Sign In »
Register Now!
Help
The infection will not let OTS, OTH, or OTL run. It also shuts down avast, norton 360, and malwarebytes.
OTL began and the infection shut it down. I'm substituting the winpatrol log. I'm sure it's not good enough, but it's all the infection will let me get.
WinPatrol Report Log
Report created by WinPatrol [FREE Edition] version 20.0.2011.2:20.0.2011.2 at 10:45:00 PM, on 7/11/2011
Platform: Windows XP SP3 Service Pack 3 (Build 2600)
Browser: Windows® Internet Explorer - Internet Explorer version 8.00.6001.18702
Memory currently in use: 66%
MSIE: Internet Explorer (8.00.6001.18702)
IE Cookie Path: C:\Documents and Settings\user\Cookies\
Firefox 4.0.1 installed in C:\Program Files\Mozilla Firefox
HKLM Default_Page_URL = http://go.microsoft....k/?LinkId=69157
HKCU Start Page = http://www.inbox.com...aspx?tbid=80119
HKLM Start Page = http://go.microsoft....k/?LinkId=69157
WinLogon DefaultUserName=user
WinLogon DefaultDomainName=USER-98A1586829
WinLogon Shell=Explorer.exe
WinLogon UserInit=C:\WINDOWS\system32\userinit.exe,
Startup Programs
Active Tasks
Scheduled Tasks
IE Helpers
File Types
Services
• Startup Programs •
# SoundMAXPnP
smax4pnp.exe SMax4PNP MFC Application
Version: 5, 2, 0, 5 Copyright © 2002-2004 Analog Devices
Location: HKLM\Software\Microsoft\Windows\CurrentVersion\Run
Path: C:\Program Files\Analog Devices\Core\smax4pnp.exe
First Detected by WinPatrol: 05/10/2011 4:32 PM
Click for Plus Info
# PE2CKFNT SE
ChkFont.exe
Location: HKLM\Software\Microsoft\Windows\CurrentVersion\Run
Path: C:\Program Files\Ulead Systems\Ulead Photo Express 2 SE\ChkFont.exe
First Detected by WinPatrol: 05/10/2011 4:32 PM
Click for Plus Info
# nmctxth
nmctxth.exe Pure Networks Platform Assistant
Version: 11.0.9154.0 Copyright © 2002-2009 Cisco Systems, Inc. All rights reserved.
Location: HKLM\Software\Microsoft\Windows\CurrentVersion\Run
Path: C:\Program Files\Common Files\Pure Networks Shared\Platform\nmctxth.exe
First Detected by WinPatrol: 05/10/2011 4:32 PM
Click for Plus Info
# nmapp
nmapp.exe -autorun -nosplash Network Magic Application
Version: 5.0.9154.0 Copyright © 2002-2009 Cisco Systems, Inc. All rights reserved.
Location: HKLM\Software\Microsoft\Windows\CurrentVersion\Run
Path: C:\Program Files\Pure Networks\Network Magic\nmapp.exe -autorun -nosplash
First Detected by WinPatrol: 05/10/2011 4:33 PM
Click for Plus Info
# Linksys Wireless Manager
LinksysWirelessManager.exe /cm /min /lcid 1033 Linksys Wireless Manager
Version: 4.9.09189.0 Copyright © 2002-2009 Cisco Systems, Inc. All rights reserved.
Location: HKLM\Software\Microsoft\Windows\CurrentVersion\Run
Path: C:\Program Files\Linksys\Linksys Wireless Manager\LinksysWirelessManager.exe /cm /min /lcid 1033
First Detected by WinPatrol: 05/10/2011 4:33 PM
Click for Plus Info
# WinPatrol [FREE Edition]
winpatrol.exe -expressboot WinPatrol System Monitor
Version: 20.0.2011.2 Copyright © 1997- 2011 BillP Studios
Location: HKLM\Software\Microsoft\Windows\CurrentVersion\Run
Path: C:\Program Files\BillP Studios\WinPatrol\winpatrol.exe -expressboot
First Detected by WinPatrol: 05/10/2011 4:33 PM
Click for Plus Info
# iBryte playbryte Desktop
ibrytedesktop.exe iBryte Desktop
Version: 1.0.4134.15602
Location: HKLM\Software\Microsoft\Windows\CurrentVersion\Run
Path: C:\Program Files\iBryte\playbryte\ibrytedesktop.exe
First Detected by WinPatrol: 06/14/2011 2:33 PM
Click for Plus Info
# igfxtray
igfxtray.exe igfxTray Module
Version: 7.0.0.4410 Copyright 1999-2004, Intel Corporation
Location: HKLM\Software\Microsoft\Windows\CurrentVersion\Run
Path: C:\WINDOWS\system32\igfxtray.exe
First Detected by WinPatrol: 05/10/2011 4:32 PM
Click for Plus Info
# igfxhkcmd
hkcmd.exe hkcmd Module
Version: 7.0.0.4410 Copyright 1999-2004, Intel Corporation
Location: HKLM\Software\Microsoft\Windows\CurrentVersion\Run
Path: C:\WINDOWS\system32\hkcmd.exe
First Detected by WinPatrol: 05/10/2011 4:32 PM
Click for Plus Info
# igfxpers
igfxpers.exe persistence Module
Version: 7.0.0.4410 Copyright 1999-2004, Intel Corporation
Location: HKLM\Software\Microsoft\Windows\CurrentVersion\Run
Path: C:\WINDOWS\system32\igfxpers.exe
First Detected by WinPatrol: 05/10/2011 4:32 PM
Click for Plus Info
# Yqinoqihojisec
akeconihuqajacu.dll,Startup
Location: HKLM\Software\Microsoft\Windows\CurrentVersion\Run
Path: C:\WINDOWS\akeconihuqajacu.dll,Startup
First Detected by WinPatrol: 07/11/2011 10:43 PM
Click for Plus Info
# ctfmon.exe
ctfmon.exe CTF Loader
Version: 5.1.2600.5512 © Microsoft Corporation. All rights reserved.
Location: HKCU\Software\Microsoft\Windows\CurrentVersion\Run
Path: C:\WINDOWS\system32\ctfmon.exe
First Detected by WinPatrol: 05/10/2011 4:32 PM
Click for Plus Info
# Weather
Weather.exe 1 Version: 6, 8, 0, 6 Copyright © 2001-2009
Location: HKCU\Software\Microsoft\Windows\CurrentVersion\Run
Path: C:\Program Files\AWS\WeatherBug\Weather.exe 1
First Detected by WinPatrol: 06/20/2011 7:16 PM
Click for Plus Info
# Htuyalulineteriw
vcolerv.dll,Startup FrameDbl
Version: 0, 0, 9, 1 Copyright © 2003 Tom Barry
Location: HKCU\Software\Microsoft\Windows\CurrentVersion\Run
Path: C:\WINDOWS\vcolerv.dll,Startup
First Detected by WinPatrol: 07/11/2011 10:43 PM
Click for Plus Info
# Advanced SystemCare 4
ASCTray.exe Advanced SystemCare 4 Tray
Version: 1.0.0.0 Copyright© 2005-2011
Location: HKCU\Software\Microsoft\Windows\CurrentVersion\Run
Path: C:\Program Files\IObit\Advanced SystemCare 4\ASCTray.exe
First Detected by WinPatrol: 06/29/2011 7:48 PM
Click for Plus Info
# Winlogon Userinit
userinit.exe Userinit Logon Application
Version: 5.1.2600.5512 © Microsoft Corporation. All rights reserved.
Location: HKLM\Software\Microsoft\Windows NT\CurrentVersion\Winlogon Userinit
Path: C:\WINDOWS\system32\userinit.exe
First Detected by WinPatrol: 05/10/2011 4:32 PM
Click for Plus Info
# Winlogon Shell
Explorer.exe Windows Explorer
Version: 6.00.2900.5512 © Microsoft Corporation. All rights reserved.
Location: HKLM\Software\Microsoft\Windows NT\CurrentVersion\Winlogon Shell
Path: Explorer.exe
First Detected by WinPatrol: 05/10/2011 4:32 PM
Click for Plus Info
# PostBootReminder
shell32.dll Windows Shell Common Dll
Version: 6.00.2900.6072 © Microsoft Corporation. All rights reserved.
Location: HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad
Path: C:\WINDOWS\system32\shell32.dll
First Detected by WinPatrol: 05/10/2011 4:32 PM
6.00.2900.6072
Click for Plus Info
# CDBurn
shell32.dll Windows Shell Common Dll
Version: 6.00.2900.6072 © Microsoft Corporation. All rights reserved.
Location: HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad
Path: C:\WINDOWS\system32\shell32.dll
First Detected by WinPatrol: 05/10/2011 4:32 PM
6.00.2900.6072
Click for Plus Info
# WebCheck
webcheck.dll Web Site Monitor
Version: 8.00.6001.18702 © Microsoft Corporation. All rights reserved.
Location: HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad
Path: C:\WINDOWS\system32\webcheck.dll
First Detected by WinPatrol: 05/10/2011 4:32 PM
8.00.6001.18702
Click for Plus Info
# SysTray
stobject.dll Systray shell service object
Version: 5.1.2600.5512 © Microsoft Corporation. All rights reserved.
Location: HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad
Path: C:\WINDOWS\system32\stobject.dll
First Detected by WinPatrol: 05/10/2011 4:32 PM
5.1.2600.5512
Click for Plus Info
# Browseui preloader
browseui.dll Shell Browser UI Library
Version: 6.00.2900.6049 © Microsoft Corporation. All rights reserved.
Location: HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\SharedTaskScheduler
Path: C:\WINDOWS\system32\browseui.dll
First Detected by WinPatrol: 05/10/2011 4:32 PM
6.00.2900.6049
Click for Plus Info
# Component Categories cache daemon
browseui.dll Shell Browser UI Library
Version: 6.00.2900.6049 © Microsoft Corporation. All rights reserved.
Location: HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\SharedTaskScheduler
Path: C:\WINDOWS\system32\browseui.dll
First Detected by WinPatrol: 05/10/2011 4:32 PM
6.00.2900.6049
Click for Plus Info
# Component Categories cache daemon
shell32.dll Windows Shell Common Dll
Version: 6.00.2900.6072 © Microsoft Corporation. All rights reserved.
Location: HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks
Path: shell32.dll
6.00.2900.6072
Click for Plus Info
# Eudora's Shell Extension
EuShlExt.dll Eudora's Shell Extension
Version: 1, 0, 1, 1 Copyright © 2000-2002
Location: HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks
Path: C:\Program Files\Qualcomm\Eudora\EuShlExt.dll
First Detected by WinPatrol: 07/04/2011 3:36 PM
1, 0, 1, 1
Click for Plus Info
# crypt32chain
crypt32.dll Crypto API32
Version: 5.131.2600.5512 © Microsoft Corporation. All rights reserved.
Location: HKLM\Software\Microsoft\Windows NT\CurrentVersion\Winlogon Notify
Path: crypt32.dll
First Detected by WinPatrol: 05/10/2011 4:32 PM
5.131.2600.5512
Click for Plus Info
# cryptnet
cryptnet.dll Crypto Network Related API
Version: 5.131.2600.5512 © Microsoft Corporation. All rights reserved.
Location: HKLM\Software\Microsoft\Windows NT\CurrentVersion\Winlogon Notify
Path: cryptnet.dll
First Detected by WinPatrol: 05/10/2011 4:32 PM
5.131.2600.5512
Click for Plus Info
# cscdll
cscdll.dll Offline Network Agent
Version: 5.1.2600.5512 © Microsoft Corporation. All rights reserved.
Location: HKLM\Software\Microsoft\Windows NT\CurrentVersion\Winlogon Notify
Path: cscdll.dll
First Detected by WinPatrol: 05/10/2011 4:32 PM
5.1.2600.5512
Click for Plus Info
# dimsntfy
dimsntfy.dll DIMS Notification Handler
Version: 5.1.2600.5512 © Microsoft Corporation. All rights reserved.
Location: HKLM\Software\Microsoft\Windows NT\CurrentVersion\Winlogon Notify
Path: C:\WINDOWS\system32\dimsntfy.dll
First Detected by WinPatrol: 05/10/2011 4:32 PM
5.1.2600.5512
Click for Plus Info
# igfxcui
igfxdev.dll igfxdev Module
Version: 7.0.0.4410 Copyright 1999-2004, Intel Corporation
Location: HKLM\Software\Microsoft\Windows NT\CurrentVersion\Winlogon Notify
Path: igfxdev.dll
First Detected by WinPatrol: 05/10/2011 4:32 PM
7.0.0.4410
Click for Plus Info
# ScCertProp
wlnotify.dll Common DLL to receive Winlogon notifications
Version: 5.1.2600.5512 © Microsoft Corporation. All rights reserved.
Location: HKLM\Software\Microsoft\Windows NT\CurrentVersion\Winlogon Notify
Path: wlnotify.dll
First Detected by WinPatrol: 05/10/2011 4:32 PM
5.1.2600.5512
Click for Plus Info
# Schedule
wlnotify.dll Common DLL to receive Winlogon notifications
Version: 5.1.2600.5512 © Microsoft Corporation. All rights reserved.
Location: HKLM\Software\Microsoft\Windows NT\CurrentVersion\Winlogon Notify
Path: wlnotify.dll
First Detected by WinPatrol: 05/10/2011 4:32 PM
5.1.2600.5512
Click for Plus Info
# sclgntfy
sclgntfy.dll Secondary Logon Service Notification DLL
Version: 5.1.2600.5512 © Microsoft Corporation. All rights reserved.
Location: HKLM\Software\Microsoft\Windows NT\CurrentVersion\Winlogon Notify
Path: sclgntfy.dll
First Detected by WinPatrol: 05/10/2011 4:32 PM
5.1.2600.5512
Click for Plus Info
# SensLogn
WlNotify.dll Common DLL to receive Winlogon notifications
Version: 5.1.2600.5512 © Microsoft Corporation. All rights reserved.
Location: HKLM\Software\Microsoft\Windows NT\CurrentVersion\Winlogon Notify
Path: WlNotify.dll
First Detected by WinPatrol: 05/10/2011 4:32 PM
5.1.2600.5512
Click for Plus Info
# termsrv
wlnotify.dll Common DLL to receive Winlogon notifications
Version: 5.1.2600.5512 © Microsoft Corporation. All rights reserved.
Location: HKLM\Software\Microsoft\Windows NT\CurrentVersion\Winlogon Notify
Path: wlnotify.dll
First Detected by WinPatrol: 05/10/2011 4:32 PM
5.1.2600.5512
Click for Plus Info
# WgaLogon
WgaLogon.dll Windows Genuine Advantage Notifications
Version: 1.9.0040.0 © 1995-2009 Microsoft Corporation
Location: HKLM\Software\Microsoft\Windows NT\CurrentVersion\Winlogon Notify
Path: WgaLogon.dll
First Detected by WinPatrol: 05/10/2011 4:32 PM
1.9.0040.0
Click for Plus Info
# wlballoon
wlnotify.dll Common DLL to receive Winlogon notifications
Version: 5.1.2600.5512 © Microsoft Corporation. All rights reserved.
Location: HKLM\Software\Microsoft\Windows NT\CurrentVersion\Winlogon Notify
Path: wlnotify.dll
First Detected by WinPatrol: 05/10/2011 4:32 PM
5.1.2600.5512
Click for Plus Info
• Delayed Start •
• Active Tasks •
# Windows NT Session Manager
smss.exe Windows NT Session Manager
Version: 5.1.2600.5512 © Microsoft Corporation. All rights reserved.
Path: C:\WINDOWS\system32\smss.exe
First Detected by WinPatrol: 05/10/2011 4:33 PM
Click for Plus Info
# Windows NT Logon Application
winlogon.exe Windows NT Logon Application
Version: 5.1.2600.5512 © Microsoft Corporation. All rights reserved.
Path: C:\WINDOWS\system32\winlogon.exe
First Detected by WinPatrol: 05/10/2011 4:33 PM
Click for Plus Info
# Services and Controller app
services.exe Services and Controller app
Version: 5.1.2600.5755 © Microsoft Corporation. All rights reserved.
Path: C:\WINDOWS\system32\services.exe
First Detected by WinPatrol: 05/10/2011 4:33 PM
Click for Plus Info
# LSA Shell (Export Version)
lsass.exe LSA Shell (Export Version)
Version: 5.1.2600.5512 © Microsoft Corporation. All rights reserved.
Path: C:\WINDOWS\system32\lsass.exe
First Detected by WinPatrol: 05/10/2011 4:33 PM
Click for Plus Info
# SVCHOST
SVCHOST.EXE
Path: \\.\GLOBALROOT\DEVICE\SVCHOST.EXE
Click for Plus Info
# Generic Host Process for Win32 Services
svchost.exe Generic Host Process for Win32 Services
Version: 5.1.2600.5512 © Microsoft Corporation. All rights reserved.
Path: C:\WINDOWS\system32\svchost.exe
First Detected by WinPatrol: 05/10/2011 4:33 PM
Click for Plus Info
# Spooler SubSystem App
spoolsv.exe Spooler SubSystem App
Version: 5.1.2600.6024 © Microsoft Corporation. All rights reserved.
Path: C:\WINDOWS\system32\spoolsv.exe
First Detected by WinPatrol: 05/10/2011 4:33 PM
Click for Plus Info
# Disk Defrag
DISKDEFRAG.EXE Disk Defrag
Version: 5.x 2007-2010@Auslogics Software Pty Ltd
Path: C:\PROGRAM FILES\AUSLOGICS\AUSLOGICS DISK DEFRAG\DISKDEFRAG.EXE
First Detected by WinPatrol: 05/10/2011 4:33 PM
Click for Plus Info
# Advanced SystemCare Performance Monitor
PMonitor.exe Advanced SystemCare Performance Monitor
Version: 4.0.0.0 Copyright© 2009-2011
Path: C:\PROGRAM FILES\IObit\ADVANCED SYSTEMCARE 4\PMonitor.exe
First Detected by WinPatrol: 06/29/2011 7:47 PM
Click for Plus Info
# Windows Explorer
explorer.exe Windows Explorer
Version: 6.00.2900.5512 © Microsoft Corporation. All rights reserved.
Path: C:\WINDOWS\explorer.exe
First Detected by WinPatrol: 05/10/2011 4:33 PM
Click for Plus Info
# Run a DLL as an App
rundll32.exe Run a DLL as an App
Version: 5.1.2600.5512 © Microsoft Corporation. All rights reserved.
Path: C:\WINDOWS\system32\rundll32.exe
First Detected by WinPatrol: 05/14/2011 6:53 PM
Click for Plus Info
# SMax4PNP MFC Application
smax4pnp.exe SMax4PNP MFC Application
Version: 5, 2, 0, 5 Copyright © 2002-2004 Analog Devices
Path: C:\PROGRAM FILES\ANALOG DEVICES\Core\smax4pnp.exe
First Detected by WinPatrol: 05/10/2011 4:33 PM
Click for Plus Info
# Linksys Wireless Manager
LINKSYSWIRELESSMANAGER.EXE Linksys Wireless Manager
Version: 4.9.09189.0 Copyright © 2002-2009 Cisco Systems, Inc. All rights reserved.
Path: C:\PROGRAM FILES\Linksys\LINKSYS WIRELESS MANAGER\LINKSYSWIRELESSMANAGER.EXE
First Detected by WinPatrol: 05/10/2011 4:33 PM
Click for Plus Info
# WinPatrol [FREE Edition]
WINPATROL.EXE WinPatrol System Monitor
Version: 20.0.2011.2 Copyright © 1997- 2011 BillP Studios
Path: C:\PROGRAM FILES\BILLP STUDIOS\WINPATROL\WINPATROL.EXE
First Detected by WinPatrol: 05/10/2011 4:33 PM
Click for Plus Info
# iBryte Desktop
IBRYTEDESKTOP.EXE iBryte Desktop
Version: 1.0.4134.15602
Path: C:\PROGRAM FILES\iBryte\PLAYBRYTE\IBRYTEDESKTOP.EXE
First Detected by WinPatrol: 06/14/2011 2:30 PM
Click for Plus Info
# hkcmd Module
hkcmd.exe hkcmd Module
Version: 7.0.0.4410 Copyright 1999-2004, Intel Corporation
Path: C:\WINDOWS\system32\hkcmd.exe
First Detected by WinPatrol: 05/10/2011 4:33 PM
Click for Plus Info
# persistence Module
igfxpers.exe persistence Module
Version: 7.0.0.4410 Copyright 1999-2004, Intel Corporation
Path: C:\WINDOWS\system32\igfxpers.exe
First Detected by WinPatrol: 05/10/2011 4:33 PM
Click for Plus Info
# CTF Loader
ctfmon.exe CTF Loader
Version: 5.1.2600.5512 © Microsoft Corporation. All rights reserved.
Path: C:\WINDOWS\system32\ctfmon.exe
First Detected by WinPatrol: 05/10/2011 4:33 PM
Click for Plus Info
# Weather
Weather.exe Version: 6, 8, 0, 6 Copyright © 2001-2009
Path: C:\PROGRAM FILES\AWS\WEATHERBUG\Weather.exe
First Detected by WinPatrol: 06/14/2011 2:45 PM
Click for Plus Info
# Advanced SystemCare 4 Tray
ASCTray.exe Advanced SystemCare 4 Tray
Version: 1.0.0.0 Copyright© 2005-2011
Path: C:\PROGRAM FILES\IObit\ADVANCED SYSTEMCARE 4\ASCTray.exe
First Detected by WinPatrol: 06/29/2011 7:47 PM
Click for Plus Info
# Bonjour Service
MDNSRESPONDER.EXE Bonjour Service
Version: 1,0,2,9 Copyright © 2003-2005 Apple Computer, Inc.
Path: C:\PROGRAM FILES\Bonjour\MDNSRESPONDER.EXE
First Detected by WinPatrol: 05/10/2011 4:33 PM
Click for Plus Info
# Java™ Quick Starter Service
jqs.exe Java™ Quick Starter Service
Version: 6.0.220.4 Copyright © 2010
Path: C:\PROGRAM FILES\Java\jre6\bin\jqs.exe
First Detected by WinPatrol: 06/29/2011 8:36 PM
Click for Plus Info
# Microsoft® Windows Live ID Service
WLIDSVC.EXE Microsoft® Windows Live ID Service
Version: 6.500.3165.0 © Microsoft Corporation. All rights reserved.
Path: C:\PROGRAM FILES\COMMON FILES\MICROSOFT SHARED\WINDOWS LIVE\WLIDSVC.EXE
First Detected by WinPatrol: 05/10/2011 4:33 PM
Click for Plus Info
# Pure Networks Platform Service
nmsrvc.exe Pure Networks Platform Service
Version: 11.0.9154.0 Copyright © 2002-2009 Cisco Systems, Inc. All rights reserved.
Path: C:\PROGRAM FILES\COMMON FILES\PURE NETWORKS SHARED\Platform\nmsrvc.exe
First Detected by WinPatrol: 05/10/2011 4:33 PM
Click for Plus Info
# Microsoft® Windows Live ID Service Monitor
WLIDSVCM.EXE Microsoft® Windows Live ID Service Monitor
Version: 6.500.3165.0 © Microsoft Corporation. All rights reserved.
Path: C:\PROGRAM FILES\COMMON FILES\MICROSOFT SHARED\WINDOWS LIVE\WLIDSVCM.EXE
First Detected by WinPatrol: 05/10/2011 4:33 PM
Click for Plus Info
# Windows Update
wuauclt.exe Windows Update
Version: 7.4.7600.226 © Microsoft Corporation. All rights reserved.
Path: C:\WINDOWS\system32\wuauclt.exe
First Detected by WinPatrol: 05/10/2011 6:39 PM
Click for Plus Info
# igfxsrvc Module
igfxsrvc.exe igfxsrvc Module
Version: 7.0.0.4410 Copyright 1999-2004, Intel Corporation
Path: C:\WINDOWS\system32\igfxsrvc.exe
First Detected by WinPatrol: 05/10/2011 6:24 PM
Click for Plus Info
# WinPatrol [FREE Edition]
WINPATROLEX.EXE WinPatrol Explorer
Version: 20.0.2011.2 Copyright © 2004-2011 BillP Studios
Path: C:\PROGRAM FILES\BILLP STUDIOS\WINPATROL\WINPATROLEX.EXE
First Detected by WinPatrol: 05/10/2011 4:33 PM
Click for Plus Info
• Scheduled Tasks •
# GoogleUpdateTaskMachineCore.job
GoogleUpdate.exe Google Installer
Version: 1.2.183.9 Copyright 2007-2009 Google Inc.
Path: C:\Program Files\Google\Update\GoogleUpdate.exe
First Detected by WinPatrol: 05/10/2011 4:32 PM
07/11/2011 7:56 PM
Location: "HKLM\"
Click for Plus Info
# DriverCure.job
DriverCure.exe DriverCure
Version: 1.6.1.2 © ParetoLogic. All rights reserved.
Path: C:\Program Files\ParetoLogic\DriverCure\DriverCure.exe
First Detected by WinPatrol: 05/10/2011 4:32 PM
07/11/2011 3:22 AM
Location: "HKLM\"
Click for Plus Info
# Auslogics Disk Defrag Disk Defrag Start On Windows Logon.job
DiskDefrag.exe Disk Defrag
Version: 5.x 2007-2010@Auslogics Software Pty Ltd
Path: C:\Program Files\Auslogics\Auslogics Disk Defrag\DiskDefrag.exe
First Detected by WinPatrol: 05/10/2011 4:32 PM
07/11/2011 9:27 AM
Location: "HKLM\"
Click for Plus Info
# Auslogics Disk Defrag Disk Defrag Console Defragmentation.job
cdefrag.exe
Path: C:\Program Files\Auslogics\Auslogics Disk Defrag\cdefrag.exe
First Detected by WinPatrol: 05/10/2011 4:32 PM
07/11/2011 4:29 AM
Location: "HKLM\"
Click for Plus Info
# ASC4_PerformanceMonitor.job
PMonitor.exe Advanced SystemCare Performance Monitor
Version: 4.0.0.0 Copyright© 2009-2011
Path: C:\Program Files\IObit\Advanced SystemCare 4\PMonitor.exe
First Detected by WinPatrol: 06/29/2011 8:29 PM
07/11/2011 9:27 AM
Location: "HKLM\"
Click for Plus Info
# SmartDefrag.job
IObit SmartDefrag.exe
Path: C:\Program Files\IObit\IObit SmartDefrag\IObit SmartDefrag.exe
First Detected by WinPatrol: 05/10/2011 4:32 PM
06/19/2011 10:00 PM
Location: "HKLM\"
Click for Plus Info
# ParetoLogic Update Version2.job
Pareto_Update.exe ParetoLogic Update Application
Version: 2, 3, 0, 8 Copyright © 2008 ParetoLogic Company
Path: C:\Program Files\Common Files\ParetoLogic\UUS2\Pareto_Update.exe
First Detected by WinPatrol: 05/10/2011 4:32 PM
07/09/2011 2:18 AM
Location: "HKLM\"
Click for Plus Info
# ParetoLogic Registration3.job
rundll32.exe Run a DLL as an App
Version: 5.1.2600.5512 © Microsoft Corporation. All rights reserved.
Path: C:\WINDOWS\system32\rundll32.exe
First Detected by WinPatrol: 05/10/2011 4:32 PM
07/11/2011 6:00 PM
Location: "HKLM\"
Click for Plus Info
# ParetoLogic Registration.job
rundll32.exe Run a DLL as an App
Version: 5.1.2600.5512 © Microsoft Corporation. All rights reserved.
Path: C:\WINDOWS\system32\rundll32.exe
First Detected by WinPatrol: 05/10/2011 4:32 PM
07/11/2011 6:00 PM
Location: "HKLM\"
Click for Plus Info
# GoogleUpdateTaskMachineUA.job
GoogleUpdate.exe Google Installer
Version: 1.2.183.9 Copyright 2007-2009 Google Inc.
Path: C:\Program Files\Google\Update\GoogleUpdate.exe
First Detected by WinPatrol: 05/10/2011 4:32 PM
07/11/2011 9:56 PM
Location: "HKLM\"
Click for Plus Info
# User_Feed_Synchronization-{312FB2DC-2ED8-4BE7-8309-5D9B7461C2BE}.job
msfeedssync.exe Microsoft Feeds Synchronization
Version: 8.00.6001.18702 © Microsoft Corporation. All rights reserved.
Path: C:\WINDOWS\system32\msfeedssync.exe
First Detected by WinPatrol: 05/10/2011 4:32 PM
07/11/2011 7:49 PM
Location: "HKLM\"
Click for Plus Info
• IE Helpers •
# Shop To Win
Shop to Win 9.dll Shop To Win
Version: 1, 0, 0, 1 Path: C:\Program Files\Shop to Win 9\Shop to Win 9.dll
First Detected by WinPatrol: 07/11/2011 10:43 PM
1, 0, 0, 1
Click for Plus Info
# AcroIEHelper Library
AcroIEHelper.dll Adobe Acrobat IE Helper Version 6.0 for ActivieX
Version: 6, 0, 0, 0 Copyright 1984-2003 Adobe Systems Incorporated and its licensors. All rights reserved.
Path: C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
First Detected by WinPatrol: 05/10/2011 4:32 PM
6, 0, 0, 0
Click for Plus Info
# Shop To Win
Shop to Win 12.dll Shop To Win
Version: 1, 0, 0, 1 Path: C:\Program Files\Shop to Win 12\Shop to Win 12.dll
First Detected by WinPatrol: 06/14/2011 2:30 PM
1, 0, 0, 1
Click for Plus Info
# lplaytl.dll
lplaytl.dll
Path: C:\Program Files\LivingPlay\lplaytl.dll
First Detected by WinPatrol: 06/14/2011 2:45 PM
Click for Plus Info
# livingplaylib32.dll
livingplaylib32.dll
Path: C:\Program Files\LivingPlay\livingplaylib32.dll
First Detected by WinPatrol: 06/14/2011 2:45 PM
Click for Plus Info
# Norton Confidential
coieplg.dll coIEPlugIn
Version: 2011.6.0.16 Copyright © 2010 Symantec Corporation. All rights reserved.
Path: C:\Program Files\Norton 360\Engine\5.1.0.29\coieplg.dll
First Detected by WinPatrol: 07/11/2011 10:43 PM
2011.6.0.16
Click for Plus Info
# Microsoft® .NET Framework
mscoree.dll Microsoft .NET Runtime Execution Engine
Version: 4.0.31106.0 © Microsoft Corporation. All rights reserved.
Path: mscoree.dll
First Detected by WinPatrol: 06/29/2011 8:01 PM
4.0.31106.0
Click for Plus Info
# Symantec Intrusion Detection
ipsbho.dll IPS Browser Helper DLL
Version: 9.8 Copyright © 2010 Symantec Corporation
Path: C:\Program Files\Norton 360\Engine\5.1.0.29\ips\ipsbho.dll
First Detected by WinPatrol: 07/11/2011 10:43 PM
9.8
Click for Plus Info
# Background Changer
bho_project.dll Version: 1.0.0.1 All rights reserved.
Path: C:\Program Files\Object\bho_project.dll
First Detected by WinPatrol: 06/29/2011 9:53 PM
1.0.0.1
Click for Plus Info
# Microsoft® Windows Live ID
WindowsLiveLogin.dll Microsoft® Windows Live ID Login Helper
Version: 6.500.3165.0 © Microsoft Corporation. All rights reserved.
Path: C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
First Detected by WinPatrol: 05/10/2011 4:32 PM
6.500.3165.0
Click for Plus Info
# SearchToolbar
SearchToolbar.dll Version: 1.1
Path: C:\Program Files\Search Toolbar\SearchToolbar.dll
First Detected by WinPatrol: 06/14/2011 2:45 PM
1.1
Click for Plus Info
# COMPANYVERS_NAME Search Assistant for Internet Explorer
4nSrcAs.dll COMPANYVERS_NAME Search Assistant
Version: 1, 2, 3, 1 Copyright © 2009, 2010, 2011
Path: C:\Program Files\ConservativeTalkNow_4n\bar\1.bin\4nSrcAs.dll
First Detected by WinPatrol: 06/14/2011 1:52 PM
1, 2, 3, 1
Click for Plus Info
# Compete DCA
dca-bho.dll Compete DCA Browser Helper Object
Version: 1.2.0.3569 © Compete, Inc. All rights reserved.
Path: C:\Program Files\Common Files\FreeCause\DCA\dca-bho.dll
First Detected by WinPatrol: 06/16/2011 10:32 PM
1.2.0.3569
Click for Plus Info
# Java™ Platform SE 6 U22
jp2ssv.dll Java™ Platform SE binary
Version: 6.0.220.4 Copyright © 2010
Path: C:\Program Files\Java\jre6\bin\jp2ssv.dll
First Detected by WinPatrol: 06/29/2011 8:36 PM
6.0.220.4
Click for Plus Info
# MindSpark Toolbar Platform for Internet Explorer and Firefox
4nbar.dll MindSpark Toolbar Platform
Version: 2, 3, 85, 9 Copyright © 2009, 2010, 2011
Path: C:\Program Files\ConservativeTalkNow_4n\bar\1.bin\4nbar.dll
First Detected by WinPatrol: 06/14/2011 1:52 PM
2, 3, 85, 9
Click for Plus Info
# Java™ Platform SE 6 U22
jqs_plugin.dll Java™ Quick Starter binary
Version: 6.0.220.4 Copyright © 2010
Path: C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
First Detected by WinPatrol: 07/11/2011 10:43 PM
6.0.220.4
Click for Plus Info
# ToolBand Module
DTToolbar.dll ToolBand Module
Version: 1,1,0,0283 Copyright 2001
Path: C:\Program Files\DAEMON Tools Toolbar\DTToolbar.dll
First Detected by WinPatrol: 05/10/2011 4:32 PM
1,1,0,0283
Click for Plus Info
# MindSpark Toolbar Platform for Internet Explorer and Firefox
4nbar.dll MindSpark Toolbar Platform
Version: 2, 3, 85, 9 Copyright © 2009, 2010, 2011
Path: C:\Program Files\ConservativeTalkNow_4n\bar\1.bin\4nbar.dll
First Detected by WinPatrol: 06/14/2011 1:52 PM
2, 3, 85, 9
Click for Plus Info
# Inbox Toolbar
Inbox.dll Inbox Toolbar Browser Object
Version: 1.2.0.184 © Inbox.com, Inc.
Path: C:\Program Files\Inbox Toolbar\Inbox.dll
First Detected by WinPatrol: 06/14/2011 2:20 PM
1.2.0.184
Click for Plus Info
# Microsoft® .NET Framework
mscoree.dll Microsoft .NET Runtime Execution Engine
Version: 4.0.31106.0 © Microsoft Corporation. All rights reserved.
Path: mscoree.dll
First Detected by WinPatrol: 06/29/2011 8:01 PM
4.0.31106.0
Click for Plus Info
# SearchToolbar
SearchToolbar.dll Version: 1.1
Path: C:\Program Files\Search Toolbar\SearchToolbar.dll
First Detected by WinPatrol: 06/14/2011 2:45 PM
1.1
Click for Plus Info
# Norton Confidential
coieplg.dll coIEPlugIn
Version: 2011.6.0.16 Copyright © 2010 Symantec Corporation. All rights reserved.
Path: C:\Program Files\Norton 360\Engine\5.1.0.29\coieplg.dll
First Detected by WinPatrol: 07/11/2011 10:43 PM
2011.6.0.16
Click for Plus Info
# Research
C:\PROGRA~1\MICROS~2\OFFICE11\REFBARH.ICO
Click for Plus Info
• File Types •
# MS-DOS Batch File
%1 %*
Path: %1 %*
.BAT
Startup Type: batfile
Click for Plus Info
# Cabinet File
Explorer.exe /idlist,%I,%L Windows Explorer
Version: 6.00.2900.5512 © Microsoft Corporation. All rights reserved.
Path: C:\WINDOWS\Explorer.exe /idlist,%I,%L
.CAB
Startup Type: CLSID\{0CD7A5C0-9F37-11CE-AE65-08002B2E1262}
Click for Plus Info
# Security Catalog
rundll32.exe cryptext.dll,CryptExtOpenCAT %1 Run a DLL as an App
Version: 5.1.2600.5512 © Microsoft Corporation. All rights reserved.
Path: rundll32.exe cryptext.dll,CryptExtOpenCAT %1
.CAT
Startup Type: CATFile
Click for Plus Info
# Compiled HTML Help file
hh.exe %1 Microsoft® HTML Help Executable
Version: 5.2.3790.2453 © Microsoft Corporation. All rights reserved.
Path: C:\WINDOWS\hh.exe %1
.CHM
Startup Type: chm.file
Click for Plus Info
# MS-DOS Application
%1 %*
Path: %1 %*
.COM
Startup Type: comfile
Click for Plus Info
# Windows NT Command Script
%1 %*
Path: %1 %*
.CMD
Startup Type: cmdfile
Click for Plus Info
# Microsoft Word Document
WINWORD.EXE /n /dde Microsoft Office Word
Version: 11.0.5604 Copyright © 1983-2003 Microsoft Corporation. All rights reserved.
Path: C:\Program Files\Microsoft Office\OFFICE11\WINWORD.EXE /n /dde
.DOC
Startup Type: Word.Document.8
Click for Plus Info
# Outlook Express Mail Message
msimn.exe /eml:%1 Outlook Express
Version: 6.00.2900.5512 © 2004 Microsoft Corporation. All rights reserved.
Path: C:\Program Files\Outlook Express\msimn.exe /eml:%1
.EML
Startup Type: Microsoft Internet Mail Message
Click for Plus Info
# Application
%1 %*
Path: %1 %*
.EXE
Startup Type: exefile
Click for Plus Info
# Setup Information
NOTEPAD.EXE %1 Notepad
Version: 5.1.2600.5512 © Microsoft Corporation. All rights reserved.
Path: C:\WINDOWS\System32\NOTEPAD.EXE %1
.INF
Startup Type: inffile
Click for Plus Info
# JScript Script File
WScript.exe %1 %* Microsoft ® Windows Based Script Host
Version: 5.7.0.18066 Copyright © Microsoft Corp. 1996-2006, All Rights Reserved
Path: C:\WINDOWS\System32\WScript.exe %1 %*
.JS
Startup Type: JSFile
Click for Plus Info
# Text Document
NOTEPAD.EXE %1 Notepad
Version: 5.1.2600.5512 © Microsoft Corporation. All rights reserved.
Path: C:\WINDOWS\system32\NOTEPAD.EXE %1
.LOG
Startup Type: txtfile
Click for Plus Info
# Windows Installer Package
msiexec.exe /i %1 %* Windows® installer
Version: 3.1.4001.5512 © Microsoft Corporation. All rights reserved.
Path: C:\WINDOWS\System32\msiexec.exe /i %1 %*
.MSI
Startup Type: Msi.Package
Click for Plus Info
# Outlook Item
OUTLOOK.EXE /f %1 Microsoft Office Outlook
Version: 11.0.5510 Copyright © 1995-2003 Microsoft Corporation. All rights reserved.
Path: C:\Program Files\Microsoft Office\OFFICE11\OUTLOOK.EXE /f %1
.MSG
Startup Type: msgfile
Click for Plus Info
# MP3 Audio File
mpc-hc.exe %1 Media Player Classic - Home Cinema
Version: 1, 5, 0, 2827 Copyright © 2002-2011 see AUTHORS file
Path: C:\Program Files\K-Lite Codec Pack\Media Player Classic\mpc-hc.exe %1
.MP3
Startup Type: mplayerc.mp3
Click for Plus Info
# Shortcut to MS-DOS Program
%1 %*
Path: %1 %*
.PIF
Startup Type: piffile
Click for Plus Info
# Registration Entries
regedit.exe %1 Registry Editor
Version: 5.1.2600.5512 © Microsoft Corporation. All rights reserved.
Path: regedit.exe %1
.REG
Startup Type: regfile
Click for Plus Info
# Rich Text Format
WINWORD.EXE /n /dde Microsoft Office Word
Version: 11.0.5604 Copyright © 1983-2003 Microsoft Corporation. All rights reserved.
Path: C:\Program Files\Microsoft Office\OFFICE11\WINWORD.EXE /n /dde
.RTF
Startup Type: Word.RTF.8
Click for Plus Info
# Screen Saver
%1 /S
Path: %1 /S
.SCR
Startup Type: scrfile
Click for Plus Info
# Text Document
NOTEPAD.EXE %1 Notepad
Version: 5.1.2600.5512 © Microsoft Corporation. All rights reserved.
Path: C:\WINDOWS\system32\NOTEPAD.EXE %1
.TXT
Startup Type: txtfile
Click for Plus Info
# Internet Shortcut
ieframe.dll,OpenURL %l Run a DLL as an App
Version: 5.1.2600.5512 © Microsoft Corporation. All rights reserved.
Path: C:\WINDOWS\system32\rundll32.exe C:\WINDOWS\system32\ieframe.dll,OpenURL %l
.URL
Startup Type: InternetShortcut
Click for Plus Info
# VBScript Script File
WScript.exe %1 %* Microsoft ® Windows Based Script Host
Version: 5.7.0.18066 Copyright © Microsoft Corp. 1996-2006, All Rights Reserved
Path: C:\WINDOWS\System32\WScript.exe %1 %*
.VBS
Startup Type: VBSFile
Click for Plus Info
# VBScript Encoded Script File
WScript.exe %1 %* Microsoft ® Windows Based Script Host
Version: 5.7.0.18066 Copyright © Microsoft Corp. 1996-2006, All Rights Reserved
Path: C:\WINDOWS\System32\WScript.exe %1 %*
.VBE
Startup Type: VBEFile
Click for Plus Info
# Windows Script File
WScript.exe %1 %* Microsoft ® Windows Based Script Host
Version: 5.7.0.18066 Copyright © Microsoft Corp. 1996-2006, All Rights Reserved
Path: C:\WINDOWS\System32\WScript.exe %1 %*
.WSF
Startup Type: WSFFile
Click for Plus Info
# Windows Script Host Settings File
WScript.exe %1 %* Microsoft ® Windows Based Script Host
Version: 5.7.0.18066 Copyright © Microsoft Corp. 1996-2006, All Rights Reserved
Path: C:\WINDOWS\System32\WScript.exe %1 %*
.WSH
Startup Type: WSHFile
Click for Plus Info
# Microsoft Excel Worksheet
EXCEL.EXE /e Microsoft Office Excel
Version: 11.0.5612 Copyright © 1985-2003 Microsoft Corporation. All rights reserved.
Path: C:\Program Files\Microsoft Office\OFFICE11\EXCEL.EXE /e
.XLS
Startup Type: Excel.Sheet.8
Click for Plus Info
• Services •
# ASCSERVICE.EXE
Advanced SystemCare Service
Version: 1.0.0.0 Copyright© 2009-2010
Path: C:\PROGRAM FILES\IObit\ADVANCED SYSTEMCARE 4\ASCSERVICE.EXE
First Detected by WinPatrol: 06/29/2011 7:47 PM
Created: 06/29/2011 7:46 PM
Accessed: 07/11/2011 10:45 PM
Written: 05/28/2011 2:46 PM
File Size: 353,280 Bytes
Click for Plus Info
# MDNSRESPONDER.EXE
Bonjour Service
Version: 1,0,2,9 Copyright © 2003-2005 Apple Computer, Inc.
Path: C:\PROGRAM FILES\Bonjour\MDNSRESPONDER.EXE
First Detected by WinPatrol: 05/10/2011 4:32 PM
Enables hardware devices and software services to automatically configure themselves on the network and advertise their presence, so that users can discover and use those services without any unnecessary manual setup or administration.
Created: 11/28/2005 1:11 PM
Accessed: 07/11/2011 10:45 PM
Written: 11/28/2005 1:11 PM
File Size: 229,376 Bytes
Click for Plus Info
# 4nbarsvc.exe
PRODUCTVERS_TITLE
Version: 2, 3, 0, 0 Copyright © 2009, 2010
Path: C:\Program Files\ConservativeTalkNow_4n\bar\1.bin\4nbarsvc.exe
First Detected by WinPatrol: 06/14/2011 2:23 PM
Created: 06/14/2011 1:49 PM
Accessed: 07/11/2011 10:45 PM
Written: 06/14/2011 1:49 PM
File Size: 42,504 Bytes
Click for Plus Info
# GOOGLEUPDATE.EXE
Google Installer
Version: 1.2.183.9 Copyright 2007-2009 Google Inc.
Path: C:\PROGRAM FILES\Google\Update\GOOGLEUPDATE.EXE
First Detected by WinPatrol: 05/18/2011 8:14 PM
Keeps your Google software up to date. If this service is disabled or stopped, your Google software will not be kept up to date, meaning security vulnerabilities that may arise cannot be fixed and features may not work. This service uninstalls itself when there is no Google software using it.
Created: 12/14/2010 7:34 PM
Accessed: 07/11/2011 10:45 PM
Written: 12/14/2010 7:34 PM
File Size: 135,664 Bytes
Click for Plus Info
# GOOGLEUPDATE.EXE
Google Installer
Version: 1.2.183.9 Copyright 2007-2009 Google Inc.
Path: C:\PROGRAM FILES\Google\Update\GOOGLEUPDATE.EXE
First Detected by WinPatrol: 05/18/2011 8:14 PM
Keeps your Google software up to date. If this service is disabled or stopped, your Google software will not be kept up to date, meaning security vulnerabilities that may arise cannot be fixed and features may not work. This service uninstalls itself when there is no Google software using it.
Created: 12/14/2010 7:34 PM
Accessed: 07/11/2011 10:45 PM
Written: 12/14/2010 7:34 PM
File Size: 135,664 Bytes
Click for Plus Info
# hpqcxs08.dll
HP CUE Context Manager Objects
Version: 090.000.146.000 Copyright © Hewlett-Packard Co. 1995-2005
Path: C:\PROGRAM FILES\HP\DIGITAL IMAGING\bin\hpqcxs08.dll
First Detected by WinPatrol: 05/10/2011 4:32 PM
Created: 03/11/2007 10:24 PM
Accessed: 07/11/2011 10:45 PM
Written: 03/11/2007 10:24 PM
File Size: 217,088 Bytes
Click for Plus Info
# IDriverT.exe
IDriverT Module
Version: 11.00 Copyright © 2005 Macrovision Corporation
Path: C:\PROGRAM FILES\COMMON FILES\INSTALLSHIELD\Driver\11\Intel 32\IDriverT.exe
First Detected by WinPatrol: 05/10/2011 4:32 PM
Provides support for the Running Object Table for InstallShield Drivers
Created: 04/04/2005 1:41 AM
Accessed: 07/11/2011 10:45 PM
Written: 04/04/2005 1:41 AM
File Size: 69,632 Bytes
Click for Plus Info
# jqs.exe
Java™ Quick Starter Service
Version: 6.0.220.4 Copyright © 2010
Path: C:\PROGRAM FILES\Java\jre6\bin\jqs.exe
First Detected by WinPatrol: 06/29/2011 8:33 PM
Prefetches JRE files for faster startup of Java applets and applications
Created: 06/29/2011 8:32 PM
Accessed: 07/11/2011 10:45 PM
Written: 06/29/2011 8:32 PM
File Size: 153,376 Bytes
Click for Plus Info
# ccsvchst.exe
Path: C:\PROGRAM FILES\NORTON 360\Engine\5.1.0.29\ccsvchst.exe
First Detected by WinPatrol: 07/11/2011 10:44 PM
Norton 360
Created:
Accessed:
Written:
File Size: Bytes
Click for Plus Info
# nmsrvc.exe
Pure Networks Platform Service
Version: 11.0.9154.0 Copyright © 2002-2009 Cisco Systems, Inc. All rights reserved.
Path: C:\PROGRAM FILES\COMMON FILES\PURE NETWORKS SHARED\Platform\nmsrvc.exe
First Detected by WinPatrol: 05/10/2011 4:32 PM
Enables Pure Networks Platform services such as file sharing, printer sharing, and network monitoring.
Created: 06/18/2009 3:41 PM
Accessed: 07/11/2011 10:45 PM
Written: 06/18/2009 3:41 PM
File Size: 647,216 Bytes
Click for Plus Info
• Hidden Files •
# boot
boot.ini
Path: C:\boot.ini
First Detected by WinPatrol: 05/10/2011 4:33 PM
Click for Plus Info
# IO
IO.SYS
Path: C:\IO.SYS
First Detected by WinPatrol: 05/10/2011 4:33 PM
Click for Plus Info
# MSDOS
MSDOS.SYS
Path: C:\MSDOS.SYS
First Detected by WinPatrol: 05/10/2011 4:33 PM
Click for Plus Info
# NTDETECT
NTDETECT.COM
Path: C:\NTDETECT.COM
First Detected by WinPatrol: 05/10/2011 4:33 PM
Click for Plus Info
# n
ntldr
Path: C:\ntldr
First Detected by WinPatrol: 05/10/2011 4:33 PM
Click for Plus Info
# pagefile
pagefile.sys
Path: C:\pagefile.sys
Click for Plus Info
# ~$erything American Revolution by Daniel P. Murphy, Ph.D
~$erything American Revolution by Daniel P. Murphy, Ph.D.doc
Path: C:\~$erything American Revolution by Daniel P. Murphy, Ph.D.doc
Click for Plus Info
# QTFont
QTFont.qfn
Path: C:\WINDOWS\QTFont.qfn
Click for Plus Info
# WindowsShell.Mani
WindowsShell.Manifest
Path: C:\WINDOWS\WindowsShell.Manifest
First Detected by WinPatrol: 05/10/2011 4:33 PM
Click for Plus Info
# winnt
winnt.bmp
Path: C:\WINDOWS\winnt.bmp
First Detected by WinPatrol: 05/10/2011 4:33 PM
Click for Plus Info
# winnt256
winnt256.bmp
Path: C:\WINDOWS\winnt256.bmp
First Detected by WinPatrol: 05/10/2011 4:33 PM
Click for Plus Info
# jxjp
jxjppeha
Path: C:\WINDOWS\system32\config\jxjppeha
Click for Plus Info
# filelist
filelist.xml
Path: C:\WINDOWS\system32\Restore\filelist.xml
First Detected by WinPatrol: 05/10/2011 4:33 PM
Click for Plus Info
• ActiveX •
# QuickTime Object
QTPlugin.ocx The QuickTime Control allows you to view a wide variety of multimedia content in web pages.
Version: QuickTime 7.0.4 Copyright Apple Computer, Inc. 1989-2006
Path: C:\PROGRAM FILES\QUICKTIME\QTPlugin.ocx
QuickTime 7.0.4
Click for Plus Info
# Inbox
Inbox.dll Inbox Toolbar Browser Object
Version: 1.2.0.184 © Inbox.com, Inc.
Path: C:\Program Files\Inbox Toolbar\Inbox.dll
1.2.0.184
Click for Plus Info
# Windows Genuine Advantage Validation Tool
LEGITCHECKCONTROL.DLL Windows Genuine Advantage Validation
Version: 1.9.0040.0 © 1995-2009 Microsoft Corporation
Path: C:\WINDOWS\system32\LEGITCHECKCONTROL.DLL
1.9.0040.0
Click for Plus Info
# Windows Media Player
msdxm.ocx
Path: C:\WINDOWS\system32\msdxm.ocx
Click for Plus Info
# HTML Document
mshtml.dll Microsoft ® HTML Viewer
Version: 8.00.6001.19088 © Microsoft Corporation. All rights reserved.
Path: C:\WINDOWS\system32\mshtml.dll
8.00.6001.19088
Click for Plus Info
# XML DOM Document
msxml3.dll MSXML 3.0 SP10
Version: 8.100.1052.0 Copyright © Microsoft Corporation. 1981-2007
Path: C:\WINDOWS\system32\msxml3.dll
8.100.1052.0
Click for Plus Info
# DHTML Edit Control Safe for Scripting for IE5
dhtmled.ocx Microsoft ® Dynamic HTML Editing Control
Version: 6.01.9247 Copyright © Microsoft Corp. 1998
Path: C:\PROGRAM FILES\COMMON FILES\MICROSOFT SHARED\Triedit\dhtmled.ocx
6.01.9247
Click for Plus Info
# XML Document
msxml3.dll MSXML 3.0 SP10
Version: 8.100.1052.0 Copyright © Microsoft Corporation. 1981-2007
Path: C:\WINDOWS\system32\msxml3.dll
8.100.1052.0
Click for Plus Info
# Microsoft Terminal Services Client Control (redist)
mstscax.dll Terminal Services ActiveX Client
Version: 6.0.6001.18589 © Microsoft Corporation. All rights reserved.
Path: C:\WINDOWS\system32\mstscax.dll
6.0.6001.18589
Click for Plus Info
# Microsoft Terminal Services Client Control (redist)
mstscax.dll Terminal Services ActiveX Client
Version: 6.0.6001.18589 © Microsoft Corporation. All rights reserved.
Path: C:\WINDOWS\system32\mstscax.dll
6.0.6001.18589
Click for Plus Info
# WUWebControl Class
wuweb.dll Windows Update Web Control
Version: 7.4.7600.226 © Microsoft Corporation. All rights reserved.
Path: C:\WINDOWS\system32\wuweb.dll
7.4.7600.226
Click for Plus Info
# Microsoft Shell UI Helper
ieframe.dll Internet Explorer
Version: 8.00.6001.19072 © Microsoft Corporation. All rights reserved.
Path: C:\WINDOWS\system32\ieframe.dll
8.00.6001.19072
Click for Plus Info
# Windows Media Player
wmp.dll Windows Media Player Core
Version: 9.00.00.4510 © Microsoft Corporation. All rights reserved.
Path: C:\WINDOWS\system32\wmp.dll
9.00.00.4510
Click for Plus Info
# Active Desktop Mover
shell32.dll Windows Shell Common Dll
Version: 6.00.2900.6072 © Microsoft Corporation. All rights reserved.
Path: C:\WINDOWS\system32\shell32.dll
6.00.2900.6072
Click for Plus Info
# Microsoft Terminal Services Client Control (redist)
mstscax.dll Terminal Services ActiveX Client
Version: 6.0.6001.18589 © Microsoft Corporation. All rights reserved.
Path: C:\WINDOWS\system32\mstscax.dll
6.0.6001.18589
Click for Plus Info
# 4nSrcAs
4nSrcAs.dll COMPANYVERS_NAME Search Assistant
Version: 1, 2, 3, 1 Copyright © 2009, 2010, 2011
Path: C:\PROGRAM FILES\CONSERVATIVETALKNOW_4N\bar\1.bin\4nSrcAs.dll
1, 2, 3, 1
Click for Plus Info
# Microsoft Terminal Services Client Control (redist)
mstscax.dll Terminal Services ActiveX Client
Version: 6.0.6001.18589 © Microsoft Corporation. All rights reserved.
Path: C:\WINDOWS\system32\mstscax.dll
6.0.6001.18589
Click for Plus Info
# Microsoft Web Browser
ieframe.dll Internet Explorer
Version: 8.00.6001.19072 © Microsoft Corporation. All rights reserved.
Path: C:\WINDOWS\system32\ieframe.dll
8.00.6001.19072
Click for Plus Info
# XML DOM Document 4.0
msxml4.dll MSXML 4.0 SP 2
Version: 4.20.9876.0 Copyright © Microsoft Corporation. 1981-2002
Path: C:\WINDOWS\system32\msxml4.dll
4.20.9876.0
Click for Plus Info
# XML HTTP 4.0
msxml4.dll MSXML 4.0 SP 2
Version: 4.20.9876.0 Copyright © Microsoft Corporation. 1981-2002
Path: C:\WINDOWS\system32\msxml4.dll
4.20.9876.0
Click for Plus Info
# XML DOM Document 6.0
msxml6.dll MSXML 6.0 SP2
Version: 6.20.1103.0 Copyright © Microsoft Corporation. 1981-2007
Path: C:\WINDOWS\system32\msxml6.dll
6.20.1103.0
Click for Plus Info
# XML HTTP 6.0
msxml6.dll MSXML 6.0 SP2
Version: 6.20.1103.0 Copyright © Microsoft Corporation. 1981-2007
Path: C:\WINDOWS\system32\msxml6.dll
6.20.1103.0
Click for Plus Info
# Microsoft Terminal Services Client Control (redist)
mstscax.dll Terminal Services ActiveX Client
Version: 6.0.6001.18589 © Microsoft Corporation. All rights reserved.
Path: C:\WINDOWS\system32\mstscax.dll
6.0.6001.18589
Click for Plus Info
# ConservativeTalkNow_4n HTML
4nhtml.dll PRODUCTVERS_TITLE Html Player
Version: 2, 3, 0, 0 Copyright © 2000, 2001, 2002, 2003, 2004, 2005, 2006, 2007, 2008, 2009, 2010, 2011
Path: C:\PROGRAM FILES\CONSERVATIVETALKNOW_4N\bar\1.bin\4nhtml.dll
2, 3, 0, 0
Click for Plus Info
# Google Update Plugin
NPGOOGLEUPDATE3.DLL Google Update
Version: 1.3.21.57 Copyright 2007-2010 Google Inc.
Path: C:\PROGRAM FILES\Google\Update\1.3.21.57\NPGOOGLEUPDATE3.DLL
1.3.21.57
Click for Plus Info
# Adobe Acrobat Control for ActiveX
pdf.ocx Adobe Acrobat Control Version 6.0 for ActiveX
Version: 6.0.1.2003110300 Copyright 1984-2003 Adobe Systems Incorporated and its licensors. All rights reserved.
Path: C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\pdf.ocx
6.0.1.2003110300
Click for Plus Info
# Deployment Toolkit
DEPLOYJAVA1.DLL Java™ Platform SE binary
Version: 6.0.220.4 Copyright © 2010
Path: C:\WINDOWS\system32\DEPLOYJAVA1.DLL
6.0.220.4
Click for Plus Info
# AUDIO__X_MS_WMA Moniker Class
wmp.dll Windows Media Player Core
Version: 9.00.00.4510 © Microsoft Corporation. All rights reserved.
Path: C:\WINDOWS\system32\wmp.dll
9.00.00.4510
Click for Plus Info
# VIDEO__X_MS_WMV Moniker Class
wmp.dll Windows Media Player Core
Version: 9.00.00.4510 © Microsoft Corporation. All rights reserved.
Path: C:\WINDOWS\system32\wmp.dll
9.00.00.4510
Click for Plus Info
# Microsoft Url Search Hook
ieframe.dll Internet Explorer
Version: 8.00.6001.19072 © Microsoft Corporation. All rights reserved.
Path: C:\WINDOWS\system32\ieframe.dll
8.00.6001.19072
Click for Plus Info
# Windows Live ID Sign-in Control
WINDOWSLIVELOGIN.DLL Microsoft® Windows Live ID Login Helper
Version: 6.500.3165.0 © Microsoft Corporation. All rights reserved.
Path: C:\PROGRAM FILES\COMMON FILES\MICROSOFT SHARED\WINDOWS LIVE\WINDOWSLIVELOGIN.DLL
6.500.3165.0
Click for Plus Info
# Shockwave Flash Object
Flash10q.ocx Adobe Flash Player 10.3 r181
Version: 10,3,181,14 Path: C:\WINDOWS\system32\Macromed\Flash\Flash10q.ocx
10,3,181,14
Click for Plus Info
# QuickTimeCheck Class
QUICKTIMECHECK.OCX QuickTimeCheck Scriptable Object
Version: QuickTime 7.0.4 Copyright Apple Computer, Inc. 1989-2006
Path: C:\PROGRAM FILES\QUICKTIME\QTSystem\QUICKTIMECHECK.OCX
QuickTime 7.0.4
Click for Plus Info
# Microsoft Silverlight
npctrl.dll 3.0.40818.0
Version: 3.0.40818.0 © Microsoft Corporation. All rights reserved.
Path: C:\PROGRAM FILES\MICROSOFT SILVERLIGHT\3.0.40818.0\npctrl.dll
3.0.40818.0
Click for Plus Info
# 4nbar
4nbar.dll MindSpark Toolbar Platform
Version: 2, 3, 85, 9 Copyright © 2009, 2010, 2011
Path: C:\PROGRAM FILES\CONSERVATIVETALKNOW_4N\bar\1.bin\4nbar.dll
2, 3, 85, 9
Click for Plus Info
# XML HTTP Request
msxml3.dll MSXML 3.0 SP10
Version: 8.100.1052.0 Copyright © Microsoft Corporation. 1981-2007
Path: C:\WINDOWS\system32\msxml3.dll
8.100.1052.0
Click for Plus Info
# XML DOM Document 3.0
msxml3.dll MSXML 3.0 SP10
Version: 8.100.1052.0 Copyright © Microsoft Corporation. 1981-2007
Path: C:\WINDOWS\system32\msxml3.dll
8.100.1052.0
Click for Plus Info
# XML DOM Document
msxml3.dll MSXML 3.0 SP10
Version: 8.100.1052.0 Copyright © Microsoft Corporation. 1981-2007
Path: C:\WINDOWS\system32\msxml3.dll
8.100.1052.0
Click for Plus Info
# XML HTTP
msxml3.dll MSXML 3.0 SP10
Version: 8.100.1052.0 Copyright © Microsoft Corporation. 1981-2007
Path: C:\WINDOWS\system32\msxml3.dll
8.100.1052.0
Click for Plus Info
CKScanner - Additional Security Risks - These are not necessarily bad
c:\program files\nero\nero photoshow 4\data\app\simplestar\data\shared\music\rock\crackthesky_mind.swf
c:\program files\nero\nero photoshow 4\data\app\simplestar\data\shared\music\rock\crackthesky_mind_image.swf
scanner sequence 3.AA.11.DGAPFC
----- EOF -----
GMER 1.0.15.15640 - http://www.gmer.net
Rootkit quick scan 2011-07-12 15:31:14
Windows 5.1.2600 Service Pack 3 Harddisk0\DR0 -> \Device\Ide\IdeDeviceP2T0L0-17 WDC_WD800JD-75MSA1 rev.10.01E01
Running: gmer.exe; Driver: C:\DOCUME~1\user\LOCALS~1\Temp\kwpdyfog.sys
---- Disk sectors - GMER 1.0.15 ----
Disk \Device\Harddisk0\DR0 MBR read error
Disk \Device\Harddisk0\DR0 MBR BIOS signature not found 0
---- System - GMER 1.0.15 ----
SSDT spul.sys ZwEnumerateKey [0xF7484DA4] <-- ROOTKIT !!!
SSDT spul.sys ZwEnumerateValueKey [0xF7485132] <-- ROOTKIT !!!
---- Devices - GMER 1.0.15 ----
Device \Driver\atapi \Device\Ide\IdePort0 [F73C0B40] atapi.sys[unknown section] {MOV EDX, [ESP+0x8]; LEA ECX, [ESP+0x4]; PUSH EAX; MOV EAX, ESP; PUSH EAX}
Device \Driver\atapi \Device\Ide\IdePort1 [F73C0B40] atapi.sys[unknown section] {MOV EDX, [ESP+0x8]; LEA ECX, [ESP+0x4]; PUSH EAX; MOV EAX, ESP; PUSH EAX}
Device \Driver\atapi \Device\Ide\IdeDeviceP0T0L0-4 [F73C0B40] atapi.sys[unknown section] {MOV EDX, [ESP+0x8]; LEA ECX, [ESP+0x4]; PUSH EAX; MOV EAX, ESP; PUSH EAX}
Device \Driver\atapi \Device\Ide\IdePort2 [F73C0B40] atapi.sys[unknown section] {MOV EDX, [ESP+0x8]; LEA ECX, [ESP+0x4]; PUSH EAX; MOV EAX, ESP; PUSH EAX}
Device \Driver\atapi \Device\Ide\IdePort3 [F73C0B40] atapi.sys[unknown section] {MOV EDX, [ESP+0x8]; LEA ECX, [ESP+0x4]; PUSH EAX; MOV EAX, ESP; PUSH EAX}
Device \Driver\atapi \Device\Ide\IdeDeviceP0T1L0-c [F73C0B40] atapi.sys[unknown section] {MOV EDX, [ESP+0x8]; LEA ECX, [ESP+0x4]; PUSH EAX; MOV EAX, ESP; PUSH EAX}
Device \Driver\atapi \Device\Ide\IdeDeviceP2T0L0-17 [F73C0B40] atapi.sys[unknown section] {MOV EDX, [ESP+0x8]; LEA ECX, [ESP+0x4]; PUSH EAX; MOV EAX, ESP; PUSH EAX}
Device \FileSystem\Ntfs \Ntfs 867601F8
AttachedDevice \FileSystem\Ntfs \Ntfs aswMon2.SYS (avast! File System Filter Driver for Windows XP/AVAST Software)
AttachedDevice \Driver\Tcpip \Device\Ip SYMTDI.SYS (Network Dispatch Driver/Symantec Corporation)
AttachedDevice \Driver\Tcpip \Device\Ip aswTdi.SYS (avast! TDI Filter Driver/AVAST Software)
AttachedDevice \Driver\Tcpip \Device\Tcp SYMTDI.SYS (Network Dispatch Driver/Symantec Corporation)
AttachedDevice \Driver\Tcpip \Device\Tcp aswTdi.SYS (avast! TDI Filter Driver/AVAST Software)
AttachedDevice \Driver\Tcpip \Device\Udp SYMTDI.SYS (Network Dispatch Driver/Symantec Corporation)
AttachedDevice \Driver\Tcpip \Device\Udp aswTdi.SYS (avast! TDI Filter Driver/AVAST Software)
AttachedDevice \Driver\Tcpip \Device\RawIp SYMTDI.SYS (Network Dispatch Driver/Symantec Corporation)
AttachedDevice \Driver\Tcpip \Device\RawIp aswTdi.SYS (avast! TDI Filter Driver/AVAST Software)
---- Threads - GMER 1.0.15 ----
Thread System [4:220] F77B3D20
Thread System [4:224] F77B3D20
Thread System [4:228] F77866F0
Thread System [4:232] F77866F0
---- Services - GMER 1.0.15 ----
Service (*** hidden *** ) [MANUAL] 1257849909 <-- ROOTKIT !!!
---- EOF - GMER 1.0.15 ----
LockSearch by jpshortstuff (05.11.09.1)
Log created at 15:25 on 12/07/2011 (user)
Scanning C:\
C:\pagefile.sys
-------------------------
C:\Documents and Settings\user\Desktop\Paul-July-12-2011\OTM.exe
-------------------------
C:\Program Files\Alwil Software\Avast5\AvastUI.exe
-------------------------
C:\Program Files\IObit\Advanced SystemCare 4\ASC.exe
-------------------------
C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe
-------------------------
C:\Program Files\Norton 360\Engine\5.1.0.29\ccsvchst.exe
-------------------------
C:\WINDOWS\system32\MRT.exe
-------------------------
C:\WINDOWS\system32\MRT.exe [Unable to get md5 : 47716296 bytes]
C:\WINDOWS\system32\drivers\1257849909.sys
-------------------------
C:\WINDOWS\system32\drivers\1257849909.sys [Unable to get md5 : 25984 bytes]
C:\WINDOWS\system32\drivers\sptd.sys
-------------------------
C:\WINDOWS\system32\drivers\sptd.sys [Unable to get md5 : 691696 bytes]
-=E.O.F=-
error message after infection shutdown malwarebytes "attempt to update malwarebytes after installation led to
"An error has occurred. Please report the error code to our support team. PROGRAM_ERROR_UPDATING (10053, 0, Software caused connection abort) An established connection was aborted by the software in your host machine."
This log file is located at C:\rkill.log.
Please post this only if requested to by the person helping you.
Otherwise you can close this log when you wish.
Rkill was run on 07/12/2011 at 15:35:01.
Operating System: Microsoft Windows XP
Processes terminated by Rkill or while it was running:
\\.\globalroot\Device\svchost.exe\svchost.exe
Rkill completed on 07/12/2011 at 15:35:09.
Rooter.exe (v1.0.2) by Eric_71
.
SeDebugPrivilege granted successfully ...
.
Windows XP . (5.1.2600) Service Pack 3
[32_bits] - x86 Family 15 Model 4 Stepping 3, GenuineIntel
.
[wscsvc] (Security Center) RUNNING (state:4)
[SharedAccess] RUNNING (state:4)
Windows Firewall -> Disabled !
.
Internet Explorer 8.0.6001.18702
Mozilla Firefox 4.0.1 (en-US)
.
A:\ [Removable]
C:\ [Fixed-NTFS] .. ( Total:74 Go - Free:49 Go )
D:\ [CD_Rom]
E:\ [CD_Rom]
.
Scan : 15:22.17
Path : C:\Documents and Settings\user\Desktop\Paul-July-12-2011\Rooter.exe
User : user ( Administrator -> YES )
.
----------------------\\ Processes
.
Locked [System Process] (0)
______ System (4)
______ \SystemRoot\System32\smss.exe (616)
______ \??\C:\WINDOWS\system32\csrss.exe (1012)
______ \??\C:\WINDOWS\system32\winlogon.exe (1036)
______ C:\WINDOWS\system32\services.exe (1080)
______ C:\WINDOWS\system32\lsass.exe (1092)
______ \\.\globalroot\Device\svchost.exe\svchost.exe (1116)
______ C:\WINDOWS\system32\svchost.exe (1260)
______ C:\WINDOWS\system32\svchost.exe (1308)
______ C:\WINDOWS\System32\svchost.exe (1352)
______ C:\WINDOWS\system32\svchost.exe (1432)
______ C:\WINDOWS\system32\spoolsv.exe (1816)
______ C:\Program Files\Auslogics\Auslogics Disk Defrag\DiskDefrag.exe (352)
______ C:\Program Files\IObit\Advanced SystemCare 4\PMonitor.exe (396)
______ C:\WINDOWS\Explorer.EXE (432)
______ C:\Program Files\Analog Devices\Core\smax4pnp.exe (844)
______ C:\Program Files\Pure Networks\Network Magic\nmapp.exe (868)
______ C:\Program Files\Linksys\Linksys Wireless Manager\LinksysWirelessManager.exe (876)
______ C:\Program Files\iBryte\playbryte\ibrytedesktop.exe (884)
______ C:\WINDOWS\system32\hkcmd.exe (908)
______ C:\WINDOWS\system32\igfxpers.exe (916)
______ C:\WINDOWS\system32\ctfmon.exe (940)
______ C:\Program Files\AWS\WeatherBug\Weather.exe (1004)
______ C:\WINDOWS\system32\rundll32.exe (1016)
______ C:\Program Files\IObit\Advanced SystemCare 4\ASCTray.exe (1148)
______ C:\Program Files\Bonjour\mDNSResponder.exe (724)
______ C:\Program Files\Java\jre6\bin\jqs.exe (1460)
______ C:\WINDOWS\system32\svchost.exe (2096)
______ C:\WINDOWS\system32\wdfmgr.exe (2168)
______ C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE (2196)
______ C:\Program Files\Common Files\Pure Networks Shared\Platform\nmsrvc.exe (2252)
______ C:\WINDOWS\system32\wbem\wmiprvse.exe (2564)
______ C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe (3296)
______ C:\WINDOWS\system32\svchost.exe (3952)
______ C:\WINDOWS\System32\alg.exe (3904)
______ C:\WINDOWS\system32\NOTEPAD.EXE (3680)
______ C:\WINDOWS\system32\wuauclt.exe (444)
______ C:\WINDOWS\system32\NOTEPAD.EXE (4040)
______ C:\Documents and Settings\user\Desktop\Paul-July-12-2011\Rooter.exe (4036)
.
----------------------\\ Device\Harddisk0\
.
\Device\Harddisk0 [Sectors : 63 x 512 Bytes]
.
\Device\Harddisk0\Partition1 --[ MBR ]-- (Start_Offset:32256 | Length:79990815744)
.
----------------------\\ Scheduled Tasks
.
C:\WINDOWS\Tasks\ASC4_PerformanceMonitor.job
C:\WINDOWS\Tasks\Auslogics Disk Defrag Disk Defrag Console Defragmentation.job
C:\WINDOWS\Tasks\Auslogics Disk Defrag Disk Defrag Start On Windows Logon.job
C:\WINDOWS\Tasks\desktop.ini
C:\WINDOWS\Tasks\DriverCure.job
C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job
C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job
C:\WINDOWS\Tasks\ParetoLogic Registration.job
C:\WINDOWS\Tasks\ParetoLogic Registration3.job
C:\WINDOWS\Tasks\ParetoLogic Update Version2.job
C:\WINDOWS\Tasks\SA.DAT
C:\WINDOWS\Tasks\SmartDefrag.job
C:\WINDOWS\Tasks\User_Feed_Synchronization-{312FB2DC-2ED8-4BE7-8309-5D9B7461C2BE}.job
.
----------------------\\ Registry
.
.
----------------------\\ Files & Folders
.
----------------------\\ Scan completed at 15:23.26
.
C:\Rooter$\Rooter_1.txt - (12/07/2011 | 15:23.26)
Windows Validation Check
Version: 1.9.12.5
Log Created On: 1528_12-07-2011
-----------------------
Windows Information
-----------------------
Windows Version: Windows XP Service Pack 3
Windows Mode: Normal
Systemroot Path: C:\WINDOWS
WVCheck's Auto Update Check
-----------------------
Auto-Update Option: Download updates and install them automatically.
-----------------------
Last Success Time for Update Detection: 2011-07-12 02:49:18
Last Success Time for Update Download: 2011-07-12 07:00:50
Last Success Time for Update Installation: 2011-07-12 07:00:36
WVCheck's Registry Check Check
-----------------------
Antiwpa: Not Found
-----------------------
Chew7Hale: Not Found
-----------------------
WVCheck's File Dump
-----------------------
WVCheck found no known bad files.
WVCheck's Dir Dump
-----------------------
WVCheck found no known bad directories.
WVCheck's Missing File Check
-----------------------
WVCheck found no missing Windows files.
WVCheck's MBAM Quarantine Check
-----------------------
There were no bad files quarantined by MBAM.
WVCheck's HOSTS File Check
-----------------------
WVCheck found no bad lines in the hosts file.
WVCheck's MD5 Check
EXPERIMENTAL!!
-----------------------
user32.dll - b26b135ff1b9f60c9388b4a7d16f600b
-------- End of File, program close at 1529_12-07-2011 --------
Recommended Software
Page 1 of 1
Infection will not allow many OT? progrms to run
This infection shuts down every scanner tried so far.
Back to top
MultiQuote
Page 1 of 1