Google Redirecting Malware

Page 2 of 2 Previous  1, 2

View previous topic View next topic Go down

Re: Google Redirecting Malware

Post by crucifix676 on Thu Jul 22, 2010 7:45 am

I get back "Unknown boot code has been found on some of your physical disks"

crucifix676
Novice
Novice

Posts Posts : 49
Joined Joined : 2010-06-22
OS OS : Windows XP
Points Points : 24303
# Likes # Likes : 0

View user profile

Back to top Go down

Re: Google Redirecting Malware

Post by Dr Jay on Thu Jul 22, 2010 6:56 pm

Please post the log from it, so I may see which ones are infected.


Dr. Jay (DJ)


[You must be registered and logged in to see this link.] ~ [You must be registered and logged in to see this link.] ~ [You must be registered and logged in to see this link.] ~ [You must be registered and logged in to see this link.]

Dr Jay
Head Administrator
Head Administrator

Posts Posts : 13714
Joined Joined : 2009-09-06
Gender Gender : Male
OS OS : Windows 10 Home & Pro
Protection Protection : Bitdefender Total Security
Points Points : 302072
# Likes # Likes : 10

View user profile

Back to top Go down

Re: Google Redirecting Malware

Post by crucifix676 on Fri Jul 23, 2010 1:08 am

Bootkit Remover version 1.0.0.1
(c) 2009 eSage Lab
[You must be registered and logged in to see this link.]

\\.\C: -> \\.\PhysicalDrive0
MD5: 53b87386f68c4cb2306da5ba771dbe8b
\\.\D: -> \\.\PhysicalDrive0

Size Device Name MBR Status
--------------------------------------------
232 GB \\.\PhysicalDrive0 Unknown boot code

Unknown boot code has been found on some of your physical disks.
To inspect the boot code manually, dump the master boot sector:
remover.exe dump [output_file]
To disinfect the master boot sector, use the following command:
remover.exe fix




crucifix676
Novice
Novice

Posts Posts : 49
Joined Joined : 2010-06-22
OS OS : Windows XP
Points Points : 24303
# Likes # Likes : 0

View user profile

Back to top Go down

Re: Google Redirecting Malware

Post by Dr Jay on Fri Jul 23, 2010 6:06 am

Please open Notepad and enter in the following:
@echo off
start remover.exe fix \.\PhysicalDrive0
exit
Then, click File > Save as...
Save as remove.bat to the same location as remover.exe.
Choose Save as type... All Files.
Click Save.

Then, exit Notepad.

Double-click on remove.bat.

Please re-run remover.exe and post a new log in your next reply.


Dr. Jay (DJ)


[You must be registered and logged in to see this link.] ~ [You must be registered and logged in to see this link.] ~ [You must be registered and logged in to see this link.] ~ [You must be registered and logged in to see this link.]

Dr Jay
Head Administrator
Head Administrator

Posts Posts : 13714
Joined Joined : 2009-09-06
Gender Gender : Male
OS OS : Windows 10 Home & Pro
Protection Protection : Bitdefender Total Security
Points Points : 302072
# Likes # Likes : 10

View user profile

Back to top Go down

Re: Google Redirecting Malware

Post by crucifix676 on Fri Jul 23, 2010 6:42 am

I got this from remove.bat:

Bootkit Remover version 1.0.0.1
(c) 2009 eSage Lab
[You must be registered and logged in to see this link.]

CreateFile() ERROR 2
ERROR: Can't open physical disk device.



And I'm still getting this from remover.exe:


Bootkit Remover version 1.0.0.1
(c) 2009 eSage Lab
[You must be registered and logged in to see this link.]

\\.\C: -> \\.\PhysicalDrive0
MD5: 53b87386f68c4cb2306da5ba771dbe8b
\\.\D: -> \\.\PhysicalDrive0

Size Device Name MBR Status
--------------------------------------------
232 GB \\.\PhysicalDrive0 Unknown boot code

Unknown boot code has been found on some of your physical disks.
To inspect the boot code manually, dump the master boot sector:
remover.exe dump [output_file]
To disinfect the master boot sector, use the following command:
remover.exe fix









crucifix676
Novice
Novice

Posts Posts : 49
Joined Joined : 2010-06-22
OS OS : Windows XP
Points Points : 24303
# Likes # Likes : 0

View user profile

Back to top Go down

Re: Google Redirecting Malware

Post by Dr Jay on Fri Jul 23, 2010 6:48 am

Do you have an XP cd?


Dr. Jay (DJ)


[You must be registered and logged in to see this link.] ~ [You must be registered and logged in to see this link.] ~ [You must be registered and logged in to see this link.] ~ [You must be registered and logged in to see this link.]

Dr Jay
Head Administrator
Head Administrator

Posts Posts : 13714
Joined Joined : 2009-09-06
Gender Gender : Male
OS OS : Windows 10 Home & Pro
Protection Protection : Bitdefender Total Security
Points Points : 302072
# Likes # Likes : 10

View user profile

Back to top Go down

Re: Google Redirecting Malware

Post by crucifix676 on Fri Jul 23, 2010 6:49 am

Yes I do.

crucifix676
Novice
Novice

Posts Posts : 49
Joined Joined : 2010-06-22
OS OS : Windows XP
Points Points : 24303
# Likes # Likes : 0

View user profile

Back to top Go down

Re: Google Redirecting Malware

Post by Dr Jay on Fri Jul 23, 2010 6:51 am

Reboot your computer.

Boot from the windows XP CD, press the "R" key in the setup in order to start the Recovery Console.

Select your windows XP installation from the list (usually 1). It will prompt for an administrator password. The password is probably blank, so just hit enter.

Enter the command: fixmbr at the input prompt and confirm the next question with a Y.

It should then reboot the computer. If it does not, then type exit.

Boot back in to the Normal XP.

=================

After that, post a new Bootkit Remover log.


Dr. Jay (DJ)


[You must be registered and logged in to see this link.] ~ [You must be registered and logged in to see this link.] ~ [You must be registered and logged in to see this link.] ~ [You must be registered and logged in to see this link.]

Dr Jay
Head Administrator
Head Administrator

Posts Posts : 13714
Joined Joined : 2009-09-06
Gender Gender : Male
OS OS : Windows 10 Home & Pro
Protection Protection : Bitdefender Total Security
Points Points : 302072
# Likes # Likes : 10

View user profile

Back to top Go down

Re: Google Redirecting Malware

Post by crucifix676 on Fri Jul 23, 2010 7:09 am

Bootkit Remover version 1.0.0.1
(c) 2009 eSage Lab
[You must be registered and logged in to see this link.]

\\.\C: -> \\.\PhysicalDrive0
MD5: 6def5ffcbcdbdb4082f1015625e597bd
\\.\D: -> \\.\PhysicalDrive0

Size Device Name MBR Status
--------------------------------------------
232 GB \\.\PhysicalDrive0 OK (DOS/Win32 Boot code found)




crucifix676
Novice
Novice

Posts Posts : 49
Joined Joined : 2010-06-22
OS OS : Windows XP
Points Points : 24303
# Likes # Likes : 0

View user profile

Back to top Go down

Re: Google Redirecting Malware

Post by Dr Jay on Fri Jul 23, 2010 7:10 am

Good. Anymore redirects?


Dr. Jay (DJ)


[You must be registered and logged in to see this link.] ~ [You must be registered and logged in to see this link.] ~ [You must be registered and logged in to see this link.] ~ [You must be registered and logged in to see this link.]

Dr Jay
Head Administrator
Head Administrator

Posts Posts : 13714
Joined Joined : 2009-09-06
Gender Gender : Male
OS OS : Windows 10 Home & Pro
Protection Protection : Bitdefender Total Security
Points Points : 302072
# Likes # Likes : 10

View user profile

Back to top Go down

Re: Google Redirecting Malware

Post by crucifix676 on Fri Jul 23, 2010 7:26 am

Yes, actually. I'm still getting redirects.

crucifix676
Novice
Novice

Posts Posts : 49
Joined Joined : 2010-06-22
OS OS : Windows XP
Points Points : 24303
# Likes # Likes : 0

View user profile

Back to top Go down

Re: Google Redirecting Malware

Post by Dr Jay on Fri Jul 23, 2010 6:35 pm

Please download GooredFix from one of the locations below and save it to your Desktop
[You must be registered and logged in to see this link.]
[You must be registered and logged in to see this link.]
  • Ensure all Firefox windows are closed.
  • To run the tool, double-click it (XP), or right-click and select Run As Administrator (Vista).
  • When prompted to run the scan, click Yes.
  • GooredFix will check for infections, and then a log will appear. Please post the contents of that log in your next reply (it can also be found on your desktop, called GooredFix.txt).



Dr. Jay (DJ)


[You must be registered and logged in to see this link.] ~ [You must be registered and logged in to see this link.] ~ [You must be registered and logged in to see this link.] ~ [You must be registered and logged in to see this link.]

Dr Jay
Head Administrator
Head Administrator

Posts Posts : 13714
Joined Joined : 2009-09-06
Gender Gender : Male
OS OS : Windows 10 Home & Pro
Protection Protection : Bitdefender Total Security
Points Points : 302072
# Likes # Likes : 10

View user profile

Back to top Go down

Re: Google Redirecting Malware

Post by crucifix676 on Sat Jul 24, 2010 7:55 am

GooredFix by jpshortstuff (03.07.10.1)
Log created at 00:54 on 24/07/2010 (HP_Administrator)
Firefox version 3.6.7 (en-US)

========== GooredScan ==========

Removing Orphan:
"{30A770C9-F875-44F8-AF80-3147BCCFD89A}"="C:\Documents and Settings\HP_Administrator\Local Settings\Application Data\{30A770C9-F875-44F8-AF80-3147BCCFD89A}" -> Success!

========== GooredLog ==========

C:\Program Files\Mozilla Firefox\extensions\
{972ce4c6-7e08-4474-a285-3208198ce6fd} [02:50 07/12/2009]
{CAFEEFAC-0016-0000-0002-ABCDEFFEDCBA} [22:59 23/07/2007]

C:\Documents and Settings\HP_Administrator\Application Data\Mozilla\Firefox\Profiles\7x8fv31u.default\extensions\
[You must be registered and logged in to see this link.] [03:57 14/05/2010]
{20a82645-c095-46ed-80e3-08825760534b} [20:53 27/04/2010]

[HKEY_LOCAL_MACHINE\Software\Mozilla\Firefox\Extensions]
"{20a82645-c095-46ed-80e3-08825760534b}"="c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension" [22:38 07/02/2009]
"jqs@sun.com"="C:\Program Files\Java\jre6\lib\deploy\jqs\ff" [09:57 24/04/2010]

---------- Old Logs ----------
GooredFix[22.29.29_29-06-2010].txt

-=E.O.F=-

crucifix676
Novice
Novice

Posts Posts : 49
Joined Joined : 2010-06-22
OS OS : Windows XP
Points Points : 24303
# Likes # Likes : 0

View user profile

Back to top Go down

Re: Google Redirecting Malware

Post by Dr Jay on Sun Jul 25, 2010 10:14 am

1. Click Start, click Run, type sigverif, and then click OK.

2. Click Advanced, click Look for other files that are not digitally signed, navigate to the Winnt\System32\Drivers folder, and then click OK.

3. Click Start.

4. After it has finished running, navigate to C:\Windows\Sigverify.txt, open it and post the contents of the log here.


Dr. Jay (DJ)


[You must be registered and logged in to see this link.] ~ [You must be registered and logged in to see this link.] ~ [You must be registered and logged in to see this link.] ~ [You must be registered and logged in to see this link.]

Dr Jay
Head Administrator
Head Administrator

Posts Posts : 13714
Joined Joined : 2009-09-06
Gender Gender : Male
OS OS : Windows 10 Home & Pro
Protection Protection : Bitdefender Total Security
Points Points : 302072
# Likes # Likes : 10

View user profile

Back to top Go down

Re: Google Redirecting Malware

Post by crucifix676 on Sun Jul 25, 2010 11:34 am

********************************

Microsoft Signature Verification

Log file generated on 7/25/2010 at 4:33 AM
OS Platform: Windows 2000 (x86), Version: 5.1, Build: 2600, CSDVersion: Service Pack 3
Scan Results: Total Files: 336, Signed: 323, Unsigned: 10, Not Scanned: 3

User-specified search path: *.*
User-specified search pattern: C:\WINDOWS\system32\drivers

File Modified Version Status Catalog Signed By
------------------ ------------ ----------- ------------ ----------- -------------------
[c:\windows\system32\drivers]
103c_hp_cpc_rb103aa- 4/17/2008 None Not Signed N/A
1394bus.sys 4/13/2008 2:5.1 Signed sp3.cat Microsoft Windows Component Publisher
acpi.sys 4/13/2008 2:5.1 Signed sp3.cat Microsoft Windows Component Publisher
acpiec.sys 8/9/2004 2:5.1 Signed nt5.cat Microsoft Windows Component Publisher
adv01nt5.dll 4/13/2008 2:5.1 Signed sp3.cat Microsoft Windows Component Publisher
adv02nt5.dll 4/13/2008 2:5.1 Signed sp3.cat Microsoft Windows Component Publisher
adv05nt5.dll 4/13/2008 2:5.1 Signed sp3.cat Microsoft Windows Component Publisher
adv07nt5.dll 4/13/2008 2:5.1 Signed sp3.cat Microsoft Windows Component Publisher
adv08nt5.dll 4/13/2008 2:5.1 Signed sp3.cat Microsoft Windows Component Publisher
adv09nt5.dll 4/13/2008 2:5.1 Signed sp3.cat Microsoft Windows Component Publisher
adv11nt5.dll 4/13/2008 2:5.1 Signed sp3.cat Microsoft Windows Component Publisher
aec.sys 4/13/2008 2:5.1 Signed sp3.cat Microsoft Windows Component Publisher
afd.sys 8/14/2008 2:5.1 Signed KB956803.cat Microsoft Windows Component Publisher
agp440.sys 4/13/2008 2:5.1 Signed sp3.cat Microsoft Windows Component Publisher
agpcpq.sys 4/13/2008 2:5.1 Signed sp3.cat Microsoft Windows Component Publisher
alim1541.sys 4/13/2008 2:5.1 Signed sp3.cat Microsoft Windows Component Publisher
amdagp.sys 4/13/2008 2:5.1 Signed sp3.cat Microsoft Windows Component Publisher
amdk6.sys 4/13/2008 2:5.1 Signed sp3.cat Microsoft Windows Component Publisher
amdk7.sys 4/13/2008 2:5.1 Signed sp3.cat Microsoft Windows Component Publisher
amdk8.sys 3/9/2005 2:5.1,2:5.2 Signed oem9.CAT Microsoft Windows Publisher
aracpi.sys 8/2/2005 2:5.0,2:5.1,2:5.2 Signed AwayMode160.cat Microsoft Windows Publisher
arhidfltr.sys 8/2/2005 2:5.0,2:5.1,2:5.2 Signed AwayMode160.cat Microsoft Windows Publisher
arkbcfltr.sys 8/2/2005 2:5.0,2:5.1,2:5.2 Signed AwayMode160.cat Microsoft Windows Publisher
armoucfltr.sys 8/2/2005 2:5.0,2:5.1,2:5.2 Signed AwayMode160.cat Microsoft Windows Publisher
arp1394.sys 4/13/2008 2:5.1 Signed sp3.cat Microsoft Windows Component Publisher
arpolicy.sys 8/2/2005 2:5.0,2:5.1,2:5.2 Signed AwayMode160.cat Microsoft Windows Publisher
asyncmac.sys 4/13/2008 2:5.1 Signed sp3.cat Microsoft Windows Component Publisher
atapi.sys 4/13/2008 2:5.1 Signed sp3.cat Microsoft Windows Component Publisher
ati1btxx.sys 8/3/2004 2:5.1 Signed sp3.cat Microsoft Windows Component Publisher
ati1mdxx.sys 8/3/2004 2:5.1 Signed sp3.cat Microsoft Windows Component Publisher
ati1pdxx.sys 8/3/2004 2:5.1 Signed sp3.cat Microsoft Windows Component Publisher
ati1raxx.sys 8/3/2004 2:5.1 Signed sp3.cat Microsoft Windows Component Publisher
ati1rvxx.sys 8/3/2004 2:5.1 Signed sp3.cat Microsoft Windows Component Publisher
ati1snxx.sys 8/3/2004 2:5.1 Signed sp3.cat Microsoft Windows Component Publisher
ati1ttxx.sys 8/3/2004 2:5.1 Signed sp3.cat Microsoft Windows Component Publisher
ati1tuxx.sys 8/3/2004 2:5.1 Signed sp3.cat Microsoft Windows Component Publisher
ati1xbxx.sys 8/3/2004 2:5.1 Signed sp3.cat Microsoft Windows Component Publisher
ati1xsxx.sys 8/3/2004 2:5.1 Signed sp3.cat Microsoft Windows Component Publisher
ati2mtaa.sys 8/3/2004 2:5.1 Signed sp3.cat Microsoft Windows Component Publisher
ati2mtag.sys 8/3/2004 2:5.1 Signed sp3.cat Microsoft Windows Component Publisher
atinbtxx.sys 8/3/2004 2:5.1 Signed sp3.cat Microsoft Windows Component Publisher
atinmdxx.sys 8/3/2004 2:5.1 Signed sp3.cat Microsoft Windows Component Publisher
atinpdxx.sys 8/3/2004 2:5.1 Signed sp3.cat Microsoft Windows Component Publisher
atinraxx.sys 8/3/2004 2:5.1 Signed sp3.cat Microsoft Windows Component Publisher
atinrvxx.sys 8/3/2004 2:5.1 Signed sp3.cat Microsoft Windows Component Publisher
atinsnxx.sys 8/3/2004 2:5.1 Signed sp3.cat Microsoft Windows Component Publisher
atinttxx.sys 8/3/2004 2:5.1 Signed sp3.cat Microsoft Windows Component Publisher
atintuxx.sys 8/3/2004 2:5.1 Signed sp3.cat Microsoft Windows Component Publisher
atinxbxx.sys 8/3/2004 2:5.1 Signed sp3.cat Microsoft Windows Component Publisher
atinxsxx.sys 8/3/2004 2:5.1 Signed sp3.cat Microsoft Windows Component Publisher
ativmc20.cod 7/17/2004 2:5.1 Signed sp3.cat Microsoft Windows Component Publisher
atksgt.sys 7/8/2010 None Signed N/A Tages SA
atmarpc.sys 4/13/2008 2:5.1 Signed sp3.cat Microsoft Windows Component Publisher
atmepvc.sys 8/9/2004 2:5.1 Signed nt5.cat Microsoft Windows Component Publisher
atmlane.sys 4/13/2008 2:5.1 Signed sp3.cat Microsoft Windows Component Publisher
atmuni.sys 8/9/2004 2:5.1 Signed nt5.cat Microsoft Windows Component Publisher
atv01nt5.dll 4/13/2008 2:5.1 Signed sp3.cat Microsoft Windows Component Publisher
atv02nt5.dll 4/13/2008 2:5.1 Signed sp3.cat Microsoft Windows Component Publisher
atv04nt5.dll 4/13/2008 2:5.1 Signed sp3.cat Microsoft Windows Component Publisher
atv06nt5.dll 4/13/2008 2:5.1 Signed sp3.cat Microsoft Windows Component Publisher
atv10nt5.dll 4/13/2008 2:5.1 Signed sp3.cat Microsoft Windows Component Publisher
audstub.sys 8/17/2001 2:5.1 Signed nt5.cat Microsoft Windows Component Publisher
bantext.sys 2/27/2008 None Not Signed N/A
bb-run.sys 11/5/2003 2:5.1 Signed oem0.CAT Microsoft Windows Hardware Compatibility Publisher
beep.sys 8/9/2004 2:5.1 Signed nt5.cat Microsoft Windows Component Publisher
bridge.sys 4/13/2008 2:5.1 Signed sp3.cat Microsoft Windows Component Publisher
bthenum.sys 4/13/2008 2:5.1 Signed sp3.cat Microsoft Windows Component Publisher
bthmodem.sys 4/13/2008 2:5.1 Signed sp3.cat Microsoft Windows Component Publisher
bthpan.sys 4/13/2008 2:5.1 Signed sp3.cat Microsoft Windows Component Publisher
bthport.sys 6/13/2008 2:5.1 Signed KB951376-v2.cat Microsoft Windows Component Publisher
bthprint.sys 4/13/2008 2:5.1 Signed sp3.cat Microsoft Windows Component Publisher
bthusb.sys 4/13/2008 2:5.1 Signed sp3.cat Microsoft Windows Component Publisher
cbidf2k.sys 8/9/2004 2:5.1 Signed nt5.cat Microsoft Windows Component Publisher
ccdecode.sys 4/13/2008 2:5.1 Signed sp3.cat Microsoft Windows Component Publisher
cdaudio.sys 8/10/2004 2:5.1 Signed nt5.cat Microsoft Windows Component Publisher
cdfs.sys 4/13/2008 2:5.1 Signed sp3.cat Microsoft Windows Component Publisher
cdr4_xp.sys 8/19/2005 8.0.0.212 Not Signed N/A
cdralw2k.sys 8/19/2005 8.0.0.212 Not Signed N/A
ch7xxnt5.dll 4/13/2008 2:5.1 Signed sp3.cat Microsoft Windows Component Publisher
cinemst2.sys 8/10/2004 2:5.1 Signed nt5.cat Microsoft Windows Component Publisher
classpnp.sys 4/13/2008 2:5.1 Signed sp3.cat Microsoft Windows Component Publisher
cpqdap01.sys 8/10/2004 2:5.1 Signed nt5inf.cat Microsoft Windows Component Publisher
crusoe.sys 4/13/2008 2:5.1 Signed sp3.cat Microsoft Windows Component Publisher
cxthsfs2.cty 7/17/2004 2:5.1 Signed sp3.cat Microsoft Windows Component Publisher
diag69xp.sys 1/20/2006 1.142.524.2004 Not Signed N/A
disk.sys 4/13/2008 2:5.1 Signed sp3.cat Microsoft Windows Component Publisher
diskdump.sys 4/13/2008 2:5.1 Signed sp3.cat Microsoft Windows Component Publisher
dmboot.sys 4/13/2008 2:5.1 Signed sp3.cat Microsoft Windows Component Publisher
dmio.sys 4/13/2008 2:5.1 Signed sp3.cat Microsoft Windows Component Publisher
dmload.sys 8/9/2004 2:5.1 Signed nt5.cat Microsoft Windows Component Publisher
dmusic.sys 4/13/2008 2:5.1 Signed sp3.cat Microsoft Windows Component Publisher
drmk.sys 4/13/2008 2:5.1 Signed sp3.cat Microsoft Windows Component Publisher
drmkaud.sys 4/13/2008 2:5.1 Signed sp3.cat Microsoft Windows Component Publisher
dxapi.sys 8/9/2004 2:5.1 Signed nt5.cat Microsoft Windows Component Publisher
dxg.sys 4/13/2008 2:5.1 Signed sp3.cat Microsoft Windows Component Publisher
dxgthk.sys 8/9/2004 2:5.1 Signed nt5.cat Microsoft Windows Component Publisher
enum1394.sys 8/17/2001 2:5.1 Signed nt5.cat Microsoft Windows Component Publisher
fastfat.sys 4/13/2008 2:5.1 Signed sp3.cat Microsoft Windows Component Publisher
fdc.sys 4/13/2008 2:5.1 Signed sp3.cat Microsoft Windows Component Publisher
fips.sys 4/13/2008 2:5.1 Signed sp3.cat Microsoft Windows Component Publisher
flpydisk.sys 4/13/2008 2:5.1 Signed sp3.cat Microsoft Windows Component Publisher
fltmgr.sys 4/13/2008 2:5.1 Signed sp3.cat Microsoft Windows Component Publisher
fsvga.sys 8/10/2004 2:5.1 Signed nt5.cat Microsoft Windows Component Publisher
fs_rec.sys 8/9/2004 2:5.1 Signed nt5.cat Microsoft Windows Component Publisher
ftdisk.sys 8/9/2004 2:5.1 Signed nt5.cat Microsoft Windows Component Publisher
ftsata2.sys 6/29/2005 2:5.1 Signed oem0.CAT Microsoft Windows Hardware Compatibility Publisher
gagp30kx.sys 4/13/2008 2:5.1 Signed sp3.cat Microsoft Windows Component Publisher
gearaspiwdm.sys 5/18/2009 2:5.00,2:5.1,2:5.2,2Signed oem141.CAT Microsoft Windows Hardware Compatibility Publisher
gm.dls 8/9/2004 2:5.1 Signed nt5.cat Microsoft Windows Component Publisher
gmreadme.txt 8/9/2004 2:5.1 Signed nt5.cat Microsoft Windows Component Publisher
hcwfalcn.rom 1/17/2005 2:5.1 Signed oem10.CAT Microsoft Windows Hardware Compatibility Publisher
hcwmakob.rom 4/20/2005 2:5.1 Signed oem10.CAT Microsoft Windows Hardware Compatibility Publisher
hcwmakoc.rom 2/9/2006 2:5.1 Signed oem10.CAT Microsoft Windows Hardware Compatibility Publisher
hcwpp2.sys 4/13/2006 2:5.1 Signed oem10.CAT Microsoft Windows Hardware Compatibility Publisher
hdaudbus.sys 4/13/2008 2:5.1 Signed sp3.cat Microsoft Windows Component Publisher
hdaudio.sys 1/8/2005 2:5.1 Signed KB888111WXPSP2.cat Microsoft Windows XP Publisher
hidbth.sys 4/13/2008 2:5.1 Signed sp3.cat Microsoft Windows Component Publisher
hidclass.sys 4/13/2008 2:5.1 Signed sp3.cat Microsoft Windows Component Publisher
hidir.sys 4/13/2008 2:5.1 Signed sp3.cat Microsoft Windows Component Publisher
hidparse.sys 4/13/2008 2:5.1 Signed sp3.cat Microsoft Windows Component Publisher
hidserv.dll 4/13/2008 2:5.1 Signed sp3.cat Microsoft Windows Component Publisher
hidusb.sys 4/13/2008 2:5.1 Signed sp3.cat Microsoft Windows Component Publisher
hitmanpro35.sys 6/29/2010 None Signed N/A SurfRight B.V.
hsfbs2s2.sys 8/3/2004 2:5.1 Signed sp3.cat Microsoft Windows Component Publisher
hsfcxts2.sys 8/3/2004 2:5.1 Signed sp3.cat Microsoft Windows Component Publisher
hsfdpsp2.sys 8/3/2004 2:5.1 Signed sp3.cat Microsoft Windows Component Publisher
hsfprof.cty 12/6/2005 2:5.1 Signed oem8.CAT Microsoft Windows Hardware Compatibility Publisher
hsxhwbs2.sys 12/6/2005 2:5.1 Signed oem8.CAT Microsoft Windows Hardware Compatibility Publisher
hsx_cnxt.sys 12/6/2005 2:5.1 Signed oem8.CAT Microsoft Windows Hardware Compatibility Publisher
hsx_dp.sys 12/6/2005 2:5.1 Signed oem8.CAT Microsoft Windows Hardware Compatibility Publisher
http.sys 10/20/2009 2:5.1 Signed KB970430.cat Microsoft Windows Component Publisher
i8042prt.sys 4/13/2008 2:5.1 Signed sp3.cat Microsoft Windows Component Publisher
iastor.sys 6/17/2005 2:5.00,2:5.1,2:5.2 Signed oem1.CAT Microsoft Windows Hardware Compatibility Publisher
imapi.sys 4/13/2008 2:5.1 Signed sp3.cat Microsoft Windows Component Publisher
intelide.sys 4/13/2008 2:5.1 Signed sp3.cat Microsoft Windows Component Publisher
intelppm.sys 4/13/2008 2:5.1 Signed sp3.cat Microsoft Windows Component Publisher
ip6fw.sys 4/13/2008 2:5.1 Signed sp3.cat Microsoft Windows Component Publisher
ipfltdrv.sys 8/9/2004 2:5.1 Signed nt5.cat Microsoft Windows Component Publisher
ipinip.sys 4/13/2008 2:5.1 Signed sp3.cat Microsoft Windows Component Publisher
ipnat.sys 4/13/2008 2:5.1 Signed sp3.cat Microsoft Windows Component Publisher
ipsec.sys 4/13/2008 2:5.1 Signed sp3.cat Microsoft Windows Component Publisher
irbus.sys 4/13/2008 2:5.1 Signed sp3.cat Microsoft Windows Component Publisher
irenum.sys 4/13/2008 2:5.1 Signed sp3.cat Microsoft Windows Component Publisher
isapnp.sys 4/13/2008 2:5.1 Signed sp3.cat Microsoft Windows Component Publisher
kbdclass.sys 4/13/2008 2:5.1 Signed sp3.cat Microsoft Windows Component Publisher
kbdhid.sys 4/13/2008 2:5.1 Signed sp3.cat Microsoft Windows Component Publisher
kmixer.sys 4/13/2008 2:5.1 Signed sp3.cat Microsoft Windows Component Publisher
ks.sys 4/13/2008 2:5.1 Signed sp3.cat Microsoft Windows Component Publisher
ksecdd.sys 6/24/2009 2:5.1 Signed KB968389.cat Microsoft Windows Component Publisher
lirsgt.sys 7/8/2010 None Signed N/A Tages SA
mbam.sys 4/29/2010 None Signed N/A Malwarebytes Corporation
mbamswissarmy.sys 4/29/2010 None Signed N/A Malwarebytes Corporation
mcd.sys 8/9/2004 2:5.1 Signed nt5.cat Microsoft Windows Component Publisher
mdmxsdk.sys 10/5/2005 2:5.1 Signed oem8.CAT Microsoft Windows Hardware Compatibility Publisher
mf.sys 4/13/2008 2:5.1 Signed sp3.cat Microsoft Windows Component Publisher
mhndrv.sys 8/10/2004 5.1.2600.2180 Not Signed N/A
mnmdd.sys 8/9/2004 2:5.1 Signed nt5.cat Microsoft Windows Component Publisher
modem.sys 4/13/2008 2:5.1 Signed sp3.cat Microsoft Windows Component Publisher
mouclass.sys 4/13/2008 2:5.1 Signed sp3.cat Microsoft Windows Component Publisher
mouhid.sys 8/17/2001 2:5.1 Signed nt5.cat Microsoft Windows Component Publisher
mountmgr.sys 4/13/2008 2:5.1 Signed sp3.cat Microsoft Windows Component Publisher
mqac.sys 4/13/2008 2:5.1 Signed sp3.cat Microsoft Windows Component Publisher
mrxdav.sys 4/13/2008 2:5.1 Signed sp3.cat Microsoft Windows Component Publisher
mrxsmb.sys 2/24/2010 2:5.1 Signed KB980232.cat Microsoft Windows Component Publisher
msfs.sys 4/13/2008 2:5.1 Signed sp3.cat Microsoft Windows Component Publisher
msgpc.sys 4/13/2008 2:5.1 Signed sp3.cat Microsoft Windows Component Publisher
mskssrv.sys 4/13/2008 2:5.1 Signed sp3.cat Microsoft Windows Component Publisher
mspclock.sys 4/13/2008 2:5.1 Signed sp3.cat Microsoft Windows Component Publisher
mspqm.sys 4/13/2008 2:5.1 Signed sp3.cat Microsoft Windows Component Publisher
mssmbios.sys 4/13/2008 2:5.1 Signed sp3.cat Microsoft Windows Component Publisher
mstee.sys 4/13/2008 2:5.1 Signed sp3.cat Microsoft Windows Component Publisher
mtlmnt5.sys 8/3/2004 2:5.1 Signed sp3.cat Microsoft Windows Component Publisher
mtlstrm.sys 8/3/2004 2:5.1 Signed sp3.cat Microsoft Windows Component Publisher
mtxparhm.sys 8/3/2004 2:5.1 Signed sp3.cat Microsoft Windows Component Publisher
mup.sys 4/13/2008 2:5.1 Signed sp3.cat Microsoft Windows Component Publisher
mutohpen.sys 4/13/2008 2:5.1 Signed sp3.cat Microsoft Windows Component Publisher
nabtsfec.sys 4/13/2008 2:5.1 Signed sp3.cat Microsoft Windows Component Publisher
ndis.sys 4/13/2008 2:5.1 Signed sp3.cat Microsoft Windows Component Publisher
ndisip.sys 4/13/2008 2:5.1 Signed sp3.cat Microsoft Windows Component Publisher
ndistapi.sys 4/13/2008 2:5.1 Signed sp3.cat Microsoft Windows Component Publisher
ndisuio.sys 4/13/2008 2:5.1 Signed sp3.cat Microsoft Windows Component Publisher
ndiswan.sys 4/13/2008 2:5.1 Signed sp3.cat Microsoft Windows Component Publisher
ndproxy.sys 4/13/2008 2:5.1 Signed sp3.cat Microsoft Windows Component Publisher
netbios.sys 4/13/2008 2:5.1 Signed sp3.cat Microsoft Windows Component Publisher
netbt.sys 4/13/2008 2:5.1 Signed sp3.cat Microsoft Windows Component Publisher
netwlan5.img 7/17/2004 2:5.1 Signed sp3.cat Microsoft Windows Component Publisher
nic1394.sys 4/13/2008 2:5.1 Signed sp3.cat Microsoft Windows Component Publisher
nikedrv.sys 8/10/2004 2:5.1 Signed nt5inf.cat Microsoft Windows Component Publisher
nmnt.sys 4/13/2008 2:5.1 Signed sp3.cat Microsoft Windows Component Publisher
npfs.sys 4/13/2008 2:5.1 Signed sp3.cat Microsoft Windows Component Publisher
ntfs.sys 4/13/2008 2:5.1 Signed sp3.cat Microsoft Windows Component Publisher
ntmtlfax.sys 8/3/2004 2:5.1 Signed sp3.cat Microsoft Windows Component Publisher
nuidfltr.sys 5/9/2009 2:5.1,2:6.0,2:6.1 Signed oem142.CAT Microsoft Windows Hardware Compatibility Publisher
null.sys 8/9/2004 2:5.1 Signed nt5.cat Microsoft Windows Component Publisher
nv4_mini.sys 4/3/2010 2:5.00,2:5.1 Signed oem143.CAT Microsoft Windows Hardware Compatibility Publisher
nvenetfd.sys 3/3/2006 2:5.00,2:5.1 Signed oem134.CAT Microsoft Windows Hardware Compatibility Publisher
nvgts.sys 8/18/2008 2:5.00,2:5.1 Signed oem138.CAT Microsoft Windows Hardware Compatibility Publisher
nvnetbus.sys 3/3/2006 2:5.00,2:5.1 Signed oem133.CAT Microsoft Windows Hardware Compatibility Publisher
nvnrm.sys 3/3/2006 2:5.00,2:5.1 Signed oem133.CAT Microsoft Windows Hardware Compatibility Publisher
nvsnpu.sys 3/3/2006 2:5.00,2:5.1 Signed oem133.CAT Microsoft Windows Hardware Compatibility Publisher
nvtcp.sys 3/3/2006 1.0.0.5024 Not Signed N/A
nwlnkflt.sys 8/9/2004 2:5.1 Signed nt5.cat Microsoft Windows Component Publisher
nwlnkfwd.sys 8/9/2004 2:5.1 Signed nt5.cat Microsoft Windows Component Publisher
nwlnkipx.sys 4/13/2008 2:5.1 Signed sp3.cat Microsoft Windows Component Publisher
nwlnknb.sys 8/9/2004 2:5.1 Signed nt5.cat Microsoft Windows Component Publisher
nwlnkspx.sys 8/9/2004 2:5.1 Signed nt5.cat Microsoft Windows Component Publisher
nwrdr.sys 4/13/2008 2:5.1 Signed sp3.cat Microsoft Windows Component Publisher
ohci1394.sys 4/13/2008 2:5.1 Signed sp3.cat Microsoft Windows Component Publisher
oprghdlr.sys 8/9/2004 2:5.1 Signed nt5.cat Microsoft Windows Component Publisher
p3.sys 4/13/2008 2:5.1 Signed sp3.cat Microsoft Windows Component Publisher
parport.sys 4/13/2008 2:5.1 Signed sp3.cat Microsoft Windows Component Publisher
partmgr.sys 4/13/2008 2:5.1 Signed sp3.cat Microsoft Windows Component Publisher
parvdm.sys 8/9/2004 2:5.1 Signed nt5.cat Microsoft Windows Component Publisher
pcdrndisuio.sys 2/2/2006 5.1.2600.2180 Not Signed N/A
pci.sys 4/13/2008 2:5.1 Signed sp3.cat Microsoft Windows Component Publisher
pciide.sys 8/17/2001 2:5.1 Signed nt5.cat Microsoft Windows Component Publisher
pciidex.sys 4/13/2008 2:5.1 Signed sp3.cat Microsoft Windows Component Publisher
pcmcia.sys 4/13/2008 2:5.1 Signed sp3.cat Microsoft Windows Component Publisher
point32.sys 6/10/2008 2:5.00,2:5.1,2:5.2 Signed oem6.CAT Microsoft Windows Hardware Compatibility Publisher
portcls.sys 4/13/2008 2:5.1 Signed sp3.cat Microsoft Windows Component Publisher
processr.sys 4/13/2008 2:5.1 Signed sp3.cat Microsoft Windows Component Publisher
ps2.sys 12/12/2005 2:5.1 Signed oem107.CAT Microsoft Windows Hardware Compatibility Publisher
psched.sys 4/13/2008 2:5.1 Signed sp3.cat Microsoft Windows Component Publisher
psinaflt.sys 10/30/2009 None Signed N/A Panda Security S.L
psinfile.sys 10/13/2009 None Signed N/A Panda Security S.L
psinknc.sys 10/13/2009 None Signed N/A Panda Security S.L
psinproc.sys 10/13/2009 None Signed N/A Panda Security S.L
ptilink.sys 8/9/2004 2:5.1 Signed nt5.cat Microsoft Windows Component Publisher
pxhelp20.sys 8/19/2005 3.0.9.0 Not Signed N/A
rasacd.sys 8/9/2004 2:5.1 Signed nt5.cat Microsoft Windows Component Publisher
rasl2tp.sys 4/13/2008 2:5.1 Signed sp3.cat Microsoft Windows Component Publisher
raspppoe.sys 4/13/2008 2:5.1 Signed sp3.cat Microsoft Windows Component Publisher
raspptp.sys 4/13/2008 2:5.1 Signed sp3.cat Microsoft Windows Component Publisher
raspti.sys 8/9/2004 2:5.1 Signed nt5.cat Microsoft Windows Component Publisher
rawwan.sys 8/9/2004 2:5.1 Signed nt5.cat Microsoft Windows Component Publisher
rdbss.sys 4/13/2008 2:5.1 Signed sp3.cat Microsoft Windows Component Publisher
rdpcdd.sys 8/9/2004 2:5.1 Signed nt5.cat Microsoft Windows Component Publisher
rdpdr.sys 4/13/2008 2:5.1 Signed sp3.cat Microsoft Windows Component Publisher
rdpwd.sys 4/13/2008 2:5.1 Signed sp3.cat Microsoft Windows Component Publisher
recagent.sys 8/3/2004 2:5.1 Signed sp3.cat Microsoft Windows Component Publisher
redbook.sys 4/13/2008 2:5.1 Signed sp3.cat Microsoft Windows Component Publisher
rfcomm.sys 4/13/2008 2:5.1 Signed sp3.cat Microsoft Windows Component Publisher
rio8drv.sys 8/10/2004 2:5.1 Signed nt5inf.cat Microsoft Windows Component Publisher
riodrv.sys 8/10/2004 2:5.1 Signed nt5inf.cat Microsoft Windows Component Publisher
rmcast.sys 5/8/2008 2:5.1 Signed KB950762.cat Microsoft Windows Component Publisher
rndismp.sys 4/13/2008 2:5.1 Signed sp3.cat Microsoft Windows Component Publisher
rndismpx.sys 4/13/2008 2:5.1 Signed sp3.cat Microsoft Windows Component Publisher
rootmdm.sys 8/9/2004 2:5.1 Signed nt5.cat Microsoft Windows Component Publisher
rtkhdaud.sys 2/11/2009 2:5.00,2:5.1 Signed oem150.CAT Microsoft Windows Hardware Compatibility Publisher
rtl8139.sys 8/3/2004 2:5.1 Signed sp3.cat Microsoft Windows Component Publisher
s3gnbm.sys 8/3/2004 2:5.1 Signed sp3.cat Microsoft Windows Component Publisher
scsiport.sys 4/13/2008 2:5.1 Signed sp3.cat Microsoft Windows Component Publisher
sdbus.sys 4/13/2008 2:5.1 Signed sp3.cat Microsoft Windows Component Publisher
secdrv.sys 11/13/2007 2:5.1 Signed sp3.cat Microsoft Windows Component Publisher
serenum.sys 4/13/2008 2:5.1 Signed sp3.cat Microsoft Windows Component Publisher
serial.sys 4/13/2008 2:5.1 Signed sp3.cat Microsoft Windows Component Publisher
sffdisk.sys 4/13/2008 2:5.1 Signed sp3.cat Microsoft Windows Component Publisher
sffp_mmc.sys 4/13/2008 2:5.1 Signed sp3.cat Microsoft Windows Component Publisher
sffp_sd.sys 4/13/2008 2:5.1 Signed sp3.cat Microsoft Windows Component Publisher
sfloppy.sys 4/13/2008 2:5.1 Signed sp3.cat Microsoft Windows Component Publisher
siint5.dll 4/13/2008 2:5.1 Signed sp3.cat Microsoft Windows Component Publisher
sisagp.sys 4/13/2008 2:5.1 Signed sp3.cat Microsoft Windows Component Publisher
slip.sys 4/13/2008 2:5.1 Signed sp3.cat Microsoft Windows Component Publisher
slnt7554.sys 8/3/2004 2:5.1 Signed sp3.cat Microsoft Windows Component Publisher
slntamr.sys 8/3/2004 2:5.1 Signed sp3.cat Microsoft Windows Component Publisher
slnthal.sys 8/3/2004 2:5.1 Signed sp3.cat Microsoft Windows Component Publisher
slwdmsup.sys 8/3/2004 2:5.1 Signed sp3.cat Microsoft Windows Component Publisher
smbali.sys 4/13/2008 2:5.1 Signed sp3.cat Microsoft Windows Component Publisher
smclib.sys 8/9/2004 2:5.1 Signed nt5.cat Microsoft Windows Component Publisher
sonydcam.sys 4/13/2008 2:5.1 Signed sp3.cat Microsoft Windows Component Publisher
splitter.sys 4/13/2008 2:5.1 Signed sp3.cat Microsoft Windows Component Publisher
sr.sys 4/13/2008 2:5.1 Signed sp3.cat Microsoft Windows Component Publisher
srv.sys 12/31/2009 2:5.1 Signed KB971468.cat Microsoft Windows Component Publisher
stream.sys 4/13/2008 2:5.1 Signed sp3.cat Microsoft Windows Component Publisher
streamip.sys 4/13/2008 2:5.1 Signed sp3.cat Microsoft Windows Component Publisher
swenum.sys 4/13/2008 2:5.1 Signed sp3.cat Microsoft Windows Component Publisher
swmidi.sys 4/13/2008 2:5.1 Signed sp3.cat Microsoft Windows Component Publisher
sysaudio.sys 4/13/2008 2:5.1 Signed sp3.cat Microsoft Windows Component Publisher
tape.sys 4/13/2008 2:5.1 Signed sp3.cat Microsoft Windows Component Publisher
tcpip.sys 6/20/2008 2:5.1 Signed KB951748.cat Microsoft Windows Component Publisher
tcpip6.sys 2/11/2010 2:5.1 Signed KB978338.cat Microsoft Windows Component Publisher
tdi.sys 4/13/2008 2:5.1 Signed sp3.cat Microsoft Windows Component Publisher
tdpipe.sys 4/13/2008 2:5.1 Signed sp3.cat Microsoft Windows Component Publisher
tdtcp.sys 4/13/2008 2:5.1 Signed sp3.cat Microsoft Windows Component Publisher
termdd.sys 4/13/2008 2:5.1 Signed sp3.cat Microsoft Windows Component Publisher
tosdvd.sys 8/10/2004 2:5.1 Signed nt5.cat Microsoft Windows Component Publisher
tsbvcap.sys 8/10/2004 2:5.1 Signed nt5.cat Microsoft Windows Component Publisher
tunmp.sys 4/13/2008 2:5.1 Signed sp3.cat Microsoft Windows Component Publisher
uagp35.sys 4/13/2008 2:5.1 Signed sp3.cat Microsoft Windows Component Publisher
udfs.sys 4/13/2008 2:5.1 Signed sp3.cat Microsoft Windows Component Publisher
update.sys 4/13/2008 2:5.1 Signed sp3.cat Microsoft Windows Component Publisher
usb8023.sys 4/13/2008 2:5.1 Signed sp3.cat Microsoft Windows Component Publisher
usb8023x.sys 4/13/2008 2:5.1 Signed sp3.cat Microsoft Windows Component Publisher
usbaudio.sys 4/13/2008 2:5.1 Signed sp3.cat Microsoft Windows Component Publisher
usbcamd.sys 4/13/2008 2:5.1 Signed sp3.cat Microsoft Windows Component Publisher
usbcamd2.sys 4/13/2008 2:5.1 Signed sp3.cat Microsoft Windows Component Publisher
usbccgp.sys 4/13/2008 2:5.1 Signed sp3.cat Microsoft Windows Component Publisher
usbd.sys 8/9/2004 2:5.1 Signed nt5.cat Microsoft Windows Component Publisher
usbehci.sys 4/13/2008 2:5.1 Signed sp3.cat Microsoft Windows Component Publisher
usbhub.sys 4/13/2008 2:5.1 Signed sp3.cat Microsoft Windows Component Publisher
usbintel.sys 4/13/2008 2:5.1 Signed sp3.cat Microsoft Windows Component Publisher
usbkey.sys 2/2/2006 None Not Signed N/A
usbohci.sys 4/13/2008 2:5.1 Signed sp3.cat Microsoft Windows Component Publisher
usbport.sys 4/13/2008 2:5.1 Signed sp3.cat Microsoft Windows Component Publisher
usbprint.sys 4/13/2008 2:5.1 Signed sp3.cat Microsoft Windows Component Publisher
usbscan.sys 4/13/2008 2:5.1 Signed sp3.cat Microsoft Windows Component Publisher
usbstor.sys 4/13/2008 2:5.1 Signed sp3.cat Microsoft Windows Component Publisher
usbuhci.sys 4/13/2008 2:5.1 Signed sp3.cat Microsoft Windows Component Publisher
usbvideo.sys 4/13/2008 2:5.1 Signed sp3.cat Microsoft Windows Component Publisher
vchnt5.dll 4/13/2008 2:5.1 Signed sp3.cat Microsoft Windows Component Publisher
vdmindvd.sys 8/10/2004 2:5.1 Signed nt5.cat Microsoft Windows Component Publisher
vga.sys 4/13/2008 2:5.1 Signed sp3.cat Microsoft Windows Component Publisher
viaagp.sys 4/13/2008 2:5.1 Signed sp3.cat Microsoft Windows Component Publisher
viaide.sys 4/13/2008 2:5.1 Signed sp3.cat Microsoft Windows Component Publisher
videoprt.sys 4/13/2008 2:5.1 Signed sp3.cat Microsoft Windows Component Publisher
volsnap.sys 4/13/2008 2:5.1 Signed sp3.cat Microsoft Windows Component Publisher
wacompen.sys 4/13/2008 2:5.1 Signed sp3.cat Microsoft Windows Component Publisher
wadv07nt.sys 8/3/2004 2:5.1 Signed sp3.cat Microsoft Windows Component Publisher
wadv08nt.sys 8/3/2004 2:5.1 Signed sp3.cat Microsoft Windows Component Publisher
wadv09nt.sys 8/3/2004 2:5.1 Signed sp3.cat Microsoft Windows Component Publisher
wadv11nt.sys 8/3/2004 2:5.1 Signed sp3.cat Microsoft Windows Component Publisher
wanarp.sys 4/13/2008 2:5.1 Signed sp3.cat Microsoft Windows Component Publisher
watv06nt.sys 8/3/2004 2:5.1 Signed sp3.cat Microsoft Windows Component Publisher
watv10nt.sys 8/3/2004 2:5.1 Signed sp3.cat Microsoft Windows Component Publisher
wdf01000.sys 11/2/2006 2:5.0,2:5.1,2:5.2 Signed Wdf01005.cat Microsoft Windows Component Publisher
wdfldr.sys 11/2/2006 2:5.0,2:5.1,2:5.2 Signed Wdf01005.cat Microsoft Windows Component Publisher
wdmaud.sys 4/13/2008 2:5.1 Signed sp3.cat Microsoft Windows Component Publisher
wmilib.sys 8/9/2004 2:5.1 Signed nt5.cat Microsoft Windows Component Publisher
wpdusb.sys 10/18/2006 2:5.1 Signed WMFDist11.cat Microsoft Windows Component Publisher
ws2ifsl.sys 8/9/2004 2:5.1 Signed nt5.cat Microsoft Windows Component Publisher
wstcodec.sys 4/13/2008 2:5.1 Signed sp3.cat Microsoft Windows Component Publisher
wudfpf.sys 9/28/2006 2:5.1,2:5.2 Signed Wudf01000.cat Microsoft Windows
wudfrd.sys 9/28/2006 2:5.1,2:5.2 Signed Wudf01000.cat Microsoft Windows

Unscanned Files:
------------------
[c:\windows\system32\drivers]
msftwdf_kernel_01005msft_kernel_nuidfltrsptd.sys The process cannot access the file because it is being used by another process.

crucifix676
Novice
Novice

Posts Posts : 49
Joined Joined : 2010-06-22
OS OS : Windows XP
Points Points : 24303
# Likes # Likes : 0

View user profile

Back to top Go down

Re: Google Redirecting Malware

Post by Dr Jay on Mon Jul 26, 2010 7:59 am

How often do the redirects occur? What causes them?


Dr. Jay (DJ)


[You must be registered and logged in to see this link.] ~ [You must be registered and logged in to see this link.] ~ [You must be registered and logged in to see this link.] ~ [You must be registered and logged in to see this link.]

Dr Jay
Head Administrator
Head Administrator

Posts Posts : 13714
Joined Joined : 2009-09-06
Gender Gender : Male
OS OS : Windows 10 Home & Pro
Protection Protection : Bitdefender Total Security
Points Points : 302072
# Likes # Likes : 10

View user profile

Back to top Go down

Re: Google Redirecting Malware

Post by crucifix676 on Mon Jul 26, 2010 10:16 am

The redirects happen pretty sporadically, and they seem to only occur on Google search engines. I click on a search result and sometimes I get redirected to a completely unrelated and ad-filled site. Often times I will just go back to the original search page and click on the search result again many times before I finally go to the correct page and not an unrelated redirected page. There seems to be some side symptoms of this such as slower computer speed and occasional error messages, but it could be something other than the redirecting issue.

crucifix676
Novice
Novice

Posts Posts : 49
Joined Joined : 2010-06-22
OS OS : Windows XP
Points Points : 24303
# Likes # Likes : 0

View user profile

Back to top Go down

Re: Google Redirecting Malware

Post by Dr Jay on Tue Jul 27, 2010 4:36 am

Please download [You must be registered and logged in to see this link.] by DragonMaster Jay.
  • Save it to your Desktop.
  • Right-click on the file and select Extract All...
  • Choose a location to save extracted files and keep pressing Next until Finish.
  • Double-click RenewMyDNS folder, then double-click RenewMyDNS.bat to start the program.
  • Follow the prompts, and when finished it will launch a log.
  • Post that log in your next reply.
  • After posting the log, delete the folder RenewMyDNS.


Dr. Jay (DJ)


[You must be registered and logged in to see this link.] ~ [You must be registered and logged in to see this link.] ~ [You must be registered and logged in to see this link.] ~ [You must be registered and logged in to see this link.]

Dr Jay
Head Administrator
Head Administrator

Posts Posts : 13714
Joined Joined : 2009-09-06
Gender Gender : Male
OS OS : Windows 10 Home & Pro
Protection Protection : Bitdefender Total Security
Points Points : 302072
# Likes # Likes : 10

View user profile

Back to top Go down

Re: Google Redirecting Malware

Post by crucifix676 on Tue Jul 27, 2010 8:16 am



Reply from 98.137.149.56: bytes=32 time=477ms TTL=56

Reply from 98.137.149.56: bytes=32 time=310ms TTL=56

Request timed out.

Reply from 98.137.149.56: bytes=32 time=555ms TTL=56



Ping statistics for 98.137.149.56:

Packets: Sent = 4, Received = 3, Lost = 1 (25% loss),

Approximate round trip times in milli-seconds:

Minimum = 310ms, Maximum = 555ms, Average = 447ms



Pinging GeekPolice.net [64.202.189.170] with 32 bytes of data:



Reply from 64.202.189.170: bytes=32 time=409ms TTL=117

Reply from 64.202.189.170: bytes=32 time=518ms TTL=117

Reply from 64.202.189.170: bytes=32 time=404ms TTL=117

Reply from 64.202.189.170: bytes=32 time=394ms TTL=117



Ping statistics for 64.202.189.170:

Packets: Sent = 4, Received = 4, Lost = 0 (0% loss),

Approximate round trip times in milli-seconds:

Minimum = 394ms, Maximum = 518ms, Average = 431ms



Pinging facebook.com [69.63.189.16] with 32 bytes of data:



Reply from 69.63.189.16: bytes=32 time=426ms TTL=242

Reply from 69.63.189.16: bytes=32 time=423ms TTL=242

Reply from 69.63.189.16: bytes=32 time=206ms TTL=242

Reply from 69.63.189.16: bytes=32 time=93ms TTL=242



Ping statistics for 69.63.189.16:

Packets: Sent = 4, Received = 4, Lost = 0 (0% loss),

Approximate round trip times in milli-seconds:

Minimum = 93ms, Maximum = 426ms, Average = 287ms



Pinging microsoft.com [207.46.232.182] with 32 bytes of data:



Request timed out.

Request timed out.

Request timed out.

Request timed out.



Ping statistics for 207.46.232.182:

Packets: Sent = 4, Received = 0, Lost = 4 (100% loss),


********************
EOF

crucifix676
Novice
Novice

Posts Posts : 49
Joined Joined : 2010-06-22
OS OS : Windows XP
Points Points : 24303
# Likes # Likes : 0

View user profile

Back to top Go down

Re: Google Redirecting Malware

Post by Dr Jay on Tue Jul 27, 2010 6:16 pm

That is not a complete log. The information I needed is at the beginning of the log.

Please re-run the tool and post a new log.


Dr. Jay (DJ)


[You must be registered and logged in to see this link.] ~ [You must be registered and logged in to see this link.] ~ [You must be registered and logged in to see this link.] ~ [You must be registered and logged in to see this link.]

Dr Jay
Head Administrator
Head Administrator

Posts Posts : 13714
Joined Joined : 2009-09-06
Gender Gender : Male
OS OS : Windows 10 Home & Pro
Protection Protection : Bitdefender Total Security
Points Points : 302072
# Likes # Likes : 10

View user profile

Back to top Go down

Re: Google Redirecting Malware

Post by crucifix676 on Tue Jul 27, 2010 11:58 pm

RenewMyDNS by DragonMaster Jay
DNS Diagnostics and refresher
Version 0.1.4 - November 2009

Microsoft Windows XP [Version 5.1.2600]


(((((((((((((((((((( Network and DNS Information ))))))))))))))))))))




Windows IP Configuration



Host Name . . . . . . . . . . . . : Eric

Primary Dns Suffix . . . . . . . :

Node Type . . . . . . . . . . . . : Broadcast

IP Routing Enabled. . . . . . . . : No

WINS Proxy Enabled. . . . . . . . : No

DNS Suffix Search List. . . . . . : gateway.2wire.net



Ethernet adapter Local Area Connection 4:



Connection-specific DNS Suffix . : gateway.2wire.net

Description . . . . . . . . . . . : NVIDIA nForce Networking Controller

Physical Address. . . . . . . . . : 00-17-31-CD-35-0C

Dhcp Enabled. . . . . . . . . . . : Yes

Autoconfiguration Enabled . . . . : Yes

IP Address. . . . . . . . . . . . : 172.16.1.37

Subnet Mask . . . . . . . . . . . : 255.255.0.0

Default Gateway . . . . . . . . . : 172.16.0.1

DHCP Server . . . . . . . . . . . : 172.16.0.1

DNS Servers . . . . . . . . . . . : 4.2.2.2

4.2.2.3

Lease Obtained. . . . . . . . . . : Tuesday, July 27, 2010 4:49:11 PM

Lease Expires . . . . . . . . . . : Tuesday, July 27, 2010 5:49:11 PM


(((((((((((((((((((( DNS-Fake Request Testing and Flush ))))))))))))))))))))

... Requests made were successful


Windows IP Configuration



Successfully flushed the DNS Resolver Cache.



(((((((((((((((((((( Speed-test - Ping ))))))))))))))))))))


Pinging yahoo.com [69.147.125.65] with 32 bytes of data:



Reply from 69.147.125.65: bytes=32 time=223ms TTL=48

Reply from 69.147.125.65: bytes=32 time=113ms TTL=48

Reply from 69.147.125.65: bytes=32 time=253ms TTL=48

Reply from 69.147.125.65: bytes=32 time=124ms TTL=48



Ping statistics for 69.147.125.65:

Packets: Sent = 4, Received = 4, Lost = 0 (0% loss),

Approximate round trip times in milli-seconds:

Minimum = 113ms, Maximum = 253ms, Average = 178ms



Pinging GeekPolice.net [64.202.189.170] with 32 bytes of data:



Reply from 64.202.189.170: bytes=32 time=93ms TTL=117

Reply from 64.202.189.170: bytes=32 time=41ms TTL=117

Reply from 64.202.189.170: bytes=32 time=40ms TTL=117

Reply from 64.202.189.170: bytes=32 time=41ms TTL=117



Ping statistics for 64.202.189.170:

Packets: Sent = 4, Received = 4, Lost = 0 (0% loss),

Approximate round trip times in milli-seconds:

Minimum = 40ms, Maximum = 93ms, Average = 53ms



Pinging facebook.com [69.63.181.11] with 32 bytes of data:



Reply from 69.63.181.11: bytes=32 time=18ms TTL=243

Reply from 69.63.181.11: bytes=32 time=18ms TTL=243

Reply from 69.63.181.11: bytes=32 time=19ms TTL=243

Reply from 69.63.181.11: bytes=32 time=140ms TTL=243



Ping statistics for 69.63.181.11:

Packets: Sent = 4, Received = 4, Lost = 0 (0% loss),

Approximate round trip times in milli-seconds:

Minimum = 18ms, Maximum = 140ms, Average = 48ms



Pinging microsoft.com [207.46.232.182] with 32 bytes of data:



Request timed out.

Request timed out.

Request timed out.

Request timed out.



Ping statistics for 207.46.232.182:

Packets: Sent = 4, Received = 0, Lost = 4 (100% loss),


********************
EOF

crucifix676
Novice
Novice

Posts Posts : 49
Joined Joined : 2010-06-22
OS OS : Windows XP
Points Points : 24303
# Likes # Likes : 0

View user profile

Back to top Go down

Re: Google Redirecting Malware

Post by Dr Jay on Wed Jul 28, 2010 3:29 am

Please download [You must be registered and logged in to see this link.] and save it to your Desktop.

Note: You must be logged on to the system with an account that has Administrator privileges to run this program.
  • Close ALL OTHER PROGRAMS.
  • Double-click on OTS to start the program (if you are running on Vista then right-click the program and
    choose Run as Administrator).
  • At the top, tick on Scan All Users section and Include MD5.
  • At File Age set it to 90 Days
  • In the Processes, Modules, Services, Drivers, and Registry
    section, please set on Safe List.
  • In the Files Created Within and Files Modified Within section, set it to File Age
  • At the bottom, tick on all Safe List and Use Company Name WhiteList option
  • Under Additional Scans, tick on the "Extras" button and then click the checkboxes in front of the following items to select them:
      Reg - Disabled MS Config Items
      Reg - Drivers32
      Reg - Ext
      Reg - IE
      Explorer Bar
      Reg - NetSvcs
      Reg - Safeboot Minimal
      Reg - Safeboot Network
      File - Lop Check
      File - Purity Scan
  • Do NOT change any other settings.
  • Then, in the Custom Scans box, place this in:

    %systemroot%\*. /mp /s
    %systemroot%\system32\*.dll /lockedfiles
    %systemroot%\system32\*.exe /lockedfiles
    %systemroot%\Tasks\*.job /lockedfiles
    %systemroot%\system32\drivers\*.sys /lockedfiles
    %systemroot%\System32\config\*.sav
    %systemroot%\System32\*.sys
    %systemroot%\System32\drivers\*.dll
    %systemroot%\System32\drivers\*.ini
    %systemroot%\System32\drivers\*.exe
    %SYSTEMDRIVE%\*.*
    %PROGRAMFILES%\*.
    %appdata%\*.*


  • Now click the Run Scan button on the toolbar.
  • Let it run unhindered until it finishes.
  • When the scan is complete Notepad will open with the report file loaded in it.
  • Click the Format menu and make sure that Wordwrap is not checked. If it is then click on it to uncheck it.


Dr. Jay (DJ)


[You must be registered and logged in to see this link.] ~ [You must be registered and logged in to see this link.] ~ [You must be registered and logged in to see this link.] ~ [You must be registered and logged in to see this link.]

Dr Jay
Head Administrator
Head Administrator

Posts Posts : 13714
Joined Joined : 2009-09-06
Gender Gender : Male
OS OS : Windows 10 Home & Pro
Protection Protection : Bitdefender Total Security
Points Points : 302072
# Likes # Likes : 10

View user profile

Back to top Go down

Re: Google Redirecting Malware

Post by crucifix676 on Wed Jul 28, 2010 11:23 am

Computer Name: ERIC
Current User Name: HP_Administrator
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: All users
Company Name Whitelist: On
Skip Microsoft Files: Off
File Age = 90 Days

[Processes - Safe List]
ots.exe -> C:\Documents and Settings\HP_Administrator\My Documents\Downloads\OTS.exe -> [2010/07/28 03:08:03 | 000,641,536 | ---- | M | MD5 = F8652ABB8D613AFCF8CD47FE669F62F5] (OldTimer Tools)
applemobiledeviceservice.exe -> C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe -> [2010/06/10 21:03:08 | 000,144,176 | ---- | M | MD5 = 2E3E53A6AEF23E24F402C7855B9B1542] (Apple Inc.)
psunmain.exe -> C:\Program Files\Panda Security\Panda Cloud Antivirus\PSUNMain.exe -> [2010/05/14 15:06:30 | 000,406,848 | ---- | M | MD5 = 6E89A16E4A3E5FD19AD5B74DA023B671] (Panda Security, S.L.)
psanhost.exe -> C:\Program Files\Panda Security\Panda Cloud Antivirus\PSANHost.exe -> [2010/04/30 13:47:30 | 000,136,448 | ---- | M | MD5 = 9799191F31740EB7979C3B012AA6BA5B] (Panda Security, S.L.)
askupgrade.exe -> C:\Program Files\AskBarDis\bar\bin\ASKUpgrade.exe -> [2009/04/02 12:47:04 | 000,234,888 | ---- | M | MD5 = 367621CB272A8D9E7D910388916D5737] ()
askservice.exe -> C:\Program Files\AskBarDis\bar\bin\AskService.exe -> [2009/04/02 12:47:02 | 000,464,264 | ---- | M | MD5 = 7B44F870FC2DA172C5367D9E3F96F553] ()
psiservice_2.exe -> C:\Program Files\Common Files\Protexis\License Service\PsiService_2.exe -> [2008/07/23 13:54:10 | 000,185,632 | ---- | M | MD5 = D21DFAA93CD6AEF397C033A718C0FFF5] (Protexis Inc.)
explorer.exe -> C:\WINDOWS\explorer.exe -> [2008/04/13 17:12:19 | 001,033,728 | ---- | M | MD5 = 12896823FB95BFB3DC9B46BCAEDC9923] (Microsoft Corporation)
aluschedulersvc.exe -> C:\Program Files\Symantec\LiveUpdate\AluSchedulerSvc.exe -> [2006/07/25 18:03:42 | 000,100,032 | ---- | M | MD5 = 7768CE75C5CBF0D8F441CE2BBD806B7F] (Symantec Corporation)
arservice.exe -> C:\WINDOWS\arservice.exe -> [2005/08/02 23:19:16 | 000,058,880 | ---- | M | MD5 = 9A0D9B2E263BEDE80FB79DDBAD240EC1] (Microsoft)

[Modules - Safe List]
ots.exe -> C:\Documents and Settings\HP_Administrator\My Documents\Downloads\OTS.exe -> [2010/07/28 03:08:03 | 000,641,536 | ---- | M | MD5 = F8652ABB8D613AFCF8CD47FE669F62F5] (OldTimer Tools)
msscript.ocx -> C:\WINDOWS\system32\msscript.ocx -> [2008/04/13 17:10:20 | 000,110,592 | ---- | M | MD5 = DE5160912F4483F37704BE65C315B545] (Microsoft Corporation)

[Win32 Services - Safe List]
(F6E68549) F6E68549 [On_Demand | Stopped] -> C:\WINDOWS\System32\F6E68549.exe -> File not found
(9258704E) 9258704E [On_Demand | Stopped] -> C:\WINDOWS\System32\9258704E.exe -> File not found
(441CC720) 441CC720 [On_Demand | Stopped] -> C:\WINDOWS\System32\441CC720.exe -> File not found
(3D1AB9A9) 3D1AB9A9 [On_Demand | Stopped] -> C:\WINDOWS\System32\3D1AB9A9.exe -> File not found
(Apple Mobile Device) Apple Mobile Device [Auto | Running] -> C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe -> [2010/06/10 21:03:08 | 000,144,176 | ---- | M | MD5 = 2E3E53A6AEF23E24F402C7855B9B1542] (Apple Inc.)
(NanoServiceMain) Panda Cloud Antivirus Service [Auto | Running] -> C:\Program Files\Panda Security\Panda Cloud Antivirus\PSANHost.exe -> [2010/04/30 13:47:30 | 000,136,448 | ---- | M | MD5 = 9799191F31740EB7979C3B012AA6BA5B] (Panda Security, S.L.)
(XobniService) XobniService [Disabled | Stopped] -> C:\Program Files\Xobni\XobniService.exe -> [2009/11/13 11:09:34 | 000,046,824 | ---- | M | MD5 = E2CE4AE31E86161384EB045FD9ED3002] (Xobni Corporation)
(ASKUpgrade) ASKUpgrade [Auto | Running] -> C:\Program Files\AskBarDis\bar\bin\ASKUpgrade.exe -> [2009/04/02 12:47:04 | 000,234,888 | ---- | M | MD5 = 367621CB272A8D9E7D910388916D5737] ()
(ASKService) ASKService [Auto | Running] -> C:\Program Files\AskBarDis\bar\bin\AskService.exe -> [2009/04/02 12:47:02 | 000,464,264 | ---- | M | MD5 = 7B44F870FC2DA172C5367D9E3F96F553] ()
(PSI_SVC_2) Protexis Licensing V2 [Auto | Running] -> C:\Program Files\Common Files\Protexis\License Service\PsiService_2.exe -> [2008/07/23 13:54:10 | 000,185,632 | ---- | M | MD5 = D21DFAA93CD6AEF397C033A718C0FFF5] (Protexis Inc.)
(LiveUpdate) LiveUpdate [Disabled | Stopped] -> C:\Program Files\Symantec\LiveUpdate\LuComServer_3_0.EXE -> [2006/07/25 18:03:42 | 002,119,360 | ---- | M | MD5 = FB466FAA799EACE5075FC1DE269F0066] (Symantec Corporation)
(Automatic LiveUpdate Scheduler) Automatic LiveUpdate Scheduler [Auto | Running] -> C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe -> [2006/07/25 18:03:42 | 000,100,032 | ---- | M | MD5 = 7768CE75C5CBF0D8F441CE2BBD806B7F] (Symantec Corporation)
(ARSVC) ARSVC [Auto | Running] -> C:\WINDOWS\arservice.exe -> [2005/08/02 23:19:16 | 000,058,880 | ---- | M | MD5 = 9A0D9B2E263BEDE80FB79DDBAD240EC1] (Microsoft)
(Pml Driver HPZ12) Pml Driver HPZ12 [Disabled | Stopped] -> C:\WINDOWS\system32\HPZipm12.exe -> [2005/03/14 19:05:02 | 000,069,632 | ---- | M | MD5 = A38B3CE68E7F126190CDE4AA3FDF050F] (HP)

crucifix676
Novice
Novice

Posts Posts : 49
Joined Joined : 2010-06-22
OS OS : Windows XP
Points Points : 24303
# Likes # Likes : 0

View user profile

Back to top Go down

Re: Google Redirecting Malware

Post by crucifix676 on Wed Jul 28, 2010 11:23 am

[Driver Services - Safe List]
(rootrepeal) rootrepeal [Kernel | On_Demand | Stopped] -> C:\WINDOWS\System32\drivers\rootrepeal.sys -> File not found
(RkPavproc1) RkPavproc1 [Kernel | On_Demand | Stopped] -> C:\WINDOWS\System32\drivers\RkPavproc1.sys -> File not found
(Cdrom) CD-ROM Driver [Kernel | System | Stopped] -> C:\WINDOWS\System32\DRIVERS\cdrom.sys -> File not found
(atksgt) atksgt [Kernel | Auto | Running] -> C:\WINDOWS\system32\drivers\atksgt.sys -> [2010/07/08 02:10:46 | 000,278,984 | ---- | M | MD5 = 3C4B9850A2631C2263507400D029057B] ()
(lirsgt) lirsgt [Kernel | Auto | Running] -> C:\WINDOWS\system32\drivers\lirsgt.sys -> [2010/07/08 02:10:46 | 000,025,416 | ---- | M | MD5 = 4127E8B6DDB4090E815C1F8852C277D3] ()
(PSINAflt) PSINAflt [Kernel | Auto | Running] -> C:\WINDOWS\system32\drivers\PSINAflt.sys -> [2010/05/27 18:39:32 | 000,141,384 | ---- | M | MD5 = 469943FB4398DF5662DD5D06193C0BB0] (Panda Security, S.L.)
(PSINProt) PSINProt [Kernel | Auto | Running] -> C:\WINDOWS\system32\drivers\PSINProt.sys -> [2010/05/12 10:58:12 | 000,110,920 | ---- | M | MD5 = 47345C84B45003D4B5975CDA5F026787] (Panda Security, S.L.)
(PSINKNC) PSINKNC [Kernel | System | Running] -> C:\WINDOWS\system32\drivers\PSINKNC.sys -> [2010/05/04 08:36:54 | 000,129,928 | ---- | M | MD5 = 51B0BAB73EC899399E5D6034105D6F21] (Panda Security, S.L.)
(PSINProc) PSINProc [File_System | Auto | Running] -> C:\WINDOWS\system32\drivers\PSINProc.sys -> [2010/04/30 13:46:52 | 000,111,624 | ---- | M | MD5 = D3730032F61FCA2D2AE6A2DAF90347B1] (Panda Security, S.L.)
(PSINFile) PSINFile [File_System | Auto | Running] -> C:\WINDOWS\system32\drivers\PSINFile.sys -> [2010/04/30 13:46:52 | 000,097,032 | ---- | M | MD5 = B573F1EE01046612576907BB08AD8E6F] (Panda Security, S.L.)
(nv) nv [Kernel | On_Demand | Running] -> C:\WINDOWS\system32\drivers\nv4_mini.sys -> [2010/04/03 15:55:31 | 010,232,128 | ---- | M | MD5 = 30913CBF518396912E54C2C9F1DD0F09] (NVIDIA Corporation)
(NuidFltr) NUID filter driver [Kernel | On_Demand | Stopped] -> C:\WINDOWS\system32\drivers\nuidfltr.sys -> [2009/05/09 01:14:20 | 000,014,736 | ---- | M | MD5 = CF7E041663119E09D2E118521ADA9300] (Microsoft Corporation)
(sptd) sptd [Kernel | Boot | Running] -> C:\WINDOWS\System32\Drivers\sptd.sys -> [2009/02/18 00:05:03 | 000,717,296 | ---- | M | Unable to obtain MD5] ()
(IntcAzAudAddService) Service for Realtek HD Audio (WDM) [Kernel | On_Demand | Running] -> C:\WINDOWS\system32\drivers\RtkHDAud.sys -> [2009/02/11 12:40:40 | 005,028,352 | ---- | M | MD5 = 14B48553BE78472D2BD3A518658A1710] (Realtek Semiconductor Corp.)
(nvgts) nvgts [Kernel | Boot | Running] -> C:\WINDOWS\system32\DRIVERS\nvgts.sys -> [2008/08/18 19:54:00 | 000,145,952 | ---- | M | MD5 = EA98BFE4931BD13D747D647C1859796E] (NVIDIA Corporation)
(npkcrypt) npkcrypt [Kernel | On_Demand | Stopped] -> C:\Documents and Settings\HP_Administrator\Desktop\Lineage II\system\npkcrypt.sys -> [2008/04/29 16:04:33 | 000,023,217 | ---- | M | MD5 = FD9666A8EB88E713C18E2E90F6E746D0] (INCA Internet Co., Ltd.)
(eeCtrl) Symantec Eraser Control driver [Kernel | System | Running] -> C:\Program Files\Common Files\Symantec Shared\EENGINE\eeCtrl.sys -> [2008/04/17 11:54:54 | 000,385,072 | ---- | M | MD5 = E89CC1363CB7F5320AE3B41C1333D0C3] (Symantec Corporation)
(usbaudio) USB Audio Driver (WDM) [Kernel | On_Demand | Stopped] -> C:\WINDOWS\system32\drivers\USBAUDIO.sys -> [2008/04/13 12:45:12 | 000,060,032 | ---- | M | MD5 = E919708DB44ED8543A7C017953148330] (Microsoft Corporation)
(IrBus) Infrared bus filter driver for eHome remote controls [Kernel | On_Demand | Stopped] -> C:\WINDOWS\system32\drivers\irbus.sys -> [2008/04/13 11:45:34 | 000,046,592 | ---- | M | MD5 = B43B36B382AEA10861F7C7A37F9D4AE2] (Microsoft Corporation)
(HDAudBus) Microsoft UAA Bus Driver for High Definition Audio [Kernel | On_Demand | Running] -> C:\WINDOWS\system32\drivers\hdaudbus.sys -> [2008/04/13 09:36:05 | 000,144,384 | ---- | M | MD5 = 573C7D0A32852B48F3058CFD8026F511] (Windows (R) Server 2003 DDK provider)
(BANTExt) Belarc SMBios Access [Kernel | System | Running] -> C:\WINDOWS\System32\Drivers\BANTExt.sys -> [2008/02/27 13:49:00 | 000,003,840 | ---- | M | MD5 = 5D7BE7B19E827125E016325334E58FF1] ()
(hcwPP2) Hauppauge WinTV PVR PCI II ([23|25|26]xxx) [Kernel | On_Demand | Running] -> C:\WINDOWS\system32\drivers\hcwPP2.sys -> [2006/04/13 16:47:38 | 000,168,064 | ---- | M | MD5 = 55E4DA7C8CBBA1F2D71720FCA7A5C086] (Hauppauge Computer Works, Inc.)
(nvnetbus) NVIDIA Network Bus Enumerator [Kernel | On_Demand | Running] -> C:\WINDOWS\system32\drivers\nvnetbus.sys -> [2006/03/03 14:31:04 | 000,013,056 | ---- | M | MD5 = 5E3F6AD5CAD0F12D3CCCD06FD964087A] (NVIDIA Corporation)
(NVENETFD) NVIDIA nForce Networking Controller Driver [Kernel | On_Demand | Running] -> C:\WINDOWS\system32\drivers\NVENETFD.sys -> [2006/03/03 14:31:02 | 000,034,176 | ---- | M | MD5 = 22EEDB34C4D7613A25B10C347C6C4C21] (NVIDIA Corporation)
(Ps2) Ps2 [Kernel | On_Demand | Running] -> C:\WINDOWS\system32\drivers\PS2.sys -> [2005/12/12 17:27:00 | 000,019,072 | ---- | M | MD5 = 390C204CED3785609AB24E9C52054A84] (Hewlett-Packard Company)
(HSXHWBS2) HSXHWBS2 [Kernel | On_Demand | Running] -> C:\WINDOWS\system32\drivers\HSXHWBS2.sys -> [2005/12/06 11:20:50 | 000,241,664 | ---- | M | MD5 = 1F5C64B0C6B2E2F48735A77AE714CCB8] (Conexant Systems, Inc.)
(winachsx) winachsx [Kernel | On_Demand | Running] -> C:\WINDOWS\system32\drivers\HSX_CNXT.sys -> [2005/12/06 11:20:42 | 000,670,208 | ---- | M | MD5 = 11EC1AFCEB5C917CE73D3C301FF4291E] (Conexant Systems, Inc.)
(HSX_DP) HSX_DP [Kernel | On_Demand | Running] -> C:\WINDOWS\system32\drivers\HSX_DP.sys -> [2005/12/06 11:20:40 | 000,936,448 | ---- | M | MD5 = A7F8C9228898A1E871D2AE7082F50AC3] (Conexant Systems, Inc.)
(ftsata2) ftsata2 [Kernel | Boot | Running] -> C:\WINDOWS\system32\DRIVERS\ftsata2.sys -> [2005/06/29 17:03:18 | 000,175,104 | ---- | M | MD5 = 22399D3CE5840C6082844679CCA5D2FC] (Promise Technology, Inc.)
(iaStor) Intel RAID Controller [Kernel | Boot | Running] -> C:\WINDOWS\system32\DRIVERS\iaStor.sys -> [2005/06/17 06:33:40 | 000,872,064 | ---- | M | MD5 = 9A65E42664D1534B68512CAAD0EFE963] (Intel Corporation)
(AmdK8) AMD Processor Driver [Kernel | System | Running] -> C:\WINDOWS\system32\drivers\AmdK8.sys -> [2005/03/09 14:53:00 | 000,036,352 | ---- | M | MD5 = 59301936898AE62245A6F09C0ABA9475] (Advanced Micro Devices)
(rtl8139) Realtek RTL8139(A/B/C)-based PCI Fast Ethernet Adapter NT Driver [Kernel | On_Demand | Stopped] -> C:\WINDOWS\system32\drivers\RTL8139.sys -> [2004/08/03 14:31:34 | 000,020,992 | ---- | M | MD5 = D507C1400284176573224903819FFDA3] (Realtek Semiconductor Corporation)
(bb-run) Promise driver accelerator [Kernel | Boot | Running] -> C:\WINDOWS\system32\DRIVERS\bb-run.sys -> [2003/11/05 07:45:12 | 000,017,408 | ---- | M | MD5 = 7270D070173B20AC9487EA16BB08B45F] (Promise Technology, Inc.)

[Registry - Safe List]
< Internet Explorer Settings [HKEY_LOCAL_MACHINE\] > -> ->
HKEY_LOCAL_MACHINE\: Main\"Default_Page_URL" -> [You must be registered and logged in to see this link.] ->
HKEY_LOCAL_MACHINE\: Main\"Default_Search_URL" -> [You must be registered and logged in to see this link.] ->
HKEY_LOCAL_MACHINE\: Main\"Local Page" -> %SystemRoot%\system32\blank.htm ->
HKEY_LOCAL_MACHINE\: Main\"Search Page" -> [You must be registered and logged in to see this link.] ->
HKEY_LOCAL_MACHINE\: Main\"Start Page" -> [You must be registered and logged in to see this link.] ->
HKEY_LOCAL_MACHINE\: Search\"Default_Search_URL" -> [You must be registered and logged in to see this link.] ->
HKEY_LOCAL_MACHINE\: Search\"SearchAssistant" -> [You must be registered and logged in to see this link.] ->
< Internet Explorer Settings [HKEY_USERS\.DEFAULT\] > -> ->
HKEY_USERS\.DEFAULT\: Main\"Default_Page_URL" -> [You must be registered and logged in to see this link.] ->
HKEY_USERS\.DEFAULT\: Main\"Default_Search_URL" -> [You must be registered and logged in to see this link.] ->
HKEY_USERS\.DEFAULT\: Main\"Search Page" -> [You must be registered and logged in to see this link.] ->
HKEY_USERS\.DEFAULT\: Main\"Start Page" -> [You must be registered and logged in to see this link.] ->
HKEY_USERS\.DEFAULT\: "ProxyEnable" -> 0 ->
< Internet Explorer Settings [HKEY_USERS\S-1-5-18\] > -> ->
HKEY_USERS\S-1-5-18\: Main\"Default_Page_URL" -> [You must be registered and logged in to see this link.] ->
HKEY_USERS\S-1-5-18\: Main\"Default_Search_URL" -> [You must be registered and logged in to see this link.] ->
HKEY_USERS\S-1-5-18\: Main\"Search Page" -> [You must be registered and logged in to see this link.] ->
HKEY_USERS\S-1-5-18\: Main\"Start Page" -> [You must be registered and logged in to see this link.] ->
HKEY_USERS\S-1-5-18\: "ProxyEnable" -> 0 ->
< Internet Explorer Settings [HKEY_USERS\S-1-5-19\] > -> ->
< Internet Explorer Settings [HKEY_USERS\S-1-5-20\] > -> ->
< Internet Explorer Settings [HKEY_USERS\S-1-5-21-2239381086-1206112939-3159093799-1008\] > -> ->
HKEY_USERS\S-1-5-21-2239381086-1206112939-3159093799-1008\: Main\"Default_Page_URL" -> [You must be registered and logged in to see this link.] ->
HKEY_USERS\S-1-5-21-2239381086-1206112939-3159093799-1008\: Main\"Default_Search_URL" -> [You must be registered and logged in to see this link.] ->
HKEY_USERS\S-1-5-21-2239381086-1206112939-3159093799-1008\: Main\"Search Page" -> [You must be registered and logged in to see this link.] ->
HKEY_USERS\S-1-5-21-2239381086-1206112939-3159093799-1008\: Main\"Secondary Start Pages" -> [binary data] ->
HKEY_USERS\S-1-5-21-2239381086-1206112939-3159093799-1008\: Search\"SearchAssistant" -> [You must be registered and logged in to see this link.] ->
HKEY_USERS\S-1-5-21-2239381086-1206112939-3159093799-1008\: SearchURL\"" -> [You must be registered and logged in to see this link.] ->
HKEY_USERS\S-1-5-21-2239381086-1206112939-3159093799-1008\: SearchURL\"provider" -> gogl ->
HKEY_USERS\S-1-5-21-2239381086-1206112939-3159093799-1008\: "ProxyEnable" -> 0 ->
HKEY_USERS\S-1-5-21-2239381086-1206112939-3159093799-1008\: "ProxyOverride" -> ;*.local ->
< FireFox Settings [Prefs.js] > -> C:\Documents and Settings\HP_Administrator\Application Data\Mozilla\FireFox\Profiles\7x8fv31u.default\prefs.js ->
browser.search.useDBForOrder -> true ->
browser.startup.homepage -> "http://en-us.start.mozilla.com/firefox?client=firefox-a&rls=org.mozilla:en-US:official" ->
extensions.enabledItems -> [You must be registered and logged in to see this link.]:1.0 ->
keyword.URL -> "http://search.yahoo.com/search?fr=panda&type=panda1_0yatb&p=" ->
< FireFox Settings [User.js] > -> C:\Documents and Settings\HP_Administrator\Application Data\Mozilla\FireFox\Profiles\7x8fv31u.default\user.js ->
< FireFox Extensions [HKLM] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Mozilla
HKLM\software\mozilla\Firefox\extensions -> ->
HKLM\software\mozilla\Firefox\extensions\\widgetruntime@surfsecret.com -> C:\Program Files\Panda Security\Panda ID Protect\Firefox [C:\PROGRAM FILES\PANDA SECURITY\PANDA ID PROTECT\FIREFOX] -> [2010/07/27 02:20:55 | 000,000,000 | ---D | M]
HKLM\software\mozilla\Mozilla Firefox 3.6.8\extensions -> ->
HKLM\software\mozilla\Mozilla Firefox 3.6.8\extensions\\Components -> C:\Program Files\Mozilla Firefox\components [C:\PROGRAM FILES\MOZILLA FIREFOX\COMPONENTS] -> [2010/07/27 16:55:23 | 000,000,000 | ---D | M]
HKLM\software\mozilla\Mozilla Firefox 3.6.8\extensions\\Plugins -> C:\Program Files\Mozilla Firefox\plugins [C:\PROGRAM FILES\MOZILLA FIREFOX\PLUGINS] -> [2010/07/27 16:55:22 | 000,000,000 | ---D | M]
< FireFox Extensions [User Folders] > ->
-> C:\Documents and Settings\HP_Administrator\Application Data\Mozilla\Extensions -> [2008/09/01 01:08:29 | 000,000,000 | ---D | M]
-> C:\Documents and Settings\HP_Administrator\Application Data\Mozilla\Firefox\Profiles\7x8fv31u.default\extensions -> [2010/07/27 16:52:59 | 000,000,000 | ---D | M]
Microsoft .NET Framework Assistant -> C:\Documents and Settings\HP_Administrator\Application Data\Mozilla\Firefox\Profiles\7x8fv31u.default\extensions\{20a82645-c095-46ed-80e3-08825760534b} -> [2010/04/27 13:53:02 | 000,000,000 | ---D | M]
-> C:\Documents and Settings\HP_Administrator\Application Data\Mozilla\Firefox\Profiles\7x8fv31u.default\extensions\personas@christopher.beard -> [2010/05/13 20:57:03 | 000,000,000 | ---D | M]
< FireFox SearchPlugins [User Folders] > ->
youtube-video-search.xml -> C:\Documents and Settings\HP_Administrator\Application Data\Mozilla\Firefox\Profiles\7x8fv31u.default\searchplugins\youtube-video-search.xml -> [2008/12/13 20:46:11 | 000,002,109 | ---- | M | MD5 = EB368E78ECC13C7DD221CC2E14425CA3] ()
< FireFox Extensions [Program Folders] > ->
-> C:\Program Files\Mozilla Firefox\extensions -> [2010/07/27 16:52:59 | 000,000,000 | ---D | M]
~[Filtered]~
Reset Hosts
127.0.0.1 localhost
< BHO's [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\ ->
{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} [HKLM] -> C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll [Adobe PDF Reader Link Helper] -> [2006/12/18 04:16:42 | 000,059,032 | ---- | M | MD5 = 4EA3A6CD9D20584FFAFDB1E47DBF0E20] (Adobe Systems Incorporated)
{3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} [HKLM] -> Reg Error: Key error. [Reg Error: Key error.] -> File not found
{72853161-30C5-4D22-B7F9-0BBC1D38A37E} [HKLM] -> C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll [Groove GFS Browser Helper] -> [2009/02/12 15:19:32 | 002,217,848 | ---- | M | MD5 = A6B5A41C0ED007AB6C43CAD899E533D8] (Microsoft Corporation)
{AAAE832A-5FFF-4661-9C8F-369692D1DCB9} [HKLM] -> C:\WINDOWS\pchealth\helpctr\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\plugin\WebHelper.dll [hpWebHelper Class] -> [2008/08/05 16:00:15 | 000,217,088 | ---- | M | MD5 = A0EF773AA00AFAF320E7404304EC5220] (TODO: )
{B821BF60-5C2D-41EB-92DC-3E4CCD3A22E4} [HKLM] -> C:\Program Files\Panda Security\Panda Security Toolbar\PandaSecurityDx.dll [Panda Security Toolbar] -> [2010/06/15 06:46:12 | 000,086,696 | ---- | M | MD5 = 26430378D083C787340EC434D0AF78C1] ()
< Internet Explorer ToolBars [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\ToolBar ->
"{B821BF60-5C2D-41EB-92DC-3E4CCD3A22E4}" [HKLM] -> C:\Program Files\Panda Security\Panda Security Toolbar\PandaSecurityDx.dll [Panda Security Toolbar] -> [2010/06/15 06:46:12 | 000,086,696 | ---- | M | MD5 = 26430378D083C787340EC434D0AF78C1] ()
"{CCC7A320-B3CA-4199-B1A6-9F516DD69829}" [HKLM] -> Reg Error: Key error. [Reg Error: Key error.] -> File not found
< Internet Explorer ToolBars [HKEY_USERS\S-1-5-21-2239381086-1206112939-3159093799-1008\] > -> HKEY_USERS\S-1-5-21-2239381086-1206112939-3159093799-1008\Software\Microsoft\Internet Explorer\Toolbar\ ->
ShellBrowser\"{C4069E3A-68F1-403E-B40E-20066696354B}" [HKLM] -> Reg Error: Key error. [Reg Error: Key error.] -> File not found
WebBrowser\"{3041D03E-FD4B-44E0-B742-2D9B88305F98}" [HKLM] -> C:\Program Files\AskBarDis\bar\bin\askBar.dll [Ask Toolbar] -> File not found
WebBrowser\"{C4069E3A-68F1-403E-B40E-20066696354B}" [HKLM] -> Reg Error: Key error. [Reg Error: Key error.] -> File not found
WebBrowser\"{CCC7A320-B3CA-4199-B1A6-9F516DD69829}" [HKLM] -> Reg Error: Key error. [Reg Error: Key error.] -> File not found
< Run [HKEY_LOCAL_MACHINE\] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run ->
"Alcmtr" -> C:\WINDOWS\ALCMTR.EXE [ALCMTR.EXE] -> [2008/06/19 08:20:52 | 000,057,344 | ---- | M | MD5 = EA31039E691C6F8F5469649526EEA5FB] (Realtek Semiconductor Corp.)
"AlwaysReady Power Message APP" -> C:\WINDOWS\arpwrmsg.exe [ARPWRMSG.EXE] -> [2005/08/02 23:19:16 | 000,077,312 | ---- | M | MD5 = B596347A26DC054EBB44EB3BC8E95B0A] (Microsoft)
"AppleSyncNotifier" -> C:\Program Files\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe [C:\Program Files\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe] -> [2010/03/16 21:58:34 | 000,047,392 | ---- | M | MD5 = FD89A30C8A9FF4929ABC5039E6A527A4] (Apple Inc.)
"HPBootOp" -> C:\Program Files\Hewlett-Packard\HP Boot Optimizer\HPBootOp.exe ["C:\Program Files\Hewlett-Packard\HP Boot Optimizer\HPBootOp.exe" /run] -> [2006/02/15 22:34:58 | 000,249,856 | ---- | M | MD5 = A789B145F17FA5C2326907F4872FE173] (Hewlett-Packard Company)
"HPHUPD08" -> c:\Program Files\HP\Digital Imaging\{33D6CC28-9F75-4d1b-A11D-98895B3A3729}\hphupd08.exe [c:\Program Files\HP\Digital Imaging\{33D6CC28-9F75-4d1b-A11D-98895B3A3729}\hphupd08.exe] -> [2005/06/01 23:35:56 | 000,049,152 | ---- | M | MD5 = 4F113169A2DE985D043A5530987AD6D0] (Hewlett-Packard)
"HPSUreset" -> c:\hp\bin\cloaker.exe [c:\hp\bin\cloaker.exe cmd /c c:\hp\drivers\hpsu\HPSULastRunReset.bat] -> [1999/11/06 23:11:14 | 000,027,136 | ---- | M | MD5 = 6380625DD0480ED60960A149A087C848] (Hewlett-Packard Co.)
"IMEKRMIG6.1" -> C:\WINDOWS\ime\imkr6_1\imekrmig.exe [C:\WINDOWS\ime\imkr6_1\IMEKRMIG.EXE] -> [2004/08/09 14:00:00 | 000,044,032 | ---- | M | MD5 = E6BB63BBE1BED01769CA87F4DAC286C8] (Microsoft Corporation)
"IMJPMIG8.1" -> C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE ["C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32] -> [2004/08/09 14:00:00 | 000,208,952 | ---- | M | MD5 = 7BBE4CF421AECC7F0226EDD75F12079F] (Microsoft Corporation)
"Mqoganapiqifep" -> C:\WINDOWS\iwufazeqeq.DLL [rundll32.exe "C:\WINDOWS\iwufazeqeq.dll",Startup] -> File not found
"MSPY2002" -> C:\WINDOWS\System32\IME\PINTLGNT\ImScInst.exe [C:\WINDOWS\system32\IME\PINTLGNT\ImScInst.exe /SYNC] -> [2004/08/09 14:00:00 | 000,059,392 | ---- | M | MD5 = 1B17E09C1223F6D17336D2DD7A1AF4F4] ()
"NvCplDaemon" -> C:\WINDOWS\System32\NvCpl.DLL [RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup] -> [2010/04/03 19:23:16 | 013,670,504 | ---- | M | MD5 = 8FFC8E6236073D462CAD9EDABFD3E0E4] (NVIDIA Corporation)
"NvMediaCenter" -> C:\WINDOWS\System32\NvMcTray.DLL [RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit] -> [2010/04/03 19:23:16 | 000,110,696 | ---- | M | MD5 = 2EF47B25843130B9E05AD487D667374D] (NVIDIA Corporation)
"PHIME2002A" -> C:\WINDOWS\System32\IME\TINTLGNT\TINTSETP.EXE [C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName] -> [2004/08/09 14:00:00 | 000,455,168 | ---- | M | MD5 = 024DC0F68DF5FD6AE9DD82DFBAF479D6] (Microsoft Corporation)
"PHIME2002ASync" -> C:\WINDOWS\System32\IME\TINTLGNT\TINTSETP.EXE [C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC] -> [2004/08/09 14:00:00 | 000,455,168 | ---- | M | MD5 = 024DC0F68DF5FD6AE9DD82DFBAF479D6] (Microsoft Corporation)
"PMLreset" -> c:\hp\bin\cloaker.exe [c:\hp\bin\cloaker.exe cmd /c c:\hp\drivers\pmlreset.bat] -> [1999/11/06 23:11:14 | 000,027,136 | ---- | M | MD5 = 6380625DD0480ED60960A149A087C848] (Hewlett-Packard Co.)
"PSUNMain" -> C:\Program Files\Panda Security\Panda Cloud Antivirus\PSUNMain.exe ["C:\Program Files\Panda Security\Panda Cloud Antivirus\PSUNMain.exe" /Traybar] -> [2010/05/14 15:06:30 | 000,406,848 | ---- | M | MD5 = 6E89A16E4A3E5FD19AD5B74DA023B671] (Panda Security, S.L.)
"RBreset" -> c:\hp\bin\cloaker.exe [c:\hp\bin\cloaker.exe cmd /c c:\hp\drivers\hpsu\RBLastRunReset.bat] -> [1999/11/06 23:11:14 | 000,027,136 | ---- | M | MD5 = 6380625DD0480ED60960A149A087C848] (Hewlett-Packard Co.)
"Recguard" -> C:\WINDOWS\SMINST\Recguard.exe [C:\WINDOWS\SMINST\RECGUARD.EXE] -> [2005/07/22 22:14:00 | 000,237,568 | ---- | M | MD5 = F3EAEA279F09A7779C18793C87640794] ()
"SetDefaultPrinter" -> c:\hp\bin\cloaker.exe [c:\hp\bin\cloaker.exe c:\windows\system32\cmd.exe /c c:\hp\bin\defaultprinter\SetDefaultPrinter.cmd] -> [1999/11/06 23:11:14 | 000,027,136 | ---- | M | MD5 = 6380625DD0480ED60960A149A087C848] (Hewlett-Packard Co.)
"TkBellExe" -> C:\Program Files\Common Files\Real\Update_OB\realsched.exe ["C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot] -> [2006/06/17 21:44:35 | 000,180,269 | ---- | M | MD5 = 1AC2C58B587C70DE64582AD41EE79FBA] (RealNetworks, Inc.)
< RunOnceEx [HKEY_LOCAL_MACHINE\] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnceEx ->
"Flags" -> Reg Error: Invalid data type. [Reg Error: Invalid data type.] -> File not found
"Title" -> [UnHackMe Rootkit Check] -> File not found
< Run [HKEY_USERS\S-1-5-21-2239381086-1206112939-3159093799-1008\] > -> HKEY_USERS\S-1-5-21-2239381086-1206112939-3159093799-1008\SOFTWARE\Microsoft\Windows\CurrentVersion\Run ->
"SmartRAM" -> C:\Program Files\IObit\Advanced SystemCare 3\Sup_SmartRAM.exe ["C:\Program Files\IObit\Advanced SystemCare 3\Sup_SmartRAM.exe" /m] -> [2010/01/22 14:12:12 | 000,200,280 | ---- | M | MD5 = 9DB4FC143600770F183C8796DDD56101] (IObit)
< Admin Startup Folder > -> C:\Documents and Settings\Admin\Start Menu\Programs\Startup ->
< Administrator Startup Folder > -> C:\Documents and Settings\Administrator\Start Menu\Programs\Startup ->
< All Users Startup Folder > -> C:\Documents and Settings\All Users\Start Menu\Programs\Startup ->
C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Adobe Reader Speed Launch.lnk -> C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe -> [2008/04/23 03:38:16 | 000,029,696 | ---- | M | MD5 = DFCB9ADE94A4F8A7C42EEF41101A30AD] (Adobe Systems Incorporated)
< asdf Startup Folder > -> C:\Documents and Settings\asdf\Start Menu\Programs\Startup ->
< Default User Startup Folder > -> C:\Documents and Settings\Default User\Start Menu\Programs\Startup ->
C:\Documents and Settings\Default User\Start Menu\Programs\Startup\Pin.lnk -> C:\hp\bin\cloaker.exe -> [1999/11/06 23:11:14 | 000,027,136 | ---- | M | MD5 = 6380625DD0480ED60960A149A087C848] (Hewlett-Packard Co.)
< Eric Startup Folder > -> C:\Documents and Settings\Eric\Start Menu\Programs\Startup ->
< Guest Startup Folder > -> C:\Documents and Settings\Guest\Start Menu\Programs\Startup ->
< Guest.ERIC Startup Folder > -> C:\Documents and Settings\Guest.ERIC\Start Menu\Programs\Startup ->
< HP_Administrator Startup Folder > -> C:\Documents and Settings\HP_Administrator\Start Menu\Programs\Startup ->
< Software Policy Settings [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Internet Explorer ->
HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Internet Explorer\Infodelivery\Restrictions
\Infodelivery\Restrictions\"NoUpdateCheck" -> [1] -> File not found
HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Internet Explorer\Main
\Main\"DEPOff" -> [1] -> File not found
< CurrentVersion Policy Settings - Explorer [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer
\"HonorAutoRunSetting" -> [1] -> File not found
\"LinkResolveIgnoreLinkInfo" -> [0] -> File not found
\"NoResolveSearch" -> [1] -> File not found
< CurrentVersion Policy Settings - System [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System
\"InstallVisualStyle" -> C:\WINDOWS\Resources\Themes\Royale\Royale.msstyles [C:\WINDOWS\Resources\Themes\Royale\Royale.msstyles] -> [2004/08/10 02:39:00 | 001,347,728 | ---- | M | MD5 = 1B272DBF6C5CCEB5DC2BB488271DDF6D] (Microsoft)
\"InstallTheme" -> C:\WINDOWS\Resources\Themes\Royale.Theme [C:\WINDOWS\Resources\Themes\Royale.theme] -> [2004/07/28 01:03:28 | 000,001,293 | ---- | M | MD5 = 48A47B0E32E3B9314C2C774EDB6BBC10] ()
< CurrentVersion Policy Settings [HKEY_USERS\.DEFAULT] > -> HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer ->
HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer
\"NoDriveTypeAutoRun" -> [145] -> File not found
< CurrentVersion Policy Settings [HKEY_USERS\S-1-5-18] > -> HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer ->
HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer
\"NoDriveTypeAutoRun" -> [145] -> File not found
< CurrentVersion Policy Settings [HKEY_USERS\S-1-5-19] > -> HKEY_USERS\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer ->
HKEY_USERS\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer
\"NoDriveTypeAutoRun" -> [145] -> File not found
< CurrentVersion Policy Settings [HKEY_USERS\S-1-5-20] > -> HKEY_USERS\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer ->
HKEY_USERS\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer
\"NoDriveTypeAutoRun" -> [145] -> File not found
< CurrentVersion Policy Settings [HKEY_USERS\S-1-5-21-2239381086-1206112939-3159093799-1008] > -> HKEY_USERS\S-1-5-21-2239381086-1206112939-3159093799-1008\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer ->
HKEY_USERS\S-1-5-21-2239381086-1206112939-3159093799-1008\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer
\"NoDriveTypeAutoRun" -> [145] -> File not found
\"LinkResolveIgnoreLinkInfo" -> [0] -> File not found
< CurrentVersion Policy Settings [HKEY_USERS\S-1-5-21-2239381086-1206112939-3159093799-1008] > -> HKEY_USERS\S-1-5-21-2239381086-1206112939-3159093799-1008\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System ->
HKEY_USERS\S-1-5-21-2239381086-1206112939-3159093799-1008\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System
< Internet Explorer Menu Extensions [HKEY_USERS\.DEFAULT\] > -> HKEY_USERS\.DEFAULT\Software\Microsoft\Internet Explorer\MenuExt\ ->
E&xport to Microsoft Excel -> C:\Program Files\Microsoft Office\Office12\EXCEL.EXE [res://C:\PROGRA~1\MICROS~4\Office12\EXCEL.EXE/3000] -> [2010/04/24 08:25:04 | 018,352,488 | ---- | M | MD5 = 86075C2A59A89A4A9E7427525513AFD6] (Microsoft Corporation)
< Internet Explorer Menu Extensions [HKEY_USERS\S-1-5-18\] > -> HKEY_USERS\S-1-5-18\Software\Microsoft\Internet Explorer\MenuExt\ ->
E&xport to Microsoft Excel -> C:\Program Files\Microsoft Office\Office12\EXCEL.EXE [res://C:\PROGRA~1\MICROS~4\Office12\EXCEL.EXE/3000] -> [2010/04/24 08:25:04 | 018,352,488 | ---- | M | MD5 = 86075C2A59A89A4A9E7427525513AFD6] (Microsoft Corporation)
< Internet Explorer Menu Extensions [HKEY_USERS\S-1-5-21-2239381086-1206112939-3159093799-1008\] > -> HKEY_USERS\S-1-5-21-2239381086-1206112939-3159093799-1008\Software\Microsoft\Internet Explorer\MenuExt\ ->
E&xport to Microsoft Excel -> C:\Program Files\Microsoft Office\Office12\EXCEL.EXE [res://C:\PROGRA~1\MICROS~4\Office12\EXCEL.EXE/3000] -> [2010/04/24 08:25:04 | 018,352,488 | ---- | M | MD5 = 86075C2A59A89A4A9E7427525513AFD6] (Microsoft Corporation)
< Internet Explorer Extensions [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extensions\ ->
{2670000A-7350-4f3c-8081-5663EE0C6C49}:{48E73304-E1D6-4330-914C-F5F514E3486C} [HKLM] -> C:\Program Files\Microsoft Office\Office12\ONBttnIE.dll [Button: Send to OneNote] -> [2009/02/26 19:45:52 | 000,603,040 | ---- | M | MD5 = 79F7DB36E67B9E8365FA824AD96DF400] (Microsoft Corporation)
{2670000A-7350-4f3c-8081-5663EE0C6C49}:{48E73304-E1D6-4330-914C-F5F514E3486C} [HKLM] -> C:\Program Files\Microsoft Office\Office12\ONBttnIE.dll [Menu: S&end to OneNote] -> [2009/02/26 19:45:52 | 000,603,040 | ---- | M | MD5 = 79F7DB36E67B9E8365FA824AD96DF400] (Microsoft Corporation)
{92780B25-18CC-41C8-B9BE-3C9C571A8263}:{FF059E31-CC5A-4E2E-BF3B-96E929D65503} [HKLM] -> C:\Program Files\Microsoft Office\Office12\REFIEBAR.DLL [Button: Research] -> [2009/03/06 04:04:56 | 000,039,464 | ---- | M | MD5 = AEF204E782BFA2C8448CB43A58960744] (Microsoft Corporation)
{E2D4D26B-0180-43a4-B05F-462D6D54C789}:C:\WINDOWS\PCHEALTH\HELPCTR\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\IEButton\support.htm [HKLM] -> C:\WINDOWS\pchealth\helpctr\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\IEButton\support.htm [Button: Internet Connection Help] -> [2008/08/05 16:00:15 | 000,000,706 | ---- | M | MD5 = 7CB21E1F67A80EAC34B2C10F88F1ED7E] ()
{E2D4D26B-0180-43a4-B05F-462D6D54C789}:C:\WINDOWS\PCHEALTH\HELPCTR\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\IEButton\support.htm [HKLM] -> C:\WINDOWS\pchealth\helpctr\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\IEButton\support.htm [Menu: Internet Connection Help] -> [2008/08/05 16:00:15 | 000,000,706 | ---- | M | MD5 = 7CB21E1F67A80EAC34B2C10F88F1ED7E] ()
< Internet Explorer Extensions [HKEY_USERS\.DEFAULT\] > -> HKEY_USERS\.DEFAULT\Software\Microsoft\Internet Explorer\Extensions\ ->
CmdMapping\"{08B0E5C0-4FCB-11CF-AAA5-00401C608501}" [HKLM] -> [Reg Error: Value error.] -> File not found
CmdMapping\"{2670000A-7350-4f3c-8081-5663EE0C6C49}" [HKLM] -> C:\Program Files\Microsoft Office\Office12\ONBttnIE.dll [Send to OneNote] -> [2009/02/26 19:45:52 | 000,603,040 | ---- | M | MD5 = 79F7DB36E67B9E8365FA824AD96DF400] (Microsoft Corporation)
CmdMapping\"{92780B25-18CC-41C8-B9BE-3C9C571A8263}" [HKLM] -> C:\Program Files\Microsoft Office\Office12\REFIEBAR.DLL [Research] -> [2009/03/06 04:04:56 | 000,039,464 | ---- | M | MD5 = AEF204E782BFA2C8448CB43A58960744] (Microsoft Corporation)
CmdMapping\"{E2D4D26B-0180-43a4-B05F-462D6D54C789}" [HKLM] -> [Internet Connection Help] -> File not found
< Internet Explorer Extensions [HKEY_USERS\S-1-5-18\] > -> HKEY_USERS\S-1-5-18\Software\Microsoft\Internet Explorer\Extensions\ ->
CmdMapping\"{08B0E5C0-4FCB-11CF-AAA5-00401C608501}" [HKLM] -> [Reg Error: Value error.] -> File not found
CmdMapping\"{2670000A-7350-4f3c-8081-5663EE0C6C49}" [HKLM] -> C:\Program Files\Microsoft Office\Office12\ONBttnIE.dll [Send to OneNote] -> [2009/02/26 19:45:52 | 000,603,040 | ---- | M | MD5 = 79F7DB36E67B9E8365FA824AD96DF400] (Microsoft Corporation)
CmdMapping\"{92780B25-18CC-41C8-B9BE-3C9C571A8263}" [HKLM] -> C:\Program Files\Microsoft Office\Office12\REFIEBAR.DLL [Research] -> [2009/03/06 04:04:56 | 000,039,464 | ---- | M | MD5 = AEF204E782BFA2C8448CB43A58960744] (Microsoft Corporation)
CmdMapping\"{E2D4D26B-0180-43a4-B05F-462D6D54C789}" [HKLM] -> [Internet Connection Help] -> File not found
< Internet Explorer Extensions [HKEY_USERS\S-1-5-21-2239381086-1206112939-3159093799-1008\] > -> HKEY_USERS\S-1-5-21-2239381086-1206112939-3159093799-1008\Software\Microsoft\Internet Explorer\Extensions\ ->
CmdMapping\"{08B0E5C0-4FCB-11CF-AAA5-00401C608501}" [HKLM] -> [Reg Error: Value error.] -> File not found
CmdMapping\"{2670000A-7350-4f3c-8081-5663EE0C6C49}" [HKLM] -> C:\Program Files\Microsoft Office\Office12\ONBttnIE.dll [Send to OneNote] -> [2009/02/26 19:45:52 | 000,603,040 | ---- | M | MD5 = 79F7DB36E67B9E8365FA824AD96DF400] (Microsoft Corporation)
CmdMapping\"{92780B25-18CC-41C8-B9BE-3C9C571A8263}" [HKLM] -> C:\Program Files\Microsoft Office\Office12\REFIEBAR.DLL [Research] -> [2009/03/06 04:04:56 | 000,039,464 | ---- | M | MD5 = AEF204E782BFA2C8448CB43A58960744] (Microsoft Corporation)
CmdMapping\"{E2D4D26B-0180-43a4-B05F-462D6D54C789}" [HKLM] -> [Internet Connection Help] -> File not found
< Internet Explorer Plugins [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Plugins\ ->
< Default Prefix > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\URL\DefaultPrefix
"" -> [You must be registered and logged in to see this link.]
< Trusted Sites Domains [HKEY_LOCAL_MACHINE\] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ -> [Key] 4 domain(s) found. ->
trymedia.com .[http] -> Trusted sites ->
trymedia.com .[https] -> Trusted sites ->
< Trusted Sites Ranges [HKEY_LOCAL_MACHINE\] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ -> [Key] 0 range(s) found. ->
< Trusted Sites Domains [HKEY_USERS\.DEFAULT\] > -> HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ ->
HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ -> [Key] 0 domain(s) found. ->
< Trusted Sites Ranges [HKEY_USERS\.DEFAULT\] > -> HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ ->
HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ -> [Key] 0 range(s) found. ->
< Trusted Sites Domains [HKEY_USERS\S-1-5-18\] > -> HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ ->
HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ -> [Key] 0 domain(s) found. ->
< Trusted Sites Ranges [HKEY_USERS\S-1-5-18\] > -> HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ ->
HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ -> [Key] 0 range(s) found. ->
< Trusted Sites Domains [HKEY_USERS\S-1-5-19\] > -> HKEY_USERS\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ ->
HKEY_USERS\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ -> [Key] 0 domain(s) found. ->
< Trusted Sites Ranges [HKEY_USERS\S-1-5-19\] > -> HKEY_USERS\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ ->
HKEY_USERS\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ -> [Key] 0 range(s) found. ->
< Trusted Sites Domains [HKEY_USERS\S-1-5-20\] > -> HKEY_USERS\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ ->
HKEY_USERS\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ -> [Key] 0 domain(s) found. ->
< Trusted Sites Ranges [HKEY_USERS\S-1-5-20\] > -> HKEY_USERS\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ ->
HKEY_USERS\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ -> [Key] 0 range(s) found. ->
< Trusted Sites Domains [HKEY_USERS\S-1-5-21-2239381086-1206112939-3159093799-1008\] > -> HKEY_USERS\S-1-5-21-2239381086-1206112939-3159093799-1008\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ ->
HKEY_USERS\S-1-5-21-2239381086-1206112939-3159093799-1008\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ -> [Key] 4822 domain(s) found. ->
< Trusted Sites Ranges [HKEY_USERS\S-1-5-21-2239381086-1206112939-3159093799-1008\] > -> HKEY_USERS\S-1-5-21-2239381086-1206112939-3159093799-1008\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ ->
HKEY_USERS\S-1-5-21-2239381086-1206112939-3159093799-1008\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ -> [Key] 0 range(s) found. ->
< Downloaded Program Files > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\ ->
{6E32070A-766D-4EE6-879C-DC1FA91D2FC3} [HKLM] -> [You must be registered and logged in to see this link.] [MUWebControl Class] ->
{8FFBE65D-2C9C-4669-84BD-5829DC0B603C} [HKLM] -> [You must be registered and logged in to see this link.] [Reg Error: Value error.] ->
< Name Servers [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\ ->
DhcpNameServer -> 172.16.0.1 ->
< Name Servers [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Adapters\ ->
{17D5309F-1A7F-46BD-BD33-546410D32A2D}\\DhcpNameServer -> 172.16.0.1 (NVIDIA nForce Networking Controller) ->
{892900FC-9814-4488-99C0-81491C1EE93D}\\DhcpNameServer -> 16.92.3.242 16.92.3.243 16.81.3.243 16.118.3.243 (HP EN1207D-TX PCI 10/100 Fast Ethernet Adapter) ->
< Winlogon settings [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon ->
*Shell* -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\\Shell ->
Explorer.exe -> C:\WINDOWS\explorer.exe -> [2008/04/13 17:12:19 | 001,033,728 | ---- | M | MD5 = 12896823FB95BFB3DC9B46BCAEDC9923] (Microsoft Corporation)
*MultiFile Done* -> ->
< ShellExecuteHooks [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks ->
"{B5A7F190-DDA6-4420-B3BA-52453494E6CD}" [HKLM] -> C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll [Groove GFS Stub Execution Hook] -> [2009/02/12 15:19:32 | 002,217,848 | ---- | M | MD5 = A6B5A41C0ED007AB6C43CAD899E533D8] (Microsoft Corporation)
< Domain Profile Authorized Applications List > -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List ->
"C:\Program Files\Pando Networks\Media Booster\PMB.exe" -> C:\Program Files\Pando Networks\Media Booster\PMB.exe [C:\Program Files\Pando Networks\Media Booster\PMB.exe:*:Enabled:Pando Media Booster] -> [2010/05/21 16:31:05 | 002,938,552 | ---- | M | MD5 = 9781B8F5F92663AC4FA0C1E750EFD105] ()
"C:\Program Files\Updates from HP\9972322\Program\Updates from HP.exe" -> C:\Program Files\Updates from HP\9972322\Program\Updates from HP.exe [C:\Program Files\Updates from HP\9972322\Program\Updates from HP.exe:*:Enabled:Updates from HP] -> [2006/06/17 22:02:58 | 000,036,903 | ---- | M | MD5 = 84A6C6456F86ED03B79DB55BCBCDB2BD] (Hewlett-Packard)
< Standard Profile Authorized Applications List > -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List ->
"C:\Documents and Settings\All Users\Application Data\NexonUS\NGM\NGM.exe" -> C:\Documents and Settings\All Users\Application Data\NexonUS\NGM\NGM.exe [C:\Documents and Settings\All Users\Application Data\NexonUS\NGM\NGM.exe:*:Enabled:Nexon Game Manager] -> [2010/06/13 13:23:13 | 000,172,032 | ---- | M | MD5 = 7C795C05B5DC8079071AB1EB89DF28D8] (Nexon)
"C:\Documents and Settings\HP_Administrator\My Documents\Downloads\Serial.Loaris.Trojan.Remover.1.1.8.1.exe" -> C:\Documents and Settings\HP_Administrator\My Documents\Downloads\Serial.Loaris.Trojan.Remover.1.1.8.1.exe [C:\Documents and Settings\HP_Administrator\My Documents\Downloads\Serial.Loaris.Trojan.Remover.1.1.8.1.exe:*:Enabled:hl3uJCg 7kGvRtQ0f 8Hxju80GSN] -> File not found
"C:\Nexon\DFO\DFO.exe" -> C:\Nexon\DFO\DFO.exe [C:\Nexon\DFO\DFO.exe:*:Enabled:Dungeon Fighter Online] -> File not found
"C:\Program Files\Darkeden\darkeden.exe" -> C:\Program Files\Darkeden\darkeden.exe [C:\Program Files\Darkeden\darkeden.exe:*:Enabled:DarkEden] -> [2009/05/17 19:04:49 | 004,833,381 | ---- | M | MD5 = ED7ECDFA1B9C01F07EA29D3B1C8E1F79] (Softon)
"C:\Program Files\DISC\DISCover.exe" -> C:\Program Files\DISC\DISCover.exe [C:\Program Files\DISC\DISCover.exe:*:Enabled:DISCover Drop & Play System] -> [2006/03/16 02:12:40 | 001,077,248 | ---- | M | MD5 = 5F4F51DCDDEED4CD994937572B9D9253] (Digital Interactive Systems Corporation)
"C:\Program Files\DISC\DiscStreamHub.exe" -> C:\Program Files\DISC\DiscStreamHub.exe [C:\Program Files\DISC\DiscStreamHub.exe:*:Enabled:DISCover Stream Hub] -> [2006/03/16 02:11:54 | 000,057,344 | ---- | M | MD5 = 35FD73BA6356094ABCB61F0A2C555595] (Digital Interactive Systems Corporation, Inc.)
"C:\Program Files\DISC\myFTP.exe" -> C:\Program Files\DISC\myFTP.exe [C:\Program Files\DISC\myFTP.exe:*:Enabled:DISCover FTP] -> [2006/03/16 02:11:50 | 000,094,208 | ---- | M | MD5 = 227B4BF7B10BFF468CD710786416E3AC] (Digital Interactive Systems Corporation, Inc.)
"C:\Program Files\FrostWire\FrostWire.exe" -> C:\Program Files\FrostWire\FrostWire.exe [C:\Program Files\FrostWire\FrostWire.exe:*:Enabled:FrostWire] -> [2008/09/03 15:39:00 | 000,114,688 | ---- | M | MD5 = 4939D0506630168E691C7D389435A773] (FrostWire Group)
"C:\Program Files\HP\Digital Imaging\bin\hpfccopy.exe" -> C:\Program Files\HP\Digital Imaging\bin\hpfccopy.exe [C:\Program Files\HP\Digital Imaging\bin\hpfccopy.exe:*:Enabled:hpfccopy.exe] -> [2005/09/21 04:25:22 | 000,151,635 | ---- | M | MD5 = 0CE9412D1E52DBA51CA19CD9F042A1C4] (Hewlett-Packard)
"C:\Program Files\HP\Digital Imaging\bin\hpoews01.exe" -> C:\Program Files\HP\Digital Imaging\bin\hpoews01.exe [C:\Program Files\HP\Digital Imaging\bin\hpoews01.exe:*:Enabled:hpoews01.exe] -> [2006/01/24 02:03:00 | 000,057,344 | ---- | M | MD5 = 9F52382401170537C00A7AD014C82FF4] (Hewlett-Packard Co.)
"C:\Program Files\HP\Digital Imaging\bin\hpofxm08.exe" -> C:\Program Files\HP\Digital Imaging\bin\hpofxm08.exe [C:\Program Files\HP\Digital Imaging\bin\hpofxm08.exe:*:Enabled:hpofxm08.exe] -> [2006/01/24 01:40:30 | 000,225,280 | ---- | M | MD5 = 632420CEEFA48B445185D6B6330AA8A6] (Hewlett-Packard Co.)
"C:\Program Files\HP\Digital Imaging\bin\hposfx08.exe" -> C:\Program Files\HP\Digital Imaging\bin\hposfx08.exe [C:\Program Files\HP\Digital Imaging\bin\hposfx08.exe:*:Enabled:hposfx08.exe] -> [2006/01/24 01:40:04 | 000,040,960 | ---- | M | MD5 = 216470386C9BAAEFBFF58EA72848C602] (Hewlett-Packard Co.)
"C:\Program Files\HP\Digital Imaging\bin\hposid01.exe" -> C:\Program Files\HP\Digital Imaging\bin\hposid01.exe [C:\Program Files\HP\Digital Imaging\bin\hposid01.exe:*:Enabled:hposid01.exe] -> [2006/01/24 01:35:14 | 000,081,920 | ---- | M | MD5 = 41D4BAF0D93D70E90DBA3FF59AF42F02] (Hewlett-Packard Co.)
"C:\Program Files\HP\Digital Imaging\bin\hpqCopy.exe" -> C:\Program Files\HP\Digital Imaging\bin\hpqCopy.exe [C:\Program Files\HP\Digital Imaging\bin\hpqCopy.exe:*:Enabled:hpqcopy.exe] -> [2006/01/24 02:09:36 | 000,172,032 | ---- | M | MD5 = 43F77B33F7C076ABD39C4AEEE1818669] (Hewlett-Packard Co.)
"C:\Program Files\HP\Digital Imaging\bin\hpzwiz01.exe" -> C:\Program Files\HP\Digital Imaging\bin\hpzwiz01.exe [C:\Program Files\HP\Digital Imaging\bin\hpzwiz01.exe:*:Enabled:hpzwiz01.exe] -> [2006/01/24 01:38:52 | 000,438,272 | ---- | M | MD5 = 3D39C5FC503B3E3C5C3C89E1C51EBA5C] (Hewlett-Packard Co.)
"C:\Program Files\HP\Digital Imaging\Unload\HpqDIA.exe" -> C:\Program Files\HP\Digital Imaging\Unload\HpqDIA.exe [C:\Program Files\HP\Digital Imaging\Unload\HpqDIA.exe:*:Enabled:hpqdia.exe] -> [2006/02/09 23:41:28 | 000,573,440 | ---- | M | MD5 = 5D6F0A491239FBA43B21F845F9C19E41] ( )
"C:\Program Files\HP\Digital Imaging\Unload\HpqPhUnl.exe" -> C:\Program Files\HP\Digital Imaging\Unload\HpqPhUnl.exe [C:\Program Files\HP\Digital Imaging\Unload\HpqPhUnl.exe:*:Enabled:hpqphunl.exe] -> [2006/02/09 23:43:36 | 000,110,592 | R--- | M | MD5 = EE4B17A5E3F939F128266846FED3975F] (Hewlett-Packard)
"C:\Program Files\iTunes\iTunes.exe" -> C:\Program Files\iTunes\iTunes.exe [C:\Program Files\iTunes\iTunes.exe:*:Enabled:iTunes] -> [2010/07/16 07:41:54 | 010,358,568 | ---- | M | MD5 = C1D9C273B3439FD2563362D782B272DA] (Apple Inc.)
"C:\Program Files\Java\jre6\bin\java.exe" -> C:\Program Files\Java\jre6\bin\java.exe [C:\Program Files\Java\jre6\bin\java.exe:*:Enabled:Java(TM) Platform SE binary] -> [2010/04/24 02:57:41 | 000,145,184 | ---- | M | MD5 = 43F7CA0473BB0FC9DD44ECF328B8D1FA] (Sun Microsystems, Inc.)
"C:\Program Files\Microsoft Office\Office12\GROOVE.EXE" -> C:\Program Files\Microsoft Office\Office12\GROOVE.EXE [C:\Program Files\Microsoft Office\Office12\GROOVE.EXE:*:Enabled:Microsoft Office Groove] -> [2009/02/14 06:03:18 | 000,337,264 | ---- | M | MD5 = 47B90FCFE1B89BCEE4458BAD3C1C5C63] (Microsoft Corporation)
"C:\Program Files\Microsoft Office\Office12\ONENOTE.EXE" -> C:\Program Files\Microsoft Office\Office12\ONENOTE.EXE [C:\Program Files\Microsoft Office\Office12\ONENOTE.EXE:*:Enabled:Microsoft Office OneNote] -> [2009/02/26 15:24:50 | 001,001,840 | ---- | M | MD5 = 96F0A88B100A4E2914F1272E35714128] (Microsoft Corporation)
"C:\Program Files\Microsoft Office\Office12\OUTLOOK.EXE" -> C:\Program Files\Microsoft Office\Office12\OUTLOOK.EXE [C:\Program Files\Microsoft Office\Office12\OUTLOOK.EXE:*:Enabled:Microsoft Office Outlook] -> [2009/08/17 22:54:54 | 012,957,536 | ---- | M | MD5 = A4C6626DD0833249DFC8224014965E07] (Microsoft Corporation)
"C:\Program Files\ooVoo\ooVoo.exe" -> C:\Program Files\ooVoo\ooVoo.exe [C:\Program Files\ooVoo\ooVoo.exe:*:Enabled:ooVoo] -> [2010/05/25 11:05:18 | 019,360,560 | ---- | M | MD5 = D5FFBDCB888E1CC4577974C3E59735FF] (ooVoo LLC)
"C:\Program Files\Opera\opera.exe" -> C:\Program Files\Opera\opera.exe [C:\Program Files\Opera\opera.exe:*:Enabled:Opera Internet Browser] -> [2009/11/20 20:01:18 | 000,832,296 | ---- | M | MD5 = A5F6A9A70592C33F451ACB0708266174] (Opera Software)
"C:\Program Files\Pando Networks\Media Booster\PMB.exe" -> C:\Program Files\Pando Networks\Media Booster\PMB.exe [C:\Program Files\Pando Networks\Media Booster\PMB.exe:*:Enabled:Pando Media Booster] -> [2010/05/21 16:31:05 | 002,938,552 | ---- | M | MD5 = 9781B8F5F92663AC4FA0C1E750EFD105] ()
"C:\Program Files\Steam\steamapps\crucifix676\team fortress 2\hl2.exe" -> C:\Program Files\Steam\steamapps\crucifix676\team fortress 2\hl2.exe [C:\Program Files\Steam\steamapps\crucifix676\team fortress 2\hl2.exe:*:Enabled:hl2] -> [2010/07/11 17:32:04 | 000,103,760 | ---- | M | MD5 = 9A74442EB6A59D7713FF2CF49B2736C5] ()
"C:\Program Files\Updates from HP\9972322\Program\Updates from HP.exe" -> C:\Program Files\Updates from HP\9972322\Program\Updates from HP.exe [C:\Program Files\Updates from HP\9972322\Program\Updates from HP.exe:*:Enabled:Updates from HP] -> [2006/06/17 22:02:58 | 000,036,903 | ---- | M | MD5 = 84A6C6456F86ED03B79DB55BCBCDB2BD] (Hewlett-Packard)
"C:\Program Files\Ventrilo\Ventrilo.exe" -> C:\Program Files\Ventrilo\Ventrilo.exe [C:\Program Files\Ventrilo\Ventrilo.exe:*:Enabled:Ventrilo.exe] -> [2009/04/22 22:11:32 | 001,675,776 | ---- | M | MD5 = 9DA1F1163C7B5DA29EEC2FF3A731EEA9] (Flagship Industries, Inc.)
"C:\Program Files\Vuze\Azureus.exe" -> C:\Program Files\Vuze\Azureus.exe [C:\Program Files\Vuze\Azureus.exe:*:Enabled:Azureus / Vuze] -> [2010/01/13 11:42:06 | 000,232,896 | ---- | M | MD5 = BAF503FEDF00C58C123B100CDA7A7D4F] (Vuze Inc.)
"C:\Program Files\Xfire\Xfire.exe" -> C:\Program Files\Xfire\Xfire.exe [C:\Program Files\Xfire\Xfire.exe:*:Enabled:Xfire] -> [2009/11/05 19:14:36 | 003,152,272 | ---- | M | MD5 = C50C04CEDE8102679D8B0265C9DE3EDE] (Xfire Inc.)
"C:\Riot Games\League of Legends\air\LolClient.exe" -> C:\Riot Games\League of Legends\air\LolClient.exe [C:\Riot Games\League of Legends\air\LolClient.exe:*:Enabled:League of Legends Lobby] -> [2010/05/22 14:50:54 | 000,081,408 | ---- | M | MD5 = 34F3AF061D6D7470FC17699B90884FA6] ()
"C:\Riot Games\League of Legends\game\League of Legends.exe" -> C:\Riot Games\League of Legends\game\League of Legends.exe [C:\Riot Games\League of Legends\game\League of Legends.exe:*:Enabled:League of Legends Game Client] -> [2010/07/27 17:11:08 | 007,397,376 | ---- | M | MD5 = 6673DEBE1199E7E646B37511B3EB3328] ()
< SafeBoot AlternateShell [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot ->
< CDROM Autorun Setting [HKEY_LOCAL_MACHINE]> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom ->
"AutoRun" -> 1 ->

crucifix676
Novice
Novice

Posts Posts : 49
Joined Joined : 2010-06-22
OS OS : Windows XP
Points Points : 24303
# Likes # Likes : 0

View user profile

Back to top Go down

Re: Google Redirecting Malware

Post by crucifix676 on Wed Jul 28, 2010 11:24 am

"DisplayName" -> CD-ROM Driver ->
"ImagePath" -> [system32\DRIVERS\cdrom.sys] -> File not found
< Drives with AutoRun files > -> ->
C:\AUTOEXEC.BAT [PATH=%PATH%;C:\PROGRA~1\COMMON~1\MUVEET~1\030625 | PATH=%PATH%;C:\PROGRA~1\COMMON~1\MUVEET~1\030625 | ] -> C:\AUTOEXEC.BAT [ NTFS ] -> [2006/06/17 21:59:03 | 000,000,100 | ---- | M | MD5 = E7EB038D6FFE32C75E0509E5212358E1] ()
D:\AUTOEXEC.BAT [] -> D:\AUTOEXEC.BAT [ FAT32 ] -> [2001/07/27 15:07:38 | 000,000,000 | -HS- | M | MD5 = D41D8CD98F00B204E9800998ECF8427E] ()
D:\Autorun.inf [[AUTORUN] | ShellExecute=Info.exe protect.ed 480 480 | ] -> D:\Autorun.inf [ FAT32 ] -> [2004/04/30 07:01:14 | 000,000,053 | -HS- | M | MD5 = 8ABA234578AFF1B6CCB8C245503E03F1] ()
< MountPoints2 [HKEY_CURRENT_USER] > -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2 ->
\{74730cf3-2ece-11de-98c0-001731cd350c}
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{74730cf3-2ece-11de-98c0-001731cd350c}\Shell
\{74730cf3-2ece-11de-98c0-001731cd350c}\Shell\"" -> [AutoRun] -> File not found
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{74730cf3-2ece-11de-98c0-001731cd350c}\Shell\AutoRun
\{74730cf3-2ece-11de-98c0-001731cd350c}\Shell\AutoRun\"" -> [Auto&Play] -> File not found
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{74730cf3-2ece-11de-98c0-001731cd350c}\Shell\AutoRun\command
\{74730cf3-2ece-11de-98c0-001731cd350c}\Shell\AutoRun\command\"" -> K:\LaunchU3.exe [K:\LaunchU3.exe -a] -> File not found
\{b3a315f3-4a7a-11de-98e7-001731cd350c}
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{b3a315f3-4a7a-11de-98e7-001731cd350c}\Shell\AutoRun\command
\{b3a315f3-4a7a-11de-98e7-001731cd350c}\Shell\AutoRun\command\"" -> [∑ň] -> File not found
\{b3a315f3-4a7a-11de-98e7-001731cd350c}
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{b3a315f3-4a7a-11de-98e7-001731cd350c}\Shell\explore\Command
\{b3a315f3-4a7a-11de-98e7-001731cd350c}\Shell\explore\Command\"" -> [RECYCLER\INFO.exe] -> File not found
\{b3a315f3-4a7a-11de-98e7-001731cd350c}
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{b3a315f3-4a7a-11de-98e7-001731cd350c}\Shell\open\Command
\{b3a315f3-4a7a-11de-98e7-001731cd350c}\Shell\open\Command\"" -> [RECYCLER\INFO.exe] -> File not found
< Registry Shell Spawning - Select to Repair > -> HKEY_LOCAL_MACHINE\SOFTWARE\Classes\\shell\[command]\command ->
comfile [open] -> "%1" %* ->
exefile [open] -> "%1" %* ->
< File Associations - Select to Repair > -> HKEY_LOCAL_MACHINE\SOFTWARE\Classes\\ ->
.com [@ = comfile] -> "%1" %* ->
.exe [@ = exefile] -> "%1" %* ->
< File Associations - Select to Repair > -> HKEY_USERS\S-1-5-21-2239381086-1206112939-3159093799-1008\SOFTWARE\Classes\\ ->
.exe [@ = exefile] -> Reg Error: Key error. -> File not found

[Registry - Additional Scans - Safe List]
< Disabled MSConfig Services [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\services ->
"avg9wd" -> ->
"LiveUpdate" -> ->
"XobniService" -> ->
< Disabled MSConfig Registry Items [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\ ->
AVG9_TRAY hkey=HKLM key=SOFTWARE\Microsoft\Windows\CurrentVersion\Run -> C:\PROGRA~1\AVG\AVG9\avgtray.exe -> File not found
< Disabled MSConfig State [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\state ->
"bootini" -> 0 ->
"services" -> 2 ->
"startup" -> 2 ->
"system.ini" -> 0 ->
"win.ini" -> 0 ->
< Drivers32 [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Drivers32 ->
"msacm.iac2" -> C:\WINDOWS\system32\iac25_32.ax [C:\WINDOWS\system32\iac25_32.ax] -> [2008/04/13 17:12:42 | 000,199,680 | ---- | M | MD5 = 877C90686858D899B042BBA45E9B7F2C] (Intel Corporation)
"msacm.l3acm" -> C:\WINDOWS\system32\l3codeca.acm [C:\WINDOWS\system32\l3codeca.acm] -> [2010/01/29 07:43:39 | 000,307,260 | ---- | M | MD5 = F3946B534CC197CBFFD9A2ECFD1F556F] (Fraunhofer Institut Integrierte Schaltungen IIS)
"msacm.sl_anet" -> C:\WINDOWS\System32\sl_anet.acm [sl_anet.acm] -> [2008/04/13 17:10:50 | 000,086,016 | ---- | M | MD5 = 0DBB250A89E2E1C9281009AC269F0805] (Sipro Lab Telecom Inc.)
"msacm.trspch" -> C:\WINDOWS\System32\tssoft32.acm [tssoft32.acm] -> [2004/08/09 21:00:00 | 000,008,192 | ---- | M | MD5 = E8CD0D7E169ECCE2D4FD829DAAB786ED] (DSP GROUP, INC.)
"MSVideo8" -> C:\WINDOWS\System32\vfwwdm32.dll [VfWWDM32.dll] -> [2008/04/13 17:12:08 | 000,053,760 | ---- | M | MD5 = E2A57AC21705D3A05BB89BE201FA5C0C] (Microsoft Corporation)
"vidc.cvid" -> C:\WINDOWS\System32\iccvid.dll [iccvid.dll] -> [2008/04/13 17:11:54 | 000,080,384 | ---- | M | MD5 = 7E86D471EF8DED7B9D15106002120271] (Radius Inc.)
"vidc.iv31" -> C:\WINDOWS\System32\ir32_32.dll [ir32_32.dll] -> [2004/08/09 21:00:00 | 000,199,168 | ---- | M | MD5 = 43ECA1576906BA76FB3E329A338A3CAE] ()
"vidc.iv32" -> C:\WINDOWS\System32\ir32_32.dll [ir32_32.dll] -> [2004/08/09 21:00:00 | 000,199,168 | ---- | M | MD5 = 43ECA1576906BA76FB3E329A338A3CAE] ()
"vidc.iv41" -> C:\WINDOWS\System32\ir41_32.ax [ir41_32.ax] -> [2008/04/13 17:12:42 | 000,848,384 | ---- | M | MD5 = 948E1498C6438625247F94534AAA82FE] (Intel Corporation)
"vidc.iv50" -> C:\WINDOWS\System32\ir50_32.dll [ir50_32.dll] -> [2008/04/13 17:11:55 | 000,755,200 | ---- | M | MD5 = 5F10DC19D92CCF6B719B494572F4F74B] (Intel Corporation)
"vidc.LEAD" -> C:\WINDOWS\System32\LCodcCMP.dll [LCODCCMP.DLL] -> [2002/04/24 18:42:18 | 000,364,544 | ---- | M | MD5 = 021C3E651ACDB0C71498259C208FCCAC] (LEAD Technologies, Inc.)
"VIDC.XFR1" -> C:\WINDOWS\System32\xfcodec.dll [xfcodec.dll] -> [2009/11/05 19:14:42 | 000,041,872 | ---- | M | MD5 = DB614EBCA3231C2773181075BA96F8A5] ()
< Ext (PreApproved) - [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\ ->
{02BCC737-B171-4746-94C9-0D8A0B2C0089} [HKLM] -> C:\Program Files\Microsoft Office\Office12\IEAWSDC.DLL [Microsoft Office Template and Media Control] -> [2008/10/25 06:18:50 | 000,172,880 | ---- | M | MD5 = E6BC6BA065287D7B6C22D9231E80AF3B] ()
{02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} [HKLM] -> C:\Program Files\QuickTime\QTPlugin.ocx [QuickTime Object] -> [2010/03/17 23:28:24 | 000,800,048 | ---- | M | MD5 = AD99EC8908185A02307CF071EF7BD9CF] (Apple Inc.)
{075A24FD-4418-4841-9C3A-55CD5FFDE375} [HKLM] -> C:\Documents and Settings\All Users\Application Data\NexonUS\NGM\nxgameus.dll [CNxGameControl Object] -> [2010/06/13 13:23:13 | 000,126,976 | ---- | M | MD5 = 6138AFA7A62BFCBE84ED024861E5DADD] (Nexon)
{07B06095-5687-4D13-9E32-12B4259C9813} [HKLM] -> C:\Program Files\Microsoft Office\Office12\STSUPLD.DLL [STSUpld UploadCtl Class] -> [2006/10/26 19:59:30 | 000,227,128 | ---- | M | MD5 = 40A2F9DBE7434EB9B866D4B67FCA6C5B] (Microsoft Corporation)
{0D012ABD-CEED-11D2-9C76-00105AA73033} [HKLM] -> C:\Program Files\Microsoft Office\Office12\GrooveDocumentShareTool.dll [Groove DocumentShareView] -> [2009/02/14 06:03:38 | 003,070,832 | ---- | M | MD5 = ECA43292F8C283A96756A95DAA2BF93B] (Microsoft Corporation)
{31261F21-2B16-45EE-BEAB-07C4CFA18B65} [HKLM] -> Reg Error: Key error. [Reg Error: Key error.] -> File not found
{3FD37ABB-F90A-4DE5-AA38-179629E64C2F} [HKLM] -> C:\Program Files\Microsoft Office\Office12\OWSSUPP.DLL [SharePoint Spreadsheet Launcher] -> [2009/03/06 04:23:08 | 000,140,168 | ---- | M | MD5 = 29598106730A792694FA91E1184E5501] (Microsoft Corporation)
{4063BE15-3B08-470D-A0D5-B37161CFFD69} [HKLM] -> C:\Program Files\QuickTime\QTPlugin.ocx [QuickTime Object] -> [2010/03/17 23:28:24 | 000,800,048 | ---- | M | MD5 = AD99EC8908185A02307CF071EF7BD9CF] (Apple Inc.)
{444785F1-DE89-4295-863A-D46C3A781394} [HKLM] -> C:\Program Files\Unity\WebPlayer\loader\UnityWebPluginAX.ocx [UnityWebPlayer Control] -> [2009/01/12 11:22:56 | 000,508,656 | ---- | M | MD5 = B30F43E9E5ABF7B4B74AAD4D7A444E7C] (Unity Technologies ApS)
{56A58823-AE99-11D5-B90B-0050DACD1F75} [HKLM] -> C:\Program Files\Microsoft Office\Office12\GrooveCommonComponents.dll [Groove Data List Display] -> [2009/02/14 06:03:28 | 002,687,336 | ---- | M | MD5 = 9E1E3647CDE6AF66D3CD634624A99365] (Microsoft Corporation)
{5852F5ED-8BF4-11D4-A245-0080C6F74284} [HKLM] -> C:\Program Files\Java\jre6\bin\wsdetect.dll [isInstalled Class] -> [2010/04/24 02:57:45 | 000,108,320 | ---- | M | MD5 = 1C9FADA9BB66DFFC55E3628AD505931F] (Sun Microsystems, Inc.)
{5F5F9FB8-878E-4455-95E0-F64B2314288A} [HKLM] -> C:\WINDOWS\system32\ijjiPlugin2.dll [ijjiPlugin2 Class] -> [2008/06/12 00:01:48 | 000,058,800 | ---- | M | MD5 = C9E022659AB6AA3573753BFE2DF7652B] (NHN USA Corp.)
{62B4D041-4667-40B6-BB50-4BC0A5043A73} [HKLM] -> C:\Program Files\Microsoft Office\Office12\OWSSUPP.DLL [SharePoint Export Database Launcher] -> [2009/03/06 04:23:08 | 000,140,168 | ---- | M | MD5 = 29598106730A792694FA91E1184E5501] (Microsoft Corporation)
{65BCBEE4-7728-41A0-97BE-14E1CAE36AAE} [HKLM] -> C:\Program Files\Microsoft Office\Office12\STSLIST.DLL [Microsoft Office List 12.0] -> [2009/03/06 03:01:06 | 002,335,648 | ---- | M | MD5 = 573689497BF82AD0FEAF4581AB6E4042] (Microsoft Corporation)
{68979310-D979-4CCA-AB57-83BEFB03E0D3} [HKLM] -> Reg Error: Key error. [Reg Error: Key error.] -> File not found
{761497BB-D6F0-462C-B6EB-D4DAF1D92D43} [HKLM] -> Reg Error: Key error. [Reg Error: Key error.] -> File not found
{8075631E-5146-11D5-A672-00B0D022E945} [HKLM] -> C:\Program Files\Microsoft Office\Office12\INLAUNCH.DLL [SharepointOpenXMLDocuments] -> [2009/03/06 04:26:06 | 000,065,400 | ---- | M | MD5 = E34C3EAC482B0FE3913E23FC2E85424C] (Microsoft Corporation)
{8AD9C840-044E-11D1-B3E9-00805F499D93} [HKLM] -> C:\Program Files\Java\jre6\bin\npjpi160_20.dll [Java Plug-in 1.6.0_20] -> [2010/04/24 02:57:44 | 000,136,992 | ---- | M | MD5 = E06930C34F16C8AD24AD79502F40026A] (Sun Microsystems, Inc.)
{9203C2CB-1DC1-482D-967E-597AFF270F0D} [HKLM] -> C:\Program Files\Microsoft Office\Office12\OWSSUPP.DLL [SharePoint OpenDocuments Class] -> [2009/03/06 04:23:08 | 000,140,168 | ---- | M | MD5 = 29598106730A792694FA91E1184E5501] (Microsoft Corporation)
{9E21141C-E51F-4fc1-949E-757AF5EFF420} [HKLM] -> C:\Documents and Settings\All Users\Application Data\NexonUS\NGM\nxgameus.dll [CNxMachineControl Object] -> [2010/06/13 13:23:13 | 000,126,976 | ---- | M | MD5 = 6138AFA7A62BFCBE84ED024861E5DADD] (Nexon)
{9F9C4924-C3F3-4459-A396-9E9E0D8B83D1} [HKLM] -> Reg Error: Key error. [SharePoint OpenDocuments Class] -> File not found
{BDEADE3E-C265-11D0-BCED-00A0C90AB50F} [HKLM] -> C:\Program Files\Microsoft Office\Office12\OWSCLT.DLL [OWSClientEventSubscription Class] -> [2008/11/21 02:34:20 | 000,798,584 | ---- | M | MD5 = 7A61912304B78F99CB1E6E311FEFF253] (Microsoft Corporation)
{BDEADE3F-C265-11D0-BCED-00A0C90AB50F} [HKLM] -> C:\Program Files\Microsoft Office\Office12\OWSCLT.DLL [OWSClientMiscApis Class] -> [2008/11/21 02:34:20 | 000,798,584 | ---- | M | MD5 = 7A61912304B78F99CB1E6E311FEFF253] (Microsoft Corporation)
{BDEADE40-C265-11D0-BCED-00A0C90AB50F} [HKLM] -> C:\Program Files\Microsoft Office\Office12\OWSCLT.DLL [OWSClientCommentThread Class] -> [2008/11/21 02:34:20 | 000,798,584 | ---- | M | MD5 = 7A61912304B78F99CB1E6E311FEFF253] (Microsoft Corporation)
{BDEADE42-C265-11D0-BCED-00A0C90AB50F} [HKLM] -> C:\Program Files\Microsoft Office\Office12\OWSCLT.DLL [OWSClientComment Class] -> [2008/11/21 02:34:20 | 000,798,584 | ---- | M | MD5 = 7A61912304B78F99CB1E6E311FEFF253] (Microsoft Corporation)
{BDEADE43-C265-11D0-BCED-00A0C90AB50F} [HKLM] -> C:\Program Files\Microsoft Office\Office12\OWSCLT.DLL [OWSBrowserUI Class] -> [2008/11/21 02:34:20 | 000,798,584 | ---- | M | MD5 = 7A61912304B78F99CB1E6E311FEFF253] (Microsoft Corporation)
{BDEADE98-C265-11D0-BCED-00A0C90AB50F} [HKLM] -> C:\Program Files\Microsoft Office\Office12\OWSCLT.DLL [OWS Post Data] -> [2008/11/21 02:34:20 | 000,798,584 | ---- | M | MD5 = 7A61912304B78F99CB1E6E311FEFF253] (Microsoft Corporation)
{BDEADE9E-C265-11D0-BCED-00A0C90AB50F} [HKLM] -> C:\Program Files\Microsoft Office\Office12\OWSCLT.DLL [SharePoint Spreadsheet Launcher] -> [2008/11/21 02:34:20 | 000,798,584 | ---- | M | MD5 = 7A61912304B78F99CB1E6E311FEFF253] (Microsoft Corporation)
{BDEADEB3-C265-11D0-BCED-00A0C90AB50F} [HKLM] -> C:\Program Files\Microsoft Office\Office12\OWSCLT.DLL [Web Discussions] -> [2008/11/21 02:34:20 | 000,798,584 | ---- | M | MD5 = 7A61912304B78F99CB1E6E311FEFF253] (Microsoft Corporation)
{BDEADEB4-C265-11D0-BCED-00A0C90AB50F} [HKLM] -> C:\Program Files\Microsoft Office\Office12\OWSCLT.DLL [Web Discussions] -> [2008/11/21 02:34:20 | 000,798,584 | ---- | M | MD5 = 7A61912304B78F99CB1E6E311FEFF253] (Microsoft Corporation)
{BDEADEB5-C265-11D0-BCED-00A0C90AB50F} [HKLM] -> C:\Program Files\Microsoft Office\Office12\OWSCLT.DLL [Web Discussions] -> [2008/11/21 02:34:20 | 000,798,584 | ---- | M | MD5 = 7A61912304B78F99CB1E6E311FEFF253] (Microsoft Corporation)
{BDEADEB7-C265-11D0-BCED-00A0C90AB50F} [HKLM] -> C:\Program Files\Microsoft Office\Office12\OWSCLT.DLL [OWSDiscussionServers Class] -> [2008/11/21 02:34:20 | 000,798,584 | ---- | M | MD5 = 7A61912304B78F99CB1E6E311FEFF253] (Microsoft Corporation)
{BDEADEB8-C265-11D0-BCED-00A0C90AB50F} [HKLM] -> C:\Program Files\Microsoft Office\Office12\OWSCLT.DLL [OWSClientCollaboration Class] -> [2008/11/21 02:34:20 | 000,798,584 | ---- | M | MD5 = 7A61912304B78F99CB1E6E311FEFF253] (Microsoft Corporation)
{BDEADEDA-C265-11D0-BCED-00A0C90AB50F} [HKLM] -> C:\Program Files\Microsoft Office\Office12\OWSCLT.DLL [OSE.Discussion] -> [2008/11/21 02:34:20 | 000,798,584 | ---- | M | MD5 = 7A61912304B78F99CB1E6E311FEFF253] (Microsoft Corporation)
{BDEADEDB-C265-11D0-BCED-00A0C90AB50F} [HKLM] -> C:\Program Files\Microsoft Office\Office12\OWSCLT.DLL [OSE.Discussions] -> [2008/11/21 02:34:20 | 000,798,584 | ---- | M | MD5 = 7A61912304B78F99CB1E6E311FEFF253] (Microsoft Corporation)
{BDEADEDC-C265-11D0-BCED-00A0C90AB50F} [HKLM] -> C:\Program Files\Microsoft Office\Office12\OWSCLT.DLL [OSE.DiscussionServer] -> [2008/11/21 02:34:20 | 000,798,584 | ---- | M | MD5 = 7A61912304B78F99CB1E6E311FEFF253] (Microsoft Corporation)
{BDEADEDD-C265-11D0-BCED-00A0C90AB50F} [HKLM] -> C:\Program Files\Microsoft Office\Office12\OWSCLT.DLL [OSE.DiscussionServers] -> [2008/11/21 02:34:20 | 000,798,584 | ---- | M | MD5 = 7A61912304B78F99CB1E6E311FEFF253] (Microsoft Corporation)
{BDEADEDE-C265-11D0-BCED-00A0C90AB50F} [HKLM] -> C:\Program Files\Microsoft Office\Office12\OWSCLT.DLL [OSE Global Class] -> [2008/11/21 02:34:20 | 000,798,584 | ---- | M | MD5 = 7A61912304B78F99CB1E6E311FEFF253] (Microsoft Corporation)
{BDEADEE0-C265-11D0-BCED-00A0C90AB50F} [HKLM] -> C:\Program Files\Microsoft Office\Office12\OWSCLT.DLL [OWSDiscussionBar Class] -> [2008/11/21 02:34:20 | 000,798,584 | ---- | M | MD5 = 7A61912304B78F99CB1E6E311FEFF253] (Microsoft Corporation)
{BDEADEF2-C265-11D0-BCED-00A0C90AB50F} [HKLM] -> Reg Error: Key error. [SharePoint OpenDocuments Class] -> File not found
{BDEADEF4-C265-11D0-BCED-00A0C90AB50F} [HKLM] -> Reg Error: Key error. [SharePoint Stssync Handler] -> File not found
{BDEADEF5-C265-11D0-BCED-00A0C90AB50F} [HKLM] -> C:\Program Files\Microsoft Office\Office12\OWSSUPP.DLL [SharePoint Stssync Handler] -> [2009/03/06 04:23:08 | 000,140,168 | ---- | M | MD5 = 29598106730A792694FA91E1184E5501] (Microsoft Corporation)
{C901354A-DFBC-4297-9BC2-22D499A916D5} [HKLM] -> C:\WINDOWS\Downloaded Program Files\ijjisetup1010.dll [ijjiSetupCtrl1010 Class] -> [2008/06/12 00:01:50 | 000,112,048 | ---- | M | MD5 = B50757D650D5279DF72522C245E9C666] ()
{C9712B19-838B-45A5-ABF2-9A315DDDED50} [HKLM] -> C:\Program Files\Microsoft Office\Office12\AUTHZAX.DLL [Microsoft Office 12 Authorization Control] -> [2008/10/25 06:18:46 | 000,054,152 | ---- | M | MD5 = 96ED72080E20A360AB0D2597D1AC4EF6] (Microsoft Corporation)
{CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA} [HKLM] -> Reg Error: Key error. [Reg Error: Value error.] -> File not found
{CAFEEFAC-0016-0000-0005-ABCDEFFEDCBB} [HKLM] -> Reg Error: Key error. [Reg Error: Key error.] -> File not found
{CAFEEFAC-0016-0000-0005-ABCDEFFEDCBC} [HKLM] -> Reg Error: Key error. [Reg Error: Key error.] -> File not found
{CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} [HKLM] -> C:\Program Files\Java\jre1.6.0_07\bin\npjpi160_07.dll [Java Plug-in 1.6.0_07] -> [2008/06/10 04:27:02 | 000,132,496 | ---- | M | MD5 = 7C83A2809E13950359189767AC9D5DB8] (Sun Microsystems, Inc.)
{CAFEEFAC-0016-0000-0007-ABCDEFFEDCBB} [HKLM] -> C:\Program Files\Java\jre1.6.0_07\bin\npjpi160_07.dll [Java Plug-in 1.6.0_07] -> [2008/06/10 04:27:02 | 000,132,496 | ---- | M | MD5 = 7C83A2809E13950359189767AC9D5DB8] (Sun Microsystems, Inc.)
{CAFEEFAC-0016-0000-0007-ABCDEFFEDCBC} [HKLM] -> C:\Program Files\Java\jre1.6.0_07\bin\npjpi160_07.dll [Java Plug-in 1.6.0_07] -> [2008/06/10 04:27:02 | 000,132,496 | ---- | M | MD5 = 7C83A2809E13950359189767AC9D5DB8] (Sun Microsystems, Inc.)
{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} [HKLM] -> C:\Program Files\Java\jre6\bin\npjpi160_20.dll [Java Plug-in 1.6.0_20] -> [2010/04/24 02:57:44 | 000,136,992 | ---- | M | MD5 = E06930C34F16C8AD24AD79502F40026A] (Sun Microsystems, Inc.)
{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBB} [HKLM] -> C:\Program Files\Java\jre6\bin\npjpi160_20.dll [Java Plug-in 1.6.0_20] -> [2010/04/24 02:57:44 | 000,136,992 | ---- | M | MD5 = E06930C34F16C8AD24AD79502F40026A] (Sun Microsystems, Inc.)
{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBC} [HKLM] -> C:\Program Files\Java\jre6\bin\npjpi160_20.dll [Java Plug-in 1.6.0_20] -> [2010/04/24 02:57:44 | 000,136,992 | ---- | M | MD5 = E06930C34F16C8AD24AD79502F40026A] (Sun Microsystems, Inc.)
{CAFEEFAC-DEC7-0000-0000-ABCDEFFEDCBA} [HKLM] -> C:\WINDOWS\system32\deployJava1.dll [Deployment Toolkit] -> [2010/04/24 02:57:40 | 000,411,368 | ---- | M | MD5 = B8F7C6CA5F8E97249853DBE1DADD1FBC] (Sun Microsystems, Inc.)
{CAFEEFAC-DEC7-0000-0001-ABCDEFFEDCBA} [HKLM] -> C:\WINDOWS\system32\deployJava1.dll [Deployment Toolkit] -> [2010/04/24 02:57:40 | 000,411,368 | ---- | M | MD5 = B8F7C6CA5F8E97249853DBE1DADD1FBC] (Sun Microsystems, Inc.)
{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBC} [HKLM] -> Reg Error: Key error. [Reg Error: Key error.] -> File not found
{CB927D12-4FF7-4A9E-A169-56E4B8A75598} [HKLM] -> C:\Program Files\QuickTime\QTPlugin.ocx [Behavior Object] -> [2010/03/17 23:28:24 | 000,800,048 | ---- | M | MD5 = AD99EC8908185A02307CF071EF7BD9CF] (Apple Inc.)
{CDEC13B2-0B3C-400E-B909-E27EE89C6799} [HKLM] -> C:\Program Files\Microsoft Office\Office12\STSUPLD.DLL [STSUpld CopyCtl Class] -> [2006/10/26 19:59:30 | 000,227,128 | ---- | M | MD5 = 40A2F9DBE7434EB9B866D4B67FCA6C5B] (Microsoft Corporation)
{D719897A-B07A-4C0C-AEA9-9B663A28DFCB} [HKLM] -> C:\Program Files\iTunes\ITDetector.ocx [iTunesDetector Class] -> [2010/07/16 07:41:50 | 000,111,912 | ---- | M | MD5 = 1E0420B5062B4D4E1C13C931CE5084BE] (Apple Inc.)
{DFEAF541-F3E1-4c24-ACAC-99C30715084A} [HKLM] -> c:\Program Files\Microsoft Silverlight\4.0.50524.0\npctrl.dll [Microsoft Silverlight] -> [2010/05/23 23:30:20 | 001,013,760 | ---- | M | MD5 = 2CB7C019A1AB8EA3D281C9606D097331] ( Microsoft Corporation)
{E01D1C6A-4F40-11D3-8958-00105A272DCF} [HKLM] -> C:\Program Files\Microsoft Office\Office12\GrooveTextTools.dll [Groove Text View] -> [2009/02/14 06:03:54 | 001,161,568 | ---- | M | MD5 = 53BABBB23E0A507C79D2FB488EABBBD9] (Microsoft Corporation)
{E543A17A-F212-49C0-B63D-BF09B460250E} [HKLM] -> C:\Program Files\Microsoft Office\Office12\oisctrl.dll [OISClientLauncher Class] -> [2009/03/06 04:23:50 | 000,022,432 | ---- | M | MD5 = EA9E5B8D043D01851977B6D4C4C8F2A8] (Microsoft Corporation)
{E7339A62-0E31-4A5E-BA3D-F2FEDFBF8BE5} [HKLM] -> C:\Program Files\Common Files\Microsoft Shared\Portal\PortalConnectCore.dll [PersonalSite Class] -> [2008/10/26 05:42:16 | 000,482,656 | ---- | M | MD5 = 2569192656E36C43D807DC37D5335919] ()
{F8160836-0C11-4CA4-AD87-944542C7BCBD} [HKLM] -> C:\WINDOWS\system32\PubPlugin.dll [PubPlugin Class] -> [2008/04/23 15:02:12 | 000,157,152 | ---- | M | MD5 = 34E6B5C841396089053F129E6B904DBF] (NHN Corporation)
< Ext (Settings) - [HKEY_CURRENT_USER] > -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Settings\ ->
{BDD307C3-7BC0-4542-9F8F-A9611FE6C1BF} [HKLM] -> C:\WINDOWS\system32\proctexe.ocx [Additive Surface] -> [2008/04/13 17:10:35 | 000,081,920 | ---- | M | MD5 = CF645DD270F3A7DBA0AB0B282FFA4526] (Intel Corporation)
< Ext (Stats) - [HKEY_CURRENT_USER] > -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\ ->
{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} [HKLM] -> C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll [Adobe PDF Reader Link Helper] -> [2006/12/18 04:16:42 | 000,059,032 | ---- | M | MD5 = 4EA3A6CD9D20584FFAFDB1E47DBF0E20] (Adobe Systems Incorporated)
{08B0E5C0-4FCB-11CF-AAA5-00401C608501} [HKLM] -> Reg Error: Key error. [Reg Error: Value error.] -> File not found
{201F27D4-3704-41D6-89C1-AA35E39143ED} [HKLM] -> Reg Error: Key error. [Reg Error: Key error.] -> File not found
{2318C2B1-4965-11D4-9B18-009027A5CD4F} [HKLM] -> Reg Error: Key error. [Reg Error: Key error.] -> File not found
{2670000A-7350-4F3C-8081-5663EE0C6C49} [HKLM] -> Reg Error: Key error. [Reg Error: Key error.] -> File not found
{2D360201-FFF5-11D1-8D03-00A0C959BC0A} [HKLM] -> C:\Program Files\Common Files\Microsoft Shared\Triedit\dhtmled.ocx [DHTML Edit Control Safe for Scripting for IE5] -> [2009/07/27 15:27:12 | 000,128,512 | ---- | M | MD5 = AB2618C157C8D7BC89BA3402C6E52638] (Microsoft Corporation)
{3041D03E-FD4B-44E0-B742-2D9B88305F98} [HKLM] -> C:\Program Files\AskBarDis\bar\bin\askBar.dll [Ask Toolbar] -> File not found
{3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} [HKLM] -> Reg Error: Key error. [Reg Error: Key error.] -> File not found
{5F5F9FB8-878E-4455-95E0-F64B2314288A} [HKLM] -> C:\WINDOWS\system32\ijjiPlugin2.dll [ijjiPlugin2 Class] -> [2008/06/12 00:01:48 | 000,058,800 | ---- | M | MD5 = C9E022659AB6AA3573753BFE2DF7652B] (NHN USA Corp.)
{72853161-30C5-4D22-B7F9-0BBC1D38A37E} [HKLM] -> C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll [Groove GFS Browser Helper] -> [2009/02/12 15:19:32 | 002,217,848 | ---- | M | MD5 = A6B5A41C0ED007AB6C43CAD899E533D8] (Microsoft Corporation)
{761497BB-D6F0-462C-B6EB-D4DAF1D92D43} [HKLM] -> Reg Error: Key error. [Reg Error: Key error.] -> File not found
{8FFBE65D-2C9C-4669-84BD-5829DC0B603C} [HKLM] -> Reg Error: Key error. [Reg Error: Value error.] -> File not found
{92780B25-18CC-41C8-B9BE-3C9C571A8263} [HKLM] -> Reg Error: Key error. [Reg Error: Key error.] -> File not found
{A3BC75A2-1F87-4686-AA43-5347D756017C} [HKLM] -> Reg Error: Key error. [Reg Error: Key error.] -> File not found
{A8F38D8D-E480-4D52-B7A2-731BB6995FDD} [HKLM] -> Reg Error: Key error. [Reg Error: Key error.] -> File not found
{AA58ED58-01DD-4D91-8333-CF10577473F7} [HKLM] -> Reg Error: Key error. [Reg Error: Key error.] -> File not found
{AAAE832A-5FFF-4661-9C8F-369692D1DCB9} [HKLM] -> C:\WINDOWS\pchealth\helpctr\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\plugin\WebHelper.dll [hpWebHelper Class] -> [2008/08/05 16:00:15 | 000,217,088 | ---- | M | MD5 = A0EF773AA00AFAF320E7404304EC5220] (TODO: )
{AF69DE43-7D58-4638-B6FA-CE66B5AD205D} [HKLM] -> Reg Error: Key error. [Reg Error: Key error.] -> File not found
{B821BF60-5C2D-41EB-92DC-3E4CCD3A22E4} [HKLM] -> C:\Program Files\Panda Security\Panda Security Toolbar\PandaSecurityDx.dll [Panda Security Toolbar] -> [2010/06/15 06:46:12 | 000,086,696 | ---- | M | MD5 = 26430378D083C787340EC434D0AF78C1] ()
{BF0118D4-63FF-4138-9327-F3028FB1A578} [HKLM] -> C:\WINDOWS\web\wallpaper\welcome\AWhelper.dll [Helper Class] -> File not found
{C4069E3A-68F1-403E-B40E-20066696354B} [HKLM] -> Reg Error: Key error. [Reg Error: Key error.] -> File not found
{C901354A-DFBC-4297-9BC2-22D499A916D5} [HKLM] -> C:\WINDOWS\Downloaded Program Files\ijjisetup1010.dll [ijjiSetupCtrl1010 Class] -> [2008/06/12 00:01:50 | 000,112,048 | ---- | M | MD5 = B50757D650D5279DF72522C245E9C666] ()
{CCC7A320-B3CA-4199-B1A6-9F516DD69829} [HKLM] -> Reg Error: Key error. [Reg Error: Key error.] -> File not found
{D0943516-5076-4020-A3B5-AEFAF26AB263} [HKLM] -> Reg Error: Key error. [Reg Error: Key error.] -> File not found
{D27CDB6E-AE6D-11CF-96B8-444553540000} [HKLM] -> C:\WINDOWS\system32\Macromed\Flash\Flash10b.ocx [Shockwave Flash Object] -> [2009/02/02 19:07:18 | 003,866,528 | R--- | M | Unable to obtain MD5] (Adobe Systems, Inc.)
{DFEAF541-F3E1-4C24-ACAC-99C30715084A} [HKLM] -> c:\Program Files\Microsoft Silverlight\4.0.50524.0\npctrl.dll [Microsoft Silverlight] -> [2010/05/23 23:30:20 | 001,013,760 | ---- | M | MD5 = 2CB7C019A1AB8EA3D281C9606D097331] ( Microsoft Corporation)
{E2D4D26B-0180-43A4-B05F-462D6D54C789} [HKLM] -> Reg Error: Key error. [Reg Error: Key error.] -> File not found
{E2E2DD38-D088-4134-82B7-F2BA38496583} [HKLM] -> Reg Error: Key error. [Reg Error: Key error.] -> File not found
{E9DA06F1-632C-462F-98B3-AF74B47DA727} [HKLM] -> Reg Error: Key error. [Reg Error: Key error.] -> File not found
{F0D4B231-DA4B-4DAF-81E4-DFEE4931A4AA} [HKLM] -> Reg Error: Key error. [Reg Error: Key error.] -> File not found
{F0D4B239-DA4B-4DAF-81E4-DFEE4931A4AA} [HKLM] -> Reg Error: Key error. [Reg Error: Key error.] -> File not found
{F1FF080D-12A3-439A-A2EF-4BA95A3148E8} [HKLM] -> Reg Error: Key error. [Reg Error: Key error.] -> File not found
{F31D1897-7EFD-4647-8687-E05894E382AB} [HKLM] -> C:\WINDOWS\system32\runclose.ocx [Runclose Control] -> [2003/04/07 13:22:14 | 000,045,056 | ---- | M | MD5 = 79A35CB5078C385AFCC0F8E7B79B9866] (Hewlett-Packard Company)
{F8160836-0C11-4CA4-AD87-944542C7BCBD} [HKLM] -> C:\WINDOWS\system32\PubPlugin.dll [PubPlugin Class] -> [2008/04/23 15:02:12 | 000,157,152 | ---- | M | MD5 = 34E6B5C841396089053F129E6B904DBF] (NHN Corporation)
{FB5F1910-F110-11D2-BB9E-00C04F795683} [HKLM] -> Reg Error: Key error. [Reg Error: Key error.] -> File not found
< File Associations - Select to Repair > -> HKEY_LOCAL_MACHINE\SOFTWARE\Classes\\ ->
.bat [@ = batfile] -> "%1" %* ->
.cmd [@ = cmdfile] -> "%1" %* ->
.com [@ = comfile] -> "%1" %* ->
.exe [@ = exefile] -> "%1" %* ->
.pif [@ = piffile] -> "%1" %* ->
.scr [@ = scrfile] -> "%1" /S ->
< File Associations - Select to Repair > -> HKEY_USERS\S-1-5-21-2239381086-1206112939-3159093799-1008\SOFTWARE\Classes\\ ->
.exe [@ = exefile] -> Reg Error: Key error. -> File not found
.html [@ = FirefoxHTML] -> C:\Program Files\Mozilla Firefox\firefox.exe -> [2010/07/22 19:06:53 | 000,910,296 | ---- | M | MD5 = BACCDA841C689D1CBA941F478E8ED24B] (Mozilla Corporation)
< HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SvcHost > -> ->
*netsvcs* -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SvcHost\\netsvcs ->
6to4 -> -> File not found
Ias -> -> File not found
Iprip -> -> File not found
Irmon -> -> File not found
NWCWorkstation -> -> File not found
Nwsapagent -> -> File not found
WmdmPmSp -> -> File not found

crucifix676
Novice
Novice

Posts Posts : 49
Joined Joined : 2010-06-22
OS OS : Windows XP
Points Points : 24303
# Likes # Likes : 0

View user profile

Back to top Go down

Re: Google Redirecting Malware

Post by crucifix676 on Wed Jul 28, 2010 11:24 am

*MultiFile Done* -> ->
< Protocol Filters [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Filter\ ->
text/xml:{807563E5-5146-11D5-A672-00B0D022E945} [HKLM] -> C:\Program Files\Common Files\Microsoft Shared\OFFICE12\MSOXMLMF.DLL[Microsoft Office InfoPath XML Mime Filter] -> [2008/10/25 09:27:54 | 000,044,408 | ---- | M | MD5 = 40F9FC39CCF5445F3075083380BD5421] (Microsoft Corporation)
< Protocol Handlers [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\ ->
belarc:{6318E0AB-2E93-11D1-B8ED-00608CC9A71F} [HKLM] -> C:\Program Files\Belarc\Advisor\System\BAVoilaX.dll[VoilaXctl Class] -> [2008/03/06 17:37:36 | 000,106,496 | ---- | M | MD5 = B66F539109299F530E534BF182232343] (Belarc, Inc.)
grooveLocalGWS:{88FED34C-F0CA-4636-A375-3CB6248B04CD} [HKLM] -> C:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dll[Local Groove Web Services Protocol] -> [2009/02/12 15:19:38 | 000,178,040 | ---- | M | MD5 = 68747446F9D982938DB6B110F2908271] (Microsoft Corporation)
ms-help:{314111c7-a502-11d2-bbca-00c04f8ec294} [HKLM] -> C:\Program Files\Common Files\Microsoft Shared\Help\hxds.dll[HxProtocol Class] -> [2006/10/26 13:45:02 | 000,873,216 | ---- | M | MD5 = 9E7370CC3D6A43942433F85D0E2BBDD8] (Microsoft Corporation)
skype4com:{FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} [HKLM] -> C:\Program Files\Common Files\Skype\Skype4COM.dll[IEProtocolHandler Class] -> [2009/10/09 13:11:14 | 001,959,208 | R--- | M | MD5 = 1E79B48BC50B99FDC0066860BCEFBC23] (Skype Technologies)
< SafeBoot-Minimal Settings > -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\ ->
{36FC9E60-C465-11CF-8056-444553540000} -> Universal Serial Bus controllers
{4D36E965-E325-11CE-BFC1-08002BE10318} -> CD-ROM Drive
{4D36E967-E325-11CE-BFC1-08002BE10318} -> DiskDrive
{4D36E969-E325-11CE-BFC1-08002BE10318} -> Standard floppy disk controller
{4D36E96A-E325-11CE-BFC1-08002BE10318} -> Hdc
{4D36E96B-E325-11CE-BFC1-08002BE10318} -> Keyboard
{4D36E96F-E325-11CE-BFC1-08002BE10318} -> Mouse
{4D36E977-E325-11CE-BFC1-08002BE10318} -> PCMCIA Adapters
{4D36E97B-E325-11CE-BFC1-08002BE10318} -> SCSIAdapter
{4D36E97D-E325-11CE-BFC1-08002BE10318} -> System
{4D36E980-E325-11CE-BFC1-08002BE10318} -> Floppy disk drive
{533C5B84-EC70-11D2-9505-00C04F79DEAF} -> Volume shadow copy
{71A27CDD-812A-11D0-BEC7-08002BE2092F} -> Volume
{745A17A0-74D3-11D0-B6FE-00A0C90F57DA} -> Human Interface Devices
Base -> Driver Group
Boot Bus Extender -> Driver Group
Boot file system -> Driver Group
File system -> Driver Group
Filter -> Driver Group
PCI Configuration -> Driver Group
PNP Filter -> Driver Group
Primary disk -> Driver Group
SCSI Class -> Driver Group
sermouse.sys -> Driver
System Bus Extender -> Driver Group
vds -> Service
vga.sys -> Driver
< SafeBoot-Network Settings > -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\ ->
{1a3e09be-1e45-494b-9174-d7385b45bbf5} -> Reg Error: Value error.
{36FC9E60-C465-11CF-8056-444553540000} -> Universal Serial Bus controllers
{4D36E965-E325-11CE-BFC1-08002BE10318} -> CD-ROM Drive
{4D36E967-E325-11CE-BFC1-08002BE10318} -> DiskDrive
{4D36E969-E325-11CE-BFC1-08002BE10318} -> Standard floppy disk controller
{4D36E96A-E325-11CE-BFC1-08002BE10318} -> Hdc
{4D36E96B-E325-11CE-BFC1-08002BE10318} -> Keyboard
{4D36E96F-E325-11CE-BFC1-08002BE10318} -> Mouse
{4D36E972-E325-11CE-BFC1-08002BE10318} -> Net
{4D36E973-E325-11CE-BFC1-08002BE10318} -> NetClient
{4D36E974-E325-11CE-BFC1-08002BE10318} -> NetService
{4D36E975-E325-11CE-BFC1-08002BE10318} -> NetTrans
{4D36E977-E325-11CE-BFC1-08002BE10318} -> PCMCIA Adapters
{4D36E97B-E325-11CE-BFC1-08002BE10318} -> SCSIAdapter
{4D36E97D-E325-11CE-BFC1-08002BE10318} -> System
{4D36E980-E325-11CE-BFC1-08002BE10318} -> Floppy disk drive
{71A27CDD-812A-11D0-BEC7-08002BE2092F} -> Volume
{745A17A0-74D3-11D0-B6FE-00A0C90F57DA} -> Human Interface Devices
Base -> Driver Group
Boot Bus Extender -> Driver Group
Boot file system -> Driver Group
File system -> Driver Group
Filter -> Driver Group
hitmanpro35 -> Reg Error: Value error.
hitmanpro35.sys -> Reg Error: Value error.
HitmanPro35Crusader -> Reg Error: Value error.
NDIS Wrapper -> Driver Group
NetBIOSGroup -> Driver Group
NetDDEGroup -> Driver Group
Network -> Driver Group
NetworkProvider -> Driver Group
PCI Configuration -> Driver Group
PNP Filter -> Driver Group
PNP_TDI -> Driver Group
Primary disk -> Driver Group
SCSI Class -> Driver Group
sermouse.sys -> Driver
Streams Drivers -> Driver Group
System Bus Extender -> Driver Group
TDI -> Driver Group
vga.sys -> Driver
< Security Center Settings > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center
\"FirstRunDisabled" -> [1] -> File not found
\"UpdatesDisableNotify" -> [0] -> File not found
\"AntiVirusOverride" -> [0] -> File not found
\"FirewallOverride" -> [0] -> File not found
\"AntiVirusDisableNotify" -> [0] -> File not found
\"FirewallDisableNotify" -> [0] -> File not found
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus\ -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus\ -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus\ -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus\ -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall\ -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus\ -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall\ -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus\ -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus\ -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall\ -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall
\Monitoring\SymantecFirewall\"DisableMonitoring" -> [1] -> File not found
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall\ -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus\ -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall\ -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall\ -> ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile
\"EnableFirewall" -> [1] -> File not found
\"DoNotAllowExceptions" -> [0] -> File not found
\"DisableNotifications" -> [0] -> File not found
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\ -> ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\ -> ->
< Winsock2 Catalogs [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\WinSock2\Parameters\ ->
NameSpace_Catalog5\Catalog_Entries\000000000004 [mdnsNSP] -> C:\Program Files\Bonjour\mdnsNSP.dll -> [2010/05/18 16:35:14 | 000,152,864 | ---- | M | MD5 = E19A4040E79BE0AACA971117378F7F2B] (Apple Inc.)
< Uninstall List [HKEY_LOCAL_MACHINE\] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\ ->
{048298C9-A4D3-490B-9FF9-AB023A9238F3} -> Steam
{0A65A3BD-54B5-4d0d-B084-7688507813F5} -> SlideShow
{0B33B738-AD79-4E32-90C5-E67BFB10BBFF} -> AiO_Scan
{0BF5FBE7-3907-4A1F-9E48-8B66E52850D6} -> TrayApp
{0CB9668D-F979-4F31-B8B8-67FE90F929F8} -> Bonjour
{0D499481-22C6-4B25-8AC2-6D3F6C885FB9} -> OpenOffice.org Installer 1.0
{1341D838-719C-4A05-B50F-49420CA1B4BB} -> HP Boot Optimizer
{15C0AF59-4877-49B6-B8C6-A61CE54515F5} -> cp_OnlineProjectsConfig
{1DCC7418-2089-4BDD-B321-3771956160FC} -> ijji Auto Installer
{1E1F1E70-14D8-4380-8652-BD1A895A7D65} -> Status
{1F1C2DFC-2D24-3E06-BCB8-725134ADF989} -> Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
{21199F32-B676-4FE2-A443-EF7DB6B8FD4F} -> Opera 10.10
{23012310-3E05-46A5-88A9-C6CBCABCAC79} -> Customer Experience Enhancement
{2376813B-2E5A-4641-B7B3-A0D5ADB55229} -> HPPhotoSmartExpress
{26A24AE4-039D-4CA4-87B4-2F83216020FF} -> Java(TM) 6 Update 20
{2818095F-FB6C-42C8-827E-0A406CC9AFF5} -> Quicken 2006
{28BE306E-5DA6-4F9C-BDB0-DBA3C8C6FFFD} -> QuickTime
{2C5D07FB-31A2-4F2D-9FDA-0B24ACD42BD0} -> HP Deskjet Printer Preload
{2E660A2A-A55F-43CD-9F73-CAD7382EEB78} -> Microsoft Games for Windows - LIVE Redistributable
{2F58D60D-2BFD-4467-9B4D-64E7355C329D} -> Sonic_PrimoSDK
{31263605-FC84-4787-B847-BA445B147E24} -> ScannerCopy
{3248F0A8-6813-11D6-A77B-00B0D0150050} -> J2SE Runtime Environment 5.0 Update 5
{3248F0A8-6813-11D6-A77B-00B0D0160050} -> Java(TM) 6 Update 5
{3248F0A8-6813-11D6-A77B-00B0D0160070} -> Java(TM) 6 Update 7
{33BF0960-DBA3-4187-B6CC-C969FCFA2D25} -> SkinsHP1
{33D6CC28-9F75-4d1b-A11D-98895B3A3729} -> HP Photosmart 330,380,420,470,7800,8000,8200 Series
{350C97B0-3D7C-4EE8-BAA9-00BCB3D54227} -> WebFldrs XP
{352F5013-07DC-446D-8DB6-38F339086C60} -> LightScribe 1.4.84.1
{36D620AD-EEBA-4973-BA86-0C9AE6396620} -> OptionalContentQFolder
{3CF99DC3-38FD-46E6-A6B4-9C70074E020C} -> DocumentViewer
{416D80BA-6F6D-4672-B7CF-F54DA2F80B44} -> Microsoft Works
{41E776A5-9B12-416D-9A12-B4F7B044EBED} -> CP_Package_Basic1
{45B8A76B-57EC-4242-B019-066400CD8428} -> BufferChm
{45D707E9-F3C4-11D9-A373-0050BAE317E1} -> HP DVD Play 2.1
{4A03706F-666A-4037-7777-5F2748764D10} -> Java Auto Updater
{4BE53DB2-C1F2-44D1-A9AB-1630BA7F2AF1} -> SolutionCenter
{51F96AEC-D902-4434-A0DC-B9692A21AE7C} -> MobileMe Control Panel
{54E3707F-808E-4fd4-95C9-15D1AB077E5D} -> NewCopy
{5B79CFD1-6845-4158-9D7D-6BE89DF2C135} -> HP PSC & OfficeJet 5.3.B
{5D61626A-BD55-4e42-82EE-4AE89D8FD050} -> HP Photosmart Cameras 6.0
{5FDD0538-C67A-4F67-B3F8-09D1AAF04D99} -> muvee autoProducer unPlugged 2.0
{6696D9A4-28A8-4F5A-8E9A-2E8974C8C39C} -> RandMap
{66A9D30D-1464-4C7F-B2F3-507DADAF2595} -> Microsoft IntelliPoint 6.3
{68763C27-235D-4165-A961-FDEA228CE504} -> AiOSoftwareNPI
{6956856F-B6B3-4BE0-BA0B-8F495BE32033} -> Apple Software Update
{69FDFBB6-351D-4B8C-89D8-867DC9D0A2A4} -> Windows Media Player Firefox Plugin
{6A118C80-B382-41c0-8907-CDD0BF5EFE6E} -> CameraDrivers
{7299052b-02a4-4627-81f2-1818da5d550d} -> Microsoft Visual C++ 2005 Redistributable
{729DF902-05F9-4C00-9E6D-411119824E5F} -> hpiCamDrvQFolder
{736C803C-DD3B-4015-BC51-AFB9E67B9076} -> Readme
{755EC5E3-FD51-46bd-A57F-7A2D56FBF061} -> PSTAPlugin
{769A295C-DCF4-41d6-AFBA-7D9394B23AFE} -> PSPrinters08
{7850A6D2-CBEA-4728-9877-F1BEDEA9F619} -> AiOSoftware
{789289CA-F73A-4A16-A331-54D498CE069F} -> Ventrilo Client
{8105684D-8CA6-440D-8F58-7E5FD67A499D} -> Easy Internet Sign-up
{82081779-4175-4666-A457-AB711CD37EF0} -> cp_LightScribeConfig
{829DAAD6-BB11-4BB7-921B-07FFB703F944} -> CP_Package_Variety3
{82E55892-6FFD-403F-AA97-D726846768AA} -> CP_AtenaShokunin1Config
{837b34e3-7c30-493c-8f6a-2b0f04e2912c} -> Microsoft Visual C++ 2005 Redistributable
{83AA9001-96CC-4D5A-A146-1EF64AE62B8A} -> Timeline Maker Student
{85991ED2-010C-4930-96FA-52F43C2CE98A} -> Apple Mobile Device Support
{866A0078-DEA7-4348-9C9A-999AF2991EAA} -> SlideShowMusic
{868EC22E-7E82-4760-9265-3F2E705BF24B} -> League of Legends
{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00} -> Microsoft Silverlight
{8A534F71-3202-4464-A422-B767295E67B9} -> CP_Package_Variety2
{8CE4E6E9-9D55-43FB-9DDB-688C976BFC05} -> Unload
{8DC069E7-893C-41E1-9442-DE89FEC33371} -> Xobni Core
{90120000-0010-0409-0000-0000000FF1CE} -> Microsoft Software Update for Web Folders (English) 12
{90120000-0015-0409-0000-0000000FF1CE} -> Microsoft Office Access MUI (English) 2007
{90120000-0015-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E} -> Microsoft Office 2007 Service Pack 2 (SP2)
{90120000-0016-0409-0000-0000000FF1CE} -> Microsoft Office Excel MUI (English) 2007
{90120000-0016-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E} -> Microsoft Office 2007 Service Pack 2 (SP2)
{90120000-0018-0409-0000-0000000FF1CE} -> Microsoft Office PowerPoint MUI (English) 2007
{90120000-0018-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E} -> Microsoft Office 2007 Service Pack 2 (SP2)
{90120000-0019-0409-0000-0000000FF1CE} -> Microsoft Office Publisher MUI (English) 2007
{90120000-0019-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E} -> Microsoft Office 2007 Service Pack 2 (SP2)
{90120000-001A-0409-0000-0000000FF1CE} -> Microsoft Office Outlook MUI (English) 2007
{90120000-001A-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E} -> Microsoft Office 2007 Service Pack 2 (SP2)
{90120000-001B-0409-0000-0000000FF1CE} -> Microsoft Office Word MUI (English) 2007
{90120000-001B-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E} -> Microsoft Office 2007 Service Pack 2 (SP2)
{90120000-001F-0409-0000-0000000FF1CE} -> Microsoft Office Proof (English) 2007
{90120000-001F-0409-0000-0000000FF1CE}_ENTERPRISE_{ABDDE972-355B-4AF1-89A8-DA50B7B5C045} -> Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
{90120000-001F-040C-0000-0000000FF1CE} -> Microsoft Office Proof (French) 2007
{90120000-001F-040C-0000-0000000FF1CE}_ENTERPRISE_{F580DDD5-8D37-4998-968E-EBB76BB86787} -> Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
{90120000-001F-0C0A-0000-0000000FF1CE} -> Microsoft Office Proof (Spanish) 2007
{90120000-001F-0C0A-0000-0000000FF1CE}_ENTERPRISE_{187308AB-5FA7-4F14-9AB9-D290383A10D9} -> Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
{90120000-002C-0409-0000-0000000FF1CE} -> Microsoft Office Proofing (English) 2007
{90120000-0030-0000-0000-0000000FF1CE} -> Microsoft Office Enterprise 2007
{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{0B36C6D6-F5D8-4EAF-BF94-4376A230AD5B} -> Microsoft Office 2007 Service Pack 2 (SP2)
{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{3D019598-7B59-447A-80AE-815B703B84FF} -> Security Update for Microsoft Office system 2007 (972581)
{90120000-0044-0409-0000-0000000FF1CE} -> Microsoft Office InfoPath MUI (English) 2007
{90120000-0044-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E} -> Microsoft Office 2007 Service Pack 2 (SP2)
{90120000-006E-0409-0000-0000000FF1CE} -> Microsoft Office Shared MUI (English) 2007
{90120000-006E-0409-0000-0000000FF1CE}_ENTERPRISE_{DE5A002D-8122-4278-A7EE-3121E7EA254E} -> Microsoft Office 2007 Service Pack 2 (SP2)
{90120000-00A1-0409-0000-0000000FF1CE} -> Microsoft Office OneNote MUI (English) 2007
{90120000-00A1-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E} -> Microsoft Office 2007 Service Pack 2 (SP2)
{90120000-00BA-0409-0000-0000000FF1CE} -> Microsoft Office Groove MUI (English) 2007
{90120000-00BA-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E} -> Microsoft Office 2007 Service Pack 2 (SP2)
{90120000-0114-0409-0000-0000000FF1CE} -> Microsoft Office Groove Setup Metadata MUI (English) 2007
{90120000-0114-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E} -> Microsoft Office 2007 Service Pack 2 (SP2)
{90120000-0115-0409-0000-0000000FF1CE} -> Microsoft Office Shared Setup Metadata MUI (English) 2007
{90120000-0115-0409-0000-0000000FF1CE}_ENTERPRISE_{DE5A002D-8122-4278-A7EE-3121E7EA254E} -> Microsoft Office 2007 Service Pack 2 (SP2)
{90120000-0117-0409-0000-0000000FF1CE} -> Microsoft Office Access Setup Metadata MUI (English) 2007
{90120000-0117-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E} -> Microsoft Office 2007 Service Pack 2 (SP2)
{92606477-9366-4D3B-8AE3-6BE4B29727AB} -> League of Legends
{93E5A317-24EC-4744-812C-16FECFE86E6A} -> CP_Package_Variety1
{95120000-00B9-0409-0000-0000000FF1CE} -> Microsoft Application Error Reporting
{95C5F81D-0779-4932-BE83-32AAF814F4B9} -> League of Legends
{974C4B12-4D02-4879-85E0-61C95CC63E9E} -> Fallout 3
{97F81AF1-0E47-DC99-FF1F-C8B3B9A1E18E} -> Visual C++ 8.0 ATL (x86) WinSXS MSM
{980A182F-E0A2-4A40-94C1-AE0C1235902E} -> Pando Media Booster
{98CB24AD-52FB-DB5F-FF1F-C8B3B9A1E18E} -> Visual C++ 8.0 CRT (x86) WinSXS MSM
{9A3EABC0-CA06-11D4-BF77-00104B130C19} -> EPSON TWAIN 5
{A29800BA-0BF1-4E63-9F31-DF05A87F4104} -> InstantShareDevices
{A2BCA9F1-566C-4805-97D1-7FDC93386723} -> Adobe AIR
{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7} -> Microsoft .NET Framework 3.0 Service Pack 2
{A3455242-DAE0-4523-8242-FD82706ABF4B} -> CameraDrivers
{AB5D51AE-EBC3-438D-872C-705C7C2084B0} -> DeviceManagementQFolder
{AC76BA86-7AD7-1033-7B44-A71000000002} -> Adobe Reader 7.1.0
{AF7733C1-FB0B-4FED-9730-E0433AF7A2EF} -> Magic Online III
{B2157760-AA3C-4E2E-BFE6-D20BC52495D9} -> cp_PosterPrintConfig
{B2D328BE-45AD-4D92-96F9-2151490A203E} -> Apple Application Support
{B6286A44-7505-471A-A72B-04EC2DB2F442} -> CueTour
{B69CFE29-FD03-4E0A-87A7-6ED97F98E5B3} -> CP_Panorama1Config
{B7050CBDB2504B34BC2A9CA0A692CC29} -> DivX Web Player
{B9DD2DE0-27BE-4e6b-AAD8-0D960ABF87FD} -> CameraUserGuides
{BA4DF4C3-196E-4128-969A-00996B5A46F8} -> Canon MP500
{BB85ED9C-AFC9-43BD-B8DC-258C3C7DF72E} -> HP Software Update
{BF4E9ED0-EF26-4A4C-A123-6A6A1ABEE411} -> DocProc
{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F} -> Microsoft .NET Framework 2.0 Service Pack 2
{C1C6767D-B395-43CB-BF99-051B58B86DA6} -> PhotoGallery
{C1E11C46-E6EB-4BD2-9ADF-2A98ACBEB216} -> iTunes
{C3FAA091-B278-44A7-BF48-190811C5F9F7} -> cp_UpdateProjectsConfig
{C6812939-B117-48E6-A3BA-1709C14A3C8C} -> Scan
{C8753E28-2680-49BF-BD48-DD38FD086EFE} -> AiO_Scan_CDA
{C98E8D9D-21DE-4F87-A9B7-142BB89840FC} -> Toolbox
{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1} -> Microsoft .NET Framework 1.1
{CE24344F-DFD8-40C8-8FD8-C9740B5F25AC} -> Fax
{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9} -> Microsoft .NET Framework 3.5 SP1
{D103C4BA-F905-437A-8049-DB24763BBE36} -> Skypeô 4.1
{DAAD5187-62C5-4AD6-A526-803C18C4944D} -> HP Web Helper
{DB518BA6-CB74-4EB6-9ABD-880B6D6E1F38} -> HpSdpAppCoreApp
{DEA314C4-0929-4250-BC92-98E4C105F28D} -> NVIDIA PhysX
{DEBB2986-15B0-4D28-95FA-5C966A396589} -> HPProductAssistant
{E5A1DE9A-A21C-43A1-B06D-5146BAF62033} -> PanoStandAlone
{E5A8DDAB-AE80-48C6-A75B-D0FAB83B299D} -> HP PSC & OfficeJet 6.1.A
{EC2715CE-C182-483C-84CC-81D7D914CF14} -> WebReg
{ED2C557E-9C18-41FF-B58E-A05EEF0B3B5F} -> CP_CalendarTemplates1
{F112F66E-25CA-42DD-983C-6118EB38F606} -> Microsoft Games for Windows - LIVE
{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC} -> Realtek High Definition Audio Driver
{F333A33D-125C-32A2-8DCE-5C5D14231E27} -> Visual C++ 2008 x86 Runtime - (v9.0.30729)
{F333A33D-125C-32A2-8DCE-5C5D14231E27}.vc_x86runtime_30729_01 -> Visual C++ 2008 x86 Runtime - v9.0.30729.01
{F6076EF9-08E1-442F-B6A2-BFB61B295A14} -> Fax_CDA
{F80239D8-7811-4D5E-B033-0D0BBFE32920} -> HP DigitalMedia Archive
{FAA7F8FF-3C05-4A61-8F14-D8A6E9ED6623} -> ooVoo
{FB15E224-67C3-491F-9F5C-F257BC418412} -> Destinations
{FBB980B0-63F8-4B48-8D65-90F1D9F81D9F} -> NewCopy_CDA
{FEB2D0CA-9912-4AA1-8FBE-CFD852F9F1FC} -> Panda Cloud Antivirus
7-Zip -> 7-Zip 4.65

crucifix676
Novice
Novice

Posts Posts : 49
Joined Joined : 2010-06-22
OS OS : Windows XP
Points Points : 24303
# Likes # Likes : 0

View user profile

Back to top Go down

Re: Google Redirecting Malware

Post by crucifix676 on Wed Jul 28, 2010 11:27 am

8461-7759-5462-8226 -> Vuze
Adobe AIR -> Adobe AIR
Adobe Flash Player ActiveX -> Adobe Flash Player 10 ActiveX
Adobe Flash Player Plugin -> Adobe Flash Player 10 Plugin
Advanced SystemCare 3_is1 -> Advanced SystemCare 3
Ask Toolbar_is1 -> Vuze Toolbar
Audacity 1.3 Beta (Unicode)_is1 -> Audacity 1.3.9 (Unicode)
AwayMode160 -> Microsoft Away Mode
B3EE3001-DC24-4cd1-8743-5692C716659F -> Otto
Belarc Advisor -> Belarc Advisor 7.2
CCleaner -> CCleaner
CNXT_MODEM_PCI_VEN_14F1&DEV_2F20&SUBSYS_200C14F1 -> Data Fax SoftModem with SmartCP
DFO -> DFOLauncher
DISCover -> DISCover
ENTERPRISE -> Microsoft Office Enterprise 2007
EPSON Printer and Utilities -> EPSON Printer Software
FrostWire -> FrostWire 4.18.4
Game Booster_is1 -> Game Booster
Guild Wars -> Guild Wars
Guitar Pro 5_is1 -> Guitar Pro 5.2
HP Document Viewer -> HP Document Viewer 6.1
HP Game Console -> HP Game Console
HP Imaging Device Functions -> HP Imaging Device Functions 7.0
HP Photo & Imaging -> HP Photosmart Premier Software 6.5
HP Photosmart for Media Center PC -> HP Photosmart for Media Center PC
HP Rhapsody -> HP Rhapsody
HP Solution Center & Imaging Support Tools -> HP Solution Center and Imaging Support Tools 6.1
HPOOVClient-9972322 Uninstaller -> Updates from HP (remove only)
InstallShield_{23012310-3E05-46A5-88A9-C6CBCABCAC79} -> Customer Experience Enhancement
LAME for Audacity_is1 -> LAME v3.98.2 for Audacity
LiveUpdate -> LiveUpdate 3.0 (Symantec Corporation)
Malwarebytes' Anti-Malware_is1 -> Malwarebytes' Anti-Malware
Microsoft .NET Framework 1.1 (1033) -> Microsoft .NET Framework 1.1
Microsoft .NET Framework 3.5 SP1 -> Microsoft .NET Framework 3.5 SP1
Money2006b -> Microsoft Money 2006
Mozilla Firefox (3.6.8) -> Mozilla Firefox (3.6.8)
MSCompPackV1 -> Microsoft Compression Client Pack 1.0 for Windows XP
Netscape Browser -> Netscape Browser (remove only)
NVIDIA Drivers -> NVIDIA Drivers
NVIDIA nView Desktop Manager -> NVIDIA nView Desktop Manager
Panda Cloud Antivirus -> Panda Cloud Antivirus
Panda Identity Protect -> Panda Identity Protect 3.0.44
pandasecuritytb -> Panda Security Toolbar
PC-Doctor 5 for Windows -> PC-Doctor 5 for Windows
PopCap Browser Plugin -> PopCap Browser Plugin
Python 2.2.3 -> Python 2.2.3
pywin32-py2.2 -> Python 2.2 pywin32 extensions (build 203)
RealPlayer 6.0 -> RealPlayer
Smart Defrag_is1 -> Smart Defrag
Steam App 440 -> Team Fortress 2
SystemRequirementsLab -> System Requirements Lab
TuneUpMedia -> TuneUp Companion 1.7.1
UnityWebPlayer -> Unity Web Player
Wdf01005 -> Microsoft Kernel-Mode Driver Framework Feature Pack 1.5
WildTangent CDA -> WildTangent Web Driver
Windows Media Format Runtime -> Windows Media Format 11 runtime
Windows Media Player -> Windows Media Player 11
Windows XP Service Pack -> Windows XP Service Pack 3
WinRAR archiver -> WinRAR archiver
WMFDist11 -> Windows Media Format 11 runtime
wmp11 -> Windows Media Player 11
Wudf01000 -> Microsoft User-Mode Driver Framework Feature Pack 1.0
Xfire -> Xfire (remove only)
XobniMain -> Xobni
ZHTIELangPack -> Chinese (Traditional) Language Support
< Uninstall List [HKEY_USERS\S-1-5-21-2239381086-1206112939-3159093799-1008\] > -> HKEY_USERS\S-1-5-21-2239381086-1206112939-3159093799-1008\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\ ->
FrozenGlade Installer -> FrozenGlade Installer
Google Chrome -> Google Chrome

crucifix676
Novice
Novice

Posts Posts : 49
Joined Joined : 2010-06-22
OS OS : Windows XP
Points Points : 24303
# Likes # Likes : 0

View user profile

Back to top Go down

Re: Google Redirecting Malware

Post by crucifix676 on Wed Jul 28, 2010 11:29 am

< EventViewer Logs - Last 10 Errors > -> Event Information -> Description
Application [ Error ] 7/26/2010 6:36:23 PM Computer Name = ERIC | Source = Application Error | ID = 1000 -> Description = Faulting application tuneupupdater.exe, version 1.7.0.858, faulting module tuneupupdater.exe, version 1.7.0.858, fault address 0x0030744c.


-----Will need to give you rest of log later-----

crucifix676
Novice
Novice

Posts Posts : 49
Joined Joined : 2010-06-22
OS OS : Windows XP
Points Points : 24303
# Likes # Likes : 0

View user profile

Back to top Go down

Re: Google Redirecting Malware

Post by Dr Jay on Wed Jul 28, 2010 9:14 pm

ok


Dr. Jay (DJ)


[You must be registered and logged in to see this link.] ~ [You must be registered and logged in to see this link.] ~ [You must be registered and logged in to see this link.] ~ [You must be registered and logged in to see this link.]

Dr Jay
Head Administrator
Head Administrator

Posts Posts : 13714
Joined Joined : 2009-09-06
Gender Gender : Male
OS OS : Windows 10 Home & Pro
Protection Protection : Bitdefender Total Security
Points Points : 302072
# Likes # Likes : 10

View user profile

Back to top Go down

Re: Google Redirecting Malware

Post by crucifix676 on Tue Aug 03, 2010 5:23 am

forum is giving me trouble, so please follow link here to see full log.

[You must be registered and logged in to see this link.]

crucifix676
Novice
Novice

Posts Posts : 49
Joined Joined : 2010-06-22
OS OS : Windows XP
Points Points : 24303
# Likes # Likes : 0

View user profile

Back to top Go down

Re: Google Redirecting Malware

Post by Dr Jay on Wed Aug 04, 2010 3:28 am

Start OTS. Copy/Paste the information in the quotebox below into the panel where it says "Paste fix here" and then click the Run Fix button.

[Kill All Processes]
[Unregister Dlls]
[Win32 Services - Safe List]
YY -> (F6E68549) F6E68549 [On_Demand | Stopped] -> C:\WINDOWS\System32\F6E68549.exe
YY -> (9258704E) 9258704E [On_Demand | Stopped] -> C:\WINDOWS\System3258704E.exe
YY -> (441CC720) 441CC720 [On_Demand | Stopped] -> C:\WINDOWS\System321CC720.exe
YY -> (3D1AB9A9) 3D1AB9A9 [On_Demand | Stopped] -> C:\WINDOWS\System32D1AB9A9.exe
[Registry - Safe List]
< Trusted Sites Domains [HKEY_LOCAL_MACHINE\] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\
YN -> trymedia.com .[http] -> Trusted sites
YN -> trymedia.com .[https] -> Trusted sites
< Trusted Sites Domains [HKEY_USERS\S-1-5-21-2239381086-1206112939-3159093799-1008\] > -> HKEY_USERS\S-1-5-21-2239381086-1206112939-3159093799-1008\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\
YN -> HKEY_USERS\S-1-5-21-2239381086-1206112939-3159093799-1008\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ -> [Key] 4822 domain(s) found.
[Purity]
[Empty Temp Folders]
[EmptyFlash]
[Reboot]

The fix should only take a very short time. When the fix is completed a message box will popup telling you that it is finished. Click the Ok button and Notepad will open with a log of actions taken during the fix. Post that information back here.


Dr. Jay (DJ)


[You must be registered and logged in to see this link.] ~ [You must be registered and logged in to see this link.] ~ [You must be registered and logged in to see this link.] ~ [You must be registered and logged in to see this link.]

Dr Jay
Head Administrator
Head Administrator

Posts Posts : 13714
Joined Joined : 2009-09-06
Gender Gender : Male
OS OS : Windows 10 Home & Pro
Protection Protection : Bitdefender Total Security
Points Points : 302072
# Likes # Likes : 10

View user profile

Back to top Go down

Re: Google Redirecting Malware

Post by crucifix676 on Wed Aug 04, 2010 5:40 am

All Processes Killed
[Win32 Services - Safe List]
Service F6E68549 stopped successfully!
Service F6E68549 deleted successfully!
File C:\WINDOWS\System32\F6E68549.exe not found.
Service 9258704E stopped successfully!
Service 9258704E deleted successfully!
File C:\WINDOWS\System3258704E.exe not found.
Service 441CC720 stopped successfully!
Service 441CC720 deleted successfully!
File C:\WINDOWS\System321CC720.exe not found.
Service 3D1AB9A9 stopped successfully!
Service 3D1AB9A9 deleted successfully!
File C:\WINDOWS\System32D1AB9A9.exe not found.
[Registry - Safe List]
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\trymedia.com\\http deleted successfully.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\trymedia.com\\https deleted successfully.
Registry key HKEY_USERS\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ not found.
Unable to create registry key HKEY_USERS\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ .
[Purity]
Purity scan complete.
[Empty Temp Folders]


User: Admin
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->FireFox cache emptied: 0 bytes
->Flash cache emptied: 0 bytes

User: Administrator
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes

User: All Users

User: asdf
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 0 bytes

User: Eric
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Java cache emptied: 0 bytes
->FireFox cache emptied: 0 bytes
->Flash cache emptied: 0 bytes

User: Guest
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Java cache emptied: 0 bytes
->FireFox cache emptied: 0 bytes
->Flash cache emptied: 0 bytes

User: Guest.ERIC
->Temp folder emptied: 664872 bytes
->Temporary Internet Files folder emptied: 33170 bytes
->Java cache emptied: 0 bytes
->FireFox cache emptied: 0 bytes
->Opera cache emptied: 18631141 bytes
->Flash cache emptied: 0 bytes

User: HP_Administrator
->Temp folder emptied: 149319455 bytes
->Temporary Internet Files folder emptied: 2511976 bytes
->Java cache emptied: 215029 bytes
->FireFox cache emptied: 76696060 bytes
->Google Chrome cache emptied: 819568 bytes
->Opera cache emptied: 0 bytes
->Flash cache emptied: 21280 bytes

User: LocalService
->Temp folder emptied: 65984 bytes
->Temporary Internet Files folder emptied: 19070408 bytes
->Java cache emptied: 3180 bytes
->Flash cache emptied: 9420 bytes

User: NetworkService
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 46404307 bytes
->Java cache emptied: 1154480 bytes
->FireFox cache emptied: 0 bytes
->Flash cache emptied: 25745 bytes

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 1324 bytes
%systemroot%\System32\dllcache .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 194819816 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temp folder emptied: 0 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temporary Internet Files folder emptied: 0 bytes
RecycleBin emptied: 41212 bytes

Total Files Cleaned = 487.00 mb


[EMPTYFLASH]

User: Admin
->Flash cache emptied: 0 bytes

User: Administrator

User: All Users

User: asdf

User: Default User
->Flash cache emptied: 0 bytes

User: Eric
->Flash cache emptied: 0 bytes

User: Guest
->Flash cache emptied: 0 bytes

User: Guest.ERIC
->Flash cache emptied: 0 bytes

User: HP_Administrator
->Flash cache emptied: 0 bytes

User: LocalService
->Flash cache emptied: 0 bytes

User: NetworkService
->Flash cache emptied: 0 bytes

Total Flash Files Cleaned = 0.00 mb

< End of fix log >
OTS by OldTimer - Version 3.1.34.0 fix logfile created on 08032010_223347

Files\Folders moved on Reboot...
C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\89ABCDEF\274549445@Bottom3[1].htm moved successfully.
C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\89ABCDEF\417205955@Bottom3[1].htm moved successfully.
File\Folder C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\89ABCDEF\CAIRSL6R.php not found!
File\Folder C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\89ABCDEF\CAURKBB8.htm not found!
C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\01234567\ai.realmedia[1].htm moved successfully.
File\Folder C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\01234567\ai.realmedia[2].htm not found!
C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\01234567\blank[1].htm moved successfully.
C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\01234567\CA4X2BW9.htm moved successfully.
File\Folder C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\01234567\CAR2RAZG.htm not found!
C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\01234567\freq[1].htm moved successfully.
C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\01234567\syncuppixels[1].htm moved successfully.
C:\WINDOWS\temp\VGX10B.tmp moved successfully.

Registry entries deleted on Reboot...

crucifix676
Novice
Novice

Posts Posts : 49
Joined Joined : 2010-06-22
OS OS : Windows XP
Points Points : 24303
# Likes # Likes : 0

View user profile

Back to top Go down

Re: Google Redirecting Malware

Post by Dr Jay on Wed Aug 04, 2010 5:45 pm

Note: the following tool is to only be used under the guidance of a malware helper. In the event you already have the tool, please delete the old copy and download a new copy.

Please download ComboFix from [You must be registered and logged in to see this link.]

[You must be registered and logged in to see this link.]

[You must be registered and logged in to see this link.] (Click the green button on the page to download it).

Rename ComboFix.exe to combo-fix.exe before you save it to your Desktop
  • Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools A guide to do this can be found [You must be registered and logged in to see this link.]
  • Click Start>Run then copy paste the following command into the Run box & click OK "%userprofile%\desktop\combo-fix.exe" /killall
  • As part of it's process, ComboFix will check to see if the Microsoft Windows Recovery Console is installed.

    *NOTE*: If you already have the Recovery Console installed, ComboFix will skip this part and will continue scanning for malware.

    With malware infections being as they are today, it's strongly recommended to have this pre-installed on your machine before doing any malware removal. It will allow you to boot up into a special recovery/repair mode that will allow us to more easily help you should your computer have a problem after an attempted removal of malware.
  • Follow the prompts to allow ComboFix to download and install the Microsoft Windows Recovery Console, and when prompted, agree to the End-User License Agreement to install the Microsoft Windows Recovery Console



Once the Microsoft Windows Recovery Console is installed using ComboFix, you should see the following message:


  • Click on Yes, to continue scanning for malware.
  • When finished, it shall produce a log for you. Please include the contents of C:\ComboFix.txt in your next reply.


Dr. Jay (DJ)


[You must be registered and logged in to see this link.] ~ [You must be registered and logged in to see this link.] ~ [You must be registered and logged in to see this link.] ~ [You must be registered and logged in to see this link.]

Dr Jay
Head Administrator
Head Administrator

Posts Posts : 13714
Joined Joined : 2009-09-06
Gender Gender : Male
OS OS : Windows 10 Home & Pro
Protection Protection : Bitdefender Total Security
Points Points : 302072
# Likes # Likes : 10

View user profile

Back to top Go down

Re: Google Redirecting Malware

Post by crucifix676 on Fri Aug 06, 2010 12:30 am

ComboFix 10-08-05.02 - HP_Administrator 08/05/2010 17:21:12.1.1 - x86
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.3070.2507 [GMT -7:00]
Running from: c:\documents and settings\HP_Administrator\Desktop\combo-fix.exe
AV: Panda Cloud Antivirus *On-access scanning disabled* (Updated) {5AD27692-540A-464E-B625-78275FA38393}
FW: Norton Internet Worm Protection *disabled* {990F9400-4CEE-43EA-A83A-D013ADD8EA6E}
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\documents and settings\Guest.ERIC\Local Settings\Application Data\{C94FCD73-2E12-4932-97BF-3BE7F2183017}
c:\documents and settings\Guest.ERIC\Local Settings\Application Data\{C94FCD73-2E12-4932-97BF-3BE7F2183017}\chrome.manifest
c:\documents and settings\Guest.ERIC\Local Settings\Application Data\{C94FCD73-2E12-4932-97BF-3BE7F2183017}\chrome\content\_cfg.js
c:\documents and settings\Guest.ERIC\Local Settings\Application Data\{C94FCD73-2E12-4932-97BF-3BE7F2183017}\chrome\content\overlay.xul
c:\documents and settings\Guest.ERIC\Local Settings\Application Data\{C94FCD73-2E12-4932-97BF-3BE7F2183017}\install.rdf
c:\documents and settings\HP_Administrator\Recent\Thumbs.db
c:\hp\bin\cloaker.exe
c:\windows\system32\_000018_.tmp.dll
c:\windows\system32\18467.exe
c:\windows\system32\6334.exe
D:\Autorun.inf

c:\windows\system32\drivers\cdrom.sys was missing
Restored copy from - c:\windows\ServicePackFiles\i386\cdrom.sys

.
((((((((((((((((((((((((( Files Created from 2010-07-06 to 2010-08-06 )))))))))))))))))))))))))))))))
.

2010-08-06 00:26 . 2008-04-13 18:40 62976 ----a-w- c:\windows\system32\drivers\cdrom.sys
2010-08-06 00:26 . 2008-04-13 18:40 62976 ----a-w- c:\windows\system32\dllcache\cdrom.sys
2010-08-06 00:16 . 2010-08-06 00:17 -------- d-----w- C:\32788R22FWJFW
2010-08-05 08:58 . 2010-08-05 23:58 -------- d-----w- C:\combo-fix
2010-08-04 05:32 . 2010-08-04 05:32 -------- d-----w- C:\_OTS
2010-08-03 03:08 . 2010-08-03 03:08 -------- d-----w- c:\program files\AML Products
2010-08-02 07:01 . 2010-08-02 07:01 503808 ----a-w- c:\documents and settings\Guest.ERIC\Application Data\Sun\Java\Deployment\SystemCache\6.0\46\f84c6ae-356705c1-n\msvcp71.dll
2010-08-02 07:01 . 2010-08-02 07:01 499712 ----a-w- c:\documents and settings\Guest.ERIC\Application Data\Sun\Java\Deployment\SystemCache\6.0\46\f84c6ae-356705c1-n\jmc.dll
2010-08-02 07:01 . 2010-08-02 07:01 348160 ----a-w- c:\documents and settings\Guest.ERIC\Application Data\Sun\Java\Deployment\SystemCache\6.0\46\f84c6ae-356705c1-n\msvcr71.dll
2010-08-02 07:01 . 2010-08-02 07:01 12800 ----a-w- c:\documents and settings\Guest.ERIC\Application Data\Sun\Java\Deployment\SystemCache\6.0\50\5535ab32-68bf097c-n\decora-d3d.dll
2010-08-02 07:01 . 2010-08-02 07:01 61440 ----a-w- c:\documents and settings\Guest.ERIC\Application Data\Sun\Java\Deployment\SystemCache\6.0\50\5535ab32-68bf097c-n\decora-sse.dll
2010-08-02 01:53 . 2010-08-02 01:53 -------- d-----w- c:\documents and settings\Guest.ERIC\Application Data\pandasecuritytb
2010-07-31 05:23 . 2010-07-31 05:23 -------- d-----w- c:\documents and settings\HP_Administrator\Application Data\Canon
2010-07-30 17:47 . 2010-07-30 17:47 -------- d-----w- C:\found.000
2010-07-29 13:39 . 2010-07-29 13:39 323824 ----a-w- c:\documents and settings\All Users\Application Data\Panda Security\Panda Cloud Antivirus\Download\0x04015000\GlobalExe.exe
2010-07-27 09:20 . 2010-08-04 20:00 -------- d-----w- c:\documents and settings\HP_Administrator\Application Data\SurfSecret Privacy Suite
2010-07-27 09:19 . 2010-08-04 20:00 -------- d-----w- c:\documents and settings\HP_Administrator\Application Data\pandasecuritytb
2010-07-27 09:19 . 2010-07-27 09:19 264 ----a-w- c:\windows\system32\PSUNCpl.dat
2010-07-27 09:18 . 2010-07-27 09:18 -------- d-----w- c:\documents and settings\All Users\Application Data\Panda Security
2010-07-27 05:56 . 2010-06-03 18:41 387904 ----a-w- c:\documents and settings\HP_Administrator\StubInstaller.exe
2010-07-21 09:44 . 2010-07-21 09:44 73000 ----a-w- c:\documents and settings\All Users\Application Data\Apple Computer\Installer Cache\iTunes 9.2.1.4\SetupAdmin.exe
2010-07-16 11:17 . 2010-07-16 11:17 -------- d-s---w- c:\documents and settings\LocalService\UserData
2010-07-09 08:56 . 2010-07-21 09:43 -------- d-----w- c:\program files\TuneUpMedia
2010-07-09 08:56 . 2010-08-04 08:15 -------- d-----w- c:\documents and settings\HP_Administrator\Application Data\TuneUpMedia
2010-07-09 08:55 . 2010-07-09 08:56 -------- d-----w- c:\documents and settings\All Users\Application Data\TuneUpMedia
2010-07-08 09:10 . 2010-07-08 09:10 278984 ----a-w- c:\windows\system32\drivers\atksgt.sys
2010-07-08 09:10 . 2010-07-08 09:10 25416 ----a-w- c:\windows\system32\drivers\lirsgt.sys

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-08-04 20:00 . 2008-08-27 05:54 1324 ----a-w- c:\windows\system32\d3d9caps.dat
2010-08-02 18:17 . 2006-06-18 04:13 -------- d-----w- c:\program files\Common Files\Java
2010-08-02 18:10 . 2006-06-18 04:13 -------- d-----w- c:\program files\Java
2010-07-30 22:44 . 2010-06-12 18:50 -------- d-----w- c:\documents and settings\HP_Administrator\Application Data\NeopleLauncherDFO
2010-07-30 22:41 . 2010-06-12 18:26 765952 ----a-w- c:\documents and settings\All Users\Application Data\NexonUS\NGM\NGMDll.dll
2010-07-28 07:23 . 2008-07-27 23:44 -------- d-----w- c:\program files\Steam
2010-07-28 01:44 . 2006-06-18 04:44 97432 ----a-w- c:\documents and settings\Administrator\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2010-07-27 09:20 . 2009-12-06 22:55 -------- d-----w- c:\program files\Panda Security
2010-07-21 09:51 . 2007-08-13 01:11 -------- d-----w- c:\program files\iTunes
2010-07-21 09:50 . 2007-08-13 01:11 -------- d-----w- c:\program files\iPod
2010-07-21 09:50 . 2007-08-13 01:10 -------- d-----w- c:\program files\Common Files\Apple
2010-07-17 12:00 . 2010-04-24 09:58 423656 ----a-w- c:\windows\system32\deployJava1.dll
2010-07-12 04:42 . 2009-10-04 05:26 -------- d-----w- c:\documents and settings\HP_Administrator\Application Data\Azureus
2010-07-12 04:42 . 2009-10-04 05:25 -------- d-----w- c:\program files\Vuze
2010-07-09 08:30 . 2009-12-06 23:19 -------- d-----w- c:\documents and settings\HP_Administrator\Application Data\FrostWire
2010-07-04 21:55 . 2006-06-18 04:44 -------- d-----w- c:\program files\music_now
2010-07-04 21:55 . 2007-10-20 20:03 -------- d-----w- c:\program files\mIRC
2010-07-04 13:32 . 2007-12-09 01:33 -------- d-----w- c:\program files\Cheat Engine
2010-07-04 03:25 . 2010-07-04 03:25 -------- d-----w- c:\program files\Bonjour
2010-06-29 22:20 . 2010-06-22 21:23 -------- d-----w- c:\program files\Emsisoft Anti-Malware
2010-06-29 21:52 . 2010-06-23 04:43 16968 ----a-w- c:\windows\system32\drivers\hitmanpro35.sys
2010-06-28 07:57 . 2010-06-28 07:57 -------- d-----w- c:\documents and settings\NetworkService\Application Data\AdobeUM
2010-06-23 23:11 . 2010-06-23 20:20 -------- d-----w- c:\program files\7-Zip
2010-06-23 05:07 . 2010-06-23 04:43 -------- d-----w- c:\documents and settings\All Users\Application Data\Hitman Pro
2010-06-23 04:43 . 2010-06-23 04:43 -------- d-----w- c:\program files\Hitman Pro 3.5
2010-06-23 00:58 . 2008-06-18 03:26 -------- d---a-w- c:\documents and settings\All Users\Application Data\TEMP
2010-06-22 20:47 . 2010-07-10 07:02 267920 ----a-w- c:\windows\pchealth\helpctr\Config\Cache\Professional_32_1033.dat
2010-06-22 18:27 . 2010-06-21 11:32 -------- d-----w- c:\program files\UnHackMe
2010-06-22 10:00 . 2010-06-22 10:00 -------- d-----w- c:\program files\Loaris
2010-06-22 08:44 . 2010-02-11 03:10 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2010-06-21 11:32 . 2010-06-21 11:32 2 --shatr- c:\windows\winstart.bat
2010-06-13 20:23 . 2010-06-12 18:26 401408 ----a-w- c:\documents and settings\All Users\Application Data\NexonUS\NGM\NGMResource.dll
2010-06-13 20:23 . 2010-06-12 18:26 258352 ----a-w- c:\documents and settings\All Users\Application Data\NexonUS\NGM\unicows.dll
2010-06-13 20:23 . 2010-06-12 18:26 126976 ----a-w- c:\documents and settings\All Users\Application Data\NexonUS\NGM\nxgameus.dll
2010-06-13 20:23 . 2010-06-12 18:26 172032 ----a-w- c:\documents and settings\All Users\Application Data\NexonUS\NGM\NGM.exe
2010-06-13 20:23 . 2009-10-09 23:46 -------- d-----w- c:\documents and settings\All Users\Application Data\PMB Files
2010-06-13 20:16 . 2010-06-12 18:26 98304 ----a-w- c:\documents and settings\All Users\Application Data\NexonUS\NGM\npNxGameUS.dll
2010-06-12 19:33 . 2007-06-22 03:28 -------- d-----w- c:\documents and settings\All Users\Application Data\Microsoft Help
2010-06-12 18:26 . 2010-06-12 18:26 -------- d-----w- c:\documents and settings\All Users\Application Data\NexonUS
2010-05-28 01:39 . 2010-05-28 01:39 141384 ----a-w- c:\windows\system32\drivers\PSINAflt.sys
2010-05-25 05:50 . 2010-05-25 05:50 503808 ----a-w- c:\documents and settings\HP_Administrator\Application Data\Sun\Java\Deployment\SystemCache\6.0\46\f84c6ae-1a1c01ba-n\msvcp71.dll
2010-05-25 05:50 . 2010-05-25 05:50 499712 ----a-w- c:\documents and settings\HP_Administrator\Application Data\Sun\Java\Deployment\SystemCache\6.0\46\f84c6ae-1a1c01ba-n\jmc.dll
2010-05-25 05:50 . 2010-05-25 05:50 348160 ----a-w- c:\documents and settings\HP_Administrator\Application Data\Sun\Java\Deployment\SystemCache\6.0\46\f84c6ae-1a1c01ba-n\msvcr71.dll
2010-05-25 05:49 . 2010-05-25 05:49 61440 ----a-w- c:\documents and settings\HP_Administrator\Application Data\Sun\Java\Deployment\SystemCache\6.0\50\5535ab32-6668f10a-n\decora-sse.dll
2010-05-25 05:49 . 2010-05-25 05:49 12800 ----a-w- c:\documents and settings\HP_Administrator\Application Data\Sun\Java\Deployment\SystemCache\6.0\50\5535ab32-6668f10a-n\decora-d3d.dll
2010-05-19 19:43 . 2010-05-19 19:43 73216 ----a-w- c:\documents and settings\NetworkService\Application Data\Mozilla\Firefox\Profiles\l0147c9a.default\extensions\{B821BF60-5C2D-41EB-92DC-3E4CCD3A22E4}\components\dtTransparency3.6.dll
2010-05-19 19:43 . 2010-05-19 19:43 73216 ----a-w- c:\documents and settings\Guest.ERIC\Application Data\Mozilla\Firefox\Profiles\6mxhf3j3.default\extensions\{B821BF60-5C2D-41EB-92DC-3E4CCD3A22E4}\components\dtTransparency3.6.dll
2010-05-19 19:43 . 2010-05-19 19:43 73216 ----a-w- c:\documents and settings\Admin\Application Data\Mozilla\Firefox\Profiles\8ht0b132.default\extensions\{B821BF60-5C2D-41EB-92DC-3E4CCD3A22E4}\components\dtTransparency3.6.dll
2010-05-19 19:43 . 2010-05-19 19:43 73216 ----a-w- c:\documents and settings\NetworkService\Application Data\Mozilla\Firefox\Profiles\l0147c9a.default\extensions\{B821BF60-5C2D-41EB-92DC-3E4CCD3A22E4}\components\dtTransparency3.5.dll
2010-05-19 19:43 . 2010-05-19 19:43 73216 ----a-w- c:\documents and settings\NetworkService\Application Data\Mozilla\Firefox\Profiles\l0147c9a.default\extensions\{B821BF60-5C2D-41EB-92DC-3E4CCD3A22E4}\components\dtTransparency.dll
2010-05-19 19:43 . 2010-05-19 19:43 73216 ----a-w- c:\documents and settings\Guest.ERIC\Application Data\Mozilla\Firefox\Profiles\6mxhf3j3.default\extensions\{B821BF60-5C2D-41EB-92DC-3E4CCD3A22E4}\components\dtTransparency3.5.dll
2010-05-19 19:43 . 2010-05-19 19:43 73216 ----a-w- c:\documents and settings\Guest.ERIC\Application Data\Mozilla\Firefox\Profiles\6mxhf3j3.default\extensions\{B821BF60-5C2D-41EB-92DC-3E4CCD3A22E4}\components\dtTransparency.dll
2010-05-19 19:43 . 2010-05-19 19:43 73216 ----a-w- c:\documents and settings\Admin\Application Data\Mozilla\Firefox\Profiles\8ht0b132.default\extensions\{B821BF60-5C2D-41EB-92DC-3E4CCD3A22E4}\components\dtTransparency3.5.dll
2010-05-19 19:43 . 2010-05-19 19:43 73216 ----a-w- c:\documents and settings\Admin\Application Data\Mozilla\Firefox\Profiles\8ht0b132.default\extensions\{B821BF60-5C2D-41EB-92DC-3E4CCD3A22E4}\components\dtTransparency.dll
2010-05-18 23:35 . 2010-05-18 23:35 91424 ----a-w- c:\windows\system32\dnssd.dll
2010-05-18 23:35 . 2010-05-18 23:35 107808 ----a-w- c:\windows\system32\dns-sd.exe
2010-05-12 17:58 . 2010-05-12 17:58 110920 ----a-w- c:\windows\system32\drivers\PSINProt.sys
2008-01-29 07:31 . 2008-01-29 07:31 122368 ----a-w- c:\program files\mozilla firefox\components\GoogleDesktopMozilla.dll
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{B821BF60-5C2D-41EB-92DC-3E4CCD3A22E4}]
2010-06-15 13:46 86696 ----a-w- c:\program files\Panda Security\Panda Security Toolbar\PandaSecurityDx.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{B821BF60-5C2D-41EB-92DC-3E4CCD3A22E4}"= "c:\program files\Panda Security\Panda Security Toolbar\PandaSecurityDx.dll" [2010-06-15 86696]

[HKEY_CLASSES_ROOT\clsid\{b821bf60-5c2d-41eb-92dc-3e4ccd3a22e4}]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\Panda Malware Icon]
@="{F5D1CF73-C196-48F8-AAAC-B9181E22B4E6}"
[HKEY_CLASSES_ROOT\CLSID\{F5D1CF73-C196-48F8-AAAC-B9181E22B4E6}]
2010-05-14 22:04 320832 ----a-w- c:\program files\Panda Security\Panda Cloud Antivirus\PSUNShell.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\Panda Suspect Icon]
@="{9AE343CB-BA45-4618-AF6A-0230EE6FC793}"
[HKEY_CLASSES_ROOT\CLSID\{9AE343CB-BA45-4618-AF6A-0230EE6FC793}]
2010-05-14 22:04 320832 ----a-w- c:\program files\Panda Security\Panda Cloud Antivirus\PSUNShell.dll

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SmartRAM"="c:\program files\IObit\Advanced SystemCare 3\Sup_SmartRAM.exe" [2010-01-22 200280]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"AppleSyncNotifier"="c:\program files\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe" [2010-03-17 47392]
"Recguard"="c:\windows\SMINST\RECGUARD.EXE" [2005-07-23 237568]
"PHIME2002ASync"="c:\windows\system32\IME\TINTLGNT\TINTSETP.EXE" [2004-08-09 455168]
"PHIME2002A"="c:\windows\system32\IME\TINTLGNT\TINTSETP.EXE" [2004-08-09 455168]
"MSPY2002"="c:\windows\system32\IME\PINTLGNT\ImScInst.exe" [2004-08-09 59392]
"KBD"="c:\hp\KBD\KBD.EXE" [2005-02-02 61440]
"IMJPMIG8.1"="c:\windows\IME\imjp8_1\IMJPMIG.EXE" [2004-08-09 208952]
"IMEKRMIG6.1"="c:\windows\ime\imkr6_1\IMEKRMIG.EXE" [2004-08-09 44032]
"hpsysdrv"="c:\windows\system\hpsysdrv.exe" [1998-05-07 52736]
"HPHUPD08"="c:\program files\HP\Digital Imaging\{33D6CC28-9F75-4d1b-A11D-98895B3A3729}\hphupd08.exe" [2005-06-02 49152]
"HPBootOp"="c:\program files\Hewlett-Packard\HP Boot Optimizer\HPBootOp.exe" [2006-02-16 249856]
"GrooveMonitor"="c:\program files\Microsoft Office\Office12\GrooveMonitor.exe" [2008-10-25 31072]
"ehTray"="c:\windows\ehome\ehtray.exe" [2005-09-30 67584]
"AlwaysReady Power Message APP"="ARPWRMSG.EXE" [2005-08-03 77312]
"IntelliPoint"="c:\program files\Microsoft IntelliPoint\ipoint.exe" [2008-06-10 1406024]
"TkBellExe"="c:\program files\Common Files\Real\Update_OB\realsched.exe" [2006-06-18 180269]
"RTHDCPL"="RTHDCPL.EXE" [2009-02-03 18085888]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2010-03-18 421888]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2010-04-04 13670504]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2010-04-04 110696]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2010-07-16 141608]
"PSUNMain"="c:\program files\Panda Security\Panda Cloud Antivirus\PSUNMain.exe" [2010-05-14 406848]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2010-05-14 248552]

c:\documents and settings\All Users\Start Menu\Programs\Startup\
Adobe Reader Speed Launch.lnk - c:\program files\Adobe\Acrobat 7.0\Reader\reader_sl.exe [2008-4-23 29696]
HP Digital Imaging Monitor.lnk - c:\program files\HP\Digital Imaging\bin\hpqtra08.exe [2005-12-15 282624]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"XobniService"=2 (0x2)
"LiveUpdate"=3 (0x3)
"avg9wd"=2 (0x2)

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqtra08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqste08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpofxm08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hposfx08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hposid01.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqscnvw.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqkygrp.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqCopy.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpfccopy.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpzwiz01.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\Unload\\HpqPhUnl.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\Unload\\HpqDIA.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpoews01.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqnrs08.exe"=
"c:\\Program Files\\DISC\\DISCover.exe"=
"c:\\Program Files\\DISC\\DiscStreamHub.exe"=
"c:\\Program Files\\DISC\\myFTP.exe"=
"c:\\Program Files\\Updates from HP\\9972322\\Program\\Updates from HP.exe"=
"c:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"=
"c:\\Program Files\\Microsoft Office\\Office12\\GROOVE.EXE"=
"c:\\Program Files\\Microsoft Office\\Office12\\ONENOTE.EXE"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\Xfire\\Xfire.exe"=
"c:\\Program Files\\Steam\\steamapps\\crucifix676\\team fortress 2\\hl2.exe"=
"c:\\Program Files\\Darkeden\\darkeden.exe"=
"c:\\Program Files\\Skype\\Plugin Manager\\skypePM.exe"=
"c:\\Riot Games\\League of Legends\\air\\LolClient.exe"=
"c:\\Riot Games\\League of Legends\\game\\League of Legends.exe"=
"c:\\Program Files\\FrostWire\\FrostWire.exe"=
"c:\\Program Files\\Opera\\opera.exe"=
"c:\\Program Files\\Messenger\\msmsgs.exe"=
"c:\\Program Files\\Ventrilo\\Ventrilo.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=
"c:\\Program Files\\Java\\jre6\\bin\\java.exe"=
"c:\\Program Files\\Pando Networks\\Media Booster\\PMB.exe"=
"c:\\Program Files\\ooVoo\\ooVoo.exe"=
"c:\\Documents and Settings\\All Users\\Application Data\\NexonUS\\NGM\\NGM.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=
"c:\\Program Files\\Vuze\\Azureus.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"58170:TCP"= 58170:TCP:Pando Media Booster
"58170:UDP"= 58170:UDP:Pando Media Booster
"57906:TCP"= 57906:TCP:Pando Media Booster
"57906:UDP"= 57906:UDP:Pando Media Booster
"8370:TCP"= 8370:TCP:League of Legends Launcher
"8370:UDP"= 8370:UDP:League of Legends Launcher
"8372:TCP"= 8372:TCP:League of Legends Launcher
"8372:UDP"= 8372:UDP:League of Legends Launcher
"8373:TCP"= 8373:TCP:League of Legends Launcher
"8373:UDP"= 8373:UDP:League of Legends Launcher
"8374:TCP"= 8374:TCP:League of Legends Launcher
"8374:UDP"= 8374:UDP:League of Legends Launcher
"8375:TCP"= 8375:TCP:League of Legends Launcher
"8375:UDP"= 8375:UDP:League of Legends Launcher
"8376:TCP"= 8376:TCP:League of Legends Launcher
"8376:UDP"= 8376:UDP:League of Legends Launcher
"6968:TCP"= 6968:TCP:League of Legends Launcher
"6968:UDP"= 6968:UDP:League of Legends Launcher
"8377:TCP"= 8377:TCP:League of Legends Launcher
"8377:UDP"= 8377:UDP:League of Legends Launcher
"6902:TCP"= 6902:TCP:League of Legends Launcher
"6902:UDP"= 6902:UDP:League of Legends Launcher
"6937:TCP"= 6937:TCP:League of Legends Launcher
"6937:UDP"= 6937:UDP:League of Legends Launcher
"8378:TCP"= 8378:TCP:League of Legends Launcher
"8378:UDP"= 8378:UDP:League of Legends Launcher
"58193:TCP"= 58193:TCP:Pando Media Booster
"58193:UDP"= 58193:UDP:Pando Media Booster
"8371:TCP"= 8371:TCP:League of Legends Launcher
"8371:UDP"= 8371:UDP:League of Legends Launcher
"443:TCP"= 443:TCP:*:Disabled:ooVoo TCP port 443
"443:UDP"= 443:UDP:*:Disabled:ooVoo UDP port 443
"37674:TCP"= 37674:TCP:*:Disabled:ooVoo TCP port 37674
"37674:UDP"= 37674:UDP:*:Disabled:ooVoo UDP port 37674
"37675:UDP"= 37675:UDP:*:Disabled:ooVoo UDP port 37675
"6988:TCP"= 6988:TCP:League of Legends Launcher
"6988:UDP"= 6988:UDP:League of Legends Launcher
"6972:TCP"= 6972:TCP:League of Legends Launcher
"6972:UDP"= 6972:UDP:League of Legends Launcher
"8379:TCP"= 8379:TCP:League of Legends Launcher
"8379:UDP"= 8379:UDP:League of Legends Launcher
"6915:TCP"= 6915:TCP:League of Legends Launcher
"6915:UDP"= 6915:UDP:League of Legends Launcher
"6948:TCP"= 6948:TCP:League of Legends Launcher
"6948:UDP"= 6948:UDP:League of Legends Launcher
"6944:TCP"= 6944:TCP:League of Legends Launcher
"6944:UDP"= 6944:UDP:League of Legends Launcher
"6976:TCP"= 6976:TCP:League of Legends Launcher
"6976:UDP"= 6976:UDP:League of Legends Launcher
"6954:TCP"= 6954:TCP:League of Legends Launcher
"6954:UDP"= 6954:UDP:League of Legends Launcher

R1 PSINKNC;PSINKNC;c:\windows\system32\drivers\PSINKNC.sys [5/4/2010 8:36 AM 129928]
R2 ASKService;ASKService;c:\program files\AskBarDis\bar\bin\AskService.exe [10/3/2009 10:25 PM 464264]
R2 ASKUpgrade;ASKUpgrade;c:\program files\AskBarDis\bar\bin\ASKUpgrade.exe [10/3/2009 10:25 PM 234888]
R2 NanoServiceMain;Panda Cloud Antivirus Service;c:\program files\Panda Security\Panda Cloud Antivirus\PSANHost.exe [4/30/2010 1:47 PM 136448]
R2 PSINAflt;PSINAflt;c:\windows\system32\drivers\PSINAflt.sys [5/27/2010 6:39 PM 141384]
R2 PSINFile;PSINFile;c:\windows\system32\drivers\PSINFile.sys [4/30/2010 1:46 PM 97032]
R2 PSINProc;PSINProc;c:\windows\system32\drivers\PSINProc.sys [4/30/2010 1:46 PM 111624]
R2 PSINProt;PSINProt;c:\windows\system32\drivers\PSINProt.sys [5/12/2010 10:58 AM 110920]
S3 Normandy;Normandy SR2; [x]
S3 RkPavproc1;RkPavproc1;\??\c:\windows\system32\drivers\RkPavproc1.sys --> c:\windows\system32\drivers\RkPavproc1.sys [?]
S4 sptd;sptd;c:\windows\system32\drivers\sptd.sys [2/18/2009 12:05 AM 717296]
S4 XobniService;XobniService;c:\program files\Xobni\XobniService.exe [5/6/2009 6:21 PM 46824]
.
Contents of the 'Scheduled Tasks' folder

2010-08-05 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2239381086-1206112939-3159093799-1008Core.job
- c:\documents and settings\HP_Administrator\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2009-12-07 02:05]

2010-08-05 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2239381086-1206112939-3159093799-1008UA.job
- c:\documents and settings\HP_Administrator\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2009-12-07 02:05]

2010-07-12 c:\windows\Tasks\SmartDefrag.job
- c:\program files\IObit\IObit SmartDefrag\IObit SmartDefrag.exe [2010-05-16 23:48]
.
.
------- Supplementary Scan -------
.
uDefault_Search_URL = [You must be registered and logged in to see this link.]
mStart Page = [You must be registered and logged in to see this link.]
mSearch Bar = [You must be registered and logged in to see this link.]
uInternet Settings,ProxyOverride = ;*.local
uSearchAssistant = [You must be registered and logged in to see this link.]
uSearchURL,(Default) = [You must be registered and logged in to see this link.]
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~4\Office12\EXCEL.EXE/3000
FF - ProfilePath - c:\documents and settings\HP_Administrator\Application Data\Mozilla\Firefox\Profiles\7x8fv31u.default\
FF - plugin: c:\documents and settings\All Users\Application Data\NexonUS\NGM\npNxGameUS.dll
FF - plugin: c:\documents and settings\HP_Administrator\Local Settings\Application Data\Google\Update\1.2.183.29\npGoogleOneClick8.dll
FF - plugin: c:\program files\Java\jre6\bin\new_plugin\npdeployJava1.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\np-mswmp.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npbittorrent.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npGoogleGadgetPluginFirefoxWin.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npitunes.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npmozax.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\nppopcaploader.dll
FF - plugin: c:\program files\Pando Networks\Media Booster\npPandoWebPlugin.dll
FF - plugin: c:\program files\Unity\WebPlayer\loader\npUnity3D32.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\

---- FIREFOX POLICIES ----
FF - user.js: yahoo.homepage.dontask - true
FF - user.js: browser.cache.memory.capacity - 65536
FF - user.js: browser.chrome.favicons - false
FF - user.js: browser.display.show_image_placeholders - true
FF - user.js: browser.turbo.enabled - true
FF - user.js: browser.urlbar.autocomplete.enabled - true
FF - user.js: browser.urlbar.autofill - true
FF - user.js: browser.xul.error_pages.enabled - true
FF - user.js: content.interrupt.parsing - true
FF - user.js: content.max.tokenizing.time - 3000000
FF - user.js: content.maxtextrun - 8191
FF - user.js: content.notify.backoffcount - 5
FF - user.js: content.notify.interval - 750000
FF - user.js: content.notify.ontimer - true
FF - user.js: content.switch.threshold - 750000
FF - user.js: network.http.max-connections - 32
FF - user.js: network.http.max-connections-per-server - 8
FF - user.js: network.http.max-persistent-connections-per-proxy - 8
FF - user.js: network.http.max-persistent-connections-per-server - 4
FF - user.js: network.http.pipelining - true
FF - user.js: network.http.pipelining.firstrequest - true
FF - user.js: network.http.pipelining.maxrequests - 8
FF - user.js: network.http.proxy.pipelining - true
FF - user.js: network.http.request.max-start-delay - 0
FF - user.js: nglayout.initialpaint.delay - 0
FF - user.js: plugin.expose_full_path - true
FF - user.js: ui.submenuDelay - 0
c:\program files\Mozilla Firefox\greprefs\all.js - pref("ui.use_native_colors", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.lu", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.nu", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.nz", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbaam7a8h", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgberp4a5d4ar", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--p1ai", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbayh7gpa", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.tel", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.auth.force-generic-ntlm", false);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.proxy.type", 5);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.buffer.cache.count", 24);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.buffer.cache.size", 4096);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("dom.ipc.plugins.timeoutSecs", 45);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("svg.smil.enabled", false);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("accelerometer.enabled", true);
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.allow_unrestricted_renego_everywhere__temporarily_available_pref", true);
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.renego_unrestricted_hosts", "");
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.treat_unsafe_negotiation_as_broken", false);
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.require_safe_negotiation", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.name", "chrome://browser/locale/browser.properties");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.description", "chrome://browser/locale/browser.properties");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("plugins.update.notifyUser", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.nptest.dll", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.npswf32.dll", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.npctrl.dll", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.npqtplugin.dll", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled", false);
.
- - - - ORPHANS REMOVED - - - -

Toolbar-{CCC7A320-B3CA-4199-B1A6-9F516DD69829} - (no file)
WebBrowser-{3041D03E-FD4B-44E0-B742-2D9B88305F98} - c:\program files\AskBarDis\bar\bin\askBar.dll
WebBrowser-{CCC7A320-B3CA-4199-B1A6-9F516DD69829} - (no file)
HKLM-Run-SetDefaultPrinter - c:\hp\bin\cloaker.exe
HKLM-Run-RBreset - c:\hp\bin\cloaker.exe
HKLM-Run-PMLreset - c:\hp\bin\cloaker.exe
HKLM-Run-HPSUreset - c:\hp\bin\cloaker.exe
HKLM-Run-Mqoganapiqifep - c:\windows\iwufazeqeq.dll
MSConfigStartUp-AVG9_TRAY - c:\progra~1\AVG\AVG9\avgtray.exe



**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, [You must be registered and logged in to see this link.]
Rootkit scan 2010-08-05 17:26
Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
Completion time: 2010-08-05 17:28:58
ComboFix-quarantined-files.txt 2010-08-06 00:28

Pre-Run: 43,506,180,096 bytes free
Post-Run: 45,069,549,568 bytes free

WindowsXP-KB310994-SP2-Pro-BootDisk-ENU.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Windows XP Media Center Edition" /noexecute=optin /fastdetect

Current=3 Default=3 Failed=2 LastKnownGood=4 Sets=,1,2,3,4
- - End Of File - - FB9F6B1F640FEB4C46E7E4E47B7ECE63

crucifix676
Novice
Novice

Posts Posts : 49
Joined Joined : 2010-06-22
OS OS : Windows XP
Points Points : 24303
# Likes # Likes : 0

View user profile

Back to top Go down

Re: Google Redirecting Malware

Post by Dr Jay on Sat Aug 07, 2010 12:27 am

Please download [You must be registered and logged in to see this link.] and install it. If you already have it, no need to reinstall.

Then, download [You must be registered and logged in to see this link.] and save the setup to your Desktop.

  • Right-click on the RootkitUnhooker setup and mouse-over 7-Zip then click Extract to "RKU***"
  • Once that is done, enter the folder, and double-click on the setup file. Navigate through setup and finish.
  • Once that is done, you will see another folder that was created inside the RKU folder. Enter that folder, and double-click on the randomly named file. (It will be alpha-numeric and have an EXE extension on it.)
  • It will initialize itself and load the scanner. It will also install its driver. Please wait for the interface to begin.
  • Once inside the interface, do not fix anything. Click on the Report tab.
  • Next, click on the Scan button and a popup will show. Make sure all are checked, then click on OK. It will begin scanning. When it gets to the Files tab, it will ask you what drives to scan. Just select C:\ and hit OK.
  • It will finish in about 5 minutes or a little longer depending on how badly infected the system is, or if your security software is enabled.
  • When finished, it will show the report in the Report tab. Please copy all of it, and post it in your next reply. Depending on how large the log is, you may have to use two or three posts to get all the information in.


Dr. Jay (DJ)


[You must be registered and logged in to see this link.] ~ [You must be registered and logged in to see this link.] ~ [You must be registered and logged in to see this link.] ~ [You must be registered and logged in to see this link.]

Dr Jay
Head Administrator
Head Administrator

Posts Posts : 13714
Joined Joined : 2009-09-06
Gender Gender : Male
OS OS : Windows 10 Home & Pro
Protection Protection : Bitdefender Total Security
Points Points : 302072
# Likes # Likes : 10

View user profile

Back to top Go down

Re: Google Redirecting Malware

Post by crucifix676 on Sun Aug 08, 2010 9:52 am

RkU Version: 3.8.388.590, Type LE (SR2)
==============================================
OS Name: Windows XP
Version 5.1.2600 (Service Pack 3)
Number of processors #1
==============================================
>SSDT State
==============================================
ntkrnlpa.exe-->NtCreateKey, Type: Address change 0x806237C8-->F72870E0 [sple.sys]
ntkrnlpa.exe-->NtEnumerateKey, Type: Address change 0x80624014-->F72A5CA2 [sple.sys]
ntkrnlpa.exe-->NtEnumerateValueKey, Type: Address change 0x8062427E-->F72A6030 [sple.sys]
ntkrnlpa.exe-->NtOpenKey, Type: Address change 0x80624BA6-->F72870C0 [sple.sys]
ntkrnlpa.exe-->NtQueryKey, Type: Address change 0x80624EE8-->F72A6108 [sple.sys]
ntkrnlpa.exe-->NtQueryValueKey, Type: Address change 0x806219EC-->F72A5F88 [sple.sys]
ntkrnlpa.exe-->NtSetValueKey, Type: Address change 0x80621D3A-->F72A619A [sple.sys]
ntkrnlpa.exe-->NtTerminateProcess, Type: Address change 0x805D2982-->A84A6416 [C:\WINDOWS\system32\DRIVERS\PSINProc.sys]
==============================================
>Shadow
==============================================
==============================================
>Processes
==============================================
0x8B4B3660 [4] System
0x8AE3B858 [204] C:\WINDOWS\ehome\ehSched.exe (Microsoft Corporation, Media Center Scheduler Service)
0x8AE5CDA0 [304] C:\Program Files\Java\jre6\bin\jqs.exe (Sun Microsystems, Inc., Java(TM) Quick Starter Service)
0x8A16CDA0 [352] C:\WINDOWS\explorer.exe (Microsoft Corporation, Windows Explorer)
0x8A344470 [628] C:\Program Files\Common Files\LightScribe\LSSrvc.exe (Hewlett-Packard Company, -)
0x89E10DA0 [720] C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe (Microsoft Corporation, GrooveMonitor Utility)
0x8A5146E8 [780] C:\WINDOWS\system32\smss.exe (Microsoft Corporation, Windows NT Session Manager)
0x89FF4020 [840] C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE (Microsoft Corporation, Machine Debug Manager)
0x8AD3C640 [844] C:\WINDOWS\system32\csrss.exe (Microsoft Corporation, Client Server Runtime Process)
0x8AD382C8 [868] C:\WINDOWS\system32\winlogon.exe (Microsoft Corporation, Windows NT Logon Application)
0x8A5626E8 [916] C:\WINDOWS\system32\services.exe (Microsoft Corporation, Services and Controller app)
0x8A5246E8 [928] C:\WINDOWS\system32\lsass.exe (Microsoft Corporation, LSA Shell (Export Version))
0x89E03DA0 [1036] C:\Program Files\iTunes\iTunesHelper.exe (Apple Inc., iTunesHelper)
0x8A8AF788 [1140] C:\WINDOWS\system32\nvsvc32.exe (NVIDIA Corporation, NVIDIA Driver Helper Service, Version 197.45)
0x8A86B788 [1172] C:\WINDOWS\system32\svchost.exe (Microsoft Corporation, Generic Host Process for Win32 Services)
0x89FF1020 [1180] C:\Program Files\Panda Security\Panda Cloud Antivirus\PSANHost.exe (Panda Security, S.L., Application Host Service)
0x8A8DC788 [1224] C:\WINDOWS\system32\svchost.exe (Microsoft Corporation, Generic Host Process for Win32 Services)
0x8A7DE788 [1320] C:\WINDOWS\system32\svchost.exe (Microsoft Corporation, Generic Host Process for Win32 Services)
0x89FF0820 [1340] C:\Program Files\Common Files\Protexis\License Service\PsiService_2.exe (Protexis Inc., PsiService PsiService)
0x89FE9DA0 [1420] C:\WINDOWS\system32\svchost.exe (Microsoft Corporation, Generic Host Process for Win32 Services)
0x8A798788 [1444] C:\WINDOWS\system32\svchost.exe (Microsoft Corporation, Generic Host Process for Win32 Services)
0x8A7DC788 [1600] C:\WINDOWS\system32\spoolsv.exe (Microsoft Corporation, Spooler SubSystem App)
0x8A82D788 [1756] C:\WINDOWS\system32\svchost.exe (Microsoft Corporation, Generic Host Process for Win32 Services)
0x8AED1D38 [1784] C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe (Apple Inc., Apple Mobile Device Service)
0x8AF0A8A8 [1796] C:\WINDOWS\arservice.exe (Microsoft, ARSVC Application)
0x8AD1F880 [1872] C:\Program Files\AskBarDis\bar\bin\AskService.exe
0x8AD276B0 [1888] C:\Program Files\AskBarDis\bar\bin\ASKUpgrade.exe
0x8AD37620 [1904] C:\Program Files\Symantec\LiveUpdate\AluSchedulerSvc.exe (Symantec Corporation, Automatic LiveUpdate Scheduler Service)
0x8AC61670 [1976] C:\Program Files\Bonjour\mDNSResponder.exe (Apple Inc., Bonjour Service)
0x8AC6B758 [2020] C:\WINDOWS\ehome\ehrecvr.exe (Microsoft Corporation, Media Center Receiver Service)
0x89EA8AB8 [2500] C:\WINDOWS\system32\dllhost.exe (Microsoft Corporation, COM Surrogate)
0x89E51BA8 [2636] C:\Program Files\Mozilla Firefox\plugin-container.exe (Mozilla Corporation, Plugin Container for Firefox)
0x89FD14B0 [2756] C:\WINDOWS\system32\alg.exe (Microsoft Corporation, Application Layer Gateway Service)
0x8B0982A8 [2856] C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation, Firefox)
0x89DE6B28 [3004] C:\Program Files\iPod\bin\iPodService.exe (Apple Inc., iPodService Module (32-bit))
0x8A166DA0 [3028] C:\Documents and Settings\HP_Administrator\Desktop\RkU3.8.388.590\MustBeRandomlyNamed\mnhJHfGkEA7.exe (UG North, RKULE, SR2 Normandy)
0x8A0D9DA0 [3124] C:\hp\KBD\kbd.exe (Hewlett-Packard Company, KBD EXE)
0x89E08B98 [3180] C:\WINDOWS\system\hpsysdrv.exe (Hewlett-Packard Company, hpsysdrv)
0x89CD26D0 [3200] C:\WINDOWS\system32\wscntfy.exe (Microsoft Corporation, Windows Security Center Notification App)
0x8B09E5C8 [3264] C:\WINDOWS\ehome\ehtray.exe (Microsoft Corporation, Media Center Tray Applet)
0x89E4D4D0 [3292] C:\WINDOWS\arpwrmsg.exe (Microsoft, ARPowerMessage Application)
0x89E09688 [3308] C:\Program Files\Microsoft IntelliPoint\ipoint.exe (Microsoft Corporation, IPoint.exe)
0x8B07D4D0 [3416] C:\WINDOWS\RTHDCPL.EXE (Realtek Semiconductor Corp., Realtek HD Audio Control Panel)
0x89E48508 [3588] C:\WINDOWS\system32\rundll32.exe (Microsoft Corporation, Run a DLL as an App)
0x89D57340 [3636] C:\WINDOWS\ehome\ehmsas.exe (Microsoft Corporation, Media Center Media Status Aggregator Service)
0x8A44D768 [3672] C:\Program Files\Panda Security\Panda Cloud Antivirus\PSUNMain.exe (Panda Security, S.L., Panda Cloud Antivirus)
0x89E477A0 [3696] C:\Program Files\Common Files\Java\Java Update\jusched.exe (Sun Microsystems, Inc., Java(TM) Update Scheduler)
0x89E39598 [3752] C:\Program Files\IObit\Advanced SystemCare 3\Sup_SmartRAM.exe (IObit, Smart RAM)
0x89DED728 [3868] C:\WINDOWS\system32\ctfmon.exe (Microsoft Corporation, CTF Loader)
0x89DECB28 [4032] C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe (Hewlett-Packard Development Company, L.P., HP Digital Imaging Monitor)
==============================================
>Drivers
==============================================
0xF58D1000 C:\WINDOWS\system32\DRIVERS\nv4_mini.sys 10235904 bytes (NVIDIA Corporation, NVIDIA Compatible Windows 2000 Miniport Driver, Version 197.45 )
0xBD012000 C:\WINDOWS\System32\nv4_disp.dll 6434816 bytes (NVIDIA Corporation, NVIDIA Compatible Windows 2000 Display driver, Version 197.45 )
0xB743D000 C:\WINDOWS\system32\drivers\RtkHDAud.sys 5206016 bytes (Realtek Semiconductor Corp., Realtek(r) High Definition Audio Function Driver)
0x804D7000 C:\WINDOWS\system32\ntkrnlpa.exe 2150400 bytes (Microsoft Corporation, NT Kernel & System)
0x804D7000 PnpManager 2150400 bytes
0x804D7000 RAW 2150400 bytes
0x804D7000 WMIxWDM 2150400 bytes
0xBF800000 Win32k 1851392 bytes
0xBF800000 C:\WINDOWS\System32\win32k.sys 1851392 bytes (Microsoft Corporation, Multi-User Win32 Driver)
0xF7286000 PCI_PNP2752 1048576 bytes
0xF7286000 sple.sys 1048576 bytes
0xF7286000 sptd 1048576 bytes
0xF5710000 C:\WINDOWS\system32\DRIVERS\HSX_DP.sys 1011712 bytes (Conexant Systems, Inc., HSF_DP driver)
0xF7115000 iaStor.sys 872448 bytes (Intel Corporation, Intel Matrix Storage Manager driver)
0xF565A000 C:\WINDOWS\system32\DRIVERS\HSX_CNXT.sys 745472 bytes (Conexant Systems, Inc., HSF_CNXT driver)
0xF6FBF000 Ntfs.sys 577536 bytes (Microsoft Corporation, NT File System Driver)
0xA87B6000 C:\WINDOWS\system32\DRIVERS\mrxsmb.sys 458752 bytes (Microsoft Corporation, Windows NT SMB Minirdr)
0xA8730000 C:\Program Files\Common Files\Symantec Shared\EENGINE\eeCtrl.sys 393216 bytes (Symantec Corporation, Symantec Eraser Control Driver)
0xF54C4000 C:\WINDOWS\system32\DRIVERS\update.sys 385024 bytes (Microsoft Corporation, Update Driver)
0xA88BA000 C:\WINDOWS\system32\DRIVERS\tcpip.sys 364544 bytes (Microsoft Corporation, TCP/IP Protocol Driver)
0xA81CD000 C:\WINDOWS\system32\DRIVERS\srv.sys 356352 bytes (Microsoft Corporation, Server driver)
0xF55E7000 C:\WINDOWS\system32\DRIVERS\NVNRM.SYS 307200 bytes (NVIDIA Corporation, NVIDIA Network Resource Manager.)
0xBFFA0000 C:\WINDOWS\System32\ATMFD.DLL 286720 bytes (Adobe Systems Incorporated, Windows NT OpenType/Type 1 Font Driver)
0xF5807000 C:\WINDOWS\system32\DRIVERS\HSXHWBS2.sys 282624 bytes (Conexant Systems, Inc., HSF_HWB2 WDM driver)
0xA82B5000 C:\WINDOWS\system32\DRIVERS\atksgt.sys 274432 bytes
0xF70BA000 ftsata2.sys 274432 bytes (Promise Technology, Inc., Promise Driver for Windows Server 2003)
0xA824C000 C:\WINDOWS\System32\Drivers\HTTP.sys 266240 bytes (Microsoft Corporation, HTTP Protocol Stack)
0xF55B0000 C:\WINDOWS\system32\DRIVERS\NVSNPU.SYS 225280 bytes (NVIDIA Corporation, NVIDIA Networking Soft-NPU Driver.)
0xF557A000 C:\WINDOWS\System32\Drivers\ar6nzcky.SYS 221184 bytes (Microsoft Corporation, IDE/ATAPI Port Driver)
0xF5522000 C:\WINDOWS\system32\DRIVERS\rdpdr.sys 196608 bytes (Microsoft Corporation, Microsoft RDP Device redirector)
0xF7240000 ACPI.sys 188416 bytes (Microsoft Corporation, ACPI Driver for NT)
0xA8383000 C:\WINDOWS\system32\DRIVERS\mrxdav.sys 184320 bytes (Microsoft Corporation, Windows NT WebDav Minirdr)
0xF6F92000 NDIS.sys 184320 bytes (Microsoft Corporation, NDIS 5.1 wrapper driver)
0xA2671000 C:\WINDOWS\system32\drivers\kmixer.sys 176128 bytes (Microsoft Corporation, Kernel Mode Audio Mixer)
0xA8845000 C:\WINDOWS\system32\DRIVERS\rdbss.sys 176128 bytes (Microsoft Corporation, Redirected Drive Buffering SubSystem Driver)
0xF584C000 C:\WINDOWS\system32\DRIVERS\hcwPP2.sys 172032 bytes (Hauppauge Computer Works, Inc., WinTV PVR PCI II (v2) WDM Video Capture)
0xF5632000 C:\WINDOWS\system32\DRIVERS\HDAudBus.sys 163840 bytes (Windows (R) Server 2003 DDK provider, High Definition Audio Bus Driver v1.0a)
0xA8892000 C:\WINDOWS\system32\DRIVERS\netbt.sys 163840 bytes (Microsoft Corporation, MBT Transport driver)
0xF71EA000 dmio.sys 155648 bytes (Microsoft Corp., Veritas Software, NT Disk Manager I/O Driver)
0xA8790000 C:\WINDOWS\system32\DRIVERS\ipnat.sys 155648 bytes (Microsoft Corporation, IP Network Address Translator)
0xF7095000 nvgts.sys 151552 bytes (NVIDIA Corporation, NVIDIAģ nForce(TM) Sata Performance Driver)
0xA870C000 C:\WINDOWS\System32\Drivers\Fastfat.SYS 147456 bytes (Microsoft Corporation, Fast FAT File System Driver)
0xA8946000 C:\WINDOWS\system32\drivers\portcls.sys 147456 bytes (Microsoft Corporation, Port Class (Class Driver for Port/Miniport Devices))
0xF5899000 C:\WINDOWS\system32\DRIVERS\USBPORT.SYS 147456 bytes (Microsoft Corporation, USB 1.1 & 2.0 Port Driver)
0xF5876000 C:\WINDOWS\system32\DRIVERS\ks.sys 143360 bytes (Microsoft Corporation, Kernel CSA Library)
0xA8870000 C:\WINDOWS\System32\drivers\afd.sys 139264 bytes (Microsoft Corporation, Ancillary Function Driver for WinSock)
0xA84EB000 C:\WINDOWS\system32\DRIVERS\PSINAflt.sys 135168 bytes (Panda Security, S.L., PSINAflt Filter Driver for XP32)
0x806E4000 ACPI_HAL 134400 bytes
0x806E4000 C:\WINDOWS\system32\hal.dll 134400 bytes (Microsoft Corporation, Hardware Abstraction Layer DLL)
0xF7075000 fltmgr.sys 131072 bytes (Microsoft Corporation, Microsoft Filesystem Filter Manager)
0xF7210000 ftdisk.sys 126976 bytes (Microsoft Corporation, FT Disk Driver)
0xA8826000 C:\WINDOWS\system32\DRIVERS\psinknc.sys 126976 bytes (Panda Security, S.L., PSINKNC Kernel Controller for XP32)
0xF6F78000 Mup.sys 106496 bytes (Microsoft Corporation, Multiple UNC Provider driver)
0xA84A0000 C:\WINDOWS\system32\DRIVERS\PSINProc.sys 106496 bytes (Panda Security, S.L., PSINProc Filter Driver for XP32)
0xA84D1000 C:\WINDOWS\system32\DRIVERS\PSINProt.sys 106496 bytes (Panda Security, S.L., PSINProt for XP32)
0xF70FD000 atapi.sys 98304 bytes (Microsoft Corporation, IDE/ATAPI Port Driver)
0xF726E000 C:\WINDOWS\System32\Drivers\SCSIPORT.SYS 98304 bytes (Microsoft Corporation, SCSI Port Driver)
0xF704C000 KSecDD.sys 94208 bytes (Microsoft Corporation, Kernel Security Support Provider Interface)
0xF5563000 C:\WINDOWS\system32\DRIVERS\ndiswan.sys 94208 bytes (Microsoft Corporation, MS PPP Framing Driver (Strong Encryption))
0xA84BA000 C:\WINDOWS\system32\DRIVERS\PSINFile.sys 94208 bytes (Panda Security, S.L., PSINFile Filter Driver for XP32)
0xA836E000 C:\WINDOWS\system32\drivers\wdmaud.sys 86016 bytes (Microsoft Corporation, MMSYSTEM Wave/Midi API mapper)
0xF58BD000 C:\WINDOWS\system32\DRIVERS\VIDEOPRT.SYS 81920 bytes (Microsoft Corporation, Video Port Driver)
0xA8913000 C:\WINDOWS\system32\DRIVERS\ipsec.sys 77824 bytes (Microsoft Corporation, IPSec Driver)
0xBD000000 C:\WINDOWS\System32\drivers\dxg.sys 73728 bytes (Microsoft Corporation, DirectX Graphics Driver)
0xF7063000 sr.sys 73728 bytes (Microsoft Corporation, System Restore Filesystem Filter Driver)
0xF722F000 pci.sys 69632 bytes (Microsoft Corporation, NT Plug and Play PCI Enumerator)
0xF5552000 C:\WINDOWS\system32\DRIVERS\psched.sys 69632 bytes (Microsoft Corporation, MS QoS Packet Scheduler)
0xA994F000 C:\WINDOWS\System32\Drivers\Cdfs.SYS 65536 bytes (Microsoft Corporation, CD-ROM File System Driver)
0xF76B7000 C:\WINDOWS\system32\DRIVERS\cdrom.sys 65536 bytes (Microsoft Corporation, SCSI CD-ROM Driver)
0xF7537000 C:\WINDOWS\system32\DRIVERS\nic1394.sys 65536 bytes (Microsoft Corporation, IEEE1394 Ndis Miniport and Call Manager)
0xF7487000 ohci1394.sys 65536 bytes (Microsoft Corporation, 1394 OpenHCI Port Driver)
0xA998F000 C:\WINDOWS\system32\DRIVERS\arp1394.sys 61440 bytes (Microsoft Corporation, IP/1394 Arp Client)
0xA9E34000 C:\WINDOWS\system32\drivers\drmk.sys 61440 bytes (Microsoft Corporation, Microsoft Kernel DRM Descrambler Filter)
0xF76C7000 C:\WINDOWS\system32\DRIVERS\redbook.sys 61440 bytes (Microsoft Corporation, Redbook Audio Filter Driver)
0xB71B1000 C:\WINDOWS\system32\drivers\sysaudio.sys 61440 bytes (Microsoft Corporation, System Audio WDM Filter)
0xF7657000 C:\WINDOWS\system32\DRIVERS\usbhub.sys 61440 bytes (Microsoft Corporation, Default Hub Driver for USB)
0xF7497000 C:\WINDOWS\system32\DRIVERS\1394BUS.SYS 57344 bytes (Microsoft Corporation, 1394 Bus Device Driver)
0xF7697000 C:\WINDOWS\system32\DRIVERS\AmdK8.sys 57344 bytes (Advanced Micro Devices, AMD Processor Driver)
0xF74E7000 C:\WINDOWS\system32\DRIVERS\CLASSPNP.SYS 53248 bytes (Microsoft Corporation, SCSI Class System Dll)
0xF76D7000 C:\WINDOWS\system32\DRIVERS\i8042prt.sys 53248 bytes (Microsoft Corporation, i8042 Port Driver)
0xF76E7000 C:\WINDOWS\system32\DRIVERS\rasl2tp.sys 53248 bytes (Microsoft Corporation, RAS L2TP mini-port/call-manager driver)
0xF74C7000 VolSnap.sys 53248 bytes (Microsoft Corporation, Volume Shadow Copy Driver)
0xF7507000 PxHelp20.sys 49152 bytes (Sonic Solutions, Px Engine Device Driver for Windows 2000/XP)
0xF7547000 C:\WINDOWS\system32\DRIVERS\raspptp.sys 49152 bytes (Microsoft Corporation, Peer-to-Peer Tunneling Protocol)
0xA99AF000 C:\WINDOWS\System32\Drivers\Fips.SYS 45056 bytes (Microsoft Corporation, FIPS Crypto Driver)
0xF76A7000 C:\WINDOWS\system32\DRIVERS\imapi.sys 45056 bytes (Microsoft Corporation, IMAPI Kernel Driver)
0xF74B7000 MountMgr.sys 45056 bytes (Microsoft Corporation, Mount Manager)
0xF76F7000 C:\WINDOWS\system32\DRIVERS\raspppoe.sys 45056 bytes (Microsoft Corporation, RAS PPPoE mini-port/call-manager driver)
0xF74A7000 isapnp.sys 40960 bytes (Microsoft Corporation, PNP ISA Bus Driver)
0xF62D4000 C:\WINDOWS\System32\Drivers\NDProxy.SYS 40960 bytes (Microsoft Corporation, NDIS Proxy)
0xF7567000 C:\WINDOWS\system32\DRIVERS\termdd.sys 40960 bytes (Microsoft Corporation, Terminal Server Driver)
0xF74F7000 bb-run.sys 36864 bytes (Promise Technology, Inc., Promise Disk Accelerator)
0xF74D7000 disk.sys 36864 bytes (Microsoft Corporation, PnP Disk Driver)
0xA995F000 C:\WINDOWS\system32\DRIVERS\HIDCLASS.SYS 36864 bytes (Microsoft Corporation, Hid Class Library)
0xF7557000 C:\WINDOWS\system32\DRIVERS\msgpc.sys 36864 bytes (Microsoft Corporation, MS General Packet Classifier)
0xA99CF000 C:\WINDOWS\system32\DRIVERS\netbios.sys 36864 bytes (Microsoft Corporation, NetBIOS interface driver)
0xA270C000 C:\WINDOWS\System32\Drivers\Normandy.SYS 36864 bytes (RKU Driver)
0xEFB4B000 C:\WINDOWS\system32\DRIVERS\NVENETFD.sys 36864 bytes (NVIDIA Corporation, NVIDIA Networking Function Driver.)
0xA999F000 C:\WINDOWS\system32\DRIVERS\wanarp.sys 36864 bytes (Microsoft Corporation, MS Remote Access and Routing ARP Driver)
0xF77EF000 C:\WINDOWS\System32\Drivers\Modem.SYS 32768 bytes (Microsoft Corporation, Modem Device Driver)
0xF77A7000 C:\WINDOWS\System32\Drivers\Npfs.SYS 32768 bytes (Microsoft Corporation, NPFS Driver)
0xEF47C000 C:\WINDOWS\system32\DRIVERS\usbccgp.sys 32768 bytes (Microsoft Corporation, USB Common Class Generic Parent Driver)
0xF77DF000 C:\WINDOWS\system32\DRIVERS\usbehci.sys 32768 bytes (Microsoft Corporation, EHCI eUSB Miniport Driver)
0xF7877000 C:\WINDOWS\system32\DRIVERS\HIDPARSE.SYS 28672 bytes (Microsoft Corporation, Hid Parsing Library)
0xF7707000 C:\WINDOWS\system32\DRIVERS\PCIIDEX.SYS 28672 bytes (Microsoft Corporation, PCI IDE Bus Driver Extension)
0xAC0F9000 C:\WINDOWS\system32\DRIVERS\usbprint.sys 28672 bytes (Microsoft Corporation, USB Printer driver)
0xF7797000 C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS 28672 bytes (Microsoft Corporation, USB Mass Storage Class Driver)
0xF77E7000 C:\WINDOWS\System32\Drivers\GEARAspiWDM.sys 24576 bytes (GEAR Software Inc., CD DVD Filter)
0xF7857000 C:\WINDOWS\system32\DRIVERS\kbdclass.sys 24576 bytes (Microsoft Corporation, Keyboard Class Driver)
0xF788F000 C:\WINDOWS\system32\DRIVERS\mouclass.sys 24576 bytes (Microsoft Corporation, Mouse Class Driver)
0xF771F000 C:\WINDOWS\System32\drivers\vga.sys 24576 bytes (Microsoft Corporation, VGA/Super VGA Video Driver)
0xF77BF000 C:\WINDOWS\system32\DRIVERS\arhidfltr.sys 20480 bytes (Microsoft Corporation, Microsoft AR HID Filter Driver (Beta 2 Release 2))
0xA91AD000 C:\WINDOWS\system32\DRIVERS\lirsgt.sys 20480 bytes
0xF77B7000 C:\WINDOWS\System32\Drivers\Msfs.SYS 20480 bytes (Microsoft Corporation, Mailslot driver)
0xF770F000 PartMgr.sys 20480 bytes (Microsoft Corporation, Partition Manager)
0xF784F000 C:\WINDOWS\system32\DRIVERS\PS2.sys 20480 bytes (Hewlett-Packard Company, PS2 SYS)
0xF7867000 C:\WINDOWS\system32\DRIVERS\ptilink.sys 20480 bytes (Parallel Technologies, Inc., Parallel Technologies DirectParallel IO Library)
0xF7887000 C:\WINDOWS\system32\DRIVERS\raspti.sys 20480 bytes (Microsoft Corporation, PTI DirectParallel(R) mini-port/call-manager driver)
0xF785F000 C:\WINDOWS\system32\DRIVERS\TDI.SYS 20480 bytes (Microsoft Corporation, TDI Wrapper)
0xF77D7000 C:\WINDOWS\system32\DRIVERS\usbohci.sys 20480 bytes (Microsoft Corporation, OHCI USB Miniport Driver)
0xF77F7000 C:\WINDOWS\System32\watchdog.sys 20480 bytes (Microsoft Corporation, Watchdog Driver)
0xA823C000 C:\WINDOWS\system32\DRIVERS\mdmxsdk.sys 16384 bytes (Conexant, Diagnostic Interface DRIVER)
0xF792F000 C:\WINDOWS\system32\DRIVERS\mssmbios.sys 16384 bytes (Microsoft Corporation, System Management BIOS Driver)
0xABA3A000 C:\WINDOWS\system32\DRIVERS\ndisuio.sys 16384 bytes (Microsoft Corporation, NDIS User mode I/O Driver)
0xF797F000 C:\WINDOWS\system32\DRIVERS\nvnetbus.sys 16384 bytes (NVIDIA Corporation, NVIDIA Networking Bus Driver.)
0xA7C01000 C:\WINDOWS\system32\DRIVERS\usbscan.sys 16384 bytes (Microsoft Corporation, USB Scanner Driver)
0xF6F48000 C:\WINDOWS\system32\DRIVERS\arpolicy.sys 12288 bytes (Microsoft Corporation, Microsoft AR Policy Driver (Beta 2 Release 2))
0xF7897000 C:\WINDOWS\system32\BOOTVID.dll 12288 bytes (Microsoft Corporation, VGA Boot Driver)
0xAC394000 C:\WINDOWS\System32\drivers\Dxapi.sys 12288 bytes (Microsoft Corporation, DirectX API Driver)
0xAC390000 C:\WINDOWS\system32\DRIVERS\hidusb.sys 12288 bytes (Microsoft Corporation, USB Miniport Driver for Input Devices)
0xB3B02000 C:\WINDOWS\system32\DRIVERS\mouhid.sys 12288 bytes (Microsoft Corporation, HID Mouse Filter Driver)
0xF6F44000 C:\WINDOWS\system32\DRIVERS\ndistapi.sys 12288 bytes (Microsoft Corporation, NDIS 3.0 connection wrapper driver)
0xF7943000 C:\WINDOWS\system32\DRIVERS\rasacd.sys 12288 bytes (Microsoft Corporation, RAS Automatic Connection Driver)
0xF7963000 C:\WINDOWS\System32\drivers\ws2ifsl.sys 12288 bytes (Microsoft Corporation, Winsock2 IFS Layer)
0xF79DD000 C:\WINDOWS\system32\DRIVERS\arkbcfltr.sys 8192 bytes (Microsoft Corporation, Microsoft AR PS/2 Keyboard Filter Driver (Beta 2 Release 2))
0xAA7BA000 C:\WINDOWS\system32\DRIVERS\armoucfltr.sys 8192 bytes (Microsoft Corporation, Microsoft AR PS/2 Mouse Filter Driver (Beta 2 Release 2))
0xAA7C0000 C:\WINDOWS\System32\Drivers\Beep.SYS 8192 bytes (Microsoft Corporation, BEEP Driver)
0xF798F000 dmload.sys 8192 bytes (Microsoft Corp., Veritas Software., NT Disk Manager Startup Driver)
0xAA7C2000 C:\WINDOWS\System32\Drivers\Fs_Rec.SYS 8192 bytes (Microsoft Corporation, File System Recognizer Driver)
0xF798D000 intelide.sys 8192 bytes (Microsoft Corporation, Intel PCI IDE Driver)
0xF7987000 C:\WINDOWS\system32\KDCOM.DLL 8192 bytes (Microsoft Corporation, Kernel Debugger HW Extension DLL)
0xAA7BE000 C:\WINDOWS\System32\Drivers\mnmdd.SYS 8192 bytes (Microsoft Corporation, Frame buffer simulator)
0xF79F3000 C:\WINDOWS\system32\drivers\MSPQM.sys 8192 bytes (Microsoft Corporation, MS Proxy Quality Manager)
0xAA7BC000 C:\WINDOWS\System32\DRIVERS\RDPCDD.sys 8192 bytes (Microsoft Corporation, RDP Miniport)
0xF79DF000 C:\WINDOWS\system32\DRIVERS\swenum.sys 8192 bytes (Microsoft Corporation, Plug and Play Software Device Enumerator)
0xF79F5000 C:\WINDOWS\system32\DRIVERS\USBD.SYS 8192 bytes (Microsoft Corporation, Universal Serial Bus Driver)
0xF798B000 viaide.sys 8192 bytes (Microsoft Corporation, Generic PCI IDE Bus Driver)
0xF7989000 C:\WINDOWS\System32\Drivers\WMILIB.SYS 8192 bytes (Microsoft Corporation, WMILIB WMI support library Dll)
0xF7BB8000 C:\WINDOWS\system32\DRIVERS\audstub.sys 4096 bytes (Microsoft Corporation, AudStub Driver)
0xA89B1000 C:\WINDOWS\System32\Drivers\BANTExt.sys 4096 bytes
0xA89B4000 C:\WINDOWS\System32\drivers\dxgthk.sys 4096 bytes (Microsoft Corporation, DirectX Graphics Driver Thunk)
0xA8F54000 C:\WINDOWS\System32\Drivers\Null.SYS 4096 bytes (Microsoft Corporation, NULL Driver)
0xF7A4F000 pciide.sys 4096 bytes (Microsoft Corporation, Generic PCI IDE Bus Driver)
0x8B4C51F8 unknown_irp_handler 3592 bytes
0x8AFD51F8 unknown_irp_handler 3592 bytes
0x8AFA81F8 unknown_irp_handler 3592 bytes
0x8B4C81F8 unknown_irp_handler 3592 bytes
0x8B03B1F8 unknown_irp_handler 3592 bytes
0x8B4591F8 unknown_irp_handler 3592 bytes
0x8B4C61F8 unknown_irp_handler 3592 bytes
0x8AF031F8 unknown_irp_handler 3592 bytes
0x8AFE11F8 unknown_irp_handler 3592 bytes
0x8ADFE378 unknown_irp_handler 3208 bytes
0x8A40E500 unknown_irp_handler 2816 bytes
0x8AF3F500 unknown_irp_handler 2816 bytes
0x8A3FE500 unknown_irp_handler 2816 bytes
==============================================
>Stealth
==============================================
==============================================
>Files
==============================================
==============================================
>Hooks
==============================================
ntkrnlpa.exe+0x0002D848, Type: Inline - RelativeCall 0x80504848-->F4F72A61 [unknown_code_page]
ntkrnlpa.exe+0x0006ECAE, Type: Inline - RelativeJump 0x80545CAE-->80545CB5 [ntkrnlpa.exe]
[2636]plugin-container.exe-->user32.dll-->TrackPopupMenu, Type: Inline - RelativeJump 0x7E46531E-->00000000 [xul.dll]
[2856]firefox.exe-->ntdll.dll-->LdrLoadDll, Type: Inline - RelativeJump 0x7C9163C3-->00000000 [firefox.exe]
[352]explorer.exe-->advapi32.dll-->kernel32.dll-->GetProcAddress, Type: IAT modification 0x77DD1218-->00000000 [shimeng.dll]
[352]explorer.exe-->gdi32.dll-->kernel32.dll-->GetProcAddress, Type: IAT modification 0x77F110B4-->00000000 [shimeng.dll]
[352]explorer.exe-->kernel32.dll-->GetProcAddress, Type: IAT modification 0x01001268-->00000000 [shimeng.dll]
[352]explorer.exe-->shell32.dll-->kernel32.dll-->GetProcAddress, Type: IAT modification 0x7C9C15A4-->00000000 [shimeng.dll]
[352]explorer.exe-->user32.dll-->kernel32.dll-->GetProcAddress, Type: IAT modification 0x7E41133C-->00000000 [shimeng.dll]
[352]explorer.exe-->wininet.dll-->kernel32.dll-->GetProcAddress, Type: IAT modification 0x771B1248-->00000000 [shimeng.dll]
[352]explorer.exe-->ws2_32.dll-->kernel32.dll-->GetProcAddress, Type: IAT modification 0x71AB109C-->00000000 [shimeng.dll]


!!POSSIBLE ROOTKIT ACTIVITY DETECTED!! =)

crucifix676
Novice
Novice

Posts Posts : 49
Joined Joined : 2010-06-22
OS OS : Windows XP
Points Points : 24303
# Likes # Likes : 0

View user profile

Back to top Go down

Re: Google Redirecting Malware

Post by Dr Jay on Sun Aug 08, 2010 7:25 pm

Still redirects?


Dr. Jay (DJ)


[You must be registered and logged in to see this link.] ~ [You must be registered and logged in to see this link.] ~ [You must be registered and logged in to see this link.] ~ [You must be registered and logged in to see this link.]

Dr Jay
Head Administrator
Head Administrator

Posts Posts : 13714
Joined Joined : 2009-09-06
Gender Gender : Male
OS OS : Windows 10 Home & Pro
Protection Protection : Bitdefender Total Security
Points Points : 302072
# Likes # Likes : 10

View user profile

Back to top Go down

Re: Google Redirecting Malware

Post by crucifix676 on Tue Aug 10, 2010 6:48 am

Actually, I think the redirects are no finally gone! Thanks a lot!

Though my browsers are taking a long time load and javascripts are not responding...don't know if you know anything about it, but either way, I really appreciate the help! Thank you very much!

crucifix676
Novice
Novice

Posts Posts : 49
Joined Joined : 2010-06-22
OS OS : Windows XP
Points Points : 24303
# Likes # Likes : 0

View user profile

Back to top Go down

Re: Google Redirecting Malware

Post by Dr Jay on Tue Aug 10, 2010 7:08 pm

Which browser(s)?


Dr. Jay (DJ)


[You must be registered and logged in to see this link.] ~ [You must be registered and logged in to see this link.] ~ [You must be registered and logged in to see this link.] ~ [You must be registered and logged in to see this link.]

Dr Jay
Head Administrator
Head Administrator

Posts Posts : 13714
Joined Joined : 2009-09-06
Gender Gender : Male
OS OS : Windows 10 Home & Pro
Protection Protection : Bitdefender Total Security
Points Points : 302072
# Likes # Likes : 10

View user profile

Back to top Go down

Re: Google Redirecting Malware

Post by crucifix676 on Tue Aug 10, 2010 9:34 pm

Most of my browsers: Firefox, IE, Google Chrome

crucifix676
Novice
Novice

Posts Posts : 49
Joined Joined : 2010-06-22
OS OS : Windows XP
Points Points : 24303
# Likes # Likes : 0

View user profile

Back to top Go down

Re: Google Redirecting Malware

Post by Dr Jay on Wed Aug 11, 2010 5:41 am

Please do this and see if it helps:

Download [You must be registered and logged in to see this link.] to your desktop
  • Please double-click TFC.exe to run it. (Note: If you are running on Vista, right-click on the file and choose Run As Administrator).
  • It will close all programs when run, so make sure you have saved all your work before you begin.
  • Click the Start
    button to begin the process. Depending on how often you clean temp
    files, execution time should be anywhere from a few seconds to a minute
    or two. Let it run uninterrupted to completion.
  • Once it's finished it should reboot your machine. If it does not, please manually reboot the machine yourself to ensure a complete clean.


Dr. Jay (DJ)


[You must be registered and logged in to see this link.] ~ [You must be registered and logged in to see this link.] ~ [You must be registered and logged in to see this link.] ~ [You must be registered and logged in to see this link.]

Dr Jay
Head Administrator
Head Administrator

Posts Posts : 13714
Joined Joined : 2009-09-06
Gender Gender : Male
OS OS : Windows 10 Home & Pro
Protection Protection : Bitdefender Total Security
Points Points : 302072
# Likes # Likes : 10

View user profile

Back to top Go down

Re: Google Redirecting Malware

Post by Dr Jay on Wed Aug 18, 2010 6:09 am

Still with us? Please let me know how things are going!


Dr. Jay (DJ)


[You must be registered and logged in to see this link.] ~ [You must be registered and logged in to see this link.] ~ [You must be registered and logged in to see this link.] ~ [You must be registered and logged in to see this link.]

Dr Jay
Head Administrator
Head Administrator

Posts Posts : 13714
Joined Joined : 2009-09-06
Gender Gender : Male
OS OS : Windows 10 Home & Pro
Protection Protection : Bitdefender Total Security
Points Points : 302072
# Likes # Likes : 10

View user profile

Back to top Go down

Page 2 of 2 Previous  1, 2

View previous topic View next topic Back to top

- Similar topics

 
Permissions in this forum:
You cannot reply to topics in this forum