Jump to content

Welcome to Geeks to Go - Register now for FREE

Need help with your computer or device? Want to learn new tech skills? You're in the right place!
Geeks to Go is a friendly community of tech experts who can solve any problem you have. Just create a free account and post your question. Our volunteers will reply quickly and guide you through the steps. Don't let tech troubles stop you. Join Geeks to Go now and get the support you need!

How it Works Create Account
Photo

Redirect bug!

Started by crossbow66 , Sep 13 2012 06:15 AM

  • Please log in to reply

#16
RKinner
Posted 15 September 2012 - 01:38 AM

RKinner

    Malware Expert

  • Expert
  • 24,625 posts
  • MVP
TDSSKiller is not complaining anymore. Are you still getting redirected?


Download, Save and Run (win 7 or Vista => Right click and Run as Admin.) farbar service scanner

Posted Image

Tick "All" options.
Press "Scan".
It will create a log (FSS.txt) in the same directory the tool is run.

Please copy and paste the log to your reply.

Run Combofix. If it want to download updates let it. Remember to pause your anti-virus. Post the log.

Use IE and go to http://eset.com/onlinescan and click on ESET online Scanner. Accept the terms then press Start (If you get a warning from your browser tell it you want to run it).

# Check Scan Archives
# Push the Start button.
# ESET will then download updates for itself, install itself, and begin scanning your computer. Please be patient as this can take some time.
# When the scan completes, push LIST OF THREATS FOUND
# Push EXPORT TO TEXT FILE , and save the file to your desktop using a unique name, such as ESETScan. Include the contents of this report in your next reply.
# Push the BACK button.
# Push Finish
# Once the scan is completed, you may close the window.
# Use Notepad to open the logfile located at C:\Program Files\EsetOnlineScanner\log.txt
# Copy and paste that log as a reply.


Let's also try the bitdefender quickscan.

http://quickscan.bitdefender.com/

When it finishes there is a View Report option at the bottom. Click on it and copy and paste the report (even if it says nothing found).


Start, Run, eventvwr.msc, OK to bring up the Event Viewer. Right click on System and Clear All Events, No (we don't want to save the old log), OK. Repeat for Application.

Reboot.

The disk check will run and will probably take an hour or more to finish.

1. Please download the Event Viewer Tool by Vino Rosso
http://images.malwar...om/vino/VEW.exe
and save it to your Desktop:
2. Double-click VEW.exe
3. Under 'Select log to query', select:

* System
4. Under 'Select type to list', select:
* Error
* Warning


Then use the 'Number of events' as follows:


1. Click the radio button for 'Number of events'
Type 20 in the 1 to 20 box
Then click the Run button.
Notepad will open with the output log.


Please post the Output log in your next reply then repeat but select Application.

Probably be a good idea to let ESET scan your system:

Ron

PSBed time for me for tonight.
  • 0

Advertisements

#17
crossbow66
Posted 15 September 2012 - 08:34 AM

crossbow66

    Member

  • Topic Starter
  • Member
  • PipPip
  • 55 posts
Good morning, Ron! I was following your previous direction at 3:00 in the morning here, so I'm late getting up!

I don't appear to be getting redirected. Wonderful. I'll start in on these directions now. I also have a weird thing called RegRun that one of these programs put on my computer - which scans things as the computer is starting up and it told me this this that I did have some problems "probably a virus!" Now, it speaks up?? I'll let it fix whatever, and then run these other programs.
  • 0

#18
crossbow66
Posted 15 September 2012 - 08:35 AM

crossbow66

    Member

  • Topic Starter
  • Member
  • PipPip
  • 55 posts
Oh, they appear to be false positives...
  • 0

#19
crossbow66
Posted 15 September 2012 - 08:57 AM

crossbow66

    Member

  • Topic Starter
  • Member
  • PipPip
  • 55 posts
I'll post these two before I go further in case something reboots and I lose track of where the logs are:

Combofix:
ComboFix 12-08-29.03 - Mark V. Sanderford 09/15/2012 10:48:10.2.2 - x86
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.3326.2575 [GMT -4:00]
Running from: c:\documents and settings\Mark V. Sanderford\Desktop\ComboFix.exe
AV: Microsoft Security Essentials *Disabled/Outdated* {EDB4FA23-53B8-4AFA-8C5D-99752CCA7095}
AV: Microsoft Security Essentials *Disabled/Updated* {BCF43643-A118-4432-AEDE-D861FCBCFCDF}
.
.
((((((((((((((((((((((((( Files Created from 2012-08-15 to 2012-09-15 )))))))))))))))))))))))))))))))
.
.
2012-09-15 01:02 . 2012-09-15 01:02 -------- d-----w- C:\_OTL
2012-09-14 15:37 . 2012-09-14 15:38 -------- d-----w- c:\documents and settings\All Users.WINDOWS.0\Application Data\boost_interprocess
2012-09-12 18:04 . 2012-09-12 18:04 -------- d-----w- C:\_OTM
2012-09-12 17:34 . 2012-09-12 17:34 73696 ----a-w- c:\program files\Mozilla Firefox\breakpadinjector.dll
2012-09-12 11:02 . 2012-09-12 11:02 -------- d-----w- c:\documents and settings\All Users.WINDOWS.0\Application Data\AdFender
2012-09-11 12:07 . 2012-09-11 12:07 -------- d-----w- c:\documents and settings\Mark V. Sanderford\Application Data\SUPERAntiSpyware.com
2012-09-11 12:07 . 2012-09-11 12:07 -------- d-----w- c:\program files\SUPERAntiSpyware
2012-09-11 12:07 . 2012-09-11 12:07 -------- d-----w- c:\documents and settings\All Users.WINDOWS.0\Application Data\SUPERAntiSpyware.com
2012-09-11 11:36 . 2012-09-11 11:36 388096 ----a-r- c:\documents and settings\Mark V. Sanderford\Application Data\Microsoft\Installer\{45A66726-69BC-466B-A7A4-12FCBA4883D7}\HiJackThis.exe
2012-09-11 11:36 . 2012-09-11 11:36 -------- d-----w- c:\program files\Trend Micro
2012-09-11 00:58 . 2012-09-11 00:58 -------- d-----w- c:\documents and settings\Administrator.MARK-59C0B947BC\Local Settings\Application Data\Opera
2012-09-11 00:56 . 2012-09-11 00:56 -------- d-----w- c:\documents and settings\Administrator.MARK-59C0B947BC\Application Data\CallingID
2012-09-11 00:56 . 2012-09-11 00:56 -------- d-sh--w- c:\documents and settings\Administrator.MARK-59C0B947BC\PrivacIE
2012-09-11 00:50 . 2012-09-11 00:50 -------- d-----w- c:\documents and settings\Administrator.MARK-59C0B947BC\Application Data\Malwarebytes
2012-09-11 00:39 . 2012-09-11 00:39 -------- d-sh--w- c:\documents and settings\Administrator.MARK-59C0B947BC\IETldCache
2012-09-10 21:00 . 2012-09-10 21:00 -------- d-----w- c:\program files\Microsoft Security Client
2012-09-10 17:57 . 2008-04-14 05:48 52480 -c--a-w- c:\windows.0\system32\dllcache\i8042prt.sys
2012-09-10 17:57 . 2008-04-14 05:48 52480 ----a-w- c:\windows.0\system32\drivers\i8042prt.sys
2012-09-10 17:44 . 2012-09-10 17:44 24416 ----a-w- c:\windows.0\system32\drivers\regguard.sys
2012-09-10 17:30 . 2012-09-15 14:52 -------- d-----w- c:\documents and settings\All Users.WINDOWS.0\Application Data\RegRun
2012-09-10 17:30 . 2012-09-10 17:30 39184 ----a-w- c:\windows.0\system32\Partizan.exe
2012-09-10 17:30 . 2012-09-10 17:30 35816 ----a-w- c:\windows.0\system32\drivers\Partizan.sys
2012-09-10 17:30 . 2012-09-10 17:30 2 --shatr- c:\windows.0\winstart.bat
2012-09-10 17:30 . 2012-09-10 16:59 12800 ----a-w- c:\windows.0\system32\drivers\UnHackMeDrv.sys
2012-09-10 17:30 . 2012-09-11 00:39 -------- d-----w- c:\program files\UnHackMe
2012-09-06 02:07 . 2012-09-06 02:07 -------- d-----w- c:\windows.0\system32\NtmsData
2012-09-05 01:48 . 2012-09-05 01:48 -------- d-----w- C:\Program Files (x86)
2012-08-29 19:51 . 2012-08-29 22:06 -------- d-----w- C:\TDSSKiller_Quarantine
2012-08-21 21:30 . 2012-08-21 21:30 -------- d-----w- c:\program files\TeaTimer (Spybot - Search & Destroy)
2012-08-21 21:30 . 2012-08-21 21:30 -------- d-----w- c:\program files\File Scanner Library (Spybot - Search & Destroy)
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-09-15 14:24 . 2009-02-03 13:00 16608 ----a-w- c:\windows.0\gdrv.sys
2012-09-07 21:04 . 2012-05-09 20:09 22856 ----a-w- c:\windows.0\system32\drivers\mbam.sys
2012-08-15 13:05 . 2012-04-10 11:25 426184 ----a-w- c:\windows.0\system32\FlashPlayerApp.exe
2012-08-15 13:05 . 2011-05-20 13:10 70344 ----a-w- c:\windows.0\system32\FlashPlayerCPLApp.cpl
2012-07-06 13:58 . 2008-04-14 09:41 78336 ----a-w- c:\windows.0\system32\browser.dll
2012-07-04 14:05 . 2009-01-25 22:11 139784 ----a-w- c:\windows.0\system32\drivers\rdpwd.sys
2012-07-03 13:40 . 2008-04-14 05:00 1866112 ----a-w- c:\windows.0\system32\win32k.sys
2012-07-02 17:49 . 2008-04-14 09:42 916992 ----a-w- c:\windows.0\system32\wininet.dll
2012-07-02 17:49 . 2008-04-14 09:42 1469440 ------w- c:\windows.0\system32\inetcpl.cpl
2012-07-02 17:49 . 2008-04-14 09:41 43520 ------w- c:\windows.0\system32\licmgr10.dll
2012-07-02 12:05 . 2008-04-14 04:07 385024 ------w- c:\windows.0\system32\html.iec
2012-09-12 17:34 . 2011-03-23 22:06 266720 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll
.
.
------- Sigcheck -------
Note: Unsigned files aren't necessarily malware.
.
[-] 2009-01-20 . 2F811104EEEE476D84487D69AE47D43C . 1614848 . . [5.1.2600.5512] . . c:\windows.0\system32\sfcfiles.dll
.
((((((((((((((((((((((((((((( SnapShot@2012-09-10_18.01.11 )))))))))))))))))))))))))))))))))))))))))
.
+ 2012-09-15 14:24 . 2012-09-15 14:24 16384 c:\windows.0\Temp\Perflib_Perfdata_348.dat
+ 2012-09-15 14:25 . 2012-09-15 14:25 16384 c:\windows.0\Temp\Perflib_Perfdata_20c.dat
+ 2012-03-21 00:44 . 2012-03-21 00:44 171064 c:\windows.0\system32\drivers\MpFilter.sys
+ 2012-09-10 21:00 . 2012-09-10 21:00 301056 c:\windows.0\Installer\a5a7ce.msi
+ 2012-05-01 02:35 . 2012-09-10 21:00 109563 c:\windows.0\Installer\{0F842B77-56EA-4AAF-8295-81A022350B5E}\SCEP.exe
- 2012-05-01 02:35 . 2012-05-01 02:35 109563 c:\windows.0\Installer\{0F842B77-56EA-4AAF-8295-81A022350B5E}\SCEP.exe
+ 2012-09-10 21:00 . 2012-09-10 21:00 123352 c:\windows.0\Installer\{0F842B77-56EA-4AAF-8295-81A022350B5E}\MSE.exe
+ 2012-05-01 02:35 . 2012-09-10 21:00 109563 c:\windows.0\Installer\{0F842B77-56EA-4AAF-8295-81A022350B5E}\INTUNE.exe
- 2012-05-01 02:35 . 2012-05-01 02:35 109563 c:\windows.0\Installer\{0F842B77-56EA-4AAF-8295-81A022350B5E}\INTUNE.exe
- 2012-05-01 02:35 . 2012-05-01 02:35 109563 c:\windows.0\Installer\{0F842B77-56EA-4AAF-8295-81A022350B5E}\FEP.exe
+ 2012-05-01 02:35 . 2012-09-10 21:00 109563 c:\windows.0\Installer\{0F842B77-56EA-4AAF-8295-81A022350B5E}\FEP.exe
+ 2012-05-01 02:35 . 2012-09-10 21:00 109563 c:\windows.0\Installer\{0F842B77-56EA-4AAF-8295-81A022350B5E}\EPP.exe
- 2012-05-01 02:35 . 2012-05-01 02:35 109563 c:\windows.0\Installer\{0F842B77-56EA-4AAF-8295-81A022350B5E}\EPP.exe
+ 2012-09-12 17:56 . 2012-09-12 17:56 421888 c:\windows.0\erdnt\9-12-2012\Users\00000002\UsrClass.dat
+ 2012-09-12 17:56 . 2005-10-20 16:02 163328 c:\windows.0\erdnt\9-12-2012\ERDNT.EXE
+ 2012-09-10 21:00 . 2012-09-10 21:00 1826304 c:\windows.0\Installer\a5a7d6.msi
+ 2012-09-11 11:36 . 2012-09-11 11:36 1094656 c:\windows.0\Installer\272a61.msi
+ 2012-09-12 17:56 . 2012-09-12 17:56 14794752 c:\windows.0\erdnt\9-12-2012\Users\00000001\ntuser.dat
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{A057A204-BACC-4D26-8287-79A187E26987}]
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"BitTorrent DNA"="c:\program files\DNA\btdna.exe" [2009-11-13 323392]
"MediaFire Tray"="c:\documents and settings\Mark V. Sanderford\Application Data\MediaFire Express\mf_systray.exe" [2012-08-16 2196040]
"UnHackMe Monitor"="c:\program files\UnHackMe\hackmon.exe" [2012-09-10 595216]
"SUPERAntiSpyware"="c:\program files\SUPERAntiSpyware\SUPERAntiSpyware.exe" [2012-09-06 4780928]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Launch LGDCore"="c:\program files\Common Files\Logitech\G-series Software\LGDCore.exe" [2006-07-23 1126400]
"Logitech Utility"="Logi_MwX.Exe" [2003-12-17 19968]
"JMB36X IDE Setup"="c:\windows.0\RaidTool\xInsIDE.exe" [2007-03-20 36864]
"36X Raid Configurer"="c:\windows.0\system32\xRaidSetup.exe" [2007-11-19 1966080]
"ISUSPM Startup"="c:\progra~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe" [2005-02-17 221184]
"NeroFilterCheck"="c:\program files\Common Files\Ahead\Lib\NeroCheck.exe" [2008-02-27 570664]
"NeroCheck"="c:\windows.0\system32\NeroCheck.exe" [2001-08-06 155648]
"SecurDisc"="c:\program files\Nero\Nero 7\InCD\NBHGui.exe" [2008-02-18 1629480]
"InCD"="c:\program files\Nero\Nero 7\InCD\InCD.exe" [2008-02-18 1057064]
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-02-07 136600]
"RemoteControl"="c:\program files\CyberLink\PowerDVD\PDVDServ.exe" [2007-03-15 71216]
"LanguageShortcut"="c:\program files\CyberLink\PowerDVD\Language\Language.exe" [2007-01-09 52256]
"OrderReminder"="c:\program files\Hewlett-Packard\OrderReminder\OrderReminder.exe" [2006-01-30 98304]
"M-Audio Taskbar Icon"="c:\windows.0\System32\DeltaIITray.exe" [2008-03-03 236040]
"DeltaIITaskbarApp"="c:\windows.0\system32\DeltaIITray.exe" [2008-03-03 236040]
"DigidesignMMERefresh"="c:\program files\Digidesign\Drivers\MMERefresh.exe" [2007-10-31 77824]
"LELA"="c:\program files\Linksys\Linksys EasyLink Advisor\Linksys EasyLink Advisor.exe" [2008-05-01 131072]
"nmctxth"="c:\program files\Common Files\Pure Networks Shared\Platform\nmctxth.exe" [2008-04-09 648504]
"PivotSoftware"="c:\program files\Portrait Displays\Pivot Software\wpctrl.exe" [2007-02-09 694008]
"DT ACR"="c:\program files\Common Files\Portrait Displays\Shared\DT_startup.exe" [2008-06-06 81920]
"Kernel and Hardware Abstraction Layer"="KHALMNPR.EXE" [2008-12-19 76304]
"EVGAPrecision"="c:\program files\EVGA Precision\EVGAPrecision.exe" [2008-12-22 240656]
"NvCplDaemon"="c:\windows.0\system32\NvCpl.dll" [2009-06-10 13758464]
"nwiz"="nwiz.exe" [2009-06-10 1657376]
"NvMediaCenter"="c:\windows.0\system32\NvMcTray.dll" [2009-06-10 86016]
"TkBellExe"="c:\program files\Common Files\Real\Update_OB\realsched.exe" [2010-03-28 202256]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2010-11-29 421888]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2011-04-27 421160]
"SoundMan"="SOUNDMAN.EXE" [2008-06-18 77824]
"RTHDCPL"="RTHDCPL.EXE" [2008-07-23 16804864]
"ISUSScheduler"="c:\program files\Common Files\InstallShield\UpdateService\issch.exe" [2005-06-10 81920]
"AlcWzrd"="ALCWZRD.EXE" [2008-06-19 2808832]
"CanonMyPrinter"="c:\program files\Canon\MyPrinter\BJMyPrt.exe" [2010-03-25 2516296]
"CanonSolutionMenuEx"="c:\program files\Canon\Solution Menu EX\CNSEMAIN.EXE" [2010-04-02 1185112]
"VERIZONDM"="c:\program files\VERIZONDM\bin\sprtcmd.exe" [2011-12-01 206120]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2009-10-03 35696]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-01-03 843712]
"MSC"="c:\program files\Microsoft Security Client\msseces.exe" [2012-03-26 931200]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"DWQueuedReporting"="c:\progra~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" [2011-07-27 434080]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"_nltide_3"="advpack.dll" [2009-03-08 128512]
.
c:\documents and settings\Owner\Start Menu\Programs\Startup\
AutoBackup Launcher.lnk - c:\program files\Seagate\AutoBackup\MemeoLauncher.exe [2008-1-14 95456]
.
c:\documents and settings\Mark V. Sanderford\Start Menu\Programs\Startup\
Adobe Gamma.lnk - c:\program files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe [2004-12-9 113664]
.
c:\documents and settings\All Users.WINDOWS.0\Start Menu\Programs\Startup\
AdFender.lnk - c:\program files\AdFender\AdFender.exe [2012-6-20 2772112]
APC UPS Status.lnk - c:\program files\APC\APC PowerChute Personal Edition\Display.exe [2009-3-7 221247]
Audible Download Manager.lnk - c:\program files\Audible\Bin\AudibleDownloadHelper.exe [2011-3-14 2125472]
Logitech SetPoint.lnk - c:\program files\Logitech\SetPoint\SetPoint.exe [2009-5-17 809488]
WDDMStatus.lnk - c:\program files\Western Digital\WD SmartWare\WD Drive Manager\WDDMStatus.exe [2011-3-9 3986944]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer]
"EnableShellExecuteHooks"= 1 (0x1)
.
[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{1869181A-9F50-4FCF-8BFF-1B8588ECB85C}"= "c:\program files\CallingID\CallingIDLinkAdvisor2.0\LinkAdvisor\CIDLinkAdvisor.dll" [2012-09-03 2611280]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "c:\program files\SUPERAntiSpyware\SASSEH.DLL" [2011-07-19 113024]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\LBTWlgn]
2009-02-19 04:30 72208 ----a-w- c:\program files\Common Files\Logishrd\Bluetooth\LBTWLgn.dll
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute REG_MULTI_SZ autocheck autochk *\0Partizan\0
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\!SASCORE]
@=""
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc]
@="Service"
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WdfLoadGroup]
@=""
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\SiSoftware\\SiSoftware Sandra Lite 2009.SP2\\RpcAgentSrv.exe"=
"c:\\Program Files\\Mozilla Thunderbird\\thunderbird.exe"=
"c:\\Program Files\\Mozilla Firefox\\firefox.exe"=
"c:\\WINDOWS.0\\system32\\mmc.exe"=
"c:\\Program Files\\Real\\RealPlayer\\realplay.exe"=
"c:\\Program Files\\DNA\\btdna.exe"=
"c:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"=
"c:\\Program Files\\Opera\\opera.exe"=
"c:\\Program Files\\Google\\Google Earth\\plugin\\geplugin.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=
"c:\\Program Files\\Common Files\\Apple\\Apple Application Support\\WebKit2WebProcess.exe"=
"c:\\Program Files\\SiSoftware\\SiSoftware Sandra Lite 2009.SP2\\WNt500x86\\RpcSandraSrv.exe"=
"c:\\Program Files\\AdFender\\AdFender.exe"=
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"67:UDP"= 67:UDP:DHCP Discovery Service
"50000:UDP"= 50000:UDP:IHA_MessageCenter
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\IcmpSettings]
"AllowInboundEchoRequest"= 1 (0x1)
.
R0 DigiFilter;DigiFilter;c:\windows.0\system32\drivers\DigiFilt.sys [2/9/2009 7:57 AM 16384]
R0 Lbd;Lbd;c:\windows.0\system32\drivers\Lbd.sys [3/7/2009 2:41 AM 64288]
R1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\sasdifsv.sys [7/22/2011 12:27 PM 12880]
R1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL.SYS [7/12/2011 5:55 PM 67664]
R2 !SASCORE;SAS Core Service;c:\program files\SUPERAntiSpyware\SASCore.exe [7/11/2012 2:54 PM 116608]
R2 CIDLinkAdvisorService;CIDLinkAdvisorService;c:\program files\CallingID\CallingIDLinkAdvisor2.0\LinkAdvisor\CIDLinkAdvisorService.exe [9/3/2012 6:47 AM 227408]
R2 GEST Service;GEST Service for program management.;c:\program files\GIGABYTE\EnergySaver\GSvr.exe [2/3/2009 9:04 AM 68136]
R2 IHA_MessageCenter;IHA_MessageCenter;c:\program files\Verizon\IHA_MessageCenter\Bin\Verizon_IHAMessageCenter.exe [12/12/2011 11:03 AM 335888]
R2 LBeepKE;LBeepKE;c:\windows.0\system32\drivers\LBeepKE.sys [5/17/2009 12:41 PM 10384]
R2 nlsX86cc;Nalpeiron Licensing Service;c:\windows.0\system32\nlssrv32.exe [2/21/2011 5:17 PM 66560]
R2 PdiService;Portrait Displays SDK Service;c:\program files\Common Files\Portrait Displays\Drivers\pdisrvc.exe [3/15/2009 4:14 PM 109096]
R2 sprtsvc_verizondm;SupportSoft Sprocket Service (verizondm);c:\program files\VERIZONDM\bin\sprtsvc.exe [12/1/2011 6:11 AM 206120]
R2 tgsrvc_verizondm;SupportSoft Repair Service (verizondm);c:\program files\VERIZONDM\bin\tgsrvc.exe [12/1/2011 6:11 AM 185640]
R2 WDDMService;WDDMService;c:\program files\Western Digital\WD SmartWare\WD Drive Manager\WDDMService.exe [3/9/2011 11:07 AM 238592]
R2 WDSC;WD File Management Shadow Engine;c:\program files\Western Digital\WD SmartWare\Front Parlor\WDSC.exe [3/9/2011 11:16 AM 484352]
R3 DELTAII;Service for M-Audio Delta Driver (WDM);c:\windows.0\system32\drivers\deltaII.sys [2/8/2009 9:12 PM 302728]
R3 WDC_SAM;WD SCSI Pass Thru driver;c:\windows.0\system32\drivers\wdcsam.sys [8/5/2012 12:57 PM 11520]
S2 COM Service;COM Service;c:\program files\GIGABYTE\G.O.M\GCSVR.exe [2/3/2009 9:29 AM 16384]
S2 gupdate;Google Update Service (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [6/14/2010 11:02 AM 136176]
S2 LinksysUpdater;Linksys Updater;c:\program files\Linksys\Linksys Updater\bin\LinksysUpdater.exe [4/18/2008 5:30 AM 204800]
S2 NeroRegInCDSrv;Nero Registry InCD Service;c:\program files\Nero\Nero 7\InCD\NBHRegInCDSrv.exe --> c:\program files\Nero\Nero 7\InCD\NBHRegInCDSrv.exe [?]
S2 WDFME;WD File Management Engine;"c:\program files\Western Digital\WD SmartWare\Front Parlor\WDFME\WDFME.exe" --> c:\program files\Western Digital\WD SmartWare\Front Parlor\WDFME\WDFME.exe [?]
S3 94865510;94865510; [x]
S3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:\windows.0\system32\Macromed\Flash\FlashPlayerUpdateService.exe [4/10/2012 7:25 AM 250056]
S3 epppdt;EPSON 1394.3 Class;c:\windows.0\system32\drivers\epppdt.sys [2/8/2009 6:10 PM 31275]
S3 epppdtpr;EPSON 1394.3 Printer Class;c:\windows.0\system32\drivers\epppdtpr.sys [2/8/2009 6:10 PM 14463]
S3 gupdatem;Google Update Service (gupdatem);c:\program files\Google\Update\GoogleUpdate.exe [6/14/2010 11:02 AM 136176]
S3 GVTDrv;GVTDrv;c:\windows.0\system32\drivers\GVTDrv.sys [2/3/2009 9:41 AM 24944]
S3 Lavasoft Kernexplorer;Lavasoft helper driver;\??\c:\program files\Lavasoft\Ad-Aware\KernExplorer.sys --> c:\program files\Lavasoft\Ad-Aware\KernExplorer.sys [?]
S3 MozillaMaintenance;Mozilla Maintenance Service;c:\program files\Mozilla Maintenance Service\maintenanceservice.exe [4/24/2012 8:52 PM 114144]
S3 RegGuard;RegGuard;c:\windows.0\system32\drivers\regguard.sys [9/10/2012 1:44 PM 24416]
S3 SandraAgentSrv;SiSoftware Deployment Agent Service;c:\program files\SiSoftware\SiSoftware Sandra Lite 2009.SP2\RpcAgentSrv.exe [3/3/2009 2:19 PM 98488]
S3 SetupNTGLM7X;SetupNTGLM7X;\??\e:\ntglm7x.sys --> e:\NTGLM7X.sys [?]
S3 Wdm1;USB Bridge Cable Driver;c:\windows.0\system32\drivers\usbbc.sys [3/18/2005 12:02 PM 15576]
.
--- Other Services/Drivers In Memory ---
.
*Deregistered* - Partizan
*Deregistered* - UnHackMeDrv
.
Contents of the 'Scheduled Tasks' folder
.
2012-09-15 c:\windows.0\Tasks\Adobe Flash Player Updater.job
- c:\windows.0\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2012-04-10 13:05]
.
2012-09-14 c:\windows.0\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2011-06-01 21:57]
.
2012-09-15 c:\windows.0\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-06-14 15:02]
.
2012-09-15 c:\windows.0\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-06-14 15:02]
.
2012-09-15 c:\windows.0\Tasks\RealUpgradeLogonTaskS-1-5-21-583907252-1682526488-1801674531-1005.job
- c:\program files\Real\RealUpgrade\realupgrade.exe [2010-02-25 02:09]
.
2012-09-12 c:\windows.0\Tasks\RealUpgradeScheduledTaskS-1-5-21-583907252-1682526488-1801674531-1005.job
- c:\program files\Real\RealUpgrade\realupgrade.exe [2010-02-25 02:09]
.
2012-09-10 c:\windows.0\Tasks\SyncBack Archive.job
- c:\program files\2BrightSparks\SyncBack\SyncBack.exe [2009-11-30 17:00]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.google.com/
uInternet Settings,ProxyOverride = *.local
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
Trusted Zone: com.tw\asia.msi
Trusted Zone: com.tw\global.msi
Trusted Zone: com.tw\www.msi
TCP: DhcpNameServer = 192.168.1.1
FF - ProfilePath - c:\documents and settings\Mark V. Sanderford\Application Data\Mozilla\Firefox\Profiles\kv0svoaa.default\
FF - prefs.js: browser.search.defaulturl - hxxp://www.google.com/search?lr=&ie=UTF-8&oe=UTF-8&q=
FF - prefs.js: network.proxy.type - 0
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2012-09-15 10:52
Windows 5.1.2600 Service Pack 3 NTFS
.
scanning hidden processes ...
.
scanning hidden autostart entries ...
.
scanning hidden files ...
.
scan completed successfully
hidden files: 0
.
**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\System\ControlSet001\Enum\HID\Vid_046d&Pid_c501\6&2e7ff71e&0&0000\LogConf]
@DACL=(02 0000)
.
[HKEY_LOCAL_MACHINE\System\ControlSet001\Enum\HID\Vid_046d&Pid_c51b&MI_00\7&2c8221d9&0&0000\LogConf]
@DACL=(02 0000)
.
--------------------- DLLs Loaded Under Running Processes ---------------------
.
- - - - - - - > 'winlogon.exe'(932)
c:\program files\common files\logishrd\bluetooth\LBTWlgn.dll
c:\program files\common files\logishrd\bluetooth\LBTServ.dll
.
- - - - - - - > 'explorer.exe'(820)
c:\windows.0\system32\WININET.dll
c:\program files\Logitech\SetPoint\lgscroll.dll
c:\windows.0\WinSxS\x86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0.50727.6195_x-ww_44262b86\MSVCR80.dll
c:\program files\Portrait Displays\Pivot Software\winphook.dll
c:\windows.0\system32\ieframe.dll
c:\windows.0\system32\webcheck.dll
c:\windows.0\system32\WPDShServiceObj.dll
c:\windows.0\system32\PortableDeviceTypes.dll
c:\windows.0\system32\PortableDeviceApi.dll
.
Completion time: 2012-09-15 10:53:53
ComboFix-quarantined-files.txt 2012-09-15 14:53
.
Pre-Run: 126,141,341,696 bytes free
Post-Run: 126,251,872,256 bytes free
.
- - End Of File - - 41FB212B27C8A50F45C3348292DA98CC

FSS:

Farbar Service Scanner Version: 06-08-2012
Ran by Mark V. Sanderford (administrator) on 15-09-2012 at 10:42:04
Running from "C:\Documents and Settings\Mark V. Sanderford\Desktop"
Microsoft Windows XP Home Edition Service Pack 3 (X86)
Boot Mode: Normal
****************************************************************

Internet Services:
============

Connection Status:
==============
Localhost is accessible.
LAN connected.
Google IP is accessible.
Google.com is accessible.
Yahoo IP is accessible.
Yahoo.com is accessible.


Windows Firewall:
=============

Firewall Disabled Policy:
==================


System Restore:
============

System Restore Disabled Policy:
========================


Security Center:
============
wscsvc Service is not running. Checking service configuration:
The start type of wscsvc service is set to Disabled. The default start type is Auto.
The ImagePath of wscsvc service is OK.
The ServiceDll of wscsvc service is OK.


Windows Update:
============
wuauserv Service is not running. Checking service configuration:
Checking Start type: ATTENTION!=====> Unable to open wuauserv registry key. The service key does not exist.
Checking ImagePath: ATTENTION!=====> Unable to open wuauserv registry key. The service key does not exist.
Checking ServiceDll: ATTENTION!=====> Unable to open wuauserv registry key. The service key does not exist.


Windows Autoupdate Disabled Policy:
============================


File Check:
========
C:\WINDOWS.0\system32\dhcpcsvc.dll => MD5 is legit
C:\WINDOWS.0\system32\Drivers\afd.sys => MD5 is legit
C:\WINDOWS.0\system32\Drivers\netbt.sys => MD5 is legit
C:\WINDOWS.0\system32\Drivers\tcpip.sys => MD5 is legit
C:\WINDOWS.0\system32\Drivers\ipsec.sys => MD5 is legit
C:\WINDOWS.0\system32\dnsrslvr.dll => MD5 is legit
C:\WINDOWS.0\system32\ipnathlp.dll => MD5 is legit
C:\WINDOWS.0\system32\netman.dll => MD5 is legit
C:\WINDOWS.0\system32\wbem\WMIsvc.dll => MD5 is legit
C:\WINDOWS.0\system32\srsvc.dll => MD5 is legit
C:\WINDOWS.0\system32\Drivers\sr.sys => MD5 is legit
C:\WINDOWS.0\system32\wscsvc.dll => MD5 is legit
C:\WINDOWS.0\system32\wbem\WMIsvc.dll => MD5 is legit
C:\WINDOWS.0\system32\wuauserv.dll => MD5 is legit
C:\WINDOWS.0\system32\qmgr.dll => MD5 is legit
C:\WINDOWS.0\system32\es.dll => MD5 is legit
C:\WINDOWS.0\system32\cryptsvc.dll => MD5 is legit
C:\WINDOWS.0\system32\svchost.exe => MD5 is legit
C:\WINDOWS.0\system32\rpcss.dll => MD5 is legit
C:\WINDOWS.0\system32\services.exe => MD5 is legit

Extra List:
=======
Gpc(6) IPSec(4) NetBT(5) PSched(7) Tcpip(3)
0x080000000400000001000000020000000300000056000000050000000600000007000000
IpSec Tag value is correct.


On to ESET!
  • 0

#20
RKinner
Posted 15 September 2012 - 10:19 AM

RKinner

    Malware Expert

  • Expert
  • 24,625 posts
  • MVP
I don't trust RegRun so it would be best to uninstall it.

Copy the text in the code box:


/md5start
sfcfiles.dll
i8042prt.sys
/md5stop

Run OTL (Vista or Win 7 => right click and Run As Administrator)

Paste (Ctrl + v) the copied text in the box where it says Custom Scan/Fixes

then Run Scan.

You should get 1 log. Please copy and paste it.


Copy the text between the lines of stars by highlighting and Ctrl + c.

******************************************


AtJob::

DirLook::
C:\Program Files\Common
%user%\library

Driver::
94865510


******************************************

Now open notepad (Start, Run, notepad, OK) and Ctrl + V to paste the text into Notepad. Make sure you got it all then File, SAVE AS, (to your Desktop), CFScript , OK. Close notepad. (Overwrite the old one if it's still there.) You should see a file CFScript.txt on your desktop.

Pause your anti-virus.

Drag CFScript.txt over to Combofix and let go Combofix should start on its own.

Post the new log.



Download ESET's Service Repair http://kb.eset.com/l...vicesRepair.exe and Save it then right click on it and Run As Admin.

I think it reboots when it finishes but if not reboot it yourself.

Then run Farbar again and post its log.
  • 0

#21
crossbow66
Posted 15 September 2012 - 10:58 AM

crossbow66

    Member

  • Topic Starter
  • Member
  • PipPip
  • 55 posts
Aaaand the Eset logs:

C:\System Volume Information\_restore{AB9E1C5A-8C7A-4F78-8E40-E890B4A4E92C}\RP1340\A0682341.exe a variant of Win32/Kryptik.AMD trojan
C:\_OTL\MovedFiles\09142012_210203\C_WINDOWS.0\system32\jgsh400F.dll a variant of Win32/Kryptik.AKCO trojan

ESETSmartInstaller@High as CAB hook log:
OnlineScanner.ocx - registred OK
# version=7
# iexplore.exe=8.00.6001.18702 (longhorn_ie8_rtm(wmbla).090308-0339)
# OnlineScanner.ocx=1.0.0.6583
# api_version=3.0.2
# EOSSerial=511fa83de56c924bb216f43698ca84a4
# end=finished
# remove_checked=false
# archives_checked=true
# unwanted_checked=true
# unsafe_checked=false
# antistealth_checked=true
# utc_time=2012-09-15 04:33:39
# local_time=2012-09-15 12:33:39 (-0500, Eastern Daylight Time)
# country="United States"
# lang=1033
# osver=5.1.2600 NT Service Pack 3
# compatibility_mode=512 16777215 100 0 0 0 0 0
# compatibility_mode=768 16777215 100 0 110999547 110999547 0 0
# compatibility_mode=5891 16776553 42 86 324348 14839494 0 0
# compatibility_mode=8192 67108863 100 0 0 0 0 0
# scanned=313815
# found=2
# cleaned=0
# scan_time=5261
C:\System Volume Information\_restore{AB9E1C5A-8C7A-4F78-8E40-E890B4A4E92C}\RP1340\A0682341.exe a variant of Win32/Kryptik.AMD trojan (unable to clean) 00000000000000000000000000000000 I
C:\_OTL\MovedFiles\09142012_210203\C_WINDOWS.0\system32\jgsh400F.dll a variant of Win32/Kryptik.AKCO trojan (unable to clean) 00000000000000000000000000000000 I
  • 0

#22
RKinner
Posted 15 September 2012 - 11:02 AM

RKinner

    Malware Expert

  • Expert
  • 24,625 posts
  • MVP
We need to cleanup System Restore:

Copy the following:


:Commands
[CLEARALLRESTOREPOINTS]
[Reboot]
Right click on OTL and Run As Administrator. In the Custom Scans/Fixes box at the bottom, paste in the copied text (Ctrl + v) and then hit Run Fix.


That will get rid of
C:\System Volume Information\_restore{AB9E1C5A-8C7A-4F78-8E40-E890B4A4E92C}\RP1340\A0682341.exe a variant of Win32/Kryptik.AMD trojan (unable to clean) 00000000000000000000000000000000 I

The other one has already been removed by OTL. That's where it puts files it removes.
  • 0

#23
crossbow66
Posted 15 September 2012 - 11:05 AM

crossbow66

    Member

  • Topic Starter
  • Member
  • PipPip
  • 55 posts
Bitdefender found no problems...I'm still working on your previous set of instructions so I'll be finishing those before I get to your most recent set. Some of these things are taking a while!
QuickScan 32-bit v0.9.9.119
---------------------------
Scan date: Sat Sep 15 13:00:45 2012
Machine ID: 1CE79C30



No infection found.
-------------------



Processes
---------
AdFender 2932 C:\Program Files\AdFender\AdFender.exe
Adobe Reader and Acrobat Manager 2864 C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe
APC PowerChute Personal Edition 2684 C:\Program Files\APC\APC PowerChute Personal Edition\apcsystray.exe
APC PowerChute Personal Edition 244 C:\Program Files\APC\APC PowerChute Personal Edition\mainserv.exe
Audible Download Manager 3240 C:\Program Files\Audible\Bin\AudibleDownloadHelper.exe
Bonjour 336 C:\Program Files\Bonjour\mDNSResponder.exe
CallingID 780 C:\Program Files\CallingID\CallingIDLinkAdvisor2.0\Light\CIDGlobalLight.exe
CallingID 356 C:\Program Files\CallingID\CallingIDLinkAdvisor2.0\LinkAdvisor\CIDLinkAdvisorService.exe
CallingID 4876 C:\Program Files\CallingID\CallingIDLinkAdvisor2.0\Toolbar\CallingIDGlobal.exe
Canon My Printer 2032 C:\Program Files\Canon\MyPrinter\BJMYPRT.EXE
Canon Solution Menu EX 2196 C:\Program Files\Canon\Solution Menu EX\CNSEMAIN.EXE
Core Service 232 C:\Program Files\SUPERAntiSpyware\SASCore.exe
Digidesign MME Binder 464 C:\Program Files\Digidesign\Drivers\MMERefresh.exe
Display Tune 2316 C:\Program Files\Acer Display\eDisplay Management\dthtml.exe
DNA 2972 C:\Program Files\DNA\btdna.exe
Firefox 4324 C:\Program Files\Mozilla Firefox\firefox.exe
Firefox 4352 C:\Program Files\Mozilla Firefox\plugin-container.exe
Floater.exe 752 C:\Program Files\Portrait Displays\Pivot Software\Floater.exe
G-series Software 3204 C:\Program Files\Common Files\Logitech\G-series Software\LGDCore.exe
GSvr.exe 524 C:\Program Files\GIGABYTE\EnergySaver\GSvr.exe
HookManager Application 3412 C:\Program Files\Common Files\Portrait Displays\Shared\HookManager.exe
HP Cartridge Order Reminder 580 C:\Program Files\Hewlett-Packard\OrderReminder\OrderReminder.exe
IHA_MessageCenter 712 C:\Program Files\Verizon\IHA_MessageCenter\Bin\Verizon_IHAMessageCenter.exe
InstallShield Update Service 4048 C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe
iTunes 3304 C:\Program Files\iPod\bin\iPodService.exe
iTunes 3784 C:\Program Files\iTunes\iTunesHelper.exe
Linksys Easylink Advisor - Main 1440 C:\Program Files\Linksys\Linksys EasyLink Advisor\Linksys EasyLink Advisor.exe
Logitech SetPoint 2476 C:\Program Files\Common Files\Logishrd\KHAL2\KHALMNPR.exe
Logitech SetPoint 2692 C:\Program Files\Logitech\SetPoint\SetPoint.exe
M-Audio Delta Tray Application 1056 C:\WINDOWS.0\system32\DeltaIITray.exe
Microsoft Security Client 2880 C:\Program Files\Microsoft Security Client\msseces.exe
Microsoft® Windows® Operating System 1972 C:\WINDOWS.0\system32\spoolsv.exe
Microsoft® Windows® Operating System 1180 C:\WINDOWS.0\system32\wbem\unsecapp.exe
MobileDeviceService 280 C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
MouseWare 3232 C:\WINDOWS.0\Logi_MwX.Exe
Nalpeiron License Management 116 C:\WINDOWS.0\system32\nlssrv32.exe
NVIDIA Driver Helper Service, Version 1 1164 C:\WINDOWS.0\system32\nvsvc32.exe
pdisrvc 1132 C:\Program Files\Common Files\Portrait Displays\Drivers\pdisrvc.exe
PowerDVD 160 C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe
Pure Networks Platform 1444 C:\Program Files\Common Files\Pure Networks Shared\Platform\nmctxth.exe
Pure Networks Platform 624 C:\Program Files\Common Files\Pure Networks Shared\Platform\nmsrvc.exe
QuickTime 3320 C:\Program Files\QuickTime\QTTask.exe
RealPlayer (32-bit) 3428 C:\Program Files\Common Files\Real\Update_OB\realsched.exe
Realtek HD Audio Sound Effect Manager 4028 C:\WINDOWS.0\RTHDCPL.exe
Realtek HD Sound Manager 2536 C:\WINDOWS.0\SoundMan.exe
RichVideo Module 1340 C:\Program Files\CyberLink\Shared Files\RichVideo.exe
SUPERAntiSpyware 548 C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
SupportSoft Repair Service 1660 C:\Program Files\VERIZONDM\bin\tgsrvc.exe
SupportSoft sprtcmd 2372 C:\Program Files\VERIZONDM\bin\sprtcmd.exe
SupportSoft sprtsvc 1572 C:\Program Files\VERIZONDM\bin\sprtsvc.exe
UnHackMe 3176 C:\Program Files\UnHackMe\hackmon.exe
WD Shadow Copy Service 504 C:\Program Files\Western Digital\WD SmartWare\Front Parlor\WDSC.exe
WDDMStatus.exe 2784 C:\Program Files\Western Digital\WD SmartWare\WD Drive Manager\WDDMStatus.exe
WDDriveManager.exe 272 C:\Program Files\Western Digital\WD SmartWare\WD Drive Manager\WDDMService.exe
wpCtrl.exe 1528 C:\Program Files\Portrait Displays\Pivot Software\wpCtrl.exe
(verified) Java™ Platform SE 6 U11 840 C:\Program Files\Java\jre6\bin\jqs.exe
(verified) Java™ Platform SE 6 U11 1924 C:\Program Files\Java\jre6\bin\jusched.exe
(verified) Microsoft® Windows® Operating System 820 C:\WINDOWS.0\explorer.exe
(verified) Microsoft® Windows® Operating System 3796 C:\WINDOWS.0\system32\alg.exe
(verified) Microsoft® Windows® Operating System 908 C:\WINDOWS.0\system32\csrss.exe
(verified) Microsoft® Windows® Operating System 3828 C:\WINDOWS.0\system32\ctfmon.exe
(verified) Microsoft® Windows® Operating System 992 C:\WINDOWS.0\system32\lsass.exe
(verified) Microsoft® Windows® Operating System 3364 C:\WINDOWS.0\system32\rundll32.exe
(verified) Microsoft® Windows® Operating System 2016 C:\WINDOWS.0\system32\rundll32.exe
(verified) Microsoft® Windows® Operating System 980 C:\WINDOWS.0\system32\services.exe
(verified) Microsoft® Windows® Operating System 788 C:\WINDOWS.0\system32\smss.exe
(verified) Microsoft® Windows® Operating System 1416 C:\WINDOWS.0\system32\svchost.exe
(verified) Microsoft® Windows® Operating System 1196 C:\WINDOWS.0\system32\svchost.exe
(verified) Microsoft® Windows® Operating System 1456 C:\WINDOWS.0\system32\svchost.exe
(verified) Microsoft® Windows® Operating System 1532 C:\WINDOWS.0\system32\svchost.exe
(verified) Microsoft® Windows® Operating System 1788 C:\WINDOWS.0\system32\svchost.exe
(verified) Microsoft® Windows® Operating System 1644 C:\WINDOWS.0\system32\svchost.exe
(verified) Microsoft® Windows® Operating System 3028 C:\WINDOWS.0\system32\svchost.exe
(verified) Microsoft® Windows® Operating System 1272 C:\WINDOWS.0\system32\svchost.exe
(verified) Microsoft® Windows® Operating System 192 C:\WINDOWS.0\system32\svchost.exe
(verified) Microsoft® Windows® Operating System 2596 C:\WINDOWS.0\system32\wbem\wmiprvse.exe
(verified) Microsoft® Windows® Operating System 932 C:\WINDOWS.0\system32\winlogon.exe


Network activity
----------------
Process AdFender.exe (2932) connected on port 80 (HTTP) --> 66.235.143.121
Process AdFender.exe (2932) connected on port 80 (HTTP) --> 66.235.143.121
Process AdFender.exe (2932) connected on port 80 (HTTP) --> 74.125.228.99
Process AdFender.exe (2932) connected on port 80 (HTTP) --> 74.125.228.99

Process svchost.exe (1272) listens on ports: 135 (RPC)
Process svchost.exe (1788) listens on ports: 2869 (SSDP event notification, UPNP)
Process AdFender.exe (2932) listens on ports: 7070
Process btdna.exe (2972) listens on ports: 38252


Autoruns and critical files
---------------------------
Language Application C:\Program Files\CyberLink\PowerDVD\Language\Language.exe
3aline Screensaver C:\WINDOWS.0\system32\3aline.scr
AdFender C:\Program Files\AdFender\AdFender.exe
Adobe Acrobat C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe
Adobe Reader and Acrobat Manager C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe
Adobe Systems, Inc. Adobe Gamma Loader C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
Adobe® Flash® Player Update Service C:\WINDOWS.0\system32\Macromed\Flash\FlashPlayerUpdateService.exe
Ahead Software Gmbh NeroCheck C:\WINDOWS.0\system32\NeroCheck.exe
ALCWZRD C:\WINDOWS.0\ALCWZRD.EXE
Apple Software Update C:\Program Files\Apple Software Update\SoftwareUpdate.exe
Audible Download Manager C:\Program Files\Audible\Bin\AudibleDownloadHelper.exe
CallingID LinkAdvisor C:\Program Files\CallingID\CallingIDLinkAdvisor2.0\LinkAdvisor\CIDLinkAdvisor.dll
Canon My Printer C:\Program Files\Canon\MyPrinter\BJMYPRT.EXE
Canon Solution Menu EX C:\Program Files\Canon\Solution Menu EX\CNSEMAIN.EXE
Digidesign MME Binder C:\Program Files\Digidesign\Drivers\MMERefresh.exe
DNA C:\Program Files\DNA\btdna.exe
DT_startup.exe C:\Program Files\Common Files\Portrait Displays\Shared\DT_startup.exe
EVGAPrecision C:\Program Files\EVGA Precision\EVGAPrecision.exe
G-series Software C:\Program Files\Common Files\Logitech\G-series Software\LGDCore.exe
Gigabyte RAID Configurer C:\WINDOWS.0\system32\xRaidSetup.exe
HP Cartridge Order Reminder C:\Program Files\Hewlett-Packard\OrderReminder\OrderReminder.exe
InstallShield Update Service C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe
InstallShield Update Service C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe
iTunes C:\Program Files\iTunes\iTunesHelper.exe
Linksys Easylink Advisor - Main C:\Program Files\Linksys\Linksys EasyLink Advisor\Linksys EasyLink Advisor.exe
Logitech SetPoint c:\program files\common files\logishrd\bluetooth\LBTWlgn.dll
Logitech SetPoint C:\Program Files\Logitech\SetPoint\SetPoint.exe
Logitech SetPoint C:\WINDOWS.0\KHALMNPR.EXE
M-Audio Delta Tray Application C:\WINDOWS.0\system32\DeltaIITray.exe
MediaFire System Tray C:\Documents and Settings\Mark V. Sanderford\Application Data\MediaFire Express\mf_systray.exe
Microsoft Security Client C:\Program Files\Microsoft Security Client\msseces.exe
Microsoft® Windows® Operating System C:\WINDOWS.0\system32\CRYPT32.dll
Microsoft® Windows® Operating System C:\WINDOWS.0\system32\cryptnet.dll
Microsoft® Windows® Operating System C:\WINDOWS.0\System32\CSCDLL.dll
Microsoft® Windows® Operating System C:\WINDOWS.0\System32\dimsntfy.dll
Microsoft® Windows® Operating System C:\WINDOWS.0\system32\SHELL32.dll
Microsoft® Windows® Operating System c:\windows.0\system32\userinit.exe
Microsoft® Windows® Operating System C:\WINDOWS.0\system32\WlNotify.dll
Microsoft® Windows® Operating System C:\WINDOWS.0\system32\WPDShServiceObj.dll
MouseWare C:\WINDOWS.0\Logi_MwX.Exe
Nero AG InCD C:\Program Files\Nero\Nero 7\InCD\InCD.exe
Nero AG NeroCheck C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe
Nero SecurDisc client C:\Program Files\Nero\Nero 7\InCD\NBHGui.exe
NVIDIA Compatible Windows 2000 Display C:\WINDOWS.0\system32\NvCpl.dll
NVIDIA Media Center Library C:\WINDOWS.0\system32\NvMcTray.dll
nwiz.exe C:\WINDOWS.0\system32\nwiz.exe
PowerDVD C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe
Pure Networks Platform C:\Program Files\Common Files\Pure Networks Shared\Platform\nmctxth.exe
QuickTime C:\Program Files\QuickTime\QTTask.exe
RealPlayer (32-bit) C:\Program Files\Common Files\Real\Update_OB\realsched.exe
Realtek HD Audio Sound Effect Manager C:\WINDOWS.0\RTHDCPL.exe
Realtek HD Sound Manager C:\WINDOWS.0\SoundMan.exe
RealUpgrade C:\Program Files\Real\RealUpgrade\realupgrade.exe
SuperAntiSpyware C:\Program Files\SUPERAntiSpyware\SASSEH.DLL
SUPERAntiSpyware C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
SupportSoft sprtcmd C:\Program Files\VERIZONDM\bin\sprtcmd.exe
SyncBack C:\Program Files\2BrightSparks\SyncBack\SyncBack.exe
UnHackMe C:\Program Files\UnHackMe\hackmon.exe
WDDMStatus.exe C:\Program Files\Western Digital\WD SmartWare\WD Drive Manager\WDDMStatus.exe
wpCtrl.exe C:\Program Files\Portrait Displays\Pivot Software\wpCtrl.exe
xInsIDE.exe C:\WINDOWS.0\RaidTool\xInsIDE.exe
(verified) Google Update C:\Program Files\Google\Update\GoogleUpdate.exe
(verified) Java™ Platform SE 6 U11 C:\Program Files\Java\jre6\bin\jusched.exe
(verified) Microsoft® Windows® Operating System C:\WINDOWS.0\system32\BROWSEUI.dll
(verified) Microsoft® Windows® Operating System C:\WINDOWS.0\system32\logonui.exe
(verified) Microsoft® Windows® Operating System C:\WINDOWS.0\system32\sclgntfy.dll
(verified) Microsoft® Windows® Operating System C:\WINDOWS.0\system32\stobject.dll
(verified) Windows® Internet Explorer C:\WINDOWS.0\system32\webcheck.dll


Browser plugins
---------------
2007 Microsoft Office system C:\Program Files\Mozilla Firefox\plugins\NPOFF12.DLL
Adobe® Flash® Player ActiveX C:\WINDOWS.0\Downloaded Program Files\FP_AX_CAB_INSTALLER.exe
AmazonMP3DownloaderPlugin C:\Program Files\Amazon\MP3 Downloader\npAmazonMP3DownloaderPlugin.dll
Bitdefender QuickScan C:\Documents and Settings\Mark V. Sanderford\Application Data\Mozilla\Firefox\Profiles\kv0svoaa.default\extensions\{e001c731-5e37-4538-a5cb-8168736a2360}\plugins\npqscan.dll
Bonjour C:\Program Files\Bonjour\mdnsNSP.dll
Broderbund Upload C:\Program Files\Internet Explorer\plugins\NPExpFTP.dll
CallingID c:\program files\callingid\callingidlinkadvisor2.0\toolbar\callingidie.dll
CallingID Link Advisor C:\Documents and Settings\Mark V. Sanderford\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\gkeciodhggpcngbhlhiiphbhlddbaafl\2.0.0.248_0\npCIDLinkAdvisorPlugin.dll
CallingID LinkAdvisor Toolbar (Dummy Pl C:\Documents and Settings\Mark V. Sanderford\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\abdnighfgafbeighondbgepoenlnpcef\2.0.0.248_0\npCIDToolbarDummyPlugin.dll
CallingID LinkAdvisor Toolbar (Frame Pl C:\Documents and Settings\Mark V. Sanderford\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\abdnighfgafbeighondbgepoenlnpcef\2.0.0.248_0\npCIDToolbarFramePlugin.dll
CANON iMAGE GATEWAY Album Plugin Utilit C:\Program Files\Canon\Easy-PhotoPrint EX\NPEZFFPI.DLL
DeviceVM Url Search Hook c:\windows.0\system32\dvmurl.dll
DNA Plug-in C:\Program Files\DNA\plugins\npbtdna.dll
Easy-WebPrint c:\program files\canon\easy-webprint\toolband.dll
Easy-WebPrint EWPBrowseLoader Module c:\program files\canon\easy-webprint\ewpbrowseloader.dll
eMusic Remote Plugin C:\Program Files\eMusic Download Manager\plugin\npemusic.dll
frozen.dll C:\Documents and Settings\Mark V. Sanderford\Application Data\Mozilla\Firefox\Profiles\kv0svoaa.default\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}\components\frozen.dll
Google Earth Plugin C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll
Google Update C:\Program Files\Google\Update\1.3.21.115\npGoogleUpdate3.dll
googletoolbar-ff3.dll C:\Documents and Settings\Mark V. Sanderford\Application Data\Mozilla\Firefox\Profiles\kv0svoaa.default\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}\components\googletoolbar-ff3.dll
googletoolbar-ff4.dll C:\Documents and Settings\Mark V. Sanderford\Application Data\Mozilla\Firefox\Profiles\kv0svoaa.default\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}\libraries\googletoolbar-ff4.dll
Graphics Display Plugin C:\Program Files\Internet Explorer\plugins\NPEvery.dll
InstallShield Update Service C:\WINDOWS.0\Downloaded Program Files\isusweb.dll
Java™ Platform SE 6 U11 C:\Program Files\Mozilla Firefox\plugins\npdeploytk.dll
Logitech Device Detection C:\Documents and Settings\Mark V. Sanderford\Application Data\Mozilla\Firefox\Profiles\kv0svoaa.default\extensions\[email protected]\plugins\npLogitechDeviceDetection.dll
Messenger C:\Program Files\Messenger\msmsgs.exe
Microsoft® Windows® Operating System C:\WINDOWS.0\system32\mswsock.dll
Microsoft® Windows® Operating System C:\WINDOWS.0\system32\rsvpsp.dll
Microsoft® Windows® Operating System C:\WINDOWS.0\System32\winrnr.dll
npitunes.dll C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll
NPSWF32_11_3_300_271.dll C:\WINDOWS.0\system32\Macromed\Flash\NPSWF32_11_3_300_271.dll
QuickTime Plug-in 7.6.9 C:\Program Files\Internet Explorer\plugins\npqtplugin.dll
QuickTime Plug-in 7.6.9 C:\Program Files\Internet Explorer\plugins\npqtplugin2.dll
QuickTime Plug-in 7.6.9 C:\Program Files\Internet Explorer\plugins\npqtplugin3.dll
QuickTime Plug-in 7.6.9 C:\Program Files\Internet Explorer\plugins\npqtplugin4.dll
QuickTime Plug-in 7.6.9 C:\Program Files\Internet Explorer\plugins\npqtplugin5.dll
QuickTime Plug-in 7.6.9 C:\Program Files\Internet Explorer\plugins\npqtplugin6.dll
QuickTime Plug-in 7.6.9 C:\Program Files\Internet Explorer\plugins\npqtplugin7.dll
QuickTime Plug-in 7.6.9 C:\Program Files\Internet Explorer\plugins\npqtplugin8.dll
QuickTime Plug-in 7.6.9 C:\Program Files\Mozilla Firefox\plugins\npqtplugin8.dll
Real Alternative C:\Program Files\Mozilla Firefox\plugins\realalt132.exe
RealPlayer™ HTML5VideoShim Plug-In ( C:\Documents and Settings\All Users.WINDOWS.0\Application Data\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprphtml5videoshim.dll
Shockwave for Director C:\Program Files\Mozilla Firefox\plugins\np32dsw.dll
Unity Player C:\Documents and Settings\Mark V. Sanderford\Local Settings\Application Data\Unity\WebPlayer\loader\npUnity3D32.dll
VMN Toolbar c:\program files\vmntoolbar\vmntoolbar.dll
Windows Genuine Advantage C:\Program Files\Mozilla Firefox\plugins\npLegitCheckPlugin.dll
Windows Presentation Foundation C:\WINDOWS.0\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll
Windows® Internet Explorer C:\WINDOWS.0\system32\ieframe.dll
(verified) AcroIEHelperShim Library c:\program files\common files\adobe\acrobat\activex\acroiehelpershim.dll
(verified) Adobe Acrobat C:\Program Files\Internet Explorer\plugins\nppdf32.dll
(verified) Adobe Acrobat C:\Program Files\Mozilla Firefox\plugins\nppdf32.dll
(verified) InstallShield Update Service C:\WINDOWS.0\Downloaded Program Files\dwusplay.dll
(verified) InstallShield Update Service C:\WINDOWS.0\Downloaded Program Files\dwusplay.exe
(verified) Java™ Platform SE 6 U11 c:\program files\java\jre6\bin\jp2ssv.dll
(verified) Java™ Platform SE 6 U11 c:\program files\java\jre6\bin\ssv.dll
(verified) Java™ Platform SE 6 U11 c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
(verified) Microsoft® Windows® Operating System C:\WINDOWS.0\Network Diagnostic\xpnetdiag.exe
(verified) RealJukebox NS Plugin C:\Program Files\Mozilla Firefox\plugins\nprjplug.dll
(verified) RealJukebox NS Plugin c:\program files\real\realplayer\Netscape6\nprjplug.dll
(verified) RealPlayer Version Plugin C:\Program Files\Mozilla Firefox\plugins\nprpjplug.dll
(verified) RealPlayer Version Plugin c:\program files\real\realplayer\Netscape6\nprpjplug.dll
(verified) RealPlayer™ G2 LiveConnect-Enabled P C:\Program Files\Mozilla Firefox\plugins\nppl3260.dll
(verified) RealPlayer™ G2 LiveConnect-Enabled P c:\program files\real\realplayer\Netscape6\nppl3260.dll


Missing files
-------------
File not found: UnHackMe Rootkit Check
--> HKLM\Software\Microsoft\Windows\CurrentVersion\RunOnceEx\"Title"

File not found: €
--> HKLM\Software\Microsoft\Windows\CurrentVersion\RunOnceEx\"Flags"


Scan
----
MD5: f4c253d1c2da99696e135a320c54dbad C:\Documents and Settings\All Users.WINDOWS.0\Application Data\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprphtml5videoshim.dll
MD5: 031ccdff85a57172f3402cb99b3e9d46 C:\Documents and Settings\All Users.WINDOWS.0\Application Data\SUPERAntiSpyware.com\SUPERAntiSpyware\SDDLLS\SD10005.dll
MD5: be0a5f2dee7c4771a42293f44576c4e6 C:\Documents and Settings\All Users.WINDOWS.0\Application Data\SUPERAntiSpyware.com\SUPERAntiSpyware\SDDLLS\SD10006.dll
MD5: db4b28b8f25b3a2548b947a42b2df3b3 C:\Documents and Settings\All Users.WINDOWS.0\Application Data\SUPERAntiSpyware.com\SUPERAntiSpyware\SDDLLS\SD10007.dll
MD5: 11ab72d5d603db401c190b454fb935a7 C:\Documents and Settings\All Users.WINDOWS.0\Application Data\SUPERAntiSpyware.com\SUPERAntiSpyware\SDDLLS\UIREPAIR.DLL
MD5: c6559526a9c153ddde6f18255ef82b86 C:\Documents and Settings\Mark V. Sanderford\Application Data\MediaFire Express\mf_systray.exe
MD5: dfd5a8c94118c4e85b33245c2ddb553a C:\Documents and Settings\Mark V. Sanderford\Application Data\Mozilla\Firefox\Profiles\kv0svoaa.default\extensions\[email protected]\plugins\npLogitechDeviceDetection.dll
MD5: 3abd800a494fbffb6b4eec620a4f4f50 C:\Documents and Settings\Mark V. Sanderford\Application Data\Mozilla\Firefox\Profiles\kv0svoaa.default\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}\components\frozen.dll
MD5: a5277f5ce69f855c125ba70276382876 C:\Documents and Settings\Mark V. Sanderford\Application Data\Mozilla\Firefox\Profiles\kv0svoaa.default\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}\components\googletoolbar-ff3.dll
MD5: ec1ffe9a32613780e7184dfddda1ca9e C:\Documents and Settings\Mark V. Sanderford\Application Data\Mozilla\Firefox\Profiles\kv0svoaa.default\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}\libraries\googletoolbar-ff4.dll
MD5: c9e3864fb9cbfa93d9010bcfe18a5697 C:\Documents and Settings\Mark V. Sanderford\Application Data\Mozilla\Firefox\Profiles\kv0svoaa.default\extensions\{e001c731-5e37-4538-a5cb-8168736a2360}\plugins\npqscan.dll
MD5: 66e3f8e026acc3f7359e027c5414415b C:\Documents and Settings\Mark V. Sanderford\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\abdnighfgafbeighondbgepoenlnpcef\2.0.0.248_0\npCIDToolbarDummyPlugin.dll
MD5: 97502b6f7d7387ee3da49024aa7a8c1b C:\Documents and Settings\Mark V. Sanderford\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\abdnighfgafbeighondbgepoenlnpcef\2.0.0.248_0\npCIDToolbarFramePlugin.dll
MD5: 735304cd8b75f883924138b3f58ccd33 C:\Documents and Settings\Mark V. Sanderford\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\gkeciodhggpcngbhlhiiphbhlddbaafl\2.0.0.248_0\npCIDLinkAdvisorPlugin.dll
MD5: 09b4e13d25623d879d35286e2d29ff13 C:\Documents and Settings\Mark V. Sanderford\Local Settings\Application Data\Unity\WebPlayer\loader\npUnity3D32.dll
MD5: 5903135e71448ad6ba0f3f8e307c300a C:\Program Files\2BrightSparks\SyncBack\SyncBack.exe
MD5: 83fcabe079a536184082614a04676c31 C:\Program Files\Acer Display\eDisplay Management\dthtml.exe
MD5: 9e42b87c09bcc25a8eb0592b71c24792 C:\Program Files\AdFender\AdFender.exe
MD5: f26f08fe36bec26f44d74e01591d8c78 C:\Program Files\AdFender\AdProxy.dll
MD5: e49430d7b1c6baa63684b55d7aec246c C:\Program Files\AdFender\AdUtils.dll
MD5: 88cbe66be1825efbd82d2baf9cd777b4 C:\Program Files\AdFender\proxycon.dll
MD5: dbf38137eb6de89939d60839635af73d C:\Program Files\AdFender\SConfig.dll
MD5: 4400c6f12b411727d19b3d00287475d5 C:\Program Files\Ahead\WMPBurn\NeroBurnPlugin.dll
MD5: ebd27b24f7925c686d2eb59bc3bc3ba2 C:\Program Files\Amazon\MP3 Downloader\npAmazonMP3DownloaderPlugin.dll
MD5: a9a5cdfda52257db4488f457c3f4022a C:\Program Files\APC\APC PowerChute Personal Edition\apcsystray.exe
MD5: 6b11c9deebb5f73b29b7721fb842a3a4 C:\Program Files\APC\APC PowerChute Personal Edition\drvutil.dll
MD5: dc45ab27932447b598848b10650313c5 C:\Program Files\APC\APC PowerChute Personal Edition\mainserv.exe
MD5: 31124eb564001ca25d6672941dc48f50 C:\Program Files\APC\APC PowerChute Personal Edition\pdcdll.dll
MD5: 2997f006d3d19185c31d1491f44c432c C:\Program Files\APC\APC PowerChute Personal Edition\res.dll
MD5: 9e32b111edf9d7fb2d420730288cec58 C:\Program Files\APC\APC PowerChute Personal Edition\UpsControl.dll
MD5: 36d1fd35b6cd118d9ad3e6c1298ee2b6 C:\Program Files\APC\APC PowerChute Personal Edition\UpsDevice.dll
MD5: 34ebd4ff6a24d86bb4716d6afcc1a89b C:\Program Files\Apple Software Update\SoftwareUpdate.exe
MD5: 6f15e33eb4acb6e75038141e4068ca55 C:\Program Files\ArcSoft\RAW Thumbnail Viewer\IRawExtract.dll
MD5: ea5d6c094dcaef93a2b0aebdbe0f5e9a C:\Program Files\ArcSoft\RAW Thumbnail Viewer\MagCore.dll
MD5: 347f94b7eb4f3ef3eb48e8009c3868f2 C:\Program Files\ArcSoft\RAW Thumbnail Viewer\MagicDLL\MagUICommon.dll
MD5: cbdbd113878841111d41f8f0246cc10f C:\Program Files\ArcSoft\RAW Thumbnail Viewer\MagicDLL\MagUICommonET.dll
MD5: 531285ddda10a4eb1c34bf1f9574ed53 C:\Program Files\ArcSoft\RAW Thumbnail Viewer\MagPCMac.dll
MD5: 0600414933a5c2b4027ae94d1de01c4d C:\Program Files\ArcSoft\RAW Thumbnail Viewer\magPltfm.dll
MD5: eeab0296c74df52be04509933caa06f5 C:\Program Files\ArcSoft\RAW Thumbnail Viewer\MagUIEngine.dll
MD5: 3f4f9ca44c0562113fc533b1e7baba00 C:\Program Files\ArcSoft\RAW Thumbnail Viewer\MagUIImage.dll
MD5: b1b484067f8df6a428b35732c190eb0d C:\Program Files\ArcSoft\RAW Thumbnail Viewer\MagUIInter.dll
MD5: 557f42d47c2eedb025451b2ad36d2ed5 C:\Program Files\ArcSoft\RAW Thumbnail Viewer\RawEngine.dll
MD5: 783e24b10507d864b1b611ccfc0c5b35 C:\Program Files\ArcSoft\RAW Thumbnail Viewer\RawExtend.dll
MD5: 85263ab2af13408de93ae9f0c51ed1ac C:\Program Files\Audible\Bin\AAXSDKWin.dll
MD5: 0d8d8717b6944f568ff2be06f86afdf2 C:\Program Files\Audible\Bin\AudibleDownloadHelper.exe
MD5: 37bc9e0e4b3657b54037777135569d1e C:\Program Files\Bonjour\mdnsNSP.dll
MD5: f2060a34c8a75bc24a9222eb4f8c07bd C:\Program Files\Bonjour\mDNSResponder.exe
MD5: 256b1d7f593ab330a472ba9aa636feaf C:\Program Files\CallingID\CallingIDLinkAdvisor2.0\Light\CIDCoreLight.dll
MD5: 4d857d9ad15b3d6dc0fe7d91dd60be0b C:\Program Files\CallingID\CallingIDLinkAdvisor2.0\Light\CIDGlobalLight.exe
MD5: 0a2f70b5204761fd777f907336998964 C:\Program Files\CallingID\CallingIDLinkAdvisor2.0\Light\CIDGlobalLightPS.dll
MD5: 35120cac891832b9f241123da0aac6ba C:\Program Files\CallingID\CallingIDLinkAdvisor2.0\LinkAdvisor\CIDLinkAdvisor.dll
MD5: 91d1bef4ae80eda8cdb4120b3522dea6 C:\Program Files\CallingID\CallingIDLinkAdvisor2.0\LinkAdvisor\CIDLinkAdvisorService.exe
MD5: 0cc6e86cb0e39669f5e4379d239b2c99 C:\Program Files\CallingID\CallingIDLinkAdvisor2.0\LinkAdvisor\Firefox\components\CallingIDLinkAdvisorGecko01.dll
MD5: 4f189b01a0388c72813c035e887f08f2 C:\Program Files\CallingID\CallingIDLinkAdvisor2.0\Toolbar\CallingIDGlobal.exe
MD5: d79a35b051fc661cea4e80fbddf97d82 C:\Program Files\CallingID\CallingIDLinkAdvisor2.0\Toolbar\CallingIDGlobalPS.dll
MD5: 99929744c14be3856a988a869990cde0 c:\program files\callingid\callingidlinkadvisor2.0\toolbar\callingidie.dll
MD5: 045a8352ce2b81540bb8a2616fa6a01c C:\Program Files\CallingID\CallingIDLinkAdvisor2.0\Toolbar\CallingIDToolbar.dll
MD5: fd607bbff1a5064421a62c2808629a41 C:\Program Files\CallingID\CallingIDLinkAdvisor2.0\Toolbar\Firefox\components\CIDDomFx01.dll
MD5: ce252b04fb9f4f773a7db5338bfeea5b C:\Program Files\Canon\Easy-PhotoPrint EX\NPEZFFPI.DLL
MD5: 64e5eee4ff6b9ef96ceb013cf20fa308 c:\program files\canon\easy-webprint\ewpbrowseloader.dll
MD5: f61fffa032544a035f7b30075c3e12d6 c:\program files\canon\easy-webprint\toolband.dll
MD5: 50f85fe43af859330cc9515353ef300c C:\Program Files\Canon\MyPrinter\BJMYPRT.EXE
MD5: 184305b8d032d19b09e805e5ad82cce2 C:\Program Files\Canon\MyPrinter\BJMyRes.dll
MD5: 3b78acccaa5132638e7cf419f4a965c7 C:\Program Files\Canon\Solution Menu EX\CNSEMAIN.EXE
MD5: d8bfd3e541d03293a42e8bad84fa3824 C:\Program Files\Canon\Solution Menu EX\LangInfo\EN\CNSELANG.dll
MD5: c1eb9968ec89fba5f3a264e2e57923ab C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
MD5: b8e421c0890356cd4a793d8a346d9096 C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe
MD5: c2ff17734176cd15221c10044ef0ba1a C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
MD5: f0deb8d82b31bd7f8eb552f1fc421d65 C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe
MD5: a328a46d87bb92ce4d8a4528e9d84787 C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe
MD5: e220d2b30e0d49886cf4cde06306ead8 C:\Program Files\Common Files\Apple\Apple Application Support\ASL.dll
MD5: 1f13fa2297baf4c989d88e05173cb2bf C:\Program Files\Common Files\Apple\Apple Application Support\CFNetwork.DLL
MD5: f503d4832d84c4ea71e467a24e14259c C:\Program Files\Common Files\Apple\Apple Application Support\CoreFoundation.dll
MD5: 3fd1216394195466e8c216179a0bf213 C:\Program Files\Common Files\Apple\Apple Application Support\icudt46.dll
MD5: 2d84049be852a816ef2b0c90b329a5ec C:\Program Files\Common Files\Apple\Apple Application Support\libdispatch.dll
MD5: fd86c605fd7ad4a41c01ec7a4a1e1c5d C:\Program Files\Common Files\Apple\Apple Application Support\libicuin.dll
MD5: a3609397ef273b03295dbb10274be12c C:\Program Files\Common Files\Apple\Apple Application Support\libicuuc.dll
MD5: 18301b40411b2108076ab685b4e4b6dc C:\Program Files\Common Files\Apple\Apple Application Support\libxml2.dll
MD5: e7d2e0983db35f3eb8ab49a17d157688 C:\Program Files\Common Files\Apple\Apple Application Support\objc.dll
MD5: df1c1cd0c7ee95cc00d71e9e415e7bcd C:\Program Files\Common Files\Apple\Apple Application Support\pthreadVC2.dll
MD5: c28fd3b37b6f18751c99e6022a2a9782 C:\Program Files\Common Files\Apple\Apple Application Support\SQLite3.dll
MD5: a56ccbbfccedce2fd9c69fed24e035e3 C:\Program Files\Common Files\Apple\Apple Application Support\zlib1.dll
MD5: 20f6f19fe9e753f2780dc2fa083ad597 C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
MD5: dc70310b3d079d667b67f0c7067209f3 C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService_main.dll
MD5: e6748a0adc22f0595e31448cac746d3f C:\Program Files\Common Files\Apple\Mobile Device Support\iTunesMobileDevice.dll
MD5: 583b7d111304be63d7d9cb65482d2187 C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe
MD5: ef5de15a1bd78e5dbf032373c526bab7 c:\program files\common files\logishrd\bluetooth\LBTServ.dll
MD5: 47c12f1a54b5c1b51008d7629c1d4f7b C:\Program Files\Common Files\Logishrd\Bluetooth\LBTServ.exe
MD5: e0467a631430e7f8b1ecd1d811d85015 c:\program files\common files\logishrd\bluetooth\LBTWlgn.dll
MD5: f40d58fd5b2cdb6f9fe5bebc55522f6e C:\Program Files\Common Files\Logishrd\KHAL2\KHALAPI.DLL
MD5: 9fee0a8819e2ffa4b29d9d77c7f6e3f2 C:\Program Files\Common Files\Logishrd\KHAL2\KHALHID.DLL
MD5: c946e5c56ab2c3f673f62b56bd4dead9 C:\Program Files\Common Files\Logishrd\KHAL2\KHALHPP.DLL
MD5: 0d80e4657c38990cea057822d4bdb7ba C:\Program Files\Common Files\Logishrd\KHAL2\KHALITCH.DLL
MD5: 7a79fb28c82fca77ef4a21ec69d1fabb C:\Program Files\Common Files\Logishrd\KHAL2\KHALMNPR.exe
MD5: 95d7e6031387dcc4db7046bbf5fa181b C:\Program Files\Common Files\Logishrd\KHAL2\KHALMOU.DLL
MD5: 9561cab8f28f7ba5b27c9d52d5edfe1b C:\Program Files\Common Files\Logishrd\KHAL2\KHALMW.DLL
MD5: c31f9bd196f24ae633366687a1632dba C:\Program Files\Common Files\Logishrd\KHAL2\KHALUSB.DLL
MD5: 0ad5df852c968892b3173716a71441a9 C:\Program Files\Common Files\Logitech\G-series Software\LGDCore.exe
MD5: dcba121ca1fd5eae46996c1d6486edc0 C:\Program Files\Common Files\Logitech\G-series Software\LGDRes.dll
MD5: 785f487a64950f3cb8e9f16253ba3b7b C:\Program Files\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE
MD5: 49ecdfe198fe8db32e245656331f5fc7 C:\Program Files\Common Files\Portrait Displays\drivers\ati.dll
MD5: b6ccb927c8e80c8aaccc20e5556e2326 C:\Program Files\Common Files\Portrait Displays\drivers\di2c.dll
MD5: e30ff5e558f16bdb6dd2b81b9886e2ce C:\Program Files\Common Files\Portrait Displays\drivers\null.dll
MD5: a7fd45d851dd50358701faeefaa4c5af C:\Program Files\Common Files\Portrait Displays\drivers\nv.dll
MD5: 84121339669fd5e2913a93d1b39d77f9 C:\Program Files\Common Files\Portrait Displays\drivers\pdi_ati2.dll
MD5: b6731e8c2b0e0e3d2ab6a885552a6118 C:\Program Files\Common Files\Portrait Displays\drivers\pdi_intel.dll
MD5: 772dfa6f5febd3898d3ad090276928e7 C:\Program Files\Common Files\Portrait Displays\drivers\pdi_nv2.dll
MD5: c6cd72d1ed3b130e30fce2b156817893 C:\Program Files\Common Files\Portrait Displays\Drivers\pdisrvc.exe
MD5: 83ecf22af3fa09fef67e814b5f86424f C:\Program Files\Common Files\Portrait Displays\drivers\smsc.dll
MD5: dec02cb506c6f726ef5ad427e25b704a C:\Program Files\Common Files\Portrait Displays\Drivers\WrapI2C.dll
MD5: 47ecb641bf04d4c2353b0487abc9d268 C:\Program Files\Common Files\Portrait Displays\Plugins\AM\dtsslsrv.exe
MD5: d5487413cef0ae72e2571bc852484f3d C:\Program Files\Common Files\Portrait Displays\Plugins\CC\colorcal.dll
MD5: 0d51bc30a70ce987d4f265726434a3df C:\Program Files\Common Files\Portrait Displays\Plugins\CC\gui.dll
MD5: c39c5a51f41c1f198818b01ddc8e3ff7 C:\Program Files\Common Files\Portrait Displays\Shared\DT_startup.exe
MD5: bd96f7d57ba0bfdab0e5336c270c3d26 C:\Program Files\Common Files\Portrait Displays\Shared\dthook.dll
MD5: 3430a3d6a97c0e827db0930fee017499 C:\Program Files\Common Files\Portrait Displays\Shared\dtsrvc.exe
MD5: a150db8ceeb61af7439827f30436470c C:\Program Files\Common Files\Portrait Displays\Shared\HookManager.exe
MD5: c20fa8fa8b9894d04b7b3a050f0f9794 C:\Program Files\Common Files\Portrait Displays\Shared\PresetsCOM.dll
MD5: ff9918af76d2f4d68910f28d5fd4713b C:\Program Files\Common Files\Pure Networks Shared\Platform\10.1.8116.1.nmcorePS.dll
MD5: ee263a62f955d87baee9d609e22d5543 C:\Program Files\Common Files\Pure Networks Shared\Platform\10.1.8116.1.nmctxtPS.dll
MD5: 2327a96f10df4a5bdd09afaebfcd74e0 C:\Program Files\Common Files\Pure Networks Shared\Platform\AVManagerUnified.dll
MD5: 6c2c715a966dcd7118533d0b0171dbd8 C:\Program Files\Common Files\Pure Networks Shared\Platform\CAntiVirusCOM.dll
MD5: 3726030ed9fae22748f4ecb6936ae91b C:\Program Files\Common Files\Pure Networks Shared\Platform\CFireWallCOM.dll
MD5: 5eb18497cea961bb3c954c02f961022f C:\PROGRAM FILES\COMMON FILES\PURE NETWORKS SHARED\PLATFORM\FWManager.dll
MD5: cbaa4d0696c766b6dbc6ee3202b943d2 C:\Program Files\Common Files\Pure Networks Shared\Platform\nmagnt.dll
MD5: fe01191e0fd9c827b1366d0bffe7c050 C:\Program Files\Common Files\Pure Networks Shared\Platform\nmcore.dll
MD5: 857eccf9ba20609ae28b39214015e8ad C:\Program Files\Common Files\Pure Networks Shared\Platform\nmctxt.dll
MD5: e6a51806370dc61767cae6dcd5f082a6 C:\Program Files\Common Files\Pure Networks Shared\Platform\nmctxth.exe
MD5: 083f6b59e8317fa6bd0983dc051328c3 C:\Program Files\Common Files\Pure Networks Shared\Platform\nmctxthl.dll
MD5: 7c630eb7ca59c687c5d910f4ffb0bbdc C:\Program Files\Common Files\Pure Networks Shared\Platform\nmrasv.dll
MD5: 82c5a813e8ea7e94dc1afa24cd803b80 C:\Program Files\Common Files\Pure Networks Shared\Platform\nmsrvc.exe
MD5: c0f700218cc351cd55503068c28b44e4 C:\Program Files\Common Files\Pure Networks Shared\Platform\nmsrvclb.dll
MD5: bae2f93dcbdc47c290a5f1a18ef9bce8 C:\Program Files\Common Files\Pure Networks Shared\Platform\puresp3.dll
MD5: 91658099d83ce02d1c317c589fb67105 C:\Program Files\Common Files\Pure Networks Shared\Platform\upnpgw.dll
MD5: d01f0643525b29c6b49fd1ea6e84a788 C:\Program Files\CyberLink\PowerDVD\CLRCEngine3.dll
MD5: a4e85bda66cf4de8070d6f744d181c12 C:\Program Files\CyberLink\PowerDVD\Language\Language.exe
MD5: 96ce1fcb4579147b49f63db46e3e191b C:\Program Files\CyberLink\PowerDVD\MSVCR71.dll
MD5: b2b2fe2671dd98a322b0ad7079c0b2b2 C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe
MD5: 06a49b7bdc36cfbf97dd90804f833369 C:\Program Files\CyberLink\Shared Files\RichVideo.exe
MD5: feca6966ed470ac6efe3ed8c33d60b81 C:\Program Files\Digidesign\Drivers\MMERefresh.exe
MD5: 02983523825aec64b6c50d7afd2f694e C:\Program Files\Digidesign\Pro Tools\digiSPTIService.exe
MD5: 8ca06052cb0ed27701f345e9f87baf07 C:\Program Files\DNA\plugins\npbtdna.dll
MD5: 145c18dfbcda45aab8051c081625e654 C:\Program Files\eMusic Download Manager\plugin\npemusic.dll
MD5: 282bcb962842d42f8bbaaca828233bfd C:\Program Files\EVGA Precision\EVGAPrecision.exe
MD5: 9f8a14ba43086ffd4637fd3f961b6d64 C:\Program Files\GIGABYTE\EnergySaver\GSvr.exe
MD5: 27b7f7f8b64a3327249f81543495186a C:\Program Files\GIGABYTE\EnergySaver\ycc.dll
MD5: 8ff7029d0ed1ceb546c3db981130daea C:\Program Files\GIGABYTE\G.O.M\GCSVR.EXE
MD5: 2437be68d5a37a75fad51c5f0e9a03ed C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll
MD5: 8f628060daecf76c537bd89a53228d3b C:\Program Files\Google\Update\1.3.21.115\npGoogleUpdate3.dll
MD5: 2674a29cca3f442a6088a4158c72d3f3 C:\Program Files\Hewlett-Packard\OrderReminder\OrderReminder.exe
MD5: b6c33bc5e5497a5834202eaa69f2bb4d C:\Program Files\Internet Explorer\plugins\NPEvery.dll
MD5: dd165f4302b987948610d258f891f8b7 C:\Program Files\Internet Explorer\plugins\NPExpFTP.dll
MD5: a25641b6b2ea0c110ffd27b737ea5aca C:\Program Files\Internet Explorer\plugins\npqtplugin.dll
MD5: a25641b6b2ea0c110ffd27b737ea5aca C:\Program Files\Internet Explorer\plugins\npqtplugin2.dll
MD5: a25641b6b2ea0c110ffd27b737ea5aca C:\Program Files\Internet Explorer\plugins\npqtplugin3.dll
MD5: a25641b6b2ea0c110ffd27b737ea5aca C:\Program Files\Internet Explorer\plugins\npqtplugin4.dll
MD5: a25641b6b2ea0c110ffd27b737ea5aca C:\Program Files\Internet Explorer\plugins\npqtplugin5.dll
MD5: a25641b6b2ea0c110ffd27b737ea5aca C:\Program Files\Internet Explorer\plugins\npqtplugin6.dll
MD5: a25641b6b2ea0c110ffd27b737ea5aca C:\Program Files\Internet Explorer\plugins\npqtplugin7.dll
MD5: a25641b6b2ea0c110ffd27b737ea5aca C:\Program Files\Internet Explorer\plugins\npqtplugin8.dll
MD5: e51bd095b2fdf56b17ee010bb794d6ed C:\Program Files\iPod\bin\iPodService.exe
MD5: 575f5312fa76cf33414e7c789f5494f7 C:\Program Files\iPod\bin\iPodService.Resources\en.lproj\iPodServiceLocalized.DLL
MD5: 80bbd9fc6c8e7a56822571b1dea57ce2 C:\Program Files\iPod\bin\iPodService.Resources\iPodService.DLL
MD5: 14f224029d16ef25fa879e7c9f558b1f C:\Program Files\iTunes\iTunesHelper.dll
MD5: c0fd8553cecde061ad3e7c1cc80c7edb C:\Program Files\iTunes\iTunesHelper.exe
MD5: 6b1b7dfbe12d107d21cf1c9ae1c02cd7 C:\Program Files\iTunes\iTunesHelper.Resources\en.lproj\iTunesHelperLocalized.DLL
MD5: ae3b42162f146441e92bfd163455d91e C:\Program Files\iTunes\iTunesHelper.Resources\iTunesHelper.DLL
MD5: 167235bfcb884d8b4d514767cb82fcef C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll
MD5: fabd60dc893fac2cc8a3e0639e99984c C:\Program Files\Linksys\Linksys EasyLink Advisor\en-US\LelaNetwork.resources.dll
MD5: 69b88f658a73362fc27e840543fb0518 C:\Program Files\Linksys\Linksys EasyLink Advisor\en-US\LelaResource.resources.dll
MD5: 7683e68ddf7b479ac938461058a32518 C:\Program Files\Linksys\Linksys EasyLink Advisor\en-US\Linksys EasyLink Advisor.resources.dll
MD5: fd7a28964cff2a745e12296adec13f12 C:\Program Files\Linksys\Linksys EasyLink Advisor\interop.NetworkCore.dll
MD5: 71db15004402f4c8d004d13967fc1ae9 C:\Program Files\Linksys\Linksys EasyLink Advisor\LelaNetwork.dll
MD5: 6ffab55128baf5e4043e88c56138d833 C:\Program Files\Linksys\Linksys EasyLink Advisor\LelaNetworkLib.dll
MD5: 8d5b6a862e3d3937292ca5b1c66b1b4f C:\Program Files\Linksys\Linksys EasyLink Advisor\LelaResource.dll
MD5: e805f740f3a9b18defd853be4a37a70c C:\Program Files\Linksys\Linksys EasyLink Advisor\LelaServices.dll
MD5: 180bdb1f17fe41c8d8aefe069a70ca2b C:\Program Files\Linksys\Linksys EasyLink Advisor\Linksys EasyLink Advisor.exe
MD5: 343655e9cd92650670956a385983a67b C:\Program Files\Linksys\Linksys EasyLink Advisor\log4net.dll
MD5: 06dc2fdc6282f0d68910417b1150c848 C:\Program Files\Linksys\Linksys Updater\bin\LinksysUpdater.exe
MD5: 955f4fb88d1169f3e8cdcbd756813d11 C:\Program Files\Logitech\SetPoint\GameHook.dll
MD5: e81a53d6afd16637fb7785051ab9b391 C:\Program Files\Logitech\SetPoint\IMHook.dll
MD5: 947dfeac4a5ad7a881cce5c430be4ab1 C:\Program Files\Logitech\SetPoint\kgame.dll
MD5: 96602671ffab4f5d5ff6f1134dc13000 C:\Program Files\Logitech\SetPoint\LCabHandler.dll
MD5: 2b0cb70f976aedfec925c0ac485634ab C:\Program Files\Logitech\SetPoint\lgscroll.dll
MD5: e0f2fd6e48536213d94f5e17f68c750d C:\Program Files\Logitech\SetPoint\Macros\MacroAppSwitch.dll
MD5: 60fb197366a09a606a098ff0fc70564b C:\Program Files\Logitech\SetPoint\Macros\MacroCore.dll
MD5: 9a0de67429bd3810f1373736d03c673f C:\Program Files\Logitech\SetPoint\SetPoint.exe
MD5: 1fb5102cebbbc7ab6fe1a0bac2c96823 C:\Program Files\Logitech\SetPoint\SetPointCOM.dll
MD5: 1190373392034afa26ba6316454c7feb C:\Program Files\Logitech\SetPoint\WebBrowserSupport.dll
MD5: 3e930c641079443d4de036167a69caa2 C:\Program Files\Messenger\msmsgs.exe
MD5: a8e35801e04a4183a27df60829402867 C:\Program Files\Microsoft Security Client\EppManifest.dll
MD5: 410ccadf699cee2c0c741df0fd90f204 C:\Program Files\Microsoft Security Client\mpclient.dll
MD5: 24516bf4e12a46cb67302e2cdcb8cddf C:\Program Files\Microsoft Security Client\MsMpEng.exe
MD5: 687b71c161b246ece1a13d24aacf0413 C:\Program Files\Microsoft Security Client\msseces.exe
MD5: fcfcada2b35d0599dc485f06ded21788 C:\Program Files\Mozilla Firefox\components\browsercomps.dll
MD5: 9c376f42bde37f18d0a39af7415d9be6 C:\Program Files\Mozilla Firefox\firefox.exe
MD5: af68099c841ee4be1c19458d41664a77 C:\Program Files\Mozilla Firefox\freebl3.dll
MD5: 4ab72bb5d7fe5163d3af85050351edcb C:\Program Files\Mozilla Firefox\gkmedias.dll
MD5: 32510f1fa8d3327be3b29dbc4b01b3cb C:\Program Files\Mozilla Firefox\mozalloc.dll
MD5: 730d87df83f82967da6ea893263e0d16 C:\Program Files\Mozilla Firefox\mozglue.dll
MD5: 4b70b15f477972e0189be25f4573db80 C:\Program Files\Mozilla Firefox\mozjs.dll
MD5: e013596dccec82b05b166523b91265ad C:\Program Files\Mozilla Firefox\mozsqlite3.dll
MD5: 03e9314004f504a14a61c3d364b62f66 C:\Program Files\Mozilla Firefox\MSVCP100.dll
MD5: 67ec459e42d3081dd8fd34356f7cafc1 C:\Program Files\Mozilla Firefox\MSVCR100.dll
MD5: 5c94ff7fabe1a23c9ef651d89c1fbded C:\Program Files\Mozilla Firefox\nspr4.dll
MD5: 49ad92a2247654c4a2a95081ace07b93 C:\Program Files\Mozilla Firefox\nss3.dll
MD5: 6b77ac593eefe2d7e855ca691f4a5c84 C:\Program Files\Mozilla Firefox\nssckbi.dll
MD5: dd31be71ebbf9bb9342aa8811956c2f0 C:\Program Files\Mozilla Firefox\nssdbm3.dll
MD5: 8b0fafc68cb2674cfaf7b9e70464fdbb C:\Program Files\Mozilla Firefox\nssutil3.dll
MD5: 21fa8728b0e6d2d00063987bbc7c33e9 C:\Program Files\Mozilla Firefox\plc4.dll
MD5: 4ee96e9788c2c74353315db612253d03 C:\Program Files\Mozilla Firefox\plds4.dll
MD5: 7f6ec840e0954055d58cd57b6aca9d92 C:\Program Files\Mozilla Firefox\plugin-container.exe
MD5: 7d04e74e8b63ff93f26c6a2ec14a4ee7 C:\Program Files\Mozilla Firefox\plugins\np32dsw.dll
MD5: 1afeef6369e3153bd6a9050133fc291c C:\Program Files\Mozilla Firefox\plugins\npdeploytk.dll
MD5: 9a6101f29e2e9d41b99cbcc8f106e8fe C:\Program Files\Mozilla Firefox\plugins\NPOFF12.DLL
MD5: a25641b6b2ea0c110ffd27b737ea5aca C:\Program Files\Mozilla Firefox\plugins\npqtplugin8.dll
MD5: 3af30189de3cc3f399724ae421461315 C:\Program Files\Mozilla Firefox\plugins\realalt132.exe
MD5: d5e323543c0a1a9febc324519efe2ec8 C:\Program Files\Mozilla Firefox\smime3.dll
MD5: 84eaabd444291c9e6a845af2a1ce1523 C:\Program Files\Mozilla Firefox\softokn3.dll
MD5: a586cab4fb1de3872c2d6e153e961d3b C:\Program Files\Mozilla Firefox\ssl3.dll
MD5: cd4b4e5652377e441688377d300e62a8 C:\Program Files\Mozilla Firefox\xpcom.dll
MD5: f18042c3223d6aaaf30346506463516e C:\Program Files\Mozilla Firefox\xul.dll
MD5: cb8af049ac9be419a77adae288673359 C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe
MD5: 8de66bfdeb04f18d48c57cc3a8282c12 C:\Program Files\Nero\Nero 7\InCD\InCD.exe
MD5: c9b982bd82ce2e5e4546141d2dda988f C:\Program Files\Nero\Nero 7\InCD\NBHGui.exe
MD5: 5836b9e91863a00ec1b8e785efd86ecb C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe
MD5: 0aab8c2c7012cdffe719c6fdf83edf87 C:\Program Files\Portrait Displays\Pivot Software\Floater.exe
MD5: 1aa06c81a0621e277e755b965b5e4b5f C:\Program Files\Portrait Displays\Pivot Software\ijl15.dll
MD5: d04f7aaca2319a3bcdb2c5d5dd6f6026 C:\Program Files\Portrait Displays\Pivot Software\MSVCP70.dll
MD5: 2b7f2d5b4c86f06d931a14441d4f187b C:\Program Files\Portrait Displays\Pivot Software\winphook.dll
MD5: 23479cc4eb2e0a22299d6f4f30c5851f C:\Program Files\Portrait Displays\Pivot Software\wpCtrl.exe
MD5: afdae59fe562a7cdb44f9d4abedac316 C:\Program Files\QuickTime\QTSystem\QTCF.dll
MD5: 1d856e6e7490447fcfaa46e09a2bf9c9 C:\Program Files\QuickTime\QTSystem\QuickTime.qts
MD5: 0aee5668eb59912f32ff245bfa72465f C:\Program Files\QuickTime\QTTask.exe
MD5: 3a4ab78a64e391ef3d75be0619eb428a C:\Program Files\SiSoftware\SiSoftware Sandra Lite 2009.SP2\RpcAgentSrv.exe
MD5: 24c68978d48f41084dc00159aa07fab8 C:\Program Files\SiSoftware\SiSoftware Sandra Lite 2009.SP2\WNt500x86\Sandra.sys
MD5: 01e81c84ad1d0acc61cf3cfd06632210 C:\Program Files\SUPERAntiSpyware\SASCore.exe
MD5: 39763504067962108505bff25f024345 C:\Program Files\SUPERAntiSpyware\SASDIFSV.SYS
MD5: 77b9fc20084b48408ad3e87570eb4a85 C:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS
MD5: 2975c66459c426c20bc22d639df6b611 C:\Program Files\SUPERAntiSpyware\SASSEH.DLL
MD5: 05f1b35fb7e55d49dfc64c6b873a452f C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
MD5: cb79d453cf52615eb0b233a814cf92ba C:\Program Files\UnHackMe\hackmon.exe
MD5: 64c545b2cf34f7f43fd6717785eb8901 C:\Program Files\Verizon\IHA_MessageCenter\Bin\Interop.NATUPNPLib.dll
MD5: 68462578c4785eb5fc19e6f3a341dad8 C:\Program Files\Verizon\IHA_MessageCenter\Bin\Interop.NetFwTypeLib.dll
MD5: b89cb7f3f1a1e2807e708f5435deb13d C:\Program Files\Verizon\IHA_MessageCenter\Bin\log4net.dll
MD5: 5cab9d1ab5c9384d28dff89dbe7a72bb C:\Program Files\Verizon\IHA_MessageCenter\Bin\Verizon_IHAMessageCenter.exe
MD5: a21f3188eeedf6f32283875c5edc5905 C:\Program Files\VERIZONDM\bin\DMMonitor.dll
MD5: 5c5209b04b1942a534259c2ab7bb1eea C:\Program Files\VERIZONDM\bin\LIBEAY32.dll
MD5: 0153701206d2cf9a43f88b40af1fbc22 C:\Program Files\VERIZONDM\bin\sprtcmd.exe
MD5: eb48c000d2a5c614bee4d87365bd3ad8 C:\Program Files\VERIZONDM\bin\sprtevent.dll
MD5: 251e22a5d9baac9e1153707eef2ef62e C:\Program Files\VERIZONDM\bin\sprtfod.dll
MD5: 157c29532ab783f16648a7d4df5cb826 C:\Program Files\VERIZONDM\bin\sprtmessage.dll
MD5: 92982bc49fa1e45ebd64a4605ae57790 C:\Program Files\VERIZONDM\bin\sprtsched.dll
MD5: 9be42e99bbd5461f1f94fe39fee2e6f5 C:\Program Files\VERIZONDM\bin\sprtsvc.exe
MD5: a95fd607292f05218feb8d580fb4cc8e C:\Program Files\VERIZONDM\bin\sprtsync.dll
MD5: 18e84c774815d9f6f6931f46ca00b1bf C:\Program Files\VERIZONDM\bin\sprttrigger.dll
MD5: dd8be1269dca19ebdbef65b63bfc705c C:\Program Files\VERIZONDM\bin\sprtui.dll
MD5: 2f7959c5faa11e0f53fa3d321c9074d0 C:\Program Files\VERIZONDM\bin\sprtupdate.dll
MD5: 428e44ae3c2021f79c7a4e5eca44bc49 C:\Program Files\VERIZONDM\bin\SupportSoft.Agent.Sprocket.dll
MD5: f8654c20b9d108f91f312d0db857e8e7 C:\Program Files\VERIZONDM\bin\SupportSoft.Agent.Sprocket.SupportMessage.dll
MD5: c4e3bbcba4e10a34e31c26a0cf933e32 C:\Program Files\VERIZONDM\bin\tgsrvc.exe
MD5: ef5753d046262320345e8a6b0a5ac64b c:\program files\vmntoolbar\vmntoolbar.dll
MD5: 7b37f8ec25c9ad853e8126c1d0992201 C:\Program Files\Western Digital\WD SmartWare\Front Parlor\msvcm90.dll
MD5: 80caecd939497a17bd8ceedd94691b40 C:\Program Files\Western Digital\WD SmartWare\Front Parlor\WDFMEIPC.dll
MD5: 92f0088ca18bb08bb596ef2608256f8a C:\Program Files\Western Digital\WD SmartWare\Front Parlor\WDSC.exe
MD5: 315c344ea1ec71ae6db4bb4567d912ef C:\Program Files\Western Digital\WD SmartWare\Front Parlor\XP\Shadow.dll
MD5: bf847a3972cc6b5ce26e0ea742dd52d9 C:\Program Files\Western Digital\WD SmartWare\WD Drive Manager\WDDMService.exe
MD5: f415c0541cd53c453e61e2d7375caf8f C:\Program Files\Western Digital\WD SmartWare\WD Drive Manager\WDDMStatus.exe
MD5: c4edb78883828e664650022c67ff95f2 C:\Program Files\Western Digital\WD SmartWare\WD Drive Manager\WdNetworkDiscovery.DLL
MD5: a379b75a6ffe4dfd3184f35f0141ce91 C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe
MD5: c99d1eb52de019556f72671cb23d8513 C:\WINDOWS.0\ALCWZRD.EXE
MD5: 310c15fd8358b2c4cd7a5b98a112883f C:\WINDOWS.0\AppPatch\AcGenral.DLL
MD5: dc426a365577f27187f99eb506ecd5d1 C:\WINDOWS.0\assembly\GAC_32\CustomMarshalers\2.0.0.0__b03f5f7f11d50a3a\CustomMarshalers.dll
MD5: 26feb5a2009c6e6af483020cb6fbbff6 C:\WINDOWS.0\assembly\NativeImages_v2.0.50727_32\CustomMarshalers\bb26dd100d656605c576881a1a823667\CustomMarshalers.ni.dll
MD5: dec7885b2ef0966ea285c9a40e7afba4 C:\WINDOWS.0\assembly\NativeImages_v2.0.50727_32\mscorlib\e337c89bc9f81b69d7237aa70e935900\mscorlib.ni.dll
MD5: be14dc6443efe37e938bb303f64a1da9 C:\WINDOWS.0\assembly\NativeImages_v2.0.50727_32\PresentationCore\f33e2a4d9b385234406fa2d662f78875\PresentationCore.ni.dll
MD5: 24ca44b2f9259366b37a792bb132c0f9 C:\WINDOWS.0\assembly\NativeImages_v2.0.50727_32\PresentationFramewo#\7416fe825e6e49a87fa8ff60c8971813\PresentationFramework.Classic.ni.dll
MD5: 1b78847448990a723e29bd7fe03d3684 C:\WINDOWS.0\assembly\NativeImages_v2.0.50727_32\PresentationFramewo#\e4ecfaaf5417aceecb7fa8abddf06113\PresentationFramework.ni.dll
MD5: 1d52bcaf65ec439c735ed109431d1c09 C:\WINDOWS.0\assembly\NativeImages_v2.0.50727_32\System.Configuration\3d5b7368bde0f65aa15d9f46b498cc89\System.Configuration.ni.dll
MD5: c05a4d494c3096782f80cfdf7f4aefa8 C:\WINDOWS.0\assembly\NativeImages_v2.0.50727_32\System.Drawing\d86f2038209a4cf0d0f5b30f6375c9b2\System.Drawing.ni.dll
MD5: 397d3ef4842d6454fa68218438165a5d C:\WINDOWS.0\assembly\NativeImages_v2.0.50727_32\System.Management\9080c8e8e7b6dfb502c1328673d636f8\System.Management.ni.dll
MD5: 4da6843e52f8128156130b6d3679fd06 C:\WINDOWS.0\assembly\NativeImages_v2.0.50727_32\System.Runtime.Remo#\92d58f840f549f9bd880783d43db7e3c\System.Runtime.Remoting.ni.dll
MD5: b7a48556eb302cd02a725d2d425f2d0c C:\WINDOWS.0\assembly\NativeImages_v2.0.50727_32\System.ServiceProce#\8b84bb74d7724e147a642a1d5358feb7\System.ServiceProcess.ni.dll
MD5: a7e9d45b18a13dc18e3c0311d1cf620f C:\WINDOWS.0\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\01abbadafaf265d9f4ac9bbb247acb98\System.Windows.Forms.ni.dll
MD5: 8563f5a4f6342ba64e7c398f7efcc350 C:\WINDOWS.0\assembly\NativeImages_v2.0.50727_32\System.Xml\3bba1b8b0b5ef0be238b011cc7a0575e\System.Xml.ni.dll
MD5: 72cadf7ee0722dae4a6b98eefeac06bc C:\WINDOWS.0\assembly\NativeImages_v2.0.50727_32\System\e4b5afc4da43b1c576f9322f9f2e1bfe\System.ni.dll
MD5: f746a5b455ce09862c229385d8663213 C:\WINDOWS.0\assembly\NativeImages_v2.0.50727_32\WindowsBase\6d8bef0d008389874e55c0308f0c18e5\WindowsBase.ni.dll
MD5: 3f4413dcd8d3bbabf08f68f25e6d60e1 C:\WINDOWS.0\Downloaded Program Files\isusweb.dll
MD5: c6e3105b8c68c35cc1eb26a00fd1a8c6 C:\WINDOWS.0\gdrv.sys
MD5: 1aa06c81a0621e277e755b965b5e4b5f C:\WINDOWS.0\ijl15.dll
MD5: 98e24054191041d0353f5e61ad191459 C:\WINDOWS.0\KHALMNPR.EXE
MD5: 34a14cd6b6e9c8bfbabeaf6eed5149bb C:\WINDOWS.0\Logi_MwX.Exe
MD5: 860fad57b4668a9f5f350a9d5444ae89 C:\WINDOWS.0\Microsoft.NET\Framework\v2.0.50727\diasymreader.dll
MD5: b560a085eed4d5d72b039929f9ae4991 C:\WINDOWS.0\Microsoft.NET\Framework\v2.0.50727\mscorjit.dll
MD5: f282d4edd85d53e20d902cc92190c5f5 C:\WINDOWS.0\Microsoft.NET\Framework\v2.0.50727\mscorsec.dll
MD5: 1c88cf5977c016a37bfac1178daa7822 C:\WINDOWS.0\Microsoft.NET\Framework\v2.0.50727\mscorwks.dll
MD5: 35a936c7c029a5b705d3ffd40518d660 C:\WINDOWS.0\Microsoft.NET\Framework\v2.0.50727\WMINet_Utils.dll
MD5: ab87eeffd18f2baafc274e7075ea6c67 C:\WINDOWS.0\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll
MD5: d04f7aaca2319a3bcdb2c5d5dd6f6026 C:\WINDOWS.0\msvcp70.dll
MD5: db4e2d9c09a5762cb2551222b5e443b2 C:\WINDOWS.0\RaidTool\xInsIDE.exe
MD5: 1750581edd5b09e0ac1be265dda9e4f0 C:\WINDOWS.0\RTHDCPL.exe
MD5: 801cafb80b0454d302f63e9d1a601819 C:\WINDOWS.0\SoundMan.exe
MD5: bf96b305415309d78b9f4a0ecce73198 C:\WINDOWS.0\system32\3aline.scr
MD5: c9fc430129db4e5272003e9307759987 C:\WINDOWS.0\system32\bidispl.dll
MD5: cfd4e51402da9838b5a04ae680af54a0 c:\windows.0\system32\browser.dll
MD5: 554cd2e05736bfc915c55da7424d2f32 C:\WINDOWS.0\system32\CNC495C.dll
MD5: 0a294f1a46f4bcb5c4323ffeb276393d C:\WINDOWS.0\system32\CNC495L.DLL
MD5: df6be05b03f506a62b3eb786d0336ed1 C:\WINDOWS.0\system32\CNMLM83.DLL
MD5: 6a437e8991c407728b615f4d63af36f7 C:\WINDOWS.0\system32\CNMLMA9.DLL
MD5: b3b13025e236417e8b6bc8e96d7773ef C:\WINDOWS.0\system32\CNMNPPM.DLL
MD5: 93afb83fbc1f9443cac722fca63d73bf C:\WINDOWS.0\system32\comctl32.dll
MD5: ed0c0df222209e43ad9afbf3fe87dde0 C:\WINDOWS.0\system32\comsvcs.dll
MD5: 64416c6e07606720c1ece6dd374bdffd C:\WINDOWS.0\system32\CRYPT32.dll
MD5: c14350fc0d47d806699c4f907fc6785b C:\WINDOWS.0\system32\cryptnet.dll
MD5: 515a7fae2070c2b0242b2353443e2f11 C:\WINDOWS.0\System32\CSCDLL.dll
MD5: dd40363abad230a84c5e2178b11efa88 C:\WINDOWS.0\system32\CSRSRV.dll
MD5: 0607cbc6fa20114cb491efe4b2f9efad C:\WINDOWS.0\system32\d3d9.dll
MD5: 63e35605af4e9545799e238984e74638 C:\WINDOWS.0\system32\DeltaIITray.exe
MD5: e2092f0a1d7abc243f9c2362483d150d C:\WINDOWS.0\System32\dimsntfy.dll
MD5: aa0507f0516a4dff1b1279ab4a2abb37 C:\WINDOWS.0\system32\DINPUT8.dll
MD5: 389496118b3b03c2328024af320132ac C:\WINDOWS.0\system32\DNSAPI.dll
MD5: 5f7e24fa9eab896051ffb87f840730d2 c:\windows.0\system32\dnsrslvr.dll
MD5: 1e44bc1e83d8fd2305f8d452db109cf9 C:\WINDOWS.0\System32\drivers\afd.sys
MD5: 591a9eabb5ef5168e435c2f18b05dd76 C:\WINDOWS.0\system32\drivers\AtiHdmi.sys
MD5: 20a04d8077cccba1711070eb01f02afb C:\WINDOWS.0\system32\DRIVERS\deltaII.sys
MD5: 74dd46d49809c5f689f24ccdd0d18a4e C:\WINDOWS.0\system32\drivers\DigiFilt.sys
MD5: 0281a8c7ef5ce55acb459f466eecd19f C:\WINDOWS.0\system32\DRIVERS\epppdt.sys
MD5: a720dc80dbcf5ba5ee48eca7a2573ebe C:\WINDOWS.0\system32\DRIVERS\epppdtpr.sys
MD5: 689a8eef2a2d62b28a0a578a6196531c C:\WINDOWS.0\system32\Drivers\GVTDrv.sys
MD5: 748031ff4fe45ccc47546294905feab8 C:\WINDOWS.0\system32\DRIVERS\HidBatt.sys
MD5: 98e96b6f095e6289c3293b99d0f926b2 C:\WINDOWS.0\system32\drivers\InCDFs.sys
MD5: 0b3e2517cf826020688650d46adf5b05 C:\WINDOWS.0\system32\drivers\InCDPass.sys
MD5: 00ee363ea793a9d8dab5254acbd7d8e6 C:\WINDOWS.0\system32\drivers\InCDRec.sys
MD5: d41ab5be8861aff53851594de58dddfa C:\WINDOWS.0\system32\drivers\InCDRm.sys
MD5: b07084095f8c03aadb9811c9df14b5e4 C:\WINDOWS.0\system32\DRIVERS\jraid.sys
MD5: e254e5b2c5227ddbb47d045940a0a559 C:\WINDOWS.0\System32\Drivers\LBeepKE.sys
MD5: 8b30311241f97b35167afe68d79e8530 C:\WINDOWS.0\system32\DRIVERS\LHidFilt.Sys
MD5: 3c357dfdbbf2b4b01aa4b9c8a26e4416 C:\WINDOWS.0\system32\DRIVERS\LHidFlt2.Sys
MD5: ffb851b1b2f6596b7d3182b977a85206 C:\WINDOWS.0\System32\Drivers\LHidUsb.Sys
MD5: 48d7422a6c4eec886b56ac534cfa3acf C:\WINDOWS.0\system32\DRIVERS\LMouFilt.Sys
MD5: aef09673376a4d93c09e8341854f1bf4 C:\WINDOWS.0\system32\DRIVERS\LMouFlt2.Sys
MD5: 0b808ff2f17c8396fb2ae202f75aed37 C:\WINDOWS.0\System32\Drivers\LUsbFilt.Sys
MD5: d993bea500e7382dc4e760bf4f35efcb C:\WINDOWS.0\system32\DRIVERS\MpFilter.sys
MD5: 7d304a5eb4344ebeeab53a2fe3ffb9f0 C:\WINDOWS.0\system32\DRIVERS\mrxsmb.sys
MD5: 0109c4f3850dfbab279542515386ae22 C:\WINDOWS.0\system32\DRIVERS\ndistapi.sys
MD5: bf506d232c5e6f2dae80f5c11b45c60e C:\WINDOWS.0\system32\DRIVERS\nv4_mini.sys
MD5: 6ddcf3f801ec15fe698f6a215cf30a1f C:\WINDOWS.0\system32\drivers\Partizan.sys
MD5: d5de7dd879cc7c2cdc5080b4f04f6770 C:\WINDOWS.0\System32\Drivers\PdiPorts.sys
MD5: 943f840611d33832308ec5310b616b57 C:\WINDOWS.0\System32\drivers\pivot.sys
MD5: 998c58295288eedfbfe95e7f6cc94df4 C:\WINDOWS.0\System32\drivers\pivotmou.sys
MD5: dea06627596015263360097c2608384e C:\WINDOWS.0\system32\DRIVERS\pnarp.sys
MD5: c0cdb9f7ce42c3487f0bea409bf5d153 C:\WINDOWS.0\system32\DRIVERS\purendis.sys
MD5: 37ecebdd930395a9c399fb18a3c236d3 C:\WINDOWS.0\system32\Drivers\regguard.sys
MD5: f0a21c62b9b835e1c96268eaae31d239 C:\WINDOWS.0\system32\DRIVERS\Rtenicxp.sys
MD5: 4aaa8312732655f93a254d1fa695eb79 C:\WINDOWS.0\system32\drivers\RtkHDAud.sys
MD5: b244960e5a1db8e9d5d17086de37c1e4 C:\WINDOWS.0\system32\DRIVERS\sbp2port.sys
MD5: 47ddfc2f003f7f9f0592c6874962a2e7 C:\WINDOWS.0\system32\DRIVERS\srv.sys
MD5: e266683fc95abdec17cd378564e1b54b C:\WINDOWS.0\system32\DRIVERS\TVICHW32.SYS
MD5: d4fb6ecc60a428564ba8768b0e23c0fc C:\WINDOWS.0\System32\Drivers\usbaapl.sys
MD5: 2f4b3c0e58d4a7bd8e38d1cd9ca47691 C:\WINDOWS.0\System32\Drivers\usbbc.sys
MD5: c60dc16d4e406810fad54b98dc92d5ec C:\WINDOWS.0\system32\DRIVERS\wpdusb.sys
MD5: 31951e15cbc303b885634f420bce7ead c:\windows.0\system32\dvmurl.dll
MD5: a4ec6b9766e2a7faa77283697bc5c307 C:\WINDOWS.0\system32\E_FLB9SA.DLL
MD5: 766632ab4694d6d26837a6c40002a28b C:\WINDOWS.0\system32\epppdtmn.dll
MD5: f47fb126c33b875252d6cf45959a96bb C:\WINDOWS.0\system32\escwiab.dll
MD5: f5b754cdea20bbb3a31e16a776ede6d6 C:\WINDOWS.0\system32\ESENT.dll
MD5: 303a63f4b913aa5d8998161cb77a8ce7 C:\WINDOWS.0\system32\feclient.dll
MD5: 77ebf3e9386daa51551af429052d88d0 C:\WINDOWS.0\system32\giveio.sys
MD5: ce5bc065c74c0a49486664cf71e0ca0a C:\WINDOWS.0\system32\ieframe.dll
MD5: 46485ae6433af77f237c792d3da11f48 C:\WINDOWS.0\system32\iertutil.dll
MD5: ffc01a72d1c25ccb39f61b202ce60819 C:\WINDOWS.0\system32\IMAGEHLP.dll
MD5: a0df3f3aa3dc40fe160aaefbb5187fd9 C:\WINDOWS.0\system32\Imf32.dll
MD5: 3e3cc9c47237851743988c74573153fa C:\WINDOWS.0\system32\kemutb.dll
MD5: 112ea9f7aeb5401a0cbe73c0a3f3cc7f C:\WINDOWS.0\system32\KemUtil.dll
MD5: 2e825edc4bfb4e55acad499feb7f7d4d C:\WINDOWS.0\system32\KemWnd.dll
MD5: 1abb622af2d719db38ef79727e5c8040 C:\WINDOWS.0\system32\KemXML.dll
MD5: a525c96c51d55111fdf3bea9ffffc7ae C:\WINDOWS.0\system32\kerberos.dll
MD5: 5677dfe438ec1f009273fc84feed6b10 C:\WINDOWS.0\system32\localspl.dll
MD5: bd31dc6dbe9333c4fbd4bdf0899f2160 C:\WINDOWS.0\system32\LSASRV.dll
MD5: a9d3b95e8466bd58eeb8a1154654e162 C:\WINDOWS.0\system32\Macromed\Flash\FlashPlayerUpdateService.exe
MD5: 99b4b884fe9a878b4822f7f326c90ce1 C:\WINDOWS.0\system32\Macromed\Flash\NPSWF32_11_3_300_271.dll
MD5: 09aef167eb1531e965053d0dcf6cc573 C:\WINDOWS.0\system32\mfc70.dll
MD5: 855f6333e3a4dfc6f3c8b0520c261fcd C:\WINDOWS.0\system32\MSFTEDIT.DLL
MD5: d3f72d50de53f9f1f55240115af4d42e C:\WINDOWS.0\system32\msi.dll
MD5: 062ed848780162270910d8f87790d0e0 C:\WINDOWS.0\system32\MsPMSP.dll
MD5: 585992d78b671aaa075c02241309795d C:\WINDOWS.0\system32\MSVCIRT.dll
MD5: cf55708e01719037b441ed53c8886a84 C:\WINDOWS.0\system32\MSWMDM.dll
MD5: 943337d786a56729263071623bbb9de5 C:\WINDOWS.0\system32\mswsock.dll
MD5: acfee2392503dd5e457363a0510b8bcb C:\WINDOWS.0\system32\msxml3.dll
MD5: a0ae7f043497c9971e9d7fe291099d40 C:\WINDOWS.0\system32\msxml6.dll
MD5: 748393eee2e85357567df4ad30d86397 C:\WINDOWS.0\system32\NeroCheck.exe
MD5: cac752bf84db4666ed3ce0948e6ea937 C:\WINDOWS.0\system32\NETAPI32.dll
MD5: 062f837c1fbdb6a0a75f82efc2ee8e74 C:\WINDOWS.0\system32\netshell.dll
MD5: b1ef4686961986dffb7fe8f18e6fcb5b C:\WINDOWS.0\system32\nlssrv32.exe
MD5: f8f0d25ca553e39dde485d8fc7fcce89 C:\WINDOWS.0\system32\ntdll.dll
MD5: 1ad9ca5e9efdbf1eeadb8c55c25b4187 C:\WINDOWS.0\system32\nvapi.dll
MD5: ad28aff3f09d123edcaf5a4120713a80 C:\WINDOWS.0\system32\NvCpl.dll
MD5: a1de6200ee8eb2e11ee1c981341224c7 C:\WINDOWS.0\system32\NvMcTray.dll
MD5: ce8cce2b9f96aca02e5ded4298a7796d C:\WINDOWS.0\system32\nvsvc32.exe
MD5: c8a7d0956f59098be74119aae51b3f25 C:\WINDOWS.0\system32\nwiz.exe
MD5: 40b0f98bad16ad5def894e88c3ef8014 C:\WINDOWS.0\system32\ODBC32.dll
MD5: 6bad1bed9872e62049e487fb91ae2f3a C:\WINDOWS.0\system32\ole32.dll
MD5: 20200ee3cfe10e9f0c028d8653be11c6 C:\WINDOWS.0\system32\OLEACC.dll
MD5: 1b2be5777f69a71778f52ffee1c798d6 C:\WINDOWS.0\system32\OLEAUT32.dll
MD5: f1dac7969c1337af790bd1d981aa780c C:\WINDOWS.0\system32\qmgrprxy.dll
MD5: d4502f124289a31976130cccb014c9aa C:\WINDOWS.0\system32\RPCRT4.dll
MD5: 72451fd61ddbb0a1fb071b7c3cde5594 C:\WINDOWS.0\system32\rsvpsp.dll
MD5: 0f64207b49390c8063c36ae7cbf9c2db C:\WINDOWS.0\system32\schannel.dll
MD5: 8bcd11d38fce43a519246a91cc40de6a C:\WINDOWS.0\system32\SECURITY.DLL
MD5: c896f6270ec20a60799298b423d5f58b C:\WINDOWS.0\system32\SHDOCVW.dll
MD5: 6843d54bc4a40cc8c5741af750233d10 C:\WINDOWS.0\system32\SHELL32.dll
MD5: 99bc0b50f511924348be19c7c7313bbf C:\WINDOWS.0\system32\SHSVCS.dll
MD5: 5d6401db90ec81b71f8e2c5c8f0fef23 C:\WINDOWS.0\system32\speedfan.sys
MD5: 44a789cea3279466f904fdd1adb87359 C:\WINDOWS.0\System32\spool\DRIVERS\W32X86\3\CNMDRA9.DLL
MD5: d6fa14c733c51e40f7da55ee7224aca5 C:\WINDOWS.0\System32\spool\DRIVERS\W32X86\3\CNMUIA9.DLL
MD5: fec3ace4d5e9b8b13c401941ee50f476 C:\WINDOWS.0\System32\spool\PRTPROCS\W32X86\CNMPD83.DLL
MD5: 672dcee749bf8a259448991b0297187d C:\WINDOWS.0\System32\spool\PRTPROCS\W32X86\CNMPDA9.DLL
MD5: bbce4deb3501b71e7eb1d8af3a35b975 C:\WINDOWS.0\System32\spool\PRTPROCS\W32X86\IMFPrint.DLL
MD5: 60784f891563fb1b767f70117fc2428f C:\WINDOWS.0\system32\spoolsv.exe
MD5: 3a7c3cbe5d96b8ae96ce81f0b22fb527 c:\windows.0\system32\srvsvc.dll
MD5: 3caeae7608f1bd7ba873a3b02895b106 C:\WINDOWS.0\system32\sti.dll
MD5: d0049860b63dd87a73a5d165c829c65f C:\WINDOWS.0\system32\t2embed.dll
MD5: c9335d5b07e6a930bd561d35c431a0af C:\WINDOWS.0\system32\urlmon.dll
MD5: a93aee1928a9d7ce3e16d24ec7380f89 c:\windows.0\system32\userinit.exe
MD5: 9e03dc5ab51cfd0190541ce2038d819d C:\WINDOWS.0\system32\USP10.dll
MD5: e837fdbb92e9873e538395b623f45462 C:\WINDOWS.0\system32\wbem\cimwin32.dll
MD5: 4306fa2f1099d7c606139255fdb62b19 C:\WINDOWS.0\system32\wbem\framedyn.dll
MD5: c7000f2db2a5515c64c257478769a481 C:\WINDOWS.0\system32\wbem\unsecapp.exe
MD5: ebc6ace28e58ba5be4a8190b613b6f02 C:\WINDOWS.0\system32\wdfmgr.exe
MD5: 291778dfebaa278b451d457b03c10ac1 C:\WINDOWS.0\system32\win32spl.dll
MD5: 5f63e2b2a72e1e6448123e0920d31530 C:\WINDOWS.0\system32\WindowsCodecs.dll
MD5: eb2d2e05e471208cd651ddcdf77904bf C:\WINDOWS.0\system32\WindowsCodecsExt.dll
MD5: 684559a03cbc1d05ba120a18b0d8ba5d C:\WINDOWS.0\system32\WINHTTP.dll
MD5: c4300cb4d20b1159dc77e01e8a2525ec C:\WINDOWS.0\system32\WININET.dll
MD5: 4a953f13942867ba8fb41f141ec1b80c C:\WINDOWS.0\system32\WINMM.dll
MD5: d72b9ec3337b247a666f098f3d6b43de C:\WINDOWS.0\System32\winrnr.dll
MD5: 8c7dca4b158bf16894120786a7a5f366 C:\WINDOWS.0\system32\winsrv.dll
MD5: 95f5c420e9bdd4c3569602911420a774 C:\WINDOWS.0\system32\WINTRUST.dll
MD5: 9eefe69139fdbb4a3c327630f8eb993a C:\WINDOWS.0\system32\wlanapi.dll
MD5: 2cc34e8bb667eef78899546e12649196 C:\WINDOWS.0\system32\WlNotify.dll
MD5: c77a18954c448dd9f87585247851501a C:\WINDOWS.0\system32\WMASF.DLL
MD5: 4dbb48ffe1f5e33429f5f5f6cbc2f1ef C:\WINDOWS.0\system32\WMDMPS.dll
MD5: 1a617835452eee5060976c9b9f5fe635 C:\WINDOWS.0\system32\wuapi.dll
MD5: 5caf91e865fe0c85048a233e594544d2 c:\windows.0\system32\WUDFPlatform.dll
MD5: 29f3ecd623330ad06005482a84c2a741 C:\WINDOWS.0\system32\xpsp1res.dll
MD5: 16403217ab6fc5c30c14c6b12098ad4b C:\WINDOWS.0\system32\xpsp2res.dll
MD5: 8ad9392266e33ee7b9a9619c165de883 C:\WINDOWS.0\system32\xRaidSetup.exe
MD5: 953b419e9be71c5602a85cae732ace53 C:\WINDOWS.0\system32\ZLhp1020.DLL
MD5: 65f8ea0d6858140beda30f42578ee37c C:\WINDOWS.0\system32\ZLM.dll
MD5: fae332da4762c6779a3845810405924f C:\WINDOWS.0\system32\ZSPOOL.dll
MD5: 27b026cc7ee3b42745c3362603fbfc52 C:\WINDOWS.0\system32\ZTAG32.dll
MD5: d5e459bed3db9cf7fc6cc1455f177d2d C:\WINDOWS.0\WinSxS\x86_Microsoft.VC80.ATL_1fc8b3b9a1e18e3b_8.0.50727.6195_x-ww_a4c618fa\ATL80.DLL
MD5: 0b3595a4ff0b36d68e5fc67fd7d70fdc C:\WINDOWS.0\WinSxS\x86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0.50727.6195_x-ww_44262b86\MSVCP80.dll
MD5: c9564cf4976e7e96b4052737aa2492b4 C:\WINDOWS.0\WinSxS\x86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0.50727.6195_x-ww_44262b86\MSVCR80.dll
MD5: e2c48cd0132d4d1dc7d0df9a6bef686a C:\WINDOWS.0\WinSxS\x86_Microsoft.VC80.MFC_1fc8b3b9a1e18e3b_8.0.50727.6195_x-ww_150c9e8b\MFC80U.DLL
MD5: 28a09777d2d952122567a8a82f1a2c7b C:\WINDOWS.0\WinSxS\x86_Microsoft.VC80.MFCLOC_1fc8b3b9a1e18e3b_8.0.50727.6195_x-ww_6a5bb789\MFC80ENU.DLL
MD5: 4c39358ebdd2ffcd9132a30e1ec31e16 C:\WINDOWS.0\WinSxS\x86_Microsoft.VC90.CRT_1fc8b3b9a1e18e3b_9.0.30729.6161_x-ww_31a54e43\MSVCP90.dll
MD5: cdbe9690cf2b8409facad94fac9479c9 C:\WINDOWS.0\WinSxS\x86_Microsoft.VC90.CRT_1fc8b3b9a1e18e3b_9.0.30729.6161_x-ww_31a54e43\MSVCR90.dll
MD5: 736b12b725aeb2b07f0241a9f680cb10 C:\WINDOWS.0\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.6028_x-ww_61e65202\comctl32.dll
MD5: 80776884e7a05d6da5040926f82b0273 C:\WINDOWS.0\WinSxS\x86_Microsoft.Windows.GdiPlus_6595b64144ccf1df_1.0.6002.22791_x-ww_c8dff154\gdiplus.dll

The following file(s) must be uploaded for server-side scanning:
C:\Program Files\CallingID\CallingIDLinkAdvisor2.0\Toolbar\CallingIDGlobalPS.dll
C:\Program Files\CallingID\CallingIDLinkAdvisor2.0\LinkAdvisor\Firefox\components\CallingIDLinkAdvisorGecko01.dll
C:\Program Files\CallingID\CallingIDLinkAdvisor2.0\LinkAdvisor\CIDLinkAdvisorService.exe
C:\Program Files\CallingID\CallingIDLinkAdvisor2.0\Toolbar\Firefox\components\CIDDomFx01.dll
c:\program files\callingid\callingidlinkadvisor2.0\toolbar\callingidie.dll
C:\Documents and Settings\Mark V. Sanderford\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\abdnighfgafbeighondbgepoenlnpcef\2.0.0.248_0\npCIDToolbarDummyPlugin.dll
C:\Documents and Settings\Mark V. Sanderford\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\gkeciodhggpcngbhlhiiphbhlddbaafl\2.0.0.248_0\npCIDLinkAdvisorPlugin.dll
C:\Documents and Settings\Mark V. Sanderford\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\abdnighfgafbeighondbgepoenlnpcef\2.0.0.248_0\npCIDToolbarFramePlugin.dll
C:\Program Files\CallingID\CallingIDLinkAdvisor2.0\Light\CIDGlobalLightPS.dll

Upload started - 9 file(s)
CIDLinkAdvisorService.exe (227408)
CallingIDGlobalPS.dll (71760)
CIDGlobalLightPS.dll (71760)
npCIDToolbarDummyPlugin.dll (75856)
npCIDLinkAdvisorPlugin.dll (120912)
CallingIDLinkAdvisorGecko01.dll (235600)
CIDDomFx01.dll (235600)
npCIDToolbarFramePlugin.dll (235600)
callingidie.dll (841808)
Upload speed - 35 KB/s
Upload finished - 9 uploaded, 0 failed

The uploaded file(s) were found clean.

Scan finished - communication took 58 sec
Total traffic - 2.04 MB sent, 1.91 KB recvd
Scanned 865 files and modules - 117 seconds

==============================================================================
  • 0

#24
crossbow66
Posted 15 September 2012 - 11:36 AM

crossbow66

    Member

  • Topic Starter
  • Member
  • PipPip
  • 55 posts
Ummm. I cleared the system and the application parts of the Event Viewer and rebooted, but it doesn't appear to be checking the disk. Is it doing it without my knowing it, or is there something else I need to do? (I uninstalled RegRun.)
  • 0

#25
RKinner
Posted 15 September 2012 - 11:51 AM

RKinner

    Malware Expert

  • Expert
  • 24,625 posts
  • MVP
I should have deleted

The disk check will run and will probably take an hour or more to finish.


from the text. Sorry. Just go on.
  • 0

Advertisements

#26
crossbow66
Posted 15 September 2012 - 11:53 AM

crossbow66

    Member

  • Topic Starter
  • Member
  • PipPip
  • 55 posts
OK! Thanks! Onward!
  • 0

#27
crossbow66
Posted 15 September 2012 - 11:56 AM

crossbow66

    Member

  • Topic Starter
  • Member
  • PipPip
  • 55 posts
Vino's Event Viewer v01c run on Windows XP in English
Report run at 15/09/2012 1:54:57 PM

Note: All dates below are in the format dd/mm/yyyy

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
'System' Log - error Type
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Log: 'System' Date/Time: 15/09/2012 1:32:34 PM
Type: error Category: 0
Event: 7000 Source: Service Control Manager
The Automatic Updates service failed to start due to the following error: The executable program that this service is configured to run in does not implement the service.

Log: 'System' Date/Time: 15/09/2012 1:32:34 PM
Type: error Category: 0
Event: 10005 Source: DCOM
DCOM got error "%1083" attempting to start the service wuauserv with arguments "" in order to run the server: {E60687F7-01A1-40AA-86AC-DB1CBF673334}

Log: 'System' Date/Time: 15/09/2012 1:32:26 PM
Type: error Category: 0
Event: 7000 Source: Service Control Manager
The Automatic Updates service failed to start due to the following error: The executable program that this service is configured to run in does not implement the service.

Log: 'System' Date/Time: 15/09/2012 1:32:26 PM
Type: error Category: 0
Event: 7000 Source: Service Control Manager
The WD File Management Engine service failed to start due to the following error: The system cannot find the file specified.

Log: 'System' Date/Time: 15/09/2012 1:32:26 PM
Type: error Category: 0
Event: 7000 Source: Service Control Manager
The Nero Registry InCD Service service failed to start due to the following error: The system cannot find the file specified.

Log: 'System' Date/Time: 15/09/2012 1:32:26 PM
Type: error Category: 0
Event: 7000 Source: Service Control Manager
The MCSTRM service failed to start due to the following error: The system cannot find the file specified.

Log: 'System' Date/Time: 15/09/2012 1:32:26 PM
Type: error Category: 0
Event: 7000 Source: Service Control Manager
The InCD Helper service failed to start due to the following error: The system cannot find the file specified.

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
'System' Log - warning Type


~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~


Vino's Event Viewer v01c run on Windows XP in English
Report run at 15/09/2012 1:56:30 PM

Note: All dates below are in the format dd/mm/yyyy

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
'Application' Log - error Type
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
'Application' Log - warning Type
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
  • 0

#28
crossbow66
Posted 15 September 2012 - 12:22 PM

crossbow66

    Member

  • Topic Starter
  • Member
  • PipPip
  • 55 posts
Combo fix - ...lost the log of previous OTL on reboot so I'll rerun it.
  • 0

#29
crossbow66
Posted 15 September 2012 - 12:24 PM

crossbow66

    Member

  • Topic Starter
  • Member
  • PipPip
  • 55 posts
ComboFix 12-08-29.03 - Mark V. Sanderford 09/15/2012 14:12:40.3.2 - x86
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.3326.2546 [GMT -4:00]
Running from: c:\documents and settings\Mark V. Sanderford\Desktop\ComboFix.exe
Command switches used :: c:\documents and settings\Mark V. Sanderford\Desktop\CFScript.txt
AV: Microsoft Security Essentials *Disabled/Outdated* {EDB4FA23-53B8-4AFA-8C5D-99752CCA7095}
AV: Microsoft Security Essentials *Disabled/Updated* {BCF43643-A118-4432-AEDE-D861FCBCFCDF}
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
-------\Legacy_94865510
-------\Service_94865510
.
.
((((((((((((((((((((((((( Files Created from 2012-08-15 to 2012-09-15 )))))))))))))))))))))))))))))))
.
.
2012-09-15 17:00 . 2012-09-15 17:00 -------- d-----w- c:\documents and settings\Mark V. Sanderford\Application Data\QuickScan
2012-09-15 15:01 . 2012-09-15 15:01 -------- d-----w- c:\program files\ESET
2012-09-15 01:02 . 2012-09-15 01:02 -------- d-----w- C:\_OTL
2012-09-14 15:37 . 2012-09-14 15:38 -------- d-----w- c:\documents and settings\All Users.WINDOWS.0\Application Data\boost_interprocess
2012-09-12 18:04 . 2012-09-12 18:04 -------- d-----w- C:\_OTM
2012-09-12 17:34 . 2012-09-12 17:34 73696 ----a-w- c:\program files\Mozilla Firefox\breakpadinjector.dll
2012-09-12 11:02 . 2012-09-12 11:02 -------- d-----w- c:\documents and settings\All Users.WINDOWS.0\Application Data\AdFender
2012-09-11 12:07 . 2012-09-11 12:07 -------- d-----w- c:\documents and settings\Mark V. Sanderford\Application Data\SUPERAntiSpyware.com
2012-09-11 12:07 . 2012-09-11 12:07 -------- d-----w- c:\program files\SUPERAntiSpyware
2012-09-11 12:07 . 2012-09-11 12:07 -------- d-----w- c:\documents and settings\All Users.WINDOWS.0\Application Data\SUPERAntiSpyware.com
2012-09-11 11:36 . 2012-09-11 11:36 388096 ----a-r- c:\documents and settings\Mark V. Sanderford\Application Data\Microsoft\Installer\{45A66726-69BC-466B-A7A4-12FCBA4883D7}\HiJackThis.exe
2012-09-11 11:36 . 2012-09-11 11:36 -------- d-----w- c:\program files\Trend Micro
2012-09-11 00:58 . 2012-09-11 00:58 -------- d-----w- c:\documents and settings\Administrator.MARK-59C0B947BC\Local Settings\Application Data\Opera
2012-09-11 00:56 . 2012-09-11 00:56 -------- d-----w- c:\documents and settings\Administrator.MARK-59C0B947BC\Application Data\CallingID
2012-09-11 00:56 . 2012-09-11 00:56 -------- d-sh--w- c:\documents and settings\Administrator.MARK-59C0B947BC\PrivacIE
2012-09-11 00:50 . 2012-09-11 00:50 -------- d-----w- c:\documents and settings\Administrator.MARK-59C0B947BC\Application Data\Malwarebytes
2012-09-11 00:39 . 2012-09-11 00:39 -------- d-sh--w- c:\documents and settings\Administrator.MARK-59C0B947BC\IETldCache
2012-09-10 21:00 . 2012-09-10 21:00 -------- d-----w- c:\program files\Microsoft Security Client
2012-09-10 17:57 . 2008-04-14 05:48 52480 -c--a-w- c:\windows.0\system32\dllcache\i8042prt.sys
2012-09-10 17:57 . 2008-04-14 05:48 52480 ----a-w- c:\windows.0\system32\drivers\i8042prt.sys
2012-09-10 17:30 . 2012-09-15 17:28 -------- d-----w- c:\documents and settings\All Users.WINDOWS.0\Application Data\RegRun
2012-09-10 17:30 . 2012-09-10 17:30 2 --shatr- c:\windows.0\winstart.bat
2012-09-10 17:30 . 2012-09-15 17:29 -------- d-----w- c:\program files\UnHackMe
2012-09-06 02:07 . 2012-09-06 02:07 -------- d-----w- c:\windows.0\system32\NtmsData
2012-09-05 01:48 . 2012-09-05 01:48 -------- d-----w- C:\Program Files (x86)
2012-08-29 19:51 . 2012-08-29 22:06 -------- d-----w- C:\TDSSKiller_Quarantine
2012-08-21 21:30 . 2012-08-21 21:30 -------- d-----w- c:\program files\TeaTimer (Spybot - Search & Destroy)
2012-08-21 21:30 . 2012-08-21 21:30 -------- d-----w- c:\program files\File Scanner Library (Spybot - Search & Destroy)
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-09-15 18:17 . 2009-02-03 13:00 16608 ----a-w- c:\windows.0\gdrv.sys
2012-09-07 21:04 . 2012-05-09 20:09 22856 ----a-w- c:\windows.0\system32\drivers\mbam.sys
2012-08-15 13:05 . 2012-04-10 11:25 426184 ----a-w- c:\windows.0\system32\FlashPlayerApp.exe
2012-08-15 13:05 . 2011-05-20 13:10 70344 ----a-w- c:\windows.0\system32\FlashPlayerCPLApp.cpl
2012-07-06 13:58 . 2008-04-14 09:41 78336 ----a-w- c:\windows.0\system32\browser.dll
2012-07-04 14:05 . 2009-01-25 22:11 139784 ----a-w- c:\windows.0\system32\drivers\rdpwd.sys
2012-07-03 13:40 . 2008-04-14 05:00 1866112 ----a-w- c:\windows.0\system32\win32k.sys
2012-07-02 17:49 . 2008-04-14 09:42 916992 ----a-w- c:\windows.0\system32\wininet.dll
2012-07-02 17:49 . 2008-04-14 09:42 1469440 ------w- c:\windows.0\system32\inetcpl.cpl
2012-07-02 17:49 . 2008-04-14 09:41 43520 ------w- c:\windows.0\system32\licmgr10.dll
2012-07-02 12:05 . 2008-04-14 04:07 385024 ------w- c:\windows.0\system32\html.iec
2012-09-12 17:34 . 2011-03-23 22:06 266720 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll
.
.
(((((((((((((((((((((((((((((((((((((((((((( Look )))))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
---- Directory of %user%\library ----
.
.
---- Directory of c:\program files\Common ----
.
.
.
------- Sigcheck -------
Note: Unsigned files aren't necessarily malware.
.
[-] 2009-01-20 . 2F811104EEEE476D84487D69AE47D43C . 1614848 . . [5.1.2600.5512] . . c:\windows.0\system32\sfcfiles.dll
.
((((((((((((((((((((((((((((( SnapShot@2012-09-10_18.01.11 )))))))))))))))))))))))))))))))))))))))))
.
+ 2012-09-15 18:17 . 2012-09-15 18:17 16384 c:\windows.0\Temp\Perflib_Perfdata_2ec.dat
+ 2012-09-15 18:17 . 2012-09-15 18:17 16384 c:\windows.0\Temp\Perflib_Perfdata_1ec.dat
+ 2012-03-21 00:44 . 2012-03-21 00:44 171064 c:\windows.0\system32\drivers\MpFilter.sys
+ 2012-09-10 21:00 . 2012-09-10 21:00 301056 c:\windows.0\Installer\a5a7ce.msi
+ 2012-05-01 02:35 . 2012-09-10 21:00 109563 c:\windows.0\Installer\{0F842B77-56EA-4AAF-8295-81A022350B5E}\SCEP.exe
- 2012-05-01 02:35 . 2012-05-01 02:35 109563 c:\windows.0\Installer\{0F842B77-56EA-4AAF-8295-81A022350B5E}\SCEP.exe
+ 2012-09-10 21:00 . 2012-09-10 21:00 123352 c:\windows.0\Installer\{0F842B77-56EA-4AAF-8295-81A022350B5E}\MSE.exe
+ 2012-05-01 02:35 . 2012-09-10 21:00 109563 c:\windows.0\Installer\{0F842B77-56EA-4AAF-8295-81A022350B5E}\INTUNE.exe
- 2012-05-01 02:35 . 2012-05-01 02:35 109563 c:\windows.0\Installer\{0F842B77-56EA-4AAF-8295-81A022350B5E}\INTUNE.exe
- 2012-05-01 02:35 . 2012-05-01 02:35 109563 c:\windows.0\Installer\{0F842B77-56EA-4AAF-8295-81A022350B5E}\FEP.exe
+ 2012-05-01 02:35 . 2012-09-10 21:00 109563 c:\windows.0\Installer\{0F842B77-56EA-4AAF-8295-81A022350B5E}\FEP.exe
+ 2012-05-01 02:35 . 2012-09-10 21:00 109563 c:\windows.0\Installer\{0F842B77-56EA-4AAF-8295-81A022350B5E}\EPP.exe
- 2012-05-01 02:35 . 2012-05-01 02:35 109563 c:\windows.0\Installer\{0F842B77-56EA-4AAF-8295-81A022350B5E}\EPP.exe
+ 2012-09-12 17:56 . 2012-09-12 17:56 421888 c:\windows.0\erdnt\9-12-2012\Users\00000002\UsrClass.dat
+ 2012-09-12 17:56 . 2005-10-20 16:02 163328 c:\windows.0\erdnt\9-12-2012\ERDNT.EXE
+ 2012-09-10 21:00 . 2012-09-10 21:00 1826304 c:\windows.0\Installer\a5a7d6.msi
+ 2012-09-11 11:36 . 2012-09-11 11:36 1094656 c:\windows.0\Installer\272a61.msi
+ 2012-09-12 17:56 . 2012-09-12 17:56 14794752 c:\windows.0\erdnt\9-12-2012\Users\00000001\ntuser.dat
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{A057A204-BACC-4D26-8287-79A187E26987}]
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"BitTorrent DNA"="c:\program files\DNA\btdna.exe" [2009-11-13 323392]
"MediaFire Tray"="c:\documents and settings\Mark V. Sanderford\Application Data\MediaFire Express\mf_systray.exe" [2012-08-16 2196040]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Launch LGDCore"="c:\program files\Common Files\Logitech\G-series Software\LGDCore.exe" [2006-07-23 1126400]
"Logitech Utility"="Logi_MwX.Exe" [2003-12-17 19968]
"JMB36X IDE Setup"="c:\windows.0\RaidTool\xInsIDE.exe" [2007-03-20 36864]
"36X Raid Configurer"="c:\windows.0\system32\xRaidSetup.exe" [2007-11-19 1966080]
"ISUSPM Startup"="c:\progra~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe" [2005-02-17 221184]
"NeroFilterCheck"="c:\program files\Common Files\Ahead\Lib\NeroCheck.exe" [2008-02-27 570664]
"NeroCheck"="c:\windows.0\system32\NeroCheck.exe" [2001-08-06 155648]
"SecurDisc"="c:\program files\Nero\Nero 7\InCD\NBHGui.exe" [2008-02-18 1629480]
"InCD"="c:\program files\Nero\Nero 7\InCD\InCD.exe" [2008-02-18 1057064]
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-02-07 136600]
"RemoteControl"="c:\program files\CyberLink\PowerDVD\PDVDServ.exe" [2007-03-15 71216]
"LanguageShortcut"="c:\program files\CyberLink\PowerDVD\Language\Language.exe" [2007-01-09 52256]
"OrderReminder"="c:\program files\Hewlett-Packard\OrderReminder\OrderReminder.exe" [2006-01-30 98304]
"M-Audio Taskbar Icon"="c:\windows.0\System32\DeltaIITray.exe" [2008-03-03 236040]
"DeltaIITaskbarApp"="c:\windows.0\system32\DeltaIITray.exe" [2008-03-03 236040]
"DigidesignMMERefresh"="c:\program files\Digidesign\Drivers\MMERefresh.exe" [2007-10-31 77824]
"LELA"="c:\program files\Linksys\Linksys EasyLink Advisor\Linksys EasyLink Advisor.exe" [2008-05-01 131072]
"nmctxth"="c:\program files\Common Files\Pure Networks Shared\Platform\nmctxth.exe" [2008-04-09 648504]
"PivotSoftware"="c:\program files\Portrait Displays\Pivot Software\wpctrl.exe" [2007-02-09 694008]
"DT ACR"="c:\program files\Common Files\Portrait Displays\Shared\DT_startup.exe" [2008-06-06 81920]
"Kernel and Hardware Abstraction Layer"="KHALMNPR.EXE" [2008-12-19 76304]
"EVGAPrecision"="c:\program files\EVGA Precision\EVGAPrecision.exe" [2008-12-22 240656]
"NvCplDaemon"="c:\windows.0\system32\NvCpl.dll" [2009-06-10 13758464]
"nwiz"="nwiz.exe" [2009-06-10 1657376]
"NvMediaCenter"="c:\windows.0\system32\NvMcTray.dll" [2009-06-10 86016]
"TkBellExe"="c:\program files\Common Files\Real\Update_OB\realsched.exe" [2010-03-28 202256]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2010-11-29 421888]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2011-04-27 421160]
"SoundMan"="SOUNDMAN.EXE" [2008-06-18 77824]
"RTHDCPL"="RTHDCPL.EXE" [2008-07-23 16804864]
"ISUSScheduler"="c:\program files\Common Files\InstallShield\UpdateService\issch.exe" [2005-06-10 81920]
"AlcWzrd"="ALCWZRD.EXE" [2008-06-19 2808832]
"CanonMyPrinter"="c:\program files\Canon\MyPrinter\BJMyPrt.exe" [2010-03-25 2516296]
"CanonSolutionMenuEx"="c:\program files\Canon\Solution Menu EX\CNSEMAIN.EXE" [2010-04-02 1185112]
"VERIZONDM"="c:\program files\VERIZONDM\bin\sprtcmd.exe" [2011-12-01 206120]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2009-10-03 35696]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-01-03 843712]
"MSC"="c:\program files\Microsoft Security Client\msseces.exe" [2012-03-26 931200]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"DWQueuedReporting"="c:\progra~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" [2011-07-27 434080]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"_nltide_3"="advpack.dll" [2009-03-08 128512]
.
c:\documents and settings\Owner\Start Menu\Programs\Startup\
AutoBackup Launcher.lnk - c:\program files\Seagate\AutoBackup\MemeoLauncher.exe [2008-1-14 95456]
.
c:\documents and settings\Mark V. Sanderford\Start Menu\Programs\Startup\
Adobe Gamma.lnk - c:\program files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe [2004-12-9 113664]
.
c:\documents and settings\All Users.WINDOWS.0\Start Menu\Programs\Startup\
AdFender.lnk - c:\program files\AdFender\AdFender.exe [2012-6-20 2772112]
APC UPS Status.lnk - c:\program files\APC\APC PowerChute Personal Edition\Display.exe [2009-3-7 221247]
Audible Download Manager.lnk - c:\program files\Audible\Bin\AudibleDownloadHelper.exe [2011-3-14 2125472]
Logitech SetPoint.lnk - c:\program files\Logitech\SetPoint\SetPoint.exe [2009-5-17 809488]
WDDMStatus.lnk - c:\program files\Western Digital\WD SmartWare\WD Drive Manager\WDDMStatus.exe [2011-3-9 3986944]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer]
"EnableShellExecuteHooks"= 1 (0x1)
.
[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{1869181A-9F50-4FCF-8BFF-1B8588ECB85C}"= "c:\program files\CallingID\CallingIDLinkAdvisor2.0\LinkAdvisor\CIDLinkAdvisor.dll" [2012-09-03 2611280]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "c:\program files\SUPERAntiSpyware\SASSEH.DLL" [2011-07-19 113024]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\LBTWlgn]
2009-02-19 04:30 72208 ----a-w- c:\program files\Common Files\Logishrd\Bluetooth\LBTWLgn.dll
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\!SASCORE]
@=""
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc]
@="Service"
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WdfLoadGroup]
@=""
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\SiSoftware\\SiSoftware Sandra Lite 2009.SP2\\RpcAgentSrv.exe"=
"c:\\Program Files\\Mozilla Thunderbird\\thunderbird.exe"=
"c:\\Program Files\\Mozilla Firefox\\firefox.exe"=
"c:\\WINDOWS.0\\system32\\mmc.exe"=
"c:\\Program Files\\Real\\RealPlayer\\realplay.exe"=
"c:\\Program Files\\DNA\\btdna.exe"=
"c:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"=
"c:\\Program Files\\Opera\\opera.exe"=
"c:\\Program Files\\Google\\Google Earth\\plugin\\geplugin.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=
"c:\\Program Files\\Common Files\\Apple\\Apple Application Support\\WebKit2WebProcess.exe"=
"c:\\Program Files\\SiSoftware\\SiSoftware Sandra Lite 2009.SP2\\WNt500x86\\RpcSandraSrv.exe"=
"c:\\Program Files\\AdFender\\AdFender.exe"=
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"67:UDP"= 67:UDP:DHCP Discovery Service
"50000:UDP"= 50000:UDP:IHA_MessageCenter
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\IcmpSettings]
"AllowInboundEchoRequest"= 1 (0x1)
.
R0 DigiFilter;DigiFilter;c:\windows.0\system32\drivers\DigiFilt.sys [2/9/2009 7:57 AM 16384]
R0 Lbd;Lbd;c:\windows.0\system32\drivers\Lbd.sys [3/7/2009 2:41 AM 64288]
R1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\sasdifsv.sys [7/22/2011 12:27 PM 12880]
R1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL.SYS [7/12/2011 5:55 PM 67664]
R2 !SASCORE;SAS Core Service;c:\program files\SUPERAntiSpyware\SASCore.exe [7/11/2012 2:54 PM 116608]
R2 CIDLinkAdvisorService;CIDLinkAdvisorService;c:\program files\CallingID\CallingIDLinkAdvisor2.0\LinkAdvisor\CIDLinkAdvisorService.exe [9/3/2012 6:47 AM 227408]
R2 COM Service;COM Service;c:\program files\GIGABYTE\G.O.M\GCSVR.exe [2/3/2009 9:29 AM 16384]
R2 GEST Service;GEST Service for program management.;c:\program files\GIGABYTE\EnergySaver\GSvr.exe [2/3/2009 9:04 AM 68136]
R2 IHA_MessageCenter;IHA_MessageCenter;c:\program files\Verizon\IHA_MessageCenter\Bin\Verizon_IHAMessageCenter.exe [12/12/2011 11:03 AM 335888]
R2 LBeepKE;LBeepKE;c:\windows.0\system32\drivers\LBeepKE.sys [5/17/2009 12:41 PM 10384]
R2 LinksysUpdater;Linksys Updater;c:\program files\Linksys\Linksys Updater\bin\LinksysUpdater.exe [4/18/2008 5:30 AM 204800]
R2 nlsX86cc;Nalpeiron Licensing Service;c:\windows.0\system32\nlssrv32.exe [2/21/2011 5:17 PM 66560]
R2 PdiService;Portrait Displays SDK Service;c:\program files\Common Files\Portrait Displays\Drivers\pdisrvc.exe [3/15/2009 4:14 PM 109096]
R2 sprtsvc_verizondm;SupportSoft Sprocket Service (verizondm);c:\program files\VERIZONDM\bin\sprtsvc.exe [12/1/2011 6:11 AM 206120]
R2 tgsrvc_verizondm;SupportSoft Repair Service (verizondm);c:\program files\VERIZONDM\bin\tgsrvc.exe [12/1/2011 6:11 AM 185640]
R2 WDDMService;WDDMService;c:\program files\Western Digital\WD SmartWare\WD Drive Manager\WDDMService.exe [3/9/2011 11:07 AM 238592]
R2 WDSC;WD File Management Shadow Engine;c:\program files\Western Digital\WD SmartWare\Front Parlor\WDSC.exe [3/9/2011 11:16 AM 484352]
R3 DELTAII;Service for M-Audio Delta Driver (WDM);c:\windows.0\system32\drivers\deltaII.sys [2/8/2009 9:12 PM 302728]
R3 WDC_SAM;WD SCSI Pass Thru driver;c:\windows.0\system32\drivers\wdcsam.sys [8/5/2012 12:57 PM 11520]
S2 gupdate;Google Update Service (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [6/14/2010 11:02 AM 136176]
S2 NeroRegInCDSrv;Nero Registry InCD Service;c:\program files\Nero\Nero 7\InCD\NBHRegInCDSrv.exe --> c:\program files\Nero\Nero 7\InCD\NBHRegInCDSrv.exe [?]
S2 WDFME;WD File Management Engine;"c:\program files\Western Digital\WD SmartWare\Front Parlor\WDFME\WDFME.exe" --> c:\program files\Western Digital\WD SmartWare\Front Parlor\WDFME\WDFME.exe [?]
S3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:\windows.0\system32\Macromed\Flash\FlashPlayerUpdateService.exe [4/10/2012 7:25 AM 250056]
S3 epppdt;EPSON 1394.3 Class;c:\windows.0\system32\drivers\epppdt.sys [2/8/2009 6:10 PM 31275]
S3 epppdtpr;EPSON 1394.3 Printer Class;c:\windows.0\system32\drivers\epppdtpr.sys [2/8/2009 6:10 PM 14463]
S3 gupdatem;Google Update Service (gupdatem);c:\program files\Google\Update\GoogleUpdate.exe [6/14/2010 11:02 AM 136176]
S3 GVTDrv;GVTDrv;c:\windows.0\system32\drivers\GVTDrv.sys [2/3/2009 9:41 AM 24944]
S3 Lavasoft Kernexplorer;Lavasoft helper driver;\??\c:\program files\Lavasoft\Ad-Aware\KernExplorer.sys --> c:\program files\Lavasoft\Ad-Aware\KernExplorer.sys [?]
S3 MozillaMaintenance;Mozilla Maintenance Service;c:\program files\Mozilla Maintenance Service\maintenanceservice.exe [4/24/2012 8:52 PM 114144]
S3 SandraAgentSrv;SiSoftware Deployment Agent Service;c:\program files\SiSoftware\SiSoftware Sandra Lite 2009.SP2\RpcAgentSrv.exe [3/3/2009 2:19 PM 98488]
S3 SetupNTGLM7X;SetupNTGLM7X;\??\e:\ntglm7x.sys --> e:\NTGLM7X.sys [?]
S3 Wdm1;USB Bridge Cable Driver;c:\windows.0\system32\drivers\usbbc.sys [3/18/2005 12:02 PM 15576]
.
Contents of the 'Scheduled Tasks' folder
.
2012-09-15 c:\windows.0\Tasks\Adobe Flash Player Updater.job
- c:\windows.0\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2012-04-10 13:05]
.
2012-09-14 c:\windows.0\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2011-06-01 21:57]
.
2012-09-15 c:\windows.0\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-06-14 15:02]
.
2012-09-15 c:\windows.0\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-06-14 15:02]
.
2012-09-15 c:\windows.0\Tasks\RealUpgradeLogonTaskS-1-5-21-583907252-1682526488-1801674531-1005.job
- c:\program files\Real\RealUpgrade\realupgrade.exe [2010-02-25 02:09]
.
2012-09-12 c:\windows.0\Tasks\RealUpgradeScheduledTaskS-1-5-21-583907252-1682526488-1801674531-1005.job
- c:\program files\Real\RealUpgrade\realupgrade.exe [2010-02-25 02:09]
.
2012-09-10 c:\windows.0\Tasks\SyncBack Archive.job
- c:\program files\2BrightSparks\SyncBack\SyncBack.exe [2009-11-30 17:00]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.google.com/
uInternet Settings,ProxyOverride = *.local
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
Trusted Zone: com.tw\asia.msi
Trusted Zone: com.tw\global.msi
Trusted Zone: com.tw\www.msi
TCP: DhcpNameServer = 192.168.1.1
FF - ProfilePath - c:\documents and settings\Mark V. Sanderford\Application Data\Mozilla\Firefox\Profiles\kv0svoaa.default\
FF - prefs.js: browser.search.defaulturl - hxxp://www.google.com/search?lr=&ie=UTF-8&oe=UTF-8&q=
FF - prefs.js: network.proxy.type - 0
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2012-09-15 14:18
Windows 5.1.2600 Service Pack 3 NTFS
.
scanning hidden processes ...
.
scanning hidden autostart entries ...
.
scanning hidden files ...
.
scan completed successfully
hidden files: 0
.
**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\System\ControlSet001\Enum\HID\Vid_046d&Pid_c501\6&2e7ff71e&0&0000\LogConf]
@DACL=(02 0000)
.
[HKEY_LOCAL_MACHINE\System\ControlSet001\Enum\HID\Vid_046d&Pid_c51b&MI_00\7&2c8221d9&0&0000\LogConf]
@DACL=(02 0000)
.
--------------------- DLLs Loaded Under Running Processes ---------------------
.
- - - - - - - > 'winlogon.exe'(900)
c:\program files\common files\logishrd\bluetooth\LBTWlgn.dll
c:\program files\common files\logishrd\bluetooth\LBTServ.dll
.
- - - - - - - > 'explorer.exe'(2136)
c:\windows.0\system32\WININET.dll
c:\program files\Logitech\SetPoint\lgscroll.dll
c:\windows.0\WinSxS\x86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0.50727.6195_x-ww_44262b86\MSVCR80.dll
c:\program files\Portrait Displays\Pivot Software\winphook.dll
c:\windows.0\system32\ieframe.dll
c:\windows.0\system32\webcheck.dll
c:\windows.0\system32\WPDShServiceObj.dll
c:\windows.0\system32\PortableDeviceTypes.dll
c:\windows.0\system32\PortableDeviceApi.dll
.
------------------------ Other Running Processes ------------------------
.
c:\windows.0\system32\nvsvc32.exe
c:\program files\APC\APC PowerChute Personal Edition\mainserv.exe
c:\program files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
c:\program files\Common Files\Portrait Displays\Plugins\AM\dtsslsrv.exe
c:\program files\Bonjour\mDNSResponder.exe
c:\program files\Common Files\Portrait Displays\Shared\dtsrvc.exe
c:\program files\Java\jre6\bin\jqs.exe
c:\program files\CyberLink\Shared Files\RichVideo.exe
c:\windows.0\system32\java.exe
c:\program files\Common Files\Pure Networks Shared\Platform\nmsrvc.exe
c:\windows.0\system32\wscntfy.exe
c:\windows.0\Logi_MwX.Exe
c:\program files\Acer Display\eDisplay Management\DTHtml.exe
c:\windows.0\system32\RUNDLL32.EXE
c:\program files\Portrait Displays\Pivot Software\floater.exe
c:\windows.0\SOUNDMAN.EXE
c:\program files\Common Files\Portrait Displays\Shared\HookManager.exe
c:\windows.0\RTHDCPL.EXE
c:\program files\APC\APC PowerChute Personal Edition\apcsystray.exe
c:\windows.0\system32\wbem\unsecapp.exe
c:\program files\iPod\bin\iPodService.exe
c:\program files\Common Files\Logishrd\KHAL2\KHALMNPR.EXE
.
**************************************************************************
.
Completion time: 2012-09-15 14:21:08 - machine was rebooted
ComboFix-quarantined-files.txt 2012-09-15 18:21
ComboFix2.txt 2012-09-15 14:53
.
Pre-Run: 126,170,030,080 bytes free
Post-Run: 126,034,472,960 bytes free
.
- - End Of File - - 20C96EB74AF78B9C69876A37731B80E4
  • 0

#30
crossbow66
Posted 15 September 2012 - 12:27 PM

crossbow66

    Member

  • Topic Starter
  • Member
  • PipPip
  • 55 posts
Found it.

OTL logfile created on: 9/15/2012 2:00:20 PM - Run 4
OTL by OldTimer - Version 3.2.61.3 Folder = C:\Documents and Settings\Mark V. Sanderford\Desktop\Utilities
Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

3.25 Gb Total Physical Memory | 2.52 Gb Available Physical Memory | 77.43% Memory free
5.19 Gb Paging File | 4.48 Gb Available in Paging File | 86.29% Paging File free
Paging file location(s): c:\pagefile.sys 2046 4092 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS.0 | %ProgramFiles% = C:\Program Files
Drive C: | 279.46 Gb Total Space | 117.53 Gb Free Space | 42.06% Space Free | Partition Type: NTFS
Drive D: | 596.16 Gb Total Space | 128.25 Gb Free Space | 21.51% Space Free | Partition Type: NTFS
Unable to calculate disk information.
Drive G: | 1396.92 Gb Total Space | 444.51 Gb Free Space | 31.82% Space Free | Partition Type: FAT32
Drive I: | 465.73 Gb Total Space | 78.27 Gb Free Space | 16.81% Space Free | Partition Type: NTFS

Computer Name: MARK-59C0B947BC | User Name: Mark V. Sanderford | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2012/09/13 07:55:02 | 000,600,064 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Mark V. Sanderford\Desktop\Utilities\OTL.com
PRC - [2012/09/12 13:34:37 | 000,917,984 | ---- | M] (Mozilla Corporation) -- C:\Program Files\Mozilla Firefox\firefox.exe
PRC - [2012/09/03 06:47:46 | 000,227,408 | ---- | M] (CallingID Ltd.) -- C:\Program Files\CallingID\CallingIDLinkAdvisor2.0\LinkAdvisor\CIDLinkAdvisorService.exe
PRC - [2012/09/03 06:47:30 | 001,353,808 | ---- | M] (CallingID Ltd.) -- C:\Program Files\CallingID\CallingIDLinkAdvisor2.0\Toolbar\CallingIDGlobal.exe
PRC - [2012/09/03 06:47:22 | 001,378,384 | ---- | M] (CallingID Ltd.) -- C:\Program Files\CallingID\CallingIDLinkAdvisor2.0\Light\CIDGlobalLight.exe
PRC - [2012/07/11 14:54:49 | 000,116,608 | ---- | M] (SUPERAntiSpyware.com) -- C:\Program Files\SUPERAntiSpyware\SASCore.exe
PRC - [2012/06/20 03:30:04 | 002,772,112 | ---- | M] (AdFender, Inc.) -- C:\Program Files\AdFender\AdFender.exe
PRC - [2012/06/11 17:59:44 | 000,335,888 | ---- | M] (Verizon) -- C:\Program Files\Verizon\IHA_MessageCenter\Bin\Verizon_IHAMessageCenter.exe
PRC - [2012/03/26 17:08:12 | 000,931,200 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft Security Client\msseces.exe
PRC - [2011/12/01 06:11:22 | 000,185,640 | ---- | M] (SupportSoft, Inc.) -- C:\Program Files\VERIZONDM\bin\tgsrvc.exe
PRC - [2011/12/01 06:11:18 | 000,206,120 | ---- | M] (SupportSoft, Inc.) -- C:\Program Files\VERIZONDM\bin\sprtsvc.exe
PRC - [2011/12/01 06:11:06 | 000,206,120 | ---- | M] (SupportSoft, Inc.) -- C:\Program Files\VERIZONDM\bin\sprtcmd.exe
PRC - [2011/03/14 10:22:06 | 002,125,472 | ---- | M] (Audible, Inc.) -- C:\Program Files\Audible\Bin\AudibleDownloadHelper.exe
PRC - [2011/03/09 11:16:56 | 000,484,352 | ---- | M] () -- C:\Program Files\Western Digital\WD SmartWare\Front Parlor\WDSC.exe
PRC - [2011/03/09 11:09:54 | 003,986,944 | ---- | M] (Western Digital Technologies, Inc.) -- C:\Program Files\Western Digital\WD SmartWare\WD Drive Manager\WDDMStatus.exe
PRC - [2011/03/09 11:07:54 | 000,238,592 | ---- | M] (WDC) -- C:\Program Files\Western Digital\WD SmartWare\WD Drive Manager\WDDMService.exe
PRC - [2011/02/21 17:17:32 | 000,066,560 | ---- | M] (Nalpeiron Ltd.) -- C:\WINDOWS.0\system32\nlssrv32.exe
PRC - [2010/04/02 11:18:54 | 001,185,112 | ---- | M] (CANON INC.) -- C:\Program Files\Canon\Solution Menu EX\CNSEMAIN.EXE
PRC - [2010/03/28 09:54:13 | 000,202,256 | ---- | M] (RealNetworks, Inc.) -- C:\Program Files\Common Files\Real\Update_OB\realsched.exe
PRC - [2010/03/24 21:50:00 | 002,516,296 | ---- | M] (CANON INC.) -- C:\Program Files\Canon\MyPrinter\BJMYPRT.EXE
PRC - [2009/11/13 08:32:51 | 000,323,392 | ---- | M] (BitTorrent, Inc.) -- C:\Program Files\DNA\btdna.exe
PRC - [2009/05/20 19:22:06 | 000,109,096 | ---- | M] (Portrait Displays, Inc.) -- C:\Program Files\Common Files\Portrait Displays\Drivers\pdisrvc.exe
PRC - [2009/02/19 00:33:08 | 000,809,488 | ---- | M] (Logitech, Inc.) -- C:\Program Files\Logitech\SetPoint\SetPoint.exe
PRC - [2009/02/19 00:28:52 | 000,076,304 | ---- | M] (Logitech, Inc.) -- C:\Program Files\Common Files\Logishrd\KHAL2\KHALMNPR.exe
PRC - [2009/02/06 20:05:41 | 000,144,792 | ---- | M] (Sun Microsystems, Inc.) -- C:\WINDOWS.0\system32\java.exe
PRC - [2008/09/24 18:35:14 | 000,068,136 | ---- | M] () -- C:\Program Files\GIGABYTE\EnergySaver\GSvr.exe
PRC - [2008/06/18 06:01:56 | 000,077,824 | R--- | M] (Realtek Semiconductor Corp.) -- C:\WINDOWS.0\SoundMan.exe
PRC - [2008/06/06 12:40:00 | 000,069,632 | ---- | M] () -- C:\Program Files\Common Files\Portrait Displays\Shared\DTSRVC.exe
PRC - [2008/06/06 12:39:52 | 000,114,688 | ---- | M] (Portrait Displays Inc.) -- C:\Program Files\Common Files\Portrait Displays\Shared\HookManager.exe
PRC - [2008/06/06 11:42:30 | 000,114,688 | ---- | M] () -- C:\Program Files\Common Files\Portrait Displays\Plugins\AM\dtsslsrv.exe
PRC - [2008/06/06 11:42:10 | 000,324,096 | ---- | M] (Portrait Displays, Inc) -- C:\Program Files\Acer Display\eDisplay Management\dthtml.exe
PRC - [2008/05/01 07:38:00 | 000,131,072 | ---- | M] (Linksys LLC - A Division of Cisco Systems) -- C:\Program Files\Linksys\Linksys EasyLink Advisor\Linksys EasyLink Advisor.exe
PRC - [2008/04/18 05:30:43 | 000,204,800 | ---- | M] () -- C:\Program Files\Linksys\Linksys Updater\bin\LinksysUpdater.exe
PRC - [2008/04/14 05:42:20 | 001,033,728 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS.0\explorer.exe
PRC - [2008/04/09 01:15:12 | 000,648,504 | ---- | M] (Pure Networks, Inc.) -- C:\Program Files\Common Files\Pure Networks Shared\Platform\nmsrvc.exe
PRC - [2008/04/09 01:15:10 | 000,648,504 | ---- | M] (Pure Networks, Inc.) -- C:\Program Files\Common Files\Pure Networks Shared\Platform\nmctxth.exe
PRC - [2008/03/03 11:13:50 | 000,236,040 | ---- | M] () -- C:\WINDOWS.0\system32\DeltaIITray.exe
PRC - [2007/10/31 00:35:10 | 000,077,824 | ---- | M] (Digidesign, A Division of Avid Technology, Inc.) -- C:\Program Files\Digidesign\Drivers\MMERefresh.exe
PRC - [2007/02/09 12:17:30 | 000,694,008 | ---- | M] () -- C:\Program Files\Portrait Displays\Pivot Software\Floater.exe
PRC - [2007/02/09 12:17:26 | 000,694,008 | ---- | M] () -- C:\Program Files\Portrait Displays\Pivot Software\wpCtrl.exe
PRC - [2006/07/22 21:22:42 | 001,126,400 | ---- | M] (Logitech Inc.) -- C:\Program Files\Common Files\Logitech\G-series Software\LGDCore.exe
PRC - [2006/01/30 12:00:00 | 000,098,304 | R--- | M] (Hewlett-Packard) -- C:\Program Files\Hewlett-Packard\OrderReminder\OrderReminder.exe
PRC - [2005/12/12 16:03:54 | 000,417,855 | ---- | M] (American Power Conversion Corporation) -- C:\Program Files\APC\APC PowerChute Personal Edition\apcsystray.exe
PRC - [2005/12/12 16:02:24 | 000,176,193 | ---- | M] (American Power Conversion Corporation) -- C:\Program Files\APC\APC PowerChute Personal Edition\mainserv.exe
PRC - [2005/05/25 02:14:10 | 000,016,384 | ---- | M] () -- C:\Program Files\GIGABYTE\G.O.M\GCSVR.exe
PRC - [2003/12/17 10:50:00 | 000,019,968 | ---- | M] (Logitech Inc.) -- C:\WINDOWS.0\Logi_MwX.Exe


========== Modules (No Company Name) ==========

MOD - [2012/09/12 13:34:36 | 002,244,064 | ---- | M] () -- C:\Program Files\Mozilla Firefox\mozjs.dll
MOD - [2012/09/03 06:47:34 | 000,071,760 | ---- | M] () -- C:\Program Files\CallingID\CallingIDLinkAdvisor2.0\Toolbar\CallingIDGlobalPS.dll
MOD - [2012/06/14 06:46:03 | 000,212,992 | ---- | M] () -- C:\WINDOWS.0\assembly\NativeImages_v2.0.50727_32\System.ServiceProce#\8b84bb74d7724e147a642a1d5358feb7\System.ServiceProcess.ni.dll
MOD - [2012/06/13 22:37:11 | 014,329,856 | ---- | M] () -- C:\WINDOWS.0\assembly\NativeImages_v2.0.50727_32\PresentationFramewo#\e4ecfaaf5417aceecb7fa8abddf06113\PresentationFramework.ni.dll
MOD - [2012/06/13 22:37:01 | 012,433,920 | ---- | M] () -- C:\WINDOWS.0\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\01abbadafaf265d9f4ac9bbb247acb98\System.Windows.Forms.ni.dll
MOD - [2012/06/13 22:36:53 | 001,592,320 | ---- | M] () -- C:\WINDOWS.0\assembly\NativeImages_v2.0.50727_32\System.Drawing\d86f2038209a4cf0d0f5b30f6375c9b2\System.Drawing.ni.dll
MOD - [2012/06/13 22:36:51 | 012,218,368 | ---- | M] () -- C:\WINDOWS.0\assembly\NativeImages_v2.0.50727_32\PresentationCore\f33e2a4d9b385234406fa2d662f78875\PresentationCore.ni.dll
MOD - [2012/06/13 22:36:19 | 000,069,120 | ---- | M] () -- C:\WINDOWS.0\assembly\GAC_32\CustomMarshalers\2.0.0.0__b03f5f7f11d50a3a\CustomMarshalers.dll
MOD - [2012/05/12 09:00:57 | 000,998,400 | ---- | M] () -- C:\WINDOWS.0\assembly\NativeImages_v2.0.50727_32\System.Management\9080c8e8e7b6dfb502c1328673d636f8\System.Management.ni.dll
MOD - [2012/05/11 23:12:38 | 000,220,672 | ---- | M] () -- C:\WINDOWS.0\assembly\NativeImages_v2.0.50727_32\CustomMarshalers\bb26dd100d656605c576881a1a823667\CustomMarshalers.ni.dll
MOD - [2012/05/11 23:10:52 | 000,224,768 | ---- | M] () -- C:\WINDOWS.0\assembly\NativeImages_v2.0.50727_32\PresentationFramewo#\7416fe825e6e49a87fa8ff60c8971813\PresentationFramework.Classic.ni.dll
MOD - [2012/05/11 23:10:38 | 000,771,584 | ---- | M] () -- C:\WINDOWS.0\assembly\NativeImages_v2.0.50727_32\System.Runtime.Remo#\92d58f840f549f9bd880783d43db7e3c\System.Runtime.Remoting.ni.dll
MOD - [2012/05/11 23:10:01 | 003,325,440 | ---- | M] () -- C:\WINDOWS.0\assembly\NativeImages_v2.0.50727_32\WindowsBase\6d8bef0d008389874e55c0308f0c18e5\WindowsBase.ni.dll
MOD - [2012/05/11 23:09:56 | 005,450,752 | ---- | M] () -- C:\WINDOWS.0\assembly\NativeImages_v2.0.50727_32\System.Xml\3bba1b8b0b5ef0be238b011cc7a0575e\System.Xml.ni.dll
MOD - [2012/05/11 23:09:54 | 000,971,264 | ---- | M] () -- C:\WINDOWS.0\assembly\NativeImages_v2.0.50727_32\System.Configuration\3d5b7368bde0f65aa15d9f46b498cc89\System.Configuration.ni.dll
MOD - [2012/05/11 23:09:51 | 007,953,408 | ---- | M] () -- C:\WINDOWS.0\assembly\NativeImages_v2.0.50727_32\System\e4b5afc4da43b1c576f9322f9f2e1bfe\System.ni.dll
MOD - [2012/05/11 23:09:47 | 011,492,352 | ---- | M] () -- C:\WINDOWS.0\assembly\NativeImages_v2.0.50727_32\mscorlib\e337c89bc9f81b69d7237aa70e935900\mscorlib.ni.dll
MOD - [2011/06/24 22:56:36 | 000,087,328 | ---- | M] () -- C:\Program Files\Common Files\Apple\Apple Application Support\zlib1.dll
MOD - [2011/06/24 22:56:14 | 001,241,888 | ---- | M] () -- C:\Program Files\Common Files\Apple\Apple Application Support\libxml2.dll
MOD - [2011/03/09 11:16:56 | 000,484,352 | ---- | M] () -- C:\Program Files\Western Digital\WD SmartWare\Front Parlor\WDSC.exe
MOD - [2008/09/24 18:35:14 | 000,068,136 | ---- | M] () -- C:\Program Files\GIGABYTE\EnergySaver\GSvr.exe
MOD - [2008/09/10 11:58:42 | 000,098,304 | ---- | M] () -- C:\Program Files\GIGABYTE\EnergySaver\ycc.dll
MOD - [2008/06/06 12:40:08 | 000,151,552 | ---- | M] () -- C:\Program Files\Common Files\Portrait Displays\Shared\DThook.dll
MOD - [2008/06/06 12:40:02 | 000,077,824 | ---- | M] () -- C:\Program Files\Common Files\Portrait Displays\Plugins\CC\gui.dll
MOD - [2008/06/06 12:40:00 | 000,069,632 | ---- | M] () -- C:\Program Files\Common Files\Portrait Displays\Shared\DTSRVC.exe
MOD - [2008/06/06 12:39:46 | 000,102,400 | ---- | M] () -- C:\Program Files\Common Files\Portrait Displays\Shared\PresetsCOM.dll
MOD - [2008/06/06 11:42:30 | 000,114,688 | ---- | M] () -- C:\Program Files\Common Files\Portrait Displays\Plugins\AM\dtsslsrv.exe
MOD - [2008/04/18 05:30:43 | 000,204,800 | ---- | M] () -- C:\Program Files\Linksys\Linksys Updater\bin\LinksysUpdater.exe
MOD - [2008/04/18 05:30:43 | 000,081,920 | ---- | M] () -- C:\Program Files\Linksys\Linksys Updater\lib\wrapper.dll
MOD - [2008/04/09 19:15:54 | 000,103,472 | ---- | M] () -- C:\Program Files\Common Files\Pure Networks Shared\Platform\CAntiVirusCOM.dll
MOD - [2008/04/09 19:15:54 | 000,038,960 | ---- | M] () -- C:\Program Files\Common Files\Pure Networks Shared\Platform\CFirewallCOM.dll
MOD - [2008/03/03 11:13:50 | 000,236,040 | ---- | M] () -- C:\WINDOWS.0\system32\DeltaIITray.exe
MOD - [2007/02/09 12:17:30 | 000,694,008 | ---- | M] () -- C:\Program Files\Portrait Displays\Pivot Software\Floater.exe
MOD - [2007/02/09 12:17:26 | 000,694,008 | ---- | M] () -- C:\Program Files\Portrait Displays\Pivot Software\wpCtrl.exe
MOD - [2007/02/09 12:16:08 | 000,245,760 | ---- | M] () -- C:\Program Files\Portrait Displays\Pivot Software\Winphook.dll
MOD - [2005/05/25 02:14:10 | 000,016,384 | ---- | M] () -- C:\Program Files\GIGABYTE\G.O.M\GCSVR.exe
MOD - [2004/11/17 17:49:06 | 004,603,904 | ---- | M] () -- C:\Program Files\Common Files\Portrait Displays\Plugins\AM\qt-mt332.dll
MOD - [2004/05/11 15:51:56 | 000,798,720 | ---- | M] () -- C:\Program Files\Common Files\Portrait Displays\Plugins\AM\libeay32.dll
MOD - [2004/05/11 15:51:56 | 000,155,648 | ---- | M] () -- C:\Program Files\Common Files\Portrait Displays\Plugins\AM\ssleay32.dll


========== Services (SafeList) ==========

SRV - File not found [Auto | Stopped] -- C:\WINDOWS\system32\wuauserv.dll -- (wuauserv)
SRV - File not found [On_Demand | Stopped] -- C:\Program Files\Windows Media Player\WMPNetwk.exe -- (WMPNetworkSvc)
SRV - File not found [Auto | Stopped] -- C:\Program Files\Western Digital\WD SmartWare\Front Parlor\WDFME\WDFME.exe -- (WDFME)
SRV - File not found [Auto | Stopped] -- C:\Program Files\Nero\Nero 7\InCD\NBHRegInCDSrv.exe -- (NeroRegInCDSrv)
SRV - File not found [Auto | Stopped] -- C:\Program Files\Nero\Nero 7\InCD\InCDsrv.exe -- (InCDsrv)
SRV - File not found [On_Demand | Stopped] -- C:\WINDOWS.0\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe -- (idsvc)
SRV - File not found [On_Demand | Stopped] -- %SystemRoot%\System32\appmgmts.dll -- (AppMgmt)
SRV - [2012/09/12 13:34:36 | 000,114,144 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance)
SRV - [2012/09/03 06:47:46 | 000,227,408 | ---- | M] (CallingID Ltd.) [Auto | Running] -- C:\Program Files\CallingID\CallingIDLinkAdvisor2.0\LinkAdvisor\CIDLinkAdvisorService.exe -- (CIDLinkAdvisorService)
SRV - [2012/08/15 09:05:33 | 000,250,056 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\WINDOWS.0\system32\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
SRV - [2012/07/11 14:54:49 | 000,116,608 | ---- | M] (SUPERAntiSpyware.com) [Auto | Running] -- C:\Program Files\SUPERAntiSpyware\SASCore.exe -- (!SASCORE)
SRV - [2012/06/11 17:59:44 | 000,335,888 | ---- | M] (Verizon) [Auto | Running] -- C:\Program Files\Verizon\IHA_MessageCenter\Bin\Verizon_IHAMessageCenter.exe -- (IHA_MessageCenter)
SRV - [2012/03/26 17:03:40 | 000,011,552 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Program Files\Microsoft Security Client\MsMpEng.exe -- (MsMpSvc)
SRV - [2011/12/01 06:11:22 | 000,185,640 | ---- | M] (SupportSoft, Inc.) [Auto | Running] -- C:\Program Files\VERIZONDM\bin\tgsrvc.exe -- (tgsrvc_verizondm)
SRV - [2011/12/01 06:11:18 | 000,206,120 | ---- | M] (SupportSoft, Inc.) [Auto | Running] -- C:\Program Files\VERIZONDM\bin\sprtsvc.exe -- (sprtsvc_verizondm)
SRV - [2011/03/09 11:16:56 | 000,484,352 | ---- | M] () [Auto | Running] -- C:\Program Files\Western Digital\WD SmartWare\Front Parlor\WDSC.exe -- (WDSC)
SRV - [2011/03/09 11:07:54 | 000,238,592 | ---- | M] (WDC) [Auto | Running] -- C:\Program Files\Western Digital\WD SmartWare\WD Drive Manager\WDDMService.exe -- (WDDMService)
SRV - [2011/02/21 17:17:32 | 000,066,560 | ---- | M] (Nalpeiron Ltd.) [Auto | Running] -- C:\WINDOWS.0\system32\nlssrv32.exe -- (nlsX86cc)
SRV - [2009/05/20 19:22:06 | 000,109,096 | ---- | M] (Portrait Displays, Inc.) [Auto | Running] -- C:\Program Files\Common Files\Portrait Displays\Drivers\pdisrvc.exe -- (PdiService)
SRV - [2009/02/19 00:30:20 | 000,121,360 | ---- | M] (Logitech, Inc.) [On_Demand | Stopped] -- C:\Program Files\Common Files\Logishrd\Bluetooth\LBTServ.exe -- (LBTServ)
SRV - [2008/12/11 15:53:38 | 000,098,488 | ---- | M] (SiSoftware) [On_Demand | Stopped] -- C:\Program Files\SiSoftware\SiSoftware Sandra Lite 2009.SP2\RpcAgentSrv.exe -- (SandraAgentSrv)
SRV - [2008/09/24 18:35:14 | 000,068,136 | ---- | M] () [Auto | Running] -- C:\Program Files\GIGABYTE\EnergySaver\GSvr.exe -- (GEST Service)
SRV - [2008/06/06 12:40:00 | 000,069,632 | ---- | M] () [Auto | Running] -- C:\Program Files\Common Files\Portrait Displays\Shared\DTSRVC.exe -- (DTSRVC)
SRV - [2008/06/06 11:42:30 | 000,114,688 | ---- | M] () [Auto | Running] -- C:\Program Files\Common Files\Portrait Displays\Plugins\AM\dtsslsrv.exe -- (Asset Management Daemon)
SRV - [2008/04/18 05:30:43 | 000,204,800 | ---- | M] () [Auto | Running] -- C:\Program Files\Linksys\Linksys Updater\bin\LinksysUpdater.exe -- (LinksysUpdater)
SRV - [2008/04/09 01:15:12 | 000,648,504 | ---- | M] (Pure Networks, Inc.) [Auto | Running] -- C:\Program Files\Common Files\Pure Networks Shared\Platform\nmsrvc.exe -- (nmservice)
SRV - [2007/10/31 00:35:10 | 000,077,824 | ---- | M] (Digidesign, A Division of Avid Technology, Inc.) [Auto | Running] -- C:\Program Files\Digidesign\Drivers\MMERefresh.exe -- (DigiRefresh)
SRV - [2007/10/31 00:02:58 | 000,159,744 | ---- | M] (Digidesign, A Division of Avid Technology, Inc.) [On_Demand | Stopped] -- C:\Program Files\Digidesign\Pro Tools\digiSPTIService.exe -- (digiSPTIService)
SRV - [2005/12/12 16:02:24 | 000,176,193 | ---- | M] (American Power Conversion Corporation) [Auto | Running] -- C:\Program Files\APC\APC PowerChute Personal Edition\mainserv.exe -- (APC UPS Service)
SRV - [2005/05/25 02:14:10 | 000,016,384 | ---- | M] () [Auto | Running] -- C:\Program Files\GIGABYTE\G.O.M\GCSVR.exe -- (COM Service)


========== Driver Services (SafeList) ==========

DRV - File not found [Kernel | On_Demand | Stopped] -- -- (WDICA)
DRV - File not found [Kernel | On_Demand | Stopped] -- E:\NTGLM7X.sys -- (SetupNTGLM7X)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDRFRAME)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDRELI)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDFRAME)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDCOMP)
DRV - File not found [Kernel | System | Stopped] -- -- (PCIDump)
DRV - File not found [Kernel | Boot | Unknown] -- system32\drivers\Partizan.sys -- (Partizan)
DRV - File not found [Kernel | On_Demand | Stopped] -- E:\NTACCESS.sys -- (NTACCESS)
DRV - File not found [Kernel | On_Demand | Stopped] -- E:\install4\MSICPL.sys -- (MSICPL)
DRV - File not found [Kernel | Auto | Stopped] -- -- (MCSTRM)
DRV - File not found [Kernel | System | Stopped] -- -- (lbrtfdc)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\Program Files\Lavasoft\Ad-Aware\KernExplorer.sys -- (Lavasoft Kernexplorer)
DRV - File not found [Kernel | System | Stopped] -- -- (i2omgmt)
DRV - File not found [Kernel | On_Demand | Stopped] -- E:\INSTALL\GMSIPCI.SYS -- (GMSIPCI)
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\delta.sys -- (DELTA)
DRV - File not found [Kernel | System | Stopped] -- -- (Changer)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\DOCUME~1\MARKV~1.SAN\LOCALS~1\Temp\catchme.sys -- (catchme)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (94865510)
DRV - [2012/09/15 13:32:09 | 000,016,608 | ---- | M] (Windows ® 2000 DDK provider) [Kernel | On_Demand | Running] -- C:\WINDOWS.0\gdrv.sys -- (gdrv)
DRV - [2011/07/22 12:27:02 | 000,012,880 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Running] -- C:\Program Files\SUPERAntiSpyware\sasdifsv.sys -- (SASDIFSV)
DRV - [2011/07/12 17:55:22 | 000,067,664 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Running] -- C:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS -- (SASKUTIL)
DRV - [2011/02/16 16:52:46 | 000,011,520 | ---- | M] (Western Digital Technologies) [Kernel | On_Demand | Running] -- C:\WINDOWS.0\system32\drivers\wdcsam.sys -- (WDC_SAM)
DRV - [2010/07/12 04:55:39 | 000,064,288 | ---- | M] (Lavasoft AB) [File_System | Boot | Running] -- C:\WINDOWS.0\system32\drivers\Lbd.sys -- (Lbd)
DRV - [2009/05/20 19:21:56 | 000,017,064 | ---- | M] (Portrait Displays, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS.0\system32\drivers\PdiPorts.sys -- (PdiPorts)
DRV - [2009/02/03 09:44:10 | 000,024,944 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\WINDOWS.0\system32\drivers\GVTDrv.sys -- (GVTDrv)
DRV - [2008/12/18 23:44:00 | 000,028,816 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS.0\system32\drivers\LUsbFilt.sys -- (LUsbFilt)
DRV - [2008/12/18 23:43:48 | 000,037,392 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS.0\system32\drivers\LMouFilt.Sys -- (LMouFilt)
DRV - [2008/12/18 23:43:40 | 000,035,472 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS.0\system32\drivers\LHidFilt.Sys -- (LHidFilt)
DRV - [2008/12/18 23:43:18 | 000,010,384 | ---- | M] (Logitech, Inc.) [Kernel | Auto | Running] -- C:\WINDOWS.0\system32\drivers\LBeepKE.sys -- (LBeepKE)
DRV - [2008/11/25 23:57:04 | 000,022,432 | ---- | M] (SiSoftware) [Kernel | On_Demand | Stopped] -- C:\Program Files\SiSoftware\SiSoftware Sandra Lite 2009.SP2\WNt500x86\sandra.sys -- (SANDRA)
DRV - [2008/08/07 07:14:56 | 000,111,360 | R--- | M] (Realtek Semiconductor Corporation ) [Kernel | On_Demand | Running] -- C:\WINDOWS.0\system32\drivers\Rtenicxp.sys -- (RTLE8023xp)
DRV - [2008/07/30 22:21:08 | 000,079,960 | R--- | M] (JMicron Technology Corp.) [Kernel | Boot | Running] -- C:\WINDOWS.0\system32\drivers\jraid.sys -- (JRAID)
DRV - [2008/07/24 06:02:44 | 004,749,824 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS.0\system32\drivers\RtkHDAud.sys -- (IntcAzAudAddService)
DRV - [2008/07/02 03:38:14 | 000,089,600 | R--- | M] (ATI Research Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS.0\system32\drivers\AtiHdmi.sys -- (AtiHdmiService)
DRV - [2008/04/09 01:14:04 | 000,023,992 | ---- | M] (Pure Networks, Inc.) [Kernel | Auto | Running] -- C:\WINDOWS.0\system32\drivers\pnarp.sys -- (pnarp)
DRV - [2008/04/09 01:14:00 | 000,025,272 | ---- | M] (Pure Networks, Inc.) [Kernel | Auto | Running] -- C:\WINDOWS.0\system32\drivers\purendis.sys -- (purendis)
DRV - [2008/03/03 11:13:46 | 000,302,728 | ---- | M] (Avid Technology, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS.0\system32\drivers\deltaII.sys -- (DELTAII)
DRV - [2008/02/18 15:36:14 | 000,038,312 | ---- | M] (Nero AG) [Kernel | System | Running] -- C:\WINDOWS.0\system32\drivers\InCDRm.sys -- (incdrm)
DRV - [2008/02/18 15:36:14 | 000,036,648 | ---- | M] (Nero AG) [Kernel | System | Running] -- C:\WINDOWS.0\system32\drivers\InCDPass.sys -- (InCDPass)
DRV - [2008/02/18 15:36:14 | 000,016,040 | ---- | M] (Nero AG) [Recognizer | System | Unknown] -- C:\WINDOWS.0\system32\drivers\InCDrec.sys -- (InCDrec)
DRV - [2008/02/18 15:36:04 | 000,118,952 | ---- | M] (Nero AG) [File_System | Disabled | Running] -- C:\WINDOWS.0\system32\drivers\InCDfs.sys -- (InCDfs)
DRV - [2007/09/05 13:04:34 | 000,079,408 | ---- | M] (PACE Anti-Piracy, Inc.) [Kernel | Boot | Running] -- C:\WINDOWS.0\System32\drivers\TPkd.sys -- (TPkd)
DRV - [2007/02/09 13:17:18 | 000,017,465 | ---- | M] (Portrait Displays, Inc.) [Kernel | System | Running] -- C:\WINDOWS.0\system32\drivers\pivot.sys -- (Pivot)
DRV - [2007/02/09 13:17:16 | 000,011,323 | ---- | M] (Portrait Displays, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS.0\system32\drivers\pivotmou.sys -- (pivotmou)
DRV - [2006/12/08 22:50:28 | 000,016,384 | ---- | M] (Digidesign, A Division of Avid Technology, Inc.) [File_System | Boot | Running] -- C:\WINDOWS.0\system32\drivers\DigiFilt.sys -- (DigiFilter)
DRV - [2006/10/24 02:02:00 | 000,031,275 | ---- | M] (SEIKO EPSON CORPORATION) [Kernel | On_Demand | Stopped] -- C:\WINDOWS.0\system32\drivers\epppdt.sys -- (epppdt)
DRV - [2006/10/24 02:02:00 | 000,014,463 | ---- | M] (SEIKO EPSON CORPORATION) [Kernel | On_Demand | Stopped] -- C:\WINDOWS.0\system32\drivers\epppdtpr.sys -- (epppdtpr)
DRV - [2006/09/24 09:28:46 | 000,005,248 | ---- | M] (Windows ® 2000 DDK provider) [Kernel | Boot | Running] -- C:\WINDOWS.0\system32\speedfan.sys -- (speedfan)
DRV - [2005/03/18 12:02:04 | 000,015,576 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\WINDOWS.0\system32\drivers\usbbc.sys -- (Wdm1)
DRV - [2003/12/17 10:50:00 | 000,070,801 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS.0\system32\drivers\LMouFlt2.Sys -- (LMouFlt2)
DRV - [2003/12/17 10:50:00 | 000,037,887 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS.0\system32\drivers\LHidUsb.sys -- (LHidUsb)
DRV - [2003/12/17 10:50:00 | 000,025,505 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS.0\system32\drivers\LHidFlt2.Sys -- (LHidFlt2)
DRV - [1996/04/03 15:33:26 | 000,005,248 | ---- | M] () [Kernel | Boot | Running] -- C:\WINDOWS.0\system32\giveio.sys -- (giveio)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\WINDOWS.0\system32\blank.htm
IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://search.live.c...ferrer:source?}

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\WINDOWS.0\system32\blank.htm
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com/
IE - HKCU\..\URLSearchHook: {0063BF63-BFFF-4B8F-9D26-4267DF7F17DD} - C:\WINDOWS.0\system32\dvmurl.dll (DeviceVM Inc.)
IE - HKCU\..\SearchScopes,DefaultScope = {FD63BF63-BFFF-4B8F-9D26-4267DF7F17DD}
IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/...Box&FORM=IE8SRC
IE - HKCU\..\SearchScopes\{6B9C2291-9A24-482B-846C-6F00E42FF097}: "URL" = http://www.bing.com/...Box&FORM=IE8SRC
IE - HKCU\..\SearchScopes\{8E02D41C-5924-4816-9490-33CCD28BEB72}: "URL" = http://search.yahoo....q={searchTerms}
IE - HKCU\..\SearchScopes\{AF36D2FC-9772-4B32-BE16-3D7964F73A8B}: "URL" = http://www.google.co...:0000FF;FORID:1
IE - HKCU\..\SearchScopes\{FD63BF63-BFFF-4B8F-9D26-4267DF7F17DD}: "URL" = http://search.callin...ie&p=go&cid=yes
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

========== FireFox ==========

FF - prefs.js..browser.search.defaultenginename: "Google"
FF - prefs.js..browser.search.defaulturl: "http://www.google.co...-8&oe=UTF-8&q="
FF - prefs.js..browser.search.suggest.enabled: false
FF - prefs.js..browser.search.useDBForOrder: true
FF - prefs.js..extensions.enabledAddons: [email protected]:0.9.8.3
FF - prefs.js..extensions.enabledAddons: [email protected]:1.23.0.5
FF - prefs.js..extensions.enabledAddons: [email protected]:0.0.11.2m
FF - prefs.js..extensions.enabledAddons: {dd3d7613-0246-469d-bc65-2a3cc1668adc}:0.7.1.1
FF - prefs.js..extensions.enabledAddons: {2E0FB4FC-1785-4009-8043-F9FB0CBA5A9A}:2.0.0.248
FF - prefs.js..extensions.enabledAddons: {e9259cba-e7ad-4f74-863f-ef9fe935394d}:2.0.0.248
FF - prefs.js..extensions.enabledAddons: {e001c731-5e37-4538-a5cb-8168736a2360}:0.9.9.119
FF - prefs.js..extensions.enabledItems: {d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}:1.3.3
FF - prefs.js..extensions.enabledItems: [email protected]:0.9.8.0
FF - prefs.js..extensions.enabledItems: {fbc8441e-a153-45b0-8e93-87521a5812a1}:2.1
FF - prefs.js..extensions.enabledItems: [email protected]:1.1.5
FF - prefs.js..extensions.enabledItems: {5b175400-2368-11de-8c30-0800200c9a66}:1.9
FF - prefs.js..network.proxy.type: 0
FF - user.js - File not found

FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\WINDOWS.0\system32\Macromed\Flash\NPSWF32_11_3_300_271.dll ()
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@bittorrent.com/BitTorrentDNA: C:\Program Files\DNA\plugins\npbtdna.dll (BitTorrent, Inc.)
FF - HKLM\Software\MozillaPlugins\@canon.com/EPPEX: C:\Program Files\Canon\Easy-PhotoPrint EX\NPEZFFPI.DLL (CANON INC.)
FF - HKLM\Software\MozillaPlugins\@emusic.com/dlm-plugin: C:\Program Files\eMusic Download Manager\plugin\npemusic.dll (eMusic.com)
FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: C:\WINDOWS.0\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@real.com/nppl3260;version=6.0.12.732: c:\program files\real\realplayer\Netscape6\nppl3260.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprjplug;version=1.0.3.732: c:\program files\real\realplayer\Netscape6\nprjplug.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprphtml5videoshim;version=1.0.0.0: C:\Documents and Settings\All Users.WINDOWS.0\Application Data\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprphtml5videoshim.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprpjplug;version=6.0.12.732: c:\program files\real\realplayer\Netscape6\nprpjplug.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nsJSRealPlayerPlugin;version=: File not found
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.115\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.115\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\@emusic.com/dlm-plugin: C:\Program Files\eMusic Download Manager\plugin\npemusic.dll (eMusic.com)
FF - HKCU\Software\MozillaPlugins\@unity3d.com/UnityPlayer,version=1.0: C:\Documents and Settings\Mark V. Sanderford\Local Settings\Application Data\Unity\WebPlayer\loader\npUnity3D32.dll (Unity Technologies ApS)
FF - HKCU\Software\MozillaPlugins\amazon.com/AmazonMP3DownloaderPlugin: C:\Program Files\Amazon\MP3 Downloader\npAmazonMP3DownloaderPlugin.dll (Amazon.com, Inc.)

FF - HKEY_LOCAL_MACHINE\software\mozilla\eMusic Download Manager\Extensions\\Components: C:\Program Files\eMusic Download Manager\xulrunner\components [2012/07/10 23:11:33 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\eMusic Download Manager\Extensions\\Plugins: C:\Program Files\eMusic Download Manager\xulrunner\plugins [2011/09/23 08:06:06 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{8b02914c-4e6b-4410-90e1-1a2b1b69b12d}: C:\Program Files\CallingID\CallingIDLinkAdvisor2.0\LinkAdvisor\Firefox [2012/09/05 15:36:30 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{e9259cba-e7ad-4f74-863f-ef9fe935394d}: C:\Program Files\CallingID\CallingIDLinkAdvisor2.0\Toolbar\Firefox [2012/09/05 15:36:31 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{2E0FB4FC-1785-4009-8043-F9FB0CBA5A9A}: C:\Program Files\CallingID\CallingIDLinkAdvisor2.0\LinkAdvisor\Firefox [2012/09/05 15:36:30 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 15.0.1\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2012/09/12 13:34:37 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 15.0.1\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2012/08/30 21:12:59 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 15.0.1\extensions\\Components: C:\Program Files\Mozilla Thunderbird\components [2012/06/17 21:12:49 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 15.0.1\extensions\\Plugins: C:\Program Files\Mozilla Thunderbird\plugins
FF - HKEY_LOCAL_MACHINE\software\mozilla\Thunderbird\Extensions\\{8b02914c-4e6b-4410-90e1-1a2b1b69b12d}: C:\Program Files\CallingID\CallingIDLinkAdvisor2.0\LinkAdvisor\Firefox [2012/09/05 15:36:30 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Thunderbird\Extensions\\{2E0FB4FC-1785-4009-8043-F9FB0CBA5A9A}: C:\Program Files\CallingID\CallingIDLinkAdvisor2.0\LinkAdvisor\Firefox [2012/09/05 15:36:30 | 000,000,000 | ---D | M]

[2009/02/06 14:44:57 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Mark V. Sanderford\Application Data\Mozilla\Extensions
[2010/08/27 11:05:08 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Mark V. Sanderford\Application Data\Mozilla\Extensions\{3550f703-e582-4d05-9a08-453d09bdfdc6}
[2009/11/15 17:08:20 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Mark V. Sanderford\Application Data\Mozilla\Firefox\Profiles\e26d92jy.Mark\extensions
[2009/11/15 17:08:19 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Documents and Settings\Mark V. Sanderford\Application Data\Mozilla\Firefox\Profiles\e26d92jy.Mark\extensions\{20a82645-c095-46ed-80e3-08825760534b}(2)
[2009/11/15 17:08:13 | 000,000,000 | ---D | M] (Adblock Plus) -- C:\Documents and Settings\Mark V. Sanderford\Application Data\Mozilla\Firefox\Profiles\e26d92jy.Mark\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}(2)
[2009/11/15 17:08:16 | 000,000,000 | ---D | M] (Aero Fox) -- C:\Documents and Settings\Mark V. Sanderford\Application Data\Mozilla\Firefox\Profiles\e26d92jy.Mark\extensions\{d9b25e30-c1cf-11de-8a39-0800200c9a66}(2)
[2009/11/15 16:55:35 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Mark V. Sanderford\Application Data\Mozilla\Firefox\Profiles\e26d92jy.Mark\extensions\{d9b25e30-c1cf-11de-8a39-0800200c9a66}(2)\chrome(2)\mac(2)\browser(2)\extensions(2)
[2009/11/15 16:55:35 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Mark V. Sanderford\Application Data\Mozilla\Firefox\Profiles\e26d92jy.Mark\extensions\{d9b25e30-c1cf-11de-8a39-0800200c9a66}(2)\chrome(2)\mac(2)\mozapps(2)\extensions(2)
[2009/11/15 16:55:35 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Mark V. Sanderford\Application Data\Mozilla\Firefox\Profiles\e26d92jy.Mark\extensions\{d9b25e30-c1cf-11de-8a39-0800200c9a66}(2)\chrome(2)\win(2)\browser(2)\extensions(2)
[2009/11/15 16:55:35 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Mark V. Sanderford\Application Data\Mozilla\Firefox\Profiles\e26d92jy.Mark\extensions\{d9b25e30-c1cf-11de-8a39-0800200c9a66}(2)\chrome(2)\win(2)\mozapps(2)\extensions(2)
[2009/11/15 16:47:09 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Mark V. Sanderford\Application Data\Mozilla\Firefox\Profiles\JonDoFox\extensions
[2009/11/15 17:08:21 | 000,000,000 | ---D | M] (CS Lite) -- C:\Documents and Settings\Mark V. Sanderford\Application Data\Mozilla\Firefox\Profiles\JonDoFox\extensions\{00084897-021a-4361-8423-083407a033e0}
[2009/11/15 17:08:21 | 000,000,000 | ---D | M] (JonDoFox) -- C:\Documents and Settings\Mark V. Sanderford\Application Data\Mozilla\Firefox\Profiles\JonDoFox\extensions\{437be45a-4114-11dd-b9ab-71d256d89593}
[2009/11/15 17:08:21 | 000,000,000 | ---D | M] (Dr.Web anti-virus link checker) -- C:\Documents and Settings\Mark V. Sanderford\Application Data\Mozilla\Firefox\Profiles\JonDoFox\extensions\{6614d11d-d21d-b211-ae23-815234e1ebb5}
[2009/11/15 17:08:20 | 000,000,000 | ---D | M] (SafeCache) -- C:\Documents and Settings\Mark V. Sanderford\Application Data\Mozilla\Firefox\Profiles\JonDoFox\extensions\{670a77c5-010e-4476-a8ce-d09171318839}
[2009/11/15 17:08:20 | 000,000,000 | ---D | M] (NoScript) -- C:\Documents and Settings\Mark V. Sanderford\Application Data\Mozilla\Firefox\Profiles\JonDoFox\extensions\{73a6fe31-595d-460b-a920-fcc0f8843232}
[2009/11/15 17:08:21 | 000,000,000 | ---D | M] (DownloadHelper) -- C:\Documents and Settings\Mark V. Sanderford\Application Data\Mozilla\Firefox\Profiles\JonDoFox\extensions\{b9db16a4-6edc-47ec-a1f4-b86292ed211d}
[2009/11/15 17:08:21 | 000,000,000 | ---D | M] (Adblock Plus) -- C:\Documents and Settings\Mark V. Sanderford\Application Data\Mozilla\Firefox\Profiles\JonDoFox\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}
[2009/11/15 17:08:21 | 000,000,000 | ---D | M] (Menu Editor) -- C:\Documents and Settings\Mark V. Sanderford\Application Data\Mozilla\Firefox\Profiles\JonDoFox\extensions\{EDA7B1D7-F793-4e03-B074-E6F303317FB0}
[2009/11/15 17:08:20 | 000,000,000 | ---D | M] (ProfileSwitcher) -- C:\Documents and Settings\Mark V. Sanderford\Application Data\Mozilla\Firefox\Profiles\JonDoFox\extensions\{fa8476cf-a98c-4e08-99b4-65a69cb4b7d4}
[2009/11/15 17:08:21 | 000,000,000 | ---D | M] (DT Whois) -- C:\Documents and Settings\Mark V. Sanderford\Application Data\Mozilla\Firefox\Profiles\JonDoFox\extensions\[email protected]
[2009/11/15 17:08:21 | 000,000,000 | ---D | M] (Adblock Plus) -- C:\Documents and Settings\Mark V. Sanderford\Application Data\Mozilla\Firefox\Profiles\JonDoFox\extensions\[email protected]
[2012/09/15 13:00:38 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Mark V. Sanderford\Application Data\Mozilla\Firefox\Profiles\kv0svoaa.default\extensions
[2011/05/14 07:43:43 | 000,000,000 | ---D | M] (Google Toolbar for Firefox) -- C:\Documents and Settings\Mark V. Sanderford\Application Data\Mozilla\Firefox\Profiles\kv0svoaa.default\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}
[2010/08/27 11:57:13 | 000,000,000 | ---D | M] (Oskar) -- C:\Documents and Settings\Mark V. Sanderford\Application Data\Mozilla\Firefox\Profiles\kv0svoaa.default\extensions\{5b175400-2368-11de-8c30-0800200c9a66}
[2012/05/24 21:26:20 | 000,000,000 | ---D | M] (Green Fox) -- C:\Documents and Settings\Mark V. Sanderford\Application Data\Mozilla\Firefox\Profiles\kv0svoaa.default\extensions\{d122ad80-ff45-11dd-87af-0800200c9a66}
[2012/09/15 13:00:38 | 000,000,000 | ---D | M] (Bitdefender QuickScan) -- C:\Documents and Settings\Mark V. Sanderford\Application Data\Mozilla\Firefox\Profiles\kv0svoaa.default\extensions\{e001c731-5e37-4538-a5cb-8168736a2360}
[2010/04/10 22:55:52 | 000,000,000 | ---D | M] (VMN Toolbar) -- C:\Documents and Settings\Mark V. Sanderford\Application Data\Mozilla\Firefox\Profiles\kv0svoaa.default\extensions\{fbc8441e-a153-45b0-8e93-87521a5812a1}
[2009/11/06 07:43:07 | 000,000,000 | ---D | M] (Custom Buttons²) -- C:\Documents and Settings\Mark V. Sanderford\Application Data\Mozilla\Firefox\Profiles\kv0svoaa.default\extensions\[email protected]
[2011/08/14 21:41:24 | 000,000,000 | ---D | M] (Разпознаване на устройство Logitech) -- C:\Documents and Settings\Mark V. Sanderford\Application Data\Mozilla\Firefox\Profiles\kv0svoaa.default\extensions\[email protected]
[2012/06/20 18:54:48 | 000,000,000 | ---D | M] (LavaFox V2-Blue) -- C:\Documents and Settings\Mark V. Sanderford\Application Data\Mozilla\Firefox\Profiles\kv0svoaa.default\extensions\[email protected]
[2012/06/20 18:54:54 | 000,000,000 | ---D | M] (LavaFox V2) -- C:\Documents and Settings\Mark V. Sanderford\Application Data\Mozilla\Firefox\Profiles\kv0svoaa.default\extensions\[email protected]
[2008/03/20 15:43:48 | 000,001,182 | ---- | M] () (No name found) -- C:\Documents and Settings\Mark V. Sanderford\Application Data\Mozilla\Firefox\Profiles\e26d92jy.Mark\extensions\{d9b25e30-c1cf-11de-8a39-0800200c9a66}(2)\chrome(2)\mac(2)\mozapps(2)\xpinstall(2)\xpinstallConfirm.css
[2008/04/07 19:41:16 | 000,001,937 | ---- | M] () (No name found) -- C:\Documents and Settings\Mark V. Sanderford\Application Data\Mozilla\Firefox\Profiles\e26d92jy.Mark\extensions\{d9b25e30-c1cf-11de-8a39-0800200c9a66}(2)\chrome(2)\mac(2)\mozapps(2)\xpinstall(2)\xpinstallItemGeneric.png
[2009/06/16 23:52:20 | 000,001,502 | ---- | M] () (No name found) -- C:\Documents and Settings\Mark V. Sanderford\Application Data\Mozilla\Firefox\Profiles\e26d92jy.Mark\extensions\{d9b25e30-c1cf-11de-8a39-0800200c9a66}(2)\chrome(2)\win(2)\mozapps(2)\xpinstall(2)\xpinstallConfirm.css
[2009/06/16 23:18:30 | 000,001,423 | ---- | M] () (No name found) -- C:\Documents and Settings\Mark V. Sanderford\Application Data\Mozilla\Firefox\Profiles\e26d92jy.Mark\extensions\{d9b25e30-c1cf-11de-8a39-0800200c9a66}(2)\chrome(2)\win(2)\mozapps(2)\xpinstall(2)\xpinstallItemGeneric.png
[2011/10/31 12:45:10 | 000,148,816 | ---- | M] () (No name found) -- C:\Documents and Settings\Mark V. Sanderford\Application Data\Mozilla\Firefox\Profiles\kv0svoaa.default\extensions\[email protected]
[2012/09/10 22:08:22 | 000,010,546 | ---- | M] () (No name found) -- C:\Documents and Settings\Mark V. Sanderford\Application Data\Mozilla\Firefox\Profiles\kv0svoaa.default\extensions\[email protected]
[2012/07/24 19:20:20 | 000,741,958 | ---- | M] () (No name found) -- C:\Documents and Settings\Mark V. Sanderford\Application Data\Mozilla\Firefox\Profiles\kv0svoaa.default\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi
[2012/09/10 22:03:28 | 000,016,192 | ---- | M] () (No name found) -- C:\Documents and Settings\Mark V. Sanderford\Application Data\Mozilla\Firefox\Profiles\kv0svoaa.default\extensions\{dd3d7613-0246-469d-bc65-2a3cc1668adc}.xpi
[2012/09/05 15:44:56 | 000,001,770 | ---- | M] () -- C:\Documents and Settings\Mark V. Sanderford\Application Data\Mozilla\Firefox\Profiles\kv0svoaa.default\searchplugins\CallingID.xml
[2011/11/12 20:35:40 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
[2012/09/05 15:36:30 | 000,000,000 | ---D | M] (CallingID Link Advisor 2.0 Mouseover) -- C:\PROGRAM FILES\CALLINGID\CALLINGIDLINKADVISOR2.0\LINKADVISOR\FIREFOX
[2012/09/05 15:36:31 | 000,000,000 | ---D | M] (CallingID Link Advisor 2.0 Toolbar) -- C:\PROGRAM FILES\CALLINGID\CALLINGIDLINKADVISOR2.0\TOOLBAR\FIREFOX
[2012/09/12 13:34:37 | 000,266,720 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browsercomps.dll
[2012/09/12 13:34:35 | 000,002,465 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\bing.xml
[2012/09/05 15:44:54 | 000,001,770 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\CallingID.xml
[2012/09/12 13:34:35 | 000,002,253 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\twitter.xml

========== Chrome ==========

CHR - homepage: http://www.google.com
CHR - homepage: http://www.google.com
CHR - plugin: Shockwave Flash (Enabled) = C:\Program Files\Google\Chrome\Application\21.0.1180.89\PepperFlash\pepflashplayer.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\Program Files\Google\Chrome\Application\21.0.1180.89\gcswf32.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\WINDOWS.0\system32\Macromed\Flash\NPSWF32_11_3_300_271.dll
CHR - plugin: Remoting Viewer (Enabled) = internal-remoting-viewer
CHR - plugin: Native Client (Enabled) = C:\Program Files\Google\Chrome\Application\21.0.1180.89\ppGoogleNaClPluginChrome.dll
CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Program Files\Google\Chrome\Application\21.0.1180.89\pdf.dll
CHR - plugin: CallingID LinkAdvisor Toolbar (Frame Plugin) (Enabled) = C:\Documents and Settings\Mark V. Sanderford\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\abdnighfgafbeighondbgepoenlnpcef\2.0.0.248_0\npCIDToolbarFramePlugin.dll
CHR - plugin: CallingID LinkAdvisor Toolbar (Dummy Plugin) (Enabled) = C:\Documents and Settings\Mark V. Sanderford\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\abdnighfgafbeighondbgepoenlnpcef\2.0.0.248_0\npCIDToolbarDummyPlugin.dll
CHR - plugin: CallingID Link Advisor (Enabled) = C:\Documents and Settings\Mark V. Sanderford\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\gkeciodhggpcngbhlhiiphbhlddbaafl\2.0.0.248_0\npCIDLinkAdvisorPlugin.dll
CHR - plugin: Adobe Acrobat (Enabled) = C:\Program Files\Adobe\Reader 9.0\Reader\Browser\nppdf32.dll
CHR - plugin: Shockwave for Director (Enabled) = C:\Program Files\Mozilla Firefox\plugins\np32dsw.dll
CHR - plugin: Windows Genuine Advantage (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npLegitCheckPlugin.dll
CHR - plugin: 2007 Microsoft Office system (Enabled) = C:\Program Files\Mozilla Firefox\plugins\NPOFF12.DLL
CHR - plugin: RealPlayer™ G2 LiveConnect-Enabled Plug-In (32-bit) (Enabled) = C:\Program Files\Mozilla Firefox\plugins\nppl3260.dll
CHR - plugin: RealPlayer Version Plugin (Enabled) = C:\Program Files\Mozilla Firefox\plugins\nprpjplug.dll
CHR - plugin: RealPlayer™ HTML5VideoShim Plug-In (32-bit) (Enabled) = C:\Documents and Settings\All Users.WINDOWS.0\Application Data\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprphtml5videoshim.dll
CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin8.dll
CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin.dll
CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin2.dll
CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin3.dll
CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin4.dll
CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin5.dll
CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin6.dll
CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin7.dll
CHR - plugin: RealJukebox NS Plugin (Enabled) = C:\Program Files\Mozilla Firefox\plugins\nprjplug.dll
CHR - plugin: Microsoft\u00AE DRM (Enabled) = C:\Program Files\Windows Media Player\npdrmv2.dll
CHR - plugin: Microsoft\u00AE DRM (Enabled) = C:\Program Files\Windows Media Player\npwmsdrm.dll
CHR - plugin: Windows Media Player Plug-in Dynamic Link Library (Enabled) = C:\Program Files\Windows Media Player\npdsplay.dll
CHR - plugin: Unity Player (Enabled) = C:\Documents and Settings\Mark V. Sanderford\Local Settings\Application Data\Unity\WebPlayer\loader\npUnity3D32.dll
CHR - plugin: AmazonMP3DownloaderPlugin (Enabled) = C:\Program Files\Amazon\MP3 Downloader\npAmazonMP3DownloaderPlugin.dll
CHR - plugin: CANON iMAGE GATEWAY Album Plugin Utility (Enabled) = C:\Program Files\Canon\Easy-PhotoPrint EX\NPEZFFPI.DLL
CHR - plugin: DNA Plug-in (Enabled) = C:\Program Files\DNA\plugins\npbtdna.dll
CHR - plugin: Google Earth Plugin (Enabled) = C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll
CHR - plugin: Google Update (Enabled) = C:\Program Files\Google\Update\1.3.21.115\npGoogleUpdate3.dll
CHR - plugin: eMusic Remote Plugin (Enabled) = C:\Program Files\eMusic Download Manager\plugin\npemusic.dll
CHR - plugin: iTunes Application Detector (Enabled) = C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll
CHR - plugin: Windows Presentation Foundation (Enabled) = C:\WINDOWS.0\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll
CHR - Extension: CallingID LinkAdvisor 2.0 Toolbar = C:\Documents and Settings\Mark V. Sanderford\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\abdnighfgafbeighondbgepoenlnpcef\2.0.0.248_0\
CHR - Extension: CallingID LinkAdvisor 2.0 = C:\Documents and Settings\Mark V. Sanderford\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\gkeciodhggpcngbhlhiiphbhlddbaafl\2.0.0.248_0\

O1 HOSTS File: ([2012/09/15 02:49:53 | 000,000,098 | ---- | M]) - C:\WINDOWS.0\system32\drivers\etc\Hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: ::1 localhost
O2 - BHO: (EWPBrowseObject Class) - {68F9551E-0411-48E4-9AAF-4BC42A6A46BE} - C:\Program Files\Canon\Easy-WebPrint\EWPBrowseLoader.dll ()
O2 - BHO: (SSVHelper Class) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.)
O2 - BHO: (VMN Toolbar Astro Gemini) - {A057A204-BACC-4D26-8287-79A187E26987} - C:\Program Files\vmntoolbar\vmntoolbar.dll (Visicom Media Inc. )
O2 - BHO: (CallingID LinkAdvisor 2.0 BHO) - {FBF2401B-7447-4727-BE5D-C19B2075CA84} - C:\Program Files\CallingID\CallingIDLinkAdvisor2.0\Toolbar\CallingIDIE.dll (CallingID Ltd.)
O3 - HKLM\..\Toolbar: (CallingID LinkAdvisor 2.0) - {10134636-E7AF-4AC5-A1DC-C7C44BB97D81} - C:\Program Files\CallingID\CallingIDLinkAdvisor2.0\Toolbar\CallingIDIE.dll (CallingID Ltd.)
O3 - HKLM\..\Toolbar: (Easy-WebPrint) - {327C2873-E90D-4c37-AA9D-10AC9BABA46C} - C:\Program Files\Canon\Easy-WebPrint\Toolband.dll ()
O3 - HKLM\..\Toolbar: (VMN Toolbar Astro Gemini) - {A057A204-BACC-4D26-8287-79A187E26987} - C:\Program Files\vmntoolbar\vmntoolbar.dll (Visicom Media Inc. )
O3 - HKCU\..\Toolbar\WebBrowser: (CallingID LinkAdvisor 2.0) - {10134636-E7AF-4AC5-A1DC-C7C44BB97D81} - C:\Program Files\CallingID\CallingIDLinkAdvisor2.0\Toolbar\CallingIDIE.dll (CallingID Ltd.)
O4 - HKLM..\Run: [36X Raid Configurer] C:\WINDOWS.0\System32\xRaidSetup.exe (Gigabyte Technology Corp.)
O4 - HKLM..\Run: [AlcWzrd] C:\WINDOWS.0\alcwzrd.exe (RealTek Semicoductor Corp.)
O4 - HKLM..\Run: [CanonMyPrinter] C:\Program Files\Canon\MyPrinter\BJMyPrt.exe (CANON INC.)
O4 - HKLM..\Run: [CanonSolutionMenuEx] C:\Program Files\Canon\Solution Menu EX\CNSEMAIN.EXE (CANON INC.)
O4 - HKLM..\Run: [DeltaIITaskbarApp] C:\WINDOWS.0\system32\DeltaIITray.exe ()
O4 - HKLM..\Run: [DigidesignMMERefresh] C:\Program Files\Digidesign\Drivers\MMERefresh.exe (Digidesign, A Division of Avid Technology, Inc.)
O4 - HKLM..\Run: [DT ACR] C:\Program Files\Common Files\Portrait Displays\Shared\DT_startup.exe ()
O4 - HKLM..\Run: [EVGAPrecision] C:\Program Files\EVGA Precision\EVGAPrecision.exe ()
O4 - HKLM..\Run: [InCD] C:\Program Files\Nero\Nero 7\InCD\InCD.exe (Nero AG)
O4 - HKLM..\Run: [JMB36X IDE Setup] C:\WINDOWS.0\RaidTool\xInsIDE.exe ()
O4 - HKLM..\Run: [Kernel and Hardware Abstraction Layer] C:\WINDOWS.0\KHALMNPR.Exe (Logitech, Inc.)
O4 - HKLM..\Run: [LanguageShortcut] C:\Program Files\CyberLink\PowerDVD\Language\Language.exe ()
O4 - HKLM..\Run: [Launch LGDCore] C:\Program Files\Common Files\Logitech\G-series Software\LGDCore.exe (Logitech Inc.)
O4 - HKLM..\Run: [LELA] C:\Program Files\Linksys\Linksys EasyLink Advisor\Linksys EasyLink Advisor.exe (Linksys LLC - A Division of Cisco Systems)
O4 - HKLM..\Run: [Logitech Utility] C:\WINDOWS.0\Logi_MwX.Exe (Logitech Inc.)
O4 - HKLM..\Run: [M-Audio Taskbar Icon] C:\WINDOWS.0\system32\DeltaIITray.exe ()
O4 - HKLM..\Run: [MSC] C:\Program Files\Microsoft Security Client\msseces.exe (Microsoft Corporation)
O4 - HKLM..\Run: [NeroCheck] C:\WINDOWS.0\system32\NeroCheck.exe (Ahead Software Gmbh)
O4 - HKLM..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe (Nero AG)
O4 - HKLM..\Run: [nmctxth] C:\Program Files\Common Files\Pure Networks Shared\Platform\nmctxth.exe (Pure Networks, Inc.)
O4 - HKLM..\Run: [NvCplDaemon] C:\WINDOWS.0\System32\NvCpl.dll (NVIDIA Corporation)
O4 - HKLM..\Run: [NvMediaCenter] C:\WINDOWS.0\System32\NvMcTray.dll (NVIDIA Corporation)
O4 - HKLM..\Run: [nwiz] C:\WINDOWS.0\System32\nwiz.exe ()
O4 - HKLM..\Run: [OrderReminder] C:\Program Files\Hewlett-Packard\OrderReminder\OrderReminder.exe (Hewlett-Packard)
O4 - HKLM..\Run: [PivotSoftware] C:\Program Files\Portrait Displays\Pivot Software\wpctrl.exe ()
O4 - HKLM..\Run: [SecurDisc] C:\Program Files\Nero\Nero 7\InCD\NBHGui.exe (Nero AG)
O4 - HKLM..\Run: [SoundMan] C:\WINDOWS.0\SoundMan.exe (Realtek Semiconductor Corp.)
O4 - HKLM..\Run: [TkBellExe] C:\Program Files\Common Files\Real\Update_OB\realsched.exe (RealNetworks, Inc.)
O4 - HKLM..\Run: [VERIZONDM] C:\Program Files\VERIZONDM\bin\sprtcmd.exe (SupportSoft, Inc.)
O4 - HKCU..\Run: [BitTorrent DNA] C:\Program Files\DNA\btdna.exe (BitTorrent, Inc.)
O4 - HKCU..\Run: [MediaFire Tray] C:\Documents and Settings\Mark V. Sanderford\Application Data\MediaFire Express\mf_systray.exe (MediaFire LLC)
O4 - HKLM..\RunOnceEx: [Flags] Reg Error: Invalid data type. File not found
O4 - HKLM..\RunOnceEx: [Title] UnHackMe Rootkit Check File not found
O4 - Startup: C:\Documents and Settings\All Users.WINDOWS.0\Start Menu\Programs\Startup\AdFender.lnk = C:\Program Files\AdFender\AdFender.exe (AdFender, Inc.)
O4 - Startup: C:\Documents and Settings\All Users.WINDOWS.0\Start Menu\Programs\Startup\APC UPS Status.lnk = C:\Program Files\APC\APC PowerChute Personal Edition\Display.exe (American Power Conversion Corporation)
O4 - Startup: C:\Documents and Settings\All Users.WINDOWS.0\Start Menu\Programs\Startup\Audible Download Manager.lnk = C:\Program Files\Audible\Bin\AudibleDownloadHelper.exe (Audible, Inc.)
O4 - Startup: C:\Documents and Settings\All Users.WINDOWS.0\Start Menu\Programs\Startup\Logitech SetPoint.lnk = C:\Program Files\Logitech\SetPoint\SetPoint.exe (Logitech, Inc.)
O4 - Startup: C:\Documents and Settings\All Users.WINDOWS.0\Start Menu\Programs\Startup\WDDMStatus.lnk = C:\Program Files\Western Digital\WD SmartWare\WD Drive Manager\WDDMStatus.exe (Western Digital Technologies, Inc.)
O4 - Startup: C:\Documents and Settings\Mark V. Sanderford\Start Menu\Programs\Startup\Adobe Gamma.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe (Adobe Systems, Inc.)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: EnableShellExecuteHooks = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O15 - HKCU\..Trusted Domains: com.tw ([asia.msi] http in Trusted sites)
O15 - HKCU\..Trusted Domains: com.tw ([global.msi] http in Trusted sites)
O15 - HKCU\..Trusted Domains: com.tw ([www.msi] http in Trusted sites)
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} http://www.update.mi...b?1233954073359 (WUWebControl Class)
O16 - DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} http://download.eset...lineScanner.cab (OnlineScanner Control)
O16 - DPF: {8167C273-DF59-4416-B647-C8BB2C7EE83E} http://liveupdate.ms...ine/install.cab (WebSDev Control)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{34DBFE19-A977-4D7A-B186-B533AFA0CE81}: DhcpNameServer = 192.168.1.1
O18 - Protocol\Handler\callingid {086D03BA-57AC-4C8E-A33D-0BAABF742411} - C:\Program Files\CallingID\CallingIDLinkAdvisor2.0\Toolbar\CallingIDToolbar.dll (CallingID Ltd.)
O18 - Protocol\Handler\pure-go {4746C79A-2042-4332-8650-48966E44ABA8} - C:\Program Files\Common Files\Pure Networks Shared\Platform\puresp3.dll (Pure Networks, Inc.)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS.0\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\WINDOWS.0\system32\userinit.exe) - C:\WINDOWS.0\system32\userinit.exe (Microsoft Corporation)
O20 - Winlogon\Notify\LBTWlgn: DllName - (c:\program files\common files\logishrd\bluetooth\LBTWlgn.dll) - c:\Program Files\Common Files\Logishrd\Bluetooth\LBTWLgn.dll (Logitech, Inc.)
O24 - Desktop WallPaper: C:\Documents and Settings\Mark V. Sanderford\My Documents\My Pictures\prague_bridges2.bmp
O24 - Desktop BackupWallPaper: C:\Documents and Settings\Mark V. Sanderford\My Documents\My Pictures\prague_bridges2.bmp
O28 - HKLM ShellExecuteHooks: {1869181A-9F50-4FCF-8BFF-1B8588ECB85C} - C:\Program Files\CallingID\CallingIDLinkAdvisor2.0\LinkAdvisor\CIDLinkAdvisor.dll (CallingID Ltd.)
O28 - HKLM ShellExecuteHooks: {5AE067D3-9AFB-48E0-853A-EBB7F4A000DA} - C:\Program Files\SUPERAntiSpyware\SASSEH.DLL (SuperAdBlocker.com)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2009/07/06 22:54:26 | 000,000,000 | ---D | M] - C:\AutoApplyConvert -- [ NTFS ]
O32 - AutoRun File - [2004/11/14 06:52:17 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O32 - AutoRun File - [2003/03/21 12:00:56 | 000,000,000 | R--D | M] - G:\AUTORUN -- [ FAT32 ]
O32 - AutoRun File - [2006/10/21 14:07:54 | 000,020,992 | ---- | M] () - G:\Autoparts warehouse letter.doc -- [ FAT32 ]
O32 - AutoRun File - [2006/10/20 09:35:42 | 022,722,519 | ---- | M] () - G:\Autoparts warehouse receipt.psd -- [ FAT32 ]
O34 - HKLM BootExecute: (autocheck autochk *)
O34 - HKLM BootExecute: (MACHINE BootExecut)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)

========== Files/Folders - Created Within 30 Days ==========

[2012/09/15 13:00:42 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Mark V. Sanderford\Application Data\QuickScan
[2012/09/15 11:01:03 | 000,000,000 | ---D | C] -- C:\Program Files\ESET
[2012/09/14 22:06:53 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Mark V. Sanderford\Desktop\AllUCDLs
[2012/09/14 21:02:03 | 000,000,000 | ---D | C] -- C:\_OTL
[2012/09/14 17:14:56 | 000,693,235 | ---- | C] (Farbar) -- C:\Documents and Settings\Mark V. Sanderford\Desktop\FSS.exe
[2012/09/14 16:50:25 | 004,731,392 | ---- | C] (AVAST Software) -- C:\Documents and Settings\Mark V. Sanderford\Desktop\aswMBR.exe
[2012/09/14 11:37:44 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users.WINDOWS.0\Application Data\boost_interprocess
[2012/09/12 14:04:02 | 000,000,000 | ---D | C] -- C:\_OTM
[2012/09/12 13:33:21 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Mark V. Sanderford\Desktop\Alexandra Sym 8
[2012/09/12 07:02:05 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users.WINDOWS.0\Start Menu\Programs\AdFender
[2012/09/12 07:02:05 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users.WINDOWS.0\Application Data\AdFender
[2012/09/11 08:12:06 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users.WINDOWS.0\Start Menu\Programs\Google Chrome
[2012/09/11 08:07:57 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Mark V. Sanderford\Application Data\SUPERAntiSpyware.com
[2012/09/11 08:07:54 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users.WINDOWS.0\Start Menu\Programs\SUPERAntiSpyware
[2012/09/11 08:07:51 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users.WINDOWS.0\Application Data\SUPERAntiSpyware.com
[2012/09/11 08:07:51 | 000,000,000 | ---D | C] -- C:\Program Files\SUPERAntiSpyware
[2012/09/11 07:36:54 | 000,000,000 | ---D | C] -- C:\Program Files\Trend Micro
[2012/09/11 07:36:54 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Mark V. Sanderford\Start Menu\Programs\HiJackThis
[2012/09/10 18:13:42 | 000,000,000 | RH-D | C] -- C:\Documents and Settings\Mark V. Sanderford\Recent
[2012/09/10 18:04:01 | 000,000,000 | R--D | C] -- C:\Documents and Settings\Mark V. Sanderford\Desktop\My eMusic
[2012/09/10 17:00:01 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft Security Client
[2012/09/10 13:57:14 | 000,052,480 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS.0\System32\dllcache\i8042prt.sys
[2012/09/10 13:36:04 | 000,000,000 | RHSD | C] -- C:\cmdcons
[2012/09/10 13:35:10 | 000,518,144 | ---- | C] (SteelWerX) -- C:\WINDOWS.0\SWREG.exe
[2012/09/10 13:35:10 | 000,406,528 | ---- | C] (SteelWerX) -- C:\WINDOWS.0\SWSC.exe
[2012/09/10 13:35:10 | 000,212,480 | ---- | C] (SteelWerX) -- C:\WINDOWS.0\SWXCACLS.exe
[2012/09/10 13:35:10 | 000,060,416 | ---- | C] (NirSoft) -- C:\WINDOWS.0\NIRCMD.exe
[2012/09/10 13:35:05 | 000,000,000 | ---D | C] -- C:\Qoobox
[2012/09/10 13:34:57 | 000,000,000 | ---D | C] -- C:\WINDOWS.0\erdnt
[2012/09/10 13:30:46 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users.WINDOWS.0\Application Data\RegRun
[2012/09/10 13:30:42 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Mark V. Sanderford\My Documents\RegRun2
[2012/09/10 13:30:39 | 000,000,000 | ---D | C] -- C:\Program Files\UnHackMe
[2012/09/05 22:07:03 | 000,000,000 | ---D | C] -- C:\WINDOWS.0\System32\NtmsData
[2012/09/04 21:48:23 | 000,000,000 | ---D | C] -- C:\Program Files (x86)
[2012/09/04 21:48:23 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Mark V. Sanderford\Start Menu\Programs\Fix Redirect Virus
[2012/09/03 22:04:51 | 000,000,000 | R--D | C] -- C:\Documents and Settings\Mark V. Sanderford\Desktop\eMusic 3
[2012/08/29 17:38:40 | 004,740,381 | R--- | C] (Swearware) -- C:\Documents and Settings\Mark V. Sanderford\Desktop\ComboFix.exe
[2012/08/29 15:51:06 | 000,000,000 | ---D | C] -- C:\TDSSKiller_Quarantine
[2012/08/21 17:30:17 | 000,000,000 | ---D | C] -- C:\Program Files\TeaTimer (Spybot - Search & Destroy)
[2012/08/21 17:30:17 | 000,000,000 | ---D | C] -- C:\Program Files\File Scanner Library (Spybot - Search & Destroy)

========== Files - Modified Within 30 Days ==========

[2012/09/15 14:04:00 | 000,000,910 | ---- | M] () -- C:\WINDOWS.0\tasks\GoogleUpdateTaskMachineUA.job
[2012/09/15 13:54:01 | 000,061,440 | ---- | M] ( ) -- C:\Documents and Settings\Mark V. Sanderford\Desktop\VEW.exe
[2012/09/15 13:32:26 | 000,206,492 | ---- | M] () -- C:\WINDOWS.0\System32\nvapps.xml
[2012/09/15 13:32:09 | 000,016,608 | ---- | M] (Windows ® 2000 DDK provider) -- C:\WINDOWS.0\gdrv.sys
[2012/09/15 13:32:04 | 000,012,598 | ---- | M] () -- C:\WINDOWS.0\System32\wpa.dbl
[2012/09/15 13:32:04 | 000,000,906 | ---- | M] () -- C:\WINDOWS.0\tasks\GoogleUpdateTaskMachineCore.job
[2012/09/15 13:32:04 | 000,000,304 | ---- | M] () -- C:\WINDOWS.0\tasks\RealUpgradeLogonTaskS-1-5-21-583907252-1682526488-1801674531-1005.job
[2012/09/15 13:31:40 | 000,002,048 | --S- | M] () -- C:\WINDOWS.0\bootstat.dat
[2012/09/15 13:31:33 | 3487,879,168 | -HS- | M] () -- C:\hiberfil.sys
[2012/09/15 13:05:00 | 000,000,834 | ---- | M] () -- C:\WINDOWS.0\tasks\Adobe Flash Player Updater.job
[2012/09/15 02:49:53 | 000,000,098 | ---- | M] () -- C:\WINDOWS.0\System32\drivers\etc\Hosts
[2012/09/15 01:46:42 | 000,000,802 | ---- | M] () -- C:\Documents and Settings\Mark V. Sanderford\Application Data\Microsoft\Internet Explorer\Quick Launch\Malwarebytes Anti-Malware.lnk
[2012/09/15 01:46:42 | 000,000,784 | ---- | M] () -- C:\Documents and Settings\All Users.WINDOWS.0\Desktop\Malwarebytes Anti-Malware.lnk
[2012/09/14 21:34:16 | 000,000,512 | ---- | M] () -- C:\Documents and Settings\Mark V. Sanderford\Desktop\MBR.dat
[2012/09/14 17:14:56 | 000,693,235 | ---- | M] (Farbar) -- C:\Documents and Settings\Mark V. Sanderford\Desktop\FSS.exe
[2012/09/14 16:50:38 | 004,731,392 | ---- | M] (AVAST Software) -- C:\Documents and Settings\Mark V. Sanderford\Desktop\aswMBR.exe
[2012/09/14 14:46:01 | 000,000,284 | ---- | M] () -- C:\WINDOWS.0\tasks\AppleSoftwareUpdate.job
[2012/09/13 23:45:56 | 003,950,886 | ---- | M] () -- C:\Documents and Settings\Mark V. Sanderford\Desktop\Alexandra Sym 6.mp3
[2012/09/12 14:26:57 | 043,061,879 | ---- | M] () -- C:\Documents and Settings\Mark V. Sanderford\Desktop\Leiviskä-Sinfonia no. 3 op. 31 (1971).mp3
[2012/09/12 14:26:44 | 032,804,864 | ---- | M] () -- C:\Documents and Settings\Mark V. Sanderford\Desktop\Ranta-Sinfonia Piccola (No. 1) op. 43 (1932).MP3
[2012/09/12 08:48:00 | 000,000,312 | ---- | M] () -- C:\WINDOWS.0\tasks\RealUpgradeScheduledTaskS-1-5-21-583907252-1682526488-1801674531-1005.job
[2012/09/12 07:02:05 | 000,000,716 | ---- | M] () -- C:\Documents and Settings\All Users.WINDOWS.0\Start Menu\Programs\Startup\AdFender.lnk
[2012/09/11 08:12:06 | 000,001,813 | ---- | M] () -- C:\Documents and Settings\All Users.WINDOWS.0\Desktop\Google Chrome.lnk
[2012/09/11 08:12:06 | 000,001,791 | ---- | M] () -- C:\Documents and Settings\Mark V. Sanderford\Application Data\Microsoft\Internet Explorer\Quick Launch\Google Chrome.lnk
[2012/09/10 20:13:30 | 000,606,396 | ---- | M] () -- C:\Documents and Settings\Mark V. Sanderford\My Documents\Vasile Herman Variations.pkf
[2012/09/10 20:12:21 | 000,731,724 | ---- | M] () -- C:\Documents and Settings\Mark V. Sanderford\My Documents\Herman B side02.pkf
[2012/09/10 20:12:20 | 143,963,704 | ---- | M] () -- C:\Documents and Settings\Mark V. Sanderford\My Documents\Herman B side02.wav
[2012/09/10 20:12:07 | 000,731,724 | ---- | M] () -- C:\Documents and Settings\Mark V. Sanderford\My Documents\Vasile Herman Paleomusic.pkf
[2012/09/10 20:10:31 | 118,396,816 | ---- | M] () -- C:\Documents and Settings\Mark V. Sanderford\My Documents\Herman B side01.wav
[2012/09/10 20:10:31 | 000,606,396 | ---- | M] () -- C:\Documents and Settings\Mark V. Sanderford\My Documents\Herman B side01.pkf
[2012/09/10 20:05:32 | 001,330,432 | ---- | M] () -- C:\Documents and Settings\Mark V. Sanderford\My Documents\Herman B side.pkf
[2012/09/10 20:05:20 | 266,099,756 | ---- | M] () -- C:\Documents and Settings\Mark V. Sanderford\My Documents\Herman B side.wav
[2012/09/10 19:29:28 | 287,388,180 | ---- | M] () -- C:\Documents and Settings\Mark V. Sanderford\My Documents\Nichifor Sym 2.wav
[2012/09/10 19:29:28 | 001,434,784 | ---- | M] () -- C:\Documents and Settings\Mark V. Sanderford\My Documents\Nichifor Sym 2.pkf
[2012/09/10 18:57:46 | 001,437,284 | ---- | M] () -- C:\Documents and Settings\Mark V. Sanderford\My Documents\Nichifor Sym 1.pkf
[2012/09/10 18:57:45 | 287,897,904 | ---- | M] () -- C:\Documents and Settings\Mark V. Sanderford\My Documents\Nichifor Sym 1.wav
[2012/09/10 17:00:24 | 000,001,945 | ---- | M] () -- C:\WINDOWS.0\epplauncher.mif
[2012/09/10 13:36:06 | 000,000,331 | RHS- | M] () -- C:\boot.ini
[2012/09/10 13:30:42 | 000,002,577 | ---- | M] () -- C:\WINDOWS.0\System32\CONFIG.NT
[2012/09/10 13:30:42 | 000,001,688 | ---- | M] () -- C:\WINDOWS.0\System32\AUTOEXEC.NT
[2012/09/10 13:30:42 | 000,000,002 | RHS- | M] () -- C:\WINDOWS.0\winstart.bat
[2012/09/10 09:00:00 | 000,000,450 | ---- | M] () -- C:\WINDOWS.0\tasks\SyncBack Archive.job
[2012/09/10 07:00:24 | 000,001,107 | ---- | M] () -- C:\Documents and Settings\Mark V. Sanderford\Desktop\Shortcut to Unsung.lnk
[2012/09/10 07:00:06 | 000,001,110 | ---- | M] () -- C:\Documents and Settings\Mark V. Sanderford\Desktop\Shortcut to uploads.lnk
[2012/09/10 06:59:39 | 000,001,118 | ---- | M] () -- C:\Documents and Settings\Mark V. Sanderford\Desktop\Shortcut to A-M forum.lnk
[2012/09/07 17:04:46 | 000,022,856 | ---- | M] (Malwarebytes Corporation) -- C:\WINDOWS.0\System32\drivers\mbam.sys
[2012/08/29 23:29:30 | 000,000,296 | ---- | M] () -- C:\Documents and Settings\Mark V. Sanderford\Desktop\Shortcut to My eMusic 2.lnk
[2012/08/29 17:38:46 | 004,740,381 | R--- | M] (Swearware) -- C:\Documents and Settings\Mark V. Sanderford\Desktop\ComboFix.exe
[2012/08/28 14:10:52 | 000,001,510 | ---- | M] () -- C:\Documents and Settings\Mark V. Sanderford\Application Data\Microsoft\Internet Explorer\Quick Launch\Opera.lnk
[2012/08/28 14:10:52 | 000,001,492 | ---- | M] () -- C:\Documents and Settings\All Users.WINDOWS.0\Desktop\Opera.lnk
[2012/08/26 21:36:01 | 000,000,682 | ---- | M] () -- C:\Documents and Settings\All Users.WINDOWS.0\Desktop\CCleaner.lnk

========== Files Created - No Company Name ==========

[2012/09/15 13:54:01 | 000,061,440 | ---- | C] ( ) -- C:\Documents and Settings\Mark V. Sanderford\Desktop\VEW.exe
[2012/09/15 01:46:42 | 000,000,784 | ---- | C] () -- C:\Documents and Settings\All Users.WINDOWS.0\Desktop\Malwarebytes Anti-Malware.lnk
[2012/09/14 17:14:38 | 000,000,512 | ---- | C] () -- C:\Documents and Settings\Mark V. Sanderford\Desktop\MBR.dat
[2012/09/13 23:45:48 | 003,950,886 | ---- | C] () -- C:\Documents and Settings\Mark V. Sanderford\Desktop\Alexandra Sym 6.mp3
[2012/09/12 14:24:50 | 032,804,864 | ---- | C] () -- C:\Documents and Settings\Mark V. Sanderford\Desktop\Ranta-Sinfonia Piccola (No. 1) op. 43 (1932).MP3
[2012/09/12 14:24:38 | 043,061,879 | ---- | C] () -- C:\Documents and Settings\Mark V. Sanderford\Desktop\Leiviskä-Sinfonia no. 3 op. 31 (1971).mp3
[2012/09/12 07:02:05 | 000,000,716 | ---- | C] () -- C:\Documents and Settings\All Users.WINDOWS.0\Start Menu\Programs\Startup\AdFender.lnk
[2012/09/11 08:12:06 | 000,001,813 | ---- | C] () -- C:\Documents and Settings\All Users.WINDOWS.0\Desktop\Google Chrome.lnk
[2012/09/11 08:12:06 | 000,001,791 | ---- | C] () -- C:\Documents and Settings\Mark V. Sanderford\Application Data\Microsoft\Internet Explorer\Quick Launch\Google Chrome.lnk
[2012/09/10 21:01:02 | 3487,879,168 | -HS- | C] () -- C:\hiberfil.sys
[2012/09/10 20:13:30 | 000,606,396 | ---- | C] () -- C:\Documents and Settings\Mark V. Sanderford\My Documents\Vasile Herman Variations.pkf
[2012/09/10 20:12:06 | 000,731,724 | ---- | C] () -- C:\Documents and Settings\Mark V. Sanderford\My Documents\Vasile Herman Paleomusic.pkf
[2012/09/10 20:10:36 | 000,731,724 | ---- | C] () -- C:\Documents and Settings\Mark V. Sanderford\My Documents\Herman B side02.pkf
[2012/09/10 20:10:31 | 143,963,704 | ---- | C] () -- C:\Documents and Settings\Mark V. Sanderford\My Documents\Herman B side02.wav
[2012/09/10 20:10:31 | 000,606,396 | ---- | C] () -- C:\Documents and Settings\Mark V. Sanderford\My Documents\Herman B side01.pkf
[2012/09/10 20:10:29 | 118,396,816 | ---- | C] () -- C:\Documents and Settings\Mark V. Sanderford\My Documents\Herman B side01.wav
[2012/09/10 20:05:28 | 266,099,756 | ---- | C] () -- C:\Documents and Settings\Mark V. Sanderford\My Documents\Herman B side.wav
[2012/09/10 20:05:28 | 001,330,432 | ---- | C] () -- C:\Documents and Settings\Mark V. Sanderford\My Documents\Herman B side.pkf
[2012/09/10 19:25:43 | 287,388,180 | ---- | C] () -- C:\Documents and Settings\Mark V. Sanderford\My Documents\Nichifor Sym 2.wav
[2012/09/10 19:25:43 | 001,434,784 | ---- | C] () -- C:\Documents and Settings\Mark V. Sanderford\My Documents\Nichifor Sym 2.pkf
[2012/09/10 18:55:00 | 287,897,904 | ---- | C] () -- C:\Documents and Settings\Mark V. Sanderford\My Documents\Nichifor Sym 1.wav
[2012/09/10 18:55:00 | 001,437,284 | ---- | C] () -- C:\Documents and Settings\Mark V. Sanderford\My Documents\Nichifor Sym 1.pkf
[2012/09/10 17:00:12 | 000,001,702 | ---- | C] () -- C:\Documents and Settings\All Users.WINDOWS.0\Start Menu\Programs\Microsoft Security Essentials.lnk
[2012/09/10 13:36:06 | 000,000,214 | ---- | C] () -- C:\Boot.bak
[2012/09/10 13:36:05 | 000,260,272 | RHS- | C] () -- C:\cmldr
[2012/09/10 13:35:10 | 000,256,000 | ---- | C] () -- C:\WINDOWS.0\PEV.exe
[2012/09/10 13:35:10 | 000,208,896 | ---- | C] () -- C:\WINDOWS.0\MBR.exe
[2012/09/10 13:35:10 | 000,098,816 | ---- | C] () -- C:\WINDOWS.0\sed.exe
[2012/09/10 13:35:10 | 000,080,412 | ---- | C] () -- C:\WINDOWS.0\grep.exe
[2012/09/10 13:35:10 | 000,068,096 | ---- | C] () -- C:\WINDOWS.0\zip.exe
[2012/09/10 13:30:42 | 000,000,002 | RHS- | C] () -- C:\WINDOWS.0\winstart.bat
[2012/09/10 06:57:00 | 000,001,118 | ---- | C] () -- C:\Documents and Settings\Mark V. Sanderford\Desktop\Shortcut to A-M forum.lnk
[2012/08/30 21:12:59 | 000,001,808 | ---- | C] () -- C:\Documents and Settings\All Users.WINDOWS.0\Start Menu\Programs\Adobe Reader 9.lnk
[2012/08/29 23:29:33 | 000,000,296 | ---- | C] () -- C:\Documents and Settings\Mark V. Sanderford\Desktop\Shortcut to My eMusic 2.lnk
[2012/08/28 14:10:52 | 000,001,510 | ---- | C] () -- C:\Documents and Settings\Mark V. Sanderford\Application Data\Microsoft\Internet Explorer\Quick Launch\Opera.lnk
[2012/08/28 14:10:52 | 000,001,498 | ---- | C] () -- C:\Documents and Settings\All Users.WINDOWS.0\Start Menu\Programs\Opera.lnk
[2012/08/28 14:10:52 | 000,001,492 | ---- | C] () -- C:\Documents and Settings\All Users.WINDOWS.0\Desktop\Opera.lnk
[2012/03/31 10:50:09 | 000,000,533 | ---- | C] () -- C:\Program Files\Shortcut to Windows Media Player.lnk
[2012/03/15 19:59:15 | 000,000,010 | ---- | C] () -- C:\WINDOWS.0\3aline.ini
[2012/03/12 21:41:27 | 000,350,418 | ---- | C] () -- C:\WINDOWS.0\uninstall Digital_.exe
[2012/02/27 15:44:48 | 000,326,144 | ---- | C] () -- C:\WINDOWS.0\System32\SilverEfexPro2FC32.dll
[2012/02/20 18:30:17 | 000,038,351 | ---- | C] () -- C:\WINDOWS.0\System32\jcsball.dat
[2012/02/20 18:30:17 | 000,020,755 | ---- | C] () -- C:\WINDOWS.0\System32\jerror.dat
[2012/02/15 04:27:47 | 000,003,072 | ---- | C] () -- C:\WINDOWS.0\System32\iacenc.dll
[2012/02/05 11:03:20 | 000,000,008 | ---- | C] () -- C:\WINDOWS.0\System32\nvModes.dat
[2012/01/08 17:37:06 | 000,001,213 | ---- | C] () -- C:\WINDOWS.0\_ISENV31.INI
[2011/05/23 23:04:20 | 000,000,064 | ---- | C] () -- C:\WINDOWS.0\System32\rp_stats.dat
[2011/05/23 23:04:20 | 000,000,044 | ---- | C] () -- C:\WINDOWS.0\System32\rp_rules.dat
[2009/11/20 19:20:43 | 000,000,835 | ---- | C] () -- C:\Documents and Settings\Mark V. Sanderford\Eudora.lnk
[2009/11/09 19:00:48 | 000,000,141 | ---- | C] () -- C:\Documents and Settings\Mark V. Sanderford\Local Settings\Application Data\fusioncache.dat
[2009/03/03 14:19:42 | 008,544,256 | ---- | C] () -- C:\Documents and Settings\All Users.WINDOWS.0\Application Data\sandra.mda
[2009/01/27 17:53:55 | 000,029,696 | ---- | C] () -- C:\Documents and Settings\Mark V. Sanderford\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini

========== Custom Scans ==========

< MD5 for: I8042PRT.SYS >
[2002/08/29 08:00:00 | 010,158,890 | ---- | M] () .cab file -- C:\Documents and Settings\Owner\Desktop\Drivers\I386\sp1.cab:i8042prt.sys
[2008/04/14 06:51:44 | 020,056,462 | ---- | M] () .cab file -- C:\Documents and Settings\Owner\Desktop\Drivers\I386\sp3.cab:i8042prt.sys
[2009/01/20 19:27:46 | 017,731,022 | ---- | M] () .cab file -- C:\Documents and Settings\Owner\Desktop\XP 2\I386\sp3.cab:i8042prt.sys
[2009/01/20 18:27:46 | 017,731,022 | ---- | M] () .cab file -- C:\WINDOWS.0\Driver Cache\i386\sp3.cab:i8042prt.sys
[2008/04/14 01:48:02 | 000,052,480 | ---- | M] (Microsoft Corporation) MD5=4A0B06AA8943C1E332520F7440C0AA30 -- C:\WINDOWS.0\system32\dllcache\i8042prt.sys
[2008/04/14 01:48:02 | 000,052,480 | ---- | M] (Microsoft Corporation) MD5=4A0B06AA8943C1E332520F7440C0AA30 -- C:\WINDOWS.0\system32\drivers\i8042prt.sys
[2004/08/04 00:14:38 | 000,052,736 | ---- | M] (Microsoft Corporation) MD5=5502B58EEF7486EE6F93F3F164DCB808 -- C:\My Drivers\MARKSBARTON2004\PS-2 Compatible Mouse\i8042prt.sys
[2004/08/04 00:14:38 | 000,052,736 | ---- | M] (Microsoft Corporation) MD5=5502B58EEF7486EE6F93F3F164DCB808 -- C:\My Drivers\MARKSBARTON2004\Standard 101-102-Key or Microsoft Natural PS-2 Keyboard\i8042prt.sys

< MD5 for: SFCFILES.DLL >
[2009/01/20 18:28:05 | 001,614,848 | ---- | M] (Microsoft Corporation) MD5=2F811104EEEE476D84487D69AE47D43C -- C:\WINDOWS.0\system32\sfcfiles.dll

< End of report >
  • 0
Back to Virus, Spyware, Malware Removal · Next Unread Topic →




Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

  1. Geeks to Go Community
  2. Security
  3. Virus, Spyware, Malware Removal

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP