PDA

View Full Version : Smitfraud-C.gp virus...please help!



ellybug
2011-09-22, 03:36
• I have run Spybot in both normal and safe networking mode. It appears to remove the problem, but when I run Spybot S&D again, the virus again appears.
• I have run malwarebytes in both normal and safe networking mode. It does not remove the problem.
• I have restored the computer to a restore point on 8/21/11. This did not remove the problem. I have not deleted any restore points.
• I have also run AVG antivirus which does not even find the virus.

Below is the S&D results and the DDS file. I appreciate your help!

Spybut S&D log:
Smitfraud-C.gp: [SBI $8E7F06B8] Executable (File, fixed)
C:\Windows\svchost.exe
Properties.size=20480
Properties.md5=2662DBEAD02082F1AB671E550B56E920
Properties.filedate=1255125374
Properties.filedatetext=2009-10-09 16:56:13


--- Spybot - Search & Destroy version: 1.6.2 (build: 20090126) ---

2009-01-26 blindman.exe (1.0.0.8)
2009-01-26 SDFiles.exe (1.6.1.7)
2009-01-26 SDMain.exe (1.0.0.6)
2009-01-26 SDShred.exe (1.0.2.5)
2009-01-26 SDUpdate.exe (1.6.0.12)
2009-01-26 SDWinSec.exe (1.0.0.12)
2009-01-26 SpybotSD.exe (1.6.2.46)
2009-03-05 TeaTimer.exe (1.6.6.32)
2009-09-19 unins000.exe (51.49.0.0)
2009-01-26 Update.exe (1.6.0.7)
2009-11-04 advcheck.dll (1.6.5.20)
2007-04-02 aports.dll (2.1.0.0)
2008-06-14 DelZip179.dll (1.79.11.1)
2009-01-26 SDHelper.dll (1.6.2.14)
2008-06-19 sqlite3.dll
2009-01-26 Tools.dll (2.1.6.10)
2009-01-16 UninsSrv.dll (1.0.0.0)
2011-03-18 Includes\Adware.sbi (*)
2011-08-29 Includes\AdwareC.sbi (*)
2010-08-13 Includes\Cookies.sbi (*)
2010-12-14 Includes\Dialer.sbi (*)
2011-03-08 Includes\DialerC.sbi (*)
2011-02-24 Includes\HeavyDuty.sbi (*)
2011-03-29 Includes\Hijackers.sbi (*)
2011-05-16 Includes\HijackersC.sbi (*)
2010-09-15 Includes\iPhone.sbi (*)
2010-12-14 Includes\Keyloggers.sbi (*)
2011-03-08 Includes\KeyloggersC.sbi (*)
2004-11-29 Includes\LSP.sbi (*)
2011-09-13 Includes\Malware.sbi (*)
2011-09-20 Includes\MalwareC.sbi (*)
2011-02-24 Includes\PUPS.sbi (*)
2011-05-24 Includes\PUPSC.sbi (*)
2010-01-25 Includes\Revision.sbi (*)
2011-02-24 Includes\Security.sbi (*)
2011-05-03 Includes\SecurityC.sbi (*)
2008-06-03 Includes\Spybots.sbi (*)
2008-06-03 Includes\SpybotsC.sbi (*)
2011-02-24 Includes\Spyware.sbi (*)
2011-06-14 Includes\SpywareC.sbi (*)
2010-03-08 Includes\Tracks.uti
2011-09-13 Includes\Trojans.sbi (*)
2011-09-19 Includes\TrojansC-02.sbi (*)
2011-09-20 Includes\TrojansC-03.sbi (*)
2011-09-20 Includes\TrojansC-04.sbi (*)
2011-09-13 Includes\TrojansC-05.sbi (*)
2011-09-20 Includes\TrojansC.sbi (*)
2008-03-04 Plugins\Chai.dll
2008-03-05 Plugins\Fennel.dll
2008-02-26 Plugins\Mate.dll
2007-12-24 Plugins\TCPIPAddress.dll

DDS file:
.
DDS (Ver_2011-08-26.01) - NTFSAMD64
Internet Explorer: 7.0.6002.18005 BrowserJavaVersion: 1.6.0_18
Run by elly at 18:33:33 on 2011-09-21
Microsoft® Windows Vista™ Home Premium 6.0.6002.2.1252.1.1033.18.4054.2172 [GMT -5:00]
.
AV: AVG Anti-Virus Free *Enabled/Updated* {0C939084-9E57-CBDB-EA61-0B0C7F62AF82}
SP: AVG Anti-Virus Free *Enabled/Updated* {B7F27160-B86D-C455-D0D1-307E04E5E53F}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
============== Running Processes ===============
.
C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k rpcss
C:\Windows\System32\svchost.exe -k secsvcs
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\System32\DriverStore\FileRepository\stwrt64.inf_cce24a4c\STacSV64.exe
-netsvcs
C:\Windows\system32\SLsvc.exe
C:\Windows\system32\svchost.exe -k LocalService
C:\Program Files\Dell\DellDock\DockLogin.exe
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Windows\System32\DriverStore\FileRepository\stwrt64.inf_cce24a4c\AESTSr64.exe
C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\PROGRA~2\AVG\AVG8\avgwdsvc.exe
C:\Program Files (x86)\Microsoft\BingBar\SeaPort.EXE
C:\Program Files (x86)\Bonjour\mDNSResponder.exe
C:\Windows\system32\dlbccoms.exe
c:\ProgramData\SingleClick Systems\Advanced Networking Service\hnm_svc.exe
C:\PROGRA~2\AVG\AVG8\avgrsa.exe
C:\PROGRA~2\AVG\AVG8\avgnsa.exe
C:\Windows\SysWOW64\PGPserv.exe
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Windows\system32\svchost.exe -k imgsvc
C:\Program Files (x86)\Tether\TBService.exe
C:\Windows\System32\svchost.exe -k WerSvcGroup
C:\Windows\system32\SearchIndexer.exe
C:\PROGRA~2\AVG\AVG8\avgemc.exe
C:\Program Files (x86)\Spybot - Search & Destroy\SDWinSec.exe
C:\Program Files (x86)\AVG\AVG8\avgcsrvx.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\system32\taskeng.exe
C:\Windows\system32\Dwm.exe
C:\Windows\system32\taskeng.exe
C:\Windows\Explorer.EXE
C:\Program Files\Windows Defender\MSASCui.exe
C:\Program Files\DellTPad\Apoint.exe
C:\Program Files (x86)\Dell DataSafe Online\DataSafeOnline.exe
C:\Windows\WindowsMobile\wmdc.exe
C:\Program Files\Zune\ZuneLauncher.exe
C:\Program Files\IDT\WDM\sttray64.exe
C:\Windows\System32\igfxtray.exe
C:\Windows\System32\hkcmd.exe
C:\Windows\System32\igfxpers.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Program Files (x86)\Spybot - Search & Destroy\TeaTimer.exe
C:\Windows\ehome\ehtray.exe
C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
C:\Program Files (x86)\Dell Webcam\Dell Webcam Central\WebcamDell.exe
C:\Program Files (x86)\Dell Remote Access\ezi_ra.exe
C:\Program Files (x86)\AVG\AVG8\avgtray.exe
C:\Program Files (x86)\iTunes\iTunesHelper.exe
C:\Program Files (x86)\Brother\Brmfcmon\BrMfcWnd.exe
C:\Program Files (x86)\Epson Software\FAX Utility\FUFAXSTM.exe
C:\Windows\system32\igfxsrvc.exe
C:\Program Files (x86)\Brother\Brmfcmon\BrMfimon.exe
C:\Program Files\DellTPad\ApMsgFwd.exe
C:\Program Files (x86)\PGP Corporation\PGP Desktop\PGPtray.exe
C:\Windows\ehome\ehmsas.exe
C:\Program Files (x86)\Brother\ControlCenter3\brccMCtl.exe
C:\Program Files\Dell\QuickSet\quickset.exe
C:\Program Files (x86)\Brother\Brmfcmon\BrMfcmon.exe
C:\Program Files (x86)\Microsoft Office\Office12\ONENOTEM.EXE
C:\Windows\system32\svchost.exe -k WindowsMobile
C:\Program Files\DellTPad\HidFind.exe
C:\Program Files\DellTPad\Apntex.exe
C:\Program Files (x86)\PGP Corporation\PGP Desktop\PGPcbt64.exe
C:\Program Files (x86)\iPod\bin\iPodService.exe
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Program Files (x86)\Virgin Mobile\Virgin Mobile.exe
C:\Windows\system32\WUDFHost.exe
C:\Windows\system32\wuauclt.exe
C:\Windows\System32\mobsync.exe
C:\Program Files (x86)\Common Files\Java\Java Update\jucheck.exe
C:\Windows\system32\taskeng.exe
C:\Windows\SysWOW64\NOTEPAD.EXE
C:\Program Files (x86)\ERUNT\ERUNT.EXE
C:\Program Files (x86)\Mozilla Firefox\firefox.exe
C:\Windows\system32\SearchProtocolHost.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Windows\SysWOW64\cmd.exe
C:\Windows\SysWOW64\cscript.exe
C:\Windows\system32\wbem\wmiprvse.exe
.
============== Pseudo HJT Report ===============
.
uSearch Page = hxxp://www.google.com
uStart Page = hxxp://www.google.com.au/
uWindow Title = Internet Explorer provided by Dell
uSearch Bar = hxxp://www.google.com/ie
uDefault_Search_URL = hxxp://www.google.com/ie
uSearchAssistant = hxxp://www.google.com/ie
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
uURLSearchHooks: AVG Security Toolbar BHO: {a3bc75a2-1f87-4686-aa43-5347d756017c} - C:\Program Files (x86)\AVG\AVG8\Toolbar\IEToolbar.dll
mURLSearchHooks: AVG Security Toolbar BHO: {a3bc75a2-1f87-4686-aa43-5347d756017c} - C:\Program Files (x86)\AVG\AVG8\Toolbar\IEToolbar.dll
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
BHO: Spybot-S&D IE Protection: {53707962-6f74-2d53-2644-206d7942484f} - C:\Program Files (x86)\Spybot - Search & Destroy\SDHelper.dll
BHO: {5C255C8A-E604-49b4-9D64-90988571CECB} - No File
BHO: Windows Live Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
BHO: AVG Security Toolbar BHO: {a3bc75a2-1f87-4686-aa43-5347d756017c} - C:\Program Files (x86)\AVG\AVG8\Toolbar\IEToolbar.dll
BHO: Skype Browser Helper: {ae805869-2e5c-4ed4-8f7b-f1f7851a4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
BHO: Bing Bar Helper: {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - "C:\Program Files (x86)\Microsoft\BingBar\BingExt.dll"
BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
TB: AVG Security Toolbar: {ccc7a320-b3ca-4199-b1a6-9f516dd69829} - C:\Program Files (x86)\AVG\AVG8\Toolbar\IEToolbar.dll
TB: Bing Bar: {8dcb7100-df86-4384-8842-8fa844297b3f} - "C:\Program Files (x86)\Microsoft\BingBar\BingExt.dll"
TB: {21FA44EF-376D-4D53-9B0F-8A89D3229068} - No File
uRun: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
uRun: [SpybotSD TeaTimer] C:\Program Files (x86)\Spybot - Search & Destroy\TeaTimer.exe
uRun: [ehTray.exe] C:\Windows\ehome\ehTray.exe
uRunOnce: [FlashPlayerUpdate] C:\Windows\SysWOW64\Macromed\Flash\FlashUtil10u_Plugin.exe -update plugin
mRun: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
mRun: [Dell Webcam Central] "C:\Program Files (x86)\Dell Webcam\Dell Webcam Central\WebcamDell.exe" /mode2
mRun: [AVG8_TRAY] C:\PROGRA~2\AVG\AVG8\avgtray.exe
mRun: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe"
mRun: [BrMfcWnd] "C:\Program Files (x86)\Brother\Brmfcmon\BrMfcWnd.exe" /AUTORUN
mRun: [ControlCenter3] "C:\Program Files (x86)\Brother\ControlCenter3\brctrcen.exe" /autorun
mRun: [Adobe Reader Speed Launcher] "C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe"
mRun: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
mRun: [FUFAXSTM] "C:\Program Files (x86)\Epson Software\FAX Utility\FUFAXSTM.exe"
StartupFolder: C:\Users\elly\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\ERUNTA~1.LNK - C:\Program Files (x86)\ERUNT\AUTOBACK.EXE
StartupFolder: C:\Users\elly\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\ONENOT~1.LNK - C:\Program Files (x86)\Microsoft Office\Office12\ONENOTEM.EXE
StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\DELLRE~1.LNK - c:\Windows\Installer\{F66A31D9-7831-4FBA-BA02-C411C0047CC5}\NewShortcut10_F66A31D978314FBABA02C411C0047CC5.exe
StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\PGPTRA~1.LNK - C:\Windows\Installer\{217C5C5A-37CA-4CB5-BE1D-9694832F9DAA}\Icon6560581611.exe
StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\QuickSet.lnk - C:\Program Files (x86)\Dell\QuickSet\quickset.exe
mPolicies-explorer: NoActiveDesktop = 1 (0x1)
mPolicies-explorer: BindDirectlyToPropertySetStorage = 0 (0x0)
mPolicies-system: EnableLUA = 0 (0x0)
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
IE: Add to Google Photos Screensa&ver - C:\Windows\system32\GPhotos.scr/200
IE: E&xport to Microsoft Excel - C:\PROGRA~2\MICROS~2\Office12\EXCEL.EXE/3000
IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\PROGRA~2\MICROS~2\Office12\ONBttnIE.dll
IE: {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - {2EAF5BB0-070F-11D3-9307-00C04FAE2D4F} - C:\Windows\WindowsMobile\INetRepl.dll
IE: {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - {2EAF5BB0-070F-11D3-9307-00C04FAE2D4F} - C:\Windows\WindowsMobile\INetRepl.dll
IE: {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - C:\PROGRA~2\MICROS~2\Office12\REFIEBAR.DLL
IE: {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files (x86)\Spybot - Search & Destroy\SDHelper.dll
LSP: C:\Windows\system32\PGPlsp.dll
Trusted Zone: holmstrom-kennedy.com\mail
Trusted Zone: holmstromlaw.com\mail
DPF: {0CCA191D-13A6-4E29-B746-314DEE697D83} - hxxp://upload.facebook.com/controls/2008.10.10_v5.5.8/FacebookPhotoUploader5.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_18-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0018-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_18-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_18-windows-i586.cab
DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
TCP: DhcpNameServer = 123.200.191.17 123.200.191.18
TCP: Interfaces\{109C7D44-82B0-442E-8D4D-07E4630241BE} : DhcpNameServer = 68.87.72.134 68.87.77.134
TCP: Interfaces\{8DE78221-CCE5-4DBA-8975-D9A6CEE7674A} : NameServer = 208.67.222.222,208.67.220.220
TCP: Interfaces\{C022DFBB-F863-4329-82BE-0A9A91BB1504} : DhcpNameServer = 123.200.191.17 123.200.191.18
TCP: Interfaces\{C17D05BC-7BC3-41E2-992E-DF06E0B95A79} : DhcpNameServer = 123.200.191.17 123.200.191.18
TCP: Interfaces\{EB7C840C-1072-464B-8CD7-4A43027A9D3E} : DhcpNameServer = 68.87.72.134 68.87.77.134
Handler: avgsecuritytoolbar - {F2DDE6B2-9684-4A55-86D4-E255E237B77C} - C:\Program Files (x86)\AVG\AVG8\Toolbar\IEToolbar.dll
Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
AppInit_DLLs: PGPmapih.dll
LSA: Notification Packages = scecli PGPpwflt
BHO-X64: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
BHO-X64: AcroIEHelperStub - No File
BHO-X64: Spybot-S&D IE Protection: {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files (x86)\Spybot - Search & Destroy\SDHelper.dll
BHO-X64: {5C255C8A-E604-49b4-9D64-90988571CECB} - No File
BHO-X64: Windows Live Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
BHO-X64: AVG Security Toolbar BHO: {A3BC75A2-1F87-4686-AA43-5347D756017C} - C:\Program Files (x86)\AVG\AVG8\Toolbar\IEToolbar.dll
BHO-X64: Skype Browser Helper: {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
BHO-X64: SkypeIEPluginBHO - No File
BHO-X64: Bing Bar Helper: {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - "C:\Program Files (x86)\Microsoft\BingBar\BingExt.dll"
BHO-X64: Java(tm) Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
TB-X64: AVG Security Toolbar: {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - C:\Program Files (x86)\AVG\AVG8\Toolbar\IEToolbar.dll
TB-X64: Bing Bar: {8dcb7100-df86-4384-8842-8fa844297b3f} - "C:\Program Files (x86)\Microsoft\BingBar\BingExt.dll"
TB-X64: {21FA44EF-376D-4D53-9B0F-8A89D3229068} - No File
mRun-x64: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
mRun-x64: [Dell Webcam Central] "C:\Program Files (x86)\Dell Webcam\Dell Webcam Central\WebcamDell.exe" /mode2
mRun-x64: [AVG8_TRAY] C:\PROGRA~2\AVG\AVG8\avgtray.exe
mRun-x64: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe"
mRun-x64: [BrMfcWnd] "C:\Program Files (x86)\Brother\Brmfcmon\BrMfcWnd.exe" /AUTORUN
mRun-x64: [ControlCenter3] "C:\Program Files (x86)\Brother\ControlCenter3\brctrcen.exe" /autorun
mRun-x64: [Adobe Reader Speed Launcher] "C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe"
mRun-x64: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
mRun-x64: [FUFAXSTM] "C:\Program Files (x86)\Epson Software\FAX Utility\FUFAXSTM.exe"
AppInit_DLLs-X64: PGPmapih.dll
.
================= FIREFOX ===================
.
FF - ProfilePath - C:\Users\elly\AppData\Roaming\Mozilla\Firefox\Profiles\78enpq9v.default\
FF - prefs.js: browser.startup.homepage - hxxps://encrypted.google.com
FF - prefs.js: keyword.URL - hxxp://search.avg.com/route/?d=4cc82f7b&v=6.103.018.001&i=29&tp=ab&iy=&ychte=us&lng=en-US&q=
FF - plugin: C:\Program Files (x86)\Adobe\Reader 9.0\Reader\AIR\nppdf32.dll
FF - plugin: C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll
FF - plugin: C:\Program Files (x86)\Google\Picasa3\npPicasa3.dll
FF - plugin: C:\Program Files (x86)\Google\Update\1.3.21.65\npGoogleUpdate3.dll
FF - plugin: c:\Program Files (x86)\Microsoft Silverlight\4.0.60531.0\npctrlui.dll
FF - plugin: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll
FF - plugin: C:\Users\elly\AppData\Roaming\Move Networks\plugins\npqmp071505000011.dll
FF - plugin: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32.dll
.
---- FIREFOX POLICIES ----
FF - user.js: network.cookie.cookieBehavior - 0
FF - user.js: privacy.clearOnShutdown.cookies - false
FF - user.js: security.warn_viewing_mixed - false
FF - user.js: security.warn_viewing_mixed.show_once - false
FF - user.js: security.warn_submit_insecure - false
FF - user.js: security.warn_submit_insecure.show_once - false
.
============= SERVICES / DRIVERS ===============
.
R0 pgpfs;PGP File Sharing;C:\Windows\system32\Drivers\PGPfsfd.sys --> C:\Windows\system32\Drivers\PGPfsfd.sys [?]
R0 Pgpwdefs;Pgpwdefs;C:\Windows\system32\DRIVERS\Pgpwdefs.sys --> C:\Windows\system32\DRIVERS\Pgpwdefs.sys [?]
R0 PxHlpa64;PxHlpa64;C:\Windows\system32\Drivers\PxHlpa64.sys --> C:\Windows\system32\Drivers\PxHlpa64.sys [?]
R1 AvgLdx64;AVG Free AVI Loader Driver x64;C:\Windows\system32\Drivers\avgldx64.sys --> C:\Windows\system32\Drivers\avgldx64.sys [?]
R1 AvgMfx64;AVG Free On-access Scanner Minifilter Driver x64;C:\Windows\system32\Drivers\avgmfx64.sys --> C:\Windows\system32\Drivers\avgmfx64.sys [?]
R1 AvgTdiA;AVG Free8 Network Redirector x64;C:\Windows\system32\Drivers\avgtdia.sys --> C:\Windows\system32\Drivers\avgtdia.sys [?]
R2 AESTFilters;Andrea ST Filters Service;C:\Windows\System32\DriverStore\FileRepository\stwrt64.inf_cce24a4c\AESTSr64.exe --> C:\Windows\System32\DriverStore\FileRepository\stwrt64.inf_cce24a4c\AESTSr64.exe [?]
R2 avg8emc;AVG Free8 E-mail Scanner;C:\PROGRA~2\AVG\AVG8\avgemc.exe [2009-8-23 908056]
R2 avg8wd;AVG Free8 WatchDog;C:\PROGRA~2\AVG\AVG8\avgwdsvc.exe [2009-8-23 297752]
R2 BBUpdate;BBUpdate;C:\Program Files (x86)\Microsoft\BingBar\SeaPort.EXE [2011-6-15 249648]
R2 dlbc_device;dlbc_device;C:\Windows\system32\dlbccoms.exe -service --> C:\Windows\system32\dlbccoms.exe -service [?]
R2 DockLoginService;Dock Login Service;C:\Program Files\Dell\DellDock\DockLogin.exe [2008-9-23 155648]
R2 FontCache;Windows Font Cache Service;C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation [2008-1-20 21504]
R2 SBSDWSCService;SBSD Security Center Service;C:\Program Files (x86)\Spybot - Search & Destroy\SDWinSec.exe [2009-9-19 1153368]
R2 Tether;Tether;C:\Program Files (x86)\Tether\TBService.exe [2010-5-21 49080]
R3 ewusbnet;HUAWEI USB-NDIS miniport;C:\Windows\system32\DRIVERS\ewusbnet.sys --> C:\Windows\system32\DRIVERS\ewusbnet.sys [?]
R3 IntcHdmiAddService;Intel(R) High Definition Audio HDMI;C:\Windows\system32\drivers\IntcHdmi.sys --> C:\Windows\system32\drivers\IntcHdmi.sys [?]
R3 itecir;ITECIR Infrared Receiver;C:\Windows\system32\DRIVERS\itecir.sys --> C:\Windows\system32\DRIVERS\itecir.sys [?]
R3 k57nd60a;Broadcom NetLink (TM) Gigabit Ethernet - NDIS 6.0;C:\Windows\system32\DRIVERS\k57nd60a.sys --> C:\Windows\system32\DRIVERS\k57nd60a.sys [?]
R3 NETw5v64;Intel(R) Wireless WiFi Link Adapter Driver for Windows Vista 64 Bit ;C:\Windows\system32\DRIVERS\NETw5v64.sys --> C:\Windows\system32\DRIVERS\NETw5v64.sys [?]
R3 OA001Ufd;Creative Camera OA001 Upper Filter Driver;C:\Windows\system32\DRIVERS\OA001Ufd.sys --> C:\Windows\system32\DRIVERS\OA001Ufd.sys [?]
R3 OA001Vid;Creative Camera OA001 Function Driver;C:\Windows\system32\DRIVERS\OA001Vid.sys --> C:\Windows\system32\DRIVERS\OA001Vid.sys [?]
R3 swivsp;AC8xx Virtual Serial Port;C:\Windows\system32\DRIVERS\swivspnt.sys --> C:\Windows\system32\DRIVERS\swivspnt.sys [?]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576]
S2 gupdate;Google Update Service (gupdate);C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2009-12-2 135664]
S3 AVG Security Toolbar Service;AVG Security Toolbar Service;C:\Program Files (x86)\AVG\AVG8\Toolbar\ToolbarBroker.exe [2010-10-27 947528]
S3 BBSvc;Bing Bar Update Service;C:\Program Files (x86)\Microsoft\BingBar\BBSvc.EXE [2011-7-7 195336]
S3 gupdatem;Google Update Service (gupdatem);C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2009-12-2 135664]
S3 HtcUsbMdmV64;HTC Proprietary USB Driver (PID 0B03);C:\Windows\system32\DRIVERS\HtcUsbMdmV64.sys --> C:\Windows\system32\DRIVERS\HtcUsbMdmV64.sys [?]
S3 HtcVCom32;HTC Diagnostic Port (PID 0B03);C:\Windows\system32\DRIVERS\HtcVComV64.sys --> C:\Windows\system32\DRIVERS\HtcVComV64.sys [?]
S3 PerfHost;Performance Counter DLL Host;C:\Windows\SysWOW64\perfhost.exe [2008-1-20 19968]
S3 qrkis;Tether Miniport;C:\Windows\system32\DRIVERS\qrkis.sys --> C:\Windows\system32\DRIVERS\qrkis.sys [?]
S3 USBAAPL64;Apple Mobile USB Driver;C:\Windows\system32\Drivers\usbaapl64.sys --> C:\Windows\system32\Drivers\usbaapl64.sys [?]
S3 WMZuneComm;Zune Windows Mobile Connectivity Service;C:\Program Files\Zune\WMZuneComm.exe [2010-11-11 306416]
S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\WPF\WPFFontCache_v0400.exe [2010-3-18 1020768]
S4 clr_optimization_v2.0.50727_64;Microsoft .NET Framework NGEN v2.0.50727_X64;C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe [2009-12-3 89920]
.
=============== Created Last 30 ================
.
2011-09-21 22:54:42 388096 ----a-r- C:\Users\elly\AppData\Roaming\Microsoft\Installer\{45A66726-69BC-466B-A7A4-12FCBA4883D7}\HiJackThis.exe
2011-09-21 22:54:39 -------- d-----w- C:\Program Files (x86)\Trend Micro
2011-09-20 07:16:23 8862544 ----a-w- C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{CCEAEA53-5778-4F84-A20F-727903731F70}\mpengine.dll
2011-09-14 22:49:51 2409784 ----a-w- C:\Program Files\Windows Mail\OESpamFilter.dat
2011-09-14 22:49:51 2409784 ----a-w- C:\Program Files (x86)\Windows Mail\OESpamFilter.dat
2011-09-14 22:40:12 8862544 ----a-w- C:\ProgramData\Microsoft\Windows Defender\Definition Updates\Backup\mpengine.dll
2011-09-14 22:39:59 270720 ------w- C:\Windows\System32\MpSigStub.exe
2011-08-31 22:38:53 20480 ----a-w- C:\Windows\svchost.exe
2011-08-31 22:34:02 0 ----a-w- C:\Users\elly\AppData\Local\Avuhuxo.bin
2011-08-31 22:34:00 -------- d-----w- C:\Users\elly\AppData\Local\{48D27BF9-A4F3-4C06-9784-5791B6E6E9C3}
2011-08-24 08:22:24 2048 ----a-w- C:\Windows\SysWow64\tzres.dll
2011-08-24 08:22:24 2048 ----a-w- C:\Windows\System32\tzres.dll
2011-08-24 01:31:02 80024 ----a-w- C:\Windows\SysWow64\PICSDK.dll
2011-08-24 01:31:02 51360 ----a-w- C:\Windows\SysWow64\EpPicPrt.dll
2011-08-24 01:31:02 51360 ----a-w- C:\Windows\SysWow64\EpPicMgr.dll
2011-08-24 01:31:02 501912 ----a-w- C:\Windows\SysWow64\PICSDK2.dll
2011-08-24 01:31:02 108704 ----a-w- C:\Windows\SysWow64\PICEntry.dll
2011-08-24 01:29:12 118784 ----a-w- C:\Windows\System32\E_ILMGXA.DLL
2011-08-24 01:29:09 88064 ----a-w- C:\Windows\System32\E_IBCBGXA.DLL
2011-08-24 01:28:56 -------- d-----w- C:\ProgramData\EPSON
2011-08-24 01:27:56 -------- d-----w- C:\Program Files (x86)\Epson Software
2011-08-24 01:24:33 -------- d-----w- C:\Program Files (x86)\epson
.
==================== Find3M ====================
.
2011-08-31 22:00:50 25416 ----a-w- C:\Windows\System32\drivers\mbam.sys
2011-08-02 04:53:43 404640 ----a-w- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
2011-07-22 14:10:31 1383424 ----a-w- C:\Windows\System32\mshtml.tlb
2011-07-22 13:54:40 1383424 ----a-w- C:\Windows\SysWow64\mshtml.tlb
2011-07-06 15:49:23 275456 ----a-w- C:\Windows\System32\drivers\mrxsmb10.sys
.
============= FINISH: 18:34:44.16 ===============

Blade81
2011-09-28, 07:46
Hi,

Download GMER (http://www.gmer.net) here by clicking download exe -button and then saving it your desktop:
Double-click .exe that you downloaded
Click rootkit-tab, uncheck files option and then click scan.
Don't check
Show All
box while scanning in progress!
When scanning is ready, click Copy.
This copies log to clipboard
Post log (if the log is long, archive it into a zip file and attach instead of posting) in your reply. Post fresh dds.txt log too.

ellybug
2011-09-28, 11:56
Hi - Thanks so much for responding! I can't thank you enough for your willingness to help.

I downloaded GMER and followed the instructions you gave. At the end of the scan, it gives me a message that "GMER hasn't found any system modifications" and an OK button. Nothing appears in the box where I presume the log would be. What next? I did notice that along the righthand side where I unclicked "files" the only boxes that were checked were services and registry. Is this all that's supposed to be checked? It did not allow me to check any of the other boxes.

Blade81
2011-09-28, 11:59
Hi,

That's ok. Please post fresh dds.txt log contents.

ellybug
2011-09-28, 12:09
.
DDS (Ver_2011-08-26.01) - NTFSAMD64
Internet Explorer: 7.0.6002.18005 BrowserJavaVersion: 1.6.0_18
Run by elly at 4:06:32 on 2011-09-28
Microsoft® Windows Vista™ Home Premium 6.0.6002.2.1252.1.1033.18.4054.1434 [GMT -5:00]
.
AV: AVG Anti-Virus Free *Enabled/Updated* {0C939084-9E57-CBDB-EA61-0B0C7F62AF82}
SP: AVG Anti-Virus Free *Enabled/Updated* {B7F27160-B86D-C455-D0D1-307E04E5E53F}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
============== Running Processes ===============
.
C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k rpcss
C:\Windows\System32\svchost.exe -k secsvcs
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
-netsvcs
C:\Windows\System32\DriverStore\FileRepository\stwrt64.inf_cce24a4c\STacSV64.exe
C:\Windows\system32\SLsvc.exe
C:\Windows\system32\svchost.exe -k LocalService
C:\Program Files\Dell\DellDock\DockLogin.exe
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Windows\System32\DriverStore\FileRepository\stwrt64.inf_cce24a4c\AESTSr64.exe
C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\PROGRA~2\AVG\AVG8\avgwdsvc.exe
C:\Program Files (x86)\Microsoft\BingBar\SeaPort.EXE
C:\Program Files (x86)\Bonjour\mDNSResponder.exe
C:\Windows\system32\dlbccoms.exe
c:\ProgramData\SingleClick Systems\Advanced Networking Service\hnm_svc.exe
C:\PROGRA~2\AVG\AVG8\avgrsa.exe
C:\Windows\SysWOW64\PGPserv.exe
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Windows\system32\svchost.exe -k imgsvc
C:\Program Files (x86)\Tether\TBService.exe
C:\Windows\System32\svchost.exe -k WerSvcGroup
C:\Windows\system32\SearchIndexer.exe
C:\PROGRA~2\AVG\AVG8\avgemc.exe
C:\Program Files (x86)\Spybot - Search & Destroy\SDWinSec.exe
C:\Program Files (x86)\AVG\AVG8\avgcsrvx.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\system32\Dwm.exe
C:\Windows\system32\taskeng.exe
C:\Windows\Explorer.EXE
C:\Program Files\Windows Defender\MSASCui.exe
C:\Program Files\DellTPad\Apoint.exe
C:\Program Files (x86)\Dell DataSafe Online\DataSafeOnline.exe
C:\Windows\WindowsMobile\wmdc.exe
C:\Program Files\Zune\ZuneLauncher.exe
C:\Program Files\IDT\WDM\sttray64.exe
C:\Windows\System32\igfxtray.exe
C:\Windows\System32\hkcmd.exe
C:\Windows\System32\igfxpers.exe
C:\Windows\system32\igfxsrvc.exe
C:\Program Files (x86)\Spybot - Search & Destroy\TeaTimer.exe
C:\Windows\ehome\ehtray.exe
C:\Program Files (x86)\Dell Remote Access\ezi_ra.exe
C:\Program Files (x86)\PGP Corporation\PGP Desktop\PGPtray.exe
C:\Program Files\Dell\QuickSet\quickset.exe
C:\Program Files (x86)\Microsoft Office\Office12\ONENOTEM.EXE
C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
C:\Program Files (x86)\Dell Webcam\Dell Webcam Central\WebcamDell.exe
C:\Program Files (x86)\AVG\AVG8\avgtray.exe
C:\Program Files (x86)\iTunes\iTunesHelper.exe
C:\Program Files (x86)\Brother\Brmfcmon\BrMfcWnd.exe
C:\Program Files (x86)\Epson Software\FAX Utility\FUFAXSTM.exe
C:\Program Files (x86)\Brother\ControlCenter3\brccMCtl.exe
C:\Program Files (x86)\Brother\Brmfcmon\BrMfimon.exe
C:\Program Files (x86)\Brother\Brmfcmon\BrMfcmon.exe
C:\Program Files (x86)\PGP Corporation\PGP Desktop\PGPcbt64.exe
C:\Windows\ehome\ehmsas.exe
C:\Program Files (x86)\iPod\bin\iPodService.exe
C:\Windows\system32\svchost.exe -k WindowsMobile
C:\Program Files\DellTPad\ApMsgFwd.exe
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Program Files\DellTPad\HidFind.exe
C:\Program Files\DellTPad\Apntex.exe
C:\Program Files (x86)\Virgin Mobile\Virgin Mobile.exe
C:\Program Files (x86)\Common Files\Java\Java Update\jucheck.exe
C:\Windows\splwow64.exe
-netsvcs
C:\PROGRA~2\AVG\AVG8\avgnsa.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Windows\system32\WUDFHost.exe
C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe
C:\Program Files (x86)\Skype\Phone\Skype.exe
C:\Windows\system32\taskeng.exe
C:\Windows\system32\wuauclt.exe
C:\Program Files (x86)\Mozilla Firefox\firefox.exe
C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe
C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe
C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe
C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe
C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe
C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe
C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe
C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe
C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe
C:\Windows\system32\SearchProtocolHost.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Windows\system32\DllHost.exe
C:\Windows\system32\DllHost.exe
C:\Windows\SysWOW64\cmd.exe
C:\Windows\SysWOW64\cscript.exe
C:\Windows\system32\wbem\wmiprvse.exe
.
============== Pseudo HJT Report ===============
.
uSearch Page = hxxp://www.google.com
uStart Page = hxxp://www.google.com.au/
uWindow Title = Internet Explorer provided by Dell
uSearch Bar = hxxp://www.google.com/ie
uDefault_Search_URL = hxxp://www.google.com/ie
uSearchAssistant = hxxp://www.google.com/ie
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
uURLSearchHooks: AVG Security Toolbar BHO: {a3bc75a2-1f87-4686-aa43-5347d756017c} - C:\Program Files (x86)\AVG\AVG8\Toolbar\IEToolbar.dll
mURLSearchHooks: AVG Security Toolbar BHO: {a3bc75a2-1f87-4686-aa43-5347d756017c} - C:\Program Files (x86)\AVG\AVG8\Toolbar\IEToolbar.dll
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
BHO: Spybot-S&D IE Protection: {53707962-6f74-2d53-2644-206d7942484f} - C:\Program Files (x86)\Spybot - Search & Destroy\SDHelper.dll
BHO: {5C255C8A-E604-49b4-9D64-90988571CECB} - No File
BHO: Windows Live Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
BHO: AVG Security Toolbar BHO: {a3bc75a2-1f87-4686-aa43-5347d756017c} - C:\Program Files (x86)\AVG\AVG8\Toolbar\IEToolbar.dll
BHO: Skype Browser Helper: {ae805869-2e5c-4ed4-8f7b-f1f7851a4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
BHO: Bing Bar Helper: {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - "C:\Program Files (x86)\Microsoft\BingBar\BingExt.dll"
BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
TB: AVG Security Toolbar: {ccc7a320-b3ca-4199-b1a6-9f516dd69829} - C:\Program Files (x86)\AVG\AVG8\Toolbar\IEToolbar.dll
TB: Bing Bar: {8dcb7100-df86-4384-8842-8fa844297b3f} - "C:\Program Files (x86)\Microsoft\BingBar\BingExt.dll"
TB: {21FA44EF-376D-4D53-9B0F-8A89D3229068} - No File
uRun: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
uRun: [SpybotSD TeaTimer] C:\Program Files (x86)\Spybot - Search & Destroy\TeaTimer.exe
uRun: [ehTray.exe] C:\Windows\ehome\ehTray.exe
uRunOnce: [SpybotDeletingB5475] command.com /c del "C:\Windows\svchost.exe_old"
uRunOnce: [SpybotDeletingD9343] cmd.exe /c del "C:\Windows\svchost.exe_old"
uRunOnce: [SpybotDeletingB6389] command.com /c del "C:\Windows\svchost.exe"
uRunOnce: [SpybotDeletingD3150] cmd.exe /c del "C:\Windows\svchost.exe"
uRunOnce: [SpybotDeletingB1170] command.com /c del "C:\Windows\svchost.exe"
uRunOnce: [SpybotDeletingD69] cmd.exe /c del "C:\Windows\svchost.exe"
mRun: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
mRun: [Dell Webcam Central] "C:\Program Files (x86)\Dell Webcam\Dell Webcam Central\WebcamDell.exe" /mode2
mRun: [AVG8_TRAY] C:\PROGRA~2\AVG\AVG8\avgtray.exe
mRun: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe"
mRun: [BrMfcWnd] "C:\Program Files (x86)\Brother\Brmfcmon\BrMfcWnd.exe" /AUTORUN
mRun: [ControlCenter3] "C:\Program Files (x86)\Brother\ControlCenter3\brctrcen.exe" /autorun
mRun: [Adobe Reader Speed Launcher] "C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe"
mRun: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
mRun: [FUFAXSTM] "C:\Program Files (x86)\Epson Software\FAX Utility\FUFAXSTM.exe"
mRunOnce: [SpybotDeletingA4071] command.com /c del "C:\Windows\svchost.exe_old"
mRunOnce: [SpybotDeletingC8309] cmd.exe /c del "C:\Windows\svchost.exe_old"
mRunOnce: [SpybotDeletingA6331] command.com /c del "C:\Windows\svchost.exe"
mRunOnce: [SpybotDeletingC802] cmd.exe /c del "C:\Windows\svchost.exe"
mRunOnce: [SpybotDeletingA7787] command.com /c del "C:\Windows\svchost.exe"
mRunOnce: [SpybotDeletingC4199] cmd.exe /c del "C:\Windows\svchost.exe"
StartupFolder: C:\Users\elly\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\ERUNTA~1.LNK - C:\Program Files (x86)\ERUNT\AUTOBACK.EXE
StartupFolder: C:\Users\elly\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\ONENOT~1.LNK - C:\Program Files (x86)\Microsoft Office\Office12\ONENOTEM.EXE
StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\DELLRE~1.LNK - c:\Windows\Installer\{F66A31D9-7831-4FBA-BA02-C411C0047CC5}\NewShortcut10_F66A31D978314FBABA02C411C0047CC5.exe
StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\PGPTRA~1.LNK - C:\Windows\Installer\{217C5C5A-37CA-4CB5-BE1D-9694832F9DAA}\Icon6560581611.exe
StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\QuickSet.lnk - C:\Program Files (x86)\Dell\QuickSet\quickset.exe
mPolicies-explorer: NoActiveDesktop = 1 (0x1)
mPolicies-explorer: BindDirectlyToPropertySetStorage = 0 (0x0)
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
IE: Add to Google Photos Screensa&ver - C:\Windows\system32\GPhotos.scr/200
IE: E&xport to Microsoft Excel - C:\PROGRA~2\MICROS~2\Office12\EXCEL.EXE/3000
IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\PROGRA~2\MICROS~2\Office12\ONBttnIE.dll
IE: {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - {2EAF5BB0-070F-11D3-9307-00C04FAE2D4F} - C:\Windows\WindowsMobile\INetRepl.dll
IE: {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - {2EAF5BB0-070F-11D3-9307-00C04FAE2D4F} - C:\Windows\WindowsMobile\INetRepl.dll
IE: {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - C:\PROGRA~2\MICROS~2\Office12\REFIEBAR.DLL
IE: {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files (x86)\Spybot - Search & Destroy\SDHelper.dll
LSP: C:\Windows\system32\PGPlsp.dll
Trusted Zone: holmstrom-kennedy.com\mail
Trusted Zone: holmstromlaw.com\mail
DPF: {0CCA191D-13A6-4E29-B746-314DEE697D83} - hxxp://upload.facebook.com/controls/2008.10.10_v5.5.8/FacebookPhotoUploader5.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_18-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0018-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_18-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_18-windows-i586.cab
DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
TCP: DhcpNameServer = 123.200.191.17 123.200.191.18
TCP: Interfaces\{109C7D44-82B0-442E-8D4D-07E4630241BE} : DhcpNameServer = 68.87.72.134 68.87.77.134
TCP: Interfaces\{8DE78221-CCE5-4DBA-8975-D9A6CEE7674A} : NameServer = 208.67.222.222,208.67.220.220
TCP: Interfaces\{C022DFBB-F863-4329-82BE-0A9A91BB1504} : DhcpNameServer = 123.200.191.17 123.200.191.18
TCP: Interfaces\{C17D05BC-7BC3-41E2-992E-DF06E0B95A79} : DhcpNameServer = 123.200.191.17 123.200.191.18
TCP: Interfaces\{EB7C840C-1072-464B-8CD7-4A43027A9D3E} : DhcpNameServer = 10.10.0.1
Handler: avgsecuritytoolbar - {F2DDE6B2-9684-4A55-86D4-E255E237B77C} - C:\Program Files (x86)\AVG\AVG8\Toolbar\IEToolbar.dll
Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
AppInit_DLLs: PGPmapih.dll
LSA: Notification Packages = scecli PGPpwflt
BHO-X64: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
BHO-X64: AcroIEHelperStub - No File
BHO-X64: Spybot-S&D IE Protection: {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files (x86)\Spybot - Search & Destroy\SDHelper.dll
BHO-X64: {5C255C8A-E604-49b4-9D64-90988571CECB} - No File
BHO-X64: Windows Live Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
BHO-X64: AVG Security Toolbar BHO: {A3BC75A2-1F87-4686-AA43-5347D756017C} - C:\Program Files (x86)\AVG\AVG8\Toolbar\IEToolbar.dll
BHO-X64: Skype Browser Helper: {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
BHO-X64: SkypeIEPluginBHO - No File
BHO-X64: Bing Bar Helper: {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - "C:\Program Files (x86)\Microsoft\BingBar\BingExt.dll"
BHO-X64: Java(tm) Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
TB-X64: AVG Security Toolbar: {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - C:\Program Files (x86)\AVG\AVG8\Toolbar\IEToolbar.dll
TB-X64: Bing Bar: {8dcb7100-df86-4384-8842-8fa844297b3f} - "C:\Program Files (x86)\Microsoft\BingBar\BingExt.dll"
TB-X64: {21FA44EF-376D-4D53-9B0F-8A89D3229068} - No File
mRun-x64: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
mRun-x64: [Dell Webcam Central] "C:\Program Files (x86)\Dell Webcam\Dell Webcam Central\WebcamDell.exe" /mode2
mRun-x64: [AVG8_TRAY] C:\PROGRA~2\AVG\AVG8\avgtray.exe
mRun-x64: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe"
mRun-x64: [BrMfcWnd] "C:\Program Files (x86)\Brother\Brmfcmon\BrMfcWnd.exe" /AUTORUN
mRun-x64: [ControlCenter3] "C:\Program Files (x86)\Brother\ControlCenter3\brctrcen.exe" /autorun
mRun-x64: [Adobe Reader Speed Launcher] "C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe"
mRun-x64: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
mRun-x64: [FUFAXSTM] "C:\Program Files (x86)\Epson Software\FAX Utility\FUFAXSTM.exe"
mRunOnce-x64: [SpybotDeletingA4071] command.com /c del "C:\Windows\svchost.exe_old"
mRunOnce-x64: [SpybotDeletingC8309] cmd.exe /c del "C:\Windows\svchost.exe_old"
mRunOnce-x64: [SpybotDeletingA6331] command.com /c del "C:\Windows\svchost.exe"
mRunOnce-x64: [SpybotDeletingC802] cmd.exe /c del "C:\Windows\svchost.exe"
mRunOnce-x64: [SpybotDeletingA7787] command.com /c del "C:\Windows\svchost.exe"
mRunOnce-x64: [SpybotDeletingC4199] cmd.exe /c del "C:\Windows\svchost.exe"
AppInit_DLLs-X64: PGPmapih.dll
.
================= FIREFOX ===================
.
FF - ProfilePath - C:\Users\elly\AppData\Roaming\Mozilla\Firefox\Profiles\78enpq9v.default\
FF - prefs.js: browser.startup.homepage - hxxps://encrypted.google.com
FF - prefs.js: keyword.URL - hxxp://search.avg.com/route/?d=4cc82f7b&v=6.103.018.001&i=29&tp=ab&iy=&ychte=us&lng=en-US&q=
FF - plugin: C:\Program Files (x86)\Adobe\Reader 9.0\Reader\AIR\nppdf32.dll
FF - plugin: C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll
FF - plugin: C:\Program Files (x86)\Google\Picasa3\npPicasa3.dll
FF - plugin: C:\Program Files (x86)\Google\Update\1.3.21.69\npGoogleUpdate3.dll
FF - plugin: c:\Program Files (x86)\Microsoft Silverlight\4.0.60531.0\npctrlui.dll
FF - plugin: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll
FF - plugin: C:\Users\elly\AppData\Roaming\Move Networks\plugins\npqmp071505000011.dll
FF - plugin: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32.dll
.
---- FIREFOX POLICIES ----
FF - user.js: network.cookie.cookieBehavior - 0
FF - user.js: privacy.clearOnShutdown.cookies - false
FF - user.js: security.warn_viewing_mixed - false
FF - user.js: security.warn_viewing_mixed.show_once - false
FF - user.js: security.warn_submit_insecure - false
FF - user.js: security.warn_submit_insecure.show_once - false
.
============= SERVICES / DRIVERS ===============
.
R0 pgpfs;PGP File Sharing;C:\Windows\system32\Drivers\PGPfsfd.sys --> C:\Windows\system32\Drivers\PGPfsfd.sys [?]
R0 Pgpwdefs;Pgpwdefs;C:\Windows\system32\DRIVERS\Pgpwdefs.sys --> C:\Windows\system32\DRIVERS\Pgpwdefs.sys [?]
R0 PxHlpa64;PxHlpa64;C:\Windows\system32\Drivers\PxHlpa64.sys --> C:\Windows\system32\Drivers\PxHlpa64.sys [?]
R1 AvgLdx64;AVG Free AVI Loader Driver x64;C:\Windows\system32\Drivers\avgldx64.sys --> C:\Windows\system32\Drivers\avgldx64.sys [?]
R1 AvgMfx64;AVG Free On-access Scanner Minifilter Driver x64;C:\Windows\system32\Drivers\avgmfx64.sys --> C:\Windows\system32\Drivers\avgmfx64.sys [?]
R1 AvgTdiA;AVG Free8 Network Redirector x64;C:\Windows\system32\Drivers\avgtdia.sys --> C:\Windows\system32\Drivers\avgtdia.sys [?]
R2 AESTFilters;Andrea ST Filters Service;C:\Windows\System32\DriverStore\FileRepository\stwrt64.inf_cce24a4c\AESTSr64.exe --> C:\Windows\System32\DriverStore\FileRepository\stwrt64.inf_cce24a4c\AESTSr64.exe [?]
R2 avg8emc;AVG Free8 E-mail Scanner;C:\PROGRA~2\AVG\AVG8\avgemc.exe [2009-8-23 908056]
R2 avg8wd;AVG Free8 WatchDog;C:\PROGRA~2\AVG\AVG8\avgwdsvc.exe [2009-8-23 297752]
R2 BBUpdate;BBUpdate;C:\Program Files (x86)\Microsoft\BingBar\SeaPort.EXE [2011-6-15 249648]
R2 dlbc_device;dlbc_device;C:\Windows\system32\dlbccoms.exe -service --> C:\Windows\system32\dlbccoms.exe -service [?]
R2 DockLoginService;Dock Login Service;C:\Program Files\Dell\DellDock\DockLogin.exe [2008-9-23 155648]
R2 FontCache;Windows Font Cache Service;C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation [2008-1-20 21504]
R2 SBSDWSCService;SBSD Security Center Service;C:\Program Files (x86)\Spybot - Search & Destroy\SDWinSec.exe [2009-9-19 1153368]
R2 Tether;Tether;C:\Program Files (x86)\Tether\TBService.exe [2010-5-21 49080]
R3 ewusbnet;HUAWEI USB-NDIS miniport;C:\Windows\system32\DRIVERS\ewusbnet.sys --> C:\Windows\system32\DRIVERS\ewusbnet.sys [?]
R3 IntcHdmiAddService;Intel(R) High Definition Audio HDMI;C:\Windows\system32\drivers\IntcHdmi.sys --> C:\Windows\system32\drivers\IntcHdmi.sys [?]
R3 itecir;ITECIR Infrared Receiver;C:\Windows\system32\DRIVERS\itecir.sys --> C:\Windows\system32\DRIVERS\itecir.sys [?]
R3 k57nd60a;Broadcom NetLink (TM) Gigabit Ethernet - NDIS 6.0;C:\Windows\system32\DRIVERS\k57nd60a.sys --> C:\Windows\system32\DRIVERS\k57nd60a.sys [?]
R3 NETw5v64;Intel(R) Wireless WiFi Link Adapter Driver for Windows Vista 64 Bit ;C:\Windows\system32\DRIVERS\NETw5v64.sys --> C:\Windows\system32\DRIVERS\NETw5v64.sys [?]
R3 OA001Ufd;Creative Camera OA001 Upper Filter Driver;C:\Windows\system32\DRIVERS\OA001Ufd.sys --> C:\Windows\system32\DRIVERS\OA001Ufd.sys [?]
R3 OA001Vid;Creative Camera OA001 Function Driver;C:\Windows\system32\DRIVERS\OA001Vid.sys --> C:\Windows\system32\DRIVERS\OA001Vid.sys [?]
R3 swivsp;AC8xx Virtual Serial Port;C:\Windows\system32\DRIVERS\swivspnt.sys --> C:\Windows\system32\DRIVERS\swivspnt.sys [?]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576]
S2 gupdate;Google Update Service (gupdate);C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2009-12-2 135664]
S3 AVG Security Toolbar Service;AVG Security Toolbar Service;C:\Program Files (x86)\AVG\AVG8\Toolbar\ToolbarBroker.exe [2010-10-27 947528]
S3 BBSvc;Bing Bar Update Service;C:\Program Files (x86)\Microsoft\BingBar\BBSvc.EXE [2011-7-7 195336]
S3 gupdatem;Google Update Service (gupdatem);C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2009-12-2 135664]
S3 HtcUsbMdmV64;HTC Proprietary USB Driver (PID 0B03);C:\Windows\system32\DRIVERS\HtcUsbMdmV64.sys --> C:\Windows\system32\DRIVERS\HtcUsbMdmV64.sys [?]
S3 HtcVCom32;HTC Diagnostic Port (PID 0B03);C:\Windows\system32\DRIVERS\HtcVComV64.sys --> C:\Windows\system32\DRIVERS\HtcVComV64.sys [?]
S3 PerfHost;Performance Counter DLL Host;C:\Windows\SysWOW64\perfhost.exe [2008-1-20 19968]
S3 qrkis;Tether Miniport;C:\Windows\system32\DRIVERS\qrkis.sys --> C:\Windows\system32\DRIVERS\qrkis.sys [?]
S3 USBAAPL64;Apple Mobile USB Driver;C:\Windows\system32\Drivers\usbaapl64.sys --> C:\Windows\system32\Drivers\usbaapl64.sys [?]
S3 WMZuneComm;Zune Windows Mobile Connectivity Service;C:\Program Files\Zune\WMZuneComm.exe [2010-11-11 306416]
S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\WPF\WPFFontCache_v0400.exe [2010-3-18 1020768]
S4 clr_optimization_v2.0.50727_64;Microsoft .NET Framework NGEN v2.0.50727_X64;C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe [2009-12-3 89920]
.
=============== Created Last 30 ================
.
2011-09-27 11:59:19 69000 ----a-w- C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{65CCFD38-D0ED-48E3-A1A6-AA8ACB54AA1B}\offreg.dll
2011-09-27 11:59:15 9049936 ----a-w- C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{65CCFD38-D0ED-48E3-A1A6-AA8ACB54AA1B}\mpengine.dll
2011-09-21 22:54:42 388096 ----a-r- C:\Users\elly\AppData\Roaming\Microsoft\Installer\{45A66726-69BC-466B-A7A4-12FCBA4883D7}\HiJackThis.exe
2011-09-21 22:54:39 -------- d-----w- C:\Program Files (x86)\Trend Micro
2011-09-14 22:49:51 2409784 ----a-w- C:\Program Files\Windows Mail\OESpamFilter.dat
2011-09-14 22:49:51 2409784 ----a-w- C:\Program Files (x86)\Windows Mail\OESpamFilter.dat
2011-09-14 22:40:12 9049936 ----a-w- C:\ProgramData\Microsoft\Windows Defender\Definition Updates\Backup\mpengine.dll
2011-09-14 22:39:59 270720 ------w- C:\Windows\System32\MpSigStub.exe
2011-08-31 22:38:53 20480 ------w- C:\Windows\svchost.exe_old
2011-08-31 22:38:53 20480 ------w- C:\Windows\svchost.exe
2011-08-31 22:34:02 0 ----a-w- C:\Users\elly\AppData\Local\Avuhuxo.bin
2011-08-31 22:34:00 -------- d-----w- C:\Users\elly\AppData\Local\{48D27BF9-A4F3-4C06-9784-5791B6E6E9C3}
.
==================== Find3M ====================
.
2011-08-31 22:00:50 25416 ----a-w- C:\Windows\System32\drivers\mbam.sys
2011-08-02 04:53:43 404640 ----a-w- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
2011-07-22 14:10:31 1383424 ----a-w- C:\Windows\System32\mshtml.tlb
2011-07-22 13:54:40 1383424 ----a-w- C:\Windows\SysWow64\mshtml.tlb
2011-07-11 13:45:57 2048 ----a-w- C:\Windows\System32\tzres.dll
2011-07-11 13:25:35 2048 ----a-w- C:\Windows\SysWow64\tzres.dll
2011-07-06 15:49:23 275456 ----a-w- C:\Windows\System32\drivers\mrxsmb10.sys
.
============= FINISH: 4:07:31.58 ===============

Blade81
2011-09-28, 14:04
Hi,

Disable Spybot's TeaTimer to make sure it won't interfere with fixes. You can re-enable it when you're clean again:
Run Spybot-S&D in Advanced Mode
If it is not already set to do this, go to the Mode menu
select
Advanced Mode

On the left hand side, click on Tools
Then click on the Resident icon in the list
Uncheck
Resident TeaTimer
and OK any prompts.
Restart your computer



Please visit this webpage for download links, and instructions for running ComboFix tool:

http://www.bleepingcomputer.com/combofix/how-to-use-combofix

Please ensure you read this guide carefully first.

Please continue as follows:


Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix, link (http://www.bleepingcomputer.com/forums/topic114351.html)
Remember to re-enable them afterwards.


Click Yes to allow ComboFix to continue scanning for malware.


When the tool is finished, it will produce a report for you.

Please include the following reports for further review, and so we may continue cleansing the system:

C:\ComboFix.txt
New dds log.

A word of warning: Neither I nor sUBs are responsible for any damage you may have caused your machine by running ComboFix. This tool is not a toy and not for everyday use.

ellybug
2011-09-29, 03:58
Here is the ComboFix log. I'll include the dds log in a separate post. When ComboFix finished running, I also got a message that said:
C:\Program Files (x86)\PGP Corporation\PGP Desktop\PGPfsd.exe
Illegal operation attempted on a registry key that has been marked for deletion. Then an 'ok' box. Not sure what to do with that.


ComboFix 11-09-28.01 - elly 09/28/2011 8:31.1.2 - x64
Microsoft® Windows Vista™ Home Premium 6.0.6002.2.1252.1.1033.18.4054.2237 [GMT -5:00]
Running from: c:\users\elly\Desktop\ComboFix.exe
AV: AVG Anti-Virus Free *Disabled/Updated* {0C939084-9E57-CBDB-EA61-0B0C7F62AF82}
SP: AVG Anti-Virus Free *Disabled/Updated* {B7F27160-B86D-C455-D0D1-307E04E5E53F}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
C:\install.exe
c:\program files (x86)\google\common\google updater\googleupdaterservice.exe
c:\users\elly\AppData\Local\{48D27BF9-A4F3-4C06-9784-5791B6E6E9C3}
c:\users\elly\AppData\Local\{48D27BF9-A4F3-4C06-9784-5791B6E6E9C3}\chrome\content\overlay.xul
c:\users\elly\AppData\Local\{48D27BF9-A4F3-4C06-9784-5791B6E6E9C3}\install.rdf
c:\users\elly\AppData\Roaming\Mozilla\Firefox\Profiles\78enpq9v.default\extensions\{70ff04dc-dbdc-467d-900b-48a46d59fc07}
c:\users\elly\AppData\Roaming\Mozilla\Firefox\Profiles\78enpq9v.default\extensions\{70ff04dc-dbdc-467d-900b-48a46d59fc07}\chrome\xulcache.jar
c:\users\elly\AppData\Roaming\Mozilla\Firefox\Profiles\78enpq9v.default\extensions\{70ff04dc-dbdc-467d-900b-48a46d59fc07}\install.rdf
c:\users\elly\AppData\Roaming\Mozilla\Firefox\Profiles\78enpq9v.default\extensions\{b6f5daf6-fd7b-4434-939e-8e7a14e8643e}
c:\users\elly\AppData\Roaming\Mozilla\Firefox\Profiles\78enpq9v.default\extensions\{b6f5daf6-fd7b-4434-939e-8e7a14e8643e}\chrome\xulcache.jar
c:\users\elly\AppData\Roaming\Mozilla\Firefox\Profiles\78enpq9v.default\extensions\{b6f5daf6-fd7b-4434-939e-8e7a14e8643e}\install.rdf
c:\windows\svchost.exe
.
.
((((((((((((((((((((((((( Files Created from 2011-08-28 to 2011-09-28 )))))))))))))))))))))))))))))))
.
.
2011-09-28 13:41 . 2011-09-28 13:41 69000 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{65CCFD38-D0ED-48E3-A1A6-AA8ACB54AA1B}\offreg.dll
2011-09-21 23:29 . 2011-09-21 23:29 -------- d-----w- c:\program files (x86)\ERUNT
2011-09-21 22:54 . 2011-09-21 22:54 388096 ----a-r- c:\users\elly\AppData\Roaming\Microsoft\Installer\{45A66726-69BC-466B-A7A4-12FCBA4883D7}\HiJackThis.exe
2011-09-21 22:54 . 2011-09-21 22:54 -------- d-----w- c:\program files (x86)\Trend Micro
2011-09-14 22:49 . 2011-08-10 12:14 2409784 ----a-w- c:\program files (x86)\Windows Mail\OESpamFilter.dat
2011-09-14 22:49 . 2011-08-10 12:14 2409784 ----a-w- c:\program files\Windows Mail\OESpamFilter.dat
2011-09-14 22:39 . 2011-05-25 00:14 270720 ------w- c:\windows\system32\MpSigStub.exe
2011-08-31 22:38 . 2009-10-09 21:56 20480 ----a-w- c:\windows\svchost.exe
2011-08-31 22:34 . 2011-09-11 08:56 0 ----a-w- c:\users\elly\AppData\Local\Avuhuxo.bin
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-08-31 22:00 . 2010-02-03 01:48 25416 ----a-w- c:\windows\system32\drivers\mbam.sys
2011-08-02 04:53 . 2011-06-05 12:41 404640 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2011-07-22 14:10 . 2011-08-10 07:34 1383424 ----a-w- c:\windows\system32\mshtml.tlb
2011-07-22 13:54 . 2011-08-10 07:34 1383424 ----a-w- c:\windows\SysWow64\mshtml.tlb
2011-07-11 13:45 . 2011-08-24 08:22 2048 ----a-w- c:\windows\system32\tzres.dll
2011-07-11 13:25 . 2011-08-24 08:22 2048 ----a-w- c:\windows\SysWow64\tzres.dll
2011-07-06 15:49 . 2011-08-10 07:38 275456 ----a-w- c:\windows\system32\drivers\mrxsmb10.sys
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
"{A3BC75A2-1F87-4686-AA43-5347D756017C}"= "c:\program files (x86)\AVG\AVG8\Toolbar\IEToolbar.dll" [2011-03-18 2471240]
.
[HKEY_CLASSES_ROOT\clsid\{a3bc75a2-1f87-4686-aa43-5347d756017c}]
.
[HKEY_LOCAL_MACHINE\Wow6432Node\~\Browser Helper Objects\{A3BC75A2-1F87-4686-AA43-5347D756017C}]
2011-03-18 13:11 2471240 ----a-w- c:\program files (x86)\AVG\AVG8\Toolbar\IEToolbar.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar]
"{CCC7A320-B3CA-4199-B1A6-9F516DD69829}"= "c:\program files (x86)\AVG\AVG8\Toolbar\IEToolbar.dll" [2011-03-18 2471240]
.
[HKEY_CLASSES_ROOT\clsid\{ccc7a320-b3ca-4199-b1a6-9f516dd69829}]
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\IconOverlayHandlerAccessible]
@="{3DBF5F01-3287-46EB-82CF-45AA5C241162}"
[HKEY_CLASSES_ROOT\CLSID\{3DBF5F01-3287-46EB-82CF-45AA5C241162}]
2010-04-01 19:56 613496 ----a-w- c:\windows\SysWOW64\PGPfsshl.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2009-04-11 1555968]
"ehTray.exe"="c:\windows\ehome\ehTray.exe" [2008-01-21 138240]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2010-01-11 246504]
"Dell Webcam Central"="c:\program files (x86)\Dell Webcam\Dell Webcam Central\WebcamDell.exe" [2008-06-03 446635]
"AVG8_TRAY"="c:\progra~2\AVG\AVG8\avgtray.exe" [2010-07-08 2048352]
"iTunesHelper"="c:\program files (x86)\iTunes\iTunesHelper.exe" [2009-09-09 305440]
"BrMfcWnd"="c:\program files (x86)\Brother\Brmfcmon\BrMfcWnd.exe" [2009-01-19 1150976]
"ControlCenter3"="c:\program files (x86)\Brother\ControlCenter3\brctrcen.exe" [2009-01-09 114688]
"Adobe Reader Speed Launcher"="c:\program files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2011-06-08 37296]
"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2011-03-30 937920]
"FUFAXSTM"="c:\program files (x86)\Epson Software\FAX Utility\FUFAXSTM.exe" [2009-12-03 847872]
.
c:\users\elly\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
ERUNT AutoBackup.lnk - c:\program files (x86)\ERUNT\AUTOBACK.EXE [2005-10-20 38912]
OneNote 2007 Screen Clipper and Launcher.lnk - c:\program files (x86)\Microsoft Office\Office12\ONENOTEM.EXE [2009-2-26 97680]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
Dell Remote Access.lnk - c:\windows\Installer\{F66A31D9-7831-4FBA-BA02-C411C0047CC5}\NewShortcut10_F66A31D978314FBABA02C411C0047CC5.exe [2009-3-16 53248]
PGPtray.exe.lnk - c:\windows\Installer\{217C5C5A-37CA-4CB5-BE1D-9694832F9DAA}\Icon6560581611.exe [2010-10-13 55296]
QuickSet.lnk - c:\program files\Dell\QuickSet\quickset.exe [2008-7-25 1994832]
.
c:\users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
Dell Dock First Run.lnk - c:\program files\Dell\DellDock\DellDock.exe [2008-9-23 1295656]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WudfSvc]
@="Service"
.
R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
R2 gupdate;Google Update Service (gupdate);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2009-12-03 135664]
R3 AVG Security Toolbar Service;AVG Security Toolbar Service;c:\program files (x86)\AVG\AVG8\Toolbar\ToolbarBroker.exe [2011-03-18 947528]
R3 BBSvc;Bing Bar Update Service;c:\program files (x86)\Microsoft\BingBar\BBSvc.EXE [2011-07-08 195336]
R3 gupdatem;Google Update Service (gupdatem);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2009-12-03 135664]
R3 HtcUsbMdmV64;HTC Proprietary USB Driver (PID 0B03);c:\windows\system32\DRIVERS\HtcUsbMdmV64.sys [x]
R3 HtcVCom32;HTC Diagnostic Port (PID 0B03);c:\windows\system32\DRIVERS\HtcVComV64.sys [x]
R3 qrkis;Tether Miniport;c:\windows\system32\DRIVERS\qrkis.sys [x]
R3 USBAAPL64;Apple Mobile USB Driver;c:\windows\system32\Drivers\usbaapl64.sys [x]
R3 WMZuneComm;Zune Windows Mobile Connectivity Service;c:\program files\Zune\WMZuneComm.exe [2010-11-11 306416]
R3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\Microsoft.NET\Framework64\v4.0.30319\WPF\WPFFontCache_v0400.exe [2010-03-18 1020768]
S0 pgpfs;PGP File Sharing;c:\windows\System32\Drivers\PGPfsfd.sys [x]
S0 Pgpwdefs;Pgpwdefs;c:\windows\system32\DRIVERS\Pgpwdefs.sys [x]
S0 PxHlpa64;PxHlpa64;c:\windows\System32\Drivers\PxHlpa64.sys [x]
S1 AvgLdx64;AVG Free AVI Loader Driver x64;c:\windows\System32\Drivers\avgldx64.sys [x]
S1 AvgMfx64;AVG Free On-access Scanner Minifilter Driver x64;c:\windows\System32\Drivers\avgmfx64.sys [x]
S1 AvgTdiA;AVG Free8 Network Redirector x64;c:\windows\System32\Drivers\avgtdia.sys [x]
S2 AESTFilters;Andrea ST Filters Service;c:\windows\System32\DriverStore\FileRepository\stwrt64.inf_cce24a4c\AESTSr64.exe [x]
S2 avg8emc;AVG Free8 E-mail Scanner;c:\progra~2\AVG\AVG8\avgemc.exe [2009-08-23 908056]
S2 avg8wd;AVG Free8 WatchDog;c:\progra~2\AVG\AVG8\avgwdsvc.exe [2009-08-23 297752]
S2 BBUpdate;BBUpdate;c:\program files (x86)\Microsoft\BingBar\SeaPort.EXE [2011-06-15 249648]
S2 dlbc_device;dlbc_device;c:\windows\system32\dlbccoms.exe [x]
S2 DockLoginService;Dock Login Service;c:\program files\Dell\DellDock\DockLogin.exe [2008-09-24 155648]
S2 SBSDWSCService;SBSD Security Center Service;c:\program files (x86)\Spybot - Search & Destroy\SDWinSec.exe [2009-01-26 1153368]
S2 Tether;Tether;c:\program files (x86)\Tether\TBService.exe [2010-05-14 49080]
S3 ewusbnet;HUAWEI USB-NDIS miniport;c:\windows\system32\DRIVERS\ewusbnet.sys [x]
S3 IntcHdmiAddService;Intel(R) High Definition Audio HDMI;c:\windows\system32\drivers\IntcHdmi.sys [x]
S3 itecir;ITECIR Infrared Receiver;c:\windows\system32\DRIVERS\itecir.sys [x]
S3 k57nd60a;Broadcom NetLink (TM) Gigabit Ethernet - NDIS 6.0;c:\windows\system32\DRIVERS\k57nd60a.sys [x]
S3 NETw5v64;Intel(R) Wireless WiFi Link Adapter Driver for Windows Vista 64 Bit ;c:\windows\system32\DRIVERS\NETw5v64.sys [x]
S3 OA001Ufd;Creative Camera OA001 Upper Filter Driver;c:\windows\system32\DRIVERS\OA001Ufd.sys [x]
S3 OA001Vid;Creative Camera OA001 Function Driver;c:\windows\system32\DRIVERS\OA001Vid.sys [x]
S3 swivsp;AC8xx Virtual Serial Port;c:\windows\system32\DRIVERS\swivspnt.sys [x]
.
.
Contents of the 'Scheduled Tasks' folder
.
2011-09-28 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2009-12-03 04:48]
.
2011-09-28 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2009-12-03 04:48]
.
2011-09-28 c:\windows\Tasks\User_Feed_Synchronization-{6C235F7F-244E-4CAD-9719-AA641874E61E}.job
- c:\windows\system32\msfeedssync.exe [2008-01-21 02:50]
.
.
--------- x86-64 -----------
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\IconOverlayHandlerAccessible]
@="{3DBF5F01-3287-46EB-82CF-45AA5C241162}"
[HKEY_CLASSES_ROOT\CLSID\{3DBF5F01-3287-46EB-82CF-45AA5C241162}]
2010-04-01 19:56 538744 ----a-w- c:\windows\System32\PGPfsshl.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Apoint"="c:\program files\DellTPad\Apoint.exe" [2008-08-19 272896]
"Dell DataSafe Online"="c:\program files (x86)\Dell DataSafe Online\DataSafeOnline.exe" [2008-11-03 1745648]
"Windows Mobile Device Center"="c:\windows\WindowsMobile\wmdc.exe" [2007-05-31 660360]
"Zune Launcher"="c:\program files\Zune\ZuneLauncher.exe" [2010-11-11 163568]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2010-08-26 161304]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2010-08-26 386584]
"Persistence"="c:\windows\system32\igfxpers.exe" [2010-08-26 415256]
"combofix"="c:\combofix\CF19677.3XE" [2008-01-21 363008]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"LoadAppInit_DLLs"=0x1
"AppInit_DLLs"=c:\windows\System32\avgrssta.dll
.
------- Supplementary Scan -------
.
uLocal Page = c:\windows\system32\blank.htm
uStart Page = hxxp://www.google.com.au/
uDefault_Search_URL = hxxp://www.google.com/ie
mLocal Page = %SystemRoot%\system32\blank.htm
uSearchAssistant = hxxp://www.google.com/ie
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200
IE: E&xport to Microsoft Excel - c:\progra~2\MICROS~2\Office12\EXCEL.EXE/3000
LSP: c:\windows\system32\PGPlsp.dll
Trusted Zone: holmstrom-kennedy.com\mail
Trusted Zone: holmstromlaw.com\mail
TCP: DhcpNameServer = 123.200.191.17 123.200.191.18
TCP: Interfaces\{8DE78221-CCE5-4DBA-8975-D9A6CEE7674A}: NameServer = 208.67.222.222,208.67.220.220
Handler: avgsecuritytoolbar - {F2DDE6B2-9684-4A55-86D4-E255E237B77C} - c:\program files (x86)\AVG\AVG8\Toolbar\IEToolbar.dll
CLSID: {603d3801-bd81-11d0-a3a5-00c04fd706ec} - %SystemRoot%\SysWow64\browseui.dll
FF - ProfilePath - c:\users\elly\AppData\Roaming\Mozilla\Firefox\Profiles\78enpq9v.default\
FF - prefs.js: browser.startup.homepage - hxxps://encrypted.google.com
FF - prefs.js: keyword.URL - hxxp://search.avg.com/route/?d=4cc82f7b&v=6.103.018.001&i=29&tp=ab&iy=&ychte=us&lng=en-US&q=
FF - user.js: network.cookie.cookieBehavior - 0
FF - user.js: privacy.clearOnShutdown.cookies - false
FF - user.js: security.warn_viewing_mixed - false
FF - user.js: security.warn_viewing_mixed.show_once - false
FF - user.js: security.warn_submit_insecure - false
FF - user.js: security.warn_submit_insecure.show_once - false
.
- - - - ORPHANS REMOVED - - - -
.
SafeBoot-WudfPf
SafeBoot-WudfRd
WebBrowser-{CCC7A320-B3CA-4199-B1A6-9F516DD69829} - (no file)
HKLM-Run-Windows Defender - c:\program files (x86)\Windows Defender\MSASCui.exe
HKLM-Run-(Default) - (no file)
HKLM-Run-SysTrayApp - c:\program files (x86)\IDT\WDM\sttray64.exe
.
.
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil10r_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil10r_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10r.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.10"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10r.ocx, 1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10r.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10r.ocx, 1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
@Denied: (A 2) (Everyone)
@="IFlashBroker4"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\TypeLib\{D27CDB6B-AE6D-11CF-96B8-444553540000}]
@Denied: (A 2) (Everyone)
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\TypeLib\{D27CDB6B-AE6D-11CF-96B8-444553540000}\1.0]
@="Shockwave Flash"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\TypeLib\{FAB3E735-69C7-453B-A446-B6823C6DF1C9}]
@Denied: (A 2) (Everyone)
@=""
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\TypeLib\{FAB3E735-69C7-453B-A446-B6823C6DF1C9}\1.0]
@="FlashBroker"
.
[HKEY_LOCAL_MACHINE\software\Microsoft\Windows CE Services]
"SymbolicLinkValue"=hex(6):5c,00,72,00,65,00,67,00,69,00,73,00,74,00,72,00,79,
00,5c,00,4d,00,41,00,43,00,48,00,49,00,4e,00,45,00,5c,00,53,00,4f,00,46,00,\
.
[HKEY_LOCAL_MACHINE\software\Wow6432Node\Classes]
"SymbolicLinkValue"=hex(6):5c,00,52,00,45,00,47,00,49,00,53,00,54,00,52,00,59,
00,5c,00,4d,00,41,00,43,00,48,00,49,00,4e,00,45,00,5c,00,53,00,4f,00,46,00,\
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0002\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0003\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0004\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0005\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0006\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
------------------------ Other Running Processes ------------------------
.
c:\program files (x86)\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
c:\program files (x86)\Bonjour\mDNSResponder.exe
c:\programdata\SingleClick Systems\Advanced Networking Service\hnm_svc.exe
c:\windows\SysWOW64\PGPserv.exe
c:\program files (x86)\AVG\AVG8\avgcsrvx.exe
c:\program files (x86)\Dell Remote Access\ezi_ra.exe
c:\program files (x86)\PGP Corporation\PGP Desktop\PGPtray.exe
c:\program files (x86)\AVG\AVG8\avgtray.exe
c:\program files (x86)\Brother\ControlCenter3\brccMCtl.exe
c:\program files (x86)\Brother\Brmfcmon\BrMfimon.exe
c:\program files (x86)\Brother\Brmfcmon\BrMfcmon.exe
.
**************************************************************************
.
Completion time: 2011-09-28 09:12:27 - machine was rebooted
ComboFix-quarantined-files.txt 2011-09-28 14:12
.
Pre-Run: 122,820,714,496 bytes free
Post-Run: 122,330,521,600 bytes free
.
- - End Of File - - 8D91554591B64A8F224B92F14D232B12

ellybug
2011-09-29, 03:59
Here is the DDS log.

.
DDS (Ver_2011-08-26.01) - NTFSAMD64
Internet Explorer: 7.0.6002.18005 BrowserJavaVersion: 1.6.0_18
Run by elly at 18:42:05 on 2011-09-28
Microsoft® Windows Vista™ Home Premium 6.0.6002.2.1252.1.1033.18.4054.1982 [GMT -5:00]
.
AV: AVG Anti-Virus Free *Disabled/Updated* {0C939084-9E57-CBDB-EA61-0B0C7F62AF82}
SP: AVG Anti-Virus Free *Disabled/Updated* {B7F27160-B86D-C455-D0D1-307E04E5E53F}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
============== Running Processes ===============
.
C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k rpcss
C:\Windows\System32\svchost.exe -k secsvcs
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\System32\DriverStore\FileRepository\stwrt64.inf_cce24a4c\STacSV64.exe
C:\Windows\system32\SLsvc.exe
C:\Windows\system32\svchost.exe -k LocalService
C:\Program Files\Dell\DellDock\DockLogin.exe
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Windows\System32\DriverStore\FileRepository\stwrt64.inf_cce24a4c\AESTSr64.exe
C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\PROGRA~2\AVG\AVG8\avgwdsvc.exe
C:\Program Files (x86)\Microsoft\BingBar\SeaPort.EXE
C:\Program Files (x86)\Bonjour\mDNSResponder.exe
C:\Windows\system32\dlbccoms.exe
c:\ProgramData\SingleClick Systems\Advanced Networking Service\hnm_svc.exe
C:\PROGRA~2\AVG\AVG8\avgrsa.exe
C:\PROGRA~2\AVG\AVG8\avgnsa.exe
C:\Windows\SysWOW64\PGPserv.exe
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Windows\system32\svchost.exe -k imgsvc
C:\Program Files (x86)\Tether\TBService.exe
C:\Windows\System32\svchost.exe -k WerSvcGroup
C:\Windows\system32\SearchIndexer.exe
C:\PROGRA~2\AVG\AVG8\avgemc.exe
C:\Program Files (x86)\Spybot - Search & Destroy\SDWinSec.exe
C:\Program Files (x86)\AVG\AVG8\avgcsrvx.exe
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Windows\system32\svchost.exe -k WindowsMobile
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Windows\system32\taskeng.exe
C:\Program Files\Windows Defender\MSASCui.exe
C:\Program Files\DellTPad\Apoint.exe
C:\Program Files (x86)\Dell DataSafe Online\DataSafeOnline.exe
C:\Windows\WindowsMobile\wmdc.exe
C:\Program Files\Zune\ZuneLauncher.exe
C:\Program Files\IDT\WDM\sttray64.exe
C:\Windows\System32\igfxtray.exe
C:\Windows\System32\hkcmd.exe
C:\Windows\System32\igfxpers.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Program Files\DellTPad\ApMsgFwd.exe
C:\Windows\ehome\ehtray.exe
C:\Program Files (x86)\Dell Remote Access\ezi_ra.exe
C:\Windows\system32\igfxsrvc.exe
C:\Program Files (x86)\PGP Corporation\PGP Desktop\PGPtray.exe
C:\Program Files\Dell\QuickSet\quickset.exe
C:\Program Files (x86)\Microsoft Office\Office12\ONENOTEM.EXE
C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
C:\Program Files (x86)\Dell Webcam\Dell Webcam Central\WebcamDell.exe
C:\Program Files (x86)\AVG\AVG8\avgtray.exe
C:\Program Files (x86)\iTunes\iTunesHelper.exe
C:\Program Files (x86)\Brother\Brmfcmon\BrMfcWnd.exe
C:\Program Files (x86)\Epson Software\FAX Utility\FUFAXSTM.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Program Files (x86)\Brother\ControlCenter3\brccMCtl.exe
C:\Program Files (x86)\Brother\Brmfcmon\BrMfimon.exe
C:\Program Files (x86)\Brother\Brmfcmon\BrMfcmon.exe
C:\Windows\system32\wuauclt.exe
C:\Program Files (x86)\iPod\bin\iPodService.exe
C:\Windows\ehome\ehmsas.exe
C:\Program Files\DellTPad\HidFind.exe
C:\Program Files\DellTPad\Apntex.exe
C:\Windows\system32\wermgr.exe
C:\Windows\system32\notepad.exe
C:\Windows\system32\WUDFHost.exe
C:\Program Files (x86)\Virgin Mobile\Virgin Mobile.exe
C:\Program Files (x86)\Mozilla Firefox\firefox.exe
C:\Windows\system32\DllHost.exe
C:\Windows\system32\DllHost.exe
C:\Windows\SysWOW64\cmd.exe
C:\Windows\SysWOW64\cscript.exe
C:\Windows\system32\wbem\wmiprvse.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://www.google.com.au/
uDefault_Search_URL = hxxp://www.google.com/ie
uSearchAssistant = hxxp://www.google.com/ie
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
uURLSearchHooks: AVG Security Toolbar BHO: {a3bc75a2-1f87-4686-aa43-5347d756017c} - C:\Program Files (x86)\AVG\AVG8\Toolbar\IEToolbar.dll
mURLSearchHooks: AVG Security Toolbar BHO: {a3bc75a2-1f87-4686-aa43-5347d756017c} - C:\Program Files (x86)\AVG\AVG8\Toolbar\IEToolbar.dll
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
BHO: Spybot-S&D IE Protection: {53707962-6f74-2d53-2644-206d7942484f} - C:\PROGRA~2\SPYBOT~1\SDHelper.dll
BHO: {5C255C8A-E604-49b4-9D64-90988571CECB} - No File
BHO: Windows Live Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
BHO: AVG Security Toolbar BHO: {a3bc75a2-1f87-4686-aa43-5347d756017c} - C:\Program Files (x86)\AVG\AVG8\Toolbar\IEToolbar.dll
BHO: Skype Browser Helper: {ae805869-2e5c-4ed4-8f7b-f1f7851a4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
BHO: Bing Bar Helper: {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - "C:\Program Files (x86)\Microsoft\BingBar\BingExt.dll"
BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
TB: AVG Security Toolbar: {ccc7a320-b3ca-4199-b1a6-9f516dd69829} - C:\Program Files (x86)\AVG\AVG8\Toolbar\IEToolbar.dll
TB: Bing Bar: {8dcb7100-df86-4384-8842-8fa844297b3f} - "C:\Program Files (x86)\Microsoft\BingBar\BingExt.dll"
TB: {21FA44EF-376D-4D53-9B0F-8A89D3229068} - No File
uRun: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
uRun: [ehTray.exe] C:\Windows\ehome\ehTray.exe
mRun: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
mRun: [Dell Webcam Central] "C:\Program Files (x86)\Dell Webcam\Dell Webcam Central\WebcamDell.exe" /mode2
mRun: [AVG8_TRAY] C:\PROGRA~2\AVG\AVG8\avgtray.exe
mRun: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe"
mRun: [BrMfcWnd] "C:\Program Files (x86)\Brother\Brmfcmon\BrMfcWnd.exe" /AUTORUN
mRun: [ControlCenter3] "C:\Program Files (x86)\Brother\ControlCenter3\brctrcen.exe" /autorun
mRun: [Adobe Reader Speed Launcher] "C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe"
mRun: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
mRun: [FUFAXSTM] "C:\Program Files (x86)\Epson Software\FAX Utility\FUFAXSTM.exe"
StartupFolder: C:\Users\elly\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\ERUNTA~1.LNK - C:\Program Files (x86)\ERUNT\AUTOBACK.EXE
StartupFolder: C:\Users\elly\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\ONENOT~1.LNK - C:\Program Files (x86)\Microsoft Office\Office12\ONENOTEM.EXE
StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\DELLRE~1.LNK - c:\Windows\Installer\{F66A31D9-7831-4FBA-BA02-C411C0047CC5}\NewShortcut10_F66A31D978314FBABA02C411C0047CC5.exe
StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\PGPTRA~1.LNK - C:\Windows\Installer\{217C5C5A-37CA-4CB5-BE1D-9694832F9DAA}\Icon6560581611.exe
StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\QuickSet.lnk - C:\Program Files (x86)\Dell\QuickSet\quickset.exe
mPolicies-explorer: BindDirectlyToPropertySetStorage = 0 (0x0)
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
IE: Add to Google Photos Screensa&ver - C:\Windows\system32\GPhotos.scr/200
IE: E&xport to Microsoft Excel - C:\PROGRA~2\MICROS~2\Office12\EXCEL.EXE/3000
IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\PROGRA~2\MICROS~2\Office12\ONBttnIE.dll
IE: {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - {2EAF5BB0-070F-11D3-9307-00C04FAE2D4F} - C:\Windows\WindowsMobile\INetRepl.dll
IE: {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - {2EAF5BB0-070F-11D3-9307-00C04FAE2D4F} - C:\Windows\WindowsMobile\INetRepl.dll
IE: {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - C:\PROGRA~2\MICROS~2\Office12\REFIEBAR.DLL
IE: {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~2\SPYBOT~1\SDHelper.dll
LSP: C:\Windows\system32\PGPlsp.dll
Trusted Zone: holmstrom-kennedy.com\mail
Trusted Zone: holmstromlaw.com\mail
DPF: {0CCA191D-13A6-4E29-B746-314DEE697D83} - hxxp://upload.facebook.com/controls/2008.10.10_v5.5.8/FacebookPhotoUploader5.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_18-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0018-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_18-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_18-windows-i586.cab
DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
TCP: DhcpNameServer = 123.200.191.17 123.200.191.18
TCP: Interfaces\{109C7D44-82B0-442E-8D4D-07E4630241BE} : DhcpNameServer = 68.87.72.134 68.87.77.134
TCP: Interfaces\{8DE78221-CCE5-4DBA-8975-D9A6CEE7674A} : NameServer = 208.67.222.222,208.67.220.220
TCP: Interfaces\{C022DFBB-F863-4329-82BE-0A9A91BB1504} : DhcpNameServer = 123.200.191.17 123.200.191.18
TCP: Interfaces\{C17D05BC-7BC3-41E2-992E-DF06E0B95A79} : DhcpNameServer = 123.200.191.17 123.200.191.18
TCP: Interfaces\{EB7C840C-1072-464B-8CD7-4A43027A9D3E} : DhcpNameServer = 10.10.0.1
Handler: avgsecuritytoolbar - {F2DDE6B2-9684-4A55-86D4-E255E237B77C} - C:\Program Files (x86)\AVG\AVG8\Toolbar\IEToolbar.dll
Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
BHO-X64: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
BHO-X64: AcroIEHelperStub - No File
BHO-X64: Spybot-S&D IE Protection: {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~2\SPYBOT~1\SDHelper.dll
BHO-X64: {5C255C8A-E604-49b4-9D64-90988571CECB} - No File
BHO-X64: Windows Live Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
BHO-X64: AVG Security Toolbar BHO: {A3BC75A2-1F87-4686-AA43-5347D756017C} - C:\Program Files (x86)\AVG\AVG8\Toolbar\IEToolbar.dll
BHO-X64: Skype Browser Helper: {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
BHO-X64: SkypeIEPluginBHO - No File
BHO-X64: Bing Bar Helper: {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - "C:\Program Files (x86)\Microsoft\BingBar\BingExt.dll"
BHO-X64: Java(tm) Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
TB-X64: AVG Security Toolbar: {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - C:\Program Files (x86)\AVG\AVG8\Toolbar\IEToolbar.dll
TB-X64: Bing Bar: {8dcb7100-df86-4384-8842-8fa844297b3f} - "C:\Program Files (x86)\Microsoft\BingBar\BingExt.dll"
TB-X64: {21FA44EF-376D-4D53-9B0F-8A89D3229068} - No File
mRun-x64: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
mRun-x64: [Dell Webcam Central] "C:\Program Files (x86)\Dell Webcam\Dell Webcam Central\WebcamDell.exe" /mode2
mRun-x64: [AVG8_TRAY] C:\PROGRA~2\AVG\AVG8\avgtray.exe
mRun-x64: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe"
mRun-x64: [BrMfcWnd] "C:\Program Files (x86)\Brother\Brmfcmon\BrMfcWnd.exe" /AUTORUN
mRun-x64: [ControlCenter3] "C:\Program Files (x86)\Brother\ControlCenter3\brctrcen.exe" /autorun
mRun-x64: [Adobe Reader Speed Launcher] "C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe"
mRun-x64: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
mRun-x64: [FUFAXSTM] "C:\Program Files (x86)\Epson Software\FAX Utility\FUFAXSTM.exe"
.
================= FIREFOX ===================
.
FF - ProfilePath - C:\Users\elly\AppData\Roaming\Mozilla\Firefox\Profiles\78enpq9v.default\
FF - prefs.js: browser.startup.homepage - hxxps://encrypted.google.com
FF - prefs.js: keyword.URL - hxxp://search.avg.com/route/?d=4cc82f7b&v=6.103.018.001&i=29&tp=ab&iy=&ychte=us&lng=en-US&q=
FF - plugin: C:\Program Files (x86)\Adobe\Reader 9.0\Reader\AIR\nppdf32.dll
FF - plugin: C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll
FF - plugin: C:\Program Files (x86)\Google\Picasa3\npPicasa3.dll
FF - plugin: C:\Program Files (x86)\Google\Update\1.3.21.69\npGoogleUpdate3.dll
FF - plugin: c:\Program Files (x86)\Microsoft Silverlight\4.0.60531.0\npctrlui.dll
FF - plugin: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll
FF - plugin: C:\Users\elly\AppData\Roaming\Move Networks\plugins\npqmp071505000011.dll
FF - plugin: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32.dll
.
---- FIREFOX POLICIES ----
FF - user.js: network.cookie.cookieBehavior - 0
FF - user.js: privacy.clearOnShutdown.cookies - false
FF - user.js: security.warn_viewing_mixed - false
FF - user.js: security.warn_viewing_mixed.show_once - false
FF - user.js: security.warn_submit_insecure - false
FF - user.js: security.warn_submit_insecure.show_once - false
.
============= SERVICES / DRIVERS ===============
.
R0 pgpfs;PGP File Sharing;C:\Windows\system32\Drivers\PGPfsfd.sys --> C:\Windows\system32\Drivers\PGPfsfd.sys [?]
R0 Pgpwdefs;Pgpwdefs;C:\Windows\system32\DRIVERS\Pgpwdefs.sys --> C:\Windows\system32\DRIVERS\Pgpwdefs.sys [?]
R0 PxHlpa64;PxHlpa64;C:\Windows\system32\Drivers\PxHlpa64.sys --> C:\Windows\system32\Drivers\PxHlpa64.sys [?]
R1 AvgLdx64;AVG Free AVI Loader Driver x64;C:\Windows\system32\Drivers\avgldx64.sys --> C:\Windows\system32\Drivers\avgldx64.sys [?]
R1 AvgMfx64;AVG Free On-access Scanner Minifilter Driver x64;C:\Windows\system32\Drivers\avgmfx64.sys --> C:\Windows\system32\Drivers\avgmfx64.sys [?]
R1 AvgTdiA;AVG Free8 Network Redirector x64;C:\Windows\system32\Drivers\avgtdia.sys --> C:\Windows\system32\Drivers\avgtdia.sys [?]
R2 AESTFilters;Andrea ST Filters Service;C:\Windows\System32\DriverStore\FileRepository\stwrt64.inf_cce24a4c\AESTSr64.exe --> C:\Windows\System32\DriverStore\FileRepository\stwrt64.inf_cce24a4c\AESTSr64.exe [?]
R2 avg8emc;AVG Free8 E-mail Scanner;C:\PROGRA~2\AVG\AVG8\avgemc.exe [2009-8-23 908056]
R2 avg8wd;AVG Free8 WatchDog;C:\PROGRA~2\AVG\AVG8\avgwdsvc.exe [2009-8-23 297752]
R2 BBUpdate;BBUpdate;C:\Program Files (x86)\Microsoft\BingBar\SeaPort.EXE [2011-6-15 249648]
R2 dlbc_device;dlbc_device;C:\Windows\system32\dlbccoms.exe -service --> C:\Windows\system32\dlbccoms.exe -service [?]
R2 DockLoginService;Dock Login Service;C:\Program Files\Dell\DellDock\DockLogin.exe [2008-9-23 155648]
R2 FontCache;Windows Font Cache Service;C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation [2008-1-20 21504]
R2 SBSDWSCService;SBSD Security Center Service;C:\Program Files (x86)\Spybot - Search & Destroy\SDWinSec.exe [2009-9-19 1153368]
R2 Tether;Tether;C:\Program Files (x86)\Tether\TBService.exe [2010-5-21 49080]
R3 ewusbnet;HUAWEI USB-NDIS miniport;C:\Windows\system32\DRIVERS\ewusbnet.sys --> C:\Windows\system32\DRIVERS\ewusbnet.sys [?]
R3 IntcHdmiAddService;Intel(R) High Definition Audio HDMI;C:\Windows\system32\drivers\IntcHdmi.sys --> C:\Windows\system32\drivers\IntcHdmi.sys [?]
R3 itecir;ITECIR Infrared Receiver;C:\Windows\system32\DRIVERS\itecir.sys --> C:\Windows\system32\DRIVERS\itecir.sys [?]
R3 k57nd60a;Broadcom NetLink (TM) Gigabit Ethernet - NDIS 6.0;C:\Windows\system32\DRIVERS\k57nd60a.sys --> C:\Windows\system32\DRIVERS\k57nd60a.sys [?]
R3 NETw5v64;Intel(R) Wireless WiFi Link Adapter Driver for Windows Vista 64 Bit ;C:\Windows\system32\DRIVERS\NETw5v64.sys --> C:\Windows\system32\DRIVERS\NETw5v64.sys [?]
R3 OA001Ufd;Creative Camera OA001 Upper Filter Driver;C:\Windows\system32\DRIVERS\OA001Ufd.sys --> C:\Windows\system32\DRIVERS\OA001Ufd.sys [?]
R3 OA001Vid;Creative Camera OA001 Function Driver;C:\Windows\system32\DRIVERS\OA001Vid.sys --> C:\Windows\system32\DRIVERS\OA001Vid.sys [?]
R3 swivsp;AC8xx Virtual Serial Port;C:\Windows\system32\DRIVERS\swivspnt.sys --> C:\Windows\system32\DRIVERS\swivspnt.sys [?]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576]
S2 gupdate;Google Update Service (gupdate);C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2009-12-2 135664]
S3 AVG Security Toolbar Service;AVG Security Toolbar Service;C:\Program Files (x86)\AVG\AVG8\Toolbar\ToolbarBroker.exe [2010-10-27 947528]
S3 BBSvc;Bing Bar Update Service;C:\Program Files (x86)\Microsoft\BingBar\BBSvc.EXE [2011-7-7 195336]
S3 gupdatem;Google Update Service (gupdatem);C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2009-12-2 135664]
S3 HtcUsbMdmV64;HTC Proprietary USB Driver (PID 0B03);C:\Windows\system32\DRIVERS\HtcUsbMdmV64.sys --> C:\Windows\system32\DRIVERS\HtcUsbMdmV64.sys [?]
S3 HtcVCom32;HTC Diagnostic Port (PID 0B03);C:\Windows\system32\DRIVERS\HtcVComV64.sys --> C:\Windows\system32\DRIVERS\HtcVComV64.sys [?]
S3 PerfHost;Performance Counter DLL Host;C:\Windows\SysWOW64\perfhost.exe [2008-1-20 19968]
S3 qrkis;Tether Miniport;C:\Windows\system32\DRIVERS\qrkis.sys --> C:\Windows\system32\DRIVERS\qrkis.sys [?]
S3 USBAAPL64;Apple Mobile USB Driver;C:\Windows\system32\Drivers\usbaapl64.sys --> C:\Windows\system32\Drivers\usbaapl64.sys [?]
S3 WMZuneComm;Zune Windows Mobile Connectivity Service;C:\Program Files\Zune\WMZuneComm.exe [2010-11-11 306416]
S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\WPF\WPFFontCache_v0400.exe [2010-3-18 1020768]
S4 clr_optimization_v2.0.50727_64;Microsoft .NET Framework NGEN v2.0.50727_X64;C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe [2009-12-3 89920]
.
=============== Created Last 30 ================
.
2011-09-28 13:29:28 98816 ----a-w- C:\Windows\sed.exe
2011-09-28 13:29:28 518144 ----a-w- C:\Windows\SWREG.exe
2011-09-28 13:29:28 256000 ----a-w- C:\Windows\PEV.exe
2011-09-28 13:29:28 208896 ----a-w- C:\Windows\MBR.exe
2011-09-21 22:54:42 388096 ----a-r- C:\Users\elly\AppData\Roaming\Microsoft\Installer\{45A66726-69BC-466B-A7A4-12FCBA4883D7}\HiJackThis.exe
2011-09-21 22:54:39 -------- d-----w- C:\Program Files (x86)\Trend Micro
2011-09-14 22:49:51 2409784 ----a-w- C:\Program Files\Windows Mail\OESpamFilter.dat
2011-09-14 22:49:51 2409784 ----a-w- C:\Program Files (x86)\Windows Mail\OESpamFilter.dat
2011-09-14 22:39:59 270720 ------w- C:\Windows\System32\MpSigStub.exe
2011-08-31 22:38:53 20480 ----a-w- C:\Windows\svchost.exe
2011-08-31 22:34:02 0 ----a-w- C:\Users\elly\AppData\Local\Avuhuxo.bin
.
==================== Find3M ====================
.
2011-08-31 22:00:50 25416 ----a-w- C:\Windows\System32\drivers\mbam.sys
2011-08-02 04:53:43 404640 ----a-w- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
2011-07-22 14:10:31 1383424 ----a-w- C:\Windows\System32\mshtml.tlb
2011-07-22 13:54:40 1383424 ----a-w- C:\Windows\SysWow64\mshtml.tlb
2011-07-11 13:45:57 2048 ----a-w- C:\Windows\System32\tzres.dll
2011-07-11 13:25:35 2048 ----a-w- C:\Windows\SysWow64\tzres.dll
2011-07-06 15:49:23 275456 ----a-w- C:\Windows\System32\drivers\mrxsmb10.sys
.
============= FINISH: 18:45:19.26 ===============

ellybug
2011-09-29, 04:24
Sorry, one more thing. When ComboFix finished I also got a message that said: winrscmde stopped working and was closed A problem caused the application to stop working correctly. Windows will notify you if a solution is available.

Blade81
2011-09-29, 07:37
Hi again,


Open notepad and copy/paste the text in the quotebox below into it:



File::
C:\Users\elly\AppData\Local\Avuhuxo.bin



Save this as
CFScript

A word of warning: Neither I nor sUBs are responsible for any damage you may have caused your machine. This tool is not a toy and not for everyday use.

http://img.photobucket.com/albums/v666/sUBs/CFScriptB-4.gif

Close all browser windows and refering to the picture above, drag CFScript into ComboFix.exe (let the tool to update itself if prompted).
Then post the resultant log.


Uninstall old Adobe Reader versions and get the latest one (Adobe Reader 10.1 and separate 10.1.1 update for it) here (http://www.adobe.com/support/downloads/product.jsp?product=10&platform=Windows) or get Foxit Reader here (http://www.foxitsoftware.com/pdf/reader_2/down_reader.htm). Make sure you don't (unless you want to) install toolbar if choose Foxit Reader! You may also check free readers introduced here (http://pdfreaders.org/).



Your Java is out of date. Older versions have vulnerabilities that malware can use to infect your system. Please follow these steps to remove older version Java components and update to the latest version...

Updating Java:

Download the latest version of Java Runtime Environment (JRE) 7 (http://www.oracle.com/technetwork/java/javase/downloads/index.html).
Click the
Download
button to the right.
Select Windows on platform combobox and check the box that says:
Accept License Agreement. Click continue.

The page will refresh.
Click on the link to download Windows Offline Installation with or without Multi-language and save to your desktop.
Close any programs you may have running - especially your web browser.
Go to Start > Control Panel double-click on Add/Remove programs and remove all older versions of Java.
Check any item with Java Runtime Environment (JRE or J2SE) in the name.
Click the Remove or Change/Remove button.
Repeat as many times as necessary to remove each Java versions.
Reboot your computer once all Java components are removed.
Then from your desktop double-click on jre-7-windows-i586.exe to install the newest version. Uncheck Carbonite online backup trial if it's offered there.


* Go here (http://www.eset.eu/online-scanner) to run an online scanner from ESET.
Note: You will need to use Internet explorer for this scan
Tick the box next to YES, I accept the Terms of Use.
Click Start
When asked, allow the activex control to install
Click Start
Make sure that the option Remove found threats is UNchecked and the option Scan unwanted applications is checkmarked.
Click Scan
Wait for the scan to finish.


Post back its report, a fresh dds.txt log and above mentioned ComboFix resultant log.

ellybug
2011-09-29, 12:05
Here's new Combofix.

ComboFix 11-09-28.01 - elly 09/29/2011 1:47.2.2 - x64
Microsoft® Windows Vista™ Home Premium 6.0.6002.2.1252.1.1033.18.4054.1888 [GMT -5:00]
Running from: c:\users\elly\Desktop\ComboFix.exe
Command switches used :: c:\users\elly\Documents\CFScript.txt
AV: AVG Anti-Virus Free *Disabled/Updated* {0C939084-9E57-CBDB-EA61-0B0C7F62AF82}
SP: AVG Anti-Virus Free *Disabled/Updated* {B7F27160-B86D-C455-D0D1-307E04E5E53F}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
FILE ::
"c:\users\elly\AppData\Local\Avuhuxo.bin"
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\users\elly\AppData\Local\Avuhuxo.bin
c:\windows\svchost.exe
.
.
((((((((((((((((((((((((( Files Created from 2011-08-28 to 2011-09-29 )))))))))))))))))))))))))))))))
.
.
2011-09-29 07:18 . 2011-09-29 07:18 -------- d-----w- c:\users\Default\AppData\Local\temp
2011-09-28 13:41 . 2011-09-28 13:41 69000 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{65CCFD38-D0ED-48E3-A1A6-AA8ACB54AA1B}\offreg.dll
2011-09-27 11:59 . 2011-09-13 00:26 9049936 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{65CCFD38-D0ED-48E3-A1A6-AA8ACB54AA1B}\mpengine.dll
2011-09-21 23:29 . 2011-09-21 23:29 -------- d-----w- c:\program files (x86)\ERUNT
2011-09-21 22:54 . 2011-09-21 22:54 388096 ----a-r- c:\users\elly\AppData\Roaming\Microsoft\Installer\{45A66726-69BC-466B-A7A4-12FCBA4883D7}\HiJackThis.exe
2011-09-21 22:54 . 2011-09-21 22:54 -------- d-----w- c:\program files (x86)\Trend Micro
2011-09-14 22:49 . 2011-08-10 12:14 2409784 ----a-w- c:\program files (x86)\Windows Mail\OESpamFilter.dat
2011-09-14 22:49 . 2011-08-10 12:14 2409784 ----a-w- c:\program files\Windows Mail\OESpamFilter.dat
2011-09-14 22:39 . 2011-05-25 00:14 270720 ------w- c:\windows\system32\MpSigStub.exe
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-08-31 22:00 . 2010-02-03 01:48 25416 ----a-w- c:\windows\system32\drivers\mbam.sys
2011-08-02 04:53 . 2011-06-05 12:41 404640 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2011-07-22 14:10 . 2011-08-10 07:34 1383424 ----a-w- c:\windows\system32\mshtml.tlb
2011-07-22 13:54 . 2011-08-10 07:34 1383424 ----a-w- c:\windows\SysWow64\mshtml.tlb
2011-07-11 13:45 . 2011-08-24 08:22 2048 ----a-w- c:\windows\system32\tzres.dll
2011-07-11 13:25 . 2011-08-24 08:22 2048 ----a-w- c:\windows\SysWow64\tzres.dll
2011-07-06 15:49 . 2011-08-10 07:38 275456 ----a-w- c:\windows\system32\drivers\mrxsmb10.sys
.
.
((((((((((((((((((((((((((((( SnapShot@2011-09-28_14.08.43 )))))))))))))))))))))))))))))))))))))))))
.
+ 2006-11-02 15:45 . 2011-09-28 14:09 93390 c:\windows\system32\WDI\BootPerformanceDiagnostics_SystemData.bin
+ 2009-03-28 23:07 . 2011-09-28 14:09 11780 c:\windows\system32\WDI\{86432a0b-3c7d-4ddf-a89c-172faa90485d}\S-1-5-21-1107046312-3280637225-4134455593-1000_UserData.bin
- 2009-03-28 23:04 . 2011-09-28 13:24 16384 c:\windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
+ 2009-03-28 23:04 . 2011-09-28 23:51 16384 c:\windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
+ 2009-03-28 23:04 . 2011-09-28 23:51 32768 c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
- 2009-03-28 23:04 . 2011-09-28 13:24 32768 c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
+ 2009-03-28 23:04 . 2011-09-28 23:51 16384 c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
- 2009-03-28 23:04 . 2011-09-28 13:24 16384 c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
+ 2009-11-27 21:15 . 2011-09-28 13:41 16384 c:\windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
- 2009-11-27 21:15 . 2011-09-28 12:19 16384 c:\windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
+ 2009-11-27 21:15 . 2011-09-28 13:41 16384 c:\windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
- 2009-11-27 21:15 . 2011-09-28 12:19 16384 c:\windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
"{A3BC75A2-1F87-4686-AA43-5347D756017C}"= "c:\program files (x86)\AVG\AVG8\Toolbar\IEToolbar.dll" [2011-03-18 2471240]
.
[HKEY_CLASSES_ROOT\clsid\{a3bc75a2-1f87-4686-aa43-5347d756017c}]
.
[HKEY_LOCAL_MACHINE\Wow6432Node\~\Browser Helper Objects\{A3BC75A2-1F87-4686-AA43-5347D756017C}]
2011-03-18 13:11 2471240 ----a-w- c:\program files (x86)\AVG\AVG8\Toolbar\IEToolbar.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar]
"{CCC7A320-B3CA-4199-B1A6-9F516DD69829}"= "c:\program files (x86)\AVG\AVG8\Toolbar\IEToolbar.dll" [2011-03-18 2471240]
.
[HKEY_CLASSES_ROOT\clsid\{ccc7a320-b3ca-4199-b1a6-9f516dd69829}]
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\IconOverlayHandlerAccessible]
@="{3DBF5F01-3287-46EB-82CF-45AA5C241162}"
[HKEY_CLASSES_ROOT\CLSID\{3DBF5F01-3287-46EB-82CF-45AA5C241162}]
2010-04-01 19:56 613496 ----a-w- c:\windows\SysWOW64\PGPfsshl.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2009-04-11 1555968]
"ehTray.exe"="c:\windows\ehome\ehTray.exe" [2008-01-21 138240]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2010-01-11 246504]
"Dell Webcam Central"="c:\program files (x86)\Dell Webcam\Dell Webcam Central\WebcamDell.exe" [2008-06-03 446635]
"AVG8_TRAY"="c:\progra~2\AVG\AVG8\avgtray.exe" [2010-07-08 2048352]
"iTunesHelper"="c:\program files (x86)\iTunes\iTunesHelper.exe" [2009-09-09 305440]
"BrMfcWnd"="c:\program files (x86)\Brother\Brmfcmon\BrMfcWnd.exe" [2009-01-19 1150976]
"ControlCenter3"="c:\program files (x86)\Brother\ControlCenter3\brctrcen.exe" [2009-01-09 114688]
"Adobe Reader Speed Launcher"="c:\program files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2011-06-08 37296]
"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2011-03-30 937920]
"FUFAXSTM"="c:\program files (x86)\Epson Software\FAX Utility\FUFAXSTM.exe" [2009-12-03 847872]
.
c:\users\elly\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
ERUNT AutoBackup.lnk - c:\program files (x86)\ERUNT\AUTOBACK.EXE [2005-10-20 38912]
OneNote 2007 Screen Clipper and Launcher.lnk - c:\program files (x86)\Microsoft Office\Office12\ONENOTEM.EXE [2009-2-26 97680]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
Dell Remote Access.lnk - c:\windows\Installer\{F66A31D9-7831-4FBA-BA02-C411C0047CC5}\NewShortcut10_F66A31D978314FBABA02C411C0047CC5.exe [2009-3-16 53248]
PGPtray.exe.lnk - c:\windows\Installer\{217C5C5A-37CA-4CB5-BE1D-9694832F9DAA}\Icon6560581611.exe [2010-10-13 55296]
QuickSet.lnk - c:\program files\Dell\QuickSet\quickset.exe [2008-7-25 1994832]
.
c:\users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
Dell Dock First Run.lnk - c:\program files\Dell\DellDock\DellDock.exe [2008-9-23 1295656]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WudfSvc]
@="Service"
.
R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
R2 gupdate;Google Update Service (gupdate);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2009-12-03 135664]
R3 AVG Security Toolbar Service;AVG Security Toolbar Service;c:\program files (x86)\AVG\AVG8\Toolbar\ToolbarBroker.exe [2011-03-18 947528]
R3 BBSvc;Bing Bar Update Service;c:\program files (x86)\Microsoft\BingBar\BBSvc.EXE [2011-07-08 195336]
R3 gupdatem;Google Update Service (gupdatem);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2009-12-03 135664]
R3 HtcUsbMdmV64;HTC Proprietary USB Driver (PID 0B03);c:\windows\system32\DRIVERS\HtcUsbMdmV64.sys [x]
R3 HtcVCom32;HTC Diagnostic Port (PID 0B03);c:\windows\system32\DRIVERS\HtcVComV64.sys [x]
R3 qrkis;Tether Miniport;c:\windows\system32\DRIVERS\qrkis.sys [x]
R3 USBAAPL64;Apple Mobile USB Driver;c:\windows\system32\Drivers\usbaapl64.sys [x]
R3 WMZuneComm;Zune Windows Mobile Connectivity Service;c:\program files\Zune\WMZuneComm.exe [2010-11-11 306416]
R3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\Microsoft.NET\Framework64\v4.0.30319\WPF\WPFFontCache_v0400.exe [2010-03-18 1020768]
S0 pgpfs;PGP File Sharing;c:\windows\System32\Drivers\PGPfsfd.sys [x]
S0 Pgpwdefs;Pgpwdefs;c:\windows\system32\DRIVERS\Pgpwdefs.sys [x]
S0 PxHlpa64;PxHlpa64;c:\windows\System32\Drivers\PxHlpa64.sys [x]
S1 AvgLdx64;AVG Free AVI Loader Driver x64;c:\windows\System32\Drivers\avgldx64.sys [x]
S1 AvgMfx64;AVG Free On-access Scanner Minifilter Driver x64;c:\windows\System32\Drivers\avgmfx64.sys [x]
S1 AvgTdiA;AVG Free8 Network Redirector x64;c:\windows\System32\Drivers\avgtdia.sys [x]
S2 AESTFilters;Andrea ST Filters Service;c:\windows\System32\DriverStore\FileRepository\stwrt64.inf_cce24a4c\AESTSr64.exe [x]
S2 avg8emc;AVG Free8 E-mail Scanner;c:\progra~2\AVG\AVG8\avgemc.exe [2009-08-23 908056]
S2 avg8wd;AVG Free8 WatchDog;c:\progra~2\AVG\AVG8\avgwdsvc.exe [2009-08-23 297752]
S2 BBUpdate;BBUpdate;c:\program files (x86)\Microsoft\BingBar\SeaPort.EXE [2011-06-15 249648]
S2 dlbc_device;dlbc_device;c:\windows\system32\dlbccoms.exe [x]
S2 DockLoginService;Dock Login Service;c:\program files\Dell\DellDock\DockLogin.exe [2008-09-24 155648]
S2 SBSDWSCService;SBSD Security Center Service;c:\program files (x86)\Spybot - Search & Destroy\SDWinSec.exe [2009-01-26 1153368]
S2 Tether;Tether;c:\program files (x86)\Tether\TBService.exe [2010-05-14 49080]
S3 ewusbnet;HUAWEI USB-NDIS miniport;c:\windows\system32\DRIVERS\ewusbnet.sys [x]
S3 IntcHdmiAddService;Intel(R) High Definition Audio HDMI;c:\windows\system32\drivers\IntcHdmi.sys [x]
S3 itecir;ITECIR Infrared Receiver;c:\windows\system32\DRIVERS\itecir.sys [x]
S3 k57nd60a;Broadcom NetLink (TM) Gigabit Ethernet - NDIS 6.0;c:\windows\system32\DRIVERS\k57nd60a.sys [x]
S3 NETw5v64;Intel(R) Wireless WiFi Link Adapter Driver for Windows Vista 64 Bit ;c:\windows\system32\DRIVERS\NETw5v64.sys [x]
S3 OA001Ufd;Creative Camera OA001 Upper Filter Driver;c:\windows\system32\DRIVERS\OA001Ufd.sys [x]
S3 OA001Vid;Creative Camera OA001 Function Driver;c:\windows\system32\DRIVERS\OA001Vid.sys [x]
S3 swivsp;AC8xx Virtual Serial Port;c:\windows\system32\DRIVERS\swivspnt.sys [x]
.
.
Contents of the 'Scheduled Tasks' folder
.
2011-09-29 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2009-12-03 04:48]
.
2011-09-29 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2009-12-03 04:48]
.
2011-09-29 c:\windows\Tasks\User_Feed_Synchronization-{6C235F7F-244E-4CAD-9719-AA641874E61E}.job
- c:\windows\system32\msfeedssync.exe [2008-01-21 02:50]
.
.
--------- x86-64 -----------
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\IconOverlayHandlerAccessible]
@="{3DBF5F01-3287-46EB-82CF-45AA5C241162}"
[HKEY_CLASSES_ROOT\CLSID\{3DBF5F01-3287-46EB-82CF-45AA5C241162}]
2010-04-01 19:56 538744 ----a-w- c:\windows\System32\PGPfsshl.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Apoint"="c:\program files\DellTPad\Apoint.exe" [2008-08-19 272896]
"Dell DataSafe Online"="c:\program files (x86)\Dell DataSafe Online\DataSafeOnline.exe" [2008-11-03 1745648]
"Windows Mobile Device Center"="c:\windows\WindowsMobile\wmdc.exe" [2007-05-31 660360]
"Zune Launcher"="c:\program files\Zune\ZuneLauncher.exe" [2010-11-11 163568]
"SysTrayApp"="c:\program files (x86)\IDT\WDM\sttray64.exe" [BU]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2010-08-26 161304]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2010-08-26 386584]
"Persistence"="c:\windows\system32\igfxpers.exe" [2010-08-26 415256]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"AppInit_DLLs"=c:\windows\System32\avgrssta.dll
.
------- Supplementary Scan -------
.
uLocal Page = c:\windows\system32\blank.htm
uStart Page = hxxp://www.google.com.au/
uDefault_Search_URL = hxxp://www.google.com/ie
mLocal Page = %SystemRoot%\system32\blank.htm
uSearchAssistant = hxxp://www.google.com/ie
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200
IE: E&xport to Microsoft Excel - c:\progra~2\MICROS~2\Office12\EXCEL.EXE/3000
LSP: c:\windows\system32\PGPlsp.dll
Trusted Zone: holmstrom-kennedy.com\mail
Trusted Zone: holmstromlaw.com\mail
TCP: DhcpNameServer = 123.200.191.17 123.200.191.18
TCP: Interfaces\{8DE78221-CCE5-4DBA-8975-D9A6CEE7674A}: NameServer = 208.67.222.222,208.67.220.220
Handler: avgsecuritytoolbar - {F2DDE6B2-9684-4A55-86D4-E255E237B77C} - c:\program files (x86)\AVG\AVG8\Toolbar\IEToolbar.dll
CLSID: {603d3801-bd81-11d0-a3a5-00c04fd706ec} - %SystemRoot%\SysWow64\browseui.dll
FF - ProfilePath - c:\users\elly\AppData\Roaming\Mozilla\Firefox\Profiles\78enpq9v.default\
FF - prefs.js: browser.startup.homepage - hxxps://encrypted.google.com
FF - prefs.js: keyword.URL - hxxp://search.avg.com/route/?d=4cc82f7b&v=6.103.018.001&i=29&tp=ab&iy=&ychte=us&lng=en-US&q=
FF - user.js: network.cookie.cookieBehavior - 0
FF - user.js: privacy.clearOnShutdown.cookies - false
FF - user.js: security.warn_viewing_mixed - false
FF - user.js: security.warn_viewing_mixed.show_once - false
FF - user.js: security.warn_submit_insecure - false
FF - user.js: security.warn_submit_insecure.show_once - false
.
- - - - ORPHANS REMOVED - - - -
.
WebBrowser-{CCC7A320-B3CA-4199-B1A6-9F516DD69829} - (no file)
.
.
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil10r_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil10r_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10r.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.10"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10r.ocx, 1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10r.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10r.ocx, 1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
@Denied: (A 2) (Everyone)
@="IFlashBroker4"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\TypeLib\{D27CDB6B-AE6D-11CF-96B8-444553540000}]
@Denied: (A 2) (Everyone)
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\TypeLib\{D27CDB6B-AE6D-11CF-96B8-444553540000}\1.0]
@="Shockwave Flash"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\TypeLib\{FAB3E735-69C7-453B-A446-B6823C6DF1C9}]
@Denied: (A 2) (Everyone)
@=""
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\TypeLib\{FAB3E735-69C7-453B-A446-B6823C6DF1C9}\1.0]
@="FlashBroker"
.
[HKEY_LOCAL_MACHINE\software\Microsoft\Windows CE Services]
"SymbolicLinkValue"=hex(6):5c,00,72,00,65,00,67,00,69,00,73,00,74,00,72,00,79,
00,5c,00,4d,00,41,00,43,00,48,00,49,00,4e,00,45,00,5c,00,53,00,4f,00,46,00,\
.
[HKEY_LOCAL_MACHINE\software\Wow6432Node\Classes]
"SymbolicLinkValue"=hex(6):5c,00,52,00,45,00,47,00,49,00,53,00,54,00,52,00,59,
00,5c,00,4d,00,41,00,43,00,48,00,49,00,4e,00,45,00,5c,00,53,00,4f,00,46,00,\
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0002\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0003\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0004\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0005\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0006\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
Completion time: 2011-09-29 02:21:52
ComboFix-quarantined-files.txt 2011-09-29 07:21
ComboFix2.txt 2011-09-28 14:12
.
Pre-Run: 121,826,082,816 bytes free
Post-Run: 121,789,308,928 bytes free
.
- - End Of File - - EA4E8FB469DFC7A97B5F6A3A39505FAD

ellybug
2011-09-30, 00:39
ESET is still scanning. It's been running for almost 13 hours, but appears not to even be halfway done. Is that normal? I have a pretty slow internet connection which may contribute to the problem.

Blade81
2011-09-30, 08:59
Hi,

It may take longer if hard drive hasn't been defragged lately and if antivirus protection isn't disabled during the scan.

ellybug
2011-10-01, 14:02
Ok. ESET has been running for 50 hours now. So far it's scanned over 5,000,000 files. Could this possibly be right? My husband took a look at it and noticed that there seems to be recursive language(?) It seems that inside every shadow copy folder is another shadow copy folder. I know shadow copy has something to do with the restore points for Windows Vista.

Any insight into this would be appreciated. If that's normal, great, I'll continue to let it run.

Also, in response to your last reply...my computer has not been defragmented in a very long time, possibly not ever since I bought it in 2009.

Thanks again!

ellybug
2011-10-01, 14:03
Also, I did not re-enable my AV software after I ran ComboFix, so it should all still be disabled.

Blade81
2011-10-01, 18:00
Hi,

It might be worth stopping ESET run, defrag and then restart ESET scan. For defragging I'd use 3rd party solution. Good commercial ones are PerfectDisk (http://www.perfectdisk.com/home) and Diskeeper (http://www.diskeeper.com/diskeeper/home/diskeeper.aspx). Of free options I recommend MyDefrag (http://www.mydefrag.com/) and Piriform Defraggler (http://www.piriform.com/defraggler).

ellybug
2011-10-02, 04:14
ESET results finished when I wok up this morning, so I didn't stop, defragment and restart. They are too long for this post, so I've attached a zip file. Here is the DDS log. I will defragment now.


.
DDS (Ver_2011-08-26.01) - NTFSAMD64
Internet Explorer: 7.0.6002.18005 BrowserJavaVersion: 10.0.0
Run by elly at 20:12:22 on 2011-10-01
Microsoft® Windows Vista™ Home Premium 6.0.6002.2.1252.1.1033.18.4054.1000 [GMT -5:00]
.
AV: AVG Anti-Virus Free *Disabled/Updated* {0C939084-9E57-CBDB-EA61-0B0C7F62AF82}
SP: AVG Anti-Virus Free *Disabled/Updated* {B7F27160-B86D-C455-D0D1-307E04E5E53F}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
============== Running Processes ===============
.
C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k rpcss
C:\Windows\System32\svchost.exe -k secsvcs
-netsvcs
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\System32\DriverStore\FileRepository\stwrt64.inf_cce24a4c\STacSV64.exe
C:\Windows\system32\SLsvc.exe
C:\Windows\system32\svchost.exe -k LocalService
C:\Program Files\Dell\DellDock\DockLogin.exe
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
C:\Windows\System32\DriverStore\FileRepository\stwrt64.inf_cce24a4c\AESTSr64.exe
C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\PROGRA~2\AVG\AVG8\avgwdsvc.exe
C:\Program Files (x86)\Microsoft\BingBar\SeaPort.EXE
C:\Program Files (x86)\Bonjour\mDNSResponder.exe
C:\Windows\system32\dlbccoms.exe
c:\ProgramData\SingleClick Systems\Advanced Networking Service\hnm_svc.exe
C:\PROGRA~2\AVG\AVG8\avgrsa.exe
C:\Windows\system32\Dwm.exe
C:\Windows\system32\taskeng.exe
C:\Windows\Explorer.EXE
C:\Windows\SysWOW64\PGPserv.exe
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Windows\system32\svchost.exe -k imgsvc
C:\Program Files (x86)\Tether\TBService.exe
C:\Windows\System32\svchost.exe -k WerSvcGroup
C:\Windows\system32\SearchIndexer.exe
C:\PROGRA~2\AVG\AVG8\avgemc.exe
C:\Program Files (x86)\Spybot - Search & Destroy\SDWinSec.exe
C:\Program Files (x86)\AVG\AVG8\avgcsrvx.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Program Files\DellTPad\Apoint.exe
C:\Program Files (x86)\Dell DataSafe Online\DataSafeOnline.exe
C:\Windows\WindowsMobile\wmdc.exe
C:\Program Files\Zune\ZuneLauncher.exe
C:\Program Files\IDT\WDM\sttray64.exe
C:\Windows\System32\igfxtray.exe
C:\Windows\System32\hkcmd.exe
C:\Windows\System32\igfxpers.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Windows\ehome\ehtray.exe
C:\Windows\system32\igfxsrvc.exe
C:\Program Files (x86)\Dell Remote Access\ezi_ra.exe
C:\Program Files (x86)\Dell Webcam\Dell Webcam Central\WebcamDell.exe
C:\Program Files (x86)\AVG\AVG8\avgtray.exe
C:\Program Files (x86)\iTunes\iTunesHelper.exe
C:\Program Files (x86)\Brother\Brmfcmon\BrMfcWnd.exe
C:\Program Files (x86)\PGP Corporation\PGP Desktop\PGPtray.exe
C:\Program Files\Dell\QuickSet\quickset.exe
C:\Program Files (x86)\Microsoft Office\Office12\ONENOTEM.EXE
C:\Program Files (x86)\Brother\ControlCenter3\brccMCtl.exe
C:\Program Files (x86)\Brother\Brmfcmon\BrMfimon.exe
C:\Windows\system32\svchost.exe -k WindowsMobile
C:\Program Files (x86)\Brother\Brmfcmon\BrMfcmon.exe
C:\Program Files (x86)\iPod\bin\iPodService.exe
C:\Windows\ehome\ehmsas.exe
C:\Program Files (x86)\PGP Corporation\PGP Desktop\PGPcbt64.exe
C:\Program Files\DellTPad\ApMsgFwd.exe
C:\Program Files\DellTPad\HidFind.exe
C:\Program Files\DellTPad\Apntex.exe
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Program Files (x86)\Virgin Mobile\Virgin Mobile.exe
C:\Program Files (x86)\Internet Explorer\ieuser.exe
C:\Program Files (x86)\Internet Explorer\iexplore.exe
C:\Program Files (x86)\Microsoft\BingBar\BingBar.exe
C:\Program Files (x86)\Microsoft\BingBar\BingApp.exe
C:\Windows\SysWOW64\Macromed\Flash\FlashUtil10r_ActiveX.exe
C:\Program Files\Windows Defender\MSASCui.exe
C:\Program Files (x86)\ESET\ESET Online Scanner\OnlineCmdLineScanner.exe
C:\Windows\splwow64.exe
C:\Windows\system32\taskeng.exe
C:\Windows\system32\wuauclt.exe
C:\Program Files (x86)\Skype\Phone\Skype.exe
C:\PROGRA~2\AVG\AVG8\avgnsa.exe
C:\Program Files (x86)\Windows Media Player\wmplayer.exe
C:\Windows\system32\WUDFHost.exe
C:\Program Files (x86)\Mozilla Firefox\firefox.exe
C:\Windows\system32\DllHost.exe
C:\Windows\system32\DllHost.exe
C:\Windows\SysWOW64\cmd.exe
C:\Windows\SysWOW64\cscript.exe
C:\Windows\system32\wbem\wmiprvse.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://www.google.com.au/
uDefault_Search_URL = hxxp://www.google.com/ie
uSearchAssistant = hxxp://www.google.com/ie
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
uURLSearchHooks: AVG Security Toolbar BHO: {a3bc75a2-1f87-4686-aa43-5347d756017c} - C:\Program Files (x86)\AVG\AVG8\Toolbar\IEToolbar.dll
mURLSearchHooks: AVG Security Toolbar BHO: {a3bc75a2-1f87-4686-aa43-5347d756017c} - C:\Program Files (x86)\AVG\AVG8\Toolbar\IEToolbar.dll
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
BHO: Spybot-S&D IE Protection: {53707962-6f74-2d53-2644-206d7942484f} - C:\PROGRA~2\SPYBOT~1\SDHelper.dll
BHO: {5C255C8A-E604-49b4-9D64-90988571CECB} - No File
BHO: Windows Live Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
BHO: AVG Security Toolbar BHO: {a3bc75a2-1f87-4686-aa43-5347d756017c} - C:\Program Files (x86)\AVG\AVG8\Toolbar\IEToolbar.dll
BHO: Skype Browser Helper: {ae805869-2e5c-4ed4-8f7b-f1f7851a4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
BHO: Bing Bar Helper: {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - "C:\Program Files (x86)\Microsoft\BingBar\BingExt.dll"
BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll
TB: AVG Security Toolbar: {ccc7a320-b3ca-4199-b1a6-9f516dd69829} - C:\Program Files (x86)\AVG\AVG8\Toolbar\IEToolbar.dll
TB: Bing Bar: {8dcb7100-df86-4384-8842-8fa844297b3f} - "C:\Program Files (x86)\Microsoft\BingBar\BingExt.dll"
TB: {21FA44EF-376D-4D53-9B0F-8A89D3229068} - No File
uRun: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
uRun: [ehTray.exe] C:\Windows\ehome\ehTray.exe
mRun: [Dell Webcam Central] "C:\Program Files (x86)\Dell Webcam\Dell Webcam Central\WebcamDell.exe" /mode2
mRun: [AVG8_TRAY] C:\PROGRA~2\AVG\AVG8\avgtray.exe
mRun: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe"
mRun: [BrMfcWnd] "C:\Program Files (x86)\Brother\Brmfcmon\BrMfcWnd.exe" /AUTORUN
mRun: [ControlCenter3] "C:\Program Files (x86)\Brother\ControlCenter3\brctrcen.exe" /autorun
mRun: [FUFAXSTM] "C:\Program Files (x86)\Epson Software\FAX Utility\FUFAXSTM.exe"
mRun: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
mRun: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
StartupFolder: C:\Users\elly\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\ERUNTA~1.LNK - C:\Program Files (x86)\ERUNT\AUTOBACK.EXE
StartupFolder: C:\Users\elly\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\ONENOT~1.LNK - C:\Program Files (x86)\Microsoft Office\Office12\ONENOTEM.EXE
StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\DELLRE~1.LNK - c:\Windows\Installer\{F66A31D9-7831-4FBA-BA02-C411C0047CC5}\NewShortcut10_F66A31D978314FBABA02C411C0047CC5.exe
StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\PGPTRA~1.LNK - C:\Windows\Installer\{217C5C5A-37CA-4CB5-BE1D-9694832F9DAA}\Icon6560581611.exe
StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\QuickSet.lnk - C:\Program Files (x86)\Dell\QuickSet\quickset.exe
mPolicies-explorer: BindDirectlyToPropertySetStorage = 0 (0x0)
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
IE: Add to Google Photos Screensa&ver - C:\Windows\system32\GPhotos.scr/200
IE: E&xport to Microsoft Excel - C:\PROGRA~2\MICROS~2\Office12\EXCEL.EXE/3000
IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\PROGRA~2\MICROS~2\Office12\ONBttnIE.dll
IE: {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - {2EAF5BB0-070F-11D3-9307-00C04FAE2D4F} - C:\Windows\WindowsMobile\INetRepl.dll
IE: {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - {2EAF5BB0-070F-11D3-9307-00C04FAE2D4F} - C:\Windows\WindowsMobile\INetRepl.dll
IE: {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - C:\PROGRA~2\MICROS~2\Office12\REFIEBAR.DLL
IE: {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~2\SPYBOT~1\SDHelper.dll
LSP: C:\Windows\system32\PGPlsp.dll
Trusted Zone: holmstrom-kennedy.com\mail
Trusted Zone: holmstromlaw.com\mail
DPF: {0CCA191D-13A6-4E29-B746-314DEE697D83} - hxxp://upload.facebook.com/controls/2008.10.10_v5.5.8/FacebookPhotoUploader5.cab
DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} - hxxp://download.eset.com/special/eos/OnlineScanner.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0-windows-i586.cab
DPF: {CAFEEFAC-0017-0000-0000-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0-windows-i586.cab
DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
TCP: DhcpNameServer = 123.200.191.17 123.200.191.18
TCP: Interfaces\{109C7D44-82B0-442E-8D4D-07E4630241BE} : DhcpNameServer = 68.87.72.134 68.87.77.134
TCP: Interfaces\{8DE78221-CCE5-4DBA-8975-D9A6CEE7674A} : NameServer = 208.67.222.222,208.67.220.220
TCP: Interfaces\{C022DFBB-F863-4329-82BE-0A9A91BB1504} : DhcpNameServer = 123.200.191.17 123.200.191.18
TCP: Interfaces\{C17D05BC-7BC3-41E2-992E-DF06E0B95A79} : DhcpNameServer = 123.200.191.17 123.200.191.18
TCP: Interfaces\{EB7C840C-1072-464B-8CD7-4A43027A9D3E} : DhcpNameServer = 10.10.0.1
Handler: avgsecuritytoolbar - {F2DDE6B2-9684-4A55-86D4-E255E237B77C} - C:\Program Files (x86)\AVG\AVG8\Toolbar\IEToolbar.dll
Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
BHO-X64: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
BHO-X64: AcroIEHelperStub - No File
BHO-X64: Spybot-S&D IE Protection: {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~2\SPYBOT~1\SDHelper.dll
BHO-X64: {5C255C8A-E604-49b4-9D64-90988571CECB} - No File
BHO-X64: Windows Live Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
BHO-X64: AVG Security Toolbar BHO: {A3BC75A2-1F87-4686-AA43-5347D756017C} - C:\Program Files (x86)\AVG\AVG8\Toolbar\IEToolbar.dll
BHO-X64: Skype Browser Helper: {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
BHO-X64: SkypeIEPluginBHO - No File
BHO-X64: Bing Bar Helper: {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - "C:\Program Files (x86)\Microsoft\BingBar\BingExt.dll"
BHO-X64: Java(tm) Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll
TB-X64: AVG Security Toolbar: {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - C:\Program Files (x86)\AVG\AVG8\Toolbar\IEToolbar.dll
TB-X64: Bing Bar: {8dcb7100-df86-4384-8842-8fa844297b3f} - "C:\Program Files (x86)\Microsoft\BingBar\BingExt.dll"
TB-X64: {21FA44EF-376D-4D53-9B0F-8A89D3229068} - No File
mRun-x64: [Dell Webcam Central] "C:\Program Files (x86)\Dell Webcam\Dell Webcam Central\WebcamDell.exe" /mode2
mRun-x64: [AVG8_TRAY] C:\PROGRA~2\AVG\AVG8\avgtray.exe
mRun-x64: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe"
mRun-x64: [BrMfcWnd] "C:\Program Files (x86)\Brother\Brmfcmon\BrMfcWnd.exe" /AUTORUN
mRun-x64: [ControlCenter3] "C:\Program Files (x86)\Brother\ControlCenter3\brctrcen.exe" /autorun
mRun-x64: [FUFAXSTM] "C:\Program Files (x86)\Epson Software\FAX Utility\FUFAXSTM.exe"
mRun-x64: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
mRun-x64: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
.
================= FIREFOX ===================
.
FF - ProfilePath - C:\Users\elly\AppData\Roaming\Mozilla\Firefox\Profiles\78enpq9v.default\
FF - prefs.js: browser.startup.homepage - hxxps://encrypted.google.com
FF - prefs.js: keyword.URL - hxxp://search.avg.com/route/?d=4cc82f7b&v=6.103.018.001&i=29&tp=ab&iy=&ychte=us&lng=en-US&q=
FF - plugin: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll
FF - plugin: C:\Program Files (x86)\Adobe\Reader 9.0\Reader\AIR\nppdf32.dll
FF - plugin: C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll
FF - plugin: C:\Program Files (x86)\Google\Picasa3\npPicasa3.dll
FF - plugin: C:\Program Files (x86)\Google\Update\1.3.21.69\npGoogleUpdate3.dll
FF - plugin: C:\Program Files (x86)\Java\jre7\bin\new_plugin\npdeployJava1.dll
FF - plugin: C:\Program Files (x86)\Java\jre7\bin\new_plugin\npjp2.dll
FF - plugin: c:\Program Files (x86)\Microsoft Silverlight\4.0.60531.0\npctrlui.dll
FF - plugin: C:\Program Files (x86)\Mozilla Firefox\plugins\npdeployJava1.dll
FF - plugin: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll
FF - plugin: C:\Users\elly\AppData\Roaming\Move Networks\plugins\npqmp071505000011.dll
FF - plugin: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32.dll
.
---- FIREFOX POLICIES ----
FF - user.js: network.cookie.cookieBehavior - 0
FF - user.js: privacy.clearOnShutdown.cookies - false
FF - user.js: security.warn_viewing_mixed - false
FF - user.js: security.warn_viewing_mixed.show_once - false
FF - user.js: security.warn_submit_insecure - false
FF - user.js: security.warn_submit_insecure.show_once - false
.
============= SERVICES / DRIVERS ===============
.
R0 pgpfs;PGP File Sharing;C:\Windows\system32\Drivers\PGPfsfd.sys --> C:\Windows\system32\Drivers\PGPfsfd.sys [?]
R0 Pgpwdefs;Pgpwdefs;C:\Windows\system32\DRIVERS\Pgpwdefs.sys --> C:\Windows\system32\DRIVERS\Pgpwdefs.sys [?]
R0 PxHlpa64;PxHlpa64;C:\Windows\system32\Drivers\PxHlpa64.sys --> C:\Windows\system32\Drivers\PxHlpa64.sys [?]
R1 AvgLdx64;AVG Free AVI Loader Driver x64;C:\Windows\system32\Drivers\avgldx64.sys --> C:\Windows\system32\Drivers\avgldx64.sys [?]
R1 AvgMfx64;AVG Free On-access Scanner Minifilter Driver x64;C:\Windows\system32\Drivers\avgmfx64.sys --> C:\Windows\system32\Drivers\avgmfx64.sys [?]
R1 AvgTdiA;AVG Free8 Network Redirector x64;C:\Windows\system32\Drivers\avgtdia.sys --> C:\Windows\system32\Drivers\avgtdia.sys [?]
R2 AdobeARMservice;Adobe Acrobat Update Service;C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [2011-6-6 64952]
R2 AESTFilters;Andrea ST Filters Service;C:\Windows\System32\DriverStore\FileRepository\stwrt64.inf_cce24a4c\AESTSr64.exe --> C:\Windows\System32\DriverStore\FileRepository\stwrt64.inf_cce24a4c\AESTSr64.exe [?]
R2 avg8emc;AVG Free8 E-mail Scanner;C:\PROGRA~2\AVG\AVG8\avgemc.exe [2009-8-23 908056]
R2 avg8wd;AVG Free8 WatchDog;C:\PROGRA~2\AVG\AVG8\avgwdsvc.exe [2009-8-23 297752]
R2 BBUpdate;BBUpdate;C:\Program Files (x86)\Microsoft\BingBar\SeaPort.EXE [2011-6-15 249648]
R2 dlbc_device;dlbc_device;C:\Windows\system32\dlbccoms.exe -service --> C:\Windows\system32\dlbccoms.exe -service [?]
R2 DockLoginService;Dock Login Service;C:\Program Files\Dell\DellDock\DockLogin.exe [2008-9-23 155648]
R2 FontCache;Windows Font Cache Service;C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation [2008-1-20 21504]
R2 SBSDWSCService;SBSD Security Center Service;C:\Program Files (x86)\Spybot - Search & Destroy\SDWinSec.exe [2009-9-19 1153368]
R2 Tether;Tether;C:\Program Files (x86)\Tether\TBService.exe [2010-5-21 49080]
R3 ewusbnet;HUAWEI USB-NDIS miniport;C:\Windows\system32\DRIVERS\ewusbnet.sys --> C:\Windows\system32\DRIVERS\ewusbnet.sys [?]
R3 IntcHdmiAddService;Intel(R) High Definition Audio HDMI;C:\Windows\system32\drivers\IntcHdmi.sys --> C:\Windows\system32\drivers\IntcHdmi.sys [?]
R3 itecir;ITECIR Infrared Receiver;C:\Windows\system32\DRIVERS\itecir.sys --> C:\Windows\system32\DRIVERS\itecir.sys [?]
R3 k57nd60a;Broadcom NetLink (TM) Gigabit Ethernet - NDIS 6.0;C:\Windows\system32\DRIVERS\k57nd60a.sys --> C:\Windows\system32\DRIVERS\k57nd60a.sys [?]
R3 NETw5v64;Intel(R) Wireless WiFi Link Adapter Driver for Windows Vista 64 Bit ;C:\Windows\system32\DRIVERS\NETw5v64.sys --> C:\Windows\system32\DRIVERS\NETw5v64.sys [?]
R3 OA001Ufd;Creative Camera OA001 Upper Filter Driver;C:\Windows\system32\DRIVERS\OA001Ufd.sys --> C:\Windows\system32\DRIVERS\OA001Ufd.sys [?]
R3 OA001Vid;Creative Camera OA001 Function Driver;C:\Windows\system32\DRIVERS\OA001Vid.sys --> C:\Windows\system32\DRIVERS\OA001Vid.sys [?]
R3 swivsp;AC8xx Virtual Serial Port;C:\Windows\system32\DRIVERS\swivspnt.sys --> C:\Windows\system32\DRIVERS\swivspnt.sys [?]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576]
S2 gupdate;Google Update Service (gupdate);C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2009-12-2 135664]
S3 AVG Security Toolbar Service;AVG Security Toolbar Service;C:\Program Files (x86)\AVG\AVG8\Toolbar\ToolbarBroker.exe [2010-10-27 947528]
S3 BBSvc;Bing Bar Update Service;C:\Program Files (x86)\Microsoft\BingBar\BBSvc.EXE [2011-7-7 195336]
S3 gupdatem;Google Update Service (gupdatem);C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2009-12-2 135664]
S3 HtcUsbMdmV64;HTC Proprietary USB Driver (PID 0B03);C:\Windows\system32\DRIVERS\HtcUsbMdmV64.sys --> C:\Windows\system32\DRIVERS\HtcUsbMdmV64.sys [?]
S3 HtcVCom32;HTC Diagnostic Port (PID 0B03);C:\Windows\system32\DRIVERS\HtcVComV64.sys --> C:\Windows\system32\DRIVERS\HtcVComV64.sys [?]
S3 PerfHost;Performance Counter DLL Host;C:\Windows\SysWOW64\perfhost.exe [2008-1-20 19968]
S3 qrkis;Tether Miniport;C:\Windows\system32\DRIVERS\qrkis.sys --> C:\Windows\system32\DRIVERS\qrkis.sys [?]
S3 USBAAPL64;Apple Mobile USB Driver;C:\Windows\system32\Drivers\usbaapl64.sys --> C:\Windows\system32\Drivers\usbaapl64.sys [?]
S3 WMZuneComm;Zune Windows Mobile Connectivity Service;C:\Program Files\Zune\WMZuneComm.exe [2010-11-11 306416]
S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\WPF\WPFFontCache_v0400.exe [2010-3-18 1020768]
S4 clr_optimization_v2.0.50727_64;Microsoft .NET Framework NGEN v2.0.50727_X64;C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe [2009-12-3 89920]
.
=============== Created Last 30 ================
.
2011-09-30 15:11:45 69000 ----a-w- C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{C61297A8-E3BB-4056-AE54-D5939ED94C50}\offreg.dll
2011-09-30 15:11:37 9049936 ----a-w- C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{C61297A8-E3BB-4056-AE54-D5939ED94C50}\mpengine.dll
2011-09-29 08:48:17 -------- d-----w- C:\Program Files (x86)\ESET
2011-09-29 08:28:04 611224 ----a-w- C:\Program Files (x86)\Mozilla Firefox\plugins\npdeployJava1.dll
2011-09-29 08:28:04 544656 ----a-w- C:\Windows\SysWow64\deployJava1.dll
2011-09-29 07:59:54 -------- d-sh--w- C:\$RECYCLE.BIN
2011-09-28 13:29:28 98816 ----a-w- C:\Windows\sed.exe
2011-09-28 13:29:28 518144 ----a-w- C:\Windows\SWREG.exe
2011-09-28 13:29:28 256000 ----a-w- C:\Windows\PEV.exe
2011-09-28 13:29:28 208896 ----a-w- C:\Windows\MBR.exe
2011-09-21 22:54:42 388096 ----a-r- C:\Users\elly\AppData\Roaming\Microsoft\Installer\{45A66726-69BC-466B-A7A4-12FCBA4883D7}\HiJackThis.exe
2011-09-21 22:54:39 -------- d-----w- C:\Program Files (x86)\Trend Micro
2011-09-14 22:49:51 2409784 ----a-w- C:\Program Files\Windows Mail\OESpamFilter.dat
2011-09-14 22:49:51 2409784 ----a-w- C:\Program Files (x86)\Windows Mail\OESpamFilter.dat
2011-09-14 22:40:12 9049936 ----a-w- C:\ProgramData\Microsoft\Windows Defender\Definition Updates\Backup\mpengine.dll
2011-09-14 22:39:59 270720 ------w- C:\Windows\System32\MpSigStub.exe
2011-09-05 17:04:56 183696 ----a-w- C:\Program Files (x86)\Mozilla Firefox\plugins\nppdf32.dll
2011-09-05 17:04:56 183696 ----a-w- C:\Program Files (x86)\Internet Explorer\Plugins\nppdf32.dll
.
==================== Find3M ====================
.
2011-08-31 22:00:50 25416 ----a-w- C:\Windows\System32\drivers\mbam.sys
2011-08-02 04:53:43 404640 ----a-w- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
2011-07-22 14:10:31 1383424 ----a-w- C:\Windows\System32\mshtml.tlb
2011-07-22 13:54:40 1383424 ----a-w- C:\Windows\SysWow64\mshtml.tlb
2011-07-11 13:45:57 2048 ----a-w- C:\Windows\System32\tzres.dll
2011-07-11 13:25:35 2048 ----a-w- C:\Windows\SysWow64\tzres.dll
2011-07-06 15:49:23 275456 ----a-w- C:\Windows\System32\drivers\mrxsmb10.sys
.
============= FINISH: 20:13:14.67 ===============

Blade81
2011-10-02, 10:04
Hi,

Delete those ESET findings after defragging is done. How's the system running now?

ellybug
2011-10-02, 14:50
I'm not sure what you mean by "delete those ESET findings." Do you simply mean the result log, or the actual files identified? If I go to the ESET quaratine file, it is empty. I'm not sure how to delete the findings.

Overall my computer seems to be running okay, however it always seemed to run ok, but then I get a blue screen and the computer shuts down. I have had that happen yet since starting my computer today.

Also, when I started my computer a box popped up that says "winsrcmde stopped working and was closed. A problem caused the application to stop working correctly. Windows will notify you if a solution is available."

If I attempt to close the box, it closes but then reopens again about 10 seconds later.

Blade81
2011-10-02, 16:21
Hi,


I'm not sure what you mean by "delete those ESET findings." Do you simply mean the result log, or the actual files identified? If I go to the ESET quaratine file, it is empty. I'm not sure how to delete the findings.
Sorry for not explaining this clearly enough. I meant to manually delete those files flagged in ESET log (for example go to C:\ProgramData\Spybot - Search & Destroy\Recovery folder and delete SmitfraudCgp.zip file).



Overall my computer seems to be running okay, however it always seemed to run ok, but then I get a blue screen and the computer shuts down. I have had that happen yet since starting my computer today.
Does it give any specific error code there?


Also, when I started my computer a box popped up that says "winsrcmde stopped working and was closed. A problem caused the application to stop working correctly. Windows will notify you if a solution is available." Has this just started occuring or was it happening earlier?


1. Download TDSSKiller (http://support.kaspersky.com/downloads/utils/tdsskiller.zip) and extract its contents into a folder in desired location (i.e. c:\tdsskiller).
2. Execute the file TDSSKiller.exe.
3. Click Start Scan. If threats are found, select cure and click Continue (tool may prompt for a reboot).
4. Post back contents of log file in c: drive root (name should be in UtilityName.Version_Date_Time_log.txt format). Post fresh dds logs too.

ellybug
2011-10-03, 02:37
Thanks for the clarification. I can only delete the files in the ESET results located in c:\programdata. When I try to delete the files in any of the shadowcopy folders I get a message that the disk is write protected or the media is write protected.

With respect to the blue screen it does contain some message, but it does not last long enough for me to be able to read any of it.

With respect to the winsrcmde box. It was happening before too. It seems to come up usually after running spybot and attempting to fix the problem.

I downloaded and ran tdss and attempted to reboot. Now it crashes and I get the blue screen about 20 seconds after the login page loads. It seems to have more writing than the previous blue screen, about 3/4 of a page, but again it does last long enough to catch more than a word or two. It can restart in safe mode.

Blade81
2011-10-03, 07:41
Hi,

Disable automatic restart to see if you're able to catch the error (instructions (http://pcsupport.about.com/od/fixtheproblem/ss/disable-auto-restart-vista.htm)).

ellybug
2011-10-03, 11:10
BSOD code:

0x0000007e (0xFFFFFFFFC0000005, 0xFFFFF80002312BB4, 0xFFFFFA60186543C8, 0xFFFFFA6018653DAO)

Blade81
2011-10-03, 11:31
Hi,

Please see if TDSSKiller log was created in c: root (name should be in UtilityName.Version_Date_Time_log.txt format).

ellybug
2011-10-03, 12:51
Yes, the log was created. \Device\Harddisk0\DR0 - detected Rootkit.Boot.Pihar.a

It indicated it would be cured on reboot.

At the end of the scan I clicked cure and then reboot.

Blade81
2011-10-03, 18:28
Hi,

Please run TDSSKiller in safe mode but this time make sure you select skip to any findings. Please post TDSSKiller log back here.

ellybug
2011-10-04, 08:49
TDSS log second run:

16:22:39.0708 1992 TDSS rootkit removing tool 2.6.2.0 Sep 26 2011 18:56:43
16:22:39.0723 1992 ============================================================
16:22:39.0723 1992 Current date / time: 2011/10/03 16:22:39.0723
16:22:39.0723 1992 SystemInfo:
16:22:39.0723 1992
16:22:39.0723 1992 OS Version: 6.0.6002 ServicePack: 2.0
16:22:39.0723 1992 Product type: Workstation
16:22:39.0723 1992 ComputerName: DELLYBUG
16:22:39.0723 1992 UserName: elly
16:22:39.0723 1992 Windows directory: C:\Windows
16:22:39.0723 1992 System windows directory: C:\Windows
16:22:39.0723 1992 Running under WOW64
16:22:39.0723 1992 Processor architecture: Intel x64
16:22:39.0723 1992 Number of processors: 2
16:22:39.0723 1992 Page size: 0x1000
16:22:39.0723 1992 Boot type: Safe boot
16:22:39.0723 1992 ============================================================
16:22:40.0035 1992 Initialize success
16:23:03.0872 2032 ============================================================
16:23:03.0872 2032 Scan started
16:23:03.0872 2032 Mode: Manual;
16:23:03.0872 2032 ============================================================
16:23:04.0231 2032 ACPI (1965aaffab07e3fb03c77f81beba3547) C:\Windows\system32\drivers\acpi.sys
16:23:04.0231 2032 ACPI - ok
16:23:04.0309 2032 adp94xx (f14215e37cf124104575073f782111d2) C:\Windows\system32\drivers\adp94xx.sys
16:23:04.0309 2032 adp94xx - ok
16:23:04.0340 2032 adpahci (7d05a75e3066861a6610f7ee04ff085c) C:\Windows\system32\drivers\adpahci.sys
16:23:04.0356 2032 adpahci - ok
16:23:04.0449 2032 adpu160m (820a201fe08a0c345b3bedbc30e1a77c) C:\Windows\system32\drivers\adpu160m.sys
16:23:04.0449 2032 adpu160m - ok
16:23:04.0480 2032 adpu320 (9b4ab6854559dc168fbb4c24fc52e794) C:\Windows\system32\drivers\adpu320.sys
16:23:04.0480 2032 adpu320 - ok
16:23:04.0558 2032 AFD (0cc146c4addea45791b18b1e2659f4a9) C:\Windows\system32\drivers\afd.sys
16:23:04.0558 2032 AFD - ok
16:23:04.0621 2032 agp440 (f6f6793b7f17b550ecfdbd3b229173f7) C:\Windows\system32\drivers\agp440.sys
16:23:04.0621 2032 agp440 - ok
16:23:04.0714 2032 aic78xx (222cb641b4b8a1d1126f8033f9fd6a00) C:\Windows\system32\drivers\djsvs.sys
16:23:04.0714 2032 aic78xx - ok
16:23:04.0746 2032 aliide (9544c2c55541c0c6bfd7b489d0e7d430) C:\Windows\system32\drivers\aliide.sys
16:23:04.0746 2032 aliide - ok
16:23:04.0777 2032 amdide (970fa5059e61e30d25307b99903e991e) C:\Windows\system32\drivers\amdide.sys
16:23:04.0777 2032 amdide - ok
16:23:04.0808 2032 AmdK8 (cdc3632a3a5ea4dbb83e46076a3165a1) C:\Windows\system32\drivers\amdk8.sys
16:23:04.0808 2032 AmdK8 - ok
16:23:04.0855 2032 ApfiltrService (8c85c812569df851e7a2159147323dfa) C:\Windows\system32\DRIVERS\Apfiltr.sys
16:23:04.0855 2032 ApfiltrService - ok
16:23:04.0948 2032 arc (ba8417d4765f3988ff921f30f630e303) C:\Windows\system32\drivers\arc.sys
16:23:04.0948 2032 arc - ok
16:23:05.0026 2032 arcsas (9d41c435619733b34cc16a511e644b11) C:\Windows\system32\drivers\arcsas.sys
16:23:05.0026 2032 arcsas - ok
16:23:05.0058 2032 AsyncMac (22d13ff3dafec2a80634752b1eaa2de6) C:\Windows\system32\DRIVERS\asyncmac.sys
16:23:05.0058 2032 AsyncMac - ok
16:23:05.0104 2032 atapi (e68d9b3a3905619732f7fe039466a623) C:\Windows\system32\drivers\atapi.sys
16:23:05.0104 2032 atapi - ok
16:23:05.0167 2032 AvgLdx64 (276c5b14336452c8ce547ed5d00e0e62) C:\Windows\System32\Drivers\avgldx64.sys
16:23:05.0182 2032 AvgLdx64 - ok
16:23:05.0260 2032 AvgMfx64 (b9c21c3753dcbccac6b62e1a560eb6f7) C:\Windows\System32\Drivers\avgmfx64.sys
16:23:05.0260 2032 AvgMfx64 - ok
16:23:05.0276 2032 AvgTdiA (86d08cf28005f7f626a84d512f84d6c2) C:\Windows\System32\Drivers\avgtdia.sys
16:23:05.0292 2032 AvgTdiA - ok
16:23:05.0307 2032 Beep - ok
16:23:05.0370 2032 blbdrive (79feeb40056683f8f61398d81dda65d2) C:\Windows\system32\drivers\blbdrive.sys
16:23:05.0370 2032 blbdrive - ok
16:23:05.0416 2032 bowser (2348447a80920b2493a9b582a23e81e1) C:\Windows\system32\DRIVERS\bowser.sys
16:23:05.0416 2032 bowser - ok
16:23:05.0448 2032 BrFiltLo (f09eee9edc320b5e1501f749fde686c8) C:\Windows\system32\drivers\brfiltlo.sys
16:23:05.0448 2032 BrFiltLo - ok
16:23:05.0479 2032 BrFiltUp (b114d3098e9bdb8bea8b053685831be6) C:\Windows\system32\drivers\brfiltup.sys
16:23:05.0479 2032 BrFiltUp - ok
16:23:05.0572 2032 Brserid (f0f0ba4d815be446aa6a4583ca3bca9b) C:\Windows\system32\drivers\brserid.sys
16:23:05.0572 2032 Brserid - ok
16:23:05.0650 2032 BrSerIf (34f6c504b150f99dae69d7073d2a4df4) C:\Windows\system32\DRIVERS\BrSerIf.sys
16:23:05.0650 2032 BrSerIf - ok
16:23:05.0682 2032 BrSerWdm (a6eca2151b08a09caceca35c07f05b42) C:\Windows\system32\drivers\brserwdm.sys
16:23:05.0697 2032 BrSerWdm - ok
16:23:05.0728 2032 BrUsbMdm (b79968002c277e869cf38bd22cd61524) C:\Windows\system32\drivers\brusbmdm.sys
16:23:05.0728 2032 BrUsbMdm - ok
16:23:05.0760 2032 BrUsbSer (601cb966fffebc6806626dc8e7aa0ef2) C:\Windows\system32\DRIVERS\BrUsbSer.sys
16:23:05.0760 2032 BrUsbSer - ok
16:23:05.0791 2032 BTHMODEM (e0777b34e05f8a82a21856efc900c29f) C:\Windows\system32\drivers\bthmodem.sys
16:23:05.0791 2032 BTHMODEM - ok
16:23:05.0806 2032 catchme - ok
16:23:05.0822 2032 cdfs (b4d787db8d30793a4d4df9feed18f136) C:\Windows\system32\DRIVERS\cdfs.sys
16:23:05.0822 2032 cdfs - ok
16:23:05.0869 2032 cdrom (c025aa69be3d0d25c7a2e746ef6f94fc) C:\Windows\system32\DRIVERS\cdrom.sys
16:23:05.0869 2032 cdrom - ok
16:23:05.0962 2032 circlass (02ea568d498bbdd4ba55bf3fce34d456) C:\Windows\system32\DRIVERS\circlass.sys
16:23:05.0962 2032 circlass - ok
16:23:05.0994 2032 CLFS (3dca9a18b204939cfb24bea53e31eb48) C:\Windows\system32\CLFS.sys
16:23:06.0009 2032 CLFS - ok
16:23:06.0072 2032 CmBatt (b52d9a14ce4101577900a364ba86f3df) C:\Windows\system32\DRIVERS\CmBatt.sys
16:23:06.0072 2032 CmBatt - ok
16:23:06.0087 2032 cmdide (e5d5499a1c50a54b5161296b6afe6192) C:\Windows\system32\drivers\cmdide.sys
16:23:06.0103 2032 cmdide - ok
16:23:06.0118 2032 Compbatt (7fb8ad01db0eabe60c8a861531a8f431) C:\Windows\system32\DRIVERS\compbatt.sys
16:23:06.0118 2032 Compbatt - ok
16:23:06.0134 2032 crcdisk (a8585b6412253803ce8efcbd6d6dc15c) C:\Windows\system32\drivers\crcdisk.sys
16:23:06.0134 2032 crcdisk - ok
16:23:06.0243 2032 DfsC (8b722ba35205c71e7951cdc4cdbade19) C:\Windows\system32\Drivers\dfsc.sys
16:23:06.0243 2032 DfsC - ok
16:23:06.0306 2032 disk (b0107e40ecdb5fa692ebf832f295d905) C:\Windows\system32\drivers\disk.sys
16:23:06.0306 2032 disk - ok
16:23:06.0415 2032 drmkaud (f1a78a98cfc2ee02144c6bec945447e6) C:\Windows\system32\drivers\drmkaud.sys
16:23:06.0415 2032 drmkaud - ok
16:23:06.0462 2032 DXGKrnl (b8e554e502d5123bc111f99d6a2181b4) C:\Windows\System32\drivers\dxgkrnl.sys
16:23:06.0477 2032 DXGKrnl - ok
16:23:06.0571 2032 e1express (17d40652ef3e55eeae187a89df40965a) C:\Windows\system32\DRIVERS\e1e6032e.sys
16:23:06.0571 2032 e1express - ok
16:23:06.0649 2032 E1G60 (264cee7b031a9d6c827f3d0cb031f2fe) C:\Windows\system32\DRIVERS\E1G6032E.sys
16:23:06.0664 2032 E1G60 - ok
16:23:06.0711 2032 Ecache (5f94962be5a62db6e447ff6470c4f48a) C:\Windows\system32\drivers\ecache.sys
16:23:06.0711 2032 Ecache - ok
16:23:06.0758 2032 elxstor (c4636d6e10469404ab5308d9fd45ed07) C:\Windows\system32\drivers\elxstor.sys
16:23:06.0758 2032 elxstor - ok
16:23:06.0836 2032 ErrDev (bc3a58e938bb277e46bf4b3003b01abd) C:\Windows\system32\drivers\errdev.sys
16:23:06.0852 2032 ErrDev - ok
16:23:06.0914 2032 ewusbnet (0b8880f8d9a781670557307e2bca6bd6) C:\Windows\system32\DRIVERS\ewusbnet.sys
16:23:06.0930 2032 ewusbnet - ok
16:23:06.0976 2032 exfat (486844f47b6636044a42454614ed4523) C:\Windows\system32\drivers\exfat.sys
16:23:06.0992 2032 exfat - ok
16:23:07.0039 2032 fastfat (1a4bee34277784619ddaf0422c0c6e23) C:\Windows\system32\drivers\fastfat.sys
16:23:07.0039 2032 fastfat - ok
16:23:07.0070 2032 fdc (81b79b6df71fa1d2c6d688d830616e39) C:\Windows\system32\DRIVERS\fdc.sys
16:23:07.0086 2032 fdc - ok
16:23:07.0117 2032 FileInfo (457b7d1d533e4bd62a99aed9c7bb4c59) C:\Windows\system32\drivers\fileinfo.sys
16:23:07.0117 2032 FileInfo - ok
16:23:07.0164 2032 Filetrace (d421327fd6efccaf884a54c58e1b0d7f) C:\Windows\system32\drivers\filetrace.sys
16:23:07.0164 2032 Filetrace - ok
16:23:07.0210 2032 flpydisk (230923ea2b80f79b0f88d90f87b87ebd) C:\Windows\system32\DRIVERS\flpydisk.sys
16:23:07.0210 2032 flpydisk - ok
16:23:07.0257 2032 FltMgr (e3041bc26d6930d61f42aedb79c91720) C:\Windows\system32\drivers\fltmgr.sys
16:23:07.0257 2032 FltMgr - ok
16:23:07.0320 2032 Fs_Rec (29d99e860a1ca0a03c6a733fdd0da703) C:\Windows\system32\drivers\Fs_Rec.sys
16:23:07.0320 2032 Fs_Rec - ok
16:23:07.0351 2032 gagp30kx (c8e416668d3dc2be3d4fe4c79224997f) C:\Windows\system32\drivers\gagp30kx.sys
16:23:07.0351 2032 gagp30kx - ok
16:23:07.0398 2032 GEARAspiWDM (e403aacf8c7bb11375122d2464560311) C:\Windows\system32\DRIVERS\GEARAspiWDM.sys
16:23:07.0398 2032 GEARAspiWDM - ok
16:23:07.0507 2032 HDAudBus (f942c5820205f2fb453243edfec82a3d) C:\Windows\system32\DRIVERS\HDAudBus.sys
16:23:07.0522 2032 HDAudBus - ok
16:23:07.0585 2032 HidBth (b4881c84a180e75b8c25dc1d726c375f) C:\Windows\system32\drivers\hidbth.sys
16:23:07.0585 2032 HidBth - ok
16:23:07.0616 2032 HidIr (5f47839455d01ff6403b008d481a6f5b) C:\Windows\system32\DRIVERS\hidir.sys
16:23:07.0616 2032 HidIr - ok
16:23:07.0663 2032 HidUsb (128e2da8483fdd4dd0c7b3f9abd6f323) C:\Windows\system32\DRIVERS\hidusb.sys
16:23:07.0678 2032 HidUsb - ok
16:23:07.0772 2032 HpCISSs (d7109a1e6bd2dfdbcba72a6bc626a13b) C:\Windows\system32\drivers\hpcisss.sys
16:23:07.0772 2032 HpCISSs - ok
16:23:07.0850 2032 HtcUsbMdmV64 (33aa4b9ad32a5be6285a471f8a767e5b) C:\Windows\system32\DRIVERS\HtcUsbMdmV64.sys
16:23:07.0850 2032 HtcUsbMdmV64 - ok
16:23:07.0912 2032 HtcVCom32 (be364aee7f85a36d536eba47a17536eb) C:\Windows\system32\DRIVERS\HtcVComV64.sys
16:23:07.0912 2032 HtcVCom32 - ok
16:23:07.0959 2032 HTTP (098f1e4e5c9cb5b0063a959063631610) C:\Windows\system32\drivers\HTTP.sys
16:23:07.0975 2032 HTTP - ok
16:23:08.0037 2032 hwdatacard (3e31c1470aba81ba2dcb956f8504c037) C:\Windows\system32\DRIVERS\ewusbmdm.sys
16:23:08.0037 2032 hwdatacard - ok
16:23:08.0084 2032 i2omp (da94c854cea5fac549d4e1f6e88349e8) C:\Windows\system32\drivers\i2omp.sys
16:23:08.0100 2032 i2omp - ok
16:23:08.0131 2032 i8042prt (cbb597659a2713ce0c9cc20c88c7591f) C:\Windows\system32\DRIVERS\i8042prt.sys
16:23:08.0131 2032 i8042prt - ok
16:23:08.0193 2032 iaStorV (3e3bf3627d886736d0b4e90054f929f6) C:\Windows\system32\drivers\iastorv.sys
16:23:08.0193 2032 iaStorV - ok
16:23:08.0474 2032 igfx (677aa5991026a65ada128c4b59cf2bad) C:\Windows\system32\DRIVERS\igdkmd64.sys
16:23:08.0677 2032 igfx - ok
16:23:08.0786 2032 iirsp (8c3951ad2fe886ef76c7b5027c3125d3) C:\Windows\system32\drivers\iirsp.sys
16:23:08.0786 2032 iirsp - ok
16:23:08.0833 2032 IntcHdmiAddService (dea2ab452b4fa773187369c4b6517320) C:\Windows\system32\drivers\IntcHdmi.sys
16:23:08.0833 2032 IntcHdmiAddService - ok
16:23:08.0880 2032 intelide (df797a12176f11b2d301c5b234bb200e) C:\Windows\system32\drivers\intelide.sys
16:23:08.0880 2032 intelide - ok
16:23:08.0926 2032 intelppm (bfd84af32fa1bad6231c4585cb469630) C:\Windows\system32\DRIVERS\intelppm.sys
16:23:08.0926 2032 intelppm - ok
16:23:08.0973 2032 IpFilterDriver (d8aabc341311e4780d6fce8c73c0ad81) C:\Windows\system32\DRIVERS\ipfltdrv.sys
16:23:08.0973 2032 IpFilterDriver - ok
16:23:09.0004 2032 IpInIp - ok
16:23:09.0036 2032 IPMIDRV (9c2ee2e6e5a7203bfae15c299475ec67) C:\Windows\system32\drivers\ipmidrv.sys
16:23:09.0036 2032 IPMIDRV - ok
16:23:09.0160 2032 IPNAT (b7e6212f581ea5f6ab0c3a6ceeeb89be) C:\Windows\system32\DRIVERS\ipnat.sys
16:23:09.0160 2032 IPNAT - ok
16:23:09.0192 2032 IRENUM (8c42ca155343a2f11d29feca67faa88d) C:\Windows\system32\drivers\irenum.sys
16:23:09.0192 2032 IRENUM - ok
16:23:09.0223 2032 isapnp (0672bfcedc6fc468a2b0500d81437f4f) C:\Windows\system32\drivers\isapnp.sys
16:23:09.0223 2032 isapnp - ok
16:23:09.0270 2032 iScsiPrt (e4fdf99599f27ec25d2cf6d754243520) C:\Windows\system32\DRIVERS\msiscsi.sys
16:23:09.0270 2032 iScsiPrt - ok
16:23:09.0285 2032 iteatapi (63c766cdc609ff8206cb447a65abba4a) C:\Windows\system32\drivers\iteatapi.sys
16:23:09.0301 2032 iteatapi - ok
16:23:09.0332 2032 itecir (5fef11c18ec25cdcb27e6c8680690b69) C:\Windows\system32\DRIVERS\itecir.sys
16:23:09.0332 2032 itecir - ok
16:23:09.0348 2032 iteraid (1281fe73b17664631d12f643cbea3f59) C:\Windows\system32\drivers\iteraid.sys
16:23:09.0348 2032 iteraid - ok
16:23:09.0410 2032 k57nd60a (2798447996feb5a58b584c8443acad02) C:\Windows\system32\DRIVERS\k57nd60a.sys
16:23:09.0410 2032 k57nd60a - ok
16:23:09.0488 2032 kbdclass (423696f3ba6472dd17699209b933bc26) C:\Windows\system32\DRIVERS\kbdclass.sys
16:23:09.0488 2032 kbdclass - ok
16:23:09.0519 2032 kbdhid (dbdf75d51464fbc47d0104ec3d572c05) C:\Windows\system32\DRIVERS\kbdhid.sys
16:23:09.0519 2032 kbdhid - ok
16:23:09.0582 2032 KSecDD (476e2c1dcea45895994bef11c2a98715) C:\Windows\system32\Drivers\ksecdd.sys
16:23:09.0597 2032 KSecDD - ok
16:23:09.0597 2032 ksthunk (1d419cf43db29396ecd7113d129d94eb) C:\Windows\system32\drivers\ksthunk.sys
16:23:09.0597 2032 ksthunk - ok
16:23:09.0628 2032 lltdio (96ece2659b6654c10a0c310ae3a6d02c) C:\Windows\system32\DRIVERS\lltdio.sys
16:23:09.0644 2032 lltdio - ok
16:23:09.0675 2032 LSI_FC (acbe1af32d3123e330a07bfbc5ec4a9b) C:\Windows\system32\drivers\lsi_fc.sys
16:23:09.0675 2032 LSI_FC - ok
16:23:09.0784 2032 LSI_SAS (799ffb2fc4729fa46d2157c0065b3525) C:\Windows\system32\drivers\lsi_sas.sys
16:23:09.0784 2032 LSI_SAS - ok
16:23:09.0831 2032 LSI_SCSI (f445ff1daad8a226366bfaf42551226b) C:\Windows\system32\drivers\lsi_scsi.sys
16:23:09.0831 2032 LSI_SCSI - ok
16:23:09.0862 2032 luafv (52f87b9cc8932c2a7375c3b2a9be5e3e) C:\Windows\system32\drivers\luafv.sys
16:23:09.0862 2032 luafv - ok
16:23:09.0894 2032 megasas (5c5cd6aaced32fb26c3fb34b3dcf972f) C:\Windows\system32\drivers\megasas.sys
16:23:09.0909 2032 megasas - ok
16:23:09.0972 2032 MegaSR (859bc2436b076c77c159ed694acfe8f8) C:\Windows\system32\drivers\megasr.sys
16:23:09.0972 2032 MegaSR - ok
16:23:10.0081 2032 Modem (59848d5cc74606f0ee7557983bb73c2e) C:\Windows\system32\drivers\modem.sys
16:23:10.0081 2032 Modem - ok
16:23:10.0096 2032 monitor (c247cc2a57e0a0c8c6dccf7807b3e9e5) C:\Windows\system32\DRIVERS\monitor.sys
16:23:10.0096 2032 monitor - ok
16:23:10.0128 2032 mouclass (9367304e5e412b120cf5f4ea14e4e4f1) C:\Windows\system32\DRIVERS\mouclass.sys
16:23:10.0128 2032 mouclass - ok
16:23:10.0143 2032 mouhid (c2c2bd5c5ce5aaf786ddd74b75d2ac69) C:\Windows\system32\DRIVERS\mouhid.sys
16:23:10.0143 2032 mouhid - ok
16:23:10.0159 2032 MountMgr (11bc9b1e8801b01f7f6adb9ead30019b) C:\Windows\system32\drivers\mountmgr.sys
16:23:10.0159 2032 MountMgr - ok
16:23:10.0190 2032 mpio (f8276eb8698142884498a528dfea8478) C:\Windows\system32\drivers\mpio.sys
16:23:10.0190 2032 mpio - ok
16:23:10.0221 2032 mpsdrv (c92b9abdb65a5991e00c28f13491dba2) C:\Windows\system32\drivers\mpsdrv.sys
16:23:10.0221 2032 mpsdrv - ok
16:23:10.0252 2032 Mraid35x (3c200630a89ef2c0864d515b7a75802e) C:\Windows\system32\drivers\mraid35x.sys
16:23:10.0252 2032 Mraid35x - ok
16:23:10.0284 2032 MRxDAV (7c1de4aa96dc0c071611f9e7de02a68d) C:\Windows\system32\drivers\mrxdav.sys
16:23:10.0284 2032 MRxDAV - ok
16:23:10.0315 2032 mrxsmb (1485811b320ff8c7edad1caebb1c6c2b) C:\Windows\system32\DRIVERS\mrxsmb.sys
16:23:10.0315 2032 mrxsmb - ok
16:23:10.0408 2032 mrxsmb10 (3b929a60c833fc615fd97fba82bc7632) C:\Windows\system32\DRIVERS\mrxsmb10.sys
16:23:10.0408 2032 mrxsmb10 - ok
16:23:10.0440 2032 mrxsmb20 (c64ab3e1f53b4f5b5bb6d796b2d7bec3) C:\Windows\system32\DRIVERS\mrxsmb20.sys
16:23:10.0440 2032 mrxsmb20 - ok
16:23:10.0471 2032 msahci (aa459f2ab3ab603c357ff117cae3d818) C:\Windows\system32\drivers\msahci.sys
16:23:10.0486 2032 msahci - ok
16:23:10.0518 2032 msdsm (264bbb4aaf312a485f0e44b65a6b7202) C:\Windows\system32\drivers\msdsm.sys
16:23:10.0518 2032 msdsm - ok
16:23:10.0564 2032 Msfs (704f59bfc4512d2bb0146aec31b10a7c) C:\Windows\system32\drivers\Msfs.sys
16:23:10.0564 2032 Msfs - ok
16:23:10.0596 2032 msisadrv (00ebc952961664780d43dca157e79b27) C:\Windows\system32\drivers\msisadrv.sys
16:23:10.0596 2032 msisadrv - ok
16:23:10.0674 2032 MSKSSRV (0ea73e498f53b96d83dbfca074ad4cf8) C:\Windows\system32\drivers\MSKSSRV.sys
16:23:10.0674 2032 MSKSSRV - ok
16:23:10.0705 2032 MSPCLOCK (52e59b7e992a58e740aa63f57edbae8b) C:\Windows\system32\drivers\MSPCLOCK.sys
16:23:10.0705 2032 MSPCLOCK - ok
16:23:10.0720 2032 MSPQM (49084a75bae043ae02d5b44d02991bb2) C:\Windows\system32\drivers\MSPQM.sys
16:23:10.0720 2032 MSPQM - ok
16:23:10.0752 2032 MsRPC (dc6ccf440cdede4293db41c37a5060a5) C:\Windows\system32\drivers\MsRPC.sys
16:23:10.0767 2032 MsRPC - ok
16:23:10.0798 2032 mssmbios (855796e59df77ea93af46f20155bf55b) C:\Windows\system32\DRIVERS\mssmbios.sys
16:23:10.0798 2032 mssmbios - ok
16:23:10.0830 2032 MSTEE (86d632d75d05d5b7c7c043fa3564ae86) C:\Windows\system32\drivers\MSTEE.sys
16:23:10.0830 2032 MSTEE - ok
16:23:10.0845 2032 Mup (0cc49f78d8aca0877d885f149084e543) C:\Windows\system32\Drivers\mup.sys
16:23:10.0845 2032 Mup - ok
16:23:10.0892 2032 NativeWifiP (2007b826c4acd94ae32232b41f0842b9) C:\Windows\system32\DRIVERS\nwifi.sys
16:23:10.0908 2032 NativeWifiP - ok
16:23:11.0001 2032 NDIS (65950e07329fcee8e6516b17c8d0abb6) C:\Windows\system32\drivers\ndis.sys
16:23:11.0001 2032 NDIS - ok
16:23:11.0048 2032 NdisTapi (64df698a425478e321981431ac171334) C:\Windows\system32\DRIVERS\ndistapi.sys
16:23:11.0048 2032 NdisTapi - ok
16:23:11.0079 2032 Ndisuio (8baa43196d7b5bb972c9a6b2bbf61a19) C:\Windows\system32\DRIVERS\ndisuio.sys
16:23:11.0079 2032 Ndisuio - ok
16:23:11.0110 2032 NdisWan (f8158771905260982ce724076419ef19) C:\Windows\system32\DRIVERS\ndiswan.sys
16:23:11.0110 2032 NdisWan - ok
16:23:11.0126 2032 NDProxy (9cb77ed7cb72850253e973a2d6afdf49) C:\Windows\system32\drivers\NDProxy.sys
16:23:11.0126 2032 NDProxy - ok
16:23:11.0142 2032 NetBIOS (a499294f5029a7862adc115bda7371ce) C:\Windows\system32\DRIVERS\netbios.sys
16:23:11.0142 2032 NetBIOS - ok
16:23:11.0188 2032 netbt (fc2c792ebddc8e28df939d6a92c83d61) C:\Windows\system32\DRIVERS\netbt.sys
16:23:11.0188 2032 netbt - ok
16:23:11.0376 2032 NETw5v64 (6d27b976934afc67f09a9553c2ce1309) C:\Windows\system32\DRIVERS\NETw5v64.sys
16:23:11.0454 2032 NETw5v64 - ok
16:23:11.0532 2032 nfrd960 (4ac08bd6af2df42e0c3196d826c8aea7) C:\Windows\system32\drivers\nfrd960.sys
16:23:11.0532 2032 nfrd960 - ok
16:23:11.0578 2032 Npfs (b298874f8e0ea93f06ec40aa8d146478) C:\Windows\system32\drivers\Npfs.sys
16:23:11.0578 2032 Npfs - ok
16:23:11.0578 2032 nsiproxy (1523af19ee8b030ba682f7a53537eaeb) C:\Windows\system32\drivers\nsiproxy.sys
16:23:11.0594 2032 nsiproxy - ok
16:23:11.0641 2032 Ntfs (bac869dfb98e499ba4d9bb1fb43270e1) C:\Windows\system32\drivers\Ntfs.sys
16:23:11.0672 2032 Ntfs - ok
16:23:11.0766 2032 Null (dd5d684975352b85b52e3fd5347c20cb) C:\Windows\system32\drivers\Null.sys
16:23:11.0766 2032 Null - ok
16:23:11.0797 2032 nvraid (2c040b7ada5b06f6facadac8514aa034) C:\Windows\system32\drivers\nvraid.sys
16:23:11.0797 2032 nvraid - ok
16:23:11.0828 2032 nvstor (f7ea0fe82842d05eda3efdd376dbfdba) C:\Windows\system32\drivers\nvstor.sys
16:23:11.0828 2032 nvstor - ok
16:23:11.0844 2032 nv_agp (19067ca93075ef4823e3938a686f532f) C:\Windows\system32\drivers\nv_agp.sys
16:23:11.0859 2032 nv_agp - ok
16:23:11.0859 2032 NwlnkFlt - ok
16:23:11.0875 2032 NwlnkFwd - ok
16:23:11.0922 2032 OA001Ufd (d09cc91e92fd1ff81af3a14be2cbb20d) C:\Windows\system32\DRIVERS\OA001Ufd.sys
16:23:11.0922 2032 OA001Ufd - ok
16:23:11.0953 2032 OA001Vid (a42cb6914ad67e1584e807ce53f1e62c) C:\Windows\system32\DRIVERS\OA001Vid.sys
16:23:11.0953 2032 OA001Vid - ok
16:23:12.0031 2032 ohci1394 (b5b1ce65ac15bbd11c0619e3ef7cfc28) C:\Windows\system32\DRIVERS\ohci1394.sys
16:23:12.0031 2032 ohci1394 - ok
16:23:12.0109 2032 Packet (43e24699a18126f11e3d9bf6db85518b) C:\Windows\system32\DRIVERS\packet.sys
16:23:12.0109 2032 Packet - ok
16:23:12.0156 2032 Parport (aecd57f94c887f58919f307c35498ea0) C:\Windows\system32\drivers\parport.sys
16:23:12.0156 2032 Parport - ok
16:23:12.0187 2032 partmgr (f9b5eda4c17a2be7663f064dbf0fe254) C:\Windows\system32\drivers\partmgr.sys
16:23:12.0187 2032 partmgr - ok
16:23:12.0202 2032 pci (47ab1e0fc9d0e12bb53ba246e3a0906d) C:\Windows\system32\drivers\pci.sys
16:23:12.0218 2032 pci - ok
16:23:12.0249 2032 pciide (8d618c829034479985a9ed56106cc732) C:\Windows\system32\drivers\pciide.sys
16:23:12.0249 2032 pciide - ok
16:23:12.0280 2032 pcmcia (037661f3d7c507c9993b7010ceee6288) C:\Windows\system32\drivers\pcmcia.sys
16:23:12.0280 2032 pcmcia - ok
16:23:12.0358 2032 PEAUTH (58865916f53592a61549b04941bfd80d) C:\Windows\system32\drivers\peauth.sys
16:23:12.0374 2032 PEAUTH - ok
16:23:12.0436 2032 PGPdisk (085dc0f095f5b224f68394d04c64bc25) C:\Windows\system32\drivers\PGPdisk.sys
16:23:12.0452 2032 PGPdisk - ok
16:23:12.0483 2032 pgpfs (51d986814f8388bf0f99583fb73dcf3a) C:\Windows\system32\Drivers\PGPfsfd.sys
16:23:12.0483 2032 pgpfs - ok
16:23:12.0499 2032 PGPsdkDriver (bdd217ec73121e607db9200c428acd73) C:\Windows\system32\Drivers\PGPsdk.sys
16:23:12.0514 2032 PGPsdkDriver - ok
16:23:12.0577 2032 PGPwded (b7b006d7de8c566c77fac61c7939f70d) C:\Windows\system32\drivers\PGPwded.sys
16:23:12.0592 2032 PGPwded - ok
16:23:12.0639 2032 Pgpwdefs (9a4bdeafad488656922e06efd4364394) C:\Windows\system32\DRIVERS\Pgpwdefs.sys
16:23:12.0639 2032 Pgpwdefs - ok
16:23:12.0702 2032 PptpMiniport (23386e9952025f5f21c368971e2e7301) C:\Windows\system32\DRIVERS\raspptp.sys
16:23:12.0702 2032 PptpMiniport - ok
16:23:12.0733 2032 Processor (5080e59ecee0bc923f14018803aa7a01) C:\Windows\system32\drivers\processr.sys
16:23:12.0733 2032 Processor - ok
16:23:12.0795 2032 PSched (c5ab7f0809392d0da027f4a2a81bfa31) C:\Windows\system32\DRIVERS\pacer.sys
16:23:12.0795 2032 PSched - ok
16:23:12.0842 2032 PxHelp20 - ok
16:23:12.0873 2032 PxHlpa64 (46851bc18322da70f3f2299a1007c479) C:\Windows\system32\Drivers\PxHlpa64.sys
16:23:12.0873 2032 PxHlpa64 - ok
16:23:12.0967 2032 ql2300 (0b83f4e681062f3839be2ec1d98fd94a) C:\Windows\system32\drivers\ql2300.sys
16:23:12.0982 2032 ql2300 - ok
16:23:13.0045 2032 ql40xx (e1c80f8d4d1e39ef9595809c1369bf2a) C:\Windows\system32\drivers\ql40xx.sys
16:23:13.0045 2032 ql40xx - ok
16:23:13.0107 2032 qrkis (e92ca234469cc386ad81b9db924fe9d4) C:\Windows\system32\DRIVERS\qrkis.sys
16:23:13.0123 2032 qrkis - ok
16:23:13.0154 2032 QWAVEdrv (e8d76edab77ec9c634c27b8eac33adc5) C:\Windows\system32\drivers\qwavedrv.sys
16:23:13.0154 2032 QWAVEdrv - ok
16:23:13.0279 2032 R300 (2a09a6b271d1f50adf5e33b37d460de6) C:\Windows\system32\DRIVERS\atikmdag.sys
16:23:13.0310 2032 R300 - ok
16:23:13.0435 2032 RasAcd (1013b3b663a56d3ddd784f581c1bd005) C:\Windows\system32\DRIVERS\rasacd.sys
16:23:13.0435 2032 RasAcd - ok
16:23:13.0482 2032 Rasl2tp (ac7bc4d42a7e558718dfdec599bbfc2c) C:\Windows\system32\DRIVERS\rasl2tp.sys
16:23:13.0482 2032 Rasl2tp - ok
16:23:13.0513 2032 RasPppoe (4517fbf8b42524afe4ede1de102aae3e) C:\Windows\system32\DRIVERS\raspppoe.sys
16:23:13.0513 2032 RasPppoe - ok
16:23:13.0544 2032 RasSstp (c6a593b51f34c33e5474539544072527) C:\Windows\system32\DRIVERS\rassstp.sys
16:23:13.0544 2032 RasSstp - ok
16:23:13.0575 2032 rdbss (322db5c6b55e8d8ee8d6f358b2aaabb1) C:\Windows\system32\DRIVERS\rdbss.sys
16:23:13.0575 2032 rdbss - ok
16:23:13.0638 2032 RDPCDD (603900cc05f6be65ccbf373800af3716) C:\Windows\system32\DRIVERS\RDPCDD.sys
16:23:13.0638 2032 RDPCDD - ok
16:23:13.0669 2032 rdpdr (c045d1fb111c28df0d1be8d4bda22c06) C:\Windows\system32\drivers\rdpdr.sys
16:23:13.0684 2032 rdpdr - ok
16:23:13.0731 2032 RDPENCDD (cab9421daf3d97b33d0d055858e2c3ab) C:\Windows\system32\drivers\rdpencdd.sys
16:23:13.0731 2032 RDPENCDD - ok
16:23:13.0778 2032 RDPWD (b1d741c87cea8d7282146366cc9c3f81) C:\Windows\system32\drivers\RDPWD.sys
16:23:13.0778 2032 RDPWD - ok
16:23:13.0825 2032 rimmptsk (d13d70fac45fc1df69f88559b1f72f0a) C:\Windows\system32\DRIVERS\rimmpx64.sys
16:23:13.0825 2032 rimmptsk - ok
16:23:13.0840 2032 rimsptsk (bb9edc55b0b8cb4fcd713428820e0776) C:\Windows\system32\DRIVERS\rimspx64.sys
16:23:13.0840 2032 rimsptsk - ok
16:23:13.0903 2032 RimUsb (5790bca445cc40df8b38c2c48608aac2) C:\Windows\system32\Drivers\RimUsb_AMD64.sys
16:23:13.0903 2032 RimUsb - ok
16:23:13.0981 2032 RimVSerPort (0de22421179d5a8440b68517ddf2b051) C:\Windows\system32\DRIVERS\RimSerial_AMD64.sys
16:23:13.0981 2032 RimVSerPort - ok
16:23:14.0012 2032 rismxdp (481c3fdeacaae04b74c58288dbc91df9) C:\Windows\system32\DRIVERS\rixdpx64.sys
16:23:14.0028 2032 rismxdp - ok
16:23:14.0059 2032 ROOTMODEM (6a0cf73b019cbc9255e23c9192ec3702) C:\Windows\system32\Drivers\RootMdm.sys
16:23:14.0059 2032 ROOTMODEM - ok
16:23:14.0090 2032 rspndr (22a9cb08b1a6707c1550c6bf099aae73) C:\Windows\system32\DRIVERS\rspndr.sys
16:23:14.0090 2032 rspndr - ok
16:23:14.0121 2032 sbp2port (cd9c693589c60ad59bbbcfb0e524e01b) C:\Windows\system32\drivers\sbp2port.sys
16:23:14.0121 2032 sbp2port - ok
16:23:14.0168 2032 sdbus (be100bc2be2513314c717bb2c4cfff10) C:\Windows\system32\DRIVERS\sdbus.sys
16:23:14.0168 2032 sdbus - ok
16:23:14.0184 2032 secdrv (3ea8a16169c26afbeb544e0e48421186) C:\Windows\system32\drivers\secdrv.sys
16:23:14.0199 2032 secdrv - ok
16:23:14.0230 2032 Serenum (f71bfe7ac6c52273b7c82cbf1bb2a222) C:\Windows\system32\drivers\serenum.sys
16:23:14.0230 2032 Serenum - ok
16:23:14.0308 2032 Serial (e62fac91ee288db29a9696a9d279929c) C:\Windows\system32\drivers\serial.sys
16:23:14.0308 2032 Serial - ok
16:23:14.0340 2032 sermouse (a842f04833684bceea7336211be478df) C:\Windows\system32\drivers\sermouse.sys
16:23:14.0340 2032 sermouse - ok
16:23:14.0402 2032 sffdisk (3a19c899bcf0ea24cfec2038e6a489db) C:\Windows\system32\DRIVERS\sffdisk.sys
16:23:14.0402 2032 sffdisk - ok
16:23:14.0480 2032 sffp_mmc (7073aee3f82f3d598e3825962aa98ab2) C:\Windows\system32\drivers\sffp_mmc.sys
16:23:14.0480 2032 sffp_mmc - ok
16:23:14.0511 2032 sffp_sd (fdca63a2eee528585eb66ceac183ec22) C:\Windows\system32\DRIVERS\sffp_sd.sys
16:23:14.0511 2032 sffp_sd - ok
16:23:14.0542 2032 sfloppy (6b7838c94135768bd455cbdc23e39e5f) C:\Windows\system32\drivers\sfloppy.sys
16:23:14.0558 2032 sfloppy - ok
16:23:14.0589 2032 SiSRaid2 (7a5de502aeb719d4594c6471060a78b3) C:\Windows\system32\drivers\sisraid2.sys
16:23:14.0589 2032 SiSRaid2 - ok
16:23:14.0605 2032 SiSRaid4 (3a2f769fab9582bc720e11ea1dfb184d) C:\Windows\system32\drivers\sisraid4.sys
16:23:14.0620 2032 SiSRaid4 - ok
16:23:14.0652 2032 Smb (290b6f6a0ec4fcdfc90f5cb6d7020473) C:\Windows\system32\DRIVERS\smb.sys
16:23:14.0652 2032 Smb - ok
16:23:14.0714 2032 spldr (386c3c63f00a7040c7ec5e384217e89d) C:\Windows\system32\drivers\spldr.sys
16:23:14.0730 2032 spldr - ok
16:23:14.0761 2032 srv (880a57fccb571ebd063d4dd50e93e46d) C:\Windows\system32\DRIVERS\srv.sys
16:23:14.0776 2032 srv - ok
16:23:14.0823 2032 srv2 (a1ad14a6d7a37891fffeca35ebbb0730) C:\Windows\system32\DRIVERS\srv2.sys
16:23:14.0823 2032 srv2 - ok
16:23:14.0854 2032 srvnet (4bed62f4fa4d8300973f1151f4c4d8a7) C:\Windows\system32\DRIVERS\srvnet.sys
16:23:14.0854 2032 srvnet - ok
16:23:14.0917 2032 STHDA (3281204b2e6049100d0ff04270c2aea5) C:\Windows\system32\DRIVERS\stwrt64.sys
16:23:14.0932 2032 STHDA - ok
16:23:14.0995 2032 StillCam (14b4db4381e4a55f570d8bb699b791d6) C:\Windows\system32\DRIVERS\serscan.sys
16:23:14.0995 2032 StillCam - ok
16:23:15.0073 2032 swenum (8a851ca908b8b974f89c50d2e18d4f0c) C:\Windows\system32\DRIVERS\swenum.sys
16:23:15.0073 2032 swenum - ok
16:23:15.0088 2032 swivsp (deed5e8a6ed680b8824de0e349f511ed) C:\Windows\system32\DRIVERS\swivspnt.sys
16:23:15.0088 2032 swivsp - ok
16:23:15.0088 2032 SWUMX20 - ok
16:23:15.0120 2032 Symc8xx (2f26a2c6fc96b29beff5d8ed74e6625b) C:\Windows\system32\drivers\symc8xx.sys
16:23:15.0120 2032 Symc8xx - ok
16:23:15.0151 2032 Sym_hi (a909667976d3bccd1df813fed517d837) C:\Windows\system32\drivers\sym_hi.sys
16:23:15.0151 2032 Sym_hi - ok
16:23:15.0166 2032 Sym_u3 (36887b56ec2d98b9c362f6ae4de5b7b0) C:\Windows\system32\drivers\sym_u3.sys
16:23:15.0166 2032 Sym_u3 - ok
16:23:15.0229 2032 Tcpip (4dad14118fbcf7c609f2a4ce21fbcc5f) C:\Windows\system32\drivers\tcpip.sys
16:23:15.0260 2032 Tcpip - ok
16:23:15.0354 2032 Tcpip6 (4dad14118fbcf7c609f2a4ce21fbcc5f) C:\Windows\system32\DRIVERS\tcpip.sys
16:23:15.0354 2032 Tcpip6 - ok
16:23:15.0385 2032 tcpipreg (c7e72a4071ee0200e3c075dacfb2b334) C:\Windows\system32\drivers\tcpipreg.sys
16:23:15.0385 2032 tcpipreg - ok
16:23:15.0432 2032 TDPIPE (1d8bf4aaa5fb7a2761475781dc1195bc) C:\Windows\system32\drivers\tdpipe.sys
16:23:15.0447 2032 TDPIPE - ok
16:23:15.0478 2032 TDTCP (7f7e00cdf609df657f4cda02dd1c9bb1) C:\Windows\system32\drivers\tdtcp.sys
16:23:15.0478 2032 TDTCP - ok
16:23:15.0510 2032 tdx (458919c8c42e398dc4802178d5ffee27) C:\Windows\system32\DRIVERS\tdx.sys
16:23:15.0510 2032 tdx - ok
16:23:15.0541 2032 TermDD (8c19678d22649ec002ef2282eae92f98) C:\Windows\system32\DRIVERS\termdd.sys
16:23:15.0541 2032 TermDD - ok
16:23:15.0588 2032 tssecsrv (9e5409cd17c8bef193aad498f3bc2cb8) C:\Windows\system32\DRIVERS\tssecsrv.sys
16:23:15.0588 2032 tssecsrv - ok
16:23:15.0697 2032 tunmp (89ec74a9e602d16a75a4170511029b3c) C:\Windows\system32\DRIVERS\tunmp.sys
16:23:15.0697 2032 tunmp - ok
16:23:15.0728 2032 tunnel (30a9b3f45ad081bffc3bcaa9c812b609) C:\Windows\system32\DRIVERS\tunnel.sys
16:23:15.0728 2032 tunnel - ok
16:23:15.0759 2032 uagp35 (fec266ef401966311744bd0f359f7f56) C:\Windows\system32\drivers\uagp35.sys
16:23:15.0759 2032 uagp35 - ok
16:23:15.0806 2032 udfs (faf2640a2a76ed03d449e443194c4c34) C:\Windows\system32\DRIVERS\udfs.sys
16:23:15.0806 2032 udfs - ok
16:23:15.0837 2032 uliagpkx (4ec9447ac3ab462647f60e547208ca00) C:\Windows\system32\drivers\uliagpkx.sys
16:23:15.0853 2032 uliagpkx - ok
16:23:15.0868 2032 uliahci (697f0446134cdc8f99e69306184fbbb4) C:\Windows\system32\drivers\uliahci.sys
16:23:15.0884 2032 uliahci - ok
16:23:15.0962 2032 UlSata (31707f09846056651ea2c37858f5ddb0) C:\Windows\system32\drivers\ulsata.sys
16:23:15.0962 2032 UlSata - ok
16:23:16.0040 2032 ulsata2 (85e5e43ed5b48c8376281bab519271b7) C:\Windows\system32\drivers\ulsata2.sys
16:23:16.0040 2032 ulsata2 - ok
16:23:16.0071 2032 umbus (46e9a994c4fed537dd951f60b86ad3f4) C:\Windows\system32\DRIVERS\umbus.sys
16:23:16.0071 2032 umbus - ok
16:23:16.0118 2032 USBAAPL64 (afbf3de5b9e662cd7124740f7199f2aa) C:\Windows\system32\Drivers\usbaapl64.sys
16:23:16.0118 2032 USBAAPL64 - ok
16:23:16.0165 2032 usbccgp (07e3498fc60834219d2356293da0fecc) C:\Windows\system32\DRIVERS\usbccgp.sys
16:23:16.0165 2032 usbccgp - ok
16:23:16.0196 2032 usbcir (9247f7e0b65852c1f6631480984d6ed2) C:\Windows\system32\drivers\usbcir.sys
16:23:16.0196 2032 usbcir - ok
16:23:16.0243 2032 usbehci (827e44de934a736ea31e91d353eb126f) C:\Windows\system32\DRIVERS\usbehci.sys
16:23:16.0243 2032 usbehci - ok
16:23:16.0290 2032 usbhub (bb35cd80a2ececfadc73569b3d70c7d1) C:\Windows\system32\DRIVERS\usbhub.sys
16:23:16.0290 2032 usbhub - ok
16:23:16.0352 2032 usbohci (eba14ef0c07cec233f1529c698d0d154) C:\Windows\system32\drivers\usbohci.sys
16:23:16.0352 2032 usbohci - ok
16:23:16.0399 2032 usbprint (28b693b6d31e7b9332c1bdcefef228c1) C:\Windows\system32\DRIVERS\usbprint.sys
16:23:16.0399 2032 usbprint - ok
16:23:16.0430 2032 usbscan (ea0bf666868964fbe8cb10e50c97b9f1) C:\Windows\system32\DRIVERS\usbscan.sys
16:23:16.0430 2032 usbscan - ok
16:23:16.0461 2032 USBSTOR (b854c1558fca0c269a38663e8b59b581) C:\Windows\system32\DRIVERS\USBSTOR.SYS
16:23:16.0477 2032 USBSTOR - ok
16:23:16.0492 2032 usbuhci (b2872cbf9f47316abd0e0c74a1aba507) C:\Windows\system32\DRIVERS\usbuhci.sys
16:23:16.0492 2032 usbuhci - ok
16:23:16.0524 2032 usb_rndisx (1e36bb1a3c5aaf2aa9fa9a126df8c16c) C:\Windows\system32\DRIVERS\usb8023x.sys
16:23:16.0524 2032 usb_rndisx - ok
16:23:16.0617 2032 vga (916b94bcf1e09873fff2d5fb11767bbc) C:\Windows\system32\DRIVERS\vgapnp.sys
16:23:16.0617 2032 vga - ok
16:23:16.0633 2032 VgaSave (b83ab16b51feda65dd81b8c59d114d63) C:\Windows\System32\drivers\vga.sys
16:23:16.0633 2032 VgaSave - ok
16:23:16.0695 2032 viaide (8294b6c3fdb6c33f24e150de647ecdaa) C:\Windows\system32\drivers\viaide.sys
16:23:16.0711 2032 viaide - ok
16:23:16.0742 2032 volmgr (2b7e885ed951519a12c450d24535dfca) C:\Windows\system32\drivers\volmgr.sys
16:23:16.0742 2032 volmgr - ok
16:23:16.0773 2032 volmgrx (cec5ac15277d75d9e5dec2e1c6eaf877) C:\Windows\system32\drivers\volmgrx.sys
16:23:16.0789 2032 volmgrx - ok
16:23:16.0820 2032 volsnap (5280aada24ab36b01a84a6424c475c8d) C:\Windows\system32\drivers\volsnap.sys
16:23:16.0836 2032 volsnap - ok
16:23:16.0882 2032 vsmraid (a68f455ed2673835209318dd61bfbb0e) C:\Windows\system32\drivers\vsmraid.sys
16:23:16.0882 2032 vsmraid - ok
16:23:16.0929 2032 WacomPen (fef8fe5923fead2cee4dfabfce3393a7) C:\Windows\system32\drivers\wacompen.sys
16:23:16.0929 2032 WacomPen - ok
16:23:16.0976 2032 Wanarp (b8e7049622300d20ba6d8be0c47c0cfd) C:\Windows\system32\DRIVERS\wanarp.sys
16:23:16.0976 2032 Wanarp - ok
16:23:16.0992 2032 Wanarpv6 (b8e7049622300d20ba6d8be0c47c0cfd) C:\Windows\system32\DRIVERS\wanarp.sys
16:23:16.0992 2032 Wanarpv6 - ok
16:23:17.0054 2032 Wd (0c17a0816f65b89e362e682ad5e7266e) C:\Windows\system32\drivers\wd.sys
16:23:17.0054 2032 Wd - ok
16:23:17.0116 2032 Wdf01000 (441bd2d7b4f98134c3a4f9fa570fd250) C:\Windows\system32\drivers\Wdf01000.sys
16:23:17.0163 2032 Wdf01000 - ok
16:23:17.0288 2032 winusb (7f2f9e48566b2087f2aaad258cb2a8d4) C:\Windows\system32\DRIVERS\winusb.sys
16:23:17.0288 2032 winusb - ok
16:23:17.0319 2032 WmiAcpi (e18aebaaa5a773fe11aa2c70f65320f5) C:\Windows\system32\DRIVERS\wmiacpi.sys
16:23:17.0319 2032 WmiAcpi - ok
16:23:17.0382 2032 ws2ifsl (8a900348370e359b6bff6a550e4649e1) C:\Windows\system32\drivers\ws2ifsl.sys
16:23:17.0382 2032 ws2ifsl - ok
16:23:17.0460 2032 WudfPf (7cadc74271dd6461c452c271b30bd378) C:\Windows\system32\drivers\WudfPf.sys
16:23:17.0460 2032 WudfPf - ok
16:23:17.0522 2032 WUDFRd (3b197af0fff08aa66b6b2241ca538d64) C:\Windows\system32\DRIVERS\WUDFRd.sys
16:23:17.0522 2032 WUDFRd - ok
16:23:17.0584 2032 MBR (0x1B8) (cdb4de4bbd714f152979da2dcbef57eb) \Device\Harddisk0\DR0
16:23:17.0600 2032 \Device\Harddisk0\DR0 - ok
16:23:17.0616 2032 Boot (0x1200) (3022ed99800e16314a31f9c9f6d898e6) \Device\Harddisk0\DR0\Partition0
16:23:17.0616 2032 \Device\Harddisk0\DR0\Partition0 - ok
16:23:17.0616 2032 Boot (0x1200) (f880b7fde141c38fdf3d76d02dbe7b9a) \Device\Harddisk0\DR0\Partition1
16:23:17.0616 2032 \Device\Harddisk0\DR0\Partition1 - ok
16:23:17.0616 2032 ============================================================
16:23:17.0616 2032 Scan finished
16:23:17.0616 2032 ============================================================
16:23:17.0631 0944 Detected object count: 0
16:23:17.0631 0944 Actual detected object count: 0
16:27:23.0940 2020 Deinitialize success

Blade81
2011-10-04, 17:38
Hi,

May I see TDSSKiller log from the first run too, please?

ellybug
2011-10-04, 19:31
17:49:58.0478 1912 TDSS rootkit removing tool 2.6.2.0 Sep 26 2011 18:56:43
17:50:00.0480 1912 ============================================================
17:50:00.0480 1912 Current date / time: 2011/10/02 17:50:00.0480
17:50:00.0480 1912 SystemInfo:
17:50:00.0480 1912
17:50:00.0480 1912 OS Version: 6.0.6002 ServicePack: 2.0
17:50:00.0480 1912 Product type: Workstation
17:50:00.0480 1912 ComputerName: DELLYBUG
17:50:00.0480 1912 UserName: elly
17:50:00.0480 1912 Windows directory: C:\Windows
17:50:00.0480 1912 System windows directory: C:\Windows
17:50:00.0480 1912 Running under WOW64
17:50:00.0480 1912 Processor architecture: Intel x64
17:50:00.0480 1912 Number of processors: 2
17:50:00.0480 1912 Page size: 0x1000
17:50:00.0480 1912 Boot type: Normal boot
17:50:00.0480 1912 ============================================================
17:50:01.0347 1912 Initialize success
17:50:08.0034 5288 ============================================================
17:50:08.0034 5288 Scan started
17:50:08.0034 5288 Mode: Manual;
17:50:08.0034 5288 ============================================================
17:50:09.0895 5288 ACPI (1965aaffab07e3fb03c77f81beba3547) C:\Windows\system32\drivers\acpi.sys
17:50:09.0901 5288 ACPI - ok
17:50:09.0969 5288 adp94xx (f14215e37cf124104575073f782111d2) C:\Windows\system32\drivers\adp94xx.sys
17:50:09.0979 5288 adp94xx - ok
17:50:10.0010 5288 adpahci (7d05a75e3066861a6610f7ee04ff085c) C:\Windows\system32\drivers\adpahci.sys
17:50:10.0017 5288 adpahci - ok
17:50:10.0105 5288 adpu160m (820a201fe08a0c345b3bedbc30e1a77c) C:\Windows\system32\drivers\adpu160m.sys
17:50:10.0108 5288 adpu160m - ok
17:50:10.0183 5288 adpu320 (9b4ab6854559dc168fbb4c24fc52e794) C:\Windows\system32\drivers\adpu320.sys
17:50:10.0187 5288 adpu320 - ok
17:50:10.0260 5288 AFD (0cc146c4addea45791b18b1e2659f4a9) C:\Windows\system32\drivers\afd.sys
17:50:10.0270 5288 AFD - ok
17:50:10.0351 5288 agp440 (f6f6793b7f17b550ecfdbd3b229173f7) C:\Windows\system32\drivers\agp440.sys
17:50:10.0353 5288 agp440 - ok
17:50:10.0419 5288 aic78xx (222cb641b4b8a1d1126f8033f9fd6a00) C:\Windows\system32\drivers\djsvs.sys
17:50:10.0422 5288 aic78xx - ok
17:50:10.0464 5288 aliide (9544c2c55541c0c6bfd7b489d0e7d430) C:\Windows\system32\drivers\aliide.sys
17:50:10.0465 5288 aliide - ok
17:50:10.0500 5288 amdide (970fa5059e61e30d25307b99903e991e) C:\Windows\system32\drivers\amdide.sys
17:50:10.0502 5288 amdide - ok
17:50:10.0578 5288 AmdK8 (cdc3632a3a5ea4dbb83e46076a3165a1) C:\Windows\system32\drivers\amdk8.sys
17:50:10.0580 5288 AmdK8 - ok
17:50:10.0640 5288 ApfiltrService (8c85c812569df851e7a2159147323dfa) C:\Windows\system32\DRIVERS\Apfiltr.sys
17:50:10.0642 5288 ApfiltrService - ok
17:50:10.0792 5288 arc (ba8417d4765f3988ff921f30f630e303) C:\Windows\system32\drivers\arc.sys
17:50:10.0795 5288 arc - ok
17:50:10.0845 5288 arcsas (9d41c435619733b34cc16a511e644b11) C:\Windows\system32\drivers\arcsas.sys
17:50:10.0848 5288 arcsas - ok
17:50:10.0885 5288 AsyncMac (22d13ff3dafec2a80634752b1eaa2de6) C:\Windows\system32\DRIVERS\asyncmac.sys
17:50:10.0886 5288 AsyncMac - ok
17:50:10.0922 5288 atapi (e68d9b3a3905619732f7fe039466a623) C:\Windows\system32\drivers\atapi.sys
17:50:10.0923 5288 atapi - ok
17:50:11.0066 5288 AvgLdx64 (276c5b14336452c8ce547ed5d00e0e62) C:\Windows\System32\Drivers\avgldx64.sys
17:50:11.0070 5288 AvgLdx64 - ok
17:50:11.0094 5288 AvgMfx64 (b9c21c3753dcbccac6b62e1a560eb6f7) C:\Windows\System32\Drivers\avgmfx64.sys
17:50:11.0095 5288 AvgMfx64 - ok
17:50:11.0128 5288 AvgTdiA (86d08cf28005f7f626a84d512f84d6c2) C:\Windows\System32\Drivers\avgtdia.sys
17:50:11.0130 5288 AvgTdiA - ok
17:50:11.0180 5288 Beep - ok
17:50:11.0268 5288 blbdrive (79feeb40056683f8f61398d81dda65d2) C:\Windows\system32\drivers\blbdrive.sys
17:50:11.0270 5288 blbdrive - ok
17:50:11.0316 5288 bowser (2348447a80920b2493a9b582a23e81e1) C:\Windows\system32\DRIVERS\bowser.sys
17:50:11.0317 5288 bowser - ok
17:50:11.0418 5288 BrFiltLo (f09eee9edc320b5e1501f749fde686c8) C:\Windows\system32\drivers\brfiltlo.sys
17:50:11.0420 5288 BrFiltLo - ok
17:50:11.0464 5288 BrFiltUp (b114d3098e9bdb8bea8b053685831be6) C:\Windows\system32\drivers\brfiltup.sys
17:50:11.0465 5288 BrFiltUp - ok
17:50:11.0520 5288 Brserid (f0f0ba4d815be446aa6a4583ca3bca9b) C:\Windows\system32\drivers\brserid.sys
17:50:11.0523 5288 Brserid - ok
17:50:11.0591 5288 BrSerIf (34f6c504b150f99dae69d7073d2a4df4) C:\Windows\system32\DRIVERS\BrSerIf.sys
17:50:11.0593 5288 BrSerIf - ok
17:50:11.0638 5288 BrSerWdm (a6eca2151b08a09caceca35c07f05b42) C:\Windows\system32\drivers\brserwdm.sys
17:50:11.0640 5288 BrSerWdm - ok
17:50:11.0680 5288 BrUsbMdm (b79968002c277e869cf38bd22cd61524) C:\Windows\system32\drivers\brusbmdm.sys
17:50:11.0681 5288 BrUsbMdm - ok
17:50:11.0720 5288 BrUsbSer (601cb966fffebc6806626dc8e7aa0ef2) C:\Windows\system32\DRIVERS\BrUsbSer.sys
17:50:11.0721 5288 BrUsbSer - ok
17:50:11.0754 5288 BTHMODEM (e0777b34e05f8a82a21856efc900c29f) C:\Windows\system32\drivers\bthmodem.sys
17:50:11.0756 5288 BTHMODEM - ok
17:50:11.0775 5288 catchme - ok
17:50:11.0848 5288 cdfs (b4d787db8d30793a4d4df9feed18f136) C:\Windows\system32\DRIVERS\cdfs.sys
17:50:11.0850 5288 cdfs - ok
17:50:11.0886 5288 cdrom (c025aa69be3d0d25c7a2e746ef6f94fc) C:\Windows\system32\DRIVERS\cdrom.sys
17:50:11.0887 5288 cdrom - ok
17:50:11.0923 5288 circlass (02ea568d498bbdd4ba55bf3fce34d456) C:\Windows\system32\DRIVERS\circlass.sys
17:50:11.0924 5288 circlass - ok
17:50:11.0967 5288 CLFS (3dca9a18b204939cfb24bea53e31eb48) C:\Windows\system32\CLFS.sys
17:50:11.0974 5288 CLFS - ok
17:50:12.0036 5288 CmBatt (b52d9a14ce4101577900a364ba86f3df) C:\Windows\system32\DRIVERS\CmBatt.sys
17:50:12.0037 5288 CmBatt - ok
17:50:12.0105 5288 cmdide (e5d5499a1c50a54b5161296b6afe6192) C:\Windows\system32\drivers\cmdide.sys
17:50:12.0117 5288 cmdide - ok
17:50:12.0145 5288 Compbatt (7fb8ad01db0eabe60c8a861531a8f431) C:\Windows\system32\DRIVERS\compbatt.sys
17:50:12.0145 5288 Compbatt - ok
17:50:12.0161 5288 crcdisk (a8585b6412253803ce8efcbd6d6dc15c) C:\Windows\system32\drivers\crcdisk.sys
17:50:12.0161 5288 crcdisk - ok
17:50:12.0239 5288 DfsC (8b722ba35205c71e7951cdc4cdbade19) C:\Windows\system32\Drivers\dfsc.sys
17:50:12.0240 5288 DfsC - ok
17:50:12.0309 5288 disk (b0107e40ecdb5fa692ebf832f295d905) C:\Windows\system32\drivers\disk.sys
17:50:12.0310 5288 disk - ok
17:50:12.0444 5288 drmkaud (f1a78a98cfc2ee02144c6bec945447e6) C:\Windows\system32\drivers\drmkaud.sys
17:50:12.0445 5288 drmkaud - ok
17:50:12.0510 5288 DXGKrnl (b8e554e502d5123bc111f99d6a2181b4) C:\Windows\System32\drivers\dxgkrnl.sys
17:50:12.0519 5288 DXGKrnl - ok
17:50:12.0582 5288 e1express (17d40652ef3e55eeae187a89df40965a) C:\Windows\system32\DRIVERS\e1e6032e.sys
17:50:12.0588 5288 e1express - ok
17:50:12.0682 5288 E1G60 (264cee7b031a9d6c827f3d0cb031f2fe) C:\Windows\system32\DRIVERS\E1G6032E.sys
17:50:12.0686 5288 E1G60 - ok
17:50:12.0740 5288 Ecache (5f94962be5a62db6e447ff6470c4f48a) C:\Windows\system32\drivers\ecache.sys
17:50:12.0743 5288 Ecache - ok
17:50:12.0800 5288 elxstor (c4636d6e10469404ab5308d9fd45ed07) C:\Windows\system32\drivers\elxstor.sys
17:50:12.0808 5288 elxstor - ok
17:50:12.0880 5288 ErrDev (bc3a58e938bb277e46bf4b3003b01abd) C:\Windows\system32\drivers\errdev.sys
17:50:12.0909 5288 ErrDev - ok
17:50:13.0055 5288 ewusbnet (0b8880f8d9a781670557307e2bca6bd6) C:\Windows\system32\DRIVERS\ewusbnet.sys
17:50:13.0058 5288 ewusbnet - ok
17:50:13.0278 5288 exfat (486844f47b6636044a42454614ed4523) C:\Windows\system32\drivers\exfat.sys
17:50:13.0282 5288 exfat - ok
17:50:13.0337 5288 fastfat (1a4bee34277784619ddaf0422c0c6e23) C:\Windows\system32\drivers\fastfat.sys
17:50:13.0341 5288 fastfat - ok
17:50:13.0380 5288 fdc (81b79b6df71fa1d2c6d688d830616e39) C:\Windows\system32\DRIVERS\fdc.sys
17:50:13.0381 5288 fdc - ok
17:50:13.0414 5288 FileInfo (457b7d1d533e4bd62a99aed9c7bb4c59) C:\Windows\system32\drivers\fileinfo.sys
17:50:13.0415 5288 FileInfo - ok
17:50:13.0440 5288 Filetrace (d421327fd6efccaf884a54c58e1b0d7f) C:\Windows\system32\drivers\filetrace.sys
17:50:13.0442 5288 Filetrace - ok
17:50:13.0495 5288 flpydisk (230923ea2b80f79b0f88d90f87b87ebd) C:\Windows\system32\DRIVERS\flpydisk.sys
17:50:13.0496 5288 flpydisk - ok
17:50:13.0573 5288 FltMgr (e3041bc26d6930d61f42aedb79c91720) C:\Windows\system32\drivers\fltmgr.sys
17:50:13.0604 5288 FltMgr - ok
17:50:13.0678 5288 Fs_Rec (29d99e860a1ca0a03c6a733fdd0da703) C:\Windows\system32\drivers\Fs_Rec.sys
17:50:13.0680 5288 Fs_Rec - ok
17:50:13.0733 5288 gagp30kx (c8e416668d3dc2be3d4fe4c79224997f) C:\Windows\system32\drivers\gagp30kx.sys
17:50:13.0735 5288 gagp30kx - ok
17:50:13.0787 5288 GEARAspiWDM (e403aacf8c7bb11375122d2464560311) C:\Windows\system32\DRIVERS\GEARAspiWDM.sys
17:50:13.0787 5288 GEARAspiWDM - ok
17:50:13.0902 5288 HDAudBus (f942c5820205f2fb453243edfec82a3d) C:\Windows\system32\DRIVERS\HDAudBus.sys
17:50:13.0920 5288 HDAudBus - ok
17:50:13.0976 5288 HidBth (b4881c84a180e75b8c25dc1d726c375f) C:\Windows\system32\drivers\hidbth.sys
17:50:13.0993 5288 HidBth - ok
17:50:14.0024 5288 HidIr (5f47839455d01ff6403b008d481a6f5b) C:\Windows\system32\DRIVERS\hidir.sys
17:50:14.0025 5288 HidIr - ok
17:50:14.0072 5288 HidUsb (128e2da8483fdd4dd0c7b3f9abd6f323) C:\Windows\system32\DRIVERS\hidusb.sys
17:50:14.0073 5288 HidUsb - ok
17:50:14.0227 5288 HpCISSs (d7109a1e6bd2dfdbcba72a6bc626a13b) C:\Windows\system32\drivers\hpcisss.sys
17:50:14.0229 5288 HpCISSs - ok
17:50:14.0312 5288 HtcUsbMdmV64 (33aa4b9ad32a5be6285a471f8a767e5b) C:\Windows\system32\DRIVERS\HtcUsbMdmV64.sys
17:50:14.0327 5288 HtcUsbMdmV64 - ok
17:50:14.0410 5288 HtcVCom32 (be364aee7f85a36d536eba47a17536eb) C:\Windows\system32\DRIVERS\HtcVComV64.sys
17:50:14.0433 5288 HtcVCom32 - ok
17:50:14.0548 5288 HTTP (098f1e4e5c9cb5b0063a959063631610) C:\Windows\system32\drivers\HTTP.sys
17:50:14.0580 5288 HTTP - ok
17:50:14.0824 5288 hwdatacard (3e31c1470aba81ba2dcb956f8504c037) C:\Windows\system32\DRIVERS\ewusbmdm.sys
17:50:14.0852 5288 hwdatacard - ok
17:50:14.0968 5288 i2omp (da94c854cea5fac549d4e1f6e88349e8) C:\Windows\system32\drivers\i2omp.sys
17:50:14.0970 5288 i2omp - ok
17:50:15.0026 5288 i8042prt (cbb597659a2713ce0c9cc20c88c7591f) C:\Windows\system32\DRIVERS\i8042prt.sys
17:50:15.0027 5288 i8042prt - ok
17:50:15.0083 5288 iaStorV (3e3bf3627d886736d0b4e90054f929f6) C:\Windows\system32\drivers\iastorv.sys
17:50:15.0090 5288 iaStorV - ok
17:50:15.0429 5288 igfx (677aa5991026a65ada128c4b59cf2bad) C:\Windows\system32\DRIVERS\igdkmd64.sys
17:50:15.0650 5288 igfx - ok
17:50:15.0740 5288 iirsp (8c3951ad2fe886ef76c7b5027c3125d3) C:\Windows\system32\drivers\iirsp.sys
17:50:15.0742 5288 iirsp - ok
17:50:15.0793 5288 IntcHdmiAddService (dea2ab452b4fa773187369c4b6517320) C:\Windows\system32\drivers\IntcHdmi.sys
17:50:15.0796 5288 IntcHdmiAddService - ok
17:50:15.0849 5288 intelide (df797a12176f11b2d301c5b234bb200e) C:\Windows\system32\drivers\intelide.sys
17:50:15.0850 5288 intelide - ok
17:50:15.0889 5288 intelppm (bfd84af32fa1bad6231c4585cb469630) C:\Windows\system32\DRIVERS\intelppm.sys
17:50:15.0890 5288 intelppm - ok
17:50:15.0954 5288 IpFilterDriver (d8aabc341311e4780d6fce8c73c0ad81) C:\Windows\system32\DRIVERS\ipfltdrv.sys
17:50:15.0957 5288 IpFilterDriver - ok
17:50:15.0974 5288 IpInIp - ok
17:50:16.0017 5288 IPMIDRV (9c2ee2e6e5a7203bfae15c299475ec67) C:\Windows\system32\drivers\ipmidrv.sys
17:50:16.0020 5288 IPMIDRV - ok
17:50:16.0138 5288 IPNAT (b7e6212f581ea5f6ab0c3a6ceeeb89be) C:\Windows\system32\DRIVERS\ipnat.sys
17:50:16.0142 5288 IPNAT - ok
17:50:16.0193 5288 IRENUM (8c42ca155343a2f11d29feca67faa88d) C:\Windows\system32\drivers\irenum.sys
17:50:16.0195 5288 IRENUM - ok
17:50:16.0277 5288 isapnp (0672bfcedc6fc468a2b0500d81437f4f) C:\Windows\system32\drivers\isapnp.sys
17:50:16.0278 5288 isapnp - ok
17:50:16.0343 5288 iScsiPrt (e4fdf99599f27ec25d2cf6d754243520) C:\Windows\system32\DRIVERS\msiscsi.sys
17:50:16.0344 5288 iScsiPrt - ok
17:50:16.0367 5288 iteatapi (63c766cdc609ff8206cb447a65abba4a) C:\Windows\system32\drivers\iteatapi.sys
17:50:16.0369 5288 iteatapi - ok
17:50:16.0400 5288 itecir (5fef11c18ec25cdcb27e6c8680690b69) C:\Windows\system32\DRIVERS\itecir.sys
17:50:16.0402 5288 itecir - ok
17:50:16.0444 5288 iteraid (1281fe73b17664631d12f643cbea3f59) C:\Windows\system32\drivers\iteraid.sys
17:50:16.0446 5288 iteraid - ok
17:50:16.0545 5288 k57nd60a (2798447996feb5a58b584c8443acad02) C:\Windows\system32\DRIVERS\k57nd60a.sys
17:50:16.0549 5288 k57nd60a - ok
17:50:16.0578 5288 kbdclass (423696f3ba6472dd17699209b933bc26) C:\Windows\system32\DRIVERS\kbdclass.sys
17:50:16.0578 5288 kbdclass - ok
17:50:16.0600 5288 kbdhid (dbdf75d51464fbc47d0104ec3d572c05) C:\Windows\system32\DRIVERS\kbdhid.sys
17:50:16.0601 5288 kbdhid - ok
17:50:16.0682 5288 KSecDD (476e2c1dcea45895994bef11c2a98715) C:\Windows\system32\Drivers\ksecdd.sys
17:50:16.0691 5288 KSecDD - ok
17:50:16.0761 5288 ksthunk (1d419cf43db29396ecd7113d129d94eb) C:\Windows\system32\drivers\ksthunk.sys
17:50:16.0762 5288 ksthunk - ok
17:50:16.0793 5288 lltdio (96ece2659b6654c10a0c310ae3a6d02c) C:\Windows\system32\DRIVERS\lltdio.sys
17:50:16.0795 5288 lltdio - ok
17:50:16.0838 5288 LSI_FC (acbe1af32d3123e330a07bfbc5ec4a9b) C:\Windows\system32\drivers\lsi_fc.sys
17:50:16.0841 5288 LSI_FC - ok
17:50:16.0877 5288 LSI_SAS (799ffb2fc4729fa46d2157c0065b3525) C:\Windows\system32\drivers\lsi_sas.sys
17:50:16.0880 5288 LSI_SAS - ok
17:50:16.0932 5288 LSI_SCSI (f445ff1daad8a226366bfaf42551226b) C:\Windows\system32\drivers\lsi_scsi.sys
17:50:16.0935 5288 LSI_SCSI - ok
17:50:16.0963 5288 luafv (52f87b9cc8932c2a7375c3b2a9be5e3e) C:\Windows\system32\drivers\luafv.sys
17:50:16.0964 5288 luafv - ok
17:50:17.0000 5288 megasas (5c5cd6aaced32fb26c3fb34b3dcf972f) C:\Windows\system32\drivers\megasas.sys
17:50:17.0002 5288 megasas - ok
17:50:17.0043 5288 MegaSR (859bc2436b076c77c159ed694acfe8f8) C:\Windows\system32\drivers\megasr.sys
17:50:17.0051 5288 MegaSR - ok
17:50:17.0145 5288 Modem (59848d5cc74606f0ee7557983bb73c2e) C:\Windows\system32\drivers\modem.sys
17:50:17.0146 5288 Modem - ok
17:50:17.0184 5288 monitor (c247cc2a57e0a0c8c6dccf7807b3e9e5) C:\Windows\system32\DRIVERS\monitor.sys
17:50:17.0185 5288 monitor - ok
17:50:17.0229 5288 mouclass (9367304e5e412b120cf5f4ea14e4e4f1) C:\Windows\system32\DRIVERS\mouclass.sys
17:50:17.0230 5288 mouclass - ok
17:50:17.0270 5288 mouhid (c2c2bd5c5ce5aaf786ddd74b75d2ac69) C:\Windows\system32\DRIVERS\mouhid.sys
17:50:17.0271 5288 mouhid - ok
17:50:17.0294 5288 MountMgr (11bc9b1e8801b01f7f6adb9ead30019b) C:\Windows\system32\drivers\mountmgr.sys
17:50:17.0296 5288 MountMgr - ok
17:50:17.0324 5288 mpio (f8276eb8698142884498a528dfea8478) C:\Windows\system32\drivers\mpio.sys
17:50:17.0327 5288 mpio - ok
17:50:17.0350 5288 mpsdrv (c92b9abdb65a5991e00c28f13491dba2) C:\Windows\system32\drivers\mpsdrv.sys
17:50:17.0352 5288 mpsdrv - ok
17:50:17.0378 5288 Mraid35x (3c200630a89ef2c0864d515b7a75802e) C:\Windows\system32\drivers\mraid35x.sys
17:50:17.0380 5288 Mraid35x - ok
17:50:17.0417 5288 MRxDAV (7c1de4aa96dc0c071611f9e7de02a68d) C:\Windows\system32\drivers\mrxdav.sys
17:50:17.0419 5288 MRxDAV - ok
17:50:17.0451 5288 mrxsmb (1485811b320ff8c7edad1caebb1c6c2b) C:\Windows\system32\DRIVERS\mrxsmb.sys
17:50:17.0453 5288 mrxsmb - ok
17:50:17.0541 5288 mrxsmb10 (3b929a60c833fc615fd97fba82bc7632) C:\Windows\system32\DRIVERS\mrxsmb10.sys
17:50:17.0546 5288 mrxsmb10 - ok
17:50:17.0570 5288 mrxsmb20 (c64ab3e1f53b4f5b5bb6d796b2d7bec3) C:\Windows\system32\DRIVERS\mrxsmb20.sys
17:50:17.0572 5288 mrxsmb20 - ok
17:50:17.0611 5288 msahci (aa459f2ab3ab603c357ff117cae3d818) C:\Windows\system32\drivers\msahci.sys
17:50:17.0612 5288 msahci - ok
17:50:17.0654 5288 msdsm (264bbb4aaf312a485f0e44b65a6b7202) C:\Windows\system32\drivers\msdsm.sys
17:50:17.0657 5288 msdsm - ok
17:50:17.0692 5288 Msfs (704f59bfc4512d2bb0146aec31b10a7c) C:\Windows\system32\drivers\Msfs.sys
17:50:17.0692 5288 Msfs - ok
17:50:17.0707 5288 msisadrv (00ebc952961664780d43dca157e79b27) C:\Windows\system32\drivers\msisadrv.sys
17:50:17.0708 5288 msisadrv - ok
17:50:17.0741 5288 MSKSSRV (0ea73e498f53b96d83dbfca074ad4cf8) C:\Windows\system32\drivers\MSKSSRV.sys
17:50:17.0743 5288 MSKSSRV - ok
17:50:17.0838 5288 MSPCLOCK (52e59b7e992a58e740aa63f57edbae8b) C:\Windows\system32\drivers\MSPCLOCK.sys
17:50:17.0839 5288 MSPCLOCK - ok
17:50:17.0859 5288 MSPQM (49084a75bae043ae02d5b44d02991bb2) C:\Windows\system32\drivers\MSPQM.sys
17:50:17.0860 5288 MSPQM - ok
17:50:17.0906 5288 MsRPC (dc6ccf440cdede4293db41c37a5060a5) C:\Windows\system32\drivers\MsRPC.sys
17:50:17.0911 5288 MsRPC - ok
17:50:17.0937 5288 mssmbios (855796e59df77ea93af46f20155bf55b) C:\Windows\system32\DRIVERS\mssmbios.sys
17:50:17.0938 5288 mssmbios - ok
17:50:17.0963 5288 MSTEE (86d632d75d05d5b7c7c043fa3564ae86) C:\Windows\system32\drivers\MSTEE.sys
17:50:17.0964 5288 MSTEE - ok
17:50:17.0999 5288 Mup (0cc49f78d8aca0877d885f149084e543) C:\Windows\system32\Drivers\mup.sys
17:50:17.0999 5288 Mup - ok
17:50:18.0048 5288 NativeWifiP (2007b826c4acd94ae32232b41f0842b9) C:\Windows\system32\DRIVERS\nwifi.sys
17:50:18.0052 5288 NativeWifiP - ok
17:50:18.0144 5288 NDIS (65950e07329fcee8e6516b17c8d0abb6) C:\Windows\system32\drivers\ndis.sys
17:50:18.0159 5288 NDIS - ok
17:50:18.0199 5288 NdisTapi (64df698a425478e321981431ac171334) C:\Windows\system32\DRIVERS\ndistapi.sys
17:50:18.0200 5288 NdisTapi - ok
17:50:18.0317 5288 Ndisuio (8baa43196d7b5bb972c9a6b2bbf61a19) C:\Windows\system32\DRIVERS\ndisuio.sys
17:50:18.0320 5288 Ndisuio - ok
17:50:18.0395 5288 NdisWan (f8158771905260982ce724076419ef19) C:\Windows\system32\DRIVERS\ndiswan.sys
17:50:18.0399 5288 NdisWan - ok
17:50:18.0448 5288 NDProxy (9cb77ed7cb72850253e973a2d6afdf49) C:\Windows\system32\drivers\NDProxy.sys
17:50:18.0451 5288 NDProxy - ok
17:50:18.0788 5288 NetBIOS (a499294f5029a7862adc115bda7371ce) C:\Windows\system32\DRIVERS\netbios.sys
17:50:18.0789 5288 NetBIOS - ok
17:50:18.0830 5288 netbt (fc2c792ebddc8e28df939d6a92c83d61) C:\Windows\system32\DRIVERS\netbt.sys
17:50:18.0836 5288 netbt - ok
17:50:18.0989 5288 NETw5v64 (6d27b976934afc67f09a9553c2ce1309) C:\Windows\system32\DRIVERS\NETw5v64.sys
17:50:19.0065 5288 NETw5v64 - ok
17:50:19.0140 5288 nfrd960 (4ac08bd6af2df42e0c3196d826c8aea7) C:\Windows\system32\drivers\nfrd960.sys
17:50:19.0141 5288 nfrd960 - ok
17:50:19.0220 5288 Npfs (b298874f8e0ea93f06ec40aa8d146478) C:\Windows\system32\drivers\Npfs.sys
17:50:19.0221 5288 Npfs - ok
17:50:19.0237 5288 nsiproxy (1523af19ee8b030ba682f7a53537eaeb) C:\Windows\system32\drivers\nsiproxy.sys
17:50:19.0238 5288 nsiproxy - ok
17:50:19.0302 5288 Ntfs (bac869dfb98e499ba4d9bb1fb43270e1) C:\Windows\system32\drivers\Ntfs.sys
17:50:19.0347 5288 Ntfs - ok
17:50:19.0428 5288 Null (dd5d684975352b85b52e3fd5347c20cb) C:\Windows\system32\drivers\Null.sys
17:50:19.0429 5288 Null - ok
17:50:19.0471 5288 nvraid (2c040b7ada5b06f6facadac8514aa034) C:\Windows\system32\drivers\nvraid.sys
17:50:19.0475 5288 nvraid - ok
17:50:19.0509 5288 nvstor (f7ea0fe82842d05eda3efdd376dbfdba) C:\Windows\system32\drivers\nvstor.sys
17:50:19.0511 5288 nvstor - ok
17:50:19.0533 5288 nv_agp (19067ca93075ef4823e3938a686f532f) C:\Windows\system32\drivers\nv_agp.sys
17:50:19.0536 5288 nv_agp - ok
17:50:19.0547 5288 NwlnkFlt - ok
17:50:19.0561 5288 NwlnkFwd - ok
17:50:19.0614 5288 OA001Ufd (d09cc91e92fd1ff81af3a14be2cbb20d) C:\Windows\system32\DRIVERS\OA001Ufd.sys
17:50:19.0618 5288 OA001Ufd - ok
17:50:19.0646 5288 OA001Vid (a42cb6914ad67e1584e807ce53f1e62c) C:\Windows\system32\DRIVERS\OA001Vid.sys
17:50:19.0652 5288 OA001Vid - ok
17:50:19.0751 5288 ohci1394 (b5b1ce65ac15bbd11c0619e3ef7cfc28) C:\Windows\system32\DRIVERS\ohci1394.sys
17:50:19.0752 5288 ohci1394 - ok
17:50:19.0827 5288 Packet (43e24699a18126f11e3d9bf6db85518b) C:\Windows\system32\DRIVERS\packet.sys
17:50:19.0828 5288 Packet - ok
17:50:19.0873 5288 Parport (aecd57f94c887f58919f307c35498ea0) C:\Windows\system32\drivers\parport.sys
17:50:19.0876 5288 Parport - ok
17:50:19.0909 5288 partmgr (f9b5eda4c17a2be7663f064dbf0fe254) C:\Windows\system32\drivers\partmgr.sys
17:50:19.0911 5288 partmgr - ok
17:50:19.0938 5288 pci (47ab1e0fc9d0e12bb53ba246e3a0906d) C:\Windows\system32\drivers\pci.sys
17:50:19.0941 5288 pci - ok
17:50:19.0974 5288 pciide (8d618c829034479985a9ed56106cc732) C:\Windows\system32\drivers\pciide.sys
17:50:19.0976 5288 pciide - ok
17:50:20.0018 5288 pcmcia (037661f3d7c507c9993b7010ceee6288) C:\Windows\system32\drivers\pcmcia.sys
17:50:20.0022 5288 pcmcia - ok
17:50:20.0337 5288 PEAUTH (58865916f53592a61549b04941bfd80d) C:\Windows\system32\drivers\peauth.sys
17:50:20.0449 5288 PEAUTH - ok
17:50:20.0555 5288 PGPdisk (085dc0f095f5b224f68394d04c64bc25) C:\Windows\system32\drivers\PGPdisk.sys
17:50:20.0558 5288 PGPdisk - ok
17:50:20.0624 5288 pgpfs (51d986814f8388bf0f99583fb73dcf3a) C:\Windows\system32\Drivers\PGPfsfd.sys
17:50:20.0627 5288 pgpfs - ok
17:50:20.0651 5288 PGPsdkDriver (bdd217ec73121e607db9200c428acd73) C:\Windows\system32\Drivers\PGPsdk.sys
17:50:20.0653 5288 PGPsdkDriver - ok
17:50:20.0703 5288 PGPwded (b7b006d7de8c566c77fac61c7939f70d) C:\Windows\system32\drivers\PGPwded.sys
17:50:20.0710 5288 PGPwded - ok
17:50:20.0742 5288 Pgpwdefs (9a4bdeafad488656922e06efd4364394) C:\Windows\system32\DRIVERS\Pgpwdefs.sys
17:50:20.0743 5288 Pgpwdefs - ok
17:50:20.0802 5288 PptpMiniport (23386e9952025f5f21c368971e2e7301) C:\Windows\system32\DRIVERS\raspptp.sys
17:50:20.0803 5288 PptpMiniport - ok
17:50:20.0840 5288 Processor (5080e59ecee0bc923f14018803aa7a01) C:\Windows\system32\drivers\processr.sys
17:50:20.0842 5288 Processor - ok
17:50:20.0946 5288 PSched (c5ab7f0809392d0da027f4a2a81bfa31) C:\Windows\system32\DRIVERS\pacer.sys
17:50:20.0948 5288 PSched - ok
17:50:20.0970 5288 PxHelp20 - ok
17:50:21.0006 5288 PxHlpa64 (46851bc18322da70f3f2299a1007c479) C:\Windows\system32\Drivers\PxHlpa64.sys
17:50:21.0007 5288 PxHlpa64 - ok
17:50:21.0078 5288 ql2300 (0b83f4e681062f3839be2ec1d98fd94a) C:\Windows\system32\drivers\ql2300.sys
17:50:21.0104 5288 ql2300 - ok
17:50:21.0234 5288 ql40xx (e1c80f8d4d1e39ef9595809c1369bf2a) C:\Windows\system32\drivers\ql40xx.sys
17:50:21.0237 5288 ql40xx - ok
17:50:21.0324 5288 qrkis (e92ca234469cc386ad81b9db924fe9d4) C:\Windows\system32\DRIVERS\qrkis.sys
17:50:21.0344 5288 qrkis - ok
17:50:21.0459 5288 QWAVEdrv (e8d76edab77ec9c634c27b8eac33adc5) C:\Windows\system32\drivers\qwavedrv.sys
17:50:21.0461 5288 QWAVEdrv - ok
17:50:21.0607 5288 R300 (2a09a6b271d1f50adf5e33b37d460de6) C:\Windows\system32\DRIVERS\atikmdag.sys
17:50:21.0657 5288 R300 - ok
17:50:21.0774 5288 RasAcd (1013b3b663a56d3ddd784f581c1bd005) C:\Windows\system32\DRIVERS\rasacd.sys
17:50:21.0775 5288 RasAcd - ok
17:50:21.0841 5288 Rasl2tp (ac7bc4d42a7e558718dfdec599bbfc2c) C:\Windows\system32\DRIVERS\rasl2tp.sys
17:50:21.0843 5288 Rasl2tp - ok
17:50:21.0886 5288 RasPppoe (4517fbf8b42524afe4ede1de102aae3e) C:\Windows\system32\DRIVERS\raspppoe.sys
17:50:21.0888 5288 RasPppoe - ok
17:50:21.0916 5288 RasSstp (c6a593b51f34c33e5474539544072527) C:\Windows\system32\DRIVERS\rassstp.sys
17:50:21.0918 5288 RasSstp - ok
17:50:21.0955 5288 rdbss (322db5c6b55e8d8ee8d6f358b2aaabb1) C:\Windows\system32\DRIVERS\rdbss.sys
17:50:21.0961 5288 rdbss - ok
17:50:21.0984 5288 RDPCDD (603900cc05f6be65ccbf373800af3716) C:\Windows\system32\DRIVERS\RDPCDD.sys
17:50:21.0985 5288 RDPCDD - ok
17:50:22.0101 5288 rdpdr (c045d1fb111c28df0d1be8d4bda22c06) C:\Windows\system32\drivers\rdpdr.sys
17:50:22.0108 5288 rdpdr - ok
17:50:22.0125 5288 RDPENCDD (cab9421daf3d97b33d0d055858e2c3ab) C:\Windows\system32\drivers\rdpencdd.sys
17:50:22.0126 5288 RDPENCDD - ok
17:50:22.0159 5288 RDPWD (b1d741c87cea8d7282146366cc9c3f81) C:\Windows\system32\drivers\RDPWD.sys
17:50:22.0164 5288 RDPWD - ok
17:50:22.0284 5288 rimmptsk (d13d70fac45fc1df69f88559b1f72f0a) C:\Windows\system32\DRIVERS\rimmpx64.sys
17:50:22.0285 5288 rimmptsk - ok
17:50:22.0306 5288 rimsptsk (bb9edc55b0b8cb4fcd713428820e0776) C:\Windows\system32\DRIVERS\rimspx64.sys
17:50:22.0307 5288 rimsptsk - ok
17:50:22.0428 5288 RimUsb (5790bca445cc40df8b38c2c48608aac2) C:\Windows\system32\Drivers\RimUsb_AMD64.sys
17:50:22.0429 5288 RimUsb - ok
17:50:22.0481 5288 RimVSerPort (0de22421179d5a8440b68517ddf2b051) C:\Windows\system32\DRIVERS\RimSerial_AMD64.sys
17:50:22.0482 5288 RimVSerPort - ok
17:50:22.0506 5288 rismxdp (481c3fdeacaae04b74c58288dbc91df9) C:\Windows\system32\DRIVERS\rixdpx64.sys
17:50:22.0507 5288 rismxdp - ok
17:50:22.0534 5288 ROOTMODEM (6a0cf73b019cbc9255e23c9192ec3702) C:\Windows\system32\Drivers\RootMdm.sys
17:50:22.0535 5288 ROOTMODEM - ok
17:50:22.0565 5288 rspndr (22a9cb08b1a6707c1550c6bf099aae73) C:\Windows\system32\DRIVERS\rspndr.sys
17:50:22.0567 5288 rspndr - ok
17:50:22.0609 5288 sbp2port (cd9c693589c60ad59bbbcfb0e524e01b) C:\Windows\system32\drivers\sbp2port.sys
17:50:22.0612 5288 sbp2port - ok
17:50:22.0663 5288 sdbus (be100bc2be2513314c717bb2c4cfff10) C:\Windows\system32\DRIVERS\sdbus.sys
17:50:22.0665 5288 sdbus - ok
17:50:22.0695 5288 secdrv (3ea8a16169c26afbeb544e0e48421186) C:\Windows\system32\drivers\secdrv.sys
17:50:22.0696 5288 secdrv - ok
17:50:22.0887 5288 Serenum (f71bfe7ac6c52273b7c82cbf1bb2a222) C:\Windows\system32\drivers\serenum.sys
17:50:22.0889 5288 Serenum - ok
17:50:22.0929 5288 Serial (e62fac91ee288db29a9696a9d279929c) C:\Windows\system32\drivers\serial.sys
17:50:22.0931 5288 Serial - ok
17:50:22.0974 5288 sermouse (a842f04833684bceea7336211be478df) C:\Windows\system32\drivers\sermouse.sys
17:50:22.0975 5288 sermouse - ok
17:50:23.0043 5288 sffdisk (3a19c899bcf0ea24cfec2038e6a489db) C:\Windows\system32\DRIVERS\sffdisk.sys
17:50:23.0044 5288 sffdisk - ok
17:50:23.0083 5288 sffp_mmc (7073aee3f82f3d598e3825962aa98ab2) C:\Windows\system32\drivers\sffp_mmc.sys
17:50:23.0085 5288 sffp_mmc - ok
17:50:23.0186 5288 sffp_sd (fdca63a2eee528585eb66ceac183ec22) C:\Windows\system32\DRIVERS\sffp_sd.sys
17:50:23.0188 5288 sffp_sd - ok
17:50:23.0228 5288 sfloppy (6b7838c94135768bd455cbdc23e39e5f) C:\Windows\system32\drivers\sfloppy.sys
17:50:23.0230 5288 sfloppy - ok
17:50:23.0272 5288 SiSRaid2 (7a5de502aeb719d4594c6471060a78b3) C:\Windows\system32\drivers\sisraid2.sys
17:50:23.0274 5288 SiSRaid2 - ok
17:50:23.0317 5288 SiSRaid4 (3a2f769fab9582bc720e11ea1dfb184d) C:\Windows\system32\drivers\sisraid4.sys
17:50:23.0319 5288 SiSRaid4 - ok
17:50:23.0363 5288 Smb (290b6f6a0ec4fcdfc90f5cb6d7020473) C:\Windows\system32\DRIVERS\smb.sys
17:50:23.0365 5288 Smb - ok
17:50:23.0418 5288 spldr (386c3c63f00a7040c7ec5e384217e89d) C:\Windows\system32\drivers\spldr.sys
17:50:23.0418 5288 spldr - ok
17:50:23.0470 5288 srv (880a57fccb571ebd063d4dd50e93e46d) C:\Windows\system32\DRIVERS\srv.sys
17:50:23.0478 5288 srv - ok
17:50:23.0572 5288 srv2 (a1ad14a6d7a37891fffeca35ebbb0730) C:\Windows\system32\DRIVERS\srv2.sys
17:50:23.0575 5288 srv2 - ok
17:50:23.0602 5288 srvnet (4bed62f4fa4d8300973f1151f4c4d8a7) C:\Windows\system32\DRIVERS\srvnet.sys
17:50:23.0604 5288 srvnet - ok
17:50:23.0672 5288 STHDA (3281204b2e6049100d0ff04270c2aea5) C:\Windows\system32\DRIVERS\stwrt64.sys
17:50:23.0681 5288 STHDA - ok
17:50:23.0725 5288 StillCam (14b4db4381e4a55f570d8bb699b791d6) C:\Windows\system32\DRIVERS\serscan.sys
17:50:23.0726 5288 StillCam - ok
17:50:23.0857 5288 swenum (8a851ca908b8b974f89c50d2e18d4f0c) C:\Windows\system32\DRIVERS\swenum.sys
17:50:23.0857 5288 swenum - ok
17:50:23.0925 5288 swivsp (deed5e8a6ed680b8824de0e349f511ed) C:\Windows\system32\DRIVERS\swivspnt.sys
17:50:23.0926 5288 swivsp - ok
17:50:23.0942 5288 SWUMX20 - ok
17:50:23.0975 5288 Symc8xx (2f26a2c6fc96b29beff5d8ed74e6625b) C:\Windows\system32\drivers\symc8xx.sys
17:50:23.0976 5288 Symc8xx - ok
17:50:23.0995 5288 Sym_hi (a909667976d3bccd1df813fed517d837) C:\Windows\system32\drivers\sym_hi.sys
17:50:23.0997 5288 Sym_hi - ok
17:50:24.0020 5288 Sym_u3 (36887b56ec2d98b9c362f6ae4de5b7b0) C:\Windows\system32\drivers\sym_u3.sys
17:50:24.0021 5288 Sym_u3 - ok
17:50:24.0103 5288 Tcpip (4dad14118fbcf7c609f2a4ce21fbcc5f) C:\Windows\system32\drivers\tcpip.sys
17:50:24.0116 5288 Tcpip - ok
17:50:24.0209 5288 Tcpip6 (4dad14118fbcf7c609f2a4ce21fbcc5f) C:\Windows\system32\DRIVERS\tcpip.sys
17:50:24.0220 5288 Tcpip6 - ok
17:50:24.0255 5288 tcpipreg (c7e72a4071ee0200e3c075dacfb2b334) C:\Windows\system32\drivers\tcpipreg.sys
17:50:24.0257 5288 tcpipreg - ok
17:50:24.0306 5288 TDPIPE (1d8bf4aaa5fb7a2761475781dc1195bc) C:\Windows\system32\drivers\tdpipe.sys
17:50:24.0308 5288 TDPIPE - ok
17:50:24.0347 5288 TDTCP (7f7e00cdf609df657f4cda02dd1c9bb1) C:\Windows\system32\drivers\tdtcp.sys
17:50:24.0349 5288 TDTCP - ok
17:50:24.0383 5288 tdx (458919c8c42e398dc4802178d5ffee27) C:\Windows\system32\DRIVERS\tdx.sys
17:50:24.0399 5288 tdx - ok
17:50:24.0437 5288 TermDD (8c19678d22649ec002ef2282eae92f98) C:\Windows\system32\DRIVERS\termdd.sys
17:50:24.0438 5288 TermDD - ok
17:50:24.0558 5288 tssecsrv (9e5409cd17c8bef193aad498f3bc2cb8) C:\Windows\system32\DRIVERS\tssecsrv.sys
17:50:24.0560 5288 tssecsrv - ok
17:50:24.0601 5288 tunmp (89ec74a9e602d16a75a4170511029b3c) C:\Windows\system32\DRIVERS\tunmp.sys
17:50:24.0602 5288 tunmp - ok
17:50:24.0632 5288 tunnel (30a9b3f45ad081bffc3bcaa9c812b609) C:\Windows\system32\DRIVERS\tunnel.sys
17:50:24.0633 5288 tunnel - ok
17:50:24.0661 5288 uagp35 (fec266ef401966311744bd0f359f7f56) C:\Windows\system32\drivers\uagp35.sys
17:50:24.0664 5288 uagp35 - ok
17:50:24.0709 5288 udfs (faf2640a2a76ed03d449e443194c4c34) C:\Windows\system32\DRIVERS\udfs.sys
17:50:24.0716 5288 udfs - ok
17:50:24.0837 5288 uliagpkx (4ec9447ac3ab462647f60e547208ca00) C:\Windows\system32\drivers\uliagpkx.sys
17:50:24.0839 5288 uliagpkx - ok
17:50:24.0876 5288 uliahci (697f0446134cdc8f99e69306184fbbb4) C:\Windows\system32\drivers\uliahci.sys
17:50:24.0882 5288 uliahci - ok
17:50:24.0919 5288 UlSata (31707f09846056651ea2c37858f5ddb0) C:\Windows\system32\drivers\ulsata.sys
17:50:24.0923 5288 UlSata - ok
17:50:24.0953 5288 ulsata2 (85e5e43ed5b48c8376281bab519271b7) C:\Windows\system32\drivers\ulsata2.sys
17:50:24.0958 5288 ulsata2 - ok
17:50:24.0985 5288 umbus (46e9a994c4fed537dd951f60b86ad3f4) C:\Windows\system32\DRIVERS\umbus.sys
17:50:24.0986 5288 umbus - ok
17:50:25.0031 5288 USBAAPL64 (afbf3de5b9e662cd7124740f7199f2aa) C:\Windows\system32\Drivers\usbaapl64.sys
17:50:25.0033 5288 USBAAPL64 - ok
17:50:25.0069 5288 usbccgp (07e3498fc60834219d2356293da0fecc) C:\Windows\system32\DRIVERS\usbccgp.sys
17:50:25.0070 5288 usbccgp - ok
17:50:25.0174 5288 usbcir (9247f7e0b65852c1f6631480984d6ed2) C:\Windows\system32\drivers\usbcir.sys
17:50:25.0177 5288 usbcir - ok
17:50:25.0242 5288 usbehci (827e44de934a736ea31e91d353eb126f) C:\Windows\system32\DRIVERS\usbehci.sys
17:50:25.0243 5288 usbehci - ok
17:50:25.0287 5288 usbhub (bb35cd80a2ececfadc73569b3d70c7d1) C:\Windows\system32\DRIVERS\usbhub.sys
17:50:25.0292 5288 usbhub - ok
17:50:25.0331 5288 usbohci (eba14ef0c07cec233f1529c698d0d154) C:\Windows\system32\drivers\usbohci.sys
17:50:25.0333 5288 usbohci - ok
17:50:25.0382 5288 usbprint (28b693b6d31e7b9332c1bdcefef228c1) C:\Windows\system32\DRIVERS\usbprint.sys
17:50:25.0383 5288 usbprint - ok
17:50:25.0448 5288 usbscan (ea0bf666868964fbe8cb10e50c97b9f1) C:\Windows\system32\DRIVERS\usbscan.sys
17:50:25.0450 5288 usbscan - ok
17:50:25.0535 5288 USBSTOR (b854c1558fca0c269a38663e8b59b581) C:\Windows\system32\DRIVERS\USBSTOR.SYS
17:50:25.0536 5288 USBSTOR - ok
17:50:25.0557 5288 usbuhci (b2872cbf9f47316abd0e0c74a1aba507) C:\Windows\system32\DRIVERS\usbuhci.sys
17:50:25.0558 5288 usbuhci - ok
17:50:25.0612 5288 usb_rndisx (1e36bb1a3c5aaf2aa9fa9a126df8c16c) C:\Windows\system32\DRIVERS\usb8023x.sys
17:50:25.0613 5288 usb_rndisx - ok
17:50:25.0667 5288 vga (916b94bcf1e09873fff2d5fb11767bbc) C:\Windows\system32\DRIVERS\vgapnp.sys
17:50:25.0669 5288 vga - ok
17:50:25.0697 5288 VgaSave (b83ab16b51feda65dd81b8c59d114d63) C:\Windows\System32\drivers\vga.sys
17:50:25.0699 5288 VgaSave - ok
17:50:25.0737 5288 viaide (8294b6c3fdb6c33f24e150de647ecdaa) C:\Windows\system32\drivers\viaide.sys
17:50:25.0738 5288 viaide - ok
17:50:25.0780 5288 volmgr (2b7e885ed951519a12c450d24535dfca) C:\Windows\system32\drivers\volmgr.sys
17:50:25.0782 5288 volmgr - ok
17:50:25.0828 5288 volmgrx (cec5ac15277d75d9e5dec2e1c6eaf877) C:\Windows\system32\drivers\volmgrx.sys
17:50:25.0836 5288 volmgrx - ok
17:50:25.0961 5288 volsnap (5280aada24ab36b01a84a6424c475c8d) C:\Windows\system32\drivers\volsnap.sys
17:50:25.0967 5288 volsnap - ok
17:50:26.0009 5288 vsmraid (a68f455ed2673835209318dd61bfbb0e) C:\Windows\system32\drivers\vsmraid.sys
17:50:26.0012 5288 vsmraid - ok
17:50:26.0060 5288 WacomPen (fef8fe5923fead2cee4dfabfce3393a7) C:\Windows\system32\drivers\wacompen.sys
17:50:26.0061 5288 WacomPen - ok
17:50:26.0121 5288 Wanarp (b8e7049622300d20ba6d8be0c47c0cfd) C:\Windows\system32\DRIVERS\wanarp.sys
17:50:26.0124 5288 Wanarp - ok
17:50:26.0130 5288 Wanarpv6 (b8e7049622300d20ba6d8be0c47c0cfd) C:\Windows\system32\DRIVERS\wanarp.sys
17:50:26.0131 5288 Wanarpv6 - ok
17:50:26.0204 5288 Wd (0c17a0816f65b89e362e682ad5e7266e) C:\Windows\system32\drivers\wd.sys
17:50:26.0205 5288 Wd - ok
17:50:26.0265 5288 Wdf01000 (441bd2d7b4f98134c3a4f9fa570fd250) C:\Windows\system32\drivers\Wdf01000.sys
17:50:26.0279 5288 Wdf01000 - ok
17:50:26.0400 5288 winusb (7f2f9e48566b2087f2aaad258cb2a8d4) C:\Windows\system32\DRIVERS\winusb.sys
17:50:26.0401 5288 winusb - ok
17:50:26.0450 5288 WmiAcpi (e18aebaaa5a773fe11aa2c70f65320f5) C:\Windows\system32\DRIVERS\wmiacpi.sys
17:50:26.0451 5288 WmiAcpi - ok
17:50:26.0526 5288 ws2ifsl (8a900348370e359b6bff6a550e4649e1) C:\Windows\system32\drivers\ws2ifsl.sys
17:50:26.0528 5288 ws2ifsl - ok
17:50:26.0601 5288 WudfPf (7cadc74271dd6461c452c271b30bd378) C:\Windows\system32\drivers\WudfPf.sys
17:50:26.0604 5288 WudfPf - ok
17:50:26.0675 5288 WUDFRd (3b197af0fff08aa66b6b2241ca538d64) C:\Windows\system32\DRIVERS\WUDFRd.sys
17:50:26.0677 5288 WUDFRd - ok
17:50:26.0748 5288 MBR (0x1B8) (5e5d7299afde9ba878d3064c910c4f76) \Device\Harddisk0\DR0
17:50:26.0749 5288 \Device\Harddisk0\DR0 ( Rootkit.Boot.Pihar.a ) - infected
17:50:26.0749 5288 \Device\Harddisk0\DR0 - detected Rootkit.Boot.Pihar.a (0)
17:50:26.0764 5288 Boot (0x1200) (3022ed99800e16314a31f9c9f6d898e6) \Device\Harddisk0\DR0\Partition0
17:50:26.0765 5288 \Device\Harddisk0\DR0\Partition0 - ok
17:50:26.0784 5288 Boot (0x1200) (f880b7fde141c38fdf3d76d02dbe7b9a) \Device\Harddisk0\DR0\Partition1
17:50:26.0785 5288 \Device\Harddisk0\DR0\Partition1 - ok
17:50:26.0786 5288 ============================================================
17:50:26.0786 5288 Scan finished
17:50:26.0786 5288 ============================================================
17:50:26.0802 0952 Detected object count: 1
17:50:26.0802 0952 Actual detected object count: 1
17:51:24.0964 0952 \Device\Harddisk0\DR0 ( Rootkit.Boot.Pihar.a ) - will be cured on reboot
17:51:24.0965 0952 \Device\Harddisk0\DR0 - ok
17:51:24.0965 0952 \Device\Harddisk0\DR0 ( Rootkit.Boot.Pihar.a ) - User select action: Cure
17:51:48.0587 5708 Deinitialize success

Blade81
2011-10-05, 07:29
Hi,

Does safe mode with networking work?

Please see if error message shows any .sys file mentioned when you start in normal mode.

ellybug
2011-10-05, 07:51
The error message does not show any .sys file. It contains only the stop code and four additional numbers I posted and then a bunch of other generic language about the stop error screen.

I can start my computer in safe mode with networking, but I cannot access the internet even in that mode. In case it's relevant, we do not have internet in our house. I access tge internet through a mobile USB modem, like a thumb drive. I'm not sure if this is somehow interfering with my ability to access the internet or if it is something else.

Blade81
2011-10-05, 19:18
Hi,

Do you have your Vista installation media available?

ellybug
2011-10-05, 23:25
Hi - Yes. I have all the cds that came with my computer.

Blade81
2011-10-06, 07:57
Hi,

Download Farbar Recovery Scan Tool (http://download.bleepingcomputer.com/farbar/FRST64.exe) and save it to a flash drive.

Plug the flashdrive into the infected PC.

Restart your computer and tap F8 to bring up the Advanced Menu, then click Repair your computer

Follow the prompt to enter keyboard input method, and then the prompt to enter a password. If the machine does not have a password, simply click Enter.

In the next menu, use the arrow keys on the keyboard to highlight Command Prompt and press Enter.


In the command window type in notepad and press Enter.
The notepad opens. Under File menu select Open.
Select "Computer" and find your flash drive letter and close the notepad.
In the command window type e:\frst64.exe and press Enter.

Note: Replace letter e with the drive letter of your flash drive.


The tool will start to run.
When the tool opens click Yes to disclaimer.
Uncheck the Whitlelist boxes next to Registry, Services, Drivers, and known DLL's
Place a check next to List Drivers MD5
Press Scan button.
It will make a log (FRST.txt) on the flash drive. Please copy and paste it to your reply.

ellybug
2011-10-06, 12:24
When I plug in the flashdrive and restart the computer, it does not give me a prompt to enter keyboard input method, nor does it give me a screen to enter a password. It gives me a bluish background with a little box in the middle that looks like a computer screen and says "other user" underneath. There's also a little box in the bottom lefthand corner that says ease of use if you hover over it. If you click on other user it prompts a username and password. My user name and password do not work. I get a message that says "the specified domain either does not exist or could not be contacted." There aren't any other users.

Thanks for you continued help!

Blade81
2011-10-06, 17:50
Hi,

Were you able to access advanced boot menu by pressing F8 before Windows loading screen?

ellybug
2011-10-06, 18:12
Yes, sorry I left out that part. I got the advanced boot menu, selected 'Repair your computer,' and then got the blue screen with the little computer icon that said 'other user.'

Blade81
2011-10-07, 08:09
Hi,

Let's see if launching "repair your computer" functionality from Vista DVD works better. Insert DVD in and reboot. Press some key when you see a message "Press any key to boot from CD or DVD..". Select language, time & currency, keyboard and then use "repair your computer" option in the next screen.

ellybug
2011-10-07, 09:27
Hi,
I tired that, but it doesn't give me a message that says message "Press any key to boot from CD or DVD..". Select language, time & currency, keyboard and then use "repair your computer" option in the next screen. It just starts up normally, gives me the BSoD, crashes, restarts asks me if I want to start in safe mode.

I can hear the cd drive turning, but nothing comes up asking if I want to boot from the CD.

Blade81
2011-10-07, 15:49
Hi,

Ensure that cd/dvd drive is set as 1st in boot order in BIOS.

ellybug
2011-10-07, 16:53
Thanks, that worked! Log's too large for the thread, so please find it attached as zip.

Blade81
2011-10-08, 16:57
Hi,

When you try to start system in normal mode does it show desktop even for a short moment before the BSOD occurs?


Open notepad and copy/paste the contents inside the code box below.


CMD: copy c:\windows\ntbtlog.txt F:\

Save it on the flashdrive as fixlist.txt

Boot back into Repair your computer>Command prompt like you did earlier.

Type in f:\frst64.exe and when the tool opens, Run FRST64 and click the Fix button just once and wait.

When it has completed, you should see a file named ntbtlog.txt on your flashdrive. Attach that file please.

ellybug
2011-10-08, 17:50
Hi,
Am I supposed to uncheck the whitelist boxes you identified before, check the List Drivers MD5 box and click scan, like I did before and then click the fix box at the end, or just leave all the boxes checked and just click fix?

Thanks.

Blade81
2011-10-08, 18:21
Hi,

Just click fix.

ellybug
2011-10-08, 18:32
Log is attached. When I try to start in normal mode, my desktop does not appear at all. It gives me the login screen, then the please wait screen once I enter my pswd, then the BSoD.

Blade81
2011-10-09, 12:15
Hi,

Go again to System Recovery Options via Vista installation DVD. This time, select "System Restore" option. Select restore point that ComboFix has created earlier. Follow the prompts to restart after (hopefully) successful system Restore operation. Let me know if there are any issues.

ellybug
2011-10-09, 12:35
Hi,
I don't see a restore point that ComboFix created. I ran ComboFix twice on 9/29. There are System:Schedule Checkpoints on 9/25 and then not again until 10/1. The only things in between are the installation of more current versions of Java and Adobe Reader and a windows update.

Blade81
2011-10-09, 12:53
Hi,

Let's try that 10/1 checkpoint.

ellybug
2011-10-09, 13:11
=( Ran restore using 10/1. Still BSoD.

Blade81
2011-10-09, 13:39
Let's try 9/25 restore point.

ellybug
2011-10-09, 14:23
No luck. Still BSOD using 9/25 restore point. Is it hopeless?

Blade81
2011-10-09, 17:24
Hi,

Let's try while we still have some hope left :)

Access command prompt again via Vista DVD. Type the following command:

bootrec.exe /fixmbr

Let's see if that helps.

ellybug
2011-10-09, 19:17
Command prompt says the command was successful, but on restart still the blue screen.

Blade81
2011-10-10, 09:05
Hi,

One more thing we could try.

Reboot into safe mode.
Navigate to c:\Windows\ERDNT\hiv-backup folder.
Right-click erdnt.exe file there and select run as administrator. Wait until registry restoring has finished. Reboot.

ellybug
2011-10-10, 09:53
hmmmm...there is no hiv-backup folder in c:\Windows\ERDNT

Blade81
2011-10-10, 10:30
Hi,

What sub-folders do you see under that there?

ellybug
2011-10-10, 10:39
There are 2 folders. The first is 9-21-2011. The second is AutoBackup. Inside AutoBackup there is another folder, 9-22-2011. There is not a hiv-backup folder in any of these folders.

Blade81
2011-10-10, 18:07
Hi,

Download and Run SystemLook

Please download SystemLook from one of the links below and save it to your Desktop.
Download Mirror #1 (http://jpshortstuff.247fixes.com/SystemLook.exe)
Download Mirror #2 (http://images.malwareremoval.com/jpshortstuff/SystemLook.exe)

Double-click SystemLook.exe to run it.
Copy the content of the following codebox into the main textfield:


:filefind
erdnt.exe


Click the Look button to start the scan.
When finished, a notepad window will open with the results of the scan. Please post this log in your next reply.
Note: The log can also be found on your Desktop entitled SystemLook.txt

ellybug
2011-10-10, 19:11
Well, I think my computer just died, but what do I know. I saved SystemLook to a usb drive and inserted it into my computer which was already open in safe mode. When I clicked on computer it didn't seem to recognize the drive so I attempted to restart. On restart I got a message that said:

Broadcom UNDI PXE-2.1 v11.0.9
Copyright © 2000-2008 Broadcom Corp
Copyright © 1997-2000 intel corp
Pxe-e61 media test failure check cable
Pxe-mof exiting Broadcom pxe rom
Operating system not found

Blade81
2011-10-10, 19:51
Does your system have nothing but Windows partition on it? I can't recall seeing anything Linux related before this in the topic but that message has something to do with Linux.

ellybug
2011-10-10, 19:59
I don't think I have anything Linux related on my computer. I had to look Linux up on the internet just now, lol. Could I have Linux related somethings on my computer and not know?

Blade81
2011-10-10, 20:25
Hi,

Sorry, that message lead me to wrong trails. It's not always Linux related.

When you reboot the system make sure USB flash drive isn't connected. If it still fails then check boot order from BIOS. It should be CD/DVD 1st, HDD 2nd and USB 3rd.

ellybug
2011-10-10, 21:05
SystemLook 30.07.11 by jpshortstuff
Log created at 12:38 on 10/10/2011 by elly
Administrator - Elevation successful
WARNING: SystemLook running under WOW64. Use SystemLook_x64 for accurate results.

========== filefind ==========

Searching for "erdnt.exe"
C:\shadowcopy\shadowcopy\shadowcopy\shadowcopy\shadowcopy\shadowcopy\shadowcopy\shadowcopy\shadowcopy\shadowcopy\shadowcopy\shadowcopy\shadowcopy\shadowcopy\shadowcopy\shadowcopy\shadowcopy\shadowcopy\shadowcopy\shadowcopy\Windows\ERDNT\9-21-2011\ERDNT.EXE --a---- 163328 bytes [23:37 21/09/2011] [17:02 20/10/2005] 89AFDD29832AA923926BDD4B5F5243D5
C:\shadowcopy\shadowcopy\shadowcopy\shadowcopy\shadowcopy\shadowcopy\shadowcopy\shadowcopy\shadowcopy\shadowcopy\shadowcopy\shadowcopy\shadowcopy\shadowcopy\shadowcopy\shadowcopy\shadowcopy\shadowcopy\shadowcopy\Windows\ERDNT\9-21-2011\ERDNT.EXE --a---- 163328 bytes [23:37 21/09/2011] [17:02 20/10/2005] 89AFDD29832AA923926BDD4B5F5243D5
C:\shadowcopy\shadowcopy\shadowcopy\shadowcopy\shadowcopy\shadowcopy\shadowcopy\shadowcopy\shadowcopy\shadowcopy\shadowcopy\shadowcopy\shadowcopy\shadowcopy\shadowcopy\shadowcopy\shadowcopy\shadowcopy\shadowcopy\Windows\ERDNT\AutoBackup\9-22-2011\ERDNT.EXE --a---- 163328 bytes [07:04 22/09/2011] [17:02 20/10/2005] 89AFDD29832AA923926BDD4B5F5243D5
C:\shadowcopy\shadowcopy\shadowcopy\shadowcopy\shadowcopy\shadowcopy\shadowcopy\shadowcopy\shadowcopy\shadowcopy\shadowcopy\shadowcopy\shadowcopy\shadowcopy\shadowcopy\shadowcopy\shadowcopy\shadowcopy\Windows\ERDNT\9-21-2011\ERDNT.EXE --a---- 163328 bytes [23:37 21/09/2011] [17:02 20/10/2005] 89AFDD29832AA923926BDD4B5F5243D5
C:\shadowcopy\shadowcopy\shadowcopy\shadowcopy\shadowcopy\shadowcopy\shadowcopy\shadowcopy\shadowcopy\shadowcopy\shadowcopy\shadowcopy\shadowcopy\shadowcopy\shadowcopy\shadowcopy\shadowcopy\shadowcopy\Windows\ERDNT\AutoBackup\9-22-2011\ERDNT.EXE --a---- 163328 bytes [07:04 22/09/2011] [17:02 20/10/2005] 89AFDD29832AA923926BDD4B5F5243D5
C:\shadowcopy\shadowcopy\shadowcopy\shadowcopy\shadowcopy\shadowcopy\shadowcopy\shadowcopy\shadowcopy\shadowcopy\shadowcopy\shadowcopy\shadowcopy\shadowcopy\shadowcopy\shadowcopy\shadowcopy\Windows\ERDNT\9-21-2011\ERDNT.EXE --a---- 163328 bytes [23:37 21/09/2011] [17:02 20/10/2005] 89AFDD29832AA923926BDD4B5F5243D5
C:\shadowcopy\shadowcopy\shadowcopy\shadowcopy\shadowcopy\shadowcopy\shadowcopy\shadowcopy\shadowcopy\shadowcopy\shadowcopy\shadowcopy\shadowcopy\shadowcopy\shadowcopy\shadowcopy\shadowcopy\Windows\ERDNT\AutoBackup\9-22-2011\ERDNT.EXE --a---- 163328 bytes [07:04 22/09/2011] [17:02 20/10/2005] 89AFDD29832AA923926BDD4B5F5243D5
C:\shadowcopy\shadowcopy\shadowcopy\shadowcopy\shadowcopy\shadowcopy\shadowcopy\shadowcopy\shadowcopy\shadowcopy\shadowcopy\shadowcopy\shadowcopy\shadowcopy\shadowcopy\shadowcopy\Windows\ERDNT\9-21-2011\ERDNT.EXE --a---- 163328 bytes [23:37 21/09/2011] [17:02 20/10/2005] 89AFDD29832AA923926BDD4B5F5243D5
C:\shadowcopy\shadowcopy\shadowcopy\shadowcopy\shadowcopy\shadowcopy\shadowcopy\shadowcopy\shadowcopy\shadowcopy\shadowcopy\shadowcopy\shadowcopy\shadowcopy\shadowcopy\shadowcopy\Windows\ERDNT\AutoBackup\9-22-2011\ERDNT.EXE --a---- 163328 bytes [07:04 22/09/2011] [17:02 20/10/2005] 89AFDD29832AA923926BDD4B5F5243D5
C:\shadowcopy\shadowcopy\shadowcopy\shadowcopy\shadowcopy\shadowcopy\shadowcopy\shadowcopy\shadowcopy\shadowcopy\shadowcopy\shadowcopy\shadowcopy\shadowcopy\shadowcopy\Windows\ERDNT\9-21-2011\ERDNT.EXE --a---- 163328 bytes [23:37 21/09/2011] [17:02 20/10/2005] 89AFDD29832AA923926BDD4B5F5243D5
C:\shadowcopy\shadowcopy\shadowcopy\shadowcopy\shadowcopy\shadowcopy\shadowcopy\shadowcopy\shadowcopy\shadowcopy\shadowcopy\shadowcopy\shadowcopy\shadowcopy\shadowcopy\Windows\ERDNT\AutoBackup\9-22-2011\ERDNT.EXE --a---- 163328 bytes [07:04 22/09/2011] [17:02 20/10/2005] 89AFDD29832AA923926BDD4B5F5243D5
C:\shadowcopy\shadowcopy\shadowcopy\shadowcopy\shadowcopy\shadowcopy\shadowcopy\shadowcopy\shadowcopy\shadowcopy\shadowcopy\shadowcopy\shadowcopy\shadowcopy\Windows\ERDNT\9-21-2011\ERDNT.EXE --a---- 163328 bytes [23:37 21/09/2011] [17:02 20/10/2005] 89AFDD29832AA923926BDD4B5F5243D5
C:\shadowcopy\shadowcopy\shadowcopy\shadowcopy\shadowcopy\shadowcopy\shadowcopy\shadowcopy\shadowcopy\shadowcopy\shadowcopy\shadowcopy\shadowcopy\shadowcopy\Windows\ERDNT\AutoBackup\9-22-2011\ERDNT.EXE --a---- 163328 bytes [07:04 22/09/2011] [17:02 20/10/2005] 89AFDD29832AA923926BDD4B5F5243D5
C:\shadowcopy\shadowcopy\shadowcopy\shadowcopy\shadowcopy\shadowcopy\shadowcopy\shadowcopy\shadowcopy\shadowcopy\shadowcopy\shadowcopy\shadowcopy\Windows\ERDNT\9-21-2011\ERDNT.EXE --a---- 163328 bytes [23:37 21/09/2011] [17:02 20/10/2005] 89AFDD29832AA923926BDD4B5F5243D5
C:\shadowcopy\shadowcopy\shadowcopy\shadowcopy\shadowcopy\shadowcopy\shadowcopy\shadowcopy\shadowcopy\shadowcopy\shadowcopy\shadowcopy\shadowcopy\Windows\ERDNT\AutoBackup\9-22-2011\ERDNT.EXE --a---- 163328 bytes [07:04 22/09/2011] [17:02 20/10/2005] 89AFDD29832AA923926BDD4B5F5243D5
C:\shadowcopy\shadowcopy\shadowcopy\shadowcopy\shadowcopy\shadowcopy\shadowcopy\shadowcopy\shadowcopy\shadowcopy\shadowcopy\shadowcopy\Windows\ERDNT\9-21-2011\ERDNT.EXE --a---- 163328 bytes [23:37 21/09/2011] [17:02 20/10/2005] 89AFDD29832AA923926BDD4B5F5243D5
C:\shadowcopy\shadowcopy\shadowcopy\shadowcopy\shadowcopy\shadowcopy\shadowcopy\shadowcopy\shadowcopy\shadowcopy\shadowcopy\shadowcopy\Windows\ERDNT\AutoBackup\9-22-2011\ERDNT.EXE --a---- 163328 bytes [07:04 22/09/2011] [17:02 20/10/2005] 89AFDD29832AA923926BDD4B5F5243D5
C:\shadowcopy\shadowcopy\shadowcopy\shadowcopy\shadowcopy\shadowcopy\shadowcopy\shadowcopy\shadowcopy\shadowcopy\shadowcopy\Windows\ERDNT\9-21-2011\ERDNT.EXE --a---- 163328 bytes [23:37 21/09/2011] [17:02 20/10/2005] 89AFDD29832AA923926BDD4B5F5243D5
C:\shadowcopy\shadowcopy\shadowcopy\shadowcopy\shadowcopy\shadowcopy\shadowcopy\shadowcopy\shadowcopy\shadowcopy\shadowcopy\Windows\ERDNT\AutoBackup\9-22-2011\ERDNT.EXE --a---- 163328 bytes [07:04 22/09/2011] [17:02 20/10/2005] 89AFDD29832AA923926BDD4B5F5243D5
C:\shadowcopy\shadowcopy\shadowcopy\shadowcopy\shadowcopy\shadowcopy\shadowcopy\shadowcopy\shadowcopy\shadowcopy\Windows\ERDNT\9-21-2011\ERDNT.EXE --a---- 163328 bytes [23:37 21/09/2011] [17:02 20/10/2005] 89AFDD29832AA923926BDD4B5F5243D5
C:\shadowcopy\shadowcopy\shadowcopy\shadowcopy\shadowcopy\shadowcopy\shadowcopy\shadowcopy\shadowcopy\shadowcopy\Windows\ERDNT\AutoBackup\9-22-2011\ERDNT.EXE --a---- 163328 bytes [07:04 22/09/2011] [17:02 20/10/2005] 89AFDD29832AA923926BDD4B5F5243D5
C:\shadowcopy\shadowcopy\shadowcopy\shadowcopy\shadowcopy\shadowcopy\shadowcopy\shadowcopy\shadowcopy\Windows\ERDNT\9-21-2011\ERDNT.EXE --a---- 163328 bytes [23:37 21/09/2011] [17:02 20/10/2005] 89AFDD29832AA923926BDD4B5F5243D5
C:\shadowcopy\shadowcopy\shadowcopy\shadowcopy\shadowcopy\shadowcopy\shadowcopy\shadowcopy\shadowcopy\Windows\ERDNT\AutoBackup\9-22-2011\ERDNT.EXE --a---- 163328 bytes [07:04 22/09/2011] [17:02 20/10/2005] 89AFDD29832AA923926BDD4B5F5243D5
C:\shadowcopy\shadowcopy\shadowcopy\shadowcopy\shadowcopy\shadowcopy\shadowcopy\shadowcopy\Windows\ERDNT\9-21-2011\ERDNT.EXE --a---- 163328 bytes [23:37 21/09/2011] [17:02 20/10/2005] 89AFDD29832AA923926BDD4B5F5243D5
C:\shadowcopy\shadowcopy\shadowcopy\shadowcopy\shadowcopy\shadowcopy\shadowcopy\shadowcopy\Windows\ERDNT\AutoBackup\9-22-2011\ERDNT.EXE --a---- 163328 bytes [07:04 22/09/2011] [17:02 20/10/2005] 89AFDD29832AA923926BDD4B5F5243D5
C:\shadowcopy\shadowcopy\shadowcopy\shadowcopy\shadowcopy\shadowcopy\shadowcopy\Windows\ERDNT\9-21-2011\ERDNT.EXE --a---- 163328 bytes [23:37 21/09/2011] [17:02 20/10/2005] 89AFDD29832AA923926BDD4B5F5243D5
C:\shadowcopy\shadowcopy\shadowcopy\shadowcopy\shadowcopy\shadowcopy\shadowcopy\Windows\ERDNT\AutoBackup\9-22-2011\ERDNT.EXE --a---- 163328 bytes [07:04 22/09/2011] [17:02 20/10/2005] 89AFDD29832AA923926BDD4B5F5243D5
C:\shadowcopy\shadowcopy\shadowcopy\shadowcopy\shadowcopy\shadowcopy\Windows\ERDNT\9-21-2011\ERDNT.EXE --a---- 163328 bytes [23:37 21/09/2011] [17:02 20/10/2005] 89AFDD29832AA923926BDD4B5F5243D5
C:\shadowcopy\shadowcopy\shadowcopy\shadowcopy\shadowcopy\shadowcopy\Windows\ERDNT\AutoBackup\9-22-2011\ERDNT.EXE --a---- 163328 bytes [07:04 22/09/2011] [17:02 20/10/2005] 89AFDD29832AA923926BDD4B5F5243D5
C:\shadowcopy\shadowcopy\shadowcopy\shadowcopy\shadowcopy\Windows\ERDNT\9-21-2011\ERDNT.EXE --a---- 163328 bytes [23:37 21/09/2011] [17:02 20/10/2005] 89AFDD29832AA923926BDD4B5F5243D5
C:\shadowcopy\shadowcopy\shadowcopy\shadowcopy\shadowcopy\Windows\ERDNT\AutoBackup\9-22-2011\ERDNT.EXE --a---- 163328 bytes [07:04 22/09/2011] [17:02 20/10/2005] 89AFDD29832AA923926BDD4B5F5243D5
C:\shadowcopy\shadowcopy\shadowcopy\shadowcopy\Windows\ERDNT\9-21-2011\ERDNT.EXE --a---- 163328 bytes [23:37 21/09/2011] [17:02 20/10/2005] 89AFDD29832AA923926BDD4B5F5243D5
C:\shadowcopy\shadowcopy\shadowcopy\shadowcopy\Windows\ERDNT\AutoBackup\9-22-2011\ERDNT.EXE --a---- 163328 bytes [07:04 22/09/2011] [17:02 20/10/2005] 89AFDD29832AA923926BDD4B5F5243D5
C:\shadowcopy\shadowcopy\shadowcopy\Windows\ERDNT\9-21-2011\ERDNT.EXE --a---- 163328 bytes [23:37 21/09/2011] [17:02 20/10/2005] 89AFDD29832AA923926BDD4B5F5243D5
C:\shadowcopy\shadowcopy\shadowcopy\Windows\ERDNT\AutoBackup\9-22-2011\ERDNT.EXE --a---- 163328 bytes [07:04 22/09/2011] [17:02 20/10/2005] 89AFDD29832AA923926BDD4B5F5243D5
C:\shadowcopy\shadowcopy\Windows\ERDNT\9-21-2011\ERDNT.EXE --a---- 163328 bytes [23:37 21/09/2011] [17:02 20/10/2005] 89AFDD29832AA923926BDD4B5F5243D5
C:\shadowcopy\shadowcopy\Windows\ERDNT\AutoBackup\9-22-2011\ERDNT.EXE --a---- 163328 bytes [07:04 22/09/2011] [17:02 20/10/2005] 89AFDD29832AA923926BDD4B5F5243D5
C:\shadowcopy\Windows\ERDNT\9-21-2011\ERDNT.EXE --a---- 163328 bytes [23:37 21/09/2011] [17:02 20/10/2005] 89AFDD29832AA923926BDD4B5F5243D5
C:\shadowcopy\Windows\ERDNT\AutoBackup\9-22-2011\ERDNT.EXE --a---- 163328 bytes [07:04 22/09/2011] [17:02 20/10/2005] 89AFDD29832AA923926BDD4B5F5243D5
C:\Windows\ERDNT\9-21-2011\ERDNT.EXE --a---- 163328 bytes [23:37 21/09/2011] [17:02 20/10/2005] 89AFDD29832AA923926BDD4B5F5243D5
C:\Windows\ERDNT\AutoBackup\9-22-2011\ERDNT.EXE --a---- 163328 bytes [07:04 22/09/2011] [17:02 20/10/2005] 89AFDD29832AA923926BDD4B5F5243D5

-= EOF =-

Blade81
2011-10-11, 07:51
Hi,

Go to C:\Windows\ERDNT\AutoBackup\9-22-2011 folder. Right-click ERDNT.EXE and select "run as administrator".

Let's see if that helps.

ellybug
2011-10-11, 08:26
Hey! We've made some progress (maybe)! Now when I login I get to the desktop screen for about 15 or 20 seconds before I get the BSOD and my computer shuts down. Still the same error code ending in 07E...not sure about the remaining numbers, I can check them if you think it'd be helpful.

Blade81
2011-10-12, 18:56
Hi,

Please run ComboFix again (let it update itself). Post back the report.

Then download fresh version of TDSSKiller and run it leaving all findings untouched. Post back its report too.

ellybug
2011-10-13, 15:03
I presume you intended that I run ComboFix and TDSS in normal mode? I can't do that...as I said it only has about 20 seconds of the desktop before the BSoD comes. This is not long enough for me to log onto the internet and start ComboFix. Should I try in safe mode.

Blade81
2011-10-13, 18:41
Hi,

Run those in safe mode.

ellybug
2011-10-14, 03:28
Ok, ComboFix was no longer installed on my computer. I assume this is because we restored to a point before ComboFix was installed. So I downloaded it onto a flash drive on another computer, saved it to the desktop of the infected computer in Safe Mode and attempted to run it. It told me AVG was running and I needed to disable it. I attempted to disable but I couldn't (actually I'm not sure in safe mode it was even running). So I uninstalled it figuring I could reinstall again after we get things cleared up. ComboFix still says AVG is enabled. I clicked continue anyway since I had uninstalled AVG. Then I got the following message:

pev.3xe has stopped working. A problem caused the program to stop working correctly. Windows will close the program and notify you if a solution is available.

Blade81
2011-10-14, 07:43
Hi,

You may close the "pev.3xe has stopped working." -window and ComboFix should continue its run.

ellybug
2011-10-14, 16:20
ComboFix log and tdss log attached. I think I've attached the right things. However, after I closed the pev.3xe message, I think ComboFIx completed normally, but I'm not sure because I left the room and when I came back the computer had restarted. however, there was still a log so I've attached it.

Blade81
2011-10-14, 16:28
Hi,

Please run ComboFix again.

ellybug
2011-10-15, 01:42
ComboFix still gives me the message about AVG before it will run, so I clicked ok again. It gives me the pev.3xe message again, so I clicked close program again. Then at the end after it gets to like step 50 it says "rebooting ..." It happens fast so I can't read much besides rebooting. But I do not get the normal "almost done" screen and display the log. Attached is the log.

Blade81
2011-10-15, 11:31
Hi,

Make sure AVG is disabled before you launch ComboFix. If it still fails then temporarily uninstall AVG.

ellybug
2011-10-15, 12:24
Hi,
I think I mentioned a few posts back that I've already uninstalled AVG, but I'm still getting that message when I run ComboFix.

Blade81
2011-10-15, 12:39
See if AVG removal tool (http://download.avg.com/filedir/util/avgrem/avg_remover_stf_x64_2012_1796.exe) finds any remnants.

ellybug
2011-10-15, 14:47
Ran the AVG remover, then ran ComboFix again. Still get message that AVG is running, theat pev.3xe stopped working and then computer crashes at end of combofix.

Here's the AVGremover log if you'd like to have a gander.

Blade81
2011-10-15, 16:42
Hi,

Download fresh copy of ComboFix and ignore AVG message while running CF.

ellybug
2011-10-15, 17:41
I'm not sure what you mean by "ignore AVG message." CF won't continue unless you click 'ok' when you get that message. I did get the AVG message again and clicked ok to allow CF to continue, then I got the pev.exe message again, clicked close program. Same thing happened again at the end of CF, computer crashed w/ ComboFix giving a message about rebooting. The CF log is essentially the same as the CF log I posted last.

Blade81
2011-10-15, 18:48
I meant clicking ok. Did you download fresh copy of ComboFix? Try renaming it to iExPlore.exe and running it.

ellybug
2011-10-16, 14:54
Yes, I downloaded a new version of CF. I now also renamed it iExPlore.exe as you suggested, but I still get the avg message, and the pev message and CF stills reboots computer at the end.

Blade81
2011-10-17, 07:43
Hi,

Have you tried running ComboFix from safe mode with networking? If not try that. If ComboFix still shows you the pev message and fails to complete look for ComboFix.txt file in c:\ComboFix folder.


What are the remaining issues?

ellybug
2011-10-17, 16:18
I have already tried running CF in safe mode w/ networking, but I did it again one more time. Still the same result. There is a log but not much to it:

ComboFix 11-10-15.03 - elly 10/17/2011 7:55:09.1.2 - x64 NETWORK
Microsoft® Windows Vista™ Home Premium 6.0.6002.2.1252.1.1033.18.4054.3297 [GMT -5:00]
Running from: C:\Users\elly\Desktop\ComboFix.exe
AV: AVG Anti-Virus Free *Enabled/Updated* {0C939084-9E57-CBDB-EA61-0B0C7F62AF82}
SP: AVG Anti-Virus Free *Enabled/Updated* {B7F27160-B86D-C455-D0D1-307E04E5E53F}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}


Overlay aborted ... Please run ComboFix once more



The biggest remaining issue now is that my computer still doesn't run for more than 20 seconds in normal mode When I do reach the desktop, before I get the BSoD, I get a message that says something about procedure entry point-except_handler4_common could not be located in the dynamic link library msvcrt.dll

Blade81
2011-10-17, 22:00
Hi,

Let's give ComboFix one more try in safe mode with command prompt.

1. Move ComboFix.exe file from your desktop to root of C: drive (C:\). That way we can access it on every account.

2. Try running ComboFix thru in safe mode with command prompt. Here are steps to follow (print/save these since you won't be able to access them while in safe mode):
Press F8 before Windows' loading screen and select safe mode with command prompt -option.
Then write following commands (I assume you moved Combo-Fix.exe to C: root):
cd\
ComboFix.exe


When ComboFix reboots select safe mode with command prompt again so that ComboFix will finish there.

ellybug
2011-10-18, 10:22
ok, I followed all the instructions you gave. Once it rebooted in safe mode with command prompt was I supposed to do anything? Nothing happened when I rebooted. So then I rebooted in safe mode to look at the log. The log is the same as before except of course now it is running from C:/ComboFix.exe.

I still got the AVG message and I still got the pev message running from command prompt.

FYI, I looked in the task manager in safe mode and noticed that even though I ran the AVG remover, it still names AVG Security Toolbar Service, avg8emc and avg8wd under services. All of these services are stopped so I'm not sure these could be causing the problem with ComboFix, but thought I'd mention it.

Blade81
2011-10-19, 07:22
Hi,


Double-click SystemLook.exe to run it.
Copy the content of the following codebox into the main textfield:


:filefind
msvcrt.dll


Click the Look button to start the scan.
When finished, a notepad window will open with the results of the scan. Please post this log in your next reply.
Note: The log can also be found on your Desktop entitled SystemLook.txt

ellybug
2011-10-19, 13:33
Here is the log.

SystemLook 30.07.11 by jpshortstuff
Log created at 04:59 on 19/10/2011 by elly
Administrator - Elevation successful
WARNING: SystemLook running under WOW64. Use SystemLook_x64 for accurate results.

========== filefind ==========

Searching for "msvcrt.dll"
C:\Program Files (x86)\Common Files\Reallusion\CT Player\msvcrt.dll --a---- 286773 bytes [09:56 16/03/2009] [17:05 19/06/2003] 94B9DF0A49516C4B74A51DAB70C1FE7C
C:\Program Files (x86)\Dell Webcam\Dell Webcam Central\MSVCRT.DLL ------- 278581 bytes [09:55 16/03/2009] [20:22 07/03/2000] 4300D1A092B91E7C8DFA6F1E5E7973B2
C:\Program Files (x86)\Dell Webcam\Live! Cam Avatar Creator\CT Program\msvcrt.dll --a---- 286773 bytes [09:56 16/03/2009] [17:05 19/06/2003] 94B9DF0A49516C4B74A51DAB70C1FE7C
C:\Program Files (x86)\Dell Webcam\Live! Cam Avatar Creator\CT Program\FramePlayer\msvcrt.dll --a---- 286773 bytes [09:56 16/03/2009] [17:05 19/06/2003] 94B9DF0A49516C4B74A51DAB70C1FE7C
C:\Program Files (x86)\Dell Webcam\Live! Cam Avatar Creator\CT Program\frameplayersa\msvcrt.dll --a---- 286773 bytes [09:56 16/03/2009] [17:05 19/06/2003] 94B9DF0A49516C4B74A51DAB70C1FE7C
C:\Program Files (x86)\File Scavenger 2.1\msvcrt.dll --a---- 290869 bytes [17:05 04/05/2001] [17:05 04/05/2001] C93548203699D997AE43ADA7542864C7
C:\Program Files (x86)\Java\jre6\bin\msvcrt.dll --a---- 266293 bytes [14:33 02/05/2010] [14:33 02/05/2010] 63DA4613383EC70E047B4CD5C48F0B05
C:\shadowcopy\Program Files (x86)\Common Files\Reallusion\CT Player\msvcrt.dll --a---- 286773 bytes [09:56 16/03/2009] [17:05 19/06/2003] 94B9DF0A49516C4B74A51DAB70C1FE7C
C:\shadowcopy\Program Files (x86)\Dell Webcam\Dell Webcam Central\MSVCRT.DLL ------- 278581 bytes [09:55 16/03/2009] [20:22 07/03/2000] 4300D1A092B91E7C8DFA6F1E5E7973B2
C:\shadowcopy\Program Files (x86)\Dell Webcam\Live! Cam Avatar Creator\CT Program\msvcrt.dll --a---- 286773 bytes [09:56 16/03/2009] [17:05 19/06/2003] 94B9DF0A49516C4B74A51DAB70C1FE7C
C:\shadowcopy\Program Files (x86)\Dell Webcam\Live! Cam Avatar Creator\CT Program\FramePlayer\msvcrt.dll --a---- 286773 bytes [09:56 16/03/2009] [17:05 19/06/2003] 94B9DF0A49516C4B74A51DAB70C1FE7C
C:\shadowcopy\Program Files (x86)\Dell Webcam\Live! Cam Avatar Creator\CT Program\frameplayersa\msvcrt.dll --a---- 286773 bytes [09:56 16/03/2009] [17:05 19/06/2003] 94B9DF0A49516C4B74A51DAB70C1FE7C
C:\shadowcopy\Program Files (x86)\File Scavenger 2.1\msvcrt.dll --a---- 290869 bytes [17:05 04/05/2001] [17:05 04/05/2001] C93548203699D997AE43ADA7542864C7
C:\shadowcopy\Program Files (x86)\Java\jre6\bin\msvcrt.dll --a---- 266293 bytes [14:33 02/05/2010] [14:33 02/05/2010] 63DA4613383EC70E047B4CD5C48F0B05
C:\shadowcopy\shadowcopy\Program Files (x86)\Common Files\Reallusion\CT Player\msvcrt.dll --a---- 286773 bytes [09:56 16/03/2009] [17:05 19/06/2003] 94B9DF0A49516C4B74A51DAB70C1FE7C
C:\shadowcopy\shadowcopy\Program Files (x86)\Dell Webcam\Dell Webcam Central\MSVCRT.DLL ------- 278581 bytes [09:55 16/03/2009] [20:22 07/03/2000] 4300D1A092B91E7C8DFA6F1E5E7973B2
C:\shadowcopy\shadowcopy\Program Files (x86)\Dell Webcam\Live! Cam Avatar Creator\CT Program\msvcrt.dll --a---- 286773 bytes [09:56 16/03/2009] [17:05 19/06/2003] 94B9DF0A49516C4B74A51DAB70C1FE7C
C:\shadowcopy\shadowcopy\Program Files (x86)\Dell Webcam\Live! Cam Avatar Creator\CT Program\FramePlayer\msvcrt.dll --a---- 286773 bytes [09:56 16/03/2009] [17:05 19/06/2003] 94B9DF0A49516C4B74A51DAB70C1FE7C
C:\shadowcopy\shadowcopy\Program Files (x86)\Dell Webcam\Live! Cam Avatar Creator\CT Program\frameplayersa\msvcrt.dll --a---- 286773 bytes [09:56 16/03/2009] [17:05 19/06/2003] 94B9DF0A49516C4B74A51DAB70C1FE7C
C:\shadowcopy\shadowcopy\Program Files (x86)\File Scavenger 2.1\msvcrt.dll --a---- 290869 bytes [17:05 04/05/2001] [17:05 04/05/2001] C93548203699D997AE43ADA7542864C7
C:\shadowcopy\shadowcopy\Program Files (x86)\Java\jre6\bin\msvcrt.dll --a---- 266293 bytes [14:33 02/05/2010] [14:33 02/05/2010] 63DA4613383EC70E047B4CD5C48F0B05
C:\shadowcopy\shadowcopy\shadowcopy\Program Files (x86)\Common Files\Reallusion\CT Player\msvcrt.dll --a---- 286773 bytes [09:56 16/03/2009] [17:05 19/06/2003] 94B9DF0A49516C4B74A51DAB70C1FE7C
C:\shadowcopy\shadowcopy\shadowcopy\Program Files (x86)\Dell Webcam\Dell Webcam Central\MSVCRT.DLL ------- 278581 bytes [09:55 16/03/2009] [20:22 07/03/2000] 4300D1A092B91E7C8DFA6F1E5E7973B2
C:\shadowcopy\shadowcopy\shadowcopy\Program Files (x86)\Dell Webcam\Live! Cam Avatar Creator\CT Program\msvcrt.dll --a---- 286773 bytes [09:56 16/03/2009] [17:05 19/06/2003] 94B9DF0A49516C4B74A51DAB70C1FE7C
C:\shadowcopy\shadowcopy\shadowcopy\Program Files (x86)\Dell Webcam\Live! Cam Avatar Creator\CT Program\FramePlayer\msvcrt.dll --a---- 286773 bytes [09:56 16/03/2009] [17:05 19/06/2003] 94B9DF0A49516C4B74A51DAB70C1FE7C
C:\shadowcopy\shadowcopy\shadowcopy\Program Files (x86)\Dell Webcam\Live! Cam Avatar Creator\CT Program\frameplayersa\msvcrt.dll --a---- 286773 bytes [09:56 16/03/2009] [17:05 19/06/2003] 94B9DF0A49516C4B74A51DAB70C1FE7C
C:\shadowcopy\shadowcopy\shadowcopy\Program Files (x86)\File Scavenger 2.1\msvcrt.dll --a---- 290869 bytes [17:05 04/05/2001] [17:05 04/05/2001] C93548203699D997AE43ADA7542864C7
C:\shadowcopy\shadowcopy\shadowcopy\Program Files (x86)\Java\jre6\bin\msvcrt.dll --a---- 266293 bytes [14:33 02/05/2010] [14:33 02/05/2010] 63DA4613383EC70E047B4CD5C48F0B05
C:\shadowcopy\shadowcopy\shadowcopy\shadowcopy\Program Files (x86)\Common Files\Reallusion\CT Player\msvcrt.dll --a---- 286773 bytes [09:56 16/03/2009] [17:05 19/06/2003] 94B9DF0A49516C4B74A51DAB70C1FE7C
C:\shadowcopy\shadowcopy\shadowcopy\shadowcopy\Program Files (x86)\Dell Webcam\Dell Webcam Central\MSVCRT.DLL ------- 278581 bytes [09:55 16/03/2009] [20:22 07/03/2000] 4300D1A092B91E7C8DFA6F1E5E7973B2
C:\shadowcopy\shadowcopy\shadowcopy\shadowcopy\Program Files (x86)\Dell Webcam\Live! Cam Avatar Creator\CT Program\msvcrt.dll --a---- 286773 bytes [09:56 16/03/2009] [17:05 19/06/2003] 94B9DF0A49516C4B74A51DAB70C1FE7C
C:\shadowcopy\shadowcopy\shadowcopy\shadowcopy\Program Files (x86)\Dell Webcam\Live! Cam Avatar Creator\CT Program\FramePlayer\msvcrt.dll --a---- 286773 bytes [09:56 16/03/2009] [17:05 19/06/2003] 94B9DF0A49516C4B74A51DAB70C1FE7C
C:\shadowcopy\shadowcopy\shadowcopy\shadowcopy\Program Files (x86)\Dell Webcam\Live! Cam Avatar Creator\CT Program\frameplayersa\msvcrt.dll --a---- 286773 bytes [09:56 16/03/2009] [17:05 19/06/2003] 94B9DF0A49516C4B74A51DAB70C1FE7C
C:\shadowcopy\shadowcopy\shadowcopy\shadowcopy\Program Files (x86)\File Scavenger 2.1\msvcrt.dll --a---- 290869 bytes [17:05 04/05/2001] [17:05 04/05/2001] C93548203699D997AE43ADA7542864C7
C:\shadowcopy\shadowcopy\shadowcopy\shadowcopy\Program Files (x86)\Java\jre6\bin\msvcrt.dll --a---- 266293 bytes [14:33 02/05/2010] [14:33 02/05/2010] 63DA4613383EC70E047B4CD5C48F0B05
C:\shadowcopy\shadowcopy\shadowcopy\shadowcopy\shadowcopy\Program Files (x86)\Common Files\Reallusion\CT Player\msvcrt.dll --a---- 286773 bytes [09:56 16/03/2009] [17:05 19/06/2003] 94B9DF0A49516C4B74A51DAB70C1FE7C
C:\shadowcopy\shadowcopy\shadowcopy\shadowcopy\shadowcopy\Program Files (x86)\Dell Webcam\Dell Webcam Central\MSVCRT.DLL ------- 278581 bytes [09:55 16/03/2009] [20:22 07/03/2000] 4300D1A092B91E7C8DFA6F1E5E7973B2
C:\shadowcopy\shadowcopy\shadowcopy\shadowcopy\shadowcopy\Program Files (x86)\Dell Webcam\Live! Cam Avatar Creator\CT Program\msvcrt.dll --a---- 286773 bytes [09:56 16/03/2009] [17:05 19/06/2003] 94B9DF0A49516C4B74A51DAB70C1FE7C
C:\shadowcopy\shadowcopy\shadowcopy\shadowcopy\shadowcopy\Program Files (x86)\Dell Webcam\Live! Cam Avatar Creator\CT Program\FramePlayer\msvcrt.dll --a---- 286773 bytes [09:56 16/03/2009] [17:05 19/06/2003] 94B9DF0A49516C4B74A51DAB70C1FE7C
C:\shadowcopy\shadowcopy\shadowcopy\shadowcopy\shadowcopy\Program Files (x86)\Dell Webcam\Live! Cam Avatar Creator\CT Program\frameplayersa\msvcrt.dll --a---- 286773 bytes [09:56 16/03/2009] [17:05 19/06/2003] 94B9DF0A49516C4B74A51DAB70C1FE7C
C:\shadowcopy\shadowcopy\shadowcopy\shadowcopy\shadowcopy\Program Files (x86)\File Scavenger 2.1\msvcrt.dll --a---- 290869 bytes [17:05 04/05/2001] [17:05 04/05/2001] C93548203699D997AE43ADA7542864C7
C:\shadowcopy\shadowcopy\shadowcopy\shadowcopy\shadowcopy\Program Files (x86)\Java\jre6\bin\msvcrt.dll --a---- 266293 bytes [14:33 02/05/2010] [14:33 02/05/2010] 63DA4613383EC70E047B4CD5C48F0B05
C:\shadowcopy\shadowcopy\shadowcopy\shadowcopy\shadowcopy\shadowcopy\Program Files (x86)\Common Files\Reallusion\CT Player\msvcrt.dll --a---- 286773 bytes [09:56 16/03/2009] [17:05 19/06/2003] 94B9DF0A49516C4B74A51DAB70C1FE7C
C:\shadowcopy\shadowcopy\shadowcopy\shadowcopy\shadowcopy\shadowcopy\Program Files (x86)\Dell Webcam\Dell Webcam Central\MSVCRT.DLL ------- 278581 bytes [09:55 16/03/2009] [20:22 07/03/2000] 4300D1A092B91E7C8DFA6F1E5E7973B2
C:\shadowcopy\shadowcopy\shadowcopy\shadowcopy\shadowcopy\shadowcopy\Program Files (x86)\Dell Webcam\Live! Cam Avatar Creator\CT Program\msvcrt.dll --a---- 286773 bytes [09:56 16/03/2009] [17:05 19/06/2003] 94B9DF0A49516C4B74A51DAB70C1FE7C
C:\shadowcopy\shadowcopy\shadowcopy\shadowcopy\shadowcopy\shadowcopy\Program Files (x86)\Dell Webcam\Live! Cam Avatar Creator\CT Program\FramePlayer\msvcrt.dll --a---- 286773 bytes [09:56 16/03/2009] [17:05 19/06/2003] 94B9DF0A49516C4B74A51DAB70C1FE7C
C:\shadowcopy\shadowcopy\shadowcopy\shadowcopy\shadowcopy\shadowcopy\Program Files (x86)\Dell Webcam\Live! Cam Avatar Creator\CT Program\frameplayersa\msvcrt.dll --a---- 286773 bytes [09:56 16/03/2009] [17:05 19/06/2003] 94B9DF0A49516C4B74A51DAB70C1FE7C
C:\shadowcopy\shadowcopy\shadowcopy\shadowcopy\shadowcopy\shadowcopy\Program Files (x86)\File Scavenger 2.1\msvcrt.dll --a---- 290869 bytes [17:05 04/05/2001] [17:05 04/05/2001] C93548203699D997AE43ADA7542864C7
C:\shadowcopy\shadowcopy\shadowcopy\shadowcopy\shadowcopy\shadowcopy\Program Files (x86)\Java\jre6\bin\msvcrt.dll --a---- 266293 bytes [14:33 02/05/2010] [14:33 02/05/2010] 63DA4613383EC70E047B4CD5C48F0B05
C:\shadowcopy\shadowcopy\shadowcopy\shadowcopy\shadowcopy\shadowcopy\shadowcopy\Program Files (x86)\Common Files\Reallusion\CT Player\msvcrt.dll --a---- 286773 bytes [09:56 16/03/2009] [17:05 19/06/2003] 94B9DF0A49516C4B74A51DAB70C1FE7C
C:\shadowcopy\shadowcopy\shadowcopy\shadowcopy\shadowcopy\shadowcopy\shadowcopy\Program Files (x86)\Dell Webcam\Dell Webcam Central\MSVCRT.DLL ------- 278581 bytes [09:55 16/03/2009] [20:22 07/03/2000] 4300D1A092B91E7C8DFA6F1E5E7973B2
C:\shadowcopy\shadowcopy\shadowcopy\shadowcopy\shadowcopy\shadowcopy\shadowcopy\Program Files (x86)\Dell Webcam\Live! Cam Avatar Creator\CT Program\msvcrt.dll --a---- 286773 bytes [09:56 16/03/2009] [17:05 19/06/2003] 94B9DF0A49516C4B74A51DAB70C1FE7C
C:\shadowcopy\shadowcopy\shadowcopy\shadowcopy\shadowcopy\shadowcopy\shadowcopy\Program Files (x86)\Dell Webcam\Live! Cam Avatar Creator\CT Program\FramePlayer\msvcrt.dll --a---- 286773 bytes [09:56 16/03/2009] [17:05 19/06/2003] 94B9DF0A49516C4B74A51DAB70C1FE7C
C:\shadowcopy\shadowcopy\shadowcopy\shadowcopy\shadowcopy\shadowcopy\shadowcopy\Program Files (x86)\Dell Webcam\Live! Cam Avatar Creator\CT Program\frameplayersa\msvcrt.dll --a---- 286773 bytes [09:56 16/03/2009] [17:05 19/06/2003] 94B9DF0A49516C4B74A51DAB70C1FE7C
C:\shadowcopy\shadowcopy\shadowcopy\shadowcopy\shadowcopy\shadowcopy\shadowcopy\Program Files (x86)\File Scavenger 2.1\msvcrt.dll --a---- 290869 bytes [17:05 04/05/2001] [17:05 04/05/2001] C93548203699D997AE43ADA7542864C7
C:\shadowcopy\shadowcopy\shadowcopy\shadowcopy\shadowcopy\shadowcopy\shadowcopy\Program Files (x86)\Java\jre6\bin\msvcrt.dll --a---- 266293 bytes [14:33 02/05/2010] [14:33 02/05/2010] 63DA4613383EC70E047B4CD5C48F0B05
C:\shadowcopy\shadowcopy\shadowcopy\shadowcopy\shadowcopy\shadowcopy\shadowcopy\shadowcopy\Program Files (x86)\Common Files\Reallusion\CT Player\msvcrt.dll --a---- 286773 bytes [09:56 16/03/2009] [17:05 19/06/2003] 94B9DF0A49516C4B74A51DAB70C1FE7C
C:\shadowcopy\shadowcopy\shadowcopy\shadowcopy\shadowcopy\shadowcopy\shadowcopy\shadowcopy\Program Files (x86)\Dell Webcam\Dell Webcam Central\MSVCRT.DLL ------- 278581 bytes [09:55 16/03/2009] [20:22 07/03/2000] 4300D1A092B91E7C8DFA6F1E5E7973B2
C:\shadowcopy\shadowcopy\shadowcopy\shadowcopy\shadowcopy\shadowcopy\shadowcopy\shadowcopy\Program Files (x86)\Dell Webcam\Live! Cam Avatar Creator\CT Program\msvcrt.dll --a---- 286773 bytes [09:56 16/03/2009] [17:05 19/06/2003] 94B9DF0A49516C4B74A51DAB70C1FE7C
C:\shadowcopy\shadowcopy\shadowcopy\shadowcopy\shadowcopy\shadowcopy\shadowcopy\shadowcopy\Program Files (x86)\Dell Webcam\Live! Cam Avatar Creator\CT Program\FramePlayer\msvcrt.dll --a---- 286773 bytes [09:56 16/03/2009] [17:05 19/06/2003] 94B9DF0A49516C4B74A51DAB70C1FE7C
C:\shadowcopy\shadowcopy\shadowcopy\shadowcopy\shadowcopy\shadowcopy\shadowcopy\shadowcopy\Program Files (x86)\Dell Webcam\Live! Cam Avatar Creator\CT Program\frameplayersa\msvcrt.dll --a---- 286773 bytes [09:56 16/03/2009] [17:05 19/06/2003] 94B9DF0A49516C4B74A51DAB70C1FE7C
C:\shadowcopy\shadowcopy\shadowcopy\shadowcopy\shadowcopy\shadowcopy\shadowcopy\shadowcopy\Program Files (x86)\File Scavenger 2.1\msvcrt.dll --a---- 290869 bytes [17:05 04/05/2001] [17:05 04/05/2001] C93548203699D997AE43ADA7542864C7
C:\shadowcopy\shadowcopy\shadowcopy\shadowcopy\shadowcopy\shadowcopy\shadowcopy\shadowcopy\Program Files (x86)\Java\jre6\bin\msvcrt.dll --a---- 266293 bytes [14:33 02/05/2010] [14:33 02/05/2010] 63DA4613383EC70E047B4CD5C48F0B05
C:\shadowcopy\shadowcopy\shadowcopy\shadowcopy\shadowcopy\shadowcopy\shadowcopy\shadowcopy\shadowcopy\Program Files (x86)\Common Files\Reallusion\CT Player\msvcrt.dll --a---- 286773 bytes [09:56 16/03/2009] [17:05 19/06/2003] 94B9DF0A49516C4B74A51DAB70C1FE7C
C:\shadowcopy\shadowcopy\shadowcopy\shadowcopy\shadowcopy\shadowcopy\shadowcopy\shadowcopy\shadowcopy\Program Files (x86)\Dell Webcam\Dell Webcam Central\MSVCRT.DLL ------- 278581 bytes [09:55 16/03/2009] [20:22 07/03/2000] 4300D1A092B91E7C8DFA6F1E5E7973B2
C:\shadowcopy\shadowcopy\shadowcopy\shadowcopy\shadowcopy\shadowcopy\shadowcopy\shadowcopy\shadowcopy\Program Files (x86)\Dell Webcam\Live! Cam Avatar Creator\CT Program\msvcrt.dll --a---- 286773 bytes [09:56 16/03/2009] [17:05 19/06/2003] 94B9DF0A49516C4B74A51DAB70C1FE7C
C:\shadowcopy\shadowcopy\shadowcopy\shadowcopy\shadowcopy\shadowcopy\shadowcopy\shadowcopy\shadowcopy\Program Files (x86)\Dell Webcam\Live! Cam Avatar Creator\CT Program\FramePlayer\msvcrt.dll --a---- 286773 bytes [09:56 16/03/2009] [17:05 19/06/2003] 94B9DF0A49516C4B74A51DAB70C1FE7C
C:\shadowcopy\shadowcopy\shadowcopy\shadowcopy\shadowcopy\shadowcopy\shadowcopy\shadowcopy\shadowcopy\Program Files (x86)\Dell Webcam\Live! Cam Avatar Creator\CT Program\frameplayersa\msvcrt.dll --a---- 286773 bytes [09:56 16/03/2009] [17:05 19/06/2003] 94B9DF0A49516C4B74A51DAB70C1FE7C
C:\shadowcopy\shadowcopy\shadowcopy\shadowcopy\shadowcopy\shadowcopy\shadowcopy\shadowcopy\shadowcopy\Program Files (x86)\File Scavenger 2.1\msvcrt.dll --a---- 290869 bytes [17:05 04/05/2001] [17:05 04/05/2001] C93548203699D997AE43ADA7542864C7
C:\shadowcopy\shadowcopy\shadowcopy\shadowcopy\shadowcopy\shadowcopy\shadowcopy\shadowcopy\shadowcopy\Program Files (x86)\Java\jre6\bin\msvcrt.dll --a---- 266293 bytes [14:33 02/05/2010] [14:33 02/05/2010] 63DA4613383EC70E047B4CD5C48F0B05
C:\shadowcopy\shadowcopy\shadowcopy\shadowcopy\shadowcopy\shadowcopy\shadowcopy\shadowcopy\shadowcopy\shadowcopy\Program Files (x86)\Common Files\Reallusion\CT Player\msvcrt.dll --a---- 286773 bytes [09:56 16/03/2009] [17:05 19/06/2003] 94B9DF0A49516C4B74A51DAB70C1FE7C
C:\shadowcopy\shadowcopy\shadowcopy\shadowcopy\shadowcopy\shadowcopy\shadowcopy\shadowcopy\shadowcopy\shadowcopy\Program Files (x86)\Dell Webcam\Dell Webcam Central\MSVCRT.DLL ------- 278581 bytes [09:55 16/03/2009] [20:22 07/03/2000] 4300D1A092B91E7C8DFA6F1E5E7973B2
C:\shadowcopy\shadowcopy\shadowcopy\shadowcopy\shadowcopy\shadowcopy\shadowcopy\shadowcopy\shadowcopy\shadowcopy\Program Files (x86)\Dell Webcam\Live! Cam Avatar Creator\CT Program\msvcrt.dll --a---- 286773 bytes [09:56 16/03/2009] [17:05 19/06/2003] 94B9DF0A49516C4B74A51DAB70C1FE7C
C:\shadowcopy\shadowcopy\shadowcopy\shadowcopy\shadowcopy\shadowcopy\shadowcopy\shadowcopy\shadowcopy\shadowcopy\Program Files (x86)\Dell Webcam\Live! Cam Avatar Creator\CT Program\FramePlayer\msvcrt.dll --a---- 286773 bytes [09:56 16/03/2009] [17:05 19/06/2003] 94B9DF0A49516C4B74A51DAB70C1FE7C
C:\shadowcopy\shadowcopy\shadowcopy\shadowcopy\shadowcopy\shadowcopy\shadowcopy\shadowcopy\shadowcopy\shadowcopy\Program Files (x86)\Dell Webcam\Live! Cam Avatar Creator\CT Program\frameplayersa\msvcrt.dll --a---- 286773 bytes [09:56 16/03/2009] [17:05 19/06/2003] 94B9DF0A49516C4B74A51DAB70C1FE7C
C:\shadowcopy\shadowcopy\shadowcopy\shadowcopy\shadowcopy\shadowcopy\shadowcopy\shadowcopy\shadowcopy\shadowcopy\Program Files (x86)\File Scavenger 2.1\msvcrt.dll --a---- 290869 bytes [17:05 04/05/2001] [17:05 04/05/2001] C93548203699D997AE43ADA7542864C7
C:\shadowcopy\shadowcopy\shadowcopy\shadowcopy\shadowcopy\shadowcopy\shadowcopy\shadowcopy\shadowcopy\shadowcopy\Program Files (x86)\Java\jre6\bin\msvcrt.dll --a---- 266293 bytes [14:33 02/05/2010] [14:33 02/05/2010] 63DA4613383EC70E047B4CD5C48F0B05
C:\shadowcopy\shadowcopy\shadowcopy\shadowcopy\shadowcopy\shadowcopy\shadowcopy\shadowcopy\shadowcopy\shadowcopy\shadowcopy\Program Files (x86)\Common Files\Reallusion\CT Player\msvcrt.dll --a---- 286773 bytes [09:56 16/03/2009] [17:05 19/06/2003] 94B9DF0A49516C4B74A51DAB70C1FE7C
C:\shadowcopy\shadowcopy\shadowcopy\shadowcopy\shadowcopy\shadowcopy\shadowcopy\shadowcopy\shadowcopy\shadowcopy\shadowcopy\Program Files (x86)\Dell Webcam\Dell Webcam Central\MSVCRT.DLL ------- 278581 bytes [09:55 16/03/2009] [20:22 07/03/2000] 4300D1A092B91E7C8DFA6F1E5E7973B2
C:\shadowcopy\shadowcopy\shadowcopy\shadowcopy\shadowcopy\shadowcopy\shadowcopy\shadowcopy\shadowcopy\shadowcopy\shadowcopy\Program Files (x86)\Dell Webcam\Live! Cam Avatar Creator\CT Program\msvcrt.dll --a---- 286773 bytes [09:56 16/03/2009] [17:05 19/06/2003] 94B9DF0A49516C4B74A51DAB70C1FE7C
C:\shadowcopy\shadowcopy\shadowcopy\shadowcopy\shadowcopy\shadowcopy\shadowcopy\shadowcopy\shadowcopy\shadowcopy\shadowcopy\Program Files (x86)\Dell Webcam\Live! Cam Avatar Creator\CT Program\FramePlayer\msvcrt.dll --a---- 286773 bytes [09:56 16/03/2009] [17:05 19/06/2003] 94B9DF0A49516C4B74A51DAB70C1FE7C
C:\shadowcopy\shadowcopy\shadowcopy\shadowcopy\shadowcopy\shadowcopy\shadowcopy\shadowcopy\shadowcopy\shadowcopy\shadowcopy\Program Files (x86)\Dell Webcam\Live! Cam Avatar Creator\CT Program\frameplayersa\msvcrt.dll --a---- 286773 bytes [09:56 16/03/2009] [17:05 19/06/2003] 94B9DF0A49516C4B74A51DAB70C1FE7C
C:\shadowcopy\shadowcopy\shadowcopy\shadowcopy\shadowcopy\shadowcopy\shadowcopy\shadowcopy\shadowcopy\shadowcopy\shadowcopy\Program Files (x86)\File Scavenger 2.1\msvcrt.dll --a---- 290869 bytes [17:05 04/05/2001] [17:05 04/05/2001] C93548203699D997AE43ADA7542864C7
C:\shadowcopy\shadowcopy\shadowcopy\shadowcopy\shadowcopy\shadowcopy\shadowcopy\shadowcopy\shadowcopy\shadowcopy\shadowcopy\Program Files (x86)\Java\jre6\bin\msvcrt.dll --a---- 266293 bytes [14:33 02/05/2010] [14:33 02/05/2010] 63DA4613383EC70E047B4CD5C48F0B05
C:\shadowcopy\shadowcopy\shadowcopy\shadowcopy\shadowcopy\shadowcopy\shadowcopy\shadowcopy\shadowcopy\shadowcopy\shadowcopy\shadowcopy\Program Files (x86)\Common Files\Reallusion\CT Player\msvcrt.dll --a---- 286773 bytes [09:56 16/03/2009] [17:05 19/06/2003] 94B9DF0A49516C4B74A51DAB70C1FE7C
C:\shadowcopy\shadowcopy\shadowcopy\shadowcopy\shadowcopy\shadowcopy\shadowcopy\shadowcopy\shadowcopy\shadowcopy\shadowcopy\shadowcopy\Program Files (x86)\Dell Webcam\Dell Webcam Central\MSVCRT.DLL ------- 278581 bytes [09:55 16/03/2009] [20:22 07/03/2000] 4300D1A092B91E7C8DFA6F1E5E7973B2
C:\shadowcopy\shadowcopy\shadowcopy\shadowcopy\shadowcopy\shadowcopy\shadowcopy\shadowcopy\shadowcopy\shadowcopy\shadowcopy\shadowcopy\Program Files (x86)\Dell Webcam\Live! Cam Avatar Creator\CT Program\msvcrt.dll --a---- 286773 bytes [09:56 16/03/2009] [17:05 19/06/2003] 94B9DF0A49516C4B74A51DAB70C1FE7C
C:\shadowcopy\shadowcopy\shadowcopy\shadowcopy\shadowcopy\shadowcopy\shadowcopy\shadowcopy\shadowcopy\shadowcopy\shadowcopy\shadowcopy\Program Files (x86)\Dell Webcam\Live! Cam Avatar Creator\CT Program\FramePlayer\msvcrt.dll --a---- 286773 bytes [09:56 16/03/2009] [17:05 19/06/2003] 94B9DF0A49516C4B74A51DAB70C1FE7C
C:\shadowcopy\shadowcopy\shadowcopy\shadowcopy\shadowcopy\shadowcopy\shadowcopy\shadowcopy\shadowcopy\shadowcopy\shadowcopy\shadowcopy\Program Files (x86)\Dell Webcam\Live! Cam Avatar Creator\CT Program\frameplayersa\msvcrt.dll --a---- 286773 bytes [09:56 16/03/2009] [17:05 19/06/2003] 94B9DF0A49516C4B74A51DAB70C1FE7C
C:\shadowcopy\shadowcopy\shadowcopy\shadowcopy\shadowcopy\shadowcopy\shadowcopy\shadowcopy\shadowcopy\shadowcopy\shadowcopy\shadowcopy\Program Files (x86)\File Scavenger 2.1\msvcrt.dll --a---- 290869 bytes [17:05 04/05/2001] [17:05 04/05/2001] C93548203699D997AE43ADA7542864C7
C:\shadowcopy\shadowcopy\shadowcopy\shadowcopy\shadowcopy\shadowcopy\shadowcopy\shadowcopy\shadowcopy\shadowcopy\shadowcopy\shadowcopy\Program Files (x86)\Java\jre6\bin\msvcrt.dll --a---- 266293 bytes [14:33 02/05/2010] [14:33 02/05/2010] 63DA4613383EC70E047B4CD5C48F0B05
C:\shadowcopy\shadowcopy\shadowcopy\shadowcopy\shadowcopy\shadowcopy\shadowcopy\shadowcopy\shadowcopy\shadowcopy\shadowcopy\shadowcopy\shadowcopy\Program Files (x86)\Common Files\Reallusion\CT Player\msvcrt.dll --a---- 286773 bytes [09:56 16/03/2009] [17:05 19/06/2003] 94B9DF0A49516C4B74A51DAB70C1FE7C
C:\shadowcopy\shadowcopy\shadowcopy\shadowcopy\shadowcopy\shadowcopy\shadowcopy\shadowcopy\shadowcopy\shadowcopy\shadowcopy\shadowcopy\shadowcopy\Program Files (x86)\Dell Webcam\Dell Webcam Central\MSVCRT.DLL ------- 278581 bytes [09:55 16/03/2009] [20:22 07/03/2000] 4300D1A092B91E7C8DFA6F1E5E7973B2
C:\shadowcopy\shadowcopy\shadowcopy\shadowcopy\shadowcopy\shadowcopy\shadowcopy\shadowcopy\shadowcopy\shadowcopy\shadowcopy\shadowcopy\shadowcopy\Program Files (x86)\Dell Webcam\Live! Cam Avatar Creator\CT Program\msvcrt.dll --a---- 286773 bytes [09:56 16/03/2009] [17:05 19/06/2003] 94B9DF0A49516C4B74A51DAB70C1FE7C
C:\shadowcopy\shadowcopy\shadowcopy\shadowcopy\shadowcopy\shadowcopy\shadowcopy\shadowcopy\shadowcopy\shadowcopy\shadowcopy\shadowcopy\shadowcopy\Program Files (x86)\Dell Webcam\Live! Cam Avatar Creator\CT Program\FramePlayer\msvcrt.dll --a---- 286773 bytes [09:56 16/03/2009] [17:05 19/06/2003] 94B9DF0A49516C4B74A51DAB70C1FE7C
C:\shadowcopy\shadowcopy\shadowcopy\shadowcopy\shadowcopy\shadowcopy\shadowcopy\shadowcopy\shadowcopy\shadowcopy\shadowcopy\shadowcopy\shadowcopy\Program Files (x86)\Dell Webcam\Live! Cam Avatar Creator\CT Program\frameplayersa\msvcrt.dll --a---- 286773 bytes [09:56 16/03/2009] [17:05 19/06/2003] 94B9DF0A49516C4B74A51DAB70C1FE7C
C:\shadowcopy\shadowcopy\shadowcopy\shadowcopy\shadowcopy\shadowcopy\shadowcopy\shadowcopy\shadowcopy\shadowcopy\shadowcopy\shadowcopy\shadowcopy\Program Files (x86)\File Scavenger 2.1\msvcrt.dll --a---- 290869 bytes [17:05 04/05/2001] [17:05 04/05/2001] C93548203699D997AE43ADA7542864C7
C:\shadowcopy\shadowcopy\shadowcopy\shadowcopy\shadowcopy\shadowcopy\shadowcopy\shadowcopy\shadowcopy\shadowcopy\shadowcopy\shadowcopy\shadowcopy\Program Files (x86)\Java\jre6\bin\msvcrt.dll --a---- 266293 bytes [14:33 02/05/2010] [14:33 02/05/2010] 63DA4613383EC70E047B4CD5C48F0B05
C:\shadowcopy\shadowcopy\shadowcopy\shadowcopy\shadowcopy\shadowcopy\shadowcopy\shadowcopy\shadowcopy\shadowcopy\shadowcopy\shadowcopy\shadowcopy\shadowcopy\Program Files (x86)\Common Files\Reallusion\CT Player\msvcrt.dll --a---- 286773 bytes [09:56 16/03/2009] [17:05 19/06/2003] 94B9DF0A49516C4B74A51DAB70C1FE7C
C:\shadowcopy\shadowcopy\shadowcopy\shadowcopy\shadowcopy\shadowcopy\shadowcopy\shadowcopy\shadowcopy\shadowcopy\shadowcopy\shadowcopy\shadowcopy\shadowcopy\Program Files (x86)\Dell Webcam\Dell Webcam Central\MSVCRT.DLL ------- 278581 bytes [09:55 16/03/2009] [20:22 07/03/2000] 4300D1A092B91E7C8DFA6F1E5E7973B2
C:\shadowcopy\shadowcopy\shadowcopy\shadowcopy\shadowcopy\shadowcopy\shadowcopy\shadowcopy\shadowcopy\shadowcopy\shadowcopy\shadowcopy\shadowcopy\shadowcopy\Program Files (x86)\Dell Webcam\Live! Cam Avatar Creator\CT Program\msvcrt.dll --a---- 286773 bytes [09:56 16/03/2009] [17:05 19/06/2003] 94B9DF0A49516C4B74A51DAB70C1FE7C
C:\shadowcopy\shadowcopy\shadowcopy\shadowcopy\shadowcopy\shadowcopy\shadowcopy\shadowcopy\shadowcopy\shadowcopy\shadowcopy\shadowcopy\shadowcopy\shadowcopy\Program Files (x86)\Dell Webcam\Live! Cam Avatar Creator\CT Program\FramePlayer\msvcrt.dll --a---- 286773 bytes [09:56 16/03/2009] [17:05 19/06/2003] 94B9DF0A49516C4B74A51DAB70C1FE7C
C:\shadowcopy\shadowcopy\shadowcopy\shadowcopy\shadowcopy\shadowcopy\shadowcopy\shadowcopy\shadowcopy\shadowcopy\shadowcopy\shadowcopy\shadowcopy\shadowcopy\Program Files (x86)\Dell Webcam\Live! Cam Avatar Creator\CT Program\frameplayersa\msvcrt.dll --a---- 286773 bytes [09:56 16/03/2009] [17:05 19/06/2003] 94B9DF0A49516C4B74A51DAB70C1FE7C
C:\shadowcopy\shadowcopy\shadowcopy\shadowcopy\shadowcopy\shadowcopy\shadowcopy\shadowcopy\shadowcopy\shadowcopy\shadowcopy\shadowcopy\shadowcopy\shadowcopy\Program Files (x86)\File Scavenger 2.1\msvcrt.dll --a---- 290869 bytes [17:05 04/05/2001] [17:05 04/05/2001] C93548203699D997AE43ADA7542864C7
C:\shadowcopy\shadowcopy\shadowcopy\shadowcopy\shadowcopy\shadowcopy\shadowcopy\shadowcopy\shadowcopy\shadowcopy\shadowcopy\shadowcopy\shadowcopy\shadowcopy\Program Files (x86)\Java\jre6\bin\msvcrt.dll --a---- 266293 bytes [14:33 02/05/2010] [14:33 02/05/2010] 63DA4613383EC70E047B4CD5C48F0B05
C:\shadowcopy\shadowcopy\shadowcopy\shadowcopy\shadowcopy\shadowcopy\shadowcopy\shadowcopy\shadowcopy\shadowcopy\shadowcopy\shadowcopy\shadowcopy\shadowcopy\shadowcopy\Program Files (x86)\Common Files\Reallusion\CT Player\msvcrt.dll --a---- 286773 bytes [09:56 16/03/2009] [17:05 19/06/2003] 94B9DF0A49516C4B74A51DAB70C1FE7C
C:\shadowcopy\shadowcopy\shadowcopy\shadowcopy\shadowcopy\shadowcopy\shadowcopy\shadowcopy\shadowcopy\shadowcopy\shadowcopy\shadowcopy\shadowcopy\shadowcopy\shadowcopy\Program Files (x86)\Dell Webcam\Dell Webcam Central\MSVCRT.DLL ------- 278581 bytes [09:55 16/03/2009] [20:22 07/03/2000] 4300D1A092B91E7C8DFA6F1E5E7973B2
C:\shadowcopy\shadowcopy\shadowcopy\shadowcopy\shadowcopy\shadowcopy\shadowcopy\shadowcopy\shadowcopy\shadowcopy\shadowcopy\shadowcopy\shadowcopy\shadowcopy\shadowcopy\Program Files (x86)\Dell Webcam\Live! Cam Avatar Creator\CT Program\msvcrt.dll --a---- 286773 bytes [09:56 16/03/2009] [17:05 19/06/2003] 94B9DF0A49516C4B74A51DAB70C1FE7C
C:\shadowcopy\shadowcopy\shadowcopy\shadowcopy\shadowcopy\shadowcopy\shadowcopy\shadowcopy\shadowcopy\shadowcopy\shadowcopy\shadowcopy\shadowcopy\shadowcopy\shadowcopy\Program Files (x86)\Dell Webcam\Live! Cam Avatar Creator\CT Program\FramePlayer\msvcrt.dll --a---- 286773 bytes [09:56 16/03/2009] [17:05 19/06/2003] 94B9DF0A49516C4B74A51DAB70C1FE7C
C:\shadowcopy\shadowcopy\shadowcopy\shadowcopy\shadowcopy\shadowcopy\shadowcopy\shadowcopy\shadowcopy\shadowcopy\shadowcopy\shadowcopy\shadowcopy\shadowcopy\shadowcopy\Program Files (x86)\File Scavenger 2.1\msvcrt.dll --a---- 290869 bytes [17:05 04/05/2001] [17:05 04/05/2001] C93548203699D997AE43ADA7542864C7
C:\shadowcopy\shadowcopy\shadowcopy\shadowcopy\shadowcopy\shadowcopy\shadowcopy\shadowcopy\shadowcopy\shadowcopy\shadowcopy\shadowcopy\shadowcopy\shadowcopy\shadowcopy\Program Files (x86)\Java\jre6\bin\msvcrt.dll --a---- 266293 bytes [14:33 02/05/2010] [14:33 02/05/2010] 63DA4613383EC70E047B4CD5C48F0B05
C:\shadowcopy\shadowcopy\shadowcopy\shadowcopy\shadowcopy\shadowcopy\shadowcopy\shadowcopy\shadowcopy\shadowcopy\shadowcopy\shadowcopy\shadowcopy\shadowcopy\shadowcopy\shadowcopy\Program Files (x86)\Common Files\Reallusion\CT Player\msvcrt.dll --a---- 286773 bytes [09:56 16/03/2009] [17:05 19/06/2003] 94B9DF0A49516C4B74A51DAB70C1FE7C
C:\shadowcopy\shadowcopy\shadowcopy\shadowcopy\shadowcopy\shadowcopy\shadowcopy\shadowcopy\shadowcopy\shadowcopy\shadowcopy\shadowcopy\shadowcopy\shadowcopy\shadowcopy\shadowcopy\Program Files (x86)\Dell Webcam\Dell Webcam Central\MSVCRT.DLL ------- 278581 bytes [09:55 16/03/2009] [20:22 07/03/2000] 4300D1A092B91E7C8DFA6F1E5E7973B2
C:\shadowcopy\shadowcopy\shadowcopy\shadowcopy\shadowcopy\shadowcopy\shadowcopy\shadowcopy\shadowcopy\shadowcopy\shadowcopy\shadowcopy\shadowcopy\shadowcopy\shadowcopy\shadowcopy\Program Files (x86)\Dell Webcam\Live! Cam Avatar Creator\CT Program\msvcrt.dll --a---- 286773 bytes [09:56 16/03/2009] [17:05 19/06/2003] 94B9DF0A49516C4B74A51DAB70C1FE7C
C:\shadowcopy\shadowcopy\shadowcopy\shadowcopy\shadowcopy\shadowcopy\shadowcopy\shadowcopy\shadowcopy\shadowcopy\shadowcopy\shadowcopy\shadowcopy\shadowcopy\shadowcopy\shadowcopy\Program Files (x86)\File Scavenger 2.1\msvcrt.dll --a---- 290869 bytes [17:05 04/05/2001] [17:05 04/05/2001] C93548203699D997AE43ADA7542864C7
C:\shadowcopy\shadowcopy\shadowcopy\shadowcopy\shadowcopy\shadowcopy\shadowcopy\shadowcopy\shadowcopy\shadowcopy\shadowcopy\shadowcopy\shadowcopy\shadowcopy\shadowcopy\shadowcopy\Program Files (x86)\Java\jre6\bin\msvcrt.dll --a---- 266293 bytes [14:33 02/05/2010] [14:33 02/05/2010] 63DA4613383EC70E047B4CD5C48F0B05
C:\shadowcopy\shadowcopy\shadowcopy\shadowcopy\shadowcopy\shadowcopy\shadowcopy\shadowcopy\shadowcopy\shadowcopy\shadowcopy\shadowcopy\shadowcopy\shadowcopy\shadowcopy\shadowcopy\shadowcopy\Program Files (x86)\Common Files\Reallusion\CT Player\msvcrt.dll --a---- 286773 bytes [09:56 16/03/2009] [17:05 19/06/2003] 94B9DF0A49516C4B74A51DAB70C1FE7C
C:\shadowcopy\shadowcopy\shadowcopy\shadowcopy\shadowcopy\shadowcopy\shadowcopy\shadowcopy\shadowcopy\shadowcopy\shadowcopy\shadowcopy\shadowcopy\shadowcopy\shadowcopy\shadowcopy\shadowcopy\Program Files (x86)\Dell Webcam\Dell Webcam Central\MSVCRT.DLL ------- 278581 bytes [09:55 16/03/2009] [20:22 07/03/2000] 4300D1A092B91E7C8DFA6F1E5E7973B2
C:\shadowcopy\shadowcopy\shadowcopy\shadowcopy\shadowcopy\shadowcopy\shadowcopy\shadowcopy\shadowcopy\shadowcopy\shadowcopy\shadowcopy\shadowcopy\shadowcopy\shadowcopy\shadowcopy\shadowcopy\Program Files (x86)\File Scavenger 2.1\msvcrt.dll --a---- 290869 bytes [17:05 04/05/2001] [17:05 04/05/2001] C93548203699D997AE43ADA7542864C7
C:\shadowcopy\shadowcopy\shadowcopy\shadowcopy\shadowcopy\shadowcopy\shadowcopy\shadowcopy\shadowcopy\shadowcopy\shadowcopy\shadowcopy\shadowcopy\shadowcopy\shadowcopy\shadowcopy\shadowcopy\Program Files (x86)\Java\jre6\bin\msvcrt.dll --a---- 266293 bytes [14:33 02/05/2010] [14:33 02/05/2010] 63DA4613383EC70E047B4CD5C48F0B05
C:\shadowcopy\shadowcopy\shadowcopy\shadowcopy\shadowcopy\shadowcopy\shadowcopy\shadowcopy\shadowcopy\shadowcopy\shadowcopy\shadowcopy\shadowcopy\shadowcopy\shadowcopy\shadowcopy\shadowcopy\shadowcopy\Program Files (x86)\File Scavenger 2.1\msvcrt.dll --a---- 290869 bytes [17:05 04/05/2001] [17:05 04/05/2001] C93548203699D997AE43ADA7542864C7
C:\shadowcopy\shadowcopy\shadowcopy\shadowcopy\shadowcopy\shadowcopy\shadowcopy\shadowcopy\shadowcopy\shadowcopy\shadowcopy\shadowcopy\shadowcopy\shadowcopy\shadowcopy\shadowcopy\shadowcopy\shadowcopy\Program Files (x86)\Java\jre6\bin\msvcrt.dll --a---- 266293 bytes [14:33 02/05/2010] [14:33 02/05/2010] 63DA4613383EC70E047B4CD5C48F0B05
C:\shadowcopy\shadowcopy\shadowcopy\shadowcopy\shadowcopy\shadowcopy\shadowcopy\shadowcopy\shadowcopy\shadowcopy\shadowcopy\shadowcopy\shadowcopy\shadowcopy\shadowcopy\shadowcopy\shadowcopy\shadowcopy\shadowcopy\Program Files (x86)\Java\jre6\bin\msvcrt.dll --a---- 266293 bytes [14:33 02/05/2010] [14:33 02/05/2010] 63DA4613383EC70E047B4CD5C48F0B05
C:\shadowcopy\shadowcopy\shadowcopy\shadowcopy\shadowcopy\shadowcopy\shadowcopy\shadowcopy\shadowcopy\shadowcopy\shadowcopy\shadowcopy\shadowcopy\shadowcopy\shadowcopy\shadowcopy\shadowcopy\shadowcopy\shadowcopy\shadowcopy\Windows\System32\msvcrt.dll --a---- 621056 bytes [09:29 03/12/2009] [07:11 11/04/2009] 37B71108BFD6E276695CE24171F2889B
C:\shadowcopy\shadowcopy\shadowcopy\shadowcopy\shadowcopy\shadowcopy\shadowcopy\shadowcopy\shadowcopy\shadowcopy\shadowcopy\shadowcopy\shadowcopy\shadowcopy\shadowcopy\shadowcopy\shadowcopy\shadowcopy\shadowcopy\shadowcopy\Windows\SysWOW64\msvcrt.dll --a---- 679936 bytes [09:29 03/12/2009] [06:28 11/04/2009] F5E991236960137B1F5449C5E5DF4656
C:\shadowcopy\shadowcopy\shadowcopy\shadowcopy\shadowcopy\shadowcopy\shadowcopy\shadowcopy\shadowcopy\shadowcopy\shadowcopy\shadowcopy\shadowcopy\shadowcopy\shadowcopy\shadowcopy\shadowcopy\shadowcopy\shadowcopy\Windows\System32\msvcrt.dll --a---- 621056 bytes [09:29 03/12/2009] [07:11 11/04/2009] 37B71108BFD6E276695CE24171F2889B
C:\shadowcopy\shadowcopy\shadowcopy\shadowcopy\shadowcopy\shadowcopy\shadowcopy\shadowcopy\shadowcopy\shadowcopy\shadowcopy\shadowcopy\shadowcopy\shadowcopy\shadowcopy\shadowcopy\shadowcopy\shadowcopy\shadowcopy\Windows\SysWOW64\msvcrt.dll --a---- 679936 bytes [09:29 03/12/2009] [06:28 11/04/2009] F5E991236960137B1F5449C5E5DF4656
C:\shadowcopy\shadowcopy\shadowcopy\shadowcopy\shadowcopy\shadowcopy\shadowcopy\shadowcopy\shadowcopy\shadowcopy\shadowcopy\shadowcopy\shadowcopy\shadowcopy\shadowcopy\shadowcopy\shadowcopy\shadowcopy\Windows\System32\msvcrt.dll --a---- 621056 bytes [09:29 03/12/2009] [07:11 11/04/2009] 37B71108BFD6E276695CE24171F2889B
C:\shadowcopy\shadowcopy\shadowcopy\shadowcopy\shadowcopy\shadowcopy\shadowcopy\shadowcopy\shadowcopy\shadowcopy\shadowcopy\shadowcopy\shadowcopy\shadowcopy\shadowcopy\shadowcopy\shadowcopy\shadowcopy\Windows\SysWOW64\msvcrt.dll --a---- 679936 bytes [09:29 03/12/2009] [06:28 11/04/2009] F5E991236960137B1F5449C5E5DF4656
C:\shadowcopy\shadowcopy\shadowcopy\shadowcopy\shadowcopy\shadowcopy\shadowcopy\shadowcopy\shadowcopy\shadowcopy\shadowcopy\shadowcopy\shadowcopy\shadowcopy\shadowcopy\shadowcopy\shadowcopy\Windows\System32\msvcrt.dll --a---- 621056 bytes [09:29 03/12/2009] [07:11 11/04/2009] 37B71108BFD6E276695CE24171F2889B
C:\shadowcopy\shadowcopy\shadowcopy\shadowcopy\shadowcopy\shadowcopy\shadowcopy\shadowcopy\shadowcopy\shadowcopy\shadowcopy\shadowcopy\shadowcopy\shadowcopy\shadowcopy\shadowcopy\shadowcopy\Windows\SysWOW64\msvcrt.dll --a---- 679936 bytes [09:29 03/12/2009] [06:28 11/04/2009] F5E991236960137B1F5449C5E5DF4656
C:\shadowcopy\shadowcopy\shadowcopy\shadowcopy\shadowcopy\shadowcopy\shadowcopy\shadowcopy\shadowcopy\shadowcopy\shadowcopy\shadowcopy\shadowcopy\shadowcopy\shadowcopy\shadowcopy\Windows\System32\msvcrt.dll --a---- 621056 bytes [09:29 03/12/2009] [07:11 11/04/2009] 37B71108BFD6E276695CE24171F2889B
C:\shadowcopy\shadowcopy\shadowcopy\shadowcopy\shadowcopy\shadowcopy\shadowcopy\shadowcopy\shadowcopy\shadowcopy\shadowcopy\shadowcopy\shadowcopy\shadowcopy\shadowcopy\shadowcopy\Windows\SysWOW64\msvcrt.dll --a---- 679936 bytes [09:29 03/12/2009] [06:28 11/04/2009] F5E991236960137B1F5449C5E5DF4656
C:\shadowcopy\shadowcopy\shadowcopy\shadowcopy\shadowcopy\shadowcopy\shadowcopy\shadowcopy\shadowcopy\shadowcopy\shadowcopy\shadowcopy\shadowcopy\shadowcopy\shadowcopy\Windows\System32\msvcrt.dll --a---- 621056 bytes [09:29 03/12/2009] [07:11 11/04/2009] 37B71108BFD6E276695CE24171F2889B
C:\shadowcopy\shadowcopy\shadowcopy\shadowcopy\shadowcopy\shadowcopy\shadowcopy\shadowcopy\shadowcopy\shadowcopy\shadowcopy\shadowcopy\shadowcopy\shadowcopy\shadowcopy\Windows\SysWOW64\msvcrt.dll --a---- 679936 bytes [09:29 03/12/2009] [06:28 11/04/2009] F5E991236960137B1F5449C5E5DF4656
C:\shadowcopy\shadowcopy\shadowcopy\shadowcopy\shadowcopy\shadowcopy\shadowcopy\shadowcopy\shadowcopy\shadowcopy\shadowcopy\shadowcopy\shadowcopy\shadowcopy\Users\elly\Downloads\KYOCERA_KX_4.2.1027a_2K_XP_EN\Kyocera KX Driver 4.2.1027a\KACT\msvcrt.dll --a---- 286773 bytes [11:05 19/06/2003] [11:05 19/06/2003] BA7BE6F92680B28B9031170659FD222D
C:\shadowcopy\shadowcopy\shadowcopy\shadowcopy\shadowcopy\shadowcopy\shadowcopy\shadowcopy\shadowcopy\shadowcopy\shadowcopy\shadowcopy\shadowcopy\shadowcopy\Windows\System32\msvcrt.dll --a---- 621056 bytes [09:29 03/12/2009] [07:11 11/04/2009] 37B71108BFD6E276695CE24171F2889B
C:\shadowcopy\shadowcopy\shadowcopy\shadowcopy\shadowcopy\shadowcopy\shadowcopy\shadowcopy\shadowcopy\shadowcopy\shadowcopy\shadowcopy\shadowcopy\shadowcopy\Windows\SysWOW64\msvcrt.dll --a---- 679936 bytes [09:29 03/12/2009] [06:28 11/04/2009] F5E991236960137B1F5449C5E5DF4656
C:\shadowcopy\shadowcopy\shadowcopy\shadowcopy\shadowcopy\shadowcopy\shadowcopy\shadowcopy\shadowcopy\shadowcopy\shadowcopy\shadowcopy\shadowcopy\Users\elly\Downloads\KYOCERA_KX_4.2.1027a_2K_XP_EN\Kyocera KX Driver 4.2.1027a\KACT\msvcrt.dll --a---- 286773 bytes [11:05 19/06/2003] [11:05 19/06/2003] BA7BE6F92680B28B9031170659FD222D
C:\shadowcopy\shadowcopy\shadowcopy\shadowcopy\shadowcopy\shadowcopy\shadowcopy\shadowcopy\shadowcopy\shadowcopy\shadowcopy\shadowcopy\shadowcopy\Windows\System32\msvcrt.dll --a---- 621056 bytes [09:29 03/12/2009] [07:11 11/04/2009] 37B71108BFD6E276695CE24171F2889B
C:\shadowcopy\shadowcopy\shadowcopy\shadowcopy\shadowcopy\shadowcopy\shadowcopy\shadowcopy\shadowcopy\shadowcopy\shadowcopy\shadowcopy\shadowcopy\Windows\SysWOW64\msvcrt.dll --a---- 679936 bytes [09:29 03/12/2009] [06:28 11/04/2009] F5E991236960137B1F5449C5E5DF4656
C:\shadowcopy\shadowcopy\shadowcopy\shadowcopy\shadowcopy\shadowcopy\shadowcopy\shadowcopy\shadowcopy\shadowcopy\shadowcopy\shadowcopy\shadowcopy\Windows\winsxs\amd64_microsoft-windows-msvcrt_31bf3856ad364e35_6.0.6001.18000_none_2d73d1a457438ee3\msvcrt.dll --a---- 621056 bytes [02:49 21/01/2008] [02:49 21/01/2008] 11DB261E8EE318CA41498300327CB5F2
C:\shadowcopy\shadowcopy\shadowcopy\shadowcopy\shadowcopy\shadowcopy\shadowcopy\shadowcopy\shadowcopy\shadowcopy\shadowcopy\shadowcopy\shadowcopy\Windows\winsxs\amd64_microsoft-windows-msvcrt_31bf3856ad364e35_6.0.6002.18005_none_2f5f4ab054655a2f\msvcrt.dll --a---- 621056 bytes [09:29 03/12/2009] [07:11 11/04/2009] 37B71108BFD6E276695CE24171F2889B
C:\shadowcopy\shadowcopy\shadowcopy\shadowcopy\shadowcopy\shadowcopy\shadowcopy\shadowcopy\shadowcopy\shadowcopy\shadowcopy\shadowcopy\shadowcopy\Windows\winsxs\x86_microsoft-windows-msvcrt_31bf3856ad364e35_6.0.6001.18000_none_d15536209ee61dad\msvcrt.dll --a---- 680448 bytes [02:49 21/01/2008] [02:49 21/01/2008] 04CBEAA089B6A752B3EB660BEE8C4964
C:\shadowcopy\shadowcopy\shadowcopy\shadowcopy\shadowcopy\shadowcopy\shadowcopy\shadowcopy\shadowcopy\shadowcopy\shadowcopy\shadowcopy\shadowcopy\Windows\winsxs\x86_microsoft-windows-msvcrt_31bf3856ad364e35_6.0.6002.18005_none_d340af2c9c07e8f9\msvcrt.dll --a---- 679936 bytes [09:29 03/12/2009] [06:28 11/04/2009] F5E991236960137B1F5449C5E5DF4656
C:\shadowcopy\shadowcopy\shadowcopy\shadowcopy\shadowcopy\shadowcopy\shadowcopy\shadowcopy\shadowcopy\shadowcopy\shadowcopy\shadowcopy\Users\elly\Downloads\KYOCERA_KX_4.2.1027a_2K_XP_EN\Kyocera KX Driver 4.2.1027a\KACT\msvcrt.dll --a---- 286773 bytes [11:05 19/06/2003] [11:05 19/06/2003] BA7BE6F92680B28B9031170659FD222D
C:\shadowcopy\shadowcopy\shadowcopy\shadowcopy\shadowcopy\shadowcopy\shadowcopy\shadowcopy\shadowcopy\shadowcopy\shadowcopy\shadowcopy\Windows\System32\msvcrt.dll --a---- 621056 bytes [09:29 03/12/2009] [07:11 11/04/2009] 37B71108BFD6E276695CE24171F2889B
C:\shadowcopy\shadowcopy\shadowcopy\shadowcopy\shadowcopy\shadowcopy\shadowcopy\shadowcopy\shadowcopy\shadowcopy\shadowcopy\shadowcopy\Windows\SysWOW64\msvcrt.dll --a---- 679936 bytes [09:29 03/12/2009] [06:28 11/04/2009] F5E991236960137B1F5449C5E5DF4656
C:\shadowcopy\shadowcopy\shadowcopy\shadowcopy\shadowcopy\shadowcopy\shadowcopy\shadowcopy\shadowcopy\shadowcopy\shadowcopy\shadowcopy\Windows\winsxs\amd64_microsoft-windows-msvcrt_31bf3856ad364e35_6.0.6001.18000_none_2d73d1a457438ee3\msvcrt.dll --a---- 621056 bytes [02:49 21/01/2008] [02:49 21/01/2008] 11DB261E8EE318CA41498300327CB5F2
C:\shadowcopy\shadowcopy\shadowcopy\shadowcopy\shadowcopy\shadowcopy\shadowcopy\shadowcopy\shadowcopy\shadowcopy\shadowcopy\shadowcopy\Windows\winsxs\amd64_microsoft-windows-msvcrt_31bf3856ad364e35_6.0.6002.18005_none_2f5f4ab054655a2f\msvcrt.dll --a---- 621056 bytes [09:29 03/12/2009] [07:11 11/04/2009] 37B71108BFD6E276695CE24171F2889B
C:\shadowcopy\shadowcopy\shadowcopy\shadowcopy\shadowcopy\shadowcopy\shadowcopy\shadowcopy\shadowcopy\shadowcopy\shadowcopy\shadowcopy\Windows\winsxs\x86_microsoft-windows-msvcrt_31bf3856ad364e35_6.0.6001.18000_none_d15536209ee61dad\msvcrt.dll --a---- 680448 bytes [02:49 21/01/2008] [02:49 21/01/2008] 04CBEAA089B6A752B3EB660BEE8C4964
C:\shadowcopy\shadowcopy\shadowcopy\shadowcopy\shadowcopy\shadowcopy\shadowcopy\shadowcopy\shadowcopy\shadowcopy\shadowcopy\shadowcopy\Windows\winsxs\x86_microsoft-windows-msvcrt_31bf3856ad364e35_6.0.6002.18005_none_d340af2c9c07e8f9\msvcrt.dll --a---- 679936 bytes [09:29 03/12/2009] [06:28 11/04/2009] F5E991236960137B1F5449C5E5DF4656
C:\shadowcopy\shadowcopy\shadowcopy\shadowcopy\shadowcopy\shadowcopy\shadowcopy\shadowcopy\shadowcopy\shadowcopy\shadowcopy\Users\elly\Downloads\KYOCERA_KX_4.2.1027a_2K_XP_EN\Kyocera KX Driver 4.2.1027a\KACT\msvcrt.dll --a---- 286773 bytes [11:05 19/06/2003] [11:05 19/06/2003] BA7BE6F92680B28B9031170659FD222D
C:\shadowcopy\shadowcopy\shadowcopy\shadowcopy\shadowcopy\shadowcopy\shadowcopy\shadowcopy\shadowcopy\shadowcopy\shadowcopy\Windows\System32\msvcrt.dll --a---- 621056 bytes [09:29 03/12/2009] [07:11 11/04/2009] 37B71108BFD6E276695CE24171F2889B
C:\shadowcopy\shadowcopy\shadowcopy\shadowcopy\shadowcopy\shadowcopy\shadowcopy\shadowcopy\shadowcopy\shadowcopy\shadowcopy\Windows\SysWOW64\msvcrt.dll --a---- 679936 bytes [09:29 03/12/2009] [06:28 11/04/2009] F5E991236960137B1F5449C5E5DF4656
C:\shadowcopy\shadowcopy\shadowcopy\shadowcopy\shadowcopy\shadowcopy\shadowcopy\shadowcopy\shadowcopy\shadowcopy\shadowcopy\Windows\winsxs\amd64_microsoft-windows-msvcrt_31bf3856ad364e35_6.0.6001.18000_none_2d73d1a457438ee3\msvcrt.dll --a---- 621056 bytes [02:49 21/01/2008] [02:49 21/01/2008] 11DB261E8EE318CA41498300327CB5F2
C:\shadowcopy\shadowcopy\shadowcopy\shadowcopy\shadowcopy\shadowcopy\shadowcopy\shadowcopy\shadowcopy\shadowcopy\shadowcopy\Windows\winsxs\amd64_microsoft-windows-msvcrt_31bf3856ad364e35_6.0.6002.18005_none_2f5f4ab054655a2f\msvcrt.dll --a---- 621056 bytes [09:29 03/12/2009] [07:11 11/04/2009] 37B71108BFD6E276695CE24171F2889B
C:\shadowcopy\shadowcopy\shadowcopy\shadowcopy\shadowcopy\shadowcopy\shadowcopy\shadowcopy\shadowcopy\shadowcopy\shadowcopy\Windows\winsxs\x86_microsoft-windows-msvcrt_31bf3856ad364e35_6.0.6001.18000_none_d15536209ee61dad\msvcrt.dll --a---- 680448 bytes [02:49 21/01/2008] [02:49 21/01/2008] 04CBEAA089B6A752B3EB660BEE8C4964
C:\shadowcopy\shadowcopy\shadowcopy\shadowcopy\shadowcopy\shadowcopy\shadowcopy\shadowcopy\shadowcopy\shadowcopy\shadowcopy\Windows\winsxs\x86_microsoft-windows-msvcrt_31bf3856ad364e35_6.0.6002.18005_none_d340af2c9c07e8f9\msvcrt.dll --a---- 679936 bytes [09:29 03/12/2009] [06:28 11/04/2009] F5E991236960137B1F5449C5E5DF4656
C:\shadowcopy\shadowcopy\shadowcopy\shadowcopy\shadowcopy\shadowcopy\shadowcopy\shadowcopy\shadowcopy\shadowcopy\Users\elly\Downloads\KYOCERA_KX_4.2.1027a_2K_XP_EN\Kyocera KX Driver 4.2.1027a\KACT\msvcrt.dll --a---- 286773 bytes [11:05 19/06/2003] [11:05 19/06/2003] BA7BE6F92680B28B9031170659FD222D
C:\shadowcopy\shadowcopy\shadowcopy\shadowcopy\shadowcopy\shadowcopy\shadowcopy\shadowcopy\shadowcopy\shadowcopy\Windows\System32\msvcrt.dll --a---- 621056 bytes [09:29 03/12/2009] [07:11 11/04/2009] 37B71108BFD6E276695CE24171F2889B
C:\shadowcopy\shadowcopy\shadowcopy\shadowcopy\shadowcopy\shadowcopy\shadowcopy\shadowcopy\shadowcopy\shadowcopy\Windows\SysWOW64\msvcrt.dll --a---- 679936 bytes [09:29 03/12/2009] [06:28 11/04/2009] F5E991236960137B1F5449C5E5DF4656
C:\shadowcopy\shadowcopy\shadowcopy\shadowcopy\shadowcopy\shadowcopy\shadowcopy\shadowcopy\shadowcopy\shadowcopy\Windows\winsxs\amd64_microsoft-windows-msvcrt_31bf3856ad364e35_6.0.6001.18000_none_2d73d1a457438ee3\msvcrt.dll --a---- 621056 bytes [02:49 21/01/2008] [02:49 21/01/2008] 11DB261E8EE318CA41498300327CB5F2
C:\shadowcopy\shadowcopy\shadowcopy\shadowcopy\shadowcopy\shadowcopy\shadowcopy\shadowcopy\shadowcopy\shadowcopy\Windows\winsxs\amd64_microsoft-windows-msvcrt_31bf3856ad364e35_6.0.6002.18005_none_2f5f4ab054655a2f\msvcrt.dll --a---- 621056 bytes [09:29 03/12/2009] [07:11 11/04/2009] 37B71108BFD6E276695CE24171F2889B
C:\shadowcopy\shadowcopy\shadowcopy\shadowcopy\shadowcopy\shadowcopy\shadowcopy\shadowcopy\shadowcopy\shadowcopy\Windows\winsxs\x86_microsoft-windows-msvcrt_31bf3856ad364e35_6.0.6001.18000_none_d15536209ee61dad\msvcrt.dll --a---- 680448 bytes [02:49 21/01/2008] [02:49 21/01/2008] 04CBEAA089B6A752B3EB660BEE8C4964
C:\shadowcopy\shadowcopy\shadowcopy\shadowcopy\shadowcopy\shadowcopy\shadowcopy\shadowcopy\shadowcopy\shadowcopy\Windows\winsxs\x86_microsoft-windows-msvcrt_31bf3856ad364e35_6.0.6002.18005_none_d340af2c9c07e8f9\msvcrt.dll --a---- 679936 bytes [09:29 03/12/2009] [06:28 11/04/2009] F5E991236960137B1F5449C5E5DF4656
C:\shadowcopy\shadowcopy\shadowcopy\shadowcopy\shadowcopy\shadowcopy\shadowcopy\shadowcopy\shadowcopy\Users\elly\Downloads\KYOCERA_KX_4.2.1027a_2K_XP_EN\Kyocera KX Driver 4.2.1027a\KACT\msvcrt.dll --a---- 286773 bytes [11:05 19/06/2003] [11:05 19/06/2003] BA7BE6F92680B28B9031170659FD222D
C:\shadowcopy\shadowcopy\shadowcopy\shadowcopy\shadowcopy\shadowcopy\shadowcopy\shadowcopy\shadowcopy\Windows\System32\msvcrt.dll --a---- 621056 bytes [09:29 03/12/2009] [07:11 11/04/2009] 37B71108BFD6E276695CE24171F2889B
C:\shadowcopy\shadowcopy\shadowcopy\shadowcopy\shadowcopy\shadowcopy\shadowcopy\shadowcopy\shadowcopy\Windows\SysWOW64\msvcrt.dll --a---- 679936 bytes [09:29 03/12/2009] [06:28 11/04/2009] F5E991236960137B1F5449C5E5DF4656
C:\shadowcopy\shadowcopy\shadowcopy\shadowcopy\shadowcopy\shadowcopy\shadowcopy\shadowcopy\shadowcopy\Windows\winsxs\amd64_microsoft-windows-msvcrt_31bf3856ad364e35_6.0.6001.18000_none_2d73d1a457438ee3\msvcrt.dll --a---- 621056 bytes [02:49 21/01/2008] [02:49 21/01/2008] 11DB261E8EE318CA41498300327CB5F2
C:\shadowcopy\shadowcopy\shadowcopy\shadowcopy\shadowcopy\shadowcopy\shadowcopy\shadowcopy\shadowcopy\Windows\winsxs\amd64_microsoft-windows-msvcrt_31bf3856ad364e35_6.0.6002.18005_none_2f5f4ab054655a2f\msvcrt.dll --a---- 621056 bytes [09:29 03/12/2009] [07:11 11/04/2009] 37B71108BFD6E276695CE24171F2889B
C:\shadowcopy\shadowcopy\shadowcopy\shadowcopy\shadowcopy\shadowcopy\shadowcopy\shadowcopy\shadowcopy\Windows\winsxs\x86_microsoft-windows-msvcrt_31bf3856ad364e35_6.0.6001.18000_none_d15536209ee61dad\msvcrt.dll --a---- 680448 bytes [02:49 21/01/2008] [02:49 21/01/2008] 04CBEAA089B6A752B3EB660BEE8C4964
C:\shadowcopy\shadowcopy\shadowcopy\shadowcopy\shadowcopy\shadowcopy\shadowcopy\shadowcopy\shadowcopy\Windows\winsxs\x86_microsoft-windows-msvcrt_31bf3856ad364e35_6.0.6002.18005_none_d340af2c9c07e8f9\msvcrt.dll --a---- 679936 bytes [09:29 03/12/2009] [06:28 11/04/2009] F5E991236960137B1F5449C5E5DF4656
C:\shadowcopy\shadowcopy\shadowcopy\shadowcopy\shadowcopy\shadowcopy\shadowcopy\shadowcopy\Users\elly\Downloads\KYOCERA_KX_4.2.1027a_2K_XP_EN\Kyocera KX Driver 4.2.1027a\KACT\msvcrt.dll --a---- 286773 bytes [11:05 19/06/2003] [11:05 19/06/2003] BA7BE6F92680B28B9031170659FD222D
C:\shadowcopy\shadowcopy\shadowcopy\shadowcopy\shadowcopy\shadowcopy\shadowcopy\shadowcopy\Windows\System32\msvcrt.dll --a---- 621056 bytes [09:29 03/12/2009] [07:11 11/04/2009] 37B71108BFD6E276695CE24171F2889B
C:\shadowcopy\shadowcopy\shadowcopy\shadowcopy\shadowcopy\shadowcopy\shadowcopy\shadowcopy\Windows\SysWOW64\msvcrt.dll --a---- 679936 bytes [09:29 03/12/2009] [06:28 11/04/2009] F5E991236960137B1F5449C5E5DF4656
C:\shadowcopy\shadowcopy\shadowcopy\shadowcopy\shadowcopy\shadowcopy\shadowcopy\shadowcopy\Windows\winsxs\amd64_microsoft-windows-msvcrt_31bf3856ad364e35_6.0.6001.18000_none_2d73d1a457438ee3\msvcrt.dll --a---- 621056 bytes [02:49 21/01/2008] [02:49 21/01/2008] 11DB261E8EE318CA41498300327CB5F2
C:\shadowcopy\shadowcopy\shadowcopy\shadowcopy\shadowcopy\shadowcopy\shadowcopy\shadowcopy\Windows\winsxs\amd64_microsoft-windows-msvcrt_31bf3856ad364e35_6.0.6002.18005_none_2f5f4ab054655a2f\msvcrt.dll --a---- 621056 bytes [09:29 03/12/2009] [07:11 11/04/2009] 37B71108BFD6E276695CE24171F2889B
C:\shadowcopy\shadowcopy\shadowcopy\shadowcopy\shadowcopy\shadowcopy\shadowcopy\shadowcopy\Windows\winsxs\x86_microsoft-windows-msvcrt_31bf3856ad364e35_6.0.6001.18000_none_d15536209ee61dad\msvcrt.dll --a---- 680448 bytes [02:49 21/01/2008] [02:49 21/01/2008] 04CBEAA089B6A752B3EB660BEE8C4964
C:\shadowcopy\shadowcopy\shadowcopy\shadowcopy\shadowcopy\shadowcopy\shadowcopy\shadowcopy\Windows\winsxs\x86_microsoft-windows-msvcrt_31bf3856ad364e35_6.0.6002.18005_none_d340af2c9c07e8f9\msvcrt.dll --a---- 679936 bytes [09:29 03/12/2009] [06:28 11/04/2009] F5E991236960137B1F5449C5E5DF4656
C:\shadowcopy\shadowcopy\shadowcopy\shadowcopy\shadowcopy\shadowcopy\shadowcopy\Users\elly\Downloads\KYOCERA_KX_4.2.1027a_2K_XP_EN\Kyocera KX Driver 4.2.1027a\KACT\msvcrt.dll --a---- 286773 bytes [11:05 19/06/2003] [11:05 19/06/2003] BA7BE6F92680B28B9031170659FD222D
C:\shadowcopy\shadowcopy\shadowcopy\shadowcopy\shadowcopy\shadowcopy\shadowcopy\Windows\System32\msvcrt.dll --a---- 621056 bytes [09:29 03/12/2009] [07:11 11/04/2009] 37B71108BFD6E276695CE24171F2889B
C:\shadowcopy\shadowcopy\shadowcopy\shadowcopy\shadowcopy\shadowcopy\shadowcopy\Windows\SysWOW64\msvcrt.dll --a---- 679936 bytes [09:29 03/12/2009] [06:28 11/04/2009] F5E991236960137B1F5449C5E5DF4656
C:\shadowcopy\shadowcopy\shadowcopy\shadowcopy\shadowcopy\shadowcopy\shadowcopy\Windows\winsxs\amd64_microsoft-windows-msvcrt_31bf3856ad364e35_6.0.6001.18000_none_2d73d1a457438ee3\msvcrt.dll --a---- 621056 bytes [02:49 21/01/2008] [02:49 21/01/2008] 11DB261E8EE318CA41498300327CB5F2
C:\shadowcopy\shadowcopy\shadowcopy\shadowcopy\shadowcopy\shadowcopy\shadowcopy\Windows\winsxs\amd64_microsoft-windows-msvcrt_31bf3856ad364e35_6.0.6002.18005_none_2f5f4ab054655a2f\msvcrt.dll --a---- 621056 bytes [09:29 03/12/2009] [07:11 11/04/2009] 37B71108BFD6E276695CE24171F2889B
C:\shadowcopy\shadowcopy\shadowcopy\shadowcopy\shadowcopy\shadowcopy\shadowcopy\Windows\winsxs\x86_microsoft-windows-msvcrt_31bf3856ad364e35_6.0.6001.18000_none_d15536209ee61dad\msvcrt.dll --a---- 680448 bytes [02:49 21/01/2008] [02:49 21/01/2008] 04CBEAA089B6A752B3EB660BEE8C4964
C:\shadowcopy\shadowcopy\shadowcopy\shadowcopy\shadowcopy\shadowcopy\shadowcopy\Windows\winsxs\x86_microsoft-windows-msvcrt_31bf3856ad364e35_6.0.6002.18005_none_d340af2c9c07e8f9\msvcrt.dll --a---- 679936 bytes [09:29 03/12/2009] [06:28 11/04/2009] F5E991236960137B1F5449C5E5DF4656
C:\shadowcopy\shadowcopy\shadowcopy\shadowcopy\shadowcopy\shadowcopy\Users\elly\Downloads\KYOCERA_KX_4.2.1027a_2K_XP_EN\Kyocera KX Driver 4.2.1027a\KACT\msvcrt.dll --a---- 286773 bytes [11:05 19/06/2003] [11:05 19/06/2003] BA7BE6F92680B28B9031170659FD222D
C:\shadowcopy\shadowcopy\shadowcopy\shadowcopy\shadowcopy\shadowcopy\Windows\System32\msvcrt.dll --a---- 621056 bytes [09:29 03/12/2009] [07:11 11/04/2009] 37B71108BFD6E276695CE24171F2889B
C:\shadowcopy\shadowcopy\shadowcopy\shadowcopy\shadowcopy\shadowcopy\Windows\SysWOW64\msvcrt.dll --a---- 679936 bytes [09:29 03/12/2009] [06:28 11/04/2009] F5E991236960137B1F5449C5E5DF4656
C:\shadowcopy\shadowcopy\shadowcopy\shadowcopy\shadowcopy\shadowcopy\Windows\winsxs\amd64_microsoft-windows-msvcrt_31bf3856ad364e35_6.0.6001.18000_none_2d73d1a457438ee3\msvcrt.dll --a---- 621056 bytes [02:49 21/01/2008] [02:49 21/01/2008] 11DB261E8EE318CA41498300327CB5F2
C:\shadowcopy\shadowcopy\shadowcopy\shadowcopy\shadowcopy\shadowcopy\Windows\winsxs\amd64_microsoft-windows-msvcrt_31bf3856ad364e35_6.0.6002.18005_none_2f5f4ab054655a2f\msvcrt.dll --a---- 621056 bytes [09:29 03/12/2009] [07:11 11/04/2009] 37B71108BFD6E276695CE24171F2889B
C:\shadowcopy\shadowcopy\shadowcopy\shadowcopy\shadowcopy\shadowcopy\Windows\winsxs\x86_microsoft-windows-msvcrt_31bf3856ad364e35_6.0.6001.18000_none_d15536209ee61dad\msvcrt.dll --a---- 680448 bytes [02:49 21/01/2008] [02:49 21/01/2008] 04CBEAA089B6A752B3EB660BEE8C4964
C:\shadowcopy\shadowcopy\shadowcopy\shadowcopy\shadowcopy\shadowcopy\Windows\winsxs\x86_microsoft-windows-msvcrt_31bf3856ad364e35_6.0.6002.18005_none_d340af2c9c07e8f9\msvcrt.dll --a---- 679936 bytes [09:29 03/12/2009] [06:28 11/04/2009] F5E991236960137B1F5449C5E5DF4656
C:\shadowcopy\shadowcopy\shadowcopy\shadowcopy\shadowcopy\Users\elly\Downloads\KYOCERA_KX_4.2.1027a_2K_XP_EN\Kyocera KX Driver 4.2.1027a\KACT\msvcrt.dll --a---- 286773 bytes [11:05 19/06/2003] [11:05 19/06/2003] BA7BE6F92680B28B9031170659FD222D
C:\shadowcopy\shadowcopy\shadowcopy\shadowcopy\shadowcopy\Windows\System32\msvcrt.dll --a---- 621056 bytes [09:29 03/12/2009] [07:11 11/04/2009] 37B71108BFD6E276695CE24171F2889B
C:\shadowcopy\shadowcopy\shadowcopy\shadowcopy\shadowcopy\Windows\SysWOW64\msvcrt.dll --a---- 679936 bytes [09:29 03/12/2009] [06:28 11/04/2009] F5E991236960137B1F5449C5E5DF4656
C:\shadowcopy\shadowcopy\shadowcopy\shadowcopy\shadowcopy\Windows\winsxs\amd64_microsoft-windows-msvcrt_31bf3856ad364e35_6.0.6001.18000_none_2d73d1a457438ee3\msvcrt.dll --a---- 621056 bytes [02:49 21/01/2008] [02:49 21/01/2008] 11DB261E8EE318CA41498300327CB5F2
C:\shadowcopy\shadowcopy\shadowcopy\shadowcopy\shadowcopy\Windows\winsxs\amd64_microsoft-windows-msvcrt_31bf3856ad364e35_6.0.6002.18005_none_2f5f4ab054655a2f\msvcrt.dll --a---- 621056 bytes [09:29 03/12/2009] [07:11 11/04/2009] 37B71108BFD6E276695CE24171F2889B
C:\shadowcopy\shadowcopy\shadowcopy\shadowcopy\shadowcopy\Windows\winsxs\x86_microsoft-windows-msvcrt_31bf3856ad364e35_6.0.6001.18000_none_d15536209ee61dad\msvcrt.dll --a---- 680448 bytes [02:49 21/01/2008] [02:49 21/01/2008] 04CBEAA089B6A752B3EB660BEE8C4964
C:\shadowcopy\shadowcopy\shadowcopy\shadowcopy\shadowcopy\Windows\winsxs\x86_microsoft-windows-msvcrt_31bf3856ad364e35_6.0.6002.18005_none_d340af2c9c07e8f9\msvcrt.dll --a---- 679936 bytes [09:29 03/12/2009] [06:28 11/04/2009] F5E991236960137B1F5449C5E5DF4656
C:\shadowcopy\shadowcopy\shadowcopy\shadowcopy\Users\elly\Downloads\KYOCERA_KX_4.2.1027a_2K_XP_EN\Kyocera KX Driver 4.2.1027a\KACT\msvcrt.dll --a---- 286773 bytes [11:05 19/06/2003] [11:05 19/06/2003] BA7BE6F92680B28B9031170659FD222D
C:\shadowcopy\shadowcopy\shadowcopy\shadowcopy\Windows\System32\msvcrt.dll --a---- 621056 bytes [09:29 03/12/2009] [07:11 11/04/2009] 37B71108BFD6E276695CE24171F2889B
C:\shadowcopy\shadowcopy\shadowcopy\shadowcopy\Windows\SysWOW64\msvcrt.dll --a---- 679936 bytes [09:29 03/12/2009] [06:28 11/04/2009] F5E991236960137B1F5449C5E5DF4656
C:\shadowcopy\shadowcopy\shadowcopy\shadowcopy\Windows\winsxs\amd64_microsoft-windows-msvcrt_31bf3856ad364e35_6.0.6001.18000_none_2d73d1a457438ee3\msvcrt.dll --a---- 621056 bytes [02:49 21/01/2008] [02:49 21/01/2008] 11DB261E8EE318CA41498300327CB5F2
C:\shadowcopy\shadowcopy\shadowcopy\shadowcopy\Windows\winsxs\amd64_microsoft-windows-msvcrt_31bf3856ad364e35_6.0.6002.18005_none_2f5f4ab054655a2f\msvcrt.dll --a---- 621056 bytes [09:29 03/12/2009] [07:11 11/04/2009] 37B71108BFD6E276695CE24171F2889B
C:\shadowcopy\shadowcopy\shadowcopy\shadowcopy\Windows\winsxs\x86_microsoft-windows-msvcrt_31bf3856ad364e35_6.0.6001.18000_none_d15536209ee61dad\msvcrt.dll --a---- 680448 bytes [02:49 21/01/2008] [02:49 21/01/2008] 04CBEAA089B6A752B3EB660BEE8C4964
C:\shadowcopy\shadowcopy\shadowcopy\shadowcopy\Windows\winsxs\x86_microsoft-windows-msvcrt_31bf3856ad364e35_6.0.6002.18005_none_d340af2c9c07e8f9\msvcrt.dll --a---- 679936 bytes [09:29 03/12/2009] [06:28 11/04/2009] F5E991236960137B1F5449C5E5DF4656
C:\shadowcopy\shadowcopy\shadowcopy\Users\elly\Downloads\KYOCERA_KX_4.2.1027a_2K_XP_EN\Kyocera KX Driver 4.2.1027a\KACT\msvcrt.dll --a---- 286773 bytes [11:05 19/06/2003] [11:05 19/06/2003] BA7BE6F92680B28B9031170659FD222D
C:\shadowcopy\shadowcopy\shadowcopy\Windows\System32\msvcrt.dll --a---- 621056 bytes [09:29 03/12/2009] [07:11 11/04/2009] 37B71108BFD6E276695CE24171F2889B
C:\shadowcopy\shadowcopy\shadowcopy\Windows\SysWOW64\msvcrt.dll --a---- 679936 bytes [09:29 03/12/2009] [06:28 11/04/2009] F5E991236960137B1F5449C5E5DF4656
C:\shadowcopy\shadowcopy\shadowcopy\Windows\winsxs\amd64_microsoft-windows-msvcrt_31bf3856ad364e35_6.0.6001.18000_none_2d73d1a457438ee3\msvcrt.dll --a---- 621056 bytes [02:49 21/01/2008] [02:49 21/01/2008] 11DB261E8EE318CA41498300327CB5F2
C:\shadowcopy\shadowcopy\shadowcopy\Windows\winsxs\amd64_microsoft-windows-msvcrt_31bf3856ad364e35_6.0.6002.18005_none_2f5f4ab054655a2f\msvcrt.dll --a---- 621056 bytes [09:29 03/12/2009] [07:11 11/04/2009] 37B71108BFD6E276695CE24171F2889B
C:\shadowcopy\shadowcopy\shadowcopy\Windows\winsxs\x86_microsoft-windows-msvcrt_31bf3856ad364e35_6.0.6001.18000_none_d15536209ee61dad\msvcrt.dll --a---- 680448 bytes [02:49 21/01/2008] [02:49 21/01/2008] 04CBEAA089B6A752B3EB660BEE8C4964
C:\shadowcopy\shadowcopy\shadowcopy\Windows\winsxs\x86_microsoft-windows-msvcrt_31bf3856ad364e35_6.0.6002.18005_none_d340af2c9c07e8f9\msvcrt.dll --a---- 679936 bytes [09:29 03/12/2009] [06:28 11/04/2009] F5E991236960137B1F5449C5E5DF4656
C:\shadowcopy\shadowcopy\Users\elly\Downloads\KYOCERA_KX_4.2.1027a_2K_XP_EN\Kyocera KX Driver 4.2.1027a\KACT\msvcrt.dll --a---- 286773 bytes [11:05 19/06/2003] [11:05 19/06/2003] BA7BE6F92680B28B9031170659FD222D
C:\shadowcopy\shadowcopy\Windows\System32\msvcrt.dll --a---- 621056 bytes [09:29 03/12/2009] [07:11 11/04/2009] 37B71108BFD6E276695CE24171F2889B
C:\shadowcopy\shadowcopy\Windows\SysWOW64\msvcrt.dll --a---- 679936 bytes [09:29 03/12/2009] [06:28 11/04/2009] F5E991236960137B1F5449C5E5DF4656
C:\shadowcopy\shadowcopy\Windows\winsxs\amd64_microsoft-windows-msvcrt_31bf3856ad364e35_6.0.6001.18000_none_2d73d1a457438ee3\msvcrt.dll --a---- 621056 bytes [02:49 21/01/2008] [02:49 21/01/2008] 11DB261E8EE318CA41498300327CB5F2
C:\shadowcopy\shadowcopy\Windows\winsxs\amd64_microsoft-windows-msvcrt_31bf3856ad364e35_6.0.6002.18005_none_2f5f4ab054655a2f\msvcrt.dll --a---- 621056 bytes [09:29 03/12/2009] [07:11 11/04/2009] 37B71108BFD6E276695CE24171F2889B
C:\shadowcopy\shadowcopy\Windows\winsxs\x86_microsoft-windows-msvcrt_31bf3856ad364e35_6.0.6001.18000_none_d15536209ee61dad\msvcrt.dll --a---- 680448 bytes [02:49 21/01/2008] [02:49 21/01/2008] 04CBEAA089B6A752B3EB660BEE8C4964
C:\shadowcopy\shadowcopy\Windows\winsxs\x86_microsoft-windows-msvcrt_31bf3856ad364e35_6.0.6002.18005_none_d340af2c9c07e8f9\msvcrt.dll --a---- 679936 bytes [09:29 03/12/2009] [06:28 11/04/2009] F5E991236960137B1F5449C5E5DF4656
C:\shadowcopy\Users\elly\Downloads\KYOCERA_KX_4.2.1027a_2K_XP_EN\Kyocera KX Driver 4.2.1027a\KACT\msvcrt.dll --a---- 286773 bytes [11:05 19/06/2003] [11:05 19/06/2003] BA7BE6F92680B28B9031170659FD222D
C:\shadowcopy\Windows\System32\msvcrt.dll --a---- 621056 bytes [09:29 03/12/2009] [07:11 11/04/2009] 37B71108BFD6E276695CE24171F2889B
C:\shadowcopy\Windows\SysWOW64\msvcrt.dll --a---- 679936 bytes [09:29 03/12/2009] [06:28 11/04/2009] F5E991236960137B1F5449C5E5DF4656
C:\shadowcopy\Windows\winsxs\amd64_microsoft-windows-msvcrt_31bf3856ad364e35_6.0.6001.18000_none_2d73d1a457438ee3\msvcrt.dll --a---- 621056 bytes [02:49 21/01/2008] [02:49 21/01/2008] 11DB261E8EE318CA41498300327CB5F2
C:\shadowcopy\Windows\winsxs\amd64_microsoft-windows-msvcrt_31bf3856ad364e35_6.0.6002.18005_none_2f5f4ab054655a2f\msvcrt.dll --a---- 621056 bytes [09:29 03/12/2009] [07:11 11/04/2009] 37B71108BFD6E276695CE24171F2889B
C:\shadowcopy\Windows\winsxs\x86_microsoft-windows-msvcrt_31bf3856ad364e35_6.0.6001.18000_none_d15536209ee61dad\msvcrt.dll --a---- 680448 bytes [02:49 21/01/2008] [02:49 21/01/2008] 04CBEAA089B6A752B3EB660BEE8C4964
C:\shadowcopy\Windows\winsxs\x86_microsoft-windows-msvcrt_31bf3856ad364e35_6.0.6002.18005_none_d340af2c9c07e8f9\msvcrt.dll --a---- 679936 bytes [09:29 03/12/2009] [06:28 11/04/2009] F5E991236960137B1F5449C5E5DF4656
C:\Users\elly\Downloads\KYOCERA_KX_4.2.1027a_2K_XP_EN\Kyocera KX Driver 4.2.1027a\KACT\msvcrt.dll --a---- 286773 bytes [11:05 19/06/2003] [11:05 19/06/2003] BA7BE6F92680B28B9031170659FD222D
C:\Windows\System32\msvcrt.dll --a---- 679936 bytes [09:29 03/12/2009] [06:28 11/04/2009] F5E991236960137B1F5449C5E5DF4656
C:\Windows\SysWOW64\msvcrt.dll --a---- 679936 bytes [09:29 03/12/2009] [06:28 11/04/2009] F5E991236960137B1F5449C5E5DF4656
C:\Windows\winsxs\amd64_microsoft-windows-msvcrt_31bf3856ad364e35_6.0.6001.18000_none_2d73d1a457438ee3\msvcrt.dll --a---- 621056 bytes [02:49 21/01/2008] [02:49 21/01/2008] 11DB261E8EE318CA41498300327CB5F2
C:\Windows\winsxs\amd64_microsoft-windows-msvcrt_31bf3856ad364e35_6.0.6002.18005_none_2f5f4ab054655a2f\msvcrt.dll --a---- 621056 bytes [09:29 03/12/2009] [07:11 11/04/2009] 37B71108BFD6E276695CE24171F2889B
C:\Windows\winsxs\x86_microsoft-windows-msvcrt_31bf3856ad364e35_6.0.6001.18000_none_d15536209ee61dad\msvcrt.dll --a---- 680448 bytes [02:49 21/01/2008] [02:49 21/01/2008] 04CBEAA089B6A752B3EB660BEE8C4964
C:\Windows\winsxs\x86_microsoft-windows-msvcrt_31bf3856ad364e35_6.0.6002.18005_none_d340af2c9c07e8f9\msvcrt.dll --a---- 679936 bytes [09:29 03/12/2009] [06:28 11/04/2009] F5E991236960137B1F5449C5E5DF4656

-= EOF =-

Blade81
2011-10-19, 15:32
Hi,

I think we've tried all we can here. That said, it's recommended to backup all important data and then reformat the system. I've asked my colleagues opinions too and they agree that would be proper action on this case.

ellybug
2011-10-20, 05:48
I appreciate your continued attempts to help me resolve the problems. Thanks for all your effort!

Cheers.

Blade81
2011-10-20, 07:23
You're welcome :)