Jump to content

Welcome to Geeks to Go - Register now for FREE

Geeks To Go is a helpful hub, where thousands of volunteer geeks quickly serve friendly answers and support. Check out the forums and get free advice from the experts. Register now to gain access to all of our features, it's FREE and only takes one minute. Once registered and logged in, you will be able to create topics, post replies to existing threads, give reputation to your fellow members, get your own private messenger, post status updates, manage your profile and so much more.

Create Account How it Works
Photo

My Netbook's CPU usage is 100%when idle and too slow!


  • Please log in to reply

#46
polepole

polepole

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 102 posts
Hi
When i tried to browse for this file(C:\windows\system32\drivers\umpnpmgr.dll) to scan it on virus total, i couldnt find it. I have opened the the files in C up to drivers to look for umpnpmgr.dll and i didnt find it.
Thanks
  • 0

Advertisements


#47
RKinner

RKinner

    Malware Expert

  • Expert
  • 21,469 posts
  • MVP
OK. XP does it differently than Win 7. Look for

C:\windows\system32\services.exe and submit it to virustotal.com

Ron
  • 0

#48
RKinner

RKinner

    Malware Expert

  • Expert
  • 21,469 posts
  • MVP
Turn on Plug and Play and Run Process Explorer again and click a couple of times on the PROCESS column header until it shows the processes with sub processes indented under them. Example.
System
    Interrupts
    CSRSS.exe
    winlogon.exe
        services.exe

Then do File, Save As, and save the file. Open it and copy it into a reply.

Ron
  • 0

#49
polepole

polepole

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 102 posts
This is what i got from virus total

File already submitted: The file sent has already been analysed by VirusTotal in the past. This is same basic info regarding the sample itself and its last analysis:
MD5: 0e776ed5f7cc9f94299e70461b7b8185
Date first seen: 2009-02-12 08:37:41 (UTC)
Date last seen: 2011-11-07 21:09:42 (UTC)
Detection ratio: 1/43

What do you wish to do?
  • 0

#50
RKinner

RKinner

    Malware Expert

  • Expert
  • 21,469 posts
  • MVP
Let's see the Process Explorer file.
  • 0

#51
polepole

polepole

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 102 posts
This the process Explorer

Process PID CPU Private Bytes Working Set Description Company Name
System Idle Process 0 0 K 28 K
System 4 0 K 260 K
Interrupts n/a < 0.01 0 K 0 K Hardware Interrupts and DPCs
smss.exe 1568 168 K 388 K Windows NT Session Manager Microsoft Corporation
csrss.exe 1640 1.54 1,520 K 3,748 K Client Server Runtime Process Microsoft Corporation
winlogon.exe 1664 6,504 K 3,936 K Windows NT Logon Application Microsoft Corporation
services.exe 1708 90.00 2,296 K 3,884 K Services and Controller app Microsoft Corporation
svchost.exe 1904 2,980 K 4,776 K Generic Host Process for Win32 Services Microsoft Corporation
rapimgr.exe 1124 1,516 K 5,244 K ActiveSync RAPI Manager Microsoft Corporation
wmiprvse.exe 3428 2,388 K 4,736 K
svchost.exe 1988 1.54 1,716 K 4,148 K Generic Host Process for Win32 Services Microsoft Corporation
svchost.exe 236 12,880 K 19,252 K Generic Host Process for Win32 Services Microsoft Corporation
wscntfy.exe 3376 636 K 2,584 K Windows Security Center Notification App Microsoft Corporation
svchost.exe 336 1,252 K 3,452 K Generic Host Process for Win32 Services Microsoft Corporation
svchost.exe 492 1,728 K 4,668 K Generic Host Process for Win32 Services Microsoft Corporation
spoolsv.exe 968 3,108 K 4,852 K Spooler SubSystem App Microsoft Corporation
HWDeviceService.exe 1368 752 K 2,376 K DCSHOST
jqs.exe 160 2,436 K 4,056 K Java™ Quick Starter Service Sun Microsystems, Inc.
mbamservice.exe 180 0.77 88,524 K 88,072 K Malwarebytes' Anti-Malware Malwarebytes Corporation
svchost.exe 1056 1,232 K 3,488 K Generic Host Process for Win32 Services Microsoft Corporation
MonServiceUDisk.exe 1212 1,840 K 2,856 K
alg.exe 368 1,124 K 3,484 K Application Layer Gateway Service Microsoft Corporation
lsass.exe 1720 3,624 K 1,648 K LSA Shell (Export Version) Microsoft Corporation
explorer.exe 1632 3.85 17,304 K 22,932 K Windows Explorer Microsoft Corporation
gnotify.exe 288 1,284 K 4,712 K Gmail Notifier Google Inc.
realsched.exe 300 844 K 224 K RealNetworks Scheduler RealNetworks, Inc.
jusched.exe 312 1,020 K 4,092 K Java™ Update Scheduler Sun Microsystems, Inc.
jucheck.exe 2844 2,136 K 4,304 K Java™ Update Checker Sun Microsystems, Inc.
mbamgui.exe 444 3,144 K 5,792 K Malwarebytes' Anti-Malware Malwarebytes Corporation
FLVSrvc.exe 632 764 K 2,672 K FLV Service for Freecorder 4 Applian Technologies, Inc.
oldmcdonald.exe 668 0.77 7,704 K 2,280 K Old McDonald Old McDonald's Farm
billy.exe 1932 0.77 6,000 K 1,960 K Billy The Goat Old McDonald's Farm
AutoDect.exe 680 268 K 988 K AutoDect
AdobeARM.exe 716 4,128 K 7,828 K Adobe Reader and Acrobat Manager Adobe Systems Incorporated
ctfmon.exe 732 956 K 3,780 K CTF Loader Microsoft Corporation
wweb32.exe 748 2,208 K 1,420 K WordWeb Thesaurus/Dictionary WordWeb Software
wcescomm.exe 756 1,344 K 5,016 K ActiveSync Connection Manager Microsoft Corporation
autochartist_interbankfx.exe 520 14,924 K 4,524 K
Hotsync.exe 1228 4,076 K 8,644 K HotSync® Manager Application PalmSource, Inc
firefox.exe 2692 90,912 K 98,088 K Firefox Mozilla Corporation
procexp.exe 256 0.77 14,780 K 18,428 K Sysinternals Process Explorer Sysinternals - www.sysinternals.com
ouc.exe 148 1,516 K 3,740 K
  • 0

#52
RKinner

RKinner

    Malware Expert

  • Expert
  • 21,469 posts
  • MVP
Get Tasklist.exe from http://www.computerh...xp/tasklist.exe

Save it to C:\

Then Start, Run, cmd, OK
[copy]
tasklist /m > \junk.txt
notepad \junk.txt
[/copy]

Could you do it with and without the Plug and Play service running?

Ron
  • 0

#53
polepole

polepole

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 102 posts
I will try to do it in both although when the play and plug is on the netbook is too slow. let me try.
  • 0

#54
RKinner

RKinner

    Malware Expert

  • Expert
  • 21,469 posts
  • MVP
Download the program with Plug and Play turned off.

Once it's saved to c:\ then run tasklist /m without P&P then with it.

Ron
  • 0

#55
polepole

polepole

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 102 posts
This log is when the play and plug is unchecked.


Image Name PID Modules
========================= ====== =============================================
System Idle Process 0 N/A
System 4 N/A
smss.exe 1592 ntdll.dll
csrss.exe 1640 ntdll.dll, CSRSRV.dll, basesrv.dll,
winsrv.dll, GDI32.dll, KERNEL32.dll,
USER32.dll, sxs.dll, ADVAPI32.dll,
RPCRT4.dll, Secur32.dll
winlogon.exe 1664 ntdll.dll, kernel32.dll, ADVAPI32.dll,
RPCRT4.dll, Secur32.dll, AUTHZ.dll,
msvcrt.dll, CRYPT32.dll, MSASN1.dll,
USER32.dll, GDI32.dll, NDdeApi.dll,
PROFMAP.dll, NETAPI32.dll, USERENV.dll,
PSAPI.DLL, REGAPI.dll, SETUPAPI.dll,
VERSION.dll, WINSTA.dll, WINTRUST.dll,
IMAGEHLP.dll, WS2_32.dll, WS2HELP.dll,
IMM32.DLL, MSGINA.dll, COMCTL32.dll,
ODBC32.dll, comdlg32.dll, SHELL32.dll,
SHLWAPI.dll, comctl32.dll, odbcint.dll,
SHSVCS.dll, sfc.dll, sfc_os.dll, ole32.dll,
Apphelp.dll, msctfime.ime, WINSCARD.DLL,
WTSAPI32.dll, sxs.dll, uxtheme.dll,
WINMM.dll, cscdll.dll, dimsntfy.dll,
klogon.dll, rsaenh.dll, WlNotify.dll,
MPR.dll, WINSPOOL.DRV, msv1_0.dll,
iphlpapi.dll, SAMLIB.dll, cscui.dll,
xpsp2res.dll, NTMARTA.DLL, WLDAP32.dll,
COMRes.dll, OLEAUT32.dll, CLBCATQ.DLL
services.exe 1708 ntdll.dll, kernel32.dll, ADVAPI32.dll,
RPCRT4.dll, Secur32.dll, msvcrt.dll,
NCObjAPI.DLL, MSVCP60.dll, SCESRV.dll,
AUTHZ.dll, USER32.dll, GDI32.dll,
USERENV.dll, umpnpmgr.dll, WINSTA.dll,
NETAPI32.dll, ShimEng.dll, AcAdProc.dll,
IMM32.DLL, Apphelp.dll, VERSION.dll,
eventlog.dll, PSAPI.DLL, WS2_32.dll,
WS2HELP.dll
lsass.exe 1720 ntdll.dll, kernel32.dll, ADVAPI32.dll,
RPCRT4.dll, Secur32.dll, LSASRV.dll,
MPR.dll, USER32.dll, GDI32.dll, MSASN1.dll,
msvcrt.dll, NETAPI32.dll, NTDSAPI.dll,
DNSAPI.dll, WS2_32.dll, WS2HELP.dll,
WLDAP32.dll, SAMLIB.dll, SAMSRV.dll,
cryptdll.dll, ShimEng.dll, AcGenral.DLL,
WINMM.dll, ole32.dll, OLEAUT32.dll,
MSACM32.dll, VERSION.dll, SHELL32.dll,
SHLWAPI.dll, USERENV.dll, UxTheme.dll,
IMM32.DLL, comctl32.dll, comctl32.dll,
msprivs.dll, kerberos.dll, msv1_0.dll,
iphlpapi.dll, netlogon.dll, w32time.dll,
MSVCP60.dll, schannel.dll, CRYPT32.dll,
wdigest.dll, rsaenh.dll, setupapi.dll,
scecli.dll, ipsecsvc.dll, AUTHZ.dll,
oakley.DLL, WINIPSEC.DLL, pstorsvc.dll,
psbase.dll, mswsock.dll, hnetcfg.dll,
wshtcpip.dll, dssenh.dll
svchost.exe 1900 ntdll.dll, kernel32.dll, ADVAPI32.dll,
RPCRT4.dll, Secur32.dll, ShimEng.dll,
AcGenral.DLL, USER32.dll, GDI32.dll,
WINMM.dll, ole32.dll, msvcrt.dll,
OLEAUT32.dll, MSACM32.dll, VERSION.dll,
SHELL32.dll, SHLWAPI.dll, USERENV.dll,
UxTheme.dll, IMM32.DLL, comctl32.dll,
comctl32.dll, NTMARTA.DLL, SAMLIB.dll,
WLDAP32.dll, rpcss.dll, WS2_32.dll,
WS2HELP.dll, xpsp2res.dll, CLBCATQ.DLL,
COMRes.dll, Apphelp.dll, termsrv.dll,
ICAAPI.dll, SETUPAPI.dll, WINTRUST.dll,
CRYPT32.dll, MSASN1.dll, IMAGEHLP.dll,
AUTHZ.dll, mstlsapi.dll, ACTIVEDS.dll,
adsldpc.dll, NETAPI32.dll, ATL.DLL,
REGAPI.dll, rsaenh.dll
svchost.exe 1984 ntdll.dll, kernel32.dll, ADVAPI32.dll,
RPCRT4.dll, Secur32.dll, ShimEng.dll,
AcGenral.DLL, USER32.dll, GDI32.dll,
WINMM.dll, ole32.dll, msvcrt.dll,
OLEAUT32.dll, MSACM32.dll, VERSION.dll,
SHELL32.dll, SHLWAPI.dll, USERENV.dll,
UxTheme.dll, IMM32.DLL, comctl32.dll,
comctl32.dll, rpcss.dll, WS2_32.dll,
WS2HELP.dll, xpsp2res.dll, rsaenh.dll,
mswsock.dll, hnetcfg.dll, wshtcpip.dll,
DNSAPI.dll, iphlpapi.dll, winrnr.dll,
WLDAP32.dll, rasadhlp.dll, CLBCATQ.DLL,
COMRes.dll
svchost.exe 232 ntdll.dll, kernel32.dll, ADVAPI32.dll,
RPCRT4.dll, Secur32.dll, ShimEng.dll,
AcGenral.DLL, USER32.dll, GDI32.dll,
WINMM.dll, ole32.dll, msvcrt.dll,
OLEAUT32.dll, MSACM32.dll, VERSION.dll,
SHELL32.dll, SHLWAPI.dll, USERENV.dll,
UxTheme.dll, IMM32.DLL, comctl32.dll,
comctl32.dll, NTMARTA.DLL, SAMLIB.dll,
WLDAP32.dll, xpsp2res.dll, shsvcs.dll,
WINSTA.dll, NETAPI32.dll, dhcpcsvc.dll,
DNSAPI.dll, WS2_32.dll, WS2HELP.dll,
iphlpapi.dll, wzcsvc.dll, rtutils.dll,
WMI.dll, CRYPT32.dll, MSASN1.dll,
EapolQec.dll, ATL.DLL, QUtil.dll,
MSVCP60.dll, dot3api.dll, WTSAPI32.dll,
ESENT.dll, rsaenh.dll, CLBCATQ.DLL,
COMRes.dll, rastls.dll, CRYPTUI.dll,
WININET.dll, Normaliz.dll, urlmon.dll,
iertutil.dll, WINTRUST.dll, IMAGEHLP.dll,
MPRAPI.dll, ACTIVEDS.dll, adsldpc.dll,
SETUPAPI.dll, RASAPI32.dll, rasman.dll,
TAPI32.dll, SCHANNEL.dll, WinSCard.dll,
PSAPI.DLL, raschap.dll, msv1_0.dll,
schedsvc.dll, NTDSAPI.dll, MSIDLE.DLL,
wkssvc.dll, WZCSAPI.DLL, qmgr.dll, MPR.dll,
SHFOLDER.dll, WINHTTP.dll, mswsock.dll,
hnetcfg.dll, wshtcpip.dll, cryptsvc.dll,
certcli.dll, ersvc.dll, es.dll, pchsvc.dll,
netman.dll, netshell.dll, credui.dll,
dot3dlg.dll, OneX.DLL, eappcfg.dll,
eappprxy.dll, srvsvc.dll, seclogon.dll,
sens.dll, srsvc.dll, POWRPROF.dll, SXS.DLL,
trkwks.dll, w32time.dll, wuauserv.dll,
wuaueng.dll, ADVPACK.dll, Cabinet.dll,
mspatcha.dll, sfc.dll, sfc_os.dll,
WINSPOOL.DRV, browser.dll, wmisvc.dll,
VSSAPI.DLL, ipnathlp.dll, AUTHZ.dll,
wscsvc.dll, msi.dll, wbemcomn.dll,
wbemcore.dll, esscli.dll, FastProx.dll,
wmiutils.dll, comsvcs.dll, colbact.DLL,
MTXCLU.DLL, WSOCK32.dll, CLUSAPI.DLL,
RESUTILS.DLL, repdrvfs.dll, wmiprvsd.dll,
NCObjAPI.DLL, wbemess.dll, rasmans.dll,
WINIPSEC.DLL, netcfgx.dll, ncprov.dll,
upnp.dll, SSDPAPI.dll, Apphelp.dll,
rasadhlp.dll, RASDLG.dll, winrnr.dll,
dssenh.dll, wbemcons.dll, mlang.dll,
xmlprovi.dll, wbemsvc.dll
svchost.exe 404 ntdll.dll, kernel32.dll, ADVAPI32.dll,
RPCRT4.dll, Secur32.dll, ShimEng.dll,
AcGenral.DLL, USER32.dll, GDI32.dll,
WINMM.dll, ole32.dll, msvcrt.dll,
OLEAUT32.dll, MSACM32.dll, VERSION.dll,
SHELL32.dll, SHLWAPI.dll, USERENV.dll,
UxTheme.dll, IMM32.DLL, comctl32.dll,
comctl32.dll, dnsrslvr.dll, DNSAPI.dll,
WS2_32.dll, WS2HELP.dll, iphlpapi.dll,
rsaenh.dll, mswsock.dll, hnetcfg.dll,
wshtcpip.dll
svchost.exe 472 ntdll.dll, kernel32.dll, ADVAPI32.dll,
RPCRT4.dll, Secur32.dll, ShimEng.dll,
AcGenral.DLL, USER32.dll, GDI32.dll,
WINMM.dll, ole32.dll, msvcrt.dll,
OLEAUT32.dll, MSACM32.dll, VERSION.dll,
SHELL32.dll, SHLWAPI.dll, USERENV.dll,
UxTheme.dll, IMM32.DLL, comctl32.dll,
comctl32.dll, NTMARTA.DLL, SAMLIB.dll,
WLDAP32.dll, xpsp2res.dll, lmhsvc.dll,
iphlpapi.dll, WS2_32.dll, WS2HELP.dll,
webclnt.dll, WININET.dll, Normaliz.dll,
urlmon.dll, iertutil.dll, regsvc.dll,
ssdpsrv.dll, hnetcfg.dll, CLBCATQ.DLL,
COMRes.dll, mswsock.dll, wshtcpip.dll
spoolsv.exe 968 ntdll.dll, kernel32.dll, ADVAPI32.dll,
RPCRT4.dll, Secur32.dll, GDI32.dll,
USER32.dll, msvcrt.dll, ShimEng.dll,
AcGenral.DLL, WINMM.dll, ole32.dll,
OLEAUT32.dll, MSACM32.dll, VERSION.dll,
SHELL32.dll, SHLWAPI.dll, USERENV.dll,
UxTheme.dll, IMM32.DLL, comctl32.dll,
comctl32.dll, SPOOLSS.DLL, WS2_32.dll,
WS2HELP.dll, DNSAPI.dll, rasadhlp.dll,
localspl.dll, sfc_os.dll, WINTRUST.dll,
CRYPT32.dll, MSASN1.dll, IMAGEHLP.dll,
winspool.drv, netapi32.dll, cnbjmon.dll,
hpinksts8711LM.dll, PSAPI.DLL, pjlmon.dll,
tcpmon.dll, usbmon.dll, mswsock.dll,
winrnr.dll, WLDAP32.dll, win32spl.dll,
NETRAP.dll, NTDSAPI.dll, CLBCATQ.DLL,
COMRes.dll, xpsp2res.dll, inetpp.dll
explorer.exe 1144 ntdll.dll, kernel32.dll, ADVAPI32.dll,
RPCRT4.dll, Secur32.dll, BROWSEUI.dll,
GDI32.dll, USER32.dll, msvcrt.dll,
ole32.dll, SHLWAPI.dll, OLEAUT32.dll,
SHDOCVW.dll, CRYPT32.dll, MSASN1.dll,
CRYPTUI.dll, NETAPI32.dll, VERSION.dll,
WININET.dll, Normaliz.dll, urlmon.dll,
iertutil.dll, WINTRUST.dll, IMAGEHLP.dll,
WLDAP32.dll, SHELL32.dll, UxTheme.dll,
ShimEng.dll, AcGenral.DLL, WINMM.dll,
MSACM32.dll, USERENV.dll, IMM32.DLL,
comctl32.dll, comctl32.dll, msctfime.ime,
appHelp.dll, CLBCATQ.DLL, COMRes.dll,
cscui.dll, CSCDLL.dll, themeui.dll,
MSIMG32.dll, xpsp2res.dll, actxprxy.dll,
SAMLIB.dll, MPR.dll, drprov.dll,
ntlanman.dll, NETUI0.dll, NETUI1.dll,
NETRAP.dll, davclnt.dll, shgina.dll,
MSGINA.dll, ODBC32.dll, comdlg32.dll,
WINSTA.dll, odbcint.dll, wiashext.dll,
gdiplus.dll, SETUPAPI.dll, LINKINFO.dll,
ntshrui.dll, ATL.DLL, ieframe.dll,
NETSHELL.dll, credui.dll, dot3api.dll,
rtutils.dll, dot3dlg.dll, OneX.DLL,
WTSAPI32.dll, eappcfg.dll, MSVCP60.dll,
eappprxy.dll, iphlpapi.dll, WS2_32.dll,
WS2HELP.dll, msi.dll, FLVSrvLib.dll,
MSVCR90.dll, MLANG.dll, MSCTF.dll,
rsaenh.dll, webcheck.dll, stobject.dll,
BatMeter.dll, POWRPROF.dll, sti.dll,
CFGMGR32.dll, SXS.DLL
gnotify.exe 1400 ntdll.dll, kernel32.dll, WS2_32.dll,
ADVAPI32.dll, RPCRT4.dll, Secur32.dll,
msvcrt.dll, WS2HELP.dll, WINMM.dll,
GDI32.dll, USER32.dll, WININET.dll,
SHLWAPI.dll, Normaliz.dll, urlmon.dll,
ole32.dll, OLEAUT32.dll, iertutil.dll,
VERSION.dll, SHELL32.dll, SETUPAPI.dll,
CRYPT32.dll, MSASN1.dll, IMM32.DLL,
comctl32.dll, comctl32.dll, uxtheme.dll,
mswsock.dll, DNSAPI.dll, winrnr.dll,
WLDAP32.dll, riched20.dll, hnetcfg.dll,
wshtcpip.dll, msctfime.ime, RASAPI32.dll,
rasman.dll, NETAPI32.dll, TAPI32.dll,
rtutils.dll, USERENV.dll, sensapi.dll,
FLVSrvLib.dll, MSVCR90.dll, rasadhlp.dll,
wintrust.dll, IMAGEHLP.dll, schannel.dll,
rsaenh.dll, dssenh.dll, xpsp2res.dll,
cryptnet.dll, PSAPI.DLL, WINHTTP.dll,
MSCTF.dll, credui.dll, pstorec.dll, ATL.DLL,
CLBCATQ.DLL, COMRes.dll, browseui.dll
realsched.exe 1408 ntdll.dll, kernel32.dll, ole32.dll,
ADVAPI32.dll, RPCRT4.dll, Secur32.dll,
GDI32.dll, USER32.dll, msvcrt.dll,
VERSION.dll, SHELL32.dll, SHLWAPI.dll,
SETUPAPI.dll, IMM32.DLL, comctl32.dll,
comctl32.dll, uxtheme.dll, msctfime.ime,
NTMARTA.DLL, SAMLIB.dll, WLDAP32.dll,
FLVSrvLib.dll, MSVCR90.dll
jusched.exe 1420 ntdll.dll, kernel32.dll, ADVAPI32.dll,
RPCRT4.dll, Secur32.dll, GDI32.dll,
USER32.dll, WININET.dll, msvcrt.dll,
SHLWAPI.dll, Normaliz.dll, urlmon.dll,
ole32.dll, OLEAUT32.dll, iertutil.dll,
SHELL32.dll, IMM32.DLL, comctl32.dll,
comctl32.dll, uxtheme.dll
mbamgui.exe 1528 ntdll.dll, kernel32.dll, ADVAPI32.dll,
RPCRT4.dll, Secur32.dll, USER32.dll,
GDI32.dll, SHELL32.dll, msvcrt.dll,
SHLWAPI.dll, COMCTL32.dll, IMM32.DLL,
mbam.dll, ole32.dll, VERSION.dll,
mbamnet.dll, WS2_32.dll, WS2HELP.dll,
CRYPT32.dll, MSASN1.dll, IPHLPAPI.DLL,
rsaenh.dll, uxtheme.dll, MSCTF.dll,
FLVSrvLib.dll, MSVCR90.dll, msctfime.ime
FLVSrvc.exe 120 ntdll.dll, kernel32.dll, USER32.dll,
GDI32.dll, ADVAPI32.dll, RPCRT4.dll,
Secur32.dll, SHELL32.dll, msvcrt.dll,
SHLWAPI.dll, MSVCR90.dll, IMM32.DLL,
comctl32.dll, comctl32.dll, FLVSrvLib.dll,
uxtheme.dll, msctfime.ime, ole32.dll,
MSCTF.dll
oldmcdonald.exe 1932 ntdll.dll, kernel32.dll, ADVAPI32.dll,
RPCRT4.dll, Secur32.dll, COMCTL32.dll,
msvcrt.dll, GDI32.dll, USER32.dll,
SHLWAPI.dll, COMDLG32.dll, SHELL32.dll,
MPR.dll, ole32.dll, OLEAUT32.dll, PSAPI.DLL,
USERENV.dll, VERSION.dll, WININET.dll,
Normaliz.dll, urlmon.dll, iertutil.dll,
WINMM.dll, WSOCK32.dll, WS2_32.dll,
WS2HELP.dll, IMM32.DLL, uxtheme.dll,
SETUPAPI.dll, FLVSrvLib.dll, MSVCR90.dll,
msctfime.ime, MSCTF.dll, netapi32.dll,
CLBCATQ.DLL, COMRes.dll, scrobj.dll,
SXS.DLL, asycfilt.dll
AutoDect.exe 1944 ntdll.dll, kernel32.dll, USER32.dll,
GDI32.dll, ADVAPI32.dll, RPCRT4.dll,
Secur32.dll, IMM32.DLL
AdobeARM.exe 2028 ntdll.dll, kernel32.dll, msi.dll,
msvcrt.dll, ADVAPI32.dll, RPCRT4.dll,
Secur32.dll, USER32.dll, GDI32.dll,
ole32.dll, PSAPI.DLL, VERSION.dll,
COMDLG32.dll, COMCTL32.dll, SHLWAPI.dll,
SHELL32.dll, WINSPOOL.DRV, oledlg.dll,
OLEAUT32.dll, urlmon.dll, iertutil.dll,
CRYPT32.dll, MSASN1.dll, WINTRUST.dll,
IMAGEHLP.dll, USERENV.dll, IMM32.DLL,
uxtheme.dll, FLVSrvLib.dll, MSVCR90.dll,
xpsp2res.dll, CLBCATQ.DLL, COMRes.dll,
MSCTF.dll, rsaenh.dll, netapi32.dll,
cryptnet.dll, SensApi.dll, WINHTTP.dll,
WLDAP32.dll, msctfime.ime
avp.exe 2044 N/A
ctfmon.exe 172 ntdll.dll, kernel32.dll, msvcrt.dll,
ADVAPI32.dll, RPCRT4.dll, Secur32.dll,
USER32.dll, GDI32.dll, MSCTF.dll, MSUTB.dll,
ShimEng.dll, AcGenral.DLL, WINMM.dll,
ole32.dll, OLEAUT32.dll, MSACM32.dll,
VERSION.dll, SHELL32.dll, SHLWAPI.dll,
USERENV.dll, UxTheme.dll, IMM32.DLL,
comctl32.dll, FLVSrvLib.dll, MSVCR90.dll,
msctfime.ime
wweb32.exe 164 ntdll.dll, kernel32.dll, advapi32.dll,
RPCRT4.dll, Secur32.dll, user32.dll,
GDI32.dll, wweb32.dll, oleaut32.dll,
msvcrt.dll, ole32.dll, msimg32.dll,
version.dll, comctl32.dll, SHLWAPI.dll,
shell32.dll, comdlg32.dll, winspool.drv,
winmm.dll, oleacc.dll, MSVCP60.dll,
IMM32.DLL, uxtheme.dll, MSCTF.dll,
FLVSrvLib.dll, MSVCR90.dll, msctfime.ime,
olepro32.dll, WUCNT.dll
wcescomm.exe 176 ntdll.dll, kernel32.dll, SHELL32.dll,
ADVAPI32.dll, RPCRT4.dll, Secur32.dll,
GDI32.dll, USER32.dll, msvcrt.dll,
SHLWAPI.dll, WS2_32.dll, WS2HELP.dll,
VERSION.dll, ole32.dll, CRYPT32.dll,
MSASN1.dll, SETUPAPI.dll, CEUTIL.dll,
MSVCR80.dll, RAPI.dll, WSOCK32.dll,
USERENV.dll, TCP2UDP.dll, WINMM.dll,
IMM32.DLL, comctl32.dll, comctl32.dll,
uxtheme.dll, mswsock.dll, hnetcfg.dll,
wshtcpip.dll, CLBCATQ.DLL, COMRes.dll,
OLEAUT32.dll, xpsp2res.dll, msi.dll,
rapiproxystub.dll, MSCTF.dll, FLVSrvLib.dll,
MSVCR90.dll, msctfime.ime, Wtsapi32.dll,
WINSTA.dll, NETAPI32.dll, dtptdns.dll
autochartist_interbankfx. 320 ntdll.dll, kernel32.dll, vclx120.bpl,
rtl120.bpl, oleaut32.dll, ADVAPI32.dll,
RPCRT4.dll, Secur32.dll, GDI32.dll,
USER32.dll, msvcrt.dll, ole32.dll,
version.dll, mpr.dll, IMAGEHLP.DLL,
wsock32.dll, WS2_32.dll, WS2HELP.dll,
oleacc.dll, MSVCP60.dll, vcl120.bpl,
msimg32.dll, comctl32.dll, shell32.dll,
SHLWAPI.dll, comdlg32.dll, winspool.drv,
oledlg.dll, winmm.dll, bcbsmp120.bpl,
BORLNDMM.DLL, CC3290MT.DLL, IndyCore120.bpl,
IndySystem120.bpl, IndyProtocols120.bpl,
GridPackc2009.bpl, vclimg120.bpl,
bcbie120.bpl, WININET.DLL, Normaliz.dll,
urlmon.dll, iertutil.dll, NETAPI32.DLL,
IMM32.DLL, comctl32.dll, uxtheme.dll,
MSCTF.dll, FLVSrvLib.dll, MSVCR90.dll,
msctfime.ime, mswsock.dll, DNSAPI.dll,
winrnr.dll, WLDAP32.dll, rasadhlp.dll
avp.exe 364 N/A
rapimgr.exe 400 ntdll.dll, kernel32.dll, SHELL32.dll,
ADVAPI32.dll, RPCRT4.dll, Secur32.dll,
GDI32.dll, USER32.dll, msvcrt.dll,
SHLWAPI.dll, WSOCK32.dll, WS2_32.dll,
WS2HELP.dll, ole32.dll, OLEAUT32.dll,
iphlpapi.dll, CEUTIL.dll, MSVCR80.dll,
CRYPT32.dll, MSASN1.dll, USERENV.dll,
SETUPAPI.dll, MSVCP80.dll, IMM32.DLL,
comctl32.dll, comctl32.dll, netapi32.dll,
WTSApi32.dll, WINSTA.dll, uxtheme.dll,
MSCTF.dll, FLVSrvLib.dll, MSVCR90.dll,
msctfime.ime, xpsp2res.dll, CLBCATQ.DLL,
COMRes.dll, VERSION.dll, msi.dll,
rapiproxystub.dll, mswsock.dll, hnetcfg.dll,
wshtcpip.dll, WINTRUST.dll, IMAGEHLP.dll
Hotsync.exe 516 ntdll.dll, kernel32.dll, CiAPI.dll,
USER32.dll, GDI32.dll, VFSAPI.dll,
CMDS21.dll, HSLOG20.dll, PalmCmn.dll,
ADVAPI32.dll, RPCRT4.dll, Secur32.dll,
CONDMGR.dll, SHELL32.dll, msvcrt.dll,
SHLWAPI.dll, ole32.dll, UserData.dll,
WS2_32.dll, WS2HELP.dll, SYNC20.dll,
WINSPOOL.DRV, OLEAUT32.dll, COMCTL32.dll,
OLEACC.dll, MSVCP60.dll, INSTAIDE.dll,
VERSION.dll, gdiplus.dll, PSAPI.DLL,
MSVCP71.dll, MSVCR71.dll, IMM32.DLL,
uxtheme.dll, MSCTF.dll, FLVSrvLib.dll,
MSVCR90.dll, CLBCATQ.DLL, COMRes.dll,
msxml4.dll, PdCmn50.dll, MFC71.DLL,
MFC71ENU.DLL, SETUPAPI.dll, LINKINFO.dll,
ntshrui.dll, ATL.DLL, NETAPI32.dll,
USERENV.dll, urlmon.dll, iertutil.dll,
USBTransport.dll, USBPort.dll, msctfime.ime,
mswsock.dll, hnetcfg.dll, wshtcpip.dll,
irprops.cpl, DEVMGR.DLL, MPR.dll, WMI.dll,
WSOCK32.dll, XPSP2RES.DLL, WINTRUST.dll,
CRYPT32.dll, MSASN1.dll, IMAGEHLP.dll
billy.exe 620 ntdll.dll, kernel32.dll, ADVAPI32.dll,
RPCRT4.dll, Secur32.dll, COMCTL32.dll,
msvcrt.dll, GDI32.dll, USER32.dll,
SHLWAPI.dll, COMDLG32.dll, SHELL32.dll,
MPR.dll, ole32.dll, OLEAUT32.dll, PSAPI.DLL,
USERENV.dll, VERSION.dll, WININET.dll,
Normaliz.dll, urlmon.dll, iertutil.dll,
WINMM.dll, WSOCK32.dll, WS2_32.dll,
WS2HELP.dll, IMM32.DLL, uxtheme.dll,
SETUPAPI.dll, MSCTF.dll, FLVSrvLib.dll,
MSVCR90.dll, msctfime.ime
HWDeviceService.exe 644 ntdll.dll, kernel32.dll, SHLWAPI.dll,
ADVAPI32.dll, RPCRT4.dll, Secur32.dll,
GDI32.dll, USER32.dll, msvcrt.dll,
VERSION.dll, WS2_32.dll, WS2HELP.dll,
USERENV.dll, SETUPAPI.dll, SHELL32.dll,
IMM32.DLL, comctl32.dll, comctl32.dll,
WINTRUST.dll, CRYPT32.dll, MSASN1.dll,
IMAGEHLP.dll
ouc.exe 1280 ntdll.dll, kernel32.dll, mingwm10.dll,
msvcrt.dll, SHELL32.DLL, ADVAPI32.dll,
RPCRT4.dll, Secur32.dll, GDI32.dll,
USER32.dll, SHLWAPI.dll, libgcc_s_dw2-1.dll,
QtCore4.dll, OLE32.dll, WS2_32.DLL,
WS2HELP.dll, QtNetwork4.dll, IMM32.DLL,
comctl32.dll, comctl32.dll, winmm.dll,
uxtheme.dll, msctfime.ime
jqs.exe 1288 ntdll.dll, kernel32.dll, WS2_32.dll,
ADVAPI32.dll, RPCRT4.dll, Secur32.dll,
msvcrt.dll, WS2HELP.dll, ole32.dll,
GDI32.dll, USER32.dll, MSVCR71.dll,
IMM32.DLL, psapi.dll, pdh.dll, comdlg32.dll,
COMCTL32.dll, SHELL32.dll, SHLWAPI.dll,
CRYPT32.dll, MSASN1.dll, ODBC32.dll,
odbcbcp.dll, VERSION.dll, OLEAUT32.dll,
comctl32.dll, odbcint.dll, mswsock.dll,
hnetcfg.dll, wshtcpip.dll, perfos.dll,
perfdisk.dll
mbamservice.exe 1316 ntdll.dll, kernel32.dll, ADVAPI32.dll,
RPCRT4.dll, Secur32.dll, USERENV.dll,
msvcrt.dll, USER32.dll, GDI32.dll,
SHLWAPI.dll, VERSION.dll, PSAPI.DLL,
SHELL32.dll, WTSAPI32.dll, WINSTA.dll,
NETAPI32.dll, IPHLPAPI.DLL, WS2_32.dll,
WS2HELP.dll, MPR.dll, mbam.dll, ole32.dll,
mbamnet.dll, CRYPT32.dll, MSASN1.dll,
IMM32.DLL, comctl32.dll, comctl32.dll,
rsaenh.dll, NTMARTA.DLL, SAMLIB.dll,
WLDAP32.dll, msv1_0.dll
svchost.exe 540 ntdll.dll, kernel32.dll, ADVAPI32.dll,
RPCRT4.dll, Secur32.dll, ShimEng.dll,
AcGenral.DLL, USER32.dll, GDI32.dll,
WINMM.dll, ole32.dll, msvcrt.dll,
OLEAUT32.dll, MSACM32.dll, VERSION.dll,
SHELL32.dll, SHLWAPI.dll, USERENV.dll,
UxTheme.dll, IMM32.DLL, comctl32.dll,
comctl32.dll, wiaservc.dll, CFGMGR32.dll,
setupapi.DLL, mscms.dll, WINSPOOL.DRV,
WINSTA.dll, NETAPI32.dll, xpsp2res.dll,
CLBCATQ.DLL, COMRes.dll, sti.dll,
WINTRUST.dll, CRYPT32.dll, MSASN1.dll,
IMAGEHLP.dll
MonServiceUDisk.exe 692 ntdll.dll, kernel32.dll, SETUPAPI.dll,
ADVAPI32.dll, RPCRT4.dll, Secur32.dll,
GDI32.dll, USER32.dll, msvcrt.dll,
SHLWAPI.dll, WINSPOOL.DRV, comdlg32.dll,
COMCTL32.dll, SHELL32.dll, ole32.dll,
OLEAUT32.dll, IMM32.DLL, comctl32.dll,
uxtheme.dll, WINTRUST.dll, CRYPT32.dll,
MSASN1.dll, IMAGEHLP.dll
firefox.exe 3112 ntdll.dll, kernel32.dll, USER32.dll,
GDI32.dll, MOZCRT19.dll, msvcrt.dll,
IMM32.DLL, ADVAPI32.dll, RPCRT4.dll,
Secur32.dll, nspr4.dll, WSOCK32.dll,
WS2_32.dll, WS2HELP.dll, WINMM.dll,
plc4.dll, plds4.dll, mozalloc.dll,
mozsqlite3.dll, nssutil3.dll, softokn3.dll,
nss3.dll, ssl3.dll, smime3.dll, mozjs.dll,
xul.dll, SHELL32.dll, SHLWAPI.dll,
ole32.dll, VERSION.dll, WINSPOOL.DRV,
COMDLG32.dll, COMCTL32.dll, MSIMG32.dll,
PSAPI.DLL, USP10.dll, OLEAUT32.dll,
MOZCPP19.dll, uxtheme.dll, xpcom.dll,
dbghelp.dll, MSCTF.dll, FLVSrvLib.dll,
MSVCR90.dll, SETUPAPI.dll, msctfime.ime,
CLBCATQ.DLL, COMRes.dll, iphlpapi.dll,
mswsock.dll, hnetcfg.dll, wshtcpip.dll,
browsercomps.dll, RadioWMPCoreGecko7.dll,
DNSAPI.dll, winrnr.dll, WLDAP32.dll,
feclient.dll, MPR.dll, USERENV.dll,
CRYPT32.dll, MSASN1.dll, NTMARTA.DLL,
SAMLIB.dll, xpsp2res.dll, WINTRUST.dll,
IMAGEHLP.dll, t2embed.dll, LZ32.dll,
rasadhlp.dll, mscms.dll, nssdbm3.dll,
freebl3.dll, nssckbi.dll, netman.dll,
MPRAPI.dll, ACTIVEDS.dll, adsldpc.dll,
NETAPI32.dll, ATL.DLL, rtutils.dll,
netshell.dll, credui.dll, dot3api.dll,
dot3dlg.dll, OneX.DLL, WTSAPI32.dll,
WINSTA.dll, eappcfg.dll, MSVCP60.dll,
eappprxy.dll, RASAPI32.dll, rasman.dll,
TAPI32.dll, WININET.dll, Normaliz.dll,
urlmon.dll, iertutil.dll, WZCSAPI.DLL,
WZCSvc.DLL, WMI.dll, DHCPCSVC.DLL,
EapolQec.dll, QUtil.dll, ESENT.dll,
shdocvw.dll, CRYPTUI.dll, rsaenh.dll,
appHelp.dll, cscui.dll, CSCDLL.dll,
sensapi.dll, msohevi.dll, MSVCR80.dll
wscntfy.exe 3860 ntdll.dll, kernel32.dll, msvcrt.dll,
USER32.dll, GDI32.dll, SHELL32.dll,
ADVAPI32.dll, RPCRT4.dll, Secur32.dll,
SHLWAPI.dll, IMM32.DLL, comctl32.dll,
xpsp2res.dll, uxtheme.dll, MSCTF.dll,
FLVSrvLib.dll, MSVCR90.dll, msctfime.ime,
ole32.dll
alg.exe 3996 ntdll.dll, kernel32.dll, msvcrt.dll,
ATL.DLL, USER32.dll, GDI32.dll,
ADVAPI32.dll, RPCRT4.dll, Secur32.dll,
ole32.dll, OLEAUT32.dll, WSOCK32.dll,
WS2_32.dll, WS2HELP.dll, MSWSOCK.DLL,
ShimEng.dll, AcGenral.DLL, WINMM.dll,
MSACM32.dll, VERSION.dll, SHELL32.dll,
SHLWAPI.dll, USERENV.dll, UxTheme.dll,
IMM32.DLL, comctl32.dll, comctl32.dll,
CLBCATQ.DLL, COMRes.dll, xpsp2res.dll,
hnetcfg.dll, wshtcpip.dll
cmd.exe 2224 ntdll.dll, kernel32.dll, msvcrt.dll,
USER32.dll, GDI32.dll, ShimEng.dll,
AcGenral.DLL, ADVAPI32.dll, RPCRT4.dll,
Secur32.dll, WINMM.dll, ole32.dll,
OLEAUT32.dll, MSACM32.dll, VERSION.dll,
SHELL32.dll, SHLWAPI.dll, USERENV.dll,
UxTheme.dll, IMM32.DLL, comctl32.dll,
comctl32.dll, Apphelp.dll
tasklist.exe 4076 ntdll.dll, kernel32.dll, msvcrt.dll,
ADVAPI32.dll, RPCRT4.dll, Secur32.dll,
USER32.dll, GDI32.dll, MPR.dll, ole32.dll,
OLEAUT32.dll, WS2_32.dll, WS2HELP.dll,
framedyn.dll, NETAPI32.dll, DBGHELP.dll,
VERSION.dll, ShimEng.dll, AcGenral.DLL,
WINMM.dll, MSACM32.dll, SHELL32.dll,
SHLWAPI.dll, USERENV.dll, UxTheme.dll,
IMM32.DLL, comctl32.dll, comctl32.dll,
MSCTF.dll, FLVSrvLib.dll, MSVCR90.dll,
xpsp2res.dll, CLBCATQ.DLL, COMRes.dll,
wbemprox.dll, wbemcomn.dll, Winsta.dll,
wbemsvc.dll, fastprox.dll, MSVCP60.dll,
NTDSAPI.dll, DNSAPI.dll, WLDAP32.dll
wmiprvse.exe 2248 ntdll.dll, kernel32.dll, msvcrt.dll,
ADVAPI32.dll, RPCRT4.dll, Secur32.dll,
USER32.dll, GDI32.dll, wbemcomn.dll,
ole32.dll, OLEAUT32.dll, FastProx.dll,
MSVCP60.dll, NTDSAPI.dll, DNSAPI.dll,
WS2_32.dll, WS2HELP.dll, NETAPI32.dll,
WLDAP32.dll, NCObjAPI.DLL, ShimEng.dll,
AcGenral.DLL, WINMM.dll, MSACM32.dll,
VERSION.dll, SHELL32.dll, SHLWAPI.dll,
USERENV.dll, UxTheme.dll, IMM32.DLL,
comctl32.dll, comctl32.dll, xpsp2res.dll,
CLBCATQ.DLL, COMRes.dll, wbemprox.dll,
wbemsvc.dll, wmiutils.dll, cimwin32.dll,
framedyn.dll, SETUPAPI.dll, WTSAPI32.dll,
WINSTA.dll, CFGMGR32.DLL, WMI.DLL
  • 0

Advertisements


#56
polepole

polepole

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 102 posts
This is when the plug and play is checked


Image Name PID Modules
========================= ====== =============================================
System Idle Process 0 N/A
System 4 N/A
smss.exe 1592 ntdll.dll
csrss.exe 1644 ntdll.dll, CSRSRV.dll, basesrv.dll,
winsrv.dll, GDI32.dll, KERNEL32.dll,
USER32.dll, sxs.dll, ADVAPI32.dll,
RPCRT4.dll, Secur32.dll
winlogon.exe 1668 ntdll.dll, kernel32.dll, ADVAPI32.dll,
RPCRT4.dll, Secur32.dll, AUTHZ.dll,
msvcrt.dll, CRYPT32.dll, MSASN1.dll,
USER32.dll, GDI32.dll, NDdeApi.dll,
PROFMAP.dll, NETAPI32.dll, USERENV.dll,
PSAPI.DLL, REGAPI.dll, SETUPAPI.dll,
VERSION.dll, WINSTA.dll, WINTRUST.dll,
IMAGEHLP.dll, WS2_32.dll, WS2HELP.dll,
IMM32.DLL, MSGINA.dll, COMCTL32.dll,
ODBC32.dll, comdlg32.dll, SHELL32.dll,
SHLWAPI.dll, comctl32.dll, odbcint.dll,
SHSVCS.dll, sfc.dll, sfc_os.dll, ole32.dll,
Apphelp.dll, msctfime.ime, WINSCARD.DLL,
WTSAPI32.dll, sxs.dll, uxtheme.dll,
WINMM.dll, cscdll.dll, dimsntfy.dll,
klogon.dll, rsaenh.dll, WlNotify.dll,
MPR.dll, WINSPOOL.DRV, SAMLIB.dll,
msv1_0.dll, iphlpapi.dll, cscui.dll,
xpsp2res.dll, NTMARTA.DLL, WLDAP32.dll,
wdmaud.drv, msacm32.drv, MSACM32.dll,
midimap.dll, COMRes.dll, OLEAUT32.dll,
CLBCATQ.DLL
services.exe 1712 ntdll.dll, kernel32.dll, ADVAPI32.dll,
RPCRT4.dll, Secur32.dll, msvcrt.dll,
NCObjAPI.DLL, MSVCP60.dll, SCESRV.dll,
AUTHZ.dll, USER32.dll, GDI32.dll,
USERENV.dll, umpnpmgr.dll, WINSTA.dll,
NETAPI32.dll, ShimEng.dll, AcAdProc.dll,
IMM32.DLL, Apphelp.dll, VERSION.dll,
eventlog.dll, PSAPI.DLL, WS2_32.dll,
WS2HELP.dll, wtsapi32.dll
lsass.exe 1724 ntdll.dll, kernel32.dll, ADVAPI32.dll,
RPCRT4.dll, Secur32.dll, LSASRV.dll,
MPR.dll, USER32.dll, GDI32.dll, MSASN1.dll,
msvcrt.dll, NETAPI32.dll, NTDSAPI.dll,
DNSAPI.dll, WS2_32.dll, WS2HELP.dll,
WLDAP32.dll, SAMLIB.dll, SAMSRV.dll,
cryptdll.dll, ShimEng.dll, AcGenral.DLL,
WINMM.dll, ole32.dll, OLEAUT32.dll,
MSACM32.dll, VERSION.dll, SHELL32.dll,
SHLWAPI.dll, USERENV.dll, UxTheme.dll,
IMM32.DLL, comctl32.dll, comctl32.dll,
msprivs.dll, kerberos.dll, msv1_0.dll,
iphlpapi.dll, netlogon.dll, w32time.dll,
MSVCP60.dll, schannel.dll, CRYPT32.dll,
wdigest.dll, rsaenh.dll, setupapi.dll,
scecli.dll, ipsecsvc.dll, AUTHZ.dll,
oakley.DLL, WINIPSEC.DLL, pstorsvc.dll,
psbase.dll, mswsock.dll, hnetcfg.dll,
wshtcpip.dll, dssenh.dll
svchost.exe 1900 ntdll.dll, kernel32.dll, ADVAPI32.dll,
RPCRT4.dll, Secur32.dll, ShimEng.dll,
AcGenral.DLL, USER32.dll, GDI32.dll,
WINMM.dll, ole32.dll, msvcrt.dll,
OLEAUT32.dll, MSACM32.dll, VERSION.dll,
SHELL32.dll, SHLWAPI.dll, USERENV.dll,
UxTheme.dll, IMM32.DLL, comctl32.dll,
comctl32.dll, NTMARTA.DLL, SAMLIB.dll,
WLDAP32.dll, rpcss.dll, WS2_32.dll,
WS2HELP.dll, xpsp2res.dll, CLBCATQ.DLL,
COMRes.dll, Apphelp.dll, termsrv.dll,
ICAAPI.dll, SETUPAPI.dll, WINTRUST.dll,
CRYPT32.dll, MSASN1.dll, IMAGEHLP.dll,
AUTHZ.dll, mstlsapi.dll, ACTIVEDS.dll,
adsldpc.dll, NETAPI32.dll, ATL.DLL,
REGAPI.dll, rsaenh.dll
svchost.exe 1988 ntdll.dll, kernel32.dll, ADVAPI32.dll,
RPCRT4.dll, Secur32.dll, ShimEng.dll,
AcGenral.DLL, USER32.dll, GDI32.dll,
WINMM.dll, ole32.dll, msvcrt.dll,
OLEAUT32.dll, MSACM32.dll, VERSION.dll,
SHELL32.dll, SHLWAPI.dll, USERENV.dll,
UxTheme.dll, IMM32.DLL, comctl32.dll,
comctl32.dll, rpcss.dll, WS2_32.dll,
WS2HELP.dll, xpsp2res.dll, rsaenh.dll,
mswsock.dll, hnetcfg.dll, wshtcpip.dll,
DNSAPI.dll, iphlpapi.dll, winrnr.dll,
WLDAP32.dll, rasadhlp.dll, CLBCATQ.DLL,
COMRes.dll
svchost.exe 232 ntdll.dll, kernel32.dll, ADVAPI32.dll,
RPCRT4.dll, Secur32.dll, ShimEng.dll,
AcGenral.DLL, USER32.dll, GDI32.dll,
WINMM.dll, ole32.dll, msvcrt.dll,
OLEAUT32.dll, MSACM32.dll, VERSION.dll,
SHELL32.dll, SHLWAPI.dll, USERENV.dll,
UxTheme.dll, IMM32.DLL, comctl32.dll,
comctl32.dll, NTMARTA.DLL, SAMLIB.dll,
WLDAP32.dll, xpsp2res.dll, shsvcs.dll,
WINSTA.dll, NETAPI32.dll, dhcpcsvc.dll,
DNSAPI.dll, WS2_32.dll, WS2HELP.dll,
iphlpapi.dll, wzcsvc.dll, rtutils.dll,
WMI.dll, CRYPT32.dll, MSASN1.dll,
EapolQec.dll, ATL.DLL, QUtil.dll,
MSVCP60.dll, dot3api.dll, WTSAPI32.dll,
ESENT.dll, rsaenh.dll, CLBCATQ.DLL,
COMRes.dll, rastls.dll, CRYPTUI.dll,
WININET.dll, Normaliz.dll, urlmon.dll,
iertutil.dll, WINTRUST.dll, IMAGEHLP.dll,
MPRAPI.dll, ACTIVEDS.dll, adsldpc.dll,
SETUPAPI.dll, RASAPI32.dll, rasman.dll,
TAPI32.dll, SCHANNEL.dll, WinSCard.dll,
PSAPI.DLL, raschap.dll, msv1_0.dll,
schedsvc.dll, NTDSAPI.dll, MSIDLE.DLL,
audiosrv.dll, wkssvc.dll, WZCSAPI.DLL,
qmgr.dll, MPR.dll, SHFOLDER.dll,
WINHTTP.dll, mswsock.dll, hnetcfg.dll,
wshtcpip.dll, netman.dll, netshell.dll,
credui.dll, dot3dlg.dll, OneX.DLL,
eappcfg.dll, eappprxy.dll, dmserver.dll,
ersvc.dll, cryptsvc.dll, certcli.dll,
es.dll, pchsvc.dll, srvsvc.dll,
seclogon.dll, sens.dll, srsvc.dll,
POWRPROF.dll, trkwks.dll, SXS.DLL,
w32time.dll, wmisvc.dll, VSSAPI.DLL,
wuauserv.dll, wuaueng.dll, ADVPACK.dll,
Cabinet.dll, mspatcha.dll, sfc.dll,
sfc_os.dll, WINSPOOL.DRV, browser.dll,
wscsvc.dll, msi.dll, wbemcomn.dll,
wbemcore.dll, esscli.dll, FastProx.dll,
wmiutils.dll, ipnathlp.dll, AUTHZ.dll,
comsvcs.dll, colbact.DLL, MTXCLU.DLL,
WSOCK32.dll, CLUSAPI.DLL, RESUTILS.DLL,
repdrvfs.dll, wmiprvsd.dll, NCObjAPI.DLL,
wbemess.dll, ncprov.dll, upnp.dll,
SSDPAPI.dll, Apphelp.dll, wups.dll,
tapisrv.dll, rasmans.dll, WINIPSEC.DLL,
netcfgx.dll, qmgrprxy.dll, wbemsvc.dll,
rastapi.dll, unimdm.tsp, uniplat.dll,
winrnr.dll, rasadhlp.dll, dssenh.dll,
mlang.dll, xmlprovi.dll
svchost.exe 416 ntdll.dll, kernel32.dll, ADVAPI32.dll,
RPCRT4.dll, Secur32.dll, ShimEng.dll,
AcGenral.DLL, USER32.dll, GDI32.dll,
WINMM.dll, ole32.dll, msvcrt.dll,
OLEAUT32.dll, MSACM32.dll, VERSION.dll,
SHELL32.dll, SHLWAPI.dll, USERENV.dll,
UxTheme.dll, IMM32.DLL, comctl32.dll,
comctl32.dll, dnsrslvr.dll, DNSAPI.dll,
WS2_32.dll, WS2HELP.dll, iphlpapi.dll,
rsaenh.dll, mswsock.dll, hnetcfg.dll,
wshtcpip.dll
svchost.exe 488 ntdll.dll, kernel32.dll, ADVAPI32.dll,
RPCRT4.dll, Secur32.dll, ShimEng.dll,
AcGenral.DLL, USER32.dll, GDI32.dll,
WINMM.dll, ole32.dll, msvcrt.dll,
OLEAUT32.dll, MSACM32.dll, VERSION.dll,
SHELL32.dll, SHLWAPI.dll, USERENV.dll,
UxTheme.dll, IMM32.DLL, comctl32.dll,
comctl32.dll, NTMARTA.DLL, SAMLIB.dll,
WLDAP32.dll, xpsp2res.dll, lmhsvc.dll,
iphlpapi.dll, WS2_32.dll, WS2HELP.dll,
webclnt.dll, WININET.dll, Normaliz.dll,
urlmon.dll, iertutil.dll, regsvc.dll,
ssdpsrv.dll, hnetcfg.dll, CLBCATQ.DLL,
COMRes.dll, mswsock.dll, wshtcpip.dll
spoolsv.exe 964 ntdll.dll, kernel32.dll, ADVAPI32.dll,
RPCRT4.dll, Secur32.dll, GDI32.dll,
USER32.dll, msvcrt.dll, ShimEng.dll,
AcGenral.DLL, WINMM.dll, ole32.dll,
OLEAUT32.dll, MSACM32.dll, VERSION.dll,
SHELL32.dll, SHLWAPI.dll, USERENV.dll,
UxTheme.dll, IMM32.DLL, comctl32.dll,
comctl32.dll, SPOOLSS.DLL, WS2_32.dll,
WS2HELP.dll, DNSAPI.dll, rasadhlp.dll,
localspl.dll, sfc_os.dll, WINTRUST.dll,
CRYPT32.dll, MSASN1.dll, IMAGEHLP.dll,
winspool.drv, netapi32.dll, cnbjmon.dll,
hpinksts8711LM.dll, PSAPI.DLL, pjlmon.dll,
tcpmon.dll, usbmon.dll, mswsock.dll,
winrnr.dll, WLDAP32.dll, CLBCATQ.DLL,
COMRes.dll, win32spl.dll, NETRAP.dll,
NTDSAPI.dll, xpsp2res.dll, inetpp.dll
explorer.exe 1632 ntdll.dll, kernel32.dll, ADVAPI32.dll,
RPCRT4.dll, Secur32.dll, BROWSEUI.dll,
GDI32.dll, USER32.dll, msvcrt.dll,
ole32.dll, SHLWAPI.dll, OLEAUT32.dll,
SHDOCVW.dll, CRYPT32.dll, MSASN1.dll,
CRYPTUI.dll, NETAPI32.dll, VERSION.dll,
WININET.dll, Normaliz.dll, urlmon.dll,
iertutil.dll, WINTRUST.dll, IMAGEHLP.dll,
WLDAP32.dll, SHELL32.dll, UxTheme.dll,
ShimEng.dll, AcGenral.DLL, WINMM.dll,
MSACM32.dll, USERENV.dll, IMM32.DLL,
comctl32.dll, comctl32.dll, msctfime.ime,
appHelp.dll, CLBCATQ.DLL, COMRes.dll,
cscui.dll, CSCDLL.dll, themeui.dll,
MSIMG32.dll, xpsp2res.dll, actxprxy.dll,
SAMLIB.dll, MPR.dll, drprov.dll,
ntlanman.dll, NETUI0.dll, NETUI1.dll,
NETRAP.dll, davclnt.dll, shgina.dll,
MSGINA.dll, ODBC32.dll, comdlg32.dll,
WINSTA.dll, odbcint.dll, wiashext.dll,
gdiplus.dll, SETUPAPI.dll, LINKINFO.dll,
ntshrui.dll, ATL.DLL, ieframe.dll,
NETSHELL.dll, credui.dll, dot3api.dll,
rtutils.dll, dot3dlg.dll, OneX.DLL,
WTSAPI32.dll, eappcfg.dll, MSVCP60.dll,
eappprxy.dll, iphlpapi.dll, WS2_32.dll,
WS2HELP.dll, msi.dll, FLVSrvLib.dll,
MSVCR90.dll, MLANG.dll, MSCTF.dll,
webcheck.dll, stobject.dll, BatMeter.dll,
POWRPROF.dll, rsaenh.dll, wdmaud.drv,
msacm32.drv, midimap.dll, SXS.DLL
gnotify.exe 292 ntdll.dll, kernel32.dll, WS2_32.dll,
ADVAPI32.dll, RPCRT4.dll, Secur32.dll,
msvcrt.dll, WS2HELP.dll, WINMM.dll,
GDI32.dll, USER32.dll, WININET.dll,
SHLWAPI.dll, Normaliz.dll, urlmon.dll,
ole32.dll, OLEAUT32.dll, iertutil.dll,
VERSION.dll, SHELL32.dll, SETUPAPI.dll,
CRYPT32.dll, MSASN1.dll, IMM32.DLL,
comctl32.dll, comctl32.dll, uxtheme.dll,
mswsock.dll, DNSAPI.dll, winrnr.dll,
WLDAP32.dll, riched20.dll, hnetcfg.dll,
wshtcpip.dll, msctfime.ime, RASAPI32.dll,
rasman.dll, NETAPI32.dll, TAPI32.dll,
rtutils.dll, USERENV.dll
realsched.exe 300 ntdll.dll, kernel32.dll, ole32.dll,
ADVAPI32.dll, RPCRT4.dll, Secur32.dll,
GDI32.dll, USER32.dll, msvcrt.dll,
VERSION.dll, SHELL32.dll, SHLWAPI.dll,
SETUPAPI.dll, IMM32.DLL, comctl32.dll,
comctl32.dll, uxtheme.dll, msctfime.ime,
NTMARTA.DLL, SAMLIB.dll, WLDAP32.dll,
FLVSrvLib.dll, MSVCR90.dll, MSCTF.dll
jusched.exe 316 ntdll.dll, kernel32.dll, ADVAPI32.dll,
RPCRT4.dll, Secur32.dll, GDI32.dll,
USER32.dll, WININET.dll, msvcrt.dll,
SHLWAPI.dll, Normaliz.dll, urlmon.dll,
ole32.dll, OLEAUT32.dll, iertutil.dll,
SHELL32.dll, IMM32.DLL, comctl32.dll,
comctl32.dll, uxtheme.dll
mbamgui.exe 452 ntdll.dll, kernel32.dll, ADVAPI32.dll,
RPCRT4.dll, Secur32.dll, USER32.dll,
GDI32.dll, SHELL32.dll, msvcrt.dll,
SHLWAPI.dll, COMCTL32.dll, IMM32.DLL,
mbam.dll, ole32.dll, VERSION.dll,
mbamnet.dll, WS2_32.dll, WS2HELP.dll,
CRYPT32.dll, MSASN1.dll, IPHLPAPI.DLL,
rsaenh.dll, uxtheme.dll, MSCTF.dll,
FLVSrvLib.dll, MSVCR90.dll, msctfime.ime
FLVSrvc.exe 640 ntdll.dll, kernel32.dll, USER32.dll,
GDI32.dll, ADVAPI32.dll, RPCRT4.dll,
Secur32.dll, SHELL32.dll, msvcrt.dll,
SHLWAPI.dll, MSVCR90.dll, IMM32.DLL,
comctl32.dll, comctl32.dll, FLVSrvLib.dll,
uxtheme.dll, msctfime.ime, ole32.dll,
MSCTF.dll
oldmcdonald.exe 652 ntdll.dll, kernel32.dll, ADVAPI32.dll,
RPCRT4.dll, Secur32.dll, COMCTL32.dll,
msvcrt.dll, GDI32.dll, USER32.dll,
SHLWAPI.dll, COMDLG32.dll, SHELL32.dll,
MPR.dll, ole32.dll, OLEAUT32.dll, PSAPI.DLL,
USERENV.dll, VERSION.dll, WININET.dll,
Normaliz.dll, urlmon.dll, iertutil.dll,
WINMM.dll, WSOCK32.dll, WS2_32.dll,
WS2HELP.dll, IMM32.DLL, uxtheme.dll,
SETUPAPI.dll, MSCTF.dll, FLVSrvLib.dll,
MSVCR90.dll, msctfime.ime, netapi32.dll,
CLBCATQ.DLL, COMRes.dll, scrobj.dll,
SXS.DLL, asycfilt.dll
AutoDect.exe 704 ntdll.dll, kernel32.dll, USER32.dll,
GDI32.dll, ADVAPI32.dll, RPCRT4.dll,
Secur32.dll, IMM32.DLL
reader_sl.exe 716 ntdll.dll, kernel32.dll, USER32.dll,
GDI32.dll, ADVAPI32.dll, RPCRT4.dll,
Secur32.dll, SHELL32.dll, msvcrt.dll,
SHLWAPI.dll, MSVCP80.dll, MSVCR80.dll,
IMM32.DLL, comctl32.dll, comctl32.dll,
uxtheme.dll, FLVSrvLib.dll, MSVCR90.dll,
msctfime.ime, ole32.dll, MSCTF.dll
AdobeARM.exe 732 ntdll.dll, kernel32.dll, msi.dll,
msvcrt.dll, ADVAPI32.dll, RPCRT4.dll,
Secur32.dll, USER32.dll, GDI32.dll,
ole32.dll, PSAPI.DLL, VERSION.dll,
COMDLG32.dll, COMCTL32.dll, SHLWAPI.dll,
SHELL32.dll, WINSPOOL.DRV, oledlg.dll,
OLEAUT32.dll, urlmon.dll, iertutil.dll,
CRYPT32.dll, MSASN1.dll, WINTRUST.dll,
IMAGEHLP.dll, USERENV.dll, IMM32.DLL,
uxtheme.dll, MSCTF.dll, FLVSrvLib.dll,
MSVCR90.dll, xpsp2res.dll, CLBCATQ.DLL,
COMRes.dll, rsaenh.dll, netapi32.dll,
cryptnet.dll, SensApi.dll, WINHTTP.dll,
WLDAP32.dll, msctfime.ime
avp.exe 740 N/A
ctfmon.exe 752 ntdll.dll, kernel32.dll, msvcrt.dll,
ADVAPI32.dll, RPCRT4.dll, Secur32.dll,
USER32.dll, GDI32.dll, MSCTF.dll, MSUTB.dll,
ShimEng.dll, AcGenral.DLL, WINMM.dll,
ole32.dll, OLEAUT32.dll, MSACM32.dll,
VERSION.dll, SHELL32.dll, SHLWAPI.dll,
USERENV.dll, UxTheme.dll, IMM32.DLL,
comctl32.dll, FLVSrvLib.dll, MSVCR90.dll,
msctfime.ime
wweb32.exe 760 ntdll.dll, kernel32.dll, advapi32.dll,
RPCRT4.dll, Secur32.dll, user32.dll,
GDI32.dll, wweb32.dll, oleaut32.dll,
msvcrt.dll, ole32.dll, msimg32.dll,
version.dll, comctl32.dll, SHLWAPI.dll,
shell32.dll, comdlg32.dll, winspool.drv,
winmm.dll, oleacc.dll, MSVCP60.dll,
IMM32.DLL, uxtheme.dll, MSCTF.dll,
FLVSrvLib.dll, MSVCR90.dll, msctfime.ime,
olepro32.dll, WUCNT.dll
wcescomm.exe 780 ntdll.dll, kernel32.dll, SHELL32.dll,
ADVAPI32.dll, RPCRT4.dll, Secur32.dll,
GDI32.dll, USER32.dll, msvcrt.dll,
SHLWAPI.dll, WS2_32.dll, WS2HELP.dll,
VERSION.dll, ole32.dll, CRYPT32.dll,
MSASN1.dll, SETUPAPI.dll, CEUTIL.dll,
MSVCR80.dll, RAPI.dll, WSOCK32.dll,
USERENV.dll, TCP2UDP.dll, WINMM.dll,
IMM32.DLL, comctl32.dll, comctl32.dll,
uxtheme.dll, mswsock.dll, hnetcfg.dll,
wshtcpip.dll, CLBCATQ.DLL, COMRes.dll,
OLEAUT32.dll, xpsp2res.dll, msi.dll,
rapiproxystub.dll, MSCTF.dll, FLVSrvLib.dll,
MSVCR90.dll, msctfime.ime, Wtsapi32.dll,
WINSTA.dll, NETAPI32.dll, dtptdns.dll
autochartist_interbankfx. 1768 ntdll.dll, kernel32.dll, vclx120.bpl,
rtl120.bpl, oleaut32.dll, ADVAPI32.dll,
RPCRT4.dll, Secur32.dll, GDI32.dll,
USER32.dll, msvcrt.dll, ole32.dll,
version.dll, mpr.dll, IMAGEHLP.DLL,
wsock32.dll, WS2_32.dll, WS2HELP.dll,
oleacc.dll, MSVCP60.dll, vcl120.bpl,
msimg32.dll, comctl32.dll, shell32.dll,
SHLWAPI.dll, comdlg32.dll, winspool.drv,
oledlg.dll, winmm.dll, bcbsmp120.bpl,
BORLNDMM.DLL, CC3290MT.DLL, IndyCore120.bpl,
IndySystem120.bpl, IndyProtocols120.bpl,
GridPackc2009.bpl, vclimg120.bpl,
bcbie120.bpl, WININET.DLL, Normaliz.dll,
urlmon.dll, iertutil.dll, NETAPI32.DLL,
IMM32.DLL, comctl32.dll, uxtheme.dll,
MSCTF.dll, FLVSrvLib.dll, MSVCR90.dll,
msctfime.ime, mswsock.dll, DNSAPI.dll,
winrnr.dll, WLDAP32.dll, rasadhlp.dll
avp.exe 1244 N/A
Hotsync.exe 1264 ntdll.dll, kernel32.dll, CiAPI.dll,
USER32.dll, GDI32.dll, VFSAPI.dll,
CMDS21.dll, HSLOG20.dll, PalmCmn.dll,
ADVAPI32.dll, RPCRT4.dll, Secur32.dll,
CONDMGR.dll, SHELL32.dll, msvcrt.dll,
SHLWAPI.dll, ole32.dll, UserData.dll,
WS2_32.dll, WS2HELP.dll, SYNC20.dll,
WINSPOOL.DRV, OLEAUT32.dll, COMCTL32.dll,
OLEACC.dll, MSVCP60.dll, INSTAIDE.dll,
VERSION.dll, gdiplus.dll, PSAPI.DLL,
MSVCP71.dll, MSVCR71.dll, IMM32.DLL,
uxtheme.dll, MSCTF.dll, FLVSrvLib.dll,
MSVCR90.dll, CLBCATQ.DLL, COMRes.dll,
msxml4.dll, PdCmn50.dll, MFC71.DLL,
MFC71ENU.DLL, SETUPAPI.dll, LINKINFO.dll,
ntshrui.dll, ATL.DLL, NETAPI32.dll,
USERENV.dll, urlmon.dll, iertutil.dll,
USBTransport.dll, USBPort.dll, msctfime.ime,
mswsock.dll, hnetcfg.dll, wshtcpip.dll,
irprops.cpl, DEVMGR.DLL, MPR.dll, WMI.dll,
WSOCK32.dll, XPSP2RES.DLL, WINTRUST.dll,
CRYPT32.dll, MSASN1.dll, IMAGEHLP.dll
rapimgr.exe 1312 ntdll.dll, kernel32.dll, SHELL32.dll,
ADVAPI32.dll, RPCRT4.dll, Secur32.dll,
GDI32.dll, USER32.dll, msvcrt.dll,
SHLWAPI.dll, WSOCK32.dll, WS2_32.dll,
WS2HELP.dll, ole32.dll, OLEAUT32.dll,
iphlpapi.dll, CEUTIL.dll, MSVCR80.dll,
CRYPT32.dll, MSASN1.dll, USERENV.dll,
SETUPAPI.dll, MSVCP80.dll, IMM32.DLL,
comctl32.dll, comctl32.dll, netapi32.dll,
WTSApi32.dll, WINSTA.dll, uxtheme.dll,
MSCTF.dll, FLVSrvLib.dll, MSVCR90.dll,
msctfime.ime, xpsp2res.dll, CLBCATQ.DLL,
COMRes.dll, VERSION.dll, msi.dll,
rapiproxystub.dll, mswsock.dll, hnetcfg.dll,
wshtcpip.dll
HWDeviceService.exe 848 ntdll.dll, kernel32.dll, SHLWAPI.dll,
ADVAPI32.dll, RPCRT4.dll, Secur32.dll,
GDI32.dll, USER32.dll, msvcrt.dll,
VERSION.dll, WS2_32.dll, WS2HELP.dll,
USERENV.dll, SETUPAPI.dll, SHELL32.dll,
IMM32.DLL, comctl32.dll, comctl32.dll
billy.exe 2044 ntdll.dll, kernel32.dll, ADVAPI32.dll,
RPCRT4.dll, Secur32.dll, COMCTL32.dll,
msvcrt.dll, GDI32.dll, USER32.dll,
SHLWAPI.dll, COMDLG32.dll, SHELL32.dll,
MPR.dll, ole32.dll, OLEAUT32.dll, PSAPI.DLL,
USERENV.dll, VERSION.dll, WININET.dll,
Normaliz.dll, urlmon.dll, iertutil.dll,
WINMM.dll, WSOCK32.dll, WS2_32.dll,
WS2HELP.dll, IMM32.DLL, uxtheme.dll,
SETUPAPI.dll, MSCTF.dll, FLVSrvLib.dll,
MSVCR90.dll, msctfime.ime
ouc.exe 460 ntdll.dll, kernel32.dll, mingwm10.dll,
msvcrt.dll, SHELL32.DLL, ADVAPI32.dll,
RPCRT4.dll, Secur32.dll, GDI32.dll,
USER32.dll, SHLWAPI.dll, libgcc_s_dw2-1.dll,
QtCore4.dll, OLE32.dll, WS2_32.DLL,
WS2HELP.dll, QtNetwork4.dll, IMM32.DLL,
comctl32.dll, comctl32.dll, winmm.dll,
uxtheme.dll, msctfime.ime
jqs.exe 528 ntdll.dll, kernel32.dll, WS2_32.dll,
ADVAPI32.dll, RPCRT4.dll, Secur32.dll,
msvcrt.dll, WS2HELP.dll, ole32.dll,
GDI32.dll, USER32.dll, MSVCR71.dll,
IMM32.DLL, psapi.dll, pdh.dll, comdlg32.dll,
COMCTL32.dll, SHELL32.dll, SHLWAPI.dll,
CRYPT32.dll, MSASN1.dll, ODBC32.dll,
odbcbcp.dll, VERSION.dll, OLEAUT32.dll,
comctl32.dll, odbcint.dll, mswsock.dll,
hnetcfg.dll, wshtcpip.dll, perfos.dll,
perfdisk.dll
mbamservice.exe 568 ntdll.dll, kernel32.dll, ADVAPI32.dll,
RPCRT4.dll, Secur32.dll, USERENV.dll,
msvcrt.dll, USER32.dll, GDI32.dll,
SHLWAPI.dll, VERSION.dll, PSAPI.DLL,
SHELL32.dll, WTSAPI32.dll, WINSTA.dll,
NETAPI32.dll, IPHLPAPI.DLL, WS2_32.dll,
WS2HELP.dll, MPR.dll, mbam.dll, ole32.dll,
mbamnet.dll, CRYPT32.dll, MSASN1.dll,
IMM32.DLL, comctl32.dll, comctl32.dll,
rsaenh.dll, NTMARTA.DLL, SAMLIB.dll,
WLDAP32.dll, msv1_0.dll
svchost.exe 1464 ntdll.dll, kernel32.dll, ADVAPI32.dll,
RPCRT4.dll, Secur32.dll, ShimEng.dll,
AcGenral.DLL, USER32.dll, GDI32.dll,
WINMM.dll, ole32.dll, msvcrt.dll,
OLEAUT32.dll, MSACM32.dll, VERSION.dll,
SHELL32.dll, SHLWAPI.dll, USERENV.dll,
UxTheme.dll, IMM32.DLL, comctl32.dll,
comctl32.dll, wiaservc.dll, CFGMGR32.dll,
setupapi.DLL, mscms.dll, WINSPOOL.DRV,
WINSTA.dll, NETAPI32.dll, xpsp2res.dll,
CLBCATQ.DLL, COMRes.dll
MonServiceUDisk.exe 1440 ntdll.dll, kernel32.dll, SETUPAPI.dll,
ADVAPI32.dll, RPCRT4.dll, Secur32.dll,
GDI32.dll, USER32.dll, msvcrt.dll,
SHLWAPI.dll, WINSPOOL.DRV, comdlg32.dll,
COMCTL32.dll, SHELL32.dll, ole32.dll,
OLEAUT32.dll, IMM32.DLL, comctl32.dll,
uxtheme.dll, WINTRUST.dll, CRYPT32.dll,
MSASN1.dll, IMAGEHLP.dll
firefox.exe 3804 ntdll.dll, kernel32.dll, USER32.dll,
GDI32.dll, MOZCRT19.dll, msvcrt.dll,
IMM32.DLL, ADVAPI32.dll, RPCRT4.dll,
Secur32.dll, nspr4.dll, WSOCK32.dll,
WS2_32.dll, WS2HELP.dll, WINMM.dll,
plc4.dll, plds4.dll, mozalloc.dll,
mozsqlite3.dll, nssutil3.dll, softokn3.dll,
nss3.dll, ssl3.dll, smime3.dll, mozjs.dll,
xul.dll, SHELL32.dll, SHLWAPI.dll,
ole32.dll, VERSION.dll, WINSPOOL.DRV,
COMDLG32.dll, COMCTL32.dll, MSIMG32.dll,
PSAPI.DLL, USP10.dll, OLEAUT32.dll,
MOZCPP19.dll, uxtheme.dll, xpcom.dll,
dbghelp.dll, MSCTF.dll, FLVSrvLib.dll,
MSVCR90.dll, SETUPAPI.dll, msctfime.ime,
CLBCATQ.DLL, COMRes.dll, iphlpapi.dll,
mswsock.dll, hnetcfg.dll, wshtcpip.dll,
browsercomps.dll, RadioWMPCoreGecko7.dll,
DNSAPI.dll, winrnr.dll, WLDAP32.dll,
feclient.dll, MPR.dll, USERENV.dll,
CRYPT32.dll, MSASN1.dll, NTMARTA.DLL,
SAMLIB.dll, xpsp2res.dll, rasadhlp.dll,
WINTRUST.dll, IMAGEHLP.dll, t2embed.dll,
LZ32.dll, mscms.dll, wdmaud.drv,
msacm32.drv, MSACM32.dll, midimap.dll,
nssdbm3.dll, freebl3.dll, nssckbi.dll,
netman.dll, MPRAPI.dll, ACTIVEDS.dll,
adsldpc.dll, NETAPI32.dll, ATL.DLL,
rtutils.dll, netshell.dll, credui.dll,
dot3api.dll, dot3dlg.dll, OneX.DLL,
WTSAPI32.dll, WINSTA.dll, eappcfg.dll,
MSVCP60.dll, eappprxy.dll, RASAPI32.dll,
rasman.dll, TAPI32.dll, WININET.dll,
Normaliz.dll, urlmon.dll, iertutil.dll,
WZCSAPI.DLL, WZCSvc.DLL, WMI.dll,
DHCPCSVC.DLL, EapolQec.dll, QUtil.dll,
ESENT.dll, shdocvw.dll, CRYPTUI.dll,
d3d9.dll, d3d8thk.dll
wscntfy.exe 2128 ntdll.dll, kernel32.dll, msvcrt.dll,
USER32.dll, GDI32.dll, SHELL32.dll,
ADVAPI32.dll, RPCRT4.dll, Secur32.dll,
SHLWAPI.dll, IMM32.DLL, comctl32.dll,
xpsp2res.dll, uxtheme.dll, MSCTF.dll,
FLVSrvLib.dll, MSVCR90.dll, msctfime.ime,
ole32.dll
alg.exe 2360 ntdll.dll, kernel32.dll, msvcrt.dll,
ATL.DLL, USER32.dll, GDI32.dll,
ADVAPI32.dll, RPCRT4.dll, Secur32.dll,
ole32.dll, OLEAUT32.dll, WSOCK32.dll,
WS2_32.dll, WS2HELP.dll, MSWSOCK.DLL,
ShimEng.dll, AcGenral.DLL, WINMM.dll,
MSACM32.dll, VERSION.dll, SHELL32.dll,
SHLWAPI.dll, USERENV.dll, UxTheme.dll,
IMM32.DLL, comctl32.dll, comctl32.dll,
CLBCATQ.DLL, COMRes.dll, xpsp2res.dll
taskmgr.exe 440 ntdll.dll, kernel32.dll, ADVAPI32.dll,
RPCRT4.dll, Secur32.dll, GDI32.dll,
USER32.dll, iphlpapi.dll, msvcrt.dll,
WS2_32.dll, WS2HELP.dll, COMCTL32.dll,
SHLWAPI.dll, SHELL32.dll, VDMDBG.dll,
ShimEng.dll, AcGenral.DLL, WINMM.dll,
ole32.dll, OLEAUT32.dll, MSACM32.dll,
VERSION.dll, USERENV.dll, UxTheme.dll,
IMM32.DLL, MSCTF.dll, FLVSrvLib.dll,
MSVCR90.dll, msctfime.ime, WINSTA.dll,
NETAPI32.dll, UTILDLL.dll, TAPI32.dll,
rtutils.dll, SETUPAPI.dll, WTSAPI32.dll
cmd.exe 2896 ntdll.dll, kernel32.dll, msvcrt.dll,
USER32.dll, GDI32.dll, ShimEng.dll,
AcGenral.DLL, ADVAPI32.dll, RPCRT4.dll,
Secur32.dll, WINMM.dll, ole32.dll,
OLEAUT32.dll, MSACM32.dll, VERSION.dll,
SHELL32.dll, SHLWAPI.dll, USERENV.dll,
UxTheme.dll, IMM32.DLL, comctl32.dll,
comctl32.dll, Apphelp.dll
tasklist.exe 360 ntdll.dll, kernel32.dll, msvcrt.dll,
ADVAPI32.dll, RPCRT4.dll, Secur32.dll,
USER32.dll, GDI32.dll, MPR.dll, ole32.dll,
OLEAUT32.dll, WS2_32.dll, WS2HELP.dll,
framedyn.dll, NETAPI32.dll, DBGHELP.dll,
VERSION.dll, ShimEng.dll, AcGenral.DLL,
WINMM.dll, MSACM32.dll, SHELL32.dll,
SHLWAPI.dll, USERENV.dll, UxTheme.dll,
IMM32.DLL, comctl32.dll, comctl32.dll,
MSCTF.dll, FLVSrvLib.dll, MSVCR90.dll,
xpsp2res.dll, CLBCATQ.DLL, COMRes.dll,
wbemprox.dll, wbemcomn.dll, Winsta.dll,
wbemsvc.dll, fastprox.dll, MSVCP60.dll,
NTDSAPI.dll, DNSAPI.dll, WLDAP32.dll
wmiprvse.exe 1084 ntdll.dll, kernel32.dll, msvcrt.dll,
ADVAPI32.dll, RPCRT4.dll, Secur32.dll,
USER32.dll, GDI32.dll, wbemcomn.dll,
ole32.dll, OLEAUT32.dll, FastProx.dll,
MSVCP60.dll, NTDSAPI.dll, DNSAPI.dll,
WS2_32.dll, WS2HELP.dll, NETAPI32.dll,
WLDAP32.dll, NCObjAPI.DLL, ShimEng.dll,
AcGenral.DLL, WINMM.dll, MSACM32.dll,
VERSION.dll, SHELL32.dll, SHLWAPI.dll,
USERENV.dll, UxTheme.dll, IMM32.DLL,
comctl32.dll, comctl32.dll, xpsp2res.dll,
CLBCATQ.DLL, COMRes.dll, wbemprox.dll,
wbemsvc.dll, wmiutils.dll, cimwin32.dll,
framedyn.dll, SETUPAPI.dll, WTSAPI32.dll,
WINSTA.dll, CFGMGR32.DLL, WMI.DLL
  • 0

#57
RKinner

RKinner

    Malware Expert

  • Expert
  • 21,469 posts
  • MVP
Copy the text in the code box by highlighting and Ctrl + c

/md5start
services.exe
ntdll.dll
kernel32.dll
ADVAPI32.dll
RPCRT4.dll
Secur32.dll
msvcrt.dll
NCObjAPI.DLL
MSVCP60.dll
SCESRV.dll
AUTHZ.dll
USER32.dll
GDI32.dll
USERENV.dll
umpnpmgr.dll
WINSTA.dll
NETAPI32.dll
ShimEng.dll
AcAdProc.dll
IMM32.DLL
Apphelp.dll
VERSION.dll
eventlog.dll
PSAPI.DLL
WS2_32.dll
WS2HELP.dll
wtsapi32.dll 
/md5stop

then run OTL and Under the Custom Scans/Fixes box at the bottom, paste (ctrl +v) the text. Verify that you got it all and Then click the Run SCAN button at the top
Let the program run unhindered. Save the log and copy and paste it to a reply.
  • 0

#58
polepole

polepole

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 102 posts
it is taking long. can I run it in safe mode or I wait a little bit longer. I am using my phone for this response.
  • 0

#59
RKinner

RKinner

    Malware Expert

  • Expert
  • 21,469 posts
  • MVP
You can run it in Safe Mode or with P&P turned off.
  • 0

#60
polepole

polepole

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 102 posts
this is the log

OTL logfile created on: 11/10/2011 1:49:09 AM - Run 3
OTL by OldTimer - Version 3.2.31.0 Folder = C:\Documents and Settings\Administrator\Desktop
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

1015.23 Mb Total Physical Memory | 697.70 Mb Available Physical Memory | 68.72% Memory free
2.38 Gb Paging File | 2.21 Gb Available in Paging File | 92.74% Paging File free
Paging file location(s): C:\pagefile.sys 1524 3048 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 70.13 Gb Total Space | 24.39 Gb Free Space | 34.78% Space Free | Partition Type: NTFS
Drive D: | 78.91 Gb Total Space | 21.16 Gb Free Space | 26.81% Space Free | Partition Type: NTFS

Computer Name: COMPUTER_1 | User Name: Administrator | Logged in as Administrator.
Boot Mode: SafeMode with Networking | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2011/10/30 21:01:17 | 000,584,192 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Administrator\Desktop\OTL.scr
PRC - [2011/10/01 21:54:23 | 000,924,632 | ---- | M] (Mozilla Corporation) -- C:\Documents and Settings\Administrator\Local Settings\Application Data\Mozilla Firefox\firefox.exe
PRC - [2008/04/14 01:42:20 | 001,033,728 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe


========== Modules (No Company Name) ==========

MOD - [2011/10/24 03:43:48 | 000,076,800 | ---- | M] () -- C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\xnismpp1.default\extensions\{c66f6b8c-7cdb-437c-b9db-9a7a7d9cdd1b}\components\RadioWMPCoreGecko7.dll
MOD - [2011/10/01 21:54:22 | 001,833,944 | ---- | M] () -- C:\Documents and Settings\Administrator\Local Settings\Application Data\Mozilla Firefox\mozjs.dll


========== Win32 Services (SafeList) ==========

SRV - File not found [Auto | Stopped] -- -- (STacSV)
SRV - File not found [Auto | Stopped] -- -- (HWDeviceService.exe)
SRV - File not found [Disabled | Stopped] -- -- (HidServ)
SRV - [2011/08/31 17:00:48 | 000,366,152 | ---- | M] (Malwarebytes Corporation) [Auto | Stopped] -- C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe -- (MBAMService)
SRV - [2011/08/11 10:53:34 | 000,218,624 | ---- | M] () [Auto | Stopped] -- C:\Program Files\Internet Everywhere 3G+\UpdateDog\ouc.exe -- (Internet Everywhere 3G+. RunOuc)
SRV - [2010/09/24 20:12:15 | 000,352,976 | ---- | M] (Kaspersky Lab ZAO) [Auto | Stopped] -- C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2011\avp.exe -- (AVP)
SRV - [2009/12/21 09:53:26 | 000,512,000 | ---- | M] () [Auto | Stopped] -- C:\Program Files\ZTEMT UI\bin\MonServiceUDisk.exe -- (UDisk Monitor)
SRV - [2007/11/06 23:22:26 | 000,092,792 | ---- | M] (CACE Technologies) [On_Demand | Stopped] -- C:\Program Files\WinPcap\rpcapd.exe -- (rpcapd) Remote Packet Capture Protocol v.0 (experimental)


========== Driver Services (SafeList) ==========

DRV - [2011/08/31 17:00:50 | 000,022,216 | ---- | M] (Malwarebytes Corporation) [File_System | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\mbam.sys -- (MBAMProtector)
DRV - [2011/08/11 10:53:37 | 000,102,784 | ---- | M] (Huawei Technologies Co., Ltd.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ew_hwusbdev.sys -- (ew_hwusbdev)
DRV - [2011/08/11 10:53:37 | 000,073,216 | ---- | M] (Huawei Technologies Co., Ltd.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ew_jubusenum.sys -- (huawei_enumerator)
DRV - [2011/08/11 10:53:36 | 000,235,392 | ---- | M] (Huawei Technologies Co., Ltd.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ewusbnet.sys -- (ewusbnet)
DRV - [2011/08/11 10:53:36 | 000,193,792 | ---- | M] (Huawei Technologies Co., Ltd.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ewusbmdm.sys -- (hwdatacard)
DRV - [2010/11/09 14:56:12 | 000,098,392 | ---- | M] (Sunbelt Software) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\SBREDrv.sys -- (SBRE)
DRV - [2010/09/24 20:12:15 | 000,475,736 | ---- | M] (Kaspersky Lab) [File_System | System | Stopped] -- C:\WINDOWS\system32\drivers\klif.sys -- (KLIF)
DRV - [2010/09/08 08:56:50 | 000,107,776 | ---- | M] (ZTE Incorporated) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ZTEusbnmea.sys -- (ZTEusbnmea)
DRV - [2010/09/08 08:56:50 | 000,107,776 | ---- | M] (ZTE Incorporated) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ZTEusbmdm6k.sys -- (ZTEusbmdm6k)
DRV - [2010/09/08 08:56:48 | 000,107,776 | ---- | M] (ZTE Incorporated) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ZTEusbser6k.sys -- (ZTEusbser6k)
DRV - [2010/09/04 01:24:40 | 000,032,768 | ---- | M] (AnchorFree Inc) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\taphss.sys -- (taphss)
DRV - [2010/07/17 22:22:49 | 001,746,432 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\BCMWL5.SYS -- (BCM43XX)
DRV - [2010/07/15 18:44:20 | 000,013,192 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\epmntdrv.sys -- (epmntdrv)
DRV - [2010/07/15 18:44:20 | 000,008,456 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\EuGdiDrv.sys -- (EuGdiDrv)
DRV - [2010/06/09 17:43:52 | 000,011,352 | ---- | M] (Kaspersky Lab ZAO) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\kl2.sys -- (kl2)
DRV - [2010/06/09 17:43:50 | 000,132,184 | ---- | M] (Kaspersky Lab ZAO) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\kl1.sys -- (KL1)
DRV - [2010/05/07 12:06:26 | 000,032,856 | ---- | M] (Kaspersky Lab ZAO) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\klim5.sys -- (klim5)
DRV - [2009/11/25 14:51:28 | 000,104,704 | ---- | M] (ZTEMT Incorporated) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\CT_ZTEMT_U_USBSER.sys -- (ztemtusbser)
DRV - [2009/11/02 20:27:24 | 000,019,472 | ---- | M] (Kaspersky Lab) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\klmouflt.sys -- (klmouflt)
DRV - [2009/06/29 23:44:38 | 001,642,931 | ---- | M] (IDT, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\sthda.sys -- (STHDA)
DRV - [2009/04/21 20:13:34 | 000,113,664 | ---- | M] (Andrea Electronics Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\AESTAud.sys -- (AESTAud)
DRV - [2009/03/31 23:11:44 | 000,039,424 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\l1c51x86.sys -- (L1c)
DRV - [2008/04/13 20:23:10 | 000,040,320 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\nmnt.sys -- (nm)
DRV - [2007/11/06 23:22:06 | 000,034,064 | ---- | M] (CACE Technologies) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\npf.sys -- (NPF)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========


IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://search.condui...&ctid=CT2790392
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

========== FireFox ==========

FF - prefs.js..browser.search.defaultthis.engineName: "TVfree Customized Web Search"
FF - prefs.js..browser.search.defaulturl: "http://search.condui...={searchTerms}"
FF - prefs.js..browser.search.selectedEngine: "TVfree Customized Web Search"
FF - prefs.js..keyword.URL: "http://search.condui...d=CT2111809&q="

FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\WINDOWS\system32\Macromed\Flash\NPSWF32.dll ()
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files\Microsoft Silverlight\4.0.60531.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@pages.tvunetworks.com/WebPlayer: C:\Program Files\TVUPlayer\npTVUAx.dll (TVU networks)
FF - HKLM\Software\MozillaPlugins\@palmsource.com/installer,version=1.0: C:\PROGRA~1\Palm\PACKAG~1\NPInstal.dll ()
FF - HKLM\Software\MozillaPlugins\@real.com/nppl3260;version=12.0.1.647: C:\Program Files\Real\RealPlayer\Netscape6\nppl3260.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprpjplug;version=12.0.1.647: C:\Program Files\Real\RealPlayer\Netscape6\nprpjplug.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nsJSRealPlayerPlugin;version=: File not found
FF - HKLM\Software\MozillaPlugins\@videolan.org/vlc,version=1.1.11: C:\Program Files\VideoLAN\VLC\npvlc.dll (the VideoLAN Team)
FF - HKCU\Software\MozillaPlugins\@Skype Limited.com/Facebook Video Calling Plugin: C:\Documents and Settings\Administrator\Local Settings\Application Data\Facebook\Video\Skype\npFacebookVideoCalling.dll (Skype Limited)
FF - HKCU\Software\MozillaPlugins\@talk.google.com/GoogleTalkPlugin: C:\Documents and Settings\Administrator\Application Data\Mozilla\plugins\npgoogletalk.dll (Google)
FF - HKCU\Software\MozillaPlugins\@talk.google.com/O3DPlugin: C:\Documents and Settings\Administrator\Application Data\Mozilla\plugins\npgtpo3dautoplugin.dll ()
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Update\1.3.21.79\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Update\1.3.21.79\npGoogleUpdate3.dll (Google Inc.)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 3.6.22\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2011/09/28 21:06:12 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 3.6.22\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2011/09/28 21:06:12 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 7.0.1\extensions\\Components: C:\Documents and Settings\Administrator\Local Settings\Application Data\Mozilla Firefox\components [2011/10/01 21:54:26 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 7.0.1\extensions\\Plugins: C:\Documents and Settings\Administrator\Local Settings\Application Data\Mozilla Firefox\plugins
FF - HKEY_LOCAL_MACHINE\software\mozilla\Thunderbird\Extensions\\{eea12ec4-729d-4703-bc37-106ce9879ce2}: C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2011\THBExt [2010/09/21 06:37:27 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\SeaMonkey\Extensions\\[email protected]: C:\Documents and Settings\Administrator\Application Data\IDM\idmmzcc3

[2011/07/11 18:47:02 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Administrator\Application Data\Mozilla\Extensions
[2011/10/26 23:43:05 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\xnismpp1.default\extensions
[2011/10/26 23:43:04 | 000,000,000 | ---D | M] (TVfree Community Toolbar) -- C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\xnismpp1.default\extensions\{c66f6b8c-7cdb-437c-b9db-9a7a7d9cdd1b}
[2011/06/19 12:16:08 | 000,000,915 | ---- | M] () -- C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\xnismpp1.default\searchplugins\conduit.xml
[2011/11/04 20:41:27 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
[2011/01/18 19:48:51 | 000,000,000 | ---D | M] (Skype extension) -- C:\Program Files\Mozilla Firefox\extensions\{AB2CE124-6272-4b12-94A9-7303C7397BD1}
[2010/09/21 06:38:47 | 000,000,000 | ---D | M] (Anti-Banner) -- C:\Program Files\Mozilla Firefox\extensions\[email protected]
[2010/07/27 11:09:47 | 000,000,000 | ---D | M] (Kaspersky URL Advisor) -- C:\Program Files\Mozilla Firefox\extensions\[email protected]
[2010/10/01 00:05:15 | 000,000,000 | ---D | M] (Java Quick Starter) -- C:\PROGRAM FILES\JAVA\JRE6\LIB\DEPLOY\JQS\FF
[2011/02/02 21:40:24 | 000,472,808 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\mozilla firefox\plugins\npdeployJava1.dll

O1 HOSTS File: ([2011/11/05 00:49:46 | 000,000,027 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (SnagIt Toolbar Loader) - {00C6482D-C502-44C8-8409-FCE54AD9C208} - C:\Program Files\TechSmith\Snagit 10\SnagitBHO.dll (TechSmith Corporation)
O2 - BHO: (IEVkbdBHO Class) - {59273AB4-E7D3-40F9-A1A8-6FA9CCA1862C} - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2011\ievkbd.dll (Kaspersky Lab ZAO)
O2 - BHO: (Skype Plug-In) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O2 - BHO: (FilterBHO Class) - {E33CF602-D945-461A-83F0-819F76A199F8} - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2011\klwtbbho.dll (Kaspersky Lab ZAO)
O3 - HKLM\..\Toolbar: (Snagit) - {8FF5E183-ABDE-46EB-B09E-D2AAB95CABE3} - C:\Program Files\TechSmith\Snagit 10\SnagitIEAddin.dll (TechSmith Corporation)
O4 - HKLM..\Run: [{0228e555-4f9c-4e35-a3ec-b109a192b4c2}] C:\Program Files\Google\Gmail Notifier\gnotify.exe (Google Inc.)
O4 - HKLM..\Run: [AESTFltr] %SystemRoot%\system32\AESTFltr.exe /NoDlg File not found
O4 - HKLM..\Run: [autodetect] C:\Program Files\Safaricom Broadband\AutoDect.exe ()
O4 - HKLM..\Run: [Autorun Eater] C:\Program Files\Autorun Eater\oldmcdonald.exe (Old McDonald's Farm)
O4 - HKLM..\Run: [avp] C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2011\avp.exe (Kaspersky Lab ZAO)
O4 - HKLM..\Run: [Freecorder FLV Service] C:\Program Files\Freecorder\FLVSrvc.exe (Applian Technologies, Inc.)
O4 - HKLM..\Run: [Malwarebytes' Anti-Malware] C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation)
O4 - HKLM..\Run: [SysTrayApp] %ProgramFiles%\IDT\WDM\sttray.exe File not found
O4 - HKLM..\Run: [TkBellExe] C:\Program Files\Real\RealPlayer\update\realsched.exe (RealNetworks, Inc.)
O4 - HKCU..\Run: [Autochartist] C:\Program Files\Autochartist\autochartist_interbankfx.exe ()
O4 - HKCU..\Run: [DriverMax] File not found
O4 - HKCU..\Run: [DriverMax_RESTART] File not found
O4 - HKCU..\Run: [IDMan] C:\Program Files\Internet Download Manager\IDMan.exe /onboot File not found
O4 - HKCU..\Run: [WordWeb] C:\Program Files\WordWeb\wweb32.exe (WordWeb Software)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\HotSync Manager.lnk = C:\Program Files\Palm\Hotsync.exe (PalmSource, Inc)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O9 - Extra Button: &Virtual Keyboard - {4248FE82-7FCB-46AC-B270-339F08212110} - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2011\klwtbbho.dll (Kaspersky Lab ZAO)
O9 - Extra Button: Skype Plug-In - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O9 - Extra 'Tools' menuitem : Skype Plug-In - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O9 - Extra Button: URLs c&heck - {CCF151D8-D089-449F-A5A4-D9909053F20F} - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2011\klwtbbho.dll (Kaspersky Lab ZAO)
O16 - DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} http://download.eset...lineScanner.cab (OnlineScanner Control)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_24)
O16 - DPF: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_24)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_24)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://download.macr...ash/swflash.cab (Shockwave Flash Object)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.ad...Plus/1.6/gp.cab (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{6B77C15E-2662-49C1-BA87-4398E0F21B5C}: NameServer = 41.220.238.4,196.201.231.167
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{8541A0A8-C403-47D8-AC89-C34BB98AEEB7}: NameServer = 41.220.238.4,196.201.231.167
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O20 - HKLM Winlogon: Shell - (Explorer.exe) -C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\WINDOWS\system32\userinit.exe) -C:\WINDOWS\system32\userinit.exe (Microsoft Corporation)
O20 - Winlogon\Notify\klogon: DllName - (C:\WINDOWS\system32\klogon.dll) - C:\WINDOWS\system32\klogon.dll (Kaspersky Lab ZAO)
O24 - Desktop WallPaper: C:\WINDOWS\Web\Wallpaper\Bliss.bmp
O24 - Desktop BackupWallPaper: C:\WINDOWS\Web\Wallpaper\Bliss.bmp
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2010/07/17 22:06:29 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O32 - AutoRun File - [2011/11/04 07:51:40 | 000,000,000 | ---D | M] - C:\autorun.inf -- [ NTFS ]
O32 - AutoRun File - [2011/11/04 07:51:40 | 000,000,000 | R--D | M] - D:\autorun.inf -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

========== Files/Folders - Created Within 30 Days ==========

[2011/11/09 23:23:12 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\My Documents\My Drivers
[2011/11/09 23:23:12 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Innovative Solutions
[2011/11/09 23:23:12 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Local Settings\Application Data\Innovative Solutions
[2011/11/09 23:23:05 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\DriverMax
[2011/11/09 23:23:01 | 000,000,000 | ---D | C] -- C:\Program Files\Innovative Solutions
[2011/11/06 00:45:39 | 000,000,000 | ---D | C] -- C:\Program Files\ESET
[2011/11/05 07:03:01 | 000,000,000 | -HSD | C] -- C:\RECYCLER
[2011/11/05 00:47:42 | 000,000,000 | ---D | C] -- C:\WINDOWS\temp
[2011/11/05 00:38:26 | 000,000,000 | RHSD | C] -- C:\cmdcons
[2011/11/05 00:33:31 | 000,518,144 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWREG.exe
[2011/11/05 00:33:31 | 000,406,528 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWSC.exe
[2011/11/05 00:33:31 | 000,212,480 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWXCACLS.exe
[2011/11/05 00:33:31 | 000,060,416 | ---- | C] (NirSoft) -- C:\WINDOWS\NIRCMD.exe
[2011/11/05 00:33:18 | 000,000,000 | ---D | C] -- C:\WINDOWS\ERDNT
[2011/11/05 00:33:15 | 000,000,000 | ---D | C] -- C:\ComboFix
[2011/11/05 00:33:04 | 000,000,000 | ---D | C] -- C:\Qoobox
[2011/11/05 00:32:54 | 000,000,000 | R--D | C] -- C:\Documents and Settings\Administrator\My Documents\My Videos
[2011/11/05 00:32:54 | 000,000,000 | R--D | C] -- C:\Documents and Settings\Administrator\Start Menu\Programs\Administrative Tools
[2011/11/05 00:16:36 | 004,284,246 | R--- | C] (Swearware) -- C:\Documents and Settings\Administrator\Desktop\ComboFix.exe
[2011/11/04 21:41:18 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Malwarebytes' Anti-Malware
[2011/11/04 21:40:45 | 000,022,216 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
[2011/11/04 21:40:44 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2011/11/04 20:41:14 | 000,000,000 | ---D | C] -- C:\_OTL
[2011/11/04 20:35:40 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Autorun Eater
[2011/11/04 20:35:35 | 000,000,000 | ---D | C] -- C:\Program Files\Autorun Eater
[2011/11/04 20:35:35 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Autorun Eater
[2011/11/04 07:51:40 | 000,000,000 | ---D | C] -- C:\autorun.inf
[2011/10/31 20:44:20 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Application Data\Malwarebytes
[2011/10/31 20:35:37 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Malwarebytes
[2011/10/30 21:00:15 | 000,584,192 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Administrator\Desktop\OTL.scr
[2011/10/29 18:44:00 | 000,027,984 | ---- | C] (Sunbelt Software) -- C:\WINDOWS\System32\sbbd.exe
[2011/10/29 18:43:59 | 000,098,392 | ---- | C] (Sunbelt Software) -- C:\WINDOWS\System32\drivers\SBREDrv.sys
[2011/10/29 18:40:30 | 000,000,000 | ---D | C] -- C:\VIPRERESCUE
[2011/10/29 10:47:38 | 000,000,000 | -HSD | C] -- C:\WINDOWS\CSC
[2011/10/28 10:10:49 | 000,000,000 | ---D | C] -- C:\ubuntu
[2011/10/27 19:50:57 | 000,584,192 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Administrator\Desktop\OTL.exe
[2011/10/25 22:13:20 | 000,000,000 | RH-D | C] -- C:\Documents and Settings\Administrator\Recent
[2011/10/23 10:42:48 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Local Settings\Application Data\Facebook
[3 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[2 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2011/11/10 01:46:55 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2011/11/10 00:48:35 | 000,000,354 | RHS- | M] () -- C:\boot.ini
[2011/11/09 23:47:01 | 000,001,010 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-1935655697-2077806209-515967899-500UA.job
[2011/11/09 23:47:01 | 000,000,958 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-1935655697-2077806209-515967899-500Core.job
[2011/11/09 23:23:05 | 000,000,779 | ---- | M] () -- C:\Documents and Settings\Administrator\Desktop\DriverMax.lnk
[2011/11/09 21:35:28 | 000,000,438 | -H-- | M] () -- C:\WINDOWS\tasks\User_Feed_Synchronization-{B104C796-8274-4204-92E1-E8EF1497D78A}.job
[2011/11/09 05:57:14 | 000,000,512 | ---- | M] () -- C:\Documents and Settings\Administrator\Desktop\MBR.dat
[2011/11/08 16:38:44 | 000,767,302 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2011/11/08 16:38:44 | 000,262,118 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2011/11/08 08:47:43 | 000,002,206 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2011/11/06 10:10:26 | 000,001,324 | ---- | M] () -- C:\WINDOWS\System32\d3d9caps.dat
[2011/11/05 00:49:46 | 000,000,027 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts
[2011/11/05 00:18:32 | 004,284,246 | R--- | M] (Swearware) -- C:\Documents and Settings\Administrator\Desktop\ComboFix.exe
[2011/11/04 21:41:20 | 000,000,802 | ---- | M] () -- C:\Documents and Settings\Administrator\Application Data\Microsoft\Internet Explorer\Quick Launch\Malwarebytes' Anti-Malware.lnk
[2011/11/04 21:41:20 | 000,000,784 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes' Anti-Malware.lnk
[2011/11/04 20:35:35 | 000,000,670 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Autorun Eater.lnk
[2011/10/30 21:01:17 | 000,584,192 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Administrator\Desktop\OTL.scr
[2011/10/29 18:48:23 | 000,000,000 | ---- | M] () -- C:\WINDOWS\System32\SBRC.dat
[2011/10/28 16:14:39 | 000,134,978 | ---- | M] () -- C:\wubildr
[2011/10/28 16:14:14 | 000,000,238 | ---- | M] () -- C:\Boot.bak
[2011/10/28 16:12:48 | 000,008,192 | ---- | M] () -- C:\wubildr.mbr
[2011/10/27 19:51:25 | 000,584,192 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Administrator\Desktop\OTL.exe
[2011/10/22 00:11:04 | 000,001,882 | ---- | M] () -- C:\Documents and Settings\Administrator\Desktop\fxTrade Practice.lnk
[2011/10/20 14:03:17 | 000,000,284 | ---- | M] () -- C:\WINDOWS\tasks\AppleSoftwareUpdate.job
[2011/10/20 08:27:35 | 000,160,768 | ---- | M] () -- C:\Documents and Settings\Administrator\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[3 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[2 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]

========== Files Created - No Company Name ==========

[2011/11/09 23:23:05 | 000,000,779 | ---- | C] () -- C:\Documents and Settings\Administrator\Desktop\DriverMax.lnk
[2011/11/09 21:02:58 | 000,001,513 | ---- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Startup\HotSync Manager.lnk
[2011/11/05 08:36:39 | 000,000,512 | ---- | C] () -- C:\Documents and Settings\Administrator\Desktop\MBR.dat
[2011/11/05 00:38:31 | 000,000,238 | ---- | C] () -- C:\Boot.bak
[2011/11/05 00:38:28 | 000,260,272 | RHS- | C] () -- C:\cmldr
[2011/11/05 00:33:31 | 000,256,000 | ---- | C] () -- C:\WINDOWS\PEV.exe
[2011/11/05 00:33:31 | 000,208,896 | ---- | C] () -- C:\WINDOWS\MBR.exe
[2011/11/05 00:33:31 | 000,098,816 | ---- | C] () -- C:\WINDOWS\sed.exe
[2011/11/05 00:33:31 | 000,080,412 | ---- | C] () -- C:\WINDOWS\grep.exe
[2011/11/05 00:33:31 | 000,068,096 | ---- | C] () -- C:\WINDOWS\zip.exe
[2011/11/04 21:41:20 | 000,000,802 | ---- | C] () -- C:\Documents and Settings\Administrator\Application Data\Microsoft\Internet Explorer\Quick Launch\Malwarebytes' Anti-Malware.lnk
[2011/11/04 21:41:20 | 000,000,784 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes' Anti-Malware.lnk
[2011/11/04 20:35:35 | 000,000,670 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Autorun Eater.lnk
[2011/10/29 18:48:23 | 000,000,000 | ---- | C] () -- C:\WINDOWS\System32\SBRC.dat
[2011/10/28 16:12:48 | 000,008,192 | ---- | C] () -- C:\wubildr.mbr
[2011/10/28 16:12:47 | 000,134,978 | ---- | C] () -- C:\wubildr
[2011/10/25 23:22:32 | 000,000,861 | ---- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Express Burn Disc Burning Software.lnk
[2011/09/21 15:19:13 | 000,001,324 | ---- | C] () -- C:\WINDOWS\System32\d3d9caps.dat
[2011/09/08 23:10:00 | 000,000,088 | ---- | C] () -- C:\WINDOWS\Launcher.ini
[2011/07/23 09:28:39 | 000,002,528 | ---- | C] () -- C:\Documents and Settings\Administrator\Application Data\$_hpcst$.hpc
[2010/12/23 22:48:16 | 000,153,600 | ---- | C] () -- C:\WINDOWS\System32\AI_ContextMenu.dll
[2010/12/23 17:36:09 | 000,000,034 | -H-- | C] () -- C:\WINDOWS\System32\Converter_sysquict.dat
[2010/09/21 06:38:29 | 000,115,369 | ---- | C] () -- C:\WINDOWS\System32\drivers\klin.dat
[2010/09/21 06:38:29 | 000,097,961 | ---- | C] () -- C:\WINDOWS\System32\drivers\klick.dat
[2010/09/07 21:46:16 | 000,000,056 | -H-- | C] () -- C:\WINDOWS\System32\ezsidmv.dat
[2010/08/06 08:58:11 | 001,774,720 | ---- | C] () -- C:\WINDOWS\System32\BootMan.exe
[2010/08/06 08:58:11 | 000,086,408 | ---- | C] () -- C:\WINDOWS\System32\setupempdrv03.exe
[2010/08/06 08:58:11 | 000,014,848 | ---- | C] () -- C:\WINDOWS\System32\EuEpmGdi.dll
[2010/08/06 08:58:11 | 000,013,192 | ---- | C] () -- C:\WINDOWS\System32\epmntdrv.sys
[2010/08/06 08:58:11 | 000,008,456 | ---- | C] () -- C:\WINDOWS\System32\EuGdiDrv.sys
[2010/07/29 21:13:40 | 000,160,768 | ---- | C] () -- C:\Documents and Settings\Administrator\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2010/07/27 08:36:32 | 000,000,000 | ---- | C] () -- C:\WINDOWS\nsreg.dat
[2010/07/17 22:20:30 | 000,147,456 | ---- | C] () -- C:\WINDOWS\System32\igfxCoIn_v4926.dll
[2010/07/17 22:10:01 | 000,002,048 | --S- | C] () -- C:\WINDOWS\bootstat.dat
[2010/07/17 22:02:15 | 000,021,640 | ---- | C] () -- C:\WINDOWS\System32\emptyregdb.dat
[2010/07/17 14:55:30 | 000,004,161 | ---- | C] () -- C:\WINDOWS\ODBCINST.INI
[2010/07/17 14:53:49 | 000,263,824 | ---- | C] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2009/09/09 19:01:40 | 000,027,675 | ---- | C] () -- C:\WINDOWS\System32\drivers\klopp.dat
[2008/04/14 01:55:28 | 000,001,804 | ---- | C] () -- C:\WINDOWS\System32\Dcache.bin
[2007/11/06 23:19:28 | 000,053,299 | ---- | C] () -- C:\WINDOWS\System32\pthreadVC.dll
[2006/12/31 03:57:08 | 000,004,569 | ---- | C] () -- C:\WINDOWS\System32\secupd.dat
[2001/08/23 08:00:00 | 013,107,200 | ---- | C] () -- C:\WINDOWS\System32\oembios.bin
[2001/08/23 08:00:00 | 000,767,302 | ---- | C] () -- C:\WINDOWS\System32\perfh009.dat
[2001/08/23 08:00:00 | 000,673,088 | ---- | C] () -- C:\WINDOWS\System32\mlang.dat
[2001/08/23 08:00:00 | 000,272,128 | ---- | C] () -- C:\WINDOWS\System32\perfi009.dat
[2001/08/23 08:00:00 | 000,262,118 | ---- | C] () -- C:\WINDOWS\System32\perfc009.dat
[2001/08/23 08:00:00 | 000,218,003 | ---- | C] () -- C:\WINDOWS\System32\dssec.dat
[2001/08/23 08:00:00 | 000,046,258 | ---- | C] () -- C:\WINDOWS\System32\mib.bin
[2001/08/23 08:00:00 | 000,028,626 | ---- | C] () -- C:\WINDOWS\System32\perfd009.dat
[2001/08/23 08:00:00 | 000,004,463 | ---- | C] () -- C:\WINDOWS\System32\oembios.dat
[2001/08/23 08:00:00 | 000,000,741 | ---- | C] () -- C:\WINDOWS\System32\noise.dat

========== Custom Scans ==========


< >


< MD5 for: ACADPROC.DLL >
[2008/04/14 01:41:50 | 000,039,424 | ---- | M] (Microsoft Corporation) MD5=EA9EE60B408878E5F2012F9C783836DB -- C:\WINDOWS\AppPatch\AcAdProc.dll

< MD5 for: ADVAPI32.DLL >
[2008/04/14 01:41:50 | 000,617,472 | ---- | M] (Microsoft Corporation) MD5=BAB489A5FE26F2D0C910CF7AF7E4CF92 -- C:\WINDOWS\system32\advapi32.dll
[2008/04/14 01:41:50 | 000,617,472 | ---- | M] (Microsoft Corporation) MD5=BAB489A5FE26F2D0C910CF7AF7E4CF92 -- C:\WINDOWS\system32\dllcache\advapi32.dll

< MD5 for: APPHELP.DLL >
[2008/04/14 01:41:50 | 000,125,952 | ---- | M] (Microsoft Corporation) MD5=CF492D7E9AF1C628B3536D20EF6F5CC7 -- C:\WINDOWS\system32\apphelp.dll
[2008/04/14 01:41:50 | 000,125,952 | ---- | M] (Microsoft Corporation) MD5=CF492D7E9AF1C628B3536D20EF6F5CC7 -- C:\WINDOWS\system32\dllcache\apphelp.dll

< MD5 for: AUTHZ.DLL >
[2008/04/14 01:41:52 | 000,062,464 | ---- | M] (Microsoft Corporation) MD5=714705F29A917993536A6AB2DEDB0B7F -- C:\WINDOWS\system32\authz.dll
[2008/04/14 01:41:52 | 000,062,464 | ---- | M] (Microsoft Corporation) MD5=714705F29A917993536A6AB2DEDB0B7F -- C:\WINDOWS\system32\dllcache\authz.dll

< MD5 for: EVENTLOG.DLL >
[2008/04/14 01:41:54 | 000,056,320 | ---- | M] (Microsoft Corporation) MD5=6D4FEB43EE538FC5428CC7F0565AA656 -- C:\WINDOWS\system32\dllcache\eventlog.dll
[2008/04/14 01:41:54 | 000,056,320 | ---- | M] (Microsoft Corporation) MD5=6D4FEB43EE538FC5428CC7F0565AA656 -- C:\WINDOWS\system32\eventlog.dll

< MD5 for: GDI32.DLL >
[2008/04/14 01:41:56 | 000,285,184 | ---- | M] (Microsoft Corporation) MD5=B015B9134DAD7E29E7D2D6B5F5C8C2FC -- C:\WINDOWS\system32\dllcache\gdi32.dll
[2008/04/14 01:41:56 | 000,285,184 | ---- | M] (Microsoft Corporation) MD5=B015B9134DAD7E29E7D2D6B5F5C8C2FC -- C:\WINDOWS\system32\gdi32.dll

< MD5 for: IMM32.DLL >
[2008/04/14 01:41:56 | 000,110,080 | ---- | M] (Microsoft Corporation) MD5=0DA85218E92526972A821587E6A8BF8F -- C:\WINDOWS\system32\dllcache\imm32.dll
[2008/04/14 01:41:56 | 000,110,080 | ---- | M] (Microsoft Corporation) MD5=0DA85218E92526972A821587E6A8BF8F -- C:\WINDOWS\system32\imm32.dll

< MD5 for: KERNEL32.DLL >
[2008/04/14 01:41:58 | 000,989,696 | ---- | M] (Microsoft Corporation) MD5=C24B983D211C34DA8FCC1AC38477971D -- C:\WINDOWS\system32\dllcache\kernel32.dll
[2008/04/14 01:41:58 | 000,989,696 | ---- | M] (Microsoft Corporation) MD5=C24B983D211C34DA8FCC1AC38477971D -- C:\WINDOWS\system32\kernel32.dll

< MD5 for: MSVCP60.DLL >
[2007/02/18 17:37:28 | 000,401,462 | ---- | M] (Microsoft Corporation) MD5=3FFEAF764207CD5B2FD8AC1FC118D548 -- C:\WINDOWS\WinSxS\x86_Microsoft.Tools.VisualCPlusPlus.Runtime-Libraries_6595b64144ccf1df_6.0.0.0_x-ww_ff9986d7\msvcp60.dll
[2011/08/11 10:53:35 | 000,413,696 | ---- | M] (Microsoft Corporation) MD5=59A6413FB2CC89FD8651B1D2962FB8B9 -- C:\Program Files\Internet Everywhere 3G+\msvcp60.dll
[2008/10/11 11:39:04 | 000,413,696 | ---- | M] (Microsoft Corporation) MD5=59A6413FB2CC89FD8651B1D2962FB8B9 -- C:\Program Files\Zain e-GO\Zain e-GO\msvcp60.dll
[2010/05/26 16:42:22 | 000,419,160 | ---- | M] (Microsoft Corporation) MD5=C5F3ADB964749A958BA99CA0717E5C34 -- C:\Program Files\Safaricom Broadband\msvcp60.dll
[2000/08/29 11:00:00 | 000,401,462 | ---- | M] (Microsoft Corporation) MD5=CB21D826D9C39AED19DD431C1880F5DE -- C:\Program Files\Deltastock\DeltaTrading\Dlls\msvcp60.dll
[2010/07/01 21:06:42 | 000,401,462 | ---- | M] (Microsoft Corporation) MD5=CB21D826D9C39AED19DD431C1880F5DE -- C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2011\msvcp60.dll
[2000/08/29 11:00:00 | 000,401,462 | ---- | M] (Microsoft Corporation) MD5=CB21D826D9C39AED19DD431C1880F5DE -- C:\WINDOWS\system\msvcp60.dll
[2008/04/14 01:42:02 | 000,413,696 | ---- | M] (Microsoft Corporation) MD5=F404830F3CD9BF8F2515E489C0CDA297 -- C:\WINDOWS\system32\dllcache\msvcp60.dll
[2008/04/14 01:42:02 | 000,413,696 | ---- | M] (Microsoft Corporation) MD5=F404830F3CD9BF8F2515E489C0CDA297 -- C:\WINDOWS\system32\msvcp60.dll
[2007/02/18 17:39:39 | 000,401,462 | ---- | M] (Microsoft Corporation) MD5=F9AF0EF6B472EE0F60D5C494F9E2BC33 -- C:\WINDOWS\WinSxS\x86_Microsoft.Tools.VisualCPlusPlus.Runtime-Libraries_6595b64144ccf1df_6.0.9792.0_x-ww_08a6620a\msvcp60.dll

< MD5 for: MSVCRT.DLL >
[2008/04/14 01:42:02 | 000,343,040 | ---- | M] (Microsoft Corporation) MD5=355EDBB4D412B01F1740C17E3F50FA00 -- C:\WINDOWS\system32\dllcache\msvcrt.dll
[2008/04/14 01:42:02 | 000,343,040 | ---- | M] (Microsoft Corporation) MD5=355EDBB4D412B01F1740C17E3F50FA00 -- C:\WINDOWS\system32\msvcrt.dll
[2007/02/18 17:37:29 | 000,322,560 | ---- | M] (Microsoft Corporation) MD5=4200BE3808F6406DBE45A7B88DAE5035 -- C:\WINDOWS\WinSxS\x86_Microsoft.Windows.CPlusPlusRuntime_6595b64144ccf1df_7.0.0.0_x-ww_2726e76a\msvcrt.dll
[2008/01/04 14:18:06 | 000,278,581 | ---- | M] (Microsoft Corporation) MD5=4300D1A092B91E7C8DFA6F1E5E7973B2 -- C:\Program Files\Palm\PhotoDesktop\MSVCRT.DLL
[2010/10/01 00:05:15 | 000,266,293 | ---- | M] (Microsoft Corporation) MD5=63DA4613383EC70E047B4CD5C48F0B05 -- C:\Program Files\Java\jre6\bin\msvcrt.dll
[2007/01/18 04:04:58 | 000,266,293 | ---- | M] (Microsoft Corporation) MD5=63DA4613383EC70E047B4CD5C48F0B05 -- C:\Program Files\Safaricom Mobile Office\msvcrt.dll
[2003/06/19 22:05:04 | 000,286,773 | ---- | M] (Microsoft Corporation) MD5=BA7BE6F92680B28B9031170659FD222D -- C:\Program Files\Deltastock\DeltaTrading\Dlls\msvcrt.dll
[2003/06/19 22:05:04 | 000,286,773 | ---- | M] (Microsoft Corporation) MD5=BA7BE6F92680B28B9031170659FD222D -- C:\WINDOWS\system\msvcrt.dll
[2008/04/14 01:42:52 | 000,343,040 | R--- | M] (Microsoft Corporation) MD5=D7075E95AA599EE77B7A89D39296BD3D -- C:\WINDOWS\WinSxS\x86_Microsoft.Windows.CPlusPlusRuntime_6595b64144ccf1df_7.0.2600.5512_x-ww_3fd60d63\msvcrt.dll

< MD5 for: NCOBJAPI.DLL >
[2008/04/14 01:42:02 | 000,036,352 | ---- | M] (Microsoft Corporation) MD5=EC29A79F1E76DC509E24D401F29D0678 -- C:\WINDOWS\system32\dllcache\ncobjapi.dll
[2008/04/14 01:42:02 | 000,036,352 | ---- | M] (Microsoft Corporation) MD5=EC29A79F1E76DC509E24D401F29D0678 -- C:\WINDOWS\system32\ncobjapi.dll

< MD5 for: NETAPI32.DLL >
[2008/04/14 01:42:02 | 000,337,408 | ---- | M] (Microsoft Corporation) MD5=6DB7788FA7E2566267516FA635C3797E -- C:\WINDOWS\system32\dllcache\netapi32.dll
[2008/04/14 01:42:02 | 000,337,408 | ---- | M] (Microsoft Corporation) MD5=6DB7788FA7E2566267516FA635C3797E -- C:\WINDOWS\system32\netapi32.dll

< MD5 for: NTDLL.DLL >
[2008/04/14 01:41:26 | 000,706,048 | ---- | M] (Microsoft Corporation) MD5=27D9ED8CB8B62D1E0A8E5ACE6CF52E2F -- C:\WINDOWS\system32\dllcache\ntdll.dll
[2008/04/14 01:41:26 | 000,706,048 | ---- | M] (Microsoft Corporation) MD5=27D9ED8CB8B62D1E0A8E5ACE6CF52E2F -- C:\WINDOWS\system32\ntdll.dll
[2004/08/04 00:56:38 | 000,708,096 | ---- | M] (Microsoft Corporation) MD5=BB5CBFFC096497506167BCE1D9690EF2 -- C:\cmdcons\SYSTEM32\NTDLL.DLL

< MD5 for: PSAPI.DLL >
[2008/04/14 01:42:04 | 000,023,040 | ---- | M] (Microsoft Corporation) MD5=9CFCB3CA3D83B4EAA133F0644A2C6F31 -- C:\WINDOWS\system32\dllcache\psapi.dll
[2008/04/14 01:42:04 | 000,023,040 | ---- | M] (Microsoft Corporation) MD5=9CFCB3CA3D83B4EAA133F0644A2C6F31 -- C:\WINDOWS\system32\psapi.dll

< MD5 for: RPCRT4.DLL >
[2008/04/14 01:42:06 | 000,584,704 | ---- | M] (Microsoft Corporation) MD5=B979D9D1C8073DA21A7F80345F306A1D -- C:\WINDOWS\system32\dllcache\rpcrt4.dll
[2008/04/14 01:42:06 | 000,584,704 | ---- | M] (Microsoft Corporation) MD5=B979D9D1C8073DA21A7F80345F306A1D -- C:\WINDOWS\system32\rpcrt4.dll

< MD5 for: SCESRV.DLL >
[2008/04/14 01:42:06 | 000,314,880 | ---- | M] (Microsoft Corporation) MD5=B24A42A413E694AD73FDFB7FBD492C31 -- C:\WINDOWS\system32\dllcache\scesrv.dll
[2008/04/14 01:42:06 | 000,314,880 | ---- | M] (Microsoft Corporation) MD5=B24A42A413E694AD73FDFB7FBD492C31 -- C:\WINDOWS\system32\scesrv.dll

< MD5 for: SECUR32.DLL >
[2008/04/14 01:42:06 | 000,056,320 | ---- | M] (Microsoft Corporation) MD5=7459C16CC3EF4651CAB7C9260E43FC58 -- C:\WINDOWS\system32\dllcache\secur32.dll
[2008/04/14 01:42:06 | 000,056,320 | ---- | M] (Microsoft Corporation) MD5=7459C16CC3EF4651CAB7C9260E43FC58 -- C:\WINDOWS\system32\secur32.dll

< MD5 for: SERVICES.EXE >
[2008/04/14 01:42:36 | 000,108,544 | ---- | M] (Microsoft Corporation) MD5=0E776ED5F7CC9F94299E70461B7B8185 -- C:\WINDOWS\system32\dllcache\services.exe
[2008/04/14 01:42:36 | 000,108,544 | ---- | M] (Microsoft Corporation) MD5=0E776ED5F7CC9F94299E70461B7B8185 -- C:\WINDOWS\system32\services.exe

< MD5 for: SHIMENG.DLL >
[2008/04/14 01:42:06 | 000,065,024 | ---- | M] (Microsoft Corporation) MD5=1F03103598BD817B1078DAB1326DDE11 -- C:\WINDOWS\system32\dllcache\shimeng.dll
[2008/04/14 01:42:06 | 000,065,024 | ---- | M] (Microsoft Corporation) MD5=1F03103598BD817B1078DAB1326DDE11 -- C:\WINDOWS\system32\shimeng.dll

< MD5 for: UMPNPMGR.DLL >
[2008/04/14 01:42:08 | 000,123,392 | ---- | M] (Microsoft Corporation) MD5=2EDFC2A8893435723AD80481803C6D5C -- C:\WINDOWS\system32\dllcache\umpnpmgr.dll
[2008/04/14 01:42:08 | 000,123,392 | ---- | M] (Microsoft Corporation) MD5=2EDFC2A8893435723AD80481803C6D5C -- C:\WINDOWS\system32\umpnpmgr.dll

< MD5 for: USER32.DLL >
[2008/04/14 01:42:10 | 000,578,560 | ---- | M] (Microsoft Corporation) MD5=B26B135FF1B9F60C9388B4A7D16F600B -- C:\WINDOWS\system32\dllcache\user32.dll
[2008/04/14 01:42:10 | 000,578,560 | ---- | M] (Microsoft Corporation) MD5=B26B135FF1B9F60C9388B4A7D16F600B -- C:\WINDOWS\system32\user32.dll

< MD5 for: USERENV.DLL >
[2008/04/14 01:42:10 | 000,727,040 | ---- | M] (Microsoft Corporation) MD5=43D13C80EBEC0135A3611E0F616F179B -- C:\WINDOWS\system32\dllcache\userenv.dll
[2008/04/14 01:42:10 | 000,727,040 | ---- | M] (Microsoft Corporation) MD5=43D13C80EBEC0135A3611E0F616F179B -- C:\WINDOWS\system32\userenv.dll

< MD5 for: VERSION.DLL >
[2008/04/14 01:42:10 | 000,018,944 | ---- | M] (Microsoft Corporation) MD5=C7CE131408739B0B3A318BE2D0032719 -- C:\WINDOWS\system32\dllcache\version.dll
[2008/04/14 01:42:10 | 000,018,944 | ---- | M] (Microsoft Corporation) MD5=C7CE131408739B0B3A318BE2D0032719 -- C:\WINDOWS\system32\version.dll

< MD5 for: WINSTA.DLL >
[2008/04/14 01:42:10 | 000,053,760 | ---- | M] (Microsoft Corporation) MD5=430CEB794F6E6EF8AC86958C242366D6 -- C:\WINDOWS\system32\dllcache\winsta.dll
[2008/04/14 01:42:10 | 000,053,760 | ---- | M] (Microsoft Corporation) MD5=430CEB794F6E6EF8AC86958C242366D6 -- C:\WINDOWS\system32\winsta.dll

< MD5 for: WS2_32.DLL >
[2008/04/14 01:42:12 | 000,082,432 | ---- | M] (Microsoft Corporation) MD5=2CCC474EB85CEAA3E1FA1726580A3E5A -- C:\WINDOWS\system32\dllcache\ws2_32.dll
[2008/04/14 01:42:12 | 000,082,432 | ---- | M] (Microsoft Corporation) MD5=2CCC474EB85CEAA3E1FA1726580A3E5A -- C:\WINDOWS\system32\ws2_32.dll

< MD5 for: WS2HELP.DLL >
[2008/04/14 01:42:12 | 000,019,968 | ---- | M] (Microsoft Corporation) MD5=9789E95E1D88EEB4B922BF3EA7779C28 -- C:\WINDOWS\system32\dllcache\ws2help.dll
[2008/04/14 01:42:12 | 000,019,968 | ---- | M] (Microsoft Corporation) MD5=9789E95E1D88EEB4B922BF3EA7779C28 -- C:\WINDOWS\system32\ws2help.dll

< MD5 for: WTSAPI32.DLL >
[2008/04/14 01:42:12 | 000,018,432 | ---- | M] (Microsoft Corporation) MD5=0E2735281FBB9A764D5584C2A5DCBA59 -- C:\WINDOWS\system32\dllcache\wtsapi32.dll
[2008/04/14 01:42:12 | 000,018,432 | ---- | M] (Microsoft Corporation) MD5=0E2735281FBB9A764D5584C2A5DCBA59 -- C:\WINDOWS\system32\wtsapi32.dll

< End of report >
  • 0






Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP