Google Redirecting Malware

Page 1 of 2 1, 2  Next

View previous topic View next topic Go down

Re: Google Redirecting Malware

Post by Dr Jay on 12th July 2010, 4:51 am

We are going to be using a Windows Recovery Environment to help disinfect the system.

Download the OTLPE Standard REATOGO Windows Recovery Environment.
  • Place a blank CD-R disc in to your CD burning drive.
  • Download [You must be registered and logged in to see this link.] and double-click on it to burn to a CD using ISO Burner.
  • Reboot your system using the boot CD you just created.

    Note : If you do not know how to set your computer to boot from CD follow the steps [You must be registered and logged in to see this link.]
  • Your system should now display a REATOGO-X-PE desktop.
  • Double-click on the OTLPE icon.
  • When asked "Do you wish to load the remote registry", select Yes
  • When asked "Do you wish to load remote user profile(s) for scanning", select Yes
  • Ensure the box "Automatically Load All Remaining Users" is checked and press OK
  • OTL should now start. Change the following settings
    • Change Drivers to Non-Microsoft
    • Press Run Scan to start the scan.
    • When finished, the file will be saved in drive C:\_OTL\MovedFiles
    • Copy this file to your USB drive if you do not have internet connection on this system
    • Please post the contents of the OTL.txt file in your reply.


Dr. Jay (DJ)


[You must be registered and logged in to see this link.] ~ [You must be registered and logged in to see this link.] ~ [You must be registered and logged in to see this link.] ~ [You must be registered and logged in to see this link.]

Dr Jay
Head Administrator
Head Administrator

Posts Posts : 14314
Joined Joined : 2009-09-06
Gender Gender : Male
OS OS : Windows 10 Home & Pro
Arch. Arch. : x64 (64-bit)
Protection Protection : Bitdefender Total Security
Points Points : 302999
# Likes # Likes : 10

View user profile

Back to top Go down

Re: Google Redirecting Malware

Post by crucifix676 on 12th July 2010, 5:04 am

Do I have to download ISO burner?

crucifix676
Novice
Novice

Posts Posts : 49
Joined Joined : 2010-06-22
OS OS : Windows XP
Points Points : 24363
# Likes # Likes : 0

View user profile

Back to top Go down

Re: Google Redirecting Malware

Post by Dr Jay on 12th July 2010, 5:07 am

No. ISOBurner is packaged with OTLPEStd.exe.


Dr. Jay (DJ)


[You must be registered and logged in to see this link.] ~ [You must be registered and logged in to see this link.] ~ [You must be registered and logged in to see this link.] ~ [You must be registered and logged in to see this link.]

Dr Jay
Head Administrator
Head Administrator

Posts Posts : 14314
Joined Joined : 2009-09-06
Gender Gender : Male
OS OS : Windows 10 Home & Pro
Arch. Arch. : x64 (64-bit)
Protection Protection : Bitdefender Total Security
Points Points : 302999
# Likes # Likes : 10

View user profile

Back to top Go down

Re: Google Redirecting Malware

Post by crucifix676 on 12th July 2010, 5:27 am

What's supposed to happen? Because I open the download without getting an "invalid win32 application" error.

crucifix676
Novice
Novice

Posts Posts : 49
Joined Joined : 2010-06-22
OS OS : Windows XP
Points Points : 24363
# Likes # Likes : 0

View user profile

Back to top Go down

Re: Google Redirecting Malware

Post by Dr Jay on 12th July 2010, 5:28 am

If you cannot get it to run on the current computer, try it from a different computer.


Dr. Jay (DJ)


[You must be registered and logged in to see this link.] ~ [You must be registered and logged in to see this link.] ~ [You must be registered and logged in to see this link.] ~ [You must be registered and logged in to see this link.]

Dr Jay
Head Administrator
Head Administrator

Posts Posts : 14314
Joined Joined : 2009-09-06
Gender Gender : Male
OS OS : Windows 10 Home & Pro
Arch. Arch. : x64 (64-bit)
Protection Protection : Bitdefender Total Security
Points Points : 302999
# Likes # Likes : 10

View user profile

Back to top Go down

Re: Google Redirecting Malware

Post by crucifix676 on 12th July 2010, 5:31 am

Okay I'll try that.

I really appreciate your patience and your help by the way. Thank you very much.

crucifix676
Novice
Novice

Posts Posts : 49
Joined Joined : 2010-06-22
OS OS : Windows XP
Points Points : 24363
# Likes # Likes : 0

View user profile

Back to top Go down

Re: Google Redirecting Malware

Post by crucifix676 on 12th July 2010, 8:07 am

Sorry didn't see anything that skipped non-Microsoft drivers.


OTL logfile created on: 7/12/2010 1:46:49 AM - Run
OTLPE by OldTimer - Version 3.1.39.0 Folder = X:\Programs\OTLPE
Microsoft Windows XP Service Pack 3 (Version = 5.1.2600) - Type = SYSTEM
Internet Explorer (Version = 6.0.2900.5512)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

3.00 Gb Total Physical Memory | 3.00 Gb Available Physical Memory | 90.00% Memory free
3.00 Gb Paging File | 3.00 Gb Available in Paging File | 98.00% Paging File free
Paging file location(s): C:\pagefile.sys 0 0 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 224.07 Gb Total Space | 38.29 Gb Free Space | 17.09% Space Free | Partition Type: NTFS
D: Drive not present or media not loaded
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
Drive H: | 8.79 Gb Total Space | 0.44 Gb Free Space | 5.05% Space Free | Partition Type: FAT32
I: Drive not present or media not loaded
Drive X: | 280.77 Mb Total Space | 0.00 Mb Free Space | 0.00% Space Free | Partition Type: CDFS

Computer Name: REATOGO
Current User Name: SYSTEM
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: All users
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
Output = Standard
Using ControlSet: ControlSet003

========== Win32 Services (SafeList) ==========

SRV - [2010/06/25 19:22:13 | 000,006,656 | ---- | M] () [On_Demand] -- C:\WINDOWS\system32\3D1AB9A9.exe -- (3D1AB9A9)
SRV - [2010/06/25 19:22:12 | 000,006,656 | ---- | M] () [On_Demand] -- C:\WINDOWS\system32\441CC720.exe -- (441CC720)
SRV - [2010/06/25 19:22:09 | 000,006,656 | ---- | M] () [On_Demand] -- C:\WINDOWS\system32\F6E68549.exe -- (F6E68549)
SRV - [2010/06/25 19:22:08 | 000,006,656 | ---- | M] () [On_Demand] -- C:\WINDOWS\system32\9258704E.exe -- (9258704E)
SRV - [2010/06/11 00:03:08 | 000,144,176 | ---- | M] (Apple Inc.) [Auto] -- C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe -- (Apple Mobile Device)
SRV - [2009/11/13 14:09:34 | 000,046,824 | ---- | M] (Xobni Corporation) [Disabled] -- C:\Program Files\Xobni\XobniService.exe -- (XobniService)
SRV - [2009/10/30 21:29:56 | 000,136,448 | ---- | M] (Panda Security, S.L.) [Auto] -- C:\Program Files\Panda Security\Panda Cloud Antivirus\PSANHost.exe -- (NanoServiceMain)
SRV - [2009/04/02 15:47:04 | 000,234,888 | ---- | M] () [Auto] -- C:\Program Files\AskBarDis\bar\bin\ASKUpgrade.exe -- (ASKUpgrade)
SRV - [2009/04/02 15:47:02 | 000,464,264 | ---- | M] () [Auto] -- C:\Program Files\AskBarDis\bar\bin\AskService.exe -- (ASKService)
SRV - [2008/07/23 16:54:10 | 000,185,632 | ---- | M] (Protexis Inc.) [Auto] -- C:\Program Files\Common Files\Protexis\License Service\PsiService_2.exe -- (PSI_SVC_2)
SRV - [2006/07/25 21:03:42 | 002,119,360 | ---- | M] (Symantec Corporation) [Disabled] -- C:\Program Files\Symantec\LiveUpdate\LuComServer_3_0.EXE -- (LiveUpdate)
SRV - [2006/07/25 21:03:42 | 000,100,032 | ---- | M] (Symantec Corporation) [Auto] -- C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe -- (Automatic LiveUpdate Scheduler)
SRV - [2005/08/03 02:19:16 | 000,058,880 | ---- | M] (Microsoft) [Auto] -- C:\WINDOWS\arservice.exe -- (ARSVC)
SRV - [2005/03/14 22:05:02 | 000,069,632 | ---- | M] (HP) [Disabled] -- C:\WINDOWS\system32\HPZipm12.exe -- (Pml Driver HPZ12)

========== Driver Services (SafeList) ==========

DRV - File not found [Kernel | On_Demand] -- -- (WDICA)
DRV - File not found [Kernel | On_Demand] -- C:\WINDOWS\System32\drivers\rootrepeal.sys -- (rootrepeal)
DRV - File not found [Kernel | On_Demand] -- C:\WINDOWS\System32\drivers\RkPavproc1.sys -- (RkPavproc1)
DRV - File not found [Kernel | On_Demand] -- -- (PDRFRAME)
DRV - File not found [Kernel | On_Demand] -- -- (PDRELI)
DRV - File not found [Kernel | On_Demand] -- -- (PDFRAME)
DRV - File not found [Kernel | On_Demand] -- -- (PDCOMP)
DRV - File not found [Kernel | System] -- -- (PCIDump)
DRV - File not found [Kernel | On_Demand] -- -- (Normandy)
DRV - File not found [Kernel | System] -- -- (lbrtfdc)
DRV - File not found [Kernel | System] -- -- (i2omgmt)
DRV - File not found [Kernel | On_Demand] -- C:\DOCUME~1\HP_ADM~1\LOCALS~1\Temp\EagleNT.sys -- (EagleNT)
DRV - File not found [Kernel | System] -- -- (Changer)
DRV - File not found [Kernel | System] -- C:\WINDOWS\System32\DRIVERS\cdrom.sys -- (Cdrom)
DRV - [2010/07/08 05:10:46 | 000,278,984 | ---- | M] () [Kernel | Auto] -- C:\WINDOWS\system32\drivers\atksgt.sys -- (atksgt)
DRV - [2010/07/08 05:10:46 | 000,025,416 | ---- | M] () [Kernel | Auto] -- C:\WINDOWS\system32\drivers\lirsgt.sys -- (lirsgt)
DRV - [2010/04/03 18:55:31 | 010,232,128 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\nv4_mini.sys -- (nv)
DRV - [2009/10/30 20:18:01 | 000,146,952 | ---- | M] (Panda Security, S.L.) [Kernel | Auto] -- C:\WINDOWS\system32\drivers\PSINAflt.sys -- (PSINAflt)
DRV - [2009/10/13 19:50:55 | 000,101,512 | ---- | M] (Panda Security, S.L.) [File_System | Auto] -- C:\WINDOWS\system32\drivers\PSINProc.sys -- (PSINProc)
DRV - [2009/10/13 19:50:54 | 000,114,312 | ---- | M] (Panda Security, S.L.) [Kernel | System] -- C:\WINDOWS\system32\drivers\PSINKNC.sys -- (PSINKNC)
DRV - [2009/10/13 19:50:54 | 000,095,880 | ---- | M] (Panda Security, S.L.) [File_System | Auto] -- C:\WINDOWS\system32\drivers\PSINFile.sys -- (PSINFile)
DRV - [2009/05/09 04:14:20 | 000,014,736 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\nuidfltr.sys -- (NuidFltr)
DRV - [2009/02/18 03:05:03 | 000,717,296 | ---- | M] (Duplex Secure Ltd.) [Kernel | Boot] -- C:\WINDOWS\system32\drivers\sptd.sys -- (sptd)
DRV - [2009/02/11 15:40:40 | 005,028,352 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\RtkHDAud.sys -- (IntcAzAudAddService) Service for Realtek HD Audio (WDM)
DRV - [2008/08/18 22:54:00 | 000,145,952 | ---- | M] (NVIDIA Corporation) [Kernel | Boot] -- C:\WINDOWS\system32\drivers\nvgts.sys -- (nvgts)
DRV - [2008/04/29 19:04:33 | 000,023,217 | ---- | M] (INCA Internet Co., Ltd.) [Kernel | On_Demand] -- C:\Documents and Settings\HP_Administrator\Desktop\Lineage II\system\npkcrypt.sys -- (npkcrypt)
DRV - [2008/04/17 14:54:54 | 000,385,072 | ---- | M] (Symantec Corporation) [Kernel | System] -- C:\Program Files\Common Files\Symantec Shared\EENGINE\eeCtrl.sys -- (eeCtrl)
DRV - [2008/04/13 15:45:12 | 000,060,032 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\USBAUDIO.sys -- (usbaudio) USB Audio Driver (WDM)
DRV - [2008/04/13 14:45:34 | 000,046,592 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\irbus.sys -- (IrBus)
DRV - [2008/04/13 12:36:05 | 000,144,384 | ---- | M] (Windows (R) Server 2003 DDK provider) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\hdaudbus.sys -- (HDAudBus)
DRV - [2008/02/27 16:49:00 | 000,003,840 | ---- | M] () [Kernel | System] -- C:\WINDOWS\System32\Drivers\BANTExt.sys -- (BANTExt)
DRV - [2006/04/13 19:47:38 | 000,168,064 | ---- | M] (Hauppauge Computer Works, Inc.) [23|25|26]xxx) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\hcwPP2.sys -- (hcwPP2)
DRV - [2006/03/03 17:31:04 | 000,013,056 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\nvnetbus.sys -- (nvnetbus)
DRV - [2006/03/03 17:31:02 | 000,034,176 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\NVENETFD.sys -- (NVENETFD)
DRV - [2005/12/12 20:27:00 | 000,019,072 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\PS2.sys -- (Ps2)
DRV - [2005/12/06 14:20:50 | 000,241,664 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\HSXHWBS2.sys -- (HSXHWBS2)
DRV - [2005/12/06 14:20:42 | 000,670,208 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\HSX_CNXT.sys -- (winachsx)
DRV - [2005/12/06 14:20:40 | 000,936,448 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\HSX_DP.sys -- (HSX_DP)
DRV - [2005/06/29 20:03:18 | 000,175,104 | ---- | M] (Promise Technology, Inc.) [Kernel | Boot] -- C:\WINDOWS\system32\drivers\ftsata2.sys -- (ftsata2)
DRV - [2005/06/17 09:33:40 | 000,872,064 | ---- | M] (Intel Corporation) [Kernel | Boot] -- C:\WINDOWS\system32\drivers\iaStor.sys -- (iaStor)
DRV - [2005/03/09 17:53:00 | 000,036,352 | ---- | M] (Advanced Micro Devices) [Kernel | System] -- C:\WINDOWS\system32\drivers\AmdK8.sys -- (AmdK8)
DRV - [2004/08/03 17:31:34 | 000,020,992 | ---- | M] (Realtek Semiconductor Corporation) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\RTL8139.sys -- (rtl8139) Realtek RTL8139(A/B/C)
DRV - [2003/11/05 10:45:12 | 000,017,408 | ---- | M] () [Kernel | Boot] -- C:\WINDOWS\system32\drivers\bb-run.sys -- (bb-run)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = [You must be registered and logged in to see this link.]
IE - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = [You must be registered and logged in to see this link.]
IE - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm
IE - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = [You must be registered and logged in to see this link.]
IE - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = [You must be registered and logged in to see this link.]
IE - HKLM\Software\Microsoft\Internet Explorer\Search,Default_Search_URL = [You must be registered and logged in to see this link.]
IE - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = [You must be registered and logged in to see this link.]


IE - HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = [You must be registered and logged in to see this link.]
IE - HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = [You must be registered and logged in to see this link.]
IE - HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Search Page = [You must be registered and logged in to see this link.]
IE - HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Start Page = [You must be registered and logged in to see this link.]
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\Admin_ON_C\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = [You must be registered and logged in to see this link.]
IE - HKU\Admin_ON_C\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = [You must be registered and logged in to see this link.]
IE - HKU\Admin_ON_C\Software\Microsoft\Internet Explorer\Main,Search Page = [You must be registered and logged in to see this link.]
IE - HKU\Admin_ON_C\Software\Microsoft\Internet Explorer\Main,Start Page = [You must be registered and logged in to see this link.]
IE - HKU\Admin_ON_C\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\Administrator_ON_C\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\Guest.ERIC_ON_C\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = [You must be registered and logged in to see this link.]
IE - HKU\Guest.ERIC_ON_C\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = [You must be registered and logged in to see this link.]
IE - HKU\Guest.ERIC_ON_C\Software\Microsoft\Internet Explorer\Main,Search Page = [You must be registered and logged in to see this link.]
IE - HKU\Guest.ERIC_ON_C\Software\Microsoft\Internet Explorer\Main,Start Page = [You must be registered and logged in to see this link.]
IE - HKU\Guest.ERIC_ON_C\Software\Microsoft\Internet Explorer\Search,SearchAssistant = [You must be registered and logged in to see this link.]
IE - HKU\Guest.ERIC_ON_C\..\URLSearchHook: *{CFBFAE00-17A6-11D0-99CB-00C04FD64497} - Reg Error: Key error. File not found
IE - HKU\Guest.ERIC_ON_C\..\URLSearchHook: {A3BC75A2-1F87-4686-AA43-5347D756017C} - Reg Error: Key error. File not found
IE - HKU\Guest.ERIC_ON_C\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\HP_Administrator_ON_C\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = [You must be registered and logged in to see this link.]
IE - HKU\HP_Administrator_ON_C\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = [You must be registered and logged in to see this link.]
IE - HKU\HP_Administrator_ON_C\Software\Microsoft\Internet Explorer\Main,Search Page = [You must be registered and logged in to see this link.]
IE - HKU\HP_Administrator_ON_C\Software\Microsoft\Internet Explorer\Main,Secondary Start Pages = [binary data]
IE - HKU\HP_Administrator_ON_C\Software\Microsoft\Internet Explorer\Search,SearchAssistant = [You must be registered and logged in to see this link.]
IE - HKU\HP_Administrator_ON_C\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\HP_Administrator_ON_C\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = ;*.local

========== FireFox ==========

FF - prefs.js..extensions.enabledItems: [You must be registered and logged in to see this link.]:1.0

FF - HKLM\software\mozilla\Firefox\extensions\\{30A770C9-F875-44F8-AF80-3147BCCFD89A}: C:\Documents and Settings\HP_Administrator\Local Settings\Application Data\{30A770C9-F875-44F8-AF80-3147BCCFD89A} [2010/06/30 06:37:15 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.6\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2010/06/28 02:49:01 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.6\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2010/06/28 02:42:09 | 000,000,000 | ---D | M]

[2008/12/01 23:40:13 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Admin\Application Data\Mozilla\Extensions
[2008/08/09 16:37:15 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Admin\Application Data\Mozilla\Firefox\Profiles\8ht0b132.default\extensions
[2010/07/10 20:45:36 | 000,000,000 | ---D | M] -- C:\Program Files\Mozilla Firefox\extensions
[2006/10/10 16:57:38 | 000,049,152 | ---- | M] (BitTorrent, Inc.) -- C:\Program Files\Mozilla Firefox\plugins\npbittorrent.dll
[2010/04/24 05:57:44 | 000,411,368 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Mozilla Firefox\plugins\npdeployJava1.dll
[2007/12/19 08:57:38 | 000,310,272 | ---- | M] () -- C:\Program Files\Mozilla Firefox\plugins\npGoogleGadgetPluginFirefoxWin.dll
[2007/07/31 21:44:28 | 000,069,632 | ---- | M] () -- C:\Program Files\Mozilla Firefox\plugins\npitunes.dll
[2006/09/24 02:36:57 | 000,114,688 | ---- | M] () -- C:\Program Files\Mozilla Firefox\plugins\npmozax.dll
[2009/06/17 22:00:12 | 000,151,552 | ---- | M] (PopCap Games) -- C:\Program Files\Mozilla Firefox\plugins\nppopcaploader.dll

O1 HOSTS File: ([2010/06/23 01:34:46 | 000,000,737 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (Adobe PDF Reader Link Helper) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
O2 - BHO: (no name) - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - No CLSID value found.
O2 - BHO: (Groove GFS Browser Helper) - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll (Microsoft Corporation)
O2 - BHO: (hpWebHelper Class) - {AAAE832A-5FFF-4661-9C8F-369692D1DCB9} - C:\WINDOWS\pchealth\helpctr\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\plugin\WebHelper.dll (TODO: )
O3 - HKLM\..\Toolbar: (no name) - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - No CLSID value found.
O3 - HKU\Admin_ON_C\..\Toolbar\WebBrowser: (no name) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No CLSID value found.
O3 - HKU\Admin_ON_C\..\Toolbar\WebBrowser: (no name) - {C4069E3A-68F1-403E-B40E-20066696354B} - No CLSID value found.
O3 - HKU\Administrator_ON_C\..\Toolbar\WebBrowser: (no name) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No CLSID value found.
O3 - HKU\Guest.ERIC_ON_C\..\Toolbar\WebBrowser: (no name) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No CLSID value found.
O3 - HKU\Guest.ERIC_ON_C\..\Toolbar\WebBrowser: (Ask Toolbar) - {3041D03E-FD4B-44E0-B742-2D9B88305F98} - C:\Program Files\AskBarDis\bar\bin\askBar.dll File not found
O3 - HKU\HP_Administrator_ON_C\..\Toolbar\ShellBrowser: (no name) - {C4069E3A-68F1-403E-B40E-20066696354B} - No CLSID value found.
O3 - HKU\HP_Administrator_ON_C\..\Toolbar\WebBrowser: (Ask Toolbar) - {3041D03E-FD4B-44E0-B742-2D9B88305F98} - C:\Program Files\AskBarDis\bar\bin\askBar.dll File not found
O4 - HKLM..\Run: [Alcmtr] C:\WINDOWS\ALCMTR.EXE (Realtek Semiconductor Corp.)
O4 - HKLM..\Run: [AlwaysReady Power Message APP] C:\WINDOWS\arpwrmsg.exe (Microsoft)
O4 - HKLM..\Run: [AppleSyncNotifier] C:\Program Files\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe (Apple Inc.)
O4 - HKLM..\Run: [HPBootOp] C:\Program Files\Hewlett-Packard\HP Boot Optimizer\HPBootOp.exe (Hewlett-Packard Company)
O4 - HKLM..\Run: [HPHUPD08] c:\Program Files\HP\Digital Imaging\{33D6CC28-9F75-4d1b-A11D-98895B3A3729}\hphupd08.exe (Hewlett-Packard)
O4 - HKLM..\Run: [HPSUreset] c:\hp\bin\cloaker.exe (Hewlett-Packard Co.)
O4 - HKLM..\Run: [IMEKRMIG6.1] C:\WINDOWS\ime\imkr6_1\imekrmig.exe (Microsoft Corporation)
O4 - HKLM..\Run: [IMJPMIG8.1] C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE (Microsoft Corporation)
O4 - HKLM..\Run: [Mqoganapiqifep] C:\WINDOWS\iwufazeqeq.DLL (MainConcept GmbH)
O4 - HKLM..\Run: [MSPY2002] C:\WINDOWS\System32\IME\PINTLGNT\ImScInst.exe ()
O4 - HKLM..\Run: [NvCplDaemon] C:\WINDOWS\System32\NvCpl.DLL (NVIDIA Corporation)
O4 - HKLM..\Run: [NvMediaCenter] C:\WINDOWS\System32\NvMcTray.DLL (NVIDIA Corporation)
O4 - HKLM..\Run: [PHIME2002A] C:\WINDOWS\System32\IME\TINTLGNT\TINTSETP.EXE (Microsoft Corporation)
O4 - HKLM..\Run: [PHIME2002ASync] C:\WINDOWS\System32\IME\TINTLGNT\TINTSETP.EXE (Microsoft Corporation)
O4 - HKLM..\Run: [PMLreset] c:\hp\bin\cloaker.exe (Hewlett-Packard Co.)
O4 - HKLM..\Run: [PSUNMain] C:\Program Files\Panda Security\Panda Cloud Antivirus\PSUNMain.exe (Panda Security, S.L.)
O4 - HKLM..\Run: [RBreset] c:\hp\bin\cloaker.exe (Hewlett-Packard Co.)
O4 - HKLM..\Run: [Recguard] C:\WINDOWS\SMINST\Recguard.exe ()
O4 - HKLM..\Run: [SetDefaultPrinter] c:\hp\bin\cloaker.exe (Hewlett-Packard Co.)
O4 - HKLM..\Run: [TkBellExe] C:\Program Files\Common Files\Real\Update_OB\realsched.exe (RealNetworks, Inc.)
O4 - HKU\Guest.ERIC_ON_C..\Run: [Mqoganapiqifep] C:\WINDOWS\iwufazeqeq.DLL (MainConcept GmbH)
O4 - HKU\Guest.ERIC_ON_C..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe File not found
O4 - HKU\HP_Administrator_ON_C..\Run: [Kmozafeyutezezuq] C:\WINDOWS\wroFrne.DLL ()
O4 - HKU\HP_Administrator_ON_C..\Run: [ooVoo.exe] C:\Program Files\ooVoo\oovoo.exe (ooVoo LLC)
O4 - HKU\HP_Administrator_ON_C..\Run: [SmartRAM] C:\Program Files\IObit\Advanced SystemCare 3\Sup_SmartRAM.exe (IObit)
O4 - HKLM..\RunOnceEx: [Flags] Reg Error: Invalid data type. File not found
O4 - HKLM..\RunOnceEx: [Title] File not found
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe (Adobe Systems Incorporated)
O4 - Startup: C:\Documents and Settings\Default User\Start Menu\Programs\Startup\Pin.lnk = C:\hp\bin\cloaker.exe (Hewlett-Packard Co.)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Infodelivery present
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Main present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: LinkResolveIgnoreLinkInfo = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoResolveSearch = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\Run: Jhjxm = rundll32 "C:\WINDOWS\system32\12520437Z.dll",NZOHMSFAFN File not found
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: InstallVisualStyle = C:\WINDOWS\Resources\Themes\Royale\Royale.msstyles (Microsoft)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: InstallTheme = C:\WINDOWS\Resources\Themes\Royale.theme ()
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DisableTaskMgr = 1
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\Admin_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\Administrator_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\Guest.ERIC_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\HP_Administrator_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\HP_Administrator_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: LinkResolveIgnoreLinkInfo = 0
O7 - HKU\HP_Administrator_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DisableTaskMgr = 1
O7 - HKU\LocalService_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\NetworkService_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O8 - Extra context menu item: E&xport to Microsoft Excel - C:\Program Files\Microsoft Office\Office12\EXCEL.EXE (Microsoft Corporation)
O9 - Extra Button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\Program Files\Microsoft Office\Office12\REFIEBAR.DLL (Microsoft Corporation)
O9 - Extra Button: Internet Connection Help - {E2D4D26B-0180-43a4-B05F-462D6D54C789} - C:\WINDOWS\pchealth\helpctr\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\IEButton\support.htm ()
O9 - Extra 'Tools' menuitem : Internet Connection Help - {E2D4D26B-0180-43a4-B05F-462D6D54C789} - C:\WINDOWS\pchealth\helpctr\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\IEButton\support.htm ()
O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} [You must be registered and logged in to see this link.] (MUWebControl Class)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} [You must be registered and logged in to see this link.] (Java Plug-in 1.6.0_20)
O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} [You must be registered and logged in to see this link.] (Reg Error: Value error.)
O16 - DPF: {CAFEEFAC-0015-0000-0005-ABCDEFFEDCBA} [You must be registered and logged in to see this link.] (Reg Error: Value error.)
O16 - DPF: {CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA} [You must be registered and logged in to see this link.] (Reg Error: Value error.)
O16 - DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} [You must be registered and logged in to see this link.] (Java Plug-in 1.6.0_07)
O16 - DPF: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} [You must be registered and logged in to see this link.] (Java Plug-in 1.6.0_20)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} [You must be registered and logged in to see this link.] (Java Plug-in 1.6.0_20)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} [You must be registered and logged in to see this link.] (Shockwave Flash Object)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 172.16.0.1
O18 - Protocol\Handler\belarc {6318E0AB-2E93-11D1-B8ED-00608CC9A71F} - C:\Program Files\Belarc\Advisor\System\BAVoilaX.dll (Belarc, Inc.)
O18 - Protocol\Handler\grooveLocalGWS {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dll (Microsoft Corporation)
O18 - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Program Files\Common Files\Microsoft Shared\Help\hxds.dll (Microsoft Corporation)
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O18 - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\Program Files\Common Files\Microsoft Shared\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O24 - Desktop WallPaper: B:\Documents and Settings\Default User\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O24 - Desktop BackupWallPaper: B:\Documents and Settings\Default User\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O28 - HKLM ShellExecuteHooks: {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll (Microsoft Corporation)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2006/06/18 00:59:03 | 000,000,100 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O32 - AutoRun File - [2001/07/27 15:07:38 | 000,000,000 | -HS- | M] () - H:\AUTOEXEC.BAT -- [ FAT32 ]
O32 - AutoRun File - [2004/04/30 07:01:14 | 000,000,053 | -HS- | M] () - H:\Autorun.inf -- [ FAT32 ]
O32 - AutoRun File - [2006/03/24 07:06:41 | 000,000,053 | R--- | M] () - X:\AUTORUN.INF -- [ CDFS ]
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1"

========== Files/Folders - Created Within 30 Days ==========

[2010/07/12 00:42:30 | 000,000,000 | ---D | C] -- C:\Config.Msi
[2010/07/09 04:56:18 | 000,000,000 | ---D | C] -- C:\Program Files\TuneUpMedia
[2010/07/09 04:56:14 | 000,000,000 | ---D | C] -- C:\Documents and Settings\HP_Administrator\Application Data\TuneUpMedia
[2010/07/08 06:17:19 | 074,117,032 | ---- | C] ( ) -- C:\Documents and Settings\HP_Administrator\Desktop\setup_9.0.0.722_08.07.2010_11-53.exe
[2010/07/03 23:25:02 | 000,000,000 | ---D | C] -- C:\Program Files\Bonjour
[2010/07/03 02:35:53 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NetworkService\Local Settings\Application Data\Mozilla
[2010/07/03 02:35:53 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NetworkService\Application Data\Mozilla
[2010/07/02 02:57:55 | 000,000,000 | ---D | C] -- C:\Documents and Settings\HP_Administrator\DoctorWeb
[2010/07/01 03:58:09 | 000,000,000 | ---D | C] -- C:\Documents and Settings\HP_Administrator\Desktop\SpiderKill
[2010/06/30 06:37:15 | 000,000,000 | ---D | C] -- C:\Documents and Settings\HP_Administrator\Local Settings\Application Data\{30A770C9-F875-44F8-AF80-3147BCCFD89A}
[2010/06/30 01:10:56 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NetworkService\Application Data\Real
[2010/06/29 18:29:24 | 000,000,000 | ---D | C] -- C:\Documents and Settings\HP_Administrator\Desktop\GooredFix Backups
[2010/06/28 03:57:18 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NetworkService\Application Data\AdobeUM
[2010/06/26 09:10:22 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NetworkService\Local Settings\Application Data\Adobe
[2010/06/26 09:10:17 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NetworkService\Application Data\Sun
[2010/06/25 05:14:12 | 000,000,000 | --SD | C] -- C:\Documents and Settings\NetworkService\UserData
[2010/06/23 19:11:54 | 000,719,574 | ---- | C] (UG North ) -- C:\Documents and Settings\HP_Administrator\Desktop\RkU3.8.388.590.exe
[2010/06/23 16:20:05 | 000,000,000 | ---D | C] -- C:\Program Files\7-Zip
[2010/06/23 00:43:03 | 000,000,000 | ---D | C] -- C:\Program Files\Hitman Pro 3.5
[2010/06/23 00:03:17 | 000,000,000 | ---D | C] -- C:\Documents and Settings\LocalService\Application Data\Macromedia
[2010/06/23 00:03:14 | 000,000,000 | ---D | C] -- C:\Documents and Settings\LocalService\Application Data\Adobe
[2010/06/22 23:39:04 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Guest.ERIC\Local Settings\Application Data\{C94FCD73-2E12-4932-97BF-3BE7F2183017}
[2010/06/22 17:23:26 | 000,000,000 | ---D | C] -- C:\Program Files\Emsisoft Anti-Malware
[2010/06/22 16:24:07 | 000,020,480 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\icam5ext.dll
[2010/06/22 16:24:05 | 000,045,056 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\icam5com.dll
[2010/06/22 16:23:49 | 000,154,496 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\icam4usb.sys
[2010/06/22 16:23:45 | 000,061,952 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\icam4ext.dll
[2010/06/22 16:23:43 | 000,091,136 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\icam4com.dll
[2010/06/22 16:23:26 | 000,026,624 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\icam3ext.dll
[2010/06/22 16:23:22 | 000,141,056 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\icam3.sys
[2010/06/22 16:23:20 | 000,038,528 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\ibmvcap.sys
[2010/06/22 16:23:18 | 000,109,085 | ---- | C] (IBM Corporation) -- C:\WINDOWS\System32\dllcache\ibmtrp.sys
[2010/06/22 16:23:02 | 000,100,936 | ---- | C] (IBM Corporation) -- C:\WINDOWS\System32\dllcache\ibmtok.sys
[2010/06/22 16:22:59 | 000,009,216 | ---- | C] (IBM Corporation) -- C:\WINDOWS\System32\dllcache\ibmsgnet.dll
[2010/06/22 16:22:39 | 000,028,700 | ---- | C] (IBM Corp.) -- C:\WINDOWS\System32\dllcache\ibmexmp.sys
[2010/06/22 16:22:35 | 000,161,020 | ---- | C] (Intel(R) Corporation) -- C:\WINDOWS\System32\dllcache\i81xnt5.sys
[2010/06/22 16:22:32 | 000,702,845 | ---- | C] (Intel(R) Corporation) -- C:\WINDOWS\System32\dllcache\i81xdnt5.dll
[2010/06/22 16:22:29 | 000,058,592 | ---- | C] (Intel Corporation) -- C:\WINDOWS\System32\dllcache\i740nt5.sys
[2010/06/22 16:22:13 | 000,353,184 | ---- | C] (Intel Corporation) -- C:\WINDOWS\System32\dllcache\i740dnt5.dll
[2010/06/22 16:22:11 | 000,018,560 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\i2omp.sys
[2010/06/22 16:22:08 | 000,008,576 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\i2omgmt.sys
[2010/06/22 16:21:42 | 000,488,383 | ---- | C] (Conexant) -- C:\WINDOWS\System32\dllcache\hsf_v124.sys
[2010/06/22 16:21:38 | 000,050,751 | ---- | C] (Conexant) -- C:\WINDOWS\System32\dllcache\hsf_tone.sys
[2010/06/22 16:21:36 | 000,073,279 | ---- | C] (Conexant) -- C:\WINDOWS\System32\dllcache\hsf_spkp.sys
[2010/06/22 16:21:34 | 000,044,863 | ---- | C] (Conexant) -- C:\WINDOWS\System32\dllcache\hsf_soar.sys
[2010/06/22 16:21:18 | 000,057,471 | ---- | C] (Conexant) -- C:\WINDOWS\System32\dllcache\hsf_samp.sys
[2010/06/22 16:21:14 | 000,542,879 | ---- | C] (Conexant) -- C:\WINDOWS\System32\dllcache\hsf_msft.sys
[2010/06/22 16:21:12 | 000,391,199 | ---- | C] (Conexant) -- C:\WINDOWS\System32\dllcache\hsf_k56k.sys
[2010/06/22 16:21:10 | 000,009,759 | ---- | C] (Conexant) -- C:\WINDOWS\System32\dllcache\hsf_inst.dll
[2010/06/22 16:20:54 | 000,115,807 | ---- | C] (Conexant) -- C:\WINDOWS\System32\dllcache\hsf_fsks.sys
[2010/06/22 16:20:50 | 000,199,711 | ---- | C] (Conexant) -- C:\WINDOWS\System32\dllcache\hsf_faxx.sys
[2010/06/22 16:20:48 | 000,289,887 | ---- | C] (Conexant) -- C:\WINDOWS\System32\dllcache\hsf_fall.sys
[2010/06/22 16:20:46 | 000,067,167 | ---- | C] (Conexant) -- C:\WINDOWS\System32\dllcache\hsf_bsc2.sys
[2010/06/22 16:20:31 | 000,150,239 | ---- | C] (Conexant) -- C:\WINDOWS\System32\dllcache\hsf_amos.sys
[2010/06/22 16:20:26 | 000,019,456 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\hr1w.dll
[2010/06/22 16:20:24 | 000,005,760 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\hpt4qic.sys
[2010/06/22 16:20:08 | 000,013,312 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\hpsjmcro.dll
[2010/06/22 16:20:04 | 000,324,608 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\hpojwia.dll
[2010/06/22 16:20:03 | 000,025,952 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\hpn.sys
[2010/06/22 16:20:01 | 000,032,768 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\hpgtmcro.dll
[2010/06/22 16:19:45 | 000,068,608 | ---- | C] (Avisioin) -- C:\WINDOWS\System32\dllcache\hpgt53tk.dll
[2010/06/22 16:19:39 | 000,031,232 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\hpgt42tk.dll
[2010/06/22 16:19:22 | 000,126,976 | ---- | C] (Hewlett Packard) -- C:\WINDOWS\System32\dllcache\hpgt34tk.dll
[2010/06/22 16:19:16 | 000,048,128 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\hpgt33tk.dll
[2010/06/22 16:18:58 | 000,123,392 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\hpgt21tk.dll
[2010/06/22 16:18:52 | 000,119,296 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\hpdigwia.dll
[2010/06/22 16:18:49 | 000,002,688 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\hidswvd.sys
[2010/06/22 16:18:34 | 000,008,576 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\hidgame.sys
[2010/06/22 16:18:28 | 000,020,352 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\hidbatt.sys
[2010/06/22 16:18:09 | 000,907,456 | ---- | C] (Conexant) -- C:\WINDOWS\System32\dllcache\hcf_msft.sys
[2010/06/22 16:18:04 | 000,028,288 | ---- | C] (Gemplus) -- C:\WINDOWS\System32\dllcache\grserial.sys
[2010/06/22 16:18:01 | 000,082,304 | ---- | C] (Gemplus) -- C:\WINDOWS\System32\dllcache\grclass.sys
[2010/06/22 16:17:44 | 000,017,408 | ---- | C] (Gemplus) -- C:\WINDOWS\System32\dllcache\gpr400.sys
[2010/06/22 16:17:39 | 000,059,136 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\gckernel.sys
[2010/06/22 16:17:36 | 000,010,624 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\gameenum.sys
[2010/06/22 16:17:33 | 000,322,432 | ---- | C] (Matrox Graphics Inc.) -- C:\WINDOWS\System32\dllcache\g400m.sys
[2010/06/22 16:17:31 | 001,733,120 | ---- | C] (Matrox Graphics Inc.) -- C:\WINDOWS\System32\dllcache\g400d.dll
[2010/06/22 16:17:29 | 000,320,384 | ---- | C] (Matrox Graphics Inc.) -- C:\WINDOWS\System32\dllcache\g200m.sys
[2010/06/22 16:17:14 | 000,470,144 | ---- | C] (Matrox Graphics Inc.) -- C:\WINDOWS\System32\dllcache\g200d.dll
[2010/06/22 16:17:10 | 000,454,912 | ---- | C] (AVM GmbH) -- C:\WINDOWS\System32\dllcache\fxusbase.sys
[2010/06/22 16:17:06 | 000,092,160 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\fuusd.dll
[2010/06/22 16:16:50 | 000,455,296 | ---- | C] (AVM GmbH) -- C:\WINDOWS\System32\dllcache\fusbbase.sys
[2010/06/22 16:16:46 | 000,455,680 | ---- | C] (AVM GmbH) -- C:\WINDOWS\System32\dllcache\fus2base.sys
[2010/06/22 16:16:43 | 000,442,240 | ---- | C] (AVM GmbH) -- C:\WINDOWS\System32\dllcache\fpnpbase.sys
[2010/06/22 16:16:41 | 000,441,728 | ---- | C] (AVM GmbH) -- C:\WINDOWS\System32\dllcache\fpcmbase.sys
[2010/06/22 16:16:26 | 000,444,416 | ---- | C] (AVM GmbH) -- C:\WINDOWS\System32\dllcache\fpcibase.sys
[2010/06/22 16:16:21 | 000,034,173 | ---- | C] (Marconi Communications, Inc.) -- C:\WINDOWS\System32\dllcache\forehe.sys
[2010/06/22 16:16:17 | 000,071,680 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\fnfilter.dll
[2010/06/22 16:16:14 | 000,027,165 | ---- | C] (VIA Technologies, Inc. ) -- C:\WINDOWS\System32\dllcache\fetnd5.sys
[2010/06/22 16:15:54 | 000,022,090 | ---- | C] (3Com Corporation) -- C:\WINDOWS\System32\dllcache\fem556n5.sys
[2010/06/22 16:15:51 | 000,024,618 | ---- | C] (NETGEAR) -- C:\WINDOWS\System32\dllcache\fa410nd5.sys
[2010/06/22 16:15:49 | 000,016,074 | ---- | C] (NETGEAR Corp.) -- C:\WINDOWS\System32\dllcache\fa312nd5.sys
[2010/06/22 16:15:34 | 000,011,850 | ---- | C] (FUJITSU LIMITED) -- C:\WINDOWS\System32\dllcache\f3ab18xj.sys
[2010/06/22 16:15:30 | 000,012,362 | ---- | C] (FUJITSU LIMITED) -- C:\WINDOWS\System32\dllcache\f3ab18xi.sys
[2010/06/22 16:15:28 | 000,007,040 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\exabyte2.sys
[2010/06/22 16:15:11 | 000,016,998 | ---- | C] (Intel Corporation) -- C:\WINDOWS\System32\dllcache\ex10.sys
[2010/06/22 16:15:06 | 000,045,568 | ---- | C] (SEIKO EPSON CORP.) -- C:\WINDOWS\System32\dllcache\esunib.dll
[2010/06/22 16:15:04 | 000,045,568 | ---- | C] (SEIKO EPSON CORP.) -- C:\WINDOWS\System32\dllcache\esuni.dll
[2010/06/22 16:15:03 | 000,034,816 | ---- | C] (SEIKO EPSON CORP.) -- C:\WINDOWS\System32\dllcache\esuimg.dll
[2010/06/22 16:14:47 | 000,043,008 | ---- | C] (SEIKO EPSON CORP.) -- C:\WINDOWS\System32\dllcache\esucm.dll
[2010/06/22 16:14:43 | 000,137,088 | ---- | C] (ESS Technology, Inc.) -- C:\WINDOWS\System32\dllcache\essm2e.sys
[2010/06/22 16:14:39 | 000,063,360 | ---- | C] (ESS Technology, Inc.) -- C:\WINDOWS\System32\dllcache\ess.sys
[2010/06/22 16:14:23 | 000,347,550 | ---- | C] (ESS Technology, Inc.) -- C:\WINDOWS\System32\dllcache\es56tpi.sys
[2010/06/22 16:14:19 | 000,594,238 | ---- | C] (ESS Technology, Inc.) -- C:\WINDOWS\System32\dllcache\es56hpi.sys
[2010/06/22 16:14:18 | 000,595,647 | ---- | C] (ESS Technology, Inc.) -- C:\WINDOWS\System32\dllcache\es56cvmp.sys
[2010/06/22 16:14:16 | 000,174,464 | ---- | C] (ESS Technology, Inc.) -- C:\WINDOWS\System32\dllcache\es198x.sys
[2010/06/22 16:14:15 | 000,072,192 | ---- | C] (ESS Technology Inc.) -- C:\WINDOWS\System32\dllcache\es1969.sys
[2010/06/22 16:13:59 | 000,040,704 | ---- | C] (Creative Technology Ltd.) -- C:\WINDOWS\System32\dllcache\es1371mp.sys
[2010/06/22 16:13:56 | 000,037,120 | ---- | C] (Creative Technology Ltd.) -- C:\WINDOWS\System32\dllcache\es1370mp.sys
[2010/06/22 16:13:54 | 000,061,952 | ---- | C] (Equinox Systems Inc.) -- C:\WINDOWS\System32\dllcache\eqnloop.exe
[2010/06/22 16:13:53 | 000,051,200 | ---- | C] (Equinox Systems Inc.) -- C:\WINDOWS\System32\dllcache\eqnlogr.exe
[2010/06/22 16:13:51 | 000,053,248 | ---- | C] (Equinox Systems Inc.) -- C:\WINDOWS\System32\dllcache\eqndiag.exe
[2010/06/22 16:13:36 | 000,629,952 | ---- | C] (Equinox Systems Inc.) -- C:\WINDOWS\System32\dllcache\eqn.sys
[2010/06/22 16:13:32 | 000,114,944 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\epstw2k.sys
[2010/06/22 16:13:31 | 000,018,503 | ---- | C] (Intel Corporation) -- C:\WINDOWS\System32\dllcache\epro4.sys
[2010/06/22 16:13:30 | 000,144,896 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\epcfw2k.sys
[2010/06/22 16:13:28 | 000,283,904 | ---- | C] (Creative Technology Ltd.) -- C:\WINDOWS\System32\dllcache\emu10k1m.sys
[2010/06/22 16:13:09 | 000,019,996 | ---- | C] (3Com Corporation) -- C:\WINDOWS\System32\dllcache\em556n4.sys
[2010/06/22 16:13:08 | 000,025,159 | ---- | C] (3Com Corporation) -- C:\WINDOWS\System32\dllcache\elnk3.sys
[2010/06/22 16:13:06 | 000,007,296 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\elmsmc.sys
[2010/06/22 16:13:05 | 000,171,520 | ---- | C] (3Com Corporation) -- C:\WINDOWS\System32\dllcache\el99xn51.sys
[2010/06/22 16:13:04 | 000,070,174 | ---- | C] (3Com Corporation) -- C:\WINDOWS\System32\dllcache\el98xn5.sys
[2010/06/22 16:12:49 | 000,455,199 | ---- | C] (3Com Corporation.) -- C:\WINDOWS\System32\dllcache\el985n51.sys
[2010/06/22 16:12:46 | 000,153,631 | ---- | C] (3Com Corporation) -- C:\WINDOWS\System32\dllcache\el90xnd5.sys
[2010/06/22 16:12:45 | 000,066,591 | ---- | C] (3Com Corporation) -- C:\WINDOWS\System32\dllcache\el90xbc5.sys
[2010/06/22 16:12:44 | 000,241,206 | ---- | C] (3Com Corporation) -- C:\WINDOWS\System32\dllcache\el656se5.sys
[2010/06/22 16:12:43 | 000,077,386 | ---- | C] (3Com Corporation) -- C:\WINDOWS\System32\dllcache\el656nd5.sys
[2010/06/22 16:12:42 | 000,634,134 | ---- | C] (3Com Corporation) -- C:\WINDOWS\System32\dllcache\el656ct5.sys
[2010/06/22 16:12:41 | 000,069,194 | ---- | C] (3Com Corporation) -- C:\WINDOWS\System32\dllcache\el656cd5.sys
[2010/06/22 16:12:26 | 000,026,141 | ---- | C] (3Com Corporation) -- C:\WINDOWS\System32\dllcache\el589nd5.sys
[2010/06/22 16:12:23 | 000,069,692 | ---- | C] (3Com Corporation) -- C:\WINDOWS\System32\dllcache\el575nd5.sys
[2010/06/22 16:12:22 | 000,024,653 | ---- | C] (3Com Corporation) -- C:\WINDOWS\System32\dllcache\el574nd4.sys
[2010/06/22 16:12:21 | 000,055,999 | ---- | C] (3Com Corporation) -- C:\WINDOWS\System32\dllcache\el556nd5.sys
[2010/06/22 16:12:20 | 000,044,103 | ---- | C] (3Com Corporation) -- C:\WINDOWS\System32\dllcache\el515.sys
[2010/06/22 16:12:18 | 000,019,594 | ---- | C] (Intel Corporation) -- C:\WINDOWS\System32\dllcache\e100isa4.sys
[2010/06/22 16:12:03 | 000,117,760 | ---- | C] (Intel Corporation) -- C:\WINDOWS\System32\dllcache\e100b325.sys
[2010/06/22 16:12:00 | 000,050,719 | ---- | C] (Intel Corporation) -- C:\WINDOWS\System32\dllcache\e1000nt5.sys
[2010/06/22 16:11:40 | 000,334,208 | ---- | C] (Yamaha Corp.) -- C:\WINDOWS\System32\dllcache\ds1wdm.sys
[2010/06/22 16:11:35 | 000,020,192 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\dpti2o.sys
[2010/06/22 16:11:33 | 000,028,062 | ---- | C] (National Semiconductor Coproration) -- C:\WINDOWS\System32\dllcache\dp83820.sys
[2010/06/22 16:11:32 | 000,023,808 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\dot4usb.sys
[2010/06/22 16:11:31 | 000,008,704 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\dot4scan.sys
[2010/06/22 16:11:16 | 000,012,928 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\dot4prt.sys
[2010/06/22 16:11:12 | 000,206,976 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\dot4.sys
[2010/06/22 16:10:52 | 000,029,696 | ---- | C] (CNet Technology, Inc. ) -- C:\WINDOWS\System32\dllcache\dm9pci5.sys
[2010/06/22 16:10:48 | 000,008,320 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\dlttape.sys
[2010/06/22 16:10:45 | 000,026,698 | ---- | C] (D-Link Corporation) -- C:\WINDOWS\System32\dllcache\dlh5xnd5.sys
[2010/06/22 16:10:44 | 000,952,007 | ---- | C] (Eicon Technology) -- C:\WINDOWS\System32\dllcache\diwan.sys
[2010/06/22 16:10:24 | 000,236,060 | ---- | C] (Eicon Technology) -- C:\WINDOWS\System32\dllcache\ditrace.exe
[2010/06/22 16:10:24 | 000,038,985 | ---- | C] (Eicon Technology) -- C:\WINDOWS\System32\dllcache\disrvsu.dll
[2010/06/22 16:10:23 | 000,031,305 | ---- | C] (Eicon Technology) -- C:\WINDOWS\System32\dllcache\disrvpp.dll
[2010/06/22 16:10:22 | 000,006,729 | ---- | C] (Eicon Technology) -- C:\WINDOWS\System32\dllcache\disrvci.dll
[2010/06/22 16:10:14 | 000,091,305 | ---- | C] (Eicon Technology) -- C:\WINDOWS\System32\dllcache\dimaint.sys
[2010/06/22 16:10:13 | 000,614,429 | ---- | C] (Digi International Inc.) -- C:\WINDOWS\System32\dllcache\digiview.exe
[2010/06/22 16:10:04 | 000,042,432 | ---- | C] (Digi International, Inc.) -- C:\WINDOWS\System32\dllcache\digirlpt.sys
[2010/06/22 16:10:01 | 000,110,621 | ---- | C] (Digi International, Inc.) -- C:\WINDOWS\System32\dllcache\digirlpt.dll
[2010/06/22 16:10:00 | 000,021,606 | ---- | C] (Digi International Inc.) -- C:\WINDOWS\System32\dllcache\digiisdn.sys
[2010/06/22 16:09:59 | 000,102,484 | ---- | C] (Digi International Inc.) -- C:\WINDOWS\System32\dllcache\digiinf.dll
[2010/06/22 16:09:59 | 000,041,046 | ---- | C] (Digi International Inc.) -- C:\WINDOWS\System32\dllcache\digiisdn.dll
[2010/06/22 16:09:58 | 000,159,828 | ---- | C] (Digi International Inc.) -- C:\WINDOWS\System32\dllcache\digihlc.dll
[2010/06/22 16:09:57 | 000,229,462 | ---- | C] (Digi International Inc.) -- C:\WINDOWS\System32\dllcache\digifwrk.dll
[2010/06/22 16:09:56 | 000,090,525 | ---- | C] (Digi International Inc.) -- C:\WINDOWS\System32\dllcache\digifep5.sys
[2010/06/22 16:09:41 | 000,103,044 | ---- | C] (Digi International Inc.) -- C:\WINDOWS\System32\dllcache\digidxb.sys
[2010/06/22 16:09:38 | 000,131,156 | ---- | C] (Digi International Inc.) -- C:\WINDOWS\System32\dllcache\digidbp.dll
[2010/06/22 16:09:37 | 000,037,735 | ---- | C] (Digi International Inc.) -- C:\WINDOWS\System32\dllcache\digiasyn.sys
[2010/06/22 16:09:36 | 000,065,622 | ---- | C] (Digi International Inc.) -- C:\WINDOWS\System32\dllcache\digiasyn.dll
[2010/06/22 16:09:34 | 000,419,357 | ---- | C] (Digi International) -- C:\WINDOWS\System32\dllcache\dgconfig.dll
[2010/06/22 16:09:18 | 000,029,531 | ---- | C] (Digi International Inc.) -- C:\WINDOWS\System32\dllcache\dgapci.sys
[2010/06/22 16:09:15 | 000,024,649 | ---- | C] (D-Link) -- C:\WINDOWS\System32\dllcache\dfe650d.sys
[2010/06/22 16:09:14 | 000,024,648 | ---- | C] (D-Link) -- C:\WINDOWS\System32\dllcache\dfe650.sys
[2010/06/22 16:09:13 | 000,024,064 | ---- | C] (Creative Technology Ltd.) -- C:\WINDOWS\System32\dllcache\devldr32.exe
[2010/06/22 16:09:12 | 000,256,512 | ---- | C] (Creative Technology Ltd.) -- C:\WINDOWS\System32\dllcache\devcon32.dll
[2010/06/22 16:09:11 | 000,020,928 | ---- | C] (Digital Networks, LLC) -- C:\WINDOWS\System32\dllcache\defpa.sys
[2010/06/22 16:09:10 | 000,007,424 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\ddsmc.sys
[2010/06/22 16:08:55 | 000,110,592 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\dc260usd.dll
[2010/06/22 16:08:52 | 000,086,016 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\dc240usd.dll
[2010/06/22 16:08:51 | 000,063,208 | ---- | C] (Intel Corporation.) -- C:\WINDOWS\System32\dllcache\dc21x4.sys
[2010/06/22 16:08:50 | 000,080,896 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\dc210usd.dll
[2010/06/22 16:08:49 | 000,025,600 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\dc210_32.dll
[2010/06/22 16:08:47 | 000,014,720 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\dac960nt.sys
[2010/06/22 16:08:32 | 000,179,584 | ---- | C] (Mylex Corporation) -- C:\WINDOWS\System32\dllcache\dac2w2k.sys
[2010/06/22 16:08:27 | 000,117,760 | ---- | C] (Intel Corporation) -- C:\WINDOWS\System32\dllcache\d100ib5.sys
[2010/06/22 16:08:26 | 000,027,648 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\cyzports.dll
[2010/06/22 16:08:25 | 000,049,792 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\cyzport.sys
[2010/06/22 16:08:25 | 000,027,136 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\cyzcoins.dll
[2010/06/22 16:08:24 | 000,027,648 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\cyyports.dll
[2010/06/22 16:08:09 | 000,050,176 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\cyyport.sys
[2010/06/22 16:08:06 | 000,028,672 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\cyycoins.dll
[2010/06/22 16:08:01 | 000,014,848 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\cyclom-y.sys
[2010/06/22 16:07:46 | 000,017,152 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\cyclad-z.sys
[2010/06/22 16:07:42 | 000,048,640 | ---- | C] (Crystal Semiconductor Corp.) -- C:\WINDOWS\System32\dllcache\cwrwdm.sys
[2010/06/22 16:07:39 | 000,093,952 | ---- | C] (Crystal Semiconductor Corp.) -- C:\WINDOWS\System32\dllcache\cwcwdm.sys
[2010/06/22 16:07:38 | 000,111,872 | ---- | C] (Crystal Semiconductor Corp.) -- C:\WINDOWS\System32\dllcache\cwcspud.sys
[2010/06/22 16:07:37 | 000,003,584 | ---- | C] (Crystal Semiconductor Corp.) -- C:\WINDOWS\System32\dllcache\cwcosnt5.sys
[2010/06/22 16:07:36 | 000,072,832 | ---- | C] (Crystal Semiconductor Corp.) -- C:\WINDOWS\System32\dllcache\cwbwdm.sys
[2010/06/22 16:07:35 | 000,003,072 | ---- | C] (Crystal Semiconductor Corp.) -- C:\WINDOWS\System32\dllcache\cwbmidi.sys
[2010/06/22 16:07:35 | 000,003,072 | ---- | C] (Crystal Semiconductor Corp.) -- C:\WINDOWS\System32\dllcache\cwbase.sys
[2010/06/22 16:07:20 | 000,004,096 | ---- | C] (Creative Technology Ltd.) -- C:\WINDOWS\System32\dllcache\ctwdm32.dll
[2010/06/22 16:07:16 | 000,249,856 | ---- | C] (Comtrolģ Corporation) -- C:\WINDOWS\System32\dllcache\ctmasetp.dll
[2010/06/22 16:07:13 | 000,096,256 | ---- | C] (Copyright (C) Creative Technology Ltd. 1994-2001) -- C:\WINDOWS\System32\dllcache\ctlsb16.sys
[2010/06/22 16:07:12 | 000,003,712 | ---- | C] (Creative Technology Ltd.) -- C:\WINDOWS\System32\dllcache\ctljystk.sys
[2010/06/22 16:06:57 | 000,006,912 | ---- | C] (Creative Technology Ltd.) -- C:\WINDOWS\System32\dllcache\ctlfacem.sys
[2010/06/22 16:06:53 | 000,175,104 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\csamsp.dll
[2010/06/22 16:06:51 | 000,042,112 | ---- | C] (Conexant Systems Inc.) -- C:\WINDOWS\System32\dllcache\crtaud.sys
[2010/06/22 16:06:50 | 000,216,064 | ---- | C] (COMPAQ Inc.) -- C:\WINDOWS\System32\dllcache\cpscan.dll
[2010/06/22 16:06:49 | 000,060,970 | ---- | C] (Compaq Computer Corp.) -- C:\WINDOWS\System32\dllcache\cpqtrnd5.sys
[2010/06/22 16:06:49 | 000,021,533 | ---- | C] (Compaq Computer Corporation) -- C:\WINDOWS\System32\dllcache\cpqndis5.sys
[2010/06/22 16:06:33 | 000,014,976 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\cpqarray.sys
[2010/06/22 16:06:24 | 000,010,240 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\compbatt.sys
[2010/06/22 16:06:21 | 000,039,936 | ---- | C] (Conexant Systems, Inc.) -- C:\WINDOWS\System32\dllcache\cnxt1803.sys
[2010/06/22 16:06:20 | 000,044,032 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\cnusd.dll
[2010/06/22 16:06:17 | 000,006,656 | ---- | C] (CMD Technology, Inc.) -- C:\WINDOWS\System32\dllcache\cmdide.sys
[2010/06/22 16:06:03 | 000,020,736 | ---- | C] (OMNIKEY AG) -- C:\WINDOWS\System32\dllcache\cmbp0wdm.sys
[2010/06/22 16:05:59 | 000,013,952 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\cmbatt.sys
[2010/06/22 16:05:56 | 000,248,064 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\cl546xm.sys
[2010/06/22 16:05:55 | 000,170,880 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\cl546x.dll
[2010/06/22 16:05:54 | 000,111,232 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\cl5465.dll
[2010/06/22 16:05:54 | 000,045,696 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\cirrus.sys
[2010/06/22 16:05:53 | 000,091,264 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\cirrus.dll
[2010/06/22 16:05:51 | 000,272,640 | ---- | C] (RAVISENT Technologies Inc.) -- C:\WINDOWS\System32\dllcache\cinemclc.sys
[2010/06/22 16:05:36 | 000,980,034 | ---- | C] (Xircom) -- C:\WINDOWS\System32\dllcache\cicap.sys
[2010/06/22 16:05:24 | 000,008,192 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\changer.sys
[2010/06/22 16:05:21 | 000,049,182 | ---- | C] (Xircom, Inc.) -- C:\WINDOWS\System32\dllcache\cem56n5.sys
[2010/06/22 16:05:21 | 000,022,044 | ---- | C] (Xircom, Inc.) -- C:\WINDOWS\System32\dllcache\cem33n5.sys
[2010/06/22 16:05:20 | 000,027,164 | ---- | C] (Xircom, Inc.) -- C:\WINDOWS\System32\dllcache\ce3n5.sys
[2010/06/22 16:05:20 | 000,022,044 | ---- | C] (Xircom, Inc.) -- C:\WINDOWS\System32\dllcache\cem28n5.sys
[2010/06/22 16:05:05 | 000,021,530 | ---- | C] (Xircom, Inc.) -- C:\WINDOWS\System32\dllcache\ce2n5.sys
[2010/06/22 16:04:51 | 000,007,680 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\cd20xrnt.sys
[2010/06/22 16:04:50 | 000,714,698 | ---- | C] (Xircom, Inc.) -- C:\WINDOWS\System32\dllcache\cbmdmkxx.sys
[2010/06/22 16:04:49 | 000,046,108 | ---- | C] (Xircom, Inc.) -- C:\WINDOWS\System32\dllcache\cben5.sys
[2010/06/22 16:04:49 | 000,039,680 | ---- | C] (Silicom Ltd.) -- C:\WINDOWS\System32\dllcache\cb325.sys
[2010/06/22 16:04:48 | 000,037,916 | ---- | C] (Fast Ethernet Controller Provider) -- C:\WINDOWS\System32\dllcache\cb102.sys
[2010/06/22 16:04:33 | 000,032,256 | ---- | C] (Eicon Technology Corporation) -- C:\WINDOWS\System32\dllcache\diapi2NT.dll
[2010/06/22 16:04:30 | 000,164,923 | ---- | C] (Eicon Technology) -- C:\WINDOWS\System32\dllcache\diapi2.sys
[2010/06/22 16:04:27 | 000,121,856 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\camext30.dll
[2010/06/22 16:04:25 | 000,116,736 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\camext30.ax
[2010/06/22 16:04:24 | 000,236,032 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\camext20.dll
[2010/06/22 16:04:10 | 000,244,224 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\camext20.ax
[2010/06/22 16:04:07 | 000,074,240 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\camexo20.dll
[2010/06/22 16:04:07 | 000,073,216 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\camexo20.ax
[2010/06/22 16:04:06 | 000,171,264 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\camdrv30.sys
[2010/06/22 16:04:05 | 000,223,232 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\camdrv21.sys
[2010/06/22 16:03:47 | 000,314,752 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\camdro21.sys
[2010/06/22 16:03:09 | 000,013,824 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\bulltlp3.sys
[2010/06/22 16:03:06 | 000,031,529 | ---- | C] (BreezeCOM) -- C:\WINDOWS\System32\dllcache\brzwlan.sys
[2010/06/22 16:02:52 | 000,010,368 | ---- | C] (Brother Industries Ltd.) -- C:\WINDOWS\System32\dllcache\brusbscn.sys
[2010/06/22 16:02:49 | 000,060,416 | ---- | C] (Brother Industries Ltd.) -- C:\WINDOWS\System32\dllcache\brserwdm.sys
[2010/06/22 16:02:49 | 000,011,008 | ---- | C] (Brother Industries Ltd.) -- C:\WINDOWS\System32\dllcache\brusbmdm.sys
[2010/06/22 16:02:48 | 000,009,728 | ---- | C] (Brother Industries, Ltd.) -- C:\WINDOWS\System32\dllcache\brserif.dll
[2010/06/22 16:02:47 | 000,039,552 | ---- | C] (Brother Industries Ltd.) -- C:\WINDOWS\System32\dllcache\brparwdm.sys
[2010/06/22 16:02:47 | 000,005,120 | ---- | C] (Brother Industries,Ltd.) -- C:\WINDOWS\System32\dllcache\brscnrsm.dll
[2010/06/22 16:02:29 | 000,003,168 | ---- | C] (Brother Industries Ltd.) -- C:\WINDOWS\System32\dllcache\brparimg.sys
[2010/06/22 16:02:25 | 000,041,472 | ---- | C] (Brother Industries, Ltd.) -- C:\WINDOWS\System32\dllcache\brmfusb.dll
[2010/06/22 16:02:25 | 000,032,256 | ---- | C] (Brother Industries, Ltd.) -- C:\WINDOWS\System32\dllcache\brmfrsmg.exe
[2010/06/22 16:02:24 | 000,081,408 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\brmfcwia.dll
[2010/06/22 16:02:24 | 000,029,696 | ---- | C] (Brother Industries, Ltd.) -- C:\WINDOWS\System32\dllcache\brmflpt.dll
[2010/06/22 16:02:23 | 000,015,360 | ---- | C] (Brother Industries, Ltd.) -- C:\WINDOWS\System32\dllcache\brmfbidi.dll
[2010/06/22 16:02:23 | 000,003,968 | ---- | C] (Brother Industries, Ltd.) -- C:\WINDOWS\System32\dllcache\brfiltup.sys
[2010/06/22 16:02:22 | 000,012,160 | ---- | C] (Brother Industries, Ltd.) -- C:\WINDOWS\System32\dllcache\brfiltlo.sys
[2010/06/22 16:02:22 | 000,002,944 | ---- | C] (Brother Industries Ltd.) -- C:\WINDOWS\System32\dllcache\brfilt.sys
[2010/06/22 16:02:21 | 000,012,800 | ---- | C] (Brother Industries, Ltd.) -- C:\WINDOWS\System32\dllcache\brevif.dll
[2010/06/22 16:02:21 | 000,009,728 | ---- | C] (Brother Industries Ltd.) -- C:\WINDOWS\System32\dllcache\brcoinst.dll
[2010/06/22 16:02:20 | 000,019,456 | ---- | C] (Brother Industries, Ltd.) -- C:\WINDOWS\System32\dllcache\brbidiif.dll
[2010/06/22 16:02:05 | 000,102,400 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\binlsvc.dll
[2010/06/22 16:02:02 | 000,011,776 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\bdasup.sys
[2010/06/22 16:02:00 | 000,018,432 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\bdaplgin.ax
[2010/06/22 16:01:58 | 000,871,388 | ---- | C] (BCM) -- C:\WINDOWS\System32\dllcache\bcmdm.sys
[2010/06/22 16:01:57 | 000,054,271 | ---- | C] (Broadcom Corporation) -- C:\WINDOWS\System32\dllcache\bcm42xx5.sys
[2010/06/22 16:01:57 | 000,026,568 | ---- | C] (Broadcom Corporation) -- C:\WINDOWS\System32\dllcache\bcm4e5.sys
[2010/06/22 16:01:39 | 000,066,557 | ---- | C] (Broadcom Corporation) -- C:\WINDOWS\System32\dllcache\bcm42u.sys
[2010/06/22 16:01:34 | 000,014,208 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\battc.sys
[2010/06/22 16:01:31 | 000,342,336 | ---- | C] (3Dfx Interactive, Inc.) -- C:\WINDOWS\System32\dllcache\banshee.dll
[2010/06/22 16:01:31 | 000,036,128 | ---- | C] (3Dfx Interactive, Inc.) -- C:\WINDOWS\System32\dllcache\banshee.sys
[2010/06/22 16:01:30 | 000,096,640 | ---- | C] (Broadcom Corporation) -- C:\WINDOWS\System32\dllcache\b57xp32.sys
[2010/06/22 16:01:30 | 000,089,952 | ---- | C] (AVM GmbH) -- C:\WINDOWS\System32\dllcache\b1cbase.sys
[2010/06/22 16:01:29 | 000,037,568 | ---- | C] (AVM GmbH) -- C:\WINDOWS\System32\dllcache\avmwan.sys
[2010/06/22 16:01:29 | 000,036,992 | ---- | C] (Aztech Systems Ltd) -- C:\WINDOWS\System32\dllcache\aztw2320.sys
[2010/06/22 16:01:28 | 000,144,384 | ---- | C] (AVM GmbH) -- C:\WINDOWS\System32\dllcache\avmenum.dll
[2010/06/22 16:01:28 | 000,087,552 | ---- | C] (AVM GmbH) -- C:\WINDOWS\System32\dllcache\avmcoxp.dll
[2010/06/22 16:01:26 | 000,013,696 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\avcstrm.sys
[2010/06/22 16:01:11 | 000,036,096 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\avcaudio.sys
[2010/06/22 16:01:07 | 000,038,912 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\avc.sys
[2010/06/22 16:00:56 | 000,070,528 | ---- | C] (ATI Technologies Inc.) -- C:\WINDOWS\System32\dllcache\atiragem.sys
[2010/06/22 16:00:55 | 000,104,832 | ---- | C] (ATI Technologies Inc.) -- C:\WINDOWS\System32\dllcache\atiraged.dll
[2010/06/22 16:00:38 | 000,281,600 | ---- | C] (ATI Technologies Inc.) -- C:\WINDOWS\System32\dllcache\atimtai.sys
[2010/06/22 16:00:37 | 000,289,664 | ---- | C] (ATI Technologies Inc.) -- C:\WINDOWS\System32\dllcache\atimpab.sys
[2010/06/22 16:00:37 | 000,075,136 | ---- | C] (ATI Technologies Inc.) -- C:\WINDOWS\System32\dllcache\atimpae.sys
[2010/06/22 16:00:37 | 000,037,376 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\atievxx.exe
[2010/06/22 16:00:36 | 000,268,160 | ---- | C] (ATI Technologies Inc.) -- C:\WINDOWS\System32\dllcache\atidvai.dll
[2010/06/22 16:00:36 | 000,137,216 | ---- | C] (ATI Technologies Inc.) -- C:\WINDOWS\System32\dllcache\atidrae.dll
[2010/06/22 16:00:35 | 000,382,592 | ---- | C] (ATI Technologies Inc.) -- C:\WINDOWS\System32\dllcache\atidrab.dll
[2010/06/22 16:00:18 | 000,077,568 | ---- | C] (ATI Technologies, Inc.) -- C:\WINDOWS\System32\dllcache\ati.sys
[2010/06/22 16:00:15 | 000,096,128 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\ati.dll
[2010/06/22 16:00:14 | 000,097,354 | ---- | C] (Bay Networks, Inc.) -- C:\WINDOWS\System32\dllcache\aspndis3.sys
[2010/06/22 16:00:12 | 000,022,400 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\asc3350p.sys
[2010/06/22 16:00:12 | 000,014,848 | ---- | C] (Advanced System Products, Inc.) -- C:\WINDOWS\System32\dllcache\asc3550.sys
[2010/06/22 16:00:11 | 000,026,496 | ---- | C] (Advanced System Products, Inc.) -- C:\WINDOWS\System32\dllcache\asc.sys
[2010/06/22 15:59:55 | 000,006,272 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\apmbatt.sys
[2010/06/22 15:59:50 | 000,036,224 | ---- | C] (ADMtek Incorporated.) -- C:\WINDOWS\System32\dllcache\an983.sys
[2010/06/22 15:59:48 | 000,012,032 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\amsint.sys
[2010/06/22 15:59:47 | 000,016,969 | ---- | C] (AmbiCom, Inc.) -- C:\WINDOWS\System32\dllcache\amb8002.sys
[2010/06/22 15:59:47 | 000,005,248 | ---- | C] (Acer Laboratories Inc.) -- C:\WINDOWS\System32\dllcache\aliide.sys
[2010/06/22 15:59:46 | 000,027,678 | ---- | C] (Acer Laboratories Inc.) -- C:\WINDOWS\System32\dllcache\ali5261.sys
[2010/06/22 15:59:46 | 000,026,624 | ---- | C] (Acer Laboratories Inc.) -- C:\WINDOWS\System32\dllcache\alifir.sys
[2010/06/22 15:59:45 | 000,056,960 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\aic78xx.sys
[2010/06/22 15:59:45 | 000,055,168 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\aic78u2.sys
[2010/06/22 15:59:28 | 000,012,800 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\aha154x.sys
[2010/06/22 15:59:23 | 000,024,576 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\agcgauge.ax
[2010/06/22 15:59:18 | 000,101,888 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\adpu160m.sys
[2010/06/22 15:59:03 | 000,046,112 | ---- | C] (Adaptec, Inc ) -- C:\WINDOWS\System32\dllcache\adptsf50.sys
[2010/06/22 15:58:58 | 000,010,880 | ---- | C] (Aureal, Inc.) -- C:\WINDOWS\System32\dllcache\admjoy.sys
[2010/06/22 15:58:56 | 000,747,392 | ---- | C] (Aureal, Inc.) -- C:\WINDOWS\System32\dllcache\adm8830.sys
[2010/06/22 15:58:55 | 000,584,448 | ---- | C] (Aureal, Inc.) -- C:\WINDOWS\System32\dllcache\adm8810.sys
[2010/06/22 15:58:55 | 000,553,984 | ---- | C] (Aureal, Inc.) -- C:\WINDOWS\System32\dllcache\adm8820.sys
[2010/06/22 15:58:54 | 000,020,160 | ---- | C] (ADMtek Incorporated) -- C:\WINDOWS\System32\dllcache\adm8511.sys
[2010/06/22 15:58:54 | 000,007,424 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\adicvls.sys
[2010/06/22 15:58:39 | 000,061,440 | ---- | C] (Color Flatbed Scanner) -- C:\WINDOWS\System32\dllcache\acerscad.dll
[2010/06/22 15:58:33 | 000,084,480 | ---- | C] (VIA Technologies, Inc.) -- C:\WINDOWS\System32\dllcache\ac97via.sys
[2010/06/22 15:58:32 | 000,297,728 | ---- | C] (Silicon Integrated Systems Corp.) -- C:\WINDOWS\System32\dllcache\ac97sis.sys
[2010/06/22 15:58:14 | 000,096,256 | ---- | C] (Intel Corporation) -- C:\WINDOWS\System32\dllcache\ac97intc.sys
[2010/06/22 15:58:11 | 000,231,552 | ---- | C] (Acer Laboratories Inc.) -- C:\WINDOWS\System32\dllcache\ac97ali.sys
[2010/06/22 15:58:11 | 000,023,552 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\abp480n5.sys
[2010/06/22 15:58:10 | 000,462,848 | ---- | C] (Aureal Inc.) -- C:\WINDOWS\System32\dllcache\a3dapi.dll
[2010/06/22 15:58:10 | 000,098,304 | ---- | C] (Aureal Semiconductor) -- C:\WINDOWS\System32\dllcache\a3d.dll
[2010/06/22 15:58:09 | 000,048,128 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\61883.sys
[2010/06/22 15:58:09 | 000,038,400 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\8514a.dll
[2010/06/22 15:58:09 | 000,012,288 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\4mmdat.sys
[2010/06/22 15:58:07 | 000,762,780 | ---- | C] (3Com, Inc.) -- C:\WINDOWS\System32\dllcache\3cwmcru.sys
[2010/06/22 15:58:07 | 000,689,216 | ---- | C] (3dfx Interactive, Inc.) -- C:\WINDOWS\System32\dllcache\3dfxvs.dll
[2010/06/22 15:58:07 | 000,148,352 | ---- | C] (3dfx Interactive, Inc.) -- C:\WINDOWS\System32\dllcache\3dfxvsm.sys
[2010/06/22 15:57:51 | 000,011,264 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\1394vdbg.sys
[2010/06/22 15:53:36 | 000,066,048 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\s3legacy.dll



Last edited by crucifix676 on 12th July 2010, 8:10 am; edited 1 time in total

crucifix676
Novice
Novice

Posts Posts : 49
Joined Joined : 2010-06-22
OS OS : Windows XP
Points Points : 24363
# Likes # Likes : 0

View user profile

Back to top Go down

Re: Google Redirecting Malware

Post by crucifix676 on 12th July 2010, 8:09 am

[2010/06/22 14:20:24 | 000,000,000 | ---D | C] -- C:\Documents and Settings\HP_Administrator\My Documents\Simply Super Software
[2010/06/22 14:20:18 | 000,069,632 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\ztvcabinet.dll
[2010/06/22 06:00:58 | 000,000,000 | ---D | C] -- C:\Program Files\Loaris
[2010/06/22 03:29:57 | 000,000,000 | -HSD | C] -- C:\WINDOWS\CSC
[2010/06/21 07:32:25 | 000,000,000 | ---D | C] -- C:\Documents and Settings\HP_Administrator\My Documents\RegRun2
[2010/06/21 07:32:17 | 000,000,000 | ---D | C] -- C:\Program Files\UnHackMe
[2010/06/21 07:23:21 | 000,000,000 | ---D | C] -- C:\!KillBox
[2010/06/20 02:51:41 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NetworkService\Application Data\Macromedia
[2010/06/20 02:49:12 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NetworkService\Application Data\Adobe
[2010/06/12 16:30:37 | 000,000,000 | ---D | C] -- C:\Documents and Settings\HP_Administrator\Local Settings\Application Data\PCHealth
[2010/06/12 14:50:00 | 000,000,000 | ---D | C] -- C:\Documents and Settings\HP_Administrator\Application Data\NeopleLauncherDFO
[2010/06/12 14:26:10 | 000,000,000 | ---D | C] -- C:\Nexon
[2010/06/12 03:30:26 | 1189,285,496 | ---- | C] (Nexon) -- C:\Documents and Settings\HP_Administrator\Desktop\DFOSetup21.exe
[2009/11/08 22:08:08 | 692,554,778 | ---- | C] (Macrovision Corporation) -- C:\Documents and Settings\HP_Administrator\MTGOIII.exe
[2006/02/19 13:28:56 | 000,012,288 | ---- | C] (Hewlett-Packard Development Company, L.P.) -- C:\WINDOWS\Fonts\RandFont.dll
[9 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
[3 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[1 C:\Documents and Settings\HP_Administrator\Desktop\*.tmp files -> C:\Documents and Settings\HP_Administrator\Desktop\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2010/07/12 03:34:51 | 016,252,928 | ---- | M] () -- C:\Documents and Settings\HP_Administrator\NTUSER.DAT
[2010/07/12 03:34:51 | 000,262,144 | -H-- | M] () -- C:\Documents and Settings\NetworkService\NTUSER.DAT
[2010/07/12 03:34:51 | 000,262,144 | -H-- | M] () -- C:\Documents and Settings\LocalService\NTUSER.DAT
[2010/07/12 03:34:51 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2010/07/12 03:34:46 | 000,000,006 | -H-- | M] () -- C:\WINDOWS\tasks\SA.DAT
[2010/07/12 03:34:39 | 007,014,500 | -H-- | M] () -- C:\Documents and Settings\HP_Administrator\Local Settings\Application Data\IconCache.db
[2010/07/12 03:33:59 | 000,000,406 | ---- | M] () -- C:\WINDOWS\tasks\SmartDefrag.job
[2010/07/12 03:26:00 | 000,001,022 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-2239381086-1206112939-3159093799-1008UA.job
[2010/07/12 02:26:01 | 000,000,970 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-2239381086-1206112939-3159093799-1008Core.job
[2010/07/12 01:45:10 | 001,048,576 | ---- | M] () -- C:\Documents and Settings\Admin\NTUSER.DAT
[2010/07/12 00:46:58 | 000,047,616 | ---- | M] () -- C:\Documents and Settings\HP_Administrator\Desktop\Win32kDiag.exe
[2010/07/12 00:43:54 | 3219,705,856 | -HS- | M] () -- C:\hiberfil.sys
[2010/07/12 00:40:46 | 001,048,576 | ---- | M] () -- C:\Documents and Settings\Administrator\NTUSER.DAT
[2010/07/12 00:40:46 | 000,000,178 | -HS- | M] () -- C:\Documents and Settings\Administrator\ntuser.ini
[2010/07/12 00:40:44 | 001,600,656 | -H-- | M] () -- C:\Documents and Settings\Administrator\Local Settings\Application Data\IconCache.db
[2010/07/12 00:27:00 | 000,000,472 | ---- | M] () -- C:\WINDOWS\tasks\Ad-Aware Update (Daily 1).job
[2010/07/12 00:10:45 | 000,000,018 | -H-- | M] () -- C:\SYSREST
[2010/07/11 23:50:53 | 000,000,178 | -HS- | M] () -- C:\Documents and Settings\HP_Administrator\ntuser.ini
[2010/07/11 21:55:41 | 000,000,248 | ---- | M] () -- C:\WINDOWS\System\hpsysdrv.dat
[2010/07/11 18:27:00 | 000,000,472 | ---- | M] () -- C:\WINDOWS\tasks\Ad-Aware Update (Daily 4).job
[2010/07/11 17:26:19 | 000,000,120 | ---- | M] () -- C:\WINDOWS\Gbuxuq.dat
[2010/07/11 17:26:19 | 000,000,000 | ---- | M] () -- C:\WINDOWS\Pkexevihep.bin
[2010/07/11 17:26:17 | 000,272,161 | ---- | M] () -- C:\WINDOWS\System32\NvApps.xml
[2010/07/11 06:27:00 | 000,000,472 | ---- | M] () -- C:\WINDOWS\tasks\Ad-Aware Update (Daily 2).job
[2010/07/10 12:27:00 | 000,000,472 | ---- | M] () -- C:\WINDOWS\tasks\Ad-Aware Update (Daily 3).job
[2010/07/10 03:01:53 | 000,001,324 | ---- | M] () -- C:\WINDOWS\System32\d3d9caps.dat
[2010/07/09 04:42:19 | 000,001,516 | ---- | M] () -- C:\Documents and Settings\HP_Administrator\Application Data\Microsoft\Internet Explorer\Quick Launch\Vuze.lnk
[2010/07/08 06:26:07 | 074,117,032 | ---- | M] ( ) -- C:\Documents and Settings\HP_Administrator\Desktop\setup_9.0.0.722_08.07.2010_11-53.exe
[2010/07/08 05:10:46 | 000,278,984 | ---- | M] () -- C:\WINDOWS\System32\drivers\atksgt.sys
[2010/07/08 05:10:46 | 000,025,416 | ---- | M] () -- C:\WINDOWS\System32\drivers\lirsgt.sys
[2010/07/06 00:27:00 | 000,000,472 | ---- | M] () -- C:\WINDOWS\tasks\Ad-Aware Update (Weekly).job
[2010/07/04 21:23:35 | 000,001,585 | ---- | M] () -- C:\Documents and Settings\HP_Administrator\Desktop\DrWeb.csv
[2010/07/03 23:16:41 | 003,193,659 | ---- | M] () -- C:\Documents and Settings\HP_Administrator\Desktop\HD Trance - Focus.mp3
[2010/07/03 23:11:32 | 006,658,424 | ---- | M] () -- C:\Documents and Settings\HP_Administrator\Desktop\328239_LANCEFINALFUCK.mp3
[2010/07/03 23:04:34 | 004,912,787 | ---- | M] () -- C:\Documents and Settings\HP_Administrator\Desktop\Boys Like Girls-Heart Heartbreak.mp3
[2010/07/02 05:34:23 | 000,002,378 | ---- | M] () -- C:\Documents and Settings\HP_Administrator\Desktop\Google Chrome.lnk
[2010/07/02 05:34:23 | 000,002,356 | ---- | M] () -- C:\Documents and Settings\HP_Administrator\Application Data\Microsoft\Internet Explorer\Quick Launch\Google Chrome.lnk
[2010/07/01 03:59:01 | 000,113,664 | ---- | M] () -- C:\Documents and Settings\HP_Administrator\Desktop\SpiderKill.zip
[2010/06/29 17:52:37 | 000,016,968 | ---- | M] () -- C:\WINDOWS\System32\drivers\hitmanpro35.sys
[2010/06/25 19:22:13 | 000,006,656 | ---- | M] () -- C:\WINDOWS\System32\3D1AB9A9.exe
[2010/06/25 19:22:12 | 000,006,656 | ---- | M] () -- C:\WINDOWS\System32\441CC720.exe
[2010/06/25 19:22:09 | 000,006,656 | ---- | M] () -- C:\WINDOWS\System32\F6E68549.exe
[2010/06/25 19:22:08 | 000,006,656 | ---- | M] () -- C:\WINDOWS\System32\9258704E.exe
[2010/06/24 00:12:15 | 000,006,656 | ---- | M] () -- C:\WINDOWS\System32\D59DD1EF.exe
[2010/06/23 18:56:59 | 000,000,097 | ---- | M] () -- C:\WINDOWS\wroFrne.dll
[2010/06/23 16:20:01 | 000,939,956 | ---- | M] () -- C:\Documents and Settings\HP_Administrator\Desktop\7z465.exe
[2010/06/23 04:28:55 | 000,284,915 | R--- | M] () -- C:\Documents and Settings\HP_Administrator\Desktop\gmer.zip
[2010/06/23 01:08:07 | 000,001,778 | ---- | M] () -- C:\WINDOWS\System32\.crusader
[2010/06/22 23:53:45 | 000,000,000 | -H-- | M] () -- C:\WINDOWS\System32\wupd.dat
[2010/06/22 23:39:34 | 001,835,008 | ---- | M] () -- C:\Documents and Settings\Guest.ERIC\NTUSER.DAT
[2010/06/22 23:39:18 | 003,228,950 | -H-- | M] () -- C:\Documents and Settings\Guest.ERIC\Local Settings\Application Data\IconCache.db
[2010/06/22 20:42:09 | 000,007,680 | ---- | M] () -- C:\WINDOWS\14359296.exe
[2010/06/22 20:42:09 | 000,000,076 | ---- | M] () -- C:\WINDOWS\14359296.dat
[2010/06/22 16:46:58 | 000,001,158 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2010/06/22 14:30:29 | 000,000,001 | ---- | M] () -- C:\Documents and Settings\LocalService\oashdihasidhasuidhiasdhiashdiuasdhasd
[2010/06/22 14:13:40 | 000,000,010 | ---- | M] () -- C:\WINDOWS\System32\kr_done1
[2010/06/22 05:37:55 | 000,002,524 | ---- | M] () -- C:\WINDOWS\udulupav.dll
[2010/06/22 05:19:29 | 000,002,524 | ---- | M] () -- C:\WINDOWS\ihovokom.dll
[2010/06/22 03:18:25 | 000,002,524 | ---- | M] () -- C:\WINDOWS\ocahowobozeyes.dll
[2010/06/21 07:32:43 | 000,002,577 | ---- | M] () -- C:\WINDOWS\System32\CONFIG.NT
[2010/06/21 07:32:43 | 000,001,688 | ---- | M] () -- C:\WINDOWS\System32\AUTOEXEC.NT
[2010/06/21 07:32:43 | 000,000,002 | RHS- | M] () -- C:\WINDOWS\winstart.bat
[2010/06/12 16:25:32 | 000,325,912 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2010/06/12 15:35:58 | 000,001,374 | ---- | M] () -- C:\WINDOWS\imsins.BAK
[2010/06/12 15:15:43 | 000,507,922 | ---- | M] () -- C:\WINDOWS\System32\PerfStringBackup.INI
[2010/06/12 15:15:43 | 000,445,700 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2010/06/12 15:15:43 | 000,072,780 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2010/06/12 05:42:59 | 1189,285,496 | ---- | M] (Nexon) -- C:\Documents and Settings\HP_Administrator\Desktop\DFOSetup21.exe
[9 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
[3 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[1 C:\Documents and Settings\HP_Administrator\Desktop\*.tmp files -> C:\Documents and Settings\HP_Administrator\Desktop\*.tmp -> ]

========== Files Created - No Company Name ==========

[2010/07/12 00:46:51 | 000,047,616 | ---- | C] () -- C:\Documents and Settings\HP_Administrator\Desktop\Win32kDiag.exe
[2010/07/12 00:43:54 | 3219,705,856 | -HS- | C] () -- C:\hiberfil.sys
[2010/07/12 00:10:45 | 000,000,018 | -H-- | C] () -- C:\SYSREST
[2010/07/08 05:10:46 | 000,278,984 | ---- | C] () -- C:\WINDOWS\System32\drivers\atksgt.sys
[2010/07/08 05:10:46 | 000,025,416 | ---- | C] () -- C:\WINDOWS\System32\drivers\lirsgt.sys
[2010/07/04 21:23:35 | 000,001,585 | ---- | C] () -- C:\Documents and Settings\HP_Administrator\Desktop\DrWeb.csv
[2010/07/03 23:16:06 | 003,193,659 | ---- | C] () -- C:\Documents and Settings\HP_Administrator\Desktop\HD Trance - Focus.mp3
[2010/07/03 23:10:27 | 006,658,424 | ---- | C] () -- C:\Documents and Settings\HP_Administrator\Desktop\328239_LANCEFINALFUCK.mp3
[2010/07/03 23:04:06 | 004,912,787 | ---- | C] () -- C:\Documents and Settings\HP_Administrator\Desktop\Boys Like Girls-Heart Heartbreak.mp3
[2010/07/01 03:59:03 | 000,113,664 | ---- | C] () -- C:\Documents and Settings\HP_Administrator\Desktop\SpiderKill.zip
[2010/06/25 19:22:09 | 000,006,656 | ---- | C] () -- C:\WINDOWS\System32\F6E68549.exe
[2010/06/25 19:22:09 | 000,006,656 | ---- | C] () -- C:\WINDOWS\System32\441CC720.exe
[2010/06/25 19:22:08 | 000,006,656 | ---- | C] () -- C:\WINDOWS\System32\9258704E.exe
[2010/06/24 00:12:15 | 000,006,656 | ---- | C] () -- C:\WINDOWS\System32\D59DD1EF.exe
[2010/06/23 16:28:20 | 000,006,656 | ---- | C] () -- C:\WINDOWS\System32\3D1AB9A9.exe
[2010/06/23 16:19:58 | 000,939,956 | ---- | C] () -- C:\Documents and Settings\HP_Administrator\Desktop\7z465.exe
[2010/06/23 04:28:55 | 000,284,915 | R--- | C] () -- C:\Documents and Settings\HP_Administrator\Desktop\gmer.zip
[2010/06/23 01:08:07 | 000,001,778 | ---- | C] () -- C:\WINDOWS\System32\.crusader
[2010/06/23 00:43:10 | 000,016,968 | ---- | C] () -- C:\WINDOWS\System32\drivers\hitmanpro35.sys
[2010/06/22 20:42:09 | 000,007,680 | ---- | C] () -- C:\WINDOWS\14359296.exe
[2010/06/22 20:42:09 | 000,000,076 | ---- | C] () -- C:\WINDOWS\14359296.dat
[2010/06/22 16:44:08 | 000,000,000 | -H-- | C] () -- C:\WINDOWS\System32\wupd.dat
[2010/06/22 16:19:41 | 000,165,888 | ---- | C] () -- C:\WINDOWS\System32\dllcache\hpgt53.dll
[2010/06/22 16:19:37 | 000,093,696 | ---- | C] () -- C:\WINDOWS\System32\dllcache\hpgt42.dll
[2010/06/22 16:19:18 | 000,101,376 | ---- | C] () -- C:\WINDOWS\System32\dllcache\hpgt34.dll
[2010/06/22 16:19:14 | 000,089,088 | ---- | C] () -- C:\WINDOWS\System32\dllcache\hpgt33.dll
[2010/06/22 16:18:54 | 000,083,968 | ---- | C] () -- C:\WINDOWS\System32\dllcache\hpgt21.dll
[2010/06/22 16:10:43 | 000,029,768 | ---- | C] () -- C:\WINDOWS\System32\dllcache\divasu.dll
[2010/06/22 16:10:42 | 000,037,962 | ---- | C] () -- C:\WINDOWS\System32\dllcache\divaprop.dll
[2010/06/22 16:10:27 | 000,006,216 | ---- | C] () -- C:\WINDOWS\System32\dllcache\divaci.dll
[2010/06/22 16:01:00 | 000,023,552 | ---- | C] () -- C:\WINDOWS\System32\dllcache\atixbar.sys
[2010/06/22 16:00:59 | 000,026,624 | ---- | C] () -- C:\WINDOWS\System32\dllcache\ativxbar.sys
[2010/06/22 16:00:59 | 000,019,456 | ---- | C] () -- C:\WINDOWS\System32\dllcache\ativttxx.sys
[2010/06/22 16:00:58 | 000,009,472 | ---- | C] () -- C:\WINDOWS\System32\dllcache\ativmdcd.sys
[2010/06/22 16:00:57 | 000,026,880 | ---- | C] () -- C:\WINDOWS\System32\dllcache\atirtsnd.sys
[2010/06/22 16:00:57 | 000,017,152 | ---- | C] () -- C:\WINDOWS\System32\dllcache\atitvsnd.sys
[2010/06/22 16:00:57 | 000,017,152 | ---- | C] () -- C:\WINDOWS\System32\dllcache\atitunep.sys
[2010/06/22 16:00:56 | 000,049,920 | ---- | C] () -- C:\WINDOWS\System32\dllcache\atirtcap.sys
[2010/06/22 16:00:41 | 000,010,240 | ---- | C] () -- C:\WINDOWS\System32\dllcache\atipcxxx.sys
[2010/06/22 16:00:35 | 000,046,464 | ---- | C] () -- C:\WINDOWS\System32\dllcache\atibt829.sys
[2010/06/22 14:30:29 | 000,000,001 | ---- | C] () -- C:\Documents and Settings\LocalService\oashdihasidhasuidhiasdhiashdiuasdhasd
[2010/06/22 14:20:18 | 000,162,304 | ---- | C] () -- C:\WINDOWS\System32\ztvunrar36.dll
[2010/06/22 14:20:18 | 000,153,088 | ---- | C] () -- C:\WINDOWS\System32\UNRAR3.dll
[2010/06/22 14:20:18 | 000,077,312 | ---- | C] () -- C:\WINDOWS\System32\ztvunace26.dll
[2010/06/22 14:20:18 | 000,075,264 | ---- | C] () -- C:\WINDOWS\System32\unacev2.dll
[2010/06/22 14:11:48 | 000,000,010 | ---- | C] () -- C:\WINDOWS\System32\kr_done1
[2010/06/22 05:37:55 | 000,002,524 | ---- | C] () -- C:\WINDOWS\udulupav.dll
[2010/06/22 05:19:29 | 000,002,524 | ---- | C] () -- C:\WINDOWS\ihovokom.dll
[2010/06/22 03:18:25 | 000,002,524 | ---- | C] () -- C:\WINDOWS\ocahowobozeyes.dll
[2010/06/22 02:55:59 | 000,000,120 | ---- | C] () -- C:\WINDOWS\Gbuxuq.dat
[2010/06/22 02:55:59 | 000,000,000 | ---- | C] () -- C:\WINDOWS\Pkexevihep.bin
[2010/06/21 07:32:43 | 000,000,002 | RHS- | C] () -- C:\WINDOWS\winstart.bat
[2010/06/12 15:28:10 | 000,001,374 | ---- | C] () -- C:\WINDOWS\imsins.BAK
[2009/12/23 13:53:30 | 001,683,612 | ---- | C] () -- C:\Documents and Settings\HP_Administrator\Local Settings\Application Data\prvlcl.dat
[2009/12/18 04:14:15 | 000,008,704 | ---- | C] () -- C:\WINDOWS\System32\CNMVS7L.DLL
[2009/12/12 04:44:50 | 000,001,062 | ---- | C] () -- C:\WINDOWS\TLMSTUDENT.INI
[2009/12/12 04:44:48 | 000,000,826 | ---- | C] () -- C:\WINDOWS\SSCE.INI
[2009/12/03 22:58:48 | 000,000,140 | ---- | C] () -- C:\Documents and Settings\LocalService\Local Settings\Application Data\xobni_installer_updater.log
[2009/11/05 22:14:42 | 000,041,872 | ---- | C] () -- C:\WINDOWS\System32\xfcodec.dll
[2009/08/07 22:51:34 | 000,178,430 | ---- | C] () -- C:\WINDOWS\System32\xlive.dll.cat
[2009/05/31 00:10:00 | 005,117,087 | ---- | C] () -- C:\Documents and Settings\HP_Administrator\data.pck
[2009/05/31 00:09:59 | 002,936,832 | ---- | C] () -- C:\Documents and Settings\HP_Administrator\CabalMain.exe
[2009/05/02 17:16:45 | 000,000,709 | ---- | C] () -- C:\Documents and Settings\HP_Administrator\CommandDispatchers.xml
[2009/05/02 17:16:39 | 000,001,372 | ---- | C] () -- C:\Documents and Settings\HP_Administrator\cleaner-config.xml
[2009/01/24 18:41:17 | 000,003,840 | ---- | C] () -- C:\WINDOWS\System32\drivers\BANTExt.sys
[2008/12/21 23:58:39 | 000,014,705 | ---- | C] () -- C:\Documents and Settings\HP_Administrator\hs_err_pid3580.log
[2008/08/09 16:35:20 | 000,000,128 | ---- | C] () -- C:\Documents and Settings\Admin\Local Settings\Application Data\fusioncache.dat
[2008/08/09 16:35:17 | 000,057,344 | -H-- | C] () -- C:\Documents and Settings\Admin\ntuser.dat.LOG
[2008/08/09 16:35:17 | 000,000,178 | -HS- | C] () -- C:\Documents and Settings\Admin\ntuser.ini
[2008/08/09 16:35:16 | 001,048,576 | ---- | C] () -- C:\Documents and Settings\Admin\NTUSER.DAT
[2008/07/10 21:42:41 | 000,000,187 | ---- | C] () -- C:\Documents and Settings\HP_Administrator\Application Data\G-Force Prefs (WindowsMediaPlayer).txt
[2008/05/21 17:24:08 | 000,000,133 | ---- | C] () -- C:\Documents and Settings\Guest.ERIC\Local Settings\Application Data\fusioncache.dat
[2008/05/21 17:24:05 | 001,835,008 | ---- | C] () -- C:\Documents and Settings\Guest.ERIC\NTUSER.DAT
[2008/05/21 17:24:05 | 000,008,192 | -H-- | C] () -- C:\Documents and Settings\Guest.ERIC\ntuser.dat.LOG
[2008/05/21 17:24:05 | 000,000,178 | -HS- | C] () -- C:\Documents and Settings\Guest.ERIC\ntuser.ini
[2008/04/17 18:58:50 | 000,000,139 | ---- | C] () -- C:\Documents and Settings\HP_Administrator\Local Settings\Application Data\fusioncache.dat
[2008/04/17 18:58:45 | 000,000,178 | -HS- | C] () -- C:\Documents and Settings\HP_Administrator\ntuser.ini
[2008/04/17 18:58:44 | 016,252,928 | ---- | C] () -- C:\Documents and Settings\HP_Administrator\NTUSER.DAT
[2008/04/17 18:58:44 | 000,020,480 | ---- | C] () -- C:\Documents and Settings\HP_Administrator\ntuser.dat.LOG
[2007/07/22 16:54:22 | 000,001,816 | ---- | C] () -- C:\WINDOWS\TSearch.INI
[2007/05/03 22:51:02 | 000,000,052 | ---- | C] () -- C:\WINDOWS\GunzLauncher.INI
[2006/12/19 16:19:12 | 000,000,027 | ---- | C] () -- C:\WINDOWS\9DSetup.ini
[2006/11/19 22:21:21 | 000,000,000 | ---- | C] () -- C:\WINDOWS\vpc32.INI
[2006/11/18 16:12:44 | 000,000,214 | ---- | C] () -- C:\WINDOWS\HP_48BitScanUpdatePatch.ini
[2006/11/09 16:04:56 | 000,000,029 | ---- | C] () -- C:\WINDOWS\atid.ini
[2006/10/17 10:32:01 | 000,003,050 | ---- | C] () -- C:\WINDOWS\System32\ASPRTMM1.DLL
[2006/08/27 04:49:13 | 000,043,004 | ---- | C] () -- C:\Documents and Settings\HP_Administrator\Application Data\PatchUpdate_HP_CounterReport_Update_HPSU.log
[2006/08/27 04:49:13 | 000,000,227 | ---- | C] () -- C:\WINDOWS\HP_CounterReport_Update_HPSU.ini
[2006/08/27 04:38:17 | 000,006,633 | ---- | C] () -- C:\Documents and Settings\HP_Administrator\Application Data\GdiplusUpgrade_MSIApproach_Wrapper.log
[2006/08/27 04:38:17 | 000,000,206 | ---- | C] () -- C:\WINDOWS\HPGdiPlus.ini
[2006/08/18 01:28:21 | 000,032,256 | ---- | C] () -- C:\Documents and Settings\HP_Administrator\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2006/06/18 01:28:43 | 000,000,061 | ---- | C] () -- C:\WINDOWS\smscfg.ini
[2006/06/18 01:07:30 | 000,028,848 | ---- | C] () -- C:\WINDOWS\System32\drivers\USBkey.sys
[2006/06/18 01:02:11 | 000,014,315 | ---- | C] () -- C:\WINDOWS\System32\CHODDI.SYS
[2006/06/18 01:02:05 | 000,045,056 | ---- | C] () -- C:\WINDOWS\System32\hpreg.dll
[2006/06/18 00:59:20 | 000,000,174 | ---- | C] () -- C:\WINDOWS\QUICKEN.INI
[2006/06/18 00:56:46 | 000,000,376 | ---- | C] () -- C:\WINDOWS\ODBC.INI
[2006/06/18 00:45:53 | 000,000,157 | ---- | C] () -- C:\WINDOWS\WININIT.INI
[2006/06/18 00:45:15 | 000,000,698 | ---- | C] () -- C:\WINDOWS\NSSetDefaultBrowser.ini
[2006/06/18 00:30:33 | 000,001,793 | ---- | C] () -- C:\WINDOWS\System32\fxsperf.ini
[2006/06/18 00:28:18 | 000,102,400 | ---- | C] () -- C:\WINDOWS\System32\hcwXDS.dll
[2006/06/18 00:27:01 | 000,573,440 | ---- | C] () -- C:\WINDOWS\System32\nvhwvid.dll
[2006/06/18 00:27:01 | 000,286,720 | ---- | C] () -- C:\WINDOWS\System32\nvnt4cpl.dll
[2006/06/18 00:25:32 | 000,000,791 | ---- | C] () -- C:\WINDOWS\orun32.ini
[2006/06/18 00:08:13 | 000,000,136 | ---- | C] () -- C:\Documents and Settings\Administrator\Local Settings\Application Data\fusioncache.dat
[2006/06/18 00:05:31 | 000,323,584 | ---- | C] () -- C:\WINDOWS\System32\pythoncom22.dll
[2006/06/18 00:05:31 | 000,094,208 | ---- | C] () -- C:\WINDOWS\System32\pywintypes22.dll
[2006/06/18 00:05:13 | 000,016,896 | ---- | C] () -- C:\WINDOWS\System32\bcbmm.dll
[2006/06/18 00:02:12 | 000,000,020 | -HS- | C] () -- C:\Documents and Settings\LocalService\ntuser.ini
[2006/06/18 00:02:11 | 000,262,144 | -H-- | C] () -- C:\Documents and Settings\LocalService\NTUSER.DAT
[2006/06/18 00:02:11 | 000,008,192 | -H-- | C] () -- C:\Documents and Settings\LocalService\ntuser.dat.LOG
[2006/06/18 00:02:10 | 000,262,144 | -H-- | C] () -- C:\Documents and Settings\NetworkService\NTUSER.DAT
[2006/06/18 00:02:10 | 000,008,192 | -H-- | C] () -- C:\Documents and Settings\NetworkService\ntuser.dat.LOG
[2006/06/18 00:02:10 | 000,000,020 | -HS- | C] () -- C:\Documents and Settings\NetworkService\ntuser.ini
[2006/03/17 20:23:44 | 000,000,000 | ---- | C] () -- C:\WINDOWS\System32\px.ini
[2005/08/31 00:17:36 | 001,048,576 | ---- | C] () -- C:\Documents and Settings\Administrator\NTUSER.DAT
[2005/08/31 00:17:36 | 000,008,192 | -H-- | C] () -- C:\Documents and Settings\Administrator\ntuser.dat.LOG
[2005/08/31 00:17:36 | 000,000,178 | -HS- | C] () -- C:\Documents and Settings\Administrator\ntuser.ini
[2005/08/06 00:01:54 | 000,235,008 | ---- | C] () -- C:\WINDOWS\System32\psisdecd.dll
[2005/08/03 02:19:16 | 000,050,176 | ---- | C] () -- C:\WINDOWS\armcex.dll
[2004/08/10 00:00:00 | 000,000,097 | ---- | C] () -- C:\WINDOWS\wroFrne.dll
[2004/07/26 10:51:38 | 000,000,560 | ---- | C] () -- C:\WINDOWS\System32\oeminfo.ini
[2003/11/05 10:45:12 | 000,017,408 | ---- | C] () -- C:\WINDOWS\System32\drivers\bb-run.sys
[2001/07/07 01:30:00 | 000,003,399 | ---- | C] () -- C:\WINDOWS\System32\hptcpmon.ini

========== LOP Check ==========

[2008/08/09 16:36:49 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Admin\Application Data\Lightning Download
[2008/07/19 15:14:25 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Guest.ERIC\Application Data\Lightning Download
[2010/05/30 20:50:30 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Guest.ERIC\Application Data\Opera
[2010/07/12 00:27:00 | 000,000,472 | ---- | M] () -- C:\WINDOWS\Tasks\Ad-Aware Update (Daily 1).job
[2010/07/11 06:27:00 | 000,000,472 | ---- | M] () -- C:\WINDOWS\Tasks\Ad-Aware Update (Daily 2).job
[2010/07/10 12:27:00 | 000,000,472 | ---- | M] () -- C:\WINDOWS\Tasks\Ad-Aware Update (Daily 3).job
[2010/07/11 18:27:00 | 000,000,472 | ---- | M] () -- C:\WINDOWS\Tasks\Ad-Aware Update (Daily 4).job
[2010/07/06 00:27:00 | 000,000,472 | ---- | M] () -- C:\WINDOWS\Tasks\Ad-Aware Update (Weekly).job
[2010/07/12 03:33:59 | 000,000,406 | ---- | M] () -- C:\WINDOWS\Tasks\SmartDefrag.job

========== Purity Check ==========


< End of report >

crucifix676
Novice
Novice

Posts Posts : 49
Joined Joined : 2010-06-22
OS OS : Windows XP
Points Points : 24363
# Likes # Likes : 0

View user profile

Back to top Go down

Re: Google Redirecting Malware

Post by Dr Jay on 13th July 2010, 3:38 am

Please run OTLPE
  • Under the Custom Scans/Fixes box at the bottom, copy and paste in the following:

    :otl
    DRV - File not found [Kernel | On_Demand] -- C:\DOCUME~1\HP_ADM~1\LOCALS~1\Temp\EagleNT.sys -- (EagleNT)
    O4 - HKU\Guest.ERIC_ON_C..\Run: [Mqoganapiqifep] C:\WINDOWS\iwufazeqeq.DLL (MainConcept GmbH)
    O4 - HKU\HP_Administrator_ON_C..\Run: [Kmozafeyutezezuq] C:\WINDOWS\wroFrne.DLL ()
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\Run: Jhjxm = rundll32 "C:\WINDOWS\system32\12520437Z.dll",NZOHMSFAFN File not found
    O7 - HKU\HP_Administrator_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DisableTaskMgr = 1
    [2010/06/30 06:37:15 | 000,000,000 | ---D | C] -- C:\Documents and Settings\HP_Administrator\Local Settings\Application Data\{30A770C9-F875-44F8-AF80-3147BCCFD89A}
    [2010/07/11 17:26:19 | 000,000,120 | ---- | M] () -- C:\WINDOWS\Gbuxuq.dat
    [2010/07/11 17:26:19 | 000,000,000 | ---- | M] () -- C:\WINDOWS\Pkexevihep.bin
    [2010/06/25 19:22:13 | 000,006,656 | ---- | M] () -- C:\WINDOWS\System32\3D1AB9A9.exe
    [2010/06/25 19:22:12 | 000,006,656 | ---- | M] () -- C:\WINDOWS\System32\441CC720.exe
    [2010/06/25 19:22:09 | 000,006,656 | ---- | M] () -- C:\WINDOWS\System32\F6E68549.exe
    [2010/06/25 19:22:08 | 000,006,656 | ---- | M] () -- C:\WINDOWS\System32\9258704E.exe
    [2010/06/24 00:12:15 | 000,006,656 | ---- | M] () -- C:\WINDOWS\System32\D59DD1EF.exe
    [2010/06/23 18:56:59 | 000,000,097 | ---- | M] () -- C:\WINDOWS\wroFrne.dll
    [2010/06/22 20:42:09 | 000,007,680 | ---- | M] () -- C:\WINDOWS\14359296.exe
    [2010/06/22 20:42:09 | 000,000,076 | ---- | M] () -- C:\WINDOWS\14359296.dat
    [2010/06/22 14:30:29 | 000,000,001 | ---- | M] () -- C:\Documents and Settings\LocalService\oashdihasidhasuidhiasdhiashdiuasdhasd
    [2010/06/22 05:37:55 | 000,002,524 | ---- | M] () -- C:\WINDOWS\udulupav.dll
    [2010/06/22 05:19:29 | 000,002,524 | ---- | M] () -- C:\WINDOWS\ihovokom.dll
    [2010/06/22 03:18:25 | 000,002,524 | ---- | M] () -- C:\WINDOWS\ocahowobozeyes.dll

    :commands
    [emptytemp]
    [reboot]


  • Then click the Run Fix button at the top.
  • Please do not exit the program. It might take a while to fix, but allow it to run. If it asks to reboot the computer, allow it to reboot. If the program freezes, and the computer fails to reboot - let me know.
    Lastly, post the contents of the log. (Located at C:\_OTL\Moved Files)


Dr. Jay (DJ)


[You must be registered and logged in to see this link.] ~ [You must be registered and logged in to see this link.] ~ [You must be registered and logged in to see this link.] ~ [You must be registered and logged in to see this link.]

Dr Jay
Head Administrator
Head Administrator

Posts Posts : 14314
Joined Joined : 2009-09-06
Gender Gender : Male
OS OS : Windows 10 Home & Pro
Arch. Arch. : x64 (64-bit)
Protection Protection : Bitdefender Total Security
Points Points : 302999
# Likes # Likes : 10

View user profile

Back to top Go down

Re: Google Redirecting Malware

Post by crucifix676 on 15th July 2010, 8:06 am

========== OTL ==========
Registry key HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Services\EagleNT deleted successfully.
File C:\DOCUME~1\HP_ADM~1\LOCALS~1\Temp\EagleNT.sys not found.
Registry value HKEY_USERS\Guest.ERIC_ON_C\Software\Microsoft\Windows\CurrentVersion\Run\\Mqoganapiqifep deleted successfully.
C:\WINDOWS\iwufazeqeq.dll moved successfully.
Registry value HKEY_USERS\HP_Administrator_ON_C\Software\Microsoft\Windows\CurrentVersion\Run\\Kmozafeyutezezuq deleted successfully.
C:\WINDOWS\wroFrne.dll moved successfully.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\Run\\Jhjxm deleted successfully.
Registry value HKEY_USERS\HP_Administrator_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\\DisableTaskMgr deleted successfully.
C:\Documents and Settings\HP_Administrator\Local Settings\Application Data\{30A770C9-F875-44F8-AF80-3147BCCFD89A}\chrome\content folder moved successfully.
C:\Documents and Settings\HP_Administrator\Local Settings\Application Data\{30A770C9-F875-44F8-AF80-3147BCCFD89A}\chrome folder moved successfully.
C:\Documents and Settings\HP_Administrator\Local Settings\Application Data\{30A770C9-F875-44F8-AF80-3147BCCFD89A} folder moved successfully.
C:\WINDOWS\Gbuxuq.dat moved successfully.
C:\WINDOWS\Pkexevihep.bin moved successfully.
C:\WINDOWS\system32\3D1AB9A9.exe moved successfully.
C:\WINDOWS\system32\441CC720.exe moved successfully.
C:\WINDOWS\system32\F6E68549.exe moved successfully.
C:\WINDOWS\system32\9258704E.exe moved successfully.
C:\WINDOWS\system32\D59DD1EF.exe moved successfully.
File C:\WINDOWS\wroFrne.dll not found.
C:\WINDOWS\14359296.exe moved successfully.
C:\WINDOWS\14359296.dat moved successfully.
C:\Documents and Settings\LocalService\oashdihasidhasuidhiasdhiashdiuasdhasd moved successfully.
C:\WINDOWS\udulupav.dll moved successfully.
C:\WINDOWS\ihovokom.dll moved successfully.
C:\WINDOWS\ocahowobozeyes.dll moved successfully.
========== COMMANDS ==========

[EMPTYTEMP]

User: Admin
->Temp folder emptied: 1694205 bytes
->Temporary Internet Files folder emptied: 3825760 bytes
->FireFox cache emptied: 47202092 bytes
->Flash cache emptied: 2040 bytes

User: Administrator
->Temp folder emptied: 31612 bytes
->Temporary Internet Files folder emptied: 107242 bytes

User: All Users

User: asdf
->Temp folder emptied: 62869 bytes
->Temporary Internet Files folder emptied: 117730 bytes

User: Default User
->Temp folder emptied: 31612 bytes
->Temporary Internet Files folder emptied: 107242 bytes
->Flash cache emptied: 41620 bytes

User: Eric
->Temp folder emptied: 1697449091 bytes
->Temporary Internet Files folder emptied: 1039595342 bytes
->Java cache emptied: 11488526 bytes
->FireFox cache emptied: 56799523 bytes
->Flash cache emptied: 162823 bytes

User: Guest
->Temp folder emptied: 2197195 bytes
->Temporary Internet Files folder emptied: 16037480 bytes
->Java cache emptied: 2343343 bytes
->FireFox cache emptied: 25629645 bytes
->Flash cache emptied: 942 bytes

User: Guest.ERIC
->Temp folder emptied: 746745 bytes
->Temporary Internet Files folder emptied: 232228197 bytes
->Java cache emptied: 424064 bytes
->FireFox cache emptied: 52118352 bytes
->Flash cache emptied: 3998 bytes

User: HP_Administrator
->Temp folder emptied: 741997325 bytes
->Temporary Internet Files folder emptied: 2031755 bytes
->Java cache emptied: 423450 bytes
->FireFox cache emptied: 102783808 bytes
->Google Chrome cache emptied: 0 bytes
->Flash cache emptied: 86841 bytes

User: LocalService
->Temp folder emptied: 66252 bytes
->Temporary Internet Files folder emptied: 18409579 bytes
->Flash cache emptied: 5561 bytes

User: NetworkService
->Temp folder emptied: 792828 bytes
->Temporary Internet Files folder emptied: 34340344 bytes
->Java cache emptied: 28614 bytes
->FireFox cache emptied: 2278961 bytes
->Flash cache emptied: 52822 bytes

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 498655 bytes
%systemroot%\System32 .tmp files removed: 14723985 bytes
%systemroot%\System32\dllcache .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 117780558 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temp folder emptied: 49519276 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temporary Internet Files folder emptied: 127561 bytes

Total Files Cleaned = 4,078.00 mb

crucifix676
Novice
Novice

Posts Posts : 49
Joined Joined : 2010-06-22
OS OS : Windows XP
Points Points : 24363
# Likes # Likes : 0

View user profile

Back to top Go down

Re: Google Redirecting Malware

Post by Dr Jay on 15th July 2010, 6:58 pm

Please download Stealth MBR Rootkit Detector by GMER from [You must be registered and logged in to see this link.], and save to your Desktop.
  • Double-click mbr.exe to start the program.
  • When done scanning, it will save a log on the Desktop called mbr.log.
  • Please post the contents of that log in your next reply.


Dr. Jay (DJ)


[You must be registered and logged in to see this link.] ~ [You must be registered and logged in to see this link.] ~ [You must be registered and logged in to see this link.] ~ [You must be registered and logged in to see this link.]

Dr Jay
Head Administrator
Head Administrator

Posts Posts : 14314
Joined Joined : 2009-09-06
Gender Gender : Male
OS OS : Windows 10 Home & Pro
Arch. Arch. : x64 (64-bit)
Protection Protection : Bitdefender Total Security
Points Points : 302999
# Likes # Likes : 10

View user profile

Back to top Go down

Re: Google Redirecting Malware

Post by crucifix676 on 15th July 2010, 10:26 pm

Seems all my programs are being seen as a file that I have to open with some other program, including this one. So I tried right clicking and starting it and it seemed to work at first, but this all the log file gave back.

Stealth MBR rootkit/Mebroot/Sinowal detector 0.3.7 by Gmer, [You must be registered and logged in to see this link.]

device: opened successfully
user: MBR read successfully
kernel: MBR read successfully
user & kernel MBR OK

crucifix676
Novice
Novice

Posts Posts : 49
Joined Joined : 2010-06-22
OS OS : Windows XP
Points Points : 24363
# Likes # Likes : 0

View user profile

Back to top Go down

Re: Google Redirecting Malware

Post by Dr Jay on 17th July 2010, 6:06 pm

The redirects still continue?


Dr. Jay (DJ)


[You must be registered and logged in to see this link.] ~ [You must be registered and logged in to see this link.] ~ [You must be registered and logged in to see this link.] ~ [You must be registered and logged in to see this link.]

Dr Jay
Head Administrator
Head Administrator

Posts Posts : 14314
Joined Joined : 2009-09-06
Gender Gender : Male
OS OS : Windows 10 Home & Pro
Arch. Arch. : x64 (64-bit)
Protection Protection : Bitdefender Total Security
Points Points : 302999
# Likes # Likes : 10

View user profile

Back to top Go down

Re: Google Redirecting Malware

Post by crucifix676 on 18th July 2010, 6:28 am

Yes, the redirects are still continuing along with random tab openings.

crucifix676
Novice
Novice

Posts Posts : 49
Joined Joined : 2010-06-22
OS OS : Windows XP
Points Points : 24363
# Likes # Likes : 0

View user profile

Back to top Go down

Re: Google Redirecting Malware

Post by Dr Jay on 18th July 2010, 6:57 pm

Let's look at something.

Please download [You must be registered and logged in to see this link.] and Save it to your desktop

  1. Double click it to start the tool.
  2. Click Scan.
  3. Eventually, a Notepad file containing the report will open, also found at C:\Rooter.txt. Post that log in your next reply.


Dr. Jay (DJ)


[You must be registered and logged in to see this link.] ~ [You must be registered and logged in to see this link.] ~ [You must be registered and logged in to see this link.] ~ [You must be registered and logged in to see this link.]

Dr Jay
Head Administrator
Head Administrator

Posts Posts : 14314
Joined Joined : 2009-09-06
Gender Gender : Male
OS OS : Windows 10 Home & Pro
Arch. Arch. : x64 (64-bit)
Protection Protection : Bitdefender Total Security
Points Points : 302999
# Likes # Likes : 10

View user profile

Back to top Go down

Re: Google Redirecting Malware

Post by crucifix676 on 19th July 2010, 1:48 am

Rooter.exe (v1.0.2) by Eric_71
.
SeDebugPrivilege granted successfully ...
.
Windows XP . (5.1.2600) Service Pack 3
[32_bits] - x86 Family 15 Model 39 Stepping 1, AuthenticAMD
.
[wscsvc] STOPPED (state:1) : Security Center -> Disabled !
[SharedAccess] RUNNING (state:4)
Windows Firewall -> Disabled !
.
Internet Explorer 6.0.2900.5512
Mozilla Firefox 3.6.6 (en-US)
.
C:\ [Fixed-NTFS] .. ( Total:224 Go - Free:41 Go )
D:\ [Fixed-FAT32] .. ( Total:8 Go - Free:0 Go )
E:\ [Removable]
F:\ [Removable]
G:\ [Removable]
H:\ [Removable]
I:\ [Removable]
.
Scan : 21:43.50
Path : C:\Documents and Settings\HP_Administrator\Desktop\Rooter.exe
User : HP_Administrator ( Administrator -> YES )
.
----------------------\\ Processes
.
Locked [System Process] (0)
______ System (4)
______ \SystemRoot\System32\smss.exe (588)
______ \??\C:\WINDOWS\system32\csrss.exe (852)
______ \??\C:\WINDOWS\system32\winlogon.exe (880)
______ C:\WINDOWS\system32\services.exe (924)
______ C:\WINDOWS\system32\lsass.exe (936)
______ C:\WINDOWS\system32\nvsvc32.exe (1116)
______ C:\WINDOWS\system32\svchost.exe (1148)
______ C:\WINDOWS\system32\svchost.exe (1228)
______ C:\WINDOWS\System32\svchost.exe (1320)
______ C:\WINDOWS\system32\svchost.exe (1404)
______ C:\WINDOWS\system32\spoolsv.exe (1620)
______ C:\WINDOWS\system32\svchost.exe (1768)
______ C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe (1796)
______ C:\WINDOWS\arservice.exe (1808)
______ C:\Program Files\AskBarDis\bar\bin\AskService.exe (1876)
______ C:\Program Files\AskBarDis\bar\bin\ASKUpgrade.exe (1900)
______ C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe (1920)
______ C:\Program Files\Bonjour\mDNSResponder.exe (1952)
______ C:\WINDOWS\eHome\ehRecvr.exe (2028)
______ C:\WINDOWS\eHome\ehSched.exe (628)
______ C:\Program Files\Java\jre6\bin\jqs.exe (688)
______ C:\Program Files\Common Files\LightScribe\LSSrvc.exe (752)
______ C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE (1040)
______ C:\Program Files\Panda Security\Panda Cloud Antivirus\PSANHost.exe (1296)
______ C:\Program Files\Common Files\Protexis\License Service\PsiService_2.exe (1364)
______ C:\WINDOWS\system32\svchost.exe (1432)
______ C:\WINDOWS\system32\wuauclt.exe (1640)
______ C:\WINDOWS\system32\dllhost.exe (2352)
______ C:\WINDOWS\Explorer.EXE (3084)
______ C:\WINDOWS\System32\alg.exe (3160)
______ C:\Program Files\Mozilla Firefox\firefox.exe (3016)
______ C:\Program Files\Mozilla Firefox\plugin-container.exe (3800)
______ C:\Documents and Settings\HP_Administrator\Desktop\Rooter.exe (304)
.
----------------------\\ Device\Harddisk0\
.
\Device\Harddisk0 [Sectors : 63 x 512 Bytes]
.
\Device\Harddisk0\Partition1 --[ MBR ]-- (Start_Offset:32256 | Length:240596181504)
\Device\Harddisk0\Partition2 (Start_Offset:240603955200 | Length:9452298240)
.
----------------------\\ Scheduled Tasks
.
C:\WINDOWS\Tasks\Ad-Aware Update (Daily 1).job
C:\WINDOWS\Tasks\Ad-Aware Update (Daily 2).job
C:\WINDOWS\Tasks\Ad-Aware Update (Daily 3).job
C:\WINDOWS\Tasks\Ad-Aware Update (Daily 4).job
C:\WINDOWS\Tasks\Ad-Aware Update (Weekly).job
C:\WINDOWS\Tasks\desktop.ini
C:\WINDOWS\Tasks\GoogleUpdateTaskUserS-1-5-21-2239381086-1206112939-3159093799-1008Core.job
C:\WINDOWS\Tasks\GoogleUpdateTaskUserS-1-5-21-2239381086-1206112939-3159093799-1008UA.job
C:\WINDOWS\Tasks\SA.DAT
C:\WINDOWS\Tasks\SmartDefrag.job
.
----------------------\\ Registry
.
.
----------------------\\ Files & Folders
.
----------------------\\ Scan completed at 21:44.06

crucifix676
Novice
Novice

Posts Posts : 49
Joined Joined : 2010-06-22
OS OS : Windows XP
Points Points : 24363
# Likes # Likes : 0

View user profile

Back to top Go down

Re: Google Redirecting Malware

Post by Dr Jay on 19th July 2010, 6:02 am

Download [You must be registered and logged in to see this link.] to your desktop.
  • Double click MBRCheck.exe to run (Vista and Windows 7 users, right click and select Run as Administrator).
  • It will show a black screen with some data on it.
  • A report called MBRcheckxxxx.txt will be on your desktop
  • Open this report and post its content in your next reply.


Dr. Jay (DJ)


[You must be registered and logged in to see this link.] ~ [You must be registered and logged in to see this link.] ~ [You must be registered and logged in to see this link.] ~ [You must be registered and logged in to see this link.]

Dr Jay
Head Administrator
Head Administrator

Posts Posts : 14314
Joined Joined : 2009-09-06
Gender Gender : Male
OS OS : Windows 10 Home & Pro
Arch. Arch. : x64 (64-bit)
Protection Protection : Bitdefender Total Security
Points Points : 302999
# Likes # Likes : 10

View user profile

Back to top Go down

Re: Google Redirecting Malware

Post by crucifix676 on 20th July 2010, 10:03 am

Eh this is all I got.

MBRCheck, version 1.1.1

(c) 2010, AD



\\.\C: --> \\.\PhysicalDrive0

\\.\D: --> \\.\PhysicalDrive0



Size Device Name MBR Status

--------------------------------------------

232 GB \\.\PhysicalDrive0 Error reading raw MBR!

crucifix676
Novice
Novice

Posts Posts : 49
Joined Joined : 2010-06-22
OS OS : Windows XP
Points Points : 24363
# Likes # Likes : 0

View user profile

Back to top Go down

Re: Google Redirecting Malware

Post by Dr Jay on 20th July 2010, 6:54 pm

Please download Stealth MBR Rootkit Detector by GMER from [You must be registered and logged in to see this link.], and save to your Desktop.
  • Double-click mbr.exe to start the program.
  • When done scanning, it will save a log on the Desktop called mbr.log.
  • Please post the contents of that log in your next reply.


Dr. Jay (DJ)


[You must be registered and logged in to see this link.] ~ [You must be registered and logged in to see this link.] ~ [You must be registered and logged in to see this link.] ~ [You must be registered and logged in to see this link.]

Dr Jay
Head Administrator
Head Administrator

Posts Posts : 14314
Joined Joined : 2009-09-06
Gender Gender : Male
OS OS : Windows 10 Home & Pro
Arch. Arch. : x64 (64-bit)
Protection Protection : Bitdefender Total Security
Points Points : 302999
# Likes # Likes : 10

View user profile

Back to top Go down

Re: Google Redirecting Malware

Post by crucifix676 on 21st July 2010, 2:32 am

Stealth MBR rootkit/Mebroot/Sinowal detector 0.3.7 by Gmer, [You must be registered and logged in to see this link.]

device: opened successfully
user: MBR read successfully
kernel: MBR read successfully
user & kernel MBR OK

crucifix676
Novice
Novice

Posts Posts : 49
Joined Joined : 2010-06-22
OS OS : Windows XP
Points Points : 24363
# Likes # Likes : 0

View user profile

Back to top Go down

Re: Google Redirecting Malware

Post by Dr Jay on 21st July 2010, 3:37 am

Please open Command Prompt (Start > Run and type CMD and press OK [Vista/7: Start search: CMD and press enter])
Enter the following in to the black box, pressing enter after each line:

Code:
mbr -t

exit

Post a log (MBR.log).


Dr. Jay (DJ)


[You must be registered and logged in to see this link.] ~ [You must be registered and logged in to see this link.] ~ [You must be registered and logged in to see this link.] ~ [You must be registered and logged in to see this link.]

Dr Jay
Head Administrator
Head Administrator

Posts Posts : 14314
Joined Joined : 2009-09-06
Gender Gender : Male
OS OS : Windows 10 Home & Pro
Arch. Arch. : x64 (64-bit)
Protection Protection : Bitdefender Total Security
Points Points : 302999
# Likes # Likes : 10

View user profile

Back to top Go down

Re: Google Redirecting Malware

Post by crucifix676 on 21st July 2010, 8:44 am

I get back that it doesn't recognize what I put in as a recognizable external or internal command.

crucifix676
Novice
Novice

Posts Posts : 49
Joined Joined : 2010-06-22
OS OS : Windows XP
Points Points : 24363
# Likes # Likes : 0

View user profile

Back to top Go down

Re: Google Redirecting Malware

Post by Dr Jay on 21st July 2010, 9:04 am

Ok. Make sure mbr.exe is on your Desktop then try this:

Please open Command Prompt (Start > Run and type CMD and press OK [Vista/7: Start search: CMD and press enter])
Enter the following in to the black box, pressing enter after each line:

Code:
cd %userprofile%\desktop

mbr.exe -t

exit

Post a log (MBR.log).


Dr. Jay (DJ)


[You must be registered and logged in to see this link.] ~ [You must be registered and logged in to see this link.] ~ [You must be registered and logged in to see this link.] ~ [You must be registered and logged in to see this link.]

Dr Jay
Head Administrator
Head Administrator

Posts Posts : 14314
Joined Joined : 2009-09-06
Gender Gender : Male
OS OS : Windows 10 Home & Pro
Arch. Arch. : x64 (64-bit)
Protection Protection : Bitdefender Total Security
Points Points : 302999
# Likes # Likes : 10

View user profile

Back to top Go down

Re: Google Redirecting Malware

Post by crucifix676 on 22nd July 2010, 6:46 am

Stealth MBR rootkit/Mebroot/Sinowal detector 0.3.7 by Gmer, [You must be registered and logged in to see this link.]

device: opened successfully
user: MBR read successfully
called modules: ntkrnlpa.exe CLASSPNP.SYS disk.sys ACPI.sys hal.dll >>UNKNOWN [0x8B307EC5]<<
kernel: MBR read successfully
user & kernel MBR OK

crucifix676
Novice
Novice

Posts Posts : 49
Joined Joined : 2010-06-22
OS OS : Windows XP
Points Points : 24363
# Likes # Likes : 0

View user profile

Back to top Go down

Re: Google Redirecting Malware

Post by Dr Jay on 22nd July 2010, 7:21 am

Download [You must be registered and logged in to see this link.] to your Desktop.

  • You then need to extract the remover.exe file from the RAR using a program capable of extracing RAR compressed files. If you don't have an extraction program, you can use 7-Zip: [You must be registered and logged in to see this link.]
  • After extracing remover.exe to your Desktop, double-click on remover.exe to run the program (Vista/7 users,right click on remover.exe and click Run As Administrator.
  • It will show a Black screen with some data on it.
  • Right click on the screen and click Select All.
  • Press CTRL C
  • Open a Notepad and press CTRL V
  • Post the output back here.


Dr. Jay (DJ)


[You must be registered and logged in to see this link.] ~ [You must be registered and logged in to see this link.] ~ [You must be registered and logged in to see this link.] ~ [You must be registered and logged in to see this link.]

Dr Jay
Head Administrator
Head Administrator

Posts Posts : 14314
Joined Joined : 2009-09-06
Gender Gender : Male
OS OS : Windows 10 Home & Pro
Arch. Arch. : x64 (64-bit)
Protection Protection : Bitdefender Total Security
Points Points : 302999
# Likes # Likes : 10

View user profile

Back to top Go down

Re: Google Redirecting Malware

Post by crucifix676 on 22nd July 2010, 7:45 am

I get back "Unknown boot code has been found on some of your physical disks"

crucifix676
Novice
Novice

Posts Posts : 49
Joined Joined : 2010-06-22
OS OS : Windows XP
Points Points : 24363
# Likes # Likes : 0

View user profile

Back to top Go down

Re: Google Redirecting Malware

Post by Dr Jay on 22nd July 2010, 6:56 pm

Please post the log from it, so I may see which ones are infected.


Dr. Jay (DJ)


[You must be registered and logged in to see this link.] ~ [You must be registered and logged in to see this link.] ~ [You must be registered and logged in to see this link.] ~ [You must be registered and logged in to see this link.]

Dr Jay
Head Administrator
Head Administrator

Posts Posts : 14314
Joined Joined : 2009-09-06
Gender Gender : Male
OS OS : Windows 10 Home & Pro
Arch. Arch. : x64 (64-bit)
Protection Protection : Bitdefender Total Security
Points Points : 302999
# Likes # Likes : 10

View user profile

Back to top Go down

Re: Google Redirecting Malware

Post by crucifix676 on 23rd July 2010, 1:08 am

Bootkit Remover version 1.0.0.1
(c) 2009 eSage Lab
[You must be registered and logged in to see this link.]

\\.\C: -> \\.\PhysicalDrive0
MD5: 53b87386f68c4cb2306da5ba771dbe8b
\\.\D: -> \\.\PhysicalDrive0

Size Device Name MBR Status
--------------------------------------------
232 GB \\.\PhysicalDrive0 Unknown boot code

Unknown boot code has been found on some of your physical disks.
To inspect the boot code manually, dump the master boot sector:
remover.exe dump [output_file]
To disinfect the master boot sector, use the following command:
remover.exe fix




crucifix676
Novice
Novice

Posts Posts : 49
Joined Joined : 2010-06-22
OS OS : Windows XP
Points Points : 24363
# Likes # Likes : 0

View user profile

Back to top Go down

Re: Google Redirecting Malware

Post by Dr Jay on 23rd July 2010, 6:06 am

Please open Notepad and enter in the following:
@echo off
start remover.exe fix \.\PhysicalDrive0
exit
Then, click File > Save as...
Save as remove.bat to the same location as remover.exe.
Choose Save as type... All Files.
Click Save.

Then, exit Notepad.

Double-click on remove.bat.

Please re-run remover.exe and post a new log in your next reply.


Dr. Jay (DJ)


[You must be registered and logged in to see this link.] ~ [You must be registered and logged in to see this link.] ~ [You must be registered and logged in to see this link.] ~ [You must be registered and logged in to see this link.]

Dr Jay
Head Administrator
Head Administrator

Posts Posts : 14314
Joined Joined : 2009-09-06
Gender Gender : Male
OS OS : Windows 10 Home & Pro
Arch. Arch. : x64 (64-bit)
Protection Protection : Bitdefender Total Security
Points Points : 302999
# Likes # Likes : 10

View user profile

Back to top Go down

Re: Google Redirecting Malware

Post by crucifix676 on 23rd July 2010, 6:42 am

I got this from remove.bat:

Bootkit Remover version 1.0.0.1
(c) 2009 eSage Lab
[You must be registered and logged in to see this link.]

CreateFile() ERROR 2
ERROR: Can't open physical disk device.



And I'm still getting this from remover.exe:


Bootkit Remover version 1.0.0.1
(c) 2009 eSage Lab
[You must be registered and logged in to see this link.]

\\.\C: -> \\.\PhysicalDrive0
MD5: 53b87386f68c4cb2306da5ba771dbe8b
\\.\D: -> \\.\PhysicalDrive0

Size Device Name MBR Status
--------------------------------------------
232 GB \\.\PhysicalDrive0 Unknown boot code

Unknown boot code has been found on some of your physical disks.
To inspect the boot code manually, dump the master boot sector:
remover.exe dump [output_file]
To disinfect the master boot sector, use the following command:
remover.exe fix









crucifix676
Novice
Novice

Posts Posts : 49
Joined Joined : 2010-06-22
OS OS : Windows XP
Points Points : 24363
# Likes # Likes : 0

View user profile

Back to top Go down

Re: Google Redirecting Malware

Post by Dr Jay on 23rd July 2010, 6:48 am

Do you have an XP cd?


Dr. Jay (DJ)


[You must be registered and logged in to see this link.] ~ [You must be registered and logged in to see this link.] ~ [You must be registered and logged in to see this link.] ~ [You must be registered and logged in to see this link.]

Dr Jay
Head Administrator
Head Administrator

Posts Posts : 14314
Joined Joined : 2009-09-06
Gender Gender : Male
OS OS : Windows 10 Home & Pro
Arch. Arch. : x64 (64-bit)
Protection Protection : Bitdefender Total Security
Points Points : 302999
# Likes # Likes : 10

View user profile

Back to top Go down

Re: Google Redirecting Malware

Post by crucifix676 on 23rd July 2010, 6:49 am

Yes I do.

crucifix676
Novice
Novice

Posts Posts : 49
Joined Joined : 2010-06-22
OS OS : Windows XP
Points Points : 24363
# Likes # Likes : 0

View user profile

Back to top Go down

Re: Google Redirecting Malware

Post by Dr Jay on 23rd July 2010, 6:51 am

Reboot your computer.

Boot from the windows XP CD, press the "R" key in the setup in order to start the Recovery Console.

Select your windows XP installation from the list (usually 1). It will prompt for an administrator password. The password is probably blank, so just hit enter.

Enter the command: fixmbr at the input prompt and confirm the next question with a Y.

It should then reboot the computer. If it does not, then type exit.

Boot back in to the Normal XP.

=================

After that, post a new Bootkit Remover log.


Dr. Jay (DJ)


[You must be registered and logged in to see this link.] ~ [You must be registered and logged in to see this link.] ~ [You must be registered and logged in to see this link.] ~ [You must be registered and logged in to see this link.]

Dr Jay
Head Administrator
Head Administrator

Posts Posts : 14314
Joined Joined : 2009-09-06
Gender Gender : Male
OS OS : Windows 10 Home & Pro
Arch. Arch. : x64 (64-bit)
Protection Protection : Bitdefender Total Security
Points Points : 302999
# Likes # Likes : 10

View user profile

Back to top Go down

Re: Google Redirecting Malware

Post by crucifix676 on 23rd July 2010, 7:09 am

Bootkit Remover version 1.0.0.1
(c) 2009 eSage Lab
[You must be registered and logged in to see this link.]

\\.\C: -> \\.\PhysicalDrive0
MD5: 6def5ffcbcdbdb4082f1015625e597bd
\\.\D: -> \\.\PhysicalDrive0

Size Device Name MBR Status
--------------------------------------------
232 GB \\.\PhysicalDrive0 OK (DOS/Win32 Boot code found)




crucifix676
Novice
Novice

Posts Posts : 49
Joined Joined : 2010-06-22
OS OS : Windows XP
Points Points : 24363
# Likes # Likes : 0

View user profile

Back to top Go down

Re: Google Redirecting Malware

Post by Dr Jay on 23rd July 2010, 7:10 am

Good. Anymore redirects?


Dr. Jay (DJ)


[You must be registered and logged in to see this link.] ~ [You must be registered and logged in to see this link.] ~ [You must be registered and logged in to see this link.] ~ [You must be registered and logged in to see this link.]

Dr Jay
Head Administrator
Head Administrator

Posts Posts : 14314
Joined Joined : 2009-09-06
Gender Gender : Male
OS OS : Windows 10 Home & Pro
Arch. Arch. : x64 (64-bit)
Protection Protection : Bitdefender Total Security
Points Points : 302999
# Likes # Likes : 10

View user profile

Back to top Go down

Re: Google Redirecting Malware

Post by crucifix676 on 23rd July 2010, 7:26 am

Yes, actually. I'm still getting redirects.

crucifix676
Novice
Novice

Posts Posts : 49
Joined Joined : 2010-06-22
OS OS : Windows XP
Points Points : 24363
# Likes # Likes : 0

View user profile

Back to top Go down

Re: Google Redirecting Malware

Post by Dr Jay on 23rd July 2010, 6:35 pm

Please download GooredFix from one of the locations below and save it to your Desktop
[You must be registered and logged in to see this link.]
[You must be registered and logged in to see this link.]
  • Ensure all Firefox windows are closed.
  • To run the tool, double-click it (XP), or right-click and select Run As Administrator (Vista).
  • When prompted to run the scan, click Yes.
  • GooredFix will check for infections, and then a log will appear. Please post the contents of that log in your next reply (it can also be found on your desktop, called GooredFix.txt).



Dr. Jay (DJ)


[You must be registered and logged in to see this link.] ~ [You must be registered and logged in to see this link.] ~ [You must be registered and logged in to see this link.] ~ [You must be registered and logged in to see this link.]

Dr Jay
Head Administrator
Head Administrator

Posts Posts : 14314
Joined Joined : 2009-09-06
Gender Gender : Male
OS OS : Windows 10 Home & Pro
Arch. Arch. : x64 (64-bit)
Protection Protection : Bitdefender Total Security
Points Points : 302999
# Likes # Likes : 10

View user profile

Back to top Go down

Re: Google Redirecting Malware

Post by crucifix676 on 24th July 2010, 7:55 am

GooredFix by jpshortstuff (03.07.10.1)
Log created at 00:54 on 24/07/2010 (HP_Administrator)
Firefox version 3.6.7 (en-US)

========== GooredScan ==========

Removing Orphan:
"{30A770C9-F875-44F8-AF80-3147BCCFD89A}"="C:\Documents and Settings\HP_Administrator\Local Settings\Application Data\{30A770C9-F875-44F8-AF80-3147BCCFD89A}" -> Success!

========== GooredLog ==========

C:\Program Files\Mozilla Firefox\extensions\
{972ce4c6-7e08-4474-a285-3208198ce6fd} [02:50 07/12/2009]
{CAFEEFAC-0016-0000-0002-ABCDEFFEDCBA} [22:59 23/07/2007]

C:\Documents and Settings\HP_Administrator\Application Data\Mozilla\Firefox\Profiles\7x8fv31u.default\extensions\
[You must be registered and logged in to see this link.] [03:57 14/05/2010]
{20a82645-c095-46ed-80e3-08825760534b} [20:53 27/04/2010]

[HKEY_LOCAL_MACHINE\Software\Mozilla\Firefox\Extensions]
"{20a82645-c095-46ed-80e3-08825760534b}"="c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension" [22:38 07/02/2009]
"jqs@sun.com"="C:\Program Files\Java\jre6\lib\deploy\jqs\ff" [09:57 24/04/2010]

---------- Old Logs ----------
GooredFix[22.29.29_29-06-2010].txt

-=E.O.F=-

crucifix676
Novice
Novice

Posts Posts : 49
Joined Joined : 2010-06-22
OS OS : Windows XP
Points Points : 24363
# Likes # Likes : 0

View user profile

Back to top Go down

Re: Google Redirecting Malware

Post by Dr Jay on 25th July 2010, 10:14 am

1. Click Start, click Run, type sigverif, and then click OK.

2. Click Advanced, click Look for other files that are not digitally signed, navigate to the Winnt\System32\Drivers folder, and then click OK.

3. Click Start.

4. After it has finished running, navigate to C:\Windows\Sigverify.txt, open it and post the contents of the log here.


Dr. Jay (DJ)


[You must be registered and logged in to see this link.] ~ [You must be registered and logged in to see this link.] ~ [You must be registered and logged in to see this link.] ~ [You must be registered and logged in to see this link.]

Dr Jay
Head Administrator
Head Administrator

Posts Posts : 14314
Joined Joined : 2009-09-06
Gender Gender : Male
OS OS : Windows 10 Home & Pro
Arch. Arch. : x64 (64-bit)
Protection Protection : Bitdefender Total Security
Points Points : 302999
# Likes # Likes : 10

View user profile

Back to top Go down

Re: Google Redirecting Malware

Post by crucifix676 on 25th July 2010, 11:34 am

********************************

Microsoft Signature Verification

Log file generated on 7/25/2010 at 4:33 AM
OS Platform: Windows 2000 (x86), Version: 5.1, Build: 2600, CSDVersion: Service Pack 3
Scan Results: Total Files: 336, Signed: 323, Unsigned: 10, Not Scanned: 3

User-specified search path: *.*
User-specified search pattern: C:\WINDOWS\system32\drivers

File Modified Version Status Catalog Signed By
------------------ ------------ ----------- ------------ ----------- -------------------
[c:\windows\system32\drivers]
103c_hp_cpc_rb103aa- 4/17/2008 None Not Signed N/A
1394bus.sys 4/13/2008 2:5.1 Signed sp3.cat Microsoft Windows Component Publisher
acpi.sys 4/13/2008 2:5.1 Signed sp3.cat Microsoft Windows Component Publisher
acpiec.sys 8/9/2004 2:5.1 Signed nt5.cat Microsoft Windows Component Publisher
adv01nt5.dll 4/13/2008 2:5.1 Signed sp3.cat Microsoft Windows Component Publisher
adv02nt5.dll 4/13/2008 2:5.1 Signed sp3.cat Microsoft Windows Component Publisher
adv05nt5.dll 4/13/2008 2:5.1 Signed sp3.cat Microsoft Windows Component Publisher
adv07nt5.dll 4/13/2008 2:5.1 Signed sp3.cat Microsoft Windows Component Publisher
adv08nt5.dll 4/13/2008 2:5.1 Signed sp3.cat Microsoft Windows Component Publisher
adv09nt5.dll 4/13/2008 2:5.1 Signed sp3.cat Microsoft Windows Component Publisher
adv11nt5.dll 4/13/2008 2:5.1 Signed sp3.cat Microsoft Windows Component Publisher
aec.sys 4/13/2008 2:5.1 Signed sp3.cat Microsoft Windows Component Publisher
afd.sys 8/14/2008 2:5.1 Signed KB956803.cat Microsoft Windows Component Publisher
agp440.sys 4/13/2008 2:5.1 Signed sp3.cat Microsoft Windows Component Publisher
agpcpq.sys 4/13/2008 2:5.1 Signed sp3.cat Microsoft Windows Component Publisher
alim1541.sys 4/13/2008 2:5.1 Signed sp3.cat Microsoft Windows Component Publisher
amdagp.sys 4/13/2008 2:5.1 Signed sp3.cat Microsoft Windows Component Publisher
amdk6.sys 4/13/2008 2:5.1 Signed sp3.cat Microsoft Windows Component Publisher
amdk7.sys 4/13/2008 2:5.1 Signed sp3.cat Microsoft Windows Component Publisher
amdk8.sys 3/9/2005 2:5.1,2:5.2 Signed oem9.CAT Microsoft Windows Publisher
aracpi.sys 8/2/2005 2:5.0,2:5.1,2:5.2 Signed AwayMode160.cat Microsoft Windows Publisher
arhidfltr.sys 8/2/2005 2:5.0,2:5.1,2:5.2 Signed AwayMode160.cat Microsoft Windows Publisher
arkbcfltr.sys 8/2/2005 2:5.0,2:5.1,2:5.2 Signed AwayMode160.cat Microsoft Windows Publisher
armoucfltr.sys 8/2/2005 2:5.0,2:5.1,2:5.2 Signed AwayMode160.cat Microsoft Windows Publisher
arp1394.sys 4/13/2008 2:5.1 Signed sp3.cat Microsoft Windows Component Publisher
arpolicy.sys 8/2/2005 2:5.0,2:5.1,2:5.2 Signed AwayMode160.cat Microsoft Windows Publisher
asyncmac.sys 4/13/2008 2:5.1 Signed sp3.cat Microsoft Windows Component Publisher
atapi.sys 4/13/2008 2:5.1 Signed sp3.cat Microsoft Windows Component Publisher
ati1btxx.sys 8/3/2004 2:5.1 Signed sp3.cat Microsoft Windows Component Publisher
ati1mdxx.sys 8/3/2004 2:5.1 Signed sp3.cat Microsoft Windows Component Publisher
ati1pdxx.sys 8/3/2004 2:5.1 Signed sp3.cat Microsoft Windows Component Publisher
ati1raxx.sys 8/3/2004 2:5.1 Signed sp3.cat Microsoft Windows Component Publisher
ati1rvxx.sys 8/3/2004 2:5.1 Signed sp3.cat Microsoft Windows Component Publisher
ati1snxx.sys 8/3/2004 2:5.1 Signed sp3.cat Microsoft Windows Component Publisher
ati1ttxx.sys 8/3/2004 2:5.1 Signed sp3.cat Microsoft Windows Component Publisher
ati1tuxx.sys 8/3/2004 2:5.1 Signed sp3.cat Microsoft Windows Component Publisher
ati1xbxx.sys 8/3/2004 2:5.1 Signed sp3.cat Microsoft Windows Component Publisher
ati1xsxx.sys 8/3/2004 2:5.1 Signed sp3.cat Microsoft Windows Component Publisher
ati2mtaa.sys 8/3/2004 2:5.1 Signed sp3.cat Microsoft Windows Component Publisher
ati2mtag.sys 8/3/2004 2:5.1 Signed sp3.cat Microsoft Windows Component Publisher
atinbtxx.sys 8/3/2004 2:5.1 Signed sp3.cat Microsoft Windows Component Publisher
atinmdxx.sys 8/3/2004 2:5.1 Signed sp3.cat Microsoft Windows Component Publisher
atinpdxx.sys 8/3/2004 2:5.1 Signed sp3.cat Microsoft Windows Component Publisher
atinraxx.sys 8/3/2004 2:5.1 Signed sp3.cat Microsoft Windows Component Publisher
atinrvxx.sys 8/3/2004 2:5.1 Signed sp3.cat Microsoft Windows Component Publisher
atinsnxx.sys 8/3/2004 2:5.1 Signed sp3.cat Microsoft Windows Component Publisher
atinttxx.sys 8/3/2004 2:5.1 Signed sp3.cat Microsoft Windows Component Publisher
atintuxx.sys 8/3/2004 2:5.1 Signed sp3.cat Microsoft Windows Component Publisher
atinxbxx.sys 8/3/2004 2:5.1 Signed sp3.cat Microsoft Windows Component Publisher
atinxsxx.sys 8/3/2004 2:5.1 Signed sp3.cat Microsoft Windows Component Publisher
ativmc20.cod 7/17/2004 2:5.1 Signed sp3.cat Microsoft Windows Component Publisher
atksgt.sys 7/8/2010 None Signed N/A Tages SA
atmarpc.sys 4/13/2008 2:5.1 Signed sp3.cat Microsoft Windows Component Publisher
atmepvc.sys 8/9/2004 2:5.1 Signed nt5.cat Microsoft Windows Component Publisher
atmlane.sys 4/13/2008 2:5.1 Signed sp3.cat Microsoft Windows Component Publisher
atmuni.sys 8/9/2004 2:5.1 Signed nt5.cat Microsoft Windows Component Publisher
atv01nt5.dll 4/13/2008 2:5.1 Signed sp3.cat Microsoft Windows Component Publisher
atv02nt5.dll 4/13/2008 2:5.1 Signed sp3.cat Microsoft Windows Component Publisher
atv04nt5.dll 4/13/2008 2:5.1 Signed sp3.cat Microsoft Windows Component Publisher
atv06nt5.dll 4/13/2008 2:5.1 Signed sp3.cat Microsoft Windows Component Publisher
atv10nt5.dll 4/13/2008 2:5.1 Signed sp3.cat Microsoft Windows Component Publisher
audstub.sys 8/17/2001 2:5.1 Signed nt5.cat Microsoft Windows Component Publisher
bantext.sys 2/27/2008 None Not Signed N/A
bb-run.sys 11/5/2003 2:5.1 Signed oem0.CAT Microsoft Windows Hardware Compatibility Publisher
beep.sys 8/9/2004 2:5.1 Signed nt5.cat Microsoft Windows Component Publisher
bridge.sys 4/13/2008 2:5.1 Signed sp3.cat Microsoft Windows Component Publisher
bthenum.sys 4/13/2008 2:5.1 Signed sp3.cat Microsoft Windows Component Publisher
bthmodem.sys 4/13/2008 2:5.1 Signed sp3.cat Microsoft Windows Component Publisher
bthpan.sys 4/13/2008 2:5.1 Signed sp3.cat Microsoft Windows Component Publisher
bthport.sys 6/13/2008 2:5.1 Signed KB951376-v2.cat Microsoft Windows Component Publisher
bthprint.sys 4/13/2008 2:5.1 Signed sp3.cat Microsoft Windows Component Publisher
bthusb.sys 4/13/2008 2:5.1 Signed sp3.cat Microsoft Windows Component Publisher
cbidf2k.sys 8/9/2004 2:5.1 Signed nt5.cat Microsoft Windows Component Publisher
ccdecode.sys 4/13/2008 2:5.1 Signed sp3.cat Microsoft Windows Component Publisher
cdaudio.sys 8/10/2004 2:5.1 Signed nt5.cat Microsoft Windows Component Publisher
cdfs.sys 4/13/2008 2:5.1 Signed sp3.cat Microsoft Windows Component Publisher
cdr4_xp.sys 8/19/2005 8.0.0.212 Not Signed N/A
cdralw2k.sys 8/19/2005 8.0.0.212 Not Signed N/A
ch7xxnt5.dll 4/13/2008 2:5.1 Signed sp3.cat Microsoft Windows Component Publisher
cinemst2.sys 8/10/2004 2:5.1 Signed nt5.cat Microsoft Windows Component Publisher
classpnp.sys 4/13/2008 2:5.1 Signed sp3.cat Microsoft Windows Component Publisher
cpqdap01.sys 8/10/2004 2:5.1 Signed nt5inf.cat Microsoft Windows Component Publisher
crusoe.sys 4/13/2008 2:5.1 Signed sp3.cat Microsoft Windows Component Publisher
cxthsfs2.cty 7/17/2004 2:5.1 Signed sp3.cat Microsoft Windows Component Publisher
diag69xp.sys 1/20/2006 1.142.524.2004 Not Signed N/A
disk.sys 4/13/2008 2:5.1 Signed sp3.cat Microsoft Windows Component Publisher
diskdump.sys 4/13/2008 2:5.1 Signed sp3.cat Microsoft Windows Component Publisher
dmboot.sys 4/13/2008 2:5.1 Signed sp3.cat Microsoft Windows Component Publisher
dmio.sys 4/13/2008 2:5.1 Signed sp3.cat Microsoft Windows Component Publisher
dmload.sys 8/9/2004 2:5.1 Signed nt5.cat Microsoft Windows Component Publisher
dmusic.sys 4/13/2008 2:5.1 Signed sp3.cat Microsoft Windows Component Publisher
drmk.sys 4/13/2008 2:5.1 Signed sp3.cat Microsoft Windows Component Publisher
drmkaud.sys 4/13/2008 2:5.1 Signed sp3.cat Microsoft Windows Component Publisher
dxapi.sys 8/9/2004 2:5.1 Signed nt5.cat Microsoft Windows Component Publisher
dxg.sys 4/13/2008 2:5.1 Signed sp3.cat Microsoft Windows Component Publisher
dxgthk.sys 8/9/2004 2:5.1 Signed nt5.cat Microsoft Windows Component Publisher
enum1394.sys 8/17/2001 2:5.1 Signed nt5.cat Microsoft Windows Component Publisher
fastfat.sys 4/13/2008 2:5.1 Signed sp3.cat Microsoft Windows Component Publisher
fdc.sys 4/13/2008 2:5.1 Signed sp3.cat Microsoft Windows Component Publisher
fips.sys 4/13/2008 2:5.1 Signed sp3.cat Microsoft Windows Component Publisher
flpydisk.sys 4/13/2008 2:5.1 Signed sp3.cat Microsoft Windows Component Publisher
fltmgr.sys 4/13/2008 2:5.1 Signed sp3.cat Microsoft Windows Component Publisher
fsvga.sys 8/10/2004 2:5.1 Signed nt5.cat Microsoft Windows Component Publisher
fs_rec.sys 8/9/2004 2:5.1 Signed nt5.cat Microsoft Windows Component Publisher
ftdisk.sys 8/9/2004 2:5.1 Signed nt5.cat Microsoft Windows Component Publisher
ftsata2.sys 6/29/2005 2:5.1 Signed oem0.CAT Microsoft Windows Hardware Compatibility Publisher
gagp30kx.sys 4/13/2008 2:5.1 Signed sp3.cat Microsoft Windows Component Publisher
gearaspiwdm.sys 5/18/2009 2:5.00,2:5.1,2:5.2,2Signed oem141.CAT Microsoft Windows Hardware Compatibility Publisher
gm.dls 8/9/2004 2:5.1 Signed nt5.cat Microsoft Windows Component Publisher
gmreadme.txt 8/9/2004 2:5.1 Signed nt5.cat Microsoft Windows Component Publisher
hcwfalcn.rom 1/17/2005 2:5.1 Signed oem10.CAT Microsoft Windows Hardware Compatibility Publisher
hcwmakob.rom 4/20/2005 2:5.1 Signed oem10.CAT Microsoft Windows Hardware Compatibility Publisher
hcwmakoc.rom 2/9/2006 2:5.1 Signed oem10.CAT Microsoft Windows Hardware Compatibility Publisher
hcwpp2.sys 4/13/2006 2:5.1 Signed oem10.CAT Microsoft Windows Hardware Compatibility Publisher
hdaudbus.sys 4/13/2008 2:5.1 Signed sp3.cat Microsoft Windows Component Publisher
hdaudio.sys 1/8/2005 2:5.1 Signed KB888111WXPSP2.cat Microsoft Windows XP Publisher
hidbth.sys 4/13/2008 2:5.1 Signed sp3.cat Microsoft Windows Component Publisher
hidclass.sys 4/13/2008 2:5.1 Signed sp3.cat Microsoft Windows Component Publisher
hidir.sys 4/13/2008 2:5.1 Signed sp3.cat Microsoft Windows Component Publisher
hidparse.sys 4/13/2008 2:5.1 Signed sp3.cat Microsoft Windows Component Publisher
hidserv.dll 4/13/2008 2:5.1 Signed sp3.cat Microsoft Windows Component Publisher
hidusb.sys 4/13/2008 2:5.1 Signed sp3.cat Microsoft Windows Component Publisher
hitmanpro35.sys 6/29/2010 None Signed N/A SurfRight B.V.
hsfbs2s2.sys 8/3/2004 2:5.1 Signed sp3.cat Microsoft Windows Component Publisher
hsfcxts2.sys 8/3/2004 2:5.1 Signed sp3.cat Microsoft Windows Component Publisher
hsfdpsp2.sys 8/3/2004 2:5.1 Signed sp3.cat Microsoft Windows Component Publisher
hsfprof.cty 12/6/2005 2:5.1 Signed oem8.CAT Microsoft Windows Hardware Compatibility Publisher
hsxhwbs2.sys 12/6/2005 2:5.1 Signed oem8.CAT Microsoft Windows Hardware Compatibility Publisher
hsx_cnxt.sys 12/6/2005 2:5.1 Signed oem8.CAT Microsoft Windows Hardware Compatibility Publisher
hsx_dp.sys 12/6/2005 2:5.1 Signed oem8.CAT Microsoft Windows Hardware Compatibility Publisher
http.sys 10/20/2009 2:5.1 Signed KB970430.cat Microsoft Windows Component Publisher
i8042prt.sys 4/13/2008 2:5.1 Signed sp3.cat Microsoft Windows Component Publisher
iastor.sys 6/17/2005 2:5.00,2:5.1,2:5.2 Signed oem1.CAT Microsoft Windows Hardware Compatibility Publisher
imapi.sys 4/13/2008 2:5.1 Signed sp3.cat Microsoft Windows Component Publisher
intelide.sys 4/13/2008 2:5.1 Signed sp3.cat Microsoft Windows Component Publisher
intelppm.sys 4/13/2008 2:5.1 Signed sp3.cat Microsoft Windows Component Publisher
ip6fw.sys 4/13/2008 2:5.1 Signed sp3.cat Microsoft Windows Component Publisher
ipfltdrv.sys 8/9/2004 2:5.1 Signed nt5.cat Microsoft Windows Component Publisher
ipinip.sys 4/13/2008 2:5.1 Signed sp3.cat Microsoft Windows Component Publisher
ipnat.sys 4/13/2008 2:5.1 Signed sp3.cat Microsoft Windows Component Publisher
ipsec.sys 4/13/2008 2:5.1 Signed sp3.cat Microsoft Windows Component Publisher
irbus.sys 4/13/2008 2:5.1 Signed sp3.cat Microsoft Windows Component Publisher
irenum.sys 4/13/2008 2:5.1 Signed sp3.cat Microsoft Windows Component Publisher
isapnp.sys 4/13/2008 2:5.1 Signed sp3.cat Microsoft Windows Component Publisher
kbdclass.sys 4/13/2008 2:5.1 Signed sp3.cat Microsoft Windows Component Publisher
kbdhid.sys 4/13/2008 2:5.1 Signed sp3.cat Microsoft Windows Component Publisher
kmixer.sys 4/13/2008 2:5.1 Signed sp3.cat Microsoft Windows Component Publisher
ks.sys 4/13/2008 2:5.1 Signed sp3.cat Microsoft Windows Component Publisher
ksecdd.sys 6/24/2009 2:5.1 Signed KB968389.cat Microsoft Windows Component Publisher
lirsgt.sys 7/8/2010 None Signed N/A Tages SA
mbam.sys 4/29/2010 None Signed N/A Malwarebytes Corporation
mbamswissarmy.sys 4/29/2010 None Signed N/A Malwarebytes Corporation
mcd.sys 8/9/2004 2:5.1 Signed nt5.cat Microsoft Windows Component Publisher
mdmxsdk.sys 10/5/2005 2:5.1 Signed oem8.CAT Microsoft Windows Hardware Compatibility Publisher
mf.sys 4/13/2008 2:5.1 Signed sp3.cat Microsoft Windows Component Publisher
mhndrv.sys 8/10/2004 5.1.2600.2180 Not Signed N/A
mnmdd.sys 8/9/2004 2:5.1 Signed nt5.cat Microsoft Windows Component Publisher
modem.sys 4/13/2008 2:5.1 Signed sp3.cat Microsoft Windows Component Publisher
mouclass.sys 4/13/2008 2:5.1 Signed sp3.cat Microsoft Windows Component Publisher
mouhid.sys 8/17/2001 2:5.1 Signed nt5.cat Microsoft Windows Component Publisher
mountmgr.sys 4/13/2008 2:5.1 Signed sp3.cat Microsoft Windows Component Publisher
mqac.sys 4/13/2008 2:5.1 Signed sp3.cat Microsoft Windows Component Publisher
mrxdav.sys 4/13/2008 2:5.1 Signed sp3.cat Microsoft Windows Component Publisher
mrxsmb.sys 2/24/2010 2:5.1 Signed KB980232.cat Microsoft Windows Component Publisher
msfs.sys 4/13/2008 2:5.1 Signed sp3.cat Microsoft Windows Component Publisher
msgpc.sys 4/13/2008 2:5.1 Signed sp3.cat Microsoft Windows Component Publisher
mskssrv.sys 4/13/2008 2:5.1 Signed sp3.cat Microsoft Windows Component Publisher
mspclock.sys 4/13/2008 2:5.1 Signed sp3.cat Microsoft Windows Component Publisher
mspqm.sys 4/13/2008 2:5.1 Signed sp3.cat Microsoft Windows Component Publisher
mssmbios.sys 4/13/2008 2:5.1 Signed sp3.cat Microsoft Windows Component Publisher
mstee.sys 4/13/2008 2:5.1 Signed sp3.cat Microsoft Windows Component Publisher
mtlmnt5.sys 8/3/2004 2:5.1 Signed sp3.cat Microsoft Windows Component Publisher
mtlstrm.sys 8/3/2004 2:5.1 Signed sp3.cat Microsoft Windows Component Publisher
mtxparhm.sys 8/3/2004 2:5.1 Signed sp3.cat Microsoft Windows Component Publisher
mup.sys 4/13/2008 2:5.1 Signed sp3.cat Microsoft Windows Component Publisher
mutohpen.sys 4/13/2008 2:5.1 Signed sp3.cat Microsoft Windows Component Publisher
nabtsfec.sys 4/13/2008 2:5.1 Signed sp3.cat Microsoft Windows Component Publisher
ndis.sys 4/13/2008 2:5.1 Signed sp3.cat Microsoft Windows Component Publisher
ndisip.sys 4/13/2008 2:5.1 Signed sp3.cat Microsoft Windows Component Publisher
ndistapi.sys 4/13/2008 2:5.1 Signed sp3.cat Microsoft Windows Component Publisher
ndisuio.sys 4/13/2008 2:5.1 Signed sp3.cat Microsoft Windows Component Publisher
ndiswan.sys 4/13/2008 2:5.1 Signed sp3.cat Microsoft Windows Component Publisher
ndproxy.sys 4/13/2008 2:5.1 Signed sp3.cat Microsoft Windows Component Publisher
netbios.sys 4/13/2008 2:5.1 Signed sp3.cat Microsoft Windows Component Publisher
netbt.sys 4/13/2008 2:5.1 Signed sp3.cat Microsoft Windows Component Publisher
netwlan5.img 7/17/2004 2:5.1 Signed sp3.cat Microsoft Windows Component Publisher
nic1394.sys 4/13/2008 2:5.1 Signed sp3.cat Microsoft Windows Component Publisher
nikedrv.sys 8/10/2004 2:5.1 Signed nt5inf.cat Microsoft Windows Component Publisher
nmnt.sys 4/13/2008 2:5.1 Signed sp3.cat Microsoft Windows Component Publisher
npfs.sys 4/13/2008 2:5.1 Signed sp3.cat Microsoft Windows Component Publisher
ntfs.sys 4/13/2008 2:5.1 Signed sp3.cat Microsoft Windows Component Publisher
ntmtlfax.sys 8/3/2004 2:5.1 Signed sp3.cat Microsoft Windows Component Publisher
nuidfltr.sys 5/9/2009 2:5.1,2:6.0,2:6.1 Signed oem142.CAT Microsoft Windows Hardware Compatibility Publisher
null.sys 8/9/2004 2:5.1 Signed nt5.cat Microsoft Windows Component Publisher
nv4_mini.sys 4/3/2010 2:5.00,2:5.1 Signed oem143.CAT Microsoft Windows Hardware Compatibility Publisher
nvenetfd.sys 3/3/2006 2:5.00,2:5.1 Signed oem134.CAT Microsoft Windows Hardware Compatibility Publisher
nvgts.sys 8/18/2008 2:5.00,2:5.1 Signed oem138.CAT Microsoft Windows Hardware Compatibility Publisher
nvnetbus.sys 3/3/2006 2:5.00,2:5.1 Signed oem133.CAT Microsoft Windows Hardware Compatibility Publisher
nvnrm.sys 3/3/2006 2:5.00,2:5.1 Signed oem133.CAT Microsoft Windows Hardware Compatibility Publisher
nvsnpu.sys 3/3/2006 2:5.00,2:5.1 Signed oem133.CAT Microsoft Windows Hardware Compatibility Publisher
nvtcp.sys 3/3/2006 1.0.0.5024 Not Signed N/A
nwlnkflt.sys 8/9/2004 2:5.1 Signed nt5.cat Microsoft Windows Component Publisher
nwlnkfwd.sys 8/9/2004 2:5.1 Signed nt5.cat Microsoft Windows Component Publisher
nwlnkipx.sys 4/13/2008 2:5.1 Signed sp3.cat Microsoft Windows Component Publisher
nwlnknb.sys 8/9/2004 2:5.1 Signed nt5.cat Microsoft Windows Component Publisher
nwlnkspx.sys 8/9/2004 2:5.1 Signed nt5.cat Microsoft Windows Component Publisher
nwrdr.sys 4/13/2008 2:5.1 Signed sp3.cat Microsoft Windows Component Publisher
ohci1394.sys 4/13/2008 2:5.1 Signed sp3.cat Microsoft Windows Component Publisher
oprghdlr.sys 8/9/2004 2:5.1 Signed nt5.cat Microsoft Windows Component Publisher
p3.sys 4/13/2008 2:5.1 Signed sp3.cat Microsoft Windows Component Publisher
parport.sys 4/13/2008 2:5.1 Signed sp3.cat Microsoft Windows Component Publisher
partmgr.sys 4/13/2008 2:5.1 Signed sp3.cat Microsoft Windows Component Publisher
parvdm.sys 8/9/2004 2:5.1 Signed nt5.cat Microsoft Windows Component Publisher
pcdrndisuio.sys 2/2/2006 5.1.2600.2180 Not Signed N/A
pci.sys 4/13/2008 2:5.1 Signed sp3.cat Microsoft Windows Component Publisher
pciide.sys 8/17/2001 2:5.1 Signed nt5.cat Microsoft Windows Component Publisher
pciidex.sys 4/13/2008 2:5.1 Signed sp3.cat Microsoft Windows Component Publisher
pcmcia.sys 4/13/2008 2:5.1 Signed sp3.cat Microsoft Windows Component Publisher
point32.sys 6/10/2008 2:5.00,2:5.1,2:5.2 Signed oem6.CAT Microsoft Windows Hardware Compatibility Publisher
portcls.sys 4/13/2008 2:5.1 Signed sp3.cat Microsoft Windows Component Publisher
processr.sys 4/13/2008 2:5.1 Signed sp3.cat Microsoft Windows Component Publisher
ps2.sys 12/12/2005 2:5.1 Signed oem107.CAT Microsoft Windows Hardware Compatibility Publisher
psched.sys 4/13/2008 2:5.1 Signed sp3.cat Microsoft Windows Component Publisher
psinaflt.sys 10/30/2009 None Signed N/A Panda Security S.L
psinfile.sys 10/13/2009 None Signed N/A Panda Security S.L
psinknc.sys 10/13/2009 None Signed N/A Panda Security S.L
psinproc.sys 10/13/2009 None Signed N/A Panda Security S.L
ptilink.sys 8/9/2004 2:5.1 Signed nt5.cat Microsoft Windows Component Publisher
pxhelp20.sys 8/19/2005 3.0.9.0 Not Signed N/A
rasacd.sys 8/9/2004 2:5.1 Signed nt5.cat Microsoft Windows Component Publisher
rasl2tp.sys 4/13/2008 2:5.1 Signed sp3.cat Microsoft Windows Component Publisher
raspppoe.sys 4/13/2008 2:5.1 Signed sp3.cat Microsoft Windows Component Publisher
raspptp.sys 4/13/2008 2:5.1 Signed sp3.cat Microsoft Windows Component Publisher
raspti.sys 8/9/2004 2:5.1 Signed nt5.cat Microsoft Windows Component Publisher
rawwan.sys 8/9/2004 2:5.1 Signed nt5.cat Microsoft Windows Component Publisher
rdbss.sys 4/13/2008 2:5.1 Signed sp3.cat Microsoft Windows Component Publisher
rdpcdd.sys 8/9/2004 2:5.1 Signed nt5.cat Microsoft Windows Component Publisher
rdpdr.sys 4/13/2008 2:5.1 Signed sp3.cat Microsoft Windows Component Publisher
rdpwd.sys 4/13/2008 2:5.1 Signed sp3.cat Microsoft Windows Component Publisher
recagent.sys 8/3/2004 2:5.1 Signed sp3.cat Microsoft Windows Component Publisher
redbook.sys 4/13/2008 2:5.1 Signed sp3.cat Microsoft Windows Component Publisher
rfcomm.sys 4/13/2008 2:5.1 Signed sp3.cat Microsoft Windows Component Publisher
rio8drv.sys 8/10/2004 2:5.1 Signed nt5inf.cat Microsoft Windows Component Publisher
riodrv.sys 8/10/2004 2:5.1 Signed nt5inf.cat Microsoft Windows Component Publisher
rmcast.sys 5/8/2008 2:5.1 Signed KB950762.cat Microsoft Windows Component Publisher
rndismp.sys 4/13/2008 2:5.1 Signed sp3.cat Microsoft Windows Component Publisher
rndismpx.sys 4/13/2008 2:5.1 Signed sp3.cat Microsoft Windows Component Publisher
rootmdm.sys 8/9/2004 2:5.1 Signed nt5.cat Microsoft Windows Component Publisher
rtkhdaud.sys 2/11/2009 2:5.00,2:5.1 Signed oem150.CAT Microsoft Windows Hardware Compatibility Publisher
rtl8139.sys 8/3/2004 2:5.1 Signed sp3.cat Microsoft Windows Component Publisher
s3gnbm.sys 8/3/2004 2:5.1 Signed sp3.cat Microsoft Windows Component Publisher
scsiport.sys 4/13/2008 2:5.1 Signed sp3.cat Microsoft Windows Component Publisher
sdbus.sys 4/13/2008 2:5.1 Signed sp3.cat Microsoft Windows Component Publisher
secdrv.sys 11/13/2007 2:5.1 Signed sp3.cat Microsoft Windows Component Publisher
serenum.sys 4/13/2008 2:5.1 Signed sp3.cat Microsoft Windows Component Publisher
serial.sys 4/13/2008 2:5.1 Signed sp3.cat Microsoft Windows Component Publisher
sffdisk.sys 4/13/2008 2:5.1 Signed sp3.cat Microsoft Windows Component Publisher
sffp_mmc.sys 4/13/2008 2:5.1 Signed sp3.cat Microsoft Windows Component Publisher
sffp_sd.sys 4/13/2008 2:5.1 Signed sp3.cat Microsoft Windows Component Publisher
sfloppy.sys 4/13/2008 2:5.1 Signed sp3.cat Microsoft Windows Component Publisher
siint5.dll 4/13/2008 2:5.1 Signed sp3.cat Microsoft Windows Component Publisher
sisagp.sys 4/13/2008 2:5.1 Signed sp3.cat Microsoft Windows Component Publisher
slip.sys 4/13/2008 2:5.1 Signed sp3.cat Microsoft Windows Component Publisher
slnt7554.sys 8/3/2004 2:5.1 Signed sp3.cat Microsoft Windows Component Publisher
slntamr.sys 8/3/2004 2:5.1 Signed sp3.cat Microsoft Windows Component Publisher
slnthal.sys 8/3/2004 2:5.1 Signed sp3.cat Microsoft Windows Component Publisher
slwdmsup.sys 8/3/2004 2:5.1 Signed sp3.cat Microsoft Windows Component Publisher
smbali.sys 4/13/2008 2:5.1 Signed sp3.cat Microsoft Windows Component Publisher
smclib.sys 8/9/2004 2:5.1 Signed nt5.cat Microsoft Windows Component Publisher
sonydcam.sys 4/13/2008 2:5.1 Signed sp3.cat Microsoft Windows Component Publisher
splitter.sys 4/13/2008 2:5.1 Signed sp3.cat Microsoft Windows Component Publisher
sr.sys 4/13/2008 2:5.1 Signed sp3.cat Microsoft Windows Component Publisher
srv.sys 12/31/2009 2:5.1 Signed KB971468.cat Microsoft Windows Component Publisher
stream.sys 4/13/2008 2:5.1 Signed sp3.cat Microsoft Windows Component Publisher
streamip.sys 4/13/2008 2:5.1 Signed sp3.cat Microsoft Windows Component Publisher
swenum.sys 4/13/2008 2:5.1 Signed sp3.cat Microsoft Windows Component Publisher
swmidi.sys 4/13/2008 2:5.1 Signed sp3.cat Microsoft Windows Component Publisher
sysaudio.sys 4/13/2008 2:5.1 Signed sp3.cat Microsoft Windows Component Publisher
tape.sys 4/13/2008 2:5.1 Signed sp3.cat Microsoft Windows Component Publisher
tcpip.sys 6/20/2008 2:5.1 Signed KB951748.cat Microsoft Windows Component Publisher
tcpip6.sys 2/11/2010 2:5.1 Signed KB978338.cat Microsoft Windows Component Publisher
tdi.sys 4/13/2008 2:5.1 Signed sp3.cat Microsoft Windows Component Publisher
tdpipe.sys 4/13/2008 2:5.1 Signed sp3.cat Microsoft Windows Component Publisher
tdtcp.sys 4/13/2008 2:5.1 Signed sp3.cat Microsoft Windows Component Publisher
termdd.sys 4/13/2008 2:5.1 Signed sp3.cat Microsoft Windows Component Publisher
tosdvd.sys 8/10/2004 2:5.1 Signed nt5.cat Microsoft Windows Component Publisher
tsbvcap.sys 8/10/2004 2:5.1 Signed nt5.cat Microsoft Windows Component Publisher
tunmp.sys 4/13/2008 2:5.1 Signed sp3.cat Microsoft Windows Component Publisher
uagp35.sys 4/13/2008 2:5.1 Signed sp3.cat Microsoft Windows Component Publisher
udfs.sys 4/13/2008 2:5.1 Signed sp3.cat Microsoft Windows Component Publisher
update.sys 4/13/2008 2:5.1 Signed sp3.cat Microsoft Windows Component Publisher
usb8023.sys 4/13/2008 2:5.1 Signed sp3.cat Microsoft Windows Component Publisher
usb8023x.sys 4/13/2008 2:5.1 Signed sp3.cat Microsoft Windows Component Publisher
usbaudio.sys 4/13/2008 2:5.1 Signed sp3.cat Microsoft Windows Component Publisher
usbcamd.sys 4/13/2008 2:5.1 Signed sp3.cat Microsoft Windows Component Publisher
usbcamd2.sys 4/13/2008 2:5.1 Signed sp3.cat Microsoft Windows Component Publisher
usbccgp.sys 4/13/2008 2:5.1 Signed sp3.cat Microsoft Windows Component Publisher
usbd.sys 8/9/2004 2:5.1 Signed nt5.cat Microsoft Windows Component Publisher
usbehci.sys 4/13/2008 2:5.1 Signed sp3.cat Microsoft Windows Component Publisher
usbhub.sys 4/13/2008 2:5.1 Signed sp3.cat Microsoft Windows Component Publisher
usbintel.sys 4/13/2008 2:5.1 Signed sp3.cat Microsoft Windows Component Publisher
usbkey.sys 2/2/2006 None Not Signed N/A
usbohci.sys 4/13/2008 2:5.1 Signed sp3.cat Microsoft Windows Component Publisher
usbport.sys 4/13/2008 2:5.1 Signed sp3.cat Microsoft Windows Component Publisher
usbprint.sys 4/13/2008 2:5.1 Signed sp3.cat Microsoft Windows Component Publisher
usbscan.sys 4/13/2008 2:5.1 Signed sp3.cat Microsoft Windows Component Publisher
usbstor.sys 4/13/2008 2:5.1 Signed sp3.cat Microsoft Windows Component Publisher
usbuhci.sys 4/13/2008 2:5.1 Signed sp3.cat Microsoft Windows Component Publisher
usbvideo.sys 4/13/2008 2:5.1 Signed sp3.cat Microsoft Windows Component Publisher
vchnt5.dll 4/13/2008 2:5.1 Signed sp3.cat Microsoft Windows Component Publisher
vdmindvd.sys 8/10/2004 2:5.1 Signed nt5.cat Microsoft Windows Component Publisher
vga.sys 4/13/2008 2:5.1 Signed sp3.cat Microsoft Windows Component Publisher
viaagp.sys 4/13/2008 2:5.1 Signed sp3.cat Microsoft Windows Component Publisher
viaide.sys 4/13/2008 2:5.1 Signed sp3.cat Microsoft Windows Component Publisher
videoprt.sys 4/13/2008 2:5.1 Signed sp3.cat Microsoft Windows Component Publisher
volsnap.sys 4/13/2008 2:5.1 Signed sp3.cat Microsoft Windows Component Publisher
wacompen.sys 4/13/2008 2:5.1 Signed sp3.cat Microsoft Windows Component Publisher
wadv07nt.sys 8/3/2004 2:5.1 Signed sp3.cat Microsoft Windows Component Publisher
wadv08nt.sys 8/3/2004 2:5.1 Signed sp3.cat Microsoft Windows Component Publisher
wadv09nt.sys 8/3/2004 2:5.1 Signed sp3.cat Microsoft Windows Component Publisher
wadv11nt.sys 8/3/2004 2:5.1 Signed sp3.cat Microsoft Windows Component Publisher
wanarp.sys 4/13/2008 2:5.1 Signed sp3.cat Microsoft Windows Component Publisher
watv06nt.sys 8/3/2004 2:5.1 Signed sp3.cat Microsoft Windows Component Publisher
watv10nt.sys 8/3/2004 2:5.1 Signed sp3.cat Microsoft Windows Component Publisher
wdf01000.sys 11/2/2006 2:5.0,2:5.1,2:5.2 Signed Wdf01005.cat Microsoft Windows Component Publisher
wdfldr.sys 11/2/2006 2:5.0,2:5.1,2:5.2 Signed Wdf01005.cat Microsoft Windows Component Publisher
wdmaud.sys 4/13/2008 2:5.1 Signed sp3.cat Microsoft Windows Component Publisher
wmilib.sys 8/9/2004 2:5.1 Signed nt5.cat Microsoft Windows Component Publisher
wpdusb.sys 10/18/2006 2:5.1 Signed WMFDist11.cat Microsoft Windows Component Publisher
ws2ifsl.sys 8/9/2004 2:5.1 Signed nt5.cat Microsoft Windows Component Publisher
wstcodec.sys 4/13/2008 2:5.1 Signed sp3.cat Microsoft Windows Component Publisher
wudfpf.sys 9/28/2006 2:5.1,2:5.2 Signed Wudf01000.cat Microsoft Windows
wudfrd.sys 9/28/2006 2:5.1,2:5.2 Signed Wudf01000.cat Microsoft Windows

Unscanned Files:
------------------
[c:\windows\system32\drivers]
msftwdf_kernel_01005msft_kernel_nuidfltrsptd.sys The process cannot access the file because it is being used by another process.

crucifix676
Novice
Novice

Posts Posts : 49
Joined Joined : 2010-06-22
OS OS : Windows XP
Points Points : 24363
# Likes # Likes : 0

View user profile

Back to top Go down

Re: Google Redirecting Malware

Post by Dr Jay on 26th July 2010, 7:59 am

How often do the redirects occur? What causes them?


Dr. Jay (DJ)


[You must be registered and logged in to see this link.] ~ [You must be registered and logged in to see this link.] ~ [You must be registered and logged in to see this link.] ~ [You must be registered and logged in to see this link.]

Dr Jay
Head Administrator
Head Administrator

Posts Posts : 14314
Joined Joined : 2009-09-06
Gender Gender : Male
OS OS : Windows 10 Home & Pro
Arch. Arch. : x64 (64-bit)
Protection Protection : Bitdefender Total Security
Points Points : 302999
# Likes # Likes : 10

View user profile

Back to top Go down

Re: Google Redirecting Malware

Post by crucifix676 on 26th July 2010, 10:16 am

The redirects happen pretty sporadically, and they seem to only occur on Google search engines. I click on a search result and sometimes I get redirected to a completely unrelated and ad-filled site. Often times I will just go back to the original search page and click on the search result again many times before I finally go to the correct page and not an unrelated redirected page. There seems to be some side symptoms of this such as slower computer speed and occasional error messages, but it could be something other than the redirecting issue.

crucifix676
Novice
Novice

Posts Posts : 49
Joined Joined : 2010-06-22
OS OS : Windows XP
Points Points : 24363
# Likes # Likes : 0

View user profile

Back to top Go down

Re: Google Redirecting Malware

Post by Dr Jay on 27th July 2010, 4:36 am

Please download [You must be registered and logged in to see this link.] by DragonMaster Jay.
  • Save it to your Desktop.
  • Right-click on the file and select Extract All...
  • Choose a location to save extracted files and keep pressing Next until Finish.
  • Double-click RenewMyDNS folder, then double-click RenewMyDNS.bat to start the program.
  • Follow the prompts, and when finished it will launch a log.
  • Post that log in your next reply.
  • After posting the log, delete the folder RenewMyDNS.


Dr. Jay (DJ)


[You must be registered and logged in to see this link.] ~ [You must be registered and logged in to see this link.] ~ [You must be registered and logged in to see this link.] ~ [You must be registered and logged in to see this link.]

Dr Jay
Head Administrator
Head Administrator

Posts Posts : 14314
Joined Joined : 2009-09-06
Gender Gender : Male
OS OS : Windows 10 Home & Pro
Arch. Arch. : x64 (64-bit)
Protection Protection : Bitdefender Total Security
Points Points : 302999
# Likes # Likes : 10

View user profile

Back to top Go down

Re: Google Redirecting Malware

Post by crucifix676 on 27th July 2010, 8:16 am



Reply from 98.137.149.56: bytes=32 time=477ms TTL=56

Reply from 98.137.149.56: bytes=32 time=310ms TTL=56

Request timed out.

Reply from 98.137.149.56: bytes=32 time=555ms TTL=56



Ping statistics for 98.137.149.56:

Packets: Sent = 4, Received = 3, Lost = 1 (25% loss),

Approximate round trip times in milli-seconds:

Minimum = 310ms, Maximum = 555ms, Average = 447ms



Pinging GeekPolice.net [64.202.189.170] with 32 bytes of data:



Reply from 64.202.189.170: bytes=32 time=409ms TTL=117

Reply from 64.202.189.170: bytes=32 time=518ms TTL=117

Reply from 64.202.189.170: bytes=32 time=404ms TTL=117

Reply from 64.202.189.170: bytes=32 time=394ms TTL=117



Ping statistics for 64.202.189.170:

Packets: Sent = 4, Received = 4, Lost = 0 (0% loss),

Approximate round trip times in milli-seconds:

Minimum = 394ms, Maximum = 518ms, Average = 431ms



Pinging facebook.com [69.63.189.16] with 32 bytes of data:



Reply from 69.63.189.16: bytes=32 time=426ms TTL=242

Reply from 69.63.189.16: bytes=32 time=423ms TTL=242

Reply from 69.63.189.16: bytes=32 time=206ms TTL=242

Reply from 69.63.189.16: bytes=32 time=93ms TTL=242



Ping statistics for 69.63.189.16:

Packets: Sent = 4, Received = 4, Lost = 0 (0% loss),

Approximate round trip times in milli-seconds:

Minimum = 93ms, Maximum = 426ms, Average = 287ms



Pinging microsoft.com [207.46.232.182] with 32 bytes of data:



Request timed out.

Request timed out.

Request timed out.

Request timed out.



Ping statistics for 207.46.232.182:

Packets: Sent = 4, Received = 0, Lost = 4 (100% loss),


********************
EOF

crucifix676
Novice
Novice

Posts Posts : 49
Joined Joined : 2010-06-22
OS OS : Windows XP
Points Points : 24363
# Likes # Likes : 0

View user profile

Back to top Go down

Re: Google Redirecting Malware

Post by Dr Jay on 27th July 2010, 6:16 pm

That is not a complete log. The information I needed is at the beginning of the log.

Please re-run the tool and post a new log.


Dr. Jay (DJ)


[You must be registered and logged in to see this link.] ~ [You must be registered and logged in to see this link.] ~ [You must be registered and logged in to see this link.] ~ [You must be registered and logged in to see this link.]

Dr Jay
Head Administrator
Head Administrator

Posts Posts : 14314
Joined Joined : 2009-09-06
Gender Gender : Male
OS OS : Windows 10 Home & Pro
Arch. Arch. : x64 (64-bit)
Protection Protection : Bitdefender Total Security
Points Points : 302999
# Likes # Likes : 10

View user profile

Back to top Go down

Re: Google Redirecting Malware

Post by crucifix676 on 27th July 2010, 11:58 pm

RenewMyDNS by DragonMaster Jay
DNS Diagnostics and refresher
Version 0.1.4 - November 2009

Microsoft Windows XP [Version 5.1.2600]


(((((((((((((((((((( Network and DNS Information ))))))))))))))))))))




Windows IP Configuration



Host Name . . . . . . . . . . . . : Eric

Primary Dns Suffix . . . . . . . :

Node Type . . . . . . . . . . . . : Broadcast

IP Routing Enabled. . . . . . . . : No

WINS Proxy Enabled. . . . . . . . : No

DNS Suffix Search List. . . . . . : gateway.2wire.net



Ethernet adapter Local Area Connection 4:



Connection-specific DNS Suffix . : gateway.2wire.net

Description . . . . . . . . . . . : NVIDIA nForce Networking Controller

Physical Address. . . . . . . . . : 00-17-31-CD-35-0C

Dhcp Enabled. . . . . . . . . . . : Yes

Autoconfiguration Enabled . . . . : Yes

IP Address. . . . . . . . . . . . : 172.16.1.37

Subnet Mask . . . . . . . . . . . : 255.255.0.0

Default Gateway . . . . . . . . . : 172.16.0.1

DHCP Server . . . . . . . . . . . : 172.16.0.1

DNS Servers . . . . . . . . . . . : 4.2.2.2

4.2.2.3

Lease Obtained. . . . . . . . . . : Tuesday, July 27, 2010 4:49:11 PM

Lease Expires . . . . . . . . . . : Tuesday, July 27, 2010 5:49:11 PM


(((((((((((((((((((( DNS-Fake Request Testing and Flush ))))))))))))))))))))

... Requests made were successful


Windows IP Configuration



Successfully flushed the DNS Resolver Cache.



(((((((((((((((((((( Speed-test - Ping ))))))))))))))))))))


Pinging yahoo.com [69.147.125.65] with 32 bytes of data:



Reply from 69.147.125.65: bytes=32 time=223ms TTL=48

Reply from 69.147.125.65: bytes=32 time=113ms TTL=48

Reply from 69.147.125.65: bytes=32 time=253ms TTL=48

Reply from 69.147.125.65: bytes=32 time=124ms TTL=48



Ping statistics for 69.147.125.65:

Packets: Sent = 4, Received = 4, Lost = 0 (0% loss),

Approximate round trip times in milli-seconds:

Minimum = 113ms, Maximum = 253ms, Average = 178ms



Pinging GeekPolice.net [64.202.189.170] with 32 bytes of data:



Reply from 64.202.189.170: bytes=32 time=93ms TTL=117

Reply from 64.202.189.170: bytes=32 time=41ms TTL=117

Reply from 64.202.189.170: bytes=32 time=40ms TTL=117

Reply from 64.202.189.170: bytes=32 time=41ms TTL=117



Ping statistics for 64.202.189.170:

Packets: Sent = 4, Received = 4, Lost = 0 (0% loss),

Approximate round trip times in milli-seconds:

Minimum = 40ms, Maximum = 93ms, Average = 53ms



Pinging facebook.com [69.63.181.11] with 32 bytes of data:



Reply from 69.63.181.11: bytes=32 time=18ms TTL=243

Reply from 69.63.181.11: bytes=32 time=18ms TTL=243

Reply from 69.63.181.11: bytes=32 time=19ms TTL=243

Reply from 69.63.181.11: bytes=32 time=140ms TTL=243



Ping statistics for 69.63.181.11:

Packets: Sent = 4, Received = 4, Lost = 0 (0% loss),

Approximate round trip times in milli-seconds:

Minimum = 18ms, Maximum = 140ms, Average = 48ms



Pinging microsoft.com [207.46.232.182] with 32 bytes of data:



Request timed out.

Request timed out.

Request timed out.

Request timed out.



Ping statistics for 207.46.232.182:

Packets: Sent = 4, Received = 0, Lost = 4 (100% loss),


********************
EOF

crucifix676
Novice
Novice

Posts Posts : 49
Joined Joined : 2010-06-22
OS OS : Windows XP
Points Points : 24363
# Likes # Likes : 0

View user profile

Back to top Go down

Re: Google Redirecting Malware

Post by Dr Jay on 28th July 2010, 3:29 am

Please download [You must be registered and logged in to see this link.] and save it to your Desktop.

Note: You must be logged on to the system with an account that has Administrator privileges to run this program.
  • Close ALL OTHER PROGRAMS.
  • Double-click on OTS to start the program (if you are running on Vista then right-click the program and
    choose Run as Administrator).
  • At the top, tick on Scan All Users section and Include MD5.
  • At File Age set it to 90 Days
  • In the Processes, Modules, Services, Drivers, and Registry
    section, please set on Safe List.
  • In the Files Created Within and Files Modified Within section, set it to File Age
  • At the bottom, tick on all Safe List and Use Company Name WhiteList option
  • Under Additional Scans, tick on the "Extras" button and then click the checkboxes in front of the following items to select them:
      Reg - Disabled MS Config Items
      Reg - Drivers32
      Reg - Ext
      Reg - IE
      Explorer Bar
      Reg - NetSvcs
      Reg - Safeboot Minimal
      Reg - Safeboot Network
      File - Lop Check
      File - Purity Scan
  • Do NOT change any other settings.
  • Then, in the Custom Scans box, place this in:

    %systemroot%\*. /mp /s
    %systemroot%\system32\*.dll /lockedfiles
    %systemroot%\system32\*.exe /lockedfiles
    %systemroot%\Tasks\*.job /lockedfiles
    %systemroot%\system32\drivers\*.sys /lockedfiles
    %systemroot%\System32\config\*.sav
    %systemroot%\System32\*.sys
    %systemroot%\System32\drivers\*.dll
    %systemroot%\System32\drivers\*.ini
    %systemroot%\System32\drivers\*.exe
    %SYSTEMDRIVE%\*.*
    %PROGRAMFILES%\*.
    %appdata%\*.*


  • Now click the Run Scan button on the toolbar.
  • Let it run unhindered until it finishes.
  • When the scan is complete Notepad will open with the report file loaded in it.
  • Click the Format menu and make sure that Wordwrap is not checked. If it is then click on it to uncheck it.


Dr. Jay (DJ)


[You must be registered and logged in to see this link.] ~ [You must be registered and logged in to see this link.] ~ [You must be registered and logged in to see this link.] ~ [You must be registered and logged in to see this link.]

Dr Jay
Head Administrator
Head Administrator

Posts Posts : 14314
Joined Joined : 2009-09-06
Gender Gender : Male
OS OS : Windows 10 Home & Pro
Arch. Arch. : x64 (64-bit)
Protection Protection : Bitdefender Total Security
Points Points : 302999
# Likes # Likes : 10

View user profile

Back to top Go down

Re: Google Redirecting Malware

Post by crucifix676 on 28th July 2010, 11:23 am

Computer Name: ERIC
Current User Name: HP_Administrator
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: All users
Company Name Whitelist: On
Skip Microsoft Files: Off
File Age = 90 Days

[Processes - Safe List]
ots.exe -> C:\Documents and Settings\HP_Administrator\My Documents\Downloads\OTS.exe -> [2010/07/28 03:08:03 | 000,641,536 | ---- | M | MD5 = F8652ABB8D613AFCF8CD47FE669F62F5] (OldTimer Tools)
applemobiledeviceservice.exe -> C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe -> [2010/06/10 21:03:08 | 000,144,176 | ---- | M | MD5 = 2E3E53A6AEF23E24F402C7855B9B1542] (Apple Inc.)
psunmain.exe -> C:\Program Files\Panda Security\Panda Cloud Antivirus\PSUNMain.exe -> [2010/05/14 15:06:30 | 000,406,848 | ---- | M | MD5 = 6E89A16E4A3E5FD19AD5B74DA023B671] (Panda Security, S.L.)
psanhost.exe -> C:\Program Files\Panda Security\Panda Cloud Antivirus\PSANHost.exe -> [2010/04/30 13:47:30 | 000,136,448 | ---- | M | MD5 = 9799191F31740EB7979C3B012AA6BA5B] (Panda Security, S.L.)
askupgrade.exe -> C:\Program Files\AskBarDis\bar\bin\ASKUpgrade.exe -> [2009/04/02 12:47:04 | 000,234,888 | ---- | M | MD5 = 367621CB272A8D9E7D910388916D5737] ()
askservice.exe -> C:\Program Files\AskBarDis\bar\bin\AskService.exe -> [2009/04/02 12:47:02 | 000,464,264 | ---- | M | MD5 = 7B44F870FC2DA172C5367D9E3F96F553] ()
psiservice_2.exe -> C:\Program Files\Common Files\Protexis\License Service\PsiService_2.exe -> [2008/07/23 13:54:10 | 000,185,632 | ---- | M | MD5 = D21DFAA93CD6AEF397C033A718C0FFF5] (Protexis Inc.)
explorer.exe -> C:\WINDOWS\explorer.exe -> [2008/04/13 17:12:19 | 001,033,728 | ---- | M | MD5 = 12896823FB95BFB3DC9B46BCAEDC9923] (Microsoft Corporation)
aluschedulersvc.exe -> C:\Program Files\Symantec\LiveUpdate\AluSchedulerSvc.exe -> [2006/07/25 18:03:42 | 000,100,032 | ---- | M | MD5 = 7768CE75C5CBF0D8F441CE2BBD806B7F] (Symantec Corporation)
arservice.exe -> C:\WINDOWS\arservice.exe -> [2005/08/02 23:19:16 | 000,058,880 | ---- | M | MD5 = 9A0D9B2E263BEDE80FB79DDBAD240EC1] (Microsoft)

[Modules - Safe List]
ots.exe -> C:\Documents and Settings\HP_Administrator\My Documents\Downloads\OTS.exe -> [2010/07/28 03:08:03 | 000,641,536 | ---- | M | MD5 = F8652ABB8D613AFCF8CD47FE669F62F5] (OldTimer Tools)
msscript.ocx -> C:\WINDOWS\system32\msscript.ocx -> [2008/04/13 17:10:20 | 000,110,592 | ---- | M | MD5 = DE5160912F4483F37704BE65C315B545] (Microsoft Corporation)

[Win32 Services - Safe List]
(F6E68549) F6E68549 [On_Demand | Stopped] -> C:\WINDOWS\System32\F6E68549.exe -> File not found
(9258704E) 9258704E [On_Demand | Stopped] -> C:\WINDOWS\System32\9258704E.exe -> File not found
(441CC720) 441CC720 [On_Demand | Stopped] -> C:\WINDOWS\System32\441CC720.exe -> File not found
(3D1AB9A9) 3D1AB9A9 [On_Demand | Stopped] -> C:\WINDOWS\System32\3D1AB9A9.exe -> File not found
(Apple Mobile Device) Apple Mobile Device [Auto | Running] -> C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe -> [2010/06/10 21:03:08 | 000,144,176 | ---- | M | MD5 = 2E3E53A6AEF23E24F402C7855B9B1542] (Apple Inc.)
(NanoServiceMain) Panda Cloud Antivirus Service [Auto | Running] -> C:\Program Files\Panda Security\Panda Cloud Antivirus\PSANHost.exe -> [2010/04/30 13:47:30 | 000,136,448 | ---- | M | MD5 = 9799191F31740EB7979C3B012AA6BA5B] (Panda Security, S.L.)
(XobniService) XobniService [Disabled | Stopped] -> C:\Program Files\Xobni\XobniService.exe -> [2009/11/13 11:09:34 | 000,046,824 | ---- | M | MD5 = E2CE4AE31E86161384EB045FD9ED3002] (Xobni Corporation)
(ASKUpgrade) ASKUpgrade [Auto | Running] -> C:\Program Files\AskBarDis\bar\bin\ASKUpgrade.exe -> [2009/04/02 12:47:04 | 000,234,888 | ---- | M | MD5 = 367621CB272A8D9E7D910388916D5737] ()
(ASKService) ASKService [Auto | Running] -> C:\Program Files\AskBarDis\bar\bin\AskService.exe -> [2009/04/02 12:47:02 | 000,464,264 | ---- | M | MD5 = 7B44F870FC2DA172C5367D9E3F96F553] ()
(PSI_SVC_2) Protexis Licensing V2 [Auto | Running] -> C:\Program Files\Common Files\Protexis\License Service\PsiService_2.exe -> [2008/07/23 13:54:10 | 000,185,632 | ---- | M | MD5 = D21DFAA93CD6AEF397C033A718C0FFF5] (Protexis Inc.)
(LiveUpdate) LiveUpdate [Disabled | Stopped] -> C:\Program Files\Symantec\LiveUpdate\LuComServer_3_0.EXE -> [2006/07/25 18:03:42 | 002,119,360 | ---- | M | MD5 = FB466FAA799EACE5075FC1DE269F0066] (Symantec Corporation)
(Automatic LiveUpdate Scheduler) Automatic LiveUpdate Scheduler [Auto | Running] -> C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe -> [2006/07/25 18:03:42 | 000,100,032 | ---- | M | MD5 = 7768CE75C5CBF0D8F441CE2BBD806B7F] (Symantec Corporation)
(ARSVC) ARSVC [Auto | Running] -> C:\WINDOWS\arservice.exe -> [2005/08/02 23:19:16 | 000,058,880 | ---- | M | MD5 = 9A0D9B2E263BEDE80FB79DDBAD240EC1] (Microsoft)
(Pml Driver HPZ12) Pml Driver HPZ12 [Disabled | Stopped] -> C:\WINDOWS\system32\HPZipm12.exe -> [2005/03/14 19:05:02 | 000,069,632 | ---- | M | MD5 = A38B3CE68E7F126190CDE4AA3FDF050F] (HP)

crucifix676
Novice
Novice

Posts Posts : 49
Joined Joined : 2010-06-22
OS OS : Windows XP
Points Points : 24363
# Likes # Likes : 0

View user profile

Back to top Go down

Re: Google Redirecting Malware

Post by crucifix676 on 28th July 2010, 11:23 am

[Driver Services - Safe List]
(rootrepeal) rootrepeal [Kernel | On_Demand | Stopped] -> C:\WINDOWS\System32\drivers\rootrepeal.sys -> File not found
(RkPavproc1) RkPavproc1 [Kernel | On_Demand | Stopped] -> C:\WINDOWS\System32\drivers\RkPavproc1.sys -> File not found
(Cdrom) CD-ROM Driver [Kernel | System | Stopped] -> C:\WINDOWS\System32\DRIVERS\cdrom.sys -> File not found
(atksgt) atksgt [Kernel | Auto | Running] -> C:\WINDOWS\system32\drivers\atksgt.sys -> [2010/07/08 02:10:46 | 000,278,984 | ---- | M | MD5 = 3C4B9850A2631C2263507400D029057B] ()
(lirsgt) lirsgt [Kernel | Auto | Running] -> C:\WINDOWS\system32\drivers\lirsgt.sys -> [2010/07/08 02:10:46 | 000,025,416 | ---- | M | MD5 = 4127E8B6DDB4090E815C1F8852C277D3] ()
(PSINAflt) PSINAflt [Kernel | Auto | Running] -> C:\WINDOWS\system32\drivers\PSINAflt.sys -> [2010/05/27 18:39:32 | 000,141,384 | ---- | M | MD5 = 469943FB4398DF5662DD5D06193C0BB0] (Panda Security, S.L.)
(PSINProt) PSINProt [Kernel | Auto | Running] -> C:\WINDOWS\system32\drivers\PSINProt.sys -> [2010/05/12 10:58:12 | 000,110,920 | ---- | M | MD5 = 47345C84B45003D4B5975CDA5F026787] (Panda Security, S.L.)
(PSINKNC) PSINKNC [Kernel | System | Running] -> C:\WINDOWS\system32\drivers\PSINKNC.sys -> [2010/05/04 08:36:54 | 000,129,928 | ---- | M | MD5 = 51B0BAB73EC899399E5D6034105D6F21] (Panda Security, S.L.)
(PSINProc) PSINProc [File_System | Auto | Running] -> C:\WINDOWS\system32\drivers\PSINProc.sys -> [2010/04/30 13:46:52 | 000,111,624 | ---- | M | MD5 = D3730032F61FCA2D2AE6A2DAF90347B1] (Panda Security, S.L.)
(PSINFile) PSINFile [File_System | Auto | Running] -> C:\WINDOWS\system32\drivers\PSINFile.sys -> [2010/04/30 13:46:52 | 000,097,032 | ---- | M | MD5 = B573F1EE01046612576907BB08AD8E6F] (Panda Security, S.L.)
(nv) nv [Kernel | On_Demand | Running] -> C:\WINDOWS\system32\drivers\nv4_mini.sys -> [2010/04/03 15:55:31 | 010,232,128 | ---- | M | MD5 = 30913CBF518396912E54C2C9F1DD0F09] (NVIDIA Corporation)
(NuidFltr) NUID filter driver [Kernel | On_Demand | Stopped] -> C:\WINDOWS\system32\drivers\nuidfltr.sys -> [2009/05/09 01:14:20 | 000,014,736 | ---- | M | MD5 = CF7E041663119E09D2E118521ADA9300] (Microsoft Corporation)
(sptd) sptd [Kernel | Boot | Running] -> C:\WINDOWS\System32\Drivers\sptd.sys -> [2009/02/18 00:05:03 | 000,717,296 | ---- | M | Unable to obtain MD5] ()
(IntcAzAudAddService) Service for Realtek HD Audio (WDM) [Kernel | On_Demand | Running] -> C:\WINDOWS\system32\drivers\RtkHDAud.sys -> [2009/02/11 12:40:40 | 005,028,352 | ---- | M | MD5 = 14B48553BE78472D2BD3A518658A1710] (Realtek Semiconductor Corp.)
(nvgts) nvgts [Kernel | Boot | Running] -> C:\WINDOWS\system32\DRIVERS\nvgts.sys -> [2008/08/18 19:54:00 | 000,145,952 | ---- | M | MD5 = EA98BFE4931BD13D747D647C1859796E] (NVIDIA Corporation)
(npkcrypt) npkcrypt [Kernel | On_Demand | Stopped] -> C:\Documents and Settings\HP_Administrator\Desktop\Lineage II\system\npkcrypt.sys -> [2008/04/29 16:04:33 | 000,023,217 | ---- | M | MD5 = FD9666A8EB88E713C18E2E90F6E746D0] (INCA Internet Co., Ltd.)
(eeCtrl) Symantec Eraser Control driver [Kernel | System | Running] -> C:\Program Files\Common Files\Symantec Shared\EENGINE\eeCtrl.sys -> [2008/04/17 11:54:54 | 000,385,072 | ---- | M | MD5 = E89CC1363CB7F5320AE3B41C1333D0C3] (Symantec Corporation)
(usbaudio) USB Audio Driver (WDM) [Kernel | On_Demand | Stopped] -> C:\WINDOWS\system32\drivers\USBAUDIO.sys -> [2008/04/13 12:45:12 | 000,060,032 | ---- | M | MD5 = E919708DB44ED8543A7C017953148330] (Microsoft Corporation)
(IrBus) Infrared bus filter driver for eHome remote controls [Kernel | On_Demand | Stopped] -> C:\WINDOWS\system32\drivers\irbus.sys -> [2008/04/13 11:45:34 | 000,046,592 | ---- | M | MD5 = B43B36B382AEA10861F7C7A37F9D4AE2] (Microsoft Corporation)
(HDAudBus) Microsoft UAA Bus Driver for High Definition Audio [Kernel | On_Demand | Running] -> C:\WINDOWS\system32\drivers\hdaudbus.sys -> [2008/04/13 09:36:05 | 000,144,384 | ---- | M | MD5 = 573C7D0A32852B48F3058CFD8026F511] (Windows (R) Server 2003 DDK provider)
(BANTExt) Belarc SMBios Access [Kernel | System | Running] -> C:\WINDOWS\System32\Drivers\BANTExt.sys -> [2008/02/27 13:49:00 | 000,003,840 | ---- | M | MD5 = 5D7BE7B19E827125E016325334E58FF1] ()
(hcwPP2) Hauppauge WinTV PVR PCI II ([23|25|26]xxx) [Kernel | On_Demand | Running] -> C:\WINDOWS\system32\drivers\hcwPP2.sys -> [2006/04/13 16:47:38 | 000,168,064 | ---- | M | MD5 = 55E4DA7C8CBBA1F2D71720FCA7A5C086] (Hauppauge Computer Works, Inc.)
(nvnetbus) NVIDIA Network Bus Enumerator [Kernel | On_Demand | Running] -> C:\WINDOWS\system32\drivers\nvnetbus.sys -> [2006/03/03 14:31:04 | 000,013,056 | ---- | M | MD5 = 5E3F6AD5CAD0F12D3CCCD06FD964087A] (NVIDIA Corporation)
(NVENETFD) NVIDIA nForce Networking Controller Driver [Kernel | On_Demand | Running] -> C:\WINDOWS\system32\drivers\NVENETFD.sys -> [2006/03/03 14:31:02 | 000,034,176 | ---- | M | MD5 = 22EEDB34C4D7613A25B10C347C6C4C21] (NVIDIA Corporation)
(Ps2) Ps2 [Kernel | On_Demand | Running] -> C:\WINDOWS\system32\drivers\PS2.sys -> [2005/12/12 17:27:00 | 000,019,072 | ---- | M | MD5 = 390C204CED3785609AB24E9C52054A84] (Hewlett-Packard Company)
(HSXHWBS2) HSXHWBS2 [Kernel | On_Demand | Running] -> C:\WINDOWS\system32\drivers\HSXHWBS2.sys -> [2005/12/06 11:20:50 | 000,241,664 | ---- | M | MD5 = 1F5C64B0C6B2E2F48735A77AE714CCB8] (Conexant Systems, Inc.)
(winachsx) winachsx [Kernel | On_Demand | Running] -> C:\WINDOWS\system32\drivers\HSX_CNXT.sys -> [2005/12/06 11:20:42 | 000,670,208 | ---- | M | MD5 = 11EC1AFCEB5C917CE73D3C301FF4291E] (Conexant Systems, Inc.)
(HSX_DP) HSX_DP [Kernel | On_Demand | Running] -> C:\WINDOWS\system32\drivers\HSX_DP.sys -> [2005/12/06 11:20:40 | 000,936,448 | ---- | M | MD5 = A7F8C9228898A1E871D2AE7082F50AC3] (Conexant Systems, Inc.)
(ftsata2) ftsata2 [Kernel | Boot | Running] -> C:\WINDOWS\system32\DRIVERS\ftsata2.sys -> [2005/06/29 17:03:18 | 000,175,104 | ---- | M | MD5 = 22399D3CE5840C6082844679CCA5D2FC] (Promise Technology, Inc.)
(iaStor) Intel RAID Controller [Kernel | Boot | Running] -> C:\WINDOWS\system32\DRIVERS\iaStor.sys -> [2005/06/17 06:33:40 | 000,872,064 | ---- | M | MD5 = 9A65E42664D1534B68512CAAD0EFE963] (Intel Corporation)
(AmdK8) AMD Processor Driver [Kernel | System | Running] -> C:\WINDOWS\system32\drivers\AmdK8.sys -> [2005/03/09 14:53:00 | 000,036,352 | ---- | M | MD5 = 59301936898AE62245A6F09C0ABA9475] (Advanced Micro Devices)
(rtl8139) Realtek RTL8139(A/B/C)-based PCI Fast Ethernet Adapter NT Driver [Kernel | On_Demand | Stopped] -> C:\WINDOWS\system32\drivers\RTL8139.sys -> [2004/08/03 14:31:34 | 000,020,992 | ---- | M | MD5 = D507C1400284176573224903819FFDA3] (Realtek Semiconductor Corporation)
(bb-run) Promise driver accelerator [Kernel | Boot | Running] -> C:\WINDOWS\system32\DRIVERS\bb-run.sys -> [2003/11/05 07:45:12 | 000,017,408 | ---- | M | MD5 = 7270D070173B20AC9487EA16BB08B45F] (Promise Technology, Inc.)

[Registry - Safe List]
< Internet Explorer Settings [HKEY_LOCAL_MACHINE\] > -> ->
HKEY_LOCAL_MACHINE\: Main\"Default_Page_URL" -> [You must be registered and logged in to see this link.] ->
HKEY_LOCAL_MACHINE\: Main\"Default_Search_URL" -> [You must be registered and logged in to see this link.] ->
HKEY_LOCAL_MACHINE\: Main\"Local Page" -> %SystemRoot%\system32\blank.htm ->
HKEY_LOCAL_MACHINE\: Main\"Search Page" -> [You must be registered and logged in to see this link.] ->
HKEY_LOCAL_MACHINE\: Main\"Start Page" -> [You must be registered and logged in to see this link.] ->
HKEY_LOCAL_MACHINE\: Search\"Default_Search_URL" -> [You must be registered and logged in to see this link.] ->
HKEY_LOCAL_MACHINE\: Search\"SearchAssistant" -> [You must be registered and logged in to see this link.] ->
< Internet Explorer Settings [HKEY_USERS\.DEFAULT\] > -> ->
HKEY_USERS\.DEFAULT\: Main\"Default_Page_URL" -> [You must be registered and logged in to see this link.] ->
HKEY_USERS\.DEFAULT\: Main\"Default_Search_URL" -> [You must be registered and logged in to see this link.] ->
HKEY_USERS\.DEFAULT\: Main\"Search Page" -> [You must be registered and logged in to see this link.] ->
HKEY_USERS\.DEFAULT\: Main\"Start Page" -> [You must be registered and logged in to see this link.] ->
HKEY_USERS\.DEFAULT\: "ProxyEnable" -> 0 ->
< Internet Explorer Settings [HKEY_USERS\S-1-5-18\] > -> ->
HKEY_USERS\S-1-5-18\: Main\"Default_Page_URL" -> [You must be registered and logged in to see this link.] ->
HKEY_USERS\S-1-5-18\: Main\"Default_Search_URL" -> [You must be registered and logged in to see this link.] ->
HKEY_USERS\S-1-5-18\: Main\"Search Page" -> [You must be registered and logged in to see this link.] ->
HKEY_USERS\S-1-5-18\: Main\"Start Page" -> [You must be registered and logged in to see this link.] ->
HKEY_USERS\S-1-5-18\: "ProxyEnable" -> 0 ->
< Internet Explorer Settings [HKEY_USERS\S-1-5-19\] > -> ->
< Internet Explorer Settings [HKEY_USERS\S-1-5-20\] > -> ->
< Internet Explorer Settings [HKEY_USERS\S-1-5-21-2239381086-1206112939-3159093799-1008\] > -> ->
HKEY_USERS\S-1-5-21-2239381086-1206112939-3159093799-1008\: Main\"Default_Page_URL" -> [You must be registered and logged in to see this link.] ->
HKEY_USERS\S-1-5-21-2239381086-1206112939-3159093799-1008\: Main\"Default_Search_URL" -> [You must be registered and logged in to see this link.] ->
HKEY_USERS\S-1-5-21-2239381086-1206112939-3159093799-1008\: Main\"Search Page" -> [You must be registered and logged in to see this link.] ->
HKEY_USERS\S-1-5-21-2239381086-1206112939-3159093799-1008\: Main\"Secondary Start Pages" -> [binary data] ->
HKEY_USERS\S-1-5-21-2239381086-1206112939-3159093799-1008\: Search\"SearchAssistant" -> [You must be registered and logged in to see this link.] ->
HKEY_USERS\S-1-5-21-2239381086-1206112939-3159093799-1008\: SearchURL\"" -> [You must be registered and logged in to see this link.] ->
HKEY_USERS\S-1-5-21-2239381086-1206112939-3159093799-1008\: SearchURL\"provider" -> gogl ->
HKEY_USERS\S-1-5-21-2239381086-1206112939-3159093799-1008\: "ProxyEnable" -> 0 ->
HKEY_USERS\S-1-5-21-2239381086-1206112939-3159093799-1008\: "ProxyOverride" -> ;*.local ->
< FireFox Settings [Prefs.js] > -> C:\Documents and Settings\HP_Administrator\Application Data\Mozilla\FireFox\Profiles\7x8fv31u.default\prefs.js ->
browser.search.useDBForOrder -> true ->
browser.startup.homepage -> "http://en-us.start.mozilla.com/firefox?client=firefox-a&rls=org.mozilla:en-US:official" ->
extensions.enabledItems -> [You must be registered and logged in to see this link.]:1.0 ->
keyword.URL -> "http://search.yahoo.com/search?fr=panda&type=panda1_0yatb&p=" ->
< FireFox Settings [User.js] > -> C:\Documents and Settings\HP_Administrator\Application Data\Mozilla\FireFox\Profiles\7x8fv31u.default\user.js ->
< FireFox Extensions [HKLM] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Mozilla
HKLM\software\mozilla\Firefox\extensions -> ->
HKLM\software\mozilla\Firefox\extensions\\widgetruntime@surfsecret.com -> C:\Program Files\Panda Security\Panda ID Protect\Firefox [C:\PROGRAM FILES\PANDA SECURITY\PANDA ID PROTECT\FIREFOX] -> [2010/07/27 02:20:55 | 000,000,000 | ---D | M]
HKLM\software\mozilla\Mozilla Firefox 3.6.8\extensions -> ->
HKLM\software\mozilla\Mozilla Firefox 3.6.8\extensions\\Components -> C:\Program Files\Mozilla Firefox\components [C:\PROGRAM FILES\MOZILLA FIREFOX\COMPONENTS] -> [2010/07/27 16:55:23 | 000,000,000 | ---D | M]
HKLM\software\mozilla\Mozilla Firefox 3.6.8\extensions\\Plugins -> C:\Program Files\Mozilla Firefox\plugins [C:\PROGRAM FILES\MOZILLA FIREFOX\PLUGINS] -> [2010/07/27 16:55:22 | 000,000,000 | ---D | M]
< FireFox Extensions [User Folders] > ->
-> C:\Documents and Settings\HP_Administrator\Application Data\Mozilla\Extensions -> [2008/09/01 01:08:29 | 000,000,000 | ---D | M]
-> C:\Documents and Settings\HP_Administrator\Application Data\Mozilla\Firefox\Profiles\7x8fv31u.default\extensions -> [2010/07/27 16:52:59 | 000,000,000 | ---D | M]
Microsoft .NET Framework Assistant -> C:\Documents and Settings\HP_Administrator\Application Data\Mozilla\Firefox\Profiles\7x8fv31u.default\extensions\{20a82645-c095-46ed-80e3-08825760534b} -> [2010/04/27 13:53:02 | 000,000,000 | ---D | M]
-> C:\Documents and Settings\HP_Administrator\Application Data\Mozilla\Firefox\Profiles\7x8fv31u.default\extensions\personas@christopher.beard -> [2010/05/13 20:57:03 | 000,000,000 | ---D | M]
< FireFox SearchPlugins [User Folders] > ->
youtube-video-search.xml -> C:\Documents and Settings\HP_Administrator\Application Data\Mozilla\Firefox\Profiles\7x8fv31u.default\searchplugins\youtube-video-search.xml -> [2008/12/13 20:46:11 | 000,002,109 | ---- | M | MD5 = EB368E78ECC13C7DD221CC2E14425CA3] ()
< FireFox Extensions [Program Folders] > ->
-> C:\Program Files\Mozilla Firefox\extensions -> [2010/07/27 16:52:59 | 000,000,000 | ---D | M]
~[Filtered]~
Reset Hosts
127.0.0.1 localhost
< BHO's [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\ ->
{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} [HKLM] -> C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll [Adobe PDF Reader Link Helper] -> [2006/12/18 04:16:42 | 000,059,032 | ---- | M | MD5 = 4EA3A6CD9D20584FFAFDB1E47DBF0E20] (Adobe Systems Incorporated)
{3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} [HKLM] -> Reg Error: Key error. [Reg Error: Key error.] -> File not found
{72853161-30C5-4D22-B7F9-0BBC1D38A37E} [HKLM] -> C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll [Groove GFS Browser Helper] -> [2009/02/12 15:19:32 | 002,217,848 | ---- | M | MD5 = A6B5A41C0ED007AB6C43CAD899E533D8] (Microsoft Corporation)
{AAAE832A-5FFF-4661-9C8F-369692D1DCB9} [HKLM] -> C:\WINDOWS\pchealth\helpctr\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\plugin\WebHelper.dll [hpWebHelper Class] -> [2008/08/05 16:00:15 | 000,217,088 | ---- | M | MD5 = A0EF773AA00AFAF320E7404304EC5220] (TODO: )
{B821BF60-5C2D-41EB-92DC-3E4CCD3A22E4} [HKLM] -> C:\Program Files\Panda Security\Panda Security Toolbar\PandaSecurityDx.dll [Panda Security Toolbar] -> [2010/06/15 06:46:12 | 000,086,696 | ---- | M | MD5 = 26430378D083C787340EC434D0AF78C1] ()
< Internet Explorer ToolBars [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\ToolBar ->
"{B821BF60-5C2D-41EB-92DC-3E4CCD3A22E4}" [HKLM] -> C:\Program Files\Panda Security\Panda Security Toolbar\PandaSecurityDx.dll [Panda Security Toolbar] -> [2010/06/15 06:46:12 | 000,086,696 | ---- | M | MD5 = 26430378D083C787340EC434D0AF78C1] ()
"{CCC7A320-B3CA-4199-B1A6-9F516DD69829}" [HKLM] -> Reg Error: Key error. [Reg Error: Key error.] -> File not found
< Internet Explorer ToolBars [HKEY_USERS\S-1-5-21-2239381086-1206112939-3159093799-1008\] > -> HKEY_USERS\S-1-5-21-2239381086-1206112939-3159093799-1008\Software\Microsoft\Internet Explorer\Toolbar\ ->
ShellBrowser\"{C4069E3A-68F1-403E-B40E-20066696354B}" [HKLM] -> Reg Error: Key error. [Reg Error: Key error.] -> File not found
WebBrowser\"{3041D03E-FD4B-44E0-B742-2D9B88305F98}" [HKLM] -> C:\Program Files\AskBarDis\bar\bin\askBar.dll [Ask Toolbar] -> File not found
WebBrowser\"{C4069E3A-68F1-403E-B40E-20066696354B}" [HKLM] -> Reg Error: Key error. [Reg Error: Key error.] -> File not found
WebBrowser\"{CCC7A320-B3CA-4199-B1A6-9F516DD69829}" [HKLM] -> Reg Error: Key error. [Reg Error: Key error.] -> File not found
< Run [HKEY_LOCAL_MACHINE\] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run ->
"Alcmtr" -> C:\WINDOWS\ALCMTR.EXE [ALCMTR.EXE] -> [2008/06/19 08:20:52 | 000,057,344 | ---- | M | MD5 = EA31039E691C6F8F5469649526EEA5FB] (Realtek Semiconductor Corp.)
"AlwaysReady Power Message APP" -> C:\WINDOWS\arpwrmsg.exe [ARPWRMSG.EXE] -> [2005/08/02 23:19:16 | 000,077,312 | ---- | M | MD5 = B596347A26DC054EBB44EB3BC8E95B0A] (Microsoft)
"AppleSyncNotifier" -> C:\Program Files\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe [C:\Program Files\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe] -> [2010/03/16 21:58:34 | 000,047,392 | ---- | M | MD5 = FD89A30C8A9FF4929ABC5039E6A527A4] (Apple Inc.)
"HPBootOp" -> C:\Program Files\Hewlett-Packard\HP Boot Optimizer\HPBootOp.exe ["C:\Program Files\Hewlett-Packard\HP Boot Optimizer\HPBootOp.exe" /run] -> [2006/02/15 22:34:58 | 000,249,856 | ---- | M | MD5 = A789B145F17FA5C2326907F4872FE173] (Hewlett-Packard Company)
"HPHUPD08" -> c:\Program Files\HP\Digital Imaging\{33D6CC28-9F75-4d1b-A11D-98895B3A3729}\hphupd08.exe [c:\Program Files\HP\Digital Imaging\{33D6CC28-9F75-4d1b-A11D-98895B3A3729}\hphupd08.exe] -> [2005/06/01 23:35:56 | 000,049,152 | ---- | M | MD5 = 4F113169A2DE985D043A5530987AD6D0] (Hewlett-Packard)
"HPSUreset" -> c:\hp\bin\cloaker.exe [c:\hp\bin\cloaker.exe cmd /c c:\hp\drivers\hpsu\HPSULastRunReset.bat] -> [1999/11/06 23:11:14 | 000,027,136 | ---- | M | MD5 = 6380625DD0480ED60960A149A087C848] (Hewlett-Packard Co.)
"IMEKRMIG6.1" -> C:\WINDOWS\ime\imkr6_1\imekrmig.exe [C:\WINDOWS\ime\imkr6_1\IMEKRMIG.EXE] -> [2004/08/09 14:00:00 | 000,044,032 | ---- | M | MD5 = E6BB63BBE1BED01769CA87F4DAC286C8] (Microsoft Corporation)
"IMJPMIG8.1" -> C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE ["C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32] -> [2004/08/09 14:00:00 | 000,208,952 | ---- | M | MD5 = 7BBE4CF421AECC7F0226EDD75F12079F] (Microsoft Corporation)
"Mqoganapiqifep" -> C:\WINDOWS\iwufazeqeq.DLL [rundll32.exe "C:\WINDOWS\iwufazeqeq.dll",Startup] -> File not found
"MSPY2002" -> C:\WINDOWS\System32\IME\PINTLGNT\ImScInst.exe [C:\WINDOWS\system32\IME\PINTLGNT\ImScInst.exe /SYNC] -> [2004/08/09 14:00:00 | 000,059,392 | ---- | M | MD5 = 1B17E09C1223F6D17336D2DD7A1AF4F4] ()
"NvCplDaemon" -> C:\WINDOWS\System32\NvCpl.DLL [RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup] -> [2010/04/03 19:23:16 | 013,670,504 | ---- | M | MD5 = 8FFC8E6236073D462CAD9EDABFD3E0E4] (NVIDIA Corporation)
"NvMediaCenter" -> C:\WINDOWS\System32\NvMcTray.DLL [RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit] -> [2010/04/03 19:23:16 | 000,110,696 | ---- | M | MD5 = 2EF47B25843130B9E05AD487D667374D] (NVIDIA Corporation)
"PHIME2002A" -> C:\WINDOWS\System32\IME\TINTLGNT\TINTSETP.EXE [C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName] -> [2004/08/09 14:00:00 | 000,455,168 | ---- | M | MD5 = 024DC0F68DF5FD6AE9DD82DFBAF479D6] (Microsoft Corporation)
"PHIME2002ASync" -> C:\WINDOWS\System32\IME\TINTLGNT\TINTSETP.EXE [C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC] -> [2004/08/09 14:00:00 | 000,455,168 | ---- | M | MD5 = 024DC0F68DF5FD6AE9DD82DFBAF479D6] (Microsoft Corporation)
"PMLreset" -> c:\hp\bin\cloaker.exe [c:\hp\bin\cloaker.exe cmd /c c:\hp\drivers\pmlreset.bat] -> [1999/11/06 23:11:14 | 000,027,136 | ---- | M | MD5 = 6380625DD0480ED60960A149A087C848] (Hewlett-Packard Co.)
"PSUNMain" -> C:\Program Files\Panda Security\Panda Cloud Antivirus\PSUNMain.exe ["C:\Program Files\Panda Security\Panda Cloud Antivirus\PSUNMain.exe" /Traybar] -> [2010/05/14 15:06:30 | 000,406,848 | ---- | M | MD5 = 6E89A16E4A3E5FD19AD5B74DA023B671] (Panda Security, S.L.)
"RBreset" -> c:\hp\bin\cloaker.exe [c:\hp\bin\cloaker.exe cmd /c c:\hp\drivers\hpsu\RBLastRunReset.bat] -> [1999/11/06 23:11:14 | 000,027,136 | ---- | M | MD5 = 6380625DD0480ED60960A149A087C848] (Hewlett-Packard Co.)
"Recguard" -> C:\WINDOWS\SMINST\Recguard.exe [C:\WINDOWS\SMINST\RECGUARD.EXE] -> [2005/07/22 22:14:00 | 000,237,568 | ---- | M | MD5 = F3EAEA279F09A7779C18793C87640794] ()
"SetDefaultPrinter" -> c:\hp\bin\cloaker.exe [c:\hp\bin\cloaker.exe c:\windows\system32\cmd.exe /c c:\hp\bin\defaultprinter\SetDefaultPrinter.cmd] -> [1999/11/06 23:11:14 | 000,027,136 | ---- | M | MD5 = 6380625DD0480ED60960A149A087C848] (Hewlett-Packard Co.)
"TkBellExe" -> C:\Program Files\Common Files\Real\Update_OB\realsched.exe ["C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot] -> [2006/06/17 21:44:35 | 000,180,269 | ---- | M | MD5 = 1AC2C58B587C70DE64582AD41EE79FBA] (RealNetworks, Inc.)
< RunOnceEx [HKEY_LOCAL_MACHINE\] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnceEx ->
"Flags" -> Reg Error: Invalid data type. [Reg Error: Invalid data type.] -> File not found
"Title" -> [UnHackMe Rootkit Check] -> File not found
< Run [HKEY_USERS\S-1-5-21-2239381086-1206112939-3159093799-1008\] > -> HKEY_USERS\S-1-5-21-2239381086-1206112939-3159093799-1008\SOFTWARE\Microsoft\Windows\CurrentVersion\Run ->
"SmartRAM" -> C:\Program Files\IObit\Advanced SystemCare 3\Sup_SmartRAM.exe ["C:\Program Files\IObit\Advanced SystemCare 3\Sup_SmartRAM.exe" /m] -> [2010/01/22 14:12:12 | 000,200,280 | ---- | M | MD5 = 9DB4FC143600770F183C8796DDD56101] (IObit)
< Admin Startup Folder > -> C:\Documents and Settings\Admin\Start Menu\Programs\Startup ->
< Administrator Startup Folder > -> C:\Documents and Settings\Administrator\Start Menu\Programs\Startup ->
< All Users Startup Folder > -> C:\Documents and Settings\All Users\Start Menu\Programs\Startup ->
C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Adobe Reader Speed Launch.lnk -> C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe -> [2008/04/23 03:38:16 | 000,029,696 | ---- | M | MD5 = DFCB9ADE94A4F8A7C42EEF41101A30AD] (Adobe Systems Incorporated)
< asdf Startup Folder > -> C:\Documents and Settings\asdf\Start Menu\Programs\Startup ->
< Default User Startup Folder > -> C:\Documents and Settings\Default User\Start Menu\Programs\Startup ->
C:\Documents and Settings\Default User\Start Menu\Programs\Startup\Pin.lnk -> C:\hp\bin\cloaker.exe -> [1999/11/06 23:11:14 | 000,027,136 | ---- | M | MD5 = 6380625DD0480ED60960A149A087C848] (Hewlett-Packard Co.)
< Eric Startup Folder > -> C:\Documents and Settings\Eric\Start Menu\Programs\Startup ->
< Guest Startup Folder > -> C:\Documents and Settings\Guest\Start Menu\Programs\Startup ->
< Guest.ERIC Startup Folder > -> C:\Documents and Settings\Guest.ERIC\Start Menu\Programs\Startup ->
< HP_Administrator Startup Folder > -> C:\Documents and Settings\HP_Administrator\Start Menu\Programs\Startup ->
< Software Policy Settings [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Internet Explorer ->
HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Internet Explorer\Infodelivery\Restrictions
\Infodelivery\Restrictions\"NoUpdateCheck" -> [1] -> File not found
HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Internet Explorer\Main
\Main\"DEPOff" -> [1] -> File not found
< CurrentVersion Policy Settings - Explorer [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer
\"HonorAutoRunSetting" -> [1] -> File not found
\"LinkResolveIgnoreLinkInfo" -> [0] -> File not found
\"NoResolveSearch" -> [1] -> File not found
< CurrentVersion Policy Settings - System [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System
\"InstallVisualStyle" -> C:\WINDOWS\Resources\Themes\Royale\Royale.msstyles [C:\WINDOWS\Resources\Themes\Royale\Royale.msstyles] -> [2004/08/10 02:39:00 | 001,347,728 | ---- | M | MD5 = 1B272DBF6C5CCEB5DC2BB488271DDF6D] (Microsoft)
\"InstallTheme" -> C:\WINDOWS\Resources\Themes\Royale.Theme [C:\WINDOWS\Resources\Themes\Royale.theme] -> [2004/07/28 01:03:28 | 000,001,293 | ---- | M | MD5 = 48A47B0E32E3B9314C2C774EDB6BBC10] ()
< CurrentVersion Policy Settings [HKEY_USERS\.DEFAULT] > -> HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer ->
HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer
\"NoDriveTypeAutoRun" -> [145] -> File not found
< CurrentVersion Policy Settings [HKEY_USERS\S-1-5-18] > -> HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer ->
HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer
\"NoDriveTypeAutoRun" -> [145] -> File not found
< CurrentVersion Policy Settings [HKEY_USERS\S-1-5-19] > -> HKEY_USERS\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer ->
HKEY_USERS\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer
\"NoDriveTypeAutoRun" -> [145] -> File not found
< CurrentVersion Policy Settings [HKEY_USERS\S-1-5-20] > -> HKEY_USERS\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer ->
HKEY_USERS\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer
\"NoDriveTypeAutoRun" -> [145] -> File not found
< CurrentVersion Policy Settings [HKEY_USERS\S-1-5-21-2239381086-1206112939-3159093799-1008] > -> HKEY_USERS\S-1-5-21-2239381086-1206112939-3159093799-1008\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer ->
HKEY_USERS\S-1-5-21-2239381086-1206112939-3159093799-1008\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer
\"NoDriveTypeAutoRun" -> [145] -> File not found
\"LinkResolveIgnoreLinkInfo" -> [0] -> File not found
< CurrentVersion Policy Settings [HKEY_USERS\S-1-5-21-2239381086-1206112939-3159093799-1008] > -> HKEY_USERS\S-1-5-21-2239381086-1206112939-3159093799-1008\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System ->
HKEY_USERS\S-1-5-21-2239381086-1206112939-3159093799-1008\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System
< Internet Explorer Menu Extensions [HKEY_USERS\.DEFAULT\] > -> HKEY_USERS\.DEFAULT\Software\Microsoft\Internet Explorer\MenuExt\ ->
E&xport to Microsoft Excel -> C:\Program Files\Microsoft Office\Office12\EXCEL.EXE [res://C:\PROGRA~1\MICROS~4\Office12\EXCEL.EXE/3000] -> [2010/04/24 08:25:04 | 018,352,488 | ---- | M | MD5 = 86075C2A59A89A4A9E7427525513AFD6] (Microsoft Corporation)
< Internet Explorer Menu Extensions [HKEY_USERS\S-1-5-18\] > -> HKEY_USERS\S-1-5-18\Software\Microsoft\Internet Explorer\MenuExt\ ->
E&xport to Microsoft Excel -> C:\Program Files\Microsoft Office\Office12\EXCEL.EXE [res://C:\PROGRA~1\MICROS~4\Office12\EXCEL.EXE/3000] -> [2010/04/24 08:25:04 | 018,352,488 | ---- | M | MD5 = 86075C2A59A89A4A9E7427525513AFD6] (Microsoft Corporation)
< Internet Explorer Menu Extensions [HKEY_USERS\S-1-5-21-2239381086-1206112939-3159093799-1008\] > -> HKEY_USERS\S-1-5-21-2239381086-1206112939-3159093799-1008\Software\Microsoft\Internet Explorer\MenuExt\ ->
E&xport to Microsoft Excel -> C:\Program Files\Microsoft Office\Office12\EXCEL.EXE [res://C:\PROGRA~1\MICROS~4\Office12\EXCEL.EXE/3000] -> [2010/04/24 08:25:04 | 018,352,488 | ---- | M | MD5 = 86075C2A59A89A4A9E7427525513AFD6] (Microsoft Corporation)
< Internet Explorer Extensions [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extensions\ ->
{2670000A-7350-4f3c-8081-5663EE0C6C49}:{48E73304-E1D6-4330-914C-F5F514E3486C} [HKLM] -> C:\Program Files\Microsoft Office\Office12\ONBttnIE.dll [Button: Send to OneNote] -> [2009/02/26 19:45:52 | 000,603,040 | ---- | M | MD5 = 79F7DB36E67B9E8365FA824AD96DF400] (Microsoft Corporation)
{2670000A-7350-4f3c-8081-5663EE0C6C49}:{48E73304-E1D6-4330-914C-F5F514E3486C} [HKLM] -> C:\Program Files\Microsoft Office\Office12\ONBttnIE.dll [Menu: S&end to OneNote] -> [2009/02/26 19:45:52 | 000,603,040 | ---- | M | MD5 = 79F7DB36E67B9E8365FA824AD96DF400] (Microsoft Corporation)
{92780B25-18CC-41C8-B9BE-3C9C571A8263}:{FF059E31-CC5A-4E2E-BF3B-96E929D65503} [HKLM] -> C:\Program Files\Microsoft Office\Office12\REFIEBAR.DLL [Button: Research] -> [2009/03/06 04:04:56 | 000,039,464 | ---- | M | MD5 = AEF204E782BFA2C8448CB43A58960744] (Microsoft Corporation)
{E2D4D26B-0180-43a4-B05F-462D6D54C789}:C:\WINDOWS\PCHEALTH\HELPCTR\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\IEButton\support.htm [HKLM] -> C:\WINDOWS\pchealth\helpctr\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\IEButton\support.htm [Button: Internet Connection Help] -> [2008/08/05 16:00:15 | 000,000,706 | ---- | M | MD5 = 7CB21E1F67A80EAC34B2C10F88F1ED7E] ()
{E2D4D26B-0180-43a4-B05F-462D6D54C789}:C:\WINDOWS\PCHEALTH\HELPCTR\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\IEButton\support.htm [HKLM] -> C:\WINDOWS\pchealth\helpctr\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\IEButton\support.htm [Menu: Internet Connection Help] -> [2008/08/05 16:00:15 | 000,000,706 | ---- | M | MD5 = 7CB21E1F67A80EAC34B2C10F88F1ED7E] ()
< Internet Explorer Extensions [HKEY_USERS\.DEFAULT\] > -> HKEY_USERS\.DEFAULT\Software\Microsoft\Internet Explorer\Extensions\ ->
CmdMapping\"{08B0E5C0-4FCB-11CF-AAA5-00401C608501}" [HKLM] -> [Reg Error: Value error.] -> File not found
CmdMapping\"{2670000A-7350-4f3c-8081-5663EE0C6C49}" [HKLM] -> C:\Program Files\Microsoft Office\Office12\ONBttnIE.dll [Send to OneNote] -> [2009/02/26 19:45:52 | 000,603,040 | ---- | M | MD5 = 79F7DB36E67B9E8365FA824AD96DF400] (Microsoft Corporation)
CmdMapping\"{92780B25-18CC-41C8-B9BE-3C9C571A8263}" [HKLM] -> C:\Program Files\Microsoft Office\Office12\REFIEBAR.DLL [Research] -> [2009/03/06 04:04:56 | 000,039,464 | ---- | M | MD5 = AEF204E782BFA2C8448CB43A58960744] (Microsoft Corporation)
CmdMapping\"{E2D4D26B-0180-43a4-B05F-462D6D54C789}" [HKLM] -> [Internet Connection Help] -> File not found
< Internet Explorer Extensions [HKEY_USERS\S-1-5-18\] > -> HKEY_USERS\S-1-5-18\Software\Microsoft\Internet Explorer\Extensions\ ->
CmdMapping\"{08B0E5C0-4FCB-11CF-AAA5-00401C608501}" [HKLM] -> [Reg Error: Value error.] -> File not found
CmdMapping\"{2670000A-7350-4f3c-8081-5663EE0C6C49}" [HKLM] -> C:\Program Files\Microsoft Office\Office12\ONBttnIE.dll [Send to OneNote] -> [2009/02/26 19:45:52 | 000,603,040 | ---- | M | MD5 = 79F7DB36E67B9E8365FA824AD96DF400] (Microsoft Corporation)
CmdMapping\"{92780B25-18CC-41C8-B9BE-3C9C571A8263}" [HKLM] -> C:\Program Files\Microsoft Office\Office12\REFIEBAR.DLL [Research] -> [2009/03/06 04:04:56 | 000,039,464 | ---- | M | MD5 = AEF204E782BFA2C8448CB43A58960744] (Microsoft Corporation)
CmdMapping\"{E2D4D26B-0180-43a4-B05F-462D6D54C789}" [HKLM] -> [Internet Connection Help] -> File not found
< Internet Explorer Extensions [HKEY_USERS\S-1-5-21-2239381086-1206112939-3159093799-1008\] > -> HKEY_USERS\S-1-5-21-2239381086-1206112939-3159093799-1008\Software\Microsoft\Internet Explorer\Extensions\ ->
CmdMapping\"{08B0E5C0-4FCB-11CF-AAA5-00401C608501}" [HKLM] -> [Reg Error: Value error.] -> File not found
CmdMapping\"{2670000A-7350-4f3c-8081-5663EE0C6C49}" [HKLM] -> C:\Program Files\Microsoft Office\Office12\ONBttnIE.dll [Send to OneNote] -> [2009/02/26 19:45:52 | 000,603,040 | ---- | M | MD5 = 79F7DB36E67B9E8365FA824AD96DF400] (Microsoft Corporation)
CmdMapping\"{92780B25-18CC-41C8-B9BE-3C9C571A8263}" [HKLM] -> C:\Program Files\Microsoft Office\Office12\REFIEBAR.DLL [Research] -> [2009/03/06 04:04:56 | 000,039,464 | ---- | M | MD5 = AEF204E782BFA2C8448CB43A58960744] (Microsoft Corporation)
CmdMapping\"{E2D4D26B-0180-43a4-B05F-462D6D54C789}" [HKLM] -> [Internet Connection Help] -> File not found
< Internet Explorer Plugins [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Plugins\ ->
< Default Prefix > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\URL\DefaultPrefix
"" -> [You must be registered and logged in to see this link.]
< Trusted Sites Domains [HKEY_LOCAL_MACHINE\] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ -> [Key] 4 domain(s) found. ->
trymedia.com .[http] -> Trusted sites ->
trymedia.com .[https] -> Trusted sites ->
< Trusted Sites Ranges [HKEY_LOCAL_MACHINE\] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ -> [Key] 0 range(s) found. ->
< Trusted Sites Domains [HKEY_USERS\.DEFAULT\] > -> HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ ->
HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ -> [Key] 0 domain(s) found. ->
< Trusted Sites Ranges [HKEY_USERS\.DEFAULT\] > -> HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ ->
HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ -> [Key] 0 range(s) found. ->
< Trusted Sites Domains [HKEY_USERS\S-1-5-18\] > -> HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ ->
HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ -> [Key] 0 domain(s) found. ->
< Trusted Sites Ranges [HKEY_USERS\S-1-5-18\] > -> HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ ->
HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ -> [Key] 0 range(s) found. ->
< Trusted Sites Domains [HKEY_USERS\S-1-5-19\] > -> HKEY_USERS\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ ->
HKEY_USERS\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ -> [Key] 0 domain(s) found. ->
< Trusted Sites Ranges [HKEY_USERS\S-1-5-19\] > -> HKEY_USERS\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ ->
HKEY_USERS\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ -> [Key] 0 range(s) found. ->
< Trusted Sites Domains [HKEY_USERS\S-1-5-20\] > -> HKEY_USERS\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ ->
HKEY_USERS\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ -> [Key] 0 domain(s) found. ->
< Trusted Sites Ranges [HKEY_USERS\S-1-5-20\] > -> HKEY_USERS\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ ->
HKEY_USERS\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ -> [Key] 0 range(s) found. ->
< Trusted Sites Domains [HKEY_USERS\S-1-5-21-2239381086-1206112939-3159093799-1008\] > -> HKEY_USERS\S-1-5-21-2239381086-1206112939-3159093799-1008\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ ->
HKEY_USERS\S-1-5-21-2239381086-1206112939-3159093799-1008\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ -> [Key] 4822 domain(s) found. ->
< Trusted Sites Ranges [HKEY_USERS\S-1-5-21-2239381086-1206112939-3159093799-1008\] > -> HKEY_USERS\S-1-5-21-2239381086-1206112939-3159093799-1008\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ ->
HKEY_USERS\S-1-5-21-2239381086-1206112939-3159093799-1008\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ -> [Key] 0 range(s) found. ->
< Downloaded Program Files > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\ ->
{6E32070A-766D-4EE6-879C-DC1FA91D2FC3} [HKLM] -> [You must be registered and logged in to see this link.] [MUWebControl Class] ->
{8FFBE65D-2C9C-4669-84BD-5829DC0B603C} [HKLM] -> [You must be registered and logged in to see this link.] [Reg Error: Value error.] ->
< Name Servers [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\ ->
DhcpNameServer -> 172.16.0.1 ->
< Name Servers [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Adapters\ ->
{17D5309F-1A7F-46BD-BD33-546410D32A2D}\\DhcpNameServer -> 172.16.0.1 (NVIDIA nForce Networking Controller) ->
{892900FC-9814-4488-99C0-81491C1EE93D}\\DhcpNameServer -> 16.92.3.242 16.92.3.243 16.81.3.243 16.118.3.243 (HP EN1207D-TX PCI 10/100 Fast Ethernet Adapter) ->
< Winlogon settings [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon ->
*Shell* -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\\Shell ->
Explorer.exe -> C:\WINDOWS\explorer.exe -> [2008/04/13 17:12:19 | 001,033,728 | ---- | M | MD5 = 12896823FB95BFB3DC9B46BCAEDC9923] (Microsoft Corporation)
*MultiFile Done* -> ->
< ShellExecuteHooks [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks ->
"{B5A7F190-DDA6-4420-B3BA-52453494E6CD}" [HKLM] -> C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll [Groove GFS Stub Execution Hook] -> [2009/02/12 15:19:32 | 002,217,848 | ---- | M | MD5 = A6B5A41C0ED007AB6C43CAD899E533D8] (Microsoft Corporation)
< Domain Profile Authorized Applications List > -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List ->
"C:\Program Files\Pando Networks\Media Booster\PMB.exe" -> C:\Program Files\Pando Networks\Media Booster\PMB.exe [C:\Program Files\Pando Networks\Media Booster\PMB.exe:*:Enabled:Pando Media Booster] -> [2010/05/21 16:31:05 | 002,938,552 | ---- | M | MD5 = 9781B8F5F92663AC4FA0C1E750EFD105] ()
"C:\Program Files\Updates from HP\9972322\Program\Updates from HP.exe" -> C:\Program Files\Updates from HP\9972322\Program\Updates from HP.exe [C:\Program Files\Updates from HP\9972322\Program\Updates from HP.exe:*:Enabled:Updates from HP] -> [2006/06/17 22:02:58 | 000,036,903 | ---- | M | MD5 = 84A6C6456F86ED03B79DB55BCBCDB2BD] (Hewlett-Packard)
< Standard Profile Authorized Applications List > -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List ->
"C:\Documents and Settings\All Users\Application Data\NexonUS\NGM\NGM.exe" -> C:\Documents and Settings\All Users\Application Data\NexonUS\NGM\NGM.exe [C:\Documents and Settings\All Users\Application Data\NexonUS\NGM\NGM.exe:*:Enabled:Nexon Game Manager] -> [2010/06/13 13:23:13 | 000,172,032 | ---- | M | MD5 = 7C795C05B5DC8079071AB1EB89DF28D8] (Nexon)
"C:\Documents and Settings\HP_Administrator\My Documents\Downloads\Serial.Loaris.Trojan.Remover.1.1.8.1.exe" -> C:\Documents and Settings\HP_Administrator\My Documents\Downloads\Serial.Loaris.Trojan.Remover.1.1.8.1.exe [C:\Documents and Settings\HP_Administrator\My Documents\Downloads\Serial.Loaris.Trojan.Remover.1.1.8.1.exe:*:Enabled:hl3uJCg 7kGvRtQ0f 8Hxju80GSN] -> File not found
"C:\Nexon\DFO\DFO.exe" -> C:\Nexon\DFO\DFO.exe [C:\Nexon\DFO\DFO.exe:*:Enabled:Dungeon Fighter Online] -> File not found
"C:\Program Files\Darkeden\darkeden.exe" -> C:\Program Files\Darkeden\darkeden.exe [C:\Program Files\Darkeden\darkeden.exe:*:Enabled:DarkEden] -> [2009/05/17 19:04:49 | 004,833,381 | ---- | M | MD5 = ED7ECDFA1B9C01F07EA29D3B1C8E1F79] (Softon)
"C:\Program Files\DISC\DISCover.exe" -> C:\Program Files\DISC\DISCover.exe [C:\Program Files\DISC\DISCover.exe:*:Enabled:DISCover Drop & Play System] -> [2006/03/16 02:12:40 | 001,077,248 | ---- | M | MD5 = 5F4F51DCDDEED4CD994937572B9D9253] (Digital Interactive Systems Corporation)
"C:\Program Files\DISC\DiscStreamHub.exe" -> C:\Program Files\DISC\DiscStreamHub.exe [C:\Program Files\DISC\DiscStreamHub.exe:*:Enabled:DISCover Stream Hub] -> [2006/03/16 02:11:54 | 000,057,344 | ---- | M | MD5 = 35FD73BA6356094ABCB61F0A2C555595] (Digital Interactive Systems Corporation, Inc.)
"C:\Program Files\DISC\myFTP.exe" -> C:\Program Files\DISC\myFTP.exe [C:\Program Files\DISC\myFTP.exe:*:Enabled:DISCover FTP] -> [2006/03/16 02:11:50 | 000,094,208 | ---- | M | MD5 = 227B4BF7B10BFF468CD710786416E3AC] (Digital Interactive Systems Corporation, Inc.)
"C:\Program Files\FrostWire\FrostWire.exe" -> C:\Program Files\FrostWire\FrostWire.exe [C:\Program Files\FrostWire\FrostWire.exe:*:Enabled:FrostWire] -> [2008/09/03 15:39:00 | 000,114,688 | ---- | M | MD5 = 4939D0506630168E691C7D389435A773] (FrostWire Group)
"C:\Program Files\HP\Digital Imaging\bin\hpfccopy.exe" -> C:\Program Files\HP\Digital Imaging\bin\hpfccopy.exe [C:\Program Files\HP\Digital Imaging\bin\hpfccopy.exe:*:Enabled:hpfccopy.exe] -> [2005/09/21 04:25:22 | 000,151,635 | ---- | M | MD5 = 0CE9412D1E52DBA51CA19CD9F042A1C4] (Hewlett-Packard)
"C:\Program Files\HP\Digital Imaging\bin\hpoews01.exe" -> C:\Program Files\HP\Digital Imaging\bin\hpoews01.exe [C:\Program Files\HP\Digital Imaging\bin\hpoews01.exe:*:Enabled:hpoews01.exe] -> [2006/01/24 02:03:00 | 000,057,344 | ---- | M | MD5 = 9F52382401170537C00A7AD014C82FF4] (Hewlett-Packard Co.)
"C:\Program Files\HP\Digital Imaging\bin\hpofxm08.exe" -> C:\Program Files\HP\Digital Imaging\bin\hpofxm08.exe [C:\Program Files\HP\Digital Imaging\bin\hpofxm08.exe:*:Enabled:hpofxm08.exe] -> [2006/01/24 01:40:30 | 000,225,280 | ---- | M | MD5 = 632420CEEFA48B445185D6B6330AA8A6] (Hewlett-Packard Co.)
"C:\Program Files\HP\Digital Imaging\bin\hposfx08.exe" -> C:\Program Files\HP\Digital Imaging\bin\hposfx08.exe [C:\Program Files\HP\Digital Imaging\bin\hposfx08.exe:*:Enabled:hposfx08.exe] -> [2006/01/24 01:40:04 | 000,040,960 | ---- | M | MD5 = 216470386C9BAAEFBFF58EA72848C602] (Hewlett-Packard Co.)
"C:\Program Files\HP\Digital Imaging\bin\hposid01.exe" -> C:\Program Files\HP\Digital Imaging\bin\hposid01.exe [C:\Program Files\HP\Digital Imaging\bin\hposid01.exe:*:Enabled:hposid01.exe] -> [2006/01/24 01:35:14 | 000,081,920 | ---- | M | MD5 = 41D4BAF0D93D70E90DBA3FF59AF42F02] (Hewlett-Packard Co.)
"C:\Program Files\HP\Digital Imaging\bin\hpqCopy.exe" -> C:\Program Files\HP\Digital Imaging\bin\hpqCopy.exe [C:\Program Files\HP\Digital Imaging\bin\hpqCopy.exe:*:Enabled:hpqcopy.exe] -> [2006/01/24 02:09:36 | 000,172,032 | ---- | M | MD5 = 43F77B33F7C076ABD39C4AEEE1818669] (Hewlett-Packard Co.)
"C:\Program Files\HP\Digital Imaging\bin\hpzwiz01.exe" -> C:\Program Files\HP\Digital Imaging\bin\hpzwiz01.exe [C:\Program Files\HP\Digital Imaging\bin\hpzwiz01.exe:*:Enabled:hpzwiz01.exe] -> [2006/01/24 01:38:52 | 000,438,272 | ---- | M | MD5 = 3D39C5FC503B3E3C5C3C89E1C51EBA5C] (Hewlett-Packard Co.)
"C:\Program Files\HP\Digital Imaging\Unload\HpqDIA.exe" -> C:\Program Files\HP\Digital Imaging\Unload\HpqDIA.exe [C:\Program Files\HP\Digital Imaging\Unload\HpqDIA.exe:*:Enabled:hpqdia.exe] -> [2006/02/09 23:41:28 | 000,573,440 | ---- | M | MD5 = 5D6F0A491239FBA43B21F845F9C19E41] ( )
"C:\Program Files\HP\Digital Imaging\Unload\HpqPhUnl.exe" -> C:\Program Files\HP\Digital Imaging\Unload\HpqPhUnl.exe [C:\Program Files\HP\Digital Imaging\Unload\HpqPhUnl.exe:*:Enabled:hpqphunl.exe] -> [2006/02/09 23:43:36 | 000,110,592 | R--- | M | MD5 = EE4B17A5E3F939F128266846FED3975F] (Hewlett-Packard)
"C:\Program Files\iTunes\iTunes.exe" -> C:\Program Files\iTunes\iTunes.exe [C:\Program Files\iTunes\iTunes.exe:*:Enabled:iTunes] -> [2010/07/16 07:41:54 | 010,358,568 | ---- | M | MD5 = C1D9C273B3439FD2563362D782B272DA] (Apple Inc.)
"C:\Program Files\Java\jre6\bin\java.exe" -> C:\Program Files\Java\jre6\bin\java.exe [C:\Program Files\Java\jre6\bin\java.exe:*:Enabled:Java(TM) Platform SE binary] -> [2010/04/24 02:57:41 | 000,145,184 | ---- | M | MD5 = 43F7CA0473BB0FC9DD44ECF328B8D1FA] (Sun Microsystems, Inc.)
"C:\Program Files\Microsoft Office\Office12\GROOVE.EXE" -> C:\Program Files\Microsoft Office\Office12\GROOVE.EXE [C:\Program Files\Microsoft Office\Office12\GROOVE.EXE:*:Enabled:Microsoft Office Groove] -> [2009/02/14 06:03:18 | 000,337,264 | ---- | M | MD5 = 47B90FCFE1B89BCEE4458BAD3C1C5C63] (Microsoft Corporation)
"C:\Program Files\Microsoft Office\Office12\ONENOTE.EXE" -> C:\Program Files\Microsoft Office\Office12\ONENOTE.EXE [C:\Program Files\Microsoft Office\Office12\ONENOTE.EXE:*:Enabled:Microsoft Office OneNote] -> [2009/02/26 15:24:50 | 001,001,840 | ---- | M | MD5 = 96F0A88B100A4E2914F1272E35714128] (Microsoft Corporation)
"C:\Program Files\Microsoft Office\Office12\OUTLOOK.EXE" -> C:\Program Files\Microsoft Office\Office12\OUTLOOK.EXE [C:\Program Files\Microsoft Office\Office12\OUTLOOK.EXE:*:Enabled:Microsoft Office Outlook] -> [2009/08/17 22:54:54 | 012,957,536 | ---- | M | MD5 = A4C6626DD0833249DFC8224014965E07] (Microsoft Corporation)
"C:\Program Files\ooVoo\ooVoo.exe" -> C:\Program Files\ooVoo\ooVoo.exe [C:\Program Files\ooVoo\ooVoo.exe:*:Enabled:ooVoo] -> [2010/05/25 11:05:18 | 019,360,560 | ---- | M | MD5 = D5FFBDCB888E1CC4577974C3E59735FF] (ooVoo LLC)
"C:\Program Files\Opera\opera.exe" -> C:\Program Files\Opera\opera.exe [C:\Program Files\Opera\opera.exe:*:Enabled:Opera Internet Browser] -> [2009/11/20 20:01:18 | 000,832,296 | ---- | M | MD5 = A5F6A9A70592C33F451ACB0708266174] (Opera Software)
"C:\Program Files\Pando Networks\Media Booster\PMB.exe" -> C:\Program Files\Pando Networks\Media Booster\PMB.exe [C:\Program Files\Pando Networks\Media Booster\PMB.exe:*:Enabled:Pando Media Booster] -> [2010/05/21 16:31:05 | 002,938,552 | ---- | M | MD5 = 9781B8F5F92663AC4FA0C1E750EFD105] ()
"C:\Program Files\Steam\steamapps\crucifix676\team fortress 2\hl2.exe" -> C:\Program Files\Steam\steamapps\crucifix676\team fortress 2\hl2.exe [C:\Program Files\Steam\steamapps\crucifix676\team fortress 2\hl2.exe:*:Enabled:hl2] -> [2010/07/11 17:32:04 | 000,103,760 | ---- | M | MD5 = 9A74442EB6A59D7713FF2CF49B2736C5] ()
"C:\Program Files\Updates from HP\9972322\Program\Updates from HP.exe" -> C:\Program Files\Updates from HP\9972322\Program\Updates from HP.exe [C:\Program Files\Updates from HP\9972322\Program\Updates from HP.exe:*:Enabled:Updates from HP] -> [2006/06/17 22:02:58 | 000,036,903 | ---- | M | MD5 = 84A6C6456F86ED03B79DB55BCBCDB2BD] (Hewlett-Packard)
"C:\Program Files\Ventrilo\Ventrilo.exe" -> C:\Program Files\Ventrilo\Ventrilo.exe [C:\Program Files\Ventrilo\Ventrilo.exe:*:Enabled:Ventrilo.exe] -> [2009/04/22 22:11:32 | 001,675,776 | ---- | M | MD5 = 9DA1F1163C7B5DA29EEC2FF3A731EEA9] (Flagship Industries, Inc.)
"C:\Program Files\Vuze\Azureus.exe" -> C:\Program Files\Vuze\Azureus.exe [C:\Program Files\Vuze\Azureus.exe:*:Enabled:Azureus / Vuze] -> [2010/01/13 11:42:06 | 000,232,896 | ---- | M | MD5 = BAF503FEDF00C58C123B100CDA7A7D4F] (Vuze Inc.)
"C:\Program Files\Xfire\Xfire.exe" -> C:\Program Files\Xfire\Xfire.exe [C:\Program Files\Xfire\Xfire.exe:*:Enabled:Xfire] -> [2009/11/05 19:14:36 | 003,152,272 | ---- | M | MD5 = C50C04CEDE8102679D8B0265C9DE3EDE] (Xfire Inc.)
"C:\Riot Games\League of Legends\air\LolClient.exe" -> C:\Riot Games\League of Legends\air\LolClient.exe [C:\Riot Games\League of Legends\air\LolClient.exe:*:Enabled:League of Legends Lobby] -> [2010/05/22 14:50:54 | 000,081,408 | ---- | M | MD5 = 34F3AF061D6D7470FC17699B90884FA6] ()
"C:\Riot Games\League of Legends\game\League of Legends.exe" -> C:\Riot Games\League of Legends\game\League of Legends.exe [C:\Riot Games\League of Legends\game\League of Legends.exe:*:Enabled:League of Legends Game Client] -> [2010/07/27 17:11:08 | 007,397,376 | ---- | M | MD5 = 6673DEBE1199E7E646B37511B3EB3328] ()
< SafeBoot AlternateShell [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot ->
< CDROM Autorun Setting [HKEY_LOCAL_MACHINE]> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom ->
"AutoRun" -> 1 ->

crucifix676
Novice
Novice

Posts Posts : 49
Joined Joined : 2010-06-22
OS OS : Windows XP
Points Points : 24363
# Likes # Likes : 0

View user profile

Back to top Go down

Re: Google Redirecting Malware

Post by crucifix676 on 28th July 2010, 11:24 am

"DisplayName" -> CD-ROM Driver ->
"ImagePath" -> [system32\DRIVERS\cdrom.sys] -> File not found
< Drives with AutoRun files > -> ->
C:\AUTOEXEC.BAT [PATH=%PATH%;C:\PROGRA~1\COMMON~1\MUVEET~1\030625 | PATH=%PATH%;C:\PROGRA~1\COMMON~1\MUVEET~1\030625 | ] -> C:\AUTOEXEC.BAT [ NTFS ] -> [2006/06/17 21:59:03 | 000,000,100 | ---- | M | MD5 = E7EB038D6FFE32C75E0509E5212358E1] ()
D:\AUTOEXEC.BAT [] -> D:\AUTOEXEC.BAT [ FAT32 ] -> [2001/07/27 15:07:38 | 000,000,000 | -HS- | M | MD5 = D41D8CD98F00B204E9800998ECF8427E] ()
D:\Autorun.inf [[AUTORUN] | ShellExecute=Info.exe protect.ed 480 480 | ] -> D:\Autorun.inf [ FAT32 ] -> [2004/04/30 07:01:14 | 000,000,053 | -HS- | M | MD5 = 8ABA234578AFF1B6CCB8C245503E03F1] ()
< MountPoints2 [HKEY_CURRENT_USER] > -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2 ->
\{74730cf3-2ece-11de-98c0-001731cd350c}
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{74730cf3-2ece-11de-98c0-001731cd350c}\Shell
\{74730cf3-2ece-11de-98c0-001731cd350c}\Shell\"" -> [AutoRun] -> File not found
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{74730cf3-2ece-11de-98c0-001731cd350c}\Shell\AutoRun
\{74730cf3-2ece-11de-98c0-001731cd350c}\Shell\AutoRun\"" -> [Auto&Play] -> File not found
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{74730cf3-2ece-11de-98c0-001731cd350c}\Shell\AutoRun\command
\{74730cf3-2ece-11de-98c0-001731cd350c}\Shell\AutoRun\command\"" -> K:\LaunchU3.exe [K:\LaunchU3.exe -a] -> File not found
\{b3a315f3-4a7a-11de-98e7-001731cd350c}
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{b3a315f3-4a7a-11de-98e7-001731cd350c}\Shell\AutoRun\command
\{b3a315f3-4a7a-11de-98e7-001731cd350c}\Shell\AutoRun\command\"" -> [∑ň] -> File not found
\{b3a315f3-4a7a-11de-98e7-001731cd350c}
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{b3a315f3-4a7a-11de-98e7-001731cd350c}\Shell\explore\Command
\{b3a315f3-4a7a-11de-98e7-001731cd350c}\Shell\explore\Command\"" -> [RECYCLER\INFO.exe] -> File not found
\{b3a315f3-4a7a-11de-98e7-001731cd350c}
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{b3a315f3-4a7a-11de-98e7-001731cd350c}\Shell\open\Command
\{b3a315f3-4a7a-11de-98e7-001731cd350c}\Shell\open\Command\"" -> [RECYCLER\INFO.exe] -> File not found
< Registry Shell Spawning - Select to Repair > -> HKEY_LOCAL_MACHINE\SOFTWARE\Classes\\shell\[command]\command ->
comfile [open] -> "%1" %* ->
exefile [open] -> "%1" %* ->
< File Associations - Select to Repair > -> HKEY_LOCAL_MACHINE\SOFTWARE\Classes\\ ->
.com [@ = comfile] -> "%1" %* ->
.exe [@ = exefile] -> "%1" %* ->
< File Associations - Select to Repair > -> HKEY_USERS\S-1-5-21-2239381086-1206112939-3159093799-1008\SOFTWARE\Classes\\ ->
.exe [@ = exefile] -> Reg Error: Key error. -> File not found

[Registry - Additional Scans - Safe List]
< Disabled MSConfig Services [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\services ->
"avg9wd" -> ->
"LiveUpdate" -> ->
"XobniService" -> ->
< Disabled MSConfig Registry Items [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\ ->
AVG9_TRAY hkey=HKLM key=SOFTWARE\Microsoft\Windows\CurrentVersion\Run -> C:\PROGRA~1\AVG\AVG9\avgtray.exe -> File not found
< Disabled MSConfig State [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\state ->
"bootini" -> 0 ->
"services" -> 2 ->
"startup" -> 2 ->
"system.ini" -> 0 ->
"win.ini" -> 0 ->
< Drivers32 [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Drivers32 ->
"msacm.iac2" -> C:\WINDOWS\system32\iac25_32.ax [C:\WINDOWS\system32\iac25_32.ax] -> [2008/04/13 17:12:42 | 000,199,680 | ---- | M | MD5 = 877C90686858D899B042BBA45E9B7F2C] (Intel Corporation)
"msacm.l3acm" -> C:\WINDOWS\system32\l3codeca.acm [C:\WINDOWS\system32\l3codeca.acm] -> [2010/01/29 07:43:39 | 000,307,260 | ---- | M | MD5 = F3946B534CC197CBFFD9A2ECFD1F556F] (Fraunhofer Institut Integrierte Schaltungen IIS)
"msacm.sl_anet" -> C:\WINDOWS\System32\sl_anet.acm [sl_anet.acm] -> [2008/04/13 17:10:50 | 000,086,016 | ---- | M | MD5 = 0DBB250A89E2E1C9281009AC269F0805] (Sipro Lab Telecom Inc.)
"msacm.trspch" -> C:\WINDOWS\System32\tssoft32.acm [tssoft32.acm] -> [2004/08/09 21:00:00 | 000,008,192 | ---- | M | MD5 = E8CD0D7E169ECCE2D4FD829DAAB786ED] (DSP GROUP, INC.)
"MSVideo8" -> C:\WINDOWS\System32\vfwwdm32.dll [VfWWDM32.dll] -> [2008/04/13 17:12:08 | 000,053,760 | ---- | M | MD5 = E2A57AC21705D3A05BB89BE201FA5C0C] (Microsoft Corporation)
"vidc.cvid" -> C:\WINDOWS\System32\iccvid.dll [iccvid.dll] -> [2008/04/13 17:11:54 | 000,080,384 | ---- | M | MD5 = 7E86D471EF8DED7B9D15106002120271] (Radius Inc.)
"vidc.iv31" -> C:\WINDOWS\System32\ir32_32.dll [ir32_32.dll] -> [2004/08/09 21:00:00 | 000,199,168 | ---- | M | MD5 = 43ECA1576906BA76FB3E329A338A3CAE] ()
"vidc.iv32" -> C:\WINDOWS\System32\ir32_32.dll [ir32_32.dll] -> [2004/08/09 21:00:00 | 000,199,168 | ---- | M | MD5 = 43ECA1576906BA76FB3E329A338A3CAE] ()
"vidc.iv41" -> C:\WINDOWS\System32\ir41_32.ax [ir41_32.ax] -> [2008/04/13 17:12:42 | 000,848,384 | ---- | M | MD5 = 948E1498C6438625247F94534AAA82FE] (Intel Corporation)
"vidc.iv50" -> C:\WINDOWS\System32\ir50_32.dll [ir50_32.dll] -> [2008/04/13 17:11:55 | 000,755,200 | ---- | M | MD5 = 5F10DC19D92CCF6B719B494572F4F74B] (Intel Corporation)
"vidc.LEAD" -> C:\WINDOWS\System32\LCodcCMP.dll [LCODCCMP.DLL] -> [2002/04/24 18:42:18 | 000,364,544 | ---- | M | MD5 = 021C3E651ACDB0C71498259C208FCCAC] (LEAD Technologies, Inc.)
"VIDC.XFR1" -> C:\WINDOWS\System32\xfcodec.dll [xfcodec.dll] -> [2009/11/05 19:14:42 | 000,041,872 | ---- | M | MD5 = DB614EBCA3231C2773181075BA96F8A5] ()
< Ext (PreApproved) - [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\ ->
{02BCC737-B171-4746-94C9-0D8A0B2C0089} [HKLM] -> C:\Program Files\Microsoft Office\Office12\IEAWSDC.DLL [Microsoft Office Template and Media Control] -> [2008/10/25 06:18:50 | 000,172,880 | ---- | M | MD5 = E6BC6BA065287D7B6C22D9231E80AF3B] ()
{02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} [HKLM] -> C:\Program Files\QuickTime\QTPlugin.ocx [QuickTime Object] -> [2010/03/17 23:28:24 | 000,800,048 | ---- | M | MD5 = AD99EC8908185A02307CF071EF7BD9CF] (Apple Inc.)
{075A24FD-4418-4841-9C3A-55CD5FFDE375} [HKLM] -> C:\Documents and Settings\All Users\Application Data\NexonUS\NGM\nxgameus.dll [CNxGameControl Object] -> [2010/06/13 13:23:13 | 000,126,976 | ---- | M | MD5 = 6138AFA7A62BFCBE84ED024861E5DADD] (Nexon)
{07B06095-5687-4D13-9E32-12B4259C9813} [HKLM] -> C:\Program Files\Microsoft Office\Office12\STSUPLD.DLL [STSUpld UploadCtl Class] -> [2006/10/26 19:59:30 | 000,227,128 | ---- | M | MD5 = 40A2F9DBE7434EB9B866D4B67FCA6C5B] (Microsoft Corporation)
{0D012ABD-CEED-11D2-9C76-00105AA73033} [HKLM] -> C:\Program Files\Microsoft Office\Office12\GrooveDocumentShareTool.dll [Groove DocumentShareView] -> [2009/02/14 06:03:38 | 003,070,832 | ---- | M | MD5 = ECA43292F8C283A96756A95DAA2BF93B] (Microsoft Corporation)
{31261F21-2B16-45EE-BEAB-07C4CFA18B65} [HKLM] -> Reg Error: Key error. [Reg Error: Key error.] -> File not found
{3FD37ABB-F90A-4DE5-AA38-179629E64C2F} [HKLM] -> C:\Program Files\Microsoft Office\Office12\OWSSUPP.DLL [SharePoint Spreadsheet Launcher] -> [2009/03/06 04:23:08 | 000,140,168 | ---- | M | MD5 = 29598106730A792694FA91E1184E5501] (Microsoft Corporation)
{4063BE15-3B08-470D-A0D5-B37161CFFD69} [HKLM] -> C:\Program Files\QuickTime\QTPlugin.ocx [QuickTime Object] -> [2010/03/17 23:28:24 | 000,800,048 | ---- | M | MD5 = AD99EC8908185A02307CF071EF7BD9CF] (Apple Inc.)
{444785F1-DE89-4295-863A-D46C3A781394} [HKLM] -> C:\Program Files\Unity\WebPlayer\loader\UnityWebPluginAX.ocx [UnityWebPlayer Control] -> [2009/01/12 11:22:56 | 000,508,656 | ---- | M | MD5 = B30F43E9E5ABF7B4B74AAD4D7A444E7C] (Unity Technologies ApS)
{56A58823-AE99-11D5-B90B-0050DACD1F75} [HKLM] -> C:\Program Files\Microsoft Office\Office12\GrooveCommonComponents.dll [Groove Data List Display] -> [2009/02/14 06:03:28 | 002,687,336 | ---- | M | MD5 = 9E1E3647CDE6AF66D3CD634624A99365] (Microsoft Corporation)
{5852F5ED-8BF4-11D4-A245-0080C6F74284} [HKLM] -> C:\Program Files\Java\jre6\bin\wsdetect.dll [isInstalled Class] -> [2010/04/24 02:57:45 | 000,108,320 | ---- | M | MD5 = 1C9FADA9BB66DFFC55E3628AD505931F] (Sun Microsystems, Inc.)
{5F5F9FB8-878E-4455-95E0-F64B2314288A} [HKLM] -> C:\WINDOWS\system32\ijjiPlugin2.dll [ijjiPlugin2 Class] -> [2008/06/12 00:01:48 | 000,058,800 | ---- | M | MD5 = C9E022659AB6AA3573753BFE2DF7652B] (NHN USA Corp.)
{62B4D041-4667-40B6-BB50-4BC0A5043A73} [HKLM] -> C:\Program Files\Microsoft Office\Office12\OWSSUPP.DLL [SharePoint Export Database Launcher] -> [2009/03/06 04:23:08 | 000,140,168 | ---- | M | MD5 = 29598106730A792694FA91E1184E5501] (Microsoft Corporation)
{65BCBEE4-7728-41A0-97BE-14E1CAE36AAE} [HKLM] -> C:\Program Files\Microsoft Office\Office12\STSLIST.DLL [Microsoft Office List 12.0] -> [2009/03/06 03:01:06 | 002,335,648 | ---- | M | MD5 = 573689497BF82AD0FEAF4581AB6E4042] (Microsoft Corporation)
{68979310-D979-4CCA-AB57-83BEFB03E0D3} [HKLM] -> Reg Error: Key error. [Reg Error: Key error.] -> File not found
{761497BB-D6F0-462C-B6EB-D4DAF1D92D43} [HKLM] -> Reg Error: Key error. [Reg Error: Key error.] -> File not found
{8075631E-5146-11D5-A672-00B0D022E945} [HKLM] -> C:\Program Files\Microsoft Office\Office12\INLAUNCH.DLL [SharepointOpenXMLDocuments] -> [2009/03/06 04:26:06 | 000,065,400 | ---- | M | MD5 = E34C3EAC482B0FE3913E23FC2E85424C] (Microsoft Corporation)
{8AD9C840-044E-11D1-B3E9-00805F499D93} [HKLM] -> C:\Program Files\Java\jre6\bin\npjpi160_20.dll [Java Plug-in 1.6.0_20] -> [2010/04/24 02:57:44 | 000,136,992 | ---- | M | MD5 = E06930C34F16C8AD24AD79502F40026A] (Sun Microsystems, Inc.)
{9203C2CB-1DC1-482D-967E-597AFF270F0D} [HKLM] -> C:\Program Files\Microsoft Office\Office12\OWSSUPP.DLL [SharePoint OpenDocuments Class] -> [2009/03/06 04:23:08 | 000,140,168 | ---- | M | MD5 = 29598106730A792694FA91E1184E5501] (Microsoft Corporation)
{9E21141C-E51F-4fc1-949E-757AF5EFF420} [HKLM] -> C:\Documents and Settings\All Users\Application Data\NexonUS\NGM\nxgameus.dll [CNxMachineControl Object] -> [2010/06/13 13:23:13 | 000,126,976 | ---- | M | MD5 = 6138AFA7A62BFCBE84ED024861E5DADD] (Nexon)
{9F9C4924-C3F3-4459-A396-9E9E0D8B83D1} [HKLM] -> Reg Error: Key error. [SharePoint OpenDocuments Class] -> File not found
{BDEADE3E-C265-11D0-BCED-00A0C90AB50F} [HKLM] -> C:\Program Files\Microsoft Office\Office12\OWSCLT.DLL [OWSClientEventSubscription Class] -> [2008/11/21 02:34:20 | 000,798,584 | ---- | M | MD5 = 7A61912304B78F99CB1E6E311FEFF253] (Microsoft Corporation)
{BDEADE3F-C265-11D0-BCED-00A0C90AB50F} [HKLM] -> C:\Program Files\Microsoft Office\Office12\OWSCLT.DLL [OWSClientMiscApis Class] -> [2008/11/21 02:34:20 | 000,798,584 | ---- | M | MD5 = 7A61912304B78F99CB1E6E311FEFF253] (Microsoft Corporation)
{BDEADE40-C265-11D0-BCED-00A0C90AB50F} [HKLM] -> C:\Program Files\Microsoft Office\Office12\OWSCLT.DLL [OWSClientCommentThread Class] -> [2008/11/21 02:34:20 | 000,798,584 | ---- | M | MD5 = 7A61912304B78F99CB1E6E311FEFF253] (Microsoft Corporation)
{BDEADE42-C265-11D0-BCED-00A0C90AB50F} [HKLM] -> C:\Program Files\Microsoft Office\Office12\OWSCLT.DLL [OWSClientComment Class] -> [2008/11/21 02:34:20 | 000,798,584 | ---- | M | MD5 = 7A61912304B78F99CB1E6E311FEFF253] (Microsoft Corporation)
{BDEADE43-C265-11D0-BCED-00A0C90AB50F} [HKLM] -> C:\Program Files\Microsoft Office\Office12\OWSCLT.DLL [OWSBrowserUI Class] -> [2008/11/21 02:34:20 | 000,798,584 | ---- | M | MD5 = 7A61912304B78F99CB1E6E311FEFF253] (Microsoft Corporation)
{BDEADE98-C265-11D0-BCED-00A0C90AB50F} [HKLM] -> C:\Program Files\Microsoft Office\Office12\OWSCLT.DLL [OWS Post Data] -> [2008/11/21 02:34:20 | 000,798,584 | ---- | M | MD5 = 7A61912304B78F99CB1E6E311FEFF253] (Microsoft Corporation)
{BDEADE9E-C265-11D0-BCED-00A0C90AB50F} [HKLM] -> C:\Program Files\Microsoft Office\Office12\OWSCLT.DLL [SharePoint Spreadsheet Launcher] -> [2008/11/21 02:34:20 | 000,798,584 | ---- | M | MD5 = 7A61912304B78F99CB1E6E311FEFF253] (Microsoft Corporation)
{BDEADEB3-C265-11D0-BCED-00A0C90AB50F} [HKLM] -> C:\Program Files\Microsoft Office\Office12\OWSCLT.DLL [Web Discussions] -> [2008/11/21 02:34:20 | 000,798,584 | ---- | M | MD5 = 7A61912304B78F99CB1E6E311FEFF253] (Microsoft Corporation)
{BDEADEB4-C265-11D0-BCED-00A0C90AB50F} [HKLM] -> C:\Program Files\Microsoft Office\Office12\OWSCLT.DLL [Web Discussions] -> [2008/11/21 02:34:20 | 000,798,584 | ---- | M | MD5 = 7A61912304B78F99CB1E6E311FEFF253] (Microsoft Corporation)
{BDEADEB5-C265-11D0-BCED-00A0C90AB50F} [HKLM] -> C:\Program Files\Microsoft Office\Office12\OWSCLT.DLL [Web Discussions] -> [2008/11/21 02:34:20 | 000,798,584 | ---- | M | MD5 = 7A61912304B78F99CB1E6E311FEFF253] (Microsoft Corporation)
{BDEADEB7-C265-11D0-BCED-00A0C90AB50F} [HKLM] -> C:\Program Files\Microsoft Office\Office12\OWSCLT.DLL [OWSDiscussionServers Class] -> [2008/11/21 02:34:20 | 000,798,584 | ---- | M | MD5 = 7A61912304B78F99CB1E6E311FEFF253] (Microsoft Corporation)
{BDEADEB8-C265-11D0-BCED-00A0C90AB50F} [HKLM] -> C:\Program Files\Microsoft Office\Office12\OWSCLT.DLL [OWSClientCollaboration Class] -> [2008/11/21 02:34:20 | 000,798,584 | ---- | M | MD5 = 7A61912304B78F99CB1E6E311FEFF253] (Microsoft Corporation)
{BDEADEDA-C265-11D0-BCED-00A0C90AB50F} [HKLM] -> C:\Program Files\Microsoft Office\Office12\OWSCLT.DLL [OSE.Discussion] -> [2008/11/21 02:34:20 | 000,798,584 | ---- | M | MD5 = 7A61912304B78F99CB1E6E311FEFF253] (Microsoft Corporation)
{BDEADEDB-C265-11D0-BCED-00A0C90AB50F} [HKLM] -> C:\Program Files\Microsoft Office\Office12\OWSCLT.DLL [OSE.Discussions] -> [2008/11/21 02:34:20 | 000,798,584 | ---- | M | MD5 = 7A61912304B78F99CB1E6E311FEFF253] (Microsoft Corporation)
{BDEADEDC-C265-11D0-BCED-00A0C90AB50F} [HKLM] -> C:\Program Files\Microsoft Office\Office12\OWSCLT.DLL [OSE.DiscussionServer] -> [2008/11/21 02:34:20 | 000,798,584 | ---- | M | MD5 = 7A61912304B78F99CB1E6E311FEFF253] (Microsoft Corporation)
{BDEADEDD-C265-11D0-BCED-00A0C90AB50F} [HKLM] -> C:\Program Files\Microsoft Office\Office12\OWSCLT.DLL [OSE.DiscussionServers] -> [2008/11/21 02:34:20 | 000,798,584 | ---- | M | MD5 = 7A61912304B78F99CB1E6E311FEFF253] (Microsoft Corporation)
{BDEADEDE-C265-11D0-BCED-00A0C90AB50F} [HKLM] -> C:\Program Files\Microsoft Office\Office12\OWSCLT.DLL [OSE Global Class] -> [2008/11/21 02:34:20 | 000,798,584 | ---- | M | MD5 = 7A61912304B78F99CB1E6E311FEFF253] (Microsoft Corporation)
{BDEADEE0-C265-11D0-BCED-00A0C90AB50F} [HKLM] -> C:\Program Files\Microsoft Office\Office12\OWSCLT.DLL [OWSDiscussionBar Class] -> [2008/11/21 02:34:20 | 000,798,584 | ---- | M | MD5 = 7A61912304B78F99CB1E6E311FEFF253] (Microsoft Corporation)
{BDEADEF2-C265-11D0-BCED-00A0C90AB50F} [HKLM] -> Reg Error: Key error. [SharePoint OpenDocuments Class] -> File not found
{BDEADEF4-C265-11D0-BCED-00A0C90AB50F} [HKLM] -> Reg Error: Key error. [SharePoint Stssync Handler] -> File not found
{BDEADEF5-C265-11D0-BCED-00A0C90AB50F} [HKLM] -> C:\Program Files\Microsoft Office\Office12\OWSSUPP.DLL [SharePoint Stssync Handler] -> [2009/03/06 04:23:08 | 000,140,168 | ---- | M | MD5 = 29598106730A792694FA91E1184E5501] (Microsoft Corporation)
{C901354A-DFBC-4297-9BC2-22D499A916D5} [HKLM] -> C:\WINDOWS\Downloaded Program Files\ijjisetup1010.dll [ijjiSetupCtrl1010 Class] -> [2008/06/12 00:01:50 | 000,112,048 | ---- | M | MD5 = B50757D650D5279DF72522C245E9C666] ()
{C9712B19-838B-45A5-ABF2-9A315DDDED50} [HKLM] -> C:\Program Files\Microsoft Office\Office12\AUTHZAX.DLL [Microsoft Office 12 Authorization Control] -> [2008/10/25 06:18:46 | 000,054,152 | ---- | M | MD5 = 96ED72080E20A360AB0D2597D1AC4EF6] (Microsoft Corporation)
{CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA} [HKLM] -> Reg Error: Key error. [Reg Error: Value error.] -> File not found
{CAFEEFAC-0016-0000-0005-ABCDEFFEDCBB} [HKLM] -> Reg Error: Key error. [Reg Error: Key error.] -> File not found
{CAFEEFAC-0016-0000-0005-ABCDEFFEDCBC} [HKLM] -> Reg Error: Key error. [Reg Error: Key error.] -> File not found
{CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} [HKLM] -> C:\Program Files\Java\jre1.6.0_07\bin\npjpi160_07.dll [Java Plug-in 1.6.0_07] -> [2008/06/10 04:27:02 | 000,132,496 | ---- | M | MD5 = 7C83A2809E13950359189767AC9D5DB8] (Sun Microsystems, Inc.)
{CAFEEFAC-0016-0000-0007-ABCDEFFEDCBB} [HKLM] -> C:\Program Files\Java\jre1.6.0_07\bin\npjpi160_07.dll [Java Plug-in 1.6.0_07] -> [2008/06/10 04:27:02 | 000,132,496 | ---- | M | MD5 = 7C83A2809E13950359189767AC9D5DB8] (Sun Microsystems, Inc.)
{CAFEEFAC-0016-0000-0007-ABCDEFFEDCBC} [HKLM] -> C:\Program Files\Java\jre1.6.0_07\bin\npjpi160_07.dll [Java Plug-in 1.6.0_07] -> [2008/06/10 04:27:02 | 000,132,496 | ---- | M | MD5 = 7C83A2809E13950359189767AC9D5DB8] (Sun Microsystems, Inc.)
{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} [HKLM] -> C:\Program Files\Java\jre6\bin\npjpi160_20.dll [Java Plug-in 1.6.0_20] -> [2010/04/24 02:57:44 | 000,136,992 | ---- | M | MD5 = E06930C34F16C8AD24AD79502F40026A] (Sun Microsystems, Inc.)
{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBB} [HKLM] -> C:\Program Files\Java\jre6\bin\npjpi160_20.dll [Java Plug-in 1.6.0_20] -> [2010/04/24 02:57:44 | 000,136,992 | ---- | M | MD5 = E06930C34F16C8AD24AD79502F40026A] (Sun Microsystems, Inc.)
{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBC} [HKLM] -> C:\Program Files\Java\jre6\bin\npjpi160_20.dll [Java Plug-in 1.6.0_20] -> [2010/04/24 02:57:44 | 000,136,992 | ---- | M | MD5 = E06930C34F16C8AD24AD79502F40026A] (Sun Microsystems, Inc.)
{CAFEEFAC-DEC7-0000-0000-ABCDEFFEDCBA} [HKLM] -> C:\WINDOWS\system32\deployJava1.dll [Deployment Toolkit] -> [2010/04/24 02:57:40 | 000,411,368 | ---- | M | MD5 = B8F7C6CA5F8E97249853DBE1DADD1FBC] (Sun Microsystems, Inc.)
{CAFEEFAC-DEC7-0000-0001-ABCDEFFEDCBA} [HKLM] -> C:\WINDOWS\system32\deployJava1.dll [Deployment Toolkit] -> [2010/04/24 02:57:40 | 000,411,368 | ---- | M | MD5 = B8F7C6CA5F8E97249853DBE1DADD1FBC] (Sun Microsystems, Inc.)
{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBC} [HKLM] -> Reg Error: Key error. [Reg Error: Key error.] -> File not found
{CB927D12-4FF7-4A9E-A169-56E4B8A75598} [HKLM] -> C:\Program Files\QuickTime\QTPlugin.ocx [Behavior Object] -> [2010/03/17 23:28:24 | 000,800,048 | ---- | M | MD5 = AD99EC8908185A02307CF071EF7BD9CF] (Apple Inc.)
{CDEC13B2-0B3C-400E-B909-E27EE89C6799} [HKLM] -> C:\Program Files\Microsoft Office\Office12\STSUPLD.DLL [STSUpld CopyCtl Class] -> [2006/10/26 19:59:30 | 000,227,128 | ---- | M | MD5 = 40A2F9DBE7434EB9B866D4B67FCA6C5B] (Microsoft Corporation)
{D719897A-B07A-4C0C-AEA9-9B663A28DFCB} [HKLM] -> C:\Program Files\iTunes\ITDetector.ocx [iTunesDetector Class] -> [2010/07/16 07:41:50 | 000,111,912 | ---- | M | MD5 = 1E0420B5062B4D4E1C13C931CE5084BE] (Apple Inc.)
{DFEAF541-F3E1-4c24-ACAC-99C30715084A} [HKLM] -> c:\Program Files\Microsoft Silverlight\4.0.50524.0\npctrl.dll [Microsoft Silverlight] -> [2010/05/23 23:30:20 | 001,013,760 | ---- | M | MD5 = 2CB7C019A1AB8EA3D281C9606D097331] ( Microsoft Corporation)
{E01D1C6A-4F40-11D3-8958-00105A272DCF} [HKLM] -> C:\Program Files\Microsoft Office\Office12\GrooveTextTools.dll [Groove Text View] -> [2009/02/14 06:03:54 | 001,161,568 | ---- | M | MD5 = 53BABBB23E0A507C79D2FB488EABBBD9] (Microsoft Corporation)
{E543A17A-F212-49C0-B63D-BF09B460250E} [HKLM] -> C:\Program Files\Microsoft Office\Office12\oisctrl.dll [OISClientLauncher Class] -> [2009/03/06 04:23:50 | 000,022,432 | ---- | M | MD5 = EA9E5B8D043D01851977B6D4C4C8F2A8] (Microsoft Corporation)
{E7339A62-0E31-4A5E-BA3D-F2FEDFBF8BE5} [HKLM] -> C:\Program Files\Common Files\Microsoft Shared\Portal\PortalConnectCore.dll [PersonalSite Class] -> [2008/10/26 05:42:16 | 000,482,656 | ---- | M | MD5 = 2569192656E36C43D807DC37D5335919] ()
{F8160836-0C11-4CA4-AD87-944542C7BCBD} [HKLM] -> C:\WINDOWS\system32\PubPlugin.dll [PubPlugin Class] -> [2008/04/23 15:02:12 | 000,157,152 | ---- | M | MD5 = 34E6B5C841396089053F129E6B904DBF] (NHN Corporation)
< Ext (Settings) - [HKEY_CURRENT_USER] > -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Settings\ ->
{BDD307C3-7BC0-4542-9F8F-A9611FE6C1BF} [HKLM] -> C:\WINDOWS\system32\proctexe.ocx [Additive Surface] -> [2008/04/13 17:10:35 | 000,081,920 | ---- | M | MD5 = CF645DD270F3A7DBA0AB0B282FFA4526] (Intel Corporation)
< Ext (Stats) - [HKEY_CURRENT_USER] > -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\ ->
{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} [HKLM] -> C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll [Adobe PDF Reader Link Helper] -> [2006/12/18 04:16:42 | 000,059,032 | ---- | M | MD5 = 4EA3A6CD9D20584FFAFDB1E47DBF0E20] (Adobe Systems Incorporated)
{08B0E5C0-4FCB-11CF-AAA5-00401C608501} [HKLM] -> Reg Error: Key error. [Reg Error: Value error.] -> File not found
{201F27D4-3704-41D6-89C1-AA35E39143ED} [HKLM] -> Reg Error: Key error. [Reg Error: Key error.] -> File not found
{2318C2B1-4965-11D4-9B18-009027A5CD4F} [HKLM] -> Reg Error: Key error. [Reg Error: Key error.] -> File not found
{2670000A-7350-4F3C-8081-5663EE0C6C49} [HKLM] -> Reg Error: Key error. [Reg Error: Key error.] -> File not found
{2D360201-FFF5-11D1-8D03-00A0C959BC0A} [HKLM] -> C:\Program Files\Common Files\Microsoft Shared\Triedit\dhtmled.ocx [DHTML Edit Control Safe for Scripting for IE5] -> [2009/07/27 15:27:12 | 000,128,512 | ---- | M | MD5 = AB2618C157C8D7BC89BA3402C6E52638] (Microsoft Corporation)
{3041D03E-FD4B-44E0-B742-2D9B88305F98} [HKLM] -> C:\Program Files\AskBarDis\bar\bin\askBar.dll [Ask Toolbar] -> File not found
{3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} [HKLM] -> Reg Error: Key error. [Reg Error: Key error.] -> File not found
{5F5F9FB8-878E-4455-95E0-F64B2314288A} [HKLM] -> C:\WINDOWS\system32\ijjiPlugin2.dll [ijjiPlugin2 Class] -> [2008/06/12 00:01:48 | 000,058,800 | ---- | M | MD5 = C9E022659AB6AA3573753BFE2DF7652B] (NHN USA Corp.)
{72853161-30C5-4D22-B7F9-0BBC1D38A37E} [HKLM] -> C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll [Groove GFS Browser Helper] -> [2009/02/12 15:19:32 | 002,217,848 | ---- | M | MD5 = A6B5A41C0ED007AB6C43CAD899E533D8] (Microsoft Corporation)
{761497BB-D6F0-462C-B6EB-D4DAF1D92D43} [HKLM] -> Reg Error: Key error. [Reg Error: Key error.] -> File not found
{8FFBE65D-2C9C-4669-84BD-5829DC0B603C} [HKLM] -> Reg Error: Key error. [Reg Error: Value error.] -> File not found
{92780B25-18CC-41C8-B9BE-3C9C571A8263} [HKLM] -> Reg Error: Key error. [Reg Error: Key error.] -> File not found
{A3BC75A2-1F87-4686-AA43-5347D756017C} [HKLM] -> Reg Error: Key error. [Reg Error: Key error.] -> File not found
{A8F38D8D-E480-4D52-B7A2-731BB6995FDD} [HKLM] -> Reg Error: Key error. [Reg Error: Key error.] -> File not found
{AA58ED58-01DD-4D91-8333-CF10577473F7} [HKLM] -> Reg Error: Key error. [Reg Error: Key error.] -> File not found
{AAAE832A-5FFF-4661-9C8F-369692D1DCB9} [HKLM] -> C:\WINDOWS\pchealth\helpctr\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\plugin\WebHelper.dll [hpWebHelper Class] -> [2008/08/05 16:00:15 | 000,217,088 | ---- | M | MD5 = A0EF773AA00AFAF320E7404304EC5220] (TODO: )
{AF69DE43-7D58-4638-B6FA-CE66B5AD205D} [HKLM] -> Reg Error: Key error. [Reg Error: Key error.] -> File not found
{B821BF60-5C2D-41EB-92DC-3E4CCD3A22E4} [HKLM] -> C:\Program Files\Panda Security\Panda Security Toolbar\PandaSecurityDx.dll [Panda Security Toolbar] -> [2010/06/15 06:46:12 | 000,086,696 | ---- | M | MD5 = 26430378D083C787340EC434D0AF78C1] ()
{BF0118D4-63FF-4138-9327-F3028FB1A578} [HKLM] -> C:\WINDOWS\web\wallpaper\welcome\AWhelper.dll [Helper Class] -> File not found
{C4069E3A-68F1-403E-B40E-20066696354B} [HKLM] -> Reg Error: Key error. [Reg Error: Key error.] -> File not found
{C901354A-DFBC-4297-9BC2-22D499A916D5} [HKLM] -> C:\WINDOWS\Downloaded Program Files\ijjisetup1010.dll [ijjiSetupCtrl1010 Class] -> [2008/06/12 00:01:50 | 000,112,048 | ---- | M | MD5 = B50757D650D5279DF72522C245E9C666] ()
{CCC7A320-B3CA-4199-B1A6-9F516DD69829} [HKLM] -> Reg Error: Key error. [Reg Error: Key error.] -> File not found
{D0943516-5076-4020-A3B5-AEFAF26AB263} [HKLM] -> Reg Error: Key error. [Reg Error: Key error.] -> File not found
{D27CDB6E-AE6D-11CF-96B8-444553540000} [HKLM] -> C:\WINDOWS\system32\Macromed\Flash\Flash10b.ocx [Shockwave Flash Object] -> [2009/02/02 19:07:18 | 003,866,528 | R--- | M | Unable to obtain MD5] (Adobe Systems, Inc.)
{DFEAF541-F3E1-4C24-ACAC-99C30715084A} [HKLM] -> c:\Program Files\Microsoft Silverlight\4.0.50524.0\npctrl.dll [Microsoft Silverlight] -> [2010/05/23 23:30:20 | 001,013,760 | ---- | M | MD5 = 2CB7C019A1AB8EA3D281C9606D097331] ( Microsoft Corporation)
{E2D4D26B-0180-43A4-B05F-462D6D54C789} [HKLM] -> Reg Error: Key error. [Reg Error: Key error.] -> File not found
{E2E2DD38-D088-4134-82B7-F2BA38496583} [HKLM] -> Reg Error: Key error. [Reg Error: Key error.] -> File not found
{E9DA06F1-632C-462F-98B3-AF74B47DA727} [HKLM] -> Reg Error: Key error. [Reg Error: Key error.] -> File not found
{F0D4B231-DA4B-4DAF-81E4-DFEE4931A4AA} [HKLM] -> Reg Error: Key error. [Reg Error: Key error.] -> File not found
{F0D4B239-DA4B-4DAF-81E4-DFEE4931A4AA} [HKLM] -> Reg Error: Key error. [Reg Error: Key error.] -> File not found
{F1FF080D-12A3-439A-A2EF-4BA95A3148E8} [HKLM] -> Reg Error: Key error. [Reg Error: Key error.] -> File not found
{F31D1897-7EFD-4647-8687-E05894E382AB} [HKLM] -> C:\WINDOWS\system32\runclose.ocx [Runclose Control] -> [2003/04/07 13:22:14 | 000,045,056 | ---- | M | MD5 = 79A35CB5078C385AFCC0F8E7B79B9866] (Hewlett-Packard Company)
{F8160836-0C11-4CA4-AD87-944542C7BCBD} [HKLM] -> C:\WINDOWS\system32\PubPlugin.dll [PubPlugin Class] -> [2008/04/23 15:02:12 | 000,157,152 | ---- | M | MD5 = 34E6B5C841396089053F129E6B904DBF] (NHN Corporation)
{FB5F1910-F110-11D2-BB9E-00C04F795683} [HKLM] -> Reg Error: Key error. [Reg Error: Key error.] -> File not found
< File Associations - Select to Repair > -> HKEY_LOCAL_MACHINE\SOFTWARE\Classes\\ ->
.bat [@ = batfile] -> "%1" %* ->
.cmd [@ = cmdfile] -> "%1" %* ->
.com [@ = comfile] -> "%1" %* ->
.exe [@ = exefile] -> "%1" %* ->
.pif [@ = piffile] -> "%1" %* ->
.scr [@ = scrfile] -> "%1" /S ->
< File Associations - Select to Repair > -> HKEY_USERS\S-1-5-21-2239381086-1206112939-3159093799-1008\SOFTWARE\Classes\\ ->
.exe [@ = exefile] -> Reg Error: Key error. -> File not found
.html [@ = FirefoxHTML] -> C:\Program Files\Mozilla Firefox\firefox.exe -> [2010/07/22 19:06:53 | 000,910,296 | ---- | M | MD5 = BACCDA841C689D1CBA941F478E8ED24B] (Mozilla Corporation)
< HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SvcHost > -> ->
*netsvcs* -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SvcHost\\netsvcs ->
6to4 -> -> File not found
Ias -> -> File not found
Iprip -> -> File not found
Irmon -> -> File not found
NWCWorkstation -> -> File not found
Nwsapagent -> -> File not found
WmdmPmSp -> -> File not found

crucifix676
Novice
Novice

Posts Posts : 49
Joined Joined : 2010-06-22
OS OS : Windows XP
Points Points : 24363
# Likes # Likes : 0

View user profile

Back to top Go down

Page 1 of 2 1, 2  Next

View previous topic View next topic Back to top

- Similar topics

 
Permissions in this forum:
You cannot reply to topics in this forum