343 4088 WmiAcpi - ok20:01:05.0468 4088 WSTCODEC (c98b39829c2bbd34e454150633c62c78) C:\WINDOWS\system32\DRIVERS\WSTCODEC.SYS20:01:05.0468 4088 WSTCODEC - ok20:01:05.0593 4088 WudfPf (50eb9e21963b4f06fd010d007d54351b) C:\WINDOWS\system32\DRIVERS\WudfPf.sys20:01:05.0593 4088 WudfPf - ok20:01:05.0734 4088 WudfRd (6e209664bdea8a15b5e8e480d6c607c2) C:\WINDOWS\system32\DRIVERS\wudfrd.sys20:01:05.0734 4088 WudfRd - ok20:01:05.0781 4088 MBR (0x1B8) (8f558eb6672622401da993e1e865c861) \Device\Harddisk0\DR020:01:06.0203 4088 \Device\Harddisk0\DR0 - ok20:01:06.0218 4088 Boot (0x1200) (ce5a9021514637398ac5dd40102853f6) \Device\Harddisk0\DR0\Partition020:01:06.0218 4088 \Device\Harddisk0\DR0\Partition0 - ok20:01:06.0250 4088 Boot (0x1200) (59e34521924155272b90b4c82c08142e) \Device\Harddisk0\DR0\Partition120:01:06.0250 4088 \Device\Harddisk0\DR0\Partition1 - ok20:01:06.0250 4088 ============================================================20:01:06.0250 4088 Scan finished20:01:06.0250 4088 ============================================================20:01:06.0265 3864 Detected object count: 020:01:06.0265 3864 Actual detected object count: 0 Link to post Share on other sites More sharing options...
Elise Posted December 15, 2011 ID:505276 Share Posted December 15, 2011 Hi, no rootkits found, which is good. COMBOFIX---------------Please download ComboFix from one of these locations:BleepingcomputerForoSpywareDisable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools. (Click on this link to see a list of programs that should be disabled. The list is not all inclusive.)Double click on Combofix.exe and follow the prompts.As part of it's process, ComboFix will check to see if the Microsoft Windows Recovery Console is installed. With malware infections being as they are today, it's strongly recommended to have this pre-installed on your machine before doing any malware removal. It will allow you to boot up into a special recovery/repair mode that will allow us to more easily help you should your computer have a problem after an attempted removal of malware.Follow the prompts to allow ComboFix to download and install the Microsoft Windows Recovery Console, and when prompted, agree to the End-User License Agreement to install the Microsoft Windows Recovery Console.**Please note: If the Microsoft Windows Recovery Console is already installed, or if you are running Vista, ComboFix will continue it's malware removal procedures.Once the Microsoft Windows Recovery Console is installed using ComboFix, you should see the following message:Click on Yes, to continue scanning for malware.When finished, it shall produce a log for you. Please include the C:\Combofix.txt in your next reply. Link to post Share on other sites More sharing options...
Darkness Posted December 16, 2011 Author ID:505619 Share Posted December 16, 2011 Hi, thanks for all of the help. Unfortunately, Combofix will hang and then the whole computer will hang when it is scanning. Link to post Share on other sites More sharing options...
Elise Posted December 16, 2011 ID:505638 Share Posted December 16, 2011 Can you give me the exact location of the combofix.exe file (for example, desktop, downloads folder). Link to post Share on other sites More sharing options...
Darkness Posted December 17, 2011 Author ID:505856 Share Posted December 17, 2011 ComboFix is located at the desktop. Link to post Share on other sites More sharing options...
Elise Posted December 17, 2011 ID:505916 Share Posted December 17, 2011 In that case press Windows key + R, type "%userprofile%\desktop\combofix.exe" /nombr and press enter.Let me know if combofix runs that way. Link to post Share on other sites More sharing options...
Darkness Posted December 18, 2011 Author ID:506095 Share Posted December 18, 2011 Thanks it works. Do I need to include ComboFix-quarantined-files.txt?ComboFix 11-12-17.05 - kelvin 12/17/2011 23:17:48.1.1 - x86Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.758.415 [GMT 8:00]Running from: c:\documents and settings\kelvin\desktop\combofix.exeCommand switches used :: /nombrAV: avast! Antivirus *Disabled/Updated* {7591DB91-41F0-48A3-B128-1A293FD8233D}.WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!..((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))..c:\documents and settings\All Users\Application Data\TEMPc:\windows\system32\_000011_.tmp.dllc:\windows\system32\10efb3e3.dllc:\windows\system32\7ff1988.dll..((((((((((((((((((((((((( Files Created from 2011-11-17 to 2011-12-17 )))))))))))))))))))))))))))))))..2011-11-24 07:34 . 2011-11-24 07:34 414368 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl...(((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))).2011-11-28 18:01 . 2011-06-12 06:59 41184 ----a-w- c:\windows\avastSS.scr2011-11-28 18:01 . 2011-06-12 06:59 199816 ----a-w- c:\windows\system32\aswBoot.exe2011-11-28 17:53 . 2011-06-12 07:00 435032 ----a-w- c:\windows\system32\drivers\aswSnx.sys2011-11-28 17:53 . 2011-06-12 07:00 314456 ----a-w- c:\windows\system32\drivers\aswSP.sys2011-11-28 17:52 . 2011-06-12 07:00 34392 ----a-w- c:\windows\system32\drivers\aswRdr.sys2011-11-28 17:52 . 2011-06-12 07:00 52952 ----a-w- c:\windows\system32\drivers\aswTdi.sys2011-11-28 17:52 . 2011-06-12 07:00 111320 ----a-w- c:\windows\system32\drivers\aswmon2.sys2011-11-28 17:51 . 2011-06-12 07:00 105176 ----a-w- c:\windows\system32\drivers\aswmon.sys2011-11-28 17:51 . 2011-06-12 07:00 20568 ----a-w- c:\windows\system32\drivers\aswFsBlk.sys2011-11-28 17:48 . 2011-06-12 07:00 30808 ----a-w- c:\windows\system32\drivers\aavmker4.sys2011-11-23 13:25 . 2004-08-04 12:00 1859584 ----a-w- c:\windows\system32\win32k.sys2011-11-01 16:07 . 2004-08-04 12:00 1288704 ----a-w- c:\windows\system32\ole32.dll2011-10-28 05:31 . 2004-08-04 12:00 33280 ----a-w- c:\windows\system32\csrsrv.dll2011-10-25 13:33 . 2004-08-04 12:00 2192768 ----a-w- c:\windows\system32\ntoskrnl.exe2011-10-25 12:52 . 2004-08-03 22:59 2069376 ----a-w- c:\windows\system32\ntkrnlpa.exe2011-10-18 11:13 . 2004-08-04 12:00 186880 ----a-w- c:\windows\system32\encdec.dll2011-10-10 14:22 . 2006-05-29 14:50 692736 ----a-w- c:\windows\system32\inetcomm.dll2011-10-05 14:05 . 2010-02-24 02:13 634 ----a-w- c:\documents and settings\kelvin\Local Settings\Application Data\fw_start.bat2011-09-28 07:06 . 2004-08-04 12:00 599040 ----a-w- c:\windows\system32\crypt32.dll2011-09-26 03:41 . 2007-10-09 05:03 611328 ----a-w- c:\windows\system32\uiautomationcore.dll2011-09-26 03:41 . 2004-08-04 12:00 220160 ----a-w- c:\windows\system32\oleacc.dll2011-09-26 03:41 . 2004-08-04 12:00 20480 ----a-w- c:\windows\system32\oleaccrc.dll..------- Sigcheck -------Note: Unsigned files aren't necessarily malware..[7] 2008-04-14 . 9B9F1C38D559047B8AC0DBA2D5FEBDE9 . 4096 . . [5.3.2600.5512] . . c:\windows\ServicePackFiles\i386\ksuser.dll[-] 2004-08-03 . CBCD254547689BFF80C9F547B20911E9 . 4096 . . [5.3.2600.2180] . . c:\windows\$NtServicePackUninstall$\ksuser.dll[-] 2004-08-03 . CBCD254547689BFF80C9F547B20911E9 . 4096 . . [5.3.2600.2180] . . c:\windows\system32\ksuser.dll.[-] 2006-10-18 13:47 . C51B4A5C05A5475708E3C81C7765B71D . 27136 . . [11.0.5721.5145] . . c:\windows\system32\mspmsnsv.dll[-] 2006-10-18 13:47 . C51B4A5C05A5475708E3C81C7765B71D . 27136 . . [11.0.5721.5145] . . c:\windows\system32\dllcache\mspmsnsv.dll[-] 2005-01-28 05:44 . 140EF97B64F560FD78643CAE2CDAD838 . 25088 . . [10.0.3790.3802] . . c:\windows\$NtUninstallWMFDist11$\mspmsnsv.dll[-] 2005-01-28 05:44 . 140EF97B64F560FD78643CAE2CDAD838 . 25088 . . [10.0.3790.3802] . . c:\windows\RegisteredPackages\{30C7234B-6482-4A55-A11D-ECD9030313F2}\MsPMSNSv.dll[-] 2004-08-04 12:00 . C086483E3DBA8C1C0A687EC8D5B3D4C1 . 52224 . . [9.0.1.56] . . c:\windows\RegisteredPackages\{30C7234B-6482-4A55-A11D-ECD9030313F2}$BACKUP$\System\MsPMSNSv.dll.((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))..*Note* empty entries & legit default entries are not shown REGEDIT4.[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\00avast]@="{472083B0-C522-11CF-8763-00608CC02F24}"[HKEY_CLASSES_ROOT\CLSID\{472083B0-C522-11CF-8763-00608CC02F24}]2011-11-28 18:01 122512 ----a-w- c:\program files\AVAST Software\Avast\ashShell.dll.[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]"WMPNSCFG"="c:\program files\Windows Media Player\WMPNSCFG.exe" [2006-10-18 204288].[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]"Broadcom Wireless Manager UI"="c:\windows\system32\WLTRAY" [X]"SynTPLpr"="c:\program files\Synaptics\SynTP\SynTPLpr.exe" [2005-02-04 102490]"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2005-02-04 708698]"IMJPMIG8.1"="c:\windows\IME\imjp8_1\IMJPMIG.EXE" [2004-08-04 208952]"MSPY2002"="c:\windows\system32\IME\PINTLGNT\ImScInst.exe" [2004-08-04 59392]"PHIME2002ASync"="c:\windows\system32\IME\TINTLGNT\TINTSETP.EXE" [2004-08-04 455168]"PHIME2002A"="c:\windows\system32\IME\TINTLGNT\TINTSETP.EXE" [2004-08-04 455168]"SoundMan"="SOUNDMAN.EXE" [2005-04-15 77824]"LaunchAp"="c:\program files\Launch Manager\LaunchAp.exe" [2005-07-25 32768]"PowerKey"="c:\program files\Launch Manager\PowerKey.exe" [2002-08-30 94208]"LManager"="c:\program files\Launch Manager\HotkeyApp.exe" [2005-11-08 69632]"CtrlVol"="c:\program files\Launch Manager\CtrlVol.exe" [2003-09-16 20480]"LMgrOSD"="c:\program files\Launch Manager\OSDCtrl.exe" [2005-07-25 241664]"Wbutton"="c:\program files\Launch Manager\Wbutton.exe" [2005-11-08 81920]"IgfxTray"="c:\windows\system32\igfxtray.exe" [2007-01-13 131072]"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2007-01-13 163840]"Persistence"="c:\windows\system32\igfxpers.exe" [2007-01-13 135168]"avast"="c:\program files\AVAST Software\Avast\avastUI.exe" [2011-11-28 3744552]"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2011-06-06 937920].[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]"DWQueuedReporting"="c:\progra~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" [2007-02-25 437160]"ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2008-04-14 15360].[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WinDefend]@="Service".[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe ARM]2011-06-06 04:55 937920 ----a-w- c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe.[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]2011-09-05 17:04 35736 ----a-w- c:\program files\Adobe\Reader 10.0\Reader\reader_sl.exe.[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MobileConnect]2008-07-04 04:52 2072576 ----a-w- c:\program files\Vodafone\Vodafone Mobile Connect\Bin\MobileConnect.exe.[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Windows Defender]2006-11-03 11:20 866584 ----a-w- c:\program files\Windows Defender\MSASCui.exe.[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WMPNSCFG]2006-10-18 12:05 204288 ------w- c:\program files\Windows Media Player\wmpnscfg.exe.[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]"%windir%\\system32\\sessmgr.exe"="c:\\WINDOWS\\system32\\dpvsetup.exe"="c:\\Program Files\\NetMeeting\\conf.exe"="c:\\Program Files\\Messenger\\msmsgs.exe"="%windir%\\Network Diagnostic\\xpnetdiag.exe"="c:\\Program Files\\Windows Live\\Sync\\WindowsLiveSync.exe"=.R1 aswSnx;aswSnx;c:\windows\system32\drivers\aswSnx.sys [6/12/2011 3:00 PM 435032]R1 aswSP;aswSP;c:\windows\system32\drivers\aswSP.sys [6/12/2011 3:00 PM 314456]R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [6/12/2011 3:00 PM 20568]R2 VMCService;Vodafone Mobile Connect Service;c:\program files\Vodafone\Vodafone Mobile Connect\Bin\VMCService.exe [7/4/2008 12:52 PM 14336]R3 POWERKEY;POWERKEY;c:\program files\Launch Manager\POWERKEY.SYS [8/9/2006 5:18 PM 2343]S1 mailKmd;mailKmd; [x]S2 gupdate;Google Update Service (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [12/24/2010 9:37 AM 136176]S3 camvid20;Philips ToUcam Camera; Video;c:\windows\system32\drivers\camdrv21.sys [8/9/2006 5:33 PM 223232]S3 EagleXNt;EagleXNt;\??\c:\windows\system32\drivers\EagleXNt.sys --> c:\windows\system32\drivers\EagleXNt.sys [?]S3 gupdatem;Google Update Service (gupdatem);c:\program files\Google\Update\GoogleUpdate.exe [12/24/2010 9:37 AM 136176]S3 MatSvc;Microsoft Automated Troubleshooting Service;c:\program files\Microsoft Fix it Center\Matsvc.exe [4/10/2010 5:05 PM 266544]S3 Mkd2kfNt;Mkd2kfNt;c:\windows\system32\drivers\Mkd2kfNT.sys [4/22/2009 2:49 PM 133632]S3 Mkd2Nadr;Mkd2Nadr;c:\windows\system32\drivers\Mkd2Nadr.sys [4/22/2009 2:49 PM 79360]S3 npggsvc;nProtect GameGuard Service;c:\windows\system32\GameMon.des -service --> c:\windows\system32\GameMon.des -service [?]S4 WinDefend;Windows Defender;c:\program files\Windows Defender\MsMpEng.exe [11/3/2006 7:19 PM 13592].Contents of the 'Scheduled Tasks' folder.2011-03-16 c:\windows\Tasks\AppleSoftwareUpdate.job- c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 04:34].2011-12-17 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job- c:\program files\Google\Update\GoogleUpdate.exe [2010-12-24 14:42].2011-12-17 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job- c:\program files\Google\Update\GoogleUpdate.exe [2010-12-24 14:42].2011-10-01 c:\windows\Tasks\MP Scheduled Scan.job- c:\program files\Windows Defender\MpCmdRun.exe [2006-11-03 11:20]..------- Supplementary Scan -------.uStart Page = hxxp://sg.yahoo.com/IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000TCP: DhcpNameServer = 192.168.1.254DPF: {3AC7F64E-6154-47B0-82B5-764ED4077F77} - hxxp://txn.hkjc.com/BetSlip/object/HKJCSecKey.cabFF - ProfilePath - c:\documents and settings\kelvin\Application Data\Mozilla\Firefox\Profiles\jnwwztep.default\FF - prefs.js: browser.startup.homepage - hxxp://sg.yahoo.com/.- - - - ORPHANS REMOVED - - - -.Toolbar-Locked - (no file)...**************************************************************************.catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.netRootkit scan 2011-12-17 23:31Windows 5.1.2600 Service Pack 3 NTFS.scanning hidden processes ... .scanning hidden autostart entries ... .scanning hidden files ... ..C:\## aswSnx private storage.scan completed successfullyhidden files: 1.**************************************************************************.[HKEY_LOCAL_MACHINE\System\ControlSet002\Services\npggsvc]"ImagePath"="c:\windows\system32\GameMon.des -service".--------------------- DLLs Loaded Under Running Processes ---------------------.- - - - - - - > 'winlogon.exe'(588)c:\windows\System32\BCMLogon.dll.Completion time: 2011-12-17 23:37:37ComboFix-quarantined-files.txt 2011-12-17 15:37.Pre-Run: 460,140,544 bytes freePost-Run: 1,576,566,784 bytes free.- - End Of File - - 06BF3B4A444BA2F5A5AC9B04FA4BEADB Link to post Share on other sites More sharing options...
Elise Posted December 18, 2011 ID:506158 Share Posted December 18, 2011 How are things running at this point?Please click Start > Run, type sfc /scannow and press enter. Let the system file checker run unhindered. When done, rerun combofix (using the run command) and post me the new log. Link to post Share on other sites More sharing options...
Darkness Posted December 20, 2011 Author ID:506883 Share Posted December 20, 2011 Here's the new log. ComboFix 11-12-19.03 - kelvin 12/17/2011 23:52:34.2.1 - x86Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.758.409 [GMT 8:00]Running from: c:\documents and settings\kelvin\desktop\combofix.exeCommand switches used :: /nombrAV: avast! Antivirus *Disabled/Updated* {7591DB91-41F0-48A3-B128-1A293FD8233D}.WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!..((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))..c:\windows\system32\OLD3F4.tmpc:\windows\system32\OLD3F8.tmpc:\windows\system32\OLD40F.tmpc:\windows\system32\OLD450.tmpc:\windows\system32\OLD453.tmpc:\windows\system32\OLD457.tmpc:\windows\system32\OLD45A.tmpc:\windows\system32\OLD471.tmpc:\windows\system32\OLD478.tmp..((((((((((((((((((((((((( Files Created from 2011-11-17 to 2011-12-17 )))))))))))))))))))))))))))))))..2011-12-17 15:43 . 2004-08-03 15:08 20480 ----a-w- c:\windows\system32\drivers\OLD44C.tmp2011-12-17 15:43 . 2004-08-03 15:08 142976 ----a-w- c:\windows\system32\drivers\OLD448.tmp2011-12-17 15:43 . 2004-08-03 15:07 59264 ----a-w- c:\windows\system32\drivers\OLD444.tmp2011-12-17 15:43 . 2004-08-03 15:15 60800 ----a-w- c:\windows\system32\drivers\OLD440.tmp2011-12-17 15:43 . 2001-08-17 06:00 54272 ----a-w- c:\windows\system32\drivers\OLD43C.tmp2011-12-17 15:43 . 2004-08-03 15:08 48640 ----a-w- c:\windows\system32\drivers\OLD438.tmp2011-12-17 15:42 . 2001-08-17 14:36 386560 -c--a-w- c:\windows\system32\dllcache\sgiul50.dll2011-12-17 15:42 . 2001-08-17 04:19 36480 -c--a-w- c:\windows\system32\dllcache\sfmanm.sys2011-12-17 15:42 . 2001-08-17 05:53 6784 -c--a-w- c:\windows\system32\dllcache\serscan.sys2011-12-17 15:42 . 2001-08-17 05:48 17664 -c--a-w- c:\windows\system32\dllcache\sermouse.sys2011-12-17 15:42 . 2001-08-17 14:36 26112 -c--a-w- c:\windows\system32\dllcache\OLD42B.tmp2011-12-17 15:35 . 2004-08-03 15:15 145792 ----a-w- c:\windows\system32\drivers\OLD425.tmp2011-12-17 15:35 . 2004-08-03 14:59 25088 ----a-w- c:\windows\system32\drivers\OLD421.tmp2011-12-17 15:35 . 2004-08-03 15:07 68224 ----a-w- c:\windows\system32\drivers\OLD41D.tmp2011-12-17 15:34 . 2001-08-17 04:12 32840 -c--a-w- c:\windows\system32\dllcache\ngrpci.sys2011-12-17 15:34 . 2004-08-03 14:31 132695 -c--a-w- c:\windows\system32\dllcache\netwlan5.sys2011-12-17 15:34 . 2004-08-04 12:00 92032 -c--a-w- c:\windows\system32\dllcache\OLD401.tmp2011-12-17 15:33 . 2008-04-13 18:41 26112 -c--a-w- c:\windows\system32\dllcache\memstpci.sys2011-12-17 15:33 . 2001-08-17 14:36 47616 -c--a-w- c:\windows\system32\dllcache\memgrp.dll2011-12-17 15:33 . 2001-08-17 05:58 8320 -c--a-w- c:\windows\system32\dllcache\memcard.sys2011-12-17 15:33 . 2004-08-03 15:15 140928 ----a-w- c:\windows\system32\drivers\OLD3F0.tmp2011-12-17 15:33 . 2001-08-17 05:58 35840 ----a-w- c:\windows\system32\drivers\OLD3EC.tmp2011-12-17 15:32 . 2001-08-17 04:12 100936 -c--a-w- c:\windows\system32\dllcache\ibmtok.sys2011-12-17 15:32 . 2001-08-17 14:34 9216 -c--a-w- c:\windows\system32\dllcache\ibmsgnet.dll2011-12-17 15:32 . 2001-08-17 04:11 28700 -c--a-w- c:\windows\system32\dllcache\ibmexmp.sys2011-12-17 15:32 . 2008-04-14 00:11 702845 -c--a-w- c:\windows\system32\dllcache\i81xdnt5.dll2011-12-17 15:32 . 2004-08-03 14:29 161020 -c--a-w- c:\windows\system32\dllcache\i81xnt5.sys2011-12-17 15:32 . 2004-08-04 12:00 52736 ----a-w- c:\windows\system32\drivers\OLD3DD.tmp2011-12-17 15:32 . 2001-08-17 04:49 58592 -c--a-w- c:\windows\system32\dllcache\i740nt5.sys2011-12-17 15:32 . 2001-08-17 06:56 353184 -c--a-w- c:\windows\system32\dllcache\i740dnt5.dll2011-12-17 15:32 . 2008-04-13 18:41 18560 -c--a-w- c:\windows\system32\dllcache\i2omp.sys2011-12-17 15:32 . 2008-04-13 18:41 8576 -c--a-w- c:\windows\system32\dllcache\i2omgmt.sys2011-12-17 15:32 . 2001-08-17 05:28 199711 -c--a-w- c:\windows\system32\dllcache\OLD3D1.tmp2011-12-17 15:32 . 2001-08-17 05:28 289887 -c--a-w- c:\windows\system32\dllcache\OLD3CD.tmp2011-12-17 15:30 . 2008-04-13 18:36 20352 -c--a-w- c:\windows\system32\dllcache\OLD391.tmp2011-12-17 15:29 . 2001-08-17 05:28 594238 -c--a-w- c:\windows\system32\dllcache\OLD34B.tmp2011-12-17 15:29 . 2001-08-17 05:28 595647 -c--a-w- c:\windows\system32\dllcache\OLD347.tmp2011-12-17 15:29 . 2001-08-17 05:50 144896 -c--a-w- c:\windows\system32\dllcache\OLD343.tmp2011-12-17 15:29 . 2001-08-17 05:46 6400 -c--a-w- c:\windows\system32\dllcache\OLD33F.tmp2011-12-17 15:29 . 2001-08-17 04:19 283904 -c--a-w- c:\windows\system32\dllcache\OLD33B.tmp2011-12-17 15:29 . 2001-08-17 04:10 19996 -c--a-w- c:\windows\system32\dllcache\OLD337.tmp2011-12-17 15:29 . 2001-08-17 04:10 19996 -c--a-w- c:\windows\system32\dllcache\OLD334.tmp2011-12-17 15:29 . 2001-08-17 04:10 19996 -c--a-w- c:\windows\system32\dllcache\OLD331.tmp2011-12-17 15:29 . 2004-08-04 12:00 514587 -c--a-w- c:\windows\system32\dllcache\OLD32D.tmp2011-12-17 15:29 . 2008-04-14 00:12 20992 -c--a-w- c:\windows\system32\dllcache\OLD32A.tmp2011-12-17 15:29 . 2001-08-17 04:20 334208 -c--a-w- c:\windows\system32\dllcache\OLD326.tmp2011-12-17 15:27 . 2001-08-17 04:13 21533 -c--a-w- c:\windows\system32\dllcache\OLD2E2.tmp2011-12-17 15:26 . 2001-08-17 04:12 39680 -c--a-w- c:\windows\system32\dllcache\OLD2A8.tmp2011-12-17 15:26 . 2001-08-17 04:12 37916 -c--a-w- c:\windows\system32\dllcache\OLD2A4.tmp2011-12-17 15:26 . 2001-08-17 14:36 32256 -c--a-w- c:\windows\system32\dllcache\OLD2A0.tmp2011-12-17 15:26 . 2001-08-17 04:13 164923 -c--a-w- c:\windows\system32\dllcache\OLD29C.tmp2011-12-17 15:26 . 2004-08-04 12:00 54528 -c--a-w- c:\windows\system32\dllcache\OLD298.tmp2011-12-17 15:26 . 2008-04-14 00:11 121856 -c--a-w- c:\windows\system32\dllcache\OLD295.tmp2011-12-17 15:26 . 2001-08-17 14:37 116736 -c--a-w- c:\windows\system32\dllcache\OLD291.tmp2011-12-17 15:26 . 2001-08-17 14:36 74240 -c--a-w- c:\windows\system32\dllcache\OLD28D.tmp2011-12-17 15:26 . 2001-08-17 14:37 73216 -c--a-w- c:\windows\system32\dllcache\OLD289.tmp2011-12-17 15:26 . 2001-08-17 06:04 171264 -c--a-w- c:\windows\system32\dllcache\OLD285.tmp2011-12-17 15:26 . 2001-08-17 06:05 314752 -c--a-w- c:\windows\system32\dllcache\OLD281.tmp2011-12-17 15:26 . 2004-08-04 12:00 10752 -c--a-w- c:\windows\system32\dllcache\OLD27D.tmp2011-12-17 15:24 . 2001-08-17 04:11 96640 -c--a-w- c:\windows\system32\dllcache\OLD179.tmp2011-12-17 15:23 . 2001-08-17 04:49 75136 -c--a-w- c:\windows\system32\dllcache\OLD125.tmp2011-12-17 15:21 . 2001-08-17 05:47 6272 -c--a-w- c:\windows\system32\dllcache\OLDE8.tmp2011-12-17 15:21 . 2004-08-03 14:31 36224 -c--a-w- c:\windows\system32\dllcache\OLDE4.tmp2011-12-17 15:21 . 2001-08-17 05:52 12032 -c--a-w- c:\windows\system32\dllcache\OLDE0.tmp2011-12-17 15:21 . 2001-08-17 04:11 16969 -c--a-w- c:\windows\system32\dllcache\OLDDC.tmp2011-12-17 15:20 . 2001-08-17 05:51 5248 -c--a-w- c:\windows\system32\dllcache\OLDD8.tmp2011-12-17 15:20 . 2001-08-17 05:49 26624 -c--a-w- c:\windows\system32\dllcache\OLDD4.tmp2011-12-17 15:20 . 2001-08-17 04:11 27678 -c--a-w- c:\windows\system32\dllcache\OLDD0.tmp2011-12-17 15:20 . 2001-08-17 06:07 56960 -c--a-w- c:\windows\system32\dllcache\OLDCC.tmp2011-12-17 15:20 . 2001-08-17 06:07 55168 -c--a-w- c:\windows\system32\dllcache\OLDC8.tmp2011-12-17 15:20 . 2001-08-17 05:52 12800 -c--a-w- c:\windows\system32\dllcache\OLDC4.tmp2011-12-17 15:20 . 2007-04-02 18:26 19456 -c--a-w- c:\windows\system32\dllcache\OLDC0.tmp2011-12-17 15:20 . 2007-04-02 18:25 19456 -c--a-w- c:\windows\system32\dllcache\OLDBD.tmp2011-12-17 15:20 . 2001-08-17 14:36 5632 -c--a-w- c:\windows\system32\dllcache\OLDBA.tmp2011-12-17 15:15 . 2001-08-17 06:07 101888 -c--a-w- c:\windows\system32\dllcache\OLDB5.tmp2011-12-17 15:15 . 2001-08-17 04:11 46112 -c--a-w- c:\windows\system32\dllcache\OLDB1.tmp2011-12-17 15:15 . 2004-08-03 14:32 10880 -c--a-w- c:\windows\system32\dllcache\OLDAD.tmp2011-12-17 15:15 . 2001-08-17 04:19 747392 -c--a-w- c:\windows\system32\dllcache\OLDA9.tmp2011-12-17 15:15 . 2001-08-17 04:19 553984 -c--a-w- c:\windows\system32\dllcache\OLDA5.tmp2011-12-17 15:15 . 2001-08-17 04:19 584448 -c--a-w- c:\windows\system32\dllcache\OLDA1.tmp2011-12-17 15:15 . 2001-08-17 04:11 20160 -c--a-w- c:\windows\system32\dllcache\OLD9D.tmp2011-12-17 15:13 . 2007-04-02 16:36 16384 -c--a-w- c:\windows\system32\dllcache\OLD53.tmp2011-12-17 15:12 . 2008-04-14 00:11 82035 -c--a-w- c:\windows\system32\dllcache\OLD16.tmp2011-12-17 15:12 . 2008-04-14 00:11 184435 -c--a-w- c:\windows\system32\dllcache\OLD13.tmp2011-12-17 15:12 . 2008-04-14 00:11 147513 -c--a-w- c:\windows\system32\dllcache\OLD19.tmp2011-12-17 15:12 . 2008-04-14 00:12 188480 -c--a-w- c:\windows\system32\dllcache\OLD10.tmp2011-12-17 15:12 . 2008-04-14 00:12 16439 -c--a-w- c:\windows\system32\dllcache\OLDD.tmp2011-12-17 15:12 . 2008-04-14 00:11 20540 -c--a-w- c:\windows\system32\dllcache\OLDA.tmp2011-12-17 15:12 . 2011-12-17 15:44 -------- d-----w- c:\windows\LastGood2011-12-17 15:12 . 2008-04-14 00:12 16439 -c--a-w- c:\windows\system32\dllcache\OLD7.tmp2011-12-17 15:12 . 2008-04-14 00:11 20540 -c--a-w- c:\windows\system32\dllcache\OLD4.tmp2011-11-24 07:34 . 2011-11-24 07:34 414368 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl...(((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))).2011-11-28 18:01 . 2011-06-12 06:59 41184 ----a-w- c:\windows\avastSS.scr2011-11-28 18:01 . 2011-06-12 06:59 199816 ----a-w- c:\windows\system32\aswBoot.exe2011-11-28 17:53 . 2011-06-12 07:00 435032 ----a-w- c:\windows\system32\drivers\aswSnx.sys2011-11-28 17:53 . 2011-06-12 07:00 314456 ----a-w- c:\windows\system32\drivers\aswSP.sys2011-11-28 17:52 . 2011-06-12 07:00 34392 ----a-w- c:\windows\system32\drivers\aswRdr.sys2011-11-28 17:52 . 2011-06-12 07:00 52952 ----a-w- c:\windows\system32\drivers\aswTdi.sys2011-11-28 17:52 . 2011-06-12 07:00 111320 ----a-w- c:\windows\system32\drivers\aswmon2.sys2011-11-28 17:51 . 2011-06-12 07:00 105176 ----a-w- c:\windows\system32\drivers\aswmon.sys2011-11-28 17:51 . 2011-06-12 07:00 20568 ----a-w- c:\windows\system32\drivers\aswFsBlk.sys2011-11-28 17:48 . 2011-06-12 07:00 30808 ----a-w- c:\windows\system32\drivers\aavmker4.sys2011-11-23 13:25 . 2004-08-04 12:00 1859584 ----a-w- c:\windows\system32\win32k.sys2011-11-04 19:20 . 2004-08-04 12:00 916992 ----a-w- c:\windows\system32\wininet.dll2011-11-04 19:20 . 2004-08-04 12:00 43520 ----a-w- c:\windows\system32\licmgr10.dll2011-11-04 19:20 . 2004-08-04 12:00 1469440 ----a-w- c:\windows\system32\inetcpl.cpl2011-11-04 11:23 . 2004-08-04 12:00 385024 ----a-w- c:\windows\system32\html.iec2011-11-01 16:07 . 2004-08-04 12:00 1288704 ----a-w- c:\windows\system32\ole32.dll2011-10-28 05:31 . 2004-08-04 12:00 33280 ----a-w- c:\windows\system32\csrsrv.dll2011-10-25 13:33 . 2004-08-04 12:00 2192768 ----a-w- c:\windows\system32\ntoskrnl.exe2011-10-25 12:52 . 2004-08-03 22:59 2069376 ----a-w- c:\windows\system32\ntkrnlpa.exe2011-10-18 11:13 . 2004-08-04 12:00 186880 ----a-w- c:\windows\system32\encdec.dll2011-10-10 14:22 . 2006-05-29 14:50 692736 ----a-w- c:\windows\system32\inetcomm.dll2011-10-05 14:05 . 2010-02-24 02:13 634 ----a-w- c:\documents and settings\kelvin\Local Settings\Application Data\fw_start.bat2011-09-28 07:06 . 2004-08-04 12:00 599040 ----a-w- c:\windows\system32\crypt32.dll2011-09-26 03:41 . 2007-10-09 05:03 611328 ----a-w- c:\windows\system32\uiautomationcore.dll2011-09-26 03:41 . 2004-08-04 12:00 220160 ----a-w- c:\windows\system32\oleacc.dll2011-09-26 03:41 . 2004-08-04 12:00 20480 ----a-w- c:\windows\system32\oleaccrc.dll..------- Sigcheck -------Note: Unsigned files aren't necessarily malware..[-] 2006-10-18 13:47 . C51B4A5C05A5475708E3C81C7765B71D . 27136 . . [11.0.5721.5145] . . c:\windows\LastGood\system32\mspmsnsv.dll[-] 2006-10-18 13:47 . C51B4A5C05A5475708E3C81C7765B71D . 27136 . . [11.0.5721.5145] . . c:\windows\system32\mspmsnsv.dll[-] 2005-01-28 05:44 . 140EF97B64F560FD78643CAE2CDAD838 . 25088 . . [10.0.3790.3802] . . c:\windows\$NtUninstallWMFDist11$\mspmsnsv.dll[-] 2005-01-28 05:44 . 140EF97B64F560FD78643CAE2CDAD838 . 25088 . . [10.0.3790.3802] . . c:\windows\RegisteredPackages\{30C7234B-6482-4A55-A11D-ECD9030313F2}\MsPMSNSv.dll[-] 2004-08-04 12:00 . C086483E3DBA8C1C0A687EC8D5B3D4C1 . 52224 . . [9.0.1.56] . . c:\windows\RegisteredPackages\{30C7234B-6482-4A55-A11D-ECD9030313F2}$BACKUP$\System\MsPMSNSv.dll.((((((((((((((((((((((((((((( SnapShot@2011-12-17_15.32.28 ))))))))))))))))))))))))))))))))))))))))).+ 2011-12-17 15:08 . 2011-12-17 15:08 16384 c:\windows\Temp\Perflib_Perfdata_1a8.dat+ 2004-08-04 00:56 . 2008-04-14 00:12 23552 c:\windows\system32\wdmaud.drv- 2004-08-04 00:56 . 2004-08-03 16:56 23552 c:\windows\system32\wdmaud.drv- 2006-05-29 22:44 . 2004-08-03 16:56 74240 c:\windows\system32\usbui.dll+ 2006-05-29 22:44 . 2008-04-14 00:12 74240 c:\windows\system32\usbui.dll+ 2004-08-04 12:00 . 2011-11-04 19:20 66560 c:\windows\system32\mshtmled.dll- 2004-08-04 12:00 . 2011-08-22 23:48 66560 c:\windows\system32\mshtmled.dll- 2006-11-07 13:03 . 2011-08-22 23:48 55296 c:\windows\system32\msfeedsbs.dll+ 2006-11-07 13:03 . 2011-11-04 19:20 55296 c:\windows\system32\msfeedsbs.dll- 2004-08-04 12:00 . 2011-08-22 23:48 25600 c:\windows\system32\jsproxy.dll+ 2004-08-04 12:00 . 2011-11-04 19:20 25600 c:\windows\system32\jsproxy.dll+ 2004-08-04 12:00 . 2008-04-13 18:45 20608 c:\windows\system32\drivers\usbuhci.sys+ 2006-08-09 09:33 . 2008-04-13 18:45 60032 c:\windows\system32\drivers\usbaudio.sys+ 2006-05-29 15:08 . 2008-04-13 19:15 60800 c:\windows\system32\drivers\sysaudio.sys- 2006-05-29 15:08 . 2004-08-03 15:15 60800 c:\windows\system32\drivers\sysaudio.sys+ 2006-05-29 15:08 . 2008-04-13 18:45 56576 c:\windows\system32\drivers\swmidi.sys+ 2004-08-03 23:08 . 2008-04-13 18:45 49408 c:\windows\system32\drivers\stream.sys+ 2004-08-04 12:00 . 2008-04-13 18:40 24960 c:\windows\system32\drivers\pciidex.sys+ 2004-08-04 12:00 . 2008-04-13 18:36 68224 c:\windows\system32\drivers\pci.sys- 2004-08-04 12:00 . 2004-08-03 15:07 68224 c:\windows\system32\drivers\pci.sys+ 2004-08-04 12:00 . 2008-04-13 18:36 37248 c:\windows\system32\drivers\isapnp.sys+ 2004-08-04 12:00 . 2008-04-13 19:18 52480 c:\windows\system32\drivers\i8042prt.sys- 2009-06-10 00:04 . 2011-08-22 23:48 12800 c:\windows\system32\dllcache\xpshims.dll+ 2009-06-10 00:04 . 2011-11-04 19:20 12800 c:\windows\system32\dllcache\xpshims.dll+ 2004-08-04 12:00 . 2008-04-13 18:40 11392 c:\windows\system32\dllcache\sfloppy.sys+ 2004-08-04 12:00 . 2008-04-13 18:40 11008 c:\windows\system32\dllcache\sffp_sd.sys+ 2004-08-04 12:00 . 2008-04-13 18:40 11904 c:\windows\system32\dllcache\sffdisk.sys+ 2009-01-11 06:01 . 2008-04-14 00:12 32768 c:\windows\system32\dllcache\setupn.exe+ 2006-05-29 14:50 . 2008-04-14 00:12 73216 c:\windows\system32\dllcache\setup50.exe+ 2004-08-04 12:00 . 2008-04-14 00:12 23040 c:\windows\system32\dllcache\setup.exe+ 2004-08-04 12:00 . 2008-04-14 00:12 31232 c:\windows\system32\dllcache\sethc.exe+ 2006-05-29 14:48 . 2008-04-14 00:12 56320 c:\windows\system32\dllcache\servdeps.dll+ 2004-08-04 12:00 . 2008-04-13 19:15 64512 c:\windows\system32\dllcache\serial.sys+ 2004-08-04 12:00 . 2008-04-13 18:40 15744 c:\windows\system32\dllcache\serenum.sys+ 2004-08-04 12:00 . 2008-04-14 00:12 98304 c:\windows\system32\dllcache\nlhtml.dll+ 2001-08-17 13:24 . 2004-08-04 12:00 12032 c:\windows\system32\dllcache\nikedrv.sys+ 2004-08-03 22:58 . 2008-04-13 18:51 61824 c:\windows\system32\dllcache\nic1394.sys+ 2004-08-04 12:00 . 2008-04-14 00:12 80896 c:\windows\system32\dllcache\netui0.dll+ 2004-08-04 12:00 . 2008-04-14 00:12 36864 c:\windows\system32\dllcache\netstat.exe+ 2004-08-04 12:00 . 2008-04-14 00:12 86016 c:\windows\system32\dllcache\netsh.exe+ 2006-10-19 05:33 . 2008-04-13 17:27 79872 c:\windows\system32\dllcache\msxml6r.dll- 2009-01-11 06:01 . 2008-04-13 17:27 79872 c:\windows\system32\dllcache\msxml6r.dll- 2004-08-04 12:00 . 2011-08-22 23:48 66560 c:\windows\system32\dllcache\mshtmled.dll+ 2004-08-04 12:00 . 2011-11-04 19:20 66560 c:\windows\system32\dllcache\mshtmled.dll+ 2007-05-13 08:00 . 2011-11-04 19:20 55296 c:\windows\system32\dllcache\msfeedsbs.dll- 2007-05-13 08:00 . 2011-08-22 23:48 55296 c:\windows\system32\dllcache\msfeedsbs.dll+ 2006-05-29 14:48 . 2008-04-14 00:12 16384 c:\windows\system32\dllcache\mofcomp.exe+ 2004-08-04 12:00 . 2008-04-14 00:11 40960 c:\windows\system32\dllcache\mf3216.dll+ 2004-08-03 23:07 . 2008-04-13 18:36 63744 c:\windows\system32\dllcache\mf.sys+ 2004-08-04 12:00 . 2008-04-14 00:11 19968 c:\windows\system32\dllcache\log.dll+ 2004-08-04 12:00 . 2011-11-04 19:20 43520 c:\windows\system32\dllcache\licmgr10.dll- 2004-08-04 12:00 . 2011-08-22 23:48 43520 c:\windows\system32\dllcache\licmgr10.dll+ 2004-08-04 12:00 . 2011-11-04 19:20 25600 c:\windows\system32\dllcache\jsproxy.dll- 2004-08-04 12:00 . 2011-08-22 23:48 25600 c:\windows\system32\dllcache\jsproxy.dll+ 2004-08-04 12:00 . 2008-04-13 18:40 42112 c:\windows\system32\dllcache\imapi.sys+ 2006-05-29 14:50 . 2008-04-14 00:11 81920 c:\windows\system32\dllcache\ils.dll+ 2009-01-11 06:00 . 2008-04-14 00:11 81920 c:\windows\system32\dllcache\ieencode.dll+ 2006-05-29 14:50 . 2008-04-14 00:11 49152 c:\windows\system32\dllcache\icwutil.dll+ 2006-05-29 14:50 . 2008-04-14 00:12 24576 c:\windows\system32\dllcache\icwrmind.exe+ 2004-08-04 12:00 . 2008-04-13 19:18 52480 c:\windows\system32\dllcache\i8042prt.sys+ 2004-08-04 12:00 . 2008-04-14 00:11 41984 c:\windows\system32\dllcache\htui.dll+ 2004-08-04 12:00 . 2009-10-21 05:38 25088 c:\windows\system32\dllcache\httpapi.dll- 2009-10-21 05:38 . 2009-10-21 05:38 25088 c:\windows\system32\dllcache\httpapi.dll+ 2011-12-17 15:44 . 2006-10-18 13:47 99840 c:\windows\LastGood\system32\wmpshell.dll+ 2011-12-17 15:43 . 2006-10-18 13:47 37376 c:\windows\LastGood\system32\wmdmps.dll+ 2011-12-17 15:43 . 2006-10-18 13:47 33792 c:\windows\LastGood\system32\wmdmlog.dll+ 2011-12-17 15:43 . 2004-08-03 16:56 23552 c:\windows\LastGood\system32\wdmaud.drv+ 2011-12-17 15:43 . 2004-08-03 16:56 74240 c:\windows\LastGood\system32\usbui.dll+ 2011-12-17 15:14 . 2006-10-18 13:47 11264 c:\windows\LastGood\system32\laprxy.dll+ 2011-12-17 15:43 . 2004-08-03 15:08 20480 c:\windows\LastGood\system32\drivers\usbuhci.sys+ 2011-12-17 15:43 . 2004-08-03 15:07 59264 c:\windows\LastGood\system32\drivers\usbaudio.sys+ 2011-12-17 15:43 . 2004-08-03 15:15 60800 c:\windows\LastGood\system32\drivers\sysaudio.sys+ 2011-12-17 15:43 . 2001-08-17 06:00 54272 c:\windows\LastGood\system32\drivers\swmidi.sys+ 2011-12-17 15:43 . 2004-08-03 15:08 48640 c:\windows\LastGood\system32\drivers\stream.sys+ 2011-12-17 15:35 . 2004-08-03 14:59 25088 c:\windows\LastGood\system32\drivers\pciidex.sys+ 2011-12-17 15:35 . 2004-08-03 15:07 68224 c:\windows\LastGood\system32\drivers\pci.sys+ 2011-12-17 15:33 . 2001-08-17 05:58 35840 c:\windows\LastGood\system32\drivers\isapnp.sys+ 2011-12-17 15:32 . 2004-08-04 12:00 52736 c:\windows\LastGood\system32\drivers\i8042prt.sys+ 2011-12-17 15:13 . 2007-04-02 16:36 16384 c:\windows\LastGood\system32\dllcache\tcptsat.dll+ 2011-12-17 15:13 . 2008-04-14 00:12 32827 c:\windows\LastGood\system32\dllcache\tcptest.exe+ 2011-12-17 15:13 . 2008-04-14 00:12 16437 c:\windows\LastGood\system32\dllcache\shtml.exe+ 2011-12-17 15:13 . 2008-04-14 00:12 20536 c:\windows\LastGood\system32\dllcache\shtml.dll+ 2011-12-17 15:13 . 2001-08-17 06:56 66048 c:\windows\LastGood\system32\dllcache\s3legacy.dll+ 2011-12-17 15:34 . 2004-08-04 12:00 92032 c:\windows\LastGood\system32\dllcache\mga.dll+ 2011-12-17 15:31 . 2001-08-17 05:28 67167 c:\windows\LastGood\system32\dllcache\hsf_bsc2.sys+ 2011-12-17 15:31 . 2001-08-17 14:36 31232 c:\windows\LastGood\system32\dllcache\hpgt42tk.dll+ 2011-12-17 15:31 . 2001-08-17 14:36 93696 c:\windows\LastGood\system32\dllcache\hpgt42.dll+ 2011-12-17 15:31 . 2001-08-17 14:36 48128 c:\windows\LastGood\system32\dllcache\hpgt33tk.dll+ 2011-12-17 15:31 . 2001-08-17 14:36 89088 c:\windows\LastGood\system32\dllcache\hpgt33.dll+ 2011-12-17 15:31 . 2001-08-17 14:36 83968 c:\windows\LastGood\system32\dllcache\hpgt21.dll+ 2011-12-17 15:30 . 2008-04-13 18:36 20352 c:\windows\LastGood\system32\dllcache\hidbatt.sys+ 2011-12-17 15:30 . 2008-04-13 18:40 28288 c:\windows\LastGood\system32\dllcache\grserial.sys+ 2011-12-17 15:30 . 2001-08-17 05:51 82304 c:\windows\LastGood\system32\dllcache\grclass.sys+ 2011-12-17 15:30 . 2001-08-17 05:51 17408 c:\windows\LastGood\system32\dllcache\gpr400.sys+ 2011-12-17 15:30 . 2004-08-04 12:00 31744 c:\windows\LastGood\system32\dllcache\fxsroute.dll+ 2011-12-17 15:30 . 2001-08-17 14:36 92160 c:\windows\LastGood\system32\dllcache\fuusd.dll+ 2011-12-17 15:13 . 2008-04-14 00:12 20538 c:\windows\LastGood\system32\dllcache\fpremadm.exe+ 2011-12-17 15:13 . 2008-04-14 00:11 20541 c:\windows\LastGood\system32\dllcache\fpexedll.dll+ 2011-12-17 15:13 . 2008-04-14 00:12 15120 c:\windows\LastGood\system32\dllcache\fp98sadm.exe+ 2011-12-17 15:13 . 2008-04-14 00:11 49212 c:\windows\LastGood\system32\dllcache\fp4awebs.dll+ 2011-12-17 15:13 . 2008-04-14 00:11 32826 c:\windows\LastGood\system32\dllcache\fp4avss.dll+ 2011-12-17 15:13 . 2008-04-14 00:11 41020 c:\windows\LastGood\system32\dllcache\fp4avnb.dll+ 2011-12-17 15:13 . 2008-04-14 00:11 49210 c:\windows\LastGood\system32\dllcache\fp4areg.dll+ 2011-12-17 15:12 . 2008-04-14 00:11 82035 c:\windows\LastGood\system32\dllcache\fp4anscp.dll+ 2011-12-17 15:42 . 2001-08-17 14:36 26112 c:\windows\LastGood\system32\dllcache\EXCH_seos.dll+ 2011-12-17 15:23 . 2001-08-17 14:36 45056 c:\windows\LastGood\system32\dllcache\EXCH_aqadmin.dll+ 2011-12-17 15:29 . 2001-08-17 04:10 19996 c:\windows\LastGood\system32\dllcache\em556n4.sys+ 2011-12-17 15:28 . 2001-08-17 14:36 38985 c:\windows\LastGood\system32\dllcache\disrvsu.dll+ 2011-12-17 15:28 . 2001-08-17 14:36 31305 c:\windows\LastGood\system32\dllcache\disrvpp.dll+ 2011-12-17 15:28 . 2001-08-17 04:13 91305 c:\windows\LastGood\system32\dllcache\dimaint.sys+ 2011-12-17 15:28 . 2001-08-17 04:17 42432 c:\windows\LastGood\system32\dllcache\digirlpt.sys+ 2011-12-17 15:28 . 2001-08-17 04:14 21606 c:\windows\LastGood\system32\dllcache\digiisdn.sys+ 2011-12-17 15:28 . 2001-08-17 04:13 37735 c:\windows\LastGood\system32\dllcache\digiasyn.sys+ 2011-12-17 15:28 . 2001-08-17 14:36 65622 c:\windows\LastGood\system32\dllcache\digiasyn.dll+ 2011-12-17 15:26 . 2001-08-17 14:36 32256 c:\windows\LastGood\system32\dllcache\diapi2NT.dll+ 2011-12-17 15:28 . 2001-08-17 04:17 29531 c:\windows\LastGood\system32\dllcache\dgapci.sys+ 2011-12-17 15:28 . 2001-08-17 04:19 96256 c:\windows\LastGood\system32\dllcache\ctlsb16.sys+ 2011-12-17 15:28 . 2001-08-17 04:11 60970 c:\windows\LastGood\system32\dllcache\cpqtrnd5.sys+ 2011-12-17 15:27 . 2001-08-17 04:13 21533 c:\windows\LastGood\system32\dllcache\cpqndis5.sys+ 2011-12-17 15:27 . 2001-08-17 05:52 14976 c:\windows\LastGood\system32\dllcache\cpqarray.sys+ 2011-12-17 15:27 . 2004-08-04 12:00 14336 c:\windows\LastGood\system32\dllcache\chgusr.exe+ 2011-12-17 15:27 . 2004-08-04 12:00 15872 c:\windows\LastGood\system32\dllcache\chgport.exe+ 2011-12-17 15:27 . 2004-08-04 12:00 13312 c:\windows\LastGood\system32\dllcache\chglogon.exe+ 2011-12-17 15:27 . 2001-08-17 04:13 49182 c:\windows\LastGood\system32\dllcache\cem56n5.sys+ 2011-12-17 15:27 . 2001-08-17 04:13 22044 c:\windows\LastGood\system32\dllcache\cem33n5.sys+ 2011-12-17 15:27 . 2001-08-17 04:13 22044 c:\windows\LastGood\system32\dllcache\cem28n5.sys+ 2011-12-17 15:27 . 2001-08-17 04:13 27164 c:\windows\LastGood\system32\dllcache\ce3n5.sys+ 2011-12-17 15:27 . 2001-08-17 04:13 21530 c:\windows\LastGood\system32\dllcache\ce2n5.sys+ 2011-12-17 15:27 . 2001-08-17 04:13 46108 c:\windows\LastGood\system32\dllcache\cben5.sys+ 2011-12-17 15:26 . 2001-08-17 04:12 39680 c:\windows\LastGood\system32\dllcache\cb325.sys+ 2011-12-17 15:26 . 2001-08-17 04:12 37916 c:\windows\LastGood\system32\dllcache\cb102.sys+ 2011-12-17 15:26 . 2004-08-04 12:00 54528 c:\windows\LastGood\system32\dllcache\cap7146.sys+ 2011-12-17 15:26 . 2001-08-17 14:36 74240 c:\windows\LastGood\system32\dllcache\camexo20.dll+ 2011-12-17 15:26 . 2004-08-04 12:00 10752 c:\windows\LastGood\system32\dllcache\c_iscii.dll+ 2011-12-17 15:25 . 2001-08-17 05:51 13824 c:\windows\LastGood\system32\dllcache\bulltlp3.sys+ 2011-12-17 15:25 . 2001-08-17 04:11 31529 c:\windows\LastGood\system32\dllcache\brzwlan.sys+ 2011-12-17 15:25 . 2001-08-17 05:12 10368 c:\windows\LastGood\system32\dllcache\brusbscn.sys+ 2011-12-17 15:25 . 2001-08-17 05:12 11008 c:\windows\LastGood\system32\dllcache\brusbmdm.sys+ 2011-12-17 15:25 . 2001-08-17 05:12 60416 c:\windows\LastGood\system32\dllcache\brserwdm.sys+ 2011-12-17 15:25 . 2001-08-17 05:12 39552 c:\windows\LastGood\system32\dllcache\brparwdm.sys+ 2011-12-17 15:25 . 2001-08-17 14:36 41472 c:\windows\LastGood\system32\dllcache\brmfusb.dll+ 2011-12-17 15:25 . 2001-08-17 14:36 32256 c:\windows\LastGood\system32\dllcache\brmfrsmg.exe+ 2011-12-17 15:25 . 2001-08-17 14:36 29696 c:\windows\LastGood\system32\dllcache\brmflpt.dll+ 2011-12-17 15:25 . 2001-08-17 14:36 81408 c:\windows\LastGood\system32\dllcache\brmfcwia.dll+ 2011-12-17 15:25 . 2001-08-17 14:36 15360 c:\windows\LastGood\system32\dllcache\brmfbidi.dll+ 2011-12-17 15:25 . 2001-08-17 05:12 12160 c:\windows\LastGood\system32\dllcache\brfiltlo.sys+ 2011-12-17 15:25 . 2001-08-17 14:36 12800 c:\windows\LastGood\system32\dllcache\brevif.dll+ 2011-12-17 15:25 . 2001-08-17 14:36 19456 c:\windows\LastGood\system32\dllcache\brbidiif.dll+ 2011-12-17 15:25 . 2008-04-13 18:46 11776 c:\windows\LastGood\system32\dllcache\bdasup.sys+ 2011-12-17 15:25 . 2001-08-17 04:11 26568 c:\windows\LastGood\system32\dllcache\bcm4e5.sys+ 2011-12-17 15:25 . 2001-08-17 04:11 54271 c:\windows\LastGood\system32\dllcache\bcm42xx5.sys+ 2011-12-17 15:25 . 2001-08-17 04:11 66557 c:\windows\LastGood\system32\dllcache\bcm42u.sys+ 2011-12-17 15:25 . 2001-08-17 04:48 36128 c:\windows\LastGood\system32\dllcache\banshee.sys+ 2011-12-17 15:24 . 2001-08-17 04:11 96640 c:\windows\LastGood\system32\dllcache\b57xp32.sys+ 2011-12-17 15:24 . 2001-08-17 04:13 89952 c:\windows\LastGood\system32\dllcache\b1cbase.sys+ 2011-12-17 15:24 . 2001-08-17 04:19 36992 c:\windows\LastGood\system32\dllcache\aztw2320.sys+ 2011-12-17 15:24 . 2001-08-17 04:13 37568 c:\windows\LastGood\system32\dllcache\avmwan.sys+ 2011-12-17 15:24 . 2001-08-17 14:36 87552 c:\windows\LastGood\system32\dllcache\avmcoxp.dll+ 2011-12-17 15:24 . 2008-04-13 18:46 13696 c:\windows\LastGood\system32\dllcache\avcstrm.sys+ 2011-12-17 15:24 . 2001-08-17 06:01 36096 c:\windows\LastGood\system32\dllcache\avcaudio.sys+ 2011-12-17 15:24 . 2008-04-13 18:46 38912 c:\windows\LastGood\system32\dllcache\avc.sys+ 2011-12-17 15:12 . 2008-04-14 00:12 16439 c:\windows\LastGood\system32\dllcache\author.exe+ 2011-12-17 15:12 . 2008-04-14 00:11 20540 c:\windows\LastGood\system32\dllcache\author.dll+ 2011-12-17 15:24 . 2001-08-17 04:49 23552 c:\windows\LastGood\system32\dllcache\atixbar.sys+ 2011-12-17 15:24 . 2001-08-17 04:49 26624 c:\windows\LastGood\system32\dllcache\ativxbar.sys+ 2011-12-17 15:24 . 2001-08-17 04:49 19456 c:\windows\LastGood\system32\dllcache\ativttxx.sys+ 2011-12-17 15:24 . 2001-08-17 04:49 17152 c:\windows\LastGood\system32\dllcache\atitvsnd.sys+ 2011-12-17 15:24 . 2001-08-17 04:49 17152 c:\windows\LastGood\system32\dllcache\atitunep.sys+ 2011-12-17 15:24 . 2001-08-17 04:49 26880 c:\windows\LastGood\system32\dllcache\atirtsnd.sys+ 2011-12-17 15:24 . 2001-08-17 04:49 49920 c:\windows\LastGood\system32\dllcache\atirtcap.sys+ 2011-12-17 15:24 . 2001-08-17 04:48 70528 c:\windows\LastGood\system32\dllcache\atiragem.sys+ 2011-12-17 15:24 . 2001-08-17 04:49 10240 c:\windows\LastGood\system32\dllcache\atipcxxx.sys+ 2011-12-17 15:23 . 2001-08-17 04:49 75136 c:\windows\LastGood\system32\dllcache\atimpae.sys+ 2011-12-17 15:23 . 2001-08-17 14:36 37376 c:\windows\LastGood\system32\dllcache\atievxx.exe+ 2011-12-17 15:23 . 2001-08-17 04:49 46464 c:\windows\LastGood\system32\dllcache\atibt829.sys+ 2011-12-17 15:23 . 2001-08-17 05:57 77568 c:\windows\LastGood\system32\dllcache\ati.sys+ 2011-12-17 15:23 . 2001-08-17 06:55 96128 c:\windows\LastGood\system32\dllcache\ati.dll+ 2011-12-17 15:23 . 2001-08-17 04:12 97354 c:\windows\LastGood\system32\dllcache\aspndis3.sys+ 2011-12-17 15:23 . 2001-08-17 05:51 14848 c:\windows\LastGood\system32\dllcache\asc3550.sys+ 2011-12-17 15:23 . 2001-08-17 05:52 22400 c:\windows\LastGood\system32\dllcache\asc3350p.sys+ 2011-12-17 15:23 . 2001-08-17 05:52 26496 c:\windows\LastGood\system32\dllcache\asc.sys+ 2011-12-17 15:21 . 2004-08-03 14:31 36224 c:\windows\LastGood\system32\dllcache\an983.sys+ 2011-12-17 15:21 . 2001-08-17 05:52 12032 c:\windows\LastGood\system32\dllcache\amsint.sys+ 2011-12-17 15:21 . 2001-08-17 04:11 16969 c:\windows\LastGood\system32\dllcache\amb8002.sys+ 2011-12-17 15:20 . 2001-08-17 05:49 26624 c:\windows\LastGood\system32\dllcache\alifir.sys+ 2011-12-17 15:20 . 2001-08-17 04:11 27678 c:\windows\LastGood\system32\dllcache\ali5261.sys+ 2011-12-17 15:20 . 2001-08-17 06:07 56960 c:\windows\LastGood\system32\dllcache\aic78xx.sys+ 2011-12-17 15:20 . 2001-08-17 06:07 55168 c:\windows\LastGood\system32\dllcache\aic78u2.sys+ 2011-12-17 15:20 . 2001-08-17 05:52 12800 c:\windows\LastGood\system32\dllcache\aha154x.sys+ 2011-12-17 15:20 . 2007-04-02 18:26 19456 c:\windows\LastGood\system32\dllcache\agt040d.dll+ 2011-12-17 15:20 . 2007-04-02 18:25 19456 c:\windows\LastGood\system32\dllcache\agt0401.dll+ 2011-12-17 15:15 . 2001-08-17 04:11 46112 c:\windows\LastGood\system32\dllcache\adptsf50.sys+ 2011-12-17 15:15 . 2004-08-03 14:32 10880 c:\windows\LastGood\system32\dllcache\admjoy.sys+ 2011-12-17 15:12 . 2008-04-14 00:12 16439 c:\windows\LastGood\system32\dllcache\admin.exe+ 2011-12-17 15:12 . 2008-04-14 00:11 20540 c:\windows\LastGood\system32\dllcache\admin.dll+ 2011-12-17 15:15 . 2001-08-17 04:11 20160 c:\windows\LastGood\system32\dllcache\adm8511.sys+ 2011-12-17 15:14 . 2001-08-17 14:36 61440 c:\windows\LastGood\system32\dllcache\acerscad.dll+ 2011-12-17 15:14 . 2004-08-03 14:32 84480 c:\windows\LastGood\system32\dllcache\ac97via.sys+ 2011-12-17 15:14 . 2001-08-17 04:20 96256 c:\windows\LastGood\system32\dllcache\ac97intc.sys+ 2011-12-17 15:14 . 2001-08-17 05:52 23552 c:\windows\LastGood\system32\dllcache\abp480n5.sys+ 2011-12-17 15:14 . 2001-08-17 14:36 98304 c:\windows\LastGood\system32\dllcache\a3d.dll+ 2011-12-17 15:14 . 2001-08-17 06:55 38400 c:\windows\LastGood\system32\dllcache\8514a.dll+ 2011-12-17 15:14 . 2008-04-13 18:46 48128 c:\windows\LastGood\system32\dllcache\61883.sys+ 2011-12-17 15:14 . 2008-04-13 18:40 12288 c:\windows\LastGood\system32\dllcache\4mmdat.sys+ 2011-12-17 15:14 . 2001-08-17 06:06 11264 c:\windows\LastGood\system32\dllcache\1394vdbg.sys+ 2011-12-17 15:14 . 2008-04-13 18:46 53376 c:\windows\LastGood\system32\dllcache\1394bus.sys+ 2011-12-17 15:52 . 2011-08-22 23:48 12800 c:\windows\ie8updates\KB2618444-IE8\xpshims.dll+ 2011-12-17 15:52 . 2011-08-22 23:48 66560 c:\windows\ie8updates\KB2618444-IE8\mshtmled.dll+ 2011-12-17 15:52 . 2011-08-22 23:48 55296 c:\windows\ie8updates\KB2618444-IE8\msfeedsbs.dll+ 2011-12-17 15:52 . 2011-08-22 23:48 43520 c:\windows\ie8updates\KB2618444-IE8\licmgr10.dll+ 2011-12-17 15:52 . 2011-08-22 23:48 25600 c:\windows\ie8updates\KB2618444-IE8\jsproxy.dll- 2006-05-29 15:07 . 2004-08-03 16:56 4096 c:\windows\system32\ksuser.dll+ 2006-05-29 15:07 . 2008-04-14 00:11 4096 c:\windows\system32\ksuser.dll+ 2004-08-04 12:00 . 2008-04-14 00:11 8192 c:\windows\system32\dllcache\igmpagnt.dll+ 2011-12-17 15:44 . 2006-10-18 13:47 4096 c:\windows\LastGood\system32\wmvdmoe2.dll+ 2011-12-17 15:44 . 2006-10-18 13:47 4096 c:\windows\LastGood\system32\wmvdmod.dll+ 2011-12-17 15:44 . 2006-10-18 13:47 4096 c:\windows\LastGood\system32\wmsdmoe2.dll+ 2011-12-17 15:44 . 2006-10-18 13:47 4096 c:\windows\LastGood\system32\wmsdmod.dll+ 2011-12-17 15:34 . 2006-10-18 13:47 4096 c:\windows\LastGood\system32\mpg4dmod.dll+ 2011-12-17 15:34 . 2006-10-18 13:47 4096 c:\windows\LastGood\system32\mp4sdmod.dll+ 2011-12-17 15:34 . 2006-10-18 13:47 4096 c:\windows\LastGood\system32\mp43dmod.dll+ 2011-12-17 15:33 . 2004-08-03 16:56 4096 c:\windows\LastGood\system32\ksuser.dll+ 2011-12-17 15:31 . 2001-08-17 06:02 2688 c:\windows\LastGood\system32\dllcache\hidswvd.sys+ 2011-12-17 15:31 . 2001-08-17 06:02 8576 c:\windows\LastGood\system32\dllcache\hidgame.sys+ 2011-12-17 15:20 . 2001-08-17 14:36 5632 c:\windows\LastGood\system32\dllcache\EXCH_adsiisex.dll+ 2011-12-17 15:29 . 2001-08-17 05:46 6400 c:\windows\LastGood\system32\dllcache\enum1394.sys+ 2011-12-17 15:28 . 2001-08-17 14:36 6729 c:\windows\LastGood\system32\dllcache\disrvci.dll+ 2011-12-17 15:28 . 2001-08-17 04:19 3712 c:\windows\LastGood\system32\dllcache\ctljystk.sys+ 2011-12-17 15:28 . 2001-08-17 04:19 6912 c:\windows\LastGood\system32\dllcache\ctlfacem.sys+ 2011-12-17 15:27 . 2008-04-13 18:40 8192 c:\windows\LastGood\system32\dllcache\changer.sys+ 2011-12-17 15:27 . 2004-08-04 12:00 9728 c:\windows\LastGood\system32\dllcache\change.exe+ 2011-12-17 15:27 . 2001-08-17 05:52 7680 c:\windows\LastGood\system32\dllcache\cd20xrnt.sys+ 2011-12-17 15:25 . 2001-08-17 14:36 9728 c:\windows\LastGood\system32\dllcache\brserif.dll+ 2011-12-17 15:25 . 2001-08-17 14:36 5120 c:\windows\LastGood\system32\dllcache\brscnrsm.dll+ 2011-12-17 15:25 . 2001-08-17 05:12 3168 c:\windows\LastGood\system32\dllcache\brparimg.sys+ 2011-12-17 15:25 . 2001-08-17 05:12 3968 c:\windows\LastGood\system32\dllcache\brfiltup.sys+ 2011-12-17 15:25 . 2001-08-17 05:12 2944 c:\windows\LastGood\system32\dllcache\brfilt.sys+ 2011-12-17 15:25 . 2001-08-17 14:36 9728 c:\windows\LastGood\system32\dllcache\brcoinst.dll+ 2011-12-17 15:24 . 2001-08-17 04:49 9472 c:\windows\LastGood\system32\dllcache\ativmdcd.sys+ 2011-12-17 15:21 . 2001-08-17 05:47 6272 c:\windows\LastGood\system32\dllcache\apmbatt.sys+ 2011-12-17 15:20 . 2001-08-17 05:51 5248 c:\windows\LastGood\system32\dllcache\aliide.sys+ 2011-12-17 15:14 . 2001-08-17 05:53 7424 c:\windows\LastGood\system32\dllcache\adicvls.sys+ 2011-12-17 15:23 . 2006-10-18 13:47 7168 c:\windows\LastGood\system32\asferror.dll+ 2004-08-04 12:00 . 2005-01-28 05:44 895736 c:\windows\system32\wmvdmod.dll+ 2004-08-04 12:00 . 2005-01-28 05:44 774904 c:\windows\system32\wmsdmod.dll+ 2004-08-04 12:00 . 2005-01-28 05:44 396528 c:\windows\system32\wmadmod.dll- 2004-08-04 12:00 . 2010-10-03 00:12 218624 c:\windows\system32\uxtheme.dll+ 2004-08-04 12:00 . 2008-04-14 00:12 218624 c:\windows\system32\uxtheme.dll- 2004-08-04 12:00 . 2011-08-22 23:48 105984 c:\windows\system32\url.dll+ 2004-08-04 12:00 . 2011-11-04 19:20 105984 c:\windows\system32\url.dll- 2004-08-04 12:00 . 2011-08-22 23:48 206848 c:\windows\system32\occache.dll+ 2004-08-04 12:00 . 2011-11-04 19:20 206848 c:\windows\system32\occache.dll- 2004-08-04 12:00 . 2011-08-22 23:48 611840 c:\windows\system32\mstime.dll+ 2004-08-04 12:00 . 2011-11-04 19:20 611840 c:\windows\system32\mstime.dll+ 2004-08-04 12:00 . 2005-01-28 05:44 142336 c:\windows\system32\msnetobj.dll- 2006-11-07 13:03 . 2011-08-22 23:48 602112 c:\windows\system32\msfeeds.dll+ 2006-11-07 13:03 . 2011-11-04 19:20 602112 c:\windows\system32\msfeeds.dll+ 2004-08-04 12:00 . 2011-11-04 19:20 184320 c:\windows\system32\iepeers.dll- 2004-08-04 12:00 . 2011-08-22 23:48 184320 c:\windows\system32\iepeers.dll- 2004-08-04 12:00 . 2011-08-22 23:48 387584 c:\windows\system32\iedkcs32.dll+ 2004-08-04 12:00 . 2011-11-04 19:20 387584 c:\windows\system32\iedkcs32.dll- 2004-08-04 12:00 . 2011-08-22 11:56 174080 c:\windows\system32\ie4uinit.exe+ 2004-08-04 12:00 . 2011-11-04 11:24 174080 c:\windows\system32\ie4uinit.exe+ 2004-08-04 12:00 . 2008-04-13 18:45 143872 c:\windows\system32\drivers\usbport.sys+ 2006-05-29 15:07 . 2008-04-13 19:19 146048 c:\windows\system32\drivers\portcls.sys+ 2004-08-03 23:15 . 2008-04-13 19:16 141056 c:\windows\system32\drivers\ks.sys+ 2004-08-04 12:00 . 2011-11-04 19:20 916992 c:\windows\system32\dllcache\wininet.dll- 2004-08-04 12:00 . 2011-08-22 23:48 105984 c:\windows\system32\dllcache\url.dll+ 2004-08-04 12:00 . 2011-11-04 19:20 105984 c:\windows\system32\dllcache\url.dll+ 2004-08-04 12:00 . 2008-04-14 00:12 140288 c:\windows\system32\dllcache\sfc_os.dll+ 2004-08-04 12:00 . 2008-04-14 00:12 101376 c:\windows\system32\dllcache\setupqry.dll+ 2006-05-29 14:48 . 2008-04-14 00:12 141312 c:\windows\system32\dllcache\sessmgr.exe- 2009-04-17 08:25 . 2009-02-06 11:11 110592 c:\windows\system32\dllcache\services.exe+ 2004-08-04 12:00 . 2009-02-06 11:11 110592 c:\windows\system32\dllcache\services.exe- 2004-08-04 12:00 . 2011-08-22 23:48 206848 c:\windows\system32\dllcache\occache.dll+ 2004-08-04 12:00 . 2011-11-04 19:20 206848 c:\windows\system32\dllcache\occache.dll+ 2004-08-04 12:00 . 2008-04-14 00:12 247808 c:\windows\system32\dllcache\newdev.dll+ 2004-08-04 12:00 . 2008-04-14 00:12 245760 c:\windows\system32\dllcache\netui1.dll+ 2004-08-04 12:00 . 2008-04-14 00:16 329728 c:\windows\system32\dllcache\netsetup.exe+ 2004-08-04 12:00 . 2011-11-04 19:20 611840 c:\windows\system32\dllcache\mstime.dll- 2004-08-04 12:00 . 2011-08-22 23:48 611840 c:\windows\system32\dllcache\mstime.dll+ 2007-05-13 08:00 . 2011-11-04 19:20 602112 c:\windows\system32\dllcache\msfeeds.dll- 2007-05-13 08:00 . 2011-08-22 23:48 602112 c:\windows\system32\dllcache\msfeeds.dll+ 2004-08-04 12:00 . 2008-04-14 00:11 153600 c:\windows\system32\dllcache\modemui.dll+ 2004-08-04 12:00 . 2008-04-14 00:12 150528 c:\windows\system32\dllcache\imapi.exe+ 2004-08-04 12:00 . 2008-04-14 00:11 144384 c:\windows\system32\dllcache\imagehlp.dll+ 2004-08-04 12:00 . 2008-04-14 00:11 505344 c:\windows\system32\dllcache\iis.dll+ 2004-08-04 12:00 . 2008-04-14 00:11 135680 c:\windows\system32\dllcache\ifmon.dll+ 2004-08-04 12:00 . 2008-04-14 00:12 114688 c:\windows\system32\dllcache\iexpress.exe+ 2009-06-10 00:04 . 2011-11-04 19:20 247808 c:\windows\system32\dllcache\ieproxy.dll- 2009-06-10 00:04 . 2011-08-22 23:48 247808 c:\windows\system32\dllcache\ieproxy.dll- 2004-08-04 12:00 . 2011-08-22 23:48 184320 c:\windows\system32\dllcache\iepeers.dll+ 2004-08-04 12:00 . 2011-11-04 19:20 184320 c:\windows\system32\dllcache\iepeers.dll- 2010-06-09 00:17 . 2011-08-22 23:48 743424 c:\windows\system32\dllcache\iedvtool.dll+ 2010-06-09 00:17 . 2011-11-04 19:20 743424 c:\windows\system32\dllcache\iedvtool.dll- 2004-08-04 12:00 . 2011-08-22 23:48 387584 c:\windows\system32\dllcache\iedkcs32.dll+ 2004-08-04 12:00 . 2011-11-04 19:20 387584 c:\windows\system32\dllcache\iedkcs32.dll- 2004-08-04 12:00 . 2011-08-22 11:56 174080 c:\windows\system32\dllcache\ie4uinit.exe+ 2004-08-04 12:00 . 2011-11-04 11:24 174080 c:\windows\system32\dllcache\ie4uinit.exe+ 2004-08-04 12:00 . 2008-04-14 00:11 120832 c:\windows\system32\dllcache\idq.dll+ 2004-08-04 12:00 . 2008-04-14 00:11 119808 c:\windows\system32\dllcache\iasrad.dll+ 2004-08-04 12:00 . 2009-10-20 16:20 265728 c:\windows\system32\dllcache\http.sys- 2009-10-20 16:20 . 2009-10-20 16:20 265728 c:\windows\system32\dllcache\http.sys+ 2011-12-17 15:44 . 2006-10-18 13:47 242688 c:\windows\LastGood\system32\wmpasf.dll+ 2011-12-17 15:44 . 2006-10-18 13:47 157184 c:\windows\LastGood\system32\wmidx.dll+ 2011-12-17 15:44 . 2006-10-18 13:47 227328 c:\windows\LastGood\system32\wmerror.dll+ 2011-12-17 15:43 . 2006-10-18 13:47 757248 c:\windows\LastGood\system32\wmadmod.dll+ 2011-12-17 15:43 . 2010-10-03 00:12 218624 c:\windows\LastGood\system32\uxtheme.dll+ 2011-12-17 15:35 . 2006-10-18 13:47 211456 c:\windows\LastGood\system32\qasf.dll+ 2011-12-17 15:34 . 2006-10-18 13:47 321536 c:\windows\LastGood\system32\mswmdm.dll+ 2011-12-17 15:34 . 2006-10-18 13:47 175616 c:\windows\LastGood\system32\mspmsp.dll+ 2011-12-17 15:34 . 2006-10-18 13:47 179712 c:\windows\LastGood\system32\msnetobj.dll+ 2011-12-17 15:43 . 2004-08-03 15:08 142976 c:\windows\LastGood\system32\drivers\usbport.sys+ 2011-12-17 15:35 . 2004-08-03 15:15 145792 c:\windows\LastGood\system32\drivers\portcls.sys+ 2011-12-17 15:33 . 2004-08-03 15:15 140928 c:\windows\LastGood\system32\drivers\ks.sys+ 2011-12-17 15:32 . 2001-08-17 05:28 199711 c:\windows\LastGood\system32\dllcache\hsf_faxx.sys+ 2011-12-17 15:32 . 2001-08-17 05:28 289887 c:\windows\LastGood\system32\dllcache\hsf_fall.sys+ 2011-12-17 15:31 . 2001-08-17 05:28 150239 c:\windows\LastGood\system32\dllcache\hsf_amos.sys+ 2011-12-17 15:31 . 2001-08-17 14:36 165888 c:\windows\LastGood\system32\dllcache\hpgt53.dll+ 2011-12-17 15:31 . 2001-08-17 14:36 126976 c:\windows\LastGood\system32\dllcache\hpgt34tk.dll+ 2011-12-17 15:31 . 2001-08-17 14:36 101376 c:\windows\LastGood\system32\dllcache\hpgt34.dll+ 2011-12-17 15:31 . 2001-08-17 14:36 123392 c:\windows\LastGood\system32\dllcache\hpgt21tk.dll+ 2011-12-17 15:31 . 2001-08-17 14:36 119296 c:\windows\LastGood\system32\dllcache\hpdigwia.dll+ 2011-12-17 15:30 . 2001-08-17 06:56 470144 c:\windows\LastGood\system32\dllcache\g200d.dll+ 2011-12-17 15:30 . 2001-08-17 04:15 454912 c:\windows\LastGood\system32\dllcache\fxusbase.sys+ 2011-12-17 15:30 . 2008-04-14 00:11 154112 c:\windows\LastGood\system32\dllcache\fxsui.dll+ 2011-12-17 15:30 . 2008-04-14 00:11 397312 c:\windows\LastGood\system32\dllcache\fxstiff.dll+ 2011-12-17 15:30 . 2008-04-14 00:11 246272 c:\windows\LastGood\system32\dllcache\fxst30.dll+ 2011-12-17 15:30 . 2008-04-14 00:12 267776 c:\windows\LastGood\system32\dllcache\fxssvc.exe+ 2011-12-17 15:30 . 2008-04-14 00:11 562176 c:\windows\LastGood\system32\dllcache\fxsst.dll+ 2011-12-17 15:30 . 2004-08-04 12:00 132608 c:\windows\LastGood\system32\dllcache\fxsclntr.dll+ 2011-12-17 15:30 . 2008-04-14 00:12 142848 c:\windows\LastGood\system32\dllcache\fxsclnt.exe+ 2011-12-17 15:30 . 2004-08-04 12:00 111104 c:\windows\LastGood\system32\dllcache\fxscfgwz.dll+ 2011-12-17 15:30 . 2008-04-14 00:11 451584 c:\windows\LastGood\system32\dllcache\fxsapi.dll+ 2011-12-17 15:30 . 2001-08-17 04:15 455296 c:\windows\LastGood\system32\dllcache\fusbbase.sys+ 2011-12-17 15:13 . 2007-04-02 16:36 208896 c:\windows\LastGood\system32\dllcache\fpmmcsat.dll+ 2011-12-17 15:13 . 2008-04-14 00:11 598071 c:\windows\LastGood\system32\dllcache\fpmmc.dll+ 2011-12-17 15:13 . 2008-04-14 00:12 188494 c:\windows\LastGood\system32\dllcache\fpcount.exe+ 2011-12-17 15:30 . 2001-08-17 04:14 441728 c:\windows\LastGood\system32\dllcache\fpcmbase.sys+ 2011-12-17 15:30 . 2001-08-17 04:14 444416 c:\windows\LastGood\system32\dllcache\fpcibase.sys+ 2011-12-17 15:13 . 2008-04-14 00:12 109840 c:\windows\LastGood\system32\dllcache\fp98swin.exe+ 2011-12-17 15:13 . 2008-04-14 00:11 876653 c:\windows\LastGood\system32\dllcache\fp4awel.dll+ 2011-12-17 15:13 . 2008-04-14 00:11 102509 c:\windows\LastGood\system32\dllcache\fp4atxt.dll+ 2011-12-17 15:12 . 2008-04-14 00:11 147513 c:\windows\LastGood\system32\dllcache\fp4apws.dll+ 2011-12-17 15:12 . 2008-04-14 00:11 184435 c:\windows\LastGood\system32\dllcache\fp4amsft.dll+ 2011-12-17 15:29 . 2001-08-17 05:28 594238 c:\windows\LastGood\system32\dllcache\es56hpi.sys+ 2011-12-17 15:29 . 2001-08-17 05:28 595647 c:\windows\LastGood\system32\dllcache\es56cvmp.sys+ 2011-12-17 15:29 . 2001-08-17 05:50 144896 c:\windows\LastGood\system32\dllcache\epcfw2k.sys+ 2011-12-17 15:29 . 2001-08-17 04:19 283904 c:\windows\LastGood\system32\dllcache\emu10k1m.sys+ 2011-12-17 15:29 . 2004-08-04 12:00 514587 c:\windows\LastGood\system32\dllcache\edb500.dll+ 2011-12-17 15:29 . 2001-08-17 04:20 334208 c:\windows\LastGood\system32\dllcache\ds1wdm.sys+ 2011-12-17 15:28 . 2001-08-17 14:36 236060 c:\windows\LastGood\system32\dllcache\ditrace.exe+ 2011-12-17 15:28 . 2001-08-17 14:36 614429 c:\windows\LastGood\system32\dllcache\digiview.exe+ 2011-12-17 15:28 . 2001-08-17 14:36 110621 c:\windows\LastGood\system32\dllcache\digirlpt.dll+ 2011-12-17 15:26 . 2001-08-17 04:13 164923 c:\windows\LastGood\system32\dllcache\diapi2.sys+ 2011-12-17 15:12 . 2008-04-14 00:12 188480 c:\windows\LastGood\system32\dllcache\cfgwiz.exe+ 2011-12-17 15:27 . 2001-08-17 05:28 714698 c:\windows\LastGood\system32\dllcache\cbmdmkxx.sys+ 2011-12-17 15:26 . 2008-04-14 00:11 121856 c:\windows\LastGood\system32\dllcache\camext30.dll+ 2011-12-17 15:26 . 2001-08-17 06:04 171264 c:\windows\LastGood\system32\dllcache\camdrv30.sys+ 2011-12-17 15:26 . 2001-08-17 06:05 314752 c:\windows\LastGood\system32\dllcache\camdro21.sys+ 2011-12-17 15:25 . 2001-08-17 14:36 102400 c:\windows\LastGood\system32\dllcache\binlsvc.dll+ 2011-12-17 15:25 . 2001-08-17 05:28 871388 c:\windows\LastGood\system32\dllcache\bcmdm.sys+ 2011-12-17 15:25 . 2001-08-17 06:56 342336 c:\windows\LastGood\system32\dllcache\banshee.dll+ 2011-12-17 15:24 . 2001-08-17 14:36 144384 c:\windows\LastGood\system32\dllcache\avmenum.dll+ 2011-12-17 15:24 . 2001-08-17 06:56 104832 c:\windows\LastGood\system32\dllcache\atiraged.dll+ 2011-12-17 15:24 . 2001-08-17 04:48 281600 c:\windows\LastGood\system32\dllcache\atimtai.sys+ 2011-12-17 15:23 . 2001-08-17 04:48 289664 c:\windows\LastGood\system32\dllcache\atimpab.sys+ 2011-12-17 15:23 . 2001-08-17 06:56 268160 c:\windows\LastGood\system32\dllcache\atidvai.dll+ 2011-12-17 15:23 . 2001-08-17 06:56 137216 c:\windows\LastGood\system32\dllcache\atidrae.dll+ 2011-12-17 15:23 . 2001-08-17 06:55 382592 c:\windows\LastGood\system32\dllcache\atidrab.dll+ 2011-12-17 15:23 . 2008-04-14 00:11 331264 c:\windows\LastGood\system32\dllcache\aqueue.dll+ 2011-12-17 15:15 . 2001-08-17 06:07 101888 c:\windows\LastGood\system32\dllcache\adpu160m.sys+ 2011-12-17 15:15 . 2001-08-17 04:19 747392 c:\windows\LastGood\system32\dllcache\adm8830.sys+ 2011-12-17 15:15 . 2001-08-17 04:19 553984 c:\windows\LastGood\system32\dllcache\adm8820.sys+ 2011-12-17 15:15 . 2001-08-17 04:19 584448 c:\windows\LastGood\system32\dllcache\adm8810.sys+ 2011-12-17 15:14 . 2001-08-17 04:20 297728 c:\windows\LastGood\system32\dllcache\ac97sis.sys+ 2011-12-17 15:14 . 2004-08-03 14:32 231552 c:\windows\LastGood\system32\dllcache\ac97ali.sys+ 2011-12-17 15:14 . 2001-08-17 14:36 462848 c:\windows\LastGood\system32\dllcache\a3dapi.dll+ 2011-12-17 15:14 . 2001-08-17 04:48 148352 c:\windows\LastGood\system32\dllcache\3dfxvsm.sys+ 2011-12-17 15:14 . 2001-08-17 06:55 689216 c:\windows\LastGood\system32\dllcache\3dfxvs.dll+ 2011-12-17 15:14 . 2001-08-17 05:28 762780 c:\windows\LastGood\system32\dllcache\3cwmcru.sys+ 2011-12-17 15:27 . 2006-10-18 13:47 229376 c:\windows\LastGood\system32\cewmdm.dll+ 2011-12-17 15:52 . 2011-08-22 23:48 916480 c:\windows\ie8updates\KB2618444-IE8\wininet.dll+ 2011-12-17 15:52 . 2011-08-22 23:48 105984 c:\windows\ie8updates\KB2618444-IE8\url.dll+ 2011-12-17 15:52 . 2010-07-05 13:16 382840 c:\windows\ie8updates\KB2618444-IE8\spuninst\updspapi.dll+ 2011-12-17 15:52 . 2010-07-05 13:15 231288 c:\windows\ie8updates\KB2618444-IE8\spuninst\spuninst.exe+ 2011-12-17 15:52 . 2011-08-22 23:48 206848 c:\windows\ie8updates\KB2618444-IE8\occache.dll+ 2011-12-17 15:52 . 2011-08-22 23:48 611840 c:\windows\ie8updates\KB2618444-IE8\mstime.dll+ 2011-12-17 15:52 . 2011-08-22 23:48 602112 c:\windows\ie8updates\KB2618444-IE8\msfeeds.dll+ 2011-12-17 15:52 . 2011-08-22 23:48 247808 c:\windows\ie8updates\KB2618444-IE8\ieproxy.dll+ 2011-12-17 15:52 . 2011-08-22 23:48 184320 c:\windows\ie8updates\KB2618444-IE8\iepeers.dll+ 2011-12-17 15:52 . 2011-08-22 23:48 743424 c:\windows\ie8updates\KB2618444-IE8\iedvtool.dll+ 2011-12-17 15:52 . 2011-08-22 23:48 387584 c:\windows\ie8updates\KB2618444-IE8\iedkcs32.dll+ 2011-12-17 15:52 . 2011-08-22 11:56 174080 c:\windows\ie8updates\KB2618444-IE8\ie4uinit.exe- 2004-08-04 12:00 . 2011-08-22 23:48 1212416 c:\windows\system32\urlmon.dll+ 2004-08-04 12:00 . 2011-11-04 19:20 1212416 c:\windows\system32\urlmon.dll+ 2004-08-04 12:00 . 2011-11-04 19:20 5978112 c:\windows\system32\mshtml.dll- 2006-10-17 03:57 . 2011-08-22 23:48 2000384 c:\windows\system32\iertutil.dll+ 2006-10-17 03:57 . 2011-11-04 19:20 2000384 c:\windows\system32\iertutil.dll+ 2004-08-04 12:00 . 2011-11-04 19:20 1212416 c:\windows\system32\dllcache\urlmon.dll- 2004-08-04 12:00 . 2011-08-22 23:48 1212416 c:\windows\system32\dllcache\urlmon.dll+ 2004-08-04 12:00 . 2011-01-21 14:44 8462336 c:\windows\system32\dllcache\shell32.dll- 2008-06-17 19:02 . 2011-01-21 14:44 8462336 c:\windows\system32\dllcache\shell32.dll- 2008-10-15 06:59 . 2011-10-25 12:52 2069376 c:\windows\system32\dllcache\ntkrnlpa.exe+ 2004-08-03 22:59 . 2011-10-25 12:52 2069376 c:\windows\system32\dllcache\ntkrnlpa.exe+ 2004-08-04 12:00 . 2008-04-14 00:12 1703936 c:\windows\system32\dllcache\netshell.dll+ 2004-08-04 12:00 . 2011-11-04 19:20 5978112 c:\windows\system32\dllcache\mshtml.dll- 2010-03-10 10:11 . 2010-06-18 13:36 3558912 c:\windows\system32\dllcache\moviemk.exe+ 2006-05-29 14:50 . 2010-06-18 13:36 3558912 c:\windows\system32\dllcache\moviemk.exe+ 2007-05-13 08:00 . 2011-11-04 19:20 2000384 c:\windows\system32\dllcache\iertutil.dll- 2007-05-13 08:00 . 2011-08-22 23:48 2000384 c:\windows\system32\dllcache\iertutil.dll+ 2009-01-11 06:00 . 2004-08-03 14:41 1041536 c:\windows\system32\dllcache\hsfdpsp2.sys+ 2004-08-04 12:00 . 2008-04-14 00:11 1025024 c:\windows\system32\dllcache\browseui.dll+ 2011-12-17 15:44 . 2006-10-18 13:47 1329152 c:\windows\LastGood\system32\wmspdmoe.dll+ 2011-12-17 15:44 . 2006-10-18 13:47 8231936 c:\windows\LastGood\system32\wmploc.dll+ 2011-12-17 15:43 . 2006-10-18 13:47 1117696 c:\windows\LastGood\system32\wmadmoe.dll+ 2011-12-17 15:13 . 2011-10-25 13:37 2148864 c:\windows\LastGood\system32\dllcache\ntkrnlmp.exe+ 2011-12-17 15:52 . 2011-08-22 23:48 1212416 c:\windows\ie8updates\KB2618444-IE8\urlmon.dll+ 2011-12-17 15:52 . 2011-10-03 08:35 5971456 c:\windows\ie8updates\KB2618444-IE8\mshtml.dll+ 2011-12-17 15:52 . 2011-08-22 23:48 2000384 c:\windows\ie8updates\KB2618444-IE8\iertutil.dll- 2006-11-07 13:03 . 2011-08-23 09:48 11081728 c:\windows\system32\ieframe.dll+ 2006-11-07 13:03 . 2011-11-04 19:20 11081728 c:\windows\system32\ieframe.dll- 2007-05-13 08:00 . 2011-08-23 09:48 11081728 c:\windows\system32\dllcache\ieframe.dll+ 2007-05-13 08:00 . 2011-11-04 19:20 11081728 c:\windows\system32\dllcache\ieframe.dll+ 2011-12-17 15:52 . 2011-08-23 09:48 11081728 c:\windows\ie8updates\KB2618444-IE8\ieframe.dll.-- Snapshot reset to current date --.((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))..*Note* empty entries & legit default entries are not shown REGEDIT4.[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\00avast]@="{472083B0-C522-11CF-8763-00608CC02F24}"[HKEY_CLASSES_ROOT\CLSID\{472083B0-C522-11CF-8763-00608CC02F24}]2011-11-28 18:01 122512 ----a-w- c:\program files\AVAST Software\Avast\ashShell.dll.[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]"WMPNSCFG"="c:\program files\Windows Media Player\WMPNSCFG.exe" [2006-10-18 204288].[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]"Broadcom Wireless Manager UI"="c:\windows\system32\WLTRAY" [X]"SynTPLpr"="c:\program files\Synaptics\SynTP\SynTPLpr.exe" [2005-02-04 102490]"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2005-02-04 708698]"IMJPMIG8.1"="c:\windows\IME\imjp8_1\IMJPMIG.EXE" [2004-08-04 208952]"MSPY2002"="c:\windows\system32\IME\PINTLGNT\ImScInst.exe" [2004-08-04 59392]"PHIME2002ASync"="c:\windows\system32\IME\TINTLGNT\TINTSETP.EXE" [2004-08-04 455168]"PHIME2002A"="c:\windows\system32\IME\TINTLGNT\TINTSETP.EXE" [2004-08-04 455168]"SoundMan"="SOUNDMAN.EXE" [2005-04-15 77824]"LaunchAp"="c:\program files\Launch Manager\LaunchAp.exe" [2005-07-25 32768]"PowerKey"="c:\program files\Launch Manager\PowerKey.exe" [2002-08-30 94208]"LManager"="c:\program files\Launch Manager\HotkeyApp.exe" [2005-11-08 69632]"CtrlVol"="c:\program files\Launch Manager\CtrlVol.exe" [2003-09-16 20480]"LMgrOSD"="c:\program files\Launch Manager\OSDCtrl.exe" [2005-07-25 241664]"Wbutton"="c:\program files\Launch Manager\Wbutton.exe" [2005-11-08 81920]"IgfxTray"="c:\windows\system32\igfxtray.exe" [2007-01-13 131072]"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2007-01-13 163840]"Persistence"="c:\windows\system32\igfxpers.exe" [2007-01-13 135168]"avast"="c:\program files\AVAST Software\Avast\avastUI.exe" [2011-11-28 3744552]"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2011-06-06 937920].[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]"DWQueuedReporting"="c:\progra~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" [2007-02-25 437160]"ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2008-04-14 15360].[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WinDefend]@="Service".[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe ARM]2011-06-06 04:55 937920 ----a-w- c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe.[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]2011-09-05 17:04 35736 ----a-w- c:\program files\Adobe\Reader 10.0\Reader\reader_sl.exe.[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MobileConnect]2008-07-04 04:52 2072576 ----a-w- c:\program files\Vodafone\Vodafone Mobile Connect\Bin\MobileConnect.exe.[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Windows Defender]2006-11-03 11:20 866584 ----a-w- c:\program files\Windows Defender\MSASCui.exe.[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WMPNSCFG]2006-10-18 12:05 204288 ------w- c:\program files\Windows Media Player\wmpnscfg.exe.[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]"%windir%\\system32\\sessmgr.exe"="c:\\WINDOWS\\system32\\dpvsetup.exe"="c:\\Program Files\\NetMeeting\\conf.exe"="c:\\Program Files\\Messenger\\msmsgs.exe"="%windir%\\Network Diagnostic\\xpnetdiag.exe"="c:\\Program Files\\Windows Live\\Sync\\WindowsLiveSync.exe"=.R1 aswSnx;aswSnx;c:\windows\system32\drivers\aswSnx.sys [6/12/2011 3:00 PM 435032]R1 aswSP;aswSP;c:\windows\system32\drivers\aswSP.sys [6/12/2011 3:00 PM 314456]R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [6/12/2011 3:00 PM 20568]R2 VMCService;Vodafone Mobile Connect Service;c:\program files\Vodafone\Vodafone Mobile Connect\Bin\VMCService.exe [7/4/2008 12:52 PM 14336]R3 POWERKEY;POWERKEY;c:\program files\Launch Manager\POWERKEY.SYS [8/9/2006 5:18 PM 2343]S1 mailKmd;mailKmd; [x]S2 gupdate;Google Update Service (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [12/24/2010 9:37 AM 136176]S3 camvid20;Philips ToUcam Camera; Video;c:\windows\system32\drivers\camdrv21.sys [8/9/2006 5:33 PM 223232]S3 EagleXNt;EagleXNt;\??\c:\windows\system32\drivers\EagleXNt.sys --> c:\windows\system32\drivers\EagleXNt.sys [?]S3 gupdatem;Google Update Service (gupdatem);c:\program files\Google\Update\GoogleUpdate.exe [12/24/2010 9:37 AM 136176]S3 MatSvc;Microsoft Automated Troubleshooting Service;c:\program files\Microsoft Fix it Center\Matsvc.exe [4/10/2010 5:05 PM 266544]S3 Mkd2kfNt;Mkd2kfNt;c:\windows\system32\drivers\Mkd2kfNT.sys [4/22/2009 2:49 PM 133632]S3 Mkd2Nadr;Mkd2Nadr;c:\windows\system32\drivers\Mkd2Nadr.sys [4/22/2009 2:49 PM 79360]S3 npggsvc;nProtect GameGuard Service;c:\windows\system32\GameMon.des -service --> c:\windows\system32\GameMon.des -service [?]S4 WinDefend;Windows Defender;c:\program files\Windows Defender\MsMpEng.exe [11/3/2006 7:19 PM 13592].Contents of the 'Scheduled Tasks' folder.2011-03-16 c:\windows\Tasks\AppleSoftwareUpdate.job- c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 04:34].2011-12-17 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job- c:\program files\Google\Update\GoogleUpdate.exe [2010-12-24 14:42].2011-12-17 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job- c:\program files\Google\Update\GoogleUpdate.exe [2010-12-24 14:42].2011-10-01 c:\windows\Tasks\MP Scheduled Scan.job- c:\program files\Windows Defender\MpCmdRun.exe [2006-11-03 11:20]..------- Supplementary Scan -------.uStart Page = hxxp://sg.yahoo.com/IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000TCP: DhcpNameServer = 192.168.1.254DPF: {3AC7F64E-6154-47B0-82B5-764ED4077F77} - hxxp://txn.hkjc.com/BetSlip/object/HKJCSecKey.cabFF - ProfilePath - c:\documents and settings\kelvin\Application Data\Mozilla\Firefox\Profiles\jnwwztep.default\FF - prefs.js: browser.startup.homepage - hxxp://sg.yahoo.com/..**************************************************************************.catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.netRootkit scan 2011-12-18 00:05Windows 5.1.2600 Service Pack 3 NTFS.scanning hidden processes ... .scanning hidden autostart entries ... .scanning hidden files ... .scan completed successfullyhidden files: 0.**************************************************************************.[HKEY_LOCAL_MACHINE\System\ControlSet002\Services\npggsvc]"ImagePath"="c:\windows\system32\GameMon.des -service".--------------------- DLLs Loaded Under Running Processes ---------------------.- - - - - - - > 'winlogon.exe'(588)c:\windows\System32\BCMLogon.dll.Completion time: 2011-12-17 23:10:51ComboFix-quarantined-files.txt 2011-12-17 15:10ComboFix2.txt 2011-12-17 15:37.Pre-Run: 586,194,944 bytes freePost-Run: 889,016,320 bytes free.- - End Of File - - 3045CA2577B22E43D5BE28D255703B2B Link to post Share on other sites More sharing options...
Elise Posted December 20, 2011 ID:506898 Share Posted December 20, 2011 How are things running at this point? Any problem left? Link to post Share on other sites More sharing options...
Darkness Posted December 20, 2011 Author ID:506919 Share Posted December 20, 2011 The computer seems to be working faster now, however sometimes the computer isn't able to shutdown. Thanks for all the help too. Link to post Share on other sites More sharing options...
Elise Posted December 20, 2011 ID:506930 Share Posted December 20, 2011 How often is the computer not able to shut down (does it only occur every once in a while, or daily)?Please rerun OTL. Click the NONE button, then change the value under Extra Registry to Use Safelist and click Run Scan. This will create extra.txt. Please post its contents in your next reply. Link to post Share on other sites More sharing options...
Darkness Posted December 22, 2011 Author ID:507916 Share Posted December 22, 2011 It seems like 70% of the time the computer would not shutdown.Extras.TxtOTL Extras logfile created on: 12/17/2011 11:13:27 PM - Run 3OTL by OldTimer - Version 3.2.31.0 Folder = C:\Documents and Settings\kelvin\DesktopWindows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstationInternet Explorer (Version = 8.0.6001.18702)Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy758.42 Mb Total Physical Memory | 374.91 Mb Available Physical Memory | 49.43% Memory free1.06 Gb Paging File | 0.74 Gb Available in Paging File | 70.08% Paging File freePaging file location(s): C:\pagefile.sys 372 744 [binary data]%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program FilesDrive C: | 15.14 Gb Total Space | 0.71 Gb Free Space | 4.66% Space Free | Partition Type: NTFSDrive D: | 20.00 Gb Total Space | 7.63 Gb Free Space | 38.16% Space Free | Partition Type: NTFSComputer Name: JUSTIN-743CC739 | User Name: kelvin | Logged in as Administrator.Boot Mode: Normal | Scan Mode: Current userCompany Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: Off | File Age = 30 Days========== Extra Registry (SafeList) ==================== File Associations ==========[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>].cpl [@ = cplfile] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*.url [@ = InternetShortcut] -- rundll32.exe ieframe.dll,OpenURL %l[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>].html [@ = FirefoxHTML] -- "C:\Program Files\Mozilla Firefox\firefox.exe" -requestPending -osint -url "%1"========== Shell Spawning ==========[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]batfile [open] -- "%1" %*cmdfile [open] -- "%1" %*comfile [open] -- "%1" %*cplfile [cplopen] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*exefile [open] -- "%1" %*InternetShortcut [open] -- rundll32.exe ieframe.dll,OpenURL %lpiffile [open] -- "%1" %*regfile [merge] -- Reg Error: Key error.scrfile [config] -- "%1"scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %lscrfile [open] -- "%1" /Stxtfile [edit] -- Reg Error: Key error.Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation)Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation)Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)========== Security Center Settings ==========[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]"FirstRunDisabled" = 1"AntiVirusDisableNotify" = 0"FirewallDisableNotify" = 0"UpdatesDisableNotify" = 0"AntiVirusOverride" = 0"FirewallOverride" = 0[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring][HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus][HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus][HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus][HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus][HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall][HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus][HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall][HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus][HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus][HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall][HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall][HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus][HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall][HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]========== System Restore Settings ==========[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]"DisableSR" = 0[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Sr]"Start" = 0[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SrService]"Start" = 2========== Firewall Settings ==========[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall][HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile][HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile][HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile][HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\List]"1900:UDP" = 1900:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22007"2869:TCP" = 2869:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22008"10243:TCP" = 10243:TCP:LocalSubNet:Enabled:Windows Media Player Network Sharing Service"10280:UDP" = 10280:UDP:LocalSubNet:Enabled:Windows Media Player Network Sharing Service"10281:UDP" = 10281:UDP:LocalSubNet:Enabled:Windows Media Player Network Sharing Service"10282:UDP" = 10282:UDP:LocalSubNet:Enabled:Windows Media Player Network Sharing Service"10283:UDP" = 10283:UDP:LocalSubNet:Enabled:Windows Media Player Network Sharing Service"10284:UDP" = 10284:UDP:LocalSubNet:Enabled:Windows Media Player Network Sharing Service[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]"EnableFirewall" = 1"DoNotAllowExceptions" = 0"DisableNotifications" = 0[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]"1900:UDP" = 1900:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22007"2869:TCP" = 2869:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22008"10243:TCP" = 10243:TCP:LocalSubNet:Enabled:Windows Media Player Network Sharing Service"10280:UDP" = 10280:UDP:LocalSubNet:Enabled:Windows Media Player Network Sharing Service"10281:UDP" = 10281:UDP:LocalSubNet:Enabled:Windows Media Player Network Sharing Service"10282:UDP" = 10282:UDP:LocalSubNet:Enabled:Windows Media Player Network Sharing Service"10283:UDP" = 10283:UDP:LocalSubNet:Enabled:Windows Media Player Network Sharing Service"10284:UDP" = 10284:UDP:LocalSubNet:Enabled:Windows Media Player Network Sharing Service========== Authorized Applications List ==========[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]"C:\Program Files\MSN Messenger\livecall.exe" = C:\Program Files\MSN Messenger\livecall.exe:*:Enabled:Windows Live Messenger 8.1 (Phone)"C:\Program Files\Windows Live\Messenger\wlcsdk.exe" = C:\Program Files\Windows Live\Messenger\wlcsdk.exe:*:Enabled:Windows Live Call[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]"C:\WINDOWS\system32\dpvsetup.exe" = C:\WINDOWS\system32\dpvsetup.exe:*:Enabled:Microsoft DirectPlay Voice Test -- (Microsoft Corporation)"C:\Program Files\NetMeeting\conf.exe" = C:\Program Files\NetMeeting\conf.exe:*:Enabled:Windows® NetMeeting® -- (Microsoft Corporation)========== HKEY_LOCAL_MACHINE Uninstall List ==========[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148"{205C6BDD-7B73-42DE-8505-9A093F35A238}" = Windows Live Upload Tool"{22B775E7-6C42-4FC5-8E10-9A5E3257BD94}" = MSVCRT"{26A24AE4-039D-4CA4-87B4-2F83216017FF}" = Java 6 Update 24"{2DC94AFD-A6E2-4AB4-9132-4A3F8E07B386}" = Apple Application Support"{3175E049-F9A9-4A3D-8F19-AC9FB04514D1}" = Windows Live Communications Platform"{350C97B0-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP"{45338B07-A236-4270-9A77-EBB4115517B5}" = Windows Live Sign-in Assistant"{474F25F5-BDC9-40E5-B1B6-F6BF23FC106F}" = Windows Live Essentials"{4B4E8814-F682-4197-8F4B-E9FFC6F08977}" = System Requirements Lab for Intel"{6956856F-B6B3-4BE0-BA0B-8F495BE32033}" = Apple Software Update"{69FDFBB6-351D-4B8C-89D8-867DC9D0A2A4}" = Windows Media Player Firefox Plugin"{7E20EFE6-E604-48C6-8B39-BA4742F2CDB4}" = Zune Desktop Theme"{80EAC1F5-3067-4E57-A09F-3AF728C59FE5}" = MapleStory"{86CE85E6-DBAC-3FFD-B977-E4B79F83C909}" = Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight"{90120000-0020-0409-0000-0000000FF1CE}" = Compatibility Pack for the 2007 Office system"{91110409-6000-11D3-8CFE-0150048383C9}" = Microsoft Office Professional Edition 2003"{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161"{A06275F4-324B-4E85-95E6-87B2CD729401}" = Windows Defender"{A1F66FC9-11EE-4F2F-98C9-16F8D1E69FB7}" = Segoe UI"{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}" = Microsoft .NET Framework 3.0 Service Pack 2"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper"{AC76BA86-7AD7-1033-7B44-AA1000000001}" = Adobe Reader X (10.1.1)"{AC76BA86-7AD7-5464-3428-800000000003}" = Spelling Dictionaries Support For Adobe Reader 8"{B10914FD-8812-47A4-85A1-50FCDE7F1F33}" = Windows Live Sync"{B194272D-1F92-46DF-99EB-8D5CE91CB4EC}" = Adobe AIR"{B2974D26-9080-4FA4-B344-DA2D314F41DC}" = Vodafone Mobile Connect Lite Runtime Components"{B7588D45-AFDC-4C93-9E2E-A100F3554B64}" = Microsoft Fix it Center"{BA68600E-96D9-4E92-80F2-26B9681B5A63}" = Microsoft Office Outlook 2003 with Business Contact Manager Update"{BAF78226-3200-4DB4-BE33-4D922A799840}" = Windows Presentation Foundation"{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}" = Microsoft .NET Framework 2.0 Service Pack 2"{C656142F-EFE1-44CD-BFAD-6CBC6DCB9860}" = Vodafone Mobile Connect Lite"{c9920352-04e6-469d-bab8-e2b9c7c75415}.sdb" = Microsoft Automated Troubleshooting Services Shim"{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1"{D0846526-66DD-4DC9-A02C-98F9A2806812}" = Launch Manager V1.0.9.3"{DE263C93-46AF-7B0A-1D3C-FC22F7C32574}" = MyFonts Order M2509539"{E6158D07-2637-4ECF-B576-37C489669174}" = Windows Live Call"{F0E12BBA-AD66-4022-A453-A1C8A0C4D570}" = Microsoft Choice Guard"7-Zip" = 7-Zip 4.65"Adobe AIR" = Adobe AIR"Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin"Adobe Shockwave Player" = Adobe Shockwave Player 11.5"AhnLab Online Security" = AhnLab Online Security"avast" = avast! Free Antivirus"Broadcom 802.11b Network Adapter" = Broadcom 802.11 Network Adapter"CCleaner" = CCleaner"CNXT_MODEM_PCI_VEN_8086&DEV_266D_CplEFL5k" = Soft Data Fax Modem with SmartCP"Defraggler" = Defraggler"HDMI" = Intel® Graphics Media Accelerator Driver"IDNMitigationAPIs" = Microsoft Internationalized Domain Names Mitigation APIs"ie7" = Windows Internet Explorer 7"ie8" = Windows Internet Explorer 8"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware version 1.51.2.1300"Microsoft .NET Framework 1.1 (1033)" = Microsoft .NET Framework 1.1"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1"Mozilla Firefox 4.0 (x86 en-GB)" = Mozilla Firefox 4.0 (x86 en-GB)"MSCompPackV1" = Microsoft Compression Client Pack 1.0 for Windows XP"MWSnap 3" = MWSnap 3"NEXON Screen Saver_is1" = NEXON Screen Saver"NLSDownlevelMapping" = Microsoft National Language Support Downlevel APIs"Revo Uninstaller" = Revo Uninstaller 1.92"Speccy" = Speccy"SynTPDeinstKey" = Synaptics Pointing Device Driver"WIC" = Windows Imaging Component"Windows Media Format Runtime" = Windows Media Format 11 runtime"Windows Media Player" = Windows Media Player 11"Windows XP Service Pack" = Windows XP Service Pack 3"WinGimp-2.0_is1" = GIMP 2.6.11"WinLiveSuite_Wave3" = Windows Live Essentials"WMCSetup" = Windows Media Connect"WMFDist11" = Windows Media Format 11 runtime"wmp11" = Windows Media Player 11"Wudf01005" = Microsoft User-Mode Driver Framework Feature Pack 1.5"xp-AntiSpy" = xp-AntiSpy 3.95-2"XpsEPSC" = XML Paper Specification Shared Components Pack 1.0========== Last 10 Event Log Errors ==========[ Application Events ]Error - 12/17/2011 11:08:31 AM | Computer Name = JUSTIN-743CC739 | Source = VMCService | ID = 0Description = conflictManagerTypeValueError - 12/17/2011 11:08:34 AM | Computer Name = JUSTIN-743CC739 | Source = VMCService | ID = 0Description = conflictManagerTypeValueError - 12/17/2011 11:08:11 AM | Computer Name = JUSTIN-743CC739 | Source = VMCService | ID = 0Description = conflictManagerTypeValueError - 12/17/2011 11:08:04 AM | Computer Name = JUSTIN-743CC739 | Source = VMCService | ID = 0Description = conflictManagerTypeValueError - 12/17/2011 11:08:19 AM | Computer Name = JUSTIN-743CC739 | Source = VMCService | ID = 0Description = conflictManagerTypeValueError - 12/17/2011 11:08:15 AM | Computer Name = JUSTIN-743CC739 | Source = VMCService | ID = 0Description = conflictManagerTypeValueError - 12/17/2011 11:08:13 AM | Computer Name = JUSTIN-743CC739 | Source = VMCService | ID = 0Description = conflictManagerTypeValueError - 12/17/2011 11:08:22 AM | Computer Name = JUSTIN-743CC739 | Source = VMCService | ID = 0Description = conflictManagerTypeValueError - 12/17/2011 11:08:09 AM | Computer Name = JUSTIN-743CC739 | Source = VMCService | ID = 0Description = conflictManagerTypeValueError - 12/17/2011 11:08:08 AM | Computer Name = JUSTIN-743CC739 | Source = VMCService | ID = 0Description = conflictManagerTypeValue[ System Events ]Error - 12/17/2011 11:51:13 AM | Computer Name = JUSTIN-743CC739 | Source = Service Control Manager | ID = 7031Description = The Windows Media Player Network Sharing Service service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 30000 milliseconds: Restart the service.Error - 12/17/2011 11:52:24 AM | Computer Name = JUSTIN-743CC739 | Source = Service Control Manager | ID = 7031Description = The Windows Media Player Network Sharing Service service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 30000 milliseconds: Restart the service.Error - 12/17/2011 11:59:11 AM | Computer Name = JUSTIN-743CC739 | Source = Service Control Manager | ID = 7031Description = The Windows Media Player Network Sharing Service service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 30000 milliseconds: Restart the service.Error - 12/17/2011 12:00:13 PM | Computer Name = JUSTIN-743CC739 | Source = Service Control Manager | ID = 7031Description = The Windows Media Player Network Sharing Service service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 30000 milliseconds: Restart the service.Error - 12/17/2011 11:08:35 AM | Computer Name = JUSTIN-743CC739 | Source = Dhcp | ID = 1002Description = The IP address lease 192.168.1.16 for the Network Card with network address 0016CE3EAC1E has been denied by the DHCP server 0.0.0.0 (The DHCP Server sent a DHCPNACK message).Error - 12/17/2011 11:08:16 AM | Computer Name = JUSTIN-743CC739 | Source = Service Control Manager | ID = 7000Description = The npkcrypt service failed to start due to the following error: %%2Error - 12/17/2011 11:08:16 AM | Computer Name = JUSTIN-743CC739 | Source = Service Control Manager | ID = 7000Description = The npkcrypt service failed to start due to the following error: %%2Error - 12/17/2011 11:08:22 AM | Computer Name = JUSTIN-743CC739 | Source = Service Control Manager | ID = 7000Description = The npkcrypt service failed to start due to the following error: %%2Error - 12/17/2011 11:08:13 AM | Computer Name = JUSTIN-743CC739 | Source = Service Control Manager | ID = 7000Description = The npkcrypt service failed to start due to the following error: %%2Error - 12/17/2011 11:08:09 AM | Computer Name = JUSTIN-743CC739 | Source = Service Control Manager | ID = 7000Description = The npkcrypt service failed to start due to the following error: %%2< End of report > Link to post Share on other sites More sharing options...
Elise Posted December 22, 2011 ID:508002 Share Posted December 22, 2011 Can you disable or uninstall Vodafone Mobile Connect and see if shutting down still hangs? Link to post Share on other sites More sharing options...
Darkness Posted December 28, 2011 Author ID:510254 Share Posted December 28, 2011 Can you disable or uninstall Vodafone Mobile Connect and see if shutting down still hangs?Hi,Sorry for the late reply, uninstalled it and it sometimes still would not shutdown. Link to post Share on other sites More sharing options...
Elise Posted December 28, 2011 ID:510334 Share Posted December 28, 2011 Unless this is a persistent problem there really is little we can do about it. Try to find a common cause (for example a certain device plugged in or a certain program running).Your version of Java is out of date. Older versions have vulnerabilities that malicious sites can use to exploit and infect your system. Download the latest version of Java Runtime Environment (JRE) Version 7u2.Look for "JDK 7u2 (JDK or JRE).Click the "Download JRE" button at the right.Read the License Agreement, and then check the box that says: "Accept License Agreement".Select "Windows x86 Offline" and click on jre-7-windows-i586.exe [*]Save it to your desktop[*]Close any programs you may have running - especially your web browser.[*]Uninstall all older versions of Java (any item with Java Runtime Environment, JRE or J2SE in the name).[*]Reboot your computer once all Java components are removed.[*]Install the newest version by double clicking (run as Administrator for Windows Vista/Seven) the downloaded file.ESET ONLINE SCANNER----------------------------I'd like us to scan your machine with ESET OnlineScanHold down Control and click on this link to open ESET OnlineScan in a new window.Click the button.For alternate browsers only: (Microsoft Internet Explorer users can skip these steps)Click on esetsmartinstaller_enu.exe to download the ESET Smart Installer. Save it to your desktop.Double click on the icon on your desktop.Check "YES, I accept the Terms of Use."Click the Start button.Accept any security warnings from your browser.Under scan settings, check "Scan Archives" and "Remove found threats" Click Advanced settings and select the following:Scan potentially unwanted applicationsScan for potentially unsafe applicationsEnable Anti-Stealth technology[*]ESET will then download updates for itself, install itself, and begin scanning your computer. Please be patient as this can take some time.[*]When the scan completes, click List Threats[*]Click Export, and save the file to your desktop using a unique name, such as ESETScan. Include the contents of this report in your next reply.[*]Click the Back button.[*]Click the Finish button. Link to post Share on other sites More sharing options...
Staff screen317 Posted February 22, 2012 Staff ID:529505 Share Posted February 22, 2012 Are you still with us? This topic will be closed in a few days if we do not hear back from you. Link to post Share on other sites More sharing options...
Staff screen317 Posted February 28, 2012 Staff ID:531356 Share Posted February 28, 2012 Due to the lack of feedback this topic is closed to prevent others from posting here. If you need this topic reopened, please send a Private Message to any one of the moderating team members. Please include a link to this thread with your request. This applies only to the originator of this thread. Other members who need assistance please start your own topic in a new thread. Thanks! Link to post Share on other sites More sharing options...
Recommended Posts