Jump to content

Welcome to Geeks to Go - Register now for FREE

Geeks To Go is a helpful hub, where thousands of volunteer geeks quickly serve friendly answers and support. Check out the forums and get free advice from the experts. Register now to gain access to all of our features, it's FREE and only takes one minute. Once registered and logged in, you will be able to create topics, post replies to existing threads, give reputation to your fellow members, get your own private messenger, post status updates, manage your profile and so much more.

Create Account How it Works
Photo

Trojan Horse PSW Onlinegames (amvo.exe infection)


  • Please log in to reply

#1
cirej

cirej

    Member

  • Member
  • PipPip
  • 18 posts
Hi I;m new here and I hope someone could help me

My computer become slower and I noticed is when I go to My computer and click on C: it was always opened in another window even though I have the option checked "Open in same window".
The next weird thing was hidden files and folders.. even if I have checked "show hidden files" it still didnt showed them.
And when I try to log-in on an online game Ragnarok online my keyboard was un-installed...

Thank you in advance for help... I already download and run the combofix and below is the log file copy..

ComboFix 08-03-18.1 - jerionmari 2008-03-19 18:25:58.1 - NTFSx86
Microsoft Windows XP Home Edition 5.1.2600.2.1252.1.1033.18.579 [GMT 8:00]
Running from: C:\Documents and Settings\jerionmari\Desktop\ComboFix.exe
* Created a new restore point

WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\Autorun.inf
C:\WINDOWS\system32\amvo.exe
C:\WINDOWS\system32\amvo0.dll
C:\WINDOWS\system32\amvo1.dll
D:\Autorun.inf

.
((((((((((((((((((((((((( Files Created from 2008-02-19 to 2008-03-19 )))))))))))))))))))))))))))))))
.

2008-03-19 18:06 . 2008-03-19 18:15 <DIR> d-------- C:\WINDOWS\system32\ActiveScan
2008-03-19 18:06 . 2008-03-19 18:06 <DIR> d-------- C:\WINDOWS\LastGood
2008-03-19 18:06 . 2008-03-19 18:06 30,590 --a------ C:\WINDOWS\system32\pavas.ico
2008-03-19 18:06 . 2008-03-19 18:06 2,550 --a------ C:\WINDOWS\system32\Uninstall.ico
2008-03-19 18:06 . 2008-03-19 18:06 1,406 --a------ C:\WINDOWS\system32\Help.ico
2008-03-19 11:36 . 2008-03-19 11:35 99,735 -r-hs---- C:\h6o0re.cmd
2008-03-19 00:41 . 2008-03-19 00:41 69 --a------ C:\WINDOWS\NeroDigital.ini
2008-03-16 11:57 . 2008-03-18 00:01 100,836 -r-hs---- C:\3o.exe
2008-03-15 10:14 . 2008-03-15 10:14 <DIR> d-------- C:\Program Files\Common Files\Nero
2008-03-15 10:13 . 2008-03-15 10:13 <DIR> d-------- C:\Program Files\Common Files\Ahead
2008-03-15 10:13 . 2008-03-15 10:13 <DIR> d-------- C:\Program Files\Ahead
2008-03-15 10:13 . 2004-07-26 17:16 1,568,768 --------- C:\WINDOWS\system32\ImagX7.dll
2008-03-15 10:13 . 2004-07-26 17:16 476,320 --------- C:\WINDOWS\system32\ImagXpr7.dll
2008-03-15 10:13 . 2004-07-26 17:16 471,040 --------- C:\WINDOWS\system32\ImagXRA7.dll
2008-03-15 10:13 . 2004-07-26 17:16 262,144 --------- C:\WINDOWS\system32\ImagXR7.dll
2008-03-15 10:13 . 2001-07-09 11:50 155,648 --a------ C:\WINDOWS\system32\NeroCheck.exe
2008-03-15 10:13 . 2000-06-26 11:45 106,496 --a------ C:\WINDOWS\system32\TwnLib20.dll
2008-03-15 10:07 . 2008-03-15 10:07 <DIR> d-------- C:\Program Files\Windows Media Connect 2
2008-03-15 10:06 . 2008-03-15 10:06 <DIR> d-------- C:\WINDOWS\system32\LogFiles
2008-03-15 10:06 . 2008-03-15 10:06 <DIR> d-------- C:\WINDOWS\system32\drivers\UMDF
2008-03-15 10:06 . 2008-03-15 10:06 <DIR> d-------- C:\a19a70a474e0d07f4bbe
2008-03-15 09:52 . 2008-03-15 09:52 101,166 -r-hs---- C:\cfdflx.com
2008-03-12 11:42 . 2008-03-12 21:37 100,791 -r-hs---- C:\v.cmd
2008-03-11 23:47 . 2008-03-12 09:18 <DIR> d-------- C:\WINDOWS\SxsCaPendDel
2008-03-11 23:47 . 2008-03-11 23:47 <DIR> d-------- C:\Program Files\Common Files\Adobe
2008-03-11 16:00 . 2004-08-03 23:10 61,056 --a------ C:\WINDOWS\system32\drivers\ohci1394.sys
2008-03-11 16:00 . 2004-08-03 23:10 61,056 --a--c--- C:\WINDOWS\system32\dllcache\ohci1394.sys
2008-03-11 16:00 . 2004-08-03 23:10 53,248 --a------ C:\WINDOWS\system32\drivers\1394bus.sys
2008-03-11 16:00 . 2004-08-03 23:10 53,248 --a--c--- C:\WINDOWS\system32\dllcache\1394bus.sys
2008-03-11 16:00 . 2001-08-17 13:46 6,400 --a------ C:\WINDOWS\system32\drivers\enum1394.sys
2008-03-11 16:00 . 2001-08-17 13:46 6,400 --a--c--- C:\WINDOWS\system32\dllcache\enum1394.sys
2008-03-11 12:51 . 2008-03-11 12:51 <DIR> d-------- C:\Program Files\Common Files\INCA Shared
2008-03-10 22:13 . 2008-03-11 10:37 103,034 -r-hs---- C:\b.com
2008-03-06 09:32 . 2008-03-06 09:32 <DIR> d-------- C:\Program Files\NetGames
2008-03-06 09:28 . 2008-03-16 20:20 35 --a------ C:\WINDOWS\Ulead32.INI
2008-03-06 09:26 . 2004-08-03 22:58 15,104 --a------ C:\WINDOWS\system32\drivers\usbscan.sys
2008-03-06 09:26 . 2004-08-03 22:58 15,104 --a--c--- C:\WINDOWS\system32\dllcache\usbscan.sys
2008-03-06 09:20 . 2008-03-06 09:20 <DIR> d-------- C:\Program Files\Microtek
2008-03-06 09:20 . 2008-03-06 09:20 <DIR> d-------- C:\Kpcms
2008-03-06 09:20 . 1998-09-14 08:41 285,216 --a------ C:\WINDOWS\system32\drivers\Onsio.sys
2008-03-06 09:20 . 1998-08-01 12:00 60,928 --a------ C:\WINDOWS\system32\drivers\Smplscsi.sys
2008-03-06 09:20 . 2003-06-11 12:03 15,396 --a------ C:\WINDOWS\system32\Msmusd5.dll
2008-03-06 09:20 . 2001-06-20 15:44 13,962 --a------ C:\WINDOWS\system32\Msmusd6.dll
2008-03-06 09:20 . 2003-07-17 16:12 12,499 --a------ C:\WINDOWS\system32\Msmusd7.dll
2008-03-06 09:20 . 1997-02-14 13:10 7,680 --a------ C:\WINDOWS\system32\drivers\Onsreged.sys
2008-03-06 01:44 . 2008-03-10 22:10 <DIR> d-------- C:\Program Files\Google
2008-03-06 01:44 . 2008-03-06 01:44 <DIR> d-------- C:\Program Files\DivX
2008-03-05 17:56 . 2008-03-05 17:56 <DIR> d-------- C:\Program Files\Dragonfly
2008-03-05 17:56 . 2008-03-05 17:56 <DIR> d-------- C:\Documents and Settings\jerionmari\Application Data\InstallShield
2008-03-05 17:55 . 2008-03-05 17:55 <DIR> d-------- C:\Program Files\uTorrent
2008-03-05 17:55 . 2008-03-15 21:03 <DIR> d-------- C:\Documents and Settings\jerionmari\Application Data\uTorrent
2008-03-05 17:49 . 2008-03-05 17:49 <DIR> d-------- C:\Program Files\AviSynth 2.5
2008-03-05 17:49 . 2004-02-22 10:11 719,872 --a------ C:\WINDOWS\system32\devil.dll
2008-03-05 17:49 . 2006-10-07 17:43 502,784 --a------ C:\WINDOWS\x2.64.exe
2008-03-05 17:49 . 2007-05-14 15:24 394,240 --a------ C:\WINDOWS\system32\Smab.dll
2008-03-05 17:49 . 2007-05-17 17:30 318,976 --a------ C:\WINDOWS\system32\avisynth.dll
2008-03-05 17:49 . 2005-02-28 13:16 240,128 --a------ C:\WINDOWS\system32\x.264.exe
2008-03-05 17:49 . 2006-04-12 09:47 217,073 --a------ C:\WINDOWS\meta4.exe
2008-03-05 17:49 . 2004-01-25 00:00 70,656 --a------ C:\WINDOWS\system32\yv12vfw.dll
2008-03-05 17:49 . 2004-01-25 00:00 70,656 --a------ C:\WINDOWS\system32\i420vfw.dll
2008-03-05 17:49 . 2006-04-05 08:09 66,560 --a------ C:\WINDOWS\MOTA113.exe
2008-03-05 17:49 . 2005-07-14 12:31 27,648 --a------ C:\WINDOWS\system32\AVSredirect.dll
2008-03-05 17:48 . 2008-03-05 17:48 <DIR> d-------- C:\Program Files\eRightSoft
2008-03-05 16:26 . 2004-08-04 20:00 221,184 --a------ C:\WINDOWS\system32\wmpns.dll
2008-03-05 16:02 . 2008-03-06 00:19 <DIR> d-------- C:\Program Files\Java
2008-03-05 16:02 . 2008-03-05 17:47 <DIR> d-------- C:\Documents and Settings\jerionmari\Application Data\LimeWire
2008-03-05 16:02 . 2008-02-22 02:33 69,632 --a------ C:\WINDOWS\system32\javacpl.cpl
2008-03-05 15:59 . 2008-03-05 16:02 <DIR> d-------- C:\Program Files\LimeWire
2008-03-05 15:59 . 2008-03-05 15:59 <DIR> d-------- C:\Program Files\Common Files\Java
2008-03-05 15:10 . 2008-03-05 15:10 0 --a------ C:\WINDOWS\nsreg.dat
2008-03-05 15:01 . 2008-03-05 15:01 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\UDL
2008-03-05 14:58 . 2008-03-05 15:00 <DIR> d-------- C:\Program Files\EPSON
2008-03-05 14:58 . 2006-03-03 00:04 73,216 --a------ C:\WINDOWS\system32\E_FLBBHP.DLL
2008-03-05 14:58 . 2005-04-11 00:01 62,976 --a------ C:\WINDOWS\system32\E_FD4BBHP.DLL
2008-03-05 14:58 . 2004-09-10 19:12 49,152 --a------ C:\WINDOWS\system32\E_DCINST.DLL
2008-03-05 14:58 . 2004-08-03 23:01 25,856 --a------ C:\WINDOWS\system32\drivers\usbprint.sys
2008-03-05 14:58 . 2004-08-03 23:01 25,856 --a--c--- C:\WINDOWS\system32\dllcache\usbprint.sys
2008-03-05 14:57 . 2008-03-05 14:59 241,033 --a------ C:\WINDOWS\EPSTPLOG.BAK
2008-03-05 14:35 . 2008-03-16 10:29 64 --a------ C:\WINDOWS\option.ini
2008-03-05 13:44 . 2004-08-03 23:08 26,496 --a--c--- C:\WINDOWS\system32\dllcache\usbstor.sys
2008-03-05 13:37 . 2008-03-19 11:57 <DIR> d-------- C:\Program Files\Tales of Pirates Online
2008-03-05 13:35 . 2008-03-05 13:35 <DIR> d-------- C:\Program Files\Softnyx
2008-03-05 13:26 . 2003-07-21 02:17 5,174 --a------ C:\WINDOWS\system32\nppt9x.vxd
2008-03-05 13:26 . 2005-01-04 17:43 4,682 --a------ C:\WINDOWS\system32\npptNT2.sys
2008-03-05 13:06 . 2008-03-05 13:06 <DIR> d-------- C:\Program Files\Gravity
2008-03-05 13:00 . 2008-03-05 13:00 376 --a------ C:\WINDOWS\ODBC.INI
2008-03-05 12:58 . 2008-03-05 12:58 <DIR> d-------- C:\WINDOWS\ShellNew
2008-03-05 12:57 . 2008-03-05 12:57 <DIR> d-------- C:\Documents and Settings\jerionmari\Application Data\Microsoft Web Folders
2008-03-05 12:50 . 2008-03-05 15:07 <DIR> d-------- C:\Program Files\e-Games
2008-03-05 12:14 . 2008-03-05 12:14 <DIR> d-------- C:\Documents and Settings\jerionmari\Application Data\Grisoft
2008-03-05 12:12 . 2008-03-05 12:12 <DIR> d-------- C:\Documents and Settings\LocalService\Application Data\AVG7
2008-03-05 12:12 . 2008-03-19 16:57 <DIR> d-------- C:\Documents and Settings\jerionmari\Application Data\AVG7
2008-03-05 12:12 . 2008-03-16 16:47 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\avg7
2008-03-05 12:12 . 2008-03-05 12:12 499,712 --a------ C:\WINDOWS\system32\msvcp71.dll
2008-03-05 12:12 . 2008-03-05 12:12 348,160 --a------ C:\WINDOWS\system32\msvcr71.dll
2008-03-05 12:11 . 2008-03-05 12:12 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Grisoft
2008-03-05 12:11 . 2007-05-30 20:10 10,872 --a------ C:\WINDOWS\system32\drivers\AvgAsCln.sys
2008-03-05 11:10 . 2008-03-05 11:10 <DIR> d--hs---- C:\Documents and Settings\jerionmari\UserData
2008-03-05 11:07 . 2004-08-11 13:32 183,987 --a------ C:\WINDOWS\system32\drivers\VVBackd5.sys
2008-03-05 11:07 . 2003-12-20 19:07 45,056 -ra------ C:\WINDOWS\DxpAppEx.exe

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-03-06 01:21 --------- d--h--w C:\Program Files\InstallShield Installation Information
2008-03-05 07:01 --------- d-----w C:\Program Files\Common Files\InstallShield
2008-03-05 04:57 --------- d-----w C:\Program Files\microsoft frontpage
2008-03-05 03:05 56 ----a-w C:\Program Files\Common Files\appop.log
2008-03-05 02:56 --------- d-----w C:\Program Files\Realtek
2008-03-05 02:47 --------- d-----w C:\Program Files\MSXML 4.0
2006-05-03 09:06 163,328 --sh--r C:\WINDOWS\system32\flvDX.dll
2007-02-21 10:47 31,232 --sh--r C:\WINDOWS\system32\msfDX.dll
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 20:00 15360]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RTHDCPL"="RTHDCPL.EXE" [2005-10-15 09:51 14864384 C:\WINDOWS\RTHDCPL.EXE]
"RestoreIT!"="C:\Program Files\FarStone\RestoreIT\RestoreIT_XP\VBPTASK.exe" [2005-04-29 20:39 122880]
"!AVG Anti-Spyware"="C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" [2007-06-11 17:25 6731312]
"AVG7_CC"="C:\PROGRA~1\Grisoft\AVG7\avgcc.exe" [2008-03-05 12:12 579072]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe" [2008-02-22 04:25 144784]
"Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-01-11 22:16 39792]
"NeroFilterCheck"="C:\WINDOWS\system32\NeroCheck.exe" [2001-07-09 11:50 155648]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"AVG7_Run"="C:\PROGRA~1\Grisoft\AVG7\avgw.exe" [2008-03-05 12:12 219136]

C:\Documents and Settings\All Users\Start Menu\Programs\Startup\
Microtek Scanner Finder.lnk - C:\Program Files\Microtek\ScanWizard 5\ScannerFinder.exe [2008-03-06 09:20:54 335872]

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^InterVideo WinCinema Manager.lnk]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\InterVideo WinCinema Manager.lnk
backup=C:\WINDOWS\pss\InterVideo WinCinema Manager.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Microsoft Office.lnk]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Microsoft Office.lnk
backup=C:\WINDOWS\pss\Microsoft Office.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ctfmon.exe]
--a------ 2004-08-04 20:00 15360 C:\WINDOWS\system32\ctfmon.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\EPSON Stylus C59 Series]
--a------ 2006-02-23 03:00 131072 C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIBHP.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\farstone]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WINCINEMAMGR]
--a------ 2005-04-29 19:50 278528 C:\Program Files\InterVideo\Common\Bin\WinCinemaMgr.exe

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"C:\\Program Files\\Grisoft\\AVG7\\avginet.exe"=
"C:\\Program Files\\Grisoft\\AVG7\\avgamsvr.exe"=
"C:\\Program Files\\Grisoft\\AVG7\\avgcc.exe"=
"C:\\Program Files\\Grisoft\\AVG7\\avgemc.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"C:\\Program Files\\uTorrent\\uTorrent.exe"=
"C:\\Program Files\\Softnyx\\Rakion\\Bin\\rakion.bin"=
"C:\\Program Files\\Gravity\\RagnarokOnline\\valkyrie.exe"=

R0 ivicd;Ivi CDVD Filter Driver;C:\WINDOWS\system32\drivers\ivicd.sys [2005-01-12 06:29]
R0 RITFSD;RITFSD;C:\WINDOWS\system32\drivers\RITFSD.sys [2004-12-02 13:19]
R0 VVBackd5;VVBackd5;C:\WINDOWS\system32\drivers\VVBackd5.sys [2004-08-11 13:32]
R2 Rcfilter;Rcfilter;C:\WINDOWS\system32\drivers\Rcfilter.sys [2004-12-02 13:17]
R3 exdisk;Express Disk Service;C:\WINDOWS\system32\DRIVERS\exdisk.sys [2004-08-03 14:08]
S3 iviudf;iviudf;C:\WINDOWS\system32\drivers\IviUdf.sys [2005-01-12 20:28]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{0a717d25-ea70-11dc-93d7-0016763c047e}]
\Shell\AutoRun\command - ntdelect.com
\Shell\explore\Command - utdetect.com
\Shell\open\Command - utdetect.com

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{6c68a622-f4d5-11dc-9409-0016763c047e}]
\Shell\Auto\command - setup.exe
\Shell\AutoRun\command - C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL setup.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{8a8d04a0-ea8a-11dc-93dc-0016763c047e}]
\Shell\AutoRun\command - C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL Desktop.exe
\Shell\Explore\Command - Desktop.exe
\Shell\Open\Command - Desktop.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{8a8d04a6-ea8a-11dc-93dc-0016763c047e}]
\Shell\Autoplay\Command - F:\xmss.exe
\Shell\AutoRun\command - F:\xmss.exe
\Shell\Explore\Command - F:\xmss.exe
\Shell\Open\Command - F:\xmss.exe

.
**************************************************************************

catchme 0.3.1344 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-03-19 18:27:14
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
Completion time: 2008-03-19 18:27:33
ComboFix-quarantined-files.txt 2008-03-19 10:27:31
.
2008-03-16 01:55:33 --- E O F ---

Edited by cirej, 19 March 2008 - 04:42 AM.

  • 0

Advertisements


#2
cirej

cirej

    Member

  • Topic Starter
  • Member
  • PipPip
  • 18 posts
Adding Deckard's System Scanner



Deckard's System Scanner v20071014.68
Extra logfile - please post this as an attachment with your post.
--------------------------------------------------------------------------------

-- System Information ----------------------------------------------------------

Microsoft Windows XP Home Edition (build 2600) SP 2.0
Architecture: X86; Language: English

CPU 0: Intel® Pentium® D CPU 2.66GHz
CPU 1: Intel® Pentium® D CPU 2.66GHz
Percentage of Memory in Use: 40%
Physical Memory (total/avail): 894.48 MiB / 531.31 MiB
Pagefile Memory (total/avail): 2167.56 MiB / 1827.49 MiB
Virtual Memory (total/avail): 2047.88 MiB / 1902.82 MiB

A: is Removable (No Media)
B: is Fixed (Unformatted) - 0 GiB total, 0 GiB free.
C: is Fixed (NTFS) - 40.73 GiB total, 25.62 GiB free.
D: is Fixed (NTFS) - 126.96 GiB total, 1.88 GiB free.
E: is CDROM (Unformatted)

\\.\PHYSICALDRIVE0 - ST3200827AS - 186.31 GiB - 3 partitions
\PARTITION0 (bootable) - Installable File System - 40.73 GiB - C:
\PARTITION1 - Extended w/Extended Int 13 - 126.96 GiB - D:
\PARTITION2 - Unknown - 18.62 GiB



-- Security Center -------------------------------------------------------------

AUOptions is scheduled to auto-install.
Windows Internal Firewall is enabled.

FirstRunDisabled is set.

AV: AVG 7.5.519 v7.5.519 (Grisoft)

[HKLM\System\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"%windir%\\Network Diagnostic\\xpnetdiag.exe"="%windir%\\Network Diagnostic\\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"

[HKLM\System\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\\Program Files\\Grisoft\\AVG7\\avginet.exe"="C:\\Program Files\\Grisoft\\AVG7\\avginet.exe:*:Enabled:avginet.exe"
"C:\\Program Files\\Grisoft\\AVG7\\avgamsvr.exe"="C:\\Program Files\\Grisoft\\AVG7\\avgamsvr.exe:*:Enabled:avgamsvr.exe"
"C:\\Program Files\\Grisoft\\AVG7\\avgcc.exe"="C:\\Program Files\\Grisoft\\AVG7\\avgcc.exe:*:Enabled:avgcc.exe"
"C:\\Program Files\\Grisoft\\AVG7\\avgemc.exe"="C:\\Program Files\\Grisoft\\AVG7\\avgemc.exe:*:Enabled:avgemc.exe"
"%windir%\\Network Diagnostic\\xpnetdiag.exe"="%windir%\\Network Diagnostic\\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"C:\\Program Files\\uTorrent\\uTorrent.exe"="C:\\Program Files\\uTorrent\\uTorrent.exe:*:Enabled:µTorrent"
"C:\\Program Files\\Softnyx\\Rakion\\Bin\\rakion.bin"="C:\\Program Files\\Softnyx\\Rakion\\Bin\\rakion.bin:*:Enabled:rakion"
"C:\\Program Files\\Gravity\\RagnarokOnline\\valkyrie.exe"="C:\\Program Files\\Gravity\\RagnarokOnline\\valkyrie.exe:*:Enabled:Valkyrie"


-- Environment Variables -------------------------------------------------------

ALLUSERSPROFILE=C:\Documents and Settings\All Users
APPDATA=C:\Documents and Settings\jerionmari\Application Data
CLIENTNAME=Console
CommonProgramFiles=C:\Program Files\Common Files
COMPUTERNAME=JERION
ComSpec=C:\WINDOWS\system32\cmd.exe
FP_NO_HOST_CHECK=NO
HOMEDRIVE=C:
HOMEPATH=\Documents and Settings\jerionmari
LOGONSERVER=\\JERION
NUMBER_OF_PROCESSORS=2
OS=Windows_NT
Path=C:\WINDOWS\system32;C:\WINDOWS;C:\WINDOWS\System32\Wbem
PATHEXT=.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH
PROCESSOR_ARCHITECTURE=x86
PROCESSOR_IDENTIFIER=x86 Family 15 Model 4 Stepping 7, GenuineIntel
PROCESSOR_LEVEL=15
PROCESSOR_REVISION=0407
ProgramFiles=C:\Program Files
PROMPT=$P$G
SESSIONNAME=Console
SystemDrive=C:
SystemRoot=C:\WINDOWS
TEMP=C:\DOCUME~1\JERION~1\LOCALS~1\Temp
TMP=C:\DOCUME~1\JERION~1\LOCALS~1\Temp
USERDOMAIN=JERION
USERNAME=jerionmari
USERPROFILE=C:\Documents and Settings\jerionmari
windir=C:\WINDOWS


-- User Profiles ---------------------------------------------------------------

jerionmari (admin)


-- Add/Remove Programs ---------------------------------------------------------

--> "C:\Program Files\InstallShield Installation Information\{2FCE4FC5-6930-40E7-A4F1-F862207424EF}\setup.exe" REMOVEALL
--> "C:\Program Files\InstallShield Installation Information\{F366D0C4-18F2-44A6-A4E7-7ED2DD37F3D3}\setup.exe" --u:{F366D0C4-18F2-44A6-A4E7-7ED2DD37F3D3}
--> C:\Program Files\Ahead\nero\uninstall\UNNERO.exe /UNINSTALL
--> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{40602E2C-AB5C-4887-8093-3BFE5B8B95B3}\setup.exe" REMOVEALL
--> rundll32.exe setupapi.dll,InstallHinfSection DefaultUninstall 132 C:\WINDOWS\INF\PCHealth.inf
µTorrent --> "C:\Program Files\uTorrent\uTorrent.exe" /UNINSTALL
Adobe Flash Player ActiveX --> C:\WINDOWS\system32\Macromed\Flash\uninstall_activeX.exe
Adobe Flash Player Plugin --> C:\WINDOWS\system32\Macromed\Flash\uninstall_plugin.exe
Adobe Reader 8.1.2 --> MsiExec.exe /I{AC76BA86-7AD7-1033-7B44-A81200000003}
ATI Display Driver --> rundll32 C:\WINDOWS\system32\atiiiexx.dll,_InfEngUnIn[email protected] -force_restart -flags:0x2010001 -inf_class:DISPLAY -clean
AVG 7.5 --> C:\Program Files\Grisoft\AVG7\setup.exe /UNINSTALL
AVG Anti-Spyware 7.5 --> C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\Uninstall.exe
DivX --> C:\Program Files\DivX\DivXCodecUninstall.exe /CODEC
DivX Player --> C:\Program Files\DivX\DivXPlayerUninstall.exe /PLAYER
EPSON Attach To Email --> C:\Program Files\Common Files\InstallShield\Driver\8\Intel 32\IDriver.exe /M{20C45B32-5AB6-46A4-94EF-58950CAF05E5} /l1033 ADDREMOVEDLG
EPSON Easy Photo Print --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\0701\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{BC69DDB8-4840-4D9B-BB31-0D4DB2BA1312}\SETUP.EXE" -l0x9 UNINST
EPSON File Manager --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\0701\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{E86BC406-944E-41F6-ADE6-2C136734C96B}\Setup.exe" -l0x9 UNINST
EPSON Printer Software --> C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\EPUPDATE.EXE /R
EPSON Scan Assistant --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\0701\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{2A88F1BF-7041-4E42-84B1-6B4ACB83AC64}\Setup.exe" -l0x9 -u
ESC58_59 User's Guide --> C:\Program Files\EPSON\TPMANUAL\ESC58_59\ENG\USE_G\DOCUNINS.EXE
Google Toolbar for Internet Explorer --> regsvr32 /u /s "c:\program files\google\googletoolbar2.dll"
High Definition Audio Driver Package - KB888111 --> "C:\WINDOWS\$NtUninstallKB888111WXPSP2$\spuninst\spuninst.exe"
Hotfix for Windows Media Format 11 SDK (KB929399) --> "C:\WINDOWS\$NtUninstallKB929399$\spuninst\spuninst.exe"
InterVideo MediaOne --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{8AEEE6D6-C95D-465A-B8D3-B7AE2FA7B8B4}\setup.exe" REMOVEALL
Java™ 6 Update 4 --> MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0160040}
Java™ 6 Update 5 --> MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0160050}
LimeWire 4.16.6 --> "C:\Program Files\LimeWire\uninstall.exe"
Microsoft Compression Client Pack 1.0 for Windows XP --> "C:\WINDOWS\$NtUninstallMSCompPackV1$\spuninst\spuninst.exe"
Microsoft Office 2000 Professional --> MsiExec.exe /I{00010409-78E1-11D2-B60F-006097C998E7}
Microsoft User-Mode Driver Framework Feature Pack 1.0 --> "C:\WINDOWS\$NtUninstallWudf01000$\spuninst\spuninst.exe"
Microtek FineReader OCR Engine --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{345C90FB-FA10-11D5-9C2A-0080C85A0C2D}\setup.exe"
Mobius Rakion --> "C:\Program Files\Softnyx\Rakion\unins000.exe"
Mozilla Firefox (2.0.0.12) --> C:\Program Files\Mozilla Firefox\uninstall\helper.exe
Nero Suite --> C:\Program Files\Common Files\Nero\Uninstall\Setup.exe /uninstall ExtraUninstallID=""
O2Jam_PH --> "C:\Program Files\e-Games\O2Jam_PH\uninstall.exe"
Panda ActiveScan --> C:\WINDOWS\system32\ASUninst.exe Panda ActiveScan
RagnarokOnline --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\10\00\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{C2BE6E4E-9041-4DA0-9E18-DA42CEB05A18}\setup.exe" -l0x9 -removeonly
Ran Online 3.0.2.1 --> "C:\Program Files\e-Games\Ran Online\uninstall.exe"
REALTEK Gigabit and Fast Ethernet NIC Driver --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{94FB906A-CF42-4128-A509-D353026A607E}\setup.exe" -l0x9 REMOVE
Realtek High Definition Audio Driver --> RtlUpd.exe -r
RestoreIT --> C:\Program Files\FarStone\RestoreIT\RestoreIT_XP\un_vback.exe
ScanWizard 5 --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{B08D262E-D902-11D5-9C28-0080C85A0C2D}\setup.exe"
Special Force --> C:\Program Files\InstallShield Installation Information\{8ADE24B2-DCA4-4A1E-8B52-A5B435522D9E}\setup.exe -runfromtemp -l0x0009 -removeonly
SpywareBlaster 4.0 --> "C:\Program Files\SpywareBlaster\unins000.exe"
SUPER © Version 2007.bld.23 (July 4, 2007) --> C:\PROGRA~1\ERIGHT~1\SUPER\Setup.exe /remove /q0
Tales of Pirates Online 1.33 --> "C:\Program Files\Tales of Pirates Online\unins000.exe"
Windows Media Format 11 runtime --> "C:\WINDOWS\$NtUninstallWMFDist11$\spuninst\spuninst.exe"


-- Application Event Log -------------------------------------------------------

Event Record #/Type378 / Error
Event Submitted/Written: 03/20/2008 00:40:06 PM
Event ID/Source: 1000 / Application Error
Event Description:
Faulting application scanwizard5.exe, version 1.0.0.1, faulting module unknown, version 0.0.0.0, fault address 0x011b3ca8.
Processing media-specific event for [scanwizard5.exe!ws!]

Event Record #/Type354 / Error
Event Submitted/Written: 03/19/2008 00:42:49 AM
Event ID/Source: 1002 / Application Hang
Event Description:
Hanging application wmplayer.exe, version 11.0.5721.5145, hang module hungapp, version 0.0.0.0, hang address 0x00000000.

Event Record #/Type353 / Error
Event Submitted/Written: 03/19/2008 00:42:48 AM
Event ID/Source: 1002 / Application Hang
Event Description:
Hanging application wmplayer.exe, version 11.0.5721.5145, hang module hungapp, version 0.0.0.0, hang address 0x00000000.

Event Record #/Type344 / Error
Event Submitted/Written: 03/18/2008 02:33:17 PM
Event ID/Source: 1002 / Application Hang
Event Description:
Hanging application ScanWizard5.exe, version 1.0.0.1, hang module hungapp, version 0.0.0.0, hang address 0x00000000.

Event Record #/Type343 / Error
Event Submitted/Written: 03/18/2008 02:32:06 PM
Event ID/Source: 1002 / Application Hang
Event Description:
Hanging application ScannerFinder.exe, version 1.0.0.1, hang module hungapp, version 0.0.0.0, hang address 0x00000000.



-- Security Event Log ----------------------------------------------------------

No Errors/Warnings found.


-- System Event Log ------------------------------------------------------------

Event Record #/Type3647 / Warning
Event Submitted/Written: 03/20/2008 02:30:50 PM
Event ID/Source: 51 / ivicd
Event Description:
\Device\IviFilte

Event Record #/Type3646 / Warning
Event Submitted/Written: 03/20/2008 02:30:50 PM
Event ID/Source: 51 / ivicd
Event Description:
\Device\IviFilte

Event Record #/Type3641 / Warning
Event Submitted/Written: 03/20/2008 01:47:12 PM / 03/20/2008 01:47:15 PM
Event ID/Source: 51 / ivicd
Event Description:
\Device\IviFilte

Event Record #/Type3640 / Warning
Event Submitted/Written: 03/20/2008 01:47:12 PM / 03/20/2008 01:47:15 PM
Event ID/Source: 51 / ivicd
Event Description:
\Device\IviFilte

Event Record #/Type3639 / Warning
Event Submitted/Written: 03/20/2008 01:47:12 PM / 03/20/2008 01:47:15 PM
Event ID/Source: 51 / ivicd
Event Description:
\Device\IviFilte



-- End of Deckard's System Scanner: finished at 2008-03-20 14:31:03 ------------
  • 0

#3
cirej

cirej

    Member

  • Topic Starter
  • Member
  • PipPip
  • 18 posts
MAin Text

Deckard's System Scanner v20071014.68
Run by jerionmari on 2008-03-20 14:28:43
Computer is in Normal Mode.
--------------------------------------------------------------------------------

-- System Restore --------------------------------------------------------------

Successfully created a Deckard's System Scanner Restore Point.


-- Last 5 Restore Point(s) --
39: 2008-03-20 06:28:50 UTC - RP39 - Deckard's System Scanner Restore Point
38: 2008-03-19 10:25:46 UTC - RP38 - ComboFix created restore point
37: 2008-03-16 01:54:22 UTC - RP37 - Software Distribution Service 3.0
36: 2008-03-15 02:05:27 UTC - RP36 - Software Distribution Service 3.0
35: 2008-03-15 02:02:07 UTC - RP35 - Installed Windows Media Player 11


-- First Restore Point --
1: 2008-03-05 02:43:57 UTC - RP1 - System Checkpoint


Backed up registry hives.
Performed disk cleanup.



-- HijackThis Clone ------------------------------------------------------------


Emulating logfile of Trend Micro HijackThis v2.0.2
Scan saved at 2008-03-20 14:29:53
Platform: Windows XP Service Pack 2 (5.01.2600)
MSIE: Internet Explorer (7.00.6000.16608)
Boot mode: Normal

Running processes:
C:\WINDOWS\system32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\ati2evxx.exe
C:\WINDOWS\explorer.exe
C:\WINDOWS\RTHDCPL.EXE
C:\Program Files\FarStone\RestoreIT\RestoreIT_XP\vbptask.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe
C:\Program Files\Grisoft\AVG7\avgcc.exe
C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Microtek\ScanWizard 5\ScannerFinder.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\Program Files\Grisoft\AVG7\avgamsvr.exe
C:\Program Files\Grisoft\AVG7\avgupsvc.exe
C:\Program Files\Grisoft\AVG7\avgemc.exe
C:\WINDOWS\system32\svchost.exe
C:\Documents and Settings\jerionmari\Desktop\dss.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com.ph/
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://www.google.com/keyword/%s
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft....k/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft....k/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft....k/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft....k/?LinkId=69157
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\GoogleToolbar2.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\GoogleToolbar2.dll
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [RestoreIT!] "C:\Program Files\FarStone\RestoreIT\RestoreIT_XP\VBPTASK.EXE" VBStart
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVG7\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe"
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [amva] C:\WINDOWS\system32\amvo.exe
O4 - HKUS\S-1-5-19\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'Default user')
O4 - Global Startup: Microtek Scanner Finder.lnk = ?
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\network diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\network diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {48884C41-EFAC-433D-958A-9FADAC41408E} (EGamesPlugin Class) - https://www.e-games....GamesPlugin.cab
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoft...free/asinst.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload.ma...ash/swflash.cab
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\Program Files\Grisoft\AVG7\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\Program Files\Grisoft\AVG7\avgupsvc.exe
O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\Program Files\Grisoft\AVG7\avgemc.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe


--
End of file - 5465 bytes

-- File Associations -----------------------------------------------------------

All associations okay.


-- Drivers: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled ---------------------

R0 ivicd (Ivi CDVD Filter Driver) - c:\windows\system32\drivers\ivicd.sys <Not Verified; InterVideo; InterVideo C/DVD Filter Driver>
R0 RITFSD - c:\windows\system32\drivers\ritfsd.sys
R0 VVBackd5 - c:\windows\system32\drivers\vvbackd5.sys
R2 Rcfilter - c:\windows\system32\drivers\rcfilter.sys <Not Verified; FarStone Technology Inc.,; Restore IT!>
R3 exdisk (Express Disk Service) - c:\windows\system32\drivers\exdisk.sys
R3 Iviaspi (IVI ASPI Shell) - c:\windows\system32\drivers\iviaspi.sys <Not Verified; InterVideo, Inc.; InterVideo ASPI Shell>
R3 Pfc (Padus ASPI Shell) - c:\windows\system32\drivers\pfc.sys <Not Verified; Padus, Inc.; Padus® ASPI Shell>

S3 iviudf - c:\windows\system32\drivers\iviudf.sys <Not Verified; InterVideo; UDF File System Driver>
S3 npkcrypt - c:\program files\gravity\ragnarokonline\npkcrypt.sys <Not Verified; INCA Internet Co., Ltd.; nProtect KeyCrypt Driver>


-- Services: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled --------------------

All services whitelisted.


-- Device Manager: Disabled ----------------------------------------------------

No disabled devices found.


-- Files created between 2008-02-20 and 2008-03-20 -----------------------------

2008-03-20 12:26:45 100754 -r-hs---- C:\un9.cmd
2008-03-20 12:25:32 72192 -r-hs---- C:\WINDOWS\system32\amvo0.dll
2008-03-19 21:07:37 72192 -r-hs---- C:\WINDOWS\system32\amvo1.dll
2008-03-19 21:06:39 100754 -r-hs---- C:\WINDOWS\system32\amvo.exe
2008-03-19 18:49:47 0 d-------- C:\Documents and Settings\All Users\Application Data\TEMP
2008-03-19 18:49:43 0 d-------- C:\Program Files\SpywareBlaster
2008-03-19 18:25:00 68096 --a------ C:\WINDOWS\system32\zip.exe
2008-03-19 18:25:00 98816 --a------ C:\WINDOWS\system32\sed.exe
2008-03-19 18:25:00 80412 --a------ C:\WINDOWS\system32\grep.exe
2008-03-19 18:25:00 73728 --a------ C:\WINDOWS\system32\fdsv.exe <Not Verified; Smallfrogs Studio; >
2008-03-19 18:06:47 0 d-------- C:\WINDOWS\system32\ActiveScan
2008-03-19 11:36:09 99735 -r-hs---- C:\h6o0re.cmd
2008-03-18 15:01:37 0 dr-h----- C:\$VAULT$.AVG
2008-03-16 11:57:55 100836 -r-hs---- C:\3o.exe
2008-03-15 10:14:43 0 d-------- C:\Program Files\Common Files\Nero
2008-03-15 10:13:45 106496 --a------ C:\WINDOWS\system32\TwnLib20.dll <Not Verified; Pegasus Software; TWNLIB20>
2008-03-15 10:13:40 471040 -----n--- C:\WINDOWS\system32\ImagXRA7.dll <Not Verified; Pegasus Imaging Corp.; ImagXpress7>
2008-03-15 10:13:40 262144 -----n--- C:\WINDOWS\system32\ImagXR7.dll <Not Verified; Pegasus Imaging Corp.; ImagXpress7>
2008-03-15 10:13:40 1568768 -----n--- C:\WINDOWS\system32\ImagX7.dll <Not Verified; Pegasus Imaging Corp.; ImagXpress7>
2008-03-15 10:13:39 155648 --a------ C:\WINDOWS\system32\NeroCheck.exe <Not Verified; Ahead Software Gmbh; Ahead Software Gmbh NeroCheck>
2008-03-15 10:13:35 0 d-------- C:\Program Files\Common Files\Ahead
2008-03-15 10:13:34 0 d-------- C:\Program Files\Ahead
2008-03-15 10:07:28 0 d-------- C:\Program Files\Windows Media Connect 2
2008-03-15 10:06:06 0 d-------- C:\a19a70a474e0d07f4bbe
2008-03-15 10:06:01 0 d-------- C:\WINDOWS\system32\LogFiles
2008-03-15 10:06:01 0 d-------- C:\WINDOWS\system32\drivers\UMDF
2008-03-15 10:05:37 0 d-------- C:\59653168b3a8a2751c69
2008-03-15 09:52:54 101166 -r-hs---- C:\cfdflx.com
2008-03-12 11:42:38 100791 -r-hs---- C:\v.cmd
2008-03-11 23:47:46 0 d-------- C:\Program Files\Common Files\Adobe
2008-03-11 23:47:38 0 d-------- C:\WINDOWS\SxsCaPendDel
2008-03-11 12:52:42 0 d-------- C:\Documents and Settings\jerionmari\Application Data\Google
2008-03-11 12:51:05 0 d-------- C:\Program Files\Common Files\INCA Shared
2008-03-10 22:16:27 0 d-------- C:\Documents and Settings\All Users\Application Data\Adobe
2008-03-10 22:13:45 103034 -r-hs---- C:\b.com
2008-03-06 09:35:07 0 d-------- C:\Documents and Settings\All Users\Application Data\Google
2008-03-06 09:32:07 0 d-------- C:\Program Files\NetGames
2008-03-06 09:20:59 60928 --a------ C:\WINDOWS\system32\drivers\Smplscsi.sys <Not Verified; OnSpec Electronic, Inc.; Microsoft® Windows™ Operating System>
2008-03-06 09:20:59 7680 --a------ C:\WINDOWS\system32\drivers\Onsreged.sys
2008-03-06 09:20:59 285216 --a------ C:\WINDOWS\system32\drivers\Onsio.sys
2008-03-06 09:20:57 0 d-------- C:\Kpcms
2008-03-06 09:20:54 13962 --a------ C:\WINDOWS\system32\Msmusd6.dll <Not Verified; Microtek International Inc.; ScanMaker 4600>
2008-03-06 09:20:53 0 d-------- C:\Program Files\Microtek
2008-03-06 01:44:50 0 d-------- C:\Program Files\Google
2008-03-06 01:44:45 0 d-------- C:\Program Files\DivX
2008-03-05 19:20:51 0 d--hs---- C:\WINDOWS\Installer
2008-03-05 19:20:50 0 d-------- C:\Program Files\Common Files\ODBC
2008-03-05 19:20:46 0 d-------- C:\Program Files\Common Files\SpeechEngines
2008-03-05 19:20:45 0 dr------- C:\Program Files
2008-03-05 19:20:45 0 d-------- C:\Program Files\Common Files
2008-03-05 19:20:19 0 d--h----- C:\Documents and Settings\Default User\Templates
2008-03-05 19:20:19 0 dr------- C:\Documents and Settings\Default User\Start Menu
2008-03-05 19:20:19 0 dr-h----- C:\Documents and Settings\Default User\SendTo
2008-03-05 19:20:19 0 d--h----- C:\Documents and Settings\Default User\Recent
2008-03-05 19:20:19 0 d--h----- C:\Documents and Settings\Default User\PrintHood
2008-03-05 19:20:19 0 d--h----- C:\Documents and Settings\Default User\NetHood
2008-03-05 19:20:19 0 d-------- C:\Documents and Settings\Default User\My Documents
2008-03-05 19:20:19 0 dr-h----- C:\Documents and Settings\Default User\Local Settings
2008-03-05 19:20:19 0 d-------- C:\Documents and Settings\Default User\Favorites
2008-03-05 19:20:19 0 d-------- C:\Documents and Settings\Default User\Desktop
2008-03-05 19:20:19 0 d---s---- C:\Documents and Settings\Default User\Cookies
2008-03-05 19:20:19 0 d--h----- C:\Documents and Settings\All Users\Templates
2008-03-05 19:20:19 0 dr------- C:\Documents and Settings\All Users\Start Menu
2008-03-05 19:20:19 0 d-------- C:\Documents and Settings\All Users\Favorites
2008-03-05 19:20:19 0 dr------- C:\Documents and Settings\All Users\Documents
2008-03-05 19:20:19 0 d-------- C:\Documents and Settings\All Users\Desktop
2008-03-05 19:20:05 0 d-------- C:\WINDOWS\system32\CatRoot2
2008-03-05 19:20:05 0 d-------- C:\WINDOWS\system32\CatRoot
2008-03-05 19:20:00 0 dr-h----- C:\Documents and Settings\Default User\Application Data
2008-03-05 19:20:00 0 d---s---- C:\Documents and Settings\Default User\Application Data\Microsoft
2008-03-05 19:20:00 0 dr-h----- C:\Documents and Settings\All Users\Application Data
2008-03-05 19:20:00 0 d---s---- C:\Documents and Settings\All Users\Application Data\Microsoft
2008-03-05 19:19:33 0 d-------- C:\Documents and Settings
2008-03-05 19:19:32 0 d--hs---- C:\System Volume Information
2008-03-05 19:11:13 0 d-------- C:\WINDOWS
2008-03-05 19:11:13 0 d-------- C:\WINDOWS\WinSxS
2008-03-05 19:11:13 0 dr------- C:\WINDOWS\Web
2008-03-05 19:11:13 0 d-------- C:\WINDOWS\twain_32
2008-03-05 19:11:13 0 d-------- C:\WINDOWS\system32
2008-03-05 19:11:13 0 d-------- C:\WINDOWS\system32\wins
2008-03-05 19:11:13 0 d-------- C:\WINDOWS\system32\wbem
2008-03-05 19:11:13 0 d-------- C:\WINDOWS\system32\usmt
2008-03-05 19:11:13 0 d-------- C:\WINDOWS\system32\spool
2008-03-05 19:11:13 0 d-------- C:\WINDOWS\system32\ShellExt
2008-03-05 19:11:13 0 d-------- C:\WINDOWS\system32\Setup
2008-03-05 19:11:13 0 d-------- C:\WINDOWS\system32\ras
2008-03-05 19:11:13 0 d-------- C:\WINDOWS\system32\oobe
2008-03-05 19:11:13 0 d-------- C:\WINDOWS\system32\npp
2008-03-05 19:11:13 0 d-------- C:\WINDOWS\system32\mui
2008-03-05 19:11:13 0 d-------- C:\WINDOWS\system32\inetsrv
2008-03-05 19:11:13 0 d-------- C:\WINDOWS\system32\IME
2008-03-05 19:11:13 0 d-------- C:\WINDOWS\system32\icsxml
2008-03-05 19:11:13 0 d-------- C:\WINDOWS\system32\ias
2008-03-05 19:11:13 0 d-------- C:\WINDOWS\system32\export
2008-03-05 19:11:13 0 d-------- C:\WINDOWS\system32\drivers
2008-03-05 19:11:13 0 d-------- C:\WINDOWS\system32\drivers\etc
2008-03-05 19:11:13 0 d-------- C:\WINDOWS\system32\drivers\disdn
2008-03-05 19:11:13 0 dr-hs--c- C:\WINDOWS\system32\dllcache
2008-03-05 19:11:13 0 d-------- C:\WINDOWS\system32\dhcp
2008-03-05 19:11:13 0 d-------- C:\WINDOWS\system32\config
2008-03-05 19:11:13 0 d-------- C:\WINDOWS\system32\3com_dmi
2008-03-05 19:11:13 0 d-------- C:\WINDOWS\system32\3076
2008-03-05 19:11:13 0 d-------- C:\WINDOWS\system32\2052
2008-03-05 19:11:13 0 d-------- C:\WINDOWS\system32\1054
2008-03-05 19:11:13 0 d-------- C:\WINDOWS\system32\1042
2008-03-05 19:11:13 0 d-------- C:\WINDOWS\system32\1041
2008-03-05 19:11:13 0 d-------- C:\WINDOWS\system32\1037
2008-03-05 19:11:13 0 d-------- C:\WINDOWS\system32\1033
2008-03-05 19:11:13 0 d-------- C:\WINDOWS\system32\1031
2008-03-05 19:11:13 0 d-------- C:\WINDOWS\system32\1028
2008-03-05 19:11:13 0 d-------- C:\WINDOWS\system32\1025
2008-03-05 19:11:13 0 d-------- C:\WINDOWS\system
2008-03-05 19:11:13 0 d-------- C:\WINDOWS\security
2008-03-05 19:11:13 0 d-------- C:\WINDOWS\Resources
2008-03-05 19:11:13 0 d-------- C:\WINDOWS\repair
2008-03-05 19:11:13 0 d-------- C:\WINDOWS\Provisioning
2008-03-05 19:11:13 0 d-------- C:\WINDOWS\PeerNet
2008-03-05 19:11:13 0 d-------- C:\WINDOWS\pchealth
2008-03-05 19:11:13 0 d-------- C:\WINDOWS\mui
2008-03-05 19:11:13 0 d-------- C:\WINDOWS\msapps
2008-03-05 19:11:13 0 d-------- C:\WINDOWS\msagent
2008-03-05 19:11:13 0 d-------- C:\WINDOWS\Media
2008-03-05 19:11:13 0 d-------- C:\WINDOWS\java
2008-03-05 19:11:13 0 d--h----- C:\WINDOWS\inf
2008-03-05 19:11:13 0 d-------- C:\WINDOWS\ime
2008-03-05 19:11:13 0 d-------- C:\WINDOWS\Help
2008-03-05 19:11:13 0 dr--s---- C:\WINDOWS\Fonts
2008-03-05 19:11:13 0 d-------- C:\WINDOWS\Driver Cache
2008-03-05 19:11:13 0 d-------- C:\WINDOWS\Debug
2008-03-05 19:11:13 0 d-------- C:\WINDOWS\Cursors
2008-03-05 19:11:13 0 d-------- C:\WINDOWS\Connection Wizard
2008-03-05 19:11:13 0 d-------- C:\WINDOWS\Config
2008-03-05 19:11:13 0 d-------- C:\WINDOWS\AppPatch
2008-03-05 19:11:13 0 d-------- C:\WINDOWS\addins
2008-03-05 17:56:36 0 d-------- C:\Program Files\Dragonfly
2008-03-05 17:56:25 0 d-------- C:\Documents and Settings\jerionmari\Application Data\InstallShield
2008-03-05 17:55:44 0 d-------- C:\Program Files\uTorrent
2008-03-05 17:55:27 0 d-------- C:\Documents and Settings\jerionmari\Application Data\uTorrent
2008-03-05 17:49:16 70656 --a------ C:\WINDOWS\system32\yv12vfw.dll <Not Verified; www.helixcommunity.org; Helix YV12 YUV Codec>
2008-03-05 17:49:16 394240 --a------ C:\WINDOWS\system32\Smab.dll
2008-03-05 17:49:16 719872 --a------ C:\WINDOWS\system32\devil.dll <Not Verified; Abysmal Software; Developer's Image Library (DevIL)>
2008-03-05 17:49:16 27648 --a------ C:\WINDOWS\system32\AVSredirect.dll
2008-03-05 17:49:16 318976 --a------ C:\WINDOWS\system32\avisynth.dll <Not Verified; The Public; Avisynth 2.5>
2008-03-05 17:49:16 66560 --a------ C:\WINDOWS\MOTA113.exe
2008-03-05 17:49:15 70656 --a------ C:\WINDOWS\system32\i420vfw.dll <Not Verified; www.helixcommunity.org; Helix I420 YUV Codec>
2008-03-05 17:49:15 217073 --a------ C:\WINDOWS\meta4.exe
2008-03-05 17:49:14 0 d-------- C:\Program Files\AviSynth 2.5
2008-03-05 17:48:57 31232 -r-hs---- C:\WINDOWS\system32\msfDX.dll <Not Verified; Hans Mayerl; msfDX.dll>
2008-03-05 17:48:57 163328 -r-hs---- C:\WINDOWS\system32\flvDX.dll <Not Verified; Gabest; FLV Splitter>
2008-03-05 17:48:53 0 d-------- C:\Program Files\eRightSoft
2008-03-05 16:02:53 0 d-------- C:\Documents and Settings\jerionmari\Application Data\LimeWire
2008-03-05 16:02:13 0 d-------- C:\Program Files\Java
2008-03-05 15:59:50 0 d-------- C:\Program Files\Common Files\Java
2008-03-05 15:59:28 0 d-------- C:\Program Files\LimeWire
2008-03-05 15:10:20 0 --a------ C:\WINDOWS\nsreg.dat
2008-03-05 15:10:16 0 d-------- C:\Documents and Settings\jerionmari\Application Data\Mozilla
2008-03-05 15:01:05 0 d-------- C:\Documents and Settings\All Users\Application Data\UDL
2008-03-05 14:59:38 495616 --a------ C:\WINDOWS\system32\PICSDK2.dll <Not Verified; SEIKO EPSON CORPORATION; EPSON PIC SDK>
2008-03-05 14:59:38 73728 --a------ C:\WINDOWS\system32\PICSDK.dll <Not Verified; SEIKO EPSON CORPORATION; EPSON PIC SDK>
2008-03-05 14:59:38 77824 --a------ C:\WINDOWS\system32\PICEntry.dll <Not Verified; SEIKO EPSON CORPORATION; EPSON PIC SDK>
2008-03-05 14:59:38 114688 --a------ C:\WINDOWS\system32\EpPicPrt.dll <Not Verified; SEIKO EPSON CORPORATION; EPSON PIC SDK>
2008-03-05 14:59:37 111932 --a------ C:\WINDOWS\system32\EPPICPrinterDB.dat
2008-03-05 14:59:37 1139 --a------ C:\WINDOWS\system32\EPPICPresetData_PT.dat
2008-03-05 14:59:37 1120 --a------ C:\WINDOWS\system32\EPPICPresetData_IT.dat
2008-03-05 14:59:37 1107 --a------ C:\WINDOWS\system32\EPPICPresetData_GE.dat
2008-03-05 14:59:37 1129 --a------ C:\WINDOWS\system32\EPPICPresetData_FR.dat
2008-03-05 14:59:37 1136 --a------ C:\WINDOWS\system32\EPPICPresetData_ES.dat
2008-03-05 14:59:37 1104 --a------ C:\WINDOWS\system32\EPPICPresetData_EN.dat
2008-03-05 14:59:37 1146 --a------ C:\WINDOWS\system32\EPPICPresetData_DU.dat
2008-03-05 14:59:37 1129 --a------ C:\WINDOWS\system32\EPPICPresetData_CF.dat
2008-03-05 14:59:37 1139 --a------ C:\WINDOWS\system32\EPPICPresetData_BP.dat
2008-03-05 14:59:37 4943 --a------ C:\WINDOWS\system32\EPPICPattern6.dat
2008-03-05 14:59:37 21390 --a------ C:\WINDOWS\system32\EPPICPattern5.dat
2008-03-05 14:59:37 11811 --a------ C:\WINDOWS\system32\EPPICPattern4.dat
2008-03-05 14:59:37 24903 --a------ C:\WINDOWS\system32\EPPICPattern3.dat
2008-03-05 14:59:37 20148 --a------ C:\WINDOWS\system32\EPPICPattern2.dat
2008-03-05 14:59:37 31053 --a------ C:\WINDOWS\system32\EPPICPattern131.dat
2008-03-05 14:59:37 27417 --a------ C:\WINDOWS\system32\EPPICPattern121.dat
2008-03-05 14:59:37 26154 --a------ C:\WINDOWS\system32\EPPICPattern1.dat
2008-03-05 14:59:37 65536 --a------ C:\WINDOWS\system32\EPPicMgr.dll <Not Verified; SEIKO EPSON CORPORATION; EPSON PIC SDK>
2008-03-05 14:58:18 0 d-------- C:\Program Files\EPSON
2008-03-05 14:36:36 0 d-------- C:\WINDOWS\network diagnostic
2008-03-05 13:37:54 0 d-------- C:\Program Files\Tales of Pirates Online
2008-03-05 13:35:43 0 d-------- C:\Program Files\Softnyx
2008-03-05 13:26:34 4682 --a------ C:\WINDOWS\system32\npptNT2.sys <Not Verified; INCA Internet Co., Ltd.; nProtect NPSC Kernel Mode Driver for NT>
2008-03-05 13:06:53 0 d-------- C:\Program Files\Gravity
2008-03-05 12:58:47 0 d-------- C:\WINDOWS\ShellNew
2008-03-05 12:57:41 0 d-------- C:\Documents and Settings\jerionmari\Application Data\Microsoft Web Folders
2008-03-05 12:50:46 0 d-------- C:\Program Files\e-Games
2008-03-05 12:37:44 0 d-------- C:\WINDOWS\pss
2008-03-05 12:14:27 0 d-------- C:\Documents and Settings\jerionmari\Application Data\Grisoft
2008-03-05 12:12:57 0 d-------- C:\Documents and Settings\jerionmari\Application Data\AVG7
2008-03-05 12:12:50 0 d-------- C:\Documents and Settings\LocalService\Application Data\AVG7
2008-03-05 12:12:41 0 d-------- C:\Documents and Settings\All Users\Application Data\avg7
2008-03-05 12:11:15 0 d-------- C:\Documents and Settings\All Users\Application Data\Grisoft
2008-03-05 11:59:11 0 d-------- C:\Documents and Settings\jerionmari\Application Data\Macromedia
2008-03-05 11:59:10 0 d-------- C:\Documents and Settings\jerionmari\Application Data\Adobe
2008-03-05 11:18:59 0 d-------- C:\Documents and Settings\All Users\Application Data\Windows Genuine Advantage
2008-03-05 11:10:50 0 d--hs---- C:\Documents and Settings\jerionmari\UserData
2008-03-05 11:07:04 183987 --a------ C:\WINDOWS\system32\drivers\VVBackd5.sys
2008-03-05 11:07:01 33249 -ra------ C:\WINDOWS\system32\drivers\RITFSD.sys
2008-03-05 11:07:01 31872 -ra------ C:\WINDOWS\system32\drivers\Rcfilter.sys <Not Verified; FarStone Technology Inc.,; Restore IT!>
2008-03-05 11:07:01 14074 -ra------ C:\WINDOWS\system32\drivers\exdisk.sys
2008-03-05 11:07:01 45056 -ra------ C:\WINDOWS\DxpAppEx.exe
2008-03-05 11:06:58 49152 -ra------ C:\WINDOWS\system32\HookAPI.dll
2008-03-05 11:06:52 32768 -ra------ C:\WINDOWS\system32\RitShell.dll <Not Verified; ; RitShell Module>
2008-03-05 11:06:43 0 d-------- C:\Program Files\FarStone
2008-03-05 11:04:58 10368 -----n--- C:\WINDOWS\system32\drivers\pfc.sys <Not Verified; Padus, Inc.; Padus® ASPI Shell>
2008-03-05 11:04:45 204800 --a------ C:\WINDOWS\system32\IVIresizeW7.dll
2008-03-05 11:04:45 188416 --a------ C:\WINDOWS\system32\IVIresizePX.dll
2008-03-05 11:04:45 192512 --a------ C:\WINDOWS\system32\IVIresizeP6.dll
2008-03-05 11:04:45 192512 --a------ C:\WINDOWS\system32\IVIresizeM6.dll
2008-03-05 11:04:45 200704 --a------ C:\WINDOWS\system32\IVIresizeA6.dll
2008-03-05 11:04:45 20480 --a------ C:\WINDOWS\system32\IVIresize.dll
2008-03-05 11:03:56 59392 --a------ C:\WINDOWS\system32\iviaspi.sys <Not Verified; InterVideo, Inc.; InterVideo ASPI Shell>
2008-03-05 11:03:56 5248 -----n--- C:\WINDOWS\system32\drivers\udffsrec.sys
2008-03-05 11:03:56 116224 -----n--- C:\WINDOWS\system32\drivers\IviUdf.sys <Not Verified; InterVideo; UDF File System Driver>
2008-03-05 11:03:56 38784 -----n--- C:\WINDOWS\system32\drivers\ivicd.sys <Not Verified; InterVideo; InterVideo C/DVD Filter Driver>
2008-03-05 11:03:48 10752 -----n--- C:\WINDOWS\system32\drivers\iviaspi.sys <Not Verified; InterVideo, Inc.; InterVideo ASPI Shell>
2008-03-05 11:03:42 26694 --a------ C:\WINDOWS\HWS.exe
2008-03-05 11:03:42 26694 --a------ C:\WINDOWS\HMD.exe
2008-03-05 11:03:42 0 d-------- C:\Program Files\InterVideo
2008-03-05 11:03:42 0 d-------- C:\Documents and Settings\jerionmari\Application Data\InterVideo
2008-03-05 11:01:01 74752 --a------ C:\WINDOWS\system32\drivers\Rtnicxp.sys <Not Verified; Realtek Semiconductor Corporation; Realtek 10/100/1000 NIC Family all in one NDIS Driver>
2008-03-05 11:01:00 0 d-------- C:\WINDOWS\OPTIONS
2008-03-05 11:00:51 0 d-------- C:\WINDOWS\system32\Lang
2008-03-05 10:57:55 40960 -r------- C:\WINDOWS\system32\ChCfg.exe
2008-03-05 10:57:30 0 d-------- C:\WINDOWS\system32\RTCOM
2008-03-05 10:56:32 0 d-------- C:\Program Files\Realtek
2008-03-05 10:56:28 487424 -r------- C:\WINDOWS\RtlExUpd.dll <Not Verified; Realtek Semiconductor Corp.; RtlExUpd Dynamic Link Library>
2008-03-05 10:54:22 516096 -----n--- C:\WINDOWS\system32\ati2sgag.exe <Not Verified; ; ATI Smart>
2008-03-05 10:49:46 0 d-------- C:\WINDOWS\system32\ReinstallBackups
2008-03-05 10:49:17 0 d--h----- C:\Program Files\InstallShield Installation Information
2008-03-05 10:49:07 0 d-------- C:\Program Files\Common Files\InstallShield
2008-03-05 10:47:52 0 d-------- C:\Program Files\MSXML 4.0
2008-03-05 10:47:25 0 d-------- C:\TempEI4
2008-03-05 10:45:09 0 d-------- C:\WINDOWS\system32\PreInstall
2008-03-05 10:45:07 0 d--h----- C:\WINDOWS\$hf_mig$
2008-03-05 10:43:46 0 d-------- C:\Documents and Settings\jerionmari\Application Data\Identities
2008-03-05 10:43:39 0 d--h----- C:\Documents and Settings\jerionmari\Templates
2008-03-05 10:43:39 0 dr------- C:\Documents and Settings\jerionmari\Start Menu
2008-03-05 10:43:39 0 dr-h----- C:\Documents and Settings\jerionmari\SendTo
2008-03-05 10:43:39 0 dr-h----- C:\Documents and Settings\jerionmari\Recent
2008-03-05 10:43:39 0 d--h----- C:\Documents and Settings\jerionmari\PrintHood
2008-03-05 10:43:39 0 d--h----- C:\Documents and Settings\jerionmari\NetHood
2008-03-05 10:43:39 0 dr------- C:\Documents and Settings\jerionmari\My Documents
2008-03-05 10:43:39 0 d--h----- C:\Documents and Settings\jerionmari\Local Settings
2008-03-05 10:43:39 0 dr------- C:\Documents and Settings\jerionmari\Favorites
2008-03-05 10:43:39 0 d-------- C:\Documents and Settings\jerionmari\Desktop
2008-03-05 10:43:39 0 d--hs---- C:\Documents and Settings\jerionmari\Cookies
2008-03-05 10:43:39 0 d--h----- C:\Documents and Settings\jerionmari\Application Data
2008-03-05 10:43:38 2621440 --ah----- C:\Documents and Settings\jerionmari\NTUSER.DAT
2008-03-05 10:38:50 0 d-------- C:\WINDOWS\system32\SoftwareDistribution
2008-03-05 10:34:59 0 d-------- C:\WINDOWS\SoftwareDistribution
2008-03-05 10:34:58 0 d---s---- C:\WINDOWS\system32\Microsoft
2008-03-05 10:34:58 0 d-------- C:\WINDOWS\Prefetch
2008-03-05 10:34:57 262144 --ah----- C:\Documents and Settings\LocalService\NTUSER.DAT
2008-03-05 10:34:57 0 d--h----- C:\Documents and Settings\LocalService\Local Settings
2008-03-05 10:34:57 0 d--hs---- C:\Documents and Settings\LocalService\Cookies
2008-03-05 10:34:57 0 d-------- C:\Documents and Settings\LocalService\Application Data
2008-03-05 10:34:57 0 d---s---- C:\Documents and Settings\LocalService\Application Data\Microsoft
2008-03-05 10:34:40 225280 --ah----- C:\Documents and Settings\NetworkService\NTUSER.DAT
2008-03-05 10:34:40 0 d--h----- C:\Documents and Settings\NetworkService\Local Settings
2008-03-05 10:34:40 0 d---s---- C:\Documents and Settings\NetworkService\Cookies
2008-03-05 10:34:40 0 d-------- C:\Documents and Settings\NetworkService\Application Data
2008-03-05 10:34:40 0 d---s---- C:\Documents and Settings\NetworkService\Application Data\Microsoft
2008-03-05 10:31:53 0 d-------- C:\WINDOWS\system32\xircom
2008-03-05 10:31:53 0 d-------- C:\Program Files\microsoft frontpage
2008-03-05 10:31:51 225280 ---h----- C:\Documents and Settings\Default User\NTUSER.DAT
2008-03-05 10:31:45 0 -rahs---- C:\MSDOS.SYS
2008-03-05 10:31:45 0 -rahs---- C:\IO.SYS
2008-03-05 10:31:45 0 --a------ C:\CONFIG.SYS
2008-03-05 10:31:45 0 --a------ C:\AUTOEXEC.BAT
2008-03-05 10:30:55 0 d--hs---- C:\Documents and Settings\All Users\DRM
2008-03-05 10:30:47 0 dr------- C:\WINDOWS\Offline Web Pages
2008-03-05 10:30:47 0 d---s---- C:\WINDOWS\Downloaded Program Files
2008-03-05 10:30:36 0 d--h----- C:\Program Files\WindowsUpdate
2008-03-05 10:30:14 0 d-------- C:\WINDOWS\system32\DirectX
2008-03-05 10:29:35 0 d---s---- C:\WINDOWS\Tasks
2008-03-05 10:29:34 0 d-------- C:\Program Files\Common Files\MSSoap
2008-03-05 10:29:28 0 d-------- C:\WINDOWS\srchasst
2008-03-05 10:29:27 0 d-------- C:\WINDOWS\system32\Macromed
2008-03-05 10:29:16 0 d-------- C:\Program Files\Movie Maker
2008-03-05 10:29:06 0 d-------- C:\WINDOWS\system32\Restore
2008-03-05 10:28:44 21640 --a------ C:\WINDOWS\system32\emptyregdb.dat
2008-03-05 10:28:30 0 d-------- C:\WINDOWS\Registration
2008-03-05 10:28:03 0 d-------- C:\Program Files\Online Services
2008-03-05 10:27:58 0 d-------- C:\Program Files\Messenger
2008-03-05 10:27:53 0 d-------- C:\Program Files\MSN Gaming Zone
2008-03-05 10:27:03 0 d-------- C:\Program Files\Windows NT
2008-03-05 10:26:59 0 d-------- C:\WINDOWS\system32\MsDtc
2008-03-05 10:26:57 0 d-------- C:\WINDOWS\system32\Com


-- Find3M Report ---------------------------------------------------------------

2008-03-05 19:20:19 62 --ahs---- C:\Documents and Settings\jerionmari\Application Data\desktop.ini
2008-03-05 11:05:19 56 --a------ C:\Program Files\Common Files\appop.log


-- Registry Dump ---------------------------------------------------------------

*Note* empty entries & legit default entries are not shown


[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RTHDCPL"="RTHDCPL.EXE" [10/15/2005 09:51 AM C:\WINDOWS\RTHDCPL.EXE]
"RestoreIT!"="C:\Program Files\FarStone\RestoreIT\RestoreIT_XP\VBPTASK.exe" [04/29/2005 08:39 PM]
"!AVG Anti-Spyware"="C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" [06/11/2007 05:25 PM]
"AVG7_CC"="C:\PROGRA~1\Grisoft\AVG7\avgcc.exe" [03/05/2008 12:12 PM]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe" [02/22/2008 04:25 AM]
"Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [01/11/2008 10:16 PM]
"NeroFilterCheck"="C:\WINDOWS\system32\NeroCheck.exe" [07/09/2001 11:50 AM]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [08/04/2004 08:00 PM]
"amva"="C:\WINDOWS\system32\amvo.exe" [03/20/2008 12:26 PM]

C:\Documents and Settings\All Users\Start Menu\Programs\Startup\
Microtek Scanner Finder.lnk - C:\Program Files\Microtek\ScanWizard 5\ScannerFinder.exe [3/6/2008 9:20:54 AM]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\system]
"DisableRegistryTools"=0 (0x0)

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^InterVideo WinCinema Manager.lnk]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\InterVideo WinCinema Manager.lnk
backup=C:\WINDOWS\pss\InterVideo WinCinema Manager.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Microsoft Office.lnk]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Microsoft Office.lnk
backup=C:\WINDOWS\pss\Microsoft Office.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ctfmon.exe]
C:\WINDOWS\system32\ctfmon.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\EPSON Stylus C59 Series]
C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIBHP.EXE /FU "C:\WINDOWS\TEMP\E_S8A.tmp" /EF "HKLM"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\farstone]


[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WINCINEMAMGR]
"C:\Program Files\InterVideo\Common\Bin\WinCinemaMgr.exe"


[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{0a717d25-ea70-11dc-93d7-0016763c047e}]
AutoRun\command- F:\h6o0re.cmd
explore\Command- F:\h6o0re.cmd
open\Command- F:\h6o0re.cmd

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{6c68a622-f4d5-11dc-9409-0016763c047e}]
Auto\command- setup.exe
AutoRun\command- C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL setup.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{8a8d04a0-ea8a-11dc-93dc-0016763c047e}]
AutoRun\command- C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL Desktop.exe
Explore\Command- Desktop.exe
Open\Command- Desktop.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{8a8d04a6-ea8a-11dc-93dc-0016763c047e}]
Autoplay\Command- F:\xmss.exe
AutoRun\command- F:\xmss.exe
Explore\Command- F:\xmss.exe
Open\Command- F:\xmss.exe




-- End of Deckard's System Scanner: finished at 2008-03-20 14:31:03 ------------
  • 0

#4
cirej

cirej

    Member

  • Topic Starter
  • Member
  • PipPip
  • 18 posts
Trojan Found associated at amvo.exe
Malware Group: KAVKOP:Trojan-A

What should I do to remove it???

Prevx CSI Log - Version v1.6.104.130

Some non-malicious files are not included in this log.
C:\WINDOWS\System32\smss.exe InMem: 1 Det [G] MD5: BD7FB0957C716F1A60333AEE04DE2178 PX5: 858985AB00B86E2BC60900AD18ED0300AAE1DE66
C:\WINDOWS\system32\ntdll.dll InMem: 1 Det [G] MD5: BB5CBFFC096497506167BCE1D9690EF2 PX5: C67635B000C7EFCCCEC40AD85BC1A300F252F525
C:\WINDOWS\system32\csrss.exe InMem: 1 Det [G] MD5: F12B178B1678D778CFD3FF1FC38C71FB PX5: 915E606100C25A44189F00665DD0AE00C2915516
C:\WINDOWS\system32\CSRSRV.dll InMem: 1 Det [G] MD5: D06EAA8B23BC1F671B11D18CFEA65115 PX5: C955D99B00AD22858091009CE7653300F7E45BAD
C:\WINDOWS\system32\basesrv.dll InMem: 1 Det [G] MD5: 00EF9C3AF83EDBAF18CA7A2837750117 PX5: 7CF7B2D300161694CEE70079FD762A00FD221255
C:\WINDOWS\system32\winsrv.dll InMem: 1 Det [G] MD5: 3D21B3BE0C5768E76FD9780E9CF9E07C PX5: 9F12216B00E243DC788304E70F620200B9651418
C:\WINDOWS\system32\GDI32.dll InMem: 1 Det [G] MD5: 3A0D35E8FB2AB3273558ADAF92FC2F90 PX5: 9D4C6D890038D28A4E82041A7993750075164CE7
C:\WINDOWS\system32\KERNEL32.dll InMem: 1 Det [G] MD5: A01F9CA902A88F7CED06884174D6419D PX5: 0AD652AA00FC1D0C06930F5593CD84002DD65432
C:\WINDOWS\system32\USER32.dll InMem: 1 Det [G] MD5: B409909F6E2E8A7067076ED748ABF1E7 PX5: 1EE852BB004AFE80D0E5086E010CC200BAEDD060
C:\WINDOWS\system32\sxs.dll InMem: 1 Det [G] MD5: 0FF9FA27706FBE9048990C108C0D62F0 PX5: 7DA6155100CD9BC4E2BC0A5BBE89310022984217
C:\WINDOWS\system32\ADVAPI32.dll InMem: 1 Det [G] MD5: 1AFF244CA134956C54474F4E2433E4CE PX5: 296A3B25006A64436AAF09BF97D4150087D2BD6D
C:\WINDOWS\system32\RPCRT4.dll InMem: 1 Det [G] MD5: B49DCCD4DCF1D52BFCCC44677E56CFB4 PX5: 97BAC51100218E33EAE1082262F6E30019048901
REGRPC - \REGISTRY\Machine\Software\Microsoft\Rpc\ClientProtocols - ncacn_np [rpcrt4.dll]
REGRPC - \REGISTRY\Machine\Software\Microsoft\Rpc\ClientProtocols - ncacn_ip_tcp [rpcrt4.dll]
REGRPC - \REGISTRY\Machine\Software\Microsoft\Rpc\ClientProtocols - ncadg_ip_udp [rpcrt4.dll]
REGRPC - \REGISTRY\Machine\Software\Microsoft\Rpc\ClientProtocols - ncacn_http [rpcrt4.dll]
C:\WINDOWS\system32\Secur32.dll InMem: 1 Det [G] MD5: 81459CB8E975003AD28B8ABB8DFA8329 PX5: 536E34A8003EFBF8DA2800A52BB2F5002C50EDCF
REGRPC - \REGISTRY\Machine\Software\Microsoft\Rpc\SecurityService - 9 [secur32.dll]
REGRPC - \REGISTRY\Machine\Software\Microsoft\Rpc\SecurityService - 10 [secur32.dll]
REGRPC - \REGISTRY\Machine\Software\Microsoft\Rpc\SecurityService - 16 [secur32.dll]
REGRPC - \REGISTRY\Machine\Software\Microsoft\Rpc\SecurityService - 18 [secur32.dll]
C:\WINDOWS\system32\winlogon.exe InMem: 1 Det [G] MD5: 01C3346C241652F43AED8E2149881BFE PX5: 08A3C79400E89575AACC07CFE43BE4007E07B082
C:\WINDOWS\system32\AUTHZ.dll InMem: 1 Det [G] MD5: 5C3DF25926729EBEEF5CC7FF1933B360 PX5: 9C99E50400FE530EDE9300C611EE4100D1F5B0A9
C:\WINDOWS\system32\msvcrt.dll InMem: 1 Det [G] MD5: B0FEFA816D61EC66AA765DDF534EAB5E PX5: 8D219F8D00D363B03C94050F1D501000232569AA
C:\WINDOWS\system32\CRYPT32.dll InMem: 1 Det [G] MD5: EFC958396A7A7EF7E6D4A52B97512E18 PX5: 4A59DFBA00DC49271E850917445B2900D34AB5D6
REGWINLOG - \REGISTRY\Machine\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\crypt32chain - DllName [crypt32.dll]
C:\WINDOWS\system32\MSASN1.dll InMem: 1 Det [G] MD5: 3CD1CE106CA2A9B4CC626D7DF03FBD6F PX5: A4F4ADCF0079800BE0EB00B2C969390093F01930
C:\WINDOWS\system32\NDdeApi.dll InMem: 1 Det [G] MD5: 458AB591E8CF240CC105A23671F2C3D6 PX5: 956C54EE009E4E5046BE007A7FAF9200E4434752
C:\WINDOWS\system32\PROFMAP.dll InMem: 1 Det [G] MD5: FE4F71711CF5C17ADE5E506348132D24 PX5: 129936C20053D9156CD7001C64367E00E414EB45
C:\WINDOWS\system32\NETAPI32.dll InMem: 1 Det [G] MD5: 35A4C61B5A9AE04E73843FB21F9A1137 PX5: 0919F94300101F5012140538A0E252006DFECAEF
C:\WINDOWS\system32\USERENV.dll InMem: 1 Det [G] MD5: 2B9B56A89A8A42E917511972A6DB36E3 PX5: 8D0A73790000B9A60AFA0B7799BA50001480E583
C:\WINDOWS\system32\PSAPI.DLL InMem: 1 Det [G] MD5: 96E48C7EB9089D1DBF6F85CA11B264DF PX5: E45B4B8F006B80405A31004447A81A0004CB0571
C:\WINDOWS\system32\REGAPI.dll InMem: 1 Det [G] MD5: 899ED710FDC37EB7D0115C2932C2B1EB PX5: 3BDFE07B00636050C232006EC96F600028536072
C:\WINDOWS\system32\SETUPAPI.dll InMem: 1 Det [G] MD5: 7808313CBC634EE08346D5DDFEF1CC5F PX5: 154783FC009BD5AC024A0FD064643800249F930D
C:\WINDOWS\system32\VERSION.dll InMem: 1 Det [G] MD5: D38408967BE738D0C1B47005BCE8CEEB PX5: 48B2326F0046ACF04A2F009ECFE2F700297C7989
C:\WINDOWS\system32\WINSTA.dll InMem: 1 Det [G] MD5: 7BC4BA4C33ADF3EF5CD370D99BC60B04 PX5: 4FC178B000482116D2BD00E93C9ECE00D0480EF2
C:\WINDOWS\system32\WINTRUST.dll InMem: 1 Det [G] MD5: B015A20C60D2A751777A9C8207A7BA82 PX5: DB0CC24600AC672EB2E30223D02BD300BCD7BC8F
C:\WINDOWS\system32\IMAGEHLP.dll InMem: 1 Det [G] MD5: 5AFCE94E8286B2F57A04DA37F01BF21A PX5: C514DEA900649DD634FB027E5F879F00BCCD8258
C:\WINDOWS\system32\WS2_32.dll InMem: 1 Det [G] MD5: 2ED0B7F12A60F90092081C50FA0EC2B2 PX5: ED479C43003596C5447E01096F563C00A0368937
C:\WINDOWS\system32\WS2HELP.dll InMem: 1 Det [G] MD5: 9BEACB911CA61E5881102188AB7FB431 PX5: D5E6E5C200940F924EAB009267BAC700194216C3
C:\WINDOWS\system32\IMM32.DLL InMem: 1 Det [G] MD5: 87CA7CE6469577F059297B9D6556D66D PX5: 4DA51A0A00D858BFAE4F01B360834F009316407E
C:\WINDOWS\system32\MSGINA.dll InMem: 1 Det [G] MD5: A29AF639AA180CC68C59242A10E1D3B1 PX5: 332D310E00FAA8212CA00F238AD78B0023CDC234
C:\WINDOWS\system32\SHELL32.dll InMem: 1 Det [G] PX5: 215DA58300AF5EA202CF8162043804000AEEC399
REGWINLOG - \REGISTRY\Machine\Software\Microsoft\Windows NT\CurrentVersion\Winlogon - VmApplet [rundll32 shell32,Control_RunDLL "sysdm.cpl"]
REGSHLEXHOOK - \REGISTRY\Machine\Software\Classes\CLSID\{AEB6717E-7E19-11d0-97EE-00C04FD91972}\InprocServer32 - {AEB6717E-7E19-11d0-97EE-00C04FD91972} [shell32.dll]
REGDELAY - \REGISTRY\Machine\Software\Classes\CLSID\{7849596a-48ea-486e-8937-a2a3009f31a9}\InprocServer32 - PostBootReminder [%SystemRoot%\system32\SHELL32.dll]
REGDELAY - \REGISTRY\Machine\Software\Classes\CLSID\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InprocServer32 - CDBurn [%SystemRoot%\system32\SHELL32.dll]
REGTOOLBAR - \REGISTRY\Machine\Software\Classes\CLSID\{0E5CBF21-D15F-11D0-8301-00AA005B4383}\InprocServer32 - {0E5CBF21-D15F-11D0-8301-00AA005B4383} [%SystemRoot%\system32\SHELL32.dll]
REGEXPSHELL - \REGISTRY\Machine\Software\Classes\CLSID\{0D2E74C4-3C34-11d2-A27E-00C04FC30871}\InprocServer32 - [%SystemRoot%\system32\SHELL32.dll]
REGEXPSHELL - \REGISTRY\Machine\Software\Classes\CLSID\{24F14F01-7B1C-11d1-838f-0000F80461CF}\InprocServer32 - [%SystemRoot%\system32\SHELL32.dll]
REGEXPSHELL - \REGISTRY\Machine\Software\Classes\CLSID\{24F14F02-7B1C-11d1-838f-0000F80461CF}\InprocServer32 - [%SystemRoot%\system32\SHELL32.dll]
REGEXPSHELL - \REGISTRY\Machine\Software\Classes\CLSID\{66742402-F9B9-11D1-A202-0000F81FEDEE}\InprocServer32 - [%SystemRoot%\system32\SHELL32.dll]
REGEXPSHELL - \REGISTRY\Machine\Software\Classes\CLSID\{09799AFB-AD67-11d1-ABCD-00C04FC30936}\InprocServer32 - [%SystemRoot%\system32\SHELL32.dll]
REGEXPSHELL - \REGISTRY\Machine\Software\Classes\CLSID\{A470F8CF-A1E8-4f65-8335-227475AA5C46}\InprocServer32 - [%SystemRoot%\system32\SHELL32.dll]
REGEXPSHELL - \REGISTRY\Machine\Software\Classes\CLSID\{a2a9545d-a0c2-42b4-9708-a0b2badd77c8}\InprocServer32 - [%SystemRoot%\system32\SHELL32.dll]
REGEXPSHELL - \REGISTRY\Machine\Software\Classes\CLSID\{ef43ecfe-2ab9-4632-bf21-58909dd177f0}\InprocServer32 - [%SystemRoot%\system32\SHELL32.dll]
REGEXPSHELL - \REGISTRY\Machine\Software\Classes\CLSID\{217FC9C0-3AEA-1069-A2DB-08002B30309D}\InprocServer32 - [shell32.dll]
C:\WINDOWS\system32\SHLWAPI.dll InMem: 1 Det [GP] MD5: 677172D170525883181200DF23E523D3 PX5: 7847F98300CCEE813C2607FB93BF2D005EE2EEDD
C:\WINDOWS\system32\COMCTL32.dll InMem: 1 Det [G] MD5: B0124CB21D28B1C9F678B566B6B57D92 PX5: 58711F2E0031D0D66C9109B3CC40D8001324BA48
C:\WINDOWS\system32\ODBC32.dll InMem: 1 Det [G] MD5: F79D7D98CD764499ECCBAAF3F800D349 PX5: 7B1DF19300CD6699D0980342C9BBC000005C4BB6
C:\WINDOWS\system32\comdlg32.dll InMem: 1 Det [G] MD5: 1EDB1BB89D021955E6F7265911175B8D PX5: 892EEE5500E4EDA63AA104D70FCBB60076D8D62A
C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.2982_x-ww_ac3f9c03\comctl32.dll InMem: 1 Det [G] MD5: C4E80875C1CF1222FC5EFD0314AE5C01 PX5: 56C8CE5E00851B0E16C71080EE38A700B0371013
C:\WINDOWS\system32\odbcint.dll InMem: 1 Det [G] MD5: C237FB08F52F27823C4E4E6705ECD196 PX5: 847B8E9B004B5A42703B01AC5A6AB700CD30D958
C:\WINDOWS\system32\SHSVCS.dll InMem: 1 Det [G] MD5: 6815DEF9B810AEFAC107EEAF72DA6F82 PX5: 2C529D1E00C1F0F70ECC025EA1ABB800AB55D8AD
C:\WINDOWS\system32\sfc.dll InMem: 1 Det [G] MD5: E8A12A12EA9088B4327D49EDCA3ADD3E PX5: 89E84D5200CF03421478002B882F7D00A63C49D3
C:\WINDOWS\system32\sfc_os.dll InMem: 1 Det [G] MD5: 9858CC4D73A4CCF2F852FAE07C11A0B5 PX5: F26B2BAF0018BC9E2489020583C62D00D3EDFCD1
C:\WINDOWS\system32\ole32.dll InMem: 1 Det [G] MD5: AB8231D13692AC5088EB9C226B0C0576 PX5: 37731593007696ED9C6813CFF613B1004A93B4E7
C:\WINDOWS\system32\Apphelp.dll InMem: 1 Det [G] MD5: ECA24AB73FCFFA754D4070CDB03529E3 PX5: CAD3C6370032D7A5F0B3015FD8E92200A7751139
C:\WINDOWS\system32\msctfime.ime InMem: 1 Det [G] MD5: D87041EAA67ECA4394F6D5D09C0C2885 PX5: F657260400203250B436023B63BED10004430D4E
C:\WINDOWS\system32\WINSCARD.DLL InMem: 1 Det [G] MD5: 7BCB23FA39CE266AF4347A6BEAB60F8C PX5: 40DE6C9D00625F258477015397173C002F7330D3
C:\WINDOWS\system32\WTSAPI32.dll InMem: 1 Det [G] MD5: 67F2D109AB373FECEB819F420DB11F03 PX5: C00F08BB00D5C1E748870068B7CF33003C5DB51A
C:\WINDOWS\system32\uxtheme.dll InMem: 1 Det [G] MD5: 2CDE496666A975A2CE8F969F3042C8DB PX5: 004E6F720026350A5600030933650A008FE9F7B0
C:\WINDOWS\system32\WINMM.dll InMem: 1 Det [G] MD5: 90FDAA22F38D9E911F91FA3B8A1F7E5D PX5: 13F5EAB2004B18C7B0AA0253C3C1330003CE5648
C:\WINDOWS\system32\Ati2evxx.dll InMem: 1 Det [G] MD5: 4E16A4EF6CAC62CD4F21EEC7C3683626 PX5: 101077C600AC1D04B4950017FCB09A006A3072FF
REGWINLOG - \REGISTRY\Machine\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\AtiExtEvent - DLLName [Ati2evxx.dll]
C:\WINDOWS\system32\cscdll.dll InMem: 1 Det [G] MD5: 587729679B4FE04CE06A5C61D6C56DCD PX5: 971F59D600837AC68E6701A3E5B77A00309F7ECB
REGWINLOG - \REGISTRY\Machine\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\cscdll - DLLName [cscdll.dll]
C:\WINDOWS\system32\rsaenh.dll InMem: 1 Det [G] MD5: 26ACBD865F8CFF730F1791C4D0854352 PX5: 19B797A900BB112F5426027FDD39EC001D5760F1
C:\WINDOWS\system32\WlNotify.dll InMem: 1 Det [G] MD5: A599E5E366C1408E48AA5D37882D4E3E PX5: B3DE3F08000763CC6ADE017B79CC190098DD584B
REGWINLOG - \REGISTRY\Machine\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\ScCertProp - DLLName [wlnotify.dll]
REGWINLOG - \REGISTRY\Machine\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\Schedule - DllName [wlnotify.dll]
REGWINLOG - \REGISTRY\Machine\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\SensLogn - DLLName [WlNotify.dll]
REGWINLOG - \REGISTRY\Machine\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\termsrv - DllName [wlnotify.dll]
REGWINLOG - \REGISTRY\Machine\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\wlballoon - DLLName [wlnotify.dll]
C:\WINDOWS\system32\WINSPOOL.DRV InMem: 1 Det [G] MD5: 777EB29D0135D81AD9828A2B05443496 PX5: 015C030400CF66743CEC02C1CDE749000B659A52
C:\WINDOWS\system32\MPR.dll InMem: 1 Det [G] MD5: 2CFE80AA3428C09E6DE67FAC50DA65CF PX5: 53E19177002424D9EAD7005EFAA4ED00F14A5B45
C:\WINDOWS\system32\msv1_0.dll InMem: 1 Det [G] MD5: 77C41F9146450C89534704A75836CE56 PX5: 849F823900874A5BFA030136E43C1D00F7CBD368
REGLSA - \REGISTRY\Machine\System\CurrentControlSet\Control\Lsa - Authentication Packages [msv1_0]
REGLSA - \REGISTRY\Machine\System\CurrentControlSet\Control\Lsa - Security Packages [kerberos]
C:\WINDOWS\system32\iphlpapi.dll InMem: 1 Det [G] MD5: 011EACF9153EF90E6CBCE2987ACAE411 PX5: 352A2D9200DB457772C6019AB1E38E009C7A5700
C:\WINDOWS\system32\SAMLIB.dll InMem: 1 Det [G] MD5: EBE12F403FDE45E7312E7BF764BFB6C6 PX5: C6E9EBFF00376E94FAAE002B3D4FE600C1F3F18E
C:\WINDOWS\system32\cscui.dll InMem: 1 Det [G] MD5: 51230212AE7F8159A90F06A7EA30DD8A PX5: 7251405F009E1821FC4204FF4DD95A00364FF1CF
REGGPOLICY - \REGISTRY\Machine\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\GPExtensions\{C631DF4C-088F-4156-B058-4375F0853CD8} - DllName [%SystemRoot%\System32\cscui.dll]
REGSHELLEXT - \REGISTRY\Machine\Software\Classes\CLSID\{750fdf0e-2a26-11d1-a3ea-080036587f03}\InprocServer32 - {750fdf0e-2a26-11d1-a3ea-080036587f03} [%SystemRoot%\System32\cscui.dll]
REGSHELLEXT - \REGISTRY\Machine\Software\Classes\CLSID\{10CFC467-4392-11d2-8DB4-00C04FA31A66}\InprocServer32 - {10CFC467-4392-11d2-8DB4-00C04FA31A66} [%SystemRoot%\System32\cscui.dll]
REGSHELLEXT - \REGISTRY\Machine\Software\Classes\CLSID\{AFDB1F70-2A4C-11d2-9039-00C04F8EEB3E}\InprocServer32 - {AFDB1F70-2A4C-11d2-9039-00C04F8EEB3E} [%SystemRoot%\System32\cscui.dll]
C:\WINDOWS\system32\wdmaud.drv InMem: 1 Det [G] MD5: D6A8DC8C374EEA24744F2D4E87CA0E7E PX5: 9E997A9100E00AB25C2E0007BFD7ED00D6DB759F
REGDRIVER - \REGISTRY\Machine\Software\Microsoft\Windows NT\CurrentVersion\Drivers32 - wave [wdmaud.drv]
REGDRIVER - \REGISTRY\Machine\Software\Microsoft\Windows NT\CurrentVersion\Drivers32 - midi [wdmaud.drv]
REGDRIVER - \REGISTRY\Machine\Software\Microsoft\Windows NT\CurrentVersion\Drivers32 - mixer [wdmaud.drv]
REGDRIVER - \REGISTRY\Machine\Software\Microsoft\Windows NT\CurrentVersion\Drivers32 - aux [wdmaud.drv]
REGDRIVER - \REGISTRY\Machine\Software\Microsoft\Windows NT\CurrentVersion\Userinstallable.drivers - wave [wdmaud.drv]
C:\WINDOWS\system32\MPRAPI.dll InMem: 1 Det [G] MD5: 9F78F329B1858E845087B923B4DBA0F3 PX5: 89A9326300429D6F544C0140C8E6CF006BE03453
C:\WINDOWS\system32\ACTIVEDS.dll InMem: 1 Det [G] MD5: 875D770F477E0AE0088BE1810D537B23 PX5: 67FDEADE001365B1F639027CBF788C007F0C0466
C:\WINDOWS\system32\adsldpc.dll InMem: 1 Det [G] MD5: 12A581CA44E53B09D24C5B94F252C78D PX5: B147B9E700C7511F3070026D6E9329002B36B91C
C:\WINDOWS\system32\WLDAP32.dll InMem: 1 Det [G] MD5: 10F36FA092D7A309A0647FCDC764AE6C PX5: BB7512DA00E90F3EA05602946259A9007F8695BD
C:\WINDOWS\system32\ATL.DLL InMem: 1 Det [G] MD5: 2D40EDB9BF811590DAD7406DEC67B926 PX5: 5E305C2100F089A0E682004447382A00FDED6863
C:\WINDOWS\system32\OLEAUT32.dll InMem: 1 Det [G] MD5: 0144ABC4C4A624B583D432EE478A711C PX5: D1F593D800E8FAF668CA0813471870000992F532
C:\WINDOWS\system32\rtutils.dll InMem: 1 Det [G] MD5: 2030FA027E7C3E0A145649C03171457B PX5: 47F262E000A76D5BAC5800EFA3AA12007319C827
C:\WINDOWS\system32\xpsp2res.dll InMem: 1 Det [G] MD5: 1320AEA7057A26A671D9548CC7BEBDA5 PX5: DA22457E009A2BE138AD2CE13B304000CC3BE023
C:\WINDOWS\system32\msacm32.drv InMem: 1 Det [G] MD5: 9A3BD5F55AADFF859539142F6328A66E PX5: 0A0C500500C4AB055058007FB94555005B041DD7
REGDRIVER - \REGISTRY\Machine\Software\Microsoft\Windows NT\CurrentVersion\Drivers32\Terminal Server\RDP - wavemapper [msacm32.drv]
C:\WINDOWS\system32\MSACM32.dll InMem: 1 Det [G] MD5: 975D12353B1D525C0F3444C447FB3B9A PX5: F818B09C0055EBEA18B101729A6EC6002AD08A29
C:\WINDOWS\system32\midimap.dll InMem: 1 Det [G] MD5: 3B4702155BB2AE9DC00C06A68834BDFA PX5: 57090CFC0008E4CA4A4F00428AB4320020C9C16A
REGDRIVER - \REGISTRY\Machine\Software\Microsoft\Windows NT\CurrentVersion\Drivers32\Terminal Server\RDP - midimapper [midimap.dll]
C:\WINDOWS\system32\NTMARTA.DLL InMem: 1 Det [G] MD5: DAA91B358E685FC6CCA9ACA72BE6FE85 PX5: 1E915E1600DB5D12D0A801955C4BCF00D7074068
REGLSA - \REGISTRY\Machine\System\CurrentControlSet\Control\Lsa\AccessProviders\Windows NT Access Provider - ProviderPath [%SystemRoot%\system32\ntmarta.dll]
C:\WINDOWS\system32\COMRes.dll InMem: 1 Det [G] MD5: 6728270CB7DBB776ED086F5AC4C82310 PX5: 056D8FA100E39E7216470C7CE8FD7800B3987822
C:\WINDOWS\system32\CLBCATQ.DLL InMem: 1 Det [G] MD5: EC8A848FC4F17F3B3D9DA4A0C43FB930 PX5: F6005FF8002694229C2707EE8C3E3200AE61E555
C:\WINDOWS\system32\services.exe InMem: 1 Det [G] MD5: C6CE6EEC82F187615D1002BB3BB50ED4 PX5: 1B167F4F0083E585A6B8011373392400F157C83B
REGSERVICE - \REGISTRY\Machine\SYSTEM\ControlSet001\Services\Eventlog - ImagePath [C:\WINDOWS\system32\services.exe]
REGSERVICE - \REGISTRY\Machine\SYSTEM\ControlSet001\Services\PlugPlay - ImagePath [C:\WINDOWS\system32\services.exe]
C:\WINDOWS\system32\SCESRV.dll InMem: 1 Det [G] MD5: 9A42C1F3154545A4D32E5043038B01FA PX5: D5457DC900476E25CA9904FA093453007CE1D3EE
C:\WINDOWS\system32\umpnpmgr.dll InMem: 1 Det [G] MD5: 586211F4FF4BC49CC215C956919CD33B PX5: 9778CA37001C999DE21901CEE9332600C8A8FDFF
C:\WINDOWS\system32\NCObjAPI.DLL InMem: 1 Det [G] MD5: DA201A0A309B96381FD674D0FAB5DA86 PX5: 4A760B7A005A24058E1B000579721100D7860F10
C:\WINDOWS\system32\MSVCP60.dll InMem: 1 Det [G] MD5: 1F57EB5B92B2AC7F9D71A77D184D8C13 PX5: 529F9CCA00E65E4E50F406DD88392600874CC458
C:\WINDOWS\system32\ShimEng.dll InMem: 1 Det [G] MD5: 43DA983415EA533F9E667FDB415F4655 PX5: 187925F700B0758B00BE01FCD873B4008BD47C54
C:\WINDOWS\AppPatch\AcAdProc.dll InMem: 1 Det [G] MD5: 744EA281298317E91C3BEA70BF3843D4 PX5: 4481FDAC006BDDB69ABC00D7D79D140035AF8893
C:\WINDOWS\system32\eventlog.dll InMem: 1 Det [G] MD5: 82B24CB70E5944E6E34662205A2A5B78 PX5: 74C0ACE400BB539DDA760019C66FFE004EA8E15E
C:\WINDOWS\system32\lsass.exe InMem: 1 Det [G] MD5: 84885F9B82F4D55C6146EBF6065D75D2 PX5: E322179B00AF6D2D3445003B3C2E0700A1B0AF84
REGSERVICE - \REGISTRY\Machine\SYSTEM\ControlSet001\Services\Netlogon - ImagePath [C:\WINDOWS\system32\lsass.exe]
REGSERVICE - \REGISTRY\Machine\SYSTEM\ControlSet001\Services\NtLmSsp - ImagePath [C:\WINDOWS\system32\lsass.exe]
REGSERVICE - \REGISTRY\Machine\SYSTEM\ControlSet001\Services\PolicyAgent - ImagePath [C:\WINDOWS\system32\lsass.exe]
REGSERVICE - \REGISTRY\Machine\SYSTEM\ControlSet001\Services\ProtectedStorage - ImagePath [C:\WINDOWS\system32\lsass.exe]
REGSERVICE - \REGISTRY\Machine\SYSTEM\ControlSet001\Services\SamSs - ImagePath [C:\WINDOWS\system32\lsass.exe]
C:\WINDOWS\system32\LSASRV.dll InMem: 1 Det [G] MD5: F1C69FD5009CD4219C8DCA5DF475D66B PX5: EB2E7D6200430BBE04C40B96CAC04A0051502E73
C:\WINDOWS\system32\NTDSAPI.dll InMem: 1 Det [G] MD5: 6201BACF384292A5FE94CE73364AE53A PX5: 829FACD8005095330684014F43849600A4A7FB8D
C:\WINDOWS\system32\DNSAPI.dll InMem: 1 Det [G] MD5: 16E68F1DB0E37C13A5FB5F9611A38EDC PX5: 74EB5FA400091D754463024F4ED97A0092707122
C:\WINDOWS\system32\SAMSRV.dll InMem: 1 Det [G] MD5: E15154E7FDA8A580A8F74C7CC16B1FFE PX5: 253D430300438A98588C06CDDB739000272E6768
C:\WINDOWS\system32\cryptdll.dll InMem: 1 Det [G] MD5: EF5B64A9CD71ED27E837165C08DA4CC1 PX5: 03BDA30E00C2568782E70078CCDCA600FB107A2E
C:\WINDOWS\AppPatch\AcGenral.DLL InMem: 1 Det [G] MD5: FB537F29A827D78F756154CF397A113F PX5: A5E070E5008A3CA2449B1C759DD89C00AE77A675
C:\WINDOWS\system32\msprivs.dll InMem: 1 Det [G] MD5: 6BEC17053284E847CF1FBB8C9A181E1E PX5: B7C3D94D00650CDCBC0A0065E2B2780073142639
C:\WINDOWS\system32\kerberos.dll InMem: 1 Det [G] MD5: FC3BCBEF084377FB3AB43E0E2FF812CB PX5: 2815B079000EADB3847504C1A6094F009DAE1FF3
REGLSA - \REGISTRY\Machine\System\CurrentControlSet\Control\Lsa - Security Packages [kerberos]
C:\WINDOWS\system32\netlogon.dll InMem: 1 Det [G] MD5: 96353FCECBA774BB8DA74A1C6507015A PX5: 4AD0CDF2006A3C7F36AD06B5AE145400218BAC7A
REGRPC - \REGISTRY\Machine\Software\Microsoft\Rpc\SecurityService - 68 [netlogon.dll]
C:\WINDOWS\system32\w32time.dll InMem: 1 Det [G] MD5: 2B281958F5D0CF99ED626E3EF39D5C8D PX5: 4B83AABA0027599EAA46024D449B460048D4CD90
C:\WINDOWS\system32\schannel.dll InMem: 1 Det [G] MD5: 532EA80E9F5452928F8426653215BE29 PX5: E084CAFD00263F4C3618026895AF4E00D376B1B0
REGRUNGEN - \REGISTRY\Machine\System\CurrentControlSet\Control\SecurityProviders - SecurityProviders [msapsspc.dll]
REGLSA - \REGISTRY\Machine\System\CurrentControlSet\Control\Lsa - Security Packages [kerberos]
REGRPC - \REGISTRY\Machine\Software\Microsoft\Rpc\SecurityService - 14 [schannel.dll]
C:\WINDOWS\system32\wdigest.dll InMem: 1 Det [G] MD5: C43D8F6FF8AC074CCD9B34B781E23E86 PX5: BFED3C3A008AC87AC0050035BC2B7B00252EECE6
REGLSA - \REGISTRY\Machine\System\CurrentControlSet\Control\Lsa - Security Packages [kerberos]
C:\WINDOWS\system32\scecli.dll InMem: 1 Det [G] MD5: 0F78E27F563F2AAF74B91A49E2ABF19A PX5: BA60DFD7007FF03BC0B10210E447DA00431A9EA5
REGGPOLICY - \REGISTRY\Machine\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\GPExtensions\{827D319E-6EAC-11D2-A4EA-00C04F79F83A} - DllName [scecli.dll]
REGGPOLICY - \REGISTRY\Machine\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\GPExtensions\{B1BE8D72-6EAC-11D2-A4EA-00C04F79F83A} - DllName [scecli.dll]
REGLSA - \REGISTRY\Machine\System\CurrentControlSet\Control\Lsa - Notification Packages [scecli]
C:\WINDOWS\system32\ipsecsvc.dll InMem: 1 Det [G] MD5: D1E299962B5956005113EC4AB1E0D9B7 PX5: A284B00D004412D1CACE0214647C4E008303B9B3
C:\WINDOWS\system32\oakley.DLL InMem: 1 Det [G] MD5: A76128BE63EEA6A3AF521A0576D3EBF7 PX5: B3FA2D0E00AA18AE12B804D88D758200387B1E01
C:\WINDOWS\system32\WINIPSEC.DLL InMem: 1 Det [G] MD5: 2B2F31E3F2CE3723C1B0F3700C8BE28B PX5: 316A8F9B009E219D8062008DBEE6D100C6CDF6D8
C:\WINDOWS\system32\pstorsvc.dll InMem: 1 Det [G] MD5: 306B30A036DB25FCB76B507FEDE07D58 PX5: D5E6DE15002AB97486EE00295E3519004311F809
C:\WINDOWS\system32\mswsock.dll InMem: 1 Det [G] MD5: 4E74AF063C3271FBEA20DD940CFD1184 PX5: 16BCD2890051C955BE5B03DEED8C6800046E1E5A
REGLSP - \REGISTRY\Machine\System\CurrentControlSet\Services\Winsock2\Parameters\Protocol_Catalog9\Catalog_Entries\000000000001 - PackedCatalogItem [%SystemRoot%\system32\mswsock.dll]
REGLSP - \REGISTRY\Machine\System\CurrentControlSet\Services\Winsock2\Parameters\Protocol_Catalog9\Catalog_Entries\000000000002 - PackedCatalogItem [%SystemRoot%\system32\mswsock.dll]
REGLSP - \REGISTRY\Machine\System\CurrentControlSet\Services\Winsock2\Parameters\Protocol_Catalog9\Catalog_Entries\000000000003 - PackedCatalogItem [%SystemRoot%\system32\mswsock.dll]
REGLSP - \REGISTRY\Machine\System\CurrentControlSet\Services\Winsock2\Parameters\Protocol_Catalog9\Catalog_Entries\000000000006 - PackedCatalogItem [%SystemRoot%\system32\mswsock.dll]
REGLSP - \REGISTRY\Machine\System\CurrentControlSet\Services\Winsock2\Parameters\Protocol_Catalog9\Catalog_Entries\000000000007 - PackedCatalogItem [%SystemRoot%\system32\mswsock.dll]
REGLSP - \REGISTRY\Machine\System\CurrentControlSet\Services\Winsock2\Parameters\Protocol_Catalog9\Catalog_Entries\000000000008 - PackedCatalogItem [%SystemRoot%\system32\mswsock.dll]
REGLSP - \REGISTRY\Machine\System\CurrentControlSet\Services\Winsock2\Parameters\Protocol_Catalog9\Catalog_Entries\000000000009 - PackedCatalogItem [%SystemRoot%\system32\mswsock.dll]
REGLSP - \REGISTRY\Machine\System\CurrentControlSet\Services\Winsock2\Parameters\Protocol_Catalog9\Catalog_Entries\000000000010 - PackedCatalogItem [%SystemRoot%\system32\mswsock.dll]
REGLSP - \REGISTRY\Machine\System\CurrentControlSet\Services\Winsock2\Parameters\Protocol_Catalog9\Catalog_Entries\000000000011 - PackedCatalogItem [%SystemRoot%\system32\mswsock.dll]
REGLSP - \REGISTRY\Machine\System\CurrentControlSet\Services\Winsock2\Parameters\NameSpace_Catalog5\Catalog_Entries\000000000001 - LibraryPath [%SystemRoot%\System32\mswsock.dll]
REGLSP - \REGISTRY\Machine\System\CurrentControlSet\Services\Winsock2\Parameters\NameSpace_Catalog5\Catalog_Entries\000000000003 - LibraryPath [%SystemRoot%\System32\mswsock.dll]
C:\WINDOWS\system32\hnetcfg.dll InMem: 1 Det [G] MD5: 765B30C776A1780B46B479FE614F707C PX5: 7D93B95F0053B42340FE05BA958353001E056FC5
C:\WINDOWS\System32\wshtcpip.dll InMem: 1 Det [G] MD5: A7F95A53EE055115DF03588997A47D4D PX5: DC9BB447001573924E70000972CCB00010ED4F34
C:\WINDOWS\system32\psbase.dll InMem: 1 Det [G] MD5: 4D3CCDF22D2B4BAE229BA73B81D13E26 PX5: 0E574A8700AB3CF97AE50134B55DCA00B9B05876
C:\WINDOWS\system32\dssenh.dll InMem: 1 Det [G] MD5: CACD2C63A79268D131EA37E85524CC44 PX5: 31E843BE00E2A81C18FA0265E10B6500232880A4
C:\WINDOWS\system32\Ati2evxx.exe InMem: 1 Det [G] MD5: 60D2D92BD2390C50BCE4106113F8B83B PX5: B0C63981006E5804C035057E52F7F500107B81AD
REGSERVICE - \REGISTRY\Machine\SYSTEM\ControlSet001\Services\Ati HotKey Poller - ImagePath [C:\WINDOWS\system32\Ati2evxx.exe]
C:\WINDOWS\system32\Ati2edxx.dll InMem: 1 Det [G] MD5: 6E6D9E0C45AED9A46A1CD09104D53E79 PX5: ABA7148800C2C19B9CF4001E50AB6A00AEAA820C
C:\WINDOWS\system32\svchost.exe InMem: 1 Det [G] MD5: 8F078AE4ED187AAABC0A305146DE6716 PX5: DAF1E19400616549387D0095555BE300779F3C3D
REGSERVICE - \REGISTRY\Machine\SYSTEM\ControlSet001\Services\Alerter - ImagePath [C:\WINDOWS\system32\svchost.exe]
REGSERVICE - \REGISTRY\Machine\SYSTEM\ControlSet001\Services\AppMgmt - ImagePath [C:\WINDOWS\system32\svchost.exe]
REGSERVICE - \REGISTRY\Machine\SYSTEM\ControlSet001\Services\AudioSrv - ImagePath [C:\WINDOWS\System32\svchost.exe]
REGSERVICE - \REGISTRY\Machine\SYSTEM\ControlSet001\Services\BITS - ImagePath [C:\WINDOWS\system32\svchost.exe]
REGSERVICE - \REGISTRY\Machine\SYSTEM\ControlSet001\Services\Browser - ImagePath [C:\WINDOWS\system32\svchost.exe]
REGSERVICE - \REGISTRY\Machine\SYSTEM\ControlSet001\Services\CryptSvc - ImagePath [C:\WINDOWS\system32\svchost.exe]
REGSERVICE - \REGISTRY\Machine\SYSTEM\ControlSet001\Services\DcomLaunch - ImagePath [C:\WINDOWS\system32\svchost.exe]
REGSERVICE - \REGISTRY\Machine\SYSTEM\ControlSet001\Services\Dhcp - ImagePath [C:\WINDOWS\system32\svchost.exe]
REGSERVICE - \REGISTRY\Machine\SYSTEM\ControlSet001\Services\dmserver - ImagePath [C:\WINDOWS\System32\svchost.exe]
REGSERVICE - \REGISTRY\Machine\SYSTEM\ControlSet001\Services\Dnscache - ImagePath [C:\WINDOWS\system32\svchost.exe]
REGSERVICE - \REGISTRY\Machine\SYSTEM\ControlSet001\Services\ERSvc - ImagePath [C:\WINDOWS\System32\svchost.exe]
REGSERVICE - \REGISTRY\Machine\SYSTEM\ControlSet001\Services\EventSystem - ImagePath [C:\WINDOWS\system32\svchost.exe]
REGSERVICE - \REGISTRY\Machine\SYSTEM\ControlSet001\Services\FastUserSwitchingCompatibility - ImagePath [C:\WINDOWS\System32\svchost.exe]
REGSERVICE - \REGISTRY\Machine\SYSTEM\ControlSet001\Services\helpsvc - ImagePath [C:\WINDOWS\System32\svchost.exe]
REGSERVICE - \REGISTRY\Machine\SYSTEM\ControlSet001\Services\HidServ - ImagePath [C:\WINDOWS\System32\svchost.exe]
REGSERVICE - \REGISTRY\Machine\SYSTEM\ControlSet001\Services\HTTPFilter - ImagePath [C:\WINDOWS\System32\svchost.exe]
REGSERVICE - \REGISTRY\Machine\SYSTEM\ControlSet001\Services\lanmanserver - ImagePath [C:\WINDOWS\system32\svchost.exe]
REGSERVICE - \REGISTRY\Machine\SYSTEM\ControlSet001\Services\lanmanworkstation - ImagePath [C:\WINDOWS\system32\svchost.exe]
REGSERVICE - \REGISTRY\Machine\SYSTEM\ControlSet001\Services\LmHosts - ImagePath [C:\WINDOWS\system32\svchost.exe]
REGSERVICE - \REGISTRY\Machine\SYSTEM\ControlSet001\Services\Messenger - ImagePath [C:\WINDOWS\system32\svchost.exe]
REGSERVICE - \REGISTRY\Machine\SYSTEM\ControlSet001\Services\Netman - ImagePath [C:\WINDOWS\System32\svchost.exe]
REGSERVICE - \REGISTRY\Machine\SYSTEM\ControlSet001\Services\Nla - ImagePath [C:\WINDOWS\system32\svchost.exe]
REGSERVICE - \REGISTRY\Machine\SYSTEM\ControlSet001\Services\NtmsSvc - ImagePath [C:\WINDOWS\system32\svchost.exe]
REGSERVICE - \REGISTRY\Machine\SYSTEM\ControlSet001\Services\RasAuto - ImagePath [C:\WINDOWS\system32\svchost.exe]
REGSERVICE - \REGISTRY\Machine\SYSTEM\ControlSet001\Services\RasMan - ImagePath [C:\WINDOWS\system32\svchost.exe]
REGSERVICE - \REGISTRY\Machine\SYSTEM\ControlSet001\Services\RemoteAccess - ImagePath [C:\WINDOWS\system32\svchost.exe]
REGSERVICE - \REGISTRY\Machine\SYSTEM\ControlSet001\Services\RpcSs - ImagePath [C:\WINDOWS\system32\svchost.exe]
REGSERVICE - \REGISTRY\Machine\SYSTEM\ControlSet001\Services\Schedule - ImagePath [C:\WINDOWS\System32\svchost.exe]
REGSERVICE - \REGISTRY\Machine\SYSTEM\ControlSet001\Services\seclogon - ImagePath [C:\WINDOWS\System32\svchost.exe]
REGSERVICE - \REGISTRY\Machine\SYSTEM\ControlSet001\Services\SENS - ImagePath [C:\WINDOWS\system32\svchost.exe]
REGSERVICE - \REGISTRY\Machine\SYSTEM\ControlSet001\Services\SharedAccess - ImagePath [C:\WINDOWS\System32\svchost.exe]
REGSERVICE - \REGISTRY\Machine\SYSTEM\ControlSet001\Services\ShellHWDetection - ImagePath [C:\WINDOWS\System32\svchost.exe]
REGSERVICE - \REGISTRY\Machine\SYSTEM\ControlSet001\Services\srservice - ImagePath [C:\WINDOWS\system32\svchost.exe]
REGSERVICE - \REGISTRY\Machine\SYSTEM\ControlSet001\Services\SSDPSRV - ImagePath [C:\WINDOWS\system32\svchost.exe]
REGSERVICE - \REGISTRY\Machine\SYSTEM\ControlSet001\Services\stisvc - ImagePath [C:\WINDOWS\system32\svchost.exe]
REGSERVICE - \REGISTRY\Machine\SYSTEM\ControlSet001\Services\TapiSrv - ImagePath [C:\WINDOWS\System32\svchost.exe]
REGSERVICE - \REGISTRY\Machine\SYSTEM\ControlSet001\Services\TermService - ImagePath [C:\WINDOWS\System32\svchost.exe]
REGSERVICE - \REGISTRY\Machine\SYSTEM\ControlSet001\Services\Themes - ImagePath [C:\WINDOWS\System32\svchost.exe]
REGSERVICE - \REGISTRY\Machine\SYSTEM\ControlSet001\Services\TrkWks - ImagePath [C:\WINDOWS\system32\svchost.exe]
REGSERVICE - \REGISTRY\Machine\SYSTEM\ControlSet001\Services\upnphost - ImagePath [C:\WINDOWS\system32\svchost.exe]
REGSERVICE - \REGISTRY\Machine\SYSTEM\ControlSet001\Services\usprserv - ImagePath [C:\WINDOWS\System32\svchost.exe]
REGSERVICE - \REGISTRY\Machine\SYSTEM\ControlSet001\Services\W32Time - ImagePath [C:\WINDOWS\System32\svchost.exe]
REGSERVICE - \REGISTRY\Machine\SYSTEM\ControlSet001\Services\WebClient - ImagePath [C:\WINDOWS\system32\svchost.exe]
REGSERVICE - \REGISTRY\Machine\SYSTEM\ControlSet001\Services\winmgmt - ImagePath [C:\WINDOWS\system32\svchost.exe]
REGSERVICE - \REGISTRY\Machine\SYSTEM\ControlSet001\Services\WmdmPmSN - ImagePath [C:\WINDOWS\System32\svchost.exe]
REGSERVICE - \REGISTRY\Machine\SYSTEM\ControlSet001\Services\wscsvc - ImagePath [C:\WINDOWS\System32\svchost.exe]
REGSERVICE - \REGISTRY\Machine\SYSTEM\ControlSet001\Services\wuauserv - ImagePath [C:\WINDOWS\system32\svchost.exe]
REGSERVICE - \REGISTRY\Machine\SYSTEM\ControlSet001\Services\WudfSvc - ImagePath [C:\WINDOWS\system32\svchost.exe]
REGSERVICE - \REGISTRY\Machine\SYSTEM\ControlSet001\Services\WZCSVC - ImagePath [C:\WINDOWS\System32\svchost.exe]
REGSERVICE - \REGISTRY\Machine\SYSTEM\ControlSet001\Services\xmlprov - ImagePath [C:\WINDOWS\System32\svchost.exe]
c:\windows\system32\rpcss.dll InMem: 1 Det [G] MD5: CE94A2BD25E3E9F4D46A7373FF455C6D PX5: D822603D00CD66D9129D06DB0B7B1D007E9F1628
c:\windows\system32\termsrv.dll InMem: 1 Det [G] MD5: B60C877D16D9C880B952FDA04ADF16E6 PX5: B23DB7CA00529A76824404BBA1C0E500E194B6BF
c:\windows\system32\ICAAPI.dll InMem: 1 Det [G] MD5: 37E7DB460A5315E4609B212C6C014527 PX5: 250F3DFD00F33C1F2CA90044E2AB0700656E66F3
c:\windows\system32\mstlsapi.dll InMem: 1 Det [G] MD5: F5EE7CACD1784241F138A5E55B715897 PX5: C2680D8300018E10C49501D751FA98009B3E7AB6
C:\WINDOWS\System32\winrnr.dll InMem: 1 Det [G] MD5: 2C8FDB176F22629EA5342DB474FAC391 PX5: B99E0E8D00542DFA424300FED26B3C00567EC44F
REGLSP - \REGISTRY\Machine\System\CurrentControlSet\Services\Winsock2\Parameters\NameSpace_Catalog5\Catalog_Entries\000000000002 - LibraryPath [%SystemRoot%\System32\winrnr.dll]
C:\WINDOWS\system32\rasadhlp.dll InMem: 1 Det [G] MD5: 5F098BD2AE6B03044B085DECFFDF91EC PX5: 730EB3E100BD805F2027003B3C2E0700962FB09B
c:\windows\system32\dhcpcsvc.dll InMem: 1 Det [G] MD5: EF545E1A4B043DA4C84E230DD471C55F PX5: A9EBC5D6001A18F3B4B401620314F40088368459
c:\windows\system32\wzcsvc.dll InMem: 1 Det [G] MD5: 5A91E6FEAB9F901302FA7FF768C0120F PX5: 5355281100DAD0967EED053F74F17200F9EBFA10
c:\windows\system32\WMI.dll InMem: 1 Det [G] MD5: E682696D7F982494A8CFC80C5B59D422 PX5: 07C4E937009487D016E3006A26ACBD000B74A165
c:\windows\system32\ESENT.dll InMem: 1 Det [G] MD5: 50DE118DA580208B914B40DD47C90D52 PX5: C8A857690088C1A584B81050256A6800C9E1A40E
C:\WINDOWS\System32\rastls.dll InMem: 1 Det [G] MD5: ADEAC063A3757E8FBC242BB4414D632B PX5: 41012AE700D403D9B68C010C32391300A1CC1B25
C:\WINDOWS\system32\CRYPTUI.dll InMem: 1 Det [G] MD5: 4AC302BF714DC163E685D0A187A36D0F PX5: 0555EC6A006F02A8D26607A164A23A00FADACFBB
C:\WINDOWS\system32\WININET.dll InMem: 1 Det [G] MD5: 806D274C9A6C3AAEA5EAE8E4AF841E04 PX5: 64BDA9C5005A040F96240C6FE57D76000A931BF0
C:\WINDOWS\system32\Normaliz.dll InMem: 1 Det [G] MD5: 10753A3ADC3E39A3B10CC3F08E98E6B4 PX5: E3FC1A7000BA1C775C420052AC60C600F74EBAFC
C:\WINDOWS\system32\iertutil.dll InMem: 1 Det [G] MD5: 3844E460C6CAECEAD3B5C782E656BAFD PX5: 0E5B27A60009B20016DB048CFD649C002B077E31
C:\WINDOWS\System32\RASAPI32.dll InMem: 1 Det [G] MD5: CD1F7ED9842138BEADF9ECBF37818BEF PX5: B42570E300C0A51B9C9A03B11C4470004F247D2C
C:\WINDOWS\System32\rasman.dll InMem: 1 Det [G] MD5: 30E244A707E6CE0A4B099CD6384EC6CA PX5: EDBB389C0036CD71F0EF007B23C7E500D974B004
C:\WINDOWS\System32\TAPI32.dll InMem: 1 Det [G] MD5: 6307A1B82F6CA87D7E0CDF49E6E7BC00 PX5: 7AE4E0A400D5864AC64B02EEA63BF300C0418EFD
C:\WINDOWS\System32\raschap.dll InMem: 1 Det [G] MD5: 1B0F0FC350C77B62A4B927810E53B2BF PX5: 469869220095F50610B00104DEE25E00746ECCB1
c:\windows\system32\schedsvc.dll InMem: 1 Det [G] MD5: 92360854316611F6CC471612213C3D92 PX5: 00967B3C00CA877DEA9B0283F80B86008C541907
C:\WINDOWS\System32\MSIDLE.DLL InMem: 1 Det [G] MD5: 249817F51C84D283E96E6B2580D21FFD PX5: 690A7593007ACD6D1AC1008CF3166F0059716CFB
c:\windows\system32\audiosrv.dll InMem: 1 Det [G] MD5: DB66DB626E4882EBEF55F136F12C1829 PX5: 932A31B600AB40CAA62C00BF06D62A00006A5BE9
c:\windows\system32\wkssvc.dll InMem: 1 Det [G] MD5: 3CD291A2C4909088B3D1E98DED73D4B2 PX5: 0E65A9AD004CED3604410264F0D57E003899F7EE
c:\windows\system32\cryptsvc.dll InMem: 1 Det [G] MD5: 10654F9DDCEA9C46CFB77554231BE73B PX5: AF326DE300CAB04EECF2002C6A88F800C175F52F
c:\windows\system32\certcli.dll InMem: 1 Det [G] MD5: AD44C5BC21213F394F6AFCB55CC39293 PX5: 733CB91900F5C521F81A02962CBA1C00EB8C1136
c:\windows\system32\ersvc.dll InMem: 1 Det [G] MD5: 67DFF7BBBD0E80AAB7B3CF061448DB8A PX5: 6FF656B000BD22FA5A0E001E333E02004608458D
c:\windows\system32\es.dll InMem: 1 Det [G] MD5: 34BBD9ACC1538818F2C878898C64E793 PX5: 0081FE5800E09C4CB61003D0290B1D00976C66BF
c:\windows\pchealth\helpctr\binaries\pchsvc.dll InMem: 1 Det [G] MD5: 8827911A8C37E40C027CBFC88E69D967 PX5: 8DE204D80030A6D498F90061FD9D1400CBF5C58F
c:\windows\system32\srvsvc.dll InMem: 1 Det [G] MD5: 0CB3AF149A0BAC0836022CA307C7A0F8 PX5: 92EB8E4600DD88A77A950111349C74000C827F72
c:\windows\system32\netman.dll InMem: 1 Det [G] MD5: 36739B39267914BA69AD0610A0299732 PX5: C51B550E00EF0CBA047F036BEC8A55000966CBCA
c:\windows\system32\netshell.dll InMem: 1 Det [G] MD5: BF52A4D4EB4CFB3109667E429B93E21A PX5: 7E06771900487C8710581A44A9373100B130C1AC
REGSHELLEXT - \REGISTRY\Machine\Software\Classes\CLSID\{7007ACC7-3202-11D1-AAD2-00805FC1270E}\InprocServer32 - {7007ACC7-3202-11D1-AAD2-00805FC1270E} [C:\WINDOWS\system32\NETSHELL.dll]
REGSHELLEXT - \REGISTRY\Machine\Software\Classes\CLSID\{992CFFA0-F557-101A-88EC-00DD010CCC48}\InprocServer32 - {992CFFA0-F557-101A-88EC-00DD010CCC48} [C:\WINDOWS\system32\NETSHELL.dll]
c:\windows\system32\credui.dll InMem: 1 Det [G] MD5: 1ECB753D7CEEC8F5A94C9781CA64EC44 PX5: 2958D65E00CF5461808D02E1D736740044A2B4BA
c:\windows\system32\WZCSAPI.DLL InMem: 1 Det [G] MD5: 9A9BBC71D0EBCD400A33ABCD5F0AB39C PX5: DACD9F2200A148C8CA530076C9ABDB00E531F0F8
c:\windows\system32\sens.dll InMem: 1 Det [G] MD5: DFD9870CF39C791D86C4C209DA9FA919 PX5: CCBBDD05006A9DD9989800FA9D19B200092DAE28
c:\windows\system32\seclogon.dll InMem: 1 Det [G] MD5: B1E0CE09895376871746F36DC5773B4F PX5: B63CB54C00A4D6F14A2500626A21D60080D8056D
c:\windows\system32\srsvc.dll InMem: 1 Det [G] MD5: 92BDF74F12D6CBEC43C94D4B7F804838 PX5: 94C789210046D3619AD10285BB07F100773F7289
c:\windows\system32\POWRPROF.dll InMem: 1 Det [G] MD5: 1B5F6923ABB450692E9FE0672C897AED PX5: 69018B76004AE3D7448B00F668AC380013A5409B
c:\windows\system32\trkwks.dll InMem: 1 Det [G] MD5: 6D9AC544B30F96C57F8206566C1FB6A1 PX5: 7870990A007CDDBD627A01EF59E79400E7B8DD73
c:\windows\system32\wuauserv.dll InMem: 1 Det [S] MD5: 13D72740963CBA12D9FF76A7F218BCD8 PX5: B80DF0DE00A655AA1A4900068A66AC000C7C0675
C:\WINDOWS\system32\wuaueng.dll InMem: 1 Det [G] MD5: 3EEC20E41F5F331B94002970CEAEC92F PX5: 26C07DF358FF2BE623151A8BD3FD64005FC70733
C:\WINDOWS\System32\WINHTTP.dll InMem: 1 Det [G] MD5: EA82A55F22654FBEDCBD82D2D4305B45 PX5: 06A2994C00D85B135CB105D77AAB0300B9222156
C:\WINDOWS\System32\Cabinet.dll InMem: 1 Det [G] MD5: 08F0190AE201EC331B4CA3B0FA2D2CCE PX5: 41C0FD920017CFBEEA3400FF6C23B200948AF962
C:\WINDOWS\System32\mspatcha.dll InMem: 1 Det [G] MD5: 633C197292B4051D986903827DE561A3 PX5: 82E94A59007F579A76DF00605FDB1800E5A3A44B
c:\windows\system32\wbem\wmisvc.dll InMem: 1 Det [G] MD5: F399242A80C4066FD155EFA4CF96658E PX5: 4B870EFD003023C936EC02A6160CDC00ADEC4E5C
C:\WINDOWS\system32\VSSAPI.DLL InMem: 1 Det [G] MD5: 79DABB124D00ADF19852AE879C201890 PX5: 9981661100F61EC192C406C311EF6100047B10DE
c:\windows\system32\browser.dll InMem: 1 Det [G] MD5: E3CFCCDDA4EDD1D0DC9168B2E18F27B8 PX5: BA6204AB00E2C55F2E1201513D519B003713D289
REGACTIVEX - \REGISTRY\Machine\Software\Microsoft\Active Setup\Installed Components\>{60B49E34-C7CC-11D0-8953-00A0C90347FF} - [Browser Customizations]
REGACTIVEX - \REGISTRY\Machine\Software\Microsoft\Active Setup\Installed Components\>{60B49E34-C7CC-11D0-8953-00A0C90347FF}MICROS - [Browser Customizations]
c:\windows\system32\wscsvc.dll InMem: 1 Det [G] MD5: 4D59DAA66C60858CDF4F67A900F42D4A PX5: 0C0097FF00B19F043E14018727E7200043F72CCC
c:\windows\system32\msi.dll InMem: 1 Det [G] MD5: 892F4BC54D486FEB4DF03E4E2ECB14E0 PX5: 67C0ED8500CAF1E88EE52B2266AE24009BF267F4
c:\windows\system32\ipnathlp.dll InMem: 1 Det [G] MD5: 36CC8C01B5E50163037BEF56CB96DEFF PX5: 3B65D0DF0000F4850EC805A137144000A420C076
REGROUTER - \REGISTRY\Machine\Software\Microsoft\Router\CurrentVersion\RouterManagers\Ip\AUTODHCP - DllName [ipnathlp.dll]
REGROUTER - \REGISTRY\Machine\Software\Microsoft\Router\CurrentVersion\RouterManagers\Ip\DNSPROXY - DllName [ipnathlp.dll]
REGROUTER - \REGISTRY\Machine\Software\Microsoft\Router\CurrentVersion\RouterManagers\Ip\FTP - DllName [ipnathlp.dll]
REGROUTER - \REGISTRY\Machine\Software\Microsoft\Router\CurrentVersion\RouterManagers\Ip\H323 - DllName [ipnathlp.dll]
REGROUTER - \REGISTRY\Machine\Software\Microsoft\Router\CurrentVersion\RouterManagers\Ip\IPNAT - DllName [ipnathlp.dll]
C:\WINDOWS\system32\wbem\wbemcomn.dll InMem: 1 Det [G] MD5: 4E39C36213E95FB971A61A247BDE2F61 PX5: 668B9E6C0067E87646D603856877DD005CE05AD8
C:\WINDOWS\System32\Wbem\wbemcore.dll InMem: 1 Det [G] MD5: 36360B625D7290BBA2CD03AD4975E1BC PX5: 163EF86B00B6422D1A6008DFA38AFD003253C0D2
C:\WINDOWS\System32\Wbem\esscli.dll InMem: 1 Det [G] MD5: DE578E4E6844954823FC7688625F00C8 PX5: 60861C2D0025D1D1C8AC0338AF184100E6F3D37D
C:\WINDOWS\System32\Wbem\FastProx.dll InMem: 1 Det [G] MD5: C28500101BC66FDABD830F8DE51A59A0 PX5: 6B5798200004A660346E07370FE42F000E29BFB9
C:\WINDOWS\system32\wbem\wbemsvc.dll InMem: 1 Det [G] MD5: 7D676AC8CC19341117C77C261647BA07 PX5: F370DD6A003B1D86AA8E00F210285E00CEEA1EBA
C:\WINDOWS\system32\wbem\wmiutils.dll InMem: 1 Det [G] MD5: 0A1161DB4FCCF7821736C70D70A0F5A3 PX5: 4821E1B700A31A30748801443260CA00E2C056C1
C:\WINDOWS\system32\wbem\repdrvfs.dll InMem: 1 Det [G] MD5: 9A66728EFE501D855D0FFE3DE023CE32 PX5: E80BF80100FEAE9FB442022ACA1E6900DE762B31
C:\WINDOWS\system32\comsvcs.dll InMem: 1 Det [G] MD5: 75DEB92422D955373825A11F9F74EC6A PX5: E83075CB001344545619130616988C001DDB263E
C:\WINDOWS\system32\colbact.DLL InMem: 1 Det [G] MD5: 01A04FB59E76697C9171B6327274D371 PX5: 9B19BC02000C06C1EC3F00F04A75D20080CF345C
C:\WINDOWS\system32\MTXCLU.DLL InMem: 1 Det [G] MD5: 16A389D6DED58BA583694F825A1821A2 PX5: E165AD3D00A79EE10467018D1377CE000C45FB3E
C:\WINDOWS\system32\WSOCK32.dll InMem: 1 Det [G] MD5: 53AF9F2B2CE4B6EFF41C70417359D010 PX5: 1E78F46C007169C958BA0010AAB96200B1A7E8E3
C:\WINDOWS\System32\CLUSAPI.DLL InMem: 1 Det [G] MD5: 98C1FF6676E02D43DA208802286A6EE7 PX5: 55EDC704007224DAE24600555B8CBF0012B11384
C:\WINDOWS\System32\RESUTILS.DLL InMem: 1 Det [G] MD5: 2738C8A33FF07DD3C99C7C8F0A85DA72 PX5: FB1131B700B09AF5E6C000D229E76B0082B58095
C:\WINDOWS\system32\wbem\wmiprvsd.dll InMem: 1 Det [G] MD5: 1F080CCC567D222A2DCB7CC285C6A7AD PX5: BDF13B4900C7859DAC0406CE3CFE86002F6B7C0D
C:\WINDOWS\system32\wbem\wbemess.dll InMem: 1 Det [G] MD5: 6708E1DDF12CAB2D5B5A2B66B76E0038 PX5: 69A18BD800BC11302EF6047AD9314F00EF9102A0
C:\WINDOWS\system32\wbem\ncprov.dll InMem: 1 Det [G] MD5: 6AE613FFF9F9DFEE552652662BFABE41 PX5: 57AA38DF00AE7586B826004DA42E73006AD67F00
C:\WINDOWS\system32\upnp.dll InMem: 1 Det [G] MD5: 339089D6C3FC3BC5CED8D9049C4D2101 PX5: 5E0544330026A96C060102D913CC0E00A3D60DD2
C:\WINDOWS\system32\SSDPAPI.dll InMem: 1 Det [G] MD5: 5B8DFA748FA4845BC04445A30126F2E9 PX5: AC7191060087EF6588E400ACF18FBF0068A6CB32
C:\WINDOWS\system32\netcfgx.dll InMem: 1 Det [G] MD5: E3AE8DC04643850D2DFD431443558B28 PX5: 3D9989D2009EDB507E9209C3E2091A0091A4F1FF
C:\WINDOWS\System32\RASDLG.dll InMem: 1 Det [G] MD5: BA5D5FD3CCA6F64A429E2E0E1A1A0917 PX5: B2A29089001A45C20ABB0A96CE6E6F0074DA4BA4
c:\windows\system32\tapisrv.dll InMem: 1 Det [G] MD5: FB78839B36025AA286A51289ED28B73E PX5: 9104A46500166909CEB60342BA14880047D59B5E
c:\windows\system32\rasmans.dll InMem: 1 Det [G] MD5: 49B5EED5FB89D39456A2F616CCD8BA5D PX5: 6AC5343500FEB4ECC468025649825700DA9458A8
C:\WINDOWS\System32\rastapi.dll InMem: 1 Det [G] MD5: 1D536BEBC30DD8D0D3B6FF3B0CD2D32B PX5: 54B2F0550070D10EE69000CD687DD9005457F678
C:\WINDOWS\System32\unimdm.tsp InMem: 1 Det [G] MD5: 1DFD6E8DA0FE2D14A5FA12CFCFB162C1 PX5: E3F6046E0002406F28550384BAB1D0005979EA6B
C:\WINDOWS\System32\uniplat.dll InMem: 1 Det [G] MD5: 3AB4213BF48F9062E087B909832AA8E6 PX5: BDA160F3004D5035361000FC8F08220075E0CBD1
C:\WINDOWS\System32\kmddsp.tsp InMem: 1 Det [G] MD5: 7735385C0FA821961F9A1EBA94F2AC98 PX5: 141A38E4002A8DF5820300A2C40E74007D7E26AA
C:\WINDOWS\System32\ndptsp.tsp InMem: 1 Det [G] MD5: 37D7005A87F6405DEA87F50098CE03F7 PX5: F6FFEAB5003835C2DE8D00D6EF399E005505BFFB
C:\WINDOWS\System32\ipconf.tsp InMem: 1 Det [G] MD5: A4C40AF21BF9F90E08A3C1DD0DC79E0B PX5: 53A749B800FFAA6244E6008F03658A00324D6AB8
C:\WINDOWS\System32\h323.tsp InMem: 1 Det [G] MD5: 49361F295DF887AC32CD660CA94ACAA5 PX5: 3A12DFE50094ED480E1104EB3875C900497B6EC3
C:\WINDOWS\System32\hidphone.tsp InMem: 1 Det [G] MD5: 83168270F2E73A20E981B0F38A34958F PX5: 5E5FA7C400A508A5743B003B123AC2001CB52E3D
C:\WINDOWS\System32\HID.DLL InMem: 1 Det [G] MD5: 18AFEE0EDE045B6255408D634372DC29 PX5: 73734D9B0068182952AF00C60BD55A00D64CF0B7
C:\WINDOWS\System32\rasppp.dll InMem: 1 Det [G] MD5: 04ECEC0447F79419AD25227205B8277D PX5: 7926CFA8005991112607030EB3D5E9000B0D0D3D
C:\WINDOWS\System32\ntlsapi.dll InMem: 1 Det [G] MD5: C5EF2A4F6CB968B3119B43F43C64A1A6 PX5: 88BEBD1B006C52E520B8003B3C2E070049DBD569
C:\WINDOWS\System32\NETRAP.dll InMem: 1 Det [G] MD5: 84A5644AE4731202A4A02E6342D29BA6 PX5: 1FEBA81200EFD9D730B9003B2A2D0F009394D04D
C:\WINDOWS\System32\catsrvut.dll InMem: 1 Det [G] MD5: E3909EAFBDC020052965DEC63E632507 PX5: A88B6EBA00D4077C8A1709DF0F11FA0048E3B1BD
C:\WINDOWS\System32\catsrv.dll InMem: 1 Det [G] MD5: 1CDC42965C6991C97C32F927BA540320 PX5: C3D03030006294C272310367402771000A215A47
C:\WINDOWS\System32\MfcSubs.dll InMem: 1 Det [G] MD5: A82A8C77F419938408881FEB29E83F74 PX5: 06A1416500FC8E0758910018517B2700070A007C
C:\WINDOWS\system32\urlmon.dll InMem: 1 Det [G] MD5: A6CC36E39A223D6E7D4496BDCC46DFC3 PX5: 3DCF99FE00739FF7B25C1164193DCD00441582CB
C:\WINDOWS\system32\wbem\wbemcons.dll InMem: 1 Det [G] MD5: D18D28CEF9FEA09359C7DE7BE3669F66 PX5: D2A452590078C86D1880013923B81600129908C4
c:\windows\system32\dnsrslvr.dll InMem: 1 Det [G] MD5: 7379DE06FD196E396A00AA97B990C00D PX5: A82055DE0039C1C1B21400463DA67900676D3B39
c:\windows\system32\lmhsvc.dll InMem: 1 Det [G] MD5: B3EFF6D938C572E90A07B3D87A3C7657 PX5: 5EB71FFD004FF2DC36A5002FE4AD54000C784AED
c:\windows\system32\webclnt.dll InMem: 1 Det [G] MD5: 265F534EF76832435AFBF771EC97176D PX5: 7D440E0500FE33CB0AC3011EA7E7DA0041324A3D
c:\windows\system32\ssdpsrv.dll InMem: 1 Det [G] MD5: 4B8D61792F7175BED48859CC18CE4E38 PX5: 3235FF16002C0C7218D10148A82C0100526AA176
C:\WINDOWS\system32\spoolsv.exe InMem: 1 Det [G] MD5: DA81EC57ACD4CDC3D4C51CF3D409AF9F PX5: 1DCDB07A00179F65E28700A02CD4BA00B29C7A8B
REGSERVICE - \REGISTRY\Machine\SYSTEM\ControlSet001\Services\Spooler - ImagePath [C:\WINDOWS\system32\spoolsv.exe]
C:\WINDOWS\system32\SPOOLSS.DLL InMem: 1 Det [G] MD5: 87B85BC1E1F6E0228876204A20A9C24C PX5: 8D5CE9490034F84624D8013E80575A004AC628A8
C:\WINDOWS\system32\localspl.dll InMem: 1 Det [G] MD5: 71D3D970127D939A4BB062B5040B6EBA PX5: 9C4A0B850023494036A505B96558AE00D351785A
C:\WINDOWS\system32\cnbjmon.dll InMem: 1 Det [G] MD5: 7105749E78925FDFFD078DD54A8C2B70 PX5: CDE2237300970E77B83E00A93E8C15007F646A09
C:\WINDOWS\system32\E_FLBBHP.DLL InMem: 1 Det [G] MD5: B177455360EB2FD7D434D23670513146 PX5: DC0B4E990088AD221EB601C30B1BCA00E83217CC
C:\WINDOWS\system32\pjlmon.dll InMem: 1 Det [G] MD5: C44BC10BA73575C91FF50CDAF4D8E370 PX5: F8A3A716001E74ED3C7B00DCEBD89800DC69D94B
C:\WINDOWS\system32\tcpmon.dll InMem: 1 Det [G] MD5: A3F853629F7F2537157EA6EA9857EA56 PX5: 27DE5C0400117FEBB23700AAE5CE3C005980659C
C:\WINDOWS\system32\usbmon.dll InMem: 1 Det [G] MD5: 242D07D7FC72AD897944BFF932D57C3C PX5: F3F6619C0084C934428300F5F7CA9D0013347394
C:\WINDOWS\system32\win32spl.dll InMem: 1 Det [G] MD5: A1C10F87248529173F39F4B4734DF14B PX5: 87139F5A008883C28E030151228D0A00B37939E4
C:\WINDOWS\system32\inetpp.dll InMem: 1 Det [G] MD5: F14A6BD840E4D7CD4C0535CB3CEF2887 PX5: 8544E6380055F6F22609016155092800B5A9B890
C:\WINDOWS\system32\HookAPI.dll InMem: 1 Det [G] MD5: B73D887592543D6AEA8179FD0BF5BE91 PX5: D40FFAA8009092C6C081002AFD7FCE00F47657AB
C:\WINDOWS\system32\MSCTF.dll InMem: 1 Det [G] MD5: 2B6D3630EB32B562E6763370CE35D730 PX5: ABEE097000935C847E42044E7E6EF900D18CC514
C:\WINDOWS\Explorer.EXE InMem: 1 Det [G] MD5: 97BD6515465659FF8F3B7BE375B2EA87 PX5: 5F224AD100F73BC6C4BA0FDC56B8E4007E783B90
REGWINLOG - \REGISTRY\Machine\Software\Microsoft\Windows NT\CurrentVersion\Winlogon - Shell [Explorer.exe]
C:\WINDOWS\system32\BROWSEUI.dll InMem: 1 Det [G] MD5: 9725732633D2FD7D3062851892752542 PX5: FE16586100DC87AF9EB80F2D37E65900CE0E53AC
REGSHELLEXT - \REGISTRY\Machine\Software\Classes\CLSID\{5E6AB780-7743-11CF-A12B-00AA004AE837}\InprocServer32 - {5E6AB780-7743-11CF-A12B-00AA004AE837} [%SystemRoot%\system32\browseui.dll]
REGSHELLEXT - \REGISTRY\Machine\Software\Classes\CLSID\{22BF0C20-6DA7-11D0-B373-00A0C9034938}\InprocServer32 - {22BF0C20-6DA7-11D0-B373-00A0C9034938} [%SystemRoot%\system32\browseui.dll]
REGSHELLEXT - \REGISTRY\Machine\Software\Classes\CLSID\{91EA3F8B-C99B-11d0-9815-00C04FD91972}\InprocServer32 - {91EA3F8B-C99B-11d0-9815-00C04FD91972} [%SystemRoot%\system32\browseui.dll]
REGSHELLEXT - \REGISTRY\Machine\Software\Classes\CLSID\{6413BA2C-B461-11d1-A18A-080036B11A03}\InprocServer32 - {6413BA2C-B461-11d1-A18A-080036B11A03} [%SystemRoot%\system32\browseui.dll]
REGSHELLEXT - \REGISTRY\Machine\Software\Classes\CLSID\{F61FFEC1-754F-11d0-80CA-00AA005B4383}\InprocServer32 - {F61FFEC1-754F-11d0-80CA-00AA005B4383} [%SystemRoot%\system32\browseui.dll]
REGSHELLEXT - \REGISTRY\Machine\Software\Classes\CLSID\{7BA4C742-9E81-11CF-99D3-00AA004AE837}\InprocServer32 - {7BA4C742-9E81-11CF-99D3-00AA004AE837} [%SystemRoot%\system32\browseui.dll]
REGSHELLEXT - \REGISTRY\Machine\Software\Classes\CLSID\{169A0691-8DF9-11d1-A1C4-00C04FD75D13}\InprocServer32 - {169A0691-8DF9-11d1-A1C4-00C04FD75D13} [%SystemRoot%\system32\browseui.dll]
REGSHELLEXT - \REGISTRY\Machine\Software\Classes\CLSID\{07798131-AF23-11d1-9111-00A0C98BA67D}\InprocServer32 - {07798131-AF23-11d1-9111-00A0C98BA67D} [%SystemRoot%\system32\browseui.dll]
REGSHELLEXT - \REGISTRY\Machine\Software\Classes\CLSID\{AF4F6510-F982-11d0-8595-00AA004CD6D8}\InprocServer32 - {AF4F6510-F982-11d0-8595-00AA004CD6D8} [%SystemRoot%\system32\browseui.dll]
REGSHELLEXT - \REGISTRY\Machine\Software\Classes\CLSID\{01E04581-4EEE-11d0-BFE9-00AA005B4383}\InprocServer32 - {01E04581-4EEE-11d0-BFE9-00AA005B4383} [%SystemRoot%\system32\browseui.dll]
REGSHELLEXT - \REGISTRY\Machine\Software\Classes\CLSID\{A08C11D2-A228-11d0-825B-00AA005B4383}\InprocServer32 - {A08C11D2-A228-11d0-825B-00AA005B4383} [%SystemRoot%\system32\browseui.dll]
REGSHELLEXT - \REGISTRY\Machine\Software\Classes\CLSID\{00BB2763-6A77-11D0-A535-00C04FD7D062}\InprocServer32 - {00BB2763-6A77-11D0-A535-00C04FD7D062} [%SystemRoot%\system32\browseui.dll]
REGSHELLEXT - \REGISTRY\Machine\Software\Classes\CLSID\{7376D660-C583-11d0-A3A5-00C04FD706EC}\InprocServer32 - {7376D660-C583-11d0-A3A5-00C04FD706EC} [%SystemRoot%\system32\browseui.dll]
REGSHELLEXT - \REGISTRY\Machine\Software\Classes\CLSID\{6756A641-DE71-11d0-831B-00AA005B4383}\InprocServer32 - {6756A641-DE71-11d0-831B-00AA005B4383} [%SystemRoot%\system32\browseui.dll]
REGSHELLEXT - \REGISTRY\Machine\Software\Classes\CLSID\{6935DB93-21E8-4ccc-BEB9-9FE3C77A297A}\InprocServer32 - {6935DB93-21E8-4ccc-BEB9-9FE3C77A297A} [%SystemRoot%\system32\browseui.dll]
REGSHELLEXT - \REGISTRY\Machine\Software\Classes\CLSID\{7e653215-fa25-46bd-a339-34a2790f3cb7}\InprocServer32 - {7e653215-fa25-46bd-a339-34a2790f3cb7} [%SystemRoot%\system32\browseui.dll]
REGSHELLEXT - \REGISTRY\Machine\Software\Classes\CLSID\{acf35015-526e-4230-9596-becbe19f0ac9}\InprocServer32 - {acf35015-526e-4230-9596-becbe19f0ac9} [%SystemRoot%\system32\browseui.dll]
REGSHELLEXT - \REGISTRY\Machine\Software\Classes\CLSID\{00BB2764-6A77-11D0-A535-00C04FD7D062}\InprocServer32 - {00BB2764-6A77-11D0-A535-00C04FD7D062} [%SystemRoot%\system32\browseui.dll]
REGSHELLEXT - \REGISTRY\Machine\Software\Classes\CLSID\{03C036F1-A186-11D0-824A-00AA005B4383}\InprocServer32 - {03C036F1-A186-11D0-824A-00AA005B4383} [%SystemRoot%\system32\browseui.dll]
REGSHELLEXT - \REGISTRY\Machine\Software\Classes\CLSID\{00BB2765-6A77-11D0-A535-00C04FD7D062}\InprocServer32 - {00BB2765-6A77-11D0-A535-00C04FD7D062} [%SystemRoot%\system32\browseui.dll]
REGSHELLEXT - \REGISTRY\Machine\Software\Classes\CLSID\{ECD4FC4E-521C-11D0-B792-00A0C90312E1}\InprocServer32 - {ECD4FC4E-521C-11D0-B792-00A0C90312E1} [%SystemRoot%\system32\browseui.dll]
REGSHELLEXT - \REGISTRY\Machine\Software\Classes\CLSID\{3CCF8A41-5C85-11d0-9796-00AA00B90ADF}\InprocServer32 - {3CCF8A41-5C85-11d0-9796-00AA00B90ADF} [%SystemRoot%\system32\browseui.dll]
REGSHELLEXT - \REGISTRY\Machine\Software\Classes\CLSID\{ECD4FC4C-521C-11D0-B792-00A0C90312E1}\InprocServer32 - {ECD4FC4C-521C-11D0-B792-00A0C90312E1} [%SystemRoot%\system32\browseui.dll]
REGSHELLEXT - \REGISTRY\Machine\Software\Classes\CLSID\{ECD4FC4D-521C-11D0-B792-00A0C90312E1}\InprocServer32 - {ECD4FC4D-521C-11D0-B792-00A0C90312E1} [%SystemRoot%\system32\browseui.dll]
REGSHELLEXT - \REGISTRY\Machine\Software\Classes\CLSID\{DD313E04-FEFF-11d1-8ECD-0000F87A470C}\InprocServer32 - {DD313E04-FEFF-11d1-8ECD-0000F87A470C} [%SystemRoot%\system32\browseui.dll]
REGSHELLEXT - \REGISTRY\Machine\Software\Classes\CLSID\{EF8AD2D1-AE36-11D1-B2D2-006097DF8C11}\InprocServer32 - {EF8AD2D1-AE36-11D1-B2D2-006097DF8C11} [%SystemRoot%\system32\browseui.dll]
REGSHELLEXT - \REGISTRY\Machine\Software\Classes\CLSID\{21569614-B795-46b1-85F4-E737A8DC09AD}\InprocServer32 - {21569614-B795-46b1-85F4-E737A8DC09AD} [%SystemRoot%\system32\browseui.dll]
REGTASKSCHED - \REGISTRY\Machine\Software\Classes\CLSID\{438755C2-A8BA-11D1-B96B-00A0C90312E1}\InprocServer32 - {438755C2-A8BA-11D1-B96B-00A0C90312E1} [%SystemRoot%\system32\browseui.dll]
REGTASKSCHED - \REGISTRY\Machine\Software\Classes\CLSID\{8C7461EF-2B13-11d2-BE35-3078302C2030}\InprocServer32 - {8C7461EF-2B13-11d2-BE35-3078302C2030} [%SystemRoot%\system32\browseui.dll]
REGTOOLBAR - \REGISTRY\Machine\Software\Classes\CLSID\{01E04581-4EEE-11D0-BFE9-00AA005B4383}\InprocServer32 - {01E04581-4EEE-11D0-BFE9-00AA005B4383} [%SystemRoot%\system32\browseui.dll]
C:\WINDOWS\system32\SHDOCVW.dll InMem: 1 Det [G] MD5: 3331E3D1F3E8B21B32BDF2FDA2EB91D9 PX5: F5586F0D0011C0AACE6416FBC5E29E00A22F2DD0
REGSHELLEXT - \REGISTRY\Machine\Software\Classes\CLSID\{2559a1f7-21d7-11d4-bdaf-00c04f60b9f0}\InprocServer32 - {2559a1f7-21d7-11d4-bdaf-00c04f60b9f0} [%SystemRoot%\system32\shdocvw.dll]
REGSHELLEXT - \REGISTRY\Machine\Software\Classes\CLSID\{2559a1f0-21d7-11d4-bdaf-00c04f60b9f0}\InprocServer32 - {2559a1f0-21d7-11d4-bdaf-00c04f60b9f0} [%SystemRoot%\system32\shdocvw.dll]
REGSHELLEXT - \REGISTRY\Machine\Software\Classes\CLSID\{2559a1f1-21d7-11d4-bdaf-00c04f60b9f0}\InprocServer32 - {2559a1f1-21d7-11d4-bdaf-00c04f60b9f0} [%SystemRoot%\system32\shdocvw.dll]
REGSHELLEXT - \REGISTRY\Machine\Software\Classes\CLSID\{2559a1f2-21d7-11d4-bdaf-00c04f60b9f0}\InprocServer32 - {2559a1f2-21d7-11d4-bdaf-00c04f60b9f0} [%SystemRoot%\system32\shdocvw.dll]
REGSHELLEXT - \REGISTRY\Machine\Software\Classes\CLSID\{2559a1f3-21d7-11d4-bdaf-00c04f60b9f0}\InprocServer32 - {2559a1f3-21d7-11d4-bdaf-0
  • 0






Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP