Jump to content

Welcome to Geeks to Go - Register now for FREE

Geeks To Go is a helpful hub, where thousands of volunteer geeks quickly serve friendly answers and support. Check out the forums and get free advice from the experts. Register now to gain access to all of our features, it's FREE and only takes one minute. Once registered and logged in, you will be able to create topics, post replies to existing threads, give reputation to your fellow members, get your own private messenger, post status updates, manage your profile and so much more.

Create Account How it Works
Photo

w32.Sality Virus


  • Please log in to reply

#31
Peter Lee

Peter Lee

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 117 posts
12:26:58.0375 4900 TDSS rootkit removing tool 2.7.43.0 Jun 29 2012 17:54:22
12:26:58.0421 4900 ============================================================
12:26:58.0421 4900 Current date / time: 2012/07/01 12:26:58.0421
12:26:58.0421 4900 SystemInfo:
12:26:58.0421 4900
12:26:58.0421 4900 OS Version: 5.1.2600 ServicePack: 2.0
12:26:58.0421 4900 Product type: Workstation
12:26:58.0421 4900 ComputerName: ACER-8C1E498EF8
12:26:58.0421 4900 UserName: Peter
12:26:58.0421 4900 Windows directory: C:\WINDOWS
12:26:58.0421 4900 System windows directory: C:\WINDOWS
12:26:58.0421 4900 Processor architecture: Intel x86
12:26:58.0421 4900 Number of processors: 2
12:26:58.0421 4900 Page size: 0x1000
12:26:58.0421 4900 Boot type: Normal boot
12:26:58.0421 4900 ============================================================
12:26:59.0421 4900 Drive \Device\Harddisk0\DR0 - Size: 0x3A38B2E000 (232.89 Gb), SectorSize: 0x200, Cylinders: 0x76C1, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000054
12:26:59.0421 4900 ============================================================
12:26:59.0421 4900 \Device\Harddisk0\DR0:
12:26:59.0421 4900 MBR partitions:
12:26:59.0421 4900 \Device\Harddisk0\DR0\Partition0: MBR, Type 0xC, StartLBA 0x3F, BlocksNum 0x9B42BD7
12:26:59.0437 4900 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x9B42C55, BlocksNum 0x9B42BD7
12:26:59.0437 4900 \Device\Harddisk0\DR0\Partition2: MBR, Type 0x7, StartLBA 0x1368586B, BlocksNum 0x9B3ED16
12:26:59.0437 4900 ============================================================
12:26:59.0546 4900 C: <-> \Device\Harddisk0\DR0\Partition0
12:26:59.0593 4900 E: <-> \Device\Harddisk0\DR0\Partition1
12:26:59.0656 4900 F: <-> \Device\Harddisk0\DR0\Partition2
12:26:59.0656 4900 ============================================================
12:26:59.0656 4900 Initialize success
12:26:59.0656 4900 ============================================================
12:27:31.0281 5476 ============================================================
12:27:31.0281 5476 Scan started
12:27:31.0281 5476 Mode: Manual; SigCheck; TDLFS;
12:27:31.0281 5476 ============================================================
12:27:32.0187 5476 Abiosdsk - ok
12:27:32.0234 5476 abp480n5 (6abb91494fe6c59089b9336452ab2ea3) C:\WINDOWS\system32\DRIVERS\ABP480N5.SYS
12:27:33.0625 5476 abp480n5 - ok
12:27:33.0687 5476 ACPI (a10c7534f7223f4a73a948967d00e69b) C:\WINDOWS\system32\DRIVERS\ACPI.sys
12:27:33.0937 5476 ACPI - ok
12:27:33.0937 5476 ACPIEC (9859c0f6936e723e4892d7141b1327d5) C:\WINDOWS\system32\DRIVERS\ACPIEC.sys
12:27:34.0109 5476 ACPIEC - ok
12:27:34.0187 5476 ACSSCR (b6a0f723a54884e77fce0f69083f90c9) C:\WINDOWS\system32\DRIVERS\a38usb.sys
12:27:34.0234 5476 ACSSCR - ok
12:27:34.0250 5476 adpu160m (9a11864873da202c996558b2106b0bbc) C:\WINDOWS\system32\DRIVERS\adpu160m.sys
12:27:34.0390 5476 adpu160m - ok
12:27:34.0468 5476 aec (841f385c6cfaf66b58fbd898722bb4f0) C:\WINDOWS\system32\drivers\aec.sys
12:27:34.0609 5476 aec - ok
12:27:34.0687 5476 AegisP (12dafd934641dcf61e446313bc261ec2) C:\WINDOWS\system32\DRIVERS\AegisP.sys
12:27:34.0703 5476 AegisP ( UnsignedFile.Multi.Generic ) - warning
12:27:34.0703 5476 AegisP - detected UnsignedFile.Multi.Generic (1)
12:27:34.0750 5476 AFD (55e6e1c51b6d30e54335750955453702) C:\WINDOWS\System32\drivers\afd.sys
12:27:34.0781 5476 AFD - ok
12:27:34.0828 5476 agp440 (2c428fa0c3e3a01ed93c9b2a27d8d4bb) C:\WINDOWS\system32\DRIVERS\agp440.sys
12:27:34.0968 5476 agp440 - ok
12:27:35.0015 5476 agpCPQ (67288b07d6aba6c1267b626e67bc56fd) C:\WINDOWS\system32\DRIVERS\agpCPQ.sys
12:27:35.0156 5476 agpCPQ - ok
12:27:35.0171 5476 Aha154x (c23ea9b5f46c7f7910db3eab648ff013) C:\WINDOWS\system32\DRIVERS\aha154x.sys
12:27:35.0281 5476 Aha154x - ok
12:27:35.0312 5476 aic78u2 (19dd0fb48b0c18892f70e2e7d61a1529) C:\WINDOWS\system32\DRIVERS\aic78u2.sys
12:27:35.0453 5476 aic78u2 - ok
12:27:35.0468 5476 aic78xx (b7fe594a7468aa0132deb03fb8e34326) C:\WINDOWS\system32\DRIVERS\aic78xx.sys
12:27:35.0640 5476 aic78xx - ok
12:27:35.0718 5476 Alerter (c7ae0fd3867db0d42b03b73c18f3d671) C:\WINDOWS\system32\alrsvc.dll
12:27:35.0843 5476 Alerter - ok
12:27:35.0921 5476 ALG (f1958fbf86d5c004cf19a5951a9514b7) C:\WINDOWS\System32\alg.exe
12:27:36.0000 5476 ALG - ok
12:27:36.0015 5476 AliIde (1140ab9938809700b46bb88e46d72a96) C:\WINDOWS\system32\DRIVERS\aliide.sys
12:27:36.0140 5476 AliIde - ok
12:27:36.0156 5476 alim1541 (f312b7cef21eff52fa23056b9d815fad) C:\WINDOWS\system32\DRIVERS\alim1541.sys
12:27:36.0281 5476 alim1541 - ok
12:27:36.0296 5476 amdagp (675c16a3c1f8482f85ee4a97fc0dde3d) C:\WINDOWS\system32\DRIVERS\amdagp.sys
12:27:36.0484 5476 amdagp - ok
12:27:36.0546 5476 amsint (79f5add8d24bd6893f2903a3e2f3fad6) C:\WINDOWS\system32\DRIVERS\amsint.sys
12:27:36.0609 5476 amsint - ok
12:27:36.0703 5476 AppMgmt - ok
12:27:36.0750 5476 Arp1394 (f0d692b0bffb46e30eb3cea168bbc49f) C:\WINDOWS\system32\DRIVERS\arp1394.sys
12:27:36.0875 5476 Arp1394 - ok
12:27:36.0937 5476 asc (62d318e9a0c8fc9b780008e724283707) C:\WINDOWS\system32\DRIVERS\asc.sys
12:27:37.0109 5476 asc - ok
12:27:37.0125 5476 asc3350p (69eb0cc7714b32896ccbfd5edcbea447) C:\WINDOWS\system32\DRIVERS\asc3350p.sys
12:27:37.0203 5476 asc3350p - ok
12:27:37.0203 5476 asc3550 (5d8de112aa0254b907861e9e9c31d597) C:\WINDOWS\system32\DRIVERS\asc3550.sys
12:27:37.0406 5476 asc3550 - ok
12:27:37.0546 5476 aspnet_state (0e5e4957549056e2bf2c49f4f6b601ad) C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe
12:27:37.0546 5476 aspnet_state - ok
12:27:37.0578 5476 AsyncMac (02000abf34af4c218c35d257024807d6) C:\WINDOWS\system32\DRIVERS\asyncmac.sys
12:27:37.0718 5476 AsyncMac - ok
12:27:37.0765 5476 atapi (cdfe4411a69c224bd1d11b2da92dac51) C:\WINDOWS\system32\DRIVERS\atapi.sys
12:27:37.0906 5476 atapi - ok
12:27:37.0921 5476 Atdisk - ok
12:27:38.0046 5476 Ati HotKey Poller (ed8d753788232b81a7e8ef5d59ec3417) C:\WINDOWS\system32\Ati2evxx.exe
12:27:38.0109 5476 Ati HotKey Poller - ok
12:27:38.0203 5476 ati2mtag (d81980c64543ba5c39dd2a92dc1d2daf) C:\WINDOWS\system32\DRIVERS\ati2mtag.sys
12:27:38.0296 5476 ati2mtag - ok
12:27:38.0343 5476 Atmarpc (ec88da854ab7d7752ec8be11a741bb7f) C:\WINDOWS\system32\DRIVERS\atmarpc.sys
12:27:38.0546 5476 Atmarpc - ok
12:27:38.0640 5476 AudioSrv (db66db626e4882ebef55f136f12c1829) C:\WINDOWS\System32\audiosrv.dll
12:27:38.0781 5476 AudioSrv - ok
12:27:38.0859 5476 audstub (d9f724aa26c010a217c97606b160ed68) C:\WINDOWS\system32\DRIVERS\audstub.sys
12:27:38.0968 5476 audstub - ok
12:27:39.0062 5476 AVerM115 (118804bbfddf42c45db3c3d410f6a256) C:\WINDOWS\system32\DRIVERS\AVerM115.sys
12:27:39.0109 5476 AVerM115 - ok
12:27:39.0109 5476 AWService - ok
12:27:39.0171 5476 b57w2k (48bf91cffbcdd12a710207f2a08fec4d) C:\WINDOWS\system32\DRIVERS\b57xp32.sys
12:27:39.0187 5476 b57w2k - ok
12:27:39.0218 5476 Beep (da1f27d85e0d1525f6621372e7b685e9) C:\WINDOWS\system32\drivers\Beep.sys
12:27:39.0375 5476 Beep - ok
12:27:39.0515 5476 BITS (2c69ec7e5a311334d10dd95f338fccea) C:\WINDOWS\system32\qmgr.dll
12:27:39.0703 5476 BITS - ok
12:27:39.0796 5476 Browser (e3cfccdda4edd1d0dc9168b2e18f27b8) C:\WINDOWS\System32\browser.dll
12:27:39.0968 5476 Browser - ok
12:27:40.0046 5476 btaudio (0c7b763abda79b53e2016af1af8b9706) C:\WINDOWS\system32\drivers\btaudio.sys
12:27:40.0093 5476 btaudio ( UnsignedFile.Multi.Generic ) - warning
12:27:40.0093 5476 btaudio - detected UnsignedFile.Multi.Generic (1)
12:27:40.0125 5476 BTDriver (1b24333d2bcb4dc1c5c3b15bedace5b4) C:\WINDOWS\system32\DRIVERS\btport.sys
12:27:40.0140 5476 BTDriver ( UnsignedFile.Multi.Generic ) - warning
12:27:40.0140 5476 BTDriver - detected UnsignedFile.Multi.Generic (1)
12:27:40.0156 5476 BthEnum (d24b8d1784c68a25060fffbe8ed34b76) C:\WINDOWS\system32\DRIVERS\BthEnum.sys
12:27:40.0312 5476 BthEnum - ok
12:27:40.0406 5476 BthPan (10355270be12641b9764235da39dcf0f) C:\WINDOWS\system32\DRIVERS\bthpan.sys
12:27:40.0562 5476 BthPan - ok
12:27:40.0656 5476 BTHPORT (95ef6f3f386d93ee1e4d9ca45a50252a) C:\WINDOWS\system32\Drivers\BTHport.sys
12:27:40.0687 5476 BTHPORT - ok
12:27:40.0734 5476 BthServ (a18cc8c9b3890b1b68bed213716fef6b) C:\WINDOWS\System32\bthserv.dll
12:27:40.0890 5476 BthServ - ok
12:27:40.0968 5476 BTHUSB (f06d4cb9918b462a84d9ac00027efc30) C:\WINDOWS\system32\Drivers\BTHUSB.sys
12:27:41.0140 5476 BTHUSB - ok
12:27:41.0250 5476 BTKRNL (54e368a1768c627f2adb8ab5624d0bc4) C:\WINDOWS\system32\DRIVERS\btkrnl.sys
12:27:41.0281 5476 BTKRNL ( UnsignedFile.Multi.Generic ) - warning
12:27:41.0281 5476 BTKRNL - detected UnsignedFile.Multi.Generic (1)
12:27:41.0312 5476 BTSERIAL (8aeca4330654da58423e7fe03a704513) C:\WINDOWS\system32\drivers\btserial.sys
12:27:41.0328 5476 BTSERIAL ( UnsignedFile.Multi.Generic ) - warning
12:27:41.0328 5476 BTSERIAL - detected UnsignedFile.Multi.Generic (1)
12:27:41.0421 5476 btwdins (6d3ea768af4587289b2934b891c77920) c:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe
12:27:41.0468 5476 btwdins ( UnsignedFile.Multi.Generic ) - warning
12:27:41.0468 5476 btwdins - detected UnsignedFile.Multi.Generic (1)
12:27:41.0500 5476 BTWDNDIS (bde1502aabe76f71d32178e5c6a58e89) C:\WINDOWS\system32\DRIVERS\btwdndis.sys
12:27:41.0515 5476 BTWDNDIS ( UnsignedFile.Multi.Generic ) - warning
12:27:41.0515 5476 BTWDNDIS - detected UnsignedFile.Multi.Generic (1)
12:27:41.0531 5476 BTWUSB (fca94255e0a0e65c7c93530bdf10adca) C:\WINDOWS\system32\Drivers\btwusb.sys
12:27:41.0546 5476 BTWUSB ( UnsignedFile.Multi.Generic ) - warning
12:27:41.0546 5476 BTWUSB - detected UnsignedFile.Multi.Generic (1)
12:27:41.0625 5476 catchme - ok
12:27:41.0656 5476 cbidf (90a673fc8e12a79afbed2576f6a7aaf9) C:\WINDOWS\system32\DRIVERS\cbidf2k.sys
12:27:41.0843 5476 cbidf - ok
12:27:41.0859 5476 cbidf2k (90a673fc8e12a79afbed2576f6a7aaf9) C:\WINDOWS\system32\drivers\cbidf2k.sys
12:27:41.0984 5476 cbidf2k - ok
12:27:42.0046 5476 CCDECODE (6163ed60b684bab19d3352ab22fc48b2) C:\WINDOWS\system32\DRIVERS\CCDECODE.sys
12:27:42.0187 5476 CCDECODE - ok
12:27:42.0296 5476 ccEvtMgr (bc23af7afe69cdeebee5d336870d8bb1) C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
12:27:42.0328 5476 ccEvtMgr ( UnsignedFile.Multi.Generic ) - warning
12:27:42.0328 5476 ccEvtMgr - detected UnsignedFile.Multi.Generic (1)
12:27:42.0359 5476 ccPwdSvc (bad273291f28ad113581a00f1bfc5b00) C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
12:27:42.0375 5476 ccPwdSvc ( UnsignedFile.Multi.Generic ) - warning
12:27:42.0375 5476 ccPwdSvc - detected UnsignedFile.Multi.Generic (1)
12:27:42.0406 5476 ccSetMgr (af7d5f473ebb53953617ea39939605a6) C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
12:27:42.0437 5476 ccSetMgr ( UnsignedFile.Multi.Generic ) - warning
12:27:42.0437 5476 ccSetMgr - detected UnsignedFile.Multi.Generic (1)
12:27:42.0453 5476 cd20xrnt (f3ec03299634490e97bbce94cd2954c7) C:\WINDOWS\system32\DRIVERS\cd20xrnt.sys
12:27:42.0515 5476 cd20xrnt - ok
12:27:42.0562 5476 Cdaudio (c1b486a7658353d33a10cc15211a873b) C:\WINDOWS\system32\drivers\Cdaudio.sys
12:27:42.0718 5476 Cdaudio - ok
12:27:42.0781 5476 Cdfs (cd7d5152df32b47f4e36f710b35aae02) C:\WINDOWS\system32\drivers\Cdfs.sys
12:27:42.0921 5476 Cdfs - ok
12:27:42.0984 5476 Cdrom (af9c19b3100fe010496b1a27181fbf72) C:\WINDOWS\system32\DRIVERS\cdrom.sys
12:27:43.0109 5476 Cdrom - ok
12:27:43.0109 5476 Changer - ok
12:27:43.0187 5476 CiSvc (3192bd04d032a9c4a85a3278c268a13a) C:\WINDOWS\system32\cisvc.exe
12:27:43.0328 5476 CiSvc - ok
12:27:43.0437 5476 CLCapSvc (57d426b15aeffceb99baa7cc50eb05ab) C:\Program Files\Acer\Acer Arcade\Kernel\TV\CLCapSvc.exe
12:27:43.0453 5476 CLCapSvc ( UnsignedFile.Multi.Generic ) - warning
12:27:43.0453 5476 CLCapSvc - detected UnsignedFile.Multi.Generic (1)
12:27:43.0484 5476 ClipSrv (c8dec22c4137d7a90f8bdf41ca4b82ae) C:\WINDOWS\system32\clipsrv.exe
12:27:43.0625 5476 ClipSrv - ok
12:27:43.0750 5476 clr_optimization_v2.0.50727_32 (d87acaed61e417bba546ced5e7e36d9c) C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
12:27:43.0750 5476 clr_optimization_v2.0.50727_32 - ok
12:27:43.0796 5476 CLSched (c4aa32733d2ad6c8676f6ed4c92756ee) C:\Program Files\Acer\Acer Arcade\Kernel\TV\CLSched.exe
12:27:43.0812 5476 CLSched ( UnsignedFile.Multi.Generic ) - warning
12:27:43.0812 5476 CLSched - detected UnsignedFile.Multi.Generic (1)
12:27:43.0828 5476 CmBatt (4266be808f85826aedf3c64c1e240203) C:\WINDOWS\system32\DRIVERS\CmBatt.sys
12:27:44.0031 5476 CmBatt - ok
12:27:44.0093 5476 CmdIde (e5dcb56c533014ecbc556a8357c929d5) C:\WINDOWS\system32\DRIVERS\cmdide.sys
12:27:44.0234 5476 CmdIde - ok
12:27:44.0281 5476 Compbatt (df1b1a24bf52d0ebc01ed4ece8979f50) C:\WINDOWS\system32\DRIVERS\compbatt.sys
12:27:44.0421 5476 Compbatt - ok
12:27:44.0546 5476 COMSysApp - ok
12:27:44.0578 5476 Cpqarray (3ee529119eed34cd212a215e8c40d4b6) C:\WINDOWS\system32\DRIVERS\cpqarray.sys
12:27:44.0734 5476 Cpqarray - ok
12:27:44.0796 5476 CryptSvc (10654f9ddcea9c46cfb77554231be73b) C:\WINDOWS\System32\cryptsvc.dll
12:27:44.0921 5476 CryptSvc - ok
12:27:45.0000 5476 CyberLink Media Library Service (5b417ed5b49d5a65355a81a2a5fbc1e0) C:\Program Files\Acer\Acer Arcade\Kernel\CLML_NTService\CLMLServer.exe
12:27:45.0015 5476 CyberLink Media Library Service ( UnsignedFile.Multi.Generic ) - warning
12:27:45.0015 5476 CyberLink Media Library Service - detected UnsignedFile.Multi.Generic (1)
12:27:45.0046 5476 dac2w2k (e550e7418984b65a78299d248f0a7f36) C:\WINDOWS\system32\DRIVERS\dac2w2k.sys
12:27:45.0218 5476 dac2w2k - ok
12:27:45.0234 5476 dac960nt (683789caa3864eb46125ae86ff677d34) C:\WINDOWS\system32\DRIVERS\dac960nt.sys
12:27:45.0437 5476 dac960nt - ok
12:27:45.0531 5476 DcomLaunch (24b5d53b9accc1e2edcf0a878d6659d4) C:\WINDOWS\system32\rpcss.dll
12:27:45.0609 5476 DcomLaunch - ok
12:27:45.0656 5476 Dhcp (cb6ca3e5261d65f6f809eed23bf167aa) C:\WINDOWS\System32\dhcpcsvc.dll
12:27:45.0781 5476 Dhcp - ok
12:27:45.0843 5476 Disk (00ca44e4534865f8a3b64f7c0984bff0) C:\WINDOWS\system32\DRIVERS\disk.sys
12:27:45.0968 5476 Disk - ok
12:27:46.0031 5476 DKbFltr (08d30af92c270f2e76787c81589dbad6) C:\WINDOWS\system32\DRIVERS\DKbFltr.sys
12:27:46.0062 5476 DKbFltr - ok
12:27:46.0093 5476 dmadmin - ok
12:27:46.0156 5476 dmboot (c0fbb516e06e243f0cf31f597e7ebf7d) C:\WINDOWS\system32\drivers\dmboot.sys
12:27:46.0312 5476 dmboot - ok
12:27:46.0343 5476 dmio (f5e7b358a732d09f4bcf2824b88b9e28) C:\WINDOWS\system32\drivers\dmio.sys
12:27:46.0484 5476 dmio - ok
12:27:46.0531 5476 dmload (e9317282a63ca4d188c0df5e09c6ac5f) C:\WINDOWS\system32\drivers\dmload.sys
12:27:46.0671 5476 dmload - ok
12:27:46.0734 5476 dmserver (1639d9964c9e1b2ecca95c8217d3e70d) C:\WINDOWS\System32\dmserver.dll
12:27:46.0875 5476 dmserver - ok
12:27:46.0953 5476 DMusic (a6f881284ac1150e37d9ae47ff601267) C:\WINDOWS\system32\drivers\DMusic.sys
12:27:47.0078 5476 DMusic - ok
12:27:47.0156 5476 Dnscache (7379de06fd196e396a00aa97b990c00d) C:\WINDOWS\System32\dnsrslvr.dll
12:27:47.0312 5476 Dnscache - ok
12:27:47.0390 5476 dpti2o (40f3b93b4e5b0126f2f5c0a7a5e22660) C:\WINDOWS\system32\DRIVERS\dpti2o.sys
12:27:47.0531 5476 dpti2o - ok
12:27:47.0593 5476 drmkaud (1ed4dbbae9f5d558dbba4cc450e3eb2e) C:\WINDOWS\system32\drivers\drmkaud.sys
12:27:47.0765 5476 drmkaud - ok
12:27:47.0781 5476 EagleNT - ok
12:27:47.0859 5476 EpmPsd (d68564fcfbdfc04280cdbbb37cf7ef7f) C:\WINDOWS\system32\drivers\epm-psd.sys
12:27:47.0859 5476 EpmPsd ( UnsignedFile.Multi.Generic ) - warning
12:27:47.0859 5476 EpmPsd - detected UnsignedFile.Multi.Generic (1)
12:27:47.0890 5476 EpmShd (50425cbd80468bf53ba90f0d7cc61805) C:\WINDOWS\system32\drivers\epm-shd.sys
12:27:47.0906 5476 EpmShd ( UnsignedFile.Multi.Generic ) - warning
12:27:47.0906 5476 EpmShd - detected UnsignedFile.Multi.Generic (1)
12:27:47.0937 5476 ERSvc (67dff7bbbd0e80aab7b3cf061448db8a) C:\WINDOWS\System32\ersvc.dll
12:27:48.0109 5476 ERSvc - ok
12:27:48.0234 5476 Eventlog (4712531ab7a01b7ee059853ca17d39bd) C:\WINDOWS\system32\services.exe
12:27:48.0312 5476 Eventlog - ok
12:27:48.0375 5476 EventSystem (60d1a6342238378bfb7545c81ee3606c) C:\WINDOWS\system32\es.dll
12:27:48.0406 5476 EventSystem - ok
12:27:48.0500 5476 EvtEng (56ded3ade453272e6a0ad582d945d1a4) C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
12:27:48.0515 5476 EvtEng ( UnsignedFile.Multi.Generic ) - warning
12:27:48.0515 5476 EvtEng - detected UnsignedFile.Multi.Generic (1)
12:27:48.0562 5476 ewusbnet (fb54f67974d13d73be3e2f1df042d295) C:\WINDOWS\system32\DRIVERS\ewusbnet.sys
12:27:48.0609 5476 ewusbnet - ok
12:27:48.0656 5476 ew_hwusbdev (57c171ea22f0a7f068fcb0caedd1e8e7) C:\WINDOWS\system32\DRIVERS\ew_hwusbdev.sys
12:27:48.0718 5476 ew_hwusbdev - ok
12:27:48.0750 5476 Fastfat (3117f595e9615e04f05a54fc15a03b20) C:\WINDOWS\system32\drivers\Fastfat.sys
12:27:48.0953 5476 Fastfat - ok
12:27:49.0015 5476 FastUserSwitchingCompatibility (e7518dc542d3ebdcb80edd98462c7821) C:\WINDOWS\System32\shsvcs.dll
12:27:49.0140 5476 FastUserSwitchingCompatibility - ok
12:27:49.0250 5476 Fax (fcbd571fa0ee8dc238944ae5fab74461) C:\WINDOWS\system32\fxssvc.exe
12:27:49.0390 5476 Fax - ok
12:27:49.0468 5476 Fdc (ced2e8396a8838e59d8fd529c680e02c) C:\WINDOWS\system32\drivers\Fdc.sys
12:27:49.0609 5476 Fdc - ok
12:27:49.0656 5476 Fips (e153ab8a11de5452bcf5ac7652dbf3ed) C:\WINDOWS\system32\drivers\Fips.sys
12:27:49.0781 5476 Fips - ok
12:27:49.0781 5476 Flpydisk (0dd1de43115b93f4d85e889d7a86f548) C:\WINDOWS\system32\drivers\Flpydisk.sys
12:27:49.0953 5476 Flpydisk - ok
12:27:50.0015 5476 FltMgr (157754f0df355a9e0a6f54721914f9c6) C:\WINDOWS\system32\DRIVERS\fltMgr.sys
12:27:50.0140 5476 FltMgr - ok
12:27:50.0250 5476 FontCache3.0.0.0 (8ba7c024070f2b7fdd98ed8a4ba41789) C:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe
12:27:50.0265 5476 FontCache3.0.0.0 - ok
12:27:50.0281 5476 FsVga (455f778ee14368468560bd7cb8c854d0) C:\WINDOWS\system32\DRIVERS\fsvga.sys
12:27:50.0421 5476 FsVga - ok
12:27:50.0468 5476 Fs_Rec (3e1e2bd4f39b0e2b7dc4f4d2bcc2779a) C:\WINDOWS\system32\drivers\Fs_Rec.sys
12:27:50.0609 5476 Fs_Rec - ok
12:27:50.0656 5476 Ftdisk (6ac26732762483366c3969c9e4d2259d) C:\WINDOWS\system32\DRIVERS\ftdisk.sys
12:27:50.0828 5476 Ftdisk - ok
12:27:50.0890 5476 GearAspiWDM (32a73a8952580b284a47290adb62032a) C:\WINDOWS\system32\drivers\GearAspiWDM.sys
12:27:50.0906 5476 GearAspiWDM - ok
12:27:51.0015 5476 GEARSecurity (b6e01969246fcb67470e87e6957ee147) C:\WINDOWS\System32\GEARSec.exe
12:27:51.0031 5476 GEARSecurity ( UnsignedFile.Multi.Generic ) - warning
12:27:51.0031 5476 GEARSecurity - detected UnsignedFile.Multi.Generic (1)
12:27:51.0046 5476 Gpc (c0f1d4a21de5a415df8170616703debf) C:\WINDOWS\system32\DRIVERS\msgpc.sys
12:27:51.0187 5476 Gpc - ok
12:27:51.0234 5476 HDAudBus (3fcc124b6e08ee0e9351f717dd136939) C:\WINDOWS\system32\DRIVERS\HDAudBus.sys
12:27:51.0265 5476 HDAudBus - ok
12:27:51.0328 5476 helpsvc (8827911a8c37e40c027cbfc88e69d967) C:\WINDOWS\PCHealth\HelpCtr\Binaries\pchsvc.dll
12:27:51.0468 5476 helpsvc - ok
12:27:51.0562 5476 HidServ (9376e6893e52b368abc6255bf54f0b28) C:\WINDOWS\System32\hidserv.dll
12:27:51.0687 5476 HidServ - ok
12:27:51.0750 5476 HidUsb (1de6783b918f540149aa69943bdfeba8) C:\WINDOWS\system32\DRIVERS\hidusb.sys
12:27:51.0875 5476 HidUsb - ok
12:27:51.0953 5476 hpn (b028377dea0546a5fcfba928a8aefae0) C:\WINDOWS\system32\DRIVERS\hpn.sys
12:27:52.0078 5476 hpn - ok
12:27:52.0140 5476 HSFHWAZL (a30d7011c1b80a0bc16602d99218d522) C:\WINDOWS\system32\DRIVERS\HSFHWAZL.sys
12:27:52.0171 5476 HSFHWAZL - ok
12:27:52.0250 5476 HSF_DPV (5a5a7721d9c62d77fc0faba9b2cf5be9) C:\WINDOWS\system32\DRIVERS\HSF_DPV.sys
12:27:52.0281 5476 HSF_DPV - ok
12:27:52.0343 5476 HTTP (c19b522a9ae0bbc3293397f3055e80a1) C:\WINDOWS\system32\Drivers\HTTP.sys
12:27:52.0515 5476 HTTP - ok
12:27:52.0609 5476 HTTPFilter (064d8581adf77c25133e7d751d917d83) C:\WINDOWS\System32\w3ssl.dll
12:27:52.0781 5476 HTTPFilter - ok
12:27:52.0859 5476 huawei_enumerator (f44461e66f1b7dd267957fe9baa63ed0) C:\WINDOWS\system32\DRIVERS\ew_jubusenum.sys
12:27:52.0953 5476 huawei_enumerator - ok
12:27:53.0015 5476 hwdatacard (b50e1d8627354ba8e4df83470f1272c8) C:\WINDOWS\system32\DRIVERS\ewusbmdm.sys
12:27:53.0062 5476 hwdatacard - ok
12:27:53.0140 5476 HWDeviceService.exe (b7c8da103a52dd978fb49522acb3c5ce) C:\Documents and Settings\All Users\Application Data\DatacardService\HWDeviceService.exe
12:27:53.0156 5476 HWDeviceService.exe ( UnsignedFile.Multi.Generic ) - warning
12:27:53.0156 5476 HWDeviceService.exe - detected UnsignedFile.Multi.Generic (1)
12:27:53.0203 5476 i2omgmt (8f09f91b5c91363b77bcd15599570f2c) C:\WINDOWS\system32\drivers\i2omgmt.sys
12:27:53.0359 5476 i2omgmt - ok
12:27:53.0421 5476 i2omp (ed6bf9e441fdea13292a6d30a64a24c3) C:\WINDOWS\system32\DRIVERS\i2omp.sys
12:27:53.0609 5476 i2omp - ok
12:27:53.0671 5476 i8042prt (5502b58eef7486ee6f93f3f164dcb808) C:\WINDOWS\system32\DRIVERS\i8042prt.sys
12:27:53.0812 5476 i8042prt - ok
12:27:54.0031 5476 idsvc (c01ac32dc5c03076cfb852cb5da5229c) C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe
12:27:54.0062 5476 idsvc - ok
12:27:54.0093 5476 Imapi (f8aa320c6a0409c0380e5d8a99d76ec6) C:\WINDOWS\system32\DRIVERS\imapi.sys
12:27:54.0281 5476 Imapi - ok
12:27:54.0390 5476 ImapiService (fa788520bcac0f5d9d5cde5615c0d931) C:\WINDOWS\system32\imapi.exe
12:27:54.0515 5476 ImapiService - ok
12:27:54.0531 5476 InCDFs - ok
12:27:54.0531 5476 InCDPass - ok
12:27:54.0546 5476 InCDRm - ok
12:27:54.0609 5476 ini910u (4a40e045faee58631fd8d91afc620719) C:\WINDOWS\system32\DRIVERS\ini910u.sys
12:27:54.0750 5476 ini910u - ok
12:27:54.0968 5476 IntcAzAudAddService (60d7460b07012d364ced11dd9fd83e1f) C:\WINDOWS\system32\drivers\RtkHDAud.sys
12:27:55.0171 5476 IntcAzAudAddService - ok
12:27:55.0250 5476 IntelIde (2d722b2b54ab55b2fa475eb58d7b2aad) C:\WINDOWS\system32\DRIVERS\intelide.sys
12:27:55.0453 5476 IntelIde - ok
12:27:55.0531 5476 intelppm (279fb78702454dff2bb445f238c048d2) C:\WINDOWS\system32\DRIVERS\intelppm.sys
12:27:55.0671 5476 intelppm - ok
12:27:55.0734 5476 Ip6Fw (4448006b6bc60e6c027932cfc38d6855) C:\WINDOWS\system32\DRIVERS\Ip6Fw.sys
12:27:55.0859 5476 Ip6Fw - ok
12:27:55.0921 5476 IpFilterDriver (731f22ba402ee4b62748adaf6363c182) C:\WINDOWS\system32\DRIVERS\ipfltdrv.sys
12:27:56.0062 5476 IpFilterDriver - ok
12:27:56.0125 5476 IpInIp (e1ec7f5da720b640cd8fb8424f1b14bb) C:\WINDOWS\system32\DRIVERS\ipinip.sys
12:27:56.0281 5476 IpInIp - ok
12:27:56.0375 5476 IpNat (b5a8e215ac29d24d60b4d1250ef05ace) C:\WINDOWS\system32\DRIVERS\ipnat.sys
12:27:56.0515 5476 IpNat - ok
12:27:56.0578 5476 IPSec (64537aa5c003a6afeee1df819062d0d1) C:\WINDOWS\system32\DRIVERS\ipsec.sys
12:27:56.0750 5476 IPSec - ok
12:27:56.0828 5476 irda (86c204836feec22510d434982d4221b8) C:\WINDOWS\system32\DRIVERS\irda.sys
12:27:56.0906 5476 irda - ok
12:27:56.0953 5476 IRENUM (50708daa1b1cbb7d6ac1cf8f56a24410) C:\WINDOWS\system32\DRIVERS\irenum.sys
12:27:57.0031 5476 IRENUM - ok
12:27:57.0125 5476 Irmon (a02512c315c84f475bd89f847048b27b) C:\WINDOWS\System32\irmon.dll
12:27:57.0203 5476 Irmon - ok
12:27:57.0234 5476 isapnp (e504f706ccb699c2596e9a3da1596e87) C:\WINDOWS\system32\DRIVERS\isapnp.sys
12:27:57.0390 5476 isapnp - ok
12:27:57.0515 5476 iWinTrusted (b934c6670e6793d89c6a81669c82b210) C:\Program Files\iWin Games\iWinTrusted.exe
12:27:57.0546 5476 iWinTrusted - ok
12:27:57.0640 5476 JavaQuickStarterService (c2c1660ddcc9bd67eb98d6d5f91c107f) C:\Program Files\Oracle\JavaFX 2.1 Runtime\bin\jqs.exe
12:27:57.0656 5476 JavaQuickStarterService - ok
12:27:57.0671 5476 Kbdclass (ebdee8a2ee5393890a1acee971c4c246) C:\WINDOWS\system32\DRIVERS\kbdclass.sys
12:27:57.0828 5476 Kbdclass - ok
12:27:57.0890 5476 kbdhid (e182fa8e49e8ee41b4adc53093f3c7e6) C:\WINDOWS\system32\DRIVERS\kbdhid.sys
12:27:58.0078 5476 kbdhid - ok
12:27:58.0156 5476 kmixer (d93cad07c5683db066b0b2d2d3790ead) C:\WINDOWS\system32\drivers\kmixer.sys
12:27:58.0296 5476 kmixer - ok
12:27:58.0375 5476 KSecDD (1be7cc2535d760ae4d481576eb789f24) C:\WINDOWS\system32\drivers\KSecDD.sys
12:27:58.0406 5476 KSecDD - ok
12:27:58.0453 5476 lanmanserver (93d32468d34e000cb3407947d1d6e22a) C:\WINDOWS\System32\srvsvc.dll
12:27:58.0578 5476 lanmanserver - ok
12:27:58.0718 5476 lanmanworkstation (e1f27cfcd114ec9f1e1f44674b2ff9f0) C:\WINDOWS\System32\wkssvc.dll
12:27:58.0734 5476 lanmanworkstation - ok
12:27:58.0734 5476 lbrtfdc - ok
12:27:58.0765 5476 LmHosts (b3eff6d938c572e90a07b3d87a3c7657) C:\WINDOWS\System32\lmhsvc.dll
12:27:58.0921 5476 LmHosts - ok
12:27:59.0015 5476 lv321av (8e983f827edab91baa424977c6efddee) C:\WINDOWS\system32\Drivers\lv321av.sys
12:27:59.0062 5476 lv321av - ok
12:27:59.0203 5476 lvmvdrv (5492f579ad7bf7dd61be35ad18ff0ad7) C:\WINDOWS\system32\drivers\lvmvdrv.sys
12:27:59.0328 5476 lvmvdrv ( UnsignedFile.Multi.Generic ) - warning
12:27:59.0328 5476 lvmvdrv - detected UnsignedFile.Multi.Generic (1)
12:27:59.0437 5476 LVPrcMon (d8cf31431aa398c1d79931203a75332f) C:\WINDOWS\system32\drivers\LVPrcMon.sys
12:27:59.0453 5476 LVPrcMon ( UnsignedFile.Multi.Generic ) - warning
12:27:59.0453 5476 LVPrcMon - detected UnsignedFile.Multi.Generic (1)
12:27:59.0562 5476 LVPrcSrv (6d86a534081afafb906862cfb8ddc7cb) c:\program files\common files\logitech\lvmvfm\LVPrcSrv.exe
12:27:59.0578 5476 LVPrcSrv ( UnsignedFile.Multi.Generic ) - warning
12:27:59.0578 5476 LVPrcSrv - detected UnsignedFile.Multi.Generic (1)
12:27:59.0625 5476 LVUSBSta (2a3a8361192de05de7d51d1f04f58b28) C:\WINDOWS\system32\drivers\lvusbsta.sys
12:27:59.0640 5476 LVUSBSta - ok
12:27:59.0687 5476 mdmxsdk (e246a32c445056996074a397da56e815) C:\WINDOWS\system32\DRIVERS\mdmxsdk.sys
12:27:59.0703 5476 mdmxsdk - ok
12:27:59.0765 5476 Messenger (95fd808e4ac22aba025a7b3eac0375d2) C:\WINDOWS\System32\msgsvc.dll
12:27:59.0984 5476 Messenger - ok
12:28:00.0046 5476 mnmdd (4ae068242760a1fb6e1a44bf4e16afa6) C:\WINDOWS\system32\drivers\mnmdd.sys
12:28:00.0187 5476 mnmdd - ok
12:28:00.0296 5476 mnmsrvc (f6415361201915b9fe3896b0e4e724ff) C:\WINDOWS\system32\mnmsrvc.exe
12:28:00.0437 5476 mnmsrvc - ok
12:28:00.0484 5476 Modem (6fc6f9d7acc36dca9b914565a3aeda05) C:\WINDOWS\system32\drivers\Modem.sys
12:28:00.0671 5476 Modem - ok
12:28:00.0750 5476 Mouclass (34e1f0031153e491910e12551400192c) C:\WINDOWS\system32\DRIVERS\mouclass.sys
12:28:00.0890 5476 Mouclass - ok
12:28:00.0953 5476 mouhid (b1c303e17fb9d46e87a98e4ba6769685) C:\WINDOWS\system32\DRIVERS\mouhid.sys
12:28:01.0109 5476 mouhid - ok
12:28:01.0125 5476 MountMgr (65653f3b4477f3c63e68a9659f85ee2e) C:\WINDOWS\system32\drivers\MountMgr.sys
12:28:01.0265 5476 MountMgr - ok
12:28:01.0328 5476 MPE (55a9a7e6bb297bf0f5b144029dcb79cc) C:\WINDOWS\system32\DRIVERS\MPE.sys
12:28:01.0453 5476 MPE - ok
12:28:01.0515 5476 mraid35x (3f4bb95e5a44f3be34824e8e7caf0737) C:\WINDOWS\system32\DRIVERS\mraid35x.sys
12:28:01.0656 5476 mraid35x - ok
12:28:01.0718 5476 MRxDAV (46edcc8f2db2f322c24f48785cb46366) C:\WINDOWS\system32\DRIVERS\mrxdav.sys
12:28:01.0859 5476 MRxDAV - ok
12:28:01.0953 5476 MRxSmb (fb6c89bb3ce282b08bdb1e3c179e1c39) C:\WINDOWS\system32\DRIVERS\mrxsmb.sys
12:28:02.0031 5476 MRxSmb - ok
12:28:02.0078 5476 MSDTC (c7c3d89eb0a6f3dba622ea737fa335b1) C:\WINDOWS\system32\msdtc.exe
12:28:02.0218 5476 MSDTC - ok
12:28:02.0265 5476 Msfs (561b3a4333ca2dbdba28b5b956822519) C:\WINDOWS\system32\drivers\Msfs.sys
12:28:02.0406 5476 Msfs - ok
12:28:02.0562 5476 MSIServer - ok
12:28:02.0593 5476 MSKSSRV (ae431a8dd3c1d0d0610cdbac16057ad0) C:\WINDOWS\system32\drivers\MSKSSRV.sys
12:28:02.0796 5476 MSKSSRV - ok
12:28:02.0875 5476 MSPCLOCK (13e75fef9dfeb08eeded9d0246e1f448) C:\WINDOWS\system32\drivers\MSPCLOCK.sys
12:28:03.0000 5476 MSPCLOCK - ok
12:28:03.0062 5476 MSPQM (1988a33ff19242576c3d0ef9ce785da7) C:\WINDOWS\system32\drivers\MSPQM.sys
12:28:03.0203 5476 MSPQM - ok
12:28:03.0265 5476 mssmbios (469541f8bfd2b32659d5d463a6714bce) C:\WINDOWS\system32\DRIVERS\mssmbios.sys
12:28:03.0375 5476 mssmbios - ok
12:28:03.0437 5476 MSTEE (bf13612142995096ab084f2db7f40f77) C:\WINDOWS\system32\drivers\MSTEE.sys
12:28:03.0546 5476 MSTEE - ok
12:28:03.0609 5476 Mup (82035e0f41c2dd05ae41d27fe6cf7de1) C:\WINDOWS\system32\drivers\Mup.sys
12:28:03.0750 5476 Mup - ok
12:28:03.0812 5476 NABTSFEC (5c8dc6429c43dc6177c1fa5b76290d1a) C:\WINDOWS\system32\DRIVERS\NABTSFEC.sys
12:28:03.0953 5476 NABTSFEC - ok
12:28:04.0000 5476 NDIS (558635d3af1c7546d26067d5d9b6959e) C:\WINDOWS\system32\drivers\NDIS.sys
12:28:04.0140 5476 NDIS - ok
12:28:04.0218 5476 NdisFilt (1f76996253071cbae0a5ab5d8551ef88) C:\WINDOWS\system32\Drivers\NdisFilt.sys
12:28:04.0218 5476 NdisFilt ( UnsignedFile.Multi.Generic ) - warning
12:28:04.0218 5476 NdisFilt - detected UnsignedFile.Multi.Generic (1)
12:28:04.0250 5476 NdisIP (520ce427a8b298f54112857bcf6bde15) C:\WINDOWS\system32\DRIVERS\NdisIP.sys
12:28:04.0375 5476 NdisIP - ok
12:28:04.0437 5476 NdisTapi (08d43bbdacdf23f34d79e44ed35c1b4c) C:\WINDOWS\system32\DRIVERS\ndistapi.sys
12:28:04.0562 5476 NdisTapi - ok
12:28:04.0640 5476 Ndisuio (34d6cd56409da9a7ed573e1c90a308bf) C:\WINDOWS\system32\DRIVERS\ndisuio.sys
12:28:04.0765 5476 Ndisuio - ok
12:28:04.0781 5476 NdisWan (0b90e255a9490166ab368cd55a529893) C:\WINDOWS\system32\DRIVERS\ndiswan.sys
12:28:04.0937 5476 NdisWan - ok
12:28:05.0000 5476 NDProxy (59fc3fb44d2669bc144fd87826bb571f) C:\WINDOWS\system32\drivers\NDProxy.sys
12:28:05.0125 5476 NDProxy - ok
12:28:05.0187 5476 NetBIOS (3a2aca8fc1d7786902ca434998d7ceb4) C:\WINDOWS\system32\DRIVERS\netbios.sys
12:28:05.0328 5476 NetBIOS - ok
12:28:05.0375 5476 NetBT (0c80e410cd2f47134407ee7dd19cc86b) C:\WINDOWS\system32\DRIVERS\netbt.sys
12:28:05.0515 5476 NetBT - ok
12:28:05.0609 5476 NetDDE (05afb5ad06462257bea7495283c86d50) C:\WINDOWS\system32\netdde.exe
12:28:05.0734 5476 NetDDE - ok
12:28:05.0734 5476 NetDDEdsdm (05afb5ad06462257bea7495283c86d50) C:\WINDOWS\system32\netdde.exe
12:28:05.0859 5476 NetDDEdsdm - ok
12:28:05.0953 5476 Netlogon (84885f9b82f4d55c6146ebf6065d75d2) C:\WINDOWS\system32\lsass.exe
12:28:06.0078 5476 Netlogon - ok
12:28:06.0140 5476 Netman (dab9e6c7105d2ef49876fe92c524f565) C:\WINDOWS\System32\netman.dll
12:28:06.0281 5476 Netman - ok
12:28:06.0359 5476 NETMNT (6a25f27202f3122a44a6b74ee46e7a76) C:\WINDOWS\system32\DRIVERS\NETMNT.sys
12:28:06.0375 5476 NETMNT ( UnsignedFile.Multi.Generic ) - warning
12:28:06.0375 5476 NETMNT - detected UnsignedFile.Multi.Generic (1)
12:28:06.0453 5476 NetTcpPortSharing (d34612c5d02d026535b3095d620626ae) C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe
12:28:06.0453 5476 NetTcpPortSharing - ok
12:28:06.0500 5476 NIC1394 (5c5c53db4fef16cf87b9911c7e8c6fbc) C:\WINDOWS\system32\DRIVERS\nic1394.sys
12:28:06.0671 5476 NIC1394 - ok
12:28:06.0796 5476 Nla (097722f235a1fb698bf9234e01b52637) C:\WINDOWS\System32\mswsock.dll
12:28:06.0859 5476 Nla - ok
12:28:07.0062 5476 Norton Ghost (371f4f6f9ec867eaaa57a64fae8d4956) C:\Program Files\Norton Ghost\Agent\VProSvc.exe
12:28:07.0156 5476 Norton Ghost ( UnsignedFile.Multi.Generic ) - warning
12:28:07.0156 5476 Norton Ghost - detected UnsignedFile.Multi.Generic (1)
12:28:07.0265 5476 Npfs (4f601bcb8f64ea3ac0994f98fed03f8e) C:\WINDOWS\system32\drivers\Npfs.sys
12:28:07.0453 5476 Npfs - ok
12:28:07.0578 5476 npggsvc - ok
12:28:07.0625 5476 Ntfs (b78be402c3f63dd55521f73876951cdd) C:\WINDOWS\system32\drivers\Ntfs.sys
12:28:07.0781 5476 Ntfs - ok
12:28:07.0843 5476 NTIDrvr (7f1c1f78d709c4a54cbb46ede7e0b48d) C:\WINDOWS\system32\DRIVERS\NTIDrvr.sys
12:28:07.0843 5476 NTIDrvr ( UnsignedFile.Multi.Generic ) - warning
12:28:07.0843 5476 NTIDrvr - detected UnsignedFile.Multi.Generic (1)
12:28:07.0906 5476 NtLmSsp (84885f9b82f4d55c6146ebf6065d75d2) C:\WINDOWS\system32\lsass.exe
12:28:08.0031 5476 NtLmSsp - ok
12:28:08.0140 5476 NtmsSvc (b62f29c00ac55a761b2e45877d85ea0f) C:\WINDOWS\system32\ntmssvc.dll
12:28:08.0312 5476 NtmsSvc - ok
12:28:08.0343 5476 Null (73c1e1f395918bc2c6dd67af7591a3ad) C:\WINDOWS\system32\drivers\Null.sys
12:28:08.0468 5476 Null - ok
12:28:08.0531 5476 NwlnkFlt (b305f3fad35083837ef46a0bbce2fc57) C:\WINDOWS\system32\DRIVERS\nwlnkflt.sys
12:28:08.0671 5476 NwlnkFlt - ok
12:28:08.0687 5476 NwlnkFwd (c99b3415198d1aab7227f2c88fd664b9) C:\WINDOWS\system32\DRIVERS\nwlnkfwd.sys
12:28:08.0812 5476 NwlnkFwd - ok
12:28:08.0890 5476 NwlnkIpx (79ea3fcda7067977625b3363a2657c80) C:\WINDOWS\system32\DRIVERS\nwlnkipx.sys
12:28:09.0015 5476 NwlnkIpx - ok
12:28:09.0046 5476 NwlnkNb (56d34a67c05e94e16377c60609741ff8) C:\WINDOWS\system32\DRIVERS\nwlnknb.sys
12:28:09.0203 5476 NwlnkNb - ok
12:28:09.0265 5476 NwlnkSpx (c0bb7d1615e1acbdc99757f6ceaf8cf0) C:\WINDOWS\system32\DRIVERS\nwlnkspx.sys
12:28:09.0390 5476 NwlnkSpx - ok
12:28:09.0437 5476 ohci1394 (0951db8e5823ea366b0e408d71e1ba2a) C:\WINDOWS\system32\DRIVERS\ohci1394.sys
12:28:09.0578 5476 ohci1394 - ok
12:28:09.0609 5476 OsaFsLoc (26c4a4b64d1dd8e6fdfb2f4897be029c) C:\WINDOWS\system32\drivers\OsaFsLoc.sys
12:28:09.0609 5476 OsaFsLoc ( UnsignedFile.Multi.Generic ) - warning
12:28:09.0609 5476 OsaFsLoc - detected UnsignedFile.Multi.Generic (1)
12:28:09.0640 5476 osaio (9d1177c2a8de936b33d85ff75e8cbf1a) C:\WINDOWS\system32\drivers\osaio.sys
12:28:09.0656 5476 osaio ( UnsignedFile.Multi.Generic ) - warning
12:28:09.0656 5476 osaio - detected UnsignedFile.Multi.Generic (1)
12:28:09.0703 5476 osanbm (3245bee5176697faf0744a2e1288dc77) C:\WINDOWS\system32\drivers\osanbm.sys
12:28:09.0718 5476 osanbm ( UnsignedFile.Multi.Generic ) - warning
12:28:09.0718 5476 osanbm - detected UnsignedFile.Multi.Generic (1)
12:28:09.0750 5476 Parport (29744eb4ce659dfe3b4122deb45bc478) C:\WINDOWS\system32\drivers\Parport.sys
12:28:09.0875 5476 Parport - ok
12:28:09.0921 5476 PartMgr (3334430c29dc338092f79c38ef7b4cd0) C:\WINDOWS\system32\drivers\PartMgr.sys
12:28:10.0062 5476 PartMgr - ok
12:28:10.0109 5476 ParVdm (70e98b3fd8e963a6a46a2e6247e0bea1) C:\WINDOWS\system32\drivers\ParVdm.sys
12:28:10.0234 5476 ParVdm - ok
12:28:10.0250 5476 PCI (8086d9979234b603ad5bc2f5d890b234) C:\WINDOWS\system32\DRIVERS\pci.sys
12:28:10.0375 5476 PCI - ok
12:28:10.0390 5476 PCIDump - ok
12:28:10.0437 5476 PCIIde (ccf5f451bb1a5a2a522a76e670000ff0) C:\WINDOWS\system32\DRIVERS\pciide.sys
12:28:10.0562 5476 PCIIde - ok
12:28:10.0640 5476 Pcmcia (82a087207decec8456fbe8537947d579) C:\WINDOWS\system32\DRIVERS\pcmcia.sys
12:28:10.0765 5476 Pcmcia - ok
12:28:10.0781 5476 PDCOMP - ok
12:28:10.0781 5476 PDFRAME - ok
12:28:10.0796 5476 PDRELI - ok
12:28:10.0812 5476 PDRFRAME - ok
12:28:10.0875 5476 perc2 (6c14b9c19ba84f73d3a86dba11133101) C:\WINDOWS\system32\DRIVERS\perc2.sys
12:28:11.0000 5476 perc2 - ok
12:28:11.0015 5476 perc2hib (f50f7c27f131afe7beba13e14a3b9416) C:\WINDOWS\system32\DRIVERS\perc2hib.sys
12:28:11.0203 5476 perc2hib - ok
12:28:11.0281 5476 PlugPlay (4712531ab7a01b7ee059853ca17d39bd) C:\WINDOWS\system32\services.exe
12:28:11.0343 5476 PlugPlay - ok
12:28:11.0375 5476 PolicyAgent (84885f9b82f4d55c6146ebf6065d75d2) C:\WINDOWS\system32\lsass.exe
12:28:11.0515 5476 PolicyAgent - ok
12:28:11.0578 5476 PptpMiniport (1c5cc65aac0783c344f16353e60b72ac) C:\WINDOWS\system32\DRIVERS\raspptp.sys
12:28:11.0703 5476 PptpMiniport - ok
12:28:11.0718 5476 ProtectedStorage (84885f9b82f4d55c6146ebf6065d75d2) C:\WINDOWS\system32\lsass.exe
12:28:11.0843 5476 ProtectedStorage - ok
12:28:11.0859 5476 PSched (48671f327553dcf1d27f6197f622a668) C:\WINDOWS\system32\DRIVERS\psched.sys
12:28:12.0031 5476 PSched - ok
12:28:12.0046 5476 Ptilink (80d317bd1c3dbc5d4fe7b1678c60cadd) C:\WINDOWS\system32\DRIVERS\ptilink.sys
12:28:12.0156 5476 Ptilink - ok
12:28:12.0218 5476 ql1080 (0a63fb54039eb5662433caba3b26dba7) C:\WINDOWS\system32\DRIVERS\ql1080.sys
12:28:12.0328 5476 ql1080 - ok
12:28:12.0390 5476 Ql10wnt (6503449e1d43a0ff0201ad5cb1b8c706) C:\WINDOWS\system32\DRIVERS\ql10wnt.sys
12:28:12.0515 5476 Ql10wnt - ok
12:28:12.0593 5476 ql12160 (156ed0ef20c15114ca097a34a30d8a01) C:\WINDOWS\system32\DRIVERS\ql12160.sys
12:28:12.0734 5476 ql12160 - ok
12:28:12.0765 5476 ql1240 (70f016bebde6d29e864c1230a07cc5e6) C:\WINDOWS\system32\DRIVERS\ql1240.sys
12:28:12.0875 5476 ql1240 - ok
12:28:12.0937 5476 ql1280 (907f0aeea6bc451011611e732bd31fcf) C:\WINDOWS\system32\DRIVERS\ql1280.sys
12:28:13.0078 5476 ql1280 - ok
12:28:13.0125 5476 RasAcd (fe0d99d6f31e4fad8159f690d68ded9c) C:\WINDOWS\system32\DRIVERS\rasacd.sys
12:28:13.0250 5476 RasAcd - ok
12:28:13.0328 5476 RasAuto (44db7a9bdd2fb58747d123fbf1d35adb) C:\WINDOWS\System32\rasauto.dll
12:28:13.0453 5476 RasAuto - ok
12:28:13.0515 5476 Rasirda (0207d26ddf796a193ccd9f83047bb5fc) C:\WINDOWS\system32\DRIVERS\rasirda.sys
12:28:13.0593 5476 Rasirda - ok
12:28:13.0609 5476 Rasl2tp (98faeb4a4dcf812ba1c6fca4aa3e115c) C:\WINDOWS\system32\DRIVERS\rasl2tp.sys
12:28:13.0781 5476 Rasl2tp - ok
12:28:13.0890 5476 RasMan (41a3c11e3517c962c9b44893bcec3b34) C:\WINDOWS\System32\rasmans.dll
12:28:14.0031 5476 RasMan - ok
12:28:14.0078 5476 RasPppoe (7306eeed8895454cbed4669be9f79faa) C:\WINDOWS\system32\DRIVERS\raspppoe.sys
12:28:14.0218 5476 RasPppoe - ok
12:28:14.0265 5476 Raspti (fdbb1d60066fcfbb7452fd8f9829b242) C:\WINDOWS\system32\DRIVERS\raspti.sys
12:28:14.0406 5476 Raspti - ok
12:28:14.0468 5476 Rdbss (29d66245adba878fff574cd66abd2884) C:\WINDOWS\system32\DRIVERS\rdbss.sys
12:28:14.0640 5476 Rdbss - ok
12:28:14.0687 5476 RDPCDD (4912d5b403614ce99c28420f75353332) C:\WINDOWS\system32\DRIVERS\RDPCDD.sys
12:28:14.0843 5476 RDPCDD - ok
12:28:14.0921 5476 rdpdr (a2cae2c60bc37e0751ef9dda7ceaf4ad) C:\WINDOWS\system32\DRIVERS\rdpdr.sys
12:28:15.0078 5476 rdpdr - ok
12:28:15.0140 5476 RDPWD (d4f5643d7714ef499ae9527fdcd50894) C:\WINDOWS\system32\drivers\RDPWD.sys
12:28:15.0281 5476 RDPWD - ok
12:28:15.0359 5476 RDSessMgr (729798e0933076b8fcfcd9934698f164) C:\WINDOWS\system32\sessmgr.exe
12:28:15.0500 5476 RDSessMgr - ok
12:28:15.0546 5476 redbook (b31b4588e4086d8d84adbf9845c2402b) C:\WINDOWS\system32\DRIVERS\redbook.sys
12:28:15.0687 5476 redbook - ok
12:28:15.0812 5476 RegSrvc (1b2857ef12d79a9f9adba14b0637cbf8) C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
12:28:15.0828 5476 RegSrvc ( UnsignedFile.Multi.Generic ) - warning
12:28:15.0828 5476 RegSrvc - detected UnsignedFile.Multi.Generic (1)
12:28:15.0859 5476 RemoteAccess (3046db917e3cfa040632799dd9b14865) C:\WINDOWS\System32\mprdim.dll
12:28:16.0000 5476 RemoteAccess - ok
12:28:16.0062 5476 RFCOMM (99c4b74981a1413f142a3903130088cb) C:\WINDOWS\system32\DRIVERS\rfcomm.sys
12:28:16.0203 5476 RFCOMM - ok
12:28:16.0265 5476 RichVideo (a76cddb6d1f25797843e2557a2118e2e) C:\Program Files\CyberLink\Shared Files\RichVideo.exe
12:28:16.0265 5476 RichVideo ( UnsignedFile.Multi.Generic ) - warning
12:28:16.0265 5476 RichVideo - detected UnsignedFile.Multi.Generic (1)
12:28:16.0281 5476 rpcapd - ok
12:28:16.0343 5476 RpcLocator (793f04a09b15e7c6c11dbdffaf06c0ab) C:\WINDOWS\system32\locator.exe
12:28:16.0531 5476 RpcLocator - ok
12:28:16.0625 5476 RpcSs (24b5d53b9accc1e2edcf0a878d6659d4) C:\WINDOWS\System32\rpcss.dll
12:28:16.0718 5476 RpcSs - ok
12:28:16.0765 5476 RSVP (471b3f9741d762abe75e9deea4787e47) C:\WINDOWS\system32\rsvp.exe
12:28:16.0890 5476 RSVP - ok
12:28:16.0984 5476 S24EventMonitor (6c5155cc0e805c7be6028bff7ac14524) C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
12:28:17.0015 5476 S24EventMonitor ( UnsignedFile.Multi.Generic ) - warning
12:28:17.0015 5476 S24EventMonitor - detected UnsignedFile.Multi.Generic (1)
12:28:17.0046 5476 s24trans (1cc074e0d48383d4e9bffc6a26c2a58a) C:\WINDOWS\system32\DRIVERS\s24trans.sys
12:28:17.0062 5476 s24trans ( UnsignedFile.Multi.Generic ) - warning
12:28:17.0062 5476 s24trans - detected UnsignedFile.Multi.Generic (1)
12:28:17.0093 5476 SamSs (84885f9b82f4d55c6146ebf6065d75d2) C:\WINDOWS\system32\lsass.exe
12:28:17.0234 5476 SamSs - ok
12:28:17.0343 5476 SCardSvr (25d8de134df108e3dbc8d7d23b1aa58e) C:\WINDOWS\System32\SCardSvr.exe
12:28:17.0468 5476 SCardSvr - ok
12:28:17.0562 5476 Schedule (92360854316611f6cc471612213c3d92) C:\WINDOWS\system32\schedsvc.dll
12:28:17.0703 5476 Schedule - ok
12:28:17.0765 5476 Secdrv (d26e26ea516450af9d072635c60387f4) C:\WINDOWS\system32\DRIVERS\secdrv.sys
12:28:17.0843 5476 Secdrv - ok
12:28:17.0875 5476 seclogon (b1e0ce09895376871746f36dc5773b4f) C:\WINDOWS\System32\seclogon.dll
12:28:18.0000 5476 seclogon - ok
12:28:18.0031 5476 SENS (dfd9870cf39c791d86c4c209da9fa919) C:\WINDOWS\system32\sens.dll
12:28:18.0187 5476 SENS - ok
12:28:18.0250 5476 Serial (cd9404d115a00d249f70a371b46d5a26) C:\WINDOWS\system32\drivers\Serial.sys
12:28:18.0390 5476 Serial - ok
12:28:18.0468 5476 sfdrv01 (00de597b81b381053cb5b21a7f20e365) C:\WINDOWS\system32\drivers\sfdrv01.sys
12:28:18.0468 5476 sfdrv01 ( UnsignedFile.Multi.Generic ) - warning
12:28:18.0468 5476 sfdrv01 - detected UnsignedFile.Multi.Generic (1)
12:28:18.0484 5476 sfhlp02 (64b9ab76f1b16eb059cb6cdd906c067a) C:\WINDOWS\system32\drivers\sfhlp02.sys
12:28:18.0484 5476 sfhlp02 ( UnsignedFile.Multi.Generic ) - warning
12:28:18.0484 5476 sfhlp02 - detected UnsignedFile.Multi.Generic (1)
12:28:18.0515 5476 Sfloppy (0d13b6df6e9e101013a7afb0ce629fe0) C:\WINDOWS\system32\drivers\Sfloppy.sys
12:28:18.0625 5476 Sfloppy - ok
12:28:18.0734 5476 SharedAccess (36cc8c01b5e50163037bef56cb96deff) C:\WINDOWS\System32\ipnathlp.dll
12:28:18.0890 5476 SharedAccess - ok
12:28:18.0953 5476 ShellHWDetection (e7518dc542d3ebdcb80edd98462c7821) C:\WINDOWS\System32\shsvcs.dll
12:28:19.0078 5476 ShellHWDetection - ok
12:28:19.0078 5476 Simbad - ok
12:28:19.0156 5476 sisagp (732d859b286da692119f286b21a2a114) C:\WINDOWS\system32\DRIVERS\sisagp.sys
12:28:19.0281 5476 sisagp - ok
12:28:19.0328 5476 SLIP (5caeed86821fa2c6139e32e9e05ccdc9) C:\WINDOWS\system32\DRIVERS\SLIP.sys
12:28:19.0453 5476 SLIP - ok
12:28:19.0515 5476 SMCB000 (56642f0391ca5176f8cc1432e559ad00) C:\WINDOWS\system32\DRIVERS\hidsmsc.sys
12:28:19.0531 5476 SMCB000 - ok
12:28:19.0562 5476 SMCIRDA (62556d170f22c43a544481e4ee16d2e2) C:\WINDOWS\system32\DRIVERS\smcirda.sys
12:28:19.0578 5476 SMCIRDA - ok
12:28:19.0609 5476 Sparrow (83c0f71f86d3bdaf915685f3d568b20e) C:\WINDOWS\system32\DRIVERS\sparrow.sys
12:28:19.0671 5476 Sparrow - ok
12:28:19.0703 5476 splitter (8e186b8f23295d1e42c573b82b80d548) C:\WINDOWS\system32\drivers\splitter.sys
12:28:19.0828 5476 splitter - ok
12:28:19.0890 5476 Spooler (7435b108b935e42ea92ca94f59c8e717) C:\WINDOWS\system32\spoolsv.exe
12:28:20.0062 5476 Spooler - ok
12:28:20.0140 5476 sr (e41b6d037d6cd08461470af04500dc24) C:\WINDOWS\system32\DRIVERS\sr.sys
12:28:20.0234 5476 sr - ok
12:28:20.0343 5476 srservice (92bdf74f12d6cbec43c94d4b7f804838) C:\WINDOWS\system32\srsvc.dll
12:28:20.0406 5476 srservice - ok
12:28:20.0453 5476 Srv (7a4f147cc6b133f905f6e65e2f8669fb) C:\WINDOWS\system32\DRIVERS\srv.sys
12:28:20.0531 5476 Srv - ok
12:28:20.0593 5476 SSDPSRV (4b8d61792f7175bed48859cc18ce4e38) C:\WINDOWS\System32\ssdpsrv.dll
12:28:20.0671 5476 SSDPSRV - ok
12:28:20.0703 5476 Stealth (8a441b2ffde4ff943f5a49a775c7064e) C:\WINDOWS\system32\DRIVERS\stealth.sys
12:28:20.0734 5476 Stealth ( UnsignedFile.Multi.Generic ) - warning
12:28:20.0734 5476 Stealth - detected UnsignedFile.Multi.Generic (1)
12:28:20.0781 5476 stisvc (d9f6c4f6b1e188adafc42b561d9bc2e6) C:\WINDOWS\system32\wiaservc.dll
12:28:20.0921 5476 stisvc - ok
12:28:20.0984 5476 streamip (284c57df5dc7abca656bc2b96a667afb) C:\WINDOWS\system32\DRIVERS\StreamIP.sys
12:28:21.0140 5476 streamip - ok
12:28:21.0187 5476 swenum (03c1bae4766e2450219d20b993d6e046) C:\WINDOWS\system32\DRIVERS\swenum.sys
12:28:21.0328 5476 swenum - ok
12:28:21.0390 5476 swmidi (94abc808fc4b6d7d2bbf42b85e25bb4d) C:\WINDOWS\system32\drivers\swmidi.sys
12:28:21.0515 5476 swmidi - ok
12:28:21.0609 5476 SwPrv - ok
12:28:21.0750 5476 Symantec Core LC (082cf774c3951d305206165ad5169d61) C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
12:28:21.0781 5476 Symantec Core LC ( UnsignedFile.Multi.Generic ) - warning
12:28:21.0781 5476 Symantec Core LC - detected UnsignedFile.Multi.Generic (1)
12:28:21.0828 5476 symc810 (1ff3217614018630d0a6758630fc698c) C:\WINDOWS\system32\DRIVERS\symc810.sys
12:28:21.0984 5476 symc810 - ok
12:28:22.0000 5476 symc8xx (070e001d95cf725186ef8b20335f933c) C:\WINDOWS\system32\DRIVERS\symc8xx.sys
12:28:22.0218 5476 symc8xx - ok
12:28:22.0281 5476 symlcbrd (5220576ee29bea7c18dff9ecabf18bbc) C:\WINDOWS\system32\drivers\symlcbrd.sys
12:28:22.0281 5476 symlcbrd ( UnsignedFile.Multi.Generic ) - warning
12:28:22.0281 5476 symlcbrd - detected UnsignedFile.Multi.Generic (1)
12:28:22.0312 5476 SymSnap (fea2d66aeb341e11fad6ff2d50b8ca40) C:\WINDOWS\system32\drivers\SymSnap.sys
12:28:22.0312 5476 SymSnap - ok
12:28:22.0343 5476 sym_hi (80ac1c4abbe2df3b738bf15517a51f2c) C:\WINDOWS\system32\DRIVERS\sym_hi.sys
12:28:22.0484 5476 sym_hi - ok
12:28:22.0546 5476 sym_u3 (bf4fab949a382a8e105f46ebb4937058) C:\WINDOWS\system32\DRIVERS\sym_u3.sys
12:28:22.0671 5476 sym_u3 - ok
12:28:22.0734 5476 SynTP (a63401d180863a2cefce51798542ae5f) C:\WINDOWS\system32\DRIVERS\SynTP.sys
12:28:22.0765 5476 SynTP - ok
12:28:22.0796 5476 sysaudio (650ad082d46bac0e64c9c0e0928492fd) C:\WINDOWS\system32\drivers\sysaudio.sys
12:28:22.0953 5476 sysaudio - ok
12:28:23.0046 5476 SysmonLog (8b54aa346d1b1b113ffaa75501b8b1b2) C:\WINDOWS\system32\smlogsvc.exe
12:28:23.0203 5476 SysmonLog - ok
12:28:23.0296 5476 TapiSrv (eb4a4187d74a8efdcbea3ea2cb1bdfbd) C:\WINDOWS\System32\tapisrv.dll
12:28:23.0484 5476 TapiSrv - ok
12:28:23.0578 5476 Tcpip (2a5554fc5b1e04e131230e3ce035c3f9) C:\WINDOWS\system32\DRIVERS\tcpip.sys
12:28:23.0687 5476 Tcpip - ok
12:28:23.0718 5476 TDPIPE (38d437cf2d98965f239b0abcd66dcb0f) C:\WINDOWS\system32\drivers\TDPIPE.sys
12:28:23.0875 5476 TDPIPE - ok
12:28:23.0890 5476 TDTCP (ed0580af02502d00ad8c4c066b156be9) C:\WINDOWS\system32\drivers\TDTCP.sys
12:28:24.0046 5476 TDTCP - ok
12:28:24.0125 5476 TermDD (a540a99c281d933f3d69d55e48727f47) C:\WINDOWS\system32\DRIVERS\termdd.sys
12:28:24.0250 5476 TermDD - ok
12:28:24.0359 5476 TermService (b60c877d16d9c880b952fda04adf16e6) C:\WINDOWS\System32\termsrv.dll
12:28:24.0500 5476 TermService - ok
12:28:24.0562 5476 Themes (e7518dc542d3ebdcb80edd98462c7821) C:\WINDOWS\System32\shsvcs.dll
12:28:24.0718 5476 Themes - ok
12:28:24.0781 5476 tifm21 (0edc3cf7b38f4260eb006c38e4a44de4) C:\WINDOWS\system32\drivers\tifm21.sys
12:28:24.0812 5476 tifm21 - ok
12:28:24.0828 5476 TosIde (f2790f6af01321b172aa62f8e1e187d9) C:\WINDOWS\system32\DRIVERS\toside.sys
12:28:24.0968 5476 TosIde - ok
12:28:25.0015 5476 TrkWks (6d9ac544b30f96c57f8206566c1fb6a1) C:\WINDOWS\system32\trkwks.dll
12:28:25.0156 5476 TrkWks - ok
12:28:25.0218 5476 UBHelper (e0c67be430c6de490d6ccaecfa071f9e) C:\WINDOWS\system32\drivers\UBHelper.sys
12:28:25.0234 5476 UBHelper ( UnsignedFile.Multi.Generic ) - warning
12:28:25.0234 5476 UBHelper - detected UnsignedFile.Multi.Generic (1)
12:28:25.0265 5476 Udfs (12f70256f140cd7d52c58c7048fde657) C:\WINDOWS\system32\drivers\Udfs.sys
12:28:25.0375 5476 Udfs - ok
12:28:25.0453 5476 ultra (1b698a51cd528d8da4ffaed66dfc51b9) C:\WINDOWS\system32\DRIVERS\ultra.sys
12:28:25.0531 5476 ultra - ok
12:28:25.0562 5476 Update (aff2e5045961bbc0a602bb6f95eb1345) C:\WINDOWS\system32\DRIVERS\update.sys
12:28:25.0687 5476 Update - ok
12:28:25.0781 5476 upnphost (0546477bde979e33294fe97f6b3de84a) C:\WINDOWS\System32\upnphost.dll
12:28:25.0859 5476 upnphost - ok
12:28:25.0890 5476 UPS (3f5df65b0758675f95a2d43918a740a3) C:\WINDOWS\System32\ups.exe
12:28:26.0000 5476 UPS - ok
12:28:26.0078 5476 usbccgp (bffd9f120cc63bcbaa3d840f3eef9f79) C:\WINDOWS\system32\DRIVERS\usbccgp.sys
12:28:26.0203 5476 usbccgp - ok
12:28:26.0250 5476 usbehci (15e993ba2f6946b2bfbbfcd30398621e) C:\WINDOWS\system32\DRIVERS\usbehci.sys
12:28:26.0375 5476 usbehci - ok
12:28:26.0406 5476 usbhub (c72f40947f92cea56a8fb532edf025f1) C:\WINDOWS\system32\DRIVERS\usbhub.sys
12:28:26.0531 5476 usbhub - ok
12:28:26.0609 5476 usbprint (a42369b7cd8886cd7c70f33da6fcbcf5) C:\WINDOWS\system32\DRIVERS\usbprint.sys
12:28:26.0734 5476 usbprint - ok
12:28:26.0796 5476 USBSTOR (6cd7b22193718f1d17a47a1cd6d37e75) C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS
12:28:26.0937 5476 USBSTOR - ok
12:28:27.0000 5476 usbuhci (f8fd1400092e23c8f2f31406ef06167b) C:\WINDOWS\system32\DRIVERS\usbuhci.sys
12:28:27.0140 5476 usbuhci - ok
12:28:27.0203 5476 V2IMount (deea641cc5f87867759856a52cbc0999) C:\WINDOWS\system32\drivers\V2IMount.sys
12:28:27.0218 5476 V2IMount - ok
12:28:27.0234 5476 VgaSave (8a60edd72b4ea5aea8202daf0e427925) C:\WINDOWS\System32\drivers\vga.sys
12:28:27.0390 5476 VgaSave - ok
12:28:27.0437 5476 viaagp (d92e7c8a30cfd14d8e15b5f7f032151b) C:\WINDOWS\system32\DRIVERS\viaagp.sys
12:28:27.0562 5476 viaagp - ok
12:28:27.0625 5476 ViaIde (59cb1338ad3654417bea49636457f65d) C:\WINDOWS\system32\DRIVERS\viaide.sys
12:28:27.0750 5476 ViaIde - ok
12:28:27.0812 5476 VolSnap (ee4660083deba849ff6c485d944b379b) C:\WINDOWS\system32\drivers\VolSnap.sys
12:28:27.0937 5476 VolSnap - ok
12:28:28.0031 5476 VSS (3ee00364ae0fd8d604f46cbaf512838a) C:\WINDOWS\System32\vssvc.exe
12:28:28.0093 5476 VSS - ok
12:28:28.0140 5476 W32Time (2b281958f5d0cf99ed626e3ef39d5c8d) C:\WINDOWS\system32\w32time.dll
12:28:28.0281 5476 W32Time - ok
12:28:28.0390 5476 w39n51 (b1f126e7e28877106d60e6ff3998d033) C:\WINDOWS\system32\DRIVERS\w39n51.sys
12:28:28.0500 5476 w39n51 - ok
12:28:28.0531 5476 Wanarp (984ef0b9788abf89974cfed4bfbaacbc) C:\WINDOWS\system32\DRIVERS\wanarp.sys
12:28:28.0671 5476 Wanarp - ok
12:28:28.0750 5476 Wdf01000 (bbcfeab7e871cddac2d397ee7fa91fdc) C:\WINDOWS\system32\Drivers\wdf01000.sys
12:28:28.0781 5476 Wdf01000 - ok
12:28:28.0781 5476 WDICA - ok
12:28:28.0828 5476 wdmaud (2797f33ebf50466020c430ee4f037933) C:\WINDOWS\system32\drivers\wdmaud.sys
12:28:29.0000 5476 wdmaud - ok
12:28:29.0078 5476 WebClient (5d0a442864bfbf3b19dcca4cd29f6e99) C:\WINDOWS\System32\webclnt.dll
12:28:29.0265 5476 WebClient - ok
12:28:29.0359 5476 winachsf (e0a00b06ea067c84e124b407dffa1af1) C:\WINDOWS\system32\DRIVERS\HSF_CNXT.sys
12:28:29.0390 5476 winachsf - ok
12:28:29.0468 5476 winmgmt (f399242a80c4066fd155efa4cf96658e) C:\WINDOWS\system32\wbem\WMIsvc.dll
12:28:29.0593 5476 winmgmt - ok
12:28:29.0703 5476 WmdmPmSN (c086483e3dba8c1c0a687ec8d5b3d4c1) C:\WINDOWS\system32\mspmsnsv.dll
12:28:29.0843 5476 WmdmPmSN - ok
12:28:29.0906 5476 WmiAcpi (ae2c8544e747c20062db27456ea2d67a) C:\WINDOWS\system32\DRIVERS\wmiacpi.sys
12:28:30.0015 5476 WmiAcpi - ok
12:28:30.0093 5476 WmiApSrv (ba8cecc3e813e1f7c441b20393d4f86c) C:\WINDOWS\system32\wbem\wmiapsrv.exe
12:28:30.0234 5476 WmiApSrv - ok
12:28:30.0281 5476 WS2IFSL (6abe6e225adb5a751622a9cc3bc19ce8) C:\WINDOWS\System32\drivers\ws2ifsl.sys
12:28:30.0406 5476 WS2IFSL - ok
12:28:30.0484 5476 wscsvc (4d59daa66c60858cdf4f67a900f42d4a) C:\WINDOWS\system32\wscsvc.dll
12:28:30.0656 5476 wscsvc - ok
12:28:30.0718 5476 WSTCODEC (d5842484f05e12121c511aa93f6439ec) C:\WINDOWS\system32\DRIVERS\WSTCODEC.SYS
12:28:30.0859 5476 WSTCODEC - ok
12:28:30.0937 5476 wuauserv (13d72740963cba12d9ff76a7f218bcd8) C:\WINDOWS\system32\wuauserv.dll
12:28:31.0109 5476 wuauserv - ok
12:28:31.0234 5476 WZCSVC (5a91e6feab9f901302fa7ff768c0120f) C:\WINDOWS\System32\wzcsvc.dll
12:28:31.0421 5476 WZCSVC - ok
12:28:31.0546 5476 XDva268 - ok
12:28:31.0593 5476 xmlprov (eef46dab68229a14da3d8e73c99e2959) C:\WINDOWS\System32\xmlprov.dll
12:28:31.0765 5476 xmlprov - ok
12:28:31.0921 5476 YahooAUService (dd0042f0c3b606a6a8b92d49afb18ad6) C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe
12:28:31.0953 5476 YahooAUService - ok
12:28:32.0078 5476 {B154377D-700F-42cc-9474-23858FBDF4BD} (74ec37b9eaf9fca015b933a526825c7a) C:\Program Files\CyberLink\PowerDVD9\000.fcl
12:28:32.0078 5476 {B154377D-700F-42cc-9474-23858FBDF4BD} - ok
12:28:32.0109 5476 MBR (0x1B8) (8f558eb6672622401da993e1e865c861) \Device\Harddisk0\DR0
12:28:32.0703 5476 \Device\Harddisk0\DR0 - ok
12:28:32.0703 5476 Boot (0x1200) (8cb453f9b500fababba24a287c58f58d) \Device\Harddisk0\DR0\Partition0
12:28:32.0703 5476 \Device\Harddisk0\DR0\Partition0 - ok
12:28:32.0734 5476 Boot (0x1200) (2d31012c1c4ec6c679c3cace79853207) \Device\Harddisk0\DR0\Partition1
12:28:32.0734 5476 \Device\Harddisk0\DR0\Partition1 - ok
12:28:32.0750 5476 Boot (0x1200) (30c1849b54f0c26525260682187077d6) \Device\Harddisk0\DR0\Partition2
12:28:32.0750 5476 \Device\Harddisk0\DR0\Partition2 - ok
12:28:32.0765 5476 ============================================================
12:28:32.0765 5476 Scan finished
12:28:32.0765 5476 ============================================================
12:28:32.0875 5468 Detected object count: 39
12:28:32.0875 5468 Actual detected object count: 39
12:30:41.0062 5468 AegisP ( UnsignedFile.Multi.Generic ) - skipped by user
12:30:41.0062 5468 AegisP ( UnsignedFile.Multi.Generic ) - User select action: Skip
12:30:41.0062 5468 btaudio ( UnsignedFile.Multi.Generic ) - skipped by user
12:30:41.0062 5468 btaudio ( UnsignedFile.Multi.Generic ) - User select action: Skip
12:30:41.0062 5468 BTDriver ( UnsignedFile.Multi.Generic ) - skipped by user
12:30:41.0062 5468 BTDriver ( UnsignedFile.Multi.Generic ) - User select action: Skip
12:30:41.0062 5468 BTKRNL ( UnsignedFile.Multi.Generic ) - skipped by user
12:30:41.0062 5468 BTKRNL ( UnsignedFile.Multi.Generic ) - User select action: Skip
12:30:41.0062 5468 BTSERIAL ( UnsignedFile.Multi.Generic ) - skipped by user
12:30:41.0062 5468 BTSERIAL ( UnsignedFile.Multi.Generic ) - User select action: Skip
12:30:41.0062 5468 btwdins ( UnsignedFile.Multi.Generic ) - skipped by user
12:30:41.0062 5468 btwdins ( UnsignedFile.Multi.Generic ) - User select action: Skip
12:30:41.0078 5468 BTWDNDIS ( UnsignedFile.Multi.Generic ) - skipped by user
12:30:41.0078 5468 BTWDNDIS ( UnsignedFile.Multi.Generic ) - User select action: Skip
12:30:41.0078 5468 BTWUSB ( UnsignedFile.Multi.Generic ) - skipped by user
12:30:41.0078 5468 BTWUSB ( UnsignedFile.Multi.Generic ) - User select action: Skip
12:30:41.0078 5468 ccEvtMgr ( UnsignedFile.Multi.Generic ) - skipped by user
12:30:41.0078 5468 ccEvtMgr ( UnsignedFile.Multi.Generic ) - User select action: Skip
12:30:41.0078 5468 ccPwdSvc ( UnsignedFile.Multi.Generic ) - skipped by user
12:30:41.0078 5468 ccPwdSvc ( UnsignedFile.Multi.Generic ) - User select action: Skip
12:30:41.0078 5468 ccSetMgr ( UnsignedFile.Multi.Generic ) - skipped by user
12:30:41.0078 5468 ccSetMgr ( UnsignedFile.Multi.Generic ) - User select action: Skip
12:30:41.0078 5468 CLCapSvc ( UnsignedFile.Multi.Generic ) - skipped by user
12:30:41.0078 5468 CLCapSvc ( UnsignedFile.Multi.Generic ) - User select action: Skip
12:30:41.0093 5468 CLSched ( UnsignedFile.Multi.Generic ) - skipped by user
12:30:41.0093 5468 CLSched ( UnsignedFile.Multi.Generic ) - User select action: Skip
12:30:41.0093 5468 CyberLink Media Library Service ( UnsignedFile.Multi.Generic ) - skipped by user
12:30:41.0093 5468 CyberLink Media Library Service ( UnsignedFile.Multi.Generic ) - User select action: Skip
12:30:41.0093 5468 EpmPsd ( UnsignedFile.Multi.Generic ) - skipped by user
12:30:41.0093 5468 EpmPsd ( UnsignedFile.Multi.Generic ) - User select action: Skip
12:30:41.0093 5468 EpmShd ( UnsignedFile.Multi.Generic ) - skipped by user
12:30:41.0093 5468 EpmShd ( UnsignedFile.Multi.Generic ) - User select action: Skip
12:30:41.0093 5468 EvtEng ( UnsignedFile.Multi.Generic ) - skipped by user
12:30:41.0093 5468 EvtEng ( UnsignedFile.Multi.Generic ) - User select action: Skip
12:30:41.0093 5468 GEARSecurity ( UnsignedFile.Multi.Generic ) - skipped by user
12:30:41.0093 5468 GEARSecurity ( UnsignedFile.Multi.Generic ) - User select action: Skip
12:30:41.0093 5468 HWDeviceService.exe ( UnsignedFile.Multi.Generic ) - skipped by user
12:30:41.0093 5468 HWDeviceService.exe ( UnsignedFile.Multi.Generic ) - User select action: Skip
12:30:41.0109 5468 lvmvdrv ( UnsignedFile.Multi.Generic ) - skipped by user
12:30:41.0109 5468 lvmvdrv ( UnsignedFile.Multi.Generic ) - User select action: Skip
12:30:41.0109 5468 LVPrcMon ( UnsignedFile.Multi.Generic ) - skipped by user
12:30:41.0109 5468 LVPrcMon ( UnsignedFile.Multi.Generic ) - User select action: Skip
12:30:41.0109 5468 LVPrcSrv ( UnsignedFile.Multi.Generic ) - skipped by user
12:30:41.0109 5468 LVPrcSrv ( UnsignedFile.Multi.Generic ) - User select action: Skip
12:30:41.0109 5468 NdisFilt ( UnsignedFile.Multi.Generic ) - skipped by user
12:30:41.0109 5468 NdisFilt ( UnsignedFile.Multi.Generic ) - User select action: Skip
12:30:41.0109 5468 NETMNT ( UnsignedFile.Multi.Generic ) - skipped by user
12:30:41.0109 5468 NETMNT ( UnsignedFile.Multi.Generic ) - User select action: Skip
12:30:41.0109 5468 Norton Ghost ( UnsignedFile.Multi.Generic ) - skipped by user
12:30:41.0109 5468 Norton Ghost ( UnsignedFile.Multi.Generic ) - User select action: Skip
12:30:41.0125 5468 NTIDrvr ( UnsignedFile.Multi.Generic ) - skipped by user
12:30:41.0125 5468 NTIDrvr ( UnsignedFile.Multi.Generic ) - User select action: Skip
12:30:41.0125 5468 OsaFsLoc ( UnsignedFile.Multi.Generic ) - skipped by user
12:30:41.0125 5468 OsaFsLoc ( UnsignedFile.Multi.Generic ) - User select action: Skip
12:30:41.0125 5468 osaio ( UnsignedFile.Multi.Generic ) - skipped by user
12:30:41.0125 5468 osaio ( UnsignedFile.Multi.Generic ) - User select action: Skip
12:30:41.0125 5468 osanbm ( UnsignedFile.Multi.Generic ) - skipped by user
12:30:41.0125 5468 osanbm ( UnsignedFile.Multi.Generic ) - User select action: Skip
12:30:41.0125 5468 RegSrvc ( UnsignedFile.Multi.Generic ) - skipped by user
12:30:41.0125 5468 RegSrvc ( UnsignedFile.Multi.Generic ) - User select action: Skip
12:30:41.0125 5468 RichVideo ( UnsignedFile.Multi.Generic ) - skipped by user
12:30:41.0125 5468 RichVideo ( UnsignedFile.Multi.Generic ) - User select action: Skip
12:30:41.0140 5468 S24EventMonitor ( UnsignedFile.Multi.Generic ) - skipped by user
12:30:41.0140 5468 S24EventMonitor ( UnsignedFile.Multi.Generic ) - User select action: Skip
12:30:41.0140 5468 s24trans ( UnsignedFile.Multi.Generic ) - skipped by user
12:30:41.0140 5468 s24trans ( UnsignedFile.Multi.Generic ) - User select action: Skip
12:30:41.0140 5468 sfdrv01 ( UnsignedFile.Multi.Generic ) - skipped by user
12:30:41.0140 5468 sfdrv01 ( UnsignedFile.Multi.Generic ) - User select action: Skip
12:30:41.0140 5468 sfhlp02 ( UnsignedFile.Multi.Generic ) - skipped by user
12:30:41.0140 5468 sfhlp02 ( UnsignedFile.Multi.Generic ) - User select action: Skip
12:30:41.0140 5468 Stealth ( UnsignedFile.Multi.Generic ) - skipped by user
12:30:41.0140 5468 Stealth ( UnsignedFile.Multi.Generic ) - User select action: Skip
12:30:41.0140 5468 Symantec Core LC ( UnsignedFile.Multi.Generic ) - skipped by user
12:30:41.0140 5468 Symantec Core LC ( UnsignedFile.Multi.Generic ) - User select action: Skip
12:30:41.0156 5468 symlcbrd ( UnsignedFile.Multi.Generic ) - skipped by user
12:30:41.0156 5468 symlcbrd ( UnsignedFile.Multi.Generic ) - User select action: Skip
12:30:41.0156 5468 UBHelper ( UnsignedFile.Multi.Generic ) - skipped by user
12:30:41.0156 5468 UBHelper ( UnsignedFile.Multi.Generic ) - User select action: Skip
12:30:53.0953 4868 Deinitialize success
  • 0

Advertisements


#32
RKinner

RKinner

    Malware Expert

  • Expert
  • 19,776 posts
  • MVP
Download Flash_Disinfector.exe by sUBs
http://download.blee...Disinfector.exe
and save it to your desktop.

Since we can't get into Safe Mode see if you can do a diagnostic boot:
Start, Run, msconfig, OK.

Click on Diagnostic Startup then OK and reboot.


The C:\Autorun.ini file points to the malware so that it can run when Explorer starts.
If you look at it in notepad it will look like:

[AutoRun]
;AFXnstGtM aQupPqUXlQ
;cJMsV
shell\exPlorE\COmmanD=nkksh.exe
;Udphojmqiv emBgxyanQHI
shell\oPen\dEfaulT=1
oPEn =nkksh.exe
;
Shell\oPeN\coMManD= nkksh.exe
;aukykXTRMcWkPEGc txdi
shell\AutOPlay\COmmANd=nkksh.exe
;OqjFffBQ

The lines starting with ; are just comments put in to confuse you and can be ignored. If we take them out we get:


[AutoRun]
shell\exPlorE\COmmanD=nkksh.exe
shell\oPen\dEfaulT=1
oPEn =nkksh.exe
Shell\oPeN\coMManD= nkksh.exe
shell\AutOPlay\COmmANd=nkksh.exe

Change the capital letters to small and it says:

[AutoRun]
shell\explore\command=nkksh.exe
shell\open\default=1
open =nkksh.exe
Shell\open\command= nkksh.exe
shell\AutoPlay\command=nkksh.exe

So it is clear that in this case it was trying to run a file called nkksh.exe.

The question is where is the file hiding? Since the full path is not given it should be somewhere on one of the standard paths. To see the standard paths open a command prompt (Start, Run, cmd, OK) and type:

set path

Normally we see something like:

Path=C:\Windows\system32;C:\Windows;C:\Windows\system32\wbem;C:\Windows\System32
\WindowsPowerShell\v1.0;c:\Program Files\ATI Technologies\ATI.ACE\Core-Static;C:
\Program Files\QuickTime\QTSystem
PATHEXT=.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH;.MSC

Only the first three on the top line are standard on a Win 7 so I would expect to find it in:

C:\Windows\system32
C:\Windows\
C:\Windows\system32\wbem

tho you may have C:\ too.

From the command prompt you can search for the file:

cd  \

dir  /a  /s  nkksh.exe

This will take a few minutes to complete. You would need to modify the above to match what your current autorun.ini file is looking for.

Once you find the folder where the file lives then I would look in the folder for other files with about the same date/time and size.

Assume the file is in C:\windows then

cd  \windows

dir  /a  /ogd

will the list the files with the newest ones at the bottom. Normally the bad files will be clustered together. These can be deleted with the attrib and del commands:

attrib  -r  -s  -h  nkksh.exe

del nkksh.exe

IF you run OTL, Quickscan and look at the log under:

========== Driver Services (SafeList) ==========

(Ignore these:
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\XDva268.sys -- (XDva268)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (WDICA)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDRFRAME)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDRELI)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDFRAME)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDCOMP)
DRV - File not found [Kernel | System | Stopped] -- -- (PCIDump)
DRV - File not found [Kernel | System | Stopped] -- -- (lbrtfdc)
DRV - File not found [Kernel | System | Stopped] -- system32\drivers\InCDRm.sys -- (InCDRm)
DRV - File not found [Kernel | System | Stopped] -- system32\drivers\InCDPass.sys -- (InCDPass)
DRV - File not found [File_System | Disabled | Stopped] -- system32\drivers\InCDFs.sys -- (InCDFs)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\EagleNT.sys -- (EagleNT)
DRV - File not found [Kernel | System | Stopped] -- -- (Changer)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\DOCUME~1\Peter\LOCALS~1\Temp\catchme.sys -- (catchme) )
The ones which have nothing in the first set of parens or which say they are Running but file can't be found are malware.

Example:
DRV - File not found [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\glnoqm.sys -- (amsint32)
DRV - [2012-06-22 08:06:24 | 000,054,016 | ---- | M] () [Kernel | Boot | Unknown] -- C:\WINDOWS\system32\drivers\krhtl.sys -- (etnecss)
DRV - [2012-06-22 08:05:34 | 000,054,016 | ---- | M] () [Kernel | Boot | Unknown] -- C:\WINDOWS\system32\drivers\vaqwegci.sys -- (fmtusw)
DRV - [2012-06-22 08:05:00 | 000,054,016 | ---- | M] () [Kernel | Boot | Unknown] -- C:\WINDOWS\system32\drivers\kgcx.sys -- (aqlb)

These are all malware. I would use a command window and look in the folder C:\WINDOWS\system32\drivers to see what files are new.

cd  \WINDOWS\system32\drivers

dir  /a  /ogd

These may not let themselves be deleted if they are in use but maybe we can use a sc stop the driver then it may let us remove it.

Look at the text in the last parens on each line. The first line has: amsint3

so we would try:

sc  config  amsint3  start= disabled

sc  delete  amsint3

Repeat for any others you find.


* Double-click Flash_Disinfector.exe to run it and follow any prompts that may appear.
* The utility may ask you to insert your flash drive and/or other removable drives. Please do so and allow the utility to clean up those drives as well.
* Wait until it has finished scanning and then exit the program.
* Reboot your computer when done.


Note: Flash_Disinfector will create a hidden folder named autorun.inf in each partition and every USB drive plugged in when you ran it. Don't delete this folder...it will help protect your drives from future infection.+
  • 0

#33
Peter Lee

Peter Lee

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 117 posts
[AutoRun]
;

;YsiBuU
OPen =digqd.exe
;WIfvyedhqR
Shell\open\CommaND =digqd.exe
;xcHm Smqrl
sHell\ExpLore\Command=digqd.exe
;uvikRlvvDhw
sHElL\opEN\DefAult=1
ShelL\AUtoPlay\cOmmanD= digqd.exe


autorun.inf has been renamed to autorun.inf_1341138495.arl
digqd.exe has been renamed to digqd.exe_1341138495.arl
  • 0

#34
RKinner

RKinner

    Malware Expert

  • Expert
  • 19,776 posts
  • MVP
were you able to find where digqd.exe lives? Are there other random named .exe files with about the same date?
  • 0

#35
Peter Lee

Peter Lee

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 117 posts
Sality currently no more in memory .. now I can show hidden files .. Autorun.inf renamed to autorun.inf_1341138495.arl ..digqd.exe renamed to digqd.exe_1341138495.arl ..But .. regedit not running, Taskman disabled ..
  • 0

#36
Peter Lee

Peter Lee

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 117 posts
OTL logfile created on: 02-Jul-2012 8:37:03 AM - Run 4
OTL by OldTimer - Version 3.2.51.0 Folder = C:\virus 20 06 2012
Windows XP Home Edition Service Pack 2 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: dd-MMM-yyyy

1.50 Gb Total Physical Memory | 1.14 Gb Available Physical Memory | 76.34% Memory free
2.85 Gb Paging File | 2.68 Gb Available in Paging File | 93.86% Paging File free
Paging file location(s): C:\pagefile.sys 0 0 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 77.61 Gb Total Space | 38.11 Gb Free Space | 49.10% Space Free | Partition Type: FAT32
Drive E: | 77.63 Gb Total Space | 18.41 Gb Free Space | 23.72% Space Free | Partition Type: NTFS
Drive F: | 77.62 Gb Total Space | 17.18 Gb Free Space | 22.13% Space Free | Partition Type: NTFS
Drive H: | 1.87 Gb Total Space | 0.47 Gb Free Space | 25.32% Space Free | Partition Type: FAT32
Drive I: | 34.38 Mb Total Space | 0.00 Mb Free Space | 0.00% Space Free | Partition Type: CDFS

Computer Name: ACER-8C1E498EF8 | User Name: Peter | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2012-06-22 08:10:20 | 000,596,480 | ---- | M] (OldTimer Tools) -- C:\virus 20 06 2012\OTL.exe
PRC - [2008-04-21 18:02:08 | 000,215,552 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Windows NT\Accessories\wordpad.exe
PRC - [2004-08-04 05:00:00 | 001,032,192 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe


========== Modules (No Company Name) ==========


========== Win32 Services (SafeList) ==========

SRV - File not found [On_Demand | Unknown] -- %ProgramFiles%\WinPcap\rpcapd.exe -- (rpcapd) Remote Packet Capture Protocol v.0 (experimental)
SRV - File not found [Disabled | Stopped] -- %SystemRoot%\System32\appmgmts.dll -- (AppMgmt)
SRV - [2012-05-04 19:29:46 | 000,161,664 | ---- | M] (Oracle Corporation) [Disabled | Stopped] -- C:\Program Files\Oracle\JavaFX 2.1 Runtime\bin\jqs.exe -- (JavaQuickStarterService)
SRV - [2011-03-14 23:27:28 | 000,266,240 | ---- | M] () [Disabled | Stopped] -- C:\Documents and Settings\All Users\Application Data\DatacardService\HWDeviceService.exe -- (HWDeviceService.exe)
SRV - [2010-06-20 15:31:24 | 003,600,600 | ---- | M] (INCA Internet Co., Ltd.) [Disabled | Stopped] -- C:\WINDOWS\system32\GameMon.des -- (npggsvc)
SRV - [2010-01-22 03:12:42 | 000,078,104 | ---- | M] (iWin Inc.) [Disabled | Stopped] -- C:\Program Files\iWin Games\iWinTrusted.exe -- (iWinTrusted)
SRV - [2008-11-10 04:48:14 | 000,602,392 | ---- | M] (Yahoo! Inc.) [Disabled | Stopped] -- C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe -- (YahooAUService)
SRV - [2008-11-09 09:30:52 | 002,066,024 | ---- | M] (Symantec Corporation) [Disabled | Stopped] -- C:\Program Files\Norton Ghost\Agent\VProSvc.exe -- (Norton Ghost)
SRV - [2008-11-09 09:22:00 | 000,822,424 | ---- | M] (Symantec Corporation) [Disabled | Stopped] -- C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe -- (Symantec Core LC)
SRV - [2005-12-02 15:43:02 | 000,114,784 | ---- | M] () [Disabled | Stopped] -- C:\Program Files\Acer\Acer Arcade\Kernel\TV\CLSched.exe -- (CLSched) CyberLink Task Scheduler (CTS)
SRV - [2005-12-02 15:43:00 | 000,254,050 | ---- | M] () [Disabled | Stopped] -- C:\Program Files\Acer\Acer Arcade\Kernel\TV\CLCapSvc.exe -- (CLCapSvc) CyberLink Background Capture Service (CBCS)
SRV - [2005-12-02 15:42:28 | 000,061,440 | ---- | M] (Cyberlink) [Disabled | Stopped] -- C:\Program Files\Acer\Acer Arcade\Kernel\CLML_NTService\CLMLServer.exe -- (CyberLink Media Library Service)
SRV - [2005-11-30 20:45:10 | 000,081,920 | ---- | M] (Logitech) [Disabled | Stopped] -- c:\Program Files\Common Files\Logitech\LVMVFM\LVPrcSrv.exe -- (LVPrcSrv)
SRV - [2005-10-24 16:40:52 | 001,314,816 | ---- | M] (Avocent Inc.) [Disabled | Stopped] -- C:\Acer\Empowering Technology\admServ.exe -- (AWService)
SRV - [2005-09-09 19:09:10 | 000,053,248 | ---- | M] (GEAR Software) [Disabled | Stopped] -- C:\WINDOWS\system32\gearsec.exe -- (GEARSecurity)
SRV - [2004-12-13 15:30:10 | 000,165,488 | ---- | M] (Symantec Corporation) [Disabled | Stopped] -- C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe -- (ccSetMgr)
SRV - [2004-12-13 15:30:08 | 000,073,728 | ---- | M] (Symantec Corporation) [Disabled | Stopped] -- C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe -- (ccPwdSvc)
SRV - [2004-12-13 15:30:04 | 000,198,256 | ---- | M] (Symantec Corporation) [Disabled | Stopped] -- C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe -- (ccEvtMgr)


========== Driver Services (SafeList) ==========

DRV - File not found [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\XDva268.sys -- (XDva268)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (WDICA)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDRFRAME)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDRELI)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDFRAME)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDCOMP)
DRV - File not found [Kernel | System | Stopped] -- -- (PCIDump)
DRV - File not found [Kernel | System | Stopped] -- -- (lbrtfdc)
DRV - File not found [Kernel | System | Stopped] -- system32\drivers\InCDRm.sys -- (InCDRm)
DRV - File not found [Kernel | System | Stopped] -- system32\drivers\InCDPass.sys -- (InCDPass)
DRV - File not found [File_System | Disabled | Stopped] -- system32\drivers\InCDFs.sys -- (InCDFs)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\EagleNT.sys -- (EagleNT)
DRV - File not found [Kernel | System | Stopped] -- -- (Changer)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\DOCUME~1\Peter\LOCALS~1\Temp\catchme.sys -- (catchme)
DRV - [2011-05-03 15:42:30 | 000,194,816 | ---- | M] (Huawei Technologies Co., Ltd.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ewusbmdm.sys -- (hwdatacard)
DRV - [2011-01-30 18:19:00 | 000,073,216 | ---- | M] (Huawei Technologies Co., Ltd.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ew_jubusenum.sys -- (huawei_enumerator)
DRV - [2010-12-24 11:55:58 | 000,235,392 | ---- | M] (Huawei Technologies Co., Ltd.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ewusbnet.sys -- (ewusbnet)
DRV - [2010-07-27 09:52:02 | 000,102,784 | ---- | M] (Huawei Technologies Co., Ltd.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ew_hwusbdev.sys -- (ew_hwusbdev)
DRV - [2009-09-01 16:59:44 | 000,087,536 | ---- | M] (CyberLink Corp.) [2009/12/01 17:39:19] [Kernel | Auto | Running] -- C:\Program Files\CyberLink\PowerDVD9\000.fcl -- ({B154377D-700F-42cc-9474-23858FBDF4BD})
DRV - [2008-11-09 09:22:00 | 000,004,608 | ---- | M] (Symantec Corporation) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\symlcbrd.sys -- (symlcbrd)
DRV - [2006-11-15 14:34:00 | 004,225,920 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\RtkHDAud.Sys -- (IntcAzAudAddService) Service for Realtek HD Audio (WDM)
DRV - [2006-03-24 19:14:46 | 000,033,536 | R--- | M] (Advanced Card Systems Ltd) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\a38usb.sys -- (ACSSCR)
DRV - [2005-12-06 17:50:10 | 000,015,744 | ---- | M] (SMSC) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\hidsmsc.sys -- (SMCB000)
DRV - [2005-12-05 00:55:30 | 001,428,096 | ---- | M] (Intel® Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\w39n51.sys -- (w39n51) Intel®
DRV - [2005-12-02 14:01:28 | 000,328,141 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\btaudio.sys -- (btaudio)
DRV - [2005-12-02 13:59:20 | 000,023,271 | ---- | M] (Broadcom Corporation.) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\btserial.sys -- (BTSERIAL)
DRV - [2005-12-02 13:57:48 | 000,854,826 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\btkrnl.sys -- (BTKRNL)
DRV - [2005-12-02 13:54:56 | 000,030,363 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\btport.sys -- (BTDriver)
DRV - [2005-12-02 13:54:14 | 000,065,016 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\btwusb.sys -- (BTWUSB)
DRV - [2005-12-02 13:51:28 | 000,148,488 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\btwdndis.sys -- (BTWDNDIS)
DRV - [2005-12-01 07:49:20 | 001,412,608 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ati2mtag.sys -- (ati2mtag)
DRV - [2005-11-30 20:45:10 | 002,400,128 | ---- | M] () [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\LVMVdrv.sys -- (lvmvdrv)
DRV - [2005-11-30 20:45:10 | 000,016,768 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\LVPrcMon.sys -- (LVPrcMon)
DRV - [2005-11-29 14:28:58 | 001,088,896 | ---- | M] (Logitech) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\lv321av.sys -- (lv321av) Logitech USB PC Camera (VC0321)
DRV - [2005-11-29 14:25:06 | 000,039,424 | ---- | M] (Logitech) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\LVUSBSta.sys -- (LVUSBSta)
DRV - [2005-11-28 12:09:26 | 000,013,568 | ---- | M] (Intel Corporation) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\s24trans.sys -- (s24trans)
DRV - [2005-11-08 00:12:18 | 000,997,376 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\HSF_DPV.sys -- (HSF_DPV)
DRV - [2005-11-08 00:11:34 | 000,202,240 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\HSFHWAZL.sys -- (HSFHWAZL)
DRV - [2005-11-08 00:11:30 | 000,723,712 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\HSF_CNXT.sys -- (winachsf)
DRV - [2005-10-15 18:20:44 | 000,012,106 | ---- | M] (OSA Technologies) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\OsaFsLoc.sys -- (OsaFsLoc)
DRV - [2005-09-13 15:34:40 | 000,004,392 | ---- | M] (OSA Technologies) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\NdisFilt.sys -- (NdisFilt)
DRV - [2005-09-09 19:09:20 | 000,144,832 | ---- | M] (StorageCraft) [File_System | Boot | Running] -- C:\WINDOWS\System32\drivers\SymSnap.sys -- (SymSnap)
DRV - [2005-09-09 19:09:20 | 000,056,192 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\V2iMount.sys -- (V2IMount)
DRV - [2005-08-24 07:07:24 | 000,692,992 | ---- | M] (AVerMedia TECHNOLOGIES, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\AVerM115.sys -- (AVerM115)
DRV - [2005-06-30 16:58:24 | 000,007,296 | ---- | M] (OSA Technologies, An Avocent Company) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\osaio.sys -- (osaio)
DRV - [2005-06-22 18:16:08 | 000,162,176 | ---- | M] (Texas Instruments) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\tifm21.sys -- (tifm21)
DRV - [2005-05-02 12:13:42 | 000,009,600 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\NETMNT.sys -- (NETMNT)
DRV - [2005-04-22 16:57:06 | 000,078,208 | ---- | M] (Acer Value Labs, USA) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\epm-shd.sys -- (EpmShd)
DRV - [2005-04-22 16:57:06 | 000,004,096 | ---- | M] (Acer Value Labs, USA) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\epm-psd.sys -- (EpmPsd)
DRV - [2005-04-05 01:38:32 | 000,132,352 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\b57xp32.sys -- (b57w2k)
DRV - [2005-03-04 01:53:58 | 000,048,640 | ---- | M] (Protection Technology) [Kernel | Boot | Running] -- C:\WINDOWS\system32\drivers\sfdrv01.sys -- (sfdrv01) StarForce Protection Environment Driver (version 1.x)
DRV - [2005-02-23 23:59:56 | 000,006,656 | ---- | M] (Protection Technology) [Kernel | Boot | Running] -- C:\WINDOWS\system32\drivers\sfhlp02.sys -- (sfhlp02) StarForce Protection Helper Driver (version 2.x)
DRV - [2005-01-14 15:57:16 | 000,004,010 | ---- | M] (Windows ® 2000 DDK provider) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\osanbm.sys -- (osanbm)
DRV - [2004-12-09 14:54:12 | 000,046,592 | ---- | M] (SMSC) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\smcirda.sys -- (SMCIRDA)
DRV - [2004-08-04 05:00:00 | 000,088,448 | ---- | M] (Microsoft Corporation) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\nwlnkipx.sys -- (NwlnkIpx)
DRV - [2004-08-04 05:00:00 | 000,063,232 | ---- | M] (Microsoft Corporation) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\nwlnknb.sys -- (NwlnkNb)
DRV - [2004-08-04 05:00:00 | 000,055,936 | ---- | M] (Microsoft Corporation) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\nwlnkspx.sys -- (NwlnkSpx)
DRV - [2004-08-04 05:00:00 | 000,012,160 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\fsvga.sys -- (FsVga)
DRV - [2004-08-03 23:10:14 | 000,015,360 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\MPE.sys -- (MPE)
DRV - [2002-05-13 10:14:38 | 000,077,920 | ---- | M] (Generic) [Kernel | Boot | Running] -- C:\WINDOWS\system32\drivers\stealth.sys -- (Stealth)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://search.live.c...ferrer:source?}
IE - HKLM\..\SearchScopes\{2381E4B7-5C04-459E-9D46-2F9AC1608B66}: "URL" = http://search.yahoo....ei=utf-8&fr=ysp

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
IE - HKCU\..\URLSearchHook: {81017EA9-9AA8-4A6A-9734-7AF40E7D593F} - SOFTWARE\Classes\CLSID\{81017EA9-9AA8-4A6A-9734-7AF40E7D593F}\InprocServer32 File not found
IE - HKCU\..\URLSearchHook: {EF99BD32-C1FB-11D2-892F-0090271D4F88} - No CLSID value found
IE - HKCU\..\SearchScopes,DefaultScope = ${searchCLSID}
IE - HKCU\..\SearchScopes\${searchCLSID}: "URL" = http://search.yahoo....q={searchTerms}
IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/...Box&FORM=IE8SRC
IE - HKCU\..\SearchScopes\{0A6F8041-AE9C-4BBD-9592-7C8CB2DF0B97}: "URL" = http://search.yahoo....q={searchTerms}
IE - HKCU\..\SearchScopes\{4633EF93-D676-472f-A0FF-E1916B0B2E30}: "URL" = http://www.baidu.com...Terms}&ie=utf-8
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

========== FireFox ==========

FF - prefs.js..browser.search.defaultenginename: "Yahoo"
FF - prefs.js..browser.search.defaulturl: "http://search.yahoo....-8&fr=ytff-&p="
FF - prefs.js..browser.search.order.1: "Yahoo"
FF - prefs.js..browser.search.param.yahoo-fr: "megaup"
FF - prefs.js..browser.search.param.yahoo-fr-cjkt: "megaup"
FF - prefs.js..browser.startup.homepage: "http://www.yahoo.com/"
FF - prefs.js..extensions.enabledItems: {635abd67-4fe9-1b23-4f01-e679fa7484c1}:2.1.3.20100310105313
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}:6.0.24
FF - prefs.js..extensions.enabledItems: [email protected]:3.15.4.23821


FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\WINDOWS\system32\Macromed\Flash\NPSWF32_11_2_202_235.dll ()
FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.5.1: C:\Program Files\Oracle\JavaFX 2.1 Runtime\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.5.1: C:\Program Files\Oracle\JavaFX 2.1 Runtime\bin\plugin2\npjp2.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: C:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKCU\Software\MozillaPlugins\pandonetworks.com/PandoWebPlugin: C:\Program Files\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{98e34367-8df7-42b4-837b-20b892ff0848}: C:\Program Files\iWin Games\firefox\ [2009-11-26 16:30:40 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 3.6.13\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2008-11-09 12:45:44 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 3.6.13\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2008-11-09 12:45:44 | 000,000,000 | ---D | M]

[2008-11-09 12:45:50 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Peter\Application Data\Mozilla\Extensions
[2008-11-09 12:45:50 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Peter\Application Data\Mozilla\Firefox\Profiles\87qxe0yt.default\extensions
[2009-04-05 20:14:38 | 000,000,000 | ---D | M] (Mega Manager Integration) -- C:\Documents and Settings\Peter\Application Data\Mozilla\Firefox\Profiles\87qxe0yt.default\extensions\{40a1f5d7-afc2-498f-b264-02668d616ff6}
[2012-07-01 13:42:18 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Peter\Application Data\Mozilla\Firefox\Profiles\87qxe0yt.default\extensions\{635abd67-4fe9-1b23-4f01-e679fa7484c1}
[2009-04-05 20:13:24 | 000,000,000 | ---D | M] ("Megaupload Toolbar") -- C:\Documents and Settings\Peter\Application Data\Mozilla\Firefox\Profiles\87qxe0yt.default\extensions\{991A772A-BA13-4c1d-A9EF-F897F31DEC7D}
[2008-11-24 10:22:52 | 000,000,000 | ---D | M] (BitComet Download Helper) -- C:\Documents and Settings\Peter\Application Data\Mozilla\Firefox\Profiles\87qxe0yt.default\extensions\{B042753D-F57E-4e8e-A01B-7379A6D4CEFB}
[2012-06-29 09:01:36 | 000,000,000 | ---D | M] (Ask Toolbar) -- C:\Documents and Settings\Peter\Application Data\Mozilla\Firefox\Profiles\87qxe0yt.default\extensions\[email protected]
[2008-11-09 12:45:44 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
[2012-07-01 13:42:18 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}
[2008-11-11 15:38:54 | 000,663,552 | ---- | M] (BitComet) -- C:\Program Files\mozilla firefox\plugins\npBitCometAgent.dll
[2011-09-23 04:14:08 | 000,056,128 | ---- | M] ( ) -- C:\Program Files\mozilla firefox\plugins\npBFPlugin.dll

O1 HOSTS File: ([2012-07-01 12:17:10 | 000,000,098 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\Hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: ::1 localhost
O2 - BHO: (AcroIEHlprObj Class) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - c:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
O2 - BHO: (PIPI Link Helper) - {1A3440C6-F123-4CAB-84EE-C814E1AE0D8F} - C:\WINDOWS\system32\JfCheck.dll (PIPI Tech.)
O2 - BHO: (Java™ Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Oracle\JavaFX 2.1 Runtime\bin\ssv.dll (Oracle Corporation)
O2 - BHO: (Megaupload Toolbar) - {A057A204-BACC-4D26-C39E-35F1D2A32EC8} - C:\Program Files\MegauploadToolbar\megauploadtoolbar.dll (MEGAUPLOAD )
O2 - BHO: (IeMonitorBho Class) - {bf00e119-21a3-4fd1-b178-3b8537e75c92} - C:\Program Files\Megaupload\Mega Manager\MegaIEMn.dll (Megaupload Limited)
O2 - BHO: (Ask Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files\Ask.com\GenericAskToolbar.dll (Ask)
O2 - BHO: (Java™ Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Oracle\JavaFX 2.1 Runtime\bin\jp2ssv.dll (Oracle Corporation)
O3 - HKLM\..\Toolbar: (Megaupload Toolbar) - {A057A204-BACC-4D26-C39E-35F1D2A32EC8} - C:\Program Files\MegauploadToolbar\megauploadtoolbar.dll (MEGAUPLOAD )
O3 - HKLM\..\Toolbar: (Ask Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files\Ask.com\GenericAskToolbar.dll (Ask)
O3 - HKCU\..\Toolbar\ShellBrowser: (Megaupload Toolbar) - {A057A204-BACC-4D26-C39E-35F1D2A32EC8} - C:\Program Files\MegauploadToolbar\megauploadtoolbar.dll (MEGAUPLOAD )
O3 - HKCU\..\Toolbar\WebBrowser: (Megaupload Toolbar) - {A057A204-BACC-4D26-C39E-35F1D2A32EC8} - C:\Program Files\MegauploadToolbar\megauploadtoolbar.dll (MEGAUPLOAD )
O3 - HKCU\..\Toolbar\WebBrowser: (Ask Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files\Ask.com\GenericAskToolbar.dll (Ask)
O4 - HKLM..\Run: [ePower_DMC] C:\Acer\Empowering Technology\ePower\ePower_DMC.exe (Acer Incorporated)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DisableRegistryTools = 1
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DisableTaskMgr = 1
O8 - Extra context menu item: &D&ownload &with BitComet - C:\Program Files\BitComet\BitComet.exe (www.BitComet.com)
O8 - Extra context menu item: &D&ownload all video with BitComet - C:\Program Files\BitComet\BitComet.exe (www.BitComet.com)
O8 - Extra context menu item: &D&ownload all with BitComet - C:\Program Files\BitComet\BitComet.exe (www.BitComet.com)
O8 - Extra context menu item: Download Link Using Mega Manager... - C:\Program Files\Megaupload\Mega Manager\mm_file.htm ()
O8 - Extra context menu item: Send to &Bluetooth Device... - c:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm ()
O9 - Extra Button: BitComet - {D18A0B52-D63C-4ed0-AFC6-C1E3DC1AF43A} - C:\Program Files\BitComet\tools\BitCometBHO_1.2.8.7.dll (BitComet)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000005 [] - C:\WINDOWS\system32\nwprovau.dll (Microsoft Corporation)
O15 - HKCU\..Trusted Domains: gamania.com.hk ([www] https in Trusted sites)
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} http://update.micros...b?1298904480656 (WUWebControl Class)
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} http://www.update.mi...b?1298904665375 (MUWebControl Class)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload.ma...ash/swflash.cab (Shockwave Flash Object)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{9CB60C06-FF45-4E69-BF33-D07BD3F61E8F}: NameServer = 202.188.0.133,202.188.1.5
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\WINDOWS\system32\userinit.exe) - C:\WINDOWS\system32\userinit.exe (Microsoft Corporation)
O20 - Winlogon\Notify\AtiExtEvent: DllName - (Ati2evxx.dll) - C:\WINDOWS\System32\ati2evxx.dll (ATI Technologies Inc.)
O24 - Desktop WallPaper: C:\Documents and Settings\Peter\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O24 - Desktop BackupWallPaper: C:\Documents and Settings\Peter\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2003-04-04 03:26:40 | 000,000,050 | ---- | M] () - C:\AUTOEXEC.BAT -- [ FAT32 ]
O32 - AutoRun File - [2012-06-26 09:35:24 | 000,000,204 | RHS- | M] () - C:\autorun.inf_1341138495.arl -- [ FAT32 ]
O32 - AutoRun File - [2012-06-26 09:35:24 | 000,000,343 | -HS- | M] () - E:\autorun.inf_1341138495.arl -- [ NTFS ]
O32 - AutoRun File - [2012-06-17 21:45:24 | 000,000,000 | ---D | M] - H:\autorun.inf -- [ FAT32 ]
O32 - AutoRun File - [2011-03-15 07:27:22 | 000,148,320 | R--- | M] () - I:\AutoRun.exe -- [ CDFS ]
O32 - AutoRun File - [2011-08-19 01:13:04 | 000,000,047 | R--- | M] () - I:\AUTORUN.INF -- [ CDFS ]
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)

========== Files/Folders - Created Within 30 Days ==========

[2012-07-02 08:26:02 | 000,000,000 | ---D | C] -- C:\WINDOWS\pss
[2012-07-02 07:48:01 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Peter\Start Menu\Programs\CyberLink PowerDVD 9
[2012-07-01 21:20:11 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Peter\Desktop\Black Eyes
[2012-07-01 21:19:03 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Peter\Desktop\Absolute
[2012-07-01 21:05:46 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\K-Lite Codec Pack
[2012-07-01 21:05:44 | 000,839,680 | ---- | C] (http://www.mp3dev.org/) -- C:\WINDOWS\System32\lameACM.acm
[2012-07-01 21:05:44 | 000,217,088 | ---- | C] (www.helixcommunity.org) -- C:\WINDOWS\System32\yv12vfw.dll
[2012-07-01 21:05:44 | 000,151,552 | ---- | C] (fccHandler) -- C:\WINDOWS\System32\ac3acm.acm
[2012-07-01 19:55:15 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Peter\Desktop\T-ara
[2012-07-01 10:28:15 | 000,000,000 | ---D | C] -- C:\virus 20 06 2012
[2012-07-01 10:28:15 | 000,000,000 | ---D | C] -- C:\Program Files\Supercow
[2012-07-01 10:28:15 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Peter\My Documents\My Downloads
[2012-07-01 10:28:15 | 000,000,000 | ---D | C] -- C:\Program Files\Liong The Dragon Dance
[2012-07-01 10:28:15 | 000,000,000 | ---D | C] -- C:\Program Files\bmoworld
[2012-07-01 10:28:15 | 000,000,000 | ---D | C] -- C:\2 Burn
[2012-06-29 08:02:58 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\XPSViewer
[2012-06-29 08:02:55 | 000,000,000 | ---D | C] -- C:\Program Files\MSBuild
[2012-06-29 08:02:49 | 000,000,000 | ---D | C] -- C:\Program Files\Reference Assemblies
[2012-06-29 08:00:15 | 000,000,000 | ---D | C] -- C:\Program Files\MSXML 6.0
[2012-06-26 19:21:52 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\CatRoot_bak
[2012-06-26 03:08:53 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft CAPICOM 2.1.0.2
[2012-06-26 03:02:37 | 000,000,000 | ---D | C] -- C:\WINDOWS\ServicePackFiles
[2012-06-26 03:01:19 | 000,000,000 | ---D | C] -- C:\Program Files\MSXML 4.0
[2012-06-25 23:24:08 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Peter\Local Settings\Application Data\AskToolbar
[2012-06-25 23:12:59 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Peter\Application Data\Sammsoft
[2012-06-25 23:11:56 | 000,000,000 | ---D | C] -- C:\Program Files\Ask.com
[2012-06-25 23:11:53 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\ARO 2012
[2012-06-25 23:11:52 | 000,000,000 | ---D | C] -- C:\Program Files\ARO 2012
[2012-06-25 22:55:48 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Peter\Local Settings\Application Data\Sun
[2012-06-25 22:55:08 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Java
[2012-06-25 22:54:45 | 000,000,000 | ---D | C] -- C:\Program Files\Oracle
[2012-06-25 22:54:35 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Peter\Application Data\Oracle
[2012-06-25 22:54:18 | 000,000,000 | ---D | C] -- C:\Program Files\Java
[2012-06-25 02:32:16 | 000,000,000 | --SD | C] -- C:\ComboFix
[2012-06-25 02:32:09 | 000,000,000 | R--D | C] -- C:\Documents and Settings\Peter\My Documents\My Videos
[2012-06-25 02:32:09 | 000,000,000 | R--D | C] -- C:\Documents and Settings\All Users\Documents\My Videos
[2012-06-25 02:32:09 | 000,000,000 | R--D | C] -- C:\Documents and Settings\Peter\Start Menu\Programs\Administrative Tools
[2012-06-25 02:31:22 | 000,027,136 | R--- | C] (Swearware) -- C:\Documents and Settings\Peter\Desktop\ComboFix.exe
[2012-06-23 23:52:47 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Maxis Broadband
[2012-06-23 23:52:02 | 000,861,696 | ---- | C] (DiBcom SA) -- C:\WINDOWS\System32\drivers\mod7700.sys
[2012-06-23 23:52:02 | 000,235,392 | ---- | C] (Huawei Technologies Co., Ltd.) -- C:\WINDOWS\System32\drivers\ewusbnet.sys
[2012-06-23 23:52:02 | 000,194,816 | ---- | C] (Huawei Technologies Co., Ltd.) -- C:\WINDOWS\System32\drivers\ewusbmdm.sys
[2012-06-23 23:52:02 | 000,102,784 | ---- | C] (Huawei Technologies Co., Ltd.) -- C:\WINDOWS\System32\drivers\ew_hwusbdev.sys
[2012-06-23 23:52:02 | 000,090,368 | ---- | C] (Huawei Technologies Co., Ltd.) -- C:\WINDOWS\System32\drivers\ew_jucdcacm.sys
[2012-06-23 23:52:02 | 000,073,216 | ---- | C] (Huawei Technologies Co., Ltd.) -- C:\WINDOWS\System32\drivers\ew_jubusenum.sys
[2012-06-23 23:52:02 | 000,064,384 | ---- | C] (Huawei Technologies Co., Ltd.) -- C:\WINDOWS\System32\drivers\ew_jucdcecm.sys
[2012-06-23 23:52:02 | 000,026,624 | ---- | C] (Huawei Technologies Co., Ltd.) -- C:\WINDOWS\System32\drivers\ew_juextctrl.sys
[2012-06-23 23:52:02 | 000,025,856 | ---- | C] (Huawei Tech. Co., Ltd.) -- C:\WINDOWS\System32\drivers\ewdcsc.sys
[2012-06-23 23:52:02 | 000,019,200 | ---- | C] (Huawei Technologies Co., Ltd.) -- C:\WINDOWS\System32\drivers\ew_hwupgrade.sys
[2012-06-23 23:52:02 | 000,011,136 | ---- | C] (Huawei Technologies Co., Ltd.) -- C:\WINDOWS\System32\drivers\ew_usbenumfilter.sys
[2012-06-17 21:45:29 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Mozilla Firefox
[2012-06-10 11:13:05 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Mozilla

========== Files - Modified Within 30 Days ==========

[2012-07-02 08:30:46 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2012-07-02 08:30:42 | 1608,634,368 | -HS- | M] () -- C:\hiberfil.sys
[2012-07-02 08:29:00 | 000,000,012 | ---- | M] () -- C:\WINDOWS\bthservsdp.dat
[2012-07-02 08:26:32 | 000,000,281 | RHS- | M] () -- C:\boot.ini
[2012-07-02 08:26:02 | 000,000,234 | ---- | M] () -- C:\WINDOWS\tasks\Scheduled Update for Ask Toolbar.job
[2012-07-02 00:14:14 | 000,023,552 | ---- | M] () -- C:\Documents and Settings\Peter\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2012-07-02 00:14:00 | 000,001,254 | ---- | M] () -- C:\Documents and Settings\Peter\Desktop\Clean Registry for Free!.lnk
[2012-07-01 23:50:56 | 000,000,116 | ---- | M] () -- C:\WINDOWS\NeroDigital.ini
[2012-07-01 21:20:46 | 000,000,501 | ---- | M] () -- C:\Documents and Settings\Peter\Desktop\Shortcut to Playlist1.wpl.lnk
[2012-07-01 21:05:48 | 000,000,846 | ---- | M] () -- C:\Documents and Settings\Peter\Desktop\Media Player Classic.lnk
[2012-06-29 23:10:30 | 000,103,140 | ---- | M] () -- C:\digqd.exe_1341138495.arl
[2012-06-29 22:25:28 | 000,442,800 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2012-06-29 22:25:28 | 000,072,066 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2012-06-29 22:25:00 | 000,155,568 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2012-06-29 07:57:56 | 000,001,110 | ---- | M] () -- C:\Documents and Settings\Peter\Desktop\Get Live PC Help Now.lnk
[2012-06-29 07:57:00 | 000,001,158 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2012-06-26 23:34:10 | 000,000,668 | ---- | M] () -- C:\Catalog.LiveSubscribe
[2012-06-26 09:45:44 | 000,000,754 | ---- | M] () -- C:\WINDOWS\WORDPAD.INI
[2012-06-26 09:35:24 | 000,000,204 | RHS- | M] () -- C:\autorun.inf_1341138495.arl
[2012-06-26 09:25:52 | 000,000,570 | ---- | M] () -- C:\a.bat
[2012-06-26 08:16:52 | 000,000,664 | ---- | M] () -- C:\WINDOWS\System32\d3d9caps.dat
[2012-06-26 03:15:04 | 000,001,374 | ---- | M] () -- C:\WINDOWS\imsins.BAK
[2012-06-25 23:11:58 | 000,001,433 | ---- | M] () -- C:\Documents and Settings\Peter\Desktop\Check PC For Errors.lnk
[2012-06-25 23:11:58 | 000,001,433 | ---- | M] () -- C:\Documents and Settings\Peter\Application Data\Microsoft\Internet Explorer\Quick Launch\Check PC For Errors.lnk
[2012-06-25 02:30:30 | 000,027,136 | R--- | M] (Swearware) -- C:\Documents and Settings\Peter\Desktop\ComboFix.exe
[2012-06-23 23:52:50 | 000,000,674 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Maxis Broadband.lnk
[2012-06-18 07:54:20 | 000,001,528 | ---- | M] () -- C:\Documents and Settings\Peter\Application Data\Microsoft\Internet Explorer\Quick Launch\Mozilla Firefox.lnk
[2012-06-18 07:54:20 | 000,001,510 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Mozilla Firefox.lnk

========== Files Created - No Company Name ==========

[2012-07-02 00:13:58 | 000,001,254 | ---- | C] () -- C:\Documents and Settings\Peter\Desktop\Clean Registry for Free!.lnk
[2012-07-01 21:20:45 | 000,000,501 | ---- | C] () -- C:\Documents and Settings\Peter\Desktop\Shortcut to Playlist1.wpl.lnk
[2012-07-01 21:05:46 | 000,165,376 | ---- | C] () -- C:\WINDOWS\System32\unrar.dll
[2012-07-01 21:05:45 | 000,000,038 | ---- | C] () -- C:\WINDOWS\avisplitter.ini
[2012-07-01 21:05:44 | 000,790,528 | ---- | C] () -- C:\WINDOWS\System32\xvidcore.dll
[2012-07-01 21:05:44 | 000,134,144 | ---- | C] () -- C:\WINDOWS\System32\xvidvfw.dll
[2012-07-01 21:05:44 | 000,108,032 | ---- | C] () -- C:\WINDOWS\System32\ff_vfw.dll
[2012-07-01 21:05:44 | 000,000,414 | ---- | C] () -- C:\WINDOWS\System32\lame_acm.xml
[2012-06-29 23:10:29 | 000,103,140 | ---- | C] () -- C:\digqd.exe_1341138495.arl
[2012-06-29 07:57:54 | 000,001,110 | ---- | C] () -- C:\Documents and Settings\Peter\Desktop\Get Live PC Help Now.lnk
[2012-06-26 23:34:08 | 000,000,668 | ---- | C] () -- C:\Catalog.LiveSubscribe
[2012-06-26 09:35:08 | 000,000,204 | RHS- | C] () -- C:\autorun.inf_1341138495.arl
[2012-06-25 23:12:00 | 000,000,234 | ---- | C] () -- C:\WINDOWS\tasks\Scheduled Update for Ask Toolbar.job
[2012-06-25 23:11:57 | 000,001,433 | ---- | C] () -- C:\Documents and Settings\Peter\Desktop\Check PC For Errors.lnk
[2012-06-25 23:11:57 | 000,001,433 | ---- | C] () -- C:\Documents and Settings\Peter\Application Data\Microsoft\Internet Explorer\Quick Launch\Check PC For Errors.lnk
[2012-06-25 20:20:16 | 000,000,570 | ---- | C] () -- C:\a.bat
[2012-06-23 23:52:48 | 000,000,674 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Maxis Broadband.lnk
[2012-03-05 13:19:55 | 000,000,000 | ---- | C] () -- C:\WINDOWS\popcreg.dat
[2012-03-05 13:19:55 | 000,000,000 | ---- | C] () -- C:\WINDOWS\popcinfot.dat
[2011-07-23 21:48:00 | 000,262,884 | ---- | C] () -- C:\WINDOWS\IPUI_DivXG400.exe
[2011-07-11 17:30:45 | 000,000,664 | ---- | C] () -- C:\WINDOWS\System32\d3d9caps.dat
[2011-07-06 14:54:32 | 000,065,536 | ---- | C] () -- C:\WINDOWS\IFinst27.exe
[2011-05-02 19:09:59 | 000,002,048 | ---- | C] () -- C:\Program Files\Sonic3Dsonic3d.ini
[2011-05-01 13:31:41 | 000,000,281 | ---- | C] () -- C:\WINDOWS\EReg072.dat
[2011-03-08 00:17:43 | 000,446,464 | ---- | C] () -- C:\WINDOWS\System32\NVH264Decoder.dll
[2011-03-08 00:17:43 | 000,405,504 | ---- | C] () -- C:\WINDOWS\System32\NVPostProc.dll
[2011-03-08 00:17:43 | 000,077,824 | ---- | C] () -- C:\WINDOWS\System32\NVH264vfw.dll
[2010-09-17 17:13:28 | 000,008,192 | ---- | C] () -- C:\WINDOWS\d3dx.dat
[2010-09-04 17:40:42 | 000,000,010 | ---- | C] () -- C:\WINDOWS\popcinfo.dat
[2008-12-18 08:58:29 | 000,000,112 | ---- | C] () -- C:\Documents and Settings\Peter\default.pls
[2008-11-13 23:50:35 | 000,023,552 | ---- | C] () -- C:\Documents and Settings\Peter\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2008-11-09 23:44:41 | 000,000,128 | ---- | C] () -- C:\Documents and Settings\Peter\Local Settings\Application Data\fusioncache.dat

========== LOP Check ==========

[2008-11-09 23:59:58 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Acer
[2008-11-11 17:16:24 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\All Users\Application Data\CanonBJ
[2008-11-23 16:47:08 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\n7-89-o9-3r-4t-r9
[2008-11-25 10:09:24 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Kingsoft
[2008-12-05 19:12:22 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\JollyBear
[2009-01-10 15:53:24 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\iWin Games
[2009-01-10 16:07:54 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\TEMP
[2009-01-10 17:38:00 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\FreshGames
[2009-01-15 09:27:52 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Broderbund Software
[2009-01-15 09:27:54 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Broderbund LLC
[2009-01-17 10:36:18 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\AlawarWrapper
[2009-02-07 11:01:32 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\FarmFrenzy-PizzaParty
[2009-04-05 20:13:22 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\EmailNotifier
[2009-04-05 20:13:22 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Megaupload
[2009-10-17 18:42:00 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Islands
[2009-11-20 14:37:02 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Aliasworlds
[2010-02-23 11:57:20 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\iSpeak
[2011-02-15 18:31:26 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Enkord
[2011-03-10 21:47:24 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\PMB Files
[2011-05-19 22:17:16 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Sandlot Games
[2011-05-25 20:51:48 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Escape From Paradise
[2011-05-25 20:58:30 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\TERMINAL Studio
[2011-06-04 21:34:02 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\PlayFirst
[2012-02-17 14:18:56 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\DatacardService
[2012-02-19 09:53:42 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\HipSoft
[2012-02-29 18:36:56 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\cupcakecafe
[2008-11-10 00:00:00 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Peter\Application Data\Acer
[2008-11-23 16:47:00 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Peter\Application Data\GameHouse
[2008-12-04 09:29:46 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Peter\Application Data\LimeWire
[2009-01-02 18:09:42 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Peter\Application Data\AlwaysNeat
[2009-01-11 09:07:00 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Peter\Application Data\Playrix Entertainment
[2009-01-17 10:36:22 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Peter\Application Data\Alawar
[2009-02-07 10:17:20 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Peter\Application Data\Super-Cow
[2009-04-05 20:13:22 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Peter\Application Data\MegauploadToolbar
[2009-04-05 20:13:22 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Peter\Application Data\EmailNotifier
[2009-04-05 20:13:50 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Peter\Application Data\Megaupload
[2009-11-17 14:30:46 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Peter\Application Data\GlarySoft
[2009-11-20 11:37:06 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Peter\Application Data\Ancient Quest of Saqqarah__iwin
[2010-01-10 16:59:32 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Peter\Application Data\Reflexive JanesZOO
[2010-02-14 12:47:30 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Peter\Application Data\Gamelab
[2010-06-05 17:44:56 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Peter\Application Data\PIPI
[2010-09-17 17:12:52 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Peter\Application Data\Wildfire
[2011-04-02 18:58:44 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Peter\Application Data\Magic Match
[2011-05-19 22:17:00 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Peter\Application Data\Sandlot Games
[2011-05-26 20:23:42 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Peter\Application Data\Angkor
[2011-05-29 20:57:46 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Peter\Application Data\Ohana Games
[2011-06-04 21:34:02 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Peter\Application Data\PlayFirst
[2011-09-30 20:37:04 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Peter\Application Data\Incredible Ink
[2012-02-14 11:28:40 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Peter\Application Data\Rovio
[2012-02-17 14:21:20 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Peter\Application Data\Maxis Broadband
[2012-02-20 09:22:04 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Peter\Application Data\Independent
[2012-04-05 10:39:14 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Peter\Application Data\OpenCandy
[2012-06-25 22:54:36 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Peter\Application Data\Oracle
[2012-06-25 23:13:00 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Peter\Application Data\Sammsoft
[2012-07-02 08:26:02 | 000,000,234 | ---- | M] () -- C:\WINDOWS\Tasks\Scheduled Update for Ask Toolbar.job

========== Purity Check ==========



< End of report >
  • 0

#37
RKinner

RKinner

    Malware Expert

  • Expert
  • 19,776 posts
  • MVP
Run Malwarebytes Anti-Malware. It should fix the regedit problem.

You are still showing an autorun.inf on H:\

Use IE and go to http://eset.com/onlinescan and click on ESET online Scanner. Accept the terms then press Start (If you get a warning from your browser tell it you want to run it).

# Check Scan Archives
# Push the Start button.
# ESET will then download updates for itself, install itself, and begin scanning your computer. Please be patient as this can take some time.
# When the scan completes, push LIST OF THREATS FOUND
# Push EXPORT TO TEXT FILE , and save the file to your desktop using a unique name, such as ESETScan. Include the contents of this report in your next reply.
# Push the BACK button.
# Push Finish
# Once the scan is completed, you may close the window.
# Use Notepad to open the logfile located at C:\Program Files\EsetOnlineScanner\log.txt
# Copy and paste that log as a reply.


Let's also try the bitdefender quickscan.

http://quickscan.bitdefender.com/

When it finishes there is a View Report option at the bottom. Click on it and copy and paste the report (even if it says nothing found).
  • 0

#38
Peter Lee

Peter Lee

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 117 posts
H:\autorun.inf = Folder = Size 0 Byte

Contain:

1 file = lpt3.This folder was created by Flash_Disinfector


Malwarebytes Anti-Malware - over 14 days trial ..
  • 0

#39
RKinner

RKinner

    Malware Expert

  • Expert
  • 19,776 posts
  • MVP
Oops, missed the D in the OTL log for H:\autorun.inf.

Still would be a good idea to run ESET tho it will take a while.
  • 0

#40
Peter Lee

Peter Lee

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 117 posts
Malwarebytes Anti-Malware (Trial) 1.61.0.1400
www.malwarebytes.org

Database version: v2012.07.02.02

Windows XP Service Pack 2 x86 FAT32
Internet Explorer 8.0.6001.18702
Peter :: ACER-8C1E498EF8 [administrator]

Protection: Enabled

03-Jul-2012 8:19:00 AM
mbam-log-2012-07-03 (08-19-00).txt

Scan type: Full scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 394151
Time elapsed: 58 minute(s), 16 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 0
(No malicious items detected)

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 5
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System|DisableRegistryTools (PUM.Hijack.Regedit) -> Bad: (1) Good: (0) -> Quarantined and repaired successfully.
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System|DisableTaskMgr (PUM.Hijack.TaskManager) -> Bad: (1) Good: (0) -> Quarantined and repaired successfully.
HKLM\SOFTWARE\Microsoft\Security Center|AntiVirusDisableNotify (PUM.Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> Quarantined and repaired successfully.
HKLM\SOFTWARE\Microsoft\Security Center|FirewallDisableNotify (PUM.Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> Quarantined and repaired successfully.
HKLM\SOFTWARE\Microsoft\Security Center|UpdatesDisableNotify (PUM.Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> Quarantined and repaired successfully.

Folders Detected: 0
(No malicious items detected)

Files Detected: 19
C:\Program Files\GameHouse\Zuma\Trainer.exe (PUP.HackTool.HotKeysHook) -> No action taken.
C:\2 Burn\Programs\ZwinkySetup2.3.50.62.ZJfox000.exe_1341138495.arl (PUP.MyWebSearch) -> No action taken.
F:\Peter\C\downloads\Zuma_Deluxe_v1.0\Trainer.exe (PUP.HackTool.HotKeysHook) -> No action taken.
C:\digqd.exe_1341138495.arl (Malware.Packer.Gen) -> Quarantined and deleted successfully.
C:\Program Files\ABC\UG-00-V1\Collection.exe_1341138495.arl (Trojan.Downloader.AS) -> Quarantined and deleted successfully.
C:\Program Files\ABC\UG-04\Collection.exe_1341138495.arl (Trojan.Downloader.AS) -> Quarantined and deleted successfully.
C:\Program Files\Rainbow Drops Buster\R.A.A-P.C.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\2 Burn\Reflexive Patch\R.A.A-P.C.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Qoobox\Quarantine\C\nkksh.exe.vir_1341138495.arl (Malware.Packer.Gen) -> Quarantined and deleted successfully.
E:\qebrc.pif_1341138495.arl (Malware.Packer.Gen) -> Quarantined and deleted successfully.
E:\Qoobox\Quarantine\E\abiej.pif.vir_1341138495.arl (Malware.Packer.Gen) -> Quarantined and deleted successfully.
F:\game\SexyBeachZERO\SexyBeachZERO\安装程序 .EXE_1341138495.arl (Trojan.Qhost) -> Quarantined and deleted successfully.
F:\Peter\C\virus\Brontok\5-AntiBrontokA-en.exe (Trojan.Dropper) -> Quarantined and deleted successfully.
F:\Peter\My Documents\w\2uwm\wmwg\通用完美SF穿墙挂机挂2.52\HtmlView.fne (Worm.AutoRun) -> Quarantined and deleted successfully.
F:\Peter\My Documents\w\2uwm\wmwg\通用完美SF穿墙挂机挂2.52\iext3.fne (Trojan.BHO) -> Quarantined and deleted successfully.
F:\Peter\My Documents\w\2uwm\wmwg\通用完美SF穿墙挂机挂2.52\krnln.fnr (Trojan.FlyStudio) -> Quarantined and deleted successfully.
F:\Peter\My Documents\w\2uwm\wmwg\通用完美SF穿墙挂机挂2.52\xplib.fne (Trojan.Flystudio) -> Quarantined and deleted successfully.
F:\Program Files\Reflexive Arcade 10-Pack\Birdies\Birdies.RWG (Trojan.Downloader) -> Quarantined and deleted successfully.
F:\Ragnarok Offline\GRF-factory\GrfSuite\GrfCreate.exe (Trojan.Orsam) -> Quarantined and deleted successfully.

(end)
  • 0

Advertisements


#41
Peter Lee

Peter Lee

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 117 posts
QuickScan 32-bit v0.9.9.119
---------------------------
Scan date: Wed Jul 04 07:46:20 2012
Machine ID: 320D180E



No infection found.
-------------------



Processes
---------
gearsec 756 C:\WINDOWS\System32\GEARSEC.EXE
Acer Empowering framework 1920 C:\Acer\Empowering Technology\admServ.exe
Acer Empowering framework 3680 C:\Acer\Empowering Technology\ADMTRAY.EXE
Acer ePower Management 2460 C:\Acer\Empowering Technology\ePower\ePower_DMC.exe
Acer OrbiCam 3252 C:\Program Files\Acer\OrbiCam\CameraAssistant.exe
Acer OrbiCam 932 C:\Program Files\Common Files\Logitech\LVMVFM\LVPrcSrv.exe
Acer OrbiCam 3004 C:\WINDOWS\System32\LVCOMSX.EXE
ATI External Event Utility for WindowsN 1708 C:\WINDOWS\System32\ATI2EVXX.EXE
ATI External Event Utility for WindowsN 1464 C:\WINDOWS\System32\ATI2EVXX.EXE
Bluetooth Software 5.0.1.1200 672 C:\Program Files\WIDCOMM\Bluetooth Software\BIN\BTWDINS.EXE
Catalyst Control Centre 2116 C:\Program Files\ATI Technologies\ATI.ACE\CLI.EXE
Catalyst Control Centre 3100 C:\Program Files\ATI Technologies\ATI.ACE\CLI.EXE
Catalyst Control Centre 3592 C:\Program Files\ATI Technologies\ATI.ACE\CLI.EXE
CLCapSvc Module 688 C:\Program Files\Acer\Acer Arcade\Kernel\TV\CLCapSvc.exe
CLSched Module 2280 C:\Program Files\Acer\Acer Arcade\Kernel\TV\CLSched.exe
cyberlink brs 3560 C:\Program Files\CyberLink\Shared Files\BRS.EXE
Cyberlink Media Library Server 716 C:\Program Files\Acer\Acer Arcade\Kernel\CLML_NTService\CLMLServer.exe
Cyberlink MediaLibrary NT Service 740 C:\Program Files\Acer\Acer Arcade\Kernel\CLML_NTService\CLMLService.exe
Cyberlink PowerCinema 2784 C:\Program Files\Acer\Acer Arcade\PCMService.exe
DAEMON Tools 3452 C:\Program Files\D-Tools\DAEMON.EXE
eDSloader 3432 C:\Acer\Empowering Technology\eDataSecurity\eDSloader.exe
Firefox 2712 C:\Program Files\Mozilla Firefox\firefox.exe
Intel® PROSet/Wireless Event Log 1772 C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
Intel® PROSet/Wireless Registry Servi 1888 C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
Intel® PROSet/Wireless Service 1940 C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
iWinGames Application 788 C:\Program Files\iWin Games\iWinTrusted.exe
Java™ Platform SE 7 U5 820 C:\Program Files\Oracle\JavaFX 2.1 Runtime\BIN\JQS.EXE
Java™ Platform SE Auto Updater 2 0 2660 C:\Program Files\Common Files\Java\Java Update\JUSCHED.EXE
Launch Manager 3296 C:\Program Files\Launch Manager\QtZgAcer.EXE
Logitech Camera Software 3192 C:\WINDOWS\System32\ElkCtrl.exe
Malwarebytes Anti-Malware 3764 C:\Program Files\Malwarebytes' Anti-Malware\MBAMGUI.EXE
Malwarebytes Anti-Malware 924 C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
Maxis Broadband.exe 2604 C:\Program Files\Maxis Broadband\Maxis Broadband.exe
Messenger 3952 C:\Program Files\Messenger\MSMSGS.EXE
Microsoft® Windows® Operating System 4916 C:\Program Files\Windows NT\Accessories\WORDPAD.EXE
Microsoft® Windows® Operating System 1236 C:\WINDOWS\System32\CSRSS.EXE
Microsoft® Windows® Operating System 1820 C:\WINDOWS\System32\CTFMON.EXE
Microsoft® Windows® Operating System 1320 C:\WINDOWS\System32\LSASS.EXE
Microsoft® Windows® Operating System 3540 C:\WINDOWS\System32\RUNDLL32.EXE
Microsoft® Windows® Operating System 1308 C:\WINDOWS\System32\SERVICES.EXE
Microsoft® Windows® Operating System 596 C:\WINDOWS\System32\SMSS.EXE
Microsoft® Windows® Operating System 892 C:\WINDOWS\System32\SPOOLSV.EXE
Microsoft® Windows® Operating System 192 C:\WINDOWS\System32\SVCHOST.EXE
Microsoft® Windows® Operating System 168 C:\WINDOWS\System32\SVCHOST.EXE
Microsoft® Windows® Operating System 2136 C:\WINDOWS\System32\SVCHOST.EXE
Microsoft® Windows® Operating System 1632 C:\WINDOWS\System32\SVCHOST.EXE
Microsoft® Windows® Operating System 1548 C:\WINDOWS\System32\SVCHOST.EXE
Microsoft® Windows® Operating System 1492 C:\WINDOWS\System32\SVCHOST.EXE
Microsoft® Windows® Operating System 656 C:\WINDOWS\System32\SVCHOST.EXE
Microsoft® Windows® Operating System 236 C:\WINDOWS\System32\SVCHOST.EXE
Microsoft® Windows® Operating System 3856 C:\WINDOWS\System32\WBEM\UNSECAPP.EXE
Microsoft® Windows® Operating System 2976 C:\WINDOWS\System32\WBEM\WMIPRVSE.EXE
Microsoft® Windows® Operating System 3820 C:\WINDOWS\System32\WBEM\WMIPRVSE.EXE
Microsoft® Windows® Operating System 1264 C:\WINDOWS\System32\WINLOGON.EXE
Nero Home 4048 C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe
Norton Ghost 2816 C:\Program Files\Norton Ghost\Agent\GhostTray.exe
Norton Ghost 1052 C:\Program Files\Norton Ghost\Agent\VProSvc.exe
OpenOffice.org 2.0 2300 C:\Program Files\OpenOffice.org 2.0\PROGRAM\soffice.BIN
OpenOffice.org 2.0 2424 C:\Program Files\OpenOffice.org 2.0\PROGRAM\SOFFICE.EXE
ouc.exe 736 C:\Documents and Settings\Peter\Application Data\Maxis Broadband\ouc.exe
PowerDVD RC Service 2748 C:\Program Files\CyberLink\PowerDVD9\PDVD9Serv.exe
Realtek HD Audio Data Rerouter 1448 C:\Documents and Settings\Peter\Local Settings\TEMP\RtkBtMnt.exe
Realtek HD Audio Sound Effect Manager 2728 C:\WINDOWS\RTHDCPL.EXE
RichVideo Module 2088 C:\Program Files\CyberLink\Shared Files\RichVideo.exe
Synaptics Pointing Device Driver 2636 C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
Synaptics Pointing Device Driver 2620 C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
Updater 3644 C:\Program Files\Ask.com\Updater\Updater.exe
(verified) Microsoft® Windows® Operating System 1804 C:\WINDOWS\EXPLORER.EXE
(verified) Microsoft® Windows® Operating System 948 C:\WINDOWS\System32\SCARDSVR.EXE
(verified) Microsoft® Windows® Operating System 2732 C:\WINDOWS\System32\WBEM\WMIAPSRV.EXE
(verified) Windows® Internet Explorer 5344 C:\Program Files\Internet Explorer\IEXPLORE.EXE
(verified) Windows® Internet Explorer 6100 C:\Program Files\Internet Explorer\IEXPLORE.EXE
(verified) Yahoo! AutoUpdater 2232 C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe


Network activity
----------------
Process firefox.exe (2712) connected on port 80 (HTTP) --> 121.123.204.186
Process firefox.exe (2712) connected on port 443 (HTTP over SSL) --> 209.85.175.138
Process firefox.exe (2712) connected on port 443 (HTTP over SSL) --> 209.85.175.113

Process SVCHOST.EXE (1548) listens on ports: 135 (RPC)
Process admServ.exe (1920) listens on ports: 2804


Autoruns and critical files
---------------------------
Acer Empowering framework C:\Acer\Empowering Technology\ADMTRAY.EXE
Acer ePower Management C:\Acer\Empowering Technology\ePower\Acer ePower Management.exe
Acer ePower Management C:\Acer\Empowering Technology\ePower\ePower_DMC.exe
Acer Launch Tool C:\WINDOWS\Alaunch.exe
Acer OrbiCam C:\Program Files\Acer\OrbiCam\CameraAssistant.exe
Acer OrbiCam C:\Program Files\Acer\OrbiCam\InstallHelper.exe
Acer OrbiCam C:\WINDOWS\System32\LVCOMSX.EXE
Adobe Acrobat C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
Ahead Software Gmbh NeroCheck C:\WINDOWS\system32\NeroCheck.exe
ARO 2012 C:\Program Files\ARO 2012\aro.exe
ATI External Event Utility for NT, W2K C:\WINDOWS\system32\Ati2evxx.dll
Catalyst Control Centre C:\Program Files\ATI Technologies\ATI.ACE\CLI.EXE
Client and Host Security Platform C:\Program Files\Common Files\Symantec Shared\ccApp.exe
cyberlink brs C:\Program Files\CyberLink\Shared Files\BRS.EXE
Cyberlink PowerCinema C:\Program Files\Acer\Acer Arcade\PCMService.exe
DAEMON Tools C:\Program Files\D-Tools\DAEMON.EXE
eDSloader C:\Acer\Empowering Technology\eDataSecurity\eDSloader.exe
ImScInst.exe C:\WINDOWS\system32\IME\PINTLGNT\ImScInst.exe
Java™ Platform SE Auto Updater 2 0 C:\Program Files\Common Files\Java\Java Update\JUSCHED.EXE
Launch Manager C:\Program Files\Launch Manager\QtZgAcer.EXE
Logitech Camera Software C:\WINDOWS\System32\ElkCtrl.exe
Malwarebytes Anti-Malware C:\Program Files\Malwarebytes' Anti-Malware\MBAMGUI.EXE
Messenger C:\Program Files\Messenger\MSMSGS.EXE
Microsoft® Windows® Operating System C:\WINDOWS\system32\BROWSEUI.dll
Microsoft® Windows® Operating System C:\WINDOWS\system32\bthprops.cpl
Microsoft® Windows® Operating System C:\WINDOWS\system32\cryptnet.dll
Microsoft® Windows® Operating System C:\WINDOWS\system32\cscdll.dll
Microsoft® Windows® Operating System C:\WINDOWS\System32\CTFMON.EXE
Microsoft® Windows® Operating System C:\WINDOWS\system32\logonui.exe
Microsoft® Windows® Operating System C:\WINDOWS\system32\sclgntfy.dll
Microsoft® Windows® Operating System C:\WINDOWS\system32\SHELL32.dll
Microsoft® Windows® Operating System C:\WINDOWS\system32\stobject.dll
Microsoft® Windows® Operating System C:\WINDOWS\system32\upnpui.dll
Microsoft® Windows® Operating System c:\windows\system32\userinit.exe
Microsoft® Windows® Operating System C:\WINDOWS\system32\WlNotify.dll
Nero Home C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe
Norton Ghost C:\Program Files\Norton Ghost\Agent\GhostTray.exe
ouc.exe C:\Program Files\Maxis Broadband\UpdateDog\ouc.exe
PowerDVD Language Application C:\Program Files\CyberLink\PowerDVD9\Language\Language.exe
PowerDVD RC Service C:\Program Files\CyberLink\PowerDVD9\PDVD9Serv.exe
quickstart.exe C:\Program Files\OpenOffice.org 2.0\program\quickstart.exe
Realtek HD Audio Sound Effect Manager C:\WINDOWS\RTHDCPL.EXE
Realtek Voice Manager C:\WINDOWS\SkyTel.EXE
Synaptics Pointing Device Driver C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
Synaptics Pointing Device Driver C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
Updater C:\Program Files\Ask.com\Updater\Updater.exe
UpdateTask.exe C:\Program Files\Ask.com\UpdateTask.exe
新注音 C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE
(verified) Microsoft IME 2002 C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE
(verified) Microsoft® Windows® Operating System C:\WINDOWS\system32\CRYPT32.dll
(verified) Windows® Internet Explorer C:\WINDOWS\system32\webcheck.dll


Browser plugins
---------------
AcroIEHelper Library c:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
Adobe Acrobat C:\Program Files\Internet Explorer\plugins\nppdf32.dll
Adobe® Flash® Player ActiveX C:\WINDOWS\Downloaded Program Files\FP_AX_CAB_INSTALLER.exe
BitCometAgent C:\Program Files\Mozilla Firefox\plugins\npBitCometAgent.dll
Bitdefender QuickScan C:\Documents and Settings\Peter\Application Data\Mozilla\Firefox\Profiles\87qxe0yt.default\extensions\{e001c731-5e37-4538-a5cb-8168736a2360}\plugins\npqscan.dll
ExpressIt Upload C:\Program Files\Internet Explorer\plugins\NPExpFTP.dll
ExpressIt.com Graphics Display Plugin C:\Program Files\Internet Explorer\plugins\NPEvery.dll
IBitCometExtension.dll C:\Documents and Settings\Peter\Application Data\Mozilla\Firefox\Profiles\87qxe0yt.default\extensions\{B042753D-F57E-4e8e-A01B-7379A6D4CEFB}\components\IBitCometExtension.dll
InstallShield Update Service C:\WINDOWS\Downloaded Program Files\dwusplay.exe
Java Deployment Toolkit 7.0.50.255 C:\Program Files\Oracle\JavaFX 2.1 Runtime\bin\dtplugin\npDeployJava1.dll
Java™ Platform SE 7 U5 C:\Program Files\Oracle\JavaFX 2.1 Runtime\bin\jp2ssv.dll
Java™ Platform SE 7 U5 C:\Program Files\Oracle\JavaFX 2.1 Runtime\bin\plugin2\npjp2.dll
Java™ Platform SE 7 U5 C:\Program Files\Oracle\JavaFX 2.1 Runtime\bin\ssv.dll
Mega Manager IE Click Catcher C:\Program Files\Megaupload\Mega Manager\MegaIEMn.dll
Messenger C:\Program Files\Messenger\MSMSGS.EXE
Microsoft® Windows® Operating System C:\WINDOWS\System32\nwprovau.dll
Microsoft® Windows® Operating System C:\WINDOWS\System32\winrnr.dll
Microsoft® Windows® Operating System C:\WINDOWS\system32\wshbth.dll
Mozilla Default Plug-in C:\Program Files\Mozilla Firefox\plugins\npnul32.dll
npruntime scriptable plugin for beanfun C:\Program Files\Mozilla Firefox\plugins\npBFPlugin.dll
NPSWF32_11_2_202_235.dll C:\WINDOWS\system32\Macromed\Flash\NPSWF32_11_2_202_235.dll
Pando Web Plugin C:\Program Files\Pando Networks\Media Booster\npPandoWebPlugin.dll
PIPI Helper For Internet Explorer C:\WINDOWS\system32\JfCheck.dll
Shockwave for Director C:\Program Files\Mozilla Firefox\plugins\np32dsw.dll
Software Manager C:\WINDOWS\Downloaded Program Files\isusweb.dll
Toolbar C:\Program Files\Ask.com\GenericAskToolbar.dll
Windows Presentation Foundation C:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll
Windows® Internet Explorer C:\WINDOWS\system32\ieframe.dll
(verified) InstallShield Update Service C:\WINDOWS\Downloaded Program Files\dwusplay.dll
(verified) Microsoft® Windows® Operating System C:\WINDOWS\system32\mswsock.dll
(verified) Microsoft® Windows® Operating System C:\WINDOWS\system32\rsvpsp.dll


Missing files
-------------
File not found: c:\program files\yahoo!\companion\installs\cpn3\yt.dll
--> HKLM\Software\Classes\CLSID\{81017EA9-9AA8-4A6A-9734-7AF40E7D593F}\InprocServer32\"(default)"

File not found: c:\progra~1\megaup~2\megaup~1.dll
--> HKLM\Software\Classes\CLSID\{A057A204-BACC-4D26-C39E-35F1D2A32EC8}\InprocServer32\"(default)"
--> HKLM\Software\Classes\CLSID\{A057A204-BACC-4D26-C39E-35F1D2A32EC8}\InprocServer32\"(default)"


Scan
----
MD5: e1ec228d87915050bdf59f6331ad7247 C:\Acer\Empowering Technology\admServ.exe
MD5: 1d8fcb6541e74894224296dcdad6bedf C:\Acer\Empowering Technology\ADMTRAY.EXE
MD5: 2cbd8b58e0616a6626bb25df9707d8e7 C:\Acer\Empowering Technology\cpuid_dll.dll
MD5: dfa0b21c35b85c628318a1c983e21853 C:\Acer\Empowering Technology\eDataSecurity\eDSloader.exe
MD5: fb0ead3b78df4e7f7f0999a8e803b470 C:\Acer\Empowering Technology\ePower\Acer ePower Management.exe
MD5: b35aa2c93da3eb5b7dfcafe6fcbe0318 c:\acer\empowering technology\epower\classlib_notifyiconex.dll
MD5: 66a038f6e700a063380df8d51bdce7f8 C:\Acer\Empowering Technology\ePower\DialogDLL.dll
MD5: 12d0a733a24dde2aa2ec808222e2fce0 C:\Acer\Empowering Technology\ePower\ePower_DMC.exe
MD5: 20744a88413c4cfe5f18a00786718ade C:\Acer\Empowering Technology\ePower\SysHook.dll
MD5: f6393b1b1f6f617f189dfa78112f5b24 C:\Acer\Empowering Technology\InstallNdis.dll
MD5: 680a40e23a111842a5d240040d806817 C:\Acer\Empowering Technology\IpmiTrans.dll
MD5: 186ab0ec0e1653dd94f9df6168d30fbf C:\Acer\Empowering Technology\NBAPI.dll
MD5: e87a43a7b6bab1f94063cb4cb76c80cc C:\Acer\Empowering Technology\NetMonitor.dll
MD5: c53e7e28bbf491d3d0346539bfdedf64 C:\Acer\Empowering Technology\OsaFsLoc.dll
MD5: 0bad334e0eb3d3a9bc62a63ef73279e2 C:\Acer\Empowering Technology\osaiodll.dll
MD5: 436d22f6f315038420b6026df75aa66c C:\Acer\Empowering Technology\s_it87.dll
MD5: 19e534bf330831e2057bd9f64368172c C:\Acer\Empowering Technology\s_lm85m.dll
MD5: 8434e8a054ac1f9aec284c8ea55d4418 C:\Acer\Empowering Technology\s_smsc47m1.dll
MD5: 3b144cfa6db8a53946504f25c112a7dd C:\Acer\Empowering Technology\ServiceControl.dll
MD5: 7bcb7a1a982fbe839083d06cac9e0cd3 C:\Acer\Empowering Technology\SMBIOSAPI.dll
MD5: 6cd95bebc1275515e22ac36ed6f5b4a6 C:\Acer\Empowering Technology\SYSAPI.dll
MD5: b7c8da103a52dd978fb49522acb3c5ce C:\Documents and Settings\All Users\Application Data\DatacardService\HWDeviceService.exe
MD5: d48c2468816b486f15f05b03aae68557 C:\Documents and Settings\Peter\Application Data\Maxis Broadband\ouc.exe
MD5: 47cc495723eaaa8e790599b8ce2b69d2 C:\Documents and Settings\Peter\Application Data\Mozilla\Firefox\Profiles\87qxe0yt.default\extensions\{B042753D-F57E-4e8e-A01B-7379A6D4CEFB}\components\IBitCometExtension.dll
MD5: c9e3864fb9cbfa93d9010bcfe18a5697 C:\Documents and Settings\Peter\Application Data\Mozilla\Firefox\Profiles\87qxe0yt.default\extensions\{e001c731-5e37-4538-a5cb-8168736a2360}\plugins\npqscan.dll
MD5: e39574b471ef0b8719b13cc99aaff0b8 C:\Documents and Settings\Peter\Local Settings\TEMP\RtkBtMnt.exe
MD5: 5b417ed5b49d5a65355a81a2a5fbc1e0 C:\Program Files\Acer\Acer Arcade\Kernel\CLML_NTService\CLMLServer.exe
MD5: 0f9abc13b1254729ac71e910bd75000f C:\Program Files\Acer\Acer Arcade\Kernel\CLML_NTService\CLMLService.exe
MD5: 18d7d1b1a8405bd8e5ca8774fa6e6b2f C:\Program Files\Acer\Acer Arcade\Kernel\common\CLRCEngine3.dll
MD5: 222383f472d086dd72c1b9b31406dd9b C:\Program Files\Acer\Acer Arcade\Kernel\TV\CLCapEngine.dll
MD5: 57d426b15aeffceb99baa7cc50eb05ab C:\Program Files\Acer\Acer Arcade\Kernel\TV\CLCapSvc.exe
MD5: c70570c375590302fb74303fbef7c27b C:\Program Files\Acer\Acer Arcade\Kernel\TV\CLCapSvcps.dll
MD5: 9fd498731853c38a265bfc754c388041 C:\Program Files\Acer\Acer Arcade\Kernel\TV\CLCapX.dll
MD5: c4aa32733d2ad6c8676f6ed4c92756ee C:\Program Files\Acer\Acer Arcade\Kernel\TV\CLSched.exe
MD5: 12c0c7023f42aaeb505cdf561723a8dc C:\Program Files\Acer\Acer Arcade\Kernel\TV\CLSchedps.dll
MD5: 7186745a4aba8fa0e78af2a53f6866f0 C:\Program Files\Acer\Acer Arcade\Kernel\TV\CLSchMgr.dll
MD5: 6ae17f9d70b252f198cc764e05bdcbb1 C:\Program Files\Acer\Acer Arcade\Kernel\TV\PCMRRec4.dll
MD5: 190416ac137b9f5ef1f5f1ea599fa7d7 C:\Program Files\Acer\Acer Arcade\Kernel\TV\PCMRResample.ax
MD5: f35a584e947a5b401feb0fe01db4a0d7 C:\Program Files\Acer\Acer Arcade\MFC71.DLL
MD5: 32fa3858680443d5dcb78b2538d74392 C:\Program Files\Acer\Acer Arcade\PCMService.exe
MD5: 56e1b72323b047163247a58fca6f7aee C:\Program Files\Acer\OrbiCam\CameraAssistant.exe
MD5: 3a98c594242cace3b8677fdbe5af880a C:\Program Files\Acer\OrbiCam\CameraAssistantRes.dll
MD5: ff87563ebf80efd32bdcf25803ad70e8 C:\Program Files\Acer\OrbiCam\InstallHelper.exe
MD5: e87af743d73efbc88e501f3609f39561 C:\Program Files\Acer\OrbiCam\VLib.dll
MD5: d720f2aa187211d2d1a856b812739bcc C:\Program Files\Acer\OrbiCam\VxLib.dll
MD5: 91f3be44b36e03f6debf117c2ad9d27c C:\Program Files\Acer\OrbiCam\VxLibRes.dll
MD5: 42729c3de75a7a51fc6f9ef6546c9199 c:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
MD5: 9e679b6b6d7dae96f88bfa55c22d8d43 C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
MD5: c069c7aca9dfa2e1f3e24618d71831de C:\Program Files\ARO 2012\aro.exe
MD5: 1cb1e38baa0a1b507ea68b6b5cc260d1 C:\Program Files\Ask.com\GenericAskToolbar.dll
MD5: 1ca034e7feb38fb4f3484aec092c403f C:\Program Files\Ask.com\Updater\Updater.exe
MD5: b0ec253506bee5cc1b004cd0e7a698e9 C:\Program Files\Ask.com\UpdateTask.exe
MD5: 4197a1f52abfbaf919b6c3d97167cb86 c:\program files\ati technologies\ati.ace\aem.foundation.dll
MD5: 70f5f32845c80a6a5403c3362bd5f03c c:\program files\ati technologies\ati.ace\apm.foundation.dll
MD5: b5c72304aac24bf87325d88e6a5c1592 c:\program files\ati technologies\ati.ace\atidemgr.dll
MD5: 7e4019d4d629de9795b0ab8b305b849f c:\program files\ati technologies\ati.ace\cli.aspect.customformats.graphics.shared.dll
MD5: 0ae69c2a050b2581630ddbe8c31183ee c:\program files\ati technologies\ati.ace\cli.aspect.devicecrt.graphics.dashboard.dll
MD5: 73d5bb29884e6503334d965ded432c24 c:\program files\ati technologies\ati.ace\cli.aspect.devicecrt.graphics.runtime.dll
MD5: 059a83d9a9ebee2e138ff51e66ad0a7e c:\program files\ati technologies\ati.ace\cli.aspect.devicecrt.graphics.shared.dll
MD5: acea819c4da7d0a7c07c6eb4bc561992 c:\program files\ati technologies\ati.ace\cli.aspect.devicecrt2.graphics.dashboard.dll
MD5: ebf0f2e3c1bbae35fdfa3848af4680dd c:\program files\ati technologies\ati.ace\cli.aspect.devicecrt2.graphics.runtime.dll
MD5: 0da00431c44f9e365fdb1a839fd61717 c:\program files\ati technologies\ati.ace\cli.aspect.devicecrt2.graphics.shared.dll
MD5: e0baadb8f49d4c725f1b15698acf68d9 c:\program files\ati technologies\ati.ace\cli.aspect.devicecv.graphics.dashboard.dll
MD5: df0e1b0b62b55e5095b115e2b5e8d881 c:\program files\ati technologies\ati.ace\cli.aspect.devicecv.graphics.runtime.dll
MD5: d4a1fcc8af827849c7b7dc41eba7ba8e c:\program files\ati technologies\ati.ace\cli.aspect.devicecv.graphics.shared.dll
MD5: a6110fc82078823cce279a5f70fdcba9 c:\program files\ati technologies\ati.ace\cli.aspect.devicecv2.graphics.dashboard.dll
MD5: 79d4c11451fa8adf4c8d9bba1e85c374 c:\program files\ati technologies\ati.ace\cli.aspect.devicecv2.graphics.runtime.dll
MD5: 1c5d8e9ab6d62aa8e72cc3bb14d743da c:\program files\ati technologies\ati.ace\cli.aspect.devicecv2.graphics.shared.dll
MD5: 6e30f625f9aa45ccf6a321975a5c0288 c:\program files\ati technologies\ati.ace\cli.aspect.devicedfp.graphics.dashboard.dll
MD5: acaa4f441e19c1100b839f96664fc0c9 c:\program files\ati technologies\ati.ace\cli.aspect.devicedfp.graphics.runtime.dll
MD5: 19bce801f7d157508c3dedf763af2f34 c:\program files\ati technologies\ati.ace\cli.aspect.devicedfp.graphics.shared.dll
MD5: 68b7ef71caba78b19927fe5a8ef35a69 c:\program files\ati technologies\ati.ace\cli.aspect.devicedfp2.graphics.dashboard.dll
MD5: 68359e66e26118a6d2723b3d66c5af22 c:\program files\ati technologies\ati.ace\cli.aspect.devicedfp2.graphics.runtime.dll
MD5: 59edde6e8da5fe2c5fe0717c95c0eeed c:\program files\ati technologies\ati.ace\cli.aspect.devicedfp2.graphics.shared.dll
MD5: c32cb8254160702594594dc33db29357 c:\program files\ati technologies\ati.ace\cli.aspect.devicelcd.graphics.dashboard.dll
MD5: a18e7293d2bb654e973740eb69b7b494 c:\program files\ati technologies\ati.ace\cli.aspect.devicelcd.graphics.runtime.dll
MD5: bb5091ae4ed7c6199bce6264d2fba617 c:\program files\ati technologies\ati.ace\cli.aspect.devicelcd.graphics.shared.dll
MD5: 1dd5efd616bdae99005838df786a82fa c:\program files\ati technologies\ati.ace\cli.aspect.devicelcd2.graphics.dashboard.dll
MD5: 63018c2e5a04bf17c8a8ae9a3630c714 c:\program files\ati technologies\ati.ace\cli.aspect.devicelcd2.graphics.runtime.dll
MD5: 10239f2da943562ff70aa4e5811c86d1 c:\program files\ati technologies\ati.ace\cli.aspect.devicelcd2.graphics.shared.dll
MD5: 731e5869179f601fffe3a335b2d44366 c:\program files\ati technologies\ati.ace\cli.aspect.deviceproperty.graphics.shared.dll
MD5: 296c9265ed2749ade0947c92a9d6616c c:\program files\ati technologies\ati.ace\cli.aspect.deviceproperty2.graphics.runtime.dll
MD5: 18359a8739381ba790a9687c735db08b c:\program files\ati technologies\ati.ace\cli.aspect.deviceproperty2.graphics.shared.dll
MD5: 7512d2e95ea572fb8a01bb5f1114e4ee c:\program files\ati technologies\ati.ace\cli.aspect.devicetv.graphics.dashboard.dll
MD5: 10239e1f2987fe383806b1a923c3c079 c:\program files\ati technologies\ati.ace\cli.aspect.devicetv.graphics.runtime.dll
MD5: 2bded6b1b06d817c725d9f60e63950bf c:\program files\ati technologies\ati.ace\cli.aspect.devicetv.graphics.shared.dll
MD5: 13dacb9d7d49da9da1eea2fa75baca40 c:\program files\ati technologies\ati.ace\cli.aspect.devicetv2.graphics.dashboard.dll
MD5: e27b95d6b3428957bfeac7e7ce788642 c:\program files\ati technologies\ati.ace\cli.aspect.devicetv2.graphics.runtime.dll
MD5: a86c7e763eab4d38ed698ba7981815b5 c:\program files\ati technologies\ati.ace\cli.aspect.devicetv2.graphics.shared.dll
MD5: 88f62c63a37b88f906cb77ce663248c8 c:\program files\ati technologies\ati.ace\cli.aspect.displayscolour.graphics.dashboard.dll
MD5: feda69c4bb60a35aa0ffe4ed6fc5ccda c:\program files\ati technologies\ati.ace\cli.aspect.displayscolour.graphics.runtime.dll
MD5: 5b5c9a2b73841d5fefa305c8de0bfc34 c:\program files\ati technologies\ati.ace\cli.aspect.displayscolour.graphics.shared.dll
MD5: a4e15a6d34244ee30012824a235b543e c:\program files\ati technologies\ati.ace\cli.aspect.displayscolour2.graphics.dashboard.dll
MD5: 82d71dcdff03d49988622f27948c0b2a c:\program files\ati technologies\ati.ace\cli.aspect.displayscolour2.graphics.runtime.dll
MD5: 1f8c84224a6336dda061391f22fa4569 c:\program files\ati technologies\ati.ace\cli.aspect.displayscolour2.graphics.shared.dll
MD5: 13ec1acd39b752053c2b4de1ca2f711d c:\program files\ati technologies\ati.ace\cli.aspect.displaysmanager.graphics.dashboard.dll
MD5: e585718d50d5b9455dec79d544f2ba38 c:\program files\ati technologies\ati.ace\cli.aspect.displaysoptions.graphics.dashboard.dll
MD5: 085d0ecde409abdf44394549e6a898d1 c:\program files\ati technologies\ati.ace\cli.aspect.displaysoptions.graphics.runtime.dll
MD5: 81220c073b2949615fbb8c175fbb9334 c:\program files\ati technologies\ati.ace\cli.aspect.displaysoptions.graphics.shared.dll
MD5: 87ddfecb7be2be772ac1544aea9d533f c:\program files\ati technologies\ati.ace\cli.aspect.hotkeyshandling.graphics.runtime.dll
MD5: 5f9efdc5a7fd750f415a36342cdff7ed c:\program files\ati technologies\ati.ace\cli.aspect.hotkeyshandling.graphics.shared.dll
MD5: 832cfb75eaf44e2c5141543014c7eba4 c:\program files\ati technologies\ati.ace\cli.aspect.infocentre.graphics.dashboard.dll
MD5: a744cd0b8002e76af4a75080c4b59d39 c:\program files\ati technologies\ati.ace\cli.aspect.infocentre.graphics.runtime.dll
MD5: bcb3658b8f54f577e5cecfa8947aa17f c:\program files\ati technologies\ati.ace\cli.aspect.infocentre.graphics.shared.dll
MD5: 6ea573a119200bff540db5c118888858 c:\program files\ati technologies\ati.ace\cli.aspect.integratedumaframebuffer.graphics.dashboard.dll
MD5: 804c6de787d05012b10cba414c78b7e8 c:\program files\ati technologies\ati.ace\cli.aspect.integratedumaframebuffer.graphics.runtime.dll
MD5: d645f66e6f3b2ba081222e0161f55b6e c:\program files\ati technologies\ati.ace\cli.aspect.integratedumaframebuffer.graphics.shared.dll
MD5: 92a5af95d72a962a74b54ef49c3e4238 c:\program files\ati technologies\ati.ace\cli.aspect.mmvideo.graphics.dashboard.dll
MD5: b222bcaaa4a4c44ebc3ab2aa41221c54 c:\program files\ati technologies\ati.ace\cli.aspect.mmvideo.graphics.runtime.dll
MD5: 0662ad664fadfb6c524b9a7079cd3780 c:\program files\ati technologies\ati.ace\cli.aspect.mmvideo.graphics.shared.dll
MD5: ede7702d25952d98f43ead09c5eabba8 c:\program files\ati technologies\ati.ace\cli.aspect.multivpu.graphics.dashboard.dll
MD5: 2a38b858adefdce91496c22a55690ea2 c:\program files\ati technologies\ati.ace\cli.aspect.multivpu.graphics.runtime.dll
MD5: 318393b85509d4f33403d9e1feedf4a4 c:\program files\ati technologies\ati.ace\cli.aspect.multivpu.graphics.shared.dll
MD5: d4001d43139a6d2e46ddb2f83a1cf7cc c:\program files\ati technologies\ati.ace\cli.aspect.multivpu2.graphics.dashboard.dll
MD5: 73009933736ff735163400ea5217ca5c c:\program files\ati technologies\ati.ace\cli.aspect.multivpu2.graphics.runtime.dll
MD5: 0eda627ffc8835dd6079a714dff31982 c:\program files\ati technologies\ati.ace\cli.aspect.multivpu2.graphics.shared.dll
MD5: 6e0124876d2ea4724b867bf44f659f5f c:\program files\ati technologies\ati.ace\cli.aspect.overdrive2.graphics.dashboard.dll
MD5: 6b789e8910f908e2a0e8596f3c539c0f c:\program files\ati technologies\ati.ace\cli.aspect.overdrive2.graphics.runtime.dll
MD5: b50257a38836a68f8264a5564af88b4d c:\program files\ati technologies\ati.ace\cli.aspect.overdrive2.graphics.shared.dll
MD5: d6cb3dd2a1309d2d843bdb5889934920 c:\program files\ati technologies\ati.ace\cli.aspect.overdrive3.graphics.dashboard.dll
MD5: ba45b94c2b33678dfb4a553cc7999f2f c:\program files\ati technologies\ati.ace\cli.aspect.overdrive3.graphics.runtime.dll
MD5: 5799e372b89dcbda84de704d46ba577b c:\program files\ati technologies\ati.ace\cli.aspect.overdrive3.graphics.shared.dll
MD5: 25a725380937088df0f53547dc6db59e c:\program files\ati technologies\ati.ace\cli.aspect.powerplay3.graphics.dashboard.dll
MD5: 74dfe1ef69c4ba3f076df9af6bfe1392 c:\program files\ati technologies\ati.ace\cli.aspect.powerplay3.graphics.runtime.dll
MD5: 20134459bb3211b8f055a1783b3acadd c:\program files\ati technologies\ati.ace\cli.aspect.powerplay3.graphics.shared.dll
MD5: 206c74856b60e2fa8651e4a8f1999901 c:\program files\ati technologies\ati.ace\cli.aspect.radeon3d.graphics.dashboard.dll
MD5: 85608ebf27359041252510198ccdae14 c:\program files\ati technologies\ati.ace\cli.aspect.radeon3d.graphics.runtime.dll
MD5: b8830d54a505b3b7fb69ebdccbd9b2ba c:\program files\ati technologies\ati.ace\cli.aspect.radeon3d.graphics.shared.dll
MD5: 5a270bf6e9e7e22b8a6c0bfffb70a654 c:\program files\ati technologies\ati.ace\cli.aspect.radeon3dlegacy.graphics.dashboard.dll
MD5: d652b9b8f9637e17f249155b498cd738 c:\program files\ati technologies\ati.ace\cli.aspect.radeon3dlegacy.graphics.runtime.dll
MD5: 64f181bab11b220701845f2485e738ec c:\program files\ati technologies\ati.ace\cli.aspect.radeon3dlegacy.graphics.shared.dll
MD5: 240c74c0a391cfcec65f461d88adcd91 c:\program files\ati technologies\ati.ace\cli.aspect.smartgart.graphics.dashboard.dll
MD5: 929c13e33736de4fedf2cb031c5a1f1b c:\program files\ati technologies\ati.ace\cli.aspect.smartgart.graphics.runtime.dll
MD5: a9a3a0bf7dfc528664d5fb0700302cb1 c:\program files\ati technologies\ati.ace\cli.aspect.smartgart.graphics.shared.dll
MD5: 9d6622e43acf72e727c16a5e01a6a29a c:\program files\ati technologies\ati.ace\cli.aspect.verylargedesktop.graphics.dashboard.dll
MD5: b5390d36aaca29fecfc795c2e756ebcc c:\program files\ati technologies\ati.ace\cli.aspect.verylargedesktop.graphics.runtime.dll
MD5: cd103b9548bef8670cff92c1547e40f0 c:\program files\ati technologies\ati.ace\cli.aspect.verylargedesktop.graphics.shared.dll
MD5: 5fe2fe516ef139c883b46b2cc9de9094 c:\program files\ati technologies\ati.ace\cli.aspect.videooverlay.graphics.dashboard.dll
MD5: 51381a260f6895dacee0e17d9127781b c:\program files\ati technologies\ati.ace\cli.aspect.videooverlay.graphics.runtime.dll
MD5: b635b9f4f7f856cd4bc0c4eef2a30c4d c:\program files\ati technologies\ati.ace\cli.aspect.videooverlay.graphics.runtime.shared.dll
MD5: 56d84fa1f928e117c262d7b65f3f5e69 c:\program files\ati technologies\ati.ace\cli.aspect.videooverlay.graphics.shared.dll
MD5: c7e85cad7bd3719e259752a801f5610e c:\program files\ati technologies\ati.ace\cli.aspect.vpurecover.graphics.dashboard.dll
MD5: b086c6a213cdf84a99a4c043f8b8b068 c:\program files\ati technologies\ati.ace\cli.aspect.vpurecover.graphics.runtime.dll
MD5: 903b99b6a9913b2f95d7bd10300d8789 c:\program files\ati technologies\ati.ace\cli.aspect.vpurecover.graphics.shared.dll
MD5: 968f7690b6c38ef3b74e2fb8d066f1f4 c:\program files\ati technologies\ati.ace\cli.aspect.welcome.local.dashboard.dll
MD5: a3fbfbad6a90d2c4882d200f0bd063f2 c:\program files\ati technologies\ati.ace\cli.aspect.workstationconfig.graphics.dashboard.dll
MD5: 92ca2420f47cefc70e90308b95affdfc c:\program files\ati technologies\ati.ace\cli.aspect.workstationconfig.graphics.runtime.dll
MD5: 9c0105b49d8964f7086406054edd135d c:\program files\ati technologies\ati.ace\cli.aspect.workstationconfig.graphics.shared.dll
MD5: 1cc4e5262cdd463d3479caa9559ccaf0 c:\program files\ati technologies\ati.ace\cli.caste.graphics.dashboard.dll
MD5: fcf2e01b5543b858d2376c3481670e7e c:\program files\ati technologies\ati.ace\cli.caste.graphics.dashboard.shared.dll
MD5: a6ec3d8ac89d0ef37c5e42b6ce8cf3b1 c:\program files\ati technologies\ati.ace\cli.caste.graphics.runtime.dll
MD5: ad5de80e05ced4e989de29ba7a11d021 c:\program files\ati technologies\ati.ace\cli.caste.graphics.shared.dll
MD5: b7297b68359652015797f15e8c49e6f8 c:\program files\ati technologies\ati.ace\cli.caste.local.dashboard.dll
MD5: f0c0e676583e351627b788e702b25e0c c:\program files\ati technologies\ati.ace\cli.component.dashboard.dll
MD5: 9905580902d1dd2b33cff1df807e1c33 c:\program files\ati technologies\ati.ace\cli.component.dashboard.shared.dll
MD5: 6ae1955e7cd0f7da5501512f37c9a882 c:\program files\ati technologies\ati.ace\cli.component.runtime.dll
MD5: c9989dd9fdb93d09f8242e6162378797 c:\program files\ati technologies\ati.ace\cli.component.runtime.shared.dll
MD5: ce1afc038f951ea9036095efdb769cc1 c:\program files\ati technologies\ati.ace\cli.component.systemtray.dll
MD5: 64c4c17bf6a40ff1cd21205e6fd415b8 C:\Program Files\ATI Technologies\ATI.ACE\CLI.EXE
MD5: 25351cf5c9da57a6a440d1f67b8c01a9 c:\program files\ati technologies\ati.ace\cli.foundation.clients.dll
MD5: 3332f3721229043d815bc073bd44647f c:\program files\ati technologies\ati.ace\cli.foundation.dll
MD5: c12f7ae3b504cfff4d0e55474bc35fe9 c:\program files\ati technologies\ati.ace\cli.foundation.xmanifestation.dll
MD5: 1aed93069789b8a4aa6ade394de1e437 c:\program files\ati technologies\ati.ace\cli.implementation.dll
MD5: aee912cc8ff3d5ed2dc00386cf37f698 c:\program files\ati technologies\ati.ace\dem.foundation.dll
MD5: a0c454c473758e64e8fd04628311af90 c:\program files\ati technologies\ati.ace\dem.graphics.dematiadapterinfo.dll
MD5: a9af2063d3d69e5a950e08bf1c25192c c:\program files\ati technologies\ati.ace\dem.graphics.dematidisplaysmanagersettings.dll
MD5: 481de1c2e4f51d8896b336eacdffe4bc c:\program files\ati technologies\ati.ace\dem.graphics.demdevicecommon2settings.dll
MD5: 46a151c310ca4936f8d5cae7f5c755be c:\program files\ati technologies\ati.ace\dem.graphics.demdevicecommonsettings.dll
MD5: f56d6b2758a026a8fa314bebb7f0fe23 c:\program files\ati technologies\ati.ace\dem.graphics.demdevicecomponentvideosettings.dll
MD5: fecb29ae795f627bb5c282881bb6ca58 c:\program files\ati technologies\ati.ace\dem.graphics.demdevicecrtsettings.dll
MD5: cf819d7d708eb15c7b98d78baee845f5 c:\program files\ati technologies\ati.ace\dem.graphics.demdevicedfp2settings.dll
MD5: e5e59613032f06397b1d822cc5fbdd36 c:\program files\ati technologies\ati.ace\dem.graphics.demdevicedfpsettings.dll
MD5: d34619c8b0d23e43b21a00aa8d9d8ccb c:\program files\ati technologies\ati.ace\dem.graphics.demdevicelcdsettings.dll
MD5: 09fd3a1378ca2d3e3ccd7d794ada5d2b c:\program files\ati technologies\ati.ace\dem.graphics.demdevicetv2settings.dll
MD5: eccaea37bddf98bead6af52b269a3104 c:\program files\ati technologies\ati.ace\dem.graphics.demdevicetvsettings.dll
MD5: 4e6b819804791d4f44eed0e10c969735 c:\program files\ati technologies\ati.ace\dem.graphics.demdisplayscoloursettings.dll
MD5: 0c2505cc6f10776784dc1f4d099b18ad c:\program files\ati technologies\ati.ace\dem.graphics.demdisplaysmanageroptionssettings.dll
MD5: 5a75a717ed1ca025835623e3d119c0a2 c:\program files\ati technologies\ati.ace\dem.graphics.demdriversettings.dll
MD5: 41066346658a427ccd1b6b7b0e8de43d c:\program files\ati technologies\ati.ace\dem.graphics.demmultivpusettings.dll
MD5: 78552993a1719d8ea888fca1b9685aba c:\program files\ati technologies\ati.ace\dem.graphics.demosadapterinfo.dll
MD5: 76802d95f33e95a0bb3918069bed016f c:\program files\ati technologies\ati.ace\dem.graphics.demosinfo.dll
MD5: 829f22cfee073e06495f222ef5db500a c:\program files\ati technologies\ati.ace\dem.graphics.demosmodeinfo.dll
MD5: f5af73b3fef5db1eb21c49c8d8fe07cb c:\program files\ati technologies\ati.ace\dem.graphics.demoverdrive3settings.dll
MD5: 51d3de9a6864f5b56e11354b4786e7bd c:\program files\ati technologies\ati.ace\dem.graphics.demoverdrivesettings.dll
MD5: 533a2839e97d636b1d8eee486d34fea6 c:\program files\ati technologies\ati.ace\dem.graphics.dempowerplaysettings.dll
MD5: 4e0dc55569b88773e083b39ad0133fbc c:\program files\ati technologies\ati.ace\dem.graphics.demsmartgartsettings.dll
MD5: 3441a5a6db9e2a63e61035b8d3b29519 c:\program files\ati technologies\ati.ace\dem.graphics.demumaframebuffersettings.dll
MD5: 764b659a4afd9a886a7c5cffe4e7f8d5 c:\program files\ati technologies\ati.ace\dem.graphics.demverylargedesktopsettings.dll
MD5: aead5abf417135ece004936ba7a5abab c:\program files\ati technologies\ati.ace\dem.graphics.demvideooverlaysettings.dll
MD5: eceaa67a27611e083c6e563013d196fb c:\program files\ati technologies\ati.ace\dem.graphics.demvideotheatermodesettings.dll
MD5: 3d260fa0fd7a745b1f510c1c0dcf2274 c:\program files\ati technologies\ati.ace\dem.graphics.demvpurecoverinfo.dll
MD5: 39ab7193f062c707f12570e3f9969830 c:\program files\ati technologies\ati.ace\dem.graphics.displaysmanager.shared.dll
MD5: 8f09b070edde749b8ab4ec477c841047 c:\program files\ati technologies\ati.ace\dem.graphics.mmdeintlacingsettings.dll
MD5: 8965373ead0be01fa2dd8b61fa6a4d75 c:\program files\ati technologies\ati.ace\dem.graphics.mmoverlaysettings.dll
MD5: 8a054e892ecf60dbb9cd1927b80a8df3 c:\program files\ati technologies\ati.ace\dem.graphics.videooverlay.shared.dll
MD5: 898c4a768fc18029e7ea8a1214fefd50 c:\program files\ati technologies\ati.ace\dem.graphics.workstationsettings.dll
MD5: 5f9c99263b7f49ebe2242adf33ea1fe3 c:\program files\ati technologies\ati.ace\log.foundation.dll
MD5: cf71191b07c77b3e3457a83011a9ae98 c:\program files\ati technologies\ati.ace\log.foundation.service.dll
MD5: 41bb4ee815dd5ab9d0cb521522f816f0 c:\program files\ati technologies\ati.ace\log.foundation.shared.dll
MD5: ba2f8e8ab6c96649d19f1e35df7347a5 C:\Program Files\Common Files\Ahead\lib\log4cxx.dll
MD5: bcad5e1b6292267d15331ff15ef46918 C:\Program Files\Common Files\Ahead\lib\MediaLibraryNSE.dll
MD5: f35a584e947a5b401feb0fe01db4a0d7 C:\Program Files\Common Files\Ahead\Lib\MFC71.DLL
MD5: 26dba338263661fe10808a749e3ac90b C:\Program Files\Common Files\Ahead\Lib\NeroDigitalExt.dll
MD5: ce90ecbe3e3f9e174cae41a7a8b53b21 C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe
MD5: fff39154ad4443b614ecfc2ef703c785 C:\Program Files\Common Files\Ahead\lib\NMCoFoundation.dll
MD5: 06279a5653b0047b8cc57c39ed2ee56b C:\Program Files\Common Files\Ahead\lib\NMDataServices.dll
MD5: 2be542e105fd61591df67591e3b958e0 C:\Program Files\Common Files\Ahead\lib\NMLogCxx.dll
MD5: 81226df57a3fb609458622d746672bd8 C:\Program Files\Common Files\Ahead\lib\NMPluginBase.dll
MD5: 670d7e3cfc11a59bac49da981aeec568 C:\Program Files\Common Files\Ahead\lib\NMVDS.dll
MD5: 995beb69ae5c50d354894354f5a6cd5a C:\Program Files\Common Files\Java\Java Update\JUSCHED.EXE
MD5: 80415c2fe171b6aa8a16e182a163a86c C:\Program Files\Common Files\Logitech\LVMVFM\LVPrcInj.dll
MD5: 6d86a534081afafb906862cfb8ddc7cb C:\Program Files\Common Files\Logitech\LVMVFM\LVPrcSrv.exe
MD5: 6f913d0362e258f7a0e19d1dcbf636f4 C:\Program Files\Common Files\Symantec Shared\ccAlert.dll
MD5: 6e6648b523a012933562718645da118b C:\Program Files\Common Files\Symantec Shared\ccApp.exe
MD5: bc23af7afe69cdeebee5d336870d8bb1 C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
MD5: 0246a7d5d4e16d03eeac9eaf89bcc94f C:\Program Files\Common Files\Symantec Shared\ccL30.dll
MD5: e48b95449eef790d3b084da598ecd5b4 C:\Program Files\Common Files\Symantec Shared\ccL35.dll
MD5: 082cf774c3951d305206165ad5169d61 C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
MD5: caba1dd2f763b3ab8767c9aed2f5b68a C:\Program Files\Common Files\Symantec Shared\ccpd-lc\symlctnk.dll
MD5: bad273291f28ad113581a00f1bfc5b00 C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
MD5: 1ce06c0c1c4ccee4e87893b6586d9939 C:\Program Files\Common Files\Symantec Shared\ccSet.dll
MD5: af7d5f473ebb53953617ea39939605a6 C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
MD5: 2ff023ba1a12c96436b7b3714ab3e868 C:\Program Files\Common Files\Symantec Shared\ccVrTrst.dll
MD5: 1e2abad6ce80afc062ba00142aaf31b3 C:\Program Files\Common Files\System\ado\msado15.dll
MD5: af9c8df96c7335acdd3ff89955a9f6d6 C:\Program Files\Common Files\System\msadc\msadce.dll
MD5: 9cf8487163126c46e9ae6d6444ef236f C:\Program Files\Common Files\System\msadc\msadcer.dll
MD5: 021401bc75e4d90bf009346f338a0d46 C:\Program Files\Common Files\System\Ole DB\msdasql.dll
MD5: 3307d9fdfb35bcfe6c9aef5029a553c8 C:\Program Files\Common Files\System\Ole DB\MSDASQLR.DLL
MD5: 1b6e085675702610d7cd516711936bdf C:\Program Files\Common Files\System\Ole DB\MSDATL3.dll
MD5: ade4b6227d22df66b94c69d13574ec45 C:\Program Files\Common Files\System\Ole DB\oledb32.dll
MD5: 48720d81d0d22372f8f12cf05a19e0d0 C:\Program Files\Common Files\System\Ole DB\OLEDB32R.DLL
MD5: 652b4e6919ab957e202057fd60d1b42a C:\Program Files\CyberLink\PowerDVD9\CLRCEngine3.dll
MD5: 3a8a48ab9cf9ab2e2c3bf3af40caabaf C:\Program Files\CyberLink\PowerDVD9\Language\Language.exe
MD5: f5fba8724de219e96d9abaf4772d31a3 C:\Program Files\CyberLink\PowerDVD9\PDVD9Serv.exe
MD5: b196ad6815800558ecbbb8f5de06fabb C:\Program Files\CyberLink\Shared Files\BRS.EXE
MD5: a76cddb6d1f25797843e2557a2118e2e C:\Program Files\CyberLink\Shared Files\RichVideo.exe
MD5: aa60af12292cf97b4b9e35af88cabe62 C:\Program Files\D-Tools\DAEMON.EXE
MD5: 8ccf709953bc732c82724fd71d1c38f7 C:\Program Files\D-Tools\PFCTOC.DLL
MD5: 56ded3ade453272e6a0ad582d945d1a4 C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
MD5: 18697c1fdbe751ae52dd4edb3e9025f9 C:\Program Files\Intel\Wireless\Bin\IntStngs.dll
MD5: f5fcf2b4068dde641d16bf4b2e877c95 C:\Program Files\Intel\Wireless\Bin\IWMSPROV.DLL
MD5: 2ca3bda4edb557f8426ee46650d2c441 C:\Program Files\Intel\Wireless\Bin\LIBEAY32.dll
MD5: 1175911e055430e3119f06812e1fa8b8 C:\Program Files\Intel\Wireless\Bin\PsRegApi.dll
MD5: 1b2857ef12d79a9f9adba14b0637cbf8 C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
MD5: 6c5155cc0e805c7be6028bff7ac14524 C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
MD5: f9f696ab4f62d0281ed6380b50c0bdb0 C:\Program Files\Intel\Wireless\Bin\TraceAPI.DLL
MD5: ad7125bc367bdc060729984ec2e5377a C:\Program Files\Internet Explorer\ieproxy.dll
MD5: 33a01e8184ebba4f4ca143201cbef9b9 C:\Program Files\Internet Explorer\plugins\NPEvery.dll
MD5: 47500e1fa6c9be6b7b30d62ac06b43be C:\Program Files\Internet Explorer\plugins\NPExpFTP.dll
MD5: 865250e2742e49c02b0c4307ab042478 C:\Program Files\Internet Explorer\plugins\nppdf32.dll
MD5: bb0ee0c172e3d626263299ef1832fd40 C:\Program Files\Internet Explorer\xpshims.dll
MD5: b934c6670e6793d89c6a81669c82b210 C:\Program Files\iWin Games\iWinTrusted.exe
MD5: 1d45a7ff7949628d466e0e884eecaa85 C:\Program Files\Launch Manager\CDROMUTL.DLL
MD5: d235c8efa37fb2cee1811315f82db9e2 C:\Program Files\Launch Manager\COMFNUTL.DLL
MD5: 83d14f5fdb2366e93364a22dfe3e8c37 C:\Program Files\Launch Manager\DialCnt.dll
MD5: e65739c8338665d8768af12fcb8d8276 C:\Program Files\Launch Manager\HokHIDKC.dll
MD5: 0edf40e039d92ea5eb26bf01be9ecc50 C:\Program Files\Launch Manager\LGKCUTL.DLL
MD5: 8e3122a02c3981a9681c814e2ae102f1 C:\Program Files\Launch Manager\MIXERUTL.DLL
MD5: 5d7989ba01090e76b5cc3296baa0275c C:\Program Files\Launch Manager\MMDUtl.dll
MD5: 53efad61c380253e82fdbb03b9b90af3 C:\Program Files\Launch Manager\OSDUTL.DLL
MD5: fe267743009a86b0a319cc61f177fa5e C:\Program Files\Launch Manager\QtZgAcer.EXE
MD5: 5a1822b18fee8807eb7eb33ba8cf9b0f C:\Program Files\Launch Manager\RGNMAKER.DLL
MD5: 35eafa4f987a2b05f110c54173836066 C:\Program Files\Launch Manager\SZUPFUTL.DLL
MD5: b940bca9cdd77e1103b50a86564dae63 C:\Program Files\Launch Manager\USBKCUtl.dll
MD5: c9a8f1d76f468eb1c6e05949f5485b0d C:\Program Files\Launch Manager\WND2FILE.DLL
MD5: 64cc5502c69fc6d67735c10cb579c548 C:\Program Files\Malwarebytes' Anti-Malware\mbam.dll
MD5: 0d4f461d515bb1c933533c712d99e75b C:\Program Files\Malwarebytes' Anti-Malware\mbamcore.dll
MD5: 55b8c7b701c4d1b0c479f3ffea83850f C:\Program Files\Malwarebytes' Anti-Malware\mbamext.dll
MD5: 1b82bcf0b8f9228b39f75b0dfa079a21 C:\Program Files\Malwarebytes' Anti-Malware\MBAMGUI.EXE
MD5: 60721aa3316a200a8de23f1c502382fd C:\Program Files\Malwarebytes' Anti-Malware\mbamnet.dll
MD5: ba400ed640bca1eae5c727ae17c10207 C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
MD5: 2e0cea79226873b3566e03a298938569 C:\Program Files\Maxis Broadband\AddrBookPlugin.dll
MD5: 2432bf104c3ffd3b45dee93f6f258766 C:\Program Files\Maxis Broadband\AddrBookUIPlugin.dll
MD5: 19ddd9eb0e2310b3b2ce5cc3a47c28c9 C:\Program Files\Maxis Broadband\atcomm.dll
MD5: 286865bfeafdeab80df8c667d8cd0e2e C:\Program Files\Maxis Broadband\ConfigFilePlugin.dll
MD5: a887368f15d5f4b202ede5216d10435e C:\Program Files\Maxis Broadband\Container.dll
MD5: 09fe2a084cbad9bdf04b86aaef8407ca C:\Program Files\Maxis Broadband\DetectDev.dll
MD5: 39464fe52e79712a58136520b1a0dcfb C:\Program Files\Maxis Broadband\DeviceMgrPlugin.dll
MD5: 93ab29b8b8a80c6087109c33acee07ef C:\Program Files\Maxis Broadband\DeviceMgrUIPlugin.dll
MD5: 6f26cae99558e7ea10caad2f32921ee6 C:\Program Files\Maxis Broadband\DeviceOperate.dll
MD5: 8edac341e5cf8cedae2909335f93bba0 C:\Program Files\Maxis Broadband\DialUpPlugin.dll
MD5: db763682d3828cf8d0796668de9a05ed C:\Program Files\Maxis Broadband\DialupUIPlugin.dll
MD5: 8636338523933065e547d2c648ae339d C:\Program Files\Maxis Broadband\FileManager.dll
MD5: 28a5dc01992d01a2006fd72b869e2691 C:\Program Files\Maxis Broadband\isaputrace.dll
MD5: ccabf54db0ea1c92a2dd7f7854355e93 C:\Program Files\Maxis Broadband\LayoutPlugin.dll
MD5: 29dec34ec2c7300e601fe34336055acb C:\Program Files\Maxis Broadband\LiveUpdateInterface.dll
MD5: 86802525ac9f10a12b788c69bf8702dd C:\Program Files\Maxis Broadband\LocaleMgrPlugin.dll
MD5: 5782fea4002856b8d79033bf853c0567 C:\Program Files\Maxis Broadband\Maxis Broadband.exe
MD5: 69ab4f9c12dea5dd794c7b97e9564779 C:\Program Files\Maxis Broadband\MediatorMessage32.dll
MD5: 4a4bbc84fa394f8f85625b8998e3d1a0 C:\Program Files\Maxis Broadband\MenuMgrPlugin.dll
MD5: e61c0abbf893be5a2af4b52616f5cec1 C:\Program Files\Maxis Broadband\NDISAPI.dll
MD5: 26be70c2269893edcf7c6212c38aac39 C:\Program Files\Maxis Broadband\NDISPlugin.dll
MD5: fc32e2bd6e1030cdceca9c86b5b6a17c C:\Program Files\Maxis Broadband\NetConnectPlugin.dll
MD5: 2d204f563326e05c944335548309650f C:\Program Files\Maxis Broadband\NetInfoPlugin.dll
MD5: df3d4cc05d5156e1a1a12c570d70c8a9 C:\Program Files\Maxis Broadband\NetInfoUIExPlugin.dll
MD5: 800e27372819aee81d698c9dbedaeebb C:\Program Files\Maxis Broadband\NotifyServicePlugin.dll
MD5: 07bdc7d0a36d3258abac98d4d250baeb C:\Program Files\Maxis Broadband\SkinMagicExU.dll
MD5: 1a85bcaaeb83e7dec1ef30c69c5a9444 C:\Program Files\Maxis Broadband\SkinMagicU.dll
MD5: 01616c96a57e6402e4e930c07a8f22d5 C:\Program Files\Maxis Broadband\SMSPlugin.dll
MD5: 10d1589fc9d46e4d6541b720a16a9b98 C:\Program Files\Maxis Broadband\SMSUIPlugin.dll
MD5: 4adb50c5b6366aa025e0e6fa38e8fb0e C:\Program Files\Maxis Broadband\StatusBarMgrPlugin.dll
MD5: 81706f64cef4565a19cb895faf2b6ea3 C:\Program Files\Maxis Broadband\ThirdAppPlugin.dll
MD5: 250e105d5e547064d404ee832e654e00 C:\Program Files\Maxis Broadband\ToolBarMgrPlugin.dll
MD5: 31a78db3e688cebf6febc1798ae8ccdc C:\Program Files\Maxis Broadband\TracePlugin.dll
MD5: d48c2468816b486f15f05b03aae68557 C:\Program Files\Maxis Broadband\UpdateDog\ouc.exe
MD5: bca5574c1ca72e20c3978095d17528d2 C:\Program Files\Maxis Broadband\USSDUIPlugin.dll
MD5: 385a11567248298604c557e998c8a66e C:\Program Files\Maxis Broadband\XCodec.dll
MD5: 8e8d6c2ecdf4453072468684f5fad88f C:\Program Files\Maxis Broadband\XFramePlugin.dll
MD5: 49c4cb0a7ee5b886e65a50f62e60ad7c C:\Program Files\Megaupload\Mega Manager\MegaIEMn.dll
MD5: f2e9669f7cb018d23adc2a1a7a5ce208 C:\Program Files\Messenger\MSMSGS.EXE
MD5: ad1ef0d3851b0dccee790a22de0ae9d7 C:\Program Files\Mozilla Firefox\components\browserdirprovider.dll
MD5: 9a856027bc0074f339182a01d1de1402 C:\Program Files\Mozilla Firefox\components\brwsrcmp.dll
MD5: 0e20a3213ed010fc4997d1ef48082abc C:\Program Files\Mozilla Firefox\firefox.exe
MD5: e72b70c57c4229d339fe110951932392 C:\Program Files\Mozilla Firefox\freebl3.dll
MD5: 0c3629d8c864293e00ef773598c397f4 C:\Program Files\Mozilla Firefox\js3250.dll
MD5: b4f38f81a2b96b4e5229a508b20dbbff C:\Program Files\Mozilla Firefox\MOZCPP19.dll
MD5: 614c1cea5742d24415cc84073a262f8a C:\Program Files\Mozilla Firefox\MOZCRT19.dll
MD5: caf3bcbbb924303e6a944b6c2f135150 C:\Program Files\Mozilla Firefox\nspr4.dll
MD5: 6ebc73e4bcccb53829bd0afe58ba3c08 C:\Program Files\Mozilla Firefox\nss3.dll
MD5: 0fd14c90a688ce3280955cb21e1a69f2 C:\Program Files\Mozilla Firefox\nssckbi.dll
MD5: 3d07aceebe516a561767117c43088f2c C:\Program Files\Mozilla Firefox\nssdbm3.dll
MD5: 58936815d47261ed9cadbd4beef6b4b4 C:\Program Files\Mozilla Firefox\nssutil3.dll
MD5: 1e621fcce1987fc8d532d09433fb3645 C:\Program Files\Mozilla Firefox\plc4.dll
MD5: 9ce668c4705bfa3d1d8a784c4c8e8a94 C:\Program Files\Mozilla Firefox\plds4.dll
MD5: 41250b1a04941764c2fb253dbbeb882b C:\Program Files\Mozilla Firefox\plugins\np32dsw.dll
MD5: 50662ddf8b91920a2fe413379dcba969 C:\Program Files\Mozilla Firefox\plugins\npBFPlugin.dll
MD5: c7a101e426aca6d88935db2c877df69c C:\Program Files\Mozilla Firefox\plugins\npBitCometAgent.dll
MD5: 4c5191e946ef47c7267c8fac30c1c668 C:\Program Files\Mozilla Firefox\plugins\npnul32.dll
MD5: df057815768c8e19c114dde078eea57d C:\Program Files\Mozilla Firefox\smime3.dll
MD5: 2935447938967fdd07dd9118dfb4afb2 C:\Program Files\Mozilla Firefox\softokn3.dll
MD5: 449286fea69f9925c271ce9f85c7f025 C:\Program Files\Mozilla Firefox\sqlite3.dll
MD5: 609d546a6411df2627278d9c9779a397 C:\Program Files\Mozilla Firefox\ssl3.dll
MD5: 469b67852f155b3abdbd07556acc77d4 C:\Program Files\Mozilla Firefox\xpcom.dll
MD5: 55abadc3ad83b104327ffc64170f94c8 C:\Program Files\Mozilla Firefox\xul.dll
MD5: e9326059c9d45700654ea5f31d991624 C:\Program Files\Nero\Nero 7\Nero BackItUp\NBShell.dll
MD5: 8ae453da46c9a39c12928447da968cfa C:\Program Files\Norton Ghost\Agent\DrmLicense.dll
MD5: 8810d0d4ca3862041f3c5fe41f8d2502 C:\Program Files\Norton Ghost\Agent\GEARAW32.dll
MD5: d1ffdd48cbd7d9b89ef3c6e9c338e251 C:\Program Files\Norton Ghost\Agent\GhostTray.exe
MD5: 5d6bbc17d1adb9d3aa0051aaa54f5eb6 C:\Program Files\Norton Ghost\Agent\gwlangEN.dll
MD5: e3f138cd276d39901267c81dde42f16a C:\Program Files\Norton Ghost\Agent\gwrks32.dll
MD5: df9b825e412f339db68cfdef70f9f920 C:\Program Files\Norton Ghost\Agent\VProImaging.dll
MD5: 4d23764108e00485452a98c1a9bd1c47 C:\Program Files\Norton Ghost\Agent\VProSme.dll
MD5: 371f4f6f9ec867eaaa57a64fae8d4956 C:\Program Files\Norton Ghost\Agent\VProSvc.exe
MD5: d7e55252aaa66b570199c300c695e833 C:\Program Files\Norton Ghost\GhostCompBR.dll
MD5: 43f8f926cddc1f603b4aa2505d70c56b C:\Program Files\Norton Ghost\GhostProdBR.dll
MD5: 52072993c57861e1710075a298c4caf4 C:\Program Files\Norton Ghost\GhostSte.dll
MD5: 47f44f40a04fc44796daa99b1514afa8 C:\Program Files\Norton Ghost\shared\ErrorGui.dll
MD5: 2c9344e5113f11df195931d9719d7b95 C:\Program Files\Norton Ghost\Shared\NotifyHandler.dll
MD5: 1612fbd2880428817b7e4e95ec05994e C:\Program Files\Norton Ghost\Shared\VProAuto.dll
MD5: 894c6e07b0d59442a92355dbd3888424 C:\Program Files\Norton Ghost\Shared\VProObj.dll
MD5: e6295b067fbacb89dc73b3dbcd2aee92 C:\Program Files\Norton Ghost\Shared\VProScheduler.dll
MD5: 3621319a694c389624ccf6eee8fd5018 C:\Program Files\OpenOffice.org 2.0\program\basegfx680mi.dll
MD5: 489f0661030af1be7e473729c869a617 C:\Program Files\OpenOffice.org 2.0\program\behelper.uno.dll
MD5: 83023024312cc3ea56f3349a43f58334 C:\Program Files\OpenOffice.org 2.0\program\comphelp4MSC.dll
MD5: 13351c43dd41d18350535d14a6d69bba C:\Program Files\OpenOffice.org 2.0\program\configmgr2.uno.dll
MD5: 5d0aea9306e3d317426fece2aee47b3e C:\Program Files\OpenOffice.org 2.0\program\cppu3.dll
MD5: f28ba8b9cb7593ec39bb25d5cf999d05 C:\Program Files\OpenOffice.org 2.0\program\cppuhelper3MSC.dll
MD5: 74dd8189e90f897c2a80f94dd66de44b C:\Program Files\OpenOffice.org 2.0\program\emser680mi.dll
MD5: d49cc5274c1499641f6d589d7b484c74 C:\Program Files\OpenOffice.org 2.0\program\fwe680mi.dll
MD5: 9add41703c43963719374f62220bb59c C:\Program Files\OpenOffice.org 2.0\program\fwi680mi.dll
MD5: 7ba5d0420888ee19556bcaffe0e124d8 C:\Program Files\OpenOffice.org 2.0\program\fwk680mi.dll
MD5: 3a1ec4ca1a4593957541f7261a12e9e9 C:\Program Files\OpenOffice.org 2.0\program\fwl680mi.dll
MD5: 83360c1f5e3530986dd16ed6617978e5 C:\Program Files\OpenOffice.org 2.0\program\icudt26l.dll
MD5: 4bcbcac0f44df065e80a591faa6819d0 C:\Program Files\OpenOffice.org 2.0\program\icuuc26.dll
MD5: fc9480f3a0ab9c99af8dd8f9d7b75910 C:\Program Files\OpenOffice.org 2.0\program\implreg.uno.dll
MD5: 195893e483a940f9c64123d5f0f744b6 C:\Program Files\OpenOffice.org 2.0\program\j680mi_g.dll
MD5: 23d04b688114571fbdc7e7b883fd1e89 C:\Program Files\OpenOffice.org 2.0\program\jvmaccess3MSC.dll
MD5: 6b9612c9a4ff4103ea3219d8304583bc C:\Program Files\OpenOffice.org 2.0\program\jvmfwk3.dll
MD5: 18997b085549ce65a35945344940b7e1 C:\Program Files\OpenOffice.org 2.0\program\libxml2.dll
MD5: 5a23b0fa32cc544f671d2531ef59ce4a C:\Program Files\OpenOffice.org 2.0\program\localebe1.uno.dll
MD5: 3332de5887842a284a42d2e3e9093bcd C:\Program Files\OpenOffice.org 2.0\program\msci_uno.dll
MD5: c44f60717fec4f8e6490ae2c5140c06e C:\Program Files\OpenOffice.org 2.0\program\nestedreg.uno.dll
MD5: 9e983e1b1449cce24a07281b8dc77146 C:\Program Files\OpenOffice.org 2.0\program\oleautobridge.uno.dll
MD5: c3b5d14dd01aca68d0a2632dba5b735f C:\Program Files\OpenOffice.org 2.0\program\quickstart.exe
MD5: 157cbf5bf7fbde4ab3e452c3c33341e3 C:\Program Files\OpenOffice.org 2.0\program\reg3.dll
MD5: 9052625626b85253765f2826d1df3d7a C:\Program Files\OpenOffice.org 2.0\program\regtypeprov.uno.dll
MD5: c2d2297a3f39c9cc3c210549d98f4f2c C:\Program Files\OpenOffice.org 2.0\program\sal3.dll
MD5: 742a18dae214ae9151609858f4c38a97 C:\Program Files\OpenOffice.org 2.0\program\salhelper3MSC.dll
MD5: 7893519e98d1b6fa110bd1a2b6c332bc C:\Program Files\OpenOffice.org 2.0\program\sax.uno.dll
MD5: ee7a2b40fe13a5ee0c730d4c7fb9264a C:\Program Files\OpenOffice.org 2.0\program\sb680mi.dll
MD5: 368076e4398ed4c5486e42df9be5463f C:\Program Files\OpenOffice.org 2.0\program\security.uno.dll
MD5: 54bfeb9529355247bf5ed5bca2fb2b09 C:\Program Files\OpenOffice.org 2.0\program\servicemgr.uno.dll
MD5: 0c858df79ce2ae5d37393df430ae3c0f C:\Program Files\OpenOffice.org 2.0\program\sfx680mi.dll
MD5: 7ef297ae348d4f87c252768f2b7cf2f8 C:\Program Files\OpenOffice.org 2.0\program\shlibloader.uno.dll
MD5: 1c21b0b726b8c545850401179f6a7eaf C:\Program Files\OpenOffice.org 2.0\program\shlxthdl.dll
MD5: 983ae05caf2ea107081e350d9168d208 C:\Program Files\OpenOffice.org 2.0\program\simplereg.uno.dll
MD5: 5c03af18ffc78e7e931cc9fab1d7ff79 C:\Program Files\OpenOffice.org 2.0\PROGRAM\soffice.BIN
MD5: 3e2611c865ace50bbb0a1901f42c92e3 C:\Program Files\OpenOffice.org 2.0\PROGRAM\SOFFICE.EXE
MD5: 7e93a77e6c7db307390a7150fdbca3f4 C:\Program Files\OpenOffice.org 2.0\program\sot680mi.dll
MD5: ef25f7162b67680f6a9068f378427941 C:\Program Files\OpenOffice.org 2.0\program\spl680mi.dll
MD5: 2f062c7e342d027eee9f0619f2210bae C:\Program Files\OpenOffice.org 2.0\program\stlport_vc7145.dll
MD5: 944eb177b36bb66488c7717a2f08b2b3 C:\Program Files\OpenOffice.org 2.0\program\store3.dll
MD5: 7363c79525a9797021a75a98b99f5098 C:\Program Files\OpenOffice.org 2.0\program\svl680mi.dll
MD5: 26db58f799aeacf2499a5ebf663a8a60 C:\Program Files\OpenOffice.org 2.0\program\svt680mi.dll
MD5: aab61838e6c65d35fa1cbd1f6c3d2936 C:\Program Files\OpenOffice.org 2.0\program\sysmgr1.uno.dll
MD5: 42e15e5a39aef31503b52be8834cf85b C:\Program Files\OpenOffice.org 2.0\program\tk680mi.dll
MD5: 28ef70fdf565c03863d2b13ecb4724c5 C:\Program Files\OpenOffice.org 2.0\program\tl680mi.dll
MD5: beca0271bb4a94e185f6f21240232d8a C:\Program Files\OpenOffice.org 2.0\program\typeconverter.uno.dll
MD5: 14d3a664b0b1ca800f2c606e32d455ed C:\Program Files\OpenOffice.org 2.0\program\typemgr.uno.dll
MD5: 85655d7d8ba8eb844f31d08aae5ef619 C:\Program Files\OpenOffice.org 2.0\program\ucb1.dll
MD5: 5d18fe554a3540e205cea36ea7f2bdc2 C:\Program Files\OpenOffice.org 2.0\program\ucbhelper3MSC.dll
MD5: 9f4e0723378597adda930c8b0202d6a4 C:\Program Files\OpenOffice.org 2.0\program\ucpfile1.dll
MD5: 6a631bfcf5915d24c03a28eadaa31f56 C:\Program Files\OpenOffice.org 2.0\program\uriproc.uno.dll
MD5: fec44af9629464427a0c7d7a593a8c43 C:\Program Files\OpenOffice.org 2.0\program\utl680mi.dll
MD5: 232fe1474fb87caea1a3438407d6f2a6 C:\Program Files\OpenOffice.org 2.0\program\uwinapi.dll
MD5: 8862c42b8617c555c28cf369a9999e10 C:\Program Files\OpenOffice.org 2.0\program\vcl680mi.dll
MD5: 15b6ed13342f8b9f5fc81e6009d8cfeb C:\Program Files\OpenOffice.org 2.0\program\vos3MSC.dll
MD5: 8c9b5e0a3fe59d557d6dfcde3e553850 C:\Program Files\OpenOffice.org 2.0\program\xcr680mi.dll
MD5: 7a1e2af50ddcdd49c114c1099dbef6e1 C:\Program Files\Oracle\JavaFX 2.1 Runtime\bin\dtplugin\npDeployJava1.dll
MD5: 49f948cc887587ca8f933cb0b6f2c8ac C:\Program Files\Oracle\JavaFX 2.1 Runtime\bin\jp2ssv.dll
MD5: c2c1660ddcc9bd67eb98d6d5f91c107f C:\Program Files\Oracle\JavaFX 2.1 Runtime\BIN\JQS.EXE
MD5: 67ec459e42d3081dd8fd34356f7cafc1 C:\Program Files\Oracle\JavaFX 2.1 Runtime\bin\MSVCR100.dll
MD5: d0da6b2fb50a0667cf4bacc2aefea009 C:\Program Files\Oracle\JavaFX 2.1 Runtime\bin\plugin2\npjp2.dll
MD5: cc5835e8f89b4355bcca3b2603ac0679 C:\Program Files\Oracle\JavaFX 2.1 Runtime\bin\ssv.dll
MD5: ae9c7c99459764d840e276dafb65678e C:\Program Files\Pando Networks\Media Booster\npPandoWebPlugin.dll
MD5: b421d945d2ef1be777c7b98202f7d176 C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
MD5: b7d8633826441c6b01a9f38a92246994 C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
MD5: 6d3ea768af4587289b2934b891c77920 C:\Program Files\WIDCOMM\Bluetooth Software\BIN\BTWDINS.EXE
MD5: cb4c9a6b1353167578b813de929b7161 C:\Program Files\Windows NT\Accessories\WORDPAD.EXE
MD5: f11fe030158f8ef14a56a3ea9e9bd47d C:\Program Files\WinRAR\rarext.dll
MD5: 2846ca52c829755ac22f04313409d25a C:\WINDOWS\Alaunch.exe
MD5: fb537f29a827d78f756154cf397a113f C:\WINDOWS\AppPatch\AcGenral.DLL
MD5: bcf15390de7368639c593735bf938d7a c:\windows\assembly\gac\system.drawing\1.0.5000.0__b03f5f7f11d50a3a\system.drawing.dll
MD5: 7a9dfd6d5e2efca43ac1f231df2e1d96 c:\windows\assembly\gac\system.management\1.0.5000.0__b03f5f7f11d50a3a\system.management.dll
MD5: 1e1b73fc9c17effe04f5676a40c82026 c:\windows\assembly\gac\system.runtime.remoting\1.0.5000.0__b77a5c561934e089\system.runtime.remoting.dll
MD5: 72d671aaa4243fdb8afe1c527bc8f508 c:\windows\assembly\gac\system.web\1.0.5000.0__b03f5f7f11d50a3a\system.web.dll
MD5: 2814e9bdb75088c0b4cf6c1123f6ec8e c:\windows\assembly\gac\system.windows.forms\1.0.5000.0__b77a5c561934e089\system.windows.forms.dll
MD5: a5205b3af85b1477ab2c2a1e12201598 c:\windows\assembly\gac\system.xml\1.0.5000.0__b77a5c561934e089\system.xml.dll
MD5: 83928671ccc704d32c363461ca6dec83 c:\windows\assembly\gac\system\1.0.5000.0__b77a5c561934e089\system.dll
MD5: 5a49b4fbe588f1246fb4e284f02771f5 c:\windows\assembly\nativeimages1_v1.1.4322\mscorlib\1.0.5000.0__b77a5c561934e089_7156f9fe\mscorlib.dll
MD5: c0876423f116b48067dd6bf00c7e2245 c:\windows\assembly\nativeimages1_v1.1.4322\system.drawing\1.0.5000.0__b03f5f7f11d50a3a_35c63cab\system.drawing.dll
MD5: 861e60a7c160518f28dae151bd214ab6 c:\windows\assembly\nativeimages1_v1.1.4322\system.windows.forms\1.0.5000.0__b77a5c561934e089_4db9f700\system.windows.forms.dll
MD5: 4f555d98bedc32f250fbeda31ea026eb c:\windows\assembly\nativeimages1_v1.1.4322\system.xml\1.0.5000.0__b77a5c561934e089_ea2dc3e1\system.xml.dll
MD5: 3edb4bdaff433578759067f5221b0f50 c:\windows\assembly\nativeimages1_v1.1.4322\system\1.0.5000.0__b77a5c561934e089_39b14579\system.dll
MD5: 84f8a41a85c619f959f6724c5bee0572 C:\WINDOWS\daemon.dll
MD5: 01e2eca759056f23c73a035fdabb2d6d C:\WINDOWS\Downloaded Program Files\dwusplay.exe
MD5: 1bf5adcdc841b69ab00187abd53253a1 C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\aspnet_isapi.dll
MD5: f34d92fba77df7e0b5fdf17f9cd2ab9a C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\MSCORJIT.DLL
MD5: 5170eba2334e0533ed4cdaa27f1d930b c:\windows\microsoft.net\framework\v1.1.4322\mscorlib.dll
MD5: 82a90e50aeba92cf47f341066c5efefc C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\mscorsn.dll
MD5: ac1a02176f7c608e0cd971acf4bb91aa C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\mscorwks.dll
MD5: fffb49ba718eb2d100e58129265d002c C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\perfcounter.dll
MD5: 99ec655e7d79ff515991ff322f30cb70 C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\WMINet_Utils.dll
MD5: ab87eeffd18f2baafc274e7075ea6c67 C:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll
MD5: eabe00b18dcbeab7d5b3823fd371f008 C:\WINDOWS\RTHDCPL.EXE
MD5: c74b86642f131d76c0ede673fdf137b2 C:\WINDOWS\SkyTel.EXE
MD5: 875d770f477e0ae0088be1810d537b23 C:\WINDOWS\system32\ACTIVEDS.dll
MD5: 13510490bea0997db625daa0178cbfca C:\WINDOWS\system32\actxprxy.dll
MD5: d05ab88927849df74cf4f1c303daeb4f C:\WINDOWS\System32\adptif.dll
MD5: e8e57b0f9eb03d1aabec28d550c75116 C:\WINDOWS\system32\ADVAPI32.dll
MD5: f1958fbf86d5c004cf19a5951a9514b7 C:\WINDOWS\System32\alg.exe
MD5: eca24ab73fcffa754d4070cdb03529e3 C:\WINDOWS\system32\Apphelp.dll
MD5: fae38db973cb03de0779fb02ac1ed8e4 C:\WINDOWS\system32\asycfilt.dll
MD5: 430c46a98b9623dc32544c064a3accd3 C:\WINDOWS\system32\Ati2edxx.dll
MD5: 1f9548c4c016a1f1f949bf231506c702 C:\WINDOWS\system32\Ati2evxx.dll
MD5: ed8d753788232b81a7e8ef5d59ec3417 C:\WINDOWS\System32\ATI2EVXX.EXE
MD5: 70ddc1a050470b0dc8c56821e5cad46b C:\WINDOWS\system32\atipdlxx.dll
MD5: a3930a43856bd52772ba475648d6db5b C:\WINDOWS\system32\AUTHZ.dll
MD5: 4c04d0d0f6f480832a2e336c61f18850 C:\WINDOWS\system32\browselc.dll
MD5: e3cfccdda4edd1d0dc9168b2e18f27b8 c:\windows\system32\browser.dll
MD5: b99ff349bf53bd91fbddcd6b1ede8980 C:\WINDOWS\system32\BROWSEUI.dll
MD5: c56bb70fa7ab2103c89aeace08a70053 C:\WINDOWS\system32\bthcrp.dll
MD5: 265f5c94fa9f2dd868517e9deea21844 C:\WINDOWS\system32\bthprops.cpl
MD5: a18cc8c9b3890b1b68bed213716fef6b c:\windows\system32\bthserv.dll
MD5: 08f0190ae201ec331b4ca3b0fa2d2cce C:\WINDOWS\System32\Cabinet.dll
MD5: ad44c5bc21213f394f6afcb55cc39293 c:\windows\system32\certcli.dll
MD5: 0fcb11b39af688035e1cde754684ee5c C:\WINDOWS\system32\CFGMGR32.dll
MD5: e26f50a92ee564f21c30501aa6173676 C:\WINDOWS\system32\CLBCATQ.DLL
MD5: 98c1ff6676e02d43da208802286a6ee7 C:\WINDOWS\System32\CLUSAPI.DLL
MD5: 9223de99987206663b5cd5c614676af7 C:\WINDOWS\system32\CNBJMON2.DLL
MD5: 453e2c622507930d9d6a92e34c8f10f0 C:\WINDOWS\system32\CNMLM75.DLL
MD5: 69d7630b2b64c48121adee09e73e339f C:\WINDOWS\system32\colbact.DLL
MD5: a77dfb85faee49d66c74da6024ebc69b C:\WINDOWS\system32\comctl32.dll
MD5: 6728270cb7dbb776ed086f5ac4c82310 C:\WINDOWS\system32\COMRes.dll
MD5: 652603d2a664d9bfc1d5eb0a9faea016 C:\WINDOWS\system32\comsvcs.dll
MD5: 1ecb753d7ceec8f5a94c9781ca64ec44 c:\windows\system32\credui.dll
MD5: cad4aa32e7eca00c23cc39c0eb833f9d C:\WINDOWS\system32\cryptnet.dll
MD5: 10654f9ddcea9c46cfb77554231be73b c:\windows\system32\cryptsvc.dll
MD5: 587729679b4fe04ce06a5c61d6c56dcd C:\WINDOWS\system32\cscdll.dll
MD5: f12b178b1678d778cfd3ff1fc38c71fb C:\WINDOWS\System32\CSRSS.EXE
MD5: 24232996a38c0b0cf151c2140ae29fc8 C:\WINDOWS\System32\CTFMON.EXE
MD5: 8d9210e9858d525646251dfa1fe37ebe C:\WINDOWS\system32\d3d8thk.dll
MD5: d67bdbbda86cc9aeebbaf3217c1717d8 C:\WINDOWS\system32\d3d9.dll
MD5: 6479a184873f7ca797ff0375d711e9a6 C:\WINDOWS\system32\dbghelp.dll
MD5: 7ed462f353b3d915a418a689fa881f96 C:\WINDOWS\system32\DDRAW.dll
MD5: ad805da7015d155ef9899f73a1c27753 C:\WINDOWS\system32\ddrawex.dll
MD5: 6cd4a623e07139ccb76d32a828733496 C:\WINDOWS\system32\devenum.dll
MD5: ae5e7bcf32f48c17a8c4500d7e42a84d C:\WINDOWS\system32\DEVMGR.DLL
MD5: cb6ca3e5261d65f6f809eed23bf167aa c:\windows\system32\dhcpcsvc.dll
MD5: b6a0f723a54884e77fce0f69083f90c9 C:\WINDOWS\system32\DRIVERS\a38usb.sys
MD5: 12dafd934641dcf61e446313bc261ec2 C:\WINDOWS\system32\DRIVERS\AegisP.sys
MD5: 2c428fa0c3e3a01ed93c9b2a27d8d4bb C:\WINDOWS\system32\DRIVERS\agp440.sys
MD5: 67288b07d6aba6c1267b626e67bc56fd C:\WINDOWS\system32\DRIVERS\agpCPQ.sys
MD5: f312b7cef21eff52fa23056b9d815fad C:\WINDOWS\system32\DRIVERS\alim1541.sys
MD5: 675c16a3c1f8482f85ee4a97fc0dde3d C:\WINDOWS\system32\DRIVERS\amdagp.sys
MD5: d81980c64543ba5c39dd2a92dc1d2daf C:\WINDOWS\system32\DRIVERS\ati2mtag.sys
MD5: 118804bbfddf42c45db3c3d410f6a256 C:\WINDOWS\system32\DRIVERS\AVerM115.sys
MD5: 48bf91cffbcdd12a710207f2a08fec4d C:\WINDOWS\system32\DRIVERS\b57xp32.sys
MD5: 0c7b763abda79b53e2016af1af8b9706 C:\WINDOWS\system32\drivers\btaudio.sys
MD5: d24b8d1784c68a25060fffbe8ed34b76 C:\WINDOWS\system32\DRIVERS\BthEnum.sys
MD5: 10355270be12641b9764235da39dcf0f C:\WINDOWS\system32\DRIVERS\bthpan.sys
MD5: 95ef6f3f386d93ee1e4d9ca45a50252a C:\WINDOWS\System32\Drivers\BTHport.sys
MD5: f06d4cb9918b462a84d9ac00027efc30 C:\WINDOWS\System32\Drivers\BTHUSB.sys
MD5: 54e368a1768c627f2adb8ab5624d0bc4 C:\WINDOWS\system32\DRIVERS\btkrnl.sys
MD5: 1b24333d2bcb4dc1c5c3b15bedace5b4 C:\WINDOWS\system32\DRIVERS\btport.sys
MD5: 8aeca4330654da58423e7fe03a704513 C:\WINDOWS\system32\drivers\btserial.sys
MD5: bde1502aabe76f71d32178e5c6a58e89 C:\WINDOWS\system32\DRIVERS\btwdndis.sys
MD5: fca94255e0a0e65c7c93530bdf10adca C:\WINDOWS\System32\Drivers\btwusb.sys
MD5: 08d30af92c270f2e76787c81589dbad6 C:\WINDOWS\system32\DRIVERS\DKbFltr.sys
MD5: d68564fcfbdfc04280cdbbb37cf7ef7f C:\WINDOWS\system32\drivers\epm-psd.sys
MD5: 50425cbd80468bf53ba90f0d7cc61805 C:\WINDOWS\system32\drivers\epm-shd.sys
MD5: 57c171ea22f0a7f068fcb0caedd1e8e7 C:\WINDOWS\system32\DRIVERS\ew_hwusbdev.sys
MD5: f44461e66f1b7dd267957fe9baa63ed0 C:\WINDOWS\system32\DRIVERS\ew_jubusenum.sys
MD5: b50e1d8627354ba8e4df83470f1272c8 C:\WINDOWS\system32\DRIVERS\ewusbmdm.sys
MD5: fb54f67974d13d73be3e2f1df042d295 C:\WINDOWS\system32\DRIVERS\ewusbnet.sys
MD5: 455f778ee14368468560bd7cb8c854d0 C:\WINDOWS\system32\DRIVERS\fsvga.sys
MD5: 56642f0391ca5176f8cc1432e559ad00 C:\WINDOWS\system32\DRIVERS\hidsmsc.sys
MD5: e0a00b06ea067c84e124b407dffa1af1 C:\WINDOWS\system32\DRIVERS\HSF_CNXT.sys
MD5: 5a5a7721d9c62d77fc0faba9b2cf5be9 C:\WINDOWS\system32\DRIVERS\HSF_DPV.sys
MD5: a30d7011c1b80a0bc16602d99218d522 C:\WINDOWS\system32\DRIVERS\HSFHWAZL.sys
MD5: ed6bf9e441fdea13292a6d30a64a24c3 C:\WINDOWS\system32\DRIVERS\i2omp.sys
MD5: 2d722b2b54ab55b2fa475eb58d7b2aad C:\WINDOWS\system32\DRIVERS\intelide.sys
MD5: 86c204836feec22510d434982d4221b8 C:\WINDOWS\system32\DRIVERS\irda.sys
MD5: e182fa8e49e8ee41b4adc53093f3c7e6 C:\WINDOWS\system32\DRIVERS\kbdhid.sys
MD5: 8e983f827edab91baa424977c6efddee C:\WINDOWS\System32\Drivers\lv321av.sys
MD5: 5492f579ad7bf7dd61be35ad18ff0ad7 C:\WINDOWS\system32\drivers\lvmvdrv.sys
MD5: d8cf31431aa398c1d79931203a75332f C:\WINDOWS\system32\drivers\LVPrcMon.sys
MD5: 2a3a8361192de05de7d51d1f04f58b28 C:\WINDOWS\system32\drivers\lvusbsta.sys
MD5: fb097bbc1a18f044bd17bd2fccf97865 C:\WINDOWS\system32\drivers\mbam.sys
MD5: e246a32c445056996074a397da56e815 C:\WINDOWS\system32\DRIVERS\mdmxsdk.sys
MD5: 55a9a7e6bb297bf0f5b144029dcb79cc C:\WINDOWS\system32\DRIVERS\MPE.sys
MD5: 1f76996253071cbae0a5ab5d8551ef88 C:\WINDOWS\System32\Drivers\NdisFilt.sys
MD5: 6a25f27202f3122a44a6b74ee46e7a76 C:\WINDOWS\system32\DRIVERS\NETMNT.sys
MD5: 7f1c1f78d709c4a54cbb46ede7e0b48d C:\WINDOWS\system32\DRIVERS\NTIDrvr.sys
MD5: 79ea3fcda7067977625b3363a2657c80 C:\WINDOWS\system32\DRIVERS\nwlnkipx.sys
MD5: 26c4a4b64d1dd8e6fdfb2f4897be029c C:\WINDOWS\system32\drivers\OsaFsLoc.sys
MD5: 9d1177c2a8de936b33d85ff75e8cbf1a C:\WINDOWS\system32\drivers\osaio.sys
MD5: 3245bee5176697faf0744a2e1288dc77 C:\WINDOWS\system32\drivers\osanbm.sys
MD5: 99c4b74981a1413f142a3903130088cb C:\WINDOWS\system32\DRIVERS\rfcomm.sys
MD5: 60d7460b07012d364ced11dd9fd83e1f C:\WINDOWS\system32\drivers\RtkHDAud.sys
MD5: 1cc074e0d48383d4e9bffc6a26c2a58a C:\WINDOWS\system32\DRIVERS\s24trans.sys
MD5: 00de597b81b381053cb5b21a7f20e365 C:\WINDOWS\System32\drivers\sfdrv01.sys
MD5: 64b9ab76f1b16eb059cb6cdd906c067a C:\WINDOWS\System32\drivers\sfhlp02.sys
MD5: 732d859b286da692119f286b21a2a114 C:\WINDOWS\system32\DRIVERS\sisagp.sys
MD5: 62556d170f22c43a544481e4ee16d2e2 C:\WINDOWS\system32\DRIVERS\smcirda.sys
MD5: 8a441b2ffde4ff943f5a49a775c7064e C:\WINDOWS\system32\DRIVERS\stealth.sys
MD5: 5220576ee29bea7c18dff9ecabf18bbc C:\WINDOWS\system32\drivers\symlcbrd.sys
MD5: a63401d180863a2cefce51798542ae5f C:\WINDOWS\system32\DRIVERS\SynTP.sys
MD5: 0edc3cf7b38f4260eb006c38e4a44de4 C:\WINDOWS\system32\drivers\tifm21.sys
MD5: d92e7c8a30cfd14d8e15b5f7f032151b C:\WINDOWS\system32\DRIVERS\viaagp.sys
MD5: b1f126e7e28877106d60e6ff3998d033 C:\WINDOWS\system32\DRIVERS\w39n51.sys
MD5: ae2c8544e747c20062db27456ea2d67a C:\WINDOWS\system32\DRIVERS\wmiacpi.sys
MD5: b39fbe0e5785ce9223cd35b206ac607d C:\WINDOWS\system32\DRMClien.DLL
MD5: 55e148c01296696588eafa425782c3e8 C:\WINDOWS\system32\DSOUND.dll
MD5: cacd2c63a79268d131ea37e85524cc44 C:\WINDOWS\system32\dssenh.dll
MD5: ed7e847905dd2797565b4b695e92f42b C:\WINDOWS\system32\DUSER.dll
MD5: 4114452678d341171b284cb0f39bf2dd C:\WINDOWS\system32\ElkCtlPS.dll
MD5: 62ccd8ee958d4924eeccf0cea5ed147e C:\WINDOWS\System32\ElkCtrl.exe
MD5: a57b8acd54afbe482042c285c2767ebf c:\windows\system32\ESENT.dll
MD5: d4db912260f0ce3d10b20f3a24baa14f C:\WINDOWS\system32\FXSAPI.dll
MD5: 9cc834bddffd69ffbf3c58408c4e47b3 C:\WINDOWS\system32\FXSEVENT.dll
MD5: f517bd3b95fb375b42aedbb386615392 C:\WINDOWS\system32\FXSMON.DLL
MD5: f5c6b62d68fed6f9d06f72cf533ec13f C:\WINDOWS\system32\fxsperf.dll
MD5: 634bd178592169d7890b5ac105a8f208 C:\WINDOWS\system32\fxsst.dll
MD5: fcbd571fa0ee8dc238944ae5fab74461 C:\WINDOWS\system32\fxssvc.exe
MD5: b6e01969246fcb67470e87e6957ee147 C:\WINDOWS\System32\GEARSEC.EXE
MD5: bf29524acb31d3034dff887dfe6179a7 C:\WINDOWS\system32\HHCTRL.OCX
MD5: 9376e6893e52b368abc6255bf54f0b28 c:\windows\system32\hidserv.dll
MD5: 765b30c776a1780b46b479fe614f707c C:\WINDOWS\system32\hnetcfg.dll
MD5: 39860787f4e6de9a35ab1e74330cc788 C:\WINDOWS\system32\iepeers.dll
MD5: 5afce94e8286b2f57a04da37f01bf21a C:\WINDOWS\system32\IMAGEHLP.dll
MD5: 1b17e09c1223f6d17336d2dd7a1af4f4 C:\WINDOWS\system32\IME\PINTLGNT\ImScInst.exe
MD5: 024dc0f68df5fd6ae9dd82dfbaf479d6 C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE
MD5: 87ca7ce6469577f059297b9d6556d66d C:\WINDOWS\system32\IMM32.DLL
MD5: f14a6bd840e4d7cd4c0535cb3cef2887 C:\WINDOWS\system32\inetpp.dll
MD5: 42a1912dbdf8bcc087a1cae008db060c c:\windows\system32\iphlpapi.dll
MD5: 36cc8c01b5e50163037bef56cb96deff C:\WINDOWS\System32\ipnathlp.dll
MD5: f79aebe6f394d95997c9f69836559dd4 C:\WINDOWS\System32\ipxwan.dll
MD5: a02512c315c84f475bd89f847048b27b c:\windows\system32\irmon.dll
MD5: cda525a0557f0a8cb65bdd56ee54fc28 C:\WINDOWS\system32\JfCheck.dll
MD5: 1efbd57fa79b96f638f3f72dcc393f34 C:\WINDOWS\system32\kerberos.dll
MD5: b6acaed7588295129791e0e6a2b0fade C:\WINDOWS\system32\kernel32.dll
MD5: c5245f09c55fe9d49db96cef768dd360 C:\WINDOWS\system32\ksproxy.ax
MD5: b6821e48c0310e52c7a7cd3e626f70d1 C:\WINDOWS\system32\kswdmcap.ax
MD5: 12015d13e67466efa2c3b1092cd7d5a4 C:\WINDOWS\system32\loadperf.dll
MD5: 2e632f071817ad3758c386571cbd9858 C:\WINDOWS\system32\localspl.dll
MD5: 7db59fff2af32c27eb2276424fa5eddb C:\WINDOWS\system32\logonui.exe
MD5: 74d66b3de265e8789153414e75175f26 C:\WINDOWS\system32\LPK.DLL
MD5: 8185eee4e645f74c9ff30271365e0aba C:\WINDOWS\system32\LSASRV.dll
MD5: 84885f9b82f4d55c6146ebf6065d75d2 C:\WINDOWS\System32\LSASS.EXE
MD5: 05f20962e3970275348bcfe5149267d3 C:\WINDOWS\system32\lvcodec2.dll
MD5: b4747d22e0e2a536fe9537a43ce03ec0 C:\WINDOWS\system32\lvcomcx.dll
MD5: 18e06b4717924361788cef8a98b415ef C:\WINDOWS\System32\LVCOMSX.EXE
MD5: 9348cd749e2915d04fd0e2e3b68fcfcf C:\WINDOWS\system32\lvmaenum.dll
MD5: fe8797f9dc9a6bbf18d6db12142ed7e2 C:\WINDOWS\system32\Macromed\Flash\Flash32_11_2_202_235.ocx
MD5: de5a4d89c47b9a1cc97dfab11a795abb C:\WINDOWS\system32\Macromed\Flash\NPSWF32_11_2_202_235.dll
MD5: 4602907535fd682195dfff9117365826 C:\WINDOWS\system32\MFC42.DLL
MD5: aa808dd00af4ff04283bc719a8e070cd C:\WINDOWS\system32\MFC42u.DLL
MD5: f35a584e947a5b401feb0fe01db4a0d7 C:\WINDOWS\system32\MFC71.DLL
MD5: 0346da24de3c85909717d5997510a31f C:\WINDOWS\system32\MLANG.dll
MD5: 5eb4b3a7f2f736df61206982a8a1f694 C:\WINDOWS\system32\modemui.dll
MD5: 2cfe80aa3428c09e6de67fac50da65cf C:\WINDOWS\system32\MPR.dll
MD5: 9f78f329b1858e845087b923b4dba0f3 C:\WINDOWS\system32\MPRAPI.dll
MD5: 69a5adf546505f4c69ef3046bf798b49 C:\WINDOWS\system32\MPRUI.dll
MD5: a9753f3343eb7a8bc3b498841c8be6fd C:\WINDOWS\system32\MSCTF.dll
MD5: 80ee5efb436aba67d3f0688d0e5f9d72 C:\WINDOWS\system32\MSDART.DLL
MD5: 0891bc72ab3e834da5f65bc4ed696545 C:\WINDOWS\system32\MSFTEDIT.DLL
MD5: 1cbc000ecd2de2e6fd2b19bc9aabcc52 C:\WINDOWS\system32\msi.dll
MD5: d3ad4f21dd60b4b9bfeb415564a6c308 C:\WINDOWS\system32\msimtf.dll
MD5: 220320f029e321617e6799bb24e97b97 C:\WINDOWS\system32\msjet40.dll
MD5: 6838b8b8aa024acb0a97f47a46faf4cd C:\WINDOWS\system32\MSJINT40.DLL
MD5: 02f3791c92368f6741c955e8c2f08681 C:\WINDOWS\system32\msjter40.dll
MD5: 137d04b9d869486b0510d117650375e2 C:\WINDOWS\system32\MSNChatHook.dll
MD5: c086483e3dba8c1c0a687ec8d5b3d4c1 C:\WINDOWS\system32\mspmsnsv.dll
MD5: f5ee7cacd1784241f138a5e55b715897 c:\windows\system32\mstlsapi.dll
MD5: 9eea0ca999a33c9d2eabe82e4c624cc3 C:\WINDOWS\system32\msutb.dll
MD5: 8bcc4cb5ae075bfa6dde97cc3dac1dc6 C:\WINDOWS\system32\msv1_0.dll
MD5: 1f57eb5b92b2ac7f9d71a77d184d8c13 C:\WINDOWS\system32\MSVCP60.dll
MD5: b0fefa816d61ec66aa765ddf534eab5e C:\WINDOWS\system32\msvcrt.dll
MD5: 9cab732c554bc1191e68d1efb102da45 C:\WINDOWS\system32\MSVFW32.dll
MD5: d1595c1eb2c3430efb5bd997ed5c86a7 C:\WINDOWS\system32\mswstr10.dll
MD5: 99f43b9b76c88acead42fe84744f8c87 C:\WINDOWS\system32\MTXCLU.DLL
MD5: 8dc664b45019f14485cfbf84d8b90036 C:\WINDOWS\System32\mtxoci.dll
MD5: a663a939a2e32466e9ea45b8e928bb3e C:\WINDOWS\system32\NeroCheck.exe
MD5: e3ae8dc04643850d2dfd431443558b28 C:\WINDOWS\system32\netcfgx.dll
MD5: 6c476d33d82f1054849790181e8f7772 C:\WINDOWS\system32\netlogon.dll
MD5: dab9e6c7105d2ef49876fe92c524f565 c:\windows\system32\netman.dll
MD5: 20fd44370267ccd0a64a1b31861c21d2 C:\WINDOWS\system32\netmsg.dll
MD5: bf52a4d4eb4cfb3109667e429b93e21a c:\windows\system32\netshell.dll
MD5: 01520b46830c8178e1b2c05a4f3f6c16 C:\WINDOWS\System32\NETUI0.dll
MD5: 88b918e7fb3b09595dd8a0fd09a35b8f C:\WINDOWS\System32\NETUI1.dll
MD5: 1414e666316ca7d9823dbd2d4ada5971 C:\WINDOWS\system32\NETUI2.dll
MD5: 2f868bffbf50524653d7fe0d99afb064 C:\WINDOWS\system32\ntdll.dll
MD5: 6201bacf384292a5fe94ce73364ae53a C:\WINDOWS\system32\NTDSAPI.dll
MD5: daa91b358e685fc6cca9aca72be6fe85 C:\WINDOWS\system32\NTMARTA.DLL
MD5: b62f29c00ac55a761b2e45877d85ea0f C:\WINDOWS\system32\ntmssvc.dll
MD5: 385e9aec6e100dbebee5bd1f27a55e1d C:\WINDOWS\system32\ntshrui.dll
MD5: f01d97a8e0380ba52f58249a7b3bd7f1 C:\WINDOWS\System32\nwprovau.dll
MD5: f79d7d98cd764499eccbaaf3f800d349 C:\WINDOWS\system32\ODBC32.dll
MD5: df8fd4a73f5c839195d78dd0d5fc4bc8 C:\WINDOWS\system32\odbccp32.dll
MD5: c237fb08f52f27823c4e4e6705ecd196 C:\WINDOWS\system32\odbcint.dll
MD5: 0b632a8db20770f47b1a43686b57f456 C:\WINDOWS\system32\odbcji32.dll
MD5: cff46b369ca809d795a064a213bbd98f C:\WINDOWS\system32\odbcjt32.dll
MD5: 4fe9d9fa62d020e35e0ac6d1aeeb96f0 C:\WINDOWS\system32\ole32.dll
MD5: 9cd4c33e2115e4eff7836ada562847d6 C:\WINDOWS\system32\oledlg.dll
MD5: b48d3193dd1474dcbcc32bf4779ac698 C:\WINDOWS\system32\olepro32.dll
MD5: e7584239b46c4e0702aff5a1c8a410bb C:\WINDOWS\system32\pdh.dll
MD5: 96492c721c6ea517e2bfd5381fef55e3 C:\WINDOWS\system32\perfctrs.dll
MD5: 636a03aa5209fc2e8416a746b1986155 C:\WINDOWS\system32\perfnet.dll
MD5: 2604411db362f3c7d46bab31362f0b55 C:\WINDOWS\system32\perfproc.dll
MD5: 7efd2114ead1ac72342610d7192bfb32 C:\WINDOWS\system32\perfts.dll
MD5: 4d3ccdf22d2b4bae229ba73b81d13e26 C:\WINDOWS\system32\psbase.dll
MD5: b4459d13473d07fcb43365c02732de16 C:\WINDOWS\system32\pschdprf.dll
MD5: 755d08e9e2ae904f75cb97a53c2ba785 C:\WINDOWS\system32\qcap.dll
MD5: cd1f7ed9842138beadf9ecbf37818bef C:\WINDOWS\System32\RASAPI32.dll
MD5: 44db7a9bdd2fb58747d123fbf1d35adb C:\WINDOWS\System32\rasauto.dll
MD5: ba5d5fd3cca6f64a429e2e0e1a1a0917 C:\WINDOWS\System32\RASDLG.dll
MD5: 30e244a707e6ce0a4b099cd6384ec6ca C:\WINDOWS\System32\rasman.dll
MD5: 41a3c11e3517c962c9b44893bcec3b34 C:\WINDOWS\System32\rasmans.dll
MD5: 04ecec0447f79419ad25227205b8277d C:\WINDOWS\System32\rasppp.dll
MD5: 1d536bebc30dd8d0d3b6ff3b0cd2d32b C:\WINDOWS\System32\rastapi.dll
MD5: 899ed710fdc37eb7d0115c2932c2b1eb C:\WINDOWS\system32\REGAPI.dll
MD5: 2738c8a33ff07dd3c99c7c8f0a85da72 C:\WINDOWS\System32\RESUTILS.DLL
MD5: a0bc687a49542c40eb60b7308f454e8a C:\WINDOWS\system32\RICHED20.dll
MD5: 461b6e2f04112e659280314b7a414f30 C:\WINDOWS\system32\RPCRT4.dll
MD5: 24b5d53b9accc1e2edcf0a878d6659d4 c:\windows\system32\rpcss.dll
MD5: 26acbd865f8cff730f1791c4d0854352 C:\WINDOWS\system32\rsaenh.dll
MD5: f9dd799e07ed5028db2f1ffea72c9357 C:\WINDOWS\System32\rsvpperf.dll
MD5: da285490bbd8a1d0ce6623577d5ba1ff C:\WINDOWS\System32\RUNDLL32.EXE
MD5: ebe12f403fde45e7312e7bf764bfb6c6 C:\WINDOWS\system32\SAMLIB.dll
MD5: e15154e7fda8a580a8f74c7cc16b1ffe C:\WINDOWS\system32\SAMSRV.dll
MD5: 0f78e27f563f2aaf74b91a49e2abf19a C:\WINDOWS\system32\scecli.dll
MD5: 9a42c1f3154545a4d32e5043038b01fa C:\WINDOWS\system32\SCESRV.dll
MD5: 3732492edd6c46454752f9ac78f2539e C:\WINDOWS\system32\schannel.dll
MD5: 92360854316611f6cc471612213c3d92 c:\windows\system32\schedsvc.dll
MD5: d636fa41e50671160d838ea2dace3330 C:\WINDOWS\system32\sclgntfy.dll
MD5: 1d141672ce98383b22a1846e4d43c159 C:\WINDOWS\system32\Secur32.dll
MD5: a624930228b698cf5b89f91caf23a908 C:\WINDOWS\system32\SECURITY.DLL
MD5: 4712531ab7a01b7ee059853ca17d39bd C:\WINDOWS\System32\SERVICES.EXE
MD5: 9858cc4d73a4ccf2f852fae07c11a0b5 C:\WINDOWS\system32\sfc_os.dll
MD5: c892b9ba34845efc957986a4a484b331 C:\WINDOWS\system32\shdoclc.dll
MD5: 559b2d22a1ee947a7eaed530c7ff9320 C:\WINDOWS\system32\SHDOCVW.dll
MD5: 1d3a8a40f8045100a3e35c5f9bc6c5de C:\WINDOWS\system32\shgina.dll
MD5: 43da983415ea533f9e667fdb415f4655 C:\WINDOWS\system32\ShimEng.dll
MD5: e7518dc542d3ebdcb80edd98462c7821 C:\WINDOWS\system32\SHSVCS.dll
MD5: bd7fb0957c716f1a60333aee04de2178 C:\WINDOWS\System32\SMSS.EXE
MD5: 37611638611b23ec33b1149d4302047e C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\CNMCP75.DLL
MD5: 2f43d07146a86981c13f81f7c2579cb2 C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\CNMDR75.DLL
MD5: 4bb84279f288560e71feb24bd28407cb C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\CNMUI75.DLL
MD5: f3af28b0a60d3c584d7c9e030794a0c9 C:\WINDOWS\System32\spool\PRTPROCS\W32X86\CNMPD75.DLL
MD5: 87b85bc1e1f6e0228876204a20a9c24c C:\WINDOWS\system32\SPOOLSS.DLL
MD5: 7435b108b935e42ea92ca94f59c8e717 C:\WINDOWS\System32\SPOOLSV.EXE
MD5: 92bdf74f12d6cbec43c94d4b7f804838 c:\windows\system32\srsvc.dll
MD5: 93d32468d34e000cb3407947d1d6e22a c:\windows\system32\srvsvc.dll
MD5: 4b8d61792f7175bed48859cc18ce4e38 C:\WINDOWS\System32\ssdpsrv.dll
MD5: 297101a925ecffdcdf7f6341ffbb6c1a C:\WINDOWS\system32\stobject.dll
MD5: 8f078ae4ed187aaabc0a305146de6716 C:\WINDOWS\System32\SVCHOST.EXE
MD5: bcdf5f4bae714231ecc916a1ef724627 C:\WINDOWS\system32\SXS.DLL
MD5: 2db337f8ac30114be595a8c0e66f7846 C:\WINDOWS\system32\SynCOM.dll
MD5: e477785f0f1445d73dc2ea3aa174690f C:\WINDOWS\system32\SynTPAPI.dll
MD5: c6a0aa09839c6b835120a70820773c44 C:\WINDOWS\system32\SynTPFcs.dll
MD5: 1981bbdf2bed9620916c8667509763e8 C:\WINDOWS\system32\sysenv.dll
MD5: 9c28b09c8757065d74e662e5a3503c89 C:\WINDOWS\system32\t2embed.dll
MD5: 6307a1b82f6ca87d7e0cdf49e6e7bc00 C:\WINDOWS\system32\TAPI32.dll
MD5: 6951b89b4f591aa694048a6cd0e5224a C:\WINDOWS\system32\tapiperf.dll
MD5: eb4a4187d74a8efdcbea3ea2cb1bdfbd c:\windows\system32\tapisrv.dll
MD5: e6796d51ced309e46d29c0b787735615 C:\WINDOWS\system32\themeui.dll
MD5: 1f3a82333046f4b97b2bb148abf38d54 C:\WINDOWS\system32\TRAFFIC.dll
MD5: 6d9ac544b30f96c57f8206566c1fb6a1 c:\windows\system32\trkwks.dll
MD5: 2dbfbd419c332e4361e35528e611b0a0 C:\WINDOWS\System32\unimdmat.dll
MD5: 339089d6c3fc3bc5ced8d9049c4d2101 C:\WINDOWS\system32\upnp.dll
MD5: 0546477bde979e33294fe97f6b3de84a C:\WINDOWS\System32\upnphost.dll
MD5: 4e1be01eb03fe21c18ef8cfadd03b030 C:\WINDOWS\system32\upnpui.dll
MD5: c72661f8552ace7c5c85e16a3cf505c4 C:\WINDOWS\system32\USER32.dll
MD5: 2b9b56a89a8a42e917511972a6db36e3 C:\WINDOWS\system32\USERENV.dll
MD5: 39b1ffb03c2296323832acbae50d2aff c:\windows\system32\userinit.exe
MD5: 9d39d9e07c180127252e176ec2b41487 C:\WINDOWS\system32\UTILDLL.dll
MD5: 2cde496666a975a2ce8f969f3042c8db C:\WINDOWS\system32\UxTheme.dll
MD5: 2b281958f5d0cf99ed626e3ef39d5c8d C:\WINDOWS\system32\w32time.dll
MD5: b83dab6ba597e8079854632909a96dc2 C:\WINDOWS\system32\wbem\cimwin32.dll
MD5: de578e4e6844954823fc7688625f00c8 C:\WINDOWS\system32\wbem\esscli.dll
MD5: 4de2616b80c62930fd337ec395462b21 C:\WINDOWS\system32\wbem\FastProx.dll
MD5: 05cb782f2c7024aa92b1722a926bbd3a C:\WINDOWS\system32\wbem\framedyn.dll
MD5: 9a66728efe501d855d0ffe3de023ce32 C:\WINDOWS\system32\wbem\repdrvfs.dll
MD5: d815e16232969768d24406df48dd813a C:\WINDOWS\system32\wbem\stdprov.dll
MD5: c7000f2db2a5515c64c257478769a481 C:\WINDOWS\System32\WBEM\UNSECAPP.EXE
MD5: 4e39c36213e95fb971a61a247bde2f61 C:\WINDOWS\system32\wbem\wbemcomn.dll
MD5: 36360b625d7290bba2cd03ad4975e1bc C:\WINDOWS\system32\wbem\wbemcore.dll
MD5: 6708e1ddf12cab2d5b5a2b66b76e0038 C:\WINDOWS\system32\wbem\wbemess.dll
MD5: 851c1b203b5eb4f85afc3a3006434797 C:\WINDOWS\system32\wbem\WMIApRes.dll
MD5: f2ac62cfa9d59fe10aead3906bd591ba C:\WINDOWS\system32\wbem\wmiaprpl.dll
MD5: f6416f767308a26e1419413b18d0ecfd C:\WINDOWS\system32\wbem\wmiprov.dll
MD5: 44266e3a948fa690585b2d7205a672f6 C:\WINDOWS\system32\wbem\wmiprvsd.dll
MD5: 51a548a604aec2c362ca503b0cb03831 C:\WINDOWS\System32\WBEM\WMIPRVSE.EXE
MD5: 0a1161db4fccf7821736c70d70a0f5a3 C:\WINDOWS\system32\wbem\wmiutils.dll
MD5: b472345e5c5d0fd739fd8310c5b72aea C:\WINDOWS\system32\wbtapi.dll
MD5: 6e2aba80e627a6b2caccc6d0c60874b1 C:\WINDOWS\system32\wdigest.dll
MD5: d9f6c4f6b1e188adafc42b561d9bc2e6 c:\windows\system32\wiaservc.dll
MD5: 40f4689eedf449a6bd9ce05aab7f5f0a C:\WINDOWS\system32\wiashext.dll
MD5: b08b23ad7414d3950bbb7cd3b20a87da C:\WINDOWS\system32\WidcommSdk.dll
MD5: a1c10f87248529173f39f4b4734df14b C:\WINDOWS\system32\win32spl.dll
MD5: e5326c384ce33d47b8efa715e8ac4284 c:\windows\system32\WINHTTP.dll
MD5: 01c3346c241652f43aed8e2149881bfe C:\WINDOWS\System32\WINLOGON.EXE
MD5: 90fdaa22f38d9e911f91fa3b8a1f7e5d C:\WINDOWS\system32\WINMM.dll
MD5: 2c8fdb176f22629ea5342db474fac391 C:\WINDOWS\System32\winrnr.dll
MD5: 7bcb23fa39ce266af4347a6beab60f8c C:\WINDOWS\system32\WINSCARD.DLL
MD5: 7bc4ba4c33adf3ef5cd370d99bc60b04 C:\WINDOWS\system32\WINSTA.dll
MD5: 10f36fa092d7a309a0647fcdc764ae6c C:\WINDOWS\system32\WLDAP32.dll
MD5: a599e5e366c1408e48aa5d37882d4e3e C:\WINDOWS\system32\WlNotify.dll
MD5: 31af133d4a9d3d1f4708a47f6d50524b C:\WINDOWS\system32\WMASF.DLL
MD5: 344b9034786ac4fa86062a27264ddf7d C:\WINDOWS\system32\wmidx.dll
MD5: bc13192340d6e3dbad3dc5f088718e5f C:\WINDOWS\system32\WMVCore.DLL
MD5: 4d59daa66c60858cdf4f67a900f42d4a C:\WINDOWS\system32\wscsvc.dll
MD5: 1e20d317a35044b8f0292bc45f8e9694 C:\WINDOWS\system32\wshbth.dll
MD5: 6933fec4fb41627346a84e53d4412eee C:\WINDOWS\System32\wshirda.dll
MD5: 811bb60991fc03a63f2f844a3f9c6488 C:\WINDOWS\System32\wshisn.dll
MD5: 366196aaa5664115077aa17a2049a43f C:\WINDOWS\system32\wzcdlg.dll
MD5: 9a9bbc71d0ebcd400a33abcd5f0ab39c c:\windows\system32\WZCSAPI.DLL
MD5: 5a91e6feab9f901302fa7ff768c0120f c:\windows\system32\wzcsvc.dll
MD5: eef46dab68229a14da3d8e73c99e2959 C:\WINDOWS\System32\xmlprov.dll
MD5: edd916d97c229ed9f3ea037de9352635 C:\WINDOWS\system32\XPOB2RES.DLL
MD5: 1320aea7057a26a671d9548cc7bebda5 C:\WINDOWS\system32\xpsp2res.dll
MD5: 5af68a5e44734a082442668e9c787743 C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.2180_x-ww_a84f1ff9\comctl32.dll

The following file(s) must be uploaded for server-side scanning:
C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
C:\Program Files\Acer\OrbiCam\CameraAssistant.exe
C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe
C:\Program Files\Launch Manager\QtZgAcer.EXE
C:\Program Files\Maxis Broadband\UpdateDog\ouc.exe
C:\Program Files\Acer\Acer Arcade\PCMService.exe
c:\windows\assembly\nativeimages1_v1.1.4322\system.drawing\1.0.5000.0__b03f5f7f11d50a3a_35c63cab\system.drawing.dll
C:\Program Files\Acer\OrbiCam\InstallHelper.exe
C:\Acer\Empowering Technology\eDataSecurity\eDSloader.exe
C:\WINDOWS\system32\NeroCheck.exe
C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\Program Files\CyberLink\PowerDVD9\Language\Language.exe
C:\WINDOWS\Alaunch.exe
C:\Program Files\Maxis Broadband\Maxis Broadband.exe
C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
C:\WINDOWS\System32\LVCOMSX.EXE
C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
C:\Documents and Settings\All Users\Application Data\DatacardService\HWDeviceService.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\Program Files\OpenOffice.org 2.0\program\quickstart.exe
C:\WINDOWS\System32\ElkCtrl.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Documents and Settings\Peter\Application Data\Maxis Broadband\ouc.exe
C:\Program Files\Common Files\Logitech\LVMVFM\LVPrcSrv.exe

Upload started - 26 file(s)
reader_sl.exe (29696)
Language.exe (45056)
ccApp.exe (53248)
quickstart.exe (61440)
eDSloader.exe (69632)
InstallHelper.exe (73728)
ccPwdSvc.exe (73728)
LVPrcSrv.exe (81920)
NMBgMonitor.exe (94208)
SynTPLpr.exe (102400)
ouc.exe (110592)
PCMService.exe (151552)
NeroCheck.exe (155648)
ccSetMgr.exe (165488)
ccEvtMgr.exe (198256)
LVCOMSX.EXE (225280)
ElkCtrl.exe (262144)
HWDeviceService.exe (266240)
CameraAssistant.exe (438272)
QtZgAcer.EXE (458752)
Alaunch.exe (520192)
Maxis Broadband.exe (536576)
SynTPEnh.exe (692224)
symlcsvc.exe (822424)
system.drawing.dll (835584)
Upload speed - 44 KB/s
Upload finished - 26 uploaded, 0 failed

The uploaded file(s) were found clean.

Scan finished - communication took 144 sec
Total traffic - 6.25 MB sent, 3.01 KB recvd
Scanned 1102 files and modules - 279 seconds

==============================================================================
  • 0

#42
Peter Lee

Peter Lee

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 117 posts
[email protected] as CAB hook log:
OnlineScanner.ocx - registred OK
esets_scanner_update returned -1 esets_gle=41473
esets_scanner_update returned -1 esets_gle=41473
esets_scanner_update returned -1 esets_gle=41473
[email protected] as downloader log:
all ok
esets_scanner_update returned -1 esets_gle=41473
esets_scanner_update returned -1 esets_gle=36882
# version=7
# OnlineScannerApp.exe=1.0.0.1
# OnlineScanner.ocx=1.0.0.6583
# api_version=3.0.2
# EOSSerial=a216bed794f4834280b3406476be3d7c
# end=finished
# remove_checked=true
# archives_checked=true
# unwanted_checked=true
# unsafe_checked=false
# antistealth_checked=true
# utc_time=2012-07-03 03:47:41
# local_time=2012-07-03 11:47:41 (+0800, Malay Peninsula Standard Time)
# country="United States"
# lang=1033
# osver=5.1.2600 NT Service Pack 2
# compatibility_mode=512 16777215 100 0 112422182 112422182 0 0
# compatibility_mode=8192 67108863 100 0 71598 71598 0 0
# scanned=147007
# found=33
# cleaned=33
# scan_time=7439
C:\Documents and Settings\Peter\My Documents\My Downloads\mhwm.rar_1341138495.arl a variant of Win32/Packed.TTProtect.A application (deleted - quarantined) 00000000000000000000000000000000 C
C:\Program Files\MegauploadToolbar\megauploadtoolbar.dll Win32/Toolbar.MegaUpload application (cleaned by deleting - quarantined) 00000000000000000000000000000000 C
C:\2 Burn\Total_Video_Converter_3.20.090104.rar_1341138495.arl multiple threats (deleted - quarantined) 00000000000000000000000000000000 C
C:\2 Burn\Games\Island.Realms.v1.0.Cracked-F4CG.rar_1341138495.arl probably a variant of Win32/Injector.CRM trojan (deleted - quarantined) 00000000000000000000000000000000 C
C:\2 Burn\Programs\ZwinkySetup2.3.50.62.ZJfox000.exe_1341138495.arl a variant of Win32/Toolbar.MyWebSearch.O application (cleaned by deleting - quarantined) 00000000000000000000000000000000 C
C:\Qoobox\Quarantine\C\Documents and Settings\All Users\DRM\shlhi.lib.vir_1341138495.arl a variant of Win32/Redosdru.BL trojan (cleaned by deleting - quarantined) 00000000000000000000000000000000 C
E:\2 Burn\Warcraft III Frozen Throne\Warcraft III - The Frozen Throne\New\Warcraft3 tft 123a\Warcraft III Reign of Chaos, The Frozen Throne + Update Patch War3TFT_123a_English +CD Key\CDKey\Warcraft III Reign Of Chaos Keygen.exe a variant of Win32/Hupigon.NWG trojan (cleaned by deleting - quarantined) 00000000000000000000000000000000 C
E:\2 Burn\x\Video\上海美容院美女全身按摩盗设上下都露了。。\[小说]我和魅力宾馆领班的一夜qing.chm multiple threats (deleted - quarantined) 00000000000000000000000000000000 C
E:\2 Burn\x\Video\上海美容院美女全身按摩盗设上下都露了。。\影片介绍精彩导航.chm multiple threats (deleted - quarantined) 00000000000000000000000000000000 C
E:\2 Burn\x\Video\上海美容院美女全身按摩盗设上下都露了。。\最好的hua ng网地址.chm multiple threats (deleted - quarantined) 00000000000000000000000000000000 C
E:\2 Burn\x\Video\上海美容院美女全身按摩盗设上下都露了。。\rar打开上海美容院美女全身按摩盗设上下都露了。。\password.chm multiple threats (deleted - quarantined) 00000000000000000000000000000000 C
F:\2 Burn\Games\Reflexive\Pizza_Chef.rar probably a variant of Win32/TrojanDownloader.Agent.NBCQTKF trojan (deleted - quarantined) 00000000000000000000000000000000 C
F:\Kingston Pendrive Backup\illusion\ai2_reg.rar probably a variant of Win32/KillAV.GDVHFPT trojan (deleted - quarantined) 00000000000000000000000000000000 C
F:\Peter\C\crack\Alawar_Snowy_Treasure_Hunter_2_v1_0_Cracked_exe_by_[TLG]Mysterio.Zip probably a variant of Win32/Agent.EPWTRWA trojan (deleted - quarantined) 00000000000000000000000000000000 C
F:\Peter\C\crack\Snowy.zip probably a variant of Win32/Agent.EOICNDO trojan (deleted - quarantined) 00000000000000000000000000000000 C
F:\Peter\C\crack\TotemTribeCrack.zip probably a variant of Win32/Agent.HYGFSMA trojan (deleted - quarantined) 00000000000000000000000000000000 C
F:\Peter\C\crack\Alawar_Snowy_Treasure_Hunter_2_v1_0_Cracked_exe_by_[TLG]Mysterio\TreasureHunter2.exe probably a variant of Win32/Agent.EPWTRWA trojan (cleaned by deleting - quarantined) 00000000000000000000000000000000 C
F:\Peter\C\downloads\FreeYouTubeDownloaderInstaller.exe a variant of Win32/Somoto.A application (cleaned by deleting - quarantined) 00000000000000000000000000000000 C
F:\Peter\C\downloads\password.chm multiple threats (deleted - quarantined) 00000000000000000000000000000000 C
F:\Peter\C\downloads\StormCodec6.08.13.exe multiple threats (cleaned by deleting - quarantined) 00000000000000000000000000000000 C
F:\Peter\C\Peter\MSI Pendrive\winpopup-lan-messenger-3.9\winpopup.lan.messenger.3.9.crack-rev.zip probably a variant of Win32/TrojanDownloader.Obfuscated.JEFNVLC trojan (deleted - quarantined) 00000000000000000000000000000000 C
F:\Peter\C\virus\kis8.0.0.506e_with_keys.rar Win32/PSW.Agent.NML trojan (deleted - quarantined) 00000000000000000000000000000000 C
F:\Peter\C\virus\kis8.0.0.506e_with_keys\kis8.0.0.506e with keys\kis8.0.0.506en.exe Win32/PSW.Agent.NML trojan (deleted - quarantined) 00000000000000000000000000000000 C
F:\Peter\My Documents\3D SexVilla\3D+SexVilla+v.2.051.001.rar multiple threats (deleted - quarantined) 00000000000000000000000000000000 C
F:\Peter\My Documents\3D SexVilla\3D+SexVilla+v.2.051.001\3D SexVilla v.2.051.001\Launcher\fc3DSexVillaRun.exe a variant of Win32/Inject.NDT trojan (cleaned by deleting - quarantined) 00000000000000000000000000000000 C
F:\Peter\My Documents\w\2uwm\wmwg.rar a variant of Win32/Packed.FlyStudio application (deleted - quarantined) 00000000000000000000000000000000 C
F:\Peter\My Documents\w\2uwm\wmwg\通用完美SF穿墙挂机挂2.52\通用完美SF挂2.52.exe a variant of Win32/Packed.FlyStudio application (cleaned by deleting - quarantined) 00000000000000000000000000000000 C
F:\Peter\My Documents\w\waigua\jgbwg1.463\jgbwg.exe probably a variant of Win32/TrojanClicker.Agent.HUOCGHK trojan (cleaned by deleting - quarantined) 00000000000000000000000000000000 C
F:\Peter\My Documents\w\waigua\sdfhrr\safemon.dll probably a variant of Win32/Agent.ITVWIGY trojan (cleaned by deleting - quarantined) 00000000000000000000000000000000 C
F:\Peter\My Documents\w\waigua\wmdtgig\safemon.dll probably a variant of Win32/Agent.ITVWIGY trojan (cleaned by deleting - quarantined) 00000000000000000000000000000000 C
F:\Peter\My Documents\w\waigua\完美幽灵v198挖矿版\wmyl.dll probably a variant of Win32/Agent.CCZSVLB trojan (cleaned by deleting - quarantined) 00000000000000000000000000000000 C
F:\Ragnarok Offline\GRF-factory\GrfSuite.zip probably a variant of Win32/Agent.EGBWMXA trojan (deleted - quarantined) 000000000000
  • 0

#43
Peter Lee

Peter Lee

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 117 posts
Regedit taskman works for now .. System / hidden files can be shown ..
  • 0

#44
RKinner

RKinner

    Malware Expert

  • Expert
  • 19,776 posts
  • MVP
What other problems do we have? Your logs look pretty clean. Let's clear the System Restore:

Copy the following:

:Commands
[CLEARALLRESTOREPOINTS]
[Reboot]

Run OTL. In the Custom Scans/Fixes box at the bottom, paste in the copied text (Ctrl + v) and then hit Run Fix.

Ron
  • 0

#45
Peter Lee

Peter Lee

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 117 posts
Everything works fine now. Thanks for helping.
  • 0






Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP