Jump to content

mbam no run, gmer no run, rootrepeal no workie


Recommended Posts

i've been trying self help but whatever i have won't let anything run all the way...mbam gets to the point it may start to scan (enumerating....) then closes, gmer closed, root repeal doesn't seem to wipe the .sys file it finds so here I am posting for help in my pitiful state, running XP on my old dell xps. heres what i have been able to do thus far...

dds:

.

DDS (Ver_2011-06-23.01) - NTFSx86

Internet Explorer: 8.0.6001.18702

Run by Garrett at 19:28:40 on 2011-07-29

Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.2303.1766 [GMT -5:00]

.

.

============== Running Processes ===============

.

"\\.\globalroot\Device\svchost.exe\svchost.exe"

C:\WINDOWS\system32\Ati2evxx.exe

C:\WINDOWS\system32\svchost -k DcomLaunch

svchost.exe

C:\WINDOWS\System32\svchost.exe -k netsvcs

C:\WINDOWS\system32\svchost.exe -k WudfServiceGroup

C:\WINDOWS\system32\Ati2evxx.exe

svchost.exe

C:\WINDOWS\system32\spoolsv.exe

C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe

C:\Program Files\Bonjour\mDNSResponder.exe

C:\WINDOWS\System32\CTsvcCDA.exe

C:\Program Files\Seagate\SeagateManager\Sync\FreeAgentService.exe

C:\Program Files\Charter High-Speed Security Suite\Common\FSMA32.EXE

C:\Program Files\Charter High-Speed Security Suite\Common\FSMB32.EXE

C:\WINDOWS\System32\svchost.exe -k HTTPFilter

C:\Program Files\Intel\Intel Application Accelerator\iaantmon.exe

C:\Program Files\Java\jre6\bin\jqs.exe

C:\WINDOWS\system32\PnkBstrA.exe

C:\Program Files\Charter High-Speed Security Suite\Common\FCH32.EXE

svchost.exe

C:\Program Files\Charter High-Speed Security Suite\Common\FAMEH32.EXE

C:\WINDOWS\System32\svchost.exe -k imgsvc

C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe

C:\Program Files\Viewpoint\Common\ViewpointService.exe

C:\WINDOWS\system32\ippromon32.exe

C:\WINDOWS\System32\MsPMSPSv.exe

C:\WINDOWS\system32\atioglx232.exe

C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe

C:\WINDOWS\Explorer.EXE

C:\Program Files\Home\KeyLogger.exe

C:\Program Files\Common Files\Ulead Systems\DVD\USISrv.exe

C:\Program Files\Microsoft IntelliType Pro\type32.exe

C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.EXE

C:\Program Files\Charter High-Speed Security Suite\FSGUI\ispnews.exe

C:\Program Files\Seagate\SeagateManager\FreeAgent Status\StxMenuMgr.exe

C:\Program Files\Intel\Intel Application Accelerator\iaanotif.exe

C:\Program Files\Canon\MyPrinter\BJMyPrt.exe

C:\Program Files\iTunes\iTunesHelper.exe

C:\WINDOWS\system32\ctfmon.exe

C:\Program Files\Windows Media Player\WMPNSCFG.exe

C:\Program Files\iPod\bin\iPodService.exe

C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\ccc.exe

C:\Program Files\Internet Explorer\iexplore.exe

.

============== Pseudo HJT Report ===============

.

uSearch Page = hxxp://www.google.com

uDefault_Page_URL = hxxp://www.dell4me.com/myway

uSearch Bar = hxxp://www.google.com/ie

uInternet Connection Wizard,ShellNext = iexplore

uInternet Settings,ProxyOverride = localhost;*.local

mSearchAssistant = hxxp://www.google.com/ie

BHO: {019e0108-2082-4b85-8f4c-521ae5cd6dee} - c:\windows\system32\atioglx232.dll

BHO: {02478D38-C3F9-4efb-9B51-7695ECA05670} - No File

BHO: Adobe PDF Reader Link Helper: {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - c:\program files\adobe\acrobat 7.0\activex\AcroIEHelper.dll

BHO: Java Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll

BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll

TB: {BA52B914-B692-46c4-B683-905236F6F655} - No File

EB: {32683183-48a0-441b-a342-7c2a440a9478} - No File

uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe

uRun: [cdloader] "c:\documents and settings\garrett\application data\mjusbsp\cdloader2.exe" MAGICJACK

uRun: [WMPNSCFG] c:\program files\windows media player\WMPNSCFG.exe

mRun: [HomeKeyLogger] c:\program files\home\KeyLogger.exe

mRun: [uSIUDF_Eject_Monitor] c:\program files\common files\ulead systems\dvd\USISrv.exe

mRun: [type32] "c:\program files\microsoft intellitype pro\type32.exe"

mRun: [startCCC] "c:\program files\ati technologies\ati.ace\core-static\CLIStart.exe"

mRun: [PRONoMgr.exe] c:\program files\intel\ncs\proset\PRONoMgr.exe

mRun: [News Service] "c:\program files\charter high-speed security suite\fsgui\ispnews.exe"

mRun: [MaxMenuMgr] "c:\program files\seagate\seagatemanager\freeagent status\StxMenuMgr.exe"

mRun: [iAAnotif] c:\program files\intel\intel application accelerator\iaanotif.exe

mRun: [F-Secure TNB] "c:\program files\charter high-speed security suite\tnb\TNBUtil.exe" /CHECKALL /WAITFORSW

mRun: [CanonMyPrinter] c:\program files\canon\myprinter\BJMyPrt.exe /logon

mRun: [AsioReg] REGSVR32.EXE /S CTASIO.DLL

mRun: [QuickTime Task] "c:\program files\quicktime\qttask.exe" -atboottime

mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe"

mRunOnce: [Malwarebytes' Anti-Malware] c:\program files\malwarebytes' anti-malware\mbamgui.exe /install /silent

uPolicies-explorer: NoInstrumentation = 1 (0x1)

IE: E&xport to Microsoft Excel - c:\progra~1\micros~4\office10\EXCEL.EXE/3000

IE: {CD67F990-D8E9-11d2-98FE-00C0F0318AFE}

IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe

IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe

LSP: mswsock.dll

Trusted Zone: clonewarsadventures.com

Trusted Zone: freerealms.com

Trusted Zone: soe.com

Trusted Zone: sony.com

DPF: {000F1EA4-5E08-4564-A29B-29076F63A37A} - hxxp://launch.soe.com/plugin/web/SOEWebInstaller.cab

DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_18-windows-i586.cab

DPF: {924B4927-D3BA-41EA-9F7E-8A89194AB3AC} - hxxp://panda-plugin.disney.go.com/plugin/win32/p3dactivex.cab

DPF: {CAFEEFAC-0015-0000-0010-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0_10-windows-i586.cab

DPF: {CAFEEFAC-0015-0000-0011-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0_11-windows-i586.cab

DPF: {CAFEEFAC-0016-0000-0001-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_01-windows-i586.cab

DPF: {CAFEEFAC-0016-0000-0002-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_02-windows-i586.cab

DPF: {CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_03-windows-i586.cab

DPF: {CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_05-windows-i586.cab

DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab

DPF: {CAFEEFAC-0016-0000-0018-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_18-windows-i586.cab

DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_18-windows-i586.cab

DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab

TCP: DhcpNameServer = 24.196.64.53 68.113.206.10 24.178.162.3

TCP: Interfaces\{A5464E43-757C-436C-A5D8-59A349DE0896} : DhcpNameServer = 24.196.64.53 68.113.206.10 24.178.162.3

Handler: cdo - {CD00020A-8B95-11D1-82DB-00C04FB1625D} - c:\program files\common files\microsoft shared\web folders\PKMCDO.DLL

Notify: AtiExtEvent - Ati2evxx.dll

SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll

.

============= SERVICES / DRIVERS ===============

.

R2 FreeAgentGoNext Service;Seagate Service;c:\program files\seagate\seagatemanager\sync\FreeAgentService.exe [2009-5-1 181544]

R2 Viewpoint Manager Service;Viewpoint Manager Service;c:\program files\viewpoint\common\ViewpointService.exe [2007-1-11 24652]

R2 WinRM32;Windows Remote Management (WS-Management) ;c:\windows\system32\ippromon32.exe [2011-7-25 793600]

R4 MBAMSwissArmy;MBAMSwissArmy;c:\windows\system32\drivers\mbamswissarmy.sys [2009-11-22 41272]

S0 FSDFW;F-Secure Distributed Firewall Driver;c:\windows\system32\drivers\fsdfw.sys --> c:\windows\system32\drivers\fsdfw.sys [?]

S3 rootrepeal;rootrepeal;\??\c:\windows\system32\drivers\rootrepeal.sys --> c:\windows\system32\drivers\rootrepeal.sys [?]

S3 WinRM;Windows Remote Management (WS-Management);c:\windows\system32\svchost.exe -k WINRM [2002-8-29 14336]

.

=============== Created Last 30 ================

.

2011-07-28 00:45:32 0 ---ha-w- c:\documents and settings\garrett\hrlnqgvdcb.tmp

2011-07-26 00:35:52 793600 ----a-w- c:\windows\system32\atioglx232.exe

2011-07-26 00:35:50 793600 ----a-w- c:\windows\system32\ippromon32.exe

2011-07-26 00:35:48 363008 ----a-w- c:\windows\system32\atioglx232.dll

2011-07-08 15:44:59 -------- d-----w- c:\program files\iPod

2011-07-08 15:44:56 -------- d-----w- c:\program files\iTunes

.

==================== Find3M ====================

.

2011-07-07 00:52:42 41272 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys

2011-07-07 00:52:42 22712 ----a-w- c:\windows\system32\drivers\mbam.sys

2011-06-30 22:54:49 404640 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl

2011-06-02 14:02:05 1858944 ------w- c:\windows\system32\win32k.sys

2011-05-02 15:31:52 692736 ----a-w- c:\windows\system32\inetcomm.dll

.

============= FINISH: 19:30:06.20 ===============

zip file:

see attached

attach.zip

Link to post
Share on other sites

Hello smallieslayer and welcome to Malwarebytes! :welcome:

I am D-FRED-BROWN and I will be helping you. :)

Please print or save this topic: it will make it easier for you to follow the instructions and complete all of the necessary steps.

-------------

Please download maxhandle.exe by noahdfear to your desktop

  • Double click and run the application
  • An active internet connection is required so that maxhandle.exe may download a tool from SysInternals (every time it is run).
  • Log is saved to c:\maxhandle.txt
  • If Max++ is not found Nothing found! is echoed to the screen - no log is produced.

Please post the results for my review

-------------

XP

You must first verify that you can logon to the Windows Recovery Console.

To do so, you must have the Recovery Console installed or use the Windows XP installation cd.

How to install and use the Windows XP Recovery Console

Now, go back to Normal Mode.

Next, please download maxlook, saving the file to your desktop.

Double click maxlook.exe to run it. Note - you must run it only once!

As instructed when the tool runs, restart the computer and logon to the Recovery Console.

Execute the following bolded command at the x:\windows> prompt <--- the red x represents your operating system drive letter, usually C

batch look.bat

lookXP.gif

You will see 1 file copied many times then return to the x:\windows> prompt.

Type Exit to restart your computer then logon in normal mode.

Please run maxlook.exe again now. Note - you must run it only once!

It will produce looklog.txt on the desktop and open it.

Please post the results here.

-------------

Please download to your Desktop:

  • TDSSKiller.zip from here and extract it (right click on it => "Extract here").

>>> TDSSKiller: Double-click on TDSSKiller.exe to run the application.

  • Click on the Start Scan button and wait for the scan and disinfection process to be over.
  • If an infected file is detected, the default action will be Cure, click on Continue tdsskiller2.png
  • If a suspicious file is detected, the default action will be Skip, click on Continue tdsskiller3.png
  • If you are asked to reboot the computer to complete the process, click on the Reboot Now button. A report will be automatically saved at the root of the System drive ((usually C:\) in the form of "TDSSKiller.[Version]_[Date]_[Time]_log.txt" (for example, C:\TDSSKiller.2.2.0_20.12.2009_15.31.43_log.txt). Please copy and paste the contents of that file here.
  • If no reboot is required, click on Report. A log file will appear. Please copy and paste the contents of that file in your next reply.

In your next reply, please include the following (you may need to use two posts to get it all in):

  • TDSSKiller_log.txt
how the PC is running now?
-------------
Please download ComboFix.exe. Please visit this webpage for download links, and instructions for running the tool:
http://www.bleepingcomputer.com/combofix/how-to-use-combofix
***IMPORTANT: save ComboFix to your Desktop***
* Ensure you have disabled all anti virus and anti malware programs so they do not interfere with the running of ComboFix.
Please go here to see a list of programs that should be disabled.
**Note: Do not mouseclick ComboFix's window while it's running. That may cause it to stall**
Please include the C:\ComboFix.txt in your next reply for further review.
Also, please let me know if any problems still remain.
-------------
In your next reply, please include:
  • Maxhandle log (if one is created)
  • Maxlook looklog.txt
  • TDSSKiller log
  • C:\ComboFix.txt

How is your computer running now?

Link to post
Share on other sites

tdsskiller file:

2011/07/30 22:08:13.0531 3324 TDSS rootkit removing tool 2.5.13.0 Jul 29 2011 17:24:11

2011/07/30 22:08:14.0125 3324 ================================================================================

2011/07/30 22:08:14.0125 3324 SystemInfo:

2011/07/30 22:08:14.0125 3324

2011/07/30 22:08:14.0125 3324 OS Version: 5.1.2600 ServicePack: 3.0

2011/07/30 22:08:14.0125 3324 Product type: Workstation

2011/07/30 22:08:14.0125 3324 ComputerName: DELLXPS

2011/07/30 22:08:14.0125 3324 UserName: Garrett

2011/07/30 22:08:14.0125 3324 Windows directory: C:\WINDOWS

2011/07/30 22:08:14.0125 3324 System windows directory: C:\WINDOWS

2011/07/30 22:08:14.0125 3324 Processor architecture: Intel x86

2011/07/30 22:08:14.0125 3324 Number of processors: 2

2011/07/30 22:08:14.0125 3324 Page size: 0x1000

2011/07/30 22:08:14.0125 3324 Boot type: Normal boot

2011/07/30 22:08:14.0125 3324 ================================================================================

2011/07/30 22:08:16.0765 3324 Initialize success

2011/07/30 22:08:21.0250 0328 ================================================================================

2011/07/30 22:08:21.0250 0328 Scan started

2011/07/30 22:08:21.0250 0328 Mode: Manual;

2011/07/30 22:08:21.0250 0328 ================================================================================

2011/07/30 22:08:23.0078 0328 61883 (914a9709fc3bf419ad2f85547f2a4832) C:\WINDOWS\system32\DRIVERS\61883.sys

2011/07/30 22:08:23.0375 0328 abp480n5 (6abb91494fe6c59089b9336452ab2ea3) C:\WINDOWS\System32\DRIVERS\ABP480N5.SYS

2011/07/30 22:08:23.0578 0328 ACPI (8fd99680a539792a30e97944fdaecf17) C:\WINDOWS\system32\DRIVERS\ACPI.sys

2011/07/30 22:08:23.0796 0328 ACPIEC (9859c0f6936e723e4892d7141b1327d5) C:\WINDOWS\system32\drivers\ACPIEC.sys

2011/07/30 22:08:23.0984 0328 adpu160m (9a11864873da202c996558b2106b0bbc) C:\WINDOWS\System32\DRIVERS\adpu160m.sys

2011/07/30 22:08:24.0156 0328 aec (8bed39e3c35d6a489438b8141717a557) C:\WINDOWS\system32\drivers\aec.sys

2011/07/30 22:08:24.0375 0328 AFD (355556d9e580915118cd7ef736653a89) C:\WINDOWS\System32\drivers\afd.sys

2011/07/30 22:08:24.0625 0328 agp440 (08fd04aa961bdc77fb983f328334e3d7) C:\WINDOWS\system32\DRIVERS\agp440.sys

2011/07/30 22:08:24.0828 0328 agpCPQ (03a7e0922acfe1b07d5db2eeb0773063) C:\WINDOWS\System32\DRIVERS\agpCPQ.sys

2011/07/30 22:08:25.0046 0328 Aha154x (c23ea9b5f46c7f7910db3eab648ff013) C:\WINDOWS\System32\DRIVERS\aha154x.sys

2011/07/30 22:08:25.0234 0328 aic78u2 (19dd0fb48b0c18892f70e2e7d61a1529) C:\WINDOWS\System32\DRIVERS\aic78u2.sys

2011/07/30 22:08:25.0421 0328 aic78xx (b7fe594a7468aa0132deb03fb8e34326) C:\WINDOWS\System32\DRIVERS\aic78xx.sys

2011/07/30 22:08:25.0593 0328 AliIde (1140ab9938809700b46bb88e46d72a96) C:\WINDOWS\System32\DRIVERS\aliide.sys

2011/07/30 22:08:25.0765 0328 alim1541 (cb08aed0de2dd889a8a820cd8082d83c) C:\WINDOWS\System32\DRIVERS\alim1541.sys

2011/07/30 22:08:25.0953 0328 amdagp (95b4fb835e28aa1336ceeb07fd5b9398) C:\WINDOWS\System32\DRIVERS\amdagp.sys

2011/07/30 22:08:26.0125 0328 amsint (79f5add8d24bd6893f2903a3e2f3fad6) C:\WINDOWS\System32\DRIVERS\amsint.sys

2011/07/30 22:08:26.0312 0328 Arp1394 (b5b8a80875c1dededa8b02765642c32f) C:\WINDOWS\system32\DRIVERS\arp1394.sys

2011/07/30 22:08:26.0453 0328 asc (62d318e9a0c8fc9b780008e724283707) C:\WINDOWS\System32\DRIVERS\asc.sys

2011/07/30 22:08:26.0609 0328 asc3350p (69eb0cc7714b32896ccbfd5edcbea447) C:\WINDOWS\System32\DRIVERS\asc3350p.sys

2011/07/30 22:08:26.0781 0328 asc3550 (5d8de112aa0254b907861e9e9c31d597) C:\WINDOWS\System32\DRIVERS\asc3550.sys

2011/07/30 22:08:26.0984 0328 AsyncMac (b153affac761e7f5fcfa822b9c4e97bc) C:\WINDOWS\system32\DRIVERS\asyncmac.sys

2011/07/30 22:08:27.0171 0328 atapi (9f3a2f5aa6875c72bf062c712cfa2674) C:\WINDOWS\system32\DRIVERS\atapi.sys

2011/07/30 22:08:27.0578 0328 ati2mtag (7790f8d1000fce5cfd33ccf4f861928f) C:\WINDOWS\system32\DRIVERS\ati2mtag.sys

2011/07/30 22:08:27.0812 0328 Atmarpc (9916c1225104ba14794209cfa8012159) C:\WINDOWS\system32\DRIVERS\atmarpc.sys

2011/07/30 22:08:28.0015 0328 audstub (d9f724aa26c010a217c97606b160ed68) C:\WINDOWS\system32\DRIVERS\audstub.sys

2011/07/30 22:08:28.0218 0328 Avc (f8e6956a614f15a0860474c5e2a7de6b) C:\WINDOWS\system32\DRIVERS\avc.sys

2011/07/30 22:08:28.0421 0328 Beep (da1f27d85e0d1525f6621372e7b685e9) C:\WINDOWS\system32\drivers\Beep.sys

2011/07/30 22:08:28.0625 0328 cbidf (90a673fc8e12a79afbed2576f6a7aaf9) C:\WINDOWS\System32\DRIVERS\cbidf2k.sys

2011/07/30 22:08:28.0796 0328 cbidf2k (90a673fc8e12a79afbed2576f6a7aaf9) C:\WINDOWS\system32\drivers\cbidf2k.sys

2011/07/30 22:08:28.0968 0328 CCDECODE (0be5aef125be881c4f854c554f2b025c) C:\WINDOWS\system32\DRIVERS\CCDECODE.sys

2011/07/30 22:08:29.0187 0328 cd20xrnt (f3ec03299634490e97bbce94cd2954c7) C:\WINDOWS\System32\DRIVERS\cd20xrnt.sys

2011/07/30 22:08:29.0328 0328 Cdaudio (c1b486a7658353d33a10cc15211a873b) C:\WINDOWS\system32\drivers\Cdaudio.sys

2011/07/30 22:08:29.0484 0328 Cdfs (c885b02847f5d2fd45a24e219ed93b32) C:\WINDOWS\system32\drivers\Cdfs.sys

2011/07/30 22:08:29.0687 0328 Cdrom (1f4260cc5b42272d71f79e570a27a4fe) C:\WINDOWS\system32\DRIVERS\cdrom.sys

2011/07/30 22:08:30.0000 0328 CmdIde (e5dcb56c533014ecbc556a8357c929d5) C:\WINDOWS\System32\DRIVERS\cmdide.sys

2011/07/30 22:08:30.0171 0328 Cpqarray (3ee529119eed34cd212a215e8c40d4b6) C:\WINDOWS\System32\DRIVERS\cpqarray.sys

2011/07/30 22:08:30.0359 0328 ctac32k (4c638290979600ae2ae329d1608ad2ec) C:\WINDOWS\system32\drivers\ctac32k.sys

2011/07/30 22:08:30.0515 0328 ctaud2k (cf5662375781f741513c169cd4094100) C:\WINDOWS\system32\drivers\ctaud2k.sys

2011/07/30 22:08:30.0734 0328 ctdvda2k (437f2b31ba8b6b264d38b4fe6682faec) C:\WINDOWS\system32\drivers\ctdvda2k.sys

2011/07/30 22:08:30.0906 0328 ctprxy2k (678849d1af0750f68dbdc185252d5926) C:\WINDOWS\system32\drivers\ctprxy2k.sys

2011/07/30 22:08:31.0062 0328 ctsfm2k (3a076ebfbbbd6879a78863944980da32) C:\WINDOWS\system32\drivers\ctsfm2k.sys

2011/07/30 22:08:31.0375 0328 dac2w2k (e550e7418984b65a78299d248f0a7f36) C:\WINDOWS\System32\DRIVERS\dac2w2k.sys

2011/07/30 22:08:32.0015 0328 dac960nt (683789caa3864eb46125ae86ff677d34) C:\WINDOWS\System32\DRIVERS\dac960nt.sys

2011/07/30 22:08:32.0578 0328 Disk (044452051f3e02e7963599fc8f4f3e25) C:\WINDOWS\system32\DRIVERS\disk.sys

2011/07/30 22:08:33.0234 0328 dmboot (d992fe1274bde0f84ad826acae022a41) C:\WINDOWS\system32\drivers\dmboot.sys

2011/07/30 22:08:34.0218 0328 dmio (7c824cf7bbde77d95c08005717a95f6f) C:\WINDOWS\system32\drivers\dmio.sys

2011/07/30 22:08:34.0562 0328 dmload (e9317282a63ca4d188c0df5e09c6ac5f) C:\WINDOWS\system32\drivers\dmload.sys

2011/07/30 22:08:35.0000 0328 DMusic (8a208dfcf89792a484e76c40e5f50b45) C:\WINDOWS\system32\drivers\DMusic.sys

2011/07/30 22:08:35.0203 0328 dpti2o (40f3b93b4e5b0126f2f5c0a7a5e22660) C:\WINDOWS\System32\DRIVERS\dpti2o.sys

2011/07/30 22:08:35.0781 0328 drmkaud (8f5fcff8e8848afac920905fbd9d33c8) C:\WINDOWS\system32\drivers\drmkaud.sys

2011/07/30 22:08:36.0171 0328 E1000 (a8b3ec8ee13cbe14f067c72110155a1b) C:\WINDOWS\system32\DRIVERS\e1000325.sys

2011/07/30 22:08:36.0765 0328 EL90XBC (6e883bf518296a40959131c2304af714) C:\WINDOWS\system32\DRIVERS\el90xbc5.sys

2011/07/30 22:08:37.0453 0328 emupia (f7511cf63ef82f7227c03028a3abadb5) C:\WINDOWS\system32\drivers\emupia2k.sys

2011/07/30 22:08:38.0031 0328 Fastfat (38d332a6d56af32635675f132548343e) C:\WINDOWS\system32\drivers\Fastfat.sys

2011/07/30 22:08:38.0656 0328 Fdc (92cdd60b6730b9f50f6a1a0c1f8cdc81) C:\WINDOWS\system32\DRIVERS\fdc.sys

2011/07/30 22:08:39.0578 0328 Fips (d45926117eb9fa946a6af572fbe1caa3) C:\WINDOWS\system32\drivers\Fips.sys

2011/07/30 22:08:40.0265 0328 Flpydisk (9d27e7b80bfcdf1cdd9b555862d5e7f0) C:\WINDOWS\system32\DRIVERS\flpydisk.sys

2011/07/30 22:08:40.0906 0328 FltMgr (b2cf4b0786f8212cb92ed2b50c6db6b0) C:\WINDOWS\system32\drivers\fltmgr.sys

2011/07/30 22:08:42.0328 0328 Fs_Rec (3e1e2bd4f39b0e2b7dc4f4d2bcc2779a) C:\WINDOWS\system32\drivers\Fs_Rec.sys

2011/07/30 22:08:42.0812 0328 Ftdisk (6ac26732762483366c3969c9e4d2259d) C:\WINDOWS\system32\DRIVERS\ftdisk.sys

2011/07/30 22:08:43.0562 0328 GEARAspiWDM (8182ff89c65e4d38b2de4bb0fb18564e) C:\WINDOWS\system32\DRIVERS\GEARAspiWDM.sys

2011/07/30 22:08:44.0031 0328 Gpc (0a02c63c8b144bd8c86b103dee7c86a2) C:\WINDOWS\system32\DRIVERS\msgpc.sys

2011/07/30 22:08:44.0593 0328 ha10kx2k (f24dd43adc784177b28984043bc022ab) C:\WINDOWS\system32\drivers\ha10kx2k.sys

2011/07/30 22:08:44.0984 0328 hap16v2k (ff65c807ea641ff7310a61be4dec6479) C:\WINDOWS\system32\drivers\hap16v2k.sys

2011/07/30 22:08:45.0203 0328 HidUsb (ccf82c5ec8a7326c3066de870c06daf1) C:\WINDOWS\system32\DRIVERS\hidusb.sys

2011/07/30 22:08:45.0406 0328 hpn (b028377dea0546a5fcfba928a8aefae0) C:\WINDOWS\System32\DRIVERS\hpn.sys

2011/07/30 22:08:45.0593 0328 HTTP (f80a415ef82cd06ffaf0d971528ead38) C:\WINDOWS\system32\Drivers\HTTP.sys

2011/07/30 22:08:45.0812 0328 i2omgmt (9368670bd426ebea5e8b18a62416ec28) C:\WINDOWS\system32\drivers\i2omgmt.sys

2011/07/30 22:08:46.0015 0328 i2omp (f10863bf1ccc290babd1a09188ae49e0) C:\WINDOWS\System32\DRIVERS\i2omp.sys

2011/07/30 22:08:46.0218 0328 i8042prt (4a0b06aa8943c1e332520f7440c0aa30) C:\WINDOWS\system32\DRIVERS\i8042prt.sys

2011/07/30 22:08:46.0421 0328 i81x (06b7ef73ba5f302eecc294cdf7e19702) C:\WINDOWS\system32\DRIVERS\i81xnt5.sys

2011/07/30 22:08:46.0609 0328 iAimFP0 (7b5b44efe5eb9dadfb8ee29700885d23) C:\WINDOWS\system32\DRIVERS\wADV01nt.sys

2011/07/30 22:08:46.0796 0328 iAimFP1 (eb1f6bab6c22ede0ba551b527475f7e9) C:\WINDOWS\system32\DRIVERS\wADV02NT.sys

2011/07/30 22:08:46.0984 0328 iAimFP2 (03ce989d846c1aa81145cb22fcb86d06) C:\WINDOWS\system32\DRIVERS\wADV05NT.sys

2011/07/30 22:08:47.0156 0328 iAimFP3 (525849b4469de021d5d61b4db9be3a9d) C:\WINDOWS\system32\DRIVERS\wSiINTxx.sys

2011/07/30 22:08:47.0328 0328 iAimFP4 (589c2bcdb5bd602bf7b63d210407ef8c) C:\WINDOWS\system32\DRIVERS\wVchNTxx.sys

2011/07/30 22:08:47.0515 0328 iAimTV0 (d83bdd5c059667a2f647a6be5703a4d2) C:\WINDOWS\system32\DRIVERS\wATV01nt.sys

2011/07/30 22:08:47.0687 0328 iAimTV1 (ed968d23354daa0d7c621580c012a1f6) C:\WINDOWS\system32\DRIVERS\wATV02NT.sys

2011/07/30 22:08:47.0968 0328 iAimTV3 (d738273f218a224c1ddac04203f27a84) C:\WINDOWS\system32\DRIVERS\wATV04nt.sys

2011/07/30 22:08:48.0156 0328 iAimTV4 (0052d118995cbab152daabe6106d1442) C:\WINDOWS\system32\DRIVERS\wCh7xxNT.sys

2011/07/30 22:08:48.0343 0328 Imapi (083a052659f5310dd8b6a6cb05edcf8e) C:\WINDOWS\system32\DRIVERS\imapi.sys

2011/07/30 22:08:48.0546 0328 ini910u (4a40e045faee58631fd8d91afc620719) C:\WINDOWS\System32\DRIVERS\ini910u.sys

2011/07/30 22:08:48.0734 0328 IntelIde (b5466a9250342a7aa0cd1fba13420678) C:\WINDOWS\System32\DRIVERS\intelide.sys

2011/07/30 22:08:48.0921 0328 intelppm (8c953733d8f36eb2133f5bb58808b66b) C:\WINDOWS\system32\DRIVERS\intelppm.sys

2011/07/30 22:08:49.0140 0328 ip6fw (3bb22519a194418d5fec05d800a19ad0) C:\WINDOWS\system32\drivers\ip6fw.sys

2011/07/30 22:08:49.0296 0328 IpFilterDriver (731f22ba402ee4b62748adaf6363c182) C:\WINDOWS\system32\DRIVERS\ipfltdrv.sys

2011/07/30 22:08:49.0484 0328 IpInIp (b87ab476dcf76e72010632b5550955f5) C:\WINDOWS\system32\DRIVERS\ipinip.sys

2011/07/30 22:08:49.0671 0328 IpNat (cc748ea12c6effde940ee98098bf96bb) C:\WINDOWS\system32\DRIVERS\ipnat.sys

2011/07/30 22:08:49.0890 0328 IPSec (23c74d75e36e7158768dd63d92789a91) C:\WINDOWS\system32\DRIVERS\ipsec.sys

2011/07/30 22:08:50.0343 0328 IRENUM (c93c9ff7b04d772627a3646d89f7bf89) C:\WINDOWS\system32\DRIVERS\irenum.sys

2011/07/30 22:08:50.0765 0328 isapnp (05a299ec56e52649b1cf2fc52d20f2d7) C:\WINDOWS\system32\DRIVERS\isapnp.sys

2011/07/30 22:08:50.0968 0328 Kbdclass (463c1ec80cd17420a542b7f36a36f128) C:\WINDOWS\system32\DRIVERS\kbdclass.sys

2011/07/30 22:08:51.0125 0328 kbdhid (9ef487a186dea361aa06913a75b3fa99) C:\WINDOWS\system32\DRIVERS\kbdhid.sys

2011/07/30 22:08:51.0328 0328 kmixer (692bcf44383d056aed41b045a323d378) C:\WINDOWS\system32\drivers\kmixer.sys

2011/07/30 22:08:51.0546 0328 KSecDD (b467646c54cc746128904e1654c750c1) C:\WINDOWS\system32\drivers\KSecDD.sys

2011/07/30 22:08:51.0890 0328 MarvinBus (a3e700d78eec390f1208098cdca5c6b6) C:\WINDOWS\system32\DRIVERS\MarvinBus.sys

2011/07/30 22:08:52.0093 0328 mnmdd (4ae068242760a1fb6e1a44bf4e16afa6) C:\WINDOWS\system32\drivers\mnmdd.sys

2011/07/30 22:08:52.0328 0328 Modem (dfcbad3cec1c5f964962ae10e0bcc8e1) C:\WINDOWS\system32\drivers\Modem.sys

2011/07/30 22:08:52.0515 0328 Mouclass (35c9e97194c8cfb8430125f8dbc34d04) C:\WINDOWS\system32\DRIVERS\mouclass.sys

2011/07/30 22:08:52.0718 0328 mouhid (b1c303e17fb9d46e87a98e4ba6769685) C:\WINDOWS\system32\DRIVERS\mouhid.sys

2011/07/30 22:08:52.0921 0328 MountMgr (a80b9a0bad1b73637dbcbba7df72d3fd) C:\WINDOWS\system32\drivers\MountMgr.sys

2011/07/30 22:08:53.0109 0328 mraid35x (3f4bb95e5a44f3be34824e8e7caf0737) C:\WINDOWS\System32\DRIVERS\mraid35x.sys

2011/07/30 22:08:53.0343 0328 MRxDAV (11d42bb6206f33fbb3ba0288d3ef81bd) C:\WINDOWS\system32\DRIVERS\mrxdav.sys

2011/07/30 22:08:53.0562 0328 MRxSmb (0dc719e9b15e902346e87e9dcd5751fa) C:\WINDOWS\system32\DRIVERS\mrxsmb.sys

2011/07/30 22:08:53.0812 0328 MSDV (1477849772712bac69c144dcf2c9ce81) C:\WINDOWS\system32\DRIVERS\msdv.sys

2011/07/30 22:08:54.0000 0328 Msfs (c941ea2454ba8350021d774daf0f1027) C:\WINDOWS\system32\drivers\Msfs.sys

2011/07/30 22:08:54.0203 0328 MSKSSRV (d1575e71568f4d9e14ca56b7b0453bf1) C:\WINDOWS\system32\drivers\MSKSSRV.sys

2011/07/30 22:08:54.0421 0328 MSPCLOCK (325bb26842fc7ccc1fcce2c457317f3e) C:\WINDOWS\system32\drivers\MSPCLOCK.sys

2011/07/30 22:08:54.0625 0328 MSPQM (bad59648ba099da4a17680b39730cb3d) C:\WINDOWS\system32\drivers\MSPQM.sys

2011/07/30 22:08:54.0859 0328 mssmbios (af5f4f3f14a8ea2c26de30f7a1e17136) C:\WINDOWS\system32\DRIVERS\mssmbios.sys

2011/07/30 22:08:55.0062 0328 MSTEE (e53736a9e30c45fa9e7b5eac55056d1d) C:\WINDOWS\system32\drivers\MSTEE.sys

2011/07/30 22:08:55.0281 0328 Mup (de6a75f5c270e756c5508d94b6cf68f5) C:\WINDOWS\system32\drivers\Mup.sys

2011/07/30 22:08:55.0484 0328 NABTSFEC (5b50f1b2a2ed47d560577b221da734db) C:\WINDOWS\system32\DRIVERS\NABTSFEC.sys

2011/07/30 22:08:55.0703 0328 NDIS (1df7f42665c94b825322fae71721130d) C:\WINDOWS\system32\drivers\NDIS.sys

2011/07/30 22:08:55.0906 0328 NdisIP (7ff1f1fd8609c149aa432f95a8163d97) C:\WINDOWS\system32\DRIVERS\NdisIP.sys

2011/07/30 22:08:56.0109 0328 NdisTapi (1ab3d00c991ab086e69db84b6c0ed78f) C:\WINDOWS\system32\DRIVERS\ndistapi.sys

2011/07/30 22:08:56.0312 0328 Ndisuio (f927a4434c5028758a842943ef1a3849) C:\WINDOWS\system32\DRIVERS\ndisuio.sys

2011/07/30 22:08:56.0531 0328 NdisWan (edc1531a49c80614b2cfda43ca8659ab) C:\WINDOWS\system32\DRIVERS\ndiswan.sys

2011/07/30 22:08:56.0718 0328 NDProxy (9282bd12dfb069d3889eb3fcc1000a9b) C:\WINDOWS\system32\drivers\NDProxy.sys

2011/07/30 22:08:56.0859 0328 NetBIOS (5d81cf9a2f1a3a756b66cf684911cdf0) C:\WINDOWS\system32\DRIVERS\netbios.sys

2011/07/30 22:08:57.0078 0328 NetBT (74b2b2f5bea5e9a3dc021d685551bd3d) C:\WINDOWS\system32\DRIVERS\netbt.sys

2011/07/30 22:08:57.0296 0328 NIC1394 (e9e47cfb2d461fa0fc75b7a74c6383ea) C:\WINDOWS\system32\DRIVERS\nic1394.sys

2011/07/30 22:08:57.0500 0328 Npfs (3182d64ae053d6fb034f44b6def8034a) C:\WINDOWS\system32\drivers\Npfs.sys

2011/07/30 22:08:57.0718 0328 Ntfs (78a08dd6a8d65e697c18e1db01c5cdca) C:\WINDOWS\system32\drivers\Ntfs.sys

2011/07/30 22:08:57.0953 0328 NuidFltr (cf7e041663119e09d2e118521ada9300) C:\WINDOWS\system32\DRIVERS\NuidFltr.sys

2011/07/30 22:08:58.0171 0328 Null (73c1e1f395918bc2c6dd67af7591a3ad) C:\WINDOWS\system32\drivers\Null.sys

2011/07/30 22:08:58.0453 0328 nv (2b298519edbfcf451d43e0f1e8f1006d) C:\WINDOWS\system32\DRIVERS\nv4_mini.sys

2011/07/30 22:08:58.0703 0328 NwlnkFlt (b305f3fad35083837ef46a0bbce2fc57) C:\WINDOWS\system32\DRIVERS\nwlnkflt.sys

2011/07/30 22:08:58.0921 0328 NwlnkFwd (c99b3415198d1aab7227f2c88fd664b9) C:\WINDOWS\system32\DRIVERS\nwlnkfwd.sys

2011/07/30 22:08:59.0125 0328 ohci1394 (ca33832df41afb202ee7aeb05145922f) C:\WINDOWS\system32\DRIVERS\ohci1394.sys

2011/07/30 22:08:59.0359 0328 omci (53d5f1278d9edb21689bbbcecc09108d) C:\WINDOWS\system32\DRIVERS\omci.sys

2011/07/30 22:08:59.0562 0328 ossrv (f0184fe6069be1541a3d18c02a73d161) C:\WINDOWS\system32\drivers\ctoss2k.sys

2011/07/30 22:08:59.0765 0328 P3 (c90018bafdc7098619a4a95b046b30f3) C:\WINDOWS\system32\DRIVERS\p3.sys

2011/07/30 22:09:00.0250 0328 Parport (5575faf8f97ce5e713d108c2a58d7c7c) C:\WINDOWS\system32\DRIVERS\parport.sys

2011/07/30 22:09:00.0718 0328 PartMgr (beb3ba25197665d82ec7065b724171c6) C:\WINDOWS\system32\drivers\PartMgr.sys

2011/07/30 22:09:00.0937 0328 ParVdm (70e98b3fd8e963a6a46a2e6247e0bea1) C:\WINDOWS\system32\drivers\ParVdm.sys

2011/07/30 22:09:01.0078 0328 PCI (a219903ccf74233761d92bef471a07b1) C:\WINDOWS\system32\DRIVERS\pci.sys

2011/07/30 22:09:01.0421 0328 PCIIde (ccf5f451bb1a5a2a522a76e670000ff0) C:\WINDOWS\system32\DRIVERS\pciide.sys

2011/07/30 22:09:01.0625 0328 Pcmcia (9e89ef60e9ee05e3f2eef2da7397f1c1) C:\WINDOWS\system32\drivers\Pcmcia.sys

2011/07/30 22:09:01.0812 0328 pcouffin (5b6c11de7e839c05248ced8825470fef) C:\WINDOWS\system32\Drivers\pcouffin.sys

2011/07/30 22:09:02.0593 0328 perc2 (6c14b9c19ba84f73d3a86dba11133101) C:\WINDOWS\System32\DRIVERS\perc2.sys

2011/07/30 22:09:02.0796 0328 perc2hib (f50f7c27f131afe7beba13e14a3b9416) C:\WINDOWS\System32\DRIVERS\perc2hib.sys

2011/07/30 22:09:03.0000 0328 PfModNT (c8a2d6ff660ac601b7bb9a9b16a5c25e) C:\WINDOWS\System32\drivers\PfModNT.sys

2011/07/30 22:09:03.0218 0328 Point32 (e4910ce9d882bf825979fcf4636a9bd8) C:\WINDOWS\system32\DRIVERS\point32.sys

2011/07/30 22:09:03.0437 0328 PptpMiniport (efeec01b1d3cf84f16ddd24d9d9d8f99) C:\WINDOWS\system32\DRIVERS\raspptp.sys

2011/07/30 22:09:03.0640 0328 Processor (a32bebaf723557681bfc6bd93e98bd26) C:\WINDOWS\system32\DRIVERS\processr.sys

2011/07/30 22:09:03.0875 0328 PSched (09298ec810b07e5d582cb3a3f9255424) C:\WINDOWS\system32\DRIVERS\psched.sys

2011/07/30 22:09:04.0046 0328 Ptilink (80d317bd1c3dbc5d4fe7b1678c60cadd) C:\WINDOWS\system32\DRIVERS\ptilink.sys

2011/07/30 22:09:04.0296 0328 ql1080 (0a63fb54039eb5662433caba3b26dba7) C:\WINDOWS\System32\DRIVERS\ql1080.sys

2011/07/30 22:09:04.0515 0328 Ql10wnt (6503449e1d43a0ff0201ad5cb1b8c706) C:\WINDOWS\System32\DRIVERS\ql10wnt.sys

2011/07/30 22:09:04.0734 0328 ql12160 (156ed0ef20c15114ca097a34a30d8a01) C:\WINDOWS\System32\DRIVERS\ql12160.sys

2011/07/30 22:09:04.0968 0328 ql1240 (70f016bebde6d29e864c1230a07cc5e6) C:\WINDOWS\System32\DRIVERS\ql1240.sys

2011/07/30 22:09:05.0187 0328 ql1280 (907f0aeea6bc451011611e732bd31fcf) C:\WINDOWS\System32\DRIVERS\ql1280.sys

2011/07/30 22:09:05.0437 0328 RasAcd (fe0d99d6f31e4fad8159f690d68ded9c) C:\WINDOWS\system32\DRIVERS\rasacd.sys

2011/07/30 22:09:05.0609 0328 Rasl2tp (11b4a627bc9614b885c4969bfa5ff8a6) C:\WINDOWS\system32\DRIVERS\rasl2tp.sys

2011/07/30 22:09:05.0828 0328 RasPppoe (5bc962f2654137c9909c3d4603587dee) C:\WINDOWS\system32\DRIVERS\raspppoe.sys

2011/07/30 22:09:06.0000 0328 Raspti (fdbb1d60066fcfbb7452fd8f9829b242) C:\WINDOWS\system32\DRIVERS\raspti.sys

2011/07/30 22:09:06.0203 0328 Rdbss (7ad224ad1a1437fe28d89cf22b17780a) C:\WINDOWS\system32\DRIVERS\rdbss.sys

2011/07/30 22:09:06.0406 0328 RDPCDD (4912d5b403614ce99c28420f75353332) C:\WINDOWS\system32\DRIVERS\RDPCDD.sys

2011/07/30 22:09:06.0578 0328 rdpdr (15cabd0f7c00c47c70124907916af3f1) C:\WINDOWS\system32\DRIVERS\rdpdr.sys

2011/07/30 22:09:06.0796 0328 RDPWD (6728e45b66f93c08f11de2e316fc70dd) C:\WINDOWS\system32\drivers\RDPWD.sys

2011/07/30 22:09:06.0984 0328 redbook (f828dd7e1419b6653894a8f97a0094c5) C:\WINDOWS\system32\DRIVERS\redbook.sys

2011/07/30 22:09:07.0250 0328 RimVSerPort (d9b34325ee5df78b8f28a3de9f577c7d) C:\WINDOWS\system32\DRIVERS\RimSerial.sys

2011/07/30 22:09:07.0421 0328 ROOTMODEM (d8b0b4ade32574b2d9c5cc34dc0dbbe7) C:\WINDOWS\system32\Drivers\RootMdm.sys

2011/07/30 22:09:07.0765 0328 Secdrv (90a3935d05b494a5a39d37e71f09a677) C:\WINDOWS\system32\DRIVERS\secdrv.sys

2011/07/30 22:09:07.0921 0328 serenum (0f29512ccd6bead730039fb4bd2c85ce) C:\WINDOWS\system32\DRIVERS\serenum.sys

2011/07/30 22:09:08.0140 0328 Serial (1a21f6743f5436c9f58b8762ea3d60cf) C:\WINDOWS\system32\DRIVERS\serial.sys

2011/07/30 22:09:08.0140 0328 Suspicious file (Forged): C:\WINDOWS\system32\DRIVERS\serial.sys. Real md5: 1a21f6743f5436c9f58b8762ea3d60cf, Fake md5: cca207a8896d4c6a0c9ce29a4ae411a7

2011/07/30 22:09:08.0140 0328 Serial - detected ForgedFile.Multi.Generic (1)

2011/07/30 22:09:08.0312 0328 Sfloppy (8e6b8c671615d126fdc553d1e2de5562) C:\WINDOWS\system32\drivers\Sfloppy.sys

2011/07/30 22:09:08.0593 0328 sisagp (6b33d0ebd30db32e27d1d78fe946a754) C:\WINDOWS\System32\DRIVERS\sisagp.sys

2011/07/30 22:09:08.0750 0328 SLIP (866d538ebe33709a5c9f5c62b73b7d14) C:\WINDOWS\system32\DRIVERS\SLIP.sys

2011/07/30 22:09:08.0906 0328 Sparrow (83c0f71f86d3bdaf915685f3d568b20e) C:\WINDOWS\System32\DRIVERS\sparrow.sys

2011/07/30 22:09:09.0062 0328 splitter (ab8b92451ecb048a4d1de7c3ffcb4a9f) C:\WINDOWS\system32\drivers\splitter.sys

2011/07/30 22:09:09.0265 0328 sr (76bb022c2fb6902fd5bdd4f78fc13a5d) C:\WINDOWS\system32\DRIVERS\sr.sys

2011/07/30 22:09:09.0437 0328 Srv (47ddfc2f003f7f9f0592c6874962a2e7) C:\WINDOWS\system32\DRIVERS\srv.sys

2011/07/30 22:09:09.0671 0328 streamip (77813007ba6265c4b6098187e6ed79d2) C:\WINDOWS\system32\DRIVERS\StreamIP.sys

2011/07/30 22:09:09.0906 0328 swenum (3941d127aef12e93addf6fe6ee027e0f) C:\WINDOWS\system32\DRIVERS\swenum.sys

2011/07/30 22:09:10.0109 0328 swmidi (8ce882bcc6cf8a62f2b2323d95cb3d01) C:\WINDOWS\system32\drivers\swmidi.sys

2011/07/30 22:09:10.0515 0328 symc810 (1ff3217614018630d0a6758630fc698c) C:\WINDOWS\System32\DRIVERS\symc810.sys

2011/07/30 22:09:10.0921 0328 symc8xx (070e001d95cf725186ef8b20335f933c) C:\WINDOWS\System32\DRIVERS\symc8xx.sys

2011/07/30 22:09:11.0140 0328 sym_hi (80ac1c4abbe2df3b738bf15517a51f2c) C:\WINDOWS\System32\DRIVERS\sym_hi.sys

2011/07/30 22:09:11.0343 0328 sym_u3 (bf4fab949a382a8e105f46ebb4937058) C:\WINDOWS\System32\DRIVERS\sym_u3.sys

2011/07/30 22:09:11.0546 0328 sysaudio (8b83f3ed0f1688b4958f77cd6d2bf290) C:\WINDOWS\system32\drivers\sysaudio.sys

2011/07/30 22:09:11.0765 0328 Tcpip (9aefa14bd6b182d61e3119fa5f436d3d) C:\WINDOWS\system32\DRIVERS\tcpip.sys

2011/07/30 22:09:11.0984 0328 TDPIPE (6471a66807f5e104e4885f5b67349397) C:\WINDOWS\system32\drivers\TDPIPE.sys

2011/07/30 22:09:12.0187 0328 TDTCP (c56b6d0402371cf3700eb322ef3aaf61) C:\WINDOWS\system32\drivers\TDTCP.sys

2011/07/30 22:09:12.0375 0328 TermDD (88155247177638048422893737429d9e) C:\WINDOWS\system32\DRIVERS\termdd.sys

2011/07/30 22:09:12.0578 0328 TosIde (f2790f6af01321b172aa62f8e1e187d9) C:\WINDOWS\System32\DRIVERS\toside.sys

2011/07/30 22:09:12.0765 0328 Udfs (5787b80c2e3c5e2f56c2a233d91fa2c9) C:\WINDOWS\system32\drivers\Udfs.sys

2011/07/30 22:09:12.0968 0328 ULCDRHlp (a4e07da3ae2078bd96e84d4baa07b71d) C:\WINDOWS\system32\Drivers\ULCDRHlp.sys

2011/07/30 22:09:13.0203 0328 ultra (1b698a51cd528d8da4ffaed66dfc51b9) C:\WINDOWS\System32\DRIVERS\ultra.sys

2011/07/30 22:09:13.0406 0328 Update (402ddc88356b1bac0ee3dd1580c76a31) C:\WINDOWS\system32\DRIVERS\update.sys

2011/07/30 22:09:13.0640 0328 USBAAPL (d4fb6ecc60a428564ba8768b0e23c0fc) C:\WINDOWS\system32\Drivers\usbaapl.sys

2011/07/30 22:09:13.0843 0328 usbaudio (e919708db44ed8543a7c017953148330) C:\WINDOWS\system32\drivers\usbaudio.sys

2011/07/30 22:09:14.0046 0328 usbccgp (173f317ce0db8e21322e71b7e60a27e8) C:\WINDOWS\system32\DRIVERS\usbccgp.sys

2011/07/30 22:09:14.0265 0328 usbehci (65dcf09d0e37d4c6b11b5b0b76d470a7) C:\WINDOWS\system32\DRIVERS\usbehci.sys

2011/07/30 22:09:14.0468 0328 usbhub (1ab3cdde553b6e064d2e754efe20285c) C:\WINDOWS\system32\DRIVERS\usbhub.sys

2011/07/30 22:09:14.0671 0328 usbprint (a717c8721046828520c9edf31288fc00) C:\WINDOWS\system32\DRIVERS\usbprint.sys

2011/07/30 22:09:14.0875 0328 usbscan (a0b8cf9deb1184fbdd20784a58fa75d4) C:\WINDOWS\system32\DRIVERS\usbscan.sys

2011/07/30 22:09:15.0078 0328 USBSTOR (a32426d9b14a089eaa1d922e0c5801a9) C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS

2011/07/30 22:09:15.0281 0328 usbuhci (26496f9dee2d787fc3e61ad54821ffe6) C:\WINDOWS\system32\DRIVERS\usbuhci.sys

2011/07/30 22:09:15.0500 0328 USIUDF (d46ceaf88f2973e4368c9febea89526b) C:\WINDOWS\system32\Drivers\USIUDF.sys

2011/07/30 22:09:15.0703 0328 VgaSave (0d3a8fafceacd8b7625cd549757a7df1) C:\WINDOWS\System32\drivers\vga.sys

2011/07/30 22:09:15.0906 0328 viaagp (754292ce5848b3738281b4f3607eaef4) C:\WINDOWS\System32\DRIVERS\viaagp.sys

2011/07/30 22:09:16.0109 0328 ViaIde (3b3efcda263b8ac14fdf9cbdd0791b2e) C:\WINDOWS\System32\DRIVERS\viaide.sys

2011/07/30 22:09:16.0312 0328 VolSnap (4c8fcb5cc53aab716d810740fe59d025) C:\WINDOWS\system32\drivers\VolSnap.sys

2011/07/30 22:09:16.0546 0328 Wanarp (e20b95baedb550f32dd489265c1da1f6) C:\WINDOWS\system32\DRIVERS\wanarp.sys

2011/07/30 22:09:16.0859 0328 Wdf01000 (fd47474bd21794508af449d9d91af6e6) C:\WINDOWS\system32\DRIVERS\Wdf01000.sys

2011/07/30 22:09:17.0218 0328 wdmaud (6768acf64b18196494413695f0c3a00f) C:\WINDOWS\system32\drivers\wdmaud.sys

2011/07/30 22:09:17.0500 0328 WpdUsb (cf4def1bf66f06964dc0d91844239104) C:\WINDOWS\system32\DRIVERS\wpdusb.sys

2011/07/30 22:09:17.0703 0328 WS2IFSL (6abe6e225adb5a751622a9cc3bc19ce8) C:\WINDOWS\System32\drivers\ws2ifsl.sys

2011/07/30 22:09:17.0921 0328 WudfPf (f15feafffbb3644ccc80c5da584e6311) C:\WINDOWS\system32\DRIVERS\WudfPf.sys

2011/07/30 22:09:18.0140 0328 WudfRd (28b524262bce6de1f7ef9f510ba3985b) C:\WINDOWS\system32\DRIVERS\wudfrd.sys

2011/07/30 22:09:18.0375 0328 iaStor (50b56e7de809be4b8f4d24b3f0381520) C:\WINDOWS\system32\drivers\iaStor.sys

2011/07/30 22:09:18.0578 0328 WSTCODEC (c98b39829c2bbd34e454150633c62c78) C:\WINDOWS\system32\DRIVERS\WSTCODEC.SYS

2011/07/30 22:09:18.0640 0328 MBR (0x1B8) (8f558eb6672622401da993e1e865c861) \Device\Harddisk0\DR0

2011/07/30 22:09:18.0796 0328 MBR (0x1B8) (8f558eb6672622401da993e1e865c861) \Device\Harddisk1\DR3

2011/07/30 22:09:18.0828 0328 Boot (0x1200) (20ba84945f913359a646d5ca2fe79001) \Device\Harddisk0\DR0\Partition0

2011/07/30 22:09:18.0843 0328 Boot (0x1200) (f136449b1033609ef2d206aeda417a80) \Device\Harddisk1\DR3\Partition0

2011/07/30 22:09:18.0859 0328 ================================================================================

2011/07/30 22:09:18.0859 0328 Scan finished

2011/07/30 22:09:18.0859 0328 ================================================================================

2011/07/30 22:09:18.0890 0316 Detected object count: 1

2011/07/30 22:09:18.0890 0316 Actual detected object count: 1

2011/07/30 22:10:23.0203 0316 ForgedFile.Multi.Generic(Serial) - User select action: Skip

2011/07/30 22:10:31.0062 3976 Deinitialize success

Link to post
Share on other sites

just ran maxlook, last instead of first heres the log, also the combofix found rootkit.zeroaccess and took care of it I believe, had to reboot to get the internet back up but thats fine

Run from C:\Documents and Settings\Garrett\Desktop\maxlook.exe on Sat 07/30/2011 at 22:51:18.67

No infected file found

Will malwarebytes run now? im gonna check i guess

Link to post
Share on other sites

here it is

ComboFix 11-07-31.01 - Garrett 07/30/2011 23:26:24.1.2 - x86

Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.2303.1680 [GMT -5:00]

Running from: c:\documents and settings\Garrett\Desktop\ComboFix.exe

.

.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))

.

.

c:\documents and settings\All Users\Application Data\mw2mmgr.txt

c:\documents and settings\Garrett\Application Data\inst.exe

c:\documents and settings\Garrett\hrlnqgvdcb.tmp

c:\documents and settings\Garrett\WINDOWS

c:\windows\iun6002.exe

c:\windows\system32\_VOIDmfeklnmal.dll

c:\windows\system32\comrepl.exe

c:\windows\system32\Thumbs.db

E:\AUTORUN.INF

.

.

((((((((((((((((((((((((( Files Created from 2011-06-28 to 2011-07-31 )))))))))))))))))))))))))))))))

.

.

2011-07-31 03:39 . 2011-07-31 03:51 -------- d-----w- c:\windows\maxdrive

2011-07-31 02:27 . 2011-07-07 18:28 520496 ----a-w- c:\windows\Listdlls.exe

2011-07-31 02:27 . 2011-05-17 17:48 423288 ----a-w- c:\windows\handle.exe

2011-07-26 00:35 . 2011-07-26 00:35 793600 ----a-w- c:\windows\system32\atioglx232.exe

2011-07-26 00:35 . 2011-07-26 00:35 793600 ----a-w- c:\windows\system32\ippromon32.exe

2011-07-26 00:35 . 2011-07-26 00:35 363008 ----a-w- c:\windows\system32\atioglx232.dll

2011-07-08 15:47 . 2011-07-08 15:47 -------- d-----w- c:\program files\Apple Software Update

2011-07-08 15:44 . 2011-07-08 15:44 -------- d-----w- c:\program files\iPod

2011-07-08 15:44 . 2011-07-08 15:46 -------- d-----w- c:\program files\iTunes

.

.

.

(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2011-07-07 00:52 . 2009-11-22 17:43 41272 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys

2011-07-07 00:52 . 2009-11-22 17:43 22712 ----a-w- c:\windows\system32\drivers\mbam.sys

2011-06-30 22:54 . 2011-05-26 01:16 404640 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl

2011-06-02 14:02 . 2002-08-29 10:00 1858944 ------w- c:\windows\system32\win32k.sys

2011-05-02 15:31 . 2004-06-07 19:19 692736 ----a-w- c:\windows\system32\inetcomm.dll

.

.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))

.

.

*Note* empty entries & legit default entries are not shown

REGEDIT4

.

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{019E0108-2082-4B85-8F4C-521AE5CD6DEe}]

2011-07-26 00:35 363008 ----a-w- c:\windows\SYSTEM32\atioglx232.dll

.

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"cdloader"="c:\documents and settings\Garrett\Application Data\mjusbsp\cdloader2.exe" [2011-05-16 50592]

"WMPNSCFG"="c:\program files\Windows Media Player\WMPNSCFG.exe" [2006-10-19 204288]

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"HomeKeyLogger"="c:\program files\Home\KeyLogger.exe" [2003-02-27 28672]

"USIUDF_Eject_Monitor"="c:\program files\Common Files\Ulead Systems\DVD\USISrv.exe" [2004-12-23 81920]

"type32"="c:\program files\Microsoft IntelliType Pro\type32.exe" [2005-03-15 196608]

"StartCCC"="c:\program files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2006-11-10 90112]

"PRONoMgr.exe"="c:\program files\Intel\NCS\PROSet\PRONoMgr.exe" [2003-03-11 86016]

"News Service"="c:\program files\Charter High-Speed Security Suite\FSGUI\ispnews.exe" [2004-05-06 372736]

"MaxMenuMgr"="c:\program files\Seagate\SeagateManager\FreeAgent Status\StxMenuMgr.exe" [2009-05-01 185640]

"IAAnotif"="c:\program files\Intel\Intel Application Accelerator\iaanotif.exe" [2003-09-15 126976]

"F-Secure TNB"="c:\program files\Charter High-Speed Security Suite\TNB\TNBUtil.exe" [2004-05-27 684032]

"CanonMyPrinter"="c:\program files\Canon\MyPrinter\BJMyPrt.exe" [2009-07-07 1848648]

"AsioReg"="CTASIO.DLL" [2003-02-20 110592]

"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2010-11-29 421888]

"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2011-06-07 421160]

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce]

"Malwarebytes' Anti-Malware"="c:\program files\Malwarebytes' Anti-Malware\mbamgui.exe" [2011-07-07 449584]

.

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Adobe Reader Speed Launch.lnk]

path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Adobe Reader Speed Launch.lnk

backup=c:\windows\pss\Adobe Reader Speed Launch.lnkCommon Startup

.

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^HotSync Manager.lnk]

path=c:\documents and settings\All Users\Start Menu\Programs\Startup\HotSync Manager.lnk

backup=c:\windows\pss\HotSync Manager.lnkCommon Startup

.

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^InterVideo WinCinema Manager.lnk]

path=c:\documents and settings\All Users\Start Menu\Programs\Startup\InterVideo WinCinema Manager.lnk

backup=c:\windows\pss\InterVideo WinCinema Manager.lnkCommon Startup

.

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Microsoft Office.lnk]

path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Microsoft Office.lnk

backup=c:\windows\pss\Microsoft Office.lnkCommon Startup

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SB Audigy 2 Startup Menu]

/L:ENG [X]

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\UserFaultCheck]

c:\windows\system32\dumprep 0 -u [X]

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CTDVDDet]

2002-09-30 06:00 45056 ----a-w- c:\program files\Creative\SBAudigy2\DVDAudio\CTDVDDET.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CTHelper]

2003-02-20 21:45 28672 ------w- c:\windows\SYSTEM32\CTHELPER.EXE

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CTSysVol]

2002-10-29 14:18 49152 ----a-w- c:\program files\Creative\SBAudigy2\Surround Mixer\CTSysVol.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DIGServices]

2005-05-19 18:55 101888 ----a-w- c:\program files\ESPNRunTime\DIGServices.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DIGStream]

2005-05-18 19:49 282624 ----a-w- c:\program files\DIGStream\digstream.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\F-Secure Manager]

2004-08-26 04:19 118832 ----a-w- c:\program files\Charter High-Speed Security Suite\Common\FSM32.EXE

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\F-Secure Startup Wizard]

2004-08-18 10:58 208896 ----a-w- c:\program files\Charter High-Speed Security Suite\FSGUI\fssw.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\igndlm.exe]

2007-03-05 19:57 1103480 ----a-w- c:\program files\IGN\Download Manager\DLM.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LaunchList]

2007-03-21 21:41 145496 ----a-w- c:\program files\Pinnacle\Studio 11\LaunchList2.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]

2010-11-29 23:38 421888 ----a-w- c:\program files\QuickTime\QTTask.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Ulead Quick-Drop]

2005-04-28 23:59 102400 ----a-w- c:\program files\Ulead Systems\Ulead DVD MovieFactory 4 Suite Deluxe\Ulead Quick-Drop 1.0\Quick-Drop.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\updateMgr]

2006-03-30 22:45 313472 ----a-r- c:\program files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WMPNSCFG]

2006-10-19 02:05 204288 ------w- c:\program files\Windows Media Player\wmpnscfg.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]

"mcupdmgr.exe"=3 (0x3)

"MCVSRte"=2 (0x2)

"McShield"=3 (0x3)

.

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]

"%windir%\\system32\\sessmgr.exe"=

"%windir%\\Network Diagnostic\\xpnetdiag.exe"=

"c:\\Program Files\\Pinnacle\\Studio 11\\programs\\RM.exe"=

"c:\\Program Files\\Pinnacle\\Studio 11\\programs\\Studio.exe"=

"c:\\Program Files\\Pinnacle\\Studio 11\\programs\\PMSRegisterFile.exe"=

"c:\\Program Files\\Pinnacle\\Studio 11\\programs\\umi.exe"=

"c:\\Program Files\\Logitech\\Logitech Harmony Remote Software 7\\HarmonyRemote.exe"=

"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=

"c:\\Program Files\\iTunes\\iTunes.exe"=

"c:\\Documents and Settings\\Garrett\\Application Data\\mjusbsp\\magicJack.exe"=

.

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]

"5985:TCP"= 5985:TCP:*:Disabled:Windows Remote Management

.

R2 FreeAgentGoNext Service;Seagate Service;c:\program files\Seagate\SeagateManager\Sync\FreeAgentService.exe [5/1/2009 2:35 PM 181544]

R2 Viewpoint Manager Service;Viewpoint Manager Service;c:\program files\Viewpoint\Common\ViewpointService.exe [1/11/2007 11:18 AM 24652]

R2 WinRM32;Windows Remote Management (WS-Management) ;c:\windows\SYSTEM32\ippromon32.exe [7/25/2011 7:35 PM 793600]

S0 FSDFW;F-Secure Distributed Firewall Driver;c:\windows\system32\drivers\fsdfw.sys --> c:\windows\system32\drivers\fsdfw.sys [?]

S3 MBAMSwissArmy;MBAMSwissArmy;c:\windows\SYSTEM32\DRIVERS\mbamswissarmy.sys [11/22/2009 12:43 PM 41272]

S3 WinRM;Windows Remote Management (WS-Management);c:\windows\system32\svchost.exe -k WINRM [8/29/2002 5:00 AM 14336]

.

--- Other Services/Drivers In Memory ---

.

*NewlyCreated* - MBAMSWISSARMY

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]

WINRM REG_MULTI_SZ WINRM

.

Contents of the 'Scheduled Tasks' folder

.

2011-07-25 c:\windows\Tasks\AppleSoftwareUpdate.job

- c:\program files\Apple Software Update\SoftwareUpdate.exe [2011-06-01 22:57]

.

.

------- Supplementary Scan -------

.

uInternet Connection Wizard,ShellNext = iexplore

uInternet Settings,ProxyOverride = localhost;*.local

IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~4\Office10\EXCEL.EXE/3000

Trusted Zone: clonewarsadventures.com

Trusted Zone: freerealms.com

Trusted Zone: soe.com

Trusted Zone: sony.com

TCP: DhcpNameServer = 24.196.64.53 68.113.206.10 24.178.162.3

.

- - - - ORPHANS REMOVED - - - -

.

MSConfigStartUp-CleanUp - c:\progra~1\McAfee.com\Shared\mcappins.exe

MSConfigStartUp-MCAgentExe - c:\progra~1\mcafee.com\agent\McAgent.exe

MSConfigStartUp-McRegWiz - c:\progra~1\mcafee.com\agent\mcregwiz.exe

MSConfigStartUp-MCUpdateExe - c:\progra~1\mcafee.com\agent\McUpdate.exe

MSConfigStartUp-MoneyAgent - c:\program files\Microsoft Money\System\mnyexpr.exe

MSConfigStartUp-VirusScan Online - c:\progra~1\mcafee.com\vso\mcvsshld.exe

MSConfigStartUp-VSOCheckTask - c:\progra~1\mcafee.com\vso\mcmnhdlr.exe

.

.

.

**************************************************************************

.

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net

Rootkit scan 2011-07-30 23:37

Windows 5.1.2600 Service Pack 3 NTFS

.

scanning hidden processes ...

.

scanning hidden autostart entries ...

.

scanning hidden files ...

.

scan completed successfully

hidden files: 0

.

**************************************************************************

.

--------------------- LOCKED REGISTRY KEYS ---------------------

.

[HKEY_USERS\S-1-5-21-35023807-1711561120-1098793611-1006\Software\Microsoft\SystemCertificates\AddressBook*]

@Allowed: (Read) (RestrictedCode)

@Allowed: (Read) (RestrictedCode)

.

--------------------- DLLs Loaded Under Running Processes ---------------------

.

- - - - - - - > 'winlogon.exe'(908)

c:\windows\system32\Ati2evxx.dll

.

Completion time: 2011-07-30 23:41:25

ComboFix-quarantined-files.txt 2011-07-31 04:41

.

Pre-Run: 13,335,334,912 bytes free

Post-Run: 13,557,145,600 bytes free

.

- - End Of File - - 883AE06898AA9143EA1B768EA3EA4312

Link to post
Share on other sites

Looking better ;)

Before we move on, let's run the following online scans to make sure there's nothing hiding that we may have missed:

Please run a free online scan with the ESET Online Scanner

Note: You will need to use Internet Explorer for this scan.

  1. Tick the box next to YES, I accept the Terms of Use.
  2. Click Start
  3. When asked, allow the ActiveX control to install
  4. Click Start
  5. Make sure that the options Remove found threats is Unchecked and the option Scan unwanted applications is checked
  6. Click Scan
    Wait for the scan to finish
  7. Use Notepad to open the logfile located at C:\Program Files\EsetOnlineScanner\log.txt
  8. Copy and paste that log as a reply to this topic

--------

Please use the Internet Explorer and run a BitDefender Online scan from Here

  • Please check I agree with the Terms and Conditions and click Start Here
  • You will need to allow an Active X install for the scan to run.
  • Leave the scanning options at default and click Start Scan

Please post the results in your next reply.

Link to post
Share on other sites

heres some more

ESETSmartInstaller@High as CAB hook log:

OnlineScanner.ocx - registred OK

# version=7

# iexplore.exe=8.00.6001.18702 (longhorn_ie8_rtm(wmbla).090308-0339)

# OnlineScanner.ocx=1.0.0.6528

# api_version=3.0.2

# EOSSerial=53e11f1e36fbb74b8ac14cb95e8bf6a9

# end=finished

# remove_checked=false

# archives_checked=false

# unwanted_checked=true

# unsafe_checked=true

# antistealth_checked=true

# utc_time=2011-07-31 11:55:52

# local_time=2011-07-31 06:55:52 (-0600, Central Daylight Time)

# country="United States"

# lang=9

# osver=5.1.2600 NT Service Pack 3

# compatibility_mode=2304 16777215 100 0 0 0 0 0

# compatibility_mode=8192 67108863 100 0 0 0 0 0

# scanned=161334

# found=17

# cleaned=0

# scan_time=5743

C:\Program Files\Home\KeyLogger.Dll Win32/KeyLogger.HomeKeyLogger application (unable to clean) 00000000000000000000000000000000 I

C:\Program Files\Home\KeyLogger.exe Win32/KeyLogger.HomeKeyLogger application (unable to clean) 00000000000000000000000000000000 I

C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP374\A0021274.sys a variant of Win32/Rootkit.Kryptik.DM trojan (unable to clean) 00000000000000000000000000000000 I

C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP375\A0022274.sys a variant of Win32/Rootkit.Kryptik.DM trojan (unable to clean) 00000000000000000000000000000000 I

C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP375\A0022285.sys a variant of Win32/Rootkit.Kryptik.DM trojan (unable to clean) 00000000000000000000000000000000 I

C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP375\A0022297.sys a variant of Win32/Rootkit.Kryptik.DM trojan (unable to clean) 00000000000000000000000000000000 I

C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP375\A0022325.sys a variant of Win32/Rootkit.Kryptik.DM trojan (unable to clean) 00000000000000000000000000000000 I

C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP375\A0023325.sys a variant of Win32/Rootkit.Kryptik.DM trojan (unable to clean) 00000000000000000000000000000000 I

C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP375\A0023335.sys a variant of Win32/Rootkit.Kryptik.DM trojan (unable to clean) 00000000000000000000000000000000 I

C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP376\A0023356.sys a variant of Win32/Rootkit.Kryptik.DM trojan (unable to clean) 00000000000000000000000000000000 I

C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP376\A0023725.sys a variant of Win32/Rootkit.Kryptik.DM trojan (unable to clean) 00000000000000000000000000000000 I

C:\WINDOWS\maxdrive\serial.sys a variant of Win32/Rootkit.Kryptik.DM trojan (unable to clean) 00000000000000000000000000000000 I

C:\WINDOWS\SYSTEM32\atioglx232.dll a variant of Win32/Kryptik.QSR trojan (unable to clean) 00000000000000000000000000000000 I

C:\WINDOWS\SYSTEM32\atioglx232.exe a variant of Win32/Kryptik.QUU trojan (unable to clean) 00000000000000000000000000000000 I

C:\WINDOWS\SYSTEM32\ippromon32.exe a variant of Win32/Kryptik.QUU trojan (unable to clean) 00000000000000000000000000000000 I

C:\WINDOWS\SYSTEM32\DRIVERS\serial.sys a variant of Win32/Rootkit.Kryptik.DM trojan (unable to clean) 00000000000000000000000000000000 I

${Memory} multiple threats 00000000000000000000000000000000 I

Link to post
Share on other sites

QuickScan Beta 32-bit v0.9.9.99

-------------------------------

Scan date: Sun Jul 31 19:29:36 2011

Machine ID: 46F801D

Found 5 infected files!

-----------------------

C:\Program Files\Home\KeyLogger.dll --> Application.Keylogger.PVQ

--> Process KeyLogger.exe (1560)

--> Process iexplore.exe (3680)

C:\WINDOWS\system32\atioglx232.dll --> Gen:Variant.Kazy.32028

--> HKLM\Software\Classes\CLSID\{019E0108-2082-4B85-8F4C-521AE5CD6DEe}\InprocServer32\"(default)"

--> HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{019E0108-2082-4B85-8F4C-521AE5CD6DEe}

--> Process explorer.exe (1848)

--> Process iexplore.exe (3680)

C:\WINDOWS\SYSTEM32\atioglx232.exe --> Gen:Variant.Kazy.32450

--> Process atioglx232.exe (2916)

C:\WINDOWS\SYSTEM32\ippromon32.exe --> Gen:Variant.Kazy.32450

--> HKLM\System\ControlSet001\services\WinRM32

--> Process ippromon32.exe (2624)

C:\Program Files\Home\KeyLogger.exe --> Application.Spyarsenal.Homekeylogger.A

--> HKLM\Software\Microsoft\Windows\CurrentVersion\Run\"HomeKeyLogger"

--> Process KeyLogger.exe (1560)

Processes

---------

ATI External Event Utility for Windows 1136 C:\WINDOWS\SYSTEM32\ati2evxx.exe

ATI External Event Utility for Windows 1636 C:\WINDOWS\SYSTEM32\ati2evxx.exe

Bonjour 236 C:\Program Files\Bonjour\mDNSResponder.exe

Canon My Printer 1836 C:\Program Files\Canon\MyPrinter\BJMYPRT.EXE

Catalyst Control Centre 1804 C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CCC.exe

Catalyst Control Centre 1764 C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe

Creative Service for CDROM Access 284 C:\WINDOWS\SYSTEM32\CTSVCCDA.EXE

F-Secure Management Agent 2148 C:\Program Files\Charter High-Speed Security Suite\Common\FAMEH32.EXE

F-Secure Management Agent 1448 C:\Program Files\Charter High-Speed Security Suite\Common\FCH32.EXE

F-Secure Management Agent 644 C:\Program Files\Charter High-Speed Security Suite\Common\FSMA32.EXE

F-Secure Management Agent 688 C:\Program Files\Charter High-Speed Security Suite\Common\FSMB32.EXE

Home Key Logger, Free Edition, v1.70 1560 C:\Program Files\Home\KeyLogger.exe

IAA RAID Event Monitor 1816 C:\Program Files\Intel\Intel Application Accelerator\IAAnotif.exe

Intel IAANTmon 860 C:\Program Files\Intel\Intel Application Accelerator\IAANTmon.exe

iTunes 3124 C:\Program Files\iPod\bin\iPodService.exe

iTunes 1868 C:\Program Files\iTunes\iTunesHelper.exe

Microsoft ® DRM 2860 C:\WINDOWS\SYSTEM32\MsPMSPSv.exe

Microsoft IntelliType Pro 1580 C:\Program Files\Microsoft IntelliType Pro\type32.exe

Microsoft® Windows® Operating System 244 C:\WINDOWS\SYSTEM32\notepad.exe

Microsoft® Windows® Operating System 1692 C:\WINDOWS\SYSTEM32\spoolsv.exe

Microsoft® Windows® Operating System 3472 C:\WINDOWS\SYSTEM32\wscntfy.exe

MobileDeviceService 1900 C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe

PnkBstrA.exe 2108 C:\WINDOWS\SYSTEM32\PnkBstrA.exe

Ron Head 2916 C:\WINDOWS\SYSTEM32\atioglx232.exe

Ron Head 2624 C:\WINDOWS\SYSTEM32\ippromon32.exe

Sync 328 C:\Program Files\Seagate\SeagateManager\Sync\FreeAgentService.exe

Ulead Systems ULCDRSvr 2568 C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe

Ulead Systems USISrv 1564 C:\Program Files\Common Files\Ulead Systems\DVD\USISrv.exe

Viewpoint Manager 2584 C:\Program Files\Viewpoint\Common\ViewpointService.exe

Viewpoint Manager 3712 C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe

(verified) Java Platform SE 6 U18 1420 C:\Program Files\Java\jre6\bin\jqs.exe

(verified) Microsoft® Windows® Operating System 2700 C:\Program Files\Windows Media Player\wmpnetwk.exe

(verified) Microsoft® Windows® Operating System 1848 C:\WINDOWS\explorer.exe

(verified) Microsoft® Windows® Operating System 3476 C:\WINDOWS\SYSTEM32\alg.exe

(verified) Microsoft® Windows® Operating System 868 C:\WINDOWS\SYSTEM32\csrss.exe

(verified) Microsoft® Windows® Operating System 1912 C:\WINDOWS\SYSTEM32\ctfmon.exe

(verified) Microsoft® Windows® Operating System 964 C:\WINDOWS\SYSTEM32\lsass.exe

(verified) Microsoft® Windows® Operating System 952 C:\WINDOWS\SYSTEM32\services.exe

(verified) Microsoft® Windows® Operating System 816 C:\WINDOWS\SYSTEM32\smss.exe

(verified) Microsoft® Windows® Operating System 848 C:\WINDOWS\SYSTEM32\svchost.exe

(verified) Microsoft® Windows® Operating System 2492 C:\WINDOWS\SYSTEM32\svchost.exe

(verified) Microsoft® Windows® Operating System 1428 C:\WINDOWS\SYSTEM32\svchost.exe

(verified) Microsoft® Windows® Operating System 1380 C:\WINDOWS\SYSTEM32\svchost.exe

(verified) Microsoft® Windows® Operating System 1336 C:\WINDOWS\SYSTEM32\svchost.exe

(verified) Microsoft® Windows® Operating System 1224 C:\WINDOWS\SYSTEM32\svchost.exe

(verified) Microsoft® Windows® Operating System 1152 C:\WINDOWS\SYSTEM32\svchost.exe

(verified) Microsoft® Windows® Operating System 2464 C:\WINDOWS\SYSTEM32\svchost.exe

(verified) Microsoft® Windows® Operating System 908 C:\WINDOWS\SYSTEM32\winlogon.exe

(verified) Windows® Internet Explorer 3680 C:\Program Files\Internet Explorer\iexplore.exe

Network activity

----------------

Process iexplore.exe (3680) connected on port 80 (HTTP) --> 184.51.200.11

Process iexplore.exe (3680) connected on port 80 (HTTP) --> 184.51.200.194

Process iexplore.exe (3680) connected on port 80 (HTTP) --> 69.171.224.41

Process iexplore.exe (3680) connected on port 80 (HTTP) --> 74.125.225.15

Process svchost.exe (1224) listens on ports: 135 (RPC)

Process svchost.exe (2464) listens on ports: 2869 (SSDP event notification, UPNP)

Process wmpnetwk.exe (2700) listens on ports: 10243

Autoruns and critical files

---------------------------

Apple Software Update C:\Program Files\Apple Software Update\SoftwareUpdate.exe

ATI External Event Utility for Windows C:\WINDOWS\system32\Ati2evxx.dll

Canon My Printer C:\Program Files\Canon\MyPrinter\BJMYPRT.EXE

cdloader2 C:\Documents and Settings\Garrett\Application Data\mjusbsp\cdloader2.exe

CLIStart.exe C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe

F-Secure Try & Buy Utility C:\Program Files\Charter High-Speed Security Suite\TNB\TNBUtil.exe

Home Key Logger, Free Edition, v1.70 C:\Program Files\Home\KeyLogger.exe

IAA RAID Event Monitor C:\Program Files\Intel\Intel Application Accelerator\IAAnotif.exe

Intel® Network Configuration Services C:\Program Files\Intel\NCS\PROSet\PRONoMgr.exe

iTunes C:\Program Files\iTunes\iTunesHelper.exe

Malwarebytes' Anti-Malware C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe

Microsoft IntelliType Pro C:\Program Files\Microsoft IntelliType Pro\type32.exe

Microsoft® Windows® Operating System C:\Program Files\Windows Media Player\WMPNSCFG.exe

Microsoft® Windows® Operating System C:\WINDOWS\system32\CRYPT32.dll

Microsoft® Windows® Operating System C:\WINDOWS\system32\cryptnet.dll

Microsoft® Windows® Operating System C:\WINDOWS\system32\cscdll.dll

Microsoft® Windows® Operating System C:\WINDOWS\System32\dimsntfy.dll

Microsoft® Windows® Operating System C:\WINDOWS\system32\REGSVR32.EXE

Microsoft® Windows® Operating System C:\WINDOWS\system32\SHELL32.dll

Microsoft® Windows® Operating System C:\WINDOWS\System32\ssmypics.scr

Microsoft® Windows® Operating System c:\windows\system32\userinit.exe

Microsoft® Windows® Operating System C:\WINDOWS\system32\WlNotify.dll

News Service Application C:\Program Files\Charter High-Speed Security Suite\FSGUI\ispnews.exe

QuickTime C:\Program Files\QuickTime\qttask.exe

Seagate FreeAgent™ Application C:\Program Files\Seagate\SeagateManager\FreeAgent Status\StxMenuMgr.exe

Ulead Systems USISrv C:\Program Files\Common Files\Ulead Systems\DVD\USISrv.exe

Windows Genuine Advantage C:\WINDOWS\system32\WgaLogon.dll

(verified) Microsoft® Windows® Operating System C:\WINDOWS\system32\BROWSEUI.dll

(verified) Microsoft® Windows® Operating System C:\WINDOWS\system32\logonui.exe

(verified) Microsoft® Windows® Operating System C:\WINDOWS\system32\sclgntfy.dll

(verified) Microsoft® Windows® Operating System C:\WINDOWS\system32\stobject.dll

(verified) Microsoft® Windows® Operating System C:\WINDOWS\system32\WPDShServiceObj.dll

(verified) Windows® Internet Explorer C:\WINDOWS\system32\webcheck.dll

Browser plugins

---------------

AcroIEHelper Library C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll

Adobe Acrobat C:\Program Files\Internet Explorer\plugins\nppdf32.dll

Adobe® Flash® Player ActiveX C:\WINDOWS\Downloaded Program Files\FP_AX_CAB_INSTALLER.exe

atioglx232.dll C:\WINDOWS\system32\atioglx232.dll

BitDefender QuickScan C:\WINDOWS\Downloaded Program Files\qsax.dll

Bonjour C:\Program Files\Bonjour\mdnsNSP.dll

CANON iMAGE GATEWAY Album Plugin Utilit C:\Program Files\Canon\Easy-PhotoPrint EX\NPEZFFPI.DLL

FilePlanet Download Control C:\WINDOWS\Downloaded Program Files\FPDC.dll

IGN Download Manager Plug-in C:\Program Files\IGN\Download Manager\npfpdlm.dll

InterTrust Redemption Wizard C:\Program Files\Internet Explorer\plugins\NPDocBox.dll

Messenger C:\Program Files\Messenger\msmsgs.exe

MetaStream 3 Plugin C:\Program Files\Viewpoint\Viewpoint Experience Technology\npViewpoint.dll

Microsoft® Windows® Operating System C:\WINDOWS\system32\mswsock.dll

Microsoft® Windows® Operating System C:\WINDOWS\System32\winrnr.dll

Move Streaming Media Player C:\Documents and Settings\Garrett\Application Data\Move Networks\plugins\npqmp071701000002.dll

npitunes.dll C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll

npsoe.dll C:\WINDOWS\Downloaded Program Files\npsoe.dll

Panda3D Game Engine Plug-in 1.0.3 C:\WINDOWS\Downloaded Program Files\p3dactivex.ocx

QuickTime Plug-in 7.6.9 C:\Program Files\Internet Explorer\plugins\npqtplugin.dll

QuickTime Plug-in 7.6.9 C:\Program Files\Internet Explorer\plugins\npqtplugin2.dll

QuickTime Plug-in 7.6.9 C:\Program Files\Internet Explorer\plugins\npqtplugin3.dll

QuickTime Plug-in 7.6.9 C:\Program Files\Internet Explorer\plugins\npqtplugin4.dll

QuickTime Plug-in 7.6.9 C:\Program Files\Internet Explorer\plugins\npqtplugin5.dll

QuickTime Plug-in 7.6.9 C:\Program Files\Internet Explorer\plugins\npqtplugin6.dll

QuickTime Plug-in 7.6.9 C:\Program Files\Internet Explorer\plugins\npqtplugin7.dll

QuickTime Plug-in 7.6.9 C:\Program Files\Internet Explorer\plugins\npqtplugin8.dll

Silverlight Plug-In C:\Program Files\Microsoft Silverlight\4.0.60310.0\npctrl.dll

Software Manager C:\WINDOWS\Downloaded Program Files\isusweb.dll

Unity Player C:\Documents and Settings\Garrett\Local Settings\Application Data\Unity\WebPlayer\loader\npUnity3D32.dll

Windows Presentation Foundation C:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll

Windows® Internet Explorer C:\WINDOWS\system32\ieframe.dll

(verified) InstallShield Update Service C:\WINDOWS\Downloaded Program Files\dwusplay.dll

(verified) InstallShield Update Service C:\WINDOWS\Downloaded Program Files\dwusplay.exe

(verified) Java Platform SE 6 U18 C:\Program Files\Java\jre6\bin\jp2ssv.dll

(verified) Java Platform SE 6 U18 C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll

(verified) Microsoft® Windows® Operating System C:\WINDOWS\Network Diagnostic\xpnetdiag.exe

Scan

----

MD5: 8af6c843a34f2729cf0752c054a9325e C:\Documents and Settings\All Users\DRM\Cache\Indiv01.key

MD5: 74981d63bb864337d077b3c27fff8ef4 C:\Documents and Settings\Garrett\Application Data\mjusbsp\cdloader2.exe

MD5: 22bcf7844b9666bd6b097150a89807c0 C:\Documents and Settings\Garrett\Application Data\Move Networks\plugins\npqmp071701000002.dll

MD5: 5efdce32d13d2c217bb9b1c0f8cbadb3 C:\Documents and Settings\Garrett\Local Settings\Application Data\Unity\WebPlayer\loader\npUnity3D32.dll

MD5: 4ea3a6cd9d20584ffafdb1e47dbf0e20 C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll

MD5: 34ebd4ff6a24d86bb4716d6afcc1a89b C:\Program Files\Apple Software Update\SoftwareUpdate.exe

MD5: 9064d871ef0125b58cc58afc767f1e47 C:\Program Files\ArcSoft\Software Suite\PhotoImpression 5\share\pihook.dll

MD5: 25ca1677aaa3cdc99cd4fcf940886f3c C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CCC.exe

MD5: 033ff248550305ed52ed2d2844a8a11b C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe

MD5: e681281d9bfc9d45d3b72532717e5880 C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe

MD5: 37bc9e0e4b3657b54037777135569d1e C:\Program Files\Bonjour\mdnsNSP.dll

MD5: f2060a34c8a75bc24a9222eb4f8c07bd C:\Program Files\Bonjour\mDNSResponder.exe

MD5: 0843c70733e8ca876475123a6601630d C:\Program Files\Canon\Easy-PhotoPrint EX\NPEZFFPI.DLL

MD5: a8e2fa5409ee33b9348b997f83298316 C:\Program Files\Canon\MyPrinter\BJMYPRT.EXE

MD5: b1f7fd8bf9df059d20e72e8974162ae7 C:\Program Files\Canon\MyPrinter\BJMyRes.dll

MD5: af529cec56fedcf1add5e53621ca1d3c C:\Program Files\Charter High-Speed Security Suite\Common\AMEHEVN.DLL

MD5: ba5f4494762747a3acc238b733006f3a C:\Program Files\Charter High-Speed Security Suite\Common\AMEHLOG.DLL

MD5: 1f95d02f66af0ff4a4f75a458d528405 C:\Program Files\Charter High-Speed Security Suite\Common\AMEHSMT.DLL

MD5: 1f2db39d7de0bd1f00045e706f42d57b C:\Program Files\Charter High-Speed Security Suite\Common\AMEHTVL.DLL

MD5: f1531df10ca40d9ca9496aca0c081b60 C:\Program Files\Charter High-Speed Security Suite\Common\FAMEH32.EXE

MD5: f9526e232529dbbebed1b09aee4ce40d C:\Program Files\Charter High-Speed Security Suite\Common\FCH32.EXE

MD5: 374249eb0f02d8c8986939e7002924bc C:\Program Files\Charter High-Speed Security Suite\Common\fsexc.dll

MD5: 63777ade9b34fc1ffa95e3198393715f C:\Program Files\Charter High-Speed Security Suite\Common\FSLD32.dll

MD5: 88bff7cb4819dab4db61cdb82b9ab940 C:\Program Files\Charter High-Speed Security Suite\Common\FSMA32.dll

MD5: b8d891b04a33aed2c31448587fcbf0f6 C:\Program Files\Charter High-Speed Security Suite\Common\FSMA32.EXE

MD5: 24c1eb39764431bbb1da3f39ce4d587e C:\Program Files\Charter High-Speed Security Suite\Common\FSMB32.EXE

MD5: 69e17d4690f25270ef755538396f74b7 C:\Program Files\Charter High-Speed Security Suite\Common\FSPMAPI.dll

MD5: 2b7ca9a863f38eefdc3940a7690b0141 C:\Program Files\Charter High-Speed Security Suite\Common\FSPMENG.DLL

MD5: 86e572eda7d6ddb62d2781c50f72d716 C:\Program Files\Charter High-Speed Security Suite\FSGUI\ispnews.exe

MD5: 53cc050273ca9b6e0011b05644bd8482 C:\Program Files\Charter High-Speed Security Suite\TNB\TNBUtil.exe

MD5: dddd1d04d5f4360371bc99c7c476f70d C:\Program Files\Common Files\Apple\Apple Application Support\ASL.dll

MD5: d855b0e63ecafe9ebd086af6691e0016 C:\Program Files\Common Files\Apple\Apple Application Support\CFNetwork.DLL

MD5: 749cf03badc40453f61fd7025e2ba2f5 C:\Program Files\Common Files\Apple\Apple Application Support\CoreFoundation.dll

MD5: d30dd708f05fb85ef2c53727ed3573d2 C:\Program Files\Common Files\Apple\Apple Application Support\icudt40.dll

MD5: 38711bb50d27b7145186f61ce31b3336 C:\Program Files\Common Files\Apple\Apple Application Support\icuin40.dll

MD5: 9e515554a3ea7b70c975f61971c6977d C:\Program Files\Common Files\Apple\Apple Application Support\icuuc40.dll

MD5: 7ef0c8a9a1a57756f4868e3693173c08 C:\Program Files\Common Files\Apple\Apple Application Support\libdispatch.dll

MD5: 258d35f5f5f5f3f6045488ecdc14faab C:\Program Files\Common Files\Apple\Apple Application Support\objc.dll

MD5: 20f6f19fe9e753f2780dc2fa083ad597 C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe

MD5: dc70310b3d079d667b67f0c7067209f3 C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService_main.dll

MD5: e6748a0adc22f0595e31448cac746d3f C:\Program Files\Common Files\Apple\Mobile Device Support\iTunesMobileDevice.dll

MD5: 48e41870adfff48a67c5f7fbe15aa81c C:\Program Files\Common Files\ATI Technologies\Multimedia\atidvcr.dll

MD5: 0d69d9077f9bb5ec144140cbf5191d57 C:\Program Files\Common Files\ATI Technologies\Multimedia\atixcode.dll

MD5: 332d341d92b933600d41953b08360dfb C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe

MD5: d9c8a14d9c2168c29a068b2c470e37b4 C:\Program Files\Common Files\Ulead Systems\DVD\USISrv.exe

MD5: 432a012d496df3b33d55b3d54172ba35 C:\Program Files\Home\KeyLogger.dll

MD5: 4f2d146582d432e9557d3c48315e87a3 C:\Program Files\Home\KeyLogger.exe

MD5: a190e04837ad50a26ecfbe0b584368bb C:\Program Files\IGN\Download Manager\npfpdlm.dll

MD5: fcb2e93bec7ecb462e13c181a3638d2d C:\Program Files\Intel\Intel Application Accelerator\IAAnotif.exe

MD5: b28db7adf9b7b731e00c03a64914b54d C:\Program Files\Intel\Intel Application Accelerator\IAANTmon.exe

MD5: 3b9be1dfb8ae24de0a020e439c04dc3d C:\Program Files\Intel\Intel Application Accelerator\iATAENU.dll

MD5: 94989291dee27583f97c92699b297420 C:\Program Files\Intel\NCS\PROSet\PRONoMgr.exe

MD5: 737351f39fef765234037770abdd72bd C:\Program Files\Intel\NCS\Sync\NetSvc.exe

MD5: a9d7153b413dd0a43aac72190473eeaf C:\Program Files\Internet Explorer\ieproxy.dll

MD5: 9d63f257e9cc6367692b92da4cb4ddac C:\Program Files\Internet Explorer\plugins\NPDocBox.dll

MD5: 8ef356da145f60c3f11df7ef03b97449 C:\Program Files\Internet Explorer\plugins\nppdf32.dll

MD5: 840b4c97c7ef119834780fa09258dcd1 C:\Program Files\Internet Explorer\plugins\npqtplugin.dll

MD5: 840b4c97c7ef119834780fa09258dcd1 C:\Program Files\Internet Explorer\plugins\npqtplugin2.dll

MD5: 840b4c97c7ef119834780fa09258dcd1 C:\Program Files\Internet Explorer\plugins\npqtplugin3.dll

MD5: 840b4c97c7ef119834780fa09258dcd1 C:\Program Files\Internet Explorer\plugins\npqtplugin4.dll

MD5: 840b4c97c7ef119834780fa09258dcd1 C:\Program Files\Internet Explorer\plugins\npqtplugin5.dll

MD5: 840b4c97c7ef119834780fa09258dcd1 C:\Program Files\Internet Explorer\plugins\npqtplugin6.dll

MD5: 840b4c97c7ef119834780fa09258dcd1 C:\Program Files\Internet Explorer\plugins\npqtplugin7.dll

MD5: 840b4c97c7ef119834780fa09258dcd1 C:\Program Files\Internet Explorer\plugins\npqtplugin8.dll

MD5: 5dd552e15419354fcd8ee92ae2660814 C:\Program Files\internet explorer\xpshims.dll

MD5: b84a28b3984185eda8867541af14cddb C:\Program Files\iPod\bin\iPodService.exe

MD5: 84cb60e2abc023e81fdf5c335568fb94 C:\Program Files\iPod\bin\iPodService.Resources\en.lproj\iPodServiceLocalized.DLL

MD5: 14c7e5cef764ae4708e820f61d048319 C:\Program Files\iPod\bin\iPodService.Resources\iPodService.DLL

MD5: ba0f6dcc3181a4e3cbb02ec41153bb72 C:\Program Files\iTunes\iTunesHelper.dll

MD5: 53d96678fb89f056d5285101481297d9 C:\Program Files\iTunes\iTunesHelper.exe

MD5: 99aaa6c83d40be9db1ba81141b2aebc8 C:\Program Files\iTunes\iTunesHelper.Resources\en.lproj\iTunesHelperLocalized.DLL

MD5: 562814461db20253b42bb806c994d20d C:\Program Files\iTunes\iTunesHelper.Resources\iTunesHelper.DLL

MD5: 7f8aefd3bbc0f30c42c59fd27a828dcf C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll

MD5: 33bfce71f407f24e5dfdb7dd46ce2d6d C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe

MD5: 3e930c641079443d4de036167a69caa2 C:\Program Files\Messenger\msmsgs.exe

MD5: c256029c5d9bcb2d90aca250118df4ab C:\Program Files\Microsoft IntelliType Pro\dpgcmd.dll

MD5: 1de033359517d66087ed6ef5cb37ec4b C:\Program Files\Microsoft IntelliType Pro\dpgmkb.dll

MD5: 19c9395640732c073cc9fa0ea7898504 C:\Program Files\Microsoft IntelliType Pro\srres.dll

MD5: 9b97e18b020df1320243d7b6753386f1 C:\Program Files\Microsoft IntelliType Pro\type32.dll

MD5: 760c00a152dc010dd8e41969be33dc8a C:\Program Files\Microsoft IntelliType Pro\type32.exe

MD5: 86b931199ba434f8e20cc6ad7535a42d C:\Program Files\Microsoft Silverlight\4.0.60310.0\agcore.dll

MD5: 8e151a2a185daf9852322028abe55534 C:\Program Files\Microsoft Silverlight\4.0.60310.0\npctrl.dll

MD5: afdae59fe562a7cdb44f9d4abedac316 C:\Program Files\QuickTime\QTSystem\QTCF.dll

MD5: 1d856e6e7490447fcfaa46e09a2bf9c9 C:\Program Files\QuickTime\QTSystem\QuickTime.qts

MD5: 0aee5668eb59912f32ff245bfa72465f C:\Program Files\QuickTime\qttask.exe

MD5: d7847cd91f19c498bc0f34736e990aed C:\Program Files\Seagate\SeagateManager\Encryption\SFEConfiguration.dll

MD5: 8e7507cf45745a02627af510f0792ebe C:\Program Files\Seagate\SeagateManager\Encryption\SFECopier.dll

MD5: 507cbfc472f427cddb3f42ca072f699e C:\Program Files\Seagate\SeagateManager\Encryption\SFECrypto.dll

MD5: 294f0f7af6b99dbbe754780a190621d8 C:\Program Files\Seagate\SeagateManager\Encryption\SFEPassword.dll

MD5: ec07666783127e0ca927b24ff9ebd9c6 C:\Program Files\Seagate\SeagateManager\FreeAgent Status\StxMenuMgr.exe

MD5: 07af7870abf051ebbae8a8a92ff34abe C:\Program Files\Seagate\SeagateManager\Sync\FreeAgentService.exe

MD5: 98d2fffa97c0cb720b2b12522d095849 C:\Program Files\Seagate\SeagateManager\Sync\STXDEVIF.dll

MD5: 5f974fde801c73952770736becde11e7 C:\Program Files\Viewpoint\Common\ViewpointService.exe

MD5: bc7ff28466598698d90900ac065c7466 C:\Program Files\Viewpoint\Viewpoint Experience Technology\npViewpoint.dll

MD5: 8cb407ab690bfa3afd12d56fc9341783 C:\Program Files\Viewpoint\Viewpoint Manager\VETScriptInterpreter.dll

MD5: 1ff94b386646925d2b153c8a083115c7 C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe

MD5: 9db5f5e7dfbaa7cd9ae818ee2720e393 C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgrCore.dll

MD5: 7eaed08ccca4ddde61a388c82598cfa9 C:\Program Files\Windows Media Player\WMPNSCFG.exe

MD5: 310c15fd8358b2c4cd7a5b98a112883f C:\WINDOWS\AppPatch\AcGenral.DLL

MD5: 77e6673a112c98f99ef44776f4de2e4d C:\WINDOWS\AppPatch\AcLayers.DLL

MD5: 93d5b9634c4744fb115785081ecf9738 C:\WINDOWS\assembly\GAC_MSIL\ACE.Graphics.DisplaysManager.Shared\2.0.2573.17685__90ba9c70f846762e\ACE.Graphics.DisplaysManager.Shared.dll

MD5: 3b5d2ac295c094acf60a0edb9d6820d4 C:\WINDOWS\assembly\GAC_MSIL\AEM.Actions.CCAA.Shared\2.0.2820.26371__90ba9c70f846762e\AEM.Actions.CCAA.Shared.dll

MD5: 1d0e4924c7a1950d4ed8a8d2000614e6 C:\WINDOWS\assembly\GAC_MSIL\AEM.Foundation\2.0.2820.26370__90ba9c70f846762e\AEM.Foundation.dll

MD5: f7628045979d52868be6d7c8dd6cc4d9 C:\WINDOWS\assembly\GAC_MSIL\AEM.Plugin.DPPE.Shared\2.0.2820.26386__90ba9c70f846762e\AEM.Plugin.DPPE.Shared.dll

MD5: 8bb0736903e30fc45423fbf8682891df C:\WINDOWS\assembly\GAC_MSIL\AEM.Plugin.EEU.Shared\2.0.2820.26376__90ba9c70f846762e\AEM.Plugin.EEU.Shared.dll

MD5: 96f0db7bca70921df46080cbd6c82ba1 C:\WINDOWS\assembly\GAC_MSIL\AEM.Plugin.GD.Shared\2.0.2820.26385__90ba9c70f846762e\AEM.Plugin.GD.Shared.dll

MD5: 9ee8d8e4d87183d8bd9cf13afd1bd88f C:\WINDOWS\assembly\GAC_MSIL\AEM.Plugin.Hotkeys.Shared\2.0.2820.26371__90ba9c70f846762e\AEM.Plugin.Hotkeys.Shared.dll

MD5: 8084f5609ab81a78d8e2acaef0f6261f C:\WINDOWS\assembly\GAC_MSIL\AEM.Plugin.Source.Kit.Server\2.0.2861.40086__90ba9c70f846762e\AEM.Plugin.Source.Kit.Server.dll

MD5: 87ca0acad1d8ee1d59bd995617112ffd C:\WINDOWS\assembly\GAC_MSIL\AEM.Server.Shared\2.0.2820.26372__90ba9c70f846762e\AEM.Server.Shared.dll

MD5: fd5a39bb55fde0c0da02fbb2b198724f C:\WINDOWS\assembly\GAC_MSIL\AEM.Server\2.0.2861.39794__90ba9c70f846762e\AEM.Server.dll

MD5: 23a24f44a20caa946f8a48c44e7d16a0 C:\WINDOWS\assembly\GAC_MSIL\APM.Foundation\2.0.2820.26375__90ba9c70f846762e\APM.Foundation.dll

MD5: 5fe481897bbf910d17efb8f693e6d358 C:\WINDOWS\assembly\GAC_MSIL\APM.Server\2.0.2861.39793__90ba9c70f846762e\APM.Server.dll

MD5: b75a9fe372fe8cf95ce365eadb7c2b9b C:\WINDOWS\assembly\GAC_MSIL\ATICCCom\2.0.0.0__90ba9c70f846762e\ATICCCom.dll

MD5: 16058fd9eedfe50dbfcff5862546e96b C:\WINDOWS\assembly\GAC_MSIL\ATIDEMOS\2.0.2861.39795__90ba9c70f846762e\ATIDEMOS.dll

MD5: 74a97243ab81f912efb1e75c0233cbae C:\WINDOWS\assembly\GAC_MSIL\atixclib\1.0.0.0__90ba9c70f846762e\atixclib.dll

MD5: 5c0c833e0a161d0f9843745229f05a1b C:\WINDOWS\assembly\GAC_MSIL\CCC.Implementation\2.0.2861.40061__90ba9c70f846762e\CCC.Implementation.dll

MD5: 5f256213606cf1c22727393fc223b083 C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.CustomFormats.Graphics.Shared\2.0.2820.26377__90ba9c70f846762e\CLI.Aspect.CustomFormats.Graphics.Shared.dll

MD5: 2f31ecad606a62ef88d48074c47c8953 C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.DeviceCRT.Graphics.Dashboard\2.0.2861.39956__90ba9c70f846762e\CLI.Aspect.DeviceCRT.Graphics.Dashboard.dll

MD5: c3d1756a846d0a600bc453479aaf71da C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.DeviceCRT.Graphics.Runtime\2.0.2861.39962__90ba9c70f846762e\CLI.Aspect.DeviceCRT.Graphics.Runtime.dll

MD5: ad3a1fb576c09dd3305d45745bce14a1 C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.DeviceCRT.Graphics.Shared\2.0.2820.26385__90ba9c70f846762e\CLI.Aspect.DeviceCRT.Graphics.Shared.dll

MD5: f29b75c0fa238405c73da3287ac3cefd C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.DeviceCV.Graphics.Dashboard\2.0.2861.40005__90ba9c70f846762e\CLI.Aspect.DeviceCV.Graphics.Dashboard.dll

MD5: d7884c6e9e7d77e061e12e23c7d826de C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.DeviceCV.Graphics.Runtime\2.0.2861.40004__90ba9c70f846762e\CLI.Aspect.DeviceCV.Graphics.Runtime.dll

MD5: c32c84b8bf78ab79f6e39c8d2dda8126 C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.DeviceCV.Graphics.Shared\2.0.2820.26387__90ba9c70f846762e\CLI.Aspect.DeviceCV.Graphics.Shared.dll

MD5: 06b2b9d2ac7da777c4f55235936be90f C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.DeviceCV.Graphics.Wizard\2.0.2861.40025__90ba9c70f846762e\CLI.Aspect.DeviceCV.Graphics.Wizard.dll

MD5: 8b9d025e8eae123bde3dcc45b87775c6 C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.DeviceDFP.Graphics.Dashboard\2.0.2861.39949__90ba9c70f846762e\CLI.Aspect.DeviceDFP.Graphics.Dashboard.dll

MD5: 5f936ea47015a1450f585a8a216188eb C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.DeviceDFP.Graphics.Runtime\2.0.2861.39955__90ba9c70f846762e\CLI.Aspect.DeviceDFP.Graphics.Runtime.dll

MD5: 6de1f23fc1d98ac0a2e45e049a3fef3a C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.DeviceDFP.Graphics.Shared\2.0.2820.26385__90ba9c70f846762e\CLI.Aspect.DeviceDFP.Graphics.Shared.dll

MD5: 7d2f97720346e2f3a612a0ff91a0102e C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.DeviceLCD.Graphics.Runtime\2.0.2861.39996__90ba9c70f846762e\CLI.Aspect.DeviceLCD.Graphics.Runtime.dll

MD5: c82e3567b0714a25a2bbaa595afad670 C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.DeviceLCD.Graphics.Shared\2.0.2820.26382__90ba9c70f846762e\CLI.Aspect.DeviceLCD.Graphics.Shared.dll

MD5: bcb6ac4af23445325acf86a3125d557e C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.DeviceProperty.Graphics.Runtime\2.0.2861.39955__90ba9c70f846762e\CLI.Aspect.DeviceProperty.Graphics.Runtime.dll

MD5: 9550e9b237903b16ef5ca6c3f9a2f3c2 C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.DeviceProperty.Graphics.Shared\2.0.2820.26375__90ba9c70f846762e\CLI.Aspect.DeviceProperty.Graphics.Shared.dll

MD5: 8d08720b33943eb0e6d2d6fff8c89f7d C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.DeviceTV.Graphics.Dashboard\2.0.2861.40040__90ba9c70f846762e\CLI.Aspect.DeviceTV.Graphics.Dashboard.dll

MD5: 254b697366d21727b7110a945dfa50e9 C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.DeviceTV.Graphics.Runtime\2.0.2861.40038__90ba9c70f846762e\CLI.Aspect.DeviceTV.Graphics.Runtime.dll

MD5: 7ffe403125eb94f11a0e2fba5821d080 C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.DeviceTV.Graphics.Shared\2.0.2820.26388__90ba9c70f846762e\CLI.Aspect.DeviceTV.Graphics.Shared.dll

MD5: 0669b3dea9d8c89dc7655aa433662972 C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.DeviceTV.Graphics.Wizard\2.0.2861.40046__90ba9c70f846762e\CLI.Aspect.DeviceTV.Graphics.Wizard.dll

MD5: b549c8666da5caad116117bf7894a944 C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.DisplaysColour2.Graphics.Dashboard\2.0.2861.39872__90ba9c70f846762e\CLI.Aspect.DisplaysColour2.Graphics.Dashboard.dll

MD5: e5c90569a5fc32ccddebdbc90b7952ab C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.DisplaysColour2.Graphics.Runtime\2.0.2861.39878__90ba9c70f846762e\CLI.Aspect.DisplaysColour2.Graphics.Runtime.dll

MD5: e9a785718a0fe605fa931e756e345632 C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.DisplaysColour2.Graphics.Shared\2.0.2820.26383__90ba9c70f846762e\CLI.Aspect.DisplaysColour2.Graphics.Shared.dll

MD5: 4da675995cc9888501b08d9d9f285f96 C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.DisplaysManager.Graphics.Dashboard\2.0.2861.39825__90ba9c70f846762e\CLI.Aspect.DisplaysManager.Graphics.Dashboard.dll

MD5: e49a8327296f180f58ff1b2778dd16ca C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.DisplaysManager.Graphics.Wizard\2.0.2861.39845__90ba9c70f846762e\CLI.Aspect.DisplaysManager.Graphics.Wizard.dll

MD5: b34e1e174c07e6a834429dee2d825524 C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.DisplaysOptions.Graphics.Dashboard\2.0.2861.39977__90ba9c70f846762e\CLI.Aspect.DisplaysOptions.Graphics.Dashboard.dll

MD5: 30408396d8f1d7cb96dac4b5503ffa67 C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.DisplaysOptions.Graphics.Runtime\2.0.2861.39977__90ba9c70f846762e\CLI.Aspect.DisplaysOptions.Graphics.Runtime.dll

MD5: c1c0b9704b92dbe1f673d5fae0721645 C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.DisplaysOptions.Graphics.Shared\2.0.2820.26386__90ba9c70f846762e\CLI.Aspect.DisplaysOptions.Graphics.Shared.dll

MD5: 6b213d026977b131d94ae63e97387f47 C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.Grid.HydraVision.Dashboard\2.0.2861.40095__90ba9c70f846762e\CLI.Aspect.Grid.HydraVision.Dashboard.dll

MD5: b4bca8772d7a411db606f688d97652d3 C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.HotkeysHandling.Graphics.Runtime\2.0.2861.39824__90ba9c70f846762e\CLI.Aspect.HotkeysHandling.Graphics.Runtime.dll

MD5: f4bf8372858dff9c8958fa05ee2040ce C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.HotkeysHandling.Graphics.Shared\2.0.2820.26383__90ba9c70f846762e\CLI.Aspect.HotkeysHandling.Graphics.Shared.dll

MD5: 5f18e793687f86e658994625036c8ade C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.InfoCentre.Graphics.Dashboard\2.0.2861.39865__90ba9c70f846762e\CLI.Aspect.InfoCentre.Graphics.Dashboard.dll

MD5: 472132701a535bcd7d97c1897b513a3c C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.InfoCentre.Graphics.Wizard\2.0.2861.39858__90ba9c70f846762e\CLI.Aspect.InfoCentre.Graphics.Wizard.dll

MD5: 2ac043a9b714a447527601ee58740767 C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.MMVideo.Graphics.Dashboard\2.0.2861.39963__90ba9c70f846762e\CLI.Aspect.MMVideo.Graphics.Dashboard.dll

MD5: a087f0581e56ad582433a50f5b0e3c2d C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.MMVideo.Graphics.Runtime\2.0.2861.39963__90ba9c70f846762e\CLI.Aspect.MMVideo.Graphics.Runtime.dll

MD5: 1f825a2986526fcd968cce49bec3586b C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.MMVideo.Graphics.Shared\2.0.2820.26385__90ba9c70f846762e\CLI.Aspect.MMVideo.Graphics.Shared.dll

MD5: 20eecaa2ba4937ddebf183d4c51881c7 C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.MMVideo.Graphics.Wizard\2.0.2861.40030__90ba9c70f846762e\CLI.Aspect.MMVideo.Graphics.Wizard.dll

MD5: ca7e0198ea01308136ef45b181a3bbd9 C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.OverDrive5.Graphics.Dashboard\2.0.2861.40093__90ba9c70f846762e\CLI.Aspect.OverDrive5.Graphics.Dashboard.dll

MD5: 4dfd724d5b76c8bccbc69be387f30878 C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.OverDrive5.Graphics.Runtime\2.0.2861.40093__90ba9c70f846762e\CLI.Aspect.OverDrive5.Graphics.Runtime.dll

MD5: d8291cd15043e6b5719ffa9ef6078e80 C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.OverDrive5.Graphics.Shared\2.0.2820.26382__90ba9c70f846762e\CLI.Aspect.OverDrive5.Graphics.Shared.dll

MD5: fb6a247fd51d49cb566c9e34fc406bd3 C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.Radeon3D.Graphics.Dashboard\2.0.2861.40012__90ba9c70f846762e\CLI.Aspect.Radeon3D.Graphics.Dashboard.dll

MD5: d417c3f6ef8c237741bb7b949f794119 C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.Radeon3D.Graphics.Runtime\2.0.2861.40011__90ba9c70f846762e\CLI.Aspect.Radeon3D.Graphics.Runtime.dll

MD5: c80bcb090e3d43e46beff142fc1d1d5a C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.Radeon3D.Graphics.Shared\2.0.2820.26387__90ba9c70f846762e\CLI.Aspect.Radeon3D.Graphics.Shared.dll

MD5: 937067933f5b6e0f91b1915538de28c5 C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.Radeon3D.Graphics.Wizard\2.0.2861.40018__90ba9c70f846762e\CLI.Aspect.Radeon3D.Graphics.Wizard.dll

MD5: 29b6186b02e29fefb10ca08f346b9b58 C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.SmartGart.Graphics.Dashboard\2.0.2861.39885__90ba9c70f846762e\CLI.Aspect.SmartGart.Graphics.Dashboard.dll

MD5: 17d19a705baa9fe914d51b07f64253fe C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.SmartGart.Graphics.Runtime\2.0.2861.39891__90ba9c70f846762e\CLI.Aspect.SmartGart.Graphics.Runtime.dll

MD5: a2b826f0d079318048780e149f53256c C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.SmartGart.Graphics.Shared\2.0.2820.26383__90ba9c70f846762e\CLI.Aspect.SmartGart.Graphics.Shared.dll

MD5: 4d319fbcc09185b977ba3a5cdf08e373 C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.TransCode.Graphics.Shared\2.0.2820.26396__90ba9c70f846762e\CLI.Aspect.TransCode.Graphics.Shared.dll

MD5: 687cbdbd5a90721a743fe27f20fdb59e C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.TransCode.Graphics.Wizard\2.0.2861.40070__90ba9c70f846762e\CLI.Aspect.TransCode.Graphics.Wizard.dll

MD5: b26fb73c435ec5ffce3cb1d442a69e82 C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.VPURecover.Graphics.Dashboard\2.0.2861.39852__90ba9c70f846762e\CLI.Aspect.VPURecover.Graphics.Dashboard.dll

MD5: 982f05f69d48c8114be9285f82bb963b C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.VPURecover.Graphics.Runtime\2.0.2861.39851__90ba9c70f846762e\CLI.Aspect.VPURecover.Graphics.Runtime.dll

MD5: 8aeebe6ab9f0fb4d8471c6b3ddc25609 C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.VPURecover.Graphics.Shared\2.0.2820.26383__90ba9c70f846762e\CLI.Aspect.VPURecover.Graphics.Shared.dll

MD5: 09050fefc1c0ba97e62b1ebe1c8bec42 C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.Welcome.Graphics.Dashboard\2.0.2861.40076__90ba9c70f846762e\CLI.Aspect.Welcome.Graphics.Dashboard.dll

MD5: e9c18f0ac90eb6c43fa778fc53b8c812 C:\WINDOWS\assembly\GAC_MSIL\CLI.Caste.Graphics.Dashboard.Shared\2.0.2820.26382__90ba9c70f846762e\CLI.Caste.Graphics.Dashboard.Shared.dll

MD5: 04f7d4a7cfb4c0b5ee7461ce345de3aa C:\WINDOWS\assembly\GAC_MSIL\CLI.Caste.Graphics.Dashboard\2.0.2861.39817__90ba9c70f846762e\CLI.Caste.Graphics.Dashboard.dll

MD5: ed36787fcc8af7fa7d3f3319165ff8d4 C:\WINDOWS\assembly\GAC_MSIL\CLI.Caste.Graphics.Runtime.Shared.Private\2.0.2820.26388__90ba9c70f846762e\CLI.Caste.Graphics.Runtime.Shared.Private.dll

MD5: 2108dbda34e7af0b8626e5131dc619bb C:\WINDOWS\assembly\GAC_MSIL\CLI.Caste.Graphics.Runtime\2.0.2861.39803__90ba9c70f846762e\CLI.Caste.Graphics.Runtime.dll

MD5: 8e7072ced645baa3c9c37f3d5e1ec832 C:\WINDOWS\assembly\GAC_MSIL\CLI.Caste.Graphics.Shared\2.0.2820.26372__90ba9c70f846762e\CLI.Caste.Graphics.Shared.dll

MD5: 23efafc585536b5e20ef6478828cf679 C:\WINDOWS\assembly\GAC_MSIL\CLI.Caste.Graphics.Wizard.Shared\2.0.2820.26383__90ba9c70f846762e\CLI.Caste.Graphics.Wizard.Shared.dll

MD5: 184131a5ca7f6a635be27a4094e00965 C:\WINDOWS\assembly\GAC_MSIL\CLI.Caste.Graphics.Wizard\2.0.2861.39837__90ba9c70f846762e\CLI.Caste.Graphics.Wizard.dll

MD5: 5499d9b4577216d66ebdd2af16bab8ab C:\WINDOWS\assembly\GAC_MSIL\CLI.Caste.HydraVision.Dashboard\2.0.2861.40094__90ba9c70f846762e\CLI.Caste.HydraVision.Dashboard.dll

MD5: 7d468f368e47da128b66c39039be0730 C:\WINDOWS\assembly\GAC_MSIL\CLI.Caste.HydraVision.Runtime\2.0.2861.40095__90ba9c70f846762e\CLI.Caste.HydraVision.Runtime.dll

MD5: 225197ff7e8c0fa42a6d6184baec1bf1 C:\WINDOWS\assembly\GAC_MSIL\CLI.Caste.HydraVision.Shared\2.0.2861.40094__90ba9c70f846762e\CLI.Caste.HydraVision.Shared.dll

MD5: f01ebc0b2ed6e68a9971455e8554573e C:\WINDOWS\assembly\GAC_MSIL\CLI.Component.Client.Shared.Private\2.0.2820.26374__90ba9c70f846762e\CLI.Component.Client.Shared.Private.dll

MD5: 60ecd267fc309baba178e6d95bef68cb C:\WINDOWS\assembly\GAC_MSIL\CLI.Component.Client.Shared\2.0.2820.26371__90ba9c70f846762e\CLI.Component.Client.Shared.dll

MD5: ab2fb1646b95987fa9ef7e67dd293777 C:\WINDOWS\assembly\GAC_MSIL\CLI.Component.Dashboard.Shared.Private\2.0.2820.26376__90ba9c70f846762e\CLI.Component.Dashboard.Shared.Private.dll

MD5: a85dab9528e3d418ae09067b8f34fc4f C:\WINDOWS\assembly\GAC_MSIL\CLI.Component.Dashboard.Shared\2.0.2820.26374__90ba9c70f846762e\CLI.Component.Dashboard.Shared.dll

MD5: 223f85750ec2c7b8044731703af967d4 C:\WINDOWS\assembly\GAC_MSIL\CLI.Component.Dashboard\2.0.2861.39811__90ba9c70f846762e\CLI.Component.Dashboard.dll

MD5: d64b1513e29c7a8029ae24e785cdd7f7 C:\WINDOWS\assembly\GAC_MSIL\CLI.Component.Runtime.Extension.EEU\2.0.2861.39795__90ba9c70f846762e\CLI.Component.Runtime.Extension.EEU.dll

MD5: 486af0e2cff506068706f6fb57dd46e0 C:\WINDOWS\assembly\GAC_MSIL\CLI.Component.Runtime.Shared.Private\2.0.2820.26374__90ba9c70f846762e\CLI.Component.Runtime.Shared.Private.dll

MD5: 4a9e04d2398a0d018248247a2e0ed0c5 C:\WINDOWS\assembly\GAC_MSIL\CLI.Component.Runtime.Shared\2.0.2820.26374__90ba9c70f846762e\CLI.Component.Runtime.Shared.dll

MD5: 4bf6ff025591a47ebe491631ec9bf4a1 C:\WINDOWS\assembly\GAC_MSIL\CLI.Component.Runtime\2.0.2861.39795__90ba9c70f846762e\CLI.Component.Runtime.dll

MD5: ec2b56764912ca6009cd681219b8d63e C:\WINDOWS\assembly\GAC_MSIL\CLI.Component.Wizard.Shared.Private\2.0.2820.26394__90ba9c70f846762e\CLI.Component.Wizard.Shared.Private.dll

MD5: 1b5da9ecb3d4d301a911c62e60c459cc C:\WINDOWS\assembly\GAC_MSIL\CLI.Component.Wizard.Shared\2.0.2820.26375__90ba9c70f846762e\CLI.Component.Wizard.Shared.dll

MD5: 3eddf788c9acd9f07091372ac1670406 C:\WINDOWS\assembly\GAC_MSIL\CLI.Component.Wizard\2.0.2861.39832__90ba9c70f846762e\CLI.Component.Wizard.dll

MD5: d0305117aef39f7c05cc7ba99d90ad86 C:\WINDOWS\assembly\GAC_MSIL\CLI.Foundation.Private\2.0.2820.26371__90ba9c70f846762e\CLI.Foundation.Private.dll

MD5: c5874e664ab049dc63b498fb164d4af2 C:\WINDOWS\assembly\GAC_MSIL\CLI.Foundation.XManifest\2.0.2820.26409__90ba9c70f846762e\CLI.Foundation.XManifest.dll

MD5: 35f2eb0b37bb1ebb2f456c9dd7133149 C:\WINDOWS\assembly\GAC_MSIL\CLI.Foundation\2.0.2820.26370__90ba9c70f846762e\CLI.Foundation.dll

MD5: 0deab952a0a36abcb6270fe45d3cace1 C:\WINDOWS\assembly\GAC_MSIL\DEM.Graphics.I0703\2.0.2651.18802__90ba9c70f846762e\DEM.Graphics.I0703.dll

MD5: 2e7fab502a8615b1aab0eab35afbca3b C:\WINDOWS\assembly\GAC_MSIL\DEM.Graphics.I0706\2.0.2743.23304__90ba9c70f846762e\DEM.Graphics.I0706.dll

MD5: c88a2e8d94a62e17c4a331a019cd5bd0 C:\WINDOWS\assembly\GAC_MSIL\DEM.Graphics\2.0.2820.26382__90ba9c70f846762e\DEM.Graphics.dll

MD5: d7ccbf713c83bf216cb008b50a012455 C:\WINDOWS\assembly\GAC_MSIL\DEM.OS.I0602\2.0.2820.26382__90ba9c70f846762e\DEM.OS.I0602.dll

MD5: 600641374c0a945f67cfa200de9c5d5b C:\WINDOWS\assembly\GAC_MSIL\DEM.OS\2.0.2820.26381__90ba9c70f846762e\DEM.OS.dll

MD5: 876535655900a0465ec70c98ac287bdf C:\WINDOWS\assembly\GAC_MSIL\LOG.Foundation.Implementation.Private\2.0.2820.26376__90ba9c70f846762e\LOG.Foundation.Implementation.Private.dll

MD5: d3c70f52bd180b4964ea1690def6e9e7 C:\WINDOWS\assembly\GAC_MSIL\LOG.Foundation.Implementation\2.0.2861.40060__90ba9c70f846762e\LOG.Foundation.Implementation.dll

MD5: 1e5f7bc2c6c3aa79aec9b3f100ae751f C:\WINDOWS\assembly\GAC_MSIL\LOG.Foundation.Private\2.0.2820.26371__90ba9c70f846762e\LOG.Foundation.Private.dll

MD5: b8c38a10d3fa297006e13e4dbba92b61 C:\WINDOWS\assembly\GAC_MSIL\LOG.Foundation\2.0.2820.26369__90ba9c70f846762e\LOG.Foundation.dll

MD5: bc804a421d4d76e2eac659a60bb4950d C:\WINDOWS\assembly\GAC_MSIL\MOM.Foundation\2.0.2820.26375__90ba9c70f846762e\MOM.Foundation.dll

MD5: 84608a778f3a9f66f3cc82248d716666 C:\WINDOWS\assembly\GAC_MSIL\MOM.Implementation\2.0.2861.40061__90ba9c70f846762e\MOM.Implementation.dll

MD5: aa90ba4ff3f481120e07c62f4cd4b7f2 C:\WINDOWS\assembly\GAC_MSIL\NEWAEM.Foundation\2.0.2820.26370__90ba9c70f846762e\NEWAEM.Foundation.dll

MD5: ebaadbbfb6c455e54eb6a0e47267d33c C:\WINDOWS\assembly\GAC_MSIL\System.Management\2.0.0.0__b03f5f7f11d50a3a\System.Management.dll

MD5: 2849f13593d2712ccb97ffbdd3c1232e C:\WINDOWS\assembly\GAC_MSIL\System.Runtime.Remoting\2.0.0.0__b77a5c561934e089\System.Runtime.Remoting.dll

MD5: 617fb85504f7be3d0231b5c67724b1ba C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\mscorlib\0309936a8e1672d39b9cf14463ce69f9\mscorlib.ni.dll

MD5: 9ce4c55de31514bb4b8f1d5630a60db5 C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Drawing\a59b17e6040e3f6286a2227dfdb17096\System.Drawing.ni.dll

MD5: bf747c662068f4cf14bc1b8bf53626e5 C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Web\1fb5d8788c9a9a7f44e2d0fa19c62729\System.Web.ni.dll

MD5: a0bffbbba64918230f3936191c1f34af C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\29d16d2f164fe2263539789ecd0d9d4f\System.Windows.Forms.ni.dll

MD5: f32d44a584a0b78ef3c8c1bc156ff99a C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Xml\f354057a5b4fad4c399da28449ba0d92\System.Xml.ni.dll

MD5: f4e1f9d3b2762bba015ba723792f51f4 C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System\f6a9a002526806f3a5b745cf5c407cae\System.ni.dll

MD5: 387804211a84dca79a7238e4406a1f21 C:\WINDOWS\Downloaded Program Files\FP_AX_CAB_INSTALLER.exe

MD5: 5605dbe21beaeb2a737984a8ff8c9c9a C:\WINDOWS\Downloaded Program Files\FPDC.dll

MD5: 34e93a8bca80a21c05cf335a7f792250 C:\WINDOWS\Downloaded Program Files\npsoe.dll

MD5: e05f2c46831874bcf5e12779dca45ffe C:\WINDOWS\Downloaded Program Files\p3dactivex.ocx

MD5: 823451876778f382b23afe20ef2ddc20 C:\WINDOWS\Downloaded Program Files\qsax.dll

MD5: d43637f8e835ddf2fe95fbe6242494b0 C:\WINDOWS\IME\SPGRMR.DLL

MD5: f6faec07446a78a9c5af4558ff5bd118 C:\WINDOWS\ime\sptip.dll

MD5: 2bac92e8ac5e16ed60062e9141b8d5f6 C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorjit.dll

MD5: 429e3efafcae6c89a57cd5d8e3442cae C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorwks.dll

MD5: 35a936c7c029a5b705d3ffd40518d660 C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\WMINet_Utils.dll

MD5: ab87eeffd18f2baafc274e7075ea6c67 C:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll

MD5: c7bcc9fa57432eab692866ae3b58ad97 C:\WINDOWS\system32\Ati2edxx.dll

MD5: 209bfaf06e24c1bd658610192d38455c C:\WINDOWS\system32\Ati2evxx.dll

MD5: 465874ca7ce49a2154104509a5a42936 C:\WINDOWS\SYSTEM32\ati2evxx.exe

MD5: 3483e6d18b811229a337ff1d105270d9 C:\WINDOWS\SYSTEM32\ati2sgag.exe

MD5: b3788ffc4be928fce73cedb1085ba688 C:\WINDOWS\system32\ATIDEMGX.dll

MD5: 948bc953a31264bf44bef57102478fe4 C:\WINDOWS\system32\atioglx232.dll

MD5: e0924841120ba19e43ab1c3b2c167661 C:\WINDOWS\SYSTEM32\atioglx232.exe

MD5: ef92f081d86e3716fc4b8585856333fa C:\WINDOWS\system32\atipdlxx.dll

MD5: c7bd18da1a6e114d2ee4a0bac290de63 C:\WINDOWS\system32\CNMLM97.DLL

MD5: 93afb83fbc1f9443cac722fca63d73bf C:\WINDOWS\system32\comctl32.dll

MD5: ed0c0df222209e43ad9afbf3fe87dde0 C:\WINDOWS\system32\comsvcs.dll

MD5: 8fcf03e4d7be9b5587ccf11719959006 C:\WINDOWS\system32\corpol.dll

MD5: bdaaf79dd63f194434d31a74b9bb8b77 C:\WINDOWS\system32\CRYPT32.dll

MD5: c14350fc0d47d806699c4f907fc6785b C:\WINDOWS\system32\cryptnet.dll

MD5: 515a7fae2070c2b0242b2353443e2f11 C:\WINDOWS\system32\cscdll.dll

MD5: 2a9e427681169f02274ad8c17d52fa2d C:\WINDOWS\system32\CSRSRV.dll

MD5: 3c8b6609712f4ff78e521f6dcfc4032b C:\WINDOWS\SYSTEM32\CTSVCCDA.EXE

MD5: 56adb11f7d4d0816c0be1e701c1b5e52 C:\WINDOWS\system32\D3DIM700.DLL

MD5: e2092f0a1d7abc243f9c2362483d150d C:\WINDOWS\System32\dimsntfy.dll

MD5: 389496118b3b03c2328024af320132ac C:\WINDOWS\system32\DNSAPI.dll

MD5: 5f7e24fa9eab896051ffb87f840730d2 c:\windows\system32\dnsrslvr.dll

MD5: 914a9709fc3bf419ad2f85547f2a4832 C:\WINDOWS\System32\DRIVERS\61883.sys

MD5: 355556d9e580915118cd7ef736653a89 C:\WINDOWS\System32\drivers\afd.sys

MD5: 7790f8d1000fce5cfd33ccf4f861928f C:\WINDOWS\system32\DRIVERS\ati2mtag.sys

MD5: f8e6956a614f15a0860474c5e2a7de6b C:\WINDOWS\System32\DRIVERS\avc.sys

MD5: 4c638290979600ae2ae329d1608ad2ec C:\WINDOWS\System32\drivers\ctac32k.sys

MD5: cf5662375781f741513c169cd4094100 C:\WINDOWS\system32\drivers\ctaud2k.sys

MD5: 437f2b31ba8b6b264d38b4fe6682faec C:\WINDOWS\System32\drivers\ctdvda2k.sys

MD5: f0184fe6069be1541a3d18c02a73d161 C:\WINDOWS\system32\drivers\ctoss2k.sys

MD5: 678849d1af0750f68dbdc185252d5926 C:\WINDOWS\System32\drivers\ctprxy2k.sys

MD5: 3a076ebfbbbd6879a78863944980da32 C:\WINDOWS\System32\drivers\ctsfm2k.sys

MD5: a8b3ec8ee13cbe14f067c72110155a1b C:\WINDOWS\System32\DRIVERS\e1000325.sys

MD5: 6e883bf518296a40959131c2304af714 C:\WINDOWS\System32\DRIVERS\el90xbc5.sys

MD5: f7511cf63ef82f7227c03028a3abadb5 C:\WINDOWS\System32\drivers\emupia2k.sys

MD5: f24dd43adc784177b28984043bc022ab C:\WINDOWS\System32\drivers\ha10kx2k.sys

MD5: ff65c807ea641ff7310a61be4dec6479 C:\WINDOWS\System32\drivers\hap16v2k.sys

MD5: 06b7ef73ba5f302eecc294cdf7e19702 C:\WINDOWS\System32\DRIVERS\i81xnt5.sys

MD5: 50b56e7de809be4b8f4d24b3f0381520 C:\WINDOWS\system32\drivers\iaStor.sys

MD5: a3e700d78eec390f1208098cdca5c6b6 C:\WINDOWS\system32\DRIVERS\MarvinBus.sys

MD5: b18225739ed9caa83ba2df966e9f43e8 C:\WINDOWS\system32\drivers\mbamswissarmy.sys

MD5: 0dc719e9b15e902346e87e9dcd5751fa C:\WINDOWS\System32\DRIVERS\mrxsmb.sys

MD5: 1477849772712bac69c144dcf2c9ce81 C:\WINDOWS\System32\DRIVERS\msdv.sys

MD5: 53d5f1278d9edb21689bbbcecc09108d C:\WINDOWS\System32\DRIVERS\omci.sys

MD5: c90018bafdc7098619a4a95b046b30f3 C:\WINDOWS\System32\DRIVERS\p3.sys

MD5: 1bebe7de8508a02650cdce45c664c2a2 C:\WINDOWS\system32\drivers\pclepci.sys

MD5: c8a2d6ff660ac601b7bb9a9b16a5c25e C:\WINDOWS\System32\drivers\PfModNT.sys

MD5: e4910ce9d882bf825979fcf4636a9bd8 C:\WINDOWS\system32\DRIVERS\point32.sys

MD5: d9b34325ee5df78b8f28a3de9f577c7d C:\WINDOWS\system32\DRIVERS\RimSerial.sys

MD5: 1a21f6743f5436c9f58b8762ea3d60cf C:\WINDOWS\System32\DRIVERS\serial.sys

MD5: 47ddfc2f003f7f9f0592c6874962a2e7 C:\WINDOWS\System32\DRIVERS\srv.sys

MD5: a4e07da3ae2078bd96e84d4baa07b71d C:\WINDOWS\System32\Drivers\ULCDRHlp.sys

MD5: d4fb6ecc60a428564ba8768b0e23c0fc C:\WINDOWS\System32\Drivers\usbaapl.sys

MD5: d46ceaf88f2973e4368c9febea89526b C:\WINDOWS\System32\Drivers\USIUDF.sys

MD5: 7b5b44efe5eb9dadfb8ee29700885d23 C:\WINDOWS\System32\DRIVERS\wADV01nt.sys

MD5: eb1f6bab6c22ede0ba551b527475f7e9 C:\WINDOWS\System32\DRIVERS\wADV02NT.sys

MD5: 03ce989d846c1aa81145cb22fcb86d06 C:\WINDOWS\System32\DRIVERS\wADV05NT.sys

MD5: d83bdd5c059667a2f647a6be5703a4d2 C:\WINDOWS\System32\DRIVERS\wATV01nt.sys

MD5: ed968d23354daa0d7c621580c012a1f6 C:\WINDOWS\System32\DRIVERS\wATV02NT.sys

MD5: d738273f218a224c1ddac04203f27a84 C:\WINDOWS\System32\DRIVERS\wATV04nt.sys

MD5: 0052d118995cbab152daabe6106d1442 C:\WINDOWS\System32\DRIVERS\wCh7xxNT.sys

MD5: 525849b4469de021d5d61b4db9be3a9d C:\WINDOWS\System32\DRIVERS\wSiINTxx.sys

MD5: 589c2bcdb5bd602bf7b63d210407ef8c C:\WINDOWS\System32\DRIVERS\wVchNTxx.sys

MD5: e989e4badcccf78e18aabf3d42b306ce C:\WINDOWS\system32\drmv2clt.dll

MD5: 798f8a11df4724de94a59e15c7705697 C:\WINDOWS\system32\EBPMON24.DLL

MD5: f5b754cdea20bbb3a31e16a776ede6d6 c:\windows\system32\ESENT.dll

MD5: af61826b82de7b95d5db8ee075a172d2 C:\WINDOWS\system32\ieframe.dll

MD5: c0b6195f1afda4a3061915501eb75d4a C:\WINDOWS\system32\iepeers.dll

MD5: ba356bd33397936d2e292cb00f80c164 C:\WINDOWS\system32\iertutil.dll

MD5: e0924841120ba19e43ab1c3b2c167661 C:\WINDOWS\SYSTEM32\ippromon32.exe

MD5: 0689622e6484934eb6e5f4d3a96311f9 C:\WINDOWS\system32\jscript.dll

MD5: a525c96c51d55111fdf3bea9ffffc7ae C:\WINDOWS\system32\kerberos.dll

MD5: 20fa028cb6506591a99c51432a3c0174 C:\WINDOWS\system32\LangWrbk.dll

MD5: bd31dc6dbe9333c4fbd4bdf0899f2160 C:\WINDOWS\system32\LSASRV.dll

MD5: efbef826c183cf8edab324ce514d69b7 C:\WINDOWS\system32\Macromed\Flash\Flash10t.ocx

MD5: 22ba5235ea846eda87f68a1dcc2bfcf9 C:\WINDOWS\system32\mshtml.dll

MD5: d3f72d50de53f9f1f55240115af4d42e C:\WINDOWS\System32\msi.dll

MD5: 98e53ca00d3c0a2e9faa4e59c101aeba C:\WINDOWS\system32\mslbui.dll

MD5: 581176f60885aef8f78c6e38dcc3cdf9 C:\WINDOWS\SYSTEM32\MsPMSPSv.exe

MD5: 585992d78b671aaa075c02241309795d C:\WINDOWS\system32\MSVCIRT.dll

MD5: 943337d786a56729263071623bbb9de5 C:\WINDOWS\system32\mswsock.dll

MD5: 062f837c1fbdb6a0a75f82efc2ee8e74 c:\windows\system32\netshell.dll

MD5: 5e28284f9b5f9097640d58a73d38ad4c C:\WINDOWS\SYSTEM32\notepad.exe

MD5: f8f0d25ca553e39dde485d8fc7fcce89 C:\WINDOWS\system32\ntdll.dll

MD5: 40b0f98bad16ad5def894e88c3ef8014 C:\WINDOWS\system32\ODBC32.dll

MD5: 7a6a7900b5e322763430ba6fd9a31224 C:\WINDOWS\system32\ole32.dll

MD5: 1b2be5777f69a71778f52ffee1c798d6 C:\WINDOWS\system32\OLEAUT32.dll

MD5: 0e01d7eebada0b324db0ca1ee73440ba C:\WINDOWS\SYSTEM32\PnkBstrA.exe

MD5: fbdb9d0935b9907b809b381fddf1627f C:\WINDOWS\system32\REGSVR32.EXE

MD5: d4502f124289a31976130cccb014c9aa C:\WINDOWS\system32\RPCRT4.dll

MD5: abeedd547e939ad827b2e29dec754206 C:\WINDOWS\system32\schannel.dll

MD5: 26cb10fa893f940ab09713ff46dcdade C:\WINDOWS\system32\SHDOCVW.dll

MD5: e86423aa9aa8c382af02b94a058dc2aa C:\WINDOWS\system32\SHELL32.dll

MD5: 99bc0b50f511924348be19c7c7313bbf C:\WINDOWS\system32\SHSVCS.dll

MD5: 1e35825eed687981f94aa15b2fe85deb C:\WINDOWS\System32\spool\PRTPROCS\W32X86\CNMPD97.DLL

MD5: 60784f891563fb1b767f70117fc2428f C:\WINDOWS\SYSTEM32\spoolsv.exe

MD5: 3a7c3cbe5d96b8ae96ce81f0b22fb527 c:\windows\system32\srvsvc.dll

MD5: 5e453cb99df0838226defc05f3484cdf C:\WINDOWS\System32\ssmypics.scr

MD5: 3caeae7608f1bd7ba873a3b02895b106 C:\WINDOWS\System32\sti.dll

MD5: 053582991ffde38fc470d6ed7133a297 C:\WINDOWS\system32\udhisapi.dll

MD5: 78bb1e601edab917094b0260a5a57c85 C:\WINDOWS\system32\urlmon.dll

MD5: a93aee1928a9d7ce3e16d24ec7380f89 c:\windows\system32\userinit.exe

MD5: 9e03dc5ab51cfd0190541ce2038d819d C:\WINDOWS\system32\USP10.dll

MD5: 31cf51dcda1424b813cc97b20f71b431 C:\WINDOWS\system32\vbscript.dll

MD5: 147429092c26d18af550790ac102f32a C:\WINDOWS\system32\WgaLogon.dll

MD5: cc951c2212a200475a587a440e0aa804 C:\WINDOWS\system32\WININET.dll

MD5: d72b9ec3337b247a666f098f3d6b43de C:\WINDOWS\System32\winrnr.dll

MD5: ec0a223c4854e98a3afb2c31b7b420a0 C:\WINDOWS\system32\winsrv.dll

MD5: 2cc34e8bb667eef78899546e12649196 C:\WINDOWS\system32\WlNotify.dll

MD5: 4f372c68f7d7546171473870f307ca17 C:\WINDOWS\system32\wmdrmdev.dll

MD5: 01446aca514121e876126c13b1332102 C:\WINDOWS\system32\wmdrmnet.dll

MD5: 77b4be0c9aa0ac78884d8e7cfb315463 C:\WINDOWS\system32\wmp.dll

MD5: e8885a533a3d46209851433e3b9b3bc4 C:\WINDOWS\system32\wmploc.dll

MD5: 3b8cfda90efaa65901ecc2edcad4d1ef C:\WINDOWS\system32\wmpmde.dll

MD5: 5ccb54a9cf8fc5e3251374e0dc9c45bb C:\WINDOWS\system32\wmpps.dll

MD5: f92e1076c42fcd6db3d72d8cfe9816d5 C:\WINDOWS\SYSTEM32\wscntfy.exe

MD5: 5caf91e865fe0c85048a233e594544d2 c:\windows\system32\WUDFPlatform.dll

MD5: 16403217ab6fc5c30c14c6b12098ad4b C:\WINDOWS\System32\xpsp2res.dll

MD5: ccc2e312486ae6b80970211da472268b C:\WINDOWS\WinSxS\x86_Microsoft.VC80.MFC_1fc8b3b9a1e18e3b_8.0.50727.762_x-ww_3bf8fa05\MFC80U.DLL

MD5: 736b12b725aeb2b07f0241a9f680cb10 C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.6028_x-ww_61e65202\comctl32.dll

MD5: 33d9b7bb7ba323bafe489df033dac824 C:\WINDOWS\WinSxS\x86_Microsoft.Windows.GdiPlus_6595b64144ccf1df_1.0.6002.22509_x-ww_c7dad023\gdiplus.dll

The following file(s) must be uploaded for server-side scanning:

C:\WINDOWS\System32\DRIVERS\serial.sys

Upload started - 1 file(s)

serial.sys (64512)

Upload speed - 26 KB/s

Upload finished - 1 uploaded, 0 failed

The uploaded file(s) were found clean.

Scan finished - communication took 3 sec

Total traffic - 0.08 MB sent, 1.41 KB recvd

Scanned 798 files and modules - 37 seconds

==============================================================================

Link to post
Share on other sites

My apologies for the delay.

We have a LOT more fixing to do.

First,

You have the Spyarsenal Home Keylogger installed on your computer - this is without a doubt spyware

We need to remove this program immediately.

Please download and install Revo Uninstaller (Freeware) from here. Then please run Revo Uninstaller and select Family Key Logger.

Please click Uninstall icon to uninstall the selected program.

2ev563d.gif

Please choose Advanced.

aubbd2.gif

Then click Next and follow the prompts.

Please click Select All (1.) and Delete (2.)

2hdphqf.gif

to delete all registry items, folders and files listed by Revo.

If asked to restart the computer, please do so immediately.

----------

Next,

Please download SystemLook from one of the links below and save it to your Desktop.

Download Mirror #1

Download Mirror #2

  • Double-click SystemLook.exe to run it.
  • Copy the content of the following codebox into the main textfield:

    :filefind
    serial.sys


  • Click the Look button to start the scan.
  • When finished, a notepad window will open with the results of the scan. Please post this log in your next reply.

Note: The log can also be found at on your Desktop entitled SystemLook.txt

Link to post
Share on other sites

the uninstaller didnt find the keylogger...heres the system look file though

SystemLook 30.07.11 by jpshortstuff

Log created at 07:34 on 01/08/2011 by Garrett

Administrator - Elevation successful

========== filefind ==========

Searching for "serial.sys"

C:\I386\SERIAL.SYS --a--c- 62464 bytes [03:33 31/05/2004] [10:00 29/08/2002] DC7CBFEC14B1B38BCF32ABA922FFEAAD

C:\WINDOWS\$NtServicePackUninstall$\serial.sys -----c- 64896 bytes [02:57 24/08/2008] [06:15 04/08/2004] CD9404D115A00D249F70A371B46D5A26

C:\WINDOWS\maxdrive\serial.sys --a---- 64512 bytes [10:00 29/08/2002] [19:15 13/04/2008] 1A21F6743F5436C9F58B8762EA3D60CF

C:\WINDOWS\ServicePackFiles\i386\serial.sys -----c- 64512 bytes [06:15 04/08/2004] [19:15 13/04/2008] CCA207A8896D4C6A0C9CE29A4AE411A7

C:\WINDOWS\SYSTEM32\DRIVERS\serial.sys --a---- 64512 bytes [10:00 29/08/2002] [19:15 13/04/2008] 1A21F6743F5436C9F58B8762EA3D60CF

-= EOF =-

Link to post
Share on other sites

My apologies for the delay,

First,

BackupYour Registry with ERUNT

  • Please go here, scroll down to ERUNT, and download.
  • For version with the Installer:
    Use the setup program to install ERUNT on your computer
  • For the zipped version:
    Unzip all the files into a folder of your choice.

Click Erunt.exe to backup your Registry to the folder of your choice.

Note: To restore your Registry, go to the folder and start ERDNT.exe

-------

Please do the following:

1. Close any open browsers.

2. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

3. Open notepad and copy/paste the text in the quotebox below into it:

KILLALL::

File::

C:\WINDOWS\SYSTEM32\atioglx232.exe

C:\WINDOWS\SYSTEM32\ippromon32.exe

C:\WINDOWS\system32\atioglx232.dll

Folder::

C:\Program Files\Home

FCopy::

C:\WINDOWS\ServicePackFiles\i386\serial.sys | C:\WINDOWS\SYSTEM32\DRIVERS\serial.sys

Registry::

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"HomeKeyLogger"-

Reboot::

Save this as CFScript.txt, in the same location as ComboFix.exe

CFScriptB-4.gif

Refering to the picture above, drag CFScript into ComboFix.exe

When finished, it shall produce a log for you at C:\ComboFix.txt which I shall require in your next reply.

Note: Do not mouseclick combofix's window whilst it's running. That may cause it to stall.

Please include the newly-created C:\ComboFix.txt in your next reply, and let me know how things are running now ;)

Link to post
Share on other sites

ComboFix 11-08-01.02 - Garrett 08/01/2011 12:39:51.2.2 - x86

Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.2303.1717 [GMT -5:00]

Running from: c:\documents and settings\Garrett\Desktop\ComboFix.exe

Command switches used :: c:\documents and settings\Garrett\Desktop\CFScript.txt

* Created a new restore point

.

FILE ::

"c:\windows\system32\atioglx232.dll"

"c:\windows\SYSTEM32\atioglx232.exe"

"c:\windows\SYSTEM32\ippromon32.exe"

.

.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))

.

.

c:\documents and settings\Garrett\hrlnqgvdcb.tmp

c:\program files\Home

c:\program files\Home\bg1.gif

c:\program files\Home\FAQ.html

c:\program files\Home\fkllogo.gif

c:\program files\Home\KeyLog.txt

c:\program files\Home\KeyLogger.Dll

c:\program files\Home\KeyLogger.exe

c:\program files\Home\LICENSE.TXT

c:\program files\Home\Links\Download lastest version.url

c:\program files\Home\Links\Mail to support.url

c:\program files\Home\Links\Program's home page.url

c:\program files\Home\Links\Try Family Key Logger.url

c:\program files\Home\OtherProducts.html

c:\program files\Home\QuickStart.html

c:\program files\Home\README.TXT

c:\program files\Home\uninstall.exe

c:\windows\system32\atioglx232.dll

c:\windows\SYSTEM32\atioglx232.exe

c:\windows\SYSTEM32\ippromon32.exe

.

.

--------------- FCopy ---------------

.

c:\windows\ServicePackFiles\i386\serial.sys --> c:\windows\SYSTEM32\DRIVERS\serial.sys

.

((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))

.

.

-------\Legacy_WinRM32

-------\Service_WinRM32

.

.

((((((((((((((((((((((((( Files Created from 2011-07-01 to 2011-08-01 )))))))))))))))))))))))))))))))

.

.

2011-08-01 12:24 . 2011-08-01 12:24 -------- d-----w- c:\program files\VS Revo Group

2011-08-01 00:29 . 2011-08-01 00:29 -------- d-----w- c:\documents and settings\Garrett\Application Data\QuickScan

2011-07-31 22:15 . 2011-07-31 22:15 -------- d-----w- c:\program files\ESET

2011-07-31 03:39 . 2011-07-31 03:51 -------- d-----w- c:\windows\maxdrive

2011-07-31 02:27 . 2011-07-07 18:28 520496 ----a-w- c:\windows\Listdlls.exe

2011-07-31 02:27 . 2011-05-17 17:48 423288 ----a-w- c:\windows\handle.exe

2011-07-08 15:47 . 2011-07-08 15:47 -------- d-----w- c:\program files\Apple Software Update

2011-07-08 15:44 . 2011-07-08 15:44 -------- d-----w- c:\program files\iPod

2011-07-08 15:44 . 2011-07-08 15:46 -------- d-----w- c:\program files\iTunes

.

.

.

(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2011-07-07 00:52 . 2009-11-22 17:43 41272 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys

2011-07-07 00:52 . 2009-11-22 17:43 22712 ----a-w- c:\windows\system32\drivers\mbam.sys

2011-06-30 22:54 . 2011-05-26 01:16 404640 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl

2011-06-02 14:02 . 2002-08-29 10:00 1858944 ------w- c:\windows\system32\win32k.sys

.

.

((((((((((((((((((((((((((((( SnapShot@2011-07-31_04.37.52 )))))))))))))))))))))))))))))))))))))))))

.

+ 2011-08-01 17:49 . 2011-08-01 17:49 16384 c:\windows\temp\Perflib_Perfdata_76c.dat

+ 2011-08-01 17:34 . 2011-08-01 17:34 454656 c:\windows\ERDNT\8-1-2011\Users\00000002\UsrClass.dat

+ 2011-08-01 17:34 . 2005-10-20 17:02 163328 c:\windows\ERDNT\8-1-2011\ERDNT.EXE

+ 2011-08-01 17:34 . 2011-08-01 17:34 6778880 c:\windows\ERDNT\8-1-2011\Users\00000001\ntuser.dat

+ 2011-07-20 23:34 . 2011-07-20 23:34 1220672 c:\windows\Downloaded Program Files\qsax.dll

.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))

.

.

*Note* empty entries & legit default entries are not shown

REGEDIT4

.

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"cdloader"="c:\documents and settings\Garrett\Application Data\mjusbsp\cdloader2.exe" [2011-05-16 50592]

"WMPNSCFG"="c:\program files\Windows Media Player\WMPNSCFG.exe" [2006-10-19 204288]

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"USIUDF_Eject_Monitor"="c:\program files\Common Files\Ulead Systems\DVD\USISrv.exe" [2004-12-23 81920]

"type32"="c:\program files\Microsoft IntelliType Pro\type32.exe" [2005-03-15 196608]

"StartCCC"="c:\program files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2006-11-10 90112]

"PRONoMgr.exe"="c:\program files\Intel\NCS\PROSet\PRONoMgr.exe" [2003-03-11 86016]

"News Service"="c:\program files\Charter High-Speed Security Suite\FSGUI\ispnews.exe" [2004-05-06 372736]

"MaxMenuMgr"="c:\program files\Seagate\SeagateManager\FreeAgent Status\StxMenuMgr.exe" [2009-05-01 185640]

"IAAnotif"="c:\program files\Intel\Intel Application Accelerator\iaanotif.exe" [2003-09-15 126976]

"F-Secure TNB"="c:\program files\Charter High-Speed Security Suite\TNB\TNBUtil.exe" [2004-05-27 684032]

"CanonMyPrinter"="c:\program files\Canon\MyPrinter\BJMyPrt.exe" [2009-07-07 1848648]

"AsioReg"="CTASIO.DLL" [2003-02-20 110592]

"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2010-11-29 421888]

"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2011-06-07 421160]

.

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Adobe Reader Speed Launch.lnk]

path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Adobe Reader Speed Launch.lnk

backup=c:\windows\pss\Adobe Reader Speed Launch.lnkCommon Startup

.

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^HotSync Manager.lnk]

path=c:\documents and settings\All Users\Start Menu\Programs\Startup\HotSync Manager.lnk

backup=c:\windows\pss\HotSync Manager.lnkCommon Startup

.

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^InterVideo WinCinema Manager.lnk]

path=c:\documents and settings\All Users\Start Menu\Programs\Startup\InterVideo WinCinema Manager.lnk

backup=c:\windows\pss\InterVideo WinCinema Manager.lnkCommon Startup

.

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Microsoft Office.lnk]

path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Microsoft Office.lnk

backup=c:\windows\pss\Microsoft Office.lnkCommon Startup

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SB Audigy 2 Startup Menu]

/L:ENG [X]

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\UserFaultCheck]

c:\windows\system32\dumprep 0 -u [X]

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CTDVDDet]

2002-09-30 06:00 45056 ----a-w- c:\program files\Creative\SBAudigy2\DVDAudio\CTDVDDET.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CTHelper]

2003-02-20 21:45 28672 ------w- c:\windows\SYSTEM32\CTHELPER.EXE

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CTSysVol]

2002-10-29 14:18 49152 ----a-w- c:\program files\Creative\SBAudigy2\Surround Mixer\CTSysVol.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DIGServices]

2005-05-19 18:55 101888 ----a-w- c:\program files\ESPNRunTime\DIGServices.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DIGStream]

2005-05-18 19:49 282624 ----a-w- c:\program files\DIGStream\digstream.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\F-Secure Manager]

2004-08-26 04:19 118832 ----a-w- c:\program files\Charter High-Speed Security Suite\Common\FSM32.EXE

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\F-Secure Startup Wizard]

2004-08-18 10:58 208896 ----a-w- c:\program files\Charter High-Speed Security Suite\FSGUI\fssw.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\igndlm.exe]

2007-03-05 19:57 1103480 ----a-w- c:\program files\IGN\Download Manager\DLM.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LaunchList]

2007-03-21 21:41 145496 ----a-w- c:\program files\Pinnacle\Studio 11\LaunchList2.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]

2010-11-29 23:38 421888 ----a-w- c:\program files\QuickTime\QTTask.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Ulead Quick-Drop]

2005-04-28 23:59 102400 ----a-w- c:\program files\Ulead Systems\Ulead DVD MovieFactory 4 Suite Deluxe\Ulead Quick-Drop 1.0\Quick-Drop.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\updateMgr]

2006-03-30 22:45 313472 ----a-r- c:\program files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WMPNSCFG]

2006-10-19 02:05 204288 ------w- c:\program files\Windows Media Player\wmpnscfg.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]

"mcupdmgr.exe"=3 (0x3)

"MCVSRte"=2 (0x2)

"McShield"=3 (0x3)

.

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]

"%windir%\\system32\\sessmgr.exe"=

"%windir%\\Network Diagnostic\\xpnetdiag.exe"=

"c:\\Program Files\\Pinnacle\\Studio 11\\programs\\RM.exe"=

"c:\\Program Files\\Pinnacle\\Studio 11\\programs\\Studio.exe"=

"c:\\Program Files\\Pinnacle\\Studio 11\\programs\\PMSRegisterFile.exe"=

"c:\\Program Files\\Pinnacle\\Studio 11\\programs\\umi.exe"=

"c:\\Program Files\\Logitech\\Logitech Harmony Remote Software 7\\HarmonyRemote.exe"=

"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=

"c:\\Program Files\\iTunes\\iTunes.exe"=

"c:\\Documents and Settings\\Garrett\\Application Data\\mjusbsp\\magicJack.exe"=

.

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]

"5985:TCP"= 5985:TCP:*:Disabled:Windows Remote Management

.

R2 FreeAgentGoNext Service;Seagate Service;c:\program files\Seagate\SeagateManager\Sync\FreeAgentService.exe [5/1/2009 2:35 PM 181544]

R2 Viewpoint Manager Service;Viewpoint Manager Service;c:\program files\Viewpoint\Common\ViewpointService.exe [1/11/2007 11:18 AM 24652]

S0 FSDFW;F-Secure Distributed Firewall Driver;c:\windows\system32\drivers\fsdfw.sys --> c:\windows\system32\drivers\fsdfw.sys [?]

S3 MBAMSwissArmy;MBAMSwissArmy;c:\windows\SYSTEM32\DRIVERS\mbamswissarmy.sys [11/22/2009 12:43 PM 41272]

S3 WinRM;Windows Remote Management (WS-Management);c:\windows\system32\svchost.exe -k WINRM [8/29/2002 5:00 AM 14336]

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]

WINRM REG_MULTI_SZ WINRM

.

Contents of the 'Scheduled Tasks' folder

.

2011-08-01 c:\windows\Tasks\AppleSoftwareUpdate.job

- c:\program files\Apple Software Update\SoftwareUpdate.exe [2011-06-01 22:57]

.

.

------- Supplementary Scan -------

.

uInternet Connection Wizard,ShellNext = iexplore

uInternet Settings,ProxyOverride = localhost;*.local

IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~4\Office10\EXCEL.EXE/3000

Trusted Zone: clonewarsadventures.com

Trusted Zone: freerealms.com

Trusted Zone: soe.com

Trusted Zone: sony.com

TCP: DhcpNameServer = 24.196.64.53 68.113.206.10 24.178.162.3

.

- - - - ORPHANS REMOVED - - - -

.

BHO-{019E0108-2082-4B85-8F4C-521AE5CD6DEe} - c:\windows\system32\atioglx232.dll

HKLM-Run-HomeKeyLogger - c:\program files\Home\KeyLogger.exe

.

.

.

**************************************************************************

.

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net

Rootkit scan 2011-08-01 12:53

Windows 5.1.2600 Service Pack 3 NTFS

.

scanning hidden processes ...

.

scanning hidden autostart entries ...

.

scanning hidden files ...

.

scan completed successfully

hidden files: 0

.

**************************************************************************

.

--------------------- LOCKED REGISTRY KEYS ---------------------

.

[HKEY_USERS\S-1-5-21-35023807-1711561120-1098793611-1006\Software\Microsoft\SystemCertificates\AddressBook*]

@Allowed: (Read) (RestrictedCode)

@Allowed: (Read) (RestrictedCode)

.

--------------------- DLLs Loaded Under Running Processes ---------------------

.

- - - - - - - > 'winlogon.exe'(912)

c:\windows\system32\Ati2evxx.dll

.

- - - - - - - > 'explorer.exe'(2404)

c:\windows\system32\WININET.dll

c:\windows\system32\ieframe.dll

c:\windows\system32\webcheck.dll

c:\windows\system32\WPDShServiceObj.dll

c:\program files\ArcSoft\Software Suite\PhotoImpression 5\share\pihook.dll

c:\windows\system32\PortableDeviceTypes.dll

c:\windows\system32\PortableDeviceApi.dll

.

------------------------ Other Running Processes ------------------------

.

c:\windows\system32\Ati2evxx.exe

c:\windows\system32\Ati2evxx.exe

c:\program files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe

c:\program files\Bonjour\mDNSResponder.exe

c:\windows\System32\CTsvcCDA.exe

c:\program files\Charter High-Speed Security Suite\Common\FSMA32.EXE

c:\program files\Charter High-Speed Security Suite\Common\FSMB32.EXE

c:\program files\Intel\Intel Application Accelerator\iaantmon.exe

c:\program files\Java\jre6\bin\jqs.exe

c:\windows\system32\PnkBstrA.exe

c:\program files\Charter High-Speed Security Suite\Common\FCH32.EXE

c:\program files\Charter High-Speed Security Suite\Common\FAMEH32.EXE

c:\program files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe

c:\windows\System32\MsPMSPSv.exe

c:\program files\Windows Media Player\WMPNetwk.exe

c:\program files\Viewpoint\Viewpoint Manager\ViewMgr.exe

c:\windows\system32\wscntfy.exe

c:\program files\ATI Technologies\ATI.ACE\Core-Static\MOM.EXE

c:\program files\iPod\bin\iPodService.exe

c:\program files\ATI Technologies\ATI.ACE\Core-Static\ccc.exe

.

**************************************************************************

.

Completion time: 2011-08-01 13:00:52 - machine was rebooted

ComboFix-quarantined-files.txt 2011-08-01 18:00

ComboFix2.txt 2011-07-31 04:41

.

Pre-Run: 13,322,895,360 bytes free

Post-Run: 13,221,892,096 bytes free

.

- - End Of File - - 779813F896FA622D96B425215B0E5E8F

Link to post
Share on other sites

Guest
This topic is now closed to further replies.
 Share

  • Recently Browsing   0 members

    • No registered users viewing this page.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.