Jump to content

Rootkit


Recommended Posts

When I start up my computer, avast told me that there is a rootkit so I click on Delete File after the computer restarts, the same exact message show up and I went to ran full-scan in MalwareBytes. After that I ran DDS but my computer hanged at round 70 to 80 % completed then I went to force shutdown and restart my computer but avast doesn't show me the message again.

(Note: The computer time somehow got reset.)

MBAM Log:

Malwarebytes' Anti-Malware 1.51.2.1300

www.malwarebytes.org

Database version: 8322

Windows 5.1.2600 Service Pack 3

Internet Explorer 8.0.6001.18702

12/1/2011 3:45:14 AM

mbam-log-2011-12-01 (03-45-14).txt

Scan type: Full scan (C:\|D:\|)

Objects scanned: 90272

Time elapsed: 1 hour(s), 17 minute(s), 34 second(s)

Memory Processes Infected: 0

Memory Modules Infected: 0

Registry Keys Infected: 0

Registry Values Infected: 0

Registry Data Items Infected: 0

Folders Infected: 0

Files Infected: 0

Memory Processes Infected:

(No malicious items detected)

Memory Modules Infected:

(No malicious items detected)

Registry Keys Infected:

(No malicious items detected)

Registry Values Infected:

(No malicious items detected)

Registry Data Items Infected:

(No malicious items detected)

Folders Infected:

(No malicious items detected)

Files Infected:

(No malicious items detected)

Link to post
Share on other sites

Hello and :welcome:

Can you give me the exact message Avast displays?

We need to see some information about what is happening in your machine. Please perform the following scan:

  • Download DDS by sUBs from one of the following links. Save it to your desktop.

    [*]Double click on the DDS icon, allow it to run.

    [*]A small box will open, with an explaination about the tool. No input is needed, the scan is running.

    [*]Notepad will open with the results.

    [*]Follow the instructions that pop up for posting the results.

    [*]Close the program window, and delete the program from your desktop.

Please note: You may have to disable any script protection running if the scan fails to run. After downloading the tool, disconnect from the internet and disable all antivirus protection. Run the scan, enable your A/V and reconnect to the internet.

Information on A/V control HERE

Link to post
Share on other sites

Avast doesn't seem to display that message anymore (When I first saw it it was located at system32/drivers and it is a 'Hidden Rookit' as the rootkit name) after I did a force shutdown and then restart the system after DDS made my whole computer hang.

DDS and the computer always hangs when:

29djlmb.jpg

Link to post
Share on other sites

Please try the following scan instead.

OTL

-----

Please download OTL from one of the following mirrors:

[*]Save it to your desktop.

[*]Double click on the otlicon.png icon on your desktop.

[*]Click the "Scan All Users" checkbox.

[*]Push the runscan.png button.

[*]Two reports will open, copy and paste them in a reply here:

  • OTL.txt <-- Will be opened
  • Extra.txt <-- Will be minimized

Link to post
Share on other sites

Extras.txt did not appear.

OTL logfile created on: 12/9/2011 7:08:52 PM - Run 2

OTL by OldTimer - Version 3.2.31.0 Folder = C:\Documents and Settings\kelvin\Desktop

Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation

Internet Explorer (Version = 8.0.6001.18702)

Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

758.42 Mb Total Physical Memory | 231.53 Mb Available Physical Memory | 30.53% Memory free

1.06 Gb Paging File | 0.59 Gb Available in Paging File | 55.27% Paging File free

Paging file location(s): C:\pagefile.sys 372 744 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files

Drive C: | 15.14 Gb Total Space | 0.44 Gb Free Space | 2.91% Space Free | Partition Type: NTFS

Drive D: | 20.00 Gb Total Space | 7.63 Gb Free Space | 38.16% Space Free | Partition Type: NTFS

Computer Name: JUSTIN-743CC739 | User Name: kelvin | Logged in as Administrator.

Boot Mode: Normal | Scan Mode: All users

Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2011/12/09 19:57:35 | 000,584,192 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\kelvin\Desktop\OTL.exe

PRC - [2011/11/29 02:01:24 | 003,744,552 | ---- | M] (AVAST Software) -- C:\Program Files\AVAST Software\Avast\AvastUI.exe

PRC - [2011/11/29 02:01:23 | 000,044,768 | ---- | M] (AVAST Software) -- C:\Program Files\AVAST Software\Avast\AvastSvc.exe

PRC - [2008/07/04 12:52:18 | 000,014,336 | ---- | M] (Vodafone) -- C:\Program Files\Vodafone\Vodafone Mobile Connect\Bin\VMCService.exe

PRC - [2008/04/14 08:12:19 | 001,033,728 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe

PRC - [2005/11/08 10:45:52 | 000,069,632 | ---- | M] (Wistron) -- C:\Program Files\Launch Manager\HotkeyApp.exe

PRC - [2005/11/08 10:19:28 | 000,081,920 | ---- | M] () -- C:\Program Files\Launch Manager\WButton.exe

PRC - [2005/07/25 13:36:40 | 000,032,768 | ---- | M] () -- C:\Program Files\Launch Manager\LaunchAp.exe

PRC - [2005/07/25 10:45:00 | 000,241,664 | ---- | M] () -- C:\Program Files\Launch Manager\OSDCtrl.exe

PRC - [2005/04/15 11:01:46 | 000,077,824 | R--- | M] (Realtek Semiconductor Corp.) -- C:\WINDOWS\SOUNDMAN.EXE

PRC - [2005/02/04 11:12:58 | 000,102,490 | ---- | M] (Synaptics, Inc.) -- C:\Program Files\Synaptics\SynTP\SynTPLpr.exe

PRC - [2002/08/30 15:02:48 | 000,094,208 | ---- | M] () -- C:\Program Files\Launch Manager\Powerkey.exe

========== Modules (No Company Name) ==========

MOD - [2011/12/14 15:36:58 | 001,646,592 | ---- | M] () -- C:\Program Files\AVAST Software\Avast\defs\11121400\algo.dll

MOD - [2011/12/13 17:07:21 | 001,646,080 | ---- | M] () -- C:\Program Files\AVAST Software\Avast\defs\11121300\algo.dll

MOD - [2011/12/12 23:57:38 | 000,241,528 | ---- | M] () -- C:\Program Files\AVAST Software\Avast\defs\11121400\aswRep.dll

MOD - [2011/12/12 23:57:38 | 000,241,528 | ---- | M] () -- C:\Program Files\AVAST Software\Avast\defs\11121300\aswRep.dll

MOD - [2011/10/14 20:09:44 | 000,998,400 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Management\90b90e700e59d73d6d692cf74e1ba16e\System.Management.ni.dll

MOD - [2011/10/14 01:04:05 | 005,450,752 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Xml\70cacc44f0b4257f6037eda7a59a0aeb\System.Xml.ni.dll

MOD - [2011/10/14 01:03:47 | 000,971,264 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Configuration\bce0720436dc6cb76006377f295ea365\System.Configuration.ni.dll

MOD - [2011/10/14 01:03:43 | 000,212,992 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.ServiceProce#\abef85f2fb8ba830eda73e2d12e8d41e\System.ServiceProcess.ni.dll

MOD - [2011/10/14 01:02:42 | 007,950,848 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System\af39f6e644af02873b9bae319f2bfb13\System.ni.dll

MOD - [2011/10/14 01:02:13 | 011,490,816 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\mscorlib\ca87ba84221991839abbe7d4bc9c6721\mscorlib.ni.dll

MOD - [2005/11/08 10:19:28 | 000,081,920 | ---- | M] () -- C:\Program Files\Launch Manager\WButton.exe

MOD - [2005/07/25 13:36:40 | 000,032,768 | ---- | M] () -- C:\Program Files\Launch Manager\LaunchAp.exe

MOD - [2005/07/25 10:45:00 | 000,241,664 | ---- | M] () -- C:\Program Files\Launch Manager\OSDCtrl.exe

MOD - [2002/08/30 15:02:48 | 000,094,208 | ---- | M] () -- C:\Program Files\Launch Manager\Powerkey.exe

========== Win32 Services (SafeList) ==========

SRV - [2011/11/29 02:01:23 | 000,044,768 | ---- | M] (AVAST Software) [Auto | Running] -- C:\Program Files\AVAST Software\Avast\AvastSvc.exe -- (avast! Antivirus)

SRV - [2010/04/10 17:05:58 | 000,266,544 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Microsoft Fix it Center\Matsvc.exe -- (MatSvc)

SRV - [2009/11/17 12:55:00 | 003,436,188 | ---- | M] (INCA Internet Co., Ltd.) [On_Demand | Stopped] -- C:\WINDOWS\System32\GameMon.des -- (npggsvc)

SRV - [2008/07/04 12:52:18 | 000,014,336 | ---- | M] (Vodafone) [Auto | Running] -- C:\Program Files\Vodafone\Vodafone Mobile Connect\Bin\VMCService.exe -- (VMCService)

SRV - [2006/11/03 19:19:58 | 000,013,592 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Program Files\Windows Defender\MsMpEng.exe -- (WinDefend)

========== Driver Services (SafeList) ==========

DRV - [2011/11/29 01:53:53 | 000,435,032 | ---- | M] (AVAST Software) [File_System | System | Running] -- C:\WINDOWS\System32\drivers\aswSnx.sys -- (aswSnx)

DRV - [2011/11/29 01:53:35 | 000,314,456 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\aswSP.sys -- (aswSP)

DRV - [2011/11/29 01:52:19 | 000,034,392 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\aswRdr.sys -- (aswRdr)

DRV - [2011/11/29 01:52:16 | 000,052,952 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\aswTdi.sys -- (aswTdi)

DRV - [2011/11/29 01:52:02 | 000,111,320 | ---- | M] (AVAST Software) [File_System | Auto | Running] -- C:\WINDOWS\System32\drivers\aswmon2.sys -- (aswMon2)

DRV - [2011/11/29 01:51:50 | 000,020,568 | ---- | M] (AVAST Software) [File_System | Auto | Running] -- C:\WINDOWS\System32\drivers\aswFsBlk.sys -- (aswFsBlk)

DRV - [2011/11/29 01:48:49 | 000,030,808 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\aavmker4.sys -- (Aavmker4)

DRV - [2009/10/13 17:50:00 | 000,133,632 | ---- | M] (AhnLab, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\Mkd2kfNT.sys -- (Mkd2kfNt)

DRV - [2009/07/13 17:37:00 | 000,079,360 | ---- | M] (AhnLab, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\Mkd2Nadr.sys -- (Mkd2Nadr)

DRV - [2008/03/17 11:03:46 | 000,101,376 | R--- | M] (Huawei Technologies Co., Ltd.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ewusbmdm.sys -- (hwdatacard)

DRV - [2007/06/01 14:28:38 | 000,095,488 | ---- | M] (Realtek Semiconductor Corporation ) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\Rtnicxp.sys -- (RTL8023xp)

DRV - [2005/11/08 15:12:00 | 000,997,376 | R--- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\HSF_DPV.sys -- (HSF_DPV)

DRV - [2005/11/08 15:11:00 | 000,723,712 | R--- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\HSF_CNXT.sys -- (winachsf)

DRV - [2005/11/08 15:11:00 | 000,242,048 | R--- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\HSFHWICH.sys -- (HSFHWICH)

DRV - [2005/04/19 10:40:52 | 002,317,504 | R--- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ALCXWDM.SYS -- (ALCXWDM) Service for Realtek AC97 Audio (WDM)

DRV - [2005/01/09 23:47:14 | 000,449,888 | R--- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ar5211.sys -- (AR5211)

DRV - [2004/08/04 06:31:34 | 000,020,992 | ---- | M] (Realtek Semiconductor Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\RTL8139.sys -- (rtl8139) Realtek RTL8139(A/B/C)

DRV - [2003/04/28 11:27:06 | 000,009,867 | ---- | M] () [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\HOTKEY.sys -- (Hotkey)

DRV - [2001/08/17 14:04:46 | 000,223,232 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\camdrv21.sys -- (camvid20)

DRV - [2000/12/19 18:29:52 | 000,002,343 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Program Files\Launch Manager\POWERKEY.SYS -- (POWERKEY)

========== Standard Registry (SafeList) ==========

========== Internet Explorer ==========

IE - HKU\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\WINDOWS\pchealth\helpctr\System\panels\blank.htm

IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\WINDOWS\pchealth\helpctr\System\panels\blank.htm

IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-20\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-21-1957994488-1637723038-682003330-1005\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://sg.yahoo.com/

IE - HKU\S-1-5-21-1957994488-1637723038-682003330-1005\..\URLSearchHook: {EF99BD32-C1FB-11D2-892F-0090271D4F88} - No CLSID value found

IE - HKU\S-1-5-21-1957994488-1637723038-682003330-1005\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

========== FireFox ==========

FF - prefs.js..browser.search.useDBForOrder: true

FF - prefs.js..browser.startup.homepage: "http://sg.yahoo.com/"

FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}:6.0.22

FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\WINDOWS\system32\Macromed\Flash\NPSWF32.dll ()

FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\WINDOWS\system32\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.)

FF - HKLM\Software\MozillaPlugins\@ahnlab.com/asp/npaosmgr.1: C:\Program Files\AhnLab\ASP\Components\aosmgr\conflict_221\npaosmgr.dll (AhnLab, Inc.)

FF - HKLM\Software\MozillaPlugins\@ahnlab.com/asp/npmkd25aos: C:\Program Files\AhnLab\ASP\MyKeyDefense 2.5\npmkd25aos.dll (AhnLab, Inc.)

FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)

FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files\Microsoft Silverlight\4.0.60831.0\npctrl.dll ( Microsoft Corporation)

FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: C:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)

FF - HKLM\Software\MozillaPlugins\@real.com/nppl3260;version=6.0.11.2571: File not found

FF - HKLM\Software\MozillaPlugins\@real.com/nprpjplug;version=6.0.12.1739: File not found

FF - HKLM\Software\MozillaPlugins\@real.com/nsJSRealPlayerPlugin;version=: File not found

FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.79\npGoogleUpdate3.dll (Google Inc.)

FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.79\npGoogleUpdate3.dll (Google Inc.)

FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)

FF - HKCU\Software\MozillaPlugins\@ahnlab.com/asp/npmkd25aos: C:\Program Files\AhnLab\ASP\MyKeyDefense 2.5\npmkd25aos.dll (AhnLab, Inc.)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\wrc@avast.com: C:\Program Files\AVAST Software\Avast\WebRep\FF [2011/12/09 19:16:27 | 000,000,000 | ---D | M]

FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 4.0\extensions\\Components: D:\AsiaSoft Online\firefox\components [2011/03/26 08:43:53 | 000,000,000 | ---D | M]

FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 4.0\extensions\\Plugins: D:\AsiaSoft Online\firefox\plugins

[2009/06/10 08:04:04 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\kelvin\Application Data\Mozilla\Extensions

[2011/03/03 20:20:10 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\kelvin\Application Data\Mozilla\Firefox\Profiles\jnwwztep.default\extensions

[2010/06/20 11:04:16 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Documents and Settings\kelvin\Application Data\Mozilla\Firefox\Profiles\jnwwztep.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}

[2010/06/20 11:04:15 | 000,000,000 | ---D | M] (ReminderFox) -- C:\Documents and Settings\kelvin\Application Data\Mozilla\Firefox\Profiles\jnwwztep.default\extensions\{ada4b710-8346-4b82-8199-5de2b400a6ae}

[2009/06/20 18:59:45 | 000,000,000 | ---D | M] (MR Tech Link Wrapper) -- C:\Documents and Settings\kelvin\Application Data\Mozilla\Firefox\Profiles\jnwwztep.default\extensions\{AE7FD9A4-892A-4DE0-B635-4C58D0B0E09F}

() (No name found) -- C:\DOCUMENTS AND SETTINGS\KELVIN\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\JNWWZTEP.DEFAULT\EXTENSIONS\TESTPILOT@LABS.MOZILLA.COM.XPI

[2011/12/09 19:16:27 | 000,000,000 | ---D | M] (avast! WebRep) -- C:\PROGRAM FILES\AVAST SOFTWARE\AVAST\WEBREP\FF

[2010/02/02 21:00:05 | 000,000,000 | ---D | M] (Java Quick Starter) -- C:\PROGRAM FILES\JAVA\JRE6\LIB\DEPLOY\JQS\FF

[2011/01/22 09:17:19 | 000,000,000 | ---D | M] (Java Console) -- D:\ASIASOFT ONLINE\FIREFOX\EXTENSIONS\{CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}

[2011/03/07 18:02:16 | 000,000,000 | ---D | M] (Java Console) -- D:\ASIASOFT ONLINE\FIREFOX\EXTENSIONS\{CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}

O1 HOSTS File: ([2011/08/27 11:17:33 | 000,000,798 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts

O1 - Hosts: 127.0.0.1 localhost

O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - No CLSID value found.

O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found.

O2 - BHO: (avast! WebRep) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)

O3 - HKLM\..\Toolbar: (avast! WebRep) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)

O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.

O4 - HKLM..\Run: [avast] C:\Program Files\AVAST Software\Avast\avastUI.exe (AVAST Software)

O4 - HKLM..\Run: [CtrlVol] C:\Program Files\Launch Manager\CtrlVol.exe (Wistron)

O4 - HKLM..\Run: [iMJPMIG8.1] C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE (Microsoft Corporation)

O4 - HKLM..\Run: [LaunchAp] C:\Program Files\Launch Manager\LaunchAp.exe ()

O4 - HKLM..\Run: [LManager] C:\Program Files\Launch Manager\HotkeyApp.exe (Wistron)

O4 - HKLM..\Run: [LMgrOSD] C:\Program Files\Launch Manager\OSDCtrl.exe ()

O4 - HKLM..\Run: [MSPY2002] C:\WINDOWS\System32\IME\PINTLGNT\ImScInst.exe ()

O4 - HKLM..\Run: [PHIME2002A] C:\WINDOWS\System32\IME\TINTLGNT\TINTSETP.EXE (Microsoft Corporation)

O4 - HKLM..\Run: [PHIME2002ASync] C:\WINDOWS\System32\IME\TINTLGNT\TINTSETP.EXE (Microsoft Corporation)

O4 - HKLM..\Run: [PowerKey] C:\Program Files\Launch Manager\PowerKey.exe ()

O4 - HKLM..\Run: [soundMan] C:\WINDOWS\SOUNDMAN.EXE (Realtek Semiconductor Corp.)

O4 - HKLM..\Run: [synTPLpr] C:\Program Files\Synaptics\SynTP\SynTPLpr.exe (Synaptics, Inc.)

O4 - HKLM..\Run: [Wbutton] C:\Program Files\Launch Manager\Wbutton.exe ()

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1

O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145

O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145

O7 - HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145

O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145

O7 - HKU\S-1-5-21-1957994488-1637723038-682003330-1005\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 255

O16 - DPF: {00000055-9980-0010-8000-00AA00389B71} http://codecs.microsoft.com/codecs/i386/fhg.CAB (Reg Error: Key error.)

O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} http://download.microsoft.com/download/E/5/6/E5611B10-0D6D-4117-8430-A67417AA88CD/LegitCheckControl.cab (Windows Genuine Advantage Validation Tool)

O16 - DPF: {233C1507-6A77-46A4-9443-F871F945D258} http://download.macromedia.com/pub/shockwave/cabs/director/sw.cab (Shockwave ActiveX Control)

O16 - DPF: {3AC7F64E-6154-47B0-82B5-764ED4077F77} http://txn.hkjc.com/BetSlip/object/HKJCSecKey.cab (DataStorage Class)

O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab (Java Plug-in 1.6.0_24)

O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} http://fpdownload.macromedia.com/get/flashplayer/current/polarbear/ultrashim.cab (Reg Error: Key error.)

O16 - DPF: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab (Java Plug-in 1.6.0_24)

O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab (Java Plug-in 1.6.0_24)

O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.)

O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.254

O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{C118DB71-E6F6-4D0C-A432-113656ED5CDE}: DhcpNameServer = 192.168.1.254

O20 - HKLM Winlogon: Shell - (Explorer.exe) -C:\WINDOWS\explorer.exe (Microsoft Corporation)

O20 - HKLM Winlogon: UserInit - (C:\WINDOWS\system32\userinit.exe) -C:\WINDOWS\system32\userinit.exe (Microsoft Corporation)

O24 - Desktop WallPaper: C:\WINDOWS\Web\Wallpaper\Bliss.bmp

O24 - Desktop BackupWallPaper: C:\WINDOWS\Web\Wallpaper\Bliss.bmp

O28 - HKLM ShellExecuteHooks: {091EB208-39DD-417D-A5DD-7E2C2D8FB9CB} - C:\Program Files\Windows Defender\MpShHook.dll (Microsoft Corporation)

O32 - HKLM CDRom: AutoRun - 1

O32 - AutoRun File - [2006/05/29 22:53:20 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]

O33 - MountPoints2\{a9e59fd2-b511-11db-92ba-0016ce3eac1e}\Shell - "" = AutoRun

O33 - MountPoints2\{a9e59fd2-b511-11db-92ba-0016ce3eac1e}\Shell\AutoRun - "" = Auto&Play

O33 - MountPoints2\{a9e59fd2-b511-11db-92ba-0016ce3eac1e}\Shell\AutoRun\command - "" = E:\VMC_PBStarter.exe

O33 - MountPoints2\{a9e59fd3-b511-11db-92ba-0016ce3eac1e}\Shell - "" = AutoRun

O33 - MountPoints2\{a9e59fd3-b511-11db-92ba-0016ce3eac1e}\Shell\AutoRun - "" = Auto&Play

O33 - MountPoints2\{a9e59fd3-b511-11db-92ba-0016ce3eac1e}\Shell\AutoRun\command - "" = E:\VMC_PBStarter.exe

O33 - MountPoints2\{a9e59fd4-b511-11db-92ba-0016ce3eac1e}\Shell - "" = AutoRun

O33 - MountPoints2\{a9e59fd4-b511-11db-92ba-0016ce3eac1e}\Shell\AutoRun - "" = Auto&Play

O33 - MountPoints2\{a9e59fd4-b511-11db-92ba-0016ce3eac1e}\Shell\AutoRun\command - "" = E:\VMC_PBStarter.exe

O33 - MountPoints2\{a9e59fd5-b511-11db-92ba-0016ce3eac1e}\Shell - "" = AutoRun

O33 - MountPoints2\{a9e59fd5-b511-11db-92ba-0016ce3eac1e}\Shell\AutoRun - "" = Auto&Play

O33 - MountPoints2\{a9e59fd5-b511-11db-92ba-0016ce3eac1e}\Shell\AutoRun\command - "" = F:\VMC_PBStarter.exe

O33 - MountPoints2\{aae171d8-93be-11df-8737-0016ce3eac1e}\Shell - "" = AutoRun

O33 - MountPoints2\{aae171d8-93be-11df-8737-0016ce3eac1e}\Shell\AutoRun - "" = Auto&Play

O33 - MountPoints2\{aae171d8-93be-11df-8737-0016ce3eac1e}\Shell\AutoRun\command - "" = E:\setup_vmc_lite.exe /checkApplicationPresence

O34 - HKLM BootExecute: (autocheck autochk *)

O35 - HKLM\..comfile [open] -- "%1" %*

O35 - HKLM\..exefile [open] -- "%1" %*

O37 - HKLM\...com [@ = comfile] -- "%1" %*

O37 - HKLM\...exe [@ = exefile] -- "%1" %*

========== Files/Folders - Created Within 30 Days ==========

[2011/12/09 19:57:18 | 000,584,192 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\kelvin\Desktop\OTL.exe

[2011/12/09 19:11:38 | 000,607,017 | R--- | C] (Swearware) -- C:\Documents and Settings\kelvin\Desktop\dds.pif

[2011/12/01 03:48:10 | 000,000,000 | R--D | C] -- C:\Documents and Settings\kelvin\Start Menu\Programs\Administrative Tools

[2011/12/01 03:46:34 | 000,607,260 | R--- | C] (Swearware) -- C:\Documents and Settings\kelvin\Desktop\dds.scr

[2011/11/24 20:52:50 | 000,000,000 | ---D | C] -- C:\Documents and Settings\kelvin\Desktop\clientcontainer

[2011/11/24 15:34:22 | 000,414,368 | ---- | C] (Adobe Systems Incorporated) -- C:\WINDOWS\System32\FlashPlayerCPLApp.cpl

[2011/11/11 20:14:43 | 000,000,000 | -HSD | C] -- C:\WINDOWS\ftpcache

[5 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]

[1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2011/12/09 19:57:35 | 000,584,192 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\kelvin\Desktop\OTL.exe

[2011/12/09 19:45:14 | 000,001,734 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Adobe Reader X.lnk

[2011/12/09 19:16:30 | 000,002,625 | ---- | M] () -- C:\WINDOWS\System32\CONFIG.NT

[2011/12/09 19:13:00 | 000,000,886 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job

[2011/12/09 19:11:58 | 000,607,017 | R--- | M] (Swearware) -- C:\Documents and Settings\kelvin\Desktop\dds.pif

[2011/12/09 19:08:00 | 000,013,646 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl

[2011/12/09 19:07:47 | 000,000,882 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job

[2011/12/09 19:07:24 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat

[2011/12/01 04:11:41 | 000,000,182 | ---- | M] () -- C:\Documents and Settings\kelvin\Local Settings\Application Data\starterapplet.properties

[2011/12/01 04:02:51 | 000,000,122 | ---- | M] () -- C:\Documents and Settings\kelvin\.ewanapi_cookie

[2011/12/01 03:46:39 | 000,607,260 | R--- | M] (Swearware) -- C:\Documents and Settings\kelvin\Desktop\dds.scr

[2011/11/29 02:01:25 | 000,041,184 | ---- | M] (AVAST Software) -- C:\WINDOWS\avastSS.scr

[2011/11/29 02:01:23 | 000,199,816 | ---- | M] (AVAST Software) -- C:\WINDOWS\System32\aswBoot.exe

[2011/11/29 01:53:53 | 000,435,032 | ---- | M] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswSnx.sys

[2011/11/29 01:53:35 | 000,314,456 | ---- | M] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswSP.sys

[2011/11/29 01:52:19 | 000,034,392 | ---- | M] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswRdr.sys

[2011/11/29 01:52:16 | 000,052,952 | ---- | M] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswTdi.sys

[2011/11/29 01:52:02 | 000,111,320 | ---- | M] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswmon2.sys

[2011/11/29 01:51:59 | 000,105,176 | ---- | M] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswmon.sys

[2011/11/29 01:51:50 | 000,020,568 | ---- | M] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswFsBlk.sys

[2011/11/29 01:48:49 | 000,030,808 | ---- | M] (AVAST Software) -- C:\WINDOWS\System32\drivers\aavmker4.sys

[2011/11/25 23:50:54 | 000,000,815 | ---- | M] () -- C:\Documents and Settings\kelvin\Application Data\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser.lnk

[2011/11/24 15:34:22 | 000,414,368 | ---- | M] (Adobe Systems Incorporated) -- C:\WINDOWS\System32\FlashPlayerCPLApp.cpl

[2011/11/16 10:09:21 | 000,034,902 | ---- | M] () -- C:\Documents and Settings\kelvin\My Documents\www.apps.asiapacific.hsbc.com-1-2-!ut-p-kcxml-04_Sj9SPy.tif

[2011/11/15 09:12:04 | 000,004,462 | ---- | M] () -- C:\Documents and Settings\kelvin\My Documents\Payslip.pdf

[2011/11/09 23:28:54 | 000,001,374 | ---- | M] () -- C:\WINDOWS\imsins.BAK

[5 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]

[1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]

========== Files Created - No Company Name ==========

[2011/12/09 19:45:11 | 000,001,734 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Adobe Reader X.lnk

[2011/12/09 19:45:10 | 000,002,347 | ---- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Adobe Reader X.lnk

[2011/11/16 10:09:21 | 000,034,902 | ---- | C] () -- C:\Documents and Settings\kelvin\My Documents\www.apps.asiapacific.hsbc.com-1-2-!ut-p-kcxml-04_Sj9SPy.tif

[2011/11/15 09:11:54 | 000,004,462 | ---- | C] () -- C:\Documents and Settings\kelvin\My Documents\Payslip.pdf

[2011/10/05 22:05:24 | 000,001,596 | ---- | C] () -- C:\Documents and Settings\kelvin\Local Settings\Application Data\session.properties

[2011/02/22 13:59:24 | 000,021,036 | ---- | C] () -- C:\WINDOWS\System32\SIntfNT.dll

[2011/02/22 13:59:23 | 000,015,132 | ---- | C] () -- C:\WINDOWS\System32\SIntf32.dll

[2011/02/22 13:59:23 | 000,012,067 | ---- | C] () -- C:\WINDOWS\System32\SIntf16.dll

[2010/12/02 10:22:07 | 000,000,113 | ---- | C] () -- C:\WINDOWS\(null)toolkit.ini

[2010/10/29 16:52:54 | 000,140,392 | ---- | C] () -- C:\Documents and Settings\LocalService\Local Settings\Application Data\FontCache3.0.0.0.dat

[2010/10/28 22:12:50 | 000,051,548 | -H-- | C] () -- C:\WINDOWS\System32\mlfcache.dat

[2010/06/19 09:03:33 | 000,204,800 | ---- | C] () -- C:\WINDOWS\System32\igfxCoIn_v4764.dll

[2010/02/24 10:13:47 | 000,000,634 | ---- | C] () -- C:\Documents and Settings\kelvin\Local Settings\Application Data\fw_start.bat

[2008/10/10 16:54:03 | 000,000,182 | ---- | C] () -- C:\Documents and Settings\kelvin\Local Settings\Application Data\starterapplet.properties

[2008/06/23 13:02:02 | 000,097,410 | R--- | C] () -- C:\Documents and Settings\All Users\Application Data\DeviceManager.xml.rc4

[2008/05/23 17:48:50 | 000,020,270 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\DeviceInstaller.xml

[2007/10/08 19:29:17 | 000,001,353 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\QTSBandwidthCache

[2007/05/13 15:44:35 | 000,765,952 | ---- | C] () -- C:\WINDOWS\System32\xvidcore.dll

[2007/05/13 15:44:34 | 000,180,224 | ---- | C] () -- C:\WINDOWS\System32\xvidvfw.dll

[2007/05/13 15:44:33 | 003,596,288 | ---- | C] () -- C:\WINDOWS\System32\qt-dx331.dll

[2007/05/13 15:44:29 | 000,010,752 | ---- | C] () -- C:\WINDOWS\System32\ff_vfw.dll

[2007/02/18 17:41:32 | 000,012,288 | ---- | C] () -- C:\Documents and Settings\kelvin\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini

[2006/10/10 19:23:20 | 000,000,333 | ---- | C] () -- C:\WINDOWS\wininit.ini

[2006/10/10 19:20:50 | 000,000,000 | ---- | C] () -- C:\WINDOWS\nsreg.dat

[2006/10/10 19:20:26 | 000,002,914 | ---- | C] () -- C:\WINDOWS\mozver.dat

[2006/08/09 17:18:41 | 000,009,867 | ---- | C] () -- C:\WINDOWS\System32\drivers\HOTKEY.sys

[2006/08/09 17:17:16 | 000,192,512 | ---- | C] () -- C:\WINDOWS\System32\AegisI5.exe

[2006/08/09 17:17:16 | 000,065,536 | ---- | C] () -- C:\WINDOWS\System32\WLTRYSVC.EXE

[2006/06/11 19:35:49 | 000,156,672 | R--- | C] () -- C:\WINDOWS\System32\RTLCPAPI.dll

[2006/05/30 22:46:25 | 000,000,376 | ---- | C] () -- C:\WINDOWS\ODBC.INI

[2006/05/30 06:43:42 | 000,004,161 | ---- | C] () -- C:\WINDOWS\ODBCINST.INI

[2006/05/30 06:42:31 | 000,239,144 | ---- | C] () -- C:\WINDOWS\System32\FNTCACHE.DAT

[2006/05/29 23:07:16 | 000,001,048 | ---- | C] () -- C:\WINDOWS\System32\drivers\alcxinit.dat

[2006/05/29 22:56:41 | 000,002,048 | --S- | C] () -- C:\WINDOWS\bootstat.dat

[2006/05/29 22:50:03 | 000,021,640 | ---- | C] () -- C:\WINDOWS\System32\emptyregdb.dat

[2004/08/04 20:00:00 | 013,107,200 | ---- | C] () -- C:\WINDOWS\System32\oembios.bin

[2004/08/04 20:00:00 | 000,673,088 | ---- | C] () -- C:\WINDOWS\System32\mlang.dat

[2004/08/04 20:00:00 | 000,462,886 | ---- | C] () -- C:\WINDOWS\System32\perfh009.dat

[2004/08/04 20:00:00 | 000,272,128 | ---- | C] () -- C:\WINDOWS\System32\perfi009.dat

[2004/08/04 20:00:00 | 000,218,003 | ---- | C] () -- C:\WINDOWS\System32\dssec.dat

[2004/08/04 20:00:00 | 000,080,518 | ---- | C] () -- C:\WINDOWS\System32\perfc009.dat

[2004/08/04 20:00:00 | 000,046,258 | ---- | C] () -- C:\WINDOWS\System32\mib.bin

[2004/08/04 20:00:00 | 000,028,626 | ---- | C] () -- C:\WINDOWS\System32\perfd009.dat

[2004/08/04 20:00:00 | 000,004,569 | ---- | C] () -- C:\WINDOWS\System32\secupd.dat

[2004/08/04 20:00:00 | 000,004,461 | ---- | C] () -- C:\WINDOWS\System32\oembios.dat

[2004/08/04 20:00:00 | 000,001,804 | ---- | C] () -- C:\WINDOWS\System32\dcache.bin

[2004/08/04 20:00:00 | 000,000,741 | ---- | C] () -- C:\WINDOWS\System32\noise.dat

[2003/01/07 15:05:08 | 000,002,695 | ---- | C] () -- C:\WINDOWS\System32\OUTLPERF.INI

========== Alternate Data Streams ==========

@Alternate Data Stream - 111 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:53C9FE0C

< End of report >

Link to post
Share on other sites

Hi again,

Please download the TDSS Rootkit Removing Tool (TDSSKiller.exe) and save it to your Desktop. <-Important!!!

  • Double-click on TDSSKiller.exe to run the tool for known TDSS variants.
    Vista/Windows 7 users right-click and select Run As Administrator.
  • If TDSSKiller does not run, try renaming it.
  • To do this, right-click on TDSSKiller.exe, select Rename and give it a random name with the .com file extension (i.e. 123abc.com). If you do not see the file extension, please refer to How to change the file extension.
  • Click the Start Scan button.
  • Do not use the computer during the scan
  • If the scan completes with nothing found, click Close to exit.
  • If malicious objects are found, they will show in the Scan results - Select action for found objects and offer three options.
  • Ensure Cure (default) is selected, then click Continue > Reboot now to finish the cleaning process.
  • A log file named TDSSKiller_version_date_time_log.txt (i.e. TDSSKiller.2.4.0.0_27.07.2010_09.o7.26_log.txt) will be created and saved to the root directory (usually Local Disk C:).
  • Copy and paste the contents of that file in your next reply.

Link to post
Share on other sites

20:00:25.0812 2028 TDSS rootkit removing tool 2.6.23.0 Dec 13 2011 10:39:31

20:00:27.0468 2028 ============================================================

20:00:27.0468 2028 Current date / time: 2011/12/09 20:00:27.0468

20:00:27.0468 2028 SystemInfo:

20:00:27.0484 2028

20:00:27.0484 2028 OS Version: 5.1.2600 ServicePack: 3.0

20:00:27.0484 2028 Product type: Workstation

20:00:27.0484 2028 ComputerName: JUSTIN-743CC739

20:00:27.0484 2028 UserName: kelvin

20:00:27.0484 2028 Windows directory: C:\WINDOWS

20:00:27.0484 2028 System windows directory: C:\WINDOWS

20:00:27.0484 2028 Processor architecture: Intel x86

20:00:27.0484 2028 Number of processors: 1

20:00:27.0484 2028 Page size: 0x1000

20:00:27.0484 2028 Boot type: Normal boot

20:00:27.0484 2028 ============================================================

20:00:30.0421 2028 Initialize success

20:00:34.0031 4088 ============================================================

20:00:34.0031 4088 Scan started

20:00:34.0031 4088 Mode: Manual;

20:00:34.0031 4088 ============================================================

20:00:36.0656 4088 Aavmker4 (b6de0336f9f4b687b4ff57939f7b657a) C:\WINDOWS\system32\drivers\Aavmker4.sys

20:00:36.0656 4088 Aavmker4 - ok

20:00:36.0734 4088 Abiosdsk - ok

20:00:36.0812 4088 abp480n5 - ok

20:00:36.0937 4088 ACPI (8fd99680a539792a30e97944fdaecf17) C:\WINDOWS\system32\DRIVERS\ACPI.sys

20:00:36.0937 4088 ACPI - ok

20:00:37.0078 4088 ACPIEC (9859c0f6936e723e4892d7141b1327d5) C:\WINDOWS\system32\DRIVERS\ACPIEC.sys

20:00:37.0078 4088 ACPIEC - ok

20:00:37.0140 4088 adpu160m - ok

20:00:37.0250 4088 aec (8bed39e3c35d6a489438b8141717a557) C:\WINDOWS\system32\drivers\aec.sys

20:00:37.0250 4088 aec - ok

20:00:37.0359 4088 AegisP (2c5c22990156a1063e19ad162191dc1d) C:\WINDOWS\system32\DRIVERS\AegisP.sys

20:00:37.0359 4088 AegisP - ok

20:00:37.0468 4088 AFD (1e44bc1e83d8fd2305f8d452db109cf9) C:\WINDOWS\System32\drivers\afd.sys

20:00:37.0484 4088 AFD - ok

20:00:37.0562 4088 Aha154x - ok

20:00:37.0640 4088 aic78u2 - ok

20:00:37.0734 4088 aic78xx - ok

20:00:37.0953 4088 ALCXWDM (95aa37bec6c72c277c2caeaee736dd2d) C:\WINDOWS\system32\drivers\ALCXWDM.SYS

20:00:38.0062 4088 ALCXWDM - ok

20:00:38.0156 4088 AliIde - ok

20:00:38.0234 4088 amsint - ok

20:00:38.0375 4088 AR5211 (67f7d2c3a9265ee0534e36fe952f2ac4) C:\WINDOWS\system32\DRIVERS\ar5211.sys

20:00:38.0390 4088 AR5211 - ok

20:00:38.0484 4088 asc - ok

20:00:38.0531 4088 asc3350p - ok

20:00:38.0593 4088 asc3550 - ok

20:00:38.0703 4088 aswFsBlk (054df24c92b55427e0757cfff160e4f2) C:\WINDOWS\system32\drivers\aswFsBlk.sys

20:00:38.0703 4088 aswFsBlk - ok

20:00:38.0828 4088 aswMon2 (ef0e9ad83380724bd6fbbb51d2d0f5b8) C:\WINDOWS\system32\drivers\aswMon2.sys

20:00:38.0828 4088 aswMon2 - ok

20:00:38.0937 4088 aswRdr (352d5a48ebab35a7693b048679304831) C:\WINDOWS\system32\drivers\aswRdr.sys

20:00:38.0937 4088 aswRdr - ok

20:00:39.0109 4088 aswSnx (8d34d2b24297e27d93e847319abfdec4) C:\WINDOWS\system32\drivers\aswSnx.sys

20:00:39.0125 4088 aswSnx - ok

20:00:39.0250 4088 aswSP (010012597333da1f46c3243f33f8409e) C:\WINDOWS\system32\drivers\aswSP.sys

20:00:39.0281 4088 aswSP - ok

20:00:39.0390 4088 aswTdi (f9f84364416658e9786235904d448d37) C:\WINDOWS\system32\drivers\aswTdi.sys

20:00:39.0390 4088 aswTdi - ok

20:00:39.0515 4088 AsyncMac (b153affac761e7f5fcfa822b9c4e97bc) C:\WINDOWS\system32\DRIVERS\asyncmac.sys

20:00:39.0515 4088 AsyncMac - ok

20:00:39.0625 4088 atapi (9f3a2f5aa6875c72bf062c712cfa2674) C:\WINDOWS\system32\DRIVERS\atapi.sys

20:00:39.0625 4088 atapi - ok

20:00:39.0703 4088 Atdisk - ok

20:00:39.0812 4088 Atmarpc (9916c1225104ba14794209cfa8012159) C:\WINDOWS\system32\DRIVERS\atmarpc.sys

20:00:39.0812 4088 Atmarpc - ok

20:00:39.0921 4088 audstub (d9f724aa26c010a217c97606b160ed68) C:\WINDOWS\system32\DRIVERS\audstub.sys

20:00:39.0921 4088 audstub - ok

20:00:40.0046 4088 Beep (da1f27d85e0d1525f6621372e7b685e9) C:\WINDOWS\system32\drivers\Beep.sys

20:00:40.0046 4088 Beep - ok

20:00:40.0187 4088 camvid20 (5f68a3ab60262e3bf5b5c6c926e53525) C:\WINDOWS\system32\DRIVERS\camdrv21.sys

20:00:40.0203 4088 camvid20 - ok

20:00:40.0312 4088 cbidf2k (90a673fc8e12a79afbed2576f6a7aaf9) C:\WINDOWS\system32\drivers\cbidf2k.sys

20:00:40.0312 4088 cbidf2k - ok

20:00:40.0437 4088 CCDECODE (0be5aef125be881c4f854c554f2b025c) C:\WINDOWS\system32\DRIVERS\CCDECODE.sys

20:00:40.0437 4088 CCDECODE - ok

20:00:40.0531 4088 cd20xrnt - ok

20:00:40.0625 4088 Cdaudio (c1b486a7658353d33a10cc15211a873b) C:\WINDOWS\system32\drivers\Cdaudio.sys

20:00:40.0625 4088 Cdaudio - ok

20:00:40.0750 4088 Cdfs (c885b02847f5d2fd45a24e219ed93b32) C:\WINDOWS\system32\drivers\Cdfs.sys

20:00:40.0750 4088 Cdfs - ok

20:00:40.0875 4088 Cdrom (1f4260cc5b42272d71f79e570a27a4fe) C:\WINDOWS\system32\DRIVERS\cdrom.sys

20:00:40.0875 4088 Cdrom - ok

20:00:40.0953 4088 Changer - ok

20:00:41.0062 4088 CmBatt (0f6c187d38d98f8df904589a5f94d411) C:\WINDOWS\system32\DRIVERS\CmBatt.sys

20:00:41.0062 4088 CmBatt - ok

20:00:41.0140 4088 CmdIde - ok

20:00:41.0250 4088 Compbatt (6e4c9f21f0fae8940661144f41b13203) C:\WINDOWS\system32\DRIVERS\compbatt.sys

20:00:41.0250 4088 Compbatt - ok

20:00:41.0343 4088 Cpqarray - ok

20:00:41.0421 4088 dac2w2k - ok

20:00:41.0484 4088 dac960nt - ok

20:00:41.0578 4088 Disk (044452051f3e02e7963599fc8f4f3e25) C:\WINDOWS\system32\DRIVERS\disk.sys

20:00:41.0578 4088 Disk - ok

20:00:41.0734 4088 dmboot (d992fe1274bde0f84ad826acae022a41) C:\WINDOWS\system32\drivers\dmboot.sys

20:00:41.0781 4088 dmboot - ok

20:00:41.0890 4088 dmio (7c824cf7bbde77d95c08005717a95f6f) C:\WINDOWS\system32\drivers\dmio.sys

20:00:41.0890 4088 dmio - ok

20:00:42.0015 4088 dmload (e9317282a63ca4d188c0df5e09c6ac5f) C:\WINDOWS\system32\drivers\dmload.sys

20:00:42.0015 4088 dmload - ok

20:00:42.0125 4088 DMusic (8a208dfcf89792a484e76c40e5f50b45) C:\WINDOWS\system32\drivers\DMusic.sys

20:00:42.0125 4088 DMusic - ok

20:00:42.0218 4088 dpti2o - ok

20:00:42.0328 4088 drmkaud (8f5fcff8e8848afac920905fbd9d33c8) C:\WINDOWS\system32\drivers\drmkaud.sys

20:00:42.0343 4088 drmkaud - ok

20:00:42.0406 4088 EagleNT - ok

20:00:42.0718 4088 EagleXNt - ok

20:00:42.0875 4088 Fastfat (38d332a6d56af32635675f132548343e) C:\WINDOWS\system32\drivers\Fastfat.sys

20:00:42.0890 4088 Fastfat - ok

20:00:43.0000 4088 Fdc (92cdd60b6730b9f50f6a1a0c1f8cdc81) C:\WINDOWS\system32\drivers\Fdc.sys

20:00:43.0000 4088 Fdc - ok

20:00:43.0109 4088 Fips (d45926117eb9fa946a6af572fbe1caa3) C:\WINDOWS\system32\drivers\Fips.sys

20:00:43.0109 4088 Fips - ok

20:00:43.0218 4088 Flpydisk (9d27e7b80bfcdf1cdd9b555862d5e7f0) C:\WINDOWS\system32\drivers\Flpydisk.sys

20:00:43.0218 4088 Flpydisk - ok

20:00:43.0343 4088 FltMgr (b2cf4b0786f8212cb92ed2b50c6db6b0) C:\WINDOWS\system32\drivers\fltmgr.sys

20:00:43.0343 4088 FltMgr - ok

20:00:43.0453 4088 Fs_Rec (3e1e2bd4f39b0e2b7dc4f4d2bcc2779a) C:\WINDOWS\system32\drivers\Fs_Rec.sys

20:00:43.0453 4088 Fs_Rec - ok

20:00:43.0859 4088 Ftdisk (6ac26732762483366c3969c9e4d2259d) C:\WINDOWS\system32\DRIVERS\ftdisk.sys

20:00:43.0859 4088 Ftdisk - ok

20:00:43.0968 4088 Gpc (0a02c63c8b144bd8c86b103dee7c86a2) C:\WINDOWS\system32\DRIVERS\msgpc.sys

20:00:43.0968 4088 Gpc - ok

20:00:44.0109 4088 HidUsb (ccf82c5ec8a7326c3066de870c06daf1) C:\WINDOWS\system32\DRIVERS\hidusb.sys

20:00:44.0109 4088 HidUsb - ok

20:00:44.0234 4088 Hotkey (8b566ea71d5b76157a9cdb78f25a5731) C:\WINDOWS\system32\drivers\Hotkey.sys

20:00:44.0234 4088 Hotkey - ok

20:00:44.0312 4088 hpn - ok

20:00:44.0437 4088 HSFHWICH (9e99aad9cfea338cef2eb6bcf2d9b524) C:\WINDOWS\system32\DRIVERS\HSFHWICH.sys

20:00:44.0468 4088 HSFHWICH - ok

20:00:44.0609 4088 HSF_DPV (5a5a7721d9c62d77fc0faba9b2cf5be9) C:\WINDOWS\system32\DRIVERS\HSF_DPV.sys

20:00:44.0671 4088 HSF_DPV - ok

20:00:45.0359 4088 HTTP (f80a415ef82cd06ffaf0d971528ead38) C:\WINDOWS\system32\Drivers\HTTP.sys

20:00:45.0468 4088 HTTP - ok

20:00:45.0640 4088 hwdatacard (07853191b1bdee5b39be4cfcfe3b9ad4) C:\WINDOWS\system32\DRIVERS\ewusbmdm.sys

20:00:45.0656 4088 hwdatacard - ok

20:00:46.0390 4088 i2omgmt - ok

20:00:46.0468 4088 i2omp - ok

20:00:46.0593 4088 i8042prt (5502b58eef7486ee6f93f3f164dcb808) C:\WINDOWS\system32\DRIVERS\i8042prt.sys

20:00:46.0593 4088 i8042prt - ok

20:00:47.0250 4088 ialm (2aae7be67911f4aec9ad28e9cfb9096f) C:\WINDOWS\system32\DRIVERS\igxpmp32.sys

20:00:47.0968 4088 ialm - ok

20:00:48.0078 4088 Imapi (083a052659f5310dd8b6a6cb05edcf8e) C:\WINDOWS\system32\DRIVERS\imapi.sys

20:00:48.0078 4088 Imapi - ok

20:00:48.0203 4088 ini910u - ok

20:00:48.0312 4088 IntelIde (b5466a9250342a7aa0cd1fba13420678) C:\WINDOWS\system32\DRIVERS\intelide.sys

20:00:48.0328 4088 IntelIde - ok

20:00:48.0406 4088 intelppm (8c953733d8f36eb2133f5bb58808b66b) C:\WINDOWS\system32\DRIVERS\intelppm.sys

20:00:48.0406 4088 intelppm - ok

20:00:48.0515 4088 Ip6Fw (3bb22519a194418d5fec05d800a19ad0) C:\WINDOWS\system32\drivers\ip6fw.sys

20:00:48.0515 4088 Ip6Fw - ok

20:00:48.0609 4088 IpFilterDriver (731f22ba402ee4b62748adaf6363c182) C:\WINDOWS\system32\DRIVERS\ipfltdrv.sys

20:00:48.0625 4088 IpFilterDriver - ok

20:00:48.0718 4088 IpInIp (b87ab476dcf76e72010632b5550955f5) C:\WINDOWS\system32\DRIVERS\ipinip.sys

20:00:48.0718 4088 IpInIp - ok

20:00:48.0859 4088 IpNat (cc748ea12c6effde940ee98098bf96bb) C:\WINDOWS\system32\DRIVERS\ipnat.sys

20:00:48.0859 4088 IpNat - ok

20:00:49.0562 4088 IPSec (23c74d75e36e7158768dd63d92789a91) C:\WINDOWS\system32\DRIVERS\ipsec.sys

20:00:49.0562 4088 IPSec - ok

20:00:49.0671 4088 IRENUM (c93c9ff7b04d772627a3646d89f7bf89) C:\WINDOWS\system32\DRIVERS\irenum.sys

20:00:49.0687 4088 IRENUM - ok

20:00:49.0796 4088 isapnp (e504f706ccb699c2596e9a3da1596e87) C:\WINDOWS\system32\DRIVERS\isapnp.sys

20:00:49.0796 4088 isapnp - ok

20:00:50.0515 4088 Kbdclass (463c1ec80cd17420a542b7f36a36f128) C:\WINDOWS\system32\DRIVERS\kbdclass.sys

20:00:50.0515 4088 Kbdclass - ok

20:00:50.0890 4088 kbdhid (9ef487a186dea361aa06913a75b3fa99) C:\WINDOWS\system32\DRIVERS\kbdhid.sys

20:00:50.0890 4088 kbdhid - ok

20:00:51.0078 4088 kmixer (692bcf44383d056aed41b045a323d378) C:\WINDOWS\system32\drivers\kmixer.sys

20:00:51.0093 4088 kmixer - ok

20:00:51.0203 4088 KSecDD (b467646c54cc746128904e1654c750c1) C:\WINDOWS\system32\drivers\KSecDD.sys

20:00:51.0203 4088 KSecDD - ok

20:00:51.0281 4088 lbrtfdc - ok

20:00:51.0343 4088 mailKmd - ok

20:00:51.0437 4088 mdmxsdk (e246a32c445056996074a397da56e815) C:\WINDOWS\system32\DRIVERS\mdmxsdk.sys

20:00:51.0437 4088 mdmxsdk - ok

20:00:51.0640 4088 Mkd2kfNt (6f4d79ea861137ef2f9078e265c2aa83) C:\WINDOWS\system32\drivers\Mkd2kfNt.sys

20:00:51.0640 4088 Mkd2kfNt - ok

20:00:51.0750 4088 Mkd2Nadr (fe7925784f6801e983b41ec118ef62ac) C:\WINDOWS\system32\drivers\Mkd2Nadr.sys

20:00:51.0765 4088 Mkd2Nadr - ok

20:00:51.0875 4088 mnmdd (4ae068242760a1fb6e1a44bf4e16afa6) C:\WINDOWS\system32\drivers\mnmdd.sys

20:00:51.0875 4088 mnmdd - ok

20:00:52.0015 4088 Modem (dfcbad3cec1c5f964962ae10e0bcc8e1) C:\WINDOWS\system32\drivers\Modem.sys

20:00:52.0015 4088 Modem - ok

20:00:52.0125 4088 Mouclass (35c9e97194c8cfb8430125f8dbc34d04) C:\WINDOWS\system32\DRIVERS\mouclass.sys

20:00:52.0125 4088 Mouclass - ok

20:00:52.0218 4088 mouhid (b1c303e17fb9d46e87a98e4ba6769685) C:\WINDOWS\system32\DRIVERS\mouhid.sys

20:00:52.0218 4088 mouhid - ok

20:00:52.0312 4088 MountMgr (a80b9a0bad1b73637dbcbba7df72d3fd) C:\WINDOWS\system32\drivers\MountMgr.sys

20:00:52.0312 4088 MountMgr - ok

20:00:52.0390 4088 mraid35x - ok

20:00:52.0515 4088 MRxDAV (11d42bb6206f33fbb3ba0288d3ef81bd) C:\WINDOWS\system32\DRIVERS\mrxdav.sys

20:00:52.0531 4088 MRxDAV - ok

20:00:52.0656 4088 MRxSmb (7d304a5eb4344ebeeab53a2fe3ffb9f0) C:\WINDOWS\system32\DRIVERS\mrxsmb.sys

20:00:52.0656 4088 MRxSmb - ok

20:00:52.0781 4088 Msfs (c941ea2454ba8350021d774daf0f1027) C:\WINDOWS\system32\drivers\Msfs.sys

20:00:52.0781 4088 Msfs - ok

20:00:52.0906 4088 MSKSSRV (d1575e71568f4d9e14ca56b7b0453bf1) C:\WINDOWS\system32\drivers\MSKSSRV.sys

20:00:52.0906 4088 MSKSSRV - ok

20:00:53.0187 4088 MSPCLOCK (325bb26842fc7ccc1fcce2c457317f3e) C:\WINDOWS\system32\drivers\MSPCLOCK.sys

20:00:53.0187 4088 MSPCLOCK - ok

20:00:53.0296 4088 MSPQM (bad59648ba099da4a17680b39730cb3d) C:\WINDOWS\system32\drivers\MSPQM.sys

20:00:53.0296 4088 MSPQM - ok

20:00:53.0390 4088 mssmbios (af5f4f3f14a8ea2c26de30f7a1e17136) C:\WINDOWS\system32\DRIVERS\mssmbios.sys

20:00:53.0390 4088 mssmbios - ok

20:00:53.0500 4088 MSTEE (e53736a9e30c45fa9e7b5eac55056d1d) C:\WINDOWS\system32\drivers\MSTEE.sys

20:00:53.0500 4088 MSTEE - ok

20:00:53.0609 4088 Mup (de6a75f5c270e756c5508d94b6cf68f5) C:\WINDOWS\system32\drivers\Mup.sys

20:00:53.0625 4088 Mup - ok

20:00:53.0734 4088 NABTSFEC (5b50f1b2a2ed47d560577b221da734db) C:\WINDOWS\system32\DRIVERS\NABTSFEC.sys

20:00:53.0734 4088 NABTSFEC - ok

20:00:53.0953 4088 NDIS (1df7f42665c94b825322fae71721130d) C:\WINDOWS\system32\drivers\NDIS.sys

20:00:53.0968 4088 NDIS - ok

20:00:54.0078 4088 NdisIP (7ff1f1fd8609c149aa432f95a8163d97) C:\WINDOWS\system32\DRIVERS\NdisIP.sys

20:00:54.0078 4088 NdisIP - ok

20:00:54.0281 4088 NdisTapi (0109c4f3850dfbab279542515386ae22) C:\WINDOWS\system32\DRIVERS\ndistapi.sys

20:00:54.0281 4088 NdisTapi - ok

20:00:54.0390 4088 Ndisuio (f927a4434c5028758a842943ef1a3849) C:\WINDOWS\system32\DRIVERS\ndisuio.sys

20:00:54.0390 4088 Ndisuio - ok

20:00:54.0781 4088 NdisWan (edc1531a49c80614b2cfda43ca8659ab) C:\WINDOWS\system32\DRIVERS\ndiswan.sys

20:00:54.0781 4088 NdisWan - ok

20:00:54.0890 4088 NDProxy (9282bd12dfb069d3889eb3fcc1000a9b) C:\WINDOWS\system32\drivers\NDProxy.sys

20:00:54.0906 4088 NDProxy - ok

20:00:55.0000 4088 NetBIOS (5d81cf9a2f1a3a756b66cf684911cdf0) C:\WINDOWS\system32\DRIVERS\netbios.sys

20:00:55.0015 4088 NetBIOS - ok

20:00:55.0125 4088 NetBT (74b2b2f5bea5e9a3dc021d685551bd3d) C:\WINDOWS\system32\DRIVERS\netbt.sys

20:00:55.0125 4088 NetBT - ok

20:00:55.0281 4088 Npfs (3182d64ae053d6fb034f44b6def8034a) C:\WINDOWS\system32\drivers\Npfs.sys

20:00:55.0281 4088 Npfs - ok

20:00:55.0359 4088 npkcrypt - ok

20:00:55.0500 4088 Ntfs (78a08dd6a8d65e697c18e1db01c5cdca) C:\WINDOWS\system32\drivers\Ntfs.sys

20:00:55.0531 4088 Ntfs - ok

20:00:55.0640 4088 Null (73c1e1f395918bc2c6dd67af7591a3ad) C:\WINDOWS\system32\drivers\Null.sys

20:00:55.0640 4088 Null - ok

20:00:55.0750 4088 NwlnkFlt (b305f3fad35083837ef46a0bbce2fc57) C:\WINDOWS\system32\DRIVERS\nwlnkflt.sys

20:00:55.0750 4088 NwlnkFlt - ok

20:00:55.0890 4088 NwlnkFwd (c99b3415198d1aab7227f2c88fd664b9) C:\WINDOWS\system32\DRIVERS\nwlnkfwd.sys

20:00:55.0890 4088 NwlnkFwd - ok

20:00:56.0000 4088 Parport (5575faf8f97ce5e713d108c2a58d7c7c) C:\WINDOWS\system32\drivers\Parport.sys

20:00:56.0015 4088 Parport - ok

20:00:56.0125 4088 PartMgr (beb3ba25197665d82ec7065b724171c6) C:\WINDOWS\system32\drivers\PartMgr.sys

20:00:56.0125 4088 PartMgr - ok

20:00:56.0218 4088 ParVdm (70e98b3fd8e963a6a46a2e6247e0bea1) C:\WINDOWS\system32\drivers\ParVdm.sys

20:00:56.0218 4088 ParVdm - ok

20:00:56.0343 4088 PCI (8086d9979234b603ad5bc2f5d890b234) C:\WINDOWS\system32\DRIVERS\pci.sys

20:00:56.0343 4088 PCI - ok

20:00:56.0421 4088 PCIDump - ok

20:00:56.0531 4088 PCIIde (ccf5f451bb1a5a2a522a76e670000ff0) C:\WINDOWS\system32\DRIVERS\pciide.sys

20:00:56.0531 4088 PCIIde - ok

20:00:56.0656 4088 Pcmcia (9e89ef60e9ee05e3f2eef2da7397f1c1) C:\WINDOWS\system32\DRIVERS\pcmcia.sys

20:00:56.0656 4088 Pcmcia - ok

20:00:56.0750 4088 PDCOMP - ok

20:00:56.0828 4088 PDFRAME - ok

20:00:56.0906 4088 PDRELI - ok

20:00:56.0984 4088 PDRFRAME - ok

20:00:57.0062 4088 perc2 - ok

20:00:57.0140 4088 perc2hib - ok

20:00:57.0281 4088 POWERKEY (582099b89753bdc29db151e73c3fd4d9) C:\Program Files\Launch Manager\POWERKEY.sys

20:00:57.0281 4088 POWERKEY - ok

20:00:57.0390 4088 PptpMiniport (efeec01b1d3cf84f16ddd24d9d9d8f99) C:\WINDOWS\system32\DRIVERS\raspptp.sys

20:00:57.0390 4088 PptpMiniport - ok

20:00:57.0500 4088 PSched (09298ec810b07e5d582cb3a3f9255424) C:\WINDOWS\system32\DRIVERS\psched.sys

20:00:57.0500 4088 PSched - ok

20:00:57.0609 4088 Ptilink (80d317bd1c3dbc5d4fe7b1678c60cadd) C:\WINDOWS\system32\DRIVERS\ptilink.sys

20:00:57.0609 4088 Ptilink - ok

20:00:57.0687 4088 ql1080 - ok

20:00:57.0781 4088 Ql10wnt - ok

20:00:57.0875 4088 ql12160 - ok

20:00:57.0953 4088 ql1240 - ok

20:00:58.0031 4088 ql1280 - ok

20:00:58.0140 4088 RasAcd (fe0d99d6f31e4fad8159f690d68ded9c) C:\WINDOWS\system32\DRIVERS\rasacd.sys

20:00:58.0140 4088 RasAcd - ok

20:00:58.0265 4088 Rasl2tp (11b4a627bc9614b885c4969bfa5ff8a6) C:\WINDOWS\system32\DRIVERS\rasl2tp.sys

20:00:58.0265 4088 Rasl2tp - ok

20:00:58.0375 4088 RasPppoe (5bc962f2654137c9909c3d4603587dee) C:\WINDOWS\system32\DRIVERS\raspppoe.sys

20:00:58.0375 4088 RasPppoe - ok

20:00:58.0484 4088 Raspti (fdbb1d60066fcfbb7452fd8f9829b242) C:\WINDOWS\system32\DRIVERS\raspti.sys

20:00:58.0484 4088 Raspti - ok

20:00:58.0593 4088 Rdbss (7ad224ad1a1437fe28d89cf22b17780a) C:\WINDOWS\system32\DRIVERS\rdbss.sys

20:00:58.0593 4088 Rdbss - ok

20:00:58.0687 4088 RDPCDD (4912d5b403614ce99c28420f75353332) C:\WINDOWS\system32\DRIVERS\RDPCDD.sys

20:00:58.0687 4088 RDPCDD - ok

20:00:58.0828 4088 RDPWD (fc105dd312ed64eb66bff111e8ec6eac) C:\WINDOWS\system32\drivers\RDPWD.sys

20:00:58.0843 4088 RDPWD - ok

20:00:58.0953 4088 redbook (f828dd7e1419b6653894a8f97a0094c5) C:\WINDOWS\system32\DRIVERS\redbook.sys

20:00:58.0953 4088 redbook - ok

20:00:59.0093 4088 RTL8023xp (38fac1b0058bbe460de2b7900182bbda) C:\WINDOWS\system32\DRIVERS\Rtnicxp.sys

20:00:59.0093 4088 RTL8023xp - ok

20:00:59.0218 4088 rtl8139 (d507c1400284176573224903819ffda3) C:\WINDOWS\system32\DRIVERS\RTL8139.SYS

20:00:59.0218 4088 rtl8139 - ok

20:00:59.0578 4088 Secdrv (90a3935d05b494a5a39d37e71f09a677) C:\WINDOWS\system32\DRIVERS\secdrv.sys

20:00:59.0578 4088 Secdrv - ok

20:00:59.0703 4088 Serial (cca207a8896d4c6a0c9ce29a4ae411a7) C:\WINDOWS\system32\drivers\Serial.sys

20:00:59.0703 4088 Serial - ok

20:00:59.0828 4088 Sfloppy (8e6b8c671615d126fdc553d1e2de5562) C:\WINDOWS\system32\drivers\Sfloppy.sys

20:00:59.0828 4088 Sfloppy - ok

20:00:59.0906 4088 Simbad - ok

20:01:00.0000 4088 SLIP (866d538ebe33709a5c9f5c62b73b7d14) C:\WINDOWS\system32\DRIVERS\SLIP.sys

20:01:00.0000 4088 SLIP - ok

20:01:00.0078 4088 Sparrow - ok

20:01:00.0156 4088 splitter (ab8b92451ecb048a4d1de7c3ffcb4a9f) C:\WINDOWS\system32\drivers\splitter.sys

20:01:00.0171 4088 splitter - ok

20:01:00.0437 4088 sr (76bb022c2fb6902fd5bdd4f78fc13a5d) C:\WINDOWS\system32\DRIVERS\sr.sys

20:01:00.0437 4088 sr - ok

20:01:00.0703 4088 Srv (47ddfc2f003f7f9f0592c6874962a2e7) C:\WINDOWS\system32\DRIVERS\srv.sys

20:01:00.0734 4088 Srv - ok

20:01:00.0843 4088 streamip (77813007ba6265c4b6098187e6ed79d2) C:\WINDOWS\system32\DRIVERS\StreamIP.sys

20:01:00.0843 4088 streamip - ok

20:01:00.0953 4088 swenum (3941d127aef12e93addf6fe6ee027e0f) C:\WINDOWS\system32\DRIVERS\swenum.sys

20:01:00.0968 4088 swenum - ok

20:01:01.0062 4088 swmidi (94abc808fc4b6d7d2bbf42b85e25bb4d) C:\WINDOWS\system32\drivers\swmidi.sys

20:01:01.0078 4088 swmidi - ok

20:01:01.0156 4088 symc810 - ok

20:01:01.0234 4088 symc8xx - ok

20:01:01.0312 4088 sym_hi - ok

20:01:01.0390 4088 sym_u3 - ok

20:01:01.0765 4088 SynTP (062e75f20d9bdca40344d85262f74748) C:\WINDOWS\system32\DRIVERS\SynTP.sys

20:01:01.0765 4088 SynTP - ok

20:01:01.0875 4088 sysaudio (650ad082d46bac0e64c9c0e0928492fd) C:\WINDOWS\system32\drivers\sysaudio.sys

20:01:01.0875 4088 sysaudio - ok

20:01:02.0015 4088 Tcpip (9aefa14bd6b182d61e3119fa5f436d3d) C:\WINDOWS\system32\DRIVERS\tcpip.sys

20:01:02.0031 4088 Tcpip - ok

20:01:02.0140 4088 TDPIPE (6471a66807f5e104e4885f5b67349397) C:\WINDOWS\system32\drivers\TDPIPE.sys

20:01:02.0140 4088 TDPIPE - ok

20:01:02.0250 4088 TDTCP (c56b6d0402371cf3700eb322ef3aaf61) C:\WINDOWS\system32\drivers\TDTCP.sys

20:01:02.0250 4088 TDTCP - ok

20:01:02.0359 4088 TermDD (88155247177638048422893737429d9e) C:\WINDOWS\system32\DRIVERS\termdd.sys

20:01:02.0359 4088 TermDD - ok

20:01:02.0453 4088 TosIde - ok

20:01:02.0578 4088 Udfs (5787b80c2e3c5e2f56c2a233d91fa2c9) C:\WINDOWS\system32\drivers\Udfs.sys

20:01:02.0578 4088 Udfs - ok

20:01:02.0640 4088 ultra - ok

20:01:02.0765 4088 Update (402ddc88356b1bac0ee3dd1580c76a31) C:\WINDOWS\system32\DRIVERS\update.sys

20:01:02.0796 4088 Update - ok

20:01:02.0906 4088 usbaudio (45a0d14b26c35497ad93bce7e15c9941) C:\WINDOWS\system32\drivers\usbaudio.sys

20:01:02.0921 4088 usbaudio - ok

20:01:03.0015 4088 usbccgp (173f317ce0db8e21322e71b7e60a27e8) C:\WINDOWS\system32\DRIVERS\usbccgp.sys

20:01:03.0015 4088 usbccgp - ok

20:01:03.0109 4088 usbehci (65dcf09d0e37d4c6b11b5b0b76d470a7) C:\WINDOWS\system32\DRIVERS\usbehci.sys

20:01:03.0125 4088 usbehci - ok

20:01:03.0218 4088 usbhub (1ab3cdde553b6e064d2e754efe20285c) C:\WINDOWS\system32\DRIVERS\usbhub.sys

20:01:03.0218 4088 usbhub - ok

20:01:03.0328 4088 USBSTOR (a32426d9b14a089eaa1d922e0c5801a9) C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS

20:01:03.0328 4088 USBSTOR - ok

20:01:03.0484 4088 usbuhci (f8fd1400092e23c8f2f31406ef06167b) C:\WINDOWS\system32\DRIVERS\usbuhci.sys

20:01:03.0484 4088 usbuhci - ok

20:01:03.0609 4088 VgaSave (0d3a8fafceacd8b7625cd549757a7df1) C:\WINDOWS\System32\drivers\vga.sys

20:01:03.0609 4088 VgaSave - ok

20:01:03.0687 4088 ViaIde - ok

20:01:03.0812 4088 VolSnap (4c8fcb5cc53aab716d810740fe59d025) C:\WINDOWS\system32\drivers\VolSnap.sys

20:01:03.0828 4088 VolSnap - ok

20:01:03.0953 4088 Wanarp (e20b95baedb550f32dd489265c1da1f6) C:\WINDOWS\system32\DRIVERS\wanarp.sys

20:01:03.0953 4088 Wanarp - ok

20:01:04.0015 4088 Wbutton - ok

20:01:04.0078 4088 WDICA - ok

20:01:04.0171 4088 wdmaud (6768acf64b18196494413695f0c3a00f) C:\WINDOWS\system32\drivers\wdmaud.sys

20:01:04.0484 4088 wdmaud - ok

20:01:04.0750 4088 winachsf (e0a00b06ea067c84e124b407dffa1af1) C:\WINDOWS\system32\DRIVERS\HSF_CNXT.sys

20:01:05.0109 4088 winachsf - ok

20:01:05.0343 4088 WmiAcpi (c42584fd66ce9e17403aebca199f7bdb) C:\WINDOWS\system32\DRIVERS\wmiacpi.sys

20:01:05.0343 4088 WmiAcpi - ok

20:01:05.0468 4088 WSTCODEC (c98b39829c2bbd34e454150633c62c78) C:\WINDOWS\system32\DRIVERS\WSTCODEC.SYS

20:01:05.0468 4088 WSTCODEC - ok

20:01:05.0593 4088 WudfPf (50eb9e21963b4f06fd010d007d54351b) C:\WINDOWS\system32\DRIVERS\WudfPf.sys

20:01:05.0593 4088 WudfPf - ok

20:01:05.0734 4088 WudfRd (6e209664bdea8a15b5e8e480d6c607c2) C:\WINDOWS\system32\DRIVERS\wudfrd.sys

20:01:05.0734 4088 WudfRd - ok

20:01:05.0781 4088 MBR (0x1B8) (8f558eb6672622401da993e1e865c861) \Device\Harddisk0\DR0

20:01:06.0203 4088 \Device\Harddisk0\DR0 - ok

20:01:06.0218 4088 Boot (0x1200) (ce5a9021514637398ac5dd40102853f6) \Device\Harddisk0\DR0\Partition0

20:01:06.0218 4088 \Device\Harddisk0\DR0\Partition0 - ok

20:01:06.0250 4088 Boot (0x1200) (59e34521924155272b90b4c82c08142e) \Device\Harddisk0\DR0\Partition1

20:01:06.0250 4088 \Device\Harddisk0\DR0\Partition1 - ok

20:01:06.0250 4088 ============================================================

20:01:06.0250 4088 Scan finished

20:01:06.0250 4088 ============================================================

20:01:06.0265 3864 Detected object count: 0

20:01:06.0265 3864 Actual detected object count: 0

Link to post
Share on other sites

Hi, no rootkits found, which is good. :)

COMBOFIX

---------------

Please download ComboFix from one of these locations:


Bleepingcomputer
ForoSpyware

  • Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools. (Click on this link to see a list of programs that should be disabled. The list is not all inclusive.)
  • Double click on Combofix.exe and follow the prompts.
  • As part of it's process, ComboFix will check to see if the Microsoft Windows Recovery Console is installed. With malware infections being as they are today, it's strongly recommended to have this pre-installed on your machine before doing any malware removal. It will allow you to boot up into a special recovery/repair mode that will allow us to more easily help you should your computer have a problem after an attempted removal of malware.
  • Follow the prompts to allow ComboFix to download and install the Microsoft Windows Recovery Console, and when prompted, agree to the End-User License Agreement to install the Microsoft Windows Recovery Console.

**Please note: If the Microsoft Windows Recovery Console is already installed, or if you are running Vista, ComboFix will continue it's malware removal procedures.

Query_RC.gif

Once the Microsoft Windows Recovery Console is installed using ComboFix, you should see the following message:

RC_successful.gif

Click on Yes, to continue scanning for malware.

When finished, it shall produce a log for you. Please include the C:\Combofix.txt in your next reply.

Link to post
Share on other sites

Thanks it works. :) Do I need to include ComboFix-quarantined-files.txt?

ComboFix 11-12-17.05 - kelvin 12/17/2011 23:17:48.1.1 - x86

Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.758.415 [GMT 8:00]

Running from: c:\documents and settings\kelvin\desktop\combofix.exe

Command switches used :: /nombr

AV: avast! Antivirus *Disabled/Updated* {7591DB91-41F0-48A3-B128-1A293FD8233D}

.

WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!

.

.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))

.

.

c:\documents and settings\All Users\Application Data\TEMP

c:\windows\system32\_000011_.tmp.dll

c:\windows\system32\10efb3e3.dll

c:\windows\system32\7ff1988.dll

.

.

((((((((((((((((((((((((( Files Created from 2011-11-17 to 2011-12-17 )))))))))))))))))))))))))))))))

.

.

2011-11-24 07:34 . 2011-11-24 07:34 414368 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl

.

.

.

(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2011-11-28 18:01 . 2011-06-12 06:59 41184 ----a-w- c:\windows\avastSS.scr

2011-11-28 18:01 . 2011-06-12 06:59 199816 ----a-w- c:\windows\system32\aswBoot.exe

2011-11-28 17:53 . 2011-06-12 07:00 435032 ----a-w- c:\windows\system32\drivers\aswSnx.sys

2011-11-28 17:53 . 2011-06-12 07:00 314456 ----a-w- c:\windows\system32\drivers\aswSP.sys

2011-11-28 17:52 . 2011-06-12 07:00 34392 ----a-w- c:\windows\system32\drivers\aswRdr.sys

2011-11-28 17:52 . 2011-06-12 07:00 52952 ----a-w- c:\windows\system32\drivers\aswTdi.sys

2011-11-28 17:52 . 2011-06-12 07:00 111320 ----a-w- c:\windows\system32\drivers\aswmon2.sys

2011-11-28 17:51 . 2011-06-12 07:00 105176 ----a-w- c:\windows\system32\drivers\aswmon.sys

2011-11-28 17:51 . 2011-06-12 07:00 20568 ----a-w- c:\windows\system32\drivers\aswFsBlk.sys

2011-11-28 17:48 . 2011-06-12 07:00 30808 ----a-w- c:\windows\system32\drivers\aavmker4.sys

2011-11-23 13:25 . 2004-08-04 12:00 1859584 ----a-w- c:\windows\system32\win32k.sys

2011-11-01 16:07 . 2004-08-04 12:00 1288704 ----a-w- c:\windows\system32\ole32.dll

2011-10-28 05:31 . 2004-08-04 12:00 33280 ----a-w- c:\windows\system32\csrsrv.dll

2011-10-25 13:33 . 2004-08-04 12:00 2192768 ----a-w- c:\windows\system32\ntoskrnl.exe

2011-10-25 12:52 . 2004-08-03 22:59 2069376 ----a-w- c:\windows\system32\ntkrnlpa.exe

2011-10-18 11:13 . 2004-08-04 12:00 186880 ----a-w- c:\windows\system32\encdec.dll

2011-10-10 14:22 . 2006-05-29 14:50 692736 ----a-w- c:\windows\system32\inetcomm.dll

2011-10-05 14:05 . 2010-02-24 02:13 634 ----a-w- c:\documents and settings\kelvin\Local Settings\Application Data\fw_start.bat

2011-09-28 07:06 . 2004-08-04 12:00 599040 ----a-w- c:\windows\system32\crypt32.dll

2011-09-26 03:41 . 2007-10-09 05:03 611328 ----a-w- c:\windows\system32\uiautomationcore.dll

2011-09-26 03:41 . 2004-08-04 12:00 220160 ----a-w- c:\windows\system32\oleacc.dll

2011-09-26 03:41 . 2004-08-04 12:00 20480 ----a-w- c:\windows\system32\oleaccrc.dll

.

.

------- Sigcheck -------

Note: Unsigned files aren't necessarily malware.

.

[7] 2008-04-14 . 9B9F1C38D559047B8AC0DBA2D5FEBDE9 . 4096 . . [5.3.2600.5512] . . c:\windows\ServicePackFiles\i386\ksuser.dll

[-] 2004-08-03 . CBCD254547689BFF80C9F547B20911E9 . 4096 . . [5.3.2600.2180] . . c:\windows\$NtServicePackUninstall$\ksuser.dll

[-] 2004-08-03 . CBCD254547689BFF80C9F547B20911E9 . 4096 . . [5.3.2600.2180] . . c:\windows\system32\ksuser.dll

.

[-] 2006-10-18 13:47 . C51B4A5C05A5475708E3C81C7765B71D . 27136 . . [11.0.5721.5145] . . c:\windows\system32\mspmsnsv.dll

[-] 2006-10-18 13:47 . C51B4A5C05A5475708E3C81C7765B71D . 27136 . . [11.0.5721.5145] . . c:\windows\system32\dllcache\mspmsnsv.dll

[-] 2005-01-28 05:44 . 140EF97B64F560FD78643CAE2CDAD838 . 25088 . . [10.0.3790.3802] . . c:\windows\$NtUninstallWMFDist11$\mspmsnsv.dll

[-] 2005-01-28 05:44 . 140EF97B64F560FD78643CAE2CDAD838 . 25088 . . [10.0.3790.3802] . . c:\windows\RegisteredPackages\{30C7234B-6482-4A55-A11D-ECD9030313F2}\MsPMSNSv.dll

[-] 2004-08-04 12:00 . C086483E3DBA8C1C0A687EC8D5B3D4C1 . 52224 . . [9.0.1.56] . . c:\windows\RegisteredPackages\{30C7234B-6482-4A55-A11D-ECD9030313F2}$BACKUP$\System\MsPMSNSv.dll

.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))

.

.

*Note* empty entries & legit default entries are not shown

REGEDIT4

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\00avast]

@="{472083B0-C522-11CF-8763-00608CC02F24}"

[HKEY_CLASSES_ROOT\CLSID\{472083B0-C522-11CF-8763-00608CC02F24}]

2011-11-28 18:01 122512 ----a-w- c:\program files\AVAST Software\Avast\ashShell.dll

.

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"WMPNSCFG"="c:\program files\Windows Media Player\WMPNSCFG.exe" [2006-10-18 204288]

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"Broadcom Wireless Manager UI"="c:\windows\system32\WLTRAY" [X]

"SynTPLpr"="c:\program files\Synaptics\SynTP\SynTPLpr.exe" [2005-02-04 102490]

"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2005-02-04 708698]

"IMJPMIG8.1"="c:\windows\IME\imjp8_1\IMJPMIG.EXE" [2004-08-04 208952]

"MSPY2002"="c:\windows\system32\IME\PINTLGNT\ImScInst.exe" [2004-08-04 59392]

"PHIME2002ASync"="c:\windows\system32\IME\TINTLGNT\TINTSETP.EXE" [2004-08-04 455168]

"PHIME2002A"="c:\windows\system32\IME\TINTLGNT\TINTSETP.EXE" [2004-08-04 455168]

"SoundMan"="SOUNDMAN.EXE" [2005-04-15 77824]

"LaunchAp"="c:\program files\Launch Manager\LaunchAp.exe" [2005-07-25 32768]

"PowerKey"="c:\program files\Launch Manager\PowerKey.exe" [2002-08-30 94208]

"LManager"="c:\program files\Launch Manager\HotkeyApp.exe" [2005-11-08 69632]

"CtrlVol"="c:\program files\Launch Manager\CtrlVol.exe" [2003-09-16 20480]

"LMgrOSD"="c:\program files\Launch Manager\OSDCtrl.exe" [2005-07-25 241664]

"Wbutton"="c:\program files\Launch Manager\Wbutton.exe" [2005-11-08 81920]

"IgfxTray"="c:\windows\system32\igfxtray.exe" [2007-01-13 131072]

"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2007-01-13 163840]

"Persistence"="c:\windows\system32\igfxpers.exe" [2007-01-13 135168]

"avast"="c:\program files\AVAST Software\Avast\avastUI.exe" [2011-11-28 3744552]

"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2011-06-06 937920]

.

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]

"DWQueuedReporting"="c:\progra~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" [2007-02-25 437160]

"ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2008-04-14 15360]

.

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WinDefend]

@="Service"

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe ARM]

2011-06-06 04:55 937920 ----a-w- c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]

2011-09-05 17:04 35736 ----a-w- c:\program files\Adobe\Reader 10.0\Reader\reader_sl.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MobileConnect]

2008-07-04 04:52 2072576 ----a-w- c:\program files\Vodafone\Vodafone Mobile Connect\Bin\MobileConnect.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Windows Defender]

2006-11-03 11:20 866584 ----a-w- c:\program files\Windows Defender\MSASCui.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WMPNSCFG]

2006-10-18 12:05 204288 ------w- c:\program files\Windows Media Player\wmpnscfg.exe

.

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]

"%windir%\\system32\\sessmgr.exe"=

"c:\\WINDOWS\\system32\\dpvsetup.exe"=

"c:\\Program Files\\NetMeeting\\conf.exe"=

"c:\\Program Files\\Messenger\\msmsgs.exe"=

"%windir%\\Network Diagnostic\\xpnetdiag.exe"=

"c:\\Program Files\\Windows Live\\Sync\\WindowsLiveSync.exe"=

.

R1 aswSnx;aswSnx;c:\windows\system32\drivers\aswSnx.sys [6/12/2011 3:00 PM 435032]

R1 aswSP;aswSP;c:\windows\system32\drivers\aswSP.sys [6/12/2011 3:00 PM 314456]

R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [6/12/2011 3:00 PM 20568]

R2 VMCService;Vodafone Mobile Connect Service;c:\program files\Vodafone\Vodafone Mobile Connect\Bin\VMCService.exe [7/4/2008 12:52 PM 14336]

R3 POWERKEY;POWERKEY;c:\program files\Launch Manager\POWERKEY.SYS [8/9/2006 5:18 PM 2343]

S1 mailKmd;mailKmd; [x]

S2 gupdate;Google Update Service (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [12/24/2010 9:37 AM 136176]

S3 camvid20;Philips ToUcam Camera; Video;c:\windows\system32\drivers\camdrv21.sys [8/9/2006 5:33 PM 223232]

S3 EagleXNt;EagleXNt;\??\c:\windows\system32\drivers\EagleXNt.sys --> c:\windows\system32\drivers\EagleXNt.sys [?]

S3 gupdatem;Google Update Service (gupdatem);c:\program files\Google\Update\GoogleUpdate.exe [12/24/2010 9:37 AM 136176]

S3 MatSvc;Microsoft Automated Troubleshooting Service;c:\program files\Microsoft Fix it Center\Matsvc.exe [4/10/2010 5:05 PM 266544]

S3 Mkd2kfNt;Mkd2kfNt;c:\windows\system32\drivers\Mkd2kfNT.sys [4/22/2009 2:49 PM 133632]

S3 Mkd2Nadr;Mkd2Nadr;c:\windows\system32\drivers\Mkd2Nadr.sys [4/22/2009 2:49 PM 79360]

S3 npggsvc;nProtect GameGuard Service;c:\windows\system32\GameMon.des -service --> c:\windows\system32\GameMon.des -service [?]

S4 WinDefend;Windows Defender;c:\program files\Windows Defender\MsMpEng.exe [11/3/2006 7:19 PM 13592]

.

Contents of the 'Scheduled Tasks' folder

.

2011-03-16 c:\windows\Tasks\AppleSoftwareUpdate.job

- c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 04:34]

.

2011-12-17 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job

- c:\program files\Google\Update\GoogleUpdate.exe [2010-12-24 14:42]

.

2011-12-17 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job

- c:\program files\Google\Update\GoogleUpdate.exe [2010-12-24 14:42]

.

2011-10-01 c:\windows\Tasks\MP Scheduled Scan.job

- c:\program files\Windows Defender\MpCmdRun.exe [2006-11-03 11:20]

.

.

------- Supplementary Scan -------

.

uStart Page = hxxp://sg.yahoo.com/

IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000

TCP: DhcpNameServer = 192.168.1.254

DPF: {3AC7F64E-6154-47B0-82B5-764ED4077F77} - hxxp://txn.hkjc.com/BetSlip/object/HKJCSecKey.cab

FF - ProfilePath - c:\documents and settings\kelvin\Application Data\Mozilla\Firefox\Profiles\jnwwztep.default\

FF - prefs.js: browser.startup.homepage - hxxp://sg.yahoo.com/

.

- - - - ORPHANS REMOVED - - - -

.

Toolbar-Locked - (no file)

.

.

.

**************************************************************************

.

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net

Rootkit scan 2011-12-17 23:31

Windows 5.1.2600 Service Pack 3 NTFS

.

scanning hidden processes ...

.

scanning hidden autostart entries ...

.

scanning hidden files ...

.

.

C:\## aswSnx private storage

.

scan completed successfully

hidden files: 1

.

**************************************************************************

.

[HKEY_LOCAL_MACHINE\System\ControlSet002\Services\npggsvc]

"ImagePath"="c:\windows\system32\GameMon.des -service"

.

--------------------- DLLs Loaded Under Running Processes ---------------------

.

- - - - - - - > 'winlogon.exe'(588)

c:\windows\System32\BCMLogon.dll

.

Completion time: 2011-12-17 23:37:37

ComboFix-quarantined-files.txt 2011-12-17 15:37

.

Pre-Run: 460,140,544 bytes free

Post-Run: 1,576,566,784 bytes free

.

- - End Of File - - 06BF3B4A444BA2F5A5AC9B04FA4BEADB

Link to post
Share on other sites

Here's the new log. :)

ComboFix 11-12-19.03 - kelvin 12/17/2011 23:52:34.2.1 - x86

Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.758.409 [GMT 8:00]

Running from: c:\documents and settings\kelvin\desktop\combofix.exe

Command switches used :: /nombr

AV: avast! Antivirus *Disabled/Updated* {7591DB91-41F0-48A3-B128-1A293FD8233D}

.

WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!

.

.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))

.

.

c:\windows\system32\OLD3F4.tmp

c:\windows\system32\OLD3F8.tmp

c:\windows\system32\OLD40F.tmp

c:\windows\system32\OLD450.tmp

c:\windows\system32\OLD453.tmp

c:\windows\system32\OLD457.tmp

c:\windows\system32\OLD45A.tmp

c:\windows\system32\OLD471.tmp

c:\windows\system32\OLD478.tmp

.

.

((((((((((((((((((((((((( Files Created from 2011-11-17 to 2011-12-17 )))))))))))))))))))))))))))))))

.

.

2011-12-17 15:43 . 2004-08-03 15:08 20480 ----a-w- c:\windows\system32\drivers\OLD44C.tmp

2011-12-17 15:43 . 2004-08-03 15:08 142976 ----a-w- c:\windows\system32\drivers\OLD448.tmp

2011-12-17 15:43 . 2004-08-03 15:07 59264 ----a-w- c:\windows\system32\drivers\OLD444.tmp

2011-12-17 15:43 . 2004-08-03 15:15 60800 ----a-w- c:\windows\system32\drivers\OLD440.tmp

2011-12-17 15:43 . 2001-08-17 06:00 54272 ----a-w- c:\windows\system32\drivers\OLD43C.tmp

2011-12-17 15:43 . 2004-08-03 15:08 48640 ----a-w- c:\windows\system32\drivers\OLD438.tmp

2011-12-17 15:42 . 2001-08-17 14:36 386560 -c--a-w- c:\windows\system32\dllcache\sgiul50.dll

2011-12-17 15:42 . 2001-08-17 04:19 36480 -c--a-w- c:\windows\system32\dllcache\sfmanm.sys

2011-12-17 15:42 . 2001-08-17 05:53 6784 -c--a-w- c:\windows\system32\dllcache\serscan.sys

2011-12-17 15:42 . 2001-08-17 05:48 17664 -c--a-w- c:\windows\system32\dllcache\sermouse.sys

2011-12-17 15:42 . 2001-08-17 14:36 26112 -c--a-w- c:\windows\system32\dllcache\OLD42B.tmp

2011-12-17 15:35 . 2004-08-03 15:15 145792 ----a-w- c:\windows\system32\drivers\OLD425.tmp

2011-12-17 15:35 . 2004-08-03 14:59 25088 ----a-w- c:\windows\system32\drivers\OLD421.tmp

2011-12-17 15:35 . 2004-08-03 15:07 68224 ----a-w- c:\windows\system32\drivers\OLD41D.tmp

2011-12-17 15:34 . 2001-08-17 04:12 32840 -c--a-w- c:\windows\system32\dllcache\ngrpci.sys

2011-12-17 15:34 . 2004-08-03 14:31 132695 -c--a-w- c:\windows\system32\dllcache\netwlan5.sys

2011-12-17 15:34 . 2004-08-04 12:00 92032 -c--a-w- c:\windows\system32\dllcache\OLD401.tmp

2011-12-17 15:33 . 2008-04-13 18:41 26112 -c--a-w- c:\windows\system32\dllcache\memstpci.sys

2011-12-17 15:33 . 2001-08-17 14:36 47616 -c--a-w- c:\windows\system32\dllcache\memgrp.dll

2011-12-17 15:33 . 2001-08-17 05:58 8320 -c--a-w- c:\windows\system32\dllcache\memcard.sys

2011-12-17 15:33 . 2004-08-03 15:15 140928 ----a-w- c:\windows\system32\drivers\OLD3F0.tmp

2011-12-17 15:33 . 2001-08-17 05:58 35840 ----a-w- c:\windows\system32\drivers\OLD3EC.tmp

2011-12-17 15:32 . 2001-08-17 04:12 100936 -c--a-w- c:\windows\system32\dllcache\ibmtok.sys

2011-12-17 15:32 . 2001-08-17 14:34 9216 -c--a-w- c:\windows\system32\dllcache\ibmsgnet.dll

2011-12-17 15:32 . 2001-08-17 04:11 28700 -c--a-w- c:\windows\system32\dllcache\ibmexmp.sys

2011-12-17 15:32 . 2008-04-14 00:11 702845 -c--a-w- c:\windows\system32\dllcache\i81xdnt5.dll

2011-12-17 15:32 . 2004-08-03 14:29 161020 -c--a-w- c:\windows\system32\dllcache\i81xnt5.sys

2011-12-17 15:32 . 2004-08-04 12:00 52736 ----a-w- c:\windows\system32\drivers\OLD3DD.tmp

2011-12-17 15:32 . 2001-08-17 04:49 58592 -c--a-w- c:\windows\system32\dllcache\i740nt5.sys

2011-12-17 15:32 . 2001-08-17 06:56 353184 -c--a-w- c:\windows\system32\dllcache\i740dnt5.dll

2011-12-17 15:32 . 2008-04-13 18:41 18560 -c--a-w- c:\windows\system32\dllcache\i2omp.sys

2011-12-17 15:32 . 2008-04-13 18:41 8576 -c--a-w- c:\windows\system32\dllcache\i2omgmt.sys

2011-12-17 15:32 . 2001-08-17 05:28 199711 -c--a-w- c:\windows\system32\dllcache\OLD3D1.tmp

2011-12-17 15:32 . 2001-08-17 05:28 289887 -c--a-w- c:\windows\system32\dllcache\OLD3CD.tmp

2011-12-17 15:30 . 2008-04-13 18:36 20352 -c--a-w- c:\windows\system32\dllcache\OLD391.tmp

2011-12-17 15:29 . 2001-08-17 05:28 594238 -c--a-w- c:\windows\system32\dllcache\OLD34B.tmp

2011-12-17 15:29 . 2001-08-17 05:28 595647 -c--a-w- c:\windows\system32\dllcache\OLD347.tmp

2011-12-17 15:29 . 2001-08-17 05:50 144896 -c--a-w- c:\windows\system32\dllcache\OLD343.tmp

2011-12-17 15:29 . 2001-08-17 05:46 6400 -c--a-w- c:\windows\system32\dllcache\OLD33F.tmp

2011-12-17 15:29 . 2001-08-17 04:19 283904 -c--a-w- c:\windows\system32\dllcache\OLD33B.tmp

2011-12-17 15:29 . 2001-08-17 04:10 19996 -c--a-w- c:\windows\system32\dllcache\OLD337.tmp

2011-12-17 15:29 . 2001-08-17 04:10 19996 -c--a-w- c:\windows\system32\dllcache\OLD334.tmp

2011-12-17 15:29 . 2001-08-17 04:10 19996 -c--a-w- c:\windows\system32\dllcache\OLD331.tmp

2011-12-17 15:29 . 2004-08-04 12:00 514587 -c--a-w- c:\windows\system32\dllcache\OLD32D.tmp

2011-12-17 15:29 . 2008-04-14 00:12 20992 -c--a-w- c:\windows\system32\dllcache\OLD32A.tmp

2011-12-17 15:29 . 2001-08-17 04:20 334208 -c--a-w- c:\windows\system32\dllcache\OLD326.tmp

2011-12-17 15:27 . 2001-08-17 04:13 21533 -c--a-w- c:\windows\system32\dllcache\OLD2E2.tmp

2011-12-17 15:26 . 2001-08-17 04:12 39680 -c--a-w- c:\windows\system32\dllcache\OLD2A8.tmp

2011-12-17 15:26 . 2001-08-17 04:12 37916 -c--a-w- c:\windows\system32\dllcache\OLD2A4.tmp

2011-12-17 15:26 . 2001-08-17 14:36 32256 -c--a-w- c:\windows\system32\dllcache\OLD2A0.tmp

2011-12-17 15:26 . 2001-08-17 04:13 164923 -c--a-w- c:\windows\system32\dllcache\OLD29C.tmp

2011-12-17 15:26 . 2004-08-04 12:00 54528 -c--a-w- c:\windows\system32\dllcache\OLD298.tmp

2011-12-17 15:26 . 2008-04-14 00:11 121856 -c--a-w- c:\windows\system32\dllcache\OLD295.tmp

2011-12-17 15:26 . 2001-08-17 14:37 116736 -c--a-w- c:\windows\system32\dllcache\OLD291.tmp

2011-12-17 15:26 . 2001-08-17 14:36 74240 -c--a-w- c:\windows\system32\dllcache\OLD28D.tmp

2011-12-17 15:26 . 2001-08-17 14:37 73216 -c--a-w- c:\windows\system32\dllcache\OLD289.tmp

2011-12-17 15:26 . 2001-08-17 06:04 171264 -c--a-w- c:\windows\system32\dllcache\OLD285.tmp

2011-12-17 15:26 . 2001-08-17 06:05 314752 -c--a-w- c:\windows\system32\dllcache\OLD281.tmp

2011-12-17 15:26 . 2004-08-04 12:00 10752 -c--a-w- c:\windows\system32\dllcache\OLD27D.tmp

2011-12-17 15:24 . 2001-08-17 04:11 96640 -c--a-w- c:\windows\system32\dllcache\OLD179.tmp

2011-12-17 15:23 . 2001-08-17 04:49 75136 -c--a-w- c:\windows\system32\dllcache\OLD125.tmp

2011-12-17 15:21 . 2001-08-17 05:47 6272 -c--a-w- c:\windows\system32\dllcache\OLDE8.tmp

2011-12-17 15:21 . 2004-08-03 14:31 36224 -c--a-w- c:\windows\system32\dllcache\OLDE4.tmp

2011-12-17 15:21 . 2001-08-17 05:52 12032 -c--a-w- c:\windows\system32\dllcache\OLDE0.tmp

2011-12-17 15:21 . 2001-08-17 04:11 16969 -c--a-w- c:\windows\system32\dllcache\OLDDC.tmp

2011-12-17 15:20 . 2001-08-17 05:51 5248 -c--a-w- c:\windows\system32\dllcache\OLDD8.tmp

2011-12-17 15:20 . 2001-08-17 05:49 26624 -c--a-w- c:\windows\system32\dllcache\OLDD4.tmp

2011-12-17 15:20 . 2001-08-17 04:11 27678 -c--a-w- c:\windows\system32\dllcache\OLDD0.tmp

2011-12-17 15:20 . 2001-08-17 06:07 56960 -c--a-w- c:\windows\system32\dllcache\OLDCC.tmp

2011-12-17 15:20 . 2001-08-17 06:07 55168 -c--a-w- c:\windows\system32\dllcache\OLDC8.tmp

2011-12-17 15:20 . 2001-08-17 05:52 12800 -c--a-w- c:\windows\system32\dllcache\OLDC4.tmp

2011-12-17 15:20 . 2007-04-02 18:26 19456 -c--a-w- c:\windows\system32\dllcache\OLDC0.tmp

2011-12-17 15:20 . 2007-04-02 18:25 19456 -c--a-w- c:\windows\system32\dllcache\OLDBD.tmp

2011-12-17 15:20 . 2001-08-17 14:36 5632 -c--a-w- c:\windows\system32\dllcache\OLDBA.tmp

2011-12-17 15:15 . 2001-08-17 06:07 101888 -c--a-w- c:\windows\system32\dllcache\OLDB5.tmp

2011-12-17 15:15 . 2001-08-17 04:11 46112 -c--a-w- c:\windows\system32\dllcache\OLDB1.tmp

2011-12-17 15:15 . 2004-08-03 14:32 10880 -c--a-w- c:\windows\system32\dllcache\OLDAD.tmp

2011-12-17 15:15 . 2001-08-17 04:19 747392 -c--a-w- c:\windows\system32\dllcache\OLDA9.tmp

2011-12-17 15:15 . 2001-08-17 04:19 553984 -c--a-w- c:\windows\system32\dllcache\OLDA5.tmp

2011-12-17 15:15 . 2001-08-17 04:19 584448 -c--a-w- c:\windows\system32\dllcache\OLDA1.tmp

2011-12-17 15:15 . 2001-08-17 04:11 20160 -c--a-w- c:\windows\system32\dllcache\OLD9D.tmp

2011-12-17 15:13 . 2007-04-02 16:36 16384 -c--a-w- c:\windows\system32\dllcache\OLD53.tmp

2011-12-17 15:12 . 2008-04-14 00:11 82035 -c--a-w- c:\windows\system32\dllcache\OLD16.tmp

2011-12-17 15:12 . 2008-04-14 00:11 184435 -c--a-w- c:\windows\system32\dllcache\OLD13.tmp

2011-12-17 15:12 . 2008-04-14 00:11 147513 -c--a-w- c:\windows\system32\dllcache\OLD19.tmp

2011-12-17 15:12 . 2008-04-14 00:12 188480 -c--a-w- c:\windows\system32\dllcache\OLD10.tmp

2011-12-17 15:12 . 2008-04-14 00:12 16439 -c--a-w- c:\windows\system32\dllcache\OLDD.tmp

2011-12-17 15:12 . 2008-04-14 00:11 20540 -c--a-w- c:\windows\system32\dllcache\OLDA.tmp

2011-12-17 15:12 . 2011-12-17 15:44 -------- d-----w- c:\windows\LastGood

2011-12-17 15:12 . 2008-04-14 00:12 16439 -c--a-w- c:\windows\system32\dllcache\OLD7.tmp

2011-12-17 15:12 . 2008-04-14 00:11 20540 -c--a-w- c:\windows\system32\dllcache\OLD4.tmp

2011-11-24 07:34 . 2011-11-24 07:34 414368 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl

.

.

.

(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2011-11-28 18:01 . 2011-06-12 06:59 41184 ----a-w- c:\windows\avastSS.scr

2011-11-28 18:01 . 2011-06-12 06:59 199816 ----a-w- c:\windows\system32\aswBoot.exe

2011-11-28 17:53 . 2011-06-12 07:00 435032 ----a-w- c:\windows\system32\drivers\aswSnx.sys

2011-11-28 17:53 . 2011-06-12 07:00 314456 ----a-w- c:\windows\system32\drivers\aswSP.sys

2011-11-28 17:52 . 2011-06-12 07:00 34392 ----a-w- c:\windows\system32\drivers\aswRdr.sys

2011-11-28 17:52 . 2011-06-12 07:00 52952 ----a-w- c:\windows\system32\drivers\aswTdi.sys

2011-11-28 17:52 . 2011-06-12 07:00 111320 ----a-w- c:\windows\system32\drivers\aswmon2.sys

2011-11-28 17:51 . 2011-06-12 07:00 105176 ----a-w- c:\windows\system32\drivers\aswmon.sys

2011-11-28 17:51 . 2011-06-12 07:00 20568 ----a-w- c:\windows\system32\drivers\aswFsBlk.sys

2011-11-28 17:48 . 2011-06-12 07:00 30808 ----a-w- c:\windows\system32\drivers\aavmker4.sys

2011-11-23 13:25 . 2004-08-04 12:00 1859584 ----a-w- c:\windows\system32\win32k.sys

2011-11-04 19:20 . 2004-08-04 12:00 916992 ----a-w- c:\windows\system32\wininet.dll

2011-11-04 19:20 . 2004-08-04 12:00 43520 ----a-w- c:\windows\system32\licmgr10.dll

2011-11-04 19:20 . 2004-08-04 12:00 1469440 ----a-w- c:\windows\system32\inetcpl.cpl

2011-11-04 11:23 . 2004-08-04 12:00 385024 ----a-w- c:\windows\system32\html.iec

2011-11-01 16:07 . 2004-08-04 12:00 1288704 ----a-w- c:\windows\system32\ole32.dll

2011-10-28 05:31 . 2004-08-04 12:00 33280 ----a-w- c:\windows\system32\csrsrv.dll

2011-10-25 13:33 . 2004-08-04 12:00 2192768 ----a-w- c:\windows\system32\ntoskrnl.exe

2011-10-25 12:52 . 2004-08-03 22:59 2069376 ----a-w- c:\windows\system32\ntkrnlpa.exe

2011-10-18 11:13 . 2004-08-04 12:00 186880 ----a-w- c:\windows\system32\encdec.dll

2011-10-10 14:22 . 2006-05-29 14:50 692736 ----a-w- c:\windows\system32\inetcomm.dll

2011-10-05 14:05 . 2010-02-24 02:13 634 ----a-w- c:\documents and settings\kelvin\Local Settings\Application Data\fw_start.bat

2011-09-28 07:06 . 2004-08-04 12:00 599040 ----a-w- c:\windows\system32\crypt32.dll

2011-09-26 03:41 . 2007-10-09 05:03 611328 ----a-w- c:\windows\system32\uiautomationcore.dll

2011-09-26 03:41 . 2004-08-04 12:00 220160 ----a-w- c:\windows\system32\oleacc.dll

2011-09-26 03:41 . 2004-08-04 12:00 20480 ----a-w- c:\windows\system32\oleaccrc.dll

.

.

------- Sigcheck -------

Note: Unsigned files aren't necessarily malware.

.

[-] 2006-10-18 13:47 . C51B4A5C05A5475708E3C81C7765B71D . 27136 . . [11.0.5721.5145] . . c:\windows\LastGood\system32\mspmsnsv.dll

[-] 2006-10-18 13:47 . C51B4A5C05A5475708E3C81C7765B71D . 27136 . . [11.0.5721.5145] . . c:\windows\system32\mspmsnsv.dll

[-] 2005-01-28 05:44 . 140EF97B64F560FD78643CAE2CDAD838 . 25088 . . [10.0.3790.3802] . . c:\windows\$NtUninstallWMFDist11$\mspmsnsv.dll

[-] 2005-01-28 05:44 . 140EF97B64F560FD78643CAE2CDAD838 . 25088 . . [10.0.3790.3802] . . c:\windows\RegisteredPackages\{30C7234B-6482-4A55-A11D-ECD9030313F2}\MsPMSNSv.dll

[-] 2004-08-04 12:00 . C086483E3DBA8C1C0A687EC8D5B3D4C1 . 52224 . . [9.0.1.56] . . c:\windows\RegisteredPackages\{30C7234B-6482-4A55-A11D-ECD9030313F2}$BACKUP$\System\MsPMSNSv.dll

.

((((((((((((((((((((((((((((( SnapShot@2011-12-17_15.32.28 )))))))))))))))))))))))))))))))))))))))))

.

+ 2011-12-17 15:08 . 2011-12-17 15:08 16384 c:\windows\Temp\Perflib_Perfdata_1a8.dat

+ 2004-08-04 00:56 . 2008-04-14 00:12 23552 c:\windows\system32\wdmaud.drv

- 2004-08-04 00:56 . 2004-08-03 16:56 23552 c:\windows\system32\wdmaud.drv

- 2006-05-29 22:44 . 2004-08-03 16:56 74240 c:\windows\system32\usbui.dll

+ 2006-05-29 22:44 . 2008-04-14 00:12 74240 c:\windows\system32\usbui.dll

+ 2004-08-04 12:00 . 2011-11-04 19:20 66560 c:\windows\system32\mshtmled.dll

- 2004-08-04 12:00 . 2011-08-22 23:48 66560 c:\windows\system32\mshtmled.dll

- 2006-11-07 13:03 . 2011-08-22 23:48 55296 c:\windows\system32\msfeedsbs.dll

+ 2006-11-07 13:03 . 2011-11-04 19:20 55296 c:\windows\system32\msfeedsbs.dll

- 2004-08-04 12:00 . 2011-08-22 23:48 25600 c:\windows\system32\jsproxy.dll

+ 2004-08-04 12:00 . 2011-11-04 19:20 25600 c:\windows\system32\jsproxy.dll

+ 2004-08-04 12:00 . 2008-04-13 18:45 20608 c:\windows\system32\drivers\usbuhci.sys

+ 2006-08-09 09:33 . 2008-04-13 18:45 60032 c:\windows\system32\drivers\usbaudio.sys

+ 2006-05-29 15:08 . 2008-04-13 19:15 60800 c:\windows\system32\drivers\sysaudio.sys

- 2006-05-29 15:08 . 2004-08-03 15:15 60800 c:\windows\system32\drivers\sysaudio.sys

+ 2006-05-29 15:08 . 2008-04-13 18:45 56576 c:\windows\system32\drivers\swmidi.sys

+ 2004-08-03 23:08 . 2008-04-13 18:45 49408 c:\windows\system32\drivers\stream.sys

+ 2004-08-04 12:00 . 2008-04-13 18:40 24960 c:\windows\system32\drivers\pciidex.sys

+ 2004-08-04 12:00 . 2008-04-13 18:36 68224 c:\windows\system32\drivers\pci.sys

- 2004-08-04 12:00 . 2004-08-03 15:07 68224 c:\windows\system32\drivers\pci.sys

+ 2004-08-04 12:00 . 2008-04-13 18:36 37248 c:\windows\system32\drivers\isapnp.sys

+ 2004-08-04 12:00 . 2008-04-13 19:18 52480 c:\windows\system32\drivers\i8042prt.sys

- 2009-06-10 00:04 . 2011-08-22 23:48 12800 c:\windows\system32\dllcache\xpshims.dll

+ 2009-06-10 00:04 . 2011-11-04 19:20 12800 c:\windows\system32\dllcache\xpshims.dll

+ 2004-08-04 12:00 . 2008-04-13 18:40 11392 c:\windows\system32\dllcache\sfloppy.sys

+ 2004-08-04 12:00 . 2008-04-13 18:40 11008 c:\windows\system32\dllcache\sffp_sd.sys

+ 2004-08-04 12:00 . 2008-04-13 18:40 11904 c:\windows\system32\dllcache\sffdisk.sys

+ 2009-01-11 06:01 . 2008-04-14 00:12 32768 c:\windows\system32\dllcache\setupn.exe

+ 2006-05-29 14:50 . 2008-04-14 00:12 73216 c:\windows\system32\dllcache\setup50.exe

+ 2004-08-04 12:00 . 2008-04-14 00:12 23040 c:\windows\system32\dllcache\setup.exe

+ 2004-08-04 12:00 . 2008-04-14 00:12 31232 c:\windows\system32\dllcache\sethc.exe

+ 2006-05-29 14:48 . 2008-04-14 00:12 56320 c:\windows\system32\dllcache\servdeps.dll

+ 2004-08-04 12:00 . 2008-04-13 19:15 64512 c:\windows\system32\dllcache\serial.sys

+ 2004-08-04 12:00 . 2008-04-13 18:40 15744 c:\windows\system32\dllcache\serenum.sys

+ 2004-08-04 12:00 . 2008-04-14 00:12 98304 c:\windows\system32\dllcache\nlhtml.dll

+ 2001-08-17 13:24 . 2004-08-04 12:00 12032 c:\windows\system32\dllcache\nikedrv.sys

+ 2004-08-03 22:58 . 2008-04-13 18:51 61824 c:\windows\system32\dllcache\nic1394.sys

+ 2004-08-04 12:00 . 2008-04-14 00:12 80896 c:\windows\system32\dllcache\netui0.dll

+ 2004-08-04 12:00 . 2008-04-14 00:12 36864 c:\windows\system32\dllcache\netstat.exe

+ 2004-08-04 12:00 . 2008-04-14 00:12 86016 c:\windows\system32\dllcache\netsh.exe

+ 2006-10-19 05:33 . 2008-04-13 17:27 79872 c:\windows\system32\dllcache\msxml6r.dll

- 2009-01-11 06:01 . 2008-04-13 17:27 79872 c:\windows\system32\dllcache\msxml6r.dll

- 2004-08-04 12:00 . 2011-08-22 23:48 66560 c:\windows\system32\dllcache\mshtmled.dll

+ 2004-08-04 12:00 . 2011-11-04 19:20 66560 c:\windows\system32\dllcache\mshtmled.dll

+ 2007-05-13 08:00 . 2011-11-04 19:20 55296 c:\windows\system32\dllcache\msfeedsbs.dll

- 2007-05-13 08:00 . 2011-08-22 23:48 55296 c:\windows\system32\dllcache\msfeedsbs.dll

+ 2006-05-29 14:48 . 2008-04-14 00:12 16384 c:\windows\system32\dllcache\mofcomp.exe

+ 2004-08-04 12:00 . 2008-04-14 00:11 40960 c:\windows\system32\dllcache\mf3216.dll

+ 2004-08-03 23:07 . 2008-04-13 18:36 63744 c:\windows\system32\dllcache\mf.sys

+ 2004-08-04 12:00 . 2008-04-14 00:11 19968 c:\windows\system32\dllcache\log.dll

+ 2004-08-04 12:00 . 2011-11-04 19:20 43520 c:\windows\system32\dllcache\licmgr10.dll

- 2004-08-04 12:00 . 2011-08-22 23:48 43520 c:\windows\system32\dllcache\licmgr10.dll

+ 2004-08-04 12:00 . 2011-11-04 19:20 25600 c:\windows\system32\dllcache\jsproxy.dll

- 2004-08-04 12:00 . 2011-08-22 23:48 25600 c:\windows\system32\dllcache\jsproxy.dll

+ 2004-08-04 12:00 . 2008-04-13 18:40 42112 c:\windows\system32\dllcache\imapi.sys

+ 2006-05-29 14:50 . 2008-04-14 00:11 81920 c:\windows\system32\dllcache\ils.dll

+ 2009-01-11 06:00 . 2008-04-14 00:11 81920 c:\windows\system32\dllcache\ieencode.dll

+ 2006-05-29 14:50 . 2008-04-14 00:11 49152 c:\windows\system32\dllcache\icwutil.dll

+ 2006-05-29 14:50 . 2008-04-14 00:12 24576 c:\windows\system32\dllcache\icwrmind.exe

+ 2004-08-04 12:00 . 2008-04-13 19:18 52480 c:\windows\system32\dllcache\i8042prt.sys

+ 2004-08-04 12:00 . 2008-04-14 00:11 41984 c:\windows\system32\dllcache\htui.dll

+ 2004-08-04 12:00 . 2009-10-21 05:38 25088 c:\windows\system32\dllcache\httpapi.dll

- 2009-10-21 05:38 . 2009-10-21 05:38 25088 c:\windows\system32\dllcache\httpapi.dll

+ 2011-12-17 15:44 . 2006-10-18 13:47 99840 c:\windows\LastGood\system32\wmpshell.dll

+ 2011-12-17 15:43 . 2006-10-18 13:47 37376 c:\windows\LastGood\system32\wmdmps.dll

+ 2011-12-17 15:43 . 2006-10-18 13:47 33792 c:\windows\LastGood\system32\wmdmlog.dll

+ 2011-12-17 15:43 . 2004-08-03 16:56 23552 c:\windows\LastGood\system32\wdmaud.drv

+ 2011-12-17 15:43 . 2004-08-03 16:56 74240 c:\windows\LastGood\system32\usbui.dll

+ 2011-12-17 15:14 . 2006-10-18 13:47 11264 c:\windows\LastGood\system32\laprxy.dll

+ 2011-12-17 15:43 . 2004-08-03 15:08 20480 c:\windows\LastGood\system32\drivers\usbuhci.sys

+ 2011-12-17 15:43 . 2004-08-03 15:07 59264 c:\windows\LastGood\system32\drivers\usbaudio.sys

+ 2011-12-17 15:43 . 2004-08-03 15:15 60800 c:\windows\LastGood\system32\drivers\sysaudio.sys

+ 2011-12-17 15:43 . 2001-08-17 06:00 54272 c:\windows\LastGood\system32\drivers\swmidi.sys

+ 2011-12-17 15:43 . 2004-08-03 15:08 48640 c:\windows\LastGood\system32\drivers\stream.sys

+ 2011-12-17 15:35 . 2004-08-03 14:59 25088 c:\windows\LastGood\system32\drivers\pciidex.sys

+ 2011-12-17 15:35 . 2004-08-03 15:07 68224 c:\windows\LastGood\system32\drivers\pci.sys

+ 2011-12-17 15:33 . 2001-08-17 05:58 35840 c:\windows\LastGood\system32\drivers\isapnp.sys

+ 2011-12-17 15:32 . 2004-08-04 12:00 52736 c:\windows\LastGood\system32\drivers\i8042prt.sys

+ 2011-12-17 15:13 . 2007-04-02 16:36 16384 c:\windows\LastGood\system32\dllcache\tcptsat.dll

+ 2011-12-17 15:13 . 2008-04-14 00:12 32827 c:\windows\LastGood\system32\dllcache\tcptest.exe

+ 2011-12-17 15:13 . 2008-04-14 00:12 16437 c:\windows\LastGood\system32\dllcache\shtml.exe

+ 2011-12-17 15:13 . 2008-04-14 00:12 20536 c:\windows\LastGood\system32\dllcache\shtml.dll

+ 2011-12-17 15:13 . 2001-08-17 06:56 66048 c:\windows\LastGood\system32\dllcache\s3legacy.dll

+ 2011-12-17 15:34 . 2004-08-04 12:00 92032 c:\windows\LastGood\system32\dllcache\mga.dll

+ 2011-12-17 15:31 . 2001-08-17 05:28 67167 c:\windows\LastGood\system32\dllcache\hsf_bsc2.sys

+ 2011-12-17 15:31 . 2001-08-17 14:36 31232 c:\windows\LastGood\system32\dllcache\hpgt42tk.dll

+ 2011-12-17 15:31 . 2001-08-17 14:36 93696 c:\windows\LastGood\system32\dllcache\hpgt42.dll

+ 2011-12-17 15:31 . 2001-08-17 14:36 48128 c:\windows\LastGood\system32\dllcache\hpgt33tk.dll

+ 2011-12-17 15:31 . 2001-08-17 14:36 89088 c:\windows\LastGood\system32\dllcache\hpgt33.dll

+ 2011-12-17 15:31 . 2001-08-17 14:36 83968 c:\windows\LastGood\system32\dllcache\hpgt21.dll

+ 2011-12-17 15:30 . 2008-04-13 18:36 20352 c:\windows\LastGood\system32\dllcache\hidbatt.sys

+ 2011-12-17 15:30 . 2008-04-13 18:40 28288 c:\windows\LastGood\system32\dllcache\grserial.sys

+ 2011-12-17 15:30 . 2001-08-17 05:51 82304 c:\windows\LastGood\system32\dllcache\grclass.sys

+ 2011-12-17 15:30 . 2001-08-17 05:51 17408 c:\windows\LastGood\system32\dllcache\gpr400.sys

+ 2011-12-17 15:30 . 2004-08-04 12:00 31744 c:\windows\LastGood\system32\dllcache\fxsroute.dll

+ 2011-12-17 15:30 . 2001-08-17 14:36 92160 c:\windows\LastGood\system32\dllcache\fuusd.dll

+ 2011-12-17 15:13 . 2008-04-14 00:12 20538 c:\windows\LastGood\system32\dllcache\fpremadm.exe

+ 2011-12-17 15:13 . 2008-04-14 00:11 20541 c:\windows\LastGood\system32\dllcache\fpexedll.dll

+ 2011-12-17 15:13 . 2008-04-14 00:12 15120 c:\windows\LastGood\system32\dllcache\fp98sadm.exe

+ 2011-12-17 15:13 . 2008-04-14 00:11 49212 c:\windows\LastGood\system32\dllcache\fp4awebs.dll

+ 2011-12-17 15:13 . 2008-04-14 00:11 32826 c:\windows\LastGood\system32\dllcache\fp4avss.dll

+ 2011-12-17 15:13 . 2008-04-14 00:11 41020 c:\windows\LastGood\system32\dllcache\fp4avnb.dll

+ 2011-12-17 15:13 . 2008-04-14 00:11 49210 c:\windows\LastGood\system32\dllcache\fp4areg.dll

+ 2011-12-17 15:12 . 2008-04-14 00:11 82035 c:\windows\LastGood\system32\dllcache\fp4anscp.dll

+ 2011-12-17 15:42 . 2001-08-17 14:36 26112 c:\windows\LastGood\system32\dllcache\EXCH_seos.dll

+ 2011-12-17 15:23 . 2001-08-17 14:36 45056 c:\windows\LastGood\system32\dllcache\EXCH_aqadmin.dll

+ 2011-12-17 15:29 . 2001-08-17 04:10 19996 c:\windows\LastGood\system32\dllcache\em556n4.sys

+ 2011-12-17 15:28 . 2001-08-17 14:36 38985 c:\windows\LastGood\system32\dllcache\disrvsu.dll

+ 2011-12-17 15:28 . 2001-08-17 14:36 31305 c:\windows\LastGood\system32\dllcache\disrvpp.dll

+ 2011-12-17 15:28 . 2001-08-17 04:13 91305 c:\windows\LastGood\system32\dllcache\dimaint.sys

+ 2011-12-17 15:28 . 2001-08-17 04:17 42432 c:\windows\LastGood\system32\dllcache\digirlpt.sys

+ 2011-12-17 15:28 . 2001-08-17 04:14 21606 c:\windows\LastGood\system32\dllcache\digiisdn.sys

+ 2011-12-17 15:28 . 2001-08-17 04:13 37735 c:\windows\LastGood\system32\dllcache\digiasyn.sys

+ 2011-12-17 15:28 . 2001-08-17 14:36 65622 c:\windows\LastGood\system32\dllcache\digiasyn.dll

+ 2011-12-17 15:26 . 2001-08-17 14:36 32256 c:\windows\LastGood\system32\dllcache\diapi2NT.dll

+ 2011-12-17 15:28 . 2001-08-17 04:17 29531 c:\windows\LastGood\system32\dllcache\dgapci.sys

+ 2011-12-17 15:28 . 2001-08-17 04:19 96256 c:\windows\LastGood\system32\dllcache\ctlsb16.sys

+ 2011-12-17 15:28 . 2001-08-17 04:11 60970 c:\windows\LastGood\system32\dllcache\cpqtrnd5.sys

+ 2011-12-17 15:27 . 2001-08-17 04:13 21533 c:\windows\LastGood\system32\dllcache\cpqndis5.sys

+ 2011-12-17 15:27 . 2001-08-17 05:52 14976 c:\windows\LastGood\system32\dllcache\cpqarray.sys

+ 2011-12-17 15:27 . 2004-08-04 12:00 14336 c:\windows\LastGood\system32\dllcache\chgusr.exe

+ 2011-12-17 15:27 . 2004-08-04 12:00 15872 c:\windows\LastGood\system32\dllcache\chgport.exe

+ 2011-12-17 15:27 . 2004-08-04 12:00 13312 c:\windows\LastGood\system32\dllcache\chglogon.exe

+ 2011-12-17 15:27 . 2001-08-17 04:13 49182 c:\windows\LastGood\system32\dllcache\cem56n5.sys

+ 2011-12-17 15:27 . 2001-08-17 04:13 22044 c:\windows\LastGood\system32\dllcache\cem33n5.sys

+ 2011-12-17 15:27 . 2001-08-17 04:13 22044 c:\windows\LastGood\system32\dllcache\cem28n5.sys

+ 2011-12-17 15:27 . 2001-08-17 04:13 27164 c:\windows\LastGood\system32\dllcache\ce3n5.sys

+ 2011-12-17 15:27 . 2001-08-17 04:13 21530 c:\windows\LastGood\system32\dllcache\ce2n5.sys

+ 2011-12-17 15:27 . 2001-08-17 04:13 46108 c:\windows\LastGood\system32\dllcache\cben5.sys

+ 2011-12-17 15:26 . 2001-08-17 04:12 39680 c:\windows\LastGood\system32\dllcache\cb325.sys

+ 2011-12-17 15:26 . 2001-08-17 04:12 37916 c:\windows\LastGood\system32\dllcache\cb102.sys

+ 2011-12-17 15:26 . 2004-08-04 12:00 54528 c:\windows\LastGood\system32\dllcache\cap7146.sys

+ 2011-12-17 15:26 . 2001-08-17 14:36 74240 c:\windows\LastGood\system32\dllcache\camexo20.dll

+ 2011-12-17 15:26 . 2004-08-04 12:00 10752 c:\windows\LastGood\system32\dllcache\c_iscii.dll

+ 2011-12-17 15:25 . 2001-08-17 05:51 13824 c:\windows\LastGood\system32\dllcache\bulltlp3.sys

+ 2011-12-17 15:25 . 2001-08-17 04:11 31529 c:\windows\LastGood\system32\dllcache\brzwlan.sys

+ 2011-12-17 15:25 . 2001-08-17 05:12 10368 c:\windows\LastGood\system32\dllcache\brusbscn.sys

+ 2011-12-17 15:25 . 2001-08-17 05:12 11008 c:\windows\LastGood\system32\dllcache\brusbmdm.sys

+ 2011-12-17 15:25 . 2001-08-17 05:12 60416 c:\windows\LastGood\system32\dllcache\brserwdm.sys

+ 2011-12-17 15:25 . 2001-08-17 05:12 39552 c:\windows\LastGood\system32\dllcache\brparwdm.sys

+ 2011-12-17 15:25 . 2001-08-17 14:36 41472 c:\windows\LastGood\system32\dllcache\brmfusb.dll

+ 2011-12-17 15:25 . 2001-08-17 14:36 32256 c:\windows\LastGood\system32\dllcache\brmfrsmg.exe

+ 2011-12-17 15:25 . 2001-08-17 14:36 29696 c:\windows\LastGood\system32\dllcache\brmflpt.dll

+ 2011-12-17 15:25 . 2001-08-17 14:36 81408 c:\windows\LastGood\system32\dllcache\brmfcwia.dll

+ 2011-12-17 15:25 . 2001-08-17 14:36 15360 c:\windows\LastGood\system32\dllcache\brmfbidi.dll

+ 2011-12-17 15:25 . 2001-08-17 05:12 12160 c:\windows\LastGood\system32\dllcache\brfiltlo.sys

+ 2011-12-17 15:25 . 2001-08-17 14:36 12800 c:\windows\LastGood\system32\dllcache\brevif.dll

+ 2011-12-17 15:25 . 2001-08-17 14:36 19456 c:\windows\LastGood\system32\dllcache\brbidiif.dll

+ 2011-12-17 15:25 . 2008-04-13 18:46 11776 c:\windows\LastGood\system32\dllcache\bdasup.sys

+ 2011-12-17 15:25 . 2001-08-17 04:11 26568 c:\windows\LastGood\system32\dllcache\bcm4e5.sys

+ 2011-12-17 15:25 . 2001-08-17 04:11 54271 c:\windows\LastGood\system32\dllcache\bcm42xx5.sys

+ 2011-12-17 15:25 . 2001-08-17 04:11 66557 c:\windows\LastGood\system32\dllcache\bcm42u.sys

+ 2011-12-17 15:25 . 2001-08-17 04:48 36128 c:\windows\LastGood\system32\dllcache\banshee.sys

+ 2011-12-17 15:24 . 2001-08-17 04:11 96640 c:\windows\LastGood\system32\dllcache\b57xp32.sys

+ 2011-12-17 15:24 . 2001-08-17 04:13 89952 c:\windows\LastGood\system32\dllcache\b1cbase.sys

+ 2011-12-17 15:24 . 2001-08-17 04:19 36992 c:\windows\LastGood\system32\dllcache\aztw2320.sys

+ 2011-12-17 15:24 . 2001-08-17 04:13 37568 c:\windows\LastGood\system32\dllcache\avmwan.sys

+ 2011-12-17 15:24 . 2001-08-17 14:36 87552 c:\windows\LastGood\system32\dllcache\avmcoxp.dll

+ 2011-12-17 15:24 . 2008-04-13 18:46 13696 c:\windows\LastGood\system32\dllcache\avcstrm.sys

+ 2011-12-17 15:24 . 2001-08-17 06:01 36096 c:\windows\LastGood\system32\dllcache\avcaudio.sys

+ 2011-12-17 15:24 . 2008-04-13 18:46 38912 c:\windows\LastGood\system32\dllcache\avc.sys

+ 2011-12-17 15:12 . 2008-04-14 00:12 16439 c:\windows\LastGood\system32\dllcache\author.exe

+ 2011-12-17 15:12 . 2008-04-14 00:11 20540 c:\windows\LastGood\system32\dllcache\author.dll

+ 2011-12-17 15:24 . 2001-08-17 04:49 23552 c:\windows\LastGood\system32\dllcache\atixbar.sys

+ 2011-12-17 15:24 . 2001-08-17 04:49 26624 c:\windows\LastGood\system32\dllcache\ativxbar.sys

+ 2011-12-17 15:24 . 2001-08-17 04:49 19456 c:\windows\LastGood\system32\dllcache\ativttxx.sys

+ 2011-12-17 15:24 . 2001-08-17 04:49 17152 c:\windows\LastGood\system32\dllcache\atitvsnd.sys

+ 2011-12-17 15:24 . 2001-08-17 04:49 17152 c:\windows\LastGood\system32\dllcache\atitunep.sys

+ 2011-12-17 15:24 . 2001-08-17 04:49 26880 c:\windows\LastGood\system32\dllcache\atirtsnd.sys

+ 2011-12-17 15:24 . 2001-08-17 04:49 49920 c:\windows\LastGood\system32\dllcache\atirtcap.sys

+ 2011-12-17 15:24 . 2001-08-17 04:48 70528 c:\windows\LastGood\system32\dllcache\atiragem.sys

+ 2011-12-17 15:24 . 2001-08-17 04:49 10240 c:\windows\LastGood\system32\dllcache\atipcxxx.sys

+ 2011-12-17 15:23 . 2001-08-17 04:49 75136 c:\windows\LastGood\system32\dllcache\atimpae.sys

+ 2011-12-17 15:23 . 2001-08-17 14:36 37376 c:\windows\LastGood\system32\dllcache\atievxx.exe

+ 2011-12-17 15:23 . 2001-08-17 04:49 46464 c:\windows\LastGood\system32\dllcache\atibt829.sys

+ 2011-12-17 15:23 . 2001-08-17 05:57 77568 c:\windows\LastGood\system32\dllcache\ati.sys

+ 2011-12-17 15:23 . 2001-08-17 06:55 96128 c:\windows\LastGood\system32\dllcache\ati.dll

+ 2011-12-17 15:23 . 2001-08-17 04:12 97354 c:\windows\LastGood\system32\dllcache\aspndis3.sys

+ 2011-12-17 15:23 . 2001-08-17 05:51 14848 c:\windows\LastGood\system32\dllcache\asc3550.sys

+ 2011-12-17 15:23 . 2001-08-17 05:52 22400 c:\windows\LastGood\system32\dllcache\asc3350p.sys

+ 2011-12-17 15:23 . 2001-08-17 05:52 26496 c:\windows\LastGood\system32\dllcache\asc.sys

+ 2011-12-17 15:21 . 2004-08-03 14:31 36224 c:\windows\LastGood\system32\dllcache\an983.sys

+ 2011-12-17 15:21 . 2001-08-17 05:52 12032 c:\windows\LastGood\system32\dllcache\amsint.sys

+ 2011-12-17 15:21 . 2001-08-17 04:11 16969 c:\windows\LastGood\system32\dllcache\amb8002.sys

+ 2011-12-17 15:20 . 2001-08-17 05:49 26624 c:\windows\LastGood\system32\dllcache\alifir.sys

+ 2011-12-17 15:20 . 2001-08-17 04:11 27678 c:\windows\LastGood\system32\dllcache\ali5261.sys

+ 2011-12-17 15:20 . 2001-08-17 06:07 56960 c:\windows\LastGood\system32\dllcache\aic78xx.sys

+ 2011-12-17 15:20 . 2001-08-17 06:07 55168 c:\windows\LastGood\system32\dllcache\aic78u2.sys

+ 2011-12-17 15:20 . 2001-08-17 05:52 12800 c:\windows\LastGood\system32\dllcache\aha154x.sys

+ 2011-12-17 15:20 . 2007-04-02 18:26 19456 c:\windows\LastGood\system32\dllcache\agt040d.dll

+ 2011-12-17 15:20 . 2007-04-02 18:25 19456 c:\windows\LastGood\system32\dllcache\agt0401.dll

+ 2011-12-17 15:15 . 2001-08-17 04:11 46112 c:\windows\LastGood\system32\dllcache\adptsf50.sys

+ 2011-12-17 15:15 . 2004-08-03 14:32 10880 c:\windows\LastGood\system32\dllcache\admjoy.sys

+ 2011-12-17 15:12 . 2008-04-14 00:12 16439 c:\windows\LastGood\system32\dllcache\admin.exe

+ 2011-12-17 15:12 . 2008-04-14 00:11 20540 c:\windows\LastGood\system32\dllcache\admin.dll

+ 2011-12-17 15:15 . 2001-08-17 04:11 20160 c:\windows\LastGood\system32\dllcache\adm8511.sys

+ 2011-12-17 15:14 . 2001-08-17 14:36 61440 c:\windows\LastGood\system32\dllcache\acerscad.dll

+ 2011-12-17 15:14 . 2004-08-03 14:32 84480 c:\windows\LastGood\system32\dllcache\ac97via.sys

+ 2011-12-17 15:14 . 2001-08-17 04:20 96256 c:\windows\LastGood\system32\dllcache\ac97intc.sys

+ 2011-12-17 15:14 . 2001-08-17 05:52 23552 c:\windows\LastGood\system32\dllcache\abp480n5.sys

+ 2011-12-17 15:14 . 2001-08-17 14:36 98304 c:\windows\LastGood\system32\dllcache\a3d.dll

+ 2011-12-17 15:14 . 2001-08-17 06:55 38400 c:\windows\LastGood\system32\dllcache\8514a.dll

+ 2011-12-17 15:14 . 2008-04-13 18:46 48128 c:\windows\LastGood\system32\dllcache\61883.sys

+ 2011-12-17 15:14 . 2008-04-13 18:40 12288 c:\windows\LastGood\system32\dllcache\4mmdat.sys

+ 2011-12-17 15:14 . 2001-08-17 06:06 11264 c:\windows\LastGood\system32\dllcache\1394vdbg.sys

+ 2011-12-17 15:14 . 2008-04-13 18:46 53376 c:\windows\LastGood\system32\dllcache\1394bus.sys

+ 2011-12-17 15:52 . 2011-08-22 23:48 12800 c:\windows\ie8updates\KB2618444-IE8\xpshims.dll

+ 2011-12-17 15:52 . 2011-08-22 23:48 66560 c:\windows\ie8updates\KB2618444-IE8\mshtmled.dll

+ 2011-12-17 15:52 . 2011-08-22 23:48 55296 c:\windows\ie8updates\KB2618444-IE8\msfeedsbs.dll

+ 2011-12-17 15:52 . 2011-08-22 23:48 43520 c:\windows\ie8updates\KB2618444-IE8\licmgr10.dll

+ 2011-12-17 15:52 . 2011-08-22 23:48 25600 c:\windows\ie8updates\KB2618444-IE8\jsproxy.dll

- 2006-05-29 15:07 . 2004-08-03 16:56 4096 c:\windows\system32\ksuser.dll

+ 2006-05-29 15:07 . 2008-04-14 00:11 4096 c:\windows\system32\ksuser.dll

+ 2004-08-04 12:00 . 2008-04-14 00:11 8192 c:\windows\system32\dllcache\igmpagnt.dll

+ 2011-12-17 15:44 . 2006-10-18 13:47 4096 c:\windows\LastGood\system32\wmvdmoe2.dll

+ 2011-12-17 15:44 . 2006-10-18 13:47 4096 c:\windows\LastGood\system32\wmvdmod.dll

+ 2011-12-17 15:44 . 2006-10-18 13:47 4096 c:\windows\LastGood\system32\wmsdmoe2.dll

+ 2011-12-17 15:44 . 2006-10-18 13:47 4096 c:\windows\LastGood\system32\wmsdmod.dll

+ 2011-12-17 15:34 . 2006-10-18 13:47 4096 c:\windows\LastGood\system32\mpg4dmod.dll

+ 2011-12-17 15:34 . 2006-10-18 13:47 4096 c:\windows\LastGood\system32\mp4sdmod.dll

+ 2011-12-17 15:34 . 2006-10-18 13:47 4096 c:\windows\LastGood\system32\mp43dmod.dll

+ 2011-12-17 15:33 . 2004-08-03 16:56 4096 c:\windows\LastGood\system32\ksuser.dll

+ 2011-12-17 15:31 . 2001-08-17 06:02 2688 c:\windows\LastGood\system32\dllcache\hidswvd.sys

+ 2011-12-17 15:31 . 2001-08-17 06:02 8576 c:\windows\LastGood\system32\dllcache\hidgame.sys

+ 2011-12-17 15:20 . 2001-08-17 14:36 5632 c:\windows\LastGood\system32\dllcache\EXCH_adsiisex.dll

+ 2011-12-17 15:29 . 2001-08-17 05:46 6400 c:\windows\LastGood\system32\dllcache\enum1394.sys

+ 2011-12-17 15:28 . 2001-08-17 14:36 6729 c:\windows\LastGood\system32\dllcache\disrvci.dll

+ 2011-12-17 15:28 . 2001-08-17 04:19 3712 c:\windows\LastGood\system32\dllcache\ctljystk.sys

+ 2011-12-17 15:28 . 2001-08-17 04:19 6912 c:\windows\LastGood\system32\dllcache\ctlfacem.sys

+ 2011-12-17 15:27 . 2008-04-13 18:40 8192 c:\windows\LastGood\system32\dllcache\changer.sys

+ 2011-12-17 15:27 . 2004-08-04 12:00 9728 c:\windows\LastGood\system32\dllcache\change.exe

+ 2011-12-17 15:27 . 2001-08-17 05:52 7680 c:\windows\LastGood\system32\dllcache\cd20xrnt.sys

+ 2011-12-17 15:25 . 2001-08-17 14:36 9728 c:\windows\LastGood\system32\dllcache\brserif.dll

+ 2011-12-17 15:25 . 2001-08-17 14:36 5120 c:\windows\LastGood\system32\dllcache\brscnrsm.dll

+ 2011-12-17 15:25 . 2001-08-17 05:12 3168 c:\windows\LastGood\system32\dllcache\brparimg.sys

+ 2011-12-17 15:25 . 2001-08-17 05:12 3968 c:\windows\LastGood\system32\dllcache\brfiltup.sys

+ 2011-12-17 15:25 . 2001-08-17 05:12 2944 c:\windows\LastGood\system32\dllcache\brfilt.sys

+ 2011-12-17 15:25 . 2001-08-17 14:36 9728 c:\windows\LastGood\system32\dllcache\brcoinst.dll

+ 2011-12-17 15:24 . 2001-08-17 04:49 9472 c:\windows\LastGood\system32\dllcache\ativmdcd.sys

+ 2011-12-17 15:21 . 2001-08-17 05:47 6272 c:\windows\LastGood\system32\dllcache\apmbatt.sys

+ 2011-12-17 15:20 . 2001-08-17 05:51 5248 c:\windows\LastGood\system32\dllcache\aliide.sys

+ 2011-12-17 15:14 . 2001-08-17 05:53 7424 c:\windows\LastGood\system32\dllcache\adicvls.sys

+ 2011-12-17 15:23 . 2006-10-18 13:47 7168 c:\windows\LastGood\system32\asferror.dll

+ 2004-08-04 12:00 . 2005-01-28 05:44 895736 c:\windows\system32\wmvdmod.dll

+ 2004-08-04 12:00 . 2005-01-28 05:44 774904 c:\windows\system32\wmsdmod.dll

+ 2004-08-04 12:00 . 2005-01-28 05:44 396528 c:\windows\system32\wmadmod.dll

- 2004-08-04 12:00 . 2010-10-03 00:12 218624 c:\windows\system32\uxtheme.dll

+ 2004-08-04 12:00 . 2008-04-14 00:12 218624 c:\windows\system32\uxtheme.dll

- 2004-08-04 12:00 . 2011-08-22 23:48 105984 c:\windows\system32\url.dll

+ 2004-08-04 12:00 . 2011-11-04 19:20 105984 c:\windows\system32\url.dll

- 2004-08-04 12:00 . 2011-08-22 23:48 206848 c:\windows\system32\occache.dll

+ 2004-08-04 12:00 . 2011-11-04 19:20 206848 c:\windows\system32\occache.dll

- 2004-08-04 12:00 . 2011-08-22 23:48 611840 c:\windows\system32\mstime.dll

+ 2004-08-04 12:00 . 2011-11-04 19:20 611840 c:\windows\system32\mstime.dll

+ 2004-08-04 12:00 . 2005-01-28 05:44 142336 c:\windows\system32\msnetobj.dll

- 2006-11-07 13:03 . 2011-08-22 23:48 602112 c:\windows\system32\msfeeds.dll

+ 2006-11-07 13:03 . 2011-11-04 19:20 602112 c:\windows\system32\msfeeds.dll

+ 2004-08-04 12:00 . 2011-11-04 19:20 184320 c:\windows\system32\iepeers.dll

- 2004-08-04 12:00 . 2011-08-22 23:48 184320 c:\windows\system32\iepeers.dll

- 2004-08-04 12:00 . 2011-08-22 23:48 387584 c:\windows\system32\iedkcs32.dll

+ 2004-08-04 12:00 . 2011-11-04 19:20 387584 c:\windows\system32\iedkcs32.dll

- 2004-08-04 12:00 . 2011-08-22 11:56 174080 c:\windows\system32\ie4uinit.exe

+ 2004-08-04 12:00 . 2011-11-04 11:24 174080 c:\windows\system32\ie4uinit.exe

+ 2004-08-04 12:00 . 2008-04-13 18:45 143872 c:\windows\system32\drivers\usbport.sys

+ 2006-05-29 15:07 . 2008-04-13 19:19 146048 c:\windows\system32\drivers\portcls.sys

+ 2004-08-03 23:15 . 2008-04-13 19:16 141056 c:\windows\system32\drivers\ks.sys

+ 2004-08-04 12:00 . 2011-11-04 19:20 916992 c:\windows\system32\dllcache\wininet.dll

- 2004-08-04 12:00 . 2011-08-22 23:48 105984 c:\windows\system32\dllcache\url.dll

+ 2004-08-04 12:00 . 2011-11-04 19:20 105984 c:\windows\system32\dllcache\url.dll

+ 2004-08-04 12:00 . 2008-04-14 00:12 140288 c:\windows\system32\dllcache\sfc_os.dll

+ 2004-08-04 12:00 . 2008-04-14 00:12 101376 c:\windows\system32\dllcache\setupqry.dll

+ 2006-05-29 14:48 . 2008-04-14 00:12 141312 c:\windows\system32\dllcache\sessmgr.exe

- 2009-04-17 08:25 . 2009-02-06 11:11 110592 c:\windows\system32\dllcache\services.exe

+ 2004-08-04 12:00 . 2009-02-06 11:11 110592 c:\windows\system32\dllcache\services.exe

- 2004-08-04 12:00 . 2011-08-22 23:48 206848 c:\windows\system32\dllcache\occache.dll

+ 2004-08-04 12:00 . 2011-11-04 19:20 206848 c:\windows\system32\dllcache\occache.dll

+ 2004-08-04 12:00 . 2008-04-14 00:12 247808 c:\windows\system32\dllcache\newdev.dll

+ 2004-08-04 12:00 . 2008-04-14 00:12 245760 c:\windows\system32\dllcache\netui1.dll

+ 2004-08-04 12:00 . 2008-04-14 00:16 329728 c:\windows\system32\dllcache\netsetup.exe

+ 2004-08-04 12:00 . 2011-11-04 19:20 611840 c:\windows\system32\dllcache\mstime.dll

- 2004-08-04 12:00 . 2011-08-22 23:48 611840 c:\windows\system32\dllcache\mstime.dll

+ 2007-05-13 08:00 . 2011-11-04 19:20 602112 c:\windows\system32\dllcache\msfeeds.dll

- 2007-05-13 08:00 . 2011-08-22 23:48 602112 c:\windows\system32\dllcache\msfeeds.dll

+ 2004-08-04 12:00 . 2008-04-14 00:11 153600 c:\windows\system32\dllcache\modemui.dll

+ 2004-08-04 12:00 . 2008-04-14 00:12 150528 c:\windows\system32\dllcache\imapi.exe

+ 2004-08-04 12:00 . 2008-04-14 00:11 144384 c:\windows\system32\dllcache\imagehlp.dll

+ 2004-08-04 12:00 . 2008-04-14 00:11 505344 c:\windows\system32\dllcache\iis.dll

+ 2004-08-04 12:00 . 2008-04-14 00:11 135680 c:\windows\system32\dllcache\ifmon.dll

+ 2004-08-04 12:00 . 2008-04-14 00:12 114688 c:\windows\system32\dllcache\iexpress.exe

+ 2009-06-10 00:04 . 2011-11-04 19:20 247808 c:\windows\system32\dllcache\ieproxy.dll

- 2009-06-10 00:04 . 2011-08-22 23:48 247808 c:\windows\system32\dllcache\ieproxy.dll

- 2004-08-04 12:00 . 2011-08-22 23:48 184320 c:\windows\system32\dllcache\iepeers.dll

+ 2004-08-04 12:00 . 2011-11-04 19:20 184320 c:\windows\system32\dllcache\iepeers.dll

- 2010-06-09 00:17 . 2011-08-22 23:48 743424 c:\windows\system32\dllcache\iedvtool.dll

+ 2010-06-09 00:17 . 2011-11-04 19:20 743424 c:\windows\system32\dllcache\iedvtool.dll

- 2004-08-04 12:00 . 2011-08-22 23:48 387584 c:\windows\system32\dllcache\iedkcs32.dll

+ 2004-08-04 12:00 . 2011-11-04 19:20 387584 c:\windows\system32\dllcache\iedkcs32.dll

- 2004-08-04 12:00 . 2011-08-22 11:56 174080 c:\windows\system32\dllcache\ie4uinit.exe

+ 2004-08-04 12:00 . 2011-11-04 11:24 174080 c:\windows\system32\dllcache\ie4uinit.exe

+ 2004-08-04 12:00 . 2008-04-14 00:11 120832 c:\windows\system32\dllcache\idq.dll

+ 2004-08-04 12:00 . 2008-04-14 00:11 119808 c:\windows\system32\dllcache\iasrad.dll

+ 2004-08-04 12:00 . 2009-10-20 16:20 265728 c:\windows\system32\dllcache\http.sys

- 2009-10-20 16:20 . 2009-10-20 16:20 265728 c:\windows\system32\dllcache\http.sys

+ 2011-12-17 15:44 . 2006-10-18 13:47 242688 c:\windows\LastGood\system32\wmpasf.dll

+ 2011-12-17 15:44 . 2006-10-18 13:47 157184 c:\windows\LastGood\system32\wmidx.dll

+ 2011-12-17 15:44 . 2006-10-18 13:47 227328 c:\windows\LastGood\system32\wmerror.dll

+ 2011-12-17 15:43 . 2006-10-18 13:47 757248 c:\windows\LastGood\system32\wmadmod.dll

+ 2011-12-17 15:43 . 2010-10-03 00:12 218624 c:\windows\LastGood\system32\uxtheme.dll

+ 2011-12-17 15:35 . 2006-10-18 13:47 211456 c:\windows\LastGood\system32\qasf.dll

+ 2011-12-17 15:34 . 2006-10-18 13:47 321536 c:\windows\LastGood\system32\mswmdm.dll

+ 2011-12-17 15:34 . 2006-10-18 13:47 175616 c:\windows\LastGood\system32\mspmsp.dll

+ 2011-12-17 15:34 . 2006-10-18 13:47 179712 c:\windows\LastGood\system32\msnetobj.dll

+ 2011-12-17 15:43 . 2004-08-03 15:08 142976 c:\windows\LastGood\system32\drivers\usbport.sys

+ 2011-12-17 15:35 . 2004-08-03 15:15 145792 c:\windows\LastGood\system32\drivers\portcls.sys

+ 2011-12-17 15:33 . 2004-08-03 15:15 140928 c:\windows\LastGood\system32\drivers\ks.sys

+ 2011-12-17 15:32 . 2001-08-17 05:28 199711 c:\windows\LastGood\system32\dllcache\hsf_faxx.sys

+ 2011-12-17 15:32 . 2001-08-17 05:28 289887 c:\windows\LastGood\system32\dllcache\hsf_fall.sys

+ 2011-12-17 15:31 . 2001-08-17 05:28 150239 c:\windows\LastGood\system32\dllcache\hsf_amos.sys

+ 2011-12-17 15:31 . 2001-08-17 14:36 165888 c:\windows\LastGood\system32\dllcache\hpgt53.dll

+ 2011-12-17 15:31 . 2001-08-17 14:36 126976 c:\windows\LastGood\system32\dllcache\hpgt34tk.dll

+ 2011-12-17 15:31 . 2001-08-17 14:36 101376 c:\windows\LastGood\system32\dllcache\hpgt34.dll

+ 2011-12-17 15:31 . 2001-08-17 14:36 123392 c:\windows\LastGood\system32\dllcache\hpgt21tk.dll

+ 2011-12-17 15:31 . 2001-08-17 14:36 119296 c:\windows\LastGood\system32\dllcache\hpdigwia.dll

+ 2011-12-17 15:30 . 2001-08-17 06:56 470144 c:\windows\LastGood\system32\dllcache\g200d.dll

+ 2011-12-17 15:30 . 2001-08-17 04:15 454912 c:\windows\LastGood\system32\dllcache\fxusbase.sys

+ 2011-12-17 15:30 . 2008-04-14 00:11 154112 c:\windows\LastGood\system32\dllcache\fxsui.dll

+ 2011-12-17 15:30 . 2008-04-14 00:11 397312 c:\windows\LastGood\system32\dllcache\fxstiff.dll

+ 2011-12-17 15:30 . 2008-04-14 00:11 246272 c:\windows\LastGood\system32\dllcache\fxst30.dll

+ 2011-12-17 15:30 . 2008-04-14 00:12 267776 c:\windows\LastGood\system32\dllcache\fxssvc.exe

+ 2011-12-17 15:30 . 2008-04-14 00:11 562176 c:\windows\LastGood\system32\dllcache\fxsst.dll

+ 2011-12-17 15:30 . 2004-08-04 12:00 132608 c:\windows\LastGood\system32\dllcache\fxsclntr.dll

+ 2011-12-17 15:30 . 2008-04-14 00:12 142848 c:\windows\LastGood\system32\dllcache\fxsclnt.exe

+ 2011-12-17 15:30 . 2004-08-04 12:00 111104 c:\windows\LastGood\system32\dllcache\fxscfgwz.dll

+ 2011-12-17 15:30 . 2008-04-14 00:11 451584 c:\windows\LastGood\system32\dllcache\fxsapi.dll

+ 2011-12-17 15:30 . 2001-08-17 04:15 455296 c:\windows\LastGood\system32\dllcache\fusbbase.sys

+ 2011-12-17 15:13 . 2007-04-02 16:36 208896 c:\windows\LastGood\system32\dllcache\fpmmcsat.dll

+ 2011-12-17 15:13 . 2008-04-14 00:11 598071 c:\windows\LastGood\system32\dllcache\fpmmc.dll

+ 2011-12-17 15:13 . 2008-04-14 00:12 188494 c:\windows\LastGood\system32\dllcache\fpcount.exe

+ 2011-12-17 15:30 . 2001-08-17 04:14 441728 c:\windows\LastGood\system32\dllcache\fpcmbase.sys

+ 2011-12-17 15:30 . 2001-08-17 04:14 444416 c:\windows\LastGood\system32\dllcache\fpcibase.sys

+ 2011-12-17 15:13 . 2008-04-14 00:12 109840 c:\windows\LastGood\system32\dllcache\fp98swin.exe

+ 2011-12-17 15:13 . 2008-04-14 00:11 876653 c:\windows\LastGood\system32\dllcache\fp4awel.dll

+ 2011-12-17 15:13 . 2008-04-14 00:11 102509 c:\windows\LastGood\system32\dllcache\fp4atxt.dll

+ 2011-12-17 15:12 . 2008-04-14 00:11 147513 c:\windows\LastGood\system32\dllcache\fp4apws.dll

+ 2011-12-17 15:12 . 2008-04-14 00:11 184435 c:\windows\LastGood\system32\dllcache\fp4amsft.dll

+ 2011-12-17 15:29 . 2001-08-17 05:28 594238 c:\windows\LastGood\system32\dllcache\es56hpi.sys

+ 2011-12-17 15:29 . 2001-08-17 05:28 595647 c:\windows\LastGood\system32\dllcache\es56cvmp.sys

+ 2011-12-17 15:29 . 2001-08-17 05:50 144896 c:\windows\LastGood\system32\dllcache\epcfw2k.sys

+ 2011-12-17 15:29 . 2001-08-17 04:19 283904 c:\windows\LastGood\system32\dllcache\emu10k1m.sys

+ 2011-12-17 15:29 . 2004-08-04 12:00 514587 c:\windows\LastGood\system32\dllcache\edb500.dll

+ 2011-12-17 15:29 . 2001-08-17 04:20 334208 c:\windows\LastGood\system32\dllcache\ds1wdm.sys

+ 2011-12-17 15:28 . 2001-08-17 14:36 236060 c:\windows\LastGood\system32\dllcache\ditrace.exe

+ 2011-12-17 15:28 . 2001-08-17 14:36 614429 c:\windows\LastGood\system32\dllcache\digiview.exe

+ 2011-12-17 15:28 . 2001-08-17 14:36 110621 c:\windows\LastGood\system32\dllcache\digirlpt.dll

+ 2011-12-17 15:26 . 2001-08-17 04:13 164923 c:\windows\LastGood\system32\dllcache\diapi2.sys

+ 2011-12-17 15:12 . 2008-04-14 00:12 188480 c:\windows\LastGood\system32\dllcache\cfgwiz.exe

+ 2011-12-17 15:27 . 2001-08-17 05:28 714698 c:\windows\LastGood\system32\dllcache\cbmdmkxx.sys

+ 2011-12-17 15:26 . 2008-04-14 00:11 121856 c:\windows\LastGood\system32\dllcache\camext30.dll

+ 2011-12-17 15:26 . 2001-08-17 06:04 171264 c:\windows\LastGood\system32\dllcache\camdrv30.sys

+ 2011-12-17 15:26 . 2001-08-17 06:05 314752 c:\windows\LastGood\system32\dllcache\camdro21.sys

+ 2011-12-17 15:25 . 2001-08-17 14:36 102400 c:\windows\LastGood\system32\dllcache\binlsvc.dll

+ 2011-12-17 15:25 . 2001-08-17 05:28 871388 c:\windows\LastGood\system32\dllcache\bcmdm.sys

+ 2011-12-17 15:25 . 2001-08-17 06:56 342336 c:\windows\LastGood\system32\dllcache\banshee.dll

+ 2011-12-17 15:24 . 2001-08-17 14:36 144384 c:\windows\LastGood\system32\dllcache\avmenum.dll

+ 2011-12-17 15:24 . 2001-08-17 06:56 104832 c:\windows\LastGood\system32\dllcache\atiraged.dll

+ 2011-12-17 15:24 . 2001-08-17 04:48 281600 c:\windows\LastGood\system32\dllcache\atimtai.sys

+ 2011-12-17 15:23 . 2001-08-17 04:48 289664 c:\windows\LastGood\system32\dllcache\atimpab.sys

+ 2011-12-17 15:23 . 2001-08-17 06:56 268160 c:\windows\LastGood\system32\dllcache\atidvai.dll

+ 2011-12-17 15:23 . 2001-08-17 06:56 137216 c:\windows\LastGood\system32\dllcache\atidrae.dll

+ 2011-12-17 15:23 . 2001-08-17 06:55 382592 c:\windows\LastGood\system32\dllcache\atidrab.dll

+ 2011-12-17 15:23 . 2008-04-14 00:11 331264 c:\windows\LastGood\system32\dllcache\aqueue.dll

+ 2011-12-17 15:15 . 2001-08-17 06:07 101888 c:\windows\LastGood\system32\dllcache\adpu160m.sys

+ 2011-12-17 15:15 . 2001-08-17 04:19 747392 c:\windows\LastGood\system32\dllcache\adm8830.sys

+ 2011-12-17 15:15 . 2001-08-17 04:19 553984 c:\windows\LastGood\system32\dllcache\adm8820.sys

+ 2011-12-17 15:15 . 2001-08-17 04:19 584448 c:\windows\LastGood\system32\dllcache\adm8810.sys

+ 2011-12-17 15:14 . 2001-08-17 04:20 297728 c:\windows\LastGood\system32\dllcache\ac97sis.sys

+ 2011-12-17 15:14 . 2004-08-03 14:32 231552 c:\windows\LastGood\system32\dllcache\ac97ali.sys

+ 2011-12-17 15:14 . 2001-08-17 14:36 462848 c:\windows\LastGood\system32\dllcache\a3dapi.dll

+ 2011-12-17 15:14 . 2001-08-17 04:48 148352 c:\windows\LastGood\system32\dllcache\3dfxvsm.sys

+ 2011-12-17 15:14 . 2001-08-17 06:55 689216 c:\windows\LastGood\system32\dllcache\3dfxvs.dll

+ 2011-12-17 15:14 . 2001-08-17 05:28 762780 c:\windows\LastGood\system32\dllcache\3cwmcru.sys

+ 2011-12-17 15:27 . 2006-10-18 13:47 229376 c:\windows\LastGood\system32\cewmdm.dll

+ 2011-12-17 15:52 . 2011-08-22 23:48 916480 c:\windows\ie8updates\KB2618444-IE8\wininet.dll

+ 2011-12-17 15:52 . 2011-08-22 23:48 105984 c:\windows\ie8updates\KB2618444-IE8\url.dll

+ 2011-12-17 15:52 . 2010-07-05 13:16 382840 c:\windows\ie8updates\KB2618444-IE8\spuninst\updspapi.dll

+ 2011-12-17 15:52 . 2010-07-05 13:15 231288 c:\windows\ie8updates\KB2618444-IE8\spuninst\spuninst.exe

+ 2011-12-17 15:52 . 2011-08-22 23:48 206848 c:\windows\ie8updates\KB2618444-IE8\occache.dll

+ 2011-12-17 15:52 . 2011-08-22 23:48 611840 c:\windows\ie8updates\KB2618444-IE8\mstime.dll

+ 2011-12-17 15:52 . 2011-08-22 23:48 602112 c:\windows\ie8updates\KB2618444-IE8\msfeeds.dll

+ 2011-12-17 15:52 . 2011-08-22 23:48 247808 c:\windows\ie8updates\KB2618444-IE8\ieproxy.dll

+ 2011-12-17 15:52 . 2011-08-22 23:48 184320 c:\windows\ie8updates\KB2618444-IE8\iepeers.dll

+ 2011-12-17 15:52 . 2011-08-22 23:48 743424 c:\windows\ie8updates\KB2618444-IE8\iedvtool.dll

+ 2011-12-17 15:52 . 2011-08-22 23:48 387584 c:\windows\ie8updates\KB2618444-IE8\iedkcs32.dll

+ 2011-12-17 15:52 . 2011-08-22 11:56 174080 c:\windows\ie8updates\KB2618444-IE8\ie4uinit.exe

- 2004-08-04 12:00 . 2011-08-22 23:48 1212416 c:\windows\system32\urlmon.dll

+ 2004-08-04 12:00 . 2011-11-04 19:20 1212416 c:\windows\system32\urlmon.dll

+ 2004-08-04 12:00 . 2011-11-04 19:20 5978112 c:\windows\system32\mshtml.dll

- 2006-10-17 03:57 . 2011-08-22 23:48 2000384 c:\windows\system32\iertutil.dll

+ 2006-10-17 03:57 . 2011-11-04 19:20 2000384 c:\windows\system32\iertutil.dll

+ 2004-08-04 12:00 . 2011-11-04 19:20 1212416 c:\windows\system32\dllcache\urlmon.dll

- 2004-08-04 12:00 . 2011-08-22 23:48 1212416 c:\windows\system32\dllcache\urlmon.dll

+ 2004-08-04 12:00 . 2011-01-21 14:44 8462336 c:\windows\system32\dllcache\shell32.dll

- 2008-06-17 19:02 . 2011-01-21 14:44 8462336 c:\windows\system32\dllcache\shell32.dll

- 2008-10-15 06:59 . 2011-10-25 12:52 2069376 c:\windows\system32\dllcache\ntkrnlpa.exe

+ 2004-08-03 22:59 . 2011-10-25 12:52 2069376 c:\windows\system32\dllcache\ntkrnlpa.exe

+ 2004-08-04 12:00 . 2008-04-14 00:12 1703936 c:\windows\system32\dllcache\netshell.dll

+ 2004-08-04 12:00 . 2011-11-04 19:20 5978112 c:\windows\system32\dllcache\mshtml.dll

- 2010-03-10 10:11 . 2010-06-18 13:36 3558912 c:\windows\system32\dllcache\moviemk.exe

+ 2006-05-29 14:50 . 2010-06-18 13:36 3558912 c:\windows\system32\dllcache\moviemk.exe

+ 2007-05-13 08:00 . 2011-11-04 19:20 2000384 c:\windows\system32\dllcache\iertutil.dll

- 2007-05-13 08:00 . 2011-08-22 23:48 2000384 c:\windows\system32\dllcache\iertutil.dll

+ 2009-01-11 06:00 . 2004-08-03 14:41 1041536 c:\windows\system32\dllcache\hsfdpsp2.sys

+ 2004-08-04 12:00 . 2008-04-14 00:11 1025024 c:\windows\system32\dllcache\browseui.dll

+ 2011-12-17 15:44 . 2006-10-18 13:47 1329152 c:\windows\LastGood\system32\wmspdmoe.dll

+ 2011-12-17 15:44 . 2006-10-18 13:47 8231936 c:\windows\LastGood\system32\wmploc.dll

+ 2011-12-17 15:43 . 2006-10-18 13:47 1117696 c:\windows\LastGood\system32\wmadmoe.dll

+ 2011-12-17 15:13 . 2011-10-25 13:37 2148864 c:\windows\LastGood\system32\dllcache\ntkrnlmp.exe

+ 2011-12-17 15:52 . 2011-08-22 23:48 1212416 c:\windows\ie8updates\KB2618444-IE8\urlmon.dll

+ 2011-12-17 15:52 . 2011-10-03 08:35 5971456 c:\windows\ie8updates\KB2618444-IE8\mshtml.dll

+ 2011-12-17 15:52 . 2011-08-22 23:48 2000384 c:\windows\ie8updates\KB2618444-IE8\iertutil.dll

- 2006-11-07 13:03 . 2011-08-23 09:48 11081728 c:\windows\system32\ieframe.dll

+ 2006-11-07 13:03 . 2011-11-04 19:20 11081728 c:\windows\system32\ieframe.dll

- 2007-05-13 08:00 . 2011-08-23 09:48 11081728 c:\windows\system32\dllcache\ieframe.dll

+ 2007-05-13 08:00 . 2011-11-04 19:20 11081728 c:\windows\system32\dllcache\ieframe.dll

+ 2011-12-17 15:52 . 2011-08-23 09:48 11081728 c:\windows\ie8updates\KB2618444-IE8\ieframe.dll

.

-- Snapshot reset to current date --

.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))

.

.

*Note* empty entries & legit default entries are not shown

REGEDIT4

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\00avast]

@="{472083B0-C522-11CF-8763-00608CC02F24}"

[HKEY_CLASSES_ROOT\CLSID\{472083B0-C522-11CF-8763-00608CC02F24}]

2011-11-28 18:01 122512 ----a-w- c:\program files\AVAST Software\Avast\ashShell.dll

.

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"WMPNSCFG"="c:\program files\Windows Media Player\WMPNSCFG.exe" [2006-10-18 204288]

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"Broadcom Wireless Manager UI"="c:\windows\system32\WLTRAY" [X]

"SynTPLpr"="c:\program files\Synaptics\SynTP\SynTPLpr.exe" [2005-02-04 102490]

"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2005-02-04 708698]

"IMJPMIG8.1"="c:\windows\IME\imjp8_1\IMJPMIG.EXE" [2004-08-04 208952]

"MSPY2002"="c:\windows\system32\IME\PINTLGNT\ImScInst.exe" [2004-08-04 59392]

"PHIME2002ASync"="c:\windows\system32\IME\TINTLGNT\TINTSETP.EXE" [2004-08-04 455168]

"PHIME2002A"="c:\windows\system32\IME\TINTLGNT\TINTSETP.EXE" [2004-08-04 455168]

"SoundMan"="SOUNDMAN.EXE" [2005-04-15 77824]

"LaunchAp"="c:\program files\Launch Manager\LaunchAp.exe" [2005-07-25 32768]

"PowerKey"="c:\program files\Launch Manager\PowerKey.exe" [2002-08-30 94208]

"LManager"="c:\program files\Launch Manager\HotkeyApp.exe" [2005-11-08 69632]

"CtrlVol"="c:\program files\Launch Manager\CtrlVol.exe" [2003-09-16 20480]

"LMgrOSD"="c:\program files\Launch Manager\OSDCtrl.exe" [2005-07-25 241664]

"Wbutton"="c:\program files\Launch Manager\Wbutton.exe" [2005-11-08 81920]

"IgfxTray"="c:\windows\system32\igfxtray.exe" [2007-01-13 131072]

"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2007-01-13 163840]

"Persistence"="c:\windows\system32\igfxpers.exe" [2007-01-13 135168]

"avast"="c:\program files\AVAST Software\Avast\avastUI.exe" [2011-11-28 3744552]

"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2011-06-06 937920]

.

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]

"DWQueuedReporting"="c:\progra~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" [2007-02-25 437160]

"ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2008-04-14 15360]

.

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WinDefend]

@="Service"

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe ARM]

2011-06-06 04:55 937920 ----a-w- c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]

2011-09-05 17:04 35736 ----a-w- c:\program files\Adobe\Reader 10.0\Reader\reader_sl.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MobileConnect]

2008-07-04 04:52 2072576 ----a-w- c:\program files\Vodafone\Vodafone Mobile Connect\Bin\MobileConnect.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Windows Defender]

2006-11-03 11:20 866584 ----a-w- c:\program files\Windows Defender\MSASCui.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WMPNSCFG]

2006-10-18 12:05 204288 ------w- c:\program files\Windows Media Player\wmpnscfg.exe

.

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]

"%windir%\\system32\\sessmgr.exe"=

"c:\\WINDOWS\\system32\\dpvsetup.exe"=

"c:\\Program Files\\NetMeeting\\conf.exe"=

"c:\\Program Files\\Messenger\\msmsgs.exe"=

"%windir%\\Network Diagnostic\\xpnetdiag.exe"=

"c:\\Program Files\\Windows Live\\Sync\\WindowsLiveSync.exe"=

.

R1 aswSnx;aswSnx;c:\windows\system32\drivers\aswSnx.sys [6/12/2011 3:00 PM 435032]

R1 aswSP;aswSP;c:\windows\system32\drivers\aswSP.sys [6/12/2011 3:00 PM 314456]

R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [6/12/2011 3:00 PM 20568]

R2 VMCService;Vodafone Mobile Connect Service;c:\program files\Vodafone\Vodafone Mobile Connect\Bin\VMCService.exe [7/4/2008 12:52 PM 14336]

R3 POWERKEY;POWERKEY;c:\program files\Launch Manager\POWERKEY.SYS [8/9/2006 5:18 PM 2343]

S1 mailKmd;mailKmd; [x]

S2 gupdate;Google Update Service (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [12/24/2010 9:37 AM 136176]

S3 camvid20;Philips ToUcam Camera; Video;c:\windows\system32\drivers\camdrv21.sys [8/9/2006 5:33 PM 223232]

S3 EagleXNt;EagleXNt;\??\c:\windows\system32\drivers\EagleXNt.sys --> c:\windows\system32\drivers\EagleXNt.sys [?]

S3 gupdatem;Google Update Service (gupdatem);c:\program files\Google\Update\GoogleUpdate.exe [12/24/2010 9:37 AM 136176]

S3 MatSvc;Microsoft Automated Troubleshooting Service;c:\program files\Microsoft Fix it Center\Matsvc.exe [4/10/2010 5:05 PM 266544]

S3 Mkd2kfNt;Mkd2kfNt;c:\windows\system32\drivers\Mkd2kfNT.sys [4/22/2009 2:49 PM 133632]

S3 Mkd2Nadr;Mkd2Nadr;c:\windows\system32\drivers\Mkd2Nadr.sys [4/22/2009 2:49 PM 79360]

S3 npggsvc;nProtect GameGuard Service;c:\windows\system32\GameMon.des -service --> c:\windows\system32\GameMon.des -service [?]

S4 WinDefend;Windows Defender;c:\program files\Windows Defender\MsMpEng.exe [11/3/2006 7:19 PM 13592]

.

Contents of the 'Scheduled Tasks' folder

.

2011-03-16 c:\windows\Tasks\AppleSoftwareUpdate.job

- c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 04:34]

.

2011-12-17 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job

- c:\program files\Google\Update\GoogleUpdate.exe [2010-12-24 14:42]

.

2011-12-17 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job

- c:\program files\Google\Update\GoogleUpdate.exe [2010-12-24 14:42]

.

2011-10-01 c:\windows\Tasks\MP Scheduled Scan.job

- c:\program files\Windows Defender\MpCmdRun.exe [2006-11-03 11:20]

.

.

------- Supplementary Scan -------

.

uStart Page = hxxp://sg.yahoo.com/

IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000

TCP: DhcpNameServer = 192.168.1.254

DPF: {3AC7F64E-6154-47B0-82B5-764ED4077F77} - hxxp://txn.hkjc.com/BetSlip/object/HKJCSecKey.cab

FF - ProfilePath - c:\documents and settings\kelvin\Application Data\Mozilla\Firefox\Profiles\jnwwztep.default\

FF - prefs.js: browser.startup.homepage - hxxp://sg.yahoo.com/

.

.

**************************************************************************

.

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net

Rootkit scan 2011-12-18 00:05

Windows 5.1.2600 Service Pack 3 NTFS

.

scanning hidden processes ...

.

scanning hidden autostart entries ...

.

scanning hidden files ...

.

scan completed successfully

hidden files: 0

.

**************************************************************************

.

[HKEY_LOCAL_MACHINE\System\ControlSet002\Services\npggsvc]

"ImagePath"="c:\windows\system32\GameMon.des -service"

.

--------------------- DLLs Loaded Under Running Processes ---------------------

.

- - - - - - - > 'winlogon.exe'(588)

c:\windows\System32\BCMLogon.dll

.

Completion time: 2011-12-17 23:10:51

ComboFix-quarantined-files.txt 2011-12-17 15:10

ComboFix2.txt 2011-12-17 15:37

.

Pre-Run: 586,194,944 bytes free

Post-Run: 889,016,320 bytes free

.

- - End Of File - - 3045CA2577B22E43D5BE28D255703B2B

Link to post
Share on other sites

How often is the computer not able to shut down (does it only occur every once in a while, or daily)?

Please rerun OTL. Click the NONE button, then change the value under Extra Registry to Use Safelist and click Run Scan. This will create extra.txt. Please post its contents in your next reply.

Link to post
Share on other sites

It seems like 70% of the time the computer would not shutdown.

Extras.Txt

OTL Extras logfile created on: 12/17/2011 11:13:27 PM - Run 3

OTL by OldTimer - Version 3.2.31.0 Folder = C:\Documents and Settings\kelvin\Desktop

Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation

Internet Explorer (Version = 8.0.6001.18702)

Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

758.42 Mb Total Physical Memory | 374.91 Mb Available Physical Memory | 49.43% Memory free

1.06 Gb Paging File | 0.74 Gb Available in Paging File | 70.08% Paging File free

Paging file location(s): C:\pagefile.sys 372 744 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files

Drive C: | 15.14 Gb Total Space | 0.71 Gb Free Space | 4.66% Space Free | Partition Type: NTFS

Drive D: | 20.00 Gb Total Space | 7.63 Gb Free Space | 38.16% Space Free | Partition Type: NTFS

Computer Name: JUSTIN-743CC739 | User Name: kelvin | Logged in as Administrator.

Boot Mode: Normal | Scan Mode: Current user

Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: Off | File Age = 30 Days

========== Extra Registry (SafeList) ==========

========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]

.cpl [@ = cplfile] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*

.url [@ = InternetShortcut] -- rundll32.exe ieframe.dll,OpenURL %l

[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]

.html [@ = FirefoxHTML] -- "C:\Program Files\Mozilla Firefox\firefox.exe" -requestPending -osint -url "%1"

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]

batfile [open] -- "%1" %*

cmdfile [open] -- "%1" %*

comfile [open] -- "%1" %*

cplfile [cplopen] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*

exefile [open] -- "%1" %*

InternetShortcut [open] -- rundll32.exe ieframe.dll,OpenURL %l

piffile [open] -- "%1" %*

regfile [merge] -- Reg Error: Key error.

scrfile [config] -- "%1"

scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l

scrfile [open] -- "%1" /S

txtfile [edit] -- Reg Error: Key error.

Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1

Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation)

Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation)

Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]

"FirstRunDisabled" = 1

"AntiVirusDisableNotify" = 0

"FirewallDisableNotify" = 0

"UpdatesDisableNotify" = 0

"AntiVirusOverride" = 0

"FirewallOverride" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]

========== System Restore Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]

"DisableSR" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Sr]

"Start" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SrService]

"Start" = 2

========== Firewall Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\List]

"1900:UDP" = 1900:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22007

"2869:TCP" = 2869:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22008

"10243:TCP" = 10243:TCP:LocalSubNet:Enabled:Windows Media Player Network Sharing Service

"10280:UDP" = 10280:UDP:LocalSubNet:Enabled:Windows Media Player Network Sharing Service

"10281:UDP" = 10281:UDP:LocalSubNet:Enabled:Windows Media Player Network Sharing Service

"10282:UDP" = 10282:UDP:LocalSubNet:Enabled:Windows Media Player Network Sharing Service

"10283:UDP" = 10283:UDP:LocalSubNet:Enabled:Windows Media Player Network Sharing Service

"10284:UDP" = 10284:UDP:LocalSubNet:Enabled:Windows Media Player Network Sharing Service

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]

"EnableFirewall" = 1

"DoNotAllowExceptions" = 0

"DisableNotifications" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]

"1900:UDP" = 1900:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22007

"2869:TCP" = 2869:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22008

"10243:TCP" = 10243:TCP:LocalSubNet:Enabled:Windows Media Player Network Sharing Service

"10280:UDP" = 10280:UDP:LocalSubNet:Enabled:Windows Media Player Network Sharing Service

"10281:UDP" = 10281:UDP:LocalSubNet:Enabled:Windows Media Player Network Sharing Service

"10282:UDP" = 10282:UDP:LocalSubNet:Enabled:Windows Media Player Network Sharing Service

"10283:UDP" = 10283:UDP:LocalSubNet:Enabled:Windows Media Player Network Sharing Service

"10284:UDP" = 10284:UDP:LocalSubNet:Enabled:Windows Media Player Network Sharing Service

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]

"C:\Program Files\MSN Messenger\livecall.exe" = C:\Program Files\MSN Messenger\livecall.exe:*:Enabled:Windows Live Messenger 8.1 (Phone)

"C:\Program Files\Windows Live\Messenger\wlcsdk.exe" = C:\Program Files\Windows Live\Messenger\wlcsdk.exe:*:Enabled:Windows Live Call

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]

"C:\WINDOWS\system32\dpvsetup.exe" = C:\WINDOWS\system32\dpvsetup.exe:*:Enabled:Microsoft DirectPlay Voice Test -- (Microsoft Corporation)

"C:\Program Files\NetMeeting\conf.exe" = C:\Program Files\NetMeeting\conf.exe:*:Enabled:Windows® NetMeeting® -- (Microsoft Corporation)

========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]

"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148

"{205C6BDD-7B73-42DE-8505-9A093F35A238}" = Windows Live Upload Tool

"{22B775E7-6C42-4FC5-8E10-9A5E3257BD94}" = MSVCRT

"{26A24AE4-039D-4CA4-87B4-2F83216017FF}" = Java 6 Update 24

"{2DC94AFD-A6E2-4AB4-9132-4A3F8E07B386}" = Apple Application Support

"{3175E049-F9A9-4A3D-8F19-AC9FB04514D1}" = Windows Live Communications Platform

"{350C97B0-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP

"{45338B07-A236-4270-9A77-EBB4115517B5}" = Windows Live Sign-in Assistant

"{474F25F5-BDC9-40E5-B1B6-F6BF23FC106F}" = Windows Live Essentials

"{4B4E8814-F682-4197-8F4B-E9FFC6F08977}" = System Requirements Lab for Intel

"{6956856F-B6B3-4BE0-BA0B-8F495BE32033}" = Apple Software Update

"{69FDFBB6-351D-4B8C-89D8-867DC9D0A2A4}" = Windows Media Player Firefox Plugin

"{7E20EFE6-E604-48C6-8B39-BA4742F2CDB4}" = Zune Desktop Theme

"{80EAC1F5-3067-4E57-A09F-3AF728C59FE5}" = MapleStory

"{86CE85E6-DBAC-3FFD-B977-E4B79F83C909}" = Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570

"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight

"{90120000-0020-0409-0000-0000000FF1CE}" = Compatibility Pack for the 2007 Office system

"{91110409-6000-11D3-8CFE-0150048383C9}" = Microsoft Office Professional Edition 2003

"{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting

"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161

"{A06275F4-324B-4E85-95E6-87B2CD729401}" = Windows Defender

"{A1F66FC9-11EE-4F2F-98C9-16F8D1E69FB7}" = Segoe UI

"{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}" = Microsoft .NET Framework 3.0 Service Pack 2

"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper

"{AC76BA86-7AD7-1033-7B44-AA1000000001}" = Adobe Reader X (10.1.1)

"{AC76BA86-7AD7-5464-3428-800000000003}" = Spelling Dictionaries Support For Adobe Reader 8

"{B10914FD-8812-47A4-85A1-50FCDE7F1F33}" = Windows Live Sync

"{B194272D-1F92-46DF-99EB-8D5CE91CB4EC}" = Adobe AIR

"{B2974D26-9080-4FA4-B344-DA2D314F41DC}" = Vodafone Mobile Connect Lite Runtime Components

"{B7588D45-AFDC-4C93-9E2E-A100F3554B64}" = Microsoft Fix it Center

"{BA68600E-96D9-4E92-80F2-26B9681B5A63}" = Microsoft Office Outlook 2003 with Business Contact Manager Update

"{BAF78226-3200-4DB4-BE33-4D922A799840}" = Windows Presentation Foundation

"{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}" = Microsoft .NET Framework 2.0 Service Pack 2

"{C656142F-EFE1-44CD-BFAD-6CBC6DCB9860}" = Vodafone Mobile Connect Lite

"{c9920352-04e6-469d-bab8-e2b9c7c75415}.sdb" = Microsoft Automated Troubleshooting Services Shim

"{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1

"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1

"{D0846526-66DD-4DC9-A02C-98F9A2806812}" = Launch Manager V1.0.9.3

"{DE263C93-46AF-7B0A-1D3C-FC22F7C32574}" = MyFonts Order M2509539

"{E6158D07-2637-4ECF-B576-37C489669174}" = Windows Live Call

"{F0E12BBA-AD66-4022-A453-A1C8A0C4D570}" = Microsoft Choice Guard

"7-Zip" = 7-Zip 4.65

"Adobe AIR" = Adobe AIR

"Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX

"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin

"Adobe Shockwave Player" = Adobe Shockwave Player 11.5

"AhnLab Online Security" = AhnLab Online Security

"avast" = avast! Free Antivirus

"Broadcom 802.11b Network Adapter" = Broadcom 802.11 Network Adapter

"CCleaner" = CCleaner

"CNXT_MODEM_PCI_VEN_8086&DEV_266D_CplEFL5k" = Soft Data Fax Modem with SmartCP

"Defraggler" = Defraggler

"HDMI" = Intel® Graphics Media Accelerator Driver

"IDNMitigationAPIs" = Microsoft Internationalized Domain Names Mitigation APIs

"ie7" = Windows Internet Explorer 7

"ie8" = Windows Internet Explorer 8

"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware version 1.51.2.1300

"Microsoft .NET Framework 1.1 (1033)" = Microsoft .NET Framework 1.1

"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1

"Mozilla Firefox 4.0 (x86 en-GB)" = Mozilla Firefox 4.0 (x86 en-GB)

"MSCompPackV1" = Microsoft Compression Client Pack 1.0 for Windows XP

"MWSnap 3" = MWSnap 3

"NEXON Screen Saver_is1" = NEXON Screen Saver

"NLSDownlevelMapping" = Microsoft National Language Support Downlevel APIs

"Revo Uninstaller" = Revo Uninstaller 1.92

"Speccy" = Speccy

"SynTPDeinstKey" = Synaptics Pointing Device Driver

"WIC" = Windows Imaging Component

"Windows Media Format Runtime" = Windows Media Format 11 runtime

"Windows Media Player" = Windows Media Player 11

"Windows XP Service Pack" = Windows XP Service Pack 3

"WinGimp-2.0_is1" = GIMP 2.6.11

"WinLiveSuite_Wave3" = Windows Live Essentials

"WMCSetup" = Windows Media Connect

"WMFDist11" = Windows Media Format 11 runtime

"wmp11" = Windows Media Player 11

"Wudf01005" = Microsoft User-Mode Driver Framework Feature Pack 1.5

"xp-AntiSpy" = xp-AntiSpy 3.95-2

"XpsEPSC" = XML Paper Specification Shared Components Pack 1.0

========== Last 10 Event Log Errors ==========

[ Application Events ]

Error - 12/17/2011 11:08:31 AM | Computer Name = JUSTIN-743CC739 | Source = VMCService | ID = 0

Description = conflictManagerTypeValue

Error - 12/17/2011 11:08:34 AM | Computer Name = JUSTIN-743CC739 | Source = VMCService | ID = 0

Description = conflictManagerTypeValue

Error - 12/17/2011 11:08:11 AM | Computer Name = JUSTIN-743CC739 | Source = VMCService | ID = 0

Description = conflictManagerTypeValue

Error - 12/17/2011 11:08:04 AM | Computer Name = JUSTIN-743CC739 | Source = VMCService | ID = 0

Description = conflictManagerTypeValue

Error - 12/17/2011 11:08:19 AM | Computer Name = JUSTIN-743CC739 | Source = VMCService | ID = 0

Description = conflictManagerTypeValue

Error - 12/17/2011 11:08:15 AM | Computer Name = JUSTIN-743CC739 | Source = VMCService | ID = 0

Description = conflictManagerTypeValue

Error - 12/17/2011 11:08:13 AM | Computer Name = JUSTIN-743CC739 | Source = VMCService | ID = 0

Description = conflictManagerTypeValue

Error - 12/17/2011 11:08:22 AM | Computer Name = JUSTIN-743CC739 | Source = VMCService | ID = 0

Description = conflictManagerTypeValue

Error - 12/17/2011 11:08:09 AM | Computer Name = JUSTIN-743CC739 | Source = VMCService | ID = 0

Description = conflictManagerTypeValue

Error - 12/17/2011 11:08:08 AM | Computer Name = JUSTIN-743CC739 | Source = VMCService | ID = 0

Description = conflictManagerTypeValue

[ System Events ]

Error - 12/17/2011 11:51:13 AM | Computer Name = JUSTIN-743CC739 | Source = Service Control Manager | ID = 7031

Description = The Windows Media Player Network Sharing Service service terminated

unexpectedly. It has done this 1 time(s). The following corrective action will

be taken in 30000 milliseconds: Restart the service.

Error - 12/17/2011 11:52:24 AM | Computer Name = JUSTIN-743CC739 | Source = Service Control Manager | ID = 7031

Description = The Windows Media Player Network Sharing Service service terminated

unexpectedly. It has done this 1 time(s). The following corrective action will

be taken in 30000 milliseconds: Restart the service.

Error - 12/17/2011 11:59:11 AM | Computer Name = JUSTIN-743CC739 | Source = Service Control Manager | ID = 7031

Description = The Windows Media Player Network Sharing Service service terminated

unexpectedly. It has done this 1 time(s). The following corrective action will

be taken in 30000 milliseconds: Restart the service.

Error - 12/17/2011 12:00:13 PM | Computer Name = JUSTIN-743CC739 | Source = Service Control Manager | ID = 7031

Description = The Windows Media Player Network Sharing Service service terminated

unexpectedly. It has done this 1 time(s). The following corrective action will

be taken in 30000 milliseconds: Restart the service.

Error - 12/17/2011 11:08:35 AM | Computer Name = JUSTIN-743CC739 | Source = Dhcp | ID = 1002

Description = The IP address lease 192.168.1.16 for the Network Card with network

address 0016CE3EAC1E has been denied by the DHCP server 0.0.0.0 (The DHCP Server

sent a DHCPNACK message).

Error - 12/17/2011 11:08:16 AM | Computer Name = JUSTIN-743CC739 | Source = Service Control Manager | ID = 7000

Description = The npkcrypt service failed to start due to the following error: %%2

Error - 12/17/2011 11:08:16 AM | Computer Name = JUSTIN-743CC739 | Source = Service Control Manager | ID = 7000

Description = The npkcrypt service failed to start due to the following error: %%2

Error - 12/17/2011 11:08:22 AM | Computer Name = JUSTIN-743CC739 | Source = Service Control Manager | ID = 7000

Description = The npkcrypt service failed to start due to the following error: %%2

Error - 12/17/2011 11:08:13 AM | Computer Name = JUSTIN-743CC739 | Source = Service Control Manager | ID = 7000

Description = The npkcrypt service failed to start due to the following error: %%2

Error - 12/17/2011 11:08:09 AM | Computer Name = JUSTIN-743CC739 | Source = Service Control Manager | ID = 7000

Description = The npkcrypt service failed to start due to the following error: %%2

< End of report >

Link to post
Share on other sites

Unless this is a persistent problem there really is little we can do about it. Try to find a common cause (for example a certain device plugged in or a certain program running).

Your version of Java is out of date. Older versions have vulnerabilities that malicious sites can use to exploit and infect your system.

  • Download the latest version of Java Runtime Environment (JRE) Version 7u2.
  • Look for "JDK 7u2 (JDK or JRE).
  • Click the "Download JRE" button at the right.
  • Read the License Agreement, and then check the box that says: "Accept License Agreement".
    • Select "Windows x86 Offline" and click on jre-7-windows-i586.exe

    [*]Save it to your desktop

    [*]Close any programs you may have running - especially your web browser.

    [*]Uninstall all older versions of Java (any item with Java Runtime Environment, JRE or J2SE in the name).

    [*]Reboot your computer once all Java components are removed.

    [*]Install the newest version by double clicking (run as Administrator for Windows Vista/Seven) the downloaded file.

ESET ONLINE SCANNER

----------------------------

I'd like us to scan your machine with ESET OnlineScan

  1. Hold down Control and click on this link to open ESET OnlineScan in a new window.
  2. Click the esetonlinebtn.png button.
  3. For alternate browsers only: (Microsoft Internet Explorer users can skip these steps)

    1. Click on esetsmartinstaller_enu.exe to download the ESET Smart Installer. Save it to your desktop.
    2. Double click on the esetsmartinstaller_enu.png
      icon on your desktop.

    3. Check "YES, I accept the Terms of Use."
    4. Click the Start button.
    5. Accept any security warnings from your browser.
    6. Under scan settings, check "Scan Archives" and "Remove found threats"
    7. Click Advanced settings and select the following:
      • Scan potentially unwanted applications
      • Scan for potentially unsafe applications
      • Enable Anti-Stealth technology

[*]ESET will then download updates for itself, install itself, and begin scanning your computer. Please be patient as this can take some time.

[*]When the scan completes, click List Threats

[*]Click Export, and save the file to your desktop using a unique name, such as ESETScan. Include the contents of this report in your next reply.

[*]Click the Back button.

[*]Click the Finish button.

Link to post
Share on other sites

  • 1 month later...
  • Staff

Due to the lack of feedback this topic is closed to prevent others from posting here. If you need this topic reopened, please send a Private Message to any one of the moderating team members. Please include a link to this thread with your request. This applies only to the originator of this thread.

Other members who need assistance please start your own topic in a new thread. Thanks!

Link to post
Share on other sites

Guest
This topic is now closed to further replies.
  • Recently Browsing   0 members

    • No registered users viewing this page.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.